cobaltstrike | 7bc0f248ade17f77e548cf648e6fa0190d902bf4e10f3ed8f21ac475ce0bf0ed

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6dc113cbb9d97d2375513d34eec35d40
SHA1

7e2fa1befb5de13581f06f52b4055d92c905b2e7
SHA256

7bc0f248ade17f77e548cf648e6fa0190d902bf4e10f3ed8f21ac475ce0bf0ed
SHA512

d1d7a606ce8fc445f64d31671c0e4218bc68eddd70139ff02db84046bde8becde3fe218765cf7a9d9b186deb1d62f0e7ff91e79ec2c256377d0407e6494615b6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122ea-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016db5-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd0-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d58-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-36.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001707c-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de4-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016edb-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-198.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-203.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-81.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017400-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/268-0-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122ea-3.dat	xmrig
behavioral1/files/0x0009000000016db5-12.dat	xmrig
behavioral1/memory/2312-15-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2224-11-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dd0-9.dat	xmrig
behavioral1/memory/268-19-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d58-26.dat	xmrig
behavioral1/files/0x0007000000016eb8-36.dat	xmrig
behavioral1/files/0x000700000001707c-47.dat	xmrig
behavioral1/files/0x0008000000016de4-54.dat	xmrig
behavioral1/files/0x0007000000016edb-56.dat	xmrig
behavioral1/memory/2664-58-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d2-69.dat	xmrig
behavioral1/memory/2968-75-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/268-106-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/memory/2572-102-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019275-126.dat	xmrig
behavioral1/files/0x0005000000019387-158.dat	xmrig
behavioral1/memory/2392-954-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2572-807-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/268-698-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/1772-605-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1544-405-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2968-242-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0005000000019465-198.dat	xmrig
behavioral1/files/0x000500000001946a-203.dat	xmrig
behavioral1/files/0x000500000001945b-193.dat	xmrig
behavioral1/files/0x0005000000019450-188.dat	xmrig
behavioral1/files/0x0005000000019446-183.dat	xmrig
behavioral1/files/0x0005000000019433-178.dat	xmrig
behavioral1/files/0x00050000000193c1-173.dat	xmrig
behavioral1/files/0x00050000000193b3-168.dat	xmrig
behavioral1/files/0x00050000000193a4-163.dat	xmrig
behavioral1/files/0x0005000000019377-153.dat	xmrig
behavioral1/files/0x0005000000019365-148.dat	xmrig
behavioral1/files/0x0005000000019319-143.dat	xmrig
behavioral1/files/0x000500000001929a-138.dat	xmrig
behavioral1/files/0x0005000000019278-133.dat	xmrig
behavioral1/files/0x0005000000019268-119.dat	xmrig
behavioral1/memory/268-115-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x000500000001926c-123.dat	xmrig
behavioral1/memory/2664-101-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-100.dat	xmrig
behavioral1/memory/2616-97-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2392-111-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2884-110-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019259-109.dat	xmrig
behavioral1/memory/268-107-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/memory/1772-93-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2644-92-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/268-91-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0005000000019217-90.dat	xmrig
behavioral1/memory/1544-84-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2756-83-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1668-82-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f6-81.dat	xmrig
behavioral1/memory/1948-71-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2884-66-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000017400-65.dat	xmrig
behavioral1/memory/268-63-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/memory/2312-62-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/268-39-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/268-32-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2224	nSBScNN.exe
2312	utZGUUJ.exe
1948	mVsZyRE.exe
1668	SGRZxOu.exe
2756	pwUlEaK.exe
2644	HtNGHgv.exe
2616	OJkuhKG.exe
2664	HQADPGa.exe
2884	NOThISt.exe
2968	nJEsJOY.exe
1544	rZFxDao.exe
1772	phsyEcW.exe
2572	doBTnee.exe
2392	fFXliVG.exe
332	DNpOlRG.exe
1816	coJLBrc.exe
952	yWYxlkc.exe
1724	akltGsS.exe
1584	gGqXHAb.exe
2964	KWtWvIp.exe
2704	ReRAmxM.exe
1460	RrmVPWp.exe
2160	hyWRZSM.exe
2124	iPHeAAw.exe
300	JStjLav.exe
448	GiLcYtP.exe
676	diOflpt.exe
836	xLbUSmj.exe
1336	oDFIWgH.exe
1708	GHRlihW.exe
2196	YHitNXJ.exe
1684	LTqMHrM.exe
988	wNYMags.exe
1560	XOOuVBe.exe
3064	KgcaJeb.exe
1548	AfxCAAI.exe
1768	zQnCrxc.exe
1932	dBPSJMU.exe
1188	vlopClH.exe
2084	HcvgvLF.exe
2216	TSPpUIe.exe
2220	KOfoHSD.exe
1572	MzFfUeb.exe
756	mraxsYv.exe
328	lGjtngG.exe
1236	ckHcYLi.exe
880	zcoHslo.exe
2872	ZfUglCu.exe
2436	LxdwxSo.exe
2876	pZInipM.exe
2596	OiVIptY.exe
2284	JnshNnq.exe
1812	PhOwiWW.exe
2432	pzbTtvV.exe
3052	vcAGSXs.exe
2672	YSPjeTD.exe
2540	dGJMXAZ.exe
284	ArDXXlh.exe
3032	CNtlPJT.exe
1412	xkuwVjN.exe
1964	FpRaQHH.exe
536	DgrbrZo.exe
1616	cOnSJnZ.exe
760	xjatxPG.exe

