cobaltstrike | 3442ccc9aaff5e5caec45dfdfbc05b72c61ad22c23cd9e382b9dd6027699ca01

Analysis

max time kernel
150s
max time network
28s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28/02/2025, 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

53b740816b84c03364deaf0d89b0338f
SHA1

18dc70fb3926eec35bfacae933be0d8c8e730486
SHA256

3442ccc9aaff5e5caec45dfdfbc05b72c61ad22c23cd9e382b9dd6027699ca01
SHA512

d2d9ef30f473da02ade3fb943450ed935fd94272405b70c27ed1ad3a69359d5fc586ec8e377da61608ed2b52bbe5e24fdcd7f8e0a850d5b4b3852d52c81be399
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019394-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-18.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-55.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195bb-67.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-62.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018bbf-40.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-46.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-77.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2248-0-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-3.dat	xmrig
behavioral1/files/0x0008000000019394-8.dat	xmrig
behavioral1/files/0x00070000000193b8-12.dat	xmrig
behavioral1/files/0x0007000000019470-18.dat	xmrig
behavioral1/files/0x0006000000019489-31.dat	xmrig
behavioral1/memory/308-37-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019490-55.dat	xmrig
behavioral1/memory/2620-58-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x00070000000195bb-67.dat	xmrig
behavioral1/memory/2608-66-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2248-64-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x00080000000194eb-62.dat	xmrig
behavioral1/files/0x0031000000018bbf-40.dat	xmrig
behavioral1/memory/2744-49-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2860-48-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x000600000001948c-46.dat	xmrig
behavioral1/memory/3016-30-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2900-27-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2876-26-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2860-71-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2320-72-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2988-23-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2012-92-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3ab-80.dat	xmrig
behavioral1/files/0x000500000001a3f8-97.dat	xmrig
behavioral1/memory/2248-109-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x000500000001a400-112.dat	xmrig
behavioral1/files/0x000500000001a463-147.dat	xmrig
behavioral1/files/0x000500000001a475-183.dat	xmrig
behavioral1/memory/2248-567-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2360-1956-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1116-1955-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2012-1942-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2076-1930-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2320-1929-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2608-1775-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2620-1767-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2860-1766-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2744-1752-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/308-1734-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/3016-1725-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2900-1708-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2876-1701-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2988-2095-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1116-405-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2320-259-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a479-193.dat	xmrig
behavioral1/files/0x000500000001a477-187.dat	xmrig
behavioral1/files/0x000500000001a473-177.dat	xmrig
behavioral1/files/0x000500000001a471-173.dat	xmrig
behavioral1/files/0x000500000001a46f-167.dat	xmrig
behavioral1/files/0x000500000001a46d-163.dat	xmrig
behavioral1/files/0x000500000001a46b-157.dat	xmrig
behavioral1/files/0x000500000001a469-153.dat	xmrig
behavioral1/files/0x000500000001a459-142.dat	xmrig
behavioral1/files/0x000500000001a457-138.dat	xmrig
behavioral1/files/0x000500000001a44f-132.dat	xmrig
behavioral1/files/0x000500000001a44d-128.dat	xmrig
behavioral1/files/0x000500000001a438-122.dat	xmrig
behavioral1/files/0x000500000001a404-117.dat	xmrig
behavioral1/memory/2248-108-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3fd-105.dat	xmrig
behavioral1/memory/2360-102-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2876	VWKxCjy.exe
2988	IBZxmrr.exe
2900	isrNnSF.exe
3016	iTwPVzw.exe
308	eyxUvhE.exe
2860	JphWbcT.exe
2744	DlFsyDn.exe
2620	yjEeQWd.exe
2608	bLjIrvT.exe
2320	kZvKneT.exe
2076	kkfPwuG.exe
2012	kBttOBd.exe
1116	qwJvCZv.exe
2360	akUFpes.exe
2184	sKKpciS.exe
2368	RUEYrTr.exe
3032	zIyxsaO.exe
2736	cpYxtQS.exe
2516	AjXHYYI.exe
1640	iDhOcLO.exe
692	WnLrnkM.exe
1548	ajNAoxq.exe
2260	wJILZyS.exe
2708	fYGZFTt.exe
2576	wuRHsZV.exe
2524	bvmPvTm.exe
2276	MKfXGLD.exe
908	ZvJcTvV.exe
1592	XIYOsZg.exe
1020	bHJVSKW.exe
1992	sopLPxV.exe
2084	VbHZFzx.exe
2480	JFdHKjm.exe
1184	zaeMhFv.exe
1284	crWMkmg.exe
1500	RnpKXfH.exe
1812	qodzxmN.exe
1372	yJFaTOP.exe
676	kPsXsCL.exe
1128	uadoRIE.exe
1652	jGfAoqf.exe
1924	tBrrbTO.exe
2316	xYAkuTb.exe
2364	OFdEORM.exe
2492	lltzYEH.exe
1060	bFkOOdj.exe
2412	vtYjyiT.exe
1240	BYBdDgt.exe
884	TSFMkUT.exe
2332	mYzJgIV.exe
2632	mwPyoKm.exe
2832	fnpFTAL.exe
1612	mYrCUEr.exe
2664	mbHIHFD.exe
2856	aYHhoCQ.exe
2616	qQrbKEF.exe
2604	jVdBigI.exe
1532	sPyHZqm.exe
2788	uvlIGHR.exe
3024	mxPssUk.exe
2152	aZZutFW.exe
2308	OqiUFTs.exe
2288	aNJRjGH.exe
1584	buZyoNX.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2248-0-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-3.dat	upx
behavioral1/files/0x0008000000019394-8.dat	upx
behavioral1/files/0x00070000000193b8-12.dat	upx
behavioral1/files/0x0007000000019470-18.dat	upx
behavioral1/files/0x0006000000019489-31.dat	upx
behavioral1/memory/308-37-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0006000000019490-55.dat	upx
behavioral1/memory/2620-58-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x00070000000195bb-67.dat	upx
behavioral1/memory/2608-66-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2248-64-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x00080000000194eb-62.dat	upx
behavioral1/files/0x0031000000018bbf-40.dat	upx
behavioral1/memory/2744-49-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2860-48-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x000600000001948c-46.dat	upx
behavioral1/memory/3016-30-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2900-27-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2876-26-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2860-71-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2320-72-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2988-23-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2012-92-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x000500000001a3ab-80.dat	upx
behavioral1/files/0x000500000001a3f8-97.dat	upx
behavioral1/files/0x000500000001a400-112.dat	upx
behavioral1/files/0x000500000001a463-147.dat	upx
behavioral1/files/0x000500000001a475-183.dat	upx
behavioral1/memory/2360-1956-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1116-1955-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2012-1942-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2076-1930-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2320-1929-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2608-1775-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2620-1767-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2860-1766-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2744-1752-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/308-1734-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/3016-1725-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2900-1708-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2876-1701-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2988-2095-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1116-405-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2320-259-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x000500000001a479-193.dat	upx
behavioral1/files/0x000500000001a477-187.dat	upx
behavioral1/files/0x000500000001a473-177.dat	upx
behavioral1/files/0x000500000001a471-173.dat	upx
behavioral1/files/0x000500000001a46f-167.dat	upx
behavioral1/files/0x000500000001a46d-163.dat	upx
behavioral1/files/0x000500000001a46b-157.dat	upx
behavioral1/files/0x000500000001a469-153.dat	upx
behavioral1/files/0x000500000001a459-142.dat	upx
behavioral1/files/0x000500000001a457-138.dat	upx
behavioral1/files/0x000500000001a44f-132.dat	upx
behavioral1/files/0x000500000001a44d-128.dat	upx
behavioral1/files/0x000500000001a438-122.dat	upx
behavioral1/files/0x000500000001a404-117.dat	upx
behavioral1/files/0x000500000001a3fd-105.dat	upx
behavioral1/memory/2360-102-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1116-94-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-88.dat	upx
behavioral1/memory/2076-87-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\winJzUW.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTWmcHO.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmeUloB.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwzHPda.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqTmiKV.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWZvMer.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWElIvZ.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXnVkel.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYjtyVV.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kplJCsU.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYvkSIG.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuPjcYj.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrViUYK.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWFKsdq.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihvRoXy.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQeWLhc.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZRzdYB.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLHnGVT.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXcdrPP.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMOuSgd.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWeqjEU.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imyobFX.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsJyhcE.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzWNOdE.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuJBwXZ.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPknmrr.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbjRGiq.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlRemNt.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWLUnqH.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uatjGca.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcUGRsR.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFlfECR.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AZNQNMK.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSMvFpl.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfWONKX.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBuagMd.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYFEtWO.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZANXMlS.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBkLbDg.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMEcJLh.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCotguB.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhAWkHa.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdlZKEk.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxqyCMi.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZZutFW.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiZPQfw.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVvnyFC.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVOjOEU.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZoisXl.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppkQGUB.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpdccQO.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuBUbtm.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVcQLWu.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KODDfSq.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpmzjFH.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukpbcTs.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLMnsVA.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMxNjwz.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNlcAaC.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpRLyQZ.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vartXXB.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feOlrdz.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCQTNjQ.