cobaltstrike | 9f7dfcd8930f7e2dab50f8c9766e1ede9f92a9613550f871bcee16e312bd494b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

068d0f7bd872e5c0d1e25db6a066637b
SHA1

14021f9a5322ddb05a3ee6125980b7d2474a5c06
SHA256

9f7dfcd8930f7e2dab50f8c9766e1ede9f92a9613550f871bcee16e312bd494b
SHA512

f29dcc39a842adb5f786542523eacbb1164c63f6c87853940d6841b66f4a138a48053e50a59b89f9a1326b03845935f37d5a7540333c8b057212c7a0a9c2e372
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUy:T+q56utgpPF8u/7y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012257-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019490-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001949d-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d0-17.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e4-29.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194e6-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019551-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-44.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d4-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-147.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001941b-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-49.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194da-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral1/memory/2272-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000d000000012257-6.dat	xmrig
behavioral1/files/0x0007000000019490-11.dat	xmrig
behavioral1/files/0x000700000001949d-12.dat	xmrig
behavioral1/files/0x00060000000194d0-17.dat	xmrig
behavioral1/files/0x00060000000194e4-29.dat	xmrig
behavioral1/files/0x00080000000194e6-35.dat	xmrig
behavioral1/files/0x0007000000019551-40.dat	xmrig
behavioral1/files/0x000500000001a495-44.dat	xmrig
behavioral1/files/0x000500000001a4ab-54.dat	xmrig
behavioral1/files/0x000500000001a4b5-80.dat	xmrig
behavioral1/files/0x000500000001a4c1-110.dat	xmrig
behavioral1/files/0x000500000001a4cf-151.dat	xmrig
behavioral1/memory/2336-2185-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2272-2301-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2752-2298-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2388-2238-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2272-2113-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d4-162.dat	xmrig
behavioral1/files/0x000500000001a4d1-155.dat	xmrig
behavioral1/files/0x000500000001a4cd-147.dat	xmrig
behavioral1/files/0x000800000001941b-141.dat	xmrig
behavioral1/files/0x000500000001a4cb-137.dat	xmrig
behavioral1/files/0x000500000001a4c9-133.dat	xmrig
behavioral1/memory/944-129-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c5-120.dat	xmrig
behavioral1/files/0x000500000001a4c7-124.dat	xmrig
behavioral1/files/0x000500000001a4c3-114.dat	xmrig
behavioral1/files/0x000500000001a4bf-104.dat	xmrig
behavioral1/files/0x000500000001a4bd-100.dat	xmrig
behavioral1/files/0x000500000001a4bb-94.dat	xmrig
behavioral1/files/0x000500000001a4b9-90.dat	xmrig
behavioral1/files/0x000500000001a4b7-84.dat	xmrig
behavioral1/files/0x000500000001a4b3-74.dat	xmrig
behavioral1/files/0x000500000001a4b1-70.dat	xmrig
behavioral1/files/0x000500000001a4af-64.dat	xmrig
behavioral1/files/0x000500000001a4ad-60.dat	xmrig
behavioral1/files/0x000500000001a4a5-49.dat	xmrig
behavioral1/files/0x00060000000194da-25.dat	xmrig
behavioral1/memory/2832-2367-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2872-2424-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/944-3970-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2872-3971-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2336-3982-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2752-3981-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2832-3983-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2388-3984-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2272-3997-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
484	GqjoGmn.exe
944	mfceNov.exe
2336	zUHYIUh.exe
2388	bqqqzEx.exe
2752	FDkMnpw.exe
2832	jheoYjd.exe
2872	jltjurJ.exe
948	dGedKtQ.exe
2924	aJDrwUv.exe
2672	ezYaCkT.exe
2936	EDlgZog.exe
2684	zNATpnj.exe
2636	YmZIRMf.exe
2688	QkPAoeU.exe
2464	wZwLlLg.exe
2472	hjaKZWf.exe
2944	sRapufE.exe
1296	QxpwfQf.exe
3012	XrshvFU.exe
2976	ShPfBVD.exe
2984	LxmGUEK.exe
2008	hlIoEaZ.exe
2908	LAWtEgf.exe
2276	aeneLLo.exe
1968	TLHwrZH.exe
2456	zRJAsKq.exe
2460	EXkIPTC.exe
1928	nvSwrFK.exe
1996	WwxQVnh.exe
1060	HImCcqY.exe
2096	sJKEKSU.exe
1080	IREGxha.exe
2200	Ffraauo.exe
2028	fmWJORA.exe
1628	XvFQeFy.exe
1668	KknkORk.exe
2680	SybaXnT.exe
612	pzfDMMx.exe
1680	aYDpygy.exe
108	ALdPfEP.exe
1732	LPHIdiJ.exe
2236	UkHWNaL.exe
928	JNececg.exe
2436	kIBZPpd.exe
1368	VTHcafg.exe
2380	cRbLRDd.exe
1744	bqhOzYI.exe
2224	SlNlOkJ.exe
780	GXhWfmR.exe
2212	jgrlVXF.exe
2572	puLQYeg.exe
1772	AwMtIwX.exe
2548	crdpjPY.exe
1816	yBsFqYS.exe
1052	mrUcuPJ.exe
2536	SKCrRHt.exe
2312	oTtIXWI.exe
2544	tfrPyjK.exe
1588	gOozkmV.exe
1752	QYYwpIT.exe
2520	AyAqCEw.exe
2160	RhedPJa.exe
2844	twalCnZ.exe
2604	yEYSSbK.exe

