cobaltstrike | 1c34ae93f747dca08669ed8c2a65dbdf4668dc10a50ef03f696d925044cf48ed

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b16c9365c735e98252a09945bca4f1d7
SHA1

2f78a5525bba7db9308b3e44677fd0ea230aa833
SHA256

1c34ae93f747dca08669ed8c2a65dbdf4668dc10a50ef03f696d925044cf48ed
SHA512

a9dff4863e3f052c647ffe73b598ded39ea5d0b9d237050366726ec08d3ff9bf0979d8a7072936beaf2745cd1ea1d7262187c3e948cf460afddc2f4d3dafc2c5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012244-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d66-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017021-39.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-154.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3b-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da9-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d40-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d18-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019581-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017466-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ea1-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc8-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc0-22.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-11.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral1/memory/3052-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012244-6.dat	xmrig
behavioral1/files/0x0008000000016d66-12.dat	xmrig
behavioral1/files/0x0008000000017021-39.dat	xmrig
behavioral1/files/0x00050000000195c0-108.dat	xmrig
behavioral1/memory/2460-104-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x00050000000196ed-141.dat	xmrig
behavioral1/files/0x0005000000019c34-154.dat	xmrig
behavioral1/files/0x0009000000016d3b-159.dat	xmrig
behavioral1/files/0x0005000000019da9-180.dat	xmrig
behavioral1/memory/2332-3387-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2768-3386-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/1248-3396-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2264-3392-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2136-3399-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2852-3430-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2352-3436-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/1244-3435-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2460-3442-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2852-697-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/3052-695-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d40-178.dat	xmrig
behavioral1/files/0x0005000000019d18-173.dat	xmrig
behavioral1/files/0x0005000000019c50-168.dat	xmrig
behavioral1/files/0x0005000000019c36-163.dat	xmrig
behavioral1/files/0x0005000000019c32-148.dat	xmrig
behavioral1/files/0x0005000000019659-138.dat	xmrig
behavioral1/files/0x0005000000019605-133.dat	xmrig
behavioral1/files/0x0005000000019601-126.dat	xmrig
behavioral1/files/0x00050000000195fe-124.dat	xmrig
behavioral1/files/0x00050000000195fb-122.dat	xmrig
behavioral1/files/0x00050000000195f7-120.dat	xmrig
behavioral1/memory/2768-116-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0005000000019999-115.dat	xmrig
behavioral1/files/0x000500000001969b-114.dat	xmrig
behavioral1/files/0x0005000000019615-90.dat	xmrig
behavioral1/files/0x0005000000019603-82.dat	xmrig
behavioral1/memory/2136-77-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ff-75.dat	xmrig
behavioral1/files/0x00050000000195fd-69.dat	xmrig
behavioral1/files/0x00050000000195f9-62.dat	xmrig
behavioral1/memory/3052-101-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1248-96-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/3052-67-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2852-61-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019581-50.dat	xmrig
behavioral1/files/0x0008000000017466-47.dat	xmrig
behavioral1/memory/1244-43-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2264-35-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ea1-34.dat	xmrig
behavioral1/memory/2352-31-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dc8-27.dat	xmrig
behavioral1/memory/2332-23-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dc0-22.dat	xmrig
behavioral1/files/0x0008000000016d4a-11.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2136	vCqySXv.exe
2332	Ziwbfqe.exe
2352	vBLyWaz.exe
2264	oukbzMM.exe
1244	LSXfRyx.exe
1248	upWdWvD.exe
2460	auVuflb.exe
2768	maIIYcn.exe
2852	JSHmgAg.exe
2832	HGzuxWD.exe
2876	LCHSjXe.exe
2884	DIRIlTy.exe
2004	qvUWZar.exe
2700	mbWaZUH.exe
2140	SsnAvcQ.exe
768	twENhyN.exe
1156	nElwaQU.exe
2512	YOKXXhC.exe
2904	brNoZzA.exe
2764	FrweYtI.exe
2640	bruwFOl.exe
1972	EXKbVfD.exe
2644	oDDAOos.exe
2728	Voteqyh.exe
1804	pGrSBEx.exe
2300	zqXSMJB.exe
1980	IduQStP.exe
2292	MQKjZit.exe
2252	kGnabJH.exe
1000	iRzPHXB.exe
828	jncNjWR.exe
2564	KNZbuiM.exe
1776	yOPklua.exe
944	hXPlXtr.exe
1160	hCExkoq.exe
2116	LhiRjWF.exe
1256	XZigRUH.exe
1904	KInlxdB.exe
1708	RBxcvWe.exe
1640	MQZZcRT.exe
908	LRJztsV.exe
2216	JsHvRuj.exe
696	TaJOriw.exe
2504	GGvzHxg.exe
2204	XbSYaEG.exe
2404	wBFCIOT.exe
2336	SbzFEFv.exe
2244	qhzEnlb.exe
2436	EqDhPBY.exe
1752	iEVSwjh.exe
2604	oIxdfrU.exe
1948	XKXBAPW.exe
3056	KhUPGzp.exe
1584	PGZMMYI.exe
2492	VPkzcsc.exe
1672	CiHoteZ.exe
2736	qWPIify.exe
2816	aBNLnhc.exe
3024	XslYEDj.exe
2740	JUyySpx.exe
2888	hiNrffl.exe
2000	YJlEtex.exe
2808	pJwfLmt.exe
2628	fDqXYsb.exe