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltokVLu.exe	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2876	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2248 wrote to memory of 2876	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2248 wrote to memory of 2876	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2248 wrote to memory of 2988	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2248 wrote to memory of 2988	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2248 wrote to memory of 2988	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2248 wrote to memory of 2900	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2248 wrote to memory of 2900	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2248 wrote to memory of 2900	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2248 wrote to memory of 3016	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2248 wrote to memory of 3016	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2248 wrote to memory of 3016	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2248 wrote to memory of 308	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2248 wrote to memory of 308	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2248 wrote to memory of 308	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2248 wrote to memory of 2860	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2248 wrote to memory of 2860	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2248 wrote to memory of 2860	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2248 wrote to memory of 2744	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2248 wrote to memory of 2744	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2248 wrote to memory of 2744	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2248 wrote to memory of 2620	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2248 wrote to memory of 2620	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2248 wrote to memory of 2620	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2248 wrote to memory of 2608	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2248 wrote to memory of 2608	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2248 wrote to memory of 2608	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2248 wrote to memory of 2320	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2248 wrote to memory of 2320	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2248 wrote to memory of 2320	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2248 wrote to memory of 2076	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2248 wrote to memory of 2076	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2248 wrote to memory of 2076	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2248 wrote to memory of 1116	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2248 wrote to memory of 1116	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2248 wrote to memory of 1116	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2248 wrote to memory of 2012	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2248 wrote to memory of 2012	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2248 wrote to memory of 2012	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2248 wrote to memory of 2360	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2248 wrote to memory of 2360	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2248 wrote to memory of 2360	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2248 wrote to memory of 2184	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2248 wrote to memory of 2184	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2248 wrote to memory of 2184	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2248 wrote to memory of 2368	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2248 wrote to memory of 2368	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2248 wrote to memory of 2368	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2248 wrote to memory of 3032	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2248 wrote to memory of 3032	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2248 wrote to memory of 3032	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2248 wrote to memory of 2736	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2248 wrote to memory of 2736	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2248 wrote to memory of 2736	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2248 wrote to memory of 2516	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2248 wrote to memory of 2516	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2248 wrote to memory of 2516	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2248 wrote to memory of 1640	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2248 wrote to memory of 1640	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2248 wrote to memory of 1640	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2248 wrote to memory of 692	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2248 wrote to memory of 692	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2248 wrote to memory of 692	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2248 wrote to memory of 1548	2248	2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-28_53b740816b84c03364deaf0d89b0338f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\System\VWKxCjy.exe
  C:\Windows\System\VWKxCjy.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\IBZxmrr.exe
  C:\Windows\System\IBZxmrr.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\isrNnSF.exe
  C:\Windows\System\isrNnSF.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\iTwPVzw.exe
  C:\Windows\System\iTwPVzw.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\eyxUvhE.exe
  C:\Windows\System\eyxUvhE.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\JphWbcT.exe
  C:\Windows\System\JphWbcT.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\DlFsyDn.exe
  C:\Windows\System\DlFsyDn.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\yjEeQWd.exe
  C:\Windows\System\yjEeQWd.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\bLjIrvT.exe
  C:\Windows\System\bLjIrvT.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\kZvKneT.exe
  C:\Windows\System\kZvKneT.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\kkfPwuG.exe
  C:\Windows\System\kkfPwuG.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\qwJvCZv.exe
  C:\Windows\System\qwJvCZv.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\kBttOBd.exe
  C:\Windows\System\kBttOBd.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\akUFpes.exe
  C:\Windows\System\akUFpes.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\sKKpciS.exe
  C:\Windows\System\sKKpciS.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\RUEYrTr.exe
  C:\Windows\System\RUEYrTr.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\zIyxsaO.exe
  C:\Windows\System\zIyxsaO.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\cpYxtQS.exe
  C:\Windows\System\cpYxtQS.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\AjXHYYI.exe
  C:\Windows\System\AjXHYYI.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\iDhOcLO.exe
  C:\Windows\System\iDhOcLO.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\WnLrnkM.exe
  C:\Windows\System\WnLrnkM.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ajNAoxq.exe
  C:\Windows\System\ajNAoxq.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\wJILZyS.exe
  C:\Windows\System\wJILZyS.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\fYGZFTt.exe
  C:\Windows\System\fYGZFTt.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\wuRHsZV.exe
  C:\Windows\System\wuRHsZV.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\bvmPvTm.exe
  C:\Windows\System\bvmPvTm.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\MKfXGLD.exe
  C:\Windows\System\MKfXGLD.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\ZvJcTvV.exe
  C:\Windows\System\ZvJcTvV.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\XIYOsZg.exe
  C:\Windows\System\XIYOsZg.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\bHJVSKW.exe
  C:\Windows\System\bHJVSKW.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\sopLPxV.exe
  C:\Windows\System\sopLPxV.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\VbHZFzx.exe
  C:\Windows\System\VbHZFzx.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\JFdHKjm.exe
  C:\Windows\System\JFdHKjm.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\zaeMhFv.exe
  C:\Windows\System\zaeMhFv.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\crWMkmg.exe
  C:\Windows\System\crWMkmg.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\RnpKXfH.exe
  C:\Windows\System\RnpKXfH.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\qodzxmN.exe
  C:\Windows\System\qodzxmN.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\yJFaTOP.exe
  C:\Windows\System\yJFaTOP.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\kPsXsCL.exe
  C:\Windows\System\kPsXsCL.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\uadoRIE.exe
  C:\Windows\System\uadoRIE.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\jGfAoqf.exe
  C:\Windows\System\jGfAoqf.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\tBrrbTO.exe
  C:\Windows\System\tBrrbTO.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\xYAkuTb.exe
  C:\Windows\System\xYAkuTb.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\OFdEORM.exe
  C:\Windows\System\OFdEORM.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\lltzYEH.exe
  C:\Windows\System\lltzYEH.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\bFkOOdj.exe
  C:\Windows\System\bFkOOdj.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\vtYjyiT.exe
  C:\Windows\System\vtYjyiT.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\BYBdDgt.exe
  C:\Windows\System\BYBdDgt.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\TSFMkUT.exe
  C:\Windows\System\TSFMkUT.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\fnpFTAL.exe
  C:\Windows\System\fnpFTAL.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\mYzJgIV.exe
  C:\Windows\System\mYzJgIV.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\mbHIHFD.exe
  C:\Windows\System\mbHIHFD.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\mwPyoKm.exe
  C:\Windows\System\mwPyoKm.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\buZyoNX.exe
  C:\Windows\System\buZyoNX.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\mYrCUEr.exe
  C:\Windows\System\mYrCUEr.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\soAddoK.exe
  C:\Windows\System\soAddoK.exe
  2⤵
  PID:2968
- C:\Windows\System\aYHhoCQ.exe
  C:\Windows\System\aYHhoCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\qlNlJsC.exe
  C:\Windows\System\qlNlJsC.exe
  2⤵
  PID:2772
- C:\Windows\System\qQrbKEF.exe
  C:\Windows\System\qQrbKEF.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\XEAjpFy.exe
  C:\Windows\System\XEAjpFy.exe
  2⤵
  PID:944
- C:\Windows\System\jVdBigI.exe
  C:\Windows\System\jVdBigI.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\weKhDZL.exe
  C:\Windows\System\weKhDZL.exe
  2⤵
  PID:2024
- C:\Windows\System\sPyHZqm.exe
  C:\Windows\System\sPyHZqm.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\wyEiodx.exe
  C:\Windows\System\wyEiodx.exe
  2⤵
  PID:1140
- C:\Windows\System\uvlIGHR.exe
  C:\Windows\System\uvlIGHR.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\LTCyXGv.exe
  C:\Windows\System\LTCyXGv.exe
  2⤵
  PID:1980
- C:\Windows\System\mxPssUk.exe
  C:\Windows\System\mxPssUk.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ZWWeVKJ.exe
  C:\Windows\System\ZWWeVKJ.exe
  2⤵
  PID:2940
- C:\Windows\System\aZZutFW.exe
  C:\Windows\System\aZZutFW.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\ofNfMce.exe
  C:\Windows\System\ofNfMce.exe
  2⤵
  PID:2220
- C:\Windows\System\OqiUFTs.exe
  C:\Windows\System\OqiUFTs.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\lmPpqsS.exe
  C:\Windows\System\lmPpqsS.exe
  2⤵
  PID:1204
- C:\Windows\System\aNJRjGH.exe
  C:\Windows\System\aNJRjGH.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\PRCQUtb.exe
  C:\Windows\System\PRCQUtb.exe
  2⤵
  PID:2212
- C:\Windows\System\gOmtTPg.exe
  C:\Windows\System\gOmtTPg.exe
  2⤵
  PID:2712
- C:\Windows\System\GFJEhLi.exe
  C:\Windows\System\GFJEhLi.exe
  2⤵
  PID:2388
- C:\Windows\System\zUfBOqO.exe
  C:\Windows\System\zUfBOqO.exe
  2⤵
  PID:584
- C:\Windows\System\KyRXkUt.exe
  C:\Windows\System\KyRXkUt.exe
  2⤵
  PID:1852
- C:\Windows\System\mBPcKPM.exe
  C:\Windows\System\mBPcKPM.exe
  2⤵
  PID:1740
- C:\Windows\System\aVFQGxW.exe
  C:\Windows\System\aVFQGxW.exe
  2⤵
  PID:2148
- C:\Windows\System\LxzRVfB.exe
  C:\Windows\System\LxzRVfB.exe
  2⤵
  PID:2892
- C:\Windows\System\cPknmrr.exe
  C:\Windows\System\cPknmrr.exe
  2⤵
  PID:2096
- C:\Windows\System\HvcByhm.exe
  C:\Windows\System\HvcByhm.exe
  2⤵
  PID:1680
- C:\Windows\System\ewKgjvQ.exe
  C:\Windows\System\ewKgjvQ.exe
  2⤵
  PID:112
- C:\Windows\System\mhyGIsG.exe
  C:\Windows\System\mhyGIsG.exe
  2⤵
  PID:388
- C:\Windows\System\whLKqtt.exe
  C:\Windows\System\whLKqtt.exe
  2⤵
  PID:2700
- C:\Windows\System\ufbCvbv.exe
  C:\Windows\System\ufbCvbv.exe
  2⤵
  PID:2396
- C:\Windows\System\wHduziQ.exe
  C:\Windows\System\wHduziQ.exe
  2⤵
  PID:1780
- C:\Windows\System\eIdxyFw.exe
  C:\Windows\System\eIdxyFw.exe
  2⤵
  PID:2504
- C:\Windows\System\ogGXsMS.exe
  C:\Windows\System\ogGXsMS.exe
  2⤵
  PID:2544
- C:\Windows\System\WBnAuRh.exe
  C:\Windows\System\WBnAuRh.exe
  2⤵
  PID:2872
- C:\Windows\System\JVvTJHR.exe
  C:\Windows\System\JVvTJHR.exe
  2⤵
  PID:2808
- C:\Windows\System\HOCzEjL.exe
  C:\Windows\System\HOCzEjL.exe
  2⤵
  PID:2456
- C:\Windows\System\uKtoEBt.exe
  C:\Windows\System\uKtoEBt.exe
  2⤵
  PID:2880
- C:\Windows\System\lMbHiii.exe
  C:\Windows\System\lMbHiii.exe
  2⤵
  PID:1704
- C:\Windows\System\OPeuMtG.exe
  C:\Windows\System\OPeuMtG.exe
  2⤵
  PID:2748
- C:\Windows\System\iUZqySL.exe
  C:\Windows\System\iUZqySL.exe
  2⤵
  PID:704
- C:\Windows\System\XiYdQuB.exe
  C:\Windows\System\XiYdQuB.exe
  2⤵
  PID:1552
- C:\Windows\System\lTbMunM.exe
  C:\Windows\System\lTbMunM.exe
  2⤵
  PID:1844
- C:\Windows\System\ETDZDXt.exe
  C:\Windows\System\ETDZDXt.exe
  2⤵
  PID:948
- C:\Windows\System\hvAgjPG.exe
  C:\Windows\System\hvAgjPG.exe
  2⤵
  PID:2660
- C:\Windows\System\pMZvkZY.exe
  C:\Windows\System\pMZvkZY.exe
  2⤵
  PID:3008
- C:\Windows\System\tjLxaKn.exe
  C:\Windows\System\tjLxaKn.exe
  2⤵
  PID:2240
- C:\Windows\System\ajqwVpc.exe
  C:\Windows\System\ajqwVpc.exe
  2⤵
  PID:1192
- C:\Windows\System\wUcmbaS.exe
  C:\Windows\System\wUcmbaS.exe
  2⤵
  PID:2496
- C:\Windows\System\fpdccQO.exe
  C:\Windows\System\fpdccQO.exe
  2⤵
  PID:752
- C:\Windows\System\PayhFtm.exe
  C:\Windows\System\PayhFtm.exe
  2⤵
  PID:1700
- C:\Windows\System\zWjTIIe.exe
  C:\Windows\System\zWjTIIe.exe
  2⤵
  PID:972
- C:\Windows\System\JdAUCwi.exe
  C:\Windows\System\JdAUCwi.exe
  2⤵
  PID:3096
- C:\Windows\System\cavhMvQ.exe
  C:\Windows\System\cavhMvQ.exe
  2⤵
  PID:3112
- C:\Windows\System\BqtLEJK.exe
  C:\Windows\System\BqtLEJK.exe
  2⤵
  PID:3132
- C:\Windows\System\BBwwmot.exe
  C:\Windows\System\BBwwmot.exe
  2⤵
  PID:3148
- C:\Windows\System\HIyoFrz.exe
  C:\Windows\System\HIyoFrz.exe
  2⤵
  PID:3164
- C:\Windows\System\gfuMBrb.exe
  C:\Windows\System\gfuMBrb.exe
  2⤵
  PID:3188
- C:\Windows\System\POGwYoy.exe
  C:\Windows\System\POGwYoy.exe
  2⤵
  PID:3208
- C:\Windows\System\uxwyqvq.exe
  C:\Windows\System\uxwyqvq.exe
  2⤵
  PID:3224
- C:\Windows\System\QzxLVmJ.exe
  C:\Windows\System\QzxLVmJ.exe
  2⤵
  PID:3244
- C:\Windows\System\xJOkqfT.exe
  C:\Windows\System\xJOkqfT.exe
  2⤵
  PID:3268
- C:\Windows\System\KWIyUZH.exe
  C:\Windows\System\KWIyUZH.exe
  2⤵
  PID:3288
- C:\Windows\System\BtwixSP.exe
  C:\Windows\System\BtwixSP.exe
  2⤵
  PID:3308
