cobaltstrike | 3e5cd8e0d6e9545e09ce2afe6f33327a003cc470cfc629d57eff0fc4f5361657

Analysis

max time kernel
96s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

195d22055213080a1a9eabfecad52b63
SHA1

04961da27612446727b325af4944b638ec36619e
SHA256

3e5cd8e0d6e9545e09ce2afe6f33327a003cc470cfc629d57eff0fc4f5361657
SHA512

86cc6082f595f34500a94090a8d2dd299ea7d4f818d79af9be0095488140a23290dec31d8a5766062eb5648ff58a95612f72bebf9e3567b3b8661bab25051de8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU/:T+q56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-6.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c6-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ca-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186d9-18.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186dd-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018710-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018718-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019240-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-56.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1940-0-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-6.dat	xmrig
behavioral1/files/0x00060000000186c6-8.dat	xmrig
behavioral1/files/0x00070000000186ca-16.dat	xmrig
behavioral1/files/0x00060000000186d9-18.dat	xmrig
behavioral1/files/0x00060000000186dd-26.dat	xmrig
behavioral1/files/0x0006000000018710-30.dat	xmrig
behavioral1/files/0x0009000000018718-36.dat	xmrig
behavioral1/files/0x0007000000019240-38.dat	xmrig
behavioral1/files/0x0005000000019605-46.dat	xmrig
behavioral1/files/0x0005000000019606-50.dat	xmrig
behavioral1/files/0x000500000001960a-60.dat	xmrig
behavioral1/files/0x000500000001961c-71.dat	xmrig
behavioral1/files/0x00050000000196a1-85.dat	xmrig
behavioral1/files/0x0005000000019c3c-101.dat	xmrig
behavioral1/files/0x000500000001a07e-146.dat	xmrig
behavioral1/files/0x000500000001a307-160.dat	xmrig
behavioral1/memory/1940-1819-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2816-1844-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2368-1828-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2744-1846-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2520-1848-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2756-1853-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019dbf-138.dat	xmrig
behavioral1/files/0x0005000000019f94-135.dat	xmrig
behavioral1/files/0x000500000001a09e-154.dat	xmrig
behavioral1/files/0x000500000001a075-143.dat	xmrig
behavioral1/files/0x0005000000019f8a-133.dat	xmrig
behavioral1/files/0x0005000000019cca-120.dat	xmrig
behavioral1/files/0x0005000000019c57-110.dat	xmrig
behavioral1/files/0x0005000000019d8e-124.dat	xmrig
behavioral1/files/0x0005000000019cba-114.dat	xmrig
behavioral1/files/0x0005000000019c3e-105.dat	xmrig
behavioral1/files/0x0005000000019c34-95.dat	xmrig
behavioral1/files/0x0005000000019926-90.dat	xmrig
behavioral1/files/0x0005000000019667-80.dat	xmrig
behavioral1/files/0x000500000001961e-75.dat	xmrig
behavioral1/files/0x000500000001960c-65.dat	xmrig
behavioral1/files/0x0005000000019608-56.dat	xmrig
behavioral1/memory/2624-1999-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2864-2001-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2960-2003-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2608-2005-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2668-2007-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2096-2055-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/1228-2057-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2888-2059-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2740-2068-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/1940-2722-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/1940-2858-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1940-2854-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2816-4240-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2368-4248-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2744-4247-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2888-4246-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2960-4250-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1228-4251-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2520-4252-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2668-4253-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2624-4249-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2756-4245-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2864-4244-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2608-4243-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2096-4242-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2888	biWfoVY.exe
2740	iziJDSQ.exe
2368	pDDhQTB.exe
2816	fyEunZL.exe
2744	IVUwzLU.exe
2520	TgFcLXd.exe
2756	LxeqwAw.exe
2624	qtMAeJw.exe
2864	NHhVukt.exe
2960	oqVTSrq.exe
2608	OmlPxsZ.exe
2668	snhJsGZ.exe
2096	HspfSFy.exe
1228	bwrDxec.exe
2536	tlQVWqL.exe
1944	uLWIggN.exe
1044	bcNWwtC.exe
1840	DMfdTrV.exe
2408	xzbyfda.exe
1952	llKLHzd.exe
2516	GvhnZWv.exe
1392	AIhMhsk.exe
1924	aNtRZyz.exe
2468	jlqYYMD.exe
2984	IvwLTbR.exe
3048	xosNApy.exe
1060	zbfUexK.exe
3040	ZzKKARs.exe
1912	VGQvbuL.exe
1548	SFlwoVu.exe
2364	GEnVXrn.exe
2392	elExClU.exe
2404	oIbnscw.exe
1724	LgRlwHz.exe
1600	DRTfpBH.exe
2512	CSLUqOh.exe
892	WIVrAiz.exe
1696	nLmCOCk.exe
948	AiIleTa.exe
2000	FDZZZCf.exe
980	lzlCXXR.exe
1544	XiVtuDl.exe
1476	COjdCwZ.exe
1764	HLyYKiR.exe
2348	hsXSLyG.exe
1260	xwlaWdu.exe
1336	ZqCUvUm.exe
1004	flhAosS.exe
3012	lFOtcSh.exe
1576	XUITEzP.exe
2956	SonHUzn.exe
2904	jbIMNjw.exe
1480	bqaAKsn.exe
2524	CjDEzNH.exe
1484	kepBaTZ.exe
1112	wEmaQec.exe
1072	XUVgDFi.exe
1500	NgORNvv.exe
2020	VLvDZOf.exe
1604	iYWXfOt.exe
2320	PaCUcBN.exe
2504	sRDEuSu.exe
2752	hJxSBEk.exe
2728	neGPyeK.exe

