cobaltstrike | c0c4200dee0e3408f3c7a30d975a1ebc4cfc1b24aba17ba22263d194a0cf7525

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7280e5705e6acff12bbd77598499bab7
SHA1

127053296420d7f78be8910e0b696b3affd193c3
SHA256

c0c4200dee0e3408f3c7a30d975a1ebc4cfc1b24aba17ba22263d194a0cf7525
SHA512

64e35870598ca46dcd185e93a954d84dc405a652a83a7fa38a56c33d4ae4910d1a14baeecc2def74ac511a756b0757c4ef8bf60a882572aec2d6add181d96991
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000018334-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195a9-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195ab-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019547-24.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195af-30.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b5-41.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b7-49.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195bb-54.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195bd-62.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47b-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a480-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a482-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a484-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a491-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a493-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a1-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49f-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49e-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48f-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a488-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47d-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-106.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3048-0-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x0003000000018334-3.dat	xmrig
behavioral1/memory/2696-7-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x00080000000195a9-9.dat	xmrig
behavioral1/files/0x00070000000195ab-20.dat	xmrig
behavioral1/memory/2800-16-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2164-23-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019547-24.dat	xmrig
behavioral1/memory/2708-29-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x00070000000195af-30.dat	xmrig
behavioral1/memory/2848-42-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00060000000195b5-41.dat	xmrig
behavioral1/memory/2332-44-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/3048-40-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1780-52-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2800-51-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000195b7-49.dat	xmrig
behavioral1/memory/2696-47-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x00080000000195bb-54.dat	xmrig
behavioral1/memory/2708-59-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2412-61-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000195bd-62.dat	xmrig
behavioral1/files/0x000500000001a46f-70.dat	xmrig
behavioral1/memory/952-73-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1364-67-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1780-74-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a473-83.dat	xmrig
behavioral1/memory/1988-87-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a475-90.dat	xmrig
behavioral1/files/0x000500000001a471-79.dat	xmrig
behavioral1/memory/2780-96-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2924-85-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001a477-97.dat	xmrig
behavioral1/memory/1364-100-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2392-102-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x000500000001a47b-111.dat	xmrig
behavioral1/files/0x000500000001a480-119.dat	xmrig
behavioral1/files/0x000500000001a482-126.dat	xmrig
behavioral1/files/0x000500000001a484-133.dat	xmrig
behavioral1/files/0x000500000001a486-137.dat	xmrig
behavioral1/files/0x000500000001a48d-150.dat	xmrig
behavioral1/files/0x000500000001a491-163.dat	xmrig
behavioral1/files/0x000500000001a493-173.dat	xmrig
behavioral1/files/0x000500000001a4a1-193.dat	xmrig
behavioral1/memory/2780-337-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2392-421-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/1988-252-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2924-217-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49f-188.dat	xmrig
behavioral1/files/0x000500000001a49e-183.dat	xmrig
behavioral1/files/0x000500000001a49a-177.dat	xmrig
behavioral1/files/0x000500000001a499-171.dat	xmrig
behavioral1/files/0x000500000001a48f-157.dat	xmrig
behavioral1/files/0x000500000001a48a-147.dat	xmrig
behavioral1/files/0x000500000001a488-143.dat	xmrig
behavioral1/memory/952-127-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000500000001a47d-116.dat	xmrig
behavioral1/files/0x000500000001a479-106.dat	xmrig
behavioral1/memory/2800-1377-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2164-1402-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2696-1403-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2708-1441-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2332-1444-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2848-1445-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2696	YlsVxVK.exe
2800	UblGtGO.exe
2164	jetvJMv.exe
2708	vLxKyBv.exe
2848	RncaZhe.exe
2332	CWtCuQG.exe
1780	wvrDptj.exe
2412	URMkdgs.exe
1364	tSqGgGB.exe
952	uoNRFgn.exe
2924	xMnBBEh.exe
1988	GHrEcIo.exe
2780	BoVEirV.exe
2392	kdWkKNG.exe
2952	aDUEjVp.exe
1796	VUcHvLg.exe
1436	oaUrMba.exe
2956	mzxhZOJ.exe
1968	osCxqbk.exe
588	PJZMuVw.exe
2464	WvWgphG.exe
1216	JLAwFxZ.exe
1184	LdrDxfN.exe
2352	YCIugGd.exe
2400	yGltwpM.exe
2140	RyYVWyq.exe
2020	EYhJQdF.exe
2440	WzvOURo.exe
1276	kxxlrNe.exe
976	LuWWMZV.exe
1852	ONdkPWU.exe
1772	KtTToYv.exe
828	FAdvkSR.exe
2208	qzMORRT.exe
1080	RipSSDC.exe
1804	XuyUjlo.exe
1964	XMgUwUO.exe
1512	wTozUxb.exe
1372	ugZrNNT.exe
2524	VdioekQ.exe
3040	FTpvVUo.exe
1484	mfxCmBJ.exe
3000	sUypXWw.exe
2512	QLwgnTf.exe
108	ZvgRQze.exe
1152	bqxgwlt.exe
1188	JXCRWiE.exe
1996	BMtivgo.exe
1160	FXfqYtZ.exe
2508	hchuSed.exe
2264	QSooZgP.exe
884	EWusBTb.exe
2700	yhgAvYO.exe
2860	fKKFlUb.exe
2716	IxKksJp.exe
2620	iraICPn.exe
2596	jvjOFIU.exe
2992	aYZPVCb.exe
2204	jiXjAiq.exe
2640	glFIpox.exe
2648	pRYgBSF.exe
1840	ZqRvCTz.exe
2748	SvyKXok.exe
2660	EaajDIf.exe

