cobaltstrike | 0d89ed99d6c1c4ae49aa8cdad84c4c5615c26d826a7f758158fcf9a667b192f1

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3c91099946e99b9d4eac407a422530e1
SHA1

73c9abb866b9b3f69f4bb02a1db5e403e69b9b30
SHA256

0d89ed99d6c1c4ae49aa8cdad84c4c5615c26d826a7f758158fcf9a667b192f1
SHA512

b572ad599b34f0b1d512ca2c82e593368a9cd4fc8b4a88603c2a837a870d6a27764b9c57b5d6b264cb5c836e1f527e89d34398ea0720af8e7da83e5b672845aa
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUx:T+q56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d41-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-135.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-125.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d43-45.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001610d-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f7b-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-21.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 44 IoCs

miner

resource	yara_rule
behavioral1/memory/2592-0-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/files/0x0008000000015d41-11.dat	xmrig
behavioral1/files/0x0008000000015d59-12.dat	xmrig
behavioral1/files/0x0007000000015ec4-26.dat	xmrig
behavioral1/files/0x0006000000016d4b-50.dat	xmrig
behavioral1/files/0x0006000000016d6f-70.dat	xmrig
behavioral1/files/0x0006000000016d9f-80.dat	xmrig
behavioral1/files/0x0006000000017497-110.dat	xmrig
behavioral1/files/0x0005000000018739-155.dat	xmrig
behavioral1/files/0x0005000000018744-160.dat	xmrig
behavioral1/files/0x0005000000018704-150.dat	xmrig
behavioral1/files/0x00050000000186f4-145.dat	xmrig
behavioral1/files/0x00050000000186f1-140.dat	xmrig
behavioral1/files/0x00050000000186e7-131.dat	xmrig
behavioral1/files/0x00050000000186ed-135.dat	xmrig
behavioral1/files/0x000600000001755b-120.dat	xmrig
behavioral1/files/0x0005000000018686-125.dat	xmrig
behavioral1/files/0x000600000001749c-115.dat	xmrig
behavioral1/files/0x0006000000017049-105.dat	xmrig
behavioral1/files/0x0006000000016ecf-100.dat	xmrig
behavioral1/files/0x0006000000016df3-95.dat	xmrig
behavioral1/files/0x0006000000016dea-90.dat	xmrig
behavioral1/files/0x0006000000016de8-86.dat	xmrig
behavioral1/files/0x0006000000016d77-75.dat	xmrig
behavioral1/files/0x0006000000016d6b-65.dat	xmrig
behavioral1/files/0x0006000000016d67-60.dat	xmrig
behavioral1/files/0x0006000000016d54-55.dat	xmrig
behavioral1/files/0x0008000000016d43-45.dat	xmrig
behavioral1/files/0x000900000001610d-41.dat	xmrig
behavioral1/files/0x0007000000015f7b-36.dat	xmrig
behavioral1/files/0x0007000000015f25-30.dat	xmrig
behavioral1/files/0x0008000000015d81-21.dat	xmrig
behavioral1/memory/2388-2345-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1752-2428-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2076-2446-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2768-2464-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2504-2536-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2076-3616-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2504-3618-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2388-3617-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2768-3620-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1752-3619-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2592-4067-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2388	eKtSEhj.exe
1752	EoKdaGT.exe
2076	GATjJsV.exe
2768	lpyqQUX.exe
2504	KNOMqfQ.exe
2876	XTvnLMi.exe
2904	pcRuNLe.exe
2932	dNxTLhM.exe
2936	WzsUyPE.exe
2964	LcJlIdu.exe
2996	WMinaul.exe
2848	lKMrdIf.exe
2680	WSpVWLH.exe
2740	fxgACCh.exe
2100	dIEuAnw.exe
2312	XAnkeAB.exe
348	zBekxjW.exe
1480	fEbIrzj.exe
1988	iucFyFk.exe
1580	rieyjAa.exe
556	oNMzjme.exe
1644	KnhkmYx.exe
2856	cvrunCr.exe
808	mBXnfXL.exe
2776	BvuIKBB.exe
2716	mZilPBY.exe
2360	dBZyvYr.exe
2344	LXgHbDP.exe
876	ESJmbyF.exe
1884	cYgLMui.exe
408	lVRBQnq.exe
3040	wnqFmjE.exe
3052	cxqWHMi.exe
1204	AwMtIwv.exe
1616	yrtFadB.exe
1924	NboMGnE.exe
1840	zQHOept.exe
2288	cwxPeAw.exe
1380	JflXkMh.exe
1948	XpYKxFX.exe
1612	ahmaVkB.exe
1976	sqkDPEY.exe
912	ylueLvA.exe
2064	mPXDWOu.exe
2492	xUFnwhE.exe
2272	iWeDhyX.exe
3068	NMoRmUV.exe
2148	VzAVBdl.exe
1528	zORSGUn.exe
2284	jujrqwP.exe
1484	jANlNOF.exe
1404	XXyJhHW.exe
872	YvhCfLK.exe
1648	ZzpqYDc.exe
1168	iDarWEw.exe
1704	IAPnKSn.exe
2084	ZAJfTtt.exe
1720	JSdvSql.exe
1912	CIQwKZB.exe
2172	QyvVSfa.exe
2416	iCCktqz.exe
2908	hytCbqy.exe
2684	zOWWJPR.exe
2704	pGtvRdo.exe

