cobaltstrike | dd61fd656d4701838ced725dd9ec19b4506ce02de44c68a7d9412fc4dcef79dd

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fb96a7950f25350cb7b3de5fe20a4426
SHA1

0a3dedb414bdd7da8f9ca3e4cd56f056e7e7a33a
SHA256

dd61fd656d4701838ced725dd9ec19b4506ce02de44c68a7d9412fc4dcef79dd
SHA512

c170b18e9f0bd93bdae5737b228a426e7a66f12d0f0de56e59d95f8ebdb6efd73187a11b973c53522985716b6e593dcc64d33557b39c058e84dd060fd9a44e3c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d21-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3a-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d31-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d42-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d5e-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-51.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-62.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c9d-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 54 IoCs

miner

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/memory/2052-12-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d0e-9.dat	xmrig
behavioral1/files/0x0008000000016d18-13.dat	xmrig
behavioral1/files/0x0008000000016d21-18.dat	xmrig
behavioral1/files/0x0007000000016d3a-29.dat	xmrig
behavioral1/files/0x0007000000016d31-28.dat	xmrig
behavioral1/files/0x0007000000016d42-33.dat	xmrig
behavioral1/files/0x0009000000016d5e-41.dat	xmrig
behavioral1/files/0x00050000000186e4-51.dat	xmrig
behavioral1/files/0x00050000000186ee-62.dat	xmrig
behavioral1/files/0x0008000000016c9d-66.dat	xmrig
behavioral1/files/0x0005000000018728-76.dat	xmrig
behavioral1/files/0x000500000001873d-81.dat	xmrig
behavioral1/files/0x000500000001878f-91.dat	xmrig
behavioral1/files/0x00050000000187a5-94.dat	xmrig
behavioral1/files/0x0006000000019023-98.dat	xmrig
behavioral1/files/0x0005000000019350-125.dat	xmrig
behavioral1/files/0x0005000000019427-151.dat	xmrig
behavioral1/memory/2524-1878-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019431-160.dat	xmrig
behavioral1/files/0x0005000000019441-157.dat	xmrig
behavioral1/files/0x000500000001944f-161.dat	xmrig
behavioral1/files/0x00050000000193e1-141.dat	xmrig
behavioral1/files/0x000500000001941e-147.dat	xmrig
behavioral1/files/0x00050000000193b4-131.dat	xmrig
behavioral1/files/0x0005000000019334-122.dat	xmrig
behavioral1/files/0x00050000000193c2-136.dat	xmrig
behavioral1/files/0x0005000000019261-111.dat	xmrig
behavioral1/files/0x0005000000019282-116.dat	xmrig
behavioral1/files/0x000500000001925e-106.dat	xmrig
behavioral1/files/0x0005000000018784-86.dat	xmrig
behavioral1/files/0x00050000000186fd-71.dat	xmrig
behavioral1/files/0x00050000000186ea-56.dat	xmrig
behavioral1/files/0x0005000000018683-46.dat	xmrig
behavioral1/memory/2980-1946-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2244-2100-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2756-2131-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2852-2192-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2764-2335-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/1968-2350-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1968-2823-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2052-2934-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2524-2936-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1968-3034-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1968-3055-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2524-3665-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2244-3689-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2764-3691-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2980-3683-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2756-3682-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2852-3644-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2052-3654-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2052	LTOAZfh.exe
2524	kueVCZZ.exe
2980	rygVPjB.exe
2244	DBfBrgd.exe
2756	zCSqfmf.exe
2852	tKJCudK.exe
2764	JIFwxxQ.exe
2832	izJQAwx.exe
2992	jCxFztD.exe
2960	HWBisvm.exe
2652	CELicwa.exe
2724	XqaDWVR.exe
2624	eEFkmfP.exe
2732	SguFnaB.exe
308	cnJKABn.exe
2116	KpcckrW.exe
1632	GgcbZJp.exe
2360	daMDDAu.exe
2672	aFWWrYB.exe
2712	THySvls.exe
1704	JGlLKtK.exe
2148	vZIVxCX.exe
1876	KzYdksc.exe
2576	EUcdzMk.exe
1812	iYWsTXc.exe
320	PiwVtVn.exe
2436	iSwELnG.exe
1792	WMreidr.exe
1184	Cibgsrq.exe
2024	tIbXDob.exe
748	xvRUbeH.exe
2380	qHLvwLc.exe
444	glydCuc.exe
948	oEFREuT.exe
1460	IWwftZZ.exe
344	TeflQWx.exe
2304	LowWrzD.exe
1784	opiiRzq.exe
1192	HkIrpAz.exe
860	KdLoCGr.exe
1620	lBEtWlV.exe
656	RtWPiuQ.exe
2268	WcWZujd.exe
2348	fPXnShT.exe
2264	xYvAhut.exe
1296	HzQgYOw.exe
2192	KGRIXFt.exe
976	SlEqKNi.exe
1528	XtWchtX.exe
2432	fQFOoZk.exe
2508	zDxWIQV.exe
3060	GZLcxOX.exe
2064	qyuhKru.exe
876	zGpnVjM.exe
3044	OGuOVhA.exe
1524	uCPfCNk.exe
2400	UFLOSQd.exe
2836	eHWiIFh.exe
2108	diANunh.exe
2896	hKNucgK.exe
2716	OYKAKiI.exe
2964	ONfsBMk.exe
2820	QgzpWhP.exe
2688	RgbXAYt.exe

