cobaltstrike | f25aec1f83b86df8de418a60c9888d0d70206e0709a4d2f766561dca2b5e992b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

51498dd2c054731001b5b208ab616ab3
SHA1

c585eeb518dae0b392903fcb04a1af82ece2b97f
SHA256

f25aec1f83b86df8de418a60c9888d0d70206e0709a4d2f766561dca2b5e992b
SHA512

1ddb516f01006868ebbe45a9f9648c00ba0ca32cbc87867e50a224f927332f59d226857987fe71bb632c38df23482e6a1213a52ef6ffff5829f22425cb36841a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016a66-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3a-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c4a-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c51-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc8-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cec-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-39.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-70.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-62.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-50.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a9-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d06-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2420-0-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0009000000016a66-8.dat	xmrig
behavioral1/files/0x0008000000016c3a-12.dat	xmrig
behavioral1/files/0x0007000000016c4a-16.dat	xmrig
behavioral1/files/0x0008000000016c51-23.dat	xmrig
behavioral1/files/0x0007000000016cc8-26.dat	xmrig
behavioral1/files/0x0007000000016cec-31.dat	xmrig
behavioral1/files/0x0008000000016d0e-39.dat	xmrig
behavioral1/files/0x0005000000018683-66.dat	xmrig
behavioral1/files/0x0005000000018728-86.dat	xmrig
behavioral1/files/0x00050000000193c2-158.dat	xmrig
behavioral1/memory/3060-178-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2420-528-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2460-253-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/1864-248-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2608-237-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2724-231-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2640-222-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2648-219-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2192-209-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2420-203-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2420-197-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2420-188-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e1-161.dat	xmrig
behavioral1/files/0x00050000000193b4-145.dat	xmrig
behavioral1/files/0x0005000000019334-132.dat	xmrig
behavioral1/files/0x0005000000019261-110.dat	xmrig
behavioral1/files/0x0006000000019023-104.dat	xmrig
behavioral1/memory/2748-227-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2856-216-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2088-213-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2816-200-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2756-191-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2484-186-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001941e-164.dat	xmrig
behavioral1/files/0x000500000001878f-98.dat	xmrig
behavioral1/files/0x0005000000019350-156.dat	xmrig
behavioral1/files/0x0005000000019282-154.dat	xmrig
behavioral1/files/0x000500000001925e-153.dat	xmrig
behavioral1/files/0x00050000000187a5-102.dat	xmrig
behavioral1/files/0x0005000000018784-94.dat	xmrig
behavioral1/files/0x000500000001873d-90.dat	xmrig
behavioral1/files/0x00050000000186fd-82.dat	xmrig
behavioral1/files/0x00050000000186ee-78.dat	xmrig
behavioral1/files/0x00050000000186ea-74.dat	xmrig
behavioral1/files/0x00050000000186e4-70.dat	xmrig
behavioral1/files/0x000d000000018676-62.dat	xmrig
behavioral1/files/0x00060000000174cc-58.dat	xmrig
behavioral1/files/0x0006000000017492-54.dat	xmrig
behavioral1/files/0x0006000000017488-50.dat	xmrig
behavioral1/files/0x00070000000173a9-46.dat	xmrig
behavioral1/files/0x0008000000016d18-43.dat	xmrig
behavioral1/files/0x0007000000016d06-35.dat	xmrig
behavioral1/memory/1864-3008-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2816-3747-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2192-3748-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2640-3753-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2756-3752-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2856-3751-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2724-3750-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2460-3749-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2748-3745-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2648-3803-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1864	qlfyeSS.exe
3060	wAbVZjf.exe
2460	sAPwWgw.exe
2484	HWrSaXd.exe
2756	EsVjLzy.exe
2816	qgBRxaZ.exe
2192	vsgSAHA.exe
2088	cjCOuzW.exe
2856	MSkXHxw.exe
2648	IVzduHj.exe
2640	NXeWCRG.exe
2748	tDOsboQ.exe
2724	EcQalRI.exe
2608	DvwxFiJ.exe
2676	ezZaclk.exe
2040	uCQPspV.exe
2896	YvKAvpz.exe
780	kqyfNHU.exe
2924	VqaGaPJ.exe
1276	QEMTith.exe
1956	nxcRQuu.exe
2904	AdJyoNR.exe
948	uiwaZYR.exe
1004	kQoVkPw.exe
3028	EDmQqIg.exe
1344	PltUGli.exe
2316	ENGVVdq.exe
2328	xHgnIFT.exe
444	pjWdLTw.exe
1284	VSnxjgB.exe
2868	dAMWUiQ.exe
1552	eWUXAOw.exe
108	AkPikVe.exe
2124	reGziGv.exe
1692	EFlvxko.exe
2472	AkpoeYo.exe
844	MCsyXaG.exe
1624	rLcjPnV.exe
492	XRtfAaU.exe
3064	FKGQxAr.exe
344	sYAMrAk.exe
2360	VjpgRbB.exe
1500	kZdodLR.exe
320	jQsZxcq.exe
2832	vRBDeoQ.exe
2996	frbedms.exe
2580	YkCNDym.exe
1268	bcrnfIo.exe
1776	AqVMQAZ.exe
1792	jEwjsFU.exe
2600	REkcDex.exe
2388	QincHzR.exe
2384	kMzCTGt.exe
2936	KwvhcKP.exe
280	XZKuXZE.exe
924	otpHiGF.exe
3020	LoCiqjX.exe
2132	OZMmYDN.exe
1480	AnFwyTQ.exe
1124	wfccLKU.exe
1988	IZNgkZv.exe
2000	MHxWPTo.exe
3024	nxXZCEq.exe
884	XEWWZmS.exe

