cobaltstrike | 5be2a2221087718ac2177f0948d50ef8978b1845ea8f6ebd73d0d85f5fd20607

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

9bbb6f483ddcd23e55a8e76270ded04c
SHA1

56d2795d215593d462ad1c0f9f716a51642bb4a5
SHA256

5be2a2221087718ac2177f0948d50ef8978b1845ea8f6ebd73d0d85f5fd20607
SHA512

414280a2d730baa13d3406b5b38cecea4b8567f7e8272928a419e2972b0fc405d3098352df154761a0c58bd22092370ec51e3e92b5a4149ccf0e8f556319802e
SSDEEP

98304:demTLkNdfE0pZ3u56utgpPFotBER/mQ32lUv:E+b56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000900000001225f-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d04-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5a-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-21.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f45-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017342-36.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-125.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cd7-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-55.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018617-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e1d-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral1/memory/2192-0-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x000900000001225f-6.dat	xmrig
behavioral1/files/0x0008000000016d04-11.dat	xmrig
behavioral1/files/0x0007000000016d5a-12.dat	xmrig
behavioral1/files/0x0007000000016d71-21.dat	xmrig
behavioral1/files/0x0009000000016f45-30.dat	xmrig
behavioral1/files/0x0009000000017342-36.dat	xmrig
behavioral1/files/0x00050000000194e2-45.dat	xmrig
behavioral1/files/0x000500000001958b-50.dat	xmrig
behavioral1/files/0x00050000000195ce-90.dat	xmrig
behavioral1/files/0x0005000000019624-107.dat	xmrig
behavioral1/files/0x0005000000019bec-128.dat	xmrig
behavioral1/memory/2304-2279-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2820-2376-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2192-2333-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2760-2332-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2192-2387-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/1720-2222-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2192-2168-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d5c-160.dat	xmrig
behavioral1/files/0x0005000000019cfc-155.dat	xmrig
behavioral1/files/0x0005000000019cd5-150.dat	xmrig
behavioral1/files/0x0005000000019c0b-145.dat	xmrig
behavioral1/files/0x0005000000019bf2-140.dat	xmrig
behavioral1/files/0x0005000000019bf0-135.dat	xmrig
behavioral1/files/0x0005000000019931-125.dat	xmrig
behavioral1/files/0x0009000000016cd7-120.dat	xmrig
behavioral1/files/0x00050000000196a0-115.dat	xmrig
behavioral1/files/0x0005000000019665-110.dat	xmrig
behavioral1/files/0x00050000000195e0-101.dat	xmrig
behavioral1/files/0x00050000000195d0-95.dat	xmrig
behavioral1/files/0x00050000000195cc-86.dat	xmrig
behavioral1/files/0x00050000000195ca-80.dat	xmrig
behavioral1/files/0x00050000000195c8-76.dat	xmrig
behavioral1/files/0x00050000000195c7-70.dat	xmrig
behavioral1/files/0x00050000000195c6-66.dat	xmrig
behavioral1/files/0x00050000000195c4-61.dat	xmrig
behavioral1/files/0x00050000000195c2-55.dat	xmrig
behavioral1/files/0x000a000000018617-40.dat	xmrig
behavioral1/files/0x0007000000016e1d-26.dat	xmrig
behavioral1/memory/2916-2401-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/3028-2393-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2192-2948-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2192-3083-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2820-3850-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/3028-3851-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2304-3886-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2916-3893-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/1720-3864-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2760-3863-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2548	sFswLQg.exe
1052	LSSNoxX.exe
1720	NxjwYzO.exe
2304	AAnmmFd.exe
2760	tXleYnn.exe
2820	wQrBBQN.exe
3028	SjcNBXh.exe
2916	wPXJOUj.exe
2240	DOXwudZ.exe
2232	rhwHzqI.exe
2968	iAiYbtK.exe
2780	xoQUYFY.exe
2612	lorgyCP.exe
2656	lccrZlo.exe
2172	kMHihQk.exe
2160	oQzjeSF.exe
984	ZWbzEFw.exe
2996	XNfwvTB.exe
2228	JQldvwU.exe
1440	EJgyBPf.exe
676	ISHglrp.exe
472	uFpdFyn.exe
868	YMvuBNO.exe
1872	tBJSWvc.exe
1736	UdwkOXl.exe
1376	qKdcvUB.exe
444	icCaJef.exe
600	HfEPrvY.exe
2396	YaHKmxZ.exe
1524	oLUHBdK.exe
2200	ahPQlnB.exe
1900	knTiRan.exe
2800	KcseLle.exe
3044	UzdEgtU.exe
448	NSYBLRX.exe
1964	wmfPYDO.exe
960	BVFLfZk.exe
1704	ruQFOPV.exe
2416	CzeDzsj.exe
588	UMSrwHN.exe
1804	szMtTQA.exe
2500	OUsrGYx.exe
2464	YWAaGkm.exe
900	fmlYQLu.exe
2100	esyezyD.exe
1976	yyPEeAy.exe
712	csUZauW.exe
2512	PawoZjB.exe
2696	gVEUbjs.exe
1492	vLUWifd.exe
1880	xAyLbAC.exe
1732	BkvcmHU.exe
1956	jftvmfC.exe
2484	hKbenKr.exe
912	djsaxCe.exe
2564	YsTNSDb.exe
2392	rrRhJBy.exe
1604	yARlemm.exe
1572	HYmNnbh.exe
1748	QpggsbM.exe
2792	RHGhyBx.exe
2812	RPofutv.exe
2772	XoNkBfS.exe
2912	iZCAJAV.exe

