cobaltstrike | b0cfbebc5b3182f9751bdbb03d7cb42cae4e32f5b1e0f9f049e3cc3d2ea50aaa

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

1205b3f729a540b1a413f9b6abd67915
SHA1

171b177ab933ce3946e767b867ab0a5527a39849
SHA256

b0cfbebc5b3182f9751bdbb03d7cb42cae4e32f5b1e0f9f049e3cc3d2ea50aaa
SHA512

ca4f1b3c5bd98cf9e2af06a954d2c0a7e0f8da58c95c3828a8375dcdc9747904a2ed041446baff9433cdb956bf24c75ab8ff721afc5097000f955ece2f74a738
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUN:eOl56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120d6-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001660e-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016689-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-175.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-163.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016edc-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-160.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b86-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-96.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-64.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-27.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-132.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-101.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-56.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral1/memory/1912-0-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x00090000000120d6-6.dat	xmrig
behavioral1/files/0x000800000001660e-11.dat	xmrig
behavioral1/files/0x0008000000016689-12.dat	xmrig
behavioral1/files/0x0006000000018be7-188.dat	xmrig
behavioral1/files/0x000500000001871c-178.dat	xmrig
behavioral1/memory/2328-1122-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2616-1255-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2636-999-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1912-874-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x000500000001939f-189.dat	xmrig
behavioral1/files/0x0005000000018706-177.dat	xmrig
behavioral1/files/0x0005000000019358-175.dat	xmrig
behavioral1/files/0x00060000000174f8-163.dat	xmrig
behavioral1/files/0x0007000000016edc-162.dat	xmrig
behavioral1/files/0x00050000000192a1-160.dat	xmrig
behavioral1/files/0x0007000000016b86-151.dat	xmrig
behavioral1/files/0x000500000001927a-145.dat	xmrig
behavioral1/files/0x000500000001924f-140.dat	xmrig
behavioral1/files/0x0005000000019261-136.dat	xmrig
behavioral1/files/0x0005000000019237-126.dat	xmrig
behavioral1/files/0x0006000000019056-118.dat	xmrig
behavioral1/files/0x0006000000018d83-104.dat	xmrig
behavioral1/files/0x000500000001870c-97.dat	xmrig
behavioral1/files/0x0005000000018697-96.dat	xmrig
behavioral1/files/0x000d000000018683-69.dat	xmrig
behavioral1/files/0x0006000000017570-64.dat	xmrig
behavioral1/files/0x00060000000175f1-61.dat	xmrig
behavioral1/memory/2012-53-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ca0-27.dat	xmrig
behavioral1/memory/2256-22-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001938e-182.dat	xmrig
behavioral1/files/0x0005000000019354-169.dat	xmrig
behavioral1/files/0x0005000000019299-154.dat	xmrig
behavioral1/files/0x0005000000019274-143.dat	xmrig
behavioral1/files/0x0005000000019203-132.dat	xmrig
behavioral1/memory/2656-117-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018fdf-114.dat	xmrig
behavioral1/files/0x0006000000018d7b-112.dat	xmrig
behavioral1/memory/2616-111-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0005000000018745-101.dat	xmrig
behavioral1/memory/2328-91-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f7-75.dat	xmrig
behavioral1/memory/2636-58-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x00060000000174b4-56.dat	xmrig
behavioral1/memory/1912-40-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/1948-39-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cf0-35.dat	xmrig
behavioral1/files/0x0007000000016c89-34.dat	xmrig
behavioral1/memory/1652-33-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1664-18-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2616-3939-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2256-3941-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/1652-3944-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1664-3943-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2656-4151-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2328-3967-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/1948-3966-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2636-3965-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2012-3964-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1664	HvaFSmm.exe
2256	GiEwlIy.exe
1652	tPsTEPw.exe
2012	qoPKoYx.exe
1948	ECTVnnK.exe
2636	WfNkPYg.exe
2656	oNDOsbO.exe
2328	YYbFJVk.exe
2616	QfCklrK.exe
2816	WomjLUK.exe
2568	dbZozgq.exe
2528	Rohbihz.exe
1492	HzPXJgD.exe
1676	XiYKsxm.exe
2556	oUOeTGi.exe
776	jmdoLzk.exe
2536	exMMNLr.exe
2780	cVVDdNa.exe
2996	HwiJFqW.exe
2368	NlBiUHb.exe
2600	IuJKwCq.exe
3000	dQAORwX.exe
2112	jQpzlgg.exe
2464	DGutdNl.exe
2700	KNqAiuB.exe
2692	tOKQHSC.exe
1252	CDMVCeW.exe
2468	qdEBfAV.exe
2704	JqUIQPL.exe
1896	pGMWxpz.exe
1960	YuMWvEB.exe
1636	WsVfnjQ.exe
1836	StulRkJ.exe
1988	zAQuzGu.exe
2908	didCzaT.exe
3004	PNtmptc.exe
980	AjzFROp.exe
1092	lkaOIdC.exe
1336	zFIoXJi.exe
2172	hgMXmzk.exe
1300	HdgwEhb.exe
2952	ctvBhjT.exe
748	SfgLAaW.exe
864	SrgaOqz.exe
1008	rakHijy.exe
2148	sRQZqGV.exe
2096	WoWVhGt.exe
1756	sxlhBQj.exe
2552	oKMwzqp.exe
1484	IcRxCiU.exe
1712	OVyauZl.exe
2404	XXUdNMd.exe
1552	xxanUwv.exe
1584	mwkAkzs.exe
2248	PtGLSRe.exe
2964	qLcyxwy.exe
2008	pwqvctK.exe
2684	AzjcNhz.exe
2588	gdyJqJp.exe
1700	QWphErX.exe
316	EqGcfvW.exe
1952	JOQEDDb.exe
2748	XnWpDmm.exe
2888	oBaXTtR.exe