Loads dropped DLL 64 IoCs

pid	Process
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2420-0-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0009000000016a66-8.dat	upx
behavioral1/files/0x0008000000016c3a-12.dat	upx
behavioral1/files/0x0007000000016c4a-16.dat	upx
behavioral1/files/0x0008000000016c51-23.dat	upx
behavioral1/files/0x0007000000016cc8-26.dat	upx
behavioral1/files/0x0007000000016cec-31.dat	upx
behavioral1/files/0x0008000000016d0e-39.dat	upx
behavioral1/files/0x0005000000018683-66.dat	upx
behavioral1/files/0x0005000000018728-86.dat	upx
behavioral1/files/0x00050000000193c2-158.dat	upx
behavioral1/memory/3060-178-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2420-528-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2460-253-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/1864-248-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2608-237-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2724-231-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2640-222-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2648-219-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2192-209-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x00050000000193e1-161.dat	upx
behavioral1/files/0x00050000000193b4-145.dat	upx
behavioral1/files/0x0005000000019334-132.dat	upx
behavioral1/files/0x0005000000019261-110.dat	upx
behavioral1/files/0x0006000000019023-104.dat	upx
behavioral1/memory/2748-227-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2856-216-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2088-213-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2816-200-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2756-191-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2484-186-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000500000001941e-164.dat	upx
behavioral1/files/0x000500000001878f-98.dat	upx
behavioral1/files/0x0005000000019350-156.dat	upx
behavioral1/files/0x0005000000019282-154.dat	upx
behavioral1/files/0x000500000001925e-153.dat	upx
behavioral1/files/0x00050000000187a5-102.dat	upx
behavioral1/files/0x0005000000018784-94.dat	upx
behavioral1/files/0x000500000001873d-90.dat	upx
behavioral1/files/0x00050000000186fd-82.dat	upx
behavioral1/files/0x00050000000186ee-78.dat	upx
behavioral1/files/0x00050000000186ea-74.dat	upx
behavioral1/files/0x00050000000186e4-70.dat	upx
behavioral1/files/0x000d000000018676-62.dat	upx
behavioral1/files/0x00060000000174cc-58.dat	upx
behavioral1/files/0x0006000000017492-54.dat	upx
behavioral1/files/0x0006000000017488-50.dat	upx
behavioral1/files/0x00070000000173a9-46.dat	upx
behavioral1/files/0x0008000000016d18-43.dat	upx
behavioral1/files/0x0007000000016d06-35.dat	upx
behavioral1/memory/1864-3008-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2816-3747-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2192-3748-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2640-3753-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2756-3752-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2856-3751-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2724-3750-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2460-3749-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2748-3745-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2648-3803-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2088-3802-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2484-3799-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2608-3779-0x000000013F720000-0x000000013FA74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BpmHcVL.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmLARLB.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHeLbjJ.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWXqxUV.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYbgMTl.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdFziZT.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZZGASS.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOKEIWN.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVclTnD.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dynqgVs.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqPLRoB.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPQsEet.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frbedms.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgWbUKK.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICJJbVt.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tuzddet.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UziozTa.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSUkWRo.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUHrgQm.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTwAVto.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBwrJJE.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZYjrpq.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyebWuE.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOqwnRJ.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNxOBMS.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoGdFCm.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymllEsU.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDEZQtV.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUGnQsq.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpcdrCe.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cErpwZJ.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHEJXFl.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqJNmHx.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwnyMVR.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxwhMuR.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqABMfJ.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXFLbfP.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBIQUUw.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLpfMxN.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWUXAOw.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJMiVba.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaQygUz.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVwXEjT.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGoHfwb.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\symRWok.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUMoXWJ.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWTFXId.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZNgkZv.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rofMcPO.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayWluet.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTsypbi.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjQuAIJ.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAOqYet.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICPVHOT.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFvrNjK.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvpNryD.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LstXyHB.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVUmoZA.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIrcRrz.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xixJFaZ.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjQtmeq.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAKHJiB.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbFuMZw.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtUbcJe.exe	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1864	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 1864	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 1864	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 3060	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 3060	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 3060	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2460	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2460	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2460	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2484	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2484	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2484	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2756	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2756	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2756	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2816	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2816	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2816	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2192	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2192	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2192	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2088	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2088	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2088	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2856	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2856	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2856	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2648	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2648	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2648	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2640	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2640	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2640	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2748	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2748	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2748	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2724	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2724	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2724	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2608	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 2608	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 2608	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 2676	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2676	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2676	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2040	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 2040	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 2040	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 2896	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 2896	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 2896	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 780	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 780	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 780	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 2924	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 2924	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 2924	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 1276	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1276	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1276	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1956	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 1956	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 1956	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 2904	2420	2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_51498dd2c054731001b5b208ab616ab3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\System\qlfyeSS.exe
  C:\Windows\System\qlfyeSS.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\wAbVZjf.exe
  C:\Windows\System\wAbVZjf.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\sAPwWgw.exe
  C:\Windows\System\sAPwWgw.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\HWrSaXd.exe
  C:\Windows\System\HWrSaXd.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\EsVjLzy.exe
  C:\Windows\System\EsVjLzy.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\qgBRxaZ.exe
  C:\Windows\System\qgBRxaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\vsgSAHA.exe
  C:\Windows\System\vsgSAHA.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\cjCOuzW.exe
  C:\Windows\System\cjCOuzW.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\MSkXHxw.exe
  C:\Windows\System\MSkXHxw.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\IVzduHj.exe
  C:\Windows\System\IVzduHj.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\NXeWCRG.exe
  C:\Windows\System\NXeWCRG.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\tDOsboQ.exe
  C:\Windows\System\tDOsboQ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\EcQalRI.exe
  C:\Windows\System\EcQalRI.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\DvwxFiJ.exe
  C:\Windows\System\DvwxFiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ezZaclk.exe
  C:\Windows\System\ezZaclk.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\uCQPspV.exe
  C:\Windows\System\uCQPspV.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\YvKAvpz.exe
  C:\Windows\System\YvKAvpz.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\kqyfNHU.exe
  C:\Windows\System\kqyfNHU.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\VqaGaPJ.exe
  C:\Windows\System\VqaGaPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\QEMTith.exe
  C:\Windows\System\QEMTith.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\nxcRQuu.exe
  C:\Windows\System\nxcRQuu.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\AdJyoNR.exe
  C:\Windows\System\AdJyoNR.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\uiwaZYR.exe
  C:\Windows\System\uiwaZYR.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\kQoVkPw.exe
  C:\Windows\System\kQoVkPw.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\EDmQqIg.exe
  C:\Windows\System\EDmQqIg.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\dAMWUiQ.exe
  C:\Windows\System\dAMWUiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\PltUGli.exe
  C:\Windows\System\PltUGli.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\eWUXAOw.exe
  C:\Windows\System\eWUXAOw.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\ENGVVdq.exe
  C:\Windows\System\ENGVVdq.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\reGziGv.exe
  C:\Windows\System\reGziGv.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\xHgnIFT.exe
  C:\Windows\System\xHgnIFT.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\YkCNDym.exe
  C:\Windows\System\YkCNDym.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\pjWdLTw.exe
  C:\Windows\System\pjWdLTw.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\bcrnfIo.exe
  C:\Windows\System\bcrnfIo.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\VSnxjgB.exe
  C:\Windows\System\VSnxjgB.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\jEwjsFU.exe
  C:\Windows\System\jEwjsFU.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\AkPikVe.exe
  C:\Windows\System\AkPikVe.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\LoCiqjX.exe
  C:\Windows\System\LoCiqjX.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\EFlvxko.exe
  C:\Windows\System\EFlvxko.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\OZMmYDN.exe
  C:\Windows\System\OZMmYDN.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\AkpoeYo.exe
  C:\Windows\System\AkpoeYo.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\AnFwyTQ.exe
  C:\Windows\System\AnFwyTQ.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\MCsyXaG.exe
  C:\Windows\System\MCsyXaG.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\wfccLKU.exe
  C:\Windows\System\wfccLKU.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\rLcjPnV.exe
  C:\Windows\System\rLcjPnV.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\IZNgkZv.exe
  C:\Windows\System\IZNgkZv.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\XRtfAaU.exe
  C:\Windows\System\XRtfAaU.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\MHxWPTo.exe