Loads dropped DLL 64 IoCs

pid	Process
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1940-0-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-6.dat	upx
behavioral1/files/0x00060000000186c6-8.dat	upx
behavioral1/files/0x00070000000186ca-16.dat	upx
behavioral1/files/0x00060000000186d9-18.dat	upx
behavioral1/files/0x00060000000186dd-26.dat	upx
behavioral1/files/0x0006000000018710-30.dat	upx
behavioral1/files/0x0009000000018718-36.dat	upx
behavioral1/files/0x0007000000019240-38.dat	upx
behavioral1/files/0x0005000000019605-46.dat	upx
behavioral1/files/0x0005000000019606-50.dat	upx
behavioral1/files/0x000500000001960a-60.dat	upx
behavioral1/files/0x000500000001961c-71.dat	upx
behavioral1/files/0x00050000000196a1-85.dat	upx
behavioral1/files/0x0005000000019c3c-101.dat	upx
behavioral1/files/0x000500000001a07e-146.dat	upx
behavioral1/files/0x000500000001a307-160.dat	upx
behavioral1/memory/2816-1844-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2368-1828-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2744-1846-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2520-1848-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2756-1853-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0005000000019dbf-138.dat	upx
behavioral1/files/0x0005000000019f94-135.dat	upx
behavioral1/files/0x000500000001a09e-154.dat	upx
behavioral1/files/0x000500000001a075-143.dat	upx
behavioral1/files/0x0005000000019f8a-133.dat	upx
behavioral1/files/0x0005000000019cca-120.dat	upx
behavioral1/files/0x0005000000019c57-110.dat	upx
behavioral1/files/0x0005000000019d8e-124.dat	upx
behavioral1/files/0x0005000000019cba-114.dat	upx
behavioral1/files/0x0005000000019c3e-105.dat	upx
behavioral1/files/0x0005000000019c34-95.dat	upx
behavioral1/files/0x0005000000019926-90.dat	upx
behavioral1/files/0x0005000000019667-80.dat	upx
behavioral1/files/0x000500000001961e-75.dat	upx
behavioral1/files/0x000500000001960c-65.dat	upx
behavioral1/files/0x0005000000019608-56.dat	upx
behavioral1/memory/2624-1999-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2864-2001-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2960-2003-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2608-2005-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2668-2007-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2096-2055-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/1228-2057-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2888-2059-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2740-2068-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/1940-2722-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2816-4240-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2368-4248-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2744-4247-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2888-4246-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2960-4250-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1228-4251-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2520-4252-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2668-4253-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2624-4249-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2756-4245-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2864-4244-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2608-4243-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2096-4242-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2740-4241-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AbyrCQj.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzndesM.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJBPMlC.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAkoGeB.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqmQTDg.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqtrXIj.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbWkLXn.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQkEcJC.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JeCRfmA.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZvieHh.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBLuSoR.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhWHoZp.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awWuZNV.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrNlMqf.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIfAtpf.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLDnFKb.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yfccnqq.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDUMKUn.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmvjacE.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFtSdsn.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPSfDvt.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UENjsaO.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiwgKBW.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrIhSmh.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQbXYnr.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAwMbIC.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzewDSl.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLRCrpx.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbsulYX.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOUNhRH.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLAxsQQ.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKYICqn.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFjvflN.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNxREwd.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPNLsSl.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTLkNxo.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGbWuWY.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJYddXs.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AunHUgl.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTgCMLM.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRMzKyi.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onusDgE.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tatilyk.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDEQbqe.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RslTkua.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmSeltr.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCupDtf.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGoGdUW.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwQWZVo.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eidUlof.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVYeJlD.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghDTnRh.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHIbXYh.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzOhimt.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIHIKWM.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRzKaEF.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IksHyia.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxBWkCZ.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arNVxOk.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxOUzFi.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJAFAHD.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIozUBs.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SASnLhB.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXJMDnB.exe	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2888	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1940 wrote to memory of 2888	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1940 wrote to memory of 2888	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1940 wrote to memory of 2740	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1940 wrote to memory of 2740	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1940 wrote to memory of 2740	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1940 wrote to memory of 2368	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1940 wrote to memory of 2368	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1940 wrote to memory of 2368	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1940 wrote to memory of 2816	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1940 wrote to memory of 2816	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1940 wrote to memory of 2816	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1940 wrote to memory of 2744	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1940 wrote to memory of 2744	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1940 wrote to memory of 2744	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1940 wrote to memory of 2520	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1940 wrote to memory of 2520	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1940 wrote to memory of 2520	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1940 wrote to memory of 2756	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1940 wrote to memory of 2756	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1940 wrote to memory of 2756	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1940 wrote to memory of 2624	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1940 wrote to memory of 2624	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1940 wrote to memory of 2624	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1940 wrote to memory of 2864	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1940 wrote to memory of 2864	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1940 wrote to memory of 2864	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1940 wrote to memory of 2960	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1940 wrote to memory of 2960	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1940 wrote to memory of 2960	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1940 wrote to memory of 2608	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1940 wrote to memory of 2608	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1940 wrote to memory of 2608	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1940 wrote to memory of 2668	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1940 wrote to memory of 2668	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1940 wrote to memory of 2668	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1940 wrote to memory of 2096	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1940 wrote to memory of 2096	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1940 wrote to memory of 2096	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1940 wrote to memory of 1228	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1940 wrote to memory of 1228	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1940 wrote to memory of 1228	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1940 wrote to memory of 2536	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1940 wrote to memory of 2536	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1940 wrote to memory of 2536	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1940 wrote to memory of 1944	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1940 wrote to memory of 1944	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1940 wrote to memory of 1944	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1940 wrote to memory of 1044	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1940 wrote to memory of 1044	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1940 wrote to memory of 1044	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1940 wrote to memory of 1840	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1940 wrote to memory of 1840	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1940 wrote to memory of 1840	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1940 wrote to memory of 2408	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1940 wrote to memory of 2408	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1940 wrote to memory of 2408	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1940 wrote to memory of 1952	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1940 wrote to memory of 1952	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1940 wrote to memory of 1952	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1940 wrote to memory of 2516	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1940 wrote to memory of 2516	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1940 wrote to memory of 2516	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1940 wrote to memory of 1392	1940	2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_195d22055213080a1a9eabfecad52b63_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\System\biWfoVY.exe
  C:\Windows\System\biWfoVY.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\iziJDSQ.exe
  C:\Windows\System\iziJDSQ.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\pDDhQTB.exe
  C:\Windows\System\pDDhQTB.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\fyEunZL.exe
  C:\Windows\System\fyEunZL.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\IVUwzLU.exe
  C:\Windows\System\IVUwzLU.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\TgFcLXd.exe
  C:\Windows\System\TgFcLXd.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\LxeqwAw.exe
  C:\Windows\System\LxeqwAw.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\qtMAeJw.exe
  C:\Windows\System\qtMAeJw.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\NHhVukt.exe
  C:\Windows\System\NHhVukt.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\oqVTSrq.exe
  C:\Windows\System\oqVTSrq.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\OmlPxsZ.exe
  C:\Windows\System\OmlPxsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\snhJsGZ.exe
  C:\Windows\System\snhJsGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\HspfSFy.exe
  C:\Windows\System\HspfSFy.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\bwrDxec.exe
  C:\Windows\System\bwrDxec.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\tlQVWqL.exe
  C:\Windows\System\tlQVWqL.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\uLWIggN.exe
  C:\Windows\System\uLWIggN.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\bcNWwtC.exe
  C:\Windows\System\bcNWwtC.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\DMfdTrV.exe
  C:\Windows\System\DMfdTrV.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\xzbyfda.exe
  C:\Windows\System\xzbyfda.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\llKLHzd.exe
  C:\Windows\System\llKLHzd.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\GvhnZWv.exe
  C:\Windows\System\GvhnZWv.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\AIhMhsk.exe
  C:\Windows\System\AIhMhsk.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\aNtRZyz.exe
  C:\Windows\System\aNtRZyz.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\jlqYYMD.exe
  C:\Windows\System\jlqYYMD.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\IvwLTbR.exe
  C:\Windows\System\IvwLTbR.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\zbfUexK.exe
  C:\Windows\System\zbfUexK.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\xosNApy.exe
  C:\Windows\System\xosNApy.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\VGQvbuL.exe
  C:\Windows\System\VGQvbuL.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\ZzKKARs.exe
  C:\Windows\System\ZzKKARs.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\SFlwoVu.exe
  C:\Windows\System\SFlwoVu.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\GEnVXrn.exe
  C:\Windows\System\GEnVXrn.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\elExClU.exe
  C:\Windows\System\elExClU.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\oIbnscw.exe
  C:\Windows\System\oIbnscw.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\DRTfpBH.exe
  C:\Windows\System\DRTfpBH.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\LgRlwHz.exe
