cobaltstrike | 3b0085759040be3d72c9c33582a3d9e6dd9a9b798e9085ec997eebd652fde299

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
28/02/2025, 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

4c9bdd2079eb3e86121c558ef45f45b1
SHA1

1dc2409427fc4f735af53b27939324bb1f6b6531
SHA256

3b0085759040be3d72c9c33582a3d9e6dd9a9b798e9085ec997eebd652fde299
SHA512

f5c9c40c95a7394df6b42e14e371ed97b084666447e46031b471e45861ed109a55ff315f012f217a7a2f03521029a26711f53888575b3e64495199c63c9d7f1a
SSDEEP

98304:demTLkNdfE0pZ3656utgpPFotBER/mQ32lUT:E+v56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0e-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d18-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d59-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d79-29.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c88-44.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-105.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015cd1-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-159.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-154.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d43-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2a-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf5-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd7-49.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d89-40.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d81-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d41-20.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral1/memory/3036-0-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-6.dat	xmrig
behavioral1/files/0x0008000000015d0e-11.dat	xmrig
behavioral1/files/0x0008000000015d18-12.dat	xmrig
behavioral1/files/0x0007000000015d59-25.dat	xmrig
behavioral1/files/0x0007000000015d79-29.dat	xmrig
behavioral1/files/0x0009000000016c88-44.dat	xmrig
behavioral1/files/0x0006000000016d3a-64.dat	xmrig
behavioral1/files/0x0006000000016d77-99.dat	xmrig
behavioral1/files/0x0006000000016d9f-105.dat	xmrig
behavioral1/files/0x0009000000015cd1-109.dat	xmrig
behavioral1/files/0x0006000000016de8-115.dat	xmrig
behavioral1/files/0x00050000000186e7-159.dat	xmrig
behavioral1/files/0x000600000001755b-149.dat	xmrig
behavioral1/files/0x0005000000018686-154.dat	xmrig
behavioral1/files/0x000600000001749c-143.dat	xmrig
behavioral1/files/0x0006000000017497-139.dat	xmrig
behavioral1/files/0x0006000000017049-134.dat	xmrig
behavioral1/files/0x0006000000016ecf-129.dat	xmrig
behavioral1/files/0x0006000000016df3-124.dat	xmrig
behavioral1/files/0x0006000000016dea-119.dat	xmrig
behavioral1/files/0x0006000000016d6f-94.dat	xmrig
behavioral1/files/0x0006000000016d6b-89.dat	xmrig
behavioral1/files/0x0006000000016d67-84.dat	xmrig
behavioral1/files/0x0006000000016d54-79.dat	xmrig
behavioral1/files/0x0006000000016d4b-74.dat	xmrig
behavioral1/files/0x0006000000016d43-69.dat	xmrig
behavioral1/files/0x0006000000016d2a-59.dat	xmrig
behavioral1/files/0x0006000000016cf5-54.dat	xmrig
behavioral1/files/0x0006000000016cd7-49.dat	xmrig
behavioral1/files/0x0009000000015d89-40.dat	xmrig
behavioral1/files/0x0009000000015d81-35.dat	xmrig
behavioral1/files/0x0007000000015d41-20.dat	xmrig
behavioral1/memory/2604-3094-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2604-3313-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/3036-8104-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2604	wXNlNws.exe
1492	oEVAEXH.exe
2496	GvIvTPY.exe
2300	JoDqWVt.exe
2560	xNszXgK.exe
1796	xSMzveD.exe
2820	ReYCWtk.exe
2992	AUgPhgv.exe
2844	WCqmcIr.exe
2952	AqwqufH.exe
2856	xhFjeLW.exe
2872	dPPeebD.exe
2836	KBYmZtA.exe
2936	jLJlsfH.exe
2720	WRRHOLx.exe
2428	TBuADef.exe
2440	rHlTYnA.exe
1788	NySbcfV.exe
1436	LFhItus.exe
1288	cXKDRta.exe
2656	jOlJzxV.exe
1976	JbTNfBI.exe
1524	eOntdZw.exe
1588	sFruNNb.exe
1708	RxTuCxe.exe
3012	vWrJzdD.exe
1520	UINpPKC.exe
2508	jSqUDpo.exe
2128	VkohTyX.exe
3028	RrvGikI.exe
2176	uPgklob.exe
912	djpQBrx.exe
1136	NJiWpwv.exe
676	YKxwkPG.exe
692	NLjEpMB.exe
1336	ttZpDtu.exe
1872	zgqHREE.exe
2404	JtymSBj.exe
1052	YFSROFC.exe
2012	oZZxrwn.exe
2068	DyRmDlc.exe
1808	QwlvGgT.exe
900	FUuyCkG.exe
1028	uSmVEzd.exe
2576	hmswVUu.exe
764	okKvfDd.exe
1944	iBnznyu.exe
2452	IOJLkjg.exe
2840	yfWjZIf.exe
2104	tXHVLPB.exe
2648	HyBIOEX.exe
892	zsNVbKd.exe
1516	zdiHFpy.exe
1760	nxCSiYA.exe
2328	dswQbCF.exe
2324	UZlqVOw.exe
1584	JmnXlZA.exe
1620	RmzZqFf.exe
2608	QifKCeI.exe
2092	OCmDJXL.exe
2800	YipNFti.exe
2828	qrjOHTu.exe
2296	YwPbKLx.exe
2724	ofuQmIk.exe