  C:\Windows\System\MHxWPTo.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\FKGQxAr.exe
  C:\Windows\System\FKGQxAr.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\nxXZCEq.exe
  C:\Windows\System\nxXZCEq.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\sYAMrAk.exe
  C:\Windows\System\sYAMrAk.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\XEWWZmS.exe
  C:\Windows\System\XEWWZmS.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\VjpgRbB.exe
  C:\Windows\System\VjpgRbB.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\QeUBWkx.exe
  C:\Windows\System\QeUBWkx.exe
  2⤵
  PID:532
- C:\Windows\System\kZdodLR.exe
  C:\Windows\System\kZdodLR.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\fxjhRXF.exe
  C:\Windows\System\fxjhRXF.exe
  2⤵
  PID:1528
- C:\Windows\System\jQsZxcq.exe
  C:\Windows\System\jQsZxcq.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\qTocbsr.exe
  C:\Windows\System\qTocbsr.exe
  2⤵
  PID:2276
- C:\Windows\System\vRBDeoQ.exe
  C:\Windows\System\vRBDeoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\UtsbVUS.exe
  C:\Windows\System\UtsbVUS.exe
  2⤵
  PID:2156
- C:\Windows\System\frbedms.exe
  C:\Windows\System\frbedms.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\RLmQoDw.exe
  C:\Windows\System\RLmQoDw.exe
  2⤵
  PID:2660
- C:\Windows\System\AqVMQAZ.exe
  C:\Windows\System\AqVMQAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\numQpjQ.exe
  C:\Windows\System\numQpjQ.exe
  2⤵
  PID:2940
- C:\Windows\System\REkcDex.exe
  C:\Windows\System\REkcDex.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\HurKAOA.exe
  C:\Windows\System\HurKAOA.exe
  2⤵
  PID:2456
- C:\Windows\System\QincHzR.exe
  C:\Windows\System\QincHzR.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\Uxsbvom.exe
  C:\Windows\System\Uxsbvom.exe
  2⤵
  PID:1620
- C:\Windows\System\kMzCTGt.exe
  C:\Windows\System\kMzCTGt.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\qjawBVJ.exe
  C:\Windows\System\qjawBVJ.exe
  2⤵
  PID:2120
- C:\Windows\System\KwvhcKP.exe
  C:\Windows\System\KwvhcKP.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\hToZKVu.exe
  C:\Windows\System\hToZKVu.exe
  2⤵
  PID:1888
- C:\Windows\System\XZKuXZE.exe
  C:\Windows\System\XZKuXZE.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\aMTbawu.exe
  C:\Windows\System\aMTbawu.exe
  2⤵
  PID:1216
- C:\Windows\System\otpHiGF.exe
  C:\Windows\System\otpHiGF.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\gNdTslv.exe
  C:\Windows\System\gNdTslv.exe
  2⤵
  PID:1840
- C:\Windows\System\fsQBfwp.exe
  C:\Windows\System\fsQBfwp.exe
  2⤵
  PID:3108
- C:\Windows\System\rUNdrCF.exe
  C:\Windows\System\rUNdrCF.exe
  2⤵
  PID:3124
- C:\Windows\System\rofMcPO.exe
  C:\Windows\System\rofMcPO.exe
  2⤵
  PID:3148
- C:\Windows\System\hmLARLB.exe
  C:\Windows\System\hmLARLB.exe
  2⤵
  PID:3164
- C:\Windows\System\SqHWkXf.exe
  C:\Windows\System\SqHWkXf.exe
  2⤵
  PID:3184
- C:\Windows\System\aHeLbjJ.exe
  C:\Windows\System\aHeLbjJ.exe
  2⤵
  PID:3200
- C:\Windows\System\iVQbViV.exe
  C:\Windows\System\iVQbViV.exe
  2⤵
  PID:3220
- C:\Windows\System\aNWzwGw.exe
  C:\Windows\System\aNWzwGw.exe
  2⤵
  PID:3240
- C:\Windows\System\aTqCzxZ.exe
  C:\Windows\System\aTqCzxZ.exe
  2⤵
  PID:3268
- C:\Windows\System\bkvVsvR.exe
  C:\Windows\System\bkvVsvR.exe
  2⤵
  PID:3288
- C:\Windows\System\VrFOIym.exe
  C:\Windows\System\VrFOIym.exe
  2⤵
  PID:3308
- C:\Windows\System\EPbuQud.exe
  C:\Windows\System\EPbuQud.exe
  2⤵
  PID:3328
- C:\Windows\System\nztNWUC.exe
  C:\Windows\System\nztNWUC.exe
  2⤵
  PID:3348
- C:\Windows\System\faOIMtY.exe
  C:\Windows\System\faOIMtY.exe
  2⤵
  PID:3368
- C:\Windows\System\jrNResr.exe
  C:\Windows\System\jrNResr.exe
  2⤵
  PID:3388
- C:\Windows\System\tNwLdCs.exe
  C:\Windows\System\tNwLdCs.exe
  2⤵
  PID:3408
- C:\Windows\System\mgmjGRQ.exe
  C:\Windows\System\mgmjGRQ.exe
  2⤵
  PID:3428
- C:\Windows\System\qBIQUUw.exe
  C:\Windows\System\qBIQUUw.exe
  2⤵
  PID:3448
- C:\Windows\System\VZiFfVW.exe
  C:\Windows\System\VZiFfVW.exe
  2⤵
  PID:3468
- C:\Windows\System\sABACse.exe
  C:\Windows\System\sABACse.exe
  2⤵
  PID:3488
- C:\Windows\System\zIlylqe.exe
  C:\Windows\System\zIlylqe.exe
  2⤵
  PID:3508
- C:\Windows\System\OlaPDvs.exe
  C:\Windows\System\OlaPDvs.exe
  2⤵
  PID:3528
- C:\Windows\System\grahGrB.exe
  C:\Windows\System\grahGrB.exe
  2⤵
  PID:3548
- C:\Windows\System\flzzJwn.exe
  C:\Windows\System\flzzJwn.exe
  2⤵
  PID:3568
- C:\Windows\System\atxLAyf.exe
  C:\Windows\System\atxLAyf.exe
  2⤵
  PID:3588
- C:\Windows\System\vtlsSBa.exe
  C:\Windows\System\vtlsSBa.exe
  2⤵
  PID:3608
- C:\Windows\System\slAZLcQ.exe
  C:\Windows\System\slAZLcQ.exe
  2⤵
  PID:3628
- C:\Windows\System\TdOxtpt.exe
  C:\Windows\System\TdOxtpt.exe
  2⤵
  PID:3648
- C:\Windows\System\pvbpsSN.exe
  C:\Windows\System\pvbpsSN.exe
  2⤵
  PID:3668
- C:\Windows\System\jnWItPg.exe
  C:\Windows\System\jnWItPg.exe
  2⤵
  PID:3688
- C:\Windows\System\pycYaVn.exe
  C:\Windows\System\pycYaVn.exe
  2⤵
  PID:3708
- C:\Windows\System\wxnEygI.exe
  C:\Windows\System\wxnEygI.exe
  2⤵
  PID:3728
- C:\Windows\System\ayWluet.exe
  C:\Windows\System\ayWluet.exe
  2⤵
  PID:3748
- C:\Windows\System\QbehkVw.exe
  C:\Windows\System\QbehkVw.exe
  2⤵
  PID:3768
- C:\Windows\System\zVhYULV.exe
  C:\Windows\System\zVhYULV.exe
  2⤵
  PID:3788
- C:\Windows\System\RjJVbze.exe
  C:\Windows\System\RjJVbze.exe
  2⤵
  PID:3808
- C:\Windows\System\CLxMOiR.exe
  C:\Windows\System\CLxMOiR.exe
  2⤵
  PID:3828
- C:\Windows\System\mcywpQX.exe
  C:\Windows\System\mcywpQX.exe
  2⤵
  PID:3848
- C:\Windows\System\NSNVgGU.exe
  C:\Windows\System\NSNVgGU.exe
  2⤵
  PID:3868
- C:\Windows\System\xbnkkyI.exe
  C:\Windows\System\xbnkkyI.exe
  2⤵
  PID:3888
- C:\Windows\System\qCzXMLe.exe
  C:\Windows\System\qCzXMLe.exe
  2⤵
  PID:3908
- C:\Windows\System\CvjrBtE.exe
  C:\Windows\System\CvjrBtE.exe
  2⤵
  PID:3928
- C:\Windows\System\EOFoTWu.exe
  C:\Windows\System\EOFoTWu.exe
  2⤵
  PID:3948
- C:\Windows\System\rjySCyt.exe
  C:\Windows\System\rjySCyt.exe
  2⤵
  PID:3968
- C:\Windows\System\XIvHcFA.exe
  C:\Windows\System\XIvHcFA.exe
  2⤵
  PID:3988
- C:\Windows\System\WCiQXJI.exe
  C:\Windows\System\WCiQXJI.exe
  2⤵
  PID:4008
- C:\Windows\System\tEGZCND.exe
  C:\Windows\System\tEGZCND.exe
  2⤵
  PID:4024
- C:\Windows\System\sNcwUGf.exe
  C:\Windows\System\sNcwUGf.exe
  2⤵
  PID:4044
- C:\Windows\System\dgWbUKK.exe
  C:\Windows\System\dgWbUKK.exe
  2⤵
  PID:4068
- C:\Windows\System\NZsqsGW.exe
  C:\Windows\System\NZsqsGW.exe
  2⤵
  PID:4088
- C:\Windows\System\jmBJvru.exe
  C:\Windows\System\jmBJvru.exe
  2⤵
  PID:2116
- C:\Windows\System\LEVNYLG.exe
  C:\Windows\System\LEVNYLG.exe
  2⤵
  PID:1708
- C:\Windows\System\zrdvZjS.exe
  C:\Windows\System\zrdvZjS.exe
  2⤵
  PID:2412
- C:\Windows\System\DKIyNRV.exe
  C:\Windows\System\DKIyNRV.exe
  2⤵
  PID:2208
- C:\Windows\System\EGcnwLR.exe
  C:\Windows\System\EGcnwLR.exe
  2⤵
  PID:820
- C:\Windows\System\QkICpes.exe
  C:\Windows\System\QkICpes.exe
  2⤵
  PID:352
- C:\Windows\System\lvixHxk.exe
  C:\Windows\System\lvixHxk.exe
  2⤵
  PID:2544
- C:\Windows\System\tWvEyKn.exe
  C:\Windows\System\tWvEyKn.exe
  2⤵
  PID:2804
- C:\Windows\System\noCIErg.exe
  C:\Windows\System\noCIErg.exe
  2⤵
  PID:2632
- C:\Windows\System\mqxopbJ.exe
  C:\Windows\System\mqxopbJ.exe
  2⤵
  PID:756
- C:\Windows\System\lUHrgQm.exe
  C:\Windows\System\lUHrgQm.exe
  2⤵
  PID:2680
- C:\Windows\System\YJVEICL.exe
  C:\Windows\System\YJVEICL.exe
  2⤵
  PID:1400
- C:\Windows\System\cmJHMLQ.exe
  C:\Windows\System\cmJHMLQ.exe
  2⤵
  PID:1020
- C:\Windows\System\JXjbVcP.exe
  C:\Windows\System\JXjbVcP.exe
  2⤵
  PID:2524
- C:\Windows\System\veInfEW.exe
  C:\Windows\System\veInfEW.exe
  2⤵
  PID:2168
- C:\Windows\System\FmWqFDj.exe
  C:\Windows\System\FmWqFDj.exe
  2⤵
  PID:1860
- C:\Windows\System\vegQUbt.exe
  C:\Windows\System\vegQUbt.exe
  2⤵
  PID:112
- C:\Windows\System\UrkZQlF.exe
  C:\Windows\System\UrkZQlF.exe
  2⤵
  PID:868
- C:\Windows\System\WVTBpgU.exe
  C:\Windows\System\WVTBpgU.exe
  2⤵
  PID:2712
- C:\Windows\System\lmraYnP.exe
  C:\Windows\System\lmraYnP.exe
  2⤵
  PID:3076
- C:\Windows\System\PSAvjgY.exe
  C:\Windows\System\PSAvjgY.exe
  2⤵
  PID:3264
- C:\Windows\System\bisUPhg.exe
  C:\Windows\System\bisUPhg.exe
  2⤵
  PID:3296
- C:\Windows\System\pbIjFzs.exe
  C:\Windows\System\pbIjFzs.exe
  2⤵
  PID:3320
- C:\Windows\System\FfgOnrf.exe
  C:\Windows\System\FfgOnrf.exe
  2⤵
  PID:3340
- C:\Windows\System\mINPtao.exe
  C:\Windows\System\mINPtao.exe
  2⤵
  PID:3396
- C:\Windows\System\IdoTPVZ.exe
  C:\Windows\System\IdoTPVZ.exe
  2⤵
  PID:3380
- C:\Windows\System\wvnPHLx.exe
  C:\Windows\System\wvnPHLx.exe
  2⤵
  PID:3420
- C:\Windows\System\RzlBbws.exe
  C:\Windows\System\RzlBbws.exe
  2⤵
  PID:3476
- C:\Windows\System\bnvoxHk.exe
  C:\Windows\System\bnvoxHk.exe
  2⤵
  PID:3496
- C:\Windows\System\qIzQuEu.exe
  C:\Windows\System\qIzQuEu.exe
  2⤵
  PID:3524
- C:\Windows\System\AUPYmxp.exe
  C:\Windows\System\AUPYmxp.exe
  2⤵
  PID:3544
- C:\Windows\System\ofKeaBP.exe
  C:\Windows\System\ofKeaBP.exe
  2⤵
  PID:3576
- C:\Windows\System\HuXdSfu.exe
  C:\Windows\System\HuXdSfu.exe
  2⤵
  PID:3604
- C:\Windows\System\mQFjURK.exe
  C:\Windows\System\mQFjURK.exe
  2⤵
  PID:3636
- C:\Windows\System\IJPvYbS.exe
  C:\Windows\System\IJPvYbS.exe
  2⤵
  PID:3684
- C:\Windows\System\KcCDyqZ.exe
  C:\Windows\System\KcCDyqZ.exe
  2⤵
  PID:3736
- C:\Windows\System\ZfOEEiJ.exe
  C:\Windows\System\ZfOEEiJ.exe
  2⤵
  PID:3800
- C:\Windows\System\TmhQDWs.exe
  C:\Windows\System\TmhQDWs.exe
  2⤵
  PID:3844
- C:\Windows\System\VNufXaw.exe
  C:\Windows\System\VNufXaw.exe
  2⤵
  PID:3904
- C:\Windows\System\ZaYvPxX.exe
  C:\Windows\System\ZaYvPxX.exe
  2⤵
  PID:3920
- C:\Windows\System\vBPSVyK.exe
  C:\Windows\System\vBPSVyK.exe
  2⤵
  PID:3960
- C:\Windows\System\ZjpSWPI.exe
  C:\Windows\System\ZjpSWPI.exe
  2⤵
  PID:4004
- C:\Windows\System\MWoOPqD.exe
  C:\Windows\System\MWoOPqD.exe
  2⤵
  PID:4000
- C:\Windows\System\UhZTuyE.exe
  C:\Windows\System\UhZTuyE.exe
  2⤵
  PID:4040
- C:\Windows\System\DPQigsM.exe
  C:\Windows\System\DPQigsM.exe
  2⤵
  PID:4064
- C:\Windows\System\LTVwOMZ.exe
  C:\Windows\System\LTVwOMZ.exe
  2⤵
  PID:4080
- C:\Windows\System\ajKvsha.exe
  C:\Windows\System\ajKvsha.exe
  2⤵
  PID:1852
- C:\Windows\System\QBGnhPG.exe
  C:\Windows\System\QBGnhPG.exe
  2⤵
  PID:1120
- C:\Windows\System\ugNGRqT.exe
  C:\Windows\System\ugNGRqT.exe
  2⤵
  PID:1176
- C:\Windows\System\TWjIdbU.exe
  C:\Windows\System\TWjIdbU.exe
  2⤵
  PID:1732
- C:\Windows\System\aEDakdN.exe
  C:\Windows\System\aEDakdN.exe
  2⤵
  PID:872
- C:\Windows\System\dyiTMUN.exe
  C:\Windows\System\dyiTMUN.exe
  2⤵
  PID:2372
- C:\Windows\System\SNMNfAb.exe
  C:\Windows\System\SNMNfAb.exe
  2⤵
  PID:324
- C:\Windows\System\lLnknEH.exe
  C:\Windows\System\lLnknEH.exe
  2⤵
  PID:2128
- C:\Windows\System\bbWFVwr.exe
  C:\Windows\System\bbWFVwr.exe
  2⤵
  PID:1476
- C:\Windows\System\fEyGmEx.exe
  C:\Windows\System\fEyGmEx.exe
  2⤵
  PID:1880
- C:\Windows\System\TfwSxYB.exe
  C:\Windows\System\TfwSxYB.exe
  2⤵
  PID:1680
- C:\Windows\System\EARmypZ.exe
  C:\Windows\System\EARmypZ.exe
  2⤵
  PID:1548
- C:\Windows\System\SYdJLlI.exe
  C:\Windows\System\SYdJLlI.exe
  2⤵
  PID:3092
- C:\Windows\System\OIDCRbC.exe
  C:\Windows\System\OIDCRbC.exe
  2⤵
  PID:552
- C:\Windows\System\XZcfUGu.exe
  C:\Windows\System\XZcfUGu.exe
  2⤵
  PID:388
- C:\Windows\System\vczKgOK.exe
  C:\Windows\System\vczKgOK.exe
  2⤵
  PID:2560
- C:\Windows\System\swyAJTT.exe
  C:\Windows\System\swyAJTT.exe
  2⤵
  PID:1240
- C:\Windows\System\UIhtlgW.exe
  C:\Windows\System\UIhtlgW.exe
  2⤵
  PID:2812
- C:\Windows\System\FGAQDcV.exe
  C:\Windows\System\FGAQDcV.exe
  2⤵
  PID:3228
- C:\Windows\System\SMXBFfw.exe
  C:\Windows\System\SMXBFfw.exe
  2⤵
  PID:2736
- C:\Windows\System\fPRfgfN.exe
  C:\Windows\System\fPRfgfN.exe
  2⤵
  PID:2392
- C:\Windows\System\oMvxBEF.exe
  C:\Windows\System\oMvxBEF.exe
  2⤵
  PID:3040
- C:\Windows\System\oJgyTiN.exe
  C:\Windows\System\oJgyTiN.exe
  2⤵
  PID:2300
- C:\Windows\System\rHomPnD.exe
  C:\Windows\System\rHomPnD.exe
  2⤵
  PID:2800
- C:\Windows\System\eXzCljG.exe
  C:\Windows\System\eXzCljG.exe
  2⤵
  PID:1960
- C:\Windows\System\jpcdrCe.exe
  C:\Windows\System\jpcdrCe.exe
  2⤵
  PID:3096
- C:\Windows\System\IsBRkpi.exe
  C:\Windows\System\IsBRkpi.exe
  2⤵
  PID:3140
- C:\Windows\System\wgDhrVE.exe
  C:\Windows\System\wgDhrVE.exe
  2⤵
  PID:612
- C:\Windows\System\drYFpVl.exe
  C:\Windows\System\drYFpVl.exe
  2⤵
  PID:3256
- C:\Windows\System\PMdUcLN.exe
  C:\Windows\System\PMdUcLN.exe
  2⤵
  PID:2760
- C:\Windows\System\sdXiBRf.exe
  C:\Windows\System\sdXiBRf.exe
  2⤵
  PID:2844
- C:\Windows\System\uGdAPtF.exe
  C:\Windows\System\uGdAPtF.exe
  2⤵
  PID:1952
- C:\Windows\System\LGjVHri.exe
  C:\Windows\System\LGjVHri.exe
  2⤵
  PID:3276
- C:\Windows\System\FjrMzmO.exe
  C:\Windows\System\FjrMzmO.exe
  2⤵
  PID:2720
- C:\Windows\System\FAKcVkH.exe
  C:\Windows\System\FAKcVkH.exe
  2⤵
  PID:2332
- C:\Windows\System\ELHtijV.exe
  C:\Windows\System\ELHtijV.exe
  2⤵
  PID:3304
- C:\Windows\System\tVstHOj.exe
  C:\Windows\System\tVstHOj.exe
  2⤵
  PID:3484
- C:\Windows\System\RKWvkvU.exe
  C:\Windows\System\RKWvkvU.exe
  2⤵
  PID:3360
- C:\Windows\System\RNuyQHv.exe
  C:\Windows\System\RNuyQHv.exe
  2⤵
  PID:3440
- C:\Windows\System\TUuKbey.exe
  C:\Windows\System\TUuKbey.exe
  2⤵
  PID:3560
- C:\Windows\System\Mhpupma.exe
  C:\Windows\System\Mhpupma.exe
  2⤵
  PID:3400
- C:\Windows\System\ZWUvwVb.exe
  C:\Windows\System\ZWUvwVb.exe
  2⤵
  PID:3796
- C:\Windows\System\ydQZFAH.exe
  C:\Windows\System\ydQZFAH.exe
  2⤵
  PID:3724
- C:\Windows\System\OsCbUZZ.exe
  C:\Windows\System\OsCbUZZ.exe
  2⤵
  PID:3864
- C:\Windows\System\EbRakTi.exe
  C:\Windows\System\EbRakTi.exe
  2⤵
  PID:3856
- C:\Windows\System\UCjlMEz.exe
  C:\Windows\System\UCjlMEz.exe
  2⤵
  PID:3940
- C:\Windows\System\nqOrnCd.exe
  C:\Windows\System\nqOrnCd.exe
  2⤵
  PID:4084
- C:\Windows\System\WUiTZpa.exe
  C:\Windows\System\WUiTZpa.exe
  2⤵
  PID:3980
- C:\Windows\System\UHestuC.exe
  C:\Windows\System\UHestuC.exe
  2⤵
  PID:2468
- C:\Windows\System\smrmBIz.exe
  C:\Windows\System\smrmBIz.exe
  2⤵
  PID:1720
- C:\Windows\System\UUEOCLc.exe
  C:\Windows\System\UUEOCLc.exe
  2⤵
  PID:2900
- C:\Windows\System\cJrkIbZ.exe
  C:\Windows\System\cJrkIbZ.exe
  2⤵
  PID:2108
- C:\Windows\System\MvpNryD.exe
  C:\Windows\System\MvpNryD.exe
  2⤵
  PID:1788
- C:\Windows\System\jJTiHiF.exe
  C:\Windows\System\jJTiHiF.exe
  2⤵
  PID:632
- C:\Windows\System\OkVKUKd.exe
  C:\Windows\System\OkVKUKd.exe
  2⤵
  PID:2068
- C:\Windows\System\NLqzaqS.exe
  C:\Windows\System\NLqzaqS.exe
  2⤵
  PID:3212
- C:\Windows\System\xefSgbY.exe
  C:\Windows\System\xefSgbY.exe
  2⤵
  PID:2564
- C:\Windows\System\ynnDVQl.exe
  C:\Windows\System\ynnDVQl.exe
  2⤵
  PID:568
- C:\Windows\System\JJhTEpx.exe
  C:\Windows\System\JJhTEpx.exe
  2⤵
  PID:2784
- C:\Windows\System\czGHBZT.exe
  C:\Windows\System\czGHBZT.exe
  2⤵
  PID:1452
- C:\Windows\System\tNkYyQI.exe
  C:\Windows\System\tNkYyQI.exe
  2⤵
  PID:2752
- C:\Windows\System\dJSQORv.exe
  C:\Windows\System\dJSQORv.exe
  2⤵
  PID:1496
- C:\Windows\System\GrrLIAx.exe
  C:\Windows\System\GrrLIAx.exe
  2⤵
  PID:2380
- C:\Windows\System\tOrmWqg.exe
  C:\Windows\System\tOrmWqg.exe
  2⤵
  PID:2628
- C:\Windows\System\CqroIdS.exe
  C:\Windows\System\CqroIdS.exe
  2⤵
  PID:3192
- C:\Windows\System\WWbeSEK.exe
  C:\Windows\System\WWbeSEK.exe
  2⤵
  PID:3004
- C:\Windows\System\EwAVyWP.exe
  C:\Windows\System\EwAVyWP.exe
  2⤵
  PID:2708
- C:\Windows\System\VrjZHPu.exe
  C:\Windows\System\VrjZHPu.exe
  2⤵
  PID:2772
- C:\Windows\System\syZtOzf.exe
