cobaltstrike | 011f10f83e503439974abccf11ea6153cda98499eab08699964e7acbafeb4a6a

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

581ec46fa9d3b3723c602db966663fa8
SHA1

568909d97b8a7b13b8010ba7dab529fee29dde93
SHA256

011f10f83e503439974abccf11ea6153cda98499eab08699964e7acbafeb4a6a
SHA512

44921d2f3cac87aab0e4dbfdad9ca089aad22f661d79bf74bdb0ce105dd051fb0e75b1dc76e3d7ea294f77a977ef0bbde15a1067ebb190d6df067c8231e29c14
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756b-8.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-10.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000016fc9-24.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186b7-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b05-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-200.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-205.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-89.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2776-0-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012262-3.dat	xmrig
behavioral1/files/0x000900000001756b-8.dat	xmrig
behavioral1/memory/2924-13-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2812-16-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-10.dat	xmrig
behavioral1/files/0x000d000000016fc9-24.dat	xmrig
behavioral1/memory/2832-29-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2932-22-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186b7-31.dat	xmrig
behavioral1/files/0x00060000000186bb-41.dat	xmrig
behavioral1/memory/2924-43-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2776-36-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b05-54.dat	xmrig
behavioral1/memory/2644-60-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2932-59-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-73.dat	xmrig
behavioral1/memory/2004-75-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2380-90-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/1880-84-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/1196-108-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1672-109-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-107.dat	xmrig
behavioral1/files/0x0005000000019820-132.dat	xmrig
behavioral1/files/0x0005000000019bf6-146.dat	xmrig
behavioral1/files/0x0005000000019d61-162.dat	xmrig
behavioral1/files/0x0005000000019d6d-174.dat	xmrig
behavioral1/memory/2520-226-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/1196-1030-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2520-1033-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/1644-1034-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/1880-1032-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/1672-1035-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2004-1031-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2644-1029-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2380-1028-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2740-1027-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2668-1026-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2832-1025-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2932-1024-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2812-1023-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2924-1042-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2776-389-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/1672-317-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/1644-254-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x000500000001a049-200.dat	xmrig
behavioral1/files/0x000500000001a0b6-205.dat	xmrig
behavioral1/files/0x0005000000019fdd-190.dat	xmrig
behavioral1/files/0x000500000001a03c-195.dat	xmrig
behavioral1/files/0x0005000000019fd4-184.dat	xmrig
behavioral1/files/0x0005000000019e92-179.dat	xmrig
behavioral1/files/0x0005000000019d62-169.dat	xmrig
behavioral1/memory/1880-160-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3c-158.dat	xmrig
behavioral1/files/0x0005000000019bf9-153.dat	xmrig
behavioral1/files/0x0005000000019bf5-144.dat	xmrig
behavioral1/files/0x000500000001998d-137.dat	xmrig
behavioral1/files/0x00050000000197fd-127.dat	xmrig
behavioral1/files/0x0005000000019761-122.dat	xmrig
behavioral1/files/0x000500000001975a-117.dat	xmrig
behavioral1/memory/2004-114-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1644-100-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2644-99-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-98.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2924	cXEThYe.exe
2812	vgcYDiX.exe
2932	IGPafya.exe
2832	TavBOOC.exe
2668	ROJWTuR.exe
2740	AedaHuo.exe
2380	MLPWCac.exe
2644	mugbzog.exe
1196	zqdPpCy.exe
2004	WouyrXG.exe
1880	LrSKGsA.exe
2520	AYydmFx.exe
1644	WGajiuJ.exe
1672	ZRxiWgF.exe
3024	YzTMGzV.exe
1948	YMAmJug.exe
1928	WVSHhyq.exe
1136	nuqUGzh.exe
700	JEUAleS.exe
516	ifnIeoq.exe
2168	btTrLiN.exe
2388	mVuJjaf.exe
2360	OFYCFpk.exe
1648	olDjEwc.exe
2516	mcxqwtj.exe
2748	djhQdPR.exe
1576	qgHIkpu.exe
828	AVyXges.exe
1472	osXIHsh.exe
788	IktieEb.exe
2124	ZkdkuiC.exe
2552	cGwrpwq.exe
2040	LaKQbyD.exe
2044	sSKojQu.exe
736	WnpGpXX.exe
1548	fmIbLEl.exe
1736	MayFffb.exe
1816	aPnHNqq.exe
1588	HMRKzHA.exe
2324	wbPdQhL.exe
2316	OPvQgnF.exe
544	UymuIPM.exe
2664	BDWAjFb.exe
2304	hxjAimm.exe
2328	RilXZGt.exe
1072	JszBzrX.exe
1708	BdGvCGJ.exe
2856	PVSJKZC.exe
1536	ZveNhIY.exe
2308	uxtyjcl.exe
3052	uUMydiZ.exe
2864	rXyYrpz.exe
2804	aaOeVVV.exe
2684	BKwYfyK.exe
1888	LtOcfjD.exe
2072	OHsTqUQ.exe
3004	GDFbmhD.exe
2544	dNWbgDM.exe
3008	aHgKOkS.exe
2484	GgzDbLu.exe
2376	imihjre.exe
2988	TwfWAEB.exe
2368	SpWURZu.exe
2204	nzYKkZC.exe