Loads dropped DLL 64 IoCs

pid	Process
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3048-0-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x0003000000018334-3.dat	upx
behavioral1/memory/2696-7-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x00080000000195a9-9.dat	upx
behavioral1/files/0x00070000000195ab-20.dat	upx
behavioral1/memory/2800-16-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2164-23-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x0007000000019547-24.dat	upx
behavioral1/memory/2708-29-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x00070000000195af-30.dat	upx
behavioral1/memory/2848-42-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00060000000195b5-41.dat	upx
behavioral1/memory/2332-44-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/3048-40-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/1780-52-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2800-51-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x00060000000195b7-49.dat	upx
behavioral1/memory/2696-47-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x00080000000195bb-54.dat	upx
behavioral1/memory/2708-59-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2412-61-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x00070000000195bd-62.dat	upx
behavioral1/files/0x000500000001a46f-70.dat	upx
behavioral1/memory/952-73-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/1364-67-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1780-74-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x000500000001a473-83.dat	upx
behavioral1/memory/1988-87-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x000500000001a475-90.dat	upx
behavioral1/files/0x000500000001a471-79.dat	upx
behavioral1/memory/2780-96-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2924-85-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001a477-97.dat	upx
behavioral1/memory/1364-100-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2392-102-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x000500000001a47b-111.dat	upx
behavioral1/files/0x000500000001a480-119.dat	upx
behavioral1/files/0x000500000001a482-126.dat	upx
behavioral1/files/0x000500000001a484-133.dat	upx
behavioral1/files/0x000500000001a486-137.dat	upx
behavioral1/files/0x000500000001a48d-150.dat	upx
behavioral1/files/0x000500000001a491-163.dat	upx
behavioral1/files/0x000500000001a493-173.dat	upx
behavioral1/files/0x000500000001a4a1-193.dat	upx
behavioral1/memory/2780-337-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2392-421-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/1988-252-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2924-217-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001a49f-188.dat	upx
behavioral1/files/0x000500000001a49e-183.dat	upx
behavioral1/files/0x000500000001a49a-177.dat	upx
behavioral1/files/0x000500000001a499-171.dat	upx
behavioral1/files/0x000500000001a48f-157.dat	upx
behavioral1/files/0x000500000001a48a-147.dat	upx
behavioral1/files/0x000500000001a488-143.dat	upx
behavioral1/memory/952-127-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000500000001a47d-116.dat	upx
behavioral1/files/0x000500000001a479-106.dat	upx
behavioral1/memory/2800-1377-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2164-1402-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2696-1403-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2708-1441-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2332-1444-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2848-1445-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oByqxmY.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVVDScg.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpJkvOo.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRhXZWP.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBojvhk.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQqYWlb.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpKBNzV.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYlhFzx.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAcFobx.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvrDptj.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbuFDcr.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPXjbst.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCgZJPd.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJNAPQU.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKwdgej.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFMJYhW.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkigdPp.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvPFahx.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvTyawM.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qipqneK.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwalFgV.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkxjByW.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvTEAwQ.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhwUEJf.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWZQZWP.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fAMvHDI.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuhmYPC.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enjVbbR.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDpecUC.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYYmfyF.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuusMgt.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDBWOay.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHAYwNn.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJEsroj.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxOEUZH.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaUOTbL.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpKeGiy.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWJjZGs.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tswMNEE.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBOHkyv.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLRRWwW.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFBvfcE.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmjmqCO.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFmCfUl.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQtzrvk.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbxSctS.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\infmaVR.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLPsghD.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMlCUMU.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCOCmgf.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxrZBif.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTlpbXP.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIchIVU.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnzImeV.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDPofFj.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNxeibA.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELubyhB.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkvoMZl.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABDsZdr.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKHxNHB.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZcJYic.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkYDVpK.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haAATKU.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjEfgLe.exe	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2696	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3048 wrote to memory of 2696	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3048 wrote to memory of 2696	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3048 wrote to memory of 2800	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3048 wrote to memory of 2800	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3048 wrote to memory of 2800	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3048 wrote to memory of 2164	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3048 wrote to memory of 2164	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3048 wrote to memory of 2164	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3048 wrote to memory of 2708	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3048 wrote to memory of 2708	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3048 wrote to memory of 2708	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3048 wrote to memory of 2848	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3048 wrote to memory of 2848	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3048 wrote to memory of 2848	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3048 wrote to memory of 2332	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3048 wrote to memory of 2332	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3048 wrote to memory of 2332	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3048 wrote to memory of 1780	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3048 wrote to memory of 1780	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3048 wrote to memory of 1780	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3048 wrote to memory of 2412	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3048 wrote to memory of 2412	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3048 wrote to memory of 2412	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3048 wrote to memory of 1364	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3048 wrote to memory of 1364	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3048 wrote to memory of 1364	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3048 wrote to memory of 952	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3048 wrote to memory of 952	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3048 wrote to memory of 952	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3048 wrote to memory of 2924	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3048 wrote to memory of 2924	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3048 wrote to memory of 2924	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3048 wrote to memory of 1988	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3048 wrote to memory of 1988	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3048 wrote to memory of 1988	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3048 wrote to memory of 2780	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3048 wrote to memory of 2780	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3048 wrote to memory of 2780	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3048 wrote to memory of 2392	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3048 wrote to memory of 2392	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3048 wrote to memory of 2392	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3048 wrote to memory of 2952	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3048 wrote to memory of 2952	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3048 wrote to memory of 2952	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3048 wrote to memory of 1796	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3048 wrote to memory of 1796	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3048 wrote to memory of 1796	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3048 wrote to memory of 1436	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3048 wrote to memory of 1436	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3048 wrote to memory of 1436	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3048 wrote to memory of 2956	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3048 wrote to memory of 2956	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3048 wrote to memory of 2956	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3048 wrote to memory of 1968	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3048 wrote to memory of 1968	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3048 wrote to memory of 1968	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3048 wrote to memory of 588	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3048 wrote to memory of 588	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3048 wrote to memory of 588	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3048 wrote to memory of 2464	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3048 wrote to memory of 2464	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3048 wrote to memory of 2464	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3048 wrote to memory of 1216	3048	2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_7280e5705e6acff12bbd77598499bab7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\System\YlsVxVK.exe
  C:\Windows\System\YlsVxVK.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\UblGtGO.exe
  C:\Windows\System\UblGtGO.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\jetvJMv.exe
  C:\Windows\System\jetvJMv.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\vLxKyBv.exe
  C:\Windows\System\vLxKyBv.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\RncaZhe.exe
  C:\Windows\System\RncaZhe.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\CWtCuQG.exe
  C:\Windows\System\CWtCuQG.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\wvrDptj.exe
  C:\Windows\System\wvrDptj.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\URMkdgs.exe
  C:\Windows\System\URMkdgs.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\tSqGgGB.exe
  C:\Windows\System\tSqGgGB.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\uoNRFgn.exe
  C:\Windows\System\uoNRFgn.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\xMnBBEh.exe
  C:\Windows\System\xMnBBEh.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\GHrEcIo.exe
  C:\Windows\System\GHrEcIo.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\BoVEirV.exe
  C:\Windows\System\BoVEirV.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\kdWkKNG.exe
  C:\Windows\System\kdWkKNG.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\aDUEjVp.exe
  C:\Windows\System\aDUEjVp.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\VUcHvLg.exe
  C:\Windows\System\VUcHvLg.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\oaUrMba.exe
  C:\Windows\System\oaUrMba.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\mzxhZOJ.exe
  C:\Windows\System\mzxhZOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\osCxqbk.exe
  C:\Windows\System\osCxqbk.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\PJZMuVw.exe
  C:\Windows\System\PJZMuVw.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\WvWgphG.exe
  C:\Windows\System\WvWgphG.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\JLAwFxZ.exe
  C:\Windows\System\JLAwFxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\LdrDxfN.exe
  C:\Windows\System\LdrDxfN.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\YCIugGd.exe
  C:\Windows\System\YCIugGd.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\yGltwpM.exe
  C:\Windows\System\yGltwpM.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\RyYVWyq.exe
  C:\Windows\System\RyYVWyq.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\WzvOURo.exe
  C:\Windows\System\WzvOURo.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\EYhJQdF.exe
  C:\Windows\System\EYhJQdF.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\kxxlrNe.exe
  C:\Windows\System\kxxlrNe.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\LuWWMZV.exe
  C:\Windows\System\LuWWMZV.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\ONdkPWU.exe
  C:\Windows\System\ONdkPWU.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\KtTToYv.exe
  C:\Windows\System\KtTToYv.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\FAdvkSR.exe
  C:\Windows\System\FAdvkSR.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\qzMORRT.exe