Loads dropped DLL 64 IoCs

pid	Process
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2272-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000d000000012257-6.dat	upx
behavioral1/files/0x0007000000019490-11.dat	upx
behavioral1/files/0x000700000001949d-12.dat	upx
behavioral1/files/0x00060000000194d0-17.dat	upx
behavioral1/files/0x00060000000194e4-29.dat	upx
behavioral1/files/0x00080000000194e6-35.dat	upx
behavioral1/files/0x0007000000019551-40.dat	upx
behavioral1/files/0x000500000001a495-44.dat	upx
behavioral1/files/0x000500000001a4ab-54.dat	upx
behavioral1/files/0x000500000001a4b5-80.dat	upx
behavioral1/files/0x000500000001a4c1-110.dat	upx
behavioral1/files/0x000500000001a4cf-151.dat	upx
behavioral1/memory/2336-2185-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2752-2298-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2388-2238-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x000500000001a4d4-162.dat	upx
behavioral1/files/0x000500000001a4d1-155.dat	upx
behavioral1/files/0x000500000001a4cd-147.dat	upx
behavioral1/files/0x000800000001941b-141.dat	upx
behavioral1/files/0x000500000001a4cb-137.dat	upx
behavioral1/files/0x000500000001a4c9-133.dat	upx
behavioral1/memory/944-129-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x000500000001a4c5-120.dat	upx
behavioral1/files/0x000500000001a4c7-124.dat	upx
behavioral1/files/0x000500000001a4c3-114.dat	upx
behavioral1/files/0x000500000001a4bf-104.dat	upx
behavioral1/files/0x000500000001a4bd-100.dat	upx
behavioral1/files/0x000500000001a4bb-94.dat	upx
behavioral1/files/0x000500000001a4b9-90.dat	upx
behavioral1/files/0x000500000001a4b7-84.dat	upx
behavioral1/files/0x000500000001a4b3-74.dat	upx
behavioral1/files/0x000500000001a4b1-70.dat	upx
behavioral1/files/0x000500000001a4af-64.dat	upx
behavioral1/files/0x000500000001a4ad-60.dat	upx
behavioral1/files/0x000500000001a4a5-49.dat	upx
behavioral1/files/0x00060000000194da-25.dat	upx
behavioral1/memory/2832-2367-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2872-2424-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/944-3970-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2872-3971-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2336-3982-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2752-3981-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2832-3983-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2388-3984-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2272-3997-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WevRgrj.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxdvDIt.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjjYXWM.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVbVCXO.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCRCoGX.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPLEouT.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jltjurJ.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDMqFoq.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxjVADT.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqLmANQ.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGxBmGR.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdxeRUq.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCBbDcU.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVejSeE.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmeOxAL.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNyZGVQ.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggtbQcT.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEORcCq.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwxjCjS.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crdpjPY.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAdmvGb.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqmXyZW.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QipGaIY.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdnvpiY.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BclkfJd.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Glqgyxz.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFMeANY.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEmnFdP.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUmuasI.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZZZtWL.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrGHQgO.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUgVwFL.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waqBKyY.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NktOwoc.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBMCBTO.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTDLsEf.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTnMDvo.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYufkli.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWnaZXG.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWziWqY.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBRBsHK.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxyGCXG.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRFZRZn.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqhOzYI.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKIOWVy.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROBLLhU.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHgQTzu.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJZZmAD.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWztOkl.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilwPDdN.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQpKgvk.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNececg.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhMCAJA.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcRqhez.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjsdgbE.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suqiBfd.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKeCrFT.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWykVHj.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbixcLe.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBplqGH.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFKcomZ.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObKaGap.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzTRagK.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADQqxiY.exe	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 484	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 484	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 484	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 944	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 944	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 944	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 2336	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2336	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2336	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2388	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2388	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2388	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2752	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2752	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2752	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2832	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2832	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2832	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2872	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2872	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2872	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 948	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 948	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 948	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 2924	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 2924	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 2924	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 2672	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2672	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2672	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2936	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2936	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2936	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2684	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2684	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2684	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2636	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2636	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2636	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2688	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 2688	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 2688	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 2464	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 2464	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 2464	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 2472	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 2472	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 2472	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 2944	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2944	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2944	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 1296	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 1296	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 1296	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 3012	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 3012	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 3012	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 2976	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 2976	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 2976	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 2984	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2272 wrote to memory of 2984	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2272 wrote to memory of 2984	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2272 wrote to memory of 2008	2272	2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_068d0f7bd872e5c0d1e25db6a066637b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\System\GqjoGmn.exe
  C:\Windows\System\GqjoGmn.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\mfceNov.exe
  C:\Windows\System\mfceNov.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\zUHYIUh.exe
  C:\Windows\System\zUHYIUh.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\bqqqzEx.exe
  C:\Windows\System\bqqqzEx.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\FDkMnpw.exe
  C:\Windows\System\FDkMnpw.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\jheoYjd.exe
  C:\Windows\System\jheoYjd.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\jltjurJ.exe
  C:\Windows\System\jltjurJ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\dGedKtQ.exe
  C:\Windows\System\dGedKtQ.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\aJDrwUv.exe
  C:\Windows\System\aJDrwUv.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\ezYaCkT.exe
  C:\Windows\System\ezYaCkT.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\EDlgZog.exe
  C:\Windows\System\EDlgZog.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\zNATpnj.exe
  C:\Windows\System\zNATpnj.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\YmZIRMf.exe
  C:\Windows\System\YmZIRMf.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\QkPAoeU.exe
  C:\Windows\System\QkPAoeU.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\wZwLlLg.exe
  C:\Windows\System\wZwLlLg.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\hjaKZWf.exe
  C:\Windows\System\hjaKZWf.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\sRapufE.exe
  C:\Windows\System\sRapufE.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\QxpwfQf.exe
  C:\Windows\System\QxpwfQf.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\XrshvFU.exe
  C:\Windows\System\XrshvFU.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\ShPfBVD.exe
  C:\Windows\System\ShPfBVD.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\LxmGUEK.exe
  C:\Windows\System\LxmGUEK.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\hlIoEaZ.exe
  C:\Windows\System\hlIoEaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\LAWtEgf.exe
  C:\Windows\System\LAWtEgf.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\aeneLLo.exe
  C:\Windows\System\aeneLLo.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\TLHwrZH.exe
  C:\Windows\System\TLHwrZH.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\zRJAsKq.exe
  C:\Windows\System\zRJAsKq.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\EXkIPTC.exe
  C:\Windows\System\EXkIPTC.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\nvSwrFK.exe
  C:\Windows\System\nvSwrFK.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\WwxQVnh.exe
  C:\Windows\System\WwxQVnh.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\HImCcqY.exe
  C:\Windows\System\HImCcqY.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\sJKEKSU.exe
  C:\Windows\System\sJKEKSU.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\IREGxha.exe
  C:\Windows\System\IREGxha.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\Ffraauo.exe
  C:\Windows\System\Ffraauo.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\fmWJORA.exe
  C:\Windows\System\fmWJORA.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\XvFQeFy.exe
  C:\Windows\System\XvFQeFy.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\SybaXnT.exe
  C:\Windows\System\SybaXnT.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\KknkORk.exe
  C:\Windows\System\KknkORk.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\pzfDMMx.exe
  C:\Windows\System\pzfDMMx.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\aYDpygy.exe
  C:\Windows\System\aYDpygy.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\ALdPfEP.exe
  C:\Windows\System\ALdPfEP.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\LPHIdiJ.exe
  C:\Windows\System\LPHIdiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\UkHWNaL.exe
  C:\Windows\System\UkHWNaL.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\JNececg.exe
  C:\Windows\System\JNececg.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\kIBZPpd.exe
  C:\Windows\System\kIBZPpd.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\VTHcafg.exe
  C:\Windows\System\VTHcafg.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\cRbLRDd.exe
  C:\Windows\System\cRbLRDd.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\bqhOzYI.exe
  C:\Windows\System\bqhOzYI.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\SlNlOkJ.exe
  C:\Windows\System\SlNlOkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\GXhWfmR.exe
  C:\Windows\System\GXhWfmR.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\jgrlVXF.exe
  C:\Windows\System\jgrlVXF.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\puLQYeg.exe
  C:\Windows\System\puLQYeg.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\AwMtIwX.exe
  C:\Windows\System\AwMtIwX.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\crdpjPY.exe
  C:\Windows\System\crdpjPY.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\yBsFqYS.exe
  C:\Windows\System\yBsFqYS.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\mrUcuPJ.exe
  C:\Windows\System\mrUcuPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\SKCrRHt.exe
  C:\Windows\System\SKCrRHt.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\oTtIXWI.exe