Loads dropped DLL 64 IoCs

pid	Process
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2776-0-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x000b000000012262-3.dat	upx
behavioral1/memory/2776-6-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x000900000001756b-8.dat	upx
behavioral1/memory/2924-13-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2812-16-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0002000000018334-10.dat	upx
behavioral1/files/0x000d000000016fc9-24.dat	upx
behavioral1/memory/2832-29-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2932-22-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x00060000000186b7-31.dat	upx
behavioral1/files/0x00060000000186bb-41.dat	upx
behavioral1/memory/2924-43-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2776-36-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x0008000000018b05-54.dat	upx
behavioral1/memory/2644-60-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2932-59-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-73.dat	upx
behavioral1/memory/2004-75-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2380-90-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/1880-84-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/1196-108-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/1672-109-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0005000000019643-107.dat	upx
behavioral1/files/0x0005000000019820-132.dat	upx
behavioral1/files/0x0005000000019bf6-146.dat	upx
behavioral1/files/0x0005000000019d61-162.dat	upx
behavioral1/files/0x0005000000019d6d-174.dat	upx
behavioral1/memory/2520-226-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/1196-1030-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2520-1033-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/1644-1034-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/1880-1032-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/1672-1035-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2004-1031-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2644-1029-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2380-1028-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2740-1027-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2668-1026-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2832-1025-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2932-1024-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2812-1023-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2924-1042-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/1672-317-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1644-254-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x000500000001a049-200.dat	upx
behavioral1/files/0x000500000001a0b6-205.dat	upx
behavioral1/files/0x0005000000019fdd-190.dat	upx
behavioral1/files/0x000500000001a03c-195.dat	upx
behavioral1/files/0x0005000000019fd4-184.dat	upx
behavioral1/files/0x0005000000019e92-179.dat	upx
behavioral1/files/0x0005000000019d62-169.dat	upx
behavioral1/memory/1880-160-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0005000000019c3c-158.dat	upx
behavioral1/files/0x0005000000019bf9-153.dat	upx
behavioral1/files/0x0005000000019bf5-144.dat	upx
behavioral1/files/0x000500000001998d-137.dat	upx
behavioral1/files/0x00050000000197fd-127.dat	upx
behavioral1/files/0x0005000000019761-122.dat	upx
behavioral1/files/0x000500000001975a-117.dat	upx
behavioral1/memory/2004-114-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1644-100-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2644-99-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x000500000001960c-98.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XBIFssp.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPMGNfU.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmgQvdZ.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckRwRck.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOuJxNr.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfTnaAy.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbgOcpf.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKHvVoN.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClDpcxr.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEZHGco.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcJOPAm.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xehEfKL.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuCxnLd.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZRzpFD.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBJflSq.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAUMPXX.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTXmXpA.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVcrzJT.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohIiGga.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhxSBOt.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcYNPos.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwSJXHi.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqAPboM.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVLXrNT.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFzCWEB.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUkViBD.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQxuGQh.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jEGgkrx.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnyKKcp.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbDeDGp.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzJdnqi.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOUXGWK.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLTWkBF.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGAahSU.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLSNSXS.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysrgbxw.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZfgGZq.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UymuIPM.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXrEUVZ.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlVitmi.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNRrfxe.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPgblsb.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRnfQPE.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWsGDvs.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtEtNUk.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCIjAau.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPkTMNz.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTuBtNg.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPyZErq.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOpdrun.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJEfqAF.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHpvSps.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKVkELA.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpUNuIH.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygYcfIb.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XumYnoN.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQMcAEB.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTRJdCz.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAnEvuA.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAGVxjZ.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilQLttm.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhaFyNQ.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWfITEa.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jspMGKN.exe	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2924	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2776 wrote to memory of 2924	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2776 wrote to memory of 2924	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2776 wrote to memory of 2812	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2776 wrote to memory of 2812	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2776 wrote to memory of 2812	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2776 wrote to memory of 2932	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2776 wrote to memory of 2932	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2776 wrote to memory of 2932	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2776 wrote to memory of 2832	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2776 wrote to memory of 2832	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2776 wrote to memory of 2832	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2776 wrote to memory of 2668	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2776 wrote to memory of 2668	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2776 wrote to memory of 2668	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2776 wrote to memory of 2740	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2776 wrote to memory of 2740	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2776 wrote to memory of 2740	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2776 wrote to memory of 2380	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2776 wrote to memory of 2380	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2776 wrote to memory of 2380	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2776 wrote to memory of 2644	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2776 wrote to memory of 2644	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2776 wrote to memory of 2644	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2776 wrote to memory of 1196	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2776 wrote to memory of 1196	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2776 wrote to memory of 1196	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2776 wrote to memory of 2004	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2776 wrote to memory of 2004	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2776 wrote to memory of 2004	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2776 wrote to memory of 1880	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2776 wrote to memory of 1880	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2776 wrote to memory of 1880	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2776 wrote to memory of 2520	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2776 wrote to memory of 2520	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2776 wrote to memory of 2520	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2776 wrote to memory of 1644	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2776 wrote to memory of 1644	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2776 wrote to memory of 1644	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2776 wrote to memory of 1672	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2776 wrote to memory of 1672	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2776 wrote to memory of 1672	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2776 wrote to memory of 3024	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2776 wrote to memory of 3024	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2776 wrote to memory of 3024	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2776 wrote to memory of 1948	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2776 wrote to memory of 1948	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2776 wrote to memory of 1948	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2776 wrote to memory of 1928	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2776 wrote to memory of 1928	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2776 wrote to memory of 1928	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2776 wrote to memory of 1136	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2776 wrote to memory of 1136	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2776 wrote to memory of 1136	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2776 wrote to memory of 700	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2776 wrote to memory of 700	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2776 wrote to memory of 700	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2776 wrote to memory of 516	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2776 wrote to memory of 516	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2776 wrote to memory of 516	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2776 wrote to memory of 2168	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2776 wrote to memory of 2168	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2776 wrote to memory of 2168	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2776 wrote to memory of 2388	2776	2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_581ec46fa9d3b3723c602db966663fa8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\System\cXEThYe.exe
  C:\Windows\System\cXEThYe.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\vgcYDiX.exe
  C:\Windows\System\vgcYDiX.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\IGPafya.exe
  C:\Windows\System\IGPafya.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\TavBOOC.exe
  C:\Windows\System\TavBOOC.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\ROJWTuR.exe
  C:\Windows\System\ROJWTuR.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\AedaHuo.exe
  C:\Windows\System\AedaHuo.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\MLPWCac.exe
  C:\Windows\System\MLPWCac.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\mugbzog.exe
  C:\Windows\System\mugbzog.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\zqdPpCy.exe
  C:\Windows\System\zqdPpCy.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\WouyrXG.exe
  C:\Windows\System\WouyrXG.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\LrSKGsA.exe
  C:\Windows\System\LrSKGsA.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\AYydmFx.exe
  C:\Windows\System\AYydmFx.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\WGajiuJ.exe
  C:\Windows\System\WGajiuJ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\ZRxiWgF.exe
  C:\Windows\System\ZRxiWgF.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\YzTMGzV.exe
  C:\Windows\System\YzTMGzV.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\YMAmJug.exe
  C:\Windows\System\YMAmJug.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\WVSHhyq.exe
  C:\Windows\System\WVSHhyq.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\nuqUGzh.exe
  C:\Windows\System\nuqUGzh.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\JEUAleS.exe
  C:\Windows\System\JEUAleS.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\ifnIeoq.exe
  C:\Windows\System\ifnIeoq.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\btTrLiN.exe
  C:\Windows\System\btTrLiN.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\mVuJjaf.exe
  C:\Windows\System\mVuJjaf.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\OFYCFpk.exe
  C:\Windows\System\OFYCFpk.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\olDjEwc.exe
  C:\Windows\System\olDjEwc.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\mcxqwtj.exe
  C:\Windows\System\mcxqwtj.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\djhQdPR.exe
  C:\Windows\System\djhQdPR.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\qgHIkpu.exe
  C:\Windows\System\qgHIkpu.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\AVyXges.exe
  C:\Windows\System\AVyXges.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\osXIHsh.exe
  C:\Windows\System\osXIHsh.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\IktieEb.exe
  C:\Windows\System\IktieEb.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\ZkdkuiC.exe
  C:\Windows\System\ZkdkuiC.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\cGwrpwq.exe
  C:\Windows\System\cGwrpwq.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\LaKQbyD.exe
  C:\Windows\System\LaKQbyD.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\sSKojQu.exe