Loads dropped DLL 64 IoCs

pid	Process
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1912-0-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x00090000000120d6-6.dat	upx
behavioral1/files/0x000800000001660e-11.dat	upx
behavioral1/files/0x0008000000016689-12.dat	upx
behavioral1/files/0x0006000000018be7-188.dat	upx
behavioral1/files/0x000500000001871c-178.dat	upx
behavioral1/memory/2328-1122-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2616-1255-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2636-999-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1912-874-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x000500000001939f-189.dat	upx
behavioral1/files/0x0005000000018706-177.dat	upx
behavioral1/files/0x0005000000019358-175.dat	upx
behavioral1/files/0x00060000000174f8-163.dat	upx
behavioral1/files/0x0007000000016edc-162.dat	upx
behavioral1/files/0x00050000000192a1-160.dat	upx
behavioral1/files/0x0007000000016b86-151.dat	upx
behavioral1/files/0x000500000001927a-145.dat	upx
behavioral1/files/0x000500000001924f-140.dat	upx
behavioral1/files/0x0005000000019261-136.dat	upx
behavioral1/files/0x0005000000019237-126.dat	upx
behavioral1/files/0x0006000000019056-118.dat	upx
behavioral1/files/0x0006000000018d83-104.dat	upx
behavioral1/files/0x000500000001870c-97.dat	upx
behavioral1/files/0x0005000000018697-96.dat	upx
behavioral1/files/0x000d000000018683-69.dat	upx
behavioral1/files/0x0006000000017570-64.dat	upx
behavioral1/files/0x00060000000175f1-61.dat	upx
behavioral1/memory/2012-53-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0007000000016ca0-27.dat	upx
behavioral1/memory/2256-22-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x000500000001938e-182.dat	upx
behavioral1/files/0x0005000000019354-169.dat	upx
behavioral1/files/0x0005000000019299-154.dat	upx
behavioral1/files/0x0005000000019274-143.dat	upx
behavioral1/files/0x0005000000019203-132.dat	upx
behavioral1/memory/2656-117-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x0006000000018fdf-114.dat	upx
behavioral1/files/0x0006000000018d7b-112.dat	upx
behavioral1/memory/2616-111-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0005000000018745-101.dat	upx
behavioral1/memory/2328-91-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x00060000000175f7-75.dat	upx
behavioral1/memory/2636-58-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x00060000000174b4-56.dat	upx
behavioral1/memory/1948-39-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x0009000000016cf0-35.dat	upx
behavioral1/files/0x0007000000016c89-34.dat	upx
behavioral1/memory/1652-33-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1664-18-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2616-3939-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2256-3941-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/1652-3944-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1664-3943-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2656-4151-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2328-3967-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/1948-3966-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2636-3965-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2012-3964-0x000000013F730000-0x000000013FA84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mqHGYiv.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbwGyQk.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjtMtTo.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoVydUb.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGnNxRX.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNDBBTp.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOrdVYa.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdtWvoJ.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAoRqvx.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBsZfzT.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmwnYjt.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcKeAGc.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwbJknR.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfWAANN.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgiDOYS.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIyAdIN.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIxPflK.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEQujOn.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfrmKUX.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQEbSUk.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbcyvhA.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiVNxmT.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgkNCyA.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEBEeeP.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvADexn.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnBYXVX.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJDbjsL.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpaXTcZ.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLaaqRw.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CeJlmWz.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOrFUPd.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVsuQGL.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBDciqV.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cpwnhsn.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUxGctL.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emGDhgO.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECTVnnK.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWphErX.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIenrFo.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzpoorP.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQNcMyX.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rugWwPc.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYNcgae.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXFRCkB.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAxTQJU.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIlaOJB.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZtQkjn.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXTPyji.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXpuSSZ.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suBWRlC.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsKeuQs.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFNjSea.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvbwwcV.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbXqdJx.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXKibqX.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUUnlRs.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKMwzqp.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMzaAAb.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXTkcGC.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIUZLyX.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiHOrpU.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zsRBcgQ.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YeDdvUu.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqwgoOU.exe	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 1664	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1912 wrote to memory of 1664	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1912 wrote to memory of 1664	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1912 wrote to memory of 2256	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1912 wrote to memory of 2256	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1912 wrote to memory of 2256	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1912 wrote to memory of 1652	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1912 wrote to memory of 1652	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1912 wrote to memory of 1652	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1912 wrote to memory of 2536	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1912 wrote to memory of 2536	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1912 wrote to memory of 2536	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1912 wrote to memory of 2012	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1912 wrote to memory of 2012	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1912 wrote to memory of 2012	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1912 wrote to memory of 2996	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1912 wrote to memory of 2996	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1912 wrote to memory of 2996	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1912 wrote to memory of 1948	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1912 wrote to memory of 1948	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1912 wrote to memory of 1948	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1912 wrote to memory of 2368	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1912 wrote to memory of 2368	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1912 wrote to memory of 2368	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1912 wrote to memory of 2636	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1912 wrote to memory of 2636	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1912 wrote to memory of 2636	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1912 wrote to memory of 2600	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1912 wrote to memory of 2600	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1912 wrote to memory of 2600	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1912 wrote to memory of 2656	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1912 wrote to memory of 2656	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1912 wrote to memory of 2656	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1912 wrote to memory of 2112	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1912 wrote to memory of 2112	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1912 wrote to memory of 2112	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1912 wrote to memory of 2328	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1912 wrote to memory of 2328	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1912 wrote to memory of 2328	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1912 wrote to memory of 2464	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1912 wrote to memory of 2464	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1912 wrote to memory of 2464	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1912 wrote to memory of 2616	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1912 wrote to memory of 2616	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1912 wrote to memory of 2616	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1912 wrote to memory of 2700	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1912 wrote to memory of 2700	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1912 wrote to memory of 2700	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1912 wrote to memory of 2816	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1912 wrote to memory of 2816	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1912 wrote to memory of 2816	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1912 wrote to memory of 2692	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1912 wrote to memory of 2692	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1912 wrote to memory of 2692	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1912 wrote to memory of 2568	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1912 wrote to memory of 2568	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1912 wrote to memory of 2568	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1912 wrote to memory of 2468	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1912 wrote to memory of 2468	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1912 wrote to memory of 2468	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1912 wrote to memory of 2528	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1912 wrote to memory of 2528	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1912 wrote to memory of 2528	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1912 wrote to memory of 2704	1912	2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_1205b3f729a540b1a413f9b6abd67915_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\System\HvaFSmm.exe
  C:\Windows\System\HvaFSmm.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\GiEwlIy.exe
  C:\Windows\System\GiEwlIy.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\tPsTEPw.exe
  C:\Windows\System\tPsTEPw.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\exMMNLr.exe
  C:\Windows\System\exMMNLr.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\qoPKoYx.exe
  C:\Windows\System\qoPKoYx.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\HwiJFqW.exe
  C:\Windows\System\HwiJFqW.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ECTVnnK.exe
  C:\Windows\System\ECTVnnK.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\NlBiUHb.exe
  C:\Windows\System\NlBiUHb.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\WfNkPYg.exe
  C:\Windows\System\WfNkPYg.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\IuJKwCq.exe
  C:\Windows\System\IuJKwCq.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\oNDOsbO.exe
  C:\Windows\System\oNDOsbO.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\jQpzlgg.exe
  C:\Windows\System\jQpzlgg.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\YYbFJVk.exe
  C:\Windows\System\YYbFJVk.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\DGutdNl.exe
  C:\Windows\System\DGutdNl.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\QfCklrK.exe
  C:\Windows\System\QfCklrK.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\KNqAiuB.exe
  C:\Windows\System\KNqAiuB.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\WomjLUK.exe
  C:\Windows\System\WomjLUK.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\tOKQHSC.exe
  C:\Windows\System\tOKQHSC.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\dbZozgq.exe
  C:\Windows\System\dbZozgq.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\qdEBfAV.exe
  C:\Windows\System\qdEBfAV.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\Rohbihz.exe
  C:\Windows\System\Rohbihz.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\JqUIQPL.exe
  C:\Windows\System\JqUIQPL.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\HzPXJgD.exe
  C:\Windows\System\HzPXJgD.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\pGMWxpz.exe
  C:\Windows\System\pGMWxpz.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\XiYKsxm.exe
  C:\Windows\System\XiYKsxm.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\WsVfnjQ.exe
  C:\Windows\System\WsVfnjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\oUOeTGi.exe
  C:\Windows\System\oUOeTGi.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\StulRkJ.exe
  C:\Windows\System\StulRkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\jmdoLzk.exe
  C:\Windows\System\jmdoLzk.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\zAQuzGu.exe
  C:\Windows\System\zAQuzGu.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\cVVDdNa.exe
  C:\Windows\System\cVVDdNa.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\didCzaT.exe
  C:\Windows\System\didCzaT.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\dQAORwX.exe
  C:\Windows\System\dQAORwX.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\AjzFROp.exe
  C:\Windows\System\AjzFROp.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\CDMVCeW.exe
  C:\Windows\System\CDMVCeW.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\lkaOIdC.exe
  C:\Windows\System\lkaOIdC.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\YuMWvEB.exe