Loads dropped DLL 64 IoCs

pid	Process
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2192-0-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x000900000001225f-6.dat	upx
behavioral1/files/0x0008000000016d04-11.dat	upx
behavioral1/files/0x0007000000016d5a-12.dat	upx
behavioral1/files/0x0007000000016d71-21.dat	upx
behavioral1/files/0x0009000000016f45-30.dat	upx
behavioral1/files/0x0009000000017342-36.dat	upx
behavioral1/files/0x00050000000194e2-45.dat	upx
behavioral1/files/0x000500000001958b-50.dat	upx
behavioral1/files/0x00050000000195ce-90.dat	upx
behavioral1/files/0x0005000000019624-107.dat	upx
behavioral1/files/0x0005000000019bec-128.dat	upx
behavioral1/memory/2304-2279-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2820-2376-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2760-2332-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/1720-2222-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0005000000019d5c-160.dat	upx
behavioral1/files/0x0005000000019cfc-155.dat	upx
behavioral1/files/0x0005000000019cd5-150.dat	upx
behavioral1/files/0x0005000000019c0b-145.dat	upx
behavioral1/files/0x0005000000019bf2-140.dat	upx
behavioral1/files/0x0005000000019bf0-135.dat	upx
behavioral1/files/0x0005000000019931-125.dat	upx
behavioral1/files/0x0009000000016cd7-120.dat	upx
behavioral1/files/0x00050000000196a0-115.dat	upx
behavioral1/files/0x0005000000019665-110.dat	upx
behavioral1/files/0x00050000000195e0-101.dat	upx
behavioral1/files/0x00050000000195d0-95.dat	upx
behavioral1/files/0x00050000000195cc-86.dat	upx
behavioral1/files/0x00050000000195ca-80.dat	upx
behavioral1/files/0x00050000000195c8-76.dat	upx
behavioral1/files/0x00050000000195c7-70.dat	upx
behavioral1/files/0x00050000000195c6-66.dat	upx
behavioral1/files/0x00050000000195c4-61.dat	upx
behavioral1/files/0x00050000000195c2-55.dat	upx
behavioral1/files/0x000a000000018617-40.dat	upx
behavioral1/files/0x0007000000016e1d-26.dat	upx
behavioral1/memory/2916-2401-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/3028-2393-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2192-2948-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2820-3850-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/3028-3851-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2304-3886-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2916-3893-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/1720-3864-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2760-3863-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UvGpyKi.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjDOLVy.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaMVxjr.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlkBHja.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLRMMww.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foZnHIk.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEQEVJe.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXvnNUt.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkjJQVe.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUwZYDe.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lciUQgr.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoVWkct.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrAHBji.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBweMwu.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHOEwbx.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUOYRBR.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqTTEIy.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvSlvDw.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqctJDT.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbJBBoA.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znBvSTy.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHZMdrt.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciEHHgS.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUJOBJJ.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muznyRt.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFwQgUN.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Htgmzbr.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnYIItH.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWPqvas.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPEWeAQ.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsAmNBC.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPrqGMO.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfCKuQB.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjnsJCY.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQHHdmK.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btJGBce.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiLFzHk.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAGGyrV.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXKAjDr.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzcjfrJ.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBCAUFP.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwUuDZY.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqaLOhk.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHkIWhU.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FesrfyX.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvLMgRf.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGkTaiL.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mftOeNN.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlwiJOD.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tboAFQR.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAAGlwY.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOrTsPd.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvhaJNb.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWgIHDL.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkdhBqP.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asPIizU.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crnJpKE.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfDITPA.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZUVQQB.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQBAJdo.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usZHoJO.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPgSMDU.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJDDASo.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVnyZWm.exe	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2548	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2192 wrote to memory of 2548	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2192 wrote to memory of 2548	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2192 wrote to memory of 1052	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2192 wrote to memory of 1052	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2192 wrote to memory of 1052	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2192 wrote to memory of 1720	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2192 wrote to memory of 1720	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2192 wrote to memory of 1720	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2192 wrote to memory of 2304	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2192 wrote to memory of 2304	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2192 wrote to memory of 2304	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2192 wrote to memory of 2760	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2192 wrote to memory of 2760	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2192 wrote to memory of 2760	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2192 wrote to memory of 2820	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2192 wrote to memory of 2820	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2192 wrote to memory of 2820	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2192 wrote to memory of 3028	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2192 wrote to memory of 3028	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2192 wrote to memory of 3028	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2192 wrote to memory of 2916	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2192 wrote to memory of 2916	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2192 wrote to memory of 2916	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2192 wrote to memory of 2240	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2192 wrote to memory of 2240	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2192 wrote to memory of 2240	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2192 wrote to memory of 2232	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2192 wrote to memory of 2232	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2192 wrote to memory of 2232	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2192 wrote to memory of 2968	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2192 wrote to memory of 2968	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2192 wrote to memory of 2968	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2192 wrote to memory of 2780	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2192 wrote to memory of 2780	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2192 wrote to memory of 2780	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2192 wrote to memory of 2612	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2192 wrote to memory of 2612	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2192 wrote to memory of 2612	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2192 wrote to memory of 2656	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2192 wrote to memory of 2656	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2192 wrote to memory of 2656	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2192 wrote to memory of 2172	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2192 wrote to memory of 2172	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2192 wrote to memory of 2172	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2192 wrote to memory of 2160	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2192 wrote to memory of 2160	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2192 wrote to memory of 2160	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2192 wrote to memory of 984	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2192 wrote to memory of 984	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2192 wrote to memory of 984	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2192 wrote to memory of 2996	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2192 wrote to memory of 2996	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2192 wrote to memory of 2996	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2192 wrote to memory of 2228	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2192 wrote to memory of 2228	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2192 wrote to memory of 2228	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2192 wrote to memory of 1440	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2192 wrote to memory of 1440	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2192 wrote to memory of 1440	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2192 wrote to memory of 676	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2192 wrote to memory of 676	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2192 wrote to memory of 676	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2192 wrote to memory of 472	2192	2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_9bbb6f483ddcd23e55a8e76270ded04c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\System\sFswLQg.exe
  C:\Windows\System\sFswLQg.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\LSSNoxX.exe
  C:\Windows\System\LSSNoxX.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\NxjwYzO.exe
  C:\Windows\System\NxjwYzO.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\AAnmmFd.exe
  C:\Windows\System\AAnmmFd.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\tXleYnn.exe
  C:\Windows\System\tXleYnn.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\wQrBBQN.exe
  C:\Windows\System\wQrBBQN.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\SjcNBXh.exe
  C:\Windows\System\SjcNBXh.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\wPXJOUj.exe
  C:\Windows\System\wPXJOUj.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\DOXwudZ.exe
  C:\Windows\System\DOXwudZ.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\rhwHzqI.exe
  C:\Windows\System\rhwHzqI.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\iAiYbtK.exe
  C:\Windows\System\iAiYbtK.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\xoQUYFY.exe
  C:\Windows\System\xoQUYFY.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\lorgyCP.exe
  C:\Windows\System\lorgyCP.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\lccrZlo.exe
  C:\Windows\System\lccrZlo.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\kMHihQk.exe
  C:\Windows\System\kMHihQk.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\oQzjeSF.exe
  C:\Windows\System\oQzjeSF.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\ZWbzEFw.exe
  C:\Windows\System\ZWbzEFw.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\XNfwvTB.exe
  C:\Windows\System\XNfwvTB.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\JQldvwU.exe
  C:\Windows\System\JQldvwU.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\EJgyBPf.exe
  C:\Windows\System\EJgyBPf.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\ISHglrp.exe
  C:\Windows\System\ISHglrp.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\uFpdFyn.exe
  C:\Windows\System\uFpdFyn.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\YMvuBNO.exe
  C:\Windows\System\YMvuBNO.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\tBJSWvc.exe
  C:\Windows\System\tBJSWvc.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\UdwkOXl.exe
  C:\Windows\System\UdwkOXl.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\qKdcvUB.exe
  C:\Windows\System\qKdcvUB.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\icCaJef.exe
  C:\Windows\System\icCaJef.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\HfEPrvY.exe
  C:\Windows\System\HfEPrvY.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\YaHKmxZ.exe
  C:\Windows\System\YaHKmxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\oLUHBdK.exe
  C:\Windows\System\oLUHBdK.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ahPQlnB.exe
  C:\Windows\System\ahPQlnB.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\knTiRan.exe
  C:\Windows\System\knTiRan.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\KcseLle.exe
  C:\Windows\System\KcseLle.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\UzdEgtU.exe
  C:\Windows\System\UzdEgtU.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\NSYBLRX.exe
  C:\Windows\System\NSYBLRX.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\wmfPYDO.exe
  C:\Windows\System\wmfPYDO.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\BVFLfZk.exe
  C:\Windows\System\BVFLfZk.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\ruQFOPV.exe
  C:\Windows\System\ruQFOPV.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\CzeDzsj.exe
  C:\Windows\System\CzeDzsj.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\UMSrwHN.exe
  C:\Windows\System\UMSrwHN.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\szMtTQA.exe
  C:\Windows\System\szMtTQA.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\OUsrGYx.exe
  C:\Windows\System\OUsrGYx.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\YWAaGkm.exe
  C:\Windows\System\YWAaGkm.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\fmlYQLu.exe