  C:\Windows\System\sSKojQu.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\WnpGpXX.exe
  C:\Windows\System\WnpGpXX.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\fmIbLEl.exe
  C:\Windows\System\fmIbLEl.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\MayFffb.exe
  C:\Windows\System\MayFffb.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\aPnHNqq.exe
  C:\Windows\System\aPnHNqq.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\HMRKzHA.exe
  C:\Windows\System\HMRKzHA.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\wbPdQhL.exe
  C:\Windows\System\wbPdQhL.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\OPvQgnF.exe
  C:\Windows\System\OPvQgnF.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\UymuIPM.exe
  C:\Windows\System\UymuIPM.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\BDWAjFb.exe
  C:\Windows\System\BDWAjFb.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\hxjAimm.exe
  C:\Windows\System\hxjAimm.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\RilXZGt.exe
  C:\Windows\System\RilXZGt.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\JszBzrX.exe
  C:\Windows\System\JszBzrX.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\BdGvCGJ.exe
  C:\Windows\System\BdGvCGJ.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\PVSJKZC.exe
  C:\Windows\System\PVSJKZC.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ZveNhIY.exe
  C:\Windows\System\ZveNhIY.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\uxtyjcl.exe
  C:\Windows\System\uxtyjcl.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\uUMydiZ.exe
  C:\Windows\System\uUMydiZ.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\rXyYrpz.exe
  C:\Windows\System\rXyYrpz.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\aaOeVVV.exe
  C:\Windows\System\aaOeVVV.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\BKwYfyK.exe
  C:\Windows\System\BKwYfyK.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\LtOcfjD.exe
  C:\Windows\System\LtOcfjD.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\OHsTqUQ.exe
  C:\Windows\System\OHsTqUQ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\GDFbmhD.exe
  C:\Windows\System\GDFbmhD.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\dNWbgDM.exe
  C:\Windows\System\dNWbgDM.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\aHgKOkS.exe
  C:\Windows\System\aHgKOkS.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\GgzDbLu.exe
  C:\Windows\System\GgzDbLu.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\imihjre.exe
  C:\Windows\System\imihjre.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\TwfWAEB.exe
  C:\Windows\System\TwfWAEB.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\SpWURZu.exe
  C:\Windows\System\SpWURZu.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\nzYKkZC.exe
  C:\Windows\System\nzYKkZC.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\XcHhOaT.exe
  C:\Windows\System\XcHhOaT.exe
  2⤵
  PID:1868
- C:\Windows\System\acOomnl.exe
  C:\Windows\System\acOomnl.exe
  2⤵
  PID:2340
- C:\Windows\System\qsKJOhY.exe
  C:\Windows\System\qsKJOhY.exe
  2⤵
  PID:952
- C:\Windows\System\PWbpSiP.exe
  C:\Windows\System\PWbpSiP.exe
  2⤵
  PID:2640
- C:\Windows\System\YIQxxBL.exe
  C:\Windows\System\YIQxxBL.exe
  2⤵
  PID:1592
- C:\Windows\System\uJWykgo.exe
  C:\Windows\System\uJWykgo.exe
  2⤵
  PID:2612
- C:\Windows\System\CANCUay.exe
  C:\Windows\System\CANCUay.exe
  2⤵
  PID:740
- C:\Windows\System\HaDpeOc.exe
  C:\Windows\System\HaDpeOc.exe
  2⤵
  PID:1740
- C:\Windows\System\jdJbJEw.exe
  C:\Windows\System\jdJbJEw.exe
  2⤵
  PID:2344
- C:\Windows\System\kYtxJBR.exe
  C:\Windows\System\kYtxJBR.exe
  2⤵
  PID:2940
- C:\Windows\System\DFDZxLF.exe
  C:\Windows\System\DFDZxLF.exe
  2⤵
  PID:1352
- C:\Windows\System\vqAPboM.exe
  C:\Windows\System\vqAPboM.exe
  2⤵
  PID:2184
- C:\Windows\System\SurCqIM.exe
  C:\Windows\System\SurCqIM.exe
  2⤵
  PID:1876
- C:\Windows\System\zZJsyBR.exe
  C:\Windows\System\zZJsyBR.exe
  2⤵
  PID:996
- C:\Windows\System\yAXROxV.exe
  C:\Windows\System\yAXROxV.exe
  2⤵
  PID:2704
- C:\Windows\System\lhwsKKY.exe
  C:\Windows\System\lhwsKKY.exe
  2⤵
  PID:980
- C:\Windows\System\rzlXhEj.exe
  C:\Windows\System\rzlXhEj.exe
  2⤵
  PID:1988
- C:\Windows\System\EigJkjf.exe
  C:\Windows\System\EigJkjf.exe
  2⤵
  PID:1564
- C:\Windows\System\sMZFhdW.exe
  C:\Windows\System\sMZFhdW.exe
  2⤵
  PID:2868
- C:\Windows\System\CNNbjiN.exe
  C:\Windows\System\CNNbjiN.exe
  2⤵
  PID:2828
- C:\Windows\System\cXplvql.exe
  C:\Windows\System\cXplvql.exe
  2⤵
  PID:2976
- C:\Windows\System\OKiDrAH.exe
  C:\Windows\System\OKiDrAH.exe
  2⤵
  PID:1932
- C:\Windows\System\HMWFjaW.exe
  C:\Windows\System\HMWFjaW.exe
  2⤵
  PID:2968
- C:\Windows\System\IArKvRE.exe
  C:\Windows\System\IArKvRE.exe
  2⤵
  PID:2132
- C:\Windows\System\CmJVpnl.exe
  C:\Windows\System\CmJVpnl.exe
  2⤵
  PID:2252
- C:\Windows\System\fopozAt.exe
  C:\Windows\System\fopozAt.exe
  2⤵
  PID:760
- C:\Windows\System\xHJNbgT.exe
  C:\Windows\System\xHJNbgT.exe
  2⤵
  PID:2156
- C:\Windows\System\axkAlrU.exe
  C:\Windows\System\axkAlrU.exe
  2⤵
  PID:1980
- C:\Windows\System\bhbHHRo.exe
  C:\Windows\System\bhbHHRo.exe
  2⤵
  PID:876
- C:\Windows\System\mfCiOeo.exe
  C:\Windows\System\mfCiOeo.exe
  2⤵
  PID:1520
- C:\Windows\System\EnxSSUZ.exe
  C:\Windows\System\EnxSSUZ.exe
  2⤵
  PID:364
- C:\Windows\System\nZisxel.exe
  C:\Windows\System\nZisxel.exe
  2⤵
  PID:1976
- C:\Windows\System\EkifTGa.exe
  C:\Windows\System\EkifTGa.exe
  2⤵
  PID:2120
- C:\Windows\System\CESUHAv.exe
  C:\Windows\System\CESUHAv.exe
  2⤵
  PID:2636
- C:\Windows\System\MwGftVY.exe
  C:\Windows\System\MwGftVY.exe
  2⤵
  PID:1864
- C:\Windows\System\hKAPeuc.exe
  C:\Windows\System\hKAPeuc.exe
  2⤵
  PID:2092
- C:\Windows\System\JotQTHZ.exe
  C:\Windows\System\JotQTHZ.exe
  2⤵
  PID:1704
- C:\Windows\System\yPkJgWE.exe
  C:\Windows\System\yPkJgWE.exe
  2⤵
  PID:2892
- C:\Windows\System\hzaGfMZ.exe
  C:\Windows\System\hzaGfMZ.exe
  2⤵
  PID:1156
- C:\Windows\System\FVgGwmp.exe
  C:\Windows\System\FVgGwmp.exe
  2⤵
  PID:2364
- C:\Windows\System\DxOEmdq.exe
  C:\Windows\System\DxOEmdq.exe
  2⤵
  PID:3056
- C:\Windows\System\QqBJAmH.exe
  C:\Windows\System\QqBJAmH.exe
  2⤵
  PID:2584
- C:\Windows\System\exrRsSo.exe
  C:\Windows\System\exrRsSo.exe
  2⤵
  PID:264
- C:\Windows\System\lJoVBpd.exe
  C:\Windows\System\lJoVBpd.exe
  2⤵
  PID:2528
- C:\Windows\System\RlnAKUb.exe
  C:\Windows\System\RlnAKUb.exe
  2⤵
  PID:1940
- C:\Windows\System\vsjSEQK.exe
  C:\Windows\System\vsjSEQK.exe
  2⤵
  PID:2448
- C:\Windows\System\VbDtCya.exe
  C:\Windows\System\VbDtCya.exe
  2⤵
  PID:3076
- C:\Windows\System\FBJflSq.exe
  C:\Windows\System\FBJflSq.exe
  2⤵
  PID:3100
- C:\Windows\System\MiBvMoW.exe
  C:\Windows\System\MiBvMoW.exe
  2⤵
  PID:3120
- C:\Windows\System\KvRhiCu.exe
  C:\Windows\System\KvRhiCu.exe
  2⤵
  PID:3140
- C:\Windows\System\UKPBGkc.exe
  C:\Windows\System\UKPBGkc.exe
  2⤵
  PID:3168
- C:\Windows\System\JXEJiVj.exe
  C:\Windows\System\JXEJiVj.exe
  2⤵
  PID:3188
- C:\Windows\System\kXAxHGb.exe
  C:\Windows\System\kXAxHGb.exe
  2⤵
  PID:3212
- C:\Windows\System\fQtAmaw.exe
  C:\Windows\System\fQtAmaw.exe
  2⤵
  PID:3232
- C:\Windows\System\ofmjGhp.exe
  C:\Windows\System\ofmjGhp.exe
  2⤵
  PID:3252
- C:\Windows\System\VRoMxzH.exe
  C:\Windows\System\VRoMxzH.exe
  2⤵
  PID:3272
- C:\Windows\System\KIkCwYt.exe
  C:\Windows\System\KIkCwYt.exe
  2⤵
  PID:3292
- C:\Windows\System\FJeDAOd.exe
  C:\Windows\System\FJeDAOd.exe
  2⤵
  PID:3312
- C:\Windows\System\XumYnoN.exe
  C:\Windows\System\XumYnoN.exe
  2⤵
  PID:3332
- C:\Windows\System\lnkOtXS.exe
  C:\Windows\System\lnkOtXS.exe
  2⤵
  PID:3352
- C:\Windows\System\oRVXvbQ.exe
  C:\Windows\System\oRVXvbQ.exe
  2⤵
  PID:3372
- C:\Windows\System\dWXOYBp.exe
  C:\Windows\System\dWXOYBp.exe
  2⤵
  PID:3392
- C:\Windows\System\IFCcEWw.exe
  C:\Windows\System\IFCcEWw.exe
  2⤵
  PID:3416
- C:\Windows\System\vKmMeke.exe
  C:\Windows\System\vKmMeke.exe
  2⤵
  PID:3436
- C:\Windows\System\ywcCyIj.exe
  C:\Windows\System\ywcCyIj.exe
  2⤵
  PID:3456
- C:\Windows\System\zsEimzw.exe
  C:\Windows\System\zsEimzw.exe
  2⤵
  PID:3476
- C:\Windows\System\jPtYCar.exe
  C:\Windows\System\jPtYCar.exe
  2⤵
  PID:3500
- C:\Windows\System\IPJPsSg.exe
  C:\Windows\System\IPJPsSg.exe
  2⤵
  PID:3520
- C:\Windows\System\ODzlvqe.exe
  C:\Windows\System\ODzlvqe.exe
  2⤵
  PID:3540
- C:\Windows\System\cOpdrun.exe
  C:\Windows\System\cOpdrun.exe
  2⤵
  PID:3556
- C:\Windows\System\oOgZSDG.exe
  C:\Windows\System\oOgZSDG.exe
  2⤵
  PID:3580
- C:\Windows\System\PpaYOGU.exe
  C:\Windows\System\PpaYOGU.exe
  2⤵
  PID:3600
- C:\Windows\System\cDezNSl.exe
  C:\Windows\System\cDezNSl.exe
  2⤵
  PID:3620
- C:\Windows\System\uHURfhu.exe
  C:\Windows\System\uHURfhu.exe
  2⤵
  PID:3640
- C:\Windows\System\BaIyRdm.exe
  C:\Windows\System\BaIyRdm.exe
  2⤵
  PID:3660
- C:\Windows\System\fpsDXcX.exe
  C:\Windows\System\fpsDXcX.exe
  2⤵
  PID:3680
- C:\Windows\System\hHDiwpp.exe
  C:\Windows\System\hHDiwpp.exe
  2⤵
  PID:3704
- C:\Windows\System\CoHhcSs.exe
  C:\Windows\System\CoHhcSs.exe
  2⤵
  PID:3724
- C:\Windows\System\InQlGIR.exe
  C:\Windows\System\InQlGIR.exe
  2⤵
  PID:3744
- C:\Windows\System\oKLvPBB.exe
  C:\Windows\System\oKLvPBB.exe
  2⤵
  PID:3764
- C:\Windows\System\sIqFvKv.exe
  C:\Windows\System\sIqFvKv.exe
  2⤵
  PID:3784
- C:\Windows\System\QmCLnNH.exe
  C:\Windows\System\QmCLnNH.exe
  2⤵
  PID:3804
- C:\Windows\System\BZSTeLI.exe
  C:\Windows\System\BZSTeLI.exe
  2⤵
  PID:3824
- C:\Windows\System\raUxKZD.exe
  C:\Windows\System\raUxKZD.exe
  2⤵
  PID:3848
- C:\Windows\System\rUzYrVE.exe
  C:\Windows\System\rUzYrVE.exe
  2⤵
  PID:3868
- C:\Windows\System\WsgkEGO.exe
  C:\Windows\System\WsgkEGO.exe
  2⤵
  PID:3888
- C:\Windows\System\UtGzIQA.exe
  C:\Windows\System\UtGzIQA.exe
  2⤵
  PID:3908
- C:\Windows\System\TYFdxoN.exe
  C:\Windows\System\TYFdxoN.exe
  2⤵
  PID:3928
- C:\Windows\System\mKXnoCD.exe
  C:\Windows\System\mKXnoCD.exe
  2⤵
  PID:3948
- C:\Windows\System\wxJNCkj.exe
  C:\Windows\System\wxJNCkj.exe
  2⤵
  PID:3968
- C:\Windows\System\nVLXrNT.exe
  C:\Windows\System\nVLXrNT.exe
  2⤵
  PID:3992
- C:\Windows\System\aLMjYrU.exe
  C:\Windows\System\aLMjYrU.exe
  2⤵
  PID:4012
- C:\Windows\System\suTIAgV.exe
  C:\Windows\System\suTIAgV.exe
  2⤵
  PID:4032
- C:\Windows\System\ccdOjns.exe
  C:\Windows\System\ccdOjns.exe
  2⤵
  PID:4052
- C:\Windows\System\QLiTIyR.exe
  C:\Windows\System\QLiTIyR.exe
  2⤵
  PID:4072
- C:\Windows\System\sxYCUzS.exe
  C:\Windows\System\sxYCUzS.exe
  2⤵
  PID:4092
- C:\Windows\System\ZkomOSY.exe
  C:\Windows\System\ZkomOSY.exe
  2⤵
  PID:1056
- C:\Windows\System\yehIHSR.exe
  C:\Windows\System\yehIHSR.exe
  2⤵
  PID:1064
- C:\Windows\System\wMfxllq.exe
  C:\Windows\System\wMfxllq.exe
  2⤵
  PID:1596
- C:\Windows\System\AkXzEdO.exe
  C:\Windows\System\AkXzEdO.exe
  2⤵
  PID:2288
- C:\Windows\System\QnglQud.exe
  C:\Windows\System\QnglQud.exe
  2⤵
  PID:2512
- C:\Windows\System\PZsSveF.exe
  C:\Windows\System\PZsSveF.exe
  2⤵
  PID:2536
- C:\Windows\System\fhQkJYe.exe
  C:\Windows\System\fhQkJYe.exe
  2⤵
  PID:588
- C:\Windows\System\gyNAYhh.exe
  C:\Windows\System\gyNAYhh.exe
  2⤵
  PID:1068
- C:\Windows\System\wCecfXv.exe
  C:\Windows\System\wCecfXv.exe
  2⤵
  PID:3116
- C:\Windows\System\OpXxpXE.exe
  C:\Windows\System\OpXxpXE.exe
  2⤵
  PID:3148
- C:\Windows\System\hKIyONL.exe
  C:\Windows\System\hKIyONL.exe
  2⤵
  PID:2884
- C:\Windows\System\acqxaFX.exe
  C:\Windows\System\acqxaFX.exe
  2⤵
  PID:3184
- C:\Windows\System\KEpLIzy.exe
  C:\Windows\System\KEpLIzy.exe
  2⤵
  PID:3240
- C:\Windows\System\bVcrzoN.exe
  C:\Windows\System\bVcrzoN.exe
  2⤵
  PID:3280
- C:\Windows\System\hzCTNnw.exe
  C:\Windows\System\hzCTNnw.exe
  2⤵
  PID:3284
- C:\Windows\System\OGAahSU.exe
  C:\Windows\System\OGAahSU.exe
  2⤵
  PID:3304
- C:\Windows\System\gwnLtJc.exe
  C:\Windows\System\gwnLtJc.exe
  2⤵
  PID:3348
- C:\Windows\System\ZZweJDx.exe
  C:\Windows\System\ZZweJDx.exe
  2⤵
  PID:3412
- C:\Windows\System\ZNmCbhp.exe
  C:\Windows\System\ZNmCbhp.exe
  2⤵
  PID:3444
- C:\Windows\System\pIIxpiE.exe
  C:\Windows\System\pIIxpiE.exe
  2⤵
  PID:3496
- C:\Windows\System\hpawuWy.exe
  C:\Windows\System\hpawuWy.exe
  2⤵
  PID:3508
- C:\Windows\System\JboTDCl.exe
  C:\Windows\System\JboTDCl.exe
  2⤵
  PID:3532
- C:\Windows\System\CPNoRWv.exe
  C:\Windows\System\CPNoRWv.exe
  2⤵
  PID:3548
- C:\Windows\System\nOtyIJX.exe
  C:\Windows\System\nOtyIJX.exe
  2⤵
  PID:3596
- C:\Windows\System\ajVIgfH.exe
  C:\Windows\System\ajVIgfH.exe
  2⤵
  PID:3648
- C:\Windows\System\fqhRtbk.exe
  C:\Windows\System\fqhRtbk.exe
  2⤵
  PID:3632
- C:\Windows\System\ixQDVSN.exe
  C:\Windows\System\ixQDVSN.exe
  2⤵
  PID:3712
- C:\Windows\System\JEPpSsm.exe
  C:\Windows\System\JEPpSsm.exe
  2⤵
  PID:3736
- C:\Windows\System\YQaWgVs.exe
  C:\Windows\System\YQaWgVs.exe
  2⤵
  PID:3756
- C:\Windows\System\XiIWbLN.exe
  C:\Windows\System\XiIWbLN.exe
  2⤵
  PID:3796
- C:\Windows\System\CyYbJOZ.exe
  C:\Windows\System\CyYbJOZ.exe
  2⤵
  PID:3864
- C:\Windows\System\WqbyEJw.exe
  C:\Windows\System\WqbyEJw.exe
  2⤵
  PID:3876
- C:\Windows\System\ilvGgan.exe
  C:\Windows\System\ilvGgan.exe
  2⤵
  PID:3936
- C:\Windows\System\TwGtTcl.exe
  C:\Windows\System\TwGtTcl.exe
  2⤵
  PID:3944
- C:\Windows\System\WxMxetY.exe
  C:\Windows\System\WxMxetY.exe
  2⤵
  PID:3964
- C:\Windows\System\iuEtxvw.exe
  C:\Windows\System\iuEtxvw.exe
  2⤵
  PID:4008
- C:\Windows\System\LlKqyFv.exe
  C:\Windows\System\LlKqyFv.exe
  2⤵
  PID:4068
- C:\Windows\System\fFZEJNW.exe
  C:\Windows\System\fFZEJNW.exe
  2⤵
  PID:4064
- C:\Windows\System\HDdPasX.exe
  C:\Windows\System\HDdPasX.exe
  2⤵
  PID:2688
- C:\Windows\System\GFJNCQL.exe
  C:\Windows\System\GFJNCQL.exe
  2⤵
  PID:2780
- C:\Windows\System\SzZmPMB.exe
  C:\Windows\System\SzZmPMB.exe
  2⤵
  PID:1784
- C:\Windows\System\aDWyOwY.exe
  C:\Windows\System\aDWyOwY.exe
  2⤵
  PID:2144
- C:\Windows\System\CUlsJZm.exe
  C:\Windows\System\CUlsJZm.exe
  2⤵
  PID:3108
- C:\Windows\System\QOFruYd.exe
  C:\Windows\System\QOFruYd.exe
  2⤵
  PID:3128
- C:\Windows\System\GonMWkT.exe
  C:\Windows\System\GonMWkT.exe
  2⤵
  PID:3208
- C:\Windows\System\SsbKZfy.exe
  C:\Windows\System\SsbKZfy.exe
  2⤵
  PID:3204
- C:\Windows\System\uUrbgOk.exe
  C:\Windows\System\uUrbgOk.exe
  2⤵
  PID:3248
- C:\Windows\System\ezVWJmg.exe
  C:\Windows\System\ezVWJmg.exe
  2⤵
  PID:3328
- C:\Windows\System\KnYrjoL.exe
  C:\Windows\System\KnYrjoL.exe
  2⤵
  PID:3400
- C:\Windows\System\qeTODlY.exe
  C:\Windows\System\qeTODlY.exe
  2⤵
  PID:3424
- C:\Windows\System\VqPqYKD.exe
  C:\Windows\System\VqPqYKD.exe
  2⤵
  PID:3552
- C:\Windows\System\dRIbTbJ.exe
  C:\Windows\System\dRIbTbJ.exe
  2⤵
  PID:3608
- C:\Windows\System\KmcxMuM.exe
  C:\Windows\System\KmcxMuM.exe
  2⤵
  PID:3628
- C:\Windows\System\bpcElwt.exe
  C:\Windows\System\bpcElwt.exe
  2⤵
  PID:3652
- C:\Windows\System\uEDvktV.exe
  C:\Windows\System\uEDvktV.exe
  2⤵
  PID:3716
- C:\Windows\System\gcLGxwc.exe
  C:\Windows\System\gcLGxwc.exe
  2⤵
  PID:3792
- C:\Windows\System\uILhuZt.exe
  C:\Windows\System\uILhuZt.exe
  2⤵
  PID:3904
- C:\Windows\System\XVsvxCL.exe
  C:\Windows\System\XVsvxCL.exe
  2⤵
  PID:3900
- C:\Windows\System\EYFDXdE.exe
  C:\Windows\System\EYFDXdE.exe
  2⤵
  PID:3984
- C:\Windows\System\aXyxrwz.exe
  C:\Windows\System\aXyxrwz.exe
  2⤵
  PID:4060
- C:\Windows\System\QrrKlRs.exe
  C:\Windows\System\QrrKlRs.exe
  2⤵
  PID:4088
- C:\Windows\System\jHhJMpH.exe
  C:\Windows\System\jHhJMpH.exe
  2⤵
  PID:1420
- C:\Windows\System\dWoAQxs.exe
  C:\Windows\System\dWoAQxs.exe
  2⤵
  PID:4104
- C:\Windows\System\MhxdVNw.exe
  C:\Windows\System\MhxdVNw.exe
  2⤵
  PID:4124
- C:\Windows\System\XCQHrCa.exe
  C:\Windows\System\XCQHrCa.exe
  2⤵
  PID:4144
- C:\Windows\System\lYFZsnJ.exe
  C:\Windows\System\lYFZsnJ.exe
  2⤵
  PID:4164
- C:\Windows\System\qZgImTK.exe
  C:\Windows\System\qZgImTK.exe
  2⤵