  C:\Windows\System\LgRlwHz.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\CSLUqOh.exe
  C:\Windows\System\CSLUqOh.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\WIVrAiz.exe
  C:\Windows\System\WIVrAiz.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\AiIleTa.exe
  C:\Windows\System\AiIleTa.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\nLmCOCk.exe
  C:\Windows\System\nLmCOCk.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\lzlCXXR.exe
  C:\Windows\System\lzlCXXR.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\FDZZZCf.exe
  C:\Windows\System\FDZZZCf.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\hsXSLyG.exe
  C:\Windows\System\hsXSLyG.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\XiVtuDl.exe
  C:\Windows\System\XiVtuDl.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\xwlaWdu.exe
  C:\Windows\System\xwlaWdu.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\COjdCwZ.exe
  C:\Windows\System\COjdCwZ.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\flhAosS.exe
  C:\Windows\System\flhAosS.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\HLyYKiR.exe
  C:\Windows\System\HLyYKiR.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\lFOtcSh.exe
  C:\Windows\System\lFOtcSh.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\ZqCUvUm.exe
  C:\Windows\System\ZqCUvUm.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\SonHUzn.exe
  C:\Windows\System\SonHUzn.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\XUITEzP.exe
  C:\Windows\System\XUITEzP.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\bqaAKsn.exe
  C:\Windows\System\bqaAKsn.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\jbIMNjw.exe
  C:\Windows\System\jbIMNjw.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\CjDEzNH.exe
  C:\Windows\System\CjDEzNH.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\kepBaTZ.exe
  C:\Windows\System\kepBaTZ.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\NgORNvv.exe
  C:\Windows\System\NgORNvv.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\wEmaQec.exe
  C:\Windows\System\wEmaQec.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\VLvDZOf.exe
  C:\Windows\System\VLvDZOf.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\XUVgDFi.exe
  C:\Windows\System\XUVgDFi.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\iYWXfOt.exe
  C:\Windows\System\iYWXfOt.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\PaCUcBN.exe
  C:\Windows\System\PaCUcBN.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\sRDEuSu.exe
  C:\Windows\System\sRDEuSu.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\hJxSBEk.exe
  C:\Windows\System\hJxSBEk.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\neGPyeK.exe
  C:\Windows\System\neGPyeK.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\gUoPBkP.exe
  C:\Windows\System\gUoPBkP.exe
  2⤵
  PID:2840
- C:\Windows\System\Gejjwfk.exe
  C:\Windows\System\Gejjwfk.exe
  2⤵
  PID:2872
- C:\Windows\System\oyVLwiG.exe
  C:\Windows\System\oyVLwiG.exe
  2⤵
  PID:2600
- C:\Windows\System\CzvzYMy.exe
  C:\Windows\System\CzvzYMy.exe
  2⤵
  PID:2764
- C:\Windows\System\uPwTkia.exe
  C:\Windows\System\uPwTkia.exe
  2⤵
  PID:2108
- C:\Windows\System\BuuIfmQ.exe
  C:\Windows\System\BuuIfmQ.exe
  2⤵
  PID:3004
- C:\Windows\System\OtOVpts.exe
  C:\Windows\System\OtOVpts.exe
  2⤵
  PID:1512
- C:\Windows\System\gqiWXyG.exe
  C:\Windows\System\gqiWXyG.exe
  2⤵
  PID:2160
- C:\Windows\System\ahbIsnU.exe
  C:\Windows\System\ahbIsnU.exe
  2⤵
  PID:2460
- C:\Windows\System\VteiRAQ.exe
  C:\Windows\System\VteiRAQ.exe
  2⤵
  PID:2488
- C:\Windows\System\xiisTow.exe
  C:\Windows\System\xiisTow.exe
  2⤵
  PID:776
- C:\Windows\System\amzDhyg.exe
  C:\Windows\System\amzDhyg.exe
  2⤵
  PID:2892
- C:\Windows\System\IWjMAhJ.exe
  C:\Windows\System\IWjMAhJ.exe
  2⤵
  PID:2156
- C:\Windows\System\LYAyNIG.exe
  C:\Windows\System\LYAyNIG.exe
  2⤵
  PID:1616
- C:\Windows\System\SXWaaJk.exe
  C:\Windows\System\SXWaaJk.exe
  2⤵
  PID:2208
- C:\Windows\System\CzlclET.exe
  C:\Windows\System\CzlclET.exe
  2⤵
  PID:1756
- C:\Windows\System\xsQolPZ.exe
  C:\Windows\System\xsQolPZ.exe
  2⤵
  PID:2192
- C:\Windows\System\ifIQYwH.exe
  C:\Windows\System\ifIQYwH.exe
  2⤵
  PID:1892
- C:\Windows\System\paKULdf.exe
  C:\Windows\System\paKULdf.exe
  2⤵
  PID:2360
- C:\Windows\System\KLsQdum.exe
  C:\Windows\System\KLsQdum.exe
  2⤵
  PID:1488
- C:\Windows\System\SSnnuwC.exe
  C:\Windows\System\SSnnuwC.exe
  2⤵
  PID:1884
- C:\Windows\System\WsIuQCz.exe
  C:\Windows\System\WsIuQCz.exe
  2⤵
  PID:1968
- C:\Windows\System\TlmaFcf.exe
  C:\Windows\System\TlmaFcf.exe
  2⤵
  PID:2928
- C:\Windows\System\UAcMfQD.exe
  C:\Windows\System\UAcMfQD.exe
  2⤵
  PID:2036
- C:\Windows\System\PlkZiSQ.exe
  C:\Windows\System\PlkZiSQ.exe
  2⤵
  PID:2912
- C:\Windows\System\LTkqvzL.exe
  C:\Windows\System\LTkqvzL.exe
  2⤵
  PID:780
- C:\Windows\System\oEptEqI.exe
  C:\Windows\System\oEptEqI.exe
  2⤵
  PID:2316
- C:\Windows\System\EIkARKO.exe
  C:\Windows\System\EIkARKO.exe
  2⤵
  PID:860
- C:\Windows\System\NQrpHZt.exe
  C:\Windows\System\NQrpHZt.exe
  2⤵
  PID:2012
- C:\Windows\System\ANAlEbc.exe
  C:\Windows\System\ANAlEbc.exe
  2⤵
  PID:1868
- C:\Windows\System\QEWfduX.exe
  C:\Windows\System\QEWfduX.exe
  2⤵
  PID:2976
- C:\Windows\System\lHWtcgv.exe
  C:\Windows\System\lHWtcgv.exe
  2⤵
  PID:764
- C:\Windows\System\oRhAxmk.exe
  C:\Windows\System\oRhAxmk.exe
  2⤵
  PID:2908
- C:\Windows\System\TcVfiTh.exe
  C:\Windows\System\TcVfiTh.exe
  2⤵
  PID:1708
- C:\Windows\System\OqbhJCV.exe
  C:\Windows\System\OqbhJCV.exe
  2⤵
  PID:3032
- C:\Windows\System\sqaTbUh.exe
  C:\Windows\System\sqaTbUh.exe
  2⤵
  PID:2660
- C:\Windows\System\unYyQEl.exe
  C:\Windows\System\unYyQEl.exe
  2⤵
  PID:1936
- C:\Windows\System\xbdjJep.exe
  C:\Windows\System\xbdjJep.exe
  2⤵
  PID:1224
- C:\Windows\System\kkkcsRm.exe
  C:\Windows\System\kkkcsRm.exe
  2⤵
  PID:2768
- C:\Windows\System\jIsOWtJ.exe
  C:\Windows\System\jIsOWtJ.exe
  2⤵
  PID:1920
- C:\Windows\System\gWFAufc.exe
  C:\Windows\System\gWFAufc.exe
  2⤵
  PID:1672
- C:\Windows\System\klHxECk.exe
  C:\Windows\System\klHxECk.exe
  2⤵
  PID:2168
- C:\Windows\System\AfsuDPf.exe
  C:\Windows\System\AfsuDPf.exe
  2⤵
  PID:632
- C:\Windows\System\FcJbSUD.exe
  C:\Windows\System\FcJbSUD.exe
  2⤵
  PID:2016
- C:\Windows\System\cYhIBVR.exe
  C:\Windows\System\cYhIBVR.exe
  2⤵
  PID:1204
- C:\Windows\System\AuEahny.exe
  C:\Windows\System\AuEahny.exe
  2⤵
  PID:1788
- C:\Windows\System\XYTaupX.exe
  C:\Windows\System\XYTaupX.exe
  2⤵
  PID:2812
- C:\Windows\System\TzIQEhn.exe
  C:\Windows\System\TzIQEhn.exe
  2⤵
  PID:2968
- C:\Windows\System\yyMerqF.exe
  C:\Windows\System\yyMerqF.exe
  2⤵
  PID:992
- C:\Windows\System\NeZNThW.exe
  C:\Windows\System\NeZNThW.exe
  2⤵
  PID:1532
- C:\Windows\System\bPETAAF.exe
  C:\Windows\System\bPETAAF.exe
  2⤵
  PID:2236
- C:\Windows\System\nDMahkx.exe
  C:\Windows\System\nDMahkx.exe
  2⤵
  PID:2944
- C:\Windows\System\gtNkFIG.exe
  C:\Windows\System\gtNkFIG.exe
  2⤵
  PID:568
- C:\Windows\System\HCmrFbi.exe
  C:\Windows\System\HCmrFbi.exe
  2⤵
  PID:1596
- C:\Windows\System\uiwpQXM.exe
  C:\Windows\System\uiwpQXM.exe
  2⤵
  PID:1972
- C:\Windows\System\WDoQmfI.exe
  C:\Windows\System\WDoQmfI.exe
  2⤵
  PID:2800
- C:\Windows\System\gewENPh.exe
  C:\Windows\System\gewENPh.exe
  2⤵
  PID:1364
- C:\Windows\System\nwTdFzo.exe
  C:\Windows\System\nwTdFzo.exe
  2⤵
  PID:1716
- C:\Windows\System\tSBZXtn.exe
  C:\Windows\System\tSBZXtn.exe
  2⤵
  PID:2580
- C:\Windows\System\PnMbGAy.exe
  C:\Windows\System\PnMbGAy.exe
  2⤵
  PID:2116
- C:\Windows\System\HHohVGg.exe
  C:\Windows\System\HHohVGg.exe
  2⤵
  PID:3080
- C:\Windows\System\SKjxYVK.exe
  C:\Windows\System\SKjxYVK.exe
  2⤵
  PID:3096
- C:\Windows\System\GhzVMip.exe
  C:\Windows\System\GhzVMip.exe
  2⤵
  PID:3116
- C:\Windows\System\UtGEPoA.exe
  C:\Windows\System\UtGEPoA.exe
  2⤵
  PID:3144
- C:\Windows\System\QoGhznQ.exe
  C:\Windows\System\QoGhznQ.exe
  2⤵
  PID:3164
- C:\Windows\System\VZWgCyn.exe
  C:\Windows\System\VZWgCyn.exe
  2⤵
  PID:3184
- C:\Windows\System\aEMxzua.exe
  C:\Windows\System\aEMxzua.exe
  2⤵
  PID:3204
- C:\Windows\System\SuZvBqP.exe
  C:\Windows\System\SuZvBqP.exe
  2⤵
  PID:3224
- C:\Windows\System\TUJqkbH.exe
  C:\Windows\System\TUJqkbH.exe
  2⤵
  PID:3244
- C:\Windows\System\QBLuSoR.exe
  C:\Windows\System\QBLuSoR.exe
  2⤵
  PID:3260
- C:\Windows\System\IPNKdbl.exe
  C:\Windows\System\IPNKdbl.exe
  2⤵
  PID:3280
- C:\Windows\System\WOCdnoD.exe
  C:\Windows\System\WOCdnoD.exe
  2⤵
  PID:3300
- C:\Windows\System\WpZurmw.exe
  C:\Windows\System\WpZurmw.exe
  2⤵
  PID:3316
- C:\Windows\System\qQsGtDG.exe
  C:\Windows\System\qQsGtDG.exe
  2⤵
  PID:3340
- C:\Windows\System\FKnpnma.exe
  C:\Windows\System\FKnpnma.exe
  2⤵
  PID:3364
- C:\Windows\System\qLBPfqv.exe
  C:\Windows\System\qLBPfqv.exe
  2⤵
  PID:3384
- C:\Windows\System\mgyhsjT.exe
  C:\Windows\System\mgyhsjT.exe
  2⤵
  PID:3400
- C:\Windows\System\ezIDVmN.exe
  C:\Windows\System\ezIDVmN.exe
  2⤵
  PID:3420
- C:\Windows\System\yPjRlxK.exe
  C:\Windows\System\yPjRlxK.exe
  2⤵
  PID:3436
- C:\Windows\System\LuCTVSx.exe
  C:\Windows\System\LuCTVSx.exe
  2⤵
  PID:3456
- C:\Windows\System\xuyQpsJ.exe
  C:\Windows\System\xuyQpsJ.exe
  2⤵
  PID:3472
- C:\Windows\System\QViUQyE.exe
  C:\Windows\System\QViUQyE.exe
  2⤵
  PID:3492
- C:\Windows\System\FdSOAKT.exe
  C:\Windows\System\FdSOAKT.exe
  2⤵
  PID:3508
- C:\Windows\System\FqVLgFY.exe
  C:\Windows\System\FqVLgFY.exe
  2⤵
  PID:3524
- C:\Windows\System\qpyTGPk.exe
  C:\Windows\System\qpyTGPk.exe
  2⤵
  PID:3548
- C:\Windows\System\WuBSXfS.exe
  C:\Windows\System\WuBSXfS.exe
  2⤵
  PID:3576
- C:\Windows\System\CezOWho.exe
  C:\Windows\System\CezOWho.exe
  2⤵
  PID:3596
- C:\Windows\System\JXnhZJC.exe
  C:\Windows\System\JXnhZJC.exe
  2⤵
  PID:3612
- C:\Windows\System\YADSghc.exe
  C:\Windows\System\YADSghc.exe
  2⤵
  PID:3644
- C:\Windows\System\weGFWXs.exe
  C:\Windows\System\weGFWXs.exe
  2⤵
  PID:3664
- C:\Windows\System\APrGnQx.exe
  C:\Windows\System\APrGnQx.exe
  2⤵
  PID:3680
- C:\Windows\System\WcAPTGK.exe
  C:\Windows\System\WcAPTGK.exe
  2⤵
  PID:3696
- C:\Windows\System\ixhEpyp.exe
  C:\Windows\System\ixhEpyp.exe
  2⤵
  PID:3724
- C:\Windows\System\ATqFEpT.exe
  C:\Windows\System\ATqFEpT.exe
  2⤵
  PID:3744
- C:\Windows\System\wnUUwMd.exe
  C:\Windows\System\wnUUwMd.exe
  2⤵
  PID:3760
- C:\Windows\System\nJAudtB.exe
  C:\Windows\System\nJAudtB.exe
  2⤵
  PID:3784
- C:\Windows\System\HAGsCVJ.exe
  C:\Windows\System\HAGsCVJ.exe
  2⤵
  PID:3800
- C:\Windows\System\yfAXmjK.exe
  C:\Windows\System\yfAXmjK.exe
  2⤵
  PID:3820
- C:\Windows\System\lfGBETn.exe
  C:\Windows\System\lfGBETn.exe
  2⤵
  PID:3836
- C:\Windows\System\AMPHAGL.exe
  C:\Windows\System\AMPHAGL.exe
  2⤵
  PID:3856
- C:\Windows\System\mmQdaQJ.exe
  C:\Windows\System\mmQdaQJ.exe
  2⤵
  PID:3872
- C:\Windows\System\vtWfZcy.exe
  C:\Windows\System\vtWfZcy.exe
  2⤵
  PID:3900
- C:\Windows\System\bzxlvAG.exe
  C:\Windows\System\bzxlvAG.exe
  2⤵
  PID:3916
- C:\Windows\System\JrQrLUX.exe
  C:\Windows\System\JrQrLUX.exe
  2⤵
  PID:3936
- C:\Windows\System\UyoRagz.exe
  C:\Windows\System\UyoRagz.exe
  2⤵
  PID:3952
- C:\Windows\System\nuLFQIW.exe
  C:\Windows\System\nuLFQIW.exe
  2⤵
  PID:3968
- C:\Windows\System\WFwAOEx.exe
  C:\Windows\System\WFwAOEx.exe
  2⤵
  PID:3996
- C:\Windows\System\GZcruNp.exe
  C:\Windows\System\GZcruNp.exe
  2⤵
  PID:4020
- C:\Windows\System\GqhQrwF.exe
  C:\Windows\System\GqhQrwF.exe
  2⤵
  PID:4036
- C:\Windows\System\jqGenXn.exe
  C:\Windows\System\jqGenXn.exe
  2⤵
  PID:4056
- C:\Windows\System\KigiZge.exe
  C:\Windows\System\KigiZge.exe
  2⤵
  PID:4080
- C:\Windows\System\OszhPmM.exe
  C:\Windows\System\OszhPmM.exe
  2⤵
  PID:2388
- C:\Windows\System\WTSIXnx.exe
  C:\Windows\System\WTSIXnx.exe
  2⤵
  PID:2188
- C:\Windows\System\EnzTcUd.exe
  C:\Windows\System\EnzTcUd.exe
  2⤵
  PID:2852
- C:\Windows\System\TqkEbCj.exe
  C:\Windows\System\TqkEbCj.exe
  2⤵
  PID:2352
- C:\Windows\System\lJMOnzL.exe
  C:\Windows\System\lJMOnzL.exe
  2⤵
  PID:2452
- C:\Windows\System\exTZgKf.exe
  C:\Windows\System\exTZgKf.exe
  2⤵
  PID:868
- C:\Windows\System\amjIsgz.exe
  C:\Windows\System\amjIsgz.exe
  2⤵
  PID:2796
- C:\Windows\System\LITBWGk.exe
  C:\Windows\System\LITBWGk.exe
  2⤵
  PID:1124
- C:\Windows\System\mqMzQSw.exe
  C:\Windows\System\mqMzQSw.exe
  2⤵
  PID:1860
- C:\Windows\System\eqdsZEE.exe
  C:\Windows\System\eqdsZEE.exe
  2⤵
  PID:1120
- C:\Windows\System\uhroPtY.exe
  C:\Windows\System\uhroPtY.exe
  2⤵
  PID:3076
- C:\Windows\System\arNVxOk.exe
  C:\Windows\System\arNVxOk.exe
  2⤵
  PID:3128
- C:\Windows\System\OoRRKGZ.exe
  C:\Windows\System\OoRRKGZ.exe
  2⤵
  PID:3180
- C:\Windows\System\knbHDgZ.exe
  C:\Windows\System\knbHDgZ.exe
  2⤵
  PID:3152
- C:\Windows\System\TgLISBo.exe
  C:\Windows\System\TgLISBo.exe
  2⤵
  PID:3252
- C:\Windows\System\hqtrXIj.exe
  C:\Windows\System\hqtrXIj.exe
  2⤵
  PID:3200
- C:\Windows\System\QFwFOfW.exe
  C:\Windows\System\QFwFOfW.exe
  2⤵
  PID:3328
- C:\Windows\System\GVmSgVh.exe
  C:\Windows\System\GVmSgVh.exe
  2⤵
  PID:3372
- C:\Windows\System\BYtLimF.exe
  C:\Windows\System\BYtLimF.exe
  2⤵
  PID:3308
- C:\Windows\System\pdcrHLV.exe
  C:\Windows\System\pdcrHLV.exe
  2⤵
  PID:3408
- C:\Windows\System\BDCJSMN.exe
  C:\Windows\System\BDCJSMN.exe
  2⤵
  PID:3444
- C:\Windows\System\BZPttWn.exe
  C:\Windows\System\BZPttWn.exe
  2⤵
  PID:3488
- C:\Windows\System\FjoMWqe.exe
  C:\Windows\System\FjoMWqe.exe
  2⤵
  PID:3396
- C:\Windows\System\QXvmSnv.exe
  C:\Windows\System\QXvmSnv.exe
  2⤵
  PID:3428
- C:\Windows\System\cBTYlMP.exe
  C:\Windows\System\cBTYlMP.exe
  2⤵
  PID:3604
- C:\Windows\System\HOxTBkt.exe
  C:\Windows\System\HOxTBkt.exe
  2⤵
  PID:3584
- C:\Windows\System\nbDuMsD.exe
  C:\Windows\System\nbDuMsD.exe
  2⤵
  PID:3620
- C:\Windows\System\kpaPJGo.exe
  C:\Windows\System\kpaPJGo.exe
  2⤵
  PID:3636
- C:\Windows\System\VdKnZuM.exe
  C:\Windows\System\VdKnZuM.exe
  2⤵
  PID:3688
- C:\Windows\System\LaePijg.exe
  C:\Windows\System\LaePijg.exe
  2⤵
  PID:3708
- C:\Windows\System\KrsbFLA.exe
  C:\Windows\System\KrsbFLA.exe
  2⤵
  PID:3740
- C:\Windows\System\QNTGtcu.exe
  C:\Windows\System\QNTGtcu.exe
  2⤵
  PID:3808
- C:\Windows\System\EKwwfad.exe
  C:\Windows\System\EKwwfad.exe
  2⤵
  PID:3844
- C:\Windows\System\XWQqxVm.exe
  C:\Windows\System\XWQqxVm.exe
  2⤵
  PID:3896
- C:\Windows\System\bytBaqI.exe
  C:\Windows\System\bytBaqI.exe
  2⤵
  PID:3964
- C:\Windows\System\NnjNYqm.exe
  C:\Windows\System\NnjNYqm.exe
  2⤵
  PID:3828
- C:\Windows\System\bnNYmAj.exe
  C:\Windows\System\bnNYmAj.exe
  2⤵
  PID:3912
- C:\Windows\System\WQTIokt.exe
  C:\Windows\System\WQTIokt.exe
  2⤵
  PID:4044
- C:\Windows\System\MCWheQD.exe
  C:\Windows\System\MCWheQD.exe
  2⤵
  PID:2152
- C:\Windows\System\TBfRepL.exe
  C:\Windows\System\TBfRepL.exe
  2⤵
  PID:3984
- C:\Windows\System\KKLmUtI.exe
  C:\Windows\System\KKLmUtI.exe
  2⤵
  PID:2184
- C:\Windows\System\HhGRLkO.exe
  C:\Windows\System\HhGRLkO.exe
  2⤵
  PID:3948
- C:\Windows\System\htOUcIQ.exe
  C:\Windows\System\htOUcIQ.exe
  2⤵
  PID:4072
- C:\Windows\System\oSyPEkx.exe
  C:\Windows\System\oSyPEkx.exe
  2⤵
  PID:1896
- C:\Windows\System\KCmFtdr.exe
  C:\Windows\System\KCmFtdr.exe
  2⤵
  PID:2384
- C:\Windows\System\CapBBKs.exe
  C:\Windows\System\CapBBKs.exe
  2⤵
  PID:3156
- C:\Windows\System\GWrbkWH.exe
  C:\Windows\System\GWrbkWH.exe
  2⤵
  PID:2448
- C:\Windows\System\ymFbLKw.exe
  C:\Windows\System\ymFbLKw.exe
  2⤵
  PID:3212
- C:\Windows\System\GCMkbLy.exe
  C:\Windows\System\GCMkbLy.exe
  2⤵
  PID:3092
- C:\Windows\System\MYCuoHk.exe
  C:\Windows\System\MYCuoHk.exe
  2⤵
  PID:3412
- C:\Windows\System\euxATgG.exe
  C:\Windows\System\euxATgG.exe
  2⤵
  PID:3108
- C:\Windows\System\UpnvyGM.exe
  C:\Windows\System\UpnvyGM.exe
  2⤵
  PID:3192
- C:\Windows\System\aIErKUl.exe
  C:\Windows\System\aIErKUl.exe
  2⤵
  PID:3236
- C:\Windows\System\iEwZTql.exe