  C:\Windows\System\qzMORRT.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\RipSSDC.exe
  C:\Windows\System\RipSSDC.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\XuyUjlo.exe
  C:\Windows\System\XuyUjlo.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\XMgUwUO.exe
  C:\Windows\System\XMgUwUO.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\wTozUxb.exe
  C:\Windows\System\wTozUxb.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\ugZrNNT.exe
  C:\Windows\System\ugZrNNT.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\VdioekQ.exe
  C:\Windows\System\VdioekQ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\FTpvVUo.exe
  C:\Windows\System\FTpvVUo.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\mfxCmBJ.exe
  C:\Windows\System\mfxCmBJ.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\sUypXWw.exe
  C:\Windows\System\sUypXWw.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\QLwgnTf.exe
  C:\Windows\System\QLwgnTf.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\ZvgRQze.exe
  C:\Windows\System\ZvgRQze.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\bqxgwlt.exe
  C:\Windows\System\bqxgwlt.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\JXCRWiE.exe
  C:\Windows\System\JXCRWiE.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\BMtivgo.exe
  C:\Windows\System\BMtivgo.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\FXfqYtZ.exe
  C:\Windows\System\FXfqYtZ.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\hchuSed.exe
  C:\Windows\System\hchuSed.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\QSooZgP.exe
  C:\Windows\System\QSooZgP.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\EWusBTb.exe
  C:\Windows\System\EWusBTb.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\yhgAvYO.exe
  C:\Windows\System\yhgAvYO.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\fKKFlUb.exe
  C:\Windows\System\fKKFlUb.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\IxKksJp.exe
  C:\Windows\System\IxKksJp.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\iraICPn.exe
  C:\Windows\System\iraICPn.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\jvjOFIU.exe
  C:\Windows\System\jvjOFIU.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\aYZPVCb.exe
  C:\Windows\System\aYZPVCb.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\jiXjAiq.exe
  C:\Windows\System\jiXjAiq.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\glFIpox.exe
  C:\Windows\System\glFIpox.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\pRYgBSF.exe
  C:\Windows\System\pRYgBSF.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\ZqRvCTz.exe
  C:\Windows\System\ZqRvCTz.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\SvyKXok.exe
  C:\Windows\System\SvyKXok.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\EaajDIf.exe
  C:\Windows\System\EaajDIf.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\fAosidZ.exe
  C:\Windows\System\fAosidZ.exe
  2⤵
  PID:2940
- C:\Windows\System\XGlWcuS.exe
  C:\Windows\System\XGlWcuS.exe
  2⤵
  PID:2856
- C:\Windows\System\KlwXaQo.exe
  C:\Windows\System\KlwXaQo.exe
  2⤵
  PID:1252
- C:\Windows\System\ARZNTIv.exe
  C:\Windows\System\ARZNTIv.exe
  2⤵
  PID:1648
- C:\Windows\System\YANzKfU.exe
  C:\Windows\System\YANzKfU.exe
  2⤵
  PID:2632
- C:\Windows\System\ctOOiWe.exe
  C:\Windows\System\ctOOiWe.exe
  2⤵
  PID:320
- C:\Windows\System\FFFhqIt.exe
  C:\Windows\System\FFFhqIt.exe
  2⤵
  PID:776
- C:\Windows\System\fGUMgUM.exe
  C:\Windows\System\fGUMgUM.exe
  2⤵
  PID:2468
- C:\Windows\System\EkqlNci.exe
  C:\Windows\System\EkqlNci.exe
  2⤵
  PID:1056
- C:\Windows\System\VFvRgKT.exe
  C:\Windows\System\VFvRgKT.exe
  2⤵
  PID:2196
- C:\Windows\System\KpCygho.exe
  C:\Windows\System\KpCygho.exe
  2⤵
  PID:2416
- C:\Windows\System\gLROLtn.exe
  C:\Windows\System\gLROLtn.exe
  2⤵
  PID:2328
- C:\Windows\System\NBZYpgw.exe
  C:\Windows\System\NBZYpgw.exe
  2⤵
  PID:2476
- C:\Windows\System\BGefOdI.exe
  C:\Windows\System\BGefOdI.exe
  2⤵
  PID:964
- C:\Windows\System\lSwceoY.exe
  C:\Windows\System\lSwceoY.exe
  2⤵
  PID:1700
- C:\Windows\System\FYhOHDH.exe
  C:\Windows\System\FYhOHDH.exe
  2⤵
  PID:1292
- C:\Windows\System\uXbiErU.exe
  C:\Windows\System\uXbiErU.exe
  2⤵
  PID:1508
- C:\Windows\System\JWUnkOV.exe
  C:\Windows\System\JWUnkOV.exe
  2⤵
  PID:1228
- C:\Windows\System\NCOCmgf.exe
  C:\Windows\System\NCOCmgf.exe
  2⤵
  PID:1404
- C:\Windows\System\VmWpBDp.exe
  C:\Windows\System\VmWpBDp.exe
  2⤵
  PID:364
- C:\Windows\System\DHVOGNe.exe
  C:\Windows\System\DHVOGNe.exe
  2⤵
  PID:1248
- C:\Windows\System\uQQkFsx.exe
  C:\Windows\System\uQQkFsx.exe
  2⤵
  PID:2672
- C:\Windows\System\ZyJWqPQ.exe
  C:\Windows\System\ZyJWqPQ.exe
  2⤵
  PID:2528
- C:\Windows\System\fzjdwyc.exe
  C:\Windows\System\fzjdwyc.exe
  2⤵
  PID:3012
- C:\Windows\System\mPBFBgR.exe
  C:\Windows\System\mPBFBgR.exe
  2⤵
  PID:2000
- C:\Windows\System\lIfdfUT.exe
  C:\Windows\System\lIfdfUT.exe
  2⤵
  PID:2248
- C:\Windows\System\oByqxmY.exe
  C:\Windows\System\oByqxmY.exe
  2⤵
  PID:1612
- C:\Windows\System\vfTAJHA.exe
  C:\Windows\System\vfTAJHA.exe
  2⤵
  PID:2788
- C:\Windows\System\gisHapt.exe
  C:\Windows\System\gisHapt.exe
  2⤵
  PID:2816
- C:\Windows\System\chNydiv.exe
  C:\Windows\System\chNydiv.exe
  2⤵
  PID:2764
- C:\Windows\System\xdIwSJy.exe
  C:\Windows\System\xdIwSJy.exe
  2⤵
  PID:2604
- C:\Windows\System\EkvoMZl.exe
  C:\Windows\System\EkvoMZl.exe
  2⤵
  PID:2884
- C:\Windows\System\MZdgWMA.exe
  C:\Windows\System\MZdgWMA.exe
  2⤵
  PID:2628
- C:\Windows\System\rNMQqtj.exe
  C:\Windows\System\rNMQqtj.exe
  2⤵
  PID:2612
- C:\Windows\System\WooyezZ.exe
  C:\Windows\System\WooyezZ.exe
  2⤵
  PID:432
- C:\Windows\System\spOQqTE.exe
  C:\Windows\System\spOQqTE.exe
  2⤵
  PID:2944
- C:\Windows\System\ShImeHn.exe
  C:\Windows\System\ShImeHn.exe
  2⤵
  PID:1992
- C:\Windows\System\ioVhSrA.exe
  C:\Windows\System\ioVhSrA.exe
  2⤵
  PID:2336
- C:\Windows\System\qZlNhMI.exe
  C:\Windows\System\qZlNhMI.exe
  2⤵
  PID:1784
- C:\Windows\System\WoCAMUU.exe
  C:\Windows\System\WoCAMUU.exe
  2⤵
  PID:2348
- C:\Windows\System\LQPWtLb.exe
  C:\Windows\System\LQPWtLb.exe
  2⤵
  PID:2212
- C:\Windows\System\pspcupl.exe
  C:\Windows\System\pspcupl.exe
  2⤵
  PID:1412
- C:\Windows\System\JpfXQlW.exe
  C:\Windows\System\JpfXQlW.exe
  2⤵
  PID:1636
- C:\Windows\System\infmaVR.exe
  C:\Windows\System\infmaVR.exe
  2⤵
  PID:872
- C:\Windows\System\XSFQlIu.exe
  C:\Windows\System\XSFQlIu.exe
  2⤵
  PID:2076
- C:\Windows\System\eeOvgVK.exe
  C:\Windows\System\eeOvgVK.exe
  2⤵
  PID:536
- C:\Windows\System\ZXSrrfg.exe
  C:\Windows\System\ZXSrrfg.exe
  2⤵
  PID:620
- C:\Windows\System\lERaApr.exe
  C:\Windows\System\lERaApr.exe
  2⤵
  PID:848
- C:\Windows\System\UOabGPf.exe
  C:\Windows\System\UOabGPf.exe
  2⤵
  PID:2012
- C:\Windows\System\WiATYNt.exe
  C:\Windows\System\WiATYNt.exe
  2⤵
  PID:2316
- C:\Windows\System\XHAYwNn.exe
  C:\Windows\System\XHAYwNn.exe
  2⤵
  PID:2600
- C:\Windows\System\fdurOUM.exe
  C:\Windows\System\fdurOUM.exe
  2⤵
  PID:2852
- C:\Windows\System\AFajwIq.exe
  C:\Windows\System\AFajwIq.exe
  2⤵
  PID:3016
- C:\Windows\System\BYFwDJE.exe
  C:\Windows\System\BYFwDJE.exe
  2⤵
  PID:2132
- C:\Windows\System\UgxYpRC.exe
  C:\Windows\System\UgxYpRC.exe
  2⤵
  PID:880
- C:\Windows\System\AWJjZGs.exe
  C:\Windows\System\AWJjZGs.exe
  2⤵
  PID:2768
- C:\Windows\System\WfNqTfb.exe
  C:\Windows\System\WfNqTfb.exe
  2⤵
  PID:3064
- C:\Windows\System\GnegfSH.exe
  C:\Windows\System\GnegfSH.exe
  2⤵
  PID:2068
- C:\Windows\System\BhsoutB.exe
  C:\Windows\System\BhsoutB.exe
  2⤵
  PID:2572
- C:\Windows\System\enkQZCL.exe
  C:\Windows\System\enkQZCL.exe
  2⤵
  PID:2228
- C:\Windows\System\XIsCblR.exe
  C:\Windows\System\XIsCblR.exe
  2⤵
  PID:980
- C:\Windows\System\tgqUKIw.exe
  C:\Windows\System\tgqUKIw.exe
  2⤵
  PID:1148
- C:\Windows\System\mMUYIJD.exe
  C:\Windows\System\mMUYIJD.exe
  2⤵
  PID:1600
- C:\Windows\System\SpMxzLs.exe
  C:\Windows\System\SpMxzLs.exe
  2⤵
  PID:1928
- C:\Windows\System\wLLkNuN.exe
  C:\Windows\System\wLLkNuN.exe
  2⤵
  PID:1720
- C:\Windows\System\FyyoEaU.exe
  C:\Windows\System\FyyoEaU.exe
  2⤵
  PID:2868
- C:\Windows\System\BSzWZsw.exe
  C:\Windows\System\BSzWZsw.exe
  2⤵
  PID:2056
- C:\Windows\System\iyELUBL.exe
  C:\Windows\System\iyELUBL.exe
  2⤵
  PID:2356
- C:\Windows\System\WtLJVUI.exe
  C:\Windows\System\WtLJVUI.exe
  2⤵
  PID:2044
- C:\Windows\System\XzZvCuA.exe
  C:\Windows\System\XzZvCuA.exe
  2⤵
  PID:2916
- C:\Windows\System\QVCbCjo.exe
  C:\Windows\System\QVCbCjo.exe
  2⤵
  PID:2016
- C:\Windows\System\aQIjBQe.exe
  C:\Windows\System\aQIjBQe.exe
  2⤵
  PID:2908
- C:\Windows\System\BuKgRyE.exe
  C:\Windows\System\BuKgRyE.exe
  2⤵
  PID:1716
- C:\Windows\System\MkigpLC.exe
  C:\Windows\System\MkigpLC.exe
  2⤵
  PID:1672
- C:\Windows\System\zodpaxy.exe
  C:\Windows\System\zodpaxy.exe
  2⤵
  PID:1604
- C:\Windows\System\squsPbs.exe
  C:\Windows\System\squsPbs.exe
  2⤵
  PID:2108
- C:\Windows\System\AziSVxO.exe
  C:\Windows\System\AziSVxO.exe
  2⤵
  PID:1808
- C:\Windows\System\HtZbOOX.exe
  C:\Windows\System\HtZbOOX.exe
  2⤵
  PID:2948
- C:\Windows\System\mHToFYL.exe
  C:\Windows\System\mHToFYL.exe
  2⤵
  PID:2080
- C:\Windows\System\lNEERJB.exe
  C:\Windows\System\lNEERJB.exe
  2⤵
  PID:1296
- C:\Windows\System\CAAmIVD.exe
  C:\Windows\System\CAAmIVD.exe
  2⤵
  PID:3008
- C:\Windows\System\DXsPIQG.exe
  C:\Windows\System\DXsPIQG.exe
  2⤵
  PID:524
- C:\Windows\System\NKHNDdQ.exe
  C:\Windows\System\NKHNDdQ.exe
  2⤵
  PID:2720
- C:\Windows\System\VThmgKr.exe
  C:\Windows\System\VThmgKr.exe
  2⤵
  PID:648
- C:\Windows\System\EEpfgbe.exe
  C:\Windows\System\EEpfgbe.exe
  2⤵
  PID:332
- C:\Windows\System\JzWVhkK.exe
  C:\Windows\System\JzWVhkK.exe
  2⤵
  PID:2148
- C:\Windows\System\gBttMob.exe
  C:\Windows\System\gBttMob.exe
  2⤵
  PID:1704
- C:\Windows\System\zhiCFMm.exe
  C:\Windows\System\zhiCFMm.exe
  2⤵
  PID:616
- C:\Windows\System\EnoNrNf.exe
  C:\Windows\System\EnoNrNf.exe
  2⤵
  PID:3020
- C:\Windows\System\VsyMxgG.exe
  C:\Windows\System\VsyMxgG.exe
  2⤵
  PID:580
- C:\Windows\System\hVVZMGS.exe
  C:\Windows\System\hVVZMGS.exe
  2⤵
  PID:1728
- C:\Windows\System\clLfJSx.exe
  C:\Windows\System\clLfJSx.exe
  2⤵
  PID:860
- C:\Windows\System\DgUsWom.exe
  C:\Windows\System\DgUsWom.exe
  2⤵
  PID:2192
- C:\Windows\System\fTIvqQS.exe
  C:\Windows\System\fTIvqQS.exe
  2⤵
  PID:2616
- C:\Windows\System\xseDZUV.exe
  C:\Windows\System\xseDZUV.exe
  2⤵
  PID:2740
- C:\Windows\System\HJTvZJl.exe
  C:\Windows\System\HJTvZJl.exe
  2⤵
  PID:876
- C:\Windows\System\GRPOAgI.exe
  C:\Windows\System\GRPOAgI.exe
  2⤵
  PID:684
- C:\Windows\System\XfpBtkD.exe
  C:\Windows\System\XfpBtkD.exe
  2⤵
  PID:1744
- C:\Windows\System\yUsvPqN.exe
  C:\Windows\System\yUsvPqN.exe
  2⤵
  PID:2928
- C:\Windows\System\nzMFJSF.exe
  C:\Windows\System\nzMFJSF.exe
  2⤵
  PID:1692
- C:\Windows\System\IjgpGlX.exe
  C:\Windows\System\IjgpGlX.exe
  2⤵
  PID:396
- C:\Windows\System\WvEogtq.exe
  C:\Windows\System\WvEogtq.exe
  2⤵
  PID:2004
- C:\Windows\System\vNLLBFK.exe
  C:\Windows\System\vNLLBFK.exe
  2⤵
  PID:1116
- C:\Windows\System\rcaaoIE.exe
  C:\Windows\System\rcaaoIE.exe
  2⤵
  PID:2092
- C:\Windows\System\PpzKWuX.exe
  C:\Windows\System\PpzKWuX.exe
  2⤵
  PID:552
- C:\Windows\System\kTqHILv.exe
  C:\Windows\System\kTqHILv.exe
  2⤵
  PID:944
- C:\Windows\System\aAUHGnr.exe
  C:\Windows\System\aAUHGnr.exe
  2⤵
  PID:2320
- C:\Windows\System\ZZlgVDw.exe
  C:\Windows\System\ZZlgVDw.exe
  2⤵
  PID:2912
- C:\Windows\System\EHmtIrh.exe
  C:\Windows\System\EHmtIrh.exe
  2⤵
  PID:2728
- C:\Windows\System\ASKSPTb.exe
  C:\Windows\System\ASKSPTb.exe
  2⤵
  PID:2652
- C:\Windows\System\DGkdMpr.exe
  C:\Windows\System\DGkdMpr.exe
  2⤵
  PID:1516
- C:\Windows\System\AeZkKlA.exe
  C:\Windows\System\AeZkKlA.exe
  2⤵
  PID:280
- C:\Windows\System\JgeRrjG.exe
  C:\Windows\System\JgeRrjG.exe
  2⤵
  PID:2960
- C:\Windows\System\OVUjvjM.exe
  C:\Windows\System\OVUjvjM.exe
  2⤵
  PID:1528
- C:\Windows\System\hBheMBK.exe
  C:\Windows\System\hBheMBK.exe
  2⤵
  PID:1732
- C:\Windows\System\TjxSDFS.exe
  C:\Windows\System\TjxSDFS.exe
  2⤵
  PID:1904
- C:\Windows\System\ZygEbIp.exe
  C:\Windows\System\ZygEbIp.exe
  2⤵
  PID:2756
- C:\Windows\System\cpHyYcY.exe
  C:\Windows\System\cpHyYcY.exe
  2⤵
  PID:3088
- C:\Windows\System\WvvHufc.exe
  C:\Windows\System\WvvHufc.exe
  2⤵
  PID:3112
- C:\Windows\System\EbFvdcn.exe
  C:\Windows\System\EbFvdcn.exe
  2⤵
  PID:3132
- C:\Windows\System\mLNeMcs.exe
  C:\Windows\System\mLNeMcs.exe
  2⤵
  PID:3148
- C:\Windows\System\yHrYOsC.exe
  C:\Windows\System\yHrYOsC.exe
  2⤵
  PID:3168
- C:\Windows\System\mpmgKSD.exe
  C:\Windows\System\mpmgKSD.exe
  2⤵
  PID:3196
- C:\Windows\System\ZkxjByW.exe
  C:\Windows\System\ZkxjByW.exe
  2⤵
  PID:3212
- C:\Windows\System\YRMRSEn.exe
  C:\Windows\System\YRMRSEn.exe
  2⤵
  PID:3236
- C:\Windows\System\nKyALXN.exe
  C:\Windows\System\nKyALXN.exe
  2⤵
  PID:3252
- C:\Windows\System\bFVitnO.exe
  C:\Windows\System\bFVitnO.exe
  2⤵
  PID:3268
- C:\Windows\System\RCXNdJU.exe
  C:\Windows\System\RCXNdJU.exe
  2⤵
  PID:3296
- C:\Windows\System\CcFHBIh.exe
  C:\Windows\System\CcFHBIh.exe
  2⤵
  PID:3312
- C:\Windows\System\LkDcNpN.exe
  C:\Windows\System\LkDcNpN.exe
  2⤵
  PID:3332
- C:\Windows\System\Dlvihru.exe
  C:\Windows\System\Dlvihru.exe
  2⤵
  PID:3356
- C:\Windows\System\mGdyxSw.exe
  C:\Windows\System\mGdyxSw.exe
  2⤵
  PID:3372
- C:\Windows\System\EYyaVXn.exe
  C:\Windows\System\EYyaVXn.exe
  2⤵
  PID:3392
- C:\Windows\System\YcQYNsq.exe
  C:\Windows\System\YcQYNsq.exe
  2⤵
  PID:3412
- C:\Windows\System\cNNNOEs.exe
  C:\Windows\System\cNNNOEs.exe
  2⤵
  PID:3432
- C:\Windows\System\hmdAEXW.exe
  C:\Windows\System\hmdAEXW.exe
  2⤵
  PID:3452
- C:\Windows\System\cGTDmqu.exe
  C:\Windows\System\cGTDmqu.exe
  2⤵
  PID:3468
- C:\Windows\System\TTGxIvb.exe
  C:\Windows\System\TTGxIvb.exe
  2⤵
  PID:3488
- C:\Windows\System\TrUidty.exe
  C:\Windows\System\TrUidty.exe
  2⤵
  PID:3504
- C:\Windows\System\qsRaWdJ.exe
  C:\Windows\System\qsRaWdJ.exe
  2⤵
  PID:3532
- C:\Windows\System\jaLKKEC.exe
  C:\Windows\System\jaLKKEC.exe
  2⤵
  PID:3548
- C:\Windows\System\EIWWhsy.exe
  C:\Windows\System\EIWWhsy.exe
  2⤵
  PID:3564
- C:\Windows\System\tPNQMko.exe
  C:\Windows\System\tPNQMko.exe
  2⤵
  PID:3580
- C:\Windows\System\EXinwbu.exe
  C:\Windows\System\EXinwbu.exe
  2⤵
  PID:3596
- C:\Windows\System\UjwpXTa.exe
  C:\Windows\System\UjwpXTa.exe
  2⤵
  PID:3632
- C:\Windows\System\lYEOyqL.exe
  C:\Windows\System\lYEOyqL.exe
  2⤵
  PID:3652
- C:\Windows\System\VuMPCwo.exe
  C:\Windows\System\VuMPCwo.exe
  2⤵
  PID:3672
- C:\Windows\System\OHUDXJl.exe
  C:\Windows\System\OHUDXJl.exe
  2⤵
  PID:3700
- C:\Windows\System\NmqBTlP.exe
  C:\Windows\System\NmqBTlP.exe
  2⤵
  PID:3720
- C:\Windows\System\ZWvNcGz.exe
  C:\Windows\System\ZWvNcGz.exe
  2⤵
  PID:3740
- C:\Windows\System\sjEEIej.exe
  C:\Windows\System\sjEEIej.exe
  2⤵
  PID:3756
- C:\Windows\System\dIaSRum.exe
  C:\Windows\System\dIaSRum.exe
  2⤵
  PID:3772
- C:\Windows\System\XyaOASS.exe
  C:\Windows\System\XyaOASS.exe
  2⤵
  PID:3788
- C:\Windows\System\hIFUhYQ.exe
  C:\Windows\System\hIFUhYQ.exe
  2⤵
  PID:3804
- C:\Windows\System\Kidqghb.exe
  C:\Windows\System\Kidqghb.exe
  2⤵
  PID:3836
- C:\Windows\System\SyeeZmO.exe
  C:\Windows\System\SyeeZmO.exe
  2⤵
  PID:3856
- C:\Windows\System\CjEfgLe.exe
  C:\Windows\System\CjEfgLe.exe
  2⤵
  PID:3880
- C:\Windows\System\oZBLaQa.exe
  C:\Windows\System\oZBLaQa.exe
  2⤵
  PID:3896
- C:\Windows\System\MSqTkSc.exe
  C:\Windows\System\MSqTkSc.exe
  2⤵
  PID:3920
- C:\Windows\System\NOIYXFx.exe
  C:\Windows\System\NOIYXFx.exe
  2⤵
  PID:3936
- C:\Windows\System\tswMNEE.exe
  C:\Windows\System\tswMNEE.exe
  2⤵
  PID:3956
- C:\Windows\System\jzDoRjd.exe
  C:\Windows\System\jzDoRjd.exe
  2⤵
  PID:3976
- C:\Windows\System\ahwTDVJ.exe
  C:\Windows\System\ahwTDVJ.exe
  2⤵
  PID:3992
- C:\Windows\System\ENNmnOK.exe
  C:\Windows\System\ENNmnOK.exe
  2⤵