Loads dropped DLL 64 IoCs

pid	Process
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3036-0-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x000b000000012280-6.dat	upx
behavioral1/files/0x0008000000015d0e-11.dat	upx
behavioral1/files/0x0008000000015d18-12.dat	upx
behavioral1/files/0x0007000000015d59-25.dat	upx
behavioral1/files/0x0007000000015d79-29.dat	upx
behavioral1/files/0x0009000000016c88-44.dat	upx
behavioral1/files/0x0006000000016d3a-64.dat	upx
behavioral1/files/0x0006000000016d77-99.dat	upx
behavioral1/files/0x0006000000016d9f-105.dat	upx
behavioral1/files/0x0009000000015cd1-109.dat	upx
behavioral1/files/0x0006000000016de8-115.dat	upx
behavioral1/files/0x00050000000186e7-159.dat	upx
behavioral1/files/0x000600000001755b-149.dat	upx
behavioral1/files/0x0005000000018686-154.dat	upx
behavioral1/files/0x000600000001749c-143.dat	upx
behavioral1/files/0x0006000000017497-139.dat	upx
behavioral1/files/0x0006000000017049-134.dat	upx
behavioral1/files/0x0006000000016ecf-129.dat	upx
behavioral1/files/0x0006000000016df3-124.dat	upx
behavioral1/files/0x0006000000016dea-119.dat	upx
behavioral1/files/0x0006000000016d6f-94.dat	upx
behavioral1/files/0x0006000000016d6b-89.dat	upx
behavioral1/files/0x0006000000016d67-84.dat	upx
behavioral1/files/0x0006000000016d54-79.dat	upx
behavioral1/files/0x0006000000016d4b-74.dat	upx
behavioral1/files/0x0006000000016d43-69.dat	upx
behavioral1/files/0x0006000000016d2a-59.dat	upx
behavioral1/files/0x0006000000016cf5-54.dat	upx
behavioral1/files/0x0006000000016cd7-49.dat	upx
behavioral1/files/0x0009000000015d89-40.dat	upx
behavioral1/files/0x0009000000015d81-35.dat	upx
behavioral1/files/0x0007000000015d41-20.dat	upx
behavioral1/memory/2604-3094-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2604-3313-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/3036-8104-0x000000013F340000-0x000000013F694000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QeBoiBO.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLFKOXg.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUFoWiE.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWCGvjN.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCzXgre.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eBFYjHT.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjfWObx.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUGUcgt.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNzsLsN.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjLPnHh.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMlVgpH.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldcyXER.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxzyyWg.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYkDRvn.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpujpvE.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoOhsAj.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EitRmae.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFlRNLQ.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIkaKSy.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBoTcJH.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQPmjDK.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRxTPQZ.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLltmWG.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBBXQbC.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDMHEPk.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhHgCjC.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiTASRo.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSmVEzd.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDPythl.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDhGjpq.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcLXqkS.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfJdRHD.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGCiixn.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNUiuvp.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuaTemD.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtynUXk.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWrEiWS.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLurIJa.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asRJvwg.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNpJZWk.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnActxx.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCKotLT.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNNgUnt.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHlTYnA.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUVlpnN.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyFGrNh.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbCSNeM.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKEfTqk.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGaALsx.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdZXwuX.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzBraHy.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDQZlxO.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iveCNXz.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZkvRJI.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzFWTee.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZrRsWv.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icyDskV.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maUZooM.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwxzsCv.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxASSOD.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byVmwwr.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUUoACT.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXvmjcv.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRVsXah.exe	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2604	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3036 wrote to memory of 2604	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3036 wrote to memory of 2604	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3036 wrote to memory of 1492	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3036 wrote to memory of 1492	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3036 wrote to memory of 1492	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3036 wrote to memory of 2496	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3036 wrote to memory of 2496	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3036 wrote to memory of 2496	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3036 wrote to memory of 2300	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3036 wrote to memory of 2300	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3036 wrote to memory of 2300	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3036 wrote to memory of 2560	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3036 wrote to memory of 2560	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3036 wrote to memory of 2560	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3036 wrote to memory of 1796	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3036 wrote to memory of 1796	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3036 wrote to memory of 1796	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3036 wrote to memory of 2820	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3036 wrote to memory of 2820	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3036 wrote to memory of 2820	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3036 wrote to memory of 2992	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3036 wrote to memory of 2992	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3036 wrote to memory of 2992	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3036 wrote to memory of 2844	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3036 wrote to memory of 2844	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3036 wrote to memory of 2844	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3036 wrote to memory of 2952	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3036 wrote to memory of 2952	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3036 wrote to memory of 2952	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3036 wrote to memory of 2856	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3036 wrote to memory of 2856	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3036 wrote to memory of 2856	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3036 wrote to memory of 2872	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3036 wrote to memory of 2872	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3036 wrote to memory of 2872	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3036 wrote to memory of 2836	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3036 wrote to memory of 2836	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3036 wrote to memory of 2836	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3036 wrote to memory of 2936	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3036 wrote to memory of 2936	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3036 wrote to memory of 2936	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3036 wrote to memory of 2720	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3036 wrote to memory of 2720	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3036 wrote to memory of 2720	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3036 wrote to memory of 2428	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3036 wrote to memory of 2428	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3036 wrote to memory of 2428	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3036 wrote to memory of 2440	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3036 wrote to memory of 2440	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3036 wrote to memory of 2440	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3036 wrote to memory of 1788	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3036 wrote to memory of 1788	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3036 wrote to memory of 1788	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3036 wrote to memory of 1436	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3036 wrote to memory of 1436	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3036 wrote to memory of 1436	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3036 wrote to memory of 1288	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3036 wrote to memory of 1288	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3036 wrote to memory of 1288	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3036 wrote to memory of 2656	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3036 wrote to memory of 2656	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3036 wrote to memory of 2656	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3036 wrote to memory of 1976	3036	2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-28_4c9bdd2079eb3e86121c558ef45f45b1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\System\wXNlNws.exe
  C:\Windows\System\wXNlNws.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\oEVAEXH.exe
  C:\Windows\System\oEVAEXH.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\GvIvTPY.exe
  C:\Windows\System\GvIvTPY.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\JoDqWVt.exe
  C:\Windows\System\JoDqWVt.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\xNszXgK.exe
  C:\Windows\System\xNszXgK.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\xSMzveD.exe
  C:\Windows\System\xSMzveD.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\ReYCWtk.exe
  C:\Windows\System\ReYCWtk.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\AUgPhgv.exe
  C:\Windows\System\AUgPhgv.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\WCqmcIr.exe
  C:\Windows\System\WCqmcIr.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\AqwqufH.exe
  C:\Windows\System\AqwqufH.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\xhFjeLW.exe
  C:\Windows\System\xhFjeLW.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\dPPeebD.exe
  C:\Windows\System\dPPeebD.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\KBYmZtA.exe
  C:\Windows\System\KBYmZtA.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\jLJlsfH.exe
  C:\Windows\System\jLJlsfH.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\WRRHOLx.exe
  C:\Windows\System\WRRHOLx.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\TBuADef.exe
  C:\Windows\System\TBuADef.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\rHlTYnA.exe
  C:\Windows\System\rHlTYnA.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\NySbcfV.exe
  C:\Windows\System\NySbcfV.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\LFhItus.exe
  C:\Windows\System\LFhItus.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\cXKDRta.exe
  C:\Windows\System\cXKDRta.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\jOlJzxV.exe
  C:\Windows\System\jOlJzxV.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\JbTNfBI.exe
  C:\Windows\System\JbTNfBI.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\eOntdZw.exe
  C:\Windows\System\eOntdZw.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\sFruNNb.exe
  C:\Windows\System\sFruNNb.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\RxTuCxe.exe
  C:\Windows\System\RxTuCxe.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\vWrJzdD.exe
  C:\Windows\System\vWrJzdD.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\UINpPKC.exe
  C:\Windows\System\UINpPKC.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\jSqUDpo.exe
  C:\Windows\System\jSqUDpo.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\VkohTyX.exe
  C:\Windows\System\VkohTyX.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\RrvGikI.exe
  C:\Windows\System\RrvGikI.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\uPgklob.exe
  C:\Windows\System\uPgklob.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\djpQBrx.exe
  C:\Windows\System\djpQBrx.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\NJiWpwv.exe
  C:\Windows\System\NJiWpwv.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\YKxwkPG.exe
  C:\Windows\System\YKxwkPG.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\NLjEpMB.exe
  C:\Windows\System\NLjEpMB.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ttZpDtu.exe
  C:\Windows\System\ttZpDtu.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\zgqHREE.exe
  C:\Windows\System\zgqHREE.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\JtymSBj.exe
  C:\Windows\System\JtymSBj.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\YFSROFC.exe
  C:\Windows\System\YFSROFC.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\oZZxrwn.exe
  C:\Windows\System\oZZxrwn.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\DyRmDlc.exe
  C:\Windows\System\DyRmDlc.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\FUuyCkG.exe
  C:\Windows\System\FUuyCkG.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\QwlvGgT.exe
  C:\Windows\System\QwlvGgT.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\uSmVEzd.exe
  C:\Windows\System\uSmVEzd.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\hmswVUu.exe
  C:\Windows\System\hmswVUu.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\okKvfDd.exe
  C:\Windows\System\okKvfDd.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\iBnznyu.exe
  C:\Windows\System\iBnznyu.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\IOJLkjg.exe
  C:\Windows\System\IOJLkjg.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\yfWjZIf.exe