  C:\Windows\System\iEwZTql.exe
  2⤵
  PID:3564
- C:\Windows\System\XNFFBqk.exe
  C:\Windows\System\XNFFBqk.exe
  2⤵
  PID:3464
- C:\Windows\System\zPQYCrO.exe
  C:\Windows\System\zPQYCrO.exe
  2⤵
  PID:3448
- C:\Windows\System\jziYqkJ.exe
  C:\Windows\System\jziYqkJ.exe
  2⤵
  PID:3720
- C:\Windows\System\fYblzsn.exe
  C:\Windows\System\fYblzsn.exe
  2⤵
  PID:3544
- C:\Windows\System\CzdBaEu.exe
  C:\Windows\System\CzdBaEu.exe
  2⤵
  PID:3676
- C:\Windows\System\sqpfkOu.exe
  C:\Windows\System\sqpfkOu.exe
  2⤵
  PID:3780
- C:\Windows\System\qwWGKXF.exe
  C:\Windows\System\qwWGKXF.exe
  2⤵
  PID:3960
- C:\Windows\System\fTGIyAA.exe
  C:\Windows\System\fTGIyAA.exe
  2⤵
  PID:4052
- C:\Windows\System\JzOhimt.exe
  C:\Windows\System\JzOhimt.exe
  2⤵
  PID:3880
- C:\Windows\System\zWchlfK.exe
  C:\Windows\System\zWchlfK.exe
  2⤵
  PID:3756
- C:\Windows\System\taLhwBw.exe
  C:\Windows\System\taLhwBw.exe
  2⤵
  PID:1572
- C:\Windows\System\zZbgscD.exe
  C:\Windows\System\zZbgscD.exe
  2⤵
  PID:3944
- C:\Windows\System\aNqebIn.exe
  C:\Windows\System\aNqebIn.exe
  2⤵
  PID:3980
- C:\Windows\System\LYaNEqf.exe
  C:\Windows\System\LYaNEqf.exe
  2⤵
  PID:1848
- C:\Windows\System\mZrVJNT.exe
  C:\Windows\System\mZrVJNT.exe
  2⤵
  PID:3352
- C:\Windows\System\UqamVGQ.exe
  C:\Windows\System\UqamVGQ.exe
  2⤵
  PID:3172
- C:\Windows\System\LhrsTRY.exe
  C:\Windows\System\LhrsTRY.exe
  2⤵
  PID:3176
- C:\Windows\System\NMULtsJ.exe
  C:\Windows\System\NMULtsJ.exe
  2⤵
  PID:3196
- C:\Windows\System\EQoXMaA.exe
  C:\Windows\System\EQoXMaA.exe
  2⤵
  PID:3360
- C:\Windows\System\vLxqqwc.exe
  C:\Windows\System\vLxqqwc.exe
  2⤵
  PID:3532
- C:\Windows\System\ZVVwkFT.exe
  C:\Windows\System\ZVVwkFT.exe
  2⤵
  PID:3628
- C:\Windows\System\QszbAlj.exe
  C:\Windows\System\QszbAlj.exe
  2⤵
  PID:3356
- C:\Windows\System\zmhaGvI.exe
  C:\Windows\System\zmhaGvI.exe
  2⤵
  PID:3924
- C:\Windows\System\JIraIgm.exe
  C:\Windows\System\JIraIgm.exe
  2⤵
  PID:3832
- C:\Windows\System\OhheAAv.exe
  C:\Windows\System\OhheAAv.exe
  2⤵
  PID:2268
- C:\Windows\System\vYFkFmC.exe
  C:\Windows\System\vYFkFmC.exe
  2⤵
  PID:3056
- C:\Windows\System\JAazcsC.exe
  C:\Windows\System\JAazcsC.exe
  2⤵
  PID:4028
- C:\Windows\System\pYaiuLY.exe
  C:\Windows\System\pYaiuLY.exe
  2⤵
  PID:4112
- C:\Windows\System\lmeSJYn.exe
  C:\Windows\System\lmeSJYn.exe
  2⤵
  PID:4136
- C:\Windows\System\lSdftfv.exe
  C:\Windows\System\lSdftfv.exe
  2⤵
  PID:4152
- C:\Windows\System\CdqGrCc.exe
  C:\Windows\System\CdqGrCc.exe
  2⤵
  PID:4172
- C:\Windows\System\npfKYHD.exe
  C:\Windows\System\npfKYHD.exe
  2⤵
  PID:4196
- C:\Windows\System\RdzbqMN.exe
  C:\Windows\System\RdzbqMN.exe
  2⤵
  PID:4212
- C:\Windows\System\xAEhGAH.exe
  C:\Windows\System\xAEhGAH.exe
  2⤵
  PID:4232
- C:\Windows\System\OYpgFVW.exe
  C:\Windows\System\OYpgFVW.exe
  2⤵
  PID:4248
- C:\Windows\System\fZNGQyz.exe
  C:\Windows\System\fZNGQyz.exe
  2⤵
  PID:4268
- C:\Windows\System\giXPNHz.exe
  C:\Windows\System\giXPNHz.exe
  2⤵
  PID:4292
- C:\Windows\System\okCieLM.exe
  C:\Windows\System\okCieLM.exe
  2⤵
  PID:4312
- C:\Windows\System\RxOUzFi.exe
  C:\Windows\System\RxOUzFi.exe
  2⤵
  PID:4336
- C:\Windows\System\RXrCucZ.exe
  C:\Windows\System\RXrCucZ.exe
  2⤵
  PID:4352
- C:\Windows\System\dtOdVcZ.exe
  C:\Windows\System\dtOdVcZ.exe
  2⤵
  PID:4376
- C:\Windows\System\jsHWlmC.exe
  C:\Windows\System\jsHWlmC.exe
  2⤵
  PID:4392
- C:\Windows\System\BAqRDDI.exe
  C:\Windows\System\BAqRDDI.exe
  2⤵
  PID:4416
- C:\Windows\System\gwkwuKg.exe
  C:\Windows\System\gwkwuKg.exe
  2⤵
  PID:4436
- C:\Windows\System\KTNGWvA.exe
  C:\Windows\System\KTNGWvA.exe
  2⤵
  PID:4456
- C:\Windows\System\dpmpies.exe
  C:\Windows\System\dpmpies.exe
  2⤵
  PID:4476
- C:\Windows\System\GuYlsmz.exe
  C:\Windows\System\GuYlsmz.exe
  2⤵
  PID:4496
- C:\Windows\System\GyVSXnB.exe
  C:\Windows\System\GyVSXnB.exe
  2⤵
  PID:4516
- C:\Windows\System\QnajpxF.exe
  C:\Windows\System\QnajpxF.exe
  2⤵
  PID:4540
- C:\Windows\System\ntuWHWW.exe
  C:\Windows\System\ntuWHWW.exe
  2⤵
  PID:4556
- C:\Windows\System\zQgYKpp.exe
  C:\Windows\System\zQgYKpp.exe
  2⤵
  PID:4576
- C:\Windows\System\JbXfmKM.exe
  C:\Windows\System\JbXfmKM.exe
  2⤵
  PID:4596
- C:\Windows\System\KbWkLXn.exe
  C:\Windows\System\KbWkLXn.exe
  2⤵
  PID:4616
- C:\Windows\System\AheVPqQ.exe
  C:\Windows\System\AheVPqQ.exe
  2⤵
  PID:4636
- C:\Windows\System\UFkBbsN.exe
  C:\Windows\System\UFkBbsN.exe
  2⤵
  PID:4656
- C:\Windows\System\DmpCjya.exe
  C:\Windows\System\DmpCjya.exe
  2⤵
  PID:4676
- C:\Windows\System\SXTwMvU.exe
  C:\Windows\System\SXTwMvU.exe
  2⤵
  PID:4700
- C:\Windows\System\HEZdGYD.exe
  C:\Windows\System\HEZdGYD.exe
  2⤵
  PID:4716
- C:\Windows\System\JDVqona.exe
  C:\Windows\System\JDVqona.exe
  2⤵
  PID:4736
- C:\Windows\System\LeZvRNv.exe
  C:\Windows\System\LeZvRNv.exe
  2⤵
  PID:4760
- C:\Windows\System\CEShXXx.exe
  C:\Windows\System\CEShXXx.exe
  2⤵
  PID:4776
- C:\Windows\System\XOVMFWg.exe
  C:\Windows\System\XOVMFWg.exe
  2⤵
  PID:4796
- C:\Windows\System\uBIZLRd.exe
  C:\Windows\System\uBIZLRd.exe
  2⤵
  PID:4820
- C:\Windows\System\qHWqFpw.exe
  C:\Windows\System\qHWqFpw.exe
  2⤵
  PID:4836
- C:\Windows\System\SbsulYX.exe
  C:\Windows\System\SbsulYX.exe
  2⤵
  PID:4856
- C:\Windows\System\WBjGMxI.exe
  C:\Windows\System\WBjGMxI.exe
  2⤵
  PID:4876
- C:\Windows\System\RycLveO.exe
  C:\Windows\System\RycLveO.exe
  2⤵
  PID:4896
- C:\Windows\System\owYkcYz.exe
  C:\Windows\System\owYkcYz.exe
  2⤵
  PID:4916
- C:\Windows\System\Frwiele.exe
  C:\Windows\System\Frwiele.exe
  2⤵
  PID:4940
- C:\Windows\System\ejsCnqe.exe
  C:\Windows\System\ejsCnqe.exe
  2⤵
  PID:4960
- C:\Windows\System\jZgzqUl.exe
  C:\Windows\System\jZgzqUl.exe
  2⤵
  PID:4976
- C:\Windows\System\dsvNzjC.exe
  C:\Windows\System\dsvNzjC.exe
  2⤵
  PID:4996
- C:\Windows\System\VhWHoZp.exe
  C:\Windows\System\VhWHoZp.exe
  2⤵
  PID:5020
- C:\Windows\System\SkrOxSX.exe
  C:\Windows\System\SkrOxSX.exe
  2⤵
  PID:5040
- C:\Windows\System\QqZPfRH.exe
  C:\Windows\System\QqZPfRH.exe
  2⤵
  PID:5056
- C:\Windows\System\CZvyIIu.exe
  C:\Windows\System\CZvyIIu.exe
  2⤵
  PID:5076
- C:\Windows\System\teDZAGj.exe
  C:\Windows\System\teDZAGj.exe
  2⤵
  PID:5096
- C:\Windows\System\HyZnvvn.exe
  C:\Windows\System\HyZnvvn.exe
  2⤵
  PID:5112
- C:\Windows\System\BPSXnfA.exe
  C:\Windows\System\BPSXnfA.exe
  2⤵
  PID:2620
- C:\Windows\System\uCGgoMb.exe
  C:\Windows\System\uCGgoMb.exe
  2⤵
  PID:2272
- C:\Windows\System\yFnziVG.exe
  C:\Windows\System\yFnziVG.exe
  2⤵
  PID:3312
- C:\Windows\System\BdZbcyD.exe
  C:\Windows\System\BdZbcyD.exe
  2⤵
  PID:3640
- C:\Windows\System\FSyHHHD.exe
  C:\Windows\System\FSyHHHD.exe
  2⤵
  PID:3336
- C:\Windows\System\djAzfcB.exe
  C:\Windows\System\djAzfcB.exe
  2⤵
  PID:3704
- C:\Windows\System\UpMoKfe.exe
  C:\Windows\System\UpMoKfe.exe
  2⤵
  PID:3772
- C:\Windows\System\ChyByya.exe
  C:\Windows\System\ChyByya.exe
  2⤵
  PID:3892
- C:\Windows\System\CuUqXUB.exe
  C:\Windows\System\CuUqXUB.exe
  2⤵
  PID:3796
- C:\Windows\System\aTgdrBy.exe
  C:\Windows\System\aTgdrBy.exe
  2⤵
  PID:4128
- C:\Windows\System\svXqeKC.exe
  C:\Windows\System\svXqeKC.exe
  2⤵
  PID:4148
- C:\Windows\System\OVlHcDD.exe
  C:\Windows\System\OVlHcDD.exe
  2⤵
  PID:4240
- C:\Windows\System\yqKeDLu.exe
  C:\Windows\System\yqKeDLu.exe
  2⤵
  PID:4192
- C:\Windows\System\vJdAfgg.exe
  C:\Windows\System\vJdAfgg.exe
  2⤵
  PID:4220
- C:\Windows\System\toQtdQw.exe
  C:\Windows\System\toQtdQw.exe
  2⤵
  PID:4300
- C:\Windows\System\YzTDyAR.exe
  C:\Windows\System\YzTDyAR.exe
  2⤵
  PID:4332
- C:\Windows\System\teJJpPE.exe
  C:\Windows\System\teJJpPE.exe
  2⤵
  PID:4368
- C:\Windows\System\CtXHWBB.exe
  C:\Windows\System\CtXHWBB.exe
  2⤵
  PID:4404
- C:\Windows\System\vCZiaNY.exe
  C:\Windows\System\vCZiaNY.exe
  2⤵
  PID:4444
- C:\Windows\System\JCxWXQT.exe
  C:\Windows\System\JCxWXQT.exe
  2⤵
  PID:4432
- C:\Windows\System\gHAkjIk.exe
  C:\Windows\System\gHAkjIk.exe
  2⤵
  PID:4504
- C:\Windows\System\ZJMsXUv.exe
  C:\Windows\System\ZJMsXUv.exe
  2⤵
  PID:4564
- C:\Windows\System\xEoIEnj.exe
  C:\Windows\System\xEoIEnj.exe
  2⤵
  PID:4612
- C:\Windows\System\EKXBgGM.exe
  C:\Windows\System\EKXBgGM.exe
  2⤵
  PID:4624
- C:\Windows\System\oKlllgl.exe
  C:\Windows\System\oKlllgl.exe
  2⤵
  PID:4652
- C:\Windows\System\XASxdTM.exe
  C:\Windows\System\XASxdTM.exe
  2⤵
  PID:4688
- C:\Windows\System\tAvmiYT.exe
  C:\Windows\System\tAvmiYT.exe
  2⤵
  PID:4724
- C:\Windows\System\JEJJFtg.exe
  C:\Windows\System\JEJJFtg.exe
  2⤵
  PID:4744
- C:\Windows\System\WTOXVKn.exe
  C:\Windows\System\WTOXVKn.exe
  2⤵
  PID:4804
- C:\Windows\System\CDfsvjX.exe
  C:\Windows\System\CDfsvjX.exe
  2⤵
  PID:4844
- C:\Windows\System\dwiYgiq.exe
  C:\Windows\System\dwiYgiq.exe
  2⤵
  PID:4792
- C:\Windows\System\hPptqdd.exe
  C:\Windows\System\hPptqdd.exe
  2⤵
  PID:4892
- C:\Windows\System\ALOMHQR.exe
  C:\Windows\System\ALOMHQR.exe
  2⤵
  PID:4908
- C:\Windows\System\qYPUZEs.exe
  C:\Windows\System\qYPUZEs.exe
  2⤵
  PID:4936
- C:\Windows\System\iaJPkFI.exe
  C:\Windows\System\iaJPkFI.exe
  2⤵
  PID:5012
- C:\Windows\System\ErgWAmv.exe
  C:\Windows\System\ErgWAmv.exe
  2⤵
  PID:5016
- C:\Windows\System\UemjdYp.exe
  C:\Windows\System\UemjdYp.exe
  2⤵
  PID:5052
- C:\Windows\System\APcHFLU.exe
  C:\Windows\System\APcHFLU.exe
  2⤵
  PID:2224
- C:\Windows\System\nFEJRst.exe
  C:\Windows\System\nFEJRst.exe
  2⤵
  PID:2028
- C:\Windows\System\ogIowdO.exe
  C:\Windows\System\ogIowdO.exe
  2⤵
  PID:1436
- C:\Windows\System\gONINbs.exe
  C:\Windows\System\gONINbs.exe
  2⤵
  PID:4124
- C:\Windows\System\EBbbjhA.exe
  C:\Windows\System\EBbbjhA.exe
  2⤵
  PID:5072
- C:\Windows\System\wGSYdXy.exe
  C:\Windows\System\wGSYdXy.exe
  2⤵
  PID:3136
- C:\Windows\System\tHppFJo.exe
  C:\Windows\System\tHppFJo.exe
  2⤵
  PID:4188
- C:\Windows\System\ILYdWAm.exe
  C:\Windows\System\ILYdWAm.exe
  2⤵
  PID:4308
- C:\Windows\System\ANUOvyI.exe
  C:\Windows\System\ANUOvyI.exe
  2⤵
  PID:2916
- C:\Windows\System\yFxXwTv.exe
  C:\Windows\System\yFxXwTv.exe
  2⤵
  PID:4408
- C:\Windows\System\iaXfXkf.exe
  C:\Windows\System\iaXfXkf.exe
  2⤵
  PID:4348
- C:\Windows\System\kATylix.exe
  C:\Windows\System\kATylix.exe
  2⤵
  PID:4108
- C:\Windows\System\uYhkiiq.exe
  C:\Windows\System\uYhkiiq.exe
  2⤵
  PID:4320
- C:\Windows\System\DmSeltr.exe
  C:\Windows\System\DmSeltr.exe
  2⤵
  PID:4204
- C:\Windows\System\TUReXbH.exe
  C:\Windows\System\TUReXbH.exe
  2⤵
  PID:4568
- C:\Windows\System\PQwdSSW.exe
  C:\Windows\System\PQwdSSW.exe
  2⤵
  PID:4648
- C:\Windows\System\LVoFZrN.exe
  C:\Windows\System\LVoFZrN.exe
  2⤵
  PID:4532
- C:\Windows\System\YvwwwMB.exe
  C:\Windows\System\YvwwwMB.exe
  2⤵
  PID:4752
- C:\Windows\System\cTXFFwF.exe
  C:\Windows\System\cTXFFwF.exe
  2⤵
  PID:4692
- C:\Windows\System\TLMnOMr.exe
  C:\Windows\System\TLMnOMr.exe
  2⤵
  PID:4732
- C:\Windows\System\DxCTrKH.exe
  C:\Windows\System\DxCTrKH.exe
  2⤵
  PID:5004
- C:\Windows\System\aRtXWbV.exe
  C:\Windows\System\aRtXWbV.exe
  2⤵
  PID:4924
- C:\Windows\System\jwpHZIl.exe
  C:\Windows\System\jwpHZIl.exe
  2⤵
  PID:4848
- C:\Windows\System\vDvBNjl.exe
  C:\Windows\System\vDvBNjl.exe
  2⤵
  PID:3088
- C:\Windows\System\onKcJte.exe
  C:\Windows\System\onKcJte.exe
  2⤵
  PID:5092
- C:\Windows\System\gKJBbCD.exe
  C:\Windows\System\gKJBbCD.exe
  2⤵
  PID:3792
- C:\Windows\System\rLBKcvS.exe
  C:\Windows\System\rLBKcvS.exe
  2⤵
  PID:4264
- C:\Windows\System\BaYDypm.exe
  C:\Windows\System\BaYDypm.exe
  2⤵
  PID:4344
- C:\Windows\System\FGwKRvK.exe
  C:\Windows\System\FGwKRvK.exe
  2⤵
  PID:4424
- C:\Windows\System\naeJpJy.exe
  C:\Windows\System\naeJpJy.exe
  2⤵
  PID:4208
- C:\Windows\System\EsdCTYW.exe
  C:\Windows\System\EsdCTYW.exe
  2⤵
  PID:4184
- C:\Windows\System\aXZggPM.exe
  C:\Windows\System\aXZggPM.exe
  2⤵
  PID:3504
- C:\Windows\System\aDuzIbM.exe
  C:\Windows\System\aDuzIbM.exe
  2⤵
  PID:2688
- C:\Windows\System\MtBVTSU.exe
  C:\Windows\System\MtBVTSU.exe
  2⤵
  PID:4364
- C:\Windows\System\EBZAnwQ.exe
  C:\Windows\System\EBZAnwQ.exe
  2⤵
  PID:4816
- C:\Windows\System\TkaYPhT.exe
  C:\Windows\System\TkaYPhT.exe
  2⤵
  PID:5008
- C:\Windows\System\XzOtMNA.exe
  C:\Windows\System\XzOtMNA.exe
  2⤵
  PID:4988
- C:\Windows\System\LOUNhRH.exe
  C:\Windows\System\LOUNhRH.exe
  2⤵
  PID:5140
- C:\Windows\System\oLAxsQQ.exe
  C:\Windows\System\oLAxsQQ.exe
  2⤵
  PID:5164
- C:\Windows\System\HpzNBLl.exe
  C:\Windows\System\HpzNBLl.exe
  2⤵
  PID:5188
- C:\Windows\System\vHnlNpx.exe
  C:\Windows\System\vHnlNpx.exe
  2⤵
  PID:5204
- C:\Windows\System\tpbmIRb.exe
  C:\Windows\System\tpbmIRb.exe
  2⤵
  PID:5224
- C:\Windows\System\DMqvICK.exe
  C:\Windows\System\DMqvICK.exe
  2⤵
  PID:5248
- C:\Windows\System\vvEXWHx.exe
  C:\Windows\System\vvEXWHx.exe
  2⤵
  PID:5268
- C:\Windows\System\wdRERgv.exe
  C:\Windows\System\wdRERgv.exe
  2⤵
  PID:5288
- C:\Windows\System\TcDzGyZ.exe
  C:\Windows\System\TcDzGyZ.exe
  2⤵
  PID:5304
- C:\Windows\System\PrEecDN.exe
  C:\Windows\System\PrEecDN.exe
  2⤵
  PID:5328
- C:\Windows\System\ueIhMJO.exe
  C:\Windows\System\ueIhMJO.exe
  2⤵
  PID:5348
- C:\Windows\System\VECsyJb.exe
  C:\Windows\System\VECsyJb.exe
  2⤵
  PID:5364
- C:\Windows\System\mRLSCQN.exe
  C:\Windows\System\mRLSCQN.exe
  2⤵
  PID:5380
- C:\Windows\System\cURVZzn.exe
  C:\Windows\System\cURVZzn.exe
  2⤵
  PID:5408
- C:\Windows\System\RtzYEOZ.exe
  C:\Windows\System\RtzYEOZ.exe
  2⤵
  PID:5424
- C:\Windows\System\xYFhFkf.exe
  C:\Windows\System\xYFhFkf.exe
  2⤵
  PID:5444
- C:\Windows\System\Uhwyqgi.exe
  C:\Windows\System\Uhwyqgi.exe
  2⤵
  PID:5468
- C:\Windows\System\BLDnFKb.exe
  C:\Windows\System\BLDnFKb.exe
  2⤵
  PID:5488
- C:\Windows\System\DtXZVLc.exe
  C:\Windows\System\DtXZVLc.exe
  2⤵
  PID:5512
- C:\Windows\System\PvOGcrU.exe
  C:\Windows\System\PvOGcrU.exe
  2⤵
  PID:5528
- C:\Windows\System\YUAiobI.exe
  C:\Windows\System\YUAiobI.exe
  2⤵
  PID:5548
- C:\Windows\System\NQCigxZ.exe
  C:\Windows\System\NQCigxZ.exe
  2⤵
  PID:5568
- C:\Windows\System\cZfNhiz.exe
  C:\Windows\System\cZfNhiz.exe
  2⤵
  PID:5584
- C:\Windows\System\yqvXKCa.exe
  C:\Windows\System\yqvXKCa.exe
  2⤵
  PID:5608
- C:\Windows\System\KeUVrds.exe
  C:\Windows\System\KeUVrds.exe
  2⤵
  PID:5632
- C:\Windows\System\UfKpZpx.exe
  C:\Windows\System\UfKpZpx.exe
  2⤵
  PID:5648
- C:\Windows\System\qbyuLwU.exe
  C:\Windows\System\qbyuLwU.exe
  2⤵
  PID:5668
- C:\Windows\System\CwsDIUJ.exe
  C:\Windows\System\CwsDIUJ.exe
  2⤵
  PID:5688
- C:\Windows\System\FmHSpiC.exe
  C:\Windows\System\FmHSpiC.exe
  2⤵
  PID:5712
- C:\Windows\System\oiqTXiw.exe
  C:\Windows\System\oiqTXiw.exe
  2⤵
  PID:5732
- C:\Windows\System\vptCoZt.exe
  C:\Windows\System\vptCoZt.exe
  2⤵
  PID:5752
- C:\Windows\System\VEKVNhY.exe
  C:\Windows\System\VEKVNhY.exe
  2⤵
  PID:5772
- C:\Windows\System\wOUKlTm.exe
  C:\Windows\System\wOUKlTm.exe
  2⤵
  PID:5792
- C:\Windows\System\aYLoQCb.exe
  C:\Windows\System\aYLoQCb.exe
  2⤵
  PID:5812
- C:\Windows\System\HPjNTHg.exe
  C:\Windows\System\HPjNTHg.exe
  2⤵
  PID:5832
- C:\Windows\System\PqZllvp.exe
  C:\Windows\System\PqZllvp.exe
  2⤵
  PID:5848
- C:\Windows\System\qbYxYBQ.exe
  C:\Windows\System\qbYxYBQ.exe
  2⤵
  PID:5872
- C:\Windows\System\yXzhKTt.exe
  C:\Windows\System\yXzhKTt.exe
  2⤵
  PID:5892
- C:\Windows\System\RAtdKPb.exe
  C:\Windows\System\RAtdKPb.exe
  2⤵
  PID:5908
- C:\Windows\System\fKSxYMb.exe
  C:\Windows\System\fKSxYMb.exe
  2⤵
  PID:5932
- C:\Windows\System\qPLdupp.exe
  C:\Windows\System\qPLdupp.exe
  2⤵
  PID:5948
- C:\Windows\System\mhKVWtn.exe
  C:\Windows\System\mhKVWtn.exe
  2⤵
  PID:5964
- C:\Windows\System\WTYJsUd.exe
  C:\Windows\System\WTYJsUd.exe
  2⤵
  PID:5988
- C:\Windows\System\ssQNeeE.exe
  C:\Windows\System\ssQNeeE.exe
  2⤵
  PID:6008
- C:\Windows\System\XfNnFsz.exe
  C:\Windows\System\XfNnFsz.exe
  2⤵
  PID:6024
- C:\Windows\System\aTgCMLM.exe
  C:\Windows\System\aTgCMLM.exe
  2⤵
  PID:6040
- C:\Windows\System\NbwhyFV.exe