- C:\Windows\System\bieJkHj.exe
  C:\Windows\System\bieJkHj.exe
  2⤵
  PID:3332
- C:\Windows\System\ieNhCzy.exe
  C:\Windows\System\ieNhCzy.exe
  2⤵
  PID:3348
- C:\Windows\System\zLWytLD.exe
  C:\Windows\System\zLWytLD.exe
  2⤵
  PID:3368
- C:\Windows\System\hNwQqBJ.exe
  C:\Windows\System\hNwQqBJ.exe
  2⤵
  PID:3388
- C:\Windows\System\QpcDrNR.exe
  C:\Windows\System\QpcDrNR.exe
  2⤵
  PID:3404
- C:\Windows\System\JcHmAkg.exe
  C:\Windows\System\JcHmAkg.exe
  2⤵
  PID:3424
- C:\Windows\System\oARXNFF.exe
  C:\Windows\System\oARXNFF.exe
  2⤵
  PID:3448
- C:\Windows\System\oPydeoG.exe
  C:\Windows\System\oPydeoG.exe
  2⤵
  PID:3468
- C:\Windows\System\PIdTKAj.exe
  C:\Windows\System\PIdTKAj.exe
  2⤵
  PID:3504
- C:\Windows\System\rsoJHfj.exe
  C:\Windows\System\rsoJHfj.exe
  2⤵
  PID:3524
- C:\Windows\System\cvJoXVa.exe
  C:\Windows\System\cvJoXVa.exe
  2⤵
  PID:3544
- C:\Windows\System\EbowtFj.exe
  C:\Windows\System\EbowtFj.exe
  2⤵
  PID:3564
- C:\Windows\System\vIglTPf.exe
  C:\Windows\System\vIglTPf.exe
  2⤵
  PID:3580
- C:\Windows\System\LQpzphQ.exe
  C:\Windows\System\LQpzphQ.exe
  2⤵
  PID:3600
- C:\Windows\System\AqXgesb.exe
  C:\Windows\System\AqXgesb.exe
  2⤵
  PID:3620
- C:\Windows\System\mlpZEsE.exe
  C:\Windows\System\mlpZEsE.exe
  2⤵
  PID:3644
- C:\Windows\System\oOnYYaI.exe
  C:\Windows\System\oOnYYaI.exe
  2⤵
  PID:3660
- C:\Windows\System\LKoAPkM.exe
  C:\Windows\System\LKoAPkM.exe
  2⤵
  PID:3680
- C:\Windows\System\GhDAlGD.exe
  C:\Windows\System\GhDAlGD.exe
  2⤵
  PID:3700
- C:\Windows\System\pFxROnQ.exe
  C:\Windows\System\pFxROnQ.exe
  2⤵
  PID:3724
- C:\Windows\System\TivrZCD.exe
  C:\Windows\System\TivrZCD.exe
  2⤵
  PID:3744
- C:\Windows\System\tHDslPO.exe
  C:\Windows\System\tHDslPO.exe
  2⤵
  PID:3760
- C:\Windows\System\wMUThEZ.exe
  C:\Windows\System\wMUThEZ.exe
  2⤵
  PID:3784
- C:\Windows\System\BKHhZXa.exe
  C:\Windows\System\BKHhZXa.exe
  2⤵
  PID:3804
- C:\Windows\System\HxQlnsq.exe
  C:\Windows\System\HxQlnsq.exe
  2⤵
  PID:3820
- C:\Windows\System\REBvSJV.exe
  C:\Windows\System\REBvSJV.exe
  2⤵
  PID:3836
- C:\Windows\System\cboBjIB.exe
  C:\Windows\System\cboBjIB.exe
  2⤵
  PID:3860
- C:\Windows\System\hHAdskk.exe
  C:\Windows\System\hHAdskk.exe
  2⤵
  PID:3880
- C:\Windows\System\IEbWQOp.exe
  C:\Windows\System\IEbWQOp.exe
  2⤵
  PID:3900
- C:\Windows\System\miknRqS.exe
  C:\Windows\System\miknRqS.exe
  2⤵
  PID:3924
- C:\Windows\System\wYijaor.exe
  C:\Windows\System\wYijaor.exe
  2⤵
  PID:3944
- C:\Windows\System\ODWYlPr.exe
  C:\Windows\System\ODWYlPr.exe
  2⤵
  PID:3968
- C:\Windows\System\MCJTpqC.exe
  C:\Windows\System\MCJTpqC.exe
  2⤵
  PID:3988
- C:\Windows\System\DSpulYG.exe
  C:\Windows\System\DSpulYG.exe
  2⤵
  PID:4004
- C:\Windows\System\eZcpxuW.exe
  C:\Windows\System\eZcpxuW.exe
  2⤵
  PID:4024
- C:\Windows\System\khiWMLM.exe
  C:\Windows\System\khiWMLM.exe
  2⤵
  PID:4040
- C:\Windows\System\EpOSLwO.exe
  C:\Windows\System\EpOSLwO.exe
  2⤵
  PID:4068
- C:\Windows\System\xHJvbxt.exe
  C:\Windows\System\xHJvbxt.exe
  2⤵
  PID:4092
- C:\Windows\System\VuCPvfS.exe
  C:\Windows\System\VuCPvfS.exe
  2⤵
  PID:1472
- C:\Windows\System\NgrcxCK.exe
  C:\Windows\System\NgrcxCK.exe
  2⤵
  PID:980
- C:\Windows\System\WuBUbtm.exe
  C:\Windows\System\WuBUbtm.exe
  2⤵
  PID:2732
- C:\Windows\System\jyLxZDH.exe
  C:\Windows\System\jyLxZDH.exe
  2⤵
  PID:2252
- C:\Windows\System\PvaRbrF.exe
  C:\Windows\System\PvaRbrF.exe
  2⤵
  PID:1720
- C:\Windows\System\KiOzEBc.exe
  C:\Windows\System\KiOzEBc.exe
  2⤵
  PID:3048
- C:\Windows\System\gLxGQis.exe
  C:\Windows\System\gLxGQis.exe
  2⤵
  PID:236
- C:\Windows\System\XrdIvwf.exe
  C:\Windows\System\XrdIvwf.exe
  2⤵
  PID:1932
- C:\Windows\System\IuWTdrB.exe
  C:\Windows\System\IuWTdrB.exe
  2⤵
  PID:3108
- C:\Windows\System\UtRVIVP.exe
  C:\Windows\System\UtRVIVP.exe
  2⤵
  PID:1688
- C:\Windows\System\rksYyaO.exe
  C:\Windows\System\rksYyaO.exe
  2⤵
  PID:3172
- C:\Windows\System\lyiiTEr.exe
  C:\Windows\System\lyiiTEr.exe
  2⤵
  PID:3216
- C:\Windows\System\rVOLvWs.exe
  C:\Windows\System\rVOLvWs.exe
  2⤵
  PID:3264
- C:\Windows\System\kJCWfcr.exe
  C:\Windows\System\kJCWfcr.exe
  2⤵
  PID:3296
- C:\Windows\System\pmtGHTV.exe
  C:\Windows\System\pmtGHTV.exe
  2⤵
  PID:3120
- C:\Windows\System\hiPPYWv.exe
  C:\Windows\System\hiPPYWv.exe
  2⤵
  PID:3300
- C:\Windows\System\WKaOElY.exe
  C:\Windows\System\WKaOElY.exe
  2⤵
  PID:3232
- C:\Windows\System\mfewICF.exe
  C:\Windows\System\mfewICF.exe
  2⤵
  PID:3344
- C:\Windows\System\WZrrrmS.exe
  C:\Windows\System\WZrrrmS.exe
  2⤵
  PID:3420
- C:\Windows\System\FrNgvwL.exe
  C:\Windows\System\FrNgvwL.exe
  2⤵
  PID:3320
- C:\Windows\System\IRuFKPi.exe
  C:\Windows\System\IRuFKPi.exe
  2⤵
  PID:3360
- C:\Windows\System\RCFSDvX.exe
  C:\Windows\System\RCFSDvX.exe
  2⤵
  PID:3432
- C:\Windows\System\wlRmISf.exe
  C:\Windows\System\wlRmISf.exe
  2⤵
  PID:3484
- C:\Windows\System\avQxpSh.exe
  C:\Windows\System\avQxpSh.exe
  2⤵
  PID:3560
- C:\Windows\System\SJtStsG.exe
  C:\Windows\System\SJtStsG.exe
  2⤵
  PID:3596
- C:\Windows\System\MraBILF.exe
  C:\Windows\System\MraBILF.exe
  2⤵
  PID:3536
- C:\Windows\System\aLQoqAn.exe
  C:\Windows\System\aLQoqAn.exe
  2⤵
  PID:3640
- C:\Windows\System\vMOuSgd.exe
  C:\Windows\System\vMOuSgd.exe
  2⤵
  PID:3616
- C:\Windows\System\CLCGUeY.exe
  C:\Windows\System\CLCGUeY.exe
  2⤵
  PID:3672
- C:\Windows\System\BxERsWu.exe
  C:\Windows\System\BxERsWu.exe
  2⤵
  PID:3712
- C:\Windows\System\eqkjApa.exe
  C:\Windows\System\eqkjApa.exe
  2⤵
  PID:3652
- C:\Windows\System\KsNKKIE.exe
  C:\Windows\System\KsNKKIE.exe
  2⤵
  PID:3792
- C:\Windows\System\IXnHNdm.exe
  C:\Windows\System\IXnHNdm.exe
  2⤵
  PID:3832
- C:\Windows\System\KEKezTD.exe
  C:\Windows\System\KEKezTD.exe
  2⤵
  PID:3776
- C:\Windows\System\DWVVgdn.exe
  C:\Windows\System\DWVVgdn.exe
  2⤵
  PID:3908
- C:\Windows\System\gPsBmTL.exe
  C:\Windows\System\gPsBmTL.exe
  2⤵
  PID:3856
- C:\Windows\System\eqxCxBt.exe
  C:\Windows\System\eqxCxBt.exe
  2⤵
  PID:3952
- C:\Windows\System\aIbyfgQ.exe
  C:\Windows\System\aIbyfgQ.exe
  2⤵
  PID:4000
- C:\Windows\System\JcIPjQR.exe
  C:\Windows\System\JcIPjQR.exe
  2⤵
  PID:3940
- C:\Windows\System\JcNMYCs.exe
  C:\Windows\System\JcNMYCs.exe
  2⤵
  PID:3980
- C:\Windows\System\tscgsNY.exe
  C:\Windows\System\tscgsNY.exe
  2⤵
  PID:4076
- C:\Windows\System\gZRzdYB.exe
  C:\Windows\System\gZRzdYB.exe
  2⤵
  PID:2756
- C:\Windows\System\BSiYSiP.exe
  C:\Windows\System\BSiYSiP.exe
  2⤵
  PID:2300
- C:\Windows\System\lLYKCcB.exe
  C:\Windows\System\lLYKCcB.exe
  2⤵
  PID:2868
- C:\Windows\System\MwKJPAe.exe
  C:\Windows\System\MwKJPAe.exe
  2⤵
  PID:792
- C:\Windows\System\EXFFUXk.exe
  C:\Windows\System\EXFFUXk.exe
  2⤵
  PID:1580
- C:\Windows\System\AeOKgYA.exe
  C:\Windows\System\AeOKgYA.exe
  2⤵
  PID:1768
- C:\Windows\System\jmEskKk.exe
  C:\Windows\System\jmEskKk.exe
  2⤵
  PID:332
- C:\Windows\System\IVqKBWP.exe
  C:\Windows\System\IVqKBWP.exe
  2⤵
  PID:612
- C:\Windows\System\dVcQLWu.exe
  C:\Windows\System\dVcQLWu.exe
  2⤵
  PID:2852
- C:\Windows\System\dTxEyCm.exe
  C:\Windows\System\dTxEyCm.exe
  2⤵
  PID:1200
- C:\Windows\System\ITZENRE.exe
  C:\Windows\System\ITZENRE.exe
  2⤵
  PID:3156
- C:\Windows\System\mMJnTiP.exe
  C:\Windows\System\mMJnTiP.exe
  2⤵
  PID:3252
- C:\Windows\System\ophixua.exe
  C:\Windows\System\ophixua.exe
  2⤵
  PID:3092
- C:\Windows\System\mbGQoSI.exe
  C:\Windows\System\mbGQoSI.exe
  2⤵
  PID:3200
- C:\Windows\System\DRJAVDl.exe
  C:\Windows\System\DRJAVDl.exe
  2⤵
  PID:3552
- C:\Windows\System\OblNens.exe
  C:\Windows\System\OblNens.exe
  2⤵
  PID:3412
- C:\Windows\System\ZDlvpHD.exe
  C:\Windows\System\ZDlvpHD.exe
  2⤵
  PID:3500
- C:\Windows\System\BuWFqkW.exe
  C:\Windows\System\BuWFqkW.exe
  2⤵
  PID:3572
- C:\Windows\System\HwlBxjN.exe
  C:\Windows\System\HwlBxjN.exe
  2⤵
  PID:3716
- C:\Windows\System\PJYJjKI.exe
  C:\Windows\System\PJYJjKI.exe
  2⤵
  PID:3488
- C:\Windows\System\mEQBksY.exe
  C:\Windows\System\mEQBksY.exe
  2⤵
  PID:3692
- C:\Windows\System\iJkTOPB.exe
  C:\Windows\System\iJkTOPB.exe
  2⤵
  PID:3676
- C:\Windows\System\nTARUdw.exe
  C:\Windows\System\nTARUdw.exe
  2⤵
  PID:3796
- C:\Windows\System\cLMnsVA.exe
  C:\Windows\System\cLMnsVA.exe
  2⤵
  PID:2172
- C:\Windows\System\VuOzGWH.exe
  C:\Windows\System\VuOzGWH.exe
  2⤵
  PID:3800
- C:\Windows\System\KitCRln.exe
  C:\Windows\System\KitCRln.exe
  2⤵
  PID:4048
- C:\Windows\System\pnZBqmx.exe
  C:\Windows\System\pnZBqmx.exe
  2⤵
  PID:3936
- C:\Windows\System\eUXELSV.exe
  C:\Windows\System\eUXELSV.exe
  2⤵
  PID:2120
- C:\Windows\System\rYMgnLy.exe
  C:\Windows\System\rYMgnLy.exe
  2⤵
  PID:4016
- C:\Windows\System\ZrViUYK.exe
  C:\Windows\System\ZrViUYK.exe
  2⤵
  PID:4020
- C:\Windows\System\tQqQqbb.exe
  C:\Windows\System\tQqQqbb.exe
  2⤵
  PID:1572
- C:\Windows\System\bYNseJp.exe
  C:\Windows\System\bYNseJp.exe
  2⤵
  PID:3064
- C:\Windows\System\aPdwGgT.exe
  C:\Windows\System\aPdwGgT.exe
  2⤵
  PID:2684
- C:\Windows\System\yzQlrbk.exe
  C:\Windows\System\yzQlrbk.exe
  2⤵
  PID:2792
- C:\Windows\System\ZgRPZCE.exe
  C:\Windows\System\ZgRPZCE.exe
  2⤵
  PID:3124
- C:\Windows\System\YNQjERD.exe
  C:\Windows\System\YNQjERD.exe
  2⤵
  PID:3340
- C:\Windows\System\gbYskMO.exe
  C:\Windows\System\gbYskMO.exe
  2⤵
  PID:3400
- C:\Windows\System\HwJKgVk.exe
  C:\Windows\System\HwJKgVk.exe
  2⤵
  PID:3496
- C:\Windows\System\EhnOBmE.exe
  C:\Windows\System\EhnOBmE.exe
  2⤵
  PID:3204
- C:\Windows\System\yMfEVRD.exe
  C:\Windows\System\yMfEVRD.exe
  2⤵
  PID:2560
- C:\Windows\System\JWyuKvh.exe
  C:\Windows\System\JWyuKvh.exe
  2⤵
  PID:3628
- C:\Windows\System\UxgezaK.exe
  C:\Windows\System\UxgezaK.exe
  2⤵
  PID:2752
- C:\Windows\System\cYuLnEL.exe
  C:\Windows\System\cYuLnEL.exe
  2⤵
  PID:1824
- C:\Windows\System\iIlrYEL.exe
  C:\Windows\System\iIlrYEL.exe
  2⤵
  PID:3772
- C:\Windows\System\LxDTJjO.exe
  C:\Windows\System\LxDTJjO.exe
  2⤵
  PID:2964
- C:\Windows\System\VpHLPne.exe
  C:\Windows\System\VpHLPne.exe
  2⤵
  PID:4036
- C:\Windows\System\HkhuOSl.exe
  C:\Windows\System\HkhuOSl.exe
  2⤵
  PID:3088
- C:\Windows\System\cEypkCG.exe
  C:\Windows\System\cEypkCG.exe
  2⤵
  PID:2588
- C:\Windows\System\rCrGKii.exe
  C:\Windows\System\rCrGKii.exe
  2⤵
  PID:1804
- C:\Windows\System\gaOMRie.exe
  C:\Windows\System\gaOMRie.exe
  2⤵
  PID:3576
- C:\Windows\System\BfOdRsN.exe
  C:\Windows\System\BfOdRsN.exe
  2⤵
  PID:1672
- C:\Windows\System\NsdhuGS.exe
  C:\Windows\System\NsdhuGS.exe
  2⤵
  PID:3396
- C:\Windows\System\ZXZdGDp.exe
  C:\Windows\System\ZXZdGDp.exe
  2⤵
  PID:3444
- C:\Windows\System\FgLZgvn.exe
  C:\Windows\System\FgLZgvn.exe
  2⤵
  PID:3732
- C:\Windows\System\lgzKlwG.exe
  C:\Windows\System\lgzKlwG.exe
  2⤵
  PID:4108
- C:\Windows\System\jdFiTht.exe
  C:\Windows\System\jdFiTht.exe
  2⤵
  PID:4128
- C:\Windows\System\IhYELvY.exe
  C:\Windows\System\IhYELvY.exe
  2⤵
  PID:4148
- C:\Windows\System\qEObzYl.exe
  C:\Windows\System\qEObzYl.exe
  2⤵
  PID:4168
- C:\Windows\System\WqjPdJX.exe
  C:\Windows\System\WqjPdJX.exe
  2⤵
  PID:4188
- C:\Windows\System\yubKjib.exe
  C:\Windows\System\yubKjib.exe
  2⤵
  PID:4208
- C:\Windows\System\jziDrAT.exe
  C:\Windows\System\jziDrAT.exe
  2⤵
  PID:4228
- C:\Windows\System\gxHCDAH.exe
  C:\Windows\System\gxHCDAH.exe
  2⤵
  PID:4248
- C:\Windows\System\iyeEMwJ.exe
  C:\Windows\System\iyeEMwJ.exe
  2⤵
  PID:4268
- C:\Windows\System\qSFfjzL.exe
  C:\Windows\System\qSFfjzL.exe
  2⤵
  PID:4288
- C:\Windows\System\LyXLxmb.exe
  C:\Windows\System\LyXLxmb.exe
  2⤵
  PID:4304
- C:\Windows\System\pcYTxrR.exe
  C:\Windows\System\pcYTxrR.exe
  2⤵
  PID:4332
- C:\Windows\System\TVeVckC.exe
  C:\Windows\System\TVeVckC.exe
  2⤵
  PID:4356
- C:\Windows\System\gwDoEkZ.exe
  C:\Windows\System\gwDoEkZ.exe
  2⤵
  PID:4376
- C:\Windows\System\RYumzPi.exe
  C:\Windows\System\RYumzPi.exe
  2⤵
  PID:4396
- C:\Windows\System\aSiTyBN.exe
  C:\Windows\System\aSiTyBN.exe
  2⤵
  PID:4416
- C:\Windows\System\MEuknaU.exe
  C:\Windows\System\MEuknaU.exe
  2⤵
  PID:4432
- C:\Windows\System\MxvcyxI.exe
  C:\Windows\System\MxvcyxI.exe
  2⤵
  PID:4456
- C:\Windows\System\uPHRkFm.exe
  C:\Windows\System\uPHRkFm.exe
  2⤵
  PID:4476
- C:\Windows\System\fMqTqkL.exe
  C:\Windows\System\fMqTqkL.exe
  2⤵
  PID:4496
- C:\Windows\System\fysXvYy.exe
  C:\Windows\System\fysXvYy.exe
  2⤵
  PID:4516
- C:\Windows\System\hWhWuPi.exe
  C:\Windows\System\hWhWuPi.exe
  2⤵
  PID:4536
- C:\Windows\System\uOHCzNr.exe
  C:\Windows\System\uOHCzNr.exe
  2⤵
  PID:4556
- C:\Windows\System\qLHnGVT.exe
  C:\Windows\System\qLHnGVT.exe
  2⤵
  PID:4576
- C:\Windows\System\mDrxuKO.exe
  C:\Windows\System\mDrxuKO.exe
  2⤵
  PID:4596
- C:\Windows\System\WBUyTqQ.exe
  C:\Windows\System\WBUyTqQ.exe
  2⤵
  PID:4616
- C:\Windows\System\abfpNNn.exe
  C:\Windows\System\abfpNNn.exe
  2⤵
  PID:4636
- C:\Windows\System\xdKOHiM.exe
  C:\Windows\System\xdKOHiM.exe
  2⤵
  PID:4656
- C:\Windows\System\ATwPTgJ.exe
  C:\Windows\System\ATwPTgJ.exe
  2⤵
  PID:4676
- C:\Windows\System\VWWClEy.exe
  C:\Windows\System\VWWClEy.exe
  2⤵
  PID:4696
- C:\Windows\System\zSWblCC.exe
  C:\Windows\System\zSWblCC.exe
  2⤵
  PID:4716
- C:\Windows\System\uxMRnFU.exe
  C:\Windows\System\uxMRnFU.exe
  2⤵
  PID:4740
- C:\Windows\System\UqUHFGR.exe
  C:\Windows\System\UqUHFGR.exe
  2⤵
  PID:4760
- C:\Windows\System\TWeqjEU.exe
  C:\Windows\System\TWeqjEU.exe
  2⤵
  PID:4784
- C:\Windows\System\aAYxCYs.exe
  C:\Windows\System\aAYxCYs.exe
  2⤵
  PID:4804
- C:\Windows\System\IlqwdFi.exe
  C:\Windows\System\IlqwdFi.exe
  2⤵
  PID:4824
- C:\Windows\System\MQIgOoL.exe
  C:\Windows\System\MQIgOoL.exe
  2⤵
  PID:4844
- C:\Windows\System\GuOEOzS.exe
  C:\Windows\System\GuOEOzS.exe
  2⤵
  PID:4864
- C:\Windows\System\sUfmaVG.exe
  C:\Windows\System\sUfmaVG.exe
  2⤵
  PID:4884
- C:\Windows\System\XIKkrVg.exe
  C:\Windows\System\XIKkrVg.exe
  2⤵
  PID:4900
- C:\Windows\System\VbCreki.exe
  C:\Windows\System\VbCreki.exe
  2⤵
  PID:4924
- C:\Windows\System\tJUdTvL.exe
  C:\Windows\System\tJUdTvL.exe
  2⤵
  PID:4944
- C:\Windows\System\OeUZsFC.exe
  C:\Windows\System\OeUZsFC.exe
  2⤵
  PID:4964
- C:\Windows\System\zohWAsd.exe
  C:\Windows\System\zohWAsd.exe
  2⤵
  PID:4984
- C:\Windows\System\vartXXB.exe
  C:\Windows\System\vartXXB.exe
  2⤵
  PID:5004
- C:\Windows\System\TVUUdLG.exe
  C:\Windows\System\TVUUdLG.exe
  2⤵
  PID:5024
- C:\Windows\System\HnuCRZj.exe
  C:\Windows\System\HnuCRZj.exe
  2⤵
  PID:5044
- C:\Windows\System\imyobFX.exe
  C:\Windows\System\imyobFX.exe
  2⤵
  PID:5064