Loads dropped DLL 64 IoCs

pid	Process
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3052-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x000c000000012244-6.dat	upx
behavioral1/files/0x0008000000016d66-12.dat	upx
behavioral1/files/0x0008000000017021-39.dat	upx
behavioral1/files/0x00050000000195c0-108.dat	upx
behavioral1/memory/2460-104-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x00050000000196ed-141.dat	upx
behavioral1/files/0x0005000000019c34-154.dat	upx
behavioral1/files/0x0009000000016d3b-159.dat	upx
behavioral1/files/0x0005000000019da9-180.dat	upx
behavioral1/memory/2332-3387-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2768-3386-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/1248-3396-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2264-3392-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2136-3399-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2852-3430-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2352-3436-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/1244-3435-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2460-3442-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2852-697-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/3052-695-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0005000000019d40-178.dat	upx
behavioral1/files/0x0005000000019d18-173.dat	upx
behavioral1/files/0x0005000000019c50-168.dat	upx
behavioral1/files/0x0005000000019c36-163.dat	upx
behavioral1/files/0x0005000000019c32-148.dat	upx
behavioral1/files/0x0005000000019659-138.dat	upx
behavioral1/files/0x0005000000019605-133.dat	upx
behavioral1/files/0x0005000000019601-126.dat	upx
behavioral1/files/0x00050000000195fe-124.dat	upx
behavioral1/files/0x00050000000195fb-122.dat	upx
behavioral1/files/0x00050000000195f7-120.dat	upx
behavioral1/memory/2768-116-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0005000000019999-115.dat	upx
behavioral1/files/0x000500000001969b-114.dat	upx
behavioral1/files/0x0005000000019615-90.dat	upx
behavioral1/files/0x0005000000019603-82.dat	upx
behavioral1/memory/2136-77-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x00050000000195ff-75.dat	upx
behavioral1/files/0x00050000000195fd-69.dat	upx
behavioral1/files/0x00050000000195f9-62.dat	upx
behavioral1/memory/1248-96-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2852-61-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0006000000019581-50.dat	upx
behavioral1/files/0x0008000000017466-47.dat	upx
behavioral1/memory/1244-43-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2264-35-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0007000000016ea1-34.dat	upx
behavioral1/memory/2352-31-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x0007000000016dc8-27.dat	upx
behavioral1/memory/2332-23-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0007000000016dc0-22.dat	upx
behavioral1/files/0x0008000000016d4a-11.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oMLkCSP.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssvMHFN.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpdnQAk.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNcsvRr.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRNGfWe.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzjylDW.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VorqEMx.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AeblMci.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNMVqvC.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnsoUSl.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIOtbCt.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvETndY.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxPVfUm.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhODkHo.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMnnpdL.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIazCDE.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HavfbqH.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCjHuFR.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYTZtAu.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjVGcim.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzpsERv.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpkjvSv.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drrITKP.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruyWvur.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhzEnlb.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEHGEXQ.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFzXLJh.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCCAGzW.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psGlPze.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmYAXPQ.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEWcNLn.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXAOkQA.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmMSMya.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tquhRiy.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnaMyVP.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgEJRkx.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRCeKIg.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTXzYJt.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRkCMJC.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hlbXFoG.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpNxHOH.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\daDYOVC.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsBfodk.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tApFNrR.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZspkXt.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqzbEwX.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZrLXbw.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deHjNom.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIFZGNh.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcaZlfF.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haxFqqs.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laaoTQs.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PifdspY.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDugudR.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYKCdVs.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UawdOOv.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXPlXtr.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPegmod.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTxOvJb.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfUfCLD.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivOMigP.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozgeUpw.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQmqMYn.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gojLyzG.exe	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2136	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3052 wrote to memory of 2136	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3052 wrote to memory of 2136	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3052 wrote to memory of 2332	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3052 wrote to memory of 2332	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3052 wrote to memory of 2332	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3052 wrote to memory of 2352	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3052 wrote to memory of 2352	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3052 wrote to memory of 2352	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3052 wrote to memory of 2264	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3052 wrote to memory of 2264	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3052 wrote to memory of 2264	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3052 wrote to memory of 1244	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3052 wrote to memory of 1244	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3052 wrote to memory of 1244	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3052 wrote to memory of 1248	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3052 wrote to memory of 1248	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3052 wrote to memory of 1248	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3052 wrote to memory of 2460	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3052 wrote to memory of 2460	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3052 wrote to memory of 2460	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3052 wrote to memory of 2768	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3052 wrote to memory of 2768	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3052 wrote to memory of 2768	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3052 wrote to memory of 2852	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3052 wrote to memory of 2852	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3052 wrote to memory of 2852	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3052 wrote to memory of 2832	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3052 wrote to memory of 2832	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3052 wrote to memory of 2832	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3052 wrote to memory of 2512	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3052 wrote to memory of 2512	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3052 wrote to memory of 2512	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3052 wrote to memory of 2876	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3052 wrote to memory of 2876	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3052 wrote to memory of 2876	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3052 wrote to memory of 2904	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3052 wrote to memory of 2904	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3052 wrote to memory of 2904	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3052 wrote to memory of 2884	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3052 wrote to memory of 2884	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3052 wrote to memory of 2884	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3052 wrote to memory of 2764	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3052 wrote to memory of 2764	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3052 wrote to memory of 2764	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3052 wrote to memory of 2004	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3052 wrote to memory of 2004	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3052 wrote to memory of 2004	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3052 wrote to memory of 2640	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3052 wrote to memory of 2640	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3052 wrote to memory of 2640	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3052 wrote to memory of 2700	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3052 wrote to memory of 2700	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3052 wrote to memory of 2700	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3052 wrote to memory of 1972	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3052 wrote to memory of 1972	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3052 wrote to memory of 1972	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3052 wrote to memory of 2140	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3052 wrote to memory of 2140	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3052 wrote to memory of 2140	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3052 wrote to memory of 2644	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3052 wrote to memory of 2644	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3052 wrote to memory of 2644	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3052 wrote to memory of 768	3052	2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\1341470983\zmstage.exe
C:\Users\Admin\AppData\Local\Temp\1341470983\zmstage.exe
1⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_b16c9365c735e98252a09945bca4f1d7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\System\vCqySXv.exe
  C:\Windows\System\vCqySXv.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\Ziwbfqe.exe
  C:\Windows\System\Ziwbfqe.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\vBLyWaz.exe
  C:\Windows\System\vBLyWaz.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\oukbzMM.exe
  C:\Windows\System\oukbzMM.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\LSXfRyx.exe
  C:\Windows\System\LSXfRyx.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\upWdWvD.exe
  C:\Windows\System\upWdWvD.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\auVuflb.exe
  C:\Windows\System\auVuflb.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\maIIYcn.exe
  C:\Windows\System\maIIYcn.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\JSHmgAg.exe
  C:\Windows\System\JSHmgAg.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\HGzuxWD.exe
  C:\Windows\System\HGzuxWD.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\YOKXXhC.exe
  C:\Windows\System\YOKXXhC.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\LCHSjXe.exe
  C:\Windows\System\LCHSjXe.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\brNoZzA.exe
  C:\Windows\System\brNoZzA.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\DIRIlTy.exe
  C:\Windows\System\DIRIlTy.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\FrweYtI.exe
  C:\Windows\System\FrweYtI.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\qvUWZar.exe
  C:\Windows\System\qvUWZar.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\bruwFOl.exe
  C:\Windows\System\bruwFOl.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\mbWaZUH.exe
  C:\Windows\System\mbWaZUH.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\EXKbVfD.exe
  C:\Windows\System\EXKbVfD.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\SsnAvcQ.exe
  C:\Windows\System\SsnAvcQ.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\oDDAOos.exe
  C:\Windows\System\oDDAOos.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\twENhyN.exe
  C:\Windows\System\twENhyN.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\Voteqyh.exe
  C:\Windows\System\Voteqyh.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\nElwaQU.exe
  C:\Windows\System\nElwaQU.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\pGrSBEx.exe
  C:\Windows\System\pGrSBEx.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\zqXSMJB.exe
  C:\Windows\System\zqXSMJB.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\IduQStP.exe
  C:\Windows\System\IduQStP.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\MQKjZit.exe
  C:\Windows\System\MQKjZit.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\kGnabJH.exe
  C:\Windows\System\kGnabJH.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\iRzPHXB.exe
  C:\Windows\System\iRzPHXB.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\jncNjWR.exe
  C:\Windows\System\jncNjWR.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\KNZbuiM.exe
  C:\Windows\System\KNZbuiM.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\yOPklua.exe
  C:\Windows\System\yOPklua.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\hXPlXtr.exe
  C:\Windows\System\hXPlXtr.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\hCExkoq.exe
  C:\Windows\System\hCExkoq.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\LhiRjWF.exe
  C:\Windows\System\LhiRjWF.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\XZigRUH.exe
  C:\Windows\System\XZigRUH.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\KInlxdB.exe
  C:\Windows\System\KInlxdB.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\RBxcvWe.exe