  C:\Windows\System\NbwhyFV.exe
  2⤵
  PID:6060
- C:\Windows\System\hxuFlUP.exe
  C:\Windows\System\hxuFlUP.exe
  2⤵
  PID:6080
- C:\Windows\System\KzwmBNr.exe
  C:\Windows\System\KzwmBNr.exe
  2⤵
  PID:6104
- C:\Windows\System\OdKBaJx.exe
  C:\Windows\System\OdKBaJx.exe
  2⤵
  PID:6128
- C:\Windows\System\qLzkAqq.exe
  C:\Windows\System\qLzkAqq.exe
  2⤵
  PID:4632
- C:\Windows\System\cvEDmEW.exe
  C:\Windows\System\cvEDmEW.exe
  2⤵
  PID:4904
- C:\Windows\System\TikyEoa.exe
  C:\Windows\System\TikyEoa.exe
  2⤵
  PID:4928
- C:\Windows\System\YNeNrTQ.exe
  C:\Windows\System\YNeNrTQ.exe
  2⤵
  PID:5028
- C:\Windows\System\kLZmBLJ.exe
  C:\Windows\System\kLZmBLJ.exe
  2⤵
  PID:4448
- C:\Windows\System\LVaFwMA.exe
  C:\Windows\System\LVaFwMA.exe
  2⤵
  PID:4144
- C:\Windows\System\LGPRNVu.exe
  C:\Windows\System\LGPRNVu.exe
  2⤵
  PID:3540
- C:\Windows\System\QhAwCpG.exe
  C:\Windows\System\QhAwCpG.exe
  2⤵
  PID:4224
- C:\Windows\System\cIlNfMN.exe
  C:\Windows\System\cIlNfMN.exe
  2⤵
  PID:5128
- C:\Windows\System\lKUmBCb.exe
  C:\Windows\System\lKUmBCb.exe
  2⤵
  PID:4728
- C:\Windows\System\fJyXCrg.exe
  C:\Windows\System\fJyXCrg.exe
  2⤵
  PID:5148
- C:\Windows\System\PhOTlEZ.exe
  C:\Windows\System\PhOTlEZ.exe
  2⤵
  PID:5176
- C:\Windows\System\PboSvdS.exe
  C:\Windows\System\PboSvdS.exe
  2⤵
  PID:5216
- C:\Windows\System\oielUFS.exe
  C:\Windows\System\oielUFS.exe
  2⤵
  PID:5196
- C:\Windows\System\gPkbvud.exe
  C:\Windows\System\gPkbvud.exe
  2⤵
  PID:5296
- C:\Windows\System\jCupDtf.exe
  C:\Windows\System\jCupDtf.exe
  2⤵
  PID:5336
- C:\Windows\System\cDApVJv.exe
  C:\Windows\System\cDApVJv.exe
  2⤵
  PID:5316
- C:\Windows\System\KbfdTOI.exe
  C:\Windows\System\KbfdTOI.exe
  2⤵
  PID:5324
- C:\Windows\System\tGoGdUW.exe
  C:\Windows\System\tGoGdUW.exe
  2⤵
  PID:5404
- C:\Windows\System\bgWlJnd.exe
  C:\Windows\System\bgWlJnd.exe
  2⤵
  PID:5440
- C:\Windows\System\eSWHogM.exe
  C:\Windows\System\eSWHogM.exe
  2⤵
  PID:3868
- C:\Windows\System\uAYTHyr.exe
  C:\Windows\System\uAYTHyr.exe
  2⤵
  PID:5536
- C:\Windows\System\wLTDPPL.exe
  C:\Windows\System\wLTDPPL.exe
  2⤵
  PID:5520
- C:\Windows\System\sVPJNLT.exe
  C:\Windows\System\sVPJNLT.exe
  2⤵
  PID:5580
- C:\Windows\System\pUhDSnT.exe
  C:\Windows\System\pUhDSnT.exe
  2⤵
  PID:5620
- C:\Windows\System\wrTPZaR.exe
  C:\Windows\System\wrTPZaR.exe
  2⤵
  PID:5656
- C:\Windows\System\QrylBMX.exe
  C:\Windows\System\QrylBMX.exe
  2⤵
  PID:5700
- C:\Windows\System\VOAiQVJ.exe
  C:\Windows\System\VOAiQVJ.exe
  2⤵
  PID:5680
- C:\Windows\System\HGMKasD.exe
  C:\Windows\System\HGMKasD.exe
  2⤵
  PID:5744
- C:\Windows\System\DAmWUSc.exe
  C:\Windows\System\DAmWUSc.exe
  2⤵
  PID:5720
- C:\Windows\System\NsMorgr.exe
  C:\Windows\System\NsMorgr.exe
  2⤵
  PID:5768
- C:\Windows\System\EeYnaoP.exe
  C:\Windows\System\EeYnaoP.exe
  2⤵
  PID:5856
- C:\Windows\System\YXmEUtF.exe
  C:\Windows\System\YXmEUtF.exe
  2⤵
  PID:5904
- C:\Windows\System\GpQfEud.exe
  C:\Windows\System\GpQfEud.exe
  2⤵
  PID:5808
- C:\Windows\System\ngwZLdI.exe
  C:\Windows\System\ngwZLdI.exe
  2⤵
  PID:5888
- C:\Windows\System\qBjPEfV.exe
  C:\Windows\System\qBjPEfV.exe
  2⤵
  PID:5980
- C:\Windows\System\iIUKETX.exe
  C:\Windows\System\iIUKETX.exe
  2⤵
  PID:6020
- C:\Windows\System\TPQWcKL.exe
  C:\Windows\System\TPQWcKL.exe
  2⤵
  PID:6088
- C:\Windows\System\tQhfmYx.exe
  C:\Windows\System\tQhfmYx.exe
  2⤵
  PID:6068
- C:\Windows\System\KdqCGsf.exe
  C:\Windows\System\KdqCGsf.exe
  2⤵
  PID:6100
- C:\Windows\System\fQmKjmH.exe
  C:\Windows\System\fQmKjmH.exe
  2⤵
  PID:6116
- C:\Windows\System\WUiMbNL.exe
  C:\Windows\System\WUiMbNL.exe
  2⤵
  PID:4872
- C:\Windows\System\GcqETFe.exe
  C:\Windows\System\GcqETFe.exe
  2⤵
  PID:2804
- C:\Windows\System\svyuAtF.exe
  C:\Windows\System\svyuAtF.exe
  2⤵
  PID:4168
- C:\Windows\System\TpgaaDC.exe
  C:\Windows\System\TpgaaDC.exe
  2⤵
  PID:4528
- C:\Windows\System\GvaARKs.exe
  C:\Windows\System\GvaARKs.exe
  2⤵
  PID:4280
- C:\Windows\System\TIKzKPO.exe
  C:\Windows\System\TIKzKPO.exe
  2⤵
  PID:5400
- C:\Windows\System\kOFSQea.exe
  C:\Windows\System\kOFSQea.exe
  2⤵
  PID:4672
- C:\Windows\System\TTjxmQe.exe
  C:\Windows\System\TTjxmQe.exe
  2⤵
  PID:5240
- C:\Windows\System\IFWCnLk.exe
  C:\Windows\System\IFWCnLk.exe
  2⤵
  PID:5264
- C:\Windows\System\GENpqFB.exe
  C:\Windows\System\GENpqFB.exe
  2⤵
  PID:5340
- C:\Windows\System\VCspMUm.exe
  C:\Windows\System\VCspMUm.exe
  2⤵
  PID:5284
- C:\Windows\System\HOaXgrS.exe
  C:\Windows\System\HOaXgrS.exe
  2⤵
  PID:5456
- C:\Windows\System\PrDsZkD.exe
  C:\Windows\System\PrDsZkD.exe
  2⤵
  PID:5436
- C:\Windows\System\rNfGGSr.exe
  C:\Windows\System\rNfGGSr.exe
  2⤵
  PID:5616
- C:\Windows\System\AUSbJyA.exe
  C:\Windows\System\AUSbJyA.exe
  2⤵
  PID:5508
- C:\Windows\System\kVyJvDn.exe
  C:\Windows\System\kVyJvDn.exe
  2⤵
  PID:5684
- C:\Windows\System\rVnDHJJ.exe
  C:\Windows\System\rVnDHJJ.exe
  2⤵
  PID:5748
- C:\Windows\System\rKzeDPE.exe
  C:\Windows\System\rKzeDPE.exe
  2⤵
  PID:5864
- C:\Windows\System\YCKOOEx.exe
  C:\Windows\System\YCKOOEx.exe
  2⤵
  PID:5704
- C:\Windows\System\ZFjKPtR.exe
  C:\Windows\System\ZFjKPtR.exe
  2⤵
  PID:5880
- C:\Windows\System\MZYscPH.exe
  C:\Windows\System\MZYscPH.exe
  2⤵
  PID:5956
- C:\Windows\System\UixEPSe.exe
  C:\Windows\System\UixEPSe.exe
  2⤵
  PID:6036
- C:\Windows\System\zwznCfx.exe
  C:\Windows\System\zwznCfx.exe
  2⤵
  PID:5828
- C:\Windows\System\BWcjZTq.exe
  C:\Windows\System\BWcjZTq.exe
  2⤵
  PID:6056
- C:\Windows\System\BMVqfsh.exe
  C:\Windows\System\BMVqfsh.exe
  2⤵
  PID:4592
- C:\Windows\System\iOIfQvR.exe
  C:\Windows\System\iOIfQvR.exe
  2⤵
  PID:4464
- C:\Windows\System\QZJEwWR.exe
  C:\Windows\System\QZJEwWR.exe
  2⤵
  PID:4668
- C:\Windows\System\JFxgTUZ.exe
  C:\Windows\System\JFxgTUZ.exe
  2⤵
  PID:4488
- C:\Windows\System\GgyRtKd.exe
  C:\Windows\System\GgyRtKd.exe
  2⤵
  PID:4584
- C:\Windows\System\gysfsUs.exe
  C:\Windows\System\gysfsUs.exe
  2⤵
  PID:5396
- C:\Windows\System\nPixNiI.exe
  C:\Windows\System\nPixNiI.exe
  2⤵
  PID:5172
- C:\Windows\System\lhKLUWF.exe
  C:\Windows\System\lhKLUWF.exe
  2⤵
  PID:5360
- C:\Windows\System\xuYXKZf.exe
  C:\Windows\System\xuYXKZf.exe
  2⤵
  PID:5544
- C:\Windows\System\mAcZDtc.exe
  C:\Windows\System\mAcZDtc.exe
  2⤵
  PID:5728
- C:\Windows\System\hIdvVRy.exe
  C:\Windows\System\hIdvVRy.exe
  2⤵
  PID:5788
- C:\Windows\System\cwoFIBy.exe
  C:\Windows\System\cwoFIBy.exe
  2⤵
  PID:5460
- C:\Windows\System\FteWdwU.exe
  C:\Windows\System\FteWdwU.exe
  2⤵
  PID:4772
- C:\Windows\System\ISDjWYs.exe
  C:\Windows\System\ISDjWYs.exe
  2⤵
  PID:5824
- C:\Windows\System\FbXQKdP.exe
  C:\Windows\System\FbXQKdP.exe
  2⤵
  PID:5844
- C:\Windows\System\SYjJvcM.exe
  C:\Windows\System\SYjJvcM.exe
  2⤵
  PID:2136
- C:\Windows\System\msAndrn.exe
  C:\Windows\System\msAndrn.exe
  2⤵
  PID:6112
- C:\Windows\System\tbxAsdY.exe
  C:\Windows\System\tbxAsdY.exe
  2⤵
  PID:2708
- C:\Windows\System\WXQrsVw.exe
  C:\Windows\System\WXQrsVw.exe
  2⤵
  PID:5276
- C:\Windows\System\AbyrCQj.exe
  C:\Windows\System\AbyrCQj.exe
  2⤵
  PID:4524
- C:\Windows\System\VzjiHQf.exe
  C:\Windows\System\VzjiHQf.exe
  2⤵
  PID:6148
- C:\Windows\System\dFrpbzK.exe
  C:\Windows\System\dFrpbzK.exe
  2⤵
  PID:6168
- C:\Windows\System\ucxSmqH.exe
  C:\Windows\System\ucxSmqH.exe
  2⤵
  PID:6188
- C:\Windows\System\HJQxTjq.exe
  C:\Windows\System\HJQxTjq.exe
  2⤵
  PID:6204
- C:\Windows\System\gFDNVTo.exe
  C:\Windows\System\gFDNVTo.exe
  2⤵
  PID:6224
- C:\Windows\System\lorgPpX.exe
  C:\Windows\System\lorgPpX.exe
  2⤵
  PID:6248
- C:\Windows\System\ZndXAdG.exe
  C:\Windows\System\ZndXAdG.exe
  2⤵
  PID:6276
- C:\Windows\System\tMoGNqR.exe
  C:\Windows\System\tMoGNqR.exe
  2⤵
  PID:6292
- C:\Windows\System\mbwTNiR.exe
  C:\Windows\System\mbwTNiR.exe
  2⤵
  PID:6312
- C:\Windows\System\QcvpPog.exe
  C:\Windows\System\QcvpPog.exe
  2⤵
  PID:6332
- C:\Windows\System\IgcdOto.exe
  C:\Windows\System\IgcdOto.exe
  2⤵
  PID:6356
- C:\Windows\System\FYxogFJ.exe
  C:\Windows\System\FYxogFJ.exe
  2⤵
  PID:6376
- C:\Windows\System\ndJfaaI.exe
  C:\Windows\System\ndJfaaI.exe
  2⤵
  PID:6396
- C:\Windows\System\CcMNjpk.exe
  C:\Windows\System\CcMNjpk.exe
  2⤵
  PID:6412
- C:\Windows\System\jyaZjys.exe
  C:\Windows\System\jyaZjys.exe
  2⤵
  PID:6436
- C:\Windows\System\WyTlTQA.exe
  C:\Windows\System\WyTlTQA.exe
  2⤵
  PID:6460
- C:\Windows\System\PkKWsTQ.exe
  C:\Windows\System\PkKWsTQ.exe
  2⤵
  PID:6476
- C:\Windows\System\acpHmHj.exe
  C:\Windows\System\acpHmHj.exe
  2⤵
  PID:6496
- C:\Windows\System\VEaZHjz.exe
  C:\Windows\System\VEaZHjz.exe
  2⤵
  PID:6516
- C:\Windows\System\JwQWZVo.exe
  C:\Windows\System\JwQWZVo.exe
  2⤵
  PID:6540
- C:\Windows\System\UUJFDKy.exe
  C:\Windows\System\UUJFDKy.exe
  2⤵
  PID:6556
- C:\Windows\System\MQzuPDS.exe
  C:\Windows\System\MQzuPDS.exe
  2⤵
  PID:6584
- C:\Windows\System\RhLLkVg.exe
  C:\Windows\System\RhLLkVg.exe
  2⤵
  PID:6600
- C:\Windows\System\mOqdJFh.exe
  C:\Windows\System\mOqdJFh.exe
  2⤵
  PID:6616
- C:\Windows\System\UqTHzmy.exe
  C:\Windows\System\UqTHzmy.exe
  2⤵
  PID:6636
- C:\Windows\System\ogXPzac.exe
  C:\Windows\System\ogXPzac.exe
  2⤵
  PID:6660
- C:\Windows\System\NGVujaG.exe
  C:\Windows\System\NGVujaG.exe
  2⤵
  PID:6680
- C:\Windows\System\OqRWLGO.exe
  C:\Windows\System\OqRWLGO.exe
  2⤵
  PID:6704
- C:\Windows\System\zRplhgE.exe
  C:\Windows\System\zRplhgE.exe
  2⤵
  PID:6720
- C:\Windows\System\GIHIKWM.exe
  C:\Windows\System\GIHIKWM.exe
  2⤵
  PID:6744
- C:\Windows\System\JOmNMnj.exe
  C:\Windows\System\JOmNMnj.exe
  2⤵
  PID:6764
- C:\Windows\System\waqrurS.exe
  C:\Windows\System\waqrurS.exe
  2⤵
  PID:6780
- C:\Windows\System\UENjsaO.exe
  C:\Windows\System\UENjsaO.exe
  2⤵
  PID:6800
- C:\Windows\System\OlehuGr.exe
  C:\Windows\System\OlehuGr.exe
  2⤵
  PID:6824
- C:\Windows\System\jtKINaT.exe
  C:\Windows\System\jtKINaT.exe
  2⤵
  PID:6840
- C:\Windows\System\rKpNpUo.exe
  C:\Windows\System\rKpNpUo.exe
  2⤵
  PID:6864
- C:\Windows\System\pHpQhAm.exe
  C:\Windows\System\pHpQhAm.exe
  2⤵
  PID:6880
- C:\Windows\System\KEWBQWk.exe
  C:\Windows\System\KEWBQWk.exe
  2⤵
  PID:6904
- C:\Windows\System\ztVoira.exe
  C:\Windows\System\ztVoira.exe
  2⤵
  PID:6924
- C:\Windows\System\HUhpIMm.exe
  C:\Windows\System\HUhpIMm.exe
  2⤵
  PID:6940
- C:\Windows\System\ugyzOYR.exe
  C:\Windows\System\ugyzOYR.exe
  2⤵
  PID:6964
- C:\Windows\System\lPBQeEq.exe
  C:\Windows\System\lPBQeEq.exe
  2⤵
  PID:6984
- C:\Windows\System\SIaXvcn.exe
  C:\Windows\System\SIaXvcn.exe
  2⤵
  PID:7000
- C:\Windows\System\FBtPlCm.exe
  C:\Windows\System\FBtPlCm.exe
  2⤵
  PID:7016
- C:\Windows\System\BGezQbI.exe
  C:\Windows\System\BGezQbI.exe
  2⤵
  PID:7036
- C:\Windows\System\uylNFrm.exe
  C:\Windows\System\uylNFrm.exe
  2⤵
  PID:7052
- C:\Windows\System\ZaQVQaF.exe
  C:\Windows\System\ZaQVQaF.exe
  2⤵
  PID:7072
- C:\Windows\System\EtsEyxy.exe
  C:\Windows\System\EtsEyxy.exe
  2⤵
  PID:7088
- C:\Windows\System\APeNBzl.exe
  C:\Windows\System\APeNBzl.exe
  2⤵
  PID:7104
- C:\Windows\System\sJAFAHD.exe
  C:\Windows\System\sJAFAHD.exe
  2⤵
  PID:7120
- C:\Windows\System\wLTwQvO.exe
  C:\Windows\System\wLTwQvO.exe
  2⤵
  PID:7136
- C:\Windows\System\zKkqHyI.exe
  C:\Windows\System\zKkqHyI.exe
  2⤵
  PID:7152
- C:\Windows\System\YbQqwnl.exe
  C:\Windows\System\YbQqwnl.exe
  2⤵
  PID:5560
- C:\Windows\System\SKYICqn.exe
  C:\Windows\System\SKYICqn.exe
  2⤵
  PID:2052
- C:\Windows\System\fMgEAct.exe
  C:\Windows\System\fMgEAct.exe
  2⤵
  PID:4548
- C:\Windows\System\IDALxcn.exe
  C:\Windows\System\IDALxcn.exe
  2⤵
  PID:5184
- C:\Windows\System\nDYEIIc.exe
  C:\Windows\System\nDYEIIc.exe
  2⤵
  PID:6016
- C:\Windows\System\qyRuBNB.exe
  C:\Windows\System\qyRuBNB.exe
  2⤵
  PID:5036
- C:\Windows\System\hiECqpE.exe
  C:\Windows\System\hiECqpE.exe
  2⤵
  PID:6140
- C:\Windows\System\DxIjTFo.exe
  C:\Windows\System\DxIjTFo.exe
  2⤵
  PID:5644
- C:\Windows\System\gvXsvXQ.exe
  C:\Windows\System\gvXsvXQ.exe
  2⤵
  PID:6160
- C:\Windows\System\xzbOdTF.exe
  C:\Windows\System\xzbOdTF.exe
  2⤵
  PID:2132
- C:\Windows\System\myPZJMy.exe
  C:\Windows\System\myPZJMy.exe
  2⤵
  PID:6232
- C:\Windows\System\PyKpwzw.exe
  C:\Windows\System\PyKpwzw.exe
  2⤵
  PID:6284
- C:\Windows\System\ndERpZC.exe
  C:\Windows\System\ndERpZC.exe
  2⤵
  PID:6180
- C:\Windows\System\LPumwbm.exe
  C:\Windows\System\LPumwbm.exe
  2⤵
  PID:6136
- C:\Windows\System\uBmBogw.exe
  C:\Windows\System\uBmBogw.exe
  2⤵
  PID:6184
- C:\Windows\System\inDMlJV.exe
  C:\Windows\System\inDMlJV.exe
  2⤵
  PID:6324
- C:\Windows\System\mAjxszA.exe
  C:\Windows\System\mAjxszA.exe
  2⤵
  PID:6268
- C:\Windows\System\nENYaDX.exe
  C:\Windows\System\nENYaDX.exe
  2⤵
  PID:6340
- C:\Windows\System\qcKhjmu.exe
  C:\Windows\System\qcKhjmu.exe
  2⤵
  PID:6372
- C:\Windows\System\sQYVQrE.exe
  C:\Windows\System\sQYVQrE.exe
  2⤵
  PID:6408
- C:\Windows\System\sXqNkMF.exe
  C:\Windows\System\sXqNkMF.exe
  2⤵
  PID:6352
- C:\Windows\System\RahNEbz.exe
  C:\Windows\System\RahNEbz.exe
  2⤵
  PID:2876
- C:\Windows\System\KbLTbKW.exe
  C:\Windows\System\KbLTbKW.exe
  2⤵
  PID:6448
- C:\Windows\System\vhBEPfY.exe
  C:\Windows\System\vhBEPfY.exe
  2⤵
  PID:6568
- C:\Windows\System\aXRmngs.exe
  C:\Windows\System\aXRmngs.exe
  2⤵
  PID:6740
- C:\Windows\System\GbCVGOz.exe
  C:\Windows\System\GbCVGOz.exe
  2⤵
  PID:1408
- C:\Windows\System\HiSEHDB.exe
  C:\Windows\System\HiSEHDB.exe
  2⤵
  PID:6772
- C:\Windows\System\IFCGmBq.exe
  C:\Windows\System\IFCGmBq.exe
  2⤵
  PID:6756
- C:\Windows\System\EMKHjCs.exe
  C:\Windows\System\EMKHjCs.exe
  2⤵
  PID:6788
- C:\Windows\System\QNBVpmX.exe
  C:\Windows\System\QNBVpmX.exe
  2⤵
  PID:6580
- C:\Windows\System\LUkMlKF.exe
  C:\Windows\System\LUkMlKF.exe
  2⤵
  PID:6836
- C:\Windows\System\PBrPlOl.exe
  C:\Windows\System\PBrPlOl.exe
  2⤵
  PID:6888
- C:\Windows\System\wragCqW.exe
  C:\Windows\System\wragCqW.exe
  2⤵
  PID:6936
- C:\Windows\System\xBKJVec.exe
  C:\Windows\System\xBKJVec.exe
  2⤵
  PID:6872
- C:\Windows\System\xhssVvH.exe
  C:\Windows\System\xhssVvH.exe
  2⤵
  PID:1016
- C:\Windows\System\GSDroSx.exe
  C:\Windows\System\GSDroSx.exe
  2⤵
  PID:7028
- C:\Windows\System\xkRvsnY.exe
  C:\Windows\System\xkRvsnY.exe
  2⤵
  PID:7012
- C:\Windows\System\CdGxQZf.exe
  C:\Windows\System\CdGxQZf.exe
  2⤵
  PID:7044
- C:\Windows\System\YnFNvCU.exe
  C:\Windows\System\YnFNvCU.exe
  2⤵
  PID:7112
- C:\Windows\System\xRMzKyi.exe
  C:\Windows\System\xRMzKyi.exe
  2⤵
  PID:5696
- C:\Windows\System\NzEbLjp.exe
  C:\Windows\System\NzEbLjp.exe
  2⤵
  PID:5484
- C:\Windows\System\jEClQdP.exe
  C:\Windows\System\jEClQdP.exe
  2⤵
  PID:6164
- C:\Windows\System\FZdeqLu.exe
  C:\Windows\System\FZdeqLu.exe
  2⤵
  PID:2616
- C:\Windows\System\CTaioSr.exe
  C:\Windows\System\CTaioSr.exe
  2⤵
  PID:6484
- C:\Windows\System\MUhfJll.exe
  C:\Windows\System\MUhfJll.exe
  2⤵
  PID:2548
- C:\Windows\System\zndADdg.exe
  C:\Windows\System\zndADdg.exe
  2⤵
  PID:6956
- C:\Windows\System\IbkDMbe.exe
  C:\Windows\System\IbkDMbe.exe
  2⤵
  PID:4992
- C:\Windows\System\SPNLsSl.exe
  C:\Windows\System\SPNLsSl.exe
  2⤵
  PID:5944
- C:\Windows\System\cPxcCyI.exe
  C:\Windows\System\cPxcCyI.exe
  2⤵
  PID:5596
- C:\Windows\System\GzndesM.exe
  C:\Windows\System\GzndesM.exe
  2⤵
  PID:6364
- C:\Windows\System\REdGMLp.exe
  C:\Windows\System\REdGMLp.exe
  2⤵
  PID:6452
- C:\Windows\System\TNqEwvI.exe
  C:\Windows\System\TNqEwvI.exe
  2⤵
  PID:7060
- C:\Windows\System\cnxbaeD.exe
  C:\Windows\System\cnxbaeD.exe
  2⤵
  PID:7132
- C:\Windows\System\biBLVYj.exe
  C:\Windows\System\biBLVYj.exe
  2⤵
  PID:6576
- C:\Windows\System\sWhVDcy.exe
  C:\Windows\System\sWhVDcy.exe
  2⤵
  PID:824
- C:\Windows\System\AwUkzCg.exe
  C:\Windows\System\AwUkzCg.exe
  2⤵
  PID:6644
- C:\Windows\System\TbFnJus.exe
  C:\Windows\System\TbFnJus.exe
  2⤵
  PID:6696
- C:\Windows\System\JBjcVCr.exe
  C:\Windows\System\JBjcVCr.exe
  2⤵
  PID:1728
- C:\Windows\System\CuouRUU.exe
