cobaltstrike | f16927d11809bcb0f65279d25d1d297b3a1d9cc41e0176ffe496e11d0ba36976

Analysis

max time kernel
150s
max time network
27s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

49724705a56fe578dcc2bce4edb70084
SHA1

d843ae18ea41e59d202ca7918501dd22e1d90b32
SHA256

f16927d11809bcb0f65279d25d1d297b3a1d9cc41e0176ffe496e11d0ba36976
SHA512

3893d0a831372dc358dafc7a1e1aeffb64d9563ae450d819c89da1399203191983137996b469d88d0aa6b0d18b721f86467ab82afb9ad22ac6e5134c329ff838
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012238-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193b8-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-37.dat	cobalt_reflective_dll
behavioral1/files/0x0030000000019326-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-53.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-49.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194a3-58.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-83.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0009000000012238-3.dat	xmrig
behavioral1/memory/2136-7-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x00080000000193b8-10.dat	xmrig
behavioral1/files/0x0007000000019470-12.dat	xmrig
behavioral1/memory/2772-16-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2792-22-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019480-23.dat	xmrig
behavioral1/memory/2888-33-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-37.dat	xmrig
behavioral1/memory/2524-42-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2580-43-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2836-44-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0030000000019326-38.dat	xmrig
behavioral1/files/0x0006000000019490-53.dat	xmrig
behavioral1/memory/2848-57-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2704-51-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2136-50-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x000600000001948c-49.dat	xmrig
behavioral1/files/0x00080000000194a3-58.dat	xmrig
behavioral1/memory/2680-66-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2792-63-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x00080000000194eb-68.dat	xmrig
behavioral1/memory/2848-84-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1800-86-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a309-89.dat	xmrig
behavioral1/memory/2852-78-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-100.dat	xmrig
behavioral1/memory/2432-104-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a44f-134.dat	xmrig
behavioral1/files/0x000500000001a457-139.dat	xmrig
behavioral1/files/0x000500000001a463-149.dat	xmrig
behavioral1/files/0x000500000001a46d-165.dat	xmrig
behavioral1/memory/2432-357-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2028-320-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2136-806-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2772-805-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2888-841-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2792-842-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2524-843-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2836-844-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2704-845-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2848-855-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2680-856-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1168-253-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/1800-218-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a479-195.dat	xmrig
behavioral1/files/0x000500000001a477-190.dat	xmrig
behavioral1/files/0x000500000001a473-180.dat	xmrig
behavioral1/files/0x000500000001a475-186.dat	xmrig
behavioral1/memory/2580-177-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/files/0x000500000001a471-175.dat	xmrig
behavioral1/files/0x000500000001a46f-169.dat	xmrig
behavioral1/files/0x000500000001a46b-159.dat	xmrig
behavioral1/files/0x000500000001a469-155.dat	xmrig
behavioral1/files/0x000500000001a459-144.dat	xmrig
behavioral1/files/0x000500000001a44d-130.dat	xmrig
behavioral1/files/0x000500000001a438-124.dat	xmrig
behavioral1/files/0x000500000001a404-119.dat	xmrig
behavioral1/files/0x000500000001a400-114.dat	xmrig
behavioral1/files/0x000500000001a3fd-109.dat	xmrig
behavioral1/memory/2028-96-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f6-95.dat	xmrig
behavioral1/memory/2580-92-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2136	bVbAHrd.exe
2772	iZZPVOM.exe
2792	ippreQy.exe
2888	GyHIfQA.exe
2524	ykpGdie.exe
2836	nyIaLUG.exe
2704	doOaite.exe
2848	JfAmnxZ.exe
2680	llCCfof.exe
2852	OfMfaqQ.exe
1800	uJxpVXa.exe
1168	DOWAYFg.exe
2028	bXraaPl.exe
2432	NoASFDA.exe
2984	NzVUFYT.exe
1512	xAnjVNR.exe
2032	IJAFFEU.exe
1764	VlPgLZf.exe
2472	XcaJrsh.exe
2312	VuZiGFL.exe
2116	EspbfhM.exe
1436	evkogsu.exe
1324	Rajsilo.exe
764	zzsrcrH.exe
2200	XHQSens.exe
3040	mekRlnY.exe
2296	sxNOfWi.exe
2272	LJXycpc.exe
2492	AUkwNgj.exe
2404	SiAnvyK.exe
704	dCbSMAg.exe
1072	SIdrYUj.exe
2424	ErvlOQn.exe
1704	fZIJOwF.exe
2548	NlILJOi.exe
584	ZyZhWqI.exe
1860	ZLWifVV.exe
2644	YaEDkdo.exe
1700	GMmAbst.exe
1656	ZPdMrMq.exe
1408	ZmTCcnQ.exe
1952	SNPSGsO.exe
1984	ksezIUi.exe
1944	OwInpUr.exe
1752	gPNVmxh.exe
932	CKiURSg.exe
556	zAzACpM.exe
1976	CrNYvxR.exe
1880	imVwKLC.exe
1076	FXuGryP.exe
2328	tjdTSuk.exe
1040	dJBaDoI.exe
1492	KBzcaxV.exe
2236	JDscBef.exe
2964	IKUDaWA.exe
2528	UZwdLAH.exe
2912	XzoByqo.exe
2716	CTFdehs.exe
2736	lWPlxQe.exe
2696	eTVrDZX.exe
2756	uTSzMsO.exe
2804	kNEGeXP.exe
2516	gsRQXPx.exe
308	RDTyRUp.exe

Loads dropped DLL 64 IoCs

pid	Process
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0009000000012238-3.dat	upx
behavioral1/memory/2136-7-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x00080000000193b8-10.dat	upx
behavioral1/files/0x0007000000019470-12.dat	upx
behavioral1/memory/2772-16-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2792-22-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0006000000019480-23.dat	upx
behavioral1/memory/2888-33-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0006000000019489-37.dat	upx
behavioral1/memory/2524-42-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2580-43-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2836-44-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0030000000019326-38.dat	upx
behavioral1/files/0x0006000000019490-53.dat	upx
behavioral1/memory/2848-57-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2704-51-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2136-50-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x000600000001948c-49.dat	upx
behavioral1/files/0x00080000000194a3-58.dat	upx
behavioral1/memory/2680-66-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2792-63-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x00080000000194eb-68.dat	upx
behavioral1/memory/2848-84-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1800-86-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000500000001a309-89.dat	upx
behavioral1/memory/2852-78-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x000500000001a3f8-100.dat	upx
behavioral1/memory/2432-104-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x000500000001a44f-134.dat	upx
behavioral1/files/0x000500000001a457-139.dat	upx
behavioral1/files/0x000500000001a463-149.dat	upx
behavioral1/files/0x000500000001a46d-165.dat	upx
behavioral1/memory/2432-357-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2028-320-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2136-806-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2772-805-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2888-841-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2792-842-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2524-843-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2836-844-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2704-845-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2848-855-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2680-856-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1168-253-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/1800-218-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000500000001a479-195.dat	upx
behavioral1/files/0x000500000001a477-190.dat	upx
behavioral1/files/0x000500000001a473-180.dat	upx
behavioral1/files/0x000500000001a475-186.dat	upx
behavioral1/files/0x000500000001a471-175.dat	upx
behavioral1/files/0x000500000001a46f-169.dat	upx
behavioral1/files/0x000500000001a46b-159.dat	upx
behavioral1/files/0x000500000001a469-155.dat	upx
behavioral1/files/0x000500000001a459-144.dat	upx
behavioral1/files/0x000500000001a44d-130.dat	upx
behavioral1/files/0x000500000001a438-124.dat	upx
behavioral1/files/0x000500000001a404-119.dat	upx
behavioral1/files/0x000500000001a400-114.dat	upx
behavioral1/files/0x000500000001a3fd-109.dat	upx
behavioral1/memory/2028-96-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-95.dat	upx
behavioral1/memory/1168-90-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2680-88-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DXKZbmE.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GycOhMI.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IgerOTl.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsDaHPi.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNSpbRt.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luwlFVc.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRPEDhC.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpoahZk.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCnLZre.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTpaEdR.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfgadoY.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THJJDcZ.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuExuYn.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlAiidt.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkyYPms.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHrWxpR.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igPSLWa.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHCBgRt.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJUFcSR.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaOUDJb.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezAcsry.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZFaeeC.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFGiHUT.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klyRacc.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRPXEOF.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEyfTEO.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXzzWjG.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxmCeYu.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CesVrbK.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtIUniN.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDPOcgg.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRfxNSH.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILnKtnT.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXRBPJM.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiJNknQ.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxSDdPY.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIvLbSf.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQrunCD.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEMpcIL.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buqUgQU.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqjswtg.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjdndCn.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfhAnjT.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ffhpiya.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkkXHzy.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePqUMoL.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GipqExR.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XasuDKU.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVimbnh.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzultiI.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkDjJPQ.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbORiFc.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCxcHhW.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJBKXiS.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHSxcLI.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKuJIFR.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezuOULs.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDWCZml.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqYwcIG.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKsiAds.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMlxOMk.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wByiCSy.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMFKDRC.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSrflBC.exe	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 2136	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2580 wrote to memory of 2136	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2580 wrote to memory of 2136	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2580 wrote to memory of 2772	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 2772	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 2772	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 2792	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 2792	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 2792	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 2888	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 2888	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 2888	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 2836	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2836	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2836	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2524	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2524	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2524	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2704	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2704	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2704	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2848	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2848	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2848	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2680	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2680	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2680	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2852	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 2852	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 2852	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 1168	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 1168	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 1168	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 1800	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 1800	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 1800	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 2028	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2028	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2028	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2432	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2432	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2432	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2984	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 2984	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 2984	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 1512	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 1512	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 1512	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 2032	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 2032	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 2032	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 1764	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 1764	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 1764	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 2472	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 2472	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 2472	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 2312	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 2312	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 2312	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 2116	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 2116	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 2116	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 1436	2580	2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_49724705a56fe578dcc2bce4edb70084_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\System\bVbAHrd.exe
  C:\Windows\System\bVbAHrd.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\iZZPVOM.exe
  C:\Windows\System\iZZPVOM.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\ippreQy.exe
  C:\Windows\System\ippreQy.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\GyHIfQA.exe
  C:\Windows\System\GyHIfQA.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\nyIaLUG.exe
  C:\Windows\System\nyIaLUG.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\ykpGdie.exe
  C:\Windows\System\ykpGdie.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\doOaite.exe
  C:\Windows\System\doOaite.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\JfAmnxZ.exe
  C:\Windows\System\JfAmnxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\llCCfof.exe
  C:\Windows\System\llCCfof.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\OfMfaqQ.exe
  C:\Windows\System\OfMfaqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\DOWAYFg.exe
  C:\Windows\System\DOWAYFg.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\uJxpVXa.exe
  C:\Windows\System\uJxpVXa.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\bXraaPl.exe
  C:\Windows\System\bXraaPl.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\NoASFDA.exe
  C:\Windows\System\NoASFDA.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\NzVUFYT.exe
  C:\Windows\System\NzVUFYT.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\xAnjVNR.exe
  C:\Windows\System\xAnjVNR.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\IJAFFEU.exe
  C:\Windows\System\IJAFFEU.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\VlPgLZf.exe
  C:\Windows\System\VlPgLZf.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\XcaJrsh.exe
  C:\Windows\System\XcaJrsh.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\VuZiGFL.exe
  C:\Windows\System\VuZiGFL.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\EspbfhM.exe
  C:\Windows\System\EspbfhM.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\evkogsu.exe
  C:\Windows\System\evkogsu.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\Rajsilo.exe
  C:\Windows\System\Rajsilo.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\zzsrcrH.exe
  C:\Windows\System\zzsrcrH.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\XHQSens.exe
  C:\Windows\System\XHQSens.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\mekRlnY.exe
  C:\Windows\System\mekRlnY.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\sxNOfWi.exe
  C:\Windows\System\sxNOfWi.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\LJXycpc.exe
  C:\Windows\System\LJXycpc.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\AUkwNgj.exe
  C:\Windows\System\AUkwNgj.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\SiAnvyK.exe
  C:\Windows\System\SiAnvyK.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\dCbSMAg.exe
  C:\Windows\System\dCbSMAg.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\SIdrYUj.exe
  C:\Windows\System\SIdrYUj.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\ErvlOQn.exe
  C:\Windows\System\ErvlOQn.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\fZIJOwF.exe
  C:\Windows\System\fZIJOwF.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\NlILJOi.exe
  C:\Windows\System\NlILJOi.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\ZyZhWqI.exe
  C:\Windows\System\ZyZhWqI.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\ZLWifVV.exe
  C:\Windows\System\ZLWifVV.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\YaEDkdo.exe
  C:\Windows\System\YaEDkdo.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\GMmAbst.exe
  C:\Windows\System\GMmAbst.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\ZPdMrMq.exe
  C:\Windows\System\ZPdMrMq.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\ZmTCcnQ.exe
  C:\Windows\System\ZmTCcnQ.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\SNPSGsO.exe
  C:\Windows\System\SNPSGsO.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\ksezIUi.exe
  C:\Windows\System\ksezIUi.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\OwInpUr.exe
  C:\Windows\System\OwInpUr.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\gPNVmxh.exe
  C:\Windows\System\gPNVmxh.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\CKiURSg.exe
  C:\Windows\System\CKiURSg.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\zAzACpM.exe
  C:\Windows\System\zAzACpM.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\CrNYvxR.exe
  C:\Windows\System\CrNYvxR.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\imVwKLC.exe
  C:\Windows\System\imVwKLC.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\FXuGryP.exe
  C:\Windows\System\FXuGryP.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\tjdTSuk.exe
  C:\Windows\System\tjdTSuk.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\dJBaDoI.exe
  C:\Windows\System\dJBaDoI.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\KBzcaxV.exe
  C:\Windows\System\KBzcaxV.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\JDscBef.exe
  C:\Windows\System\JDscBef.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\IKUDaWA.exe
  C:\Windows\System\IKUDaWA.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\UZwdLAH.exe
  C:\Windows\System\UZwdLAH.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\XzoByqo.exe
  C:\Windows\System\XzoByqo.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\CTFdehs.exe
  C:\Windows\System\CTFdehs.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\lWPlxQe.exe
  C:\Windows\System\lWPlxQe.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\eTVrDZX.exe
  C:\Windows\System\eTVrDZX.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\uTSzMsO.exe
  C:\Windows\System\uTSzMsO.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\kNEGeXP.exe
  C:\Windows\System\kNEGeXP.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\gsRQXPx.exe
  C:\Windows\System\gsRQXPx.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\RDTyRUp.exe
  C:\Windows\System\RDTyRUp.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\rDCDWvy.exe
  C:\Windows\System\rDCDWvy.exe
  2⤵
  PID:2084
- C:\Windows\System\RLENuIx.exe
  C:\Windows\System\RLENuIx.exe
  2⤵
  PID:2248
- C:\Windows\System\ebcVnYt.exe
  C:\Windows\System\ebcVnYt.exe
  2⤵
  PID:956
- C:\Windows\System\hBqHJXV.exe
  C:\Windows\System\hBqHJXV.exe
  2⤵
  PID:2968
- C:\Windows\System\OMhmyfr.exe
  C:\Windows\System\OMhmyfr.exe
  2⤵
  PID:2096
- C:\Windows\System\IzuGoOe.exe
  C:\Windows\System\IzuGoOe.exe
  2⤵
  PID:2128
- C:\Windows\System\cQHjsld.exe
  C:\Windows\System\cQHjsld.exe
  2⤵
  PID:2372
- C:\Windows\System\LLolwrb.exe
  C:\Windows\System\LLolwrb.exe
  2⤵
  PID:1244
- C:\Windows\System\gSDtaWI.exe
  C:\Windows\System\gSDtaWI.exe
  2⤵
  PID:2192
- C:\Windows\System\LvIsBHR.exe
  C:\Windows\System\LvIsBHR.exe
  2⤵
  PID:840
- C:\Windows\System\oMFqaEy.exe
  C:\Windows\System\oMFqaEy.exe
  2⤵
  PID:2216
- C:\Windows\System\HkZKPmX.exe
  C:\Windows\System\HkZKPmX.exe
  2⤵
  PID:2196
- C:\Windows\System\JtYAxFM.exe
  C:\Windows\System\JtYAxFM.exe
  2⤵
  PID:2088
- C:\Windows\System\WbYpHEG.exe
  C:\Windows\System\WbYpHEG.exe
  2⤵
  PID:2636
- C:\Windows\System\lslaFlV.exe
  C:\Windows\System\lslaFlV.exe
  2⤵
  PID:2376
- C:\Windows\System\lNVESpN.exe
  C:\Windows\System\lNVESpN.exe
  2⤵
  PID:1424
- C:\Windows\System\XjDPRHO.exe
  C:\Windows\System\XjDPRHO.exe
  2⤵
  PID:1760
- C:\Windows\System\rqvQMLE.exe
  C:\Windows\System\rqvQMLE.exe
  2⤵
  PID:1328
- C:\Windows\System\WrYcWpK.exe
  C:\Windows\System\WrYcWpK.exe
  2⤵
  PID:828
- C:\Windows\System\UlmpTeP.exe
  C:\Windows\System\UlmpTeP.exe
  2⤵
  PID:3024
- C:\Windows\System\DNTwxWk.exe
  C:\Windows\System\DNTwxWk.exe
  2⤵
  PID:1844
- C:\Windows\System\sgsiAfv.exe
  C:\Windows\System\sgsiAfv.exe
  2⤵
  PID:1624
- C:\Windows\System\VKAMvCe.exe
  C:\Windows\System\VKAMvCe.exe
  2⤵
  PID:2008
- C:\Windows\System\ayeFBUS.exe
  C:\Windows\System\ayeFBUS.exe
  2⤵
  PID:1364
- C:\Windows\System\jkyYPms.exe
  C:\Windows\System\jkyYPms.exe
  2⤵