Loads dropped DLL 64 IoCs

pid	Process
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/268-0-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x000b0000000122ea-3.dat	upx
behavioral1/files/0x0009000000016db5-12.dat	upx
behavioral1/memory/2312-15-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2224-11-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0008000000016dd0-9.dat	upx
behavioral1/files/0x0009000000016d58-26.dat	upx
behavioral1/files/0x0007000000016eb8-36.dat	upx
behavioral1/files/0x000700000001707c-47.dat	upx
behavioral1/files/0x0008000000016de4-54.dat	upx
behavioral1/files/0x0007000000016edb-56.dat	upx
behavioral1/memory/2664-58-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x00050000000191d2-69.dat	upx
behavioral1/memory/2968-75-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2572-102-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0005000000019275-126.dat	upx
behavioral1/files/0x0005000000019387-158.dat	upx
behavioral1/memory/2392-954-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2572-807-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/1772-605-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1544-405-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2968-242-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0005000000019465-198.dat	upx
behavioral1/files/0x000500000001946a-203.dat	upx
behavioral1/files/0x000500000001945b-193.dat	upx
behavioral1/files/0x0005000000019450-188.dat	upx
behavioral1/files/0x0005000000019446-183.dat	upx
behavioral1/files/0x0005000000019433-178.dat	upx
behavioral1/files/0x00050000000193c1-173.dat	upx
behavioral1/files/0x00050000000193b3-168.dat	upx
behavioral1/files/0x00050000000193a4-163.dat	upx
behavioral1/files/0x0005000000019377-153.dat	upx
behavioral1/files/0x0005000000019365-148.dat	upx
behavioral1/files/0x0005000000019319-143.dat	upx
behavioral1/files/0x000500000001929a-138.dat	upx
behavioral1/files/0x0005000000019278-133.dat	upx
behavioral1/files/0x0005000000019268-119.dat	upx
behavioral1/files/0x000500000001926c-123.dat	upx
behavioral1/memory/2664-101-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0005000000019240-100.dat	upx
behavioral1/memory/2616-97-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2392-111-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2884-110-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0005000000019259-109.dat	upx
behavioral1/memory/1772-93-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2644-92-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0005000000019217-90.dat	upx
behavioral1/memory/1544-84-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2756-83-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1668-82-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x00050000000191f6-81.dat	upx
behavioral1/memory/1948-71-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2884-66-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0008000000017400-65.dat	upx
behavioral1/memory/2312-62-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/268-32-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2616-55-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2644-53-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2224-50-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2756-46-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/268-37-0x0000000002250000-0x00000000025A4000-memory.dmp	upx
behavioral1/memory/1668-28-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/1948-24-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2312-3484-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZHfEieS.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByNLoXG.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwJmPOY.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuVbexy.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raOaqSg.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlbsZPr.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlqrlGl.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YcQGbVL.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgoLeLE.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqjudqv.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\seShyiQ.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPWdyET.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyrLdLq.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddDqsmL.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyWYXoO.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXEjHeu.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtXyAoZ.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWEwNQq.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etVCZYZ.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phsyEcW.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnBZwqn.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKxSNFa.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxxjSqd.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KajLJKF.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgaPaum.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbJVyNN.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDYpEQX.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sapRMER.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdRoSLV.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqNFAcY.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piMehzN.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvkaTjd.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXQLoYL.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqEscBq.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpqNxhO.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZRzmcm.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzUTbHv.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODRXGCn.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgrbrZo.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSDHKhs.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOVdjpB.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUpKgLR.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbXFvZx.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfesNHN.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRMSrhu.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULMAtVa.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNIeYub.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arfGyFj.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUdHBIX.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvFVLoS.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBHlFsx.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWkFXMi.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyFPDnx.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdZpQID.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDOhLSg.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onzaIAv.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usAdQzN.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrhGszU.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckHcYLi.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eChoRYE.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnihDlx.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yansSxA.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEvZygd.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECwQRaN.exe	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 268 wrote to memory of 2224	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 268 wrote to memory of 2224	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 268 wrote to memory of 2224	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 268 wrote to memory of 2312	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 268 wrote to memory of 2312	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 268 wrote to memory of 2312	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 268 wrote to memory of 1948	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 268 wrote to memory of 1948	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 268 wrote to memory of 1948	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 268 wrote to memory of 1668	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 268 wrote to memory of 1668	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 268 wrote to memory of 1668	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 268 wrote to memory of 2616	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 268 wrote to memory of 2616	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 268 wrote to memory of 2616	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 268 wrote to memory of 2756	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 268 wrote to memory of 2756	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 268 wrote to memory of 2756	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 268 wrote to memory of 2664	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 268 wrote to memory of 2664	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 268 wrote to memory of 2664	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 268 wrote to memory of 2644	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 268 wrote to memory of 2644	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 268 wrote to memory of 2644	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 268 wrote to memory of 2884	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 268 wrote to memory of 2884	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 268 wrote to memory of 2884	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 268 wrote to memory of 2968	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 268 wrote to memory of 2968	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 268 wrote to memory of 2968	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 268 wrote to memory of 1544	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 268 wrote to memory of 1544	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 268 wrote to memory of 1544	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 268 wrote to memory of 1772	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 268 wrote to memory of 1772	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 268 wrote to memory of 1772	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 268 wrote to memory of 2572	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 268 wrote to memory of 2572	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 268 wrote to memory of 2572	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 268 wrote to memory of 2392	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 268 wrote to memory of 2392	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 268 wrote to memory of 2392	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 268 wrote to memory of 332	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 268 wrote to memory of 332	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 268 wrote to memory of 332	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 268 wrote to memory of 1816	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 268 wrote to memory of 1816	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 268 wrote to memory of 1816	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 268 wrote to memory of 952	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 268 wrote to memory of 952	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 268 wrote to memory of 952	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 268 wrote to memory of 1724	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 268 wrote to memory of 1724	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 268 wrote to memory of 1724	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 268 wrote to memory of 1584	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 268 wrote to memory of 1584	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 268 wrote to memory of 1584	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 268 wrote to memory of 2964	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 268 wrote to memory of 2964	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 268 wrote to memory of 2964	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 268 wrote to memory of 2704	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 268 wrote to memory of 2704	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 268 wrote to memory of 2704	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 268 wrote to memory of 1460	268	2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_6dc113cbb9d97d2375513d34eec35d40_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:268
- C:\Windows\System\nSBScNN.exe
  C:\Windows\System\nSBScNN.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\utZGUUJ.exe
  C:\Windows\System\utZGUUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\mVsZyRE.exe
  C:\Windows\System\mVsZyRE.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\SGRZxOu.exe
  C:\Windows\System\SGRZxOu.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\OJkuhKG.exe
  C:\Windows\System\OJkuhKG.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\pwUlEaK.exe
  C:\Windows\System\pwUlEaK.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\HQADPGa.exe
  C:\Windows\System\HQADPGa.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\HtNGHgv.exe
  C:\Windows\System\HtNGHgv.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\NOThISt.exe
  C:\Windows\System\NOThISt.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\nJEsJOY.exe
  C:\Windows\System\nJEsJOY.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\rZFxDao.exe
  C:\Windows\System\rZFxDao.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\phsyEcW.exe
  C:\Windows\System\phsyEcW.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\doBTnee.exe
  C:\Windows\System\doBTnee.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\fFXliVG.exe
  C:\Windows\System\fFXliVG.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\DNpOlRG.exe
  C:\Windows\System\DNpOlRG.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\coJLBrc.exe
  C:\Windows\System\coJLBrc.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\yWYxlkc.exe
  C:\Windows\System\yWYxlkc.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\akltGsS.exe
  C:\Windows\System\akltGsS.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\gGqXHAb.exe
  C:\Windows\System\gGqXHAb.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\KWtWvIp.exe
  C:\Windows\System\KWtWvIp.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\ReRAmxM.exe
  C:\Windows\System\ReRAmxM.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\RrmVPWp.exe
  C:\Windows\System\RrmVPWp.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\hyWRZSM.exe
  C:\Windows\System\hyWRZSM.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\iPHeAAw.exe
  C:\Windows\System\iPHeAAw.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\JStjLav.exe
  C:\Windows\System\JStjLav.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\GiLcYtP.exe
  C:\Windows\System\GiLcYtP.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\diOflpt.exe
  C:\Windows\System\diOflpt.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\xLbUSmj.exe
  C:\Windows\System\xLbUSmj.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\oDFIWgH.exe
  C:\Windows\System\oDFIWgH.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\GHRlihW.exe
  C:\Windows\System\GHRlihW.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\YHitNXJ.exe
  C:\Windows\System\YHitNXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\LTqMHrM.exe
  C:\Windows\System\LTqMHrM.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\wNYMags.exe
  C:\Windows\System\wNYMags.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\XOOuVBe.exe