  PID:4008
- C:\Windows\System\yWBfXGt.exe
  C:\Windows\System\yWBfXGt.exe
  2⤵
  PID:4032
- C:\Windows\System\kyJadNg.exe
  C:\Windows\System\kyJadNg.exe
  2⤵
  PID:4056
- C:\Windows\System\KgANNaE.exe
  C:\Windows\System\KgANNaE.exe
  2⤵
  PID:4072
- C:\Windows\System\IOwmWKZ.exe
  C:\Windows\System\IOwmWKZ.exe
  2⤵
  PID:2028
- C:\Windows\System\hBqpOfs.exe
  C:\Windows\System\hBqpOfs.exe
  2⤵
  PID:1384
- C:\Windows\System\GrcCzlL.exe
  C:\Windows\System\GrcCzlL.exe
  2⤵
  PID:3084
- C:\Windows\System\WVamWkf.exe
  C:\Windows\System\WVamWkf.exe
  2⤵
  PID:3120
- C:\Windows\System\BbxSISv.exe
  C:\Windows\System\BbxSISv.exe
  2⤵
  PID:3176
- C:\Windows\System\xYjdkGC.exe
  C:\Windows\System\xYjdkGC.exe
  2⤵
  PID:3164
- C:\Windows\System\fExSKVx.exe
  C:\Windows\System\fExSKVx.exe
  2⤵
  PID:3228
- C:\Windows\System\rjxjgZc.exe
  C:\Windows\System\rjxjgZc.exe
  2⤵
  PID:3288
- C:\Windows\System\bVSZGQg.exe
  C:\Windows\System\bVSZGQg.exe
  2⤵
  PID:3308
- C:\Windows\System\YNCPEAm.exe
  C:\Windows\System\YNCPEAm.exe
  2⤵
  PID:3344
- C:\Windows\System\ytVoHEe.exe
  C:\Windows\System\ytVoHEe.exe
  2⤵
  PID:3380
- C:\Windows\System\HMfqewX.exe
  C:\Windows\System\HMfqewX.exe
  2⤵
  PID:3404
- C:\Windows\System\NZipMDl.exe
  C:\Windows\System\NZipMDl.exe
  2⤵
  PID:3424
- C:\Windows\System\WVzkEDW.exe
  C:\Windows\System\WVzkEDW.exe
  2⤵
  PID:3440
- C:\Windows\System\lWzdpUe.exe
  C:\Windows\System\lWzdpUe.exe
  2⤵
  PID:3484
- C:\Windows\System\yRYeTKq.exe
  C:\Windows\System\yRYeTKq.exe
  2⤵
  PID:3588
- C:\Windows\System\pZRazqU.exe
  C:\Windows\System\pZRazqU.exe
  2⤵
  PID:3576
- C:\Windows\System\AZzXdmd.exe
  C:\Windows\System\AZzXdmd.exe
  2⤵
  PID:3624
- C:\Windows\System\aYlJaxY.exe
  C:\Windows\System\aYlJaxY.exe
  2⤵
  PID:3604
- C:\Windows\System\DrIqnfj.exe
  C:\Windows\System\DrIqnfj.exe
  2⤵
  PID:3688
- C:\Windows\System\KJVOEyt.exe
  C:\Windows\System\KJVOEyt.exe
  2⤵
  PID:3736
- C:\Windows\System\JLtLnld.exe
  C:\Windows\System\JLtLnld.exe
  2⤵
  PID:3748
- C:\Windows\System\aLkRjPr.exe
  C:\Windows\System\aLkRjPr.exe
  2⤵
  PID:3820
- C:\Windows\System\mYxglvl.exe
  C:\Windows\System\mYxglvl.exe
  2⤵
  PID:3768
- C:\Windows\System\yBOHkyv.exe
  C:\Windows\System\yBOHkyv.exe
  2⤵
  PID:3852
- C:\Windows\System\OlpvUsN.exe
  C:\Windows\System\OlpvUsN.exe
  2⤵
  PID:3876
- C:\Windows\System\dOtyYXg.exe
  C:\Windows\System\dOtyYXg.exe
  2⤵
  PID:3908
- C:\Windows\System\sAYZMZb.exe
  C:\Windows\System\sAYZMZb.exe
  2⤵
  PID:3948
- C:\Windows\System\cZexRNW.exe
  C:\Windows\System\cZexRNW.exe
  2⤵
  PID:3964
- C:\Windows\System\VPFxzil.exe
  C:\Windows\System\VPFxzil.exe
  2⤵
  PID:4024
- C:\Windows\System\GEVksOF.exe
  C:\Windows\System\GEVksOF.exe
  2⤵
  PID:4068
- C:\Windows\System\qMfwtOl.exe
  C:\Windows\System\qMfwtOl.exe
  2⤵
  PID:3140
- C:\Windows\System\caGndRN.exe
  C:\Windows\System\caGndRN.exe
  2⤵
  PID:3224
- C:\Windows\System\UpcbZcp.exe
  C:\Windows\System\UpcbZcp.exe
  2⤵
  PID:3244
- C:\Windows\System\lTeUQuX.exe
  C:\Windows\System\lTeUQuX.exe
  2⤵
  PID:4052
- C:\Windows\System\vwpiKfh.exe
  C:\Windows\System\vwpiKfh.exe
  2⤵
  PID:3100
- C:\Windows\System\iqLVkhK.exe
  C:\Windows\System\iqLVkhK.exe
  2⤵
  PID:3128
- C:\Windows\System\qatpaXF.exe
  C:\Windows\System\qatpaXF.exe
  2⤵
  PID:3328
- C:\Windows\System\aOCejLG.exe
  C:\Windows\System\aOCejLG.exe
  2⤵
  PID:3428
- C:\Windows\System\hftoSWU.exe
  C:\Windows\System\hftoSWU.exe
  2⤵
  PID:3476
- C:\Windows\System\mTCddMl.exe
  C:\Windows\System\mTCddMl.exe
  2⤵
  PID:3560
- C:\Windows\System\HCrVCne.exe
  C:\Windows\System\HCrVCne.exe
  2⤵
  PID:3640
- C:\Windows\System\rLtSiTS.exe
  C:\Windows\System\rLtSiTS.exe
  2⤵
  PID:3644
- C:\Windows\System\xsJGbPW.exe
  C:\Windows\System\xsJGbPW.exe
  2⤵
  PID:3684
- C:\Windows\System\xhQYpeY.exe
  C:\Windows\System\xhQYpeY.exe
  2⤵
  PID:3732
- C:\Windows\System\qFLdoRM.exe
  C:\Windows\System\qFLdoRM.exe
  2⤵
  PID:3800
- C:\Windows\System\fULCjsV.exe
  C:\Windows\System\fULCjsV.exe
  2⤵
  PID:3888
- C:\Windows\System\nFuohuI.exe
  C:\Windows\System\nFuohuI.exe
  2⤵
  PID:3916
- C:\Windows\System\UhrHZHp.exe
  C:\Windows\System\UhrHZHp.exe
  2⤵
  PID:3944
- C:\Windows\System\rkaaVMJ.exe
  C:\Windows\System\rkaaVMJ.exe
  2⤵
  PID:3184
- C:\Windows\System\siyTuLB.exe
  C:\Windows\System\siyTuLB.exe
  2⤵
  PID:3156
- C:\Windows\System\LYepeEX.exe
  C:\Windows\System\LYepeEX.exe
  2⤵
  PID:3260
- C:\Windows\System\yqrSYzb.exe
  C:\Windows\System\yqrSYzb.exe
  2⤵
  PID:3324
- C:\Windows\System\toSkUQQ.exe
  C:\Windows\System\toSkUQQ.exe
  2⤵
  PID:4084
- C:\Windows\System\mGYgBYK.exe
  C:\Windows\System\mGYgBYK.exe
  2⤵
  PID:3292
- C:\Windows\System\bnFYGAI.exe
  C:\Windows\System\bnFYGAI.exe
  2⤵
  PID:3556
- C:\Windows\System\KNJzEDn.exe
  C:\Windows\System\KNJzEDn.exe
  2⤵
  PID:3516
- C:\Windows\System\arwiWGl.exe
  C:\Windows\System\arwiWGl.exe
  2⤵
  PID:3572
- C:\Windows\System\mRJNPki.exe
  C:\Windows\System\mRJNPki.exe
  2⤵
  PID:3812
- C:\Windows\System\CLdpAqb.exe
  C:\Windows\System\CLdpAqb.exe
  2⤵
  PID:3872
- C:\Windows\System\easHRDo.exe
  C:\Windows\System\easHRDo.exe
  2⤵
  PID:4004
- C:\Windows\System\rTnrRfi.exe
  C:\Windows\System\rTnrRfi.exe
  2⤵
  PID:2480
- C:\Windows\System\LstdOeD.exe
  C:\Windows\System\LstdOeD.exe
  2⤵
  PID:3276
- C:\Windows\System\TLPsghD.exe
  C:\Windows\System\TLPsghD.exe
  2⤵
  PID:3464
- C:\Windows\System\UMZgJsm.exe
  C:\Windows\System\UMZgJsm.exe
  2⤵
  PID:3444
- C:\Windows\System\wEENJtR.exe
  C:\Windows\System\wEENJtR.exe
  2⤵
  PID:3664
- C:\Windows\System\EsviAhH.exe
  C:\Windows\System\EsviAhH.exe
  2⤵
  PID:3780
- C:\Windows\System\uehKwkd.exe
  C:\Windows\System\uehKwkd.exe
  2⤵
  PID:3816
- C:\Windows\System\fQYZSTj.exe
  C:\Windows\System\fQYZSTj.exe
  2⤵
  PID:3928
- C:\Windows\System\uriuecv.exe
  C:\Windows\System\uriuecv.exe
  2⤵
  PID:3304
- C:\Windows\System\MVGyllj.exe
  C:\Windows\System\MVGyllj.exe
  2⤵
  PID:3420
- C:\Windows\System\UAstMtt.exe
  C:\Windows\System\UAstMtt.exe
  2⤵
  PID:3868
- C:\Windows\System\KRgvcia.exe
  C:\Windows\System\KRgvcia.exe
  2⤵
  PID:4028
- C:\Windows\System\QZYVBGe.exe
  C:\Windows\System\QZYVBGe.exe
  2⤵
  PID:3108
- C:\Windows\System\hbiAOpj.exe
  C:\Windows\System\hbiAOpj.exe
  2⤵
  PID:3544
- C:\Windows\System\gEJZxqv.exe
  C:\Windows\System\gEJZxqv.exe
  2⤵
  PID:3952
- C:\Windows\System\dxiUUbY.exe
  C:\Windows\System\dxiUUbY.exe
  2⤵
  PID:3972
- C:\Windows\System\GZrhyyu.exe
  C:\Windows\System\GZrhyyu.exe
  2⤵
  PID:4104
- C:\Windows\System\wJmwWhI.exe
  C:\Windows\System\wJmwWhI.exe
  2⤵
  PID:4132
- C:\Windows\System\TuDlrKd.exe
  C:\Windows\System\TuDlrKd.exe
  2⤵
  PID:4152
- C:\Windows\System\twKCfuo.exe
  C:\Windows\System\twKCfuo.exe
  2⤵
  PID:4168
- C:\Windows\System\cvoYONK.exe
  C:\Windows\System\cvoYONK.exe
  2⤵
  PID:4188
- C:\Windows\System\dGUJleQ.exe
  C:\Windows\System\dGUJleQ.exe
  2⤵
  PID:4208
- C:\Windows\System\gpDWCfS.exe
  C:\Windows\System\gpDWCfS.exe
  2⤵
  PID:4228
- C:\Windows\System\pAgJwsh.exe
  C:\Windows\System\pAgJwsh.exe
  2⤵
  PID:4248
- C:\Windows\System\JOqvGSF.exe
  C:\Windows\System\JOqvGSF.exe
  2⤵
  PID:4264
- C:\Windows\System\TjNleoi.exe
  C:\Windows\System\TjNleoi.exe
  2⤵
  PID:4292
- C:\Windows\System\DPLetoe.exe
  C:\Windows\System\DPLetoe.exe
  2⤵
  PID:4312
- C:\Windows\System\QMOPFOY.exe
  C:\Windows\System\QMOPFOY.exe
  2⤵
  PID:4332
- C:\Windows\System\sNInTMn.exe
  C:\Windows\System\sNInTMn.exe
  2⤵
  PID:4348
- C:\Windows\System\ayTCRwS.exe
  C:\Windows\System\ayTCRwS.exe
  2⤵
  PID:4376
- C:\Windows\System\CMByfCC.exe
  C:\Windows\System\CMByfCC.exe
  2⤵
  PID:4392
- C:\Windows\System\LvIddYc.exe
  C:\Windows\System\LvIddYc.exe
  2⤵
  PID:4412
- C:\Windows\System\DIxuKYS.exe
  C:\Windows\System\DIxuKYS.exe
  2⤵
  PID:4432
- C:\Windows\System\qgcxnxs.exe
  C:\Windows\System\qgcxnxs.exe
  2⤵
  PID:4456
- C:\Windows\System\GScqZpK.exe
  C:\Windows\System\GScqZpK.exe
  2⤵
  PID:4476
- C:\Windows\System\SQQobnT.exe
  C:\Windows\System\SQQobnT.exe
  2⤵
  PID:4492
- C:\Windows\System\CsuTxCZ.exe
  C:\Windows\System\CsuTxCZ.exe
  2⤵
  PID:4512
- C:\Windows\System\HZvahkW.exe
  C:\Windows\System\HZvahkW.exe
  2⤵
  PID:4532
- C:\Windows\System\CSirAxP.exe
  C:\Windows\System\CSirAxP.exe
  2⤵
  PID:4552
- C:\Windows\System\POznenI.exe
  C:\Windows\System\POznenI.exe
  2⤵
  PID:4568
- C:\Windows\System\sbsVvQH.exe
  C:\Windows\System\sbsVvQH.exe
  2⤵
  PID:4596
- C:\Windows\System\NzRdenv.exe
  C:\Windows\System\NzRdenv.exe
  2⤵
  PID:4612
- C:\Windows\System\vpYYAJi.exe
  C:\Windows\System\vpYYAJi.exe
  2⤵
  PID:4636
- C:\Windows\System\JLqcPMf.exe
  C:\Windows\System\JLqcPMf.exe
  2⤵
  PID:4656
- C:\Windows\System\UXdttLm.exe
  C:\Windows\System\UXdttLm.exe
  2⤵
  PID:4672
- C:\Windows\System\cvbRzXM.exe
  C:\Windows\System\cvbRzXM.exe
  2⤵
  PID:4692
- C:\Windows\System\QOoDlBo.exe
  C:\Windows\System\QOoDlBo.exe
  2⤵
  PID:4708
- C:\Windows\System\lAYpLgL.exe
  C:\Windows\System\lAYpLgL.exe
  2⤵
  PID:4728
- C:\Windows\System\OtlcbRL.exe
  C:\Windows\System\OtlcbRL.exe
  2⤵
  PID:4744
- C:\Windows\System\ihdDeIo.exe
  C:\Windows\System\ihdDeIo.exe
  2⤵
  PID:4764
- C:\Windows\System\rGqTRGt.exe
  C:\Windows\System\rGqTRGt.exe
  2⤵
  PID:4780
- C:\Windows\System\auwzAXy.exe
  C:\Windows\System\auwzAXy.exe
  2⤵
  PID:4796
- C:\Windows\System\KWUXRIl.exe
  C:\Windows\System\KWUXRIl.exe
  2⤵
  PID:4828
- C:\Windows\System\jVDYBlA.exe
  C:\Windows\System\jVDYBlA.exe
  2⤵
  PID:4844
- C:\Windows\System\cPPdCtl.exe
  C:\Windows\System\cPPdCtl.exe
  2⤵
  PID:4868
- C:\Windows\System\LxrRDKm.exe
  C:\Windows\System\LxrRDKm.exe
  2⤵
  PID:4888
- C:\Windows\System\PtPnRoF.exe
  C:\Windows\System\PtPnRoF.exe
  2⤵
  PID:4904
- C:\Windows\System\OVHtReL.exe
  C:\Windows\System\OVHtReL.exe
  2⤵
  PID:4920
- C:\Windows\System\ZoWYgbh.exe
  C:\Windows\System\ZoWYgbh.exe
  2⤵
  PID:4956
- C:\Windows\System\bpXsSZv.exe
  C:\Windows\System\bpXsSZv.exe
  2⤵
  PID:4976
- C:\Windows\System\EcSwGJr.exe
  C:\Windows\System\EcSwGJr.exe
  2⤵
  PID:5000
- C:\Windows\System\ZPARfVy.exe
  C:\Windows\System\ZPARfVy.exe
  2⤵
  PID:5016
- C:\Windows\System\ZCbNSjw.exe
  C:\Windows\System\ZCbNSjw.exe
  2⤵
  PID:5040
- C:\Windows\System\qJSJbZz.exe
  C:\Windows\System\qJSJbZz.exe
  2⤵
  PID:5056
- C:\Windows\System\YMltKqW.exe
  C:\Windows\System\YMltKqW.exe
  2⤵
  PID:5080
- C:\Windows\System\IJEsroj.exe
  C:\Windows\System\IJEsroj.exe
  2⤵
  PID:5096
- C:\Windows\System\VYxGbMe.exe
  C:\Windows\System\VYxGbMe.exe
  2⤵
  PID:5112
- C:\Windows\System\kkUoaBt.exe
  C:\Windows\System\kkUoaBt.exe
  2⤵
  PID:4100
- C:\Windows\System\FCABQbr.exe
  C:\Windows\System\FCABQbr.exe
  2⤵
  PID:4116
- C:\Windows\System\OCGgTZV.exe
  C:\Windows\System\OCGgTZV.exe
  2⤵
  PID:4148
- C:\Windows\System\tUEljzC.exe
  C:\Windows\System\tUEljzC.exe
  2⤵
  PID:4196
- C:\Windows\System\DYefQhj.exe
  C:\Windows\System\DYefQhj.exe
  2⤵
  PID:4220
- C:\Windows\System\SrFOquR.exe
  C:\Windows\System\SrFOquR.exe
  2⤵
  PID:4236
- C:\Windows\System\WOqZvmS.exe
  C:\Windows\System\WOqZvmS.exe
  2⤵
  PID:4240
- C:\Windows\System\bNWogjP.exe
  C:\Windows\System\bNWogjP.exe
  2⤵
  PID:4340
- C:\Windows\System\kKSobUf.exe
  C:\Windows\System\kKSobUf.exe
  2⤵
  PID:4360
- C:\Windows\System\RgFfCmX.exe
  C:\Windows\System\RgFfCmX.exe
  2⤵
  PID:4388
- C:\Windows\System\wJgiWgy.exe
  C:\Windows\System\wJgiWgy.exe
  2⤵
  PID:4424
- C:\Windows\System\tWzJKPF.exe
  C:\Windows\System\tWzJKPF.exe
  2⤵
  PID:4452
- C:\Windows\System\mZJvzbL.exe
  C:\Windows\System\mZJvzbL.exe
  2⤵
  PID:4472
- C:\Windows\System\alDhRzk.exe
  C:\Windows\System\alDhRzk.exe
  2⤵
  PID:4488
- C:\Windows\System\kwvHCkv.exe
  C:\Windows\System\kwvHCkv.exe
  2⤵
  PID:4576
- C:\Windows\System\unoBbPI.exe
  C:\Windows\System\unoBbPI.exe
  2⤵
  PID:4592
- C:\Windows\System\xUcRsWv.exe
  C:\Windows\System\xUcRsWv.exe
  2⤵
  PID:4624
- C:\Windows\System\JMEQqVM.exe
  C:\Windows\System\JMEQqVM.exe
  2⤵
  PID:4632
- C:\Windows\System\fejHhRa.exe
  C:\Windows\System\fejHhRa.exe
  2⤵
  PID:4704
- C:\Windows\System\QtKsDOj.exe
  C:\Windows\System\QtKsDOj.exe
  2⤵
  PID:4776
- C:\Windows\System\RTlxHXq.exe
  C:\Windows\System\RTlxHXq.exe
  2⤵
  PID:4684
- C:\Windows\System\GuNFeOX.exe
  C:\Windows\System\GuNFeOX.exe
  2⤵
  PID:4864
- C:\Windows\System\mTNqNmF.exe
  C:\Windows\System\mTNqNmF.exe
  2⤵
  PID:4792
- C:\Windows\System\BxrZBif.exe
  C:\Windows\System\BxrZBif.exe
  2⤵
  PID:4936
- C:\Windows\System\FsCxYdU.exe
  C:\Windows\System\FsCxYdU.exe
  2⤵
  PID:4884
- C:\Windows\System\zMBDtiZ.exe
  C:\Windows\System\zMBDtiZ.exe
  2⤵
  PID:4880
- C:\Windows\System\jbuFDcr.exe
  C:\Windows\System\jbuFDcr.exe
  2⤵
  PID:4984
- C:\Windows\System\zWTJlSA.exe
  C:\Windows\System\zWTJlSA.exe
  2⤵
  PID:4996
- C:\Windows\System\XxOEUZH.exe
  C:\Windows\System\XxOEUZH.exe
  2⤵
  PID:5052
- C:\Windows\System\getJvNp.exe
  C:\Windows\System\getJvNp.exe
  2⤵
  PID:5072
- C:\Windows\System\gyyCtyI.exe
  C:\Windows\System\gyyCtyI.exe
  2⤵
  PID:5108
- C:\Windows\System\HjfhrSL.exe
  C:\Windows\System\HjfhrSL.exe
  2⤵
  PID:4112
- C:\Windows\System\cenPjDH.exe
  C:\Windows\System\cenPjDH.exe
  2⤵
  PID:4140
- C:\Windows\System\KBkPwpx.exe
  C:\Windows\System\KBkPwpx.exe
  2⤵
  PID:4216
- C:\Windows\System\FUcNJlf.exe
  C:\Windows\System\FUcNJlf.exe
  2⤵
  PID:4260
- C:\Windows\System\SxgnMmn.exe
  C:\Windows\System\SxgnMmn.exe
  2⤵
  PID:4356
- C:\Windows\System\RuWOMZH.exe
  C:\Windows\System\RuWOMZH.exe
  2⤵
  PID:4372
- C:\Windows\System\GunkRpn.exe
  C:\Windows\System\GunkRpn.exe
  2⤵
  PID:4440
- C:\Windows\System\KLmNgJE.exe
  C:\Windows\System\KLmNgJE.exe
  2⤵
  PID:4520
- C:\Windows\System\THRwdxU.exe
  C:\Windows\System\THRwdxU.exe
  2⤵
  PID:4464
- C:\Windows\System\rBaSUDo.exe
  C:\Windows\System\rBaSUDo.exe
  2⤵
  PID:4548
- C:\Windows\System\XIFtvhn.exe
  C:\Windows\System\XIFtvhn.exe
  2⤵
  PID:4628
- C:\Windows\System\xAZySGM.exe
  C:\Windows\System\xAZySGM.exe
  2⤵
  PID:4604
- C:\Windows\System\fiPvReL.exe
  C:\Windows\System\fiPvReL.exe
  2⤵
  PID:4720
- C:\Windows\System\nRyGgLw.exe
  C:\Windows\System\nRyGgLw.exe
  2⤵
  PID:4860
- C:\Windows\System\aCsgwwx.exe
  C:\Windows\System\aCsgwwx.exe
  2⤵
  PID:4928
- C:\Windows\System\HWGkglP.exe
  C:\Windows\System\HWGkglP.exe
  2⤵
  PID:4876
- C:\Windows\System\sSZvETv.exe
  C:\Windows\System\sSZvETv.exe
  2⤵
  PID:4824
- C:\Windows\System\rkKdMuW.exe
  C:\Windows\System\rkKdMuW.exe
  2⤵
  PID:4992
- C:\Windows\System\OWxQNxR.exe
  C:\Windows\System\OWxQNxR.exe
  2⤵
  PID:5076
- C:\Windows\System\OdADquS.exe
  C:\Windows\System\OdADquS.exe
  2⤵
  PID:5028
- C:\Windows\System\wPdxQKy.exe
  C:\Windows\System\wPdxQKy.exe
  2⤵
  PID:4176
- C:\Windows\System\abupmdR.exe
  C:\Windows\System\abupmdR.exe
  2⤵
  PID:4324
- C:\Windows\System\VgOwUkp.exe
  C:\Windows\System\VgOwUkp.exe
  2⤵
  PID:4384
- C:\Windows\System\nQHdgEM.exe
  C:\Windows\System\nQHdgEM.exe
  2⤵
  PID:4528
- C:\Windows\System\kzWYJLW.exe
  C:\Windows\System\kzWYJLW.exe
  2⤵
  PID:4652
- C:\Windows\System\gyiXFKO.exe
  C:\Windows\System\gyiXFKO.exe
  2⤵
  PID:4680
- C:\Windows\System\cBPuDVp.exe
  C:\Windows\System\cBPuDVp.exe
  2⤵
  PID:4808
- C:\Windows\System\AejeshE.exe
  C:\Windows\System\AejeshE.exe
  2⤵
  PID:4916
- C:\Windows\System\kWlHHrj.exe
  C:\Windows\System\kWlHHrj.exe
  2⤵
  PID:5036
- C:\Windows\System\rEnmBBG.exe
  C:\Windows\System\rEnmBBG.exe
  2⤵
  PID:3480
- C:\Windows\System\tTDNsld.exe
  C:\Windows\System\tTDNsld.exe
  2⤵
  PID:4932
- C:\Windows\System\aharHnn.exe
  C:\Windows\System\aharHnn.exe
  2⤵
  PID:5104
- C:\Windows\System\thChqFm.exe
  C:\Windows\System\thChqFm.exe
  2⤵
  PID:4952
- C:\Windows\System\kZnSAtn.exe
  C:\Windows\System\kZnSAtn.exe
  2⤵
  PID:4564
- C:\Windows\System\fbPhLzm.exe
  C:\Windows\System\fbPhLzm.exe
  2⤵
  PID:4620
- C:\Windows\System\UyNsTEC.exe
  C:\Windows\System\UyNsTEC.exe
  2⤵
  PID:5012
- C:\Windows\System\QcMJLRl.exe
  C:\Windows\System\QcMJLRl.exe
  2⤵