  C:\Windows\System\CuouRUU.exe
  2⤵
  PID:2424
- C:\Windows\System\OHWLxdp.exe
  C:\Windows\System\OHWLxdp.exe
  2⤵
  PID:1380
- C:\Windows\System\zBgaSAg.exe
  C:\Windows\System\zBgaSAg.exe
  2⤵
  PID:7064
- C:\Windows\System\qhQJPpT.exe
  C:\Windows\System\qhQJPpT.exe
  2⤵
  PID:6712
- C:\Windows\System\vgnScTy.exe
  C:\Windows\System\vgnScTy.exe
  2⤵
  PID:2212
- C:\Windows\System\duoyYEG.exe
  C:\Windows\System\duoyYEG.exe
  2⤵
  PID:6856
- C:\Windows\System\tfmtlRE.exe
  C:\Windows\System\tfmtlRE.exe
  2⤵
  PID:6796
- C:\Windows\System\GhxnDHF.exe
  C:\Windows\System\GhxnDHF.exe
  2⤵
  PID:6920
- C:\Windows\System\OKQhopv.exe
  C:\Windows\System\OKQhopv.exe
  2⤵
  PID:2844
- C:\Windows\System\tvDgyfm.exe
  C:\Windows\System\tvDgyfm.exe
  2⤵
  PID:6156
- C:\Windows\System\QJWmCun.exe
  C:\Windows\System\QJWmCun.exe
  2⤵
  PID:6424
- C:\Windows\System\WNyUXii.exe
  C:\Windows\System\WNyUXii.exe
  2⤵
  PID:6896
- C:\Windows\System\HWvWioy.exe
  C:\Windows\System\HWvWioy.exe
  2⤵
  PID:6996
- C:\Windows\System\dWZQJEA.exe
  C:\Windows\System\dWZQJEA.exe
  2⤵
  PID:2732
- C:\Windows\System\BstrdqB.exe
  C:\Windows\System\BstrdqB.exe
  2⤵
  PID:6392
- C:\Windows\System\CPLdUWq.exe
  C:\Windows\System\CPLdUWq.exe
  2⤵
  PID:2416
- C:\Windows\System\iZSowBn.exe
  C:\Windows\System\iZSowBn.exe
  2⤵
  PID:7032
- C:\Windows\System\NCtJKTd.exe
  C:\Windows\System\NCtJKTd.exe
  2⤵
  PID:1568
- C:\Windows\System\Ozbtdjo.exe
  C:\Windows\System\Ozbtdjo.exe
  2⤵
  PID:6592
- C:\Windows\System\zcsaMqz.exe
  C:\Windows\System\zcsaMqz.exe
  2⤵
  PID:6668
- C:\Windows\System\loiEpOu.exe
  C:\Windows\System\loiEpOu.exe
  2⤵
  PID:6900
- C:\Windows\System\lookWQz.exe
  C:\Windows\System\lookWQz.exe
  2⤵
  PID:6776
- C:\Windows\System\HEdEEzZ.exe
  C:\Windows\System\HEdEEzZ.exe
  2⤵
  PID:6328
- C:\Windows\System\FIgxUTO.exe
  C:\Windows\System\FIgxUTO.exe
  2⤵
  PID:7080
- C:\Windows\System\qNhXlid.exe
  C:\Windows\System\qNhXlid.exe
  2⤵
  PID:6504
- C:\Windows\System\lOPSmAx.exe
  C:\Windows\System\lOPSmAx.exe
  2⤵
  PID:6676
- C:\Windows\System\bxrTNPZ.exe
  C:\Windows\System\bxrTNPZ.exe
  2⤵
  PID:7084
- C:\Windows\System\FZOXdte.exe
  C:\Windows\System\FZOXdte.exe
  2⤵
  PID:3276
- C:\Windows\System\bEFLQme.exe
  C:\Windows\System\bEFLQme.exe
  2⤵
  PID:6876
- C:\Windows\System\ZyrhUCO.exe
  C:\Windows\System\ZyrhUCO.exe
  2⤵
  PID:2748
- C:\Windows\System\XCELorh.exe
  C:\Windows\System\XCELorh.exe
  2⤵
  PID:4360
- C:\Windows\System\BKxyDmh.exe
  C:\Windows\System\BKxyDmh.exe
  2⤵
  PID:6752
- C:\Windows\System\UKDfeJO.exe
  C:\Windows\System\UKDfeJO.exe
  2⤵
  PID:6728
- C:\Windows\System\MBImpxl.exe
  C:\Windows\System\MBImpxl.exe
  2⤵
  PID:6832
- C:\Windows\System\tIyEzqS.exe
  C:\Windows\System\tIyEzqS.exe
  2⤵
  PID:6976
- C:\Windows\System\NIEnZUb.exe
  C:\Windows\System\NIEnZUb.exe
  2⤵
  PID:2784
- C:\Windows\System\Pmmdisf.exe
  C:\Windows\System\Pmmdisf.exe
  2⤵
  PID:6952
- C:\Windows\System\RhTlool.exe
  C:\Windows\System\RhTlool.exe
  2⤵
  PID:6388
- C:\Windows\System\qTaxuyD.exe
  C:\Windows\System\qTaxuyD.exe
  2⤵
  PID:6420
- C:\Windows\System\XRZRlay.exe
  C:\Windows\System\XRZRlay.exe
  2⤵
  PID:7008
- C:\Windows\System\imHJJON.exe
  C:\Windows\System\imHJJON.exe
  2⤵
  PID:7164
- C:\Windows\System\hfkTifC.exe
  C:\Windows\System\hfkTifC.exe
  2⤵
  PID:6264
- C:\Windows\System\riAoTdR.exe
  C:\Windows\System\riAoTdR.exe
  2⤵
  PID:6652
- C:\Windows\System\TMtWhLP.exe
  C:\Windows\System\TMtWhLP.exe
  2⤵
  PID:6260
- C:\Windows\System\tOMDTdP.exe
  C:\Windows\System\tOMDTdP.exe
  2⤵
  PID:6348
- C:\Windows\System\tMvBcvF.exe
  C:\Windows\System\tMvBcvF.exe
  2⤵
  PID:2684
- C:\Windows\System\ZDecGvf.exe
  C:\Windows\System\ZDecGvf.exe
  2⤵
  PID:684
- C:\Windows\System\TweKJSJ.exe
  C:\Windows\System\TweKJSJ.exe
  2⤵
  PID:5032
- C:\Windows\System\pYqTmZR.exe
  C:\Windows\System\pYqTmZR.exe
  2⤵
  PID:6216
- C:\Windows\System\HiwgKBW.exe
  C:\Windows\System\HiwgKBW.exe
  2⤵
  PID:6428
- C:\Windows\System\xMCbgWS.exe
  C:\Windows\System\xMCbgWS.exe
  2⤵
  PID:2540
- C:\Windows\System\vqCMcZF.exe
  C:\Windows\System\vqCMcZF.exe
  2⤵
  PID:6052
- C:\Windows\System\oyuQITf.exe
  C:\Windows\System\oyuQITf.exe
  2⤵
  PID:6552
- C:\Windows\System\pweYKus.exe
  C:\Windows\System\pweYKus.exe
  2⤵
  PID:7096
- C:\Windows\System\usimsLU.exe
  C:\Windows\System\usimsLU.exe
  2⤵
  PID:6304
- C:\Windows\System\GFIaHzq.exe
  C:\Windows\System\GFIaHzq.exe
  2⤵
  PID:2324
- C:\Windows\System\YTahwVA.exe
  C:\Windows\System\YTahwVA.exe
  2⤵
  PID:7180
- C:\Windows\System\xTuJxaP.exe
  C:\Windows\System\xTuJxaP.exe
  2⤵
  PID:7200
- C:\Windows\System\zeSgtyr.exe
  C:\Windows\System\zeSgtyr.exe
  2⤵
  PID:7216
- C:\Windows\System\LKDhsFp.exe
  C:\Windows\System\LKDhsFp.exe
  2⤵
  PID:7232
- C:\Windows\System\glbLMgS.exe
  C:\Windows\System\glbLMgS.exe
  2⤵
  PID:7248
- C:\Windows\System\IbUNPka.exe
  C:\Windows\System\IbUNPka.exe
  2⤵
  PID:7264
- C:\Windows\System\sdwFfwO.exe
  C:\Windows\System\sdwFfwO.exe
  2⤵
  PID:7280
- C:\Windows\System\BTzPvmm.exe
  C:\Windows\System\BTzPvmm.exe
  2⤵
  PID:7300
- C:\Windows\System\bleDxLT.exe
  C:\Windows\System\bleDxLT.exe
  2⤵
  PID:7320
- C:\Windows\System\ZTLkNxo.exe
  C:\Windows\System\ZTLkNxo.exe
  2⤵
  PID:7344
- C:\Windows\System\OXvEWEi.exe
  C:\Windows\System\OXvEWEi.exe
  2⤵
  PID:7368
- C:\Windows\System\GrWnfbo.exe
  C:\Windows\System\GrWnfbo.exe
  2⤵
  PID:7408
- C:\Windows\System\AXWuXfn.exe
  C:\Windows\System\AXWuXfn.exe
  2⤵
  PID:7428
- C:\Windows\System\bhAeDXE.exe
  C:\Windows\System\bhAeDXE.exe
  2⤵
  PID:7444
- C:\Windows\System\dMwurfo.exe
  C:\Windows\System\dMwurfo.exe
  2⤵
  PID:7464
- C:\Windows\System\SamfDDr.exe
  C:\Windows\System\SamfDDr.exe
  2⤵
  PID:7484
- C:\Windows\System\lNuDbPB.exe
  C:\Windows\System\lNuDbPB.exe
  2⤵
  PID:7500
- C:\Windows\System\xlNUqiN.exe
  C:\Windows\System\xlNUqiN.exe
  2⤵
  PID:7520
- C:\Windows\System\yeSVmJS.exe
  C:\Windows\System\yeSVmJS.exe
  2⤵
  PID:7536
- C:\Windows\System\nUXsDWU.exe
  C:\Windows\System\nUXsDWU.exe
  2⤵
  PID:7552
- C:\Windows\System\HkpdJoV.exe
  C:\Windows\System\HkpdJoV.exe
  2⤵
  PID:7576
- C:\Windows\System\KOrPCQq.exe
  C:\Windows\System\KOrPCQq.exe
  2⤵
  PID:7592
- C:\Windows\System\USzJoBA.exe
  C:\Windows\System\USzJoBA.exe
  2⤵
  PID:7608
- C:\Windows\System\jzEgaQx.exe
  C:\Windows\System\jzEgaQx.exe
  2⤵
  PID:7624
- C:\Windows\System\uoPoBUD.exe
  C:\Windows\System\uoPoBUD.exe
  2⤵
  PID:7640
- C:\Windows\System\tUPwciE.exe
  C:\Windows\System\tUPwciE.exe
  2⤵
  PID:7656
- C:\Windows\System\pFWOXPJ.exe
  C:\Windows\System\pFWOXPJ.exe
  2⤵
  PID:7672
- C:\Windows\System\qapYBJe.exe
  C:\Windows\System\qapYBJe.exe
  2⤵
  PID:7688
- C:\Windows\System\OxJVrUR.exe
  C:\Windows\System\OxJVrUR.exe
  2⤵
  PID:7704
- C:\Windows\System\AwJQpEA.exe
  C:\Windows\System\AwJQpEA.exe
  2⤵
  PID:7720
- C:\Windows\System\SHHaDaD.exe
  C:\Windows\System\SHHaDaD.exe
  2⤵
  PID:7736
- C:\Windows\System\mQkGkhA.exe
  C:\Windows\System\mQkGkhA.exe
  2⤵
  PID:7752
- C:\Windows\System\PNlWEeL.exe
  C:\Windows\System\PNlWEeL.exe
  2⤵
  PID:7768
- C:\Windows\System\kxwmFxT.exe
  C:\Windows\System\kxwmFxT.exe
  2⤵
  PID:7784
- C:\Windows\System\BUMyYDX.exe
  C:\Windows\System\BUMyYDX.exe
  2⤵
  PID:7800
- C:\Windows\System\GyyYKzX.exe
  C:\Windows\System\GyyYKzX.exe
  2⤵
  PID:7820
- C:\Windows\System\iKmxgue.exe
  C:\Windows\System\iKmxgue.exe
  2⤵
  PID:7836
- C:\Windows\System\WuxfvuA.exe
  C:\Windows\System\WuxfvuA.exe
  2⤵
  PID:7852
- C:\Windows\System\mLmWWtv.exe
  C:\Windows\System\mLmWWtv.exe
  2⤵
  PID:7868
- C:\Windows\System\ZpFDCCa.exe
  C:\Windows\System\ZpFDCCa.exe
  2⤵
  PID:7888
- C:\Windows\System\JFNfjle.exe
  C:\Windows\System\JFNfjle.exe
  2⤵
  PID:7908
- C:\Windows\System\bXtZwFt.exe
  C:\Windows\System\bXtZwFt.exe
  2⤵
  PID:7924
- C:\Windows\System\qYkKSpo.exe
  C:\Windows\System\qYkKSpo.exe
  2⤵
  PID:7944
- C:\Windows\System\QNmTNqx.exe
  C:\Windows\System\QNmTNqx.exe
  2⤵
  PID:7964
- C:\Windows\System\eCrMUNO.exe
  C:\Windows\System\eCrMUNO.exe
  2⤵
  PID:7980
- C:\Windows\System\DIozUBs.exe
  C:\Windows\System\DIozUBs.exe
  2⤵
  PID:7996
- C:\Windows\System\CRBmlBu.exe
  C:\Windows\System\CRBmlBu.exe
  2⤵
  PID:8012
- C:\Windows\System\RltdkRX.exe
  C:\Windows\System\RltdkRX.exe
  2⤵
  PID:8028
- C:\Windows\System\zmPobAS.exe
  C:\Windows\System\zmPobAS.exe
  2⤵
  PID:8044
- C:\Windows\System\OuHWlkM.exe
  C:\Windows\System\OuHWlkM.exe
  2⤵
  PID:8060
- C:\Windows\System\RTpVPhd.exe
  C:\Windows\System\RTpVPhd.exe
  2⤵
  PID:8076
- C:\Windows\System\elfxGeQ.exe
  C:\Windows\System\elfxGeQ.exe
  2⤵
  PID:8188
- C:\Windows\System\tnCPGAe.exe
  C:\Windows\System\tnCPGAe.exe
  2⤵
  PID:6320
- C:\Windows\System\ZykYfGb.exe
  C:\Windows\System\ZykYfGb.exe
  2⤵
  PID:7272
- C:\Windows\System\qgHXcqv.exe
  C:\Windows\System\qgHXcqv.exe
  2⤵
  PID:7188
- C:\Windows\System\cjXMDkO.exe
  C:\Windows\System\cjXMDkO.exe
  2⤵
  PID:7228
- C:\Windows\System\tmrCxRH.exe
  C:\Windows\System\tmrCxRH.exe
  2⤵
  PID:7360
- C:\Windows\System\ObilIkV.exe
  C:\Windows\System\ObilIkV.exe
  2⤵
  PID:7332
- C:\Windows\System\ebjVKhH.exe
  C:\Windows\System\ebjVKhH.exe
  2⤵
  PID:7376
- C:\Windows\System\YrLENzw.exe
  C:\Windows\System\YrLENzw.exe
  2⤵
  PID:7400
- C:\Windows\System\SrjNjeM.exe
  C:\Windows\System\SrjNjeM.exe
  2⤵
  PID:7452
- C:\Windows\System\UUFfmnz.exe
  C:\Windows\System\UUFfmnz.exe
  2⤵
  PID:7496
- C:\Windows\System\CUNnepZ.exe
  C:\Windows\System\CUNnepZ.exe
  2⤵
  PID:7560
- C:\Windows\System\ayzsSTg.exe
  C:\Windows\System\ayzsSTg.exe
  2⤵
  PID:7436
- C:\Windows\System\HFhgjJa.exe
  C:\Windows\System\HFhgjJa.exe
  2⤵
  PID:7636
- C:\Windows\System\eTlQmYk.exe
  C:\Windows\System\eTlQmYk.exe
  2⤵
  PID:7544
- C:\Windows\System\iMkSxTr.exe
  C:\Windows\System\iMkSxTr.exe
  2⤵
  PID:7548
- C:\Windows\System\OcZBLVc.exe
  C:\Windows\System\OcZBLVc.exe
  2⤵
  PID:7796
- C:\Windows\System\lvgWtQr.exe
  C:\Windows\System\lvgWtQr.exe
  2⤵
  PID:7832
- C:\Windows\System\MRqXJYr.exe
  C:\Windows\System\MRqXJYr.exe
  2⤵
  PID:7816
- C:\Windows\System\aweisCM.exe
  C:\Windows\System\aweisCM.exe
  2⤵
  PID:7780
- C:\Windows\System\tebjnDJ.exe
  C:\Windows\System\tebjnDJ.exe
  2⤵
  PID:7864
- C:\Windows\System\oRVSHoc.exe
  C:\Windows\System\oRVSHoc.exe
  2⤵
  PID:7904
- C:\Windows\System\yogkccp.exe
  C:\Windows\System\yogkccp.exe
  2⤵
  PID:7876
- C:\Windows\System\xgLqodI.exe
  C:\Windows\System\xgLqodI.exe
  2⤵
  PID:7920
- C:\Windows\System\IijUfBC.exe
  C:\Windows\System\IijUfBC.exe
  2⤵
  PID:7988
- C:\Windows\System\wgxtrzJ.exe
  C:\Windows\System\wgxtrzJ.exe
  2⤵
  PID:7976
- C:\Windows\System\RBaSNUc.exe
  C:\Windows\System\RBaSNUc.exe
  2⤵
  PID:8040
- C:\Windows\System\iyVpZol.exe
  C:\Windows\System\iyVpZol.exe
  2⤵
  PID:8056
- C:\Windows\System\qAdcsgj.exe
  C:\Windows\System\qAdcsgj.exe
  2⤵
  PID:8092
- C:\Windows\System\gXwSQza.exe
  C:\Windows\System\gXwSQza.exe
  2⤵
  PID:8108
- C:\Windows\System\PEeuMEu.exe
  C:\Windows\System\PEeuMEu.exe
  2⤵
  PID:8120
- C:\Windows\System\bHHgoCD.exe
  C:\Windows\System\bHHgoCD.exe
  2⤵
  PID:8152
- C:\Windows\System\QSyDaig.exe
  C:\Windows\System\QSyDaig.exe
  2⤵
  PID:8160
- C:\Windows\System\VgjeFiC.exe
  C:\Windows\System\VgjeFiC.exe
  2⤵
  PID:8172
- C:\Windows\System\kCjyIqM.exe
  C:\Windows\System\kCjyIqM.exe
  2⤵
  PID:7176
- C:\Windows\System\labSCEg.exe
  C:\Windows\System\labSCEg.exe
  2⤵
  PID:7208
- C:\Windows\System\batwZPw.exe
  C:\Windows\System\batwZPw.exe
  2⤵
  PID:7312
- C:\Windows\System\eidUlof.exe
  C:\Windows\System\eidUlof.exe
  2⤵
  PID:7224
- C:\Windows\System\vjpOOQg.exe
  C:\Windows\System\vjpOOQg.exe
  2⤵
  PID:7256
- C:\Windows\System\QDivgIB.exe
  C:\Windows\System\QDivgIB.exe
  2⤵
  PID:7388
- C:\Windows\System\ymhpqol.exe
  C:\Windows\System\ymhpqol.exe
  2⤵
  PID:7492
- C:\Windows\System\QPDUxWt.exe
  C:\Windows\System\QPDUxWt.exe
  2⤵
  PID:7328
- C:\Windows\System\fUkZijJ.exe
  C:\Windows\System\fUkZijJ.exe
  2⤵
  PID:7512
- C:\Windows\System\vnninim.exe
  C:\Windows\System\vnninim.exe
  2⤵
  PID:7404
- C:\Windows\System\cwFwmdV.exe
  C:\Windows\System\cwFwmdV.exe
  2⤵
  PID:7532
- C:\Windows\System\oJKqxpB.exe
  C:\Windows\System\oJKqxpB.exe
  2⤵
  PID:8132
- C:\Windows\System\yCxZYZy.exe
  C:\Windows\System\yCxZYZy.exe
  2⤵
  PID:7732
- C:\Windows\System\QmyGeWg.exe
  C:\Windows\System\QmyGeWg.exe
  2⤵
  PID:7652
- C:\Windows\System\qdhPPld.exe
  C:\Windows\System\qdhPPld.exe
  2⤵
  PID:7860
- C:\Windows\System\rqzitaU.exe
  C:\Windows\System\rqzitaU.exe
  2⤵
  PID:7956
- C:\Windows\System\ESxBkZo.exe
  C:\Windows\System\ESxBkZo.exe
  2⤵
  PID:8036
- C:\Windows\System\HRIFHni.exe
  C:\Windows\System\HRIFHni.exe
  2⤵
  PID:7844
- C:\Windows\System\QXmubZy.exe
  C:\Windows\System\QXmubZy.exe
  2⤵
  PID:8020
- C:\Windows\System\uINPOzJ.exe
  C:\Windows\System\uINPOzJ.exe
  2⤵
  PID:8088
- C:\Windows\System\DvZmQAy.exe
  C:\Windows\System\DvZmQAy.exe
  2⤵
  PID:7308
- C:\Windows\System\fXuQXYp.exe
  C:\Windows\System\fXuQXYp.exe
  2⤵
  PID:8180
- C:\Windows\System\BnTxNsY.exe
  C:\Windows\System\BnTxNsY.exe
  2⤵
  PID:7476
- C:\Windows\System\aELHJnf.exe
  C:\Windows\System\aELHJnf.exe
  2⤵
  PID:7384
- C:\Windows\System\FHqyjuG.exe
  C:\Windows\System\FHqyjuG.exe
  2⤵
  PID:7424
- C:\Windows\System\wIgspgd.exe
  C:\Windows\System\wIgspgd.exe
  2⤵
  PID:7244
- C:\Windows\System\TkLqEsb.exe
  C:\Windows\System\TkLqEsb.exe
  2⤵
  PID:7572
- C:\Windows\System\nGZivqb.exe
  C:\Windows\System\nGZivqb.exe
  2⤵
  PID:7632
- C:\Windows\System\NeGcJcr.exe
  C:\Windows\System\NeGcJcr.exe
  2⤵
  PID:8052
- C:\Windows\System\OcqDyns.exe
  C:\Windows\System\OcqDyns.exe
  2⤵
  PID:8100
- C:\Windows\System\fvcjHjG.exe
  C:\Windows\System\fvcjHjG.exe
  2⤵
  PID:7340
- C:\Windows\System\eiUOaeD.exe
  C:\Windows\System\eiUOaeD.exe
  2⤵
  PID:7812
- C:\Windows\System\NgqXRfA.exe
  C:\Windows\System\NgqXRfA.exe
  2⤵
  PID:7880
- C:\Windows\System\SWLxPRn.exe
  C:\Windows\System\SWLxPRn.exe
  2⤵
  PID:7744
- C:\Windows\System\VfmGgQK.exe
  C:\Windows\System\VfmGgQK.exe
  2⤵
  PID:8068
- C:\Windows\System\tYCINOA.exe
  C:\Windows\System\tYCINOA.exe
  2⤵
  PID:7292
- C:\Windows\System\npnUfmO.exe
  C:\Windows\System\npnUfmO.exe
  2⤵
  PID:7396
- C:\Windows\System\vjmCBBv.exe
  C:\Windows\System\vjmCBBv.exe
  2⤵
  PID:8140
- C:\Windows\System\kGbWuWY.exe
  C:\Windows\System\kGbWuWY.exe
  2⤵
  PID:8144
- C:\Windows\System\yOrofeL.exe
  C:\Windows\System\yOrofeL.exe
  2⤵
  PID:7728
- C:\Windows\System\bkciUbN.exe
  C:\Windows\System\bkciUbN.exe
  2⤵
  PID:5976
- C:\Windows\System\YwjbMVS.exe
  C:\Windows\System\YwjbMVS.exe
  2⤵
  PID:6972
- C:\Windows\System\WUbmTKk.exe
  C:\Windows\System\WUbmTKk.exe
  2⤵
  PID:7616
- C:\Windows\System\uiUUHKL.exe
  C:\Windows\System\uiUUHKL.exe
  2⤵
  PID:8084
- C:\Windows\System\BVkeQCV.exe
  C:\Windows\System\BVkeQCV.exe
  2⤵
  PID:8116
- C:\Windows\System\RKeIvfO.exe
  C:\Windows\System\RKeIvfO.exe
  2⤵
  PID:8208
- C:\Windows\System\SASnLhB.exe
  C:\Windows\System\SASnLhB.exe
  2⤵
  PID:8224
- C:\Windows\System\NRAROsV.exe
  C:\Windows\System\NRAROsV.exe
  2⤵
  PID:8248
- C:\Windows\System\QSglpxX.exe
  C:\Windows\System\QSglpxX.exe
  2⤵
  PID:8268
- C:\Windows\System\ydjimQI.exe
  C:\Windows\System\ydjimQI.exe
  2⤵
  PID:8284
- C:\Windows\System\wMJTFzD.exe
  C:\Windows\System\wMJTFzD.exe
  2⤵
  PID:8300
- C:\Windows\System\VXJMDnB.exe
  C:\Windows\System\VXJMDnB.exe
  2⤵
  PID:8316
- C:\Windows\System\KejrXcb.exe
  C:\Windows\System\KejrXcb.exe
  2⤵
  PID:8332
- C:\Windows\System\opVJwHB.exe
  C:\Windows\System\opVJwHB.exe
  2⤵
  PID:8352
- C:\Windows\System\Yfccnqq.exe
  C:\Windows\System\Yfccnqq.exe
  2⤵
  PID:8396
- C:\Windows\System\dCaaruE.exe
  C:\Windows\System\dCaaruE.exe
  2⤵
  PID:8416
- C:\Windows\System\DAlAlDQ.exe
  C:\Windows\System\DAlAlDQ.exe
  2⤵
  PID:8432
- C:\Windows\System\FWBrfJr.exe
  C:\Windows\System\FWBrfJr.exe
  2⤵
  PID:8456