  PID:1644
- C:\Windows\System\tKCZhZG.exe
  C:\Windows\System\tKCZhZG.exe
  2⤵
  PID:2604
- C:\Windows\System\TnLUDSl.exe
  C:\Windows\System\TnLUDSl.exe
  2⤵
  PID:1500
- C:\Windows\System\MDXqgRP.exe
  C:\Windows\System\MDXqgRP.exe
  2⤵
  PID:2288
- C:\Windows\System\LNKpMxm.exe
  C:\Windows\System\LNKpMxm.exe
  2⤵
  PID:324
- C:\Windows\System\nxldUwY.exe
  C:\Windows\System\nxldUwY.exe
  2⤵
  PID:3032
- C:\Windows\System\ZRevqcw.exe
  C:\Windows\System\ZRevqcw.exe
  2⤵
  PID:2752
- C:\Windows\System\DQBVAzy.exe
  C:\Windows\System\DQBVAzy.exe
  2⤵
  PID:2724
- C:\Windows\System\IarGtxd.exe
  C:\Windows\System\IarGtxd.exe
  2⤵
  PID:2892
- C:\Windows\System\EjsXpAc.exe
  C:\Windows\System\EjsXpAc.exe
  2⤵
  PID:2972
- C:\Windows\System\rUppYoD.exe
  C:\Windows\System\rUppYoD.exe
  2⤵
  PID:2668
- C:\Windows\System\DZZKhnO.exe
  C:\Windows\System\DZZKhnO.exe
  2⤵
  PID:2568
- C:\Windows\System\DAjaari.exe
  C:\Windows\System\DAjaari.exe
  2⤵
  PID:2476
- C:\Windows\System\fdRCYqA.exe
  C:\Windows\System\fdRCYqA.exe
  2⤵
  PID:2040
- C:\Windows\System\wytKwzs.exe
  C:\Windows\System\wytKwzs.exe
  2⤵
  PID:2512
- C:\Windows\System\EDHyyfr.exe
  C:\Windows\System\EDHyyfr.exe
  2⤵
  PID:940
- C:\Windows\System\iVHaSxd.exe
  C:\Windows\System\iVHaSxd.exe
  2⤵
  PID:2384
- C:\Windows\System\BAOgZdj.exe
  C:\Windows\System\BAOgZdj.exe
  2⤵
  PID:2500
- C:\Windows\System\ftkqKTs.exe
  C:\Windows\System\ftkqKTs.exe
  2⤵
  PID:2268
- C:\Windows\System\lYrEmKH.exe
  C:\Windows\System\lYrEmKH.exe
  2⤵
  PID:688
- C:\Windows\System\vJTeXpC.exe
  C:\Windows\System\vJTeXpC.exe
  2⤵
  PID:1712
- C:\Windows\System\FHqLbCa.exe
  C:\Windows\System\FHqLbCa.exe
  2⤵
  PID:964
- C:\Windows\System\YETljqA.exe
  C:\Windows\System\YETljqA.exe
  2⤵
  PID:2936
- C:\Windows\System\VDLWUFG.exe
  C:\Windows\System\VDLWUFG.exe
  2⤵
  PID:1972
- C:\Windows\System\hTdYDPO.exe
  C:\Windows\System\hTdYDPO.exe
  2⤵
  PID:1660
- C:\Windows\System\TtvWquC.exe
  C:\Windows\System\TtvWquC.exe
  2⤵
  PID:3052
- C:\Windows\System\yXRBPJM.exe
  C:\Windows\System\yXRBPJM.exe
  2⤵
  PID:1600
- C:\Windows\System\spTPCSS.exe
  C:\Windows\System\spTPCSS.exe
  2⤵
  PID:2720
- C:\Windows\System\xpUaszK.exe
  C:\Windows\System\xpUaszK.exe
  2⤵
  PID:2480
- C:\Windows\System\PtIUniN.exe
  C:\Windows\System\PtIUniN.exe
  2⤵
  PID:1228
- C:\Windows\System\NIPniNR.exe
  C:\Windows\System\NIPniNR.exe
  2⤵
  PID:2260
- C:\Windows\System\VloOOAU.exe
  C:\Windows\System\VloOOAU.exe
  2⤵
  PID:2264
- C:\Windows\System\gqsArwY.exe
  C:\Windows\System\gqsArwY.exe
  2⤵
  PID:2276
- C:\Windows\System\Inziyqq.exe
  C:\Windows\System\Inziyqq.exe
  2⤵
  PID:1044
- C:\Windows\System\rboIUEZ.exe
  C:\Windows\System\rboIUEZ.exe
  2⤵
  PID:1036
- C:\Windows\System\xvcHbgq.exe
  C:\Windows\System\xvcHbgq.exe
  2⤵
  PID:1052
- C:\Windows\System\eohfRkI.exe
  C:\Windows\System\eohfRkI.exe
  2⤵
  PID:2916
- C:\Windows\System\uawUCDM.exe
  C:\Windows\System\uawUCDM.exe
  2⤵
  PID:1872
- C:\Windows\System\sPNTWcX.exe
  C:\Windows\System\sPNTWcX.exe
  2⤵
  PID:1496
- C:\Windows\System\IaGOQXh.exe
  C:\Windows\System\IaGOQXh.exe
  2⤵
  PID:2920
- C:\Windows\System\TybLiZh.exe
  C:\Windows\System\TybLiZh.exe
  2⤵
  PID:2812
- C:\Windows\System\gKNaLGe.exe
  C:\Windows\System\gKNaLGe.exe
  2⤵
  PID:2824
- C:\Windows\System\gvueIuQ.exe
  C:\Windows\System\gvueIuQ.exe
  2⤵
  PID:2068
- C:\Windows\System\vvTvpQd.exe
  C:\Windows\System\vvTvpQd.exe
  2⤵
  PID:2300
- C:\Windows\System\PJRsUpE.exe
  C:\Windows\System\PJRsUpE.exe
  2⤵
  PID:2072
- C:\Windows\System\XIbvFYA.exe
  C:\Windows\System\XIbvFYA.exe
  2⤵
  PID:1884
- C:\Windows\System\wYhgYfX.exe
  C:\Windows\System\wYhgYfX.exe
  2⤵
  PID:1900
- C:\Windows\System\XwArysT.exe
  C:\Windows\System\XwArysT.exe
  2⤵
  PID:1744
- C:\Windows\System\DXKZbmE.exe
  C:\Windows\System\DXKZbmE.exe
  2⤵
  PID:1572
- C:\Windows\System\BlWbMLi.exe
  C:\Windows\System\BlWbMLi.exe
  2⤵
  PID:2788
- C:\Windows\System\qXXHFvh.exe
  C:\Windows\System\qXXHFvh.exe
  2⤵
  PID:2760
- C:\Windows\System\EyyHkbn.exe
  C:\Windows\System\EyyHkbn.exe
  2⤵
  PID:1788
- C:\Windows\System\lofNYvY.exe
  C:\Windows\System\lofNYvY.exe
  2⤵
  PID:3016
- C:\Windows\System\HumwUgQ.exe
  C:\Windows\System\HumwUgQ.exe
  2⤵
  PID:2100
- C:\Windows\System\OvGOYke.exe
  C:\Windows\System\OvGOYke.exe
  2⤵
  PID:2452
- C:\Windows\System\jMPHGBq.exe
  C:\Windows\System\jMPHGBq.exe
  2⤵
  PID:2212
- C:\Windows\System\OcfxDEs.exe
  C:\Windows\System\OcfxDEs.exe
  2⤵
  PID:2748
- C:\Windows\System\CVLMJRG.exe
  C:\Windows\System\CVLMJRG.exe
  2⤵
  PID:1568
- C:\Windows\System\gkOGtec.exe
  C:\Windows\System\gkOGtec.exe
  2⤵
  PID:1468
- C:\Windows\System\QYotzZb.exe
  C:\Windows\System\QYotzZb.exe
  2⤵
  PID:2940
- C:\Windows\System\IcsjzfU.exe
  C:\Windows\System\IcsjzfU.exe
  2⤵
  PID:2996
- C:\Windows\System\tppRTpL.exe
  C:\Windows\System\tppRTpL.exe
  2⤵
  PID:2980
- C:\Windows\System\FtWlagv.exe
  C:\Windows\System\FtWlagv.exe
  2⤵
  PID:2616
- C:\Windows\System\AnIleaV.exe
  C:\Windows\System\AnIleaV.exe
  2⤵
  PID:3080
- C:\Windows\System\yAkfKDv.exe
  C:\Windows\System\yAkfKDv.exe
  2⤵
  PID:3100
- C:\Windows\System\eBvUNaN.exe
  C:\Windows\System\eBvUNaN.exe
  2⤵
  PID:3120
- C:\Windows\System\QPoICuq.exe
  C:\Windows\System\QPoICuq.exe
  2⤵
  PID:3140
- C:\Windows\System\mNRKXuS.exe
  C:\Windows\System\mNRKXuS.exe
  2⤵
  PID:3160
- C:\Windows\System\IkrwbXq.exe
  C:\Windows\System\IkrwbXq.exe
  2⤵
  PID:3180
- C:\Windows\System\nMAoMoR.exe
  C:\Windows\System\nMAoMoR.exe
  2⤵
  PID:3200
- C:\Windows\System\hAnIySS.exe
  C:\Windows\System\hAnIySS.exe
  2⤵
  PID:3220
- C:\Windows\System\GqAurpu.exe
  C:\Windows\System\GqAurpu.exe
  2⤵
  PID:3244
- C:\Windows\System\ckNJrnG.exe
  C:\Windows\System\ckNJrnG.exe
  2⤵
  PID:3264
- C:\Windows\System\rATzNII.exe
  C:\Windows\System\rATzNII.exe
  2⤵
  PID:3284
- C:\Windows\System\OAEBDsR.exe
  C:\Windows\System\OAEBDsR.exe
  2⤵
  PID:3304
- C:\Windows\System\tXyoOBM.exe
  C:\Windows\System\tXyoOBM.exe
  2⤵
  PID:3320
- C:\Windows\System\jHrWxpR.exe
  C:\Windows\System\jHrWxpR.exe
  2⤵
  PID:3344
- C:\Windows\System\BWghTkE.exe
  C:\Windows\System\BWghTkE.exe
  2⤵
  PID:3364
- C:\Windows\System\pTpPwgW.exe
  C:\Windows\System\pTpPwgW.exe
  2⤵
  PID:3384
- C:\Windows\System\pJoMKWl.exe
  C:\Windows\System\pJoMKWl.exe
  2⤵
  PID:3404
- C:\Windows\System\AAwmVnZ.exe
  C:\Windows\System\AAwmVnZ.exe
  2⤵
  PID:3424
- C:\Windows\System\nhwAgxu.exe
  C:\Windows\System\nhwAgxu.exe
  2⤵
  PID:3444
- C:\Windows\System\UfCQdWI.exe
  C:\Windows\System\UfCQdWI.exe
  2⤵
  PID:3464
- C:\Windows\System\hoDqtSK.exe
  C:\Windows\System\hoDqtSK.exe
  2⤵
  PID:3480
- C:\Windows\System\rhABYIl.exe
  C:\Windows\System\rhABYIl.exe
  2⤵
  PID:3504
- C:\Windows\System\vImXnYI.exe
  C:\Windows\System\vImXnYI.exe
  2⤵
  PID:3528
- C:\Windows\System\dLBWXOu.exe
  C:\Windows\System\dLBWXOu.exe
  2⤵
  PID:3548
- C:\Windows\System\GNJHtsz.exe
  C:\Windows\System\GNJHtsz.exe
  2⤵
  PID:3568
- C:\Windows\System\IpNhKJx.exe
  C:\Windows\System\IpNhKJx.exe
  2⤵
  PID:3592
- C:\Windows\System\UFMttFr.exe
  C:\Windows\System\UFMttFr.exe
  2⤵
  PID:3612
- C:\Windows\System\tBZaVAB.exe
  C:\Windows\System\tBZaVAB.exe
  2⤵
  PID:3632
- C:\Windows\System\LIJeqln.exe
  C:\Windows\System\LIJeqln.exe
  2⤵
  PID:3652
- C:\Windows\System\tmRvlED.exe
  C:\Windows\System\tmRvlED.exe
  2⤵
  PID:3672
- C:\Windows\System\kBytygT.exe
  C:\Windows\System\kBytygT.exe
  2⤵
  PID:3688
- C:\Windows\System\fZcYDDK.exe
  C:\Windows\System\fZcYDDK.exe
  2⤵
  PID:3712
- C:\Windows\System\gzoCGDC.exe
  C:\Windows\System\gzoCGDC.exe
  2⤵
  PID:3732
- C:\Windows\System\RMlvhXu.exe
  C:\Windows\System\RMlvhXu.exe
  2⤵
  PID:3752
- C:\Windows\System\oIneOIZ.exe
  C:\Windows\System\oIneOIZ.exe
  2⤵
  PID:3772
- C:\Windows\System\byRiAEG.exe
  C:\Windows\System\byRiAEG.exe
  2⤵
  PID:3792
- C:\Windows\System\NPZPVUw.exe
  C:\Windows\System\NPZPVUw.exe
  2⤵
  PID:3812
- C:\Windows\System\ZcoJOLK.exe
  C:\Windows\System\ZcoJOLK.exe
  2⤵
  PID:3836
- C:\Windows\System\RrZvoCZ.exe
  C:\Windows\System\RrZvoCZ.exe
  2⤵
  PID:3856
- C:\Windows\System\AOKbHaX.exe
  C:\Windows\System\AOKbHaX.exe
  2⤵
  PID:3876
- C:\Windows\System\OzNIghW.exe
  C:\Windows\System\OzNIghW.exe
  2⤵
  PID:3896
- C:\Windows\System\LkpIEYk.exe
  C:\Windows\System\LkpIEYk.exe
  2⤵
  PID:3916
- C:\Windows\System\onCZtQt.exe
  C:\Windows\System\onCZtQt.exe
  2⤵
  PID:3936
- C:\Windows\System\cYHOdFR.exe
  C:\Windows\System\cYHOdFR.exe
  2⤵
  PID:3956
- C:\Windows\System\iZErzzD.exe
  C:\Windows\System\iZErzzD.exe
  2⤵
  PID:3976
- C:\Windows\System\KWAUPvr.exe
  C:\Windows\System\KWAUPvr.exe
  2⤵
  PID:3996
- C:\Windows\System\lCmgFzF.exe
  C:\Windows\System\lCmgFzF.exe
  2⤵
  PID:4016
- C:\Windows\System\QbrGCXw.exe
  C:\Windows\System\QbrGCXw.exe
  2⤵
  PID:4036
- C:\Windows\System\ZzTEzZk.exe
  C:\Windows\System\ZzTEzZk.exe
  2⤵
  PID:4056
- C:\Windows\System\DMlxOMk.exe
  C:\Windows\System\DMlxOMk.exe
  2⤵
  PID:4076
- C:\Windows\System\uIPgvkV.exe
  C:\Windows\System\uIPgvkV.exe
  2⤵
  PID:2508
- C:\Windows\System\msEGnKp.exe
  C:\Windows\System\msEGnKp.exe
  2⤵
  PID:2656
- C:\Windows\System\yvtBKGG.exe
  C:\Windows\System\yvtBKGG.exe
  2⤵
  PID:2832
- C:\Windows\System\LkRQXAV.exe
  C:\Windows\System\LkRQXAV.exe
  2⤵
  PID:2796
- C:\Windows\System\vBBNHsd.exe
  C:\Windows\System\vBBNHsd.exe
  2⤵
  PID:2676
- C:\Windows\System\jfYOBIu.exe
  C:\Windows\System\jfYOBIu.exe
  2⤵
  PID:3132
- C:\Windows\System\vZMVTUE.exe
  C:\Windows\System\vZMVTUE.exe
  2⤵
  PID:3176
- C:\Windows\System\pxYUTbt.exe
  C:\Windows\System\pxYUTbt.exe
  2⤵
  PID:3216
- C:\Windows\System\MhRmnmF.exe
  C:\Windows\System\MhRmnmF.exe
  2⤵
  PID:3212
- C:\Windows\System\UHeyZqv.exe
  C:\Windows\System\UHeyZqv.exe
  2⤵
  PID:3240
- C:\Windows\System\vDHqlJl.exe
  C:\Windows\System\vDHqlJl.exe
  2⤵
  PID:3296
- C:\Windows\System\QEMpcIL.exe
  C:\Windows\System\QEMpcIL.exe
  2⤵
  PID:3328
- C:\Windows\System\zVLBkLG.exe
  C:\Windows\System\zVLBkLG.exe
  2⤵
  PID:3336
- C:\Windows\System\EsZuCwr.exe
  C:\Windows\System\EsZuCwr.exe
  2⤵
  PID:3360
- C:\Windows\System\QxUdkeS.exe
  C:\Windows\System\QxUdkeS.exe
  2⤵
  PID:3452
- C:\Windows\System\ptAHoRR.exe
  C:\Windows\System\ptAHoRR.exe
  2⤵
  PID:872
- C:\Windows\System\asftJvx.exe
  C:\Windows\System\asftJvx.exe
  2⤵
  PID:3488
- C:\Windows\System\jYIXaub.exe
  C:\Windows\System\jYIXaub.exe
  2⤵
  PID:3232
- C:\Windows\System\TbUTAGg.exe
  C:\Windows\System\TbUTAGg.exe
  2⤵
  PID:3540
- C:\Windows\System\cIPOaQM.exe
  C:\Windows\System\cIPOaQM.exe
  2⤵
  PID:336
- C:\Windows\System\ozvrZNY.exe
  C:\Windows\System\ozvrZNY.exe
  2⤵
  PID:3560
- C:\Windows\System\dOMylxA.exe
  C:\Windows\System\dOMylxA.exe
  2⤵
  PID:3604
- C:\Windows\System\itmWTTY.exe
  C:\Windows\System\itmWTTY.exe
  2⤵
  PID:3644
- C:\Windows\System\gCLUOTH.exe
  C:\Windows\System\gCLUOTH.exe
  2⤵
  PID:3704
- C:\Windows\System\ZdyJQrN.exe
  C:\Windows\System\ZdyJQrN.exe
  2⤵
  PID:3740
- C:\Windows\System\cySMjRV.exe
  C:\Windows\System\cySMjRV.exe
  2⤵
  PID:3748
- C:\Windows\System\YpEDVcs.exe
  C:\Windows\System\YpEDVcs.exe
  2⤵
  PID:3764
- C:\Windows\System\tnuDYnE.exe
  C:\Windows\System\tnuDYnE.exe
  2⤵
  PID:3804
- C:\Windows\System\YoDEfNf.exe
  C:\Windows\System\YoDEfNf.exe
  2⤵
  PID:3828
- C:\Windows\System\fcruhTX.exe
  C:\Windows\System\fcruhTX.exe
  2⤵
  PID:3844
- C:\Windows\System\gVRgJlU.exe
  C:\Windows\System\gVRgJlU.exe
  2⤵
  PID:3908
- C:\Windows\System\ReGTzAM.exe
  C:\Windows\System\ReGTzAM.exe
  2⤵
  PID:3948
- C:\Windows\System\TvMDrux.exe
  C:\Windows\System\TvMDrux.exe
  2⤵
  PID:3968
- C:\Windows\System\kXGhYkV.exe
  C:\Windows\System\kXGhYkV.exe
  2⤵
  PID:4008
- C:\Windows\System\wvwUOwd.exe
  C:\Windows\System\wvwUOwd.exe
  2⤵
  PID:4068
- C:\Windows\System\OecICHZ.exe
  C:\Windows\System\OecICHZ.exe
  2⤵
  PID:4084
- C:\Windows\System\SJgANkk.exe
  C:\Windows\System\SJgANkk.exe
  2⤵
  PID:4092
- C:\Windows\System\GiYQdbQ.exe
  C:\Windows\System\GiYQdbQ.exe
  2⤵
  PID:2700
- C:\Windows\System\ZdSrena.exe
  C:\Windows\System\ZdSrena.exe
  2⤵
  PID:3076
- C:\Windows\System\buLmDln.exe
  C:\Windows\System\buLmDln.exe
  2⤵
  PID:3112
- C:\Windows\System\fKkuplE.exe
  C:\Windows\System\fKkuplE.exe
  2⤵
  PID:3168
- C:\Windows\System\GoDOiym.exe
  C:\Windows\System\GoDOiym.exe
  2⤵
  PID:3256
- C:\Windows\System\TyJNlqH.exe
  C:\Windows\System\TyJNlqH.exe
  2⤵
  PID:3272