  C:\Windows\System\XOOuVBe.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\KgcaJeb.exe
  C:\Windows\System\KgcaJeb.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\AfxCAAI.exe
  C:\Windows\System\AfxCAAI.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\zQnCrxc.exe
  C:\Windows\System\zQnCrxc.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\dBPSJMU.exe
  C:\Windows\System\dBPSJMU.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\vlopClH.exe
  C:\Windows\System\vlopClH.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\HcvgvLF.exe
  C:\Windows\System\HcvgvLF.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\TSPpUIe.exe
  C:\Windows\System\TSPpUIe.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\KOfoHSD.exe
  C:\Windows\System\KOfoHSD.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\MzFfUeb.exe
  C:\Windows\System\MzFfUeb.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\mraxsYv.exe
  C:\Windows\System\mraxsYv.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\lGjtngG.exe
  C:\Windows\System\lGjtngG.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\ckHcYLi.exe
  C:\Windows\System\ckHcYLi.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\zcoHslo.exe
  C:\Windows\System\zcoHslo.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\ZfUglCu.exe
  C:\Windows\System\ZfUglCu.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\LxdwxSo.exe
  C:\Windows\System\LxdwxSo.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\pZInipM.exe
  C:\Windows\System\pZInipM.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\OiVIptY.exe
  C:\Windows\System\OiVIptY.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\JnshNnq.exe
  C:\Windows\System\JnshNnq.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\PhOwiWW.exe
  C:\Windows\System\PhOwiWW.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\pzbTtvV.exe
  C:\Windows\System\pzbTtvV.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\vcAGSXs.exe
  C:\Windows\System\vcAGSXs.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\YSPjeTD.exe
  C:\Windows\System\YSPjeTD.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\dGJMXAZ.exe
  C:\Windows\System\dGJMXAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ArDXXlh.exe
  C:\Windows\System\ArDXXlh.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\CNtlPJT.exe
  C:\Windows\System\CNtlPJT.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\xkuwVjN.exe
  C:\Windows\System\xkuwVjN.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\FpRaQHH.exe
  C:\Windows\System\FpRaQHH.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\DgrbrZo.exe
  C:\Windows\System\DgrbrZo.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\cOnSJnZ.exe
  C:\Windows\System\cOnSJnZ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\xjatxPG.exe
  C:\Windows\System\xjatxPG.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\KLISQjL.exe
  C:\Windows\System\KLISQjL.exe
  2⤵
  PID:2856
- C:\Windows\System\EAvARWN.exe
  C:\Windows\System\EAvARWN.exe
  2⤵
  PID:1920
- C:\Windows\System\mocGZbR.exe
  C:\Windows\System\mocGZbR.exe
  2⤵
  PID:2192
- C:\Windows\System\vEXiHCb.exe
  C:\Windows\System\vEXiHCb.exe
  2⤵
  PID:900
- C:\Windows\System\nieomow.exe
  C:\Windows\System\nieomow.exe
  2⤵
  PID:1340
- C:\Windows\System\blkdSpq.exe
  C:\Windows\System\blkdSpq.exe
  2⤵
  PID:1096
- C:\Windows\System\Vklooys.exe
  C:\Windows\System\Vklooys.exe
  2⤵
  PID:1736
- C:\Windows\System\BxIfDVP.exe
  C:\Windows\System\BxIfDVP.exe
  2⤵
  PID:908
- C:\Windows\System\bmNcoLV.exe
  C:\Windows\System\bmNcoLV.exe
  2⤵
  PID:1820
- C:\Windows\System\avsXEvp.exe
  C:\Windows\System\avsXEvp.exe
  2⤵
  PID:2200
- C:\Windows\System\rUwTjRH.exe
  C:\Windows\System\rUwTjRH.exe
  2⤵
  PID:876
- C:\Windows\System\ETsOmkB.exe
  C:\Windows\System\ETsOmkB.exe
  2⤵
  PID:2052
- C:\Windows\System\IAlGtow.exe
  C:\Windows\System\IAlGtow.exe
  2⤵
  PID:2912
- C:\Windows\System\TcVnYyT.exe
  C:\Windows\System\TcVnYyT.exe
  2⤵
  PID:984
- C:\Windows\System\KeuAAXR.exe
  C:\Windows\System\KeuAAXR.exe
  2⤵
  PID:2076
- C:\Windows\System\zrwkcKs.exe
  C:\Windows\System\zrwkcKs.exe
  2⤵
  PID:816
- C:\Windows\System\MkuUKrv.exe
  C:\Windows\System\MkuUKrv.exe
  2⤵
  PID:1252
- C:\Windows\System\ZYVvXLi.exe
  C:\Windows\System\ZYVvXLi.exe
  2⤵
  PID:2948
- C:\Windows\System\nfmCsVq.exe
  C:\Windows\System\nfmCsVq.exe
  2⤵
  PID:1916
- C:\Windows\System\ECnwsXu.exe
  C:\Windows\System\ECnwsXu.exe
  2⤵
  PID:1364
- C:\Windows\System\qOMBmYN.exe
  C:\Windows\System\qOMBmYN.exe
  2⤵
  PID:2060
- C:\Windows\System\lVpNuSr.exe
  C:\Windows\System\lVpNuSr.exe
  2⤵
  PID:2744
- C:\Windows\System\DfqTgdZ.exe
  C:\Windows\System\DfqTgdZ.exe
  2⤵
  PID:2352
- C:\Windows\System\lxLHvKA.exe
  C:\Windows\System\lxLHvKA.exe
  2⤵
  PID:2564
- C:\Windows\System\SgzPtVy.exe
  C:\Windows\System\SgzPtVy.exe
  2⤵
  PID:1488
- C:\Windows\System\yirUkJp.exe
  C:\Windows\System\yirUkJp.exe
  2⤵
  PID:2032
- C:\Windows\System\rEGDdTN.exe
  C:\Windows\System\rEGDdTN.exe
  2⤵
  PID:1040
- C:\Windows\System\IWANeYx.exe
  C:\Windows\System\IWANeYx.exe
  2⤵
  PID:1160
- C:\Windows\System\VFOobcp.exe
  C:\Windows\System\VFOobcp.exe
  2⤵
  PID:3040
- C:\Windows\System\VXPLiPO.exe
  C:\Windows\System\VXPLiPO.exe
  2⤵
  PID:2144
- C:\Windows\System\CkWesep.exe
  C:\Windows\System\CkWesep.exe
  2⤵
  PID:2388
- C:\Windows\System\GKhhQHe.exe
  C:\Windows\System\GKhhQHe.exe
  2⤵
  PID:576
- C:\Windows\System\GtLOHWu.exe
  C:\Windows\System\GtLOHWu.exe
  2⤵
  PID:2408
- C:\Windows\System\NdtWcDv.exe
  C:\Windows\System\NdtWcDv.exe
  2⤵
  PID:2004
- C:\Windows\System\GLVtAtu.exe
  C:\Windows\System\GLVtAtu.exe
  2⤵
  PID:2068
- C:\Windows\System\QIykKnG.exe
  C:\Windows\System\QIykKnG.exe
  2⤵
  PID:888
- C:\Windows\System\WPVkLCC.exe
  C:\Windows\System\WPVkLCC.exe
  2⤵
  PID:296
- C:\Windows\System\SEnUzap.exe
  C:\Windows\System\SEnUzap.exe
  2⤵
  PID:1720
- C:\Windows\System\nSCJIjc.exe
  C:\Windows\System\nSCJIjc.exe
  2⤵
  PID:2332
- C:\Windows\System\hgvPAJn.exe
  C:\Windows\System\hgvPAJn.exe
  2⤵
  PID:2808
- C:\Windows\System\eDzrKbp.exe
  C:\Windows\System\eDzrKbp.exe
  2⤵
  PID:2636
- C:\Windows\System\manzEVo.exe
  C:\Windows\System\manzEVo.exe
  2⤵
  PID:800
- C:\Windows\System\ZwamzsF.exe
  C:\Windows\System\ZwamzsF.exe
  2⤵
  PID:3092
- C:\Windows\System\bOoFgOd.exe
  C:\Windows\System\bOoFgOd.exe
  2⤵
  PID:3112
- C:\Windows\System\wKPbhje.exe
  C:\Windows\System\wKPbhje.exe
  2⤵
  PID:3132
- C:\Windows\System\ogbBsWO.exe
  C:\Windows\System\ogbBsWO.exe
  2⤵
  PID:3152
- C:\Windows\System\JkpqrLT.exe
  C:\Windows\System\JkpqrLT.exe
  2⤵
  PID:3172
- C:\Windows\System\PkdlPIy.exe
  C:\Windows\System\PkdlPIy.exe
  2⤵
  PID:3192
- C:\Windows\System\IZjZWVI.exe
  C:\Windows\System\IZjZWVI.exe
  2⤵
  PID:3212
- C:\Windows\System\slEcUUN.exe
  C:\Windows\System\slEcUUN.exe
  2⤵
  PID:3228
- C:\Windows\System\JvRtPMx.exe
  C:\Windows\System\JvRtPMx.exe
  2⤵
  PID:3252
- C:\Windows\System\SGSEqFz.exe
  C:\Windows\System\SGSEqFz.exe
  2⤵
  PID:3272
- C:\Windows\System\uUvGxvn.exe
  C:\Windows\System\uUvGxvn.exe
  2⤵
  PID:3292
- C:\Windows\System\wYOYlCD.exe
  C:\Windows\System\wYOYlCD.exe
  2⤵
  PID:3308
- C:\Windows\System\yTGLDQH.exe
  C:\Windows\System\yTGLDQH.exe
  2⤵
  PID:3332
- C:\Windows\System\qDIHjGR.exe
  C:\Windows\System\qDIHjGR.exe
  2⤵
  PID:3352
- C:\Windows\System\IlFXDJn.exe
  C:\Windows\System\IlFXDJn.exe
  2⤵
  PID:3372
- C:\Windows\System\bdJTSjH.exe
  C:\Windows\System\bdJTSjH.exe
  2⤵
  PID:3388
- C:\Windows\System\FQJGfam.exe
  C:\Windows\System\FQJGfam.exe
  2⤵
  PID:3412
- C:\Windows\System\ZtolzXl.exe
  C:\Windows\System\ZtolzXl.exe
  2⤵
  PID:3428
- C:\Windows\System\umiUiTX.exe
  C:\Windows\System\umiUiTX.exe
  2⤵
  PID:3452
- C:\Windows\System\TZPFghu.exe
  C:\Windows\System\TZPFghu.exe
  2⤵
  PID:3472
- C:\Windows\System\hurZQex.exe
  C:\Windows\System\hurZQex.exe
  2⤵
  PID:3492
- C:\Windows\System\uwXCxCM.exe
  C:\Windows\System\uwXCxCM.exe
  2⤵
  PID:3512
- C:\Windows\System\bHDptlC.exe
  C:\Windows\System\bHDptlC.exe
  2⤵
  PID:3532
- C:\Windows\System\qqLLptM.exe
  C:\Windows\System\qqLLptM.exe
  2⤵
  PID:3552
- C:\Windows\System\KamDKfq.exe
  C:\Windows\System\KamDKfq.exe
  2⤵
  PID:3576
- C:\Windows\System\SDXtyxh.exe
  C:\Windows\System\SDXtyxh.exe
  2⤵
  PID:3596
- C:\Windows\System\IqWLSEy.exe
  C:\Windows\System\IqWLSEy.exe
  2⤵
  PID:3616
- C:\Windows\System\LDYMtvg.exe
  C:\Windows\System\LDYMtvg.exe
  2⤵
  PID:3636
- C:\Windows\System\duEIMXz.exe
  C:\Windows\System\duEIMXz.exe
  2⤵
  PID:3656
- C:\Windows\System\jBchawj.exe
  C:\Windows\System\jBchawj.exe
  2⤵
  PID:3676
- C:\Windows\System\bUDJNMD.exe
  C:\Windows\System\bUDJNMD.exe
  2⤵
  PID:3696
- C:\Windows\System\EhCPZJy.exe
  C:\Windows\System\EhCPZJy.exe
  2⤵
  PID:3716
- C:\Windows\System\TPvrcWF.exe
  C:\Windows\System\TPvrcWF.exe
  2⤵
  PID:3736
- C:\Windows\System\ifQyAgY.exe
  C:\Windows\System\ifQyAgY.exe
  2⤵
  PID:3756
- C:\Windows\System\kcSLhHG.exe
  C:\Windows\System\kcSLhHG.exe
  2⤵
  PID:3776
- C:\Windows\System\MkzLhqm.exe
  C:\Windows\System\MkzLhqm.exe
  2⤵
  PID:3796
- C:\Windows\System\vEHwrZw.exe
  C:\Windows\System\vEHwrZw.exe
  2⤵
  PID:3816
- C:\Windows\System\DWUztAD.exe
  C:\Windows\System\DWUztAD.exe
  2⤵
  PID:3836
- C:\Windows\System\McTjMJc.exe
  C:\Windows\System\McTjMJc.exe
  2⤵
  PID:3856
- C:\Windows\System\lQieajg.exe
  C:\Windows\System\lQieajg.exe
  2⤵
  PID:3876
- C:\Windows\System\uJHliZU.exe
  C:\Windows\System\uJHliZU.exe
  2⤵
  PID:3896
- C:\Windows\System\QoRxJtn.exe
  C:\Windows\System\QoRxJtn.exe
  2⤵
  PID:3916
- C:\Windows\System\OyAnIsN.exe
  C:\Windows\System\OyAnIsN.exe
  2⤵
  PID:3936
- C:\Windows\System\vcfAClZ.exe
  C:\Windows\System\vcfAClZ.exe
  2⤵
  PID:3956
- C:\Windows\System\feVYvkW.exe
  C:\Windows\System\feVYvkW.exe
  2⤵
  PID:3976
- C:\Windows\System\cNsNpyM.exe
  C:\Windows\System\cNsNpyM.exe
  2⤵
  PID:3996
- C:\Windows\System\WsokYUK.exe
  C:\Windows\System\WsokYUK.exe
  2⤵
  PID:4016
- C:\Windows\System\zOHtOlG.exe
  C:\Windows\System\zOHtOlG.exe
  2⤵
  PID:4036
- C:\Windows\System\ldMIYyT.exe
  C:\Windows\System\ldMIYyT.exe
  2⤵
  PID:4056
- C:\Windows\System\BsHNCez.exe
  C:\Windows\System\BsHNCez.exe
  2⤵
  PID:4072
- C:\Windows\System\ZicZuRu.exe
  C:\Windows\System\ZicZuRu.exe
  2⤵
  PID:2552
- C:\Windows\System\uxcIOaf.exe
  C:\Windows\System\uxcIOaf.exe
  2⤵
  PID:2100
- C:\Windows\System\iTWfgxa.exe
  C:\Windows\System\iTWfgxa.exe
  2⤵
  PID:1800
- C:\Windows\System\WkhGwhs.exe
  C:\Windows\System\WkhGwhs.exe
  2⤵
  PID:1232
- C:\Windows\System\OUdqnQu.exe
  C:\Windows\System\OUdqnQu.exe
  2⤵
  PID:1536
- C:\Windows\System\PHdLcTH.exe
  C:\Windows\System\PHdLcTH.exe
  2⤵
  PID:2080
- C:\Windows\System\mxzEWOo.exe
  C:\Windows\System\mxzEWOo.exe
  2⤵
  PID:1004
- C:\Windows\System\yGbxliY.exe
  C:\Windows\System\yGbxliY.exe
  2⤵
  PID:1248
- C:\Windows\System\dJTMyFr.exe
  C:\Windows\System\dJTMyFr.exe
  2⤵
  PID:2748
- C:\Windows\System\pmaQeEj.exe
  C:\Windows\System\pmaQeEj.exe
  2⤵
  PID:3024
- C:\Windows\System\MQrhDut.exe
  C:\Windows\System\MQrhDut.exe
  2⤵
  PID:3084
- C:\Windows\System\nonLwUc.exe
  C:\Windows\System\nonLwUc.exe
  2⤵
  PID:3104
- C:\Windows\System\XyabpGW.exe
  C:\Windows\System\XyabpGW.exe
  2⤵
  PID:3160
- C:\Windows\System\LBDjFuM.exe
  C:\Windows\System\LBDjFuM.exe
  2⤵
  PID:3200
- C:\Windows\System\LZQqUjW.exe
  C:\Windows\System\LZQqUjW.exe
  2⤵
  PID:3184
- C:\Windows\System\qjdkAwv.exe
  C:\Windows\System\qjdkAwv.exe
  2⤵
  PID:3244
- C:\Windows\System\sakGiwx.exe
  C:\Windows\System\sakGiwx.exe
  2⤵
  PID:3260
- C:\Windows\System\rVSBkIL.exe
  C:\Windows\System\rVSBkIL.exe
  2⤵
  PID:3328
- C:\Windows\System\JWFgGJf.exe
  C:\Windows\System\JWFgGJf.exe
  2⤵
  PID:3368
- C:\Windows\System\UQQcPpg.exe
  C:\Windows\System\UQQcPpg.exe
  2⤵
  PID:3396
- C:\Windows\System\HEIFzfq.exe
  C:\Windows\System\HEIFzfq.exe
  2⤵
  PID:3384
- C:\Windows\System\zwCZUlV.exe
  C:\Windows\System\zwCZUlV.exe
  2⤵
  PID:3424
- C:\Windows\System\lojnKkF.exe
  C:\Windows\System\lojnKkF.exe
  2⤵
  PID:3464
- C:\Windows\System\xXUOrnl.exe
  C:\Windows\System\xXUOrnl.exe
  2⤵
  PID:3524
- C:\Windows\System\guaQGCW.exe
  C:\Windows\System\guaQGCW.exe
  2⤵
  PID:3560
- C:\Windows\System\xqEscBq.exe
  C:\Windows\System\xqEscBq.exe
  2⤵
  PID:3604
- C:\Windows\System\iGPbkci.exe
  C:\Windows\System\iGPbkci.exe
  2⤵
  PID:3592
- C:\Windows\System\FMpbODG.exe
  C:\Windows\System\FMpbODG.exe
  2⤵
  PID:3632
- C:\Windows\System\UtcwsRt.exe
  C:\Windows\System\UtcwsRt.exe
  2⤵
  PID:3664
- C:\Windows\System\GiokbnD.exe
  C:\Windows\System\GiokbnD.exe
  2⤵
  PID:3708
- C:\Windows\System\VqVnskQ.exe
  C:\Windows\System\VqVnskQ.exe
  2⤵
  PID:3764
- C:\Windows\System\wXJMdiK.exe
  C:\Windows\System\wXJMdiK.exe
  2⤵
  PID:3804
- C:\Windows\System\KTVyjdB.exe
  C:\Windows\System\KTVyjdB.exe
  2⤵
  PID:3788
- C:\Windows\System\lguqeNO.exe
  C:\Windows\System\lguqeNO.exe
  2⤵
  PID:3832
- C:\Windows\System\EwmHYMK.exe
  C:\Windows\System\EwmHYMK.exe
  2⤵
  PID:3868
- C:\Windows\System\QUKwQHe.exe
  C:\Windows\System\QUKwQHe.exe
  2⤵
  PID:3932
- C:\Windows\System\mMpSBej.exe
  C:\Windows\System\mMpSBej.exe
  2⤵
  PID:3968
- C:\Windows\System\lgoKPBq.exe
  C:\Windows\System\lgoKPBq.exe
  2⤵
  PID:3984
- C:\Windows\System\OERBFZp.exe
  C:\Windows\System\OERBFZp.exe
  2⤵
  PID:3988
- C:\Windows\System\YgzLIYA.exe
  C:\Windows\System\YgzLIYA.exe
  2⤵
  PID:4028
- C:\Windows\System\IeXKXtS.exe
  C:\Windows\System\IeXKXtS.exe
  2⤵
  PID:4084
- C:\Windows\System\IETOrVG.exe
  C:\Windows\System\IETOrVG.exe
  2⤵
  PID:2708
- C:\Windows\System\nJnnxjj.exe
  C:\Windows\System\nJnnxjj.exe
  2⤵
  PID:2304
- C:\Windows\System\lghHiki.exe
  C:\Windows\System\lghHiki.exe
  2⤵
  PID:2924
- C:\Windows\System\akcRtNC.exe
  C:\Windows\System\akcRtNC.exe
  2⤵
  PID:1700
- C:\Windows\System\rbyTQlN.exe
  C:\Windows\System\rbyTQlN.exe
  2⤵
  PID:2916
- C:\Windows\System\DCUvcch.exe
  C:\Windows\System\DCUvcch.exe
  2⤵
  PID:2752
- C:\Windows\System\WhaPWTB.exe
  C:\Windows\System\WhaPWTB.exe
  2⤵
  PID:3100
- C:\Windows\System\ccnoSFS.exe
  C:\Windows\System\ccnoSFS.exe
  2⤵
  PID:3148
- C:\Windows\System\sDAGPqC.exe
  C:\Windows\System\sDAGPqC.exe
  2⤵
  PID:3280
- C:\Windows\System\bIPnqCc.exe
  C:\Windows\System\bIPnqCc.exe
  2⤵
  PID:3264
- C:\Windows\System\bwBJZXh.exe
  C:\Windows\System\bwBJZXh.exe
  2⤵
  PID:3324
- C:\Windows\System\BdcslzG.exe
  C:\Windows\System\BdcslzG.exe
  2⤵
  PID:3408
- C:\Windows\System\QDoNTZO.exe
  C:\Windows\System\QDoNTZO.exe
  2⤵
  PID:3448
- C:\Windows\System\dlpRviq.exe
  C:\Windows\System\dlpRviq.exe
  2⤵
  PID:3504
- C:\Windows\System\iAukTyF.exe
  C:\Windows\System\iAukTyF.exe
  2⤵
  PID:3564
- C:\Windows\System\fWByceg.exe
  C:\Windows\System\fWByceg.exe
  2⤵
  PID:3652
- C:\Windows\System\fBVlBPl.exe
  C:\Windows\System\fBVlBPl.exe
  2⤵
  PID:3692
- C:\Windows\System\BroXhSs.exe
  C:\Windows\System\BroXhSs.exe
  2⤵
  PID:3744
- C:\Windows\System\fqDINUH.exe
  C:\Windows\System\fqDINUH.exe
  2⤵
  PID:3768
- C:\Windows\System\TZhtHSk.exe
  C:\Windows\System\TZhtHSk.exe
  2⤵
  PID:3852
- C:\Windows\System\vZUqxsC.exe
  C:\Windows\System\vZUqxsC.exe
  2⤵
  PID:3908
- C:\Windows\System\fFfZEDJ.exe
  C:\Windows\System\fFfZEDJ.exe
  2⤵
  PID:3952
- C:\Windows\System\dnBreMu.exe
  C:\Windows\System\dnBreMu.exe
  2⤵
  PID:3948
- C:\Windows\System\qOHKggW.exe
  C:\Windows\System\qOHKggW.exe
  2⤵
  PID:4092
- C:\Windows\System\ltlsObF.exe
  C:\Windows\System\ltlsObF.exe
  2⤵
  PID:1376
- C:\Windows\System\sAUlNjX.exe
  C:\Windows\System\sAUlNjX.exe
  2⤵
  PID:316
- C:\Windows\System\mXaAqFJ.exe
  C:\Windows\System\mXaAqFJ.exe
  2⤵
  PID:2724
- C:\Windows\System\oPqxHVv.exe
  C:\Windows\System\oPqxHVv.exe
  2⤵
  PID:1828
- C:\Windows\System\ypiMbQj.exe
  C:\Windows\System\ypiMbQj.exe
  2⤵
  PID:3128
- C:\Windows\System\uerVmgB.exe
  C:\Windows\System\uerVmgB.exe
  2⤵
  PID:3236