Loads dropped DLL 64 IoCs

pid	Process
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/memory/2052-12-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0008000000016d0e-9.dat	upx
behavioral1/files/0x0008000000016d18-13.dat	upx
behavioral1/files/0x0008000000016d21-18.dat	upx
behavioral1/files/0x0007000000016d3a-29.dat	upx
behavioral1/files/0x0007000000016d31-28.dat	upx
behavioral1/files/0x0007000000016d42-33.dat	upx
behavioral1/files/0x0009000000016d5e-41.dat	upx
behavioral1/files/0x00050000000186e4-51.dat	upx
behavioral1/files/0x00050000000186ee-62.dat	upx
behavioral1/files/0x0008000000016c9d-66.dat	upx
behavioral1/files/0x0005000000018728-76.dat	upx
behavioral1/files/0x000500000001873d-81.dat	upx
behavioral1/files/0x000500000001878f-91.dat	upx
behavioral1/files/0x00050000000187a5-94.dat	upx
behavioral1/files/0x0006000000019023-98.dat	upx
behavioral1/files/0x0005000000019350-125.dat	upx
behavioral1/files/0x0005000000019427-151.dat	upx
behavioral1/memory/2524-1878-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0005000000019431-160.dat	upx
behavioral1/files/0x0005000000019441-157.dat	upx
behavioral1/files/0x000500000001944f-161.dat	upx
behavioral1/files/0x00050000000193e1-141.dat	upx
behavioral1/files/0x000500000001941e-147.dat	upx
behavioral1/files/0x00050000000193b4-131.dat	upx
behavioral1/files/0x0005000000019334-122.dat	upx
behavioral1/files/0x00050000000193c2-136.dat	upx
behavioral1/files/0x0005000000019261-111.dat	upx
behavioral1/files/0x0005000000019282-116.dat	upx
behavioral1/files/0x000500000001925e-106.dat	upx
behavioral1/files/0x0005000000018784-86.dat	upx
behavioral1/files/0x00050000000186fd-71.dat	upx
behavioral1/files/0x00050000000186ea-56.dat	upx
behavioral1/files/0x0005000000018683-46.dat	upx
behavioral1/memory/2980-1946-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2244-2100-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2756-2131-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2852-2192-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2764-2335-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/1968-2823-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2052-2934-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2524-2936-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2524-3665-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2244-3689-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2764-3691-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2980-3683-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2756-3682-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2852-3644-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2052-3654-0x000000013FED0000-0x0000000140224000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zTvXdtM.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOgLwOd.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjExfSp.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idpyyeg.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\seUnGCu.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfvhvxG.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CslGLOO.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knFigUY.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWpgkwl.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrPpQBa.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUtENjG.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIMNAdT.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvHLRlO.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sicKdTa.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCkxpKA.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdKJXfX.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUChDIl.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtecHAI.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvJdMmd.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWakYGH.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcWMTEh.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycNpdew.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enZPCzU.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVaGsiH.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfCUrmz.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whsAiVa.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywGAAxa.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPhxKvW.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpebDaq.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luORdzH.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcGBtmq.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnmvwvR.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqgFUjv.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwgSrgt.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFKJNEL.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsulrhG.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWYhTCO.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XSenweh.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQTsYFP.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDLyOEr.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZcKAPb.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiaVwfh.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmqkTxq.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MajoZYI.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZReooUw.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAbeXGT.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNzNGBE.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRfPTlW.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyWQPSj.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhNoTcv.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjJWedP.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeCmOgi.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNuWOci.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIfxuRn.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlnUHyU.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zADnQWQ.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEVJziy.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NduSMrU.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbyvwuE.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZIVxCX.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdCWZwz.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQYGlTo.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFRXeIT.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGtQmLU.exe	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2052	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2052	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2052	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2524	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2524	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2524	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2980	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2980	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2980	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2244	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2244	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2244	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2756	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2756	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2756	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2852	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2852	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2852	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2764	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2764	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2764	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2832	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2832	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2832	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2992	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2992	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2992	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2960	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2960	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2960	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2652	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2652	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2652	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2724	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 2724	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 2724	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 2624	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 2624	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 2624	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 2732	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 2732	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 2732	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 308	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 308	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 308	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 2116	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 2116	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 2116	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 1632	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 1632	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 1632	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 2360	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2360	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2360	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2672	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2672	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2672	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2712	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2712	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2712	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 1704	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 1704	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 1704	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 2148	1968	2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_fb96a7950f25350cb7b3de5fe20a4426_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\System\LTOAZfh.exe
  C:\Windows\System\LTOAZfh.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\kueVCZZ.exe
  C:\Windows\System\kueVCZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\rygVPjB.exe
  C:\Windows\System\rygVPjB.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\DBfBrgd.exe
  C:\Windows\System\DBfBrgd.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\zCSqfmf.exe
  C:\Windows\System\zCSqfmf.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\tKJCudK.exe
  C:\Windows\System\tKJCudK.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\JIFwxxQ.exe
  C:\Windows\System\JIFwxxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\izJQAwx.exe
  C:\Windows\System\izJQAwx.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\jCxFztD.exe
  C:\Windows\System\jCxFztD.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\HWBisvm.exe
  C:\Windows\System\HWBisvm.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\CELicwa.exe
  C:\Windows\System\CELicwa.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\XqaDWVR.exe
  C:\Windows\System\XqaDWVR.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\eEFkmfP.exe
  C:\Windows\System\eEFkmfP.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\SguFnaB.exe
  C:\Windows\System\SguFnaB.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\cnJKABn.exe
  C:\Windows\System\cnJKABn.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\KpcckrW.exe
  C:\Windows\System\KpcckrW.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\GgcbZJp.exe
  C:\Windows\System\GgcbZJp.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\daMDDAu.exe
  C:\Windows\System\daMDDAu.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\aFWWrYB.exe
  C:\Windows\System\aFWWrYB.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\THySvls.exe
  C:\Windows\System\THySvls.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\JGlLKtK.exe
  C:\Windows\System\JGlLKtK.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\vZIVxCX.exe
  C:\Windows\System\vZIVxCX.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\KzYdksc.exe
  C:\Windows\System\KzYdksc.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\EUcdzMk.exe
  C:\Windows\System\EUcdzMk.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\iYWsTXc.exe
  C:\Windows\System\iYWsTXc.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\PiwVtVn.exe
  C:\Windows\System\PiwVtVn.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\iSwELnG.exe
  C:\Windows\System\iSwELnG.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\WMreidr.exe
  C:\Windows\System\WMreidr.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\Cibgsrq.exe
  C:\Windows\System\Cibgsrq.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\tIbXDob.exe
  C:\Windows\System\tIbXDob.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\xvRUbeH.exe
  C:\Windows\System\xvRUbeH.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\glydCuc.exe
  C:\Windows\System\glydCuc.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\qHLvwLc.exe
  C:\Windows\System\qHLvwLc.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\IWwftZZ.exe
  C:\Windows\System\IWwftZZ.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\oEFREuT.exe
  C:\Windows\System\oEFREuT.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\TeflQWx.exe
  C:\Windows\System\TeflQWx.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\LowWrzD.exe
  C:\Windows\System\LowWrzD.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\opiiRzq.exe
  C:\Windows\System\opiiRzq.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\HkIrpAz.exe
  C:\Windows\System\HkIrpAz.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\KdLoCGr.exe
  C:\Windows\System\KdLoCGr.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\lBEtWlV.exe
  C:\Windows\System\lBEtWlV.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\RtWPiuQ.exe
  C:\Windows\System\RtWPiuQ.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\WcWZujd.exe
  C:\Windows\System\WcWZujd.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\fPXnShT.exe
  C:\Windows\System\fPXnShT.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\xYvAhut.exe
  C:\Windows\System\xYvAhut.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\fQFOoZk.exe
  C:\Windows\System\fQFOoZk.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\HzQgYOw.exe
  C:\Windows\System\HzQgYOw.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\zDxWIQV.exe
  C:\Windows\System\zDxWIQV.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\KGRIXFt.exe
  C:\Windows\System\KGRIXFt.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\GZLcxOX.exe
  C:\Windows\System\GZLcxOX.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\SlEqKNi.exe
  C:\Windows\System\SlEqKNi.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\qyuhKru.exe
  C:\Windows\System\qyuhKru.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\XtWchtX.exe
  C:\Windows\System\XtWchtX.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\zGpnVjM.exe
  C:\Windows\System\zGpnVjM.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\OGuOVhA.exe