- C:\Windows\System\jyDzGOr.exe
  C:\Windows\System\jyDzGOr.exe
  2⤵
  PID:5084
- C:\Windows\System\ZhRnSuR.exe
  C:\Windows\System\ZhRnSuR.exe
  2⤵
  PID:5104
- C:\Windows\System\cNwymTx.exe
  C:\Windows\System\cNwymTx.exe
  2⤵
  PID:3984
- C:\Windows\System\iYWlHLN.exe
  C:\Windows\System\iYWlHLN.exe
  2⤵
  PID:3752
- C:\Windows\System\ABtHDKv.exe
  C:\Windows\System\ABtHDKv.exe
  2⤵
  PID:1840
- C:\Windows\System\SQWvhcQ.exe
  C:\Windows\System\SQWvhcQ.exe
  2⤵
  PID:4080
- C:\Windows\System\EzxDgQM.exe
  C:\Windows\System\EzxDgQM.exe
  2⤵
  PID:860
- C:\Windows\System\LhfhhIZ.exe
  C:\Windows\System\LhfhhIZ.exe
  2⤵
  PID:3464
- C:\Windows\System\abDawaA.exe
  C:\Windows\System\abDawaA.exe
  2⤵
  PID:3356
- C:\Windows\System\SlrsAhN.exe
  C:\Windows\System\SlrsAhN.exe
  2⤵
  PID:4136
- C:\Windows\System\YlxIrUY.exe
  C:\Windows\System\YlxIrUY.exe
  2⤵
  PID:4144
- C:\Windows\System\CsJyhcE.exe
  C:\Windows\System\CsJyhcE.exe
  2⤵
  PID:4164
- C:\Windows\System\levZHHC.exe
  C:\Windows\System\levZHHC.exe
  2⤵
  PID:4220
- C:\Windows\System\BZGIPms.exe
  C:\Windows\System\BZGIPms.exe
  2⤵
  PID:4236
- C:\Windows\System\UAJxWtb.exe
  C:\Windows\System\UAJxWtb.exe
  2⤵
  PID:4276
- C:\Windows\System\dXdQjUI.exe
  C:\Windows\System\dXdQjUI.exe
  2⤵
  PID:4348
- C:\Windows\System\YiRuxma.exe
  C:\Windows\System\YiRuxma.exe
  2⤵
  PID:4344
- C:\Windows\System\huQiDGy.exe
  C:\Windows\System\huQiDGy.exe
  2⤵
  PID:4388
- C:\Windows\System\YcBUyfJ.exe
  C:\Windows\System\YcBUyfJ.exe
  2⤵
  PID:4412
- C:\Windows\System\kISJfeZ.exe
  C:\Windows\System\kISJfeZ.exe
  2⤵
  PID:4444
- C:\Windows\System\RlIeOGw.exe
  C:\Windows\System\RlIeOGw.exe
  2⤵
  PID:4504
- C:\Windows\System\HuQvfje.exe
  C:\Windows\System\HuQvfje.exe
  2⤵
  PID:4492
- C:\Windows\System\SUMYPxw.exe
  C:\Windows\System\SUMYPxw.exe
  2⤵
  PID:4532
- C:\Windows\System\xqTmiKV.exe
  C:\Windows\System\xqTmiKV.exe
  2⤵
  PID:4572
- C:\Windows\System\ODTHlKN.exe
  C:\Windows\System\ODTHlKN.exe
  2⤵
  PID:4608
- C:\Windows\System\tVGKXhs.exe
  C:\Windows\System\tVGKXhs.exe
  2⤵
  PID:4664
- C:\Windows\System\rXnVkel.exe
  C:\Windows\System\rXnVkel.exe
  2⤵
  PID:4712
- C:\Windows\System\YcrGVVx.exe
  C:\Windows\System\YcrGVVx.exe
  2⤵
  PID:4724
- C:\Windows\System\TfWONKX.exe
  C:\Windows\System\TfWONKX.exe
  2⤵
  PID:4728
- C:\Windows\System\FYvMPbc.exe
  C:\Windows\System\FYvMPbc.exe
  2⤵
  PID:4796
- C:\Windows\System\awWFnYu.exe
  C:\Windows\System\awWFnYu.exe
  2⤵
  PID:4836
- C:\Windows\System\BeNdLNm.exe
  C:\Windows\System\BeNdLNm.exe
  2⤵
  PID:4860
- C:\Windows\System\RUMgbiG.exe
  C:\Windows\System\RUMgbiG.exe
  2⤵
  PID:4908
- C:\Windows\System\CPwCFsu.exe
  C:\Windows\System\CPwCFsu.exe
  2⤵
  PID:4896
- C:\Windows\System\czgYwiW.exe
  C:\Windows\System\czgYwiW.exe
  2⤵
  PID:1144
- C:\Windows\System\wUnBTLL.exe
  C:\Windows\System\wUnBTLL.exe
  2⤵
  PID:5000
- C:\Windows\System\AWscgGs.exe
  C:\Windows\System\AWscgGs.exe
  2⤵
  PID:5040
- C:\Windows\System\VYrSJiB.exe
  C:\Windows\System\VYrSJiB.exe
  2⤵
  PID:5072
- C:\Windows\System\mFFuXAd.exe
  C:\Windows\System\mFFuXAd.exe
  2⤵
  PID:5056
- C:\Windows\System\WLygoXC.exe
  C:\Windows\System\WLygoXC.exe
  2⤵
  PID:896
- C:\Windows\System\lAleYQW.exe
  C:\Windows\System\lAleYQW.exe
  2⤵
  PID:3868
- C:\Windows\System\NVvnyFC.exe
  C:\Windows\System\NVvnyFC.exe
  2⤵
  PID:2672
- C:\Windows\System\PNujYHa.exe
  C:\Windows\System\PNujYHa.exe
  2⤵
  PID:3612
- C:\Windows\System\AKXCyVA.exe
  C:\Windows\System\AKXCyVA.exe
  2⤵
  PID:2960
- C:\Windows\System\BjRGxMS.exe
  C:\Windows\System\BjRGxMS.exe
  2⤵
  PID:3492
- C:\Windows\System\QUqcJlA.exe
  C:\Windows\System\QUqcJlA.exe
  2⤵
  PID:4224
- C:\Windows\System\QqZMAov.exe
  C:\Windows\System\QqZMAov.exe
  2⤵
  PID:4176
- C:\Windows\System\qKOlctY.exe
  C:\Windows\System\qKOlctY.exe
  2⤵
  PID:4260
- C:\Windows\System\MbIlIvY.exe
  C:\Windows\System\MbIlIvY.exe
  2⤵
  PID:4340
- C:\Windows\System\oMxNjwz.exe
  C:\Windows\System\oMxNjwz.exe
  2⤵
  PID:4368
- C:\Windows\System\pGXjFth.exe
  C:\Windows\System\pGXjFth.exe
  2⤵
  PID:4468
- C:\Windows\System\muSFpqv.exe
  C:\Windows\System\muSFpqv.exe
  2⤵
  PID:4428
- C:\Windows\System\zqGwVAN.exe
  C:\Windows\System\zqGwVAN.exe
  2⤵
  PID:4588
- C:\Windows\System\AIkCEjD.exe
  C:\Windows\System\AIkCEjD.exe
  2⤵
  PID:4584
- C:\Windows\System\DLWPXgY.exe
  C:\Windows\System\DLWPXgY.exe
  2⤵
  PID:4628
- C:\Windows\System\uiCsKlO.exe
  C:\Windows\System\uiCsKlO.exe
  2⤵
  PID:4752
- C:\Windows\System\hebLcsv.exe
  C:\Windows\System\hebLcsv.exe
  2⤵
  PID:4688
- C:\Windows\System\ucbKeyr.exe
  C:\Windows\System\ucbKeyr.exe
  2⤵
  PID:2816
- C:\Windows\System\athLcNa.exe
  C:\Windows\System\athLcNa.exe
  2⤵
  PID:4932
- C:\Windows\System\IwdmvOA.exe
  C:\Windows\System\IwdmvOA.exe
  2⤵
  PID:4920
- C:\Windows\System\xcaQAKe.exe
  C:\Windows\System\xcaQAKe.exe
  2⤵
  PID:4980
- C:\Windows\System\CNzfsLp.exe
  C:\Windows\System\CNzfsLp.exe
  2⤵
  PID:5080
- C:\Windows\System\BqlMYiW.exe
  C:\Windows\System\BqlMYiW.exe
  2⤵
  PID:5012
- C:\Windows\System\VpSvmwz.exe
  C:\Windows\System\VpSvmwz.exe
  2⤵
  PID:3892
- C:\Windows\System\ZWDhRiN.exe
  C:\Windows\System\ZWDhRiN.exe
  2⤵
  PID:3768
- C:\Windows\System\XRaQRIh.exe
  C:\Windows\System\XRaQRIh.exe
  2⤵
  PID:4116
- C:\Windows\System\tNILSKp.exe
  C:\Windows\System\tNILSKp.exe
  2⤵
  PID:4196
- C:\Windows\System\aFjXNsy.exe
  C:\Windows\System\aFjXNsy.exe
  2⤵
  PID:4424
- C:\Windows\System\VTHkaLQ.exe
  C:\Windows\System\VTHkaLQ.exe
  2⤵
  PID:4216
- C:\Windows\System\ztBsZul.exe
  C:\Windows\System\ztBsZul.exe
  2⤵
  PID:4240
- C:\Windows\System\obHDUtP.exe
  C:\Windows\System\obHDUtP.exe
  2⤵
  PID:4544
- C:\Windows\System\nixZqLl.exe
  C:\Windows\System\nixZqLl.exe
  2⤵
  PID:4668
- C:\Windows\System\AJUzvLs.exe
  C:\Windows\System\AJUzvLs.exe
  2⤵
  PID:4816
- C:\Windows\System\vxMaFVy.exe
  C:\Windows\System\vxMaFVy.exe
  2⤵
  PID:4880
- C:\Windows\System\KIijXhq.exe
  C:\Windows\System\KIijXhq.exe
  2⤵
  PID:4872
- C:\Windows\System\WNMViXv.exe
  C:\Windows\System\WNMViXv.exe
  2⤵
  PID:4952
- C:\Windows\System\BqXPpUu.exe
  C:\Windows\System\BqXPpUu.exe
  2⤵
  PID:5032
- C:\Windows\System\PDJCjUW.exe
  C:\Windows\System\PDJCjUW.exe
  2⤵
  PID:5144
- C:\Windows\System\eACFrkO.exe
  C:\Windows\System\eACFrkO.exe
  2⤵
  PID:5168
- C:\Windows\System\OmUlaAq.exe
  C:\Windows\System\OmUlaAq.exe
  2⤵
  PID:5184
- C:\Windows\System\pKbmmzM.exe
  C:\Windows\System\pKbmmzM.exe
  2⤵
  PID:5212
- C:\Windows\System\SBykvYK.exe
  C:\Windows\System\SBykvYK.exe
  2⤵
  PID:5232
- C:\Windows\System\pjviRpm.exe
  C:\Windows\System\pjviRpm.exe
  2⤵
  PID:5252
- C:\Windows\System\JvqSYin.exe
  C:\Windows\System\JvqSYin.exe
  2⤵
  PID:5272
- C:\Windows\System\GBHbHqg.exe
  C:\Windows\System\GBHbHqg.exe
  2⤵
  PID:5292
- C:\Windows\System\pWyOzKV.exe
  C:\Windows\System\pWyOzKV.exe
  2⤵
  PID:5312
- C:\Windows\System\CkrhgHP.exe
  C:\Windows\System\CkrhgHP.exe
  2⤵
  PID:5332
- C:\Windows\System\yceAkaT.exe
  C:\Windows\System\yceAkaT.exe
  2⤵
  PID:5352
- C:\Windows\System\GTPmTmT.exe
  C:\Windows\System\GTPmTmT.exe
  2⤵
  PID:5372
- C:\Windows\System\wsMgcQU.exe
  C:\Windows\System\wsMgcQU.exe
  2⤵
  PID:5392
- C:\Windows\System\IpJoClX.exe
  C:\Windows\System\IpJoClX.exe
  2⤵
  PID:5412
- C:\Windows\System\fbJUnLO.exe
  C:\Windows\System\fbJUnLO.exe
  2⤵
  PID:5432
- C:\Windows\System\ESpQeXY.exe
  C:\Windows\System\ESpQeXY.exe
  2⤵
  PID:5452
- C:\Windows\System\KBEiOpH.exe
  C:\Windows\System\KBEiOpH.exe
  2⤵
  PID:5468
- C:\Windows\System\pezRcmM.exe
  C:\Windows\System\pezRcmM.exe
  2⤵
  PID:5492
- C:\Windows\System\uYSyLbg.exe
  C:\Windows\System\uYSyLbg.exe
  2⤵
  PID:5512
- C:\Windows\System\YrajpDn.exe
  C:\Windows\System\YrajpDn.exe
  2⤵
  PID:5536
- C:\Windows\System\gcCEwgn.exe
  C:\Windows\System\gcCEwgn.exe
  2⤵
  PID:5556
- C:\Windows\System\zTroHKq.exe
  C:\Windows\System\zTroHKq.exe
  2⤵
  PID:5576
- C:\Windows\System\YOtnxul.exe
  C:\Windows\System\YOtnxul.exe
  2⤵
  PID:5592
- C:\Windows\System\lOubgGb.exe
  C:\Windows\System\lOubgGb.exe
  2⤵
  PID:5616
- C:\Windows\System\mfLxGgM.exe
  C:\Windows\System\mfLxGgM.exe
  2⤵
  PID:5636
- C:\Windows\System\ynLWXjy.exe
  C:\Windows\System\ynLWXjy.exe
  2⤵
  PID:5656
- C:\Windows\System\YsrrtcR.exe
  C:\Windows\System\YsrrtcR.exe
  2⤵
  PID:5680
- C:\Windows\System\nLmufcn.exe
  C:\Windows\System\nLmufcn.exe
  2⤵
  PID:5700
- C:\Windows\System\wwXDJVy.exe
  C:\Windows\System\wwXDJVy.exe
  2⤵
  PID:5716
- C:\Windows\System\KDQwWfi.exe
  C:\Windows\System\KDQwWfi.exe
  2⤵
  PID:5740
- C:\Windows\System\uenrNwn.exe
  C:\Windows\System\uenrNwn.exe
  2⤵
  PID:5760
- C:\Windows\System\BTbfOqu.exe
  C:\Windows\System\BTbfOqu.exe
  2⤵
  PID:5780
- C:\Windows\System\YKYZRgL.exe
  C:\Windows\System\YKYZRgL.exe
  2⤵
  PID:5800
- C:\Windows\System\vBciTHt.exe
  C:\Windows\System\vBciTHt.exe
  2⤵
  PID:5816
- C:\Windows\System\YvmXAsH.exe
  C:\Windows\System\YvmXAsH.exe
  2⤵
  PID:5840
- C:\Windows\System\PPMqgmF.exe
  C:\Windows\System\PPMqgmF.exe
  2⤵
  PID:5860
- C:\Windows\System\hBjMngH.exe
  C:\Windows\System\hBjMngH.exe
  2⤵
  PID:5880
- C:\Windows\System\EFRsvsW.exe
  C:\Windows\System\EFRsvsW.exe
  2⤵
  PID:5900
- C:\Windows\System\HyzSvse.exe
  C:\Windows\System\HyzSvse.exe
  2⤵
  PID:5924
- C:\Windows\System\YUumrzQ.exe
  C:\Windows\System\YUumrzQ.exe
  2⤵
  PID:5944
- C:\Windows\System\qzTGBhQ.exe
  C:\Windows\System\qzTGBhQ.exe
  2⤵
  PID:5964
- C:\Windows\System\mQRLBss.exe
  C:\Windows\System\mQRLBss.exe
  2⤵
  PID:5984
- C:\Windows\System\eogZvzg.exe
  C:\Windows\System\eogZvzg.exe
  2⤵
  PID:6004
- C:\Windows\System\sOcuuGO.exe
  C:\Windows\System\sOcuuGO.exe
  2⤵
  PID:6024
- C:\Windows\System\PtPepBW.exe
  C:\Windows\System\PtPepBW.exe
  2⤵
  PID:6044
- C:\Windows\System\IlJDwsO.exe
  C:\Windows\System\IlJDwsO.exe
  2⤵
  PID:6064
- C:\Windows\System\sXKbPkE.exe
  C:\Windows\System\sXKbPkE.exe
  2⤵
  PID:6084
- C:\Windows\System\kUjSfkc.exe
  C:\Windows\System\kUjSfkc.exe
  2⤵
  PID:6104
- C:\Windows\System\mnjUSqh.exe
  C:\Windows\System\mnjUSqh.exe
  2⤵
  PID:6128
- C:\Windows\System\aoklkYX.exe
  C:\Windows\System\aoklkYX.exe
  2⤵
  PID:2380
- C:\Windows\System\ehUUrue.exe
  C:\Windows\System\ehUUrue.exe
  2⤵
  PID:5060
- C:\Windows\System\CsHCFoN.exe
  C:\Windows\System\CsHCFoN.exe
  2⤵
  PID:4124
- C:\Windows\System\hzwelyD.exe
  C:\Windows\System\hzwelyD.exe
  2⤵
  PID:3912
- C:\Windows\System\upSeZzh.exe
  C:\Windows\System\upSeZzh.exe
  2⤵
  PID:4324
- C:\Windows\System\qcZNoes.exe
  C:\Windows\System\qcZNoes.exe
  2⤵
  PID:4384
- C:\Windows\System\wCCvYXU.exe
  C:\Windows\System\wCCvYXU.exe
  2⤵
  PID:2776
- C:\Windows\System\sKyXgLu.exe
  C:\Windows\System\sKyXgLu.exe
  2⤵
  PID:4852
- C:\Windows\System\sbRSpTN.exe
  C:\Windows\System\sbRSpTN.exe
  2⤵
  PID:4792
- C:\Windows\System\fDNarlQ.exe
  C:\Windows\System\fDNarlQ.exe
  2⤵
  PID:5152
- C:\Windows\System\GuKrbFf.exe
  C:\Windows\System\GuKrbFf.exe
  2⤵
  PID:5204
- C:\Windows\System\rTShDmx.exe
  C:\Windows\System\rTShDmx.exe
  2⤵
  PID:5128
- C:\Windows\System\BEcVjsY.exe
  C:\Windows\System\BEcVjsY.exe
  2⤵
  PID:2820
- C:\Windows\System\iwinYPk.exe
  C:\Windows\System\iwinYPk.exe
  2⤵
  PID:2824
- C:\Windows\System\XCZbZnW.exe
  C:\Windows\System\XCZbZnW.exe
  2⤵
  PID:5280
- C:\Windows\System\apipKpJ.exe
  C:\Windows\System\apipKpJ.exe
  2⤵
  PID:5320
- C:\Windows\System\PGrUpLU.exe
  C:\Windows\System\PGrUpLU.exe
  2⤵
  PID:5304
- C:\Windows\System\ghtzfGP.exe
  C:\Windows\System\ghtzfGP.exe
  2⤵
  PID:5364
- C:\Windows\System\uhRNUOA.exe
  C:\Windows\System\uhRNUOA.exe
  2⤵
  PID:5388
- C:\Windows\System\mDFzkOX.exe
  C:\Windows\System\mDFzkOX.exe
  2⤵
  PID:5448
- C:\Windows\System\fSchyWj.exe
  C:\Windows\System\fSchyWj.exe
  2⤵
  PID:5488
- C:\Windows\System\GQPWuSI.exe
  C:\Windows\System\GQPWuSI.exe
  2⤵
  PID:5500
- C:\Windows\System\nugFWkl.exe
  C:\Windows\System\nugFWkl.exe
  2⤵
  PID:5544
- C:\Windows\System\sXbHWEA.exe
  C:\Windows\System\sXbHWEA.exe
  2⤵
  PID:1936
- C:\Windows\System\YLaNPJU.exe
  C:\Windows\System\YLaNPJU.exe
  2⤵
  PID:5584
- C:\Windows\System\xeHcteO.exe
  C:\Windows\System\xeHcteO.exe
  2⤵
  PID:5624
- C:\Windows\System\EtoJWNb.exe
  C:\Windows\System\EtoJWNb.exe
  2⤵
  PID:5688
- C:\Windows\System\GpRLyQZ.exe
  C:\Windows\System\GpRLyQZ.exe
  2⤵
  PID:5692
- C:\Windows\System\LvRhPbl.exe
  C:\Windows\System\LvRhPbl.exe
  2⤵
  PID:5732
- C:\Windows\System\UhIehWC.exe
  C:\Windows\System\UhIehWC.exe
  2⤵
  PID:5756
- C:\Windows\System\OaJkdCB.exe
  C:\Windows\System\OaJkdCB.exe
  2⤵
  PID:5772
- C:\Windows\System\NfwtIiS.exe
  C:\Windows\System\NfwtIiS.exe
  2⤵
  PID:5812
- C:\Windows\System\AzcULtw.exe
  C:\Windows\System\AzcULtw.exe
  2⤵
  PID:5856
- C:\Windows\System\vJpraIJ.exe
  C:\Windows\System\vJpraIJ.exe
  2⤵
  PID:5876
- C:\Windows\System\LRwintq.exe
  C:\Windows\System\LRwintq.exe
  2⤵
  PID:5916
- C:\Windows\System\hrMFBRa.exe
  C:\Windows\System\hrMFBRa.exe
  2⤵
  PID:5936
- C:\Windows\System\PYJRSkG.exe
  C:\Windows\System\PYJRSkG.exe
  2⤵
  PID:5976
- C:\Windows\System\PbSpRnh.exe
  C:\Windows\System\PbSpRnh.exe
  2⤵
  PID:5992
- C:\Windows\System\kLbXkBZ.exe
  C:\Windows\System\kLbXkBZ.exe
  2⤵
  PID:6056
- C:\Windows\System\VCNtfRz.exe
  C:\Windows\System\VCNtfRz.exe
  2⤵
  PID:6136
- C:\Windows\System\tbpNBPJ.exe
  C:\Windows\System\tbpNBPJ.exe
  2⤵
  PID:6076
- C:\Windows\System\jqbHgXN.exe
  C:\Windows\System\jqbHgXN.exe
  2⤵
  PID:6120
- C:\Windows\System\Ftolwjn.exe
  C:\Windows\System\Ftolwjn.exe
  2⤵
  PID:3476
- C:\Windows\System\ReyruuU.exe
  C:\Windows\System\ReyruuU.exe
  2⤵
  PID:4064
- C:\Windows\System\BhkuLBb.exe
  C:\Windows\System\BhkuLBb.exe
  2⤵
  PID:4320
- C:\Windows\System\XYwKuUj.exe
  C:\Windows\System\XYwKuUj.exe
  2⤵
  PID:4644
- C:\Windows\System\NAEmCze.exe
  C:\Windows\System\NAEmCze.exe
  2⤵
  PID:5200
- C:\Windows\System\ttUjEah.exe
  C:\Windows\System\ttUjEah.exe
  2⤵
  PID:5196
- C:\Windows\System\SrDHULe.exe
  C:\Windows\System\SrDHULe.exe
  2⤵
  PID:5228
- C:\Windows\System\XFVKbKv.exe
  C:\Windows\System\XFVKbKv.exe
  2⤵
  PID:5324
- C:\Windows\System\uBwbtsc.exe
  C:\Windows\System\uBwbtsc.exe
  2⤵
  PID:5264
- C:\Windows\System\FQGCJQy.exe
  C:\Windows\System\FQGCJQy.exe
  2⤵
  PID:6124
- C:\Windows\System\hlZSMuc.exe
  C:\Windows\System\hlZSMuc.exe
  2⤵
  PID:5424
- C:\Windows\System\XlDjtDs.exe
  C:\Windows\System\XlDjtDs.exe
  2⤵
  PID:5476
- C:\Windows\System\XnwFsFn.exe
  C:\Windows\System\XnwFsFn.exe