  C:\Windows\System\fmlYQLu.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\esyezyD.exe
  C:\Windows\System\esyezyD.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\yyPEeAy.exe
  C:\Windows\System\yyPEeAy.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\csUZauW.exe
  C:\Windows\System\csUZauW.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\PawoZjB.exe
  C:\Windows\System\PawoZjB.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\gVEUbjs.exe
  C:\Windows\System\gVEUbjs.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\vLUWifd.exe
  C:\Windows\System\vLUWifd.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\xAyLbAC.exe
  C:\Windows\System\xAyLbAC.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\BkvcmHU.exe
  C:\Windows\System\BkvcmHU.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\jftvmfC.exe
  C:\Windows\System\jftvmfC.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\djsaxCe.exe
  C:\Windows\System\djsaxCe.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\hKbenKr.exe
  C:\Windows\System\hKbenKr.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\YsTNSDb.exe
  C:\Windows\System\YsTNSDb.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\rrRhJBy.exe
  C:\Windows\System\rrRhJBy.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\HYmNnbh.exe
  C:\Windows\System\HYmNnbh.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\yARlemm.exe
  C:\Windows\System\yARlemm.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\QpggsbM.exe
  C:\Windows\System\QpggsbM.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\RHGhyBx.exe
  C:\Windows\System\RHGhyBx.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\RPofutv.exe
  C:\Windows\System\RPofutv.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\XoNkBfS.exe
  C:\Windows\System\XoNkBfS.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\iZCAJAV.exe
  C:\Windows\System\iZCAJAV.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\GgYdCVJ.exe
  C:\Windows\System\GgYdCVJ.exe
  2⤵
  PID:2640
- C:\Windows\System\IcJLyqU.exe
  C:\Windows\System\IcJLyqU.exe
  2⤵
  PID:2660
- C:\Windows\System\NkqspBt.exe
  C:\Windows\System\NkqspBt.exe
  2⤵
  PID:2628
- C:\Windows\System\BkjJQVe.exe
  C:\Windows\System\BkjJQVe.exe
  2⤵
  PID:2928
- C:\Windows\System\obGknAu.exe
  C:\Windows\System\obGknAu.exe
  2⤵
  PID:2880
- C:\Windows\System\vsdjJGk.exe
  C:\Windows\System\vsdjJGk.exe
  2⤵
  PID:2168
- C:\Windows\System\LpapXYa.exe
  C:\Windows\System\LpapXYa.exe
  2⤵
  PID:2444
- C:\Windows\System\aLtFCWG.exe
  C:\Windows\System\aLtFCWG.exe
  2⤵
  PID:2832
- C:\Windows\System\vGSAlRb.exe
  C:\Windows\System\vGSAlRb.exe
  2⤵
  PID:2060
- C:\Windows\System\BCfhAtI.exe
  C:\Windows\System\BCfhAtI.exe
  2⤵
  PID:1816
- C:\Windows\System\hwWNfWL.exe
  C:\Windows\System\hwWNfWL.exe
  2⤵
  PID:1208
- C:\Windows\System\ePBlKxh.exe
  C:\Windows\System\ePBlKxh.exe
  2⤵
  PID:1016
- C:\Windows\System\rsEGDCP.exe
  C:\Windows\System\rsEGDCP.exe
  2⤵
  PID:2408
- C:\Windows\System\kBCAUFP.exe
  C:\Windows\System\kBCAUFP.exe
  2⤵
  PID:1772
- C:\Windows\System\ECzTtzc.exe
  C:\Windows\System\ECzTtzc.exe
  2⤵
  PID:656
- C:\Windows\System\TrzXvuN.exe
  C:\Windows\System\TrzXvuN.exe
  2⤵
  PID:1752
- C:\Windows\System\uLLtcLA.exe
  C:\Windows\System\uLLtcLA.exe
  2⤵
  PID:2292
- C:\Windows\System\tQBtUar.exe
  C:\Windows\System\tQBtUar.exe
  2⤵
  PID:1172
- C:\Windows\System\nnCpGiz.exe
  C:\Windows\System\nnCpGiz.exe
  2⤵
  PID:1432
- C:\Windows\System\hkneiiV.exe
  C:\Windows\System\hkneiiV.exe
  2⤵
  PID:1180
- C:\Windows\System\HKSAWaB.exe
  C:\Windows\System\HKSAWaB.exe
  2⤵
  PID:1800
- C:\Windows\System\THoWiZR.exe
  C:\Windows\System\THoWiZR.exe
  2⤵
  PID:844
- C:\Windows\System\BlXlxVL.exe
  C:\Windows\System\BlXlxVL.exe
  2⤵
  PID:2036
- C:\Windows\System\HIWtlke.exe
  C:\Windows\System\HIWtlke.exe
  2⤵
  PID:2692
- C:\Windows\System\bwUfLLY.exe
  C:\Windows\System\bwUfLLY.exe
  2⤵
  PID:2528
- C:\Windows\System\ySYOYBo.exe
  C:\Windows\System\ySYOYBo.exe
  2⤵
  PID:2424
- C:\Windows\System\bPffSnP.exe
  C:\Windows\System\bPffSnP.exe
  2⤵
  PID:2204
- C:\Windows\System\fMevCWW.exe
  C:\Windows\System\fMevCWW.exe
  2⤵
  PID:632
- C:\Windows\System\bzMjKbb.exe
  C:\Windows\System\bzMjKbb.exe
  2⤵
  PID:1596
- C:\Windows\System\iePsuMx.exe
  C:\Windows\System\iePsuMx.exe
  2⤵
  PID:2412
- C:\Windows\System\xUsgKvM.exe
  C:\Windows\System\xUsgKvM.exe
  2⤵
  PID:2724
- C:\Windows\System\jvaALHX.exe
  C:\Windows\System\jvaALHX.exe
  2⤵
  PID:2720
- C:\Windows\System\LELBFTf.exe
  C:\Windows\System\LELBFTf.exe
  2⤵
  PID:2896
- C:\Windows\System\hmjRKku.exe
  C:\Windows\System\hmjRKku.exe
  2⤵
  PID:2960
- C:\Windows\System\oKjJlJv.exe
  C:\Windows\System\oKjJlJv.exe
  2⤵
  PID:2644
- C:\Windows\System\TCPpVcv.exe
  C:\Windows\System\TCPpVcv.exe
  2⤵
  PID:2988
- C:\Windows\System\CYxuUYu.exe
  C:\Windows\System\CYxuUYu.exe
  2⤵
  PID:1300
- C:\Windows\System\szOnpaU.exe
  C:\Windows\System\szOnpaU.exe
  2⤵
  PID:2836
- C:\Windows\System\wflXGIK.exe
  C:\Windows\System\wflXGIK.exe
  2⤵
  PID:2576
- C:\Windows\System\tlILMEa.exe
  C:\Windows\System\tlILMEa.exe
  2⤵
  PID:1916
- C:\Windows\System\YmsKMIh.exe
  C:\Windows\System\YmsKMIh.exe
  2⤵
  PID:2028
- C:\Windows\System\hdCHufg.exe
  C:\Windows\System\hdCHufg.exe
  2⤵
  PID:1548
- C:\Windows\System\xyONVBm.exe
  C:\Windows\System\xyONVBm.exe
  2⤵
  PID:1584
- C:\Windows\System\puHGTPe.exe
  C:\Windows\System\puHGTPe.exe
  2⤵
  PID:3048
- C:\Windows\System\wpIExsL.exe
  C:\Windows\System\wpIExsL.exe
  2⤵
  PID:1812
- C:\Windows\System\BttazcH.exe
  C:\Windows\System\BttazcH.exe
  2⤵
  PID:2456
- C:\Windows\System\vmYJWyX.exe
  C:\Windows\System\vmYJWyX.exe
  2⤵
  PID:1988
- C:\Windows\System\QNmdczf.exe
  C:\Windows\System\QNmdczf.exe
  2⤵
  PID:2096
- C:\Windows\System\vaXGaXk.exe
  C:\Windows\System\vaXGaXk.exe
  2⤵
  PID:2540
- C:\Windows\System\RTxvzUl.exe
  C:\Windows\System\RTxvzUl.exe
  2⤵
  PID:2476
- C:\Windows\System\nsuXuIq.exe
  C:\Windows\System\nsuXuIq.exe
  2⤵
  PID:768
- C:\Windows\System\FzpXLTD.exe
  C:\Windows\System\FzpXLTD.exe
  2⤵
  PID:2936
- C:\Windows\System\wyPURvB.exe
  C:\Windows\System\wyPURvB.exe
  2⤵
  PID:2620
- C:\Windows\System\Vhhypfo.exe
  C:\Windows\System\Vhhypfo.exe
  2⤵
  PID:2828
- C:\Windows\System\DQPKkmf.exe
  C:\Windows\System\DQPKkmf.exe
  2⤵
  PID:3092
- C:\Windows\System\egMrOiV.exe
  C:\Windows\System\egMrOiV.exe
  2⤵
  PID:3116
- C:\Windows\System\iEvmcgb.exe
  C:\Windows\System\iEvmcgb.exe
  2⤵
  PID:3136
- C:\Windows\System\fzAlaRa.exe
  C:\Windows\System\fzAlaRa.exe
  2⤵
  PID:3156
- C:\Windows\System\pCoARGt.exe
  C:\Windows\System\pCoARGt.exe
  2⤵
  PID:3172
- C:\Windows\System\JgndJuo.exe
  C:\Windows\System\JgndJuo.exe
  2⤵
  PID:3192
- C:\Windows\System\LqGyyFz.exe
  C:\Windows\System\LqGyyFz.exe
  2⤵
  PID:3208
- C:\Windows\System\scQhJXI.exe
  C:\Windows\System\scQhJXI.exe
  2⤵
  PID:3228
- C:\Windows\System\MvlKKEZ.exe
  C:\Windows\System\MvlKKEZ.exe
  2⤵
  PID:3256
- C:\Windows\System\vpmYrCE.exe
  C:\Windows\System\vpmYrCE.exe
  2⤵
  PID:3276
- C:\Windows\System\OsRfkpO.exe
  C:\Windows\System\OsRfkpO.exe
  2⤵
  PID:3296
- C:\Windows\System\xkolsrA.exe
  C:\Windows\System\xkolsrA.exe
  2⤵
  PID:3316
- C:\Windows\System\QdmPkbK.exe
  C:\Windows\System\QdmPkbK.exe
  2⤵
  PID:3332
- C:\Windows\System\CoGKWLb.exe
  C:\Windows\System\CoGKWLb.exe
  2⤵
  PID:3356
- C:\Windows\System\Htgmzbr.exe
  C:\Windows\System\Htgmzbr.exe
  2⤵
  PID:3372
- C:\Windows\System\TJuzxGm.exe
  C:\Windows\System\TJuzxGm.exe
  2⤵
  PID:3392
- C:\Windows\System\qITCgQf.exe
  C:\Windows\System\qITCgQf.exe
  2⤵
  PID:3408
- C:\Windows\System\TuTZHSk.exe
  C:\Windows\System\TuTZHSk.exe
  2⤵
  PID:3428
- C:\Windows\System\TjDOLVy.exe
  C:\Windows\System\TjDOLVy.exe
  2⤵
  PID:3448
- C:\Windows\System\hOPzuIa.exe
  C:\Windows\System\hOPzuIa.exe
  2⤵
  PID:3464
- C:\Windows\System\EXjKpgm.exe
  C:\Windows\System\EXjKpgm.exe
  2⤵
  PID:3484
- C:\Windows\System\syffnoz.exe
  C:\Windows\System\syffnoz.exe
  2⤵
  PID:3504
- C:\Windows\System\YHZMdrt.exe
  C:\Windows\System\YHZMdrt.exe
  2⤵
  PID:3528
- C:\Windows\System\gOZPbga.exe
  C:\Windows\System\gOZPbga.exe
  2⤵
  PID:3556
- C:\Windows\System\OoOzYUB.exe
  C:\Windows\System\OoOzYUB.exe
  2⤵
  PID:3576
- C:\Windows\System\ttsuJST.exe
  C:\Windows\System\ttsuJST.exe
  2⤵
  PID:3592
- C:\Windows\System\wTVCXBZ.exe
  C:\Windows\System\wTVCXBZ.exe
  2⤵
  PID:3612
- C:\Windows\System\SeaxyBA.exe
  C:\Windows\System\SeaxyBA.exe
  2⤵
  PID:3632
- C:\Windows\System\NwXOmxH.exe
  C:\Windows\System\NwXOmxH.exe
  2⤵
  PID:3652
- C:\Windows\System\DzBjpsc.exe
  C:\Windows\System\DzBjpsc.exe
  2⤵
  PID:3672
- C:\Windows\System\uFSHgBW.exe
  C:\Windows\System\uFSHgBW.exe
  2⤵
  PID:3696
- C:\Windows\System\OtFwWnz.exe
  C:\Windows\System\OtFwWnz.exe
  2⤵
  PID:3712
- C:\Windows\System\DNxKAcN.exe
  C:\Windows\System\DNxKAcN.exe
  2⤵
  PID:3732
- C:\Windows\System\hcTQtud.exe
  C:\Windows\System\hcTQtud.exe
  2⤵
  PID:3752
- C:\Windows\System\frvdnZG.exe
  C:\Windows\System\frvdnZG.exe
  2⤵
  PID:3768
- C:\Windows\System\IIMcSMg.exe
  C:\Windows\System\IIMcSMg.exe
  2⤵
  PID:3788
- C:\Windows\System\nsDwQAE.exe
  C:\Windows\System\nsDwQAE.exe
  2⤵
  PID:3808
- C:\Windows\System\pdJVlIo.exe
  C:\Windows\System\pdJVlIo.exe
  2⤵
  PID:3828
- C:\Windows\System\pvQoLau.exe
  C:\Windows\System\pvQoLau.exe
  2⤵
  PID:3848
- C:\Windows\System\FqoquSc.exe
  C:\Windows\System\FqoquSc.exe
  2⤵
  PID:3868
- C:\Windows\System\xbfOmSY.exe
  C:\Windows\System\xbfOmSY.exe
  2⤵
  PID:3884
- C:\Windows\System\tmMVzBJ.exe
  C:\Windows\System\tmMVzBJ.exe
  2⤵
  PID:3904
- C:\Windows\System\VMvOLYE.exe
  C:\Windows\System\VMvOLYE.exe
  2⤵
  PID:3932
- C:\Windows\System\FTSDxIW.exe
  C:\Windows\System\FTSDxIW.exe
  2⤵
  PID:3956
- C:\Windows\System\TtzIVeR.exe
  C:\Windows\System\TtzIVeR.exe
  2⤵
  PID:3972
- C:\Windows\System\fipsSzx.exe
  C:\Windows\System\fipsSzx.exe
  2⤵
  PID:3996
- C:\Windows\System\fqcyrmu.exe
  C:\Windows\System\fqcyrmu.exe
  2⤵
  PID:4016
- C:\Windows\System\fktGMnT.exe
  C:\Windows\System\fktGMnT.exe
  2⤵
  PID:4032
- C:\Windows\System\LsXVpXF.exe
  C:\Windows\System\LsXVpXF.exe
  2⤵
  PID:4052
- C:\Windows\System\iqafKSt.exe
  C:\Windows\System\iqafKSt.exe
  2⤵
  PID:4076
- C:\Windows\System\txDxoTJ.exe
  C:\Windows\System\txDxoTJ.exe
  2⤵
  PID:4092
- C:\Windows\System\vAoGOXt.exe
  C:\Windows\System\vAoGOXt.exe
  2⤵
  PID:2672
- C:\Windows\System\WjNIpnQ.exe
  C:\Windows\System\WjNIpnQ.exe
  2⤵
  PID:1576
- C:\Windows\System\TsCVZBu.exe
  C:\Windows\System\TsCVZBu.exe
  2⤵
  PID:1632
- C:\Windows\System\hFVCznz.exe
  C:\Windows\System\hFVCznz.exe
  2⤵
  PID:1132
- C:\Windows\System\WAeGXWg.exe
  C:\Windows\System\WAeGXWg.exe
  2⤵
  PID:1036
- C:\Windows\System\zAJXYtf.exe
  C:\Windows\System\zAJXYtf.exe
  2⤵
  PID:1688
- C:\Windows\System\snxekQs.exe
  C:\Windows\System\snxekQs.exe
  2⤵
  PID:2040
- C:\Windows\System\QrkdlGZ.exe
  C:\Windows\System\QrkdlGZ.exe
  2⤵
  PID:1392
- C:\Windows\System\hnnreai.exe
  C:\Windows\System\hnnreai.exe
  2⤵
  PID:2208
- C:\Windows\System\FGTvvlL.exe
  C:\Windows\System\FGTvvlL.exe
  2⤵
  PID:2756
- C:\Windows\System\heivWjx.exe
  C:\Windows\System\heivWjx.exe
  2⤵
  PID:3104
- C:\Windows\System\sRhtmCV.exe
  C:\Windows\System\sRhtmCV.exe
  2⤵
  PID:1696
- C:\Windows\System\endTlGW.exe
  C:\Windows\System\endTlGW.exe
  2⤵
  PID:3124
- C:\Windows\System\tkHzgvi.exe
  C:\Windows\System\tkHzgvi.exe
  2⤵
  PID:3152
- C:\Windows\System\TCZSeeO.exe
  C:\Windows\System\TCZSeeO.exe
  2⤵
  PID:3216
- C:\Windows\System\btDQJtv.exe
  C:\Windows\System\btDQJtv.exe
  2⤵
  PID:3268
- C:\Windows\System\jReUnnJ.exe
  C:\Windows\System\jReUnnJ.exe
  2⤵
  PID:3340
- C:\Windows\System\DLOfVIp.exe
  C:\Windows\System\DLOfVIp.exe
  2⤵
  PID:3204
- C:\Windows\System\XzsTtfM.exe
  C:\Windows\System\XzsTtfM.exe
  2⤵
  PID:3284
- C:\Windows\System\ZrPngyw.exe
  C:\Windows\System\ZrPngyw.exe
  2⤵
  PID:3352
- C:\Windows\System\smqALcN.exe
  C:\Windows\System\smqALcN.exe
  2⤵
  PID:3416
- C:\Windows\System\vrvzVRJ.exe
  C:\Windows\System\vrvzVRJ.exe
  2⤵
  PID:3364
- C:\Windows\System\avbzhQm.exe
  C:\Windows\System\avbzhQm.exe
  2⤵
  PID:3536
- C:\Windows\System\mQhOigU.exe
  C:\Windows\System\mQhOigU.exe
  2⤵
  PID:3444
- C:\Windows\System\MvCqMJF.exe
  C:\Windows\System\MvCqMJF.exe
  2⤵
  PID:3540
- C:\Windows\System\KBeyAKp.exe
  C:\Windows\System\KBeyAKp.exe
  2⤵
  PID:3476
- C:\Windows\System\ZNTsiYc.exe
  C:\Windows\System\ZNTsiYc.exe
  2⤵
  PID:3588
- C:\Windows\System\tKeLQqW.exe
  C:\Windows\System\tKeLQqW.exe
  2⤵
  PID:3564
- C:\Windows\System\ozMhfNh.exe
  C:\Windows\System\ozMhfNh.exe
  2⤵
  PID:3644
- C:\Windows\System\RPppYCM.exe
  C:\Windows\System\RPppYCM.exe
  2⤵
  PID:3740
- C:\Windows\System\CgZohdA.exe
  C:\Windows\System\CgZohdA.exe
  2⤵
  PID:3692
- C:\Windows\System\BlLaRzY.exe
  C:\Windows\System\BlLaRzY.exe
  2⤵
  PID:3780
- C:\Windows\System\dULtGYK.exe
  C:\Windows\System\dULtGYK.exe
  2⤵
  PID:3824
- C:\Windows\System\KkDXLOb.exe
  C:\Windows\System\KkDXLOb.exe
  2⤵
  PID:3804
- C:\Windows\System\fpozfqy.exe
  C:\Windows\System\fpozfqy.exe
  2⤵
  PID:3840
- C:\Windows\System\hzDishN.exe
  C:\Windows\System\hzDishN.exe
  2⤵
  PID:3896
- C:\Windows\System\JMfAUlV.exe
  C:\Windows\System\JMfAUlV.exe
  2⤵
  PID:3928
- C:\Windows\System\AOGHWse.exe
  C:\Windows\System\AOGHWse.exe
  2⤵
  PID:3980
- C:\Windows\System\TqJxvEX.exe
  C:\Windows\System\TqJxvEX.exe
  2⤵
  PID:3984
- C:\Windows\System\PVhchVl.exe
  C:\Windows\System\PVhchVl.exe
  2⤵
  PID:4068
- C:\Windows\System\WGAOJhD.exe
  C:\Windows\System\WGAOJhD.exe
  2⤵
  PID:4012
- C:\Windows\System\mkIxPgC.exe
  C:\Windows\System\mkIxPgC.exe
  2⤵
  PID:4044
- C:\Windows\System\KTkWFMy.exe
  C:\Windows\System\KTkWFMy.exe
  2⤵
  PID:4040
- C:\Windows\System\fqymHuO.exe
  C:\Windows\System\fqymHuO.exe
  2⤵
  PID:4088
- C:\Windows\System\ZQIBdcJ.exe
  C:\Windows\System\ZQIBdcJ.exe
  2⤵
  PID:2044
- C:\Windows\System\CLxkltK.exe
  C:\Windows\System\CLxkltK.exe
  2⤵
  PID:3112
- C:\Windows\System\dEUSacL.exe
  C:\Windows\System\dEUSacL.exe
  2⤵
  PID:3084
- C:\Windows\System\bftkyNV.exe
  C:\Windows\System\bftkyNV.exe
  2⤵
  PID:3312
- C:\Windows\System\xJsKeff.exe
  C:\Windows\System\xJsKeff.exe
  2⤵
  PID:2144
- C:\Windows\System\nAoZnZg.exe
  C:\Windows\System\nAoZnZg.exe
  2⤵
  PID:2704
- C:\Windows\System\XjkMWwy.exe
  C:\Windows\System\XjkMWwy.exe
  2⤵
  PID:3132
- C:\Windows\System\bexVlyY.exe
  C:\Windows\System\bexVlyY.exe
  2⤵
  PID:3380
- C:\Windows\System\KOvqRij.exe
  C:\Windows\System\KOvqRij.exe
  2⤵
  PID:3500
- C:\Windows\System\WTEhRUU.exe
  C:\Windows\System\WTEhRUU.exe
  2⤵
  PID:3168
- C:\Windows\System\SUbicTy.exe
  C:\Windows\System\SUbicTy.exe
  2⤵
  PID:3240
- C:\Windows\System\xEqgUMh.exe
  C:\Windows\System\xEqgUMh.exe
  2⤵
  PID:3584
- C:\Windows\System\QnVwict.exe
  C:\Windows\System\QnVwict.exe
  2⤵
  PID:3640
- C:\Windows\System\BmfqVUO.exe
  C:\Windows\System\BmfqVUO.exe
  2⤵
  PID:3420
- C:\Windows\System\BgpNWRy.exe
  C:\Windows\System\BgpNWRy.exe
  2⤵
  PID:3664
- C:\Windows\System\GaMtraN.exe
  C:\Windows\System\GaMtraN.exe
  2⤵
  PID:3748
- C:\Windows\System\TejSyPi.exe
  C:\Windows\System\TejSyPi.exe
  2⤵
  PID:3628
- C:\Windows\System\sOKBKRV.exe
  C:\Windows\System\sOKBKRV.exe
  2⤵
  PID:3800
- C:\Windows\System\RBweMwu.exe
  C:\Windows\System\RBweMwu.exe
  2⤵
  PID:3860
- C:\Windows\System\bhgBvgW.exe
  C:\Windows\System\bhgBvgW.exe
  2⤵
  PID:3944
- C:\Windows\System\EieKgzo.exe
  C:\Windows\System\EieKgzo.exe
  2⤵
  PID:3948
- C:\Windows\System\lofGziB.exe
  C:\Windows\System\lofGziB.exe
  2⤵
  PID:3036
- C:\Windows\System\HqwNria.exe
  C:\Windows\System\HqwNria.exe
  2⤵
  PID:1948
- C:\Windows\System\BfDITPA.exe
  C:\Windows\System\BfDITPA.exe