  C:\Windows\System\oTtIXWI.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\tfrPyjK.exe
  C:\Windows\System\tfrPyjK.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\gOozkmV.exe
  C:\Windows\System\gOozkmV.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\QYYwpIT.exe
  C:\Windows\System\QYYwpIT.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\AyAqCEw.exe
  C:\Windows\System\AyAqCEw.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\RhedPJa.exe
  C:\Windows\System\RhedPJa.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\twalCnZ.exe
  C:\Windows\System\twalCnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\yEYSSbK.exe
  C:\Windows\System\yEYSSbK.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\qgunedz.exe
  C:\Windows\System\qgunedz.exe
  2⤵
  PID:2060
- C:\Windows\System\suqiBfd.exe
  C:\Windows\System\suqiBfd.exe
  2⤵
  PID:3000
- C:\Windows\System\KSMCjUw.exe
  C:\Windows\System\KSMCjUw.exe
  2⤵
  PID:2668
- C:\Windows\System\GzELweA.exe
  C:\Windows\System\GzELweA.exe
  2⤵
  PID:2916
- C:\Windows\System\hcjAOQU.exe
  C:\Windows\System\hcjAOQU.exe
  2⤵
  PID:308
- C:\Windows\System\tGTnJmH.exe
  C:\Windows\System\tGTnJmH.exe
  2⤵
  PID:1312
- C:\Windows\System\qxfUlsh.exe
  C:\Windows\System\qxfUlsh.exe
  2⤵
  PID:3068
- C:\Windows\System\sPUtwhY.exe
  C:\Windows\System\sPUtwhY.exe
  2⤵
  PID:3036
- C:\Windows\System\ZuPgWVu.exe
  C:\Windows\System\ZuPgWVu.exe
  2⤵
  PID:3044
- C:\Windows\System\eQicXnd.exe
  C:\Windows\System\eQicXnd.exe
  2⤵
  PID:324
- C:\Windows\System\Bfgmttf.exe
  C:\Windows\System\Bfgmttf.exe
  2⤵
  PID:1664
- C:\Windows\System\AWYnsDE.exe
  C:\Windows\System\AWYnsDE.exe
  2⤵
  PID:1164
- C:\Windows\System\dpmuUHS.exe
  C:\Windows\System\dpmuUHS.exe
  2⤵
  PID:2012
- C:\Windows\System\pTRNGKJ.exe
  C:\Windows\System\pTRNGKJ.exe
  2⤵
  PID:1716
- C:\Windows\System\RGygIwZ.exe
  C:\Windows\System\RGygIwZ.exe
  2⤵
  PID:1144
- C:\Windows\System\zpMkqZh.exe
  C:\Windows\System\zpMkqZh.exe
  2⤵
  PID:1316
- C:\Windows\System\DgdyGDy.exe
  C:\Windows\System\DgdyGDy.exe
  2⤵
  PID:672
- C:\Windows\System\fOOjCiK.exe
  C:\Windows\System\fOOjCiK.exe
  2⤵
  PID:1684
- C:\Windows\System\RYufkli.exe
  C:\Windows\System\RYufkli.exe
  2⤵
  PID:900
- C:\Windows\System\FRjwBSb.exe
  C:\Windows\System\FRjwBSb.exe
  2⤵
  PID:1540
- C:\Windows\System\nPUzZQj.exe
  C:\Windows\System\nPUzZQj.exe
  2⤵
  PID:2068
- C:\Windows\System\qjaOSni.exe
  C:\Windows\System\qjaOSni.exe
  2⤵
  PID:2424
- C:\Windows\System\iiyFdcz.exe
  C:\Windows\System\iiyFdcz.exe
  2⤵
  PID:1736
- C:\Windows\System\ZIrKlty.exe
  C:\Windows\System\ZIrKlty.exe
  2⤵
  PID:2592
- C:\Windows\System\qvlYGgK.exe
  C:\Windows\System\qvlYGgK.exe
  2⤵
  PID:2412
- C:\Windows\System\VNmmVEC.exe
  C:\Windows\System\VNmmVEC.exe
  2⤵
  PID:700
- C:\Windows\System\WevRgrj.exe
  C:\Windows\System\WevRgrj.exe
  2⤵
  PID:1856
- C:\Windows\System\YvDPMVM.exe
  C:\Windows\System\YvDPMVM.exe
  2⤵
  PID:1876
- C:\Windows\System\jqalroV.exe
  C:\Windows\System\jqalroV.exe
  2⤵
  PID:2368
- C:\Windows\System\fVpykoE.exe
  C:\Windows\System\fVpykoE.exe
  2⤵
  PID:2552
- C:\Windows\System\zPBDuYY.exe
  C:\Windows\System\zPBDuYY.exe
  2⤵
  PID:1584
- C:\Windows\System\DzMLIdF.exe
  C:\Windows\System\DzMLIdF.exe
  2⤵
  PID:2244
- C:\Windows\System\gpUwpyr.exe
  C:\Windows\System\gpUwpyr.exe
  2⤵
  PID:2796
- C:\Windows\System\lPkhaSy.exe
  C:\Windows\System\lPkhaSy.exe
  2⤵
  PID:2416
- C:\Windows\System\tZlhPne.exe
  C:\Windows\System\tZlhPne.exe
  2⤵
  PID:2888
- C:\Windows\System\bnkhkym.exe
  C:\Windows\System\bnkhkym.exe
  2⤵
  PID:2656
- C:\Windows\System\jdFJzIj.exe
  C:\Windows\System\jdFJzIj.exe
  2⤵
  PID:2172
- C:\Windows\System\rxPlVIz.exe
  C:\Windows\System\rxPlVIz.exe
  2⤵
  PID:2824
- C:\Windows\System\ftqrylE.exe
  C:\Windows\System\ftqrylE.exe
  2⤵
  PID:2980
- C:\Windows\System\btyTVJE.exe
  C:\Windows\System\btyTVJE.exe
  2⤵
  PID:2524
- C:\Windows\System\CXomECG.exe
  C:\Windows\System\CXomECG.exe
  2⤵
  PID:2700
- C:\Windows\System\NhfOcSQ.exe
  C:\Windows\System\NhfOcSQ.exe
  2⤵
  PID:2564
- C:\Windows\System\jFbwClt.exe
  C:\Windows\System\jFbwClt.exe
  2⤵
  PID:2620
- C:\Windows\System\JsxaQdV.exe
  C:\Windows\System\JsxaQdV.exe
  2⤵
  PID:1156
- C:\Windows\System\lEwCtoI.exe
  C:\Windows\System\lEwCtoI.exe
  2⤵
  PID:2052
- C:\Windows\System\ZXytger.exe
  C:\Windows\System\ZXytger.exe
  2⤵
  PID:608
- C:\Windows\System\icKxOvS.exe
  C:\Windows\System\icKxOvS.exe
  2⤵
  PID:1160
- C:\Windows\System\yaCtNAL.exe
  C:\Windows\System\yaCtNAL.exe
  2⤵
  PID:1660
- C:\Windows\System\LrPOjkj.exe
  C:\Windows\System\LrPOjkj.exe
  2⤵
  PID:2540
- C:\Windows\System\JOwwgzu.exe
  C:\Windows\System\JOwwgzu.exe
  2⤵
  PID:1644
- C:\Windows\System\mAFCNrr.exe
  C:\Windows\System\mAFCNrr.exe
  2⤵
  PID:1248
- C:\Windows\System\tknJEzL.exe
  C:\Windows\System\tknJEzL.exe
  2⤵
  PID:3084
- C:\Windows\System\iNxwejc.exe
  C:\Windows\System\iNxwejc.exe
  2⤵
  PID:3100
- C:\Windows\System\WHYWjGH.exe
  C:\Windows\System\WHYWjGH.exe
  2⤵
  PID:3124
- C:\Windows\System\VDAQkGv.exe
  C:\Windows\System\VDAQkGv.exe
  2⤵
  PID:3140
- C:\Windows\System\tqDCnXM.exe
  C:\Windows\System\tqDCnXM.exe
  2⤵
  PID:3160
- C:\Windows\System\DNcJsxJ.exe
  C:\Windows\System\DNcJsxJ.exe
  2⤵
  PID:3180
- C:\Windows\System\oubKNCG.exe
  C:\Windows\System\oubKNCG.exe
  2⤵
  PID:3200
- C:\Windows\System\MUdKjGS.exe
  C:\Windows\System\MUdKjGS.exe
  2⤵
  PID:3224
- C:\Windows\System\FKOtLPr.exe
  C:\Windows\System\FKOtLPr.exe
  2⤵
  PID:3240
- C:\Windows\System\BIAXkAu.exe
  C:\Windows\System\BIAXkAu.exe
  2⤵
  PID:3260
- C:\Windows\System\plOyoLw.exe
  C:\Windows\System\plOyoLw.exe
  2⤵
  PID:3280
- C:\Windows\System\aWnaZXG.exe
  C:\Windows\System\aWnaZXG.exe
  2⤵
  PID:3296
- C:\Windows\System\imyYzME.exe
  C:\Windows\System\imyYzME.exe
  2⤵
  PID:3316
- C:\Windows\System\zzSnpbu.exe
  C:\Windows\System\zzSnpbu.exe
  2⤵
  PID:3336
- C:\Windows\System\VcMCxPY.exe
  C:\Windows\System\VcMCxPY.exe
  2⤵
  PID:3356
- C:\Windows\System\oKAXoEE.exe
  C:\Windows\System\oKAXoEE.exe
  2⤵
  PID:3384
- C:\Windows\System\mYUJsiL.exe
  C:\Windows\System\mYUJsiL.exe
  2⤵
  PID:3404
- C:\Windows\System\lRPrBgq.exe
  C:\Windows\System\lRPrBgq.exe
  2⤵
  PID:3420
- C:\Windows\System\RYGxdMF.exe
  C:\Windows\System\RYGxdMF.exe
  2⤵
  PID:3444
- C:\Windows\System\XlbaTVt.exe
  C:\Windows\System\XlbaTVt.exe
  2⤵
  PID:3460
- C:\Windows\System\GOJBvBz.exe
  C:\Windows\System\GOJBvBz.exe
  2⤵
  PID:3484
- C:\Windows\System\twyrXoI.exe
  C:\Windows\System\twyrXoI.exe
  2⤵
  PID:3500
- C:\Windows\System\GvjaxHp.exe
  C:\Windows\System\GvjaxHp.exe
  2⤵
  PID:3524
- C:\Windows\System\hWrObWT.exe
  C:\Windows\System\hWrObWT.exe
  2⤵
  PID:3540
- C:\Windows\System\bsJFCPG.exe
  C:\Windows\System\bsJFCPG.exe
  2⤵
  PID:3560
- C:\Windows\System\RXkEkbf.exe
  C:\Windows\System\RXkEkbf.exe
  2⤵
  PID:3584
- C:\Windows\System\HjcLbUt.exe
  C:\Windows\System\HjcLbUt.exe
  2⤵
  PID:3604
- C:\Windows\System\WbjWeYG.exe
  C:\Windows\System\WbjWeYG.exe
  2⤵
  PID:3624
- C:\Windows\System\ZJLKMle.exe
  C:\Windows\System\ZJLKMle.exe
  2⤵
  PID:3644
- C:\Windows\System\GUilmjc.exe
  C:\Windows\System\GUilmjc.exe
  2⤵
  PID:3660
- C:\Windows\System\lRTVqgr.exe
  C:\Windows\System\lRTVqgr.exe
  2⤵
  PID:3684
- C:\Windows\System\avjpLJK.exe
  C:\Windows\System\avjpLJK.exe
  2⤵
  PID:3704
- C:\Windows\System\lNNiNaf.exe
  C:\Windows\System\lNNiNaf.exe
  2⤵
  PID:3724
- C:\Windows\System\GEyMftC.exe
  C:\Windows\System\GEyMftC.exe
  2⤵
  PID:3744
- C:\Windows\System\IOBhzDc.exe
  C:\Windows\System\IOBhzDc.exe
  2⤵
  PID:3764
- C:\Windows\System\uUkCknH.exe
  C:\Windows\System\uUkCknH.exe
  2⤵
  PID:3784
- C:\Windows\System\wFoRPPS.exe
  C:\Windows\System\wFoRPPS.exe
  2⤵
  PID:3804
- C:\Windows\System\ZvymJmt.exe
  C:\Windows\System\ZvymJmt.exe
  2⤵
  PID:3820
- C:\Windows\System\GbEoDvh.exe
  C:\Windows\System\GbEoDvh.exe
  2⤵
  PID:3844
- C:\Windows\System\wYGSGLu.exe
  C:\Windows\System\wYGSGLu.exe
  2⤵
  PID:3864
- C:\Windows\System\RrlAneR.exe
  C:\Windows\System\RrlAneR.exe
  2⤵
  PID:3884
- C:\Windows\System\waqBKyY.exe
  C:\Windows\System\waqBKyY.exe
  2⤵
  PID:3904
- C:\Windows\System\IzOTjJp.exe
  C:\Windows\System\IzOTjJp.exe
  2⤵
  PID:3920
- C:\Windows\System\fGpfZKB.exe
  C:\Windows\System\fGpfZKB.exe
  2⤵
  PID:3944
- C:\Windows\System\UoFSAKP.exe
  C:\Windows\System\UoFSAKP.exe
  2⤵
  PID:3960
- C:\Windows\System\cQArIhf.exe
  C:\Windows\System\cQArIhf.exe
  2⤵
  PID:3980
- C:\Windows\System\OGedrBH.exe
  C:\Windows\System\OGedrBH.exe
  2⤵
  PID:4004
- C:\Windows\System\vThukRY.exe
  C:\Windows\System\vThukRY.exe
  2⤵
  PID:4024
- C:\Windows\System\upjeEbB.exe
  C:\Windows\System\upjeEbB.exe
  2⤵
  PID:4040
- C:\Windows\System\sIntJYp.exe
  C:\Windows\System\sIntJYp.exe
  2⤵
  PID:4060
- C:\Windows\System\FTsJwHN.exe
  C:\Windows\System\FTsJwHN.exe
  2⤵
  PID:4080
- C:\Windows\System\sUTqmwC.exe
  C:\Windows\System\sUTqmwC.exe
  2⤵
  PID:2360
- C:\Windows\System\QqwLZUI.exe
  C:\Windows\System\QqwLZUI.exe
  2⤵
  PID:1580
- C:\Windows\System\zvMpzMK.exe
  C:\Windows\System\zvMpzMK.exe
  2⤵
  PID:2860
- C:\Windows\System\STCKdaz.exe
  C:\Windows\System\STCKdaz.exe
  2⤵
  PID:2400
- C:\Windows\System\dnMOifN.exe
  C:\Windows\System\dnMOifN.exe
  2⤵
  PID:2500
- C:\Windows\System\MQHpjks.exe
  C:\Windows\System\MQHpjks.exe
  2⤵
  PID:2528
- C:\Windows\System\loeQRCH.exe
  C:\Windows\System\loeQRCH.exe
  2⤵
  PID:2056
- C:\Windows\System\zRbgzom.exe
  C:\Windows\System\zRbgzom.exe
  2⤵
  PID:380
- C:\Windows\System\SBRuMYb.exe
  C:\Windows\System\SBRuMYb.exe
  2⤵
  PID:1748
- C:\Windows\System\dKfByoj.exe
  C:\Windows\System\dKfByoj.exe
  2⤵
  PID:2020
- C:\Windows\System\VbnsTsi.exe
  C:\Windows\System\VbnsTsi.exe
  2⤵
  PID:1820
- C:\Windows\System\bHZrwEA.exe
  C:\Windows\System\bHZrwEA.exe
  2⤵
  PID:2108
- C:\Windows\System\zZSMMqc.exe
  C:\Windows\System\zZSMMqc.exe
  2⤵
  PID:1056
- C:\Windows\System\gNEDzgr.exe
  C:\Windows\System\gNEDzgr.exe
  2⤵
  PID:3112
- C:\Windows\System\fxdvDIt.exe
  C:\Windows\System\fxdvDIt.exe
  2⤵
  PID:3116
- C:\Windows\System\CODwAiQ.exe
  C:\Windows\System\CODwAiQ.exe
  2⤵
  PID:3156
- C:\Windows\System\ijrnmdd.exe
  C:\Windows\System\ijrnmdd.exe
  2⤵
  PID:3196
- C:\Windows\System\HQTtawd.exe
  C:\Windows\System\HQTtawd.exe
  2⤵
  PID:3168
- C:\Windows\System\TTBMNaa.exe
  C:\Windows\System\TTBMNaa.exe
  2⤵
  PID:3268
- C:\Windows\System\DnmOChc.exe
  C:\Windows\System\DnmOChc.exe
  2⤵
  PID:3256
- C:\Windows\System\cKeJUXo.exe
  C:\Windows\System\cKeJUXo.exe
  2⤵
  PID:3352
- C:\Windows\System\URGHBkf.exe
  C:\Windows\System\URGHBkf.exe
  2⤵
  PID:3288
- C:\Windows\System\tyZnbIl.exe
  C:\Windows\System\tyZnbIl.exe
  2⤵
  PID:3396
- C:\Windows\System\HlJNlHi.exe
  C:\Windows\System\HlJNlHi.exe
  2⤵
  PID:3428
- C:\Windows\System\BxDFgle.exe
  C:\Windows\System\BxDFgle.exe
  2⤵
  PID:3436
- C:\Windows\System\tSJOatQ.exe
  C:\Windows\System\tSJOatQ.exe
  2⤵
  PID:3508
- C:\Windows\System\COpRvvt.exe
  C:\Windows\System\COpRvvt.exe
  2⤵
  PID:3492
- C:\Windows\System\aoyNDzW.exe
  C:\Windows\System\aoyNDzW.exe
  2⤵
  PID:3552
- C:\Windows\System\pMNMmUH.exe
  C:\Windows\System\pMNMmUH.exe
  2⤵
  PID:3596
- C:\Windows\System\jOxpgVq.exe
  C:\Windows\System\jOxpgVq.exe
  2⤵
  PID:3576
- C:\Windows\System\bzTRagK.exe
  C:\Windows\System\bzTRagK.exe
  2⤵
  PID:3676
- C:\Windows\System\SCHnUQP.exe
  C:\Windows\System\SCHnUQP.exe
  2⤵
  PID:3716
- C:\Windows\System\pSBuYXt.exe
  C:\Windows\System\pSBuYXt.exe
  2⤵
  PID:3700
- C:\Windows\System\EgrNDGI.exe
  C:\Windows\System\EgrNDGI.exe
  2⤵
  PID:3740
- C:\Windows\System\XrvDHab.exe
  C:\Windows\System\XrvDHab.exe
  2⤵
  PID:3796
- C:\Windows\System\wtQkcDr.exe
  C:\Windows\System\wtQkcDr.exe
  2⤵
  PID:3836
- C:\Windows\System\ocTzikC.exe
  C:\Windows\System\ocTzikC.exe
  2⤵
  PID:3872
- C:\Windows\System\WbgUPQI.exe
  C:\Windows\System\WbgUPQI.exe
  2⤵
  PID:3856
- C:\Windows\System\gsyZwTf.exe
  C:\Windows\System\gsyZwTf.exe
  2⤵
  PID:3928
- C:\Windows\System\KwSzPJi.exe
  C:\Windows\System\KwSzPJi.exe
  2⤵
  PID:3956
- C:\Windows\System\tRBxruU.exe
  C:\Windows\System\tRBxruU.exe
  2⤵
  PID:3968
- C:\Windows\System\ScJbbRN.exe
  C:\Windows\System\ScJbbRN.exe
  2⤵
  PID:4020
- C:\Windows\System\HcOCpZz.exe
  C:\Windows\System\HcOCpZz.exe
  2⤵
  PID:4076
- C:\Windows\System\isccrvH.exe
  C:\Windows\System\isccrvH.exe
  2⤵
  PID:2588
- C:\Windows\System\qmxbWKp.exe
  C:\Windows\System\qmxbWKp.exe
  2⤵
  PID:1512
- C:\Windows\System\zmdzTUf.exe
  C:\Windows\System\zmdzTUf.exe
  2⤵
  PID:2648
- C:\Windows\System\sgYhmWi.exe
  C:\Windows\System\sgYhmWi.exe
  2⤵
  PID:1980
- C:\Windows\System\gtejeFd.exe
  C:\Windows\System\gtejeFd.exe
  2⤵
  PID:2740
- C:\Windows\System\UHzuvkP.exe
  C:\Windows\System\UHzuvkP.exe
  2⤵
  PID:1000
- C:\Windows\System\ukZXXuB.exe
  C:\Windows\System\ukZXXuB.exe
  2⤵
  PID:1372
- C:\Windows\System\GzItPGL.exe
  C:\Windows\System\GzItPGL.exe
  2⤵
  PID:3108
- C:\Windows\System\mkFVePy.exe
  C:\Windows\System\mkFVePy.exe
  2⤵
  PID:2040
- C:\Windows\System\cNxCxwn.exe
  C:\Windows\System\cNxCxwn.exe
  2⤵
  PID:3132
- C:\Windows\System\MgODyTn.exe
  C:\Windows\System\MgODyTn.exe
  2⤵
  PID:2348
- C:\Windows\System\McvluZp.exe
  C:\Windows\System\McvluZp.exe
  2⤵
  PID:3252
- C:\Windows\System\KamGNBd.exe
  C:\Windows\System\KamGNBd.exe
  2⤵
  PID:3312
- C:\Windows\System\gNglTWF.exe
  C:\Windows\System\gNglTWF.exe
  2⤵
  PID:3328
- C:\Windows\System\VvOONbm.exe
  C:\Windows\System\VvOONbm.exe
  2⤵
  PID:3368
- C:\Windows\System\xcuAhrS.exe
  C:\Windows\System\xcuAhrS.exe
  2⤵
  PID:3472
- C:\Windows\System\CMIolHe.exe
  C:\Windows\System\CMIolHe.exe
  2⤵
  PID:3532
- C:\Windows\System\QnuvXgv.exe
  C:\Windows\System\QnuvXgv.exe
  2⤵
  PID:3568
- C:\Windows\System\WvEhLfx.exe
  C:\Windows\System\WvEhLfx.exe
  2⤵
  PID:3672
- C:\Windows\System\ZiZSYok.exe
  C:\Windows\System\ZiZSYok.exe
  2⤵
  PID:3616
- C:\Windows\System\NJQjTZv.exe
  C:\Windows\System\NJQjTZv.exe
  2⤵
  PID:3736
- C:\Windows\System\DfuWlql.exe
  C:\Windows\System\DfuWlql.exe
  2⤵
  PID:3792
- C:\Windows\System\NRyTOnu.exe
  C:\Windows\System\NRyTOnu.exe
  2⤵
  PID:3912
- C:\Windows\System\tIauxOv.exe
  C:\Windows\System\tIauxOv.exe
  2⤵
  PID:3940
- C:\Windows\System\KJdBijd.exe
  C:\Windows\System\KJdBijd.exe
  2⤵
  PID:3996
- C:\Windows\System\VEulfFv.exe
  C:\Windows\System\VEulfFv.exe
  2⤵
  PID:4000
- C:\Windows\System\thsViNM.exe
  C:\Windows\System\thsViNM.exe
  2⤵
  PID:2720
- C:\Windows\System\UikNOFj.exe
  C:\Windows\System\UikNOFj.exe
  2⤵
  PID:2800
- C:\Windows\System\HgasAIM.exe
  C:\Windows\System\HgasAIM.exe
  2⤵
  PID:2080
- C:\Windows\System\DYuIhro.exe
  C:\Windows\System\DYuIhro.exe
  2⤵
  PID:424
- C:\Windows\System\IsnMDId.exe
  C:\Windows\System\IsnMDId.exe
  2⤵
  PID:1604
- C:\Windows\System\QnSThsQ.exe
  C:\Windows\System\QnSThsQ.exe
  2⤵
  PID:3080
- C:\Windows\System\sbLpuNE.exe
  C:\Windows\System\sbLpuNE.exe
  2⤵
  PID:996
- C:\Windows\System\fhMCAJA.exe
  C:\Windows\System\fhMCAJA.exe
  2⤵
  PID:3308
- C:\Windows\System\sCkaBIv.exe
  C:\Windows\System\sCkaBIv.exe
  2⤵
  PID:3292
- C:\Windows\System\rYBdUud.exe
  C:\Windows\System\rYBdUud.exe
  2⤵
  PID:3416
- C:\Windows\System\oSfsfOq.exe
  C:\Windows\System\oSfsfOq.exe
  2⤵
  PID:3580
- C:\Windows\System\QEAPaNM.exe
  C:\Windows\System\QEAPaNM.exe
  2⤵
  PID:3680
- C:\Windows\System\JpMMWxR.exe
  C:\Windows\System\JpMMWxR.exe
  2⤵
  PID:3668
- C:\Windows\System\ImFkEee.exe