  C:\Windows\System\syZtOzf.exe
  2⤵
  PID:2216
- C:\Windows\System\FWgoJEJ.exe
  C:\Windows\System\FWgoJEJ.exe
  2⤵
  PID:3324
- C:\Windows\System\QHhIVjF.exe
  C:\Windows\System\QHhIVjF.exe
  2⤵
  PID:3624
- C:\Windows\System\kyCkfoc.exe
  C:\Windows\System\kyCkfoc.exe
  2⤵
  PID:3836
- C:\Windows\System\JqIyVFj.exe
  C:\Windows\System\JqIyVFj.exe
  2⤵
  PID:3536
- C:\Windows\System\utImedH.exe
  C:\Windows\System\utImedH.exe
  2⤵
  PID:3644
- C:\Windows\System\IcoIQjm.exe
  C:\Windows\System\IcoIQjm.exe
  2⤵
  PID:3764
- C:\Windows\System\KWXqxUV.exe
  C:\Windows\System\KWXqxUV.exe
  2⤵
  PID:4020
- C:\Windows\System\PRGhXHC.exe
  C:\Windows\System\PRGhXHC.exe
  2⤵
  PID:3260
- C:\Windows\System\nkZERUz.exe
  C:\Windows\System\nkZERUz.exe
  2⤵
  PID:3840
- C:\Windows\System\yNMPBIY.exe
  C:\Windows\System\yNMPBIY.exe
  2⤵
  PID:2428
- C:\Windows\System\ssqsZLC.exe
  C:\Windows\System\ssqsZLC.exe
  2⤵
  PID:2252
- C:\Windows\System\ERHjZbA.exe
  C:\Windows\System\ERHjZbA.exe
  2⤵
  PID:2592
- C:\Windows\System\dzaRiAL.exe
  C:\Windows\System\dzaRiAL.exe
  2⤵
  PID:3984
- C:\Windows\System\xBXTMAm.exe
  C:\Windows\System\xBXTMAm.exe
  2⤵
  PID:892
- C:\Windows\System\HixQRzd.exe
  C:\Windows\System\HixQRzd.exe
  2⤵
  PID:2620
- C:\Windows\System\iCVYQeJ.exe
  C:\Windows\System\iCVYQeJ.exe
  2⤵
  PID:2912
- C:\Windows\System\ZYbgMTl.exe
  C:\Windows\System\ZYbgMTl.exe
  2⤵
  PID:2828
- C:\Windows\System\WZpPEqh.exe
  C:\Windows\System\WZpPEqh.exe
  2⤵
  PID:2780
- C:\Windows\System\ZrEXuKw.exe
  C:\Windows\System\ZrEXuKw.exe
  2⤵
  PID:2052
- C:\Windows\System\AyaHxus.exe
  C:\Windows\System\AyaHxus.exe
  2⤵
  PID:2408
- C:\Windows\System\zYkoFPD.exe
  C:\Windows\System\zYkoFPD.exe
  2⤵
  PID:3884
- C:\Windows\System\GQrXFWq.exe
  C:\Windows\System\GQrXFWq.exe
  2⤵
  PID:3500
- C:\Windows\System\jbbBsrH.exe
  C:\Windows\System\jbbBsrH.exe
  2⤵
  PID:3180
- C:\Windows\System\MntkPdC.exe
  C:\Windows\System\MntkPdC.exe
  2⤵
  PID:1432
- C:\Windows\System\SVSsMlu.exe
  C:\Windows\System\SVSsMlu.exe
  2⤵
  PID:3144
- C:\Windows\System\lKCkNCJ.exe
  C:\Windows\System\lKCkNCJ.exe
  2⤵
  PID:3284
- C:\Windows\System\pQTaCwZ.exe
  C:\Windows\System\pQTaCwZ.exe
  2⤵
  PID:3860
- C:\Windows\System\QIvFcHt.exe
  C:\Windows\System\QIvFcHt.exe
  2⤵
  PID:3776
- C:\Windows\System\ddrbroH.exe
  C:\Windows\System\ddrbroH.exe
  2⤵
  PID:3580
- C:\Windows\System\GlnOzsy.exe
  C:\Windows\System\GlnOzsy.exe
  2⤵
  PID:2884
- C:\Windows\System\dRDwXtc.exe
  C:\Windows\System\dRDwXtc.exe
  2⤵
  PID:2836
- C:\Windows\System\HMruaLI.exe
  C:\Windows\System\HMruaLI.exe
  2⤵
  PID:2792
- C:\Windows\System\lhzBHjN.exe
  C:\Windows\System\lhzBHjN.exe
  2⤵
  PID:2140
- C:\Windows\System\ICJJbVt.exe
  C:\Windows\System\ICJJbVt.exe
  2⤵
  PID:4076
- C:\Windows\System\ptElbuK.exe
  C:\Windows\System\ptElbuK.exe
  2⤵
  PID:828
- C:\Windows\System\ExzwpNo.exe
  C:\Windows\System\ExzwpNo.exe
  2⤵
  PID:1608
- C:\Windows\System\EJtKpdg.exe
  C:\Windows\System\EJtKpdg.exe
  2⤵
  PID:1204
- C:\Windows\System\oiTwjYR.exe
  C:\Windows\System\oiTwjYR.exe
  2⤵
  PID:1428
- C:\Windows\System\EGSicMY.exe
  C:\Windows\System\EGSicMY.exe
  2⤵
  PID:1396
- C:\Windows\System\fQCqyWk.exe
  C:\Windows\System\fQCqyWk.exe
  2⤵
  PID:2892
- C:\Windows\System\EDdokPy.exe
  C:\Windows\System\EDdokPy.exe
  2⤵
  PID:2788
- C:\Windows\System\pCXZzip.exe
  C:\Windows\System\pCXZzip.exe
  2⤵
  PID:4108
- C:\Windows\System\JrdqwAj.exe
  C:\Windows\System\JrdqwAj.exe
  2⤵
  PID:4124
- C:\Windows\System\Ibyzamb.exe
  C:\Windows\System\Ibyzamb.exe
  2⤵
  PID:4140
- C:\Windows\System\XtUbcJe.exe
  C:\Windows\System\XtUbcJe.exe
  2⤵
  PID:4156
- C:\Windows\System\PqpQLSP.exe
  C:\Windows\System\PqpQLSP.exe
  2⤵
  PID:4172
- C:\Windows\System\HMqRjSM.exe
  C:\Windows\System\HMqRjSM.exe
  2⤵
  PID:4188
- C:\Windows\System\usjFTva.exe
  C:\Windows\System\usjFTva.exe
  2⤵
  PID:4204
- C:\Windows\System\gVbTHBw.exe
  C:\Windows\System\gVbTHBw.exe
  2⤵
  PID:4220
- C:\Windows\System\IkEzfqB.exe
  C:\Windows\System\IkEzfqB.exe
  2⤵
  PID:4236
- C:\Windows\System\CJMiVba.exe
  C:\Windows\System\CJMiVba.exe
  2⤵
  PID:4252
- C:\Windows\System\NaHQkQY.exe
  C:\Windows\System\NaHQkQY.exe
  2⤵
  PID:4268
- C:\Windows\System\lUdcbIg.exe
  C:\Windows\System\lUdcbIg.exe
  2⤵
  PID:4284
- C:\Windows\System\xtHZUjO.exe
  C:\Windows\System\xtHZUjO.exe
  2⤵
  PID:4300
- C:\Windows\System\juJrHIt.exe
  C:\Windows\System\juJrHIt.exe
  2⤵
  PID:4316
- C:\Windows\System\WsRIfEh.exe
  C:\Windows\System\WsRIfEh.exe
  2⤵
  PID:4332
- C:\Windows\System\LwIJtZy.exe
  C:\Windows\System\LwIJtZy.exe
  2⤵
  PID:4348
- C:\Windows\System\CRjCDXZ.exe
  C:\Windows\System\CRjCDXZ.exe
  2⤵
  PID:4364
- C:\Windows\System\ZlBxDCY.exe
  C:\Windows\System\ZlBxDCY.exe
  2⤵
  PID:4380
- C:\Windows\System\fzqUjVx.exe
  C:\Windows\System\fzqUjVx.exe
  2⤵
  PID:4396
- C:\Windows\System\KYvSPuE.exe
  C:\Windows\System\KYvSPuE.exe
  2⤵
  PID:4412
- C:\Windows\System\cErpwZJ.exe
  C:\Windows\System\cErpwZJ.exe
  2⤵
  PID:4428
- C:\Windows\System\UlImqzT.exe
  C:\Windows\System\UlImqzT.exe
  2⤵
  PID:4444
- C:\Windows\System\ZoGdFCm.exe
  C:\Windows\System\ZoGdFCm.exe
  2⤵
  PID:4460
- C:\Windows\System\lsAtRQK.exe
  C:\Windows\System\lsAtRQK.exe
  2⤵
  PID:4476
- C:\Windows\System\TvveSmg.exe
  C:\Windows\System\TvveSmg.exe
  2⤵
  PID:4492
- C:\Windows\System\BNaCHTq.exe
  C:\Windows\System\BNaCHTq.exe
  2⤵
  PID:4508
- C:\Windows\System\TrmagCj.exe
  C:\Windows\System\TrmagCj.exe
  2⤵
  PID:4524
- C:\Windows\System\EumkYor.exe
  C:\Windows\System\EumkYor.exe
  2⤵
  PID:4540
- C:\Windows\System\cpvkkss.exe
  C:\Windows\System\cpvkkss.exe
  2⤵
  PID:4556
- C:\Windows\System\kzBhCos.exe
  C:\Windows\System\kzBhCos.exe
  2⤵
  PID:4572
- C:\Windows\System\rloJrax.exe
  C:\Windows\System\rloJrax.exe
  2⤵
  PID:4588
- C:\Windows\System\NWsVRqI.exe
  C:\Windows\System\NWsVRqI.exe
  2⤵
  PID:4604
- C:\Windows\System\WTurhVe.exe
  C:\Windows\System\WTurhVe.exe
  2⤵
  PID:4620
- C:\Windows\System\QzYZqfE.exe
  C:\Windows\System\QzYZqfE.exe
  2⤵
  PID:4636
- C:\Windows\System\ERXuYQA.exe
  C:\Windows\System\ERXuYQA.exe
  2⤵
  PID:4652
- C:\Windows\System\OWjiEea.exe
  C:\Windows\System\OWjiEea.exe
  2⤵
  PID:4668
- C:\Windows\System\sZWzRhk.exe
  C:\Windows\System\sZWzRhk.exe
  2⤵
  PID:4684
- C:\Windows\System\AGODHLS.exe
  C:\Windows\System\AGODHLS.exe
  2⤵
  PID:4700
- C:\Windows\System\EqsewCf.exe
  C:\Windows\System\EqsewCf.exe
  2⤵
  PID:4716
- C:\Windows\System\OjlhZDE.exe
  C:\Windows\System\OjlhZDE.exe
  2⤵
  PID:4732
- C:\Windows\System\QgrolGE.exe
  C:\Windows\System\QgrolGE.exe
  2⤵
  PID:4748
- C:\Windows\System\NSrJCnT.exe
  C:\Windows\System\NSrJCnT.exe
  2⤵
  PID:4764
- C:\Windows\System\DnaXcZi.exe
  C:\Windows\System\DnaXcZi.exe
  2⤵
  PID:4780
- C:\Windows\System\SjcTULl.exe
  C:\Windows\System\SjcTULl.exe
  2⤵
  PID:4796
- C:\Windows\System\UUZqbxg.exe
  C:\Windows\System\UUZqbxg.exe
  2⤵
  PID:4812
- C:\Windows\System\iIohLml.exe
  C:\Windows\System\iIohLml.exe
  2⤵
  PID:4828
- C:\Windows\System\mmBIlOh.exe
  C:\Windows\System\mmBIlOh.exe
  2⤵
  PID:4844
- C:\Windows\System\uRVKmuS.exe
  C:\Windows\System\uRVKmuS.exe
  2⤵
  PID:4860
- C:\Windows\System\zpbOzrn.exe
  C:\Windows\System\zpbOzrn.exe
  2⤵
  PID:4876
- C:\Windows\System\yTZGhly.exe
  C:\Windows\System\yTZGhly.exe
  2⤵
  PID:4892
- C:\Windows\System\hMdMseZ.exe
  C:\Windows\System\hMdMseZ.exe
  2⤵
  PID:4908
- C:\Windows\System\SvqQbEh.exe
  C:\Windows\System\SvqQbEh.exe
  2⤵
  PID:4924
- C:\Windows\System\yzvpdmW.exe
  C:\Windows\System\yzvpdmW.exe
  2⤵
  PID:4940
- C:\Windows\System\KtZyqTD.exe
  C:\Windows\System\KtZyqTD.exe
  2⤵
  PID:4956
- C:\Windows\System\HQvAVGu.exe
  C:\Windows\System\HQvAVGu.exe
  2⤵
  PID:4972
- C:\Windows\System\mWSREUx.exe
  C:\Windows\System\mWSREUx.exe
  2⤵
  PID:4988
- C:\Windows\System\XFeqBIg.exe
  C:\Windows\System\XFeqBIg.exe
  2⤵
  PID:5004
- C:\Windows\System\lKlFbbH.exe
  C:\Windows\System\lKlFbbH.exe
  2⤵
  PID:5020
- C:\Windows\System\dbiCioy.exe
  C:\Windows\System\dbiCioy.exe
  2⤵
  PID:5036
- C:\Windows\System\JogWffH.exe
  C:\Windows\System\JogWffH.exe
  2⤵
  PID:5052
- C:\Windows\System\FjCAFHs.exe
  C:\Windows\System\FjCAFHs.exe
  2⤵
  PID:5068
- C:\Windows\System\qycRXIT.exe
  C:\Windows\System\qycRXIT.exe
  2⤵
  PID:5084
- C:\Windows\System\swnrZjk.exe
  C:\Windows\System\swnrZjk.exe
  2⤵
  PID:5100
- C:\Windows\System\MmSqffY.exe
  C:\Windows\System\MmSqffY.exe
  2⤵
  PID:5116
- C:\Windows\System\LdtzmBV.exe
  C:\Windows\System\LdtzmBV.exe
  2⤵
  PID:1964
- C:\Windows\System\yfbHzhh.exe
  C:\Windows\System\yfbHzhh.exe
  2⤵
  PID:4152
- C:\Windows\System\kyIpmjf.exe
  C:\Windows\System\kyIpmjf.exe
  2⤵
  PID:4212
- C:\Windows\System\NsIgEst.exe
  C:\Windows\System\NsIgEst.exe
  2⤵
  PID:4276
- C:\Windows\System\qEanYOo.exe
  C:\Windows\System\qEanYOo.exe
  2⤵
  PID:4312
- C:\Windows\System\excdZcH.exe
  C:\Windows\System\excdZcH.exe
  2⤵
  PID:2056
- C:\Windows\System\zCIGDKP.exe
  C:\Windows\System\zCIGDKP.exe
  2⤵
  PID:4016
- C:\Windows\System\GGTgqYQ.exe
  C:\Windows\System\GGTgqYQ.exe
  2⤵
  PID:3504
- C:\Windows\System\GmaHxJQ.exe
  C:\Windows\System\GmaHxJQ.exe
  2⤵
  PID:1056
- C:\Windows\System\hKlvdjw.exe
  C:\Windows\System\hKlvdjw.exe
  2⤵
  PID:4136
- C:\Windows\System\SgEWeBX.exe
  C:\Windows\System\SgEWeBX.exe
  2⤵
  PID:4200
- C:\Windows\System\fNDSyPa.exe
  C:\Windows\System\fNDSyPa.exe
  2⤵
  PID:4264
- C:\Windows\System\QRdcsvM.exe
  C:\Windows\System\QRdcsvM.exe
  2⤵
  PID:4408
- C:\Windows\System\GKRGfCT.exe
  C:\Windows\System\GKRGfCT.exe
  2⤵
  PID:4472
- C:\Windows\System\tEVgHGd.exe
  C:\Windows\System\tEVgHGd.exe
  2⤵
  PID:4536
- C:\Windows\System\hUUZCUI.exe
  C:\Windows\System\hUUZCUI.exe
  2⤵
  PID:4324
- C:\Windows\System\eSBhlHE.exe
  C:\Windows\System\eSBhlHE.exe
  2⤵
  PID:4388
- C:\Windows\System\wvKlVlD.exe
  C:\Windows\System\wvKlVlD.exe
  2⤵
  PID:4452
- C:\Windows\System\JavXhws.exe
  C:\Windows\System\JavXhws.exe
  2⤵
  PID:4516
- C:\Windows\System\hiWfBPz.exe
  C:\Windows\System\hiWfBPz.exe
  2⤵
  PID:4580
- C:\Windows\System\votCKed.exe
  C:\Windows\System\votCKed.exe
  2⤵
  PID:4644
- C:\Windows\System\HOONhoH.exe
  C:\Windows\System\HOONhoH.exe
  2⤵
  PID:4708
- C:\Windows\System\lZQCtAP.exe
  C:\Windows\System\lZQCtAP.exe
  2⤵
  PID:4632
- C:\Windows\System\yMJELRe.exe
  C:\Windows\System\yMJELRe.exe
  2⤵
  PID:4740
- C:\Windows\System\COXLBpd.exe
  C:\Windows\System\COXLBpd.exe
  2⤵
  PID:4776
- C:\Windows\System\lhRtUTq.exe
  C:\Windows\System\lhRtUTq.exe
  2⤵
  PID:4840
- C:\Windows\System\aaPphnK.exe
  C:\Windows\System\aaPphnK.exe
  2⤵
  PID:4904
- C:\Windows\System\ZzYOGtR.exe
  C:\Windows\System\ZzYOGtR.exe
  2⤵
  PID:4788
- C:\Windows\System\ymllEsU.exe
  C:\Windows\System\ymllEsU.exe
  2⤵
  PID:4852
- C:\Windows\System\buquuTD.exe
  C:\Windows\System\buquuTD.exe
  2⤵
  PID:4936
- C:\Windows\System\idATQgW.exe
  C:\Windows\System\idATQgW.exe
  2⤵
  PID:4916
- C:\Windows\System\UqWkXno.exe
  C:\Windows\System\UqWkXno.exe
  2⤵
  PID:5000
- C:\Windows\System\SWxBvPg.exe
  C:\Windows\System\SWxBvPg.exe
  2⤵
  PID:5092
- C:\Windows\System\bnSGwhH.exe
  C:\Windows\System\bnSGwhH.exe
  2⤵
  PID:3384
- C:\Windows\System\xTwAVto.exe
  C:\Windows\System\xTwAVto.exe
  2⤵
  PID:5016
- C:\Windows\System\sBMJGnb.exe
  C:\Windows\System\sBMJGnb.exe
  2⤵
  PID:4180
- C:\Windows\System\RRstahA.exe
  C:\Windows\System\RRstahA.exe
  2⤵
  PID:340
- C:\Windows\System\yxQQEzf.exe
  C:\Windows\System\yxQQEzf.exe
  2⤵
  PID:4168
- C:\Windows\System\wSrREcq.exe
  C:\Windows\System\wSrREcq.exe
  2⤵
  PID:4296
- C:\Windows\System\xEZFFur.exe
  C:\Windows\System\xEZFFur.exe
  2⤵
  PID:4244
- C:\Windows\System\GlPgcZb.exe
  C:\Windows\System\GlPgcZb.exe
  2⤵
  PID:2404
- C:\Windows\System\HiSIOmc.exe
  C:\Windows\System\HiSIOmc.exe
  2⤵
  PID:4232
- C:\Windows\System\KWgWmsz.exe
  C:\Windows\System\KWgWmsz.exe
  2⤵
  PID:4356
- C:\Windows\System\LSwUzph.exe
  C:\Windows\System\LSwUzph.exe
  2⤵
  PID:4488
- C:\Windows\System\wsjKKWX.exe
  C:\Windows\System\wsjKKWX.exe
  2⤵
  PID:4628
- C:\Windows\System\GAHvMcz.exe
  C:\Windows\System\GAHvMcz.exe
  2⤵
  PID:4568
- C:\Windows\System\ielRYJp.exe
  C:\Windows\System\ielRYJp.exe
  2⤵
  PID:4548
- C:\Windows\System\rvqwegH.exe
  C:\Windows\System\rvqwegH.exe
  2⤵
  PID:4680
- C:\Windows\System\izKyQpN.exe
  C:\Windows\System\izKyQpN.exe
  2⤵
  PID:4808
- C:\Windows\System\PSGKVhR.exe
  C:\Windows\System\PSGKVhR.exe
  2⤵
  PID:4820
- C:\Windows\System\XmgrDGY.exe
  C:\Windows\System\XmgrDGY.exe
  2⤵
  PID:4884
- C:\Windows\System\LpmKvpd.exe
  C:\Windows\System\LpmKvpd.exe
  2⤵
  PID:4984
- C:\Windows\System\sOHRMqs.exe
  C:\Windows\System\sOHRMqs.exe
  2⤵
  PID:4308
- C:\Windows\System\grsPfxZ.exe
  C:\Windows\System\grsPfxZ.exe
  2⤵
  PID:4948
- C:\Windows\System\ywWstWK.exe
  C:\Windows\System\ywWstWK.exe
  2⤵
  PID:2500
- C:\Windows\System\PVysXYN.exe
  C:\Windows\System\PVysXYN.exe
  2⤵
  PID:4148
- C:\Windows\System\myBfKLp.exe
  C:\Windows\System\myBfKLp.exe
  2⤵
  PID:4132
- C:\Windows\System\dMFaVPq.exe
  C:\Windows\System\dMFaVPq.exe
  2⤵
  PID:5112
- C:\Windows\System\yYoHDTH.exe
  C:\Windows\System\yYoHDTH.exe
  2⤵
  PID:4420
- C:\Windows\System\tsILZDY.exe
  C:\Windows\System\tsILZDY.exe
  2⤵
  PID:4600
- C:\Windows\System\ZJUlznU.exe
  C:\Windows\System\ZJUlznU.exe
  2⤵
  PID:4760
- C:\Windows\System\xkTagLK.exe
  C:\Windows\System\xkTagLK.exe
  2⤵
  PID:4872
- C:\Windows\System\kNcCkSy.exe
  C:\Windows\System\kNcCkSy.exe
  2⤵
  PID:4964
- C:\Windows\System\BvIkEPz.exe
  C:\Windows\System\BvIkEPz.exe
  2⤵
  PID:3656
- C:\Windows\System\xCRbAJI.exe
  C:\Windows\System\xCRbAJI.exe
  2⤵
  PID:4744
- C:\Windows\System\CHpJTUK.exe
  C:\Windows\System\CHpJTUK.exe
  2⤵
  PID:4120
- C:\Windows\System\FrQGQAj.exe
  C:\Windows\System\FrQGQAj.exe
  2⤵
  PID:4696
- C:\Windows\System\ZDBfFSX.exe
  C:\Windows\System\ZDBfFSX.exe
  2⤵
  PID:5132
- C:\Windows\System\uiyHKtf.exe
  C:\Windows\System\uiyHKtf.exe
  2⤵
  PID:5148
- C:\Windows\System\ahuYxKu.exe
  C:\Windows\System\ahuYxKu.exe
  2⤵
  PID:5164
- C:\Windows\System\ycRLcgF.exe
  C:\Windows\System\ycRLcgF.exe
  2⤵
  PID:5180
- C:\Windows\System\FuqQbcG.exe
  C:\Windows\System\FuqQbcG.exe
  2⤵
  PID:5196
- C:\Windows\System\BptfxZW.exe
  C:\Windows\System\BptfxZW.exe
  2⤵
  PID:5216
- C:\Windows\System\XQlURFn.exe
  C:\Windows\System\XQlURFn.exe
  2⤵
  PID:5232
- C:\Windows\System\XMvSEaW.exe
  C:\Windows\System\XMvSEaW.exe
  2⤵
  PID:5248
- C:\Windows\System\UuMpGUY.exe
  C:\Windows\System\UuMpGUY.exe
  2⤵
  PID:5264
- C:\Windows\System\xtiNRBE.exe
  C:\Windows\System\xtiNRBE.exe
  2⤵
  PID:5280
- C:\Windows\System\zJXUaxI.exe
  C:\Windows\System\zJXUaxI.exe
  2⤵
  PID:5296
- C:\Windows\System\yTsypbi.exe
  C:\Windows\System\yTsypbi.exe
  2⤵
  PID:5312
- C:\Windows\System\kvJJCwa.exe
  C:\Windows\System\kvJJCwa.exe
  2⤵
  PID:5328
- C:\Windows\System\TchTlPE.exe
  C:\Windows\System\TchTlPE.exe
  2⤵
  PID:5344
- C:\Windows\System\CirKzCu.exe
  C:\Windows\System\CirKzCu.exe
  2⤵
  PID:5360
- C:\Windows\System\ssRFRoL.exe
  C:\Windows\System\ssRFRoL.exe
  2⤵
  PID:5380
- C:\Windows\System\PYNBkiI.exe
  C:\Windows\System\PYNBkiI.exe
  2⤵
  PID:5396
- C:\Windows\System\kUXNFCy.exe
  C:\Windows\System\kUXNFCy.exe
  2⤵
  PID:5412
- C:\Windows\System\EBqMyAI.exe
  C:\Windows\System\EBqMyAI.exe
  2⤵
  PID:5428
- C:\Windows\System\rnAMlse.exe
  C:\Windows\System\rnAMlse.exe
  2⤵
  PID:5444
- C:\Windows\System\EOsvMFi.exe
  C:\Windows\System\EOsvMFi.exe
  2⤵
  PID:5460
- C:\Windows\System\vKUffMf.exe
  C:\Windows\System\vKUffMf.exe
  2⤵
  PID:5476
- C:\Windows\System\MsHBmGE.exe
  C:\Windows\System\MsHBmGE.exe
  2⤵
  PID:5492
- C:\Windows\System\qwJjZMV.exe