  C:\Windows\System\OGuOVhA.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\uCPfCNk.exe
  C:\Windows\System\uCPfCNk.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\UFLOSQd.exe
  C:\Windows\System\UFLOSQd.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\diANunh.exe
  C:\Windows\System\diANunh.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\eHWiIFh.exe
  C:\Windows\System\eHWiIFh.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\OYKAKiI.exe
  C:\Windows\System\OYKAKiI.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\hKNucgK.exe
  C:\Windows\System\hKNucgK.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\QgzpWhP.exe
  C:\Windows\System\QgzpWhP.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ONfsBMk.exe
  C:\Windows\System\ONfsBMk.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\mogUGHF.exe
  C:\Windows\System\mogUGHF.exe
  2⤵
  PID:2660
- C:\Windows\System\RgbXAYt.exe
  C:\Windows\System\RgbXAYt.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\LpIotSd.exe
  C:\Windows\System\LpIotSd.exe
  2⤵
  PID:2184
- C:\Windows\System\ETvTbRl.exe
  C:\Windows\System\ETvTbRl.exe
  2⤵
  PID:676
- C:\Windows\System\cSimNED.exe
  C:\Windows\System\cSimNED.exe
  2⤵
  PID:2512
- C:\Windows\System\rlnXbIy.exe
  C:\Windows\System\rlnXbIy.exe
  2⤵
  PID:2788
- C:\Windows\System\XRcasAc.exe
  C:\Windows\System\XRcasAc.exe
  2⤵
  PID:1540
- C:\Windows\System\hORvXXP.exe
  C:\Windows\System\hORvXXP.exe
  2⤵
  PID:1356
- C:\Windows\System\JyGfYMb.exe
  C:\Windows\System\JyGfYMb.exe
  2⤵
  PID:752
- C:\Windows\System\sicKdTa.exe
  C:\Windows\System\sicKdTa.exe
  2⤵
  PID:2176
- C:\Windows\System\cyuPMUP.exe
  C:\Windows\System\cyuPMUP.exe
  2⤵
  PID:348
- C:\Windows\System\xMyNdaC.exe
  C:\Windows\System\xMyNdaC.exe
  2⤵
  PID:1048
- C:\Windows\System\HEHLJoK.exe
  C:\Windows\System\HEHLJoK.exe
  2⤵
  PID:1420
- C:\Windows\System\LNzNGBE.exe
  C:\Windows\System\LNzNGBE.exe
  2⤵
  PID:2584
- C:\Windows\System\mxuKapa.exe
  C:\Windows\System\mxuKapa.exe
  2⤵
  PID:2196
- C:\Windows\System\NllOqOw.exe
  C:\Windows\System\NllOqOw.exe
  2⤵
  PID:1604
- C:\Windows\System\RuOsvXe.exe
  C:\Windows\System\RuOsvXe.exe
  2⤵
  PID:688
- C:\Windows\System\OGCcujU.exe
  C:\Windows\System\OGCcujU.exe
  2⤵
  PID:2212
- C:\Windows\System\NqZZZrP.exe
  C:\Windows\System\NqZZZrP.exe
  2⤵
  PID:1820
- C:\Windows\System\vCKCROh.exe
  C:\Windows\System\vCKCROh.exe
  2⤵
  PID:2076
- C:\Windows\System\gsfjHdf.exe
  C:\Windows\System\gsfjHdf.exe
  2⤵
  PID:2248
- C:\Windows\System\BBzbEcK.exe
  C:\Windows\System\BBzbEcK.exe
  2⤵
  PID:2952
- C:\Windows\System\vFYEgvF.exe
  C:\Windows\System\vFYEgvF.exe
  2⤵
  PID:1344
- C:\Windows\System\NPVIQEf.exe
  C:\Windows\System\NPVIQEf.exe
  2⤵
  PID:276
- C:\Windows\System\YJJHDjc.exe
  C:\Windows\System\YJJHDjc.exe
  2⤵
  PID:2340
- C:\Windows\System\amLkPsP.exe
  C:\Windows\System\amLkPsP.exe
  2⤵
  PID:1644
- C:\Windows\System\GJtSVlm.exe
  C:\Windows\System\GJtSVlm.exe
  2⤵
  PID:1492
- C:\Windows\System\TRXXZRl.exe
  C:\Windows\System\TRXXZRl.exe
  2⤵
  PID:2548
- C:\Windows\System\ZxdtbTY.exe
  C:\Windows\System\ZxdtbTY.exe
  2⤵
  PID:2736
- C:\Windows\System\rgMoLfF.exe
  C:\Windows\System\rgMoLfF.exe
  2⤵
  PID:2840
- C:\Windows\System\EnZLAqE.exe
  C:\Windows\System\EnZLAqE.exe
  2⤵
  PID:2476
- C:\Windows\System\pjJWedP.exe
  C:\Windows\System\pjJWedP.exe
  2⤵
  PID:2484
- C:\Windows\System\DfaTEjF.exe
  C:\Windows\System\DfaTEjF.exe
  2⤵
  PID:2260
- C:\Windows\System\KxPJLZk.exe
  C:\Windows\System\KxPJLZk.exe
  2⤵
  PID:2608
- C:\Windows\System\LuDSMUq.exe
  C:\Windows\System\LuDSMUq.exe
  2⤵
  PID:1656
- C:\Windows\System\lrYcZdQ.exe
  C:\Windows\System\lrYcZdQ.exe
  2⤵
  PID:2128
- C:\Windows\System\iLBAtjr.exe
  C:\Windows\System\iLBAtjr.exe
  2⤵
  PID:2136
- C:\Windows\System\ZKeGVNt.exe
  C:\Windows\System\ZKeGVNt.exe
  2⤵
  PID:1772
- C:\Windows\System\gEoxHrw.exe
  C:\Windows\System\gEoxHrw.exe
  2⤵
  PID:1308
- C:\Windows\System\QwtgYpB.exe
  C:\Windows\System\QwtgYpB.exe
  2⤵
  PID:2396
- C:\Windows\System\VCBqTFW.exe
  C:\Windows\System\VCBqTFW.exe
  2⤵
  PID:1916
- C:\Windows\System\yQYylKK.exe
  C:\Windows\System\yQYylKK.exe
  2⤵
  PID:1928
- C:\Windows\System\wdCWZwz.exe
  C:\Windows\System\wdCWZwz.exe
  2⤵
  PID:2120
- C:\Windows\System\zcrVSmA.exe
  C:\Windows\System\zcrVSmA.exe
  2⤵
  PID:1972
- C:\Windows\System\jMBEDwS.exe
  C:\Windows\System\jMBEDwS.exe
  2⤵
  PID:2696
- C:\Windows\System\pbFPWaw.exe
  C:\Windows\System\pbFPWaw.exe
  2⤵
  PID:2720
- C:\Windows\System\oTbpxEr.exe
  C:\Windows\System\oTbpxEr.exe
  2⤵
  PID:2440
- C:\Windows\System\zGTXSFx.exe
  C:\Windows\System\zGTXSFx.exe
  2⤵
  PID:2976
- C:\Windows\System\vPFIRcs.exe
  C:\Windows\System\vPFIRcs.exe
  2⤵
  PID:868
- C:\Windows\System\NhxkawQ.exe
  C:\Windows\System\NhxkawQ.exe
  2⤵
  PID:2784
- C:\Windows\System\CfwywMK.exe
  C:\Windows\System\CfwywMK.exe
  2⤵
  PID:2420
- C:\Windows\System\eLBCwxq.exe
  C:\Windows\System\eLBCwxq.exe
  2⤵
  PID:1736
- C:\Windows\System\qPyNaNp.exe
  C:\Windows\System\qPyNaNp.exe
  2⤵
  PID:1012
- C:\Windows\System\wzbNSwm.exe
  C:\Windows\System\wzbNSwm.exe
  2⤵
  PID:1900
- C:\Windows\System\KTodQRt.exe
  C:\Windows\System\KTodQRt.exe
  2⤵
  PID:532
- C:\Windows\System\KwtBWxK.exe
  C:\Windows\System\KwtBWxK.exe
  2⤵
  PID:2708
- C:\Windows\System\GlMwuuY.exe
  C:\Windows\System\GlMwuuY.exe
  2⤵
  PID:408
- C:\Windows\System\UOFjDwS.exe
  C:\Windows\System\UOFjDwS.exe
  2⤵
  PID:600
- C:\Windows\System\iZEApnz.exe
  C:\Windows\System\iZEApnz.exe
  2⤵
  PID:2684
- C:\Windows\System\YyWKErT.exe
  C:\Windows\System\YyWKErT.exe
  2⤵
  PID:1760
- C:\Windows\System\FftcFTD.exe
  C:\Windows\System\FftcFTD.exe
  2⤵
  PID:2948
- C:\Windows\System\uJCxXGX.exe
  C:\Windows\System\uJCxXGX.exe
  2⤵
  PID:2112
- C:\Windows\System\sRdmFTe.exe
  C:\Windows\System\sRdmFTe.exe
  2⤵
  PID:3008
- C:\Windows\System\UWvBbwI.exe
  C:\Windows\System\UWvBbwI.exe
  2⤵
  PID:3088
- C:\Windows\System\DhBrisI.exe
  C:\Windows\System\DhBrisI.exe
  2⤵
  PID:3108
- C:\Windows\System\sSacfLR.exe
  C:\Windows\System\sSacfLR.exe
  2⤵
  PID:3132
- C:\Windows\System\efbORkz.exe
  C:\Windows\System\efbORkz.exe
  2⤵
  PID:3152
- C:\Windows\System\BQYGlTo.exe
  C:\Windows\System\BQYGlTo.exe
  2⤵
  PID:3168
- C:\Windows\System\KhHkCjp.exe
  C:\Windows\System\KhHkCjp.exe
  2⤵
  PID:3188
- C:\Windows\System\GmbBpmv.exe
  C:\Windows\System\GmbBpmv.exe
  2⤵
  PID:3212
- C:\Windows\System\DQJVpOi.exe
  C:\Windows\System\DQJVpOi.exe
  2⤵
  PID:3232
- C:\Windows\System\LUTpkbj.exe
  C:\Windows\System\LUTpkbj.exe
  2⤵
  PID:3252
- C:\Windows\System\bUTdytL.exe
  C:\Windows\System\bUTdytL.exe
  2⤵
  PID:3276
- C:\Windows\System\OvZxFPZ.exe
  C:\Windows\System\OvZxFPZ.exe
  2⤵
  PID:3292
- C:\Windows\System\pmsQJOh.exe
  C:\Windows\System\pmsQJOh.exe
  2⤵
  PID:3312
- C:\Windows\System\PwprEit.exe
  C:\Windows\System\PwprEit.exe
  2⤵
  PID:3328
- C:\Windows\System\wLhZsHf.exe
  C:\Windows\System\wLhZsHf.exe
  2⤵
  PID:3344
- C:\Windows\System\GtecHAI.exe
  C:\Windows\System\GtecHAI.exe
  2⤵
  PID:3368
- C:\Windows\System\UDMZZIL.exe
  C:\Windows\System\UDMZZIL.exe
  2⤵
  PID:3388
- C:\Windows\System\nJOnLeJ.exe
  C:\Windows\System\nJOnLeJ.exe
  2⤵
  PID:3408
- C:\Windows\System\zlEYPzQ.exe
  C:\Windows\System\zlEYPzQ.exe
  2⤵
  PID:3424
- C:\Windows\System\ntSjhnr.exe
  C:\Windows\System\ntSjhnr.exe
  2⤵
  PID:3440
- C:\Windows\System\MmfqEvf.exe
  C:\Windows\System\MmfqEvf.exe
  2⤵
  PID:3456
- C:\Windows\System\qustjwb.exe
  C:\Windows\System\qustjwb.exe
  2⤵
  PID:3472
- C:\Windows\System\bFjKfvH.exe
  C:\Windows\System\bFjKfvH.exe
  2⤵
  PID:3488
- C:\Windows\System\czyKkXb.exe
  C:\Windows\System\czyKkXb.exe
  2⤵
  PID:3504
- C:\Windows\System\pmxhmeq.exe
  C:\Windows\System\pmxhmeq.exe
  2⤵
  PID:3520
- C:\Windows\System\mzMdqTP.exe
  C:\Windows\System\mzMdqTP.exe
  2⤵
  PID:3536
- C:\Windows\System\HhlUIWV.exe
  C:\Windows\System\HhlUIWV.exe
  2⤵
  PID:3552
- C:\Windows\System\nuqSlvG.exe
  C:\Windows\System\nuqSlvG.exe
  2⤵
  PID:3568
- C:\Windows\System\tnDvjyL.exe
  C:\Windows\System\tnDvjyL.exe
  2⤵
  PID:3584
- C:\Windows\System\rDZRjHy.exe
  C:\Windows\System\rDZRjHy.exe
  2⤵
  PID:3600
- C:\Windows\System\lORqPUV.exe
  C:\Windows\System\lORqPUV.exe
  2⤵
  PID:3616
- C:\Windows\System\vlZaMgL.exe
  C:\Windows\System\vlZaMgL.exe
  2⤵
  PID:3644
- C:\Windows\System\xjNagvN.exe
  C:\Windows\System\xjNagvN.exe
  2⤵
  PID:3676
- C:\Windows\System\pAMVorb.exe
  C:\Windows\System\pAMVorb.exe
  2⤵
  PID:3700
- C:\Windows\System\VzuFCtv.exe
  C:\Windows\System\VzuFCtv.exe
  2⤵
  PID:3720
- C:\Windows\System\TrpFqZA.exe
  C:\Windows\System\TrpFqZA.exe
  2⤵
  PID:3740
- C:\Windows\System\lBRMoUR.exe
  C:\Windows\System\lBRMoUR.exe
  2⤵
  PID:3756
- C:\Windows\System\xxFmDKL.exe
  C:\Windows\System\xxFmDKL.exe
  2⤵
  PID:3772
- C:\Windows\System\TetpKYp.exe
  C:\Windows\System\TetpKYp.exe
  2⤵
  PID:3792
- C:\Windows\System\RCBINsx.exe
  C:\Windows\System\RCBINsx.exe
  2⤵
  PID:3812
- C:\Windows\System\CgZmAuT.exe
  C:\Windows\System\CgZmAuT.exe
  2⤵
  PID:3832
- C:\Windows\System\WwHCqJq.exe
  C:\Windows\System\WwHCqJq.exe
  2⤵
  PID:3852
- C:\Windows\System\nhastVT.exe
  C:\Windows\System\nhastVT.exe
  2⤵
  PID:3872
- C:\Windows\System\wwDaHGH.exe
  C:\Windows\System\wwDaHGH.exe
  2⤵
  PID:3892
- C:\Windows\System\zkhENmp.exe
  C:\Windows\System\zkhENmp.exe
  2⤵
  PID:3952
- C:\Windows\System\DnARzCF.exe
  C:\Windows\System\DnARzCF.exe
  2⤵
  PID:3968
- C:\Windows\System\IlkGXxp.exe
  C:\Windows\System\IlkGXxp.exe
  2⤵
  PID:3984
- C:\Windows\System\YXIPrvt.exe
  C:\Windows\System\YXIPrvt.exe
  2⤵
  PID:4004
- C:\Windows\System\ezSoJlC.exe
  C:\Windows\System\ezSoJlC.exe
  2⤵
  PID:4024
- C:\Windows\System\PqsvaSu.exe
  C:\Windows\System\PqsvaSu.exe
  2⤵
  PID:4044
- C:\Windows\System\LNJewVd.exe
  C:\Windows\System\LNJewVd.exe
  2⤵
  PID:4064
- C:\Windows\System\ZMMChOP.exe
  C:\Windows\System\ZMMChOP.exe
  2⤵
  PID:4084
- C:\Windows\System\ZPOjYCu.exe
  C:\Windows\System\ZPOjYCu.exe
  2⤵
  PID:272
- C:\Windows\System\VAqtDqt.exe
  C:\Windows\System\VAqtDqt.exe
  2⤵
  PID:924
- C:\Windows\System\btJSuVF.exe
  C:\Windows\System\btJSuVF.exe
  2⤵
  PID:1424
- C:\Windows\System\gRzlAYW.exe
  C:\Windows\System\gRzlAYW.exe
  2⤵
  PID:756
- C:\Windows\System\qotsVOr.exe
  C:\Windows\System\qotsVOr.exe
  2⤵
  PID:2488
- C:\Windows\System\oTtvCjf.exe
  C:\Windows\System\oTtvCjf.exe
  2⤵
  PID:3076
- C:\Windows\System\VqIlXQb.exe
  C:\Windows\System\VqIlXQb.exe
  2⤵
  PID:3100
- C:\Windows\System\awlKPOk.exe
  C:\Windows\System\awlKPOk.exe
  2⤵
  PID:3176
- C:\Windows\System\aWLDlUD.exe
  C:\Windows\System\aWLDlUD.exe
  2⤵
  PID:3224
- C:\Windows\System\uLPqlyv.exe
  C:\Windows\System\uLPqlyv.exe
  2⤵
  PID:3300
- C:\Windows\System\qGmuTrC.exe
  C:\Windows\System\qGmuTrC.exe
  2⤵
  PID:3376
- C:\Windows\System\WcYzxKx.exe
  C:\Windows\System\WcYzxKx.exe
  2⤵
  PID:3420
- C:\Windows\System\RwGaujN.exe
  C:\Windows\System\RwGaujN.exe
  2⤵
  PID:3512
- C:\Windows\System\jHwnMrc.exe
  C:\Windows\System\jHwnMrc.exe
  2⤵
  PID:3084
- C:\Windows\System\aoPLbGm.exe
  C:\Windows\System\aoPLbGm.exe
  2⤵
  PID:3580
- C:\Windows\System\koYKwcF.exe
  C:\Windows\System\koYKwcF.exe
  2⤵
  PID:3664
- C:\Windows\System\MURAiaj.exe
  C:\Windows\System\MURAiaj.exe
  2⤵
  PID:3124
- C:\Windows\System\ZiwgvaY.exe
  C:\Windows\System\ZiwgvaY.exe
  2⤵
  PID:3716
- C:\Windows\System\SbuQaNk.exe
  C:\Windows\System\SbuQaNk.exe
  2⤵
  PID:3204
- C:\Windows\System\gOwRDai.exe
  C:\Windows\System\gOwRDai.exe
  2⤵
  PID:3288
- C:\Windows\System\LowsmSF.exe
  C:\Windows\System\LowsmSF.exe
  2⤵
  PID:3324
- C:\Windows\System\VPLroqL.exe
  C:\Windows\System\VPLroqL.exe
  2⤵
  PID:3364
- C:\Windows\System\tNEmcTy.exe
  C:\Windows\System\tNEmcTy.exe
  2⤵
  PID:3820
- C:\Windows\System\VlBRJmI.exe
  C:\Windows\System\VlBRJmI.exe
  2⤵
  PID:3900
- C:\Windows\System\BQucEIO.exe
  C:\Windows\System\BQucEIO.exe
  2⤵
  PID:3924
- C:\Windows\System\ldIkPSp.exe
  C:\Windows\System\ldIkPSp.exe
  2⤵
  PID:3636
- C:\Windows\System\uTqgFrM.exe
  C:\Windows\System\uTqgFrM.exe
  2⤵
  PID:3940
- C:\Windows\System\tvsgSEG.exe
  C:\Windows\System\tvsgSEG.exe
  2⤵
  PID:3884
- C:\Windows\System\qRIuuFQ.exe
  C:\Windows\System\qRIuuFQ.exe
  2⤵
  PID:3732
- C:\Windows\System\jJSODIO.exe
  C:\Windows\System\jJSODIO.exe
  2⤵
  PID:3628
- C:\Windows\System\UvKjFIE.exe
  C:\Windows\System\UvKjFIE.exe
  2⤵
  PID:3564
- C:\Windows\System\upoIvLq.exe
  C:\Windows\System\upoIvLq.exe
  2⤵
  PID:3468
- C:\Windows\System\jAUjAgw.exe
  C:\Windows\System\jAUjAgw.exe
  2⤵
  PID:4012
- C:\Windows\System\FRFkLfv.exe
  C:\Windows\System\FRFkLfv.exe
  2⤵
  PID:4060
- C:\Windows\System\zjASWBi.exe
  C:\Windows\System\zjASWBi.exe
  2⤵
  PID:1512
- C:\Windows\System\qcAckMq.exe
  C:\Windows\System\qcAckMq.exe
  2⤵
  PID:1408
- C:\Windows\System\jHBnXYY.exe
  C:\Windows\System\jHBnXYY.exe
  2⤵
  PID:3304
- C:\Windows\System\cAyLoZX.exe
  C:\Windows\System\cAyLoZX.exe
  2⤵
  PID:3484
- C:\Windows\System\qbBcJKB.exe
  C:\Windows\System\qbBcJKB.exe
  2⤵
  PID:4076
- C:\Windows\System\pdLabhi.exe
  C:\Windows\System\pdLabhi.exe
  2⤵
  PID:4036
- C:\Windows\System\zYxDFHz.exe
  C:\Windows\System\zYxDFHz.exe
  2⤵
  PID:2320
- C:\Windows\System\igAKzLd.exe
  C:\Windows\System\igAKzLd.exe
  2⤵
  PID:2284
- C:\Windows\System\mQrJjYr.exe
  C:\Windows\System\mQrJjYr.exe
  2⤵
  PID:2804
- C:\Windows\System\LJrVRKi.exe
  C:\Windows\System\LJrVRKi.exe
  2⤵
  PID:3196
- C:\Windows\System\ubmivve.exe
  C:\Windows\System\ubmivve.exe
  2⤵
  PID:2312
- C:\Windows\System\rlYyMnj.exe
  C:\Windows\System\rlYyMnj.exe
  2⤵
  PID:1552
- C:\Windows\System\uVKCufQ.exe
  C:\Windows\System\uVKCufQ.exe
  2⤵
  PID:3404
- C:\Windows\System\WtKGzQI.exe
  C:\Windows\System\WtKGzQI.exe
  2⤵
  PID:4052
- C:\Windows\System\GjLaaJy.exe
  C:\Windows\System\GjLaaJy.exe
  2⤵
  PID:3612
- C:\Windows\System\dFVMSPt.exe
  C:\Windows\System\dFVMSPt.exe
  2⤵
  PID:3936
- C:\Windows\System\GFLAZLc.exe
  C:\Windows\System\GFLAZLc.exe
  2⤵
  PID:3828
- C:\Windows\System\hSbHira.exe
  C:\Windows\System\hSbHira.exe
  2⤵
  PID:3436
- C:\Windows\System\ZlnMQQx.exe
  C:\Windows\System\ZlnMQQx.exe
  2⤵
  PID:3240
- C:\Windows\System\dpYGUrs.exe
  C:\Windows\System\dpYGUrs.exe
  2⤵
  PID:3764
- C:\Windows\System\APzVgNT.exe
  C:\Windows\System\APzVgNT.exe
  2⤵
  PID:3880
- C:\Windows\System\AArbUsF.exe
  C:\Windows\System\AArbUsF.exe
  2⤵
  PID:3888
- C:\Windows\System\MJdTeAl.exe
  C:\Windows\System\MJdTeAl.exe
  2⤵
  PID:4040
- C:\Windows\System\ugdplqx.exe
  C:\Windows\System\ugdplqx.exe
  2⤵
  PID:3120
- C:\Windows\System\TXCmCFw.exe
  C:\Windows\System\TXCmCFw.exe
  2⤵
  PID:3248
- C:\Windows\System\ynuWipM.exe
  C:\Windows\System\ynuWipM.exe
  2⤵
  PID:3144
- C:\Windows\System\hAPakJl.exe
  C:\Windows\System\hAPakJl.exe
  2⤵
  PID:3380
- C:\Windows\System\ZrnUCSH.exe
  C:\Windows\System\ZrnUCSH.exe
  2⤵
  PID:3684
- C:\Windows\System\aiRvYaI.exe
  C:\Windows\System\aiRvYaI.exe
  2⤵
  PID:3632
- C:\Windows\System\CslGLOO.exe
  C:\Windows\System\CslGLOO.exe
  2⤵
  PID:3340
- C:\Windows\System\rXrYhNl.exe
  C:\Windows\System\rXrYhNl.exe
  2⤵
  PID:3964
- C:\Windows\System\TQPLsjS.exe
  C:\Windows\System\TQPLsjS.exe
  2⤵
  PID:1464
- C:\Windows\System\uveNULA.exe
  C:\Windows\System\uveNULA.exe
  2⤵
  PID:3672
- C:\Windows\System\sdYKotA.exe
  C:\Windows\System\sdYKotA.exe
  2⤵
  PID:3272
- C:\Windows\System\YZzdORt.exe
  C:\Windows\System\YZzdORt.exe
  2⤵
  PID:3920
- C:\Windows\System\qWjaGIh.exe
  C:\Windows\System\qWjaGIh.exe
  2⤵
  PID:4108