  PID:4184
- C:\Windows\System\MlrCMLg.exe
  C:\Windows\System\MlrCMLg.exe
  2⤵
  PID:4200
- C:\Windows\System\GGGaNij.exe
  C:\Windows\System\GGGaNij.exe
  2⤵
  PID:4224
- C:\Windows\System\YxhyAWW.exe
  C:\Windows\System\YxhyAWW.exe
  2⤵
  PID:4244
- C:\Windows\System\qgfiDxe.exe
  C:\Windows\System\qgfiDxe.exe
  2⤵
  PID:4264
- C:\Windows\System\iktnQry.exe
  C:\Windows\System\iktnQry.exe
  2⤵
  PID:4288
- C:\Windows\System\KdACqBo.exe
  C:\Windows\System\KdACqBo.exe
  2⤵
  PID:4308
- C:\Windows\System\ARdeuzv.exe
  C:\Windows\System\ARdeuzv.exe
  2⤵
  PID:4328
- C:\Windows\System\kItRNBL.exe
  C:\Windows\System\kItRNBL.exe
  2⤵
  PID:4348
- C:\Windows\System\PIucGdp.exe
  C:\Windows\System\PIucGdp.exe
  2⤵
  PID:4368
- C:\Windows\System\nzrXSpX.exe
  C:\Windows\System\nzrXSpX.exe
  2⤵
  PID:4392
- C:\Windows\System\jhWeVxs.exe
  C:\Windows\System\jhWeVxs.exe
  2⤵
  PID:4412
- C:\Windows\System\GZivSfN.exe
  C:\Windows\System\GZivSfN.exe
  2⤵
  PID:4432
- C:\Windows\System\dbOvFkM.exe
  C:\Windows\System\dbOvFkM.exe
  2⤵
  PID:4452
- C:\Windows\System\YUeiBNO.exe
  C:\Windows\System\YUeiBNO.exe
  2⤵
  PID:4472
- C:\Windows\System\nTYItOJ.exe
  C:\Windows\System\nTYItOJ.exe
  2⤵
  PID:4528
- C:\Windows\System\ofQDdPj.exe
  C:\Windows\System\ofQDdPj.exe
  2⤵
  PID:4548
- C:\Windows\System\kAtPiGs.exe
  C:\Windows\System\kAtPiGs.exe
  2⤵
  PID:4568
- C:\Windows\System\prndioz.exe
  C:\Windows\System\prndioz.exe
  2⤵
  PID:4588
- C:\Windows\System\JVBFXmW.exe
  C:\Windows\System\JVBFXmW.exe
  2⤵
  PID:4608
- C:\Windows\System\QKBNWoo.exe
  C:\Windows\System\QKBNWoo.exe
  2⤵
  PID:4628
- C:\Windows\System\PoNxktE.exe
  C:\Windows\System\PoNxktE.exe
  2⤵
  PID:4648
- C:\Windows\System\DtPpsac.exe
  C:\Windows\System\DtPpsac.exe
  2⤵
  PID:4668
- C:\Windows\System\sDUIauU.exe
  C:\Windows\System\sDUIauU.exe
  2⤵
  PID:4692
- C:\Windows\System\sYCbQuD.exe
  C:\Windows\System\sYCbQuD.exe
  2⤵
  PID:4720
- C:\Windows\System\VnYDaVB.exe
  C:\Windows\System\VnYDaVB.exe
  2⤵
  PID:4740
- C:\Windows\System\LfYzSRN.exe
  C:\Windows\System\LfYzSRN.exe
  2⤵
  PID:4760
- C:\Windows\System\eAPcxps.exe
  C:\Windows\System\eAPcxps.exe
  2⤵
  PID:4780
- C:\Windows\System\RmTaFDm.exe
  C:\Windows\System\RmTaFDm.exe
  2⤵
  PID:4804
- C:\Windows\System\LWtmbhP.exe
  C:\Windows\System\LWtmbhP.exe
  2⤵
  PID:4824
- C:\Windows\System\KMbdgND.exe
  C:\Windows\System\KMbdgND.exe
  2⤵
  PID:4844
- C:\Windows\System\qojNwAg.exe
  C:\Windows\System\qojNwAg.exe
  2⤵
  PID:4864
- C:\Windows\System\QAGjruP.exe
  C:\Windows\System\QAGjruP.exe
  2⤵
  PID:4884
- C:\Windows\System\gEJBVfs.exe
  C:\Windows\System\gEJBVfs.exe
  2⤵
  PID:4904
- C:\Windows\System\GwwhevF.exe
  C:\Windows\System\GwwhevF.exe
  2⤵
  PID:4924
- C:\Windows\System\CeDKdXt.exe
  C:\Windows\System\CeDKdXt.exe
  2⤵
  PID:4944
- C:\Windows\System\ClDpcxr.exe
  C:\Windows\System\ClDpcxr.exe
  2⤵
  PID:4964
- C:\Windows\System\TVfKXdD.exe
  C:\Windows\System\TVfKXdD.exe
  2⤵
  PID:4984
- C:\Windows\System\QhiAwuG.exe
  C:\Windows\System\QhiAwuG.exe
  2⤵
  PID:5004
- C:\Windows\System\wvwDiNT.exe
  C:\Windows\System\wvwDiNT.exe
  2⤵
  PID:5024
- C:\Windows\System\OiGcueX.exe
  C:\Windows\System\OiGcueX.exe
  2⤵
  PID:5044
- C:\Windows\System\lCYSjIj.exe
  C:\Windows\System\lCYSjIj.exe
  2⤵
  PID:5064
- C:\Windows\System\udeaAIP.exe
  C:\Windows\System\udeaAIP.exe
  2⤵
  PID:5088
- C:\Windows\System\uPhhcAJ.exe
  C:\Windows\System\uPhhcAJ.exe
  2⤵
  PID:5112
- C:\Windows\System\NQkNwFK.exe
  C:\Windows\System\NQkNwFK.exe
  2⤵
  PID:1388
- C:\Windows\System\fgMfwFs.exe
  C:\Windows\System\fgMfwFs.exe
  2⤵
  PID:3160
- C:\Windows\System\ZscQjjG.exe
  C:\Windows\System\ZscQjjG.exe
  2⤵
  PID:3264
- C:\Windows\System\jyBmUDH.exe
  C:\Windows\System\jyBmUDH.exe
  2⤵
  PID:3364
- C:\Windows\System\LSrOmcA.exe
  C:\Windows\System\LSrOmcA.exe
  2⤵
  PID:3404
- C:\Windows\System\fiTzoCn.exe
  C:\Windows\System\fiTzoCn.exe
  2⤵
  PID:3468
- C:\Windows\System\vslOeNm.exe
  C:\Windows\System\vslOeNm.exe
  2⤵
  PID:3588
- C:\Windows\System\RTlkIaf.exe
  C:\Windows\System\RTlkIaf.exe
  2⤵
  PID:3676
- C:\Windows\System\Utagufi.exe
  C:\Windows\System\Utagufi.exe
  2⤵
  PID:3800
- C:\Windows\System\ckRwRck.exe
  C:\Windows\System\ckRwRck.exe
  2⤵
  PID:3856
- C:\Windows\System\ohIiGga.exe
  C:\Windows\System\ohIiGga.exe
  2⤵
  PID:3860
- C:\Windows\System\OOHWFTU.exe
  C:\Windows\System\OOHWFTU.exe
  2⤵
  PID:4020
- C:\Windows\System\nnuzcCq.exe
  C:\Windows\System\nnuzcCq.exe
  2⤵
  PID:4044
- C:\Windows\System\SNRrfxe.exe
  C:\Windows\System\SNRrfxe.exe
  2⤵
  PID:1556
- C:\Windows\System\yACBKFE.exe
  C:\Windows\System\yACBKFE.exe
  2⤵
  PID:4120
- C:\Windows\System\ysrDDMu.exe
  C:\Windows\System\ysrDDMu.exe
  2⤵
  PID:4160
- C:\Windows\System\iDNwMnK.exe
  C:\Windows\System\iDNwMnK.exe
  2⤵
  PID:4220
- C:\Windows\System\qxSZmac.exe
  C:\Windows\System\qxSZmac.exe
  2⤵
  PID:4216
- C:\Windows\System\qfhQLSH.exe
  C:\Windows\System\qfhQLSH.exe
  2⤵
  PID:4236
- C:\Windows\System\LywAOuS.exe
  C:\Windows\System\LywAOuS.exe
  2⤵
  PID:4276
- C:\Windows\System\MKAFPPo.exe
  C:\Windows\System\MKAFPPo.exe
  2⤵
  PID:4336
- C:\Windows\System\wzJdnqi.exe
  C:\Windows\System\wzJdnqi.exe
  2⤵
  PID:4356
- C:\Windows\System\zcYBvAW.exe
  C:\Windows\System\zcYBvAW.exe
  2⤵
  PID:4380
- C:\Windows\System\uHsiUry.exe
  C:\Windows\System\uHsiUry.exe
  2⤵
  PID:4428
- C:\Windows\System\SOUXGWK.exe
  C:\Windows\System\SOUXGWK.exe
  2⤵
  PID:4460
- C:\Windows\System\PeZbeKF.exe
  C:\Windows\System\PeZbeKF.exe
  2⤵
  PID:1236
- C:\Windows\System\AWUjsXs.exe
  C:\Windows\System\AWUjsXs.exe
  2⤵
  PID:4496
- C:\Windows\System\rNrBUFA.exe
  C:\Windows\System\rNrBUFA.exe
  2⤵
  PID:2260
- C:\Windows\System\QCtBgAh.exe
  C:\Windows\System\QCtBgAh.exe
  2⤵
  PID:2852
- C:\Windows\System\IPgblsb.exe
  C:\Windows\System\IPgblsb.exe
  2⤵
  PID:2928
- C:\Windows\System\amUtZRS.exe
  C:\Windows\System\amUtZRS.exe
  2⤵
  PID:3000
- C:\Windows\System\HLSNSXS.exe
  C:\Windows\System\HLSNSXS.exe
  2⤵
  PID:2784
- C:\Windows\System\HFzCWEB.exe
  C:\Windows\System\HFzCWEB.exe
  2⤵
  PID:2608
- C:\Windows\System\AoEciQV.exe
  C:\Windows\System\AoEciQV.exe
  2⤵
  PID:4768
- C:\Windows\System\dCmlQJf.exe
  C:\Windows\System\dCmlQJf.exe
  2⤵
  PID:4872
- C:\Windows\System\zmCrKAj.exe
  C:\Windows\System\zmCrKAj.exe
  2⤵
  PID:4876
- C:\Windows\System\GiCmzAn.exe
  C:\Windows\System\GiCmzAn.exe
  2⤵
  PID:4952
- C:\Windows\System\NetFtbf.exe
  C:\Windows\System\NetFtbf.exe
  2⤵
  PID:4960
- C:\Windows\System\zJEfqAF.exe
  C:\Windows\System\zJEfqAF.exe
  2⤵
  PID:4976
- C:\Windows\System\BlzmhzW.exe
  C:\Windows\System\BlzmhzW.exe
  2⤵
  PID:1956
- C:\Windows\System\aamwtmI.exe
  C:\Windows\System\aamwtmI.exe
  2⤵
  PID:5060
- C:\Windows\System\HGdhAjv.exe
  C:\Windows\System\HGdhAjv.exe
  2⤵
  PID:2200
- C:\Windows\System\RgHOtpJ.exe
  C:\Windows\System\RgHOtpJ.exe
  2⤵
  PID:2836
- C:\Windows\System\ggTnEfS.exe
  C:\Windows\System\ggTnEfS.exe
  2⤵
  PID:3132
- C:\Windows\System\svDEboW.exe
  C:\Windows\System\svDEboW.exe
  2⤵
  PID:3360
- C:\Windows\System\KceocJQ.exe
  C:\Windows\System\KceocJQ.exe
  2⤵
  PID:3484
- C:\Windows\System\VWdckkM.exe
  C:\Windows\System\VWdckkM.exe
  2⤵
  PID:5104
- C:\Windows\System\GcwGGkv.exe
  C:\Windows\System\GcwGGkv.exe
  2⤵
  PID:3692
- C:\Windows\System\kYgbkPq.exe
  C:\Windows\System\kYgbkPq.exe
  2⤵
  PID:3880
- C:\Windows\System\mzmSOfn.exe
  C:\Windows\System\mzmSOfn.exe
  2⤵
  PID:4000
- C:\Windows\System\fKpwAPW.exe
  C:\Windows\System\fKpwAPW.exe
  2⤵
  PID:4100
- C:\Windows\System\PMXCGBw.exe
  C:\Windows\System\PMXCGBw.exe
  2⤵
  PID:4152
- C:\Windows\System\dvkqBiz.exe
  C:\Windows\System\dvkqBiz.exe
  2⤵
  PID:4212
- C:\Windows\System\qXPpjQv.exe
  C:\Windows\System\qXPpjQv.exe
  2⤵
  PID:2692
- C:\Windows\System\wzhMKWN.exe
  C:\Windows\System\wzhMKWN.exe
  2⤵
  PID:4300
- C:\Windows\System\StneQxH.exe
  C:\Windows\System\StneQxH.exe
  2⤵
  PID:4376
- C:\Windows\System\aurNFhC.exe
  C:\Windows\System\aurNFhC.exe
  2⤵
  PID:4360
- C:\Windows\System\vtEtNUk.exe
  C:\Windows\System\vtEtNUk.exe
  2⤵
  PID:4404
- C:\Windows\System\zFdtDkO.exe
  C:\Windows\System\zFdtDkO.exe
  2⤵
  PID:2596
- C:\Windows\System\djuHuzA.exe
  C:\Windows\System\djuHuzA.exe
  2⤵
  PID:2728
- C:\Windows\System\sNyILOa.exe
  C:\Windows\System\sNyILOa.exe
  2⤵
  PID:2736
- C:\Windows\System\HfJLXTN.exe
  C:\Windows\System\HfJLXTN.exe
  2⤵
  PID:1188
- C:\Windows\System\MGlCDrI.exe
  C:\Windows\System\MGlCDrI.exe
  2⤵
  PID:2000
- C:\Windows\System\nkAoWBf.exe
  C:\Windows\System\nkAoWBf.exe
  2⤵
  PID:4544
- C:\Windows\System\FNnyYoN.exe
  C:\Windows\System\FNnyYoN.exe
  2⤵
  PID:1668
- C:\Windows\System\jlFxcSq.exe
  C:\Windows\System\jlFxcSq.exe
  2⤵
  PID:2708
- C:\Windows\System\YrhhVJF.exe
  C:\Windows\System\YrhhVJF.exe
  2⤵
  PID:2680
- C:\Windows\System\bGNIJfo.exe
  C:\Windows\System\bGNIJfo.exe
  2⤵
  PID:1384
- C:\Windows\System\dfHHtUD.exe
  C:\Windows\System\dfHHtUD.exe
  2⤵
  PID:1076
- C:\Windows\System\ORXzTJg.exe
  C:\Windows\System\ORXzTJg.exe
  2⤵
  PID:2152
- C:\Windows\System\KWKttiN.exe
  C:\Windows\System\KWKttiN.exe
  2⤵
  PID:1372
- C:\Windows\System\jMgeqtJ.exe
  C:\Windows\System\jMgeqtJ.exe
  2⤵
  PID:3036
- C:\Windows\System\HoqLfFX.exe
  C:\Windows\System\HoqLfFX.exe
  2⤵
  PID:2012
- C:\Windows\System\jbLreVy.exe
  C:\Windows\System\jbLreVy.exe
  2⤵
  PID:2136
- C:\Windows\System\ujrVxwf.exe
  C:\Windows\System\ujrVxwf.exe
  2⤵
  PID:1856
- C:\Windows\System\GLFfdNa.exe
  C:\Windows\System\GLFfdNa.exe
  2⤵
  PID:2148
- C:\Windows\System\pvPJOJy.exe
  C:\Windows\System\pvPJOJy.exe
  2⤵
  PID:1720
- C:\Windows\System\LJKQbuF.exe
  C:\Windows\System\LJKQbuF.exe
  2⤵
  PID:2016
- C:\Windows\System\rRxpFSC.exe
  C:\Windows\System\rRxpFSC.exe
  2⤵
  PID:936
- C:\Windows\System\SECdFGR.exe
  C:\Windows\System\SECdFGR.exe
  2⤵
  PID:4540
- C:\Windows\System\kSSzleN.exe
  C:\Windows\System\kSSzleN.exe
  2⤵
  PID:4620
- C:\Windows\System\fWfirct.exe
  C:\Windows\System\fWfirct.exe
  2⤵
  PID:2788
- C:\Windows\System\tFQkibk.exe
  C:\Windows\System\tFQkibk.exe
  2⤵
  PID:900
- C:\Windows\System\UBGccnt.exe
  C:\Windows\System\UBGccnt.exe
  2⤵
  PID:4736
- C:\Windows\System\HvzaBGf.exe
  C:\Windows\System\HvzaBGf.exe
  2⤵
  PID:4900
- C:\Windows\System\VAgGZRr.exe
  C:\Windows\System\VAgGZRr.exe
  2⤵
  PID:4992
- C:\Windows\System\qPZJCZb.exe
  C:\Windows\System\qPZJCZb.exe
  2⤵
  PID:5020
- C:\Windows\System\kMoYqby.exe
  C:\Windows\System\kMoYqby.exe
  2⤵
  PID:5016
- C:\Windows\System\SqTblDV.exe
  C:\Windows\System\SqTblDV.exe
  2⤵
  PID:1488
- C:\Windows\System\eQMcAEB.exe
  C:\Windows\System\eQMcAEB.exe
  2⤵
  PID:1612
- C:\Windows\System\QBZMFBf.exe
  C:\Windows\System\QBZMFBf.exe
  2⤵
  PID:5084
- C:\Windows\System\utQdbMm.exe
  C:\Windows\System\utQdbMm.exe
  2⤵
  PID:4836
- C:\Windows\System\cFRCUZd.exe
  C:\Windows\System\cFRCUZd.exe
  2⤵
  PID:3136
- C:\Windows\System\bwbYuhp.exe
  C:\Windows\System\bwbYuhp.exe
  2⤵
  PID:3688
- C:\Windows\System\kxxbIzS.exe
  C:\Windows\System\kxxbIzS.exe
  2⤵
  PID:3780
- C:\Windows\System\IrsfJkr.exe
  C:\Windows\System\IrsfJkr.exe
  2⤵
  PID:4140
- C:\Windows\System\pfbxJxZ.exe
  C:\Windows\System\pfbxJxZ.exe
  2⤵
  PID:4180
- C:\Windows\System\MeyPcGs.exe
  C:\Windows\System\MeyPcGs.exe
  2⤵
  PID:1048
- C:\Windows\System\yOlbxuE.exe
  C:\Windows\System\yOlbxuE.exe
  2⤵
  PID:4304
- C:\Windows\System\DAJPnrm.exe
  C:\Windows\System\DAJPnrm.exe
  2⤵
  PID:4284
- C:\Windows\System\rFcezDQ.exe
  C:\Windows\System\rFcezDQ.exe
  2⤵
  PID:3068
- C:\Windows\System\OzVLsYq.exe
  C:\Windows\System\OzVLsYq.exe
  2⤵
  PID:2216
- C:\Windows\System\YXULrOS.exe
  C:\Windows\System\YXULrOS.exe
  2⤵
  PID:2420
- C:\Windows\System\xnKWabe.exe
  C:\Windows\System\xnKWabe.exe
  2⤵
  PID:2840
- C:\Windows\System\aESPvol.exe
  C:\Windows\System\aESPvol.exe
  2⤵
  PID:2712
- C:\Windows\System\soUniEM.exe
  C:\Windows\System\soUniEM.exe
  2⤵
  PID:2104
- C:\Windows\System\LKRBaYi.exe
  C:\Windows\System\LKRBaYi.exe
  2⤵
  PID:2524
- C:\Windows\System\qJtwnjJ.exe
  C:\Windows\System\qJtwnjJ.exe
  2⤵
  PID:2188
- C:\Windows\System\bSgmjND.exe
  C:\Windows\System\bSgmjND.exe
  2⤵
  PID:2024
- C:\Windows\System\DHWNxfS.exe
  C:\Windows\System\DHWNxfS.exe
  2⤵
  PID:2456
- C:\Windows\System\OBtTyAh.exe
  C:\Windows\System\OBtTyAh.exe
  2⤵
  PID:2248
- C:\Windows\System\WfWXhqW.exe
  C:\Windows\System\WfWXhqW.exe
  2⤵
  PID:2008
- C:\Windows\System\hMnjFQe.exe
  C:\Windows\System\hMnjFQe.exe
  2⤵
  PID:804
- C:\Windows\System\BnmAGOa.exe
  C:\Windows\System\BnmAGOa.exe
  2⤵
  PID:4580
- C:\Windows\System\pthFmCx.exe
  C:\Windows\System\pthFmCx.exe
  2⤵
  PID:2944
- C:\Windows\System\iEEJNxC.exe
  C:\Windows\System\iEEJNxC.exe
  2⤵
  PID:2700
- C:\Windows\System\EepCvvJ.exe
  C:\Windows\System\EepCvvJ.exe
  2⤵
  PID:4916
- C:\Windows\System\lVAcQBK.exe
  C:\Windows\System\lVAcQBK.exe
  2⤵
  PID:4980
- C:\Windows\System\VaHsDcv.exe
  C:\Windows\System\VaHsDcv.exe
  2⤵
  PID:1504
- C:\Windows\System\vjwWOQR.exe
  C:\Windows\System\vjwWOQR.exe
  2⤵
  PID:5096
- C:\Windows\System\qdlhVru.exe
  C:\Windows\System\qdlhVru.exe
  2⤵
  PID:3244
- C:\Windows\System\VJFBXQr.exe
  C:\Windows\System\VJFBXQr.exe
  2⤵
  PID:2500
- C:\Windows\System\ajtFxiJ.exe
  C:\Windows\System\ajtFxiJ.exe
  2⤵
  PID:4136
- C:\Windows\System\ZznPzIr.exe
  C:\Windows\System\ZznPzIr.exe
  2⤵
  PID:4024
- C:\Windows\System\VrpVywO.exe
  C:\Windows\System\VrpVywO.exe
  2⤵
  PID:1952
- C:\Windows\System\CnboZgW.exe
  C:\Windows\System\CnboZgW.exe
  2⤵
  PID:1412
- C:\Windows\System\JEnPvtL.exe
  C:\Windows\System\JEnPvtL.exe
  2⤵
  PID:4464
- C:\Windows\System\wTQpDqM.exe
  C:\Windows\System\wTQpDqM.exe
  2⤵
  PID:2960
- C:\Windows\System\dMbvSiL.exe
  C:\Windows\System\dMbvSiL.exe
  2⤵
  PID:2096
- C:\Windows\System\tmjQsVu.exe
  C:\Windows\System\tmjQsVu.exe
  2⤵
  PID:4644
- C:\Windows\System\MYEQScg.exe
  C:\Windows\System\MYEQScg.exe
  2⤵
  PID:4708
- C:\Windows\System\WnarmWC.exe
  C:\Windows\System\WnarmWC.exe
  2⤵
  PID:2356
- C:\Windows\System\QYWmgiv.exe
  C:\Windows\System\QYWmgiv.exe
  2⤵
  PID:1280
- C:\Windows\System\tPMxgHd.exe
  C:\Windows\System\tPMxgHd.exe
  2⤵
  PID:4576
- C:\Windows\System\IsqJYFy.exe
  C:\Windows\System\IsqJYFy.exe
  2⤵
  PID:4820
- C:\Windows\System\SDdAqTz.exe
  C:\Windows\System\SDdAqTz.exe
  2⤵
  PID:4936
- C:\Windows\System\fuUBerf.exe
  C:\Windows\System\fuUBerf.exe
  2⤵
  PID:1480
- C:\Windows\System\cMovvgu.exe
  C:\Windows\System\cMovvgu.exe
  2⤵
  PID:4972
- C:\Windows\System\cAUMPXX.exe
  C:\Windows\System\cAUMPXX.exe
  2⤵
  PID:3384
- C:\Windows\System\aNXsGpb.exe
  C:\Windows\System\aNXsGpb.exe
  2⤵
  PID:4320
- C:\Windows\System\lGwnAnc.exe
  C:\Windows\System\lGwnAnc.exe
  2⤵
  PID:920
- C:\Windows\System\tDNTtXz.exe
  C:\Windows\System\tDNTtXz.exe
  2⤵
  PID:4388
- C:\Windows\System\vfnyUOh.exe
  C:\Windows\System\vfnyUOh.exe
  2⤵
  PID:4524
- C:\Windows\System\TtjNJok.exe
  C:\Windows\System\TtjNJok.exe
  2⤵
  PID:1656
- C:\Windows\System\inCpmpq.exe
  C:\Windows\System\inCpmpq.exe
  2⤵
  PID:1484
- C:\Windows\System\Hmrtxho.exe
  C:\Windows\System\Hmrtxho.exe
  2⤵
  PID:4616
- C:\Windows\System\dmpPbkJ.exe
  C:\Windows\System\dmpPbkJ.exe
  2⤵
  PID:4684
- C:\Windows\System\zfgpbhS.exe
  C:\Windows\System\zfgpbhS.exe
  2⤵
  PID:5040
- C:\Windows\System\moXJIas.exe
  C:\Windows\System\moXJIas.exe
  2⤵
  PID:2980
- C:\Windows\System\DbFKBMs.exe
  C:\Windows\System\DbFKBMs.exe
  2⤵
  PID:5100
- C:\Windows\System\gnCyhgZ.exe
  C:\Windows\System\gnCyhgZ.exe
  2⤵
  PID:1200
- C:\Windows\System\bGOiPAS.exe
  C:\Windows\System\bGOiPAS.exe
  2⤵
  PID:1184
- C:\Windows\System\LsUOOMo.exe
  C:\Windows\System\LsUOOMo.exe
  2⤵
  PID:4564
- C:\Windows\System\MunqOMj.exe
  C:\Windows\System\MunqOMj.exe
  2⤵
  PID:4860
- C:\Windows\System\HywgpPP.exe
  C:\Windows\System\HywgpPP.exe
  2⤵
  PID:4112
- C:\Windows\System\LpJtKiB.exe
  C:\Windows\System\LpJtKiB.exe
  2⤵
  PID:4484