  C:\Windows\System\ImFkEee.exe
  2⤵
  PID:3828
- C:\Windows\System\VfJBMtM.exe
  C:\Windows\System\VfJBMtM.exe
  2⤵
  PID:3932
- C:\Windows\System\qVoXpQs.exe
  C:\Windows\System\qVoXpQs.exe
  2⤵
  PID:3992
- C:\Windows\System\XIUKdwX.exe
  C:\Windows\System\XIUKdwX.exe
  2⤵
  PID:2036
- C:\Windows\System\lKqLIBr.exe
  C:\Windows\System\lKqLIBr.exe
  2⤵
  PID:4112
- C:\Windows\System\quNFIqx.exe
  C:\Windows\System\quNFIqx.exe
  2⤵
  PID:4132
- C:\Windows\System\hFZeabm.exe
  C:\Windows\System\hFZeabm.exe
  2⤵
  PID:4152
- C:\Windows\System\LVojyiX.exe
  C:\Windows\System\LVojyiX.exe
  2⤵
  PID:4172
- C:\Windows\System\ZKSFYut.exe
  C:\Windows\System\ZKSFYut.exe
  2⤵
  PID:4188
- C:\Windows\System\FjgYdJq.exe
  C:\Windows\System\FjgYdJq.exe
  2⤵
  PID:4208
- C:\Windows\System\uaRMNtk.exe
  C:\Windows\System\uaRMNtk.exe
  2⤵
  PID:4228
- C:\Windows\System\iFhvXKR.exe
  C:\Windows\System\iFhvXKR.exe
  2⤵
  PID:4248
- C:\Windows\System\xlnXwIV.exe
  C:\Windows\System\xlnXwIV.exe
  2⤵
  PID:4272
- C:\Windows\System\dlmUWLq.exe
  C:\Windows\System\dlmUWLq.exe
  2⤵
  PID:4292
- C:\Windows\System\knCLFpJ.exe
  C:\Windows\System\knCLFpJ.exe
  2⤵
  PID:4312
- C:\Windows\System\AwtpwkP.exe
  C:\Windows\System\AwtpwkP.exe
  2⤵
  PID:4332
- C:\Windows\System\FymQjna.exe
  C:\Windows\System\FymQjna.exe
  2⤵
  PID:4352
- C:\Windows\System\SWStAQU.exe
  C:\Windows\System\SWStAQU.exe
  2⤵
  PID:4372
- C:\Windows\System\iwiPOaP.exe
  C:\Windows\System\iwiPOaP.exe
  2⤵
  PID:4388
- C:\Windows\System\LOChUVC.exe
  C:\Windows\System\LOChUVC.exe
  2⤵
  PID:4408
- C:\Windows\System\LIsKCUc.exe
  C:\Windows\System\LIsKCUc.exe
  2⤵
  PID:4428
- C:\Windows\System\eJiouRa.exe
  C:\Windows\System\eJiouRa.exe
  2⤵
  PID:4452
- C:\Windows\System\VUVDwLV.exe
  C:\Windows\System\VUVDwLV.exe
  2⤵
  PID:4472
- C:\Windows\System\yygcbGG.exe
  C:\Windows\System\yygcbGG.exe
  2⤵
  PID:4488
- C:\Windows\System\BpTsvtF.exe
  C:\Windows\System\BpTsvtF.exe
  2⤵
  PID:4508
- C:\Windows\System\PUVlFSI.exe
  C:\Windows\System\PUVlFSI.exe
  2⤵
  PID:4528
- C:\Windows\System\tzXcufZ.exe
  C:\Windows\System\tzXcufZ.exe
  2⤵
  PID:4552
- C:\Windows\System\RUgVwFL.exe
  C:\Windows\System\RUgVwFL.exe
  2⤵
  PID:4572
- C:\Windows\System\yOWFywx.exe
  C:\Windows\System\yOWFywx.exe
  2⤵
  PID:4592
- C:\Windows\System\MxWadhW.exe
  C:\Windows\System\MxWadhW.exe
  2⤵
  PID:4608
- C:\Windows\System\uXZueIT.exe
  C:\Windows\System\uXZueIT.exe
  2⤵
  PID:4628
- C:\Windows\System\jiSivuR.exe
  C:\Windows\System\jiSivuR.exe
  2⤵
  PID:4648
- C:\Windows\System\bpkvEWq.exe
  C:\Windows\System\bpkvEWq.exe
  2⤵
  PID:4672
- C:\Windows\System\mzbufPV.exe
  C:\Windows\System\mzbufPV.exe
  2⤵
  PID:4692
- C:\Windows\System\kcZDZiH.exe
  C:\Windows\System\kcZDZiH.exe
  2⤵
  PID:4712
- C:\Windows\System\cRRIFWh.exe
  C:\Windows\System\cRRIFWh.exe
  2⤵
  PID:4732
- C:\Windows\System\TdQNfgk.exe
  C:\Windows\System\TdQNfgk.exe
  2⤵
  PID:4748
- C:\Windows\System\yhDvKLS.exe
  C:\Windows\System\yhDvKLS.exe
  2⤵
  PID:4768
- C:\Windows\System\etVVksa.exe
  C:\Windows\System\etVVksa.exe
  2⤵
  PID:4788
- C:\Windows\System\pubNINr.exe
  C:\Windows\System\pubNINr.exe
  2⤵
  PID:4808
- C:\Windows\System\TgmvmbK.exe
  C:\Windows\System\TgmvmbK.exe
  2⤵
  PID:4832
- C:\Windows\System\lwWDITj.exe
  C:\Windows\System\lwWDITj.exe
  2⤵
  PID:4848
- C:\Windows\System\UtDzOAB.exe
  C:\Windows\System\UtDzOAB.exe
  2⤵
  PID:4868
- C:\Windows\System\HWziWqY.exe
  C:\Windows\System\HWziWqY.exe
  2⤵
  PID:4888
- C:\Windows\System\gDvmBtN.exe
  C:\Windows\System\gDvmBtN.exe
  2⤵
  PID:4912
- C:\Windows\System\CgSWIuq.exe
  C:\Windows\System\CgSWIuq.exe
  2⤵
  PID:4932
- C:\Windows\System\qvgMfTH.exe
  C:\Windows\System\qvgMfTH.exe
  2⤵
  PID:4948
- C:\Windows\System\NrgCrfC.exe
  C:\Windows\System\NrgCrfC.exe
  2⤵
  PID:4972
- C:\Windows\System\MNyZGVQ.exe
  C:\Windows\System\MNyZGVQ.exe
  2⤵
  PID:4988
- C:\Windows\System\upNohko.exe
  C:\Windows\System\upNohko.exe
  2⤵
  PID:5012
- C:\Windows\System\VETTmMn.exe
  C:\Windows\System\VETTmMn.exe
  2⤵
  PID:5028
- C:\Windows\System\OTejshF.exe
  C:\Windows\System\OTejshF.exe
  2⤵
  PID:5052
- C:\Windows\System\ybWNAgy.exe
  C:\Windows\System\ybWNAgy.exe
  2⤵
  PID:5072
- C:\Windows\System\gbfqBfv.exe
  C:\Windows\System\gbfqBfv.exe
  2⤵
  PID:5092
- C:\Windows\System\unytdie.exe
  C:\Windows\System\unytdie.exe
  2⤵
  PID:5108
- C:\Windows\System\xVwfedt.exe
  C:\Windows\System\xVwfedt.exe
  2⤵
  PID:4036
- C:\Windows\System\tdGoDGb.exe
  C:\Windows\System\tdGoDGb.exe
  2⤵
  PID:1032
- C:\Windows\System\TdoOEaT.exe
  C:\Windows\System\TdoOEaT.exe
  2⤵
  PID:3208
- C:\Windows\System\ZfFrlgN.exe
  C:\Windows\System\ZfFrlgN.exe
  2⤵
  PID:3216
- C:\Windows\System\esNXGSf.exe
  C:\Windows\System\esNXGSf.exe
  2⤵
  PID:3556
- C:\Windows\System\SJNLPUr.exe
  C:\Windows\System\SJNLPUr.exe
  2⤵
  PID:3452
- C:\Windows\System\HmeOxAL.exe
  C:\Windows\System\HmeOxAL.exe
  2⤵
  PID:3812
- C:\Windows\System\CWnwuta.exe
  C:\Windows\System\CWnwuta.exe
  2⤵
  PID:2880
- C:\Windows\System\OUWKjrS.exe
  C:\Windows\System\OUWKjrS.exe
  2⤵
  PID:4120
- C:\Windows\System\LKeCrFT.exe
  C:\Windows\System\LKeCrFT.exe
  2⤵
  PID:4104
- C:\Windows\System\eGdUrti.exe
  C:\Windows\System\eGdUrti.exe
  2⤵
  PID:4144
- C:\Windows\System\vEJJACb.exe
  C:\Windows\System\vEJJACb.exe
  2⤵
  PID:4204
- C:\Windows\System\EAAkVOv.exe
  C:\Windows\System\EAAkVOv.exe
  2⤵
  PID:4180
- C:\Windows\System\QUHXGyH.exe
  C:\Windows\System\QUHXGyH.exe
  2⤵
  PID:4260
- C:\Windows\System\WcwSLUc.exe
  C:\Windows\System\WcwSLUc.exe
  2⤵
  PID:4284
- C:\Windows\System\tFJlLXH.exe
  C:\Windows\System\tFJlLXH.exe
  2⤵
  PID:4304
- C:\Windows\System\FSfETRH.exe
  C:\Windows\System\FSfETRH.exe
  2⤵
  PID:4360
- C:\Windows\System\WSdCgUN.exe
  C:\Windows\System\WSdCgUN.exe
  2⤵
  PID:4380
- C:\Windows\System\wROnxiQ.exe
  C:\Windows\System\wROnxiQ.exe
  2⤵
  PID:4416
- C:\Windows\System\BWykVHj.exe
  C:\Windows\System\BWykVHj.exe
  2⤵
  PID:4448
- C:\Windows\System\pkLSsuN.exe
  C:\Windows\System\pkLSsuN.exe
  2⤵
  PID:4480
- C:\Windows\System\mtkVnqx.exe
  C:\Windows\System\mtkVnqx.exe
  2⤵
  PID:4536
- C:\Windows\System\AMrOLZg.exe
  C:\Windows\System\AMrOLZg.exe
  2⤵
  PID:4560
- C:\Windows\System\sxcKgNW.exe
  C:\Windows\System\sxcKgNW.exe
  2⤵
  PID:4580
- C:\Windows\System\PjjYXWM.exe
  C:\Windows\System\PjjYXWM.exe
  2⤵
  PID:4636
- C:\Windows\System\ZyzAlit.exe
  C:\Windows\System\ZyzAlit.exe
  2⤵
  PID:4684
- C:\Windows\System\KJPuxSG.exe
  C:\Windows\System\KJPuxSG.exe
  2⤵
  PID:4664
- C:\Windows\System\THiDnGq.exe
  C:\Windows\System\THiDnGq.exe
  2⤵
  PID:4708
- C:\Windows\System\RuBoLcc.exe
  C:\Windows\System\RuBoLcc.exe
  2⤵
  PID:4756
- C:\Windows\System\geSXViU.exe
  C:\Windows\System\geSXViU.exe
  2⤵
  PID:4804
- C:\Windows\System\vPwjpTb.exe
  C:\Windows\System\vPwjpTb.exe
  2⤵
  PID:4776
- C:\Windows\System\GrQmzbH.exe
  C:\Windows\System\GrQmzbH.exe
  2⤵
  PID:4820
- C:\Windows\System\pCHBAvl.exe
  C:\Windows\System\pCHBAvl.exe
  2⤵
  PID:4900
- C:\Windows\System\UjPgsBo.exe
  C:\Windows\System\UjPgsBo.exe
  2⤵
  PID:4928
- C:\Windows\System\iUCDIas.exe
  C:\Windows\System\iUCDIas.exe
  2⤵
  PID:4968
- C:\Windows\System\HugVcpA.exe
  C:\Windows\System\HugVcpA.exe
  2⤵
  PID:5004
- C:\Windows\System\xGgkJpY.exe
  C:\Windows\System\xGgkJpY.exe
  2⤵
  PID:5036
- C:\Windows\System\iqcsPar.exe
  C:\Windows\System\iqcsPar.exe
  2⤵
  PID:5020
- C:\Windows\System\COAOHVc.exe
  C:\Windows\System\COAOHVc.exe
  2⤵
  PID:5088
- C:\Windows\System\RTRxrHc.exe
  C:\Windows\System\RTRxrHc.exe
  2⤵
  PID:5100
- C:\Windows\System\MDrIleU.exe
  C:\Windows\System\MDrIleU.exe
  2⤵
  PID:3148
- C:\Windows\System\OjDJBjt.exe
  C:\Windows\System\OjDJBjt.exe
  2⤵
  PID:784
- C:\Windows\System\QxYLwUy.exe
  C:\Windows\System\QxYLwUy.exe
  2⤵
  PID:3400
- C:\Windows\System\jRESiok.exe
  C:\Windows\System\jRESiok.exe
  2⤵
  PID:3692
- C:\Windows\System\praKaMM.exe
  C:\Windows\System\praKaMM.exe
  2⤵
  PID:3892
- C:\Windows\System\etBlVgt.exe
  C:\Windows\System\etBlVgt.exe
  2⤵
  PID:3916
- C:\Windows\System\OJHGCon.exe
  C:\Windows\System\OJHGCon.exe
  2⤵
  PID:4168
- C:\Windows\System\CVsaxOC.exe
  C:\Windows\System\CVsaxOC.exe
  2⤵
  PID:4268
- C:\Windows\System\QTYnYIH.exe
  C:\Windows\System\QTYnYIH.exe
  2⤵
  PID:4224
- C:\Windows\System\uJYbSWy.exe
  C:\Windows\System\uJYbSWy.exe
  2⤵
  PID:4320
- C:\Windows\System\rDVpdbO.exe
  C:\Windows\System\rDVpdbO.exe
  2⤵
  PID:4460
- C:\Windows\System\jqwrXUe.exe
  C:\Windows\System\jqwrXUe.exe
  2⤵
  PID:4484
- C:\Windows\System\txssHLb.exe
  C:\Windows\System\txssHLb.exe
  2⤵
  PID:4424
- C:\Windows\System\mehRHfB.exe
  C:\Windows\System\mehRHfB.exe
  2⤵
  PID:4584
- C:\Windows\System\kIvbhhs.exe
  C:\Windows\System\kIvbhhs.exe
  2⤵
  PID:4644
- C:\Windows\System\TvfogGp.exe
  C:\Windows\System\TvfogGp.exe
  2⤵
  PID:4656
- C:\Windows\System\ITzVSYA.exe
  C:\Windows\System\ITzVSYA.exe
  2⤵
  PID:4728
- C:\Windows\System\oXQlKIF.exe
  C:\Windows\System\oXQlKIF.exe
  2⤵
  PID:4816
- C:\Windows\System\sHgGROe.exe
  C:\Windows\System\sHgGROe.exe
  2⤵
  PID:4760
- C:\Windows\System\EORAent.exe
  C:\Windows\System\EORAent.exe
  2⤵
  PID:4856
- C:\Windows\System\AtHWJzd.exe
  C:\Windows\System\AtHWJzd.exe
  2⤵
  PID:4940
- C:\Windows\System\fCwegwq.exe
  C:\Windows\System\fCwegwq.exe
  2⤵
  PID:4984
- C:\Windows\System\NjeOxYa.exe
  C:\Windows\System\NjeOxYa.exe
  2⤵
  PID:5048
- C:\Windows\System\KCjekPY.exe
  C:\Windows\System\KCjekPY.exe
  2⤵
  PID:1700
- C:\Windows\System\yApyeXf.exe
  C:\Windows\System\yApyeXf.exe
  2⤵
  PID:688
- C:\Windows\System\qXNDXmm.exe
  C:\Windows\System\qXNDXmm.exe
  2⤵
  PID:3548
- C:\Windows\System\mxhjANL.exe
  C:\Windows\System\mxhjANL.exe
  2⤵
  PID:4012
- C:\Windows\System\TUHoDVR.exe
  C:\Windows\System\TUHoDVR.exe
  2⤵
  PID:4100
- C:\Windows\System\cDNZGPk.exe
  C:\Windows\System\cDNZGPk.exe
  2⤵
  PID:4404
- C:\Windows\System\QVOZDnn.exe
  C:\Windows\System\QVOZDnn.exe
  2⤵
  PID:4348
- C:\Windows\System\ATXlbAd.exe
  C:\Windows\System\ATXlbAd.exe
  2⤵
  PID:4384
- C:\Windows\System\SpckBXM.exe
  C:\Windows\System\SpckBXM.exe
  2⤵
  PID:4524
- C:\Windows\System\xzrXpmi.exe
  C:\Windows\System\xzrXpmi.exe
  2⤵
  PID:4700
- C:\Windows\System\OKOFZOY.exe
  C:\Windows\System\OKOFZOY.exe
  2⤵
  PID:4616
- C:\Windows\System\mLtfLCC.exe
  C:\Windows\System\mLtfLCC.exe
  2⤵
  PID:4828
- C:\Windows\System\UJjWgxr.exe
  C:\Windows\System\UJjWgxr.exe
  2⤵
  PID:4956
- C:\Windows\System\dwCyYDn.exe
  C:\Windows\System\dwCyYDn.exe
  2⤵
  PID:4960
- C:\Windows\System\JJkqcMl.exe
  C:\Windows\System\JJkqcMl.exe
  2⤵
  PID:5116
- C:\Windows\System\neNFcEv.exe
  C:\Windows\System\neNFcEv.exe
  2⤵
  PID:4244
- C:\Windows\System\vqHVXdE.exe
  C:\Windows\System\vqHVXdE.exe
  2⤵
  PID:4164
- C:\Windows\System\RWuIZki.exe
  C:\Windows\System\RWuIZki.exe
  2⤵
  PID:5128
- C:\Windows\System\EDWlggZ.exe
  C:\Windows\System\EDWlggZ.exe
  2⤵
  PID:5148
- C:\Windows\System\SZBNahw.exe
  C:\Windows\System\SZBNahw.exe
  2⤵
  PID:5168
- C:\Windows\System\YsHQLWY.exe
  C:\Windows\System\YsHQLWY.exe
  2⤵
  PID:5188
- C:\Windows\System\ibUnNZU.exe
  C:\Windows\System\ibUnNZU.exe
  2⤵
  PID:5208
- C:\Windows\System\ucAvnYU.exe
  C:\Windows\System\ucAvnYU.exe
  2⤵
  PID:5228
- C:\Windows\System\MoCOXBn.exe
  C:\Windows\System\MoCOXBn.exe
  2⤵
  PID:5248
- C:\Windows\System\ukFvvYC.exe
  C:\Windows\System\ukFvvYC.exe
  2⤵
  PID:5268
- C:\Windows\System\yFSWGAH.exe
  C:\Windows\System\yFSWGAH.exe
  2⤵
  PID:5288
- C:\Windows\System\tGytrQk.exe
  C:\Windows\System\tGytrQk.exe
  2⤵
  PID:5308
- C:\Windows\System\WvtiMEb.exe
  C:\Windows\System\WvtiMEb.exe
  2⤵
  PID:5328
- C:\Windows\System\ntVWJlv.exe
  C:\Windows\System\ntVWJlv.exe
  2⤵
  PID:5344
- C:\Windows\System\UPbEOea.exe
  C:\Windows\System\UPbEOea.exe
  2⤵
  PID:5360
- C:\Windows\System\RnYLxYB.exe
  C:\Windows\System\RnYLxYB.exe
  2⤵
  PID:5384
- C:\Windows\System\GBloagA.exe
  C:\Windows\System\GBloagA.exe
  2⤵
  PID:5404
- C:\Windows\System\kLAiqhB.exe
  C:\Windows\System\kLAiqhB.exe
  2⤵
  PID:5428
- C:\Windows\System\LZSdTNK.exe
  C:\Windows\System\LZSdTNK.exe
  2⤵
  PID:5448
- C:\Windows\System\khUBMCL.exe
  C:\Windows\System\khUBMCL.exe
  2⤵
  PID:5468
- C:\Windows\System\xWsMwmC.exe
  C:\Windows\System\xWsMwmC.exe
  2⤵
  PID:5488
- C:\Windows\System\RUmuasI.exe
  C:\Windows\System\RUmuasI.exe
  2⤵
  PID:5504
- C:\Windows\System\ORPSZns.exe
  C:\Windows\System\ORPSZns.exe
  2⤵
  PID:5528
- C:\Windows\System\iWCoata.exe
  C:\Windows\System\iWCoata.exe
  2⤵
  PID:5548
- C:\Windows\System\dHPIRjZ.exe
  C:\Windows\System\dHPIRjZ.exe
  2⤵
  PID:5568
- C:\Windows\System\OIfBHkQ.exe
  C:\Windows\System\OIfBHkQ.exe
  2⤵
  PID:5588
- C:\Windows\System\TTBpYTp.exe
  C:\Windows\System\TTBpYTp.exe
  2⤵
  PID:5604
- C:\Windows\System\mRIKwYZ.exe
  C:\Windows\System\mRIKwYZ.exe
  2⤵
  PID:5628
- C:\Windows\System\mpGPbJx.exe
  C:\Windows\System\mpGPbJx.exe
  2⤵
  PID:5648
- C:\Windows\System\ZhoepTo.exe
  C:\Windows\System\ZhoepTo.exe
  2⤵
  PID:5668
- C:\Windows\System\UyqKOcK.exe
  C:\Windows\System\UyqKOcK.exe
  2⤵
  PID:5688
- C:\Windows\System\rkOgIwg.exe
  C:\Windows\System\rkOgIwg.exe
  2⤵
  PID:5704
- C:\Windows\System\QipGaIY.exe
  C:\Windows\System\QipGaIY.exe
  2⤵
  PID:5728
- C:\Windows\System\OXhlsKP.exe
  C:\Windows\System\OXhlsKP.exe
  2⤵
  PID:5748
- C:\Windows\System\amFeETt.exe
  C:\Windows\System\amFeETt.exe
  2⤵
  PID:5768
- C:\Windows\System\nigpxHm.exe
  C:\Windows\System\nigpxHm.exe
  2⤵
  PID:5788
- C:\Windows\System\IRjfSgr.exe
  C:\Windows\System\IRjfSgr.exe
  2⤵
  PID:5808
- C:\Windows\System\NalfRcM.exe
  C:\Windows\System\NalfRcM.exe
  2⤵
  PID:5828
- C:\Windows\System\IOnrkDP.exe
  C:\Windows\System\IOnrkDP.exe
  2⤵
  PID:5848
- C:\Windows\System\EcsVRpT.exe
  C:\Windows\System\EcsVRpT.exe
  2⤵
  PID:5868
- C:\Windows\System\DANKtqj.exe
  C:\Windows\System\DANKtqj.exe
  2⤵
  PID:5888
- C:\Windows\System\NktOwoc.exe
  C:\Windows\System\NktOwoc.exe
  2⤵
  PID:5908
- C:\Windows\System\Oqdvvdc.exe
  C:\Windows\System\Oqdvvdc.exe
  2⤵
  PID:5928
- C:\Windows\System\tegHltS.exe
  C:\Windows\System\tegHltS.exe
  2⤵
  PID:5944
- C:\Windows\System\ptkxewS.exe
  C:\Windows\System\ptkxewS.exe
  2⤵
  PID:5964
- C:\Windows\System\BLXZebR.exe
  C:\Windows\System\BLXZebR.exe
  2⤵
  PID:5988
- C:\Windows\System\Yganxgt.exe
  C:\Windows\System\Yganxgt.exe
  2⤵
  PID:6008
- C:\Windows\System\DgKiFRN.exe
  C:\Windows\System\DgKiFRN.exe
  2⤵
  PID:6028
- C:\Windows\System\MIEQYZR.exe
  C:\Windows\System\MIEQYZR.exe
  2⤵
  PID:6048
- C:\Windows\System\irvOumx.exe
  C:\Windows\System\irvOumx.exe
  2⤵
  PID:6068
- C:\Windows\System\qKWIDFX.exe
  C:\Windows\System\qKWIDFX.exe
  2⤵
  PID:6088
- C:\Windows\System\hJRnLVh.exe
  C:\Windows\System\hJRnLVh.exe
  2⤵
  PID:6108
- C:\Windows\System\EdHAtja.exe
  C:\Windows\System\EdHAtja.exe
  2⤵
  PID:6124
- C:\Windows\System\ozZoqCD.exe
  C:\Windows\System\ozZoqCD.exe
  2⤵
  PID:4216
- C:\Windows\System\XCDhhbk.exe
  C:\Windows\System\XCDhhbk.exe
  2⤵
  PID:4308
- C:\Windows\System\VIqyoOW.exe
  C:\Windows\System\VIqyoOW.exe
  2⤵
  PID:4520
- C:\Windows\System\RZuiUMu.exe
  C:\Windows\System\RZuiUMu.exe
  2⤵
  PID:4740
- C:\Windows\System\kQrMTXb.exe
  C:\Windows\System\kQrMTXb.exe
  2⤵
  PID:4876
- C:\Windows\System\cfEtFJM.exe
  C:\Windows\System\cfEtFJM.exe
  2⤵
  PID:5024
- C:\Windows\System\TjcPSyi.exe
  C:\Windows\System\TjcPSyi.exe
  2⤵
  PID:3480
- C:\Windows\System\dPsFQwE.exe
  C:\Windows\System\dPsFQwE.exe
  2⤵
  PID:3776
- C:\Windows\System\rAMUZIS.exe