  C:\Windows\System\YuMWvEB.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\zFIoXJi.exe
  C:\Windows\System\zFIoXJi.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\PNtmptc.exe
  C:\Windows\System\PNtmptc.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\HdgwEhb.exe
  C:\Windows\System\HdgwEhb.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\hgMXmzk.exe
  C:\Windows\System\hgMXmzk.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\SfgLAaW.exe
  C:\Windows\System\SfgLAaW.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\ctvBhjT.exe
  C:\Windows\System\ctvBhjT.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\SrgaOqz.exe
  C:\Windows\System\SrgaOqz.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\rakHijy.exe
  C:\Windows\System\rakHijy.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\sRQZqGV.exe
  C:\Windows\System\sRQZqGV.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\WoWVhGt.exe
  C:\Windows\System\WoWVhGt.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\oKMwzqp.exe
  C:\Windows\System\oKMwzqp.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\sxlhBQj.exe
  C:\Windows\System\sxlhBQj.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\IcRxCiU.exe
  C:\Windows\System\IcRxCiU.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\OVyauZl.exe
  C:\Windows\System\OVyauZl.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\XXUdNMd.exe
  C:\Windows\System\XXUdNMd.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\xxanUwv.exe
  C:\Windows\System\xxanUwv.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\mwkAkzs.exe
  C:\Windows\System\mwkAkzs.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\PtGLSRe.exe
  C:\Windows\System\PtGLSRe.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\qLcyxwy.exe
  C:\Windows\System\qLcyxwy.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\pwqvctK.exe
  C:\Windows\System\pwqvctK.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\AzjcNhz.exe
  C:\Windows\System\AzjcNhz.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\gdyJqJp.exe
  C:\Windows\System\gdyJqJp.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\QWphErX.exe
  C:\Windows\System\QWphErX.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\EqGcfvW.exe
  C:\Windows\System\EqGcfvW.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\JOQEDDb.exe
  C:\Windows\System\JOQEDDb.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\XnWpDmm.exe
  C:\Windows\System\XnWpDmm.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\oBaXTtR.exe
  C:\Windows\System\oBaXTtR.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\FTNRuqZ.exe
  C:\Windows\System\FTNRuqZ.exe
  2⤵
  PID:1520
- C:\Windows\System\bPwJgVc.exe
  C:\Windows\System\bPwJgVc.exe
  2⤵
  PID:1080
- C:\Windows\System\xqVWLUl.exe
  C:\Windows\System\xqVWLUl.exe
  2⤵
  PID:940
- C:\Windows\System\yurDFKu.exe
  C:\Windows\System\yurDFKu.exe
  2⤵
  PID:772
- C:\Windows\System\XvyzBvm.exe
  C:\Windows\System\XvyzBvm.exe
  2⤵
  PID:1016
- C:\Windows\System\alihXbl.exe
  C:\Windows\System\alihXbl.exe
  2⤵
  PID:1360
- C:\Windows\System\sCYYQNm.exe
  C:\Windows\System\sCYYQNm.exe
  2⤵
  PID:2716
- C:\Windows\System\dywzTge.exe
  C:\Windows\System\dywzTge.exe
  2⤵
  PID:1928
- C:\Windows\System\skeGoeY.exe
  C:\Windows\System\skeGoeY.exe
  2⤵
  PID:2444
- C:\Windows\System\iBqQNrI.exe
  C:\Windows\System\iBqQNrI.exe
  2⤵
  PID:1924
- C:\Windows\System\FWZLJvP.exe
  C:\Windows\System\FWZLJvP.exe
  2⤵
  PID:1796
- C:\Windows\System\GzemtWz.exe
  C:\Windows\System\GzemtWz.exe
  2⤵
  PID:2144
- C:\Windows\System\oIenrFo.exe
  C:\Windows\System\oIenrFo.exe
  2⤵
  PID:924
- C:\Windows\System\pnzDCLU.exe
  C:\Windows\System\pnzDCLU.exe
  2⤵
  PID:1316
- C:\Windows\System\ehHfJfN.exe
  C:\Windows\System\ehHfJfN.exe
  2⤵
  PID:2960
- C:\Windows\System\gDYooTq.exe
  C:\Windows\System\gDYooTq.exe
  2⤵
  PID:112
- C:\Windows\System\ogyqSSs.exe
  C:\Windows\System\ogyqSSs.exe
  2⤵
  PID:2156
- C:\Windows\System\PXwlDUB.exe
  C:\Windows\System\PXwlDUB.exe
  2⤵
  PID:2216
- C:\Windows\System\OEDdiwK.exe
  C:\Windows\System\OEDdiwK.exe
  2⤵
  PID:568
- C:\Windows\System\IVGZrhE.exe
  C:\Windows\System\IVGZrhE.exe
  2⤵
  PID:624
- C:\Windows\System\greTcsg.exe
  C:\Windows\System\greTcsg.exe
  2⤵
  PID:2060
- C:\Windows\System\MLdQQRc.exe
  C:\Windows\System\MLdQQRc.exe
  2⤵
  PID:1588
- C:\Windows\System\fzBKdLv.exe
  C:\Windows\System\fzBKdLv.exe
  2⤵
  PID:1576
- C:\Windows\System\owOFRLS.exe
  C:\Windows\System\owOFRLS.exe
  2⤵
  PID:2548
- C:\Windows\System\aYSkZEq.exe
  C:\Windows\System\aYSkZEq.exe
  2⤵
  PID:2728
- C:\Windows\System\nEJePPB.exe
  C:\Windows\System\nEJePPB.exe
  2⤵
  PID:2292
- C:\Windows\System\QKIgGgS.exe
  C:\Windows\System\QKIgGgS.exe
  2⤵
  PID:3032
- C:\Windows\System\XqNsBns.exe
  C:\Windows\System\XqNsBns.exe
  2⤵
  PID:3012
- C:\Windows\System\KLLRisV.exe
  C:\Windows\System\KLLRisV.exe
  2⤵
  PID:1268
- C:\Windows\System\BNOEHlM.exe
  C:\Windows\System\BNOEHlM.exe
  2⤵
  PID:328
- C:\Windows\System\BbyajSI.exe
  C:\Windows\System\BbyajSI.exe
  2⤵
  PID:2652
- C:\Windows\System\JbkNWzH.exe
  C:\Windows\System\JbkNWzH.exe
  2⤵
  PID:2648
- C:\Windows\System\taqvtsR.exe
  C:\Windows\System\taqvtsR.exe
  2⤵
  PID:2504
- C:\Windows\System\rzPIEfT.exe
  C:\Windows\System\rzPIEfT.exe
  2⤵
  PID:3028
- C:\Windows\System\tYVxJjA.exe
  C:\Windows\System\tYVxJjA.exe
  2⤵
  PID:3008
- C:\Windows\System\LDAhviM.exe
  C:\Windows\System\LDAhviM.exe
  2⤵
  PID:1608
- C:\Windows\System\qmJuWUd.exe
  C:\Windows\System\qmJuWUd.exe
  2⤵
  PID:684
- C:\Windows\System\MUThYFV.exe
  C:\Windows\System\MUThYFV.exe
  2⤵
  PID:1932
- C:\Windows\System\XJyjvnS.exe
  C:\Windows\System\XJyjvnS.exe
  2⤵
  PID:3088
- C:\Windows\System\LNHOjNS.exe
  C:\Windows\System\LNHOjNS.exe
  2⤵
  PID:3112
- C:\Windows\System\vJqURhu.exe
  C:\Windows\System\vJqURhu.exe
  2⤵
  PID:3132
- C:\Windows\System\cqygHyP.exe
  C:\Windows\System\cqygHyP.exe
  2⤵
  PID:3148
- C:\Windows\System\GOHSoxn.exe
  C:\Windows\System\GOHSoxn.exe
  2⤵
  PID:3168
- C:\Windows\System\lSCbfwM.exe
  C:\Windows\System\lSCbfwM.exe
  2⤵
  PID:3184
- C:\Windows\System\zCWmgDu.exe
  C:\Windows\System\zCWmgDu.exe
  2⤵
  PID:3204
- C:\Windows\System\qFeVVQS.exe
  C:\Windows\System\qFeVVQS.exe
  2⤵
  PID:3220
- C:\Windows\System\aMeBEWw.exe
  C:\Windows\System\aMeBEWw.exe
  2⤵
  PID:3244
- C:\Windows\System\bcbEDxw.exe
  C:\Windows\System\bcbEDxw.exe
  2⤵
  PID:3260
- C:\Windows\System\cXPAHsk.exe
  C:\Windows\System\cXPAHsk.exe
  2⤵
  PID:3280
- C:\Windows\System\ykPfSnU.exe
  C:\Windows\System\ykPfSnU.exe
  2⤵
  PID:3312
- C:\Windows\System\uIDgktq.exe
  C:\Windows\System\uIDgktq.exe
  2⤵
  PID:3332
- C:\Windows\System\zsRBcgQ.exe
  C:\Windows\System\zsRBcgQ.exe
  2⤵
  PID:3352
- C:\Windows\System\FhVCQAL.exe
  C:\Windows\System\FhVCQAL.exe
  2⤵
  PID:3368
- C:\Windows\System\zOfgjAF.exe
  C:\Windows\System\zOfgjAF.exe
  2⤵
  PID:3392
- C:\Windows\System\YpdEbhH.exe
  C:\Windows\System\YpdEbhH.exe
  2⤵
  PID:3408
- C:\Windows\System\PIJjuBn.exe
  C:\Windows\System\PIJjuBn.exe
  2⤵
  PID:3428
- C:\Windows\System\AKRbqVL.exe
  C:\Windows\System\AKRbqVL.exe
  2⤵
  PID:3448
- C:\Windows\System\enxyTPK.exe
  C:\Windows\System\enxyTPK.exe
  2⤵
  PID:3468
- C:\Windows\System\moRWPQr.exe
  C:\Windows\System\moRWPQr.exe
  2⤵
  PID:3488
- C:\Windows\System\FOAGszr.exe
  C:\Windows\System\FOAGszr.exe
  2⤵
  PID:3504
- C:\Windows\System\LJjnbMX.exe
  C:\Windows\System\LJjnbMX.exe
  2⤵
  PID:3528
- C:\Windows\System\UPfNdnb.exe
  C:\Windows\System\UPfNdnb.exe
  2⤵
  PID:3552
- C:\Windows\System\eHeAIVr.exe
  C:\Windows\System\eHeAIVr.exe
  2⤵
  PID:3568
- C:\Windows\System\dnfVAwx.exe
  C:\Windows\System\dnfVAwx.exe
  2⤵
  PID:3588
- C:\Windows\System\HrWqxJb.exe
  C:\Windows\System\HrWqxJb.exe
  2⤵
  PID:3608
- C:\Windows\System\tKfNnBz.exe
  C:\Windows\System\tKfNnBz.exe
  2⤵
  PID:3624
- C:\Windows\System\PGaUuFc.exe
  C:\Windows\System\PGaUuFc.exe
  2⤵
  PID:3640
- C:\Windows\System\DPICyST.exe
  C:\Windows\System\DPICyST.exe
  2⤵
  PID:3660
- C:\Windows\System\efwnbRg.exe
  C:\Windows\System\efwnbRg.exe
  2⤵
  PID:3688
- C:\Windows\System\pyvXieS.exe
  C:\Windows\System\pyvXieS.exe
  2⤵
  PID:3712
- C:\Windows\System\YtTPaMp.exe
  C:\Windows\System\YtTPaMp.exe
  2⤵
  PID:3728
- C:\Windows\System\vpeJCox.exe
  C:\Windows\System\vpeJCox.exe
  2⤵
  PID:3748
- C:\Windows\System\eFJFwBi.exe
  C:\Windows\System\eFJFwBi.exe
  2⤵
  PID:3768
- C:\Windows\System\poCZeVj.exe
  C:\Windows\System\poCZeVj.exe
  2⤵
  PID:3784
- C:\Windows\System\DFNjSea.exe
  C:\Windows\System\DFNjSea.exe
  2⤵
  PID:3804
- C:\Windows\System\qbAZzZe.exe
  C:\Windows\System\qbAZzZe.exe
  2⤵
  PID:3820
- C:\Windows\System\nucEhpM.exe
  C:\Windows\System\nucEhpM.exe
  2⤵
  PID:3840
- C:\Windows\System\KjxyuWG.exe
  C:\Windows\System\KjxyuWG.exe
  2⤵
  PID:3856
- C:\Windows\System\TopjWhT.exe
  C:\Windows\System\TopjWhT.exe
  2⤵
  PID:3880
- C:\Windows\System\tiBXzIv.exe
  C:\Windows\System\tiBXzIv.exe
  2⤵
  PID:3900
- C:\Windows\System\iUvango.exe
  C:\Windows\System\iUvango.exe
  2⤵
  PID:3928
- C:\Windows\System\UDORfht.exe
  C:\Windows\System\UDORfht.exe
  2⤵
  PID:3948
- C:\Windows\System\ZWAEosU.exe
  C:\Windows\System\ZWAEosU.exe
  2⤵
  PID:3968
- C:\Windows\System\KoVydUb.exe
  C:\Windows\System\KoVydUb.exe
  2⤵
  PID:3984
- C:\Windows\System\QfuFtCK.exe
  C:\Windows\System\QfuFtCK.exe
  2⤵
  PID:4004
- C:\Windows\System\XXSRuNB.exe
  C:\Windows\System\XXSRuNB.exe
  2⤵
  PID:4028
- C:\Windows\System\EoNljbC.exe
  C:\Windows\System\EoNljbC.exe
  2⤵
  PID:4048
- C:\Windows\System\EQTgGjD.exe
  C:\Windows\System\EQTgGjD.exe
  2⤵
  PID:4072
- C:\Windows\System\JZeLQgB.exe
  C:\Windows\System\JZeLQgB.exe
  2⤵
  PID:4088
- C:\Windows\System\RRGbeSi.exe
  C:\Windows\System\RRGbeSi.exe
  2⤵
  PID:2824
- C:\Windows\System\aqQMZNi.exe
  C:\Windows\System\aqQMZNi.exe
  2⤵
  PID:2136
- C:\Windows\System\fqYzGne.exe
  C:\Windows\System\fqYzGne.exe
  2⤵
  PID:2408
- C:\Windows\System\DlUqFFw.exe
  C:\Windows\System\DlUqFFw.exe
  2⤵
  PID:2284
- C:\Windows\System\gvKrCSm.exe
  C:\Windows\System\gvKrCSm.exe
  2⤵
  PID:2440
- C:\Windows\System\udBgLMZ.exe
  C:\Windows\System\udBgLMZ.exe
  2⤵
  PID:2924
- C:\Windows\System\bWTGtMZ.exe
  C:\Windows\System\bWTGtMZ.exe
  2⤵
  PID:1976
- C:\Windows\System\dIxPflK.exe
  C:\Windows\System\dIxPflK.exe
  2⤵
  PID:1312
- C:\Windows\System\IpxpTvD.exe
  C:\Windows\System\IpxpTvD.exe
  2⤵
  PID:352
- C:\Windows\System\GzpoorP.exe
  C:\Windows\System\GzpoorP.exe
  2⤵
  PID:2928
- C:\Windows\System\NGvlbiZ.exe
  C:\Windows\System\NGvlbiZ.exe
  2⤵
  PID:2336
- C:\Windows\System\qXFRCkB.exe
  C:\Windows\System\qXFRCkB.exe
  2⤵
  PID:896
- C:\Windows\System\BXTPyji.exe
  C:\Windows\System\BXTPyji.exe
  2⤵
  PID:1460
- C:\Windows\System\PEhBmPm.exe
  C:\Windows\System\PEhBmPm.exe
  2⤵
  PID:3100
- C:\Windows\System\sHZCqMr.exe
  C:\Windows\System\sHZCqMr.exe
  2⤵
  PID:3144
- C:\Windows\System\JBFNCtq.exe
  C:\Windows\System\JBFNCtq.exe
  2⤵
  PID:3252
- C:\Windows\System\QHYEKdV.exe
  C:\Windows\System\QHYEKdV.exe
  2⤵
  PID:3160
- C:\Windows\System\BKpJzCE.exe
  C:\Windows\System\BKpJzCE.exe
  2⤵
  PID:3236
- C:\Windows\System\xxQgDkg.exe
  C:\Windows\System\xxQgDkg.exe
  2⤵
  PID:3192
- C:\Windows\System\dvokavP.exe
  C:\Windows\System\dvokavP.exe
  2⤵
  PID:3296
- C:\Windows\System\XmdmtYd.exe
  C:\Windows\System\XmdmtYd.exe
  2⤵
  PID:3340
- C:\Windows\System\lUKZQKC.exe
  C:\Windows\System\lUKZQKC.exe
  2⤵
  PID:3380
- C:\Windows\System\xxiWsvg.exe
  C:\Windows\System\xxiWsvg.exe
  2⤵
  PID:3324
- C:\Windows\System\FdvwPKk.exe
  C:\Windows\System\FdvwPKk.exe
  2⤵
  PID:3404
- C:\Windows\System\WKZACsU.exe
  C:\Windows\System\WKZACsU.exe
  2⤵
  PID:3444
- C:\Windows\System\jSEFqNo.exe
  C:\Windows\System\jSEFqNo.exe
  2⤵
  PID:3536
- C:\Windows\System\vQyKxqx.exe
  C:\Windows\System\vQyKxqx.exe
  2⤵
  PID:3544
- C:\Windows\System\fKyUfYb.exe
  C:\Windows\System\fKyUfYb.exe
  2⤵
  PID:3512
- C:\Windows\System\cRfhUrF.exe
  C:\Windows\System\cRfhUrF.exe
  2⤵
  PID:3652
- C:\Windows\System\xaVKyeY.exe
  C:\Windows\System\xaVKyeY.exe
  2⤵
  PID:3564
- C:\Windows\System\LqKnKOI.exe
  C:\Windows\System\LqKnKOI.exe
  2⤵
  PID:3596
- C:\Windows\System\XXhtemT.exe
  C:\Windows\System\XXhtemT.exe
  2⤵
  PID:3676
- C:\Windows\System\KdTWcEm.exe
  C:\Windows\System\KdTWcEm.exe
  2⤵
  PID:3744
- C:\Windows\System\RhjuYne.exe
  C:\Windows\System\RhjuYne.exe
  2⤵
  PID:3812
- C:\Windows\System\pugrvwb.exe
  C:\Windows\System\pugrvwb.exe
  2⤵
  PID:3888
- C:\Windows\System\znAFioa.exe
  C:\Windows\System\znAFioa.exe
  2⤵
  PID:3836
- C:\Windows\System\mcjSxMO.exe
  C:\Windows\System\mcjSxMO.exe
  2⤵
  PID:3872
- C:\Windows\System\enLPfHM.exe
  C:\Windows\System\enLPfHM.exe
  2⤵
  PID:3792
- C:\Windows\System\tfnShaB.exe
  C:\Windows\System\tfnShaB.exe
  2⤵
  PID:3940
- C:\Windows\System\CvADexn.exe
  C:\Windows\System\CvADexn.exe
  2⤵
  PID:3956
- C:\Windows\System\xjhcGZv.exe
  C:\Windows\System\xjhcGZv.exe
  2⤵
  PID:4024
- C:\Windows\System\TcdcSdD.exe
  C:\Windows\System\TcdcSdD.exe
  2⤵
  PID:4068
- C:\Windows\System\HkmWOlM.exe
  C:\Windows\System\HkmWOlM.exe
  2⤵
  PID:3996
- C:\Windows\System\XmiJEvX.exe
  C:\Windows\System\XmiJEvX.exe
  2⤵
  PID:2340
- C:\Windows\System\oOylEPL.exe
  C:\Windows\System\oOylEPL.exe
  2⤵
  PID:4084
- C:\Windows\System\LMOjzgI.exe
  C:\Windows\System\LMOjzgI.exe
  2⤵
  PID:752
- C:\Windows\System\wqLztvm.exe
  C:\Windows\System\wqLztvm.exe
  2⤵
  PID:2244
- C:\Windows\System\ctRxKWo.exe
  C:\Windows\System\ctRxKWo.exe
  2⤵
  PID:296
- C:\Windows\System\mOZAICX.exe
  C:\Windows\System\mOZAICX.exe
  2⤵
  PID:2828
- C:\Windows\System\oRlFfFV.exe
  C:\Windows\System\oRlFfFV.exe
  2⤵
  PID:1052
- C:\Windows\System\dZzBTpD.exe
  C:\Windows\System\dZzBTpD.exe
  2⤵
  PID:2300
- C:\Windows\System\UmFcHdP.exe
  C:\Windows\System\UmFcHdP.exe
  2⤵
  PID:3104
- C:\Windows\System\kYwxjXD.exe
  C:\Windows\System\kYwxjXD.exe
  2⤵
  PID:3156
- C:\Windows\System\VNNLSlB.exe
  C:\Windows\System\VNNLSlB.exe
  2⤵
  PID:3212
- C:\Windows\System\osJUDku.exe
  C:\Windows\System\osJUDku.exe
  2⤵
  PID:3304
- C:\Windows\System\wfNqnss.exe
  C:\Windows\System\wfNqnss.exe
  2⤵
  PID:3292
- C:\Windows\System\bcHUXGO.exe
  C:\Windows\System\bcHUXGO.exe
  2⤵
  PID:3376
- C:\Windows\System\hWkmaHn.exe
  C:\Windows\System\hWkmaHn.exe
  2⤵
  PID:3400
- C:\Windows\System\dCpfZRg.exe
  C:\Windows\System\dCpfZRg.exe
  2⤵
  PID:3484
- C:\Windows\System\PdBiTUy.exe
  C:\Windows\System\PdBiTUy.exe
  2⤵
  PID:3580
- C:\Windows\System\eXpuSSZ.exe
  C:\Windows\System\eXpuSSZ.exe
  2⤵
  PID:3496
- C:\Windows\System\lDGNrFc.exe
  C:\Windows\System\lDGNrFc.exe
  2⤵
  PID:3672
- C:\Windows\System\DBfVGUG.exe
  C:\Windows\System\DBfVGUG.exe
  2⤵
  PID:3736
- C:\Windows\System\gyLfVva.exe
  C:\Windows\System\gyLfVva.exe
  2⤵
  PID:3852
- C:\Windows\System\eQhTRJB.exe
  C:\Windows\System\eQhTRJB.exe
  2⤵
  PID:3892
- C:\Windows\System\acMjgCc.exe
  C:\Windows\System\acMjgCc.exe
  2⤵
  PID:3832
- C:\Windows\System\EZtPWdv.exe
  C:\Windows\System\EZtPWdv.exe
  2⤵
  PID:3944
- C:\Windows\System\OGnNxRX.exe
  C:\Windows\System\OGnNxRX.exe
  2⤵
  PID:3796
- C:\Windows\System\nAPWfQr.exe
  C:\Windows\System\nAPWfQr.exe
  2⤵
  PID:2316
- C:\Windows\System\IPVoFFx.exe
  C:\Windows\System\IPVoFFx.exe
  2⤵
  PID:4080
- C:\Windows\System\vmdyoUU.exe
  C:\Windows\System\vmdyoUU.exe
  2⤵
  PID:4040
- C:\Windows\System\dpehzkX.exe
  C:\Windows\System\dpehzkX.exe
  2⤵
  PID:2956
- C:\Windows\System\YgvhGGv.exe
  C:\Windows\System\YgvhGGv.exe
  2⤵
  PID:1840
- C:\Windows\System\WYjGQjf.exe
  C:\Windows\System\WYjGQjf.exe
  2⤵
  PID:3128
- C:\Windows\System\gAoRqvx.exe
  C:\Windows\System\gAoRqvx.exe
  2⤵
  PID:4108
- C:\Windows\System\dTAjREX.exe
  C:\Windows\System\dTAjREX.exe
  2⤵
  PID:4124
- C:\Windows\System\CBsZfzT.exe
  C:\Windows\System\CBsZfzT.exe
  2⤵
  PID:4144