- C:\Windows\System\oFJOvQK.exe
  C:\Windows\System\oFJOvQK.exe
  2⤵
  PID:3412
- C:\Windows\System\CuEXcno.exe
  C:\Windows\System\CuEXcno.exe
  2⤵
  PID:3396
- C:\Windows\System\VOGyPOh.exe
  C:\Windows\System\VOGyPOh.exe
  2⤵
  PID:3476
- C:\Windows\System\gWSRJNq.exe
  C:\Windows\System\gWSRJNq.exe
  2⤵
  PID:3440
- C:\Windows\System\XmPLCow.exe
  C:\Windows\System\XmPLCow.exe
  2⤵
  PID:3544
- C:\Windows\System\CCTcyNq.exe
  C:\Windows\System\CCTcyNq.exe
  2⤵
  PID:3600
- C:\Windows\System\tWEuIUh.exe
  C:\Windows\System\tWEuIUh.exe
  2⤵
  PID:3660
- C:\Windows\System\kiehgal.exe
  C:\Windows\System\kiehgal.exe
  2⤵
  PID:3700
- C:\Windows\System\RoKWDGf.exe
  C:\Windows\System\RoKWDGf.exe
  2⤵
  PID:3728
- C:\Windows\System\MQTvZyQ.exe
  C:\Windows\System\MQTvZyQ.exe
  2⤵
  PID:3800
- C:\Windows\System\MkkXHzy.exe
  C:\Windows\System\MkkXHzy.exe
  2⤵
  PID:3888
- C:\Windows\System\qBaZcfg.exe
  C:\Windows\System\qBaZcfg.exe
  2⤵
  PID:1688
- C:\Windows\System\baotVRu.exe
  C:\Windows\System\baotVRu.exe
  2⤵
  PID:1544
- C:\Windows\System\mmibKZJ.exe
  C:\Windows\System\mmibKZJ.exe
  2⤵
  PID:4004
- C:\Windows\System\PHrknfn.exe
  C:\Windows\System\PHrknfn.exe
  2⤵
  PID:2044
- C:\Windows\System\AOrEUwl.exe
  C:\Windows\System\AOrEUwl.exe
  2⤵
  PID:3984
- C:\Windows\System\LKbXuRT.exe
  C:\Windows\System\LKbXuRT.exe
  2⤵
  PID:3932
- C:\Windows\System\YDqKygm.exe
  C:\Windows\System\YDqKygm.exe
  2⤵
  PID:2712
- C:\Windows\System\sqPtrkl.exe
  C:\Windows\System\sqPtrkl.exe
  2⤵
  PID:1536
- C:\Windows\System\OblzluG.exe
  C:\Windows\System\OblzluG.exe
  2⤵
  PID:3000
- C:\Windows\System\qAxbPHW.exe
  C:\Windows\System\qAxbPHW.exe
  2⤵
  PID:2988
- C:\Windows\System\JZUsyPB.exe
  C:\Windows\System\JZUsyPB.exe
  2⤵
  PID:3192
- C:\Windows\System\dfsweBG.exe
  C:\Windows\System\dfsweBG.exe
  2⤵
  PID:912
- C:\Windows\System\TYJTKvE.exe
  C:\Windows\System\TYJTKvE.exe
  2⤵
  PID:3340
- C:\Windows\System\PzbirhQ.exe
  C:\Windows\System\PzbirhQ.exe
  2⤵
  PID:316
- C:\Windows\System\YEuNMDp.exe
  C:\Windows\System\YEuNMDp.exe
  2⤵
  PID:2860
- C:\Windows\System\NWvCIeZ.exe
  C:\Windows\System\NWvCIeZ.exe
  2⤵
  PID:2620
- C:\Windows\System\VghWUbT.exe
  C:\Windows\System\VghWUbT.exe
  2⤵
  PID:3472
- C:\Windows\System\pOiLdrE.exe
  C:\Windows\System\pOiLdrE.exe
  2⤵
  PID:3624
- C:\Windows\System\kHjDwAN.exe
  C:\Windows\System\kHjDwAN.exe
  2⤵
  PID:3512
- C:\Windows\System\ODaRYOf.exe
  C:\Windows\System\ODaRYOf.exe
  2⤵
  PID:1732
- C:\Windows\System\TqTzMXH.exe
  C:\Windows\System\TqTzMXH.exe
  2⤵
  PID:3852
- C:\Windows\System\VWfaqNm.exe
  C:\Windows\System\VWfaqNm.exe
  2⤵
  PID:1184
- C:\Windows\System\NiqtbgM.exe
  C:\Windows\System\NiqtbgM.exe
  2⤵
  PID:2140
- C:\Windows\System\oHlQVGe.exe
  C:\Windows\System\oHlQVGe.exe
  2⤵
  PID:3500
- C:\Windows\System\yZUbZDx.exe
  C:\Windows\System\yZUbZDx.exe
  2⤵
  PID:3352
- C:\Windows\System\dFsfLlr.exe
  C:\Windows\System\dFsfLlr.exe
  2⤵
  PID:1576
- C:\Windows\System\rijldYO.exe
  C:\Windows\System\rijldYO.exe
  2⤵
  PID:1232
- C:\Windows\System\YsHoSpS.exe
  C:\Windows\System\YsHoSpS.exe
  2⤵
  PID:2348
- C:\Windows\System\osoBjWs.exe
  C:\Windows\System\osoBjWs.exe
  2⤵
  PID:2776
- C:\Windows\System\lBbqCMK.exe
  C:\Windows\System\lBbqCMK.exe
  2⤵
  PID:2952
- C:\Windows\System\NJAjpsD.exe
  C:\Windows\System\NJAjpsD.exe
  2⤵
  PID:3136
- C:\Windows\System\ZgfNdDN.exe
  C:\Windows\System\ZgfNdDN.exe
  2⤵
  PID:3152
- C:\Windows\System\dqblzFW.exe
  C:\Windows\System\dqblzFW.exe
  2⤵
  PID:2412
- C:\Windows\System\QsXDopW.exe
  C:\Windows\System\QsXDopW.exe
  2⤵
  PID:1380
- C:\Windows\System\wZrXPWs.exe
  C:\Windows\System\wZrXPWs.exe
  2⤵
  PID:1708
- C:\Windows\System\resWORl.exe
  C:\Windows\System\resWORl.exe
  2⤵
  PID:1592
- C:\Windows\System\XasuDKU.exe
  C:\Windows\System\XasuDKU.exe
  2⤵
  PID:2784
- C:\Windows\System\lBEwTAN.exe
  C:\Windows\System\lBEwTAN.exe
  2⤵
  PID:3640
- C:\Windows\System\PtPtyyJ.exe
  C:\Windows\System\PtPtyyJ.exe
  2⤵
  PID:3832
- C:\Windows\System\JlthMHv.exe
  C:\Windows\System\JlthMHv.exe
  2⤵
  PID:2536
- C:\Windows\System\GycOhMI.exe
  C:\Windows\System\GycOhMI.exe
  2⤵
  PID:4044
- C:\Windows\System\zYpswKO.exe
  C:\Windows\System\zYpswKO.exe
  2⤵
  PID:2304
- C:\Windows\System\JTwgihB.exe
  C:\Windows\System\JTwgihB.exe
  2⤵
  PID:3392
- C:\Windows\System\tBWoezz.exe
  C:\Windows\System\tBWoezz.exe
  2⤵
  PID:3564
- C:\Windows\System\fubfqvf.exe
  C:\Windows\System\fubfqvf.exe
  2⤵
  PID:276
- C:\Windows\System\opPJnZi.exe
  C:\Windows\System\opPJnZi.exe
  2⤵
  PID:2056
- C:\Windows\System\SVDlRpE.exe
  C:\Windows\System\SVDlRpE.exe
  2⤵
  PID:3400
- C:\Windows\System\vpHPxVg.exe
  C:\Windows\System\vpHPxVg.exe
  2⤵
  PID:3744
- C:\Windows\System\PWRVLaN.exe
  C:\Windows\System\PWRVLaN.exe
  2⤵
  PID:1236
- C:\Windows\System\GaGsSOU.exe
  C:\Windows\System\GaGsSOU.exe
  2⤵
  PID:3260
- C:\Windows\System\Ppcaorb.exe
  C:\Windows\System\Ppcaorb.exe
  2⤵
  PID:2520
- C:\Windows\System\VKAIoop.exe
  C:\Windows\System\VKAIoop.exe
  2⤵
  PID:2176
- C:\Windows\System\fltQqNq.exe
  C:\Windows\System\fltQqNq.exe
  2⤵
  PID:3276
- C:\Windows\System\MublSVq.exe
  C:\Windows\System\MublSVq.exe
  2⤵
  PID:3964
- C:\Windows\System\QNcyUJP.exe
  C:\Windows\System\QNcyUJP.exe
  2⤵
  PID:3516
- C:\Windows\System\Dvwwxmc.exe
  C:\Windows\System\Dvwwxmc.exe
  2⤵
  PID:3668
- C:\Windows\System\LKvGhza.exe
  C:\Windows\System\LKvGhza.exe
  2⤵
  PID:4100
- C:\Windows\System\ckrcAjd.exe
  C:\Windows\System\ckrcAjd.exe
  2⤵
  PID:4116
- C:\Windows\System\zbORiFc.exe
  C:\Windows\System\zbORiFc.exe
  2⤵
  PID:4160
- C:\Windows\System\xoPNoPk.exe
  C:\Windows\System\xoPNoPk.exe
  2⤵
  PID:4180
- C:\Windows\System\QthDCuy.exe
  C:\Windows\System\QthDCuy.exe
  2⤵
  PID:4200
- C:\Windows\System\griGpwg.exe
  C:\Windows\System\griGpwg.exe
  2⤵
  PID:4236
- C:\Windows\System\fAKfUHm.exe
  C:\Windows\System\fAKfUHm.exe
  2⤵
  PID:4252
- C:\Windows\System\cunQoNh.exe
  C:\Windows\System\cunQoNh.exe
  2⤵
  PID:4268
- C:\Windows\System\owPhcFf.exe
  C:\Windows\System\owPhcFf.exe
  2⤵
  PID:4292
- C:\Windows\System\bXArLvr.exe
  C:\Windows\System\bXArLvr.exe
  2⤵
  PID:4312
- C:\Windows\System\medwQqq.exe
  C:\Windows\System\medwQqq.exe
  2⤵
  PID:4332
- C:\Windows\System\MfSpoli.exe
  C:\Windows\System\MfSpoli.exe
  2⤵
  PID:4352
- C:\Windows\System\vwnaSGq.exe
  C:\Windows\System\vwnaSGq.exe
  2⤵
  PID:4372
- C:\Windows\System\evIZhuQ.exe
  C:\Windows\System\evIZhuQ.exe
  2⤵
  PID:4392
- C:\Windows\System\jsbZKHt.exe
  C:\Windows\System\jsbZKHt.exe
  2⤵
  PID:4412
- C:\Windows\System\YRkIFPM.exe
  C:\Windows\System\YRkIFPM.exe
  2⤵
  PID:4440
- C:\Windows\System\ElOBqGI.exe
  C:\Windows\System\ElOBqGI.exe
  2⤵
  PID:4456
- C:\Windows\System\aDvYKMg.exe
  C:\Windows\System\aDvYKMg.exe
  2⤵
  PID:4480
- C:\Windows\System\yUHniTa.exe
  C:\Windows\System\yUHniTa.exe
  2⤵
  PID:4500
- C:\Windows\System\eYQttzB.exe
  C:\Windows\System\eYQttzB.exe
  2⤵
  PID:4520
- C:\Windows\System\tJCuJht.exe
  C:\Windows\System\tJCuJht.exe
  2⤵
  PID:4536
- C:\Windows\System\VfoqSJj.exe
  C:\Windows\System\VfoqSJj.exe
  2⤵
  PID:4552
- C:\Windows\System\GCzHXHp.exe
  C:\Windows\System\GCzHXHp.exe
  2⤵
  PID:4572
- C:\Windows\System\iRwLBVH.exe
  C:\Windows\System\iRwLBVH.exe
  2⤵
  PID:4600
- C:\Windows\System\GUsahRQ.exe
  C:\Windows\System\GUsahRQ.exe
  2⤵
  PID:4616
- C:\Windows\System\wOebNNP.exe
  C:\Windows\System\wOebNNP.exe
  2⤵
  PID:4632
- C:\Windows\System\KfXWacu.exe
  C:\Windows\System\KfXWacu.exe
  2⤵
  PID:4656
- C:\Windows\System\WhJrwOo.exe
  C:\Windows\System\WhJrwOo.exe
  2⤵
  PID:4680
- C:\Windows\System\XEsdSnY.exe
  C:\Windows\System\XEsdSnY.exe
  2⤵
  PID:4696
- C:\Windows\System\xtRmRFi.exe
  C:\Windows\System\xtRmRFi.exe
  2⤵
  PID:4720
- C:\Windows\System\fRCqYix.exe
  C:\Windows\System\fRCqYix.exe
  2⤵
  PID:4736
- C:\Windows\System\wtryyRQ.exe
  C:\Windows\System\wtryyRQ.exe
  2⤵
  PID:4756
- C:\Windows\System\imrbPzA.exe
  C:\Windows\System\imrbPzA.exe
  2⤵
  PID:4772
- C:\Windows\System\UEWsBWD.exe
  C:\Windows\System\UEWsBWD.exe
  2⤵
  PID:4800
- C:\Windows\System\qFBzZFU.exe
  C:\Windows\System\qFBzZFU.exe
  2⤵
  PID:4816
- C:\Windows\System\HIJdxYS.exe
  C:\Windows\System\HIJdxYS.exe
  2⤵
  PID:4832
- C:\Windows\System\qRZrYlA.exe
  C:\Windows\System\qRZrYlA.exe
  2⤵
  PID:4848
- C:\Windows\System\dddNBNC.exe
  C:\Windows\System\dddNBNC.exe
  2⤵
  PID:4868
- C:\Windows\System\LzdgiIt.exe
  C:\Windows\System\LzdgiIt.exe
  2⤵
  PID:4896
- C:\Windows\System\dhOkYBp.exe
  C:\Windows\System\dhOkYBp.exe
  2⤵
  PID:4912
- C:\Windows\System\igPSLWa.exe
  C:\Windows\System\igPSLWa.exe
  2⤵
  PID:4928
- C:\Windows\System\tpcsYcd.exe
  C:\Windows\System\tpcsYcd.exe
  2⤵
  PID:4960
- C:\Windows\System\eWIrjNP.exe
  C:\Windows\System\eWIrjNP.exe
  2⤵
  PID:4976
- C:\Windows\System\tnJOaIz.exe
  C:\Windows\System\tnJOaIz.exe
  2⤵
  PID:4992
- C:\Windows\System\hrEmGpa.exe
  C:\Windows\System\hrEmGpa.exe
  2⤵
  PID:5012
- C:\Windows\System\fdVPCRK.exe
  C:\Windows\System\fdVPCRK.exe
  2⤵
  PID:5040
- C:\Windows\System\yZFaeeC.exe
  C:\Windows\System\yZFaeeC.exe
  2⤵
  PID:5056
- C:\Windows\System\XxdgaVO.exe
  C:\Windows\System\XxdgaVO.exe
  2⤵
  PID:5072
- C:\Windows\System\pNrgdCi.exe
  C:\Windows\System\pNrgdCi.exe
  2⤵
  PID:5092
- C:\Windows\System\YJlOOun.exe
  C:\Windows\System\YJlOOun.exe
  2⤵
  PID:5116
- C:\Windows\System\hQowRxb.exe
  C:\Windows\System\hQowRxb.exe
  2⤵
  PID:3088
- C:\Windows\System\RcxuFEq.exe
  C:\Windows\System\RcxuFEq.exe
  2⤵
  PID:4108
- C:\Windows\System\XlmSTsj.exe
  C:\Windows\System\XlmSTsj.exe
  2⤵
  PID:1892
- C:\Windows\System\rWRVcMQ.exe
  C:\Windows\System\rWRVcMQ.exe
  2⤵
  PID:4148
- C:\Windows\System\BpPbbsT.exe
  C:\Windows\System\BpPbbsT.exe
  2⤵
  PID:3208
- C:\Windows\System\McsjnJk.exe
  C:\Windows\System\McsjnJk.exe
  2⤵
  PID:4260
- C:\Windows\System\axUBAUq.exe
  C:\Windows\System\axUBAUq.exe
  2⤵
  PID:4276
- C:\Windows\System\OKquTEd.exe
  C:\Windows\System\OKquTEd.exe
  2⤵
  PID:4304
- C:\Windows\System\ehSBkeL.exe
  C:\Windows\System\ehSBkeL.exe
  2⤵
  PID:4324
- C:\Windows\System\SoJthth.exe
  C:\Windows\System\SoJthth.exe
  2⤵
  PID:4156
- C:\Windows\System\HzTYNtN.exe
  C:\Windows\System\HzTYNtN.exe
  2⤵
  PID:4400
- C:\Windows\System\DURpgQn.exe
  C:\Windows\System\DURpgQn.exe
  2⤵
  PID:4428
- C:\Windows\System\uBxtPzO.exe
  C:\Windows\System\uBxtPzO.exe
  2⤵
  PID:4452
- C:\Windows\System\dHEPtgu.exe
  C:\Windows\System\dHEPtgu.exe
  2⤵
  PID:4492
- C:\Windows\System\kpoahZk.exe
  C:\Windows\System\kpoahZk.exe
  2⤵
  PID:4532
- C:\Windows\System\iZDFBHJ.exe
  C:\Windows\System\iZDFBHJ.exe
  2⤵
  PID:4528
- C:\Windows\System\RkAJXSS.exe
  C:\Windows\System\RkAJXSS.exe
  2⤵
  PID:4544
- C:\Windows\System\XMAfjVc.exe
  C:\Windows\System\XMAfjVc.exe
  2⤵
  PID:4584
- C:\Windows\System\PkkpqHV.exe
  C:\Windows\System\PkkpqHV.exe
  2⤵
  PID:4668
- C:\Windows\System\xHLUqyy.exe
  C:\Windows\System\xHLUqyy.exe
  2⤵
  PID:4644
- C:\Windows\System\XACgETs.exe
  C:\Windows\System\XACgETs.exe
  2⤵
  PID:4712
- C:\Windows\System\tnkKcwS.exe
  C:\Windows\System\tnkKcwS.exe
  2⤵
  PID:4748
- C:\Windows\System\sJSwwaL.exe
  C:\Windows\System\sJSwwaL.exe
  2⤵
  PID:4780
- C:\Windows\System\wBOycQH.exe
  C:\Windows\System\wBOycQH.exe
  2⤵
  PID:4812
- C:\Windows\System\JknrBfo.exe
  C:\Windows\System\JknrBfo.exe
  2⤵
  PID:4884
- C:\Windows\System\bRkJaiT.exe
  C:\Windows\System\bRkJaiT.exe
  2⤵
  PID:4856
- C:\Windows\System\iUckDaz.exe
  C:\Windows\System\iUckDaz.exe
  2⤵
  PID:4908
- C:\Windows\System\TRZJRXa.exe
  C:\Windows\System\TRZJRXa.exe
  2⤵
  PID:4924
- C:\Windows\System\eVxMYzs.exe
  C:\Windows\System\eVxMYzs.exe
  2⤵
  PID:4988
- C:\Windows\System\EDTkucr.exe
  C:\Windows\System\EDTkucr.exe
  2⤵
  PID:4972
- C:\Windows\System\dRDaAGB.exe
  C:\Windows\System\dRDaAGB.exe
  2⤵
  PID:5100
- C:\Windows\System\miebLTV.exe
  C:\Windows\System\miebLTV.exe
  2⤵
  PID:5004
- C:\Windows\System\FoqkhqE.exe
  C:\Windows\System\FoqkhqE.exe
  2⤵
  PID:5080
- C:\Windows\System\kOCYgAh.exe
  C:\Windows\System\kOCYgAh.exe
  2⤵
  PID:3128
- C:\Windows\System\OuQuRxd.exe
  C:\Windows\System\OuQuRxd.exe
  2⤵
  PID:4152
- C:\Windows\System\towtyJY.exe
  C:\Windows\System\towtyJY.exe
  2⤵
  PID:4172
- C:\Windows\System\znyVMBD.exe
  C:\Windows\System\znyVMBD.exe
  2⤵
  PID:4224
- C:\Windows\System\bTVBoyw.exe
  C:\Windows\System\bTVBoyw.exe
  2⤵
  PID:4284
- C:\Windows\System\AdqgWLJ.exe