  C:\Windows\System\qwJjZMV.exe
  2⤵
  PID:5508
- C:\Windows\System\FNZOppo.exe
  C:\Windows\System\FNZOppo.exe
  2⤵
  PID:5524
- C:\Windows\System\LYMyVSt.exe
  C:\Windows\System\LYMyVSt.exe
  2⤵
  PID:5540
- C:\Windows\System\qjQLZLB.exe
  C:\Windows\System\qjQLZLB.exe
  2⤵
  PID:5556
- C:\Windows\System\fehClIM.exe
  C:\Windows\System\fehClIM.exe
  2⤵
  PID:5572
- C:\Windows\System\bEwXTJs.exe
  C:\Windows\System\bEwXTJs.exe
  2⤵
  PID:5588
- C:\Windows\System\vMGfwpB.exe
  C:\Windows\System\vMGfwpB.exe
  2⤵
  PID:5604
- C:\Windows\System\krcAOhZ.exe
  C:\Windows\System\krcAOhZ.exe
  2⤵
  PID:5620
- C:\Windows\System\GXiRNCA.exe
  C:\Windows\System\GXiRNCA.exe
  2⤵
  PID:5636
- C:\Windows\System\qsEElNF.exe
  C:\Windows\System\qsEElNF.exe
  2⤵
  PID:5652
- C:\Windows\System\dqScMSR.exe
  C:\Windows\System\dqScMSR.exe
  2⤵
  PID:5668
- C:\Windows\System\MWHBoQb.exe
  C:\Windows\System\MWHBoQb.exe
  2⤵
  PID:5684
- C:\Windows\System\XCCxOFL.exe
  C:\Windows\System\XCCxOFL.exe
  2⤵
  PID:5700
- C:\Windows\System\bSKhkaS.exe
  C:\Windows\System\bSKhkaS.exe
  2⤵
  PID:5716
- C:\Windows\System\tMhPdJV.exe
  C:\Windows\System\tMhPdJV.exe
  2⤵
  PID:5732
- C:\Windows\System\ERkMrjW.exe
  C:\Windows\System\ERkMrjW.exe
  2⤵
  PID:5748
- C:\Windows\System\eXnQbnU.exe
  C:\Windows\System\eXnQbnU.exe
  2⤵
  PID:5764
- C:\Windows\System\rSrGblv.exe
  C:\Windows\System\rSrGblv.exe
  2⤵
  PID:5780
- C:\Windows\System\XBwrJJE.exe
  C:\Windows\System\XBwrJJE.exe
  2⤵
  PID:5796
- C:\Windows\System\jhcFoDM.exe
  C:\Windows\System\jhcFoDM.exe
  2⤵
  PID:5812
- C:\Windows\System\RVwXEjT.exe
  C:\Windows\System\RVwXEjT.exe
  2⤵
  PID:5828
- C:\Windows\System\MKkUuSX.exe
  C:\Windows\System\MKkUuSX.exe
  2⤵
  PID:5844
- C:\Windows\System\NaOOAfC.exe
  C:\Windows\System\NaOOAfC.exe
  2⤵
  PID:5860
- C:\Windows\System\lxOAGTm.exe
  C:\Windows\System\lxOAGTm.exe
  2⤵
  PID:5876
- C:\Windows\System\qndoVKO.exe
  C:\Windows\System\qndoVKO.exe
  2⤵
  PID:5892
- C:\Windows\System\echMwxH.exe
  C:\Windows\System\echMwxH.exe
  2⤵
  PID:5908
- C:\Windows\System\xcXyHMA.exe
  C:\Windows\System\xcXyHMA.exe
  2⤵
  PID:5924
- C:\Windows\System\yDxwwEH.exe
  C:\Windows\System\yDxwwEH.exe
  2⤵
  PID:5940
- C:\Windows\System\QYkBtVD.exe
  C:\Windows\System\QYkBtVD.exe
  2⤵
  PID:5956
- C:\Windows\System\FvEuOJF.exe
  C:\Windows\System\FvEuOJF.exe
  2⤵
  PID:5972
- C:\Windows\System\PGJPxCb.exe
  C:\Windows\System\PGJPxCb.exe
  2⤵
  PID:5988
- C:\Windows\System\rCSpPsz.exe
  C:\Windows\System\rCSpPsz.exe
  2⤵
  PID:6004
- C:\Windows\System\ASrWayU.exe
  C:\Windows\System\ASrWayU.exe
  2⤵
  PID:6020
- C:\Windows\System\ILfhcCS.exe
  C:\Windows\System\ILfhcCS.exe
  2⤵
  PID:6036
- C:\Windows\System\TOeMXaz.exe
  C:\Windows\System\TOeMXaz.exe
  2⤵
  PID:6052
- C:\Windows\System\ZgwfUfg.exe
  C:\Windows\System\ZgwfUfg.exe
  2⤵
  PID:6068
- C:\Windows\System\nqABMfJ.exe
  C:\Windows\System\nqABMfJ.exe
  2⤵
  PID:6084
- C:\Windows\System\OCnEcXA.exe
  C:\Windows\System\OCnEcXA.exe
  2⤵
  PID:6100
- C:\Windows\System\ohrGcpL.exe
  C:\Windows\System\ohrGcpL.exe
  2⤵
  PID:6116
- C:\Windows\System\wTHUwJQ.exe
  C:\Windows\System\wTHUwJQ.exe
  2⤵
  PID:6132
- C:\Windows\System\jClXGVn.exe
  C:\Windows\System\jClXGVn.exe
  2⤵
  PID:4996
- C:\Windows\System\kGwvORi.exe
  C:\Windows\System\kGwvORi.exe
  2⤵
  PID:5124
- C:\Windows\System\KMyQtaT.exe
  C:\Windows\System\KMyQtaT.exe
  2⤵
  PID:4676
- C:\Windows\System\vXfmUhY.exe
  C:\Windows\System\vXfmUhY.exe
  2⤵
  PID:5172
- C:\Windows\System\ZKaiWrB.exe
  C:\Windows\System\ZKaiWrB.exe
  2⤵
  PID:5192
- C:\Windows\System\IcGgTLN.exe
  C:\Windows\System\IcGgTLN.exe
  2⤵
  PID:5176
- C:\Windows\System\kztRcJc.exe
  C:\Windows\System\kztRcJc.exe
  2⤵
  PID:5260
- C:\Windows\System\QyebWuE.exe
  C:\Windows\System\QyebWuE.exe
  2⤵
  PID:5244
- C:\Windows\System\BqrCPnd.exe
  C:\Windows\System\BqrCPnd.exe
  2⤵
  PID:5324
- C:\Windows\System\DohSGHl.exe
  C:\Windows\System\DohSGHl.exe
  2⤵
  PID:5276
- C:\Windows\System\hKnLKyK.exe
  C:\Windows\System\hKnLKyK.exe
  2⤵
  PID:5336
- C:\Windows\System\UKKCIAC.exe
  C:\Windows\System\UKKCIAC.exe
  2⤵
  PID:5368
- C:\Windows\System\LHEJXFl.exe
  C:\Windows\System\LHEJXFl.exe
  2⤵
  PID:5408
- C:\Windows\System\LwkbFcY.exe
  C:\Windows\System\LwkbFcY.exe
  2⤵
  PID:5456
- C:\Windows\System\YEChsWL.exe
  C:\Windows\System\YEChsWL.exe
  2⤵
  PID:5516
- C:\Windows\System\iJLcigw.exe
  C:\Windows\System\iJLcigw.exe
  2⤵
  PID:5580
- C:\Windows\System\KHYuYUq.exe
  C:\Windows\System\KHYuYUq.exe
  2⤵
  PID:5644
- C:\Windows\System\jLEMkrL.exe
  C:\Windows\System\jLEMkrL.exe
  2⤵
  PID:5708
- C:\Windows\System\cUlERLw.exe
  C:\Windows\System\cUlERLw.exe
  2⤵
  PID:5500
- C:\Windows\System\wjkmlcg.exe
  C:\Windows\System\wjkmlcg.exe
  2⤵
  PID:5776
- C:\Windows\System\oFBXqKy.exe
  C:\Windows\System\oFBXqKy.exe
  2⤵
  PID:5692
- C:\Windows\System\XfolgiV.exe
  C:\Windows\System\XfolgiV.exe
  2⤵
  PID:5628
- C:\Windows\System\HtHCLXo.exe
  C:\Windows\System\HtHCLXo.exe
  2⤵
  PID:5664
- C:\Windows\System\hANiwaD.exe
  C:\Windows\System\hANiwaD.exe
  2⤵
  PID:5728
- C:\Windows\System\ejpMbZo.exe
  C:\Windows\System\ejpMbZo.exe
  2⤵
  PID:5820
- C:\Windows\System\LOOCMWB.exe
  C:\Windows\System\LOOCMWB.exe
  2⤵
  PID:5888
- C:\Windows\System\XxhBLFs.exe
  C:\Windows\System\XxhBLFs.exe
  2⤵
  PID:5948
- C:\Windows\System\yfsQSPv.exe
  C:\Windows\System\yfsQSPv.exe
  2⤵
  PID:5836
- C:\Windows\System\XTxOXmt.exe
  C:\Windows\System\XTxOXmt.exe
  2⤵
  PID:5900
- C:\Windows\System\HxZyiHQ.exe
  C:\Windows\System\HxZyiHQ.exe
  2⤵
  PID:5964
- C:\Windows\System\RAcQMCC.exe
  C:\Windows\System\RAcQMCC.exe
  2⤵
  PID:6000
- C:\Windows\System\szJExjz.exe
  C:\Windows\System\szJExjz.exe
  2⤵
  PID:6044
- C:\Windows\System\wBKxDzr.exe
  C:\Windows\System\wBKxDzr.exe
  2⤵
  PID:6092
- C:\Windows\System\KDPZBWZ.exe
  C:\Windows\System\KDPZBWZ.exe
  2⤵
  PID:6124
- C:\Windows\System\gCcAjuw.exe
  C:\Windows\System\gCcAjuw.exe
  2⤵
  PID:4104
- C:\Windows\System\PchFaUT.exe
  C:\Windows\System\PchFaUT.exe
  2⤵
  PID:5144
- C:\Windows\System\wKULcvm.exe
  C:\Windows\System\wKULcvm.exe
  2⤵
  PID:5272
- C:\Windows\System\bblMdFM.exe
  C:\Windows\System\bblMdFM.exe
  2⤵
  PID:6080
- C:\Windows\System\NVNxNub.exe
  C:\Windows\System\NVNxNub.exe
  2⤵
  PID:4804
- C:\Windows\System\sBOhcCi.exe
  C:\Windows\System\sBOhcCi.exe
  2⤵
  PID:5228
- C:\Windows\System\GqJNmHx.exe
  C:\Windows\System\GqJNmHx.exe
  2⤵
  PID:5552
- C:\Windows\System\aJyRbDe.exe
  C:\Windows\System\aJyRbDe.exe
  2⤵
  PID:5404
- C:\Windows\System\wNhxdnu.exe
  C:\Windows\System\wNhxdnu.exe
  2⤵
  PID:5564
- C:\Windows\System\IFKiveV.exe
  C:\Windows\System\IFKiveV.exe
  2⤵
  PID:5488
- C:\Windows\System\ztTDMCX.exe
  C:\Windows\System\ztTDMCX.exe
  2⤵
  PID:5724
- C:\Windows\System\mMIkrUO.exe
  C:\Windows\System\mMIkrUO.exe
  2⤵
  PID:5852
- C:\Windows\System\YooIixu.exe
  C:\Windows\System\YooIixu.exe
  2⤵
  PID:5568
- C:\Windows\System\nEiGbqk.exe
  C:\Windows\System\nEiGbqk.exe
  2⤵
  PID:5916
- C:\Windows\System\JZrxJGV.exe
  C:\Windows\System\JZrxJGV.exe
  2⤵
  PID:6048
- C:\Windows\System\AiPsOHG.exe
  C:\Windows\System\AiPsOHG.exe
  2⤵
  PID:5932
- C:\Windows\System\ACHcDpu.exe
  C:\Windows\System\ACHcDpu.exe
  2⤵
  PID:4692
- C:\Windows\System\pxAzTaR.exe
  C:\Windows\System\pxAzTaR.exe
  2⤵
  PID:6140
- C:\Windows\System\IgeHCje.exe
  C:\Windows\System\IgeHCje.exe
  2⤵
  PID:4836
- C:\Windows\System\EaHkqWg.exe
  C:\Windows\System\EaHkqWg.exe
  2⤵
  PID:5160
- C:\Windows\System\IrjSjVY.exe
  C:\Windows\System\IrjSjVY.exe
  2⤵
  PID:5680
- C:\Windows\System\rQSwhkN.exe
  C:\Windows\System\rQSwhkN.exe
  2⤵
  PID:6076
- C:\Windows\System\nzzNEaM.exe
  C:\Windows\System\nzzNEaM.exe
  2⤵
  PID:5420
- C:\Windows\System\xHWxYiu.exe
  C:\Windows\System\xHWxYiu.exe
  2⤵
  PID:5740
- C:\Windows\System\YIcHevj.exe
  C:\Windows\System\YIcHevj.exe
  2⤵
  PID:5744
- C:\Windows\System\ZDPWDzG.exe
  C:\Windows\System\ZDPWDzG.exe
  2⤵
  PID:6108
- C:\Windows\System\QWsGAaW.exe
  C:\Windows\System\QWsGAaW.exe
  2⤵
  PID:5872
- C:\Windows\System\svBoqHu.exe
  C:\Windows\System\svBoqHu.exe
  2⤵
  PID:4468
- C:\Windows\System\AiWZDhC.exe
  C:\Windows\System\AiWZDhC.exe
  2⤵
  PID:5696
- C:\Windows\System\xPcYaUb.exe
  C:\Windows\System\xPcYaUb.exe
  2⤵
  PID:5984
- C:\Windows\System\qHQeZKG.exe
  C:\Windows\System\qHQeZKG.exe
  2⤵
  PID:5472
- C:\Windows\System\hSotgXn.exe
  C:\Windows\System\hSotgXn.exe
  2⤵
  PID:6012
- C:\Windows\System\cvxnUQV.exe
  C:\Windows\System\cvxnUQV.exe
  2⤵
  PID:6160
- C:\Windows\System\AiBQaXh.exe
  C:\Windows\System\AiBQaXh.exe
  2⤵
  PID:6176
- C:\Windows\System\lwKLERq.exe
  C:\Windows\System\lwKLERq.exe
  2⤵
  PID:6192
- C:\Windows\System\wEsKurn.exe
  C:\Windows\System\wEsKurn.exe
  2⤵
  PID:6208
- C:\Windows\System\sDQTxKS.exe
  C:\Windows\System\sDQTxKS.exe
  2⤵
  PID:6224
- C:\Windows\System\bbxjssj.exe
  C:\Windows\System\bbxjssj.exe
  2⤵
  PID:6240
- C:\Windows\System\EaVkihn.exe
  C:\Windows\System\EaVkihn.exe
  2⤵
  PID:6256
- C:\Windows\System\NRGvLsn.exe
  C:\Windows\System\NRGvLsn.exe
  2⤵
  PID:6272
- C:\Windows\System\wjQuAIJ.exe
  C:\Windows\System\wjQuAIJ.exe
  2⤵
  PID:6288
- C:\Windows\System\BQTGkif.exe
  C:\Windows\System\BQTGkif.exe
  2⤵
  PID:6304
- C:\Windows\System\ObelBSN.exe
  C:\Windows\System\ObelBSN.exe
  2⤵
  PID:6320
- C:\Windows\System\wDpEOIl.exe
  C:\Windows\System\wDpEOIl.exe
  2⤵
  PID:6336
- C:\Windows\System\uPkdBmh.exe
  C:\Windows\System\uPkdBmh.exe
  2⤵
  PID:6352
- C:\Windows\System\tgPfmdX.exe
  C:\Windows\System\tgPfmdX.exe
  2⤵
  PID:6368
- C:\Windows\System\WNaOdEE.exe
  C:\Windows\System\WNaOdEE.exe
  2⤵
  PID:6384
- C:\Windows\System\vxCdIGv.exe
  C:\Windows\System\vxCdIGv.exe
  2⤵
  PID:6400
- C:\Windows\System\bpyNRKs.exe
  C:\Windows\System\bpyNRKs.exe
  2⤵
  PID:6416
- C:\Windows\System\CCAfwhT.exe
  C:\Windows\System\CCAfwhT.exe
  2⤵
  PID:6432
- C:\Windows\System\XHNPDnc.exe
  C:\Windows\System\XHNPDnc.exe
  2⤵
  PID:6448
- C:\Windows\System\GxremXQ.exe
  C:\Windows\System\GxremXQ.exe
  2⤵
  PID:6464
- C:\Windows\System\cBclueN.exe
  C:\Windows\System\cBclueN.exe
  2⤵
  PID:6480
- C:\Windows\System\BUnQXdE.exe
  C:\Windows\System\BUnQXdE.exe
  2⤵
  PID:6496
- C:\Windows\System\bleBcDC.exe
  C:\Windows\System\bleBcDC.exe
  2⤵
  PID:6512
- C:\Windows\System\DEqIkqM.exe
  C:\Windows\System\DEqIkqM.exe
  2⤵
  PID:6528
- C:\Windows\System\dfjlNPB.exe
  C:\Windows\System\dfjlNPB.exe
  2⤵
  PID:6544
- C:\Windows\System\LstXyHB.exe
  C:\Windows\System\LstXyHB.exe
  2⤵
  PID:6560
- C:\Windows\System\qQZYqmy.exe
  C:\Windows\System\qQZYqmy.exe
  2⤵
  PID:6588
- C:\Windows\System\HTLXAlj.exe
  C:\Windows\System\HTLXAlj.exe
  2⤵
  PID:6604
- C:\Windows\System\HOoouky.exe
  C:\Windows\System\HOoouky.exe
  2⤵
  PID:6652
- C:\Windows\System\yXOURok.exe
  C:\Windows\System\yXOURok.exe
  2⤵
  PID:6672
- C:\Windows\System\Xxsscce.exe
  C:\Windows\System\Xxsscce.exe
  2⤵
  PID:6696
- C:\Windows\System\JiaTpwv.exe
  C:\Windows\System\JiaTpwv.exe
  2⤵
  PID:6712
- C:\Windows\System\pKBBzUJ.exe
  C:\Windows\System\pKBBzUJ.exe
  2⤵
  PID:6728
- C:\Windows\System\WZYjrpq.exe
  C:\Windows\System\WZYjrpq.exe
  2⤵
  PID:6748
- C:\Windows\System\UCKJGka.exe
  C:\Windows\System\UCKJGka.exe
  2⤵
  PID:6764
- C:\Windows\System\TuGGlNe.exe
  C:\Windows\System\TuGGlNe.exe
  2⤵
  PID:6780
- C:\Windows\System\qAOqYet.exe
  C:\Windows\System\qAOqYet.exe
  2⤵
  PID:6796
- C:\Windows\System\rBwgunz.exe
  C:\Windows\System\rBwgunz.exe
  2⤵
  PID:6812
- C:\Windows\System\nrbBfep.exe
  C:\Windows\System\nrbBfep.exe
  2⤵
  PID:6828
- C:\Windows\System\HZsNozX.exe
  C:\Windows\System\HZsNozX.exe
  2⤵
  PID:6844
- C:\Windows\System\YSZkpKi.exe
  C:\Windows\System\YSZkpKi.exe
  2⤵
  PID:6860
- C:\Windows\System\qbqqVVe.exe
  C:\Windows\System\qbqqVVe.exe
  2⤵
  PID:6876
- C:\Windows\System\zpqTVcY.exe
  C:\Windows\System\zpqTVcY.exe
  2⤵
  PID:6896
- C:\Windows\System\wkCzMGl.exe
  C:\Windows\System\wkCzMGl.exe
  2⤵
  PID:6912
- C:\Windows\System\lXneDzv.exe
  C:\Windows\System\lXneDzv.exe
  2⤵
  PID:6928
- C:\Windows\System\zPaqZkQ.exe
  C:\Windows\System\zPaqZkQ.exe
  2⤵
  PID:6944
- C:\Windows\System\pmkxUTu.exe
  C:\Windows\System\pmkxUTu.exe
  2⤵
  PID:6960
- C:\Windows\System\oUZtNIH.exe
  C:\Windows\System\oUZtNIH.exe
  2⤵
  PID:6976
- C:\Windows\System\udCDATN.exe
  C:\Windows\System\udCDATN.exe
  2⤵
  PID:6992
- C:\Windows\System\lJcKgVq.exe
  C:\Windows\System\lJcKgVq.exe
  2⤵
  PID:7008
- C:\Windows\System\rgQZQGL.exe
  C:\Windows\System\rgQZQGL.exe
  2⤵
  PID:7024
- C:\Windows\System\PAEdOCn.exe
  C:\Windows\System\PAEdOCn.exe
  2⤵
  PID:7040
- C:\Windows\System\NvnIHdM.exe
  C:\Windows\System\NvnIHdM.exe
  2⤵
  PID:7056
- C:\Windows\System\mqxZMSB.exe
  C:\Windows\System\mqxZMSB.exe
  2⤵
  PID:7072
- C:\Windows\System\iyFrUNs.exe
  C:\Windows\System\iyFrUNs.exe
  2⤵
  PID:7088
- C:\Windows\System\NSYxIxr.exe
  C:\Windows\System\NSYxIxr.exe
  2⤵
  PID:7108
- C:\Windows\System\gmFcbuI.exe
  C:\Windows\System\gmFcbuI.exe
  2⤵
  PID:7124
- C:\Windows\System\eHXxADg.exe
  C:\Windows\System\eHXxADg.exe
  2⤵
  PID:7140
- C:\Windows\System\gDQgdvt.exe
  C:\Windows\System\gDQgdvt.exe
  2⤵
  PID:7156
- C:\Windows\System\HfUnQDr.exe
  C:\Windows\System\HfUnQDr.exe
  2⤵
  PID:5600
- C:\Windows\System\FBTbRRY.exe
  C:\Windows\System\FBTbRRY.exe
  2⤵
  PID:6152
- C:\Windows\System\NzNNsSR.exe
  C:\Windows\System\NzNNsSR.exe
  2⤵
  PID:5340
- C:\Windows\System\dfRtMnd.exe
  C:\Windows\System\dfRtMnd.exe
  2⤵
  PID:6248
- C:\Windows\System\lpLTrGx.exe
  C:\Windows\System\lpLTrGx.exe
  2⤵
  PID:6280
- C:\Windows\System\FVUmoZA.exe
  C:\Windows\System\FVUmoZA.exe
  2⤵
  PID:6316
- C:\Windows\System\eAZkqyT.exe
  C:\Windows\System\eAZkqyT.exe
  2⤵
  PID:6376
- C:\Windows\System\xOqwnRJ.exe
  C:\Windows\System\xOqwnRJ.exe
  2⤵
  PID:6472
- C:\Windows\System\tOXrrXJ.exe
  C:\Windows\System\tOXrrXJ.exe
  2⤵
  PID:6536
- C:\Windows\System\teAYFeI.exe
  C:\Windows\System\teAYFeI.exe
  2⤵
  PID:6296
- C:\Windows\System\VhhwDQr.exe
  C:\Windows\System\VhhwDQr.exe
  2⤵
  PID:6392
- C:\Windows\System\AIYqvaF.exe
  C:\Windows\System\AIYqvaF.exe
  2⤵
  PID:6556
- C:\Windows\System\SrKuMrn.exe
  C:\Windows\System\SrKuMrn.exe
  2⤵
  PID:6456
- C:\Windows\System\NnwajRG.exe
  C:\Windows\System\NnwajRG.exe
  2⤵
  PID:6332
- C:\Windows\System\jpeuTNb.exe
  C:\Windows\System\jpeuTNb.exe
  2⤵
  PID:6460
- C:\Windows\System\bnBuMNj.exe
  C:\Windows\System\bnBuMNj.exe
  2⤵
  PID:5452
- C:\Windows\System\YsXxise.exe
  C:\Windows\System\YsXxise.exe
  2⤵
  PID:6612
- C:\Windows\System\UMJIdaz.exe
  C:\Windows\System\UMJIdaz.exe
  2⤵
  PID:6628
- C:\Windows\System\OEHMiIz.exe
  C:\Windows\System\OEHMiIz.exe
  2⤵
  PID:6644
- C:\Windows\System\mJVKxRd.exe
  C:\Windows\System\mJVKxRd.exe
  2⤵
  PID:6684
- C:\Windows\System\oYUCtIA.exe
  C:\Windows\System\oYUCtIA.exe
  2⤵
  PID:6664
- C:\Windows\System\ExnvKIq.exe
  C:\Windows\System\ExnvKIq.exe
  2⤵
  PID:6756
- C:\Windows\System\gLtnViO.exe
  C:\Windows\System\gLtnViO.exe
  2⤵
  PID:6820
- C:\Windows\System\dOVxdVH.exe
  C:\Windows\System\dOVxdVH.exe
  2⤵
  PID:6736
- C:\Windows\System\tOWrTMf.exe
  C:\Windows\System\tOWrTMf.exe
  2⤵
  PID:6888
- C:\Windows\System\aYSygpN.exe
  C:\Windows\System\aYSygpN.exe
  2⤵
  PID:6744
- C:\Windows\System\DwkAKCT.exe
  C:\Windows\System\DwkAKCT.exe
  2⤵
  PID:6808
- C:\Windows\System\AJlpkgQ.exe
  C:\Windows\System\AJlpkgQ.exe
  2⤵
  PID:6920
- C:\Windows\System\yCPPJQw.exe
  C:\Windows\System\yCPPJQw.exe
  2⤵
  PID:6988
- C:\Windows\System\yZUTwPP.exe
  C:\Windows\System\yZUTwPP.exe
  2⤵
  PID:6872
- C:\Windows\System\kbQtgnf.exe
  C:\Windows\System\kbQtgnf.exe
  2⤵
  PID:6940
- C:\Windows\System\DtAqVZS.exe