- C:\Windows\System\vtYteKg.exe
  C:\Windows\System\vtYteKg.exe
  2⤵
  PID:4124
- C:\Windows\System\lGbGCDV.exe
  C:\Windows\System\lGbGCDV.exe
  2⤵
  PID:4140
- C:\Windows\System\SWDhyCl.exe
  C:\Windows\System\SWDhyCl.exe
  2⤵
  PID:4160
- C:\Windows\System\nbcBMdt.exe
  C:\Windows\System\nbcBMdt.exe
  2⤵
  PID:4200
- C:\Windows\System\QiNWjCK.exe
  C:\Windows\System\QiNWjCK.exe
  2⤵
  PID:4224
- C:\Windows\System\aFJmraa.exe
  C:\Windows\System\aFJmraa.exe
  2⤵
  PID:4240
- C:\Windows\System\fPZGHiU.exe
  C:\Windows\System\fPZGHiU.exe
  2⤵
  PID:4260
- C:\Windows\System\cYUfsEA.exe
  C:\Windows\System\cYUfsEA.exe
  2⤵
  PID:4280
- C:\Windows\System\BeCmOgi.exe
  C:\Windows\System\BeCmOgi.exe
  2⤵
  PID:4300
- C:\Windows\System\pPDWNYh.exe
  C:\Windows\System\pPDWNYh.exe
  2⤵
  PID:4320
- C:\Windows\System\sfwiwZG.exe
  C:\Windows\System\sfwiwZG.exe
  2⤵
  PID:4340
- C:\Windows\System\UMsJrdL.exe
  C:\Windows\System\UMsJrdL.exe
  2⤵
  PID:4364
- C:\Windows\System\nrEBZhS.exe
  C:\Windows\System\nrEBZhS.exe
  2⤵
  PID:4380
- C:\Windows\System\lBQuXFn.exe
  C:\Windows\System\lBQuXFn.exe
  2⤵
  PID:4396
- C:\Windows\System\dNJOFdI.exe
  C:\Windows\System\dNJOFdI.exe
  2⤵
  PID:4416
- C:\Windows\System\lbxMTbn.exe
  C:\Windows\System\lbxMTbn.exe
  2⤵
  PID:4444
- C:\Windows\System\ywGAAxa.exe
  C:\Windows\System\ywGAAxa.exe
  2⤵
  PID:4460
- C:\Windows\System\VXWDQko.exe
  C:\Windows\System\VXWDQko.exe
  2⤵
  PID:4480
- C:\Windows\System\UYgYLTF.exe
  C:\Windows\System\UYgYLTF.exe
  2⤵
  PID:4500
- C:\Windows\System\BSzysec.exe
  C:\Windows\System\BSzysec.exe
  2⤵
  PID:4520
- C:\Windows\System\VPhxKvW.exe
  C:\Windows\System\VPhxKvW.exe
  2⤵
  PID:4540
- C:\Windows\System\fnaDBge.exe
  C:\Windows\System\fnaDBge.exe
  2⤵
  PID:4556
- C:\Windows\System\lcHADgJ.exe
  C:\Windows\System\lcHADgJ.exe
  2⤵
  PID:4580
- C:\Windows\System\buoOyGj.exe
  C:\Windows\System\buoOyGj.exe
  2⤵
  PID:4600
- C:\Windows\System\cjkGnKS.exe
  C:\Windows\System\cjkGnKS.exe
  2⤵
  PID:4624
- C:\Windows\System\NhMeBwO.exe
  C:\Windows\System\NhMeBwO.exe
  2⤵
  PID:4644
- C:\Windows\System\YMugFRY.exe
  C:\Windows\System\YMugFRY.exe
  2⤵
  PID:4668
- C:\Windows\System\XSenweh.exe
  C:\Windows\System\XSenweh.exe
  2⤵
  PID:4688
- C:\Windows\System\MhUIoBu.exe
  C:\Windows\System\MhUIoBu.exe
  2⤵
  PID:4708
- C:\Windows\System\LfDumRI.exe
  C:\Windows\System\LfDumRI.exe
  2⤵
  PID:4728
- C:\Windows\System\bRfPTlW.exe
  C:\Windows\System\bRfPTlW.exe
  2⤵
  PID:4744
- C:\Windows\System\vyZDQpP.exe
  C:\Windows\System\vyZDQpP.exe
  2⤵
  PID:4768
- C:\Windows\System\LISAUjL.exe
  C:\Windows\System\LISAUjL.exe
  2⤵
  PID:4784
- C:\Windows\System\tWajkJF.exe
  C:\Windows\System\tWajkJF.exe
  2⤵
  PID:4808
- C:\Windows\System\zTvXdtM.exe
  C:\Windows\System\zTvXdtM.exe
  2⤵
  PID:4824
- C:\Windows\System\NfcPsaa.exe
  C:\Windows\System\NfcPsaa.exe
  2⤵
  PID:4840
- C:\Windows\System\MCkxpKA.exe
  C:\Windows\System\MCkxpKA.exe
  2⤵
  PID:4864
- C:\Windows\System\urYmMsQ.exe
  C:\Windows\System\urYmMsQ.exe
  2⤵
  PID:4888
- C:\Windows\System\tFWwaFT.exe
  C:\Windows\System\tFWwaFT.exe
  2⤵
  PID:4904
- C:\Windows\System\erzlgir.exe
  C:\Windows\System\erzlgir.exe
  2⤵
  PID:4920
- C:\Windows\System\GyazvCH.exe
  C:\Windows\System\GyazvCH.exe
  2⤵
  PID:4940
- C:\Windows\System\GpAMDBw.exe
  C:\Windows\System\GpAMDBw.exe
  2⤵
  PID:4956
- C:\Windows\System\jTOQxeR.exe
  C:\Windows\System\jTOQxeR.exe
  2⤵
  PID:4976
- C:\Windows\System\XzpxGUp.exe
  C:\Windows\System\XzpxGUp.exe
  2⤵
  PID:4996
- C:\Windows\System\BNEwcAH.exe
  C:\Windows\System\BNEwcAH.exe
  2⤵
  PID:5012
- C:\Windows\System\QQWVccz.exe
  C:\Windows\System\QQWVccz.exe
  2⤵
  PID:5032
- C:\Windows\System\yyjEvsE.exe
  C:\Windows\System\yyjEvsE.exe
  2⤵
  PID:5056
- C:\Windows\System\Njzzska.exe
  C:\Windows\System\Njzzska.exe
  2⤵
  PID:5072
- C:\Windows\System\VsRiIdE.exe
  C:\Windows\System\VsRiIdE.exe
  2⤵
  PID:5096
- C:\Windows\System\MAWCBda.exe
  C:\Windows\System\MAWCBda.exe
  2⤵
  PID:5116
- C:\Windows\System\gJdwozn.exe
  C:\Windows\System\gJdwozn.exe
  2⤵
  PID:3736
- C:\Windows\System\MQuUAje.exe
  C:\Windows\System\MQuUAje.exe
  2⤵
  PID:3980
- C:\Windows\System\HyScMkQ.exe
  C:\Windows\System\HyScMkQ.exe
  2⤵
  PID:4056
- C:\Windows\System\oltJegl.exe
  C:\Windows\System\oltJegl.exe
  2⤵
  PID:3480
- C:\Windows\System\JRXFGsw.exe
  C:\Windows\System\JRXFGsw.exe
  2⤵
  PID:352
- C:\Windows\System\pcgYgIg.exe
  C:\Windows\System\pcgYgIg.exe
  2⤵
  PID:3356
- C:\Windows\System\ICuImcG.exe
  C:\Windows\System\ICuImcG.exe
  2⤵
  PID:3948
- C:\Windows\System\MkADoxh.exe
  C:\Windows\System\MkADoxh.exe
  2⤵
  PID:3916
- C:\Windows\System\AdJIfoG.exe
  C:\Windows\System\AdJIfoG.exe
  2⤵
  PID:4152
- C:\Windows\System\tWZqttG.exe
  C:\Windows\System\tWZqttG.exe
  2⤵
  PID:4132
- C:\Windows\System\paRiFpA.exe
  C:\Windows\System\paRiFpA.exe
  2⤵
  PID:4176
- C:\Windows\System\zzpacaV.exe
  C:\Windows\System\zzpacaV.exe
  2⤵
  PID:4184
- C:\Windows\System\CvgIWPr.exe
  C:\Windows\System\CvgIWPr.exe
  2⤵
  PID:4212
- C:\Windows\System\FusPEXT.exe
  C:\Windows\System\FusPEXT.exe
  2⤵
  PID:4252
- C:\Windows\System\scdVRpD.exe
  C:\Windows\System\scdVRpD.exe
  2⤵
  PID:4232
- C:\Windows\System\JVnwADP.exe
  C:\Windows\System\JVnwADP.exe
  2⤵
  PID:4276
- C:\Windows\System\YcHuxwG.exe
  C:\Windows\System\YcHuxwG.exe
  2⤵
  PID:4332
- C:\Windows\System\ThmoPmp.exe
  C:\Windows\System\ThmoPmp.exe
  2⤵
  PID:4312
- C:\Windows\System\jzLvEnh.exe
  C:\Windows\System\jzLvEnh.exe
  2⤵
  PID:4348
- C:\Windows\System\coPfSOk.exe
  C:\Windows\System\coPfSOk.exe
  2⤵
  PID:3024
- C:\Windows\System\rGetXHH.exe
  C:\Windows\System\rGetXHH.exe
  2⤵
  PID:4496
- C:\Windows\System\VztFwQk.exe
  C:\Windows\System\VztFwQk.exe
  2⤵
  PID:4472
- C:\Windows\System\OiEVRsE.exe
  C:\Windows\System\OiEVRsE.exe
  2⤵
  PID:4468
- C:\Windows\System\DXNwxHl.exe
  C:\Windows\System\DXNwxHl.exe
  2⤵
  PID:4536
- C:\Windows\System\kkesARa.exe
  C:\Windows\System\kkesARa.exe
  2⤵
  PID:4568
- C:\Windows\System\KgcbIFT.exe
  C:\Windows\System\KgcbIFT.exe
  2⤵
  PID:4548
- C:\Windows\System\cXTszIt.exe
  C:\Windows\System\cXTszIt.exe
  2⤵
  PID:4612
- C:\Windows\System\empdXaG.exe
  C:\Windows\System\empdXaG.exe
  2⤵
  PID:4616
- C:\Windows\System\EKtpAHb.exe
  C:\Windows\System\EKtpAHb.exe
  2⤵
  PID:4636
- C:\Windows\System\ObRyZsj.exe
  C:\Windows\System\ObRyZsj.exe
  2⤵
  PID:4700
- C:\Windows\System\puXhFMA.exe
  C:\Windows\System\puXhFMA.exe
  2⤵
  PID:4820
- C:\Windows\System\OiiCmsH.exe
  C:\Windows\System\OiiCmsH.exe
  2⤵
  PID:4764
- C:\Windows\System\yLxQgCi.exe
  C:\Windows\System\yLxQgCi.exe
  2⤵
  PID:5004
- C:\Windows\System\RlqntMl.exe
  C:\Windows\System\RlqntMl.exe
  2⤵
  PID:5052
- C:\Windows\System\NwCAaRj.exe
  C:\Windows\System\NwCAaRj.exe
  2⤵
  PID:4804
- C:\Windows\System\MTVpOpI.exe
  C:\Windows\System\MTVpOpI.exe
  2⤵
  PID:4800
- C:\Windows\System\WwrYryG.exe
  C:\Windows\System\WwrYryG.exe
  2⤵
  PID:4876
- C:\Windows\System\tEgMcZp.exe
  C:\Windows\System\tEgMcZp.exe
  2⤵
  PID:5084
- C:\Windows\System\kWqdTkn.exe
  C:\Windows\System\kWqdTkn.exe
  2⤵
  PID:4952
- C:\Windows\System\uyCqWZJ.exe
  C:\Windows\System\uyCqWZJ.exe
  2⤵
  PID:4992
- C:\Windows\System\NosoQrO.exe
  C:\Windows\System\NosoQrO.exe
  2⤵
  PID:3320
- C:\Windows\System\QJkJSmd.exe
  C:\Windows\System\QJkJSmd.exe
  2⤵
  PID:4168
- C:\Windows\System\mdCIRTu.exe
  C:\Windows\System\mdCIRTu.exe
  2⤵
  PID:4288
- C:\Windows\System\bZaQBuA.exe
  C:\Windows\System\bZaQBuA.exe
  2⤵
  PID:4456
- C:\Windows\System\MgTwfcY.exe
  C:\Windows\System\MgTwfcY.exe
  2⤵
  PID:5020
- C:\Windows\System\TwXVMEn.exe
  C:\Windows\System\TwXVMEn.exe
  2⤵
  PID:3864
- C:\Windows\System\goSwVgb.exe
  C:\Windows\System\goSwVgb.exe
  2⤵
  PID:3056
- C:\Windows\System\BvLiDAp.exe
  C:\Windows\System\BvLiDAp.exe
  2⤵
  PID:5064
- C:\Windows\System\rFRXeIT.exe
  C:\Windows\System\rFRXeIT.exe
  2⤵
  PID:4576
- C:\Windows\System\GxLwSvd.exe
  C:\Windows\System\GxLwSvd.exe
  2⤵
  PID:3804
- C:\Windows\System\UpebDaq.exe
  C:\Windows\System\UpebDaq.exe
  2⤵
  PID:3844
- C:\Windows\System\ckiIELT.exe
  C:\Windows\System\ckiIELT.exe
  2⤵
  PID:4664
- C:\Windows\System\FykLHto.exe
  C:\Windows\System\FykLHto.exe
  2⤵
  PID:4776
- C:\Windows\System\SeTyjvX.exe
  C:\Windows\System\SeTyjvX.exe
  2⤵
  PID:4792
- C:\Windows\System\CyvrllU.exe
  C:\Windows\System\CyvrllU.exe
  2⤵
  PID:4916
- C:\Windows\System\DVNdTBd.exe
  C:\Windows\System\DVNdTBd.exe
  2⤵
  PID:3532
- C:\Windows\System\OSBttAz.exe
  C:\Windows\System\OSBttAz.exe
  2⤵
  PID:4512
- C:\Windows\System\xJKCcLS.exe
  C:\Windows\System\xJKCcLS.exe
  2⤵
  PID:5104
- C:\Windows\System\dNuWOci.exe
  C:\Windows\System\dNuWOci.exe
  2⤵
  PID:5132
- C:\Windows\System\KkVrUYV.exe
  C:\Windows\System\KkVrUYV.exe
  2⤵
  PID:5148
- C:\Windows\System\LjWmZTv.exe
  C:\Windows\System\LjWmZTv.exe
  2⤵
  PID:5172
- C:\Windows\System\mSxiMXA.exe
  C:\Windows\System\mSxiMXA.exe
  2⤵
  PID:5204
- C:\Windows\System\wjSDObw.exe
  C:\Windows\System\wjSDObw.exe
  2⤵
  PID:5224
- C:\Windows\System\elLewFo.exe
  C:\Windows\System\elLewFo.exe
  2⤵
  PID:5244
- C:\Windows\System\kHluTnT.exe
  C:\Windows\System\kHluTnT.exe
  2⤵
  PID:5268
- C:\Windows\System\hyTSUte.exe
  C:\Windows\System\hyTSUte.exe
  2⤵
  PID:5284
- C:\Windows\System\ftArGtA.exe
  C:\Windows\System\ftArGtA.exe
  2⤵
  PID:5308
- C:\Windows\System\clnwTrs.exe
  C:\Windows\System\clnwTrs.exe
  2⤵
  PID:5336
- C:\Windows\System\WzUSYiz.exe
  C:\Windows\System\WzUSYiz.exe
  2⤵
  PID:5360
- C:\Windows\System\BWTJWhx.exe
  C:\Windows\System\BWTJWhx.exe
  2⤵
  PID:5380
- C:\Windows\System\xsaYUft.exe
  C:\Windows\System\xsaYUft.exe
  2⤵
  PID:5412
- C:\Windows\System\bBidNDV.exe
  C:\Windows\System\bBidNDV.exe
  2⤵
  PID:5460
- C:\Windows\System\ABzsKsR.exe
  C:\Windows\System\ABzsKsR.exe
  2⤵
  PID:5484
- C:\Windows\System\JHqMALH.exe
  C:\Windows\System\JHqMALH.exe
  2⤵
  PID:5504
- C:\Windows\System\CZSgqpY.exe
  C:\Windows\System\CZSgqpY.exe
  2⤵
  PID:5524
- C:\Windows\System\kgGaSsE.exe
  C:\Windows\System\kgGaSsE.exe
  2⤵
  PID:5544
- C:\Windows\System\iuYcJjF.exe
  C:\Windows\System\iuYcJjF.exe
  2⤵
  PID:5564
- C:\Windows\System\OPnBlGF.exe
  C:\Windows\System\OPnBlGF.exe
  2⤵
  PID:5584
- C:\Windows\System\oNpReUg.exe
  C:\Windows\System\oNpReUg.exe
  2⤵
  PID:5604
- C:\Windows\System\uotsulI.exe
  C:\Windows\System\uotsulI.exe
  2⤵
  PID:5624
- C:\Windows\System\ddHokPA.exe
  C:\Windows\System\ddHokPA.exe
  2⤵
  PID:5644
- C:\Windows\System\eaHnIKL.exe
  C:\Windows\System\eaHnIKL.exe
  2⤵
  PID:5664
- C:\Windows\System\jomaDvZ.exe
  C:\Windows\System\jomaDvZ.exe
  2⤵
  PID:5684
- C:\Windows\System\xntNKzl.exe
  C:\Windows\System\xntNKzl.exe
  2⤵
  PID:5704
- C:\Windows\System\PulpCvS.exe
  C:\Windows\System\PulpCvS.exe
  2⤵
  PID:5724
- C:\Windows\System\gGtQmLU.exe
  C:\Windows\System\gGtQmLU.exe
  2⤵
  PID:5744
- C:\Windows\System\LJObGns.exe
  C:\Windows\System\LJObGns.exe
  2⤵
  PID:5764
- C:\Windows\System\rTdfEIS.exe
  C:\Windows\System\rTdfEIS.exe
  2⤵
  PID:5784
- C:\Windows\System\UQNxcVd.exe
  C:\Windows\System\UQNxcVd.exe
  2⤵
  PID:5804
- C:\Windows\System\oOZnqJi.exe
  C:\Windows\System\oOZnqJi.exe
  2⤵
  PID:5824
- C:\Windows\System\LfhRsVw.exe
  C:\Windows\System\LfhRsVw.exe
  2⤵
  PID:5844
- C:\Windows\System\luORdzH.exe
  C:\Windows\System\luORdzH.exe
  2⤵
  PID:5864
- C:\Windows\System\HszhSjm.exe
  C:\Windows\System\HszhSjm.exe
  2⤵
  PID:5884
- C:\Windows\System\HcTmOqf.exe
  C:\Windows\System\HcTmOqf.exe
  2⤵
  PID:5904
- C:\Windows\System\kXxNHoV.exe
  C:\Windows\System\kXxNHoV.exe
  2⤵
  PID:5924
- C:\Windows\System\QakQrjL.exe
  C:\Windows\System\QakQrjL.exe
  2⤵
  PID:5944
- C:\Windows\System\LBATaSh.exe
  C:\Windows\System\LBATaSh.exe
  2⤵
  PID:5964
- C:\Windows\System\cbJroGv.exe
  C:\Windows\System\cbJroGv.exe
  2⤵
  PID:5984
- C:\Windows\System\axdkFlB.exe
  C:\Windows\System\axdkFlB.exe
  2⤵
  PID:6004
- C:\Windows\System\olEEDeR.exe
  C:\Windows\System\olEEDeR.exe
  2⤵
  PID:6020
- C:\Windows\System\UoimOPX.exe
  C:\Windows\System\UoimOPX.exe
  2⤵
  PID:6044
- C:\Windows\System\AebYSwi.exe
  C:\Windows\System\AebYSwi.exe
  2⤵
  PID:6060
- C:\Windows\System\bIRTwTd.exe
  C:\Windows\System\bIRTwTd.exe
  2⤵
  PID:6084
- C:\Windows\System\nHqMxkt.exe
  C:\Windows\System\nHqMxkt.exe
  2⤵
  PID:6104
- C:\Windows\System\lCBUoRO.exe
  C:\Windows\System\lCBUoRO.exe
  2⤵
  PID:6124
- C:\Windows\System\QUNLGDP.exe
  C:\Windows\System\QUNLGDP.exe
  2⤵
  PID:1264
- C:\Windows\System\dMexxlC.exe
  C:\Windows\System\dMexxlC.exe
  2⤵
  PID:5080
- C:\Windows\System\GBxuBdq.exe
  C:\Windows\System\GBxuBdq.exe
  2⤵
  PID:5124
- C:\Windows\System\ijJTZqe.exe
  C:\Windows\System\ijJTZqe.exe
  2⤵
  PID:4440
- C:\Windows\System\EDjkHNb.exe
  C:\Windows\System\EDjkHNb.exe
  2⤵
  PID:4216
- C:\Windows\System\oezHOKJ.exe
  C:\Windows\System\oezHOKJ.exe
  2⤵
  PID:2428
- C:\Windows\System\LdyXSBp.exe
  C:\Windows\System\LdyXSBp.exe
  2⤵
  PID:4432
- C:\Windows\System\OdDqgzF.exe
  C:\Windows\System\OdDqgzF.exe
  2⤵
  PID:4376
- C:\Windows\System\PFKJNEL.exe
  C:\Windows\System\PFKJNEL.exe
  2⤵
  PID:5156
- C:\Windows\System\slrjXJT.exe
  C:\Windows\System\slrjXJT.exe
  2⤵
  PID:4684
- C:\Windows\System\tcHNNfN.exe
  C:\Windows\System\tcHNNfN.exe
  2⤵
  PID:4896
- C:\Windows\System\OppYEVJ.exe
  C:\Windows\System\OppYEVJ.exe
  2⤵
  PID:4928
- C:\Windows\System\vxakxTM.exe
  C:\Windows\System\vxakxTM.exe
  2⤵
  PID:5260
- C:\Windows\System\wEHzQGn.exe
  C:\Windows\System\wEHzQGn.exe
  2⤵
  PID:4752
- C:\Windows\System\JBIzlQh.exe
  C:\Windows\System\JBIzlQh.exe
  2⤵
  PID:5088
- C:\Windows\System\NPYCWrf.exe
  C:\Windows\System\NPYCWrf.exe
  2⤵
  PID:5296
- C:\Windows\System\OBePGpe.exe
  C:\Windows\System\OBePGpe.exe
  2⤵
  PID:5356
- C:\Windows\System\DijVPbk.exe
  C:\Windows\System\DijVPbk.exe
  2⤵
  PID:3996
- C:\Windows\System\vTgAEel.exe
  C:\Windows\System\vTgAEel.exe
  2⤵
  PID:4120
- C:\Windows\System\ZKHyqom.exe
  C:\Windows\System\ZKHyqom.exe
  2⤵
  PID:5028
- C:\Windows\System\hhMqPdi.exe
  C:\Windows\System\hhMqPdi.exe
  2⤵
  PID:5184
- C:\Windows\System\rVwbIZV.exe
  C:\Windows\System\rVwbIZV.exe
  2⤵
  PID:5232
- C:\Windows\System\NbSUjLa.exe
  C:\Windows\System\NbSUjLa.exe
  2⤵
  PID:5316
- C:\Windows\System\zFNnYUp.exe
  C:\Windows\System\zFNnYUp.exe
  2⤵
  PID:3768
- C:\Windows\System\qnBJOjE.exe
  C:\Windows\System\qnBJOjE.exe
  2⤵
  PID:5108
- C:\Windows\System\RhsQudb.exe
  C:\Windows\System\RhsQudb.exe
  2⤵
  PID:2704
- C:\Windows\System\YcOCOqu.exe
  C:\Windows\System\YcOCOqu.exe
  2⤵
  PID:5388
- C:\Windows\System\Mescwym.exe
  C:\Windows\System\Mescwym.exe
  2⤵
  PID:5404
- C:\Windows\System\icQDvVT.exe
  C:\Windows\System\icQDvVT.exe
  2⤵
  PID:5432
- C:\Windows\System\xNTIvWX.exe
  C:\Windows\System\xNTIvWX.exe
  2⤵
  PID:5420
- C:\Windows\System\frxmcbg.exe
  C:\Windows\System\frxmcbg.exe
  2⤵
  PID:5492
- C:\Windows\System\cEcwSFW.exe
  C:\Windows\System\cEcwSFW.exe
  2⤵
  PID:5496
- C:\Windows\System\JfMJEea.exe
  C:\Windows\System\JfMJEea.exe
  2⤵
  PID:5560
- C:\Windows\System\MmZgxLc.exe
  C:\Windows\System\MmZgxLc.exe
  2⤵
  PID:5576
- C:\Windows\System\xAPpgfZ.exe
  C:\Windows\System\xAPpgfZ.exe
  2⤵
  PID:5612
- C:\Windows\System\ORlBHzf.exe
  C:\Windows\System\ORlBHzf.exe
  2⤵
  PID:5672
- C:\Windows\System\UwrlGSj.exe
  C:\Windows\System\UwrlGSj.exe
  2⤵
  PID:5656
- C:\Windows\System\vcWEwAf.exe
  C:\Windows\System\vcWEwAf.exe
  2⤵
  PID:5696
- C:\Windows\System\skihaWa.exe
  C:\Windows\System\skihaWa.exe
  2⤵
  PID:5740
- C:\Windows\System\uxvFlDZ.exe