  C:\Windows\System\yfWjZIf.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\tXHVLPB.exe
  C:\Windows\System\tXHVLPB.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\HyBIOEX.exe
  C:\Windows\System\HyBIOEX.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\zsNVbKd.exe
  C:\Windows\System\zsNVbKd.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\zdiHFpy.exe
  C:\Windows\System\zdiHFpy.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\nxCSiYA.exe
  C:\Windows\System\nxCSiYA.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\dswQbCF.exe
  C:\Windows\System\dswQbCF.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\UZlqVOw.exe
  C:\Windows\System\UZlqVOw.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\JmnXlZA.exe
  C:\Windows\System\JmnXlZA.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\RmzZqFf.exe
  C:\Windows\System\RmzZqFf.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\QifKCeI.exe
  C:\Windows\System\QifKCeI.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\OCmDJXL.exe
  C:\Windows\System\OCmDJXL.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\YipNFti.exe
  C:\Windows\System\YipNFti.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\qrjOHTu.exe
  C:\Windows\System\qrjOHTu.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\YwPbKLx.exe
  C:\Windows\System\YwPbKLx.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\ofuQmIk.exe
  C:\Windows\System\ofuQmIk.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\oolJDqQ.exe
  C:\Windows\System\oolJDqQ.exe
  2⤵
  PID:2712
- C:\Windows\System\cQQGypc.exe
  C:\Windows\System\cQQGypc.exe
  2⤵
  PID:2804
- C:\Windows\System\kUVlpnN.exe
  C:\Windows\System\kUVlpnN.exe
  2⤵
  PID:2540
- C:\Windows\System\eJhNSDZ.exe
  C:\Windows\System\eJhNSDZ.exe
  2⤵
  PID:932
- C:\Windows\System\erWTYqE.exe
  C:\Windows\System\erWTYqE.exe
  2⤵
  PID:872
- C:\Windows\System\xrbHicl.exe
  C:\Windows\System\xrbHicl.exe
  2⤵
  PID:812
- C:\Windows\System\nZZqWdp.exe
  C:\Windows\System\nZZqWdp.exe
  2⤵
  PID:1120
- C:\Windows\System\ckWOtxX.exe
  C:\Windows\System\ckWOtxX.exe
  2⤵
  PID:2384
- C:\Windows\System\pdbaEtg.exe
  C:\Windows\System\pdbaEtg.exe
  2⤵
  PID:468
- C:\Windows\System\BEEPYIN.exe
  C:\Windows\System\BEEPYIN.exe
  2⤵
  PID:2900
- C:\Windows\System\PXHwjDB.exe
  C:\Windows\System\PXHwjDB.exe
  2⤵
  PID:1696
- C:\Windows\System\DVuAaDM.exe
  C:\Windows\System\DVuAaDM.exe
  2⤵
  PID:2792
- C:\Windows\System\ZJfrvBb.exe
  C:\Windows\System\ZJfrvBb.exe
  2⤵
  PID:2920
- C:\Windows\System\CwfzQEj.exe
  C:\Windows\System\CwfzQEj.exe
  2⤵
  PID:2780
- C:\Windows\System\pIBzSAA.exe
  C:\Windows\System\pIBzSAA.exe
  2⤵
  PID:964
- C:\Windows\System\gNfffgw.exe
  C:\Windows\System\gNfffgw.exe
  2⤵
  PID:1508
- C:\Windows\System\wjYbNnf.exe
  C:\Windows\System\wjYbNnf.exe
  2⤵
  PID:576
- C:\Windows\System\QHEDxAS.exe
  C:\Windows\System\QHEDxAS.exe
  2⤵
  PID:1380
- C:\Windows\System\yNnTUkX.exe
  C:\Windows\System\yNnTUkX.exe
  2⤵
  PID:1980
- C:\Windows\System\otUwZSn.exe
  C:\Windows\System\otUwZSn.exe
  2⤵
  PID:1776
- C:\Windows\System\NGyGeNW.exe
  C:\Windows\System\NGyGeNW.exe
  2⤵
  PID:1032
- C:\Windows\System\QDFrERd.exe
  C:\Windows\System\QDFrERd.exe
  2⤵
  PID:3068
- C:\Windows\System\LpEJccl.exe
  C:\Windows\System\LpEJccl.exe
  2⤵
  PID:2624
- C:\Windows\System\KWkPzOw.exe
  C:\Windows\System\KWkPzOw.exe
  2⤵
  PID:1444
- C:\Windows\System\grTuJQX.exe
  C:\Windows\System\grTuJQX.exe
  2⤵
  PID:2160
- C:\Windows\System\YOjNdbB.exe
  C:\Windows\System\YOjNdbB.exe
  2⤵
  PID:352
- C:\Windows\System\VBAITDa.exe
  C:\Windows\System\VBAITDa.exe
  2⤵
  PID:2224
- C:\Windows\System\LYxeGPS.exe
  C:\Windows\System\LYxeGPS.exe
  2⤵
  PID:1712
- C:\Windows\System\eCPcLax.exe
  C:\Windows\System\eCPcLax.exe
  2⤵
  PID:1728
- C:\Windows\System\XAtkRWe.exe
  C:\Windows\System\XAtkRWe.exe
  2⤵
  PID:2876
- C:\Windows\System\rQPxrbi.exe
  C:\Windows\System\rQPxrbi.exe
  2⤵
  PID:2832
- C:\Windows\System\HjoMmcA.exe
  C:\Windows\System\HjoMmcA.exe
  2⤵
  PID:2696
- C:\Windows\System\PWeXmEw.exe
  C:\Windows\System\PWeXmEw.exe
  2⤵
  PID:2892
- C:\Windows\System\eGpEBOY.exe
  C:\Windows\System\eGpEBOY.exe
  2⤵
  PID:2432
- C:\Windows\System\BppAHKg.exe
  C:\Windows\System\BppAHKg.exe
  2⤵
  PID:2140
- C:\Windows\System\DPKoCom.exe
  C:\Windows\System\DPKoCom.exe
  2⤵
  PID:1736
- C:\Windows\System\EyArQqJ.exe
  C:\Windows\System\EyArQqJ.exe
  2⤵
  PID:2124
- C:\Windows\System\vyFGrNh.exe
  C:\Windows\System\vyFGrNh.exe
  2⤵
  PID:1952
- C:\Windows\System\VqhvqVm.exe
  C:\Windows\System\VqhvqVm.exe
  2⤵
  PID:2276
- C:\Windows\System\HWbqCql.exe
  C:\Windows\System\HWbqCql.exe
  2⤵
  PID:1656
- C:\Windows\System\eqXgLRP.exe
  C:\Windows\System\eqXgLRP.exe
  2⤵
  PID:1940
- C:\Windows\System\whQaaxP.exe
  C:\Windows\System\whQaaxP.exe
  2⤵
  PID:988
- C:\Windows\System\qGjAsci.exe
  C:\Windows\System\qGjAsci.exe
  2⤵
  PID:2292
- C:\Windows\System\bqLtgPh.exe
  C:\Windows\System\bqLtgPh.exe
  2⤵
  PID:2004
- C:\Windows\System\eTtrueD.exe
  C:\Windows\System\eTtrueD.exe
  2⤵
  PID:2112
- C:\Windows\System\bkGzLyl.exe
  C:\Windows\System\bkGzLyl.exe
  2⤵
  PID:2340
- C:\Windows\System\zbWkBsf.exe
  C:\Windows\System\zbWkBsf.exe
  2⤵
  PID:1764
- C:\Windows\System\KFZKwdk.exe
  C:\Windows\System\KFZKwdk.exe
  2⤵
  PID:2344
- C:\Windows\System\BHdbcYg.exe
  C:\Windows\System\BHdbcYg.exe
  2⤵
  PID:2636
- C:\Windows\System\hBaDHbD.exe
  C:\Windows\System\hBaDHbD.exe
  2⤵
  PID:3064
- C:\Windows\System\IXckZpL.exe
  C:\Windows\System\IXckZpL.exe
  2⤵
  PID:2480
- C:\Windows\System\AeTaCZC.exe
  C:\Windows\System\AeTaCZC.exe
  2⤵
  PID:2744
- C:\Windows\System\NTKodaa.exe
  C:\Windows\System\NTKodaa.exe
  2⤵
  PID:2704
- C:\Windows\System\TefxBZu.exe
  C:\Windows\System\TefxBZu.exe
  2⤵
  PID:3076
- C:\Windows\System\ldcyXER.exe
  C:\Windows\System\ldcyXER.exe
  2⤵
  PID:3096
- C:\Windows\System\FoedjUC.exe
  C:\Windows\System\FoedjUC.exe
  2⤵
  PID:3116
- C:\Windows\System\GCxOpzY.exe
  C:\Windows\System\GCxOpzY.exe
  2⤵
  PID:3136
- C:\Windows\System\jChgRnp.exe
  C:\Windows\System\jChgRnp.exe
  2⤵
  PID:3156
- C:\Windows\System\ZaVFnjo.exe
  C:\Windows\System\ZaVFnjo.exe
  2⤵
  PID:3176
- C:\Windows\System\qGzYZto.exe
  C:\Windows\System\qGzYZto.exe
  2⤵
  PID:3196
- C:\Windows\System\joFGVTC.exe
  C:\Windows\System\joFGVTC.exe
  2⤵
  PID:3216
- C:\Windows\System\HurfHle.exe
  C:\Windows\System\HurfHle.exe
  2⤵
  PID:3236
- C:\Windows\System\GuJYWbR.exe
  C:\Windows\System\GuJYWbR.exe
  2⤵
  PID:3256
- C:\Windows\System\fDwjQRL.exe
  C:\Windows\System\fDwjQRL.exe
  2⤵
  PID:3276
- C:\Windows\System\adpPdaq.exe
  C:\Windows\System\adpPdaq.exe
  2⤵
  PID:3296
- C:\Windows\System\ZhNIXzY.exe
  C:\Windows\System\ZhNIXzY.exe
  2⤵
  PID:3316
- C:\Windows\System\omXzjYK.exe
  C:\Windows\System\omXzjYK.exe
  2⤵
  PID:3336
- C:\Windows\System\pHihvzm.exe
  C:\Windows\System\pHihvzm.exe
  2⤵
  PID:3356
- C:\Windows\System\XsqnowJ.exe
  C:\Windows\System\XsqnowJ.exe
  2⤵
  PID:3376
- C:\Windows\System\FIBziJU.exe
  C:\Windows\System\FIBziJU.exe
  2⤵
  PID:3396
- C:\Windows\System\zkXCWgE.exe
  C:\Windows\System\zkXCWgE.exe
  2⤵
  PID:3416
- C:\Windows\System\QeppjZb.exe
  C:\Windows\System\QeppjZb.exe
  2⤵
  PID:3436
- C:\Windows\System\kHzOdPO.exe
  C:\Windows\System\kHzOdPO.exe
  2⤵
  PID:3456
- C:\Windows\System\MYtjpam.exe
  C:\Windows\System\MYtjpam.exe
  2⤵
  PID:3476
- C:\Windows\System\xUYfSzc.exe
  C:\Windows\System\xUYfSzc.exe
  2⤵
  PID:3496
- C:\Windows\System\swZPWxQ.exe
  C:\Windows\System\swZPWxQ.exe
  2⤵
  PID:3516
- C:\Windows\System\Negcndh.exe
  C:\Windows\System\Negcndh.exe
  2⤵
  PID:3536
- C:\Windows\System\IicaoWO.exe
  C:\Windows\System\IicaoWO.exe
  2⤵
  PID:3556
- C:\Windows\System\beENnbR.exe
  C:\Windows\System\beENnbR.exe
  2⤵
  PID:3576
- C:\Windows\System\SbCSNeM.exe
  C:\Windows\System\SbCSNeM.exe
  2⤵
  PID:3596
- C:\Windows\System\NjCridp.exe
  C:\Windows\System\NjCridp.exe
  2⤵
  PID:3616
- C:\Windows\System\GGkSgCS.exe
  C:\Windows\System\GGkSgCS.exe
  2⤵
  PID:3636
- C:\Windows\System\trSwyPl.exe
  C:\Windows\System\trSwyPl.exe
  2⤵
  PID:3656
- C:\Windows\System\nMqNbmy.exe
  C:\Windows\System\nMqNbmy.exe
  2⤵
  PID:3676
- C:\Windows\System\zrBvjOe.exe
  C:\Windows\System\zrBvjOe.exe
  2⤵
  PID:3696
- C:\Windows\System\NQCrmfT.exe
  C:\Windows\System\NQCrmfT.exe
  2⤵
  PID:3716
- C:\Windows\System\iMiioZF.exe
  C:\Windows\System\iMiioZF.exe
  2⤵
  PID:3736
- C:\Windows\System\BqvbISE.exe
  C:\Windows\System\BqvbISE.exe
  2⤵
  PID:3756
- C:\Windows\System\QJfbFWy.exe
  C:\Windows\System\QJfbFWy.exe
  2⤵
  PID:3776
- C:\Windows\System\uJxEdOP.exe
  C:\Windows\System\uJxEdOP.exe
  2⤵
  PID:3796
- C:\Windows\System\HYtvxby.exe
  C:\Windows\System\HYtvxby.exe
  2⤵
  PID:3816
- C:\Windows\System\unEyeIN.exe
  C:\Windows\System\unEyeIN.exe
  2⤵
  PID:3836
- C:\Windows\System\rhUXmmk.exe
  C:\Windows\System\rhUXmmk.exe
  2⤵
  PID:3860
- C:\Windows\System\vtynUXk.exe
  C:\Windows\System\vtynUXk.exe
  2⤵
  PID:3880
- C:\Windows\System\aVKOWHD.exe
  C:\Windows\System\aVKOWHD.exe
  2⤵
  PID:3900
- C:\Windows\System\SeSzuUE.exe
  C:\Windows\System\SeSzuUE.exe
  2⤵
  PID:3920
- C:\Windows\System\rKZVDdu.exe
  C:\Windows\System\rKZVDdu.exe
  2⤵
  PID:3940
- C:\Windows\System\xlTQdSD.exe
  C:\Windows\System\xlTQdSD.exe
  2⤵
  PID:3960
- C:\Windows\System\LBoTcJH.exe
  C:\Windows\System\LBoTcJH.exe
  2⤵
  PID:3980
- C:\Windows\System\ccfNWaI.exe
  C:\Windows\System\ccfNWaI.exe
  2⤵
  PID:4004
- C:\Windows\System\yCrewvL.exe
  C:\Windows\System\yCrewvL.exe
  2⤵
  PID:4024
- C:\Windows\System\EvbThmB.exe
  C:\Windows\System\EvbThmB.exe
  2⤵
  PID:4044
- C:\Windows\System\tjlbrSz.exe
  C:\Windows\System\tjlbrSz.exe
  2⤵
  PID:4064
- C:\Windows\System\VRXKMRH.exe
  C:\Windows\System\VRXKMRH.exe
  2⤵
  PID:4084
- C:\Windows\System\XOtoIvs.exe
  C:\Windows\System\XOtoIvs.exe
  2⤵
  PID:1624
- C:\Windows\System\WksmfjM.exe
  C:\Windows\System\WksmfjM.exe
  2⤵
  PID:2928
- C:\Windows\System\NCeDgoY.exe
  C:\Windows\System\NCeDgoY.exe
  2⤵
  PID:3004
- C:\Windows\System\TaEjRkb.exe
  C:\Windows\System\TaEjRkb.exe
  2⤵
  PID:2248
- C:\Windows\System\MWvGSgf.exe
  C:\Windows\System\MWvGSgf.exe
  2⤵
  PID:1984
- C:\Windows\System\cnxhkXa.exe
  C:\Windows\System\cnxhkXa.exe
  2⤵
  PID:2444
- C:\Windows\System\PtKHLRx.exe
  C:\Windows\System\PtKHLRx.exe
  2⤵
  PID:568
- C:\Windows\System\QSfEQfU.exe
  C:\Windows\System\QSfEQfU.exe
  2⤵
  PID:2456
- C:\Windows\System\zPokzbi.exe
  C:\Windows\System\zPokzbi.exe
  2⤵
  PID:2312
- C:\Windows\System\XSXYljx.exe
  C:\Windows\System\XSXYljx.exe
  2⤵
  PID:2940
- C:\Windows\System\uqVDKmc.exe
  C:\Windows\System\uqVDKmc.exe
  2⤵
  PID:2316
- C:\Windows\System\llBsSVS.exe
  C:\Windows\System\llBsSVS.exe
  2⤵
  PID:3092
- C:\Windows\System\Awkksau.exe
  C:\Windows\System\Awkksau.exe
  2⤵
  PID:3128
- C:\Windows\System\ZuoShwZ.exe
  C:\Windows\System\ZuoShwZ.exe
  2⤵
  PID:3172
- C:\Windows\System\EObFvcf.exe
  C:\Windows\System\EObFvcf.exe
  2⤵
  PID:3204
- C:\Windows\System\mgNjnXc.exe
  C:\Windows\System\mgNjnXc.exe
  2⤵
  PID:3232
- C:\Windows\System\ySzNpEF.exe
  C:\Windows\System\ySzNpEF.exe
  2⤵
  PID:3248
- C:\Windows\System\VjKDmSD.exe
  C:\Windows\System\VjKDmSD.exe
  2⤵
  PID:3304
- C:\Windows\System\XkYrjEU.exe
  C:\Windows\System\XkYrjEU.exe
  2⤵
  PID:3332
- C:\Windows\System\QuHyFci.exe
  C:\Windows\System\QuHyFci.exe
  2⤵
  PID:3372
- C:\Windows\System\PIOmDpH.exe
  C:\Windows\System\PIOmDpH.exe
  2⤵
  PID:3432
- C:\Windows\System\TxOZixc.exe
  C:\Windows\System\TxOZixc.exe
  2⤵
  PID:3428
- C:\Windows\System\TrAmfUP.exe
  C:\Windows\System\TrAmfUP.exe
  2⤵
  PID:3472
- C:\Windows\System\WJNSxSK.exe
  C:\Windows\System\WJNSxSK.exe
  2⤵
  PID:3504
- C:\Windows\System\DCstNcR.exe
  C:\Windows\System\DCstNcR.exe
  2⤵
  PID:3528
- C:\Windows\System\qVDMSNQ.exe
  C:\Windows\System\qVDMSNQ.exe
  2⤵
  PID:3564
- C:\Windows\System\ofvkbVi.exe
  C:\Windows\System\ofvkbVi.exe
  2⤵
  PID:3604
- C:\Windows\System\zICrNlY.exe
  C:\Windows\System\zICrNlY.exe
  2⤵
  PID:3628
- C:\Windows\System\tvsquFe.exe
  C:\Windows\System\tvsquFe.exe
  2⤵
  PID:3672
- C:\Windows\System\DpjpKMQ.exe
  C:\Windows\System\DpjpKMQ.exe
  2⤵
  PID:3692
- C:\Windows\System\affgMQI.exe
  C:\Windows\System\affgMQI.exe
  2⤵
  PID:3728
- C:\Windows\System\lWOqEuH.exe
  C:\Windows\System\lWOqEuH.exe
  2⤵
  PID:3784
- C:\Windows\System\sxGsGEu.exe
  C:\Windows\System\sxGsGEu.exe
  2⤵
  PID:3804
- C:\Windows\System\fuHToMG.exe
  C:\Windows\System\fuHToMG.exe
  2⤵
  PID:3828
- C:\Windows\System\AzBurnK.exe
  C:\Windows\System\AzBurnK.exe
  2⤵
  PID:3848
- C:\Windows\System\LKEfTqk.exe
  C:\Windows\System\LKEfTqk.exe
  2⤵
  PID:3908
- C:\Windows\System\JOLAWhQ.exe
  C:\Windows\System\JOLAWhQ.exe
  2⤵
  PID:3948
- C:\Windows\System\VXROJam.exe
  C:\Windows\System\VXROJam.exe
  2⤵
  PID:3996
- C:\Windows\System\IIvlMMU.exe
  C:\Windows\System\IIvlMMU.exe
  2⤵
  PID:4012
- C:\Windows\System\ELfklbc.exe
  C:\Windows\System\ELfklbc.exe
  2⤵
  PID:4080
- C:\Windows\System\vPtZTlT.exe
  C:\Windows\System\vPtZTlT.exe
  2⤵
  PID:4092
- C:\Windows\System\KUWBCkm.exe
  C:\Windows\System\KUWBCkm.exe
  2⤵
  PID:2752
- C:\Windows\System\uEcleGn.exe
  C:\Windows\System\uEcleGn.exe
  2⤵
  PID:2888
- C:\Windows\System\xWQoUwW.exe
  C:\Windows\System\xWQoUwW.exe
  2⤵
  PID:1652
- C:\Windows\System\yeGmnbu.exe
  C:\Windows\System\yeGmnbu.exe
  2⤵
  PID:484
- C:\Windows\System\BQbAMcv.exe
  C:\Windows\System\BQbAMcv.exe
  2⤵
  PID:3044
- C:\Windows\System\bcegElt.exe
  C:\Windows\System\bcegElt.exe
  2⤵
  PID:2168
- C:\Windows\System\AsnLAXH.exe
  C:\Windows\System\AsnLAXH.exe
  2⤵
  PID:1304
- C:\Windows\System\MoLdxBq.exe
  C:\Windows\System\MoLdxBq.exe
  2⤵
  PID:3152
- C:\Windows\System\AKAOYMp.exe
  C:\Windows\System\AKAOYMp.exe
  2⤵
  PID:3208
- C:\Windows\System\quTVjVt.exe
  C:\Windows\System\quTVjVt.exe
  2⤵
  PID:3284
- C:\Windows\System\oteamjC.exe
  C:\Windows\System\oteamjC.exe
  2⤵
  PID:3344
- C:\Windows\System\SOWdrWC.exe
  C:\Windows\System\SOWdrWC.exe
  2⤵
  PID:3324
- C:\Windows\System\PvjgZSR.exe
  C:\Windows\System\PvjgZSR.exe
  2⤵
  PID:3388
- C:\Windows\System\JnwcRWx.exe
  C:\Windows\System\JnwcRWx.exe
  2⤵
  PID:3484
- C:\Windows\System\SnttgBv.exe
  C:\Windows\System\SnttgBv.exe
  2⤵
  PID:3552
- C:\Windows\System\tclAssH.exe
  C:\Windows\System\tclAssH.exe
  2⤵
  PID:3608
- C:\Windows\System\YmuOwqU.exe
  C:\Windows\System\YmuOwqU.exe
  2⤵
  PID:3652
- C:\Windows\System\xTYtncx.exe
  C:\Windows\System\xTYtncx.exe
  2⤵
  PID:3704
- C:\Windows\System\buwvShr.exe
  C:\Windows\System\buwvShr.exe
  2⤵
  PID:3764
- C:\Windows\System\cYXpoZo.exe
  C:\Windows\System\cYXpoZo.exe
  2⤵
  PID:3768
- C:\Windows\System\zpBuIqy.exe
  C:\Windows\System\zpBuIqy.exe
  2⤵
  PID:3876
- C:\Windows\System\zhnTwaH.exe
  C:\Windows\System\zhnTwaH.exe
  2⤵
  PID:3932
- C:\Windows\System\tyANsDA.exe
  C:\Windows\System\tyANsDA.exe
  2⤵
  PID:3972
- C:\Windows\System\PbvcWjv.exe
  C:\Windows\System\PbvcWjv.exe
  2⤵
  PID:4036
- C:\Windows\System\qeShYwA.exe
  C:\Windows\System\qeShYwA.exe
  2⤵
  PID:4056
- C:\Windows\System\AADmjcm.exe
  C:\Windows\System\AADmjcm.exe
  2⤵
  PID:1552
- C:\Windows\System\CDQdOrv.exe
  C:\Windows\System\CDQdOrv.exe
  2⤵
  PID:1660
- C:\Windows\System\nHuDgGv.exe
  C:\Windows\System\nHuDgGv.exe
  2⤵
  PID:2484
- C:\Windows\System\UrELNzJ.exe
  C:\Windows\System\UrELNzJ.exe
  2⤵
  PID:3124
- C:\Windows\System\UUFvDbQ.exe
  C:\Windows\System\UUFvDbQ.exe
  2⤵
  PID:3188
- C:\Windows\System\byaJtEw.exe
  C:\Windows\System\byaJtEw.exe
  2⤵
  PID:3272
- C:\Windows\System\LbmCjEF.exe
  C:\Windows\System\LbmCjEF.exe
  2⤵
  PID:3352
- C:\Windows\System\kIdgyjj.exe