  C:\Windows\System\AdqgWLJ.exe
  2⤵
  PID:4368
- C:\Windows\System\rODkgcp.exe
  C:\Windows\System\rODkgcp.exe
  2⤵
  PID:4388
- C:\Windows\System\qojoDxt.exe
  C:\Windows\System\qojoDxt.exe
  2⤵
  PID:4476
- C:\Windows\System\RQfTcdj.exe
  C:\Windows\System\RQfTcdj.exe
  2⤵
  PID:4220
- C:\Windows\System\jpyLPQo.exe
  C:\Windows\System\jpyLPQo.exe
  2⤵
  PID:4592
- C:\Windows\System\TuTQfgQ.exe
  C:\Windows\System\TuTQfgQ.exe
  2⤵
  PID:4608
- C:\Windows\System\tRcHkui.exe
  C:\Windows\System\tRcHkui.exe
  2⤵
  PID:4652
- C:\Windows\System\dvFNSOK.exe
  C:\Windows\System\dvFNSOK.exe
  2⤵
  PID:4728
- C:\Windows\System\odZWFTA.exe
  C:\Windows\System\odZWFTA.exe
  2⤵
  PID:4704
- C:\Windows\System\UPdSxVn.exe
  C:\Windows\System\UPdSxVn.exe
  2⤵
  PID:4796
- C:\Windows\System\YhOoSNz.exe
  C:\Windows\System\YhOoSNz.exe
  2⤵
  PID:4876
- C:\Windows\System\ZzaQZvf.exe
  C:\Windows\System\ZzaQZvf.exe
  2⤵
  PID:4892
- C:\Windows\System\YtbWXBk.exe
  C:\Windows\System\YtbWXBk.exe
  2⤵
  PID:5028
- C:\Windows\System\HmDjJgT.exe
  C:\Windows\System\HmDjJgT.exe
  2⤵
  PID:5112
- C:\Windows\System\IFgViar.exe
  C:\Windows\System\IFgViar.exe
  2⤵
  PID:5048
- C:\Windows\System\yHXwUGo.exe
  C:\Windows\System\yHXwUGo.exe
  2⤵
  PID:4112
- C:\Windows\System\xMCyzjP.exe
  C:\Windows\System\xMCyzjP.exe
  2⤵
  PID:4188
- C:\Windows\System\dqChNdD.exe
  C:\Windows\System\dqChNdD.exe
  2⤵
  PID:4248
- C:\Windows\System\FQXNjLw.exe
  C:\Windows\System\FQXNjLw.exe
  2⤵
  PID:4384
- C:\Windows\System\ZiRhFrO.exe
  C:\Windows\System\ZiRhFrO.exe
  2⤵
  PID:4512
- C:\Windows\System\McibAxQ.exe
  C:\Windows\System\McibAxQ.exe
  2⤵
  PID:4672
- C:\Windows\System\PfZVBWF.exe
  C:\Windows\System\PfZVBWF.exe
  2⤵
  PID:4768
- C:\Windows\System\ZajzJXD.exe
  C:\Windows\System\ZajzJXD.exe
  2⤵
  PID:4752
- C:\Windows\System\ltetSQI.exe
  C:\Windows\System\ltetSQI.exe
  2⤵
  PID:5024
- C:\Windows\System\vNZbJbA.exe
  C:\Windows\System\vNZbJbA.exe
  2⤵
  PID:4136
- C:\Windows\System\OyGJmbs.exe
  C:\Windows\System\OyGJmbs.exe
  2⤵
  PID:4228
- C:\Windows\System\jzubtMZ.exe
  C:\Windows\System\jzubtMZ.exe
  2⤵
  PID:5064
- C:\Windows\System\DBLrYaC.exe
  C:\Windows\System\DBLrYaC.exe
  2⤵
  PID:4488
- C:\Windows\System\HHiCbrn.exe
  C:\Windows\System\HHiCbrn.exe
  2⤵
  PID:4424
- C:\Windows\System\kBrjKBv.exe
  C:\Windows\System\kBrjKBv.exe
  2⤵
  PID:4348
- C:\Windows\System\MMsxDhF.exe
  C:\Windows\System\MMsxDhF.exe
  2⤵
  PID:3312
- C:\Windows\System\qqjvbvr.exe
  C:\Windows\System\qqjvbvr.exe
  2⤵
  PID:4168
- C:\Windows\System\oJadtCQ.exe
  C:\Windows\System\oJadtCQ.exe
  2⤵
  PID:4744
- C:\Windows\System\lubdTtY.exe
  C:\Windows\System\lubdTtY.exe
  2⤵
  PID:5000
- C:\Windows\System\sDPOcgg.exe
  C:\Windows\System\sDPOcgg.exe
  2⤵
  PID:4212
- C:\Windows\System\GUMFviW.exe
  C:\Windows\System\GUMFviW.exe
  2⤵
  PID:4860
- C:\Windows\System\HICJGve.exe
  C:\Windows\System\HICJGve.exe
  2⤵
  PID:4944
- C:\Windows\System\kMmNKcF.exe
  C:\Windows\System\kMmNKcF.exe
  2⤵
  PID:5032
- C:\Windows\System\csDVnAY.exe
  C:\Windows\System\csDVnAY.exe
  2⤵
  PID:4688
- C:\Windows\System\nnFefwz.exe
  C:\Windows\System\nnFefwz.exe
  2⤵
  PID:5136
- C:\Windows\System\cNscBDL.exe
  C:\Windows\System\cNscBDL.exe
  2⤵
  PID:5152
- C:\Windows\System\wGNPosg.exe
  C:\Windows\System\wGNPosg.exe
  2⤵
  PID:5180
- C:\Windows\System\Kkprria.exe
  C:\Windows\System\Kkprria.exe
  2⤵
  PID:5196
- C:\Windows\System\chdrEwq.exe
  C:\Windows\System\chdrEwq.exe
  2⤵
  PID:5212
- C:\Windows\System\bmdEpys.exe
  C:\Windows\System\bmdEpys.exe
  2⤵
  PID:5228
- C:\Windows\System\YFexUcF.exe
  C:\Windows\System\YFexUcF.exe
  2⤵
  PID:5248
- C:\Windows\System\avnSPgl.exe
  C:\Windows\System\avnSPgl.exe
  2⤵
  PID:5264
- C:\Windows\System\pgFUWCb.exe
  C:\Windows\System\pgFUWCb.exe
  2⤵
  PID:5300
- C:\Windows\System\ukpRkbk.exe
  C:\Windows\System\ukpRkbk.exe
  2⤵
  PID:5316
- C:\Windows\System\gdgJbFP.exe
  C:\Windows\System\gdgJbFP.exe
  2⤵
  PID:5332
- C:\Windows\System\KDoxbjX.exe
  C:\Windows\System\KDoxbjX.exe
  2⤵
  PID:5352
- C:\Windows\System\zlunwXk.exe
  C:\Windows\System\zlunwXk.exe
  2⤵
  PID:5368
- C:\Windows\System\lFuvmrC.exe
  C:\Windows\System\lFuvmrC.exe
  2⤵
  PID:5384
- C:\Windows\System\TBppcXe.exe
  C:\Windows\System\TBppcXe.exe
  2⤵
  PID:5400
- C:\Windows\System\hJYAHRe.exe
  C:\Windows\System\hJYAHRe.exe
  2⤵
  PID:5416
- C:\Windows\System\ssuZNel.exe
  C:\Windows\System\ssuZNel.exe
  2⤵
  PID:5432
- C:\Windows\System\zWqxitK.exe
  C:\Windows\System\zWqxitK.exe
  2⤵
  PID:5448
- C:\Windows\System\aVimbnh.exe
  C:\Windows\System\aVimbnh.exe
  2⤵
  PID:5504
- C:\Windows\System\eaYwFRL.exe
  C:\Windows\System\eaYwFRL.exe
  2⤵
  PID:5520
- C:\Windows\System\thMmXVF.exe
  C:\Windows\System\thMmXVF.exe
  2⤵
  PID:5540
- C:\Windows\System\ACjysCd.exe
  C:\Windows\System\ACjysCd.exe
  2⤵
  PID:5556
- C:\Windows\System\IPOPNFR.exe
  C:\Windows\System\IPOPNFR.exe
  2⤵
  PID:5584
- C:\Windows\System\gNNwIYJ.exe
  C:\Windows\System\gNNwIYJ.exe
  2⤵
  PID:5600
- C:\Windows\System\hZYohdN.exe
  C:\Windows\System\hZYohdN.exe
  2⤵
  PID:5620
- C:\Windows\System\NBEBgtQ.exe
  C:\Windows\System\NBEBgtQ.exe
  2⤵
  PID:5640
- C:\Windows\System\LaQOEOK.exe
  C:\Windows\System\LaQOEOK.exe
  2⤵
  PID:5656
- C:\Windows\System\MvSIBZU.exe
  C:\Windows\System\MvSIBZU.exe
  2⤵
  PID:5680
- C:\Windows\System\dFkefAv.exe
  C:\Windows\System\dFkefAv.exe
  2⤵
  PID:5704
- C:\Windows\System\rXquZTX.exe
  C:\Windows\System\rXquZTX.exe
  2⤵
  PID:5720
- C:\Windows\System\PFDMRUC.exe
  C:\Windows\System\PFDMRUC.exe
  2⤵
  PID:5736
- C:\Windows\System\fISRBbK.exe
  C:\Windows\System\fISRBbK.exe
  2⤵
  PID:5760
- C:\Windows\System\tFZljxb.exe
  C:\Windows\System\tFZljxb.exe
  2⤵
  PID:5776
- C:\Windows\System\cOvgDSa.exe
  C:\Windows\System\cOvgDSa.exe
  2⤵
  PID:5792
- C:\Windows\System\kCxcHhW.exe
  C:\Windows\System\kCxcHhW.exe
  2⤵
  PID:5808
- C:\Windows\System\Ekrkaks.exe
  C:\Windows\System\Ekrkaks.exe
  2⤵
  PID:5836
- C:\Windows\System\cXKNGhF.exe
  C:\Windows\System\cXKNGhF.exe
  2⤵
  PID:5852
- C:\Windows\System\VhOVYza.exe
  C:\Windows\System\VhOVYza.exe
  2⤵
  PID:5872
- C:\Windows\System\rADDEAJ.exe
  C:\Windows\System\rADDEAJ.exe
  2⤵
  PID:5896
- C:\Windows\System\tKwvMCH.exe
  C:\Windows\System\tKwvMCH.exe
  2⤵
  PID:5920
- C:\Windows\System\mLBRLcr.exe
  C:\Windows\System\mLBRLcr.exe
  2⤵
  PID:5944
- C:\Windows\System\zmcwcoI.exe
  C:\Windows\System\zmcwcoI.exe
  2⤵
  PID:5968
- C:\Windows\System\qaVyBsH.exe
  C:\Windows\System\qaVyBsH.exe
  2⤵
  PID:5992
- C:\Windows\System\jlqrLhC.exe
  C:\Windows\System\jlqrLhC.exe
  2⤵
  PID:6008
- C:\Windows\System\PuALBqK.exe
  C:\Windows\System\PuALBqK.exe
  2⤵
  PID:6032
- C:\Windows\System\foxIgIB.exe
  C:\Windows\System\foxIgIB.exe
  2⤵
  PID:6048
- C:\Windows\System\mSYRBaB.exe
  C:\Windows\System\mSYRBaB.exe
  2⤵
  PID:6072
- C:\Windows\System\wKvVSqC.exe
  C:\Windows\System\wKvVSqC.exe
  2⤵
  PID:6088
- C:\Windows\System\sVfqPZy.exe
  C:\Windows\System\sVfqPZy.exe
  2⤵
  PID:6104
- C:\Windows\System\rICCBck.exe
  C:\Windows\System\rICCBck.exe
  2⤵
  PID:6124
- C:\Windows\System\YHYFxGb.exe
  C:\Windows\System\YHYFxGb.exe
  2⤵
  PID:4464
- C:\Windows\System\bcrYdWF.exe
  C:\Windows\System\bcrYdWF.exe
  2⤵
  PID:4340
- C:\Windows\System\TzkGXvL.exe
  C:\Windows\System\TzkGXvL.exe
  2⤵
  PID:5128
- C:\Windows\System\HpwatPu.exe
  C:\Windows\System\HpwatPu.exe
  2⤵
  PID:5160
- C:\Windows\System\gJrEQTT.exe
  C:\Windows\System\gJrEQTT.exe
  2⤵
  PID:5168
- C:\Windows\System\EUWYGnW.exe
  C:\Windows\System\EUWYGnW.exe
  2⤵
  PID:5244
- C:\Windows\System\csqkSzZ.exe
  C:\Windows\System\csqkSzZ.exe
  2⤵
  PID:5288
- C:\Windows\System\EzfvCLs.exe
  C:\Windows\System\EzfvCLs.exe
  2⤵
  PID:5324
- C:\Windows\System\htqBYXT.exe
  C:\Windows\System\htqBYXT.exe
  2⤵
  PID:5348
- C:\Windows\System\nrgOoee.exe
  C:\Windows\System\nrgOoee.exe
  2⤵
  PID:5376
- C:\Windows\System\vWrjxPU.exe
  C:\Windows\System\vWrjxPU.exe
  2⤵
  PID:5412
- C:\Windows\System\bJySqHH.exe
  C:\Windows\System\bJySqHH.exe
  2⤵
  PID:5468
- C:\Windows\System\PRaXdjk.exe
  C:\Windows\System\PRaXdjk.exe
  2⤵
  PID:5492
- C:\Windows\System\WXOBJaq.exe
  C:\Windows\System\WXOBJaq.exe
  2⤵
  PID:5464
- C:\Windows\System\miryoJo.exe
  C:\Windows\System\miryoJo.exe
  2⤵
  PID:5568
- C:\Windows\System\lqOqxsz.exe
  C:\Windows\System\lqOqxsz.exe
  2⤵
  PID:5548
- C:\Windows\System\KfjFVYH.exe
  C:\Windows\System\KfjFVYH.exe
  2⤵
  PID:5612
- C:\Windows\System\pJxwkZv.exe
  C:\Windows\System\pJxwkZv.exe
  2⤵
  PID:5628
- C:\Windows\System\aoRaMOQ.exe
  C:\Windows\System\aoRaMOQ.exe
  2⤵
  PID:5664
- C:\Windows\System\XkzMpXW.exe
  C:\Windows\System\XkzMpXW.exe
  2⤵
  PID:5668
- C:\Windows\System\RwgtWtG.exe
  C:\Windows\System\RwgtWtG.exe
  2⤵
  PID:5728
- C:\Windows\System\WaCwUKl.exe
  C:\Windows\System\WaCwUKl.exe
  2⤵
  PID:5748
- C:\Windows\System\KpEThlr.exe
  C:\Windows\System\KpEThlr.exe
  2⤵
  PID:5860
- C:\Windows\System\XlDUtHn.exe
  C:\Windows\System\XlDUtHn.exe
  2⤵
  PID:5800
- C:\Windows\System\JSARkRV.exe
  C:\Windows\System\JSARkRV.exe
  2⤵
  PID:5884
- C:\Windows\System\pwFOdKY.exe
  C:\Windows\System\pwFOdKY.exe
  2⤵
  PID:5908
- C:\Windows\System\XKGsKIu.exe
  C:\Windows\System\XKGsKIu.exe
  2⤵
  PID:5956
- C:\Windows\System\EFSLKyQ.exe
  C:\Windows\System\EFSLKyQ.exe
  2⤵
  PID:5980
- C:\Windows\System\YLImXzC.exe
  C:\Windows\System\YLImXzC.exe
  2⤵
  PID:6004
- C:\Windows\System\AIEMlxH.exe
  C:\Windows\System\AIEMlxH.exe
  2⤵
  PID:6044
- C:\Windows\System\AGKmyuy.exe
  C:\Windows\System\AGKmyuy.exe
  2⤵
  PID:6080
- C:\Windows\System\cVNPRwc.exe
  C:\Windows\System\cVNPRwc.exe
  2⤵
  PID:6136
- C:\Windows\System\WgrlQRQ.exe
  C:\Windows\System\WgrlQRQ.exe
  2⤵
  PID:5176
- C:\Windows\System\CBNrQjD.exe
  C:\Windows\System\CBNrQjD.exe
  2⤵
  PID:6120
- C:\Windows\System\oPEKeyT.exe
  C:\Windows\System\oPEKeyT.exe
  2⤵
  PID:5256
- C:\Windows\System\mqHLpRX.exe
  C:\Windows\System\mqHLpRX.exe
  2⤵
  PID:5240
- C:\Windows\System\MsdvdMg.exe
  C:\Windows\System\MsdvdMg.exe
  2⤵
  PID:5296
- C:\Windows\System\iBqflNN.exe
  C:\Windows\System\iBqflNN.exe
  2⤵
  PID:5308
- C:\Windows\System\aewjMJp.exe
  C:\Windows\System\aewjMJp.exe
  2⤵
  PID:5428
- C:\Windows\System\IWxYJec.exe
  C:\Windows\System\IWxYJec.exe
  2⤵
  PID:5476
- C:\Windows\System\DJfkbga.exe
  C:\Windows\System\DJfkbga.exe
  2⤵
  PID:4624
- C:\Windows\System\QXUUvMx.exe
  C:\Windows\System\QXUUvMx.exe
  2⤵
  PID:5552
- C:\Windows\System\cAFwPTX.exe
  C:\Windows\System\cAFwPTX.exe
  2⤵
  PID:5652
- C:\Windows\System\PUPSRvd.exe
  C:\Windows\System\PUPSRvd.exe
  2⤵
  PID:5596
- C:\Windows\System\ttvsoTS.exe
  C:\Windows\System\ttvsoTS.exe
  2⤵
  PID:5756
- C:\Windows\System\laCMxyA.exe
  C:\Windows\System\laCMxyA.exe
  2⤵
  PID:5816
- C:\Windows\System\xytdaBa.exe
  C:\Windows\System\xytdaBa.exe
  2⤵
  PID:5892
- C:\Windows\System\KBTtldo.exe
  C:\Windows\System\KBTtldo.exe
  2⤵
  PID:5936
- C:\Windows\System\EtXjTAX.exe
  C:\Windows\System\EtXjTAX.exe
  2⤵
  PID:5912
- C:\Windows\System\ycDaPQV.exe
  C:\Windows\System\ycDaPQV.exe
  2⤵
  PID:6024
- C:\Windows\System\SwWZOqc.exe
  C:\Windows\System\SwWZOqc.exe
  2⤵
  PID:6096
- C:\Windows\System\jtntHGv.exe
  C:\Windows\System\jtntHGv.exe
  2⤵
  PID:4140
- C:\Windows\System\llvGInM.exe
  C:\Windows\System\llvGInM.exe
  2⤵
  PID:4628
- C:\Windows\System\LHtlUwi.exe
  C:\Windows\System\LHtlUwi.exe
  2⤵
  PID:5224
- C:\Windows\System\TUMKsMk.exe
  C:\Windows\System\TUMKsMk.exe
  2⤵
  PID:5392
- C:\Windows\System\GRaZgoX.exe
  C:\Windows\System\GRaZgoX.exe
  2⤵
  PID:5440
- C:\Windows\System\fPdcsMD.exe
  C:\Windows\System\fPdcsMD.exe
  2⤵
  PID:5536
- C:\Windows\System\nSsyXHt.exe
  C:\Windows\System\nSsyXHt.exe
  2⤵
  PID:5676
- C:\Windows\System\vZyTxRf.exe
  C:\Windows\System\vZyTxRf.exe
  2⤵
  PID:5712
- C:\Windows\System\vEhSKvl.exe
  C:\Windows\System\vEhSKvl.exe
  2⤵
  PID:5848
- C:\Windows\System\aqbEMuq.exe
  C:\Windows\System\aqbEMuq.exe
  2⤵
  PID:5824
- C:\Windows\System\LdggVKZ.exe
  C:\Windows\System\LdggVKZ.exe
  2⤵
  PID:6020
- C:\Windows\System\CQiHvoK.exe
  C:\Windows\System\CQiHvoK.exe
  2⤵
  PID:6064
- C:\Windows\System\gTSrZFV.exe
  C:\Windows\System\gTSrZFV.exe
  2⤵
  PID:5864
- C:\Windows\System\CbcQdLi.exe
  C:\Windows\System\CbcQdLi.exe
  2⤵
  PID:5280
- C:\Windows\System\CKkIsAK.exe
  C:\Windows\System\CKkIsAK.exe
  2⤵
  PID:5488
- C:\Windows\System\tzsgPYG.exe