  C:\Windows\System\uxvFlDZ.exe
  2⤵
  PID:5780
- C:\Windows\System\gWEdyQH.exe
  C:\Windows\System\gWEdyQH.exe
  2⤵
  PID:5820
- C:\Windows\System\MWomJCd.exe
  C:\Windows\System\MWomJCd.exe
  2⤵
  PID:5872
- C:\Windows\System\mjyCIhI.exe
  C:\Windows\System\mjyCIhI.exe
  2⤵
  PID:5856
- C:\Windows\System\FzebJip.exe
  C:\Windows\System\FzebJip.exe
  2⤵
  PID:5896
- C:\Windows\System\vdnZgMl.exe
  C:\Windows\System\vdnZgMl.exe
  2⤵
  PID:2772
- C:\Windows\System\DThdnwa.exe
  C:\Windows\System\DThdnwa.exe
  2⤵
  PID:5972
- C:\Windows\System\rcnEWwP.exe
  C:\Windows\System\rcnEWwP.exe
  2⤵
  PID:5996
- C:\Windows\System\mXAdRGF.exe
  C:\Windows\System\mXAdRGF.exe
  2⤵
  PID:6032
- C:\Windows\System\YceYxTT.exe
  C:\Windows\System\YceYxTT.exe
  2⤵
  PID:6080
- C:\Windows\System\ntMLZaf.exe
  C:\Windows\System\ntMLZaf.exe
  2⤵
  PID:6120
- C:\Windows\System\IQTsYFP.exe
  C:\Windows\System\IQTsYFP.exe
  2⤵
  PID:2760
- C:\Windows\System\kbKbHyF.exe
  C:\Windows\System\kbKbHyF.exe
  2⤵
  PID:4640
- C:\Windows\System\etXjSgj.exe
  C:\Windows\System\etXjSgj.exe
  2⤵
  PID:4508
- C:\Windows\System\TqHFCEk.exe
  C:\Windows\System\TqHFCEk.exe
  2⤵
  PID:4696
- C:\Windows\System\EOQqcEz.exe
  C:\Windows\System\EOQqcEz.exe
  2⤵
  PID:4588
- C:\Windows\System\QuWuhPC.exe
  C:\Windows\System\QuWuhPC.exe
  2⤵
  PID:5168
- C:\Windows\System\aDNDQoU.exe
  C:\Windows\System\aDNDQoU.exe
  2⤵
  PID:5220
- C:\Windows\System\hviavJb.exe
  C:\Windows\System\hviavJb.exe
  2⤵
  PID:5216
- C:\Windows\System\IRvmSMT.exe
  C:\Windows\System\IRvmSMT.exe
  2⤵
  PID:4724
- C:\Windows\System\rJvNQKd.exe
  C:\Windows\System\rJvNQKd.exe
  2⤵
  PID:5092
- C:\Windows\System\EIfxuRn.exe
  C:\Windows\System\EIfxuRn.exe
  2⤵
  PID:5300
- C:\Windows\System\wszVafi.exe
  C:\Windows\System\wszVafi.exe
  2⤵
  PID:4988
- C:\Windows\System\KZdPYVs.exe
  C:\Windows\System\KZdPYVs.exe
  2⤵
  PID:4412
- C:\Windows\System\MajoZYI.exe
  C:\Windows\System\MajoZYI.exe
  2⤵
  PID:5192
- C:\Windows\System\bZrsKEg.exe
  C:\Windows\System\bZrsKEg.exe
  2⤵
  PID:5280
- C:\Windows\System\CBNrIUO.exe
  C:\Windows\System\CBNrIUO.exe
  2⤵
  PID:3660
- C:\Windows\System\RJQPqTJ.exe
  C:\Windows\System\RJQPqTJ.exe
  2⤵
  PID:5396
- C:\Windows\System\SyqrXWQ.exe
  C:\Windows\System\SyqrXWQ.exe
  2⤵
  PID:5400
- C:\Windows\System\SyVNVxP.exe
  C:\Windows\System\SyVNVxP.exe
  2⤵
  PID:5424
- C:\Windows\System\evgmQEd.exe
  C:\Windows\System\evgmQEd.exe
  2⤵
  PID:5480
- C:\Windows\System\JXYVxyx.exe
  C:\Windows\System\JXYVxyx.exe
  2⤵
  PID:5540
- C:\Windows\System\sVNpbbl.exe
  C:\Windows\System\sVNpbbl.exe
  2⤵
  PID:5580
- C:\Windows\System\vcGBtmq.exe
  C:\Windows\System\vcGBtmq.exe
  2⤵
  PID:5636
- C:\Windows\System\SBisDLN.exe
  C:\Windows\System\SBisDLN.exe
  2⤵
  PID:5676
- C:\Windows\System\hiJmDbZ.exe
  C:\Windows\System\hiJmDbZ.exe
  2⤵
  PID:2468
- C:\Windows\System\cczeIvL.exe
  C:\Windows\System\cczeIvL.exe
  2⤵
  PID:5796
- C:\Windows\System\BlnUHyU.exe
  C:\Windows\System\BlnUHyU.exe
  2⤵
  PID:5816
- C:\Windows\System\lVIPAiw.exe
  C:\Windows\System\lVIPAiw.exe
  2⤵
  PID:2004
- C:\Windows\System\YOlaHBG.exe
  C:\Windows\System\YOlaHBG.exe
  2⤵
  PID:5956
- C:\Windows\System\zADnQWQ.exe
  C:\Windows\System\zADnQWQ.exe
  2⤵
  PID:6000
- C:\Windows\System\ivrLqdE.exe
  C:\Windows\System\ivrLqdE.exe
  2⤵
  PID:5980
- C:\Windows\System\RAlbTVk.exe
  C:\Windows\System\RAlbTVk.exe
  2⤵
  PID:6072
- C:\Windows\System\zBndaYs.exe
  C:\Windows\System\zBndaYs.exe
  2⤵
  PID:6136
- C:\Windows\System\JQlDjYi.exe
  C:\Windows\System\JQlDjYi.exe
  2⤵
  PID:4104
- C:\Windows\System\wIlZheJ.exe
  C:\Windows\System\wIlZheJ.exe
  2⤵
  PID:4704
- C:\Windows\System\EaWPgTp.exe
  C:\Windows\System\EaWPgTp.exe
  2⤵
  PID:4388
- C:\Windows\System\BqTXtsY.exe
  C:\Windows\System\BqTXtsY.exe
  2⤵
  PID:5128
- C:\Windows\System\xIRAZhF.exe
  C:\Windows\System\xIRAZhF.exe
  2⤵
  PID:5040
- C:\Windows\System\JbyvwuE.exe
  C:\Windows\System\JbyvwuE.exe
  2⤵
  PID:5352
- C:\Windows\System\QJzDSsb.exe
  C:\Windows\System\QJzDSsb.exe
  2⤵
  PID:4816
- C:\Windows\System\vSZblbB.exe
  C:\Windows\System\vSZblbB.exe
  2⤵
  PID:5196
- C:\Windows\System\ohCsgoG.exe
  C:\Windows\System\ohCsgoG.exe
  2⤵
  PID:5276
- C:\Windows\System\RLAvjPM.exe
  C:\Windows\System\RLAvjPM.exe
  2⤵
  PID:5144
- C:\Windows\System\QhrIcCz.exe
  C:\Windows\System\QhrIcCz.exe
  2⤵
  PID:5520
- C:\Windows\System\YdykneQ.exe
  C:\Windows\System\YdykneQ.exe
  2⤵
  PID:5448
- C:\Windows\System\ayCAbfF.exe
  C:\Windows\System\ayCAbfF.exe
  2⤵
  PID:5592
- C:\Windows\System\TNiqVak.exe
  C:\Windows\System\TNiqVak.exe
  2⤵
  PID:5700
- C:\Windows\System\zqiaQMA.exe
  C:\Windows\System\zqiaQMA.exe
  2⤵
  PID:5800
- C:\Windows\System\dnsAEyE.exe
  C:\Windows\System\dnsAEyE.exe
  2⤵
  PID:5860
- C:\Windows\System\wVAFEMR.exe
  C:\Windows\System\wVAFEMR.exe
  2⤵
  PID:5920
- C:\Windows\System\HaGjiWC.exe
  C:\Windows\System\HaGjiWC.exe
  2⤵
  PID:5892
- C:\Windows\System\hSbPDBA.exe
  C:\Windows\System\hSbPDBA.exe
  2⤵
  PID:6052
- C:\Windows\System\vZEYOdc.exe
  C:\Windows\System\vZEYOdc.exe
  2⤵
  PID:6056
- C:\Windows\System\mQwpTHo.exe
  C:\Windows\System\mQwpTHo.exe
  2⤵
  PID:6132
- C:\Windows\System\ykiPsyK.exe
  C:\Windows\System\ykiPsyK.exe
  2⤵
  PID:4196
- C:\Windows\System\yNsMyjY.exe
  C:\Windows\System\yNsMyjY.exe
  2⤵
  PID:4900
- C:\Windows\System\prMKnYB.exe
  C:\Windows\System\prMKnYB.exe
  2⤵
  PID:4936
- C:\Windows\System\QsOqqzN.exe
  C:\Windows\System\QsOqqzN.exe
  2⤵
  PID:2324
- C:\Windows\System\khnkhop.exe
  C:\Windows\System\khnkhop.exe
  2⤵
  PID:5332
- C:\Windows\System\WHbWSNm.exe
  C:\Windows\System\WHbWSNm.exe
  2⤵
  PID:1132
- C:\Windows\System\VtLeEjL.exe
  C:\Windows\System\VtLeEjL.exe
  2⤵
  PID:2676
- C:\Windows\System\zVTqkkY.exe
  C:\Windows\System\zVTqkkY.exe
  2⤵
  PID:5456
- C:\Windows\System\fcCgFky.exe
  C:\Windows\System\fcCgFky.exe
  2⤵
  PID:5760
- C:\Windows\System\BLujkwe.exe
  C:\Windows\System\BLujkwe.exe
  2⤵
  PID:5840
- C:\Windows\System\qxJrQLg.exe
  C:\Windows\System\qxJrQLg.exe
  2⤵
  PID:2016
- C:\Windows\System\eyQjDPw.exe
  C:\Windows\System\eyQjDPw.exe
  2⤵
  PID:5940
- C:\Windows\System\XfaKyAQ.exe
  C:\Windows\System\XfaKyAQ.exe
  2⤵
  PID:5976
- C:\Windows\System\MEdNahJ.exe
  C:\Windows\System\MEdNahJ.exe
  2⤵
  PID:5256
- C:\Windows\System\cnCLvtn.exe
  C:\Windows\System\cnCLvtn.exe
  2⤵
  PID:5048
- C:\Windows\System\XxUkJcS.exe
  C:\Windows\System\XxUkJcS.exe
  2⤵
  PID:2752
- C:\Windows\System\fmYnpnT.exe
  C:\Windows\System\fmYnpnT.exe
  2⤵
  PID:4336
- C:\Windows\System\MGJFACZ.exe
  C:\Windows\System\MGJFACZ.exe
  2⤵
  PID:5408
- C:\Windows\System\CAOnGTI.exe
  C:\Windows\System\CAOnGTI.exe
  2⤵
  PID:5812
- C:\Windows\System\rOduRcC.exe
  C:\Windows\System\rOduRcC.exe
  2⤵
  PID:5772
- C:\Windows\System\JUykCAp.exe
  C:\Windows\System\JUykCAp.exe
  2⤵
  PID:6040
- C:\Windows\System\ZXWahHZ.exe
  C:\Windows\System\ZXWahHZ.exe
  2⤵
  PID:6160
- C:\Windows\System\uYuYGeo.exe
  C:\Windows\System\uYuYGeo.exe
  2⤵
  PID:6180
- C:\Windows\System\WtijKAp.exe
  C:\Windows\System\WtijKAp.exe
  2⤵
  PID:6200
- C:\Windows\System\RcRlPaW.exe
  C:\Windows\System\RcRlPaW.exe
  2⤵
  PID:6220
- C:\Windows\System\nKRMajy.exe
  C:\Windows\System\nKRMajy.exe
  2⤵
  PID:6240
- C:\Windows\System\TSTUVvQ.exe
  C:\Windows\System\TSTUVvQ.exe
  2⤵
  PID:6260
- C:\Windows\System\mfcuwFO.exe
  C:\Windows\System\mfcuwFO.exe
  2⤵
  PID:6280
- C:\Windows\System\qrNvnws.exe
  C:\Windows\System\qrNvnws.exe
  2⤵
  PID:6300
- C:\Windows\System\MHJRYDw.exe
  C:\Windows\System\MHJRYDw.exe
  2⤵
  PID:6320
- C:\Windows\System\lmzoaIR.exe
  C:\Windows\System\lmzoaIR.exe
  2⤵
  PID:6340
- C:\Windows\System\qubTIfr.exe
  C:\Windows\System\qubTIfr.exe
  2⤵
  PID:6360
- C:\Windows\System\KeJEfME.exe
  C:\Windows\System\KeJEfME.exe
  2⤵
  PID:6380
- C:\Windows\System\lqTPWYf.exe
  C:\Windows\System\lqTPWYf.exe
  2⤵
  PID:6400
- C:\Windows\System\wDLyOEr.exe
  C:\Windows\System\wDLyOEr.exe
  2⤵
  PID:6420
- C:\Windows\System\TsHCLEI.exe
  C:\Windows\System\TsHCLEI.exe
  2⤵
  PID:6440
- C:\Windows\System\UCmlDjl.exe
  C:\Windows\System\UCmlDjl.exe
  2⤵
  PID:6460
- C:\Windows\System\OVMCaYQ.exe
  C:\Windows\System\OVMCaYQ.exe
  2⤵
  PID:6480
- C:\Windows\System\cUsTQFP.exe
  C:\Windows\System\cUsTQFP.exe
  2⤵
  PID:6500
- C:\Windows\System\jqmTPCg.exe
  C:\Windows\System\jqmTPCg.exe
  2⤵
  PID:6520
- C:\Windows\System\xFkfDVY.exe
  C:\Windows\System\xFkfDVY.exe
  2⤵
  PID:6540
- C:\Windows\System\VuWVqZf.exe
  C:\Windows\System\VuWVqZf.exe
  2⤵
  PID:6560
- C:\Windows\System\nFbeUaU.exe
  C:\Windows\System\nFbeUaU.exe
  2⤵
  PID:6580
- C:\Windows\System\xUyRyvV.exe
  C:\Windows\System\xUyRyvV.exe
  2⤵
  PID:6600
- C:\Windows\System\lRxAaZn.exe
  C:\Windows\System\lRxAaZn.exe
  2⤵
  PID:6620
- C:\Windows\System\hJcndiH.exe
  C:\Windows\System\hJcndiH.exe
  2⤵
  PID:6640
- C:\Windows\System\SdOgmDG.exe
  C:\Windows\System\SdOgmDG.exe
  2⤵
  PID:6660
- C:\Windows\System\mTyIAeA.exe
  C:\Windows\System\mTyIAeA.exe
  2⤵
  PID:6680
- C:\Windows\System\wFssEpS.exe
  C:\Windows\System\wFssEpS.exe
  2⤵
  PID:6700
- C:\Windows\System\gCbTVVD.exe
  C:\Windows\System\gCbTVVD.exe
  2⤵
  PID:6720
- C:\Windows\System\JzwVGUT.exe
  C:\Windows\System\JzwVGUT.exe
  2⤵
  PID:6740
- C:\Windows\System\YpueDid.exe
  C:\Windows\System\YpueDid.exe
  2⤵
  PID:6760
- C:\Windows\System\oTZpywm.exe
  C:\Windows\System\oTZpywm.exe
  2⤵
  PID:6780
- C:\Windows\System\Pvgrlih.exe
  C:\Windows\System\Pvgrlih.exe
  2⤵
  PID:6800
- C:\Windows\System\HkCXYMU.exe
  C:\Windows\System\HkCXYMU.exe
  2⤵
  PID:6820
- C:\Windows\System\MnlXOhj.exe
  C:\Windows\System\MnlXOhj.exe
  2⤵
  PID:6840
- C:\Windows\System\FOojXiT.exe
  C:\Windows\System\FOojXiT.exe
  2⤵
  PID:6860
- C:\Windows\System\XUGRSgA.exe
  C:\Windows\System\XUGRSgA.exe
  2⤵
  PID:6884
- C:\Windows\System\IIhaJmt.exe
  C:\Windows\System\IIhaJmt.exe
  2⤵
  PID:6900
- C:\Windows\System\vWCCNhz.exe
  C:\Windows\System\vWCCNhz.exe
  2⤵
  PID:6924
- C:\Windows\System\TssCBww.exe
  C:\Windows\System\TssCBww.exe
  2⤵
  PID:6940
- C:\Windows\System\nzARXuI.exe
  C:\Windows\System\nzARXuI.exe
  2⤵
  PID:6960
- C:\Windows\System\YaFtdHm.exe
  C:\Windows\System\YaFtdHm.exe
  2⤵
  PID:6980
- C:\Windows\System\MNwdCIl.exe
  C:\Windows\System\MNwdCIl.exe
  2⤵
  PID:7004
- C:\Windows\System\WhoVwYr.exe
  C:\Windows\System\WhoVwYr.exe
  2⤵
  PID:7020
- C:\Windows\System\SkegjHE.exe
  C:\Windows\System\SkegjHE.exe
  2⤵
  PID:7040
- C:\Windows\System\IZemODY.exe
  C:\Windows\System\IZemODY.exe
  2⤵
  PID:7064
- C:\Windows\System\XWTXHHU.exe
  C:\Windows\System\XWTXHHU.exe
  2⤵
  PID:7084
- C:\Windows\System\SWtsBHe.exe
  C:\Windows\System\SWtsBHe.exe
  2⤵
  PID:7108
- C:\Windows\System\diqkmnx.exe
  C:\Windows\System\diqkmnx.exe
  2⤵
  PID:7128
- C:\Windows\System\knFigUY.exe
  C:\Windows\System\knFigUY.exe
  2⤵
  PID:7144
- C:\Windows\System\wJaqISN.exe
  C:\Windows\System\wJaqISN.exe
  2⤵
  PID:3220
- C:\Windows\System\SenQbHj.exe
  C:\Windows\System\SenQbHj.exe
  2⤵
  PID:4532
- C:\Windows\System\HNaNvOZ.exe
  C:\Windows\System\HNaNvOZ.exe
  2⤵
  PID:5500
- C:\Windows\System\aNytRaw.exe
  C:\Windows\System\aNytRaw.exe
  2⤵
  PID:5756
- C:\Windows\System\qSYZeXQ.exe
  C:\Windows\System\qSYZeXQ.exe
  2⤵
  PID:4268
- C:\Windows\System\UmarZiM.exe
  C:\Windows\System\UmarZiM.exe
  2⤵
  PID:2544
- C:\Windows\System\UNnkHXs.exe
  C:\Windows\System\UNnkHXs.exe
  2⤵
  PID:6188
- C:\Windows\System\GIaNerD.exe
  C:\Windows\System\GIaNerD.exe
  2⤵
  PID:6228
- C:\Windows\System\WCDeSzX.exe
  C:\Windows\System\WCDeSzX.exe
  2⤵
  PID:6268
- C:\Windows\System\okofYfB.exe
  C:\Windows\System\okofYfB.exe
  2⤵
  PID:6288
- C:\Windows\System\FRzWsvL.exe
  C:\Windows\System\FRzWsvL.exe
  2⤵
  PID:6292
- C:\Windows\System\wSNgrGG.exe
  C:\Windows\System\wSNgrGG.exe
  2⤵
  PID:6336
- C:\Windows\System\EACwBFU.exe
  C:\Windows\System\EACwBFU.exe
  2⤵
  PID:6392
- C:\Windows\System\LcalFDj.exe
  C:\Windows\System\LcalFDj.exe
  2⤵
  PID:6408
- C:\Windows\System\hlNPNsm.exe
  C:\Windows\System\hlNPNsm.exe
  2⤵
  PID:6468
- C:\Windows\System\bjIqYwc.exe
  C:\Windows\System\bjIqYwc.exe
  2⤵
  PID:6488
- C:\Windows\System\XXwGmcH.exe
  C:\Windows\System\XXwGmcH.exe
  2⤵
  PID:2236
- C:\Windows\System\niDqutf.exe
  C:\Windows\System\niDqutf.exe
  2⤵
  PID:2188
- C:\Windows\System\CIouUkG.exe
  C:\Windows\System\CIouUkG.exe
  2⤵
  PID:6568
- C:\Windows\System\DXXokbI.exe
  C:\Windows\System\DXXokbI.exe
  2⤵
  PID:6576
- C:\Windows\System\QkpOEfw.exe
  C:\Windows\System\QkpOEfw.exe
  2⤵
  PID:6628
- C:\Windows\System\iDLzHJA.exe
  C:\Windows\System\iDLzHJA.exe
  2⤵
  PID:6676
- C:\Windows\System\iZWXcfI.exe
  C:\Windows\System\iZWXcfI.exe
  2⤵
  PID:6716
- C:\Windows\System\eehWGyZ.exe
  C:\Windows\System\eehWGyZ.exe
  2⤵
  PID:6748
- C:\Windows\System\mTqxphT.exe
  C:\Windows\System\mTqxphT.exe
  2⤵
  PID:6796
- C:\Windows\System\gShURzj.exe
  C:\Windows\System\gShURzj.exe
  2⤵
  PID:6732
- C:\Windows\System\BnmvwvR.exe
  C:\Windows\System\BnmvwvR.exe
  2⤵
  PID:6836
- C:\Windows\System\KiKyvVc.exe
  C:\Windows\System\KiKyvVc.exe
  2⤵
  PID:6920
- C:\Windows\System\UcSglzW.exe
  C:\Windows\System\UcSglzW.exe
  2⤵
  PID:5652
- C:\Windows\System\tLXcTHu.exe
  C:\Windows\System\tLXcTHu.exe
  2⤵
  PID:6892
- C:\Windows\System\KvJdMmd.exe
  C:\Windows\System\KvJdMmd.exe
  2⤵
  PID:7000
- C:\Windows\System\VfFaEIw.exe
  C:\Windows\System\VfFaEIw.exe
  2⤵
  PID:6968
- C:\Windows\System\bkNirnW.exe
  C:\Windows\System\bkNirnW.exe
  2⤵
  PID:7080
- C:\Windows\System\PQxiVWr.exe
  C:\Windows\System\PQxiVWr.exe
  2⤵
  PID:7048
- C:\Windows\System\OZFaEAi.exe
  C:\Windows\System\OZFaEAi.exe
  2⤵
  PID:7092
- C:\Windows\System\lwOOQOH.exe
  C:\Windows\System\lwOOQOH.exe
  2⤵
  PID:7100
- C:\Windows\System\XwuxdQs.exe
  C:\Windows\System\XwuxdQs.exe
  2⤵
  PID:608
- C:\Windows\System\Lerymru.exe
  C:\Windows\System\Lerymru.exe
  2⤵
  PID:2808
- C:\Windows\System\tTauHCT.exe
  C:\Windows\System\tTauHCT.exe
  2⤵
  PID:5552
- C:\Windows\System\sNzHutM.exe
  C:\Windows\System\sNzHutM.exe
  2⤵
  PID:6172
- C:\Windows\System\mcmcLlY.exe
  C:\Windows\System\mcmcLlY.exe
  2⤵
  PID:6192
- C:\Windows\System\eCtaNtG.exe
  C:\Windows\System\eCtaNtG.exe
  2⤵
  PID:6232
- C:\Windows\System\GwqFjxv.exe
  C:\Windows\System\GwqFjxv.exe
  2⤵
  PID:6252
- C:\Windows\System\uCbeXxy.exe
  C:\Windows\System\uCbeXxy.exe
  2⤵
  PID:6312
- C:\Windows\System\GNElUOF.exe
  C:\Windows\System\GNElUOF.exe
  2⤵
  PID:6396
- C:\Windows\System\djNgRUA.exe
  C:\Windows\System\djNgRUA.exe
  2⤵
  PID:6412
- C:\Windows\System\kMNmUDN.exe
  C:\Windows\System\kMNmUDN.exe
  2⤵
  PID:6432
- C:\Windows\System\rIwxZQM.exe
  C:\Windows\System\rIwxZQM.exe
  2⤵
  PID:6472
- C:\Windows\System\VKXlFze.exe
  C:\Windows\System\VKXlFze.exe
  2⤵
  PID:6496
- C:\Windows\System\SZmwmPN.exe
  C:\Windows\System\SZmwmPN.exe
  2⤵
  PID:6556
- C:\Windows\System\MifmLWI.exe
  C:\Windows\System\MifmLWI.exe
  2⤵
  PID:2888
- C:\Windows\System\HXvkPeA.exe
  C:\Windows\System\HXvkPeA.exe
  2⤵
  PID:6648
- C:\Windows\System\HDRlYcK.exe
  C:\Windows\System\HDRlYcK.exe
  2⤵
  PID:2500
- C:\Windows\System\UcnbjUn.exe
  C:\Windows\System\UcnbjUn.exe
  2⤵
  PID:6832
- C:\Windows\System\YXZnQot.exe
  C:\Windows\System\YXZnQot.exe
  2⤵
  PID:6876
- C:\Windows\System\JAUveYR.exe
  C:\Windows\System\JAUveYR.exe
  2⤵
  PID:7104
- C:\Windows\System\SoJdKtQ.exe
  C:\Windows\System\SoJdKtQ.exe
  2⤵
  PID:6988
- C:\Windows\System\eVVGhAW.exe
  C:\Windows\System\eVVGhAW.exe
  2⤵
  PID:7012
- C:\Windows\System\qcSFTtl.exe
  C:\Windows\System\qcSFTtl.exe