- C:\Windows\System\HCqUXxU.exe
  C:\Windows\System\HCqUXxU.exe
  2⤵
  PID:3364
- C:\Windows\System\jGjbuBn.exe
  C:\Windows\System\jGjbuBn.exe
  2⤵
  PID:3528
- C:\Windows\System\BZZHFJW.exe
  C:\Windows\System\BZZHFJW.exe
  2⤵
  PID:3588
- C:\Windows\System\vMvDaAA.exe
  C:\Windows\System\vMvDaAA.exe
  2⤵
  PID:3628
- C:\Windows\System\FHpsxhB.exe
  C:\Windows\System\FHpsxhB.exe
  2⤵
  PID:4120
- C:\Windows\System\iXJbTsn.exe
  C:\Windows\System\iXJbTsn.exe
  2⤵
  PID:4140
- C:\Windows\System\wNFfzlb.exe
  C:\Windows\System\wNFfzlb.exe
  2⤵
  PID:4160
- C:\Windows\System\BtjrjRz.exe
  C:\Windows\System\BtjrjRz.exe
  2⤵
  PID:4180
- C:\Windows\System\POptEBP.exe
  C:\Windows\System\POptEBP.exe
  2⤵
  PID:4200
- C:\Windows\System\jafFlyD.exe
  C:\Windows\System\jafFlyD.exe
  2⤵
  PID:4220
- C:\Windows\System\gsgUERy.exe
  C:\Windows\System\gsgUERy.exe
  2⤵
  PID:4240
- C:\Windows\System\sZcchmE.exe
  C:\Windows\System\sZcchmE.exe
  2⤵
  PID:4260
- C:\Windows\System\awnjKHS.exe
  C:\Windows\System\awnjKHS.exe
  2⤵
  PID:4280
- C:\Windows\System\fkwvdxM.exe
  C:\Windows\System\fkwvdxM.exe
  2⤵
  PID:4300
- C:\Windows\System\vHwnnsU.exe
  C:\Windows\System\vHwnnsU.exe
  2⤵
  PID:4320
- C:\Windows\System\YZSZsWQ.exe
  C:\Windows\System\YZSZsWQ.exe
  2⤵
  PID:4340
- C:\Windows\System\OSQrEsA.exe
  C:\Windows\System\OSQrEsA.exe
  2⤵
  PID:4360
- C:\Windows\System\HHewNPN.exe
  C:\Windows\System\HHewNPN.exe
  2⤵
  PID:4380
- C:\Windows\System\FVtLQne.exe
  C:\Windows\System\FVtLQne.exe
  2⤵
  PID:4400
- C:\Windows\System\NQvGMkf.exe
  C:\Windows\System\NQvGMkf.exe
  2⤵
  PID:4420
- C:\Windows\System\gMoYvRO.exe
  C:\Windows\System\gMoYvRO.exe
  2⤵
  PID:4440
- C:\Windows\System\nkHEgWJ.exe
  C:\Windows\System\nkHEgWJ.exe
  2⤵
  PID:4460
- C:\Windows\System\cjguxAX.exe
  C:\Windows\System\cjguxAX.exe
  2⤵
  PID:4480
- C:\Windows\System\ZBzIIUB.exe
  C:\Windows\System\ZBzIIUB.exe
  2⤵
  PID:4500
- C:\Windows\System\sDQWLSI.exe
  C:\Windows\System\sDQWLSI.exe
  2⤵
  PID:4520
- C:\Windows\System\bjsmRVT.exe
  C:\Windows\System\bjsmRVT.exe
  2⤵
  PID:4540
- C:\Windows\System\SNEhsNT.exe
  C:\Windows\System\SNEhsNT.exe
  2⤵
  PID:4568
- C:\Windows\System\xjYXReN.exe
  C:\Windows\System\xjYXReN.exe
  2⤵
  PID:4588
- C:\Windows\System\CcCulpS.exe
  C:\Windows\System\CcCulpS.exe
  2⤵
  PID:4608
- C:\Windows\System\QKmiCbg.exe
  C:\Windows\System\QKmiCbg.exe
  2⤵
  PID:4628
- C:\Windows\System\jatyKjD.exe
  C:\Windows\System\jatyKjD.exe
  2⤵
  PID:4648
- C:\Windows\System\KtZDaMI.exe
  C:\Windows\System\KtZDaMI.exe
  2⤵
  PID:4668
- C:\Windows\System\fPuDqWQ.exe
  C:\Windows\System\fPuDqWQ.exe
  2⤵
  PID:4688
- C:\Windows\System\aZpXXwJ.exe
  C:\Windows\System\aZpXXwJ.exe
  2⤵
  PID:4708
- C:\Windows\System\MSwySqC.exe
  C:\Windows\System\MSwySqC.exe
  2⤵
  PID:4724
- C:\Windows\System\ACFsaHA.exe
  C:\Windows\System\ACFsaHA.exe
  2⤵
  PID:4748
- C:\Windows\System\nEPexCM.exe
  C:\Windows\System\nEPexCM.exe
  2⤵
  PID:4768
- C:\Windows\System\OasoWtO.exe
  C:\Windows\System\OasoWtO.exe
  2⤵
  PID:4788
- C:\Windows\System\uQiMBLM.exe
  C:\Windows\System\uQiMBLM.exe
  2⤵
  PID:4808
- C:\Windows\System\HcCMiVV.exe
  C:\Windows\System\HcCMiVV.exe
  2⤵
  PID:4828
- C:\Windows\System\UgUYwyw.exe
  C:\Windows\System\UgUYwyw.exe
  2⤵
  PID:4844
- C:\Windows\System\nPmFmoO.exe
  C:\Windows\System\nPmFmoO.exe
  2⤵
  PID:4868
- C:\Windows\System\uSgkJWr.exe
  C:\Windows\System\uSgkJWr.exe
  2⤵
  PID:4888
- C:\Windows\System\MiWNpfy.exe
  C:\Windows\System\MiWNpfy.exe
  2⤵
  PID:4908
- C:\Windows\System\zCXdSwO.exe
  C:\Windows\System\zCXdSwO.exe
  2⤵
  PID:4928
- C:\Windows\System\xgcPTBh.exe
  C:\Windows\System\xgcPTBh.exe
  2⤵
  PID:4948
- C:\Windows\System\shHxPxr.exe
  C:\Windows\System\shHxPxr.exe
  2⤵
  PID:4968
- C:\Windows\System\xWkmZwO.exe
  C:\Windows\System\xWkmZwO.exe
  2⤵
  PID:4988
- C:\Windows\System\yJeuQcp.exe
  C:\Windows\System\yJeuQcp.exe
  2⤵
  PID:5008
- C:\Windows\System\IRsFyFa.exe
  C:\Windows\System\IRsFyFa.exe
  2⤵
  PID:5028
- C:\Windows\System\CXZllJm.exe
  C:\Windows\System\CXZllJm.exe
  2⤵
  PID:5048
- C:\Windows\System\lxVFsbA.exe
  C:\Windows\System\lxVFsbA.exe
  2⤵
  PID:5068
- C:\Windows\System\uySPfbY.exe
  C:\Windows\System\uySPfbY.exe
  2⤵
  PID:5092
- C:\Windows\System\jEBYNga.exe
  C:\Windows\System\jEBYNga.exe
  2⤵
  PID:5112
- C:\Windows\System\scTwTwS.exe
  C:\Windows\System\scTwTwS.exe
  2⤵
  PID:3688
- C:\Windows\System\JxQjnCS.exe
  C:\Windows\System\JxQjnCS.exe
  2⤵
  PID:3812
- C:\Windows\System\KzfMGFK.exe
  C:\Windows\System\KzfMGFK.exe
  2⤵
  PID:3864
- C:\Windows\System\zygTvQR.exe
  C:\Windows\System\zygTvQR.exe
  2⤵
  PID:4088
- C:\Windows\System\nGdraFw.exe
  C:\Windows\System\nGdraFw.exe
  2⤵
  PID:2120
- C:\Windows\System\UGmHJZy.exe
  C:\Windows\System\UGmHJZy.exe
  2⤵
  PID:4068
- C:\Windows\System\xwsuSOJ.exe
  C:\Windows\System\xwsuSOJ.exe
  2⤵
  PID:2264
- C:\Windows\System\pJHCcWJ.exe
  C:\Windows\System\pJHCcWJ.exe
  2⤵
  PID:3120
- C:\Windows\System\knNbgLN.exe
  C:\Windows\System\knNbgLN.exe
  2⤵
  PID:3484
- C:\Windows\System\mkztEkS.exe
  C:\Windows\System\mkztEkS.exe
  2⤵
  PID:3520
- C:\Windows\System\lsphVTB.exe
  C:\Windows\System\lsphVTB.exe
  2⤵
  PID:3480
- C:\Windows\System\nXnYlvO.exe
  C:\Windows\System\nXnYlvO.exe
  2⤵
  PID:4108
- C:\Windows\System\YKWovSK.exe
  C:\Windows\System\YKWovSK.exe
  2⤵
  PID:4156
- C:\Windows\System\xGzfxFM.exe
  C:\Windows\System\xGzfxFM.exe
  2⤵
  PID:4212
- C:\Windows\System\PmbBVQQ.exe
  C:\Windows\System\PmbBVQQ.exe
  2⤵
  PID:4236
- C:\Windows\System\chWAmqi.exe
  C:\Windows\System\chWAmqi.exe
  2⤵
  PID:4288
- C:\Windows\System\RQEcnCx.exe
  C:\Windows\System\RQEcnCx.exe
  2⤵
  PID:4308
- C:\Windows\System\XVAAMoe.exe
  C:\Windows\System\XVAAMoe.exe
  2⤵
  PID:4312
- C:\Windows\System\OigdsOA.exe
  C:\Windows\System\OigdsOA.exe
  2⤵
  PID:4368
- C:\Windows\System\bgitmCk.exe
  C:\Windows\System\bgitmCk.exe
  2⤵
  PID:4408
- C:\Windows\System\vVGdQTd.exe
  C:\Windows\System\vVGdQTd.exe
  2⤵
  PID:4432
- C:\Windows\System\FZXrATm.exe
  C:\Windows\System\FZXrATm.exe
  2⤵
  PID:4496
- C:\Windows\System\YYQGrmv.exe
  C:\Windows\System\YYQGrmv.exe
  2⤵
  PID:4508
- C:\Windows\System\OSLkmzH.exe
  C:\Windows\System\OSLkmzH.exe
  2⤵
  PID:4532
- C:\Windows\System\uCgVrIe.exe
  C:\Windows\System\uCgVrIe.exe
  2⤵
  PID:4584
- C:\Windows\System\jhVgPZa.exe
  C:\Windows\System\jhVgPZa.exe
  2⤵
  PID:4624
- C:\Windows\System\dWvSyhE.exe
  C:\Windows\System\dWvSyhE.exe
  2⤵
  PID:4656
- C:\Windows\System\mgPPfFv.exe
  C:\Windows\System\mgPPfFv.exe
  2⤵
  PID:2652
- C:\Windows\System\GydIgJw.exe
  C:\Windows\System\GydIgJw.exe
  2⤵
  PID:4684
- C:\Windows\System\DryXlsN.exe
  C:\Windows\System\DryXlsN.exe
  2⤵
  PID:4740
- C:\Windows\System\MosNqVm.exe
  C:\Windows\System\MosNqVm.exe
  2⤵
  PID:4784
- C:\Windows\System\YPoetGS.exe
  C:\Windows\System\YPoetGS.exe
  2⤵
  PID:4804
- C:\Windows\System\DMZsizS.exe
  C:\Windows\System\DMZsizS.exe
  2⤵
  PID:4836
- C:\Windows\System\KbiuBdi.exe
  C:\Windows\System\KbiuBdi.exe
  2⤵
  PID:4860
- C:\Windows\System\LQPiOkv.exe
  C:\Windows\System\LQPiOkv.exe
  2⤵
  PID:4904
- C:\Windows\System\YjViZKA.exe
  C:\Windows\System\YjViZKA.exe
  2⤵
  PID:4916
- C:\Windows\System\UHGaOkk.exe
  C:\Windows\System\UHGaOkk.exe
  2⤵
  PID:4984
- C:\Windows\System\AEZCdgk.exe
  C:\Windows\System\AEZCdgk.exe
  2⤵
  PID:5016
- C:\Windows\System\oQvllxt.exe
  C:\Windows\System\oQvllxt.exe
  2⤵
  PID:5056
- C:\Windows\System\LyxJukj.exe
  C:\Windows\System\LyxJukj.exe
  2⤵
  PID:5040
- C:\Windows\System\yYsbkjf.exe
  C:\Windows\System\yYsbkjf.exe
  2⤵
  PID:5108
- C:\Windows\System\LuuXtRq.exe
  C:\Windows\System\LuuXtRq.exe
  2⤵
  PID:3728
- C:\Windows\System\VkRmVcC.exe
  C:\Windows\System\VkRmVcC.exe
  2⤵
  PID:3748
- C:\Windows\System\TolUJxQ.exe
  C:\Windows\System\TolUJxQ.exe
  2⤵
  PID:3924
- C:\Windows\System\aZZddTS.exe
  C:\Windows\System\aZZddTS.exe
  2⤵
  PID:4052
- C:\Windows\System\jQZInyi.exe
  C:\Windows\System\jQZInyi.exe
  2⤵
  PID:3240
- C:\Windows\System\VSOSdNJ.exe
  C:\Windows\System\VSOSdNJ.exe
  2⤵
  PID:3344
- C:\Windows\System\oJHBLlz.exe
  C:\Windows\System\oJHBLlz.exe
  2⤵
  PID:4128
- C:\Windows\System\BsLdJiG.exe
  C:\Windows\System\BsLdJiG.exe
  2⤵
  PID:3548
- C:\Windows\System\zKVVjeQ.exe
  C:\Windows\System\zKVVjeQ.exe
  2⤵
  PID:4172
- C:\Windows\System\ghFbfFj.exe
  C:\Windows\System\ghFbfFj.exe
  2⤵
  PID:4228
- C:\Windows\System\nmbXEYh.exe
  C:\Windows\System\nmbXEYh.exe
  2⤵
  PID:4332
- C:\Windows\System\WEnFXJV.exe
  C:\Windows\System\WEnFXJV.exe
  2⤵
  PID:4292
- C:\Windows\System\sywGBQF.exe
  C:\Windows\System\sywGBQF.exe
  2⤵
  PID:4356
- C:\Windows\System\TvakaGX.exe
  C:\Windows\System\TvakaGX.exe
  2⤵
  PID:4428
- C:\Windows\System\fNSuoXJ.exe
  C:\Windows\System\fNSuoXJ.exe
  2⤵
  PID:4536
- C:\Windows\System\TYbmwGT.exe
  C:\Windows\System\TYbmwGT.exe
  2⤵
  PID:2868
- C:\Windows\System\IKNXahO.exe
  C:\Windows\System\IKNXahO.exe
  2⤵
  PID:2988
- C:\Windows\System\AQVbulC.exe
  C:\Windows\System\AQVbulC.exe
  2⤵
  PID:4636
- C:\Windows\System\SEbtbSP.exe
  C:\Windows\System\SEbtbSP.exe
  2⤵
  PID:4732
- C:\Windows\System\iXBotzU.exe
  C:\Windows\System\iXBotzU.exe
  2⤵
  PID:4700
- C:\Windows\System\DlipvlU.exe
  C:\Windows\System\DlipvlU.exe
  2⤵
  PID:4796
- C:\Windows\System\NtXyAoZ.exe
  C:\Windows\System\NtXyAoZ.exe
  2⤵
  PID:4820
- C:\Windows\System\RBsiAuV.exe
  C:\Windows\System\RBsiAuV.exe
  2⤵
  PID:4936
- C:\Windows\System\JfLeDhl.exe
  C:\Windows\System\JfLeDhl.exe
  2⤵
  PID:4996
- C:\Windows\System\XhpKDKO.exe
  C:\Windows\System\XhpKDKO.exe
  2⤵
  PID:5000
- C:\Windows\System\yansSxA.exe
  C:\Windows\System\yansSxA.exe
  2⤵
  PID:5060
- C:\Windows\System\gKBWUyY.exe
  C:\Windows\System\gKBWUyY.exe
  2⤵
  PID:5104
- C:\Windows\System\uhXEaSU.exe
  C:\Windows\System\uhXEaSU.exe
  2⤵
  PID:3020
- C:\Windows\System\WyrLdLq.exe
  C:\Windows\System\WyrLdLq.exe
  2⤵
  PID:1876
- C:\Windows\System\miMtUAk.exe
  C:\Windows\System\miMtUAk.exe
  2⤵
  PID:3320
- C:\Windows\System\TgSWdWh.exe
  C:\Windows\System\TgSWdWh.exe
  2⤵
  PID:4216
- C:\Windows\System\zgECzoD.exe
  C:\Windows\System\zgECzoD.exe
  2⤵
  PID:2796
- C:\Windows\System\XBpfVSZ.exe
  C:\Windows\System\XBpfVSZ.exe
  2⤵
  PID:4316
- C:\Windows\System\mzSqExT.exe
  C:\Windows\System\mzSqExT.exe
  2⤵
  PID:4396
- C:\Windows\System\mEJlqWY.exe
  C:\Windows\System\mEJlqWY.exe
  2⤵
  PID:4472
- C:\Windows\System\tEChOrz.exe
  C:\Windows\System\tEChOrz.exe
  2⤵
  PID:4492
- C:\Windows\System\hFdmgWQ.exe
  C:\Windows\System\hFdmgWQ.exe
  2⤵
  PID:356
- C:\Windows\System\pQzPewb.exe
  C:\Windows\System\pQzPewb.exe
  2⤵
  PID:4660
- C:\Windows\System\fBHlFsx.exe
  C:\Windows\System\fBHlFsx.exe
  2⤵
  PID:5132
- C:\Windows\System\SeYymQD.exe
  C:\Windows\System\SeYymQD.exe
  2⤵
  PID:5152
- C:\Windows\System\uJBBfMJ.exe
  C:\Windows\System\uJBBfMJ.exe
  2⤵
  PID:5172
- C:\Windows\System\XbabUTC.exe
  C:\Windows\System\XbabUTC.exe
  2⤵
  PID:5192
- C:\Windows\System\XzHppjM.exe
  C:\Windows\System\XzHppjM.exe
  2⤵
  PID:5212
- C:\Windows\System\UTWwEkm.exe
  C:\Windows\System\UTWwEkm.exe
  2⤵
  PID:5232
- C:\Windows\System\jwUZTTy.exe
  C:\Windows\System\jwUZTTy.exe
  2⤵
  PID:5252
- C:\Windows\System\izOHRwP.exe
  C:\Windows\System\izOHRwP.exe
  2⤵
  PID:5272
- C:\Windows\System\HpNMIYE.exe
  C:\Windows\System\HpNMIYE.exe
  2⤵
  PID:5292
- C:\Windows\System\eYxsiOQ.exe
  C:\Windows\System\eYxsiOQ.exe
  2⤵
  PID:5312
- C:\Windows\System\vZCzpub.exe
  C:\Windows\System\vZCzpub.exe
  2⤵
  PID:5332
- C:\Windows\System\yTWUnKp.exe
  C:\Windows\System\yTWUnKp.exe
  2⤵
  PID:5352
- C:\Windows\System\KdBQmBs.exe
  C:\Windows\System\KdBQmBs.exe
  2⤵
  PID:5372
- C:\Windows\System\SJsEAny.exe
  C:\Windows\System\SJsEAny.exe
  2⤵
  PID:5392
- C:\Windows\System\KQoHnLN.exe
  C:\Windows\System\KQoHnLN.exe
  2⤵
  PID:5412
- C:\Windows\System\DPVfvnY.exe
  C:\Windows\System\DPVfvnY.exe
  2⤵
  PID:5432
- C:\Windows\System\TlEgWxc.exe
  C:\Windows\System\TlEgWxc.exe
  2⤵
  PID:5452
- C:\Windows\System\CdvvFHU.exe
  C:\Windows\System\CdvvFHU.exe
  2⤵
  PID:5472
- C:\Windows\System\qcehJkJ.exe
  C:\Windows\System\qcehJkJ.exe
  2⤵
  PID:5492
- C:\Windows\System\IweZEbP.exe
  C:\Windows\System\IweZEbP.exe
  2⤵
  PID:5512
- C:\Windows\System\ZGLXINM.exe
  C:\Windows\System\ZGLXINM.exe
  2⤵
  PID:5532
- C:\Windows\System\dKaroTb.exe
  C:\Windows\System\dKaroTb.exe
  2⤵
  PID:5552
- C:\Windows\System\pPWvplR.exe
  C:\Windows\System\pPWvplR.exe
  2⤵
  PID:5572
- C:\Windows\System\CLFcqPM.exe
  C:\Windows\System\CLFcqPM.exe
  2⤵
  PID:5592
- C:\Windows\System\pkdyDoD.exe
  C:\Windows\System\pkdyDoD.exe
  2⤵
  PID:5612
- C:\Windows\System\dVxkMpO.exe
  C:\Windows\System\dVxkMpO.exe
  2⤵
  PID:5632
- C:\Windows\System\rDgKHzj.exe
  C:\Windows\System\rDgKHzj.exe
  2⤵
  PID:5652
- C:\Windows\System\FqOEjGs.exe
  C:\Windows\System\FqOEjGs.exe
  2⤵
  PID:5672
- C:\Windows\System\QvBZlPa.exe
  C:\Windows\System\QvBZlPa.exe
  2⤵
  PID:5692
- C:\Windows\System\WqpLIPc.exe
  C:\Windows\System\WqpLIPc.exe
  2⤵
  PID:5712
- C:\Windows\System\TIxaEJK.exe
  C:\Windows\System\TIxaEJK.exe
  2⤵
  PID:5732
- C:\Windows\System\IdXaYyC.exe
  C:\Windows\System\IdXaYyC.exe
  2⤵
  PID:5752
- C:\Windows\System\BCdpcYh.exe
  C:\Windows\System\BCdpcYh.exe
  2⤵
  PID:5772
- C:\Windows\System\YZqvGXD.exe
  C:\Windows\System\YZqvGXD.exe
  2⤵
  PID:5792
- C:\Windows\System\XfhvRSn.exe
  C:\Windows\System\XfhvRSn.exe
  2⤵
  PID:5812
- C:\Windows\System\zIxdBrv.exe
  C:\Windows\System\zIxdBrv.exe
  2⤵
  PID:5832
- C:\Windows\System\HEsmobf.exe
  C:\Windows\System\HEsmobf.exe
  2⤵
  PID:5852
- C:\Windows\System\MLJwKwk.exe
  C:\Windows\System\MLJwKwk.exe
  2⤵
  PID:5872
- C:\Windows\System\qfppwQZ.exe
  C:\Windows\System\qfppwQZ.exe
  2⤵
  PID:5892
- C:\Windows\System\zsqZEaa.exe
  C:\Windows\System\zsqZEaa.exe
  2⤵
  PID:5912
- C:\Windows\System\rvAfiwe.exe
  C:\Windows\System\rvAfiwe.exe
  2⤵
  PID:5932
- C:\Windows\System\neMHItu.exe
  C:\Windows\System\neMHItu.exe
  2⤵
  PID:5952
- C:\Windows\System\IVSBRHh.exe
  C:\Windows\System\IVSBRHh.exe
  2⤵
  PID:5972
- C:\Windows\System\IwDCHtb.exe
  C:\Windows\System\IwDCHtb.exe
  2⤵
  PID:5992
- C:\Windows\System\jzgKxtk.exe
  C:\Windows\System\jzgKxtk.exe
  2⤵
  PID:6012
- C:\Windows\System\JZwtFZb.exe
  C:\Windows\System\JZwtFZb.exe
  2⤵
  PID:6032
- C:\Windows\System\LfyQPeC.exe
  C:\Windows\System\LfyQPeC.exe
  2⤵
  PID:6052
- C:\Windows\System\ltMHOOZ.exe
  C:\Windows\System\ltMHOOZ.exe
  2⤵
  PID:6072
- C:\Windows\System\hXWXHTS.exe
  C:\Windows\System\hXWXHTS.exe
  2⤵
  PID:6092
- C:\Windows\System\OFXRlNa.exe
  C:\Windows\System\OFXRlNa.exe
  2⤵
  PID:6112
- C:\Windows\System\mEvZygd.exe
  C:\Windows\System\mEvZygd.exe
  2⤵
  PID:6132
- C:\Windows\System\QmHavNL.exe
  C:\Windows\System\QmHavNL.exe
  2⤵
  PID:4744
- C:\Windows\System\BtolsOm.exe
  C:\Windows\System\BtolsOm.exe
  2⤵
  PID:4856
- C:\Windows\System\gKxsury.exe
  C:\Windows\System\gKxsury.exe
  2⤵
  PID:4920
- C:\Windows\System\iLjOyUD.exe
  C:\Windows\System\iLjOyUD.exe
  2⤵
  PID:4964
- C:\Windows\System\avwJJBK.exe
  C:\Windows\System\avwJJBK.exe
  2⤵
  PID:5044
- C:\Windows\System\kYZwFeJ.exe
  C:\Windows\System\kYZwFeJ.exe
  2⤵
  PID:3824
- C:\Windows\System\epRZMig.exe
  C:\Windows\System\epRZMig.exe
  2⤵
  PID:2620
- C:\Windows\System\MxopfJg.exe
  C:\Windows\System\MxopfJg.exe
  2⤵
  PID:2760
- C:\Windows\System\xInVzuW.exe
  C:\Windows\System\xInVzuW.exe
  2⤵
  PID:4248
- C:\Windows\System\FNMLeXp.exe
  C:\Windows\System\FNMLeXp.exe
  2⤵
  PID:4296
- C:\Windows\System\dsKfBrd.exe
  C:\Windows\System\dsKfBrd.exe
  2⤵
  PID:2792
- C:\Windows\System\LKjYvvD.exe
  C:\Windows\System\LKjYvvD.exe
  2⤵
  PID:4564
- C:\Windows\System\EjcOKah.exe
  C:\Windows\System\EjcOKah.exe
  2⤵
  PID:5148
- C:\Windows\System\tbXQoRa.exe
  C:\Windows\System\tbXQoRa.exe
  2⤵
  PID:5180
- C:\Windows\System\TwNIqTL.exe
  C:\Windows\System\TwNIqTL.exe
  2⤵
  PID:5204
- C:\Windows\System\gsMAFHa.exe