  2⤵
  PID:3080
- C:\Windows\System\LZUEqyF.exe
  C:\Windows\System\LZUEqyF.exe
  2⤵
  PID:1780
- C:\Windows\System\ULdfmaQ.exe
  C:\Windows\System\ULdfmaQ.exe
  2⤵
  PID:3108
- C:\Windows\System\LnUHidn.exe
  C:\Windows\System\LnUHidn.exe
  2⤵
  PID:3244
- C:\Windows\System\RRnGfrl.exe
  C:\Windows\System\RRnGfrl.exe
  2⤵
  PID:3388
- C:\Windows\System\hhFfVQH.exe
  C:\Windows\System\hhFfVQH.exe
  2⤵
  PID:3288
- C:\Windows\System\VQcDciX.exe
  C:\Windows\System\VQcDciX.exe
  2⤵
  PID:2340
- C:\Windows\System\DPZEFgT.exe
  C:\Windows\System\DPZEFgT.exe
  2⤵
  PID:3668
- C:\Windows\System\fGaqUPI.exe
  C:\Windows\System\fGaqUPI.exe
  2⤵
  PID:3264
- C:\Windows\System\kuAmTkY.exe
  C:\Windows\System\kuAmTkY.exe
  2⤵
  PID:2164
- C:\Windows\System\FfQiEsu.exe
  C:\Windows\System\FfQiEsu.exe
  2⤵
  PID:4108
- C:\Windows\System\rHSYAec.exe
  C:\Windows\System\rHSYAec.exe
  2⤵
  PID:4128
- C:\Windows\System\MfZIChM.exe
  C:\Windows\System\MfZIChM.exe
  2⤵
  PID:4148
- C:\Windows\System\aBYktbn.exe
  C:\Windows\System\aBYktbn.exe
  2⤵
  PID:4176
- C:\Windows\System\gOBJnVw.exe
  C:\Windows\System\gOBJnVw.exe
  2⤵
  PID:4192
- C:\Windows\System\yEzPcHE.exe
  C:\Windows\System\yEzPcHE.exe
  2⤵
  PID:4212
- C:\Windows\System\aHXLLAr.exe
  C:\Windows\System\aHXLLAr.exe
  2⤵
  PID:4232
- C:\Windows\System\JBGBfPW.exe
  C:\Windows\System\JBGBfPW.exe
  2⤵
  PID:4252
- C:\Windows\System\yDwZEEd.exe
  C:\Windows\System\yDwZEEd.exe
  2⤵
  PID:4272
- C:\Windows\System\FsEJBiJ.exe
  C:\Windows\System\FsEJBiJ.exe
  2⤵
  PID:4292
- C:\Windows\System\cNewiBJ.exe
  C:\Windows\System\cNewiBJ.exe
  2⤵
  PID:4312
- C:\Windows\System\HNVjxsl.exe
  C:\Windows\System\HNVjxsl.exe
  2⤵
  PID:4328
- C:\Windows\System\XsqBIOa.exe
  C:\Windows\System\XsqBIOa.exe
  2⤵
  PID:4352
- C:\Windows\System\tGaYFHW.exe
  C:\Windows\System\tGaYFHW.exe
  2⤵
  PID:4368
- C:\Windows\System\iGkTaiL.exe
  C:\Windows\System\iGkTaiL.exe
  2⤵
  PID:4388
- C:\Windows\System\HJBMwCI.exe
  C:\Windows\System\HJBMwCI.exe
  2⤵
  PID:4408
- C:\Windows\System\ybuFLrq.exe
  C:\Windows\System\ybuFLrq.exe
  2⤵
  PID:4424
- C:\Windows\System\ZlTXsGT.exe
  C:\Windows\System\ZlTXsGT.exe
  2⤵
  PID:4444
- C:\Windows\System\cDtDhDD.exe
  C:\Windows\System\cDtDhDD.exe
  2⤵
  PID:4472
- C:\Windows\System\sJLCiMU.exe
  C:\Windows\System\sJLCiMU.exe
  2⤵
  PID:4496
- C:\Windows\System\nsAfzOC.exe
  C:\Windows\System\nsAfzOC.exe
  2⤵
  PID:4512
- C:\Windows\System\AGOkung.exe
  C:\Windows\System\AGOkung.exe
  2⤵
  PID:4532
- C:\Windows\System\YLxEcnL.exe
  C:\Windows\System\YLxEcnL.exe
  2⤵
  PID:4552
- C:\Windows\System\UXqyYFl.exe
  C:\Windows\System\UXqyYFl.exe
  2⤵
  PID:4580
- C:\Windows\System\UaVyDnT.exe
  C:\Windows\System\UaVyDnT.exe
  2⤵
  PID:4596
- C:\Windows\System\biCszBx.exe
  C:\Windows\System\biCszBx.exe
  2⤵
  PID:4616
- C:\Windows\System\jrLYaod.exe
  C:\Windows\System\jrLYaod.exe
  2⤵
  PID:4636
- C:\Windows\System\yeCZyuM.exe
  C:\Windows\System\yeCZyuM.exe
  2⤵
  PID:4656
- C:\Windows\System\SGtNVcz.exe
  C:\Windows\System\SGtNVcz.exe
  2⤵
  PID:4672
- C:\Windows\System\nwainTZ.exe
  C:\Windows\System\nwainTZ.exe
  2⤵
  PID:4696
- C:\Windows\System\IbWRonQ.exe
  C:\Windows\System\IbWRonQ.exe
  2⤵
  PID:4716
- C:\Windows\System\qbRuPDH.exe
  C:\Windows\System\qbRuPDH.exe
  2⤵
  PID:4736
- C:\Windows\System\KRbgGAA.exe
  C:\Windows\System\KRbgGAA.exe
  2⤵
  PID:4756
- C:\Windows\System\dimXsie.exe
  C:\Windows\System\dimXsie.exe
  2⤵
  PID:4776
- C:\Windows\System\hrMlFJo.exe
  C:\Windows\System\hrMlFJo.exe
  2⤵
  PID:4796
- C:\Windows\System\OhhWCez.exe
  C:\Windows\System\OhhWCez.exe
  2⤵
  PID:4816
- C:\Windows\System\pStRXwi.exe
  C:\Windows\System\pStRXwi.exe
  2⤵
  PID:4840
- C:\Windows\System\bNYxrnN.exe
  C:\Windows\System\bNYxrnN.exe
  2⤵
  PID:4860
- C:\Windows\System\rTipdiM.exe
  C:\Windows\System\rTipdiM.exe
  2⤵
  PID:4880
- C:\Windows\System\AnYIItH.exe
  C:\Windows\System\AnYIItH.exe
  2⤵
  PID:4896
- C:\Windows\System\UrTqPwg.exe
  C:\Windows\System\UrTqPwg.exe
  2⤵
  PID:4916
- C:\Windows\System\PkeWXGZ.exe
  C:\Windows\System\PkeWXGZ.exe
  2⤵
  PID:4936
- C:\Windows\System\pablICP.exe
  C:\Windows\System\pablICP.exe
  2⤵
  PID:4956
- C:\Windows\System\mugMbla.exe
  C:\Windows\System\mugMbla.exe
  2⤵
  PID:4976
- C:\Windows\System\VLbxeqA.exe
  C:\Windows\System\VLbxeqA.exe
  2⤵
  PID:4992
- C:\Windows\System\jZvIJKL.exe
  C:\Windows\System\jZvIJKL.exe
  2⤵
  PID:5012
- C:\Windows\System\dBQLnGZ.exe
  C:\Windows\System\dBQLnGZ.exe
  2⤵
  PID:5028
- C:\Windows\System\YwLYGOR.exe
  C:\Windows\System\YwLYGOR.exe
  2⤵
  PID:5044
- C:\Windows\System\lwUuDZY.exe
  C:\Windows\System\lwUuDZY.exe
  2⤵
  PID:5064
- C:\Windows\System\kHOEwbx.exe
  C:\Windows\System\kHOEwbx.exe
  2⤵
  PID:5080
- C:\Windows\System\CuTLxwD.exe
  C:\Windows\System\CuTLxwD.exe
  2⤵
  PID:5100
- C:\Windows\System\AOghXgl.exe
  C:\Windows\System\AOghXgl.exe
  2⤵
  PID:5116
- C:\Windows\System\LLCoRRz.exe
  C:\Windows\System\LLCoRRz.exe
  2⤵
  PID:3856
- C:\Windows\System\IYjYkCu.exe
  C:\Windows\System\IYjYkCu.exe
  2⤵
  PID:3704
- C:\Windows\System\ckxNwXX.exe
  C:\Windows\System\ckxNwXX.exe
  2⤵
  PID:3764
- C:\Windows\System\qelTUyH.exe
  C:\Windows\System\qelTUyH.exe
  2⤵
  PID:3992
- C:\Windows\System\bbjgXeJ.exe
  C:\Windows\System\bbjgXeJ.exe
  2⤵
  PID:2668
- C:\Windows\System\FOLrkjp.exe
  C:\Windows\System\FOLrkjp.exe
  2⤵
  PID:2732
- C:\Windows\System\kLZFgDK.exe
  C:\Windows\System\kLZFgDK.exe
  2⤵
  PID:1640
- C:\Windows\System\IlfbSTx.exe
  C:\Windows\System\IlfbSTx.exe
  2⤵
  PID:3600
- C:\Windows\System\trZevlF.exe
  C:\Windows\System\trZevlF.exe
  2⤵
  PID:2664
- C:\Windows\System\KIBUuRW.exe
  C:\Windows\System\KIBUuRW.exe
  2⤵
  PID:4120
- C:\Windows\System\mRErLoJ.exe
  C:\Windows\System\mRErLoJ.exe
  2⤵
  PID:4164
- C:\Windows\System\PacChIS.exe
  C:\Windows\System\PacChIS.exe
  2⤵
  PID:4204
- C:\Windows\System\lobXKDd.exe
  C:\Windows\System\lobXKDd.exe
  2⤵
  PID:4100
- C:\Windows\System\nmDpXTl.exe
  C:\Windows\System\nmDpXTl.exe
  2⤵
  PID:4184
- C:\Windows\System\DypmaAo.exe
  C:\Windows\System\DypmaAo.exe
  2⤵
  PID:4320
- C:\Windows\System\wIeChqv.exe
  C:\Windows\System\wIeChqv.exe
  2⤵
  PID:4228
- C:\Windows\System\UkYDqcV.exe
  C:\Windows\System\UkYDqcV.exe
  2⤵
  PID:4364
- C:\Windows\System\WolZjRw.exe
  C:\Windows\System\WolZjRw.exe
  2⤵
  PID:4432
- C:\Windows\System\KuAvHLf.exe
  C:\Windows\System\KuAvHLf.exe
  2⤵
  PID:4440
- C:\Windows\System\HIgAXxA.exe
  C:\Windows\System\HIgAXxA.exe
  2⤵
  PID:4344
- C:\Windows\System\fEKcllR.exe
  C:\Windows\System\fEKcllR.exe
  2⤵
  PID:4420
- C:\Windows\System\TzVMGyP.exe
  C:\Windows\System\TzVMGyP.exe
  2⤵
  PID:4560
- C:\Windows\System\rzKTKYj.exe
  C:\Windows\System\rzKTKYj.exe
  2⤵
  PID:4456
- C:\Windows\System\xRcEbbP.exe
  C:\Windows\System\xRcEbbP.exe
  2⤵
  PID:4612
- C:\Windows\System\XKSrbya.exe
  C:\Windows\System\XKSrbya.exe
  2⤵
  PID:4504
- C:\Windows\System\yQsmUNX.exe
  C:\Windows\System\yQsmUNX.exe
  2⤵
  PID:4588
- C:\Windows\System\yEKcuKW.exe
  C:\Windows\System\yEKcuKW.exe
  2⤵
  PID:4692
- C:\Windows\System\aYgBtOY.exe
  C:\Windows\System\aYgBtOY.exe
  2⤵
  PID:4668
- C:\Windows\System\kEpfdfs.exe
  C:\Windows\System\kEpfdfs.exe
  2⤵
  PID:4764
- C:\Windows\System\EkelcLL.exe
  C:\Windows\System\EkelcLL.exe
  2⤵
  PID:4848
- C:\Windows\System\HepSxyW.exe
  C:\Windows\System\HepSxyW.exe
  2⤵
  PID:4492
- C:\Windows\System\iFYCnFk.exe
  C:\Windows\System\iFYCnFk.exe
  2⤵
  PID:4972
- C:\Windows\System\fmhjANb.exe
  C:\Windows\System\fmhjANb.exe
  2⤵
  PID:4748
- C:\Windows\System\dqbHQeG.exe
  C:\Windows\System\dqbHQeG.exe
  2⤵
  PID:5004
- C:\Windows\System\bhyhBlj.exe
  C:\Windows\System\bhyhBlj.exe
  2⤵
  PID:4828
- C:\Windows\System\jyICMwI.exe
  C:\Windows\System\jyICMwI.exe
  2⤵
  PID:5072
- C:\Windows\System\hGuikUg.exe
  C:\Windows\System\hGuikUg.exe
  2⤵
  PID:3796
- C:\Windows\System\HUTeIYK.exe
  C:\Windows\System\HUTeIYK.exe
  2⤵
  PID:4904
- C:\Windows\System\gCUpfhG.exe
  C:\Windows\System\gCUpfhG.exe
  2⤵
  PID:4952
- C:\Windows\System\EjYxXrA.exe
  C:\Windows\System\EjYxXrA.exe
  2⤵
  PID:2496
- C:\Windows\System\hveANUu.exe
  C:\Windows\System\hveANUu.exe
  2⤵
  PID:4988
- C:\Windows\System\MlWYwdP.exe
  C:\Windows\System\MlWYwdP.exe
  2⤵
  PID:3456
- C:\Windows\System\QlyDKco.exe
  C:\Windows\System\QlyDKco.exe
  2⤵
  PID:4172
- C:\Windows\System\oTgSkxx.exe
  C:\Windows\System\oTgSkxx.exe
  2⤵
  PID:4244
- C:\Windows\System\nojRTuy.exe
  C:\Windows\System\nojRTuy.exe
  2⤵
  PID:4004
- C:\Windows\System\cPXxwpU.exe
  C:\Windows\System\cPXxwpU.exe
  2⤵
  PID:3744
- C:\Windows\System\FgFTKru.exe
  C:\Windows\System\FgFTKru.exe
  2⤵
  PID:5092
- C:\Windows\System\OXRzUze.exe
  C:\Windows\System\OXRzUze.exe
  2⤵
  PID:3188
- C:\Windows\System\nMGhMrW.exe
  C:\Windows\System\nMGhMrW.exe
  2⤵
  PID:3728
- C:\Windows\System\gIiwbVL.exe
  C:\Windows\System\gIiwbVL.exe
  2⤵
  PID:4400
- C:\Windows\System\zLyxRnu.exe
  C:\Windows\System\zLyxRnu.exe
  2⤵
  PID:4480
- C:\Windows\System\KQHHdmK.exe
  C:\Windows\System\KQHHdmK.exe
  2⤵
  PID:4524
- C:\Windows\System\rogIMHY.exe
  C:\Windows\System\rogIMHY.exe
  2⤵
  PID:4468
- C:\Windows\System\mftOeNN.exe
  C:\Windows\System\mftOeNN.exe
  2⤵
  PID:3548
- C:\Windows\System\zoWmvfg.exe
  C:\Windows\System\zoWmvfg.exe
  2⤵
  PID:4624
- C:\Windows\System\bQvVOSw.exe
  C:\Windows\System\bQvVOSw.exe
  2⤵
  PID:4804
- C:\Windows\System\RhXLdwk.exe
  C:\Windows\System\RhXLdwk.exe
  2⤵
  PID:4268
- C:\Windows\System\rEkFPpJ.exe
  C:\Windows\System\rEkFPpJ.exe
  2⤵
  PID:4572
- C:\Windows\System\CaMVxjr.exe
  C:\Windows\System\CaMVxjr.exe
  2⤵
  PID:4744
- C:\Windows\System\GcEQCvQ.exe
  C:\Windows\System\GcEQCvQ.exe
  2⤵
  PID:5040
- C:\Windows\System\ULUxnEE.exe
  C:\Windows\System\ULUxnEE.exe
  2⤵
  PID:4688
- C:\Windows\System\lPNDsCX.exe
  C:\Windows\System\lPNDsCX.exe
  2⤵
  PID:4728
- C:\Windows\System\XXLDqvI.exe
  C:\Windows\System\XXLDqvI.exe
  2⤵
  PID:4856
- C:\Windows\System\ESCTbdV.exe
  C:\Windows\System\ESCTbdV.exe
  2⤵
  PID:4784
- C:\Windows\System\VBtKAdL.exe
  C:\Windows\System\VBtKAdL.exe
  2⤵
  PID:4208
- C:\Windows\System\CkZrnZv.exe
  C:\Windows\System\CkZrnZv.exe
  2⤵
  PID:3512
- C:\Windows\System\SHuilwk.exe
  C:\Windows\System\SHuilwk.exe
  2⤵
  PID:4028
- C:\Windows\System\WTQUFMs.exe
  C:\Windows\System\WTQUFMs.exe
  2⤵
  PID:5056
- C:\Windows\System\CHPrflS.exe
  C:\Windows\System\CHPrflS.exe
  2⤵
  PID:2848
- C:\Windows\System\SrqPUaw.exe
  C:\Windows\System\SrqPUaw.exe
  2⤵
  PID:3128
- C:\Windows\System\oaYZMeO.exe
  C:\Windows\System\oaYZMeO.exe
  2⤵
  PID:4384
- C:\Windows\System\ucJSIvN.exe
  C:\Windows\System\ucJSIvN.exe
  2⤵
  PID:4548
- C:\Windows\System\TuOxLkN.exe
  C:\Windows\System\TuOxLkN.exe
  2⤵
  PID:3968
- C:\Windows\System\mdAkTrx.exe
  C:\Windows\System\mdAkTrx.exe
  2⤵
  PID:3924
- C:\Windows\System\bDjfbKM.exe
  C:\Windows\System\bDjfbKM.exe
  2⤵
  PID:4928
- C:\Windows\System\faSJGXY.exe
  C:\Windows\System\faSJGXY.exe
  2⤵
  PID:4652
- C:\Windows\System\TZUVQQB.exe
  C:\Windows\System\TZUVQQB.exe
  2⤵
  PID:4808
- C:\Windows\System\pglGPRw.exe
  C:\Windows\System\pglGPRw.exe
  2⤵
  PID:4200
- C:\Windows\System\LFUdRlR.exe
  C:\Windows\System\LFUdRlR.exe
  2⤵
  PID:5124
- C:\Windows\System\uqdlRTR.exe
  C:\Windows\System\uqdlRTR.exe
  2⤵
  PID:5148
- C:\Windows\System\HpTFdPk.exe
  C:\Windows\System\HpTFdPk.exe
  2⤵
  PID:5172
- C:\Windows\System\cKwEsWZ.exe
  C:\Windows\System\cKwEsWZ.exe
  2⤵
  PID:5192
- C:\Windows\System\xfJrMmu.exe
  C:\Windows\System\xfJrMmu.exe
  2⤵
  PID:5212
- C:\Windows\System\aHhMqiF.exe
  C:\Windows\System\aHhMqiF.exe
  2⤵
  PID:5232
- C:\Windows\System\gFuZKlV.exe
  C:\Windows\System\gFuZKlV.exe
  2⤵
  PID:5252
- C:\Windows\System\gGDRshf.exe
  C:\Windows\System\gGDRshf.exe
  2⤵
  PID:5272
- C:\Windows\System\HpUzcvE.exe
  C:\Windows\System\HpUzcvE.exe
  2⤵
  PID:5292
- C:\Windows\System\anXsfLn.exe
  C:\Windows\System\anXsfLn.exe
  2⤵
  PID:5312
- C:\Windows\System\jKedubT.exe
  C:\Windows\System\jKedubT.exe
  2⤵
  PID:5332
- C:\Windows\System\BnzJpGx.exe
  C:\Windows\System\BnzJpGx.exe
  2⤵
  PID:5352
- C:\Windows\System\ZhQACzg.exe
  C:\Windows\System\ZhQACzg.exe
  2⤵
  PID:5372
- C:\Windows\System\zPJoEZv.exe
  C:\Windows\System\zPJoEZv.exe
  2⤵
  PID:5392
- C:\Windows\System\XFivjJS.exe
  C:\Windows\System\XFivjJS.exe
  2⤵
  PID:5412
- C:\Windows\System\FBYsdZl.exe
  C:\Windows\System\FBYsdZl.exe
  2⤵
  PID:5432
- C:\Windows\System\MdnqcIU.exe
  C:\Windows\System\MdnqcIU.exe
  2⤵
  PID:5452
- C:\Windows\System\HgcjeTD.exe
  C:\Windows\System\HgcjeTD.exe
  2⤵
  PID:5472
- C:\Windows\System\GceOeab.exe
  C:\Windows\System\GceOeab.exe
  2⤵
  PID:5492
- C:\Windows\System\AAGwJXN.exe
  C:\Windows\System\AAGwJXN.exe
  2⤵
  PID:5512
- C:\Windows\System\pqAFgxG.exe
  C:\Windows\System\pqAFgxG.exe
  2⤵
  PID:5532
- C:\Windows\System\AuIwXdE.exe
  C:\Windows\System\AuIwXdE.exe
  2⤵
  PID:5552
- C:\Windows\System\fWtHbkF.exe
  C:\Windows\System\fWtHbkF.exe
  2⤵
  PID:5572
- C:\Windows\System\CNYAfHA.exe
  C:\Windows\System\CNYAfHA.exe
  2⤵
  PID:5592
- C:\Windows\System\TBWEORT.exe
  C:\Windows\System\TBWEORT.exe
  2⤵
  PID:5612
- C:\Windows\System\uUOYRBR.exe
  C:\Windows\System\uUOYRBR.exe
  2⤵
  PID:5632
- C:\Windows\System\TzfzJCr.exe
  C:\Windows\System\TzfzJCr.exe
  2⤵
  PID:5652
- C:\Windows\System\LXAgUNC.exe
  C:\Windows\System\LXAgUNC.exe
  2⤵
  PID:5672
- C:\Windows\System\fbqdseG.exe
  C:\Windows\System\fbqdseG.exe
  2⤵
  PID:5692
- C:\Windows\System\vgCXJNv.exe
  C:\Windows\System\vgCXJNv.exe
  2⤵
  PID:5712
- C:\Windows\System\WPGgCjD.exe
  C:\Windows\System\WPGgCjD.exe
  2⤵
  PID:5732
- C:\Windows\System\qqhKotU.exe
  C:\Windows\System\qqhKotU.exe
  2⤵
  PID:5752
- C:\Windows\System\ZKRPTfF.exe
  C:\Windows\System\ZKRPTfF.exe
  2⤵
  PID:5772
- C:\Windows\System\wkJXXoP.exe
  C:\Windows\System\wkJXXoP.exe
  2⤵
  PID:5792
- C:\Windows\System\sDXAqmg.exe
  C:\Windows\System\sDXAqmg.exe
  2⤵
  PID:5812
- C:\Windows\System\Skjgqpq.exe
  C:\Windows\System\Skjgqpq.exe
  2⤵
  PID:5832
- C:\Windows\System\pGHBXgy.exe
  C:\Windows\System\pGHBXgy.exe
  2⤵
  PID:5856
- C:\Windows\System\SWRwiiW.exe
  C:\Windows\System\SWRwiiW.exe
  2⤵
  PID:5876
- C:\Windows\System\vOUYUYQ.exe
  C:\Windows\System\vOUYUYQ.exe
  2⤵
  PID:5896
- C:\Windows\System\NcBiSKI.exe
  C:\Windows\System\NcBiSKI.exe
  2⤵
  PID:5916
- C:\Windows\System\RSHqtDS.exe
  C:\Windows\System\RSHqtDS.exe
  2⤵
  PID:5936
- C:\Windows\System\UkSlWJN.exe
  C:\Windows\System\UkSlWJN.exe
  2⤵
  PID:5956
- C:\Windows\System\MPIMpAP.exe
  C:\Windows\System\MPIMpAP.exe
  2⤵
  PID:5976
- C:\Windows\System\EXejArv.exe
  C:\Windows\System\EXejArv.exe
  2⤵
  PID:5996
- C:\Windows\System\TKAHoQk.exe
  C:\Windows\System\TKAHoQk.exe
  2⤵
  PID:6016
- C:\Windows\System\dbQuSDo.exe
  C:\Windows\System\dbQuSDo.exe
  2⤵
  PID:6036
- C:\Windows\System\bmahCiU.exe
  C:\Windows\System\bmahCiU.exe
  2⤵
  PID:6056
- C:\Windows\System\SuTYyiO.exe
  C:\Windows\System\SuTYyiO.exe
  2⤵
  PID:6076
- C:\Windows\System\AJewbAF.exe
  C:\Windows\System\AJewbAF.exe
  2⤵
  PID:6096
- C:\Windows\System\fPZNATy.exe
  C:\Windows\System\fPZNATy.exe
  2⤵
  PID:6116
- C:\Windows\System\lmsTBai.exe
  C:\Windows\System\lmsTBai.exe
  2⤵
  PID:6136
- C:\Windows\System\FDxNuWj.exe
  C:\Windows\System\FDxNuWj.exe
  2⤵
  PID:5096
- C:\Windows\System\oygXQKo.exe
  C:\Windows\System\oygXQKo.exe
  2⤵
  PID:4888
- C:\Windows\System\btJGBce.exe
  C:\Windows\System\btJGBce.exe
  2⤵
  PID:1620
- C:\Windows\System\zwNDKeD.exe
  C:\Windows\System\zwNDKeD.exe
  2⤵
  PID:2076
- C:\Windows\System\DEtvlOK.exe
  C:\Windows\System\DEtvlOK.exe
  2⤵
  PID:4224
- C:\Windows\System\hCeTnfH.exe
  C:\Windows\System\hCeTnfH.exe
  2⤵
  PID:5024
- C:\Windows\System\YiLFzHk.exe