  2⤵
  PID:5524
- C:\Windows\System\GzhjyqB.exe
  C:\Windows\System\GzhjyqB.exe
  2⤵
  PID:5572
- C:\Windows\System\cEUHkcX.exe
  C:\Windows\System\cEUHkcX.exe
  2⤵
  PID:5652
- C:\Windows\System\DvQHUUb.exe
  C:\Windows\System\DvQHUUb.exe
  2⤵
  PID:3052
- C:\Windows\System\SWNAmwP.exe
  C:\Windows\System\SWNAmwP.exe
  2⤵
  PID:5668
- C:\Windows\System\amiWOtW.exe
  C:\Windows\System\amiWOtW.exe
  2⤵
  PID:5748
- C:\Windows\System\veSNfBa.exe
  C:\Windows\System\veSNfBa.exe
  2⤵
  PID:5792
- C:\Windows\System\HwHqEkT.exe
  C:\Windows\System\HwHqEkT.exe
  2⤵
  PID:5980
- C:\Windows\System\hYjtyVV.exe
  C:\Windows\System\hYjtyVV.exe
  2⤵
  PID:5868
- C:\Windows\System\gxuakII.exe
  C:\Windows\System\gxuakII.exe
  2⤵
  PID:6060
- C:\Windows\System\TALSpDq.exe
  C:\Windows\System\TALSpDq.exe
  2⤵
  PID:6052
- C:\Windows\System\NJsvUKW.exe
  C:\Windows\System\NJsvUKW.exe
  2⤵
  PID:6080
- C:\Windows\System\KODDfSq.exe
  C:\Windows\System\KODDfSq.exe
  2⤵
  PID:6112
- C:\Windows\System\NwKPLhv.exe
  C:\Windows\System\NwKPLhv.exe
  2⤵
  PID:4104
- C:\Windows\System\Riuebmx.exe
  C:\Windows\System\Riuebmx.exe
  2⤵
  PID:4756
- C:\Windows\System\tryrQIx.exe
  C:\Windows\System\tryrQIx.exe
  2⤵
  PID:5220
- C:\Windows\System\LNYENZp.exe
  C:\Windows\System\LNYENZp.exe
  2⤵
  PID:5300
- C:\Windows\System\jLJEeXL.exe
  C:\Windows\System\jLJEeXL.exe
  2⤵
  PID:5224
- C:\Windows\System\awnajpp.exe
  C:\Windows\System\awnajpp.exe
  2⤵
  PID:5344
- C:\Windows\System\kBQpGNL.exe
  C:\Windows\System\kBQpGNL.exe
  2⤵
  PID:5460
- C:\Windows\System\HNMKsbE.exe
  C:\Windows\System\HNMKsbE.exe
  2⤵
  PID:5428
- C:\Windows\System\ekTWynO.exe
  C:\Windows\System\ekTWynO.exe
  2⤵
  PID:5568
- C:\Windows\System\CldgBKW.exe
  C:\Windows\System\CldgBKW.exe
  2⤵
  PID:2128
- C:\Windows\System\NqVRsnA.exe
  C:\Windows\System\NqVRsnA.exe
  2⤵
  PID:5672
- C:\Windows\System\ygRwdmu.exe
  C:\Windows\System\ygRwdmu.exe
  2⤵
  PID:2372
- C:\Windows\System\RYpOFQP.exe
  C:\Windows\System\RYpOFQP.exe
  2⤵
  PID:5872
- C:\Windows\System\vbETEnw.exe
  C:\Windows\System\vbETEnw.exe
  2⤵
  PID:6012
- C:\Windows\System\welnIzN.exe
  C:\Windows\System\welnIzN.exe
  2⤵
  PID:6096
- C:\Windows\System\KnnXMBm.exe
  C:\Windows\System\KnnXMBm.exe
  2⤵
  PID:4184
- C:\Windows\System\BYgpPVj.exe
  C:\Windows\System\BYgpPVj.exe
  2⤵
  PID:5140
- C:\Windows\System\ePbeThN.exe
  C:\Windows\System\ePbeThN.exe
  2⤵
  PID:5244
- C:\Windows\System\hEoDtqK.exe
  C:\Windows\System\hEoDtqK.exe
  2⤵
  PID:5408
- C:\Windows\System\iADGJNp.exe
  C:\Windows\System\iADGJNp.exe
  2⤵
  PID:6164
- C:\Windows\System\ENWFMgb.exe
  C:\Windows\System\ENWFMgb.exe
  2⤵
  PID:6184
- C:\Windows\System\plidubL.exe
  C:\Windows\System\plidubL.exe
  2⤵
  PID:6204
- C:\Windows\System\teeuxoA.exe
  C:\Windows\System\teeuxoA.exe
  2⤵
  PID:6220
- C:\Windows\System\uyNnPSy.exe
  C:\Windows\System\uyNnPSy.exe
  2⤵
  PID:6248
- C:\Windows\System\fkrkCUF.exe
  C:\Windows\System\fkrkCUF.exe
  2⤵
  PID:6268
- C:\Windows\System\aWrzbED.exe
  C:\Windows\System\aWrzbED.exe
  2⤵
  PID:6288
- C:\Windows\System\pifgNpM.exe
  C:\Windows\System\pifgNpM.exe
  2⤵
  PID:6308
- C:\Windows\System\xOsyrwr.exe
  C:\Windows\System\xOsyrwr.exe
  2⤵
  PID:6328
- C:\Windows\System\dleySxa.exe
  C:\Windows\System\dleySxa.exe
  2⤵
  PID:6348
- C:\Windows\System\uatjGca.exe
  C:\Windows\System\uatjGca.exe
  2⤵
  PID:6368
- C:\Windows\System\OkGjoYf.exe
  C:\Windows\System\OkGjoYf.exe
  2⤵
  PID:6392
- C:\Windows\System\cujRPHu.exe
  C:\Windows\System\cujRPHu.exe
  2⤵
  PID:6412
- C:\Windows\System\dGOuLqH.exe
  C:\Windows\System\dGOuLqH.exe
  2⤵
  PID:6432
- C:\Windows\System\oFABzln.exe
  C:\Windows\System\oFABzln.exe
  2⤵
  PID:6452
- C:\Windows\System\ijsepjb.exe
  C:\Windows\System\ijsepjb.exe
  2⤵
  PID:6472
- C:\Windows\System\ERlAOLQ.exe
  C:\Windows\System\ERlAOLQ.exe
  2⤵
  PID:6492
- C:\Windows\System\seCCzgu.exe
  C:\Windows\System\seCCzgu.exe
  2⤵
  PID:6512
- C:\Windows\System\DSDUAAO.exe
  C:\Windows\System\DSDUAAO.exe
  2⤵
  PID:6528
- C:\Windows\System\fsEFvIo.exe
  C:\Windows\System\fsEFvIo.exe
  2⤵
  PID:6548
- C:\Windows\System\tdahSkh.exe
  C:\Windows\System\tdahSkh.exe
  2⤵
  PID:6568
- C:\Windows\System\OOejjAY.exe
  C:\Windows\System\OOejjAY.exe
  2⤵
  PID:6592
- C:\Windows\System\ypdqTmT.exe
  C:\Windows\System\ypdqTmT.exe
  2⤵
  PID:6612
- C:\Windows\System\MWFKsdq.exe
  C:\Windows\System\MWFKsdq.exe
  2⤵
  PID:6632
- C:\Windows\System\yFkeqnj.exe
  C:\Windows\System\yFkeqnj.exe
  2⤵
  PID:6656
- C:\Windows\System\DEueenb.exe
  C:\Windows\System\DEueenb.exe
  2⤵
  PID:6672
- C:\Windows\System\kbGPmLt.exe
  C:\Windows\System\kbGPmLt.exe
  2⤵
  PID:6692
- C:\Windows\System\XkJbJub.exe
  C:\Windows\System\XkJbJub.exe
  2⤵
  PID:6720
- C:\Windows\System\XmNXXwS.exe
  C:\Windows\System\XmNXXwS.exe
  2⤵
  PID:6748
- C:\Windows\System\XuVzYOu.exe
  C:\Windows\System\XuVzYOu.exe
  2⤵
  PID:6768
- C:\Windows\System\OWbWUzN.exe
  C:\Windows\System\OWbWUzN.exe
  2⤵
  PID:6788
- C:\Windows\System\WawPlmX.exe
  C:\Windows\System\WawPlmX.exe
  2⤵
  PID:6816
- C:\Windows\System\mnsKtBd.exe
  C:\Windows\System\mnsKtBd.exe
  2⤵
  PID:6836
- C:\Windows\System\XXFetGm.exe
  C:\Windows\System\XXFetGm.exe
  2⤵
  PID:6856
- C:\Windows\System\trfnEin.exe
  C:\Windows\System\trfnEin.exe
  2⤵
  PID:6876
- C:\Windows\System\iqabozF.exe
  C:\Windows\System\iqabozF.exe
  2⤵
  PID:6900
- C:\Windows\System\nMumnLv.exe
  C:\Windows\System\nMumnLv.exe
  2⤵
  PID:6920
- C:\Windows\System\txSxcdd.exe
  C:\Windows\System\txSxcdd.exe
  2⤵
  PID:6940
- C:\Windows\System\TwBsFIf.exe
  C:\Windows\System\TwBsFIf.exe
  2⤵
  PID:6960
- C:\Windows\System\yYgqDvh.exe
  C:\Windows\System\yYgqDvh.exe
  2⤵
  PID:6976
- C:\Windows\System\WEVVAUv.exe
  C:\Windows\System\WEVVAUv.exe
  2⤵
  PID:7004
- C:\Windows\System\aXzKtwj.exe
  C:\Windows\System\aXzKtwj.exe
  2⤵
  PID:7024
- C:\Windows\System\KrWSLKI.exe
  C:\Windows\System\KrWSLKI.exe
  2⤵
  PID:7048
- C:\Windows\System\EKSPAZa.exe
  C:\Windows\System\EKSPAZa.exe
  2⤵
  PID:7068
- C:\Windows\System\FJrbloS.exe
  C:\Windows\System\FJrbloS.exe
  2⤵
  PID:7092
- C:\Windows\System\tsAExst.exe
  C:\Windows\System\tsAExst.exe
  2⤵
  PID:7116
- C:\Windows\System\pQRNodC.exe
  C:\Windows\System\pQRNodC.exe
  2⤵
  PID:7136
- C:\Windows\System\SMEcJLh.exe
  C:\Windows\System\SMEcJLh.exe
  2⤵
  PID:7156
- C:\Windows\System\wNrnlqe.exe
  C:\Windows\System\wNrnlqe.exe
  2⤵
  PID:5420
- C:\Windows\System\bunDYaw.exe
  C:\Windows\System\bunDYaw.exe
  2⤵
  PID:2160
- C:\Windows\System\YpxoDgL.exe
  C:\Windows\System\YpxoDgL.exe
  2⤵
  PID:3380
- C:\Windows\System\TMIuwMb.exe
  C:\Windows\System\TMIuwMb.exe
  2⤵
  PID:5724
- C:\Windows\System\HbjRGiq.exe
  C:\Windows\System\HbjRGiq.exe
  2⤵
  PID:6016
- C:\Windows\System\kENoadd.exe
  C:\Windows\System\kENoadd.exe
  2⤵
  PID:6032
- C:\Windows\System\Dbsobms.exe
  C:\Windows\System\Dbsobms.exe
  2⤵
  PID:5192
- C:\Windows\System\nXcyckN.exe
  C:\Windows\System\nXcyckN.exe
  2⤵
  PID:4484
- C:\Windows\System\aFnnIfT.exe
  C:\Windows\System\aFnnIfT.exe
  2⤵
  PID:5360
- C:\Windows\System\mAPkOaa.exe
  C:\Windows\System\mAPkOaa.exe
  2⤵
  PID:6172
- C:\Windows\System\bjVJBDK.exe
  C:\Windows\System\bjVJBDK.exe
  2⤵
  PID:6228
- C:\Windows\System\EPmxbDX.exe
  C:\Windows\System\EPmxbDX.exe
  2⤵
  PID:6216
- C:\Windows\System\hLJCRZn.exe
  C:\Windows\System\hLJCRZn.exe
  2⤵
  PID:6260
- C:\Windows\System\wPfGChk.exe
  C:\Windows\System\wPfGChk.exe
  2⤵
  PID:6300
- C:\Windows\System\mbwBDHq.exe
  C:\Windows\System\mbwBDHq.exe
  2⤵
  PID:6360
- C:\Windows\System\YysLycL.exe
  C:\Windows\System\YysLycL.exe
  2⤵
  PID:6336
- C:\Windows\System\WKMvfxG.exe
  C:\Windows\System\WKMvfxG.exe
  2⤵
  PID:6444
- C:\Windows\System\JQfcRMe.exe
  C:\Windows\System\JQfcRMe.exe
  2⤵
  PID:6420
- C:\Windows\System\iVtRnXV.exe
  C:\Windows\System\iVtRnXV.exe
  2⤵
  PID:6524
- C:\Windows\System\KtHRgJb.exe
  C:\Windows\System\KtHRgJb.exe
  2⤵
  PID:6500
- C:\Windows\System\ihvRoXy.exe
  C:\Windows\System\ihvRoXy.exe
  2⤵
  PID:6544
- C:\Windows\System\XPEWila.exe
  C:\Windows\System\XPEWila.exe
  2⤵
  PID:6648
- C:\Windows\System\nKInnLB.exe
  C:\Windows\System\nKInnLB.exe
  2⤵
  PID:6588
- C:\Windows\System\lpOZGFM.exe
  C:\Windows\System\lpOZGFM.exe
  2⤵
  PID:6624
- C:\Windows\System\FLxpptk.exe
  C:\Windows\System\FLxpptk.exe
  2⤵
  PID:6732
- C:\Windows\System\bUqhOql.exe
  C:\Windows\System\bUqhOql.exe
  2⤵
  PID:6736
- C:\Windows\System\DgaFrHD.exe
  C:\Windows\System\DgaFrHD.exe
  2⤵
  PID:6780
- C:\Windows\System\ajJkGal.exe
  C:\Windows\System\ajJkGal.exe
  2⤵
  PID:6796
- C:\Windows\System\xFlfECR.exe
  C:\Windows\System\xFlfECR.exe
  2⤵
  PID:6864
- C:\Windows\System\ATwvGAv.exe
  C:\Windows\System\ATwvGAv.exe
  2⤵
  PID:6852
- C:\Windows\System\TvtGMJD.exe
  C:\Windows\System\TvtGMJD.exe
  2⤵
  PID:1708
- C:\Windows\System\zpmzjFH.exe
  C:\Windows\System\zpmzjFH.exe
  2⤵
  PID:6956
- C:\Windows\System\VryPovX.exe
  C:\Windows\System\VryPovX.exe
  2⤵
  PID:4052
- C:\Windows\System\xPMRCRV.exe
  C:\Windows\System\xPMRCRV.exe
  2⤵
  PID:6968
- C:\Windows\System\lYZSMWV.exe
  C:\Windows\System\lYZSMWV.exe
  2⤵
  PID:7012
- C:\Windows\System\AnIEpxo.exe
  C:\Windows\System\AnIEpxo.exe
  2⤵
  PID:7088
- C:\Windows\System\gIdAcFR.exe
  C:\Windows\System\gIdAcFR.exe
  2⤵
  PID:7064
- C:\Windows\System\GtmeSWO.exe
  C:\Windows\System\GtmeSWO.exe
  2⤵
  PID:7128
- C:\Windows\System\MYJTiCD.exe
  C:\Windows\System\MYJTiCD.exe
  2⤵
  PID:5504
- C:\Windows\System\XxKRjam.exe
  C:\Windows\System\XxKRjam.exe
  2⤵
  PID:5644
- C:\Windows\System\FnJjsVr.exe
  C:\Windows\System\FnJjsVr.exe
  2⤵
  PID:5796
- C:\Windows\System\jkDnTuK.exe
  C:\Windows\System\jkDnTuK.exe
  2⤵
  PID:432
- C:\Windows\System\ICVfhQC.exe
  C:\Windows\System\ICVfhQC.exe
  2⤵
  PID:6020
- C:\Windows\System\wPcdaJW.exe
  C:\Windows\System\wPcdaJW.exe
  2⤵
  PID:6148
- C:\Windows\System\MixLaYd.exe
  C:\Windows\System\MixLaYd.exe
  2⤵
  PID:928
- C:\Windows\System\hOoxhnZ.exe
  C:\Windows\System\hOoxhnZ.exe
  2⤵
  PID:6264
- C:\Windows\System\hvLvISn.exe
  C:\Windows\System\hvLvISn.exe
  2⤵
  PID:6316
- C:\Windows\System\suZHOZV.exe
  C:\Windows\System\suZHOZV.exe
  2⤵
  PID:6344
- C:\Windows\System\uMWFwsw.exe
  C:\Windows\System\uMWFwsw.exe
  2⤵
  PID:6404
- C:\Windows\System\xAzDsZI.exe
  C:\Windows\System\xAzDsZI.exe
  2⤵
  PID:6380
- C:\Windows\System\xlveCTF.exe
  C:\Windows\System\xlveCTF.exe
  2⤵
  PID:6468
- C:\Windows\System\dzWNOdE.exe
  C:\Windows\System\dzWNOdE.exe
  2⤵
  PID:6584
- C:\Windows\System\fZDwxqM.exe
  C:\Windows\System\fZDwxqM.exe
  2⤵
  PID:6684
- C:\Windows\System\euOlXne.exe
  C:\Windows\System\euOlXne.exe
  2⤵
  PID:6740
- C:\Windows\System\wGXJuvT.exe
  C:\Windows\System\wGXJuvT.exe
  2⤵
  PID:6812
- C:\Windows\System\bOZZyUM.exe
  C:\Windows\System\bOZZyUM.exe
  2⤵
  PID:6832
- C:\Windows\System\huofaGA.exe
  C:\Windows\System\huofaGA.exe
  2⤵
  PID:6916
- C:\Windows\System\SCyoVHb.exe
  C:\Windows\System\SCyoVHb.exe
  2⤵
  PID:7036
- C:\Windows\System\hMdKOqb.exe
  C:\Windows\System\hMdKOqb.exe
  2⤵
  PID:6892
- C:\Windows\System\sDidnny.exe
  C:\Windows\System\sDidnny.exe
  2⤵
  PID:6716
- C:\Windows\System\coArkbg.exe
  C:\Windows\System\coArkbg.exe
  2⤵
  PID:7148
- C:\Windows\System\QmeUloB.exe
  C:\Windows\System\QmeUloB.exe
  2⤵
  PID:5712
- C:\Windows\System\qGmAIKD.exe
  C:\Windows\System\qGmAIKD.exe
  2⤵
  PID:5776
- C:\Windows\System\zbisTPm.exe
  C:\Windows\System\zbisTPm.exe
  2⤵
  PID:5112
- C:\Windows\System\RWZvMer.exe
  C:\Windows\System\RWZvMer.exe
  2⤵
  PID:6236
- C:\Windows\System\cxafczJ.exe
  C:\Windows\System\cxafczJ.exe
  2⤵
  PID:6240
- C:\Windows\System\hccjXwT.exe
  C:\Windows\System\hccjXwT.exe
  2⤵
  PID:6440
- C:\Windows\System\bvXguuG.exe
  C:\Windows\System\bvXguuG.exe
  2⤵
  PID:6296
- C:\Windows\System\SrloBmH.exe
  C:\Windows\System\SrloBmH.exe
  2⤵
  PID:6424
- C:\Windows\System\mmPtjXa.exe
  C:\Windows\System\mmPtjXa.exe
  2⤵
  PID:6604
- C:\Windows\System\dZtHMNn.exe
  C:\Windows\System\dZtHMNn.exe
  2⤵
  PID:6576
- C:\Windows\System\UicfCOd.exe
  C:\Windows\System\UicfCOd.exe
  2⤵
  PID:6708
- C:\Windows\System\jkIHaSk.exe
  C:\Windows\System\jkIHaSk.exe
  2⤵
  PID:2528
- C:\Windows\System\QAGEDfo.exe
  C:\Windows\System\QAGEDfo.exe
  2⤵
  PID:6908
- C:\Windows\System\RRKzCEq.exe
  C:\Windows\System\RRKzCEq.exe
  2⤵
  PID:6932
- C:\Windows\System\GwSoeRB.exe
  C:\Windows\System\GwSoeRB.exe
  2⤵
  PID:6972
- C:\Windows\System\PSkUuhV.exe
  C:\Windows\System\PSkUuhV.exe
  2⤵
  PID:7104
- C:\Windows\System\VdmsXRM.exe
  C:\Windows\System\VdmsXRM.exe
  2⤵
  PID:2460
- C:\Windows\System\fVTpakY.exe
  C:\Windows\System\fVTpakY.exe
  2⤵
  PID:568
- C:\Windows\System\WgFPzeW.exe
  C:\Windows\System\WgFPzeW.exe
  2⤵
  PID:2452
- C:\Windows\System\bJbHIDv.exe
  C:\Windows\System\bJbHIDv.exe
  2⤵
  PID:6200
- C:\Windows\System\cvGGytG.exe
  C:\Windows\System\cvGGytG.exe
  2⤵
  PID:6464
- C:\Windows\System\trUEtPp.exe
  C:\Windows\System\trUEtPp.exe
  2⤵
  PID:3060
- C:\Windows\System\EeCJbUd.exe
  C:\Windows\System\EeCJbUd.exe
  2⤵
  PID:6480
- C:\Windows\System\ebwDDwt.exe
  C:\Windows\System\ebwDDwt.exe
  2⤵
  PID:7056
- C:\Windows\System\eHuigve.exe
  C:\Windows\System\eHuigve.exe
  2⤵
  PID:324
- C:\Windows\System\IOetdYY.exe
  C:\Windows\System\IOetdYY.exe
  2⤵
  PID:6912
- C:\Windows\System\EXVenuf.exe
  C:\Windows\System\EXVenuf.exe
  2⤵
  PID:7164
- C:\Windows\System\KcoWyIG.exe
  C:\Windows\System\KcoWyIG.exe
  2⤵
  PID:7124
- C:\Windows\System\tPsaFzZ.exe
  C:\Windows\System\tPsaFzZ.exe
  2⤵
  PID:2444
- C:\Windows\System\AhTHcAx.exe
  C:\Windows\System\AhTHcAx.exe
  2⤵
  PID:6364
- C:\Windows\System\fHaOSLj.exe
  C:\Windows\System\fHaOSLj.exe
  2⤵
  PID:6356
- C:\Windows\System\JaApmJS.exe
  C:\Windows\System\JaApmJS.exe
  2⤵
  PID:2420
- C:\Windows\System\LCunSms.exe
  C:\Windows\System\LCunSms.exe
  2⤵
  PID:6688
- C:\Windows\System\DKtoUbs.exe
  C:\Windows\System\DKtoUbs.exe
  2⤵
  PID:7184
- C:\Windows\System\MKIUGDt.exe
  C:\Windows\System\MKIUGDt.exe
  2⤵
  PID:7200
- C:\Windows\System\vyBANSC.exe
  C:\Windows\System\vyBANSC.exe
  2⤵
  PID:7216
- C:\Windows\System\WoNKwCh.exe
  C:\Windows\System\WoNKwCh.exe
  2⤵
  PID:7232
- C:\Windows\System\xkApVwK.exe
  C:\Windows\System\xkApVwK.exe
  2⤵
  PID:7300
- C:\Windows\System\HLaVrrL.exe
  C:\Windows\System\HLaVrrL.exe
  2⤵
  PID:7316
- C:\Windows\System\POTaMjX.exe
  C:\Windows\System\POTaMjX.exe
  2⤵
  PID:7332
- C:\Windows\System\tGVJqhG.exe