- C:\Windows\System\ifZzMMC.exe
  C:\Windows\System\ifZzMMC.exe
  2⤵
  PID:4164
- C:\Windows\System\PKKsyEw.exe
  C:\Windows\System\PKKsyEw.exe
  2⤵
  PID:4184
- C:\Windows\System\nNhfpDC.exe
  C:\Windows\System\nNhfpDC.exe
  2⤵
  PID:4208
- C:\Windows\System\vFhvGAs.exe
  C:\Windows\System\vFhvGAs.exe
  2⤵
  PID:4228
- C:\Windows\System\XPrzjvW.exe
  C:\Windows\System\XPrzjvW.exe
  2⤵
  PID:4248
- C:\Windows\System\UwYiotL.exe
  C:\Windows\System\UwYiotL.exe
  2⤵
  PID:4264
- C:\Windows\System\hdAhkuu.exe
  C:\Windows\System\hdAhkuu.exe
  2⤵
  PID:4280
- C:\Windows\System\VFQgwmU.exe
  C:\Windows\System\VFQgwmU.exe
  2⤵
  PID:4296
- C:\Windows\System\dTIRDtf.exe
  C:\Windows\System\dTIRDtf.exe
  2⤵
  PID:4312
- C:\Windows\System\tXjvCpt.exe
  C:\Windows\System\tXjvCpt.exe
  2⤵
  PID:4328
- C:\Windows\System\FWEpSpQ.exe
  C:\Windows\System\FWEpSpQ.exe
  2⤵
  PID:4344
- C:\Windows\System\UuKQDtW.exe
  C:\Windows\System\UuKQDtW.exe
  2⤵
  PID:4376
- C:\Windows\System\zBEwxkg.exe
  C:\Windows\System\zBEwxkg.exe
  2⤵
  PID:4400
- C:\Windows\System\XlRLVVb.exe
  C:\Windows\System\XlRLVVb.exe
  2⤵
  PID:4424
- C:\Windows\System\PcDwbkd.exe
  C:\Windows\System\PcDwbkd.exe
  2⤵
  PID:4464
- C:\Windows\System\FfsPUTo.exe
  C:\Windows\System\FfsPUTo.exe
  2⤵
  PID:4492
- C:\Windows\System\lhnMXdn.exe
  C:\Windows\System\lhnMXdn.exe
  2⤵
  PID:4516
- C:\Windows\System\hSdduqP.exe
  C:\Windows\System\hSdduqP.exe
  2⤵
  PID:4536
- C:\Windows\System\qovTlNr.exe
  C:\Windows\System\qovTlNr.exe
  2⤵
  PID:4552
- C:\Windows\System\oBHWqBD.exe
  C:\Windows\System\oBHWqBD.exe
  2⤵
  PID:4572
- C:\Windows\System\avwwRmL.exe
  C:\Windows\System\avwwRmL.exe
  2⤵
  PID:4592
- C:\Windows\System\mlVlAPK.exe
  C:\Windows\System\mlVlAPK.exe
  2⤵
  PID:4608
- C:\Windows\System\ZyTVFYK.exe
  C:\Windows\System\ZyTVFYK.exe
  2⤵
  PID:4624
- C:\Windows\System\htsgnjt.exe
  C:\Windows\System\htsgnjt.exe
  2⤵
  PID:4644
- C:\Windows\System\lSRLReQ.exe
  C:\Windows\System\lSRLReQ.exe
  2⤵
  PID:4660
- C:\Windows\System\iMTViIP.exe
  C:\Windows\System\iMTViIP.exe
  2⤵
  PID:4684
- C:\Windows\System\kWzNFyT.exe
  C:\Windows\System\kWzNFyT.exe
  2⤵
  PID:4704
- C:\Windows\System\cZzFuIA.exe
  C:\Windows\System\cZzFuIA.exe
  2⤵
  PID:4736
- C:\Windows\System\GfgDNtU.exe
  C:\Windows\System\GfgDNtU.exe
  2⤵
  PID:4756
- C:\Windows\System\zAxTQJU.exe
  C:\Windows\System\zAxTQJU.exe
  2⤵
  PID:4772
- C:\Windows\System\PeuueMT.exe
  C:\Windows\System\PeuueMT.exe
  2⤵
  PID:4792
- C:\Windows\System\veRvrSP.exe
  C:\Windows\System\veRvrSP.exe
  2⤵
  PID:4812
- C:\Windows\System\bbnsyjd.exe
  C:\Windows\System\bbnsyjd.exe
  2⤵
  PID:4828
- C:\Windows\System\ekAfZqQ.exe
  C:\Windows\System\ekAfZqQ.exe
  2⤵
  PID:4864
- C:\Windows\System\mphliMq.exe
  C:\Windows\System\mphliMq.exe
  2⤵
  PID:4880
- C:\Windows\System\GZACpGV.exe
  C:\Windows\System\GZACpGV.exe
  2⤵
  PID:4908
- C:\Windows\System\XXtexEa.exe
  C:\Windows\System\XXtexEa.exe
  2⤵
  PID:4924
- C:\Windows\System\RYfVhEb.exe
  C:\Windows\System\RYfVhEb.exe
  2⤵
  PID:4944
- C:\Windows\System\zkRSuMi.exe
  C:\Windows\System\zkRSuMi.exe
  2⤵
  PID:4964
- C:\Windows\System\KLFxnVz.exe
  C:\Windows\System\KLFxnVz.exe
  2⤵
  PID:4988
- C:\Windows\System\uHJsIyF.exe
  C:\Windows\System\uHJsIyF.exe
  2⤵
  PID:5008
- C:\Windows\System\lqcxWIa.exe
  C:\Windows\System\lqcxWIa.exe
  2⤵
  PID:5028
- C:\Windows\System\rKcXkaH.exe
  C:\Windows\System\rKcXkaH.exe
  2⤵
  PID:5048
- C:\Windows\System\UOTFMKl.exe
  C:\Windows\System\UOTFMKl.exe
  2⤵
  PID:5068
- C:\Windows\System\EUHfxiL.exe
  C:\Windows\System\EUHfxiL.exe
  2⤵
  PID:5088
- C:\Windows\System\DsOsUnR.exe
  C:\Windows\System\DsOsUnR.exe
  2⤵
  PID:5104
- C:\Windows\System\UgEuAZu.exe
  C:\Windows\System\UgEuAZu.exe
  2⤵
  PID:3308
- C:\Windows\System\FvREgRD.exe
  C:\Windows\System\FvREgRD.exe
  2⤵
  PID:1628
- C:\Windows\System\iLMqdZx.exe
  C:\Windows\System\iLMqdZx.exe
  2⤵
  PID:3548
- C:\Windows\System\AfGoaoN.exe
  C:\Windows\System\AfGoaoN.exe
  2⤵
  PID:3108
- C:\Windows\System\nHxbpDH.exe
  C:\Windows\System\nHxbpDH.exe
  2⤵
  PID:3268
- C:\Windows\System\RoXWBPx.exe
  C:\Windows\System\RoXWBPx.exe
  2⤵
  PID:3776
- C:\Windows\System\hrXJkfj.exe
  C:\Windows\System\hrXJkfj.exe
  2⤵
  PID:3980
- C:\Windows\System\ktGfQlj.exe
  C:\Windows\System\ktGfQlj.exe
  2⤵
  PID:2860
- C:\Windows\System\AnyyoNz.exe
  C:\Windows\System\AnyyoNz.exe
  2⤵
  PID:3196
- C:\Windows\System\aQwWbwv.exe
  C:\Windows\System\aQwWbwv.exe
  2⤵
  PID:4104
- C:\Windows\System\uImsGiY.exe
  C:\Windows\System\uImsGiY.exe
  2⤵
  PID:3476
- C:\Windows\System\iZtpnLk.exe
  C:\Windows\System\iZtpnLk.exe
  2⤵
  PID:3680
- C:\Windows\System\WurvtIu.exe
  C:\Windows\System\WurvtIu.exe
  2⤵
  PID:4132
- C:\Windows\System\FFoclGV.exe
  C:\Windows\System\FFoclGV.exe
  2⤵
  PID:4180
- C:\Windows\System\HqqCjfh.exe
  C:\Windows\System\HqqCjfh.exe
  2⤵
  PID:3964
- C:\Windows\System\qGpSnCR.exe
  C:\Windows\System\qGpSnCR.exe
  2⤵
  PID:2204
- C:\Windows\System\dfCbVLe.exe
  C:\Windows\System\dfCbVLe.exe
  2⤵
  PID:3096
- C:\Windows\System\jnykdEe.exe
  C:\Windows\System\jnykdEe.exe
  2⤵
  PID:4324
- C:\Windows\System\atrOsrh.exe
  C:\Windows\System\atrOsrh.exe
  2⤵
  PID:4372
- C:\Windows\System\xnKeNrD.exe
  C:\Windows\System\xnKeNrD.exe
  2⤵
  PID:4412
- C:\Windows\System\ttalOyM.exe
  C:\Windows\System\ttalOyM.exe
  2⤵
  PID:4160
- C:\Windows\System\HBpUCmE.exe
  C:\Windows\System\HBpUCmE.exe
  2⤵
  PID:4204
- C:\Windows\System\ztrbycp.exe
  C:\Windows\System\ztrbycp.exe
  2⤵
  PID:4304
- C:\Windows\System\MSZxHpd.exe
  C:\Windows\System\MSZxHpd.exe
  2⤵
  PID:4388
- C:\Windows\System\PGklvdq.exe
  C:\Windows\System\PGklvdq.exe
  2⤵
  PID:4476
- C:\Windows\System\XtWyBhO.exe
  C:\Windows\System\XtWyBhO.exe
  2⤵
  PID:4560
- C:\Windows\System\JTADwhD.exe
  C:\Windows\System\JTADwhD.exe
  2⤵
  PID:4456
- C:\Windows\System\jWoSzXw.exe
  C:\Windows\System\jWoSzXw.exe
  2⤵
  PID:4568
- C:\Windows\System\GfZWuZi.exe
  C:\Windows\System\GfZWuZi.exe
  2⤵
  PID:4548
- C:\Windows\System\MTNivBB.exe
  C:\Windows\System\MTNivBB.exe
  2⤵
  PID:4680
- C:\Windows\System\VBmOnas.exe
  C:\Windows\System\VBmOnas.exe
  2⤵
  PID:4580
- C:\Windows\System\wcFdKWj.exe
  C:\Windows\System\wcFdKWj.exe
  2⤵
  PID:4620
- C:\Windows\System\tYXTbTh.exe
  C:\Windows\System\tYXTbTh.exe
  2⤵
  PID:4728
- C:\Windows\System\eJHJtci.exe
  C:\Windows\System\eJHJtci.exe
  2⤵
  PID:4800
- C:\Windows\System\LhdzGyu.exe
  C:\Windows\System\LhdzGyu.exe
  2⤵
  PID:4848
- C:\Windows\System\pEQujOn.exe
  C:\Windows\System\pEQujOn.exe
  2⤵
  PID:4780
- C:\Windows\System\exelSed.exe
  C:\Windows\System\exelSed.exe
  2⤵
  PID:4872
- C:\Windows\System\wKfcnBm.exe
  C:\Windows\System\wKfcnBm.exe
  2⤵
  PID:4896
- C:\Windows\System\GbFajcU.exe
  C:\Windows\System\GbFajcU.exe
  2⤵
  PID:4936
- C:\Windows\System\fgXQfEk.exe
  C:\Windows\System\fgXQfEk.exe
  2⤵
  PID:5016
- C:\Windows\System\iCdoZAD.exe
  C:\Windows\System\iCdoZAD.exe
  2⤵
  PID:4960
- C:\Windows\System\sFvmPMa.exe
  C:\Windows\System\sFvmPMa.exe
  2⤵
  PID:5060
- C:\Windows\System\tNdLgyL.exe
  C:\Windows\System\tNdLgyL.exe
  2⤵
  PID:5044
- C:\Windows\System\OjdHnex.exe
  C:\Windows\System\OjdHnex.exe
  2⤵
  PID:888
- C:\Windows\System\nFTbGpz.exe
  C:\Windows\System\nFTbGpz.exe
  2⤵
  PID:5076
- C:\Windows\System\QgnRhTq.exe
  C:\Windows\System\QgnRhTq.exe
  2⤵
  PID:5116
- C:\Windows\System\mQtFxli.exe
  C:\Windows\System\mQtFxli.exe
  2⤵
  PID:3700
- C:\Windows\System\ocBIYKn.exe
  C:\Windows\System\ocBIYKn.exe
  2⤵
  PID:4036
- C:\Windows\System\RnyCsFo.exe
  C:\Windows\System\RnyCsFo.exe
  2⤵
  PID:4136
- C:\Windows\System\KSSfRmD.exe
  C:\Windows\System\KSSfRmD.exe
  2⤵
  PID:3920
- C:\Windows\System\YNhVqPW.exe
  C:\Windows\System\YNhVqPW.exe
  2⤵
  PID:1624
- C:\Windows\System\LcPZAtf.exe
  C:\Windows\System\LcPZAtf.exe
  2⤵
  PID:3656
- C:\Windows\System\odHhokq.exe
  C:\Windows\System\odHhokq.exe
  2⤵
  PID:3764
- C:\Windows\System\zRFeTLc.exe
  C:\Windows\System\zRFeTLc.exe
  2⤵
  PID:4320
- C:\Windows\System\gSXeimY.exe
  C:\Windows\System\gSXeimY.exe
  2⤵
  PID:4196
- C:\Windows\System\paZCaUD.exe
  C:\Windows\System\paZCaUD.exe
  2⤵
  PID:2500
- C:\Windows\System\MnpWErK.exe
  C:\Windows\System\MnpWErK.exe
  2⤵
  PID:4360
- C:\Windows\System\UabaJtb.exe
  C:\Windows\System\UabaJtb.exe
  2⤵
  PID:4276
- C:\Windows\System\gUndftd.exe
  C:\Windows\System\gUndftd.exe
  2⤵
  PID:4488
- C:\Windows\System\UHKDdfP.exe
  C:\Windows\System\UHKDdfP.exe
  2⤵
  PID:4512
- C:\Windows\System\RJANoqR.exe
  C:\Windows\System\RJANoqR.exe
  2⤵
  PID:4640
- C:\Windows\System\jOzsUeY.exe
  C:\Windows\System\jOzsUeY.exe
  2⤵
  PID:4604
- C:\Windows\System\lACeIsw.exe
  C:\Windows\System\lACeIsw.exe
  2⤵
  PID:4696
- C:\Windows\System\aKdbYbV.exe
  C:\Windows\System\aKdbYbV.exe
  2⤵
  PID:4860
- C:\Windows\System\IBRQSeU.exe
  C:\Windows\System\IBRQSeU.exe
  2⤵
  PID:4724
- C:\Windows\System\VfmWhJV.exe
  C:\Windows\System\VfmWhJV.exe
  2⤵
  PID:4984
- C:\Windows\System\rijnaKG.exe
  C:\Windows\System\rijnaKG.exe
  2⤵
  PID:4940
- C:\Windows\System\ngsrrQZ.exe
  C:\Windows\System\ngsrrQZ.exe
  2⤵
  PID:5020
- C:\Windows\System\eAkgTYD.exe
  C:\Windows\System\eAkgTYD.exe
  2⤵
  PID:5056
- C:\Windows\System\XOwPFmy.exe
  C:\Windows\System\XOwPFmy.exe
  2⤵
  PID:5084
- C:\Windows\System\pctynfP.exe
  C:\Windows\System\pctynfP.exe
  2⤵
  PID:3460
- C:\Windows\System\dQNcMyX.exe
  C:\Windows\System\dQNcMyX.exe
  2⤵
  PID:3668
- C:\Windows\System\MHMrkNZ.exe
  C:\Windows\System\MHMrkNZ.exe
  2⤵
  PID:3464
- C:\Windows\System\JgXHAaS.exe
  C:\Windows\System\JgXHAaS.exe
  2⤵
  PID:3632
- C:\Windows\System\khPBwqP.exe
  C:\Windows\System\khPBwqP.exe
  2⤵
  PID:2364
- C:\Windows\System\OYCryTG.exe
  C:\Windows\System\OYCryTG.exe
  2⤵
  PID:4220
- C:\Windows\System\CnGmNCR.exe
  C:\Windows\System\CnGmNCR.exe
  2⤵
  PID:4340
- C:\Windows\System\hXcxBYs.exe
  C:\Windows\System\hXcxBYs.exe
  2⤵
  PID:4120
- C:\Windows\System\TeLZruX.exe
  C:\Windows\System\TeLZruX.exe
  2⤵
  PID:4504
- C:\Windows\System\BcUcqCP.exe
  C:\Windows\System\BcUcqCP.exe
  2⤵
  PID:4240
- C:\Windows\System\gOvWdOG.exe
  C:\Windows\System\gOvWdOG.exe
  2⤵
  PID:4636
- C:\Windows\System\EcljWXZ.exe
  C:\Windows\System\EcljWXZ.exe
  2⤵
  PID:4600
- C:\Windows\System\nbBxOsv.exe
  C:\Windows\System\nbBxOsv.exe
  2⤵
  PID:4748
- C:\Windows\System\suBWRlC.exe
  C:\Windows\System\suBWRlC.exe
  2⤵
  PID:5132
- C:\Windows\System\skFFNDq.exe
  C:\Windows\System\skFFNDq.exe
  2⤵
  PID:5152
- C:\Windows\System\SWEEFQh.exe
  C:\Windows\System\SWEEFQh.exe
  2⤵
  PID:5172
- C:\Windows\System\NibORcB.exe
  C:\Windows\System\NibORcB.exe
  2⤵
  PID:5192
- C:\Windows\System\cIvERFW.exe
  C:\Windows\System\cIvERFW.exe
  2⤵
  PID:5216
- C:\Windows\System\XfrmKUX.exe
  C:\Windows\System\XfrmKUX.exe
  2⤵
  PID:5232
- C:\Windows\System\FoIxXmf.exe
  C:\Windows\System\FoIxXmf.exe
  2⤵
  PID:5256
- C:\Windows\System\pBAsTnW.exe
  C:\Windows\System\pBAsTnW.exe
  2⤵
  PID:5272
- C:\Windows\System\ngcgEcn.exe
  C:\Windows\System\ngcgEcn.exe
  2⤵
  PID:5292
- C:\Windows\System\WkEspUD.exe
  C:\Windows\System\WkEspUD.exe
  2⤵
  PID:5312
- C:\Windows\System\OSULYFx.exe
  C:\Windows\System\OSULYFx.exe
  2⤵
  PID:5332
- C:\Windows\System\JXYrmpe.exe
  C:\Windows\System\JXYrmpe.exe
  2⤵
  PID:5352
- C:\Windows\System\VgygqNW.exe
  C:\Windows\System\VgygqNW.exe
  2⤵
  PID:5376
- C:\Windows\System\taiFbid.exe
  C:\Windows\System\taiFbid.exe
  2⤵
  PID:5396
- C:\Windows\System\YyLLQIY.exe
  C:\Windows\System\YyLLQIY.exe
  2⤵
  PID:5416
- C:\Windows\System\YsJjkQs.exe
  C:\Windows\System\YsJjkQs.exe
  2⤵
  PID:5436
- C:\Windows\System\fLymLlg.exe
  C:\Windows\System\fLymLlg.exe
  2⤵
  PID:5456
- C:\Windows\System\xphBAsX.exe
  C:\Windows\System\xphBAsX.exe
  2⤵
  PID:5476
- C:\Windows\System\uFmEtZx.exe
  C:\Windows\System\uFmEtZx.exe
  2⤵
  PID:5496
- C:\Windows\System\rhIpUGv.exe
  C:\Windows\System\rhIpUGv.exe
  2⤵
  PID:5516
- C:\Windows\System\UbTIAGV.exe
  C:\Windows\System\UbTIAGV.exe
  2⤵
  PID:5536
- C:\Windows\System\dFXidMd.exe
  C:\Windows\System\dFXidMd.exe
  2⤵
  PID:5556
- C:\Windows\System\kxCZdSD.exe
  C:\Windows\System\kxCZdSD.exe
  2⤵
  PID:5576
- C:\Windows\System\VEhABUl.exe
  C:\Windows\System\VEhABUl.exe
  2⤵
  PID:5596
- C:\Windows\System\TEXQJfN.exe
  C:\Windows\System\TEXQJfN.exe
  2⤵
  PID:5616
- C:\Windows\System\xTsiZmd.exe
  C:\Windows\System\xTsiZmd.exe
  2⤵
  PID:5636
- C:\Windows\System\rujAJKq.exe
  C:\Windows\System\rujAJKq.exe
  2⤵
  PID:5656
- C:\Windows\System\pDGBdAl.exe
  C:\Windows\System\pDGBdAl.exe
  2⤵
  PID:5680
- C:\Windows\System\FjCGeZh.exe
  C:\Windows\System\FjCGeZh.exe
  2⤵
  PID:5700
- C:\Windows\System\QbZAOmz.exe
  C:\Windows\System\QbZAOmz.exe
  2⤵
  PID:5720
- C:\Windows\System\dJYCRId.exe
  C:\Windows\System\dJYCRId.exe
  2⤵
  PID:5740
- C:\Windows\System\AbMPlEW.exe
  C:\Windows\System\AbMPlEW.exe
  2⤵
  PID:5760
- C:\Windows\System\hqGroXk.exe
  C:\Windows\System\hqGroXk.exe
  2⤵
  PID:5780
- C:\Windows\System\DUGPRuR.exe
  C:\Windows\System\DUGPRuR.exe
  2⤵
  PID:5800
- C:\Windows\System\vkOSJbE.exe
  C:\Windows\System\vkOSJbE.exe
  2⤵
  PID:5820
- C:\Windows\System\fnMcMMq.exe
  C:\Windows\System\fnMcMMq.exe
  2⤵
  PID:5840
- C:\Windows\System\Nvkwdtu.exe
  C:\Windows\System\Nvkwdtu.exe
  2⤵
  PID:5860
- C:\Windows\System\HbvNzpj.exe
  C:\Windows\System\HbvNzpj.exe
  2⤵
  PID:5880
- C:\Windows\System\GBNvJbJ.exe
  C:\Windows\System\GBNvJbJ.exe
  2⤵
  PID:5900
- C:\Windows\System\msOIVOU.exe
  C:\Windows\System\msOIVOU.exe
  2⤵
  PID:5920
- C:\Windows\System\tZgthyd.exe
  C:\Windows\System\tZgthyd.exe
  2⤵
  PID:5940
- C:\Windows\System\ETmburS.exe
  C:\Windows\System\ETmburS.exe
  2⤵
  PID:5960
- C:\Windows\System\sgtPJSp.exe
  C:\Windows\System\sgtPJSp.exe
  2⤵
  PID:5980
- C:\Windows\System\hVfYSPW.exe
  C:\Windows\System\hVfYSPW.exe
  2⤵
  PID:6000
- C:\Windows\System\NnIyDcP.exe
  C:\Windows\System\NnIyDcP.exe
  2⤵
  PID:6020
- C:\Windows\System\xYClEez.exe
  C:\Windows\System\xYClEez.exe
  2⤵
  PID:6040
- C:\Windows\System\seEtbXW.exe
  C:\Windows\System\seEtbXW.exe
  2⤵
  PID:6060
- C:\Windows\System\AdjhwJR.exe
  C:\Windows\System\AdjhwJR.exe
  2⤵
  PID:6080
- C:\Windows\System\gSSgwbP.exe
  C:\Windows\System\gSSgwbP.exe
  2⤵
  PID:6100
- C:\Windows\System\uMtiqnH.exe
  C:\Windows\System\uMtiqnH.exe
  2⤵
  PID:6120
- C:\Windows\System\iWVPZjk.exe
  C:\Windows\System\iWVPZjk.exe
  2⤵
  PID:6140
- C:\Windows\System\wGyhvTI.exe
  C:\Windows\System\wGyhvTI.exe
  2⤵
  PID:4824
- C:\Windows\System\CWpCeZl.exe
  C:\Windows\System\CWpCeZl.exe
  2⤵
  PID:4956
- C:\Windows\System\ikKmzQE.exe
  C:\Windows\System\ikKmzQE.exe
  2⤵
  PID:3636
- C:\Windows\System\gUrYjtI.exe
  C:\Windows\System\gUrYjtI.exe
  2⤵
  PID:2140
- C:\Windows\System\OuTKwqN.exe
  C:\Windows\System\OuTKwqN.exe
  2⤵
  PID:3912
- C:\Windows\System\xSRbuKY.exe
  C:\Windows\System\xSRbuKY.exe
  2⤵
  PID:3232
- C:\Windows\System\rnVtjpP.exe
  C:\Windows\System\rnVtjpP.exe
  2⤵
  PID:4256
- C:\Windows\System\vrnVBvI.exe
  C:\Windows\System\vrnVBvI.exe
  2⤵
  PID:4528
- C:\Windows\System\ETDTnpT.exe
  C:\Windows\System\ETDTnpT.exe
  2⤵
  PID:4668
- C:\Windows\System\gdYabgd.exe
  C:\Windows\System\gdYabgd.exe
  2⤵
  PID:5124
- C:\Windows\System\henoVsr.exe
  C:\Windows\System\henoVsr.exe
  2⤵
  PID:5164
- C:\Windows\System\WVKQRAf.exe
  C:\Windows\System\WVKQRAf.exe
  2⤵
  PID:5208
- C:\Windows\System\vdYWevl.exe
  C:\Windows\System\vdYWevl.exe
  2⤵
  PID:5248
- C:\Windows\System\qbPItgj.exe
  C:\Windows\System\qbPItgj.exe
  2⤵
  PID:5188
- C:\Windows\System\WjIQGer.exe
  C:\Windows\System\WjIQGer.exe
  2⤵
  PID:5268
- C:\Windows\System\HZDHpun.exe
  C:\Windows\System\HZDHpun.exe
  2⤵
  PID:5324
- C:\Windows\System\pnGkdvv.exe
  C:\Windows\System\pnGkdvv.exe
  2⤵
  PID:5300
- C:\Windows\System\QReIVou.exe
  C:\Windows\System\QReIVou.exe
  2⤵
  PID:5368
- C:\Windows\System\lvRbgyp.exe
  C:\Windows\System\lvRbgyp.exe