  C:\Windows\System\RBxcvWe.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\MQZZcRT.exe
  C:\Windows\System\MQZZcRT.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\LRJztsV.exe
  C:\Windows\System\LRJztsV.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\JsHvRuj.exe
  C:\Windows\System\JsHvRuj.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\TaJOriw.exe
  C:\Windows\System\TaJOriw.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\GGvzHxg.exe
  C:\Windows\System\GGvzHxg.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\XbSYaEG.exe
  C:\Windows\System\XbSYaEG.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\wBFCIOT.exe
  C:\Windows\System\wBFCIOT.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\SbzFEFv.exe
  C:\Windows\System\SbzFEFv.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\qhzEnlb.exe
  C:\Windows\System\qhzEnlb.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\EqDhPBY.exe
  C:\Windows\System\EqDhPBY.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\iEVSwjh.exe
  C:\Windows\System\iEVSwjh.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\oIxdfrU.exe
  C:\Windows\System\oIxdfrU.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\XKXBAPW.exe
  C:\Windows\System\XKXBAPW.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\KhUPGzp.exe
  C:\Windows\System\KhUPGzp.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\PGZMMYI.exe
  C:\Windows\System\PGZMMYI.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\VPkzcsc.exe
  C:\Windows\System\VPkzcsc.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\CiHoteZ.exe
  C:\Windows\System\CiHoteZ.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\qWPIify.exe
  C:\Windows\System\qWPIify.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\aBNLnhc.exe
  C:\Windows\System\aBNLnhc.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\XslYEDj.exe
  C:\Windows\System\XslYEDj.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\JUyySpx.exe
  C:\Windows\System\JUyySpx.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\hiNrffl.exe
  C:\Windows\System\hiNrffl.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\YJlEtex.exe
  C:\Windows\System\YJlEtex.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\pJwfLmt.exe
  C:\Windows\System\pJwfLmt.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\fDqXYsb.exe
  C:\Windows\System\fDqXYsb.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\HgBoQKv.exe
  C:\Windows\System\HgBoQKv.exe
  2⤵
  PID:1384
- C:\Windows\System\RIsQBnv.exe
  C:\Windows\System\RIsQBnv.exe
  2⤵
  PID:1220
- C:\Windows\System\dDvOQYD.exe
  C:\Windows\System\dDvOQYD.exe
  2⤵
  PID:2940
- C:\Windows\System\NaaZwkE.exe
  C:\Windows\System\NaaZwkE.exe
  2⤵
  PID:1600
- C:\Windows\System\MGxRWNy.exe
  C:\Windows\System\MGxRWNy.exe
  2⤵
  PID:1540
- C:\Windows\System\PVhTBcB.exe
  C:\Windows\System\PVhTBcB.exe
  2⤵
  PID:2224
- C:\Windows\System\UauXyzz.exe
  C:\Windows\System\UauXyzz.exe
  2⤵
  PID:2176
- C:\Windows\System\aJaBYHo.exe
  C:\Windows\System\aJaBYHo.exe
  2⤵
  PID:1484
- C:\Windows\System\EemPsmA.exe
  C:\Windows\System\EemPsmA.exe
  2⤵
  PID:2056
- C:\Windows\System\OzzmwqI.exe
  C:\Windows\System\OzzmwqI.exe
  2⤵
  PID:1212
- C:\Windows\System\WaoJfOh.exe
  C:\Windows\System\WaoJfOh.exe
  2⤵
  PID:1344
- C:\Windows\System\BvvmnWc.exe
  C:\Windows\System\BvvmnWc.exe
  2⤵
  PID:648
- C:\Windows\System\tUEsyIG.exe
  C:\Windows\System\tUEsyIG.exe
  2⤵
  PID:1360
- C:\Windows\System\LggcCmg.exe
  C:\Windows\System\LggcCmg.exe
  2⤵
  PID:1716
- C:\Windows\System\gbjYADP.exe
  C:\Windows\System\gbjYADP.exe
  2⤵
  PID:2456
- C:\Windows\System\UZJswHw.exe
  C:\Windows\System\UZJswHw.exe
  2⤵
  PID:988
- C:\Windows\System\cIEZpTI.exe
  C:\Windows\System\cIEZpTI.exe
  2⤵
  PID:2428
- C:\Windows\System\lPltGkY.exe
  C:\Windows\System\lPltGkY.exe
  2⤵
  PID:2936
- C:\Windows\System\KFUuMPy.exe
  C:\Windows\System\KFUuMPy.exe
  2⤵
  PID:2064
- C:\Windows\System\bwGPRsR.exe
  C:\Windows\System\bwGPRsR.exe
  2⤵
  PID:1736
- C:\Windows\System\ZQMnoyB.exe
  C:\Windows\System\ZQMnoyB.exe
  2⤵
  PID:2348
- C:\Windows\System\MfmKTZv.exe
  C:\Windows\System\MfmKTZv.exe
  2⤵
  PID:1576
- C:\Windows\System\VVKEVvD.exe
  C:\Windows\System\VVKEVvD.exe
  2⤵
  PID:2556
- C:\Windows\System\xoHEhvZ.exe
  C:\Windows\System\xoHEhvZ.exe
  2⤵
  PID:2476
- C:\Windows\System\bGHkMZh.exe
  C:\Windows\System\bGHkMZh.exe
  2⤵
  PID:2100
- C:\Windows\System\IdLcTSM.exe
  C:\Windows\System\IdLcTSM.exe
  2⤵
  PID:276
- C:\Windows\System\VYYptMT.exe
  C:\Windows\System\VYYptMT.exe
  2⤵
  PID:2760
- C:\Windows\System\NAOcRvc.exe
  C:\Windows\System\NAOcRvc.exe
  2⤵
  PID:1332
- C:\Windows\System\doqzniZ.exe
  C:\Windows\System\doqzniZ.exe
  2⤵
  PID:2296
- C:\Windows\System\BdBPfAn.exe
  C:\Windows\System\BdBPfAn.exe
  2⤵
  PID:1004
- C:\Windows\System\EuuPxaY.exe
  C:\Windows\System\EuuPxaY.exe
  2⤵
  PID:2160
- C:\Windows\System\QEVGbpM.exe
  C:\Windows\System\QEVGbpM.exe
  2⤵
  PID:1104
- C:\Windows\System\bYSmcHi.exe
  C:\Windows\System\bYSmcHi.exe
  2⤵
  PID:448
- C:\Windows\System\fmDTxzS.exe
  C:\Windows\System\fmDTxzS.exe
  2⤵
  PID:1084
- C:\Windows\System\CdBbeUU.exe
  C:\Windows\System\CdBbeUU.exe
  2⤵
  PID:940
- C:\Windows\System\NdYHTrO.exe
  C:\Windows\System\NdYHTrO.exe
  2⤵
  PID:2036
- C:\Windows\System\IsvKXss.exe
  C:\Windows\System\IsvKXss.exe
  2⤵
  PID:1608
- C:\Windows\System\tXuIuwo.exe
  C:\Windows\System\tXuIuwo.exe
  2⤵
  PID:2156
- C:\Windows\System\iMEvinG.exe
  C:\Windows\System\iMEvinG.exe
  2⤵
  PID:1724
- C:\Windows\System\XYcsIye.exe
  C:\Windows\System\XYcsIye.exe
  2⤵
  PID:1960
- C:\Windows\System\GSLbRZQ.exe
  C:\Windows\System\GSLbRZQ.exe
  2⤵
  PID:876
- C:\Windows\System\szqyZmd.exe
  C:\Windows\System\szqyZmd.exe
  2⤵
  PID:1588
- C:\Windows\System\dpKwMUL.exe
  C:\Windows\System\dpKwMUL.exe
  2⤵
  PID:2732
- C:\Windows\System\EIsagDt.exe
  C:\Windows\System\EIsagDt.exe
  2⤵
  PID:2688
- C:\Windows\System\sFWoXPW.exe
  C:\Windows\System\sFWoXPW.exe
  2⤵
  PID:2672
- C:\Windows\System\zStFNMQ.exe
  C:\Windows\System\zStFNMQ.exe
  2⤵
  PID:2796
- C:\Windows\System\mHCMaID.exe
  C:\Windows\System\mHCMaID.exe
  2⤵
  PID:1664
- C:\Windows\System\ozgeUpw.exe
  C:\Windows\System\ozgeUpw.exe
  2⤵
  PID:2284
- C:\Windows\System\TvRqhnU.exe
  C:\Windows\System\TvRqhnU.exe
  2⤵
  PID:408
- C:\Windows\System\fUFnItY.exe
  C:\Windows\System\fUFnItY.exe
  2⤵
  PID:3084
- C:\Windows\System\cffTRJk.exe
  C:\Windows\System\cffTRJk.exe
  2⤵
  PID:3104
- C:\Windows\System\tTdYAAo.exe
  C:\Windows\System\tTdYAAo.exe
  2⤵
  PID:3124
- C:\Windows\System\LIDtqRJ.exe
  C:\Windows\System\LIDtqRJ.exe
  2⤵
  PID:3144
- C:\Windows\System\DEXdkYi.exe
  C:\Windows\System\DEXdkYi.exe
  2⤵
  PID:3164
- C:\Windows\System\glPrjvY.exe
  C:\Windows\System\glPrjvY.exe
  2⤵
  PID:3184
- C:\Windows\System\GzFVfHr.exe
  C:\Windows\System\GzFVfHr.exe
  2⤵
  PID:3204
- C:\Windows\System\TjMMVrq.exe
  C:\Windows\System\TjMMVrq.exe
  2⤵
  PID:3224
- C:\Windows\System\LncdXiG.exe
  C:\Windows\System\LncdXiG.exe
  2⤵
  PID:3244
- C:\Windows\System\YtmYldn.exe
  C:\Windows\System\YtmYldn.exe
  2⤵
  PID:3264
- C:\Windows\System\lbQtCNy.exe
  C:\Windows\System\lbQtCNy.exe
  2⤵
  PID:3284
- C:\Windows\System\QycCuSe.exe
  C:\Windows\System\QycCuSe.exe
  2⤵
  PID:3304
- C:\Windows\System\GLRIZKe.exe
  C:\Windows\System\GLRIZKe.exe
  2⤵
  PID:3324
- C:\Windows\System\XIOdDzU.exe
  C:\Windows\System\XIOdDzU.exe
  2⤵
  PID:3344
- C:\Windows\System\CZxRLLH.exe
  C:\Windows\System\CZxRLLH.exe
  2⤵
  PID:3364
- C:\Windows\System\BKNCGco.exe
  C:\Windows\System\BKNCGco.exe
  2⤵
  PID:3384
- C:\Windows\System\rUxIDLc.exe
  C:\Windows\System\rUxIDLc.exe
  2⤵
  PID:3404
- C:\Windows\System\zfdlRKE.exe
  C:\Windows\System\zfdlRKE.exe
  2⤵
  PID:3424
- C:\Windows\System\RSITyLe.exe
  C:\Windows\System\RSITyLe.exe
  2⤵
  PID:3440
- C:\Windows\System\cZJWdAf.exe
  C:\Windows\System\cZJWdAf.exe
  2⤵
  PID:3464
- C:\Windows\System\TYcqVLF.exe
  C:\Windows\System\TYcqVLF.exe
  2⤵
  PID:3484
- C:\Windows\System\ojnBevN.exe
  C:\Windows\System\ojnBevN.exe
  2⤵
  PID:3504
- C:\Windows\System\faKujGV.exe
  C:\Windows\System\faKujGV.exe
  2⤵
  PID:3524
- C:\Windows\System\hWuBkqi.exe
  C:\Windows\System\hWuBkqi.exe
  2⤵
  PID:3544
- C:\Windows\System\dBAptqa.exe
  C:\Windows\System\dBAptqa.exe
  2⤵
  PID:3564
- C:\Windows\System\EQUuNbj.exe
  C:\Windows\System\EQUuNbj.exe
  2⤵
  PID:3584
- C:\Windows\System\iTqcMDA.exe
  C:\Windows\System\iTqcMDA.exe
  2⤵
  PID:3604
- C:\Windows\System\EDlmGak.exe
  C:\Windows\System\EDlmGak.exe
  2⤵
  PID:3624
- C:\Windows\System\xwCJDvz.exe
  C:\Windows\System\xwCJDvz.exe
  2⤵
  PID:3644
- C:\Windows\System\mjqMwEA.exe
  C:\Windows\System\mjqMwEA.exe
  2⤵
  PID:3664
- C:\Windows\System\Kqlhzfp.exe
  C:\Windows\System\Kqlhzfp.exe
  2⤵
  PID:3684
- C:\Windows\System\IyybJah.exe
  C:\Windows\System\IyybJah.exe
  2⤵
  PID:3704
- C:\Windows\System\cxRXaEF.exe
  C:\Windows\System\cxRXaEF.exe
  2⤵
  PID:3724
- C:\Windows\System\ZYnSqzc.exe
  C:\Windows\System\ZYnSqzc.exe
  2⤵
  PID:3744
- C:\Windows\System\mBpXmaA.exe
  C:\Windows\System\mBpXmaA.exe
  2⤵
  PID:3764
- C:\Windows\System\vbGhBAA.exe
  C:\Windows\System\vbGhBAA.exe
  2⤵
  PID:3784
- C:\Windows\System\uukxVNS.exe
  C:\Windows\System\uukxVNS.exe
  2⤵
  PID:3804
- C:\Windows\System\QtXOsdB.exe
  C:\Windows\System\QtXOsdB.exe
  2⤵
  PID:3824
- C:\Windows\System\FGCuLOp.exe
  C:\Windows\System\FGCuLOp.exe
  2⤵
  PID:3844
- C:\Windows\System\HuCODIk.exe
  C:\Windows\System\HuCODIk.exe
  2⤵
  PID:3864
- C:\Windows\System\LuVOfDK.exe
  C:\Windows\System\LuVOfDK.exe
  2⤵
  PID:3880
- C:\Windows\System\GxYBTeS.exe
  C:\Windows\System\GxYBTeS.exe
  2⤵
  PID:3904
- C:\Windows\System\YZtqRik.exe
  C:\Windows\System\YZtqRik.exe
  2⤵
  PID:3924
- C:\Windows\System\KlyHRMv.exe
  C:\Windows\System\KlyHRMv.exe
  2⤵
  PID:3944
- C:\Windows\System\SxPVfUm.exe
  C:\Windows\System\SxPVfUm.exe
  2⤵
  PID:3964
- C:\Windows\System\zYcOHEs.exe
  C:\Windows\System\zYcOHEs.exe
  2⤵
  PID:3984
- C:\Windows\System\ESngfkM.exe
  C:\Windows\System\ESngfkM.exe
  2⤵
  PID:4004
- C:\Windows\System\PjthROA.exe
  C:\Windows\System\PjthROA.exe
  2⤵
  PID:4024
- C:\Windows\System\bTZBmFZ.exe
  C:\Windows\System\bTZBmFZ.exe
  2⤵
  PID:4044
- C:\Windows\System\DenYeoO.exe
  C:\Windows\System\DenYeoO.exe
  2⤵
  PID:4064
- C:\Windows\System\OhVKifM.exe
  C:\Windows\System\OhVKifM.exe
  2⤵
  PID:4084
- C:\Windows\System\pRhPLHx.exe
  C:\Windows\System\pRhPLHx.exe
  2⤵
  PID:904
- C:\Windows\System\mHcPZIo.exe
  C:\Windows\System\mHcPZIo.exe
  2⤵
  PID:324
- C:\Windows\System\VvLwDPD.exe
  C:\Windows\System\VvLwDPD.exe
  2⤵
  PID:888
- C:\Windows\System\mmIzGPU.exe
  C:\Windows\System\mmIzGPU.exe
  2⤵
  PID:2408
- C:\Windows\System\XwUTRwI.exe
  C:\Windows\System\XwUTRwI.exe
  2⤵
  PID:2416
- C:\Windows\System\rpuhoGG.exe
  C:\Windows\System\rpuhoGG.exe
  2⤵
  PID:2668
- C:\Windows\System\juAJkBZ.exe
  C:\Windows\System\juAJkBZ.exe
  2⤵
  PID:2900
- C:\Windows\System\snVqlin.exe
  C:\Windows\System\snVqlin.exe
  2⤵
  PID:1200
- C:\Windows\System\dCLQSbC.exe
  C:\Windows\System\dCLQSbC.exe
  2⤵
  PID:1856
- C:\Windows\System\lkNhqwB.exe
  C:\Windows\System\lkNhqwB.exe
  2⤵
  PID:3080
- C:\Windows\System\VjxgkyU.exe
  C:\Windows\System\VjxgkyU.exe
  2⤵
  PID:3140
- C:\Windows\System\baWWUJp.exe
  C:\Windows\System\baWWUJp.exe
  2⤵
  PID:3180
- C:\Windows\System\AlXVEbl.exe
  C:\Windows\System\AlXVEbl.exe
  2⤵
  PID:3212
- C:\Windows\System\VnCWnEG.exe
  C:\Windows\System\VnCWnEG.exe
  2⤵
  PID:3232
- C:\Windows\System\pADXCDg.exe
  C:\Windows\System\pADXCDg.exe
  2⤵
  PID:3256
- C:\Windows\System\SowhsXU.exe
  C:\Windows\System\SowhsXU.exe
  2⤵
  PID:3300
- C:\Windows\System\SOAjgDI.exe
  C:\Windows\System\SOAjgDI.exe
  2⤵
  PID:3316
- C:\Windows\System\mnlAJGa.exe
  C:\Windows\System\mnlAJGa.exe
  2⤵
  PID:3380
- C:\Windows\System\KIuYDRq.exe
  C:\Windows\System\KIuYDRq.exe
  2⤵
  PID:3412
- C:\Windows\System\cWpRckG.exe
  C:\Windows\System\cWpRckG.exe
  2⤵
  PID:3448
- C:\Windows\System\DRJRRwn.exe
  C:\Windows\System\DRJRRwn.exe
  2⤵
  PID:3460
- C:\Windows\System\WQZChPA.exe
  C:\Windows\System\WQZChPA.exe
  2⤵
  PID:3496
- C:\Windows\System\yJNgwTa.exe
  C:\Windows\System\yJNgwTa.exe
  2⤵
  PID:3536
- C:\Windows\System\cCtCeEd.exe
  C:\Windows\System\cCtCeEd.exe
  2⤵
  PID:3576
- C:\Windows\System\zfJHIiZ.exe
  C:\Windows\System\zfJHIiZ.exe
  2⤵
  PID:3592
- C:\Windows\System\CgFAtRE.exe
  C:\Windows\System\CgFAtRE.exe
  2⤵
  PID:3652
- C:\Windows\System\jnsoUSl.exe
  C:\Windows\System\jnsoUSl.exe
  2⤵
  PID:3656
- C:\Windows\System\umGCwjn.exe
  C:\Windows\System\umGCwjn.exe
  2⤵
  PID:3732
- C:\Windows\System\ZRsilkj.exe
  C:\Windows\System\ZRsilkj.exe
  2⤵
  PID:3712
- C:\Windows\System\Aynvafc.exe
  C:\Windows\System\Aynvafc.exe
  2⤵
  PID:3756
- C:\Windows\System\zOgngIL.exe
  C:\Windows\System\zOgngIL.exe
  2⤵
  PID:3812
- C:\Windows\System\QqVvUHd.exe
  C:\Windows\System\QqVvUHd.exe
  2⤵
  PID:3800
- C:\Windows\System\aZrLXbw.exe
  C:\Windows\System\aZrLXbw.exe
  2⤵
  PID:3860
- C:\Windows\System\OQuHuJS.exe
  C:\Windows\System\OQuHuJS.exe
  2⤵
  PID:3896
- C:\Windows\System\qvjoDxF.exe
  C:\Windows\System\qvjoDxF.exe
  2⤵
  PID:3940
- C:\Windows\System\FIHmwVh.exe
  C:\Windows\System\FIHmwVh.exe
  2⤵
  PID:3956
- C:\Windows\System\ZaJdQQa.exe
  C:\Windows\System\ZaJdQQa.exe
  2⤵
  PID:4012
- C:\Windows\System\UCfXtan.exe
  C:\Windows\System\UCfXtan.exe
  2⤵
  PID:4032
- C:\Windows\System\TMtDaBN.exe
  C:\Windows\System\TMtDaBN.exe
  2⤵
  PID:4092
- C:\Windows\System\esluqxl.exe
  C:\Windows\System\esluqxl.exe
  2⤵
  PID:2180
- C:\Windows\System\IlAPAPK.exe
  C:\Windows\System\IlAPAPK.exe
  2⤵
  PID:3020
- C:\Windows\System\yQvUkmH.exe
  C:\Windows\System\yQvUkmH.exe
  2⤵
  PID:1572
- C:\Windows\System\GPdYkbC.exe
  C:\Windows\System\GPdYkbC.exe
  2⤵
  PID:2744
- C:\Windows\System\ZdqNIHN.exe
  C:\Windows\System\ZdqNIHN.exe
  2⤵
  PID:2376
- C:\Windows\System\SbwKiLz.exe
  C:\Windows\System\SbwKiLz.exe
  2⤵
  PID:2600
- C:\Windows\System\UwTsUUB.exe
  C:\Windows\System\UwTsUUB.exe
  2⤵
  PID:3172
- C:\Windows\System\liMMGIt.exe
  C:\Windows\System\liMMGIt.exe
  2⤵
  PID:3220
- C:\Windows\System\hDPQtrJ.exe
  C:\Windows\System\hDPQtrJ.exe
  2⤵
  PID:3272
- C:\Windows\System\ejeuZGI.exe
  C:\Windows\System\ejeuZGI.exe
  2⤵
  PID:3340
- C:\Windows\System\aIFwAkC.exe
  C:\Windows\System\aIFwAkC.exe
  2⤵
  PID:3376
- C:\Windows\System\lyfmIat.exe
  C:\Windows\System\lyfmIat.exe
  2⤵
  PID:3456
- C:\Windows\System\sumQfZx.exe
  C:\Windows\System\sumQfZx.exe
  2⤵
  PID:3512
- C:\Windows\System\mKNuPlD.exe
  C:\Windows\System\mKNuPlD.exe
  2⤵
  PID:3560
- C:\Windows\System\FtpynYk.exe
  C:\Windows\System\FtpynYk.exe
  2⤵
  PID:3516
- C:\Windows\System\MEOMIFl.exe
  C:\Windows\System\MEOMIFl.exe
  2⤵
  PID:3620
- C:\Windows\System\iecRanB.exe
  C:\Windows\System\iecRanB.exe
  2⤵
  PID:3696
- C:\Windows\System\MAYuuhF.exe
  C:\Windows\System\MAYuuhF.exe
  2⤵
  PID:3832
- C:\Windows\System\ChMwwBL.exe
  C:\Windows\System\ChMwwBL.exe
  2⤵
  PID:3772
- C:\Windows\System\hzeJyFl.exe
  C:\Windows\System\hzeJyFl.exe
  2⤵
  PID:3892
- C:\Windows\System\wFulGso.exe
  C:\Windows\System\wFulGso.exe
  2⤵
  PID:3916
- C:\Windows\System\UtIyGvU.exe
  C:\Windows\System\UtIyGvU.exe
  2⤵
  PID:3960
- C:\Windows\System\zGwaVEL.exe
  C:\Windows\System\zGwaVEL.exe
  2⤵
  PID:4060
- C:\Windows\System\QWQYYIP.exe
  C:\Windows\System\QWQYYIP.exe
  2⤵
  PID:1280
- C:\Windows\System\iVnaDZM.exe
  C:\Windows\System\iVnaDZM.exe
  2⤵
  PID:1556
- C:\Windows\System\XcCnuil.exe
  C:\Windows\System\XcCnuil.exe
  2⤵
  PID:3100
- C:\Windows\System\OPiUUmK.exe
  C:\Windows\System\OPiUUmK.exe
  2⤵
  PID:3136
- C:\Windows\System\zFNykMl.exe
  C:\Windows\System\zFNykMl.exe
  2⤵
  PID:3240
- C:\Windows\System\CmqYLMq.exe