  C:\Windows\System\tzsgPYG.exe
  2⤵
  PID:5648
- C:\Windows\System\rLzEwpA.exe
  C:\Windows\System\rLzEwpA.exe
  2⤵
  PID:5772
- C:\Windows\System\haDDJsd.exe
  C:\Windows\System\haDDJsd.exe
  2⤵
  PID:6000
- C:\Windows\System\HqJgqrS.exe
  C:\Windows\System\HqJgqrS.exe
  2⤵
  PID:5960
- C:\Windows\System\BxOpaQf.exe
  C:\Windows\System\BxOpaQf.exe
  2⤵
  PID:4788
- C:\Windows\System\OLsUYQc.exe
  C:\Windows\System\OLsUYQc.exe
  2⤵
  PID:5484
- C:\Windows\System\pVtNwmp.exe
  C:\Windows\System\pVtNwmp.exe
  2⤵
  PID:5380
- C:\Windows\System\QgEdIPR.exe
  C:\Windows\System\QgEdIPR.exe
  2⤵
  PID:5984
- C:\Windows\System\zeFkXrI.exe
  C:\Windows\System\zeFkXrI.exe
  2⤵
  PID:6100
- C:\Windows\System\PaDoTUm.exe
  C:\Windows\System\PaDoTUm.exe
  2⤵
  PID:5408
- C:\Windows\System\AUqjzqA.exe
  C:\Windows\System\AUqjzqA.exe
  2⤵
  PID:5512
- C:\Windows\System\wByiCSy.exe
  C:\Windows\System\wByiCSy.exe
  2⤵
  PID:6068
- C:\Windows\System\EJXraFH.exe
  C:\Windows\System\EJXraFH.exe
  2⤵
  PID:5732
- C:\Windows\System\kRsFFpk.exe
  C:\Windows\System\kRsFFpk.exe
  2⤵
  PID:5868
- C:\Windows\System\QzHlIVE.exe
  C:\Windows\System\QzHlIVE.exe
  2⤵
  PID:6164
- C:\Windows\System\ywIMREN.exe
  C:\Windows\System\ywIMREN.exe
  2⤵
  PID:6184
- C:\Windows\System\HQMTEHI.exe
  C:\Windows\System\HQMTEHI.exe
  2⤵
  PID:6212
- C:\Windows\System\DheELRm.exe
  C:\Windows\System\DheELRm.exe
  2⤵
  PID:6228
- C:\Windows\System\kZhPruQ.exe
  C:\Windows\System\kZhPruQ.exe
  2⤵
  PID:6252
- C:\Windows\System\tVJfzGs.exe
  C:\Windows\System\tVJfzGs.exe
  2⤵
  PID:6268
- C:\Windows\System\WdrOzxO.exe
  C:\Windows\System\WdrOzxO.exe
  2⤵
  PID:6288
- C:\Windows\System\BnwfNrW.exe
  C:\Windows\System\BnwfNrW.exe
  2⤵
  PID:6304
- C:\Windows\System\ChAFLuj.exe
  C:\Windows\System\ChAFLuj.exe
  2⤵
  PID:6324
- C:\Windows\System\tPsRfuF.exe
  C:\Windows\System\tPsRfuF.exe
  2⤵
  PID:6344
- C:\Windows\System\gleEEQe.exe
  C:\Windows\System\gleEEQe.exe
  2⤵
  PID:6364
- C:\Windows\System\TNOXdXq.exe
  C:\Windows\System\TNOXdXq.exe
  2⤵
  PID:6384
- C:\Windows\System\YLeCbzE.exe
  C:\Windows\System\YLeCbzE.exe
  2⤵
  PID:6404
- C:\Windows\System\wEyRCaT.exe
  C:\Windows\System\wEyRCaT.exe
  2⤵
  PID:6420
- C:\Windows\System\ZjcYtfm.exe
  C:\Windows\System\ZjcYtfm.exe
  2⤵
  PID:6448
- C:\Windows\System\LGybvvP.exe
  C:\Windows\System\LGybvvP.exe
  2⤵
  PID:6464
- C:\Windows\System\mihugwO.exe
  C:\Windows\System\mihugwO.exe
  2⤵
  PID:6492
- C:\Windows\System\DvtQMNA.exe
  C:\Windows\System\DvtQMNA.exe
  2⤵
  PID:6520
- C:\Windows\System\yRcdVbK.exe
  C:\Windows\System\yRcdVbK.exe
  2⤵
  PID:6540
- C:\Windows\System\cdwAkyJ.exe
  C:\Windows\System\cdwAkyJ.exe
  2⤵
  PID:6556
- C:\Windows\System\PXeGRbk.exe
  C:\Windows\System\PXeGRbk.exe
  2⤵
  PID:6572
- C:\Windows\System\LaIXFkx.exe
  C:\Windows\System\LaIXFkx.exe
  2⤵
  PID:6596
- C:\Windows\System\UIpeerj.exe
  C:\Windows\System\UIpeerj.exe
  2⤵
  PID:6616
- C:\Windows\System\VExGGrQ.exe
  C:\Windows\System\VExGGrQ.exe
  2⤵
  PID:6636
- C:\Windows\System\DQHGDdC.exe
  C:\Windows\System\DQHGDdC.exe
  2⤵
  PID:6652
- C:\Windows\System\TRGtlMb.exe
  C:\Windows\System\TRGtlMb.exe
  2⤵
  PID:6676
- C:\Windows\System\ZsYAkBl.exe
  C:\Windows\System\ZsYAkBl.exe
  2⤵
  PID:6692
- C:\Windows\System\TkYykxv.exe
  C:\Windows\System\TkYykxv.exe
  2⤵
  PID:6708
- C:\Windows\System\FnyuGlz.exe
  C:\Windows\System\FnyuGlz.exe
  2⤵
  PID:6728
- C:\Windows\System\UZOXKGm.exe
  C:\Windows\System\UZOXKGm.exe
  2⤵
  PID:6744
- C:\Windows\System\qLbSQvV.exe
  C:\Windows\System\qLbSQvV.exe
  2⤵
  PID:6764
- C:\Windows\System\bBGIwow.exe
  C:\Windows\System\bBGIwow.exe
  2⤵
  PID:6780
- C:\Windows\System\MLNGJDw.exe
  C:\Windows\System\MLNGJDw.exe
  2⤵
  PID:6800
- C:\Windows\System\CdWjIHU.exe
  C:\Windows\System\CdWjIHU.exe
  2⤵
  PID:6820
- C:\Windows\System\VgAwKMk.exe
  C:\Windows\System\VgAwKMk.exe
  2⤵
  PID:6836
- C:\Windows\System\RYRKJzE.exe
  C:\Windows\System\RYRKJzE.exe
  2⤵
  PID:6852
- C:\Windows\System\lCSMAyw.exe
  C:\Windows\System\lCSMAyw.exe
  2⤵
  PID:6880
- C:\Windows\System\tXjcSHN.exe
  C:\Windows\System\tXjcSHN.exe
  2⤵
  PID:6912
- C:\Windows\System\AYpwfFZ.exe
  C:\Windows\System\AYpwfFZ.exe
  2⤵
  PID:6928
- C:\Windows\System\DCSpBUT.exe
  C:\Windows\System\DCSpBUT.exe
  2⤵
  PID:6952
- C:\Windows\System\sSGTMiv.exe
  C:\Windows\System\sSGTMiv.exe
  2⤵
  PID:6972
- C:\Windows\System\VSNpDcR.exe
  C:\Windows\System\VSNpDcR.exe
  2⤵
  PID:6992
- C:\Windows\System\VsTStjd.exe
  C:\Windows\System\VsTStjd.exe
  2⤵
  PID:7024
- C:\Windows\System\KTGpCZI.exe
  C:\Windows\System\KTGpCZI.exe
  2⤵
  PID:7040
- C:\Windows\System\VJRawlU.exe
  C:\Windows\System\VJRawlU.exe
  2⤵
  PID:7064
- C:\Windows\System\LYWUKUG.exe
  C:\Windows\System\LYWUKUG.exe
  2⤵
  PID:7080
- C:\Windows\System\hnbRhQe.exe
  C:\Windows\System\hnbRhQe.exe
  2⤵
  PID:7104
- C:\Windows\System\VJZrZqP.exe
  C:\Windows\System\VJZrZqP.exe
  2⤵
  PID:7124
- C:\Windows\System\ELpJwdo.exe
  C:\Windows\System\ELpJwdo.exe
  2⤵
  PID:7144
- C:\Windows\System\uafbAes.exe
  C:\Windows\System\uafbAes.exe
  2⤵
  PID:7160
- C:\Windows\System\qFEciUJ.exe
  C:\Windows\System\qFEciUJ.exe
  2⤵
  PID:6152
- C:\Windows\System\TwfJmMu.exe
  C:\Windows\System\TwfJmMu.exe
  2⤵
  PID:6176
- C:\Windows\System\tFGiHUT.exe
  C:\Windows\System\tFGiHUT.exe
  2⤵
  PID:6204
- C:\Windows\System\zBmcFQi.exe
  C:\Windows\System\zBmcFQi.exe
  2⤵
  PID:6244
- C:\Windows\System\HuMXlrj.exe
  C:\Windows\System\HuMXlrj.exe
  2⤵
  PID:6284
- C:\Windows\System\KZrjdBR.exe
  C:\Windows\System\KZrjdBR.exe
  2⤵
  PID:6260
- C:\Windows\System\lrZCNDi.exe
  C:\Windows\System\lrZCNDi.exe
  2⤵
  PID:6296
- C:\Windows\System\ADyyoEh.exe
  C:\Windows\System\ADyyoEh.exe
  2⤵
  PID:6336
- C:\Windows\System\JnmrNPs.exe
  C:\Windows\System\JnmrNPs.exe
  2⤵
  PID:6432
- C:\Windows\System\LrOHDLN.exe
  C:\Windows\System\LrOHDLN.exe
  2⤵
  PID:6412
- C:\Windows\System\HpEzqYm.exe
  C:\Windows\System\HpEzqYm.exe
  2⤵
  PID:6444
- C:\Windows\System\PAXXhri.exe
  C:\Windows\System\PAXXhri.exe
  2⤵
  PID:6480
- C:\Windows\System\bEbYTBh.exe
  C:\Windows\System\bEbYTBh.exe
  2⤵
  PID:6552
- C:\Windows\System\CyVEBxH.exe
  C:\Windows\System\CyVEBxH.exe
  2⤵
  PID:6588
- C:\Windows\System\qvwsaDl.exe
  C:\Windows\System\qvwsaDl.exe
  2⤵
  PID:6608
- C:\Windows\System\lorKJnN.exe
  C:\Windows\System\lorKJnN.exe
  2⤵
  PID:6648
- C:\Windows\System\iDubcsF.exe
  C:\Windows\System\iDubcsF.exe
  2⤵
  PID:6632
- C:\Windows\System\bKqlEZy.exe
  C:\Windows\System\bKqlEZy.exe
  2⤵
  PID:6816
- C:\Windows\System\dEKMVfX.exe
  C:\Windows\System\dEKMVfX.exe
  2⤵
  PID:6724
- C:\Windows\System\FDqSNMW.exe
  C:\Windows\System\FDqSNMW.exe
  2⤵
  PID:6792
- C:\Windows\System\zpMfQfQ.exe
  C:\Windows\System\zpMfQfQ.exe
  2⤵
  PID:6864
- C:\Windows\System\mzkMmKz.exe
  C:\Windows\System\mzkMmKz.exe
  2⤵
  PID:6808
- C:\Windows\System\nZGqRkL.exe
  C:\Windows\System\nZGqRkL.exe
  2⤵
  PID:6888
- C:\Windows\System\VvnzJdY.exe
  C:\Windows\System\VvnzJdY.exe
  2⤵
  PID:6896
- C:\Windows\System\LWdeisX.exe
  C:\Windows\System\LWdeisX.exe
  2⤵
  PID:6936
- C:\Windows\System\rUMYitL.exe
  C:\Windows\System\rUMYitL.exe
  2⤵
  PID:6980
- C:\Windows\System\iIzxnOL.exe
  C:\Windows\System\iIzxnOL.exe
  2⤵
  PID:7012
- C:\Windows\System\HDdfgQq.exe
  C:\Windows\System\HDdfgQq.exe
  2⤵
  PID:7052
- C:\Windows\System\VvneSWl.exe
  C:\Windows\System\VvneSWl.exe
  2⤵
  PID:7088
- C:\Windows\System\AcTipNA.exe
  C:\Windows\System\AcTipNA.exe
  2⤵
  PID:7136
- C:\Windows\System\CYgLKFL.exe
  C:\Windows\System\CYgLKFL.exe
  2⤵
  PID:7156
- C:\Windows\System\LNUQEjj.exe
  C:\Windows\System\LNUQEjj.exe
  2⤵
  PID:6224
- C:\Windows\System\BCnLZre.exe
  C:\Windows\System\BCnLZre.exe
  2⤵
  PID:6276
- C:\Windows\System\GUXvhoi.exe
  C:\Windows\System\GUXvhoi.exe
  2⤵
  PID:6356
- C:\Windows\System\ITuLlJt.exe
  C:\Windows\System\ITuLlJt.exe
  2⤵
  PID:6376
- C:\Windows\System\tSzDPEA.exe
  C:\Windows\System\tSzDPEA.exe
  2⤵
  PID:6460
- C:\Windows\System\ewLXCLl.exe
  C:\Windows\System\ewLXCLl.exe
  2⤵
  PID:6512
- C:\Windows\System\sYELAbm.exe
  C:\Windows\System\sYELAbm.exe
  2⤵
  PID:6332
- C:\Windows\System\vmIpOvg.exe
  C:\Windows\System\vmIpOvg.exe
  2⤵
  PID:6472
- C:\Windows\System\rBaewSJ.exe
  C:\Windows\System\rBaewSJ.exe
  2⤵
  PID:6536
- C:\Windows\System\jaLqkPg.exe
  C:\Windows\System\jaLqkPg.exe
  2⤵
  PID:6604
- C:\Windows\System\QtHPgVT.exe
  C:\Windows\System\QtHPgVT.exe
  2⤵
  PID:6688
- C:\Windows\System\PeceZTF.exe
  C:\Windows\System\PeceZTF.exe
  2⤵
  PID:6812
- C:\Windows\System\GeMTKMP.exe
  C:\Windows\System\GeMTKMP.exe
  2⤵
  PID:6860
- C:\Windows\System\qEeskHv.exe
  C:\Windows\System\qEeskHv.exe
  2⤵
  PID:7008
- C:\Windows\System\lahBCaN.exe
  C:\Windows\System\lahBCaN.exe
  2⤵
  PID:6872
- C:\Windows\System\hkEmRZF.exe
  C:\Windows\System\hkEmRZF.exe
  2⤵
  PID:6988
- C:\Windows\System\AYoiddk.exe
  C:\Windows\System\AYoiddk.exe
  2⤵
  PID:7020
- C:\Windows\System\TNChHBK.exe
  C:\Windows\System\TNChHBK.exe
  2⤵
  PID:7092
- C:\Windows\System\UfTbtCH.exe
  C:\Windows\System\UfTbtCH.exe
  2⤵
  PID:6220
- C:\Windows\System\wOUUMou.exe
  C:\Windows\System\wOUUMou.exe
  2⤵
  PID:5236
- C:\Windows\System\eTSkubb.exe
  C:\Windows\System\eTSkubb.exe
  2⤵
  PID:6316
- C:\Windows\System\tgaaIMI.exe
  C:\Windows\System\tgaaIMI.exe
  2⤵
  PID:6320
- C:\Windows\System\nBarhnx.exe
  C:\Windows\System\nBarhnx.exe
  2⤵
  PID:6456
- C:\Windows\System\VakuiNt.exe
  C:\Windows\System\VakuiNt.exe
  2⤵
  PID:6592
- C:\Windows\System\dPFOrYO.exe
  C:\Windows\System\dPFOrYO.exe
  2⤵
  PID:6720
- C:\Windows\System\ZWvjyxA.exe
  C:\Windows\System\ZWvjyxA.exe
  2⤵
  PID:6624
- C:\Windows\System\RqYwcIG.exe
  C:\Windows\System\RqYwcIG.exe
  2⤵
  PID:6776
- C:\Windows\System\mlBSAEP.exe
  C:\Windows\System\mlBSAEP.exe
  2⤵
  PID:6700
- C:\Windows\System\WXxciXv.exe
  C:\Windows\System\WXxciXv.exe
  2⤵
  PID:692
- C:\Windows\System\fRogqGl.exe
  C:\Windows\System\fRogqGl.exe
  2⤵
  PID:952
- C:\Windows\System\vwYRGeu.exe
  C:\Windows\System\vwYRGeu.exe
  2⤵
  PID:2652
- C:\Windows\System\PriuVJV.exe
  C:\Windows\System\PriuVJV.exe
  2⤵
  PID:6196
- C:\Windows\System\tUeQEQL.exe
  C:\Windows\System\tUeQEQL.exe
  2⤵
  PID:6428
- C:\Windows\System\UsGPWAy.exe
  C:\Windows\System\UsGPWAy.exe
  2⤵
  PID:6584
- C:\Windows\System\HNwwrVG.exe
  C:\Windows\System\HNwwrVG.exe
  2⤵
  PID:6788
- C:\Windows\System\LirKZtT.exe
  C:\Windows\System\LirKZtT.exe
  2⤵
  PID:6488
- C:\Windows\System\zfzZmbU.exe
  C:\Windows\System\zfzZmbU.exe
  2⤵
  PID:6848
- C:\Windows\System\pHGFtPW.exe
  C:\Windows\System\pHGFtPW.exe
  2⤵
  PID:6968
- C:\Windows\System\scOBPhw.exe
  C:\Windows\System\scOBPhw.exe
  2⤵
  PID:7036
- C:\Windows\System\JRDgdyu.exe
  C:\Windows\System\JRDgdyu.exe
  2⤵
  PID:7140
- C:\Windows\System\ukclQRL.exe
  C:\Windows\System\ukclQRL.exe
  2⤵
  PID:6436
- C:\Windows\System\hiiJrfC.exe
  C:\Windows\System\hiiJrfC.exe
  2⤵
  PID:6828
- C:\Windows\System\sLROYDb.exe
  C:\Windows\System\sLROYDb.exe
  2⤵
  PID:7176
- C:\Windows\System\dzultiI.exe
  C:\Windows\System\dzultiI.exe
  2⤵
  PID:7192
- C:\Windows\System\SluSCyQ.exe
  C:\Windows\System\SluSCyQ.exe
  2⤵
  PID:7232
- C:\Windows\System\NaJqGcP.exe
  C:\Windows\System\NaJqGcP.exe
  2⤵
  PID:7248
- C:\Windows\System\CtVtGlq.exe
  C:\Windows\System\CtVtGlq.exe
  2⤵
  PID:7268
- C:\Windows\System\UCiRJkw.exe
  C:\Windows\System\UCiRJkw.exe
  2⤵
  PID:7284
- C:\Windows\System\quMzLNZ.exe
  C:\Windows\System\quMzLNZ.exe
  2⤵
  PID:7300
- C:\Windows\System\WCAeZxH.exe
  C:\Windows\System\WCAeZxH.exe
  2⤵
  PID:7332
- C:\Windows\System\bLsvPGO.exe
  C:\Windows\System\bLsvPGO.exe
  2⤵
  PID:7348
- C:\Windows\System\YIefwzi.exe
  C:\Windows\System\YIefwzi.exe
  2⤵
  PID:7364
- C:\Windows\System\lpIyUcv.exe
  C:\Windows\System\lpIyUcv.exe
  2⤵
  PID:7384
- C:\Windows\System\IgerOTl.exe
  C:\Windows\System\IgerOTl.exe
  2⤵
  PID:7400
- C:\Windows\System\EcIrriB.exe
  C:\Windows\System\EcIrriB.exe
  2⤵
  PID:7428
- C:\Windows\System\gwpEswv.exe
  C:\Windows\System\gwpEswv.exe
  2⤵
  PID:7444
- C:\Windows\System\uZUXAXo.exe
  C:\Windows\System\uZUXAXo.exe
  2⤵
  PID:7464
- C:\Windows\System\YMHigIB.exe
  C:\Windows\System\YMHigIB.exe
  2⤵
  PID:7480
- C:\Windows\System\CPGBqVK.exe
  C:\Windows\System\CPGBqVK.exe
  2⤵
  PID:7500
- C:\Windows\System\irLLHdW.exe
  C:\Windows\System\irLLHdW.exe
  2⤵
  PID:7520
- C:\Windows\System\rZwxMFF.exe
  C:\Windows\System\rZwxMFF.exe