  C:\Windows\System\rAMUZIS.exe
  2⤵
  PID:5144
- C:\Windows\System\MtGHqTE.exe
  C:\Windows\System\MtGHqTE.exe
  2⤵
  PID:5204
- C:\Windows\System\OBRBsHK.exe
  C:\Windows\System\OBRBsHK.exe
  2⤵
  PID:5180
- C:\Windows\System\RBMCBTO.exe
  C:\Windows\System\RBMCBTO.exe
  2⤵
  PID:5220
- C:\Windows\System\mPPPKft.exe
  C:\Windows\System\mPPPKft.exe
  2⤵
  PID:5260
- C:\Windows\System\JttwBjD.exe
  C:\Windows\System\JttwBjD.exe
  2⤵
  PID:5320
- C:\Windows\System\bVJuGPp.exe
  C:\Windows\System\bVJuGPp.exe
  2⤵
  PID:5368
- C:\Windows\System\SErvZwH.exe
  C:\Windows\System\SErvZwH.exe
  2⤵
  PID:5340
- C:\Windows\System\GhQrpRg.exe
  C:\Windows\System\GhQrpRg.exe
  2⤵
  PID:5416
- C:\Windows\System\Dsmddmo.exe
  C:\Windows\System\Dsmddmo.exe
  2⤵
  PID:5420
- C:\Windows\System\dlgoFGN.exe
  C:\Windows\System\dlgoFGN.exe
  2⤵
  PID:5480
- C:\Windows\System\qhjbHcO.exe
  C:\Windows\System\qhjbHcO.exe
  2⤵
  PID:5524
- C:\Windows\System\crolMpf.exe
  C:\Windows\System\crolMpf.exe
  2⤵
  PID:5544
- C:\Windows\System\MWMJPwc.exe
  C:\Windows\System\MWMJPwc.exe
  2⤵
  PID:5596
- C:\Windows\System\nTDLsEf.exe
  C:\Windows\System\nTDLsEf.exe
  2⤵
  PID:5612
- C:\Windows\System\ZcLmvju.exe
  C:\Windows\System\ZcLmvju.exe
  2⤵
  PID:5640
- C:\Windows\System\bZZZtWL.exe
  C:\Windows\System\bZZZtWL.exe
  2⤵
  PID:5684
- C:\Windows\System\MsrmPyd.exe
  C:\Windows\System\MsrmPyd.exe
  2⤵
  PID:5700
- C:\Windows\System\kqajuTV.exe
  C:\Windows\System\kqajuTV.exe
  2⤵
  PID:5764
- C:\Windows\System\tEDiXnN.exe
  C:\Windows\System\tEDiXnN.exe
  2⤵
  PID:5780
- C:\Windows\System\AcnVgKu.exe
  C:\Windows\System\AcnVgKu.exe
  2⤵
  PID:5816
- C:\Windows\System\daFVCoy.exe
  C:\Windows\System\daFVCoy.exe
  2⤵
  PID:5820
- C:\Windows\System\lIAQbfe.exe
  C:\Windows\System\lIAQbfe.exe
  2⤵
  PID:5884
- C:\Windows\System\yWitWgl.exe
  C:\Windows\System\yWitWgl.exe
  2⤵
  PID:5920
- C:\Windows\System\RNQSSXX.exe
  C:\Windows\System\RNQSSXX.exe
  2⤵
  PID:5960
- C:\Windows\System\QlcloYV.exe
  C:\Windows\System\QlcloYV.exe
  2⤵
  PID:5996
- C:\Windows\System\BoZzFNf.exe
  C:\Windows\System\BoZzFNf.exe
  2⤵
  PID:6036
- C:\Windows\System\dZtAFzH.exe
  C:\Windows\System\dZtAFzH.exe
  2⤵
  PID:6020
- C:\Windows\System\kNMqHMh.exe
  C:\Windows\System\kNMqHMh.exe
  2⤵
  PID:6084
- C:\Windows\System\uNSmAgf.exe
  C:\Windows\System\uNSmAgf.exe
  2⤵
  PID:6104
- C:\Windows\System\XhGwyfU.exe
  C:\Windows\System\XhGwyfU.exe
  2⤵
  PID:6136
- C:\Windows\System\zhMzrPz.exe
  C:\Windows\System\zhMzrPz.exe
  2⤵
  PID:4240
- C:\Windows\System\igUpdbW.exe
  C:\Windows\System\igUpdbW.exe
  2⤵
  PID:4600
- C:\Windows\System\TaHPKPg.exe
  C:\Windows\System\TaHPKPg.exe
  2⤵
  PID:5080
- C:\Windows\System\TxgqRBS.exe
  C:\Windows\System\TxgqRBS.exe
  2⤵
  PID:2856
- C:\Windows\System\bLpXkCB.exe
  C:\Windows\System\bLpXkCB.exe
  2⤵
  PID:5156
- C:\Windows\System\oMdmjEk.exe
  C:\Windows\System\oMdmjEk.exe
  2⤵
  PID:5236
- C:\Windows\System\rQuLSnF.exe
  C:\Windows\System\rQuLSnF.exe
  2⤵
  PID:5240
- C:\Windows\System\kQiJrYu.exe
  C:\Windows\System\kQiJrYu.exe
  2⤵
  PID:5324
- C:\Windows\System\clKctJj.exe
  C:\Windows\System\clKctJj.exe
  2⤵
  PID:5304
- C:\Windows\System\edGaEGs.exe
  C:\Windows\System\edGaEGs.exe
  2⤵
  PID:5396
- C:\Windows\System\kmkZvCT.exe
  C:\Windows\System\kmkZvCT.exe
  2⤵
  PID:5484
- C:\Windows\System\YFGkFMr.exe
  C:\Windows\System\YFGkFMr.exe
  2⤵
  PID:5516
- C:\Windows\System\jJNKEWq.exe
  C:\Windows\System\jJNKEWq.exe
  2⤵
  PID:5560
- C:\Windows\System\gdFFzdf.exe
  C:\Windows\System\gdFFzdf.exe
  2⤵
  PID:5620
- C:\Windows\System\HIPCQCP.exe
  C:\Windows\System\HIPCQCP.exe
  2⤵
  PID:5660
- C:\Windows\System\niXaLpo.exe
  C:\Windows\System\niXaLpo.exe
  2⤵
  PID:5736
- C:\Windows\System\qcoeAwv.exe
  C:\Windows\System\qcoeAwv.exe
  2⤵
  PID:5844
- C:\Windows\System\ePVegkY.exe
  C:\Windows\System\ePVegkY.exe
  2⤵
  PID:5880
- C:\Windows\System\lDjOwsC.exe
  C:\Windows\System\lDjOwsC.exe
  2⤵
  PID:5900
- C:\Windows\System\CBEZKCy.exe
  C:\Windows\System\CBEZKCy.exe
  2⤵
  PID:5972
- C:\Windows\System\QGnbzbw.exe
  C:\Windows\System\QGnbzbw.exe
  2⤵
  PID:6024
- C:\Windows\System\ggtbQcT.exe
  C:\Windows\System\ggtbQcT.exe
  2⤵
  PID:6080
- C:\Windows\System\JDMqFoq.exe
  C:\Windows\System\JDMqFoq.exe
  2⤵
  PID:6132
- C:\Windows\System\gcEhmzk.exe
  C:\Windows\System\gcEhmzk.exe
  2⤵
  PID:4548
- C:\Windows\System\yLYZnTT.exe
  C:\Windows\System\yLYZnTT.exe
  2⤵
  PID:4896
- C:\Windows\System\QyEAOXC.exe
  C:\Windows\System\QyEAOXC.exe
  2⤵
  PID:5124
- C:\Windows\System\oirPUlF.exe
  C:\Windows\System\oirPUlF.exe
  2⤵
  PID:6160
- C:\Windows\System\hZDLeie.exe
  C:\Windows\System\hZDLeie.exe
  2⤵
  PID:6180
- C:\Windows\System\nbzZESs.exe
  C:\Windows\System\nbzZESs.exe
  2⤵
  PID:6200
- C:\Windows\System\WglPIzG.exe
  C:\Windows\System\WglPIzG.exe
  2⤵
  PID:6220
- C:\Windows\System\GnqmRhg.exe
  C:\Windows\System\GnqmRhg.exe
  2⤵
  PID:6240
- C:\Windows\System\wlIJWAv.exe
  C:\Windows\System\wlIJWAv.exe
  2⤵
  PID:6260
- C:\Windows\System\zOIWPvR.exe
  C:\Windows\System\zOIWPvR.exe
  2⤵
  PID:6280
- C:\Windows\System\OWCwzsv.exe
  C:\Windows\System\OWCwzsv.exe
  2⤵
  PID:6300
- C:\Windows\System\EjRZTNI.exe
  C:\Windows\System\EjRZTNI.exe
  2⤵
  PID:6320
- C:\Windows\System\yHyoBSQ.exe
  C:\Windows\System\yHyoBSQ.exe
  2⤵
  PID:6340
- C:\Windows\System\toVNxAl.exe
  C:\Windows\System\toVNxAl.exe
  2⤵
  PID:6360
- C:\Windows\System\WdNyome.exe
  C:\Windows\System\WdNyome.exe
  2⤵
  PID:6380
- C:\Windows\System\gjoAVXm.exe
  C:\Windows\System\gjoAVXm.exe
  2⤵
  PID:6400
- C:\Windows\System\bnbsMFR.exe
  C:\Windows\System\bnbsMFR.exe
  2⤵
  PID:6420
- C:\Windows\System\qmeMgEj.exe
  C:\Windows\System\qmeMgEj.exe
  2⤵
  PID:6440
- C:\Windows\System\rZFyFgV.exe
  C:\Windows\System\rZFyFgV.exe
  2⤵
  PID:6460
- C:\Windows\System\OJqRBWg.exe
  C:\Windows\System\OJqRBWg.exe
  2⤵
  PID:6480
- C:\Windows\System\fFFgTZo.exe
  C:\Windows\System\fFFgTZo.exe
  2⤵
  PID:6500
- C:\Windows\System\tizmCZY.exe
  C:\Windows\System\tizmCZY.exe
  2⤵
  PID:6520
- C:\Windows\System\orlBpdk.exe
  C:\Windows\System\orlBpdk.exe
  2⤵
  PID:6540
- C:\Windows\System\hpXmRQY.exe
  C:\Windows\System\hpXmRQY.exe
  2⤵
  PID:6560
- C:\Windows\System\OFfQHTL.exe
  C:\Windows\System\OFfQHTL.exe
  2⤵
  PID:6580
- C:\Windows\System\TLpeYmX.exe
  C:\Windows\System\TLpeYmX.exe
  2⤵
  PID:6600
- C:\Windows\System\dcBkRPg.exe
  C:\Windows\System\dcBkRPg.exe
  2⤵
  PID:6620
- C:\Windows\System\RGdqYhv.exe
  C:\Windows\System\RGdqYhv.exe
  2⤵
  PID:6640
- C:\Windows\System\vsAWVuz.exe
  C:\Windows\System\vsAWVuz.exe
  2⤵
  PID:6660
- C:\Windows\System\mwYGXxK.exe
  C:\Windows\System\mwYGXxK.exe
  2⤵
  PID:6680
- C:\Windows\System\YtgohuI.exe
  C:\Windows\System\YtgohuI.exe
  2⤵
  PID:6700
- C:\Windows\System\ButFXnj.exe
  C:\Windows\System\ButFXnj.exe
  2⤵
  PID:6720
- C:\Windows\System\fHSNumZ.exe
  C:\Windows\System\fHSNumZ.exe
  2⤵
  PID:6740
- C:\Windows\System\rmnJYCL.exe
  C:\Windows\System\rmnJYCL.exe
  2⤵
  PID:6760
- C:\Windows\System\pFLOzTI.exe
  C:\Windows\System\pFLOzTI.exe
  2⤵
  PID:6780
- C:\Windows\System\vVvBOAu.exe
  C:\Windows\System\vVvBOAu.exe
  2⤵
  PID:6804
- C:\Windows\System\HogxmqL.exe
  C:\Windows\System\HogxmqL.exe
  2⤵
  PID:6824
- C:\Windows\System\ajRZMTt.exe
  C:\Windows\System\ajRZMTt.exe
  2⤵
  PID:6844
- C:\Windows\System\eDSuJbi.exe
  C:\Windows\System\eDSuJbi.exe
  2⤵
  PID:6864
- C:\Windows\System\PxYXxrQ.exe
  C:\Windows\System\PxYXxrQ.exe
  2⤵
  PID:6884
- C:\Windows\System\SIvnIVz.exe
  C:\Windows\System\SIvnIVz.exe
  2⤵
  PID:6904
- C:\Windows\System\DSCvAuO.exe
  C:\Windows\System\DSCvAuO.exe
  2⤵
  PID:6924
- C:\Windows\System\zysnlPO.exe
  C:\Windows\System\zysnlPO.exe
  2⤵
  PID:6944
- C:\Windows\System\slDGQBv.exe
  C:\Windows\System\slDGQBv.exe
  2⤵
  PID:6964
- C:\Windows\System\DFNJWHt.exe
  C:\Windows\System\DFNJWHt.exe
  2⤵
  PID:6984
- C:\Windows\System\HNPLODm.exe
  C:\Windows\System\HNPLODm.exe
  2⤵
  PID:7004
- C:\Windows\System\WLmoFJN.exe
  C:\Windows\System\WLmoFJN.exe
  2⤵
  PID:7024
- C:\Windows\System\jVzFJMv.exe
  C:\Windows\System\jVzFJMv.exe
  2⤵
  PID:7044
- C:\Windows\System\jzzqYOK.exe
  C:\Windows\System\jzzqYOK.exe
  2⤵
  PID:7064
- C:\Windows\System\sYJGZLA.exe
  C:\Windows\System\sYJGZLA.exe
  2⤵
  PID:7084
- C:\Windows\System\buzlksf.exe
  C:\Windows\System\buzlksf.exe
  2⤵
  PID:7104
- C:\Windows\System\mMoYyXf.exe
  C:\Windows\System\mMoYyXf.exe
  2⤵
  PID:7124
- C:\Windows\System\AQRCaDZ.exe
  C:\Windows\System\AQRCaDZ.exe
  2⤵
  PID:7144
- C:\Windows\System\InkPHlZ.exe
  C:\Windows\System\InkPHlZ.exe
  2⤵
  PID:7164
- C:\Windows\System\YQbJOAl.exe
  C:\Windows\System\YQbJOAl.exe
  2⤵
  PID:5176
- C:\Windows\System\MQOzKFz.exe
  C:\Windows\System\MQOzKFz.exe
  2⤵
  PID:5380
- C:\Windows\System\rybzMfh.exe
  C:\Windows\System\rybzMfh.exe
  2⤵
  PID:5440
- C:\Windows\System\ibYovnX.exe
  C:\Windows\System\ibYovnX.exe
  2⤵
  PID:5520
- C:\Windows\System\PlTjDNw.exe
  C:\Windows\System\PlTjDNw.exe
  2⤵
  PID:5676
- C:\Windows\System\qzSiHCy.exe
  C:\Windows\System\qzSiHCy.exe
  2⤵
  PID:5716
- C:\Windows\System\YMXIpAR.exe
  C:\Windows\System\YMXIpAR.exe
  2⤵
  PID:5804
- C:\Windows\System\OXlboJL.exe
  C:\Windows\System\OXlboJL.exe
  2⤵
  PID:5840
- C:\Windows\System\TJtZkdt.exe
  C:\Windows\System\TJtZkdt.exe
  2⤵
  PID:5952
- C:\Windows\System\rnNTEca.exe
  C:\Windows\System\rnNTEca.exe
  2⤵
  PID:4256
- C:\Windows\System\NQFJUYP.exe
  C:\Windows\System\NQFJUYP.exe
  2⤵
  PID:4844
- C:\Windows\System\yHChqLe.exe
  C:\Windows\System\yHChqLe.exe
  2⤵
  PID:5064
- C:\Windows\System\QGiMAtE.exe
  C:\Windows\System\QGiMAtE.exe
  2⤵
  PID:5136
- C:\Windows\System\BSpCZKW.exe
  C:\Windows\System\BSpCZKW.exe
  2⤵
  PID:6176
- C:\Windows\System\NRrndHt.exe
  C:\Windows\System\NRrndHt.exe
  2⤵
  PID:6216
- C:\Windows\System\LeCZPGe.exe
  C:\Windows\System\LeCZPGe.exe
  2⤵
  PID:6268
- C:\Windows\System\hkMbYBt.exe
  C:\Windows\System\hkMbYBt.exe
  2⤵
  PID:6296
- C:\Windows\System\sNXqrda.exe
  C:\Windows\System\sNXqrda.exe
  2⤵
  PID:6328
- C:\Windows\System\PzKqdtA.exe
  C:\Windows\System\PzKqdtA.exe
  2⤵
  PID:6388
- C:\Windows\System\hDYQqRL.exe
  C:\Windows\System\hDYQqRL.exe
  2⤵
  PID:6392
- C:\Windows\System\EzAhnky.exe
  C:\Windows\System\EzAhnky.exe
  2⤵
  PID:6436
- C:\Windows\System\NBplDWF.exe
  C:\Windows\System\NBplDWF.exe
  2⤵
  PID:6452
- C:\Windows\System\doIiAOt.exe
  C:\Windows\System\doIiAOt.exe
  2⤵
  PID:6492
- C:\Windows\System\ZUAxFsk.exe
  C:\Windows\System\ZUAxFsk.exe
  2⤵
  PID:6536
- C:\Windows\System\oEmnFdP.exe
  C:\Windows\System\oEmnFdP.exe
  2⤵
  PID:6568
- C:\Windows\System\NbjHTkH.exe
  C:\Windows\System\NbjHTkH.exe
  2⤵
  PID:6592
- C:\Windows\System\siaQhhJ.exe
  C:\Windows\System\siaQhhJ.exe
  2⤵
  PID:6628
- C:\Windows\System\FuttEEq.exe
  C:\Windows\System\FuttEEq.exe
  2⤵
  PID:6668
- C:\Windows\System\PLvJmhJ.exe
  C:\Windows\System\PLvJmhJ.exe
  2⤵
  PID:6696
- C:\Windows\System\qapPTxU.exe
  C:\Windows\System\qapPTxU.exe
  2⤵
  PID:6736
- C:\Windows\System\IgaNXZJ.exe
  C:\Windows\System\IgaNXZJ.exe
  2⤵
  PID:6768
- C:\Windows\System\JAdmvGb.exe
  C:\Windows\System\JAdmvGb.exe
  2⤵
  PID:6796
- C:\Windows\System\UDgWxHE.exe
  C:\Windows\System\UDgWxHE.exe
  2⤵
  PID:6840
- C:\Windows\System\NClMMkN.exe
  C:\Windows\System\NClMMkN.exe
  2⤵
  PID:6872
- C:\Windows\System\mjQRyJy.exe
  C:\Windows\System\mjQRyJy.exe
  2⤵
  PID:6912
- C:\Windows\System\RVbVCXO.exe
  C:\Windows\System\RVbVCXO.exe
  2⤵
  PID:6940
- C:\Windows\System\vGRirMk.exe
  C:\Windows\System\vGRirMk.exe
  2⤵
  PID:6972
- C:\Windows\System\UEtnEzC.exe
  C:\Windows\System\UEtnEzC.exe
  2⤵
  PID:6996
- C:\Windows\System\BxjVADT.exe
  C:\Windows\System\BxjVADT.exe
  2⤵
  PID:7032
- C:\Windows\System\AwmnqGn.exe
  C:\Windows\System\AwmnqGn.exe
  2⤵
  PID:7080
- C:\Windows\System\eLnmBIP.exe
  C:\Windows\System\eLnmBIP.exe
  2⤵
  PID:7120
- C:\Windows\System\Zhggdfv.exe
  C:\Windows\System\Zhggdfv.exe
  2⤵
  PID:7140
- C:\Windows\System\jzObgIp.exe
  C:\Windows\System\jzObgIp.exe
  2⤵
  PID:5184
- C:\Windows\System\PERpsMY.exe
  C:\Windows\System\PERpsMY.exe
  2⤵
  PID:5196
- C:\Windows\System\UjlmBjb.exe
  C:\Windows\System\UjlmBjb.exe
  2⤵
  PID:5460
- C:\Windows\System\DCAXnmO.exe
  C:\Windows\System\DCAXnmO.exe
  2⤵
  PID:5712
- C:\Windows\System\wgygoag.exe
  C:\Windows\System\wgygoag.exe
  2⤵
  PID:5756
- C:\Windows\System\oqrYjIP.exe
  C:\Windows\System\oqrYjIP.exe
  2⤵
  PID:5936
- C:\Windows\System\uebnboL.exe
  C:\Windows\System\uebnboL.exe
  2⤵
  PID:6064
- C:\Windows\System\MwZkTZU.exe
  C:\Windows\System\MwZkTZU.exe
  2⤵
  PID:6100
- C:\Windows\System\hVDRRRP.exe
  C:\Windows\System\hVDRRRP.exe
  2⤵
  PID:6236
- C:\Windows\System\mnouOFM.exe
  C:\Windows\System\mnouOFM.exe
  2⤵
  PID:6208
- C:\Windows\System\OaoNvYI.exe
  C:\Windows\System\OaoNvYI.exe
  2⤵
  PID:6312
- C:\Windows\System\tKIOWVy.exe
  C:\Windows\System\tKIOWVy.exe
  2⤵
  PID:6332
- C:\Windows\System\ibWXxJf.exe
  C:\Windows\System\ibWXxJf.exe
  2⤵
  PID:6356
- C:\Windows\System\EnHIGWv.exe
  C:\Windows\System\EnHIGWv.exe
  2⤵
  PID:6412
- C:\Windows\System\iadcqhq.exe
  C:\Windows\System\iadcqhq.exe
  2⤵
  PID:6496
- C:\Windows\System\KMNaVxD.exe
  C:\Windows\System\KMNaVxD.exe
  2⤵
  PID:6588
- C:\Windows\System\WKlwtQK.exe
  C:\Windows\System\WKlwtQK.exe
  2⤵
  PID:6616
- C:\Windows\System\bNHKqGE.exe
  C:\Windows\System\bNHKqGE.exe
  2⤵
  PID:6672
- C:\Windows\System\yyozVCT.exe
  C:\Windows\System\yyozVCT.exe
  2⤵
  PID:6716
- C:\Windows\System\odSEknO.exe
  C:\Windows\System\odSEknO.exe
  2⤵
  PID:6756
- C:\Windows\System\LygQAzd.exe
  C:\Windows\System\LygQAzd.exe
  2⤵
  PID:6832
- C:\Windows\System\OVRPsLQ.exe
  C:\Windows\System\OVRPsLQ.exe
  2⤵
  PID:6920
- C:\Windows\System\tuzgHuw.exe
  C:\Windows\System\tuzgHuw.exe
  2⤵
  PID:6956
- C:\Windows\System\XfNRWYy.exe
  C:\Windows\System\XfNRWYy.exe
  2⤵
  PID:7020
- C:\Windows\System\smGGBoi.exe
  C:\Windows\System\smGGBoi.exe
  2⤵
  PID:7100
- C:\Windows\System\sMsNHcW.exe
  C:\Windows\System\sMsNHcW.exe
  2⤵
  PID:7096
- C:\Windows\System\CupTsDj.exe
  C:\Windows\System\CupTsDj.exe
  2⤵
  PID:5276
- C:\Windows\System\dgjYsfT.exe
  C:\Windows\System\dgjYsfT.exe
  2⤵
  PID:5400
- C:\Windows\System\WyhXZKC.exe
  C:\Windows\System\WyhXZKC.exe
  2⤵
  PID:5976
- C:\Windows\System\ouMGQJi.exe
  C:\Windows\System\ouMGQJi.exe
  2⤵
  PID:4864
- C:\Windows\System\zvDiIdU.exe
  C:\Windows\System\zvDiIdU.exe
  2⤵
  PID:4780
- C:\Windows\System\IFOEpch.exe
  C:\Windows\System\IFOEpch.exe
  2⤵
  PID:6192
- C:\Windows\System\bRxmFnO.exe
  C:\Windows\System\bRxmFnO.exe
  2⤵
  PID:6228
- C:\Windows\System\NKUduIv.exe
  C:\Windows\System\NKUduIv.exe
  2⤵
  PID:6468
- C:\Windows\System\GCwrKMV.exe
  C:\Windows\System\GCwrKMV.exe
  2⤵
  PID:6512
- C:\Windows\System\Enpvqdr.exe
  C:\Windows\System\Enpvqdr.exe
  2⤵
  PID:6556
- C:\Windows\System\McYvWAB.exe
  C:\Windows\System\McYvWAB.exe
  2⤵
  PID:6772
- C:\Windows\System\MpDfBxY.exe
  C:\Windows\System\MpDfBxY.exe
  2⤵
  PID:6688
- C:\Windows\System\StWJHZI.exe
  C:\Windows\System\StWJHZI.exe
  2⤵
  PID:6892
- C:\Windows\System\YZRvCLO.exe
  C:\Windows\System\YZRvCLO.exe
  2⤵
  PID:6976
- C:\Windows\System\HKqkXRi.exe
  C:\Windows\System\HKqkXRi.exe
  2⤵
  PID:7176
- C:\Windows\System\tfBFjJU.exe
  C:\Windows\System\tfBFjJU.exe
  2⤵
  PID:7196
- C:\Windows\System\BTDVDdz.exe
  C:\Windows\System\BTDVDdz.exe
  2⤵
  PID:7216
- C:\Windows\System\fcgCSuJ.exe
  C:\Windows\System\fcgCSuJ.exe
  2⤵
  PID:7236
- C:\Windows\System\QEpXfLr.exe