  C:\Windows\System\CmqYLMq.exe
  2⤵
  PID:3236
- C:\Windows\System\qClxOmy.exe
  C:\Windows\System\qClxOmy.exe
  2⤵
  PID:3372
- C:\Windows\System\XVESxyP.exe
  C:\Windows\System\XVESxyP.exe
  2⤵
  PID:3500
- C:\Windows\System\WmEpGjj.exe
  C:\Windows\System\WmEpGjj.exe
  2⤵
  PID:4104
- C:\Windows\System\DaWsLUH.exe
  C:\Windows\System\DaWsLUH.exe
  2⤵
  PID:4124
- C:\Windows\System\YMOjDmm.exe
  C:\Windows\System\YMOjDmm.exe
  2⤵
  PID:4144
- C:\Windows\System\ByhSEKx.exe
  C:\Windows\System\ByhSEKx.exe
  2⤵
  PID:4164
- C:\Windows\System\CHwlbiQ.exe
  C:\Windows\System\CHwlbiQ.exe
  2⤵
  PID:4184
- C:\Windows\System\CYOiGBZ.exe
  C:\Windows\System\CYOiGBZ.exe
  2⤵
  PID:4204
- C:\Windows\System\LaNsnyB.exe
  C:\Windows\System\LaNsnyB.exe
  2⤵
  PID:4224
- C:\Windows\System\rodVNiw.exe
  C:\Windows\System\rodVNiw.exe
  2⤵
  PID:4244
- C:\Windows\System\XvhDZBb.exe
  C:\Windows\System\XvhDZBb.exe
  2⤵
  PID:4264
- C:\Windows\System\exyDdZF.exe
  C:\Windows\System\exyDdZF.exe
  2⤵
  PID:4284
- C:\Windows\System\kqffUCY.exe
  C:\Windows\System\kqffUCY.exe
  2⤵
  PID:4304
- C:\Windows\System\YGeRuav.exe
  C:\Windows\System\YGeRuav.exe
  2⤵
  PID:4324
- C:\Windows\System\qfsqXNN.exe
  C:\Windows\System\qfsqXNN.exe
  2⤵
  PID:4344
- C:\Windows\System\qjuMbRw.exe
  C:\Windows\System\qjuMbRw.exe
  2⤵
  PID:4364
- C:\Windows\System\dbijNAV.exe
  C:\Windows\System\dbijNAV.exe
  2⤵
  PID:4384
- C:\Windows\System\tineyAS.exe
  C:\Windows\System\tineyAS.exe
  2⤵
  PID:4404
- C:\Windows\System\QbOfKeE.exe
  C:\Windows\System\QbOfKeE.exe
  2⤵
  PID:4424
- C:\Windows\System\WBuLTcB.exe
  C:\Windows\System\WBuLTcB.exe
  2⤵
  PID:4444
- C:\Windows\System\rvXkExl.exe
  C:\Windows\System\rvXkExl.exe
  2⤵
  PID:4464
- C:\Windows\System\hXkpylU.exe
  C:\Windows\System\hXkpylU.exe
  2⤵
  PID:4484
- C:\Windows\System\CuelNPs.exe
  C:\Windows\System\CuelNPs.exe
  2⤵
  PID:4504
- C:\Windows\System\CssHAmi.exe
  C:\Windows\System\CssHAmi.exe
  2⤵
  PID:4524
- C:\Windows\System\oImzhyf.exe
  C:\Windows\System\oImzhyf.exe
  2⤵
  PID:4544
- C:\Windows\System\rjcFxsM.exe
  C:\Windows\System\rjcFxsM.exe
  2⤵
  PID:4564
- C:\Windows\System\ryhZurj.exe
  C:\Windows\System\ryhZurj.exe
  2⤵
  PID:4584
- C:\Windows\System\peOwrqG.exe
  C:\Windows\System\peOwrqG.exe
  2⤵
  PID:4604
- C:\Windows\System\EXKeXrg.exe
  C:\Windows\System\EXKeXrg.exe
  2⤵
  PID:4624
- C:\Windows\System\ngosjkl.exe
  C:\Windows\System\ngosjkl.exe
  2⤵
  PID:4644
- C:\Windows\System\vkrdpGz.exe
  C:\Windows\System\vkrdpGz.exe
  2⤵
  PID:4664
- C:\Windows\System\vdSZRYh.exe
  C:\Windows\System\vdSZRYh.exe
  2⤵
  PID:4684
- C:\Windows\System\cBgJqFH.exe
  C:\Windows\System\cBgJqFH.exe
  2⤵
  PID:4704
- C:\Windows\System\oFMwrqE.exe
  C:\Windows\System\oFMwrqE.exe
  2⤵
  PID:4724
- C:\Windows\System\uzAKGWj.exe
  C:\Windows\System\uzAKGWj.exe
  2⤵
  PID:4744
- C:\Windows\System\wZIioSA.exe
  C:\Windows\System\wZIioSA.exe
  2⤵
  PID:4764
- C:\Windows\System\QQMENlQ.exe
  C:\Windows\System\QQMENlQ.exe
  2⤵
  PID:4784
- C:\Windows\System\uMlwirq.exe
  C:\Windows\System\uMlwirq.exe
  2⤵
  PID:4808
- C:\Windows\System\pzjylDW.exe
  C:\Windows\System\pzjylDW.exe
  2⤵
  PID:4828
- C:\Windows\System\RqhlUQF.exe
  C:\Windows\System\RqhlUQF.exe
  2⤵
  PID:4852
- C:\Windows\System\XxubMjH.exe
  C:\Windows\System\XxubMjH.exe
  2⤵
  PID:4872
- C:\Windows\System\BmzwVpR.exe
  C:\Windows\System\BmzwVpR.exe
  2⤵
  PID:4892
- C:\Windows\System\xCKJlcr.exe
  C:\Windows\System\xCKJlcr.exe
  2⤵
  PID:4912
- C:\Windows\System\pcdishr.exe
  C:\Windows\System\pcdishr.exe
  2⤵
  PID:4932
- C:\Windows\System\pyParVL.exe
  C:\Windows\System\pyParVL.exe
  2⤵
  PID:4952
- C:\Windows\System\NvWdvds.exe
  C:\Windows\System\NvWdvds.exe
  2⤵
  PID:4972
- C:\Windows\System\lbjCcZP.exe
  C:\Windows\System\lbjCcZP.exe
  2⤵
  PID:4992
- C:\Windows\System\hNAtCoV.exe
  C:\Windows\System\hNAtCoV.exe
  2⤵
  PID:5012
- C:\Windows\System\jmsajst.exe
  C:\Windows\System\jmsajst.exe
  2⤵
  PID:5032
- C:\Windows\System\FfqSxaO.exe
  C:\Windows\System\FfqSxaO.exe
  2⤵
  PID:5052
- C:\Windows\System\iBZnrrr.exe
  C:\Windows\System\iBZnrrr.exe
  2⤵
  PID:5072
- C:\Windows\System\LnuFXXg.exe
  C:\Windows\System\LnuFXXg.exe
  2⤵
  PID:5092
- C:\Windows\System\CdbFKTu.exe
  C:\Windows\System\CdbFKTu.exe
  2⤵
  PID:5112
- C:\Windows\System\QhSwhhq.exe
  C:\Windows\System\QhSwhhq.exe
  2⤵
  PID:3616
- C:\Windows\System\BPHiJjZ.exe
  C:\Windows\System\BPHiJjZ.exe
  2⤵
  PID:3780
- C:\Windows\System\dGbhzTu.exe
  C:\Windows\System\dGbhzTu.exe
  2⤵
  PID:3680
- C:\Windows\System\RAWTIeR.exe
  C:\Windows\System\RAWTIeR.exe
  2⤵
  PID:3912
- C:\Windows\System\MUeueiB.exe
  C:\Windows\System\MUeueiB.exe
  2⤵
  PID:1532
- C:\Windows\System\zPlnudN.exe
  C:\Windows\System\zPlnudN.exe
  2⤵
  PID:1772
- C:\Windows\System\MZTgQRS.exe
  C:\Windows\System\MZTgQRS.exe
  2⤵
  PID:1408
- C:\Windows\System\dGblUCF.exe
  C:\Windows\System\dGblUCF.exe
  2⤵
  PID:3112
- C:\Windows\System\VLAWLrC.exe
  C:\Windows\System\VLAWLrC.exe
  2⤵
  PID:3312
- C:\Windows\System\HsPFmDe.exe
  C:\Windows\System\HsPFmDe.exe
  2⤵
  PID:3480
- C:\Windows\System\rwWdyNI.exe
  C:\Windows\System\rwWdyNI.exe
  2⤵
  PID:4112
- C:\Windows\System\QQdgIBa.exe
  C:\Windows\System\QQdgIBa.exe
  2⤵
  PID:4140
- C:\Windows\System\YHIrFqw.exe
  C:\Windows\System\YHIrFqw.exe
  2⤵
  PID:4180
- C:\Windows\System\aEacXkQ.exe
  C:\Windows\System\aEacXkQ.exe
  2⤵
  PID:4212
- C:\Windows\System\RFiiaEh.exe
  C:\Windows\System\RFiiaEh.exe
  2⤵
  PID:4240
- C:\Windows\System\WRjVAOJ.exe
  C:\Windows\System\WRjVAOJ.exe
  2⤵
  PID:4280
- C:\Windows\System\wRMNTuO.exe
  C:\Windows\System\wRMNTuO.exe
  2⤵
  PID:4312
- C:\Windows\System\ubufvoA.exe
  C:\Windows\System\ubufvoA.exe
  2⤵
  PID:4316
- C:\Windows\System\CEPhLiN.exe
  C:\Windows\System\CEPhLiN.exe
  2⤵
  PID:4356
- C:\Windows\System\NIOtbCt.exe
  C:\Windows\System\NIOtbCt.exe
  2⤵
  PID:4420
- C:\Windows\System\CvSKRBO.exe
  C:\Windows\System\CvSKRBO.exe
  2⤵
  PID:4492
- C:\Windows\System\esMSXoD.exe
  C:\Windows\System\esMSXoD.exe
  2⤵
  PID:4540
- C:\Windows\System\UmThGIA.exe
  C:\Windows\System\UmThGIA.exe
  2⤵
  PID:4472
- C:\Windows\System\kwPDkcm.exe
  C:\Windows\System\kwPDkcm.exe
  2⤵
  PID:4516
- C:\Windows\System\AFTucga.exe
  C:\Windows\System\AFTucga.exe
  2⤵
  PID:4556
- C:\Windows\System\eCiOMvx.exe
  C:\Windows\System\eCiOMvx.exe
  2⤵
  PID:4612
- C:\Windows\System\tzVrdqR.exe
  C:\Windows\System\tzVrdqR.exe
  2⤵
  PID:4692
- C:\Windows\System\GRWjCTp.exe
  C:\Windows\System\GRWjCTp.exe
  2⤵
  PID:4736
- C:\Windows\System\JXryVtE.exe
  C:\Windows\System\JXryVtE.exe
  2⤵
  PID:4672
- C:\Windows\System\brsFzxH.exe
  C:\Windows\System\brsFzxH.exe
  2⤵
  PID:4752
- C:\Windows\System\mQqSpTb.exe
  C:\Windows\System\mQqSpTb.exe
  2⤵
  PID:4776
- C:\Windows\System\EeIAvJk.exe
  C:\Windows\System\EeIAvJk.exe
  2⤵
  PID:4824
- C:\Windows\System\vJLEosO.exe
  C:\Windows\System\vJLEosO.exe
  2⤵
  PID:4868
- C:\Windows\System\AJeyqrM.exe
  C:\Windows\System\AJeyqrM.exe
  2⤵
  PID:4884
- C:\Windows\System\rYIvjaR.exe
  C:\Windows\System\rYIvjaR.exe
  2⤵
  PID:4924
- C:\Windows\System\OKEdNGS.exe
  C:\Windows\System\OKEdNGS.exe
  2⤵
  PID:4968
- C:\Windows\System\SJqjegk.exe
  C:\Windows\System\SJqjegk.exe
  2⤵
  PID:5020
- C:\Windows\System\jhMpzNa.exe
  C:\Windows\System\jhMpzNa.exe
  2⤵
  PID:5024
- C:\Windows\System\BXOODHA.exe
  C:\Windows\System\BXOODHA.exe
  2⤵
  PID:5044
- C:\Windows\System\aASNCCc.exe
  C:\Windows\System\aASNCCc.exe
  2⤵
  PID:5104
- C:\Windows\System\TYarpSN.exe
  C:\Windows\System\TYarpSN.exe
  2⤵
  PID:3740
- C:\Windows\System\nJDGvYK.exe
  C:\Windows\System\nJDGvYK.exe
  2⤵
  PID:3676
- C:\Windows\System\aoqsXgs.exe
  C:\Windows\System\aoqsXgs.exe
  2⤵
  PID:3980
- C:\Windows\System\mRGawwN.exe
  C:\Windows\System\mRGawwN.exe
  2⤵
  PID:3972
- C:\Windows\System\pCHUcXA.exe
  C:\Windows\System\pCHUcXA.exe
  2⤵
  PID:3116
- C:\Windows\System\OchdIAs.exe
  C:\Windows\System\OchdIAs.exe
  2⤵
  PID:3332
- C:\Windows\System\FamjvNc.exe
  C:\Windows\System\FamjvNc.exe
  2⤵
  PID:3540
- C:\Windows\System\ZeBnsDV.exe
  C:\Windows\System\ZeBnsDV.exe
  2⤵
  PID:4156
- C:\Windows\System\pktBVaC.exe
  C:\Windows\System\pktBVaC.exe
  2⤵
  PID:4252
- C:\Windows\System\GTdxHOf.exe
  C:\Windows\System\GTdxHOf.exe
  2⤵
  PID:4256
- C:\Windows\System\BxZXykp.exe
  C:\Windows\System\BxZXykp.exe
  2⤵
  PID:4400
- C:\Windows\System\DDbYCFU.exe
  C:\Windows\System\DDbYCFU.exe
  2⤵
  PID:4296
- C:\Windows\System\eWNvlSc.exe
  C:\Windows\System\eWNvlSc.exe
  2⤵
  PID:4452
- C:\Windows\System\qQmZOxP.exe
  C:\Windows\System\qQmZOxP.exe
  2⤵
  PID:4436
- C:\Windows\System\ZFuBHyf.exe
  C:\Windows\System\ZFuBHyf.exe
  2⤵
  PID:4592
- C:\Windows\System\tEudznO.exe
  C:\Windows\System\tEudznO.exe
  2⤵
  PID:4732
- C:\Windows\System\qGbbTto.exe
  C:\Windows\System\qGbbTto.exe
  2⤵
  PID:4580
- C:\Windows\System\oMLkCSP.exe
  C:\Windows\System\oMLkCSP.exe
  2⤵
  PID:4656
- C:\Windows\System\uhEBjDl.exe
  C:\Windows\System\uhEBjDl.exe
  2⤵
  PID:4792
- C:\Windows\System\jyeoIls.exe
  C:\Windows\System\jyeoIls.exe
  2⤵
  PID:4760
- C:\Windows\System\BmFxiLb.exe
  C:\Windows\System\BmFxiLb.exe
  2⤵
  PID:4900
- C:\Windows\System\lwasduC.exe
  C:\Windows\System\lwasduC.exe
  2⤵
  PID:4920
- C:\Windows\System\jEwqZEx.exe
  C:\Windows\System\jEwqZEx.exe
  2⤵
  PID:5004
- C:\Windows\System\tsAawRX.exe
  C:\Windows\System\tsAawRX.exe
  2⤵
  PID:5048
- C:\Windows\System\NJuZTHO.exe
  C:\Windows\System\NJuZTHO.exe
  2⤵
  PID:3580
- C:\Windows\System\EOsJBbK.exe
  C:\Windows\System\EOsJBbK.exe
  2⤵
  PID:3992
- C:\Windows\System\KmiwHPh.exe
  C:\Windows\System\KmiwHPh.exe
  2⤵
  PID:2716
- C:\Windows\System\knoOmnQ.exe
  C:\Windows\System\knoOmnQ.exe
  2⤵
  PID:4152
- C:\Windows\System\lroxfhW.exe
  C:\Windows\System\lroxfhW.exe
  2⤵
  PID:4100
- C:\Windows\System\SXtxeFR.exe
  C:\Windows\System\SXtxeFR.exe
  2⤵
  PID:2560
- C:\Windows\System\ZGQKaft.exe
  C:\Windows\System\ZGQKaft.exe
  2⤵
  PID:5128
- C:\Windows\System\ASLYYhB.exe
  C:\Windows\System\ASLYYhB.exe
  2⤵
  PID:5152
- C:\Windows\System\OvKVkiH.exe
  C:\Windows\System\OvKVkiH.exe
  2⤵
  PID:5176
- C:\Windows\System\PHoBohw.exe
  C:\Windows\System\PHoBohw.exe
  2⤵
  PID:5192
- C:\Windows\System\MYDlgbR.exe
  C:\Windows\System\MYDlgbR.exe
  2⤵
  PID:5228
- C:\Windows\System\ZmJoGvk.exe
  C:\Windows\System\ZmJoGvk.exe
  2⤵
  PID:5244
- C:\Windows\System\RvxHrTw.exe
  C:\Windows\System\RvxHrTw.exe
  2⤵
  PID:5264
- C:\Windows\System\mPVqWGt.exe
  C:\Windows\System\mPVqWGt.exe
  2⤵
  PID:5284
- C:\Windows\System\tImllSk.exe
  C:\Windows\System\tImllSk.exe
  2⤵
  PID:5308
- C:\Windows\System\FTWyvGM.exe
  C:\Windows\System\FTWyvGM.exe
  2⤵
  PID:5324
- C:\Windows\System\KPegmod.exe
  C:\Windows\System\KPegmod.exe
  2⤵
  PID:5348
- C:\Windows\System\JfnrbMn.exe
  C:\Windows\System\JfnrbMn.exe
  2⤵
  PID:5368
- C:\Windows\System\WeXLbDV.exe
  C:\Windows\System\WeXLbDV.exe
  2⤵
  PID:5388
- C:\Windows\System\yyHPsNQ.exe
  C:\Windows\System\yyHPsNQ.exe
  2⤵
  PID:5408
- C:\Windows\System\RskfUPX.exe
  C:\Windows\System\RskfUPX.exe
  2⤵
  PID:5424
- C:\Windows\System\hrBQUeN.exe
  C:\Windows\System\hrBQUeN.exe
  2⤵
  PID:5444
- C:\Windows\System\EEphoSB.exe
  C:\Windows\System\EEphoSB.exe
  2⤵
  PID:5460
- C:\Windows\System\wRdayPZ.exe
  C:\Windows\System\wRdayPZ.exe
  2⤵
  PID:5484
- C:\Windows\System\TgLkCgL.exe
  C:\Windows\System\TgLkCgL.exe
  2⤵
  PID:5508
- C:\Windows\System\rNLGtDY.exe
  C:\Windows\System\rNLGtDY.exe
  2⤵
  PID:5528
- C:\Windows\System\AlaIeUf.exe
  C:\Windows\System\AlaIeUf.exe
  2⤵
  PID:5548
- C:\Windows\System\BXzbzfP.exe
  C:\Windows\System\BXzbzfP.exe
  2⤵
  PID:5564
- C:\Windows\System\hVFIfHR.exe
  C:\Windows\System\hVFIfHR.exe
  2⤵
  PID:5588
- C:\Windows\System\qakOWAQ.exe
  C:\Windows\System\qakOWAQ.exe
  2⤵
  PID:5608
- C:\Windows\System\ZjKtjbr.exe
  C:\Windows\System\ZjKtjbr.exe
  2⤵
  PID:5632
- C:\Windows\System\qOtzxpn.exe
  C:\Windows\System\qOtzxpn.exe
  2⤵
  PID:5656
- C:\Windows\System\DDugudR.exe
  C:\Windows\System\DDugudR.exe
  2⤵
  PID:5676
- C:\Windows\System\xYTZtAu.exe
  C:\Windows\System\xYTZtAu.exe
  2⤵
  PID:5696
- C:\Windows\System\NLClEuz.exe
  C:\Windows\System\NLClEuz.exe
  2⤵
  PID:5716
- C:\Windows\System\zZOhtAR.exe
  C:\Windows\System\zZOhtAR.exe
  2⤵
  PID:5736
- C:\Windows\System\BKBvFFv.exe
  C:\Windows\System\BKBvFFv.exe
  2⤵
  PID:5756
- C:\Windows\System\txYlGkk.exe
  C:\Windows\System\txYlGkk.exe
  2⤵
  PID:5776
- C:\Windows\System\DbLRXXM.exe
  C:\Windows\System\DbLRXXM.exe
  2⤵
  PID:5796
- C:\Windows\System\GHFqbuH.exe
  C:\Windows\System\GHFqbuH.exe
  2⤵
  PID:5816
- C:\Windows\System\mYziQSn.exe
  C:\Windows\System\mYziQSn.exe
  2⤵
  PID:5836
- C:\Windows\System\WmuVpZv.exe
  C:\Windows\System\WmuVpZv.exe
  2⤵
  PID:5856
- C:\Windows\System\VSstJXb.exe
  C:\Windows\System\VSstJXb.exe
  2⤵
  PID:5876
- C:\Windows\System\CigVKIF.exe
  C:\Windows\System\CigVKIF.exe
  2⤵
  PID:5892
- C:\Windows\System\HlHzgLc.exe
  C:\Windows\System\HlHzgLc.exe
  2⤵
  PID:5916
- C:\Windows\System\GavXxCp.exe
  C:\Windows\System\GavXxCp.exe
  2⤵
  PID:5936
- C:\Windows\System\QnYhynO.exe
  C:\Windows\System\QnYhynO.exe
  2⤵
  PID:5956
- C:\Windows\System\jKYOCJZ.exe
  C:\Windows\System\jKYOCJZ.exe
  2⤵
  PID:5976
- C:\Windows\System\GpWDYYD.exe
  C:\Windows\System\GpWDYYD.exe
  2⤵
  PID:5992
- C:\Windows\System\OHaFKXX.exe
  C:\Windows\System\OHaFKXX.exe
  2⤵
  PID:6016
- C:\Windows\System\GmXtflc.exe
  C:\Windows\System\GmXtflc.exe
  2⤵
  PID:6036
- C:\Windows\System\VFTnlog.exe
  C:\Windows\System\VFTnlog.exe
  2⤵
  PID:6056
- C:\Windows\System\cckGnGX.exe
  C:\Windows\System\cckGnGX.exe
  2⤵
  PID:6072
- C:\Windows\System\vhElaJA.exe
  C:\Windows\System\vhElaJA.exe
  2⤵
  PID:6092
- C:\Windows\System\LHzJsQw.exe
  C:\Windows\System\LHzJsQw.exe
  2⤵
  PID:6116
- C:\Windows\System\BrrEHGc.exe
  C:\Windows\System\BrrEHGc.exe
  2⤵
  PID:6132
- C:\Windows\System\SJjSUGS.exe
  C:\Windows\System\SJjSUGS.exe
  2⤵
  PID:4460
- C:\Windows\System\pdKnbhc.exe
  C:\Windows\System\pdKnbhc.exe
  2⤵
  PID:4520
- C:\Windows\System\XMKQTHM.exe
  C:\Windows\System\XMKQTHM.exe
  2⤵
  PID:4696
- C:\Windows\System\KGYjeAI.exe
  C:\Windows\System\KGYjeAI.exe
  2⤵
  PID:4712
- C:\Windows\System\pgaLtIs.exe
  C:\Windows\System\pgaLtIs.exe
  2⤵
  PID:4960
- C:\Windows\System\BNZZSFT.exe
  C:\Windows\System\BNZZSFT.exe
  2⤵
  PID:3776
- C:\Windows\System\ttKIIws.exe
  C:\Windows\System\ttKIIws.exe
  2⤵
  PID:4840
- C:\Windows\System\JyDjBrU.exe
  C:\Windows\System\JyDjBrU.exe
  2⤵
  PID:5100
- C:\Windows\System\pCvQJHU.exe
  C:\Windows\System\pCvQJHU.exe
  2⤵
  PID:3176
- C:\Windows\System\itAMyeE.exe
  C:\Windows\System\itAMyeE.exe
  2⤵
  PID:4232
- C:\Windows\System\QsvSeeP.exe
  C:\Windows\System\QsvSeeP.exe
  2⤵
  PID:4320
- C:\Windows\System\meammqZ.exe
  C:\Windows\System\meammqZ.exe
  2⤵
  PID:4196
- C:\Windows\System\bRVTlEn.exe
  C:\Windows\System\bRVTlEn.exe
  2⤵
  PID:5168
- C:\Windows\System\dlaeAOK.exe
  C:\Windows\System\dlaeAOK.exe
  2⤵
  PID:5212
- C:\Windows\System\lWDyQrS.exe
  C:\Windows\System\lWDyQrS.exe
  2⤵
  PID:5260
- C:\Windows\System\zTQxbFI.exe
  C:\Windows\System\zTQxbFI.exe
  2⤵
  PID:5296
- C:\Windows\System\yXjxFzS.exe
  C:\Windows\System\yXjxFzS.exe
  2⤵
  PID:5280
- C:\Windows\System\kCZKLYn.exe
  C:\Windows\System\kCZKLYn.exe
  2⤵
  PID:5336
- C:\Windows\System\aaWAxge.exe
  C:\Windows\System\aaWAxge.exe
  2⤵
  PID:5356
- C:\Windows\System\IglJxbL.exe
  C:\Windows\System\IglJxbL.exe
  2⤵
  PID:5416
- C:\Windows\System\Dpolonc.exe
  C:\Windows\System\Dpolonc.exe
  2⤵
  PID:5400
- C:\Windows\System\LxuAdEe.exe
  C:\Windows\System\LxuAdEe.exe
  2⤵
  PID:5500
- C:\Windows\System\TESisOB.exe
  C:\Windows\System\TESisOB.exe
  2⤵
  PID:5472
- C:\Windows\System\tkqvYOu.exe
  C:\Windows\System\tkqvYOu.exe
  2⤵
  PID:5540
- C:\Windows\System\bxhxtIV.exe