  2⤵
  PID:7540
- C:\Windows\System\SEqqJTk.exe
  C:\Windows\System\SEqqJTk.exe
  2⤵
  PID:7568
- C:\Windows\System\ggvQoTm.exe
  C:\Windows\System\ggvQoTm.exe
  2⤵
  PID:7584
- C:\Windows\System\eJsUmoc.exe
  C:\Windows\System\eJsUmoc.exe
  2⤵
  PID:7616
- C:\Windows\System\sSGmMID.exe
  C:\Windows\System\sSGmMID.exe
  2⤵
  PID:7632
- C:\Windows\System\WsVTMHw.exe
  C:\Windows\System\WsVTMHw.exe
  2⤵
  PID:7656
- C:\Windows\System\wXKRIAC.exe
  C:\Windows\System\wXKRIAC.exe
  2⤵
  PID:7672
- C:\Windows\System\jESTJvD.exe
  C:\Windows\System\jESTJvD.exe
  2⤵
  PID:7688
- C:\Windows\System\jiXBbui.exe
  C:\Windows\System\jiXBbui.exe
  2⤵
  PID:7716
- C:\Windows\System\MFGvbAa.exe
  C:\Windows\System\MFGvbAa.exe
  2⤵
  PID:7752
- C:\Windows\System\JaeianV.exe
  C:\Windows\System\JaeianV.exe
  2⤵
  PID:7768
- C:\Windows\System\rUOxPuO.exe
  C:\Windows\System\rUOxPuO.exe
  2⤵
  PID:7784
- C:\Windows\System\yyphGZl.exe
  C:\Windows\System\yyphGZl.exe
  2⤵
  PID:7804
- C:\Windows\System\IaEcIkI.exe
  C:\Windows\System\IaEcIkI.exe
  2⤵
  PID:7824
- C:\Windows\System\EsnZzmf.exe
  C:\Windows\System\EsnZzmf.exe
  2⤵
  PID:7840
- C:\Windows\System\AzdJwVQ.exe
  C:\Windows\System\AzdJwVQ.exe
  2⤵
  PID:7856
- C:\Windows\System\twbYAwM.exe
  C:\Windows\System\twbYAwM.exe
  2⤵
  PID:7872
- C:\Windows\System\DwuWtwA.exe
  C:\Windows\System\DwuWtwA.exe
  2⤵
  PID:7892
- C:\Windows\System\eBrWpIb.exe
  C:\Windows\System\eBrWpIb.exe
  2⤵
  PID:7908
- C:\Windows\System\FmtjMgs.exe
  C:\Windows\System\FmtjMgs.exe
  2⤵
  PID:7956
- C:\Windows\System\ERJguLE.exe
  C:\Windows\System\ERJguLE.exe
  2⤵
  PID:7972
- C:\Windows\System\jzjNnqc.exe
  C:\Windows\System\jzjNnqc.exe
  2⤵
  PID:7996
- C:\Windows\System\eyHlmGO.exe
  C:\Windows\System\eyHlmGO.exe
  2⤵
  PID:8012
- C:\Windows\System\EDingSQ.exe
  C:\Windows\System\EDingSQ.exe
  2⤵
  PID:8036
- C:\Windows\System\sHDVJhL.exe
  C:\Windows\System\sHDVJhL.exe
  2⤵
  PID:8052
- C:\Windows\System\mrstowX.exe
  C:\Windows\System\mrstowX.exe
  2⤵
  PID:8068
- C:\Windows\System\dtNkquL.exe
  C:\Windows\System\dtNkquL.exe
  2⤵
  PID:8084
- C:\Windows\System\uNYCrue.exe
  C:\Windows\System\uNYCrue.exe
  2⤵
  PID:8116
- C:\Windows\System\vGsSTZV.exe
  C:\Windows\System\vGsSTZV.exe
  2⤵
  PID:8136
- C:\Windows\System\shTPqOh.exe
  C:\Windows\System\shTPqOh.exe
  2⤵
  PID:8152
- C:\Windows\System\FFvTchT.exe
  C:\Windows\System\FFvTchT.exe
  2⤵
  PID:8176
- C:\Windows\System\FiJNknQ.exe
  C:\Windows\System\FiJNknQ.exe
  2⤵
  PID:264
- C:\Windows\System\iaOUDJb.exe
  C:\Windows\System\iaOUDJb.exe
  2⤵
  PID:7120
- C:\Windows\System\CDyHYtD.exe
  C:\Windows\System\CDyHYtD.exe
  2⤵
  PID:6568
- C:\Windows\System\DJBKXiS.exe
  C:\Windows\System\DJBKXiS.exe
  2⤵
  PID:7212
- C:\Windows\System\VSJkAeV.exe
  C:\Windows\System\VSJkAeV.exe
  2⤵
  PID:7220
- C:\Windows\System\VbUQEpX.exe
  C:\Windows\System\VbUQEpX.exe
  2⤵
  PID:7228
- C:\Windows\System\gBQNtDk.exe
  C:\Windows\System\gBQNtDk.exe
  2⤵
  PID:7280
- C:\Windows\System\HJGTJAJ.exe
  C:\Windows\System\HJGTJAJ.exe
  2⤵
  PID:7320
- C:\Windows\System\HlUCMhI.exe
  C:\Windows\System\HlUCMhI.exe
  2⤵
  PID:7260
- C:\Windows\System\nUaWdoG.exe
  C:\Windows\System\nUaWdoG.exe
  2⤵
  PID:7360
- C:\Windows\System\nHCBgRt.exe
  C:\Windows\System\nHCBgRt.exe
  2⤵
  PID:7408
- C:\Windows\System\gYXtFRD.exe
  C:\Windows\System\gYXtFRD.exe
  2⤵
  PID:7440
- C:\Windows\System\VXKSTjN.exe
  C:\Windows\System\VXKSTjN.exe
  2⤵
  PID:7424
- C:\Windows\System\tytUhRd.exe
  C:\Windows\System\tytUhRd.exe
  2⤵
  PID:7496
- C:\Windows\System\bmCiyOY.exe
  C:\Windows\System\bmCiyOY.exe
  2⤵
  PID:7516
- C:\Windows\System\oGdSsWN.exe
  C:\Windows\System\oGdSsWN.exe
  2⤵
  PID:7560
- C:\Windows\System\wXqZIUk.exe
  C:\Windows\System\wXqZIUk.exe
  2⤵
  PID:7528
- C:\Windows\System\EPBBJPG.exe
  C:\Windows\System\EPBBJPG.exe
  2⤵
  PID:7600
- C:\Windows\System\wontLrU.exe
  C:\Windows\System\wontLrU.exe
  2⤵
  PID:7624
- C:\Windows\System\DFVADNv.exe
  C:\Windows\System\DFVADNv.exe
  2⤵
  PID:7652
- C:\Windows\System\PqRaCWj.exe
  C:\Windows\System\PqRaCWj.exe
  2⤵
  PID:7696
- C:\Windows\System\tqlCwDG.exe
  C:\Windows\System\tqlCwDG.exe
  2⤵
  PID:7712
- C:\Windows\System\aoYfmmq.exe
  C:\Windows\System\aoYfmmq.exe
  2⤵
  PID:7744
- C:\Windows\System\EvyJbBg.exe
  C:\Windows\System\EvyJbBg.exe
  2⤵
  PID:7816
- C:\Windows\System\WqAuiLg.exe
  C:\Windows\System\WqAuiLg.exe
  2⤵
  PID:7920
- C:\Windows\System\lefPZVT.exe
  C:\Windows\System\lefPZVT.exe
  2⤵
  PID:7792
- C:\Windows\System\BwRZSwm.exe
  C:\Windows\System\BwRZSwm.exe
  2⤵
  PID:7800
- C:\Windows\System\tbqtwlM.exe
  C:\Windows\System\tbqtwlM.exe
  2⤵
  PID:7940
- C:\Windows\System\lfZGmie.exe
  C:\Windows\System\lfZGmie.exe
  2⤵
  PID:7980
- C:\Windows\System\BpNGuVt.exe
  C:\Windows\System\BpNGuVt.exe
  2⤵
  PID:8020
- C:\Windows\System\sswSbrw.exe
  C:\Windows\System\sswSbrw.exe
  2⤵
  PID:7740
- C:\Windows\System\ONCnjXh.exe
  C:\Windows\System\ONCnjXh.exe
  2⤵
  PID:8064
- C:\Windows\System\gXvjrPr.exe
  C:\Windows\System\gXvjrPr.exe
  2⤵
  PID:8092
- C:\Windows\System\TEZUfjq.exe
  C:\Windows\System\TEZUfjq.exe
  2⤵
  PID:7112
- C:\Windows\System\TTDtSxV.exe
  C:\Windows\System\TTDtSxV.exe
  2⤵
  PID:8128
- C:\Windows\System\BxiMuZB.exe
  C:\Windows\System\BxiMuZB.exe
  2⤵
  PID:6360
- C:\Windows\System\bSuKAwf.exe
  C:\Windows\System\bSuKAwf.exe
  2⤵
  PID:6760
- C:\Windows\System\AQwLslz.exe
  C:\Windows\System\AQwLslz.exe
  2⤵
  PID:7208
- C:\Windows\System\GcWGAKq.exe
  C:\Windows\System\GcWGAKq.exe
  2⤵
  PID:7308
- C:\Windows\System\bNPhlxF.exe
  C:\Windows\System\bNPhlxF.exe
  2⤵
  PID:1628
- C:\Windows\System\UksqVdf.exe
  C:\Windows\System\UksqVdf.exe
  2⤵
  PID:7376
- C:\Windows\System\hpAuVNX.exe
  C:\Windows\System\hpAuVNX.exe
  2⤵
  PID:7436
- C:\Windows\System\ONepvCW.exe
  C:\Windows\System\ONepvCW.exe
  2⤵
  PID:7460
- C:\Windows\System\FuPgALG.exe
  C:\Windows\System\FuPgALG.exe
  2⤵
  PID:7536
- C:\Windows\System\jmWyKYr.exe
  C:\Windows\System\jmWyKYr.exe
  2⤵
  PID:7724
- C:\Windows\System\zZYSULP.exe
  C:\Windows\System\zZYSULP.exe
  2⤵
  PID:7492
- C:\Windows\System\kbpQxNm.exe
  C:\Windows\System\kbpQxNm.exe
  2⤵
  PID:7640
- C:\Windows\System\pYEzkhJ.exe
  C:\Windows\System\pYEzkhJ.exe
  2⤵
  PID:7780
- C:\Windows\System\SWtHLuo.exe
  C:\Windows\System\SWtHLuo.exe
  2⤵
  PID:7836
- C:\Windows\System\wdDhEGL.exe
  C:\Windows\System\wdDhEGL.exe
  2⤵
  PID:7888
- C:\Windows\System\ssMNxjZ.exe
  C:\Windows\System\ssMNxjZ.exe
  2⤵
  PID:7932
- C:\Windows\System\VecRTBe.exe
  C:\Windows\System\VecRTBe.exe
  2⤵
  PID:7936
- C:\Windows\System\iDHcBdG.exe
  C:\Windows\System\iDHcBdG.exe
  2⤵
  PID:8044
- C:\Windows\System\eIdtjRH.exe
  C:\Windows\System\eIdtjRH.exe
  2⤵
  PID:8112
- C:\Windows\System\lPncMOk.exe
  C:\Windows\System\lPncMOk.exe
  2⤵
  PID:8160
- C:\Windows\System\gYsbqwQ.exe
  C:\Windows\System\gYsbqwQ.exe
  2⤵
  PID:2572
- C:\Windows\System\buqUgQU.exe
  C:\Windows\System\buqUgQU.exe
  2⤵
  PID:7188
- C:\Windows\System\CqUGdRf.exe
  C:\Windows\System\CqUGdRf.exe
  2⤵
  PID:7224
- C:\Windows\System\fqYttzx.exe
  C:\Windows\System\fqYttzx.exe
  2⤵
  PID:7296
- C:\Windows\System\VTjsztv.exe
  C:\Windows\System\VTjsztv.exe
  2⤵
  PID:7396
- C:\Windows\System\HrsDlhr.exe
  C:\Windows\System\HrsDlhr.exe
  2⤵
  PID:7476
- C:\Windows\System\gqjswtg.exe
  C:\Windows\System\gqjswtg.exe
  2⤵
  PID:8132
- C:\Windows\System\xlSOjXy.exe
  C:\Windows\System\xlSOjXy.exe
  2⤵
  PID:7592
- C:\Windows\System\RzTwGHc.exe
  C:\Windows\System\RzTwGHc.exe
  2⤵
  PID:7708
- C:\Windows\System\aFgeYdh.exe
  C:\Windows\System\aFgeYdh.exe
  2⤵
  PID:7848
- C:\Windows\System\CsDaHPi.exe
  C:\Windows\System\CsDaHPi.exe
  2⤵
  PID:7952
- C:\Windows\System\tVaHkPk.exe
  C:\Windows\System\tVaHkPk.exe
  2⤵
  PID:8004
- C:\Windows\System\JLmSDdg.exe
  C:\Windows\System\JLmSDdg.exe
  2⤵
  PID:8032
- C:\Windows\System\ItZzxmk.exe
  C:\Windows\System\ItZzxmk.exe
  2⤵
  PID:8172
- C:\Windows\System\EUhGJeY.exe
  C:\Windows\System\EUhGJeY.exe
  2⤵
  PID:7172
- C:\Windows\System\TAZRxfb.exe
  C:\Windows\System\TAZRxfb.exe
  2⤵
  PID:7416
- C:\Windows\System\IyZTdEk.exe
  C:\Windows\System\IyZTdEk.exe
  2⤵
  PID:7512
- C:\Windows\System\NdRYKIN.exe
  C:\Windows\System\NdRYKIN.exe
  2⤵
  PID:7760
- C:\Windows\System\HeqJquS.exe
  C:\Windows\System\HeqJquS.exe
  2⤵
  PID:7380
- C:\Windows\System\lDLspUX.exe
  C:\Windows\System\lDLspUX.exe
  2⤵
  PID:8060
- C:\Windows\System\DqEFXtQ.exe
  C:\Windows\System\DqEFXtQ.exe
  2⤵
  PID:8164
- C:\Windows\System\llqxHZb.exe
  C:\Windows\System\llqxHZb.exe
  2⤵
  PID:7904
- C:\Windows\System\byFBJBR.exe
  C:\Windows\System\byFBJBR.exe
  2⤵
  PID:7868
- C:\Windows\System\DkkZkFY.exe
  C:\Windows\System\DkkZkFY.exe
  2⤵
  PID:7340
- C:\Windows\System\VWfzShh.exe
  C:\Windows\System\VWfzShh.exe
  2⤵
  PID:7552
- C:\Windows\System\OxygTdR.exe
  C:\Windows\System\OxygTdR.exe
  2⤵
  PID:7796
- C:\Windows\System\PYGwuhX.exe
  C:\Windows\System\PYGwuhX.exe
  2⤵
  PID:7456
- C:\Windows\System\burUKBc.exe
  C:\Windows\System\burUKBc.exe
  2⤵
  PID:8124
- C:\Windows\System\rurXvUw.exe
  C:\Windows\System\rurXvUw.exe
  2⤵
  PID:8184
- C:\Windows\System\JgyTuxt.exe
  C:\Windows\System\JgyTuxt.exe
  2⤵
  PID:7984
- C:\Windows\System\PjJNBZl.exe
  C:\Windows\System\PjJNBZl.exe
  2⤵
  PID:7420
- C:\Windows\System\HXvvWqe.exe
  C:\Windows\System\HXvvWqe.exe
  2⤵
  PID:8212
- C:\Windows\System\UvKMeKd.exe
  C:\Windows\System\UvKMeKd.exe
  2⤵
  PID:8232
- C:\Windows\System\yGSCMKy.exe
  C:\Windows\System\yGSCMKy.exe
  2⤵
  PID:8248
- C:\Windows\System\JvrwNbT.exe
  C:\Windows\System\JvrwNbT.exe
  2⤵
  PID:8264
- C:\Windows\System\bKVvJjB.exe
  C:\Windows\System\bKVvJjB.exe
  2⤵
  PID:8292
- C:\Windows\System\IsYqdDY.exe
  C:\Windows\System\IsYqdDY.exe
  2⤵
  PID:8312
- C:\Windows\System\vRSRpqo.exe
  C:\Windows\System\vRSRpqo.exe
  2⤵
  PID:8340
- C:\Windows\System\zCdMRLX.exe
  C:\Windows\System\zCdMRLX.exe
  2⤵
  PID:8356
- C:\Windows\System\aBEYxOI.exe
  C:\Windows\System\aBEYxOI.exe
  2⤵
  PID:8372
- C:\Windows\System\SIDCmun.exe
  C:\Windows\System\SIDCmun.exe
  2⤵
  PID:8388
- C:\Windows\System\kddCTWF.exe
  C:\Windows\System\kddCTWF.exe
  2⤵
  PID:8412
- C:\Windows\System\jJnAbmv.exe
  C:\Windows\System\jJnAbmv.exe
  2⤵
  PID:8432
- C:\Windows\System\gvlKOBG.exe
  C:\Windows\System\gvlKOBG.exe
  2⤵
  PID:8452
- C:\Windows\System\YxpzheI.exe
  C:\Windows\System\YxpzheI.exe
  2⤵
  PID:8472
- C:\Windows\System\nLYVMOi.exe
  C:\Windows\System\nLYVMOi.exe
  2⤵
  PID:8504
- C:\Windows\System\GLATFeF.exe
  C:\Windows\System\GLATFeF.exe
  2⤵
  PID:8520
- C:\Windows\System\gxHckNW.exe
  C:\Windows\System\gxHckNW.exe
  2⤵
  PID:8540
- C:\Windows\System\JvhddgH.exe
  C:\Windows\System\JvhddgH.exe
  2⤵
  PID:8560
- C:\Windows\System\ztyPOmD.exe
  C:\Windows\System\ztyPOmD.exe
  2⤵
  PID:8580
- C:\Windows\System\fcexxub.exe
  C:\Windows\System\fcexxub.exe
  2⤵
  PID:8600
- C:\Windows\System\QNIXtXK.exe
  C:\Windows\System\QNIXtXK.exe
  2⤵
  PID:8624
- C:\Windows\System\iHrgmDH.exe
  C:\Windows\System\iHrgmDH.exe
  2⤵
  PID:8640
- C:\Windows\System\MgKHzmi.exe
  C:\Windows\System\MgKHzmi.exe
  2⤵
  PID:8660
- C:\Windows\System\muaDXFF.exe
  C:\Windows\System\muaDXFF.exe
  2⤵
  PID:8680
- C:\Windows\System\JatyRuc.exe
  C:\Windows\System\JatyRuc.exe
  2⤵
  PID:8704
- C:\Windows\System\GXOWzaf.exe
  C:\Windows\System\GXOWzaf.exe
  2⤵
  PID:8720
- C:\Windows\System\nzNsGzi.exe
  C:\Windows\System\nzNsGzi.exe
  2⤵
  PID:8744
- C:\Windows\System\HONCGVN.exe
  C:\Windows\System\HONCGVN.exe
  2⤵
  PID:8764
- C:\Windows\System\tvatLPo.exe
  C:\Windows\System\tvatLPo.exe
  2⤵
  PID:8784
- C:\Windows\System\GhkeCWK.exe
  C:\Windows\System\GhkeCWK.exe
  2⤵
  PID:8800
- C:\Windows\System\aPiGLvk.exe
  C:\Windows\System\aPiGLvk.exe
  2⤵
  PID:8828
- C:\Windows\System\zMgVhTS.exe
  C:\Windows\System\zMgVhTS.exe
  2⤵
  PID:8844
- C:\Windows\System\uBihJCV.exe
  C:\Windows\System\uBihJCV.exe
  2⤵
  PID:8860
- C:\Windows\System\zOWDQEF.exe
  C:\Windows\System\zOWDQEF.exe
  2⤵
  PID:8876
- C:\Windows\System\zuSgddR.exe
  C:\Windows\System\zuSgddR.exe
  2⤵
  PID:8896
- C:\Windows\System\NpPfAHS.exe
  C:\Windows\System\NpPfAHS.exe
  2⤵
  PID:8928
- C:\Windows\System\AFdNRiG.exe
  C:\Windows\System\AFdNRiG.exe
  2⤵
  PID:8948
- C:\Windows\System\LCEOgfn.exe
  C:\Windows\System\LCEOgfn.exe
  2⤵
  PID:8968
- C:\Windows\System\YKugmFC.exe
  C:\Windows\System\YKugmFC.exe
  2⤵
  PID:8988