  C:\Windows\System\YiLFzHk.exe
  2⤵
  PID:4628
- C:\Windows\System\tfYMQzH.exe
  C:\Windows\System\tfYMQzH.exe
  2⤵
  PID:4284
- C:\Windows\System\nTJLDJH.exe
  C:\Windows\System\nTJLDJH.exe
  2⤵
  PID:4648
- C:\Windows\System\wENiFpN.exe
  C:\Windows\System\wENiFpN.exe
  2⤵
  PID:4792
- C:\Windows\System\xbrxeFC.exe
  C:\Windows\System\xbrxeFC.exe
  2⤵
  PID:4932
- C:\Windows\System\yzUpZIp.exe
  C:\Windows\System\yzUpZIp.exe
  2⤵
  PID:5188
- C:\Windows\System\PNSjADR.exe
  C:\Windows\System\PNSjADR.exe
  2⤵
  PID:5208
- C:\Windows\System\vpkdgJm.exe
  C:\Windows\System\vpkdgJm.exe
  2⤵
  PID:5240
- C:\Windows\System\imnjSMZ.exe
  C:\Windows\System\imnjSMZ.exe
  2⤵
  PID:5264
- C:\Windows\System\eAGGyrV.exe
  C:\Windows\System\eAGGyrV.exe
  2⤵
  PID:5308
- C:\Windows\System\qkKJFKZ.exe
  C:\Windows\System\qkKJFKZ.exe
  2⤵
  PID:5348
- C:\Windows\System\LDSPeaA.exe
  C:\Windows\System\LDSPeaA.exe
  2⤵
  PID:5368
- C:\Windows\System\SYPucJz.exe
  C:\Windows\System\SYPucJz.exe
  2⤵
  PID:5408
- C:\Windows\System\rXVIaIp.exe
  C:\Windows\System\rXVIaIp.exe
  2⤵
  PID:5440
- C:\Windows\System\FSknTCZ.exe
  C:\Windows\System\FSknTCZ.exe
  2⤵
  PID:5464
- C:\Windows\System\hHAOKjW.exe
  C:\Windows\System\hHAOKjW.exe
  2⤵
  PID:5484
- C:\Windows\System\CJnXXYt.exe
  C:\Windows\System\CJnXXYt.exe
  2⤵
  PID:5548
- C:\Windows\System\FQLGKBD.exe
  C:\Windows\System\FQLGKBD.exe
  2⤵
  PID:5580
- C:\Windows\System\gqFyyhn.exe
  C:\Windows\System\gqFyyhn.exe
  2⤵
  PID:5600
- C:\Windows\System\UsGbkFj.exe
  C:\Windows\System\UsGbkFj.exe
  2⤵
  PID:5624
- C:\Windows\System\FEUMXHW.exe
  C:\Windows\System\FEUMXHW.exe
  2⤵
  PID:5664
- C:\Windows\System\ATVoraY.exe
  C:\Windows\System\ATVoraY.exe
  2⤵
  PID:5684
- C:\Windows\System\xSnZcfu.exe
  C:\Windows\System\xSnZcfu.exe
  2⤵
  PID:5728
- C:\Windows\System\favZutw.exe
  C:\Windows\System\favZutw.exe
  2⤵
  PID:5768
- C:\Windows\System\TRFzWJr.exe
  C:\Windows\System\TRFzWJr.exe
  2⤵
  PID:5820
- C:\Windows\System\MffhFjs.exe
  C:\Windows\System\MffhFjs.exe
  2⤵
  PID:5840
- C:\Windows\System\kSPKCQH.exe
  C:\Windows\System\kSPKCQH.exe
  2⤵
  PID:5868
- C:\Windows\System\iSmOjlP.exe
  C:\Windows\System\iSmOjlP.exe
  2⤵
  PID:5912
- C:\Windows\System\dymHZJH.exe
  C:\Windows\System\dymHZJH.exe
  2⤵
  PID:5928
- C:\Windows\System\eHCLqqy.exe
  C:\Windows\System\eHCLqqy.exe
  2⤵
  PID:5972
- C:\Windows\System\cUGdeCV.exe
  C:\Windows\System\cUGdeCV.exe
  2⤵
  PID:6012
- C:\Windows\System\GFPVZzv.exe
  C:\Windows\System\GFPVZzv.exe
  2⤵
  PID:6044
- C:\Windows\System\jjMCVMJ.exe
  C:\Windows\System\jjMCVMJ.exe
  2⤵
  PID:6068
- C:\Windows\System\BlkBHja.exe
  C:\Windows\System\BlkBHja.exe
  2⤵
  PID:6088
- C:\Windows\System\uGwhQUF.exe
  C:\Windows\System\uGwhQUF.exe
  2⤵
  PID:6132
- C:\Windows\System\xDvXIBG.exe
  C:\Windows\System\xDvXIBG.exe
  2⤵
  PID:4508
- C:\Windows\System\bpaaAIu.exe
  C:\Windows\System\bpaaAIu.exe
  2⤵
  PID:3660
- C:\Windows\System\RfutMPN.exe
  C:\Windows\System\RfutMPN.exe
  2⤵
  PID:4300
- C:\Windows\System\XICGeSq.exe
  C:\Windows\System\XICGeSq.exe
  2⤵
  PID:4664
- C:\Windows\System\aciALKY.exe
  C:\Windows\System\aciALKY.exe
  2⤵
  PID:4464
- C:\Windows\System\CQWbfNi.exe
  C:\Windows\System\CQWbfNi.exe
  2⤵
  PID:4832
- C:\Windows\System\suUHGuw.exe
  C:\Windows\System\suUHGuw.exe
  2⤵
  PID:5168
- C:\Windows\System\JYJKsIQ.exe
  C:\Windows\System\JYJKsIQ.exe
  2⤵
  PID:5244
- C:\Windows\System\vDUYSLI.exe
  C:\Windows\System\vDUYSLI.exe
  2⤵
  PID:5288
- C:\Windows\System\DRgblwt.exe
  C:\Windows\System\DRgblwt.exe
  2⤵
  PID:5328
- C:\Windows\System\lcBaAoU.exe
  C:\Windows\System\lcBaAoU.exe
  2⤵
  PID:5384
- C:\Windows\System\vkgtEGF.exe
  C:\Windows\System\vkgtEGF.exe
  2⤵
  PID:5460
- C:\Windows\System\dJmDHBo.exe
  C:\Windows\System\dJmDHBo.exe
  2⤵
  PID:5520
- C:\Windows\System\vXpwurc.exe
  C:\Windows\System\vXpwurc.exe
  2⤵
  PID:5164
- C:\Windows\System\avUeywk.exe
  C:\Windows\System\avUeywk.exe
  2⤵
  PID:5620
- C:\Windows\System\iOrTsPd.exe
  C:\Windows\System\iOrTsPd.exe
  2⤵
  PID:5668
- C:\Windows\System\bdpFNey.exe
  C:\Windows\System\bdpFNey.exe
  2⤵
  PID:5748
- C:\Windows\System\ZsfdEiL.exe
  C:\Windows\System\ZsfdEiL.exe
  2⤵
  PID:5780
- C:\Windows\System\gDmXESo.exe
  C:\Windows\System\gDmXESo.exe
  2⤵
  PID:5828
- C:\Windows\System\GsmuVDc.exe
  C:\Windows\System\GsmuVDc.exe
  2⤵
  PID:5944
- C:\Windows\System\vXEPigK.exe
  C:\Windows\System\vXEPigK.exe
  2⤵
  PID:5948
- C:\Windows\System\UXHTnyK.exe
  C:\Windows\System\UXHTnyK.exe
  2⤵
  PID:5988
- C:\Windows\System\VRvUfnL.exe
  C:\Windows\System\VRvUfnL.exe
  2⤵
  PID:6072
- C:\Windows\System\yEDAwhg.exe
  C:\Windows\System\yEDAwhg.exe
  2⤵
  PID:6124
- C:\Windows\System\YayjQkm.exe
  C:\Windows\System\YayjQkm.exe
  2⤵
  PID:4732
- C:\Windows\System\OAAqVQk.exe
  C:\Windows\System\OAAqVQk.exe
  2⤵
  PID:3836
- C:\Windows\System\YpNJsSF.exe
  C:\Windows\System\YpNJsSF.exe
  2⤵
  PID:3880
- C:\Windows\System\SWxaCtV.exe
  C:\Windows\System\SWxaCtV.exe
  2⤵
  PID:5140
- C:\Windows\System\rexaRrA.exe
  C:\Windows\System\rexaRrA.exe
  2⤵
  PID:5160
- C:\Windows\System\QmWjjsI.exe
  C:\Windows\System\QmWjjsI.exe
  2⤵
  PID:5284
- C:\Windows\System\CHBuuHf.exe
  C:\Windows\System\CHBuuHf.exe
  2⤵
  PID:5428
- C:\Windows\System\pmwXKRW.exe
  C:\Windows\System\pmwXKRW.exe
  2⤵
  PID:5500
- C:\Windows\System\MTzCDAk.exe
  C:\Windows\System\MTzCDAk.exe
  2⤵
  PID:5644
- C:\Windows\System\IZeuxdN.exe
  C:\Windows\System\IZeuxdN.exe
  2⤵
  PID:5708
- C:\Windows\System\mNSTovZ.exe
  C:\Windows\System\mNSTovZ.exe
  2⤵
  PID:6160
- C:\Windows\System\DYgzGeo.exe
  C:\Windows\System\DYgzGeo.exe
  2⤵
  PID:6180
- C:\Windows\System\FqjcxTY.exe
  C:\Windows\System\FqjcxTY.exe
  2⤵
  PID:6200
- C:\Windows\System\FlmIxaj.exe
  C:\Windows\System\FlmIxaj.exe
  2⤵
  PID:6220
- C:\Windows\System\DSVbwfo.exe
  C:\Windows\System\DSVbwfo.exe
  2⤵
  PID:6240
- C:\Windows\System\iGFckQS.exe
  C:\Windows\System\iGFckQS.exe
  2⤵
  PID:6260
- C:\Windows\System\xtXKKGr.exe
  C:\Windows\System\xtXKKGr.exe
  2⤵
  PID:6280
- C:\Windows\System\UpAppLV.exe
  C:\Windows\System\UpAppLV.exe
  2⤵
  PID:6300
- C:\Windows\System\HKRNlRJ.exe
  C:\Windows\System\HKRNlRJ.exe
  2⤵
  PID:6320
- C:\Windows\System\wGdIXbR.exe
  C:\Windows\System\wGdIXbR.exe
  2⤵
  PID:6340
- C:\Windows\System\jfrJrjg.exe
  C:\Windows\System\jfrJrjg.exe
  2⤵
  PID:6360
- C:\Windows\System\ttCfQhh.exe
  C:\Windows\System\ttCfQhh.exe
  2⤵
  PID:6380
- C:\Windows\System\POLbfLx.exe
  C:\Windows\System\POLbfLx.exe
  2⤵
  PID:6400
- C:\Windows\System\tKoECvJ.exe
  C:\Windows\System\tKoECvJ.exe
  2⤵
  PID:6420
- C:\Windows\System\BucLXjl.exe
  C:\Windows\System\BucLXjl.exe
  2⤵
  PID:6440
- C:\Windows\System\cEhuFOS.exe
  C:\Windows\System\cEhuFOS.exe
  2⤵
  PID:6460
- C:\Windows\System\ttaTrGG.exe
  C:\Windows\System\ttaTrGG.exe
  2⤵
  PID:6480
- C:\Windows\System\hsRHzOs.exe
  C:\Windows\System\hsRHzOs.exe
  2⤵
  PID:6500
- C:\Windows\System\eeJUzIH.exe
  C:\Windows\System\eeJUzIH.exe
  2⤵
  PID:6520
- C:\Windows\System\GMZWbkm.exe
  C:\Windows\System\GMZWbkm.exe
  2⤵
  PID:6540
- C:\Windows\System\pipUikk.exe
  C:\Windows\System\pipUikk.exe
  2⤵
  PID:6560
- C:\Windows\System\AlSKVCW.exe
  C:\Windows\System\AlSKVCW.exe
  2⤵
  PID:6580
- C:\Windows\System\iclawBR.exe
  C:\Windows\System\iclawBR.exe
  2⤵
  PID:6600
- C:\Windows\System\wHnECcX.exe
  C:\Windows\System\wHnECcX.exe
  2⤵
  PID:6620
- C:\Windows\System\KVhwUbf.exe
  C:\Windows\System\KVhwUbf.exe
  2⤵
  PID:6640
- C:\Windows\System\BqfKqXL.exe
  C:\Windows\System\BqfKqXL.exe
  2⤵
  PID:6664
- C:\Windows\System\zCyDXVY.exe
  C:\Windows\System\zCyDXVY.exe
  2⤵
  PID:6684
- C:\Windows\System\XRzNGbu.exe
  C:\Windows\System\XRzNGbu.exe
  2⤵
  PID:6704
- C:\Windows\System\VmyfNmf.exe
  C:\Windows\System\VmyfNmf.exe
  2⤵
  PID:6724
- C:\Windows\System\jBOwHRg.exe
  C:\Windows\System\jBOwHRg.exe
  2⤵
  PID:6744
- C:\Windows\System\fCXEdhM.exe
  C:\Windows\System\fCXEdhM.exe
  2⤵
  PID:6764
- C:\Windows\System\wjXOLWg.exe
  C:\Windows\System\wjXOLWg.exe
  2⤵
  PID:6784
- C:\Windows\System\GAZjSlP.exe
  C:\Windows\System\GAZjSlP.exe
  2⤵
  PID:6808
- C:\Windows\System\Axgvhve.exe
  C:\Windows\System\Axgvhve.exe
  2⤵
  PID:6828
- C:\Windows\System\RTioaQQ.exe
  C:\Windows\System\RTioaQQ.exe
  2⤵
  PID:6848
- C:\Windows\System\DuDjQXT.exe
  C:\Windows\System\DuDjQXT.exe
  2⤵
  PID:6868
- C:\Windows\System\XrhyOby.exe
  C:\Windows\System\XrhyOby.exe
  2⤵
  PID:6888
- C:\Windows\System\VVOdqKb.exe
  C:\Windows\System\VVOdqKb.exe
  2⤵
  PID:6908
- C:\Windows\System\IqaLOhk.exe
  C:\Windows\System\IqaLOhk.exe
  2⤵
  PID:6928
- C:\Windows\System\xcCvwqB.exe
  C:\Windows\System\xcCvwqB.exe
  2⤵
  PID:6948
- C:\Windows\System\PbdRCjs.exe
  C:\Windows\System\PbdRCjs.exe
  2⤵
  PID:6968
- C:\Windows\System\ErAAzwp.exe
  C:\Windows\System\ErAAzwp.exe
  2⤵
  PID:6988
- C:\Windows\System\KhTJvGW.exe
  C:\Windows\System\KhTJvGW.exe
  2⤵
  PID:7008
- C:\Windows\System\WwNLsfq.exe
  C:\Windows\System\WwNLsfq.exe
  2⤵
  PID:7028
- C:\Windows\System\MlVSAYe.exe
  C:\Windows\System\MlVSAYe.exe
  2⤵
  PID:7048
- C:\Windows\System\tXVkwbv.exe
  C:\Windows\System\tXVkwbv.exe
  2⤵
  PID:7068
- C:\Windows\System\yuNmWcv.exe
  C:\Windows\System\yuNmWcv.exe
  2⤵
  PID:7088
- C:\Windows\System\vJjJhLn.exe
  C:\Windows\System\vJjJhLn.exe
  2⤵
  PID:7108
- C:\Windows\System\yHAjFFI.exe
  C:\Windows\System\yHAjFFI.exe
  2⤵
  PID:7128
- C:\Windows\System\pYlDNQH.exe
  C:\Windows\System\pYlDNQH.exe
  2⤵
  PID:7148
- C:\Windows\System\ruvINWr.exe
  C:\Windows\System\ruvINWr.exe
  2⤵
  PID:5788
- C:\Windows\System\ByeEadj.exe
  C:\Windows\System\ByeEadj.exe
  2⤵
  PID:5824
- C:\Windows\System\MKXpKRN.exe
  C:\Windows\System\MKXpKRN.exe
  2⤵
  PID:5888
- C:\Windows\System\vFQVVjl.exe
  C:\Windows\System\vFQVVjl.exe
  2⤵
  PID:5992
- C:\Windows\System\wuReWrG.exe
  C:\Windows\System\wuReWrG.exe
  2⤵
  PID:6112
- C:\Windows\System\NPlITFa.exe
  C:\Windows\System\NPlITFa.exe
  2⤵
  PID:4576
- C:\Windows\System\ffnlacu.exe
  C:\Windows\System\ffnlacu.exe
  2⤵
  PID:4868
- C:\Windows\System\BIMhFKX.exe
  C:\Windows\System\BIMhFKX.exe
  2⤵
  PID:5220
- C:\Windows\System\yvHnqNB.exe
  C:\Windows\System\yvHnqNB.exe
  2⤵
  PID:5228
- C:\Windows\System\jlwiJOD.exe
  C:\Windows\System\jlwiJOD.exe
  2⤵
  PID:5528
- C:\Windows\System\WJPclMq.exe
  C:\Windows\System\WJPclMq.exe
  2⤵
  PID:5560
- C:\Windows\System\pFeRBgd.exe
  C:\Windows\System\pFeRBgd.exe
  2⤵
  PID:6168
- C:\Windows\System\uJmJvbt.exe
  C:\Windows\System\uJmJvbt.exe
  2⤵
  PID:6208
- C:\Windows\System\PLCVDcE.exe
  C:\Windows\System\PLCVDcE.exe
  2⤵
  PID:6228
- C:\Windows\System\UcBuvxV.exe
  C:\Windows\System\UcBuvxV.exe
  2⤵
  PID:6252
- C:\Windows\System\HCOwaFN.exe
  C:\Windows\System\HCOwaFN.exe
  2⤵
  PID:6296
- C:\Windows\System\tboAFQR.exe
  C:\Windows\System\tboAFQR.exe
  2⤵
  PID:6328
- C:\Windows\System\IjpCNUP.exe
  C:\Windows\System\IjpCNUP.exe
  2⤵
  PID:6368
- C:\Windows\System\ciEHHgS.exe
  C:\Windows\System\ciEHHgS.exe
  2⤵
  PID:6388
- C:\Windows\System\HpnAjZT.exe
  C:\Windows\System\HpnAjZT.exe
  2⤵
  PID:6436
- C:\Windows\System\dWcQSPM.exe
  C:\Windows\System\dWcQSPM.exe
  2⤵
  PID:6468
- C:\Windows\System\HeTqukT.exe
  C:\Windows\System\HeTqukT.exe
  2⤵
  PID:6492
- C:\Windows\System\wRAXXJq.exe
  C:\Windows\System\wRAXXJq.exe
  2⤵
  PID:6532
- C:\Windows\System\KgLtgRM.exe
  C:\Windows\System\KgLtgRM.exe
  2⤵
  PID:6556
- C:\Windows\System\zLLHnla.exe
  C:\Windows\System\zLLHnla.exe
  2⤵
  PID:6608
- C:\Windows\System\HImePGn.exe
  C:\Windows\System\HImePGn.exe
  2⤵
  PID:6632
- C:\Windows\System\cuwMGCl.exe
  C:\Windows\System\cuwMGCl.exe
  2⤵
  PID:6672
- C:\Windows\System\KDWxRXf.exe
  C:\Windows\System\KDWxRXf.exe
  2⤵
  PID:6712
- C:\Windows\System\WXTmqWx.exe
  C:\Windows\System\WXTmqWx.exe
  2⤵
  PID:6736
- C:\Windows\System\weMSiFK.exe
  C:\Windows\System\weMSiFK.exe
  2⤵
  PID:6756
- C:\Windows\System\nEFICQE.exe
  C:\Windows\System\nEFICQE.exe
  2⤵
  PID:6800
- C:\Windows\System\TqoDcFJ.exe
  C:\Windows\System\TqoDcFJ.exe
  2⤵
  PID:6840
- C:\Windows\System\yMVKHCi.exe
  C:\Windows\System\yMVKHCi.exe
  2⤵
  PID:6904
- C:\Windows\System\xiWpZov.exe
  C:\Windows\System\xiWpZov.exe
  2⤵
  PID:6916
- C:\Windows\System\iTyfLyq.exe
  C:\Windows\System\iTyfLyq.exe
  2⤵
  PID:6940
- C:\Windows\System\KcDIAUZ.exe
  C:\Windows\System\KcDIAUZ.exe
  2⤵
  PID:6984
- C:\Windows\System\txXRWye.exe
  C:\Windows\System\txXRWye.exe
  2⤵
  PID:7000
- C:\Windows\System\wtJGGhP.exe
  C:\Windows\System\wtJGGhP.exe
  2⤵
  PID:7044
- C:\Windows\System\MfymFTx.exe
  C:\Windows\System\MfymFTx.exe
  2⤵
  PID:6660
- C:\Windows\System\qvNzgMI.exe
  C:\Windows\System\qvNzgMI.exe
  2⤵
  PID:7104
- C:\Windows\System\AvDnMER.exe
  C:\Windows\System\AvDnMER.exe
  2⤵
  PID:7120
- C:\Windows\System\eRJuQre.exe
  C:\Windows\System\eRJuQre.exe
  2⤵
  PID:5784
- C:\Windows\System\RGEMFdX.exe
  C:\Windows\System\RGEMFdX.exe
  2⤵
  PID:5932
- C:\Windows\System\ZwmFsZj.exe
  C:\Windows\System\ZwmFsZj.exe
  2⤵
  PID:6032
- C:\Windows\System\jjwJARw.exe
  C:\Windows\System\jjwJARw.exe
  2⤵
  PID:4564
- C:\Windows\System\KRvMlKv.exe
  C:\Windows\System\KRvMlKv.exe
  2⤵
  PID:5136
- C:\Windows\System\UJOzCWu.exe
  C:\Windows\System\UJOzCWu.exe
  2⤵
  PID:5380
- C:\Windows\System\bsqaxhR.exe
  C:\Windows\System\bsqaxhR.exe
  2⤵
  PID:5604
- C:\Windows\System\oeEAkUT.exe
  C:\Windows\System\oeEAkUT.exe
  2⤵
  PID:6188
- C:\Windows\System\AvLGuSm.exe
  C:\Windows\System\AvLGuSm.exe
  2⤵
  PID:6232
- C:\Windows\System\JvbcAkT.exe
  C:\Windows\System\JvbcAkT.exe
  2⤵
  PID:6288
- C:\Windows\System\SLpiiCG.exe
  C:\Windows\System\SLpiiCG.exe
  2⤵
  PID:6312
- C:\Windows\System\IlbaTRz.exe
  C:\Windows\System\IlbaTRz.exe
  2⤵
  PID:6352
- C:\Windows\System\EYGxuVV.exe
  C:\Windows\System\EYGxuVV.exe
  2⤵
  PID:6488
- C:\Windows\System\DPPGkcV.exe
  C:\Windows\System\DPPGkcV.exe
  2⤵
  PID:6528
- C:\Windows\System\MsPHSWG.exe
  C:\Windows\System\MsPHSWG.exe
  2⤵
  PID:6636
- C:\Windows\System\gNyOHtY.exe
  C:\Windows\System\gNyOHtY.exe
  2⤵
  PID:6596
- C:\Windows\System\YMsSkzJ.exe
  C:\Windows\System\YMsSkzJ.exe
  2⤵
  PID:6696
- C:\Windows\System\AbtrTNr.exe
  C:\Windows\System\AbtrTNr.exe
  2⤵
  PID:6716
- C:\Windows\System\ZTefeMx.exe
  C:\Windows\System\ZTefeMx.exe
  2⤵
  PID:6824
- C:\Windows\System\MWWqIkG.exe
  C:\Windows\System\MWWqIkG.exe
  2⤵
  PID:6864
- C:\Windows\System\WHdkuTS.exe
  C:\Windows\System\WHdkuTS.exe
  2⤵
  PID:6944
- C:\Windows\System\pNVgZus.exe
  C:\Windows\System\pNVgZus.exe
  2⤵
  PID:6924
- C:\Windows\System\nXUQSCt.exe
  C:\Windows\System\nXUQSCt.exe
  2⤵
  PID:7036
- C:\Windows\System\wyUmHHQ.exe
  C:\Windows\System\wyUmHHQ.exe
  2⤵
  PID:7096
- C:\Windows\System\xARBvxr.exe
  C:\Windows\System\xARBvxr.exe
  2⤵
  PID:5720
- C:\Windows\System\afWZGUq.exe
  C:\Windows\System\afWZGUq.exe
  2⤵
  PID:7160
- C:\Windows\System\yjSzlwK.exe
  C:\Windows\System\yjSzlwK.exe
  2⤵
  PID:2120
- C:\Windows\System\LMDKobH.exe
  C:\Windows\System\LMDKobH.exe
  2⤵
  PID:5108
- C:\Windows\System\CTJDxCg.exe
  C:\Windows\System\CTJDxCg.exe
  2⤵
  PID:5388
- C:\Windows\System\PqDaSJj.exe
  C:\Windows\System\PqDaSJj.exe
  2⤵
  PID:6152
- C:\Windows\System\XPALpnr.exe
  C:\Windows\System\XPALpnr.exe
  2⤵
  PID:6348
- C:\Windows\System\OVPiLCy.exe
  C:\Windows\System\OVPiLCy.exe
  2⤵
  PID:6412
- C:\Windows\System\qzTfvsw.exe
  C:\Windows\System\qzTfvsw.exe
  2⤵
  PID:6576
- C:\Windows\System\hmAZGpu.exe
  C:\Windows\System\hmAZGpu.exe
  2⤵
  PID:6536
- C:\Windows\System\xeRIWyN.exe
  C:\Windows\System\xeRIWyN.exe
  2⤵
  PID:6692
- C:\Windows\System\EWArQoV.exe
  C:\Windows\System\EWArQoV.exe
  2⤵
  PID:2552
- C:\Windows\System\QihCgCe.exe
  C:\Windows\System\QihCgCe.exe
  2⤵
  PID:6760
- C:\Windows\System\uTLHmFN.exe