  C:\Windows\System\bxhxtIV.exe
  2⤵
  PID:5584
- C:\Windows\System\azRDsaX.exe
  C:\Windows\System\azRDsaX.exe
  2⤵
  PID:5624
- C:\Windows\System\jvfIVDw.exe
  C:\Windows\System\jvfIVDw.exe
  2⤵
  PID:5604
- C:\Windows\System\qQAyZGk.exe
  C:\Windows\System\qQAyZGk.exe
  2⤵
  PID:5644
- C:\Windows\System\tjsDSaU.exe
  C:\Windows\System\tjsDSaU.exe
  2⤵
  PID:5692
- C:\Windows\System\MBMBvNI.exe
  C:\Windows\System\MBMBvNI.exe
  2⤵
  PID:2752
- C:\Windows\System\YNpyHar.exe
  C:\Windows\System\YNpyHar.exe
  2⤵
  PID:5792
- C:\Windows\System\djQQSNz.exe
  C:\Windows\System\djQQSNz.exe
  2⤵
  PID:5824
- C:\Windows\System\AjrgpOh.exe
  C:\Windows\System\AjrgpOh.exe
  2⤵
  PID:5828
- C:\Windows\System\UAIDntY.exe
  C:\Windows\System\UAIDntY.exe
  2⤵
  PID:5848
- C:\Windows\System\owENtZb.exe
  C:\Windows\System\owENtZb.exe
  2⤵
  PID:5904
- C:\Windows\System\fyiItdb.exe
  C:\Windows\System\fyiItdb.exe
  2⤵
  PID:5924
- C:\Windows\System\WycOMYB.exe
  C:\Windows\System\WycOMYB.exe
  2⤵
  PID:5972
- C:\Windows\System\uaVOcfW.exe
  C:\Windows\System\uaVOcfW.exe
  2⤵
  PID:6004
- C:\Windows\System\aaNmaWs.exe
  C:\Windows\System\aaNmaWs.exe
  2⤵
  PID:6028
- C:\Windows\System\AUBFJFh.exe
  C:\Windows\System\AUBFJFh.exe
  2⤵
  PID:6048
- C:\Windows\System\yFwBBER.exe
  C:\Windows\System\yFwBBER.exe
  2⤵
  PID:6084
- C:\Windows\System\IIvpMox.exe
  C:\Windows\System\IIvpMox.exe
  2⤵
  PID:4360
- C:\Windows\System\LUVfEpB.exe
  C:\Windows\System\LUVfEpB.exe
  2⤵
  PID:4512
- C:\Windows\System\SMbdjVX.exe
  C:\Windows\System\SMbdjVX.exe
  2⤵
  PID:4600
- C:\Windows\System\iADLfma.exe
  C:\Windows\System\iADLfma.exe
  2⤵
  PID:4756
- C:\Windows\System\ToaEIzK.exe
  C:\Windows\System\ToaEIzK.exe
  2⤵
  PID:4880
- C:\Windows\System\EAKhjQC.exe
  C:\Windows\System\EAKhjQC.exe
  2⤵
  PID:4944
- C:\Windows\System\tQNrISC.exe
  C:\Windows\System\tQNrISC.exe
  2⤵
  PID:2896
- C:\Windows\System\vQUrLAj.exe
  C:\Windows\System\vQUrLAj.exe
  2⤵
  PID:5136
- C:\Windows\System\fPtoRXF.exe
  C:\Windows\System\fPtoRXF.exe
  2⤵
  PID:4412
- C:\Windows\System\VBUhlHu.exe
  C:\Windows\System\VBUhlHu.exe
  2⤵
  PID:5184
- C:\Windows\System\JqxBZfP.exe
  C:\Windows\System\JqxBZfP.exe
  2⤵
  PID:5240
- C:\Windows\System\lXYZqgo.exe
  C:\Windows\System\lXYZqgo.exe
  2⤵
  PID:1044
- C:\Windows\System\ojbsNsN.exe
  C:\Windows\System\ojbsNsN.exe
  2⤵
  PID:2508
- C:\Windows\System\GJBETqq.exe
  C:\Windows\System\GJBETqq.exe
  2⤵
  PID:5456
- C:\Windows\System\NkFgfDK.exe
  C:\Windows\System\NkFgfDK.exe
  2⤵
  PID:2528
- C:\Windows\System\pNSuIfy.exe
  C:\Windows\System\pNSuIfy.exe
  2⤵
  PID:5496
- C:\Windows\System\BUXWlvw.exe
  C:\Windows\System\BUXWlvw.exe
  2⤵
  PID:5524
- C:\Windows\System\rVXFSqv.exe
  C:\Windows\System\rVXFSqv.exe
  2⤵
  PID:5520
- C:\Windows\System\lXECZSk.exe
  C:\Windows\System\lXECZSk.exe
  2⤵
  PID:5616
- C:\Windows\System\ehMrkTe.exe
  C:\Windows\System\ehMrkTe.exe
  2⤵
  PID:5668
- C:\Windows\System\lnbXgqM.exe
  C:\Windows\System\lnbXgqM.exe
  2⤵
  PID:5728
- C:\Windows\System\rEgLJdT.exe
  C:\Windows\System\rEgLJdT.exe
  2⤵
  PID:5748
- C:\Windows\System\KwJhUNu.exe
  C:\Windows\System\KwJhUNu.exe
  2⤵
  PID:5764
- C:\Windows\System\pkfqSpN.exe
  C:\Windows\System\pkfqSpN.exe
  2⤵
  PID:5872
- C:\Windows\System\pytneGX.exe
  C:\Windows\System\pytneGX.exe
  2⤵
  PID:5948
- C:\Windows\System\tBhDKmq.exe
  C:\Windows\System\tBhDKmq.exe
  2⤵
  PID:5928
- C:\Windows\System\sidTgeD.exe
  C:\Windows\System\sidTgeD.exe
  2⤵
  PID:6000
- C:\Windows\System\qcgInSV.exe
  C:\Windows\System\qcgInSV.exe
  2⤵
  PID:6068
- C:\Windows\System\twhVZYt.exe
  C:\Windows\System\twhVZYt.exe
  2⤵
  PID:6124
- C:\Windows\System\FLXkbKc.exe
  C:\Windows\System\FLXkbKc.exe
  2⤵
  PID:4716
- C:\Windows\System\qtHuURg.exe
  C:\Windows\System\qtHuURg.exe
  2⤵
  PID:4352
- C:\Windows\System\rCTTEZY.exe
  C:\Windows\System\rCTTEZY.exe
  2⤵
  PID:4984
- C:\Windows\System\axYcLPx.exe
  C:\Windows\System\axYcLPx.exe
  2⤵
  PID:5108
- C:\Windows\System\mgtgjyR.exe
  C:\Windows\System\mgtgjyR.exe
  2⤵
  PID:4272
- C:\Windows\System\rJzztwT.exe
  C:\Windows\System\rJzztwT.exe
  2⤵
  PID:5188
- C:\Windows\System\xJTczjU.exe
  C:\Windows\System\xJTczjU.exe
  2⤵
  PID:5140
- C:\Windows\System\ZFJvaru.exe
  C:\Windows\System\ZFJvaru.exe
  2⤵
  PID:5384
- C:\Windows\System\HTXzYJt.exe
  C:\Windows\System\HTXzYJt.exe
  2⤵
  PID:5380
- C:\Windows\System\QLbVhJT.exe
  C:\Windows\System\QLbVhJT.exe
  2⤵
  PID:5544
- C:\Windows\System\IPorqOv.exe
  C:\Windows\System\IPorqOv.exe
  2⤵
  PID:5596
- C:\Windows\System\RCCwiCN.exe
  C:\Windows\System\RCCwiCN.exe
  2⤵
  PID:5672
- C:\Windows\System\MuiWgeH.exe
  C:\Windows\System\MuiWgeH.exe
  2⤵
  PID:5744
- C:\Windows\System\LbtMchP.exe
  C:\Windows\System\LbtMchP.exe
  2⤵
  PID:5812
- C:\Windows\System\FRIfUgb.exe
  C:\Windows\System\FRIfUgb.exe
  2⤵
  PID:5952
- C:\Windows\System\QJZcNKC.exe
  C:\Windows\System\QJZcNKC.exe
  2⤵
  PID:5908
- C:\Windows\System\dHtEVhs.exe
  C:\Windows\System\dHtEVhs.exe
  2⤵
  PID:6044
- C:\Windows\System\ODPCMew.exe
  C:\Windows\System\ODPCMew.exe
  2⤵
  PID:4372
- C:\Windows\System\aYPfmvD.exe
  C:\Windows\System\aYPfmvD.exe
  2⤵
  PID:4804
- C:\Windows\System\WUKhNOB.exe
  C:\Windows\System\WUKhNOB.exe
  2⤵
  PID:5300
- C:\Windows\System\ZxKYqUn.exe
  C:\Windows\System\ZxKYqUn.exe
  2⤵
  PID:3416
- C:\Windows\System\UKEXrNx.exe
  C:\Windows\System\UKEXrNx.exe
  2⤵
  PID:5396
- C:\Windows\System\qlpyedF.exe
  C:\Windows\System\qlpyedF.exe
  2⤵
  PID:5468
- C:\Windows\System\lQMFJkq.exe
  C:\Windows\System\lQMFJkq.exe
  2⤵
  PID:5440
- C:\Windows\System\efGcCPz.exe
  C:\Windows\System\efGcCPz.exe
  2⤵
  PID:5900
- C:\Windows\System\ybhhVAh.exe
  C:\Windows\System\ybhhVAh.exe
  2⤵
  PID:2972
- C:\Windows\System\gaTUdTd.exe
  C:\Windows\System\gaTUdTd.exe
  2⤵
  PID:5844
- C:\Windows\System\PHpKutZ.exe
  C:\Windows\System\PHpKutZ.exe
  2⤵
  PID:4780
- C:\Windows\System\EeElXnI.exe
  C:\Windows\System\EeElXnI.exe
  2⤵
  PID:3792
- C:\Windows\System\gcdrwug.exe
  C:\Windows\System\gcdrwug.exe
  2⤵
  PID:6156
- C:\Windows\System\jpdDfSe.exe
  C:\Windows\System\jpdDfSe.exe
  2⤵
  PID:6176
- C:\Windows\System\zkcZIur.exe
  C:\Windows\System\zkcZIur.exe
  2⤵
  PID:6196
- C:\Windows\System\WegEmDP.exe
  C:\Windows\System\WegEmDP.exe
  2⤵
  PID:6216
- C:\Windows\System\ChWqsVX.exe
  C:\Windows\System\ChWqsVX.exe
  2⤵
  PID:6236
- C:\Windows\System\MAGbotQ.exe
  C:\Windows\System\MAGbotQ.exe
  2⤵
  PID:6256
- C:\Windows\System\ljjebyy.exe
  C:\Windows\System\ljjebyy.exe
  2⤵
  PID:6272
- C:\Windows\System\ifCQntH.exe
  C:\Windows\System\ifCQntH.exe
  2⤵
  PID:6296
- C:\Windows\System\AzsPlHm.exe
  C:\Windows\System\AzsPlHm.exe
  2⤵
  PID:6316
- C:\Windows\System\ixuiAzR.exe
  C:\Windows\System\ixuiAzR.exe
  2⤵
  PID:6336
- C:\Windows\System\BleaBOU.exe
  C:\Windows\System\BleaBOU.exe
  2⤵
  PID:6352
- C:\Windows\System\wkyXFnJ.exe
  C:\Windows\System\wkyXFnJ.exe
  2⤵
  PID:6376
- C:\Windows\System\STKvrqZ.exe
  C:\Windows\System\STKvrqZ.exe
  2⤵
  PID:6396
- C:\Windows\System\aUJdrQg.exe
  C:\Windows\System\aUJdrQg.exe
  2⤵
  PID:6416
- C:\Windows\System\nBkpMYx.exe
  C:\Windows\System\nBkpMYx.exe
  2⤵
  PID:6436
- C:\Windows\System\yCZFjiZ.exe
  C:\Windows\System\yCZFjiZ.exe
  2⤵
  PID:6456
- C:\Windows\System\mmTSFQj.exe
  C:\Windows\System\mmTSFQj.exe
  2⤵
  PID:6476
- C:\Windows\System\oykbPMj.exe
  C:\Windows\System\oykbPMj.exe
  2⤵
  PID:6496
- C:\Windows\System\hOgkLCx.exe
  C:\Windows\System\hOgkLCx.exe
  2⤵
  PID:6516
- C:\Windows\System\zOKVDvj.exe
  C:\Windows\System\zOKVDvj.exe
  2⤵
  PID:6536
- C:\Windows\System\QYYNjVy.exe
  C:\Windows\System\QYYNjVy.exe
  2⤵
  PID:6556
- C:\Windows\System\AGqqlVT.exe
  C:\Windows\System\AGqqlVT.exe
  2⤵
  PID:6576
- C:\Windows\System\ScAMpsC.exe
  C:\Windows\System\ScAMpsC.exe
  2⤵
  PID:6596
- C:\Windows\System\JmQldvm.exe
  C:\Windows\System\JmQldvm.exe
  2⤵
  PID:6616
- C:\Windows\System\ttEndyX.exe
  C:\Windows\System\ttEndyX.exe
  2⤵
  PID:6636
- C:\Windows\System\BrPIkMV.exe
  C:\Windows\System\BrPIkMV.exe
  2⤵
  PID:6656
- C:\Windows\System\sQgBCHc.exe
  C:\Windows\System\sQgBCHc.exe
  2⤵
  PID:6676
- C:\Windows\System\bKcuyoQ.exe
  C:\Windows\System\bKcuyoQ.exe
  2⤵
  PID:6696
- C:\Windows\System\cwhqlog.exe
  C:\Windows\System\cwhqlog.exe
  2⤵
  PID:6716
- C:\Windows\System\OsOLvTt.exe
  C:\Windows\System\OsOLvTt.exe
  2⤵
  PID:6736
- C:\Windows\System\bjnUxFb.exe
  C:\Windows\System\bjnUxFb.exe
  2⤵
  PID:6756
- C:\Windows\System\osVYXSw.exe
  C:\Windows\System\osVYXSw.exe
  2⤵
  PID:6776
- C:\Windows\System\UbrcnhX.exe
  C:\Windows\System\UbrcnhX.exe
  2⤵
  PID:6796
- C:\Windows\System\IWPJHEV.exe
  C:\Windows\System\IWPJHEV.exe
  2⤵
  PID:6816
- C:\Windows\System\earoaHe.exe
  C:\Windows\System\earoaHe.exe
  2⤵
  PID:6836
- C:\Windows\System\JwAonah.exe
  C:\Windows\System\JwAonah.exe
  2⤵
  PID:6856
- C:\Windows\System\rTJBurk.exe
  C:\Windows\System\rTJBurk.exe
  2⤵
  PID:6876
- C:\Windows\System\sfOIAVx.exe
  C:\Windows\System\sfOIAVx.exe
  2⤵
  PID:6896
- C:\Windows\System\JscixKb.exe
  C:\Windows\System\JscixKb.exe
  2⤵
  PID:6916
- C:\Windows\System\mRokDGz.exe
  C:\Windows\System\mRokDGz.exe
  2⤵
  PID:6936
- C:\Windows\System\ykYFGzv.exe
  C:\Windows\System\ykYFGzv.exe
  2⤵
  PID:6956
- C:\Windows\System\ZPjFbOQ.exe
  C:\Windows\System\ZPjFbOQ.exe
  2⤵
  PID:6976
- C:\Windows\System\yTRiRYe.exe
  C:\Windows\System\yTRiRYe.exe
  2⤵
  PID:6996
- C:\Windows\System\AwuZTCt.exe
  C:\Windows\System\AwuZTCt.exe
  2⤵
  PID:7016
- C:\Windows\System\oJrdVRx.exe
  C:\Windows\System\oJrdVRx.exe
  2⤵
  PID:7036
- C:\Windows\System\hXwVkfZ.exe
  C:\Windows\System\hXwVkfZ.exe
  2⤵
  PID:7056
- C:\Windows\System\gFeITaL.exe
  C:\Windows\System\gFeITaL.exe
  2⤵
  PID:7072
- C:\Windows\System\XpwvKcH.exe
  C:\Windows\System\XpwvKcH.exe
  2⤵
  PID:7092
- C:\Windows\System\jlkjYVe.exe
  C:\Windows\System\jlkjYVe.exe
  2⤵
  PID:7112
- C:\Windows\System\IUPkGdO.exe
  C:\Windows\System\IUPkGdO.exe
  2⤵
  PID:7136
- C:\Windows\System\XXFQBMu.exe
  C:\Windows\System\XXFQBMu.exe
  2⤵
  PID:7156
- C:\Windows\System\lXgPWJQ.exe
  C:\Windows\System\lXgPWJQ.exe
  2⤵
  PID:5452
- C:\Windows\System\nYrhHeG.exe
  C:\Windows\System\nYrhHeG.exe
  2⤵
  PID:5252
- C:\Windows\System\TiYxrwO.exe
  C:\Windows\System\TiYxrwO.exe
  2⤵
  PID:5436
- C:\Windows\System\FBiILYU.exe
  C:\Windows\System\FBiILYU.exe
  2⤵
  PID:872
- C:\Windows\System\vRKgmlx.exe
  C:\Windows\System\vRKgmlx.exe
  2⤵
  PID:5988
- C:\Windows\System\ZkfMWeN.exe
  C:\Windows\System\ZkfMWeN.exe
  2⤵
  PID:6164
- C:\Windows\System\rModtUZ.exe
  C:\Windows\System\rModtUZ.exe
  2⤵
  PID:6172
- C:\Windows\System\aqxUiPD.exe
  C:\Windows\System\aqxUiPD.exe
  2⤵
  PID:6188
- C:\Windows\System\yFqHSLN.exe
  C:\Windows\System\yFqHSLN.exe
  2⤵
  PID:6252
- C:\Windows\System\MeUdnDS.exe
  C:\Windows\System\MeUdnDS.exe
  2⤵
  PID:6292
- C:\Windows\System\TtKiVeO.exe
  C:\Windows\System\TtKiVeO.exe
  2⤵
  PID:6324
- C:\Windows\System\BfVOazp.exe
  C:\Windows\System\BfVOazp.exe
  2⤵
  PID:6360
- C:\Windows\System\lOBMUxM.exe
  C:\Windows\System\lOBMUxM.exe
  2⤵
  PID:6368
- C:\Windows\System\PSQPjEz.exe
  C:\Windows\System\PSQPjEz.exe
  2⤵
  PID:6388
- C:\Windows\System\deHjNom.exe
  C:\Windows\System\deHjNom.exe
  2⤵
  PID:6448
- C:\Windows\System\ItdcPRs.exe
  C:\Windows\System\ItdcPRs.exe
  2⤵
  PID:6464
- C:\Windows\System\JxzLeKT.exe
  C:\Windows\System\JxzLeKT.exe
  2⤵
  PID:6524
- C:\Windows\System\CLFPdul.exe
  C:\Windows\System\CLFPdul.exe
  2⤵
  PID:6564
- C:\Windows\System\cHUqEoA.exe
  C:\Windows\System\cHUqEoA.exe
  2⤵
  PID:6548
- C:\Windows\System\iLLIXOx.exe
  C:\Windows\System\iLLIXOx.exe
  2⤵
  PID:6584
- C:\Windows\System\FkYAUlg.exe
  C:\Windows\System\FkYAUlg.exe
  2⤵
  PID:6648
- C:\Windows\System\ArNlvUi.exe
  C:\Windows\System\ArNlvUi.exe
  2⤵
  PID:6692
- C:\Windows\System\UMmcUMz.exe
  C:\Windows\System\UMmcUMz.exe
  2⤵
  PID:6704
- C:\Windows\System\cMTPElK.exe
  C:\Windows\System\cMTPElK.exe
  2⤵
  PID:6764
- C:\Windows\System\ahNxrNi.exe
  C:\Windows\System\ahNxrNi.exe
  2⤵
  PID:6748
- C:\Windows\System\HQlycGj.exe
  C:\Windows\System\HQlycGj.exe
  2⤵
  PID:6808
- C:\Windows\System\hRRUHSv.exe
  C:\Windows\System\hRRUHSv.exe
  2⤵
  PID:6852
- C:\Windows\System\VWOndPP.exe
  C:\Windows\System\VWOndPP.exe
  2⤵
  PID:6892
- C:\Windows\System\vusQECf.exe
  C:\Windows\System\vusQECf.exe
  2⤵
  PID:6924
- C:\Windows\System\SHnMing.exe
  C:\Windows\System\SHnMing.exe
  2⤵
  PID:6912
- C:\Windows\System\TTlEjBu.exe
  C:\Windows\System\TTlEjBu.exe
  2⤵
  PID:6948
- C:\Windows\System\YzYnXJZ.exe
  C:\Windows\System\YzYnXJZ.exe
  2⤵
  PID:6992
- C:\Windows\System\uAPqxny.exe
  C:\Windows\System\uAPqxny.exe
  2⤵
  PID:7024
- C:\Windows\System\zuslhvJ.exe
  C:\Windows\System\zuslhvJ.exe
  2⤵
  PID:7084
- C:\Windows\System\gmRgGcR.exe
  C:\Windows\System\gmRgGcR.exe
  2⤵
  PID:7132
- C:\Windows\System\uZQQFLS.exe
  C:\Windows\System\uZQQFLS.exe
  2⤵
  PID:7164
- C:\Windows\System\QKvkJgQ.exe
  C:\Windows\System\QKvkJgQ.exe
  2⤵
  PID:7144
- C:\Windows\System\zwndqEb.exe
  C:\Windows\System\zwndqEb.exe
  2⤵
  PID:5376
- C:\Windows\System\VwWkWlH.exe
  C:\Windows\System\VwWkWlH.exe
  2⤵
  PID:5888
- C:\Windows\System\HqLOhoD.exe
  C:\Windows\System\HqLOhoD.exe
  2⤵
  PID:6108
- C:\Windows\System\IQQhwpm.exe
  C:\Windows\System\IQQhwpm.exe
  2⤵
  PID:6184
- C:\Windows\System\WBvKczJ.exe
  C:\Windows\System\WBvKczJ.exe
  2⤵
  PID:6288
- C:\Windows\System\mzFxCLo.exe
  C:\Windows\System\mzFxCLo.exe
  2⤵
  PID:6372
- C:\Windows\System\kpFqAHJ.exe
  C:\Windows\System\kpFqAHJ.exe
  2⤵
  PID:6424
- C:\Windows\System\IdQVPWS.exe
  C:\Windows\System\IdQVPWS.exe
  2⤵
  PID:6392
- C:\Windows\System\KjDDfTY.exe
  C:\Windows\System\KjDDfTY.exe
  2⤵
  PID:6492
- C:\Windows\System\fKdsvqt.exe
  C:\Windows\System\fKdsvqt.exe
  2⤵
  PID:6588
- C:\Windows\System\IiqyXvC.exe
  C:\Windows\System\IiqyXvC.exe
  2⤵
  PID:6652
- C:\Windows\System\HyNarER.exe
  C:\Windows\System\HyNarER.exe
  2⤵
  PID:6608
- C:\Windows\System\AeVnfhz.exe
  C:\Windows\System\AeVnfhz.exe
  2⤵
  PID:6744
- C:\Windows\System\wYSFpTA.exe
  C:\Windows\System\wYSFpTA.exe
  2⤵
  PID:6684
- C:\Windows\System\rMvRnje.exe
  C:\Windows\System\rMvRnje.exe
  2⤵
  PID:6824
- C:\Windows\System\BKSQJmQ.exe
  C:\Windows\System\BKSQJmQ.exe
  2⤵
  PID:6864
- C:\Windows\System\XbMsqJE.exe
  C:\Windows\System\XbMsqJE.exe
  2⤵
  PID:6952
- C:\Windows\System\MngAKRg.exe
  C:\Windows\System\MngAKRg.exe
  2⤵
  PID:7012
- C:\Windows\System\kHLlcdZ.exe
  C:\Windows\System\kHLlcdZ.exe
  2⤵
  PID:6984
- C:\Windows\System\IBpsbMC.exe
  C:\Windows\System\IBpsbMC.exe
  2⤵
  PID:7120
- C:\Windows\System\yylzsJc.exe
  C:\Windows\System\yylzsJc.exe
  2⤵
  PID:5304
- C:\Windows\System\xQIVPCY.exe
  C:\Windows\System\xQIVPCY.exe
  2⤵
  PID:3064
- C:\Windows\System\CYWEXEc.exe
  C:\Windows\System\CYWEXEc.exe
  2⤵
  PID:6244
- C:\Windows\System\blAHHKn.exe
  C:\Windows\System\blAHHKn.exe
  2⤵
  PID:5808
- C:\Windows\System\CQaAdzK.exe
  C:\Windows\System\CQaAdzK.exe
  2⤵
  PID:6312
- C:\Windows\System\cVKpPyp.exe
  C:\Windows\System\cVKpPyp.exe
  2⤵
  PID:6280
- C:\Windows\System\ZbPbznd.exe
  C:\Windows\System\ZbPbznd.exe
  2⤵
  PID:6468
- C:\Windows\System\XyffHUd.exe
  C:\Windows\System\XyffHUd.exe
  2⤵
  PID:6432
- C:\Windows\System\RLwrIzr.exe
  C:\Windows\System\RLwrIzr.exe
  2⤵
  PID:6508
- C:\Windows\System\npxlgik.exe
  C:\Windows\System\npxlgik.exe
  2⤵
  PID:6828
- C:\Windows\System\mRKUilt.exe
  C:\Windows\System\mRKUilt.exe
  2⤵
  PID:6964
- C:\Windows\System\OkXOcen.exe
  C:\Windows\System\OkXOcen.exe
  2⤵
  PID:7028
- C:\Windows\System\gzXmFlO.exe
  C:\Windows\System\gzXmFlO.exe
  2⤵
  PID:6944
- C:\Windows\System\pmhyOcN.exe
  C:\Windows\System\pmhyOcN.exe
  2⤵
  PID:6232
- C:\Windows\System\nBFXJuc.exe
  C:\Windows\System\nBFXJuc.exe
  2⤵
  PID:7048