  C:\Windows\System\gsMAFHa.exe
  2⤵
  PID:5244
- C:\Windows\System\rXYQVfd.exe
  C:\Windows\System\rXYQVfd.exe
  2⤵
  PID:5264
- C:\Windows\System\TxtCaWI.exe
  C:\Windows\System\TxtCaWI.exe
  2⤵
  PID:5300
- C:\Windows\System\PLqrYEz.exe
  C:\Windows\System\PLqrYEz.exe
  2⤵
  PID:2556
- C:\Windows\System\IwZdrvO.exe
  C:\Windows\System\IwZdrvO.exe
  2⤵
  PID:5348
- C:\Windows\System\gSkgWyG.exe
  C:\Windows\System\gSkgWyG.exe
  2⤵
  PID:5380
- C:\Windows\System\najKGlW.exe
  C:\Windows\System\najKGlW.exe
  2⤵
  PID:5404
- C:\Windows\System\CiroSeV.exe
  C:\Windows\System\CiroSeV.exe
  2⤵
  PID:5448
- C:\Windows\System\GAhsRNU.exe
  C:\Windows\System\GAhsRNU.exe
  2⤵
  PID:5468
- C:\Windows\System\OzXRBiE.exe
  C:\Windows\System\OzXRBiE.exe
  2⤵
  PID:5528
- C:\Windows\System\RuoFwPg.exe
  C:\Windows\System\RuoFwPg.exe
  2⤵
  PID:5548
- C:\Windows\System\QNnPsUm.exe
  C:\Windows\System\QNnPsUm.exe
  2⤵
  PID:5580
- C:\Windows\System\XCGRodh.exe
  C:\Windows\System\XCGRodh.exe
  2⤵
  PID:5604
- C:\Windows\System\zGwePeO.exe
  C:\Windows\System\zGwePeO.exe
  2⤵
  PID:5624
- C:\Windows\System\cIUnXkH.exe
  C:\Windows\System\cIUnXkH.exe
  2⤵
  PID:5664
- C:\Windows\System\hxPaClW.exe
  C:\Windows\System\hxPaClW.exe
  2⤵
  PID:5708
- C:\Windows\System\qFfRvhA.exe
  C:\Windows\System\qFfRvhA.exe
  2⤵
  PID:5748
- C:\Windows\System\nwvnShQ.exe
  C:\Windows\System\nwvnShQ.exe
  2⤵
  PID:5780
- C:\Windows\System\KyacBpI.exe
  C:\Windows\System\KyacBpI.exe
  2⤵
  PID:5804
- C:\Windows\System\wMxKrtz.exe
  C:\Windows\System\wMxKrtz.exe
  2⤵
  PID:5848
- C:\Windows\System\lfZjKmi.exe
  C:\Windows\System\lfZjKmi.exe
  2⤵
  PID:5864
- C:\Windows\System\ExwwNGW.exe
  C:\Windows\System\ExwwNGW.exe
  2⤵
  PID:5900
- C:\Windows\System\kUHmUsU.exe
  C:\Windows\System\kUHmUsU.exe
  2⤵
  PID:5948
- C:\Windows\System\HCuRmcQ.exe
  C:\Windows\System\HCuRmcQ.exe
  2⤵
  PID:5980
- C:\Windows\System\MbsHiEQ.exe
  C:\Windows\System\MbsHiEQ.exe
  2⤵
  PID:6004
- C:\Windows\System\zBWAGXg.exe
  C:\Windows\System\zBWAGXg.exe
  2⤵
  PID:6048
- C:\Windows\System\VuaHfPf.exe
  C:\Windows\System\VuaHfPf.exe
  2⤵
  PID:6064
- C:\Windows\System\AxwzDkb.exe
  C:\Windows\System\AxwzDkb.exe
  2⤵
  PID:6104
- C:\Windows\System\GepPFwu.exe
  C:\Windows\System\GepPFwu.exe
  2⤵
  PID:2640
- C:\Windows\System\GfETdlF.exe
  C:\Windows\System\GfETdlF.exe
  2⤵
  PID:4864
- C:\Windows\System\YcHLNLI.exe
  C:\Windows\System\YcHLNLI.exe
  2⤵
  PID:4880
- C:\Windows\System\nBpaulD.exe
  C:\Windows\System\nBpaulD.exe
  2⤵
  PID:3888
- C:\Windows\System\kIummzM.exe
  C:\Windows\System\kIummzM.exe
  2⤵
  PID:308
- C:\Windows\System\DIwNXRt.exe
  C:\Windows\System\DIwNXRt.exe
  2⤵
  PID:2712
- C:\Windows\System\ruqqqWM.exe
  C:\Windows\System\ruqqqWM.exe
  2⤵
  PID:4388
- C:\Windows\System\QUeCgaQ.exe
  C:\Windows\System\QUeCgaQ.exe
  2⤵
  PID:4192
- C:\Windows\System\iqJSswG.exe
  C:\Windows\System\iqJSswG.exe
  2⤵
  PID:4452
- C:\Windows\System\XpEegkZ.exe
  C:\Windows\System\XpEegkZ.exe
  2⤵
  PID:5164
- C:\Windows\System\VnJKANo.exe
  C:\Windows\System\VnJKANo.exe
  2⤵
  PID:5184
- C:\Windows\System\XErVdxE.exe
  C:\Windows\System\XErVdxE.exe
  2⤵
  PID:2404
- C:\Windows\System\HtRjGen.exe
  C:\Windows\System\HtRjGen.exe
  2⤵
  PID:5284
- C:\Windows\System\viUEhNa.exe
  C:\Windows\System\viUEhNa.exe
  2⤵
  PID:5340
- C:\Windows\System\EZeTKJg.exe
  C:\Windows\System\EZeTKJg.exe
  2⤵
  PID:5408
- C:\Windows\System\ykxhNyf.exe
  C:\Windows\System\ykxhNyf.exe
  2⤵
  PID:5460
- C:\Windows\System\aCVmGOF.exe
  C:\Windows\System\aCVmGOF.exe
  2⤵
  PID:2008
- C:\Windows\System\EknkeCl.exe
  C:\Windows\System\EknkeCl.exe
  2⤵
  PID:5500
- C:\Windows\System\AbTmjMv.exe
  C:\Windows\System\AbTmjMv.exe
  2⤵
  PID:5564
- C:\Windows\System\gvtdRNT.exe
  C:\Windows\System\gvtdRNT.exe
  2⤵
  PID:5660
- C:\Windows\System\ErDdjPL.exe
  C:\Windows\System\ErDdjPL.exe
  2⤵
  PID:5684
- C:\Windows\System\YTaTzlv.exe
  C:\Windows\System\YTaTzlv.exe
  2⤵
  PID:5724
- C:\Windows\System\iwfcCLa.exe
  C:\Windows\System\iwfcCLa.exe
  2⤵
  PID:5764
- C:\Windows\System\gcKGqLA.exe
  C:\Windows\System\gcKGqLA.exe
  2⤵
  PID:5860
- C:\Windows\System\lGmDGkG.exe
  C:\Windows\System\lGmDGkG.exe
  2⤵
  PID:5884
- C:\Windows\System\enKpvPD.exe
  C:\Windows\System\enKpvPD.exe
  2⤵
  PID:5924
- C:\Windows\System\SWbaaun.exe
  C:\Windows\System\SWbaaun.exe
  2⤵
  PID:5944
- C:\Windows\System\lOTlXGs.exe
  C:\Windows\System\lOTlXGs.exe
  2⤵
  PID:6024
- C:\Windows\System\IpAEcWW.exe
  C:\Windows\System\IpAEcWW.exe
  2⤵
  PID:6108
- C:\Windows\System\uWPOdHe.exe
  C:\Windows\System\uWPOdHe.exe
  2⤵
  PID:4884
- C:\Windows\System\BhQFLWS.exe
  C:\Windows\System\BhQFLWS.exe
  2⤵
  PID:4944
- C:\Windows\System\CelxRHB.exe
  C:\Windows\System\CelxRHB.exe
  2⤵
  PID:4044
- C:\Windows\System\PNDMHQG.exe
  C:\Windows\System\PNDMHQG.exe
  2⤵
  PID:3316
- C:\Windows\System\GICpUam.exe
  C:\Windows\System\GICpUam.exe
  2⤵
  PID:4664
- C:\Windows\System\duRWbKs.exe
  C:\Windows\System\duRWbKs.exe
  2⤵
  PID:5168
- C:\Windows\System\EWbfNlf.exe
  C:\Windows\System\EWbfNlf.exe
  2⤵
  PID:2684
- C:\Windows\System\zbIXkbX.exe
  C:\Windows\System\zbIXkbX.exe
  2⤵
  PID:5304
- C:\Windows\System\gkooRHN.exe
  C:\Windows\System\gkooRHN.exe
  2⤵
  PID:5364
- C:\Windows\System\oLYgZvy.exe
  C:\Windows\System\oLYgZvy.exe
  2⤵
  PID:2828
- C:\Windows\System\MpxgxZq.exe
  C:\Windows\System\MpxgxZq.exe
  2⤵
  PID:2012
- C:\Windows\System\LpFgzrA.exe
  C:\Windows\System\LpFgzrA.exe
  2⤵
  PID:5608
- C:\Windows\System\nUgNFjM.exe
  C:\Windows\System\nUgNFjM.exe
  2⤵
  PID:5744
- C:\Windows\System\wBTzEOE.exe
  C:\Windows\System\wBTzEOE.exe
  2⤵
  PID:5784
- C:\Windows\System\iXOoVLE.exe
  C:\Windows\System\iXOoVLE.exe
  2⤵
  PID:5880
- C:\Windows\System\qfEcndb.exe
  C:\Windows\System\qfEcndb.exe
  2⤵
  PID:5940
- C:\Windows\System\fzoAneX.exe
  C:\Windows\System\fzoAneX.exe
  2⤵
  PID:6080
- C:\Windows\System\ZegeYuj.exe
  C:\Windows\System\ZegeYuj.exe
  2⤵
  PID:4736
- C:\Windows\System\nXMsQVr.exe
  C:\Windows\System\nXMsQVr.exe
  2⤵
  PID:6156
- C:\Windows\System\fSCiZsG.exe
  C:\Windows\System\fSCiZsG.exe
  2⤵
  PID:6176
- C:\Windows\System\aRPZkPq.exe
  C:\Windows\System\aRPZkPq.exe
  2⤵
  PID:6196
- C:\Windows\System\swPqRbz.exe
  C:\Windows\System\swPqRbz.exe
  2⤵
  PID:6216
- C:\Windows\System\BgLqCJq.exe
  C:\Windows\System\BgLqCJq.exe
  2⤵
  PID:6236
- C:\Windows\System\XOJJTbl.exe
  C:\Windows\System\XOJJTbl.exe
  2⤵
  PID:6256
- C:\Windows\System\sjDDBXq.exe
  C:\Windows\System\sjDDBXq.exe
  2⤵
  PID:6276
- C:\Windows\System\XcyOXDm.exe
  C:\Windows\System\XcyOXDm.exe
  2⤵
  PID:6296
- C:\Windows\System\EroINrN.exe
  C:\Windows\System\EroINrN.exe
  2⤵
  PID:6316
- C:\Windows\System\KRMeWvF.exe
  C:\Windows\System\KRMeWvF.exe
  2⤵
  PID:6336
- C:\Windows\System\XUcxXXL.exe
  C:\Windows\System\XUcxXXL.exe
  2⤵
  PID:6356
- C:\Windows\System\yxgARUW.exe
  C:\Windows\System\yxgARUW.exe
  2⤵
  PID:6376
- C:\Windows\System\byskHUK.exe
  C:\Windows\System\byskHUK.exe
  2⤵
  PID:6396
- C:\Windows\System\lncIAZD.exe
  C:\Windows\System\lncIAZD.exe
  2⤵
  PID:6416
- C:\Windows\System\zHSfBoB.exe
  C:\Windows\System\zHSfBoB.exe
  2⤵
  PID:6436
- C:\Windows\System\votWEVn.exe
  C:\Windows\System\votWEVn.exe
  2⤵
  PID:6456
- C:\Windows\System\ZuzmeXb.exe
  C:\Windows\System\ZuzmeXb.exe
  2⤵
  PID:6476
- C:\Windows\System\XWfbzeM.exe
  C:\Windows\System\XWfbzeM.exe
  2⤵
  PID:6496
- C:\Windows\System\hQngwlw.exe
  C:\Windows\System\hQngwlw.exe
  2⤵
  PID:6516
- C:\Windows\System\oobozWB.exe
  C:\Windows\System\oobozWB.exe
  2⤵
  PID:6536
- C:\Windows\System\egOVwNK.exe
  C:\Windows\System\egOVwNK.exe
  2⤵
  PID:6556
- C:\Windows\System\QBVBkmF.exe
  C:\Windows\System\QBVBkmF.exe
  2⤵
  PID:6580
- C:\Windows\System\OKKgmfA.exe
  C:\Windows\System\OKKgmfA.exe
  2⤵
  PID:6600
- C:\Windows\System\YAmSfIE.exe
  C:\Windows\System\YAmSfIE.exe
  2⤵
  PID:6620
- C:\Windows\System\fWiCWYy.exe
  C:\Windows\System\fWiCWYy.exe
  2⤵
  PID:6640
- C:\Windows\System\IicXjrI.exe
  C:\Windows\System\IicXjrI.exe
  2⤵
  PID:6660
- C:\Windows\System\nxeoyXW.exe
  C:\Windows\System\nxeoyXW.exe
  2⤵
  PID:6680
- C:\Windows\System\mIlYSdH.exe
  C:\Windows\System\mIlYSdH.exe
  2⤵
  PID:6700
- C:\Windows\System\fdTQpLt.exe
  C:\Windows\System\fdTQpLt.exe
  2⤵
  PID:6720
- C:\Windows\System\TMlrBTw.exe
  C:\Windows\System\TMlrBTw.exe
  2⤵
  PID:6740
- C:\Windows\System\fiEtztu.exe
  C:\Windows\System\fiEtztu.exe
  2⤵
  PID:6760
- C:\Windows\System\iboVlPC.exe
  C:\Windows\System\iboVlPC.exe
  2⤵
  PID:6780
- C:\Windows\System\hVrnVLk.exe
  C:\Windows\System\hVrnVLk.exe
  2⤵
  PID:6800
- C:\Windows\System\yDvKpaR.exe
  C:\Windows\System\yDvKpaR.exe
  2⤵
  PID:6820
- C:\Windows\System\wOXihsP.exe
  C:\Windows\System\wOXihsP.exe
  2⤵
  PID:6840
- C:\Windows\System\cQzoKZe.exe
  C:\Windows\System\cQzoKZe.exe
  2⤵
  PID:6860
- C:\Windows\System\RgwSMgH.exe
  C:\Windows\System\RgwSMgH.exe
  2⤵
  PID:6880
- C:\Windows\System\XKklLAo.exe
  C:\Windows\System\XKklLAo.exe
  2⤵
  PID:6900
- C:\Windows\System\miIDEVc.exe
  C:\Windows\System\miIDEVc.exe
  2⤵
  PID:6920
- C:\Windows\System\bLooWWW.exe
  C:\Windows\System\bLooWWW.exe
  2⤵
  PID:6940
- C:\Windows\System\OISbrDE.exe
  C:\Windows\System\OISbrDE.exe
  2⤵
  PID:6960
- C:\Windows\System\BXQvLdp.exe
  C:\Windows\System\BXQvLdp.exe
  2⤵
  PID:6980
- C:\Windows\System\OXRWsnY.exe
  C:\Windows\System\OXRWsnY.exe
  2⤵
  PID:7000
- C:\Windows\System\TyrtjVh.exe
  C:\Windows\System\TyrtjVh.exe
  2⤵
  PID:7020
- C:\Windows\System\MOyGtHD.exe
  C:\Windows\System\MOyGtHD.exe
  2⤵
  PID:7040
- C:\Windows\System\hhxLmlj.exe
  C:\Windows\System\hhxLmlj.exe
  2⤵
  PID:7060
- C:\Windows\System\JPmmMks.exe
  C:\Windows\System\JPmmMks.exe
  2⤵
  PID:7080
- C:\Windows\System\QxVEiqx.exe
  C:\Windows\System\QxVEiqx.exe
  2⤵
  PID:7100
- C:\Windows\System\VRaFwjd.exe
  C:\Windows\System\VRaFwjd.exe
  2⤵
  PID:7120
- C:\Windows\System\JpTPqcC.exe
  C:\Windows\System\JpTPqcC.exe
  2⤵
  PID:7140
- C:\Windows\System\FiWNkTa.exe
  C:\Windows\System\FiWNkTa.exe
  2⤵
  PID:7160
- C:\Windows\System\jXbabXb.exe
  C:\Windows\System\jXbabXb.exe
  2⤵
  PID:4168
- C:\Windows\System\ZfuPWjJ.exe
  C:\Windows\System\ZfuPWjJ.exe
  2⤵
  PID:4596
- C:\Windows\System\dmlGioD.exe
  C:\Windows\System\dmlGioD.exe
  2⤵
  PID:5200
- C:\Windows\System\smQmCay.exe
  C:\Windows\System\smQmCay.exe
  2⤵
  PID:5248
- C:\Windows\System\cxgeDNk.exe
  C:\Windows\System\cxgeDNk.exe
  2⤵
  PID:1796
- C:\Windows\System\UUjIZAa.exe
  C:\Windows\System\UUjIZAa.exe
  2⤵
  PID:5648
- C:\Windows\System\IcweGqW.exe
  C:\Windows\System\IcweGqW.exe
  2⤵
  PID:5700
- C:\Windows\System\FnqvmNx.exe
  C:\Windows\System\FnqvmNx.exe
  2⤵
  PID:5824
- C:\Windows\System\nlrmCKg.exe
  C:\Windows\System\nlrmCKg.exe
  2⤵
  PID:5928
- C:\Windows\System\ygGNuWP.exe
  C:\Windows\System\ygGNuWP.exe
  2⤵
  PID:4776
- C:\Windows\System\WqkKjHm.exe
  C:\Windows\System\WqkKjHm.exe
  2⤵
  PID:6148
- C:\Windows\System\XGsCtCA.exe
  C:\Windows\System\XGsCtCA.exe
  2⤵
  PID:6212
- C:\Windows\System\YZOMOyp.exe
  C:\Windows\System\YZOMOyp.exe
  2⤵
  PID:6232
- C:\Windows\System\RrFvkGJ.exe
  C:\Windows\System\RrFvkGJ.exe
  2⤵
  PID:6264
- C:\Windows\System\gUyyHid.exe
  C:\Windows\System\gUyyHid.exe
  2⤵
  PID:6288
- C:\Windows\System\KHsBwlO.exe
  C:\Windows\System\KHsBwlO.exe
  2⤵
  PID:6328
- C:\Windows\System\tCoHSxQ.exe
  C:\Windows\System\tCoHSxQ.exe
  2⤵
  PID:6348
- C:\Windows\System\oYlzfeC.exe
  C:\Windows\System\oYlzfeC.exe
  2⤵
  PID:6404
- C:\Windows\System\oCEWxna.exe
  C:\Windows\System\oCEWxna.exe
  2⤵
  PID:6428
- C:\Windows\System\DXLCEki.exe
  C:\Windows\System\DXLCEki.exe
  2⤵
  PID:6472
- C:\Windows\System\dfcIAnD.exe
  C:\Windows\System\dfcIAnD.exe
  2⤵
  PID:6504
- C:\Windows\System\vPWsQlD.exe
  C:\Windows\System\vPWsQlD.exe
  2⤵
  PID:6528
- C:\Windows\System\eRaDHnx.exe
  C:\Windows\System\eRaDHnx.exe
  2⤵
  PID:6576
- C:\Windows\System\RWFmHSP.exe
  C:\Windows\System\RWFmHSP.exe
  2⤵
  PID:6616
- C:\Windows\System\GzZFOLp.exe
  C:\Windows\System\GzZFOLp.exe
  2⤵
  PID:6656
- C:\Windows\System\WmUnNuv.exe
  C:\Windows\System\WmUnNuv.exe
  2⤵
  PID:6688
- C:\Windows\System\KfatXFl.exe
  C:\Windows\System\KfatXFl.exe
  2⤵
  PID:6728
- C:\Windows\System\FWdMcIf.exe
  C:\Windows\System\FWdMcIf.exe
  2⤵
  PID:6712
- C:\Windows\System\UZlZuci.exe
  C:\Windows\System\UZlZuci.exe
  2⤵
  PID:6772
- C:\Windows\System\XgoLeLE.exe
  C:\Windows\System\XgoLeLE.exe
  2⤵
  PID:6796
- C:\Windows\System\zDYpEQX.exe
  C:\Windows\System\zDYpEQX.exe
  2⤵
  PID:6848
- C:\Windows\System\cNvaBHZ.exe
  C:\Windows\System\cNvaBHZ.exe
  2⤵
  PID:6868
- C:\Windows\System\HifUowj.exe
  C:\Windows\System\HifUowj.exe
  2⤵
  PID:6908
- C:\Windows\System\WbUJsvw.exe
  C:\Windows\System\WbUJsvw.exe
  2⤵
  PID:6932
- C:\Windows\System\VNoFFWQ.exe
  C:\Windows\System\VNoFFWQ.exe
  2⤵
  PID:6976
- C:\Windows\System\SdnqxUT.exe
  C:\Windows\System\SdnqxUT.exe
  2⤵
  PID:7016
- C:\Windows\System\otaGRrn.exe
  C:\Windows\System\otaGRrn.exe
  2⤵
  PID:7028
- C:\Windows\System\HKeZZCQ.exe
  C:\Windows\System\HKeZZCQ.exe
  2⤵
  PID:7076
- C:\Windows\System\oMHpbvT.exe
  C:\Windows\System\oMHpbvT.exe
  2⤵
  PID:7128
- C:\Windows\System\MlmuaQb.exe
  C:\Windows\System\MlmuaQb.exe
  2⤵
  PID:7132
- C:\Windows\System\MvJpklg.exe
  C:\Windows\System\MvJpklg.exe
  2⤵
  PID:7152
- C:\Windows\System\XyHLDze.exe
  C:\Windows\System\XyHLDze.exe
  2⤵
  PID:2056
- C:\Windows\System\raOaqSg.exe
  C:\Windows\System\raOaqSg.exe
  2⤵
  PID:5424
- C:\Windows\System\WXcwlVw.exe
  C:\Windows\System\WXcwlVw.exe
  2⤵
  PID:5668
- C:\Windows\System\PJkUyzY.exe
  C:\Windows\System\PJkUyzY.exe
  2⤵
  PID:752
- C:\Windows\System\CfTkSLn.exe
  C:\Windows\System\CfTkSLn.exe
  2⤵
  PID:5868
- C:\Windows\System\FxYxNyi.exe
  C:\Windows\System\FxYxNyi.exe
  2⤵
  PID:6128
- C:\Windows\System\oYkUyns.exe
  C:\Windows\System\oYkUyns.exe
  2⤵
  PID:6224
- C:\Windows\System\iXPgdZi.exe
  C:\Windows\System\iXPgdZi.exe
  2⤵
  PID:6268
- C:\Windows\System\iqQnYkS.exe
  C:\Windows\System\iqQnYkS.exe
  2⤵
  PID:6312
- C:\Windows\System\akxyMfA.exe
  C:\Windows\System\akxyMfA.exe
  2⤵
  PID:6308
- C:\Windows\System\aLdZNoC.exe
  C:\Windows\System\aLdZNoC.exe
  2⤵
  PID:6432
- C:\Windows\System\hNehQit.exe
  C:\Windows\System\hNehQit.exe
  2⤵
  PID:6484
- C:\Windows\System\mZavkml.exe
  C:\Windows\System\mZavkml.exe
  2⤵
  PID:6512
- C:\Windows\System\YWxVoBV.exe
  C:\Windows\System\YWxVoBV.exe
  2⤵
  PID:6608
- C:\Windows\System\nbNAvAn.exe
  C:\Windows\System\nbNAvAn.exe
  2⤵
  PID:6628
- C:\Windows\System\KcHgRYh.exe
  C:\Windows\System\KcHgRYh.exe
  2⤵
  PID:6748
- C:\Windows\System\ziOLISx.exe
  C:\Windows\System\ziOLISx.exe
  2⤵
  PID:6756
- C:\Windows\System\GpXjjFz.exe
  C:\Windows\System\GpXjjFz.exe
  2⤵
  PID:6836
- C:\Windows\System\CcdNzEe.exe
  C:\Windows\System\CcdNzEe.exe
  2⤵
  PID:6872
- C:\Windows\System\IgfEQkU.exe
  C:\Windows\System\IgfEQkU.exe
  2⤵
  PID:6936
- C:\Windows\System\raTAHKL.exe
  C:\Windows\System\raTAHKL.exe
  2⤵
  PID:6996
- C:\Windows\System\FjyxKLz.exe
  C:\Windows\System\FjyxKLz.exe
  2⤵
  PID:7096
- C:\Windows\System\IzKlzad.exe
  C:\Windows\System\IzKlzad.exe
  2⤵
  PID:7052
- C:\Windows\System\HNlhinv.exe
  C:\Windows\System\HNlhinv.exe
  2⤵
  PID:7112
- C:\Windows\System\DcbTJYT.exe
  C:\Windows\System\DcbTJYT.exe
  2⤵
  PID:1752
- C:\Windows\System\gwLHubH.exe
  C:\Windows\System\gwLHubH.exe
  2⤵
  PID:5224
- C:\Windows\System\NavHjRE.exe
  C:\Windows\System\NavHjRE.exe
  2⤵
  PID:5540
- C:\Windows\System\ImhVitd.exe
  C:\Windows\System\ImhVitd.exe
  2⤵
  PID:5728
- C:\Windows\System\FlgSCIH.exe
  C:\Windows\System\FlgSCIH.exe
  2⤵
  PID:6284
- C:\Windows\System\HROiaBS.exe
  C:\Windows\System\HROiaBS.exe
  2⤵
  PID:6252
- C:\Windows\System\wsESCFh.exe
  C:\Windows\System\wsESCFh.exe
  2⤵
  PID:6452
- C:\Windows\System\FDqMQih.exe
  C:\Windows\System\FDqMQih.exe
  2⤵
  PID:6464
- C:\Windows\System\OlXyBDl.exe