  C:\Windows\System\tGVJqhG.exe
  2⤵
  PID:7348
- C:\Windows\System\PdwugAw.exe
  C:\Windows\System\PdwugAw.exe
  2⤵
  PID:7364
- C:\Windows\System\iMgUogJ.exe
  C:\Windows\System\iMgUogJ.exe
  2⤵
  PID:7380
- C:\Windows\System\MaIrSyo.exe
  C:\Windows\System\MaIrSyo.exe
  2⤵
  PID:7396
- C:\Windows\System\zNxiLIZ.exe
  C:\Windows\System\zNxiLIZ.exe
  2⤵
  PID:7412
- C:\Windows\System\kHsfZZR.exe
  C:\Windows\System\kHsfZZR.exe
  2⤵
  PID:7428
- C:\Windows\System\OfFpzay.exe
  C:\Windows\System\OfFpzay.exe
  2⤵
  PID:7444
- C:\Windows\System\YYqXqMT.exe
  C:\Windows\System\YYqXqMT.exe
  2⤵
  PID:7460
- C:\Windows\System\vqruyeq.exe
  C:\Windows\System\vqruyeq.exe
  2⤵
  PID:7476
- C:\Windows\System\VVJqKYB.exe
  C:\Windows\System\VVJqKYB.exe
  2⤵
  PID:7492
- C:\Windows\System\ZseKwlJ.exe
  C:\Windows\System\ZseKwlJ.exe
  2⤵
  PID:7508
- C:\Windows\System\slTpLpP.exe
  C:\Windows\System\slTpLpP.exe
  2⤵
  PID:7524
- C:\Windows\System\wZThSCV.exe
  C:\Windows\System\wZThSCV.exe
  2⤵
  PID:7540
- C:\Windows\System\kRyGAdO.exe
  C:\Windows\System\kRyGAdO.exe
  2⤵
  PID:7556
- C:\Windows\System\GvQpoVH.exe
  C:\Windows\System\GvQpoVH.exe
  2⤵
  PID:7572
- C:\Windows\System\PUxmwaI.exe
  C:\Windows\System\PUxmwaI.exe
  2⤵
  PID:7620
- C:\Windows\System\vGWvHZE.exe
  C:\Windows\System\vGWvHZE.exe
  2⤵
  PID:7640
- C:\Windows\System\LErTCsw.exe
  C:\Windows\System\LErTCsw.exe
  2⤵
  PID:7656
- C:\Windows\System\PDjEyBx.exe
  C:\Windows\System\PDjEyBx.exe
  2⤵
  PID:7672
- C:\Windows\System\ljarGDa.exe
  C:\Windows\System\ljarGDa.exe
  2⤵
  PID:7688
- C:\Windows\System\vKHHwRX.exe
  C:\Windows\System\vKHHwRX.exe
  2⤵
  PID:7704
- C:\Windows\System\HsgmGzx.exe
  C:\Windows\System\HsgmGzx.exe
  2⤵
  PID:7720
- C:\Windows\System\OREYFba.exe
  C:\Windows\System\OREYFba.exe
  2⤵
  PID:7736
- C:\Windows\System\NxZjFrw.exe
  C:\Windows\System\NxZjFrw.exe
  2⤵
  PID:7752
- C:\Windows\System\uzccVhs.exe
  C:\Windows\System\uzccVhs.exe
  2⤵
  PID:7772
- C:\Windows\System\kJIKzZr.exe
  C:\Windows\System\kJIKzZr.exe
  2⤵
  PID:7788
- C:\Windows\System\gpIpTER.exe
  C:\Windows\System\gpIpTER.exe
  2⤵
  PID:7804
- C:\Windows\System\YbZwPoM.exe
  C:\Windows\System\YbZwPoM.exe
  2⤵
  PID:7820
- C:\Windows\System\vIQkkaH.exe
  C:\Windows\System\vIQkkaH.exe
  2⤵
  PID:7836
- C:\Windows\System\FyKcVhF.exe
  C:\Windows\System\FyKcVhF.exe
  2⤵
  PID:7852
- C:\Windows\System\AboYDia.exe
  C:\Windows\System\AboYDia.exe
  2⤵
  PID:7868
- C:\Windows\System\QOnmOmD.exe
  C:\Windows\System\QOnmOmD.exe
  2⤵
  PID:7884
- C:\Windows\System\SHJqqKi.exe
  C:\Windows\System\SHJqqKi.exe
  2⤵
  PID:7900
- C:\Windows\System\VcxmQnF.exe
  C:\Windows\System\VcxmQnF.exe
  2⤵
  PID:7920
- C:\Windows\System\kvfAxML.exe
  C:\Windows\System\kvfAxML.exe
  2⤵
  PID:7940
- C:\Windows\System\hbKRTtB.exe
  C:\Windows\System\hbKRTtB.exe
  2⤵
  PID:7964
- C:\Windows\System\wpoBzyf.exe
  C:\Windows\System\wpoBzyf.exe
  2⤵
  PID:7980
- C:\Windows\System\HBXBJSo.exe
  C:\Windows\System\HBXBJSo.exe
  2⤵
  PID:7996
- C:\Windows\System\oDMxUCP.exe
  C:\Windows\System\oDMxUCP.exe
  2⤵
  PID:8012
- C:\Windows\System\lUHRhmy.exe
  C:\Windows\System\lUHRhmy.exe
  2⤵
  PID:8032
- C:\Windows\System\yJdEpyC.exe
  C:\Windows\System\yJdEpyC.exe
  2⤵
  PID:8048
- C:\Windows\System\unYDovG.exe
  C:\Windows\System\unYDovG.exe
  2⤵
  PID:8068
- C:\Windows\System\LLiSaIz.exe
  C:\Windows\System\LLiSaIz.exe
  2⤵
  PID:8084
- C:\Windows\System\BIJAtQs.exe
  C:\Windows\System\BIJAtQs.exe
  2⤵
  PID:8100
- C:\Windows\System\fDbtxyZ.exe
  C:\Windows\System\fDbtxyZ.exe
  2⤵
  PID:8116
- C:\Windows\System\YtkbUva.exe
  C:\Windows\System\YtkbUva.exe
  2⤵
  PID:8132
- C:\Windows\System\jjMUAyo.exe
  C:\Windows\System\jjMUAyo.exe
  2⤵
  PID:8148
- C:\Windows\System\dgFguHl.exe
  C:\Windows\System\dgFguHl.exe
  2⤵
  PID:8164
- C:\Windows\System\tTonfZU.exe
  C:\Windows\System\tTonfZU.exe
  2⤵
  PID:8180
- C:\Windows\System\PXXsrxO.exe
  C:\Windows\System\PXXsrxO.exe
  2⤵
  PID:7060
- C:\Windows\System\ifZqfcb.exe
  C:\Windows\System\ifZqfcb.exe
  2⤵
  PID:5932
- C:\Windows\System\tLNdiek.exe
  C:\Windows\System\tLNdiek.exe
  2⤵
  PID:2424
- C:\Windows\System\grEDcFJ.exe
  C:\Windows\System\grEDcFJ.exe
  2⤵
  PID:560
- C:\Windows\System\PZkATkq.exe
  C:\Windows\System\PZkATkq.exe
  2⤵
  PID:3044
- C:\Windows\System\hbZzyXt.exe
  C:\Windows\System\hbZzyXt.exe
  2⤵
  PID:7212
- C:\Windows\System\gnOSBVC.exe
  C:\Windows\System\gnOSBVC.exe
  2⤵
  PID:6384
- C:\Windows\System\cscfzZs.exe
  C:\Windows\System\cscfzZs.exe
  2⤵
  PID:2188
- C:\Windows\System\npvFqQR.exe
  C:\Windows\System\npvFqQR.exe
  2⤵
  PID:1972
- C:\Windows\System\rBaUOuu.exe
  C:\Windows\System\rBaUOuu.exe
  2⤵
  PID:7196
- C:\Windows\System\fhyXlfJ.exe
  C:\Windows\System\fhyXlfJ.exe
  2⤵
  PID:1776
- C:\Windows\System\xibRBNE.exe
  C:\Windows\System\xibRBNE.exe
  2⤵
  PID:1076
- C:\Windows\System\hneqvfh.exe
  C:\Windows\System\hneqvfh.exe
  2⤵
  PID:2484
- C:\Windows\System\OHecnlT.exe
  C:\Windows\System\OHecnlT.exe
  2⤵
  PID:7248
- C:\Windows\System\ZPJMdhT.exe
  C:\Windows\System\ZPJMdhT.exe
  2⤵
  PID:6728
- C:\Windows\System\bXlfvIR.exe
  C:\Windows\System\bXlfvIR.exe
  2⤵
  PID:7044
- C:\Windows\System\nqArmdY.exe
  C:\Windows\System\nqArmdY.exe
  2⤵
  PID:7272
- C:\Windows\System\wlVihmu.exe
  C:\Windows\System\wlVihmu.exe
  2⤵
  PID:6520
- C:\Windows\System\hFWkiOp.exe
  C:\Windows\System\hFWkiOp.exe
  2⤵
  PID:7260
- C:\Windows\System\VWOSehP.exe
  C:\Windows\System\VWOSehP.exe
  2⤵
  PID:7308
- C:\Windows\System\ETHDSTL.exe
  C:\Windows\System\ETHDSTL.exe
  2⤵
  PID:7388
- C:\Windows\System\xzIPquP.exe
  C:\Windows\System\xzIPquP.exe
  2⤵
  PID:7340
- C:\Windows\System\qxiWrie.exe
  C:\Windows\System\qxiWrie.exe
  2⤵
  PID:7376
- C:\Windows\System\fzvTUdh.exe
  C:\Windows\System\fzvTUdh.exe
  2⤵
  PID:7436
- C:\Windows\System\KLJXYhC.exe
  C:\Windows\System\KLJXYhC.exe
  2⤵
  PID:7420
- C:\Windows\System\qtPtTqX.exe
  C:\Windows\System\qtPtTqX.exe
  2⤵
  PID:7456
- C:\Windows\System\eWBvdpm.exe
  C:\Windows\System\eWBvdpm.exe
  2⤵
  PID:7488
- C:\Windows\System\YDNVDlP.exe
  C:\Windows\System\YDNVDlP.exe
  2⤵
  PID:7564
- C:\Windows\System\CDmQswN.exe
  C:\Windows\System\CDmQswN.exe
  2⤵
  PID:7532
- C:\Windows\System\DdxKCxq.exe
  C:\Windows\System\DdxKCxq.exe
  2⤵
  PID:7636
- C:\Windows\System\hGujJHW.exe
  C:\Windows\System\hGujJHW.exe
  2⤵
  PID:7652
- C:\Windows\System\jliiVvy.exe
  C:\Windows\System\jliiVvy.exe
  2⤵
  PID:7728
- C:\Windows\System\OPMnlDg.exe
  C:\Windows\System\OPMnlDg.exe
  2⤵
  PID:7768
- C:\Windows\System\DrIukOt.exe
  C:\Windows\System\DrIukOt.exe
  2⤵
  PID:7832
- C:\Windows\System\iieMFiI.exe
  C:\Windows\System\iieMFiI.exe
  2⤵
  PID:7712
- C:\Windows\System\liOQWZj.exe
  C:\Windows\System\liOQWZj.exe
  2⤵
  PID:7812
- C:\Windows\System\snbZwcR.exe
  C:\Windows\System\snbZwcR.exe
  2⤵
  PID:7892
- C:\Windows\System\oQFxGWi.exe
  C:\Windows\System\oQFxGWi.exe
  2⤵
  PID:7876
- C:\Windows\System\qsNOnsq.exe
  C:\Windows\System\qsNOnsq.exe
  2⤵
  PID:7908
- C:\Windows\System\TWmkPWI.exe
  C:\Windows\System\TWmkPWI.exe
  2⤵
  PID:7976
- C:\Windows\System\kplJCsU.exe
  C:\Windows\System\kplJCsU.exe
  2⤵
  PID:8020
- C:\Windows\System\feOlrdz.exe
  C:\Windows\System\feOlrdz.exe
  2⤵
  PID:8040
- C:\Windows\System\EhDcAVF.exe
  C:\Windows\System\EhDcAVF.exe
  2⤵
  PID:8056
- C:\Windows\System\SJYPPdV.exe
  C:\Windows\System\SJYPPdV.exe
  2⤵
  PID:8112
- C:\Windows\System\oGFCgex.exe
  C:\Windows\System\oGFCgex.exe
  2⤵
  PID:8156
- C:\Windows\System\WoXmXNG.exe
  C:\Windows\System\WoXmXNG.exe
  2⤵
  PID:8128
- C:\Windows\System\JsiofeE.exe
  C:\Windows\System\JsiofeE.exe
  2⤵
  PID:6152
- C:\Windows\System\SujqhiP.exe
  C:\Windows\System\SujqhiP.exe
  2⤵
  PID:7076
- C:\Windows\System\unuYbfY.exe
  C:\Windows\System\unuYbfY.exe
  2⤵
  PID:7172
- C:\Windows\System\YkesUTz.exe
  C:\Windows\System\YkesUTz.exe
  2⤵
  PID:7176
- C:\Windows\System\genJfNi.exe
  C:\Windows\System\genJfNi.exe
  2⤵
  PID:7228
- C:\Windows\System\gHANycu.exe
  C:\Windows\System\gHANycu.exe
  2⤵
  PID:1668
- C:\Windows\System\jJcmkVd.exe
  C:\Windows\System\jJcmkVd.exe
  2⤵
  PID:6196
- C:\Windows\System\oVYfhZV.exe
  C:\Windows\System\oVYfhZV.exe
  2⤵
  PID:1968
- C:\Windows\System\BYJqlPs.exe
  C:\Windows\System\BYJqlPs.exe
  2⤵
  PID:1960
- C:\Windows\System\CkANIoG.exe
  C:\Windows\System\CkANIoG.exe
  2⤵
  PID:6664
- C:\Windows\System\qqceJJj.exe
  C:\Windows\System\qqceJJj.exe
  2⤵
  PID:7328
- C:\Windows\System\DaMVtrq.exe
  C:\Windows\System\DaMVtrq.exe
  2⤵
  PID:7452
- C:\Windows\System\IkQzMzW.exe
  C:\Windows\System\IkQzMzW.exe
  2⤵
  PID:7632
- C:\Windows\System\cDyGzBd.exe
  C:\Windows\System\cDyGzBd.exe
  2⤵
  PID:7372
- C:\Windows\System\mxbFQZO.exe
  C:\Windows\System\mxbFQZO.exe
  2⤵
  PID:7696
- C:\Windows\System\jInINOn.exe
  C:\Windows\System\jInINOn.exe
  2⤵
  PID:7748
- C:\Windows\System\jbndLGQ.exe
  C:\Windows\System\jbndLGQ.exe
  2⤵
  PID:2800
- C:\Windows\System\qVOjOEU.exe
  C:\Windows\System\qVOjOEU.exe
  2⤵
  PID:7568
- C:\Windows\System\vleVIoB.exe
  C:\Windows\System\vleVIoB.exe
  2⤵
  PID:7972
- C:\Windows\System\DWsiHae.exe
  C:\Windows\System\DWsiHae.exe
  2⤵
  PID:7932
- C:\Windows\System\oNIxlPS.exe
  C:\Windows\System\oNIxlPS.exe
  2⤵
  PID:7716
- C:\Windows\System\ZUarBnt.exe
  C:\Windows\System\ZUarBnt.exe
  2⤵
  PID:780
- C:\Windows\System\yLqxTCB.exe
  C:\Windows\System\yLqxTCB.exe
  2⤵
  PID:4592
- C:\Windows\System\gQTVZlP.exe
  C:\Windows\System\gQTVZlP.exe
  2⤵
  PID:7292
- C:\Windows\System\aJVfBSb.exe
  C:\Windows\System\aJVfBSb.exe
  2⤵
  PID:7404
- C:\Windows\System\BVSedpV.exe
  C:\Windows\System\BVSedpV.exe
  2⤵
  PID:8008
- C:\Windows\System\tZvOAoO.exe
  C:\Windows\System\tZvOAoO.exe
  2⤵
  PID:7580
- C:\Windows\System\WDYIzdk.exe
  C:\Windows\System\WDYIzdk.exe
  2⤵
  PID:7764
- C:\Windows\System\PiZPQfw.exe
  C:\Windows\System\PiZPQfw.exe
  2⤵
  PID:8096
- C:\Windows\System\RdcJVSg.exe
  C:\Windows\System\RdcJVSg.exe
  2⤵
  PID:6844
- C:\Windows\System\nVBQPWC.exe
  C:\Windows\System\nVBQPWC.exe
  2⤵
  PID:6992
- C:\Windows\System\bQsMGFD.exe
  C:\Windows\System\bQsMGFD.exe
  2⤵
  PID:6564
- C:\Windows\System\WhMWHZR.exe
  C:\Windows\System\WhMWHZR.exe
  2⤵
  PID:1660
- C:\Windows\System\cVelZAq.exe
  C:\Windows\System\cVelZAq.exe
  2⤵
  PID:7864
- C:\Windows\System\okKFSlV.exe
  C:\Windows\System\okKFSlV.exe
  2⤵
  PID:8108
- C:\Windows\System\RQjkbBN.exe
  C:\Windows\System\RQjkbBN.exe
  2⤵
  PID:7392
- C:\Windows\System\bhJWWIa.exe
  C:\Windows\System\bhJWWIa.exe
  2⤵
  PID:7616
- C:\Windows\System\kItIJMe.exe
  C:\Windows\System\kItIJMe.exe
  2⤵
  PID:7268
- C:\Windows\System\KmnWIue.exe
  C:\Windows\System\KmnWIue.exe
  2⤵
  PID:7816
- C:\Windows\System\upByRVj.exe
  C:\Windows\System\upByRVj.exe
  2⤵
  PID:8092
- C:\Windows\System\ohfZyAI.exe
  C:\Windows\System\ohfZyAI.exe
  2⤵
  PID:7548
- C:\Windows\System\mAKTkZi.exe
  C:\Windows\System\mAKTkZi.exe
  2⤵
  PID:8024
- C:\Windows\System\UaUlRMc.exe
  C:\Windows\System\UaUlRMc.exe
  2⤵
  PID:8124
- C:\Windows\System\VlQUAYj.exe
  C:\Windows\System\VlQUAYj.exe
  2⤵
  PID:7244
- C:\Windows\System\qpuHmoi.exe
  C:\Windows\System\qpuHmoi.exe
  2⤵
  PID:2340
- C:\Windows\System\RuZnTjU.exe
  C:\Windows\System\RuZnTjU.exe
  2⤵
  PID:6996
- C:\Windows\System\DRdWcMG.exe
  C:\Windows\System\DRdWcMG.exe
  2⤵
  PID:8204
- C:\Windows\System\WTTBumh.exe
  C:\Windows\System\WTTBumh.exe
  2⤵
  PID:8220
- C:\Windows\System\HncXCAh.exe
  C:\Windows\System\HncXCAh.exe
  2⤵
  PID:8236
- C:\Windows\System\uLuAPqN.exe
  C:\Windows\System\uLuAPqN.exe
  2⤵
  PID:8252
- C:\Windows\System\HHolIyl.exe
  C:\Windows\System\HHolIyl.exe
  2⤵
  PID:8268
- C:\Windows\System\OJmEXly.exe
  C:\Windows\System\OJmEXly.exe
  2⤵
  PID:8284
- C:\Windows\System\shADwMC.exe
  C:\Windows\System\shADwMC.exe
  2⤵
  PID:8300
- C:\Windows\System\IQQKnkD.exe
  C:\Windows\System\IQQKnkD.exe
  2⤵
  PID:8316
- C:\Windows\System\MYzEiij.exe
  C:\Windows\System\MYzEiij.exe
  2⤵
  PID:8336
- C:\Windows\System\ozscafO.exe
  C:\Windows\System\ozscafO.exe
  2⤵
  PID:8352
- C:\Windows\System\mGKBFhD.exe
  C:\Windows\System\mGKBFhD.exe
  2⤵
  PID:8368
- C:\Windows\System\bAVHuML.exe
  C:\Windows\System\bAVHuML.exe
  2⤵
  PID:8384
- C:\Windows\System\oZQJzAV.exe
  C:\Windows\System\oZQJzAV.exe
  2⤵
  PID:8400
- C:\Windows\System\ZlgMpSe.exe
  C:\Windows\System\ZlgMpSe.exe
  2⤵
  PID:8416
- C:\Windows\System\ZTDxpge.exe
  C:\Windows\System\ZTDxpge.exe
  2⤵
  PID:8436
- C:\Windows\System\rGlMgWu.exe
  C:\Windows\System\rGlMgWu.exe
  2⤵
  PID:8452
- C:\Windows\System\eBonIfo.exe
  C:\Windows\System\eBonIfo.exe
  2⤵
  PID:8468
- C:\Windows\System\ZJEpyCm.exe
  C:\Windows\System\ZJEpyCm.exe
  2⤵
  PID:8900
- C:\Windows\System\WIEiaAj.exe
  C:\Windows\System\WIEiaAj.exe
  2⤵
  PID:8916
- C:\Windows\System\BIFiOWn.exe
  C:\Windows\System\BIFiOWn.exe
  2⤵
  PID:8932
- C:\Windows\System\TrBPlmj.exe
  C:\Windows\System\TrBPlmj.exe
  2⤵
  PID:8948
- C:\Windows\System\uDeUlKB.exe
  C:\Windows\System\uDeUlKB.exe
  2⤵
  PID:8964
- C:\Windows\System\VfNfnxj.exe
  C:\Windows\System\VfNfnxj.exe
  2⤵
  PID:8980
- C:\Windows\System\tBuagMd.exe
  C:\Windows\System\tBuagMd.exe
  2⤵
  PID:8996
- C:\Windows\System\fvaXRcj.exe
  C:\Windows\System\fvaXRcj.exe
  2⤵
  PID:9012
- C:\Windows\System\tZOLFHc.exe
  C:\Windows\System\tZOLFHc.exe
  2⤵
  PID:9028
- C:\Windows\System\VbwDOOp.exe
  C:\Windows\System\VbwDOOp.exe
  2⤵
  PID:9056
- C:\Windows\System\BCotguB.exe
  C:\Windows\System\BCotguB.exe
  2⤵
  PID:9072
- C:\Windows\System\uJJPStx.exe
  C:\Windows\System\uJJPStx.exe
  2⤵
  PID:9088
- C:\Windows\System\aPZzinv.exe
  C:\Windows\System\aPZzinv.exe
  2⤵
  PID:9104
- C:\Windows\System\EsGrmhn.exe
  C:\Windows\System\EsGrmhn.exe
  2⤵
  PID:9120
- C:\Windows\System\eYfwtGR.exe
  C:\Windows\System\eYfwtGR.exe
  2⤵
  PID:9136
- C:\Windows\System\vbDrRmM.exe
  C:\Windows\System\vbDrRmM.exe
  2⤵
  PID:9152
- C:\Windows\System\NHVJhhi.exe
  C:\Windows\System\NHVJhhi.exe
  2⤵
  PID:9168
- C:\Windows\System\YhwmFdp.exe
  C:\Windows\System\YhwmFdp.exe
  2⤵
  PID:9208
- C:\Windows\System\DSBXrDP.exe
  C:\Windows\System\DSBXrDP.exe
  2⤵
  PID:8212
- C:\Windows\System\kXzrwZY.exe
  C:\Windows\System\kXzrwZY.exe
  2⤵
  PID:8276
- C:\Windows\System\XccSIEa.exe
  C:\Windows\System\XccSIEa.exe
  2⤵
  PID:8292
- C:\Windows\System\lZJzbWo.exe
  C:\Windows\System\lZJzbWo.exe
  2⤵
  PID:2124
- C:\Windows\System\TJPACPV.exe
  C:\Windows\System\TJPACPV.exe
  2⤵
  PID:8360
- C:\Windows\System\PjDOgMm.exe