  C:\Windows\System\DtAqVZS.exe
  2⤵
  PID:7004
- C:\Windows\System\IcLzpDu.exe
  C:\Windows\System\IcLzpDu.exe
  2⤵
  PID:7068
- C:\Windows\System\uDaMjzf.exe
  C:\Windows\System\uDaMjzf.exe
  2⤵
  PID:7136
- C:\Windows\System\jcfWFiG.exe
  C:\Windows\System\jcfWFiG.exe
  2⤵
  PID:5868
- C:\Windows\System\WwnyMVR.exe
  C:\Windows\System\WwnyMVR.exe
  2⤵
  PID:6348
- C:\Windows\System\qeRmedW.exe
  C:\Windows\System\qeRmedW.exe
  2⤵
  PID:6360
- C:\Windows\System\tLOLzcP.exe
  C:\Windows\System\tLOLzcP.exe
  2⤵
  PID:6492
- C:\Windows\System\ewwBbmK.exe
  C:\Windows\System\ewwBbmK.exe
  2⤵
  PID:6568
- C:\Windows\System\fmYZmTE.exe
  C:\Windows\System\fmYZmTE.exe
  2⤵
  PID:5788
- C:\Windows\System\kTEDIFc.exe
  C:\Windows\System\kTEDIFc.exe
  2⤵
  PID:6344
- C:\Windows\System\vBpbBuC.exe
  C:\Windows\System\vBpbBuC.exe
  2⤵
  PID:6552
- C:\Windows\System\kpZLZHy.exe
  C:\Windows\System\kpZLZHy.exe
  2⤵
  PID:6596
- C:\Windows\System\RSAgYmF.exe
  C:\Windows\System\RSAgYmF.exe
  2⤵
  PID:6688
- C:\Windows\System\vdLeahG.exe
  C:\Windows\System\vdLeahG.exe
  2⤵
  PID:6868
- C:\Windows\System\undVyAI.exe
  C:\Windows\System\undVyAI.exe
  2⤵
  PID:6956
- C:\Windows\System\NDLNFcO.exe
  C:\Windows\System\NDLNFcO.exe
  2⤵
  PID:6236
- C:\Windows\System\KpkZLIf.exe
  C:\Windows\System\KpkZLIf.exe
  2⤵
  PID:6524
- C:\Windows\System\YSFNPgg.exe
  C:\Windows\System\YSFNPgg.exe
  2⤵
  PID:6680
- C:\Windows\System\JdFziZT.exe
  C:\Windows\System\JdFziZT.exe
  2⤵
  PID:6740
- C:\Windows\System\iSGbcQt.exe
  C:\Windows\System\iSGbcQt.exe
  2⤵
  PID:7020
- C:\Windows\System\KdhgNLY.exe
  C:\Windows\System\KdhgNLY.exe
  2⤵
  PID:7064
- C:\Windows\System\HLrXUqq.exe
  C:\Windows\System\HLrXUqq.exe
  2⤵
  PID:6328
- C:\Windows\System\LvAAdsp.exe
  C:\Windows\System\LvAAdsp.exe
  2⤵
  PID:6232
- C:\Windows\System\JAWcFMr.exe
  C:\Windows\System\JAWcFMr.exe
  2⤵
  PID:6792
- C:\Windows\System\EISNKvF.exe
  C:\Windows\System\EISNKvF.exe
  2⤵
  PID:6624
- C:\Windows\System\jvuggLZ.exe
  C:\Windows\System\jvuggLZ.exe
  2⤵
  PID:5980
- C:\Windows\System\AdAFGsE.exe
  C:\Windows\System\AdAFGsE.exe
  2⤵
  PID:6952
- C:\Windows\System\gosHQGq.exe
  C:\Windows\System\gosHQGq.exe
  2⤵
  PID:7180
- C:\Windows\System\enNQzJk.exe
  C:\Windows\System\enNQzJk.exe
  2⤵
  PID:7196
- C:\Windows\System\UuurJiy.exe
  C:\Windows\System\UuurJiy.exe
  2⤵
  PID:7212
- C:\Windows\System\KouiMfT.exe
  C:\Windows\System\KouiMfT.exe
  2⤵
  PID:7228
- C:\Windows\System\EuNrArt.exe
  C:\Windows\System\EuNrArt.exe
  2⤵
  PID:7244
- C:\Windows\System\CcPTPXJ.exe
  C:\Windows\System\CcPTPXJ.exe
  2⤵
  PID:7260
- C:\Windows\System\yhMlTDs.exe
  C:\Windows\System\yhMlTDs.exe
  2⤵
  PID:7276
- C:\Windows\System\aaebNxi.exe
  C:\Windows\System\aaebNxi.exe
  2⤵
  PID:7292
- C:\Windows\System\YAJfmNQ.exe
  C:\Windows\System\YAJfmNQ.exe
  2⤵
  PID:7308
- C:\Windows\System\cYHTZFj.exe
  C:\Windows\System\cYHTZFj.exe
  2⤵
  PID:7324
- C:\Windows\System\cdyqeEJ.exe
  C:\Windows\System\cdyqeEJ.exe
  2⤵
  PID:7340
- C:\Windows\System\UYejEVB.exe
  C:\Windows\System\UYejEVB.exe
  2⤵
  PID:7356
- C:\Windows\System\gYWThZj.exe
  C:\Windows\System\gYWThZj.exe
  2⤵
  PID:7372
- C:\Windows\System\zlhOmPS.exe
  C:\Windows\System\zlhOmPS.exe
  2⤵
  PID:7388
- C:\Windows\System\WuAAXrG.exe
  C:\Windows\System\WuAAXrG.exe
  2⤵
  PID:7404
- C:\Windows\System\PSNMgCB.exe
  C:\Windows\System\PSNMgCB.exe
  2⤵
  PID:7420
- C:\Windows\System\JUwaxzp.exe
  C:\Windows\System\JUwaxzp.exe
  2⤵
  PID:7436
- C:\Windows\System\MpJvKMz.exe
  C:\Windows\System\MpJvKMz.exe
  2⤵
  PID:7452
- C:\Windows\System\hJOGyhE.exe
  C:\Windows\System\hJOGyhE.exe
  2⤵
  PID:7468
- C:\Windows\System\RYYfmbZ.exe
  C:\Windows\System\RYYfmbZ.exe
  2⤵
  PID:7484
- C:\Windows\System\qcCEgxL.exe
  C:\Windows\System\qcCEgxL.exe
  2⤵
  PID:7500
- C:\Windows\System\zzDcgyX.exe
  C:\Windows\System\zzDcgyX.exe
  2⤵
  PID:7516
- C:\Windows\System\OjDVkRf.exe
  C:\Windows\System\OjDVkRf.exe
  2⤵
  PID:7532
- C:\Windows\System\AzfrwjN.exe
  C:\Windows\System\AzfrwjN.exe
  2⤵
  PID:7548
- C:\Windows\System\WjuxbJi.exe
  C:\Windows\System\WjuxbJi.exe
  2⤵
  PID:7564
- C:\Windows\System\vnxooxr.exe
  C:\Windows\System\vnxooxr.exe
  2⤵
  PID:7580
- C:\Windows\System\oKyNijA.exe
  C:\Windows\System\oKyNijA.exe
  2⤵
  PID:7600
- C:\Windows\System\QqLywgu.exe
  C:\Windows\System\QqLywgu.exe
  2⤵
  PID:7616
- C:\Windows\System\ufHvozh.exe
  C:\Windows\System\ufHvozh.exe
  2⤵
  PID:7632
- C:\Windows\System\yosbsNo.exe
  C:\Windows\System\yosbsNo.exe
  2⤵
  PID:7648
- C:\Windows\System\iUAyedl.exe
  C:\Windows\System\iUAyedl.exe
  2⤵
  PID:7664
- C:\Windows\System\pBWXxtZ.exe
  C:\Windows\System\pBWXxtZ.exe
  2⤵
  PID:7680
- C:\Windows\System\ooFouxr.exe
  C:\Windows\System\ooFouxr.exe
  2⤵
  PID:7696
- C:\Windows\System\bbOvaeV.exe
  C:\Windows\System\bbOvaeV.exe
  2⤵
  PID:7712
- C:\Windows\System\IoaDCsq.exe
  C:\Windows\System\IoaDCsq.exe
  2⤵
  PID:7728
- C:\Windows\System\VuBFbSL.exe
  C:\Windows\System\VuBFbSL.exe
  2⤵
  PID:7744
- C:\Windows\System\GVVDmjs.exe
  C:\Windows\System\GVVDmjs.exe
  2⤵
  PID:7760
- C:\Windows\System\nOzORBn.exe
  C:\Windows\System\nOzORBn.exe
  2⤵
  PID:7776
- C:\Windows\System\RKYvMKQ.exe
  C:\Windows\System\RKYvMKQ.exe
  2⤵
  PID:7792
- C:\Windows\System\hhGCqpu.exe
  C:\Windows\System\hhGCqpu.exe
  2⤵
  PID:7808
- C:\Windows\System\DYvFOLK.exe
  C:\Windows\System\DYvFOLK.exe
  2⤵
  PID:7824
- C:\Windows\System\CwkrKPP.exe
  C:\Windows\System\CwkrKPP.exe
  2⤵
  PID:7840
- C:\Windows\System\qWcCsgz.exe
  C:\Windows\System\qWcCsgz.exe
  2⤵
  PID:7856
- C:\Windows\System\ksWysGD.exe
  C:\Windows\System\ksWysGD.exe
  2⤵
  PID:7872
- C:\Windows\System\rByylXo.exe
  C:\Windows\System\rByylXo.exe
  2⤵
  PID:7888
- C:\Windows\System\QDxmhYT.exe
  C:\Windows\System\QDxmhYT.exe
  2⤵
  PID:7904
- C:\Windows\System\pmEnlpB.exe
  C:\Windows\System\pmEnlpB.exe
  2⤵
  PID:7920
- C:\Windows\System\wQxShXv.exe
  C:\Windows\System\wQxShXv.exe
  2⤵
  PID:7936
- C:\Windows\System\oJucUEr.exe
  C:\Windows\System\oJucUEr.exe
  2⤵
  PID:7952
- C:\Windows\System\DUurPto.exe
  C:\Windows\System\DUurPto.exe
  2⤵
  PID:7968
- C:\Windows\System\dxMtIqS.exe
  C:\Windows\System\dxMtIqS.exe
  2⤵
  PID:7984
- C:\Windows\System\IswTTzz.exe
  C:\Windows\System\IswTTzz.exe
  2⤵
  PID:8000
- C:\Windows\System\oduLMPS.exe
  C:\Windows\System\oduLMPS.exe
  2⤵
  PID:8016
- C:\Windows\System\nFmYlin.exe
  C:\Windows\System\nFmYlin.exe
  2⤵
  PID:8032
- C:\Windows\System\fjuPZmm.exe
  C:\Windows\System\fjuPZmm.exe
  2⤵
  PID:8048
- C:\Windows\System\HlLboLb.exe
  C:\Windows\System\HlLboLb.exe
  2⤵
  PID:8064
- C:\Windows\System\XSZtzaw.exe
  C:\Windows\System\XSZtzaw.exe
  2⤵
  PID:8080
- C:\Windows\System\beVyVbp.exe
  C:\Windows\System\beVyVbp.exe
  2⤵
  PID:8096
- C:\Windows\System\xyoTzCW.exe
  C:\Windows\System\xyoTzCW.exe
  2⤵
  PID:8112
- C:\Windows\System\aqvFPXs.exe
  C:\Windows\System\aqvFPXs.exe
  2⤵
  PID:8128
- C:\Windows\System\ehxMLzE.exe
  C:\Windows\System\ehxMLzE.exe
  2⤵
  PID:8144
- C:\Windows\System\IBzfFrR.exe
  C:\Windows\System\IBzfFrR.exe
  2⤵
  PID:8160
- C:\Windows\System\spjXlNf.exe
  C:\Windows\System\spjXlNf.exe
  2⤵
  PID:8176
- C:\Windows\System\iYSZcIg.exe
  C:\Windows\System\iYSZcIg.exe
  2⤵
  PID:7172
- C:\Windows\System\cqrOlwp.exe
  C:\Windows\System\cqrOlwp.exe
  2⤵
  PID:7132
- C:\Windows\System\uiKZVcL.exe
  C:\Windows\System\uiKZVcL.exe
  2⤵
  PID:6572
- C:\Windows\System\JGctzdf.exe
  C:\Windows\System\JGctzdf.exe
  2⤵
  PID:7208
- C:\Windows\System\LOvJSms.exe
  C:\Windows\System\LOvJSms.exe
  2⤵
  PID:7272
- C:\Windows\System\CyRkKTm.exe
  C:\Windows\System\CyRkKTm.exe
  2⤵
  PID:7120
- C:\Windows\System\IaiThwn.exe
  C:\Windows\System\IaiThwn.exe
  2⤵
  PID:6268
- C:\Windows\System\WAKWOfs.exe
  C:\Windows\System\WAKWOfs.exe
  2⤵
  PID:6636
- C:\Windows\System\LGGTnSz.exe
  C:\Windows\System\LGGTnSz.exe
  2⤵
  PID:7428
- C:\Windows\System\xERvdfk.exe
  C:\Windows\System\xERvdfk.exe
  2⤵
  PID:7492
- C:\Windows\System\ZMvchWR.exe
  C:\Windows\System\ZMvchWR.exe
  2⤵
  PID:7496
- C:\Windows\System\JhMvGEb.exe
  C:\Windows\System\JhMvGEb.exe
  2⤵
  PID:7556
- C:\Windows\System\eWtptig.exe
  C:\Windows\System\eWtptig.exe
  2⤵
  PID:6936
- C:\Windows\System\TnxeHAY.exe
  C:\Windows\System\TnxeHAY.exe
  2⤵
  PID:6788
- C:\Windows\System\HfUtDHM.exe
  C:\Windows\System\HfUtDHM.exe
  2⤵
  PID:7220
- C:\Windows\System\nIrcRrz.exe
  C:\Windows\System\nIrcRrz.exe
  2⤵
  PID:7256
- C:\Windows\System\JcgLVfG.exe
  C:\Windows\System\JcgLVfG.exe
  2⤵
  PID:7320
- C:\Windows\System\oujBpQY.exe
  C:\Windows\System\oujBpQY.exe
  2⤵
  PID:7572
- C:\Windows\System\ELIrFuM.exe
  C:\Windows\System\ELIrFuM.exe
  2⤵
  PID:7412
- C:\Windows\System\jjlXVkX.exe
  C:\Windows\System\jjlXVkX.exe
  2⤵
  PID:7476
- C:\Windows\System\rJDlqMJ.exe
  C:\Windows\System\rJDlqMJ.exe
  2⤵
  PID:7544
- C:\Windows\System\GaQygUz.exe
  C:\Windows\System\GaQygUz.exe
  2⤵
  PID:7688
- C:\Windows\System\ysVjhBc.exe
  C:\Windows\System\ysVjhBc.exe
  2⤵
  PID:7752
- C:\Windows\System\schQRVf.exe
  C:\Windows\System\schQRVf.exe
  2⤵
  PID:7704
- C:\Windows\System\rMKlWHf.exe
  C:\Windows\System\rMKlWHf.exe
  2⤵
  PID:7676
- C:\Windows\System\tDhYsgm.exe
  C:\Windows\System\tDhYsgm.exe
  2⤵
  PID:7784
- C:\Windows\System\FjMqFGz.exe
  C:\Windows\System\FjMqFGz.exe
  2⤵
  PID:7848
- C:\Windows\System\PdHlYcJ.exe
  C:\Windows\System\PdHlYcJ.exe
  2⤵
  PID:7912
- C:\Windows\System\DLfKupz.exe
  C:\Windows\System\DLfKupz.exe
  2⤵
  PID:7768
- C:\Windows\System\CdQhacU.exe
  C:\Windows\System\CdQhacU.exe
  2⤵
  PID:7836
- C:\Windows\System\FfLLnwL.exe
  C:\Windows\System\FfLLnwL.exe
  2⤵
  PID:7944
- C:\Windows\System\KtzUIin.exe
  C:\Windows\System\KtzUIin.exe
  2⤵
  PID:7928
- C:\Windows\System\AMUXjst.exe
  C:\Windows\System\AMUXjst.exe
  2⤵
  PID:7996
- C:\Windows\System\gdaSDmh.exe
  C:\Windows\System\gdaSDmh.exe
  2⤵
  PID:8060
- C:\Windows\System\BLQtnYC.exe
  C:\Windows\System\BLQtnYC.exe
  2⤵
  PID:8040
- C:\Windows\System\ZOKEIWN.exe
  C:\Windows\System\ZOKEIWN.exe
  2⤵
  PID:8104
- C:\Windows\System\XVZRXed.exe
  C:\Windows\System\XVZRXed.exe
  2⤵
  PID:8168
- C:\Windows\System\dVrnBHY.exe
  C:\Windows\System\dVrnBHY.exe
  2⤵
  PID:8088
- C:\Windows\System\tbOmakl.exe
  C:\Windows\System\tbOmakl.exe
  2⤵
  PID:8120
- C:\Windows\System\IffdVcO.exe
  C:\Windows\System\IffdVcO.exe
  2⤵
  PID:8188
- C:\Windows\System\ZpPboPi.exe
  C:\Windows\System\ZpPboPi.exe
  2⤵
  PID:7304
- C:\Windows\System\RNntYmv.exe
  C:\Windows\System\RNntYmv.exe
  2⤵
  PID:7460
- C:\Windows\System\jjvMHUt.exe
  C:\Windows\System\jjvMHUt.exe
  2⤵
  PID:7588
- C:\Windows\System\ptGLWFZ.exe
  C:\Windows\System\ptGLWFZ.exe
  2⤵
  PID:7252
- C:\Windows\System\Bwiihfc.exe
  C:\Windows\System\Bwiihfc.exe
  2⤵
  PID:7444
- C:\Windows\System\RBSPWAT.exe
  C:\Windows\System\RBSPWAT.exe
  2⤵
  PID:7608
- C:\Windows\System\MzWcSnA.exe
  C:\Windows\System\MzWcSnA.exe
  2⤵
  PID:6444
- C:\Windows\System\jsxCVGC.exe
  C:\Windows\System\jsxCVGC.exe
  2⤵
  PID:7916
- C:\Windows\System\HSbdAPg.exe
  C:\Windows\System\HSbdAPg.exe
  2⤵
  PID:7964
- C:\Windows\System\SqXSkQJ.exe
  C:\Windows\System\SqXSkQJ.exe
  2⤵
  PID:6520
- C:\Windows\System\CfxBIhX.exe
  C:\Windows\System\CfxBIhX.exe
  2⤵
  PID:7000
- C:\Windows\System\idKkrMY.exe
  C:\Windows\System\idKkrMY.exe
  2⤵
  PID:7288
- C:\Windows\System\ntcxqNg.exe
  C:\Windows\System\ntcxqNg.exe
  2⤵
  PID:7540
- C:\Windows\System\gdXNlSO.exe
  C:\Windows\System\gdXNlSO.exe
  2⤵
  PID:7672
- C:\Windows\System\HKrDICt.exe
  C:\Windows\System\HKrDICt.exe
  2⤵
  PID:8028
- C:\Windows\System\sBIjVhg.exe
  C:\Windows\System\sBIjVhg.exe
  2⤵
  PID:7992
- C:\Windows\System\pbAHdmK.exe
  C:\Windows\System\pbAHdmK.exe
  2⤵
  PID:8184
- C:\Windows\System\DlUhOPt.exe
  C:\Windows\System\DlUhOPt.exe
  2⤵
  PID:7380
- C:\Windows\System\hVOsAQC.exe
  C:\Windows\System\hVOsAQC.exe
  2⤵
  PID:7884
- C:\Windows\System\FshTIZY.exe
  C:\Windows\System\FshTIZY.exe
  2⤵
  PID:7192
- C:\Windows\System\EtNgawE.exe
  C:\Windows\System\EtNgawE.exe
  2⤵
  PID:7152
- C:\Windows\System\AHnYRqU.exe
  C:\Windows\System\AHnYRqU.exe
  2⤵
  PID:7148
- C:\Windows\System\PdQRRlr.exe
  C:\Windows\System\PdQRRlr.exe
  2⤵
  PID:7384
- C:\Windows\System\dxwhMuR.exe
  C:\Windows\System\dxwhMuR.exe
  2⤵
  PID:7976
- C:\Windows\System\KiHIsvE.exe
  C:\Windows\System\KiHIsvE.exe
  2⤵
  PID:7740
- C:\Windows\System\MIKWGEy.exe
  C:\Windows\System\MIKWGEy.exe
  2⤵
  PID:7624
- C:\Windows\System\wzZQpci.exe
  C:\Windows\System\wzZQpci.exe
  2⤵
  PID:7960
- C:\Windows\System\xixJFaZ.exe
  C:\Windows\System\xixJFaZ.exe
  2⤵
  PID:7660
- C:\Windows\System\XQrVkMK.exe
  C:\Windows\System\XQrVkMK.exe
  2⤵
  PID:8012
- C:\Windows\System\VFWwzTm.exe
  C:\Windows\System\VFWwzTm.exe
  2⤵
  PID:8076
- C:\Windows\System\bXogEsm.exe
  C:\Windows\System\bXogEsm.exe
  2⤵
  PID:8124
- C:\Windows\System\vuaavYs.exe
  C:\Windows\System\vuaavYs.exe
  2⤵
  PID:8152
- C:\Windows\System\OTgGhKp.exe
  C:\Windows\System\OTgGhKp.exe
  2⤵
  PID:7864
- C:\Windows\System\EhVrtHe.exe
  C:\Windows\System\EhVrtHe.exe
  2⤵
  PID:7400
- C:\Windows\System\OppQnYL.exe
  C:\Windows\System\OppQnYL.exe
  2⤵
  PID:7900
- C:\Windows\System\pkehPum.exe
  C:\Windows\System\pkehPum.exe
  2⤵
  PID:8204
- C:\Windows\System\CpLvDFg.exe
  C:\Windows\System\CpLvDFg.exe
  2⤵
  PID:8220
- C:\Windows\System\vLFgbbk.exe
  C:\Windows\System\vLFgbbk.exe
  2⤵
  PID:8236
- C:\Windows\System\vWPSPBk.exe
  C:\Windows\System\vWPSPBk.exe
  2⤵
  PID:8252
- C:\Windows\System\CFjSOAE.exe
  C:\Windows\System\CFjSOAE.exe
  2⤵
  PID:8268
- C:\Windows\System\npdhxcK.exe
  C:\Windows\System\npdhxcK.exe
  2⤵
  PID:8284
- C:\Windows\System\KExexSB.exe
  C:\Windows\System\KExexSB.exe
  2⤵
  PID:8300
- C:\Windows\System\yIZjRAB.exe
  C:\Windows\System\yIZjRAB.exe
  2⤵
  PID:8316
- C:\Windows\System\PlphAiM.exe
  C:\Windows\System\PlphAiM.exe
  2⤵
  PID:8332
- C:\Windows\System\QSuQPXS.exe
  C:\Windows\System\QSuQPXS.exe
  2⤵
  PID:8348
- C:\Windows\System\qxTjnnO.exe
  C:\Windows\System\qxTjnnO.exe
  2⤵
  PID:8364
- C:\Windows\System\bIiIumT.exe
  C:\Windows\System\bIiIumT.exe
  2⤵
  PID:8380
- C:\Windows\System\HwEuJej.exe
  C:\Windows\System\HwEuJej.exe
  2⤵
  PID:8396
- C:\Windows\System\EHAGSnk.exe
  C:\Windows\System\EHAGSnk.exe
  2⤵
  PID:8412
- C:\Windows\System\uuoAKOL.exe
  C:\Windows\System\uuoAKOL.exe
  2⤵
  PID:8428
- C:\Windows\System\jJozBiM.exe
  C:\Windows\System\jJozBiM.exe
  2⤵
  PID:8444
- C:\Windows\System\xYAmjAr.exe
  C:\Windows\System\xYAmjAr.exe
  2⤵
  PID:8460
- C:\Windows\System\EkvHhtC.exe
  C:\Windows\System\EkvHhtC.exe
  2⤵
  PID:8476
- C:\Windows\System\mtWLPNe.exe
  C:\Windows\System\mtWLPNe.exe
  2⤵
  PID:8492
- C:\Windows\System\flRsfRv.exe
  C:\Windows\System\flRsfRv.exe
  2⤵
  PID:8508
- C:\Windows\System\AQfOtst.exe
  C:\Windows\System\AQfOtst.exe
  2⤵
  PID:8524
- C:\Windows\System\oNvKVIw.exe
  C:\Windows\System\oNvKVIw.exe
  2⤵
  PID:8540
- C:\Windows\System\TFqwIqQ.exe
  C:\Windows\System\TFqwIqQ.exe
  2⤵
  PID:8556
- C:\Windows\System\ZNcumSb.exe
  C:\Windows\System\ZNcumSb.exe
  2⤵
  PID:8572
- C:\Windows\System\kEBPGeq.exe
  C:\Windows\System\kEBPGeq.exe
  2⤵
  PID:8588
- C:\Windows\System\ELlxkkU.exe
  C:\Windows\System\ELlxkkU.exe
  2⤵
  PID:8656
- C:\Windows\System\gzfzAkR.exe
  C:\Windows\System\gzfzAkR.exe
  2⤵
  PID:8804
- C:\Windows\System\edgAvVi.exe
  C:\Windows\System\edgAvVi.exe
  2⤵
  PID:8824
- C:\Windows\System\nqgDeLI.exe
  C:\Windows\System\nqgDeLI.exe
  2⤵
  PID:8844
- C:\Windows\System\aghUJad.exe
  C:\Windows\System\aghUJad.exe
  2⤵
  PID:8860
- C:\Windows\System\CpauOvG.exe
  C:\Windows\System\CpauOvG.exe
  2⤵
  PID:8876