  C:\Windows\System\uTLHmFN.exe
  2⤵
  PID:6880
- C:\Windows\System\mmwvalR.exe
  C:\Windows\System\mmwvalR.exe
  2⤵
  PID:7184
- C:\Windows\System\hhXJNYa.exe
  C:\Windows\System\hhXJNYa.exe
  2⤵
  PID:7200
- C:\Windows\System\WvDvFbV.exe
  C:\Windows\System\WvDvFbV.exe
  2⤵
  PID:7224
- C:\Windows\System\cFYvsKx.exe
  C:\Windows\System\cFYvsKx.exe
  2⤵
  PID:7244
- C:\Windows\System\gJXyBJE.exe
  C:\Windows\System\gJXyBJE.exe
  2⤵
  PID:7264
- C:\Windows\System\Bqebwlk.exe
  C:\Windows\System\Bqebwlk.exe
  2⤵
  PID:7284
- C:\Windows\System\CEUplrN.exe
  C:\Windows\System\CEUplrN.exe
  2⤵
  PID:7308
- C:\Windows\System\ChhXNUy.exe
  C:\Windows\System\ChhXNUy.exe
  2⤵
  PID:7328
- C:\Windows\System\wsdJafc.exe
  C:\Windows\System\wsdJafc.exe
  2⤵
  PID:7348
- C:\Windows\System\nIpmbOc.exe
  C:\Windows\System\nIpmbOc.exe
  2⤵
  PID:7368
- C:\Windows\System\FJZgjRb.exe
  C:\Windows\System\FJZgjRb.exe
  2⤵
  PID:7388
- C:\Windows\System\QANMqyL.exe
  C:\Windows\System\QANMqyL.exe
  2⤵
  PID:7408
- C:\Windows\System\xAiGjOZ.exe
  C:\Windows\System\xAiGjOZ.exe
  2⤵
  PID:7428
- C:\Windows\System\amSordj.exe
  C:\Windows\System\amSordj.exe
  2⤵
  PID:7448
- C:\Windows\System\lcKnSiB.exe
  C:\Windows\System\lcKnSiB.exe
  2⤵
  PID:7468
- C:\Windows\System\rsPGkYK.exe
  C:\Windows\System\rsPGkYK.exe
  2⤵
  PID:7488
- C:\Windows\System\tKrMOOk.exe
  C:\Windows\System\tKrMOOk.exe
  2⤵
  PID:7508
- C:\Windows\System\MGMBLaJ.exe
  C:\Windows\System\MGMBLaJ.exe
  2⤵
  PID:7528
- C:\Windows\System\aXvUQUp.exe
  C:\Windows\System\aXvUQUp.exe
  2⤵
  PID:7548
- C:\Windows\System\dizVqdy.exe
  C:\Windows\System\dizVqdy.exe
  2⤵
  PID:7568
- C:\Windows\System\aQfvCAE.exe
  C:\Windows\System\aQfvCAE.exe
  2⤵
  PID:7588
- C:\Windows\System\IIJEJQR.exe
  C:\Windows\System\IIJEJQR.exe
  2⤵
  PID:7608
- C:\Windows\System\tvhaJNb.exe
  C:\Windows\System\tvhaJNb.exe
  2⤵
  PID:7628
- C:\Windows\System\KeuGlNO.exe
  C:\Windows\System\KeuGlNO.exe
  2⤵
  PID:7648
- C:\Windows\System\xGCfSdf.exe
  C:\Windows\System\xGCfSdf.exe
  2⤵
  PID:7668
- C:\Windows\System\zxOUYHL.exe
  C:\Windows\System\zxOUYHL.exe
  2⤵
  PID:7688
- C:\Windows\System\cAMEvgU.exe
  C:\Windows\System\cAMEvgU.exe
  2⤵
  PID:7708
- C:\Windows\System\MQtNmNw.exe
  C:\Windows\System\MQtNmNw.exe
  2⤵
  PID:7728
- C:\Windows\System\UxFPhAO.exe
  C:\Windows\System\UxFPhAO.exe
  2⤵
  PID:7748
- C:\Windows\System\nPMdnhb.exe
  C:\Windows\System\nPMdnhb.exe
  2⤵
  PID:7768
- C:\Windows\System\eNFblFW.exe
  C:\Windows\System\eNFblFW.exe
  2⤵
  PID:7788
- C:\Windows\System\iHpNiNU.exe
  C:\Windows\System\iHpNiNU.exe
  2⤵
  PID:7808
- C:\Windows\System\WGMOyrx.exe
  C:\Windows\System\WGMOyrx.exe
  2⤵
  PID:7832
- C:\Windows\System\drAXVLq.exe
  C:\Windows\System\drAXVLq.exe
  2⤵
  PID:7848
- C:\Windows\System\vHkIWhU.exe
  C:\Windows\System\vHkIWhU.exe
  2⤵
  PID:7872
- C:\Windows\System\rxYSTiJ.exe
  C:\Windows\System\rxYSTiJ.exe
  2⤵
  PID:7892
- C:\Windows\System\tVSZOBB.exe
  C:\Windows\System\tVSZOBB.exe
  2⤵
  PID:7912
- C:\Windows\System\HeMIlhv.exe
  C:\Windows\System\HeMIlhv.exe
  2⤵
  PID:7932
- C:\Windows\System\lQYBbcN.exe
  C:\Windows\System\lQYBbcN.exe
  2⤵
  PID:7952
- C:\Windows\System\APzpVkN.exe
  C:\Windows\System\APzpVkN.exe
  2⤵
  PID:7968
- C:\Windows\System\vYjFzlJ.exe
  C:\Windows\System\vYjFzlJ.exe
  2⤵
  PID:7992
- C:\Windows\System\LKcoWrq.exe
  C:\Windows\System\LKcoWrq.exe
  2⤵
  PID:8008
- C:\Windows\System\FekAgwy.exe
  C:\Windows\System\FekAgwy.exe
  2⤵
  PID:8028
- C:\Windows\System\UnaHDLm.exe
  C:\Windows\System\UnaHDLm.exe
  2⤵
  PID:8048
- C:\Windows\System\ytBTYdH.exe
  C:\Windows\System\ytBTYdH.exe
  2⤵
  PID:8072
- C:\Windows\System\qxjPEjb.exe
  C:\Windows\System\qxjPEjb.exe
  2⤵
  PID:8092
- C:\Windows\System\xxyoxaC.exe
  C:\Windows\System\xxyoxaC.exe
  2⤵
  PID:8112
- C:\Windows\System\JbXXpSV.exe
  C:\Windows\System\JbXXpSV.exe
  2⤵
  PID:8132
- C:\Windows\System\RkrAZgR.exe
  C:\Windows\System\RkrAZgR.exe
  2⤵
  PID:8152
- C:\Windows\System\eWgqgLm.exe
  C:\Windows\System\eWgqgLm.exe
  2⤵
  PID:8172
- C:\Windows\System\IUkmQBR.exe
  C:\Windows\System\IUkmQBR.exe
  2⤵
  PID:7024
- C:\Windows\System\nCmBPnt.exe
  C:\Windows\System\nCmBPnt.exe
  2⤵
  PID:7116
- C:\Windows\System\ORSkNcv.exe
  C:\Windows\System\ORSkNcv.exe
  2⤵
  PID:7124
- C:\Windows\System\hxWxfLw.exe
  C:\Windows\System\hxWxfLw.exe
  2⤵
  PID:5744
- C:\Windows\System\rgSoCVG.exe
  C:\Windows\System\rgSoCVG.exe
  2⤵
  PID:1060
- C:\Windows\System\ExmxGRl.exe
  C:\Windows\System\ExmxGRl.exe
  2⤵
  PID:6356
- C:\Windows\System\cSQerZF.exe
  C:\Windows\System\cSQerZF.exe
  2⤵
  PID:6408
- C:\Windows\System\cXZqKOr.exe
  C:\Windows\System\cXZqKOr.exe
  2⤵
  PID:6472
- C:\Windows\System\sfRpnTD.exe
  C:\Windows\System\sfRpnTD.exe
  2⤵
  PID:6900
- C:\Windows\System\AJGSnfF.exe
  C:\Windows\System\AJGSnfF.exe
  2⤵
  PID:6720
- C:\Windows\System\DKahaeg.exe
  C:\Windows\System\DKahaeg.exe
  2⤵
  PID:7176
- C:\Windows\System\FNjOlRO.exe
  C:\Windows\System\FNjOlRO.exe
  2⤵
  PID:7212
- C:\Windows\System\eZOsxWF.exe
  C:\Windows\System\eZOsxWF.exe
  2⤵
  PID:7240
- C:\Windows\System\tjXlbfy.exe
  C:\Windows\System\tjXlbfy.exe
  2⤵
  PID:7296
- C:\Windows\System\sOuXAOi.exe
  C:\Windows\System\sOuXAOi.exe
  2⤵
  PID:7316
- C:\Windows\System\aHsdICU.exe
  C:\Windows\System\aHsdICU.exe
  2⤵
  PID:7324
- C:\Windows\System\fmaXXrC.exe
  C:\Windows\System\fmaXXrC.exe
  2⤵
  PID:7376
- C:\Windows\System\vTXrFsD.exe
  C:\Windows\System\vTXrFsD.exe
  2⤵
  PID:7416
- C:\Windows\System\DaNKWzR.exe
  C:\Windows\System\DaNKWzR.exe
  2⤵
  PID:2804
- C:\Windows\System\rgzRSbJ.exe
  C:\Windows\System\rgzRSbJ.exe
  2⤵
  PID:7464
- C:\Windows\System\fXnNUFz.exe
  C:\Windows\System\fXnNUFz.exe
  2⤵
  PID:7500
- C:\Windows\System\SxQYxBT.exe
  C:\Windows\System\SxQYxBT.exe
  2⤵
  PID:7544
- C:\Windows\System\ljqJiCu.exe
  C:\Windows\System\ljqJiCu.exe
  2⤵
  PID:7564
- C:\Windows\System\NViHNVW.exe
  C:\Windows\System\NViHNVW.exe
  2⤵
  PID:7604
- C:\Windows\System\RpBnzAm.exe
  C:\Windows\System\RpBnzAm.exe
  2⤵
  PID:7644
- C:\Windows\System\zSOsyeL.exe
  C:\Windows\System\zSOsyeL.exe
  2⤵
  PID:7704
- C:\Windows\System\lysiwkf.exe
  C:\Windows\System\lysiwkf.exe
  2⤵
  PID:7736
- C:\Windows\System\MMEqCWz.exe
  C:\Windows\System\MMEqCWz.exe
  2⤵
  PID:7784
- C:\Windows\System\rmdeNqB.exe
  C:\Windows\System\rmdeNqB.exe
  2⤵
  PID:2280
- C:\Windows\System\kYqWxEl.exe
  C:\Windows\System\kYqWxEl.exe
  2⤵
  PID:7804
- C:\Windows\System\CBWAYyp.exe
  C:\Windows\System\CBWAYyp.exe
  2⤵
  PID:2768
- C:\Windows\System\OUJOBJJ.exe
  C:\Windows\System\OUJOBJJ.exe
  2⤵
  PID:7844
- C:\Windows\System\ffEzcNS.exe
  C:\Windows\System\ffEzcNS.exe
  2⤵
  PID:7904
- C:\Windows\System\kNBmJxs.exe
  C:\Windows\System\kNBmJxs.exe
  2⤵
  PID:7944
- C:\Windows\System\iNkQCDP.exe
  C:\Windows\System\iNkQCDP.exe
  2⤵
  PID:7984
- C:\Windows\System\hqIDZDe.exe
  C:\Windows\System\hqIDZDe.exe
  2⤵
  PID:8016
- C:\Windows\System\jWgIHDL.exe
  C:\Windows\System\jWgIHDL.exe
  2⤵
  PID:8064
- C:\Windows\System\aOncsWQ.exe
  C:\Windows\System\aOncsWQ.exe
  2⤵
  PID:8040
- C:\Windows\System\gYQvKzE.exe
  C:\Windows\System\gYQvKzE.exe
  2⤵
  PID:8088
- C:\Windows\System\rPLXvsE.exe
  C:\Windows\System\rPLXvsE.exe
  2⤵
  PID:8148
- C:\Windows\System\RBPZThg.exe
  C:\Windows\System\RBPZThg.exe
  2⤵
  PID:2608
- C:\Windows\System\GNbCYls.exe
  C:\Windows\System\GNbCYls.exe
  2⤵
  PID:8124
- C:\Windows\System\IetfBSC.exe
  C:\Windows\System\IetfBSC.exe
  2⤵
  PID:7084
- C:\Windows\System\ZttlXyA.exe
  C:\Windows\System\ZttlXyA.exe
  2⤵
  PID:3864
- C:\Windows\System\eQhZRiV.exe
  C:\Windows\System\eQhZRiV.exe
  2⤵
  PID:6372
- C:\Windows\System\KVSwhTf.exe
  C:\Windows\System\KVSwhTf.exe
  2⤵
  PID:6192
- C:\Windows\System\PKKNwao.exe
  C:\Windows\System\PKKNwao.exe
  2⤵
  PID:6592
- C:\Windows\System\LXmfhty.exe
  C:\Windows\System\LXmfhty.exe
  2⤵
  PID:7232
- C:\Windows\System\FlFnyJL.exe
  C:\Windows\System\FlFnyJL.exe
  2⤵
  PID:800
- C:\Windows\System\Taefjtq.exe
  C:\Windows\System\Taefjtq.exe
  2⤵
  PID:6740
- C:\Windows\System\EIRVQCg.exe
  C:\Windows\System\EIRVQCg.exe
  2⤵
  PID:7400
- C:\Windows\System\VZWBQdm.exe
  C:\Windows\System\VZWBQdm.exe
  2⤵
  PID:2600
- C:\Windows\System\qJMyTBC.exe
  C:\Windows\System\qJMyTBC.exe
  2⤵
  PID:7344
- C:\Windows\System\dgNRFTm.exe
  C:\Windows\System\dgNRFTm.exe
  2⤵
  PID:7456
- C:\Windows\System\FTHvBwv.exe
  C:\Windows\System\FTHvBwv.exe
  2⤵
  PID:7440
- C:\Windows\System\MokLcIZ.exe
  C:\Windows\System\MokLcIZ.exe
  2⤵
  PID:7584
- C:\Windows\System\pwsjpZG.exe
  C:\Windows\System\pwsjpZG.exe
  2⤵
  PID:7636
- C:\Windows\System\mJDDASo.exe
  C:\Windows\System\mJDDASo.exe
  2⤵
  PID:7680
- C:\Windows\System\RrimZAC.exe
  C:\Windows\System\RrimZAC.exe
  2⤵
  PID:1724
- C:\Windows\System\CmjjBge.exe
  C:\Windows\System\CmjjBge.exe
  2⤵
  PID:1664
- C:\Windows\System\eUwZYDe.exe
  C:\Windows\System\eUwZYDe.exe
  2⤵
  PID:7900
- C:\Windows\System\rdcsQZt.exe
  C:\Windows\System\rdcsQZt.exe
  2⤵
  PID:7924
- C:\Windows\System\lciUQgr.exe
  C:\Windows\System\lciUQgr.exe
  2⤵
  PID:7888
- C:\Windows\System\RzecENn.exe
  C:\Windows\System\RzecENn.exe
  2⤵
  PID:7960
- C:\Windows\System\CzPSHPR.exe
  C:\Windows\System\CzPSHPR.exe
  2⤵
  PID:2824
- C:\Windows\System\wfxkpPD.exe
  C:\Windows\System\wfxkpPD.exe
  2⤵
  PID:8140
- C:\Windows\System\qclpDGg.exe
  C:\Windows\System\qclpDGg.exe
  2⤵
  PID:8128
- C:\Windows\System\yEYIEYS.exe
  C:\Windows\System\yEYIEYS.exe
  2⤵
  PID:1648
- C:\Windows\System\ahKbOPw.exe
  C:\Windows\System\ahKbOPw.exe
  2⤵
  PID:8188
- C:\Windows\System\qZbGgrz.exe
  C:\Windows\System\qZbGgrz.exe
  2⤵
  PID:7824
- C:\Windows\System\kjEDxcZ.exe
  C:\Windows\System\kjEDxcZ.exe
  2⤵
  PID:5568
- C:\Windows\System\KSlcZkN.exe
  C:\Windows\System\KSlcZkN.exe
  2⤵
  PID:108
- C:\Windows\System\ZaMZnOo.exe
  C:\Windows\System\ZaMZnOo.exe
  2⤵
  PID:1340
- C:\Windows\System\tLIjeeZ.exe
  C:\Windows\System\tLIjeeZ.exe
  2⤵
  PID:7276
- C:\Windows\System\BrmsCAD.exe
  C:\Windows\System\BrmsCAD.exe
  2⤵
  PID:7364
- C:\Windows\System\iDyzUCi.exe
  C:\Windows\System\iDyzUCi.exe
  2⤵
  PID:2504
- C:\Windows\System\FKOModo.exe
  C:\Windows\System\FKOModo.exe
  2⤵
  PID:2244
- C:\Windows\System\yAxFDZq.exe
  C:\Windows\System\yAxFDZq.exe
  2⤵
  PID:7504
- C:\Windows\System\ezglvXq.exe
  C:\Windows\System\ezglvXq.exe
  2⤵
  PID:2948
- C:\Windows\System\hbfOqrF.exe
  C:\Windows\System\hbfOqrF.exe
  2⤵
  PID:7524
- C:\Windows\System\LnJXmnI.exe
  C:\Windows\System\LnJXmnI.exe
  2⤵
  PID:7720
- C:\Windows\System\NrHKgfG.exe
  C:\Windows\System\NrHKgfG.exe
  2⤵
  PID:7760
- C:\Windows\System\MrRrnrK.exe
  C:\Windows\System\MrRrnrK.exe
  2⤵
  PID:7980
- C:\Windows\System\NldKuKd.exe
  C:\Windows\System\NldKuKd.exe
  2⤵
  PID:1148
- C:\Windows\System\BvMfdtd.exe
  C:\Windows\System\BvMfdtd.exe
  2⤵
  PID:8180
- C:\Windows\System\WeBvUZE.exe
  C:\Windows\System\WeBvUZE.exe
  2⤵
  PID:2632
- C:\Windows\System\NtohSmT.exe
  C:\Windows\System\NtohSmT.exe
  2⤵
  PID:7076
- C:\Windows\System\knNlKDZ.exe
  C:\Windows\System\knNlKDZ.exe
  2⤵
  PID:696
- C:\Windows\System\tHpIJbW.exe
  C:\Windows\System\tHpIJbW.exe
  2⤵
  PID:2844
- C:\Windows\System\RNaXoTR.exe
  C:\Windows\System\RNaXoTR.exe
  2⤵
  PID:6448
- C:\Windows\System\iAADNQO.exe
  C:\Windows\System\iAADNQO.exe
  2⤵
  PID:1984
- C:\Windows\System\GwvYFyR.exe
  C:\Windows\System\GwvYFyR.exe
  2⤵
  PID:2052
- C:\Windows\System\yKPaTRB.exe
  C:\Windows\System\yKPaTRB.exe
  2⤵
  PID:2796
- C:\Windows\System\GRkvFub.exe
  C:\Windows\System\GRkvFub.exe
  2⤵
  PID:7256
- C:\Windows\System\eKawEYI.exe
  C:\Windows\System\eKawEYI.exe
  2⤵
  PID:1636
- C:\Windows\System\ekbcXjt.exe
  C:\Windows\System\ekbcXjt.exe
  2⤵
  PID:7684
- C:\Windows\System\vpBNpui.exe
  C:\Windows\System\vpBNpui.exe
  2⤵
  PID:7800
- C:\Windows\System\muznyRt.exe
  C:\Windows\System\muznyRt.exe
  2⤵
  PID:2892
- C:\Windows\System\nmEHrQe.exe
  C:\Windows\System\nmEHrQe.exe
  2⤵
  PID:6004
- C:\Windows\System\KWPKKOK.exe
  C:\Windows\System\KWPKKOK.exe
  2⤵
  PID:7304
- C:\Windows\System\HuhPxUA.exe
  C:\Windows\System\HuhPxUA.exe
  2⤵
  PID:7476
- C:\Windows\System\WivHmKi.exe
  C:\Windows\System\WivHmKi.exe
  2⤵
  PID:7616
- C:\Windows\System\dYmLLWz.exe
  C:\Windows\System\dYmLLWz.exe
  2⤵
  PID:2324
- C:\Windows\System\sGGoJMB.exe
  C:\Windows\System\sGGoJMB.exe
  2⤵
  PID:7556
- C:\Windows\System\SeiKkTu.exe
  C:\Windows\System\SeiKkTu.exe
  2⤵
  PID:2024
- C:\Windows\System\vFpfrmm.exe
  C:\Windows\System\vFpfrmm.exe
  2⤵
  PID:3020
- C:\Windows\System\ebcEJGx.exe
  C:\Windows\System\ebcEJGx.exe
  2⤵
  PID:7884
- C:\Windows\System\HSGNxMa.exe
  C:\Windows\System\HSGNxMa.exe
  2⤵
  PID:2140
- C:\Windows\System\MtTLlSY.exe
  C:\Windows\System\MtTLlSY.exe
  2⤵
  PID:6332
- C:\Windows\System\QkphnIR.exe
  C:\Windows\System\QkphnIR.exe
  2⤵
  PID:1528
- C:\Windows\System\cxAcPlM.exe
  C:\Windows\System\cxAcPlM.exe
  2⤵
  PID:2260
- C:\Windows\System\OBjptli.exe
  C:\Windows\System\OBjptli.exe
  2⤵
  PID:7928
- C:\Windows\System\vqPtUaZ.exe
  C:\Windows\System\vqPtUaZ.exe
  2⤵
  PID:1568
- C:\Windows\System\TFwQgUN.exe
  C:\Windows\System\TFwQgUN.exe
  2⤵
  PID:7536
- C:\Windows\System\lLKLSKb.exe
  C:\Windows\System\lLKLSKb.exe
  2⤵
  PID:7480
- C:\Windows\System\TEUnhrD.exe
  C:\Windows\System\TEUnhrD.exe
  2⤵
  PID:8044
- C:\Windows\System\VPGtGpe.exe
  C:\Windows\System\VPGtGpe.exe
  2⤵
  PID:3016
- C:\Windows\System\EVNLQcj.exe
  C:\Windows\System\EVNLQcj.exe
  2⤵
  PID:6276
- C:\Windows\System\vsjAxwD.exe
  C:\Windows\System\vsjAxwD.exe
  2⤵
  PID:7756
- C:\Windows\System\duxAxzb.exe
  C:\Windows\System\duxAxzb.exe
  2⤵
  PID:8208
- C:\Windows\System\wAkswns.exe
  C:\Windows\System\wAkswns.exe
  2⤵
  PID:8224
- C:\Windows\System\MGsezVz.exe
  C:\Windows\System\MGsezVz.exe
  2⤵
  PID:8240
- C:\Windows\System\IqtuVWE.exe
  C:\Windows\System\IqtuVWE.exe
  2⤵
  PID:8256
- C:\Windows\System\qKkyWFw.exe
  C:\Windows\System\qKkyWFw.exe
  2⤵
  PID:8272
- C:\Windows\System\sMhgSHf.exe
  C:\Windows\System\sMhgSHf.exe
  2⤵
  PID:8288
- C:\Windows\System\BVnyZWm.exe
  C:\Windows\System\BVnyZWm.exe
  2⤵
  PID:8304
- C:\Windows\System\FrpYBPI.exe
  C:\Windows\System\FrpYBPI.exe
  2⤵
  PID:8320
- C:\Windows\System\tBBPTaZ.exe
  C:\Windows\System\tBBPTaZ.exe
  2⤵
  PID:8336
- C:\Windows\System\cYCGrQH.exe
  C:\Windows\System\cYCGrQH.exe
  2⤵
  PID:8352
- C:\Windows\System\XMJngjO.exe
  C:\Windows\System\XMJngjO.exe
  2⤵
  PID:8368
- C:\Windows\System\QEWkVHt.exe
  C:\Windows\System\QEWkVHt.exe
  2⤵
  PID:8384
- C:\Windows\System\SyHCORS.exe
  C:\Windows\System\SyHCORS.exe
  2⤵
  PID:8400
- C:\Windows\System\aTAvJjT.exe
  C:\Windows\System\aTAvJjT.exe
  2⤵
  PID:8416
- C:\Windows\System\qilcigR.exe
  C:\Windows\System\qilcigR.exe
  2⤵
  PID:8432
- C:\Windows\System\DjMNcXL.exe
  C:\Windows\System\DjMNcXL.exe
  2⤵
  PID:8448
- C:\Windows\System\uNoMfBe.exe
  C:\Windows\System\uNoMfBe.exe
  2⤵
  PID:8464
- C:\Windows\System\pQnGVCz.exe
  C:\Windows\System\pQnGVCz.exe
  2⤵
  PID:8480
- C:\Windows\System\KMyLKhg.exe
  C:\Windows\System\KMyLKhg.exe
  2⤵
  PID:8496
- C:\Windows\System\RhIMpOn.exe
  C:\Windows\System\RhIMpOn.exe
  2⤵
  PID:8516
- C:\Windows\System\BodBgRU.exe
  C:\Windows\System\BodBgRU.exe
  2⤵
  PID:8532
- C:\Windows\System\mWPqvas.exe
  C:\Windows\System\mWPqvas.exe
  2⤵
  PID:8548
- C:\Windows\System\UqaXPJb.exe
  C:\Windows\System\UqaXPJb.exe
  2⤵
  PID:8564
- C:\Windows\System\eUOQmJH.exe
  C:\Windows\System\eUOQmJH.exe
  2⤵
  PID:8580
- C:\Windows\System\giMMTzn.exe
  C:\Windows\System\giMMTzn.exe
  2⤵
  PID:8596
- C:\Windows\System\msprzwN.exe
  C:\Windows\System\msprzwN.exe
  2⤵
  PID:8612
- C:\Windows\System\uSvtDHE.exe
  C:\Windows\System\uSvtDHE.exe
  2⤵
  PID:8632
- C:\Windows\System\ttPNSHb.exe