  2⤵
  PID:6936
- C:\Windows\System\WShqPXZ.exe
  C:\Windows\System\WShqPXZ.exe
  2⤵
  PID:7076
- C:\Windows\System\sBfmmWQ.exe
  C:\Windows\System\sBfmmWQ.exe
  2⤵
  PID:7124
- C:\Windows\System\BDNmQMr.exe
  C:\Windows\System\BDNmQMr.exe
  2⤵
  PID:7156
- C:\Windows\System\eQlAjxZ.exe
  C:\Windows\System\eQlAjxZ.exe
  2⤵
  PID:6140
- C:\Windows\System\sWpgkwl.exe
  C:\Windows\System\sWpgkwl.exe
  2⤵
  PID:2464
- C:\Windows\System\bgmhxtc.exe
  C:\Windows\System\bgmhxtc.exe
  2⤵
  PID:7140
- C:\Windows\System\EjcLRmX.exe
  C:\Windows\System\EjcLRmX.exe
  2⤵
  PID:6368
- C:\Windows\System\igokByl.exe
  C:\Windows\System\igokByl.exe
  2⤵
  PID:6356
- C:\Windows\System\vLLQkxa.exe
  C:\Windows\System\vLLQkxa.exe
  2⤵
  PID:2160
- C:\Windows\System\qWakYGH.exe
  C:\Windows\System\qWakYGH.exe
  2⤵
  PID:6456
- C:\Windows\System\utBFeUh.exe
  C:\Windows\System\utBFeUh.exe
  2⤵
  PID:6608
- C:\Windows\System\Isxfill.exe
  C:\Windows\System\Isxfill.exe
  2⤵
  PID:6696
- C:\Windows\System\ZCMYflb.exe
  C:\Windows\System\ZCMYflb.exe
  2⤵
  PID:832
- C:\Windows\System\LvRUEFn.exe
  C:\Windows\System\LvRUEFn.exe
  2⤵
  PID:6880
- C:\Windows\System\rQMCbLY.exe
  C:\Windows\System\rQMCbLY.exe
  2⤵
  PID:7116
- C:\Windows\System\LJfxUCt.exe
  C:\Windows\System\LJfxUCt.exe
  2⤵
  PID:6872
- C:\Windows\System\YmwFJer.exe
  C:\Windows\System\YmwFJer.exe
  2⤵
  PID:6776
- C:\Windows\System\mDGMtEh.exe
  C:\Windows\System\mDGMtEh.exe
  2⤵
  PID:2620
- C:\Windows\System\CIFrqzB.exe
  C:\Windows\System\CIFrqzB.exe
  2⤵
  PID:2020
- C:\Windows\System\oJocfNV.exe
  C:\Windows\System\oJocfNV.exe
  2⤵
  PID:6388
- C:\Windows\System\hbtOseY.exe
  C:\Windows\System\hbtOseY.exe
  2⤵
  PID:5836
- C:\Windows\System\UvqkmdQ.exe
  C:\Windows\System\UvqkmdQ.exe
  2⤵
  PID:6152
- C:\Windows\System\fnVeecq.exe
  C:\Windows\System\fnVeecq.exe
  2⤵
  PID:6712
- C:\Windows\System\JGUNAgP.exe
  C:\Windows\System\JGUNAgP.exe
  2⤵
  PID:6208
- C:\Windows\System\jiGEdAu.exe
  C:\Windows\System\jiGEdAu.exe
  2⤵
  PID:2892
- C:\Windows\System\GRfbzzj.exe
  C:\Windows\System\GRfbzzj.exe
  2⤵
  PID:6952
- C:\Windows\System\QNjJvhh.exe
  C:\Windows\System\QNjJvhh.exe
  2⤵
  PID:5240
- C:\Windows\System\yNPhaTL.exe
  C:\Windows\System\yNPhaTL.exe
  2⤵
  PID:7180
- C:\Windows\System\wetBCaB.exe
  C:\Windows\System\wetBCaB.exe
  2⤵
  PID:7200
- C:\Windows\System\aOgLwOd.exe
  C:\Windows\System\aOgLwOd.exe
  2⤵
  PID:7224
- C:\Windows\System\RthLVCN.exe
  C:\Windows\System\RthLVCN.exe
  2⤵
  PID:7244
- C:\Windows\System\qBvRahX.exe
  C:\Windows\System\qBvRahX.exe
  2⤵
  PID:7260
- C:\Windows\System\cwcScbS.exe
  C:\Windows\System\cwcScbS.exe
  2⤵
  PID:7320
- C:\Windows\System\pFLgWJw.exe
  C:\Windows\System\pFLgWJw.exe
  2⤵
  PID:7336
- C:\Windows\System\OoOtpmW.exe
  C:\Windows\System\OoOtpmW.exe
  2⤵
  PID:7356
- C:\Windows\System\RIOwQYh.exe
  C:\Windows\System\RIOwQYh.exe
  2⤵
  PID:7372
- C:\Windows\System\MeMvrtB.exe
  C:\Windows\System\MeMvrtB.exe
  2⤵
  PID:7388
- C:\Windows\System\TUYKhIy.exe
  C:\Windows\System\TUYKhIy.exe
  2⤵
  PID:7408
- C:\Windows\System\Qrquwbr.exe
  C:\Windows\System\Qrquwbr.exe
  2⤵
  PID:7428
- C:\Windows\System\QIrMRJe.exe
  C:\Windows\System\QIrMRJe.exe
  2⤵
  PID:7448
- C:\Windows\System\nCWqtBU.exe
  C:\Windows\System\nCWqtBU.exe
  2⤵
  PID:7468
- C:\Windows\System\qFbvPIk.exe
  C:\Windows\System\qFbvPIk.exe
  2⤵
  PID:7484
- C:\Windows\System\qPalBYV.exe
  C:\Windows\System\qPalBYV.exe
  2⤵
  PID:7516
- C:\Windows\System\cTURWXd.exe
  C:\Windows\System\cTURWXd.exe
  2⤵
  PID:7540
- C:\Windows\System\ARaIxGa.exe
  C:\Windows\System\ARaIxGa.exe
  2⤵
  PID:7568
- C:\Windows\System\dLXLoYz.exe
  C:\Windows\System\dLXLoYz.exe
  2⤵
  PID:7588
- C:\Windows\System\vtPGvOh.exe
  C:\Windows\System\vtPGvOh.exe
  2⤵
  PID:7604
- C:\Windows\System\sqqRovr.exe
  C:\Windows\System\sqqRovr.exe
  2⤵
  PID:7620
- C:\Windows\System\TITyaPg.exe
  C:\Windows\System\TITyaPg.exe
  2⤵
  PID:7644
- C:\Windows\System\NKAyxsp.exe
  C:\Windows\System\NKAyxsp.exe
  2⤵
  PID:7660
- C:\Windows\System\bMrBeGq.exe
  C:\Windows\System\bMrBeGq.exe
  2⤵
  PID:7680
- C:\Windows\System\RAytUVb.exe
  C:\Windows\System\RAytUVb.exe
  2⤵
  PID:7700
- C:\Windows\System\bYgoFXg.exe
  C:\Windows\System\bYgoFXg.exe
  2⤵
  PID:7720
- C:\Windows\System\NUFfazY.exe
  C:\Windows\System\NUFfazY.exe
  2⤵
  PID:7740
- C:\Windows\System\iwcQuwJ.exe
  C:\Windows\System\iwcQuwJ.exe
  2⤵
  PID:7760
- C:\Windows\System\SQbkDLJ.exe
  C:\Windows\System\SQbkDLJ.exe
  2⤵
  PID:7776
- C:\Windows\System\wuQemLi.exe
  C:\Windows\System\wuQemLi.exe
  2⤵
  PID:7796
- C:\Windows\System\kxjNfZU.exe
  C:\Windows\System\kxjNfZU.exe
  2⤵
  PID:7812
- C:\Windows\System\yDsxwAK.exe
  C:\Windows\System\yDsxwAK.exe
  2⤵
  PID:7836
- C:\Windows\System\MZCNqvJ.exe
  C:\Windows\System\MZCNqvJ.exe
  2⤵
  PID:7852
- C:\Windows\System\YzVnXzH.exe
  C:\Windows\System\YzVnXzH.exe
  2⤵
  PID:7872
- C:\Windows\System\rLJZToJ.exe
  C:\Windows\System\rLJZToJ.exe
  2⤵
  PID:7888
- C:\Windows\System\tzPOIrS.exe
  C:\Windows\System\tzPOIrS.exe
  2⤵
  PID:7908
- C:\Windows\System\UAowNit.exe
  C:\Windows\System\UAowNit.exe
  2⤵
  PID:7928
- C:\Windows\System\PpbCxzh.exe
  C:\Windows\System\PpbCxzh.exe
  2⤵
  PID:7948
- C:\Windows\System\acJGVDg.exe
  C:\Windows\System\acJGVDg.exe
  2⤵
  PID:7972
- C:\Windows\System\JirxSMc.exe
  C:\Windows\System\JirxSMc.exe
  2⤵
  PID:7992
- C:\Windows\System\eAgVBwo.exe
  C:\Windows\System\eAgVBwo.exe
  2⤵
  PID:8008
- C:\Windows\System\JJHPmSy.exe
  C:\Windows\System\JJHPmSy.exe
  2⤵
  PID:8028
- C:\Windows\System\KVhALQt.exe
  C:\Windows\System\KVhALQt.exe
  2⤵
  PID:8048
- C:\Windows\System\VbuOVGM.exe
  C:\Windows\System\VbuOVGM.exe
  2⤵
  PID:8064
- C:\Windows\System\XcIheRk.exe
  C:\Windows\System\XcIheRk.exe
  2⤵
  PID:8080
- C:\Windows\System\iEVJziy.exe
  C:\Windows\System\iEVJziy.exe
  2⤵
  PID:8100
- C:\Windows\System\MfTcpvP.exe
  C:\Windows\System\MfTcpvP.exe
  2⤵
  PID:8116
- C:\Windows\System\ulyNXUR.exe
  C:\Windows\System\ulyNXUR.exe
  2⤵
  PID:8136
- C:\Windows\System\eyTWRUY.exe
  C:\Windows\System\eyTWRUY.exe
  2⤵
  PID:8156
- C:\Windows\System\tFVFQpM.exe
  C:\Windows\System\tFVFQpM.exe
  2⤵
  PID:8172
- C:\Windows\System\cCQlUYY.exe
  C:\Windows\System\cCQlUYY.exe
  2⤵
  PID:6912
- C:\Windows\System\aHUIzAR.exe
  C:\Windows\System\aHUIzAR.exe
  2⤵
  PID:6272
- C:\Windows\System\KCkhCov.exe
  C:\Windows\System\KCkhCov.exe
  2⤵
  PID:1652
- C:\Windows\System\kOLdZiO.exe
  C:\Windows\System\kOLdZiO.exe
  2⤵
  PID:6948
- C:\Windows\System\NvfizyD.exe
  C:\Windows\System\NvfizyD.exe
  2⤵
  PID:7208
- C:\Windows\System\TNOPXfr.exe
  C:\Windows\System\TNOPXfr.exe
  2⤵
  PID:7268
- C:\Windows\System\KUHYVzu.exe
  C:\Windows\System\KUHYVzu.exe
  2⤵
  PID:1728
- C:\Windows\System\xcMIHaY.exe
  C:\Windows\System\xcMIHaY.exe
  2⤵
  PID:6688
- C:\Windows\System\PyVyXTD.exe
  C:\Windows\System\PyVyXTD.exe
  2⤵
  PID:7192
- C:\Windows\System\rfnWngb.exe
  C:\Windows\System\rfnWngb.exe
  2⤵
  PID:7240
- C:\Windows\System\ChHnYuX.exe
  C:\Windows\System\ChHnYuX.exe
  2⤵
  PID:7292
- C:\Windows\System\ufmTXJT.exe
  C:\Windows\System\ufmTXJT.exe
  2⤵
  PID:7312
- C:\Windows\System\eUQOlCW.exe
  C:\Windows\System\eUQOlCW.exe
  2⤵
  PID:7328
- C:\Windows\System\nreIpAh.exe
  C:\Windows\System\nreIpAh.exe
  2⤵
  PID:7400
- C:\Windows\System\hZMTtQs.exe
  C:\Windows\System\hZMTtQs.exe
  2⤵
  PID:7476
- C:\Windows\System\MrPpQBa.exe
  C:\Windows\System\MrPpQBa.exe
  2⤵
  PID:7352
- C:\Windows\System\QXbEvFF.exe
  C:\Windows\System\QXbEvFF.exe
  2⤵
  PID:7424
- C:\Windows\System\VOtFSrV.exe
  C:\Windows\System\VOtFSrV.exe
  2⤵
  PID:7496
- C:\Windows\System\IwapCdm.exe
  C:\Windows\System\IwapCdm.exe
  2⤵
  PID:7532
- C:\Windows\System\EtetDKK.exe
  C:\Windows\System\EtetDKK.exe
  2⤵
  PID:7584
- C:\Windows\System\ImdJPVp.exe
  C:\Windows\System\ImdJPVp.exe
  2⤵
  PID:7656
- C:\Windows\System\NTQDfDI.exe
  C:\Windows\System\NTQDfDI.exe
  2⤵
  PID:7804
- C:\Windows\System\rnjKsbn.exe
  C:\Windows\System\rnjKsbn.exe
  2⤵
  PID:7884
- C:\Windows\System\zpqNFoC.exe
  C:\Windows\System\zpqNFoC.exe
  2⤵
  PID:7964
- C:\Windows\System\NjExfSp.exe
  C:\Windows\System\NjExfSp.exe
  2⤵
  PID:8184
- C:\Windows\System\hUjYEJJ.exe
  C:\Windows\System\hUjYEJJ.exe
  2⤵
  PID:2640
- C:\Windows\System\LsmnelF.exe
  C:\Windows\System\LsmnelF.exe
  2⤵
  PID:7284
- C:\Windows\System\DSRRXin.exe
  C:\Windows\System\DSRRXin.exe
  2⤵
  PID:7256
- C:\Windows\System\OyqDYLc.exe
  C:\Windows\System\OyqDYLc.exe
  2⤵
  PID:7552
- C:\Windows\System\iZcKAPb.exe
  C:\Windows\System\iZcKAPb.exe
  2⤵
  PID:7600
- C:\Windows\System\KCebGIR.exe
  C:\Windows\System\KCebGIR.exe
  2⤵
  PID:7500
- C:\Windows\System\MSQicVt.exe
  C:\Windows\System\MSQicVt.exe
  2⤵
  PID:6692
- C:\Windows\System\cygTKXP.exe
  C:\Windows\System\cygTKXP.exe
  2⤵
  PID:2132
- C:\Windows\System\vIxDCzl.exe
  C:\Windows\System\vIxDCzl.exe
  2⤵
  PID:8044
- C:\Windows\System\MZlaIwA.exe
  C:\Windows\System\MZlaIwA.exe
  2⤵
  PID:7300
- C:\Windows\System\CsKyeuw.exe
  C:\Windows\System\CsKyeuw.exe
  2⤵
  PID:7636
- C:\Windows\System\MseQSFV.exe
  C:\Windows\System\MseQSFV.exe
  2⤵
  PID:8088
- C:\Windows\System\iVnYDTE.exe
  C:\Windows\System\iVnYDTE.exe
  2⤵
  PID:7792
- C:\Windows\System\BWzjpwz.exe
  C:\Windows\System\BWzjpwz.exe
  2⤵
  PID:7832
- C:\Windows\System\ZReooUw.exe
  C:\Windows\System\ZReooUw.exe
  2⤵
  PID:7900
- C:\Windows\System\wgcdIuc.exe
  C:\Windows\System\wgcdIuc.exe
  2⤵
  PID:7940
- C:\Windows\System\qMGzUjv.exe
  C:\Windows\System\qMGzUjv.exe
  2⤵
  PID:7988
- C:\Windows\System\qDtYLjS.exe
  C:\Windows\System\qDtYLjS.exe
  2⤵
  PID:8092
- C:\Windows\System\xXqYWNR.exe
  C:\Windows\System\xXqYWNR.exe
  2⤵
  PID:8168
- C:\Windows\System\HInjNeP.exe
  C:\Windows\System\HInjNeP.exe
  2⤵
  PID:7152
- C:\Windows\System\CkcRAxU.exe
  C:\Windows\System\CkcRAxU.exe
  2⤵
  PID:7308
- C:\Windows\System\ymsXKKf.exe
  C:\Windows\System\ymsXKKf.exe
  2⤵
  PID:7344
- C:\Windows\System\kekEEyF.exe
  C:\Windows\System\kekEEyF.exe
  2⤵
  PID:7464
- C:\Windows\System\kbqgFGE.exe
  C:\Windows\System\kbqgFGE.exe
  2⤵
  PID:7692
- C:\Windows\System\XUBzbsh.exe
  C:\Windows\System\XUBzbsh.exe
  2⤵
  PID:7768
- C:\Windows\System\bppNzmd.exe
  C:\Windows\System\bppNzmd.exe
  2⤵
  PID:7440
- C:\Windows\System\DPBJRgu.exe
  C:\Windows\System\DPBJRgu.exe
  2⤵
  PID:6736
- C:\Windows\System\KktojvQ.exe
  C:\Windows\System\KktojvQ.exe
  2⤵
  PID:8040
- C:\Windows\System\GswOwuN.exe
  C:\Windows\System\GswOwuN.exe
  2⤵
  PID:7716
- C:\Windows\System\OLnZVzV.exe
  C:\Windows\System\OLnZVzV.exe
  2⤵
  PID:7304
- C:\Windows\System\DRMoMPf.exe
  C:\Windows\System\DRMoMPf.exe
  2⤵
  PID:7252
- C:\Windows\System\kVZrqQx.exe
  C:\Windows\System\kVZrqQx.exe
  2⤵
  PID:7848
- C:\Windows\System\RxjBpuE.exe
  C:\Windows\System\RxjBpuE.exe
  2⤵
  PID:8128
- C:\Windows\System\dUTPSWk.exe
  C:\Windows\System\dUTPSWk.exe
  2⤵
  PID:7348
- C:\Windows\System\MQjDUSQ.exe
  C:\Windows\System\MQjDUSQ.exe
  2⤵
  PID:7844
- C:\Windows\System\OpRjGbe.exe
  C:\Windows\System\OpRjGbe.exe
  2⤵
  PID:8148
- C:\Windows\System\XJpTrGy.exe
  C:\Windows\System\XJpTrGy.exe
  2⤵
  PID:1488
- C:\Windows\System\Muqwmfx.exe
  C:\Windows\System\Muqwmfx.exe
  2⤵
  PID:7492
- C:\Windows\System\awDYIcY.exe
  C:\Windows\System\awDYIcY.exe
  2⤵
  PID:7920
- C:\Windows\System\sHTGEQo.exe
  C:\Windows\System\sHTGEQo.exe
  2⤵
  PID:7640
- C:\Windows\System\jUUHtCd.exe
  C:\Windows\System\jUUHtCd.exe
  2⤵
  PID:7172
- C:\Windows\System\mncfIAl.exe
  C:\Windows\System\mncfIAl.exe
  2⤵
  PID:7864
- C:\Windows\System\zLDNxbz.exe
  C:\Windows\System\zLDNxbz.exe
  2⤵
  PID:8056
- C:\Windows\System\eTCBhyx.exe
  C:\Windows\System\eTCBhyx.exe
  2⤵
  PID:7676
- C:\Windows\System\YvFFUdJ.exe
  C:\Windows\System\YvFFUdJ.exe
  2⤵
  PID:7176
- C:\Windows\System\AhqghSu.exe
  C:\Windows\System\AhqghSu.exe
  2⤵
  PID:8020
- C:\Windows\System\ZldrOlU.exe
  C:\Windows\System\ZldrOlU.exe
  2⤵
  PID:2564
- C:\Windows\System\CYfUhFn.exe
  C:\Windows\System\CYfUhFn.exe
  2⤵
  PID:7828
- C:\Windows\System\CFFxRYS.exe
  C:\Windows\System\CFFxRYS.exe
  2⤵
  PID:7632
- C:\Windows\System\oAkervc.exe
  C:\Windows\System\oAkervc.exe
  2⤵
  PID:7236
- C:\Windows\System\QzOLBfV.exe
  C:\Windows\System\QzOLBfV.exe
  2⤵
  PID:7216
- C:\Windows\System\TevXyko.exe
  C:\Windows\System\TevXyko.exe
  2⤵
  PID:7564
- C:\Windows\System\HCmpLlC.exe
  C:\Windows\System\HCmpLlC.exe
  2⤵
  PID:7580
- C:\Windows\System\UDuwFCi.exe
  C:\Windows\System\UDuwFCi.exe
  2⤵
  PID:7696
- C:\Windows\System\gcLoueS.exe
  C:\Windows\System\gcLoueS.exe
  2⤵
  PID:7980
- C:\Windows\System\GDqVkQz.exe
  C:\Windows\System\GDqVkQz.exe
  2⤵
  PID:7736
- C:\Windows\System\xPNbEDL.exe
  C:\Windows\System\xPNbEDL.exe
  2⤵
  PID:7896
- C:\Windows\System\QMLqaMA.exe
  C:\Windows\System\QMLqaMA.exe
  2⤵
  PID:7188
- C:\Windows\System\wkhYvtV.exe
  C:\Windows\System\wkhYvtV.exe
  2⤵
  PID:7396
- C:\Windows\System\QhifGwo.exe
  C:\Windows\System\QhifGwo.exe
  2⤵
  PID:7652
- C:\Windows\System\tCTjQSl.exe
  C:\Windows\System\tCTjQSl.exe
  2⤵
  PID:6916
- C:\Windows\System\MdUUyjH.exe
  C:\Windows\System\MdUUyjH.exe
  2⤵
  PID:7880
- C:\Windows\System\UmFRzLz.exe
  C:\Windows\System\UmFRzLz.exe
  2⤵
  PID:8204
- C:\Windows\System\iAcXTwB.exe
  C:\Windows\System\iAcXTwB.exe
  2⤵
  PID:8232
- C:\Windows\System\xYtPlAS.exe
  C:\Windows\System\xYtPlAS.exe
  2⤵
  PID:8260
- C:\Windows\System\TdfRyvN.exe
  C:\Windows\System\TdfRyvN.exe
  2⤵
  PID:8280
- C:\Windows\System\bJNRCTM.exe
  C:\Windows\System\bJNRCTM.exe
  2⤵
  PID:8296
- C:\Windows\System\DUoMkgb.exe
  C:\Windows\System\DUoMkgb.exe
  2⤵
  PID:8312
- C:\Windows\System\DEIoFBC.exe
  C:\Windows\System\DEIoFBC.exe
  2⤵
  PID:8328
- C:\Windows\System\HAtdPJQ.exe
  C:\Windows\System\HAtdPJQ.exe
  2⤵
  PID:8344
- C:\Windows\System\WULtFTr.exe
  C:\Windows\System\WULtFTr.exe
  2⤵
  PID:8360
- C:\Windows\System\BWxtBja.exe
  C:\Windows\System\BWxtBja.exe
  2⤵
  PID:8376
- C:\Windows\System\WEHzCBk.exe
  C:\Windows\System\WEHzCBk.exe
  2⤵
  PID:8392
- C:\Windows\System\scKhPwQ.exe
  C:\Windows\System\scKhPwQ.exe
  2⤵
  PID:8408
- C:\Windows\System\oTyOzei.exe
  C:\Windows\System\oTyOzei.exe
  2⤵
  PID:8424
- C:\Windows\System\OCzIpph.exe
  C:\Windows\System\OCzIpph.exe
  2⤵
  PID:8440
- C:\Windows\System\WrJcayS.exe
  C:\Windows\System\WrJcayS.exe
  2⤵
  PID:8456
- C:\Windows\System\MaUpPjK.exe
  C:\Windows\System\MaUpPjK.exe
  2⤵
  PID:8472
- C:\Windows\System\oCiKycY.exe
  C:\Windows\System\oCiKycY.exe
  2⤵
  PID:8488
- C:\Windows\System\WrLLXni.exe
  C:\Windows\System\WrLLXni.exe
  2⤵
  PID:8504
- C:\Windows\System\gIdnuVL.exe
  C:\Windows\System\gIdnuVL.exe
  2⤵
  PID:8520
- C:\Windows\System\ebtiRNS.exe
  C:\Windows\System\ebtiRNS.exe
  2⤵
  PID:8536
- C:\Windows\System\AqgFUjv.exe
  C:\Windows\System\AqgFUjv.exe
  2⤵
  PID:8556
- C:\Windows\System\ezFauJi.exe
  C:\Windows\System\ezFauJi.exe
  2⤵
  PID:8572
- C:\Windows\System\yxtnHGj.exe
  C:\Windows\System\yxtnHGj.exe
  2⤵
  PID:8588
- C:\Windows\System\BBhwWaz.exe
  C:\Windows\System\BBhwWaz.exe
  2⤵
  PID:8604
- C:\Windows\System\pOVzbeM.exe
  C:\Windows\System\pOVzbeM.exe
  2⤵
  PID:8620
- C:\Windows\System\HfbvkOe.exe
  C:\Windows\System\HfbvkOe.exe
  2⤵
  PID:8636
- C:\Windows\System\cHDnjJf.exe
  C:\Windows\System\cHDnjJf.exe
  2⤵
  PID:8652
- C:\Windows\System\DnjDgwK.exe
  C:\Windows\System\DnjDgwK.exe
  2⤵
  PID:8668
- C:\Windows\System\XkAwNSa.exe
  C:\Windows\System\XkAwNSa.exe
  2⤵
  PID:8684
- C:\Windows\System\OFTrMBg.exe
  C:\Windows\System\OFTrMBg.exe
  2⤵