  C:\Windows\System\kIdgyjj.exe
  2⤵
  PID:3492
- C:\Windows\System\MYfRuXo.exe
  C:\Windows\System\MYfRuXo.exe
  2⤵
  PID:3568
- C:\Windows\System\wPTzesH.exe
  C:\Windows\System\wPTzesH.exe
  2⤵
  PID:4100
- C:\Windows\System\LujTpri.exe
  C:\Windows\System\LujTpri.exe
  2⤵
  PID:4120
- C:\Windows\System\WedHOmC.exe
  C:\Windows\System\WedHOmC.exe
  2⤵
  PID:4140
- C:\Windows\System\ZYxGkXn.exe
  C:\Windows\System\ZYxGkXn.exe
  2⤵
  PID:4160
- C:\Windows\System\jfWbyiu.exe
  C:\Windows\System\jfWbyiu.exe
  2⤵
  PID:4184
- C:\Windows\System\hyUyeqs.exe
  C:\Windows\System\hyUyeqs.exe
  2⤵
  PID:4204
- C:\Windows\System\HrQBDhM.exe
  C:\Windows\System\HrQBDhM.exe
  2⤵
  PID:4224
- C:\Windows\System\ethUVlj.exe
  C:\Windows\System\ethUVlj.exe
  2⤵
  PID:4244
- C:\Windows\System\tHARFGS.exe
  C:\Windows\System\tHARFGS.exe
  2⤵
  PID:4264
- C:\Windows\System\sHiCvMn.exe
  C:\Windows\System\sHiCvMn.exe
  2⤵
  PID:4284
- C:\Windows\System\eBFYjHT.exe
  C:\Windows\System\eBFYjHT.exe
  2⤵
  PID:4304
- C:\Windows\System\DtRxEAG.exe
  C:\Windows\System\DtRxEAG.exe
  2⤵
  PID:4324
- C:\Windows\System\adScQXF.exe
  C:\Windows\System\adScQXF.exe
  2⤵
  PID:4344
- C:\Windows\System\TzrRppe.exe
  C:\Windows\System\TzrRppe.exe
  2⤵
  PID:4364
- C:\Windows\System\QzjoEjD.exe
  C:\Windows\System\QzjoEjD.exe
  2⤵
  PID:4384
- C:\Windows\System\ImYERSy.exe
  C:\Windows\System\ImYERSy.exe
  2⤵
  PID:4404
- C:\Windows\System\wybpPdx.exe
  C:\Windows\System\wybpPdx.exe
  2⤵
  PID:4424
- C:\Windows\System\bYIwTbr.exe
  C:\Windows\System\bYIwTbr.exe
  2⤵
  PID:4444
- C:\Windows\System\wOUMrJP.exe
  C:\Windows\System\wOUMrJP.exe
  2⤵
  PID:4464
- C:\Windows\System\UrsrtbS.exe
  C:\Windows\System\UrsrtbS.exe
  2⤵
  PID:4484
- C:\Windows\System\bxMHAmP.exe
  C:\Windows\System\bxMHAmP.exe
  2⤵
  PID:4504
- C:\Windows\System\wbiTsLw.exe
  C:\Windows\System\wbiTsLw.exe
  2⤵
  PID:4524
- C:\Windows\System\jfMlSdm.exe
  C:\Windows\System\jfMlSdm.exe
  2⤵
  PID:4544
- C:\Windows\System\MwZZvfQ.exe
  C:\Windows\System\MwZZvfQ.exe
  2⤵
  PID:4564
- C:\Windows\System\gNuhhcK.exe
  C:\Windows\System\gNuhhcK.exe
  2⤵
  PID:4584
- C:\Windows\System\yUkfLmm.exe
  C:\Windows\System\yUkfLmm.exe
  2⤵
  PID:4604
- C:\Windows\System\UNWULxQ.exe
  C:\Windows\System\UNWULxQ.exe
  2⤵
  PID:4624
- C:\Windows\System\jzWxtAR.exe
  C:\Windows\System\jzWxtAR.exe
  2⤵
  PID:4644
- C:\Windows\System\fVdgwBA.exe
  C:\Windows\System\fVdgwBA.exe
  2⤵
  PID:4664
- C:\Windows\System\NojQFbI.exe
  C:\Windows\System\NojQFbI.exe
  2⤵
  PID:4684
- C:\Windows\System\GDFvyOF.exe
  C:\Windows\System\GDFvyOF.exe
  2⤵
  PID:4704
- C:\Windows\System\uSqBypN.exe
  C:\Windows\System\uSqBypN.exe
  2⤵
  PID:4724
- C:\Windows\System\NJhjHIc.exe
  C:\Windows\System\NJhjHIc.exe
  2⤵
  PID:4744
- C:\Windows\System\GcTpKgO.exe
  C:\Windows\System\GcTpKgO.exe
  2⤵
  PID:4764
- C:\Windows\System\fszPvnB.exe
  C:\Windows\System\fszPvnB.exe
  2⤵
  PID:4784
- C:\Windows\System\EjnLtyM.exe
  C:\Windows\System\EjnLtyM.exe
  2⤵
  PID:4808
- C:\Windows\System\csQBuvL.exe
  C:\Windows\System\csQBuvL.exe
  2⤵
  PID:4828
- C:\Windows\System\CWyAqjc.exe
  C:\Windows\System\CWyAqjc.exe
  2⤵
  PID:4848
- C:\Windows\System\DkdbuLu.exe
  C:\Windows\System\DkdbuLu.exe
  2⤵
  PID:4868
- C:\Windows\System\sxzyyWg.exe
  C:\Windows\System\sxzyyWg.exe
  2⤵
  PID:4888
- C:\Windows\System\gIELnYp.exe
  C:\Windows\System\gIELnYp.exe
  2⤵
  PID:4908
- C:\Windows\System\pCalrSs.exe
  C:\Windows\System\pCalrSs.exe
  2⤵
  PID:4928
- C:\Windows\System\ZoYRpjb.exe
  C:\Windows\System\ZoYRpjb.exe
  2⤵
  PID:4948
- C:\Windows\System\iQxcBrd.exe
  C:\Windows\System\iQxcBrd.exe
  2⤵
  PID:4968
- C:\Windows\System\GaRrJWJ.exe
  C:\Windows\System\GaRrJWJ.exe
  2⤵
  PID:4988
- C:\Windows\System\mJfwjal.exe
  C:\Windows\System\mJfwjal.exe
  2⤵
  PID:5008
- C:\Windows\System\VlqTdqO.exe
  C:\Windows\System\VlqTdqO.exe
  2⤵
  PID:5028
- C:\Windows\System\sLHnVzG.exe
  C:\Windows\System\sLHnVzG.exe
  2⤵
  PID:5048
- C:\Windows\System\tEMmmCd.exe
  C:\Windows\System\tEMmmCd.exe
  2⤵
  PID:5068
- C:\Windows\System\XkimmnI.exe
  C:\Windows\System\XkimmnI.exe
  2⤵
  PID:5088
- C:\Windows\System\tCSZXpJ.exe
  C:\Windows\System\tCSZXpJ.exe
  2⤵
  PID:5108
- C:\Windows\System\oyWsHAn.exe
  C:\Windows\System\oyWsHAn.exe
  2⤵
  PID:3732
- C:\Windows\System\xSsbfaq.exe
  C:\Windows\System\xSsbfaq.exe
  2⤵
  PID:3872
- C:\Windows\System\KPwRAFj.exe
  C:\Windows\System\KPwRAFj.exe
  2⤵
  PID:3892
- C:\Windows\System\ylVDryQ.exe
  C:\Windows\System\ylVDryQ.exe
  2⤵
  PID:3968
- C:\Windows\System\EEBnoMI.exe
  C:\Windows\System\EEBnoMI.exe
  2⤵
  PID:4060
- C:\Windows\System\PPkZAVA.exe
  C:\Windows\System\PPkZAVA.exe
  2⤵
  PID:2304
- C:\Windows\System\mOUcwEL.exe
  C:\Windows\System\mOUcwEL.exe
  2⤵
  PID:2640
- C:\Windows\System\fKDvDoG.exe
  C:\Windows\System\fKDvDoG.exe
  2⤵
  PID:3184
- C:\Windows\System\FWDLXzG.exe
  C:\Windows\System\FWDLXzG.exe
  2⤵
  PID:3452
- C:\Windows\System\iXTleSs.exe
  C:\Windows\System\iXTleSs.exe
  2⤵
  PID:3532
- C:\Windows\System\yczdXHn.exe
  C:\Windows\System\yczdXHn.exe
  2⤵
  PID:3624
- C:\Windows\System\vEVMyTw.exe
  C:\Windows\System\vEVMyTw.exe
  2⤵
  PID:4136
- C:\Windows\System\zvbzhgT.exe
  C:\Windows\System\zvbzhgT.exe
  2⤵
  PID:4156
- C:\Windows\System\RawInth.exe
  C:\Windows\System\RawInth.exe
  2⤵
  PID:4220
- C:\Windows\System\PXgRpYa.exe
  C:\Windows\System\PXgRpYa.exe
  2⤵
  PID:4232
- C:\Windows\System\yKVCDaZ.exe
  C:\Windows\System\yKVCDaZ.exe
  2⤵
  PID:4272
- C:\Windows\System\thwEJPo.exe
  C:\Windows\System\thwEJPo.exe
  2⤵
  PID:4296
- C:\Windows\System\BExPHMH.exe
  C:\Windows\System\BExPHMH.exe
  2⤵
  PID:4340
- C:\Windows\System\GzFnrTV.exe
  C:\Windows\System\GzFnrTV.exe
  2⤵
  PID:4372
- C:\Windows\System\ipXGCTl.exe
  C:\Windows\System\ipXGCTl.exe
  2⤵
  PID:4412
- C:\Windows\System\tLItOim.exe
  C:\Windows\System\tLItOim.exe
  2⤵
  PID:4432
- C:\Windows\System\tzzhCGc.exe
  C:\Windows\System\tzzhCGc.exe
  2⤵
  PID:4472
- C:\Windows\System\JDiovGu.exe
  C:\Windows\System\JDiovGu.exe
  2⤵
  PID:4476
- C:\Windows\System\vxzcQnI.exe
  C:\Windows\System\vxzcQnI.exe
  2⤵
  PID:4536
- C:\Windows\System\ZerdfaO.exe
  C:\Windows\System\ZerdfaO.exe
  2⤵
  PID:4556
- C:\Windows\System\yHGlKcT.exe
  C:\Windows\System\yHGlKcT.exe
  2⤵
  PID:4612
- C:\Windows\System\OgmJmPx.exe
  C:\Windows\System\OgmJmPx.exe
  2⤵
  PID:4640
- C:\Windows\System\ufojIpH.exe
  C:\Windows\System\ufojIpH.exe
  2⤵
  PID:4672
- C:\Windows\System\NLXLqDB.exe
  C:\Windows\System\NLXLqDB.exe
  2⤵
  PID:4696
- C:\Windows\System\jYnFiYn.exe
  C:\Windows\System\jYnFiYn.exe
  2⤵
  PID:4740
- C:\Windows\System\rHJZiRL.exe
  C:\Windows\System\rHJZiRL.exe
  2⤵
  PID:4756
- C:\Windows\System\DsqIMkT.exe
  C:\Windows\System\DsqIMkT.exe
  2⤵
  PID:4796
- C:\Windows\System\YaAPAgG.exe
  C:\Windows\System\YaAPAgG.exe
  2⤵
  PID:4844
- C:\Windows\System\JJAnKbe.exe
  C:\Windows\System\JJAnKbe.exe
  2⤵
  PID:4876
- C:\Windows\System\OCoXSYL.exe
  C:\Windows\System\OCoXSYL.exe
  2⤵
  PID:4900
- C:\Windows\System\jFKvXLG.exe
  C:\Windows\System\jFKvXLG.exe
  2⤵
  PID:4920
- C:\Windows\System\NTSeaLq.exe
  C:\Windows\System\NTSeaLq.exe
  2⤵
  PID:4976
- C:\Windows\System\RXrTbZC.exe
  C:\Windows\System\RXrTbZC.exe
  2⤵
  PID:5024
- C:\Windows\System\LYqRXyf.exe
  C:\Windows\System\LYqRXyf.exe
  2⤵
  PID:5056
- C:\Windows\System\SfOuRKL.exe
  C:\Windows\System\SfOuRKL.exe
  2⤵
  PID:5076
- C:\Windows\System\hacaIBX.exe
  C:\Windows\System\hacaIBX.exe
  2⤵
  PID:5080
- C:\Windows\System\LiVgKsb.exe
  C:\Windows\System\LiVgKsb.exe
  2⤵
  PID:3684
- C:\Windows\System\lEQYQLe.exe
  C:\Windows\System\lEQYQLe.exe
  2⤵
  PID:3988
- C:\Windows\System\vkqDtkY.exe
  C:\Windows\System\vkqDtkY.exe
  2⤵
  PID:2916
- C:\Windows\System\jTzHvUy.exe
  C:\Windows\System\jTzHvUy.exe
  2⤵
  PID:1036
- C:\Windows\System\gwGESub.exe
  C:\Windows\System\gwGESub.exe
  2⤵
  PID:3292
- C:\Windows\System\ObHHLxZ.exe
  C:\Windows\System\ObHHLxZ.exe
  2⤵
  PID:3976
- C:\Windows\System\kpfaHDc.exe
  C:\Windows\System\kpfaHDc.exe
  2⤵
  PID:3592
- C:\Windows\System\XurEzVk.exe
  C:\Windows\System\XurEzVk.exe
  2⤵
  PID:4212
- C:\Windows\System\EOcfrcS.exe
  C:\Windows\System\EOcfrcS.exe
  2⤵
  PID:4236
- C:\Windows\System\WRpYgqf.exe
  C:\Windows\System\WRpYgqf.exe
  2⤵
  PID:4332
- C:\Windows\System\eWrEiWS.exe
  C:\Windows\System\eWrEiWS.exe
  2⤵
  PID:4352
- C:\Windows\System\wHwutjj.exe
  C:\Windows\System\wHwutjj.exe
  2⤵
  PID:4420
- C:\Windows\System\XqmqUry.exe
  C:\Windows\System\XqmqUry.exe
  2⤵
  PID:4456
- C:\Windows\System\UbXVmHF.exe
  C:\Windows\System\UbXVmHF.exe
  2⤵
  PID:4516
- C:\Windows\System\BKQAzin.exe
  C:\Windows\System\BKQAzin.exe
  2⤵
  PID:4076
- C:\Windows\System\BSfsBeW.exe
  C:\Windows\System\BSfsBeW.exe
  2⤵
  PID:4660
- C:\Windows\System\ffYUAnf.exe
  C:\Windows\System\ffYUAnf.exe
  2⤵
  PID:4680
- C:\Windows\System\SyONaGU.exe
  C:\Windows\System\SyONaGU.exe
  2⤵
  PID:4732
- C:\Windows\System\JCFwFWL.exe
  C:\Windows\System\JCFwFWL.exe
  2⤵
  PID:4804
- C:\Windows\System\whfQNqo.exe
  C:\Windows\System\whfQNqo.exe
  2⤵
  PID:4820
- C:\Windows\System\BKUGkKX.exe
  C:\Windows\System\BKUGkKX.exe
  2⤵
  PID:4896
- C:\Windows\System\aKKrHRE.exe
  C:\Windows\System\aKKrHRE.exe
  2⤵
  PID:4960
- C:\Windows\System\eMHCfti.exe
  C:\Windows\System\eMHCfti.exe
  2⤵
  PID:5036
- C:\Windows\System\EbgjBAC.exe
  C:\Windows\System\EbgjBAC.exe
  2⤵
  PID:5096
- C:\Windows\System\hDQZlxO.exe
  C:\Windows\System\hDQZlxO.exe
  2⤵
  PID:3648
- C:\Windows\System\jIAUvNh.exe
  C:\Windows\System\jIAUvNh.exe
  2⤵
  PID:4032
- C:\Windows\System\KvuMZww.exe
  C:\Windows\System\KvuMZww.exe
  2⤵
  PID:2256
- C:\Windows\System\lipkklC.exe
  C:\Windows\System\lipkklC.exe
  2⤵
  PID:3632
- C:\Windows\System\ScsKTIi.exe
  C:\Windows\System\ScsKTIi.exe
  2⤵
  PID:4148
- C:\Windows\System\yXLrwjS.exe
  C:\Windows\System\yXLrwjS.exe
  2⤵
  PID:4216
- C:\Windows\System\EexsCwc.exe
  C:\Windows\System\EexsCwc.exe
  2⤵
  PID:4316
- C:\Windows\System\EVJZEiV.exe
  C:\Windows\System\EVJZEiV.exe
  2⤵
  PID:4460
- C:\Windows\System\SvGlFNH.exe
  C:\Windows\System\SvGlFNH.exe
  2⤵
  PID:4496
- C:\Windows\System\LgJWoJO.exe
  C:\Windows\System\LgJWoJO.exe
  2⤵
  PID:4596
- C:\Windows\System\STPuVXl.exe
  C:\Windows\System\STPuVXl.exe
  2⤵
  PID:5128
- C:\Windows\System\fRIrule.exe
  C:\Windows\System\fRIrule.exe
  2⤵
  PID:5148
- C:\Windows\System\VVxNwAh.exe
  C:\Windows\System\VVxNwAh.exe
  2⤵
  PID:5168
- C:\Windows\System\IViKfVt.exe
  C:\Windows\System\IViKfVt.exe
  2⤵
  PID:5188
- C:\Windows\System\pDRmhfV.exe
  C:\Windows\System\pDRmhfV.exe
  2⤵
  PID:5208
- C:\Windows\System\nvtPztb.exe
  C:\Windows\System\nvtPztb.exe
  2⤵
  PID:5228
- C:\Windows\System\wPFuMrj.exe
  C:\Windows\System\wPFuMrj.exe
  2⤵
  PID:5248
- C:\Windows\System\OENmRRP.exe
  C:\Windows\System\OENmRRP.exe
  2⤵
  PID:5268
- C:\Windows\System\ypAKjGK.exe
  C:\Windows\System\ypAKjGK.exe
  2⤵
  PID:5288
- C:\Windows\System\lAkIeIM.exe
  C:\Windows\System\lAkIeIM.exe
  2⤵
  PID:5308
- C:\Windows\System\HwrKwcX.exe
  C:\Windows\System\HwrKwcX.exe
  2⤵
  PID:5328
- C:\Windows\System\nyVmpEu.exe
  C:\Windows\System\nyVmpEu.exe
  2⤵
  PID:5348
- C:\Windows\System\XhmBCZb.exe
  C:\Windows\System\XhmBCZb.exe
  2⤵
  PID:5368
- C:\Windows\System\KkgiROh.exe
  C:\Windows\System\KkgiROh.exe
  2⤵
  PID:5388
- C:\Windows\System\kTzOLlN.exe
  C:\Windows\System\kTzOLlN.exe
  2⤵
  PID:5408
- C:\Windows\System\fyUjDwV.exe
  C:\Windows\System\fyUjDwV.exe
  2⤵
  PID:5428
- C:\Windows\System\SxrFrvJ.exe
  C:\Windows\System\SxrFrvJ.exe
  2⤵
  PID:5448
- C:\Windows\System\LnMxaMl.exe
  C:\Windows\System\LnMxaMl.exe
  2⤵
  PID:5468
- C:\Windows\System\hSaNmdm.exe
  C:\Windows\System\hSaNmdm.exe
  2⤵
  PID:5488
- C:\Windows\System\KMINwUf.exe
  C:\Windows\System\KMINwUf.exe
  2⤵
  PID:5508
- C:\Windows\System\xxStiuY.exe
  C:\Windows\System\xxStiuY.exe
  2⤵
  PID:5528
- C:\Windows\System\rCgobDn.exe
  C:\Windows\System\rCgobDn.exe
  2⤵
  PID:5548
- C:\Windows\System\wctWLkE.exe
  C:\Windows\System\wctWLkE.exe
  2⤵
  PID:5568
- C:\Windows\System\elHEZUH.exe
  C:\Windows\System\elHEZUH.exe
  2⤵
  PID:5588
- C:\Windows\System\QeBoiBO.exe
  C:\Windows\System\QeBoiBO.exe
  2⤵
  PID:5608
- C:\Windows\System\ShVaDoj.exe
  C:\Windows\System\ShVaDoj.exe
  2⤵
  PID:5628
- C:\Windows\System\LapbWbQ.exe
  C:\Windows\System\LapbWbQ.exe
  2⤵
  PID:5648
- C:\Windows\System\xLiyKCw.exe
  C:\Windows\System\xLiyKCw.exe
  2⤵
  PID:5672
- C:\Windows\System\fkmKEgc.exe
  C:\Windows\System\fkmKEgc.exe
  2⤵
  PID:5696
- C:\Windows\System\CNCpHNn.exe
  C:\Windows\System\CNCpHNn.exe
  2⤵
  PID:5716
- C:\Windows\System\flCDLCS.exe
  C:\Windows\System\flCDLCS.exe
  2⤵
  PID:5736
- C:\Windows\System\cARhYpa.exe
  C:\Windows\System\cARhYpa.exe
  2⤵
  PID:5756
- C:\Windows\System\IUVHnvP.exe
  C:\Windows\System\IUVHnvP.exe
  2⤵
  PID:5776
- C:\Windows\System\lOdZkPn.exe
  C:\Windows\System\lOdZkPn.exe
  2⤵
  PID:5796
- C:\Windows\System\lLfuyaU.exe
  C:\Windows\System\lLfuyaU.exe
  2⤵
  PID:5816
- C:\Windows\System\rNAgHOU.exe
  C:\Windows\System\rNAgHOU.exe
  2⤵
  PID:5836
- C:\Windows\System\QZLSDCZ.exe
  C:\Windows\System\QZLSDCZ.exe
  2⤵
  PID:5856
- C:\Windows\System\sOjNRPO.exe
  C:\Windows\System\sOjNRPO.exe
  2⤵
  PID:5876
- C:\Windows\System\ZOFPqFw.exe
  C:\Windows\System\ZOFPqFw.exe
  2⤵
  PID:5896
- C:\Windows\System\mzbGCsR.exe
  C:\Windows\System\mzbGCsR.exe
  2⤵
  PID:5916
- C:\Windows\System\yJTjVNP.exe
  C:\Windows\System\yJTjVNP.exe
  2⤵
  PID:5936
- C:\Windows\System\gnsFaIx.exe
  C:\Windows\System\gnsFaIx.exe
  2⤵
  PID:5956
- C:\Windows\System\xRDymEj.exe
  C:\Windows\System\xRDymEj.exe
  2⤵
  PID:5976
- C:\Windows\System\RbeYnLn.exe
  C:\Windows\System\RbeYnLn.exe
  2⤵
  PID:5996
- C:\Windows\System\UQkYxow.exe
  C:\Windows\System\UQkYxow.exe
  2⤵
  PID:6016
- C:\Windows\System\QQPmjDK.exe
  C:\Windows\System\QQPmjDK.exe
  2⤵
  PID:6036
- C:\Windows\System\UikXPth.exe
  C:\Windows\System\UikXPth.exe
  2⤵
  PID:6056
- C:\Windows\System\gMsbRnR.exe
  C:\Windows\System\gMsbRnR.exe
  2⤵
  PID:6076
- C:\Windows\System\ntlwbnT.exe
  C:\Windows\System\ntlwbnT.exe
  2⤵
  PID:6096
- C:\Windows\System\YRQTpZg.exe
  C:\Windows\System\YRQTpZg.exe
  2⤵
  PID:6116
- C:\Windows\System\ZUDnmgc.exe
  C:\Windows\System\ZUDnmgc.exe
  2⤵
  PID:6136
- C:\Windows\System\yGPCqYg.exe
  C:\Windows\System\yGPCqYg.exe
  2⤵
  PID:4776
- C:\Windows\System\RtsXTrF.exe
  C:\Windows\System\RtsXTrF.exe
  2⤵
  PID:4864
- C:\Windows\System\CVprRmO.exe
  C:\Windows\System\CVprRmO.exe
  2⤵
  PID:4956
- C:\Windows\System\LzHBpAb.exe
  C:\Windows\System\LzHBpAb.exe
  2⤵
  PID:5060
- C:\Windows\System\ftQwuPp.exe
  C:\Windows\System\ftQwuPp.exe
  2⤵
  PID:3712
- C:\Windows\System\kSMZKaT.exe
  C:\Windows\System\kSMZKaT.exe
  2⤵
  PID:3896
- C:\Windows\System\mOOovFv.exe
  C:\Windows\System\mOOovFv.exe
  2⤵
  PID:3368
- C:\Windows\System\YZPQSSD.exe
  C:\Windows\System\YZPQSSD.exe
  2⤵
  PID:4172
- C:\Windows\System\yWbSulh.exe
  C:\Windows\System\yWbSulh.exe
  2⤵
  PID:4492
- C:\Windows\System\kmrqRmc.exe
  C:\Windows\System\kmrqRmc.exe
  2⤵
  PID:4392
- C:\Windows\System\qYDcVqF.exe
  C:\Windows\System\qYDcVqF.exe
  2⤵
  PID:4656
- C:\Windows\System\TMiwHnx.exe
  C:\Windows\System\TMiwHnx.exe
  2⤵
  PID:5144
- C:\Windows\System\PJWzesS.exe
  C:\Windows\System\PJWzesS.exe
  2⤵
  PID:5184
- C:\Windows\System\BkWDKTN.exe
  C:\Windows\System\BkWDKTN.exe
  2⤵
  PID:5224
- C:\Windows\System\zlXryKV.exe
  C:\Windows\System\zlXryKV.exe
  2⤵
  PID:5276
- C:\Windows\System\oslbCCH.exe
  C:\Windows\System\oslbCCH.exe
  2⤵
  PID:5260
- C:\Windows\System\ZauDEbL.exe
  C:\Windows\System\ZauDEbL.exe
  2⤵
  PID:5320