- C:\Windows\System\JDSECRo.exe
  C:\Windows\System\JDSECRo.exe
  2⤵
  PID:6612
- C:\Windows\System\TDVEsrH.exe
  C:\Windows\System\TDVEsrH.exe
  2⤵
  PID:6152
- C:\Windows\System\wFJpyGy.exe
  C:\Windows\System\wFJpyGy.exe
  2⤵
  PID:6628
- C:\Windows\System\hOZaWUm.exe
  C:\Windows\System\hOZaWUm.exe
  2⤵
  PID:7052
- C:\Windows\System\vEoOHKM.exe
  C:\Windows\System\vEoOHKM.exe
  2⤵
  PID:6832
- C:\Windows\System\JNXArZj.exe
  C:\Windows\System\JNXArZj.exe
  2⤵
  PID:5752
- C:\Windows\System\oFwSJqt.exe
  C:\Windows\System\oFwSJqt.exe
  2⤵
  PID:6968
- C:\Windows\System\SgzdhAk.exe
  C:\Windows\System\SgzdhAk.exe
  2⤵
  PID:6192
- C:\Windows\System\yNmgXbB.exe
  C:\Windows\System\yNmgXbB.exe
  2⤵
  PID:6988
- C:\Windows\System\GMZGRiW.exe
  C:\Windows\System\GMZGRiW.exe
  2⤵
  PID:6412
- C:\Windows\System\biZWlJN.exe
  C:\Windows\System\biZWlJN.exe
  2⤵
  PID:7180
- C:\Windows\System\sHarIIV.exe
  C:\Windows\System\sHarIIV.exe
  2⤵
  PID:7200
- C:\Windows\System\OzUQsyx.exe
  C:\Windows\System\OzUQsyx.exe
  2⤵
  PID:7216
- C:\Windows\System\nOZprqN.exe
  C:\Windows\System\nOZprqN.exe
  2⤵
  PID:7240
- C:\Windows\System\GxwdaBk.exe
  C:\Windows\System\GxwdaBk.exe
  2⤵
  PID:7260
- C:\Windows\System\gWqHOcr.exe
  C:\Windows\System\gWqHOcr.exe
  2⤵
  PID:7280
- C:\Windows\System\XSTNpQB.exe
  C:\Windows\System\XSTNpQB.exe
  2⤵
  PID:7300
- C:\Windows\System\FzyYsSh.exe
  C:\Windows\System\FzyYsSh.exe
  2⤵
  PID:7320
- C:\Windows\System\GxJsYeA.exe
  C:\Windows\System\GxJsYeA.exe
  2⤵
  PID:7344
- C:\Windows\System\ugIymEq.exe
  C:\Windows\System\ugIymEq.exe
  2⤵
  PID:7364
- C:\Windows\System\RfReYOc.exe
  C:\Windows\System\RfReYOc.exe
  2⤵
  PID:7384
- C:\Windows\System\NwILvtv.exe
  C:\Windows\System\NwILvtv.exe
  2⤵
  PID:7404
- C:\Windows\System\zLvTxqU.exe
  C:\Windows\System\zLvTxqU.exe
  2⤵
  PID:7424
- C:\Windows\System\jzsCzPE.exe
  C:\Windows\System\jzsCzPE.exe
  2⤵
  PID:7444
- C:\Windows\System\EWrcnwe.exe
  C:\Windows\System\EWrcnwe.exe
  2⤵
  PID:7464
- C:\Windows\System\ruuRNqE.exe
  C:\Windows\System\ruuRNqE.exe
  2⤵
  PID:7484
- C:\Windows\System\MDgKgGJ.exe
  C:\Windows\System\MDgKgGJ.exe
  2⤵
  PID:7504
- C:\Windows\System\RWskOBU.exe
  C:\Windows\System\RWskOBU.exe
  2⤵
  PID:7520
- C:\Windows\System\PUjiRNG.exe
  C:\Windows\System\PUjiRNG.exe
  2⤵
  PID:7544
- C:\Windows\System\kuCkLVR.exe
  C:\Windows\System\kuCkLVR.exe
  2⤵
  PID:7564
- C:\Windows\System\dionnfo.exe
  C:\Windows\System\dionnfo.exe
  2⤵
  PID:7584
- C:\Windows\System\DrbqkZK.exe
  C:\Windows\System\DrbqkZK.exe
  2⤵
  PID:7604
- C:\Windows\System\ViPGrcq.exe
  C:\Windows\System\ViPGrcq.exe
  2⤵
  PID:7624
- C:\Windows\System\xhGJuaa.exe
  C:\Windows\System\xhGJuaa.exe
  2⤵
  PID:7644
- C:\Windows\System\dvoFVNI.exe
  C:\Windows\System\dvoFVNI.exe
  2⤵
  PID:7664
- C:\Windows\System\wfziFzR.exe
  C:\Windows\System\wfziFzR.exe
  2⤵
  PID:7684
- C:\Windows\System\UsMEpOs.exe
  C:\Windows\System\UsMEpOs.exe
  2⤵
  PID:7704
- C:\Windows\System\IwAWTDj.exe
  C:\Windows\System\IwAWTDj.exe
  2⤵
  PID:7724
- C:\Windows\System\KkEbcok.exe
  C:\Windows\System\KkEbcok.exe
  2⤵
  PID:7744
- C:\Windows\System\eTgfiyu.exe
  C:\Windows\System\eTgfiyu.exe
  2⤵
  PID:7764
- C:\Windows\System\TzVNcMi.exe
  C:\Windows\System\TzVNcMi.exe
  2⤵
  PID:7784
- C:\Windows\System\KcSgWgy.exe
  C:\Windows\System\KcSgWgy.exe
  2⤵
  PID:7804
- C:\Windows\System\CoMYCbg.exe
  C:\Windows\System\CoMYCbg.exe
  2⤵
  PID:7828
- C:\Windows\System\HEWIyuf.exe
  C:\Windows\System\HEWIyuf.exe
  2⤵
  PID:7848
- C:\Windows\System\SIcXPDB.exe
  C:\Windows\System\SIcXPDB.exe
  2⤵
  PID:7868
- C:\Windows\System\obAAsFo.exe
  C:\Windows\System\obAAsFo.exe
  2⤵
  PID:7888
- C:\Windows\System\lxvrjYI.exe
  C:\Windows\System\lxvrjYI.exe
  2⤵
  PID:7908
- C:\Windows\System\SpOXNGI.exe
  C:\Windows\System\SpOXNGI.exe
  2⤵
  PID:7928
- C:\Windows\System\eCTAABi.exe
  C:\Windows\System\eCTAABi.exe
  2⤵
  PID:7948
- C:\Windows\System\gExVltB.exe
  C:\Windows\System\gExVltB.exe
  2⤵
  PID:7964
- C:\Windows\System\bRQqyDy.exe
  C:\Windows\System\bRQqyDy.exe
  2⤵
  PID:8000
- C:\Windows\System\mgmeRkm.exe
  C:\Windows\System\mgmeRkm.exe
  2⤵
  PID:8016
- C:\Windows\System\bcFvmce.exe
  C:\Windows\System\bcFvmce.exe
  2⤵
  PID:8032
- C:\Windows\System\sfJFjTT.exe
  C:\Windows\System\sfJFjTT.exe
  2⤵
  PID:8048
- C:\Windows\System\grEkCbX.exe
  C:\Windows\System\grEkCbX.exe
  2⤵
  PID:8080
- C:\Windows\System\VaTpQVd.exe
  C:\Windows\System\VaTpQVd.exe
  2⤵
  PID:8096
- C:\Windows\System\BiJsOld.exe
  C:\Windows\System\BiJsOld.exe
  2⤵
  PID:8112
- C:\Windows\System\DhODkHo.exe
  C:\Windows\System\DhODkHo.exe
  2⤵
  PID:8132
- C:\Windows\System\eASKqzC.exe
  C:\Windows\System\eASKqzC.exe
  2⤵
  PID:8152
- C:\Windows\System\SaGlBkD.exe
  C:\Windows\System\SaGlBkD.exe
  2⤵
  PID:8172
- C:\Windows\System\ehfgQUJ.exe
  C:\Windows\System\ehfgQUJ.exe
  2⤵
  PID:7088
- C:\Windows\System\ShOuIHo.exe
  C:\Windows\System\ShOuIHo.exe
  2⤵
  PID:6784
- C:\Windows\System\UdzKWjt.exe
  C:\Windows\System\UdzKWjt.exe
  2⤵
  PID:2184
- C:\Windows\System\ajqknZF.exe
  C:\Windows\System\ajqknZF.exe
  2⤵
  PID:4080
- C:\Windows\System\rtdFvGx.exe
  C:\Windows\System\rtdFvGx.exe
  2⤵
  PID:6604
- C:\Windows\System\CtPrDqI.exe
  C:\Windows\System\CtPrDqI.exe
  2⤵
  PID:7256
- C:\Windows\System\IljRAhu.exe
  C:\Windows\System\IljRAhu.exe
  2⤵
  PID:7192
- C:\Windows\System\IuswWfM.exe
  C:\Windows\System\IuswWfM.exe
  2⤵
  PID:7292
- C:\Windows\System\KZZDlBr.exe
  C:\Windows\System\KZZDlBr.exe
  2⤵
  PID:7236
- C:\Windows\System\yMBukQt.exe
  C:\Windows\System\yMBukQt.exe
  2⤵
  PID:7276
- C:\Windows\System\AqlAokY.exe
  C:\Windows\System\AqlAokY.exe
  2⤵
  PID:2312
- C:\Windows\System\oZjOdQc.exe
  C:\Windows\System\oZjOdQc.exe
  2⤵
  PID:7352
- C:\Windows\System\SVgNsyN.exe
  C:\Windows\System\SVgNsyN.exe
  2⤵
  PID:7412
- C:\Windows\System\yvTlcfv.exe
  C:\Windows\System\yvTlcfv.exe
  2⤵
  PID:7432
- C:\Windows\System\dUlIWdF.exe
  C:\Windows\System\dUlIWdF.exe
  2⤵
  PID:7492
- C:\Windows\System\uLUkKwv.exe
  C:\Windows\System\uLUkKwv.exe
  2⤵
  PID:7472
- C:\Windows\System\WYymiCC.exe
  C:\Windows\System\WYymiCC.exe
  2⤵
  PID:7528
- C:\Windows\System\NqJyfXt.exe
  C:\Windows\System\NqJyfXt.exe
  2⤵
  PID:2776
- C:\Windows\System\BpUGGLy.exe
  C:\Windows\System\BpUGGLy.exe
  2⤵
  PID:7556
- C:\Windows\System\wpeParg.exe
  C:\Windows\System\wpeParg.exe
  2⤵
  PID:7576
- C:\Windows\System\OjKFVWJ.exe
  C:\Windows\System\OjKFVWJ.exe
  2⤵
  PID:7616
- C:\Windows\System\DwRRzuT.exe
  C:\Windows\System\DwRRzuT.exe
  2⤵
  PID:3260
- C:\Windows\System\ticVKRC.exe
  C:\Windows\System\ticVKRC.exe
  2⤵
  PID:1308
- C:\Windows\System\ddNLQUv.exe
  C:\Windows\System\ddNLQUv.exe
  2⤵
  PID:7636
- C:\Windows\System\cbLrXuV.exe
  C:\Windows\System\cbLrXuV.exe
  2⤵
  PID:7692
- C:\Windows\System\qQErVgj.exe
  C:\Windows\System\qQErVgj.exe
  2⤵
  PID:7680
- C:\Windows\System\rRvCGAS.exe
  C:\Windows\System\rRvCGAS.exe
  2⤵
  PID:7732
- C:\Windows\System\rMnnpdL.exe
  C:\Windows\System\rMnnpdL.exe
  2⤵
  PID:7720
- C:\Windows\System\hHvkFsF.exe
  C:\Windows\System\hHvkFsF.exe
  2⤵
  PID:7776
- C:\Windows\System\EsRXtor.exe
  C:\Windows\System\EsRXtor.exe
  2⤵
  PID:7756
- C:\Windows\System\eETynej.exe
  C:\Windows\System\eETynej.exe
  2⤵
  PID:7800
- C:\Windows\System\GHoGjpj.exe
  C:\Windows\System\GHoGjpj.exe
  2⤵
  PID:7836
- C:\Windows\System\fnWnXOT.exe
  C:\Windows\System\fnWnXOT.exe
  2⤵
  PID:1944
- C:\Windows\System\vtFMVTQ.exe
  C:\Windows\System\vtFMVTQ.exe
  2⤵
  PID:2364
- C:\Windows\System\CHnlaoe.exe
  C:\Windows\System\CHnlaoe.exe
  2⤵
  PID:7896
- C:\Windows\System\PSNVFqx.exe
  C:\Windows\System\PSNVFqx.exe
  2⤵
  PID:7960
- C:\Windows\System\EorwOOg.exe
  C:\Windows\System\EorwOOg.exe
  2⤵
  PID:2680
- C:\Windows\System\NrDvySy.exe
  C:\Windows\System\NrDvySy.exe
  2⤵
  PID:4860
- C:\Windows\System\ivipZxF.exe
  C:\Windows\System\ivipZxF.exe
  2⤵
  PID:1224
- C:\Windows\System\mogyeES.exe
  C:\Windows\System\mogyeES.exe
  2⤵
  PID:8012
- C:\Windows\System\dNlDeCx.exe
  C:\Windows\System\dNlDeCx.exe
  2⤵
  PID:1480
- C:\Windows\System\LFUaQss.exe
  C:\Windows\System\LFUaQss.exe
  2⤵
  PID:2864
- C:\Windows\System\WokcpSX.exe
  C:\Windows\System\WokcpSX.exe
  2⤵
  PID:8068
- C:\Windows\System\lzizsuy.exe
  C:\Windows\System\lzizsuy.exe
  2⤵
  PID:8072
- C:\Windows\System\mZhxiCk.exe
  C:\Windows\System\mZhxiCk.exe
  2⤵
  PID:8144
- C:\Windows\System\pMJQUep.exe
  C:\Windows\System\pMJQUep.exe
  2⤵
  PID:1452
- C:\Windows\System\rxLgXGy.exe
  C:\Windows\System\rxLgXGy.exe
  2⤵
  PID:8124
- C:\Windows\System\GEhFuzC.exe
  C:\Windows\System\GEhFuzC.exe
  2⤵
  PID:2720
- C:\Windows\System\LMVJWXd.exe
  C:\Windows\System\LMVJWXd.exe
  2⤵
  PID:6728
- C:\Windows\System\HmsSCWc.exe
  C:\Windows\System\HmsSCWc.exe
  2⤵
  PID:7100
- C:\Windows\System\mlzJroj.exe
  C:\Windows\System\mlzJroj.exe
  2⤵
  PID:7228
- C:\Windows\System\QCggJna.exe
  C:\Windows\System\QCggJna.exe
  2⤵
  PID:7376
- C:\Windows\System\nnylKEH.exe
  C:\Windows\System\nnylKEH.exe
  2⤵
  PID:7512
- C:\Windows\System\fcmWFmH.exe
  C:\Windows\System\fcmWFmH.exe
  2⤵
  PID:7592
- C:\Windows\System\ohTDyvJ.exe
  C:\Windows\System\ohTDyvJ.exe
  2⤵
  PID:7620
- C:\Windows\System\JkhRbaS.exe
  C:\Windows\System\JkhRbaS.exe
  2⤵
  PID:7212
- C:\Windows\System\QZgdTGl.exe
  C:\Windows\System\QZgdTGl.exe
  2⤵
  PID:1728
- C:\Windows\System\pZmYdeC.exe
  C:\Windows\System\pZmYdeC.exe
  2⤵
  PID:2872
- C:\Windows\System\VorqEMx.exe
  C:\Windows\System\VorqEMx.exe
  2⤵
  PID:7812
- C:\Windows\System\FCsOrMr.exe
  C:\Windows\System\FCsOrMr.exe
  2⤵
  PID:7792
- C:\Windows\System\pSzSxXC.exe
  C:\Windows\System\pSzSxXC.exe
  2⤵
  PID:2656
- C:\Windows\System\uUuTzYx.exe
  C:\Windows\System\uUuTzYx.exe
  2⤵
  PID:1912
- C:\Windows\System\AXyBVyb.exe
  C:\Windows\System\AXyBVyb.exe
  2⤵
  PID:7436
- C:\Windows\System\lXOrxof.exe
  C:\Windows\System\lXOrxof.exe
  2⤵
  PID:2464
- C:\Windows\System\CQksMRS.exe
  C:\Windows\System\CQksMRS.exe
  2⤵
  PID:396
- C:\Windows\System\zUILVOE.exe
  C:\Windows\System\zUILVOE.exe
  2⤵
  PID:7640
- C:\Windows\System\zHTKpyA.exe
  C:\Windows\System\zHTKpyA.exe
  2⤵
  PID:1240
- C:\Windows\System\cDYJLlu.exe
  C:\Windows\System\cDYJLlu.exe
  2⤵
  PID:7944
- C:\Windows\System\EjcMBQr.exe
  C:\Windows\System\EjcMBQr.exe
  2⤵
  PID:1028
- C:\Windows\System\KWigQxk.exe
  C:\Windows\System\KWigQxk.exe
  2⤵
  PID:2108
- C:\Windows\System\HQFOqGN.exe
  C:\Windows\System\HQFOqGN.exe
  2⤵
  PID:2660
- C:\Windows\System\ayjcDrk.exe
  C:\Windows\System\ayjcDrk.exe
  2⤵
  PID:8104
- C:\Windows\System\BvwERLO.exe
  C:\Windows\System\BvwERLO.exe
  2⤵
  PID:8120
- C:\Windows\System\FbrFttE.exe
  C:\Windows\System\FbrFttE.exe
  2⤵
  PID:7476
- C:\Windows\System\ExRpeGf.exe
  C:\Windows\System\ExRpeGf.exe
  2⤵
  PID:7988
- C:\Windows\System\wAlGgfA.exe
  C:\Windows\System\wAlGgfA.exe
  2⤵
  PID:764
- C:\Windows\System\RNZrOwP.exe
  C:\Windows\System\RNZrOwP.exe
  2⤵
  PID:7772
- C:\Windows\System\jArbpTn.exe
  C:\Windows\System\jArbpTn.exe
  2⤵
  PID:7864
- C:\Windows\System\pXmOUCh.exe
  C:\Windows\System\pXmOUCh.exe
  2⤵
  PID:7128
- C:\Windows\System\iXHpUOj.exe
  C:\Windows\System\iXHpUOj.exe
  2⤵
  PID:2908
- C:\Windows\System\wspvzqO.exe
  C:\Windows\System\wspvzqO.exe
  2⤵
  PID:1152
- C:\Windows\System\ZxJILSy.exe
  C:\Windows\System\ZxJILSy.exe
  2⤵
  PID:7900
- C:\Windows\System\wuhRuwz.exe
  C:\Windows\System\wuhRuwz.exe
  2⤵
  PID:7916
- C:\Windows\System\dLAllGo.exe
  C:\Windows\System\dLAllGo.exe
  2⤵
  PID:7340
- C:\Windows\System\UsffAqX.exe
  C:\Windows\System\UsffAqX.exe
  2⤵
  PID:7920
- C:\Windows\System\SktWoro.exe
  C:\Windows\System\SktWoro.exe
  2⤵
  PID:2388
- C:\Windows\System\gLHkgZm.exe
  C:\Windows\System\gLHkgZm.exe
  2⤵
  PID:2472
- C:\Windows\System\YPasmpO.exe
  C:\Windows\System\YPasmpO.exe
  2⤵
  PID:7656
- C:\Windows\System\bFGLIWG.exe
  C:\Windows\System\bFGLIWG.exe
  2⤵
  PID:2208
- C:\Windows\System\upYhjFB.exe
  C:\Windows\System\upYhjFB.exe
  2⤵
  PID:7312
- C:\Windows\System\FtFERBY.exe
  C:\Windows\System\FtFERBY.exe
  2⤵
  PID:8056
- C:\Windows\System\vsHctQG.exe
  C:\Windows\System\vsHctQG.exe
  2⤵
  PID:7840
- C:\Windows\System\ENjJUik.exe
  C:\Windows\System\ENjJUik.exe
  2⤵
  PID:2536
- C:\Windows\System\lNWMzDV.exe
  C:\Windows\System\lNWMzDV.exe
  2⤵
  PID:7956
- C:\Windows\System\DRpnOEG.exe
  C:\Windows\System\DRpnOEG.exe
  2⤵
  PID:2020
- C:\Windows\System\SYLNqfg.exe
  C:\Windows\System\SYLNqfg.exe
  2⤵
  PID:7380
- C:\Windows\System\DhBfjsY.exe
  C:\Windows\System\DhBfjsY.exe
  2⤵
  PID:7272
- C:\Windows\System\tPfGIUZ.exe
  C:\Windows\System\tPfGIUZ.exe
  2⤵
  PID:2044
- C:\Windows\System\USIKEib.exe
  C:\Windows\System\USIKEib.exe
  2⤵
  PID:7416
- C:\Windows\System\tzQgRQD.exe
  C:\Windows\System\tzQgRQD.exe
  2⤵
  PID:8092
- C:\Windows\System\metwSln.exe
  C:\Windows\System\metwSln.exe
  2⤵
  PID:7940
- C:\Windows\System\JrZgNpG.exe
  C:\Windows\System\JrZgNpG.exe
  2⤵
  PID:7172
- C:\Windows\System\WaADqrd.exe
  C:\Windows\System\WaADqrd.exe
  2⤵
  PID:6528
- C:\Windows\System\POpkXIB.exe
  C:\Windows\System\POpkXIB.exe
  2⤵
  PID:8060
- C:\Windows\System\iBYFaua.exe
  C:\Windows\System\iBYFaua.exe
  2⤵
  PID:320
- C:\Windows\System\uqLUOMe.exe
  C:\Windows\System\uqLUOMe.exe
  2⤵
  PID:7440
- C:\Windows\System\umjlsMK.exe
  C:\Windows\System\umjlsMK.exe
  2⤵
  PID:8140
- C:\Windows\System\UlbrUZO.exe
  C:\Windows\System\UlbrUZO.exe
  2⤵
  PID:4072
- C:\Windows\System\MrpSkbQ.exe
  C:\Windows\System\MrpSkbQ.exe
  2⤵
  PID:1860
- C:\Windows\System\ViBolVj.exe
  C:\Windows\System\ViBolVj.exe
  2⤵
  PID:7596
- C:\Windows\System\HDFlSmu.exe
  C:\Windows\System\HDFlSmu.exe
  2⤵
  PID:2372
- C:\Windows\System\jsLjaCC.exe
  C:\Windows\System\jsLjaCC.exe
  2⤵
  PID:7884
- C:\Windows\System\VHzKpAF.exe
  C:\Windows\System\VHzKpAF.exe
  2⤵
  PID:8208
- C:\Windows\System\oCTIJrL.exe
  C:\Windows\System\oCTIJrL.exe
  2⤵
  PID:8228
- C:\Windows\System\IcGaCvu.exe
  C:\Windows\System\IcGaCvu.exe
  2⤵
  PID:8244
- C:\Windows\System\ssvMHFN.exe
  C:\Windows\System\ssvMHFN.exe
  2⤵
  PID:8264
- C:\Windows\System\mcDooBa.exe
  C:\Windows\System\mcDooBa.exe
  2⤵
  PID:8284
- C:\Windows\System\mXpGkuM.exe
  C:\Windows\System\mXpGkuM.exe
  2⤵
  PID:8328
- C:\Windows\System\kqCqjxt.exe
  C:\Windows\System\kqCqjxt.exe
  2⤵
  PID:8348
- C:\Windows\System\CwkxGvD.exe
  C:\Windows\System\CwkxGvD.exe
  2⤵
  PID:8368
- C:\Windows\System\VEdXsYk.exe
  C:\Windows\System\VEdXsYk.exe
  2⤵
  PID:8384
- C:\Windows\System\AkAUHOL.exe
  C:\Windows\System\AkAUHOL.exe
  2⤵
  PID:8400
- C:\Windows\System\GnHwdVb.exe
  C:\Windows\System\GnHwdVb.exe
  2⤵
  PID:8420
- C:\Windows\System\JJvKdiC.exe
  C:\Windows\System\JJvKdiC.exe
  2⤵
  PID:8436
- C:\Windows\System\PiAhgws.exe
  C:\Windows\System\PiAhgws.exe
  2⤵
  PID:8456
- C:\Windows\System\qaUCABx.exe
  C:\Windows\System\qaUCABx.exe
  2⤵
  PID:8476
- C:\Windows\System\wKPwhTd.exe
  C:\Windows\System\wKPwhTd.exe
  2⤵
  PID:8492
- C:\Windows\System\qMxvOXZ.exe
  C:\Windows\System\qMxvOXZ.exe
  2⤵
  PID:8508
- C:\Windows\System\HJyQqjv.exe
  C:\Windows\System\HJyQqjv.exe
  2⤵
  PID:8524
- C:\Windows\System\yrWRuYu.exe
  C:\Windows\System\yrWRuYu.exe
  2⤵
  PID:8540
- C:\Windows\System\opcdOQW.exe
  C:\Windows\System\opcdOQW.exe
  2⤵
  PID:8560
- C:\Windows\System\HBLEXFX.exe
  C:\Windows\System\HBLEXFX.exe
  2⤵
  PID:8576
- C:\Windows\System\OhgxxRs.exe
  C:\Windows\System\OhgxxRs.exe
  2⤵
  PID:8592
- C:\Windows\System\AUTMByt.exe
  C:\Windows\System\AUTMByt.exe
  2⤵
  PID:8608
- C:\Windows\System\SOioFOe.exe
  C:\Windows\System\SOioFOe.exe
  2⤵
  PID:8624
- C:\Windows\System\EjsTpxt.exe
  C:\Windows\System\EjsTpxt.exe
  2⤵
  PID:8640
- C:\Windows\System\LOcNXEW.exe
  C:\Windows\System\LOcNXEW.exe
  2⤵
  PID:8656
- C:\Windows\System\UDyVypW.exe
  C:\Windows\System\UDyVypW.exe
  2⤵
  PID:8672