Loads dropped DLL 64 IoCs

pid	Process
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 44 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2592-0-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/files/0x0008000000015d41-11.dat	upx
behavioral1/files/0x0008000000015d59-12.dat	upx
behavioral1/files/0x0007000000015ec4-26.dat	upx
behavioral1/files/0x0006000000016d4b-50.dat	upx
behavioral1/files/0x0006000000016d6f-70.dat	upx
behavioral1/files/0x0006000000016d9f-80.dat	upx
behavioral1/files/0x0006000000017497-110.dat	upx
behavioral1/files/0x0005000000018739-155.dat	upx
behavioral1/files/0x0005000000018744-160.dat	upx
behavioral1/files/0x0005000000018704-150.dat	upx
behavioral1/files/0x00050000000186f4-145.dat	upx
behavioral1/files/0x00050000000186f1-140.dat	upx
behavioral1/files/0x00050000000186e7-131.dat	upx
behavioral1/files/0x00050000000186ed-135.dat	upx
behavioral1/files/0x000600000001755b-120.dat	upx
behavioral1/files/0x0005000000018686-125.dat	upx
behavioral1/files/0x000600000001749c-115.dat	upx
behavioral1/files/0x0006000000017049-105.dat	upx
behavioral1/files/0x0006000000016ecf-100.dat	upx
behavioral1/files/0x0006000000016df3-95.dat	upx
behavioral1/files/0x0006000000016dea-90.dat	upx
behavioral1/files/0x0006000000016de8-86.dat	upx
behavioral1/files/0x0006000000016d77-75.dat	upx
behavioral1/files/0x0006000000016d6b-65.dat	upx
behavioral1/files/0x0006000000016d67-60.dat	upx
behavioral1/files/0x0006000000016d54-55.dat	upx
behavioral1/files/0x0008000000016d43-45.dat	upx
behavioral1/files/0x000900000001610d-41.dat	upx
behavioral1/files/0x0007000000015f7b-36.dat	upx
behavioral1/files/0x0007000000015f25-30.dat	upx
behavioral1/files/0x0008000000015d81-21.dat	upx
behavioral1/memory/2388-2345-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1752-2428-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2076-2446-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2768-2464-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2504-2536-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2076-3616-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2504-3618-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2388-3617-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2768-3620-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1752-3619-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2592-4067-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bsGZTmr.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAnkeAB.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvhCfLK.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyvVSfa.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmgPuxd.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFiENge.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhdnwpV.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kccKaMO.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\butrLbX.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxyRiKo.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whbnGtr.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRIsHRD.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqZWwnV.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfHlDHT.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xILNskb.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmYnEOq.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiPrKoM.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQlLgWx.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCQUUny.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoKdaGT.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JoryOlw.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKQfxKJ.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUIIeMn.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVgzAgI.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqNObGh.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlDvBFJ.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWXSMqx.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqkZvJk.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqXOAlh.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yljrknE.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIdFYyb.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHLxpGn.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFLLfMp.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHKTcxF.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCkInjt.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbjEaGp.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEqVkNY.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxSIvLY.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkvElWH.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onjGXQk.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQgvAQx.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsJklzh.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsRBgbg.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzxaWWS.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VeVgLTF.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moLNvTQ.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZrkqNB.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odkeamF.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQLokku.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqwZoKW.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jfmxiaa.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNgmOdM.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlLSWBK.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UklfdtC.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJgYWxD.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByxUtsG.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFbgUDA.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxFrjtr.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpEjuKA.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlHJqNz.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruCPFLV.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcUEcsW.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgUlwYK.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffrZByu.exe	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2388	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2592 wrote to memory of 2388	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2592 wrote to memory of 2388	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2592 wrote to memory of 1752	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2592 wrote to memory of 1752	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2592 wrote to memory of 1752	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2592 wrote to memory of 2076	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2592 wrote to memory of 2076	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2592 wrote to memory of 2076	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2592 wrote to memory of 2768	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2592 wrote to memory of 2768	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2592 wrote to memory of 2768	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2592 wrote to memory of 2504	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2592 wrote to memory of 2504	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2592 wrote to memory of 2504	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2592 wrote to memory of 2876	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2592 wrote to memory of 2876	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2592 wrote to memory of 2876	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2592 wrote to memory of 2904	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2592 wrote to memory of 2904	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2592 wrote to memory of 2904	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2592 wrote to memory of 2932	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2592 wrote to memory of 2932	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2592 wrote to memory of 2932	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2592 wrote to memory of 2936	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2592 wrote to memory of 2936	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2592 wrote to memory of 2936	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2592 wrote to memory of 2964	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2592 wrote to memory of 2964	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2592 wrote to memory of 2964	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2592 wrote to memory of 2996	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2592 wrote to memory of 2996	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2592 wrote to memory of 2996	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2592 wrote to memory of 2848	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2592 wrote to memory of 2848	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2592 wrote to memory of 2848	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2592 wrote to memory of 2680	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2592 wrote to memory of 2680	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2592 wrote to memory of 2680	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2592 wrote to memory of 2740	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2592 wrote to memory of 2740	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2592 wrote to memory of 2740	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2592 wrote to memory of 2100	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2592 wrote to memory of 2100	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2592 wrote to memory of 2100	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2592 wrote to memory of 2312	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2592 wrote to memory of 2312	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2592 wrote to memory of 2312	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2592 wrote to memory of 348	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2592 wrote to memory of 348	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2592 wrote to memory of 348	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2592 wrote to memory of 1480	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2592 wrote to memory of 1480	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2592 wrote to memory of 1480	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2592 wrote to memory of 1988	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2592 wrote to memory of 1988	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2592 wrote to memory of 1988	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2592 wrote to memory of 1580	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2592 wrote to memory of 1580	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2592 wrote to memory of 1580	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2592 wrote to memory of 556	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2592 wrote to memory of 556	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2592 wrote to memory of 556	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2592 wrote to memory of 1644	2592	2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_3c91099946e99b9d4eac407a422530e1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Windows\System\eKtSEhj.exe
  C:\Windows\System\eKtSEhj.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\EoKdaGT.exe
  C:\Windows\System\EoKdaGT.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\GATjJsV.exe
  C:\Windows\System\GATjJsV.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\lpyqQUX.exe
  C:\Windows\System\lpyqQUX.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\KNOMqfQ.exe
  C:\Windows\System\KNOMqfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\XTvnLMi.exe
  C:\Windows\System\XTvnLMi.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\pcRuNLe.exe
  C:\Windows\System\pcRuNLe.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\dNxTLhM.exe
  C:\Windows\System\dNxTLhM.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\WzsUyPE.exe
  C:\Windows\System\WzsUyPE.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\LcJlIdu.exe
  C:\Windows\System\LcJlIdu.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\WMinaul.exe
  C:\Windows\System\WMinaul.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\lKMrdIf.exe
  C:\Windows\System\lKMrdIf.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\WSpVWLH.exe
  C:\Windows\System\WSpVWLH.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\fxgACCh.exe
  C:\Windows\System\fxgACCh.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\dIEuAnw.exe
  C:\Windows\System\dIEuAnw.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\XAnkeAB.exe
  C:\Windows\System\XAnkeAB.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\zBekxjW.exe
  C:\Windows\System\zBekxjW.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\fEbIrzj.exe
  C:\Windows\System\fEbIrzj.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\iucFyFk.exe
  C:\Windows\System\iucFyFk.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\rieyjAa.exe
  C:\Windows\System\rieyjAa.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\oNMzjme.exe
  C:\Windows\System\oNMzjme.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\KnhkmYx.exe
  C:\Windows\System\KnhkmYx.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\cvrunCr.exe
  C:\Windows\System\cvrunCr.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\mBXnfXL.exe
  C:\Windows\System\mBXnfXL.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\BvuIKBB.exe
  C:\Windows\System\BvuIKBB.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\mZilPBY.exe
  C:\Windows\System\mZilPBY.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\dBZyvYr.exe
  C:\Windows\System\dBZyvYr.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\LXgHbDP.exe
  C:\Windows\System\LXgHbDP.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\ESJmbyF.exe
  C:\Windows\System\ESJmbyF.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\cYgLMui.exe
  C:\Windows\System\cYgLMui.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\lVRBQnq.exe
  C:\Windows\System\lVRBQnq.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\wnqFmjE.exe
  C:\Windows\System\wnqFmjE.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\cxqWHMi.exe
  C:\Windows\System\cxqWHMi.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\AwMtIwv.exe
  C:\Windows\System\AwMtIwv.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\yrtFadB.exe
  C:\Windows\System\yrtFadB.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\NboMGnE.exe
  C:\Windows\System\NboMGnE.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\zQHOept.exe
  C:\Windows\System\zQHOept.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\cwxPeAw.exe
  C:\Windows\System\cwxPeAw.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\JflXkMh.exe
  C:\Windows\System\JflXkMh.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\XpYKxFX.exe
  C:\Windows\System\XpYKxFX.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\ahmaVkB.exe
  C:\Windows\System\ahmaVkB.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\sqkDPEY.exe
  C:\Windows\System\sqkDPEY.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\ylueLvA.exe
  C:\Windows\System\ylueLvA.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\mPXDWOu.exe
  C:\Windows\System\mPXDWOu.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\xUFnwhE.exe