  PID:4836
- C:\Windows\System\pPKGmDU.exe
  C:\Windows\System\pPKGmDU.exe
  2⤵
  PID:4128
- C:\Windows\System\yogEcan.exe
  C:\Windows\System\yogEcan.exe
  2⤵
  PID:4256
- C:\Windows\System\uBRZBMK.exe
  C:\Windows\System\uBRZBMK.exe
  2⤵
  PID:4588
- C:\Windows\System\jczizRZ.exe
  C:\Windows\System\jczizRZ.exe
  2⤵
  PID:5136
- C:\Windows\System\lYJrwUT.exe
  C:\Windows\System\lYJrwUT.exe
  2⤵
  PID:5152
- C:\Windows\System\VrJVuiU.exe
  C:\Windows\System\VrJVuiU.exe
  2⤵
  PID:5172
- C:\Windows\System\TFeGTro.exe
  C:\Windows\System\TFeGTro.exe
  2⤵
  PID:5188
- C:\Windows\System\eYbkBsG.exe
  C:\Windows\System\eYbkBsG.exe
  2⤵
  PID:5208
- C:\Windows\System\BfeneJw.exe
  C:\Windows\System\BfeneJw.exe
  2⤵
  PID:5236
- C:\Windows\System\ZvczTMF.exe
  C:\Windows\System\ZvczTMF.exe
  2⤵
  PID:5252
- C:\Windows\System\yOPKDbX.exe
  C:\Windows\System\yOPKDbX.exe
  2⤵
  PID:5268
- C:\Windows\System\mihReZJ.exe
  C:\Windows\System\mihReZJ.exe
  2⤵
  PID:5288
- C:\Windows\System\dBmijMU.exe
  C:\Windows\System\dBmijMU.exe
  2⤵
  PID:5304
- C:\Windows\System\IQPFKyj.exe
  C:\Windows\System\IQPFKyj.exe
  2⤵
  PID:5324
- C:\Windows\System\eGvLaoA.exe
  C:\Windows\System\eGvLaoA.exe
  2⤵
  PID:5364
- C:\Windows\System\QubExEA.exe
  C:\Windows\System\QubExEA.exe
  2⤵
  PID:5380
- C:\Windows\System\bxJRlDv.exe
  C:\Windows\System\bxJRlDv.exe
  2⤵
  PID:5396
- C:\Windows\System\ZDjmIlo.exe
  C:\Windows\System\ZDjmIlo.exe
  2⤵
  PID:5424
- C:\Windows\System\StDfktB.exe
  C:\Windows\System\StDfktB.exe
  2⤵
  PID:5448
- C:\Windows\System\RqLPIRg.exe
  C:\Windows\System\RqLPIRg.exe
  2⤵
  PID:5476
- C:\Windows\System\GOLixTa.exe
  C:\Windows\System\GOLixTa.exe
  2⤵
  PID:5508
- C:\Windows\System\sCRfrMH.exe
  C:\Windows\System\sCRfrMH.exe
  2⤵
  PID:5536
- C:\Windows\System\QxqdjsP.exe
  C:\Windows\System\QxqdjsP.exe
  2⤵
  PID:5564
- C:\Windows\System\zZVSoNh.exe
  C:\Windows\System\zZVSoNh.exe
  2⤵
  PID:5580
- C:\Windows\System\uxengvH.exe
  C:\Windows\System\uxengvH.exe
  2⤵
  PID:5596
- C:\Windows\System\QmjmqCO.exe
  C:\Windows\System\QmjmqCO.exe
  2⤵
  PID:5620
- C:\Windows\System\DEzwPbl.exe
  C:\Windows\System\DEzwPbl.exe
  2⤵
  PID:5640
- C:\Windows\System\NfpfmDK.exe
  C:\Windows\System\NfpfmDK.exe
  2⤵
  PID:5660
- C:\Windows\System\tBjtkua.exe
  C:\Windows\System\tBjtkua.exe
  2⤵
  PID:5680
- C:\Windows\System\nOgbiey.exe
  C:\Windows\System\nOgbiey.exe
  2⤵
  PID:5700
- C:\Windows\System\WoKqWeX.exe
  C:\Windows\System\WoKqWeX.exe
  2⤵
  PID:5716
- C:\Windows\System\EheMJSu.exe
  C:\Windows\System\EheMJSu.exe
  2⤵
  PID:5732
- C:\Windows\System\aoYItsq.exe
  C:\Windows\System\aoYItsq.exe
  2⤵
  PID:5752
- C:\Windows\System\cNXZBdy.exe
  C:\Windows\System\cNXZBdy.exe
  2⤵
  PID:5776
- C:\Windows\System\daGBqXa.exe
  C:\Windows\System\daGBqXa.exe
  2⤵
  PID:5800
- C:\Windows\System\MYNxWLz.exe
  C:\Windows\System\MYNxWLz.exe
  2⤵
  PID:5816
- C:\Windows\System\wsTmphv.exe
  C:\Windows\System\wsTmphv.exe
  2⤵
  PID:5836
- C:\Windows\System\jMUFtkJ.exe
  C:\Windows\System\jMUFtkJ.exe
  2⤵
  PID:5856
- C:\Windows\System\JjERSgn.exe
  C:\Windows\System\JjERSgn.exe
  2⤵
  PID:5884
- C:\Windows\System\qrClGGy.exe
  C:\Windows\System\qrClGGy.exe
  2⤵
  PID:5908
- C:\Windows\System\zVfQZQg.exe
  C:\Windows\System\zVfQZQg.exe
  2⤵
  PID:5924
- C:\Windows\System\xsLjGul.exe
  C:\Windows\System\xsLjGul.exe
  2⤵
  PID:5940
- C:\Windows\System\uNxtCbz.exe
  C:\Windows\System\uNxtCbz.exe
  2⤵
  PID:5960
- C:\Windows\System\LVfLYel.exe
  C:\Windows\System\LVfLYel.exe
  2⤵
  PID:5976
- C:\Windows\System\hEcoKwt.exe
  C:\Windows\System\hEcoKwt.exe
  2⤵
  PID:5996
- C:\Windows\System\oCVVcGm.exe
  C:\Windows\System\oCVVcGm.exe
  2⤵
  PID:6024
- C:\Windows\System\MyCMNKr.exe
  C:\Windows\System\MyCMNKr.exe
  2⤵
  PID:6040
- C:\Windows\System\gBvqGFR.exe
  C:\Windows\System\gBvqGFR.exe
  2⤵
  PID:6060
- C:\Windows\System\nUftsKM.exe
  C:\Windows\System\nUftsKM.exe
  2⤵
  PID:6080
- C:\Windows\System\nkJjVfI.exe
  C:\Windows\System\nkJjVfI.exe
  2⤵
  PID:6100
- C:\Windows\System\HeHGqMm.exe
  C:\Windows\System\HeHGqMm.exe
  2⤵
  PID:6120
- C:\Windows\System\gKNdSRo.exe
  C:\Windows\System\gKNdSRo.exe
  2⤵
  PID:6136
- C:\Windows\System\xYlBiOk.exe
  C:\Windows\System\xYlBiOk.exe
  2⤵
  PID:4304
- C:\Windows\System\WcmYmig.exe
  C:\Windows\System\WcmYmig.exe
  2⤵
  PID:5160
- C:\Windows\System\yrfqvgI.exe
  C:\Windows\System\yrfqvgI.exe
  2⤵
  PID:5204
- C:\Windows\System\mTwzNRq.exe
  C:\Windows\System\mTwzNRq.exe
  2⤵
  PID:5244
- C:\Windows\System\WSGMCFq.exe
  C:\Windows\System\WSGMCFq.exe
  2⤵
  PID:5008
- C:\Windows\System\hKLMPzO.exe
  C:\Windows\System\hKLMPzO.exe
  2⤵
  PID:5148
- C:\Windows\System\noKDzLc.exe
  C:\Windows\System\noKDzLc.exe
  2⤵
  PID:5232
- C:\Windows\System\PpFAIfT.exe
  C:\Windows\System\PpFAIfT.exe
  2⤵
  PID:5312
- C:\Windows\System\frjrpID.exe
  C:\Windows\System\frjrpID.exe
  2⤵
  PID:5348
- C:\Windows\System\PXgdipt.exe
  C:\Windows\System\PXgdipt.exe
  2⤵
  PID:4584
- C:\Windows\System\hqyLtqR.exe
  C:\Windows\System\hqyLtqR.exe
  2⤵
  PID:5340
- C:\Windows\System\Dopkanf.exe
  C:\Windows\System\Dopkanf.exe
  2⤵
  PID:5460
- C:\Windows\System\EFdhbvW.exe
  C:\Windows\System\EFdhbvW.exe
  2⤵
  PID:5440
- C:\Windows\System\hGpLDBD.exe
  C:\Windows\System\hGpLDBD.exe
  2⤵
  PID:5524
- C:\Windows\System\IMOBqna.exe
  C:\Windows\System\IMOBqna.exe
  2⤵
  PID:5520
- C:\Windows\System\RGKFeBE.exe
  C:\Windows\System\RGKFeBE.exe
  2⤵
  PID:5224
- C:\Windows\System\XcZAfAi.exe
  C:\Windows\System\XcZAfAi.exe
  2⤵
  PID:5492
- C:\Windows\System\uMjnlYi.exe
  C:\Windows\System\uMjnlYi.exe
  2⤵
  PID:5608
- C:\Windows\System\NumoHtc.exe
  C:\Windows\System\NumoHtc.exe
  2⤵
  PID:5636
- C:\Windows\System\usmNNjK.exe
  C:\Windows\System\usmNNjK.exe
  2⤵
  PID:5672
- C:\Windows\System\aluSVUp.exe
  C:\Windows\System\aluSVUp.exe
  2⤵
  PID:5712
- C:\Windows\System\peiKybF.exe
  C:\Windows\System\peiKybF.exe
  2⤵
  PID:5744
- C:\Windows\System\yHOiiHP.exe
  C:\Windows\System\yHOiiHP.exe
  2⤵
  PID:5792
- C:\Windows\System\cVjcxUR.exe
  C:\Windows\System\cVjcxUR.exe
  2⤵
  PID:5844
- C:\Windows\System\wvFBIqs.exe
  C:\Windows\System\wvFBIqs.exe
  2⤵
  PID:5548
- C:\Windows\System\MfoCZFe.exe
  C:\Windows\System\MfoCZFe.exe
  2⤵
  PID:5900
- C:\Windows\System\EAfJpGM.exe
  C:\Windows\System\EAfJpGM.exe
  2⤵
  PID:5968
- C:\Windows\System\bEXGNRm.exe
  C:\Windows\System\bEXGNRm.exe
  2⤵
  PID:6020
- C:\Windows\System\uWgAvkx.exe
  C:\Windows\System\uWgAvkx.exe
  2⤵
  PID:5956
- C:\Windows\System\BmDIXsw.exe
  C:\Windows\System\BmDIXsw.exe
  2⤵
  PID:6088
- C:\Windows\System\YnsYmqZ.exe
  C:\Windows\System\YnsYmqZ.exe
  2⤵
  PID:5992
- C:\Windows\System\CuJWjtW.exe
  C:\Windows\System\CuJWjtW.exe
  2⤵
  PID:4668
- C:\Windows\System\eYBIHlv.exe
  C:\Windows\System\eYBIHlv.exe
  2⤵
  PID:3832
- C:\Windows\System\yfkYNAW.exe
  C:\Windows\System\yfkYNAW.exe
  2⤵
  PID:6128
- C:\Windows\System\coycVmV.exe
  C:\Windows\System\coycVmV.exe
  2⤵
  PID:5132
- C:\Windows\System\YsohNbB.exe
  C:\Windows\System\YsohNbB.exe
  2⤵
  PID:5280
- C:\Windows\System\qREXCCz.exe
  C:\Windows\System\qREXCCz.exe
  2⤵
  PID:4328
- C:\Windows\System\syoGKtf.exe
  C:\Windows\System\syoGKtf.exe
  2⤵
  PID:5220
- C:\Windows\System\ocyJhiy.exe
  C:\Windows\System\ocyJhiy.exe
  2⤵
  PID:5404
- C:\Windows\System\CaaSged.exe
  C:\Windows\System\CaaSged.exe
  2⤵
  PID:5456
- C:\Windows\System\myzknJQ.exe
  C:\Windows\System\myzknJQ.exe
  2⤵
  PID:5436
- C:\Windows\System\aKrfhbQ.exe
  C:\Windows\System\aKrfhbQ.exe
  2⤵
  PID:5552
- C:\Windows\System\PNdGEGG.exe
  C:\Windows\System\PNdGEGG.exe
  2⤵
  PID:5576
- C:\Windows\System\bCBwolb.exe
  C:\Windows\System\bCBwolb.exe
  2⤵
  PID:972
- C:\Windows\System\QOQHGla.exe
  C:\Windows\System\QOQHGla.exe
  2⤵
  PID:5616
- C:\Windows\System\RaQMzkX.exe
  C:\Windows\System\RaQMzkX.exe
  2⤵
  PID:5652
- C:\Windows\System\lshhjLp.exe
  C:\Windows\System\lshhjLp.exe
  2⤵
  PID:5728
- C:\Windows\System\vocxTVO.exe
  C:\Windows\System\vocxTVO.exe
  2⤵
  PID:5784
- C:\Windows\System\lUlYlKs.exe
  C:\Windows\System\lUlYlKs.exe
  2⤵
  PID:5864
- C:\Windows\System\JnRyLoL.exe
  C:\Windows\System\JnRyLoL.exe
  2⤵
  PID:5892
- C:\Windows\System\BqfGwFB.exe
  C:\Windows\System\BqfGwFB.exe
  2⤵
  PID:5920
- C:\Windows\System\ABDsZdr.exe
  C:\Windows\System\ABDsZdr.exe
  2⤵
  PID:6016
- C:\Windows\System\AMWNSxu.exe
  C:\Windows\System\AMWNSxu.exe
  2⤵
  PID:6052
- C:\Windows\System\MIzkaPs.exe
  C:\Windows\System\MIzkaPs.exe
  2⤵
  PID:6096
- C:\Windows\System\ufvnLuf.exe
  C:\Windows\System\ufvnLuf.exe
  2⤵
  PID:5196
- C:\Windows\System\kbPuzWc.exe
  C:\Windows\System\kbPuzWc.exe
  2⤵
  PID:5276
- C:\Windows\System\uRPSJKS.exe
  C:\Windows\System\uRPSJKS.exe
  2⤵
  PID:5216
- C:\Windows\System\DMYiQpo.exe
  C:\Windows\System\DMYiQpo.exe
  2⤵
  PID:5128
- C:\Windows\System\NkhzpSm.exe
  C:\Windows\System\NkhzpSm.exe
  2⤵
  PID:5336
- C:\Windows\System\LDudLEz.exe
  C:\Windows\System\LDudLEz.exe
  2⤵
  PID:5416
- C:\Windows\System\pxvgaAU.exe
  C:\Windows\System\pxvgaAU.exe
  2⤵
  PID:5532
- C:\Windows\System\IVxlnxZ.exe
  C:\Windows\System\IVxlnxZ.exe
  2⤵
  PID:2488
- C:\Windows\System\HDposlx.exe
  C:\Windows\System\HDposlx.exe
  2⤵
  PID:5692
- C:\Windows\System\XYKtroi.exe
  C:\Windows\System\XYKtroi.exe
  2⤵
  PID:5812
- C:\Windows\System\pfxgxFg.exe
  C:\Windows\System\pfxgxFg.exe
  2⤵
  PID:5852
- C:\Windows\System\VzkSqFX.exe
  C:\Windows\System\VzkSqFX.exe
  2⤵
  PID:6008
- C:\Windows\System\AIgDvqc.exe
  C:\Windows\System\AIgDvqc.exe
  2⤵
  PID:5988
- C:\Windows\System\spvxkPW.exe
  C:\Windows\System\spvxkPW.exe
  2⤵
  PID:4160
- C:\Windows\System\XYkNSDG.exe
  C:\Windows\System\XYkNSDG.exe
  2⤵
  PID:5488
- C:\Windows\System\NfTAIwB.exe
  C:\Windows\System\NfTAIwB.exe
  2⤵
  PID:5284
- C:\Windows\System\kmlmGIK.exe
  C:\Windows\System\kmlmGIK.exe
  2⤵
  PID:5572
- C:\Windows\System\CDnjpWc.exe
  C:\Windows\System\CDnjpWc.exe
  2⤵
  PID:5876
- C:\Windows\System\iOnZKem.exe
  C:\Windows\System\iOnZKem.exe
  2⤵
  PID:4508
- C:\Windows\System\FPQBwHF.exe
  C:\Windows\System\FPQBwHF.exe
  2⤵
  PID:5356
- C:\Windows\System\lfHMQQX.exe
  C:\Windows\System\lfHMQQX.exe
  2⤵
  PID:6112
- C:\Windows\System\VGWpunE.exe
  C:\Windows\System\VGWpunE.exe
  2⤵
  PID:5432
- C:\Windows\System\NvTEAwQ.exe
  C:\Windows\System\NvTEAwQ.exe
  2⤵
  PID:932
- C:\Windows\System\MtRFfcW.exe
  C:\Windows\System\MtRFfcW.exe
  2⤵
  PID:5772
- C:\Windows\System\XuydDjT.exe
  C:\Windows\System\XuydDjT.exe
  2⤵
  PID:5896
- C:\Windows\System\hwMPRiY.exe
  C:\Windows\System\hwMPRiY.exe
  2⤵
  PID:5184
- C:\Windows\System\Ykhfzrj.exe
  C:\Windows\System\Ykhfzrj.exe
  2⤵
  PID:5504
- C:\Windows\System\UtflFSN.exe
  C:\Windows\System\UtflFSN.exe
  2⤵
  PID:6152
- C:\Windows\System\PUJAYtX.exe
  C:\Windows\System\PUJAYtX.exe
  2⤵
  PID:6172
- C:\Windows\System\aUzkHKM.exe
  C:\Windows\System\aUzkHKM.exe
  2⤵
  PID:6192
- C:\Windows\System\QKViYwa.exe
  C:\Windows\System\QKViYwa.exe
  2⤵
  PID:6216
- C:\Windows\System\DCIsCar.exe
  C:\Windows\System\DCIsCar.exe
  2⤵
  PID:6240
- C:\Windows\System\XfQlyJf.exe
  C:\Windows\System\XfQlyJf.exe
  2⤵
  PID:6256
- C:\Windows\System\kipQogb.exe
  C:\Windows\System\kipQogb.exe
  2⤵
  PID:6272
- C:\Windows\System\SKoCqbr.exe
  C:\Windows\System\SKoCqbr.exe
  2⤵
  PID:6300
- C:\Windows\System\PxMnQUC.exe
  C:\Windows\System\PxMnQUC.exe
  2⤵
  PID:6316
- C:\Windows\System\BrYxWri.exe
  C:\Windows\System\BrYxWri.exe
  2⤵
  PID:6336
- C:\Windows\System\yvhuOyo.exe
  C:\Windows\System\yvhuOyo.exe
  2⤵
  PID:6360
- C:\Windows\System\LiVYhTT.exe
  C:\Windows\System\LiVYhTT.exe
  2⤵
  PID:6376
- C:\Windows\System\cBrRkdq.exe
  C:\Windows\System\cBrRkdq.exe
  2⤵
  PID:6396
- C:\Windows\System\cTrJEzS.exe
  C:\Windows\System\cTrJEzS.exe
  2⤵
  PID:6412
- C:\Windows\System\daNoFal.exe
  C:\Windows\System\daNoFal.exe
  2⤵
  PID:6440
- C:\Windows\System\KkjlyxL.exe
  C:\Windows\System\KkjlyxL.exe
  2⤵
  PID:6456
- C:\Windows\System\esawSpy.exe
  C:\Windows\System\esawSpy.exe
  2⤵
  PID:6472
- C:\Windows\System\YgvNwcp.exe
  C:\Windows\System\YgvNwcp.exe
  2⤵
  PID:6492
- C:\Windows\System\LNMLLpL.exe
  C:\Windows\System\LNMLLpL.exe
  2⤵
  PID:6516
- C:\Windows\System\nXOTpLU.exe
  C:\Windows\System\nXOTpLU.exe
  2⤵
  PID:6536
- C:\Windows\System\MXnTAEu.exe
  C:\Windows\System\MXnTAEu.exe
  2⤵
  PID:6552
- C:\Windows\System\zwwKaaw.exe
  C:\Windows\System\zwwKaaw.exe
  2⤵
  PID:6580
- C:\Windows\System\sVtVhZk.exe
  C:\Windows\System\sVtVhZk.exe
  2⤵
  PID:6600
- C:\Windows\System\jXHufbc.exe
  C:\Windows\System\jXHufbc.exe
  2⤵
  PID:6616
- C:\Windows\System\zNYfryK.exe
  C:\Windows\System\zNYfryK.exe
  2⤵
  PID:6640
- C:\Windows\System\DrQwNkP.exe
  C:\Windows\System\DrQwNkP.exe
  2⤵
  PID:6660
- C:\Windows\System\ZAUGJrL.exe
  C:\Windows\System\ZAUGJrL.exe
  2⤵
  PID:6676
- C:\Windows\System\LTHqHuT.exe
  C:\Windows\System\LTHqHuT.exe
  2⤵
  PID:6700
- C:\Windows\System\KAFZDuH.exe
  C:\Windows\System\KAFZDuH.exe
  2⤵
  PID:6716
- C:\Windows\System\DWiNMEY.exe
  C:\Windows\System\DWiNMEY.exe
  2⤵
  PID:6744
- C:\Windows\System\XTZaXhC.exe
  C:\Windows\System\XTZaXhC.exe
  2⤵
  PID:6764
- C:\Windows\System\CdcsWKN.exe
  C:\Windows\System\CdcsWKN.exe
  2⤵
  PID:6780
- C:\Windows\System\chJGUFu.exe
  C:\Windows\System\chJGUFu.exe
  2⤵
  PID:6800
- C:\Windows\System\ZSnRUFN.exe
  C:\Windows\System\ZSnRUFN.exe
  2⤵
  PID:6816
- C:\Windows\System\lIoSCrG.exe
  C:\Windows\System\lIoSCrG.exe
  2⤵
  PID:6836
- C:\Windows\System\rPATfoT.exe
  C:\Windows\System\rPATfoT.exe
  2⤵
  PID:6860
- C:\Windows\System\Ptcvzfm.exe
  C:\Windows\System\Ptcvzfm.exe
  2⤵
  PID:6884
- C:\Windows\System\QRwIVeA.exe
  C:\Windows\System\QRwIVeA.exe
  2⤵
  PID:6900
- C:\Windows\System\LcGGBDU.exe
  C:\Windows\System\LcGGBDU.exe
  2⤵
  PID:6920
- C:\Windows\System\uHzDyia.exe
  C:\Windows\System\uHzDyia.exe
  2⤵
  PID:6936
- C:\Windows\System\oCNDaRu.exe
  C:\Windows\System\oCNDaRu.exe
  2⤵
  PID:6964
- C:\Windows\System\rEUIWkk.exe
  C:\Windows\System\rEUIWkk.exe
  2⤵
  PID:6980
- C:\Windows\System\ynuKZOE.exe
  C:\Windows\System\ynuKZOE.exe
  2⤵
  PID:7000
- C:\Windows\System\RtRgQCR.exe
  C:\Windows\System\RtRgQCR.exe
  2⤵
  PID:7024
- C:\Windows\System\hzNQvFo.exe
  C:\Windows\System\hzNQvFo.exe
  2⤵
  PID:7040
- C:\Windows\System\mIepSLI.exe
  C:\Windows\System\mIepSLI.exe
  2⤵
  PID:7056
- C:\Windows\System\OQyirca.exe
  C:\Windows\System\OQyirca.exe
  2⤵
  PID:7076
- C:\Windows\System\FDuKCXb.exe
  C:\Windows\System\FDuKCXb.exe
  2⤵
  PID:7104
- C:\Windows\System\yRZZVUf.exe
  C:\Windows\System\yRZZVUf.exe
  2⤵
  PID:7120
- C:\Windows\System\aHNDdLS.exe
  C:\Windows\System\aHNDdLS.exe
  2⤵
  PID:7140
- C:\Windows\System\qRHahUW.exe
  C:\Windows\System\qRHahUW.exe
  2⤵
  PID:7160
- C:\Windows\System\yctDiKf.exe
  C:\Windows\System\yctDiKf.exe
  2⤵
  PID:6180
- C:\Windows\System\EJkjLET.exe
  C:\Windows\System\EJkjLET.exe
  2⤵
  PID:6164
- C:\Windows\System\EHaSJDg.exe
  C:\Windows\System\EHaSJDg.exe
  2⤵
  PID:4820
- C:\Windows\System\bhbuHny.exe
  C:\Windows\System\bhbuHny.exe
  2⤵
  PID:6200
- C:\Windows\System\ceASGfv.exe
  C:\Windows\System\ceASGfv.exe
  2⤵
  PID:6116
- C:\Windows\System\oZzJdWu.exe
  C:\Windows\System\oZzJdWu.exe
  2⤵
  PID:6252
- C:\Windows\System\WiMTxcL.exe
  C:\Windows\System\WiMTxcL.exe
  2⤵
  PID:6248
- C:\Windows\System\DNMIjHA.exe
  C:\Windows\System\DNMIjHA.exe
  2⤵
  PID:6328
- C:\Windows\System\LzXfADf.exe
  C:\Windows\System\LzXfADf.exe
  2⤵
  PID:6368
- C:\Windows\System\HRvRFKL.exe
  C:\Windows\System\HRvRFKL.exe
  2⤵
  PID:6420
- C:\Windows\System\AfsqcAo.exe
  C:\Windows\System\AfsqcAo.exe
  2⤵
  PID:6404
- C:\Windows\System\moZWPgo.exe
  C:\Windows\System\moZWPgo.exe
  2⤵
  PID:6464
- C:\Windows\System\kCGMlBm.exe
  C:\Windows\System\kCGMlBm.exe
  2⤵
  PID:6508
- C:\Windows\System\FUXEomA.exe
  C:\Windows\System\FUXEomA.exe
  2⤵
  PID:6560
- C:\Windows\System\YHqWexY.exe
  C:\Windows\System\YHqWexY.exe
  2⤵