- C:\Windows\System\SzAEEES.exe
  C:\Windows\System\SzAEEES.exe
  2⤵
  PID:2540
- C:\Windows\System\tyIBWFW.exe
  C:\Windows\System\tyIBWFW.exe
  2⤵
  PID:4816
- C:\Windows\System\wNNGszo.exe
  C:\Windows\System\wNNGszo.exe
  2⤵
  PID:1032
- C:\Windows\System\aFgtLVd.exe
  C:\Windows\System\aFgtLVd.exe
  2⤵
  PID:340
- C:\Windows\System\UUkDCZJ.exe
  C:\Windows\System\UUkDCZJ.exe
  2⤵
  PID:2164
- C:\Windows\System\EHfOCDU.exe
  C:\Windows\System\EHfOCDU.exe
  2⤵
  PID:1584
- C:\Windows\System\gwQcBuZ.exe
  C:\Windows\System\gwQcBuZ.exe
  2⤵
  PID:1920
- C:\Windows\System\gijolAA.exe
  C:\Windows\System\gijolAA.exe
  2⤵
  PID:2240
- C:\Windows\System\mEZHGco.exe
  C:\Windows\System\mEZHGco.exe
  2⤵
  PID:2056
- C:\Windows\System\khojoYJ.exe
  C:\Windows\System\khojoYJ.exe
  2⤵
  PID:5144
- C:\Windows\System\jxgrsez.exe
  C:\Windows\System\jxgrsez.exe
  2⤵
  PID:5160
- C:\Windows\System\yDYpikF.exe
  C:\Windows\System\yDYpikF.exe
  2⤵
  PID:5180
- C:\Windows\System\SxKhUeJ.exe
  C:\Windows\System\SxKhUeJ.exe
  2⤵
  PID:5228
- C:\Windows\System\RuHWHaH.exe
  C:\Windows\System\RuHWHaH.exe
  2⤵
  PID:5248
- C:\Windows\System\GmcbpQa.exe
  C:\Windows\System\GmcbpQa.exe
  2⤵
  PID:5264
- C:\Windows\System\vCXaSUG.exe
  C:\Windows\System\vCXaSUG.exe
  2⤵
  PID:5284
- C:\Windows\System\NCshsIW.exe
  C:\Windows\System\NCshsIW.exe
  2⤵
  PID:5300
- C:\Windows\System\tZzIAkI.exe
  C:\Windows\System\tZzIAkI.exe
  2⤵
  PID:5328
- C:\Windows\System\xJiflTf.exe
  C:\Windows\System\xJiflTf.exe
  2⤵
  PID:5352
- C:\Windows\System\jbmXmAU.exe
  C:\Windows\System\jbmXmAU.exe
  2⤵
  PID:5368
- C:\Windows\System\RCHblde.exe
  C:\Windows\System\RCHblde.exe
  2⤵
  PID:5388
- C:\Windows\System\yDqDSMh.exe
  C:\Windows\System\yDqDSMh.exe
  2⤵
  PID:5412
- C:\Windows\System\TTaaOwb.exe
  C:\Windows\System\TTaaOwb.exe
  2⤵
  PID:5432
- C:\Windows\System\ZNgQsTy.exe
  C:\Windows\System\ZNgQsTy.exe
  2⤵
  PID:5448
- C:\Windows\System\yNffeTV.exe
  C:\Windows\System\yNffeTV.exe
  2⤵
  PID:5472
- C:\Windows\System\tlJqkyZ.exe
  C:\Windows\System\tlJqkyZ.exe
  2⤵
  PID:5488
- C:\Windows\System\MhgqFQu.exe
  C:\Windows\System\MhgqFQu.exe
  2⤵
  PID:5508
- C:\Windows\System\QmjROfK.exe
  C:\Windows\System\QmjROfK.exe
  2⤵
  PID:5528
- C:\Windows\System\jWMPEcw.exe
  C:\Windows\System\jWMPEcw.exe
  2⤵
  PID:5552
- C:\Windows\System\aBOCmvY.exe
  C:\Windows\System\aBOCmvY.exe
  2⤵
  PID:5568
- C:\Windows\System\vPjgOtE.exe
  C:\Windows\System\vPjgOtE.exe
  2⤵
  PID:5592
- C:\Windows\System\vfDwpvo.exe
  C:\Windows\System\vfDwpvo.exe
  2⤵
  PID:5608
- C:\Windows\System\YVxUAco.exe
  C:\Windows\System\YVxUAco.exe
  2⤵
  PID:5628
- C:\Windows\System\JdjZCYP.exe
  C:\Windows\System\JdjZCYP.exe
  2⤵
  PID:5648
- C:\Windows\System\pVRpcsU.exe
  C:\Windows\System\pVRpcsU.exe
  2⤵
  PID:5672
- C:\Windows\System\SkyOqYV.exe
  C:\Windows\System\SkyOqYV.exe
  2⤵
  PID:5692
- C:\Windows\System\iydmaBY.exe
  C:\Windows\System\iydmaBY.exe
  2⤵
  PID:5716
- C:\Windows\System\xsshEnv.exe
  C:\Windows\System\xsshEnv.exe
  2⤵
  PID:5732
- C:\Windows\System\IHdWxCn.exe
  C:\Windows\System\IHdWxCn.exe
  2⤵
  PID:5760
- C:\Windows\System\zrVedWO.exe
  C:\Windows\System\zrVedWO.exe
  2⤵
  PID:5776
- C:\Windows\System\fZtBBWR.exe
  C:\Windows\System\fZtBBWR.exe
  2⤵
  PID:5796
- C:\Windows\System\BCIjAau.exe
  C:\Windows\System\BCIjAau.exe
  2⤵
  PID:5812
- C:\Windows\System\xCuGAWR.exe
  C:\Windows\System\xCuGAWR.exe
  2⤵
  PID:5828
- C:\Windows\System\uUThNOV.exe
  C:\Windows\System\uUThNOV.exe
  2⤵
  PID:5848
- C:\Windows\System\rRAHMur.exe
  C:\Windows\System\rRAHMur.exe
  2⤵
  PID:5872
- C:\Windows\System\fMVcVBf.exe
  C:\Windows\System\fMVcVBf.exe
  2⤵
  PID:5888
- C:\Windows\System\MTyObif.exe
  C:\Windows\System\MTyObif.exe
  2⤵
  PID:5904
- C:\Windows\System\IqFDAUM.exe
  C:\Windows\System\IqFDAUM.exe
  2⤵
  PID:5964
- C:\Windows\System\oxQrnbQ.exe
  C:\Windows\System\oxQrnbQ.exe
  2⤵
  PID:5980
- C:\Windows\System\DQxuGQh.exe
  C:\Windows\System\DQxuGQh.exe
  2⤵
  PID:5996
- C:\Windows\System\GAdMPIW.exe
  C:\Windows\System\GAdMPIW.exe
  2⤵
  PID:6016
- C:\Windows\System\odiEEfm.exe
  C:\Windows\System\odiEEfm.exe
  2⤵
  PID:6032
- C:\Windows\System\uGfGxAg.exe
  C:\Windows\System\uGfGxAg.exe
  2⤵
  PID:6052
- C:\Windows\System\ZznEAAt.exe
  C:\Windows\System\ZznEAAt.exe
  2⤵
  PID:6068
- C:\Windows\System\qFDVLgx.exe
  C:\Windows\System\qFDVLgx.exe
  2⤵
  PID:6088
- C:\Windows\System\omyLviQ.exe
  C:\Windows\System\omyLviQ.exe
  2⤵
  PID:6104
- C:\Windows\System\rxFQPlO.exe
  C:\Windows\System\rxFQPlO.exe
  2⤵
  PID:6128
- C:\Windows\System\xUMOIbF.exe
  C:\Windows\System\xUMOIbF.exe
  2⤵
  PID:3760
- C:\Windows\System\MGfQdgZ.exe
  C:\Windows\System\MGfQdgZ.exe
  2⤵
  PID:1808
- C:\Windows\System\TnqKfEl.exe
  C:\Windows\System\TnqKfEl.exe
  2⤵
  PID:1896
- C:\Windows\System\gAiwqtr.exe
  C:\Windows\System\gAiwqtr.exe
  2⤵
  PID:5208
- C:\Windows\System\wlGWZqz.exe
  C:\Windows\System\wlGWZqz.exe
  2⤵
  PID:3040
- C:\Windows\System\MpVeDuq.exe
  C:\Windows\System\MpVeDuq.exe
  2⤵
  PID:5240
- C:\Windows\System\LGSLSmX.exe
  C:\Windows\System\LGSLSmX.exe
  2⤵
  PID:5320
- C:\Windows\System\DtffmBF.exe
  C:\Windows\System\DtffmBF.exe
  2⤵
  PID:5344
- C:\Windows\System\VPzIctC.exe
  C:\Windows\System\VPzIctC.exe
  2⤵
  PID:5364
- C:\Windows\System\vgVnFWD.exe
  C:\Windows\System\vgVnFWD.exe
  2⤵
  PID:5420
- C:\Windows\System\NZtBMjO.exe
  C:\Windows\System\NZtBMjO.exe
  2⤵
  PID:5440
- C:\Windows\System\jHyQmWA.exe
  C:\Windows\System\jHyQmWA.exe
  2⤵
  PID:5468
- C:\Windows\System\ilQLttm.exe
  C:\Windows\System\ilQLttm.exe
  2⤵
  PID:5484
- C:\Windows\System\jEGgkrx.exe
  C:\Windows\System\jEGgkrx.exe
  2⤵
  PID:5536
- C:\Windows\System\VNlCUoe.exe
  C:\Windows\System\VNlCUoe.exe
  2⤵
  PID:5576
- C:\Windows\System\kMKlfsM.exe
  C:\Windows\System\kMKlfsM.exe
  2⤵
  PID:5580
- C:\Windows\System\WSsKkln.exe
  C:\Windows\System\WSsKkln.exe
  2⤵
  PID:5604
- C:\Windows\System\pbYtOZj.exe
  C:\Windows\System\pbYtOZj.exe
  2⤵
  PID:5636
- C:\Windows\System\QlPYgtV.exe
  C:\Windows\System\QlPYgtV.exe
  2⤵
  PID:5756
- C:\Windows\System\esFSbVA.exe
  C:\Windows\System\esFSbVA.exe
  2⤵
  PID:5820
- C:\Windows\System\opadyOT.exe
  C:\Windows\System\opadyOT.exe
  2⤵
  PID:5896
- C:\Windows\System\VXxxGrO.exe
  C:\Windows\System\VXxxGrO.exe
  2⤵
  PID:5724
- C:\Windows\System\SrMCuwh.exe
  C:\Windows\System\SrMCuwh.exe
  2⤵
  PID:5768
- C:\Windows\System\VZkeRwu.exe
  C:\Windows\System\VZkeRwu.exe
  2⤵
  PID:5844
- C:\Windows\System\owiSiBp.exe
  C:\Windows\System\owiSiBp.exe
  2⤵
  PID:5936
- C:\Windows\System\WgVHBAv.exe
  C:\Windows\System\WgVHBAv.exe
  2⤵
  PID:5988
- C:\Windows\System\penKnjy.exe
  C:\Windows\System\penKnjy.exe
  2⤵
  PID:5972
- C:\Windows\System\zeZKrOh.exe
  C:\Windows\System\zeZKrOh.exe
  2⤵
  PID:6100
- C:\Windows\System\SMKjrUb.exe
  C:\Windows\System\SMKjrUb.exe
  2⤵
  PID:6044
- C:\Windows\System\mzpKeTt.exe
  C:\Windows\System\mzpKeTt.exe
  2⤵
  PID:6084
- C:\Windows\System\eqMRgTv.exe
  C:\Windows\System\eqMRgTv.exe
  2⤵
  PID:5168
- C:\Windows\System\qgHhily.exe
  C:\Windows\System\qgHhily.exe
  2⤵
  PID:4420
- C:\Windows\System\qHBryHX.exe
  C:\Windows\System\qHBryHX.exe
  2⤵
  PID:5172
- C:\Windows\System\xUoZnyj.exe
  C:\Windows\System\xUoZnyj.exe
  2⤵
  PID:2256
- C:\Windows\System\acDEtNj.exe
  C:\Windows\System\acDEtNj.exe
  2⤵
  PID:5276
- C:\Windows\System\dNpZtNj.exe
  C:\Windows\System\dNpZtNj.exe
  2⤵
  PID:5376
- C:\Windows\System\KNrUBUX.exe
  C:\Windows\System\KNrUBUX.exe
  2⤵
  PID:5480
- C:\Windows\System\LhWvRrf.exe
  C:\Windows\System\LhWvRrf.exe
  2⤵
  PID:5588
- C:\Windows\System\pgYrHAy.exe
  C:\Windows\System\pgYrHAy.exe
  2⤵
  PID:5544
- C:\Windows\System\SAYkkXM.exe
  C:\Windows\System\SAYkkXM.exe
  2⤵
  PID:5700
- C:\Windows\System\xRsYaog.exe
  C:\Windows\System\xRsYaog.exe
  2⤵
  PID:5400
- C:\Windows\System\jnzkRZi.exe
  C:\Windows\System\jnzkRZi.exe
  2⤵
  PID:5560
- C:\Windows\System\dXamQCi.exe
  C:\Windows\System\dXamQCi.exe
  2⤵
  PID:5740
- C:\Windows\System\cSEQptx.exe
  C:\Windows\System\cSEQptx.exe
  2⤵
  PID:5792
- C:\Windows\System\paBCeGK.exe
  C:\Windows\System\paBCeGK.exe
  2⤵
  PID:5864
- C:\Windows\System\VIzwPhd.exe
  C:\Windows\System\VIzwPhd.exe
  2⤵
  PID:5916
- C:\Windows\System\acNzYZc.exe
  C:\Windows\System\acNzYZc.exe
  2⤵
  PID:6140
- C:\Windows\System\ALEGRMt.exe
  C:\Windows\System\ALEGRMt.exe
  2⤵
  PID:6012
- C:\Windows\System\OwZIvKO.exe
  C:\Windows\System\OwZIvKO.exe
  2⤵
  PID:5976
- C:\Windows\System\MUJkoKV.exe
  C:\Windows\System\MUJkoKV.exe
  2⤵
  PID:1004
- C:\Windows\System\ekTZyVa.exe
  C:\Windows\System\ekTZyVa.exe
  2⤵
  PID:5132
- C:\Windows\System\QzlXtQS.exe
  C:\Windows\System\QzlXtQS.exe
  2⤵
  PID:5340
- C:\Windows\System\uUFiEVO.exe
  C:\Windows\System\uUFiEVO.exe
  2⤵
  PID:5500
- C:\Windows\System\TQikSSj.exe
  C:\Windows\System\TQikSSj.exe
  2⤵
  PID:5680
- C:\Windows\System\Vjezicg.exe
  C:\Windows\System\Vjezicg.exe
  2⤵
  PID:5668
- C:\Windows\System\iFogvAF.exe
  C:\Windows\System\iFogvAF.exe
  2⤵
  PID:5664
- C:\Windows\System\SmXUZmG.exe
  C:\Windows\System\SmXUZmG.exe
  2⤵
  PID:5788
- C:\Windows\System\nujEPAF.exe
  C:\Windows\System\nujEPAF.exe
  2⤵
  PID:6028
- C:\Windows\System\qzefixT.exe
  C:\Windows\System\qzefixT.exe
  2⤵
  PID:6120
- C:\Windows\System\RrKmzjJ.exe
  C:\Windows\System\RrKmzjJ.exe
  2⤵
  PID:5224
- C:\Windows\System\iLHZgdf.exe
  C:\Windows\System\iLHZgdf.exe
  2⤵
  PID:6080
- C:\Windows\System\zeaDKBh.exe
  C:\Windows\System\zeaDKBh.exe
  2⤵
  PID:5280
- C:\Windows\System\FsEyTmU.exe
  C:\Windows\System\FsEyTmU.exe
  2⤵
  PID:5688
- C:\Windows\System\zaUZLKu.exe
  C:\Windows\System\zaUZLKu.exe
  2⤵
  PID:5860
- C:\Windows\System\wTAZxKt.exe
  C:\Windows\System\wTAZxKt.exe
  2⤵
  PID:5804
- C:\Windows\System\XhDoWfz.exe
  C:\Windows\System\XhDoWfz.exe
  2⤵
  PID:5840
- C:\Windows\System\jyDyNdA.exe
  C:\Windows\System\jyDyNdA.exe
  2⤵
  PID:6064
- C:\Windows\System\SSlKwzN.exe
  C:\Windows\System\SSlKwzN.exe
  2⤵
  PID:5708
- C:\Windows\System\PfsCdGQ.exe
  C:\Windows\System\PfsCdGQ.exe
  2⤵
  PID:5396
- C:\Windows\System\NjzoDsY.exe
  C:\Windows\System\NjzoDsY.exe
  2⤵
  PID:5272
- C:\Windows\System\RCymeRW.exe
  C:\Windows\System\RCymeRW.exe
  2⤵
  PID:5836
- C:\Windows\System\KMmvTtC.exe
  C:\Windows\System\KMmvTtC.exe
  2⤵
  PID:6096
- C:\Windows\System\VirDxJP.exe
  C:\Windows\System\VirDxJP.exe
  2⤵
  PID:5856
- C:\Windows\System\BkoxyaA.exe
  C:\Windows\System\BkoxyaA.exe
  2⤵
  PID:6152
- C:\Windows\System\ULHoDgu.exe
  C:\Windows\System\ULHoDgu.exe
  2⤵
  PID:6168
- C:\Windows\System\jzioUcL.exe
  C:\Windows\System\jzioUcL.exe
  2⤵
  PID:6184
- C:\Windows\System\iilVNua.exe
  C:\Windows\System\iilVNua.exe
  2⤵
  PID:6220
- C:\Windows\System\qPlvxUB.exe
  C:\Windows\System\qPlvxUB.exe
  2⤵
  PID:6236
- C:\Windows\System\nQqxvqz.exe
  C:\Windows\System\nQqxvqz.exe
  2⤵
  PID:6252
- C:\Windows\System\cPKYcRj.exe
  C:\Windows\System\cPKYcRj.exe
  2⤵
  PID:6272
- C:\Windows\System\lEGBufl.exe
  C:\Windows\System\lEGBufl.exe
  2⤵
  PID:6296
- C:\Windows\System\uifvBpg.exe
  C:\Windows\System\uifvBpg.exe
  2⤵
  PID:6320
- C:\Windows\System\itIpdOb.exe
  C:\Windows\System\itIpdOb.exe
  2⤵
  PID:6340
- C:\Windows\System\cMFitjs.exe
  C:\Windows\System\cMFitjs.exe
  2⤵
  PID:6360
- C:\Windows\System\yXQaxVo.exe
  C:\Windows\System\yXQaxVo.exe
  2⤵
  PID:6380
- C:\Windows\System\GTAObbO.exe
  C:\Windows\System\GTAObbO.exe
  2⤵
  PID:6400
- C:\Windows\System\gZROnip.exe
  C:\Windows\System\gZROnip.exe
  2⤵
  PID:6420
- C:\Windows\System\cBAPfvg.exe
  C:\Windows\System\cBAPfvg.exe
  2⤵
  PID:6440
- C:\Windows\System\DqTUrmD.exe
  C:\Windows\System\DqTUrmD.exe
  2⤵
  PID:6456
- C:\Windows\System\aARJKrZ.exe
  C:\Windows\System\aARJKrZ.exe
  2⤵
  PID:6480
- C:\Windows\System\fLOkmeb.exe
  C:\Windows\System\fLOkmeb.exe
  2⤵
  PID:6500
- C:\Windows\System\hgljUTQ.exe
  C:\Windows\System\hgljUTQ.exe
  2⤵
  PID:6520
- C:\Windows\System\INepJqS.exe
  C:\Windows\System\INepJqS.exe
  2⤵
  PID:6540
- C:\Windows\System\lhmwrij.exe
  C:\Windows\System\lhmwrij.exe
  2⤵
  PID:6556
- C:\Windows\System\BWPiMKl.exe
  C:\Windows\System\BWPiMKl.exe
  2⤵
  PID:6580
- C:\Windows\System\dUgJmdx.exe
  C:\Windows\System\dUgJmdx.exe
  2⤵
  PID:6596
- C:\Windows\System\LHCHXgZ.exe
  C:\Windows\System\LHCHXgZ.exe
  2⤵
  PID:6612
- C:\Windows\System\CwZBWut.exe
  C:\Windows\System\CwZBWut.exe
  2⤵
  PID:6632
- C:\Windows\System\poBJCIM.exe
  C:\Windows\System\poBJCIM.exe
  2⤵
  PID:6660
- C:\Windows\System\bLviMrd.exe
  C:\Windows\System\bLviMrd.exe
  2⤵
  PID:6676
- C:\Windows\System\IyfHZbr.exe
  C:\Windows\System\IyfHZbr.exe
  2⤵
  PID:6696
- C:\Windows\System\VirkHae.exe
  C:\Windows\System\VirkHae.exe
  2⤵
  PID:6716
- C:\Windows\System\kkAqlcS.exe
  C:\Windows\System\kkAqlcS.exe
  2⤵
  PID:6732
- C:\Windows\System\XSSJYLh.exe
  C:\Windows\System\XSSJYLh.exe
  2⤵
  PID:6760
- C:\Windows\System\lPbecJU.exe
  C:\Windows\System\lPbecJU.exe
  2⤵
  PID:6780
- C:\Windows\System\AENFCxC.exe
  C:\Windows\System\AENFCxC.exe
  2⤵
  PID:6800
- C:\Windows\System\RMIphLq.exe
  C:\Windows\System\RMIphLq.exe
  2⤵
  PID:6824
- C:\Windows\System\OcJOPAm.exe
  C:\Windows\System\OcJOPAm.exe
  2⤵
  PID:6840
- C:\Windows\System\XjtBQID.exe
  C:\Windows\System\XjtBQID.exe
  2⤵
  PID:6856
- C:\Windows\System\zwrcnYK.exe
  C:\Windows\System\zwrcnYK.exe
  2⤵
  PID:6880
- C:\Windows\System\oxchnWH.exe
  C:\Windows\System\oxchnWH.exe
  2⤵
  PID:6896
- C:\Windows\System\QgCDnpq.exe
  C:\Windows\System\QgCDnpq.exe
  2⤵
  PID:6916
- C:\Windows\System\rXLkVty.exe
  C:\Windows\System\rXLkVty.exe
  2⤵
  PID:6940
- C:\Windows\System\GrZrJDX.exe
  C:\Windows\System\GrZrJDX.exe
  2⤵
  PID:6964
- C:\Windows\System\GFNAnoa.exe
  C:\Windows\System\GFNAnoa.exe
  2⤵
  PID:6980
- C:\Windows\System\hvQrAGd.exe
  C:\Windows\System\hvQrAGd.exe
  2⤵
  PID:7000
- C:\Windows\System\ndtRvHi.exe
  C:\Windows\System\ndtRvHi.exe
  2⤵
  PID:7024
- C:\Windows\System\cHTYgaO.exe
  C:\Windows\System\cHTYgaO.exe
  2⤵
  PID:7044
- C:\Windows\System\UFbTtnB.exe
  C:\Windows\System\UFbTtnB.exe
  2⤵
  PID:7068
- C:\Windows\System\etjGrwj.exe
  C:\Windows\System\etjGrwj.exe
  2⤵
  PID:7084
- C:\Windows\System\OPWdLTD.exe
  C:\Windows\System\OPWdLTD.exe
  2⤵
  PID:7100
- C:\Windows\System\qHwkkqF.exe
  C:\Windows\System\qHwkkqF.exe
  2⤵
  PID:7116
- C:\Windows\System\oucpSIF.exe
  C:\Windows\System\oucpSIF.exe
  2⤵
  PID:7148
- C:\Windows\System\SKyZTuu.exe
  C:\Windows\System\SKyZTuu.exe
  2⤵
  PID:7164
- C:\Windows\System\asuvQUb.exe
  C:\Windows\System\asuvQUb.exe
  2⤵
  PID:5520
- C:\Windows\System\NhovfiU.exe
  C:\Windows\System\NhovfiU.exe
  2⤵
  PID:6196
- C:\Windows\System\TnJuQbq.exe
  C:\Windows\System\TnJuQbq.exe
  2⤵
  PID:6176
- C:\Windows\System\BUCzLNI.exe
  C:\Windows\System\BUCzLNI.exe
  2⤵
  PID:6228
- C:\Windows\System\HsaGxFQ.exe
  C:\Windows\System\HsaGxFQ.exe
  2⤵
  PID:6260
- C:\Windows\System\lxUorou.exe
  C:\Windows\System\lxUorou.exe
  2⤵
  PID:6304
- C:\Windows\System\QHCduKj.exe
  C:\Windows\System\QHCduKj.exe
  2⤵
  PID:6336
- C:\Windows\System\NzrStEz.exe
  C:\Windows\System\NzrStEz.exe
  2⤵
  PID:6376
- C:\Windows\System\pxSQKsb.exe
  C:\Windows\System\pxSQKsb.exe
  2⤵
  PID:6412
- C:\Windows\System\iyPaWTr.exe
  C:\Windows\System\iyPaWTr.exe
  2⤵
  PID:6436
- C:\Windows\System\aXSWjlS.exe
  C:\Windows\System\aXSWjlS.exe
  2⤵
  PID:6472
- C:\Windows\System\grwUmOo.exe
  C:\Windows\System\grwUmOo.exe
  2⤵
  PID:6528
- C:\Windows\System\yYFtZur.exe
  C:\Windows\System\yYFtZur.exe
  2⤵
  PID:6572
- C:\Windows\System\tIEQgBH.exe
  C:\Windows\System\tIEQgBH.exe
  2⤵
  PID:6516
- C:\Windows\System\PTcnhOn.exe
  C:\Windows\System\PTcnhOn.exe
  2⤵
  PID:6640
- C:\Windows\System\kGwHFNe.exe
  C:\Windows\System\kGwHFNe.exe
  2⤵
  PID:6592
- C:\Windows\System\BodohdX.exe
  C:\Windows\System\BodohdX.exe
  2⤵
  PID:6628
- C:\Windows\System\iPyFNlY.exe
  C:\Windows\System\iPyFNlY.exe
  2⤵
  PID:6668
- C:\Windows\System\NbHuHVl.exe