  C:\Windows\System\xUFnwhE.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\iWeDhyX.exe
  C:\Windows\System\iWeDhyX.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\NMoRmUV.exe
  C:\Windows\System\NMoRmUV.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\VzAVBdl.exe
  C:\Windows\System\VzAVBdl.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\zORSGUn.exe
  C:\Windows\System\zORSGUn.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\jujrqwP.exe
  C:\Windows\System\jujrqwP.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\jANlNOF.exe
  C:\Windows\System\jANlNOF.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\XXyJhHW.exe
  C:\Windows\System\XXyJhHW.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\YvhCfLK.exe
  C:\Windows\System\YvhCfLK.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\ZzpqYDc.exe
  C:\Windows\System\ZzpqYDc.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\iDarWEw.exe
  C:\Windows\System\iDarWEw.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\IAPnKSn.exe
  C:\Windows\System\IAPnKSn.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\ZAJfTtt.exe
  C:\Windows\System\ZAJfTtt.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\JSdvSql.exe
  C:\Windows\System\JSdvSql.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\CIQwKZB.exe
  C:\Windows\System\CIQwKZB.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\QyvVSfa.exe
  C:\Windows\System\QyvVSfa.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\iCCktqz.exe
  C:\Windows\System\iCCktqz.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\hytCbqy.exe
  C:\Windows\System\hytCbqy.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\zOWWJPR.exe
  C:\Windows\System\zOWWJPR.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\pGtvRdo.exe
  C:\Windows\System\pGtvRdo.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\bOJSYhK.exe
  C:\Windows\System\bOJSYhK.exe
  2⤵
  PID:2924
- C:\Windows\System\QJzQRMd.exe
  C:\Windows\System\QJzQRMd.exe
  2⤵
  PID:2708
- C:\Windows\System\mHTFNwm.exe
  C:\Windows\System\mHTFNwm.exe
  2⤵
  PID:2264
- C:\Windows\System\umWNcgp.exe
  C:\Windows\System\umWNcgp.exe
  2⤵
  PID:568
- C:\Windows\System\GLywrfu.exe
  C:\Windows\System\GLywrfu.exe
  2⤵
  PID:3000
- C:\Windows\System\Gfswcdd.exe
  C:\Windows\System\Gfswcdd.exe
  2⤵
  PID:2588
- C:\Windows\System\pyJGWRW.exe
  C:\Windows\System\pyJGWRW.exe
  2⤵
  PID:2304
- C:\Windows\System\exEBfFP.exe
  C:\Windows\System\exEBfFP.exe
  2⤵
  PID:320
- C:\Windows\System\gZvYgEC.exe
  C:\Windows\System\gZvYgEC.exe
  2⤵
  PID:2976
- C:\Windows\System\JnMSehG.exe
  C:\Windows\System\JnMSehG.exe
  2⤵
  PID:2356
- C:\Windows\System\YrkMFWr.exe
  C:\Windows\System\YrkMFWr.exe
  2⤵
  PID:2292
- C:\Windows\System\vfyeDcH.exe
  C:\Windows\System\vfyeDcH.exe
  2⤵
  PID:2580
- C:\Windows\System\ziJGdJw.exe
  C:\Windows\System\ziJGdJw.exe
  2⤵
  PID:3048
- C:\Windows\System\SFvroYh.exe
  C:\Windows\System\SFvroYh.exe
  2⤵
  PID:3056
- C:\Windows\System\wbOzxaY.exe
  C:\Windows\System\wbOzxaY.exe
  2⤵
  PID:1344
- C:\Windows\System\opiPnOD.exe
  C:\Windows\System\opiPnOD.exe
  2⤵
  PID:2424
- C:\Windows\System\ejwShlG.exe
  C:\Windows\System\ejwShlG.exe
  2⤵
  PID:988
- C:\Windows\System\kcVUNEo.exe
  C:\Windows\System\kcVUNEo.exe
  2⤵
  PID:2540
- C:\Windows\System\xBDXDWq.exe
  C:\Windows\System\xBDXDWq.exe
  2⤵
  PID:1944
- C:\Windows\System\ZjuDqRL.exe
  C:\Windows\System\ZjuDqRL.exe
  2⤵
  PID:900
- C:\Windows\System\QInfKMq.exe
  C:\Windows\System\QInfKMq.exe
  2⤵
  PID:1296
- C:\Windows\System\PtxOwwR.exe
  C:\Windows\System\PtxOwwR.exe
  2⤵
  PID:3036
- C:\Windows\System\TlsMCkV.exe
  C:\Windows\System\TlsMCkV.exe
  2⤵
  PID:1748
- C:\Windows\System\NsMrCWN.exe
  C:\Windows\System\NsMrCWN.exe
  2⤵
  PID:1500
- C:\Windows\System\KoMmSes.exe
  C:\Windows\System\KoMmSes.exe
  2⤵
  PID:1980
- C:\Windows\System\efztlZz.exe
  C:\Windows\System\efztlZz.exe
  2⤵
  PID:880
- C:\Windows\System\oCkZxMy.exe
  C:\Windows\System\oCkZxMy.exe
  2⤵
  PID:1600
- C:\Windows\System\kThpWmt.exe
  C:\Windows\System\kThpWmt.exe
  2⤵
  PID:1576
- C:\Windows\System\WxaiIzC.exe
  C:\Windows\System\WxaiIzC.exe
  2⤵
  PID:1736
- C:\Windows\System\yrPcoAE.exe
  C:\Windows\System\yrPcoAE.exe
  2⤵
  PID:3004
- C:\Windows\System\eRBbagM.exe
  C:\Windows\System\eRBbagM.exe
  2⤵
  PID:2820
- C:\Windows\System\FBqBRrQ.exe
  C:\Windows\System\FBqBRrQ.exe
  2⤵
  PID:2940
- C:\Windows\System\jgQrJWt.exe
  C:\Windows\System\jgQrJWt.exe
  2⤵
  PID:2852
- C:\Windows\System\LYxNjaa.exe
  C:\Windows\System\LYxNjaa.exe
  2⤵
  PID:2332
- C:\Windows\System\FslQSNO.exe
  C:\Windows\System\FslQSNO.exe
  2⤵
  PID:584
- C:\Windows\System\JqCCNPW.exe
  C:\Windows\System\JqCCNPW.exe
  2⤵
  PID:840
- C:\Windows\System\kvcdFuZ.exe
  C:\Windows\System\kvcdFuZ.exe
  2⤵
  PID:336
- C:\Windows\System\RGVAeAX.exe
  C:\Windows\System\RGVAeAX.exe
  2⤵
  PID:2452
- C:\Windows\System\pZqVuXS.exe
  C:\Windows\System\pZqVuXS.exe
  2⤵
  PID:1816
- C:\Windows\System\EQPqNVD.exe
  C:\Windows\System\EQPqNVD.exe
  2⤵
  PID:812
- C:\Windows\System\bjtHQmv.exe
  C:\Windows\System\bjtHQmv.exe
  2⤵
  PID:1312
- C:\Windows\System\HCEyDee.exe
  C:\Windows\System\HCEyDee.exe
  2⤵
  PID:1544
- C:\Windows\System\UAhCLVc.exe
  C:\Windows\System\UAhCLVc.exe
  2⤵
  PID:832
- C:\Windows\System\zrOIdbT.exe
  C:\Windows\System\zrOIdbT.exe
  2⤵
  PID:1556
- C:\Windows\System\BCdanPP.exe
  C:\Windows\System\BCdanPP.exe
  2⤵
  PID:868
- C:\Windows\System\JmmQYxJ.exe
  C:\Windows\System\JmmQYxJ.exe
  2⤵
  PID:2280
- C:\Windows\System\qIMDeih.exe
  C:\Windows\System\qIMDeih.exe
  2⤵
  PID:1672
- C:\Windows\System\YqFLIFF.exe
  C:\Windows\System\YqFLIFF.exe
  2⤵
  PID:1508
- C:\Windows\System\PCSoCoT.exe
  C:\Windows\System\PCSoCoT.exe
  2⤵
  PID:2760
- C:\Windows\System\KIwhsgZ.exe
  C:\Windows\System\KIwhsgZ.exe
  2⤵
  PID:2900
- C:\Windows\System\gWDrNWP.exe
  C:\Windows\System\gWDrNWP.exe
  2⤵
  PID:3096
- C:\Windows\System\SeNzvLS.exe
  C:\Windows\System\SeNzvLS.exe
  2⤵
  PID:3116
- C:\Windows\System\FjeSAjt.exe
  C:\Windows\System\FjeSAjt.exe
  2⤵
  PID:3136
- C:\Windows\System\QSzANpg.exe
  C:\Windows\System\QSzANpg.exe
  2⤵
  PID:3156
- C:\Windows\System\xUvrubj.exe
  C:\Windows\System\xUvrubj.exe
  2⤵
  PID:3172
- C:\Windows\System\FNMIxhR.exe
  C:\Windows\System\FNMIxhR.exe
  2⤵
  PID:3192
- C:\Windows\System\KhDHHLB.exe
  C:\Windows\System\KhDHHLB.exe
  2⤵
  PID:3216
- C:\Windows\System\qBguJwP.exe
  C:\Windows\System\qBguJwP.exe
  2⤵
  PID:3236
- C:\Windows\System\Cjivzqe.exe
  C:\Windows\System\Cjivzqe.exe
  2⤵
  PID:3252
- C:\Windows\System\FJZdPTx.exe
  C:\Windows\System\FJZdPTx.exe
  2⤵
  PID:3276
- C:\Windows\System\LXbZLLd.exe
  C:\Windows\System\LXbZLLd.exe
  2⤵
  PID:3296
- C:\Windows\System\LJpRgxa.exe
  C:\Windows\System\LJpRgxa.exe
  2⤵
  PID:3312
- C:\Windows\System\KgNRavW.exe
  C:\Windows\System\KgNRavW.exe
  2⤵
  PID:3332
- C:\Windows\System\blZGaCS.exe
  C:\Windows\System\blZGaCS.exe
  2⤵
  PID:3352
- C:\Windows\System\YCRPqBw.exe
  C:\Windows\System\YCRPqBw.exe
  2⤵
  PID:3372
- C:\Windows\System\GUjCPaM.exe
  C:\Windows\System\GUjCPaM.exe
  2⤵
  PID:3392
- C:\Windows\System\gnCBBsE.exe
  C:\Windows\System\gnCBBsE.exe
  2⤵
  PID:3412
- C:\Windows\System\oHfkSiX.exe
  C:\Windows\System\oHfkSiX.exe
  2⤵
  PID:3436
- C:\Windows\System\cilGgSF.exe
  C:\Windows\System\cilGgSF.exe
  2⤵
  PID:3452
- C:\Windows\System\yBHtEkI.exe
  C:\Windows\System\yBHtEkI.exe
  2⤵
  PID:3476
- C:\Windows\System\xQHKhip.exe
  C:\Windows\System\xQHKhip.exe
  2⤵
  PID:3492
- C:\Windows\System\azXqwFj.exe
  C:\Windows\System\azXqwFj.exe
  2⤵
  PID:3512
- C:\Windows\System\BbekIuy.exe
  C:\Windows\System\BbekIuy.exe
  2⤵
  PID:3528
- C:\Windows\System\SfqRwtu.exe
  C:\Windows\System\SfqRwtu.exe
  2⤵
  PID:3552
- C:\Windows\System\bupTzxu.exe
  C:\Windows\System\bupTzxu.exe
  2⤵
  PID:3572
- C:\Windows\System\wbymbiK.exe
  C:\Windows\System\wbymbiK.exe
  2⤵
  PID:3596
- C:\Windows\System\yYRbsLX.exe
  C:\Windows\System\yYRbsLX.exe
  2⤵
  PID:3612
- C:\Windows\System\WFULxsF.exe
  C:\Windows\System\WFULxsF.exe
  2⤵
  PID:3636
- C:\Windows\System\TwVBxaQ.exe
  C:\Windows\System\TwVBxaQ.exe
  2⤵
  PID:3652
- C:\Windows\System\cUsZQXm.exe
  C:\Windows\System\cUsZQXm.exe
  2⤵
  PID:3672
- C:\Windows\System\MdXkcUV.exe
  C:\Windows\System\MdXkcUV.exe
  2⤵
  PID:3688
- C:\Windows\System\rMBAKIX.exe
  C:\Windows\System\rMBAKIX.exe
  2⤵
  PID:3708
- C:\Windows\System\pKdbIOJ.exe
  C:\Windows\System\pKdbIOJ.exe
  2⤵
  PID:3736
- C:\Windows\System\yszNKgr.exe
  C:\Windows\System\yszNKgr.exe
  2⤵
  PID:3756
- C:\Windows\System\yNiihdH.exe
  C:\Windows\System\yNiihdH.exe
  2⤵
  PID:3776
- C:\Windows\System\hNKIEpx.exe
  C:\Windows\System\hNKIEpx.exe
  2⤵
  PID:3796
- C:\Windows\System\yKlvqEa.exe
  C:\Windows\System\yKlvqEa.exe
  2⤵
  PID:3812
- C:\Windows\System\JoryOlw.exe
  C:\Windows\System\JoryOlw.exe
  2⤵
  PID:3836
- C:\Windows\System\SZrIbIa.exe
  C:\Windows\System\SZrIbIa.exe
  2⤵
  PID:3852
- C:\Windows\System\onjGXQk.exe
  C:\Windows\System\onjGXQk.exe
  2⤵
  PID:3872
- C:\Windows\System\dpHHUTB.exe
  C:\Windows\System\dpHHUTB.exe
  2⤵
  PID:3888
- C:\Windows\System\JWzbMrZ.exe
  C:\Windows\System\JWzbMrZ.exe
  2⤵
  PID:3916
- C:\Windows\System\FhWMuAk.exe
  C:\Windows\System\FhWMuAk.exe
  2⤵
  PID:3932
- C:\Windows\System\IiTVGve.exe
  C:\Windows\System\IiTVGve.exe
  2⤵
  PID:3948
- C:\Windows\System\TkeGKHk.exe
  C:\Windows\System\TkeGKHk.exe
  2⤵
  PID:3976
- C:\Windows\System\AmUDUDJ.exe
  C:\Windows\System\AmUDUDJ.exe
  2⤵
  PID:3996
- C:\Windows\System\aZzQamH.exe
  C:\Windows\System\aZzQamH.exe
  2⤵
  PID:4016
- C:\Windows\System\BBwECnt.exe
  C:\Windows\System\BBwECnt.exe
  2⤵
  PID:4032
- C:\Windows\System\DrEuOQt.exe
  C:\Windows\System\DrEuOQt.exe
  2⤵
  PID:4048
- C:\Windows\System\otZGbIj.exe
  C:\Windows\System\otZGbIj.exe
  2⤵
  PID:4064
- C:\Windows\System\jDALgPi.exe
  C:\Windows\System\jDALgPi.exe
  2⤵
  PID:4088
- C:\Windows\System\beeiFyd.exe
  C:\Windows\System\beeiFyd.exe
  2⤵
  PID:2948
- C:\Windows\System\JTJDvBr.exe
  C:\Windows\System\JTJDvBr.exe
  2⤵
  PID:2224
- C:\Windows\System\vsFoapX.exe
  C:\Windows\System\vsFoapX.exe
  2⤵
  PID:1028
- C:\Windows\System\NtBStVt.exe
  C:\Windows\System\NtBStVt.exe
  2⤵
  PID:1036
- C:\Windows\System\lnkRXDG.exe
  C:\Windows\System\lnkRXDG.exe
  2⤵
  PID:1972
- C:\Windows\System\RJgAYmy.exe
  C:\Windows\System\RJgAYmy.exe
  2⤵
  PID:1688
- C:\Windows\System\dnuiOVT.exe
  C:\Windows\System\dnuiOVT.exe
  2⤵
  PID:1012
- C:\Windows\System\PjssudK.exe
  C:\Windows\System\PjssudK.exe
  2⤵
  PID:2544
- C:\Windows\System\sdIqaGC.exe
  C:\Windows\System\sdIqaGC.exe
  2⤵
  PID:1224
- C:\Windows\System\rEyRAZY.exe
  C:\Windows\System\rEyRAZY.exe
  2⤵
  PID:2864
- C:\Windows\System\MNZtzIi.exe
  C:\Windows\System\MNZtzIi.exe
  2⤵
  PID:3024
- C:\Windows\System\EmzOnKZ.exe
  C:\Windows\System\EmzOnKZ.exe
  2⤵
  PID:2068
- C:\Windows\System\YcgphMV.exe
  C:\Windows\System\YcgphMV.exe
  2⤵
  PID:3108
- C:\Windows\System\sVRtSSr.exe
  C:\Windows\System\sVRtSSr.exe
  2⤵
  PID:3148
- C:\Windows\System\CVhCLkO.exe
  C:\Windows\System\CVhCLkO.exe
  2⤵
  PID:3132
- C:\Windows\System\IZGQBqt.exe
  C:\Windows\System\IZGQBqt.exe
  2⤵
  PID:3224
- C:\Windows\System\wsbXhZT.exe
  C:\Windows\System\wsbXhZT.exe
  2⤵
  PID:3208
- C:\Windows\System\QNdEATy.exe
  C:\Windows\System\QNdEATy.exe
  2⤵
  PID:3244
- C:\Windows\System\lQvgdvN.exe
  C:\Windows\System\lQvgdvN.exe
  2⤵
  PID:3340
- C:\Windows\System\zNSQJWp.exe
  C:\Windows\System\zNSQJWp.exe
  2⤵
  PID:3324
- C:\Windows\System\paZnypr.exe
  C:\Windows\System\paZnypr.exe
  2⤵
  PID:3364
- C:\Windows\System\JbukrLD.exe
  C:\Windows\System\JbukrLD.exe
  2⤵
  PID:3424
- C:\Windows\System\KwsJhtH.exe
  C:\Windows\System\KwsJhtH.exe
  2⤵
  PID:3460
- C:\Windows\System\ZCGNlEY.exe
  C:\Windows\System\ZCGNlEY.exe
  2⤵
  PID:3500
- C:\Windows\System\xnNhbxx.exe
  C:\Windows\System\xnNhbxx.exe
  2⤵
  PID:3448
- C:\Windows\System\ByxUtsG.exe
  C:\Windows\System\ByxUtsG.exe
  2⤵
  PID:3484
- C:\Windows\System\PTNgfsO.exe
  C:\Windows\System\PTNgfsO.exe
  2⤵
  PID:3592
- C:\Windows\System\xyrpeAp.exe
  C:\Windows\System\xyrpeAp.exe
  2⤵
  PID:3604
- C:\Windows\System\rUOCiTh.exe
  C:\Windows\System\rUOCiTh.exe
  2⤵
  PID:3608
- C:\Windows\System\kZlkQvs.exe
  C:\Windows\System\kZlkQvs.exe
  2⤵
  PID:3664
- C:\Windows\System\ycVnvaX.exe
  C:\Windows\System\ycVnvaX.exe
  2⤵
  PID:3684
- C:\Windows\System\pribFFp.exe
  C:\Windows\System\pribFFp.exe
  2⤵
  PID:3744
- C:\Windows\System\FszDCJy.exe
  C:\Windows\System\FszDCJy.exe
  2⤵
  PID:3724
- C:\Windows\System\VqjDLEE.exe
  C:\Windows\System\VqjDLEE.exe
  2⤵
  PID:3772
- C:\Windows\System\YyhSwgM.exe
  C:\Windows\System\YyhSwgM.exe
  2⤵
  PID:3808
- C:\Windows\System\nEDVSPp.exe
  C:\Windows\System\nEDVSPp.exe
  2⤵
  PID:3896
- C:\Windows\System\YFDjmQA.exe
  C:\Windows\System\YFDjmQA.exe
  2⤵
  PID:3908
- C:\Windows\System\xoBNOwu.exe
  C:\Windows\System\xoBNOwu.exe
  2⤵
  PID:3928
- C:\Windows\System\SbuuRdw.exe
  C:\Windows\System\SbuuRdw.exe
  2⤵
  PID:3964
- C:\Windows\System\bXrGHdD.exe
  C:\Windows\System\bXrGHdD.exe
  2⤵
  PID:3988
- C:\Windows\System\JEGLPqM.exe
  C:\Windows\System\JEGLPqM.exe
  2⤵
  PID:2840
- C:\Windows\System\GKJzmIC.exe
  C:\Windows\System\GKJzmIC.exe
  2⤵
  PID:2792
- C:\Windows\System\RRCSWAS.exe
  C:\Windows\System\RRCSWAS.exe
  2⤵
  PID:4044
- C:\Windows\System\jKHugYH.exe
  C:\Windows\System\jKHugYH.exe
  2⤵
  PID:4084
- C:\Windows\System\obxFwwb.exe
  C:\Windows\System\obxFwwb.exe
  2⤵
  PID:696
- C:\Windows\System\swrxIeu.exe
  C:\Windows\System\swrxIeu.exe
  2⤵
  PID:576
- C:\Windows\System\kkNguwG.exe
  C:\Windows\System\kkNguwG.exe
  2⤵
  PID:1684
- C:\Windows\System\SbDcoxq.exe
  C:\Windows\System\SbDcoxq.exe
  2⤵
  PID:1792
- C:\Windows\System\COUrGoX.exe
  C:\Windows\System\COUrGoX.exe
  2⤵
  PID:2560
- C:\Windows\System\xabuxVX.exe
  C:\Windows\System\xabuxVX.exe
  2⤵
  PID:1920
- C:\Windows\System\QVebWrY.exe
  C:\Windows\System\QVebWrY.exe
  2⤵
  PID:3128
- C:\Windows\System\XZePrAT.exe
  C:\Windows\System\XZePrAT.exe
  2⤵
  PID:3204
- C:\Windows\System\IdWrhfO.exe
  C:\Windows\System\IdWrhfO.exe
  2⤵
  PID:3164
- C:\Windows\System\ZiVQuyx.exe
  C:\Windows\System\ZiVQuyx.exe
  2⤵
  PID:3388
- C:\Windows\System\WYzZwWh.exe
  C:\Windows\System\WYzZwWh.exe
  2⤵
  PID:3344
- C:\Windows\System\XHFFgcD.exe
  C:\Windows\System\XHFFgcD.exe
  2⤵
  PID:3420
- C:\Windows\System\TQsAeUb.exe
  C:\Windows\System\TQsAeUb.exe
  2⤵
  PID:3540
- C:\Windows\System\AgJqkTz.exe
  C:\Windows\System\AgJqkTz.exe
  2⤵
  PID:3464
- C:\Windows\System\JIdFYyb.exe
  C:\Windows\System\JIdFYyb.exe
  2⤵
  PID:3548
- C:\Windows\System\JbYaNzQ.exe
  C:\Windows\System\JbYaNzQ.exe
  2⤵
  PID:3560
- C:\Windows\System\ksDdBwu.exe
  C:\Windows\System\ksDdBwu.exe
  2⤵
  PID:3732
- C:\Windows\System\CwiOtLx.exe
  C:\Windows\System\CwiOtLx.exe
  2⤵
  PID:3828
- C:\Windows\System\gbKJzmb.exe
  C:\Windows\System\gbKJzmb.exe
  2⤵
  PID:3792
- C:\Windows\System\FQgvAQx.exe
  C:\Windows\System\FQgvAQx.exe
  2⤵
  PID:3864
- C:\Windows\System\BbJECBS.exe
  C:\Windows\System\BbJECBS.exe
  2⤵
  PID:3944
- C:\Windows\System\ZFZrNTn.exe
  C:\Windows\System\ZFZrNTn.exe
  2⤵
  PID:3956
- C:\Windows\System\YqrBHUJ.exe
  C:\Windows\System\YqrBHUJ.exe
  2⤵
  PID:3992
- C:\Windows\System\nCqhYvq.exe
  C:\Windows\System\nCqhYvq.exe
  2⤵
  PID:4008
- C:\Windows\System\UerGQAS.exe
  C:\Windows\System\UerGQAS.exe
  2⤵
  PID:4080
- C:\Windows\System\PHyWhKo.exe
  C:\Windows\System\PHyWhKo.exe
  2⤵
  PID:2160
- C:\Windows\System\TGLlexD.exe
  C:\Windows\System\TGLlexD.exe
  2⤵
  PID:2352
- C:\Windows\System\zRaxNXH.exe
  C:\Windows\System\zRaxNXH.exe
  2⤵
  PID:2088
- C:\Windows\System\YYWxxwz.exe