  2⤵
  PID:5412
- C:\Windows\System\oXjJgsn.exe
  C:\Windows\System\oXjJgsn.exe
  2⤵
  PID:5424
- C:\Windows\System\RcxnEOp.exe
  C:\Windows\System\RcxnEOp.exe
  2⤵
  PID:5468
- C:\Windows\System\RGjZetI.exe
  C:\Windows\System\RGjZetI.exe
  2⤵
  PID:5524
- C:\Windows\System\XQEbSUk.exe
  C:\Windows\System\XQEbSUk.exe
  2⤵
  PID:5528
- C:\Windows\System\GHujAIT.exe
  C:\Windows\System\GHujAIT.exe
  2⤵
  PID:5572
- C:\Windows\System\brBWhKp.exe
  C:\Windows\System\brBWhKp.exe
  2⤵
  PID:5592
- C:\Windows\System\lLYfTxB.exe
  C:\Windows\System\lLYfTxB.exe
  2⤵
  PID:5644
- C:\Windows\System\biYdjQa.exe
  C:\Windows\System\biYdjQa.exe
  2⤵
  PID:5648
- C:\Windows\System\FvXfOpR.exe
  C:\Windows\System\FvXfOpR.exe
  2⤵
  PID:5696
- C:\Windows\System\pKtnvkN.exe
  C:\Windows\System\pKtnvkN.exe
  2⤵
  PID:5732
- C:\Windows\System\HsjoMNC.exe
  C:\Windows\System\HsjoMNC.exe
  2⤵
  PID:5776
- C:\Windows\System\VdGclYP.exe
  C:\Windows\System\VdGclYP.exe
  2⤵
  PID:5812
- C:\Windows\System\qhoTbJK.exe
  C:\Windows\System\qhoTbJK.exe
  2⤵
  PID:5828
- C:\Windows\System\HQvXCYK.exe
  C:\Windows\System\HQvXCYK.exe
  2⤵
  PID:2376
- C:\Windows\System\htnUTut.exe
  C:\Windows\System\htnUTut.exe
  2⤵
  PID:5876
- C:\Windows\System\qFoeEPE.exe
  C:\Windows\System\qFoeEPE.exe
  2⤵
  PID:5916
- C:\Windows\System\ThjNymT.exe
  C:\Windows\System\ThjNymT.exe
  2⤵
  PID:5948
- C:\Windows\System\hqruhoW.exe
  C:\Windows\System\hqruhoW.exe
  2⤵
  PID:5972
- C:\Windows\System\rSrLyAG.exe
  C:\Windows\System\rSrLyAG.exe
  2⤵
  PID:6016
- C:\Windows\System\gVGCHoO.exe
  C:\Windows\System\gVGCHoO.exe
  2⤵
  PID:6056
- C:\Windows\System\MwyJBYy.exe
  C:\Windows\System\MwyJBYy.exe
  2⤵
  PID:2596
- C:\Windows\System\dbSItXp.exe
  C:\Windows\System\dbSItXp.exe
  2⤵
  PID:6108
- C:\Windows\System\iiFgmGy.exe
  C:\Windows\System\iiFgmGy.exe
  2⤵
  PID:6132
- C:\Windows\System\SDPlcyv.exe
  C:\Windows\System\SDPlcyv.exe
  2⤵
  PID:3420
- C:\Windows\System\pUfrrHu.exe
  C:\Windows\System\pUfrrHu.exe
  2⤵
  PID:3272
- C:\Windows\System\AcIpirU.exe
  C:\Windows\System\AcIpirU.exe
  2⤵
  PID:4056
- C:\Windows\System\ChMjYWJ.exe
  C:\Windows\System\ChMjYWJ.exe
  2⤵
  PID:4712
- C:\Windows\System\JLfpPxg.exe
  C:\Windows\System\JLfpPxg.exe
  2⤵
  PID:5140
- C:\Windows\System\VrqIHWE.exe
  C:\Windows\System\VrqIHWE.exe
  2⤵
  PID:4384
- C:\Windows\System\sexpdyK.exe
  C:\Windows\System\sexpdyK.exe
  2⤵
  PID:4768
- C:\Windows\System\VdbuJNg.exe
  C:\Windows\System\VdbuJNg.exe
  2⤵
  PID:5240
- C:\Windows\System\NadTava.exe
  C:\Windows\System\NadTava.exe
  2⤵
  PID:5228
- C:\Windows\System\BIJNfmb.exe
  C:\Windows\System\BIJNfmb.exe
  2⤵
  PID:5320
- C:\Windows\System\YMiyyQO.exe
  C:\Windows\System\YMiyyQO.exe
  2⤵
  PID:5348
- C:\Windows\System\sYsFwFk.exe
  C:\Windows\System\sYsFwFk.exe
  2⤵
  PID:5504
- C:\Windows\System\ndECuuW.exe
  C:\Windows\System\ndECuuW.exe
  2⤵
  PID:5404
- C:\Windows\System\kzbgqtv.exe
  C:\Windows\System\kzbgqtv.exe
  2⤵
  PID:5464
- C:\Windows\System\arABtMi.exe
  C:\Windows\System\arABtMi.exe
  2⤵
  PID:5604
- C:\Windows\System\fQZlMgh.exe
  C:\Windows\System\fQZlMgh.exe
  2⤵
  PID:5624
- C:\Windows\System\AwtUejn.exe
  C:\Windows\System\AwtUejn.exe
  2⤵
  PID:5672
- C:\Windows\System\Yhopkrb.exe
  C:\Windows\System\Yhopkrb.exe
  2⤵
  PID:5712
- C:\Windows\System\KvEclqM.exe
  C:\Windows\System\KvEclqM.exe
  2⤵
  PID:5816
- C:\Windows\System\QFLHBaR.exe
  C:\Windows\System\QFLHBaR.exe
  2⤵
  PID:5832
- C:\Windows\System\RDCcwEt.exe
  C:\Windows\System\RDCcwEt.exe
  2⤵
  PID:5936
- C:\Windows\System\nftmdBX.exe
  C:\Windows\System\nftmdBX.exe
  2⤵
  PID:5912
- C:\Windows\System\lyXOaWG.exe
  C:\Windows\System\lyXOaWG.exe
  2⤵
  PID:5976
- C:\Windows\System\DkWRLqv.exe
  C:\Windows\System\DkWRLqv.exe
  2⤵
  PID:6088
- C:\Windows\System\xbmXXDU.exe
  C:\Windows\System\xbmXXDU.exe
  2⤵
  PID:6116
- C:\Windows\System\wMtelta.exe
  C:\Windows\System\wMtelta.exe
  2⤵
  PID:5036
- C:\Windows\System\AaPMnlR.exe
  C:\Windows\System\AaPMnlR.exe
  2⤵
  PID:1980
- C:\Windows\System\SBPBhdA.exe
  C:\Windows\System\SBPBhdA.exe
  2⤵
  PID:3524
- C:\Windows\System\EjOtArk.exe
  C:\Windows\System\EjOtArk.exe
  2⤵
  PID:6156
- C:\Windows\System\TZuEYlN.exe
  C:\Windows\System\TZuEYlN.exe
  2⤵
  PID:6176
- C:\Windows\System\YeSPHYT.exe
  C:\Windows\System\YeSPHYT.exe
  2⤵
  PID:6196
- C:\Windows\System\eupYLTi.exe
  C:\Windows\System\eupYLTi.exe
  2⤵
  PID:6216
- C:\Windows\System\cErAVWN.exe
  C:\Windows\System\cErAVWN.exe
  2⤵
  PID:6236
- C:\Windows\System\fqHYOCk.exe
  C:\Windows\System\fqHYOCk.exe
  2⤵
  PID:6256
- C:\Windows\System\jytOEfR.exe
  C:\Windows\System\jytOEfR.exe
  2⤵
  PID:6276
- C:\Windows\System\mZxiJZx.exe
  C:\Windows\System\mZxiJZx.exe
  2⤵
  PID:6296
- C:\Windows\System\pGxxKmj.exe
  C:\Windows\System\pGxxKmj.exe
  2⤵
  PID:6316
- C:\Windows\System\OGQwJjn.exe
  C:\Windows\System\OGQwJjn.exe
  2⤵
  PID:6336
- C:\Windows\System\APMElrt.exe
  C:\Windows\System\APMElrt.exe
  2⤵
  PID:6356
- C:\Windows\System\YeDdvUu.exe
  C:\Windows\System\YeDdvUu.exe
  2⤵
  PID:6376
- C:\Windows\System\CsKSPMw.exe
  C:\Windows\System\CsKSPMw.exe
  2⤵
  PID:6396
- C:\Windows\System\mRwhYMe.exe
  C:\Windows\System\mRwhYMe.exe
  2⤵
  PID:6416
- C:\Windows\System\pGoqzHC.exe
  C:\Windows\System\pGoqzHC.exe
  2⤵
  PID:6436
- C:\Windows\System\xfpMbCq.exe
  C:\Windows\System\xfpMbCq.exe
  2⤵
  PID:6456
- C:\Windows\System\sIlaxRc.exe
  C:\Windows\System\sIlaxRc.exe
  2⤵
  PID:6476
- C:\Windows\System\dNDBBTp.exe
  C:\Windows\System\dNDBBTp.exe
  2⤵
  PID:6496
- C:\Windows\System\QFeoUsZ.exe
  C:\Windows\System\QFeoUsZ.exe
  2⤵
  PID:6516
- C:\Windows\System\iezTLby.exe
  C:\Windows\System\iezTLby.exe
  2⤵
  PID:6536
- C:\Windows\System\MvxYXyd.exe
  C:\Windows\System\MvxYXyd.exe
  2⤵
  PID:6556
- C:\Windows\System\vvVLFvs.exe
  C:\Windows\System\vvVLFvs.exe
  2⤵
  PID:6576
- C:\Windows\System\uongNBl.exe
  C:\Windows\System\uongNBl.exe
  2⤵
  PID:6596
- C:\Windows\System\Cachxbx.exe
  C:\Windows\System\Cachxbx.exe
  2⤵
  PID:6616
- C:\Windows\System\kAAZkSb.exe
  C:\Windows\System\kAAZkSb.exe
  2⤵
  PID:6636
- C:\Windows\System\NjSdNII.exe
  C:\Windows\System\NjSdNII.exe
  2⤵
  PID:6656
- C:\Windows\System\hVxUIBz.exe
  C:\Windows\System\hVxUIBz.exe
  2⤵
  PID:6676
- C:\Windows\System\KbNZBrI.exe
  C:\Windows\System\KbNZBrI.exe
  2⤵
  PID:6696
- C:\Windows\System\BKMFMhx.exe
  C:\Windows\System\BKMFMhx.exe
  2⤵
  PID:6716
- C:\Windows\System\qsZhNLB.exe
  C:\Windows\System\qsZhNLB.exe
  2⤵
  PID:6736
- C:\Windows\System\twiwfRe.exe
  C:\Windows\System\twiwfRe.exe
  2⤵
  PID:6756
- C:\Windows\System\JWblMcw.exe
  C:\Windows\System\JWblMcw.exe
  2⤵
  PID:6776
- C:\Windows\System\LvmnOQP.exe
  C:\Windows\System\LvmnOQP.exe
  2⤵
  PID:6796
- C:\Windows\System\HVwZsOs.exe
  C:\Windows\System\HVwZsOs.exe
  2⤵
  PID:6816
- C:\Windows\System\EpNdFJK.exe
  C:\Windows\System\EpNdFJK.exe
  2⤵
  PID:6836
- C:\Windows\System\Cpwnhsn.exe
  C:\Windows\System\Cpwnhsn.exe
  2⤵
  PID:6860
- C:\Windows\System\COsImib.exe
  C:\Windows\System\COsImib.exe
  2⤵
  PID:6880
- C:\Windows\System\dOzwjEn.exe
  C:\Windows\System\dOzwjEn.exe
  2⤵
  PID:6900
- C:\Windows\System\VORdmAy.exe
  C:\Windows\System\VORdmAy.exe
  2⤵
  PID:6920
- C:\Windows\System\xqRxUDz.exe
  C:\Windows\System\xqRxUDz.exe
  2⤵
  PID:6940
- C:\Windows\System\ctMgXWe.exe
  C:\Windows\System\ctMgXWe.exe
  2⤵
  PID:6960
- C:\Windows\System\xpFkZtf.exe
  C:\Windows\System\xpFkZtf.exe
  2⤵
  PID:6980
- C:\Windows\System\sKEhDnf.exe
  C:\Windows\System\sKEhDnf.exe
  2⤵
  PID:7000
- C:\Windows\System\NhglklJ.exe
  C:\Windows\System\NhglklJ.exe
  2⤵
  PID:7020
- C:\Windows\System\USlklUO.exe
  C:\Windows\System\USlklUO.exe
  2⤵
  PID:7040
- C:\Windows\System\TWqzHnj.exe
  C:\Windows\System\TWqzHnj.exe
  2⤵
  PID:7060
- C:\Windows\System\nMzaAAb.exe
  C:\Windows\System\nMzaAAb.exe
  2⤵
  PID:7080
- C:\Windows\System\xmwnYjt.exe
  C:\Windows\System\xmwnYjt.exe
  2⤵
  PID:7100
- C:\Windows\System\GTACkqR.exe
  C:\Windows\System\GTACkqR.exe
  2⤵
  PID:7120
- C:\Windows\System\NYXHPMa.exe
  C:\Windows\System\NYXHPMa.exe
  2⤵
  PID:7140
- C:\Windows\System\ZXTkcGC.exe
  C:\Windows\System\ZXTkcGC.exe
  2⤵
  PID:7160
- C:\Windows\System\yJDpPUv.exe
  C:\Windows\System\yJDpPUv.exe
  2⤵
  PID:3908
- C:\Windows\System\muomxiE.exe
  C:\Windows\System\muomxiE.exe
  2⤵
  PID:5168
- C:\Windows\System\LTwZCdS.exe
  C:\Windows\System\LTwZCdS.exe
  2⤵
  PID:5328
- C:\Windows\System\ftDzoAu.exe
  C:\Windows\System\ftDzoAu.exe
  2⤵
  PID:5308
- C:\Windows\System\RjGFaVp.exe
  C:\Windows\System\RjGFaVp.exe
  2⤵
  PID:5552
- C:\Windows\System\dbRrwyq.exe
  C:\Windows\System\dbRrwyq.exe
  2⤵
  PID:5428
- C:\Windows\System\HybfJio.exe
  C:\Windows\System\HybfJio.exe
  2⤵
  PID:5512
- C:\Windows\System\IkKauxl.exe
  C:\Windows\System\IkKauxl.exe
  2⤵
  PID:5632
- C:\Windows\System\JSkEZAE.exe
  C:\Windows\System\JSkEZAE.exe
  2⤵
  PID:5756
- C:\Windows\System\rjtbTOE.exe
  C:\Windows\System\rjtbTOE.exe
  2⤵
  PID:2392
- C:\Windows\System\rPXNZcy.exe
  C:\Windows\System\rPXNZcy.exe
  2⤵
  PID:5892
- C:\Windows\System\iJofcRt.exe
  C:\Windows\System\iJofcRt.exe
  2⤵
  PID:6008
- C:\Windows\System\tmwWxPU.exe
  C:\Windows\System\tmwWxPU.exe
  2⤵
  PID:6076
- C:\Windows\System\JiEGWRQ.exe
  C:\Windows\System\JiEGWRQ.exe
  2⤵
  PID:2624
- C:\Windows\System\ZMLZAPH.exe
  C:\Windows\System\ZMLZAPH.exe
  2⤵
  PID:6148
- C:\Windows\System\ObReXiV.exe
  C:\Windows\System\ObReXiV.exe
  2⤵
  PID:6204
- C:\Windows\System\BfXIMpp.exe
  C:\Windows\System\BfXIMpp.exe
  2⤵
  PID:6232
- C:\Windows\System\xvFGtcd.exe
  C:\Windows\System\xvFGtcd.exe
  2⤵
  PID:6264
- C:\Windows\System\duOeSCc.exe
  C:\Windows\System\duOeSCc.exe
  2⤵
  PID:6288
- C:\Windows\System\cvbwwcV.exe
  C:\Windows\System\cvbwwcV.exe
  2⤵
  PID:6332
- C:\Windows\System\MQdVprI.exe
  C:\Windows\System\MQdVprI.exe
  2⤵
  PID:6372
- C:\Windows\System\UkLSkkP.exe
  C:\Windows\System\UkLSkkP.exe
  2⤵
  PID:6404
- C:\Windows\System\XYBQSso.exe
  C:\Windows\System\XYBQSso.exe
  2⤵
  PID:340
- C:\Windows\System\AMlfRyp.exe
  C:\Windows\System\AMlfRyp.exe
  2⤵
  PID:6428
- C:\Windows\System\cbcyvhA.exe
  C:\Windows\System\cbcyvhA.exe
  2⤵
  PID:6488
- C:\Windows\System\kDKEylk.exe
  C:\Windows\System\kDKEylk.exe
  2⤵
  PID:6508
- C:\Windows\System\AXxhNyU.exe
  C:\Windows\System\AXxhNyU.exe
  2⤵
  PID:6552
- C:\Windows\System\lfruUOv.exe
  C:\Windows\System\lfruUOv.exe
  2⤵
  PID:6604
- C:\Windows\System\MZOmlGZ.exe
  C:\Windows\System\MZOmlGZ.exe
  2⤵
  PID:6624
- C:\Windows\System\Jrnuegf.exe
  C:\Windows\System\Jrnuegf.exe
  2⤵
  PID:6628
- C:\Windows\System\pdPqmqB.exe
  C:\Windows\System\pdPqmqB.exe
  2⤵
  PID:6684
- C:\Windows\System\iYhUbFO.exe
  C:\Windows\System\iYhUbFO.exe
  2⤵
  PID:6724
- C:\Windows\System\LogEtbj.exe
  C:\Windows\System\LogEtbj.exe
  2⤵
  PID:6772
- C:\Windows\System\CtWRzQA.exe
  C:\Windows\System\CtWRzQA.exe
  2⤵
  PID:6804
- C:\Windows\System\JgUDPrr.exe
  C:\Windows\System\JgUDPrr.exe
  2⤵
  PID:6824
- C:\Windows\System\ciCGNUh.exe
  C:\Windows\System\ciCGNUh.exe
  2⤵
  PID:6868
- C:\Windows\System\CaThumB.exe
  C:\Windows\System\CaThumB.exe
  2⤵
  PID:6896
- C:\Windows\System\IPzWpRq.exe
  C:\Windows\System\IPzWpRq.exe
  2⤵
  PID:6928
- C:\Windows\System\FrOqwDD.exe
  C:\Windows\System\FrOqwDD.exe
  2⤵
  PID:6976
- C:\Windows\System\dbyMCqR.exe
  C:\Windows\System\dbyMCqR.exe
  2⤵
  PID:7016
- C:\Windows\System\zlIKYaq.exe
  C:\Windows\System\zlIKYaq.exe
  2⤵
  PID:7048
- C:\Windows\System\ilHaocu.exe
  C:\Windows\System\ilHaocu.exe
  2⤵
  PID:7052
- C:\Windows\System\Sbvmdis.exe
  C:\Windows\System\Sbvmdis.exe
  2⤵
  PID:7092
- C:\Windows\System\CGGPulC.exe
  C:\Windows\System\CGGPulC.exe
  2⤵
  PID:7112
- C:\Windows\System\FsKeuQs.exe
  C:\Windows\System\FsKeuQs.exe
  2⤵
  PID:7152
- C:\Windows\System\eYuvcGG.exe
  C:\Windows\System\eYuvcGG.exe
  2⤵
  PID:5280
- C:\Windows\System\IbNkkQv.exe
  C:\Windows\System\IbNkkQv.exe
  2⤵
  PID:5180
- C:\Windows\System\VUXNpvw.exe
  C:\Windows\System\VUXNpvw.exe
  2⤵
  PID:5344
- C:\Windows\System\kvJbJce.exe
  C:\Windows\System\kvJbJce.exe
  2⤵
  PID:5608
- C:\Windows\System\AWkSENh.exe
  C:\Windows\System\AWkSENh.exe
  2⤵
  PID:5040
- C:\Windows\System\VAYOZbz.exe
  C:\Windows\System\VAYOZbz.exe
  2⤵
  PID:5888
- C:\Windows\System\ZeXkLvv.exe
  C:\Windows\System\ZeXkLvv.exe
  2⤵
  PID:6052
- C:\Windows\System\uURiEAP.exe
  C:\Windows\System\uURiEAP.exe
  2⤵
  PID:6072
- C:\Windows\System\PvuTadG.exe
  C:\Windows\System\PvuTadG.exe
  2⤵
  PID:6184
- C:\Windows\System\rUvbXMG.exe
  C:\Windows\System\rUvbXMG.exe
  2⤵
  PID:6228
- C:\Windows\System\FEHDdbW.exe
  C:\Windows\System\FEHDdbW.exe
  2⤵
  PID:6224
- C:\Windows\System\BiOYRgJ.exe
  C:\Windows\System\BiOYRgJ.exe
  2⤵
  PID:6344
- C:\Windows\System\yXhrMyC.exe
  C:\Windows\System\yXhrMyC.exe
  2⤵
  PID:6348
- C:\Windows\System\mwoCtpz.exe
  C:\Windows\System\mwoCtpz.exe
  2⤵
  PID:6408
- C:\Windows\System\lUxGctL.exe
  C:\Windows\System\lUxGctL.exe
  2⤵
  PID:6512
- C:\Windows\System\dBnEwRG.exe
  C:\Windows\System\dBnEwRG.exe
  2⤵
  PID:6568
- C:\Windows\System\VIFeAUA.exe
  C:\Windows\System\VIFeAUA.exe
  2⤵
  PID:6588
- C:\Windows\System\pPvxgam.exe
  C:\Windows\System\pPvxgam.exe
  2⤵
  PID:6704
- C:\Windows\System\fBiOQnQ.exe
  C:\Windows\System\fBiOQnQ.exe
  2⤵
  PID:6708
- C:\Windows\System\ZlyasHD.exe
  C:\Windows\System\ZlyasHD.exe
  2⤵
  PID:6832
- C:\Windows\System\JxWrjKm.exe
  C:\Windows\System\JxWrjKm.exe
  2⤵
  PID:6908
- C:\Windows\System\LldKnIE.exe
  C:\Windows\System\LldKnIE.exe
  2⤵
  PID:6888
- C:\Windows\System\BHuXUca.exe
  C:\Windows\System\BHuXUca.exe
  2⤵
  PID:6948
- C:\Windows\System\dWNOvTC.exe
  C:\Windows\System\dWNOvTC.exe
  2⤵
  PID:7088
- C:\Windows\System\hmQafSb.exe
  C:\Windows\System\hmQafSb.exe
  2⤵
  PID:7136
- C:\Windows\System\QeRuJPV.exe
  C:\Windows\System\QeRuJPV.exe
  2⤵
  PID:2612
- C:\Windows\System\NDBxCse.exe
  C:\Windows\System\NDBxCse.exe
  2⤵
  PID:5472
- C:\Windows\System\SYjXyMX.exe
  C:\Windows\System\SYjXyMX.exe
  2⤵
  PID:5564
- C:\Windows\System\kBsaDsj.exe
  C:\Windows\System\kBsaDsj.exe
  2⤵
  PID:2232
- C:\Windows\System\LlGIvUq.exe
  C:\Windows\System\LlGIvUq.exe
  2⤵
  PID:6192
- C:\Windows\System\wFGqjTw.exe
  C:\Windows\System\wFGqjTw.exe
  2⤵
  PID:6248
- C:\Windows\System\KAZaxtW.exe
  C:\Windows\System\KAZaxtW.exe
  2⤵
  PID:6164
- C:\Windows\System\ONLvjiL.exe
  C:\Windows\System\ONLvjiL.exe
  2⤵
  PID:6268
- C:\Windows\System\ZJIRAoS.exe
  C:\Windows\System\ZJIRAoS.exe
  2⤵
  PID:6452
- C:\Windows\System\GNHzPMU.exe
  C:\Windows\System\GNHzPMU.exe
  2⤵
  PID:1844
- C:\Windows\System\pzCMoME.exe
  C:\Windows\System\pzCMoME.exe
  2⤵
  PID:6584
- C:\Windows\System\QMbMqmF.exe
  C:\Windows\System\QMbMqmF.exe
  2⤵
  PID:6668
- C:\Windows\System\zqOEHPL.exe
  C:\Windows\System\zqOEHPL.exe
  2⤵
  PID:6664
- C:\Windows\System\gEKaCwr.exe
  C:\Windows\System\gEKaCwr.exe
  2⤵
  PID:6972
- C:\Windows\System\wqxElUs.exe
  C:\Windows\System\wqxElUs.exe
  2⤵
  PID:7028
- C:\Windows\System\CaWbnPV.exe
  C:\Windows\System\CaWbnPV.exe
  2⤵
  PID:7180
- C:\Windows\System\CIlaOJB.exe
  C:\Windows\System\CIlaOJB.exe
  2⤵
  PID:7200
- C:\Windows\System\HjyMNYe.exe
  C:\Windows\System\HjyMNYe.exe
  2⤵
  PID:7220
- C:\Windows\System\RXfcxZm.exe
  C:\Windows\System\RXfcxZm.exe
  2⤵
  PID:7240
- C:\Windows\System\JHCpVyt.exe
  C:\Windows\System\JHCpVyt.exe
  2⤵
  PID:7260
- C:\Windows\System\zNQvcVh.exe
  C:\Windows\System\zNQvcVh.exe
  2⤵
  PID:7280
- C:\Windows\System\uVsuQGL.exe
  C:\Windows\System\uVsuQGL.exe
  2⤵
  PID:7300
- C:\Windows\System\URevLaV.exe
  C:\Windows\System\URevLaV.exe
  2⤵
  PID:7320
- C:\Windows\System\qOzahtV.exe
  C:\Windows\System\qOzahtV.exe
  2⤵
  PID:7340
- C:\Windows\System\cOTlLIZ.exe
  C:\Windows\System\cOTlLIZ.exe
  2⤵
  PID:7360
- C:\Windows\System\DUIcumw.exe
  C:\Windows\System\DUIcumw.exe
  2⤵
  PID:7376