  PID:6572
- C:\Windows\System\WiMASkR.exe
  C:\Windows\System\WiMASkR.exe
  2⤵
  PID:6628
- C:\Windows\System\HyeGCNN.exe
  C:\Windows\System\HyeGCNN.exe
  2⤵
  PID:6648
- C:\Windows\System\ijToBsM.exe
  C:\Windows\System\ijToBsM.exe
  2⤵
  PID:6708
- C:\Windows\System\SSQVIcZ.exe
  C:\Windows\System\SSQVIcZ.exe
  2⤵
  PID:6656
- C:\Windows\System\ZHVoSWt.exe
  C:\Windows\System\ZHVoSWt.exe
  2⤵
  PID:6740
- C:\Windows\System\JrAVSrc.exe
  C:\Windows\System\JrAVSrc.exe
  2⤵
  PID:6776
- C:\Windows\System\ibGhbln.exe
  C:\Windows\System\ibGhbln.exe
  2⤵
  PID:6824
- C:\Windows\System\WDKotnD.exe
  C:\Windows\System\WDKotnD.exe
  2⤵
  PID:6148
- C:\Windows\System\NLLBxtE.exe
  C:\Windows\System\NLLBxtE.exe
  2⤵
  PID:6848
- C:\Windows\System\qBFoeei.exe
  C:\Windows\System\qBFoeei.exe
  2⤵
  PID:6916
- C:\Windows\System\aWbzHmD.exe
  C:\Windows\System\aWbzHmD.exe
  2⤵
  PID:6928
- C:\Windows\System\RvluWqM.exe
  C:\Windows\System\RvluWqM.exe
  2⤵
  PID:6988
- C:\Windows\System\GMBbzco.exe
  C:\Windows\System\GMBbzco.exe
  2⤵
  PID:6996
- C:\Windows\System\FpaMzFV.exe
  C:\Windows\System\FpaMzFV.exe
  2⤵
  PID:7048
- C:\Windows\System\AbNNvPT.exe
  C:\Windows\System\AbNNvPT.exe
  2⤵
  PID:7092
- C:\Windows\System\vxJjJoB.exe
  C:\Windows\System\vxJjJoB.exe
  2⤵
  PID:7116
- C:\Windows\System\TvwizWr.exe
  C:\Windows\System\TvwizWr.exe
  2⤵
  PID:7128
- C:\Windows\System\yFmCfUl.exe
  C:\Windows\System\yFmCfUl.exe
  2⤵
  PID:6636
- C:\Windows\System\fOaXANb.exe
  C:\Windows\System\fOaXANb.exe
  2⤵
  PID:5904
- C:\Windows\System\PvhcTTe.exe
  C:\Windows\System\PvhcTTe.exe
  2⤵
  PID:6228
- C:\Windows\System\wmbQPSp.exe
  C:\Windows\System\wmbQPSp.exe
  2⤵
  PID:6212
- C:\Windows\System\bicaScr.exe
  C:\Windows\System\bicaScr.exe
  2⤵
  PID:6292
- C:\Windows\System\VDgnYuZ.exe
  C:\Windows\System\VDgnYuZ.exe
  2⤵
  PID:6356
- C:\Windows\System\EKIgfGH.exe
  C:\Windows\System\EKIgfGH.exe
  2⤵
  PID:6392
- C:\Windows\System\DgsCIMS.exe
  C:\Windows\System\DgsCIMS.exe
  2⤵
  PID:6504
- C:\Windows\System\UDotPNQ.exe
  C:\Windows\System\UDotPNQ.exe
  2⤵
  PID:6432
- C:\Windows\System\zXbcsfS.exe
  C:\Windows\System\zXbcsfS.exe
  2⤵
  PID:6532
- C:\Windows\System\jiZOsVA.exe
  C:\Windows\System\jiZOsVA.exe
  2⤵
  PID:6588
- C:\Windows\System\NBFrndq.exe
  C:\Windows\System\NBFrndq.exe
  2⤵
  PID:6612
- C:\Windows\System\vvvSIuU.exe
  C:\Windows\System\vvvSIuU.exe
  2⤵
  PID:6692
- C:\Windows\System\JigjwEi.exe
  C:\Windows\System\JigjwEi.exe
  2⤵
  PID:6832
- C:\Windows\System\sQcPhlM.exe
  C:\Windows\System\sQcPhlM.exe
  2⤵
  PID:6868
- C:\Windows\System\vxlSsFV.exe
  C:\Windows\System\vxlSsFV.exe
  2⤵
  PID:6912
- C:\Windows\System\kVAVSLe.exe
  C:\Windows\System\kVAVSLe.exe
  2⤵
  PID:6892
- C:\Windows\System\hixsOfy.exe
  C:\Windows\System\hixsOfy.exe
  2⤵
  PID:7084
- C:\Windows\System\kibuJry.exe
  C:\Windows\System\kibuJry.exe
  2⤵
  PID:7112
- C:\Windows\System\TIvnbpB.exe
  C:\Windows\System\TIvnbpB.exe
  2⤵
  PID:7064
- C:\Windows\System\qisxpGl.exe
  C:\Windows\System\qisxpGl.exe
  2⤵
  PID:5604
- C:\Windows\System\KfEMtjl.exe
  C:\Windows\System\KfEMtjl.exe
  2⤵
  PID:5872
- C:\Windows\System\YEFkamI.exe
  C:\Windows\System\YEFkamI.exe
  2⤵
  PID:5656
- C:\Windows\System\BnOeRDX.exe
  C:\Windows\System\BnOeRDX.exe
  2⤵
  PID:6296
- C:\Windows\System\HbfxpiK.exe
  C:\Windows\System\HbfxpiK.exe
  2⤵
  PID:6468
- C:\Windows\System\FuyCQmH.exe
  C:\Windows\System\FuyCQmH.exe
  2⤵
  PID:6344
- C:\Windows\System\KPBKoSg.exe
  C:\Windows\System\KPBKoSg.exe
  2⤵
  PID:6752
- C:\Windows\System\QYlzDYx.exe
  C:\Windows\System\QYlzDYx.exe
  2⤵
  PID:6876
- C:\Windows\System\EBniYsp.exe
  C:\Windows\System\EBniYsp.exe
  2⤵
  PID:6524
- C:\Windows\System\UOADnVQ.exe
  C:\Windows\System\UOADnVQ.exe
  2⤵
  PID:6880
- C:\Windows\System\DbfhlTO.exe
  C:\Windows\System\DbfhlTO.exe
  2⤵
  PID:6952
- C:\Windows\System\rhwUEJf.exe
  C:\Windows\System\rhwUEJf.exe
  2⤵
  PID:5764
- C:\Windows\System\uXgxKSx.exe
  C:\Windows\System\uXgxKSx.exe
  2⤵
  PID:6188
- C:\Windows\System\cQtzrvk.exe
  C:\Windows\System\cQtzrvk.exe
  2⤵
  PID:7132
- C:\Windows\System\doylQaj.exe
  C:\Windows\System\doylQaj.exe
  2⤵
  PID:6348
- C:\Windows\System\prmtMsM.exe
  C:\Windows\System\prmtMsM.exe
  2⤵
  PID:6792
- C:\Windows\System\mPxNjwQ.exe
  C:\Windows\System\mPxNjwQ.exe
  2⤵
  PID:6684
- C:\Windows\System\BTlpbXP.exe
  C:\Windows\System\BTlpbXP.exe
  2⤵
  PID:7012
- C:\Windows\System\emuDwvS.exe
  C:\Windows\System\emuDwvS.exe
  2⤵
  PID:7100
- C:\Windows\System\QxmNOKe.exe
  C:\Windows\System\QxmNOKe.exe
  2⤵
  PID:6436
- C:\Windows\System\DvGOguO.exe
  C:\Windows\System\DvGOguO.exe
  2⤵
  PID:6756
- C:\Windows\System\pvBkdLr.exe
  C:\Windows\System\pvBkdLr.exe
  2⤵
  PID:6728
- C:\Windows\System\mHhqkTa.exe
  C:\Windows\System\mHhqkTa.exe
  2⤵
  PID:6564
- C:\Windows\System\hUoJNfF.exe
  C:\Windows\System\hUoJNfF.exe
  2⤵
  PID:7148
- C:\Windows\System\dknDsKB.exe
  C:\Windows\System\dknDsKB.exe
  2⤵
  PID:7032
- C:\Windows\System\TjVvKrc.exe
  C:\Windows\System\TjVvKrc.exe
  2⤵
  PID:6384
- C:\Windows\System\tvXTGAZ.exe
  C:\Windows\System\tvXTGAZ.exe
  2⤵
  PID:7036
- C:\Windows\System\tNKcslF.exe
  C:\Windows\System\tNKcslF.exe
  2⤵
  PID:7180
- C:\Windows\System\FFiSoHQ.exe
  C:\Windows\System\FFiSoHQ.exe
  2⤵
  PID:7204
- C:\Windows\System\AaiDAJv.exe
  C:\Windows\System\AaiDAJv.exe
  2⤵
  PID:7220
- C:\Windows\System\OMmcDgT.exe
  C:\Windows\System\OMmcDgT.exe
  2⤵
  PID:7236
- C:\Windows\System\krUtAQE.exe
  C:\Windows\System\krUtAQE.exe
  2⤵
  PID:7252
- C:\Windows\System\zQdOTiY.exe
  C:\Windows\System\zQdOTiY.exe
  2⤵
  PID:7288
- C:\Windows\System\AzvyZLU.exe
  C:\Windows\System\AzvyZLU.exe
  2⤵
  PID:7308
- C:\Windows\System\DwAIdGX.exe
  C:\Windows\System\DwAIdGX.exe
  2⤵
  PID:7324
- C:\Windows\System\wUZCOoq.exe
  C:\Windows\System\wUZCOoq.exe
  2⤵
  PID:7340
- C:\Windows\System\LojNfDK.exe
  C:\Windows\System\LojNfDK.exe
  2⤵
  PID:7360
- C:\Windows\System\toVEfFL.exe
  C:\Windows\System\toVEfFL.exe
  2⤵
  PID:7396
- C:\Windows\System\YiWAXZa.exe
  C:\Windows\System\YiWAXZa.exe
  2⤵
  PID:7412
- C:\Windows\System\YKSSVkA.exe
  C:\Windows\System\YKSSVkA.exe
  2⤵
  PID:7432
- C:\Windows\System\pLRRWwW.exe
  C:\Windows\System\pLRRWwW.exe
  2⤵
  PID:7452
- C:\Windows\System\DOIFDSs.exe
  C:\Windows\System\DOIFDSs.exe
  2⤵
  PID:7476
- C:\Windows\System\yQrsska.exe
  C:\Windows\System\yQrsska.exe
  2⤵
  PID:7496
- C:\Windows\System\efZEZhq.exe
  C:\Windows\System\efZEZhq.exe
  2⤵
  PID:7516
- C:\Windows\System\XacGZnz.exe
  C:\Windows\System\XacGZnz.exe
  2⤵
  PID:7536
- C:\Windows\System\uxhFlyX.exe
  C:\Windows\System\uxhFlyX.exe
  2⤵
  PID:7560
- C:\Windows\System\RREhjJR.exe
  C:\Windows\System\RREhjJR.exe
  2⤵
  PID:7576
- C:\Windows\System\RPXjbst.exe
  C:\Windows\System\RPXjbst.exe
  2⤵
  PID:7592
- C:\Windows\System\nqeXJMh.exe
  C:\Windows\System\nqeXJMh.exe
  2⤵
  PID:7612
- C:\Windows\System\VZTkJXA.exe
  C:\Windows\System\VZTkJXA.exe
  2⤵
  PID:7640
- C:\Windows\System\DyQKuTR.exe
  C:\Windows\System\DyQKuTR.exe
  2⤵
  PID:7656
- C:\Windows\System\EotMMsX.exe
  C:\Windows\System\EotMMsX.exe
  2⤵
  PID:7680
- C:\Windows\System\DCAQLZW.exe
  C:\Windows\System\DCAQLZW.exe
  2⤵
  PID:7700
- C:\Windows\System\PDVpGUX.exe
  C:\Windows\System\PDVpGUX.exe
  2⤵
  PID:7720
- C:\Windows\System\gqEOUgY.exe
  C:\Windows\System\gqEOUgY.exe
  2⤵
  PID:7736
- C:\Windows\System\FGrMnnT.exe
  C:\Windows\System\FGrMnnT.exe
  2⤵
  PID:7760
- C:\Windows\System\vmWPBVp.exe
  C:\Windows\System\vmWPBVp.exe
  2⤵
  PID:7776
- C:\Windows\System\YPxAxnG.exe
  C:\Windows\System\YPxAxnG.exe
  2⤵
  PID:7796
- C:\Windows\System\zDpecUC.exe
  C:\Windows\System\zDpecUC.exe
  2⤵
  PID:7812
- C:\Windows\System\oCvQUda.exe
  C:\Windows\System\oCvQUda.exe
  2⤵
  PID:7832
- C:\Windows\System\Sdffiox.exe
  C:\Windows\System\Sdffiox.exe
  2⤵
  PID:7852
- C:\Windows\System\HJLEbNJ.exe
  C:\Windows\System\HJLEbNJ.exe
  2⤵
  PID:7876
- C:\Windows\System\daJcatk.exe
  C:\Windows\System\daJcatk.exe
  2⤵
  PID:7896
- C:\Windows\System\gsvTBMW.exe
  C:\Windows\System\gsvTBMW.exe
  2⤵
  PID:7924
- C:\Windows\System\CGtptNS.exe
  C:\Windows\System\CGtptNS.exe
  2⤵
  PID:7940
- C:\Windows\System\WPnCXBh.exe
  C:\Windows\System\WPnCXBh.exe
  2⤵
  PID:7960
- C:\Windows\System\IqtBKPI.exe
  C:\Windows\System\IqtBKPI.exe
  2⤵
  PID:7984
- C:\Windows\System\HBHQKvF.exe
  C:\Windows\System\HBHQKvF.exe
  2⤵
  PID:8004
- C:\Windows\System\SZiFJgI.exe
  C:\Windows\System\SZiFJgI.exe
  2⤵
  PID:8020
- C:\Windows\System\RCbmDds.exe
  C:\Windows\System\RCbmDds.exe
  2⤵
  PID:8040
- C:\Windows\System\QFPElXR.exe
  C:\Windows\System\QFPElXR.exe
  2⤵
  PID:8068
- C:\Windows\System\bUqIOvq.exe
  C:\Windows\System\bUqIOvq.exe
  2⤵
  PID:8088
- C:\Windows\System\HrtYvZh.exe
  C:\Windows\System\HrtYvZh.exe
  2⤵
  PID:8104
- C:\Windows\System\ESaeqai.exe
  C:\Windows\System\ESaeqai.exe
  2⤵
  PID:8132
- C:\Windows\System\ggBFevR.exe
  C:\Windows\System\ggBFevR.exe
  2⤵
  PID:8148
- C:\Windows\System\MHdtQUs.exe
  C:\Windows\System\MHdtQUs.exe
  2⤵
  PID:8168
- C:\Windows\System\LKOHCbf.exe
  C:\Windows\System\LKOHCbf.exe
  2⤵
  PID:8188
- C:\Windows\System\eRzuWKY.exe
  C:\Windows\System\eRzuWKY.exe
  2⤵
  PID:6760
- C:\Windows\System\zsUFyXy.exe
  C:\Windows\System\zsUFyXy.exe
  2⤵
  PID:7276
- C:\Windows\System\qbooZiw.exe
  C:\Windows\System\qbooZiw.exe
  2⤵
  PID:7280
- C:\Windows\System\UuwKZjr.exe
  C:\Windows\System\UuwKZjr.exe
  2⤵
  PID:7172
- C:\Windows\System\EMlCUMU.exe
  C:\Windows\System\EMlCUMU.exe
  2⤵
  PID:7296
- C:\Windows\System\RfNPYKk.exe
  C:\Windows\System\RfNPYKk.exe
  2⤵
  PID:7380
- C:\Windows\System\VaBkjIC.exe
  C:\Windows\System\VaBkjIC.exe
  2⤵
  PID:7388
- C:\Windows\System\hpPpQCj.exe
  C:\Windows\System\hpPpQCj.exe
  2⤵
  PID:7424
- C:\Windows\System\jBwErHG.exe
  C:\Windows\System\jBwErHG.exe
  2⤵
  PID:1084
- C:\Windows\System\mXpSsSN.exe
  C:\Windows\System\mXpSsSN.exe
  2⤵
  PID:7464
- C:\Windows\System\KTSwqYW.exe
  C:\Windows\System\KTSwqYW.exe
  2⤵
  PID:1168
- C:\Windows\System\lYxNGmm.exe
  C:\Windows\System\lYxNGmm.exe
  2⤵
  PID:1664
- C:\Windows\System\yFdJwdx.exe
  C:\Windows\System\yFdJwdx.exe
  2⤵
  PID:7484
- C:\Windows\System\icwdYvQ.exe
  C:\Windows\System\icwdYvQ.exe
  2⤵
  PID:7512
- C:\Windows\System\kJsJyZH.exe
  C:\Windows\System\kJsJyZH.exe
  2⤵
  PID:7552
- C:\Windows\System\QcBKluX.exe
  C:\Windows\System\QcBKluX.exe
  2⤵
  PID:7572
- C:\Windows\System\SlyDuld.exe
  C:\Windows\System\SlyDuld.exe
  2⤵
  PID:7636
- C:\Windows\System\smTMVxt.exe
  C:\Windows\System\smTMVxt.exe
  2⤵
  PID:7652
- C:\Windows\System\wSJZeQz.exe
  C:\Windows\System\wSJZeQz.exe
  2⤵
  PID:7676
- C:\Windows\System\AXWKKRW.exe
  C:\Windows\System\AXWKKRW.exe
  2⤵
  PID:7692
- C:\Windows\System\fDbczle.exe
  C:\Windows\System\fDbczle.exe
  2⤵
  PID:7732
- C:\Windows\System\gaffjcy.exe
  C:\Windows\System\gaffjcy.exe
  2⤵
  PID:7772
- C:\Windows\System\evZgQac.exe
  C:\Windows\System\evZgQac.exe
  2⤵
  PID:7824
- C:\Windows\System\JFIpIRS.exe
  C:\Windows\System\JFIpIRS.exe
  2⤵
  PID:6976
- C:\Windows\System\iauDFUh.exe
  C:\Windows\System\iauDFUh.exe
  2⤵
  PID:7892
- C:\Windows\System\MUpVEKp.exe
  C:\Windows\System\MUpVEKp.exe
  2⤵
  PID:7912
- C:\Windows\System\cuzBeAd.exe
  C:\Windows\System\cuzBeAd.exe
  2⤵
  PID:7952
- C:\Windows\System\jyGwnWK.exe
  C:\Windows\System\jyGwnWK.exe
  2⤵
  PID:8000
- C:\Windows\System\kkZWLKq.exe
  C:\Windows\System\kkZWLKq.exe
  2⤵
  PID:8012
- C:\Windows\System\BPGEUfL.exe
  C:\Windows\System\BPGEUfL.exe
  2⤵
  PID:8052
- C:\Windows\System\hrDkUEo.exe
  C:\Windows\System\hrDkUEo.exe
  2⤵
  PID:8080
- C:\Windows\System\CWNWqyq.exe
  C:\Windows\System\CWNWqyq.exe
  2⤵
  PID:7864
- C:\Windows\System\BmlEsOq.exe
  C:\Windows\System\BmlEsOq.exe
  2⤵
  PID:8164
- C:\Windows\System\crCLgYZ.exe
  C:\Windows\System\crCLgYZ.exe
  2⤵
  PID:8176
- C:\Windows\System\IzOTcjz.exe
  C:\Windows\System\IzOTcjz.exe
  2⤵
  PID:7232
- C:\Windows\System\yXdTrbp.exe
  C:\Windows\System\yXdTrbp.exe
  2⤵
  PID:7216
- C:\Windows\System\GxMoGZM.exe
  C:\Windows\System\GxMoGZM.exe
  2⤵
  PID:7336
- C:\Windows\System\LgBiTze.exe
  C:\Windows\System\LgBiTze.exe
  2⤵
  PID:7332
- C:\Windows\System\BKXUBAX.exe
  C:\Windows\System\BKXUBAX.exe
  2⤵
  PID:7356
- C:\Windows\System\zIfsTqc.exe
  C:\Windows\System\zIfsTqc.exe
  2⤵
  PID:7404
- C:\Windows\System\nUUEHbr.exe
  C:\Windows\System\nUUEHbr.exe
  2⤵
  PID:1088
- C:\Windows\System\jFVvotR.exe
  C:\Windows\System\jFVvotR.exe
  2⤵
  PID:7472
- C:\Windows\System\fvwdKaF.exe
  C:\Windows\System\fvwdKaF.exe
  2⤵
  PID:7556
- C:\Windows\System\ymHhjql.exe
  C:\Windows\System\ymHhjql.exe
  2⤵
  PID:7620
- C:\Windows\System\kGZsdET.exe
  C:\Windows\System\kGZsdET.exe
  2⤵
  PID:7672
- C:\Windows\System\KTDYBpG.exe
  C:\Windows\System\KTDYBpG.exe
  2⤵
  PID:7748
- C:\Windows\System\FFCheBF.exe
  C:\Windows\System\FFCheBF.exe
  2⤵
  PID:7860
- C:\Windows\System\qhlNlCV.exe
  C:\Windows\System\qhlNlCV.exe
  2⤵
  PID:7768
- C:\Windows\System\wxBZBbe.exe
  C:\Windows\System\wxBZBbe.exe
  2⤵
  PID:7868
- C:\Windows\System\gdVhOtj.exe
  C:\Windows\System\gdVhOtj.exe
  2⤵
  PID:7968
- C:\Windows\System\gKqfyYD.exe
  C:\Windows\System\gKqfyYD.exe
  2⤵
  PID:8016
- C:\Windows\System\hbCcDTC.exe
  C:\Windows\System\hbCcDTC.exe
  2⤵
  PID:8048
- C:\Windows\System\UqQwdAt.exe
  C:\Windows\System\UqQwdAt.exe
  2⤵
  PID:8156
- C:\Windows\System\ZACdtvx.exe
  C:\Windows\System\ZACdtvx.exe
  2⤵
  PID:8144
- C:\Windows\System\hklXaPe.exe
  C:\Windows\System\hklXaPe.exe
  2⤵
  PID:7200
- C:\Windows\System\raJdySj.exe
  C:\Windows\System\raJdySj.exe
  2⤵
  PID:7348
- C:\Windows\System\lYGvMvn.exe
  C:\Windows\System\lYGvMvn.exe
  2⤵
  PID:7228
- C:\Windows\System\LbgtRsu.exe
  C:\Windows\System\LbgtRsu.exe
  2⤵
  PID:1892
- C:\Windows\System\YiWlBuf.exe
  C:\Windows\System\YiWlBuf.exe
  2⤵
  PID:7584
- C:\Windows\System\eTLUtkM.exe
  C:\Windows\System\eTLUtkM.exe
  2⤵
  PID:7468
- C:\Windows\System\iyaVsNY.exe
  C:\Windows\System\iyaVsNY.exe
  2⤵
  PID:7752
- C:\Windows\System\gyoLRpD.exe
  C:\Windows\System\gyoLRpD.exe
  2⤵
  PID:8112
- C:\Windows\System\EWLYWCb.exe
  C:\Windows\System\EWLYWCb.exe
  2⤵
  PID:7888
- C:\Windows\System\LgWRtVu.exe
  C:\Windows\System\LgWRtVu.exe
  2⤵
  PID:7784
- C:\Windows\System\VOhzxTi.exe
  C:\Windows\System\VOhzxTi.exe
  2⤵
  PID:7948
- C:\Windows\System\gKuNYdS.exe
  C:\Windows\System\gKuNYdS.exe
  2⤵
  PID:8116
- C:\Windows\System\fWZQZWP.exe
  C:\Windows\System\fWZQZWP.exe
  2⤵
  PID:7976
- C:\Windows\System\llSdSyo.exe
  C:\Windows\System\llSdSyo.exe
  2⤵
  PID:7408
- C:\Windows\System\kEjicfn.exe
  C:\Windows\System\kEjicfn.exe
  2⤵
  PID:7808
- C:\Windows\System\MNZcOcp.exe
  C:\Windows\System\MNZcOcp.exe
  2⤵
  PID:7460
- C:\Windows\System\SoBNGVq.exe
  C:\Windows\System\SoBNGVq.exe
  2⤵
  PID:8120
- C:\Windows\System\QvnEvsj.exe
  C:\Windows\System\QvnEvsj.exe
  2⤵
  PID:7632
- C:\Windows\System\lxLqKuL.exe
  C:\Windows\System\lxLqKuL.exe
  2⤵
  PID:7384
- C:\Windows\System\oRjHYLg.exe
  C:\Windows\System\oRjHYLg.exe
  2⤵
  PID:8036
- C:\Windows\System\MJurXZs.exe
  C:\Windows\System\MJurXZs.exe
  2⤵
  PID:7528
- C:\Windows\System\IJQwIFh.exe
  C:\Windows\System\IJQwIFh.exe
  2⤵
  PID:8076
- C:\Windows\System\DKYIKsG.exe
  C:\Windows\System\DKYIKsG.exe
  2⤵
  PID:7372
- C:\Windows\System\WmjenQp.exe
  C:\Windows\System\WmjenQp.exe
  2⤵
  PID:7844
- C:\Windows\System\qGXAbYM.exe
  C:\Windows\System\qGXAbYM.exe
  2⤵
  PID:8056
- C:\Windows\System\htKeOrv.exe
  C:\Windows\System\htKeOrv.exe
  2⤵
  PID:7444
- C:\Windows\System\vKnuVom.exe
  C:\Windows\System\vKnuVom.exe
  2⤵
  PID:7272
- C:\Windows\System\UWLErjA.exe
  C:\Windows\System\UWLErjA.exe
  2⤵
  PID:7716
- C:\Windows\System\aYthDlz.exe
  C:\Windows\System\aYthDlz.exe
  2⤵
  PID:8208
- C:\Windows\System\qnAzLWc.exe
  C:\Windows\System\qnAzLWc.exe
  2⤵
  PID:8228
- C:\Windows\System\rORhIFp.exe
  C:\Windows\System\rORhIFp.exe
  2⤵
  PID:8256