  C:\Windows\System\YYWxxwz.exe
  2⤵
  PID:3112
- C:\Windows\System\AnYLhSO.exe
  C:\Windows\System\AnYLhSO.exe
  2⤵
  PID:3228
- C:\Windows\System\bnUhXPc.exe
  C:\Windows\System\bnUhXPc.exe
  2⤵
  PID:3320
- C:\Windows\System\tRWJTOf.exe
  C:\Windows\System\tRWJTOf.exe
  2⤵
  PID:3292
- C:\Windows\System\UlIMzwZ.exe
  C:\Windows\System\UlIMzwZ.exe
  2⤵
  PID:3404
- C:\Windows\System\OvSsruU.exe
  C:\Windows\System\OvSsruU.exe
  2⤵
  PID:3584
- C:\Windows\System\hLhVFbk.exe
  C:\Windows\System\hLhVFbk.exe
  2⤵
  PID:3568
- C:\Windows\System\VQFlSUe.exe
  C:\Windows\System\VQFlSUe.exe
  2⤵
  PID:3660
- C:\Windows\System\wzcyKfd.exe
  C:\Windows\System\wzcyKfd.exe
  2⤵
  PID:4108
- C:\Windows\System\EmolAuU.exe
  C:\Windows\System\EmolAuU.exe
  2⤵
  PID:4128
- C:\Windows\System\KYNzAKG.exe
  C:\Windows\System\KYNzAKG.exe
  2⤵
  PID:4148
- C:\Windows\System\jRvdiqc.exe
  C:\Windows\System\jRvdiqc.exe
  2⤵
  PID:4168
- C:\Windows\System\SAGryuH.exe
  C:\Windows\System\SAGryuH.exe
  2⤵
  PID:4188
- C:\Windows\System\REdsoHW.exe
  C:\Windows\System\REdsoHW.exe
  2⤵
  PID:4208
- C:\Windows\System\vfcKuxc.exe
  C:\Windows\System\vfcKuxc.exe
  2⤵
  PID:4228
- C:\Windows\System\WvpvHYT.exe
  C:\Windows\System\WvpvHYT.exe
  2⤵
  PID:4248
- C:\Windows\System\oBjOQXf.exe
  C:\Windows\System\oBjOQXf.exe
  2⤵
  PID:4268
- C:\Windows\System\QbiAWPd.exe
  C:\Windows\System\QbiAWPd.exe
  2⤵
  PID:4288
- C:\Windows\System\RSspVhq.exe
  C:\Windows\System\RSspVhq.exe
  2⤵
  PID:4308
- C:\Windows\System\ulOPIMu.exe
  C:\Windows\System\ulOPIMu.exe
  2⤵
  PID:4328
- C:\Windows\System\VysRxLe.exe
  C:\Windows\System\VysRxLe.exe
  2⤵
  PID:4348
- C:\Windows\System\blnRYJY.exe
  C:\Windows\System\blnRYJY.exe
  2⤵
  PID:4368
- C:\Windows\System\HswcOEy.exe
  C:\Windows\System\HswcOEy.exe
  2⤵
  PID:4388
- C:\Windows\System\AOvLvzq.exe
  C:\Windows\System\AOvLvzq.exe
  2⤵
  PID:4408
- C:\Windows\System\hKENZLz.exe
  C:\Windows\System\hKENZLz.exe
  2⤵
  PID:4428
- C:\Windows\System\ukDtyLW.exe
  C:\Windows\System\ukDtyLW.exe
  2⤵
  PID:4448
- C:\Windows\System\xiCQxIm.exe
  C:\Windows\System\xiCQxIm.exe
  2⤵
  PID:4468
- C:\Windows\System\xlsaCJo.exe
  C:\Windows\System\xlsaCJo.exe
  2⤵
  PID:4488
- C:\Windows\System\pRTbsPP.exe
  C:\Windows\System\pRTbsPP.exe
  2⤵
  PID:4508
- C:\Windows\System\pbtSgSn.exe
  C:\Windows\System\pbtSgSn.exe
  2⤵
  PID:4528
- C:\Windows\System\oKQfxKJ.exe
  C:\Windows\System\oKQfxKJ.exe
  2⤵
  PID:4548
- C:\Windows\System\iolcSiI.exe
  C:\Windows\System\iolcSiI.exe
  2⤵
  PID:4568
- C:\Windows\System\xTYIkRW.exe
  C:\Windows\System\xTYIkRW.exe
  2⤵
  PID:4588
- C:\Windows\System\ZLOCyLo.exe
  C:\Windows\System\ZLOCyLo.exe
  2⤵
  PID:4608
- C:\Windows\System\xPjlXJT.exe
  C:\Windows\System\xPjlXJT.exe
  2⤵
  PID:4628
- C:\Windows\System\DLsGLzQ.exe
  C:\Windows\System\DLsGLzQ.exe
  2⤵
  PID:4648
- C:\Windows\System\HPouGov.exe
  C:\Windows\System\HPouGov.exe
  2⤵
  PID:4668
- C:\Windows\System\RAjeZSj.exe
  C:\Windows\System\RAjeZSj.exe
  2⤵
  PID:4688
- C:\Windows\System\OAdsTec.exe
  C:\Windows\System\OAdsTec.exe
  2⤵
  PID:4708
- C:\Windows\System\UHMUcmx.exe
  C:\Windows\System\UHMUcmx.exe
  2⤵
  PID:4728
- C:\Windows\System\QibbLpl.exe
  C:\Windows\System\QibbLpl.exe
  2⤵
  PID:4748
- C:\Windows\System\QbHGXwi.exe
  C:\Windows\System\QbHGXwi.exe
  2⤵
  PID:4768
- C:\Windows\System\wlczhxm.exe
  C:\Windows\System\wlczhxm.exe
  2⤵
  PID:4788
- C:\Windows\System\chHrsBz.exe
  C:\Windows\System\chHrsBz.exe
  2⤵
  PID:4808
- C:\Windows\System\usYmviW.exe
  C:\Windows\System\usYmviW.exe
  2⤵
  PID:4828
- C:\Windows\System\qZqTZkb.exe
  C:\Windows\System\qZqTZkb.exe
  2⤵
  PID:4848
- C:\Windows\System\rfUlBGg.exe
  C:\Windows\System\rfUlBGg.exe
  2⤵
  PID:4868
- C:\Windows\System\HmToGAU.exe
  C:\Windows\System\HmToGAU.exe
  2⤵
  PID:4888
- C:\Windows\System\hCSnACC.exe
  C:\Windows\System\hCSnACC.exe
  2⤵
  PID:4908
- C:\Windows\System\pPECUNK.exe
  C:\Windows\System\pPECUNK.exe
  2⤵
  PID:4928
- C:\Windows\System\kgOhTwb.exe
  C:\Windows\System\kgOhTwb.exe
  2⤵
  PID:4948
- C:\Windows\System\wglgDmM.exe
  C:\Windows\System\wglgDmM.exe
  2⤵
  PID:4968
- C:\Windows\System\uVFZEMI.exe
  C:\Windows\System\uVFZEMI.exe
  2⤵
  PID:4988
- C:\Windows\System\ffrZByu.exe
  C:\Windows\System\ffrZByu.exe
  2⤵
  PID:5008
- C:\Windows\System\cxDiUGa.exe
  C:\Windows\System\cxDiUGa.exe
  2⤵
  PID:5028
- C:\Windows\System\pUGGfQV.exe
  C:\Windows\System\pUGGfQV.exe
  2⤵
  PID:5048
- C:\Windows\System\rDAnIin.exe
  C:\Windows\System\rDAnIin.exe
  2⤵
  PID:5068
- C:\Windows\System\qyefyQX.exe
  C:\Windows\System\qyefyQX.exe
  2⤵
  PID:5088
- C:\Windows\System\rSPRXrL.exe
  C:\Windows\System\rSPRXrL.exe
  2⤵
  PID:5108
- C:\Windows\System\VHJBxJq.exe
  C:\Windows\System\VHJBxJq.exe
  2⤵
  PID:3844
- C:\Windows\System\iuhSgpP.exe
  C:\Windows\System\iuhSgpP.exe
  2⤵
  PID:3904
- C:\Windows\System\gXORxvE.exe
  C:\Windows\System\gXORxvE.exe
  2⤵
  PID:4056
- C:\Windows\System\VeVgLTF.exe
  C:\Windows\System\VeVgLTF.exe
  2⤵
  PID:4076
- C:\Windows\System\tFbgUDA.exe
  C:\Windows\System\tFbgUDA.exe
  2⤵
  PID:484
- C:\Windows\System\QbdIPUy.exe
  C:\Windows\System\QbdIPUy.exe
  2⤵
  PID:3084
- C:\Windows\System\lqongoU.exe
  C:\Windows\System\lqongoU.exe
  2⤵
  PID:3184
- C:\Windows\System\EWiTjyQ.exe
  C:\Windows\System\EWiTjyQ.exe
  2⤵
  PID:3268
- C:\Windows\System\vEJNITw.exe
  C:\Windows\System\vEJNITw.exe
  2⤵
  PID:3628
- C:\Windows\System\vASKZUm.exe
  C:\Windows\System\vASKZUm.exe
  2⤵
  PID:3632
- C:\Windows\System\NJaDIuv.exe
  C:\Windows\System\NJaDIuv.exe
  2⤵
  PID:3668
- C:\Windows\System\xVjNSsK.exe
  C:\Windows\System\xVjNSsK.exe
  2⤵
  PID:4120
- C:\Windows\System\Ywstkig.exe
  C:\Windows\System\Ywstkig.exe
  2⤵
  PID:4176
- C:\Windows\System\zISKZOm.exe
  C:\Windows\System\zISKZOm.exe
  2⤵
  PID:4204
- C:\Windows\System\vmgPuxd.exe
  C:\Windows\System\vmgPuxd.exe
  2⤵
  PID:4236
- C:\Windows\System\GWiwgXQ.exe
  C:\Windows\System\GWiwgXQ.exe
  2⤵
  PID:4260
- C:\Windows\System\UxUzRwi.exe
  C:\Windows\System\UxUzRwi.exe
  2⤵
  PID:4304
- C:\Windows\System\dUBlGvZ.exe
  C:\Windows\System\dUBlGvZ.exe
  2⤵
  PID:4320
- C:\Windows\System\fsYXxrr.exe
  C:\Windows\System\fsYXxrr.exe
  2⤵
  PID:4376
- C:\Windows\System\QVyItqR.exe
  C:\Windows\System\QVyItqR.exe
  2⤵
  PID:4416
- C:\Windows\System\FFToGUo.exe
  C:\Windows\System\FFToGUo.exe
  2⤵
  PID:4436
- C:\Windows\System\WPdXfuY.exe
  C:\Windows\System\WPdXfuY.exe
  2⤵
  PID:4460
- C:\Windows\System\jUIIeMn.exe
  C:\Windows\System\jUIIeMn.exe
  2⤵
  PID:4504
- C:\Windows\System\tGOIbtg.exe
  C:\Windows\System\tGOIbtg.exe
  2⤵
  PID:4520
- C:\Windows\System\rspatxp.exe
  C:\Windows\System\rspatxp.exe
  2⤵
  PID:4584
- C:\Windows\System\yxJDQEF.exe
  C:\Windows\System\yxJDQEF.exe
  2⤵
  PID:4616
- C:\Windows\System\LmbRUcy.exe
  C:\Windows\System\LmbRUcy.exe
  2⤵
  PID:4636
- C:\Windows\System\pkwVHzZ.exe
  C:\Windows\System\pkwVHzZ.exe
  2⤵
  PID:4660
- C:\Windows\System\IGHpgJl.exe
  C:\Windows\System\IGHpgJl.exe
  2⤵
  PID:4704
- C:\Windows\System\ZEWRfLr.exe
  C:\Windows\System\ZEWRfLr.exe
  2⤵
  PID:4720
- C:\Windows\System\WlkbAtW.exe
  C:\Windows\System\WlkbAtW.exe
  2⤵
  PID:4784
- C:\Windows\System\LZyFeWB.exe
  C:\Windows\System\LZyFeWB.exe
  2⤵
  PID:4796
- C:\Windows\System\zKjEUIi.exe
  C:\Windows\System\zKjEUIi.exe
  2⤵
  PID:4836
- C:\Windows\System\TyTmmWP.exe
  C:\Windows\System\TyTmmWP.exe
  2⤵
  PID:4860
- C:\Windows\System\XQrtnUG.exe
  C:\Windows\System\XQrtnUG.exe
  2⤵
  PID:4904
- C:\Windows\System\PBmFnch.exe
  C:\Windows\System\PBmFnch.exe
  2⤵
  PID:4940
- C:\Windows\System\UvVUtri.exe
  C:\Windows\System\UvVUtri.exe
  2⤵
  PID:4964
- C:\Windows\System\AFIpTeT.exe
  C:\Windows\System\AFIpTeT.exe
  2⤵
  PID:5004
- C:\Windows\System\IYtCHxl.exe
  C:\Windows\System\IYtCHxl.exe
  2⤵
  PID:5044
- C:\Windows\System\HXfPxSZ.exe
  C:\Windows\System\HXfPxSZ.exe
  2⤵
  PID:5084
- C:\Windows\System\uoOOIXZ.exe
  C:\Windows\System\uoOOIXZ.exe
  2⤵
  PID:5116
- C:\Windows\System\glKZwLN.exe
  C:\Windows\System\glKZwLN.exe
  2⤵
  PID:3880
- C:\Windows\System\gyTuqJG.exe
  C:\Windows\System\gyTuqJG.exe
  2⤵
  PID:3924
- C:\Windows\System\gEpwalO.exe
  C:\Windows\System\gEpwalO.exe
  2⤵
  PID:1516
- C:\Windows\System\NkQLLKS.exe
  C:\Windows\System\NkQLLKS.exe
  2⤵
  PID:3264
- C:\Windows\System\KCTbtLS.exe
  C:\Windows\System\KCTbtLS.exe
  2⤵
  PID:3508
- C:\Windows\System\IbkqClU.exe
  C:\Windows\System\IbkqClU.exe
  2⤵
  PID:4104
- C:\Windows\System\LBlihLo.exe
  C:\Windows\System\LBlihLo.exe
  2⤵
  PID:4160
- C:\Windows\System\xsNvscf.exe
  C:\Windows\System\xsNvscf.exe
  2⤵
  PID:4200
- C:\Windows\System\OwNAScm.exe
  C:\Windows\System\OwNAScm.exe
  2⤵
  PID:4316
- C:\Windows\System\ltDdgad.exe
  C:\Windows\System\ltDdgad.exe
  2⤵
  PID:4340
- C:\Windows\System\sFiENge.exe
  C:\Windows\System\sFiENge.exe
  2⤵
  PID:4404
- C:\Windows\System\AvNaBkR.exe
  C:\Windows\System\AvNaBkR.exe
  2⤵
  PID:4516
- C:\Windows\System\YvRbpjZ.exe
  C:\Windows\System\YvRbpjZ.exe
  2⤵
  PID:4524
- C:\Windows\System\OxFrjtr.exe
  C:\Windows\System\OxFrjtr.exe
  2⤵
  PID:4556
- C:\Windows\System\hdJXTTr.exe
  C:\Windows\System\hdJXTTr.exe
  2⤵
  PID:4656
- C:\Windows\System\ngLvumX.exe
  C:\Windows\System\ngLvumX.exe
  2⤵
  PID:4716
- C:\Windows\System\RvaEPhQ.exe
  C:\Windows\System\RvaEPhQ.exe
  2⤵
  PID:4776
- C:\Windows\System\vHLjVcI.exe
  C:\Windows\System\vHLjVcI.exe
  2⤵
  PID:4804
- C:\Windows\System\gnmDkQA.exe
  C:\Windows\System\gnmDkQA.exe
  2⤵
  PID:4856
- C:\Windows\System\DdgAPkW.exe
  C:\Windows\System\DdgAPkW.exe
  2⤵
  PID:4916
- C:\Windows\System\BCNuZtO.exe
  C:\Windows\System\BCNuZtO.exe
  2⤵
  PID:4996
- C:\Windows\System\mrfXJOh.exe
  C:\Windows\System\mrfXJOh.exe
  2⤵
  PID:5036
- C:\Windows\System\VDPTECz.exe
  C:\Windows\System\VDPTECz.exe
  2⤵
  PID:5100
- C:\Windows\System\zncxcKS.exe
  C:\Windows\System\zncxcKS.exe
  2⤵
  PID:3984
- C:\Windows\System\ylakIlu.exe
  C:\Windows\System\ylakIlu.exe
  2⤵
  PID:1032
- C:\Windows\System\nlSMeat.exe
  C:\Windows\System\nlSMeat.exe
  2⤵
  PID:3520
- C:\Windows\System\IoMICeL.exe
  C:\Windows\System\IoMICeL.exe
  2⤵
  PID:4196
- C:\Windows\System\myriMEH.exe
  C:\Windows\System\myriMEH.exe
  2⤵
  PID:4240
- C:\Windows\System\Dhysril.exe
  C:\Windows\System\Dhysril.exe
  2⤵
  PID:5136
- C:\Windows\System\GAZrJwU.exe
  C:\Windows\System\GAZrJwU.exe
  2⤵
  PID:5156
- C:\Windows\System\LfUBewp.exe
  C:\Windows\System\LfUBewp.exe
  2⤵
  PID:5176
- C:\Windows\System\sDyNwug.exe
  C:\Windows\System\sDyNwug.exe
  2⤵
  PID:5196
- C:\Windows\System\rxUXUnx.exe
  C:\Windows\System\rxUXUnx.exe
  2⤵
  PID:5216
- C:\Windows\System\bSJcVdO.exe
  C:\Windows\System\bSJcVdO.exe
  2⤵
  PID:5236
- C:\Windows\System\puqVQSH.exe
  C:\Windows\System\puqVQSH.exe
  2⤵
  PID:5256
- C:\Windows\System\ZHBzdID.exe
  C:\Windows\System\ZHBzdID.exe
  2⤵
  PID:5276
- C:\Windows\System\butrLbX.exe
  C:\Windows\System\butrLbX.exe
  2⤵
  PID:5296
- C:\Windows\System\vRRqajt.exe
  C:\Windows\System\vRRqajt.exe
  2⤵
  PID:5316
- C:\Windows\System\cGfooRP.exe
  C:\Windows\System\cGfooRP.exe
  2⤵
  PID:5336
- C:\Windows\System\hITOmcT.exe
  C:\Windows\System\hITOmcT.exe
  2⤵
  PID:5356
- C:\Windows\System\GlYmSXA.exe
  C:\Windows\System\GlYmSXA.exe
  2⤵
  PID:5376
- C:\Windows\System\kICkyPw.exe
  C:\Windows\System\kICkyPw.exe
  2⤵
  PID:5396
- C:\Windows\System\VCouCEo.exe
  C:\Windows\System\VCouCEo.exe
  2⤵
  PID:5416
- C:\Windows\System\GporMAm.exe
  C:\Windows\System\GporMAm.exe
  2⤵
  PID:5436
- C:\Windows\System\xMxJxvB.exe
  C:\Windows\System\xMxJxvB.exe
  2⤵
  PID:5456
- C:\Windows\System\moLNvTQ.exe
  C:\Windows\System\moLNvTQ.exe
  2⤵
  PID:5476
- C:\Windows\System\sgvuEJj.exe
  C:\Windows\System\sgvuEJj.exe
  2⤵
  PID:5496
- C:\Windows\System\EifpDhI.exe
  C:\Windows\System\EifpDhI.exe
  2⤵
  PID:5516
- C:\Windows\System\dGWDnzx.exe
  C:\Windows\System\dGWDnzx.exe
  2⤵
  PID:5536
- C:\Windows\System\ixvQlCk.exe
  C:\Windows\System\ixvQlCk.exe
  2⤵
  PID:5556
- C:\Windows\System\ffRCGDX.exe
  C:\Windows\System\ffRCGDX.exe
  2⤵
  PID:5576
- C:\Windows\System\HAHqmXQ.exe
  C:\Windows\System\HAHqmXQ.exe
  2⤵
  PID:5600
- C:\Windows\System\hRZQDwy.exe
  C:\Windows\System\hRZQDwy.exe
  2⤵
  PID:5620
- C:\Windows\System\TFjuwze.exe
  C:\Windows\System\TFjuwze.exe
  2⤵
  PID:5640
- C:\Windows\System\YxaAzdd.exe
  C:\Windows\System\YxaAzdd.exe
  2⤵
  PID:5660
- C:\Windows\System\divrNyu.exe
  C:\Windows\System\divrNyu.exe
  2⤵
  PID:5680
- C:\Windows\System\MhBARUw.exe
  C:\Windows\System\MhBARUw.exe
  2⤵
  PID:5700
- C:\Windows\System\XKJzqex.exe
  C:\Windows\System\XKJzqex.exe
  2⤵
  PID:5720
- C:\Windows\System\BMebwAA.exe
  C:\Windows\System\BMebwAA.exe
  2⤵
  PID:5740
- C:\Windows\System\DfRDgjG.exe
  C:\Windows\System\DfRDgjG.exe
  2⤵
  PID:5760
- C:\Windows\System\YHKzMMM.exe
  C:\Windows\System\YHKzMMM.exe
  2⤵
  PID:5776
- C:\Windows\System\jUcybnd.exe
  C:\Windows\System\jUcybnd.exe
  2⤵
  PID:5800
- C:\Windows\System\LdqkXSQ.exe
  C:\Windows\System\LdqkXSQ.exe
  2⤵
  PID:5820
- C:\Windows\System\JNFmfZI.exe
  C:\Windows\System\JNFmfZI.exe
  2⤵
  PID:5840
- C:\Windows\System\fcEXjCU.exe
  C:\Windows\System\fcEXjCU.exe
  2⤵
  PID:5860
- C:\Windows\System\dVhdYge.exe
  C:\Windows\System\dVhdYge.exe
  2⤵
  PID:5880
- C:\Windows\System\KPbIMem.exe
  C:\Windows\System\KPbIMem.exe
  2⤵
  PID:5900
- C:\Windows\System\LQDNHxr.exe
  C:\Windows\System\LQDNHxr.exe
  2⤵
  PID:5920
- C:\Windows\System\kVBYSPO.exe
  C:\Windows\System\kVBYSPO.exe
  2⤵
  PID:5940
- C:\Windows\System\cKhDLTu.exe
  C:\Windows\System\cKhDLTu.exe
  2⤵
  PID:5960
- C:\Windows\System\IwBnNcI.exe
  C:\Windows\System\IwBnNcI.exe
  2⤵
  PID:5980
- C:\Windows\System\unNYqFV.exe
  C:\Windows\System\unNYqFV.exe
  2⤵
  PID:6000
- C:\Windows\System\VLywAGT.exe
  C:\Windows\System\VLywAGT.exe
  2⤵
  PID:6020
- C:\Windows\System\HrCpLoJ.exe
  C:\Windows\System\HrCpLoJ.exe
  2⤵
  PID:6040
- C:\Windows\System\JGxdrPj.exe
  C:\Windows\System\JGxdrPj.exe
  2⤵
  PID:6060
- C:\Windows\System\EmFvnnk.exe
  C:\Windows\System\EmFvnnk.exe
  2⤵
  PID:6080
- C:\Windows\System\TkSnDUn.exe
  C:\Windows\System\TkSnDUn.exe
  2⤵
  PID:6100
- C:\Windows\System\bUOYrqg.exe
  C:\Windows\System\bUOYrqg.exe
  2⤵
  PID:6120
- C:\Windows\System\NcoBzNg.exe
  C:\Windows\System\NcoBzNg.exe
  2⤵
  PID:6140
- C:\Windows\System\fhzTEIh.exe
  C:\Windows\System\fhzTEIh.exe
  2⤵
  PID:4364
- C:\Windows\System\XTyGaQs.exe
  C:\Windows\System\XTyGaQs.exe
  2⤵
  PID:4440
- C:\Windows\System\cszbShn.exe
  C:\Windows\System\cszbShn.exe
  2⤵
  PID:4496
- C:\Windows\System\skONKAN.exe
  C:\Windows\System\skONKAN.exe
  2⤵
  PID:4620
- C:\Windows\System\XXMUGPg.exe
  C:\Windows\System\XXMUGPg.exe
  2⤵
  PID:4780
- C:\Windows\System\bJbrNhF.exe
  C:\Windows\System\bJbrNhF.exe
  2⤵
  PID:4800
- C:\Windows\System\nbLkGWy.exe
  C:\Windows\System\nbLkGWy.exe
  2⤵
  PID:4980
- C:\Windows\System\EeKUBUY.exe
  C:\Windows\System\EeKUBUY.exe
  2⤵
  PID:4944
- C:\Windows\System\lnUKqMQ.exe
  C:\Windows\System\lnUKqMQ.exe
  2⤵
  PID:3968
- C:\Windows\System\LMKBlJe.exe
  C:\Windows\System\LMKBlJe.exe
  2⤵
  PID:3200
- C:\Windows\System\YQtdzGr.exe
  C:\Windows\System\YQtdzGr.exe
  2⤵
  PID:4140
- C:\Windows\System\WHkNcnw.exe
  C:\Windows\System\WHkNcnw.exe
  2⤵
  PID:5132
- C:\Windows\System\Qhfazcf.exe
  C:\Windows\System\Qhfazcf.exe
  2⤵
  PID:5164
- C:\Windows\System\jvcQhNr.exe
  C:\Windows\System\jvcQhNr.exe
  2⤵
  PID:5188
- C:\Windows\System\UbDHESE.exe
  C:\Windows\System\UbDHESE.exe
  2⤵
  PID:5208
- C:\Windows\System\kBUYKyC.exe
  C:\Windows\System\kBUYKyC.exe
  2⤵
  PID:5272
- C:\Windows\System\JFYmiPX.exe
  C:\Windows\System\JFYmiPX.exe
  2⤵
  PID:5284
- C:\Windows\System\trtuSFA.exe
  C:\Windows\System\trtuSFA.exe
  2⤵
  PID:5352