  C:\Windows\System\QEpXfLr.exe
  2⤵
  PID:7256
- C:\Windows\System\bZBvbrf.exe
  C:\Windows\System\bZBvbrf.exe
  2⤵
  PID:7276
- C:\Windows\System\ejxyGqA.exe
  C:\Windows\System\ejxyGqA.exe
  2⤵
  PID:7292
- C:\Windows\System\qhbetii.exe
  C:\Windows\System\qhbetii.exe
  2⤵
  PID:7316
- C:\Windows\System\OekCxTB.exe
  C:\Windows\System\OekCxTB.exe
  2⤵
  PID:7336
- C:\Windows\System\kBYaOBK.exe
  C:\Windows\System\kBYaOBK.exe
  2⤵
  PID:7356
- C:\Windows\System\OwMrUqq.exe
  C:\Windows\System\OwMrUqq.exe
  2⤵
  PID:7376
- C:\Windows\System\vBCfcqk.exe
  C:\Windows\System\vBCfcqk.exe
  2⤵
  PID:7396
- C:\Windows\System\glXdfWU.exe
  C:\Windows\System\glXdfWU.exe
  2⤵
  PID:7412
- C:\Windows\System\aDsxAsT.exe
  C:\Windows\System\aDsxAsT.exe
  2⤵
  PID:7436
- C:\Windows\System\GJdJgcB.exe
  C:\Windows\System\GJdJgcB.exe
  2⤵
  PID:7452
- C:\Windows\System\gGsZUCZ.exe
  C:\Windows\System\gGsZUCZ.exe
  2⤵
  PID:7476
- C:\Windows\System\rWUJkFi.exe
  C:\Windows\System\rWUJkFi.exe
  2⤵
  PID:7500
- C:\Windows\System\hVpkknT.exe
  C:\Windows\System\hVpkknT.exe
  2⤵
  PID:7520
- C:\Windows\System\cOBciDF.exe
  C:\Windows\System\cOBciDF.exe
  2⤵
  PID:7540
- C:\Windows\System\TbLmHTJ.exe
  C:\Windows\System\TbLmHTJ.exe
  2⤵
  PID:7560
- C:\Windows\System\uMJsVHt.exe
  C:\Windows\System\uMJsVHt.exe
  2⤵
  PID:7576
- C:\Windows\System\WNzvYVp.exe
  C:\Windows\System\WNzvYVp.exe
  2⤵
  PID:7600
- C:\Windows\System\cZkxoMN.exe
  C:\Windows\System\cZkxoMN.exe
  2⤵
  PID:7620
- C:\Windows\System\ryEHYUk.exe
  C:\Windows\System\ryEHYUk.exe
  2⤵
  PID:7640
- C:\Windows\System\DUsbsMM.exe
  C:\Windows\System\DUsbsMM.exe
  2⤵
  PID:7660
- C:\Windows\System\uonoBHa.exe
  C:\Windows\System\uonoBHa.exe
  2⤵
  PID:7680
- C:\Windows\System\SXPBsQE.exe
  C:\Windows\System\SXPBsQE.exe
  2⤵
  PID:7700
- C:\Windows\System\RLTrrbE.exe
  C:\Windows\System\RLTrrbE.exe
  2⤵
  PID:7720
- C:\Windows\System\YGBBTQg.exe
  C:\Windows\System\YGBBTQg.exe
  2⤵
  PID:7740
- C:\Windows\System\fGoZpFV.exe
  C:\Windows\System\fGoZpFV.exe
  2⤵
  PID:7760
- C:\Windows\System\LBRpQgE.exe
  C:\Windows\System\LBRpQgE.exe
  2⤵
  PID:7780
- C:\Windows\System\wKvAeJd.exe
  C:\Windows\System\wKvAeJd.exe
  2⤵
  PID:7800
- C:\Windows\System\NeQwBQa.exe
  C:\Windows\System\NeQwBQa.exe
  2⤵
  PID:7820
- C:\Windows\System\geeMNxc.exe
  C:\Windows\System\geeMNxc.exe
  2⤵
  PID:7840
- C:\Windows\System\FZknqpo.exe
  C:\Windows\System\FZknqpo.exe
  2⤵
  PID:7860
- C:\Windows\System\EPkhzos.exe
  C:\Windows\System\EPkhzos.exe
  2⤵
  PID:7880
- C:\Windows\System\sQEcFQu.exe
  C:\Windows\System\sQEcFQu.exe
  2⤵
  PID:7900
- C:\Windows\System\KqNaSIp.exe
  C:\Windows\System\KqNaSIp.exe
  2⤵
  PID:7920
- C:\Windows\System\HJPGOjs.exe
  C:\Windows\System\HJPGOjs.exe
  2⤵
  PID:7940
- C:\Windows\System\hWinrDh.exe
  C:\Windows\System\hWinrDh.exe
  2⤵
  PID:7960
- C:\Windows\System\PeGJIMD.exe
  C:\Windows\System\PeGJIMD.exe
  2⤵
  PID:7980
- C:\Windows\System\AaOjQVm.exe
  C:\Windows\System\AaOjQVm.exe
  2⤵
  PID:8000
- C:\Windows\System\dEORcCq.exe
  C:\Windows\System\dEORcCq.exe
  2⤵
  PID:8020
- C:\Windows\System\wcRqhez.exe
  C:\Windows\System\wcRqhez.exe
  2⤵
  PID:8044
- C:\Windows\System\BLzqMEz.exe
  C:\Windows\System\BLzqMEz.exe
  2⤵
  PID:8064
- C:\Windows\System\qEsYsjH.exe
  C:\Windows\System\qEsYsjH.exe
  2⤵
  PID:8084
- C:\Windows\System\nOhIAnY.exe
  C:\Windows\System\nOhIAnY.exe
  2⤵
  PID:8104
- C:\Windows\System\OtAeGvr.exe
  C:\Windows\System\OtAeGvr.exe
  2⤵
  PID:8124
- C:\Windows\System\BvqyhoI.exe
  C:\Windows\System\BvqyhoI.exe
  2⤵
  PID:8144
- C:\Windows\System\GsZlRJu.exe
  C:\Windows\System\GsZlRJu.exe
  2⤵
  PID:8164
- C:\Windows\System\QdnvpiY.exe
  C:\Windows\System\QdnvpiY.exe
  2⤵
  PID:8184
- C:\Windows\System\tieINDA.exe
  C:\Windows\System\tieINDA.exe
  2⤵
  PID:7076
- C:\Windows\System\ircKiaR.exe
  C:\Windows\System\ircKiaR.exe
  2⤵
  PID:7156
- C:\Windows\System\bRiOUoy.exe
  C:\Windows\System\bRiOUoy.exe
  2⤵
  PID:5580
- C:\Windows\System\dijQDby.exe
  C:\Windows\System\dijQDby.exe
  2⤵
  PID:5784
- C:\Windows\System\QBUZeRe.exe
  C:\Windows\System\QBUZeRe.exe
  2⤵
  PID:2152
- C:\Windows\System\fOucxYC.exe
  C:\Windows\System\fOucxYC.exe
  2⤵
  PID:6456
- C:\Windows\System\kQiwwVn.exe
  C:\Windows\System\kQiwwVn.exe
  2⤵
  PID:6516
- C:\Windows\System\bwXWKIr.exe
  C:\Windows\System\bwXWKIr.exe
  2⤵
  PID:6708
- C:\Windows\System\opnWmfU.exe
  C:\Windows\System\opnWmfU.exe
  2⤵
  PID:6856
- C:\Windows\System\RRhrDOM.exe
  C:\Windows\System\RRhrDOM.exe
  2⤵
  PID:6960
- C:\Windows\System\JxyGCXG.exe
  C:\Windows\System\JxyGCXG.exe
  2⤵
  PID:7204
- C:\Windows\System\jrpoKMf.exe
  C:\Windows\System\jrpoKMf.exe
  2⤵
  PID:7208
- C:\Windows\System\zwfqygY.exe
  C:\Windows\System\zwfqygY.exe
  2⤵
  PID:7268
- C:\Windows\System\gxMghXQ.exe
  C:\Windows\System\gxMghXQ.exe
  2⤵
  PID:7284
- C:\Windows\System\xRFZRZn.exe
  C:\Windows\System\xRFZRZn.exe
  2⤵
  PID:7344
- C:\Windows\System\NFBgJPv.exe
  C:\Windows\System\NFBgJPv.exe
  2⤵
  PID:7348
- C:\Windows\System\rARxBEu.exe
  C:\Windows\System\rARxBEu.exe
  2⤵
  PID:7392
- C:\Windows\System\RmzxfIA.exe
  C:\Windows\System\RmzxfIA.exe
  2⤵
  PID:7404
- C:\Windows\System\BPYCoYj.exe
  C:\Windows\System\BPYCoYj.exe
  2⤵
  PID:7472
- C:\Windows\System\ObpmRuN.exe
  C:\Windows\System\ObpmRuN.exe
  2⤵
  PID:7508
- C:\Windows\System\mLDJZog.exe
  C:\Windows\System\mLDJZog.exe
  2⤵
  PID:7556
- C:\Windows\System\GqkRUVy.exe
  C:\Windows\System\GqkRUVy.exe
  2⤵
  PID:2932
- C:\Windows\System\VPXWMWV.exe
  C:\Windows\System\VPXWMWV.exe
  2⤵
  PID:7572
- C:\Windows\System\oQqFOfW.exe
  C:\Windows\System\oQqFOfW.exe
  2⤵
  PID:7632
- C:\Windows\System\hIVLBSc.exe
  C:\Windows\System\hIVLBSc.exe
  2⤵
  PID:7652
- C:\Windows\System\sxIMlzZ.exe
  C:\Windows\System\sxIMlzZ.exe
  2⤵
  PID:7712
- C:\Windows\System\EyGAsqm.exe
  C:\Windows\System\EyGAsqm.exe
  2⤵
  PID:7748
- C:\Windows\System\FusurkD.exe
  C:\Windows\System\FusurkD.exe
  2⤵
  PID:7768
- C:\Windows\System\ShXSRYT.exe
  C:\Windows\System\ShXSRYT.exe
  2⤵
  PID:7772
- C:\Windows\System\miOqOoy.exe
  C:\Windows\System\miOqOoy.exe
  2⤵
  PID:7836
- C:\Windows\System\YUzaNlm.exe
  C:\Windows\System\YUzaNlm.exe
  2⤵
  PID:7872
- C:\Windows\System\DEKyZJt.exe
  C:\Windows\System\DEKyZJt.exe
  2⤵
  PID:7956
- C:\Windows\System\ADQqxiY.exe
  C:\Windows\System\ADQqxiY.exe
  2⤵
  PID:7992
- C:\Windows\System\WyweiFy.exe
  C:\Windows\System\WyweiFy.exe
  2⤵
  PID:7892
- C:\Windows\System\iXyzJfq.exe
  C:\Windows\System\iXyzJfq.exe
  2⤵
  PID:7968
- C:\Windows\System\oFTKbYf.exe
  C:\Windows\System\oFTKbYf.exe
  2⤵
  PID:8036
- C:\Windows\System\xqLmANQ.exe
  C:\Windows\System\xqLmANQ.exe
  2⤵
  PID:8120
- C:\Windows\System\ZSptYPD.exe
  C:\Windows\System\ZSptYPD.exe
  2⤵
  PID:8016
- C:\Windows\System\AzxQjju.exe
  C:\Windows\System\AzxQjju.exe
  2⤵
  PID:8092
- C:\Windows\System\HXKncCc.exe
  C:\Windows\System\HXKncCc.exe
  2⤵
  PID:8156
- C:\Windows\System\bRJUWaF.exe
  C:\Windows\System\bRJUWaF.exe
  2⤵
  PID:7136
- C:\Windows\System\TSAvvya.exe
  C:\Windows\System\TSAvvya.exe
  2⤵
  PID:8172
- C:\Windows\System\zvCvNEw.exe
  C:\Windows\System\zvCvNEw.exe
  2⤵
  PID:4300
- C:\Windows\System\ONWNcGB.exe
  C:\Windows\System\ONWNcGB.exe
  2⤵
  PID:6652
- C:\Windows\System\jztfzJs.exe
  C:\Windows\System\jztfzJs.exe
  2⤵
  PID:6276
- C:\Windows\System\HEDwwti.exe
  C:\Windows\System\HEDwwti.exe
  2⤵
  PID:7192
- C:\Windows\System\VgZLpeh.exe
  C:\Windows\System\VgZLpeh.exe
  2⤵
  PID:7264
- C:\Windows\System\aeJBinX.exe
  C:\Windows\System\aeJBinX.exe
  2⤵
  PID:7036
- C:\Windows\System\UtGUXmL.exe
  C:\Windows\System\UtGUXmL.exe
  2⤵
  PID:7232
- C:\Windows\System\FnGlCEI.exe
  C:\Windows\System\FnGlCEI.exe
  2⤵
  PID:7300
- C:\Windows\System\hWGChhy.exe
  C:\Windows\System\hWGChhy.exe
  2⤵
  PID:7368
- C:\Windows\System\lxvdFAp.exe
  C:\Windows\System\lxvdFAp.exe
  2⤵
  PID:7460
- C:\Windows\System\rzonNJy.exe
  C:\Windows\System\rzonNJy.exe
  2⤵
  PID:7432
- C:\Windows\System\tfJTLiH.exe
  C:\Windows\System\tfJTLiH.exe
  2⤵
  PID:7444
- C:\Windows\System\BECXbJy.exe
  C:\Windows\System\BECXbJy.exe
  2⤵
  PID:7596
- C:\Windows\System\PlTTLOn.exe
  C:\Windows\System\PlTTLOn.exe
  2⤵
  PID:2848
- C:\Windows\System\MfHuZXz.exe
  C:\Windows\System\MfHuZXz.exe
  2⤵
  PID:7692
- C:\Windows\System\qGqPQhb.exe
  C:\Windows\System\qGqPQhb.exe
  2⤵
  PID:7636
- C:\Windows\System\fQRWwqT.exe
  C:\Windows\System\fQRWwqT.exe
  2⤵
  PID:7732
- C:\Windows\System\TqVVkCD.exe
  C:\Windows\System\TqVVkCD.exe
  2⤵
  PID:7848
- C:\Windows\System\YJHKsPu.exe
  C:\Windows\System\YJHKsPu.exe
  2⤵
  PID:2632
- C:\Windows\System\sBtsHaC.exe
  C:\Windows\System\sBtsHaC.exe
  2⤵
  PID:7816
- C:\Windows\System\naJyvfE.exe
  C:\Windows\System\naJyvfE.exe
  2⤵
  PID:7912
- C:\Windows\System\irROfli.exe
  C:\Windows\System\irROfli.exe
  2⤵
  PID:7888
- C:\Windows\System\aEclJlV.exe
  C:\Windows\System\aEclJlV.exe
  2⤵
  PID:8076
- C:\Windows\System\WyLMhhX.exe
  C:\Windows\System\WyLMhhX.exe
  2⤵
  PID:8028
- C:\Windows\System\cRufTNC.exe
  C:\Windows\System\cRufTNC.exe
  2⤵
  PID:8060
- C:\Windows\System\nxJPFDY.exe
  C:\Windows\System\nxJPFDY.exe
  2⤵
  PID:5496
- C:\Windows\System\bsKdxzV.exe
  C:\Windows\System\bsKdxzV.exe
  2⤵
  PID:7112
- C:\Windows\System\PgJpBRV.exe
  C:\Windows\System\PgJpBRV.exe
  2⤵
  PID:2300
- C:\Windows\System\ClgDSfo.exe
  C:\Windows\System\ClgDSfo.exe
  2⤵
  PID:7272
- C:\Windows\System\AApljUD.exe
  C:\Windows\System\AApljUD.exe
  2⤵
  PID:7308
- C:\Windows\System\ZHUSFkN.exe
  C:\Windows\System\ZHUSFkN.exe
  2⤵
  PID:7512
- C:\Windows\System\WpKWuBF.exe
  C:\Windows\System\WpKWuBF.exe
  2⤵
  PID:2708
- C:\Windows\System\UCUTOrt.exe
  C:\Windows\System\UCUTOrt.exe
  2⤵
  PID:2988
- C:\Windows\System\GtfNLma.exe
  C:\Windows\System\GtfNLma.exe
  2⤵
  PID:2420
- C:\Windows\System\uWVyDzJ.exe
  C:\Windows\System\uWVyDzJ.exe
  2⤵
  PID:7568
- C:\Windows\System\OlRdpwS.exe
  C:\Windows\System\OlRdpwS.exe
  2⤵
  PID:2504
- C:\Windows\System\YuJNXKs.exe
  C:\Windows\System\YuJNXKs.exe
  2⤵
  PID:808
- C:\Windows\System\YlXorFU.exe
  C:\Windows\System\YlXorFU.exe
  2⤵
  PID:7532
- C:\Windows\System\XIsOKhL.exe
  C:\Windows\System\XIsOKhL.exe
  2⤵
  PID:7656
- C:\Windows\System\ejZqdSL.exe
  C:\Windows\System\ejZqdSL.exe
  2⤵
  PID:7628
- C:\Windows\System\FVWPVUT.exe
  C:\Windows\System\FVWPVUT.exe
  2⤵
  PID:7716
- C:\Windows\System\WIAUoEr.exe
  C:\Windows\System\WIAUoEr.exe
  2⤵
  PID:2736
- C:\Windows\System\mDCXuen.exe
  C:\Windows\System\mDCXuen.exe
  2⤵
  PID:7756
- C:\Windows\System\qHuCuVS.exe
  C:\Windows\System\qHuCuVS.exe
  2⤵
  PID:1016
- C:\Windows\System\ZriuAlC.exe
  C:\Windows\System\ZriuAlC.exe
  2⤵
  PID:8112
- C:\Windows\System\iWDSLtc.exe
  C:\Windows\System\iWDSLtc.exe
  2⤵
  PID:8056
- C:\Windows\System\xPGGVkk.exe
  C:\Windows\System\xPGGVkk.exe
  2⤵
  PID:3048
- C:\Windows\System\DjxHoMF.exe
  C:\Windows\System\DjxHoMF.exe
  2⤵
  PID:2296
- C:\Windows\System\fqOCfyp.exe
  C:\Windows\System\fqOCfyp.exe
  2⤵
  PID:1236
- C:\Windows\System\NdZRMfI.exe
  C:\Windows\System\NdZRMfI.exe
  2⤵
  PID:7252
- C:\Windows\System\bHOGHaH.exe
  C:\Windows\System\bHOGHaH.exe
  2⤵
  PID:2580
- C:\Windows\System\FGxBmGR.exe
  C:\Windows\System\FGxBmGR.exe
  2⤵
  PID:2364
- C:\Windows\System\LKOcqHs.exe
  C:\Windows\System\LKOcqHs.exe
  2⤵
  PID:7608
- C:\Windows\System\HKSXeNX.exe
  C:\Windows\System\HKSXeNX.exe
  2⤵
  PID:7060
- C:\Windows\System\xnOwTfj.exe
  C:\Windows\System\xnOwTfj.exe
  2⤵
  PID:3016
- C:\Windows\System\aLHgZjo.exe
  C:\Windows\System\aLHgZjo.exe
  2⤵
  PID:2316
- C:\Windows\System\TBTKRcY.exe
  C:\Windows\System\TBTKRcY.exe
  2⤵
  PID:7536
- C:\Windows\System\FoFsIuq.exe
  C:\Windows\System\FoFsIuq.exe
  2⤵
  PID:7676
- C:\Windows\System\OBXINvq.exe
  C:\Windows\System\OBXINvq.exe
  2⤵
  PID:2148
- C:\Windows\System\EQjkPxn.exe
  C:\Windows\System\EQjkPxn.exe
  2⤵
  PID:7228
- C:\Windows\System\VlvGCPZ.exe
  C:\Windows\System\VlvGCPZ.exe
  2⤵
  PID:2812
- C:\Windows\System\vNpGuQt.exe
  C:\Windows\System\vNpGuQt.exe
  2⤵
  PID:7792
- C:\Windows\System\vwgXlAq.exe
  C:\Windows\System\vwgXlAq.exe
  2⤵
  PID:7812
- C:\Windows\System\mpLMMRe.exe
  C:\Windows\System\mpLMMRe.exe
  2⤵
  PID:7988
- C:\Windows\System\FkrzFye.exe
  C:\Windows\System\FkrzFye.exe
  2⤵
  PID:7016
- C:\Windows\System\lKJLzPW.exe
  C:\Windows\System\lKJLzPW.exe
  2⤵
  PID:5356
- C:\Windows\System\duLrVaW.exe
  C:\Windows\System\duLrVaW.exe
  2⤵
  PID:1508
- C:\Windows\System\CCxGWea.exe
  C:\Windows\System\CCxGWea.exe
  2⤵
  PID:7796
- C:\Windows\System\RADxXrt.exe
  C:\Windows\System\RADxXrt.exe
  2⤵
  PID:7948
- C:\Windows\System\bCRCoGX.exe
  C:\Windows\System\bCRCoGX.exe
  2⤵
  PID:2652
- C:\Windows\System\NMSuOCy.exe
  C:\Windows\System\NMSuOCy.exe
  2⤵
  PID:7916
- C:\Windows\System\FmYiscQ.exe
  C:\Windows\System\FmYiscQ.exe
  2⤵
  PID:8160
- C:\Windows\System\dCUMzko.exe
  C:\Windows\System\dCUMzko.exe
  2⤵
  PID:6936
- C:\Windows\System\tmNxbkD.exe
  C:\Windows\System\tmNxbkD.exe
  2⤵
  PID:6596
- C:\Windows\System\jeWXsMg.exe
  C:\Windows\System\jeWXsMg.exe
  2⤵
  PID:7332
- C:\Windows\System\YQqKBwQ.exe
  C:\Windows\System\YQqKBwQ.exe
  2⤵
  PID:1556
- C:\Windows\System\ROBLLhU.exe
  C:\Windows\System\ROBLLhU.exe
  2⤵
  PID:8200
- C:\Windows\System\UspgkWW.exe
  C:\Windows\System\UspgkWW.exe
  2⤵
  PID:8216
- C:\Windows\System\iPLEouT.exe
  C:\Windows\System\iPLEouT.exe
  2⤵
  PID:8236
- C:\Windows\System\CoFAtTG.exe
  C:\Windows\System\CoFAtTG.exe
  2⤵
  PID:8252
- C:\Windows\System\IccTHne.exe
  C:\Windows\System\IccTHne.exe
  2⤵
  PID:8268
- C:\Windows\System\zHgQTzu.exe
  C:\Windows\System\zHgQTzu.exe
  2⤵
  PID:8284
- C:\Windows\System\lHyqvAz.exe
  C:\Windows\System\lHyqvAz.exe
  2⤵
  PID:8300
- C:\Windows\System\MUGQZTo.exe
  C:\Windows\System\MUGQZTo.exe
  2⤵
  PID:8328
- C:\Windows\System\vvyCvld.exe
  C:\Windows\System\vvyCvld.exe
  2⤵
  PID:8344
- C:\Windows\System\GQMtDpr.exe
  C:\Windows\System\GQMtDpr.exe
  2⤵
  PID:8360
- C:\Windows\System\pSrcYKu.exe
  C:\Windows\System\pSrcYKu.exe
  2⤵
  PID:8380
- C:\Windows\System\dMCewyW.exe
  C:\Windows\System\dMCewyW.exe
  2⤵
  PID:8400
- C:\Windows\System\VKczhBh.exe
  C:\Windows\System\VKczhBh.exe
  2⤵
  PID:8416
- C:\Windows\System\WhmoefP.exe
  C:\Windows\System\WhmoefP.exe
  2⤵
  PID:8432
- C:\Windows\System\GmIZFhK.exe
  C:\Windows\System\GmIZFhK.exe
  2⤵
  PID:8448
- C:\Windows\System\YqrXnsJ.exe
  C:\Windows\System\YqrXnsJ.exe
  2⤵
  PID:8464
- C:\Windows\System\egnauKI.exe
  C:\Windows\System\egnauKI.exe
  2⤵
  PID:8480
- C:\Windows\System\EkIjtce.exe
  C:\Windows\System\EkIjtce.exe
  2⤵
  PID:8500
- C:\Windows\System\fSWsPjL.exe
  C:\Windows\System\fSWsPjL.exe
  2⤵
  PID:8516
- C:\Windows\System\GncxSAg.exe
  C:\Windows\System\GncxSAg.exe
  2⤵
  PID:8532
- C:\Windows\System\ArPyqGD.exe
  C:\Windows\System\ArPyqGD.exe
  2⤵
  PID:8548
- C:\Windows\System\eErksaF.exe
  C:\Windows\System\eErksaF.exe
  2⤵
  PID:8564
- C:\Windows\System\AbfxlyX.exe
  C:\Windows\System\AbfxlyX.exe
  2⤵
  PID:8588
- C:\Windows\System\xezUBfM.exe
  C:\Windows\System\xezUBfM.exe
  2⤵
  PID:8604
- C:\Windows\System\OeuNHwT.exe
  C:\Windows\System\OeuNHwT.exe
  2⤵
  PID:8624
- C:\Windows\System\XJivbkI.exe
  C:\Windows\System\XJivbkI.exe
  2⤵
  PID:8640
- C:\Windows\System\RllMTog.exe
  C:\Windows\System\RllMTog.exe
  2⤵
  PID:8660
- C:\Windows\System\BjvCoVo.exe
  C:\Windows\System\BjvCoVo.exe
  2⤵
  PID:8676
- C:\Windows\System\WvJysza.exe
  C:\Windows\System\WvJysza.exe
  2⤵
  PID:8696
- C:\Windows\System\ctxYmpQ.exe