  C:\Windows\System\PjDOgMm.exe
  2⤵
  PID:8376
- C:\Windows\System\QCTkLxC.exe
  C:\Windows\System\QCTkLxC.exe
  2⤵
  PID:8412
- C:\Windows\System\sHYkPLa.exe
  C:\Windows\System\sHYkPLa.exe
  2⤵
  PID:8460
- C:\Windows\System\hoRlFFh.exe
  C:\Windows\System\hoRlFFh.exe
  2⤵
  PID:7912
- C:\Windows\System\AtxmKKP.exe
  C:\Windows\System\AtxmKKP.exe
  2⤵
  PID:8484
- C:\Windows\System\AEzvxlJ.exe
  C:\Windows\System\AEzvxlJ.exe
  2⤵
  PID:8516
- C:\Windows\System\NeOtjyA.exe
  C:\Windows\System\NeOtjyA.exe
  2⤵
  PID:8536
- C:\Windows\System\ygDiEnU.exe
  C:\Windows\System\ygDiEnU.exe
  2⤵
  PID:8540
- C:\Windows\System\BFAlneG.exe
  C:\Windows\System\BFAlneG.exe
  2⤵
  PID:8560
- C:\Windows\System\IdYeFEL.exe
  C:\Windows\System\IdYeFEL.exe
  2⤵
  PID:8584
- C:\Windows\System\qfrzvUi.exe
  C:\Windows\System\qfrzvUi.exe
  2⤵
  PID:8600
- C:\Windows\System\tXyTsMg.exe
  C:\Windows\System\tXyTsMg.exe
  2⤵
  PID:8612
- C:\Windows\System\HmnxazW.exe
  C:\Windows\System\HmnxazW.exe
  2⤵
  PID:8624
- C:\Windows\System\hHAWjFW.exe
  C:\Windows\System\hHAWjFW.exe
  2⤵
  PID:8656
- C:\Windows\System\SuzmxZH.exe
  C:\Windows\System\SuzmxZH.exe
  2⤵
  PID:8668
- C:\Windows\System\QyKsuCe.exe
  C:\Windows\System\QyKsuCe.exe
  2⤵
  PID:8692
- C:\Windows\System\bDKVsdX.exe
  C:\Windows\System\bDKVsdX.exe
  2⤵
  PID:8708
- C:\Windows\System\LGsrmzr.exe
  C:\Windows\System\LGsrmzr.exe
  2⤵
  PID:8720
- C:\Windows\System\azMoCSs.exe
  C:\Windows\System\azMoCSs.exe
  2⤵
  PID:8736
- C:\Windows\System\hfpzdtG.exe
  C:\Windows\System\hfpzdtG.exe
  2⤵
  PID:8760
- C:\Windows\System\IKEBEtT.exe
  C:\Windows\System\IKEBEtT.exe
  2⤵
  PID:8780
- C:\Windows\System\QPGetGF.exe
  C:\Windows\System\QPGetGF.exe
  2⤵
  PID:8864
- C:\Windows\System\fzFwSad.exe
  C:\Windows\System\fzFwSad.exe
  2⤵
  PID:8912
- C:\Windows\System\TqAGmEG.exe
  C:\Windows\System\TqAGmEG.exe
  2⤵
  PID:8800
- C:\Windows\System\UopciwN.exe
  C:\Windows\System\UopciwN.exe
  2⤵
  PID:8812
- C:\Windows\System\qJMxpXA.exe
  C:\Windows\System\qJMxpXA.exe
  2⤵
  PID:8848
- C:\Windows\System\UGRgxqb.exe
  C:\Windows\System\UGRgxqb.exe
  2⤵
  PID:8860
- C:\Windows\System\ALelDKW.exe
  C:\Windows\System\ALelDKW.exe
  2⤵
  PID:8896
- C:\Windows\System\AAKYJjO.exe
  C:\Windows\System\AAKYJjO.exe
  2⤵
  PID:8972
- C:\Windows\System\UeftDsi.exe
  C:\Windows\System\UeftDsi.exe
  2⤵
  PID:8988
- C:\Windows\System\vhlYmoA.exe
  C:\Windows\System\vhlYmoA.exe
  2⤵
  PID:9064
- C:\Windows\System\tlfSbZH.exe
  C:\Windows\System\tlfSbZH.exe
  2⤵
  PID:9044
- C:\Windows\System\PknTKhX.exe
  C:\Windows\System\PknTKhX.exe
  2⤵
  PID:9132
- C:\Windows\System\NnYgSfW.exe
  C:\Windows\System\NnYgSfW.exe
  2⤵
  PID:9080
- C:\Windows\System\RfDkxCF.exe
  C:\Windows\System\RfDkxCF.exe
  2⤵
  PID:9148
- C:\Windows\System\udPuifY.exe
  C:\Windows\System\udPuifY.exe
  2⤵
  PID:9184
- C:\Windows\System\CidwYQm.exe
  C:\Windows\System\CidwYQm.exe
  2⤵
  PID:9200
- C:\Windows\System\LTHkwFc.exe
  C:\Windows\System\LTHkwFc.exe
  2⤵
  PID:9160
- C:\Windows\System\raabNiY.exe
  C:\Windows\System\raabNiY.exe
  2⤵
  PID:8308
- C:\Windows\System\sfJHtNI.exe
  C:\Windows\System\sfJHtNI.exe
  2⤵
  PID:8328
- C:\Windows\System\zKCwVKY.exe
  C:\Windows\System\zKCwVKY.exe
  2⤵
  PID:1312
- C:\Windows\System\ZubugSS.exe
  C:\Windows\System\ZubugSS.exe
  2⤵
  PID:2392
- C:\Windows\System\hvPXKeR.exe
  C:\Windows\System\hvPXKeR.exe
  2⤵
  PID:1092
- C:\Windows\System\fdXdMDN.exe
  C:\Windows\System\fdXdMDN.exe
  2⤵
  PID:1212
- C:\Windows\System\KYvkSIG.exe
  C:\Windows\System\KYvkSIG.exe
  2⤵
  PID:8500
- C:\Windows\System\gcNbEWF.exe
  C:\Windows\System\gcNbEWF.exe
  2⤵
  PID:8508
- C:\Windows\System\qcaOdnA.exe
  C:\Windows\System\qcaOdnA.exe
  2⤵
  PID:8520
- C:\Windows\System\AoysRAY.exe
  C:\Windows\System\AoysRAY.exe
  2⤵
  PID:8548
- C:\Windows\System\iTwTDTg.exe
  C:\Windows\System\iTwTDTg.exe
  2⤵
  PID:8564
- C:\Windows\System\PpmdIwa.exe
  C:\Windows\System\PpmdIwa.exe
  2⤵
  PID:8680
- C:\Windows\System\fcbYMRs.exe
  C:\Windows\System\fcbYMRs.exe
  2⤵
  PID:8652
- C:\Windows\System\PWrpJUp.exe
  C:\Windows\System\PWrpJUp.exe
  2⤵
  PID:8596
- C:\Windows\System\MtVmVIU.exe
  C:\Windows\System\MtVmVIU.exe
  2⤵
  PID:8696
- C:\Windows\System\gDqJocu.exe
  C:\Windows\System\gDqJocu.exe
  2⤵
  PID:8428
- C:\Windows\System\SCStcOE.exe
  C:\Windows\System\SCStcOE.exe
  2⤵
  PID:8776
- C:\Windows\System\ZOLICqN.exe
  C:\Windows\System\ZOLICqN.exe
  2⤵
  PID:8824
- C:\Windows\System\HsLdHZg.exe
  C:\Windows\System\HsLdHZg.exe
  2⤵
  PID:8792
- C:\Windows\System\nmpYzDy.exe
  C:\Windows\System\nmpYzDy.exe
  2⤵
  PID:8880
- C:\Windows\System\pOmSklc.exe
  C:\Windows\System\pOmSklc.exe
  2⤵
  PID:9068
- C:\Windows\System\KBHnCnX.exe
  C:\Windows\System\KBHnCnX.exe
  2⤵
  PID:8804
- C:\Windows\System\rGaXXJz.exe
  C:\Windows\System\rGaXXJz.exe
  2⤵
  PID:8956
- C:\Windows\System\fAgFCLd.exe
  C:\Windows\System\fAgFCLd.exe
  2⤵
  PID:8884
- C:\Windows\System\PhAWkHa.exe
  C:\Windows\System\PhAWkHa.exe
  2⤵
  PID:9128
- C:\Windows\System\ePBfyqF.exe
  C:\Windows\System\ePBfyqF.exe
  2⤵
  PID:9180
- C:\Windows\System\IXZjnrJ.exe
  C:\Windows\System\IXZjnrJ.exe
  2⤵
  PID:7208
- C:\Windows\System\WoMxkRw.exe
  C:\Windows\System\WoMxkRw.exe
  2⤵
  PID:8408
- C:\Windows\System\EbTghZw.exe
  C:\Windows\System\EbTghZw.exe
  2⤵
  PID:8448
- C:\Windows\System\zWzAlir.exe
  C:\Windows\System\zWzAlir.exe
  2⤵
  PID:1644
- C:\Windows\System\cjRfKPs.exe
  C:\Windows\System\cjRfKPs.exe
  2⤵
  PID:8616
- C:\Windows\System\BntesdU.exe
  C:\Windows\System\BntesdU.exe
  2⤵
  PID:1736
- C:\Windows\System\wMiEcfb.exe
  C:\Windows\System\wMiEcfb.exe
  2⤵
  PID:8532
- C:\Windows\System\JIgGnRs.exe
  C:\Windows\System\JIgGnRs.exe
  2⤵
  PID:8348
- C:\Windows\System\GEHhVbI.exe
  C:\Windows\System\GEHhVbI.exe
  2⤵
  PID:8392
- C:\Windows\System\rQeWLhc.exe
  C:\Windows\System\rQeWLhc.exe
  2⤵
  PID:8620
- C:\Windows\System\ZzZALVA.exe
  C:\Windows\System\ZzZALVA.exe
  2⤵
  PID:8592
- C:\Windows\System\sbOchKh.exe
  C:\Windows\System\sbOchKh.exe
  2⤵
  PID:8876
- C:\Windows\System\SBOvNQv.exe
  C:\Windows\System\SBOvNQv.exe
  2⤵
  PID:8840
- C:\Windows\System\wsSzAuq.exe
  C:\Windows\System\wsSzAuq.exe
  2⤵
  PID:9112
- C:\Windows\System\ifjQXQE.exe
  C:\Windows\System\ifjQXQE.exe
  2⤵
  PID:2004
- C:\Windows\System\pxtVTix.exe
  C:\Windows\System\pxtVTix.exe
  2⤵
  PID:9004
- C:\Windows\System\cPyDQFf.exe
  C:\Windows\System\cPyDQFf.exe
  2⤵
  PID:9052
- C:\Windows\System\mVZmvfo.exe
  C:\Windows\System\mVZmvfo.exe
  2⤵
  PID:8264
- C:\Windows\System\KMtGetS.exe
  C:\Windows\System\KMtGetS.exe
  2⤵
  PID:8232
- C:\Windows\System\CEluqKf.exe
  C:\Windows\System\CEluqKf.exe
  2⤵
  PID:8700
- C:\Windows\System\cKfmPmB.exe
  C:\Windows\System\cKfmPmB.exe
  2⤵
  PID:2652
- C:\Windows\System\qYDYUMt.exe
  C:\Windows\System\qYDYUMt.exe
  2⤵
  PID:8744
- C:\Windows\System\xzmrNeh.exe
  C:\Windows\System\xzmrNeh.exe
  2⤵
  PID:8852
- C:\Windows\System\XKNCIUI.exe
  C:\Windows\System\XKNCIUI.exe
  2⤵
  PID:8796
- C:\Windows\System\YDxitNW.exe
  C:\Windows\System\YDxitNW.exe
  2⤵
  PID:8644
- C:\Windows\System\DwHPYOz.exe
  C:\Windows\System\DwHPYOz.exe
  2⤵
  PID:9100
- C:\Windows\System\YQbUscz.exe
  C:\Windows\System\YQbUscz.exe
  2⤵
  PID:8424
- C:\Windows\System\FFPnkiR.exe
  C:\Windows\System\FFPnkiR.exe
  2⤵
  PID:8768
- C:\Windows\System\ftfdWmD.exe
  C:\Windows\System\ftfdWmD.exe
  2⤵
  PID:9224
- C:\Windows\System\cedvkrY.exe
  C:\Windows\System\cedvkrY.exe
  2⤵
  PID:9240
- C:\Windows\System\QtfCePD.exe
  C:\Windows\System\QtfCePD.exe
  2⤵
  PID:9256
- C:\Windows\System\inJcLxj.exe
  C:\Windows\System\inJcLxj.exe
  2⤵
  PID:9272
- C:\Windows\System\tfStTMJ.exe
  C:\Windows\System\tfStTMJ.exe
  2⤵
  PID:9288
- C:\Windows\System\nMriJar.exe
  C:\Windows\System\nMriJar.exe
  2⤵
  PID:9304
- C:\Windows\System\DnIiCtq.exe
  C:\Windows\System\DnIiCtq.exe
  2⤵
  PID:9328
- C:\Windows\System\RkeYfWv.exe
  C:\Windows\System\RkeYfWv.exe
  2⤵
  PID:9344
- C:\Windows\System\QfEsIyo.exe
  C:\Windows\System\QfEsIyo.exe
  2⤵
  PID:9360
- C:\Windows\System\HQNPvzI.exe
  C:\Windows\System\HQNPvzI.exe
  2⤵
  PID:9376
- C:\Windows\System\uaqLkjN.exe
  C:\Windows\System\uaqLkjN.exe
  2⤵
  PID:9392
- C:\Windows\System\zhUjFLu.exe
  C:\Windows\System\zhUjFLu.exe
  2⤵
  PID:9408
- C:\Windows\System\oGCoXxv.exe
  C:\Windows\System\oGCoXxv.exe
  2⤵
  PID:9424
- C:\Windows\System\yVFktRH.exe
  C:\Windows\System\yVFktRH.exe
  2⤵
  PID:9440
- C:\Windows\System\EcWwDAE.exe
  C:\Windows\System\EcWwDAE.exe
  2⤵
  PID:9456
- C:\Windows\System\YwasLAV.exe
  C:\Windows\System\YwasLAV.exe
  2⤵
  PID:9476
- C:\Windows\System\GxTeHcJ.exe
  C:\Windows\System\GxTeHcJ.exe
  2⤵
  PID:9492
- C:\Windows\System\llNyPTg.exe
  C:\Windows\System\llNyPTg.exe
  2⤵
  PID:9508
- C:\Windows\System\lpdyTEh.exe
  C:\Windows\System\lpdyTEh.exe
  2⤵
  PID:9524
- C:\Windows\System\wTMwZVP.exe
  C:\Windows\System\wTMwZVP.exe
  2⤵
  PID:9540
- C:\Windows\System\AjpHerm.exe
  C:\Windows\System\AjpHerm.exe
  2⤵
  PID:9624
- C:\Windows\System\jOpsPvJ.exe
  C:\Windows\System\jOpsPvJ.exe
  2⤵
  PID:9692
- C:\Windows\System\lZigsoq.exe
  C:\Windows\System\lZigsoq.exe
  2⤵
  PID:9720
- C:\Windows\System\sRrwcIn.exe
  C:\Windows\System\sRrwcIn.exe
  2⤵
  PID:9740
- C:\Windows\System\vqLWsKe.exe
  C:\Windows\System\vqLWsKe.exe
  2⤵
  PID:9768
- C:\Windows\System\iNwHghX.exe
  C:\Windows\System\iNwHghX.exe
  2⤵
  PID:9784
- C:\Windows\System\AzwdRNS.exe
  C:\Windows\System\AzwdRNS.exe
  2⤵
  PID:9812
- C:\Windows\System\VAtVulN.exe
  C:\Windows\System\VAtVulN.exe
  2⤵
  PID:9868
- C:\Windows\System\aIbeXEO.exe
  C:\Windows\System\aIbeXEO.exe
  2⤵
  PID:9896
- C:\Windows\System\DxbJGvh.exe
  C:\Windows\System\DxbJGvh.exe
  2⤵
  PID:9912
- C:\Windows\System\oxYptOR.exe
  C:\Windows\System\oxYptOR.exe
  2⤵
  PID:9928
- C:\Windows\System\JTJOhMR.exe
  C:\Windows\System\JTJOhMR.exe
  2⤵
  PID:9944
- C:\Windows\System\qBrZFQC.exe
  C:\Windows\System\qBrZFQC.exe
  2⤵
  PID:9960
- C:\Windows\System\RDvEmzK.exe
  C:\Windows\System\RDvEmzK.exe
  2⤵
  PID:9976
- C:\Windows\System\SSyTUIB.exe
  C:\Windows\System\SSyTUIB.exe
  2⤵
  PID:9992
- C:\Windows\System\qyistrN.exe
  C:\Windows\System\qyistrN.exe
  2⤵
  PID:10008
- C:\Windows\System\cMzTaGK.exe
  C:\Windows\System\cMzTaGK.exe
  2⤵
  PID:10024
- C:\Windows\System\UrUUwbn.exe
  C:\Windows\System\UrUUwbn.exe
  2⤵
  PID:10040
- C:\Windows\System\kSGUNUE.exe
  C:\Windows\System\kSGUNUE.exe
  2⤵
  PID:10056
- C:\Windows\System\RPqODXT.exe
  C:\Windows\System\RPqODXT.exe
  2⤵
  PID:10072
- C:\Windows\System\ywzSFWl.exe
  C:\Windows\System\ywzSFWl.exe
  2⤵
  PID:10088
- C:\Windows\System\ZpoJNLJ.exe
  C:\Windows\System\ZpoJNLJ.exe
  2⤵
  PID:10144
- C:\Windows\System\zuTNgrb.exe
  C:\Windows\System\zuTNgrb.exe
  2⤵
  PID:10180
- C:\Windows\System\wQnfhTE.exe
  C:\Windows\System\wQnfhTE.exe
  2⤵
  PID:10204
- C:\Windows\System\eBqiQIT.exe
  C:\Windows\System\eBqiQIT.exe
  2⤵
  PID:10220
- C:\Windows\System\byLfPZo.exe
  C:\Windows\System\byLfPZo.exe
  2⤵
  PID:10236
- C:\Windows\System\nKQFhVp.exe
  C:\Windows\System\nKQFhVp.exe
  2⤵
  PID:2400
- C:\Windows\System\DuHxuPU.exe
  C:\Windows\System\DuHxuPU.exe
  2⤵
  PID:8756
- C:\Windows\System\vIaOfjE.exe
  C:\Windows\System\vIaOfjE.exe
  2⤵
  PID:8820
- C:\Windows\System\iXIcVfT.exe
  C:\Windows\System\iXIcVfT.exe
  2⤵
  PID:9368
- C:\Windows\System\rNlcAaC.exe
  C:\Windows\System\rNlcAaC.exe
  2⤵
  PID:9252
- C:\Windows\System\LByYHlI.exe
  C:\Windows\System\LByYHlI.exe
  2⤵
  PID:9432
- C:\Windows\System\jCqBCSt.exe
  C:\Windows\System\jCqBCSt.exe
  2⤵
  PID:9488
- C:\Windows\System\OExynhI.exe
  C:\Windows\System\OExynhI.exe
  2⤵
  PID:9472
- C:\Windows\System\prfcURm.exe
  C:\Windows\System\prfcURm.exe
  2⤵
  PID:9176
- C:\Windows\System\vEZShsG.exe
  C:\Windows\System\vEZShsG.exe
  2⤵
  PID:9552
- C:\Windows\System\dLglqRn.exe
  C:\Windows\System\dLglqRn.exe
  2⤵
  PID:9636
- C:\Windows\System\vwpiQoE.exe
  C:\Windows\System\vwpiQoE.exe
  2⤵
  PID:9660
- C:\Windows\System\krBHTYY.exe
  C:\Windows\System\krBHTYY.exe
  2⤵
  PID:9664
- C:\Windows\System\zundCGa.exe
  C:\Windows\System\zundCGa.exe
  2⤵
  PID:9728
- C:\Windows\System\uQBHlmB.exe
  C:\Windows\System\uQBHlmB.exe
  2⤵
  PID:9776
- C:\Windows\System\aMcbBYr.exe
  C:\Windows\System\aMcbBYr.exe
  2⤵
  PID:9828
- C:\Windows\System\vlRzxfy.exe
  C:\Windows\System\vlRzxfy.exe
  2⤵
  PID:9844
- C:\Windows\System\OLTTBvb.exe
  C:\Windows\System\OLTTBvb.exe
  2⤵
  PID:9860
- C:\Windows\System\jvFYmUA.exe
  C:\Windows\System\jvFYmUA.exe
  2⤵
  PID:9936
- C:\Windows\System\FcjHKHY.exe
  C:\Windows\System\FcjHKHY.exe
  2⤵
  PID:9704
- C:\Windows\System\FSEiepZ.exe
  C:\Windows\System\FSEiepZ.exe
  2⤵
  PID:9748
- C:\Windows\System\EWAHJYH.exe
  C:\Windows\System\EWAHJYH.exe
  2⤵
  PID:9792
- C:\Windows\System\roGbdrZ.exe
  C:\Windows\System\roGbdrZ.exe
  2⤵
  PID:9876
- C:\Windows\System\qVwqmPU.exe
  C:\Windows\System\qVwqmPU.exe
  2⤵
  PID:9892
- C:\Windows\System\kpZUNfp.exe
  C:\Windows\System\kpZUNfp.exe
  2⤵
  PID:9952
- C:\Windows\System\yyZCpOE.exe
  C:\Windows\System\yyZCpOE.exe
  2⤵
  PID:9984
- C:\Windows\System\UBaFKvl.exe
  C:\Windows\System\UBaFKvl.exe
  2⤵
  PID:10036
- C:\Windows\System\TPExAnq.exe
  C:\Windows\System\TPExAnq.exe
  2⤵
  PID:10048
- C:\Windows\System\fixVamD.exe
  C:\Windows\System\fixVamD.exe
  2⤵
  PID:10096
- C:\Windows\System\jMIRNQM.exe
  C:\Windows\System\jMIRNQM.exe
  2⤵
  PID:10128
- C:\Windows\System\TdlZKEk.exe
  C:\Windows\System\TdlZKEk.exe
  2⤵
  PID:10112
- C:\Windows\System\NggcVKT.exe
  C:\Windows\System\NggcVKT.exe
  2⤵
  PID:10188
- C:\Windows\System\OpZANQK.exe
  C:\Windows\System\OpZANQK.exe
  2⤵
  PID:10160
- C:\Windows\System\gWAHrbb.exe
  C:\Windows\System\gWAHrbb.exe
  2⤵
  PID:10176
- C:\Windows\System\YvEKKbE.exe
  C:\Windows\System\YvEKKbE.exe
  2⤵
  PID:10216
- C:\Windows\System\hzNVLII.exe
  C:\Windows\System\hzNVLII.exe
  2⤵
  PID:9236
- C:\Windows\System\dDGwbHH.exe
  C:\Windows\System\dDGwbHH.exe
  2⤵
  PID:9336
- C:\Windows\System\crsqUyb.exe
  C:\Windows\System\crsqUyb.exe
  2⤵
  PID:9020
- C:\Windows\System\NkfLWAD.exe
  C:\Windows\System\NkfLWAD.exe
  2⤵
  PID:9316
- C:\Windows\System\nbJZAxD.exe
  C:\Windows\System\nbJZAxD.exe
  2⤵
  PID:9400
- C:\Windows\System\GjWXgIJ.exe
  C:\Windows\System\GjWXgIJ.exe
  2⤵
  PID:9404
- C:\Windows\System\szDbHwY.exe
  C:\Windows\System\szDbHwY.exe
  2⤵
  PID:9356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AjXHYYI.exe