- C:\Windows\System\bRMlKDT.exe
  C:\Windows\System\bRMlKDT.exe
  2⤵
  PID:8688
- C:\Windows\System\SBnbJrC.exe
  C:\Windows\System\SBnbJrC.exe
  2⤵
  PID:8728
- C:\Windows\System\dXkvNkw.exe
  C:\Windows\System\dXkvNkw.exe
  2⤵
  PID:8744
- C:\Windows\System\YnquTKY.exe
  C:\Windows\System\YnquTKY.exe
  2⤵
  PID:8776
- C:\Windows\System\dbdIyzw.exe
  C:\Windows\System\dbdIyzw.exe
  2⤵
  PID:8792
- C:\Windows\System\GpawznC.exe
  C:\Windows\System\GpawznC.exe
  2⤵
  PID:8816
- C:\Windows\System\Mtcbgjl.exe
  C:\Windows\System\Mtcbgjl.exe
  2⤵
  PID:8836
- C:\Windows\System\kmoDEyf.exe
  C:\Windows\System\kmoDEyf.exe
  2⤵
  PID:8852
- C:\Windows\System\DioXjeQ.exe
  C:\Windows\System\DioXjeQ.exe
  2⤵
  PID:8928
- C:\Windows\System\FeNKZYC.exe
  C:\Windows\System\FeNKZYC.exe
  2⤵
  PID:8944
- C:\Windows\System\exWZMTZ.exe
  C:\Windows\System\exWZMTZ.exe
  2⤵
  PID:8968
- C:\Windows\System\MoifbAT.exe
  C:\Windows\System\MoifbAT.exe
  2⤵
  PID:8988
- C:\Windows\System\hlbXFoG.exe
  C:\Windows\System\hlbXFoG.exe
  2⤵
  PID:9012
- C:\Windows\System\TpQSIfT.exe
  C:\Windows\System\TpQSIfT.exe
  2⤵
  PID:9028
- C:\Windows\System\oWPrClJ.exe
  C:\Windows\System\oWPrClJ.exe
  2⤵
  PID:9048
- C:\Windows\System\aXRCPKt.exe
  C:\Windows\System\aXRCPKt.exe
  2⤵
  PID:9064
- C:\Windows\System\YlQcpHg.exe
  C:\Windows\System\YlQcpHg.exe
  2⤵
  PID:9080
- C:\Windows\System\eoGfQWS.exe
  C:\Windows\System\eoGfQWS.exe
  2⤵
  PID:9096
- C:\Windows\System\nHBhjWn.exe
  C:\Windows\System\nHBhjWn.exe
  2⤵
  PID:9120
- C:\Windows\System\GmPdCcj.exe
  C:\Windows\System\GmPdCcj.exe
  2⤵
  PID:9140
- C:\Windows\System\gpudtXP.exe
  C:\Windows\System\gpudtXP.exe
  2⤵
  PID:9164
- C:\Windows\System\wRDnHyx.exe
  C:\Windows\System\wRDnHyx.exe
  2⤵
  PID:9180
- C:\Windows\System\NqpUzeb.exe
  C:\Windows\System\NqpUzeb.exe
  2⤵
  PID:9196
- C:\Windows\System\yzGiBDD.exe
  C:\Windows\System\yzGiBDD.exe
  2⤵
  PID:9212
- C:\Windows\System\eSNZXNN.exe
  C:\Windows\System\eSNZXNN.exe
  2⤵
  PID:8272
- C:\Windows\System\SZkkvHE.exe
  C:\Windows\System\SZkkvHE.exe
  2⤵
  PID:7356
- C:\Windows\System\iNpIDlO.exe
  C:\Windows\System\iNpIDlO.exe
  2⤵
  PID:7248
- C:\Windows\System\JqCSrzV.exe
  C:\Windows\System\JqCSrzV.exe
  2⤵
  PID:8252
- C:\Windows\System\ycOrhOG.exe
  C:\Windows\System\ycOrhOG.exe
  2⤵
  PID:8300
- C:\Windows\System\MiZeFrq.exe
  C:\Windows\System\MiZeFrq.exe
  2⤵
  PID:8324
- C:\Windows\System\DXSXcfO.exe
  C:\Windows\System\DXSXcfO.exe
  2⤵
  PID:8360
- C:\Windows\System\LLrZGfA.exe
  C:\Windows\System\LLrZGfA.exe
  2⤵
  PID:8416
- C:\Windows\System\BShlbxR.exe
  C:\Windows\System\BShlbxR.exe
  2⤵
  PID:8484
- C:\Windows\System\pZoULVC.exe
  C:\Windows\System\pZoULVC.exe
  2⤵
  PID:8548
- C:\Windows\System\RazqYYV.exe
  C:\Windows\System\RazqYYV.exe
  2⤵
  PID:8428
- C:\Windows\System\VEjfFlv.exe
  C:\Windows\System\VEjfFlv.exe
  2⤵
  PID:8364
- C:\Windows\System\HkVurkE.exe
  C:\Windows\System\HkVurkE.exe
  2⤵
  PID:8568
- C:\Windows\System\DTDeKwc.exe
  C:\Windows\System\DTDeKwc.exe
  2⤵
  PID:8636
- C:\Windows\System\VCWwBhH.exe
  C:\Windows\System\VCWwBhH.exe
  2⤵
  PID:8652
- C:\Windows\System\ykVCbXE.exe
  C:\Windows\System\ykVCbXE.exe
  2⤵
  PID:8704
- C:\Windows\System\QdLjkSq.exe
  C:\Windows\System\QdLjkSq.exe
  2⤵
  PID:8720
- C:\Windows\System\YdNnLcy.exe
  C:\Windows\System\YdNnLcy.exe
  2⤵
  PID:8756
- C:\Windows\System\iYpptLo.exe
  C:\Windows\System\iYpptLo.exe
  2⤵
  PID:8768
- C:\Windows\System\aXAOkQA.exe
  C:\Windows\System\aXAOkQA.exe
  2⤵
  PID:8812
- C:\Windows\System\iMnKpFi.exe
  C:\Windows\System\iMnKpFi.exe
  2⤵
  PID:8832
- C:\Windows\System\DdDEPyC.exe
  C:\Windows\System\DdDEPyC.exe
  2⤵
  PID:8872
- C:\Windows\System\ispBbRe.exe
  C:\Windows\System\ispBbRe.exe
  2⤵
  PID:8880
- C:\Windows\System\RgaBIrU.exe
  C:\Windows\System\RgaBIrU.exe
  2⤵
  PID:8896
- C:\Windows\System\HtfZBpU.exe
  C:\Windows\System\HtfZBpU.exe
  2⤵
  PID:8956
- C:\Windows\System\sGpmwrd.exe
  C:\Windows\System\sGpmwrd.exe
  2⤵
  PID:8996
- C:\Windows\System\CiUpgCd.exe
  C:\Windows\System\CiUpgCd.exe
  2⤵
  PID:9004
- C:\Windows\System\DmeQZvZ.exe
  C:\Windows\System\DmeQZvZ.exe
  2⤵
  PID:9040
- C:\Windows\System\FerLnct.exe
  C:\Windows\System\FerLnct.exe
  2⤵
  PID:9044
- C:\Windows\System\sUGvGQn.exe
  C:\Windows\System\sUGvGQn.exe
  2⤵
  PID:9136
- C:\Windows\System\wSoIzbN.exe
  C:\Windows\System\wSoIzbN.exe
  2⤵
  PID:9112
- C:\Windows\System\vtoPmyt.exe
  C:\Windows\System\vtoPmyt.exe
  2⤵
  PID:9204
- C:\Windows\System\AqiYgkt.exe
  C:\Windows\System\AqiYgkt.exe
  2⤵
  PID:9160
- C:\Windows\System\UYNYKDZ.exe
  C:\Windows\System\UYNYKDZ.exe
  2⤵
  PID:760
- C:\Windows\System\zPyRoAk.exe
  C:\Windows\System\zPyRoAk.exe
  2⤵
  PID:8188
- C:\Windows\System\MgBkgnW.exe
  C:\Windows\System\MgBkgnW.exe
  2⤵
  PID:8216
- C:\Windows\System\ZiZdonp.exe
  C:\Windows\System\ZiZdonp.exe
  2⤵
  PID:8316
- C:\Windows\System\pGhiCDf.exe
  C:\Windows\System\pGhiCDf.exe
  2⤵
  PID:8392
- C:\Windows\System\TFdSppJ.exe
  C:\Windows\System\TFdSppJ.exe
  2⤵
  PID:8604
- C:\Windows\System\SHFZJPk.exe
  C:\Windows\System\SHFZJPk.exe
  2⤵
  PID:8700
- C:\Windows\System\MglPSPy.exe
  C:\Windows\System\MglPSPy.exe
  2⤵
  PID:8616
- C:\Windows\System\RFIsQxi.exe
  C:\Windows\System\RFIsQxi.exe
  2⤵
  PID:8356
- C:\Windows\System\YsrvfFD.exe
  C:\Windows\System\YsrvfFD.exe
  2⤵
  PID:8716
- C:\Windows\System\dqFiCgU.exe
  C:\Windows\System\dqFiCgU.exe
  2⤵
  PID:8556
- C:\Windows\System\uTeXqZn.exe
  C:\Windows\System\uTeXqZn.exe
  2⤵
  PID:8800
- C:\Windows\System\oBhMJkp.exe
  C:\Windows\System\oBhMJkp.exe
  2⤵
  PID:8888
- C:\Windows\System\OpmbuTS.exe
  C:\Windows\System\OpmbuTS.exe
  2⤵
  PID:8788
- C:\Windows\System\JvRlILw.exe
  C:\Windows\System\JvRlILw.exe
  2⤵
  PID:8864
- C:\Windows\System\RwtkbRQ.exe
  C:\Windows\System\RwtkbRQ.exe
  2⤵
  PID:8936
- C:\Windows\System\kfiaWgM.exe
  C:\Windows\System\kfiaWgM.exe
  2⤵
  PID:9024
- C:\Windows\System\OpKUHIJ.exe
  C:\Windows\System\OpKUHIJ.exe
  2⤵
  PID:9000
- C:\Windows\System\AtgUTBa.exe
  C:\Windows\System\AtgUTBa.exe
  2⤵
  PID:9148
- C:\Windows\System\oPTqtuj.exe
  C:\Windows\System\oPTqtuj.exe
  2⤵
  PID:9108
- C:\Windows\System\zfHNKfH.exe
  C:\Windows\System\zfHNKfH.exe
  2⤵
  PID:9104
- C:\Windows\System\NkWjhLG.exe
  C:\Windows\System\NkWjhLG.exe
  2⤵
  PID:8148
- C:\Windows\System\FHGakwq.exe
  C:\Windows\System\FHGakwq.exe
  2⤵
  PID:8308
- C:\Windows\System\uVHObyq.exe
  C:\Windows\System\uVHObyq.exe
  2⤵
  PID:8296
- C:\Windows\System\OuBulQt.exe
  C:\Windows\System\OuBulQt.exe
  2⤵
  PID:8632
- C:\Windows\System\OIFZGNh.exe
  C:\Windows\System\OIFZGNh.exe
  2⤵
  PID:8620
- C:\Windows\System\towsCna.exe
  C:\Windows\System\towsCna.exe
  2⤵
  PID:8504
- C:\Windows\System\lmhSsBn.exe
  C:\Windows\System\lmhSsBn.exe
  2⤵
  PID:8536
- C:\Windows\System\GcaZlfF.exe
  C:\Windows\System\GcaZlfF.exe
  2⤵
  PID:8736
- C:\Windows\System\FdrrPvo.exe
  C:\Windows\System\FdrrPvo.exe
  2⤵
  PID:8784
- C:\Windows\System\kiWictv.exe
  C:\Windows\System\kiWictv.exe
  2⤵
  PID:8952
- C:\Windows\System\tjchgjX.exe
  C:\Windows\System\tjchgjX.exe
  2⤵
  PID:8412
- C:\Windows\System\lDCxgqz.exe
  C:\Windows\System\lDCxgqz.exe
  2⤵
  PID:9056
- C:\Windows\System\zujgXEe.exe
  C:\Windows\System\zujgXEe.exe
  2⤵
  PID:9172
- C:\Windows\System\yzbuYtY.exe
  C:\Windows\System\yzbuYtY.exe
  2⤵
  PID:8712
- C:\Windows\System\gOiTImU.exe
  C:\Windows\System\gOiTImU.exe
  2⤵
  PID:8908
- C:\Windows\System\TGkOGTK.exe
  C:\Windows\System\TGkOGTK.exe
  2⤵
  PID:8684
- C:\Windows\System\rYlveDI.exe
  C:\Windows\System\rYlveDI.exe
  2⤵
  PID:8976
- C:\Windows\System\VWEUiJa.exe
  C:\Windows\System\VWEUiJa.exe
  2⤵
  PID:9088
- C:\Windows\System\FswHQtP.exe
  C:\Windows\System\FswHQtP.exe
  2⤵
  PID:8224
- C:\Windows\System\AcCbbWq.exe
  C:\Windows\System\AcCbbWq.exe
  2⤵
  PID:9156
- C:\Windows\System\qYzEqXz.exe
  C:\Windows\System\qYzEqXz.exe
  2⤵
  PID:8516
- C:\Windows\System\RtYLsOu.exe
  C:\Windows\System\RtYLsOu.exe
  2⤵
  PID:8724
- C:\Windows\System\yJWndEs.exe
  C:\Windows\System\yJWndEs.exe
  2⤵
  PID:8916
- C:\Windows\System\eiQtVJI.exe
  C:\Windows\System\eiQtVJI.exe
  2⤵
  PID:8236
- C:\Windows\System\XeNxhJc.exe
  C:\Windows\System\XeNxhJc.exe
  2⤵
  PID:8984
- C:\Windows\System\tXzlrji.exe
  C:\Windows\System\tXzlrji.exe
  2⤵
  PID:8468
- C:\Windows\System\goNtUEY.exe
  C:\Windows\System\goNtUEY.exe
  2⤵
  PID:8760
- C:\Windows\System\pLhIixQ.exe
  C:\Windows\System\pLhIixQ.exe
  2⤵
  PID:8912
- C:\Windows\System\qiDjVTF.exe
  C:\Windows\System\qiDjVTF.exe
  2⤵
  PID:8824
- C:\Windows\System\DkqAeuQ.exe
  C:\Windows\System\DkqAeuQ.exe
  2⤵
  PID:8552
- C:\Windows\System\NohIByi.exe
  C:\Windows\System\NohIByi.exe
  2⤵
  PID:9228
- C:\Windows\System\OAngVBE.exe
  C:\Windows\System\OAngVBE.exe
  2⤵
  PID:9256
- C:\Windows\System\qfKbaym.exe
  C:\Windows\System\qfKbaym.exe
  2⤵
  PID:9276
- C:\Windows\System\TLlhWkh.exe
  C:\Windows\System\TLlhWkh.exe
  2⤵
  PID:9292
- C:\Windows\System\lMpIEUZ.exe
  C:\Windows\System\lMpIEUZ.exe
  2⤵
  PID:9308
- C:\Windows\System\ECyzNZW.exe
  C:\Windows\System\ECyzNZW.exe
  2⤵
  PID:9332
- C:\Windows\System\jTNunHs.exe
  C:\Windows\System\jTNunHs.exe
  2⤵
  PID:9348
- C:\Windows\System\QJlKtEG.exe
  C:\Windows\System\QJlKtEG.exe
  2⤵
  PID:9368
- C:\Windows\System\Qzidwgu.exe
  C:\Windows\System\Qzidwgu.exe
  2⤵
  PID:9384
- C:\Windows\System\ehAZiKH.exe
  C:\Windows\System\ehAZiKH.exe
  2⤵
  PID:9400
- C:\Windows\System\UNWgmFi.exe
  C:\Windows\System\UNWgmFi.exe
  2⤵
  PID:9416
- C:\Windows\System\lqRYhpr.exe
  C:\Windows\System\lqRYhpr.exe
  2⤵
  PID:9440
- C:\Windows\System\hYGCgTZ.exe
  C:\Windows\System\hYGCgTZ.exe
  2⤵
  PID:9464
- C:\Windows\System\VKDOOwI.exe
  C:\Windows\System\VKDOOwI.exe
  2⤵
  PID:9480
- C:\Windows\System\NyPEtgv.exe
  C:\Windows\System\NyPEtgv.exe
  2⤵
  PID:9496
- C:\Windows\System\apikMqq.exe
  C:\Windows\System\apikMqq.exe
  2⤵
  PID:9524
- C:\Windows\System\OqrIbby.exe
  C:\Windows\System\OqrIbby.exe
  2⤵
  PID:9560
- C:\Windows\System\mLBHbWl.exe
  C:\Windows\System\mLBHbWl.exe
  2⤵
  PID:9580
- C:\Windows\System\yIadYoB.exe
  C:\Windows\System\yIadYoB.exe
  2⤵
  PID:9600
- C:\Windows\System\IIxfHOV.exe
  C:\Windows\System\IIxfHOV.exe
  2⤵
  PID:9616
- C:\Windows\System\RxHEJvh.exe
  C:\Windows\System\RxHEJvh.exe
  2⤵
  PID:9640
- C:\Windows\System\ENASEMl.exe
  C:\Windows\System\ENASEMl.exe
  2⤵
  PID:9660
- C:\Windows\System\frTuYGn.exe
  C:\Windows\System\frTuYGn.exe
  2⤵
  PID:9676
- C:\Windows\System\JRoIKYy.exe
  C:\Windows\System\JRoIKYy.exe
  2⤵
  PID:9692
- C:\Windows\System\mAoQiKL.exe
  C:\Windows\System\mAoQiKL.exe
  2⤵
  PID:9708
- C:\Windows\System\LulvuYc.exe
  C:\Windows\System\LulvuYc.exe
  2⤵
  PID:9732
- C:\Windows\System\ydxREwx.exe
  C:\Windows\System\ydxREwx.exe
  2⤵
  PID:9752
- C:\Windows\System\urfuINo.exe
  C:\Windows\System\urfuINo.exe
  2⤵
  PID:9780
- C:\Windows\System\gwknCRX.exe
  C:\Windows\System\gwknCRX.exe
  2⤵
  PID:9796
- C:\Windows\System\yZLsYGO.exe
  C:\Windows\System\yZLsYGO.exe
  2⤵
  PID:9820
- C:\Windows\System\DPWWEFO.exe
  C:\Windows\System\DPWWEFO.exe
  2⤵
  PID:9836
- C:\Windows\System\KGmmfor.exe
  C:\Windows\System\KGmmfor.exe
  2⤵
  PID:9852
- C:\Windows\System\ilTXhuL.exe
  C:\Windows\System\ilTXhuL.exe
  2⤵
  PID:9876
- C:\Windows\System\EkQKnkv.exe
  C:\Windows\System\EkQKnkv.exe
  2⤵
  PID:9892
- C:\Windows\System\FZpLmHV.exe
  C:\Windows\System\FZpLmHV.exe
  2⤵
  PID:9912
- C:\Windows\System\YJJhDxX.exe
  C:\Windows\System\YJJhDxX.exe
  2⤵
  PID:9932
- C:\Windows\System\cnoUXJT.exe
  C:\Windows\System\cnoUXJT.exe
  2⤵
  PID:9948
- C:\Windows\System\xQPSKFh.exe
  C:\Windows\System\xQPSKFh.exe
  2⤵
  PID:9964
- C:\Windows\System\lnzkIQW.exe
  C:\Windows\System\lnzkIQW.exe
  2⤵
  PID:9988
- C:\Windows\System\dpxkzjm.exe
  C:\Windows\System\dpxkzjm.exe
  2⤵
  PID:10008
- C:\Windows\System\poHsAVF.exe
  C:\Windows\System\poHsAVF.exe
  2⤵
  PID:10040
- C:\Windows\System\ZcSTNhV.exe
  C:\Windows\System\ZcSTNhV.exe
  2⤵
  PID:10056
- C:\Windows\System\qQkMDiZ.exe
  C:\Windows\System\qQkMDiZ.exe
  2⤵
  PID:10076
- C:\Windows\System\szowmrr.exe
  C:\Windows\System\szowmrr.exe
  2⤵
  PID:10096
- C:\Windows\System\MTcxXpA.exe
  C:\Windows\System\MTcxXpA.exe
  2⤵
  PID:10116
- C:\Windows\System\fenkykD.exe
  C:\Windows\System\fenkykD.exe
  2⤵
  PID:10140
- C:\Windows\System\JYOiSYp.exe
  C:\Windows\System\JYOiSYp.exe
  2⤵
  PID:10160
- C:\Windows\System\OjknvKQ.exe
  C:\Windows\System\OjknvKQ.exe
  2⤵
  PID:10176
- C:\Windows\System\RkegocQ.exe
  C:\Windows\System\RkegocQ.exe
  2⤵
  PID:10196
- C:\Windows\System\SgcNdcm.exe
  C:\Windows\System\SgcNdcm.exe
  2⤵
  PID:10212
- C:\Windows\System\txQkSJb.exe
  C:\Windows\System\txQkSJb.exe
  2⤵
  PID:10232
- C:\Windows\System\nmrSdgv.exe
  C:\Windows\System\nmrSdgv.exe
  2⤵
  PID:9224
- C:\Windows\System\DwugkJy.exe
  C:\Windows\System\DwugkJy.exe
  2⤵
  PID:9272
- C:\Windows\System\WyZbDJn.exe
  C:\Windows\System\WyZbDJn.exe
  2⤵
  PID:9324
- C:\Windows\System\npcoHWE.exe
  C:\Windows\System\npcoHWE.exe
  2⤵
  PID:2552
- C:\Windows\System\FTNXcZD.exe
  C:\Windows\System\FTNXcZD.exe
  2⤵
  PID:9436
- C:\Windows\System\rRjAjNZ.exe
  C:\Windows\System\rRjAjNZ.exe
  2⤵
  PID:9512
- C:\Windows\System\tLXcvSf.exe
  C:\Windows\System\tLXcvSf.exe
  2⤵
  PID:9412
- C:\Windows\System\FqXLlbv.exe
  C:\Windows\System\FqXLlbv.exe
  2⤵
  PID:9492
- C:\Windows\System\EIazCDE.exe
  C:\Windows\System\EIazCDE.exe
  2⤵
  PID:9456
- C:\Windows\System\lBhHeGZ.exe
  C:\Windows\System\lBhHeGZ.exe
  2⤵
  PID:9548
- C:\Windows\System\kROeKoL.exe
  C:\Windows\System\kROeKoL.exe
  2⤵
  PID:9572
- C:\Windows\System\oHTYYUM.exe
  C:\Windows\System\oHTYYUM.exe
  2⤵
  PID:9612
- C:\Windows\System\GOkyZuN.exe
  C:\Windows\System\GOkyZuN.exe
  2⤵
  PID:9648
- C:\Windows\System\HweLKZB.exe
  C:\Windows\System\HweLKZB.exe
  2⤵
  PID:9672
- C:\Windows\System\mZljxkO.exe
  C:\Windows\System\mZljxkO.exe
  2⤵
  PID:9728
- C:\Windows\System\VWGDHtP.exe
  C:\Windows\System\VWGDHtP.exe
  2⤵
  PID:9772
- C:\Windows\System\TRzcvWZ.exe
  C:\Windows\System\TRzcvWZ.exe
  2⤵
  PID:9788
- C:\Windows\System\nBVdyXf.exe
  C:\Windows\System\nBVdyXf.exe
  2⤵
  PID:9808
- C:\Windows\System\urqGGUy.exe
  C:\Windows\System\urqGGUy.exe
  2⤵
  PID:9832
- C:\Windows\System\kLbWkUb.exe
  C:\Windows\System\kLbWkUb.exe
  2⤵
  PID:9868
- C:\Windows\System\EoANjUh.exe
  C:\Windows\System\EoANjUh.exe
  2⤵
  PID:9888
- C:\Windows\System\ldEPHNU.exe
  C:\Windows\System\ldEPHNU.exe
  2⤵
  PID:9956
- C:\Windows\System\FwMqwEv.exe
  C:\Windows\System\FwMqwEv.exe
  2⤵
  PID:9940
- C:\Windows\System\vobJEVx.exe
  C:\Windows\System\vobJEVx.exe
  2⤵
  PID:9980
- C:\Windows\System\OIPkGVo.exe
  C:\Windows\System\OIPkGVo.exe
  2⤵
  PID:10020
- C:\Windows\System\CgbzbTw.exe
  C:\Windows\System\CgbzbTw.exe
  2⤵
  PID:10084
- C:\Windows\System\QpUhGPZ.exe
  C:\Windows\System\QpUhGPZ.exe
  2⤵
  PID:10068
- C:\Windows\System\rXBOVwS.exe
  C:\Windows\System\rXBOVwS.exe
  2⤵
  PID:10132
- C:\Windows\System\gZKGFcT.exe
  C:\Windows\System\gZKGFcT.exe
  2⤵
  PID:10168
- C:\Windows\System\KaEvXsd.exe
  C:\Windows\System\KaEvXsd.exe
  2⤵
  PID:8520
- C:\Windows\System\vGFUxdq.exe
  C:\Windows\System\vGFUxdq.exe
  2⤵
  PID:10220
- C:\Windows\System\kwKswmD.exe
  C:\Windows\System\kwKswmD.exe
  2⤵
  PID:9316
- C:\Windows\System\uojRvoT.exe
  C:\Windows\System\uojRvoT.exe
  2⤵
  PID:9364
- C:\Windows\System\HFzVmPj.exe
  C:\Windows\System\HFzVmPj.exe
  2⤵
  PID:9476
- C:\Windows\System\NCkdJyM.exe
  C:\Windows\System\NCkdJyM.exe
  2⤵
  PID:9340
- C:\Windows\System\GlFVIrG.exe
  C:\Windows\System\GlFVIrG.exe
  2⤵
  PID:9556
- C:\Windows\System\khjbTOV.exe
  C:\Windows\System\khjbTOV.exe
  2⤵
  PID:9408
- C:\Windows\System\dUAaKRN.exe
  C:\Windows\System\dUAaKRN.exe
  2⤵
  PID:9632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EXKbVfD.exe