  C:\Windows\System\ttPNSHb.exe
  2⤵
  PID:8648
- C:\Windows\System\StnXjqr.exe
  C:\Windows\System\StnXjqr.exe
  2⤵
  PID:8664
- C:\Windows\System\UHzSGIk.exe
  C:\Windows\System\UHzSGIk.exe
  2⤵
  PID:8680
- C:\Windows\System\EUhsTMt.exe
  C:\Windows\System\EUhsTMt.exe
  2⤵
  PID:8696
- C:\Windows\System\QCTkkGW.exe
  C:\Windows\System\QCTkkGW.exe
  2⤵
  PID:8712
- C:\Windows\System\AFSVvwD.exe
  C:\Windows\System\AFSVvwD.exe
  2⤵
  PID:8728
- C:\Windows\System\MoVWkct.exe
  C:\Windows\System\MoVWkct.exe
  2⤵
  PID:8744
- C:\Windows\System\bAALHQp.exe
  C:\Windows\System\bAALHQp.exe
  2⤵
  PID:8760
- C:\Windows\System\wzSysTw.exe
  C:\Windows\System\wzSysTw.exe
  2⤵
  PID:8776
- C:\Windows\System\AnOhNIu.exe
  C:\Windows\System\AnOhNIu.exe
  2⤵
  PID:8792
- C:\Windows\System\raLslmG.exe
  C:\Windows\System\raLslmG.exe
  2⤵
  PID:8808
- C:\Windows\System\ZXQOoKa.exe
  C:\Windows\System\ZXQOoKa.exe
  2⤵
  PID:8824
- C:\Windows\System\hShAGeC.exe
  C:\Windows\System\hShAGeC.exe
  2⤵
  PID:8840
- C:\Windows\System\XvsIkbl.exe
  C:\Windows\System\XvsIkbl.exe
  2⤵
  PID:8856
- C:\Windows\System\OmiicsL.exe
  C:\Windows\System\OmiicsL.exe
  2⤵
  PID:8872
- C:\Windows\System\nhxosBP.exe
  C:\Windows\System\nhxosBP.exe
  2⤵
  PID:8888
- C:\Windows\System\OgKrect.exe
  C:\Windows\System\OgKrect.exe
  2⤵
  PID:8904
- C:\Windows\System\yypcYBz.exe
  C:\Windows\System\yypcYBz.exe
  2⤵
  PID:8920
- C:\Windows\System\DOwUFgs.exe
  C:\Windows\System\DOwUFgs.exe
  2⤵
  PID:8936
- C:\Windows\System\YLRMMww.exe
  C:\Windows\System\YLRMMww.exe
  2⤵
  PID:8952
- C:\Windows\System\afAOFtU.exe
  C:\Windows\System\afAOFtU.exe
  2⤵
  PID:8968
- C:\Windows\System\jmXfmKL.exe
  C:\Windows\System\jmXfmKL.exe
  2⤵
  PID:8984
- C:\Windows\System\RIVWGFG.exe
  C:\Windows\System\RIVWGFG.exe
  2⤵
  PID:9000
- C:\Windows\System\TPXjMLV.exe
  C:\Windows\System\TPXjMLV.exe
  2⤵
  PID:9016
- C:\Windows\System\MOJfPkR.exe
  C:\Windows\System\MOJfPkR.exe
  2⤵
  PID:9104
- C:\Windows\System\UaXUzHn.exe
  C:\Windows\System\UaXUzHn.exe
  2⤵
  PID:9184
- C:\Windows\System\rakQzlP.exe
  C:\Windows\System\rakQzlP.exe
  2⤵
  PID:9204
- C:\Windows\System\OMbTUvI.exe
  C:\Windows\System\OMbTUvI.exe
  2⤵
  PID:7656
- C:\Windows\System\QnjyAyr.exe
  C:\Windows\System\QnjyAyr.exe
  2⤵
  PID:1896
- C:\Windows\System\yjZIDoa.exe
  C:\Windows\System\yjZIDoa.exe
  2⤵
  PID:8200
- C:\Windows\System\UdYWTzt.exe
  C:\Windows\System\UdYWTzt.exe
  2⤵
  PID:8252
- C:\Windows\System\eYSdWca.exe
  C:\Windows\System\eYSdWca.exe
  2⤵
  PID:8344
- C:\Windows\System\XLRKDRr.exe
  C:\Windows\System\XLRKDRr.exe
  2⤵
  PID:8412
- C:\Windows\System\rBeoSop.exe
  C:\Windows\System\rBeoSop.exe
  2⤵
  PID:8348
- C:\Windows\System\EGvVxLP.exe
  C:\Windows\System\EGvVxLP.exe
  2⤵
  PID:8504
- C:\Windows\System\xPEWeAQ.exe
  C:\Windows\System\xPEWeAQ.exe
  2⤵
  PID:8572
- C:\Windows\System\fTrBdoF.exe
  C:\Windows\System\fTrBdoF.exe
  2⤵
  PID:8332
- C:\Windows\System\QhFXNFS.exe
  C:\Windows\System\QhFXNFS.exe
  2⤵
  PID:8704
- C:\Windows\System\vWMtDRj.exe
  C:\Windows\System\vWMtDRj.exe
  2⤵
  PID:8768
- C:\Windows\System\JuVRqMw.exe
  C:\Windows\System\JuVRqMw.exe
  2⤵
  PID:8364
- C:\Windows\System\JZXPsyr.exe
  C:\Windows\System\JZXPsyr.exe
  2⤵
  PID:8528
- C:\Windows\System\YNOJdzj.exe
  C:\Windows\System\YNOJdzj.exe
  2⤵
  PID:8460
- C:\Windows\System\vwoVzBf.exe
  C:\Windows\System\vwoVzBf.exe
  2⤵
  PID:8752
- C:\Windows\System\NYoSGub.exe
  C:\Windows\System\NYoSGub.exe
  2⤵
  PID:8848
- C:\Windows\System\MolTPkG.exe
  C:\Windows\System\MolTPkG.exe
  2⤵
  PID:8624
- C:\Windows\System\PrrrtBf.exe
  C:\Windows\System\PrrrtBf.exe
  2⤵
  PID:8720
- C:\Windows\System\gUSBMfU.exe
  C:\Windows\System\gUSBMfU.exe
  2⤵
  PID:8820
- C:\Windows\System\myZaBgv.exe
  C:\Windows\System\myZaBgv.exe
  2⤵
  PID:8896
- C:\Windows\System\QkdhBqP.exe
  C:\Windows\System\QkdhBqP.exe
  2⤵
  PID:8880
- C:\Windows\System\dWiAsPc.exe
  C:\Windows\System\dWiAsPc.exe
  2⤵
  PID:8948
- C:\Windows\System\XGgkfKx.exe
  C:\Windows\System\XGgkfKx.exe
  2⤵
  PID:8992
- C:\Windows\System\iXKAjDr.exe
  C:\Windows\System\iXKAjDr.exe
  2⤵
  PID:9048
- C:\Windows\System\CZUqxOj.exe
  C:\Windows\System\CZUqxOj.exe
  2⤵
  PID:8056
- C:\Windows\System\LFQhwFY.exe
  C:\Windows\System\LFQhwFY.exe
  2⤵
  PID:9096
- C:\Windows\System\UoeSsrw.exe
  C:\Windows\System\UoeSsrw.exe
  2⤵
  PID:9192
- C:\Windows\System\FYlLGdZ.exe
  C:\Windows\System\FYlLGdZ.exe
  2⤵
  PID:9132
- C:\Windows\System\eoUaDie.exe
  C:\Windows\System\eoUaDie.exe
  2⤵
  PID:9148
- C:\Windows\System\XbUaiDY.exe
  C:\Windows\System\XbUaiDY.exe
  2⤵
  PID:9164
- C:\Windows\System\TMWpJzn.exe
  C:\Windows\System\TMWpJzn.exe
  2⤵
  PID:9180
- C:\Windows\System\qgoutbQ.exe
  C:\Windows\System\qgoutbQ.exe
  2⤵
  PID:9212
- C:\Windows\System\aftmHYf.exe
  C:\Windows\System\aftmHYf.exe
  2⤵
  PID:8284
- C:\Windows\System\hbUcrJJ.exe
  C:\Windows\System\hbUcrJJ.exe
  2⤵
  PID:8204
- C:\Windows\System\IGAKMqM.exe
  C:\Windows\System\IGAKMqM.exe
  2⤵
  PID:8220
- C:\Windows\System\CznsErg.exe
  C:\Windows\System\CznsErg.exe
  2⤵
  PID:8268
- C:\Windows\System\vDsWhdN.exe
  C:\Windows\System\vDsWhdN.exe
  2⤵
  PID:8608
- C:\Windows\System\CHBYxOb.exe
  C:\Windows\System\CHBYxOb.exe
  2⤵
  PID:8540
- C:\Windows\System\VDdgaKW.exe
  C:\Windows\System\VDdgaKW.exe
  2⤵
  PID:8640
- C:\Windows\System\bSCahpW.exe
  C:\Windows\System\bSCahpW.exe
  2⤵
  PID:8396
- C:\Windows\System\ytJvzvr.exe
  C:\Windows\System\ytJvzvr.exe
  2⤵
  PID:8756
- C:\Windows\System\FtxbvzK.exe
  C:\Windows\System\FtxbvzK.exe
  2⤵
  PID:8864
- C:\Windows\System\BcFnVpC.exe
  C:\Windows\System\BcFnVpC.exe
  2⤵
  PID:8932
- C:\Windows\System\LFBZsuQ.exe
  C:\Windows\System\LFBZsuQ.exe
  2⤵
  PID:9064
- C:\Windows\System\bvnaXxn.exe
  C:\Windows\System\bvnaXxn.exe
  2⤵
  PID:9196
- C:\Windows\System\IZSmTmM.exe
  C:\Windows\System\IZSmTmM.exe
  2⤵
  PID:9176
- C:\Windows\System\NClQlpm.exe
  C:\Windows\System\NClQlpm.exe
  2⤵
  PID:8380
- C:\Windows\System\RJWLviB.exe
  C:\Windows\System\RJWLviB.exe
  2⤵
  PID:8316
- C:\Windows\System\EBIjQRZ.exe
  C:\Windows\System\EBIjQRZ.exe
  2⤵
  PID:8604
- C:\Windows\System\BIzZgGw.exe
  C:\Windows\System\BIzZgGw.exe
  2⤵
  PID:8804
- C:\Windows\System\QpkEHLK.exe
  C:\Windows\System\QpkEHLK.exe
  2⤵
  PID:8772
- C:\Windows\System\DPPpDjn.exe
  C:\Windows\System\DPPpDjn.exe
  2⤵
  PID:8916
- C:\Windows\System\yLewMPB.exe
  C:\Windows\System\yLewMPB.exe
  2⤵
  PID:8692
- C:\Windows\System\BkIirST.exe
  C:\Windows\System\BkIirST.exe
  2⤵
  PID:9008
- C:\Windows\System\tnoTpCl.exe
  C:\Windows\System\tnoTpCl.exe
  2⤵
  PID:9024
- C:\Windows\System\LpdjAhy.exe
  C:\Windows\System\LpdjAhy.exe
  2⤵
  PID:9116
- C:\Windows\System\CJrIwRM.exe
  C:\Windows\System\CJrIwRM.exe
  2⤵
  PID:8108
- C:\Windows\System\eKPbnjV.exe
  C:\Windows\System\eKPbnjV.exe
  2⤵
  PID:8836
- C:\Windows\System\gaYqyst.exe
  C:\Windows\System\gaYqyst.exe
  2⤵
  PID:8620
- C:\Windows\System\azKWxpv.exe
  C:\Windows\System\azKWxpv.exe
  2⤵
  PID:8944
- C:\Windows\System\YUEsERk.exe
  C:\Windows\System\YUEsERk.exe
  2⤵
  PID:9056
- C:\Windows\System\sJsjHKm.exe
  C:\Windows\System\sJsjHKm.exe
  2⤵
  PID:9144
- C:\Windows\System\PESuonf.exe
  C:\Windows\System\PESuonf.exe
  2⤵
  PID:8816
- C:\Windows\System\lcGXMlj.exe
  C:\Windows\System\lcGXMlj.exe
  2⤵
  PID:9220
- C:\Windows\System\jLRMJbU.exe
  C:\Windows\System\jLRMJbU.exe
  2⤵
  PID:9248
- C:\Windows\System\ceNFFCW.exe
  C:\Windows\System\ceNFFCW.exe
  2⤵
  PID:9272
- C:\Windows\System\PHFHrtj.exe
  C:\Windows\System\PHFHrtj.exe
  2⤵
  PID:9296
- C:\Windows\System\QgsCdwZ.exe
  C:\Windows\System\QgsCdwZ.exe
  2⤵
  PID:9312
- C:\Windows\System\ykvvbyq.exe
  C:\Windows\System\ykvvbyq.exe
  2⤵
  PID:9328
- C:\Windows\System\ncYYNfW.exe
  C:\Windows\System\ncYYNfW.exe
  2⤵
  PID:9344
- C:\Windows\System\xttTOwn.exe
  C:\Windows\System\xttTOwn.exe
  2⤵
  PID:9360
- C:\Windows\System\KWQrvuV.exe
  C:\Windows\System\KWQrvuV.exe
  2⤵
  PID:9376
- C:\Windows\System\jKHSKyo.exe
  C:\Windows\System\jKHSKyo.exe
  2⤵
  PID:9392
- C:\Windows\System\TcLjYuk.exe
  C:\Windows\System\TcLjYuk.exe
  2⤵
  PID:9416
- C:\Windows\System\AzgykBx.exe
  C:\Windows\System\AzgykBx.exe
  2⤵
  PID:9444
- C:\Windows\System\hhrsnRI.exe
  C:\Windows\System\hhrsnRI.exe
  2⤵
  PID:9460
- C:\Windows\System\bJmqONy.exe
  C:\Windows\System\bJmqONy.exe
  2⤵
  PID:9476
- C:\Windows\System\uSHwtZR.exe
  C:\Windows\System\uSHwtZR.exe
  2⤵
  PID:9536
- C:\Windows\System\vVdQvKH.exe
  C:\Windows\System\vVdQvKH.exe
  2⤵
  PID:9564
- C:\Windows\System\xZPkWBY.exe
  C:\Windows\System\xZPkWBY.exe
  2⤵
  PID:9584
- C:\Windows\System\FsAmNBC.exe
  C:\Windows\System\FsAmNBC.exe
  2⤵
  PID:9600
- C:\Windows\System\pufaHAd.exe
  C:\Windows\System\pufaHAd.exe
  2⤵
  PID:9616
- C:\Windows\System\APlBeWW.exe
  C:\Windows\System\APlBeWW.exe
  2⤵
  PID:9640
- C:\Windows\System\HgdAKSb.exe
  C:\Windows\System\HgdAKSb.exe
  2⤵
  PID:9664
- C:\Windows\System\gpyEBkM.exe
  C:\Windows\System\gpyEBkM.exe
  2⤵
  PID:9684
- C:\Windows\System\AVRloCd.exe
  C:\Windows\System\AVRloCd.exe
  2⤵
  PID:9700
- C:\Windows\System\FhykUcg.exe
  C:\Windows\System\FhykUcg.exe
  2⤵
  PID:9716
- C:\Windows\System\QxldDxp.exe
  C:\Windows\System\QxldDxp.exe
  2⤵
  PID:9732
- C:\Windows\System\XzICLTa.exe
  C:\Windows\System\XzICLTa.exe
  2⤵
  PID:9748
- C:\Windows\System\ByHEcDG.exe
  C:\Windows\System\ByHEcDG.exe
  2⤵
  PID:9776
- C:\Windows\System\qbaWIwA.exe
  C:\Windows\System\qbaWIwA.exe
  2⤵
  PID:9792
- C:\Windows\System\QyzGohc.exe
  C:\Windows\System\QyzGohc.exe
  2⤵
  PID:9808
- C:\Windows\System\EPGCgoW.exe
  C:\Windows\System\EPGCgoW.exe
  2⤵
  PID:9824
- C:\Windows\System\NIjLIHW.exe
  C:\Windows\System\NIjLIHW.exe
  2⤵
  PID:9840
- C:\Windows\System\iyAiqdq.exe
  C:\Windows\System\iyAiqdq.exe
  2⤵
  PID:9856
- C:\Windows\System\yWJnjAh.exe
  C:\Windows\System\yWJnjAh.exe
  2⤵
  PID:9872
- C:\Windows\System\AkLQiHd.exe
  C:\Windows\System\AkLQiHd.exe
  2⤵
  PID:9888
- C:\Windows\System\rwxCCCH.exe
  C:\Windows\System\rwxCCCH.exe
  2⤵
  PID:9904
- C:\Windows\System\uYQhGUZ.exe
  C:\Windows\System\uYQhGUZ.exe
  2⤵
  PID:9920
- C:\Windows\System\yPrqGMO.exe
  C:\Windows\System\yPrqGMO.exe
  2⤵
  PID:9936
- C:\Windows\System\bWmgyNe.exe
  C:\Windows\System\bWmgyNe.exe
  2⤵
  PID:9952
- C:\Windows\System\dELJVnJ.exe
  C:\Windows\System\dELJVnJ.exe
  2⤵
  PID:9968
- C:\Windows\System\aNAWRip.exe
  C:\Windows\System\aNAWRip.exe
  2⤵
  PID:9988
- C:\Windows\System\WleiWRz.exe
  C:\Windows\System\WleiWRz.exe
  2⤵
  PID:10004
- C:\Windows\System\jfrtrQC.exe
  C:\Windows\System\jfrtrQC.exe
  2⤵
  PID:10020
- C:\Windows\System\vkyWOdx.exe
  C:\Windows\System\vkyWOdx.exe
  2⤵
  PID:10036
- C:\Windows\System\erNUKmF.exe
  C:\Windows\System\erNUKmF.exe
  2⤵
  PID:10108
- C:\Windows\System\LRKABxk.exe
  C:\Windows\System\LRKABxk.exe
  2⤵
  PID:10124
- C:\Windows\System\QwFUVBC.exe
  C:\Windows\System\QwFUVBC.exe
  2⤵
  PID:10148
- C:\Windows\System\zyNntcV.exe
  C:\Windows\System\zyNntcV.exe
  2⤵
  PID:10164
- C:\Windows\System\HXdlRgu.exe
  C:\Windows\System\HXdlRgu.exe
  2⤵
  PID:10184
- C:\Windows\System\iMKVIDI.exe
  C:\Windows\System\iMKVIDI.exe
  2⤵
  PID:10204
- C:\Windows\System\teslbQm.exe
  C:\Windows\System\teslbQm.exe
  2⤵
  PID:10224
- C:\Windows\System\YVQgPnN.exe
  C:\Windows\System\YVQgPnN.exe
  2⤵
  PID:8264
- C:\Windows\System\RbpYciE.exe
  C:\Windows\System\RbpYciE.exe
  2⤵
  PID:8928
- C:\Windows\System\SgtFDdu.exe
  C:\Windows\System\SgtFDdu.exe
  2⤵
  PID:9320
- C:\Windows\System\OiUkVMF.exe
  C:\Windows\System\OiUkVMF.exe
  2⤵
  PID:8444
- C:\Windows\System\roHjQnQ.exe
  C:\Windows\System\roHjQnQ.exe
  2⤵
  PID:8560
- C:\Windows\System\HAEjIni.exe
  C:\Windows\System\HAEjIni.exe
  2⤵
  PID:9060
- C:\Windows\System\vTLXcMk.exe
  C:\Windows\System\vTLXcMk.exe
  2⤵
  PID:9264
- C:\Windows\System\tmtPFmd.exe
  C:\Windows\System\tmtPFmd.exe
  2⤵
  PID:9336
- C:\Windows\System\nDYUbCP.exe
  C:\Windows\System\nDYUbCP.exe
  2⤵
  PID:9404
- C:\Windows\System\Wybebwh.exe
  C:\Windows\System\Wybebwh.exe
  2⤵
  PID:9436
- C:\Windows\System\MTcSkos.exe
  C:\Windows\System\MTcSkos.exe
  2⤵
  PID:9472
- C:\Windows\System\kkZexBc.exe
  C:\Windows\System\kkZexBc.exe
  2⤵
  PID:9488
- C:\Windows\System\LmipcSr.exe
  C:\Windows\System\LmipcSr.exe
  2⤵
  PID:9524
- C:\Windows\System\kKbZtjq.exe
  C:\Windows\System\kKbZtjq.exe
  2⤵
  PID:9544
- C:\Windows\System\uNYlHVS.exe
  C:\Windows\System\uNYlHVS.exe
  2⤵
  PID:9576
- C:\Windows\System\hasywQL.exe
  C:\Windows\System\hasywQL.exe
  2⤵
  PID:9580
- C:\Windows\System\KZkMiOK.exe
  C:\Windows\System\KZkMiOK.exe
  2⤵
  PID:9648
- C:\Windows\System\qEbgEbv.exe
  C:\Windows\System\qEbgEbv.exe
  2⤵
  PID:9672
- C:\Windows\System\FsuiCuq.exe
  C:\Windows\System\FsuiCuq.exe
  2⤵
  PID:9692
- C:\Windows\System\iBiGGme.exe
  C:\Windows\System\iBiGGme.exe
  2⤵
  PID:9764
- C:\Windows\System\yWuddOm.exe
  C:\Windows\System\yWuddOm.exe
  2⤵
  PID:9864
- C:\Windows\System\DcmGLIs.exe
  C:\Windows\System\DcmGLIs.exe
  2⤵
  PID:9820
- C:\Windows\System\AFPeoka.exe
  C:\Windows\System\AFPeoka.exe
  2⤵
  PID:9900
- C:\Windows\System\yDYSVXP.exe
  C:\Windows\System\yDYSVXP.exe
  2⤵
  PID:9960
- C:\Windows\System\Mhoxvdz.exe
  C:\Windows\System\Mhoxvdz.exe
  2⤵
  PID:10032
- C:\Windows\System\FzgHiUh.exe
  C:\Windows\System\FzgHiUh.exe
  2⤵
  PID:9984
- C:\Windows\System\MaEWdKy.exe
  C:\Windows\System\MaEWdKy.exe
  2⤵
  PID:9848
- C:\Windows\System\uiobzas.exe
  C:\Windows\System\uiobzas.exe
  2⤵
  PID:9916
- C:\Windows\System\bBkPPMs.exe
  C:\Windows\System\bBkPPMs.exe
  2⤵
  PID:10064
- C:\Windows\System\hSYEPyc.exe
  C:\Windows\System\hSYEPyc.exe
  2⤵
  PID:10052
- C:\Windows\System\reELFKB.exe
  C:\Windows\System\reELFKB.exe
  2⤵
  PID:10092
- C:\Windows\System\SnsZtCF.exe
  C:\Windows\System\SnsZtCF.exe
  2⤵
  PID:10136
- C:\Windows\System\ZpeqTcn.exe
  C:\Windows\System\ZpeqTcn.exe
  2⤵
  PID:10196
- C:\Windows\System\PMRvRpr.exe
  C:\Windows\System\PMRvRpr.exe
  2⤵
  PID:10216
- C:\Windows\System\AoVGRUN.exe
  C:\Windows\System\AoVGRUN.exe
  2⤵
  PID:9308
- C:\Windows\System\RSVcsxC.exe
  C:\Windows\System\RSVcsxC.exe
  2⤵
  PID:9428
- C:\Windows\System\VTEKWxs.exe
  C:\Windows\System\VTEKWxs.exe
  2⤵
  PID:9532
- C:\Windows\System\IpqRJYq.exe
  C:\Windows\System\IpqRJYq.exe
  2⤵
  PID:9660
- C:\Windows\System\OzeJLaD.exe
  C:\Windows\System\OzeJLaD.exe
  2⤵
  PID:9724
- C:\Windows\System\UaBmiUv.exe
  C:\Windows\System\UaBmiUv.exe
  2⤵
  PID:9800
- C:\Windows\System\wTYUjcr.exe
  C:\Windows\System\wTYUjcr.exe
  2⤵
  PID:9504
- C:\Windows\System\fsxtxKZ.exe
  C:\Windows\System\fsxtxKZ.exe
  2⤵
  PID:8248
- C:\Windows\System\mqltYSW.exe
  C:\Windows\System\mqltYSW.exe
  2⤵
  PID:9400
- C:\Windows\System\QHiXYtC.exe
  C:\Windows\System\QHiXYtC.exe
  2⤵
  PID:9508
- C:\Windows\System\CZbLLDy.exe
  C:\Windows\System\CZbLLDy.exe
  2⤵
  PID:9636
- C:\Windows\System\FgAIWzG.exe
  C:\Windows\System\FgAIWzG.exe
  2⤵
  PID:9836
- C:\Windows\System\HSXmkAC.exe
  C:\Windows\System\HSXmkAC.exe
  2⤵
  PID:9884
- C:\Windows\System\WhahdHx.exe
  C:\Windows\System\WhahdHx.exe
  2⤵
  PID:9788
- C:\Windows\System\KddFsJR.exe
  C:\Windows\System\KddFsJR.exe
  2⤵
  PID:7776
- C:\Windows\System\asPIizU.exe
  C:\Windows\System\asPIizU.exe
  2⤵
  PID:10200
- C:\Windows\System\oCngVdT.exe
  C:\Windows\System\oCngVdT.exe
  2⤵
  PID:10180
- C:\Windows\System\PKTLXtY.exe
  C:\Windows\System\PKTLXtY.exe
  2⤵
  PID:8800
- C:\Windows\System\wDpdNgR.exe
  C:\Windows\System\wDpdNgR.exe
  2⤵
  PID:10212
- C:\Windows\System\tXqvjZg.exe
  C:\Windows\System\tXqvjZg.exe
  2⤵
  PID:10080
- C:\Windows\System\jxDDWDQ.exe
  C:\Windows\System\jxDDWDQ.exe
  2⤵
  PID:9288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AAnmmFd.exe