- C:\Windows\System\pYRLcXm.exe
  C:\Windows\System\pYRLcXm.exe
  2⤵
  PID:5340
- C:\Windows\System\osXfKCU.exe
  C:\Windows\System\osXfKCU.exe
  2⤵
  PID:5404
- C:\Windows\System\EJbJiSM.exe
  C:\Windows\System\EJbJiSM.exe
  2⤵
  PID:5424
- C:\Windows\System\dAeybeP.exe
  C:\Windows\System\dAeybeP.exe
  2⤵
  PID:5456
- C:\Windows\System\boHZHee.exe
  C:\Windows\System\boHZHee.exe
  2⤵
  PID:5480
- C:\Windows\System\aLurIJa.exe
  C:\Windows\System\aLurIJa.exe
  2⤵
  PID:5500
- C:\Windows\System\kpuxvps.exe
  C:\Windows\System\kpuxvps.exe
  2⤵
  PID:5564
- C:\Windows\System\tLFKOXg.exe
  C:\Windows\System\tLFKOXg.exe
  2⤵
  PID:5596
- C:\Windows\System\JErAcWn.exe
  C:\Windows\System\JErAcWn.exe
  2⤵
  PID:5636
- C:\Windows\System\KethBgR.exe
  C:\Windows\System\KethBgR.exe
  2⤵
  PID:5656
- C:\Windows\System\JdOBvuP.exe
  C:\Windows\System\JdOBvuP.exe
  2⤵
  PID:5684
- C:\Windows\System\iveCNXz.exe
  C:\Windows\System\iveCNXz.exe
  2⤵
  PID:5708
- C:\Windows\System\NZkvRJI.exe
  C:\Windows\System\NZkvRJI.exe
  2⤵
  PID:5772
- C:\Windows\System\tIjzpVD.exe
  C:\Windows\System\tIjzpVD.exe
  2⤵
  PID:5804
- C:\Windows\System\hUyrSfQ.exe
  C:\Windows\System\hUyrSfQ.exe
  2⤵
  PID:5832
- C:\Windows\System\jooodSD.exe
  C:\Windows\System\jooodSD.exe
  2⤵
  PID:5884
- C:\Windows\System\GXbIpBv.exe
  C:\Windows\System\GXbIpBv.exe
  2⤵
  PID:5904
- C:\Windows\System\BJTiXBO.exe
  C:\Windows\System\BJTiXBO.exe
  2⤵
  PID:5928
- C:\Windows\System\AxoceNK.exe
  C:\Windows\System\AxoceNK.exe
  2⤵
  PID:5972
- C:\Windows\System\tbdWFVC.exe
  C:\Windows\System\tbdWFVC.exe
  2⤵
  PID:6004
- C:\Windows\System\ZBqcYPF.exe
  C:\Windows\System\ZBqcYPF.exe
  2⤵
  PID:6052
- C:\Windows\System\HoBGLck.exe
  C:\Windows\System\HoBGLck.exe
  2⤵
  PID:6092
- C:\Windows\System\ZZWPWcf.exe
  C:\Windows\System\ZZWPWcf.exe
  2⤵
  PID:6104
- C:\Windows\System\sPXLLHJ.exe
  C:\Windows\System\sPXLLHJ.exe
  2⤵
  PID:6128
- C:\Windows\System\SiGWoZb.exe
  C:\Windows\System\SiGWoZb.exe
  2⤵
  PID:4760
- C:\Windows\System\pQkoaLU.exe
  C:\Windows\System\pQkoaLU.exe
  2⤵
  PID:4944
- C:\Windows\System\kpdOCUk.exe
  C:\Windows\System\kpdOCUk.exe
  2⤵
  PID:5064
- C:\Windows\System\FVSTgJr.exe
  C:\Windows\System\FVSTgJr.exe
  2⤵
  PID:3132
- C:\Windows\System\eyRGEVN.exe
  C:\Windows\System\eyRGEVN.exe
  2⤵
  PID:4252
- C:\Windows\System\gjtHzaE.exe
  C:\Windows\System\gjtHzaE.exe
  2⤵
  PID:4500
- C:\Windows\System\VSjRKkz.exe
  C:\Windows\System\VSjRKkz.exe
  2⤵
  PID:5124
- C:\Windows\System\lVLsZTT.exe
  C:\Windows\System\lVLsZTT.exe
  2⤵
  PID:5176
- C:\Windows\System\imiQwfE.exe
  C:\Windows\System\imiQwfE.exe
  2⤵
  PID:5240
- C:\Windows\System\BiaHgTJ.exe
  C:\Windows\System\BiaHgTJ.exe
  2⤵
  PID:5296
- C:\Windows\System\PkjfoaO.exe
  C:\Windows\System\PkjfoaO.exe
  2⤵
  PID:5336
- C:\Windows\System\UeVgFon.exe
  C:\Windows\System\UeVgFon.exe
  2⤵
  PID:5360
- C:\Windows\System\XeFCqsP.exe
  C:\Windows\System\XeFCqsP.exe
  2⤵
  PID:5460
- C:\Windows\System\FBYbJeX.exe
  C:\Windows\System\FBYbJeX.exe
  2⤵
  PID:5504
- C:\Windows\System\VYkDRvn.exe
  C:\Windows\System\VYkDRvn.exe
  2⤵
  PID:5604
- C:\Windows\System\mRDLLwb.exe
  C:\Windows\System\mRDLLwb.exe
  2⤵
  PID:5620
- C:\Windows\System\qWPVsjL.exe
  C:\Windows\System\qWPVsjL.exe
  2⤵
  PID:5668
- C:\Windows\System\oCwtIOu.exe
  C:\Windows\System\oCwtIOu.exe
  2⤵
  PID:5724
- C:\Windows\System\KzFWTee.exe
  C:\Windows\System\KzFWTee.exe
  2⤵
  PID:5824
- C:\Windows\System\VpujpvE.exe
  C:\Windows\System\VpujpvE.exe
  2⤵
  PID:5868
- C:\Windows\System\VaunIXH.exe
  C:\Windows\System\VaunIXH.exe
  2⤵
  PID:5932
- C:\Windows\System\IoHSOwh.exe
  C:\Windows\System\IoHSOwh.exe
  2⤵
  PID:6008
- C:\Windows\System\OmCtcfe.exe
  C:\Windows\System\OmCtcfe.exe
  2⤵
  PID:6028
- C:\Windows\System\XZrRsWv.exe
  C:\Windows\System\XZrRsWv.exe
  2⤵
  PID:6068
- C:\Windows\System\jPoKssB.exe
  C:\Windows\System\jPoKssB.exe
  2⤵
  PID:4700
- C:\Windows\System\vLeDZqI.exe
  C:\Windows\System\vLeDZqI.exe
  2⤵
  PID:3824
- C:\Windows\System\MVzJsbD.exe
  C:\Windows\System\MVzJsbD.exe
  2⤵
  PID:4196
- C:\Windows\System\ypckKAK.exe
  C:\Windows\System\ypckKAK.exe
  2⤵
  PID:4436
- C:\Windows\System\eYkYFYW.exe
  C:\Windows\System\eYkYFYW.exe
  2⤵
  PID:5164
- C:\Windows\System\NFJXAKw.exe
  C:\Windows\System\NFJXAKw.exe
  2⤵
  PID:5200
- C:\Windows\System\xGdHeOx.exe
  C:\Windows\System\xGdHeOx.exe
  2⤵
  PID:5264
- C:\Windows\System\HcFUmEk.exe
  C:\Windows\System\HcFUmEk.exe
  2⤵
  PID:5400
- C:\Windows\System\mywudut.exe
  C:\Windows\System\mywudut.exe
  2⤵
  PID:5536
- C:\Windows\System\rfRVzRH.exe
  C:\Windows\System\rfRVzRH.exe
  2⤵
  PID:5692
- C:\Windows\System\EMUJHVL.exe
  C:\Windows\System\EMUJHVL.exe
  2⤵
  PID:5600
- C:\Windows\System\aJGGEZo.exe
  C:\Windows\System\aJGGEZo.exe
  2⤵
  PID:6160
- C:\Windows\System\FnzYdod.exe
  C:\Windows\System\FnzYdod.exe
  2⤵
  PID:6180
- C:\Windows\System\IHLtYHo.exe
  C:\Windows\System\IHLtYHo.exe
  2⤵
  PID:6200
- C:\Windows\System\afpXhhb.exe
  C:\Windows\System\afpXhhb.exe
  2⤵
  PID:6224
- C:\Windows\System\HNcTwQi.exe
  C:\Windows\System\HNcTwQi.exe
  2⤵
  PID:6244
- C:\Windows\System\NoMFbRy.exe
  C:\Windows\System\NoMFbRy.exe
  2⤵
  PID:6264
- C:\Windows\System\HSMwxZC.exe
  C:\Windows\System\HSMwxZC.exe
  2⤵
  PID:6284
- C:\Windows\System\cwemIVw.exe
  C:\Windows\System\cwemIVw.exe
  2⤵
  PID:6304
- C:\Windows\System\mpxjjtN.exe
  C:\Windows\System\mpxjjtN.exe
  2⤵
  PID:6324
- C:\Windows\System\QkvfWde.exe
  C:\Windows\System\QkvfWde.exe
  2⤵
  PID:6344
- C:\Windows\System\fkOdtnM.exe
  C:\Windows\System\fkOdtnM.exe
  2⤵
  PID:6364
- C:\Windows\System\ACYImjO.exe
  C:\Windows\System\ACYImjO.exe
  2⤵
  PID:6384
- C:\Windows\System\FSWyViL.exe
  C:\Windows\System\FSWyViL.exe
  2⤵
  PID:6404
- C:\Windows\System\nRxTPQZ.exe
  C:\Windows\System\nRxTPQZ.exe
  2⤵
  PID:6424
- C:\Windows\System\sAlQFBC.exe
  C:\Windows\System\sAlQFBC.exe
  2⤵
  PID:6444
- C:\Windows\System\gRSERks.exe
  C:\Windows\System\gRSERks.exe
  2⤵
  PID:6464
- C:\Windows\System\NhXaDcf.exe
  C:\Windows\System\NhXaDcf.exe
  2⤵
  PID:6484
- C:\Windows\System\OcTjtUe.exe
  C:\Windows\System\OcTjtUe.exe
  2⤵
  PID:6504
- C:\Windows\System\UwHLuei.exe
  C:\Windows\System\UwHLuei.exe
  2⤵
  PID:6524
- C:\Windows\System\kypCTYK.exe
  C:\Windows\System\kypCTYK.exe
  2⤵
  PID:6544
- C:\Windows\System\YtWaQwi.exe
  C:\Windows\System\YtWaQwi.exe
  2⤵
  PID:6564
- C:\Windows\System\ldfLcHY.exe
  C:\Windows\System\ldfLcHY.exe
  2⤵
  PID:6584
- C:\Windows\System\hNiijcb.exe
  C:\Windows\System\hNiijcb.exe
  2⤵
  PID:6604
- C:\Windows\System\sXhlpaY.exe
  C:\Windows\System\sXhlpaY.exe
  2⤵
  PID:6624
- C:\Windows\System\PWnKJwu.exe
  C:\Windows\System\PWnKJwu.exe
  2⤵
  PID:6644
- C:\Windows\System\YZVbYyo.exe
  C:\Windows\System\YZVbYyo.exe
  2⤵
  PID:6668
- C:\Windows\System\qBTYeJl.exe
  C:\Windows\System\qBTYeJl.exe
  2⤵
  PID:6688
- C:\Windows\System\pwadaXg.exe
  C:\Windows\System\pwadaXg.exe
  2⤵
  PID:6708
- C:\Windows\System\jpKqjwp.exe
  C:\Windows\System\jpKqjwp.exe
  2⤵
  PID:6728
- C:\Windows\System\YINggwv.exe
  C:\Windows\System\YINggwv.exe
  2⤵
  PID:6748
- C:\Windows\System\nXpximv.exe
  C:\Windows\System\nXpximv.exe
  2⤵
  PID:6768
- C:\Windows\System\yMaXzjm.exe
  C:\Windows\System\yMaXzjm.exe
  2⤵
  PID:6788
- C:\Windows\System\FurSAcK.exe
  C:\Windows\System\FurSAcK.exe
  2⤵
  PID:6808
- C:\Windows\System\YeWMjMj.exe
  C:\Windows\System\YeWMjMj.exe
  2⤵
  PID:6828
- C:\Windows\System\jiGLtBI.exe
  C:\Windows\System\jiGLtBI.exe
  2⤵
  PID:6848
- C:\Windows\System\AVHtvsT.exe
  C:\Windows\System\AVHtvsT.exe
  2⤵
  PID:6868
- C:\Windows\System\vTzbidl.exe
  C:\Windows\System\vTzbidl.exe
  2⤵
  PID:6888
- C:\Windows\System\fTFGdmA.exe
  C:\Windows\System\fTFGdmA.exe
  2⤵
  PID:6908
- C:\Windows\System\AmtnYFy.exe
  C:\Windows\System\AmtnYFy.exe
  2⤵
  PID:6924
- C:\Windows\System\FdfWRwM.exe
  C:\Windows\System\FdfWRwM.exe
  2⤵
  PID:6948
- C:\Windows\System\gRLQwqA.exe
  C:\Windows\System\gRLQwqA.exe
  2⤵
  PID:6968
- C:\Windows\System\wdUsCTO.exe
  C:\Windows\System\wdUsCTO.exe
  2⤵
  PID:6988
- C:\Windows\System\jJzBYUN.exe
  C:\Windows\System\jJzBYUN.exe
  2⤵
  PID:7008
- C:\Windows\System\gLwhsxE.exe
  C:\Windows\System\gLwhsxE.exe
  2⤵
  PID:7028
- C:\Windows\System\jNyQGUA.exe
  C:\Windows\System\jNyQGUA.exe
  2⤵
  PID:7048
- C:\Windows\System\nwPXfhE.exe
  C:\Windows\System\nwPXfhE.exe
  2⤵
  PID:7068
- C:\Windows\System\IEoNbUZ.exe
  C:\Windows\System\IEoNbUZ.exe
  2⤵
  PID:7088
- C:\Windows\System\VDooDXj.exe
  C:\Windows\System\VDooDXj.exe
  2⤵
  PID:7108
- C:\Windows\System\NjXnyRM.exe
  C:\Windows\System\NjXnyRM.exe
  2⤵
  PID:7128
- C:\Windows\System\weJAAUj.exe
  C:\Windows\System\weJAAUj.exe
  2⤵
  PID:7148
- C:\Windows\System\CMUkLUF.exe
  C:\Windows\System\CMUkLUF.exe
  2⤵
  PID:5784
- C:\Windows\System\jMZlnVB.exe
  C:\Windows\System\jMZlnVB.exe
  2⤵
  PID:5844
- C:\Windows\System\wVnblJO.exe
  C:\Windows\System\wVnblJO.exe
  2⤵
  PID:5944
- C:\Windows\System\bhUySey.exe
  C:\Windows\System\bhUySey.exe
  2⤵
  PID:5988
- C:\Windows\System\bhXReNz.exe
  C:\Windows\System\bhXReNz.exe
  2⤵
  PID:6072
- C:\Windows\System\ntgrxrv.exe
  C:\Windows\System\ntgrxrv.exe
  2⤵
  PID:3952
- C:\Windows\System\TOwqvLh.exe
  C:\Windows\System\TOwqvLh.exe
  2⤵
  PID:4128
- C:\Windows\System\IMmnyfJ.exe
  C:\Windows\System\IMmnyfJ.exe
  2⤵
  PID:5244
- C:\Windows\System\PVWdIeA.exe
  C:\Windows\System\PVWdIeA.exe
  2⤵
  PID:5316
- C:\Windows\System\prsIGIw.exe
  C:\Windows\System\prsIGIw.exe
  2⤵
  PID:5420
- C:\Windows\System\xLltmWG.exe
  C:\Windows\System\xLltmWG.exe
  2⤵
  PID:5644
- C:\Windows\System\nOteVYg.exe
  C:\Windows\System\nOteVYg.exe
  2⤵
  PID:6168
- C:\Windows\System\OmOyFOX.exe
  C:\Windows\System\OmOyFOX.exe
  2⤵
  PID:6188
- C:\Windows\System\mqAGOMt.exe
  C:\Windows\System\mqAGOMt.exe
  2⤵
  PID:6216
- C:\Windows\System\DCTKrJs.exe
  C:\Windows\System\DCTKrJs.exe
  2⤵
  PID:6256
- C:\Windows\System\OQusgkN.exe
  C:\Windows\System\OQusgkN.exe
  2⤵
  PID:6300
- C:\Windows\System\tbOjVFi.exe
  C:\Windows\System\tbOjVFi.exe
  2⤵
  PID:6316
- C:\Windows\System\OTMElGU.exe
  C:\Windows\System\OTMElGU.exe
  2⤵
  PID:6376
- C:\Windows\System\lKPtuac.exe
  C:\Windows\System\lKPtuac.exe
  2⤵
  PID:6412
- C:\Windows\System\nZnIrOT.exe
  C:\Windows\System\nZnIrOT.exe
  2⤵
  PID:6432
- C:\Windows\System\SgVCZGl.exe
  C:\Windows\System\SgVCZGl.exe
  2⤵
  PID:6456
- C:\Windows\System\YKbXwRL.exe
  C:\Windows\System\YKbXwRL.exe
  2⤵
  PID:6500
- C:\Windows\System\umBSGWA.exe
  C:\Windows\System\umBSGWA.exe
  2⤵
  PID:6516
- C:\Windows\System\ZGaALsx.exe
  C:\Windows\System\ZGaALsx.exe
  2⤵
  PID:6572
- C:\Windows\System\FDPythl.exe
  C:\Windows\System\FDPythl.exe
  2⤵
  PID:6612
- C:\Windows\System\GvXJRQO.exe
  C:\Windows\System\GvXJRQO.exe
  2⤵
  PID:6632
- C:\Windows\System\IndtPkB.exe
  C:\Windows\System\IndtPkB.exe
  2⤵
  PID:6660
- C:\Windows\System\qVqsrBt.exe
  C:\Windows\System\qVqsrBt.exe
  2⤵
  PID:6684
- C:\Windows\System\BiJlOjp.exe
  C:\Windows\System\BiJlOjp.exe
  2⤵
  PID:6744
- C:\Windows\System\zsQNFtV.exe
  C:\Windows\System\zsQNFtV.exe
  2⤵
  PID:6756
- C:\Windows\System\OvAjmjI.exe
  C:\Windows\System\OvAjmjI.exe
  2⤵
  PID:6796
- C:\Windows\System\TIDDMuL.exe
  C:\Windows\System\TIDDMuL.exe
  2⤵
  PID:6800
- C:\Windows\System\QhYzBcw.exe
  C:\Windows\System\QhYzBcw.exe
  2⤵
  PID:6864
- C:\Windows\System\eMnGdvX.exe
  C:\Windows\System\eMnGdvX.exe
  2⤵
  PID:6880
- C:\Windows\System\RVukajh.exe
  C:\Windows\System\RVukajh.exe
  2⤵
  PID:6940
- C:\Windows\System\zvuPQOX.exe
  C:\Windows\System\zvuPQOX.exe
  2⤵
  PID:6964
- C:\Windows\System\MplCEVZ.exe
  C:\Windows\System\MplCEVZ.exe
  2⤵
  PID:6996
- C:\Windows\System\BlQJxYC.exe
  C:\Windows\System\BlQJxYC.exe
  2⤵
  PID:7020
- C:\Windows\System\oxASSOD.exe
  C:\Windows\System\oxASSOD.exe
  2⤵
  PID:7040
- C:\Windows\System\PwWtzgC.exe
  C:\Windows\System\PwWtzgC.exe
  2⤵
  PID:7096
- C:\Windows\System\ZFbSzKt.exe
  C:\Windows\System\ZFbSzKt.exe
  2⤵
  PID:7124
- C:\Windows\System\EfSMjoO.exe
  C:\Windows\System\EfSMjoO.exe
  2⤵
  PID:5888
- C:\Windows\System\fWvRqEJ.exe
  C:\Windows\System\fWvRqEJ.exe
  2⤵
  PID:5852
- C:\Windows\System\kfsToqR.exe
  C:\Windows\System\kfsToqR.exe
  2⤵
  PID:5908
- C:\Windows\System\jSGLrYH.exe
  C:\Windows\System\jSGLrYH.exe
  2⤵
  PID:2396
- C:\Windows\System\MNJnEZg.exe
  C:\Windows\System\MNJnEZg.exe
  2⤵
  PID:5016
- C:\Windows\System\rizyqIX.exe
  C:\Windows\System\rizyqIX.exe
  2⤵
  PID:5484
- C:\Windows\System\TsCOcSw.exe
  C:\Windows\System\TsCOcSw.exe
  2⤵
  PID:6148
- C:\Windows\System\DHZOdZg.exe
  C:\Windows\System\DHZOdZg.exe
  2⤵
  PID:6172
- C:\Windows\System\yciXxjB.exe
  C:\Windows\System\yciXxjB.exe
  2⤵
  PID:6252
- C:\Windows\System\OjaNGnK.exe
  C:\Windows\System\OjaNGnK.exe
  2⤵
  PID:6336
- C:\Windows\System\KEoenzq.exe
  C:\Windows\System\KEoenzq.exe
  2⤵
  PID:6352
- C:\Windows\System\RWIwUtI.exe
  C:\Windows\System\RWIwUtI.exe
  2⤵
  PID:6416
- C:\Windows\System\wjpwINt.exe
  C:\Windows\System\wjpwINt.exe
  2⤵
  PID:6460
- C:\Windows\System\TwEdQyC.exe
  C:\Windows\System\TwEdQyC.exe
  2⤵
  PID:6520
- C:\Windows\System\SDllpXW.exe
  C:\Windows\System\SDllpXW.exe
  2⤵
  PID:6620
- C:\Windows\System\ZvHxRJC.exe
  C:\Windows\System\ZvHxRJC.exe
  2⤵
  PID:6616
- C:\Windows\System\haQwoUj.exe
  C:\Windows\System\haQwoUj.exe
  2⤵
  PID:6220
- C:\Windows\System\hvigzpj.exe
  C:\Windows\System\hvigzpj.exe
  2⤵
  PID:6776
- C:\Windows\System\yOJCDVq.exe
  C:\Windows\System\yOJCDVq.exe
  2⤵
  PID:6824
- C:\Windows\System\CKcKqzV.exe
  C:\Windows\System\CKcKqzV.exe
  2⤵
  PID:6820
- C:\Windows\System\gkNmZJI.exe
  C:\Windows\System\gkNmZJI.exe
  2⤵
  PID:6840
- C:\Windows\System\fNslMBG.exe
  C:\Windows\System\fNslMBG.exe
  2⤵
  PID:6916
- C:\Windows\System\HPKmusD.exe
  C:\Windows\System\HPKmusD.exe
  2⤵
  PID:7024
- C:\Windows\System\gjfWObx.exe
  C:\Windows\System\gjfWObx.exe
  2⤵
  PID:7044
- C:\Windows\System\SbLZrtn.exe
  C:\Windows\System\SbLZrtn.exe
  2⤵
  PID:5748
- C:\Windows\System\yoWUMzJ.exe
  C:\Windows\System\yoWUMzJ.exe
  2⤵
  PID:7116
- C:\Windows\System\XrbPwjJ.exe
  C:\Windows\System\XrbPwjJ.exe
  2⤵
  PID:5156
- C:\Windows\System\xDUcDdQ.exe
  C:\Windows\System\xDUcDdQ.exe
  2⤵
  PID:6088
- C:\Windows\System\WTbtJWK.exe
  C:\Windows\System\WTbtJWK.exe
  2⤵
  PID:5464
- C:\Windows\System\vUftIbx.exe
  C:\Windows\System\vUftIbx.exe
  2⤵
  PID:6196
- C:\Windows\System\zyVhrFD.exe
  C:\Windows\System\zyVhrFD.exe
  2⤵
  PID:6156
- C:\Windows\System\OIVbrzY.exe
  C:\Windows\System\OIVbrzY.exe
  2⤵
  PID:6320
- C:\Windows\System\nYWhLIm.exe
  C:\Windows\System\nYWhLIm.exe
  2⤵
  PID:6476
- C:\Windows\System\LhnhrRg.exe
  C:\Windows\System\LhnhrRg.exe
  2⤵
  PID:6532
- C:\Windows\System\DWOfSpN.exe
  C:\Windows\System\DWOfSpN.exe
  2⤵
  PID:6664
- C:\Windows\System\MpasAxQ.exe
  C:\Windows\System\MpasAxQ.exe
  2⤵
  PID:6736
- C:\Windows\System\gWpGMXP.exe
  C:\Windows\System\gWpGMXP.exe
  2⤵
  PID:6696
- C:\Windows\System\TXyXrTx.exe
  C:\Windows\System\TXyXrTx.exe
  2⤵
  PID:6764
- C:\Windows\System\cjOjNdJ.exe
  C:\Windows\System\cjOjNdJ.exe
  2⤵
  PID:7016
- C:\Windows\System\rVyYpeb.exe
  C:\Windows\System\rVyYpeb.exe
  2⤵
  PID:7076
- C:\Windows\System\gekmNmu.exe
  C:\Windows\System\gekmNmu.exe
  2⤵
  PID:5924
- C:\Windows\System\ceInHPd.exe
  C:\Windows\System\ceInHPd.exe
  2⤵
  PID:6024
- C:\Windows\System\cCNpfYO.exe
  C:\Windows\System\cCNpfYO.exe
  2⤵
  PID:4636
- C:\Windows\System\OGVRhxj.exe
  C:\Windows\System\OGVRhxj.exe
  2⤵
  PID:7184
- C:\Windows\System\ulSmXkL.exe
  C:\Windows\System\ulSmXkL.exe
  2⤵
  PID:7204
- C:\Windows\System\kLQtDCJ.exe
  C:\Windows\System\kLQtDCJ.exe