- C:\Windows\System\EETEqLK.exe
  C:\Windows\System\EETEqLK.exe
  2⤵
  PID:5372
- C:\Windows\System\hzfiZqX.exe
  C:\Windows\System\hzfiZqX.exe
  2⤵
  PID:5404
- C:\Windows\System\prGQDtT.exe
  C:\Windows\System\prGQDtT.exe
  2⤵
  PID:5428
- C:\Windows\System\sPJAiii.exe
  C:\Windows\System\sPJAiii.exe
  2⤵
  PID:5472
- C:\Windows\System\TRgJxqs.exe
  C:\Windows\System\TRgJxqs.exe
  2⤵
  PID:5492
- C:\Windows\System\UHPyZmH.exe
  C:\Windows\System\UHPyZmH.exe
  2⤵
  PID:5544
- C:\Windows\System\LHLxpGn.exe
  C:\Windows\System\LHLxpGn.exe
  2⤵
  PID:5564
- C:\Windows\System\StSuTns.exe
  C:\Windows\System\StSuTns.exe
  2⤵
  PID:5608
- C:\Windows\System\XvrcDfi.exe
  C:\Windows\System\XvrcDfi.exe
  2⤵
  PID:5632
- C:\Windows\System\rcEdZpn.exe
  C:\Windows\System\rcEdZpn.exe
  2⤵
  PID:5676
- C:\Windows\System\FqMJGDl.exe
  C:\Windows\System\FqMJGDl.exe
  2⤵
  PID:5692
- C:\Windows\System\ktGUsiZ.exe
  C:\Windows\System\ktGUsiZ.exe
  2⤵
  PID:5728
- C:\Windows\System\CILHeTY.exe
  C:\Windows\System\CILHeTY.exe
  2⤵
  PID:5788
- C:\Windows\System\QEgPmxf.exe
  C:\Windows\System\QEgPmxf.exe
  2⤵
  PID:5808
- C:\Windows\System\KYhBgyW.exe
  C:\Windows\System\KYhBgyW.exe
  2⤵
  PID:5832
- C:\Windows\System\WtpBTrm.exe
  C:\Windows\System\WtpBTrm.exe
  2⤵
  PID:5876
- C:\Windows\System\uRCaFTY.exe
  C:\Windows\System\uRCaFTY.exe
  2⤵
  PID:5896
- C:\Windows\System\eiogDtr.exe
  C:\Windows\System\eiogDtr.exe
  2⤵
  PID:5956
- C:\Windows\System\gbdyckl.exe
  C:\Windows\System\gbdyckl.exe
  2⤵
  PID:5988
- C:\Windows\System\RiBhxfg.exe
  C:\Windows\System\RiBhxfg.exe
  2⤵
  PID:6008
- C:\Windows\System\TSreeEV.exe
  C:\Windows\System\TSreeEV.exe
  2⤵
  PID:6032
- C:\Windows\System\iLoCQLv.exe
  C:\Windows\System\iLoCQLv.exe
  2⤵
  PID:6052
- C:\Windows\System\fqEXfgW.exe
  C:\Windows\System\fqEXfgW.exe
  2⤵
  PID:6096
- C:\Windows\System\bmDAcqD.exe
  C:\Windows\System\bmDAcqD.exe
  2⤵
  PID:6128
- C:\Windows\System\xuRXdLS.exe
  C:\Windows\System\xuRXdLS.exe
  2⤵
  PID:4356
- C:\Windows\System\DCDKaaj.exe
  C:\Windows\System\DCDKaaj.exe
  2⤵
  PID:4604
- C:\Windows\System\VFohsnq.exe
  C:\Windows\System\VFohsnq.exe
  2⤵
  PID:4736
- C:\Windows\System\MZAKzgn.exe
  C:\Windows\System\MZAKzgn.exe
  2⤵
  PID:4756
- C:\Windows\System\LQFDNYg.exe
  C:\Windows\System\LQFDNYg.exe
  2⤵
  PID:3884
- C:\Windows\System\pMsTBZU.exe
  C:\Windows\System\pMsTBZU.exe
  2⤵
  PID:4136
- C:\Windows\System\BdmvwUD.exe
  C:\Windows\System\BdmvwUD.exe
  2⤵
  PID:5144
- C:\Windows\System\VhknNoc.exe
  C:\Windows\System\VhknNoc.exe
  2⤵
  PID:5192
- C:\Windows\System\YWbetPb.exe
  C:\Windows\System\YWbetPb.exe
  2⤵
  PID:5224
- C:\Windows\System\ouiSThG.exe
  C:\Windows\System\ouiSThG.exe
  2⤵
  PID:5312
- C:\Windows\System\oYRxuVu.exe
  C:\Windows\System\oYRxuVu.exe
  2⤵
  PID:5328
- C:\Windows\System\mMkiohd.exe
  C:\Windows\System\mMkiohd.exe
  2⤵
  PID:5432
- C:\Windows\System\PNwpjzz.exe
  C:\Windows\System\PNwpjzz.exe
  2⤵
  PID:5448
- C:\Windows\System\vcADKBo.exe
  C:\Windows\System\vcADKBo.exe
  2⤵
  PID:5508
- C:\Windows\System\bSVFqnb.exe
  C:\Windows\System\bSVFqnb.exe
  2⤵
  PID:5548
- C:\Windows\System\ZzhbDYu.exe
  C:\Windows\System\ZzhbDYu.exe
  2⤵
  PID:5636
- C:\Windows\System\HaEQKxG.exe
  C:\Windows\System\HaEQKxG.exe
  2⤵
  PID:5652
- C:\Windows\System\rvlaHEv.exe
  C:\Windows\System\rvlaHEv.exe
  2⤵
  PID:5752
- C:\Windows\System\eWpiyOP.exe
  C:\Windows\System\eWpiyOP.exe
  2⤵
  PID:5828
- C:\Windows\System\WZnkskp.exe
  C:\Windows\System\WZnkskp.exe
  2⤵
  PID:5868
- C:\Windows\System\tSZamdk.exe
  C:\Windows\System\tSZamdk.exe
  2⤵
  PID:5912
- C:\Windows\System\zwekXmz.exe
  C:\Windows\System\zwekXmz.exe
  2⤵
  PID:5952
- C:\Windows\System\OlAzXcK.exe
  C:\Windows\System\OlAzXcK.exe
  2⤵
  PID:5972
- C:\Windows\System\vslKVgt.exe
  C:\Windows\System\vslKVgt.exe
  2⤵
  PID:6068
- C:\Windows\System\QQRJWHT.exe
  C:\Windows\System\QQRJWHT.exe
  2⤵
  PID:4296
- C:\Windows\System\kZrkqNB.exe
  C:\Windows\System\kZrkqNB.exe
  2⤵
  PID:4580
- C:\Windows\System\hzEDiOT.exe
  C:\Windows\System\hzEDiOT.exe
  2⤵
  PID:4936
- C:\Windows\System\ZQlXKHT.exe
  C:\Windows\System\ZQlXKHT.exe
  2⤵
  PID:5024
- C:\Windows\System\woPeFLH.exe
  C:\Windows\System\woPeFLH.exe
  2⤵
  PID:3788
- C:\Windows\System\yHgHfeO.exe
  C:\Windows\System\yHgHfeO.exe
  2⤵
  PID:4216
- C:\Windows\System\nTCcpXJ.exe
  C:\Windows\System\nTCcpXJ.exe
  2⤵
  PID:5304
- C:\Windows\System\ratthtT.exe
  C:\Windows\System\ratthtT.exe
  2⤵
  PID:5412
- C:\Windows\System\IcEpwFm.exe
  C:\Windows\System\IcEpwFm.exe
  2⤵
  PID:6160
- C:\Windows\System\dFOmTVo.exe
  C:\Windows\System\dFOmTVo.exe
  2⤵
  PID:6180
- C:\Windows\System\FeVlXsM.exe
  C:\Windows\System\FeVlXsM.exe
  2⤵
  PID:6200
- C:\Windows\System\nxyRiKo.exe
  C:\Windows\System\nxyRiKo.exe
  2⤵
  PID:6220
- C:\Windows\System\douQZlq.exe
  C:\Windows\System\douQZlq.exe
  2⤵
  PID:6240
- C:\Windows\System\bpIfyYF.exe
  C:\Windows\System\bpIfyYF.exe
  2⤵
  PID:6260
- C:\Windows\System\XvvTyVt.exe
  C:\Windows\System\XvvTyVt.exe
  2⤵
  PID:6280
- C:\Windows\System\SDdHcnh.exe
  C:\Windows\System\SDdHcnh.exe
  2⤵
  PID:6300
- C:\Windows\System\SIFeEaw.exe
  C:\Windows\System\SIFeEaw.exe
  2⤵
  PID:6320
- C:\Windows\System\uUgnvja.exe
  C:\Windows\System\uUgnvja.exe
  2⤵
  PID:6340
- C:\Windows\System\jsJklzh.exe
  C:\Windows\System\jsJklzh.exe
  2⤵
  PID:6360
- C:\Windows\System\MsqWIKl.exe
  C:\Windows\System\MsqWIKl.exe
  2⤵
  PID:6380
- C:\Windows\System\GIXNZHS.exe
  C:\Windows\System\GIXNZHS.exe
  2⤵
  PID:6400
- C:\Windows\System\mutoNvA.exe
  C:\Windows\System\mutoNvA.exe
  2⤵
  PID:6420
- C:\Windows\System\QNIReJC.exe
  C:\Windows\System\QNIReJC.exe
  2⤵
  PID:6440
- C:\Windows\System\TNTIAGF.exe
  C:\Windows\System\TNTIAGF.exe
  2⤵
  PID:6460
- C:\Windows\System\PPvuQuK.exe
  C:\Windows\System\PPvuQuK.exe
  2⤵
  PID:6480
- C:\Windows\System\MZEwiGV.exe
  C:\Windows\System\MZEwiGV.exe
  2⤵
  PID:6500
- C:\Windows\System\ipcWxZi.exe
  C:\Windows\System\ipcWxZi.exe
  2⤵
  PID:6520
- C:\Windows\System\XBAvqmv.exe
  C:\Windows\System\XBAvqmv.exe
  2⤵
  PID:6540
- C:\Windows\System\poIdIwY.exe
  C:\Windows\System\poIdIwY.exe
  2⤵
  PID:6560
- C:\Windows\System\vZXOQNE.exe
  C:\Windows\System\vZXOQNE.exe
  2⤵
  PID:6580
- C:\Windows\System\HSoqWQn.exe
  C:\Windows\System\HSoqWQn.exe
  2⤵
  PID:6600
- C:\Windows\System\lpEjuKA.exe
  C:\Windows\System\lpEjuKA.exe
  2⤵
  PID:6620
- C:\Windows\System\drkSNIV.exe
  C:\Windows\System\drkSNIV.exe
  2⤵
  PID:6640
- C:\Windows\System\whbnGtr.exe
  C:\Windows\System\whbnGtr.exe
  2⤵
  PID:6664
- C:\Windows\System\IoeUJRm.exe
  C:\Windows\System\IoeUJRm.exe
  2⤵
  PID:6684
- C:\Windows\System\ifzueAZ.exe
  C:\Windows\System\ifzueAZ.exe
  2⤵
  PID:6704
- C:\Windows\System\kJPWSWH.exe
  C:\Windows\System\kJPWSWH.exe
  2⤵
  PID:6724
- C:\Windows\System\jOendMB.exe
  C:\Windows\System\jOendMB.exe
  2⤵
  PID:6744
- C:\Windows\System\qNWKspV.exe
  C:\Windows\System\qNWKspV.exe
  2⤵
  PID:6764
- C:\Windows\System\ksEPuTa.exe
  C:\Windows\System\ksEPuTa.exe
  2⤵
  PID:6784
- C:\Windows\System\VzRWoMU.exe
  C:\Windows\System\VzRWoMU.exe
  2⤵
  PID:6804
- C:\Windows\System\OgNmbJI.exe
  C:\Windows\System\OgNmbJI.exe
  2⤵
  PID:6824
- C:\Windows\System\wFydzXA.exe
  C:\Windows\System\wFydzXA.exe
  2⤵
  PID:6844
- C:\Windows\System\IqTyQym.exe
  C:\Windows\System\IqTyQym.exe
  2⤵
  PID:6864
- C:\Windows\System\vkKYZaK.exe
  C:\Windows\System\vkKYZaK.exe
  2⤵
  PID:6884
- C:\Windows\System\lBttDNm.exe
  C:\Windows\System\lBttDNm.exe
  2⤵
  PID:6904
- C:\Windows\System\csbpPlM.exe
  C:\Windows\System\csbpPlM.exe
  2⤵
  PID:6924
- C:\Windows\System\YYbynKK.exe
  C:\Windows\System\YYbynKK.exe
  2⤵
  PID:6944
- C:\Windows\System\xRcZqVx.exe
  C:\Windows\System\xRcZqVx.exe
  2⤵
  PID:6964
- C:\Windows\System\SBNcdtE.exe
  C:\Windows\System\SBNcdtE.exe
  2⤵
  PID:6984
- C:\Windows\System\mnuQafS.exe
  C:\Windows\System\mnuQafS.exe
  2⤵
  PID:7004
- C:\Windows\System\MjLcBIv.exe
  C:\Windows\System\MjLcBIv.exe
  2⤵
  PID:7024
- C:\Windows\System\HUgfhtr.exe
  C:\Windows\System\HUgfhtr.exe
  2⤵
  PID:7044
- C:\Windows\System\JaXtqKu.exe
  C:\Windows\System\JaXtqKu.exe
  2⤵
  PID:7064
- C:\Windows\System\hlDbsrs.exe
  C:\Windows\System\hlDbsrs.exe
  2⤵
  PID:7084
- C:\Windows\System\EQEpKFK.exe
  C:\Windows\System\EQEpKFK.exe
  2⤵
  PID:7104
- C:\Windows\System\MfCeVWU.exe
  C:\Windows\System\MfCeVWU.exe
  2⤵
  PID:7124
- C:\Windows\System\AEqgGjH.exe
  C:\Windows\System\AEqgGjH.exe
  2⤵
  PID:7144
- C:\Windows\System\vkUAoJY.exe
  C:\Windows\System\vkUAoJY.exe
  2⤵
  PID:7164
- C:\Windows\System\xlehblN.exe
  C:\Windows\System\xlehblN.exe
  2⤵
  PID:5504
- C:\Windows\System\HnNFWlj.exe
  C:\Windows\System\HnNFWlj.exe
  2⤵
  PID:5612
- C:\Windows\System\mWDXjov.exe
  C:\Windows\System\mWDXjov.exe
  2⤵
  PID:5688
- C:\Windows\System\GcyMBqT.exe
  C:\Windows\System\GcyMBqT.exe
  2⤵
  PID:5792
- C:\Windows\System\lDDERns.exe
  C:\Windows\System\lDDERns.exe
  2⤵
  PID:5916
- C:\Windows\System\GFLLfMp.exe
  C:\Windows\System\GFLLfMp.exe
  2⤵
  PID:6028
- C:\Windows\System\BRJrdLl.exe
  C:\Windows\System\BRJrdLl.exe
  2⤵
  PID:6108
- C:\Windows\System\JlHJqNz.exe
  C:\Windows\System\JlHJqNz.exe
  2⤵
  PID:4220
- C:\Windows\System\PrOFJus.exe
  C:\Windows\System\PrOFJus.exe
  2⤵
  PID:4740
- C:\Windows\System\JDMFOqq.exe
  C:\Windows\System\JDMFOqq.exe
  2⤵
  PID:3960
- C:\Windows\System\qVxhYfV.exe
  C:\Windows\System\qVxhYfV.exe
  2⤵
  PID:5172
- C:\Windows\System\SCZivpO.exe
  C:\Windows\System\SCZivpO.exe
  2⤵
  PID:5324
- C:\Windows\System\iFDXiAZ.exe
  C:\Windows\System\iFDXiAZ.exe
  2⤵
  PID:6176
- C:\Windows\System\JTVTaUS.exe
  C:\Windows\System\JTVTaUS.exe
  2⤵
  PID:6208
- C:\Windows\System\nrgQtRz.exe
  C:\Windows\System\nrgQtRz.exe
  2⤵
  PID:6232
- C:\Windows\System\bsraKca.exe
  C:\Windows\System\bsraKca.exe
  2⤵
  PID:6272
- C:\Windows\System\riWLsIo.exe
  C:\Windows\System\riWLsIo.exe
  2⤵
  PID:6316
- C:\Windows\System\PqSuwOI.exe
  C:\Windows\System\PqSuwOI.exe
  2⤵
  PID:6348
- C:\Windows\System\APjYeVV.exe
  C:\Windows\System\APjYeVV.exe
  2⤵
  PID:6372
- C:\Windows\System\xUjRVQu.exe
  C:\Windows\System\xUjRVQu.exe
  2⤵
  PID:6416
- C:\Windows\System\sRIsHRD.exe
  C:\Windows\System\sRIsHRD.exe
  2⤵
  PID:6448
- C:\Windows\System\yNNjRUD.exe
  C:\Windows\System\yNNjRUD.exe
  2⤵
  PID:6472
- C:\Windows\System\qAGGwiw.exe
  C:\Windows\System\qAGGwiw.exe
  2⤵
  PID:6516
- C:\Windows\System\GMUGfLj.exe
  C:\Windows\System\GMUGfLj.exe
  2⤵
  PID:6548
- C:\Windows\System\gMwEEIb.exe
  C:\Windows\System\gMwEEIb.exe
  2⤵
  PID:6588
- C:\Windows\System\OeQqIxs.exe
  C:\Windows\System\OeQqIxs.exe
  2⤵
  PID:6616
- C:\Windows\System\LvfLRbr.exe
  C:\Windows\System\LvfLRbr.exe
  2⤵
  PID:6648
- C:\Windows\System\doOBlpt.exe
  C:\Windows\System\doOBlpt.exe
  2⤵
  PID:6676
- C:\Windows\System\PgvlkxT.exe
  C:\Windows\System\PgvlkxT.exe
  2⤵
  PID:6720
- C:\Windows\System\uBebdYS.exe
  C:\Windows\System\uBebdYS.exe
  2⤵
  PID:6752
- C:\Windows\System\OZeoiCW.exe
  C:\Windows\System\OZeoiCW.exe
  2⤵
  PID:6776
- C:\Windows\System\FiCVAcj.exe
  C:\Windows\System\FiCVAcj.exe
  2⤵
  PID:6820
- C:\Windows\System\KVbTisB.exe
  C:\Windows\System\KVbTisB.exe
  2⤵
  PID:6852
- C:\Windows\System\JvnUUIy.exe
  C:\Windows\System\JvnUUIy.exe
  2⤵
  PID:6880
- C:\Windows\System\McyoOUX.exe
  C:\Windows\System\McyoOUX.exe
  2⤵
  PID:6920
- C:\Windows\System\JLknbIn.exe
  C:\Windows\System\JLknbIn.exe
  2⤵
  PID:6952
- C:\Windows\System\WzmbCxr.exe
  C:\Windows\System\WzmbCxr.exe
  2⤵
  PID:6976
- C:\Windows\System\SPaYSpv.exe
  C:\Windows\System\SPaYSpv.exe
  2⤵
  PID:7020
- C:\Windows\System\qLEKrDG.exe
  C:\Windows\System\qLEKrDG.exe
  2⤵
  PID:7052
- C:\Windows\System\NXvNrCt.exe
  C:\Windows\System\NXvNrCt.exe
  2⤵
  PID:7076
- C:\Windows\System\WrJgomG.exe
  C:\Windows\System\WrJgomG.exe
  2⤵
  PID:7120
- C:\Windows\System\hxlXkmo.exe
  C:\Windows\System\hxlXkmo.exe
  2⤵
  PID:7152
- C:\Windows\System\SLeevqR.exe
  C:\Windows\System\SLeevqR.exe
  2⤵
  PID:5408
- C:\Windows\System\gYuvrPY.exe
  C:\Windows\System\gYuvrPY.exe
  2⤵
  PID:5732
- C:\Windows\System\sMMFVMC.exe
  C:\Windows\System\sMMFVMC.exe
  2⤵
  PID:5836
- C:\Windows\System\YTUMshf.exe
  C:\Windows\System\YTUMshf.exe
  2⤵
  PID:5852
- C:\Windows\System\cZMCeel.exe
  C:\Windows\System\cZMCeel.exe
  2⤵
  PID:6112
- C:\Windows\System\CeDkrmG.exe
  C:\Windows\System\CeDkrmG.exe
  2⤵
  PID:4280
- C:\Windows\System\wbkuAxb.exe
  C:\Windows\System\wbkuAxb.exe
  2⤵
  PID:5152
- C:\Windows\System\yTNGQKM.exe
  C:\Windows\System\yTNGQKM.exe
  2⤵
  PID:6196
- C:\Windows\System\YXhFRcc.exe
  C:\Windows\System\YXhFRcc.exe
  2⤵
  PID:6228
- C:\Windows\System\MsujgTx.exe
  C:\Windows\System\MsujgTx.exe
  2⤵
  PID:6252
- C:\Windows\System\esyYmMY.exe
  C:\Windows\System\esyYmMY.exe
  2⤵
  PID:6296
- C:\Windows\System\xJQAcOE.exe
  C:\Windows\System\xJQAcOE.exe
  2⤵
  PID:6368
- C:\Windows\System\tbGORry.exe
  C:\Windows\System\tbGORry.exe
  2⤵
  PID:6436
- C:\Windows\System\HPPmyub.exe
  C:\Windows\System\HPPmyub.exe
  2⤵
  PID:6508
- C:\Windows\System\LVgzAgI.exe
  C:\Windows\System\LVgzAgI.exe
  2⤵
  PID:6552
- C:\Windows\System\jzeecYu.exe
  C:\Windows\System\jzeecYu.exe
  2⤵
  PID:6592
- C:\Windows\System\odkeamF.exe
  C:\Windows\System\odkeamF.exe
  2⤵
  PID:6680
- C:\Windows\System\CfRWdsI.exe
  C:\Windows\System\CfRWdsI.exe
  2⤵
  PID:6732
- C:\Windows\System\IEOlIie.exe
  C:\Windows\System\IEOlIie.exe
  2⤵
  PID:6756
- C:\Windows\System\QNrbcaT.exe
  C:\Windows\System\QNrbcaT.exe
  2⤵
  PID:6836
- C:\Windows\System\mYUSGnB.exe
  C:\Windows\System\mYUSGnB.exe
  2⤵
  PID:6892
- C:\Windows\System\lkelTHe.exe
  C:\Windows\System\lkelTHe.exe
  2⤵
  PID:6940
- C:\Windows\System\EJxssPA.exe
  C:\Windows\System\EJxssPA.exe
  2⤵
  PID:7012
- C:\Windows\System\cECYdnZ.exe
  C:\Windows\System\cECYdnZ.exe
  2⤵
  PID:7032
- C:\Windows\System\AaPknNQ.exe
  C:\Windows\System\AaPknNQ.exe
  2⤵
  PID:7100
- C:\Windows\System\yjdSRES.exe
  C:\Windows\System\yjdSRES.exe
  2⤵
  PID:7156
- C:\Windows\System\Swtystg.exe
  C:\Windows\System\Swtystg.exe
  2⤵
  PID:5888
- C:\Windows\System\qPgzDxz.exe
  C:\Windows\System\qPgzDxz.exe
  2⤵
  PID:5708
- C:\Windows\System\xmQCBgw.exe
  C:\Windows\System\xmQCBgw.exe
  2⤵
  PID:6036
- C:\Windows\System\fJBViIU.exe
  C:\Windows\System\fJBViIU.exe
  2⤵
  PID:5168
- C:\Windows\System\mNzLvfY.exe
  C:\Windows\System\mNzLvfY.exe
  2⤵
  PID:6168
- C:\Windows\System\irfABmt.exe
  C:\Windows\System\irfABmt.exe
  2⤵
  PID:6352
- C:\Windows\System\LEKGqMJ.exe
  C:\Windows\System\LEKGqMJ.exe
  2⤵
  PID:6476
- C:\Windows\System\gxtVnsu.exe
  C:\Windows\System\gxtVnsu.exe
  2⤵
  PID:6468
- C:\Windows\System\atdYvPU.exe
  C:\Windows\System\atdYvPU.exe
  2⤵
  PID:6532
- C:\Windows\System\tvCITCE.exe
  C:\Windows\System\tvCITCE.exe
  2⤵
  PID:6700
- C:\Windows\System\aUwHNjq.exe
  C:\Windows\System\aUwHNjq.exe
  2⤵
  PID:6812
- C:\Windows\System\oUYTKDN.exe
  C:\Windows\System\oUYTKDN.exe
  2⤵
  PID:6912
- C:\Windows\System\HTDlocT.exe
  C:\Windows\System\HTDlocT.exe
  2⤵
  PID:7000
- C:\Windows\System\lvIQRdN.exe
  C:\Windows\System\lvIQRdN.exe
  2⤵
  PID:7056
- C:\Windows\System\ISxAbia.exe
  C:\Windows\System\ISxAbia.exe
  2⤵
  PID:7188
- C:\Windows\System\ClAMVyy.exe
  C:\Windows\System\ClAMVyy.exe
  2⤵
  PID:7208
- C:\Windows\System\ZsuPlrK.exe
  C:\Windows\System\ZsuPlrK.exe
  2⤵
  PID:7228
- C:\Windows\System\RAZjvRu.exe
  C:\Windows\System\RAZjvRu.exe
  2⤵
  PID:7244
- C:\Windows\System\jQmVXji.exe
  C:\Windows\System\jQmVXji.exe
  2⤵
  PID:7268
- C:\Windows\System\sFqLZjX.exe
  C:\Windows\System\sFqLZjX.exe
  2⤵
  PID:7288
- C:\Windows\System\FYkEKEI.exe
  C:\Windows\System\FYkEKEI.exe
  2⤵
  PID:7308
- C:\Windows\System\epybBtE.exe
  C:\Windows\System\epybBtE.exe