Filesize
5.9MB

MD5
042713acd8b0ae4cceb48e14e99b93aa

SHA1
6a63f19025f21081b7d6735c2680ace61193aa5e

SHA256
763838a14e337308f247fcf53cd078481b123598b01e75e57b3c3b4cc30e5717

SHA512
efa97087a490c43fc47dbef59c17a29e817b426d03fd3d7d10a2fac1d5c9699711cfbba3ea36c8e07286075d0e00e5e1cc5323f27dcd3443b53c60edd06c6946

Download Submit
C:\Windows\system\DOXwudZ.exe

Filesize
5.9MB

MD5
caf9a3b5221271465c34e8cd0ecb3b88

SHA1
0967dc2c927fd62a36d163fe670003c5cd7b6f65

SHA256
919b1579eb7aa239d648244d5e68b76710cc2a76fee37d5fc3cfd31d6b878a6f

SHA512
af743c8348dd70f9cb86f055e03107145ced758bed99de46068cbfe0d61a1f61a716a55e70f52c541144ea5b1c15f560727eedc6310861a2e9eee80926bdda3b

Download Submit
C:\Windows\system\EJgyBPf.exe

Filesize
5.9MB

MD5
d5c9e4f8f780828c6ac2c7ce2c0de18a

SHA1
be5bbc9544b0998642668ad9cffb1531dcb6a4f4

SHA256
62ec43322e7e63533b61dda935e88b8e3311f3c462c78d1ba19e02db45a06d67

SHA512
9a95776805850e49b3a851c67ad7a5572f367235d29d66093c61a7e0a4ed2683203b333168aeb1b32b748fbdeefa0b67afa4deb1a0e49a9aaf9373b4eb1cb490

Download Submit
C:\Windows\system\HfEPrvY.exe

Filesize
5.9MB

MD5
134ddec0be96e5d2c0ac461c009caeec

SHA1
49d1b5c1388d324dadf5285ad4362349cb39bddc

SHA256
edc6e07d0d7ba5fcaedf360c53c0366e87b82fefc20f65ba191e25fc6c55f206

SHA512
7fc4a54a82555c12e8d8ab354bedf88f3498e516f575772e03b8ae4bd25d5f6ea8ebc3e6995bf179d5f92ccbdec1cc3503e904fe4d35406b111c3ec85027d715

Download Submit
C:\Windows\system\ISHglrp.exe

Filesize
5.9MB

MD5
98bac4bc05f9994c481c2af215f1d4c8

SHA1
a0bfe18852e98ae40b568ad8f7d27a0a2f8f64d1

SHA256
a4d142125d9154ed1da68cac37fdc9f5a3922d4ce1a5177314fc031232dae056

SHA512
7d31f52b94fc62e501770616917ae35b25c668383dc556af6b7b78cd8e2d0af3b5d6b98932ce37d6f01fa0c020a3f14d5c18cc278fa2654f88ae78380046bd9c

Download Submit
C:\Windows\system\JQldvwU.exe

Filesize
5.9MB

MD5
614b4a5d3af7427a5ebdc0dac3b31c52

SHA1
a6d7f0ca382469455160f11dc3e017abe8c52eaf

SHA256
7ee40c4d48d30e6b0d13f808f1733d108812c9fe366d87b09390cc6c68129b58

SHA512
f4803e9e8128545c88f142b87c23f81d5a6c5dd4da1741ad8f24749686afa59ff9f7d32982f0a4e15eb65e6edcc0d767444a10f7e3289c8aff8d6f864e95b1a1

Download Submit
C:\Windows\system\LSSNoxX.exe

Filesize
5.9MB

MD5
e0f5e453a632cc692470bb6850f2c809

SHA1
147641cb722a0edf0938cb800ac4f1593bd9e4ae

SHA256
4896635ef682d29d5c5d8789798d38b3207aebfc87b8d08a01d0a59b1cee5fe6

SHA512
35e23a2fe2b33cad4fd2d53fe2189cd3bd4e5385082b437351df87cf0448c6a6831b28188d896ad2e2cb76259e2b11f46d4b454cbe7c66c188169c0ddaae3ad0

Download Submit
C:\Windows\system\SjcNBXh.exe

Filesize
5.9MB

MD5
fa0f19b06fcdef9de40f676400924333

SHA1
d3cce1a9558e38f2c58780132244bb0779215457

SHA256
564d0a6a954d799392f7d90b6fe4fcb6405308eee72906237bc3b6e91d4ea332

SHA512
9cafbf744c60db292ce2bee5d57c3486317f7b2e133dcc6b11d1bb6bd2cb49b025a7270ebabe1b06d878dfcda9ffdd2ed672309b9b931b1a7cf4869405352160

Download Submit
C:\Windows\system\UdwkOXl.exe

Filesize
5.9MB

MD5
4dea19082944611874521fa317001878

SHA1
10534574424957028dda851028a426eaf57041ee

SHA256
5c9ff446c34505dcce08101935440922cdca07508a6a38b228b9ae940a6d7084

SHA512
66f1f6db5ebfa92d73008c59ae391157d13e083689bef28d1dc497019a982044d22da33f3e61efc29fdbc7db2af5bd3addbd387d985c2c6a3f06929bda462584

Download Submit
C:\Windows\system\XNfwvTB.exe

Filesize
5.9MB

MD5
8c402aac485fdaf22ee37d59696ec2bb

SHA1
753f4f137cad65d84e04b08451eaebf3432c543c

SHA256
2838c40417804fc4d801bebcb91d94cf4ee694a2e4c14bdace65ff7793d3ba4b

SHA512
fb6e8b6dd68e319b920ccf4e4dce4c600c27316f3f3db6860f3feb996f0f8c60ab8a607ca579a3f4b94f4afe11888c060503defecf0e29c3f44edcf503f4f9aa

Download Submit
C:\Windows\system\YMvuBNO.exe

Filesize
5.9MB

MD5
22966631388b67085199f797af047317

SHA1
8132dc8a59cdca18fd7a619156bd60d0d2e6d7bb

SHA256
f74360e74b1586394bceeee5208627fc9d00eb14cbe7c9098272bb0ed377f230

SHA512
ed1d0a062b5f29fc94e36f1d2cc746b98ac24d44a3e0eaa0b24e80328c49a8fea4a3035b0b299f304f94a20daabc102f72f6e74f76c93933b2811dcfbb116ba3

Download Submit
C:\Windows\system\YaHKmxZ.exe

Filesize
5.9MB

MD5
debf02d255b64a38e4b7966e463c207f

SHA1
769a77fb9b6a3cbd8644139db343e1ad79ac7e11

SHA256
be05568c376f49de8660cc6937c411b9beb3314d66e3de58f5802e38f318d52b

SHA512
61df6bda5d3d5a5ff1767088b02d70239131b56abd26b2c318bc1fbb4223d180726654ee999169e7b8d81223298dc939a5cfd2ad1066369d5004bb35802d3725

Download Submit
C:\Windows\system\ZWbzEFw.exe

Filesize
5.9MB

MD5
f8d5e474993fbea3ed0e544a8f2f2b67

SHA1
db90fbb9d98c55d76ef3e83fbd1e75bb511327fb

SHA256
06b5d9b8717ceba9d7ae41f9bdb4ccb62e01125cef42694957722db201e51720

SHA512
ad18a337826122255a3c2583fc483da496c56a5013a0e18ff7f4cbd12b5c15468af03de76659ac47d6c3cc9c740e14ea62aed10c930eebe9fbf1c9a54c727ffe

Download Submit
C:\Windows\system\ahPQlnB.exe

Filesize
5.9MB

MD5
86a9fa805cfcb6677f10add110ef89b9

SHA1
6f0bfe970ed2d1b9550804932136f91dd316bfa9

SHA256
87306d22f02994a438149e3acece02b4be06215d9384d19c2f6bdc94a6319dda

SHA512
ec3873d43ca96a8a4c32451267e0cd59131806da671dfbec7b397baa533857a3c8d4709178df2a57bbe07bcedeacfa15d68e324cf79369adcccf19d4a2c1f6ce

Download Submit
C:\Windows\system\iAiYbtK.exe

Filesize
5.9MB

MD5
d5b9f729b64e65fc657b4a07381fc9ff

SHA1
8aee1b69b7106bef8d4c09101913be706d2bbe18

SHA256
0846e70a4e824e7232d14a8b81d2b61b9c6f46e801b48073773ec2514502c558

SHA512
b18242ab2eb2b333afe9f3e58db5b8080a50ae1c77affd2aff19ae465d814b4ec0070604f67156ce0ede36eeb054eb8bef8c63bdb56711b26aaa8c3fa359a52d

Download Submit
C:\Windows\system\icCaJef.exe

Filesize
5.9MB

MD5
23e8fb87482ae323494b2f9b3b38f82a

SHA1
b0e52087fed6cb7a0db15a8a67cc295c80c0afaf

SHA256
0461b5d50102394b59acca12b0cdcbe488b4b2ef1ec1bd1ae62c4d2548663003

SHA512
b72e3a7f5d3e77fab54a04b46803116f17c68edee1d3c548e2704423ef4f956d58f26be267d28d2f7d3adca291117b9e885a2b65789e325908e74622305cf67e

Download Submit
C:\Windows\system\kMHihQk.exe

Filesize
5.9MB

MD5
8bd6707a669f1e6dcf4bebc4b0c32b41

SHA1
f42e29e825933a9b30e299bec6bc51094f7fc599

SHA256
3bac40f566a5f541708aa77312a1eb1e3e8cb19dcad778571e547d05ce18d9fa

SHA512
203b6baab77fca3133166d2e9aa6a0ab04c1f138fad269f73c313a58bd743ea1f89d06b40074578e090018a858cfe61967502f25b02d37de146df6042997d3b4

Download Submit
C:\Windows\system\knTiRan.exe

Filesize
5.9MB

MD5
a0a04034cceb10c0f72ff0a49849d6fa

SHA1
06bd068b0404cabce57025aff6ebd0fdfc312f93

SHA256
ea4905d2b1213ff3167bc020c1b948a53f0e2bb0e1fbc3a4cab159bab17075db

SHA512
fa4ee2c5fbeb1dc74796239de8041f8affc95e185ce88ac46cf787ed0fd5e9039203b83c47e87b645eb40ed8fdbc394d34fe19b8d59cd7b65aa41b141ed52609

Download Submit
C:\Windows\system\lccrZlo.exe

Filesize
5.9MB

MD5
4a88c11621fd488c149a0ce07ee8424d

SHA1
93f9106f3cfd88a2c7fb62f2949fceb7760c2964

SHA256
6248d181ecca8bd3b057ebb7ff1f2a37e6c3b313e5cbd64e6cde9b610ca93baa

SHA512
06faf62d3505cb3a3bed3de5b516d3effd78d8f2dccdfc4fb184992c5a10a1b8c64b5a5af7927f75bc2f5143daf4d86898d99372ebf79b148f6c1aee976118a5

Download Submit
C:\Windows\system\lorgyCP.exe

Filesize
5.9MB

MD5
56c46e077f01233fc95995e8cd4c226f

SHA1
9424db9c8c2092559b368aacafb9f11eb455cf84

SHA256
d12f723e2e19ca555fbe502da3814af75c9e34e14e9bb208aeac208fd9c22c40

SHA512
c6037716586d5bdd75c98b68ca542cc65b9ed470073e71f200b265b8288250d6df701e0ac786cc9f11720634f2dc54f101070be1ac1abc27355075a9f0b4453b

Download Submit
C:\Windows\system\oLUHBdK.exe

Filesize
5.9MB

MD5
52fa6d54ced6f9b50c1e1385164949aa

SHA1
6887ed96036697823fc31afe693678fa4c2f34b0

SHA256
43329f9d30fc9a8a8d6ae712f1d4c22e9fb8826b9413e613d08f9eed1d7cf5cc

SHA512
eb084e084270b0961c59de7c16ac9fd6acb1934c62b43452b47cb5e6ab1ef064865e14778d0ccda061da14fbce4c7d657e85d4637b5efda79e847bc3b75bfee8

Download Submit
C:\Windows\system\oQzjeSF.exe

Filesize
5.9MB

MD5
5e3ad86afbfa52ec1b9e8add0dcd177a

SHA1
a6f14541369b607b2812a69fcb635c7f451f8f71

SHA256
62d5a4ea7ec2b40d559f2bd47c1621c3e5230737429cb3e5a2ebd1956e22a739

SHA512
0def1a60f90360d08515adb6304b6f6413ea24bfb0ca7e4c200288d02a6a10ef0055ad3aec41887bf37383c70ae3b9b9378a176e7375c48577f39de41a13e376

Download Submit
C:\Windows\system\rhwHzqI.exe

Filesize
5.9MB

MD5
2f27f743c1ec4b6b505640e9ce2eb282

SHA1
857959eede36cd821e02c234f71fcecf2c778c83

SHA256
22e528b00826d9a7f2df56c0c3f955c0e57c7ac70ea666ae29923d9e2c75f55e

SHA512
6bc5ce0f4010a2f3ce1b051bb1410035cc9a1d3f57beec2113418a19a3af0d673c54c9d8462de99aa22c46a009a621fa3174de2bbc33edb36b7f069b61c4a5e8

Download Submit
C:\Windows\system\sFswLQg.exe

Filesize
5.9MB

MD5
90f67072c34076ab5a28d70376225779

SHA1
f8d16973635551d71f390b2fe696fa92fccf3a84

SHA256
ab249aedf06628c6b518a71b97b337819aca634428400b7a23336723cd857e02

SHA512
14e660874568e767b21e7cb34d3c7d7298a75c5bd2d04ae024ff914fd1d28e7d81b3a82576fcc403e024e9d70f0e3dd09d2417efd258ac3ef20d7df830983c7b

Download Submit
C:\Windows\system\tBJSWvc.exe

Filesize
5.9MB

MD5
39f1f464b3d432f19d0df21db74d0a6c

SHA1
8a177e8c8c90054677a7399c13ea6299857c50e7

SHA256
c1da56006abd520b009c4036c641dae61b92b24906a1a25ab05559e3ccf8c078

SHA512
05008842fa426203f57a16950341b7d35c41a085acde9fdbb55a89f680d3f92df507c8ec6e31be80d7b940d3eb5732048a38357c9b79b316be90a4bb56e8ac4a

Download Submit
C:\Windows\system\tXleYnn.exe

Filesize
5.9MB

MD5
82f84753560b8767360dbf247f4326ce

SHA1
f19e31e02fe0b09f4be8a46282dcca3cd5f87e51

SHA256
1a0fd8851f06cca3bed0f5230beeaa58671da73529469457d3e3894b5a169d32

SHA512
97cf9e9f0936bf18b3eefc0398b67a41080933a2b4bbf87f3bdbb8a22df242d3fb448522ff25f87d11af9e197492bf11ced94999680345006a4ef7cc50be247e

Download Submit
C:\Windows\system\uFpdFyn.exe

Filesize
5.9MB

MD5
fe6cea8ac08f9f8b901c20525b3edaa1

SHA1
a6b36461926d5cad2d35d9ca76acee2a48f3460a

SHA256
e43ff1fe019fd1fc8161725c1b78f68f2e2190369894fa513089c75debd51c0c

SHA512
ac545dd2f727c4b9837032359ea4ebcbf4e6c8429a7965ce1d8e0dafbc35dbe18d96e61234db15eef8b626d08d75981e600b3f12eae0c6812bb2503bb79bf2f3

Download Submit
C:\Windows\system\wPXJOUj.exe

Filesize
5.9MB

MD5
fcef60f9182475798c8268417f637bca

SHA1
8112cb261ee01d504f8ef1cd758465ec9d2b0ffc

SHA256
702eacd55b64596f2ae7c5dff220da91bdf2269675822524ee7484541fc36e6a

SHA512
d757b48bf11194ab1992ca8b3f1348b52105b00818ed2158856fe3f1729ea0a88923efafa2a0b556e34535d14cb68e05039f41297e8653dd5580a2d4218aa3bd

Download Submit
C:\Windows\system\wQrBBQN.exe

Filesize
5.9MB

MD5
08069b8770ce86d47c32815a04424b3c

SHA1
da31b39f3a1493c94a633ec8ecac3b18503faf20

SHA256
03014a4daf308e6ac05355b24146d9fd3971d3c03a308a926d7fe87ce9809ef1

SHA512
ca5bace7e6b6ffbdb3119d4b34ccfaff87deacb611cbe3b31cbc15200bcf1c5445cb61f787fd6f1a71d47f6232355299cc095b6d71a9a4ffcd8b783877ee1a92

Download Submit
C:\Windows\system\xoQUYFY.exe

Filesize
5.9MB

MD5
54d42bbf08a10daccf5897526ecc77b0

SHA1
b8eccdf43d9061e82f3d16da08a1db6ab4f0e91e

SHA256
e9f1fc51855f3aea19cd956de21d58d7a01315360de6637dca2f7048133659af

SHA512
66c948a0c8fe7e7ed581f7dc008cc8b1951d093f0661d7df867fa2e0446dddd21c4ac7134e4b584026611dd4b42a7ffadbd3442b31ca77cd6bb6db849001a7d8

Download Submit
\Windows\system\NxjwYzO.exe

Filesize
5.9MB

MD5
9bbdbb805a43705b574523344f659c4d

SHA1
716ce86ee07b3bd557632acb05bd7416a4dd7f41

SHA256
9ad503e7a9f333cdb1fb7b765ca439c3eb3d8d55a56e51d087f325cd2fea45fd

SHA512
c0b5ae4ffd252c6bac1e607f31beff7737426bc971fa21142612912cd9cfc0203ecc2e8b827756d1253779f5081e460903a17181f461bbeb90baa05050d88b1a

Download Submit
\Windows\system\qKdcvUB.exe

Filesize
5.9MB

MD5
30f666000d601d3cc59d55c5bcdeb3b7

SHA1
cd4fbbab1d0e3a8f03b3c8d3988585b29f8e6f4d

SHA256
ed24c5c834df2125b28a24c3a3ba54f235e0e25b3ce9b98c962bc3a0f278a5da

SHA512
7482e2fbf14f64322a1b822d5019de9f119a1966ac30380e6e23961f10d0e5a73654594bf5a3d16abab2bc64303baa813be62358ae69847f1ab2bcb41a9438bd

Download Submit
memory/1720-2222-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-3864-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2333-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2168-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2225-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-0-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2282-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3088-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2387-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2192-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2192-2167-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3087-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3086-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2395-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3085-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2948-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3052-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3083-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-3886-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-2279-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2332-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3863-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3850-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2376-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2916-2401-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3893-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2393-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3851-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download