- C:\Windows\System\MTvcDOK.exe
  C:\Windows\System\MTvcDOK.exe
  2⤵
  PID:8892
- C:\Windows\System\eZcRJwl.exe
  C:\Windows\System\eZcRJwl.exe
  2⤵
  PID:8908
- C:\Windows\System\NtqYrpj.exe
  C:\Windows\System\NtqYrpj.exe
  2⤵
  PID:8924
- C:\Windows\System\PmniVRZ.exe
  C:\Windows\System\PmniVRZ.exe
  2⤵
  PID:8940
- C:\Windows\System\DIeTXgT.exe
  C:\Windows\System\DIeTXgT.exe
  2⤵
  PID:8956
- C:\Windows\System\aLAUfGK.exe
  C:\Windows\System\aLAUfGK.exe
  2⤵
  PID:8972
- C:\Windows\System\muKLZIA.exe
  C:\Windows\System\muKLZIA.exe
  2⤵
  PID:8992
- C:\Windows\System\Tuzddet.exe
  C:\Windows\System\Tuzddet.exe
  2⤵
  PID:9008
- C:\Windows\System\OVfpkBq.exe
  C:\Windows\System\OVfpkBq.exe
  2⤵
  PID:9024
- C:\Windows\System\qlHdTpo.exe
  C:\Windows\System\qlHdTpo.exe
  2⤵
  PID:9040
- C:\Windows\System\SGfVFNr.exe
  C:\Windows\System\SGfVFNr.exe
  2⤵
  PID:9056
- C:\Windows\System\cENFVeR.exe
  C:\Windows\System\cENFVeR.exe
  2⤵
  PID:9076
- C:\Windows\System\eGZEbwp.exe
  C:\Windows\System\eGZEbwp.exe
  2⤵
  PID:9096
- C:\Windows\System\JpIPsou.exe
  C:\Windows\System\JpIPsou.exe
  2⤵
  PID:9112
- C:\Windows\System\oLmlAcZ.exe
  C:\Windows\System\oLmlAcZ.exe
  2⤵
  PID:9128
- C:\Windows\System\qlmpTts.exe
  C:\Windows\System\qlmpTts.exe
  2⤵
  PID:9144
- C:\Windows\System\nTBwVNi.exe
  C:\Windows\System\nTBwVNi.exe
  2⤵
  PID:9160
- C:\Windows\System\oTetlOD.exe
  C:\Windows\System\oTetlOD.exe
  2⤵
  PID:9176
- C:\Windows\System\QMWElXR.exe
  C:\Windows\System\QMWElXR.exe
  2⤵
  PID:9192
- C:\Windows\System\uoBsZVE.exe
  C:\Windows\System\uoBsZVE.exe
  2⤵
  PID:9212
- C:\Windows\System\YOEgRIe.exe
  C:\Windows\System\YOEgRIe.exe
  2⤵
  PID:7528
- C:\Windows\System\PbYauTe.exe
  C:\Windows\System\PbYauTe.exe
  2⤵
  PID:7268
- C:\Windows\System\KXFLbfP.exe
  C:\Windows\System\KXFLbfP.exe
  2⤵
  PID:7820
- C:\Windows\System\ZrQcHbk.exe
  C:\Windows\System\ZrQcHbk.exe
  2⤵
  PID:8340
- C:\Windows\System\xeqPYQl.exe
  C:\Windows\System\xeqPYQl.exe
  2⤵
  PID:8376
- C:\Windows\System\Dqqyrdh.exe
  C:\Windows\System\Dqqyrdh.exe
  2⤵
  PID:8356
- C:\Windows\System\lyrqvbS.exe
  C:\Windows\System\lyrqvbS.exe
  2⤵
  PID:8424
- C:\Windows\System\JGoHfwb.exe
  C:\Windows\System\JGoHfwb.exe
  2⤵
  PID:8516
- C:\Windows\System\KtOqUWP.exe
  C:\Windows\System\KtOqUWP.exe
  2⤵
  PID:8440
- C:\Windows\System\YmzRSdX.exe
  C:\Windows\System\YmzRSdX.exe
  2⤵
  PID:8472
- C:\Windows\System\ZnHMJzF.exe
  C:\Windows\System\ZnHMJzF.exe
  2⤵
  PID:8780
- C:\Windows\System\uGIZylO.exe
  C:\Windows\System\uGIZylO.exe
  2⤵
  PID:8484
- C:\Windows\System\jRUbsOQ.exe
  C:\Windows\System\jRUbsOQ.exe
  2⤵
  PID:8596
- C:\Windows\System\XkvXsDP.exe
  C:\Windows\System\XkvXsDP.exe
  2⤵
  PID:8608
- C:\Windows\System\ZkgMJXm.exe
  C:\Windows\System\ZkgMJXm.exe
  2⤵
  PID:8628
- C:\Windows\System\TdYdWCk.exe
  C:\Windows\System\TdYdWCk.exe
  2⤵
  PID:8636
- C:\Windows\System\ZFxstdG.exe
  C:\Windows\System\ZFxstdG.exe
  2⤵
  PID:8648
- C:\Windows\System\FbVEuwg.exe
  C:\Windows\System\FbVEuwg.exe
  2⤵
  PID:8728
- C:\Windows\System\GArGkhW.exe
  C:\Windows\System\GArGkhW.exe
  2⤵
  PID:8668
- C:\Windows\System\WrvneXQ.exe
  C:\Windows\System\WrvneXQ.exe
  2⤵
  PID:8684
- C:\Windows\System\fHTVVax.exe
  C:\Windows\System\fHTVVax.exe
  2⤵
  PID:8704
- C:\Windows\System\nbLIIla.exe
  C:\Windows\System\nbLIIla.exe
  2⤵
  PID:8724
- C:\Windows\System\gQRlQEi.exe
  C:\Windows\System\gQRlQEi.exe
  2⤵
  PID:6704
- C:\Windows\System\SqVPgfl.exe
  C:\Windows\System\SqVPgfl.exe
  2⤵
  PID:8764
- C:\Windows\System\XczZAtc.exe
  C:\Windows\System\XczZAtc.exe
  2⤵
  PID:8792
- C:\Windows\System\SVNfbOy.exe
  C:\Windows\System\SVNfbOy.exe
  2⤵
  PID:8800
- C:\Windows\System\dsmGUEk.exe
  C:\Windows\System\dsmGUEk.exe
  2⤵
  PID:8772
- C:\Windows\System\yGGFthC.exe
  C:\Windows\System\yGGFthC.exe
  2⤵
  PID:8904
- C:\Windows\System\lyFLMPQ.exe
  C:\Windows\System\lyFLMPQ.exe
  2⤵
  PID:9004
- C:\Windows\System\xDwwmiQ.exe
  C:\Windows\System\xDwwmiQ.exe
  2⤵
  PID:9036
- C:\Windows\System\MJKRFri.exe
  C:\Windows\System\MJKRFri.exe
  2⤵
  PID:9104
- C:\Windows\System\mfVDLCn.exe
  C:\Windows\System\mfVDLCn.exe
  2⤵
  PID:9168
- C:\Windows\System\UEwOIwd.exe
  C:\Windows\System\UEwOIwd.exe
  2⤵
  PID:8296
- C:\Windows\System\aJeXANi.exe
  C:\Windows\System\aJeXANi.exe
  2⤵
  PID:8248
- C:\Windows\System\kcAwRoX.exe
  C:\Windows\System\kcAwRoX.exe
  2⤵
  PID:8988
- C:\Windows\System\ECKoaXx.exe
  C:\Windows\System\ECKoaXx.exe
  2⤵
  PID:8456
- C:\Windows\System\xihyBYg.exe
  C:\Windows\System\xihyBYg.exe
  2⤵
  PID:9120
- C:\Windows\System\qGcKxUd.exe
  C:\Windows\System\qGcKxUd.exe
  2⤵
  PID:9184
- C:\Windows\System\sZhrJpZ.exe
  C:\Windows\System\sZhrJpZ.exe
  2⤵
  PID:8388
- C:\Windows\System\svJaBUI.exe
  C:\Windows\System\svJaBUI.exe
  2⤵
  PID:9084
- C:\Windows\System\qSqjlss.exe
  C:\Windows\System\qSqjlss.exe
  2⤵
  PID:9092
- C:\Windows\System\GzikRVF.exe
  C:\Windows\System\GzikRVF.exe
  2⤵
  PID:8308
- C:\Windows\System\XZtsosD.exe
  C:\Windows\System\XZtsosD.exe
  2⤵
  PID:8344
- C:\Windows\System\aGioNBu.exe
  C:\Windows\System\aGioNBu.exe
  2⤵
  PID:8552
- C:\Windows\System\mWVKdIf.exe
  C:\Windows\System\mWVKdIf.exe
  2⤵
  PID:8604
- C:\Windows\System\alxMYWH.exe
  C:\Windows\System\alxMYWH.exe
  2⤵
  PID:8580
- C:\Windows\System\sWBjCiE.exe
  C:\Windows\System\sWBjCiE.exe
  2⤵
  PID:8664
- C:\Windows\System\pVCUHKa.exe
  C:\Windows\System\pVCUHKa.exe
  2⤵
  PID:8680
- C:\Windows\System\oFyMRMr.exe
  C:\Windows\System\oFyMRMr.exe
  2⤵
  PID:8760
- C:\Windows\System\FZZGASS.exe
  C:\Windows\System\FZZGASS.exe
  2⤵
  PID:8868
- C:\Windows\System\RrYQZtw.exe
  C:\Windows\System\RrYQZtw.exe
  2⤵
  PID:9032
- C:\Windows\System\vnnhqWG.exe
  C:\Windows\System\vnnhqWG.exe
  2⤵
  PID:8216
- C:\Windows\System\OhJdDJU.exe
  C:\Windows\System\OhJdDJU.exe
  2⤵
  PID:9016
- C:\Windows\System\dFHbzcl.exe
  C:\Windows\System\dFHbzcl.exe
  2⤵
  PID:8744
- C:\Windows\System\PPVWszX.exe
  C:\Windows\System\PPVWszX.exe
  2⤵
  PID:8932
- C:\Windows\System\lIdRsio.exe
  C:\Windows\System\lIdRsio.exe
  2⤵
  PID:9204
- C:\Windows\System\HDZzrlu.exe
  C:\Windows\System\HDZzrlu.exe
  2⤵
  PID:8488
- C:\Windows\System\mACJyCf.exe
  C:\Windows\System\mACJyCf.exe
  2⤵
  PID:9052
- C:\Windows\System\PRpHWrv.exe
  C:\Windows\System\PRpHWrv.exe
  2⤵
  PID:9048
- C:\Windows\System\XJMjoWs.exe
  C:\Windows\System\XJMjoWs.exe
  2⤵
  PID:8568
- C:\Windows\System\SCNoNSu.exe
  C:\Windows\System\SCNoNSu.exe
  2⤵
  PID:9124
- C:\Windows\System\NiubuYU.exe
  C:\Windows\System\NiubuYU.exe
  2⤵
  PID:9000
- C:\Windows\System\TnAYxUQ.exe
  C:\Windows\System\TnAYxUQ.exe
  2⤵
  PID:8620
- C:\Windows\System\hHCKYow.exe
  C:\Windows\System\hHCKYow.exe
  2⤵
  PID:8888
- C:\Windows\System\AjQtmeq.exe
  C:\Windows\System\AjQtmeq.exe
  2⤵
  PID:9208
- C:\Windows\System\ZfhPDNP.exe
  C:\Windows\System\ZfhPDNP.exe
  2⤵
  PID:8884
- C:\Windows\System\zVENsPS.exe
  C:\Windows\System\zVENsPS.exe
  2⤵
  PID:8952
- C:\Windows\System\qtOqWnY.exe
  C:\Windows\System\qtOqWnY.exe
  2⤵
  PID:8788
- C:\Windows\System\EYQEhIv.exe
  C:\Windows\System\EYQEhIv.exe
  2⤵
  PID:8720
- C:\Windows\System\UziozTa.exe
  C:\Windows\System\UziozTa.exe
  2⤵
  PID:8536
- C:\Windows\System\pMeADRM.exe
  C:\Windows\System\pMeADRM.exe
  2⤵
  PID:8948
- C:\Windows\System\BNxOBMS.exe
  C:\Windows\System\BNxOBMS.exe
  2⤵
  PID:8836
- C:\Windows\System\bGgaoGa.exe
  C:\Windows\System\bGgaoGa.exe
  2⤵
  PID:8696
- C:\Windows\System\BpmHcVL.exe
  C:\Windows\System\BpmHcVL.exe
  2⤵
  PID:8820
- C:\Windows\System\AtkezPy.exe
  C:\Windows\System\AtkezPy.exe
  2⤵
  PID:5208
- C:\Windows\System\TeDMrVP.exe
  C:\Windows\System\TeDMrVP.exe
  2⤵
  PID:8688
- C:\Windows\System\dHEFfEV.exe
  C:\Windows\System\dHEFfEV.exe
  2⤵
  PID:9220
- C:\Windows\System\IohHRpx.exe
  C:\Windows\System\IohHRpx.exe
  2⤵
  PID:9244
- C:\Windows\System\zcpJMOa.exe
  C:\Windows\System\zcpJMOa.exe
  2⤵
  PID:9264
- C:\Windows\System\ICPVHOT.exe
  C:\Windows\System\ICPVHOT.exe
  2⤵
  PID:9280
- C:\Windows\System\poLbroV.exe
  C:\Windows\System\poLbroV.exe
  2⤵
  PID:9300
- C:\Windows\System\wooVgFo.exe
  C:\Windows\System\wooVgFo.exe
  2⤵
  PID:9316
- C:\Windows\System\CUnbhyG.exe
  C:\Windows\System\CUnbhyG.exe
  2⤵
  PID:9332
- C:\Windows\System\htlKAaw.exe
  C:\Windows\System\htlKAaw.exe
  2⤵
  PID:9348
- C:\Windows\System\ScqqzYG.exe
  C:\Windows\System\ScqqzYG.exe
  2⤵
  PID:9364
- C:\Windows\System\kWOlZHi.exe
  C:\Windows\System\kWOlZHi.exe
  2⤵
  PID:9380
- C:\Windows\System\aVTOFvv.exe
  C:\Windows\System\aVTOFvv.exe
  2⤵
  PID:9400
- C:\Windows\System\YWPqcWs.exe
  C:\Windows\System\YWPqcWs.exe
  2⤵
  PID:9424
- C:\Windows\System\OdgUqfC.exe
  C:\Windows\System\OdgUqfC.exe
  2⤵
  PID:9440
- C:\Windows\System\WNvPknF.exe
  C:\Windows\System\WNvPknF.exe
  2⤵
  PID:9456
- C:\Windows\System\rPXZmdt.exe
  C:\Windows\System\rPXZmdt.exe
  2⤵
  PID:9472
- C:\Windows\System\kqUrITr.exe
  C:\Windows\System\kqUrITr.exe
  2⤵
  PID:9488
- C:\Windows\System\NMcmdsg.exe
  C:\Windows\System\NMcmdsg.exe
  2⤵
  PID:9504
- C:\Windows\System\ICsvKaO.exe
  C:\Windows\System\ICsvKaO.exe
  2⤵
  PID:9520
- C:\Windows\System\OyCFhnY.exe
  C:\Windows\System\OyCFhnY.exe
  2⤵
  PID:9536
- C:\Windows\System\rbHXlch.exe
  C:\Windows\System\rbHXlch.exe
  2⤵
  PID:9552
- C:\Windows\System\rblBJQd.exe
  C:\Windows\System\rblBJQd.exe
  2⤵
  PID:9568
- C:\Windows\System\JcOOKrH.exe
  C:\Windows\System\JcOOKrH.exe
  2⤵
  PID:9584
- C:\Windows\System\FRKZAka.exe
  C:\Windows\System\FRKZAka.exe
  2⤵
  PID:9600
- C:\Windows\System\PeahJLc.exe
  C:\Windows\System\PeahJLc.exe
  2⤵
  PID:9616
- C:\Windows\System\OUMRpmM.exe
  C:\Windows\System\OUMRpmM.exe
  2⤵
  PID:9632
- C:\Windows\System\GVGbxAd.exe
  C:\Windows\System\GVGbxAd.exe
  2⤵
  PID:9648
- C:\Windows\System\mDsGvYf.exe
  C:\Windows\System\mDsGvYf.exe
  2⤵
  PID:9664
- C:\Windows\System\gRQIAJg.exe
  C:\Windows\System\gRQIAJg.exe
  2⤵
  PID:9680
- C:\Windows\System\gkTLwhX.exe
  C:\Windows\System\gkTLwhX.exe
  2⤵
  PID:9700
- C:\Windows\System\WGeYmkC.exe
  C:\Windows\System\WGeYmkC.exe
  2⤵
  PID:9716
- C:\Windows\System\xUnbmHd.exe
  C:\Windows\System\xUnbmHd.exe
  2⤵
  PID:9892
- C:\Windows\System\IjQToLN.exe
  C:\Windows\System\IjQToLN.exe
  2⤵
  PID:9908
- C:\Windows\System\BTtYGxk.exe
  C:\Windows\System\BTtYGxk.exe
  2⤵
  PID:9924
- C:\Windows\System\oeShYlS.exe
  C:\Windows\System\oeShYlS.exe
  2⤵
  PID:9984
- C:\Windows\System\RgAuNoD.exe
  C:\Windows\System\RgAuNoD.exe
  2⤵
  PID:10008
- C:\Windows\System\BPLKYMX.exe
  C:\Windows\System\BPLKYMX.exe
  2⤵
  PID:10024
- C:\Windows\System\AWudjxd.exe
  C:\Windows\System\AWudjxd.exe
  2⤵
  PID:10040
- C:\Windows\System\ZpTfsbq.exe
  C:\Windows\System\ZpTfsbq.exe
  2⤵
  PID:10104
- C:\Windows\System\KDycTuf.exe
  C:\Windows\System\KDycTuf.exe
  2⤵
  PID:10132
- C:\Windows\System\xfCKMYe.exe
  C:\Windows\System\xfCKMYe.exe
  2⤵
  PID:10148
- C:\Windows\System\jTeQRFa.exe
  C:\Windows\System\jTeQRFa.exe
  2⤵
  PID:10164
- C:\Windows\System\KaHGUVH.exe
  C:\Windows\System\KaHGUVH.exe
  2⤵
  PID:10180
- C:\Windows\System\vhnQwkp.exe
  C:\Windows\System\vhnQwkp.exe
  2⤵
  PID:10196
- C:\Windows\System\qbbDpxG.exe
  C:\Windows\System\qbbDpxG.exe
  2⤵
  PID:10216
- C:\Windows\System\jDqacrF.exe
  C:\Windows\System\jDqacrF.exe
  2⤵
  PID:10232
- C:\Windows\System\VxBHCtU.exe
  C:\Windows\System\VxBHCtU.exe
  2⤵
  PID:9068
- C:\Windows\System\juTnTCF.exe
  C:\Windows\System\juTnTCF.exe
  2⤵
  PID:9228
- C:\Windows\System\vBWdBkF.exe
  C:\Windows\System\vBWdBkF.exe
  2⤵
  PID:9340
- C:\Windows\System\WXjurqq.exe
  C:\Windows\System\WXjurqq.exe
  2⤵
  PID:9376
- C:\Windows\System\NyWbMBP.exe
  C:\Windows\System\NyWbMBP.exe
  2⤵
  PID:9288
- C:\Windows\System\JuAyVbV.exe
  C:\Windows\System\JuAyVbV.exe
  2⤵
  PID:9360
- C:\Windows\System\gBgPVYr.exe
  C:\Windows\System\gBgPVYr.exe
  2⤵
  PID:9260
- C:\Windows\System\Kgknwmh.exe
  C:\Windows\System\Kgknwmh.exe
  2⤵
  PID:9412
- C:\Windows\System\QVwuGaw.exe
  C:\Windows\System\QVwuGaw.exe
  2⤵
  PID:9480
- C:\Windows\System\kxuNJTM.exe
  C:\Windows\System\kxuNJTM.exe
  2⤵
  PID:9544
- C:\Windows\System\gQbRtmW.exe
  C:\Windows\System\gQbRtmW.exe
  2⤵
  PID:9608
- C:\Windows\System\LfYJpxd.exe
  C:\Windows\System\LfYJpxd.exe
  2⤵
  PID:9432
- C:\Windows\System\QDmfrCp.exe
  C:\Windows\System\QDmfrCp.exe
  2⤵
  PID:9532
- C:\Windows\System\xTZcntX.exe
  C:\Windows\System\xTZcntX.exe
  2⤵
  PID:9596
- C:\Windows\System\muDnGNS.exe
  C:\Windows\System\muDnGNS.exe
  2⤵
  PID:9744
- C:\Windows\System\WEJuxsz.exe
  C:\Windows\System\WEJuxsz.exe
  2⤵
  PID:9772
- C:\Windows\System\kVvNFCd.exe
  C:\Windows\System\kVvNFCd.exe
  2⤵
  PID:9900
- C:\Windows\System\EpLKVMy.exe
  C:\Windows\System\EpLKVMy.exe
  2⤵
  PID:9788
- C:\Windows\System\XTazdfm.exe
  C:\Windows\System\XTazdfm.exe
  2⤵
  PID:9808
- C:\Windows\System\IbHnFyF.exe
  C:\Windows\System\IbHnFyF.exe
  2⤵
  PID:9824
- C:\Windows\System\cxRoMdB.exe
  C:\Windows\System\cxRoMdB.exe
  2⤵
  PID:9840
- C:\Windows\System\EDejwwf.exe
  C:\Windows\System\EDejwwf.exe
  2⤵
  PID:9856
- C:\Windows\System\atpwDdy.exe
  C:\Windows\System\atpwDdy.exe
  2⤵
  PID:9872
- C:\Windows\System\sTYbJMe.exe
  C:\Windows\System\sTYbJMe.exe
  2⤵
  PID:9888
- C:\Windows\System\VvRmpdI.exe
  C:\Windows\System\VvRmpdI.exe
  2⤵
  PID:9948
- C:\Windows\System\XzFCVvN.exe
  C:\Windows\System\XzFCVvN.exe
  2⤵
  PID:9952
- C:\Windows\System\voOKqca.exe
  C:\Windows\System\voOKqca.exe
  2⤵
  PID:9976
- C:\Windows\System\dnkfAql.exe
  C:\Windows\System\dnkfAql.exe
  2⤵
  PID:9996
- C:\Windows\System\xwcSuDg.exe
  C:\Windows\System\xwcSuDg.exe
  2⤵
  PID:10004
- C:\Windows\System\rPdxkwe.exe
  C:\Windows\System\rPdxkwe.exe
  2⤵
  PID:10088
- C:\Windows\System\awABvyu.exe
  C:\Windows\System\awABvyu.exe
  2⤵
  PID:10064
- C:\Windows\System\zioUdqd.exe
  C:\Windows\System\zioUdqd.exe
  2⤵
  PID:10084
- C:\Windows\System\OjfKrUo.exe
  C:\Windows\System\OjfKrUo.exe
  2⤵
  PID:10124
- C:\Windows\System\lVdTByJ.exe
  C:\Windows\System\lVdTByJ.exe
  2⤵
  PID:10128
- C:\Windows\System\aehGAaV.exe
  C:\Windows\System\aehGAaV.exe
  2⤵
  PID:10204
- C:\Windows\System\xFdIZdT.exe
  C:\Windows\System\xFdIZdT.exe
  2⤵
  PID:10192
- C:\Windows\System\phkLCol.exe
  C:\Windows\System\phkLCol.exe
  2⤵
  PID:9308
- C:\Windows\System\QfQtBGw.exe
  C:\Windows\System\QfQtBGw.exe
  2⤵
  PID:9256
- C:\Windows\System\dNVSRZq.exe
  C:\Windows\System\dNVSRZq.exe
  2⤵
  PID:10228
- C:\Windows\System\xifhDcu.exe
  C:\Windows\System\xifhDcu.exe
  2⤵
  PID:9564
- C:\Windows\System\AqLFngv.exe
  C:\Windows\System\AqLFngv.exe
  2⤵
  PID:9396
- C:\Windows\System\HdiuKcc.exe
  C:\Windows\System\HdiuKcc.exe
  2⤵
  PID:9516
- C:\Windows\System\tLpfMxN.exe
  C:\Windows\System\tLpfMxN.exe
  2⤵
  PID:9708
- C:\Windows\System\rJxkVED.exe
  C:\Windows\System\rJxkVED.exe
  2⤵
  PID:9732
- C:\Windows\System\RnIlhPD.exe
  C:\Windows\System\RnIlhPD.exe
  2⤵
  PID:9740
- C:\Windows\System\aSjyiEE.exe
  C:\Windows\System\aSjyiEE.exe
  2⤵
  PID:9920
- C:\Windows\System\dtFNfOn.exe
  C:\Windows\System\dtFNfOn.exe
  2⤵
  PID:9864
- C:\Windows\System\VytMngc.exe
  C:\Windows\System\VytMngc.exe
  2⤵
  PID:9968
- C:\Windows\System\TsLHOTr.exe
  C:\Windows\System\TsLHOTr.exe
  2⤵
  PID:10056
- C:\Windows\System\nRLNbmT.exe
  C:\Windows\System\nRLNbmT.exe
  2⤵
  PID:10092
- C:\Windows\System\ZIfksmI.exe
  C:\Windows\System\ZIfksmI.exe
  2⤵
  PID:9852
- C:\Windows\System\symRWok.exe
  C:\Windows\System\symRWok.exe
  2⤵
  PID:9764
- C:\Windows\System\tWXGxuj.exe
  C:\Windows\System\tWXGxuj.exe
  2⤵
  PID:9880
- C:\Windows\System\cpPTFJL.exe
  C:\Windows\System\cpPTFJL.exe
  2⤵
  PID:10052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AdJyoNR.exe