  2⤵
  PID:7328
- C:\Windows\System\dZQSOvW.exe
  C:\Windows\System\dZQSOvW.exe
  2⤵
  PID:7344
- C:\Windows\System\DppqHYy.exe
  C:\Windows\System\DppqHYy.exe
  2⤵
  PID:7368
- C:\Windows\System\BUvExwb.exe
  C:\Windows\System\BUvExwb.exe
  2⤵
  PID:7388
- C:\Windows\System\XssLzbE.exe
  C:\Windows\System\XssLzbE.exe
  2⤵
  PID:7408
- C:\Windows\System\YFphHja.exe
  C:\Windows\System\YFphHja.exe
  2⤵
  PID:7428
- C:\Windows\System\egvTPCO.exe
  C:\Windows\System\egvTPCO.exe
  2⤵
  PID:7448
- C:\Windows\System\ZNEYEHG.exe
  C:\Windows\System\ZNEYEHG.exe
  2⤵
  PID:7468
- C:\Windows\System\RKfEedQ.exe
  C:\Windows\System\RKfEedQ.exe
  2⤵
  PID:7488
- C:\Windows\System\vBDYJKC.exe
  C:\Windows\System\vBDYJKC.exe
  2⤵
  PID:7508
- C:\Windows\System\HMGFKaO.exe
  C:\Windows\System\HMGFKaO.exe
  2⤵
  PID:7528
- C:\Windows\System\RezpZTz.exe
  C:\Windows\System\RezpZTz.exe
  2⤵
  PID:7548
- C:\Windows\System\phGizuu.exe
  C:\Windows\System\phGizuu.exe
  2⤵
  PID:7568
- C:\Windows\System\JhmKTqd.exe
  C:\Windows\System\JhmKTqd.exe
  2⤵
  PID:7588
- C:\Windows\System\YbjEaGp.exe
  C:\Windows\System\YbjEaGp.exe
  2⤵
  PID:7612
- C:\Windows\System\afZGhWq.exe
  C:\Windows\System\afZGhWq.exe
  2⤵
  PID:7632
- C:\Windows\System\SMsQpPp.exe
  C:\Windows\System\SMsQpPp.exe
  2⤵
  PID:7652
- C:\Windows\System\DFeksiq.exe
  C:\Windows\System\DFeksiq.exe
  2⤵
  PID:7672
- C:\Windows\System\nHagYLd.exe
  C:\Windows\System\nHagYLd.exe
  2⤵
  PID:7692
- C:\Windows\System\BtbhEgI.exe
  C:\Windows\System\BtbhEgI.exe
  2⤵
  PID:7712
- C:\Windows\System\YHGsfRr.exe
  C:\Windows\System\YHGsfRr.exe
  2⤵
  PID:7732
- C:\Windows\System\PugrTpd.exe
  C:\Windows\System\PugrTpd.exe
  2⤵
  PID:7752
- C:\Windows\System\qkAyHpy.exe
  C:\Windows\System\qkAyHpy.exe
  2⤵
  PID:7772
- C:\Windows\System\RYRCROk.exe
  C:\Windows\System\RYRCROk.exe
  2⤵
  PID:7792
- C:\Windows\System\KSNlIzo.exe
  C:\Windows\System\KSNlIzo.exe
  2⤵
  PID:7812
- C:\Windows\System\sbBkveA.exe
  C:\Windows\System\sbBkveA.exe
  2⤵
  PID:7832
- C:\Windows\System\EOeawkV.exe
  C:\Windows\System\EOeawkV.exe
  2⤵
  PID:7852
- C:\Windows\System\qqwgJRg.exe
  C:\Windows\System\qqwgJRg.exe
  2⤵
  PID:7872
- C:\Windows\System\qrPZuAB.exe
  C:\Windows\System\qrPZuAB.exe
  2⤵
  PID:7892
- C:\Windows\System\bZtVHOH.exe
  C:\Windows\System\bZtVHOH.exe
  2⤵
  PID:7912
- C:\Windows\System\ytyiWEi.exe
  C:\Windows\System\ytyiWEi.exe
  2⤵
  PID:7932
- C:\Windows\System\tXaOZbx.exe
  C:\Windows\System\tXaOZbx.exe
  2⤵
  PID:7952
- C:\Windows\System\LNgmOdM.exe
  C:\Windows\System\LNgmOdM.exe
  2⤵
  PID:7972
- C:\Windows\System\OqNObGh.exe
  C:\Windows\System\OqNObGh.exe
  2⤵
  PID:7992
- C:\Windows\System\MAxpXLD.exe
  C:\Windows\System\MAxpXLD.exe
  2⤵
  PID:8012
- C:\Windows\System\LReknbg.exe
  C:\Windows\System\LReknbg.exe
  2⤵
  PID:8032
- C:\Windows\System\ruKeEGs.exe
  C:\Windows\System\ruKeEGs.exe
  2⤵
  PID:8052
- C:\Windows\System\goAtpxP.exe
  C:\Windows\System\goAtpxP.exe
  2⤵
  PID:8072
- C:\Windows\System\plzgmtx.exe
  C:\Windows\System\plzgmtx.exe
  2⤵
  PID:8092
- C:\Windows\System\fJaybgL.exe
  C:\Windows\System\fJaybgL.exe
  2⤵
  PID:8112
- C:\Windows\System\WpYgyjb.exe
  C:\Windows\System\WpYgyjb.exe
  2⤵
  PID:8132
- C:\Windows\System\UoWQnVu.exe
  C:\Windows\System\UoWQnVu.exe
  2⤵
  PID:8152
- C:\Windows\System\OCZUTFF.exe
  C:\Windows\System\OCZUTFF.exe
  2⤵
  PID:8172
- C:\Windows\System\kqZWwnV.exe
  C:\Windows\System\kqZWwnV.exe
  2⤵
  PID:7080
- C:\Windows\System\ULEJktb.exe
  C:\Windows\System\ULEJktb.exe
  2⤵
  PID:7072
- C:\Windows\System\KhdnwpV.exe
  C:\Windows\System\KhdnwpV.exe
  2⤵
  PID:5928
- C:\Windows\System\AiXAGSn.exe
  C:\Windows\System\AiXAGSn.exe
  2⤵
  PID:4640
- C:\Windows\System\MzdpGin.exe
  C:\Windows\System\MzdpGin.exe
  2⤵
  PID:6212
- C:\Windows\System\DWazHRL.exe
  C:\Windows\System\DWazHRL.exe
  2⤵
  PID:6392
- C:\Windows\System\ridZzxP.exe
  C:\Windows\System\ridZzxP.exe
  2⤵
  PID:6568
- C:\Windows\System\LXSFVgR.exe
  C:\Windows\System\LXSFVgR.exe
  2⤵
  PID:6636
- C:\Windows\System\IYqjkJM.exe
  C:\Windows\System\IYqjkJM.exe
  2⤵
  PID:6740
- C:\Windows\System\KEJYMcG.exe
  C:\Windows\System\KEJYMcG.exe
  2⤵
  PID:6932
- C:\Windows\System\ttAybXX.exe
  C:\Windows\System\ttAybXX.exe
  2⤵
  PID:7204
- C:\Windows\System\Hesyely.exe
  C:\Windows\System\Hesyely.exe
  2⤵
  PID:7224
- C:\Windows\System\QTyUTmW.exe
  C:\Windows\System\QTyUTmW.exe
  2⤵
  PID:7252
- C:\Windows\System\voubBhV.exe
  C:\Windows\System\voubBhV.exe
  2⤵
  PID:7256
- C:\Windows\System\xPaKHqJ.exe
  C:\Windows\System\xPaKHqJ.exe
  2⤵
  PID:7304
- C:\Windows\System\wmjrcJi.exe
  C:\Windows\System\wmjrcJi.exe
  2⤵
  PID:7364
- C:\Windows\System\gQLokku.exe
  C:\Windows\System\gQLokku.exe
  2⤵
  PID:7384
- C:\Windows\System\xZgRlub.exe
  C:\Windows\System\xZgRlub.exe
  2⤵
  PID:7424
- C:\Windows\System\nIDoIJW.exe
  C:\Windows\System\nIDoIJW.exe
  2⤵
  PID:7456
- C:\Windows\System\kLPmXfg.exe
  C:\Windows\System\kLPmXfg.exe
  2⤵
  PID:7460
- C:\Windows\System\ZckTiRQ.exe
  C:\Windows\System\ZckTiRQ.exe
  2⤵
  PID:7504
- C:\Windows\System\fLhlkLs.exe
  C:\Windows\System\fLhlkLs.exe
  2⤵
  PID:7556
- C:\Windows\System\OhpryLf.exe
  C:\Windows\System\OhpryLf.exe
  2⤵
  PID:7608
- C:\Windows\System\pDZEGsH.exe
  C:\Windows\System\pDZEGsH.exe
  2⤵
  PID:7628
- C:\Windows\System\ViJyqyv.exe
  C:\Windows\System\ViJyqyv.exe
  2⤵
  PID:7680
- C:\Windows\System\KRqGAAz.exe
  C:\Windows\System\KRqGAAz.exe
  2⤵
  PID:7684
- C:\Windows\System\yVJCTOB.exe
  C:\Windows\System\yVJCTOB.exe
  2⤵
  PID:7708
- C:\Windows\System\WMELxzd.exe
  C:\Windows\System\WMELxzd.exe
  2⤵
  PID:7760
- C:\Windows\System\NEpRUha.exe
  C:\Windows\System\NEpRUha.exe
  2⤵
  PID:7784
- C:\Windows\System\RFnIOTp.exe
  C:\Windows\System\RFnIOTp.exe
  2⤵
  PID:7848
- C:\Windows\System\MbQLzZD.exe
  C:\Windows\System\MbQLzZD.exe
  2⤵
  PID:7880
- C:\Windows\System\FpdDXlI.exe
  C:\Windows\System\FpdDXlI.exe
  2⤵
  PID:7884
- C:\Windows\System\bjnDVBI.exe
  C:\Windows\System\bjnDVBI.exe
  2⤵
  PID:7904
- C:\Windows\System\CMytDai.exe
  C:\Windows\System\CMytDai.exe
  2⤵
  PID:7948
- C:\Windows\System\jiZfoDy.exe
  C:\Windows\System\jiZfoDy.exe
  2⤵
  PID:7988
- C:\Windows\System\mRpTkCy.exe
  C:\Windows\System\mRpTkCy.exe
  2⤵
  PID:2500
- C:\Windows\System\bPCRfkY.exe
  C:\Windows\System\bPCRfkY.exe
  2⤵
  PID:8048
- C:\Windows\System\wLEKzao.exe
  C:\Windows\System\wLEKzao.exe
  2⤵
  PID:8068
- C:\Windows\System\aKFhGvc.exe
  C:\Windows\System\aKFhGvc.exe
  2⤵
  PID:8120
- C:\Windows\System\JRMefYt.exe
  C:\Windows\System\JRMefYt.exe
  2⤵
  PID:8164
- C:\Windows\System\wsVIztT.exe
  C:\Windows\System\wsVIztT.exe
  2⤵
  PID:8180
- C:\Windows\System\ruTXDIk.exe
  C:\Windows\System\ruTXDIk.exe
  2⤵
  PID:5592
- C:\Windows\System\OHRoixY.exe
  C:\Windows\System\OHRoixY.exe
  2⤵
  PID:2096
- C:\Windows\System\YVXyDcj.exe
  C:\Windows\System\YVXyDcj.exe
  2⤵
  PID:6268
- C:\Windows\System\ZkQgdAM.exe
  C:\Windows\System\ZkQgdAM.exe
  2⤵
  PID:6432
- C:\Windows\System\WoyALuc.exe
  C:\Windows\System\WoyALuc.exe
  2⤵
  PID:6980
- C:\Windows\System\ntDCWVB.exe
  C:\Windows\System\ntDCWVB.exe
  2⤵
  PID:6712
- C:\Windows\System\UprCxRU.exe
  C:\Windows\System\UprCxRU.exe
  2⤵
  PID:7216
- C:\Windows\System\AmdjUeU.exe
  C:\Windows\System\AmdjUeU.exe
  2⤵
  PID:7240
- C:\Windows\System\OCmQsdW.exe
  C:\Windows\System\OCmQsdW.exe
  2⤵
  PID:7324
- C:\Windows\System\OSMFTDP.exe
  C:\Windows\System\OSMFTDP.exe
  2⤵
  PID:7404
- C:\Windows\System\fEJVPGt.exe
  C:\Windows\System\fEJVPGt.exe
  2⤵
  PID:7484
- C:\Windows\System\AYpzAHk.exe
  C:\Windows\System\AYpzAHk.exe
  2⤵
  PID:7444
- C:\Windows\System\QeDGCzp.exe
  C:\Windows\System\QeDGCzp.exe
  2⤵
  PID:7544
- C:\Windows\System\JxQEMpb.exe
  C:\Windows\System\JxQEMpb.exe
  2⤵
  PID:7580
- C:\Windows\System\CJCFQUR.exe
  C:\Windows\System\CJCFQUR.exe
  2⤵
  PID:7688
- C:\Windows\System\AfHlDHT.exe
  C:\Windows\System\AfHlDHT.exe
  2⤵
  PID:7740
- C:\Windows\System\LQlLgWx.exe
  C:\Windows\System\LQlLgWx.exe
  2⤵
  PID:7808
- C:\Windows\System\qghVJdQ.exe
  C:\Windows\System\qghVJdQ.exe
  2⤵
  PID:7780
- C:\Windows\System\UjPGtqq.exe
  C:\Windows\System\UjPGtqq.exe
  2⤵
  PID:7888
- C:\Windows\System\XAgOMKh.exe
  C:\Windows\System\XAgOMKh.exe
  2⤵
  PID:7968
- C:\Windows\System\wBoYBpX.exe
  C:\Windows\System\wBoYBpX.exe
  2⤵
  PID:7980
- C:\Windows\System\CPVCINN.exe
  C:\Windows\System\CPVCINN.exe
  2⤵
  PID:8020
- C:\Windows\System\ypGLDvj.exe
  C:\Windows\System\ypGLDvj.exe
  2⤵
  PID:8088
- C:\Windows\System\lSVYMVj.exe
  C:\Windows\System\lSVYMVj.exe
  2⤵
  PID:8108
- C:\Windows\System\ApjuhBg.exe
  C:\Windows\System\ApjuhBg.exe
  2⤵
  PID:5020
- C:\Windows\System\uZKgsxi.exe
  C:\Windows\System\uZKgsxi.exe
  2⤵
  PID:5348
- C:\Windows\System\mZzNybr.exe
  C:\Windows\System\mZzNybr.exe
  2⤵
  PID:6536
- C:\Windows\System\TEwZInd.exe
  C:\Windows\System\TEwZInd.exe
  2⤵
  PID:6856
- C:\Windows\System\QwfAWwQ.exe
  C:\Windows\System\QwfAWwQ.exe
  2⤵
  PID:7276
- C:\Windows\System\OlDvBFJ.exe
  C:\Windows\System\OlDvBFJ.exe
  2⤵
  PID:7316
- C:\Windows\System\yJQBZaP.exe
  C:\Windows\System\yJQBZaP.exe
  2⤵
  PID:7356
- C:\Windows\System\NESZxbN.exe
  C:\Windows\System\NESZxbN.exe
  2⤵
  PID:7536
- C:\Windows\System\OoQGWyy.exe
  C:\Windows\System\OoQGWyy.exe
  2⤵
  PID:7436
- C:\Windows\System\cNOuvUk.exe
  C:\Windows\System\cNOuvUk.exe
  2⤵
  PID:7596
- C:\Windows\System\glzjygz.exe
  C:\Windows\System\glzjygz.exe
  2⤵
  PID:7648
- C:\Windows\System\IPBAwxD.exe
  C:\Windows\System\IPBAwxD.exe
  2⤵
  PID:7748
- C:\Windows\System\pMuzafc.exe
  C:\Windows\System\pMuzafc.exe
  2⤵
  PID:7960
- C:\Windows\System\NliXXyg.exe
  C:\Windows\System\NliXXyg.exe
  2⤵
  PID:1148
- C:\Windows\System\SLuTgRN.exe
  C:\Windows\System\SLuTgRN.exe
  2⤵
  PID:2248
- C:\Windows\System\xbQgfZb.exe
  C:\Windows\System\xbQgfZb.exe
  2⤵
  PID:8100
- C:\Windows\System\cPtazjt.exe
  C:\Windows\System\cPtazjt.exe
  2⤵
  PID:2324
- C:\Windows\System\knkUzBm.exe
  C:\Windows\System\knkUzBm.exe
  2⤵
  PID:1572
- C:\Windows\System\SjXMFHp.exe
  C:\Windows\System\SjXMFHp.exe
  2⤵
  PID:2044
- C:\Windows\System\KjCgAQj.exe
  C:\Windows\System\KjCgAQj.exe
  2⤵
  PID:2696
- C:\Windows\System\rAlnBGz.exe
  C:\Windows\System\rAlnBGz.exe
  2⤵
  PID:844
- C:\Windows\System\oekmrKl.exe
  C:\Windows\System\oekmrKl.exe
  2⤵
  PID:1212
- C:\Windows\System\yoyaYRj.exe
  C:\Windows\System\yoyaYRj.exe
  2⤵
  PID:3032
- C:\Windows\System\PtfvkER.exe
  C:\Windows\System\PtfvkER.exe
  2⤵
  PID:7744
- C:\Windows\System\IECqeqv.exe
  C:\Windows\System\IECqeqv.exe
  2⤵
  PID:7804
- C:\Windows\System\IBaQkub.exe
  C:\Windows\System\IBaQkub.exe
  2⤵
  PID:7824
- C:\Windows\System\Yisrltm.exe
  C:\Windows\System\Yisrltm.exe
  2⤵
  PID:2480
- C:\Windows\System\oPkiujy.exe
  C:\Windows\System\oPkiujy.exe
  2⤵
  PID:2196
- C:\Windows\System\pnJxcTR.exe
  C:\Windows\System\pnJxcTR.exe
  2⤵
  PID:2604
- C:\Windows\System\bXsRWPc.exe
  C:\Windows\System\bXsRWPc.exe
  2⤵
  PID:1092
- C:\Windows\System\XpUiWee.exe
  C:\Windows\System\XpUiWee.exe
  2⤵
  PID:7728
- C:\Windows\System\COaKdvn.exe
  C:\Windows\System\COaKdvn.exe
  2⤵
  PID:8060
- C:\Windows\System\ucYgkyn.exe
  C:\Windows\System\ucYgkyn.exe
  2⤵
  PID:2816
- C:\Windows\System\yQZMoxe.exe
  C:\Windows\System\yQZMoxe.exe
  2⤵
  PID:7220
- C:\Windows\System\VQPLelg.exe
  C:\Windows\System\VQPLelg.exe
  2⤵
  PID:1756
- C:\Windows\System\EqYVcjm.exe
  C:\Windows\System\EqYVcjm.exe
  2⤵
  PID:2868
- C:\Windows\System\FtyBMLj.exe
  C:\Windows\System\FtyBMLj.exe
  2⤵
  PID:7380
- C:\Windows\System\DnXAMnD.exe
  C:\Windows\System\DnXAMnD.exe
  2⤵
  PID:7480
- C:\Windows\System\ITqYAvV.exe
  C:\Windows\System\ITqYAvV.exe
  2⤵
  PID:2648
- C:\Windows\System\mJbleln.exe
  C:\Windows\System\mJbleln.exe
  2⤵
  PID:2728
- C:\Windows\System\cmrlagK.exe
  C:\Windows\System\cmrlagK.exe
  2⤵
  PID:1444
- C:\Windows\System\lLACrvS.exe
  C:\Windows\System\lLACrvS.exe
  2⤵
  PID:7788
- C:\Windows\System\onSlDul.exe
  C:\Windows\System\onSlDul.exe
  2⤵
  PID:7644
- C:\Windows\System\GYEqvMn.exe
  C:\Windows\System\GYEqvMn.exe
  2⤵
  PID:2328
- C:\Windows\System\KCAcjvj.exe
  C:\Windows\System\KCAcjvj.exe
  2⤵
  PID:2376
- C:\Windows\System\zwJagqH.exe
  C:\Windows\System\zwJagqH.exe
  2⤵
  PID:7868
- C:\Windows\System\kvVqVVj.exe
  C:\Windows\System\kvVqVVj.exe
  2⤵
  PID:536
- C:\Windows\System\sndtzzy.exe
  C:\Windows\System\sndtzzy.exe
  2⤵
  PID:2660
- C:\Windows\System\YrjmedB.exe
  C:\Windows\System\YrjmedB.exe
  2⤵
  PID:2136
- C:\Windows\System\JzcFtCz.exe
  C:\Windows\System\JzcFtCz.exe
  2⤵
  PID:2300
- C:\Windows\System\uZKKbnF.exe
  C:\Windows\System\uZKKbnF.exe
  2⤵
  PID:7604
- C:\Windows\System\vBeLGEb.exe
  C:\Windows\System\vBeLGEb.exe
  2⤵
  PID:8000
- C:\Windows\System\IEkOYDe.exe
  C:\Windows\System\IEkOYDe.exe
  2⤵
  PID:7180
- C:\Windows\System\nFvtMsp.exe
  C:\Windows\System\nFvtMsp.exe
  2⤵
  PID:7920
- C:\Windows\System\nKIWSDH.exe
  C:\Windows\System\nKIWSDH.exe
  2⤵
  PID:2732
- C:\Windows\System\njmtmfI.exe
  C:\Windows\System\njmtmfI.exe
  2⤵
  PID:1908
- C:\Windows\System\dfgnLtE.exe
  C:\Windows\System\dfgnLtE.exe
  2⤵
  PID:7360
- C:\Windows\System\gHiJYyX.exe
  C:\Windows\System\gHiJYyX.exe
  2⤵
  PID:8196
- C:\Windows\System\dsyyYnH.exe
  C:\Windows\System\dsyyYnH.exe
  2⤵
  PID:8212
- C:\Windows\System\OrUOftJ.exe
  C:\Windows\System\OrUOftJ.exe
  2⤵
  PID:8228
- C:\Windows\System\HNAlSoP.exe
  C:\Windows\System\HNAlSoP.exe
  2⤵
  PID:8244
- C:\Windows\System\XHKTcxF.exe
  C:\Windows\System\XHKTcxF.exe
  2⤵
  PID:8260
- C:\Windows\System\aXkaVzc.exe
  C:\Windows\System\aXkaVzc.exe
  2⤵
  PID:8276
- C:\Windows\System\DwfNQPW.exe
  C:\Windows\System\DwfNQPW.exe
  2⤵
  PID:8296
- C:\Windows\System\PBdSSkN.exe
  C:\Windows\System\PBdSSkN.exe
  2⤵
  PID:8312
- C:\Windows\System\HsppLCO.exe
  C:\Windows\System\HsppLCO.exe
  2⤵
  PID:8332
- C:\Windows\System\nlCtrkX.exe
  C:\Windows\System\nlCtrkX.exe
  2⤵
  PID:8352
- C:\Windows\System\uZlhUxD.exe
  C:\Windows\System\uZlhUxD.exe
  2⤵
  PID:8380
- C:\Windows\System\eWZVoOc.exe
  C:\Windows\System\eWZVoOc.exe
  2⤵
  PID:8436
- C:\Windows\System\aRRozNp.exe
  C:\Windows\System\aRRozNp.exe
  2⤵
  PID:8452
- C:\Windows\System\hPnVnOw.exe
  C:\Windows\System\hPnVnOw.exe
  2⤵
  PID:8468
- C:\Windows\System\ARMimhU.exe
  C:\Windows\System\ARMimhU.exe
  2⤵
  PID:8484
- C:\Windows\System\IVurkXX.exe
  C:\Windows\System\IVurkXX.exe
  2⤵
  PID:8504
- C:\Windows\System\fxdyGyP.exe
  C:\Windows\System\fxdyGyP.exe
  2⤵
  PID:8520
- C:\Windows\System\wqFzaia.exe
  C:\Windows\System\wqFzaia.exe
  2⤵
  PID:8536
- C:\Windows\System\FHpwrWw.exe
  C:\Windows\System\FHpwrWw.exe
  2⤵
  PID:8552
- C:\Windows\System\bASfuan.exe
  C:\Windows\System\bASfuan.exe
  2⤵
  PID:8568
- C:\Windows\System\XlJbsCB.exe
  C:\Windows\System\XlJbsCB.exe
  2⤵
  PID:8584
- C:\Windows\System\RuPcDMW.exe
  C:\Windows\System\RuPcDMW.exe
  2⤵
  PID:8600
- C:\Windows\System\ozLjypC.exe
  C:\Windows\System\ozLjypC.exe
  2⤵
  PID:8616
- C:\Windows\System\dTvhFoF.exe
  C:\Windows\System\dTvhFoF.exe
  2⤵
  PID:8632
- C:\Windows\System\ZWHJZXB.exe
  C:\Windows\System\ZWHJZXB.exe
  2⤵
  PID:8648
- C:\Windows\System\TBGxEGV.exe
  C:\Windows\System\TBGxEGV.exe
  2⤵
  PID:8664
- C:\Windows\System\PmVpJMl.exe
  C:\Windows\System\PmVpJMl.exe
  2⤵
  PID:8764
- C:\Windows\System\vJazUfB.exe
  C:\Windows\System\vJazUfB.exe
  2⤵
  PID:8780
- C:\Windows\System\VFiMgNU.exe
  C:\Windows\System\VFiMgNU.exe
  2⤵
  PID:8796
- C:\Windows\System\QMJNAMB.exe
  C:\Windows\System\QMJNAMB.exe
  2⤵
  PID:8816
- C:\Windows\System\ryfXVeo.exe
  C:\Windows\System\ryfXVeo.exe
  2⤵
  PID:8844
- C:\Windows\System\XYOaovw.exe
  C:\Windows\System\XYOaovw.exe
  2⤵
  PID:8860
- C:\Windows\System\mgNfwsV.exe