  C:\Windows\System\OlXyBDl.exe
  2⤵
  PID:6588
- C:\Windows\System\KkKsuTU.exe
  C:\Windows\System\KkKsuTU.exe
  2⤵
  PID:896
- C:\Windows\System\hePuTRa.exe
  C:\Windows\System\hePuTRa.exe
  2⤵
  PID:6816
- C:\Windows\System\QFYviZX.exe
  C:\Windows\System\QFYviZX.exe
  2⤵
  PID:6832
- C:\Windows\System\NYcOxiY.exe
  C:\Windows\System\NYcOxiY.exe
  2⤵
  PID:6916
- C:\Windows\System\oPlcAnE.exe
  C:\Windows\System\oPlcAnE.exe
  2⤵
  PID:7048
- C:\Windows\System\mVRWeKR.exe
  C:\Windows\System\mVRWeKR.exe
  2⤵
  PID:7068
- C:\Windows\System\QuJXQfj.exe
  C:\Windows\System\QuJXQfj.exe
  2⤵
  PID:5268
- C:\Windows\System\AirIfhU.exe
  C:\Windows\System\AirIfhU.exe
  2⤵
  PID:6124
- C:\Windows\System\oCsreYu.exe
  C:\Windows\System\oCsreYu.exe
  2⤵
  PID:6084
- C:\Windows\System\wAhwrlL.exe
  C:\Windows\System\wAhwrlL.exe
  2⤵
  PID:1944
- C:\Windows\System\aFCzvss.exe
  C:\Windows\System\aFCzvss.exe
  2⤵
  PID:6448
- C:\Windows\System\QNzTOqa.exe
  C:\Windows\System\QNzTOqa.exe
  2⤵
  PID:6564
- C:\Windows\System\wmXjgTS.exe
  C:\Windows\System\wmXjgTS.exe
  2⤵
  PID:6648
- C:\Windows\System\ccYAceW.exe
  C:\Windows\System\ccYAceW.exe
  2⤵
  PID:6732
- C:\Windows\System\sMQpbVp.exe
  C:\Windows\System\sMQpbVp.exe
  2⤵
  PID:6856
- C:\Windows\System\FiMXiCq.exe
  C:\Windows\System\FiMXiCq.exe
  2⤵
  PID:7116
- C:\Windows\System\nShfRiP.exe
  C:\Windows\System\nShfRiP.exe
  2⤵
  PID:5228
- C:\Windows\System\FOmpHhu.exe
  C:\Windows\System\FOmpHhu.exe
  2⤵
  PID:7176
- C:\Windows\System\GeWRHwg.exe
  C:\Windows\System\GeWRHwg.exe
  2⤵
  PID:7196
- C:\Windows\System\wXgHxuD.exe
  C:\Windows\System\wXgHxuD.exe
  2⤵
  PID:7216
- C:\Windows\System\sJpGSSf.exe
  C:\Windows\System\sJpGSSf.exe
  2⤵
  PID:7236
- C:\Windows\System\quYRZPC.exe
  C:\Windows\System\quYRZPC.exe
  2⤵
  PID:7256
- C:\Windows\System\MJtOOGN.exe
  C:\Windows\System\MJtOOGN.exe
  2⤵
  PID:7280
- C:\Windows\System\tuzNuWO.exe
  C:\Windows\System\tuzNuWO.exe
  2⤵
  PID:7300
- C:\Windows\System\KBJaUIX.exe
  C:\Windows\System\KBJaUIX.exe
  2⤵
  PID:7320
- C:\Windows\System\VmImEhI.exe
  C:\Windows\System\VmImEhI.exe
  2⤵
  PID:7340
- C:\Windows\System\xyIQeYx.exe
  C:\Windows\System\xyIQeYx.exe
  2⤵
  PID:7360
- C:\Windows\System\qkxicXc.exe
  C:\Windows\System\qkxicXc.exe
  2⤵
  PID:7380
- C:\Windows\System\KQJXThb.exe
  C:\Windows\System\KQJXThb.exe
  2⤵
  PID:7400
- C:\Windows\System\tNbqwzL.exe
  C:\Windows\System\tNbqwzL.exe
  2⤵
  PID:7420
- C:\Windows\System\RYvsGpF.exe
  C:\Windows\System\RYvsGpF.exe
  2⤵
  PID:7440
- C:\Windows\System\EetnvEt.exe
  C:\Windows\System\EetnvEt.exe
  2⤵
  PID:7456
- C:\Windows\System\rwgreWo.exe
  C:\Windows\System\rwgreWo.exe
  2⤵
  PID:7480
- C:\Windows\System\PqGGzwS.exe
  C:\Windows\System\PqGGzwS.exe
  2⤵
  PID:7496
- C:\Windows\System\xOWvdsN.exe
  C:\Windows\System\xOWvdsN.exe
  2⤵
  PID:7520
- C:\Windows\System\lHesuHP.exe
  C:\Windows\System\lHesuHP.exe
  2⤵
  PID:7540
- C:\Windows\System\ClozRCg.exe
  C:\Windows\System\ClozRCg.exe
  2⤵
  PID:7560
- C:\Windows\System\sqPrUId.exe
  C:\Windows\System\sqPrUId.exe
  2⤵
  PID:7580
- C:\Windows\System\LEVfxVn.exe
  C:\Windows\System\LEVfxVn.exe
  2⤵
  PID:7600
- C:\Windows\System\cWqkHqY.exe
  C:\Windows\System\cWqkHqY.exe
  2⤵
  PID:7620
- C:\Windows\System\MSMAbbw.exe
  C:\Windows\System\MSMAbbw.exe
  2⤵
  PID:7640
- C:\Windows\System\Yutuibl.exe
  C:\Windows\System\Yutuibl.exe
  2⤵
  PID:7660
- C:\Windows\System\yjFnsYz.exe
  C:\Windows\System\yjFnsYz.exe
  2⤵
  PID:7680
- C:\Windows\System\IkctkiT.exe
  C:\Windows\System\IkctkiT.exe
  2⤵
  PID:7700
- C:\Windows\System\pymHBIX.exe
  C:\Windows\System\pymHBIX.exe
  2⤵
  PID:7720
- C:\Windows\System\sPiyAfq.exe
  C:\Windows\System\sPiyAfq.exe
  2⤵
  PID:7740
- C:\Windows\System\bbrdSDC.exe
  C:\Windows\System\bbrdSDC.exe
  2⤵
  PID:7760
- C:\Windows\System\fRzNiXX.exe
  C:\Windows\System\fRzNiXX.exe
  2⤵
  PID:7780
- C:\Windows\System\XsmDyvm.exe
  C:\Windows\System\XsmDyvm.exe
  2⤵
  PID:7800
- C:\Windows\System\yYCvDMC.exe
  C:\Windows\System\yYCvDMC.exe
  2⤵
  PID:7820
- C:\Windows\System\Efncfgi.exe
  C:\Windows\System\Efncfgi.exe
  2⤵
  PID:7840
- C:\Windows\System\zcbFHRG.exe
  C:\Windows\System\zcbFHRG.exe
  2⤵
  PID:7860
- C:\Windows\System\HGUltre.exe
  C:\Windows\System\HGUltre.exe
  2⤵
  PID:7880
- C:\Windows\System\zwIKXWY.exe
  C:\Windows\System\zwIKXWY.exe
  2⤵
  PID:7900
- C:\Windows\System\ZdNTSCF.exe
  C:\Windows\System\ZdNTSCF.exe
  2⤵
  PID:7920
- C:\Windows\System\lRgkyWQ.exe
  C:\Windows\System\lRgkyWQ.exe
  2⤵
  PID:7936
- C:\Windows\System\riaDDAh.exe
  C:\Windows\System\riaDDAh.exe
  2⤵
  PID:7960
- C:\Windows\System\lENmYwY.exe
  C:\Windows\System\lENmYwY.exe
  2⤵
  PID:7980
- C:\Windows\System\pTLNgzV.exe
  C:\Windows\System\pTLNgzV.exe
  2⤵
  PID:8000
- C:\Windows\System\tfMDTDG.exe
  C:\Windows\System\tfMDTDG.exe
  2⤵
  PID:8020
- C:\Windows\System\djfZukz.exe
  C:\Windows\System\djfZukz.exe
  2⤵
  PID:8040
- C:\Windows\System\yGvlDKp.exe
  C:\Windows\System\yGvlDKp.exe
  2⤵
  PID:8060
- C:\Windows\System\cnYFXZE.exe
  C:\Windows\System\cnYFXZE.exe
  2⤵
  PID:8080
- C:\Windows\System\DRmkqJu.exe
  C:\Windows\System\DRmkqJu.exe
  2⤵
  PID:8096
- C:\Windows\System\Sigfesd.exe
  C:\Windows\System\Sigfesd.exe
  2⤵
  PID:8120
- C:\Windows\System\ZsNhBAt.exe
  C:\Windows\System\ZsNhBAt.exe
  2⤵
  PID:8140
- C:\Windows\System\kQoroJT.exe
  C:\Windows\System\kQoroJT.exe
  2⤵
  PID:8160
- C:\Windows\System\wPjvqKM.exe
  C:\Windows\System\wPjvqKM.exe
  2⤵
  PID:8180
- C:\Windows\System\iEepGZJ.exe
  C:\Windows\System\iEepGZJ.exe
  2⤵
  PID:2396
- C:\Windows\System\CrwPOHz.exe
  C:\Windows\System\CrwPOHz.exe
  2⤵
  PID:2768
- C:\Windows\System\aMRlJFG.exe
  C:\Windows\System\aMRlJFG.exe
  2⤵
  PID:6676
- C:\Windows\System\LhbuYeO.exe
  C:\Windows\System\LhbuYeO.exe
  2⤵
  PID:7008
- C:\Windows\System\ZyeJwvh.exe
  C:\Windows\System\ZyeJwvh.exe
  2⤵
  PID:2784
- C:\Windows\System\DQjEqCs.exe
  C:\Windows\System\DQjEqCs.exe
  2⤵
  PID:3004
- C:\Windows\System\AiyLdzk.exe
  C:\Windows\System\AiyLdzk.exe
  2⤵
  PID:2700
- C:\Windows\System\MlbsZPr.exe
  C:\Windows\System\MlbsZPr.exe
  2⤵
  PID:3036
- C:\Windows\System\INrFlqE.exe
  C:\Windows\System\INrFlqE.exe
  2⤵
  PID:7264
- C:\Windows\System\HFgqYzA.exe
  C:\Windows\System\HFgqYzA.exe
  2⤵
  PID:7248
- C:\Windows\System\MuXjRYn.exe
  C:\Windows\System\MuXjRYn.exe
  2⤵
  PID:7296
- C:\Windows\System\wFuPEwl.exe
  C:\Windows\System\wFuPEwl.exe
  2⤵
  PID:7356
- C:\Windows\System\wdZydUA.exe
  C:\Windows\System\wdZydUA.exe
  2⤵
  PID:7332
- C:\Windows\System\shrLSsG.exe
  C:\Windows\System\shrLSsG.exe
  2⤵
  PID:7408
- C:\Windows\System\cDXmdHd.exe
  C:\Windows\System\cDXmdHd.exe
  2⤵
  PID:7416
- C:\Windows\System\PxAqZxC.exe
  C:\Windows\System\PxAqZxC.exe
  2⤵
  PID:7452
- C:\Windows\System\nCcqoLc.exe
  C:\Windows\System\nCcqoLc.exe
  2⤵
  PID:7508
- C:\Windows\System\RzeEege.exe
  C:\Windows\System\RzeEege.exe
  2⤵
  PID:7548
- C:\Windows\System\ounzLQF.exe
  C:\Windows\System\ounzLQF.exe
  2⤵
  PID:7596
- C:\Windows\System\lhzuWbO.exe
  C:\Windows\System\lhzuWbO.exe
  2⤵
  PID:7608
- C:\Windows\System\bFrDJfx.exe
  C:\Windows\System\bFrDJfx.exe
  2⤵
  PID:7612
- C:\Windows\System\eFDZfty.exe
  C:\Windows\System\eFDZfty.exe
  2⤵
  PID:7652
- C:\Windows\System\VjXmVir.exe
  C:\Windows\System\VjXmVir.exe
  2⤵
  PID:7716
- C:\Windows\System\HfarDMx.exe
  C:\Windows\System\HfarDMx.exe
  2⤵
  PID:7696
- C:\Windows\System\bpRPnwJ.exe
  C:\Windows\System\bpRPnwJ.exe
  2⤵
  PID:7768
- C:\Windows\System\ZkBFRXi.exe
  C:\Windows\System\ZkBFRXi.exe
  2⤵
  PID:7808
- C:\Windows\System\sCQaRwc.exe
  C:\Windows\System\sCQaRwc.exe
  2⤵
  PID:7852
- C:\Windows\System\QaobJTs.exe
  C:\Windows\System\QaobJTs.exe
  2⤵
  PID:7916
- C:\Windows\System\IyPUbQO.exe
  C:\Windows\System\IyPUbQO.exe
  2⤵
  PID:7948
- C:\Windows\System\CDEmBuF.exe
  C:\Windows\System\CDEmBuF.exe
  2⤵
  PID:7992
- C:\Windows\System\LiwiqzB.exe
  C:\Windows\System\LiwiqzB.exe
  2⤵
  PID:7968
- C:\Windows\System\GBUKPGX.exe
  C:\Windows\System\GBUKPGX.exe
  2⤵
  PID:8068
- C:\Windows\System\JDYvsVE.exe
  C:\Windows\System\JDYvsVE.exe
  2⤵
  PID:8016
- C:\Windows\System\knGGBnl.exe
  C:\Windows\System\knGGBnl.exe
  2⤵
  PID:4560
- C:\Windows\System\GOTcscl.exe
  C:\Windows\System\GOTcscl.exe
  2⤵
  PID:8116
- C:\Windows\System\iLAGnhy.exe
  C:\Windows\System\iLAGnhy.exe
  2⤵
  PID:8128
- C:\Windows\System\rTIatZL.exe
  C:\Windows\System\rTIatZL.exe
  2⤵
  PID:8132
- C:\Windows\System\tCMyLBB.exe
  C:\Windows\System\tCMyLBB.exe
  2⤵
  PID:5524
- C:\Windows\System\MwZFaMt.exe
  C:\Windows\System\MwZFaMt.exe
  2⤵
  PID:6208
- C:\Windows\System\oFuqdki.exe
  C:\Windows\System\oFuqdki.exe
  2⤵
  PID:6612
- C:\Windows\System\YbhqyUG.exe
  C:\Windows\System\YbhqyUG.exe
  2⤵
  PID:6692
- C:\Windows\System\UugJDDk.exe
  C:\Windows\System\UugJDDk.exe
  2⤵
  PID:7184
- C:\Windows\System\TsFdHdA.exe
  C:\Windows\System\TsFdHdA.exe
  2⤵
  PID:2152
- C:\Windows\System\akBQptz.exe
  C:\Windows\System\akBQptz.exe
  2⤵
  PID:7188
- C:\Windows\System\lyPkjmQ.exe
  C:\Windows\System\lyPkjmQ.exe
  2⤵
  PID:2140
- C:\Windows\System\zhSDGQW.exe
  C:\Windows\System\zhSDGQW.exe
  2⤵
  PID:4032
- C:\Windows\System\wafRhVL.exe
  C:\Windows\System\wafRhVL.exe
  2⤵
  PID:7288
- C:\Windows\System\wcrBrke.exe
  C:\Windows\System\wcrBrke.exe
  2⤵
  PID:1328
- C:\Windows\System\QjhIlae.exe
  C:\Windows\System\QjhIlae.exe
  2⤵
  PID:7436
- C:\Windows\System\OwqMisZ.exe
  C:\Windows\System\OwqMisZ.exe
  2⤵
  PID:2036
- C:\Windows\System\RTkTaaX.exe
  C:\Windows\System\RTkTaaX.exe
  2⤵
  PID:1332
- C:\Windows\System\alrxVWQ.exe
  C:\Windows\System\alrxVWQ.exe
  2⤵
  PID:7516
- C:\Windows\System\uLaBESy.exe
  C:\Windows\System\uLaBESy.exe
  2⤵
  PID:860
- C:\Windows\System\rguhtqI.exe
  C:\Windows\System\rguhtqI.exe
  2⤵
  PID:1068
- C:\Windows\System\uLTJwGA.exe
  C:\Windows\System\uLTJwGA.exe
  2⤵
  PID:1036
- C:\Windows\System\HfvuYuF.exe
  C:\Windows\System\HfvuYuF.exe
  2⤵
  PID:7572
- C:\Windows\System\IgsGeat.exe
  C:\Windows\System\IgsGeat.exe
  2⤵
  PID:1564
- C:\Windows\System\RnsVStH.exe
  C:\Windows\System\RnsVStH.exe
  2⤵
  PID:7672
- C:\Windows\System\qIFclor.exe
  C:\Windows\System\qIFclor.exe
  2⤵
  PID:1756
- C:\Windows\System\DBZvxQX.exe
  C:\Windows\System\DBZvxQX.exe
  2⤵
  PID:2132
- C:\Windows\System\DYIuZjl.exe
  C:\Windows\System\DYIuZjl.exe
  2⤵
  PID:7736
- C:\Windows\System\TvuzLXt.exe
  C:\Windows\System\TvuzLXt.exe
  2⤵
  PID:1760
- C:\Windows\System\IKpnEeX.exe
  C:\Windows\System\IKpnEeX.exe
  2⤵
  PID:7792
- C:\Windows\System\gwZGOlh.exe
  C:\Windows\System\gwZGOlh.exe
  2⤵
  PID:1660
- C:\Windows\System\eODBUNL.exe
  C:\Windows\System\eODBUNL.exe
  2⤵
  PID:7996
- C:\Windows\System\iIwJAjZ.exe
  C:\Windows\System\iIwJAjZ.exe
  2⤵
  PID:2532
- C:\Windows\System\qnNOvyn.exe
  C:\Windows\System\qnNOvyn.exe
  2⤵
  PID:8104
- C:\Windows\System\zHoRIwX.exe
  C:\Windows\System\zHoRIwX.exe
  2⤵
  PID:6184
- C:\Windows\System\aVkEJgE.exe
  C:\Windows\System\aVkEJgE.exe
  2⤵
  PID:7972
- C:\Windows\System\lIITZOH.exe
  C:\Windows\System\lIITZOH.exe
  2⤵
  PID:8148
- C:\Windows\System\mMqMkgO.exe
  C:\Windows\System\mMqMkgO.exe
  2⤵
  PID:6912
- C:\Windows\System\ZrCFAQA.exe
  C:\Windows\System\ZrCFAQA.exe
  2⤵
  PID:2188
- C:\Windows\System\GVeeKBc.exe
  C:\Windows\System\GVeeKBc.exe
  2⤵
  PID:7224
- C:\Windows\System\tqoqaXS.exe
  C:\Windows\System\tqoqaXS.exe
  2⤵
  PID:6948
- C:\Windows\System\PdtQaiF.exe
  C:\Windows\System\PdtQaiF.exe
  2⤵
  PID:7316
- C:\Windows\System\EElMtjn.exe
  C:\Windows\System\EElMtjn.exe
  2⤵
  PID:7328
- C:\Windows\System\lUOGLEn.exe
  C:\Windows\System\lUOGLEn.exe
  2⤵
  PID:7336
- C:\Windows\System\ooLJSgb.exe
  C:\Windows\System\ooLJSgb.exe
  2⤵
  PID:7392
- C:\Windows\System\OMnPqHi.exe
  C:\Windows\System\OMnPqHi.exe
  2⤵
  PID:7528
- C:\Windows\System\Ynbfkra.exe
  C:\Windows\System\Ynbfkra.exe
  2⤵
  PID:2108
- C:\Windows\System\ZInkCHO.exe
  C:\Windows\System\ZInkCHO.exe
  2⤵
  PID:1196
- C:\Windows\System\hPBsyTl.exe
  C:\Windows\System\hPBsyTl.exe
  2⤵
  PID:1984
- C:\Windows\System\FsojxpS.exe
  C:\Windows\System\FsojxpS.exe
  2⤵
  PID:7588
- C:\Windows\System\hnAcISm.exe
  C:\Windows\System\hnAcISm.exe
  2⤵
  PID:7576
- C:\Windows\System\MIiZkVy.exe
  C:\Windows\System\MIiZkVy.exe
  2⤵
  PID:2944
- C:\Windows\System\FNCWKSG.exe
  C:\Windows\System\FNCWKSG.exe
  2⤵
  PID:7944
- C:\Windows\System\SLvItKv.exe
  C:\Windows\System\SLvItKv.exe
  2⤵
  PID:812
- C:\Windows\System\tQjFWAf.exe
  C:\Windows\System\tQjFWAf.exe
  2⤵
  PID:8052
- C:\Windows\System\JIpKXqH.exe
  C:\Windows\System\JIpKXqH.exe
  2⤵
  PID:4136
- C:\Windows\System\qzMWwRA.exe
  C:\Windows\System\qzMWwRA.exe
  2⤵
  PID:8048
- C:\Windows\System\AmZTLHU.exe
  C:\Windows\System\AmZTLHU.exe
  2⤵
  PID:5088
- C:\Windows\System\ROAIKUq.exe
  C:\Windows\System\ROAIKUq.exe
  2⤵
  PID:7244
- C:\Windows\System\ULbFbgQ.exe
  C:\Windows\System\ULbFbgQ.exe
  2⤵
  PID:1728
- C:\Windows\System\nBhVAJi.exe
  C:\Windows\System\nBhVAJi.exe
  2⤵
  PID:1940
- C:\Windows\System\djHLeLl.exe
  C:\Windows\System\djHLeLl.exe
  2⤵
  PID:7688
- C:\Windows\System\loWHYuV.exe
  C:\Windows\System\loWHYuV.exe
  2⤵
  PID:7748
- C:\Windows\System\OqOWYzA.exe
  C:\Windows\System\OqOWYzA.exe
  2⤵
  PID:7872
- C:\Windows\System\EwayNrQ.exe
  C:\Windows\System\EwayNrQ.exe
  2⤵
  PID:7388
- C:\Windows\System\LqrFYHc.exe
  C:\Windows\System\LqrFYHc.exe
  2⤵
  PID:2992
- C:\Windows\System\AjYZSuC.exe
  C:\Windows\System\AjYZSuC.exe
  2⤵
  PID:8172
- C:\Windows\System\DoKRQhw.exe
  C:\Windows\System\DoKRQhw.exe
  2⤵
  PID:6552
- C:\Windows\System\EPjsgvP.exe
  C:\Windows\System\EPjsgvP.exe
  2⤵
  PID:7448
- C:\Windows\System\GFavqFZ.exe
  C:\Windows\System\GFavqFZ.exe
  2⤵
  PID:2156
- C:\Windows\System\KjqBKra.exe
  C:\Windows\System\KjqBKra.exe
  2⤵
  PID:1156
- C:\Windows\System\ZvktXHa.exe
  C:\Windows\System\ZvktXHa.exe
  2⤵
  PID:7952
- C:\Windows\System\NNcUceF.exe
  C:\Windows\System\NNcUceF.exe
  2⤵
  PID:8112
- C:\Windows\System\MiKbJWr.exe
  C:\Windows\System\MiKbJWr.exe
  2⤵
  PID:6244
- C:\Windows\System\GjlfLRX.exe
  C:\Windows\System\GjlfLRX.exe
  2⤵
  PID:7868
- C:\Windows\System\qhweCnC.exe
  C:\Windows\System\qhweCnC.exe
  2⤵
  PID:7208
- C:\Windows\System\zviNFHI.exe
  C:\Windows\System\zviNFHI.exe
  2⤵
  PID:2776
- C:\Windows\System\wIlTlwX.exe
  C:\Windows\System\wIlTlwX.exe
  2⤵
  PID:7536
- C:\Windows\System\QyNoiWj.exe
  C:\Windows\System\QyNoiWj.exe
  2⤵
  PID:2820
- C:\Windows\System\WWCaxsS.exe
  C:\Windows\System\WWCaxsS.exe
  2⤵
  PID:7836
- C:\Windows\System\lcauyEu.exe
  C:\Windows\System\lcauyEu.exe
  2⤵
  PID:8204
- C:\Windows\System\TKHyJxf.exe
  C:\Windows\System\TKHyJxf.exe
  2⤵
  PID:8224
- C:\Windows\System\AxfzXLg.exe
  C:\Windows\System\AxfzXLg.exe
  2⤵
  PID:8244
- C:\Windows\System\FkAHKiv.exe
  C:\Windows\System\FkAHKiv.exe
  2⤵
  PID:8268
- C:\Windows\System\ARSpiwW.exe
  C:\Windows\System\ARSpiwW.exe
  2⤵
  PID:8288
- C:\Windows\System\fjPGWnS.exe
  C:\Windows\System\fjPGWnS.exe
  2⤵
  PID:8308
- C:\Windows\System\PNucloG.exe
  C:\Windows\System\PNucloG.exe
  2⤵
  PID:8328
- C:\Windows\System\yRTuGjA.exe
  C:\Windows\System\yRTuGjA.exe
  2⤵
  PID:8344
- C:\Windows\System\gvJqsuB.exe
  C:\Windows\System\gvJqsuB.exe
  2⤵
  PID:8376
- C:\Windows\System\KvtOUzL.exe
  C:\Windows\System\KvtOUzL.exe
  2⤵
  PID:8396
- C:\Windows\System\kxGSDWi.exe
  C:\Windows\System\kxGSDWi.exe
  2⤵
  PID:8412
- C:\Windows\System\PZpqVjk.exe
  C:\Windows\System\PZpqVjk.exe
  2⤵
  PID:8432
- C:\Windows\System\XATfuxy.exe
  C:\Windows\System\XATfuxy.exe
  2⤵
  PID:8448
- C:\Windows\System\UQvTfWO.exe
  C:\Windows\System\UQvTfWO.exe
  2⤵
  PID:8464
- C:\Windows\System\KyyxnEH.exe
  C:\Windows\System\KyyxnEH.exe
  2⤵
  PID:8484
- C:\Windows\System\gvEXmOG.exe
  C:\Windows\System\gvEXmOG.exe
  2⤵
  PID:8508
- C:\Windows\System\aBJnMAp.exe
  C:\Windows\System\aBJnMAp.exe
  2⤵
  PID:8524
- C:\Windows\System\UIXtBHh.exe
  C:\Windows\System\UIXtBHh.exe