Filesize
6.1MB

MD5
de8b901da0b0fd5a31f4a8455ce5e088

SHA1
0f928b2553098c6b0be3b20e41f7d363e6a0ff1e

SHA256
c6c3f3fdc96db6980b1d80f99eddcc9736a973e1e594d47295d1f7471f333fc0

SHA512
61ec56300601ccfb79ab72488c278ba4e97855e611f58a84de72a5f831b53d59f3947b043ade73a3bd9b69c7e9547fce921bc8215b94dbbcea97c6b6a998a2f5

Download Submit
C:\Windows\system\DlFsyDn.exe

Filesize
6.0MB

MD5
a2311ca46b29e73b28b73745a638eb5a

SHA1
02503fc38a98bcf8047b26db527e1867475a1802

SHA256
c3d7c2beb92cca32bfba6460d64ec3ddd5dbaea6533f2ee8ef63e70d9f2524be

SHA512
23defb0093b18120ec17701be64e0e965bf459b7924201d6bebc94dc938391d5def5c53d438888cb8a6d5793d3321bae3c2d8342823a323341eccea2c528913b

Download Submit
C:\Windows\system\JphWbcT.exe

Filesize
6.0MB

MD5
dfe033fa716d20fb981effee224a041d

SHA1
e077779d4074551f7d26b62e3c702a769cbc6152

SHA256
a38fbf561fd5c65011b28696fab7b79cb8aa71694b21ac374860712d4712d8e1

SHA512
73d552efd7cc3fe0897ef23207e908092ce1e731a4a3eba2a544556116012b7bb7476b48187ded4f702df8417857eefb60b20ec916a4a198e014d0c166186631

Download Submit
C:\Windows\system\MKfXGLD.exe

Filesize
6.1MB

MD5
6a9b340255d67230f0fc0dd32b973020

SHA1
6180d108b2d03e86b4a5acf392b0295639058150

SHA256
529f6f5f5a83cd0f12c0b75a9f68ebbc115966d1a49433bb096c4b9a2838fb95

SHA512
35f9e0b8ec703a84d2e2cce9e8b1ddfcc6eb81d1da3713c9dab32b25dd2ae81269f5021b442b466a0ddd1c198546b93174be7b39d4f0ac6a0f2b540d30f59918

Download Submit
C:\Windows\system\RUEYrTr.exe

Filesize
6.0MB

MD5
a79aa12200955f6c40a229cff284d62b

SHA1
0273b73ce37e1727409386dfa5e0472bd49e3de2

SHA256
27cc2390a96bff38247fab1821382766171ff0713f96f80a88a3484b45061fb3

SHA512
da8a1a7151b3adac4eb564f2d3bf1fb313969b87b06f93f647856a499f788a1b5f6e3a373909749cf5c63db5cc91d811ddacee7b96542b13b744a7ad4bd17704

Download Submit
C:\Windows\system\VbHZFzx.exe

Filesize
6.1MB

MD5
530d1bfd8a950cd9276732552227169b

SHA1
a7e568fd9fefbdde2a297fbcafecfb213eced904

SHA256
6fd4863df34045b64dd85cf4e910126da05e5972c11c020243fc9c515189c60a

SHA512
9755177711763d911448173e16b1165f38bec3b453ee21934c84c4f75bd1c4676a34161c7c957a03d6bddbbe54e51c24fe27bf4c7c3ed8ccb344f289a29183c0

Download Submit
C:\Windows\system\WnLrnkM.exe

Filesize
6.1MB

MD5
ae8fa18f7770ab5bf5a05405c396e891

SHA1
724b664ae4a7fc9fe401534e97d490f941e859d0

SHA256
be38aac72e03d52379cb0e8f081d68394acea42cfca7579fb9fbad213fea69ff

SHA512
b61ad2dce8ab77d0400ef84d4563044084d01a2e4bd06b75a071f7a6c1015722c054946bad480e4f4792b6dee2a6240d8455c22f1cc81abac0f4c09a81b9f435

Download Submit
C:\Windows\system\XIYOsZg.exe

Filesize
6.1MB

MD5
548147fe23487aa6dccca61b7963f219

SHA1
ebfce0485aadb3e5ef31a5aa4890ffa1af70ac9c

SHA256
19ee01687b1dc4274a7bb5958965cc551046907cbbc4c6f87e83f36de48edf50

SHA512
9fd549ff31691f07e174fa20b2592cbc19368b8a540debc06711d7d057739f8bacd459131af987efb5d831201663967af9a4637134e03e926d2c7f5f1f6063af

Download Submit
C:\Windows\system\ZvJcTvV.exe

Filesize
6.1MB

MD5
ae5ae58d6d25b6c4515bf5ec0ba847a8

SHA1
2c6b4de1ff5640d39a12e7a33f70de09dd77e0c4

SHA256
97b88d7f054a21fabe3bf83432d3a367fd3bdd48fd917d37e177b9f58abcd42d

SHA512
56408799e83f0f826690883d4ad3d80c75ecfdf8d12203cc6aa6ca21ef13857d47898e1bd66d72117650a14fd75bb33e7e8ec6f4cc6b1e200693632635db27a0

Download Submit
C:\Windows\system\ajNAoxq.exe

Filesize
6.1MB

MD5
0c7e5d591be2f1d78983590cdeaf4c2c

SHA1
33f7c8ccb7b67a9272b59cf39e898a046c01f87c

SHA256
8d7861a974235800f037a7d23daf3a913df2cffb64a6dbc80a73ab00f91e094c

SHA512
e83ceb10c3e83413a1aff3c55f9bf43de7cee5c527d885b483f8e2398ce0f824d9cc26cbea75704742cae70e48cad5d4b70e791f97dccf7bd5f89ead486c3e76

Download Submit
C:\Windows\system\akUFpes.exe

Filesize
6.0MB

MD5
97c9ad1d9f7ca49eb8763ac3139d2d67

SHA1
aa8e0e6b1a45e08d61bde19197d93e1658e78309

SHA256
07cccd0df88afb6ae503808acabd5ebd38cfa33a9995fd7930f19bcb5bf5f3f9

SHA512
11416f691feb9553fd6690ae5f81a6f5ab004729e094c9648d0db9979bfd08a128375c24113ad9c44a709b2a409ed21d6cd1480179892816601fe0bfcb35bddb

Download Submit
C:\Windows\system\bHJVSKW.exe

Filesize
6.1MB

MD5
d47ca7fece3b8bf6fd6090e4cb091543

SHA1
5e1b77b854bf746bc3a1ca0336f2779ed95ef825

SHA256
86f0f557af3199d26cb22b7153dbc32b6659d672219367f73af7d662b46ec74e

SHA512
eddfaab14b417b776f67275d59087a44cd4f7e5b6a64a199979e16fc5b6264cc1069cdeff06c4dce5a01a25420b0cffc114a6fd91f3ffd636ac1d5f3ced90771

Download Submit
C:\Windows\system\bLjIrvT.exe

Filesize
6.0MB

MD5
0255312a1d3483197964c5a732aafa8f

SHA1
d6ef89537bb214e262049e2cf74ef5e9d96b0024

SHA256
5d4b8717377ef2ba2079e9c57e9c63bee4fc13c7d49af66ac32468acb88387f5

SHA512
eef7591c47ea1ff064e14285752ae4265ed4b481b2a92daa9bd76bfc2c761a2f56eba2e96c654066b0c0f7c195c178c90b696a652cdf6fe6a36e74ce6daa4251

Download Submit
C:\Windows\system\bvmPvTm.exe

Filesize
6.1MB

MD5
d2e96ae1bc89753514c9f83ff7bcbe36

SHA1
273699b634393a0c6b17b95856b1adef18184e0a

SHA256
4eb916da87046eed1e92309451e66cf1b7ededb5f0db9fc3c3b37c59c177d578

SHA512
2884f072041dd3ec2f626aa5c54561cc06f8bf6593a328a92bb8e0ddcdf56f79fdaa22d0064590bfa764b4c9f1a2cedf101a72ee9800b203d608d18c1e9066ba

Download Submit
C:\Windows\system\cpYxtQS.exe

Filesize
6.0MB

MD5
ea6090f4c588a005cf40239516ed1c1f

SHA1
86642d8ebd93854177917e31b24cc770e20467a0

SHA256
05045dbda0ea994b69813a9771dba00371fcca769f6856addbd8093bf8a6414b

SHA512
f0a6a1e4f4de7d1474f4a3bc73fd5c4bf12af53a0c4f5351e7e1bb3424c2b22e38e6af11b0fc82d02d08d110646ab971c1eebe945535b0be61dc3c4f394411d2

Download Submit
C:\Windows\system\fYGZFTt.exe

Filesize
6.1MB

MD5
a12186446abda4dcb867e1740043b146

SHA1
95f304ee39f7f36957c080037ee736dd43b18ce0

SHA256
0ee10679c5a4d675fe96adac8777f3af03cc174cd3c391bae3c94832b8b3e35d

SHA512
9d280b8620d0b5362dcdb247e97b7921e4496ded0328c13145d6e5bd0c697f48b59077d86e2bd38299de0d7d13216bef9f53e7c36b7c196cfbbe4f0412229024

Download Submit
C:\Windows\system\iDhOcLO.exe

Filesize
6.1MB

MD5
480749b784fccf394508e3e921543581

SHA1
5a1b06e39323d2a656239cbc9dd45fa59ecaf4de

SHA256
1a1245b520dbdec18c6ed4be58cd1554d4faed6936c02b59b8287077b390f93d

SHA512
b704d9c7edf5a50a5ea8a29d88d79b123b38d6b96e91897dc97bdaca014473c2705973239260991931226c2dcfa1a48ef958bb32137e1d8d01c4a2195c1a49d7

Download Submit
C:\Windows\system\kBttOBd.exe

Filesize
6.0MB

MD5
e3157e3ce28418845bdbf30ce08dc6f3

SHA1
04054e81da5a2297c9597db016dafa0175899fbf

SHA256
7c292d6e48102821a14e03ef6c955c2cb87c01159daa0fed48a6e284fa79e363

SHA512
a0c42ff7e2b874bbac2f9b777bc15ff605299eb41b78f378954eef4287ce10ca9131be18a80b826e93fd01d3b53d46820c05293eb04b3abbf383d7417e242ec9

Download Submit
C:\Windows\system\kkfPwuG.exe

Filesize
6.0MB

MD5
163da67c0fd1ec8d0705032b9f5bd0be

SHA1
3d3943639055e2d933f9e803363a6c1461be9f16

SHA256
e78756b17c4e3bec297b0a1e5925f18e1126c0ec9d065240e6066a4bbf6eff97

SHA512
32b09d9e6d07461b89771442ddc68feea0e34f3473405e8a093d04ce4bef8efc1d02b1f2b6fee0897b0f95efd8a78260d7b6e068f3128de65aec7595b6744b52

Download Submit
C:\Windows\system\sKKpciS.exe

Filesize
6.0MB

MD5
516bbd99bd061a44ceebeb829dd61bea

SHA1
675cad9022016795f27604b94560ce6d88f53325

SHA256
1df6f84829bf91c790f254b8b199b61e2c919328c332022d22727622397960f5

SHA512
cf1681fc04bdfd845e1d0e4d02f036d51899f9479b0e08927bb380f305968f5101ba1ca12d4de2724a0ac53899fc9a4c43a0eb919255392c8bf80baf6d95dc5d

Download Submit
C:\Windows\system\sopLPxV.exe

Filesize
6.1MB

MD5
c4d6157aaca140aff450c3f492bc721c

SHA1
fd1cc522e663246004b8a408254992bbaa4fe8cb

SHA256
9225586be6887f7220c3b1fc24ddfc4d39431a7054185698dbff6291a5fb1d7c

SHA512
2c529e100aff9a245cadff4091c8784741b4edba0b1b23378f0a8287f0db71615797aef1fd86b8ede3da7ec5a5ff2e9daf88126d30bcf40339056d9cf3846109

Download Submit
C:\Windows\system\wJILZyS.exe

Filesize
6.1MB

MD5
1aaf98cd7ae78af7adc087be58d625bf

SHA1
8e84f269de2c7d659a5d885999909989dd3d2e29

SHA256
5446277be0eb3fb8ed66e7d1e45ea35e9fca81934a1949a741ff192045990fae

SHA512
d8562f365b490008b07ad4924363efa75385140c887c33b3dac8129fce7fe4334af03f7b35bd508f76cf56b79aa59684483d79125987c6a98db2bdd9c25155f5

Download Submit
C:\Windows\system\wuRHsZV.exe

Filesize
6.1MB

MD5
b4eaa147871266f51b81570a13a5aa85

SHA1
878dc77226e9863f2586824869f5b445b055e30b

SHA256
8affaef0031f4c972509cae1bd61e3fec4c5f4f3bd90f33978f96c8871b4dd62

SHA512
56fdbcacddbbc4178f2a8dcc304539dd2051f6f9441b1dcb51e861385e272b6e1dcdc1d2d5e672b52493023a395dfe3bf7f0e0533fa2edefed8798d83675bd36

Download Submit
C:\Windows\system\yjEeQWd.exe

Filesize
6.0MB

MD5
d706d636aeb79712cda285a1d2c0e781

SHA1
79608c979e4b10e93ce9e6f980f405f7339a3074

SHA256
f2a30cdbea78da99fb86cfe4bd7ea0c4b52874fa0e7ccca4ad2f2dfc60b9e07e

SHA512
467a40a6fcfe35aac5b20598519dd2c1fac40a927170dbe52ff2d2667c5a1af12bcca5574cba9d14f3bbed4232577b9e24614189416e38c9a48bcd100c9f620a

Download Submit
C:\Windows\system\zIyxsaO.exe

Filesize
6.0MB

MD5
b2cdd1ead821a8bf93c56aea3ca3b520

SHA1
61dbc40cc0333bac7b1c24e3ec192020f60b66b1

SHA256
e302ec472bc2ccdd033f94a4979c037292736984591b0e274d411722e2e57481

SHA512
d44a48f685e49b160cbfe644364f67a0b79b09427659caf2b8f3f2f160732dca985a7d38d602b34fe566e615b26814de92780355fb4c9543cfdeec9a49165922

Download Submit
\Windows\system\IBZxmrr.exe

Filesize
6.0MB

MD5
3e1a1bf29c2ec4b0b9bd6cb16b8dad81

SHA1
107d31c299f83d6fd599422be60a1611d1b96159

SHA256
83067750ed4b412f06caa69ff7a951974e5bba0906e3c2fb4fb9a073a7a784d7

SHA512
f288bc01eed9d081ac7bc28f3bb78675867e5c97211977e4a8419f0a2d6ecbc35bdb07503e0a90c23f25638f23e42851168cbda525eb32ff2b5159e0a5affa75

Download Submit
\Windows\system\VWKxCjy.exe

Filesize
6.0MB

MD5
6e7e5a2fe8bdf46f4aa913af822eab26

SHA1
701c74d769fa07360ed050203aecc9ba662527d7

SHA256
769839914893f39fe7b874f403f8965f894738952e094657061f5dcde2bd9da1

SHA512
23d5fd652de6b0ae2d122007e7e8a4814ffe2233a0830e343e328fd54c58297bbb2a22699c805607c5a109b985ce2711b3d3a3c0b340ec5193bde9415eee01ed

Download Submit
\Windows\system\eyxUvhE.exe

Filesize
6.0MB

MD5
5edbf7e374a9aea5283140297c93d0ca

SHA1
0916ac6eaacd86ce915e8eb67fc2b56afb1600ac

SHA256
48a7105b4d015d6e53687b8c45c452d4dbefed6822a20e39e44e7598aaa2b830

SHA512
6719225dda64bb73328a8e71cfb24ea490f9b3c06efab930575357b24d30bec864b1ced52831b57d9889b568ee538af1bb7385a967f92334b9b256501e148422

Download Submit
\Windows\system\iTwPVzw.exe

Filesize
6.0MB

MD5
97bb9aa4ece74d4b316c281068110821

SHA1
de952c81b9f6345a2344d59c71cc54c186a6464a

SHA256
bdaa9893d804fe85eadd0d3c1ecd7695a5a3932589a9354389c6d9b080784085

SHA512
d8574c542213f339d99b821603eb6a4d3df9d72e907e6b9701a82e713d783edf8744bf9610df10516956db7b619a4f2cccbb59c9808f0c63605087b0226882cd

Download Submit
\Windows\system\isrNnSF.exe

Filesize
6.0MB

MD5
0d0969c12350e858e9319ea4265c3d31

SHA1
421ef020b98003e8bb6b71989bcb231b5e8faebb

SHA256
8e3b9001eef9e07ed340a9656748e6003785aec55d2aa92b00d3c356ded19109

SHA512
25f425c09108192a1ad399dea51cae32f17251f687fbb0731002294155aa7a423e0ba0c44b03bb4d095d7f7f925b736adb081422ea94074134cfbbc4e0762a2f

Download Submit
\Windows\system\kZvKneT.exe

Filesize
6.0MB

MD5
52d3676f2c206e70f1c7759b93f87df6

SHA1
05aa634c4ddaca4798a9c0501c6ca62221f8ddb2

SHA256
b5083b9f4a8123e09a38036ab08adea806477c7bb233f79d09c8dbfd28fd332d

SHA512
cf2c949e55a2898ea4743513e3ab2e2c948f90a4facdc034ab2df3c452d2dfa7e86e66ce9d5fcbb1b24895f068de431d8a3ca8f604b500087bfe5c36c99cf4cc

Download Submit
\Windows\system\qwJvCZv.exe

Filesize
6.0MB

MD5
d80de6d0c479a746cb964cdd0fa68de4

SHA1
141c6c4708c183db19bab7e6a752a85207e69080

SHA256
864de5f45e36e81ccd598b644c08b40d6ece44a7f5e756091599fa24058a107a

SHA512
bd4e854acf3b0d5d1bf4d7d4c4467575ce2b0633447bb88afe5c7a1181e80152d0590b66b3e0d91104a24415bc898dd88c5a3712829130513cd7157e4e8efd78

Download Submit
memory/308-1734-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/308-37-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-405-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-1955-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-94-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-92-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-1942-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1930-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2076-87-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2248-567-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2248-21-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-101-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-309-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2248-310-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-109-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2248-108-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-68-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-57-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-65-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-64-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-0-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-14-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2248-36-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-50-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-467-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-89-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-42-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-81-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2248-91-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-24-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2248-25-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2320-72-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1929-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-259-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1956-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-102-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-66-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1775-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1767-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2620-58-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1752-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-49-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1766-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-71-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-48-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-26-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1701-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2900-27-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1708-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2988-23-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2095-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-30-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1725-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download