  C:\Windows\System\ctxYmpQ.exe
  2⤵
  PID:8712
- C:\Windows\System\oVyJQaV.exe
  C:\Windows\System\oVyJQaV.exe
  2⤵
  PID:8728
- C:\Windows\System\cpWUvDr.exe
  C:\Windows\System\cpWUvDr.exe
  2⤵
  PID:8744
- C:\Windows\System\lpxuVfl.exe
  C:\Windows\System\lpxuVfl.exe
  2⤵
  PID:8760
- C:\Windows\System\qbpYIoQ.exe
  C:\Windows\System\qbpYIoQ.exe
  2⤵
  PID:8776
- C:\Windows\System\tblCIpk.exe
  C:\Windows\System\tblCIpk.exe
  2⤵
  PID:8792
- C:\Windows\System\xEmeAbG.exe
  C:\Windows\System\xEmeAbG.exe
  2⤵
  PID:8808
- C:\Windows\System\LWodWFZ.exe
  C:\Windows\System\LWodWFZ.exe
  2⤵
  PID:8824
- C:\Windows\System\SMNxgAZ.exe
  C:\Windows\System\SMNxgAZ.exe
  2⤵
  PID:8840
- C:\Windows\System\oHZubNt.exe
  C:\Windows\System\oHZubNt.exe
  2⤵
  PID:8860
- C:\Windows\System\aDvVtyh.exe
  C:\Windows\System\aDvVtyh.exe
  2⤵
  PID:8876
- C:\Windows\System\ZqwCglX.exe
  C:\Windows\System\ZqwCglX.exe
  2⤵
  PID:8892
- C:\Windows\System\diTollv.exe
  C:\Windows\System\diTollv.exe
  2⤵
  PID:8916
- C:\Windows\System\YQrEvby.exe
  C:\Windows\System\YQrEvby.exe
  2⤵
  PID:8932
- C:\Windows\System\UWCNptB.exe
  C:\Windows\System\UWCNptB.exe
  2⤵
  PID:8948
- C:\Windows\System\yUmiFrC.exe
  C:\Windows\System\yUmiFrC.exe
  2⤵
  PID:8964
- C:\Windows\System\rpcUNSI.exe
  C:\Windows\System\rpcUNSI.exe
  2⤵
  PID:8980
- C:\Windows\System\SWXpYNG.exe
  C:\Windows\System\SWXpYNG.exe
  2⤵
  PID:8996
- C:\Windows\System\cKEdtNb.exe
  C:\Windows\System\cKEdtNb.exe
  2⤵
  PID:9012
- C:\Windows\System\yFaVOod.exe
  C:\Windows\System\yFaVOod.exe
  2⤵
  PID:9040
- C:\Windows\System\mlgkUnt.exe
  C:\Windows\System\mlgkUnt.exe
  2⤵
  PID:9056
- C:\Windows\System\rHmIONP.exe
  C:\Windows\System\rHmIONP.exe
  2⤵
  PID:9084
- C:\Windows\System\THXRXhs.exe
  C:\Windows\System\THXRXhs.exe
  2⤵
  PID:9100
- C:\Windows\System\rZxEwKV.exe
  C:\Windows\System\rZxEwKV.exe
  2⤵
  PID:9116
- C:\Windows\System\VLivuDr.exe
  C:\Windows\System\VLivuDr.exe
  2⤵
  PID:9132
- C:\Windows\System\WEppnbV.exe
  C:\Windows\System\WEppnbV.exe
  2⤵
  PID:9148
- C:\Windows\System\NhAqfdu.exe
  C:\Windows\System\NhAqfdu.exe
  2⤵
  PID:9164
- C:\Windows\System\tTOrFFP.exe
  C:\Windows\System\tTOrFFP.exe
  2⤵
  PID:9180
- C:\Windows\System\jNiOGtC.exe
  C:\Windows\System\jNiOGtC.exe
  2⤵
  PID:9196
- C:\Windows\System\HPkFgFO.exe
  C:\Windows\System\HPkFgFO.exe
  2⤵
  PID:9212
- C:\Windows\System\sGeLLBW.exe
  C:\Windows\System\sGeLLBW.exe
  2⤵
  PID:8224
- C:\Windows\System\DbRkAGm.exe
  C:\Windows\System\DbRkAGm.exe
  2⤵
  PID:8232
- C:\Windows\System\RMVwoOc.exe
  C:\Windows\System\RMVwoOc.exe
  2⤵
  PID:3020
- C:\Windows\System\vAAbJwN.exe
  C:\Windows\System\vAAbJwN.exe
  2⤵
  PID:8260
- C:\Windows\System\NGdPpMp.exe
  C:\Windows\System\NGdPpMp.exe
  2⤵
  PID:8312
- C:\Windows\System\MGQetDo.exe
  C:\Windows\System\MGQetDo.exe
  2⤵
  PID:8248
- C:\Windows\System\YrLVmrX.exe
  C:\Windows\System\YrLVmrX.exe
  2⤵
  PID:2440
- C:\Windows\System\xApznpQ.exe
  C:\Windows\System\xApznpQ.exe
  2⤵
  PID:8428
- C:\Windows\System\yQMJgaS.exe
  C:\Windows\System\yQMJgaS.exe
  2⤵
  PID:8316
- C:\Windows\System\zJRNJLq.exe
  C:\Windows\System\zJRNJLq.exe
  2⤵
  PID:8340
- C:\Windows\System\RgUBpoh.exe
  C:\Windows\System\RgUBpoh.exe
  2⤵
  PID:8376
- C:\Windows\System\xZxSTiG.exe
  C:\Windows\System\xZxSTiG.exe
  2⤵
  PID:1952
- C:\Windows\System\pzpdOuy.exe
  C:\Windows\System\pzpdOuy.exe
  2⤵
  PID:8544
- C:\Windows\System\zvWdMIX.exe
  C:\Windows\System\zvWdMIX.exe
  2⤵
  PID:8524
- C:\Windows\System\SveUQpH.exe
  C:\Windows\System\SveUQpH.exe
  2⤵
  PID:8596
- C:\Windows\System\QypdyNj.exe
  C:\Windows\System\QypdyNj.exe
  2⤵
  PID:8668
- C:\Windows\System\PVxzNHU.exe
  C:\Windows\System\PVxzNHU.exe
  2⤵
  PID:8708
- C:\Windows\System\EXxbSvR.exe
  C:\Windows\System\EXxbSvR.exe
  2⤵
  PID:8800
- C:\Windows\System\LakXylK.exe
  C:\Windows\System\LakXylK.exe
  2⤵
  PID:8868
- C:\Windows\System\kfutCId.exe
  C:\Windows\System\kfutCId.exe
  2⤵
  PID:8912
- C:\Windows\System\rxuWxRt.exe
  C:\Windows\System\rxuWxRt.exe
  2⤵
  PID:8976
- C:\Windows\System\KxdcmxR.exe
  C:\Windows\System\KxdcmxR.exe
  2⤵
  PID:8960
- C:\Windows\System\blndUGy.exe
  C:\Windows\System\blndUGy.exe
  2⤵
  PID:8584
- C:\Windows\System\TmHfUdE.exe
  C:\Windows\System\TmHfUdE.exe
  2⤵
  PID:8652
- C:\Windows\System\xwRnrwx.exe
  C:\Windows\System\xwRnrwx.exe
  2⤵
  PID:8692
- C:\Windows\System\GdxeRUq.exe
  C:\Windows\System\GdxeRUq.exe
  2⤵
  PID:8784
- C:\Windows\System\XnRQQBZ.exe
  C:\Windows\System\XnRQQBZ.exe
  2⤵
  PID:8820
- C:\Windows\System\YytwUZU.exe
  C:\Windows\System\YytwUZU.exe
  2⤵
  PID:8884
- C:\Windows\System\KDokspC.exe
  C:\Windows\System\KDokspC.exe
  2⤵
  PID:8956
- C:\Windows\System\XsPhtWQ.exe
  C:\Windows\System\XsPhtWQ.exe
  2⤵
  PID:8572
- C:\Windows\System\YrNRgIJ.exe
  C:\Windows\System\YrNRgIJ.exe
  2⤵
  PID:9064
- C:\Windows\System\bacQruq.exe
  C:\Windows\System\bacQruq.exe
  2⤵
  PID:9076
- C:\Windows\System\IFJbnYb.exe
  C:\Windows\System\IFJbnYb.exe
  2⤵
  PID:9204
- C:\Windows\System\AinancC.exe
  C:\Windows\System\AinancC.exe
  2⤵
  PID:8280
- C:\Windows\System\jfcpbJy.exe
  C:\Windows\System\jfcpbJy.exe
  2⤵
  PID:8412
- C:\Windows\System\xmGqXyA.exe
  C:\Windows\System\xmGqXyA.exe
  2⤵
  PID:8636
- C:\Windows\System\nfkcMcw.exe
  C:\Windows\System\nfkcMcw.exe
  2⤵
  PID:9160
- C:\Windows\System\EvhZbTS.exe
  C:\Windows\System\EvhZbTS.exe
  2⤵
  PID:9096
- C:\Windows\System\ebnQSQu.exe
  C:\Windows\System\ebnQSQu.exe
  2⤵
  PID:8292
- C:\Windows\System\DsysVtB.exe
  C:\Windows\System\DsysVtB.exe
  2⤵
  PID:9192
- C:\Windows\System\FIrJdym.exe
  C:\Windows\System\FIrJdym.exe
  2⤵
  PID:8356
- C:\Windows\System\FnBSTCs.exe
  C:\Windows\System\FnBSTCs.exe
  2⤵
  PID:8368
- C:\Windows\System\xXCCgPz.exe
  C:\Windows\System\xXCCgPz.exe
  2⤵
  PID:8528
- C:\Windows\System\HycmotR.exe
  C:\Windows\System\HycmotR.exe
  2⤵
  PID:8836
- C:\Windows\System\XsUbQAC.exe
  C:\Windows\System\XsUbQAC.exe
  2⤵
  PID:8616
- C:\Windows\System\OFvbfJx.exe
  C:\Windows\System\OFvbfJx.exe
  2⤵
  PID:8856
- C:\Windows\System\OoTsUeZ.exe
  C:\Windows\System\OoTsUeZ.exe
  2⤵
  PID:8688
- C:\Windows\System\MmppPqh.exe
  C:\Windows\System\MmppPqh.exe
  2⤵
  PID:8684
- C:\Windows\System\qsleqFz.exe
  C:\Windows\System\qsleqFz.exe
  2⤵
  PID:9072
- C:\Windows\System\lvcDHtw.exe
  C:\Windows\System\lvcDHtw.exe
  2⤵
  PID:9140
- C:\Windows\System\GmytRyD.exe
  C:\Windows\System\GmytRyD.exe
  2⤵
  PID:9112
- C:\Windows\System\iifrboB.exe
  C:\Windows\System\iifrboB.exe
  2⤵
  PID:8632
- C:\Windows\System\NOWDCIj.exe
  C:\Windows\System\NOWDCIj.exe
  2⤵
  PID:8508
- C:\Windows\System\tIInbeo.exe
  C:\Windows\System\tIInbeo.exe
  2⤵
  PID:8704
- C:\Windows\System\VAzBgjP.exe
  C:\Windows\System\VAzBgjP.exe
  2⤵
  PID:8460
- C:\Windows\System\dHOWHIt.exe
  C:\Windows\System\dHOWHIt.exe
  2⤵
  PID:8576
- C:\Windows\System\cfqFKZY.exe
  C:\Windows\System\cfqFKZY.exe
  2⤵
  PID:8196
- C:\Windows\System\rLKzbZD.exe
  C:\Windows\System\rLKzbZD.exe
  2⤵
  PID:9048
- C:\Windows\System\HxJwPVV.exe
  C:\Windows\System\HxJwPVV.exe
  2⤵
  PID:8816
- C:\Windows\System\awgQnBj.exe
  C:\Windows\System\awgQnBj.exe
  2⤵
  PID:9020
- C:\Windows\System\WRWjzOO.exe
  C:\Windows\System\WRWjzOO.exe
  2⤵
  PID:8244
- C:\Windows\System\HtgchDQ.exe
  C:\Windows\System\HtgchDQ.exe
  2⤵
  PID:9128
- C:\Windows\System\SqmXyZW.exe
  C:\Windows\System\SqmXyZW.exe
  2⤵
  PID:7648
- C:\Windows\System\SjwWieB.exe
  C:\Windows\System\SjwWieB.exe
  2⤵
  PID:8772
- C:\Windows\System\emMHEKP.exe
  C:\Windows\System\emMHEKP.exe
  2⤵
  PID:9036
- C:\Windows\System\CJctJmY.exe
  C:\Windows\System\CJctJmY.exe
  2⤵
  PID:8512
- C:\Windows\System\SujUlLu.exe
  C:\Windows\System\SujUlLu.exe
  2⤵
  PID:9124
- C:\Windows\System\GcmqbQj.exe
  C:\Windows\System\GcmqbQj.exe
  2⤵
  PID:8176
- C:\Windows\System\SAKqdqF.exe
  C:\Windows\System\SAKqdqF.exe
  2⤵
  PID:8560
- C:\Windows\System\fMopzIa.exe
  C:\Windows\System\fMopzIa.exe
  2⤵
  PID:8472
- C:\Windows\System\bPpOJBG.exe
  C:\Windows\System\bPpOJBG.exe
  2⤵
  PID:8928
- C:\Windows\System\ulCjgec.exe
  C:\Windows\System\ulCjgec.exe
  2⤵
  PID:9232
- C:\Windows\System\kHghAhV.exe
  C:\Windows\System\kHghAhV.exe
  2⤵
  PID:9248
- C:\Windows\System\bSMUlJd.exe
  C:\Windows\System\bSMUlJd.exe
  2⤵
  PID:9264
- C:\Windows\System\Qersufx.exe
  C:\Windows\System\Qersufx.exe
  2⤵
  PID:9280
- C:\Windows\System\cdUCEMX.exe
  C:\Windows\System\cdUCEMX.exe
  2⤵
  PID:9296
- C:\Windows\System\kffMWMg.exe
  C:\Windows\System\kffMWMg.exe
  2⤵
  PID:9324
- C:\Windows\System\lRjYKME.exe
  C:\Windows\System\lRjYKME.exe
  2⤵
  PID:9392
- C:\Windows\System\BxdeBXA.exe
  C:\Windows\System\BxdeBXA.exe
  2⤵
  PID:9408
- C:\Windows\System\NWdvDHE.exe
  C:\Windows\System\NWdvDHE.exe
  2⤵
  PID:9428
- C:\Windows\System\goQcqMD.exe
  C:\Windows\System\goQcqMD.exe
  2⤵
  PID:9444
- C:\Windows\System\oMzGqAZ.exe
  C:\Windows\System\oMzGqAZ.exe
  2⤵
  PID:9460
- C:\Windows\System\tbtHJZh.exe
  C:\Windows\System\tbtHJZh.exe
  2⤵
  PID:9476
- C:\Windows\System\MucgkfW.exe
  C:\Windows\System\MucgkfW.exe
  2⤵
  PID:9492
- C:\Windows\System\mcEMKxN.exe
  C:\Windows\System\mcEMKxN.exe
  2⤵
  PID:9508
- C:\Windows\System\hKgOUJF.exe
  C:\Windows\System\hKgOUJF.exe
  2⤵
  PID:9524
- C:\Windows\System\FKqSELZ.exe
  C:\Windows\System\FKqSELZ.exe
  2⤵
  PID:9540
- C:\Windows\System\HuqVwqS.exe
  C:\Windows\System\HuqVwqS.exe
  2⤵
  PID:9556
- C:\Windows\System\MMquhYE.exe
  C:\Windows\System\MMquhYE.exe
  2⤵
  PID:9572
- C:\Windows\System\oAFUyoF.exe
  C:\Windows\System\oAFUyoF.exe
  2⤵
  PID:9588
- C:\Windows\System\VrKmPjg.exe
  C:\Windows\System\VrKmPjg.exe
  2⤵
  PID:9604
- C:\Windows\System\knMGQBn.exe
  C:\Windows\System\knMGQBn.exe
  2⤵
  PID:9620
- C:\Windows\System\LBOzSyo.exe
  C:\Windows\System\LBOzSyo.exe
  2⤵
  PID:9636
- C:\Windows\System\nlLEXBP.exe
  C:\Windows\System\nlLEXBP.exe
  2⤵
  PID:9652
- C:\Windows\System\VfXHKkF.exe
  C:\Windows\System\VfXHKkF.exe
  2⤵
  PID:9668
- C:\Windows\System\XkNqNzv.exe
  C:\Windows\System\XkNqNzv.exe
  2⤵
  PID:9684
- C:\Windows\System\qaPGcnJ.exe
  C:\Windows\System\qaPGcnJ.exe
  2⤵
  PID:9700
- C:\Windows\System\HuLclIu.exe
  C:\Windows\System\HuLclIu.exe
  2⤵
  PID:9716
- C:\Windows\System\vJpUbzA.exe
  C:\Windows\System\vJpUbzA.exe
  2⤵
  PID:9732
- C:\Windows\System\muGfwqm.exe
  C:\Windows\System\muGfwqm.exe
  2⤵
  PID:9748
- C:\Windows\System\zNkaPYh.exe
  C:\Windows\System\zNkaPYh.exe
  2⤵
  PID:9764
- C:\Windows\System\GzQjSni.exe
  C:\Windows\System\GzQjSni.exe
  2⤵
  PID:9784
- C:\Windows\System\hJZZmAD.exe
  C:\Windows\System\hJZZmAD.exe
  2⤵
  PID:9800
- C:\Windows\System\GVdobPC.exe
  C:\Windows\System\GVdobPC.exe
  2⤵
  PID:9816
- C:\Windows\System\VGdzMRk.exe
  C:\Windows\System\VGdzMRk.exe
  2⤵
  PID:9832
- C:\Windows\System\HRLgMWE.exe
  C:\Windows\System\HRLgMWE.exe
  2⤵
  PID:9848
- C:\Windows\System\sIeFXGU.exe
  C:\Windows\System\sIeFXGU.exe
  2⤵
  PID:9864
- C:\Windows\System\angtVZg.exe
  C:\Windows\System\angtVZg.exe
  2⤵
  PID:9880
- C:\Windows\System\KayfqWu.exe
  C:\Windows\System\KayfqWu.exe
  2⤵
  PID:9896
- C:\Windows\System\OXGgwtt.exe
  C:\Windows\System\OXGgwtt.exe
  2⤵
  PID:9912
- C:\Windows\System\uCsQIPe.exe
  C:\Windows\System\uCsQIPe.exe
  2⤵
  PID:9928
- C:\Windows\System\JIekJkl.exe
  C:\Windows\System\JIekJkl.exe
  2⤵
  PID:9944
- C:\Windows\System\usEbIxU.exe
  C:\Windows\System\usEbIxU.exe
  2⤵
  PID:9960
- C:\Windows\System\yTvXVGK.exe
  C:\Windows\System\yTvXVGK.exe
  2⤵
  PID:9976
- C:\Windows\System\TbixcLe.exe
  C:\Windows\System\TbixcLe.exe
  2⤵
  PID:9992
- C:\Windows\System\UAPMcYN.exe
  C:\Windows\System\UAPMcYN.exe
  2⤵
  PID:10008
- C:\Windows\System\vtzbDZz.exe
  C:\Windows\System\vtzbDZz.exe
  2⤵
  PID:10024
- C:\Windows\System\UOjdCAB.exe
  C:\Windows\System\UOjdCAB.exe
  2⤵
  PID:10040
- C:\Windows\System\uianlLi.exe
  C:\Windows\System\uianlLi.exe
  2⤵
  PID:10056
- C:\Windows\System\IkTCnef.exe
  C:\Windows\System\IkTCnef.exe
  2⤵
  PID:10072
- C:\Windows\System\wqyZHBW.exe
  C:\Windows\System\wqyZHBW.exe
  2⤵
  PID:10088
- C:\Windows\System\outwEqi.exe
  C:\Windows\System\outwEqi.exe
  2⤵
  PID:10104
- C:\Windows\System\iDeCDyX.exe
  C:\Windows\System\iDeCDyX.exe
  2⤵
  PID:10124
- C:\Windows\System\KTCeQrD.exe
  C:\Windows\System\KTCeQrD.exe
  2⤵
  PID:10140
- C:\Windows\System\BJOibiS.exe
  C:\Windows\System\BJOibiS.exe
  2⤵
  PID:10156
- C:\Windows\System\NZrBmOO.exe
  C:\Windows\System\NZrBmOO.exe
  2⤵
  PID:10172
- C:\Windows\System\VGzzuFZ.exe
  C:\Windows\System\VGzzuFZ.exe
  2⤵
  PID:10188
- C:\Windows\System\DDnYSaE.exe
  C:\Windows\System\DDnYSaE.exe
  2⤵
  PID:10208
- C:\Windows\System\YMWuxAx.exe
  C:\Windows\System\YMWuxAx.exe
  2⤵
  PID:10224
- C:\Windows\System\JblDkBW.exe
  C:\Windows\System\JblDkBW.exe
  2⤵
  PID:9224
- C:\Windows\System\hFvFhLY.exe
  C:\Windows\System\hFvFhLY.exe
  2⤵
  PID:8752
- C:\Windows\System\kXAhyRU.exe
  C:\Windows\System\kXAhyRU.exe
  2⤵
  PID:9272
- C:\Windows\System\ozGPVbS.exe
  C:\Windows\System\ozGPVbS.exe
  2⤵
  PID:9292
- C:\Windows\System\gWvQzny.exe
  C:\Windows\System\gWvQzny.exe
  2⤵
  PID:9316
- C:\Windows\System\yHXSdzM.exe
  C:\Windows\System\yHXSdzM.exe
  2⤵
  PID:9436
- C:\Windows\System\vmsdhBF.exe
  C:\Windows\System\vmsdhBF.exe
  2⤵
  PID:9336
- C:\Windows\System\SJXlNZC.exe
  C:\Windows\System\SJXlNZC.exe
  2⤵
  PID:9532
- C:\Windows\System\lIehenh.exe
  C:\Windows\System\lIehenh.exe
  2⤵
  PID:9568
- C:\Windows\System\sEcMuAF.exe
  C:\Windows\System\sEcMuAF.exe
  2⤵
  PID:9632
- C:\Windows\System\GIIdHGj.exe
  C:\Windows\System\GIIdHGj.exe
  2⤵
  PID:9380
- C:\Windows\System\TfOkGlS.exe
  C:\Windows\System\TfOkGlS.exe
  2⤵
  PID:9708
- C:\Windows\System\PmEvxcT.exe
  C:\Windows\System\PmEvxcT.exe
  2⤵
  PID:9692
- C:\Windows\System\LCMIQQL.exe
  C:\Windows\System\LCMIQQL.exe
  2⤵
  PID:9724
- C:\Windows\System\myqqPku.exe
  C:\Windows\System\myqqPku.exe
  2⤵
  PID:9872
- C:\Windows\System\AJngZeF.exe
  C:\Windows\System\AJngZeF.exe
  2⤵
  PID:9908
- C:\Windows\System\BbvepAd.exe
  C:\Windows\System\BbvepAd.exe
  2⤵
  PID:9352
- C:\Windows\System\QBUNQEs.exe
  C:\Windows\System\QBUNQEs.exe
  2⤵
  PID:9904
- C:\Windows\System\UwWWDPV.exe
  C:\Windows\System\UwWWDPV.exe
  2⤵
  PID:9388
- C:\Windows\System\fBQqhol.exe
  C:\Windows\System\fBQqhol.exe
  2⤵
  PID:9484
- C:\Windows\System\kNmjzCj.exe
  C:\Windows\System\kNmjzCj.exe
  2⤵
  PID:9580
- C:\Windows\System\KtBzBCi.exe
  C:\Windows\System\KtBzBCi.exe
  2⤵
  PID:9924
- C:\Windows\System\lfzjkJs.exe
  C:\Windows\System\lfzjkJs.exe
  2⤵
  PID:9860
- C:\Windows\System\JiUfsNm.exe
  C:\Windows\System\JiUfsNm.exe
  2⤵
  PID:9584
- C:\Windows\System\bTnMDvo.exe
  C:\Windows\System\bTnMDvo.exe
  2⤵
  PID:10016
- C:\Windows\System\YIkdhPU.exe
  C:\Windows\System\YIkdhPU.exe
  2⤵
  PID:9940
- C:\Windows\System\rYugSWI.exe
  C:\Windows\System\rYugSWI.exe
  2⤵
  PID:10004
- C:\Windows\System\WYDuPaK.exe
  C:\Windows\System\WYDuPaK.exe
  2⤵
  PID:10068
- C:\Windows\System\CQUmGQN.exe
  C:\Windows\System\CQUmGQN.exe
  2⤵
  PID:10132
- C:\Windows\System\BWSBWVz.exe
  C:\Windows\System\BWSBWVz.exe
  2⤵
  PID:10048
- C:\Windows\System\QvhpsSR.exe
  C:\Windows\System\QvhpsSR.exe
  2⤵
  PID:10116
- C:\Windows\System\PJBiaEc.exe
  C:\Windows\System\PJBiaEc.exe
  2⤵
  PID:10164
- C:\Windows\System\YHJLWjm.exe
  C:\Windows\System\YHJLWjm.exe
  2⤵
  PID:10184
- C:\Windows\System\EkFYqMm.exe
  C:\Windows\System\EkFYqMm.exe
  2⤵
  PID:10200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EDlgZog.exe