Filesize
6.0MB

MD5
ea3779e2e7f8388b71175de4161e41ec

SHA1
bb0c3c24fd64bc9d71efce7f6a6272b519a54cca

SHA256
523e464bf2c1e151ed8e2dc8d8769576b604ec0af71b41f189235822307a7dad

SHA512
13315ff953a8906d36658eea2fdcfb86f9b27fd680e3928fb8217a3775dd471a131a4526d3b0bbabe5f944b2757a02e6d271573bbb9501892e296eb64516a58b

Download Submit
C:\Windows\system\DvwxFiJ.exe

Filesize
6.0MB

MD5
30058e10598decde5f4e629912cc6c27

SHA1
0018d5278dd3bdc05dea3d586aad045b95c49cf8

SHA256
299df40cd37b75de326424d947fddb4fc69fc69de1e0871409c267f2cbea28da

SHA512
26f48bcab5d122c234ca82be557a5c36b5fd592c2bbede100aac599cfeb0fb32153681b3793631debe7c37509153bbca4b8a28d89ac2495cbbf0f438dda81c29

Download Submit
C:\Windows\system\EDmQqIg.exe

Filesize
6.0MB

MD5
ab134e8932e48efd4a380d1df24c4b81

SHA1
714cf34d0f70cd4ae7ad5e719d685fde4495f958

SHA256
c9acad402937c6c63fcf78aef2be73a77df42415c9b3a79482eb9b402c43350b

SHA512
a82aeccfd677dbbf1825824d64e66a3da2a7ea7e9244c5dbd7f30d628d09fc999a75e2df180f1ae7675ab0dccca0e31308c63f518e8699af6112ddeba1be7f61

Download Submit
C:\Windows\system\ENGVVdq.exe

Filesize
6.0MB

MD5
62e0fe0a20b1246d34324c156da67438

SHA1
367917495b87f435b6b84bb87abe72f976efbd42

SHA256
4a1eafd79962a0c7b37e62a2b98b44fb267fa9bb29554a41601be942f431c988

SHA512
0a010ce8e97401f0a07f9f74cb85eeaaa898f081439f65606886db099f06e9b6f55e43754ff1910b75f647043eac23a543050e126cac873e934ded2471393248

Download Submit
C:\Windows\system\EcQalRI.exe

Filesize
6.0MB

MD5
54e3562d28ac88cba5ac8a8234b01101

SHA1
0364c730bb0bc6938f044c500eb764933021f22f

SHA256
ea8d9fac4013abca79d5ab7fcca046076c5bff8b0f38bee08a69860e1df19f34

SHA512
247e6c8fda0d0d40c92377156127e934dc44a2205fa429c868028c6ba6fde39cb4be1c4f0a70239a97f155c768808d2434267862d9e54ae48c797ea050ba6c0a

Download Submit
C:\Windows\system\EsVjLzy.exe

Filesize
6.0MB

MD5
52cb1f7ec1afdda123c4de609a56caaf

SHA1
40ddef72150662f600051f7291106facaae846a3

SHA256
d671b8fa14d5edf0f4b33937a2ce39c85e64b75a3443c6d064a434c91cad8fd0

SHA512
41304e49cc9ae90eb2d2310d4ad3d31d56c27ca910c01f88203966ad10f4961eba8a428e358f1f0b6bb41feca6b65e77b53d7559b07504690b784fac5261be81

Download Submit
C:\Windows\system\IVzduHj.exe

Filesize
6.0MB

MD5
3087e210dde0f4b6905ee80e4f769dd3

SHA1
271cad3ccb3ff1129dfd13c09bfe2ab156632e8c

SHA256
5d69401d208cae25f5fb15beddf8347f8be51aa3aa7a1c59bee99c7ca457d1d3

SHA512
4742e6143d856df8ac5e8b581a2a08b8d30b0851f8fe521ed64bcb565ba87647f5ce494d39e002f93aea1d505ed5408d7ab5d16d34360de86fabbc48dae7de0f

Download Submit
C:\Windows\system\MSkXHxw.exe

Filesize
6.0MB

MD5
aaf6493cd644d2b2e81b175e0573d6e2

SHA1
735c9b0ff677a0bf3c88abea7858a298667410b7

SHA256
2d7a12bb1901da8f930ae46628f4f84581c7e630298bb7b14dab0ebeb98b15e7

SHA512
c764816ede53a3b9e632e2a444ebf0501a07054b87dfa87100095ca70aa8cf6a8b377d4a4ecf98f1f5df9bec560ff85672661fb38e69d96844789371093caa34

Download Submit
C:\Windows\system\NXeWCRG.exe

Filesize
6.0MB

MD5
d88ea8b807319ce0674e1db589dd9ecc

SHA1
2a639d1be80fca1c112f9fa67afb637e2068b961

SHA256
4bce3f86f992838740002d90faeab3ae4e5f2f7af7d30ccc12d6d9df15df6124

SHA512
64e18dc5ef755954db7069a8252d33ba3e9a4878bbd8b0b4cbcb03a98aef1cf0e14c1b9131389bfb82ba9d9a97f3b713743e3b4f8238498106242306b0333968

Download Submit
C:\Windows\system\PltUGli.exe

Filesize
6.0MB

MD5
184eb84c83f72954d58768218f170dfd

SHA1
b4d551a2108dc68a7c1ae998bff99e9b253cdcf4

SHA256
dcb9a9f24dc1e532030a9f04415349fbd3c5a51e367e6ccda1a0850921ca7d64

SHA512
f2a50c6ed088ebba908ab35ae7752046314badc84f73d197ec3f2cc998a991b4b15c4c837c63bd3c4c8d8b2a5deb1d84ce718aa8dbaae5a7b3da249b78fd66b9

Download Submit
C:\Windows\system\QEMTith.exe

Filesize
6.0MB

MD5
c02109b636ffd3f1fbd4c019ba049576

SHA1
8fda35595f21c17d48b304e543457c2953418c47

SHA256
df5dbd8cb5e69f51aa83c0160f619b5cb3b76db10e826f6fd24b6715f45ba35c

SHA512
feb751d76887665f58f168e67d84b32ce63998f245813de2ad50b0251669c7e44eb4fa81899e0633bad54cf3b7fd582ca4fbb6e2ea4dacb2bc0ea973574505d7

Download Submit
C:\Windows\system\VqaGaPJ.exe

Filesize
6.0MB

MD5
a5e304ff8084ed972218146cb5267dde

SHA1
c1746ca29ccdf3013682fab731cefa75ffbc395c

SHA256
39805dd8434aecb69be4191e95ab7316b78bfe7af81bca7f40cf87949520cad9

SHA512
1f3939d17dad79be4b6b169e83aa70e86951e581ef395c5080ad764a03238f5e9f3d9beb78244d6d201061e68816504420693aaa1bd4bb68bb73a502e64ac222

Download Submit
C:\Windows\system\YvKAvpz.exe

Filesize
6.0MB

MD5
93965fefed1e1dc3a64bc22176759864

SHA1
af87994157c0a5e0af548495810b3a2f7d59f29c

SHA256
4aad64460e861aa9c19c0e353f8388e052afaf3705fb758dd19037b001e66b84

SHA512
5e273364f5286844746cd6fb56b86eef93211769deebeee525e4604c9b09780e93400b12bbee0e36326e7482776b571b54747e18f5ca3a109e1ae31d6b253d46

Download Submit
C:\Windows\system\cjCOuzW.exe

Filesize
6.0MB

MD5
d62f6a5c3fd28955098aa02fc6fd08e6

SHA1
16425c441fa9d7308d406e81614d8fc08985e48b

SHA256
9e5e0c20358fb67a7923387e6b4b035fff520fd2deb32afff21da1caa59b0bda

SHA512
3afc51326ef9210735ee261594573e5b9f881581343e27651166f9b73f22021d7075f58af51c6660d55ffe2cf162c9213f9883267f2d6e4460730ca660cb3f37

Download Submit
C:\Windows\system\ezZaclk.exe

Filesize
6.0MB

MD5
6f365b2933f91e0bb15ade6c18d1641e

SHA1
529ddc4b6e853b5cda7c1014ca325416a15a5ca4

SHA256
0fc23df97df509cfd26d9ab42f6a9dcb76fa63335344034620ed31f871c053a2

SHA512
0c0b154bf63ec0c80c7c50fe71d2076946ab423b9fffab78ef478171918d3a792ab7d01c1e2f12a5eacb69d4cf8dfea528c6a680a009eb06229d93645c228c02

Download Submit
C:\Windows\system\kQoVkPw.exe

Filesize
6.0MB

MD5
18454b923fa1542336be8607939b0906

SHA1
6819597f159d8accb9268149feebf13d06cc825e

SHA256
de5f6ff0541b859ff63152a91c3e6bbe0e2dcbc8905839119eb448fed7486ddb

SHA512
ab92a6a99edd8976305cabc492d7ff95120cfad08f5811a1d8557f4dc8e2ddc9e99b15ef5e4023381917ce7d57c8cdc8f15eb0d4dc9d3e64fcca166702d3b492

Download Submit
C:\Windows\system\kqyfNHU.exe

Filesize
6.0MB

MD5
ac57fb0ef2682cd42f1fe04b04182fdc

SHA1
97faa644f1c9f8249fb22ec8aa3ebcb3df2104e2

SHA256
2ba62209ca5dead8af5edea7c7bcab2f585d979b3f2d40e4d0962370338022d4

SHA512
752159eecd9da3b2b1b29b75171eb1f1932cd13f9c243d1ae1b855d4903c9a572400efc3e40aa572e0ac4536dcf9b3ac3c54ab36f0a9e4684e8dc8c5173a0bfa

Download Submit
C:\Windows\system\nxcRQuu.exe

Filesize
6.0MB

MD5
c18389954d3c58dfcca5da72e059881c

SHA1
a3d50aa08db43ab3a67f7ebe394214f6d90b780f

SHA256
6702f6f93940962b4813d5f5748d2b03c4cec361c86610a8c75bc38df90f64e0

SHA512
c296bd8af6bd024073d4816b52d280b74080add3dd74f8abc62a98c483380c3c6e8ec532af29bffd754e48ceec30ef4f321a207d575e8607ffdeb8f47964ca99

Download Submit
C:\Windows\system\pjWdLTw.exe

Filesize
6.0MB

MD5
c6f0069534d6c7eb7025346493aa1be7

SHA1
a44734862e43f8c07484917a069ff8a38e16d953

SHA256
b55865e9b6a8c6d6462833f7249cb9ac75035a808ca40730548b8dc865509c35

SHA512
4092039bcf5efb85f64cd4cc8c23222f6af0f993092347b59a4ef1d7d07d4cacb2a5f92c66caf9f0b75957fa9dd3edfa9e74d0a9f1bae7e572aa7ef8ef585f13

Download Submit
C:\Windows\system\qgBRxaZ.exe

Filesize
6.0MB

MD5
02173e6f7ab7ccfec199bb031a59ef88

SHA1
7fc9c36353efd1c9c6684a8d23be7f29ec1ad5a6

SHA256
d3e4714f950816736028e6434610c6feedeb0ae0eda9ce928fdefe840b5d6133

SHA512
00cd17246bb525ec10166f9834a8db032a498864fca1ea542979b5907472b0cda6e012f59d666826ecd929f35183213d61b566272e49c56a50f6b5a1a83a041f

Download Submit
C:\Windows\system\tDOsboQ.exe

Filesize
6.0MB

MD5
30b85afc2fd51124eb8263c9c0da5198

SHA1
75a6399ac363de988dff3c52c61080553e90d8dd

SHA256
ba408822fab2ecef6c996b979b36d6ba75b80fa0835bb7935c7492ef4fd19ec3

SHA512
a5300c3fcdf55164d09d314af54f3dc5daa15bd1bf8da40cfd925c59023af39e7a8f50ba6031a1523729e8fa57a15b92c7c502570289b21ded705c55ed3efa09

Download Submit
C:\Windows\system\uCQPspV.exe

Filesize
6.0MB

MD5
2b17ed8609b6b868f30259cab43e7ad6

SHA1
628b0fc2292a92daa2782e9cfb79b94e99cd5e4c

SHA256
243d8b0ccbb2fa1c28fe6a0be2a1eb75874fe6f2bb4a7e321b0ed3aaf656c521

SHA512
9e07f748e0d3c3dd7388bd57957b09e7d6142ee3720aac27bf05efcfa90bd7be804a327550a86a6e21adf1a25a313f4c6b546047cd4e7bdef448aa4a912c1c06

Download Submit
C:\Windows\system\uiwaZYR.exe

Filesize
6.0MB

MD5
198774644682e9a868a252d5ebfa1556

SHA1
6e91cc5c1b8b3f387bb7c78a1bd334d40b8901d6

SHA256
392c5e783e2a3d641da0040c98de7def7fb255a924227c088998928f7ee1a2e6

SHA512
3481976da2eb13b6ea0b45062ad90bf3f56838decc203e30fab6bba844aecc3ab977ecd94cca9692f6c69013edacc490411fabb363162b4190ab9ddbb9b40d2e

Download Submit
C:\Windows\system\vsgSAHA.exe

Filesize
6.0MB

MD5
3f3937d7b2876b5a654695d7e4209c32

SHA1
775dd70da53d07aea91defbe68504fff4ec03d4a

SHA256
fb28312dd6a42e935eaa4116d1214656ff3d38d29d143cc40ac0458b77734950

SHA512
84fd9f93ac84ff3a95df0666bb842345d6f34b872f91694463de19204b9b5f19b7b01c65b581ed96ab41a7b4e5e4f76710a36b04028e16c17c75572ee4275e39

Download Submit
C:\Windows\system\xHgnIFT.exe

Filesize
6.0MB

MD5
fa327caab4262fd9df330c18808e319f

SHA1
0f226761aac6a991a5ef5f604cfd97746ba72aa7

SHA256
ebd8d1f13d4b979aabb345f977a6c288e84122595213bdc7a23ec861b4ad4b94

SHA512
34deffdd724d3dbe80eb06f52299da812e359750155468152c9be38fb47f337ae9df289fc4db2ed25ad4b31d270d4675ce1682f88211d49cd8ce90b6de5bc5c8

Download Submit
\Windows\system\HWrSaXd.exe

Filesize
6.0MB

MD5
58629cbe15384893f36536c913059171

SHA1
e70122449ee2256d0a3044aca5c90a02fb55142e

SHA256
f6252ead8a12a4d902d473502ec66b07734a10e0afc8da3f327f3d108cc87a31

SHA512
607a539e7979d84e16a0b1e3f57b33ac65eac946f0daa90e5019321737e945fd6243ab2f2630abb1caaa169a12435a3b92bb85c208570c794a7dc8b563e5fe07

Download Submit
\Windows\system\VSnxjgB.exe

Filesize
6.0MB

MD5
33c3cf37c897f1d14fb5037373865aa9

SHA1
9b199f394f7932a976b8131708d8b1e202ae6795

SHA256
da31c9bc1c49ed4bba7d34e1efe6a5bf04a148d797e6bfc9de2c1d0e3d5dfddd

SHA512
b229529687420a53769e7bc80e1e4f0fa265a36d6a883eceaf0aca5fc25888789f819f8d38e82eb6ae4f3174f477b6f2276e671233dd4b592d2a92e903189910

Download Submit
\Windows\system\YkCNDym.exe

Filesize
6.0MB

MD5
61dc6d1bc04f31e9583914d206c9f7c4

SHA1
e722ff405bd7bff0592dbc477bed03674e6ddc56

SHA256
7c9e349dedc36cb97ed94efbf7c72f9fb38c6c308f514aa452ea93fc4b7bd9e0

SHA512
a4ad30a25e1ba3e80ef1b87149b56fe063de82109f56e36fe548c1c4d878e26a9351564e7b01dda6241d31131e47ede7dea2d74a390ca540cad542ebb09889bf

Download Submit
\Windows\system\bcrnfIo.exe

Filesize
6.0MB

MD5
34cc0625db2de42d3747b9c33c68c9ec

SHA1
dda6b805040b57c1aaf1da1c7e8de62e059390a4

SHA256
a547a7d40c9ffceec088bd6942b247d2bfea129e45400e8f6dea4597e4c53901

SHA512
ff081725afe3e84494cd4fe88aa2f1e263a0fe4f950d23ac4949ea5ad2c624609c9ea67ba4eda4f7c09b0d19beccb5a9ea4c9b5f58605d6a9a719f9a4199f017

Download Submit
\Windows\system\dAMWUiQ.exe

Filesize
6.0MB

MD5
72d4abf9fca40189cd9a3623575558b8

SHA1
5ae199a68c35deae84bd06c9a9be4b2f4dae5ac5

SHA256
4ab0b84e24fd2f909ab3749b2ffc62af7daeb1b9c6e73b37b0e79534a84e6089

SHA512
52bde1c4a5b18df93b3af5b8c76d0488b3c91e8e07cad657b0bf43fbfa75e51076c6cb6b8d2806d83153979af45d527ee36485abd2cf500dd0c662820e1b841c

Download Submit
\Windows\system\eWUXAOw.exe

Filesize
6.0MB

MD5
0b9fac038440081fe314c3399c637d92

SHA1
d58e3172968e7fac9a910929c894d54fc4797ea3

SHA256
bdfa79f82245df65fd928dea40da6ddcc365050736dd45a28eb35874cf039e62

SHA512
ebdd6d72eb9c86876b89d8950bd911cbc1fc113901e03880f62d81873fd987a2b1be4f66965c98b8409417c8026807b918b94bcf8cc646a823cc0d637b6a7c8a

Download Submit
\Windows\system\qlfyeSS.exe

Filesize
6.0MB

MD5
46e37a15e877a49ad6dcc32384363da0

SHA1
bd783c755f5754afee8102bfa0871b0885c9a8ca

SHA256
704b40b56c05220cbafd578efda52c566e0c2a7420a1535f269eb098a95b9a20

SHA512
bd10ca3772486ec0745166e2300d6a6bc8dbe6c86127ae3a68025d1e113e972d21944a4f826be4fef18bbc517d6d69d74a5c7bed7727b41fd64475ab8b1c5fd9

Download Submit
\Windows\system\reGziGv.exe

Filesize
6.0MB

MD5
6e134a6fe26bdb6927fa8c41a82c5f77

SHA1
a0c81ff83c47c476f84ec3ca5064bfdcb94b4e97

SHA256
e423ba66762ec70e0116c919306b6703ba7d1d9669511fd33af7fdd84d7272f4

SHA512
31564a0b4c33ba8a0f8b00e0f86b1fac347f24279d5f03554457e42307ff3ca0e742507cbd00b390cd13e786b1bed326479f0c0007daa55ed9b43800748b21b4

Download Submit
\Windows\system\sAPwWgw.exe

Filesize
6.0MB

MD5
9e7b3211220b984202ff9ff8b6121656

SHA1
53ab2b7727d294061126c6c55a596886ec7967a7

SHA256
30307a35c2c49683f746c2bcb62e052339ee38c33b83814073587fb27c9c98c5

SHA512
cdeca7267dcc0c3f8ea853f0dec8c57d8cc16849c7b39744a4265866a8adf668b99853158ef08d078f431b270c37316c5c18b8982810cc3c03347cd23d5307cf

Download Submit
\Windows\system\wAbVZjf.exe

Filesize
6.0MB

MD5
a10b087eb41d3985735bf09393a8abff

SHA1
e37be23a2e7ad0087e284bbd733e14a30baa3c52

SHA256
9aa757cdf7ff70781c92386730e1de70f2c587b625ffb3f13b0362a5f88508b1

SHA512
1d7da37df3d4cf9143c765aa0952aedcd4aa78833275404a9c000d976404f30486e7bf843d820385103a0f59c02fd9e697eeed94f0faa79eb4a7987b662771b8

Download Submit
memory/1864-248-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1864-3008-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3802-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2088-213-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2192-209-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3748-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2420-531-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2420-530-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/2420-226-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-217-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2420-528-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-234-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-212-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2420-529-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-536-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-535-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-181-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2420-136-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-188-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2420-197-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-203-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2420-534-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-220-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2420-533-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-532-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2420-0-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-243-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-228-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-253-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3749-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2484-186-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3799-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-237-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3779-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3753-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2640-222-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2648-219-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3803-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2724-231-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3750-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2748-227-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3745-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3752-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2756-191-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3747-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-200-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3751-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2856-216-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/3060-178-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3956-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download