  2⤵
  PID:8552
- C:\Windows\System\nlGseQv.exe
  C:\Windows\System\nlGseQv.exe
  2⤵
  PID:8568
- C:\Windows\System\YgwHfrl.exe
  C:\Windows\System\YgwHfrl.exe
  2⤵
  PID:8596
- C:\Windows\System\JzMMMuH.exe
  C:\Windows\System\JzMMMuH.exe
  2⤵
  PID:8612
- C:\Windows\System\UloNdWE.exe
  C:\Windows\System\UloNdWE.exe
  2⤵
  PID:8628
- C:\Windows\System\YecvfsD.exe
  C:\Windows\System\YecvfsD.exe
  2⤵
  PID:8660
- C:\Windows\System\ivwGkwM.exe
  C:\Windows\System\ivwGkwM.exe
  2⤵
  PID:8676
- C:\Windows\System\cSOZOwi.exe
  C:\Windows\System\cSOZOwi.exe
  2⤵
  PID:8696
- C:\Windows\System\POCUIvl.exe
  C:\Windows\System\POCUIvl.exe
  2⤵
  PID:8712
- C:\Windows\System\sapRMER.exe
  C:\Windows\System\sapRMER.exe
  2⤵
  PID:8736
- C:\Windows\System\XCwKzqe.exe
  C:\Windows\System\XCwKzqe.exe
  2⤵
  PID:8752
- C:\Windows\System\XWqdZLC.exe
  C:\Windows\System\XWqdZLC.exe
  2⤵
  PID:8772
- C:\Windows\System\okflhUp.exe
  C:\Windows\System\okflhUp.exe
  2⤵
  PID:8804
- C:\Windows\System\OodzAlk.exe
  C:\Windows\System\OodzAlk.exe
  2⤵
  PID:8820
- C:\Windows\System\YftpwcO.exe
  C:\Windows\System\YftpwcO.exe
  2⤵
  PID:8836
- C:\Windows\System\MTxVfvP.exe
  C:\Windows\System\MTxVfvP.exe
  2⤵
  PID:8852
- C:\Windows\System\EFAZDik.exe
  C:\Windows\System\EFAZDik.exe
  2⤵
  PID:8868
- C:\Windows\System\JtfylWp.exe
  C:\Windows\System\JtfylWp.exe
  2⤵
  PID:8884
- C:\Windows\System\xrqPRDC.exe
  C:\Windows\System\xrqPRDC.exe
  2⤵
  PID:8900
- C:\Windows\System\qjQWZxm.exe
  C:\Windows\System\qjQWZxm.exe
  2⤵
  PID:8916
- C:\Windows\System\vXQLoYL.exe
  C:\Windows\System\vXQLoYL.exe
  2⤵
  PID:8936
- C:\Windows\System\KaHXlsu.exe
  C:\Windows\System\KaHXlsu.exe
  2⤵
  PID:8960
- C:\Windows\System\CsAXorP.exe
  C:\Windows\System\CsAXorP.exe
  2⤵
  PID:8980
- C:\Windows\System\rtoGoMq.exe
  C:\Windows\System\rtoGoMq.exe
  2⤵
  PID:9000
- C:\Windows\System\rshKKZN.exe
  C:\Windows\System\rshKKZN.exe
  2⤵
  PID:9016
- C:\Windows\System\FqmOcyv.exe
  C:\Windows\System\FqmOcyv.exe
  2⤵
  PID:9064
- C:\Windows\System\UkhYstV.exe
  C:\Windows\System\UkhYstV.exe
  2⤵
  PID:9084
- C:\Windows\System\yRlDijo.exe
  C:\Windows\System\yRlDijo.exe
  2⤵
  PID:9100
- C:\Windows\System\fDoIzVn.exe
  C:\Windows\System\fDoIzVn.exe
  2⤵
  PID:9120
- C:\Windows\System\nxTbMUw.exe
  C:\Windows\System\nxTbMUw.exe
  2⤵
  PID:9136
- C:\Windows\System\ZjIPgKK.exe
  C:\Windows\System\ZjIPgKK.exe
  2⤵
  PID:9152
- C:\Windows\System\MFczOlR.exe
  C:\Windows\System\MFczOlR.exe
  2⤵
  PID:9168
- C:\Windows\System\qAbYsqN.exe
  C:\Windows\System\qAbYsqN.exe
  2⤵
  PID:9204
- C:\Windows\System\tKclLxi.exe
  C:\Windows\System\tKclLxi.exe
  2⤵
  PID:8012
- C:\Windows\System\yRUlmSx.exe
  C:\Windows\System\yRUlmSx.exe
  2⤵
  PID:8196
- C:\Windows\System\IjAAhtZ.exe
  C:\Windows\System\IjAAhtZ.exe
  2⤵
  PID:8256
- C:\Windows\System\PmBzFMp.exe
  C:\Windows\System\PmBzFMp.exe
  2⤵
  PID:8280
- C:\Windows\System\fPKvDNI.exe
  C:\Windows\System\fPKvDNI.exe
  2⤵
  PID:8276
- C:\Windows\System\wbqecZf.exe
  C:\Windows\System\wbqecZf.exe
  2⤵
  PID:8336
- C:\Windows\System\Gfsdvdh.exe
  C:\Windows\System\Gfsdvdh.exe
  2⤵
  PID:8372
- C:\Windows\System\IqDwzcT.exe
  C:\Windows\System\IqDwzcT.exe
  2⤵
  PID:8424
- C:\Windows\System\xhlDXrB.exe
  C:\Windows\System\xhlDXrB.exe
  2⤵
  PID:8404
- C:\Windows\System\YTLJnWm.exe
  C:\Windows\System\YTLJnWm.exe
  2⤵
  PID:8472
- C:\Windows\System\tsxzlaz.exe
  C:\Windows\System\tsxzlaz.exe
  2⤵
  PID:8540
- C:\Windows\System\gWkFXMi.exe
  C:\Windows\System\gWkFXMi.exe
  2⤵
  PID:8444
- C:\Windows\System\qdGpysZ.exe
  C:\Windows\System\qdGpysZ.exe
  2⤵
  PID:8576
- C:\Windows\System\PWZWBmY.exe
  C:\Windows\System\PWZWBmY.exe
  2⤵
  PID:8636
- C:\Windows\System\lPXJJlF.exe
  C:\Windows\System\lPXJJlF.exe
  2⤵
  PID:8668
- C:\Windows\System\ozxgBPv.exe
  C:\Windows\System\ozxgBPv.exe
  2⤵
  PID:8748
- C:\Windows\System\SJIKeyq.exe
  C:\Windows\System\SJIKeyq.exe
  2⤵
  PID:8768
- C:\Windows\System\NNbCKEW.exe
  C:\Windows\System\NNbCKEW.exe
  2⤵
  PID:8728
- C:\Windows\System\iYmFreZ.exe
  C:\Windows\System\iYmFreZ.exe
  2⤵
  PID:8812
- C:\Windows\System\fCtwGtf.exe
  C:\Windows\System\fCtwGtf.exe
  2⤵
  PID:8892
- C:\Windows\System\xwzZeOf.exe
  C:\Windows\System\xwzZeOf.exe
  2⤵
  PID:8924
- C:\Windows\System\qdelXZc.exe
  C:\Windows\System\qdelXZc.exe
  2⤵
  PID:9012
- C:\Windows\System\PwQvYAS.exe
  C:\Windows\System\PwQvYAS.exe
  2⤵
  PID:8912
- C:\Windows\System\MzoHOpB.exe
  C:\Windows\System\MzoHOpB.exe
  2⤵
  PID:8848
- C:\Windows\System\ZIwSCdx.exe
  C:\Windows\System\ZIwSCdx.exe
  2⤵
  PID:9024
- C:\Windows\System\cufisFm.exe
  C:\Windows\System\cufisFm.exe
  2⤵
  PID:9040
- C:\Windows\System\xvaiETo.exe
  C:\Windows\System\xvaiETo.exe
  2⤵
  PID:9072
- C:\Windows\System\YiGFPqU.exe
  C:\Windows\System\YiGFPqU.exe
  2⤵
  PID:9112
- C:\Windows\System\nuvRIrb.exe
  C:\Windows\System\nuvRIrb.exe
  2⤵
  PID:9092
- C:\Windows\System\sIHwAiu.exe
  C:\Windows\System\sIHwAiu.exe
  2⤵
  PID:9184
- C:\Windows\System\apHSGzl.exe
  C:\Windows\System\apHSGzl.exe
  2⤵
  PID:9164
- C:\Windows\System\QKovzEc.exe
  C:\Windows\System\QKovzEc.exe
  2⤵
  PID:9212
- C:\Windows\System\rqSsOFa.exe
  C:\Windows\System\rqSsOFa.exe
  2⤵
  PID:8304
- C:\Windows\System\tDhrAvZ.exe
  C:\Windows\System\tDhrAvZ.exe
  2⤵
  PID:8316
- C:\Windows\System\SbfIvVw.exe
  C:\Windows\System\SbfIvVw.exe
  2⤵
  PID:8320
- C:\Windows\System\axDepaJ.exe
  C:\Windows\System\axDepaJ.exe
  2⤵
  PID:8420
- C:\Windows\System\qrRxPYf.exe
  C:\Windows\System\qrRxPYf.exe
  2⤵
  PID:8480
- C:\Windows\System\UHBItGu.exe
  C:\Windows\System\UHBItGu.exe
  2⤵
  PID:8520
- C:\Windows\System\galGNSG.exe
  C:\Windows\System\galGNSG.exe
  2⤵
  PID:8584
- C:\Windows\System\GVquqIW.exe
  C:\Windows\System\GVquqIW.exe
  2⤵
  PID:8704
- C:\Windows\System\rcmTViJ.exe
  C:\Windows\System\rcmTViJ.exe
  2⤵
  PID:8780
- C:\Windows\System\cTHLemI.exe
  C:\Windows\System\cTHLemI.exe
  2⤵
  PID:8792
- C:\Windows\System\AhVvxhl.exe
  C:\Windows\System\AhVvxhl.exe
  2⤵
  PID:8832
- C:\Windows\System\SToLKcs.exe
  C:\Windows\System\SToLKcs.exe
  2⤵
  PID:9008
- C:\Windows\System\YCyBIuH.exe
  C:\Windows\System\YCyBIuH.exe
  2⤵
  PID:8876
- C:\Windows\System\GQyYCIW.exe
  C:\Windows\System\GQyYCIW.exe
  2⤵
  PID:8952
- C:\Windows\System\jujmjFw.exe
  C:\Windows\System\jujmjFw.exe
  2⤵
  PID:9076
- C:\Windows\System\SWUSdqH.exe
  C:\Windows\System\SWUSdqH.exe
  2⤵
  PID:9056
- C:\Windows\System\ZayZLwb.exe
  C:\Windows\System\ZayZLwb.exe
  2⤵
  PID:9188
- C:\Windows\System\fhrmEEp.exe
  C:\Windows\System\fhrmEEp.exe
  2⤵
  PID:8264
- C:\Windows\System\andpcNj.exe
  C:\Windows\System\andpcNj.exe
  2⤵
  PID:8352
- C:\Windows\System\wiCXBHq.exe
  C:\Windows\System\wiCXBHq.exe
  2⤵
  PID:8240
- C:\Windows\System\qOurckK.exe
  C:\Windows\System\qOurckK.exe
  2⤵
  PID:8536
- C:\Windows\System\JiffMEU.exe
  C:\Windows\System\JiffMEU.exe
  2⤵
  PID:9044
- C:\Windows\System\gDZQrla.exe
  C:\Windows\System\gDZQrla.exe
  2⤵
  PID:8652
- C:\Windows\System\ovcEBXn.exe
  C:\Windows\System\ovcEBXn.exe
  2⤵
  PID:8760
- C:\Windows\System\uZIAJKv.exe
  C:\Windows\System\uZIAJKv.exe
  2⤵
  PID:8828
- C:\Windows\System\dBXCscQ.exe
  C:\Windows\System\dBXCscQ.exe
  2⤵
  PID:8880
- C:\Windows\System\IeMTJIe.exe
  C:\Windows\System\IeMTJIe.exe
  2⤵
  PID:9052
- C:\Windows\System\SCdRDtx.exe
  C:\Windows\System\SCdRDtx.exe
  2⤵
  PID:8656
- C:\Windows\System\HEmFRLw.exe
  C:\Windows\System\HEmFRLw.exe
  2⤵
  PID:9144
- C:\Windows\System\KKxwBvU.exe
  C:\Windows\System\KKxwBvU.exe
  2⤵
  PID:8252
- C:\Windows\System\FxvwJYT.exe
  C:\Windows\System\FxvwJYT.exe
  2⤵
  PID:8504
- C:\Windows\System\nLGlIki.exe
  C:\Windows\System\nLGlIki.exe
  2⤵
  PID:8692
- C:\Windows\System\ESmpGhM.exe
  C:\Windows\System\ESmpGhM.exe
  2⤵
  PID:8724
- C:\Windows\System\xerBqpN.exe
  C:\Windows\System\xerBqpN.exe
  2⤵
  PID:8284
- C:\Windows\System\TcxMyep.exe
  C:\Windows\System\TcxMyep.exe
  2⤵
  PID:9028
- C:\Windows\System\uSYPmdX.exe
  C:\Windows\System\uSYPmdX.exe
  2⤵
  PID:8216
- C:\Windows\System\KwxQlWe.exe
  C:\Windows\System\KwxQlWe.exe
  2⤵
  PID:8456
- C:\Windows\System\NuXKmvF.exe
  C:\Windows\System\NuXKmvF.exe
  2⤵
  PID:8644
- C:\Windows\System\MRGJors.exe
  C:\Windows\System\MRGJors.exe
  2⤵
  PID:9032
- C:\Windows\System\JMmPddh.exe
  C:\Windows\System\JMmPddh.exe
  2⤵
  PID:8232
- C:\Windows\System\lfHPBeD.exe
  C:\Windows\System\lfHPBeD.exe
  2⤵
  PID:8592
- C:\Windows\System\JofAHei.exe
  C:\Windows\System\JofAHei.exe
  2⤵
  PID:9128
- C:\Windows\System\gBvbUlz.exe
  C:\Windows\System\gBvbUlz.exe
  2⤵
  PID:8236
- C:\Windows\System\UIosPqM.exe
  C:\Windows\System\UIosPqM.exe
  2⤵
  PID:9036
- C:\Windows\System\iSbxaFB.exe
  C:\Windows\System\iSbxaFB.exe
  2⤵
  PID:9224
- C:\Windows\System\SowlOID.exe
  C:\Windows\System\SowlOID.exe
  2⤵
  PID:9252
- C:\Windows\System\gDpxiko.exe
  C:\Windows\System\gDpxiko.exe
  2⤵
  PID:9272
- C:\Windows\System\nSBMFCd.exe
  C:\Windows\System\nSBMFCd.exe
  2⤵
  PID:9288
- C:\Windows\System\kQWxkrM.exe
  C:\Windows\System\kQWxkrM.exe
  2⤵
  PID:9316
- C:\Windows\System\MhWJALN.exe
  C:\Windows\System\MhWJALN.exe
  2⤵
  PID:9332
- C:\Windows\System\CAcrJXV.exe
  C:\Windows\System\CAcrJXV.exe
  2⤵
  PID:9352
- C:\Windows\System\Nasyklg.exe
  C:\Windows\System\Nasyklg.exe
  2⤵
  PID:9372
- C:\Windows\System\ltkpTLa.exe
  C:\Windows\System\ltkpTLa.exe
  2⤵
  PID:9388
- C:\Windows\System\PZnmjGW.exe
  C:\Windows\System\PZnmjGW.exe
  2⤵
  PID:9412
- C:\Windows\System\rDEdOwa.exe
  C:\Windows\System\rDEdOwa.exe
  2⤵
  PID:9428
- C:\Windows\System\wprmZnU.exe
  C:\Windows\System\wprmZnU.exe
  2⤵
  PID:9452
- C:\Windows\System\OrDLIZK.exe
  C:\Windows\System\OrDLIZK.exe
  2⤵
  PID:9472
- C:\Windows\System\suCwdZQ.exe
  C:\Windows\System\suCwdZQ.exe
  2⤵
  PID:9488
- C:\Windows\System\unJgHEf.exe
  C:\Windows\System\unJgHEf.exe
  2⤵
  PID:9512
- C:\Windows\System\gUazuVV.exe
  C:\Windows\System\gUazuVV.exe
  2⤵
  PID:9532
- C:\Windows\System\mHCtRpQ.exe
  C:\Windows\System\mHCtRpQ.exe
  2⤵
  PID:9552
- C:\Windows\System\fopTeOc.exe
  C:\Windows\System\fopTeOc.exe
  2⤵
  PID:9572
- C:\Windows\System\fluGTfD.exe
  C:\Windows\System\fluGTfD.exe
  2⤵
  PID:9596
- C:\Windows\System\eChoRYE.exe
  C:\Windows\System\eChoRYE.exe
  2⤵
  PID:9612
- C:\Windows\System\HbmAEwB.exe
  C:\Windows\System\HbmAEwB.exe
  2⤵
  PID:9632
- C:\Windows\System\GhPYfYt.exe
  C:\Windows\System\GhPYfYt.exe
  2⤵
  PID:9652
- C:\Windows\System\WxqLfwX.exe
  C:\Windows\System\WxqLfwX.exe
  2⤵
  PID:9676
- C:\Windows\System\QxrwHHu.exe
  C:\Windows\System\QxrwHHu.exe
  2⤵
  PID:9692
- C:\Windows\System\iNateIk.exe
  C:\Windows\System\iNateIk.exe
  2⤵
  PID:9708
- C:\Windows\System\YQeVqEo.exe
  C:\Windows\System\YQeVqEo.exe
  2⤵
  PID:9724
- C:\Windows\System\beFPljh.exe
  C:\Windows\System\beFPljh.exe
  2⤵
  PID:9748
- C:\Windows\System\CetPUVM.exe
  C:\Windows\System\CetPUVM.exe
  2⤵
  PID:9764
- C:\Windows\System\PiwOcSg.exe
  C:\Windows\System\PiwOcSg.exe
  2⤵
  PID:9792
- C:\Windows\System\ORXIevW.exe
  C:\Windows\System\ORXIevW.exe
  2⤵
  PID:9808
- C:\Windows\System\jeCZYkK.exe
  C:\Windows\System\jeCZYkK.exe
  2⤵
  PID:9824
- C:\Windows\System\JjHWyhO.exe
  C:\Windows\System\JjHWyhO.exe
  2⤵
  PID:9844
- C:\Windows\System\vOWmscT.exe
  C:\Windows\System\vOWmscT.exe
  2⤵
  PID:9864
- C:\Windows\System\iLOmwMs.exe
  C:\Windows\System\iLOmwMs.exe
  2⤵
  PID:9884
- C:\Windows\System\LJBwtFB.exe
  C:\Windows\System\LJBwtFB.exe
  2⤵
  PID:9900
- C:\Windows\System\miGZDWM.exe
  C:\Windows\System\miGZDWM.exe
  2⤵
  PID:9916
- C:\Windows\System\JXvdEEA.exe
  C:\Windows\System\JXvdEEA.exe
  2⤵
  PID:9932
- C:\Windows\System\EDhKGij.exe
  C:\Windows\System\EDhKGij.exe
  2⤵
  PID:9952
- C:\Windows\System\rcVykwO.exe
  C:\Windows\System\rcVykwO.exe
  2⤵
  PID:9968
- C:\Windows\System\NRNwFMU.exe
  C:\Windows\System\NRNwFMU.exe
  2⤵
  PID:9988
- C:\Windows\System\XAVuXAb.exe
  C:\Windows\System\XAVuXAb.exe
  2⤵
  PID:10004
- C:\Windows\System\SWEGxZC.exe
  C:\Windows\System\SWEGxZC.exe
  2⤵
  PID:10020
- C:\Windows\System\mVsWsQK.exe
  C:\Windows\System\mVsWsQK.exe
  2⤵
  PID:10044
- C:\Windows\System\sQGlwJm.exe
  C:\Windows\System\sQGlwJm.exe
  2⤵
  PID:10068
- C:\Windows\System\nDgjfnm.exe
  C:\Windows\System\nDgjfnm.exe
  2⤵
  PID:10084
- C:\Windows\System\KtTSmtL.exe
  C:\Windows\System\KtTSmtL.exe
  2⤵
  PID:10100
- C:\Windows\System\jiqmARe.exe
  C:\Windows\System\jiqmARe.exe
  2⤵
  PID:10116
- C:\Windows\System\ECwQRaN.exe
  C:\Windows\System\ECwQRaN.exe
  2⤵
  PID:10132
- C:\Windows\System\IMdmTtF.exe
  C:\Windows\System\IMdmTtF.exe
  2⤵
  PID:10148
- C:\Windows\System\SeJelFs.exe
  C:\Windows\System\SeJelFs.exe
  2⤵
  PID:10176
- C:\Windows\System\NBaKfKb.exe
  C:\Windows\System\NBaKfKb.exe
  2⤵
  PID:10216
- C:\Windows\System\STslAKZ.exe
  C:\Windows\System\STslAKZ.exe
  2⤵
  PID:9232
- C:\Windows\System\iAtarfC.exe
  C:\Windows\System\iAtarfC.exe
  2⤵
  PID:9280
- C:\Windows\System\tOAaAlw.exe
  C:\Windows\System\tOAaAlw.exe
  2⤵
  PID:9296
- C:\Windows\System\IyJmoTC.exe
  C:\Windows\System\IyJmoTC.exe
  2⤵
  PID:9300
- C:\Windows\System\UWdTcPF.exe
  C:\Windows\System\UWdTcPF.exe
  2⤵
  PID:9340
- C:\Windows\System\uArXaIq.exe
  C:\Windows\System\uArXaIq.exe
  2⤵
  PID:9368
- C:\Windows\System\ZyPcrtw.exe
  C:\Windows\System\ZyPcrtw.exe
  2⤵
  PID:9404
- C:\Windows\System\FWgjQmT.exe
  C:\Windows\System\FWgjQmT.exe
  2⤵
  PID:9420
- C:\Windows\System\JTBSHGP.exe
  C:\Windows\System\JTBSHGP.exe
  2⤵
  PID:9440
- C:\Windows\System\tFOwyfc.exe
  C:\Windows\System\tFOwyfc.exe
  2⤵
  PID:9496
- C:\Windows\System\XFMLocU.exe
  C:\Windows\System\XFMLocU.exe
  2⤵
  PID:9568
- C:\Windows\System\mhchkvh.exe
  C:\Windows\System\mhchkvh.exe
  2⤵
  PID:9592
- C:\Windows\System\RNNTNKR.exe
  C:\Windows\System\RNNTNKR.exe
  2⤵
  PID:9620
- C:\Windows\System\ZxbjSKF.exe
  C:\Windows\System\ZxbjSKF.exe
  2⤵
  PID:9648
- C:\Windows\System\PMtmmGf.exe
  C:\Windows\System\PMtmmGf.exe
  2⤵
  PID:9668
- C:\Windows\System\kFYFBcC.exe
  C:\Windows\System\kFYFBcC.exe
  2⤵
  PID:9732
- C:\Windows\System\PaRKWzg.exe
  C:\Windows\System\PaRKWzg.exe
  2⤵
  PID:9716
- C:\Windows\System\iTlZnhE.exe
  C:\Windows\System\iTlZnhE.exe
  2⤵
  PID:9776
- C:\Windows\System\ftTdJwP.exe
  C:\Windows\System\ftTdJwP.exe
  2⤵
  PID:9800
- C:\Windows\System\RqevKXi.exe
  C:\Windows\System\RqevKXi.exe
  2⤵
  PID:9832
- C:\Windows\System\upUQkbT.exe
  C:\Windows\System\upUQkbT.exe
  2⤵
  PID:9876
- C:\Windows\System\HQYnhRu.exe
  C:\Windows\System\HQYnhRu.exe
  2⤵
  PID:9908
- C:\Windows\System\nUMWkbk.exe
  C:\Windows\System\nUMWkbk.exe
  2⤵
  PID:10112
- C:\Windows\System\ifdkuRV.exe
  C:\Windows\System\ifdkuRV.exe
  2⤵
  PID:9944
- C:\Windows\System\bFccsJX.exe
  C:\Windows\System\bFccsJX.exe
  2⤵
  PID:9980
- C:\Windows\System\junwnIn.exe
  C:\Windows\System\junwnIn.exe
  2⤵
  PID:10128
- C:\Windows\System\paGtgmU.exe
  C:\Windows\System\paGtgmU.exe
  2⤵
  PID:9960
- C:\Windows\System\ApLsOVg.exe
  C:\Windows\System\ApLsOVg.exe
  2⤵
  PID:9860
- C:\Windows\System\NVTlDxd.exe
  C:\Windows\System\NVTlDxd.exe
  2⤵
  PID:10224
- C:\Windows\System\PCYbyLt.exe
  C:\Windows\System\PCYbyLt.exe
  2⤵
  PID:10196
- C:\Windows\System\DxDhFxi.exe
  C:\Windows\System\DxDhFxi.exe
  2⤵
  PID:9180
- C:\Windows\System\TFvWFRZ.exe
  C:\Windows\System\TFvWFRZ.exe
  2⤵
  PID:9220
- C:\Windows\System\yLVQTcB.exe
  C:\Windows\System\yLVQTcB.exe
  2⤵
  PID:9284
- C:\Windows\System\DIjVYtu.exe
  C:\Windows\System\DIjVYtu.exe
  2⤵
  PID:9400
- C:\Windows\System\UbutwEc.exe
  C:\Windows\System\UbutwEc.exe
  2⤵
  PID:9384
- C:\Windows\System\IgbgGve.exe
  C:\Windows\System\IgbgGve.exe
  2⤵
  PID:9324
- C:\Windows\System\CtJjKaF.exe
  C:\Windows\System\CtJjKaF.exe
  2⤵
  PID:9448
- C:\Windows\System\cdxsFPW.exe
  C:\Windows\System\cdxsFPW.exe
  2⤵
  PID:9540
- C:\Windows\System\vbRRIek.exe
  C:\Windows\System\vbRRIek.exe
  2⤵
  PID:9604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DNpOlRG.exe