  C:\Windows\System\NbHuHVl.exe
  2⤵
  PID:6768
- C:\Windows\System\jaigyIv.exe
  C:\Windows\System\jaigyIv.exe
  2⤵
  PID:6792
- C:\Windows\System\VhxKHED.exe
  C:\Windows\System\VhxKHED.exe
  2⤵
  PID:6816
- C:\Windows\System\lsSDEwT.exe
  C:\Windows\System\lsSDEwT.exe
  2⤵
  PID:6852
- C:\Windows\System\xbOKsvW.exe
  C:\Windows\System\xbOKsvW.exe
  2⤵
  PID:6888
- C:\Windows\System\BrrNSWi.exe
  C:\Windows\System\BrrNSWi.exe
  2⤵
  PID:6912
- C:\Windows\System\udCAYCM.exe
  C:\Windows\System\udCAYCM.exe
  2⤵
  PID:6952
- C:\Windows\System\qWgSynZ.exe
  C:\Windows\System\qWgSynZ.exe
  2⤵
  PID:6988
- C:\Windows\System\tLeTghn.exe
  C:\Windows\System\tLeTghn.exe
  2⤵
  PID:7008
- C:\Windows\System\mwTiOIj.exe
  C:\Windows\System\mwTiOIj.exe
  2⤵
  PID:7040
- C:\Windows\System\zZxhSUM.exe
  C:\Windows\System\zZxhSUM.exe
  2⤵
  PID:7112
- C:\Windows\System\xEsRnok.exe
  C:\Windows\System\xEsRnok.exe
  2⤵
  PID:7128
- C:\Windows\System\uyvpjsw.exe
  C:\Windows\System\uyvpjsw.exe
  2⤵
  PID:7080
- C:\Windows\System\AZCocBq.exe
  C:\Windows\System\AZCocBq.exe
  2⤵
  PID:6164
- C:\Windows\System\hVxLIXT.exe
  C:\Windows\System\hVxLIXT.exe
  2⤵
  PID:5456
- C:\Windows\System\CJoiotU.exe
  C:\Windows\System\CJoiotU.exe
  2⤵
  PID:6268
- C:\Windows\System\bHSpxiK.exe
  C:\Windows\System\bHSpxiK.exe
  2⤵
  PID:6316
- C:\Windows\System\bHEVHTi.exe
  C:\Windows\System\bHEVHTi.exe
  2⤵
  PID:6284
- C:\Windows\System\lhZauFD.exe
  C:\Windows\System\lhZauFD.exe
  2⤵
  PID:6396
- C:\Windows\System\hLASJsd.exe
  C:\Windows\System\hLASJsd.exe
  2⤵
  PID:6468
- C:\Windows\System\wSRRfTQ.exe
  C:\Windows\System\wSRRfTQ.exe
  2⤵
  PID:6492
- C:\Windows\System\mykqrgv.exe
  C:\Windows\System\mykqrgv.exe
  2⤵
  PID:6608
- C:\Windows\System\JqXfqtM.exe
  C:\Windows\System\JqXfqtM.exe
  2⤵
  PID:6724
- C:\Windows\System\rtGRwNU.exe
  C:\Windows\System\rtGRwNU.exe
  2⤵
  PID:6512
- C:\Windows\System\elzfxlf.exe
  C:\Windows\System\elzfxlf.exe
  2⤵
  PID:6776
- C:\Windows\System\mdkupGg.exe
  C:\Windows\System\mdkupGg.exe
  2⤵
  PID:6812
- C:\Windows\System\qQkIZJH.exe
  C:\Windows\System\qQkIZJH.exe
  2⤵
  PID:6868
- C:\Windows\System\kWGyVuA.exe
  C:\Windows\System\kWGyVuA.exe
  2⤵
  PID:6908
- C:\Windows\System\BQznElX.exe
  C:\Windows\System\BQznElX.exe
  2⤵
  PID:6996
- C:\Windows\System\RLETTbf.exe
  C:\Windows\System\RLETTbf.exe
  2⤵
  PID:7032
- C:\Windows\System\zVtMSAV.exe
  C:\Windows\System\zVtMSAV.exe
  2⤵
  PID:7108
- C:\Windows\System\hWpUCzT.exe
  C:\Windows\System\hWpUCzT.exe
  2⤵
  PID:6180
- C:\Windows\System\xpvUHds.exe
  C:\Windows\System\xpvUHds.exe
  2⤵
  PID:6248
- C:\Windows\System\ySUWpTl.exe
  C:\Windows\System\ySUWpTl.exe
  2⤵
  PID:7156
- C:\Windows\System\tpnXhAd.exe
  C:\Windows\System\tpnXhAd.exe
  2⤵
  PID:6392
- C:\Windows\System\nFXDzfz.exe
  C:\Windows\System\nFXDzfz.exe
  2⤵
  PID:6368
- C:\Windows\System\MAsqNHS.exe
  C:\Windows\System\MAsqNHS.exe
  2⤵
  PID:6496
- C:\Windows\System\sNdyaJs.exe
  C:\Windows\System\sNdyaJs.exe
  2⤵
  PID:6620
- C:\Windows\System\qtZSjys.exe
  C:\Windows\System\qtZSjys.exe
  2⤵
  PID:6688
- C:\Windows\System\NUGfoCp.exe
  C:\Windows\System\NUGfoCp.exe
  2⤵
  PID:6752
- C:\Windows\System\WeHpEIw.exe
  C:\Windows\System\WeHpEIw.exe
  2⤵
  PID:6936
- C:\Windows\System\ZsKuoeg.exe
  C:\Windows\System\ZsKuoeg.exe
  2⤵
  PID:6928
- C:\Windows\System\GabiARA.exe
  C:\Windows\System\GabiARA.exe
  2⤵
  PID:7064
- C:\Windows\System\MNFWeOf.exe
  C:\Windows\System\MNFWeOf.exe
  2⤵
  PID:7144
- C:\Windows\System\EEAaVDq.exe
  C:\Windows\System\EEAaVDq.exe
  2⤵
  PID:7160
- C:\Windows\System\HUMEWCO.exe
  C:\Windows\System\HUMEWCO.exe
  2⤵
  PID:6208
- C:\Windows\System\EhxSBOt.exe
  C:\Windows\System\EhxSBOt.exe
  2⤵
  PID:6808
- C:\Windows\System\faHrTvX.exe
  C:\Windows\System\faHrTvX.exe
  2⤵
  PID:6656
- C:\Windows\System\xqtYFut.exe
  C:\Windows\System\xqtYFut.exe
  2⤵
  PID:6744
- C:\Windows\System\SNYqoif.exe
  C:\Windows\System\SNYqoif.exe
  2⤵
  PID:7056
- C:\Windows\System\LXaLQEs.exe
  C:\Windows\System\LXaLQEs.exe
  2⤵
  PID:6388
- C:\Windows\System\lMDCZEX.exe
  C:\Windows\System\lMDCZEX.exe
  2⤵
  PID:6428
- C:\Windows\System\VKWvlrB.exe
  C:\Windows\System\VKWvlrB.exe
  2⤵
  PID:6788
- C:\Windows\System\wRKCNWV.exe
  C:\Windows\System\wRKCNWV.exe
  2⤵
  PID:6568
- C:\Windows\System\psMvvZv.exe
  C:\Windows\System\psMvvZv.exe
  2⤵
  PID:6244
- C:\Windows\System\xUIKESw.exe
  C:\Windows\System\xUIKESw.exe
  2⤵
  PID:6280
- C:\Windows\System\SXRUpbM.exe
  C:\Windows\System\SXRUpbM.exe
  2⤵
  PID:7096
- C:\Windows\System\smiPteT.exe
  C:\Windows\System\smiPteT.exe
  2⤵
  PID:7172
- C:\Windows\System\zHUOfCm.exe
  C:\Windows\System\zHUOfCm.exe
  2⤵
  PID:7192
- C:\Windows\System\gAnEvuA.exe
  C:\Windows\System\gAnEvuA.exe
  2⤵
  PID:7228
- C:\Windows\System\cWOkSkm.exe
  C:\Windows\System\cWOkSkm.exe
  2⤵
  PID:7248
- C:\Windows\System\dnfVROs.exe
  C:\Windows\System\dnfVROs.exe
  2⤵
  PID:7264
- C:\Windows\System\LGNgKRS.exe
  C:\Windows\System\LGNgKRS.exe
  2⤵
  PID:7280
- C:\Windows\System\HacujSn.exe
  C:\Windows\System\HacujSn.exe
  2⤵
  PID:7296
- C:\Windows\System\xRogwDM.exe
  C:\Windows\System\xRogwDM.exe
  2⤵
  PID:7316
- C:\Windows\System\heaykql.exe
  C:\Windows\System\heaykql.exe
  2⤵
  PID:7344
- C:\Windows\System\ZsebKxs.exe
  C:\Windows\System\ZsebKxs.exe
  2⤵
  PID:7368
- C:\Windows\System\XHJoAMX.exe
  C:\Windows\System\XHJoAMX.exe
  2⤵
  PID:7384
- C:\Windows\System\doyyaoI.exe
  C:\Windows\System\doyyaoI.exe
  2⤵
  PID:7404
- C:\Windows\System\wsuQZsp.exe
  C:\Windows\System\wsuQZsp.exe
  2⤵
  PID:7424
- C:\Windows\System\xAXvIJt.exe
  C:\Windows\System\xAXvIJt.exe
  2⤵
  PID:7440
- C:\Windows\System\AGuBLjQ.exe
  C:\Windows\System\AGuBLjQ.exe
  2⤵
  PID:7460
- C:\Windows\System\wAuuCfP.exe
  C:\Windows\System\wAuuCfP.exe
  2⤵
  PID:7488
- C:\Windows\System\CAauJDN.exe
  C:\Windows\System\CAauJDN.exe
  2⤵
  PID:7504
- C:\Windows\System\fHVhwGU.exe
  C:\Windows\System\fHVhwGU.exe
  2⤵
  PID:7528
- C:\Windows\System\fsnFFfN.exe
  C:\Windows\System\fsnFFfN.exe
  2⤵
  PID:7552
- C:\Windows\System\JLOqLvl.exe
  C:\Windows\System\JLOqLvl.exe
  2⤵
  PID:7572
- C:\Windows\System\zzNkmmd.exe
  C:\Windows\System\zzNkmmd.exe
  2⤵
  PID:7588
- C:\Windows\System\cGvmHBF.exe
  C:\Windows\System\cGvmHBF.exe
  2⤵
  PID:7612
- C:\Windows\System\OTYsTkR.exe
  C:\Windows\System\OTYsTkR.exe
  2⤵
  PID:7628
- C:\Windows\System\AcYNPos.exe
  C:\Windows\System\AcYNPos.exe
  2⤵
  PID:7652
- C:\Windows\System\HTLjQDs.exe
  C:\Windows\System\HTLjQDs.exe
  2⤵
  PID:7668
- C:\Windows\System\vaRtULI.exe
  C:\Windows\System\vaRtULI.exe
  2⤵
  PID:7688
- C:\Windows\System\GrQQZoH.exe
  C:\Windows\System\GrQQZoH.exe
  2⤵
  PID:7704
- C:\Windows\System\wCWVZTM.exe
  C:\Windows\System\wCWVZTM.exe
  2⤵
  PID:7728
- C:\Windows\System\WYJtYGc.exe
  C:\Windows\System\WYJtYGc.exe
  2⤵
  PID:7744
- C:\Windows\System\dnicLsU.exe
  C:\Windows\System\dnicLsU.exe
  2⤵
  PID:7760
- C:\Windows\System\ZlCpfsZ.exe
  C:\Windows\System\ZlCpfsZ.exe
  2⤵
  PID:7780
- C:\Windows\System\nGSFZcK.exe
  C:\Windows\System\nGSFZcK.exe
  2⤵
  PID:7804
- C:\Windows\System\gASiqSJ.exe
  C:\Windows\System\gASiqSJ.exe
  2⤵
  PID:7828
- C:\Windows\System\cWCshOj.exe
  C:\Windows\System\cWCshOj.exe
  2⤵
  PID:7852
- C:\Windows\System\qguELSf.exe
  C:\Windows\System\qguELSf.exe
  2⤵
  PID:7868
- C:\Windows\System\xlwkeXK.exe
  C:\Windows\System\xlwkeXK.exe
  2⤵
  PID:7892
- C:\Windows\System\YSkjanX.exe
  C:\Windows\System\YSkjanX.exe
  2⤵
  PID:7908
- C:\Windows\System\GLIBJyh.exe
  C:\Windows\System\GLIBJyh.exe
  2⤵
  PID:7924
- C:\Windows\System\YVEnIKs.exe
  C:\Windows\System\YVEnIKs.exe
  2⤵
  PID:7940
- C:\Windows\System\JzBoQiy.exe
  C:\Windows\System\JzBoQiy.exe
  2⤵
  PID:7960
- C:\Windows\System\PHhunYe.exe
  C:\Windows\System\PHhunYe.exe
  2⤵
  PID:7988
- C:\Windows\System\cJlFfAY.exe
  C:\Windows\System\cJlFfAY.exe
  2⤵
  PID:8004
- C:\Windows\System\GAqBZtA.exe
  C:\Windows\System\GAqBZtA.exe
  2⤵
  PID:8024
- C:\Windows\System\WSkIzyq.exe
  C:\Windows\System\WSkIzyq.exe
  2⤵
  PID:8052
- C:\Windows\System\iJvYXUG.exe
  C:\Windows\System\iJvYXUG.exe
  2⤵
  PID:8068
- C:\Windows\System\VmkYsAU.exe
  C:\Windows\System\VmkYsAU.exe
  2⤵
  PID:8092
- C:\Windows\System\LLHafaQ.exe
  C:\Windows\System\LLHafaQ.exe
  2⤵
  PID:8112
- C:\Windows\System\bsnhozs.exe
  C:\Windows\System\bsnhozs.exe
  2⤵
  PID:8132
- C:\Windows\System\eINqFXK.exe
  C:\Windows\System\eINqFXK.exe
  2⤵
  PID:8148
- C:\Windows\System\LzKBHrA.exe
  C:\Windows\System\LzKBHrA.exe
  2⤵
  PID:8172
- C:\Windows\System\xLOJAMz.exe
  C:\Windows\System\xLOJAMz.exe
  2⤵
  PID:8188
- C:\Windows\System\TNNiHuq.exe
  C:\Windows\System\TNNiHuq.exe
  2⤵
  PID:7180
- C:\Windows\System\IncxcxW.exe
  C:\Windows\System\IncxcxW.exe
  2⤵
  PID:6972
- C:\Windows\System\dKAKSxY.exe
  C:\Windows\System\dKAKSxY.exe
  2⤵
  PID:7220
- C:\Windows\System\qhjRdVu.exe
  C:\Windows\System\qhjRdVu.exe
  2⤵
  PID:7244
- C:\Windows\System\xVGGrIi.exe
  C:\Windows\System\xVGGrIi.exe
  2⤵
  PID:7312
- C:\Windows\System\KHpvSps.exe
  C:\Windows\System\KHpvSps.exe
  2⤵
  PID:7324
- C:\Windows\System\wdHfBUn.exe
  C:\Windows\System\wdHfBUn.exe
  2⤵
  PID:7356
- C:\Windows\System\csOkHxK.exe
  C:\Windows\System\csOkHxK.exe
  2⤵
  PID:7376
- C:\Windows\System\TzoMDdb.exe
  C:\Windows\System\TzoMDdb.exe
  2⤵
  PID:7416
- C:\Windows\System\oqmBHAm.exe
  C:\Windows\System\oqmBHAm.exe
  2⤵
  PID:7472
- C:\Windows\System\MbhHQTq.exe
  C:\Windows\System\MbhHQTq.exe
  2⤵
  PID:7480
- C:\Windows\System\QIrBVpy.exe
  C:\Windows\System\QIrBVpy.exe
  2⤵
  PID:7516
- C:\Windows\System\QcUKbkQ.exe
  C:\Windows\System\QcUKbkQ.exe
  2⤵
  PID:7540
- C:\Windows\System\YxAfsTB.exe
  C:\Windows\System\YxAfsTB.exe
  2⤵
  PID:7584
- C:\Windows\System\JMBOwjh.exe
  C:\Windows\System\JMBOwjh.exe
  2⤵
  PID:7620
- C:\Windows\System\RMFtCcm.exe
  C:\Windows\System\RMFtCcm.exe
  2⤵
  PID:7644
- C:\Windows\System\JnFtxSK.exe
  C:\Windows\System\JnFtxSK.exe
  2⤵
  PID:7684
- C:\Windows\System\nicnrsy.exe
  C:\Windows\System\nicnrsy.exe
  2⤵
  PID:7756
- C:\Windows\System\EQgmsMD.exe
  C:\Windows\System\EQgmsMD.exe
  2⤵
  PID:7796
- C:\Windows\System\QbMrYAW.exe
  C:\Windows\System\QbMrYAW.exe
  2⤵
  PID:7776
- C:\Windows\System\wVsGpcG.exe
  C:\Windows\System\wVsGpcG.exe
  2⤵
  PID:7820
- C:\Windows\System\piBYPCo.exe
  C:\Windows\System\piBYPCo.exe
  2⤵
  PID:7848
- C:\Windows\System\etILYLl.exe
  C:\Windows\System\etILYLl.exe
  2⤵
  PID:7888
- C:\Windows\System\YJPqlHR.exe
  C:\Windows\System\YJPqlHR.exe
  2⤵
  PID:7948
- C:\Windows\System\NvzEXpS.exe
  C:\Windows\System\NvzEXpS.exe
  2⤵
  PID:7900
- C:\Windows\System\nnndffL.exe
  C:\Windows\System\nnndffL.exe
  2⤵
  PID:7980
- C:\Windows\System\uXYjRSX.exe
  C:\Windows\System\uXYjRSX.exe
  2⤵
  PID:8016
- C:\Windows\System\CUhzTbS.exe
  C:\Windows\System\CUhzTbS.exe
  2⤵
  PID:8040
- C:\Windows\System\OmyeMjU.exe
  C:\Windows\System\OmyeMjU.exe
  2⤵
  PID:8076
- C:\Windows\System\NgkfpJD.exe
  C:\Windows\System\NgkfpJD.exe
  2⤵
  PID:8124
- C:\Windows\System\ZjSYBro.exe
  C:\Windows\System\ZjSYBro.exe
  2⤵
  PID:8156
- C:\Windows\System\bwFGTxP.exe
  C:\Windows\System\bwFGTxP.exe
  2⤵
  PID:6748
- C:\Windows\System\OWpZKiF.exe
  C:\Windows\System\OWpZKiF.exe
  2⤵
  PID:7200
- C:\Windows\System\XMdjrYm.exe
  C:\Windows\System\XMdjrYm.exe
  2⤵
  PID:7216
- C:\Windows\System\ubyDSJB.exe
  C:\Windows\System\ubyDSJB.exe
  2⤵
  PID:7240
- C:\Windows\System\UwBMFUu.exe
  C:\Windows\System\UwBMFUu.exe
  2⤵
  PID:7336
- C:\Windows\System\kFSqJJQ.exe
  C:\Windows\System\kFSqJJQ.exe
  2⤵
  PID:7400
- C:\Windows\System\uXiGWBj.exe
  C:\Windows\System\uXiGWBj.exe
  2⤵
  PID:7436
- C:\Windows\System\mYfPRYR.exe
  C:\Windows\System\mYfPRYR.exe
  2⤵
  PID:7224
- C:\Windows\System\PXHjCOX.exe
  C:\Windows\System\PXHjCOX.exe
  2⤵
  PID:7544
- C:\Windows\System\cMFIbOY.exe
  C:\Windows\System\cMFIbOY.exe
  2⤵
  PID:7600
- C:\Windows\System\GHRwvYp.exe
  C:\Windows\System\GHRwvYp.exe
  2⤵
  PID:7676
- C:\Windows\System\zItHBWp.exe
  C:\Windows\System\zItHBWp.exe
  2⤵
  PID:7752
- C:\Windows\System\cYYjtLL.exe
  C:\Windows\System\cYYjtLL.exe
  2⤵
  PID:7696
- C:\Windows\System\rTFYNCz.exe
  C:\Windows\System\rTFYNCz.exe
  2⤵
  PID:7740
- C:\Windows\System\gbgOcpf.exe
  C:\Windows\System\gbgOcpf.exe
  2⤵
  PID:7884
- C:\Windows\System\aKKMDjG.exe
  C:\Windows\System\aKKMDjG.exe
  2⤵
  PID:7920
- C:\Windows\System\TaTQzko.exe
  C:\Windows\System\TaTQzko.exe
  2⤵
  PID:8000
- C:\Windows\System\KFCAPVB.exe
  C:\Windows\System\KFCAPVB.exe
  2⤵
  PID:8036
- C:\Windows\System\kSylUae.exe
  C:\Windows\System\kSylUae.exe
  2⤵
  PID:8120
- C:\Windows\System\cNsvFCW.exe
  C:\Windows\System\cNsvFCW.exe
  2⤵
  PID:8164
- C:\Windows\System\jDtVkeN.exe
  C:\Windows\System\jDtVkeN.exe
  2⤵
  PID:6692
- C:\Windows\System\fATeOpq.exe
  C:\Windows\System\fATeOpq.exe
  2⤵
  PID:7276
- C:\Windows\System\mFOLuPg.exe
  C:\Windows\System\mFOLuPg.exe
  2⤵
  PID:7328
- C:\Windows\System\XPEbFzT.exe
  C:\Windows\System\XPEbFzT.exe
  2⤵
  PID:7364
- C:\Windows\System\QPkTMNz.exe
  C:\Windows\System\QPkTMNz.exe
  2⤵
  PID:7500
- C:\Windows\System\MyLcXFi.exe
  C:\Windows\System\MyLcXFi.exe
  2⤵
  PID:7580
- C:\Windows\System\injpqvY.exe
  C:\Windows\System\injpqvY.exe
  2⤵
  PID:7640
- C:\Windows\System\mrvGFky.exe
  C:\Windows\System\mrvGFky.exe
  2⤵
  PID:7824
- C:\Windows\System\tdRIQaO.exe
  C:\Windows\System\tdRIQaO.exe
  2⤵
  PID:7916
- C:\Windows\System\iafZFQq.exe
  C:\Windows\System\iafZFQq.exe
  2⤵
  PID:7968
- C:\Windows\System\iArbnNp.exe
  C:\Windows\System\iArbnNp.exe
  2⤵
  PID:7976
- C:\Windows\System\QWqwFgs.exe
  C:\Windows\System\QWqwFgs.exe
  2⤵
  PID:8104
- C:\Windows\System\hhaFyNQ.exe
  C:\Windows\System\hhaFyNQ.exe
  2⤵
  PID:8100
- C:\Windows\System\EfwBvxO.exe
  C:\Windows\System\EfwBvxO.exe
  2⤵
  PID:7292
- C:\Windows\System\LxBWcZW.exe
  C:\Windows\System\LxBWcZW.exe
  2⤵
  PID:7432
- C:\Windows\System\wXKPAvp.exe
  C:\Windows\System\wXKPAvp.exe
  2⤵
  PID:5928
- C:\Windows\System\irizCSd.exe
  C:\Windows\System\irizCSd.exe
  2⤵
  PID:7716
- C:\Windows\System\UcSWtEB.exe
  C:\Windows\System\UcSWtEB.exe
  2⤵
  PID:7792
- C:\Windows\System\EByIpvy.exe
  C:\Windows\System\EByIpvy.exe
  2⤵
  PID:7984
- C:\Windows\System\hIazBAZ.exe
  C:\Windows\System\hIazBAZ.exe
  2⤵
  PID:6848
- C:\Windows\System\ikBAeYO.exe
  C:\Windows\System\ikBAeYO.exe
  2⤵
  PID:6704
- C:\Windows\System\KSgEIGQ.exe
  C:\Windows\System\KSgEIGQ.exe
  2⤵
  PID:7700
- C:\Windows\System\xhcisqf.exe
  C:\Windows\System\xhcisqf.exe
  2⤵
  PID:8084
- C:\Windows\System\eCqUfUV.exe
  C:\Windows\System\eCqUfUV.exe
  2⤵
  PID:7564
- C:\Windows\System\zqwAMYv.exe
  C:\Windows\System\zqwAMYv.exe
  2⤵
  PID:7936
- C:\Windows\System\thvmufe.exe
  C:\Windows\System\thvmufe.exe
  2⤵
  PID:7680
- C:\Windows\System\pAFHwvo.exe
  C:\Windows\System\pAFHwvo.exe
  2⤵
  PID:7212
- C:\Windows\System\UgUWbME.exe
  C:\Windows\System\UgUWbME.exe
  2⤵
  PID:7476
- C:\Windows\System\OULfahZ.exe
  C:\Windows\System\OULfahZ.exe
  2⤵
  PID:8204
- C:\Windows\System\edqhjUN.exe
  C:\Windows\System\edqhjUN.exe
  2⤵
  PID:8228
- C:\Windows\System\RAnLQWM.exe
  C:\Windows\System\RAnLQWM.exe
  2⤵
  PID:8248
- C:\Windows\System\bGjoaVN.exe
  C:\Windows\System\bGjoaVN.exe
  2⤵
  PID:8268
- C:\Windows\System\ueKWQBU.exe
  C:\Windows\System\ueKWQBU.exe
  2⤵
  PID:8284
- C:\Windows\System\NosyfSJ.exe
  C:\Windows\System\NosyfSJ.exe
  2⤵
  PID:8300
- C:\Windows\System\MuksmEd.exe
  C:\Windows\System\MuksmEd.exe
  2⤵
  PID:8332
- C:\Windows\System\XcdmxhS.exe
  C:\Windows\System\XcdmxhS.exe
  2⤵
  PID:8352
- C:\Windows\System\bUwBakZ.exe
  C:\Windows\System\bUwBakZ.exe
  2⤵
  PID:8368
- C:\Windows\System\Wnibiff.exe
  C:\Windows\System\Wnibiff.exe
  2⤵
  PID:8388
- C:\Windows\System\LNCiMip.exe
  C:\Windows\System\LNCiMip.exe
  2⤵
  PID:8424
- C:\Windows\System\DOxBTdv.exe
  C:\Windows\System\DOxBTdv.exe
  2⤵
  PID:8444
- C:\Windows\System\RhewSHo.exe
  C:\Windows\System\RhewSHo.exe