  2⤵
  PID:7224
- C:\Windows\System\orhhTMo.exe
  C:\Windows\System\orhhTMo.exe
  2⤵
  PID:7244
- C:\Windows\System\vUKKjeK.exe
  C:\Windows\System\vUKKjeK.exe
  2⤵
  PID:7268
- C:\Windows\System\GkRHOSY.exe
  C:\Windows\System\GkRHOSY.exe
  2⤵
  PID:7288
- C:\Windows\System\VSqjXnT.exe
  C:\Windows\System\VSqjXnT.exe
  2⤵
  PID:7308
- C:\Windows\System\BZSOHgK.exe
  C:\Windows\System\BZSOHgK.exe
  2⤵
  PID:7328
- C:\Windows\System\gNFerUy.exe
  C:\Windows\System\gNFerUy.exe
  2⤵
  PID:7352
- C:\Windows\System\qxzKxnd.exe
  C:\Windows\System\qxzKxnd.exe
  2⤵
  PID:7372
- C:\Windows\System\VFBpqEL.exe
  C:\Windows\System\VFBpqEL.exe
  2⤵
  PID:7392
- C:\Windows\System\IfEdSxR.exe
  C:\Windows\System\IfEdSxR.exe
  2⤵
  PID:7412
- C:\Windows\System\QNQhYmd.exe
  C:\Windows\System\QNQhYmd.exe
  2⤵
  PID:7432
- C:\Windows\System\CnJzbId.exe
  C:\Windows\System\CnJzbId.exe
  2⤵
  PID:7452
- C:\Windows\System\QLPYTqr.exe
  C:\Windows\System\QLPYTqr.exe
  2⤵
  PID:7472
- C:\Windows\System\nhOVlEz.exe
  C:\Windows\System\nhOVlEz.exe
  2⤵
  PID:7492
- C:\Windows\System\FdvAGxl.exe
  C:\Windows\System\FdvAGxl.exe
  2⤵
  PID:7512
- C:\Windows\System\eYYMRhb.exe
  C:\Windows\System\eYYMRhb.exe
  2⤵
  PID:7532
- C:\Windows\System\TtpgkSL.exe
  C:\Windows\System\TtpgkSL.exe
  2⤵
  PID:7548
- C:\Windows\System\euciBGY.exe
  C:\Windows\System\euciBGY.exe
  2⤵
  PID:7572
- C:\Windows\System\IjgnDjB.exe
  C:\Windows\System\IjgnDjB.exe
  2⤵
  PID:7592
- C:\Windows\System\pmikUrS.exe
  C:\Windows\System\pmikUrS.exe
  2⤵
  PID:7612
- C:\Windows\System\YxBDrtt.exe
  C:\Windows\System\YxBDrtt.exe
  2⤵
  PID:7628
- C:\Windows\System\DtnvKRl.exe
  C:\Windows\System\DtnvKRl.exe
  2⤵
  PID:7652
- C:\Windows\System\GFiSFUq.exe
  C:\Windows\System\GFiSFUq.exe
  2⤵
  PID:7672
- C:\Windows\System\fBdzKQy.exe
  C:\Windows\System\fBdzKQy.exe
  2⤵
  PID:7692
- C:\Windows\System\pbmYrvp.exe
  C:\Windows\System\pbmYrvp.exe
  2⤵
  PID:7712
- C:\Windows\System\HcbKcdC.exe
  C:\Windows\System\HcbKcdC.exe
  2⤵
  PID:7732
- C:\Windows\System\DGCVApU.exe
  C:\Windows\System\DGCVApU.exe
  2⤵
  PID:7748
- C:\Windows\System\asRJvwg.exe
  C:\Windows\System\asRJvwg.exe
  2⤵
  PID:7772
- C:\Windows\System\NddPswY.exe
  C:\Windows\System\NddPswY.exe
  2⤵
  PID:7792
- C:\Windows\System\AhSTKXV.exe
  C:\Windows\System\AhSTKXV.exe
  2⤵
  PID:7812
- C:\Windows\System\huWelnd.exe
  C:\Windows\System\huWelnd.exe
  2⤵
  PID:7832
- C:\Windows\System\QgtBiSy.exe
  C:\Windows\System\QgtBiSy.exe
  2⤵
  PID:7848
- C:\Windows\System\pgVLRAd.exe
  C:\Windows\System\pgVLRAd.exe
  2⤵
  PID:7868
- C:\Windows\System\pvPpeGZ.exe
  C:\Windows\System\pvPpeGZ.exe
  2⤵
  PID:7892
- C:\Windows\System\cLgVITW.exe
  C:\Windows\System\cLgVITW.exe
  2⤵
  PID:7912
- C:\Windows\System\lBwAVWn.exe
  C:\Windows\System\lBwAVWn.exe
  2⤵
  PID:7932
- C:\Windows\System\wIbUHGn.exe
  C:\Windows\System\wIbUHGn.exe
  2⤵
  PID:7948
- C:\Windows\System\fpserze.exe
  C:\Windows\System\fpserze.exe
  2⤵
  PID:7972
- C:\Windows\System\bNLZtBO.exe
  C:\Windows\System\bNLZtBO.exe
  2⤵
  PID:7992
- C:\Windows\System\sEbWJHs.exe
  C:\Windows\System\sEbWJHs.exe
  2⤵
  PID:8012
- C:\Windows\System\EbwIGwW.exe
  C:\Windows\System\EbwIGwW.exe
  2⤵
  PID:8032
- C:\Windows\System\bDhGjpq.exe
  C:\Windows\System\bDhGjpq.exe
  2⤵
  PID:8052
- C:\Windows\System\mQnmnbA.exe
  C:\Windows\System\mQnmnbA.exe
  2⤵
  PID:8072
- C:\Windows\System\oVJHkMy.exe
  C:\Windows\System\oVJHkMy.exe
  2⤵
  PID:8092
- C:\Windows\System\JNmgiKj.exe
  C:\Windows\System\JNmgiKj.exe
  2⤵
  PID:8112
- C:\Windows\System\kxSBPWC.exe
  C:\Windows\System\kxSBPWC.exe
  2⤵
  PID:8132
- C:\Windows\System\CFkltUj.exe
  C:\Windows\System\CFkltUj.exe
  2⤵
  PID:8156
- C:\Windows\System\uXwuMZd.exe
  C:\Windows\System\uXwuMZd.exe
  2⤵
  PID:8176
- C:\Windows\System\pNeaiar.exe
  C:\Windows\System\pNeaiar.exe
  2⤵
  PID:6212
- C:\Windows\System\DPmNqkt.exe
  C:\Windows\System\DPmNqkt.exe
  2⤵
  PID:6332
- C:\Windows\System\yddnswE.exe
  C:\Windows\System\yddnswE.exe
  2⤵
  PID:6392
- C:\Windows\System\oFTgdCk.exe
  C:\Windows\System\oFTgdCk.exe
  2⤵
  PID:6536
- C:\Windows\System\SpKpYId.exe
  C:\Windows\System\SpKpYId.exe
  2⤵
  PID:6560
- C:\Windows\System\tDCOojb.exe
  C:\Windows\System\tDCOojb.exe
  2⤵
  PID:6760
- C:\Windows\System\ARLYcSj.exe
  C:\Windows\System\ARLYcSj.exe
  2⤵
  PID:2492
- C:\Windows\System\nkUpgdY.exe
  C:\Windows\System\nkUpgdY.exe
  2⤵
  PID:7080
- C:\Windows\System\xIqNLyA.exe
  C:\Windows\System\xIqNLyA.exe
  2⤵
  PID:7100
- C:\Windows\System\WMgpwKE.exe
  C:\Windows\System\WMgpwKE.exe
  2⤵
  PID:7180
- C:\Windows\System\ahvInwV.exe
  C:\Windows\System\ahvInwV.exe
  2⤵
  PID:7220
- C:\Windows\System\uazJBgn.exe
  C:\Windows\System\uazJBgn.exe
  2⤵
  PID:7264
- C:\Windows\System\QfeoLNm.exe
  C:\Windows\System\QfeoLNm.exe
  2⤵
  PID:7296
- C:\Windows\System\nrfaEUG.exe
  C:\Windows\System\nrfaEUG.exe
  2⤵
  PID:7320
- C:\Windows\System\GsxiCyO.exe
  C:\Windows\System\GsxiCyO.exe
  2⤵
  PID:7368
- C:\Windows\System\kPCtkcp.exe
  C:\Windows\System\kPCtkcp.exe
  2⤵
  PID:7384
- C:\Windows\System\tdDtQfD.exe
  C:\Windows\System\tdDtQfD.exe
  2⤵
  PID:7428
- C:\Windows\System\yWCcWvj.exe
  C:\Windows\System\yWCcWvj.exe
  2⤵
  PID:7488
- C:\Windows\System\OoOhsAj.exe
  C:\Windows\System\OoOhsAj.exe
  2⤵
  PID:7500
- C:\Windows\System\mhWRLXr.exe
  C:\Windows\System\mhWRLXr.exe
  2⤵
  PID:7560
- C:\Windows\System\aUFoWiE.exe
  C:\Windows\System\aUFoWiE.exe
  2⤵
  PID:7564
- C:\Windows\System\edKwYBY.exe
  C:\Windows\System\edKwYBY.exe
  2⤵
  PID:7584
- C:\Windows\System\KTAdJOx.exe
  C:\Windows\System\KTAdJOx.exe
  2⤵
  PID:7640
- C:\Windows\System\Xnlmuxx.exe
  C:\Windows\System\Xnlmuxx.exe
  2⤵
  PID:7680
- C:\Windows\System\LzNJyEH.exe
  C:\Windows\System\LzNJyEH.exe
  2⤵
  PID:7684
- C:\Windows\System\bcLXqkS.exe
  C:\Windows\System\bcLXqkS.exe
  2⤵
  PID:7708
- C:\Windows\System\FfQfpjm.exe
  C:\Windows\System\FfQfpjm.exe
  2⤵
  PID:7740
- C:\Windows\System\ZZvtZkZ.exe
  C:\Windows\System\ZZvtZkZ.exe
  2⤵
  PID:7808
- C:\Windows\System\vyCwGkl.exe
  C:\Windows\System\vyCwGkl.exe
  2⤵
  PID:7784
- C:\Windows\System\Gjtsycc.exe
  C:\Windows\System\Gjtsycc.exe
  2⤵
  PID:7824
- C:\Windows\System\hBBXQbC.exe
  C:\Windows\System\hBBXQbC.exe
  2⤵
  PID:7864
- C:\Windows\System\ARlrrDc.exe
  C:\Windows\System\ARlrrDc.exe
  2⤵
  PID:7920
- C:\Windows\System\hsZbWIg.exe
  C:\Windows\System\hsZbWIg.exe
  2⤵
  PID:8008
- C:\Windows\System\GJDblJZ.exe
  C:\Windows\System\GJDblJZ.exe
  2⤵
  PID:8020
- C:\Windows\System\kTXnZoI.exe
  C:\Windows\System\kTXnZoI.exe
  2⤵
  PID:8048
- C:\Windows\System\RxCteIc.exe
  C:\Windows\System\RxCteIc.exe
  2⤵
  PID:8068
- C:\Windows\System\BepMfyc.exe
  C:\Windows\System\BepMfyc.exe
  2⤵
  PID:8084
- C:\Windows\System\BHRgcqK.exe
  C:\Windows\System\BHRgcqK.exe
  2⤵
  PID:8108
- C:\Windows\System\chfCjLG.exe
  C:\Windows\System\chfCjLG.exe
  2⤵
  PID:8140
- C:\Windows\System\iymxQPq.exe
  C:\Windows\System\iymxQPq.exe
  2⤵
  PID:8172
- C:\Windows\System\sUeDeEB.exe
  C:\Windows\System\sUeDeEB.exe
  2⤵
  PID:5160
- C:\Windows\System\QuueTwC.exe
  C:\Windows\System\QuueTwC.exe
  2⤵
  PID:6276
- C:\Windows\System\cXYuOYf.exe
  C:\Windows\System\cXYuOYf.exe
  2⤵
  PID:6356
- C:\Windows\System\sAoseGd.exe
  C:\Windows\System\sAoseGd.exe
  2⤵
  PID:6720
- C:\Windows\System\hOHnpeB.exe
  C:\Windows\System\hOHnpeB.exe
  2⤵
  PID:2796
- C:\Windows\System\hCUJZMD.exe
  C:\Windows\System\hCUJZMD.exe
  2⤵
  PID:6976
- C:\Windows\System\QyoRivi.exe
  C:\Windows\System\QyoRivi.exe
  2⤵
  PID:7160
- C:\Windows\System\IviVXsL.exe
  C:\Windows\System\IviVXsL.exe
  2⤵
  PID:7200
- C:\Windows\System\lnxqTZb.exe
  C:\Windows\System\lnxqTZb.exe
  2⤵
  PID:7236
- C:\Windows\System\coXYyyH.exe
  C:\Windows\System\coXYyyH.exe
  2⤵
  PID:3040
- C:\Windows\System\buLUiJr.exe
  C:\Windows\System\buLUiJr.exe
  2⤵
  PID:7300
- C:\Windows\System\AFvqqGG.exe
  C:\Windows\System\AFvqqGG.exe
  2⤵
  PID:7280
- C:\Windows\System\XymftLi.exe
  C:\Windows\System\XymftLi.exe
  2⤵
  PID:7424
- C:\Windows\System\YzaQYXE.exe
  C:\Windows\System\YzaQYXE.exe
  2⤵
  PID:7448
- C:\Windows\System\unCASBm.exe
  C:\Windows\System\unCASBm.exe
  2⤵
  PID:7420
- C:\Windows\System\ZCvFElg.exe
  C:\Windows\System\ZCvFElg.exe
  2⤵
  PID:2220
- C:\Windows\System\fdpAEkD.exe
  C:\Windows\System\fdpAEkD.exe
  2⤵
  PID:2824
- C:\Windows\System\DBpNnGA.exe
  C:\Windows\System\DBpNnGA.exe
  2⤵
  PID:1092
- C:\Windows\System\hrMdbjL.exe
  C:\Windows\System\hrMdbjL.exe
  2⤵
  PID:7580
- C:\Windows\System\wUjWtIy.exe
  C:\Windows\System\wUjWtIy.exe
  2⤵
  PID:1688
- C:\Windows\System\kUwcXxJ.exe
  C:\Windows\System\kUwcXxJ.exe
  2⤵
  PID:7644
- C:\Windows\System\tjtpSjZ.exe
  C:\Windows\System\tjtpSjZ.exe
  2⤵
  PID:7636
- C:\Windows\System\NnMiABv.exe
  C:\Windows\System\NnMiABv.exe
  2⤵
  PID:8148
- C:\Windows\System\OZLWpdL.exe
  C:\Windows\System\OZLWpdL.exe
  2⤵
  PID:596
- C:\Windows\System\eywHQfn.exe
  C:\Windows\System\eywHQfn.exe
  2⤵
  PID:2536
- C:\Windows\System\DNglvau.exe
  C:\Windows\System\DNglvau.exe
  2⤵
  PID:7756
- C:\Windows\System\zAOXcdb.exe
  C:\Windows\System\zAOXcdb.exe
  2⤵
  PID:7828
- C:\Windows\System\TPRDQiR.exe
  C:\Windows\System\TPRDQiR.exe
  2⤵
  PID:7900
- C:\Windows\System\FrmzbXO.exe
  C:\Windows\System\FrmzbXO.exe
  2⤵
  PID:7888
- C:\Windows\System\KzaCybn.exe
  C:\Windows\System\KzaCybn.exe
  2⤵
  PID:2700
- C:\Windows\System\LATZxec.exe
  C:\Windows\System\LATZxec.exe
  2⤵
  PID:7908
- C:\Windows\System\TpcDvsd.exe
  C:\Windows\System\TpcDvsd.exe
  2⤵
  PID:2020
- C:\Windows\System\GBpkwsZ.exe
  C:\Windows\System\GBpkwsZ.exe
  2⤵
  PID:7956
- C:\Windows\System\ZLfOOnC.exe
  C:\Windows\System\ZLfOOnC.exe
  2⤵
  PID:2372
- C:\Windows\System\ecSnAeW.exe
  C:\Windows\System\ecSnAeW.exe
  2⤵
  PID:8028
- C:\Windows\System\ilRVyAc.exe
  C:\Windows\System\ilRVyAc.exe
  2⤵
  PID:8060
- C:\Windows\System\oSKYBPr.exe
  C:\Windows\System\oSKYBPr.exe
  2⤵
  PID:8164
- C:\Windows\System\ShlROLg.exe
  C:\Windows\System\ShlROLg.exe
  2⤵
  PID:5792
- C:\Windows\System\gLRzkxG.exe
  C:\Windows\System\gLRzkxG.exe
  2⤵
  PID:8124
- C:\Windows\System\iDMHEPk.exe
  C:\Windows\System\iDMHEPk.exe
  2⤵
  PID:7256
- C:\Windows\System\tyljqWL.exe
  C:\Windows\System\tyljqWL.exe
  2⤵
  PID:2968
- C:\Windows\System\qzRvvXl.exe
  C:\Windows\System\qzRvvXl.exe
  2⤵
  PID:6984
- C:\Windows\System\itgEnfD.exe
  C:\Windows\System\itgEnfD.exe
  2⤵
  PID:6480
- C:\Windows\System\ofDZQGw.exe
  C:\Windows\System\ofDZQGw.exe
  2⤵
  PID:7464
- C:\Windows\System\cnhgAFF.exe
  C:\Windows\System\cnhgAFF.exe
  2⤵
  PID:2352
- C:\Windows\System\puaYpEd.exe
  C:\Windows\System\puaYpEd.exe
  2⤵
  PID:4676
- C:\Windows\System\rSfJXDV.exe
  C:\Windows\System\rSfJXDV.exe
  2⤵
  PID:2956
- C:\Windows\System\PIgJvXF.exe
  C:\Windows\System\PIgJvXF.exe
  2⤵
  PID:7388
- C:\Windows\System\IpFdrtl.exe
  C:\Windows\System\IpFdrtl.exe
  2⤵
  PID:7840
- C:\Windows\System\VGYINPS.exe
  C:\Windows\System\VGYINPS.exe
  2⤵
  PID:2044
- C:\Windows\System\nDPAwxb.exe
  C:\Windows\System\nDPAwxb.exe
  2⤵
  PID:7804
- C:\Windows\System\fMANBtS.exe
  C:\Windows\System\fMANBtS.exe
  2⤵
  PID:2748
- C:\Windows\System\uMLvwff.exe
  C:\Windows\System\uMLvwff.exe
  2⤵
  PID:3024
- C:\Windows\System\oNLwcus.exe
  C:\Windows\System\oNLwcus.exe
  2⤵
  PID:8100
- C:\Windows\System\kuPmPul.exe
  C:\Windows\System\kuPmPul.exe
  2⤵
  PID:7360
- C:\Windows\System\XoVEXMQ.exe
  C:\Windows\System\XoVEXMQ.exe
  2⤵
  PID:2464
- C:\Windows\System\NvuXVga.exe
  C:\Windows\System\NvuXVga.exe
  2⤵
  PID:1040
- C:\Windows\System\byVmwwr.exe
  C:\Windows\System\byVmwwr.exe
  2⤵
  PID:1664
- C:\Windows\System\xprGXpj.exe
  C:\Windows\System\xprGXpj.exe
  2⤵
  PID:7524
- C:\Windows\System\MJNrZEL.exe
  C:\Windows\System\MJNrZEL.exe
  2⤵
  PID:2864
- C:\Windows\System\nNGIpYb.exe
  C:\Windows\System\nNGIpYb.exe
  2⤵
  PID:832
- C:\Windows\System\FqyCfOU.exe
  C:\Windows\System\FqyCfOU.exe
  2⤵
  PID:3016
- C:\Windows\System\IgKPujX.exe
  C:\Windows\System\IgKPujX.exe
  2⤵
  PID:7664
- C:\Windows\System\OdZXwuX.exe
  C:\Windows\System\OdZXwuX.exe
  2⤵
  PID:7624
- C:\Windows\System\XeAqFDq.exe
  C:\Windows\System\XeAqFDq.exe
  2⤵
  PID:2932
- C:\Windows\System\NnSAVjz.exe
  C:\Windows\System\NnSAVjz.exe
  2⤵
  PID:7252
- C:\Windows\System\SfkfqEC.exe
  C:\Windows\System\SfkfqEC.exe
  2⤵
  PID:7660
- C:\Windows\System\BnqhunI.exe
  C:\Windows\System\BnqhunI.exe
  2⤵
  PID:2692
- C:\Windows\System\icyDskV.exe
  C:\Windows\System\icyDskV.exe
  2⤵
  PID:7380
- C:\Windows\System\ZHxQJEh.exe
  C:\Windows\System\ZHxQJEh.exe
  2⤵
  PID:2760
- C:\Windows\System\pexlMBy.exe
  C:\Windows\System\pexlMBy.exe
  2⤵
  PID:292
- C:\Windows\System\REcBSeH.exe
  C:\Windows\System\REcBSeH.exe
  2⤵
  PID:1236
- C:\Windows\System\oGBmVHu.exe
  C:\Windows\System\oGBmVHu.exe
  2⤵
  PID:7340
- C:\Windows\System\cIxihaJ.exe
  C:\Windows\System\cIxihaJ.exe
  2⤵
  PID:8200
- C:\Windows\System\PSYOLor.exe
  C:\Windows\System\PSYOLor.exe
  2⤵
  PID:8228
- C:\Windows\System\ZUGUcgt.exe
  C:\Windows\System\ZUGUcgt.exe
  2⤵
  PID:8244
- C:\Windows\System\HTnIfhR.exe
  C:\Windows\System\HTnIfhR.exe
  2⤵
  PID:8260
- C:\Windows\System\LqrKWdX.exe
  C:\Windows\System\LqrKWdX.exe
  2⤵
  PID:8276
- C:\Windows\System\EitRmae.exe
  C:\Windows\System\EitRmae.exe
  2⤵
  PID:8296
- C:\Windows\System\GWJQSzL.exe
  C:\Windows\System\GWJQSzL.exe
  2⤵
  PID:8312
- C:\Windows\System\lDAVQjS.exe
  C:\Windows\System\lDAVQjS.exe
  2⤵
  PID:8328
- C:\Windows\System\pBuQxTL.exe
  C:\Windows\System\pBuQxTL.exe
  2⤵
  PID:8344
- C:\Windows\System\tMgoGnG.exe
  C:\Windows\System\tMgoGnG.exe
  2⤵
  PID:8364
- C:\Windows\System\DqcWKWo.exe
  C:\Windows\System\DqcWKWo.exe
  2⤵
  PID:8380
- C:\Windows\System\wlTauUb.exe
  C:\Windows\System\wlTauUb.exe
  2⤵
  PID:8400
- C:\Windows\System\oeXRqKV.exe
  C:\Windows\System\oeXRqKV.exe
  2⤵
  PID:8424
- C:\Windows\System\HNzsLsN.exe
  C:\Windows\System\HNzsLsN.exe
  2⤵
  PID:8456
- C:\Windows\System\HKTphBW.exe
  C:\Windows\System\HKTphBW.exe
  2⤵
  PID:8472
- C:\Windows\System\eMGNvKA.exe
  C:\Windows\System\eMGNvKA.exe
  2⤵
  PID:8488
- C:\Windows\System\UNpEIdv.exe
  C:\Windows\System\UNpEIdv.exe
  2⤵
  PID:8504
- C:\Windows\System\UZtxWSO.exe
  C:\Windows\System\UZtxWSO.exe
  2⤵
  PID:8520
- C:\Windows\System\VoWsfpf.exe
  C:\Windows\System\VoWsfpf.exe
  2⤵
  PID:8588
- C:\Windows\System\ZfJdRHD.exe
  C:\Windows\System\ZfJdRHD.exe
  2⤵
  PID:8616
- C:\Windows\System\qYyzJqN.exe
  C:\Windows\System\qYyzJqN.exe
  2⤵
  PID:8632
- C:\Windows\System\lIyCmLS.exe
  C:\Windows\System\lIyCmLS.exe
  2⤵
  PID:8648
- C:\Windows\System\vHaVYbB.exe
  C:\Windows\System\vHaVYbB.exe
  2⤵
  PID:8664
- C:\Windows\System\KSMltov.exe
  C:\Windows\System\KSMltov.exe
  2⤵
  PID:8680
- C:\Windows\System\EhleDss.exe
  C:\Windows\System\EhleDss.exe
  2⤵
  PID:8696
- C:\Windows\System\tUfaTQy.exe
  C:\Windows\System\tUfaTQy.exe
  2⤵
  PID:8712
- C:\Windows\System\sBLuYeo.exe
  C:\Windows\System\sBLuYeo.exe
  2⤵
  PID:8728
- C:\Windows\System\VgUfuhQ.exe
  C:\Windows\System\VgUfuhQ.exe
  2⤵
  PID:8744
- C:\Windows\System\WuGcEHv.exe
  C:\Windows\System\WuGcEHv.exe
  2⤵
  PID:8760
- C:\Windows\System\hxMyuLZ.exe
  C:\Windows\System\hxMyuLZ.exe
  2⤵
  PID:8776
- C:\Windows\System\RhHgCjC.exe
  C:\Windows\System\RhHgCjC.exe
  2⤵
  PID:8792
- C:\Windows\System\PYPmYYd.exe
  C:\Windows\System\PYPmYYd.exe
  2⤵
  PID:8812
- C:\Windows\System\iKCNLzv.exe
  C:\Windows\System\iKCNLzv.exe
  2⤵
  PID:8828
- C:\Windows\System\qtwxxRK.exe
  C:\Windows\System\qtwxxRK.exe
  2⤵
  PID:8844
- C:\Windows\System\BYYXKrS.exe
  C:\Windows\System\BYYXKrS.exe
  2⤵
  PID:8860
- C:\Windows\System\qNqfRpa.exe