- C:\Windows\System\kxnDiCf.exe
  C:\Windows\System\kxnDiCf.exe
  2⤵
  PID:8276
- C:\Windows\System\PuQpgaw.exe
  C:\Windows\System\PuQpgaw.exe
  2⤵
  PID:8292
- C:\Windows\System\AWgdsvz.exe
  C:\Windows\System\AWgdsvz.exe
  2⤵
  PID:8308
- C:\Windows\System\QCtcNuq.exe
  C:\Windows\System\QCtcNuq.exe
  2⤵
  PID:8340
- C:\Windows\System\zRXPBoY.exe
  C:\Windows\System\zRXPBoY.exe
  2⤵
  PID:8360
- C:\Windows\System\yKaAfGi.exe
  C:\Windows\System\yKaAfGi.exe
  2⤵
  PID:8376
- C:\Windows\System\SSWJVDk.exe
  C:\Windows\System\SSWJVDk.exe
  2⤵
  PID:8396
- C:\Windows\System\jFBvfcE.exe
  C:\Windows\System\jFBvfcE.exe
  2⤵
  PID:8416
- C:\Windows\System\rkFVKJm.exe
  C:\Windows\System\rkFVKJm.exe
  2⤵
  PID:8436
- C:\Windows\System\LQhZhOJ.exe
  C:\Windows\System\LQhZhOJ.exe
  2⤵
  PID:8452
- C:\Windows\System\qatHTvh.exe
  C:\Windows\System\qatHTvh.exe
  2⤵
  PID:8468
- C:\Windows\System\TkyKtFH.exe
  C:\Windows\System\TkyKtFH.exe
  2⤵
  PID:8512
- C:\Windows\System\dznxPhq.exe
  C:\Windows\System\dznxPhq.exe
  2⤵
  PID:8528
- C:\Windows\System\saUuAXt.exe
  C:\Windows\System\saUuAXt.exe
  2⤵
  PID:8544
- C:\Windows\System\VZICWxE.exe
  C:\Windows\System\VZICWxE.exe
  2⤵
  PID:8560
- C:\Windows\System\ZYMBjlF.exe
  C:\Windows\System\ZYMBjlF.exe
  2⤵
  PID:8592
- C:\Windows\System\OijoinG.exe
  C:\Windows\System\OijoinG.exe
  2⤵
  PID:8608
- C:\Windows\System\lNNbNDm.exe
  C:\Windows\System\lNNbNDm.exe
  2⤵
  PID:8624
- C:\Windows\System\ZyoXGoU.exe
  C:\Windows\System\ZyoXGoU.exe
  2⤵
  PID:8648
- C:\Windows\System\eCYidGZ.exe
  C:\Windows\System\eCYidGZ.exe
  2⤵
  PID:8676
- C:\Windows\System\gLMbUWT.exe
  C:\Windows\System\gLMbUWT.exe
  2⤵
  PID:8692
- C:\Windows\System\qSkudOQ.exe
  C:\Windows\System\qSkudOQ.exe
  2⤵
  PID:8712
- C:\Windows\System\KoUWOzQ.exe
  C:\Windows\System\KoUWOzQ.exe
  2⤵
  PID:8728
- C:\Windows\System\CZPhgpp.exe
  C:\Windows\System\CZPhgpp.exe
  2⤵
  PID:8756
- C:\Windows\System\sUuQfuV.exe
  C:\Windows\System\sUuQfuV.exe
  2⤵
  PID:8772
- C:\Windows\System\pNZLVoX.exe
  C:\Windows\System\pNZLVoX.exe
  2⤵
  PID:8788
- C:\Windows\System\gIyXIBa.exe
  C:\Windows\System\gIyXIBa.exe
  2⤵
  PID:8804
- C:\Windows\System\hHQRdwG.exe
  C:\Windows\System\hHQRdwG.exe
  2⤵
  PID:8832
- C:\Windows\System\EbdfpqO.exe
  C:\Windows\System\EbdfpqO.exe
  2⤵
  PID:8848
- C:\Windows\System\YQbIfKh.exe
  C:\Windows\System\YQbIfKh.exe
  2⤵
  PID:8868
- C:\Windows\System\JGhZqsg.exe
  C:\Windows\System\JGhZqsg.exe
  2⤵
  PID:8884
- C:\Windows\System\UlfNKNW.exe
  C:\Windows\System\UlfNKNW.exe
  2⤵
  PID:8900
- C:\Windows\System\xcoHluW.exe
  C:\Windows\System\xcoHluW.exe
  2⤵
  PID:8916
- C:\Windows\System\yYfFSVd.exe
  C:\Windows\System\yYfFSVd.exe
  2⤵
  PID:8940
- C:\Windows\System\RrueyRG.exe
  C:\Windows\System\RrueyRG.exe
  2⤵
  PID:8960
- C:\Windows\System\ECMzrkV.exe
  C:\Windows\System\ECMzrkV.exe
  2⤵
  PID:8980
- C:\Windows\System\MgzfyrQ.exe
  C:\Windows\System\MgzfyrQ.exe
  2⤵
  PID:8996
- C:\Windows\System\qLYuoSE.exe
  C:\Windows\System\qLYuoSE.exe
  2⤵
  PID:9012
- C:\Windows\System\ccnuEbO.exe
  C:\Windows\System\ccnuEbO.exe
  2⤵
  PID:9028
- C:\Windows\System\lgCkFBe.exe
  C:\Windows\System\lgCkFBe.exe
  2⤵
  PID:9044
- C:\Windows\System\spgwefQ.exe
  C:\Windows\System\spgwefQ.exe
  2⤵
  PID:9060
- C:\Windows\System\VStRmsB.exe
  C:\Windows\System\VStRmsB.exe
  2⤵
  PID:9076
- C:\Windows\System\nUJfMAu.exe
  C:\Windows\System\nUJfMAu.exe
  2⤵
  PID:9092
- C:\Windows\System\fQUuDwT.exe
  C:\Windows\System\fQUuDwT.exe
  2⤵
  PID:9108
- C:\Windows\System\pcNthkH.exe
  C:\Windows\System\pcNthkH.exe
  2⤵
  PID:9124
- C:\Windows\System\zpEjJjw.exe
  C:\Windows\System\zpEjJjw.exe
  2⤵
  PID:9140
- C:\Windows\System\qiiKgMQ.exe
  C:\Windows\System\qiiKgMQ.exe
  2⤵
  PID:9156
- C:\Windows\System\CDwDVPS.exe
  C:\Windows\System\CDwDVPS.exe
  2⤵
  PID:9172
- C:\Windows\System\XoBTeQA.exe
  C:\Windows\System\XoBTeQA.exe
  2⤵
  PID:9188
- C:\Windows\System\TkZhWxf.exe
  C:\Windows\System\TkZhWxf.exe
  2⤵
  PID:9208
- C:\Windows\System\JwSUqfN.exe
  C:\Windows\System\JwSUqfN.exe
  2⤵
  PID:7624
- C:\Windows\System\OaXLnIv.exe
  C:\Windows\System\OaXLnIv.exe
  2⤵
  PID:7936
- C:\Windows\System\fbYcjRA.exe
  C:\Windows\System\fbYcjRA.exe
  2⤵
  PID:7792
- C:\Windows\System\YKJCogv.exe
  C:\Windows\System\YKJCogv.exe
  2⤵
  PID:8244
- C:\Windows\System\bfrGJsn.exe
  C:\Windows\System\bfrGJsn.exe
  2⤵
  PID:8268
- C:\Windows\System\aLebIgE.exe
  C:\Windows\System\aLebIgE.exe
  2⤵
  PID:8320
- C:\Windows\System\CORxwkJ.exe
  C:\Windows\System\CORxwkJ.exe
  2⤵
  PID:8332
- C:\Windows\System\wcredjb.exe
  C:\Windows\System\wcredjb.exe
  2⤵
  PID:8388
- C:\Windows\System\PuZCHEM.exe
  C:\Windows\System\PuZCHEM.exe
  2⤵
  PID:7192
- C:\Windows\System\ckcmafm.exe
  C:\Windows\System\ckcmafm.exe
  2⤵
  PID:8460
- C:\Windows\System\RWmgwWM.exe
  C:\Windows\System\RWmgwWM.exe
  2⤵
  PID:8476
- C:\Windows\System\eloeIzD.exe
  C:\Windows\System\eloeIzD.exe
  2⤵
  PID:8496
- C:\Windows\System\CkTLZHb.exe
  C:\Windows\System\CkTLZHb.exe
  2⤵
  PID:1948
- C:\Windows\System\hICDNvE.exe
  C:\Windows\System\hICDNvE.exe
  2⤵
  PID:1952
- C:\Windows\System\jGjqDra.exe
  C:\Windows\System\jGjqDra.exe
  2⤵
  PID:8480
- C:\Windows\System\VftApOa.exe
  C:\Windows\System\VftApOa.exe
  2⤵
  PID:8524
- C:\Windows\System\dRqSwvN.exe
  C:\Windows\System\dRqSwvN.exe
  2⤵
  PID:8576
- C:\Windows\System\FkMjyzl.exe
  C:\Windows\System\FkMjyzl.exe
  2⤵
  PID:8572
- C:\Windows\System\yCgZJPd.exe
  C:\Windows\System\yCgZJPd.exe
  2⤵
  PID:8604
- C:\Windows\System\hFQAMdI.exe
  C:\Windows\System\hFQAMdI.exe
  2⤵
  PID:8632
- C:\Windows\System\IoIkBbR.exe
  C:\Windows\System\IoIkBbR.exe
  2⤵
  PID:8664
- C:\Windows\System\rxsQCOz.exe
  C:\Windows\System\rxsQCOz.exe
  2⤵
  PID:8704
- C:\Windows\System\pulEdjk.exe
  C:\Windows\System\pulEdjk.exe
  2⤵
  PID:8740
- C:\Windows\System\ZTEafnY.exe
  C:\Windows\System\ZTEafnY.exe
  2⤵
  PID:8796
- C:\Windows\System\UYbfHFt.exe
  C:\Windows\System\UYbfHFt.exe
  2⤵
  PID:8784
- C:\Windows\System\xvsnDLk.exe
  C:\Windows\System\xvsnDLk.exe
  2⤵
  PID:8824
- C:\Windows\System\cKyHfyf.exe
  C:\Windows\System\cKyHfyf.exe
  2⤵
  PID:8892
- C:\Windows\System\iccuowM.exe
  C:\Windows\System\iccuowM.exe
  2⤵
  PID:8844
- C:\Windows\System\QYYmfyF.exe
  C:\Windows\System\QYYmfyF.exe
  2⤵
  PID:8932
- C:\Windows\System\evjafhS.exe
  C:\Windows\System\evjafhS.exe
  2⤵
  PID:8952
- C:\Windows\System\oKKIypZ.exe
  C:\Windows\System\oKKIypZ.exe
  2⤵
  PID:9020
- C:\Windows\System\StXbCML.exe
  C:\Windows\System\StXbCML.exe
  2⤵
  PID:9088
- C:\Windows\System\FyMDUfL.exe
  C:\Windows\System\FyMDUfL.exe
  2⤵
  PID:8972
- C:\Windows\System\JVYuMYe.exe
  C:\Windows\System\JVYuMYe.exe
  2⤵
  PID:9100
- C:\Windows\System\KQHMXod.exe
  C:\Windows\System\KQHMXod.exe
  2⤵
  PID:9116
- C:\Windows\System\KxbszPD.exe
  C:\Windows\System\KxbszPD.exe
  2⤵
  PID:9164
- C:\Windows\System\VDpZHjW.exe
  C:\Windows\System\VDpZHjW.exe
  2⤵
  PID:9148
- C:\Windows\System\WrRaMAT.exe
  C:\Windows\System\WrRaMAT.exe
  2⤵
  PID:9204
- C:\Windows\System\qipqneK.exe
  C:\Windows\System\qipqneK.exe
  2⤵
  PID:1944
- C:\Windows\System\RBpEiZw.exe
  C:\Windows\System\RBpEiZw.exe
  2⤵
  PID:1676
- C:\Windows\System\bqlSrlv.exe
  C:\Windows\System\bqlSrlv.exe
  2⤵
  PID:2712
- C:\Windows\System\uxbaTMV.exe
  C:\Windows\System\uxbaTMV.exe
  2⤵
  PID:8252
- C:\Windows\System\Ssqtkfa.exe
  C:\Windows\System\Ssqtkfa.exe
  2⤵
  PID:8288
- C:\Windows\System\blfEUMY.exe
  C:\Windows\System\blfEUMY.exe
  2⤵
  PID:8356
- C:\Windows\System\vVvTXAR.exe
  C:\Windows\System\vVvTXAR.exe
  2⤵
  PID:8412
- C:\Windows\System\paKTHjf.exe
  C:\Windows\System\paKTHjf.exe
  2⤵
  PID:1656
- C:\Windows\System\ohDWncV.exe
  C:\Windows\System\ohDWncV.exe
  2⤵
  PID:8424
- C:\Windows\System\remxdLP.exe
  C:\Windows\System\remxdLP.exe
  2⤵
  PID:2232
- C:\Windows\System\RSJmeWe.exe
  C:\Windows\System\RSJmeWe.exe
  2⤵
  PID:8556
- C:\Windows\System\XKAKjZG.exe
  C:\Windows\System\XKAKjZG.exe
  2⤵
  PID:8656
- C:\Windows\System\SURhmCC.exe
  C:\Windows\System\SURhmCC.exe
  2⤵
  PID:8640
- C:\Windows\System\WYpkmzi.exe
  C:\Windows\System\WYpkmzi.exe
  2⤵
  PID:8860
- C:\Windows\System\yaKOIBq.exe
  C:\Windows\System\yaKOIBq.exe
  2⤵
  PID:8764
- C:\Windows\System\iWTLqua.exe
  C:\Windows\System\iWTLqua.exe
  2⤵
  PID:8864
- C:\Windows\System\IWYeIMX.exe
  C:\Windows\System\IWYeIMX.exe
  2⤵
  PID:8912
- C:\Windows\System\MXdYPld.exe
  C:\Windows\System\MXdYPld.exe
  2⤵
  PID:8992
- C:\Windows\System\uoDaCdy.exe
  C:\Windows\System\uoDaCdy.exe
  2⤵
  PID:9008
- C:\Windows\System\UcgDRzS.exe
  C:\Windows\System\UcgDRzS.exe
  2⤵
  PID:8968
- C:\Windows\System\pRoZbsk.exe
  C:\Windows\System\pRoZbsk.exe
  2⤵
  PID:9136
- C:\Windows\System\UuNDIUZ.exe
  C:\Windows\System\UuNDIUZ.exe
  2⤵
  PID:2656
- C:\Windows\System\TEeZHFL.exe
  C:\Windows\System\TEeZHFL.exe
  2⤵
  PID:8220
- C:\Windows\System\JlwAMgh.exe
  C:\Windows\System\JlwAMgh.exe
  2⤵
  PID:8324
- C:\Windows\System\Jwdwnod.exe
  C:\Windows\System\Jwdwnod.exe
  2⤵
  PID:8368
- C:\Windows\System\PkaKMgc.exe
  C:\Windows\System\PkaKMgc.exe
  2⤵
  PID:8408
- C:\Windows\System\TMfYRWv.exe
  C:\Windows\System\TMfYRWv.exe
  2⤵
  PID:8488
- C:\Windows\System\DgIudVp.exe
  C:\Windows\System\DgIudVp.exe
  2⤵
  PID:8588
- C:\Windows\System\kXcJact.exe
  C:\Windows\System\kXcJact.exe
  2⤵
  PID:8820
- C:\Windows\System\NinawwK.exe
  C:\Windows\System\NinawwK.exe
  2⤵
  PID:8876
- C:\Windows\System\WGvSnxY.exe
  C:\Windows\System\WGvSnxY.exe
  2⤵
  PID:8840
- C:\Windows\System\uavDhRi.exe
  C:\Windows\System\uavDhRi.exe
  2⤵
  PID:8688
- C:\Windows\System\yPBaHkI.exe
  C:\Windows\System\yPBaHkI.exe
  2⤵
  PID:9056
- C:\Windows\System\qELtdQR.exe
  C:\Windows\System\qELtdQR.exe
  2⤵
  PID:9104
- C:\Windows\System\fucmnjV.exe
  C:\Windows\System\fucmnjV.exe
  2⤵
  PID:9196
- C:\Windows\System\MmWNcss.exe
  C:\Windows\System\MmWNcss.exe
  2⤵
  PID:6812
- C:\Windows\System\sVnEBiV.exe
  C:\Windows\System\sVnEBiV.exe
  2⤵
  PID:1984
- C:\Windows\System\PaxLcSt.exe
  C:\Windows\System\PaxLcSt.exe
  2⤵
  PID:8492
- C:\Windows\System\DSSFtvW.exe
  C:\Windows\System\DSSFtvW.exe
  2⤵
  PID:8924
- C:\Windows\System\JoqZChz.exe
  C:\Windows\System\JoqZChz.exe
  2⤵
  PID:8976
- C:\Windows\System\DnYfRyN.exe
  C:\Windows\System\DnYfRyN.exe
  2⤵
  PID:2668
- C:\Windows\System\yxiJcCb.exe
  C:\Windows\System\yxiJcCb.exe
  2⤵
  PID:8584
- C:\Windows\System\gwXjXVn.exe
  C:\Windows\System\gwXjXVn.exe
  2⤵
  PID:8200
- C:\Windows\System\uSwERzY.exe
  C:\Windows\System\uSwERzY.exe
  2⤵
  PID:9132
- C:\Windows\System\EJfvgMF.exe
  C:\Windows\System\EJfvgMF.exe
  2⤵
  PID:8928
- C:\Windows\System\mTcDUBz.exe
  C:\Windows\System\mTcDUBz.exe
  2⤵
  PID:9240
- C:\Windows\System\xSapqPs.exe
  C:\Windows\System\xSapqPs.exe
  2⤵
  PID:9256
- C:\Windows\System\UUZtNqy.exe
  C:\Windows\System\UUZtNqy.exe
  2⤵
  PID:9272
- C:\Windows\System\CxuiejU.exe
  C:\Windows\System\CxuiejU.exe
  2⤵
  PID:9288
- C:\Windows\System\rXbQvsi.exe
  C:\Windows\System\rXbQvsi.exe
  2⤵
  PID:9304
- C:\Windows\System\XikzrMC.exe
  C:\Windows\System\XikzrMC.exe
  2⤵
  PID:9328
- C:\Windows\System\CPSJTcW.exe
  C:\Windows\System\CPSJTcW.exe
  2⤵
  PID:9344
- C:\Windows\System\gJwFihI.exe
  C:\Windows\System\gJwFihI.exe
  2⤵
  PID:9360
- C:\Windows\System\mdjabLj.exe
  C:\Windows\System\mdjabLj.exe
  2⤵
  PID:9484
- C:\Windows\System\jBUwNzl.exe
  C:\Windows\System\jBUwNzl.exe
  2⤵
  PID:9500
- C:\Windows\System\MFITKzA.exe
  C:\Windows\System\MFITKzA.exe
  2⤵
  PID:9516
- C:\Windows\System\STZLQqB.exe
  C:\Windows\System\STZLQqB.exe
  2⤵
  PID:9532
- C:\Windows\System\NuXKgBb.exe
  C:\Windows\System\NuXKgBb.exe
  2⤵
  PID:9548
- C:\Windows\System\WOHjbUA.exe
  C:\Windows\System\WOHjbUA.exe
  2⤵
  PID:9564
- C:\Windows\System\UGRHhRC.exe
  C:\Windows\System\UGRHhRC.exe
  2⤵
  PID:9580
- C:\Windows\System\mAzJlQc.exe
  C:\Windows\System\mAzJlQc.exe
  2⤵
  PID:9596
- C:\Windows\System\EzMVFZa.exe
  C:\Windows\System\EzMVFZa.exe
  2⤵
  PID:9612
- C:\Windows\System\febiCOG.exe
  C:\Windows\System\febiCOG.exe
  2⤵
  PID:9628
- C:\Windows\System\fAcsisF.exe
  C:\Windows\System\fAcsisF.exe
  2⤵
  PID:9644
- C:\Windows\System\XFtWsVq.exe
  C:\Windows\System\XFtWsVq.exe
  2⤵
  PID:9660
- C:\Windows\System\YTKCJqv.exe
  C:\Windows\System\YTKCJqv.exe
  2⤵
  PID:9696
- C:\Windows\System\bIqkFOg.exe
  C:\Windows\System\bIqkFOg.exe
  2⤵
  PID:9724
- C:\Windows\System\SkUqqjq.exe
  C:\Windows\System\SkUqqjq.exe
  2⤵
  PID:9772
- C:\Windows\System\KADIPuX.exe
  C:\Windows\System\KADIPuX.exe
  2⤵
  PID:9796
- C:\Windows\System\fFitEgw.exe
  C:\Windows\System\fFitEgw.exe
  2⤵
  PID:9812
- C:\Windows\System\RKvUCDx.exe
  C:\Windows\System\RKvUCDx.exe
  2⤵
  PID:9832
- C:\Windows\System\bHaRPdB.exe
  C:\Windows\System\bHaRPdB.exe
  2⤵
  PID:9868
- C:\Windows\System\jLeEeVe.exe
  C:\Windows\System\jLeEeVe.exe
  2⤵
  PID:9884
- C:\Windows\System\sQlAUzH.exe
  C:\Windows\System\sQlAUzH.exe
  2⤵
  PID:9900
- C:\Windows\System\bsojVwL.exe
  C:\Windows\System\bsojVwL.exe
  2⤵
  PID:9916
- C:\Windows\System\GrUuMRC.exe
  C:\Windows\System\GrUuMRC.exe
  2⤵
  PID:9932
- C:\Windows\System\erSnRzi.exe
  C:\Windows\System\erSnRzi.exe
  2⤵
  PID:9948
- C:\Windows\System\ULJNUiR.exe
  C:\Windows\System\ULJNUiR.exe
  2⤵
  PID:9964
- C:\Windows\System\fdXlquY.exe
  C:\Windows\System\fdXlquY.exe
  2⤵
  PID:9980
- C:\Windows\System\VeIGPxF.exe
  C:\Windows\System\VeIGPxF.exe
  2⤵
  PID:9996
- C:\Windows\System\XbFLcsc.exe
  C:\Windows\System\XbFLcsc.exe
  2⤵
  PID:10016
- C:\Windows\System\IZohyok.exe
  C:\Windows\System\IZohyok.exe
  2⤵
  PID:10036
- C:\Windows\System\WXfoYmr.exe
  C:\Windows\System\WXfoYmr.exe
  2⤵
  PID:10052
- C:\Windows\System\CZpjuCo.exe
  C:\Windows\System\CZpjuCo.exe
  2⤵
  PID:10068
- C:\Windows\System\iRxlvxK.exe
  C:\Windows\System\iRxlvxK.exe
  2⤵
  PID:10088
- C:\Windows\System\WDpeEvS.exe
  C:\Windows\System\WDpeEvS.exe
  2⤵
  PID:10108
- C:\Windows\System\TrWbolw.exe
  C:\Windows\System\TrWbolw.exe
  2⤵
  PID:10124
- C:\Windows\System\uuflESO.exe
  C:\Windows\System\uuflESO.exe
  2⤵
  PID:10144
- C:\Windows\System\PmzkWvB.exe
  C:\Windows\System\PmzkWvB.exe
  2⤵
  PID:10160
- C:\Windows\System\eaUOTbL.exe
  C:\Windows\System\eaUOTbL.exe
  2⤵
  PID:10176
- C:\Windows\System\PLzjnTi.exe
  C:\Windows\System\PLzjnTi.exe
  2⤵
  PID:10204
- C:\Windows\System\EPpjBKm.exe
  C:\Windows\System\EPpjBKm.exe
  2⤵
  PID:10224
- C:\Windows\System\bneKpQO.exe
  C:\Windows\System\bneKpQO.exe
  2⤵
  PID:9152
- C:\Windows\System\AeDFEoO.exe
  C:\Windows\System\AeDFEoO.exe
  2⤵
  PID:8392
- C:\Windows\System\EDXYGib.exe
  C:\Windows\System\EDXYGib.exe
  2⤵
  PID:9264
- C:\Windows\System\cAaWtoJ.exe
  C:\Windows\System\cAaWtoJ.exe
  2⤵
  PID:9284
- C:\Windows\System\tgxBzbp.exe
  C:\Windows\System\tgxBzbp.exe
  2⤵
  PID:9324
- C:\Windows\System\bEkLmtq.exe
  C:\Windows\System\bEkLmtq.exe
  2⤵
  PID:9336
- C:\Windows\System\kYxLPXf.exe
  C:\Windows\System\kYxLPXf.exe
  2⤵
  PID:9380
- C:\Windows\System\gGlSMpI.exe
  C:\Windows\System\gGlSMpI.exe
  2⤵
  PID:9396
- C:\Windows\System\pvnMWoq.exe
  C:\Windows\System\pvnMWoq.exe
  2⤵
  PID:9424
- C:\Windows\System\ixVroKK.exe
  C:\Windows\System\ixVroKK.exe
  2⤵
  PID:9444
- C:\Windows\System\fBqBjNX.exe
  C:\Windows\System\fBqBjNX.exe
  2⤵
  PID:9456
- C:\Windows\System\zdEbysM.exe
  C:\Windows\System\zdEbysM.exe
  2⤵
  PID:9472
- C:\Windows\System\uadWuRi.exe
  C:\Windows\System\uadWuRi.exe
  2⤵
  PID:9512
- C:\Windows\System\ywMdtsT.exe
  C:\Windows\System\ywMdtsT.exe
  2⤵
  PID:9528
- C:\Windows\System\xqLPufe.exe
  C:\Windows\System\xqLPufe.exe
  2⤵
  PID:9576
- C:\Windows\System\eRofByE.exe
  C:\Windows\System\eRofByE.exe
  2⤵
  PID:9604
- C:\Windows\System\PMxtQVH.exe
  C:\Windows\System\PMxtQVH.exe
  2⤵
  PID:9624
- C:\Windows\System\konbUii.exe
  C:\Windows\System\konbUii.exe
  2⤵
  PID:9708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CWtCuQG.exe