  2⤵
  PID:8464
- C:\Windows\System\OAWmPSb.exe
  C:\Windows\System\OAWmPSb.exe
  2⤵
  PID:8480
- C:\Windows\System\WAappos.exe
  C:\Windows\System\WAappos.exe
  2⤵
  PID:8500
- C:\Windows\System\CFGSMlU.exe
  C:\Windows\System\CFGSMlU.exe
  2⤵
  PID:8520
- C:\Windows\System\SQfpeEX.exe
  C:\Windows\System\SQfpeEX.exe
  2⤵
  PID:8544
- C:\Windows\System\CXrEUVZ.exe
  C:\Windows\System\CXrEUVZ.exe
  2⤵
  PID:8560
- C:\Windows\System\bTXmXpA.exe
  C:\Windows\System\bTXmXpA.exe
  2⤵
  PID:8580
- C:\Windows\System\LBYhXUH.exe
  C:\Windows\System\LBYhXUH.exe
  2⤵
  PID:8596
- C:\Windows\System\OGEHdPy.exe
  C:\Windows\System\OGEHdPy.exe
  2⤵
  PID:8616
- C:\Windows\System\aKYwsgF.exe
  C:\Windows\System\aKYwsgF.exe
  2⤵
  PID:8640
- C:\Windows\System\omFyZFZ.exe
  C:\Windows\System\omFyZFZ.exe
  2⤵
  PID:8660
- C:\Windows\System\uNLTkSJ.exe
  C:\Windows\System\uNLTkSJ.exe
  2⤵
  PID:8676
- C:\Windows\System\NnKIvHg.exe
  C:\Windows\System\NnKIvHg.exe
  2⤵
  PID:8696
- C:\Windows\System\RgiuvJH.exe
  C:\Windows\System\RgiuvJH.exe
  2⤵
  PID:8720
- C:\Windows\System\vVKZlCS.exe
  C:\Windows\System\vVKZlCS.exe
  2⤵
  PID:8740
- C:\Windows\System\UpQqwBf.exe
  C:\Windows\System\UpQqwBf.exe
  2⤵
  PID:8760
- C:\Windows\System\gdflVqn.exe
  C:\Windows\System\gdflVqn.exe
  2⤵
  PID:8780
- C:\Windows\System\FkIMbyN.exe
  C:\Windows\System\FkIMbyN.exe
  2⤵
  PID:8808
- C:\Windows\System\rGZPqmX.exe
  C:\Windows\System\rGZPqmX.exe
  2⤵
  PID:8824
- C:\Windows\System\xNIzIcs.exe
  C:\Windows\System\xNIzIcs.exe
  2⤵
  PID:8848
- C:\Windows\System\mgnNHYK.exe
  C:\Windows\System\mgnNHYK.exe
  2⤵
  PID:8864
- C:\Windows\System\EzyUiXg.exe
  C:\Windows\System\EzyUiXg.exe
  2⤵
  PID:8884
- C:\Windows\System\ZERUICq.exe
  C:\Windows\System\ZERUICq.exe
  2⤵
  PID:8904
- C:\Windows\System\AnyKKcp.exe
  C:\Windows\System\AnyKKcp.exe
  2⤵
  PID:8920
- C:\Windows\System\IrXafRx.exe
  C:\Windows\System\IrXafRx.exe
  2⤵
  PID:8936
- C:\Windows\System\wRBwESE.exe
  C:\Windows\System\wRBwESE.exe
  2⤵
  PID:8968
- C:\Windows\System\RDTVCEj.exe
  C:\Windows\System\RDTVCEj.exe
  2⤵
  PID:8984
- C:\Windows\System\rLdbsTd.exe
  C:\Windows\System\rLdbsTd.exe
  2⤵
  PID:9004
- C:\Windows\System\hGtHPrr.exe
  C:\Windows\System\hGtHPrr.exe
  2⤵
  PID:9024
- C:\Windows\System\nkDAyZZ.exe
  C:\Windows\System\nkDAyZZ.exe
  2⤵
  PID:9044
- C:\Windows\System\OYYJUmZ.exe
  C:\Windows\System\OYYJUmZ.exe
  2⤵
  PID:9060
- C:\Windows\System\lciybrB.exe
  C:\Windows\System\lciybrB.exe
  2⤵
  PID:9076
- C:\Windows\System\sctwYOU.exe
  C:\Windows\System\sctwYOU.exe
  2⤵
  PID:9096
- C:\Windows\System\UsjKDkK.exe
  C:\Windows\System\UsjKDkK.exe
  2⤵
  PID:9116
- C:\Windows\System\ZNdWaVm.exe
  C:\Windows\System\ZNdWaVm.exe
  2⤵
  PID:9132
- C:\Windows\System\rrYNpyM.exe
  C:\Windows\System\rrYNpyM.exe
  2⤵
  PID:9152
- C:\Windows\System\bMqqCjH.exe
  C:\Windows\System\bMqqCjH.exe
  2⤵
  PID:9176
- C:\Windows\System\dvAzVca.exe
  C:\Windows\System\dvAzVca.exe
  2⤵
  PID:9200
- C:\Windows\System\VFMmrlJ.exe
  C:\Windows\System\VFMmrlJ.exe
  2⤵
  PID:7772
- C:\Windows\System\PsjlLmP.exe
  C:\Windows\System\PsjlLmP.exe
  2⤵
  PID:8064
- C:\Windows\System\iKBAinX.exe
  C:\Windows\System\iKBAinX.exe
  2⤵
  PID:8236
- C:\Windows\System\FcRWBlt.exe
  C:\Windows\System\FcRWBlt.exe
  2⤵
  PID:8280
- C:\Windows\System\prXfUOO.exe
  C:\Windows\System\prXfUOO.exe
  2⤵
  PID:8296
- C:\Windows\System\vaiJErQ.exe
  C:\Windows\System\vaiJErQ.exe
  2⤵
  PID:8324
- C:\Windows\System\CwwxaGA.exe
  C:\Windows\System\CwwxaGA.exe
  2⤵
  PID:8364
- C:\Windows\System\OvKYzUV.exe
  C:\Windows\System\OvKYzUV.exe
  2⤵
  PID:7452
- C:\Windows\System\yGMjzgv.exe
  C:\Windows\System\yGMjzgv.exe
  2⤵
  PID:8404
- C:\Windows\System\SJiiGKr.exe
  C:\Windows\System\SJiiGKr.exe
  2⤵
  PID:8452
- C:\Windows\System\rOeNewk.exe
  C:\Windows\System\rOeNewk.exe
  2⤵
  PID:8496
- C:\Windows\System\IyBSKnp.exe
  C:\Windows\System\IyBSKnp.exe
  2⤵
  PID:8512
- C:\Windows\System\yTuBtNg.exe
  C:\Windows\System\yTuBtNg.exe
  2⤵
  PID:8556
- C:\Windows\System\DaNEyVn.exe
  C:\Windows\System\DaNEyVn.exe
  2⤵
  PID:8604
- C:\Windows\System\EAZOyYS.exe
  C:\Windows\System\EAZOyYS.exe
  2⤵
  PID:8624
- C:\Windows\System\VaRAjmM.exe
  C:\Windows\System\VaRAjmM.exe
  2⤵
  PID:8420
- C:\Windows\System\oHnfkrF.exe
  C:\Windows\System\oHnfkrF.exe
  2⤵
  PID:8652
- C:\Windows\System\JBmcBlF.exe
  C:\Windows\System\JBmcBlF.exe
  2⤵
  PID:8712
- C:\Windows\System\krpxKyW.exe
  C:\Windows\System\krpxKyW.exe
  2⤵
  PID:8752
- C:\Windows\System\trvDlCh.exe
  C:\Windows\System\trvDlCh.exe
  2⤵
  PID:8800
- C:\Windows\System\JCblHQP.exe
  C:\Windows\System\JCblHQP.exe
  2⤵
  PID:8832
- C:\Windows\System\ZtysgeO.exe
  C:\Windows\System\ZtysgeO.exe
  2⤵
  PID:8844
- C:\Windows\System\xPyZErq.exe
  C:\Windows\System\xPyZErq.exe
  2⤵
  PID:8892
- C:\Windows\System\EuXQwkk.exe
  C:\Windows\System\EuXQwkk.exe
  2⤵
  PID:8912
- C:\Windows\System\bseyTdS.exe
  C:\Windows\System\bseyTdS.exe
  2⤵
  PID:8960
- C:\Windows\System\xBVLtCp.exe
  C:\Windows\System\xBVLtCp.exe
  2⤵
  PID:8992
- C:\Windows\System\kHZEPXG.exe
  C:\Windows\System\kHZEPXG.exe
  2⤵
  PID:8980
- C:\Windows\System\xehEfKL.exe
  C:\Windows\System\xehEfKL.exe
  2⤵
  PID:9040
- C:\Windows\System\LZwsKJK.exe
  C:\Windows\System\LZwsKJK.exe
  2⤵
  PID:9140
- C:\Windows\System\RKaLqTn.exe
  C:\Windows\System\RKaLqTn.exe
  2⤵
  PID:9184
- C:\Windows\System\TIxUqiZ.exe
  C:\Windows\System\TIxUqiZ.exe
  2⤵
  PID:9092
- C:\Windows\System\IbSGstx.exe
  C:\Windows\System\IbSGstx.exe
  2⤵
  PID:9172
- C:\Windows\System\pMbzxHl.exe
  C:\Windows\System\pMbzxHl.exe
  2⤵
  PID:7860
- C:\Windows\System\XGxkMNa.exe
  C:\Windows\System\XGxkMNa.exe
  2⤵
  PID:8200
- C:\Windows\System\gTZuADu.exe
  C:\Windows\System\gTZuADu.exe
  2⤵
  PID:8320
- C:\Windows\System\LMJQEZM.exe
  C:\Windows\System\LMJQEZM.exe
  2⤵
  PID:8384
- C:\Windows\System\wGszgYE.exe
  C:\Windows\System\wGszgYE.exe
  2⤵
  PID:8408
- C:\Windows\System\CQoniMt.exe
  C:\Windows\System\CQoniMt.exe
  2⤵
  PID:8416
- C:\Windows\System\frIBthG.exe
  C:\Windows\System\frIBthG.exe
  2⤵
  PID:8460
- C:\Windows\System\nTUOVty.exe
  C:\Windows\System\nTUOVty.exe
  2⤵
  PID:8552
- C:\Windows\System\RhMOKYu.exe
  C:\Windows\System\RhMOKYu.exe
  2⤵
  PID:8592
- C:\Windows\System\DeaPHXP.exe
  C:\Windows\System\DeaPHXP.exe
  2⤵
  PID:8632
- C:\Windows\System\hoMvAdE.exe
  C:\Windows\System\hoMvAdE.exe
  2⤵
  PID:8704
- C:\Windows\System\mhuZZwF.exe
  C:\Windows\System\mhuZZwF.exe
  2⤵
  PID:8748
- C:\Windows\System\ZVFKphA.exe
  C:\Windows\System\ZVFKphA.exe
  2⤵
  PID:8768
- C:\Windows\System\NOfhQxz.exe
  C:\Windows\System\NOfhQxz.exe
  2⤵
  PID:8840
- C:\Windows\System\sTWPEuu.exe
  C:\Windows\System\sTWPEuu.exe
  2⤵
  PID:8932
- C:\Windows\System\bXQyrKn.exe
  C:\Windows\System\bXQyrKn.exe
  2⤵
  PID:8952
- C:\Windows\System\qhWFnqN.exe
  C:\Windows\System\qhWFnqN.exe
  2⤵
  PID:9012
- C:\Windows\System\cOViLAC.exe
  C:\Windows\System\cOViLAC.exe
  2⤵
  PID:9104
- C:\Windows\System\AVvTxFJ.exe
  C:\Windows\System\AVvTxFJ.exe
  2⤵
  PID:9196
- C:\Windows\System\HWGUXSb.exe
  C:\Windows\System\HWGUXSb.exe
  2⤵
  PID:9168
- C:\Windows\System\BdUJXjd.exe
  C:\Windows\System\BdUJXjd.exe
  2⤵
  PID:8260
- C:\Windows\System\DhojPrD.exe
  C:\Windows\System\DhojPrD.exe
  2⤵
  PID:8412
- C:\Windows\System\MNysrbZ.exe
  C:\Windows\System\MNysrbZ.exe
  2⤵
  PID:8528
- C:\Windows\System\jYIifsg.exe
  C:\Windows\System\jYIifsg.exe
  2⤵
  PID:8492
- C:\Windows\System\vOPAkpH.exe
  C:\Windows\System\vOPAkpH.exe
  2⤵
  PID:8612
- C:\Windows\System\rNEHtrt.exe
  C:\Windows\System\rNEHtrt.exe
  2⤵
  PID:8772
- C:\Windows\System\UqPEvOl.exe
  C:\Windows\System\UqPEvOl.exe
  2⤵
  PID:8860
- C:\Windows\System\cOuJxNr.exe
  C:\Windows\System\cOuJxNr.exe
  2⤵
  PID:8728
- C:\Windows\System\bBPeNgp.exe
  C:\Windows\System\bBPeNgp.exe
  2⤵
  PID:8376
- C:\Windows\System\VmYyRBb.exe
  C:\Windows\System\VmYyRBb.exe
  2⤵
  PID:8948
- C:\Windows\System\bWBIyow.exe
  C:\Windows\System\bWBIyow.exe
  2⤵
  PID:9112
- C:\Windows\System\nuiMvni.exe
  C:\Windows\System\nuiMvni.exe
  2⤵
  PID:9188
- C:\Windows\System\lvkNxpY.exe
  C:\Windows\System\lvkNxpY.exe
  2⤵
  PID:8340
- C:\Windows\System\LmVZWoD.exe
  C:\Windows\System\LmVZWoD.exe
  2⤵
  PID:8244
- C:\Windows\System\jUbgklA.exe
  C:\Windows\System\jUbgklA.exe
  2⤵
  PID:8532
- C:\Windows\System\pPFgRRC.exe
  C:\Windows\System\pPFgRRC.exe
  2⤵
  PID:8692
- C:\Windows\System\chjWjEk.exe
  C:\Windows\System\chjWjEk.exe
  2⤵
  PID:8872
- C:\Windows\System\uOoetXG.exe
  C:\Windows\System\uOoetXG.exe
  2⤵
  PID:8956
- C:\Windows\System\xISfyCz.exe
  C:\Windows\System\xISfyCz.exe
  2⤵
  PID:9056
- C:\Windows\System\GHlyRti.exe
  C:\Windows\System\GHlyRti.exe
  2⤵
  PID:8292
- C:\Windows\System\cFeEluX.exe
  C:\Windows\System\cFeEluX.exe
  2⤵
  PID:8256
- C:\Windows\System\pAKJxDm.exe
  C:\Windows\System\pAKJxDm.exe
  2⤵
  PID:9072
- C:\Windows\System\AoCaCno.exe
  C:\Windows\System\AoCaCno.exe
  2⤵
  PID:8900
- C:\Windows\System\SDrkOah.exe
  C:\Windows\System\SDrkOah.exe
  2⤵
  PID:9220
- C:\Windows\System\JyTUPFK.exe
  C:\Windows\System\JyTUPFK.exe
  2⤵
  PID:9240
- C:\Windows\System\runiKip.exe
  C:\Windows\System\runiKip.exe
  2⤵
  PID:9256
- C:\Windows\System\iYWzkaN.exe
  C:\Windows\System\iYWzkaN.exe
  2⤵
  PID:9272
- C:\Windows\System\HxGOKRG.exe
  C:\Windows\System\HxGOKRG.exe
  2⤵
  PID:9292
- C:\Windows\System\sBFWaJu.exe
  C:\Windows\System\sBFWaJu.exe
  2⤵
  PID:9352
- C:\Windows\System\tXsdoyT.exe
  C:\Windows\System\tXsdoyT.exe
  2⤵
  PID:9372
- C:\Windows\System\ECOXfww.exe
  C:\Windows\System\ECOXfww.exe
  2⤵
  PID:9388
- C:\Windows\System\UfSWUZb.exe
  C:\Windows\System\UfSWUZb.exe
  2⤵
  PID:9412
- C:\Windows\System\VSFKHuY.exe
  C:\Windows\System\VSFKHuY.exe
  2⤵
  PID:9432
- C:\Windows\System\EMmBykG.exe
  C:\Windows\System\EMmBykG.exe
  2⤵
  PID:9448
- C:\Windows\System\FPTmaZt.exe
  C:\Windows\System\FPTmaZt.exe
  2⤵
  PID:9468
- C:\Windows\System\efakhao.exe
  C:\Windows\System\efakhao.exe
  2⤵
  PID:9484
- C:\Windows\System\UCsBNEf.exe
  C:\Windows\System\UCsBNEf.exe
  2⤵
  PID:9504
- C:\Windows\System\ToJjHRh.exe
  C:\Windows\System\ToJjHRh.exe
  2⤵
  PID:9528
- C:\Windows\System\YQZkDIz.exe
  C:\Windows\System\YQZkDIz.exe
  2⤵
  PID:9544
- C:\Windows\System\jswjfoG.exe
  C:\Windows\System\jswjfoG.exe
  2⤵
  PID:9564
- C:\Windows\System\JBKckRh.exe
  C:\Windows\System\JBKckRh.exe
  2⤵
  PID:9580
- C:\Windows\System\MgZryaq.exe
  C:\Windows\System\MgZryaq.exe
  2⤵
  PID:9596
- C:\Windows\System\bJetqyg.exe
  C:\Windows\System\bJetqyg.exe
  2⤵
  PID:9628
- C:\Windows\System\aUbXSoc.exe
  C:\Windows\System\aUbXSoc.exe
  2⤵
  PID:9648
- C:\Windows\System\iLMwilK.exe
  C:\Windows\System\iLMwilK.exe
  2⤵
  PID:9672
- C:\Windows\System\lLWspoT.exe
  C:\Windows\System\lLWspoT.exe
  2⤵
  PID:9696
- C:\Windows\System\QFXXySJ.exe
  C:\Windows\System\QFXXySJ.exe
  2⤵
  PID:9712
- C:\Windows\System\eBrsoIE.exe
  C:\Windows\System\eBrsoIE.exe
  2⤵
  PID:9732
- C:\Windows\System\SnWBclw.exe
  C:\Windows\System\SnWBclw.exe
  2⤵
  PID:9752
- C:\Windows\System\bBzmyGF.exe
  C:\Windows\System\bBzmyGF.exe
  2⤵
  PID:9772
- C:\Windows\System\LLSAYWC.exe
  C:\Windows\System\LLSAYWC.exe
  2⤵
  PID:9792
- C:\Windows\System\JfQfPRw.exe
  C:\Windows\System\JfQfPRw.exe
  2⤵
  PID:9820
- C:\Windows\System\rPFdeCG.exe
  C:\Windows\System\rPFdeCG.exe
  2⤵
  PID:9836
- C:\Windows\System\BPAJPzp.exe
  C:\Windows\System\BPAJPzp.exe
  2⤵
  PID:9852
- C:\Windows\System\qWbvyZQ.exe
  C:\Windows\System\qWbvyZQ.exe
  2⤵
  PID:9868
- C:\Windows\System\luEjvQi.exe
  C:\Windows\System\luEjvQi.exe
  2⤵
  PID:9884
- C:\Windows\System\hJmNlWj.exe
  C:\Windows\System\hJmNlWj.exe
  2⤵
  PID:9908
- C:\Windows\System\VVQWiex.exe
  C:\Windows\System\VVQWiex.exe
  2⤵
  PID:9924
- C:\Windows\System\lNVulLI.exe
  C:\Windows\System\lNVulLI.exe
  2⤵
  PID:9944
- C:\Windows\System\SFjUAMh.exe
  C:\Windows\System\SFjUAMh.exe
  2⤵
  PID:9964
- C:\Windows\System\AXtZhiD.exe
  C:\Windows\System\AXtZhiD.exe
  2⤵
  PID:9980
- C:\Windows\System\pQHfQPE.exe
  C:\Windows\System\pQHfQPE.exe
  2⤵
  PID:10020
- C:\Windows\System\mGlONoc.exe
  C:\Windows\System\mGlONoc.exe
  2⤵
  PID:10036
- C:\Windows\System\pcvtenM.exe
  C:\Windows\System\pcvtenM.exe
  2⤵
  PID:10056
- C:\Windows\System\tTENYwE.exe
  C:\Windows\System\tTENYwE.exe
  2⤵
  PID:10076
- C:\Windows\System\sCsKEfV.exe
  C:\Windows\System\sCsKEfV.exe
  2⤵
  PID:10100
- C:\Windows\System\KcbSsNZ.exe
  C:\Windows\System\KcbSsNZ.exe
  2⤵
  PID:10120
- C:\Windows\System\YWfITEa.exe
  C:\Windows\System\YWfITEa.exe
  2⤵
  PID:10136
- C:\Windows\System\kfQHMcz.exe
  C:\Windows\System\kfQHMcz.exe
  2⤵
  PID:10164
- C:\Windows\System\YCqystf.exe
  C:\Windows\System\YCqystf.exe
  2⤵
  PID:10180
- C:\Windows\System\sCazwfC.exe
  C:\Windows\System\sCazwfC.exe
  2⤵
  PID:10200
- C:\Windows\System\bBoIPQa.exe
  C:\Windows\System\bBoIPQa.exe
  2⤵
  PID:10216
- C:\Windows\System\bpQfhty.exe
  C:\Windows\System\bpQfhty.exe
  2⤵
  PID:8224
- C:\Windows\System\pzhySHR.exe
  C:\Windows\System\pzhySHR.exe
  2⤵
  PID:8788
- C:\Windows\System\TgwnKnq.exe
  C:\Windows\System\TgwnKnq.exe
  2⤵
  PID:9252
- C:\Windows\System\BuCxnLd.exe
  C:\Windows\System\BuCxnLd.exe
  2⤵
  PID:8588
- C:\Windows\System\hzjjhlK.exe
  C:\Windows\System\hzjjhlK.exe
  2⤵
  PID:9236
- C:\Windows\System\XjOtqIh.exe
  C:\Windows\System\XjOtqIh.exe
  2⤵
  PID:9308
- C:\Windows\System\VECDhDC.exe
  C:\Windows\System\VECDhDC.exe
  2⤵
  PID:9332
- C:\Windows\System\InTbNvu.exe
  C:\Windows\System\InTbNvu.exe
  2⤵
  PID:2576
- C:\Windows\System\GbjXsDE.exe
  C:\Windows\System\GbjXsDE.exe
  2⤵
  PID:9404
- C:\Windows\System\lkMfNfD.exe
  C:\Windows\System\lkMfNfD.exe
  2⤵
  PID:9400
- C:\Windows\System\iMManrQ.exe
  C:\Windows\System\iMManrQ.exe
  2⤵
  PID:9456
- C:\Windows\System\qcVwuDC.exe
  C:\Windows\System\qcVwuDC.exe
  2⤵
  PID:9524
- C:\Windows\System\uiBPigj.exe
  C:\Windows\System\uiBPigj.exe
  2⤵
  PID:9552
- C:\Windows\System\KzGyFaW.exe
  C:\Windows\System\KzGyFaW.exe
  2⤵
  PID:9588
- C:\Windows\System\FwMeVKI.exe
  C:\Windows\System\FwMeVKI.exe
  2⤵
  PID:9496
- C:\Windows\System\XFYnzPg.exe
  C:\Windows\System\XFYnzPg.exe
  2⤵
  PID:9612
- C:\Windows\System\TmHMFwK.exe
  C:\Windows\System\TmHMFwK.exe
  2⤵
  PID:9636
- C:\Windows\System\ocWiGMa.exe
  C:\Windows\System\ocWiGMa.exe
  2⤵
  PID:9680
- C:\Windows\System\eRLcdtu.exe
  C:\Windows\System\eRLcdtu.exe
  2⤵
  PID:9724
- C:\Windows\System\rWYEEHo.exe
  C:\Windows\System\rWYEEHo.exe
  2⤵
  PID:9340
- C:\Windows\System\cgBjLLm.exe
  C:\Windows\System\cgBjLLm.exe
  2⤵
  PID:9800
- C:\Windows\System\keyOkuq.exe
  C:\Windows\System\keyOkuq.exe
  2⤵
  PID:9812
- C:\Windows\System\fcpQPGN.exe
  C:\Windows\System\fcpQPGN.exe
  2⤵
  PID:9832
- C:\Windows\System\NCdtANf.exe
  C:\Windows\System\NCdtANf.exe
  2⤵
  PID:9900
- C:\Windows\System\AajJtqF.exe
  C:\Windows\System\AajJtqF.exe
  2⤵
  PID:9916
- C:\Windows\System\TardCCt.exe
  C:\Windows\System\TardCCt.exe
  2⤵
  PID:9992
- C:\Windows\System\NOgFFcJ.exe
  C:\Windows\System\NOgFFcJ.exe
  2⤵
  PID:9976
- C:\Windows\System\puirUgR.exe
  C:\Windows\System\puirUgR.exe
  2⤵
  PID:10028
- C:\Windows\System\WxjzdMw.exe
  C:\Windows\System\WxjzdMw.exe
  2⤵
  PID:10072
- C:\Windows\System\fnBUnju.exe
  C:\Windows\System\fnBUnju.exe
  2⤵
  PID:10092
- C:\Windows\System\MPPOGss.exe
  C:\Windows\System\MPPOGss.exe
  2⤵
  PID:10132
- C:\Windows\System\ILascRV.exe
  C:\Windows\System\ILascRV.exe
  2⤵
  PID:10152
- C:\Windows\System\bWHCyXb.exe
  C:\Windows\System\bWHCyXb.exe
  2⤵
  PID:10192
- C:\Windows\System\stZzdsB.exe
  C:\Windows\System\stZzdsB.exe
  2⤵
  PID:10236
- C:\Windows\System\uRzbfrl.exe
  C:\Windows\System\uRzbfrl.exe
  2⤵
  PID:9248
- C:\Windows\System\MMKLkgD.exe
  C:\Windows\System\MMKLkgD.exe
  2⤵
  PID:9288
- C:\Windows\System\FoLfizS.exe
  C:\Windows\System\FoLfizS.exe
  2⤵
  PID:9360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AVyXges.exe