  C:\Windows\System\qNqfRpa.exe
  2⤵
  PID:8876
- C:\Windows\System\EvmGvJP.exe
  C:\Windows\System\EvmGvJP.exe
  2⤵
  PID:8892
- C:\Windows\System\eUNGfaO.exe
  C:\Windows\System\eUNGfaO.exe
  2⤵
  PID:8912
- C:\Windows\System\hjwnqVc.exe
  C:\Windows\System\hjwnqVc.exe
  2⤵
  PID:8932
- C:\Windows\System\brFXBRx.exe
  C:\Windows\System\brFXBRx.exe
  2⤵
  PID:8948
- C:\Windows\System\tbPcOSa.exe
  C:\Windows\System\tbPcOSa.exe
  2⤵
  PID:8964
- C:\Windows\System\pFPkibM.exe
  C:\Windows\System\pFPkibM.exe
  2⤵
  PID:8980
- C:\Windows\System\TPhBNst.exe
  C:\Windows\System\TPhBNst.exe
  2⤵
  PID:8996
- C:\Windows\System\eNpJZWk.exe
  C:\Windows\System\eNpJZWk.exe
  2⤵
  PID:9012
- C:\Windows\System\IEJlKCB.exe
  C:\Windows\System\IEJlKCB.exe
  2⤵
  PID:9028
- C:\Windows\System\aCQPzMG.exe
  C:\Windows\System\aCQPzMG.exe
  2⤵
  PID:9044
- C:\Windows\System\qGuhmmc.exe
  C:\Windows\System\qGuhmmc.exe
  2⤵
  PID:9060
- C:\Windows\System\snOgoWq.exe
  C:\Windows\System\snOgoWq.exe
  2⤵
  PID:9076
- C:\Windows\System\UusVizo.exe
  C:\Windows\System\UusVizo.exe
  2⤵
  PID:9092
- C:\Windows\System\PJdIWSW.exe
  C:\Windows\System\PJdIWSW.exe
  2⤵
  PID:9108
- C:\Windows\System\ZczLohI.exe
  C:\Windows\System\ZczLohI.exe
  2⤵
  PID:9124
- C:\Windows\System\ReBnaVe.exe
  C:\Windows\System\ReBnaVe.exe
  2⤵
  PID:9140
- C:\Windows\System\gxEaCwh.exe
  C:\Windows\System\gxEaCwh.exe
  2⤵
  PID:9160
- C:\Windows\System\XgCGFNC.exe
  C:\Windows\System\XgCGFNC.exe
  2⤵
  PID:9176
- C:\Windows\System\bzSAfxr.exe
  C:\Windows\System\bzSAfxr.exe
  2⤵
  PID:9192
- C:\Windows\System\EzHbhAt.exe
  C:\Windows\System\EzHbhAt.exe
  2⤵
  PID:9208
- C:\Windows\System\SxwyJaf.exe
  C:\Windows\System\SxwyJaf.exe
  2⤵
  PID:2368
- C:\Windows\System\QROXdgc.exe
  C:\Windows\System\QROXdgc.exe
  2⤵
  PID:2236
- C:\Windows\System\tbkbiSc.exe
  C:\Windows\System\tbkbiSc.exe
  2⤵
  PID:8272
- C:\Windows\System\jZWKuGq.exe
  C:\Windows\System\jZWKuGq.exe
  2⤵
  PID:8340
- C:\Windows\System\HtGNWCO.exe
  C:\Windows\System\HtGNWCO.exe
  2⤵
  PID:8412
- C:\Windows\System\RLmGbKb.exe
  C:\Windows\System\RLmGbKb.exe
  2⤵
  PID:7540
- C:\Windows\System\jTtLgUL.exe
  C:\Windows\System\jTtLgUL.exe
  2⤵
  PID:8352
- C:\Windows\System\eOBLPMi.exe
  C:\Windows\System\eOBLPMi.exe
  2⤵
  PID:8212
- C:\Windows\System\xiEkaCH.exe
  C:\Windows\System\xiEkaCH.exe
  2⤵
  PID:8256
- C:\Windows\System\TBbPuGi.exe
  C:\Windows\System\TBbPuGi.exe
  2⤵
  PID:8320
- C:\Windows\System\hEhUzkX.exe
  C:\Windows\System\hEhUzkX.exe
  2⤵
  PID:8392
- C:\Windows\System\ItCpCKr.exe
  C:\Windows\System\ItCpCKr.exe
  2⤵
  PID:8444
- C:\Windows\System\YNpexhM.exe
  C:\Windows\System\YNpexhM.exe
  2⤵
  PID:8536
- C:\Windows\System\MxvWsqZ.exe
  C:\Windows\System\MxvWsqZ.exe
  2⤵
  PID:8564
- C:\Windows\System\woEOrtO.exe
  C:\Windows\System\woEOrtO.exe
  2⤵
  PID:8604
- C:\Windows\System\GqIzkby.exe
  C:\Windows\System\GqIzkby.exe
  2⤵
  PID:8660
- C:\Windows\System\KzOhZMt.exe
  C:\Windows\System\KzOhZMt.exe
  2⤵
  PID:8752
- C:\Windows\System\SrFCUzI.exe
  C:\Windows\System\SrFCUzI.exe
  2⤵
  PID:8824
- C:\Windows\System\UJtPdXo.exe
  C:\Windows\System\UJtPdXo.exe
  2⤵
  PID:8888
- C:\Windows\System\woEkwbs.exe
  C:\Windows\System\woEkwbs.exe
  2⤵
  PID:8960
- C:\Windows\System\pcxfHXv.exe
  C:\Windows\System\pcxfHXv.exe
  2⤵
  PID:9024
- C:\Windows\System\YcqwLxw.exe
  C:\Windows\System\YcqwLxw.exe
  2⤵
  PID:8704
- C:\Windows\System\VYdUDVz.exe
  C:\Windows\System\VYdUDVz.exe
  2⤵
  PID:9036
- C:\Windows\System\EhQJrHH.exe
  C:\Windows\System\EhQJrHH.exe
  2⤵
  PID:8708
- C:\Windows\System\WIyDCEg.exe
  C:\Windows\System\WIyDCEg.exe
  2⤵
  PID:8808
- C:\Windows\System\aYOvLEA.exe
  C:\Windows\System\aYOvLEA.exe
  2⤵
  PID:8872
- C:\Windows\System\mGCiixn.exe
  C:\Windows\System\mGCiixn.exe
  2⤵
  PID:8908
- C:\Windows\System\uhFKlWr.exe
  C:\Windows\System\uhFKlWr.exe
  2⤵
  PID:8976
- C:\Windows\System\sFlRNLQ.exe
  C:\Windows\System\sFlRNLQ.exe
  2⤵
  PID:9072
- C:\Windows\System\FwthjGO.exe
  C:\Windows\System\FwthjGO.exe
  2⤵
  PID:9188
- C:\Windows\System\cwGdcSx.exe
  C:\Windows\System\cwGdcSx.exe
  2⤵
  PID:7172
- C:\Windows\System\EAqCgXT.exe
  C:\Windows\System\EAqCgXT.exe
  2⤵
  PID:9204
- C:\Windows\System\QYXlWNW.exe
  C:\Windows\System\QYXlWNW.exe
  2⤵
  PID:8572
- C:\Windows\System\GfVXVaT.exe
  C:\Windows\System\GfVXVaT.exe
  2⤵
  PID:7568
- C:\Windows\System\llhYLOx.exe
  C:\Windows\System\llhYLOx.exe
  2⤵
  PID:8240
- C:\Windows\System\DgTehLs.exe
  C:\Windows\System\DgTehLs.exe
  2⤵
  PID:8236
- C:\Windows\System\iQnFTyk.exe
  C:\Windows\System\iQnFTyk.exe
  2⤵
  PID:8468
- C:\Windows\System\oEbSBmo.exe
  C:\Windows\System\oEbSBmo.exe
  2⤵
  PID:8288
- C:\Windows\System\NJtYojA.exe
  C:\Windows\System\NJtYojA.exe
  2⤵
  PID:8252
- C:\Windows\System\ExsKjkk.exe
  C:\Windows\System\ExsKjkk.exe
  2⤵
  PID:8600
- C:\Windows\System\DnYaWbZ.exe
  C:\Windows\System\DnYaWbZ.exe
  2⤵
  PID:8624
- C:\Windows\System\TuFqSju.exe
  C:\Windows\System\TuFqSju.exe
  2⤵
  PID:8720
- C:\Windows\System\oyVthqe.exe
  C:\Windows\System\oyVthqe.exe
  2⤵
  PID:8884
- C:\Windows\System\BgquoUa.exe
  C:\Windows\System\BgquoUa.exe
  2⤵
  PID:8676
- C:\Windows\System\FXJEiMS.exe
  C:\Windows\System\FXJEiMS.exe
  2⤵
  PID:8612
- C:\Windows\System\wnTFWDq.exe
  C:\Windows\System\wnTFWDq.exe
  2⤵
  PID:8928
- C:\Windows\System\LIuwsrP.exe
  C:\Windows\System\LIuwsrP.exe
  2⤵
  PID:8804
- C:\Windows\System\dakxPLC.exe
  C:\Windows\System\dakxPLC.exe
  2⤵
  PID:9068
- C:\Windows\System\drjruxm.exe
  C:\Windows\System\drjruxm.exe
  2⤵
  PID:7404
- C:\Windows\System\PJpwXlo.exe
  C:\Windows\System\PJpwXlo.exe
  2⤵
  PID:2976
- C:\Windows\System\GyybRWq.exe
  C:\Windows\System\GyybRWq.exe
  2⤵
  PID:2500
- C:\Windows\System\TjhOkyF.exe
  C:\Windows\System\TjhOkyF.exe
  2⤵
  PID:9168
- C:\Windows\System\HyXnNlf.exe
  C:\Windows\System\HyXnNlf.exe
  2⤵
  PID:8360
- C:\Windows\System\mPtyrUg.exe
  C:\Windows\System\mPtyrUg.exe
  2⤵
  PID:8692
- C:\Windows\System\maUZooM.exe
  C:\Windows\System\maUZooM.exe
  2⤵
  PID:8672
- C:\Windows\System\mDJWkKc.exe
  C:\Windows\System\mDJWkKc.exe
  2⤵
  PID:9148
- C:\Windows\System\mzQWeOM.exe
  C:\Windows\System\mzQWeOM.exe
  2⤵
  PID:8956
- C:\Windows\System\dDByRLg.exe
  C:\Windows\System\dDByRLg.exe
  2⤵
  PID:8784
- C:\Windows\System\VICfYlL.exe
  C:\Windows\System\VICfYlL.exe
  2⤵
  PID:8840
- C:\Windows\System\sZKtCug.exe
  C:\Windows\System\sZKtCug.exe
  2⤵
  PID:8196
- C:\Windows\System\yklWSUn.exe
  C:\Windows\System\yklWSUn.exe
  2⤵
  PID:9136
- C:\Windows\System\RUNNZSz.exe
  C:\Windows\System\RUNNZSz.exe
  2⤵
  PID:8416
- C:\Windows\System\QLZEwgr.exe
  C:\Windows\System\QLZEwgr.exe
  2⤵
  PID:8216
- C:\Windows\System\wQNFlIq.exe
  C:\Windows\System\wQNFlIq.exe
  2⤵
  PID:8580
- C:\Windows\System\tyDrwdX.exe
  C:\Windows\System\tyDrwdX.exe
  2⤵
  PID:8596
- C:\Windows\System\zspKqdu.exe
  C:\Windows\System\zspKqdu.exe
  2⤵
  PID:8568
- C:\Windows\System\AvSinwy.exe
  C:\Windows\System\AvSinwy.exe
  2⤵
  PID:7480
- C:\Windows\System\tsMoPAZ.exe
  C:\Windows\System\tsMoPAZ.exe
  2⤵
  PID:9020
- C:\Windows\System\jTHuXVc.exe
  C:\Windows\System\jTHuXVc.exe
  2⤵
  PID:7700
- C:\Windows\System\obvtSAy.exe
  C:\Windows\System\obvtSAy.exe
  2⤵
  PID:8528
- C:\Windows\System\NALZROn.exe
  C:\Windows\System\NALZROn.exe
  2⤵
  PID:8820
- C:\Windows\System\aSIaqTw.exe
  C:\Windows\System\aSIaqTw.exe
  2⤵
  PID:8656
- C:\Windows\System\CbRwyKY.exe
  C:\Windows\System\CbRwyKY.exe
  2⤵
  PID:9220
- C:\Windows\System\JefXwsR.exe
  C:\Windows\System\JefXwsR.exe
  2⤵
  PID:9236
- C:\Windows\System\kTvdeum.exe
  C:\Windows\System\kTvdeum.exe
  2⤵
  PID:9252
- C:\Windows\System\lSyFVPC.exe
  C:\Windows\System\lSyFVPC.exe
  2⤵
  PID:9268
- C:\Windows\System\pHmvQDG.exe
  C:\Windows\System\pHmvQDG.exe
  2⤵
  PID:9284
- C:\Windows\System\AXdReNN.exe
  C:\Windows\System\AXdReNN.exe
  2⤵
  PID:9300
- C:\Windows\System\eoZKWfJ.exe
  C:\Windows\System\eoZKWfJ.exe
  2⤵
  PID:9316
- C:\Windows\System\xQnugWI.exe
  C:\Windows\System\xQnugWI.exe
  2⤵
  PID:9336
- C:\Windows\System\JjrKhBK.exe
  C:\Windows\System\JjrKhBK.exe
  2⤵
  PID:9352
- C:\Windows\System\PUTycvm.exe
  C:\Windows\System\PUTycvm.exe
  2⤵
  PID:9368
- C:\Windows\System\QUFxjyd.exe
  C:\Windows\System\QUFxjyd.exe
  2⤵
  PID:9384
- C:\Windows\System\CZbQgCh.exe
  C:\Windows\System\CZbQgCh.exe
  2⤵
  PID:9400
- C:\Windows\System\ynnVlPW.exe
  C:\Windows\System\ynnVlPW.exe
  2⤵
  PID:9416
- C:\Windows\System\HnxNnYJ.exe
  C:\Windows\System\HnxNnYJ.exe
  2⤵
  PID:9432
- C:\Windows\System\LdcJRFF.exe
  C:\Windows\System\LdcJRFF.exe
  2⤵
  PID:9448
- C:\Windows\System\tvdmYrw.exe
  C:\Windows\System\tvdmYrw.exe
  2⤵
  PID:9464
- C:\Windows\System\cFWYYjg.exe
  C:\Windows\System\cFWYYjg.exe
  2⤵
  PID:9484
- C:\Windows\System\oWZgvxC.exe
  C:\Windows\System\oWZgvxC.exe
  2⤵
  PID:9500
- C:\Windows\System\NoGJPYk.exe
  C:\Windows\System\NoGJPYk.exe
  2⤵
  PID:9528
- C:\Windows\System\EhCJYGb.exe
  C:\Windows\System\EhCJYGb.exe
  2⤵
  PID:9552
- C:\Windows\System\hmwoNWx.exe
  C:\Windows\System\hmwoNWx.exe
  2⤵
  PID:9596
- C:\Windows\System\EswtSAQ.exe
  C:\Windows\System\EswtSAQ.exe
  2⤵
  PID:9616
- C:\Windows\System\SrTdXWd.exe
  C:\Windows\System\SrTdXWd.exe
  2⤵
  PID:9632
- C:\Windows\System\JpohqPZ.exe
  C:\Windows\System\JpohqPZ.exe
  2⤵
  PID:9652
- C:\Windows\System\caAwlSw.exe
  C:\Windows\System\caAwlSw.exe
  2⤵
  PID:9668
- C:\Windows\System\rMFgSsi.exe
  C:\Windows\System\rMFgSsi.exe
  2⤵
  PID:9684
- C:\Windows\System\FdyYaoA.exe
  C:\Windows\System\FdyYaoA.exe
  2⤵
  PID:9700
- C:\Windows\System\ZhIbLhr.exe
  C:\Windows\System\ZhIbLhr.exe
  2⤵
  PID:9716
- C:\Windows\System\shjvWjr.exe
  C:\Windows\System\shjvWjr.exe
  2⤵
  PID:9732
- C:\Windows\System\eGdLdYi.exe
  C:\Windows\System\eGdLdYi.exe
  2⤵
  PID:9748
- C:\Windows\System\BjLPnHh.exe
  C:\Windows\System\BjLPnHh.exe
  2⤵
  PID:9764
- C:\Windows\System\oHRLGeJ.exe
  C:\Windows\System\oHRLGeJ.exe
  2⤵
  PID:9780
- C:\Windows\System\wqsyfHy.exe
  C:\Windows\System\wqsyfHy.exe
  2⤵
  PID:9796
- C:\Windows\System\hCAdBWh.exe
  C:\Windows\System\hCAdBWh.exe
  2⤵
  PID:9812
- C:\Windows\System\WsBYALs.exe
  C:\Windows\System\WsBYALs.exe
  2⤵
  PID:9828
- C:\Windows\System\cSnUNAy.exe
  C:\Windows\System\cSnUNAy.exe
  2⤵
  PID:9844
- C:\Windows\System\wEjLhOI.exe
  C:\Windows\System\wEjLhOI.exe
  2⤵
  PID:9860
- C:\Windows\System\MWBsvOv.exe
  C:\Windows\System\MWBsvOv.exe
  2⤵
  PID:9876
- C:\Windows\System\Kkuhodx.exe
  C:\Windows\System\Kkuhodx.exe
  2⤵
  PID:9892
- C:\Windows\System\aYndSix.exe
  C:\Windows\System\aYndSix.exe
  2⤵
  PID:9908
- C:\Windows\System\CMhZdRl.exe
  C:\Windows\System\CMhZdRl.exe
  2⤵
  PID:9928
- C:\Windows\System\TUAymIk.exe
  C:\Windows\System\TUAymIk.exe
  2⤵
  PID:9944
- C:\Windows\System\vxuZDmg.exe
  C:\Windows\System\vxuZDmg.exe
  2⤵
  PID:9964
- C:\Windows\System\IPSGBNi.exe
  C:\Windows\System\IPSGBNi.exe
  2⤵
  PID:9980
- C:\Windows\System\ldFWRlX.exe
  C:\Windows\System\ldFWRlX.exe
  2⤵
  PID:10120
- C:\Windows\System\IzVRgzI.exe
  C:\Windows\System\IzVRgzI.exe
  2⤵
  PID:10136
- C:\Windows\System\TvooVWj.exe
  C:\Windows\System\TvooVWj.exe
  2⤵
  PID:10156
- C:\Windows\System\yCkpNYj.exe
  C:\Windows\System\yCkpNYj.exe
  2⤵
  PID:9276
- C:\Windows\System\JbqzFBM.exe
  C:\Windows\System\JbqzFBM.exe
  2⤵
  PID:9260
- C:\Windows\System\sIaeiNi.exe
  C:\Windows\System\sIaeiNi.exe
  2⤵
  PID:9360
- C:\Windows\System\wsQptLn.exe
  C:\Windows\System\wsQptLn.exe
  2⤵
  PID:9428
- C:\Windows\System\wOUGwsu.exe
  C:\Windows\System\wOUGwsu.exe
  2⤵
  PID:9496
- C:\Windows\System\yvxgmiC.exe
  C:\Windows\System\yvxgmiC.exe
  2⤵
  PID:9568
- C:\Windows\System\pwTqxJJ.exe
  C:\Windows\System\pwTqxJJ.exe
  2⤵
  PID:9608
- C:\Windows\System\iElvwfL.exe
  C:\Windows\System\iElvwfL.exe
  2⤵
  PID:9660
- C:\Windows\System\OiTASRo.exe
  C:\Windows\System\OiTASRo.exe
  2⤵
  PID:9724
- C:\Windows\System\rdojBZG.exe
  C:\Windows\System\rdojBZG.exe
  2⤵
  PID:9872
- C:\Windows\System\vmacKpY.exe
  C:\Windows\System\vmacKpY.exe
  2⤵
  PID:9952
- C:\Windows\System\ZPXCYbK.exe
  C:\Windows\System\ZPXCYbK.exe
  2⤵
  PID:9976
- C:\Windows\System\DFchyDV.exe
  C:\Windows\System\DFchyDV.exe
  2⤵
  PID:10044
- C:\Windows\System\OQnZNLD.exe
  C:\Windows\System\OQnZNLD.exe
  2⤵
  PID:10064
- C:\Windows\System\JoDUaBu.exe
  C:\Windows\System\JoDUaBu.exe
  2⤵
  PID:10020
- C:\Windows\System\vnSCYoq.exe
  C:\Windows\System\vnSCYoq.exe
  2⤵
  PID:10076
- C:\Windows\System\FmfZCYk.exe
  C:\Windows\System\FmfZCYk.exe
  2⤵
  PID:10056
- C:\Windows\System\PxkgwmF.exe
  C:\Windows\System\PxkgwmF.exe
  2⤵
  PID:10080
- C:\Windows\System\LlBeVDE.exe
  C:\Windows\System\LlBeVDE.exe
  2⤵
  PID:10116
- C:\Windows\System\lXhTZyC.exe
  C:\Windows\System\lXhTZyC.exe
  2⤵
  PID:10100
- C:\Windows\System\vRwhSRf.exe
  C:\Windows\System\vRwhSRf.exe
  2⤵
  PID:10148
- C:\Windows\System\PWmFXYa.exe
  C:\Windows\System\PWmFXYa.exe
  2⤵
  PID:10176
- C:\Windows\System\CyvpVtn.exe
  C:\Windows\System\CyvpVtn.exe
  2⤵
  PID:9308
- C:\Windows\System\liwuXpY.exe
  C:\Windows\System\liwuXpY.exe
  2⤵
  PID:10208
- C:\Windows\System\jLWPhfE.exe
  C:\Windows\System\jLWPhfE.exe
  2⤵
  PID:10228
- C:\Windows\System\UhVOXTs.exe
  C:\Windows\System\UhVOXTs.exe
  2⤵
  PID:9248
- C:\Windows\System\oInuHbA.exe
  C:\Windows\System\oInuHbA.exe
  2⤵
  PID:9376
- C:\Windows\System\rgNcbvA.exe
  C:\Windows\System\rgNcbvA.exe
  2⤵
  PID:9540
- C:\Windows\System\fFHMzih.exe
  C:\Windows\System\fFHMzih.exe
  2⤵
  PID:9296
- C:\Windows\System\ldUZrwf.exe
  C:\Windows\System\ldUZrwf.exe
  2⤵
  PID:9512
- C:\Windows\System\ZNLCENw.exe
  C:\Windows\System\ZNLCENw.exe
  2⤵
  PID:9580
- C:\Windows\System\ecNOoBK.exe
  C:\Windows\System\ecNOoBK.exe
  2⤵
  PID:9924
- C:\Windows\System\IZaMxwi.exe
  C:\Windows\System\IZaMxwi.exe
  2⤵
  PID:9824
- C:\Windows\System\zTvpoSQ.exe
  C:\Windows\System\zTvpoSQ.exe
  2⤵
  PID:9760
- C:\Windows\System\jVVYVjg.exe
  C:\Windows\System\jVVYVjg.exe
  2⤵
  PID:9804
- C:\Windows\System\fxiyPlP.exe
  C:\Windows\System\fxiyPlP.exe
  2⤵
  PID:9884
- C:\Windows\System\KANoCNH.exe
  C:\Windows\System\KANoCNH.exe
  2⤵
  PID:9868
- C:\Windows\System\BvOYuvH.exe
  C:\Windows\System\BvOYuvH.exe
  2⤵
  PID:10012
- C:\Windows\System\xkrHRIH.exe
  C:\Windows\System\xkrHRIH.exe
  2⤵
  PID:9920
- C:\Windows\System\MseztZk.exe
  C:\Windows\System\MseztZk.exe
  2⤵
  PID:10104
- C:\Windows\System\tHWwqtw.exe
  C:\Windows\System\tHWwqtw.exe
  2⤵
  PID:10220
- C:\Windows\System\uiOhtAN.exe
  C:\Windows\System\uiOhtAN.exe
  2⤵
  PID:9228
- C:\Windows\System\VHHjuLu.exe
  C:\Windows\System\VHHjuLu.exe
  2⤵
  PID:9548
- C:\Windows\System\IFHUZcU.exe
  C:\Windows\System\IFHUZcU.exe
  2⤵
  PID:9344
- C:\Windows\System\ghLkMkH.exe
  C:\Windows\System\ghLkMkH.exe
  2⤵
  PID:9604
- C:\Windows\System\QTbaHyc.exe
  C:\Windows\System\QTbaHyc.exe
  2⤵
  PID:9676
- C:\Windows\System\SBwdVAt.exe
  C:\Windows\System\SBwdVAt.exe
  2⤵
  PID:9788
- C:\Windows\System\iQMpaXm.exe
  C:\Windows\System\iQMpaXm.exe
  2⤵
  PID:9972
- C:\Windows\System\KxWhyGM.exe
  C:\Windows\System\KxWhyGM.exe
  2⤵
  PID:9624
- C:\Windows\System\iPRRqfH.exe
  C:\Windows\System\iPRRqfH.exe
  2⤵
  PID:9792
- C:\Windows\System\vMxcLoE.exe
  C:\Windows\System\vMxcLoE.exe
  2⤵
  PID:9712
- C:\Windows\System\aaApAHT.exe
  C:\Windows\System\aaApAHT.exe
  2⤵
  PID:9744
- C:\Windows\System\lCdEyPB.exe
  C:\Windows\System\lCdEyPB.exe
  2⤵
  PID:10052
- C:\Windows\System\OVWkNxK.exe
  C:\Windows\System\OVWkNxK.exe
  2⤵
  PID:10072
- C:\Windows\System\bFWAkMZ.exe
  C:\Windows\System\bFWAkMZ.exe
  2⤵
  PID:10204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AUgPhgv.exe