  C:\Windows\System\mgNfwsV.exe
  2⤵
  PID:8876
- C:\Windows\System\bJrkUmg.exe
  C:\Windows\System\bJrkUmg.exe
  2⤵
  PID:8892
- C:\Windows\System\gicRzIk.exe
  C:\Windows\System\gicRzIk.exe
  2⤵
  PID:8908
- C:\Windows\System\dRcikpQ.exe
  C:\Windows\System\dRcikpQ.exe
  2⤵
  PID:8924
- C:\Windows\System\xILNskb.exe
  C:\Windows\System\xILNskb.exe
  2⤵
  PID:8940
- C:\Windows\System\FdtKbFK.exe
  C:\Windows\System\FdtKbFK.exe
  2⤵
  PID:8956
- C:\Windows\System\wzpZtUL.exe
  C:\Windows\System\wzpZtUL.exe
  2⤵
  PID:8972
- C:\Windows\System\vGqttBO.exe
  C:\Windows\System\vGqttBO.exe
  2⤵
  PID:8988
- C:\Windows\System\lgWeety.exe
  C:\Windows\System\lgWeety.exe
  2⤵
  PID:9004
- C:\Windows\System\PmEDVcE.exe
  C:\Windows\System\PmEDVcE.exe
  2⤵
  PID:9020
- C:\Windows\System\dNzNzkP.exe
  C:\Windows\System\dNzNzkP.exe
  2⤵
  PID:9036
- C:\Windows\System\nLYoTpB.exe
  C:\Windows\System\nLYoTpB.exe
  2⤵
  PID:9052
- C:\Windows\System\qjBOmDH.exe
  C:\Windows\System\qjBOmDH.exe
  2⤵
  PID:9068
- C:\Windows\System\zFmovEs.exe
  C:\Windows\System\zFmovEs.exe
  2⤵
  PID:9084
- C:\Windows\System\mQbxmIo.exe
  C:\Windows\System\mQbxmIo.exe
  2⤵
  PID:9100
- C:\Windows\System\DoHZCLJ.exe
  C:\Windows\System\DoHZCLJ.exe
  2⤵
  PID:9116
- C:\Windows\System\EDvVDmP.exe
  C:\Windows\System\EDvVDmP.exe
  2⤵
  PID:9132
- C:\Windows\System\qGDWPTF.exe
  C:\Windows\System\qGDWPTF.exe
  2⤵
  PID:9148
- C:\Windows\System\yAFIbSB.exe
  C:\Windows\System\yAFIbSB.exe
  2⤵
  PID:9164
- C:\Windows\System\XsYpSBI.exe
  C:\Windows\System\XsYpSBI.exe
  2⤵
  PID:9180
- C:\Windows\System\GNqdzQO.exe
  C:\Windows\System\GNqdzQO.exe
  2⤵
  PID:2228
- C:\Windows\System\QdEjfSI.exe
  C:\Windows\System\QdEjfSI.exe
  2⤵
  PID:8236
- C:\Windows\System\yqsFCPl.exe
  C:\Windows\System\yqsFCPl.exe
  2⤵
  PID:8252
- C:\Windows\System\kSYrACd.exe
  C:\Windows\System\kSYrACd.exe
  2⤵
  PID:8324
- C:\Windows\System\kYOSCql.exe
  C:\Windows\System\kYOSCql.exe
  2⤵
  PID:8288
- C:\Windows\System\MXrGkcT.exe
  C:\Windows\System\MXrGkcT.exe
  2⤵
  PID:8360
- C:\Windows\System\yabFNMx.exe
  C:\Windows\System\yabFNMx.exe
  2⤵
  PID:8388
- C:\Windows\System\pZmIlpN.exe
  C:\Windows\System\pZmIlpN.exe
  2⤵
  PID:8444
- C:\Windows\System\LPFUhbZ.exe
  C:\Windows\System\LPFUhbZ.exe
  2⤵
  PID:8480
- C:\Windows\System\hnrrvXv.exe
  C:\Windows\System\hnrrvXv.exe
  2⤵
  PID:8608
- C:\Windows\System\lxEkpux.exe
  C:\Windows\System\lxEkpux.exe
  2⤵
  PID:8676
- C:\Windows\System\OQpaPgP.exe
  C:\Windows\System\OQpaPgP.exe
  2⤵
  PID:8700
- C:\Windows\System\emZelNy.exe
  C:\Windows\System\emZelNy.exe
  2⤵
  PID:8720
- C:\Windows\System\vmFJLYl.exe
  C:\Windows\System\vmFJLYl.exe
  2⤵
  PID:8736
- C:\Windows\System\axgfxKV.exe
  C:\Windows\System\axgfxKV.exe
  2⤵
  PID:8756
- C:\Windows\System\hZKHxoZ.exe
  C:\Windows\System\hZKHxoZ.exe
  2⤵
  PID:8772
- C:\Windows\System\NaPXlwe.exe
  C:\Windows\System\NaPXlwe.exe
  2⤵
  PID:8788
- C:\Windows\System\iwgCBBo.exe
  C:\Windows\System\iwgCBBo.exe
  2⤵
  PID:8808
- C:\Windows\System\obZpQEu.exe
  C:\Windows\System\obZpQEu.exe
  2⤵
  PID:8828
- C:\Windows\System\fiPhnPR.exe
  C:\Windows\System\fiPhnPR.exe
  2⤵
  PID:8868
- C:\Windows\System\ouRLARd.exe
  C:\Windows\System\ouRLARd.exe
  2⤵
  PID:8932
- C:\Windows\System\yXpEHZN.exe
  C:\Windows\System\yXpEHZN.exe
  2⤵
  PID:9028
- C:\Windows\System\VWzVmYj.exe
  C:\Windows\System\VWzVmYj.exe
  2⤵
  PID:9080
- C:\Windows\System\jAcagtg.exe
  C:\Windows\System\jAcagtg.exe
  2⤵
  PID:8856
- C:\Windows\System\AESrVde.exe
  C:\Windows\System\AESrVde.exe
  2⤵
  PID:9016
- C:\Windows\System\gILTUgE.exe
  C:\Windows\System\gILTUgE.exe
  2⤵
  PID:9044
- C:\Windows\System\MQqGomX.exe
  C:\Windows\System\MQqGomX.exe
  2⤵
  PID:9112
- C:\Windows\System\EbHPGwp.exe
  C:\Windows\System\EbHPGwp.exe
  2⤵
  PID:9144
- C:\Windows\System\mBGTuuK.exe
  C:\Windows\System\mBGTuuK.exe
  2⤵
  PID:9188
- C:\Windows\System\BgSuLje.exe
  C:\Windows\System\BgSuLje.exe
  2⤵
  PID:9204
- C:\Windows\System\WuPRPFv.exe
  C:\Windows\System\WuPRPFv.exe
  2⤵
  PID:8320
- C:\Windows\System\RfkEYzc.exe
  C:\Windows\System\RfkEYzc.exe
  2⤵
  PID:8400
- C:\Windows\System\bTElBte.exe
  C:\Windows\System\bTElBte.exe
  2⤵
  PID:8424
- C:\Windows\System\fKhZksf.exe
  C:\Windows\System\fKhZksf.exe
  2⤵
  PID:8492
- C:\Windows\System\eAuxNld.exe
  C:\Windows\System\eAuxNld.exe
  2⤵
  PID:8564
- C:\Windows\System\gcrfTYl.exe
  C:\Windows\System\gcrfTYl.exe
  2⤵
  PID:8656
- C:\Windows\System\mJTSwCf.exe
  C:\Windows\System\mJTSwCf.exe
  2⤵
  PID:8624
- C:\Windows\System\xwhQqRt.exe
  C:\Windows\System\xwhQqRt.exe
  2⤵
  PID:8548
- C:\Windows\System\oxRLXau.exe
  C:\Windows\System\oxRLXau.exe
  2⤵
  PID:8612
- C:\Windows\System\sWseWhW.exe
  C:\Windows\System\sWseWhW.exe
  2⤵
  PID:8688
- C:\Windows\System\QuwRNvA.exe
  C:\Windows\System\QuwRNvA.exe
  2⤵
  PID:8744
- C:\Windows\System\WRdZZdb.exe
  C:\Windows\System\WRdZZdb.exe
  2⤵
  PID:8824
- C:\Windows\System\porpOPn.exe
  C:\Windows\System\porpOPn.exe
  2⤵
  PID:8904
- C:\Windows\System\tiAYWUa.exe
  C:\Windows\System\tiAYWUa.exe
  2⤵
  PID:8728
- C:\Windows\System\wOsyWUl.exe
  C:\Windows\System\wOsyWUl.exe
  2⤵
  PID:8732
- C:\Windows\System\hWBhTaL.exe
  C:\Windows\System\hWBhTaL.exe
  2⤵
  PID:8760
- C:\Windows\System\kcMUdWW.exe
  C:\Windows\System\kcMUdWW.exe
  2⤵
  PID:8968
- C:\Windows\System\BqlYeFG.exe
  C:\Windows\System\BqlYeFG.exe
  2⤵
  PID:9064
- C:\Windows\System\grVcrlf.exe
  C:\Windows\System\grVcrlf.exe
  2⤵
  PID:9140
- C:\Windows\System\IhLOvhW.exe
  C:\Windows\System\IhLOvhW.exe
  2⤵
  PID:1004
- C:\Windows\System\QZiadZj.exe
  C:\Windows\System\QZiadZj.exe
  2⤵
  PID:8240
- C:\Windows\System\TyDhXkZ.exe
  C:\Windows\System\TyDhXkZ.exe
  2⤵
  PID:8208
- C:\Windows\System\MtJVeuZ.exe
  C:\Windows\System\MtJVeuZ.exe
  2⤵
  PID:8408
- C:\Windows\System\PoBFbnU.exe
  C:\Windows\System\PoBFbnU.exe
  2⤵
  PID:8340
- C:\Windows\System\KTzmMmj.exe
  C:\Windows\System\KTzmMmj.exe
  2⤵
  PID:8416
- C:\Windows\System\MVEMMxa.exe
  C:\Windows\System\MVEMMxa.exe
  2⤵
  PID:8660
- C:\Windows\System\IkhrsyY.exe
  C:\Windows\System\IkhrsyY.exe
  2⤵
  PID:8412
- C:\Windows\System\WmnnFeJ.exe
  C:\Windows\System\WmnnFeJ.exe
  2⤵
  PID:8576
- C:\Windows\System\kMbwxrG.exe
  C:\Windows\System\kMbwxrG.exe
  2⤵
  PID:8900
- C:\Windows\System\szNQmOO.exe
  C:\Windows\System\szNQmOO.exe
  2⤵
  PID:8964
- C:\Windows\System\YXkYcvY.exe
  C:\Windows\System\YXkYcvY.exe
  2⤵
  PID:8696
- C:\Windows\System\LUMewlN.exe
  C:\Windows\System\LUMewlN.exe
  2⤵
  PID:8916
- C:\Windows\System\jLnnNGG.exe
  C:\Windows\System\jLnnNGG.exe
  2⤵
  PID:8888
- C:\Windows\System\zlIyDpx.exe
  C:\Windows\System\zlIyDpx.exe
  2⤵
  PID:8792
- C:\Windows\System\bDiDqpq.exe
  C:\Windows\System\bDiDqpq.exe
  2⤵
  PID:8344
- C:\Windows\System\RiYxDtQ.exe
  C:\Windows\System\RiYxDtQ.exe
  2⤵
  PID:8460
- C:\Windows\System\ruCPFLV.exe
  C:\Windows\System\ruCPFLV.exe
  2⤵
  PID:8256
- C:\Windows\System\CWvTKWK.exe
  C:\Windows\System\CWvTKWK.exe
  2⤵
  PID:8224
- C:\Windows\System\vcUEcsW.exe
  C:\Windows\System\vcUEcsW.exe
  2⤵
  PID:9076
- C:\Windows\System\rITJAJe.exe
  C:\Windows\System\rITJAJe.exe
  2⤵
  PID:8672
- C:\Windows\System\FehnPsq.exe
  C:\Windows\System\FehnPsq.exe
  2⤵
  PID:8464
- C:\Windows\System\BtVyzsg.exe
  C:\Windows\System\BtVyzsg.exe
  2⤵
  PID:8948
- C:\Windows\System\pOmPKpJ.exe
  C:\Windows\System\pOmPKpJ.exe
  2⤵
  PID:8840
- C:\Windows\System\srfBCQj.exe
  C:\Windows\System\srfBCQj.exe
  2⤵
  PID:9224
- C:\Windows\System\skNVlNj.exe
  C:\Windows\System\skNVlNj.exe
  2⤵
  PID:9240
- C:\Windows\System\ITxQrro.exe
  C:\Windows\System\ITxQrro.exe
  2⤵
  PID:9256
- C:\Windows\System\IhhDolF.exe
  C:\Windows\System\IhhDolF.exe
  2⤵
  PID:9272
- C:\Windows\System\MBzXbYV.exe
  C:\Windows\System\MBzXbYV.exe
  2⤵
  PID:9292
- C:\Windows\System\uDhwgdt.exe
  C:\Windows\System\uDhwgdt.exe
  2⤵
  PID:9308
- C:\Windows\System\XcZNbar.exe
  C:\Windows\System\XcZNbar.exe
  2⤵
  PID:9324
- C:\Windows\System\iKbRiPF.exe
  C:\Windows\System\iKbRiPF.exe
  2⤵
  PID:9340
- C:\Windows\System\eeoXgMj.exe
  C:\Windows\System\eeoXgMj.exe
  2⤵
  PID:9356
- C:\Windows\System\zUiotNr.exe
  C:\Windows\System\zUiotNr.exe
  2⤵
  PID:9372
- C:\Windows\System\CUDqoWt.exe
  C:\Windows\System\CUDqoWt.exe
  2⤵
  PID:9388
- C:\Windows\System\lsSafVk.exe
  C:\Windows\System\lsSafVk.exe
  2⤵
  PID:9404
- C:\Windows\System\PKfZUig.exe
  C:\Windows\System\PKfZUig.exe
  2⤵
  PID:9420
- C:\Windows\System\gSlSiOb.exe
  C:\Windows\System\gSlSiOb.exe
  2⤵
  PID:9436
- C:\Windows\System\dWIkWGS.exe
  C:\Windows\System\dWIkWGS.exe
  2⤵
  PID:9452
- C:\Windows\System\hYWljIP.exe
  C:\Windows\System\hYWljIP.exe
  2⤵
  PID:9468
- C:\Windows\System\LtxtGTI.exe
  C:\Windows\System\LtxtGTI.exe
  2⤵
  PID:9484
- C:\Windows\System\jBwQtHQ.exe
  C:\Windows\System\jBwQtHQ.exe
  2⤵
  PID:9500
- C:\Windows\System\KnzBoEg.exe
  C:\Windows\System\KnzBoEg.exe
  2⤵
  PID:9516
- C:\Windows\System\dRPxxUs.exe
  C:\Windows\System\dRPxxUs.exe
  2⤵
  PID:9532
- C:\Windows\System\gManTkK.exe
  C:\Windows\System\gManTkK.exe
  2⤵
  PID:9548
- C:\Windows\System\edZnjte.exe
  C:\Windows\System\edZnjte.exe
  2⤵
  PID:9564
- C:\Windows\System\YWXSMqx.exe
  C:\Windows\System\YWXSMqx.exe
  2⤵
  PID:9584
- C:\Windows\System\ViVeCYB.exe
  C:\Windows\System\ViVeCYB.exe
  2⤵
  PID:9600
- C:\Windows\System\lZMTXtX.exe
  C:\Windows\System\lZMTXtX.exe
  2⤵
  PID:9616
- C:\Windows\System\FAINFda.exe
  C:\Windows\System\FAINFda.exe
  2⤵
  PID:9632
- C:\Windows\System\xDmUpja.exe
  C:\Windows\System\xDmUpja.exe
  2⤵
  PID:9648
- C:\Windows\System\zTsYCjg.exe
  C:\Windows\System\zTsYCjg.exe
  2⤵
  PID:9664
- C:\Windows\System\hlaKpbW.exe
  C:\Windows\System\hlaKpbW.exe
  2⤵
  PID:9680
- C:\Windows\System\RjydcmP.exe
  C:\Windows\System\RjydcmP.exe
  2⤵
  PID:9696
- C:\Windows\System\JujHNFa.exe
  C:\Windows\System\JujHNFa.exe
  2⤵
  PID:9712
- C:\Windows\System\ZoppKBd.exe
  C:\Windows\System\ZoppKBd.exe
  2⤵
  PID:9728
- C:\Windows\System\JFVVZkJ.exe
  C:\Windows\System\JFVVZkJ.exe
  2⤵
  PID:9744
- C:\Windows\System\WFitgUM.exe
  C:\Windows\System\WFitgUM.exe
  2⤵
  PID:9760
- C:\Windows\System\AmmVUcx.exe
  C:\Windows\System\AmmVUcx.exe
  2⤵
  PID:9776
- C:\Windows\System\fxhiitV.exe
  C:\Windows\System\fxhiitV.exe
  2⤵
  PID:9796
- C:\Windows\System\BoeoLun.exe
  C:\Windows\System\BoeoLun.exe
  2⤵
  PID:9812
- C:\Windows\System\YmCzqty.exe
  C:\Windows\System\YmCzqty.exe
  2⤵
  PID:9828
- C:\Windows\System\yLOHHKE.exe
  C:\Windows\System\yLOHHKE.exe
  2⤵
  PID:9844
- C:\Windows\System\GgbpmSo.exe
  C:\Windows\System\GgbpmSo.exe
  2⤵
  PID:9860
- C:\Windows\System\KwLjgPp.exe
  C:\Windows\System\KwLjgPp.exe
  2⤵
  PID:9876
- C:\Windows\System\ScXKaqd.exe
  C:\Windows\System\ScXKaqd.exe
  2⤵
  PID:9896
- C:\Windows\System\EQHvkeG.exe
  C:\Windows\System\EQHvkeG.exe
  2⤵
  PID:9912
- C:\Windows\System\vlMocKC.exe
  C:\Windows\System\vlMocKC.exe
  2⤵
  PID:9928
- C:\Windows\System\JhUBipO.exe
  C:\Windows\System\JhUBipO.exe
  2⤵
  PID:9944
- C:\Windows\System\XFBXfqD.exe
  C:\Windows\System\XFBXfqD.exe
  2⤵
  PID:9960
- C:\Windows\System\aqcMfnO.exe
  C:\Windows\System\aqcMfnO.exe
  2⤵
  PID:9976
- C:\Windows\System\rvkeaFL.exe
  C:\Windows\System\rvkeaFL.exe
  2⤵
  PID:9992
- C:\Windows\System\ZntcgWi.exe
  C:\Windows\System\ZntcgWi.exe
  2⤵
  PID:10012
- C:\Windows\System\zNpxNOJ.exe
  C:\Windows\System\zNpxNOJ.exe
  2⤵
  PID:10028
- C:\Windows\System\zIDeOAD.exe
  C:\Windows\System\zIDeOAD.exe
  2⤵
  PID:10044
- C:\Windows\System\jCSoYOn.exe
  C:\Windows\System\jCSoYOn.exe
  2⤵
  PID:10060
- C:\Windows\System\dqwZoKW.exe
  C:\Windows\System\dqwZoKW.exe
  2⤵
  PID:10076
- C:\Windows\System\wCGPBXf.exe
  C:\Windows\System\wCGPBXf.exe
  2⤵
  PID:10092
- C:\Windows\System\jCqUiKy.exe
  C:\Windows\System\jCqUiKy.exe
  2⤵
  PID:10112
- C:\Windows\System\ebdLdST.exe
  C:\Windows\System\ebdLdST.exe
  2⤵
  PID:10128
- C:\Windows\System\tfuDNRY.exe
  C:\Windows\System\tfuDNRY.exe
  2⤵
  PID:10144
- C:\Windows\System\hgjxkSa.exe
  C:\Windows\System\hgjxkSa.exe
  2⤵
  PID:10160
- C:\Windows\System\mEqVkNY.exe
  C:\Windows\System\mEqVkNY.exe
  2⤵
  PID:10176
- C:\Windows\System\iMUORkb.exe
  C:\Windows\System\iMUORkb.exe
  2⤵
  PID:10192
- C:\Windows\System\xBWuthG.exe
  C:\Windows\System\xBWuthG.exe
  2⤵
  PID:10208
- C:\Windows\System\gCNxurW.exe
  C:\Windows\System\gCNxurW.exe
  2⤵
  PID:10224
- C:\Windows\System\GtsZENy.exe
  C:\Windows\System\GtsZENy.exe
  2⤵
  PID:8712
- C:\Windows\System\NPfTcbn.exe
  C:\Windows\System\NPfTcbn.exe
  2⤵
  PID:8560
- C:\Windows\System\WCkInjt.exe
  C:\Windows\System\WCkInjt.exe
  2⤵
  PID:8328
- C:\Windows\System\aROFwMz.exe
  C:\Windows\System\aROFwMz.exe
  2⤵
  PID:9220
- C:\Windows\System\NPgQjRC.exe
  C:\Windows\System\NPgQjRC.exe
  2⤵
  PID:9304
- C:\Windows\System\fjKidve.exe
  C:\Windows\System\fjKidve.exe
  2⤵
  PID:9252
- C:\Windows\System\AbbjCgq.exe
  C:\Windows\System\AbbjCgq.exe
  2⤵
  PID:9320
- C:\Windows\System\WJEOeKr.exe
  C:\Windows\System\WJEOeKr.exe
  2⤵
  PID:9396
- C:\Windows\System\OXIMaSc.exe
  C:\Windows\System\OXIMaSc.exe
  2⤵
  PID:9460
- C:\Windows\System\grSazGp.exe
  C:\Windows\System\grSazGp.exe
  2⤵
  PID:9496
- C:\Windows\System\vvGEgEm.exe
  C:\Windows\System\vvGEgEm.exe
  2⤵
  PID:9560
- C:\Windows\System\YaXBtJW.exe
  C:\Windows\System\YaXBtJW.exe
  2⤵
  PID:9592
- C:\Windows\System\mlLSWBK.exe
  C:\Windows\System\mlLSWBK.exe
  2⤵
  PID:9448
- C:\Windows\System\rikCAHx.exe
  C:\Windows\System\rikCAHx.exe
  2⤵
  PID:9576
- C:\Windows\System\KQIxtWI.exe
  C:\Windows\System\KQIxtWI.exe
  2⤵
  PID:9672
- C:\Windows\System\XKZYAUq.exe
  C:\Windows\System\XKZYAUq.exe
  2⤵
  PID:9720
- C:\Windows\System\rHZzewM.exe
  C:\Windows\System\rHZzewM.exe
  2⤵
  PID:9736
- C:\Windows\System\UxFpdjq.exe
  C:\Windows\System\UxFpdjq.exe
  2⤵
  PID:9824
- C:\Windows\System\yWQvjPi.exe
  C:\Windows\System\yWQvjPi.exe
  2⤵
  PID:9804
- C:\Windows\System\oUoAboW.exe
  C:\Windows\System\oUoAboW.exe
  2⤵
  PID:9856
- C:\Windows\System\iBWWqsw.exe
  C:\Windows\System\iBWWqsw.exe
  2⤵
  PID:9888
- C:\Windows\System\RsJHdEd.exe
  C:\Windows\System\RsJHdEd.exe
  2⤵
  PID:9936
- C:\Windows\System\GuOLkBY.exe
  C:\Windows\System\GuOLkBY.exe
  2⤵
  PID:9288
- C:\Windows\System\jsRBgbg.exe
  C:\Windows\System\jsRBgbg.exe
  2⤵
  PID:9492
- C:\Windows\System\mlnwyew.exe
  C:\Windows\System\mlnwyew.exe
  2⤵
  PID:9416
- C:\Windows\System\pfetHGd.exe
  C:\Windows\System\pfetHGd.exe
  2⤵
  PID:9692
- C:\Windows\System\IMsFsES.exe
  C:\Windows\System\IMsFsES.exe
  2⤵
  PID:9572
- C:\Windows\System\nElPUMn.exe
  C:\Windows\System\nElPUMn.exe
  2⤵
  PID:9656
- C:\Windows\System\gYckHXx.exe
  C:\Windows\System\gYckHXx.exe
  2⤵
  PID:9752
- C:\Windows\System\sgXThdE.exe
  C:\Windows\System\sgXThdE.exe
  2⤵
  PID:9820
- C:\Windows\System\MAvrIFw.exe
  C:\Windows\System\MAvrIFw.exe
  2⤵
  PID:9772
- C:\Windows\System\uBEASzW.exe
  C:\Windows\System\uBEASzW.exe
  2⤵
  PID:9872
- C:\Windows\System\SqEAXbS.exe
  C:\Windows\System\SqEAXbS.exe
  2⤵
  PID:9924
- C:\Windows\System\oEoTLvP.exe
  C:\Windows\System\oEoTLvP.exe
  2⤵
  PID:10068
- C:\Windows\System\rYDyYMx.exe
  C:\Windows\System\rYDyYMx.exe
  2⤵
  PID:9984
- C:\Windows\System\EmIFSML.exe
  C:\Windows\System\EmIFSML.exe
  2⤵
  PID:10056
- C:\Windows\System\ejfYGIK.exe
  C:\Windows\System\ejfYGIK.exe
  2⤵
  PID:10124
- C:\Windows\System\JPeKkYk.exe
  C:\Windows\System\JPeKkYk.exe
  2⤵
  PID:8580
- C:\Windows\System\bgahWCd.exe
  C:\Windows\System\bgahWCd.exe
  2⤵
  PID:10216
- C:\Windows\System\orpoNnq.exe
  C:\Windows\System\orpoNnq.exe
  2⤵
  PID:10104
- C:\Windows\System\TEsixcQ.exe
  C:\Windows\System\TEsixcQ.exe
  2⤵
  PID:9352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BvuIKBB.exe