Filesize
6.0MB

MD5
d5329e97b6032777583a4bb6c52d53fc

SHA1
36a68c5a632c6e9fe86f3cb9a988bad9d1e3cb3c

SHA256
32d3d1e26957dcc11e84ece83e21a7c1afef39a923adfc9f9fac761349007d05

SHA512
578d5eb80bab65b94a2091dfde8448629d06b333091d56283455c894c751fae1dc9d0c056160d5bcdae7f22f915469e85ebc2af9f664f55abf712b4831186629

Download Submit
C:\Windows\system\EXkIPTC.exe

Filesize
6.0MB

MD5
d6fc686e8f0f867543f8565ca18bbd25

SHA1
8ee84d72a061c04c35a91726fee97801eac5766d

SHA256
5c131c77bc4d7dc22822a027e0912aad058edca29509f6a2448b59fdb984e35e

SHA512
919e205f57392b1db4a92d31f2ef697b7a429675e2679f363b5efc592bb8928eb10388c452a0d5e743e2c92c1d53582285808905d0cbfb175dcf591d1a9b5fb2

Download Submit
C:\Windows\system\FDkMnpw.exe

Filesize
6.0MB

MD5
fe452638692c35d97051c6e186fd5d62

SHA1
17f24849243745384b293e0c958b6233e8e0003b

SHA256
330818bc7746c6accba6781456c535e97e66369ea7963edf221df72a700b4484

SHA512
8a0117c88e1497e58bb9fa5572fec2c5c8a23597a004278d589d69b40499ae3aee0785e6aefd6ef288c998e69eb99ca112fb95ca98970d38c3eba7835fae83f2

Download Submit
C:\Windows\system\GqjoGmn.exe

Filesize
6.0MB

MD5
b81826c5b88f32a8c7f6ed2ded6e82cc

SHA1
780217d68816dccd9ac78b4715096001c6239609

SHA256
7d2df1e486923e7d2d9ec26765281a106a70e0fb189b0f8333a8c509cf3c104f

SHA512
84b67335de040d7acf1347ffa3a597a4f8d30aeb3b2809e7c176523c5b118c03cee12936ced1b83b56976bed5eb73ad209c17391cc4ce9a5712c7b6006219b71

Download Submit
C:\Windows\system\HImCcqY.exe

Filesize
6.0MB

MD5
de3bc33f7ee923e39ec08e5fe03dbcb5

SHA1
c5f096dab85851b31bc662455df4e40c08aa506b

SHA256
833260a7d97a44719ff6f8ee5420617040b75088e0be92283a6263982af8ff82

SHA512
120e313a6d695208b08d05a4727abbcb4204989f834708463860d9be68881846ac3e0c48e84eeac6a305c95a729743ce64d25aca6340455682c100570b2dcb9b

Download Submit
C:\Windows\system\IREGxha.exe

Filesize
6.0MB

MD5
d0c6aa40d7e1e79141100b8c9a865868

SHA1
db596a60ced50fe67b683b3cb7dfcf96cdf919be

SHA256
ddff817d934a428a53860ccf7be13052121bbd4995f4f2a08e2c2cec90eb9553

SHA512
0004cc98397eb2d9abdf08d1b5854bf3fcd7f2e80074d936eb79d514030ddbe6237372874e5fc0edc15a81e1f50dd8c22ebd609f5902f8601a346d0c83d8d0fd

Download Submit
C:\Windows\system\LAWtEgf.exe

Filesize
6.0MB

MD5
ee2951a4a94a668255c9b7e6ebf7633a

SHA1
5307e525307fbdbb435edc148d0cbf68324e6bde

SHA256
347253ed16870a99ea9ff3ba2b3a907af32b248d02987785d202dfcf7d85e802

SHA512
08e481600160752021ffcd4b26ae850746cd7b35f211887df021830bcc612f4519dca36a15de866ab07f769dbe6bfd5d8a95220689cbf88dc439fb73d48a992d

Download Submit
C:\Windows\system\LxmGUEK.exe

Filesize
6.0MB

MD5
a02d696bf4b273d8c0b8c5b6c079b37e

SHA1
1a73bff2a6a81f6e0063a8104c7638af552857a2

SHA256
2539cb7a1501b5f30563f321584d57fdf95202bf97d93e7a43381709c1d0f3b9

SHA512
fa13cf46140a3478c616a3751c26ab8b92103e4f7a8ec3680db93e17b28f93fb7243cf8e6da9b69b475455736d76122ddbd009e80a955410dfb5d5a3d731b3e5

Download Submit
C:\Windows\system\QkPAoeU.exe

Filesize
6.0MB

MD5
294dc20454f948cba73b1680a0e0a686

SHA1
cb4137948fa58f3de1cacf3f3836f5ba04be0425

SHA256
6f2192e1dd3e4f6e5613ad9ac4e427d0c2cf42889131873aca5a966349b4fb11

SHA512
33ff6124441559422ecfcbc7b37d2712c5e462999d40a65248f1acc37396f3a14523de08bd5b29a0a43bf8706786573b92b0ee65a3083e2a6163613118977d22

Download Submit
C:\Windows\system\QxpwfQf.exe

Filesize
6.0MB

MD5
d45dd1786aa9ca57c4fe8666ac0fcbde

SHA1
62802d66220592d0a74c028e6b605e84851b94be

SHA256
5ad5f97ed8ba6c2a33f152d7ca46626bcca8803e85c233ffef5534c821b933d1

SHA512
abf9f2d83fa83c5a295d54bab1a98eb000e3eb3c3ef62da00e8606e6382d8ff0e7dff48b54d45bec748d6a55d651c02c09ae8d8d52213f61fedc072ced7b3db1

Download Submit
C:\Windows\system\ShPfBVD.exe

Filesize
6.0MB

MD5
5a2404ec94516608b0502286a4416dda

SHA1
e041464176f4d0806ed66cee572aa4300ce0963d

SHA256
e91066b9f822c17362f86eaac99a0f84f807e5839872ba8ee0232e7e1b4a3235

SHA512
c0f2c2ef3e003d7b92f834fe0d2b4020a7eaa2fb451a326ad8bd2f34ca945e951ce87c59bcf46781620c5aebbfdc709b4b8aa95e22543d2f41afa9403aa82ed8

Download Submit
C:\Windows\system\TLHwrZH.exe

Filesize
6.0MB

MD5
763d53f0f5e2ce587598c935f9a39171

SHA1
7df144d64bc7bbcd9140ee81e0989a4fd395f0c2

SHA256
4360f9fc622e2735ad1484cacba37a69fcd7f3172a6483e0e16e43d8043dc6af

SHA512
30f975c295d4419942cdd8234bc370c51864f09f59003a683150898cb740cc8b30ffefaee97cfc2b2fe34adf7af6d106ad2e95fe07fd253438eb0ac00c0b967c

Download Submit
C:\Windows\system\WwxQVnh.exe

Filesize
6.0MB

MD5
072773b0a34a6affd1e4120e945968fd

SHA1
e0baf3a713794b807682eecc140c3933ddcfe681

SHA256
2093e4f1b2c1f32de32063609185d7292cf357f5f41231aa9e57969d9db7c2c2

SHA512
5d9094877b37e1a63d2fcde9fd36ded2c9d9f5f7e7a37d04a20c9467467db62f0670323b8f959b30f07410b6cdbc7a6ffd1e64db52479a8d9b66f56a236652a2

Download Submit
C:\Windows\system\XrshvFU.exe

Filesize
6.0MB

MD5
f14c8d8594298d3acef8f8e6c5fc2d7d

SHA1
6c6d1049dc1afa4dcc6e2c3edac4b9bbf4f0129b

SHA256
20636998f54ddbde9a2e4181fea12019c1681c14b6eca3911d4d8abb9f3e396f

SHA512
cdbc9662ad7e20a52c64e0b5798e8707effea353eb9363baf00b732c872e3c0b388f4df8d4a6d1403d5355977aa9508e4b2a50dfaeaf49b5e145b859f66368fd

Download Submit
C:\Windows\system\YmZIRMf.exe

Filesize
6.0MB

MD5
7e1ab4c2202533dadc28d36d7488837f

SHA1
9b8c9f708694d625a6164c9189fe398f8f3dab7b

SHA256
b56a8d0ac1cf90ed7ac6ff1761c8e1d0e475717fa9b37b8d0620f624e95f087d

SHA512
18ec70a1dc666b1b645c4d5172916b96327432a8af082a961dd5d1a5286189f8c5d472f9af6e20433c870233e9ee2efa1650c5bd7b817ee25d7106855a3e0207

Download Submit
C:\Windows\system\aJDrwUv.exe

Filesize
6.0MB

MD5
669d3064623804d5c8b43d8cf70ed0b8

SHA1
9e688d704c739ee2b4cd7dd793327b926d10f6af

SHA256
4444ee9a307de9a4a66dc6d0537201cbbad4f5a8a0c8e42d3f73ec99a4bc79d2

SHA512
4172a3da9723bea4bbb377c8fd9fe2145a78af7912111e242f71c0715a46b5bc9730449945cd5e2dc6edf2c2e070520b882736802f3f3d81313a37610e6529f6

Download Submit
C:\Windows\system\aeneLLo.exe

Filesize
6.0MB

MD5
845641c61dc27a824ebfb92ae6ec3ff7

SHA1
f4ba49940b894a114e75bf4bb843bfadeb545858

SHA256
bd95ea50b828cfba04e05cd0eebd8bc51958b1ec975d18c227337baf48f50676

SHA512
eeb3e4e58ba71ad0f33ab6dec9ef93c068088de527696c5ce2f46245b657b658fd3616f191d700ad696ee92c1c1bfbeb1d57ae5ef6c53a8aa097789c56d9bf1b

Download Submit
C:\Windows\system\dGedKtQ.exe

Filesize
6.0MB

MD5
5e2d48175f764d7d763b5ee8b35728a5

SHA1
720b6ab10aded38dfc078e31342d5983131cfe0d

SHA256
00f7a32d3aca28dc4ee74a45d95b2f45b5a3cc18ae2ea3a4d78a2585f98aa840

SHA512
624a4d738e19db6b18932d6edbb8ac2e37d84dc4f3b1035f6a987914eb913fe61e8ec2d4dc33d0392288198f699d2029421c92fa9c424781d791547267ae6cc1

Download Submit
C:\Windows\system\ezYaCkT.exe

Filesize
6.0MB

MD5
0239371a77bd8ea673b16e8124a72821

SHA1
5a6029f368dfd3a0a77124e58db4df38b0593ff1

SHA256
72a2c5720494ffaee6057e75dd14a662bddb19fd5b09f09b4f0f5e8d569d9386

SHA512
bae231766b07e311af03ca72101e49084e27e4a694c3bdeec436e0f7d8e8bb2310c7a41ebc2b43ecfc7a4cdcf0f63ac2d06c9bf29e3a4af2306fd4a0ffb27ef7

Download Submit
C:\Windows\system\hjaKZWf.exe

Filesize
6.0MB

MD5
0c339361a9325cbe029dbcc987e04084

SHA1
88e922a5248b0b660c27a5275ec6aed6d9988da8

SHA256
2b7546e7b02d00fbd8e5eb63ddb1a40185e85adf436d92ddbdd8eb1e0dab0298

SHA512
a452a291d5145db29cfe34abf629c549f3bce9e2d9714a4d20dea4a0845fc6dc0af045004986e41f1d0b5d1ed3ed56c919c7a7a2cb000cdad8c607ce3e9c7101

Download Submit
C:\Windows\system\hlIoEaZ.exe

Filesize
6.0MB

MD5
405582953de400f7a8e54d7e6347d983

SHA1
b667905fede142e3db48bd058e4fbe4fdf67dc97

SHA256
557173798dce36f3b16ab59141cdcd984b10511b47f7f5a7810f8e71d725a670

SHA512
eeb0968680d9936314490f253c0b1bb1304be578739f22235bfd56d85a5c18f3518c59e0495377737f5952560b83319347d0da78fcb482cc5ce2d217e1ed1dcf

Download Submit
C:\Windows\system\jheoYjd.exe

Filesize
6.0MB

MD5
a687fc98ac4d13f3667586569f3cbc6f

SHA1
1743c29a41fdd2e98bc17ceb1fc59a6361d608a6

SHA256
04a66cbdf1342b5eec5ebbe0e81e57e110e865920cb7c0b0d9faae5b08b1c20f

SHA512
d9fdd3b72d0fe3d31f86a87cbf047835e3a3d832f42c457df52bc83a00e9ace6032d319953c2ac12e70f4e796c5001d12007c613cc61cb6c4e448abe67b15743

Download Submit
C:\Windows\system\jltjurJ.exe

Filesize
6.0MB

MD5
60ea87da5ac366dd6636d97248f5b32e

SHA1
d3bd5236290266bceb76588253270487ae178ffd

SHA256
3491a8add697c3db6704b64c3d82bba30064328944b407955ec7c158f06b1ce6

SHA512
cca8c6db17d45c3199e358ca82493d715c4dd7201ad54f490a3f4871b444683e77570cb038daacf78454ee009edc3e3f25903c1752f7a356d13f50032b2398e6

Download Submit
C:\Windows\system\mfceNov.exe

Filesize
6.0MB

MD5
0a0c5ecb49c48916910c8c64120e68bc

SHA1
2e2251c88d4ba800e90ee341345c6a96b650f91d

SHA256
724311903b77efb6b9651f7c0117440d6986ad67b865588ca94a3030bb824ebd

SHA512
d02b6534a0681e5b9d38ef200f1378a2d33a865256c6a9e407cf31445269724da249f996b092f9d843f1f7046584bb00e9e65c3a5a2bc47f3d3317bf458d7a54

Download Submit
C:\Windows\system\nvSwrFK.exe

Filesize
6.0MB

MD5
87b8c4f128c037361a1ea2aa471c8aa7

SHA1
a4f45cb5d304b769e0f62b7a54df5f410446b254

SHA256
ae2f06c292dd2a5f1f7dd5ce2787779bfceb71969b27588feb9795cf3d0cb7f8

SHA512
7dc4a9cdd5d4d7f424ee63c4dd12f5bf1aa388ba15fefa8c923fec1451a18c3a84c8c6739685457621bd4f9b967e5f65f1e2499e264f0ba3acaaf59db48a1fda

Download Submit
C:\Windows\system\sJKEKSU.exe

Filesize
6.0MB

MD5
9c67289c21213122efe17722c9afff70

SHA1
d6fd3842c6b1dcf117c9f14350d5badededc24a3

SHA256
d8b4d8c69625ad13cf4fb3329656c736694f938085cbea313b643865c51c18f8

SHA512
fc41a434c51d8a62c8d38c21574466628c951b4d13b8baaa391f9ea6dc7430fb87764c3c17e653ab53633dde46f4d947ad41bff4e2c955a115ca3bfcad3d5bd0

Download Submit
C:\Windows\system\sRapufE.exe

Filesize
6.0MB

MD5
6a4a77a79e232cd7bd4483b9a9a441b1

SHA1
a22f01d0d42145bb78ef2c4c66f496aa1f293930

SHA256
5a557241473da401bcac26fe966c92b2f1df2062f85b0b77d79c9a0b1c5ff953

SHA512
7f21fd40feba700d0faf822a9f1a7ee371d0ea40d96cb0fa8b8b1fac9ba684b189a93f76a55005c9bc5e8ab575c50a79cb21d55934b0573994049ef74c1b2102

Download Submit
C:\Windows\system\wZwLlLg.exe

Filesize
6.0MB

MD5
d9ded96c17c132b6de09f2831246d70f

SHA1
fd597903508d994b9970674a78fe18fef69a2a7a

SHA256
deae6e124111714bb43aa5f690853f57cb99acd64e0edd6d042b8331cfec4a68

SHA512
75c6cb44b5f4fb4d4bece1defe93e2d4cdbe0f2edfb91bd82e1d8749655ae9fdeb57c6114dc647868d746036dfb9496f2e85c1c9916008adbd707c609667cffe

Download Submit
C:\Windows\system\zNATpnj.exe

Filesize
6.0MB

MD5
5e495b99f6f13582cfbe6d5d740a54a9

SHA1
3c2b36993ed0a8d7f94399f1dc7be519eda26406

SHA256
2ecc91c9c3c6a835441b264c1729c1144095972bc61bfb9c40c4711d09835cee

SHA512
6bdc8e67d878273b40fe8bd7470d5015ad97ba015c534fe2f2e20a1f1b5f965c80b70d956c92ac87a3053f5d452dbaaddfe843e30603133cef260cffe42ae219

Download Submit
C:\Windows\system\zRJAsKq.exe

Filesize
6.0MB

MD5
085cd7424e8fa9240829a28eb0404645

SHA1
360d3285916527b3789273ac73730678ceb26988

SHA256
b4584676b6050e967f5abd0e3bb4073ece54bfb15f88fcb9851f60b7286cfb27

SHA512
609805c3fce6bdcdc0f1577bef685228ac66b353250ed87757f0700da67951d43350386c84d11ef55f4a1c3a9b9b299db83d8e3e6b46df77f7c9fc370a67f959

Download Submit
\Windows\system\bqqqzEx.exe

Filesize
6.0MB

MD5
df92b9753973d915ca5d47134a8a449b

SHA1
55f6f43e02ecb0d1dc575771aa6d0548bbf37ce6

SHA256
65c588ce373935d0a09cf54fec15b29f7c8c8e98e25e2881e8d590a230e580bc

SHA512
bd3a3078d2d44a25957c11dd0711a97b07542c3335b90611395aad06e7990b72d149c8079bef69a1902a38e1565c50d901a9d68fdf76df63fea47914ccf1d0f9

Download Submit
\Windows\system\zUHYIUh.exe

Filesize
6.0MB

MD5
f641a7878b593c0a0d1a1309e40916e8

SHA1
ae3465b74e52c49cee344504a2913dc2d101fac7

SHA256
c5fdc822d324a2f46de41e10bb7866f98fb3423ba0b8933d985c84edbd3676e6

SHA512
790d51c4f268a2af62d53ee7cbf11467319a024d4bcfb98f7358b62a7caf16755cf391d34ba12f92a2a9f4273871ad5e6f1b54d0741539862cba62505dceb065

Download Submit
memory/944-129-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/944-3970-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2239-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2186-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2272-3997-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2301-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2272-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2113-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2272-128-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2425-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2272-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2272-2370-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3982-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2185-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2238-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3984-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2752-2298-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3981-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2367-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3983-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2424-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3971-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download