Filesize
5.9MB

MD5
85ad594cd81bd88084fd422782019055

SHA1
325a3c811303a6def8b61351cc0aec0eee68562b

SHA256
0b20e75a1b23a61eec875b4e1260a6bcb1061a4fc8afcb37839a1a25cfa43a26

SHA512
1bf0b3e5466ff66318978209fe542cab824c45d60a710988ba5433230dc3ef25f6bc7076631e193b0fe341d53335a95ddee87f1b50904754a97af27b9941a5d2

Download Submit
C:\Windows\system\AqwqufH.exe

Filesize
5.9MB

MD5
f2d5fef18862dae34a4e668b45107453

SHA1
de7beae57f8776ef3a1bf47250146fb247e8415b

SHA256
fdfbd251027fbfa66f2589081455a3b9f536fcbd67da980fa60c15d81723fe34

SHA512
a575bf2bbb968a0a06dadf2830d9e492bd9ab20c69127c57bb6c7ae501db9f87c59281876feab5259d12384d4ef01d6cdd655126071e01b9da1f0bf019e9d725

Download Submit
C:\Windows\system\JbTNfBI.exe

Filesize
5.9MB

MD5
9c354f75d3fbe06038c82017f98e6b11

SHA1
bf0dfb13a272bc8a241dd5c81a489bd35bdefdeb

SHA256
8e96cbdd1458524c5082c087c5c0422bbbf7e32d00fda5a10ff06b95a5476550

SHA512
c8642b25bd871af1049145960d5674408ee9ff60a54c6ecb9825f9f3c8a8f0f32250e36f4317d26913f6b4cd57a908fbaad0c249faf112fae437f4110b3f83e3

Download Submit
C:\Windows\system\JoDqWVt.exe

Filesize
5.9MB

MD5
d6f679592beb9a046e7cfaeebda593e3

SHA1
5317db144ca3c856f2ecba40055897edcc2a41cf

SHA256
62e74434758d1bb40057898de712a9b943a0c91b67bd066daba79d94100de4a8

SHA512
b73f521f5c8513fe6988d70aa7d690077f0abe545b392cdb25bcd57d733b2346fe18828bd6eb96566287fb700126d2212ce3fcafa402f5455c1075fa705f8520

Download Submit
C:\Windows\system\KBYmZtA.exe

Filesize
5.9MB

MD5
f2cc9b1d57b6d30b6383826b51ea30a4

SHA1
b305e8b289102615daa816133ae5ceaf35ecdf77

SHA256
ebaf6beb3a39ee5c35f3923b7c5a178569003af182b5531fc7aa15086d37bce8

SHA512
6c03e81fcec5af1d963ea04b48abbf1d9e3ca336c367c5faaace9ff2c77768301d4c2496402837dd7df02f20eea257256c7e628ba17e234d03b0b52a1955f09e

Download Submit
C:\Windows\system\LFhItus.exe

Filesize
5.9MB

MD5
0ba2a5b860d5ddae35091789f78b6194

SHA1
311ab706c9653dd8c03344f9c0ab258cf10e7099

SHA256
60943f5444dc5a920d964019e9b5ae903e105d011cc3602ff83e09317cacc168

SHA512
ad9603382fdca1130019a3cd28d63dc97f038d3b2ae88b19b6d928de96f6c141502de2e8490188a19e70884c1c426f1e2a90bdb98256541e56d8c0b62db375a8

Download Submit
C:\Windows\system\NySbcfV.exe

Filesize
5.9MB

MD5
a2a469b380bf030877494f4048b64319

SHA1
c33ebb6de470cc507e9cf92afcc4f24ac4ae6df8

SHA256
926c5e170c84c593231cbcfd6962dd55e1f7721916517aa2bac360aa500af089

SHA512
bee91111891dd70806d18e0ccc8fb7e76178d7d38b38c5f2f55ead6f1e653851f5c7c7472590090c43e093604f767d184156f9ca48da3e753f9b4458354eca9b

Download Submit
C:\Windows\system\ReYCWtk.exe

Filesize
5.9MB

MD5
6b0a0c317ddb01846817d639964f6705

SHA1
16d31c88a5e74fb6b1550a4f69fdcc2cc06a9212

SHA256
3614d69511e09bf5420b2a7d7d971893b75f15e3626a1abdf0c89e9b61c96600

SHA512
cbe58687dbc27c1bb8f7c39a167138134088fc62a5172a1e9c9d80bf2b0e13f8f8e145b8d332500f011fd174429d782027e063a03924d5fa42ba17c76474d3ee

Download Submit
C:\Windows\system\RrvGikI.exe

Filesize
5.9MB

MD5
b524fbce548219b9d84a331c53cb360e

SHA1
e650817681a918959933233f3ced684c6000fc53

SHA256
63ef539f25f1d4d19330e9788265e0d2d8fb935cce7538f3352c571ca0235488

SHA512
a6a99cd897b6e02c9341431de8ebc4d688fe6b2f5db24a05823ee3f1a0468aa8358c2ffa51c6eb60aa20725325664c77acf565cf38b4315ce3a4bcd140f25b58

Download Submit
C:\Windows\system\RxTuCxe.exe

Filesize
5.9MB

MD5
d6fce493dc1ed28486d27ef4fff27a3e

SHA1
c320f60da24ec6db48216c5efe4b26c1340422bc

SHA256
f15433ce9f9bab3af2cd8e4a9c7e647f684c139c86dc4464394b534f7df75dfb

SHA512
7cef08a9e17d1cc9ef05e2652fe80b610580ea4cf1130a8aeda13a884320812765f120edbd73fe52cbf9007e7250ac42bc0de05461e9f7fb32d7ecb61f665d21

Download Submit
C:\Windows\system\TBuADef.exe

Filesize
5.9MB

MD5
200a18b80cd5b7f3fcdc30e57767e52c

SHA1
1a7dc25ca62271087ccd9efa09d45ca4f8adc5d4

SHA256
a831fe03a1b572b39351329f5848a4f8fb4e4b61730b1d2eee423a4316aa72ee

SHA512
6e8914be39a7d911444356ba6e96a0f5314274afb55b50d376479e6662472dfafbba38952d7c9702524cbd3f3daa008c71c35a6b093ce45730407f61f7b9dc65

Download Submit
C:\Windows\system\UINpPKC.exe

Filesize
5.9MB

MD5
d9ee03bd3d6e4d1714f175ad87914dba

SHA1
53751edf197b408ed7f270eb7d4442c4736637dc

SHA256
07ec4c107e1000dcbe6ea8f52a3b5444c84d2dbabe27cc1607adf5068f3a5055

SHA512
9b17367c4c2e2b0aaf8f5bd312633c7020c26e3a9bf8d1f03d865bfb1ae2bc201784a241de13dc63c813023862aeec9894dd57ac763b1714371689bbc06c3ed6

Download Submit
C:\Windows\system\VkohTyX.exe

Filesize
5.9MB

MD5
77229c9aff8dba1820bf3e53d18024cd

SHA1
7ebe093068d37720652f3e77af7425051eec8e13

SHA256
c04d4ae03685ec9d90287a9036911242ddde77d49174f92c232d59ed2716a6ca

SHA512
10c6fce2eeb79fdc7cf8f14dc2dda5ee6dd8767b9e066f900e0412ab8c0e6c19d97edb5b8b90c351396e35cf2f96b9e1b0bdf34b8313ce573ceb9c5d9aae7ff4

Download Submit
C:\Windows\system\WCqmcIr.exe

Filesize
5.9MB

MD5
79c92b64673c92bcb717e942bd6dfbe1

SHA1
7f5e32c8ba4200261bfa331a944dda8f181be450

SHA256
b0d3e9485a25f204a9059056a802f4ac6e7cdd6d23e605571f452204411ab1ca

SHA512
764b6e7b7e57a157c4c1b3924d5f8706e831f5643018b714c63bcc51824af22b6cb5bbaf060bd8052b6456664f31351d1f9c3cc2ff4948cfe02f08e5acce6f20

Download Submit
C:\Windows\system\WRRHOLx.exe

Filesize
5.9MB

MD5
708a238b92dc17153e64c5aff83ee8a9

SHA1
661a008d6dabc39ce2773212123dc2c3094bd017

SHA256
b3eba3383aab4e77eff61736412fa59c46bd9210671f026ae27cda5c3e2bc21a

SHA512
c652f3345b452612b7cd76b26a1fa10539992f4b4bbd3693466c5b7325642aa3a3f0345e3b2d0ade5ceeb437b8167c77917f6a1e48a7fbf71bfee78c142c47a6

Download Submit
C:\Windows\system\cXKDRta.exe

Filesize
5.9MB

MD5
93b94beecce63ac7ea7668e3df8db9a3

SHA1
7590e54e3f584516f1704860932f710576e69ec8

SHA256
0c3056c96dc3bf09ea22fabf1be3fc7f46975f751003849ff697dba08858d0c8

SHA512
e727afd1215596ff6105c96cd3a6c96e47a266d79f6ed53d888973020c9fd5152353689ef22077f4fd2b35c6c1037ce79d51134e1d3a24549854eb74e57e203f

Download Submit
C:\Windows\system\dPPeebD.exe

Filesize
5.9MB

MD5
602a35c9232b66bbf3889794e4300117

SHA1
49acd03550a817d0669aaa02cc3702605227b859

SHA256
c5ca8697f79c2a9365ad2b04471c662ccb3febad58bf5d3a8a0ca8f7a798c54e

SHA512
92500acdcb7d799c5ec0f9fbc842856f77700ec94c8e0c88aab197cd0d6c6ef6c852359a5297fd694b3afcb03afeff90edb34fea34525301991b3b2347cea4cc

Download Submit
C:\Windows\system\djpQBrx.exe

Filesize
5.9MB

MD5
ea5fa1d6f6af5ae89c79ba8b1e33f302

SHA1
cb91abc26c6e825db2470a91707d4a4ce86b6122

SHA256
425496bcc9fae5d70ef1c48a1309b1fbe0e08fbfa4b3423b2dcc974666a9163f

SHA512
2cc94796fce18b1c889357492b6f2b7ae5d4de2116d77a88832663ef1250276739aa7b224cf5dd8743b68d9fcfcb07d45f7da438755392ef4403dcb0b2012c41

Download Submit
C:\Windows\system\eOntdZw.exe

Filesize
5.9MB

MD5
3c1676b4b714941b89e2a72265662d7e

SHA1
439d315819ef63c3b954a331aee871c3f834003b

SHA256
4a78e873502141daf2d930a569d28f2ac32114134ee8e791a62415d0c681f967

SHA512
05b44780331ffa2872be32f2943b3d5c8872142ee6f4142ad11ce605f72c12bc8eac956e57bf5947879b322a20540d313c5278d2b913b131beb7c870a4e4e3bc

Download Submit
C:\Windows\system\jLJlsfH.exe

Filesize
5.9MB

MD5
975200863582429c3bdc1064fab6ab5d

SHA1
435fbe6433305f3861b07d9178f6625146a0e978

SHA256
a971ff2032e370db24869c3354196c694936f5956706aa8793dfbef83e8f59e5

SHA512
06ed186480c4e4eee542ff146fe164a9725373a4f7da56dff14065ea265ac12436796ff28104c2972e7f3a4b0a772fbf48f58040be4bdf86f78680f2fbd400f5

Download Submit
C:\Windows\system\jOlJzxV.exe

Filesize
5.9MB

MD5
04222d6bc30c3057d28a8b6bf284e921

SHA1
12c62e63e2b7b9cd95098efd41479980ba2be569

SHA256
6c25974d1db162d5bf85aa753fb8cf3a3805af220a40e070a95adec7226977fa

SHA512
39bc120a256149c77bcacd6e660b9a66040e16470131101a55528fd66a97433f0e8b081d8cc0683f04b5de0bffd9db8307f824d40a7a4fb8137f728d0c9f17cf

Download Submit
C:\Windows\system\jSqUDpo.exe

Filesize
5.9MB

MD5
55becd577909b3150fe8e1158a79164f

SHA1
1c3a44db12b45b018ded4ca241490a16909f0b7f

SHA256
25b9c32df486fb1848df380b152ecfb2b2142d720fc536d0e605bb3368ffecf9

SHA512
8201b43847c80eef193f3ae328bfdbe2719b67cfc827b93697c1de87955593ee956b197b7537932298ff359151bd6cee7874b753fe7df645f9ba36f8684e2f75

Download Submit
C:\Windows\system\oEVAEXH.exe

Filesize
5.9MB

MD5
8bdb6f657f49a92caf0cd8a9af4f3a39

SHA1
ca41726f708a5213f2c9abb56d756fc346b7f3d7

SHA256
7c90611e31bb6fb8f8750e481f4e622da8e4f19438d4bbc347dde37c982a92e8

SHA512
3f717daa3a552ad03c4a58ea9bbda0bd3df354c3af4dd946bbd6aefaaf52db59f3fb61fd0378b7a3bb60efbd901c5a8b7864fce7646257e16da76362d0bb7cfb

Download Submit
C:\Windows\system\rHlTYnA.exe

Filesize
5.9MB

MD5
2553cae7d6842461eddb6be624ac68a3

SHA1
844a25e15c93c4bce0f2c855dae1111dbcf893df

SHA256
763c8548e3e1f743e7e2220a5667eb1f1ca0acf3c0ee75457f366d748f1c5c0c

SHA512
760ffcddfc8c28654b65ed4b6594c391fd1324e2fbb7a55f98c4869d143888dece15b544358c907259c3811ba931bc72d567cce8160205eafa73f5a5db87eb9c

Download Submit
C:\Windows\system\sFruNNb.exe

Filesize
5.9MB

MD5
45b9f3cb8cf0ce48991dbcb4ab529f83

SHA1
ef56f9f09ba1ac5291055964459509f58f3a1354

SHA256
bb876c489ac63ebf463b76a55e85354192fa3275251d7119287a36f785671e8d

SHA512
24485f8c57acbb67a7d586680da3b2beda7c64ab83b58847abb82e9788a69978a94ab3f874e6b64887fc56335a1478af427519af507d2b8c944ee576635da1f0

Download Submit
C:\Windows\system\uPgklob.exe

Filesize
5.9MB

MD5
64495022bf6c0296dde784fcda0ad403

SHA1
fb6388377900208f20af23776e631d5997a7abed

SHA256
216964e50ddb1c23b8852232b3fd76a24027bd1f6c7ce5a45b3f54346229208a

SHA512
f4881d12f4a966566293a6d8dad04bcf46a4b94cb1ad4f544eee558f4870a5b06fbcb81ee4ad257b0074fd529e90271f670990f66a7bd5bc90a7a5077f9e20e4

Download Submit
C:\Windows\system\vWrJzdD.exe

Filesize
5.9MB

MD5
7727ede4db198b414ca113d92eaf76b5

SHA1
5f5945eca405e1464c473471723a045abbba09c0

SHA256
2736a41e57b8c69555963af879a4896ffe4778759b4da4c5d76fe87282ed95cb

SHA512
e1778e6df00ce4a57ce6ce3308a72e1b3de80f18226cccb2527a46458c44dd53ecd076e7c1deca2f05efca9bc8b1dc4bd7ef85cc23d5b62a3d3b98e44633e83a

Download Submit
C:\Windows\system\wXNlNws.exe

Filesize
5.9MB

MD5
282394d49b498353d888bff4521d552f

SHA1
52aa4d79d443a94c4e887231ad84e81c5e5a6ea9

SHA256
2bdc00bbf418c493b91b8392d10d57894ad6312277113e5e8d2ee86bfcc5c37b

SHA512
487e9e6f4c1348c15cea12ac9b11ddae126873257818823b82c6c5885f2d6978f66e57f6dfb3a4c574d5213380d58a1bb1550df6986338a94ca29b1122424ec4

Download Submit
C:\Windows\system\xNszXgK.exe

Filesize
5.9MB

MD5
163ea210399d419584fc49ed630c5f47

SHA1
dbd769bb24151922e3c5d9a5af92b25213ca4301

SHA256
a67b8cc81fd7275ac81a1879a5c542661dc8e6e4d0af610c95595281dcade0ab

SHA512
ee16474b38197cafd001df64b8e6f1197adf303ae19adeacd46bd84db9e837d407ebd7e6e5b5178fc9a29d7ea9489257a5e48aca2206553ea4b2d7aa4a23a8d4

Download Submit
C:\Windows\system\xSMzveD.exe

Filesize
5.9MB

MD5
2ccb1ef6140b0c93ee3e0272be3c629c

SHA1
a85f712f203a70354d7de8afbff03a11126d939c

SHA256
3d2f92be506c60a1536a0ae7fa176ad1b24b4561cb60fb93df5e269b122c8c34

SHA512
27c9c4f897273d5c2dcb55bf04f4a44e7c18672637047c9a948677bc44d851510b49b7969a0852fb01e79e788ce4495aa39f2cda55b59dc5f07dd28dd0048406

Download Submit
C:\Windows\system\xhFjeLW.exe

Filesize
5.9MB

MD5
3829d15663ec4a2e8a1da039bb6d80f9

SHA1
d2ba4f988a5db99ddd193fb1583b95decdcdb481

SHA256
5c09cea0611d010619139bd0a31c9ea134643f2ab59dc0132fe8784ded8b77b2

SHA512
b62a5afd820c6a4306f00b6ef3cb90cfad17a4b420346b2428b4347a2a45d5e3db09af3a62e09574f2e693de263c48958e766caba5b96d89f2a08bca91d72cfc

Download Submit
\Windows\system\GvIvTPY.exe

Filesize
5.9MB

MD5
4dde1d38b5e6b276f7610fbbf32cbd39

SHA1
925a44b13b40b5f3b357bafbdd6b0f44f9f4c022

SHA256
91568a32caf3dee1ec54cec2888869d54e434839acda26183118ded70418a534

SHA512
d59e4640303c391ccb0f5ee04e51efe62f7e2157ec5486c42e68f0d5dd57eae61e37a17cd009bcbcb08863540609469f152f8d9264dc54f9af1d962ba5461dce

Download Submit
memory/2604-3094-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3313-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-0-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3036-3096-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/3036-8104-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download