Filesize
6.0MB

MD5
a984258887fab4bf6a0f975c1646905f

SHA1
fc060d5c2b45a82ee94d0e9e05e2ad4a41d836ce

SHA256
e14fb7d8c02e0f6ff00c918dc32035865067b120220f76ecc9425cf1539a8f96

SHA512
474f9649b052a236000907eb53f7aaae1a716ca73ca5e9978ecd97de7ea48b3c650d270872c7f2d1fa10714e470230ef7967fd81abbf8dc997fb2351a2cc9b5c

Download Submit
C:\Windows\system\EYhJQdF.exe

Filesize
6.0MB

MD5
aa01843ddef84d2ef0d1c8e0daf23430

SHA1
46f7963f074117900af8ef34219fd472ae95a72e

SHA256
ad4289f882b14a238e5655d77c11df027921435ac55be567888b2c1d247eb7aa

SHA512
3481aca059938d57fb28be4dfa43c60bda137f1e996fe5b5478c5baa049bdf024e215129af06fb053569915ba86102c01fb6064754b9e791d6c2827acc6ae2df

Download Submit
C:\Windows\system\GHrEcIo.exe

Filesize
6.0MB

MD5
b78e7b6eae2a4fc263d2cfd2aaf76f30

SHA1
455fd0690cd1df98ce605f03d1f6762a92968e38

SHA256
01f2e53a9528e286b8acc05e0f0efcc3060551b37f862488389c61db5cc37933

SHA512
33f95d9ce31acf13742d28fc04d88a61d85ae4190be985c1ec66a4c3d2dce71f6abd653e4adae9d81720aef2ef418020d5ccd9ba2a48197a113d1b77b6bfd657

Download Submit
C:\Windows\system\JLAwFxZ.exe

Filesize
6.0MB

MD5
dba7658818689db2264b68d79ea1b250

SHA1
437251cbc0d07c85d321b755db5be20b90b2357e

SHA256
6e8ea27af5e9c17b9e219ea377e4a096ee95c7d00c4369f14e68319dc338fbd8

SHA512
b3dedf2e8d783db022ae9e93de654b8d9b781c97caa128eba4b838cd80aca8c4569ba829f042d1ff3aed7b96a8f2023a3bfd7c05da51261974c6a4fcb124c52e

Download Submit
C:\Windows\system\KtTToYv.exe

Filesize
6.0MB

MD5
602a565fb0c403b5aa63cbbc6a9825f6

SHA1
b6053b82c15232a930bdf83af35d6b1d77bca305

SHA256
8c7931a3593ac18db32c2675d7dd39347f5d90b5e3d0e1278a36a936dd4d5cd8

SHA512
0d093fc3e13b498a4bc08812a6716c8a423d37359e834fbd723187aa9847862f9248e08a996ea997eacf509fe851fac40ba0abbb6c265d0aec9eb2ec44b97b3a

Download Submit
C:\Windows\system\LdrDxfN.exe

Filesize
6.0MB

MD5
383d41c5521e5de4fe955148e4b2e2ff

SHA1
48fe76c66b18c2f0a00a8c6822a1355866d47452

SHA256
e60855308d5050acb24b60147449a4c582c000421921cd8141f7851413813f8d

SHA512
7136454f0b8641fd5f01eaaeda4ff8269928b06bcf00b03f7a92d83df43b51f20d5575bcc7e63b9df958eaac8576081303802379a92534f4c4c74518705ab690

Download Submit
C:\Windows\system\LuWWMZV.exe

Filesize
6.0MB

MD5
d294480e8f68efddf73802d0bd09708f

SHA1
784b490aa06ec3479771d084fe76db75db8b0d57

SHA256
019fc1e0363e8a8c6a273ee62c44160974b021a727048db292a8c20b07d0db40

SHA512
ea1230e4fd0c6868656c05fcc8a58e5d432f794f11481e2d6aedd547081d751f907b625b40d462f3b0c9d063522291f8a0455402d7765166b32ee6eb53131631

Download Submit
C:\Windows\system\ONdkPWU.exe

Filesize
6.0MB

MD5
877b56ad7dfea25e044693adc8694556

SHA1
eb9852dd41b9aa30164e93fcfa6087dfbf326b52

SHA256
725bce914c5d2468b0f7d80127bd548dd7753adde21b5c70cd180890c9f8dec6

SHA512
40da9c86837c0f817730b8e6683d5486daf52c4ed6cedb36f9b7001a4265a117a87fa15f8503c13ee70c30821656338430252750b29a742cbf14428c30f6f367

Download Submit
C:\Windows\system\PJZMuVw.exe

Filesize
6.0MB

MD5
d4bfa1eb3f0a6ab6a2bd264e6d1e7901

SHA1
9a31e2934bcae1dd0d91492648635c84ddd351e4

SHA256
b9ee5f43c49e89de1d41d66dea5713412cc29d5c3c87d83dcd0ca62c45b1357b

SHA512
d28b9eb2cead53f261941faf327d308b263fd68b153f1ce61d8c0882560c239c904a54cd165f6388d851ef060dac4efab456e2302096646c5b9f11b52687b56d

Download Submit
C:\Windows\system\RyYVWyq.exe

Filesize
6.0MB

MD5
c4f1f8abead483961a976365b7bd3d32

SHA1
598ca7aa25c21ce1af74cb27a9f654ead0ce2d73

SHA256
d5d1542062dc74f888e27933c1454d73e89a9e06082ca4d8204e917b43437635

SHA512
ec8d12a200c575b941f8d5887b3bf8e5aba6cfc2aa157812cece996e113b06c2284a0293333a375ca5a3d21ac61e24985d97f452be9ddaa913e38dcb4ae044aa

Download Submit
C:\Windows\system\VUcHvLg.exe

Filesize
6.0MB

MD5
3c5c017ed6d8cfc6a68eba87111fd07d

SHA1
84230b7f91afab621f09c69c086132a38bbbcdd6

SHA256
9d653264b96a3605087bc0d892fb5a70c167cbf101be0c6f2586e724da19fee5

SHA512
c5d2cfb41daf0901588d4dea471ce95cf03ddbfea00c812ed4ec822a7459750f7ebc6f1a07ead56ab45397c7d0b2c6ecf70c7e2bb1c704c62cb3ff1692ae7efd

Download Submit
C:\Windows\system\WvWgphG.exe

Filesize
6.0MB

MD5
ca39d696f045ac0b020d5565004407e7

SHA1
5e2d4cc9e4798d13114dc906e4e624ec0ae77d0f

SHA256
72c7b4fd7fa179678089dd55035b987d94883b1cde01be631a6972aacd4355d8

SHA512
5279b41ae8b8630d68f401a32219d54acbbc622bf2303c08e09669ae757d93a3019660b078e1ef387ee94b603ff25cb9eaf7f25cae4b84414c025a478d001d51

Download Submit
C:\Windows\system\WzvOURo.exe

Filesize
6.0MB

MD5
d96ea14e113d5e587658c132e061795d

SHA1
dd0a17c727aa19e7f4a723088ea0d19fd9e9ff2a

SHA256
441dacf6873e56fa937a3793e8f3994f9233eecd3cc0c42c2dce90a1448ec4a3

SHA512
2a92580b22bd6c9353370f384c1751f5df9496031e629cc05b6745f205a844498234abef94257b35680ca6b25a521a7e1a63e200e50b3bffe90bd6d7c9d45287

Download Submit
C:\Windows\system\aDUEjVp.exe

Filesize
6.0MB

MD5
a16cf4372be8d455e86c1ba749cc1cad

SHA1
d56ff08a372b25ec8b87f13ba3c16e6a26054bb5

SHA256
b60aae052c9c5b8c3cae636545c9dd78f543149dba77e26fd6670435c3fd9010

SHA512
15aefb1896c229e6cd6177bcd982d6c853d08f1d4a4e9b5d212677c1aca1c65c6100db572c82250a6f444ba15ac8e304b38a85d9dc4b7d9d42303849d6d6a337

Download Submit
C:\Windows\system\jetvJMv.exe

Filesize
6.0MB

MD5
18f54159ccd6fe9dd1309ba71b1b01af

SHA1
54b9d395a0b3ccf33d13205f319fcb154d2da12e

SHA256
c1942b3353d39742c68c1a266e6a11069572d69073056692e5b8092f7c7bce63

SHA512
2a50f9a04abb9e7fe80f13c25ba777a40de94e0a20448620cc2311d82f8f80db39201368176c84b3f0296d2ad28c4beb7fa1f1f1e45b70b4d6032c7b929d5057

Download Submit
C:\Windows\system\kxxlrNe.exe

Filesize
6.0MB

MD5
d33b88f6c90485696fe00c3c108308db

SHA1
91287faff0918a9ad433c6d4f76d9cecfbb3b84d

SHA256
74e85f6930903b636816122bdae55a4c5ca101053f4818d743a32ed895aec989

SHA512
bf9f7f95532e09f9cfe528d126ece1e4c2f04bbfdb47c5a2441ce3d8d0b6764d4c47fdb327a7ff8eb009ebe3cdab9db5dd9334c8e2a789527d5d337a91609a73

Download Submit
C:\Windows\system\oaUrMba.exe

Filesize
6.0MB

MD5
3a9a77de4a8e27a77a1ba8a5f23d9430

SHA1
163abec0fa4234cccd509f7e473a6d58de30ba7b

SHA256
7f28f34a90fae7baf90f59d093095296bd3699d962393424a77db6e6a40a5bd3

SHA512
0f99e11cf778d24b6ab3fbf8423390eb243d003a7e6554b24f558b6f2a0bf04425af460ab57ed4ec2e150527d3050ef32f790c820e65545935e5506dba637c61

Download Submit
C:\Windows\system\osCxqbk.exe

Filesize
6.0MB

MD5
32127945fe7dc6e6334a42fb64bd9079

SHA1
37148e57200de858e8407b394b3286878af24048

SHA256
210cf053599356b4c832ac34fae484530f4fa58038c1e541d9cd8128772f4006

SHA512
7f8b61262f0fe1a53ce5057d7b9eb1813ffb697615988518d4d83b3aa7090c116362e5c1debd9045e23a61147c6ecc2261f40e84a9a2756768efb9ff02c15658

Download Submit
C:\Windows\system\uoNRFgn.exe

Filesize
6.0MB

MD5
6c01165053d2dee4e66a426d1548b3f2

SHA1
03f4b2a7a13393c72b4b570801db3fe400444e75

SHA256
dc53d2b741c15746403fe5df0034e83b4f0f97a3d9f9c8af567e6f6f26da9bee

SHA512
e071b00afc7eb4f7211368630d544483256ccf22ad8991b17b74763d38c797c6e6d6425f3baaf1e21a753466e0efaef753e63c2ded317f34cb5320876c97f9de

Download Submit
C:\Windows\system\wvrDptj.exe

Filesize
6.0MB

MD5
3a44e5f5b7f481718079150756648520

SHA1
089472d782a04d4ba0ed376cc2620017cb51fbce

SHA256
30360bbbaa8120e3183eb9503294ca32e595f97e7beb79ce86187fb4ca7d4ea9

SHA512
95d26ce21abf08084dee941271805032b3184c887d695e257fc06a4d92f4e5345cfe4752dd54fe4ae73004ecb0f539ffa0fb99309a5a85b072f37b0a5384c1be

Download Submit
C:\Windows\system\xMnBBEh.exe

Filesize
6.0MB

MD5
fb88bbc43e8434f3368ee468400f6621

SHA1
befccbaa6aa1aaa28d7422032dd5dc6e711f412b

SHA256
88f825e56a87b83601e0e878464afa761476a4f12fbdd446fb0ad0172d57c574

SHA512
ab20aef6781a4a457cadb4869348b9c709132d20fcb602fb42eeebdf748384dadfe4f0fdacfef7372b974d323797eb5f2c7c7b90ae34d78670b92ba8b53e5e3b

Download Submit
C:\Windows\system\yGltwpM.exe

Filesize
6.0MB

MD5
de7305fc5616b1c322e9f9f9bbc55c9b

SHA1
4098ee4c1ae22bfd72c01ee4f5c63f048ec251c6

SHA256
f34bb9f8f373804af80ca66080a29f30e3288afbeab5fe3c79aa567b748f29c4

SHA512
f6c09a065f978c459e9c44952342fdc3a6a57b8c466c26665144802ae8755aa794225ee6a69ec99a2dc021e5437e272bfbdc3f10e10f0d723588dbc5fe062686

Download Submit
\Windows\system\BoVEirV.exe

Filesize
6.0MB

MD5
645f3a593c3788db09e874a8a9d6dc9d

SHA1
4523f6a79fadb987a99bf59378f2222d790e6dab

SHA256
d3580dfad0c255fc0ebcc4e8bc142e50ce6d3cfc5c48ff61e4c2ad03d0952824

SHA512
1f27523bb9ededdaa218c80dfe87f13dc4d89881b40cb82526a80c800f556669049afb6b19c6ea134106868a3c016c3136cd8f62de7de2a8b8ad54f0055adb1d

Download Submit
\Windows\system\RncaZhe.exe

Filesize
6.0MB

MD5
6e4762e0c18d47e5d4c4f3a42f8c371c

SHA1
9ad69a373e83fa85f62dd80142b3801a6344ead7

SHA256
14d5387653e34dead80e8f4c6202c6dd4f57a663b2dca0eda99ddf80c1a87da7

SHA512
b7ca57ced5aabe137dc60f62099001a6648beca066bf1721669a900c3eb157c737158fa47238a1940c8e8c19f4fa04be578ea023054045852793f1c958de167b

Download Submit
\Windows\system\URMkdgs.exe

Filesize
6.0MB

MD5
1f0d3093fe92fd500d28739add7b6250

SHA1
858fca554392efb8162e3b6cd6c7ea88a0d81377

SHA256
a7f3b39abb8f10001a6063a438632172c764d2ab4545ad09aab24074fd664631

SHA512
85b6df95b1fdc5b7d2d637dbd17b44e71467fe3eeae7051e750f567c0897fea5aa8faf6bb47113f3cf4d0ee34d2508eb7fc9b9aeed230ec216bee03992317557

Download Submit
\Windows\system\UblGtGO.exe

Filesize
6.0MB

MD5
5af10bb2b89114068bd9478e2cf64811

SHA1
580eaffc967268fe7bf6a81912eba996ab71ad59

SHA256
58f66187d863e6e6a7d5c05cba87496b0c7638bd461cb7722309c2f88614221b

SHA512
da518e4899f632ad929c9922755a52ac0c0c13ac916cdf889be16c2f10290fc0dd65f5f5295c0218da3b732ca28374c9339fc24c4711d3642ec41db4aabefe59

Download Submit
\Windows\system\YCIugGd.exe

Filesize
6.0MB

MD5
118b92f3ab3e43a7bb9959a74fcab481

SHA1
8cfe67ab9cc34ff40ed5995c93c36b12aa6bed26

SHA256
5b7a0447000e8f518144d7308a581e113d4843821d57dfc27075b72d0cf750ea

SHA512
a452949a1583396014ebc56536abeabcf3e771b25c62e0e84103045f3c52f8073ae0ef3cd4b6314398c1b23f5429eeda383818f766b8fe2ffdde542a3d439b8d

Download Submit
\Windows\system\YlsVxVK.exe

Filesize
6.0MB

MD5
00c65ffc9826bb37d3aa2d62c8457818

SHA1
f483d3266ecf4ac500647846b7544daab4784d73

SHA256
1b36049ee27ee16d67cec3aebe9fa036f9f60417a28e2dbd881fe43aa0de2a69

SHA512
702a41a7d58aacd1dbbfe348344b8e489ca20fbd86650ef3241bb1a092e7e885497d4851a41fe1a0680ca6100db9afeb097590aa3a65535047e976ff1e48381c

Download Submit
\Windows\system\kdWkKNG.exe

Filesize
6.0MB

MD5
23d9a3a22fc8923e8be1a4f918797907

SHA1
ebb65bb63236131427ffb7bc28f0c59bc0878186

SHA256
045a81456dd002a1040cd8ec7ed489a93cddd3d348ce5ff9c345084a5b05a058

SHA512
83d7669e2a042ff0fbb82a0122b97e59e8c1b2c958856f1eb37212e80fd5d63dc87c61b5874b2a5dff416d13252a7eb4e07f1b0d2956f879e651bd4604a5d981

Download Submit
\Windows\system\mzxhZOJ.exe

Filesize
6.0MB

MD5
d36bfbfc2be712957ce13b11cb268be5

SHA1
19cd5b086bc3ce08439b7883c20ecc33ba207db5

SHA256
2144f0b2122fabc2815bf5cfbfad706909e6ed73b88e5b8a3e5332df48b42912

SHA512
6a2338644309c7c6f24cad4524522cf8e94c623d39c2e8b11262963465bdb0e44a851cc9888916b0a9aedd1076607b38c414a42afd5219db103535512a4ef478

Download Submit
\Windows\system\tSqGgGB.exe

Filesize
6.0MB

MD5
e98fb9aba3e75f7cf459219e10b7ef0a

SHA1
c2b36ebc31e7ed83c5894d25d45d98ba39158df1

SHA256
b9c56e8aa0407b88f4341f52dd0bcd13dba6f5baa92c76bdde47075de4caeb6d

SHA512
5daf352e01c1cb956e64556c94d6eb51560f45ae1f3eaaea233ccf678c9dca6fc6d5503784bc6e0090f75acee9eeed24ca19de90442dc2df12483e5c55362453

Download Submit
\Windows\system\vLxKyBv.exe

Filesize
6.0MB

MD5
816ebf628a2e9ddce6b1fc4f731587e1

SHA1
355835d659ffa263c91a86c7e494f28ea2731105

SHA256
1eeb411d571570a2613a0ff4edc5e898b163fd6e9e81f9e006233e5a931da32d

SHA512
3d35686a54ba9bd07bc98c73e9cbb876f7b77c653dd869825febe2bd51b1c795f8351185da3b391c98ff1a136821635a0923d2703e40fd0693802f05ff1f5b04

Download Submit
memory/952-127-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/952-73-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/952-1624-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1364-100-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1364-67-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1364-1623-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1780-74-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-1447-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-52-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-87-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1988-252-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1988-1702-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2164-23-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-1402-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1444-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2332-44-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2392-102-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1758-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2392-421-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2412-61-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1622-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-47-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-7-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1403-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-59-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1441-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2708-29-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2780-337-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1734-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-96-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-51-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1377-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-16-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-42-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1445-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2924-85-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1721-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2924-217-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/3048-91-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3048-40-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-50-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3048-0-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-26-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3048-37-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3048-76-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3048-60-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3048-89-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/3048-14-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3048-21-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-88-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-292-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/3048-5-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download