  PID:8700
- C:\Windows\System\VQitYDe.exe
  C:\Windows\System\VQitYDe.exe
  2⤵
  PID:8716
- C:\Windows\System\lQDBBko.exe
  C:\Windows\System\lQDBBko.exe
  2⤵
  PID:8732
- C:\Windows\System\ianrJHh.exe
  C:\Windows\System\ianrJHh.exe
  2⤵
  PID:8748
- C:\Windows\System\JrYhyRC.exe
  C:\Windows\System\JrYhyRC.exe
  2⤵
  PID:8764
- C:\Windows\System\ciAvHrN.exe
  C:\Windows\System\ciAvHrN.exe
  2⤵
  PID:8780
- C:\Windows\System\sBbDVak.exe
  C:\Windows\System\sBbDVak.exe
  2⤵
  PID:8804
- C:\Windows\System\BuBfZgA.exe
  C:\Windows\System\BuBfZgA.exe
  2⤵
  PID:8820
- C:\Windows\System\aDOzWGa.exe
  C:\Windows\System\aDOzWGa.exe
  2⤵
  PID:8836
- C:\Windows\System\ESuaarr.exe
  C:\Windows\System\ESuaarr.exe
  2⤵
  PID:8852
- C:\Windows\System\RRQikfl.exe
  C:\Windows\System\RRQikfl.exe
  2⤵
  PID:8868
- C:\Windows\System\gsUlXJB.exe
  C:\Windows\System\gsUlXJB.exe
  2⤵
  PID:8884
- C:\Windows\System\fXivqBG.exe
  C:\Windows\System\fXivqBG.exe
  2⤵
  PID:8900
- C:\Windows\System\cYUswob.exe
  C:\Windows\System\cYUswob.exe
  2⤵
  PID:8920
- C:\Windows\System\HRyeBzg.exe
  C:\Windows\System\HRyeBzg.exe
  2⤵
  PID:8936
- C:\Windows\System\ZfKRvVa.exe
  C:\Windows\System\ZfKRvVa.exe
  2⤵
  PID:8952
- C:\Windows\System\fnMmCOk.exe
  C:\Windows\System\fnMmCOk.exe
  2⤵
  PID:8968
- C:\Windows\System\PyWQPSj.exe
  C:\Windows\System\PyWQPSj.exe
  2⤵
  PID:8984
- C:\Windows\System\INZsllv.exe
  C:\Windows\System\INZsllv.exe
  2⤵
  PID:9000
- C:\Windows\System\jKoUYaB.exe
  C:\Windows\System\jKoUYaB.exe
  2⤵
  PID:9016
- C:\Windows\System\QgGZBoO.exe
  C:\Windows\System\QgGZBoO.exe
  2⤵
  PID:9032
- C:\Windows\System\odgEomL.exe
  C:\Windows\System\odgEomL.exe
  2⤵
  PID:9048
- C:\Windows\System\LkbCBmN.exe
  C:\Windows\System\LkbCBmN.exe
  2⤵
  PID:9068
- C:\Windows\System\ZStepCe.exe
  C:\Windows\System\ZStepCe.exe
  2⤵
  PID:9084
- C:\Windows\System\hiIZnMH.exe
  C:\Windows\System\hiIZnMH.exe
  2⤵
  PID:9100
- C:\Windows\System\wBtPMJr.exe
  C:\Windows\System\wBtPMJr.exe
  2⤵
  PID:9116
- C:\Windows\System\hgbNeUX.exe
  C:\Windows\System\hgbNeUX.exe
  2⤵
  PID:9132
- C:\Windows\System\Vexwbeb.exe
  C:\Windows\System\Vexwbeb.exe
  2⤵
  PID:9148
- C:\Windows\System\vqpZWIA.exe
  C:\Windows\System\vqpZWIA.exe
  2⤵
  PID:9164
- C:\Windows\System\nVllTdE.exe
  C:\Windows\System\nVllTdE.exe
  2⤵
  PID:9180
- C:\Windows\System\AIjVgKn.exe
  C:\Windows\System\AIjVgKn.exe
  2⤵
  PID:9196
- C:\Windows\System\XuzzXlm.exe
  C:\Windows\System\XuzzXlm.exe
  2⤵
  PID:9212
- C:\Windows\System\lHNwhSu.exe
  C:\Windows\System\lHNwhSu.exe
  2⤵
  PID:7576
- C:\Windows\System\KFRwopy.exe
  C:\Windows\System\KFRwopy.exe
  2⤵
  PID:8252
- C:\Windows\System\sGmSZUd.exe
  C:\Windows\System\sGmSZUd.exe
  2⤵
  PID:8320
- C:\Windows\System\OGTergt.exe
  C:\Windows\System\OGTergt.exe
  2⤵
  PID:8268
- C:\Windows\System\XsPWgbj.exe
  C:\Windows\System\XsPWgbj.exe
  2⤵
  PID:8308
- C:\Windows\System\PiaVwfh.exe
  C:\Windows\System\PiaVwfh.exe
  2⤵
  PID:8228
- C:\Windows\System\JGHcIFJ.exe
  C:\Windows\System\JGHcIFJ.exe
  2⤵
  PID:8404
- C:\Windows\System\uLprCFz.exe
  C:\Windows\System\uLprCFz.exe
  2⤵
  PID:8416
- C:\Windows\System\CXnzLAT.exe
  C:\Windows\System\CXnzLAT.exe
  2⤵
  PID:8240
- C:\Windows\System\iMSUmdh.exe
  C:\Windows\System\iMSUmdh.exe
  2⤵
  PID:8496
- C:\Windows\System\YsIzJgw.exe
  C:\Windows\System\YsIzJgw.exe
  2⤵
  PID:8516
- C:\Windows\System\tOdPiMm.exe
  C:\Windows\System\tOdPiMm.exe
  2⤵
  PID:8568
- C:\Windows\System\GmWQmgP.exe
  C:\Windows\System\GmWQmgP.exe
  2⤵
  PID:8632
- C:\Windows\System\VoCTbMB.exe
  C:\Windows\System\VoCTbMB.exe
  2⤵
  PID:8616
- C:\Windows\System\GNNxKeZ.exe
  C:\Windows\System\GNNxKeZ.exe
  2⤵
  PID:8648
- C:\Windows\System\uBFCdWP.exe
  C:\Windows\System\uBFCdWP.exe
  2⤵
  PID:8696
- C:\Windows\System\gdVKjQB.exe
  C:\Windows\System\gdVKjQB.exe
  2⤵
  PID:8676
- C:\Windows\System\nmFWtAQ.exe
  C:\Windows\System\nmFWtAQ.exe
  2⤵
  PID:8792
- C:\Windows\System\SGFeTiS.exe
  C:\Windows\System\SGFeTiS.exe
  2⤵
  PID:8844
- C:\Windows\System\wxIibPR.exe
  C:\Windows\System\wxIibPR.exe
  2⤵
  PID:8848
- C:\Windows\System\rIlcHka.exe
  C:\Windows\System\rIlcHka.exe
  2⤵
  PID:8944
- C:\Windows\System\yKDGaNS.exe
  C:\Windows\System\yKDGaNS.exe
  2⤵
  PID:9024
- C:\Windows\System\UAbeXGT.exe
  C:\Windows\System\UAbeXGT.exe
  2⤵
  PID:9008
- C:\Windows\System\LEqNSum.exe
  C:\Windows\System\LEqNSum.exe
  2⤵
  PID:9064
- C:\Windows\System\LbhYCCF.exe
  C:\Windows\System\LbhYCCF.exe
  2⤵
  PID:7596
- C:\Windows\System\oOlCCVP.exe
  C:\Windows\System\oOlCCVP.exe
  2⤵
  PID:7708
- C:\Windows\System\GnfgQjV.exe
  C:\Windows\System\GnfgQjV.exe
  2⤵
  PID:8448
- C:\Windows\System\rywwVtz.exe
  C:\Windows\System\rywwVtz.exe
  2⤵
  PID:8468
- C:\Windows\System\FFgZRKt.exe
  C:\Windows\System\FFgZRKt.exe
  2⤵
  PID:8760
- C:\Windows\System\MxqShTi.exe
  C:\Windows\System\MxqShTi.exe
  2⤵
  PID:8740
- C:\Windows\System\AJMOhFe.exe
  C:\Windows\System\AJMOhFe.exe
  2⤵
  PID:8896
- C:\Windows\System\NbnqikQ.exe
  C:\Windows\System\NbnqikQ.exe
  2⤵
  PID:9112
- C:\Windows\System\zWLJEHQ.exe
  C:\Windows\System\zWLJEHQ.exe
  2⤵
  PID:8216
- C:\Windows\System\ErHBMLk.exe
  C:\Windows\System\ErHBMLk.exe
  2⤵
  PID:8484
- C:\Windows\System\WcWMTEh.exe
  C:\Windows\System\WcWMTEh.exe
  2⤵
  PID:8388
- C:\Windows\System\TnXXtdi.exe
  C:\Windows\System\TnXXtdi.exe
  2⤵
  PID:6956
- C:\Windows\System\JVYvAGa.exe
  C:\Windows\System\JVYvAGa.exe
  2⤵
  PID:8708
- C:\Windows\System\iuWZGwt.exe
  C:\Windows\System\iuWZGwt.exe
  2⤵
  PID:8744
- C:\Windows\System\LvuFbMo.exe
  C:\Windows\System\LvuFbMo.exe
  2⤵
  PID:8864
- C:\Windows\System\KLXIkOC.exe
  C:\Windows\System\KLXIkOC.exe
  2⤵
  PID:8892
- C:\Windows\System\vuUwkLi.exe
  C:\Windows\System\vuUwkLi.exe
  2⤵
  PID:8880
- C:\Windows\System\bkZWkjw.exe
  C:\Windows\System\bkZWkjw.exe
  2⤵
  PID:9060
- C:\Windows\System\FSrIXQO.exe
  C:\Windows\System\FSrIXQO.exe
  2⤵
  PID:9204
- C:\Windows\System\HNXDhxm.exe
  C:\Windows\System\HNXDhxm.exe
  2⤵
  PID:9040
- C:\Windows\System\SKJHJSG.exe
  C:\Windows\System\SKJHJSG.exe
  2⤵
  PID:7528
- C:\Windows\System\oPIKgXC.exe
  C:\Windows\System\oPIKgXC.exe
  2⤵
  PID:8248
- C:\Windows\System\xDOQhNz.exe
  C:\Windows\System\xDOQhNz.exe
  2⤵
  PID:8372
- C:\Windows\System\zSqEWcU.exe
  C:\Windows\System\zSqEWcU.exe
  2⤵
  PID:8596
- C:\Windows\System\KRYImvi.exe
  C:\Windows\System\KRYImvi.exe
  2⤵
  PID:8548
- C:\Windows\System\vZxIhRS.exe
  C:\Windows\System\vZxIhRS.exe
  2⤵
  PID:8712
- C:\Windows\System\gYJfXBD.exe
  C:\Windows\System\gYJfXBD.exe
  2⤵
  PID:8788
- C:\Windows\System\lpmzFit.exe
  C:\Windows\System\lpmzFit.exe
  2⤵
  PID:6632
- C:\Windows\System\szpOOjo.exe
  C:\Windows\System\szpOOjo.exe
  2⤵
  PID:8996
- C:\Windows\System\dpuzgfj.exe
  C:\Windows\System\dpuzgfj.exe
  2⤵
  PID:9188
- C:\Windows\System\whsAiVa.exe
  C:\Windows\System\whsAiVa.exe
  2⤵
  PID:9192
- C:\Windows\System\CQVQyhV.exe
  C:\Windows\System\CQVQyhV.exe
  2⤵
  PID:8244
- C:\Windows\System\ACrRKXm.exe
  C:\Windows\System\ACrRKXm.exe
  2⤵
  PID:8324
- C:\Windows\System\SBmUIzp.exe
  C:\Windows\System\SBmUIzp.exe
  2⤵
  PID:8964
- C:\Windows\System\qPZVoPT.exe
  C:\Windows\System\qPZVoPT.exe
  2⤵
  PID:9124
- C:\Windows\System\QxaJzRY.exe
  C:\Windows\System\QxaJzRY.exe
  2⤵
  PID:988
- C:\Windows\System\vcMtxke.exe
  C:\Windows\System\vcMtxke.exe
  2⤵
  PID:9232
- C:\Windows\System\VbRTfLy.exe
  C:\Windows\System\VbRTfLy.exe
  2⤵
  PID:9252
- C:\Windows\System\KMNeCuJ.exe
  C:\Windows\System\KMNeCuJ.exe
  2⤵
  PID:9268
- C:\Windows\System\dfaFtiQ.exe
  C:\Windows\System\dfaFtiQ.exe
  2⤵
  PID:9304
- C:\Windows\System\zHLGGfY.exe
  C:\Windows\System\zHLGGfY.exe
  2⤵
  PID:9328
- C:\Windows\System\EapTPWb.exe
  C:\Windows\System\EapTPWb.exe
  2⤵
  PID:9352
- C:\Windows\System\fBLTJRh.exe
  C:\Windows\System\fBLTJRh.exe
  2⤵
  PID:9376
- C:\Windows\System\BcfdfwS.exe
  C:\Windows\System\BcfdfwS.exe
  2⤵
  PID:9392
- C:\Windows\System\qafLmPA.exe
  C:\Windows\System\qafLmPA.exe
  2⤵
  PID:9408
- C:\Windows\System\ZXUiHPW.exe
  C:\Windows\System\ZXUiHPW.exe
  2⤵
  PID:9424
- C:\Windows\System\jQEcuId.exe
  C:\Windows\System\jQEcuId.exe
  2⤵
  PID:9444
- C:\Windows\System\sTRGYTB.exe
  C:\Windows\System\sTRGYTB.exe
  2⤵
  PID:9464
- C:\Windows\System\BilzOSr.exe
  C:\Windows\System\BilzOSr.exe
  2⤵
  PID:9480
- C:\Windows\System\ZUzpOJB.exe
  C:\Windows\System\ZUzpOJB.exe
  2⤵
  PID:9512
- C:\Windows\System\HPKoVvj.exe
  C:\Windows\System\HPKoVvj.exe
  2⤵
  PID:9528
- C:\Windows\System\VZluibx.exe
  C:\Windows\System\VZluibx.exe
  2⤵
  PID:9544
- C:\Windows\System\ywbmPGa.exe
  C:\Windows\System\ywbmPGa.exe
  2⤵
  PID:9560
- C:\Windows\System\yOkOqHg.exe
  C:\Windows\System\yOkOqHg.exe
  2⤵
  PID:9576
- C:\Windows\System\ZdGLrPO.exe
  C:\Windows\System\ZdGLrPO.exe
  2⤵
  PID:9592
- C:\Windows\System\DpNlgDx.exe
  C:\Windows\System\DpNlgDx.exe
  2⤵
  PID:9608
- C:\Windows\System\DNypBFK.exe
  C:\Windows\System\DNypBFK.exe
  2⤵
  PID:9624
- C:\Windows\System\CWnWbJP.exe
  C:\Windows\System\CWnWbJP.exe
  2⤵
  PID:9640
- C:\Windows\System\rQDPbnB.exe
  C:\Windows\System\rQDPbnB.exe
  2⤵
  PID:9660
- C:\Windows\System\mvgHYwh.exe
  C:\Windows\System\mvgHYwh.exe
  2⤵
  PID:9684
- C:\Windows\System\wxQtEec.exe
  C:\Windows\System\wxQtEec.exe
  2⤵
  PID:9708
- C:\Windows\System\WmqkTxq.exe
  C:\Windows\System\WmqkTxq.exe
  2⤵
  PID:9732
- C:\Windows\System\nlfWviQ.exe
  C:\Windows\System\nlfWviQ.exe
  2⤵
  PID:9752
- C:\Windows\System\ddIiSyc.exe
  C:\Windows\System\ddIiSyc.exe
  2⤵
  PID:9772
- C:\Windows\System\gnbupWQ.exe
  C:\Windows\System\gnbupWQ.exe
  2⤵
  PID:9788
- C:\Windows\System\WcvPjjy.exe
  C:\Windows\System\WcvPjjy.exe
  2⤵
  PID:9808
- C:\Windows\System\OLtwTYd.exe
  C:\Windows\System\OLtwTYd.exe
  2⤵
  PID:9824
- C:\Windows\System\mvVfTrt.exe
  C:\Windows\System\mvVfTrt.exe
  2⤵
  PID:9840
- C:\Windows\System\fChHTKP.exe
  C:\Windows\System\fChHTKP.exe
  2⤵
  PID:9856
- C:\Windows\System\TSgKoND.exe
  C:\Windows\System\TSgKoND.exe
  2⤵
  PID:9876
- C:\Windows\System\uAWUolj.exe
  C:\Windows\System\uAWUolj.exe
  2⤵
  PID:9896
- C:\Windows\System\vFOAFnM.exe
  C:\Windows\System\vFOAFnM.exe
  2⤵
  PID:9920
- C:\Windows\System\SzBnjyV.exe
  C:\Windows\System\SzBnjyV.exe
  2⤵
  PID:9940
- C:\Windows\System\RoyDeJF.exe
  C:\Windows\System\RoyDeJF.exe
  2⤵
  PID:9956
- C:\Windows\System\vTpjhiY.exe
  C:\Windows\System\vTpjhiY.exe
  2⤵
  PID:9976
- C:\Windows\System\shukImk.exe
  C:\Windows\System\shukImk.exe
  2⤵
  PID:9996
- C:\Windows\System\oJwJmsb.exe
  C:\Windows\System\oJwJmsb.exe
  2⤵
  PID:10068
- C:\Windows\System\AIwuyrr.exe
  C:\Windows\System\AIwuyrr.exe
  2⤵
  PID:10088
- C:\Windows\System\xhfNJpo.exe
  C:\Windows\System\xhfNJpo.exe
  2⤵
  PID:10108
- C:\Windows\System\qDpsghP.exe
  C:\Windows\System\qDpsghP.exe
  2⤵
  PID:10128
- C:\Windows\System\haBzmbW.exe
  C:\Windows\System\haBzmbW.exe
  2⤵
  PID:10144
- C:\Windows\System\TWnNOmC.exe
  C:\Windows\System\TWnNOmC.exe
  2⤵
  PID:10160
- C:\Windows\System\YPqVrBm.exe
  C:\Windows\System\YPqVrBm.exe
  2⤵
  PID:10176
- C:\Windows\System\AKgzfjj.exe
  C:\Windows\System\AKgzfjj.exe
  2⤵
  PID:10192
- C:\Windows\System\zgkHdks.exe
  C:\Windows\System\zgkHdks.exe
  2⤵
  PID:10208
- C:\Windows\System\XwxDxTQ.exe
  C:\Windows\System\XwxDxTQ.exe
  2⤵
  PID:10224
- C:\Windows\System\RuYGIpp.exe
  C:\Windows\System\RuYGIpp.exe
  2⤵
  PID:8756
- C:\Windows\System\XEqPRvr.exe
  C:\Windows\System\XEqPRvr.exe
  2⤵
  PID:8980
- C:\Windows\System\KDNstgs.exe
  C:\Windows\System\KDNstgs.exe
  2⤵
  PID:8644
- C:\Windows\System\UAnDvbc.exe
  C:\Windows\System\UAnDvbc.exe
  2⤵
  PID:8664
- C:\Windows\System\DBsiqmc.exe
  C:\Windows\System\DBsiqmc.exe
  2⤵
  PID:9228
- C:\Windows\System\NkRXpVm.exe
  C:\Windows\System\NkRXpVm.exe
  2⤵
  PID:9240
- C:\Windows\System\AhwzjMr.exe
  C:\Windows\System\AhwzjMr.exe
  2⤵
  PID:9276
- C:\Windows\System\dnJlOeU.exe
  C:\Windows\System\dnJlOeU.exe
  2⤵
  PID:9312
- C:\Windows\System\lvPMSlj.exe
  C:\Windows\System\lvPMSlj.exe
  2⤵
  PID:9372
- C:\Windows\System\JsuadFW.exe
  C:\Windows\System\JsuadFW.exe
  2⤵
  PID:9440
- C:\Windows\System\MzZHNQC.exe
  C:\Windows\System\MzZHNQC.exe
  2⤵
  PID:9336
- C:\Windows\System\plgxzES.exe
  C:\Windows\System\plgxzES.exe
  2⤵
  PID:9524
- C:\Windows\System\KBvNois.exe
  C:\Windows\System\KBvNois.exe
  2⤵
  PID:9648
- C:\Windows\System\QUQQmyo.exe
  C:\Windows\System\QUQQmyo.exe
  2⤵
  PID:9696
- C:\Windows\System\CgbBRlH.exe
  C:\Windows\System\CgbBRlH.exe
  2⤵
  PID:9744
- C:\Windows\System\qrysAZC.exe
  C:\Windows\System\qrysAZC.exe
  2⤵
  PID:9820
- C:\Windows\System\ZJwcLpw.exe
  C:\Windows\System\ZJwcLpw.exe
  2⤵
  PID:9884
- C:\Windows\System\yCBPVXh.exe
  C:\Windows\System\yCBPVXh.exe
  2⤵
  PID:9964
- C:\Windows\System\KbKlLyK.exe
  C:\Windows\System\KbKlLyK.exe
  2⤵
  PID:9540
- C:\Windows\System\bCTopOl.exe
  C:\Windows\System\bCTopOl.exe
  2⤵
  PID:9600
- C:\Windows\System\aPtcnvH.exe
  C:\Windows\System\aPtcnvH.exe
  2⤵
  PID:9672
- C:\Windows\System\RSBJJSY.exe
  C:\Windows\System\RSBJJSY.exe
  2⤵
  PID:9728
- C:\Windows\System\NPjNBrn.exe
  C:\Windows\System\NPjNBrn.exe
  2⤵
  PID:9804
- C:\Windows\System\KPlkkLp.exe
  C:\Windows\System\KPlkkLp.exe
  2⤵
  PID:9908
- C:\Windows\System\HfsCrTd.exe
  C:\Windows\System\HfsCrTd.exe
  2⤵
  PID:10020
- C:\Windows\System\CGJsCCI.exe
  C:\Windows\System\CGJsCCI.exe
  2⤵
  PID:10040
- C:\Windows\System\qqpZrrU.exe
  C:\Windows\System\qqpZrrU.exe
  2⤵
  PID:10056
- C:\Windows\System\ycNpdew.exe
  C:\Windows\System\ycNpdew.exe
  2⤵
  PID:10064
- C:\Windows\System\WdZpaKs.exe
  C:\Windows\System\WdZpaKs.exe
  2⤵
  PID:10124
- C:\Windows\System\uYzuxVg.exe
  C:\Windows\System\uYzuxVg.exe
  2⤵
  PID:10216
- C:\Windows\System\NVATFIY.exe
  C:\Windows\System\NVATFIY.exe
  2⤵
  PID:6248
- C:\Windows\System\zabJFXl.exe
  C:\Windows\System\zabJFXl.exe
  2⤵
  PID:8288
- C:\Windows\System\lDxGUbC.exe
  C:\Windows\System\lDxGUbC.exe
  2⤵
  PID:10140
- C:\Windows\System\HolLlQG.exe
  C:\Windows\System\HolLlQG.exe
  2⤵
  PID:10236
- C:\Windows\System\rlpCpcO.exe
  C:\Windows\System\rlpCpcO.exe
  2⤵
  PID:9404
- C:\Windows\System\hywjYEd.exe
  C:\Windows\System\hywjYEd.exe
  2⤵
  PID:9344
- C:\Windows\System\nUtENjG.exe
  C:\Windows\System\nUtENjG.exe
  2⤵
  PID:9292
- C:\Windows\System\ETvCvYa.exe
  C:\Windows\System\ETvCvYa.exe
  2⤵
  PID:9348
- C:\Windows\System\TXbBzEU.exe
  C:\Windows\System\TXbBzEU.exe
  2⤵
  PID:9420
- C:\Windows\System\SCgmRNh.exe
  C:\Windows\System\SCgmRNh.exe
  2⤵
  PID:9584
- C:\Windows\System\SLxBfwZ.exe
  C:\Windows\System\SLxBfwZ.exe
  2⤵
  PID:9740
- C:\Windows\System\qxOxjCk.exe
  C:\Windows\System\qxOxjCk.exe
  2⤵
  PID:9936
- C:\Windows\System\DQITXpT.exe
  C:\Windows\System\DQITXpT.exe
  2⤵
  PID:9656
- C:\Windows\System\mnLmkTl.exe
  C:\Windows\System\mnLmkTl.exe
  2⤵
  PID:9932
- C:\Windows\System\xffATBb.exe
  C:\Windows\System\xffATBb.exe
  2⤵
  PID:9716
- C:\Windows\System\WFZCswc.exe
  C:\Windows\System\WFZCswc.exe
  2⤵
  PID:9764
- C:\Windows\System\QhbkNrH.exe
  C:\Windows\System\QhbkNrH.exe
  2⤵
  PID:9916
- C:\Windows\System\plTBsUD.exe
  C:\Windows\System\plTBsUD.exe
  2⤵
  PID:10036
- C:\Windows\System\eIvTKTA.exe
  C:\Windows\System\eIvTKTA.exe
  2⤵
  PID:9992
- C:\Windows\System\DuNyYSi.exe
  C:\Windows\System\DuNyYSi.exe
  2⤵
  PID:10004
- C:\Windows\System\SKxQqpN.exe
  C:\Windows\System\SKxQqpN.exe
  2⤵
  PID:10120
- C:\Windows\System\PZPzcyf.exe
  C:\Windows\System\PZPzcyf.exe
  2⤵
  PID:8772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CELicwa.exe