Filesize
6.0MB

MD5
c9cf040f5b899ce8cba416860887a9f1

SHA1
c6b619b0731d228c4014e486d096d19fc25c16e6

SHA256
6b50d8d2bd31f9bdd8006889be6a50d906cfb5f97062c2cb2dfeab454cbc4b5b

SHA512
c7c18a851dc5d858c2fa0c7045f9d847c14b865f00fac2d76f88a86f6f25a438ac268a1df7f5450d0ef4da70cfd54cb73d0c7826d6575ee2794dd30f6d26128d

Download Submit
C:\Windows\system\ESJmbyF.exe

Filesize
6.0MB

MD5
c377b687d248673f9c55e76d67a04007

SHA1
b67be565a43b0d752606a988a8690cdb462c863d

SHA256
0f203d29d446cb01da866d5595b4681c36e125058fcc6ecf9dec299d82a46fa2

SHA512
5b4142b5da8b5dbb548959fde38f72e2f2f3f890003aef4c05ccd104e542eff5a096ff358233ed3ad91b916924cfd96c7fc4ebad90f84bf3067feb833830b1b1

Download Submit
C:\Windows\system\EoKdaGT.exe

Filesize
6.0MB

MD5
6f2a4e30e993cdca133e67e7ae8c1fe1

SHA1
ba998f8753a02b82f20616e5e4bc9f0faae33780

SHA256
f8d6ccf5658bab449a581f109f6ab4c4faabbe911896ef780547d8f1e56a272a

SHA512
57154df50fa9a2df50bf01930000d6e2cb74743184598c175916defe68d1d2c88fdae349b6f304cb0b1a9c5e34837996ac09855d83ffd4d3f880aaecdca934bf

Download Submit
C:\Windows\system\KNOMqfQ.exe

Filesize
6.0MB

MD5
554e7e87e464fdb4cfba2694b36075f9

SHA1
a9239eaae792927b8af4285f1d47444f068aae3c

SHA256
8eeaf1eb2cfae63f6bb0411702bb9c47873ec1c286f13effd130958f40593de4

SHA512
c41e14649c71adc719f8c768923ba9c6f986660ede041251248d04c40a2708ab7854c4e3f2d83c293c9141c06de7a6d350e01b664d14c7ae70300d698f834720

Download Submit
C:\Windows\system\KnhkmYx.exe

Filesize
6.0MB

MD5
db926c07e62353982d6b20ecdfd6bc7f

SHA1
56f6ea687ff1a390001236adf98b2e505910a232

SHA256
c620d7954b53ce44de4d88bbf33f3efda6498b3ae3d9175e5016de8ec2d1bb15

SHA512
872aebca0c9b608191935e5660d867199455431438bd3e4efd9b3e8757eec33c7065427c9a3d8de2c006d10d0150863e11359fbfb62ed48007488006c9b55142

Download Submit
C:\Windows\system\LXgHbDP.exe

Filesize
6.0MB

MD5
b10037ab171f018a20d346d028716c58

SHA1
887a8ee6323ea9aba1ce168f7a2dcab68bf3dfc9

SHA256
c9d1c0ccdd86b81d4399765ca872032a7b533ad9263bd3c3c195cbdc30451d23

SHA512
f29e5cbd20f343e03b76ad5bb1db2c4e7bedbd4aacb54dd81108457fe3e5c3aebf542ca0ceb5619af30c97992c48775b6c475a34ebb9fc4bf0ada9363eb81263

Download Submit
C:\Windows\system\LcJlIdu.exe

Filesize
6.0MB

MD5
55a85e0df59837a9af42ac84eaea69d8

SHA1
8da00db73cf07bce9e3cf3ed1df8819d76dabe56

SHA256
f4c8bf6dfdc5ba012c0610204bbf6398ab43f0102dd942ffdb7b434cfe0dc5e5

SHA512
9eb0c2c23596e037e9da0dba99abe2d3e89a79cddbda3fb5a641c613a750456393e4956881d27956916c3d06222317bd2d84ae48043d8c888d2d321c14094e6f

Download Submit
C:\Windows\system\WMinaul.exe

Filesize
6.0MB

MD5
9978bfd8956f4c9bef278ab7f255e0e5

SHA1
a5c5ad75ad86b5ec9267681f7cc1a079f6481388

SHA256
dced8460b1a98d2c6669540410bad0c42886bfc69ea5860c41215adebadc4509

SHA512
7489e8d4241e3293c4547b354148a0eb390a6acb9c467e878712d60d8181ae36c1a56a4e3e67b2532ae0696497fc411e26a36e9fe3bfd6cdca1ea129444d8f25

Download Submit
C:\Windows\system\WSpVWLH.exe

Filesize
6.0MB

MD5
973b671cd8bbce41211fcdc2dfac39a6

SHA1
50bb257a3a54a12ea5ac4febb2c31cee62505590

SHA256
458f22fb39368c7189f2b343e750aa1ccf16f7beab8a2b922ac73b32738643a8

SHA512
abab1ed12de998e8b788ebb6d9465c4abf5f886e4f5c290508f377aadd01ecab1f81e9795c1dd75c113e3faef463e24871d65b130350b147cd414d81dc0a31c1

Download Submit
C:\Windows\system\WzsUyPE.exe

Filesize
6.0MB

MD5
ee5d378aa9ab0f03be327539598abded

SHA1
3df9cdea38da077ba4799648e731a7166dbb130b

SHA256
32e908a6f1f50fe996e360ac1b26edec14eb0a44e3cee02e609704de644dd35f

SHA512
f1ec6b1a402e54459862e28972f1deda727f672ad33500a340b085ea3640ba8ff86861066c5b3518170423366de10fed3732db24574cb4217d07b74191f3e12c

Download Submit
C:\Windows\system\XAnkeAB.exe

Filesize
6.0MB

MD5
0d28ef608a1ee8218d75254612ab0d88

SHA1
9dd740859c89ba93836c020cf5d25a6d617f3089

SHA256
382e9a7bd6374ec675432d120907b0b8dbaa876b6f922f7ead0d0bffb4afa7ab

SHA512
d43eeb9431f0e1b24e5c7602961114b1805c6e68bf43a6c1ff635950a2dcd9017d1e7c395e14881cab186daa1c7b13ef12d15e02ab9924f161195fe073f2fc4c

Download Submit
C:\Windows\system\XTvnLMi.exe

Filesize
6.0MB

MD5
975eefd69c88aa7135fe3f9e1ee78539

SHA1
56ba4e378fd5f0637076b11f6246d77fa11cd795

SHA256
e33373bde94ef2b8378ae8a10e042ad18f4d4460c47b6dc72bb1af6f239e23e5

SHA512
a85cc2492b668e57b618e4bef404300a36f772e0ab8f32f8e9a87084415ad6c35f8baca9dad589d4fe768b242ec30599c3cba548f35de86d6d9ca68cf40cd3d2

Download Submit
C:\Windows\system\cYgLMui.exe

Filesize
6.0MB

MD5
0cbeb1e93e788565903fbaa179bb2ff8

SHA1
35dfa7a608bcd46f5a43a6d353ec26b38fdbb72b

SHA256
d3a1e1206e708e1a1adbf058467f90ec09dacb96bf87bf3f32cc2c3d8529afac

SHA512
3a49aee8f4042c23ad2b22775c4b1eb554f5224fa73002b15965dd12cf7f8025d7f1eaa0997dc8ed402385de6c1e9d3770c7be52171bd8bd72d6771e353a7856

Download Submit
C:\Windows\system\cvrunCr.exe

Filesize
6.0MB

MD5
8d94b019151db2e4b03a06c1e6c408e3

SHA1
acc8f14a48b28e22b4ef66d5a5d60c96e49a741f

SHA256
a5b7c8a3211a9d9d70ebd7ec45eceffc6fd9ed2ef93eeeb83404ee2345e2c936

SHA512
0b51e80c04e77c61d83f279d47a27f0e530ba15275cf249f6ba76867536a37bdbf7b6d9abce3f319862ab4dd09e8ea60da4b53c6d8c66bdc0b3d646c7abaf7ed

Download Submit
C:\Windows\system\dBZyvYr.exe

Filesize
6.0MB

MD5
23c603f574207c31eefec282a1b93645

SHA1
1d575abc01c93a6414ce0fefb643c320b3ce5b4e

SHA256
70a60f398db070ec6d2792643fe6efe75f74473300d7cc8017fd620eb08d8c34

SHA512
45afe54662b353e39a985f01cb94f072c9ff7f2f69c767c129bfe70091a35a939e7cd29bb807fd0d1dd23c13ce5e3bf05ffd80c2a0ed28c07f8c7f6984778e7b

Download Submit
C:\Windows\system\dIEuAnw.exe

Filesize
6.0MB

MD5
230749f6f6d6a403392969fa4d03c437

SHA1
1335849fb0970bad425fdeabfd0be3ee5c832f8c

SHA256
619de296d30ed6ff80f26dfd122e01d85b12aeb7061bbea50dfe9b3f591c9848

SHA512
e44cc7463541f0706aebd9bbb0520203d8ae055c71bb7fcfa32e9fa5cf5028ffafb3e24228d90f8903708c8267528356403a302510c931e3ac5092dcf1e5b467

Download Submit
C:\Windows\system\dNxTLhM.exe

Filesize
6.0MB

MD5
c4883bb60ab74972f81862b4e4a11c1f

SHA1
293889c478ca4f3ca179254e451a6770f24a5623

SHA256
0c60906eed5e1a19d99867e136b61609b977741a2ddfbd68b2d8ad8ad5a4cc02

SHA512
d8705deabe04bf3bd4037e3cae5c56748a265b69d0cd7260b09bf114f6518739f98cd31b15b3a93a06cf76ade3acdf9de545099f9cf4e98126fca3a8ed6dc379

Download Submit
C:\Windows\system\fEbIrzj.exe

Filesize
6.0MB

MD5
737c8873cfea643cb2b2d65928cde32b

SHA1
ea40a1c298701c5bdd268345eb06124449d35d31

SHA256
cfaf255f83c6b66abd957e9d455b2f6fda2488774701aaef1303683412235d52

SHA512
e5a6d746b34f2fb8e13a9c09a04c2bd1fbf8544f80ab76026236b5909cf9f4cb108223627f39285025d27075557ecac49d9bf28704b930e22994c12f82a9c03e

Download Submit
C:\Windows\system\fxgACCh.exe

Filesize
6.0MB

MD5
b6773cc5903679338d6414e834f884b1

SHA1
1b239cc67440a516986141c78fd65684b6fc3dee

SHA256
292eec1c4b533674c1e51adf9f9212a56a529c65ea523f3dc64f1bd4736deb43

SHA512
08e2051ab9a82000876b20bf721dd4ab6a20459d0c14099e53e453be6ec222c4298f36dca95697c912409dc4ee24fd6d77178656313b5178044cf0d6c219ed38

Download Submit
C:\Windows\system\iucFyFk.exe

Filesize
6.0MB

MD5
dc0d1964cfce2a9e364cd6a6f1e6931a

SHA1
93f8796c123a244e06b42aa8200dc7bc7bfac9db

SHA256
761a317ff3a3437298de70398773566d3aafa1c540d262f596ec5b879dd21fb4

SHA512
817eb594cd5159be33041dbf3c85447d9eb35802c9e0656c08d527c40b391315f37f4f47c00d8cb9631440278dd22e1db4b0eb6d99de9aca8032f9697c6bc7aa

Download Submit
C:\Windows\system\lKMrdIf.exe

Filesize
6.0MB

MD5
29ca75036f31e9c8f54b671fc9e2fb8d

SHA1
799b2fb900f7cbe046f4221d40ad5bbaba61161e

SHA256
1966a0aab22907ebb859d9eae1ef9c4878cb1e8125ce5b0541e11f8907dc760f

SHA512
501a8ea7d292bc30f6b52fc95af1772edd48cf53d7526ec3eec24b7501c6ca895ab119ab991f7c2f259e75c7e9d04f8761fb7b1bb77212e2022ced860bcdf058

Download Submit
C:\Windows\system\lVRBQnq.exe

Filesize
6.0MB

MD5
654e714777efa1066fae3b5f6bff4074

SHA1
b2d635b9824b6eb024d3c5e9983e932611f13c2e

SHA256
2da954a0f51bc4b362baa6226f01177b1132973bb191e5b14ac8fb98b2cd655f

SHA512
43231f830a5aa79ca695f8467a6bacbbfa194d502cd423bdd92a71cc60c2ae237aadd2696d42f526ef7fa980d509d1ffed0df4005a803e87b51f2dd946b620ee

Download Submit
C:\Windows\system\lpyqQUX.exe

Filesize
6.0MB

MD5
fa1c4419e2c41df12fe85df8f51b33b5

SHA1
63fd57727b9914c5abbf924dbc8fb7eec461f572

SHA256
83ec164b0585ecfdcfb33cd004b49a49bccdf1e23e5c824e9afad8e9c83b6fa1

SHA512
b0772d743ac72c21ff59efb9d12b04359cd3fb9916dd881c74c9ab65afdc74385646397989a9da6175ca5d7267e57b2c8a96a95bb38ae746f4e0c93e3da8e0b3

Download Submit
C:\Windows\system\mBXnfXL.exe

Filesize
6.0MB

MD5
eb8de2145a8fc966224d3924ddcae3a3

SHA1
df4f2c5729cba9c3b6a2f06eb08b0552cac4acb8

SHA256
00c7a1859499be014c4796fe1635a4fc1de7ce33a107a27ea716e9be00fc44f8

SHA512
0a193114920dca45b80b645be04f60942ebc8b04fd8356d0f989bf6d66e9d754ea96bfe7efb3e085c2b0e9281928063f95f18884cb1f0672557980520fc9e5b9

Download Submit
C:\Windows\system\mZilPBY.exe

Filesize
6.0MB

MD5
66fab3bb38871303330b6e2eb875889e

SHA1
2115b9028a6fb99d93620d6af75fe99eed15eae7

SHA256
3bfe2093d4390cae464acb8b81d053f13bc5369e1483dd958c8548798b06fa5c

SHA512
c7c479021b31123a8b575c7a6bb2fe743bb66d623046df907e37febf7e224e63d1808a07972b8fafa2de2b4a37571efab5a7f91c6816377f04c5177c673cd754

Download Submit
C:\Windows\system\oNMzjme.exe

Filesize
6.0MB

MD5
a64c27617064f95e89a1e90117f79b24

SHA1
c33a097f755da2dac402321d1a7abb964f8bc8a8

SHA256
f2aed3256182902188aa45e6bd302958656ce3c33101f7fec5babefca30895ed

SHA512
bacc122d21d075eb17203cb06720070d294c71e3295e9a17871d872a0176253740310a6a0fee4bc46289de2409dd3dc1f09b448e952c3943b20adb4903f966d8

Download Submit
C:\Windows\system\pcRuNLe.exe

Filesize
6.0MB

MD5
339feafdec7fa63d64ef4a95b0cfb191

SHA1
1b967637fd9ff58cbe454424ab4dc850c4f31c0e

SHA256
4c3991fd7bf90555f790aac49df9607fcac9b1f29ea252e3c8de65f9809926d1

SHA512
c96a55133aa7d80d88b1fec357bfe0dbe3e5354137f7f94a701fdf8f8f6b4ac57b8af2b51efe9a08dd22fbe47a89b53e76a8f876549dce0f92c2bb6b4e85c144

Download Submit
C:\Windows\system\rieyjAa.exe

Filesize
6.0MB

MD5
9305363e803d1ea1dbdb4e7bb00f4953

SHA1
161fca6b1a9e392acea489407dafdcbc35403fcf

SHA256
423079fe2278e569a7a2b97f5a8a5998bd7a7eae9792f4db1cae3c3c8a808826

SHA512
a86b48d6d2f25da0e1c2fd20aa25b9a394f18be5ac84c21bc6e5f710b9a8d38c1a919b9819bc7adee0aaed81de7d93bf7ddd8f7a6550b8bb06e9079a15cc865c

Download Submit
C:\Windows\system\wnqFmjE.exe

Filesize
6.0MB

MD5
ebae1e8921c5aa206029024aa88042ab

SHA1
6445778401eb6150bb016f6ce5d2a2fe819bb670

SHA256
e07675ceb49fc381f072626eca476acf90edfe6e89f99fa14c81601738fab26e

SHA512
967a4619e08b144bd1108fbfbe0518413ce13bd75c91b663e819782dc224cf177ddc78590eefdfaa7318e8c05e49ebb520dbb400adc6311fb46f1bc900dceead

Download Submit
C:\Windows\system\zBekxjW.exe

Filesize
6.0MB

MD5
d843c6befd1c9e7049a7e2e250883518

SHA1
05f979020c53e7abbcda865c6fd7e5944e9f3bb0

SHA256
ec59fcda57aba35d19fed32efed02e71464045643c552b7994e7f78521cde3b6

SHA512
9b820acbf3fef72625eb51663ee7308a8b83f1d424e17872f7ae254189682e7ba1ea56b7ba6dcd8e905a97b953fab5501945b4b09bd9cfaef0712b65b3e61a28

Download Submit
\Windows\system\GATjJsV.exe

Filesize
6.0MB

MD5
7f1fedf03699aef9d19c8a3c48431e49

SHA1
92f1b082acfba73d1f78999be1cca49aff875006

SHA256
6d1c1045048b7e861a0ed9a184d93ada7f50f61fac3d5e30a730d5601302fcb3

SHA512
2fbdf08c2dddbe584146bdb4e0a74af2d7d8e6827e2b36910b3bc30efa71c62bb3b0e155de73a10a3751d3896f3d6ee82f22cf58d74e548852fe505f429b978d

Download Submit
\Windows\system\eKtSEhj.exe

Filesize
6.0MB

MD5
eea07c1666e499fa48a07e380d2d45fb

SHA1
25c167d081cc028915305ddfabd328e4c3946965

SHA256
ac6079412d08da190c999f4f985cf604875bdfd76ab0c4fbe9990b0d5e6768fb

SHA512
7fffc384705a8915524080a13d1eb52c061dd0d60a1013042f611b501768e69c443e1cda94c6731d18f2fcf46715ef0431064d81a48d450e6d6aaa1578a01df2

Download Submit
memory/1752-2428-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1752-3619-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2076-3616-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2076-2446-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2345-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3617-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2504-2536-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-3618-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2447-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2538-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2432-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2547-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2592-2469-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-0-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4067-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2464-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3620-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download