- C:\Windows\System\dGtRhAL.exe
  C:\Windows\System\dGtRhAL.exe
  2⤵
  PID:7400
- C:\Windows\System\DiFZodp.exe
  C:\Windows\System\DiFZodp.exe
  2⤵
  PID:7420
- C:\Windows\System\nPcgjBh.exe
  C:\Windows\System\nPcgjBh.exe
  2⤵
  PID:7440
- C:\Windows\System\aYeIzlT.exe
  C:\Windows\System\aYeIzlT.exe
  2⤵
  PID:7460
- C:\Windows\System\hIxPPQL.exe
  C:\Windows\System\hIxPPQL.exe
  2⤵
  PID:7480
- C:\Windows\System\cqwgoOU.exe
  C:\Windows\System\cqwgoOU.exe
  2⤵
  PID:7500
- C:\Windows\System\sgFxypj.exe
  C:\Windows\System\sgFxypj.exe
  2⤵
  PID:7520
- C:\Windows\System\PcKeAGc.exe
  C:\Windows\System\PcKeAGc.exe
  2⤵
  PID:7540
- C:\Windows\System\tCnwCrg.exe
  C:\Windows\System\tCnwCrg.exe
  2⤵
  PID:7564
- C:\Windows\System\JmJrcCF.exe
  C:\Windows\System\JmJrcCF.exe
  2⤵
  PID:7584
- C:\Windows\System\aCfrIfJ.exe
  C:\Windows\System\aCfrIfJ.exe
  2⤵
  PID:7604
- C:\Windows\System\KTjvQZo.exe
  C:\Windows\System\KTjvQZo.exe
  2⤵
  PID:7624
- C:\Windows\System\jXQNrIM.exe
  C:\Windows\System\jXQNrIM.exe
  2⤵
  PID:7644
- C:\Windows\System\RdAdPJp.exe
  C:\Windows\System\RdAdPJp.exe
  2⤵
  PID:7664
- C:\Windows\System\jfJFAJf.exe
  C:\Windows\System\jfJFAJf.exe
  2⤵
  PID:7684
- C:\Windows\System\ZxUIxxM.exe
  C:\Windows\System\ZxUIxxM.exe
  2⤵
  PID:7704
- C:\Windows\System\txuDgOZ.exe
  C:\Windows\System\txuDgOZ.exe
  2⤵
  PID:7720
- C:\Windows\System\lAPvrdw.exe
  C:\Windows\System\lAPvrdw.exe
  2⤵
  PID:7740
- C:\Windows\System\gWvIWTJ.exe
  C:\Windows\System\gWvIWTJ.exe
  2⤵
  PID:7764
- C:\Windows\System\GPutWHY.exe
  C:\Windows\System\GPutWHY.exe
  2⤵
  PID:7784
- C:\Windows\System\dwYKMRs.exe
  C:\Windows\System\dwYKMRs.exe
  2⤵
  PID:7804
- C:\Windows\System\SFGPDhS.exe
  C:\Windows\System\SFGPDhS.exe
  2⤵
  PID:7820
- C:\Windows\System\HZdlCim.exe
  C:\Windows\System\HZdlCim.exe
  2⤵
  PID:7848
- C:\Windows\System\BgFEvAV.exe
  C:\Windows\System\BgFEvAV.exe
  2⤵
  PID:7868
- C:\Windows\System\mepNEoE.exe
  C:\Windows\System\mepNEoE.exe
  2⤵
  PID:7888
- C:\Windows\System\SjgRHXI.exe
  C:\Windows\System\SjgRHXI.exe
  2⤵
  PID:7908
- C:\Windows\System\AlkOqyK.exe
  C:\Windows\System\AlkOqyK.exe
  2⤵
  PID:7924
- C:\Windows\System\vvUzHoy.exe
  C:\Windows\System\vvUzHoy.exe
  2⤵
  PID:7944
- C:\Windows\System\PBJAQTJ.exe
  C:\Windows\System\PBJAQTJ.exe
  2⤵
  PID:7964
- C:\Windows\System\wJOrGMJ.exe
  C:\Windows\System\wJOrGMJ.exe
  2⤵
  PID:7988
- C:\Windows\System\XLSCVIL.exe
  C:\Windows\System\XLSCVIL.exe
  2⤵
  PID:8008
- C:\Windows\System\uVYmDLb.exe
  C:\Windows\System\uVYmDLb.exe
  2⤵
  PID:8024
- C:\Windows\System\xBWgDfW.exe
  C:\Windows\System\xBWgDfW.exe
  2⤵
  PID:8044
- C:\Windows\System\HbXqdJx.exe
  C:\Windows\System\HbXqdJx.exe
  2⤵
  PID:8060
- C:\Windows\System\vrQLacK.exe
  C:\Windows\System\vrQLacK.exe
  2⤵
  PID:8080
- C:\Windows\System\XUjYPSG.exe
  C:\Windows\System\XUjYPSG.exe
  2⤵
  PID:8100
- C:\Windows\System\amzGIBU.exe
  C:\Windows\System\amzGIBU.exe
  2⤵
  PID:8120
- C:\Windows\System\RgZmrMD.exe
  C:\Windows\System\RgZmrMD.exe
  2⤵
  PID:8136
- C:\Windows\System\IYORSTc.exe
  C:\Windows\System\IYORSTc.exe
  2⤵
  PID:8156
- C:\Windows\System\oMevmGA.exe
  C:\Windows\System\oMevmGA.exe
  2⤵
  PID:8172
- C:\Windows\System\QJogkKH.exe
  C:\Windows\System\QJogkKH.exe
  2⤵
  PID:8188
- C:\Windows\System\mlCskhi.exe
  C:\Windows\System\mlCskhi.exe
  2⤵
  PID:2644
- C:\Windows\System\OsnErxE.exe
  C:\Windows\System\OsnErxE.exe
  2⤵
  PID:5184
- C:\Windows\System\bwiaETe.exe
  C:\Windows\System\bwiaETe.exe
  2⤵
  PID:5996
- C:\Windows\System\VIxdJKh.exe
  C:\Windows\System\VIxdJKh.exe
  2⤵
  PID:3440
- C:\Windows\System\XUnVigl.exe
  C:\Windows\System\XUnVigl.exe
  2⤵
  PID:4876
- C:\Windows\System\nkXzJFb.exe
  C:\Windows\System\nkXzJFb.exe
  2⤵
  PID:6548
- C:\Windows\System\cpEbvys.exe
  C:\Windows\System\cpEbvys.exe
  2⤵
  PID:6748
- C:\Windows\System\YCuQtgn.exe
  C:\Windows\System\YCuQtgn.exe
  2⤵
  PID:6852
- C:\Windows\System\OygMSrD.exe
  C:\Windows\System\OygMSrD.exe
  2⤵
  PID:6932
- C:\Windows\System\dVXbiyO.exe
  C:\Windows\System\dVXbiyO.exe
  2⤵
  PID:7236
- C:\Windows\System\RIZNLJt.exe
  C:\Windows\System\RIZNLJt.exe
  2⤵
  PID:6768
- C:\Windows\System\GNMxRdi.exe
  C:\Windows\System\GNMxRdi.exe
  2⤵
  PID:7256
- C:\Windows\System\NPSpRgG.exe
  C:\Windows\System\NPSpRgG.exe
  2⤵
  PID:7316
- C:\Windows\System\bCPvqZs.exe
  C:\Windows\System\bCPvqZs.exe
  2⤵
  PID:7352
- C:\Windows\System\IHlBxek.exe
  C:\Windows\System\IHlBxek.exe
  2⤵
  PID:7392
- C:\Windows\System\JvOeRaj.exe
  C:\Windows\System\JvOeRaj.exe
  2⤵
  PID:7408
- C:\Windows\System\oZAoVPA.exe
  C:\Windows\System\oZAoVPA.exe
  2⤵
  PID:7448
- C:\Windows\System\GekdWSW.exe
  C:\Windows\System\GekdWSW.exe
  2⤵
  PID:7472
- C:\Windows\System\emGDhgO.exe
  C:\Windows\System\emGDhgO.exe
  2⤵
  PID:7496
- C:\Windows\System\DqqKhRK.exe
  C:\Windows\System\DqqKhRK.exe
  2⤵
  PID:7532
- C:\Windows\System\rtzDzUq.exe
  C:\Windows\System\rtzDzUq.exe
  2⤵
  PID:7596
- C:\Windows\System\pVdHQin.exe
  C:\Windows\System\pVdHQin.exe
  2⤵
  PID:7640
- C:\Windows\System\ePFlaqH.exe
  C:\Windows\System\ePFlaqH.exe
  2⤵
  PID:7616
- C:\Windows\System\aQUvwHi.exe
  C:\Windows\System\aQUvwHi.exe
  2⤵
  PID:7716
- C:\Windows\System\CgAMQKn.exe
  C:\Windows\System\CgAMQKn.exe
  2⤵
  PID:7752
- C:\Windows\System\tfxepRz.exe
  C:\Windows\System\tfxepRz.exe
  2⤵
  PID:7828
- C:\Windows\System\HxEDDPF.exe
  C:\Windows\System\HxEDDPF.exe
  2⤵
  PID:7884
- C:\Windows\System\NDzjxBC.exe
  C:\Windows\System\NDzjxBC.exe
  2⤵
  PID:7996
- C:\Windows\System\UYBWaoi.exe
  C:\Windows\System\UYBWaoi.exe
  2⤵
  PID:8036
- C:\Windows\System\lbYakTk.exe
  C:\Windows\System\lbYakTk.exe
  2⤵
  PID:7656
- C:\Windows\System\jdFfySg.exe
  C:\Windows\System\jdFfySg.exe
  2⤵
  PID:8116
- C:\Windows\System\WTMCFNY.exe
  C:\Windows\System\WTMCFNY.exe
  2⤵
  PID:7772
- C:\Windows\System\mRKNlHZ.exe
  C:\Windows\System\mRKNlHZ.exe
  2⤵
  PID:8152
- C:\Windows\System\ZYZJFWN.exe
  C:\Windows\System\ZYZJFWN.exe
  2⤵
  PID:7864
- C:\Windows\System\LcpfpPy.exe
  C:\Windows\System\LcpfpPy.exe
  2⤵
  PID:7932
- C:\Windows\System\fLWnevx.exe
  C:\Windows\System\fLWnevx.exe
  2⤵
  PID:5264
- C:\Windows\System\BmyXdCj.exe
  C:\Windows\System\BmyXdCj.exe
  2⤵
  PID:7976
- C:\Windows\System\NAIZlWI.exe
  C:\Windows\System\NAIZlWI.exe
  2⤵
  PID:7972
- C:\Windows\System\yIRptCc.exe
  C:\Windows\System\yIRptCc.exe
  2⤵
  PID:7128
- C:\Windows\System\iTFktxe.exe
  C:\Windows\System\iTFktxe.exe
  2⤵
  PID:6444
- C:\Windows\System\fndWtns.exe
  C:\Windows\System\fndWtns.exe
  2⤵
  PID:7032
- C:\Windows\System\lTevYBz.exe
  C:\Windows\System\lTevYBz.exe
  2⤵
  PID:8088
- C:\Windows\System\brHWQdz.exe
  C:\Windows\System\brHWQdz.exe
  2⤵
  PID:6308
- C:\Windows\System\SOTQUWq.exe
  C:\Windows\System\SOTQUWq.exe
  2⤵
  PID:6424
- C:\Windows\System\leWvSbt.exe
  C:\Windows\System\leWvSbt.exe
  2⤵
  PID:6528
- C:\Windows\System\ynVpUkn.exe
  C:\Windows\System\ynVpUkn.exe
  2⤵
  PID:7268
- C:\Windows\System\fxSjlgt.exe
  C:\Windows\System\fxSjlgt.exe
  2⤵
  PID:7296
- C:\Windows\System\XqKlmeS.exe
  C:\Windows\System\XqKlmeS.exe
  2⤵
  PID:7328
- C:\Windows\System\gXOVezb.exe
  C:\Windows\System\gXOVezb.exe
  2⤵
  PID:7428
- C:\Windows\System\rugWwPc.exe
  C:\Windows\System\rugWwPc.exe
  2⤵
  PID:7468
- C:\Windows\System\GBpAbFh.exe
  C:\Windows\System\GBpAbFh.exe
  2⤵
  PID:7416
- C:\Windows\System\uXaTIQF.exe
  C:\Windows\System\uXaTIQF.exe
  2⤵
  PID:7516
- C:\Windows\System\EuJwXJS.exe
  C:\Windows\System\EuJwXJS.exe
  2⤵
  PID:7600
- C:\Windows\System\LZoJmWV.exe
  C:\Windows\System\LZoJmWV.exe
  2⤵
  PID:7612
- C:\Windows\System\IaqVKbG.exe
  C:\Windows\System\IaqVKbG.exe
  2⤵
  PID:7796
- C:\Windows\System\gULSMoB.exe
  C:\Windows\System\gULSMoB.exe
  2⤵
  PID:7952
- C:\Windows\System\jxDkckC.exe
  C:\Windows\System\jxDkckC.exe
  2⤵
  PID:8004
- C:\Windows\System\PIUZLyX.exe
  C:\Windows\System\PIUZLyX.exe
  2⤵
  PID:7652
- C:\Windows\System\cRZRltm.exe
  C:\Windows\System\cRZRltm.exe
  2⤵
  PID:7736
- C:\Windows\System\OoQARWf.exe
  C:\Windows\System\OoQARWf.exe
  2⤵
  PID:7816
- C:\Windows\System\VifPpXy.exe
  C:\Windows\System\VifPpXy.exe
  2⤵
  PID:1768
- C:\Windows\System\OUXuOXH.exe
  C:\Windows\System\OUXuOXH.exe
  2⤵
  PID:8092
- C:\Windows\System\xXzjKkS.exe
  C:\Windows\System\xXzjKkS.exe
  2⤵
  PID:5452
- C:\Windows\System\tJtgNpl.exe
  C:\Windows\System\tJtgNpl.exe
  2⤵
  PID:8132
- C:\Windows\System\KuaUMLC.exe
  C:\Windows\System\KuaUMLC.exe
  2⤵
  PID:6364
- C:\Windows\System\qSRUxoq.exe
  C:\Windows\System\qSRUxoq.exe
  2⤵
  PID:7196
- C:\Windows\System\CafmnsU.exe
  C:\Windows\System\CafmnsU.exe
  2⤵
  PID:6812
- C:\Windows\System\uJDqZLp.exe
  C:\Windows\System\uJDqZLp.exe
  2⤵
  PID:7272
- C:\Windows\System\VbxknQf.exe
  C:\Windows\System\VbxknQf.exe
  2⤵
  PID:7308
- C:\Windows\System\AcWkRWF.exe
  C:\Windows\System\AcWkRWF.exe
  2⤵
  PID:7388
- C:\Windows\System\NSLisTR.exe
  C:\Windows\System\NSLisTR.exe
  2⤵
  PID:7452
- C:\Windows\System\nmoKFes.exe
  C:\Windows\System\nmoKFes.exe
  2⤵
  PID:7680
- C:\Windows\System\pCYqLHR.exe
  C:\Windows\System\pCYqLHR.exe
  2⤵
  PID:7756
- C:\Windows\System\fcNuIDr.exe
  C:\Windows\System\fcNuIDr.exe
  2⤵
  PID:8196
- C:\Windows\System\eczIWza.exe
  C:\Windows\System\eczIWza.exe
  2⤵
  PID:8216
- C:\Windows\System\WlKNJtg.exe
  C:\Windows\System\WlKNJtg.exe
  2⤵
  PID:8236
- C:\Windows\System\VgPENzv.exe
  C:\Windows\System\VgPENzv.exe
  2⤵
  PID:8256
- C:\Windows\System\DlFnfVc.exe
  C:\Windows\System\DlFnfVc.exe
  2⤵
  PID:8276
- C:\Windows\System\GVsXtYH.exe
  C:\Windows\System\GVsXtYH.exe
  2⤵
  PID:8296
- C:\Windows\System\OHjRnsH.exe
  C:\Windows\System\OHjRnsH.exe
  2⤵
  PID:8312
- C:\Windows\System\hRitUHT.exe
  C:\Windows\System\hRitUHT.exe
  2⤵
  PID:8336
- C:\Windows\System\dXlrJty.exe
  C:\Windows\System\dXlrJty.exe
  2⤵
  PID:8360
- C:\Windows\System\TixRtvk.exe
  C:\Windows\System\TixRtvk.exe
  2⤵
  PID:8380
- C:\Windows\System\IZwXXoo.exe
  C:\Windows\System\IZwXXoo.exe
  2⤵
  PID:8400
- C:\Windows\System\prdRSkC.exe
  C:\Windows\System\prdRSkC.exe
  2⤵
  PID:8420
- C:\Windows\System\AmXQScC.exe
  C:\Windows\System\AmXQScC.exe
  2⤵
  PID:8440
- C:\Windows\System\WHSmNGs.exe
  C:\Windows\System\WHSmNGs.exe
  2⤵
  PID:8456
- C:\Windows\System\LFTRknE.exe
  C:\Windows\System\LFTRknE.exe
  2⤵
  PID:8480
- C:\Windows\System\vHlhpSi.exe
  C:\Windows\System\vHlhpSi.exe
  2⤵
  PID:8504
- C:\Windows\System\HikVFuj.exe
  C:\Windows\System\HikVFuj.exe
  2⤵
  PID:8524
- C:\Windows\System\BdOyJDx.exe
  C:\Windows\System\BdOyJDx.exe
  2⤵
  PID:8544
- C:\Windows\System\MgEPCHx.exe
  C:\Windows\System\MgEPCHx.exe
  2⤵
  PID:8564
- C:\Windows\System\YOrdVYa.exe
  C:\Windows\System\YOrdVYa.exe
  2⤵
  PID:8584
- C:\Windows\System\coibTtq.exe
  C:\Windows\System\coibTtq.exe
  2⤵
  PID:8604
- C:\Windows\System\CRkeQyi.exe
  C:\Windows\System\CRkeQyi.exe
  2⤵
  PID:8624
- C:\Windows\System\UDembhI.exe
  C:\Windows\System\UDembhI.exe
  2⤵
  PID:8644
- C:\Windows\System\aJenVse.exe
  C:\Windows\System\aJenVse.exe
  2⤵
  PID:8660
- C:\Windows\System\ZWnQViU.exe
  C:\Windows\System\ZWnQViU.exe
  2⤵
  PID:8684
- C:\Windows\System\XIsIrfb.exe
  C:\Windows\System\XIsIrfb.exe
  2⤵
  PID:8704
- C:\Windows\System\iyqrsuE.exe
  C:\Windows\System\iyqrsuE.exe
  2⤵
  PID:8724
- C:\Windows\System\ouCiVZY.exe
  C:\Windows\System\ouCiVZY.exe
  2⤵
  PID:8744
- C:\Windows\System\AXSjtSi.exe
  C:\Windows\System\AXSjtSi.exe
  2⤵
  PID:8760
- C:\Windows\System\dAYFCbK.exe
  C:\Windows\System\dAYFCbK.exe
  2⤵
  PID:8780
- C:\Windows\System\TQVZrWf.exe
  C:\Windows\System\TQVZrWf.exe
  2⤵
  PID:8804
- C:\Windows\System\rMzYsOG.exe
  C:\Windows\System\rMzYsOG.exe
  2⤵
  PID:8824
- C:\Windows\System\lsfbVMY.exe
  C:\Windows\System\lsfbVMY.exe
  2⤵
  PID:8844
- C:\Windows\System\sqgHoIZ.exe
  C:\Windows\System\sqgHoIZ.exe
  2⤵
  PID:8864
- C:\Windows\System\SlERFGZ.exe
  C:\Windows\System\SlERFGZ.exe
  2⤵
  PID:8884
- C:\Windows\System\QnMErGP.exe
  C:\Windows\System\QnMErGP.exe
  2⤵
  PID:8904
- C:\Windows\System\GPksPSe.exe
  C:\Windows\System\GPksPSe.exe
  2⤵
  PID:8924
- C:\Windows\System\HQiVoDL.exe
  C:\Windows\System\HQiVoDL.exe
  2⤵
  PID:8944
- C:\Windows\System\rpXLVRI.exe
  C:\Windows\System\rpXLVRI.exe
  2⤵
  PID:8964
- C:\Windows\System\smfkKbI.exe
  C:\Windows\System\smfkKbI.exe
  2⤵
  PID:8980
- C:\Windows\System\eLyLBXm.exe
  C:\Windows\System\eLyLBXm.exe
  2⤵
  PID:8996
- C:\Windows\System\xseSCLC.exe
  C:\Windows\System\xseSCLC.exe
  2⤵
  PID:9024
- C:\Windows\System\AfWAANN.exe
  C:\Windows\System\AfWAANN.exe
  2⤵
  PID:9044
- C:\Windows\System\jGOKVIy.exe
  C:\Windows\System\jGOKVIy.exe
  2⤵
  PID:9064
- C:\Windows\System\tUVUjPB.exe
  C:\Windows\System\tUVUjPB.exe
  2⤵
  PID:9080
- C:\Windows\System\EduXWHz.exe
  C:\Windows\System\EduXWHz.exe
  2⤵
  PID:9096
- C:\Windows\System\rbNEDwa.exe
  C:\Windows\System\rbNEDwa.exe
  2⤵
  PID:9112
- C:\Windows\System\NGmNbWL.exe
  C:\Windows\System\NGmNbWL.exe
  2⤵
  PID:9128
- C:\Windows\System\flBsTSD.exe
  C:\Windows\System\flBsTSD.exe
  2⤵
  PID:9148
- C:\Windows\System\yasPEmw.exe
  C:\Windows\System\yasPEmw.exe
  2⤵
  PID:9164
- C:\Windows\System\MsRQLjc.exe
  C:\Windows\System\MsRQLjc.exe
  2⤵
  PID:9180
- C:\Windows\System\Bsqwmoz.exe
  C:\Windows\System\Bsqwmoz.exe
  2⤵
  PID:9196
- C:\Windows\System\WSCxTqA.exe
  C:\Windows\System\WSCxTqA.exe
  2⤵
  PID:9212
- C:\Windows\System\tDHmbNW.exe
  C:\Windows\System\tDHmbNW.exe
  2⤵
  PID:7840
- C:\Windows\System\HeEWMqG.exe
  C:\Windows\System\HeEWMqG.exe
  2⤵
  PID:7856
- C:\Windows\System\JhaqkQE.exe
  C:\Windows\System\JhaqkQE.exe
  2⤵
  PID:7732
- C:\Windows\System\yLXVJFz.exe
  C:\Windows\System\yLXVJFz.exe
  2⤵
  PID:4272
- C:\Windows\System\oNsrMKI.exe
  C:\Windows\System\oNsrMKI.exe
  2⤵
  PID:6388
- C:\Windows\System\eBdSxgO.exe
  C:\Windows\System\eBdSxgO.exe
  2⤵
  PID:6632
- C:\Windows\System\CRbjeJP.exe
  C:\Windows\System\CRbjeJP.exe
  2⤵
  PID:6988
- C:\Windows\System\aGokNaP.exe
  C:\Windows\System\aGokNaP.exe
  2⤵
  PID:7188
- C:\Windows\System\DRLLoof.exe
  C:\Windows\System\DRLLoof.exe
  2⤵
  PID:7216
- C:\Windows\System\HxyXbqA.exe
  C:\Windows\System\HxyXbqA.exe
  2⤵
  PID:7632
- C:\Windows\System\TAPkUXp.exe
  C:\Windows\System\TAPkUXp.exe
  2⤵
  PID:7748
- C:\Windows\System\dvweUVw.exe
  C:\Windows\System\dvweUVw.exe
  2⤵
  PID:8228
- C:\Windows\System\TvJAuju.exe
  C:\Windows\System\TvJAuju.exe
  2⤵
  PID:8244
- C:\Windows\System\lvjLaJn.exe
  C:\Windows\System\lvjLaJn.exe
  2⤵
  PID:8268
- C:\Windows\System\gteIPLL.exe
  C:\Windows\System\gteIPLL.exe
  2⤵
  PID:8344
- C:\Windows\System\ceiFMgJ.exe
  C:\Windows\System\ceiFMgJ.exe
  2⤵
  PID:8388
- C:\Windows\System\XBKdNuz.exe
  C:\Windows\System\XBKdNuz.exe
  2⤵
  PID:8372
- C:\Windows\System\HOdtEYG.exe
  C:\Windows\System\HOdtEYG.exe
  2⤵
  PID:8432
- C:\Windows\System\wqGacXk.exe
  C:\Windows\System\wqGacXk.exe
  2⤵
  PID:8412
- C:\Windows\System\kjjDjlM.exe
  C:\Windows\System\kjjDjlM.exe
  2⤵
  PID:8512
- C:\Windows\System\QWNnHYl.exe
  C:\Windows\System\QWNnHYl.exe
  2⤵
  PID:8488
- C:\Windows\System\rGCoWXY.exe
  C:\Windows\System\rGCoWXY.exe
  2⤵
  PID:8532
- C:\Windows\System\yxsvYep.exe
  C:\Windows\System\yxsvYep.exe
  2⤵
  PID:8656
- C:\Windows\System\xwnQXda.exe
  C:\Windows\System\xwnQXda.exe
  2⤵
  PID:8712
- C:\Windows\System\JsqxpOp.exe
  C:\Windows\System\JsqxpOp.exe
  2⤵
  PID:8756
- C:\Windows\System\pOYAuqF.exe
  C:\Windows\System\pOYAuqF.exe
  2⤵
  PID:8800
- C:\Windows\System\GlWhmyu.exe
  C:\Windows\System\GlWhmyu.exe
  2⤵
  PID:8792
- C:\Windows\System\VoPIfUS.exe
  C:\Windows\System\VoPIfUS.exe
  2⤵
  PID:1724
- C:\Windows\System\XipudRt.exe
  C:\Windows\System\XipudRt.exe
  2⤵
  PID:2236
- C:\Windows\System\lLfhMAC.exe
  C:\Windows\System\lLfhMAC.exe
  2⤵
  PID:8876
- C:\Windows\System\QwnRDuK.exe
  C:\Windows\System\QwnRDuK.exe
  2⤵
  PID:8896
- C:\Windows\System\BivSaqS.exe