Filesize
6.0MB

MD5
e90af1e28943d822b4377a654b0911b6

SHA1
ee8b0f67016a301423f60c1e51f9333dc4ce5adc

SHA256
f0f5fa542ca78d00ab0146546966364f7b7c2a0a2e555f86fb33c8d4c3826ec0

SHA512
fcf00e5255cb39906baf73ca5ebb9f5dde0dffabca67dfb78c49f4f322c4c9ca55dddb4fa9f3f198bfa9d722ebc9c6a343f29f7169d227d137c7a6bd3aaba9f5

Download Submit
C:\Windows\system\Cibgsrq.exe

Filesize
6.0MB

MD5
40d883dd2693581588f3414b83680809

SHA1
655ad215aa395de3d0fcda84e779d063ba8a3aa9

SHA256
4cb29555401df10b68406ccb81a1d83c702d6f2c23908964806f6a2df964f7bf

SHA512
611e2a62899d024af3f59584db70286db94f806ded5732ba317f0ee7b962305b4791b7afab67fb871a35e1884c7a4c450a3cdd65528639f46f10453f9d16487f

Download Submit
C:\Windows\system\EUcdzMk.exe

Filesize
6.0MB

MD5
147201d716778898bc738e7fc8a36dda

SHA1
73ac2c58b490ba8c48b1685c73444a6ed804682c

SHA256
004cf5fdb5ae92cc885eec925d0f0c9a99567d82b704a0612963dbfec47fd449

SHA512
e3be0754e83eb89e78afc55962c7e1631fe956914626cadc32611c72f2c4adce25ec70e840a8789b6f3b53cbf5a09719771ca6c91dfef3af59e8aaf17d33a512

Download Submit
C:\Windows\system\GgcbZJp.exe

Filesize
6.0MB

MD5
b3988fb923ce8146935bb13b8cc40844

SHA1
335a9d711160517193b3bacbfc63d7827f7abb14

SHA256
ae9b7a3d738a4d0119e6a93bcd72f759da1f95f7e1df869406ee137ecf3a1905

SHA512
8dfe5395bea07247fdafad48fbeebfcb5f7c287fa402395c8aad0e7e66198ef969e772dd399429b68bf90d49157167995019d8533527fbaa2d24fa992d11481b

Download Submit
C:\Windows\system\HWBisvm.exe

Filesize
6.0MB

MD5
b7c774b0bfa17894410b0042800698ad

SHA1
574dc6ecc30fe191c4a0170e02e72f1ee78aba6c

SHA256
16be7a83fcbe488476c1edb2b04d4cc09058113d5eb07df514bc74ad6d539409

SHA512
78e074ee8ee581856d20c4e43b25a6c80b437319b380ed336c01925f429716b812ab255f88fa4c525bb3c790b6099e0406f11be4bac4383e8d4b0845bf79aced

Download Submit
C:\Windows\system\JGlLKtK.exe

Filesize
6.0MB

MD5
8bc5b32822abb93e072e7274a0a6a796

SHA1
cd9223e95562451afae850417a703c7ae3a5241e

SHA256
e377d9562a7ede5f09de6d07f2d9cacdc4cecf61c9cb359a8da5f745e8a6e688

SHA512
7bb623cfe6c48b879f31b3bf4d4efbf77ddf973a934b5a90c6ae73627e7470a2575cf37bb49d361d681652339480df6019fdfea9fbf427b5209508f9111ad7c7

Download Submit
C:\Windows\system\KpcckrW.exe

Filesize
6.0MB

MD5
e24481594e62d88f5bb69a8ac6b7be1c

SHA1
9a0a8e9fe49a5c071b7398c2ce018e2f2e6bd170

SHA256
723877bb06d2e13453cffeed7c32491aced5c2d759ca9a8a65e20d2d36dd9454

SHA512
313634e91b33ff7f899c2920aae0e13e1fbf35ab44131af0ff4768a11a3470f6272f16e0689b80ed8e3af12a94758b6ef5cd2b58facaa121fd7b5bd696d77adf

Download Submit
C:\Windows\system\KzYdksc.exe

Filesize
6.0MB

MD5
c61881f04f2bf00eb24f38c61f6f525a

SHA1
03f3f9447b735cb6f32746e9d02b8399feabd773

SHA256
18cd162d321c035cb59783f0af820930e8e83d3af79d1b89b6d6a203907e5e0e

SHA512
c1d975eb1e2c7bc24d049de3008aa6211e5ca14069f4f812a88a547da6297effaeeacb325ccdff056a7751775ac6e0226c7cdf0251c3cb0879701e80c6642691

Download Submit
C:\Windows\system\LTOAZfh.exe

Filesize
6.0MB

MD5
47ccc0403cdf23fe5e4bb5e79813ffec

SHA1
87558bc0c72ae94afc46d65a007135d0ff4d3f2b

SHA256
2a2e9c8883abc017c882b88f47693db7906b44c66e40c746bb07e139be46b158

SHA512
da7d4a0f87421b49a652ddd5c7e284f11d7f2292f986ef52a0532799decaad6886293f62df91ae74d0e77d54e204bc5d92f74c5e20bc8ea1d231b0d25ffa0c23

Download Submit
C:\Windows\system\PiwVtVn.exe

Filesize
6.0MB

MD5
8cc5933ee88493af8ebe20cd407152f1

SHA1
c668522f487278976a4276315e7643a40d36b7b1

SHA256
d98b487d1cb396ab6526bda75a0715566daef3dad11c0639c5332044e521defa

SHA512
4eeea95c7da723712f17e388d45037a43a8412f110124b1fad477302f91af448de1b9c6e8117d0d593ce517d614a676288aeba73cce6916877be296e7f94d048

Download Submit
C:\Windows\system\SguFnaB.exe

Filesize
6.0MB

MD5
7011f637767a476e7eca090681a5db4b

SHA1
6150671ec439f1c8f248cc0ec390c5aa73abd402

SHA256
9a89013368f08ced11228e1a2cc75d738b43bff6807cfbfe9571dd5a5ce0fa94

SHA512
1806b904909036ae96378bd71c77a035c58e05abe7ebfe378d3074bc01e88983c30e1ccdbd9129063bbbfe93ecfb26a082d1c0662270566d06904516d02aa9d5

Download Submit
C:\Windows\system\WMreidr.exe

Filesize
6.0MB

MD5
41f0dd2558bd8be4216156d89283a70f

SHA1
0b6a989aca732d4a82a969ef78dbda59af7896be

SHA256
f716bad3a03c4fda89ad616487764638540397e427e6bf95fabf6ab4162ae9f5

SHA512
9fd1ee9c5fae55edc288dddf07c3c154ab89469c3efa81df21cb7d59c172091443b24bf723369dada2a899a4139af7b087634aac697253aa8b0ebd1324717879

Download Submit
C:\Windows\system\XqaDWVR.exe

Filesize
6.0MB

MD5
ad9ba24221b8f3a8029070a029183f6a

SHA1
269e756dadd8c49cea29a67b1423b5e4afca9d29

SHA256
3ab2e045d182556a16daa23c601c819ccef75ef516932e980e7b20dcba6dad6b

SHA512
b72a421f2d07ff3ce00a32be863b5b3511869516fd747de5ba1226813250bebb08b6fbccfebb01f54c83e4bfeeae556273b0d8912fc0a171e341f28aa115e5d5

Download Submit
C:\Windows\system\cnJKABn.exe

Filesize
6.0MB

MD5
215f2289f72dbc4c2540e18cf71ef6fc

SHA1
149a9ed4776b2ba35c91da99dafabcb8d7a99734

SHA256
38cbb5411399c1a6f8974c97aef0222142104f7ac33df1b82668a1787e3ca66a

SHA512
3bba5c84f242f701c7ba40a8cf437470b0213f838fcc7fb1a42548ea9f573e8d60531615503c46ed748ed774f887222cd821729127bf68e7691be956d9deca1b

Download Submit
C:\Windows\system\daMDDAu.exe

Filesize
6.0MB

MD5
6a22c39b22b1cf01ed8eaaba4ece79ff

SHA1
84d754b5ed434b63db42af87adcb02bd33a2a7c8

SHA256
99461e5de809e57a36f90c989fbf59c6cd8aa5ac1be52064127275beb6a2b6ad

SHA512
d4995da170a14af6aaada13adcfc529a2bc62dc1d202d0f3dd6ffacfd0ca84a1a0283b2b01da3ec423f7fb34075edaceaf3cb77324ecb5d7685df2a0eeee95b8

Download Submit
C:\Windows\system\eEFkmfP.exe

Filesize
6.0MB

MD5
e7606e4258aa19d6b73346feaebda5d2

SHA1
61840b685ac02127acc19f65b44c881fffdebfba

SHA256
ca81d3d81a2f69193605a32f618441e676062f04f0b2284e5bc1697fe791872d

SHA512
da4aa6df883d4c21817841fdb99ff72466761301d9aa5aba2cbbecdfe36da2508ac72f0dab5ffaea7508be0cf0f96a6c9f1fd03e99003d39df9c478512a461ec

Download Submit
C:\Windows\system\iSwELnG.exe

Filesize
6.0MB

MD5
a55491088463f7d64fed7b514f34eeef

SHA1
f7733120d15214c4c37671137058d13c3285858b

SHA256
b537e94aa8096d763c9076558910454611b903254630fea0657cd724d7e8d9c1

SHA512
4f6308fa0311836430507c26ffac1ebe981704bfda36ec707e46261c4596a5af15a9fe98873dc5175c9270f6c5b8bdb3c52cd49a1dfd5fcbbf836ecdecf74fe1

Download Submit
C:\Windows\system\iYWsTXc.exe

Filesize
6.0MB

MD5
34afdfeddb67564d83d7dfc091c5a4f0

SHA1
727ec571086accb98a081e8c36517b21bee3dd06

SHA256
57b58ce4ffcb0c0e18c1ada391e5c94948976f4294c962bc4005e34668b43d8a

SHA512
c14a03b036a1c80b3123023dae73e71fe3360c9ff5f5f9f7b9689e7680b2667991d9ea294619d9a50415a22aa6b9dd1e86023ca96403cc00a6c827e691cc03ed

Download Submit
C:\Windows\system\izJQAwx.exe

Filesize
6.0MB

MD5
4e5334432c166df3a097457bd4a1e2eb

SHA1
600467d3664ab530242c6c9e6d6dae4e64295c30

SHA256
d6831c737eb855c2bf658623d548d1e63c9317669eea8dfa2e66a511deba5d05

SHA512
5eced53bf69618f82c9081257574bd9f8c9034cbf2a6b5904c2a6af980383dd81d0ea1fca9f385de22004b352cf0f265d166b212b44f4d354b923fc21e1fbb29

Download Submit
C:\Windows\system\jCxFztD.exe

Filesize
6.0MB

MD5
c55876a95b50f45bc9d5d1d32074c11e

SHA1
100da86737e480bef13de6162367d95e4f8c9593

SHA256
68edd6aceb9751cb8e6617e7bf414e1d9f44cd01d92800683bc7aac361f54820

SHA512
1d09bd2a878f40c0ed46f149fc407b7f2480d0d54f71772019f29bc2a87e5a5c0e61c80b073c8e33ed8759d3ee3115909b5725b9fe7660ac15bbef12e1f86a46

Download Submit
C:\Windows\system\kueVCZZ.exe

Filesize
6.0MB

MD5
9daea24c79ff6ab84d84fee3817db1b6

SHA1
c71944116e00c9c205b44cf751685a3c8da6d949

SHA256
02d72b83fa89a43a23973e53eda558dc84d3e0b1a7a9f6499cf51d9e0af05ae1

SHA512
d65510e35a3d915e86abebe6fd5069df0922a62d9c4834c04a263c3ea05d0e9f475e874fcfcf0a44620fb9ce1dee1c2bbce8fd9e6b81465e8f7a6c4a99ca3ed1

Download Submit
C:\Windows\system\tIbXDob.exe

Filesize
6.0MB

MD5
245ce5033056f1ba66b23872c0c5197d

SHA1
77efcb200ff1166c4f078d27b006b025a59f80e2

SHA256
3684b20a7892b4ad429a4a8f85265b904f4f8ca90844c147f22f40303e0b996d

SHA512
005b54e1c3e0d677ef0f97cd4db87f1f2f7d5f2f72e07d3f623118a989aca129f26ccb9adb1a1a725fc2f91d2302fdb7baa237b05ca615a398c87875426e7b53

Download Submit
C:\Windows\system\tKJCudK.exe

Filesize
6.0MB

MD5
5f595aeba8bc7a812918a25cafbeb176

SHA1
fe5ce4b3a98e7c194ae0d816621bab29034e3b4a

SHA256
bf6f28702217c15e026c5c408dd5db0365f00c9404394b0e7b3376f049033c18

SHA512
76c984facaef73eec1d2bfb9e37b6bc68c009857c504b835b28faacb6c8483b99b697d485a4b85a62f963715ae2b935f2e324cf422691600ceaa671b3eb3b168

Download Submit
C:\Windows\system\vZIVxCX.exe

Filesize
6.0MB

MD5
cef62604389afb465b5d835af8dd5aad

SHA1
0455761de055e3b62e5647d820f6bd8ce92ae6d6

SHA256
1c504872980f8f34547a760d38b7feff4737ef5a74558c12f3c06fe55a85abe9

SHA512
bbcd24d72cadeda9252355dacc091c52b725116c54ef1707be36395dcf818a5622301f753cf2aad23cbcd13035cfbdbedd743ada9ca1bf4de04e2d860f55c3c9

Download Submit
C:\Windows\system\xvRUbeH.exe

Filesize
6.0MB

MD5
80633033a8ed9b11750e39b786905799

SHA1
80d2b260ecc5a48a25f0459af11f25863616534d

SHA256
d3871dd46c68f36daf595e3a7a7d1e9d2f680c87f5ba624c9d16c8d87b34054a

SHA512
a8e49417fcff0468883adde1564d0ddaa0ebbc625b39759b9703f3cb2ea7c4ada321a35efe196d35532a8141187ee62b1c80ca68ada600f79314f7455b558513

Download Submit
C:\Windows\system\zCSqfmf.exe

Filesize
6.0MB

MD5
433ebb28173ef44172bfd3796d863125

SHA1
56de76568617cc90b9ff51bba6e4b576e246ce8f

SHA256
f4a53a7e450990b2c053e664707f17b687f59f210c77cdb11bd9e1ee28ee92ae

SHA512
77733968bbd993aa835eb20b8074b68c5b8151e2988cddbd8cd109fe259a4f7b0f5115a7b12177494e9c465f9c1c343376297dda2f8dd18b4e7e43cf91e89284

Download Submit
\Windows\system\DBfBrgd.exe

Filesize
6.0MB

MD5
ee7a562c0a6e0b3f9cb5f661a62e0685

SHA1
52db9b56ead0267a001e65285f352e7012e0cd6f

SHA256
ea5e42d5c9cacf874abb782d879cfd601911364860f8de09b66671842c07c85b

SHA512
a308e4008d4633e70f3679c2d7a9de48d490224e3a31d6078397d7c0612e22274a146a6a04d2dfdbe88bd1c108cbfa9830f460fe437171d1417b6dd868454a07

Download Submit
\Windows\system\JIFwxxQ.exe

Filesize
6.0MB

MD5
039cd0cb7d55e39a8a198c1ad174c75d

SHA1
30e832d197adc9de7467afa7f6b52c6e7dc7d2a9

SHA256
65dea6603ad9a5aed86075064e4b28558d61565e4928517982fa04c996c79c37

SHA512
25d8d6e26ef7543207ca7fc2099ee488104ed9d58b635d5877fbd51ce3fea96d46da9dddfddc46713e85b2af94c631988fcb398972bd4a2e481e69de67c24138

Download Submit
\Windows\system\THySvls.exe

Filesize
6.0MB

MD5
885ca47c93e284f3175695c19eb08918

SHA1
136cab68f73d9d2ec64ab576bbf19678aeccb456

SHA256
898f258198e31f00ce23dded47ebaf59f554d61762dd332bc88076f86f9022a1

SHA512
4605dd3545219e7c214f760d0d1837c1ebf0d3993a850a34fba23a10e5400ec4a21319e674a22213110071ed249320b3cbdddc3effa9936d41c5d4daa0c66cd7

Download Submit
\Windows\system\aFWWrYB.exe

Filesize
6.0MB

MD5
69b8904dd2f3103a42f2db8c0a5df9d2

SHA1
92fdcc866e334a2924f7069d265f9a2bdb4db80e

SHA256
d021fbc5d0c0a1dbc0f9893f84519ce9864058127d53a3b6ca64fdff11e825bc

SHA512
d33b3975b30233a0505b4064bce1b733c3a9d4480e063775b83a156d0e9d762b55c2f5d8800874d33a04eead24016e10cea83c1a42829c29e71346a6e5862744

Download Submit
\Windows\system\glydCuc.exe

Filesize
6.0MB

MD5
77df410ce9fca5b9bf3d2a8cb1fbc5bf

SHA1
8f66f034546f8d81f856b5ca8dd3a682085d9d60

SHA256
0186e1acf6700a9add36e4d59161d4cecf4c673355cd5d457cd2d4728e36b8d5

SHA512
87fa83c34ec1e12338282b338e79c437b73c00f9d7972c49d6717553ac0df6c6241a46973cadabc4dbb31d37f2921fde9d605d24c74c859843b492717a1331a8

Download Submit
\Windows\system\qHLvwLc.exe

Filesize
6.0MB

MD5
5850a57e81fc34d44140e74928e3559c

SHA1
8fe912e8b8234bdf83ecf5e47b732f3ae6b6d930

SHA256
e103b38df061cc8b830433f5797060920c9962d96d2276cee8403e28fdc91ed1

SHA512
db20c8e38ee8974fa7ecbdb3bc989490a89b0a2d91593ed32e3f8dd985fd98a2dc1b4668406e1e976d1b2ca357744c0ebb7f3567283fb9361412c2ed07f7a731

Download Submit
\Windows\system\rygVPjB.exe

Filesize
6.0MB

MD5
76d0c8feb578dabc5aacc1a542327858

SHA1
dc7ddf313a622591ec0548d6968d265f32b97c48

SHA256
9024a2c4cd4d683867796f61d04bbc337fb08fad971d3f802643509542714e98

SHA512
6db710da71e3840b38d7293f219b305b0606fb1e70545ca3effa65c1e2a3ba924d200e8e0987c3dacba350d6551377426bdad01cd7b8dbef79414388b575ed13

Download Submit
memory/1968-2111-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2823-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1968-3099-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-3097-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1947-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-3055-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1968-0-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2204-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2122-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1968-3034-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-3030-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-3035-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2351-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2350-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2826-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2052-2934-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2052-12-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3654-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2100-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3689-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2936-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1878-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3665-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3682-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2131-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2335-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3691-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2192-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3644-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3683-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1946-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download