- C:\Windows\System\WBxBYri.exe
  C:\Windows\System\WBxBYri.exe
  2⤵
  PID:8480
- C:\Windows\System\yEQprNS.exe
  C:\Windows\System\yEQprNS.exe
  2⤵
  PID:8500
- C:\Windows\System\sCCzRqs.exe
  C:\Windows\System\sCCzRqs.exe
  2⤵
  PID:8516
- C:\Windows\System\JsZJUJg.exe
  C:\Windows\System\JsZJUJg.exe
  2⤵
  PID:8532
- C:\Windows\System\msxstOd.exe
  C:\Windows\System\msxstOd.exe
  2⤵
  PID:8548
- C:\Windows\System\qVYeJlD.exe
  C:\Windows\System\qVYeJlD.exe
  2⤵
  PID:8564
- C:\Windows\System\GuzVpmB.exe
  C:\Windows\System\GuzVpmB.exe
  2⤵
  PID:8580
- C:\Windows\System\QQndZzh.exe
  C:\Windows\System\QQndZzh.exe
  2⤵
  PID:8600
- C:\Windows\System\wVQpPfd.exe
  C:\Windows\System\wVQpPfd.exe
  2⤵
  PID:8616
- C:\Windows\System\uMtViyl.exe
  C:\Windows\System\uMtViyl.exe
  2⤵
  PID:8632
- C:\Windows\System\nIZmpaR.exe
  C:\Windows\System\nIZmpaR.exe
  2⤵
  PID:8648
- C:\Windows\System\rYcNufN.exe
  C:\Windows\System\rYcNufN.exe
  2⤵
  PID:8664
- C:\Windows\System\lnMcvuq.exe
  C:\Windows\System\lnMcvuq.exe
  2⤵
  PID:8680
- C:\Windows\System\didbebf.exe
  C:\Windows\System\didbebf.exe
  2⤵
  PID:8724
- C:\Windows\System\egwqljY.exe
  C:\Windows\System\egwqljY.exe
  2⤵
  PID:8740
- C:\Windows\System\eILRjIK.exe
  C:\Windows\System\eILRjIK.exe
  2⤵
  PID:8756
- C:\Windows\System\fzLWumB.exe
  C:\Windows\System\fzLWumB.exe
  2⤵
  PID:8772
- C:\Windows\System\ZxcixdZ.exe
  C:\Windows\System\ZxcixdZ.exe
  2⤵
  PID:8788
- C:\Windows\System\eJBPMlC.exe
  C:\Windows\System\eJBPMlC.exe
  2⤵
  PID:8808
- C:\Windows\System\boByFaV.exe
  C:\Windows\System\boByFaV.exe
  2⤵
  PID:8836
- C:\Windows\System\YVMtFvs.exe
  C:\Windows\System\YVMtFvs.exe
  2⤵
  PID:8852
- C:\Windows\System\ZcauypH.exe
  C:\Windows\System\ZcauypH.exe
  2⤵
  PID:8868
- C:\Windows\System\mWGAPtb.exe
  C:\Windows\System\mWGAPtb.exe
  2⤵
  PID:8884
- C:\Windows\System\bBYShAq.exe
  C:\Windows\System\bBYShAq.exe
  2⤵
  PID:8900
- C:\Windows\System\kVYwihi.exe
  C:\Windows\System\kVYwihi.exe
  2⤵
  PID:8916
- C:\Windows\System\ovdNjDk.exe
  C:\Windows\System\ovdNjDk.exe
  2⤵
  PID:8932
- C:\Windows\System\etACzPc.exe
  C:\Windows\System\etACzPc.exe
  2⤵
  PID:8948
- C:\Windows\System\MmWQSmu.exe
  C:\Windows\System\MmWQSmu.exe
  2⤵
  PID:8968
- C:\Windows\System\QLrWtRA.exe
  C:\Windows\System\QLrWtRA.exe
  2⤵
  PID:8992
- C:\Windows\System\onusDgE.exe
  C:\Windows\System\onusDgE.exe
  2⤵
  PID:9016
- C:\Windows\System\LCJmTWv.exe
  C:\Windows\System\LCJmTWv.exe
  2⤵
  PID:9032
- C:\Windows\System\RNGmxvy.exe
  C:\Windows\System\RNGmxvy.exe
  2⤵
  PID:9100
- C:\Windows\System\pndAHOi.exe
  C:\Windows\System\pndAHOi.exe
  2⤵
  PID:9116
- C:\Windows\System\BVDGNfK.exe
  C:\Windows\System\BVDGNfK.exe
  2⤵
  PID:9144
- C:\Windows\System\yQwAcwP.exe
  C:\Windows\System\yQwAcwP.exe
  2⤵
  PID:9164
- C:\Windows\System\shRZbWT.exe
  C:\Windows\System\shRZbWT.exe
  2⤵
  PID:9188
- C:\Windows\System\vnNkQFZ.exe
  C:\Windows\System\vnNkQFZ.exe
  2⤵
  PID:9204
- C:\Windows\System\BekcKFV.exe
  C:\Windows\System\BekcKFV.exe
  2⤵
  PID:8204
- C:\Windows\System\RNejNyt.exe
  C:\Windows\System\RNejNyt.exe
  2⤵
  PID:8244
- C:\Windows\System\EjbaFDp.exe
  C:\Windows\System\EjbaFDp.exe
  2⤵
  PID:8308
- C:\Windows\System\KJRJKxx.exe
  C:\Windows\System\KJRJKxx.exe
  2⤵
  PID:8216
- C:\Windows\System\JueUMRs.exe
  C:\Windows\System\JueUMRs.exe
  2⤵
  PID:8328
- C:\Windows\System\TFPNZgz.exe
  C:\Windows\System\TFPNZgz.exe
  2⤵
  PID:8296
- C:\Windows\System\lJGBzTW.exe
  C:\Windows\System\lJGBzTW.exe
  2⤵
  PID:8376
- C:\Windows\System\hGmjrwW.exe
  C:\Windows\System\hGmjrwW.exe
  2⤵
  PID:8364
- C:\Windows\System\cnmlTlz.exe
  C:\Windows\System\cnmlTlz.exe
  2⤵
  PID:8428
- C:\Windows\System\GoxGEkO.exe
  C:\Windows\System\GoxGEkO.exe
  2⤵
  PID:8448
- C:\Windows\System\MrIhSmh.exe
  C:\Windows\System\MrIhSmh.exe
  2⤵
  PID:8472
- C:\Windows\System\qBsBKhc.exe
  C:\Windows\System\qBsBKhc.exe
  2⤵
  PID:8508
- C:\Windows\System\VAppuFP.exe
  C:\Windows\System\VAppuFP.exe
  2⤵
  PID:8524
- C:\Windows\System\hARbdQA.exe
  C:\Windows\System\hARbdQA.exe
  2⤵
  PID:8624
- C:\Windows\System\AbGCEzs.exe
  C:\Windows\System\AbGCEzs.exe
  2⤵
  PID:8688
- C:\Windows\System\BBmRmUT.exe
  C:\Windows\System\BBmRmUT.exe
  2⤵
  PID:8572
- C:\Windows\System\Tunurvg.exe
  C:\Windows\System\Tunurvg.exe
  2⤵
  PID:8708
- C:\Windows\System\oEvIbUq.exe
  C:\Windows\System\oEvIbUq.exe
  2⤵
  PID:8644
- C:\Windows\System\REXIUlV.exe
  C:\Windows\System\REXIUlV.exe
  2⤵
  PID:8816
- C:\Windows\System\gJYddXs.exe
  C:\Windows\System\gJYddXs.exe
  2⤵
  PID:8956
- C:\Windows\System\mWCctnp.exe
  C:\Windows\System\mWCctnp.exe
  2⤵
  PID:9008
- C:\Windows\System\Uzakbfi.exe
  C:\Windows\System\Uzakbfi.exe
  2⤵
  PID:9060
- C:\Windows\System\TyDgOsU.exe
  C:\Windows\System\TyDgOsU.exe
  2⤵
  PID:8736
- C:\Windows\System\aqoPTvW.exe
  C:\Windows\System\aqoPTvW.exe
  2⤵
  PID:9084
- C:\Windows\System\dSXHHlE.exe
  C:\Windows\System\dSXHHlE.exe
  2⤵
  PID:8804
- C:\Windows\System\BCcGGbv.exe
  C:\Windows\System\BCcGGbv.exe
  2⤵
  PID:8940
- C:\Windows\System\DwtMVZm.exe
  C:\Windows\System\DwtMVZm.exe
  2⤵
  PID:8908
- C:\Windows\System\mGbfJXR.exe
  C:\Windows\System\mGbfJXR.exe
  2⤵
  PID:9092
- C:\Windows\System\GxNdwMR.exe
  C:\Windows\System\GxNdwMR.exe
  2⤵
  PID:9132
- C:\Windows\System\KoqGSIa.exe
  C:\Windows\System\KoqGSIa.exe
  2⤵
  PID:9160
- C:\Windows\System\nJBhiRw.exe
  C:\Windows\System\nJBhiRw.exe
  2⤵
  PID:9200
- C:\Windows\System\ylLcglT.exe
  C:\Windows\System\ylLcglT.exe
  2⤵
  PID:8236
- C:\Windows\System\IwkNujK.exe
  C:\Windows\System\IwkNujK.exe
  2⤵
  PID:8344
- C:\Windows\System\kVFyszJ.exe
  C:\Windows\System\kVFyszJ.exe
  2⤵
  PID:8260
- C:\Windows\System\lvOLghr.exe
  C:\Windows\System\lvOLghr.exe
  2⤵
  PID:8452
- C:\Windows\System\RrhSHOC.exe
  C:\Windows\System\RrhSHOC.exe
  2⤵
  PID:9212
- C:\Windows\System\vlVXuiD.exe
  C:\Windows\System\vlVXuiD.exe
  2⤵
  PID:8592
- C:\Windows\System\tnVBUQc.exe
  C:\Windows\System\tnVBUQc.exe
  2⤵
  PID:8696
- C:\Windows\System\DEWgzMH.exe
  C:\Windows\System\DEWgzMH.exe
  2⤵
  PID:8256
- C:\Windows\System\GGfCYck.exe
  C:\Windows\System\GGfCYck.exe
  2⤵
  PID:8660
- C:\Windows\System\ckJXoHB.exe
  C:\Windows\System\ckJXoHB.exe
  2⤵
  PID:8368
- C:\Windows\System\ScyZiBP.exe
  C:\Windows\System\ScyZiBP.exe
  2⤵
  PID:8468
- C:\Windows\System\TXeefTQ.exe
  C:\Windows\System\TXeefTQ.exe
  2⤵
  PID:8860
- C:\Windows\System\hVPdcBV.exe
  C:\Windows\System\hVPdcBV.exe
  2⤵
  PID:8780
- C:\Windows\System\eAHvGqd.exe
  C:\Windows\System\eAHvGqd.exe
  2⤵
  PID:8832
- C:\Windows\System\bpUzrUf.exe
  C:\Windows\System\bpUzrUf.exe
  2⤵
  PID:9040
- C:\Windows\System\GlCDHvM.exe
  C:\Windows\System\GlCDHvM.exe
  2⤵
  PID:9044
- C:\Windows\System\TrxmSEw.exe
  C:\Windows\System\TrxmSEw.exe
  2⤵
  PID:8880
- C:\Windows\System\bjFNMIr.exe
  C:\Windows\System\bjFNMIr.exe
  2⤵
  PID:8768
- C:\Windows\System\UpAbMWe.exe
  C:\Windows\System\UpAbMWe.exe
  2⤵
  PID:9088
- C:\Windows\System\gPcpvlw.exe
  C:\Windows\System\gPcpvlw.exe
  2⤵
  PID:8232
- C:\Windows\System\cioEbms.exe
  C:\Windows\System\cioEbms.exe
  2⤵
  PID:8496
- C:\Windows\System\pRzKaEF.exe
  C:\Windows\System\pRzKaEF.exe
  2⤵
  PID:8656
- C:\Windows\System\jQmVrOQ.exe
  C:\Windows\System\jQmVrOQ.exe
  2⤵
  PID:8752
- C:\Windows\System\NFjvflN.exe
  C:\Windows\System\NFjvflN.exe
  2⤵
  PID:9024
- C:\Windows\System\SAyqJaN.exe
  C:\Windows\System\SAyqJaN.exe
  2⤵
  PID:9172
- C:\Windows\System\hjlLNIz.exe
  C:\Windows\System\hjlLNIz.exe
  2⤵
  PID:7916
- C:\Windows\System\tASWGPD.exe
  C:\Windows\System\tASWGPD.exe
  2⤵
  PID:8588
- C:\Windows\System\MLeCFNo.exe
  C:\Windows\System\MLeCFNo.exe
  2⤵
  PID:8324
- C:\Windows\System\QqNCcxI.exe
  C:\Windows\System\QqNCcxI.exe
  2⤵
  PID:8928
- C:\Windows\System\awWuZNV.exe
  C:\Windows\System\awWuZNV.exe
  2⤵
  PID:9232
- C:\Windows\System\KDNGfjZ.exe
  C:\Windows\System\KDNGfjZ.exe
  2⤵
  PID:9248
- C:\Windows\System\mFRdGEI.exe
  C:\Windows\System\mFRdGEI.exe
  2⤵
  PID:9268
- C:\Windows\System\IksHyia.exe
  C:\Windows\System\IksHyia.exe
  2⤵
  PID:9292
- C:\Windows\System\HHPMHOA.exe
  C:\Windows\System\HHPMHOA.exe
  2⤵
  PID:9316
- C:\Windows\System\temEGOY.exe
  C:\Windows\System\temEGOY.exe
  2⤵
  PID:9336
- C:\Windows\System\FVldQVD.exe
  C:\Windows\System\FVldQVD.exe
  2⤵
  PID:9416
- C:\Windows\System\vTqcDIw.exe
  C:\Windows\System\vTqcDIw.exe
  2⤵
  PID:9512
- C:\Windows\System\yzOfIBr.exe
  C:\Windows\System\yzOfIBr.exe
  2⤵
  PID:9528
- C:\Windows\System\ECKeQSW.exe
  C:\Windows\System\ECKeQSW.exe
  2⤵
  PID:9544
- C:\Windows\System\mUMnePM.exe
  C:\Windows\System\mUMnePM.exe
  2⤵
  PID:9564
- C:\Windows\System\xAwGcag.exe
  C:\Windows\System\xAwGcag.exe
  2⤵
  PID:9580
- C:\Windows\System\oxMJLvs.exe
  C:\Windows\System\oxMJLvs.exe
  2⤵
  PID:9600
- C:\Windows\System\NbDiHee.exe
  C:\Windows\System\NbDiHee.exe
  2⤵
  PID:9616
- C:\Windows\System\ifZawWG.exe
  C:\Windows\System\ifZawWG.exe
  2⤵
  PID:9632
- C:\Windows\System\DBCUofP.exe
  C:\Windows\System\DBCUofP.exe
  2⤵
  PID:9648
- C:\Windows\System\shTGLVf.exe
  C:\Windows\System\shTGLVf.exe
  2⤵
  PID:9664
- C:\Windows\System\oFCeidT.exe
  C:\Windows\System\oFCeidT.exe
  2⤵
  PID:9680
- C:\Windows\System\HJvWXOZ.exe
  C:\Windows\System\HJvWXOZ.exe
  2⤵
  PID:9696
- C:\Windows\System\egJhdHd.exe
  C:\Windows\System\egJhdHd.exe
  2⤵
  PID:9712
- C:\Windows\System\PElKodx.exe
  C:\Windows\System\PElKodx.exe
  2⤵
  PID:9728
- C:\Windows\System\cNEsDQQ.exe
  C:\Windows\System\cNEsDQQ.exe
  2⤵
  PID:9744
- C:\Windows\System\etSBeyD.exe
  C:\Windows\System\etSBeyD.exe
  2⤵
  PID:9760
- C:\Windows\System\FeIWcGU.exe
  C:\Windows\System\FeIWcGU.exe
  2⤵
  PID:9776
- C:\Windows\System\IkcgpBs.exe
  C:\Windows\System\IkcgpBs.exe
  2⤵
  PID:9792
- C:\Windows\System\cgIcLJe.exe
  C:\Windows\System\cgIcLJe.exe
  2⤵
  PID:9808
- C:\Windows\System\bOeluGn.exe
  C:\Windows\System\bOeluGn.exe
  2⤵
  PID:9824
- C:\Windows\System\HemwzUY.exe
  C:\Windows\System\HemwzUY.exe
  2⤵
  PID:9840
- C:\Windows\System\eHnZjLq.exe
  C:\Windows\System\eHnZjLq.exe
  2⤵
  PID:9864
- C:\Windows\System\kgBkCtY.exe
  C:\Windows\System\kgBkCtY.exe
  2⤵
  PID:9880
- C:\Windows\System\PzfIDxC.exe
  C:\Windows\System\PzfIDxC.exe
  2⤵
  PID:9896
- C:\Windows\System\eCVyxZP.exe
  C:\Windows\System\eCVyxZP.exe
  2⤵
  PID:9912
- C:\Windows\System\pejRvBD.exe
  C:\Windows\System\pejRvBD.exe
  2⤵
  PID:9928
- C:\Windows\System\GNUofhi.exe
  C:\Windows\System\GNUofhi.exe
  2⤵
  PID:9944
- C:\Windows\System\yBxPqHT.exe
  C:\Windows\System\yBxPqHT.exe
  2⤵
  PID:9960
- C:\Windows\System\obwjgoS.exe
  C:\Windows\System\obwjgoS.exe
  2⤵
  PID:9976
- C:\Windows\System\FUnjCIF.exe
  C:\Windows\System\FUnjCIF.exe
  2⤵
  PID:9992
- C:\Windows\System\TUkGdiz.exe
  C:\Windows\System\TUkGdiz.exe
  2⤵
  PID:10008
- C:\Windows\System\MEAIvTy.exe
  C:\Windows\System\MEAIvTy.exe
  2⤵
  PID:10024
- C:\Windows\System\yleokSG.exe
  C:\Windows\System\yleokSG.exe
  2⤵
  PID:10040
- C:\Windows\System\juaxIXg.exe
  C:\Windows\System\juaxIXg.exe
  2⤵
  PID:10056
- C:\Windows\System\qPTnyZD.exe
  C:\Windows\System\qPTnyZD.exe
  2⤵
  PID:10072
- C:\Windows\System\SISLtyp.exe
  C:\Windows\System\SISLtyp.exe
  2⤵
  PID:10092
- C:\Windows\System\ZfAvulj.exe
  C:\Windows\System\ZfAvulj.exe
  2⤵
  PID:10108
- C:\Windows\System\mDpDCAB.exe
  C:\Windows\System\mDpDCAB.exe
  2⤵
  PID:10124
- C:\Windows\System\RTEzSog.exe
  C:\Windows\System\RTEzSog.exe
  2⤵
  PID:10140
- C:\Windows\System\WMprDZW.exe
  C:\Windows\System\WMprDZW.exe
  2⤵
  PID:10156
- C:\Windows\System\DMoFVlH.exe
  C:\Windows\System\DMoFVlH.exe
  2⤵
  PID:10172
- C:\Windows\System\LyTpuVc.exe
  C:\Windows\System\LyTpuVc.exe
  2⤵
  PID:10188
- C:\Windows\System\fGXdjTp.exe
  C:\Windows\System\fGXdjTp.exe
  2⤵
  PID:10204
- C:\Windows\System\NyrZnXT.exe
  C:\Windows\System\NyrZnXT.exe
  2⤵
  PID:10220
- C:\Windows\System\ZjypUpi.exe
  C:\Windows\System\ZjypUpi.exe
  2⤵
  PID:10236
- C:\Windows\System\ykjOJqo.exe
  C:\Windows\System\ykjOJqo.exe
  2⤵
  PID:9076
- C:\Windows\System\SIXHMuU.exe
  C:\Windows\System\SIXHMuU.exe
  2⤵
  PID:8276
- C:\Windows\System\kqnThKK.exe
  C:\Windows\System\kqnThKK.exe
  2⤵
  PID:8980
- C:\Windows\System\xrksbGi.exe
  C:\Windows\System\xrksbGi.exe
  2⤵
  PID:8944
- C:\Windows\System\HzNNzii.exe
  C:\Windows\System\HzNNzii.exe
  2⤵
  PID:9004
- C:\Windows\System\CoLOmQh.exe
  C:\Windows\System\CoLOmQh.exe
  2⤵
  PID:8264
- C:\Windows\System\TLRYHCT.exe
  C:\Windows\System\TLRYHCT.exe
  2⤵
  PID:9112
- C:\Windows\System\hLcMCmv.exe
  C:\Windows\System\hLcMCmv.exe
  2⤵
  PID:9244
- C:\Windows\System\UKeVbMP.exe
  C:\Windows\System\UKeVbMP.exe
  2⤵
  PID:9288
- C:\Windows\System\UOjDbOL.exe
  C:\Windows\System\UOjDbOL.exe
  2⤵
  PID:8864
- C:\Windows\System\Qkexxfa.exe
  C:\Windows\System\Qkexxfa.exe
  2⤵
  PID:8716
- C:\Windows\System\eIylzCd.exe
  C:\Windows\System\eIylzCd.exe
  2⤵
  PID:9256
- C:\Windows\System\zvnvzIu.exe
  C:\Windows\System\zvnvzIu.exe
  2⤵
  PID:9304
- C:\Windows\System\fUpsDSj.exe
  C:\Windows\System\fUpsDSj.exe
  2⤵
  PID:9360
- C:\Windows\System\ZReYwiF.exe
  C:\Windows\System\ZReYwiF.exe
  2⤵
  PID:9408
- C:\Windows\System\fLrpPer.exe
  C:\Windows\System\fLrpPer.exe
  2⤵
  PID:9384
- C:\Windows\System\jjOmDoB.exe
  C:\Windows\System\jjOmDoB.exe
  2⤵
  PID:9400
- C:\Windows\System\tnXFufj.exe
  C:\Windows\System\tnXFufj.exe
  2⤵
  PID:9424
- C:\Windows\System\nljLrmv.exe
  C:\Windows\System\nljLrmv.exe
  2⤵
  PID:9440
- C:\Windows\System\UdsNKVB.exe
  C:\Windows\System\UdsNKVB.exe
  2⤵
  PID:9456
- C:\Windows\System\SscszLx.exe
  C:\Windows\System\SscszLx.exe
  2⤵
  PID:9472
- C:\Windows\System\rScdfPe.exe
  C:\Windows\System\rScdfPe.exe
  2⤵
  PID:9488
- C:\Windows\System\Xmynksp.exe
  C:\Windows\System\Xmynksp.exe
  2⤵
  PID:9500
- C:\Windows\System\XLxYZzj.exe
  C:\Windows\System\XLxYZzj.exe
  2⤵
  PID:9540
- C:\Windows\System\KJRcbNC.exe
  C:\Windows\System\KJRcbNC.exe
  2⤵
  PID:9520
- C:\Windows\System\liNTPix.exe
  C:\Windows\System\liNTPix.exe
  2⤵
  PID:9588
- C:\Windows\System\iYVxmeD.exe
  C:\Windows\System\iYVxmeD.exe
  2⤵
  PID:9656
- C:\Windows\System\TxxkzGJ.exe
  C:\Windows\System\TxxkzGJ.exe
  2⤵
  PID:9724
- C:\Windows\System\jteodPJ.exe
  C:\Windows\System\jteodPJ.exe
  2⤵
  PID:9784
- C:\Windows\System\psCoMaY.exe
  C:\Windows\System\psCoMaY.exe
  2⤵
  PID:9820
- C:\Windows\System\uxmtzmu.exe
  C:\Windows\System\uxmtzmu.exe
  2⤵
  PID:9800
- C:\Windows\System\RgAzNhV.exe
  C:\Windows\System\RgAzNhV.exe
  2⤵
  PID:9640
- C:\Windows\System\OAmMOEH.exe
  C:\Windows\System\OAmMOEH.exe
  2⤵
  PID:9704
- C:\Windows\System\kpCwaeF.exe
  C:\Windows\System\kpCwaeF.exe
  2⤵
  PID:9772
- C:\Windows\System\wPJUsGS.exe
  C:\Windows\System\wPJUsGS.exe
  2⤵
  PID:9888
- C:\Windows\System\RrNlMqf.exe
  C:\Windows\System\RrNlMqf.exe
  2⤵
  PID:9952
- C:\Windows\System\ByDNoIG.exe
  C:\Windows\System\ByDNoIG.exe
  2⤵
  PID:10016
- C:\Windows\System\uoNvenj.exe
  C:\Windows\System\uoNvenj.exe
  2⤵
  PID:10080
- C:\Windows\System\iSPRAdx.exe
  C:\Windows\System\iSPRAdx.exe
  2⤵
  PID:10148
- C:\Windows\System\dMQcUgC.exe
  C:\Windows\System\dMQcUgC.exe
  2⤵
  PID:10184
- C:\Windows\System\unSfnhI.exe
  C:\Windows\System\unSfnhI.exe
  2⤵
  PID:9072
- C:\Windows\System\SyDXIpV.exe
  C:\Windows\System\SyDXIpV.exe
  2⤵
  PID:8896
- C:\Windows\System\RUYmFBM.exe
  C:\Windows\System\RUYmFBM.exe
  2⤵
  PID:10004
- C:\Windows\System\rKAFbMs.exe
  C:\Windows\System\rKAFbMs.exe
  2⤵
  PID:9352
- C:\Windows\System\EDeGNDU.exe
  C:\Windows\System\EDeGNDU.exe
  2⤵
  PID:9904
- C:\Windows\System\hXiBBSc.exe
  C:\Windows\System\hXiBBSc.exe
  2⤵
  PID:10000
- C:\Windows\System\YYmZoyV.exe
  C:\Windows\System\YYmZoyV.exe
  2⤵
  PID:10068
- C:\Windows\System\lnsUwuy.exe
  C:\Windows\System\lnsUwuy.exe
  2⤵
  PID:10164
- C:\Windows\System\wLFLmhG.exe
  C:\Windows\System\wLFLmhG.exe
  2⤵
  PID:10228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AIhMhsk.exe