  C:\Windows\System\BivSaqS.exe
  2⤵
  PID:8936
- C:\Windows\System\qqJkWuU.exe
  C:\Windows\System\qqJkWuU.exe
  2⤵
  PID:8988
- C:\Windows\System\CwiNTvf.exe
  C:\Windows\System\CwiNTvf.exe
  2⤵
  PID:9004
- C:\Windows\System\fOCHKZA.exe
  C:\Windows\System\fOCHKZA.exe
  2⤵
  PID:8500
- C:\Windows\System\JrOQmbf.exe
  C:\Windows\System\JrOQmbf.exe
  2⤵
  PID:9088
- C:\Windows\System\IgENrdT.exe
  C:\Windows\System\IgENrdT.exe
  2⤵
  PID:9144
- C:\Windows\System\CeVOyBY.exe
  C:\Windows\System\CeVOyBY.exe
  2⤵
  PID:9172
- C:\Windows\System\AiHOrpU.exe
  C:\Windows\System\AiHOrpU.exe
  2⤵
  PID:9204
- C:\Windows\System\GAkASKN.exe
  C:\Windows\System\GAkASKN.exe
  2⤵
  PID:8040
- C:\Windows\System\fCzAbIN.exe
  C:\Windows\System\fCzAbIN.exe
  2⤵
  PID:7696
- C:\Windows\System\ZByksFT.exe
  C:\Windows\System\ZByksFT.exe
  2⤵
  PID:7076
- C:\Windows\System\eHIFjEs.exe
  C:\Windows\System\eHIFjEs.exe
  2⤵
  PID:7228
- C:\Windows\System\lFtXkxR.exe
  C:\Windows\System\lFtXkxR.exe
  2⤵
  PID:8016
- C:\Windows\System\NmzxqFP.exe
  C:\Windows\System\NmzxqFP.exe
  2⤵
  PID:7368
- C:\Windows\System\vuxxVWd.exe
  C:\Windows\System\vuxxVWd.exe
  2⤵
  PID:7712
- C:\Windows\System\krvOeEp.exe
  C:\Windows\System\krvOeEp.exe
  2⤵
  PID:7660
- C:\Windows\System\hNnqqbe.exe
  C:\Windows\System\hNnqqbe.exe
  2⤵
  PID:7560
- C:\Windows\System\FcKqWja.exe
  C:\Windows\System\FcKqWja.exe
  2⤵
  PID:8248
- C:\Windows\System\UkVtnKo.exe
  C:\Windows\System\UkVtnKo.exe
  2⤵
  PID:8284
- C:\Windows\System\GOTCVHx.exe
  C:\Windows\System\GOTCVHx.exe
  2⤵
  PID:8288
- C:\Windows\System\RXcNkQW.exe
  C:\Windows\System\RXcNkQW.exe
  2⤵
  PID:8396
- C:\Windows\System\weBoDbD.exe
  C:\Windows\System\weBoDbD.exe
  2⤵
  PID:8436
- C:\Windows\System\MhVcMKX.exe
  C:\Windows\System\MhVcMKX.exe
  2⤵
  PID:8464
- C:\Windows\System\jFjBOFR.exe
  C:\Windows\System\jFjBOFR.exe
  2⤵
  PID:8552
- C:\Windows\System\JJtoFsF.exe
  C:\Windows\System\JJtoFsF.exe
  2⤵
  PID:8600
- C:\Windows\System\iJZjunJ.exe
  C:\Windows\System\iJZjunJ.exe
  2⤵
  PID:8596
- C:\Windows\System\fqQktpv.exe
  C:\Windows\System\fqQktpv.exe
  2⤵
  PID:8636
- C:\Windows\System\hQlEGca.exe
  C:\Windows\System\hQlEGca.exe
  2⤵
  PID:3024
- C:\Windows\System\QxnEYQm.exe
  C:\Windows\System\QxnEYQm.exe
  2⤵
  PID:8232
- C:\Windows\System\JyEJNEZ.exe
  C:\Windows\System\JyEJNEZ.exe
  2⤵
  PID:2732
- C:\Windows\System\QlkMcwN.exe
  C:\Windows\System\QlkMcwN.exe
  2⤵
  PID:1648
- C:\Windows\System\OeOCRqF.exe
  C:\Windows\System\OeOCRqF.exe
  2⤵
  PID:480
- C:\Windows\System\chEEIle.exe
  C:\Windows\System\chEEIle.exe
  2⤵
  PID:2080
- C:\Windows\System\StunrXr.exe
  C:\Windows\System\StunrXr.exe
  2⤵
  PID:2520
- C:\Windows\System\phIclgq.exe
  C:\Windows\System\phIclgq.exe
  2⤵
  PID:1200
- C:\Windows\System\WJZopFu.exe
  C:\Windows\System\WJZopFu.exe
  2⤵
  PID:8696
- C:\Windows\System\yJDbjsL.exe
  C:\Windows\System\yJDbjsL.exe
  2⤵
  PID:8816
- C:\Windows\System\zqPlYjT.exe
  C:\Windows\System\zqPlYjT.exe
  2⤵
  PID:2280
- C:\Windows\System\jtCAWVw.exe
  C:\Windows\System\jtCAWVw.exe
  2⤵
  PID:8992
- C:\Windows\System\EePLbUz.exe
  C:\Windows\System\EePLbUz.exe
  2⤵
  PID:8900
- C:\Windows\System\nuNKOCT.exe
  C:\Windows\System\nuNKOCT.exe
  2⤵
  PID:8940
- C:\Windows\System\oaBLJsb.exe
  C:\Windows\System\oaBLJsb.exe
  2⤵
  PID:9060
- C:\Windows\System\qTSGjDI.exe
  C:\Windows\System\qTSGjDI.exe
  2⤵
  PID:9120
- C:\Windows\System\ysdgNzK.exe
  C:\Windows\System\ysdgNzK.exe
  2⤵
  PID:9140
- C:\Windows\System\sucOStX.exe
  C:\Windows\System\sucOStX.exe
  2⤵
  PID:6952
- C:\Windows\System\UaUoVxJ.exe
  C:\Windows\System\UaUoVxJ.exe
  2⤵
  PID:7508
- C:\Windows\System\VbzsrxI.exe
  C:\Windows\System\VbzsrxI.exe
  2⤵
  PID:8164
- C:\Windows\System\HaRkzda.exe
  C:\Windows\System\HaRkzda.exe
  2⤵
  PID:7412
- C:\Windows\System\UwLmEXs.exe
  C:\Windows\System\UwLmEXs.exe
  2⤵
  PID:9208
- C:\Windows\System\OOCdKjs.exe
  C:\Windows\System\OOCdKjs.exe
  2⤵
  PID:7812
- C:\Windows\System\oBslqGw.exe
  C:\Windows\System\oBslqGw.exe
  2⤵
  PID:8208
- C:\Windows\System\RNqFPPy.exe
  C:\Windows\System\RNqFPPy.exe
  2⤵
  PID:8476
- C:\Windows\System\HrqrrTO.exe
  C:\Windows\System\HrqrrTO.exe
  2⤵
  PID:8556
- C:\Windows\System\dqOibXV.exe
  C:\Windows\System\dqOibXV.exe
  2⤵
  PID:8492
- C:\Windows\System\sQznUVI.exe
  C:\Windows\System\sQznUVI.exe
  2⤵
  PID:8632
- C:\Windows\System\wnQuDJI.exe
  C:\Windows\System\wnQuDJI.exe
  2⤵
  PID:2740
- C:\Windows\System\kYzRlyH.exe
  C:\Windows\System\kYzRlyH.exe
  2⤵
  PID:2868
- C:\Windows\System\HXhGglk.exe
  C:\Windows\System\HXhGglk.exe
  2⤵
  PID:5676
- C:\Windows\System\aTOMbtR.exe
  C:\Windows\System\aTOMbtR.exe
  2⤵
  PID:1512
- C:\Windows\System\XfWbrGD.exe
  C:\Windows\System\XfWbrGD.exe
  2⤵
  PID:2396
- C:\Windows\System\vroYAth.exe
  C:\Windows\System\vroYAth.exe
  2⤵
  PID:2020
- C:\Windows\System\WauPsUo.exe
  C:\Windows\System\WauPsUo.exe
  2⤵
  PID:8740
- C:\Windows\System\cjupNgw.exe
  C:\Windows\System\cjupNgw.exe
  2⤵
  PID:8796
- C:\Windows\System\xZkJfFQ.exe
  C:\Windows\System\xZkJfFQ.exe
  2⤵
  PID:8776
- C:\Windows\System\YGPThre.exe
  C:\Windows\System\YGPThre.exe
  2⤵
  PID:8852
- C:\Windows\System\xMKxZNc.exe
  C:\Windows\System\xMKxZNc.exe
  2⤵
  PID:9104
- C:\Windows\System\wvOWhaF.exe
  C:\Windows\System\wvOWhaF.exe
  2⤵
  PID:9076
- C:\Windows\System\nOppKGH.exe
  C:\Windows\System\nOppKGH.exe
  2⤵
  PID:4472
- C:\Windows\System\xQLsJzp.exe
  C:\Windows\System\xQLsJzp.exe
  2⤵
  PID:9136
- C:\Windows\System\BgiDOYS.exe
  C:\Windows\System\BgiDOYS.exe
  2⤵
  PID:6448
- C:\Windows\System\lPcEELl.exe
  C:\Windows\System\lPcEELl.exe
  2⤵
  PID:8332
- C:\Windows\System\jduGgac.exe
  C:\Windows\System\jduGgac.exe
  2⤵
  PID:8592
- C:\Windows\System\ZaMgiOa.exe
  C:\Windows\System\ZaMgiOa.exe
  2⤵
  PID:4900
- C:\Windows\System\qOtlzoZ.exe
  C:\Windows\System\qOtlzoZ.exe
  2⤵
  PID:8212
- C:\Windows\System\PpFqABe.exe
  C:\Windows\System\PpFqABe.exe
  2⤵
  PID:8520
- C:\Windows\System\jPDwyRQ.exe
  C:\Windows\System\jPDwyRQ.exe
  2⤵
  PID:2128
- C:\Windows\System\lxEwBwE.exe
  C:\Windows\System\lxEwBwE.exe
  2⤵
  PID:2876
- C:\Windows\System\ycvYiwI.exe
  C:\Windows\System\ycvYiwI.exe
  2⤵
  PID:8536
- C:\Windows\System\rdBneFa.exe
  C:\Windows\System\rdBneFa.exe
  2⤵
  PID:1684
- C:\Windows\System\fALxnKF.exe
  C:\Windows\System\fALxnKF.exe
  2⤵
  PID:8692
- C:\Windows\System\qExmIED.exe
  C:\Windows\System\qExmIED.exe
  2⤵
  PID:8788
- C:\Windows\System\tWYdEau.exe
  C:\Windows\System\tWYdEau.exe
  2⤵
  PID:8892
- C:\Windows\System\xDxfydE.exe
  C:\Windows\System\xDxfydE.exe
  2⤵
  PID:8916
- C:\Windows\System\SoHqFCP.exe
  C:\Windows\System\SoHqFCP.exe
  2⤵
  PID:9188
- C:\Windows\System\sDsfpLx.exe
  C:\Windows\System\sDsfpLx.exe
  2⤵
  PID:8368
- C:\Windows\System\zjQsqxf.exe
  C:\Windows\System\zjQsqxf.exe
  2⤵
  PID:8620
- C:\Windows\System\uwjOFGv.exe
  C:\Windows\System\uwjOFGv.exe
  2⤵
  PID:2240
- C:\Windows\System\uZtQkjn.exe
  C:\Windows\System\uZtQkjn.exe
  2⤵
  PID:2492
- C:\Windows\System\bcJbrxH.exe
  C:\Windows\System\bcJbrxH.exe
  2⤵
  PID:3064
- C:\Windows\System\mnYGJyZ.exe
  C:\Windows\System\mnYGJyZ.exe
  2⤵
  PID:1644
- C:\Windows\System\LMtQJbf.exe
  C:\Windows\System\LMtQJbf.exe
  2⤵
  PID:8308
- C:\Windows\System\IHyCxBi.exe
  C:\Windows\System\IHyCxBi.exe
  2⤵
  PID:4932
- C:\Windows\System\kdCsvnQ.exe
  C:\Windows\System\kdCsvnQ.exe
  2⤵
  PID:2220
- C:\Windows\System\TGJwhcq.exe
  C:\Windows\System\TGJwhcq.exe
  2⤵
  PID:5708
- C:\Windows\System\mQTeGAH.exe
  C:\Windows\System\mQTeGAH.exe
  2⤵
  PID:9228
- C:\Windows\System\iHIhRyR.exe
  C:\Windows\System\iHIhRyR.exe
  2⤵
  PID:9244
- C:\Windows\System\RxGggQl.exe
  C:\Windows\System\RxGggQl.exe
  2⤵
  PID:9260
- C:\Windows\System\mkYvAXp.exe
  C:\Windows\System\mkYvAXp.exe
  2⤵
  PID:9276
- C:\Windows\System\vFtHYoW.exe
  C:\Windows\System\vFtHYoW.exe
  2⤵
  PID:9292
- C:\Windows\System\InALCxO.exe
  C:\Windows\System\InALCxO.exe
  2⤵
  PID:9308
- C:\Windows\System\ndclQUX.exe
  C:\Windows\System\ndclQUX.exe
  2⤵
  PID:9324
- C:\Windows\System\uQDLtJi.exe
  C:\Windows\System\uQDLtJi.exe
  2⤵
  PID:9340
- C:\Windows\System\jILpqdQ.exe
  C:\Windows\System\jILpqdQ.exe
  2⤵
  PID:9356
- C:\Windows\System\qDQrmIq.exe
  C:\Windows\System\qDQrmIq.exe
  2⤵
  PID:9372
- C:\Windows\System\qvRHuZY.exe
  C:\Windows\System\qvRHuZY.exe
  2⤵
  PID:9396
- C:\Windows\System\ydSSSQX.exe
  C:\Windows\System\ydSSSQX.exe
  2⤵
  PID:9412
- C:\Windows\System\OWLdJOn.exe
  C:\Windows\System\OWLdJOn.exe
  2⤵
  PID:9428
- C:\Windows\System\QtimizU.exe
  C:\Windows\System\QtimizU.exe
  2⤵
  PID:9444
- C:\Windows\System\KIyvmGa.exe
  C:\Windows\System\KIyvmGa.exe
  2⤵
  PID:9460
- C:\Windows\System\edwxyYX.exe
  C:\Windows\System\edwxyYX.exe
  2⤵
  PID:9484
- C:\Windows\System\EkirDwi.exe
  C:\Windows\System\EkirDwi.exe
  2⤵
  PID:9500
- C:\Windows\System\zhuVygw.exe
  C:\Windows\System\zhuVygw.exe
  2⤵
  PID:9516
- C:\Windows\System\yAuddOL.exe
  C:\Windows\System\yAuddOL.exe
  2⤵
  PID:9532
- C:\Windows\System\gdCzqXu.exe
  C:\Windows\System\gdCzqXu.exe
  2⤵
  PID:9548
- C:\Windows\System\xnIujxV.exe
  C:\Windows\System\xnIujxV.exe
  2⤵
  PID:9564
- C:\Windows\System\lGViraV.exe
  C:\Windows\System\lGViraV.exe
  2⤵
  PID:9580
- C:\Windows\System\SXaPNXT.exe
  C:\Windows\System\SXaPNXT.exe
  2⤵
  PID:9596
- C:\Windows\System\OlsFpAp.exe
  C:\Windows\System\OlsFpAp.exe
  2⤵
  PID:9620
- C:\Windows\System\TILVGvm.exe
  C:\Windows\System\TILVGvm.exe
  2⤵
  PID:9636
- C:\Windows\System\ywFqVSR.exe
  C:\Windows\System\ywFqVSR.exe
  2⤵
  PID:9652
- C:\Windows\System\plqSaCB.exe
  C:\Windows\System\plqSaCB.exe
  2⤵
  PID:9668
- C:\Windows\System\WkzuYME.exe
  C:\Windows\System\WkzuYME.exe
  2⤵
  PID:9684
- C:\Windows\System\IfVQKjl.exe
  C:\Windows\System\IfVQKjl.exe
  2⤵
  PID:9700
- C:\Windows\System\DYNcgae.exe
  C:\Windows\System\DYNcgae.exe
  2⤵
  PID:9716
- C:\Windows\System\ehOEmjm.exe
  C:\Windows\System\ehOEmjm.exe
  2⤵
  PID:9732
- C:\Windows\System\AVEMkNC.exe
  C:\Windows\System\AVEMkNC.exe
  2⤵
  PID:9752
- C:\Windows\System\uZJVfYT.exe
  C:\Windows\System\uZJVfYT.exe
  2⤵
  PID:9768
- C:\Windows\System\BGmKNWq.exe
  C:\Windows\System\BGmKNWq.exe
  2⤵
  PID:9784
- C:\Windows\System\iHyzLoE.exe
  C:\Windows\System\iHyzLoE.exe
  2⤵
  PID:9800
- C:\Windows\System\yhuQozY.exe
  C:\Windows\System\yhuQozY.exe
  2⤵
  PID:9816
- C:\Windows\System\ufsHiXG.exe
  C:\Windows\System\ufsHiXG.exe
  2⤵
  PID:9832
- C:\Windows\System\pXKibqX.exe
  C:\Windows\System\pXKibqX.exe
  2⤵
  PID:9848
- C:\Windows\System\GRsMvvB.exe
  C:\Windows\System\GRsMvvB.exe
  2⤵
  PID:9864
- C:\Windows\System\CLUOOJA.exe
  C:\Windows\System\CLUOOJA.exe
  2⤵
  PID:9880
- C:\Windows\System\NzqQjtT.exe
  C:\Windows\System\NzqQjtT.exe
  2⤵
  PID:9900
- C:\Windows\System\nktaOeO.exe
  C:\Windows\System\nktaOeO.exe
  2⤵
  PID:9932
- C:\Windows\System\LekKfRf.exe
  C:\Windows\System\LekKfRf.exe
  2⤵
  PID:9948
- C:\Windows\System\IXtdssK.exe
  C:\Windows\System\IXtdssK.exe
  2⤵
  PID:9964
- C:\Windows\System\xxYCNDx.exe
  C:\Windows\System\xxYCNDx.exe
  2⤵
  PID:9980
- C:\Windows\System\GRaqtjY.exe
  C:\Windows\System\GRaqtjY.exe
  2⤵
  PID:10032
- C:\Windows\System\OhEVoYS.exe
  C:\Windows\System\OhEVoYS.exe
  2⤵
  PID:10048
- C:\Windows\System\XfgYEQA.exe
  C:\Windows\System\XfgYEQA.exe
  2⤵
  PID:10068
- C:\Windows\System\BVrUjok.exe
  C:\Windows\System\BVrUjok.exe
  2⤵
  PID:10084
- C:\Windows\System\PnUIzvN.exe
  C:\Windows\System\PnUIzvN.exe
  2⤵
  PID:10100
- C:\Windows\System\kZqxDpl.exe
  C:\Windows\System\kZqxDpl.exe
  2⤵
  PID:10116
- C:\Windows\System\jqNvnAL.exe
  C:\Windows\System\jqNvnAL.exe
  2⤵
  PID:10132
- C:\Windows\System\iRWjstv.exe
  C:\Windows\System\iRWjstv.exe
  2⤵
  PID:10148
- C:\Windows\System\JDJRdNz.exe
  C:\Windows\System\JDJRdNz.exe
  2⤵
  PID:10164
- C:\Windows\System\srBuUnM.exe
  C:\Windows\System\srBuUnM.exe
  2⤵
  PID:10180
- C:\Windows\System\eEhzPke.exe
  C:\Windows\System\eEhzPke.exe
  2⤵
  PID:10196
- C:\Windows\System\HUFvhyv.exe
  C:\Windows\System\HUFvhyv.exe
  2⤵
  PID:10216
- C:\Windows\System\GMtEpOE.exe
  C:\Windows\System\GMtEpOE.exe
  2⤵
  PID:10232
- C:\Windows\System\nkbJYRG.exe
  C:\Windows\System\nkbJYRG.exe
  2⤵
  PID:9012
- C:\Windows\System\FPZPNAl.exe
  C:\Windows\System\FPZPNAl.exe
  2⤵
  PID:1076
- C:\Windows\System\DGbkqrO.exe
  C:\Windows\System\DGbkqrO.exe
  2⤵
  PID:8860
- C:\Windows\System\EtXDQzj.exe
  C:\Windows\System\EtXDQzj.exe
  2⤵
  PID:9284
- C:\Windows\System\BVSYBIF.exe
  C:\Windows\System\BVSYBIF.exe
  2⤵
  PID:9272
- C:\Windows\System\xBDciqV.exe
  C:\Windows\System\xBDciqV.exe
  2⤵
  PID:9304
- C:\Windows\System\OJAeUUr.exe
  C:\Windows\System\OJAeUUr.exe
  2⤵
  PID:9288
- C:\Windows\System\zrWkYoA.exe
  C:\Windows\System\zrWkYoA.exe
  2⤵
  PID:9384
- C:\Windows\System\XgCkGTS.exe
  C:\Windows\System\XgCkGTS.exe
  2⤵
  PID:9424
- C:\Windows\System\YdqBwwd.exe
  C:\Windows\System\YdqBwwd.exe
  2⤵
  PID:9404
- C:\Windows\System\tQjKOeF.exe
  C:\Windows\System\tQjKOeF.exe
  2⤵
  PID:9496
- C:\Windows\System\ljtmPND.exe
  C:\Windows\System\ljtmPND.exe
  2⤵
  PID:9588
- C:\Windows\System\XyeEyal.exe
  C:\Windows\System\XyeEyal.exe
  2⤵
  PID:9644
- C:\Windows\System\ZxROBwE.exe
  C:\Windows\System\ZxROBwE.exe
  2⤵
  PID:9648
- C:\Windows\System\hsCRLAM.exe
  C:\Windows\System\hsCRLAM.exe
  2⤵
  PID:9696
- C:\Windows\System\wQlIYzw.exe
  C:\Windows\System\wQlIYzw.exe
  2⤵
  PID:9760
- C:\Windows\System\mZtHbVW.exe
  C:\Windows\System\mZtHbVW.exe
  2⤵
  PID:9740
- C:\Windows\System\DpaXTcZ.exe
  C:\Windows\System\DpaXTcZ.exe
  2⤵
  PID:9776
- C:\Windows\System\ejdVOrM.exe
  C:\Windows\System\ejdVOrM.exe
  2⤵
  PID:9824
- C:\Windows\System\UTfXjOc.exe
  C:\Windows\System\UTfXjOc.exe
  2⤵
  PID:9844
- C:\Windows\System\FpQRAeY.exe
  C:\Windows\System\FpQRAeY.exe
  2⤵
  PID:9888
- C:\Windows\System\LrmDOxx.exe
  C:\Windows\System\LrmDOxx.exe
  2⤵
  PID:9912
- C:\Windows\System\lvJGAvJ.exe
  C:\Windows\System\lvJGAvJ.exe
  2⤵
  PID:9916
- C:\Windows\System\ulnmWVx.exe
  C:\Windows\System\ulnmWVx.exe
  2⤵
  PID:9972
- C:\Windows\System\WqcMqEP.exe
  C:\Windows\System\WqcMqEP.exe
  2⤵
  PID:9996
- C:\Windows\System\DtdNzwS.exe
  C:\Windows\System\DtdNzwS.exe
  2⤵
  PID:6292
- C:\Windows\System\ihGAeKW.exe
  C:\Windows\System\ihGAeKW.exe
  2⤵
  PID:10040
- C:\Windows\System\mYHerFB.exe
  C:\Windows\System\mYHerFB.exe
  2⤵
  PID:10044
- C:\Windows\System\mCQwpMf.exe
  C:\Windows\System\mCQwpMf.exe
  2⤵
  PID:10064
- C:\Windows\System\DokNxqz.exe
  C:\Windows\System\DokNxqz.exe
  2⤵
  PID:10172
- C:\Windows\System\dBexJxx.exe
  C:\Windows\System\dBexJxx.exe
  2⤵
  PID:10144
- C:\Windows\System\ApLaxsO.exe
  C:\Windows\System\ApLaxsO.exe
  2⤵
  PID:10160
- C:\Windows\System\NQQxEKh.exe
  C:\Windows\System\NQQxEKh.exe
  2⤵
  PID:10128
- C:\Windows\System\zGoBIbV.exe
  C:\Windows\System\zGoBIbV.exe
  2⤵
  PID:9236
- C:\Windows\System\eWRBfOL.exe
  C:\Windows\System\eWRBfOL.exe
  2⤵
  PID:8812
- C:\Windows\System\MycgZxd.exe
  C:\Windows\System\MycgZxd.exe
  2⤵
  PID:9352
- C:\Windows\System\VKcBPSL.exe
  C:\Windows\System\VKcBPSL.exe
  2⤵
  PID:9368
- C:\Windows\System\OVLSjLr.exe
  C:\Windows\System\OVLSjLr.exe
  2⤵
  PID:9268
- C:\Windows\System\VEOOtAT.exe
  C:\Windows\System\VEOOtAT.exe
  2⤵
  PID:9468
- C:\Windows\System\WbpfJtP.exe
  C:\Windows\System\WbpfJtP.exe
  2⤵
  PID:992
- C:\Windows\System\hSgGfgX.exe
  C:\Windows\System\hSgGfgX.exe
  2⤵
  PID:9528
- C:\Windows\System\UngSKhy.exe
  C:\Windows\System\UngSKhy.exe
  2⤵
  PID:9592
- C:\Windows\System\IeKFUxq.exe
  C:\Windows\System\IeKFUxq.exe
  2⤵
  PID:9612
- C:\Windows\System\NRLmANA.exe
  C:\Windows\System\NRLmANA.exe
  2⤵
  PID:9708
- C:\Windows\System\aJPKuWd.exe
  C:\Windows\System\aJPKuWd.exe
  2⤵
  PID:9872
- C:\Windows\System\ziEtFrp.exe
  C:\Windows\System\ziEtFrp.exe
  2⤵
  PID:9692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CDMVCeW.exe