Filesize
6.0MB

MD5
5d22703d431364325838e0d703ad787e

SHA1
909da3e39d2fff9c171c6e068b6fccde2b636988

SHA256
17b07eda7f070bb33e54048ba5a8041c61a0d34fd77cb271ef8d337cca60791c

SHA512
54d799dd6badccf2fe2c361f029fb3d4dc880bfb8d802affd21af5b6f6127650ba5b64b7a5e35592fe0df4a3aa11210c90cf2e83e7b9110f6b1782df3f96d5aa

Download Submit
C:\Windows\system\GHRlihW.exe

Filesize
6.0MB

MD5
c8bc6d2bf2730bbd084abe3aff3520d1

SHA1
80e7eebbd4beb17c6aee2a369c01b82e400f4418

SHA256
00f2e2d57adc03e01622e0a2d889665e3615cffcf03d863769298e4e2ce03e61

SHA512
cd099ceeaaa17ace933067fc4e3522fc26203c098c728c53456cfa9f8d7e6baeca9fe040174951c5474e2e37d735ac0fdf3a0e55e1f1830859a1885ac591daa8

Download Submit
C:\Windows\system\GiLcYtP.exe

Filesize
6.0MB

MD5
633891a31ce42a11f2a65a8e5231a6a2

SHA1
cb41b2026ec3195d402eaa29ae917ae835c1edde

SHA256
3466678ae69b78cb9a06becef3d87326d1dc6190f1650e9dae53f4ccfbbec90a

SHA512
539bc6f1ef988d2566864df43ab6a23b07590bc8443a5a8888aa7b4e5664d05d0fc8fa08cf9d79f35a97d479c66e68e8abc463b23c65e396d09112f54fc4d04c

Download Submit
C:\Windows\system\HQADPGa.exe

Filesize
6.0MB

MD5
3acfbfccd676f76d17af29a8a28863d9

SHA1
0e819881a28ae114cb1d3edcbf3c064a7afb2e4c

SHA256
e8dd5a0a6cd71a70346bbc50c58372f11a9fe3abb6b388ff3de82efed9f2e992

SHA512
625bfbeeed0115e72650e705faedd75f7087acf8abb79013b5bf0a28ea028edd1c133a53bab48db29ac8efb9dbda1c2443a36e735bc3ab3a1c0066f7a9f3e0e2

Download Submit
C:\Windows\system\HtNGHgv.exe

Filesize
6.0MB

MD5
c7f87e139f88df90c27a96b128abfa90

SHA1
4f00f7f9169209dbb42056c044ad2ce5dd11828f

SHA256
5ad44b6166972e9902c7638f688d6c0267ece06a74eb3cade46f59006f427fd0

SHA512
28322aff068cc595257a779864c320b5b1c31292a2a6ad7ffa6851cc953f8407c9ef5c3a75f3168706dc103dfd414ebf9ed250c2cc27231aa1508bdaf211537b

Download Submit
C:\Windows\system\JStjLav.exe

Filesize
6.0MB

MD5
8f79f84958cfb3d0952fe31f4c82c9c7

SHA1
848d3d2f16c1ab0ec5d0547206dded86c9d43be3

SHA256
efd7532c77a48205a4c5b02af761c11356eb3dacc92eaa566530bc63edc5456c

SHA512
b83fb908ec54da07fd333040a17dc076dd1a518b71bdfa816dcd7ce618d6e519c79e4fd43176d735d208c02a21d8ae23dc5a90dfdc8e8ae36688bc85445caa5b

Download Submit
C:\Windows\system\KWtWvIp.exe

Filesize
6.0MB

MD5
42ba6c757f576d92d5a53523288401b5

SHA1
7cd3d5737b950eaa8010b187dc45f98a8ecf5c41

SHA256
70e14a0101119ce0b22936d36916dccca160be4c6034ced188c4054d9ef21862

SHA512
69a41f25ca641675e2e257dee47b57b6bd3e83e46a7706599521ed8b0eac00d836ac3079eaa0c119f5f0e70b2eba0c937ae734ba3ca51239a3735fe3be71a973

Download Submit
C:\Windows\system\LTqMHrM.exe

Filesize
6.0MB

MD5
2c0a999143713b7393a4b586671d032f

SHA1
219c84481c089110a87b0cecce95eae9b66b3645

SHA256
767cc2505a68cb9389c2608b3b9dc13cd66f16d1a8d587ce8824dc003e82ca9d

SHA512
84aecf25da9e99cfd97b9be988ff59879bddef11a9128bfc94e848c606ea7f71518b6dc97f4546019843daf8db5a9ce9bd8329325b64269564b0f17c37f34517

Download Submit
C:\Windows\system\NOThISt.exe

Filesize
6.0MB

MD5
50ae49f50190ee56907fedc7fa4b6f4f

SHA1
de001258690aee5d117373ea81c7ccce75781949

SHA256
238f95480ae3e41710e8c07bc6ab0c093b72feef5d28ac4cfb259d6a8f39b9ad

SHA512
6e1bfc0de75edc0d0e0b0475292283518188e6862eb03977eb82ebccf62fca1a0dc2a703bee3ca37e517ccab0416d6b7bde9d8f1290b5181d448b385204f4b5c

Download Submit
C:\Windows\system\OJkuhKG.exe

Filesize
6.0MB

MD5
c9b2775a2cebc80b665fc95f9453de77

SHA1
4e8f2863574bd045ba390bf146aaa2e4d02ce236

SHA256
4b65bbe6af5fd3cfd866ad049f0cac75520abf990794dc32eace8796c7fc4ba2

SHA512
403438a814f87b9c0c2020b2b3f51a9e0ef03dd7d56063c656e31f24038d7fa34a863c78e937d9dff573bd9a329933869ef5290b1c0bfd896bf560e759354677

Download Submit
C:\Windows\system\ReRAmxM.exe

Filesize
6.0MB

MD5
836b463f36115efc29302eb76a45afd6

SHA1
93f6dc5a9257cc2ba82f8a38b624ab675c8c6924

SHA256
8c67e5ba33c2b5681969adaca1007b58b05e691c5396d9728644eb6dc4317087

SHA512
c3b8de3705dcaff633ff80bade055d33e5e303829ad5de73706d373d0ad71c97ff6d5089affd284a6b99bbd9f2494b9fff1ed8f51b89c405074e290e6dfb84dc

Download Submit
C:\Windows\system\RrmVPWp.exe

Filesize
6.0MB

MD5
28dac22426b02f567fb2def7c9a61647

SHA1
09714714f7f139eb315c8f7f2c19812cb3e202b5

SHA256
c9aab09285218223c9686fc9cd28d373093639928949569f58e5a563a32b7b9c

SHA512
9c6836b501c1a9353f30110d4aff00b409ce277c700570270a2fd85d86a8c2b16e48c4130b05edd67cf6f5e51f25948eae558bab8d7dfbd07e8db23d98d8a242

Download Submit
C:\Windows\system\SGRZxOu.exe

Filesize
6.0MB

MD5
f718b6fb382da2b6e2025a3c826dc3e5

SHA1
fb74957cf18cfdce988f0f7977947011aa2b35d2

SHA256
100b33601528b8de153989fe78fe758b51069306dca0d3fb0152745054a68986

SHA512
2c61f3957e7790ff45befe2a2082a28b65124a0717926a90e81f204963abe797bbc86679ab0a30ade8c6d15e321d70f94dfc859187629883aa4b3ae636870de0

Download Submit
C:\Windows\system\YHitNXJ.exe

Filesize
6.0MB

MD5
544b8b59d33943726d4823a17ad947f2

SHA1
03b576b35fb1171533f261bf0fce5416c528c231

SHA256
edfa97369ee6f99f0dd5153e1bca1366f43601a8736ceec2ed76d1ee638ffa98

SHA512
5b489aec744add5028120847cb4c6af935efd7094311057d7d3e05e2a7fc2db29b77107f68d94ac426299bc1f6cda51b59dc9b8637c04f8a790790ba03226c98

Download Submit
C:\Windows\system\akltGsS.exe

Filesize
6.0MB

MD5
7bac1d24e6c4fb2600f4afe171749dbf

SHA1
1453cad6b42f27078b7bd37d4582542da3bc2147

SHA256
e05900a2095565c25b8b0dfbcdfce5b29c07cdb56fbfab0f656b694e49080586

SHA512
6431632671398f61536c50131bc1b893b87103a7c92830eeb31a70039cb0d5f0ce0d51e8a0272d715f4339d35270ec919c4733d37a1671e8a650c84d7628fc8b

Download Submit
C:\Windows\system\coJLBrc.exe

Filesize
6.0MB

MD5
a676e21d69205bba9014adc30ff40266

SHA1
3504442b13131a33907678456bbdb6326166c8f1

SHA256
8d8b64574cff5b9e5af7b65325752d55580cc1c5f275642659b248cfded5d8b3

SHA512
540a62731e46e561e94b46d4d5608ee5224d249736dc793228df955bf150e294b49ed9af407a956be6b60c7db4fb925cd79b1e0deb81bd04e58287dd134913d5

Download Submit
C:\Windows\system\diOflpt.exe

Filesize
6.0MB

MD5
06e1f0f6ac86d04ad999bf912666a5cd

SHA1
fdea558b8e2dbd722bec52ff389671cc90373ce4

SHA256
08f36d8f6ebe762ecdf5f07f3480df87a5101ab753ba22204bc0dbcef97c337f

SHA512
031c604a94517d36549f9514dda10b8dc40ba611ee837ac1956fb0b6e14ab43f65791bf05c256cc24a5947f4a5fefbb5b410505792ce09346f97ced25276a90e

Download Submit
C:\Windows\system\doBTnee.exe

Filesize
6.0MB

MD5
3977b926421a11ed4f85ec06e0e590be

SHA1
edbdbd03be34c17d1e0c0274b572f401dfce3c13

SHA256
3f0f14ac66b2b3ec325e9838d251667b244efbf942679f1859d73f809b947b49

SHA512
b9a88efceb9217a1e479a615c3193fd758d7610f167e05754ccc8f7f9b5c838c0ddfeef71f883c4ca88ebb2edc579f92b1dc3bbe97e78edfb75cb1b4731d49b8

Download Submit
C:\Windows\system\eNOdtRv.exe

Filesize
8B

MD5
1312ab3f058af827ff65b61d149a4aa4

SHA1
284f6b4ea240230cdcc1afc8680922c5ce784131

SHA256
f87d7801a2912ad312dcf82e25017574b4a982ac90af0f1eccf059ee71c9e834

SHA512
a9825ceb3352596af3e2d7569c8c87ccff53a914296c8b84ae3867ad0c19e4d50701061aba2574ec7a1b27f16503e3d05920c299356e11f87824fda0f077e745

Download Submit
C:\Windows\system\fFXliVG.exe

Filesize
6.0MB

MD5
ed2a5b0e5a1219fb76ca6e663ae759e6

SHA1
c5e05b8295af472902b734d8f137841e838effec

SHA256
da943b8dad047372ba34261573b29e590cd287edb9cc5df08bb2a3f561acde83

SHA512
086a4b2d9334a121539dae23c576aec76a33991aca13ac3f0487618ac90be81dd418990b0ee5341228bface37de988f2b8aa9932b8bea45e987822f082dbf349

Download Submit
C:\Windows\system\gGqXHAb.exe

Filesize
6.0MB

MD5
63b17cf7eea4adb7244ed37dce2e7b3b

SHA1
143811105883b23e25a11a475f2e5ffe910db88d

SHA256
96949c7f433be0a46b1c5b086ad5e1a1b65d20e69d0d872d89a643b6fef2781a

SHA512
5d29abefdb2e45707e6429f751583bd2ae617d44fa2bd4934d0b173fb768fc5e58210f41e214c80ce3cd727e9862c9b66a317919470253d789be574b1feed86f

Download Submit
C:\Windows\system\hyWRZSM.exe

Filesize
6.0MB

MD5
e036ee2bade3a64ac470ba1ec26fc2f1

SHA1
fb596dee5c3e8a014d8602b831b76c773fe3ae58

SHA256
a4ca6403ee024a5a889538b18f3749c251e92679b22bbf7f635f977642d059e1

SHA512
297b08facbaff5eca08dd80ead4d53ebb5d67fe7f13a3da5c65fc3f9c81e655f73145f61b5d3c03c7554488a5d8063e52822f4198207b9d79427448304e69086

Download Submit
C:\Windows\system\iPHeAAw.exe

Filesize
6.0MB

MD5
2d867136da3ccf04cfffd4382e30d429

SHA1
07a88eade6d0acf882668ff2beb259115cc239df

SHA256
0b7ce5e66bc17551138cae401eaa5ca51edadad51d250c1044fb732998321e40

SHA512
007e299a1a148aa2d93f075b199f32c61e38ff491ad9762778baf9893ec174da7f652d16b934e8d202a27dd5764b79f27d557133493eb2e14724d1de49ce3f94

Download Submit
C:\Windows\system\mVsZyRE.exe

Filesize
6.0MB

MD5
bcd0bdbb919b23372e6b8349e8321707

SHA1
b4c053f2255db239a63f4c586facc61fc40816ad

SHA256
13dc9515aca217c5c41801584a36c9fc31b5f8d2a28b1b825c50ba4a5b2f778b

SHA512
7b345290be5889b5d9afce713c9acab0e0c2e9ad3acbf7e4d98d893da4b85abd7493bec52f3db592358c8a2769e596673452d3914075bfa3ba5ea53187283591

Download Submit
C:\Windows\system\oDFIWgH.exe

Filesize
6.0MB

MD5
72954dca5bdd48eb68812df70bd3170a

SHA1
36f191dc1c51fbd4bc8e68d4b028673e54708df0

SHA256
49b1d8bf2166a615f04747b94f372e88257338f2a30e158b3a42909ff96ae553

SHA512
739e30bd27b5ee09fd3819f1f5e7c7b11942d17208c2fb23cb6c1067f54a68bf0e9387ba144c5fbdcd97334401951e5e5fd89ffb5304ad5fefbae74ba62d54b4

Download Submit
C:\Windows\system\phsyEcW.exe

Filesize
6.0MB

MD5
c74290b89e970c8d3c8322ee679273a6

SHA1
d0b563e5a147834c64a8b3de3cfde0c3ee26890c

SHA256
129da8a7277dea16bcc9deacbcebb96f447072afe23bc73bb409a887c5e4a2c8

SHA512
34ffd9e35455ba258e57119fe3b24d65f09e1722209fd08460f2c412a85e942c840f811142acd0307addb1f18c8cac258b1a0cc236c452887cd4c87bc45d0ea0

Download Submit
C:\Windows\system\pwUlEaK.exe

Filesize
6.0MB

MD5
f87cf5bff332a09bf36c7e07b43a7ec8

SHA1
8ee6ab3f3d0eb1bfd77eec0c36e510de4a358753

SHA256
72087d5d9f33dfc0217d88c5ba5b97bbcc0cbd27abe94794df63ad80f569a9f9

SHA512
43fca6ad0a52adf7a06f878bc7d704bc7e598eb5c5487262a9979b42c3829f90c4476633ee5c1d314e48aaeb81d8b62ec13d2106c2bf7292bce72782b715ffd2

Download Submit
C:\Windows\system\rZFxDao.exe

Filesize
6.0MB

MD5
72fd17ae7fffaab5b938ff8649cbb566

SHA1
7bc933fd05151ca293bd7d9a937ab0fbd67296f5

SHA256
30b3780b4e6bd1d70c6a2d2cc5ea6d60e46480846f30bf3575c80df6dae07194

SHA512
3b294b9650a8eb02837c82d317183e39fa81a5814ea8762e4b25e4c7a55df7109295d938c94b2cb7c5094278862ba09da95238f088bea081b634847fa3817b69

Download Submit
C:\Windows\system\utZGUUJ.exe

Filesize
6.0MB

MD5
57739d8b067661bd1ac562dccab24ce0

SHA1
df5a02c40de42d4ab1a4c5e04e42773f315bda86

SHA256
04dac6da6e1303270ade97ac18318928363a586c504edb0f19f741e6b8943862

SHA512
c27d95c020d365daa9e866818a3d8ee61e0b28cd8b2d443d8d487840a67a9fe894873e56f055ebcbbde7e1eb57df7fb9fdf6d34499055172d714465a42b3ea2e

Download Submit
C:\Windows\system\xLbUSmj.exe

Filesize
6.0MB

MD5
17a83f6b95fc0dd3a955740877650f52

SHA1
5238f626eda649735b1fd7b02cb602f0e6d953e2

SHA256
1796ef56eab3d824634f2ec66c2da9879fbf7e7b59e101c2dc6bd9936ce349ce

SHA512
c387293dffae364f8c4b06e4da3ffef5987904da3bd0bb19a549a7806a62a0a9c4b8de4b5646e0924cfa9acf6645699e44dda8430f76eb4a0cc25e8f31de4cf6

Download Submit
\Windows\system\nJEsJOY.exe

Filesize
6.0MB

MD5
3ddda93ce51e4f64b9fd3c76ec8fc626

SHA1
e16b95a9e081d621edc4f9897c019d0f3ee8447f

SHA256
0108d2fb5fa2d43f38355a6c0993368ebd7adfc544d1d12f80c67c90688cec9b

SHA512
eb6e1d34105b7476a72dd8a5c42e26ceae52c4624d2cad9fa0e2c732164c715d776f0617d79fd9a0491f7a45f0d6ec25f9b195752f4719653b947f150fb48893

Download Submit
\Windows\system\nSBScNN.exe

Filesize
6.0MB

MD5
8dc77411e0cad81338f3c21f5bd9ff7f

SHA1
504d67c9484a0c2c35893aeb27fd9683bc403637

SHA256
93c1e8942516f6bdef4fcccb977de96575b65e0e113c6082576e050a3a964009

SHA512
8d92df64190682381f9e975e01fdb8047cf035ad9f0997ae3981b5c2cfd9bb773b39c42b46b52966bb18b06afba6cca4e5accc5d7f2d522934e4c50eaa98cbb0

Download Submit
\Windows\system\yWYxlkc.exe

Filesize
6.0MB

MD5
acabb1ee857fabfb896abe17a6be4069

SHA1
a7b351cf8f183ec154c3c089116e72af71be79a4

SHA256
74298879970949ad5f152aafd6f5f1b45c650f0eba2f981de6b19c9c85c77dc4

SHA512
0b022f23122781730c0171f473bef2693f4c1aad5da94594d083286710ad5f55fb2743b547b2d5b5d13636925e371de3094804f2e7151c4e078c75328aa91154

Download Submit
memory/268-98-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/268-88-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/268-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/268-502-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-27-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-698-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/268-37-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-874-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-48-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/268-1051-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-32-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/268-106-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-39-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/268-117-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-115-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/268-57-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/268-63-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-51-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/268-0-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/268-70-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-72-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/268-79-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-19-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-107-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-13-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/268-91-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1544-3677-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1544-84-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1544-405-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-3646-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1668-82-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1668-28-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1772-605-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-3678-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-93-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-24-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-71-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-3639-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-50-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2224-11-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3486-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3484-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2312-62-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2312-15-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2392-111-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-954-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3680-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-102-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3679-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-807-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-97-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2616-55-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3657-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3655-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2644-53-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2644-92-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2664-58-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2664-101-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3661-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3642-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2756-46-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2756-83-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3671-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-66-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-110-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3676-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2968-75-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2968-242-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download