Filesize
6.0MB

MD5
01c79fd5f6fd9596ab25913cc91e97f3

SHA1
81080b01edb89d2231dd2ead744057030a62be99

SHA256
e66ce280e878d97b4621a1b401772ee173b11565d9bb966fa1ac9a01e685d6bb

SHA512
9efe4eb1620910432bad7ac9fb5e5adde4fe3b9f6f05e40f49ebfe8a4ee0702495d553f059002c5cb1500ee7568b323c3205c9ff4b55f365af8cff05e6608dfe

Download Submit
C:\Windows\system\DMfdTrV.exe

Filesize
6.0MB

MD5
0dd31ac93e3efe326f4148e956089e6e

SHA1
ad5e6ee1d014e56123e77cee2109cd4fa25eca18

SHA256
6d22eab34b9512b547496d038bc51f55c3765395a4025dffb8faa2d5dbc2a10f

SHA512
f23f984d740aa299e7657127f54f59c4b41d80b3d535b85dc4bd7df3dc2dd021d249e700e6070d8bbc7b919ba96edfe57143fe57e3a29ce175985c965f694ce1

Download Submit
C:\Windows\system\GEnVXrn.exe

Filesize
6.0MB

MD5
784e61bda3fe60df338fc57b2f25e8da

SHA1
f6bdb9326bb747e8703a37622cf38f37d7c92e1b

SHA256
cf4c67a53a27e1080ffca484cb75e6df646d66a7af6e909ee314805a0def801a

SHA512
27727414026ee306d69dd459a091efc4add1f4b22790d4de1bb5944895c601a4d7f729454cfcec14998741f272386faefdd7c815560f627c6c87426057047c79

Download Submit
C:\Windows\system\GvhnZWv.exe

Filesize
6.0MB

MD5
e79ce098c431bfc95625bb3c774ee2a5

SHA1
175906b5c968256f89a5311e053ccfb91958e828

SHA256
3523400573408ba78402d4e06845ae045d39fcdfa7da2a21fac192b307d03661

SHA512
d539d4e43c18cf5859fa5c940584d3fe6e7a92bd0816f24186c430d5aaab102bf34d3adc3badd2628e9260f3872fac62b94e09bbd9e0a7a68277697eeb9c6081

Download Submit
C:\Windows\system\HspfSFy.exe

Filesize
6.0MB

MD5
284d52dbccd7152af073b1db47ef008c

SHA1
bd97f64cab865b71340bf64502f2f9f9ffa5b359

SHA256
53766f287a13b5b134e1697b33453567be9521a284ecf84d2cba00b68a4353c7

SHA512
877961f84136f73892db131d856ca681fe4a98b15265051f76d882eddfc7381fa718a2bc93c74d76ca6bba48ba308c8e7c3fa0bb0f32e432e059075f8ce5f9cb

Download Submit
C:\Windows\system\IVUwzLU.exe

Filesize
6.0MB

MD5
f4c3b1dcfa9ecf2d7d64cfd34bfa9baf

SHA1
1a6097c86bf8cf781a7cd1718621d8dc84ad5f84

SHA256
41f426ae4abe2545ef77a4f7f2df3260f50441e774da0c9152ed788c1a9b8e2e

SHA512
99f6007eaa1fe6bd86a594e81b5112828e9b95e1b9427be3f91c80f8f113f81aa4e57af62e3240d9b34a4193754d79524fddb19a7585e8dfb83ea6253278e75e

Download Submit
C:\Windows\system\IvwLTbR.exe

Filesize
6.0MB

MD5
3f3dc92b43c990ad0acea5101a7028eb

SHA1
d0b8420c50226129363fe4bc070781ea244864ee

SHA256
f6855507ee0b1ce79a197b9404037bd5aa29e86969e46b54ff2ca8dc657456b8

SHA512
4a8ca8c79c523ce14d2a96293c5636c2ee279aec40944a6bf7bcb80df86271bc44a7c643b2bdff57e91c3d6765043e2680ccb4e4d6d3334227eeacb25e721cc3

Download Submit
C:\Windows\system\LxeqwAw.exe

Filesize
6.0MB

MD5
7987086d720d432ecbeca5a132fedd55

SHA1
b6903375e2388784a05425435149a17d0967963f

SHA256
5831ae95616c179ace9a52fc239f9a2faefa6374e408753ee295716072e7001f

SHA512
64cf1074c5c5670eb5df59433ff8cc89316087b63ded391fabec22fb735cc7b937f04771a072818a84e27ba282e9121659c2afca15a90df332f31e93ba80c86a

Download Submit
C:\Windows\system\NHhVukt.exe

Filesize
6.0MB

MD5
7472456569c2892d3abde352aec9563e

SHA1
245aee57cc2449f1421ca2dc6e57a191844c268d

SHA256
ea4b8f2bfc27b253ff48a532beb68123214474d05115be94f915811cbc729d66

SHA512
dee4a4062f8c26eed93f47660a9f779979cda7a8a48557f860289ce1ce53aed936a025566a0377a10d815a354010afb7fd2f0c3233291950c3bf972b62c462d6

Download Submit
C:\Windows\system\OmlPxsZ.exe

Filesize
6.0MB

MD5
9c3d72e7477a764cdaa83ab1d5200783

SHA1
bbf27d3edd89814a4146be3bab31e9ad5291ab47

SHA256
20c1ccbb95282db7ad4b29050aab8b248c9f52982cbeaaf4950e669f9216ef94

SHA512
95b22cc1bd780f5959df0b8c2afa3d8e3481532e1e024739ca78b77f9ad60bc669083e04ce08aae67ec141acd87ec33fc743152770fd655f61c6bd7a91888a53

Download Submit
C:\Windows\system\TgFcLXd.exe

Filesize
6.0MB

MD5
ef89887fbaad0b1afd11c87e9f0f49c4

SHA1
2ff12a5e39ab175d2589bd53690188309f1ee26a

SHA256
6888b372fd488f6bbf8036f14c1a12a8b8e0d306cd4743afb1e0b592b6cd9ef0

SHA512
b9bca9f027c941482220a1ee4a6d5b89fe2a52deca4babb26d79b2c613a7784905755160283f3a6acaafed4dddc5541c5a993a3395ae833d35080bd40e06c973

Download Submit
C:\Windows\system\ZzKKARs.exe

Filesize
6.0MB

MD5
26d44e2cee65510b8c4495afb02cf60d

SHA1
afea0e362cf2c407bfdcd489f44c2975de42e943

SHA256
e0803a00a0531d71e0f478143af50ac145538db02ecc048176ed3624e2fdf395

SHA512
a4a9ad0de0db5138ecfd4b174f8138b2996f081c80cc3de4260fff3e85853429139222d6b99125834e67e986d16fd6a84ab9e63613119567145c09784c7109e6

Download Submit
C:\Windows\system\aNtRZyz.exe

Filesize
6.0MB

MD5
e5f644d8eb2ef4b48b68a9b6fea74b72

SHA1
8fb21f9e7b2265966f9fcc46569d466770b5c62e

SHA256
19c2e62cd6766e3ed6869e171880f24dc2b6e80dc1f0b2dcb928e12ef0e3e0d5

SHA512
f4597a6a723b59d59a7e96d643f4e0342a1a23bbd03fbbb2539d4623ae5c0174110a0441f95ae0fc17c17697e21fa6414092455a77e8d722c004659eabbffa0a

Download Submit
C:\Windows\system\bcNWwtC.exe

Filesize
6.0MB

MD5
63efa7f5af9b0cebf712540792e244e2

SHA1
bdc549c460776095b76855bd1c9e85939a52c83f

SHA256
ac3e77a4ecfc46179595b7c869be626aa60907d0710004aaab2631655932a101

SHA512
99b44bade206db0bfbe1a501c8d2c09578f1fe2ced19af36c8ef9fd4f4268c3d92abf034b89fb1f0901e8af0c23a610b6a75d0dc8cd99ffbeab7831e3e058b36

Download Submit
C:\Windows\system\biWfoVY.exe

Filesize
6.0MB

MD5
f58a44ee1ea26b1c393039f24704194c

SHA1
76d12c94738351f9683798dc9f44dde6eb19643f

SHA256
1ba4c2b16fb729b06dddcf8b543beb8539ad59f864d8a69b16032a5eef1a4ca5

SHA512
83ea0105f020af0531e1bca5b7ca776447f01bd494a2d75f41facc0dcb03711093fe50ac73b7ce5b6391fea07e5bf64387a4fa85de714ebd99863b20661ae371

Download Submit
C:\Windows\system\bwrDxec.exe

Filesize
6.0MB

MD5
f98d5309b4d5707c5569af91d8f04d1e

SHA1
2940a493d62959d29a9af1ad7c69f26f9dd6cc49

SHA256
b8a977b2dbd1f426e5c1c4291cd04781fd7af83ed517f5d377dfd6200b3fe95f

SHA512
2f9c287f7d192f717edb51a0c6bb453273dc8b136ebbf18ec187e3764f67a7ec51366f68e25f209454c9de17990a24957c3f4e46812b5ba82fb6fce915834591

Download Submit
C:\Windows\system\elExClU.exe

Filesize
6.0MB

MD5
63a3887603ae99b980160cc4a32cfc27

SHA1
50acadd893758ba2d4850e31d0bfd459356eefcb

SHA256
a50a7355f1f03723255df33a0d7bfee6dd270dbf3f177824e7c5829ea6f641e4

SHA512
02bf48f53556380b15b956f1301ebae9661c57954bade22b0a86eaaaed4d9e7cbafa488d3e988320b5e3e2faf5be46e2388ee72341b8bb32ec4d1e2e88fc38a9

Download Submit
C:\Windows\system\jlqYYMD.exe

Filesize
6.0MB

MD5
3da438768db62177fed3473306098789

SHA1
6045a6358197ae869cfd6c78929897f45777182b

SHA256
850ba2bcd793dc7ec3c659c44167ec58371ecdcc0aa23b03f9954cb3a606e299

SHA512
47f65ca8768a6fb2cd4ecb7892575c76c8b5d56fd176068a31fa090dc7a34b670e13260cbbc7a47f53c68dd5fdcebd600460b55f43b66fe3986bbf64a70029ac

Download Submit
C:\Windows\system\llKLHzd.exe

Filesize
6.0MB

MD5
0983e948db1cc4977d2844e1df25f675

SHA1
7dd7cfecb56dfd34740ca041ee31e2a2fb70625b

SHA256
b6d42a781231013d1aeca2c2d8b9ba007c41eea06691b78a03468b4f69266336

SHA512
44b45809bd4c421c09bad3eaebad24ed44a2a2c3e5a9d86fe59e9f36a23b70d85df317025ef532767345722d2a2824fc112a6fbf82559fa3e967a1aa0260aa17

Download Submit
C:\Windows\system\oqVTSrq.exe

Filesize
6.0MB

MD5
d326d734e10510f520f18aaf4e8352d7

SHA1
d35395e49bd7ea42797a75c79f8359c8271fc6ed

SHA256
429d7db87c955fcd11ac21fde6517395995d5906b0b1d944354280f01ef36971

SHA512
7aebc37f3bd24a192e2ee7b223f3c06ee5076737472c996c62cf5821c5123d94ce44c5959df8e1c861fa48694ca617fd5ca30f7a51bef2305fdbb533ce9e234e

Download Submit
C:\Windows\system\pDDhQTB.exe

Filesize
6.0MB

MD5
e05e11ba82b7edd841a1f64bd0d6cb96

SHA1
4298360d61c242d922fcf7176a74e8e0c53cc714

SHA256
362b96787ec7babd1b575cc3b6880713971f5a218b75b1bd1f9cd77a72914109

SHA512
07dab84b6e6ada5316168d532261a1633d042a192bb3c121ad922582eba5d41aa6855cbed77ec38aefe9944f1ab8c9809dec8221bd41cbe342b5afa7317a0990

Download Submit
C:\Windows\system\snhJsGZ.exe

Filesize
6.0MB

MD5
7c1b4ee7f25d3704f8a5e987da69d534

SHA1
e20fb1c7e93c2ad5076393f986ee934dc76505c4

SHA256
e440b1798b67a53b238de1a8e4edae2c2deed5650341ca6840fb8a500dcbc318

SHA512
1537c9b15a698832c45883ec10f658c34e78e92a4efd096b6985c1850553e1ff8fd7ecff3609c9c50e028d6289a5da361d7c45f92c13a0d276c7b632e274e298

Download Submit
C:\Windows\system\tlQVWqL.exe

Filesize
6.0MB

MD5
4508876262081008904333eb67a7dd9a

SHA1
350ef6a3dc257b453f6d8dee963f41d6e681befd

SHA256
e2923b90ef48dba9d4e6c3cbba1997ed49aa46a2496e22cb68f89b6bd2d50eed

SHA512
3d7917c8bd5b0d1a68411ea2712f8b177dd7a4090457c9c976d24a1f24c1478563dc4bccf26e8e65340ababb1bfe92005af167aed3c030a69e3fdede4da46f5a

Download Submit
C:\Windows\system\uLWIggN.exe

Filesize
6.0MB

MD5
471537b995b9d60041b0c789dbfb335e

SHA1
9a5cea454c21f52cb7817db32e67003270a5628c

SHA256
8f81e73ff1a8d22ad248fdbabe8dc2f797da2a33e7e2390f7e49be18f214d7b5

SHA512
05f80c1633245361bfccdd07b33e3b02953d009459235aa56c6b0831002b58f6fad60cc788a6d998528688a06e097a74c9cee3a7b31068f905b82b58c6b6f77d

Download Submit
C:\Windows\system\xosNApy.exe

Filesize
6.0MB

MD5
a7dad3ab72463f0b74b859d61c3132f3

SHA1
1bd50ba725bb201adb9267084a0fa41a8da80348

SHA256
1fa2898f99dd91ef19d5fa21035aad19dc04d7c4e051f565f176b4b9f06b38c1

SHA512
04dc59f54dee15ca846b3114942b94c6eb95865b016a7f4b1ea3a88261a007c5ddbf5bcfbcbcb3afe60c3bfa133f9588efdae8c5f09473db2e6d847e9280227a

Download Submit
C:\Windows\system\xzbyfda.exe

Filesize
6.0MB

MD5
cf3de91b349cf20064ddad1f6e6ea19f

SHA1
c38ea515c479cb1b80ad507c2f09a30b3bb8066f

SHA256
b90f9a454bb9616d1be492a97fcc69701ae12e495c8fe41038787f527528b243

SHA512
eb56d4a9a3972a8a882196d7bfaaa1e5401632640ae898ff152c20f9296479469e450f882ffc20b4e1ffec0f3fae636e04534388567b4a6ec3bfd150151b2c4d

Download Submit
C:\Windows\system\zbfUexK.exe

Filesize
6.0MB

MD5
7292a21265e634ee245c8566eb7ae2e7

SHA1
42eba6833c9dbfb7beed196915637e4c4bab7471

SHA256
e998199047b564e3608502a470f062fb5542f2f0ec1c4fccb0bf4e85ca7f81e9

SHA512
735a962948d36482edb7bae39a4b2c40fbb970c8db95c634799841a5b72cc79cc74cdeff569f340cccdbaf736d3df01f344bd72653e505ee42c71c8a17d60e29

Download Submit
\Windows\system\SFlwoVu.exe

Filesize
6.0MB

MD5
f446d561c68752686de4d5f8dbe255e9

SHA1
1cc6cfacf152c81f10607b1eea9d4fc11826f692

SHA256
c21ef3c4a44a059a65f7e35a40b413af24fcbd53b885a352f0f0be389dd2b801

SHA512
9bf26a6d81eff0ab747c3c9d170c1822b3daac1e809b0233cc477402fb6d9fa6e164f9041e919dc5348a473b69cab3d5bd3647fce85af4b99f15323b3e6ae815

Download Submit
\Windows\system\VGQvbuL.exe

Filesize
6.0MB

MD5
1cc91823e3a52cc6396af7b2df71d1c7

SHA1
b602381ada00e4bbef7c0045b8702f67ec0baffd

SHA256
87fbd28e160b597349fded8da174d348de6147441804d13cb948c215702549bf

SHA512
be8c5a8f945e102f90f5aa272f846f4a6089ab077f7efcdd9347e2b625c443e62652c5b93f339a3596ac421bd9c393bd0e84fbff858968150aceca6cd20d0508

Download Submit
\Windows\system\fyEunZL.exe

Filesize
6.0MB

MD5
002b37bbbdc73dcdaff818ff10f9b11a

SHA1
4e299709d1af4780b0cedee868ceeeb37305b200

SHA256
e24aaad375475f2c82c2596e089fc29819f1dae2e100bb53f07ce1452056075a

SHA512
4b247153830423d72a9cb6011f4ae45ccc8633415b2d257acc021275d1c6eee471df4512a52bd94b9ce1b94787cbdee49b4a7b8d20782ada81d85886ce85ae86

Download Submit
\Windows\system\iziJDSQ.exe

Filesize
6.0MB

MD5
5f5cd1d638fde5f38146b0e97a2d0343

SHA1
7b116ada13c7e643a9c9e96192e5522fbdcba829

SHA256
7003ec248b09eef1d096d47a32b20bf6ca7522a14a888b3a333c075cda84731c

SHA512
38b78da3335a901d7bc207e9e9cc1ad2b57461ce92eb7b462a04be925c03b520b9fe8f5b666ab332ec47597eed9376a8d877f91c658b8d2282ddabf9b9695c34

Download Submit
\Windows\system\qtMAeJw.exe

Filesize
6.0MB

MD5
e466c73e8a970b02465cbb1c17247c72

SHA1
d73e35aac82bd0e8e87bab1aeaedb936a71bbeec

SHA256
f05e59bd63a113d918f864878e6100109d07999ae7b84dbe8ca8a064b1df3cab

SHA512
1a58bd833c353173500e42e342f3557151e3353bdb006e4d575e48fa9e79ba6a53c39cdfab4ddd7a34ff206d55244a72b2f382db3375336f11bf915c0a0602a2

Download Submit
memory/1228-2057-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1228-4251-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2862-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2722-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1940-1849-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1847-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2853-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2854-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2855-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1845-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1829-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1819-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1859-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2856-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2000-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2858-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2002-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2004-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2859-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2006-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2860-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2010-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2861-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2056-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-0-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2058-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1748-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2857-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2852-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2728-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2850-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2731-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2851-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2055-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-4242-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1828-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4248-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1848-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4252-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2005-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4243-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4249-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1999-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2668-2007-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4253-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4241-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2068-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1846-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2744-4247-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1853-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4245-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-4240-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1844-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4244-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-2001-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4246-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2059-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2960-4250-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2003-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download