Filesize
6.1MB

MD5
dd4905e91c3513747cb1e535e0abfa37

SHA1
308601c165dadb78ac952d4a8c0b6844cf5b9c25

SHA256
5a3b61bbcca75c4a089505ac30321eb646adb5908dee71ee13dda64f48c1da8a

SHA512
4756f6ffdac95c431be7b753d5cf800bb0eb094242b391d927a81bcc52e77acc7b0d93277d2578c6c1b3ff445414ad44d9ce1a2a0945f1c93db43e222063725c

Download Submit
C:\Windows\system\ECTVnnK.exe

Filesize
6.1MB

MD5
d4825be1e8e27e607590cad48b72d0e9

SHA1
77f6fc43ee5f5c6b322dd8bca6e6bc6b4d1309d9

SHA256
2e6e3a486b4dc3449035aea4f1acbeef33085236cc4892159d84210ad0e914e4

SHA512
29015334f4fead5902a5a15e1b307b077d9bbe61ab8292184ae1ac767640f5d4382f38d6d21039716c75c6ac7e5377f17a374154766a2c873c229ba0c64cd9fc

Download Submit
C:\Windows\system\GiEwlIy.exe

Filesize
6.1MB

MD5
2dd347eceb84882a55c60a6275f4ea1f

SHA1
cccc1c304359d5cd7b7ffaf866cb39651806ac15

SHA256
2545fc2de8d7496937124ee477a817cbd151787d5d4cbd7306e0b06c3745c465

SHA512
768e9092be9b6b038a95df6699db0d71f4687feab2a09548cf03870eee516c7b1a5adb28aea4561817123d459627052e19c392541a9f6aac5096f2956790c277

Download Submit
C:\Windows\system\HvaFSmm.exe

Filesize
6.1MB

MD5
40f4c7f4f2e4ad440931cecac8ac750d

SHA1
ed4faba6622140a3b64e5e2cb88218612ba37aba

SHA256
4355a8d00f00ac7f0bfebff6acc840f78e8c535e7e8a498fecb4b2726ed75130

SHA512
d23ba70503e90fd5d68a74fa2e1eb3bfe59edcbcd03691988ee6c74bbf5fa4c4d7a7902cf84aea2f9d8dd15c28e6b5d600a591bbc9b9354b7d537fe08f4ba131

Download Submit
C:\Windows\system\HzPXJgD.exe

Filesize
6.1MB

MD5
7487bd82a674dabfa9b9ba52a81d5bd7

SHA1
e56d770aab5250ab4deaa1d9891683e8a70827fd

SHA256
0630b129ada548c39303c3adffeef190d7f436aa190cef5a9a7bee8390290edb

SHA512
5e66789b791e7964f5806744d4093899fa0e3e38c7674ddc4ea3b1d139d9d16893382c4f67b12ac6f9ec9184ac7af9a0c69df409dd979a04f18199195860c46f

Download Submit
C:\Windows\system\IuJKwCq.exe

Filesize
6.1MB

MD5
a6e70511a77c2bd6c75d9c78ad6714b5

SHA1
fbea312a9d8fce438737cf65cd0cd3fce36473e0

SHA256
074a2d2ca17c9e11aed76b46900fff19231beb9952c52f72dbc9b679d9a877c8

SHA512
ee26825361aab2998454df18de7f1e7f3bc08679c5b6011fdd97d22ff409ef50107fbda7876faf97374425147fc9337da6c3bb39c3d2133a333af463c241685b

Download Submit
C:\Windows\system\KNqAiuB.exe

Filesize
6.1MB

MD5
b24b958a0060ce0fa079655a1653f476

SHA1
b669b121fb66e56ce682845048c789ff40018be1

SHA256
e312fa716bacda5f2736e16b98fd18ac1db150d2924fa11da4137d9564a4cc22

SHA512
ec76d452088c37abf768d48d32d10ac61c3d6c330b34205a40c2146b3e909e692634e0b333693a47ef47efa8547248467bfde1d54a51363a275efc7eac6c3a7f

Download Submit
C:\Windows\system\NlBiUHb.exe

Filesize
6.1MB

MD5
bbdf7ede5f0014e42d32d874cf029bf4

SHA1
d7611cf9c8ef9f6566f286204ab0fd595b7bb375

SHA256
81dd8da90a8876f6d4ee4192b4cddc9635dfcad4dec68d325bb9e46577ce0bb5

SHA512
3b87405b8ff566bba282b3327c0215b2a09d3e207504f8910962b6370f1223544d9858e168135b2c92a4a216ad58b07d24b6ddce8462e25af72d47719591525c

Download Submit
C:\Windows\system\QfCklrK.exe

Filesize
6.1MB

MD5
22449d20983383e65683944819874c1e

SHA1
7c7efad1b3c24001e2fe4c4ddc47c9c25f71e126

SHA256
a1bbc9fdc3544bef6c180d129b6f91af21adfd26acfeb6e39d7f5dd3a74c3f68

SHA512
fe987e9006612a0d5b0f248f076c7127af2ccb9fc0fe7d55d2f6b0b439794236efc432892e06529c6eeea1cb9b6acdb9428415f050bcf5c35807ac406416ba27

Download Submit
C:\Windows\system\Rohbihz.exe

Filesize
6.1MB

MD5
5a361cdc2e4bcdf247ef83557b999358

SHA1
71bc2ccac9f2bb947ee29fda9d625615f7362068

SHA256
d4160eed94e35dbc9231fd30b6ded514ceb360760b50a7d16f13cf965d00add4

SHA512
d477655a4551c296688e3c70165c8657cc65652387af3cc150fe82169dd1feb332bce63ba524b61a14aa96c8a3697aff5bbff7c563eb05705bd1af2db6b8c28f

Download Submit
C:\Windows\system\WfNkPYg.exe

Filesize
6.1MB

MD5
627f673a045671bdf6c31ce86193cef5

SHA1
a124257ebd1758bf599822e671c722840a9535a7

SHA256
01c424948205e60ca9d813f36cfe3569c8595aec5e1357bb8eb094fad334d0c5

SHA512
773b82f7793d6835fa2eca083f0cb9746834cc39f959f825c22863bfd1c3b1151374d123a6916fd1df896bc52c9287a8b6ea5632d7b2148ebe7726fbdea1ec72

Download Submit
C:\Windows\system\WomjLUK.exe

Filesize
6.1MB

MD5
6d5286e4e6f96c873247b15be3c0b8ad

SHA1
4aeda11a70b608ae56143ce629bd9e1b3018d846

SHA256
b9b4b5df8e141ffa850d10ef5a85bdc0ee5df4cc9466a2bef3c56de2124052bd

SHA512
721a035d3f5905b3613ee13f5e58513edba5c175463b793d62b46388887c1a20ab5a5df5e130ced900b2fd1aa171e50f3aa04669e02fbd38dc1507cba40ddb12

Download Submit
C:\Windows\system\XiYKsxm.exe

Filesize
6.1MB

MD5
f6297fc8a4ed784f3f135bad6cb88de1

SHA1
42975c324781dfcdb8d3526c764449f52a8bc9b1

SHA256
b33decee4fec42b6397b6e07c4c8ff8a5b2a0cd42f4c79942182119b278687e0

SHA512
f525efd98f48116af8e86b6c40f631de37e05aaecf83cf1f3f0a9e3bf440ca98aee0057f9fefbdf4cde9c236c4bbb470de3fff2efb9203a863fbd842b6b542d1

Download Submit
C:\Windows\system\YYbFJVk.exe

Filesize
6.1MB

MD5
8fd4284d62b33b0cdd9388d216575461

SHA1
2711b5d44d62989964fdecaa906d1c0989ec851a

SHA256
48d0dfa87148114ef928953818e7776e13426d2198aec55947ce802d7bc7e555

SHA512
4077dad4dbc858761e1d575797474750ff5cefb930b147957fc3f527babfa5a0061d7c6936d913c5adb9799a9587364195e07c1afbf2f0054c3b4da9f8e2f2e9

Download Submit
C:\Windows\system\cVVDdNa.exe

Filesize
6.1MB

MD5
6eba17ef2e1ceb937ef00e50519df23f

SHA1
eed8b19839c3598731b391833e9bb4d34b264018

SHA256
3517e4e4034b0a297d69c0a226b0282f28ae5463ea3f3417d762749b65b7fa3c

SHA512
0d222ddd349066fe8f6317a5890e679ef5b17beba52eb07e7efc99d64cd6631667ea781526f9fdcb67563b3f2dda659e1989029784609f7a26466124e6259f0f

Download Submit
C:\Windows\system\dQAORwX.exe

Filesize
6.1MB

MD5
0c16348ae7f4390e7062bb2138b503eb

SHA1
9968d44006c8a3a0f9a8f7bf30b79638bae13080

SHA256
2f2d83977be5a4411dc35fc530ee54b15847041783c2b14c16b689a0410e19d1

SHA512
fa83c8b64d1a7d95651cfda12e0f3f1b1c0805954b4a762728a8df0f136bfd8813d8562a0ccdaa07cc1bd1361fa4262a56e0c8f768c718e1f7735e973c6fb190

Download Submit
C:\Windows\system\dbZozgq.exe

Filesize
6.1MB

MD5
ef421eac0da845314b2b785d9776efe3

SHA1
c66dcfc806cec7d2ecf449453b21b7aefcc3a500

SHA256
b6ebd6fbf07055346d47ab859940dc9a49fd03b8b9becfbf244b326e4ddbf71a

SHA512
10f069271b76c014d16078ab239cd3922e5f785d9752ee7958c3c952afbc6774ff430ff5e550dbc29a5926398163ee74c24d324d628457c59ea7580fc06d7376

Download Submit
C:\Windows\system\exMMNLr.exe

Filesize
6.1MB

MD5
c641111efbe4cd8020ef1c73ee58ddd0

SHA1
d391f3ea1a8c322fb7e4706a5dee8cd47f3653dd

SHA256
c1ed4f10617ea02f6e68b7cd2746cd17896b48ea70e74c384e0ba9501aea084a

SHA512
18599f8a450d74183f36c51b7f7e21a41d819bccb30700d4fae58eff8015a58138f5d92610f73851771aadf7dedf72c149ab0128119c005f2a8f7a23be69d738

Download Submit
C:\Windows\system\jmdoLzk.exe

Filesize
6.1MB

MD5
7cbec03050ca8b81c44b601fb8df5668

SHA1
ad72eee9fc50ad18856f2d01ff75d7fc9c9bf6ed

SHA256
00104c031f854eb756300730200dafc0d9c797098c63c3fc8360138234885780

SHA512
200428c773d1f5e047bcc4c1cfb326414b27f6daad7ad0bc5e69c263c729f51bfa9a809872b92baf522f8822bf028896c7e4d4cc0885668022026b314cf52eee

Download Submit
C:\Windows\system\oNDOsbO.exe

Filesize
6.1MB

MD5
b4ab5341585b097528e78dca09f9ae99

SHA1
61f01a5efda4387faa72201c5f43d08eccefbe8a

SHA256
4505739cc3d191cc4f7f6eed4c26683a56b203f7e174958704e2159934d7a452

SHA512
7e251d48205d87f413d3c571ec48ebe172eb5fcbe08b6d1114a44db7f23027132330e0f4397d7f9d13ebe347d130556fc2800171a92c2bbb20e7754958aad6bf

Download Submit
C:\Windows\system\oUOeTGi.exe

Filesize
6.1MB

MD5
fe0848c9b7b31f67b3332bc55e4b67e8

SHA1
6d6fae9b5a7e4960cf1948824253a4191d16daae

SHA256
d2936ea152a60dd473a31674b439be4dc63da230232072a2531c31092358916b

SHA512
2e02228bdd9e43a1c8b1f11d7c51bf8dd0eac5c4daf3075c41100e350ee8bef3e7331469e8245bd3c47fd3d5bb8f1c44213f8f4107f6e3df481aada5667c81da

Download Submit
C:\Windows\system\qdEBfAV.exe

Filesize
6.1MB

MD5
8b8f967e4a4ecd1cd5f2e372119b9ce4

SHA1
2db4c3a58fc69993e4994ed0e22306fc2b5b6641

SHA256
99dbc449e5631e71a2b39278179ffc947255083d7ccbd74882859dbcfb74c936

SHA512
e1882b1b1ad7467b7ca529abf1e96d5eb47cd57979ba52065586283e686b5a10d3fbeb3f5f2f6644dab2d3892d032a3a70162e6827107148c0d9a644d105013d

Download Submit
C:\Windows\system\qoPKoYx.exe

Filesize
6.1MB

MD5
353ba27ce562bd5a8c0e88da58bc09e8

SHA1
169e9bdb7d8d8e67ffc1a278245f3610ec32b589

SHA256
52d4306562b49aa490306cc0ce77409fc4812fc5cf887351ad1321e210aa787c

SHA512
aba9ac8e01094e7900807722094718cbe28a5f4de686f177d43f5a03e96f3adcc3103214589e38b26c439ae2505ef5889c26ed61b13229ded12ceb820a5fb93f

Download Submit
C:\Windows\system\tOKQHSC.exe

Filesize
6.1MB

MD5
8424591c02de02d8710b5baf8e3ad738

SHA1
a30beeaf586a7c2449547ed550938601cf41c9a0

SHA256
0f5cabaa5e5d096690eb92c27979a766f870d9c2136246dfd6f231053792e9a6

SHA512
9262a5ab8f777d718ddf4bb8cded258ef7ef60d5dafb01ec2edfe3c237a277e41f0d6f4c872ad4190d27e07caeffecbfe3f6aae8e88b1a78168571534e18d021

Download Submit
\Windows\system\AjzFROp.exe

Filesize
6.1MB

MD5
4e1d5bed17e860484819939d9b55040a

SHA1
74600491481c4929826cdc7f9b685e2eca65800b

SHA256
9b19121f2ad63905e69851cb63778e33c7acec9fb53a7d5c765face8a1bfa15e

SHA512
47c7b50253bcdcc40fc3528fe092c9197359314fff8df8c100001fac869c4a10e9531add24f52cf94bb4a0e987707800060148601287c68079a6bc680e941f72

Download Submit
\Windows\system\DGutdNl.exe

Filesize
6.1MB

MD5
8b2366fd7dcba11e6837aee8bda98a43

SHA1
8935c3d9b62013389e801819726709d85193fa4d

SHA256
beb12d7acf54c2f2aac9647c0a8a1a98f2e14844adf8329ec2711694b35b94f3

SHA512
8b7f5c2685fd449a2b930b39145d8dc3f89103c6614e35f2762bf06722014625e0489d6090d73611916a4ae51a83ea2bf4785748d0a5ab2e2d8bc410cd3b2acb

Download Submit
\Windows\system\HwiJFqW.exe

Filesize
6.1MB

MD5
3f9c0f1a06f547252047e6dd7bfd1568

SHA1
f212a5e834e55c92857b7dd31d1a4a9457c10a77

SHA256
2e1231626e74192c1414f721db7f06e23cb0c14a7f04605e4dfdcbbd9afb8f37

SHA512
47cb683c9ca3e38d92449b3a69416b7386ab05c1c651db856edb461dd3a7c8f239fa3f0cc27ed7535644cf27a70756575ce2c9fdcb4e687051288d1510140175

Download Submit
\Windows\system\JqUIQPL.exe

Filesize
6.1MB

MD5
ca85c66401afbf24eef17398d4801a2b

SHA1
79f39022b50fae858fb919988adbf628ac552b54

SHA256
b846151caeca36d92232e495dce6d487530fe5b4ebe2b357f674793e363fc40b

SHA512
2de41a4516390e4f3d7372fb8b0fb72e7763b45de5d3e359df89eb47fa3875662a8af67b6bd609dbd026d65b1957f068cd201d760f4e05cc21f45d7de4019c7b

Download Submit
\Windows\system\StulRkJ.exe

Filesize
6.1MB

MD5
b7908e10c385fc7f3e36036a9ac07d0c

SHA1
73297fc8ac81135003da654ce823dfb91ca362ca

SHA256
89bcfce9f93a317f2cedd26ed5af5a3b78a34bd0b84e69432dc0b4d850253d2a

SHA512
5c139b8e02ba9fdde87d5847cab31a3552bbfffde94e9369ea5142974770ac227418ae85a9ba4b9134ca68df11b9d6b3095ae70b51eddf78c9beb46d244e392b

Download Submit
\Windows\system\WsVfnjQ.exe

Filesize
6.1MB

MD5
0983e9274a8df2daa736efd39542c574

SHA1
5b048393559b2495cbc5346c3c0414008f156306

SHA256
8ca20b3c2cb042a2025d8ef5fbe8b83c091bd0bf01ef927cb27e78898cdd769e

SHA512
94627971dd4eb61c1a937eaa46b4982cc0a3a1448280525ae27919d93e4bb950bb6508a2b0fdf67c117b79e90fb36543e0c85a6c02295add105651cb4744d539

Download Submit
\Windows\system\didCzaT.exe

Filesize
6.1MB

MD5
cb8711305b6ccb2f1cadb36e112f4de0

SHA1
d79211aad8e785a24ea612eae66fc293233bc13c

SHA256
3d072e400d10bc524ef564b35a869104b6d341bd8694388eeba676a76d303b0e

SHA512
ad98c4d911b2ea7005b8f3fe563154910b63d12d841d856086011df87b5ec0c496e6852e145e0d019b7a38dfbd329af8fc45585189e4fbc8c07b5cf31cae32f3

Download Submit
\Windows\system\jQpzlgg.exe

Filesize
6.1MB

MD5
6b7393db1a47f6ca39087f495a937deb

SHA1
f92885d503c765cb73803cf1f8cda574775fc9d3

SHA256
96682fd39bca7a000dce90927ee4592cd4fa349ec026dc79d70297a1aa7b0526

SHA512
43b62d35d48a4d5451f84cf42a48592dd49c2d2bcaa39bad1d04297611fc59919a92ef8fa1e7091aeebcbf7ef2d9ea539c3187fcf091cf0edf8b6ad1574a6678

Download Submit
\Windows\system\lkaOIdC.exe

Filesize
6.1MB

MD5
db2007244af78aa9a701c3aad4c04264

SHA1
262a86aa1356478791dce5327ce6cd46141eddf4

SHA256
31b93b1911d08f0558ee9c61b713c23812c46819fd4c376bb178fccc795f0bb6

SHA512
e458d6167373bc2b5f8e6de3cf5054d77189843d36e774b5145a7bf32a75a425d1e4b03840faa6de171bb0c6cca18abb8ec211b5f166ef75eeb3282be1dcbccb

Download Submit
\Windows\system\pGMWxpz.exe

Filesize
6.1MB

MD5
483f78fc80c2515ffc547656cf3c982c

SHA1
910c12f852935f17458084de8ae6f121907283b5

SHA256
35af6f085b942836faae41e01214744e714a2d50c8e2e2bbbf1f54b1091f3b3a

SHA512
42371458f82ab6f0f237dbf3af89fde1a5e1560a8341e359a89f447d971bffbacda8990e44642f8ca83f3c4291cd5638711f7a494b3a0dfd92a66ce499d47e52

Download Submit
\Windows\system\tPsTEPw.exe

Filesize
6.1MB

MD5
6fc6772298fe1914c9c1293b4cc2a049

SHA1
f0ca85a861eb74c68ef8f5da9da83a09009c936b

SHA256
84907be303c3a21db8eee3d74c2ea674d7997292ed4e5e90b094646ac1ffe26f

SHA512
a50777d0779adfd1ed4352c8c37d48a405692e8c3ba12c3303f2fd09837f1c8bb52d595e6b62ae7924e65fb3ca9eca9d759035ef1ae1211a38e3094089ab205f

Download Submit
\Windows\system\zAQuzGu.exe

Filesize
6.1MB

MD5
d40d848a204f6ede2582588d59e35492

SHA1
2f1ccb66de4ad280dc23576df38900a095320fad

SHA256
79b6a0cb28decd7799fdb79134906d81528f921b4abaf7f72795f549496faec5

SHA512
0b982ef336a71d67e71149bfe6afd7141ed1418f0037e17ca1ca3e70faf23240530029fd38f65f3994b10cd207deff234ecd3c9c42fe37feec4a055dae71ef89

Download Submit
memory/1652-33-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1652-3944-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-18-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1664-3943-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1912-45-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1912-1121-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/1912-125-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-72-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-106-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-121-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-135-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1912-129-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-26-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-116-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1912-139-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-874-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1912-1413-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1912-877-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-1412-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-82-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-37-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1912-67-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1912-60-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-40-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-0-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1912-49-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1912-41-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1948-39-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1948-3966-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2012-3964-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2012-53-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2256-3941-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-22-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-91-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3967-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-1122-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3939-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1255-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2616-111-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2636-58-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3965-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2636-999-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2656-117-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4151-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download