Filesize
6.0MB

MD5
09c3d5b79b1d7ba5b82f30956e6d3fc1

SHA1
c2eaba8a2e2457bcf3727c9ef9cf3e235260251d

SHA256
45a5dc1cc34a300b8f323c3091c699a1b1ccfe2df13690e060c2e6429df0f830

SHA512
a53ba7d9d180201e8315e7ea42844426aee8501c302848fcbc7f200d7267fcb3f882ed016d5970015cdb0205ee84fde1747d43dc53e6ecbf0c8ef500fd49891a

Download Submit
C:\Windows\system\FrweYtI.exe

Filesize
6.0MB

MD5
f3e3b1ebb7536385326709459e31ee0f

SHA1
0ff098b44fe7f93145bccd5de0ff13bfa2327371

SHA256
a0f31644ad755af78d4477482e6d7f566fcdd7b7204701865619452e57caac6d

SHA512
48b510ee784236b150b5630b09e8837884b5c845ebe9e6de8776acc1de30f61f1979e903749b80ea1578fa4e642da231497e32616338e994286c8cf65fd565e1

Download Submit
C:\Windows\system\HGzuxWD.exe

Filesize
6.0MB

MD5
24185905c1af7fcc76fa746b65a79e3e

SHA1
65b789b4ab70a11fd38659898ac4bd603ec60762

SHA256
b3c8072588ad9d1c6932451e569fbeb001dedd8578d20f8aa411b2f7c4163642

SHA512
1f9b9efa4bb3c02949dfaa32f82d69cc93050288e996762790d366b05767101551a7b81282521cb05a01cce4426776f8fe4ffdba10942eced0db5192c45f565e

Download Submit
C:\Windows\system\IduQStP.exe

Filesize
6.0MB

MD5
a0f92ca319a23f3255eaf36a7ad73a51

SHA1
1beedfd60eb9604506d9a3cce44791ce5503932a

SHA256
98b2c5901bdb7c7f36a7f31e73507e6ca365ec631d9e2cce8cdcee64e3f00367

SHA512
6b04c32eb5784505b940760c86c94dfc0826220031f84d1ca931644c738478ba556a8d6a574846243db6fb2256dfa323daa4dca5c87807a0e859dd7b43db07ae

Download Submit
C:\Windows\system\JSHmgAg.exe

Filesize
6.0MB

MD5
05ea9604d034d0706bb7ac023a61f448

SHA1
226a193fc48ed9d4ce0ade231c12e3b6f8d2d3b2

SHA256
0e38727bc7a1cbdc03cbf1219dd1efdbd049eafa0571abb97ebe620c10c99fd0

SHA512
e17833986580a0087fa5fa5bafea690b689e4bf41230d9f952a3e4f07e29997b599430cd0fc3a97906a8fd22dc79d32a88d785d988980aab64b20d0fe4c3399d

Download Submit
C:\Windows\system\LSXfRyx.exe

Filesize
6.0MB

MD5
c817c5ab7c2e39f59e704ed8b039a371

SHA1
c548d9cabadbeef4f59ddbd0bc78c1c0592ce0ac

SHA256
2345538da2198134f66680dde254ddcaefc8da9c589e8e3118da2211211b7144

SHA512
a1b586a6e3f4be910e1030f89b076907e37c87848345ec473cfd4d5f4bb12c954e740133edab59bfc10db018df23f80a3a21bb380bd889088f0edb1341b2f1ff

Download Submit
C:\Windows\system\MQKjZit.exe

Filesize
6.0MB

MD5
846b513bd63455946d99392f40759339

SHA1
331f06757e8e2fd474365dd3b1cbbfaa70e80964

SHA256
853dd33d3a99dabe31157a5d02a9c64690a8245304233a8b1a38b1805811a892

SHA512
4f1f3afefac99ca9107fabf55e04c4d8d94db8ae1ad4f523d6be10d4f141f57d9d269234ff1c9f3572739780f116e07ed6c5f6282a5f8dd70de1760392f4692b

Download Submit
C:\Windows\system\Voteqyh.exe

Filesize
6.0MB

MD5
352c44f120626a3b3ab1ee545901a6ca

SHA1
e1a283beccbb5c7d0745c62b81aff5d1aefdf120

SHA256
e36c61ec3446e52f7640cf915595368c08db1d272ed1de462a216b461c151cbb

SHA512
4b9f18c2a7bf5c77022248428352339fce15cdc8b8d5f4b4b74cea7ebb7890b448c5bbffc50a07c40e5e41ce196028242e0e6ae2e33523919296884f6efe7c01

Download Submit
C:\Windows\system\YOKXXhC.exe

Filesize
6.0MB

MD5
46814a9ada0ab9fa80c9e38045c4bfba

SHA1
3a3cee01af76de5f1022c2ca74db935655284911

SHA256
1a39c13514de14d3a811d64341b2884eec5124a804400fe87a2812374e5a50e9

SHA512
1d1cf241564f61340fb592485d718f77f94e4f5d5d997dc1581c3e3c017aeea9d0da7921b6a6e24c53321a230ba510c7fd2f60ed2b61074a316cbeb33f81c1b6

Download Submit
C:\Windows\system\Ziwbfqe.exe

Filesize
6.0MB

MD5
63bd962f0b4718c4f0e04fe0560d256d

SHA1
96847a69ef549a0fed4245099a7dde92ade4c3af

SHA256
682a8a913dd7f7b77d36a9b54dcc443c1ca5949f779308ffc0165be59da99b45

SHA512
7741a333bc09e135afb5ad28d8388119f0bfa00e401289fb1749a8df0eb85bab8b420d7d4c9ac32692043fbc0999fdea42e58aaaaa846c22cdec20ca1f810e49

Download Submit
C:\Windows\system\auVuflb.exe

Filesize
6.0MB

MD5
8271a1e4e6a0fa5cdcbeecd6ea27fc34

SHA1
4edba97bd6014635b28093d9116ddeb23f480a53

SHA256
3062446f1628b6c1fb62251e7bd119efbdc8cb47f076b4640990855fdb560e14

SHA512
b6eb6c4bd01bf102ea5e6d5eefcf5af2bac70873cf3f910feb1a0c04538e2eb777800eb9b6ab8bc8169957359ee4ee4665b0b2095615a87e6a12532c7ee4a079

Download Submit
C:\Windows\system\brNoZzA.exe

Filesize
6.0MB

MD5
74db1989d2f0a10c8887be09068f4dc3

SHA1
be4176555fa6d2d9481e761d09408aae8dc98db3

SHA256
f927459a6fad9ad53d5cdd093595e1a498ec8e87999312141a7c3d29c273c0a2

SHA512
16854793baae4c993d674f1cf3eecf0e5dc092c394bc9665e7d0b2bccc83af095583527f8f8b874d15c341ffc2ee03c5946030aec3de60c1628cd0642e469cc3

Download Submit
C:\Windows\system\bruwFOl.exe

Filesize
6.0MB

MD5
b280bc988f062d66bd3e7cb2e8c490b0

SHA1
d5f96fb907d0034582c341302204abdfcecce1d7

SHA256
8bdafbc6446bb4be19e0edf9b37579af4d736aee7816d39917e85f575984a92f

SHA512
9cbf3d7f12bae8543802b34dbf5a16955ee4b6b96ca80cc68a73565fbc4097405c7e87816b04e74595736d78e357f117506e6187c22a605c1e209665c22e4961

Download Submit
C:\Windows\system\fMxhLdt.exe

Filesize
8B

MD5
cfc5939021c971a3d1befe990cbbd763

SHA1
824ee6dfcd470461ecaea7af317e958e4373c26a

SHA256
b1947172f75c9810473c5b1eeca3d9c0b823390083ba6eb25c1d179cd480df3a

SHA512
1974e4f0422708661f5cb5e7200d484822a4197d1f1ee487f332e59d617976307621093242f2d9c6eeef828c236c68b4a48d208f9a42e48b57366eb686091671

Download Submit
C:\Windows\system\iRzPHXB.exe

Filesize
6.0MB

MD5
ea6f4c68c6505ab2a6e14c839be33cd8

SHA1
aa1191e6081db437d15ba7c6d2d0b9cb880173dc

SHA256
8950196daabf88bf2389113972ff185f808f372ecdc050b2351d915c7191a450

SHA512
e46cc8fede256f1c0346ec71a6bed46fba566b4feff8ccb5edfa8a5d1280f39d097ca995d9b20a6a91602e5d29c7c3da6ea250bdce259176d35bfd20310bf29c

Download Submit
C:\Windows\system\jncNjWR.exe

Filesize
6.0MB

MD5
97f23731598561ba9cdeea02e894f23d

SHA1
eaef06bddafb6aea4dce46acf525d413a1fb60d7

SHA256
268814e009b364e1b19a8cdea385ec5f3d4756dfc7c735a6b30744640acb24b5

SHA512
29bbede810c91c79962089fac6143d7cf18be0b94873212c80d3f9a6baf9e6997a41d5ddae0afb6a91d08c56ddb78c3c396eedd3cd26e358056d005db03c4eca

Download Submit
C:\Windows\system\kGnabJH.exe

Filesize
6.0MB

MD5
b9987450c52bb9f761e18540593cebb6

SHA1
57ec53449403a8a2872a9d5651704c0be480a502

SHA256
886ecb3073a7a2b99f16e279327c2b03ad5f426bbfd6b5a0e7a449e4bd0d968b

SHA512
5a53582c9cc6206169dc269fb2f76c2e34d4452fafaf098eb20df700b6aa14d1e3e84781c13d43fbafa346cacbc77b7e6ee10dd0515162f8ed851377533f62a7

Download Submit
C:\Windows\system\maIIYcn.exe

Filesize
6.0MB

MD5
48391b6758230c56bd77328ba05e808e

SHA1
4971ce4b9b2056263e2bb3d8ddc659bf7bb8d058

SHA256
af000c392a5885174e7a3def3afcfe3ff0ded7522fda4fe598310c7381892dc2

SHA512
8a3cadc8f4bb407c1266e9f1e371ea8445b15f9b29c1f5555d418e15e8f97988ba8a575134c87be37b18d0c50c8b6ecffa41cb18dfd2bc5c184be3b4931d6538

Download Submit
C:\Windows\system\nElwaQU.exe

Filesize
6.0MB

MD5
5329a63543b1fdb8ae5479d28bf8bd76

SHA1
bfaebd8bec428e5f835d2cd1eb8098e315d71985

SHA256
e444e73ad741c716452600c7e09fde3c12635215c07d6647438f73331f728feb

SHA512
2ed89234aa1f89cf4d8fb6ecd8f2ed6707b2e8ccdd76ce5e74d9d06aadb440cffee2fd4f553beb2f5de22294c58a17b15a4379a342f5b0e16fb3f731fdbf6de8

Download Submit
C:\Windows\system\oDDAOos.exe

Filesize
6.0MB

MD5
93968073d4dc798c769d4a856b1a91c7

SHA1
8e253e60b8fba50e7828b1b866a5ea49a7d89af0

SHA256
8ed26f04318c61a76793fa438aba0aec18e0d88a29d142656bbbc5ce13e38fa4

SHA512
b2db8ac4c70475f8afd2d7d3f1f5178471a8c28851017bd394b7e202bbfa3dc0610708dbd1db7894859eb4a33835bceeea13c0246f9159e5f04e3fe2fbe1c50c

Download Submit
C:\Windows\system\oukbzMM.exe

Filesize
6.0MB

MD5
62db514a9bd80c3dc3f23d7961aaa864

SHA1
3093bc92721d9253697325685a69c158fbf784a6

SHA256
c2dd12af22bafc2b6f4c21f5aa5122336f9a0996a78bdedababfba8b0db29cc8

SHA512
142177b3644b9d2073957a3b01c964ecab1c2904a113ef49573cc606c33953d44876ddc9c8efa7d10bb33fcb574dbfc8b40bc3dc5b6c25670b5dabb3936b8fb8

Download Submit
C:\Windows\system\pGrSBEx.exe

Filesize
6.0MB

MD5
4718625d459086a43045f3ce11d80f0c

SHA1
81a63643736405c444bbb3b6add1be6e56b15bb0

SHA256
8d7c7ee59a27187e1abc134c14e881cf7c7a86c7d357376b4c538569655d3751

SHA512
480f30b820071533977173628306b699835f35fd10503686f759bb54a1a527535f5060af298ffaa5fc391ad599b919ddf06c5689a3b5bb96f36276d6269683e2

Download Submit
C:\Windows\system\twENhyN.exe

Filesize
6.0MB

MD5
51ff2d2800a2aa8d69656a4d911808d6

SHA1
dda0183578a76a6ac2bc43ff4b04edc431fccef9

SHA256
5e34ae6e2124f022eb8089ef6746e83d58edd30176672c33a01ce5ca28762e21

SHA512
f446acc233a865b1518e32a03180f413ceec29ce7161102c0303182b9df1889d54a7bde32866bcb0818b7d5c1d34a97540204c39e2deb709352437d12eedda26

Download Submit
C:\Windows\system\upWdWvD.exe

Filesize
6.0MB

MD5
582e48ea844ec536cdfaddf4d0f424ce

SHA1
93a75afed9d8c2085ca3f7bcd0c7c9663377db6c

SHA256
de46ffb9ec56f219799c201a917c1f0a14c5bbfa82ba1ad6b21627b9da79207f

SHA512
84dc477ba2dd787c916bba39f1938b194a6c7c5fe01fc04e8c5084a754c52f891909fad54c433e1cd3d1a7f48ffb2535a205d75b25f02811ad71bf074447419d

Download Submit
C:\Windows\system\vBLyWaz.exe

Filesize
6.0MB

MD5
5d9d88818500317ce1c17240200625e0

SHA1
a841dafb26db14e5cb0206b51a81965d97d26ae8

SHA256
78f043ce8e38fd9acb7966ee4ca3b0749420b192f6c5653e9e20045825cf36e3

SHA512
617b36dbcb9595e340fac06a4816c5ccd4edc6b8ed629423bb2880bd1034ac952600bb12d89559aa6c37363334eebbfbd23d1435b9c6e46622723c8bef12ddc7

Download Submit
C:\Windows\system\vCqySXv.exe

Filesize
6.0MB

MD5
1a95964631c631875e8a77d39cdfe06e

SHA1
f47f27599cb7f2eac5bc90cb11a800a5de69c278

SHA256
9ca3e08a6a0f0f0d7920ea017b842c953f7c06405ca109a3174aca38409d9af5

SHA512
3823af06f68d71e810e43221a9d924a0b3840b2db78b7e9deca280fbba784ab684c7613770830dba44d4dd79fea689f70afa4426c21f06e14538c64208a392dd

Download Submit
C:\Windows\system\zqXSMJB.exe

Filesize
6.0MB

MD5
7cd754ac45d372cd1576d87d520a4b46

SHA1
8f7b035a14f626457735058ae3beb21ad5650142

SHA256
8b928d64ee68cf44f49a74da76edf99a8cc58fc4a396e1a0783071defc8ec184

SHA512
02e277e79e21435dadd55dbf1bf73b7a844cb40c662713bb4193afacd8c4c6526245b6b9d7a03409b84015b2b37514b4d6d4e55580f45b9060e93d097b86016d

Download Submit
\Windows\system\DIRIlTy.exe

Filesize
6.0MB

MD5
0055e65572451f1a173e510fe49cb07e

SHA1
ab31dca773d9270615c9f283748ef245dad9f0ab

SHA256
0e5190626fe55abfb8949ec51aed5d330c51b0ac0d330073c62a4791c28f8301

SHA512
3ebefefd7e64e4547e761a84b43115d754a6a35ce54fbca78b657fa6e0230f3a07b0a1f2233548500dad9a8c37fea7eed4ecc2f715bd77a48cacbea4ecf537ee

Download Submit
\Windows\system\KNZbuiM.exe

Filesize
6.0MB

MD5
e1f9632a634cf9d1bda892ff62661430

SHA1
d2d10513fe4eff8d310205e4e0e55f99bb78fb0a

SHA256
5b01117f9492a4a6fd1218be1f3d6ec77fe7c5bb268012ff773d33235c211e58

SHA512
8a08d56a78d133abcd7d05a49f6b8d4dc5904d6f67f9b7386b26014ccf361a400a5267d8f093aaa6e4d70234c2925f36ed95c348a457cb910330b9ab2569e22e

Download Submit
\Windows\system\LCHSjXe.exe

Filesize
6.0MB

MD5
f8fef06431e6e852bd95fd0cd63cf1b6

SHA1
082e10c10ce8b6863a8e60937327a8facb81e7ee

SHA256
78b0b927a20c4f9327d025973930b40f3d409debc38d6b7f55090b7649b5101a

SHA512
e77b80a5defd4b2e7f640ebfc0d44fddb87b3ced34a8b66cd3b8177a5027ea7ca671df29fde1a485ea147bf54d966e234f5525884aab47f146dd3688cf07f79c

Download Submit
\Windows\system\SsnAvcQ.exe

Filesize
6.0MB

MD5
0fc68816a8fd6fba860e0f5642e2c444

SHA1
34c5d383dce9da84f8e70e4b245122efdf040898

SHA256
1ef3be5d85d7317e19f1b95a1b4045a184b58913783a27bbe988b068b6e6fe87

SHA512
0b99c0ec435ecdfeac161c3a140db8178d03963a0f9c39497331192aa736603dda993f757182ab5a9180a01a7587c242c017e04a32e95b72c2e305435d3ad067

Download Submit
\Windows\system\mbWaZUH.exe

Filesize
6.0MB

MD5
938e20e977157d1bc633f86333791dab

SHA1
86647d706ba0b1ccd4af12acabbcd5ba95247ed6

SHA256
cfe2dd74509db8c98d185057d1b99b0f374497702cdf611eda3e7b466d4c738e

SHA512
0c2597ca4445f4bf05e19aa769d29e0f6a790f85b5f25d265e05dae52d557f98a5ce5b1199a6a0a41a6027994705401070678907dd4849d6531f55e1ee85a37e

Download Submit
\Windows\system\qvUWZar.exe

Filesize
6.0MB

MD5
cc844597741d1a5cb40a653954a11f27

SHA1
ab55cb85493d306f7b725d79aad8d7019985e59b

SHA256
0927cd69e54bc7fbd209d5c830041446b839d836de214ba762f456e27f59f37c

SHA512
f3a41fc1ca763c2dc3f9be4ce0521075fe879f22d23681d0a9cb7a8f2fe1218a87d2e729059f20fd39a2703741b7e2c128de107d6dd4264311c3b70c332ef4cd

Download Submit
memory/1244-3435-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1244-43-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-96-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-3396-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-3399-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2136-77-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3392-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2264-35-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2332-23-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3387-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-31-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3436-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2460-104-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3442-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2768-116-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3386-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3430-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-697-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-61-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-88-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-696-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-101-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/3052-57-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-119-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-67-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/3052-1044-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-0-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-906-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-46-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-785-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-54-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-139-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/3052-695-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-144-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/3052-117-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-145-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-142-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/3052-8-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/3052-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3052-118-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download