Filesize
6.0MB

MD5
1a81d67b6505375470b8e4e75f0423eb

SHA1
08ddeb1a3e22ed7a3f64e2606a0fa0a90208e0ff

SHA256
350f12b699a4bdeafe2a5901f6222e3d19f39993e30dc108b0c0e9cb273903f6

SHA512
7197beeff729a1eaaefbc1ac57d4fd7f959489ce5135528b3aafedbb3e67eb53fcf2bfa69c68851c0bc8cddc26852891fee3d89e67b2722239050b6bb75ebc03

Download Submit
C:\Windows\system\AYydmFx.exe

Filesize
6.0MB

MD5
6606bb82de051c23e03f2155f7ef6fa4

SHA1
b9185c00464bc6644f2f8c7b91890077baf217a7

SHA256
40b1de677ca5ad7bc7e5c145acf68c66d88b0bd6f5ec7120170722752fd3a824

SHA512
6a2ea44fe1891187910db552d8cb5b77afb9fa8d2f3c880e6eff30b706adb0832df3eca09948830feb4875dba57520977209357010906f1e4ef696790b119628

Download Submit
C:\Windows\system\AedaHuo.exe

Filesize
6.0MB

MD5
ee240cc21a0bc2697ea4f94bd8b27596

SHA1
798a3ad6ebd0ae1c5a0ef07b889820f87e14476a

SHA256
f41481589f590baff1d3489f2956c7700737ea522a2b8bc3b891dacd15024bcd

SHA512
d90b15c6eed3973c3f333cbadd37397dc707397ab1bf0888480afbce8aee536ca0afa2995a766ce1fe8b1d601d43c7faa8a98ac4a70e4163d957969096e36654

Download Submit
C:\Windows\system\IGPafya.exe

Filesize
6.0MB

MD5
0fcd07a81d880e84b0b07a0e2df51052

SHA1
d3d5b02deed67cc25a8d3e30d8a5a8a0cecfdbf8

SHA256
df432aa1e63dcafaa537ebe4cdb43962d8e3346d52b65e80f3b64f2f78622539

SHA512
1f381e755f2997a4b73fc92179c11ae975b0fa4e901c4fede89ca0d8bc8f426c7168338e8d9b3a6df884671d0edba78e4bac47456fe70519d84bcc48bddcfee5

Download Submit
C:\Windows\system\IktieEb.exe

Filesize
6.0MB

MD5
5a6279f0be4b13b329482ad4bbbae537

SHA1
b816fcb28b538545d67004e4f95cc9e38641743d

SHA256
58e729716c21566be1d871d2188e7a1680087bd5ca7ef1761ac593426d46b17b

SHA512
2846752022338aa96cabd69a62f7e2614ba4e5fc8d438ea7e2557ac2ddcdfbd9f8b6e1becde3273bae1d135c9eeb786bbf9845717fb09c7cbbb4bc62da8d9067

Download Submit
C:\Windows\system\JEUAleS.exe

Filesize
6.0MB

MD5
e41b3814fcae8555e589b55f0f64a57f

SHA1
6db68619054b0b526de80616b472988ae007564f

SHA256
c430b942f8c99754bfe7dc505e2a452ef882179c218c3dafc91ace7374b8aa28

SHA512
2e51dcd84514b4f75c67c65c132ddfb5e2977877438b5379b12db11b5c836f025597ac0f1e6732a152a5a58f5134d245167c04f779de4a5abefb06f5bc3ce7c4

Download Submit
C:\Windows\system\LrSKGsA.exe

Filesize
6.0MB

MD5
bfcdb3856967cdd1dd58a9c70fb1e3b2

SHA1
df66ef6333f1104bae284f4f4fca1c6f30bc2334

SHA256
adc317d297498dd67c4d9718872fba3060ecdd2cc9866da9a7e9d73ec94892aa

SHA512
8c2bf5a1ca266ca9cdcfafb62f558995b1fee54fed3f1c40655cec4eaaedeccc60153e784c5abd5bcf018d2a16bef7f1037c974529a323f6ddde07c432ea0dc0

Download Submit
C:\Windows\system\MLPWCac.exe

Filesize
6.0MB

MD5
2d5e80a102ad69ecc859981bdb8b7c1a

SHA1
cb041d13662520406f05927437f5900dc69bf617

SHA256
84addf0321c90fd40b764553003766122c2aea42bdb3525ee40ebe5852979449

SHA512
19002d1f200d6f7f5ad7cd9bc7e51026e5752c24d341ce7482cbdb235107a7128abb6e34ff21cb84758ffcdb60e603cd2057761d76f1a759955e01123f02885e

Download Submit
C:\Windows\system\OFYCFpk.exe

Filesize
6.0MB

MD5
0008b7770e09f0dc00a1ce2b859ff5f0

SHA1
7369c525601ef1033b98247ae2543f607d1d9494

SHA256
4009aecfbc46e948be8f117ed480fbbe42eff2e058a2f340cc1650ebd9c24551

SHA512
b2336fb85ebfd8d64bc63900204ede71426aa6e898281a58d536ead0e7445f71e59c3731f714ed0f6d81c80ac9370ca0137ee1fb0afb022be31032bef3c8e844

Download Submit
C:\Windows\system\WGajiuJ.exe

Filesize
6.0MB

MD5
84309832fa252227bc9b13df2f76854b

SHA1
23de70cbee55b2cd2974b9673019fe717f07e5da

SHA256
87458eeb40d6b354b64d09be6be3f51ee418f6ef9ef92bc01931907811dbeec7

SHA512
3fdaed2ebc59e6322681a69179e2f56e3890bfa53986852319d4067be6f93411713d367876e59eeb2c7b58936456221e6000bccbbbf43150990533faee40f31d

Download Submit
C:\Windows\system\WVSHhyq.exe

Filesize
6.0MB

MD5
35cc8066ac8aeed09b3f553a679de306

SHA1
ccdcf07e61ef1cb66c889d3e5d431926cea8d9ab

SHA256
901c6ee3a70e7a0a498f0b00c6e2b043dfdf243cfd295f7dfc604eec3041933a

SHA512
c4b23b80b2b68f9620ba5f12355db9c06bd54596bf09d975b8ddfb57f4db55a660973417b519575932bbc36a5b0902437aaf01ad2b4c151cc287bc935a6f61b7

Download Submit
C:\Windows\system\WouyrXG.exe

Filesize
6.0MB

MD5
0ca8a8f92e59295cb50881465ffb98b3

SHA1
2c12c4799976fdd7786bfa5f88c7da0bc32b88e7

SHA256
a5f112e549022a1cb3b71a50e9c127e56c77ad6febc5d499627c4f6a8f1e734d

SHA512
69d335db90c5e674174352a2e78114a7b58c032c1607e05d1b231e6cac0b125cdb50da8ac5902c07ad2fdb874058a106a1a22a91b6831c73fe5ad826a66d595a

Download Submit
C:\Windows\system\YMAmJug.exe

Filesize
6.0MB

MD5
edd6f8fb3f3bc62c0bc49fa457db9cc5

SHA1
d98efa54e7cd76bae0cfbf5973a7561e7180c439

SHA256
99a11ef5f3778769de1bfa1f1753b8b0c91c92f7d79cbdcd7e9531d8692caf59

SHA512
21b5cd7d6493690c67c70c95662be0cbbec826194bc50de7b175e441160260c616c045e3287e281778cffa6d76be50f0007f4f163fef38ede018e0357ce871f5

Download Submit
C:\Windows\system\YzTMGzV.exe

Filesize
6.0MB

MD5
5d40d0e431c7a3f37f2ab58ed7791c7c

SHA1
fd94e3b163fe009a6ac1ba03c13bab91af11b3f4

SHA256
efbbad1fb0394ad1ecb3bac273cc7ad65ca0536a7c68b00ca6a31a7aae03ab0d

SHA512
1af4e225cc7a20e1d15636e74ea6303f6e8c9d5708b5345925133d889065d98656f4437c4aeee2fd8965496259c8ae004fa4b30c7aac52892ac52fcae5b331d7

Download Submit
C:\Windows\system\ZRxiWgF.exe

Filesize
6.0MB

MD5
0c3b2593ed514f74349c9e94deedc6cd

SHA1
02115fffa21c38ca9a7073e2adbb7062837e937f

SHA256
140cdb52af3cb534cd34d6d0836f6e6f6dd39f9dc45182588a3a23e0916a3802

SHA512
6219c4c1d6208cfb18f7afbd9a4d9879da638acc34e462731c3b77039f571cb64bdcbb0f19b1e1968a982681b1bbd193861f72f579616f511d054a530b12bfae

Download Submit
C:\Windows\system\ZkdkuiC.exe

Filesize
6.0MB

MD5
659bc528fd98075fa6262696bfb4b02d

SHA1
e7de4e82a51ef6991af27348bba57d149965011f

SHA256
7a3897f5eb6ec52e919353e8562c2639ebcb37fe8084052df47679ff157205d0

SHA512
8725d9b6f2c827d2407ea51d3c5e895522b4a084fbae53d14052f751bad415880aad240c175cb37b0f9fa28190018326289d87f835d3b200a9a903fae53c455e

Download Submit
C:\Windows\system\cGwrpwq.exe

Filesize
6.0MB

MD5
021cac1311e85c20c6c12423605b5fb4

SHA1
cdff9e1e8ec781bf2ce791ce0ed20d36ac73bb2b

SHA256
fef5b4fc79e42bc0dd42c9f6b99d9f5b400cc4293cdb8c32e83580b04fe26ce1

SHA512
0eb0f42a86d13f5a8899b35745e0e9b5a60798cd53c4d3141adb4172a70fa75ac8ef3631df4f31bd658c904eacb43bde6b5eee3ea9f637c021ed1d38e5bb6558

Download Submit
C:\Windows\system\djhQdPR.exe

Filesize
6.0MB

MD5
9ad9692cf00ae7031eb64e0dcf3a545d

SHA1
3bd1422eab1a618c1c2adc35917c449bce109559

SHA256
03471fb90243a2c4ccabf193e404aa3e5e5b3624550593c2eb08c05541d38659

SHA512
2c13d79d88939c95571bceb6ef645baa4bce6137317c7e9c49c0be628fbc50763aca6a1065f4397041efb23b77ffc5e8031e4c26957ff2c4b6512d083ff1f534

Download Submit
C:\Windows\system\ifnIeoq.exe

Filesize
6.0MB

MD5
1c4d3e97319435da1260356eb015e8f7

SHA1
6039d63cb59f46b4fc2a223660d446cbb96cd2b2

SHA256
91f7896c9972c61940aca984e3deb4308e3f551d400419b80e7c577e6bd1947b

SHA512
c44fe4758303a7d16fd55c26586fece9698fb20f383b16e90eba452aa5388fd3597927acd15b375cdcab66799f713ca3ae6bdcb3c33163586d2ff239b4509b19

Download Submit
C:\Windows\system\mVuJjaf.exe

Filesize
6.0MB

MD5
30a0286e0943e3c37450ff197ec7440e

SHA1
e8334bcc4b8dd46adfb03a40cc003ae6bd6de141

SHA256
8ff330ac754b2c887332423872c137a2c96f187f926dae898f0ad8f5923ef827

SHA512
5dd49a85fd7d3ac48c665404d463e01393ba8b3941f17d75f7b947cf2da735a173189e41fb69cd53de97c04f7531fd875610c99742d0a1eb1eb1c0567d55f49b

Download Submit
C:\Windows\system\mcxqwtj.exe

Filesize
6.0MB

MD5
479c7af8d7245da8fd04b6f052713194

SHA1
4666c91eeb0c8692d0a151ce00df3ddc874b8085

SHA256
d999eb2c8e515cfd3004746b868ceb671d5cc860a64c9eb5dc324ba51db18ef8

SHA512
18da4b72e5b6cf7cb4303935630a19176b0abe23e65ed69616ba3ceda52cf3f17bbff9e585f23d34a1cedcd9a3873564b366875f0fba429c6cc1bcfda550022b

Download Submit
C:\Windows\system\nuqUGzh.exe

Filesize
6.0MB

MD5
a90911e2270c63d7cb0db7271554fdba

SHA1
9a3a0e661325ecfaf9ec7602666c868c9cfbc2ff

SHA256
ed8edc23b35e87cb596fcf6b920c6c7c3254182eb295df80fb58e81defdd9370

SHA512
7a70979bd2516f6b1e4b099e0f0c48cb8e967cdc7c6b9a3fd273bfb956ab27afd6a02cd402f7425611e7eb6082fdf91594a454a5a96d28c597bca7b612f6aace

Download Submit
C:\Windows\system\osXIHsh.exe

Filesize
6.0MB

MD5
83ab7becb184567519c8560e9fa9ae17

SHA1
1c02bdb6a84ba4f9c5b47f6ae734c94bc7e63efc

SHA256
06f48f48ce86fc308d27f5935f2010c957f9d3ae3c476abab46eb10ecd5cf77b

SHA512
12c6d7e7c793be557c42f02cc265dfb2284e46339826d4aef1f3c1fbdb728321b681bb865f76f19d0b459beaebe602fa2d75c9ab9d37cf9db0564d37ff79f798

Download Submit
C:\Windows\system\qgHIkpu.exe

Filesize
6.0MB

MD5
b85c97f89b78c4204ac3d55fb64659ff

SHA1
3b0984aed76414353f49729bb254c0e3fd18bf2f

SHA256
f94809884fefa50b5ac310bfb2ac75b2a1b9cbe13814469115a1603a1bf7e2df

SHA512
4c96168aade3da25f4f85bd46bc38d6c5df6e414d0c08add51835fa01a1c3a7d26257ef058981082eded0696a7acdcc4e58721bf911f1b18e1072bc0c288c899

Download Submit
C:\Windows\system\zqdPpCy.exe

Filesize
6.0MB

MD5
c6d5a84daec8c00bae20dbe00d8f6b81

SHA1
4d483d8d194094f6bf5a078f6366f2696a8ea80f

SHA256
538cae66b95812d5b6ff86e30fea8288335df235c80084b0929370b27bc770fd

SHA512
4ae127efb62495c969c34877ab54269fd034084ec062ecb46b3e87adac313491829b339c2f5b36848060c49cf168f0fa9f4d58faa2b8e5bed8a6cbeb0582761a

Download Submit
\Windows\system\ROJWTuR.exe

Filesize
6.0MB

MD5
8cf63b78ca66311281963db08c314c4f

SHA1
990f73017247e672672432369fb77553d313304e

SHA256
c2010e5bbc5d67a0775722600de12c9fff88de842a5f5a3570d074f29751254f

SHA512
0e386e4aec05cd72b480853af9d7e432f2a729f3a45a36acb81bee38f16ea88545c2d0240ce45da39d1c234d485c7259eae7706c4aef5530dce45f3c883e220d

Download Submit
\Windows\system\TavBOOC.exe

Filesize
6.0MB

MD5
e9847aeedc7fc02c60f55962a716dc98

SHA1
3a460f476553eb92635b07ed899ca5b1d756850e

SHA256
e547f04efb3ffb044d1923a4051a4fb6db7ebfa76c7e4e4ec1f5f9d2a5eb3ac5

SHA512
1155c98dc9bf79d79e79c5b8b17189ec722664edba7b8e29ea6b03426cd3a5a989223c31629b734a1a8d714d7b1d861222f1552afbe196e918acbda72a01d376

Download Submit
\Windows\system\btTrLiN.exe

Filesize
6.0MB

MD5
975a1734126a5ce21c331f39f8cd97a8

SHA1
194c78569ba2dd7af3ff66c13fed3b4a9ebe7a15

SHA256
df692490de4b2f792b7b1ee60316c57a1aa76a7f6913e1c1372482ace0ab7628

SHA512
2dd5f10b269eb915f9c9b0bcb28bc0bf7e80b9fb236b699be6f17b782f6b6872a4077bddb8614ec66f45f775a5a0c63f82853a2efc0e002f765afba1fbdb1a22

Download Submit
\Windows\system\cXEThYe.exe

Filesize
6.0MB

MD5
ec6a8005ee7d1a6b670453b84f445bc7

SHA1
6e695e95e1dd27eed16b57b57e239a2a0a51180d

SHA256
a7cd2499d77ff179b755e75af67ad39c49b1085230f22f0aa9f0364fd8b13f9d

SHA512
c8c91416ba20e19a7c415172c852c9ac16661c5f6f432f7af9ead27c5d97d2fb3a47c82e6e6907752861ccc8a307e5cac00d41433d2c56ca61bd4de8e5547a51

Download Submit
\Windows\system\mugbzog.exe

Filesize
6.0MB

MD5
a62e9cc45e78fe09a3c9d83ba8b1db5b

SHA1
aa2240151c35e72d1a33b0387d5f6d7092bbf400

SHA256
b96aa23ecd8daa95e3849da55b9b941fdf690bfd3beaa912acde42e25094a695

SHA512
b7bed47b43f0952504ae6520f65b9adce318aaddb5f10f99c942f0fdd6b4f035fd31c06c5a3a25fefaa96e44b2d5d125829af53a29e9e01b7114577663659eb8

Download Submit
\Windows\system\olDjEwc.exe

Filesize
6.0MB

MD5
cb24632e83272b7fdbc30019fd3f02a5

SHA1
4545b1bbe77a228369bb4dfd13db0d8d518b1945

SHA256
90f289e4c592fc8a96c324f8c6ffcbaff5338879edef8b872cba3d9b04911c8b

SHA512
5efdf3d53e4602688b5baaf51fd375d9de434aa083b13f06de5caaafcb385159bf4e4f4c0d329a4b38e6d84b6002c265e51b5d0e40edabe1c1c37d6a00558984

Download Submit
\Windows\system\vgcYDiX.exe

Filesize
6.0MB

MD5
52c2ef52b153fa3bb7e955ab28132f7d

SHA1
c65a04d129649288a141e513d2589ca1f68154ef

SHA256
36b542e4243fd4d04dcd0f9b267475e3a054ac757cbdd3fa0cffc19ea0d752c3

SHA512
4e42220c8e6d017e851af3c16c85fbb243cd7eb7918dfd3887759bcf6e6a0df3a163770965f011a740cc84a5a577dba236b1e968bf32eb87b11e384aa82a1076

Download Submit
memory/1196-108-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1196-1030-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1196-67-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1644-254-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1644-100-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1644-1034-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1672-1035-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1672-317-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1672-109-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1880-84-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1032-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1880-160-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2004-114-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2004-75-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2004-1031-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2380-52-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2380-90-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1028-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1033-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-226-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-91-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-60-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-99-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1029-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-76-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1026-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-83-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1027-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2740-44-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2776-15-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-55-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-104-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-112-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-20-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-140-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-187-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-32-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-36-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-39-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2776-42-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-115-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2776-0-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-6-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-248-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2776-25-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2776-96-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2776-95-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-281-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-105-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-79-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-389-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2776-50-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2776-87-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2776-74-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-63-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-16-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1023-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-66-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2832-29-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1025-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2924-13-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1042-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2924-43-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1024-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-22-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-59-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download