- C:\Windows\System\qYgxIAF.exe
  C:\Windows\System\qYgxIAF.exe
  2⤵
  PID:9012
- C:\Windows\System\LkLLvIp.exe
  C:\Windows\System\LkLLvIp.exe
  2⤵
  PID:9028
- C:\Windows\System\RNxVHPo.exe
  C:\Windows\System\RNxVHPo.exe
  2⤵
  PID:9048
- C:\Windows\System\NuWeMTo.exe
  C:\Windows\System\NuWeMTo.exe
  2⤵
  PID:9064
- C:\Windows\System\GtJIMYw.exe
  C:\Windows\System\GtJIMYw.exe
  2⤵
  PID:9084
- C:\Windows\System\oCigblI.exe
  C:\Windows\System\oCigblI.exe
  2⤵
  PID:9112
- C:\Windows\System\CTSEogq.exe
  C:\Windows\System\CTSEogq.exe
  2⤵
  PID:9128
- C:\Windows\System\iQmCwmi.exe
  C:\Windows\System\iQmCwmi.exe
  2⤵
  PID:9144
- C:\Windows\System\FSJThOv.exe
  C:\Windows\System\FSJThOv.exe
  2⤵
  PID:9164
- C:\Windows\System\kwNgVRX.exe
  C:\Windows\System\kwNgVRX.exe
  2⤵
  PID:9192
- C:\Windows\System\AJuvsWa.exe
  C:\Windows\System\AJuvsWa.exe
  2⤵
  PID:9208
- C:\Windows\System\JzolMnk.exe
  C:\Windows\System\JzolMnk.exe
  2⤵
  PID:7664
- C:\Windows\System\jWujNCW.exe
  C:\Windows\System\jWujNCW.exe
  2⤵
  PID:8240
- C:\Windows\System\MuRBgqD.exe
  C:\Windows\System\MuRBgqD.exe
  2⤵
  PID:8288
- C:\Windows\System\beAuRoq.exe
  C:\Windows\System\beAuRoq.exe
  2⤵
  PID:8284
- C:\Windows\System\aGLsOMJ.exe
  C:\Windows\System\aGLsOMJ.exe
  2⤵
  PID:8328
- C:\Windows\System\HzxsWVq.exe
  C:\Windows\System\HzxsWVq.exe
  2⤵
  PID:8348
- C:\Windows\System\RcdPfgV.exe
  C:\Windows\System\RcdPfgV.exe
  2⤵
  PID:8384
- C:\Windows\System\uQuUCbM.exe
  C:\Windows\System\uQuUCbM.exe
  2⤵
  PID:8444
- C:\Windows\System\qkhKSqH.exe
  C:\Windows\System\qkhKSqH.exe
  2⤵
  PID:8488
- C:\Windows\System\WIcwtdT.exe
  C:\Windows\System\WIcwtdT.exe
  2⤵
  PID:8464
- C:\Windows\System\OrkvzAj.exe
  C:\Windows\System\OrkvzAj.exe
  2⤵
  PID:8528
- C:\Windows\System\lipXgvv.exe
  C:\Windows\System\lipXgvv.exe
  2⤵
  PID:8532
- C:\Windows\System\crrpciO.exe
  C:\Windows\System\crrpciO.exe
  2⤵
  PID:8556
- C:\Windows\System\emUdaiJ.exe
  C:\Windows\System\emUdaiJ.exe
  2⤵
  PID:8608
- C:\Windows\System\qDCxbin.exe
  C:\Windows\System\qDCxbin.exe
  2⤵
  PID:8632
- C:\Windows\System\RTaLrAO.exe
  C:\Windows\System\RTaLrAO.exe
  2⤵
  PID:8668
- C:\Windows\System\PvjSrJJ.exe
  C:\Windows\System\PvjSrJJ.exe
  2⤵
  PID:8700
- C:\Windows\System\tQIGbQW.exe
  C:\Windows\System\tQIGbQW.exe
  2⤵
  PID:8756
- C:\Windows\System\gJCxxIQ.exe
  C:\Windows\System\gJCxxIQ.exe
  2⤵
  PID:8816
- C:\Windows\System\tCYKyJx.exe
  C:\Windows\System\tCYKyJx.exe
  2⤵
  PID:8856
- C:\Windows\System\UUVVbbJ.exe
  C:\Windows\System\UUVVbbJ.exe
  2⤵
  PID:8912
- C:\Windows\System\atksDlW.exe
  C:\Windows\System\atksDlW.exe
  2⤵
  PID:8872
- C:\Windows\System\SQrsEQN.exe
  C:\Windows\System\SQrsEQN.exe
  2⤵
  PID:8940
- C:\Windows\System\atxNEvx.exe
  C:\Windows\System\atxNEvx.exe
  2⤵
  PID:9000
- C:\Windows\System\KljnPbJ.exe
  C:\Windows\System\KljnPbJ.exe
  2⤵
  PID:9024
- C:\Windows\System\DLCQisv.exe
  C:\Windows\System\DLCQisv.exe
  2⤵
  PID:9040
- C:\Windows\System\xecDAza.exe
  C:\Windows\System\xecDAza.exe
  2⤵
  PID:9100
- C:\Windows\System\iVKggre.exe
  C:\Windows\System\iVKggre.exe
  2⤵
  PID:9108
- C:\Windows\System\QvcECuE.exe
  C:\Windows\System\QvcECuE.exe
  2⤵
  PID:9180
- C:\Windows\System\qhkitmc.exe
  C:\Windows\System\qhkitmc.exe
  2⤵
  PID:9160
- C:\Windows\System\YACckQO.exe
  C:\Windows\System\YACckQO.exe
  2⤵
  PID:8204
- C:\Windows\System\IkQhOVQ.exe
  C:\Windows\System\IkQhOVQ.exe
  2⤵
  PID:8424
- C:\Windows\System\kznrmDJ.exe
  C:\Windows\System\kznrmDJ.exe
  2⤵
  PID:8280
- C:\Windows\System\azeQbFD.exe
  C:\Windows\System\azeQbFD.exe
  2⤵
  PID:8300
- C:\Windows\System\jMiKSlo.exe
  C:\Windows\System\jMiKSlo.exe
  2⤵
  PID:8324
- C:\Windows\System\eNTfMex.exe
  C:\Windows\System\eNTfMex.exe
  2⤵
  PID:8468
- C:\Windows\System\AwMgXHZ.exe
  C:\Windows\System\AwMgXHZ.exe
  2⤵
  PID:8572
- C:\Windows\System\TsHeyeM.exe
  C:\Windows\System\TsHeyeM.exe
  2⤵
  PID:8400
- C:\Windows\System\QWEUGuo.exe
  C:\Windows\System\QWEUGuo.exe
  2⤵
  PID:8692
- C:\Windows\System\rqqBgoA.exe
  C:\Windows\System\rqqBgoA.exe
  2⤵
  PID:8652
- C:\Windows\System\mRLrWkg.exe
  C:\Windows\System\mRLrWkg.exe
  2⤵
  PID:8712
- C:\Windows\System\WyfpaFP.exe
  C:\Windows\System\WyfpaFP.exe
  2⤵
  PID:8752
- C:\Windows\System\CupNTdP.exe
  C:\Windows\System\CupNTdP.exe
  2⤵
  PID:8888
- C:\Windows\System\BxrydPv.exe
  C:\Windows\System\BxrydPv.exe
  2⤵
  PID:8924
- C:\Windows\System\HHSxcLI.exe
  C:\Windows\System\HHSxcLI.exe
  2⤵
  PID:8996
- C:\Windows\System\BVvvSUu.exe
  C:\Windows\System\BVvvSUu.exe
  2⤵
  PID:9092
- C:\Windows\System\kZsRSRL.exe
  C:\Windows\System\kZsRSRL.exe
  2⤵
  PID:9096
- C:\Windows\System\CTpaEdR.exe
  C:\Windows\System\CTpaEdR.exe
  2⤵
  PID:9176
- C:\Windows\System\qQgnlSH.exe
  C:\Windows\System\qQgnlSH.exe
  2⤵
  PID:9204
- C:\Windows\System\vcOBhGJ.exe
  C:\Windows\System\vcOBhGJ.exe
  2⤵
  PID:8336
- C:\Windows\System\eTTeSQS.exe
  C:\Windows\System\eTTeSQS.exe
  2⤵
  PID:8484
- C:\Windows\System\nfEKlZR.exe
  C:\Windows\System\nfEKlZR.exe
  2⤵
  PID:8620
- C:\Windows\System\GHlWlrB.exe
  C:\Windows\System\GHlWlrB.exe
  2⤵
  PID:8480
- C:\Windows\System\XwhwFoS.exe
  C:\Windows\System\XwhwFoS.exe
  2⤵
  PID:8536
- C:\Windows\System\oYULMIF.exe
  C:\Windows\System\oYULMIF.exe
  2⤵
  PID:8588
- C:\Windows\System\hXDKKpS.exe
  C:\Windows\System\hXDKKpS.exe
  2⤵
  PID:8812
- C:\Windows\System\DsQtgJw.exe
  C:\Windows\System\DsQtgJw.exe
  2⤵
  PID:8980
- C:\Windows\System\qrFWkGa.exe
  C:\Windows\System\qrFWkGa.exe
  2⤵
  PID:8840
- C:\Windows\System\PHgJYez.exe
  C:\Windows\System\PHgJYez.exe
  2⤵
  PID:9120
- C:\Windows\System\FkpdBzW.exe
  C:\Windows\System\FkpdBzW.exe
  2⤵
  PID:8200
- C:\Windows\System\ZapJChT.exe
  C:\Windows\System\ZapJChT.exe
  2⤵
  PID:8460
- C:\Windows\System\ZmNTeGm.exe
  C:\Windows\System\ZmNTeGm.exe
  2⤵
  PID:8448
- C:\Windows\System\DKUtFkk.exe
  C:\Windows\System\DKUtFkk.exe
  2⤵
  PID:8592
- C:\Windows\System\ZJPYoBD.exe
  C:\Windows\System\ZJPYoBD.exe
  2⤵
  PID:8736
- C:\Windows\System\MmqkDiB.exe
  C:\Windows\System\MmqkDiB.exe
  2⤵
  PID:8276
- C:\Windows\System\rbMfvvx.exe
  C:\Windows\System\rbMfvvx.exe
  2⤵
  PID:9060
- C:\Windows\System\upcCdBz.exe
  C:\Windows\System\upcCdBz.exe
  2⤵
  PID:9004
- C:\Windows\System\OwnvLPF.exe
  C:\Windows\System\OwnvLPF.exe
  2⤵
  PID:8368
- C:\Windows\System\erJUKKp.exe
  C:\Windows\System\erJUKKp.exe
  2⤵
  PID:9080
- C:\Windows\System\lqPzXUE.exe
  C:\Windows\System\lqPzXUE.exe
  2⤵
  PID:8308
- C:\Windows\System\uhOsiqb.exe
  C:\Windows\System\uhOsiqb.exe
  2⤵
  PID:9044
- C:\Windows\System\XXWaoSP.exe
  C:\Windows\System\XXWaoSP.exe
  2⤵
  PID:8420
- C:\Windows\System\MdvOhqG.exe
  C:\Windows\System\MdvOhqG.exe
  2⤵
  PID:9252
- C:\Windows\System\JIHJuWu.exe
  C:\Windows\System\JIHJuWu.exe
  2⤵
  PID:9268
- C:\Windows\System\GYiEClJ.exe
  C:\Windows\System\GYiEClJ.exe
  2⤵
  PID:9288
- C:\Windows\System\OjdndCn.exe
  C:\Windows\System\OjdndCn.exe
  2⤵
  PID:9308
- C:\Windows\System\DpRcIlK.exe
  C:\Windows\System\DpRcIlK.exe
  2⤵
  PID:9324
- C:\Windows\System\wqiJsnq.exe
  C:\Windows\System\wqiJsnq.exe
  2⤵
  PID:9352
- C:\Windows\System\nVMDolm.exe
  C:\Windows\System\nVMDolm.exe
  2⤵
  PID:9376
- C:\Windows\System\yionnMG.exe
  C:\Windows\System\yionnMG.exe
  2⤵
  PID:9400
- C:\Windows\System\rKkUdkp.exe
  C:\Windows\System\rKkUdkp.exe
  2⤵
  PID:9416
- C:\Windows\System\GpuZLxr.exe
  C:\Windows\System\GpuZLxr.exe
  2⤵
  PID:9444
- C:\Windows\System\BLptgOB.exe
  C:\Windows\System\BLptgOB.exe
  2⤵
  PID:9464
- C:\Windows\System\gGIEDjr.exe
  C:\Windows\System\gGIEDjr.exe
  2⤵
  PID:9480
- C:\Windows\System\mpgZXSC.exe
  C:\Windows\System\mpgZXSC.exe
  2⤵
  PID:9496
- C:\Windows\System\MJivSSG.exe
  C:\Windows\System\MJivSSG.exe
  2⤵
  PID:9520
- C:\Windows\System\nBOLPSr.exe
  C:\Windows\System\nBOLPSr.exe
  2⤵
  PID:9540
- C:\Windows\System\WDQVAJV.exe
  C:\Windows\System\WDQVAJV.exe
  2⤵
  PID:9560
- C:\Windows\System\jaYHXZd.exe
  C:\Windows\System\jaYHXZd.exe
  2⤵
  PID:9584
- C:\Windows\System\vMqpHTi.exe
  C:\Windows\System\vMqpHTi.exe
  2⤵
  PID:9600
- C:\Windows\System\GJdAjCV.exe
  C:\Windows\System\GJdAjCV.exe
  2⤵
  PID:9620
- C:\Windows\System\iEmxXrk.exe
  C:\Windows\System\iEmxXrk.exe
  2⤵
  PID:9640
- C:\Windows\System\pPJEbvh.exe
  C:\Windows\System\pPJEbvh.exe
  2⤵
  PID:9656
- C:\Windows\System\IXrDyqQ.exe
  C:\Windows\System\IXrDyqQ.exe
  2⤵
  PID:9672
- C:\Windows\System\xNdvcWA.exe
  C:\Windows\System\xNdvcWA.exe
  2⤵
  PID:9700
- C:\Windows\System\faEPanZ.exe
  C:\Windows\System\faEPanZ.exe
  2⤵
  PID:9724
- C:\Windows\System\obPGLgs.exe
  C:\Windows\System\obPGLgs.exe
  2⤵
  PID:9740
- C:\Windows\System\wtaMvNx.exe
  C:\Windows\System\wtaMvNx.exe
  2⤵
  PID:9760
- C:\Windows\System\NLWNYFa.exe
  C:\Windows\System\NLWNYFa.exe
  2⤵
  PID:9780
- C:\Windows\System\omBtOcd.exe
  C:\Windows\System\omBtOcd.exe
  2⤵
  PID:9800
- C:\Windows\System\RRqLMdk.exe
  C:\Windows\System\RRqLMdk.exe
  2⤵
  PID:9824
- C:\Windows\System\asHDMnV.exe
  C:\Windows\System\asHDMnV.exe
  2⤵
  PID:9840
- C:\Windows\System\agXELeE.exe
  C:\Windows\System\agXELeE.exe
  2⤵
  PID:9856
- C:\Windows\System\YgqhzYk.exe
  C:\Windows\System\YgqhzYk.exe
  2⤵
  PID:9876
- C:\Windows\System\jAVVNgA.exe
  C:\Windows\System\jAVVNgA.exe
  2⤵
  PID:9904
- C:\Windows\System\NGXcdjw.exe
  C:\Windows\System\NGXcdjw.exe
  2⤵
  PID:9920
- C:\Windows\System\klyRacc.exe
  C:\Windows\System\klyRacc.exe
  2⤵
  PID:9936
- C:\Windows\System\OnlFQjS.exe
  C:\Windows\System\OnlFQjS.exe
  2⤵
  PID:9952
- C:\Windows\System\ATzcLts.exe
  C:\Windows\System\ATzcLts.exe
  2⤵
  PID:9988
- C:\Windows\System\ytBbYUD.exe
  C:\Windows\System\ytBbYUD.exe
  2⤵
  PID:10004
- C:\Windows\System\oKBnzYa.exe
  C:\Windows\System\oKBnzYa.exe
  2⤵
  PID:10024
- C:\Windows\System\UkmfKvU.exe
  C:\Windows\System\UkmfKvU.exe
  2⤵
  PID:10040
- C:\Windows\System\HEqsyjO.exe
  C:\Windows\System\HEqsyjO.exe
  2⤵
  PID:10068
- C:\Windows\System\dyvAIba.exe
  C:\Windows\System\dyvAIba.exe
  2⤵
  PID:10084
- C:\Windows\System\nluYeDJ.exe
  C:\Windows\System\nluYeDJ.exe
  2⤵
  PID:10104
- C:\Windows\System\hCkOXbw.exe
  C:\Windows\System\hCkOXbw.exe
  2⤵
  PID:10120
- C:\Windows\System\cFBNuLv.exe
  C:\Windows\System\cFBNuLv.exe
  2⤵
  PID:10140
- C:\Windows\System\dZVbuTh.exe
  C:\Windows\System\dZVbuTh.exe
  2⤵
  PID:10160
- C:\Windows\System\zJImpAW.exe
  C:\Windows\System\zJImpAW.exe
  2⤵
  PID:10176
- C:\Windows\System\lgbhyIg.exe
  C:\Windows\System\lgbhyIg.exe
  2⤵
  PID:10200
- C:\Windows\System\CpIGFuw.exe
  C:\Windows\System\CpIGFuw.exe
  2⤵
  PID:10224
- C:\Windows\System\WvGZaWm.exe
  C:\Windows\System\WvGZaWm.exe
  2⤵
  PID:9036
- C:\Windows\System\LDHjXUi.exe
  C:\Windows\System\LDHjXUi.exe
  2⤵
  PID:9228
- C:\Windows\System\JPrsOVX.exe
  C:\Windows\System\JPrsOVX.exe
  2⤵
  PID:8852
- C:\Windows\System\ozIChBw.exe
  C:\Windows\System\ozIChBw.exe
  2⤵
  PID:9280
- C:\Windows\System\SgPNCVL.exe
  C:\Windows\System\SgPNCVL.exe
  2⤵
  PID:9260
- C:\Windows\System\AxetVWW.exe
  C:\Windows\System\AxetVWW.exe
  2⤵
  PID:9304
- C:\Windows\System\qIOxnzT.exe
  C:\Windows\System\qIOxnzT.exe
  2⤵
  PID:9344
- C:\Windows\System\cTYeSEC.exe
  C:\Windows\System\cTYeSEC.exe
  2⤵
  PID:9392
- C:\Windows\System\wboHOCj.exe
  C:\Windows\System\wboHOCj.exe
  2⤵
  PID:9388
- C:\Windows\System\lgQkhBm.exe
  C:\Windows\System\lgQkhBm.exe
  2⤵
  PID:9452
- C:\Windows\System\TnBGpdR.exe
  C:\Windows\System\TnBGpdR.exe
  2⤵
  PID:9436
- C:\Windows\System\vnsptpd.exe
  C:\Windows\System\vnsptpd.exe
  2⤵
  PID:9492
- C:\Windows\System\KfhAnjT.exe
  C:\Windows\System\KfhAnjT.exe
  2⤵
  PID:9528
- C:\Windows\System\kIanBMz.exe
  C:\Windows\System\kIanBMz.exe
  2⤵
  PID:9552
- C:\Windows\System\EpbYRqs.exe
  C:\Windows\System\EpbYRqs.exe
  2⤵
  PID:9568
- C:\Windows\System\obgBZGu.exe
  C:\Windows\System\obgBZGu.exe
  2⤵
  PID:9608
- C:\Windows\System\wwTuOhk.exe
  C:\Windows\System\wwTuOhk.exe
  2⤵
  PID:9628
- C:\Windows\System\BYpNLvu.exe
  C:\Windows\System\BYpNLvu.exe
  2⤵
  PID:9680
- C:\Windows\System\cxxNasg.exe
  C:\Windows\System\cxxNasg.exe
  2⤵
  PID:9708
- C:\Windows\System\KyhMWOG.exe
  C:\Windows\System\KyhMWOG.exe
  2⤵
  PID:9732
- C:\Windows\System\YsDOygI.exe
  C:\Windows\System\YsDOygI.exe
  2⤵
  PID:9788
- C:\Windows\System\ThFauAe.exe
  C:\Windows\System\ThFauAe.exe
  2⤵
  PID:9820
- C:\Windows\System\yVjgcKg.exe
  C:\Windows\System\yVjgcKg.exe
  2⤵
  PID:9872
- C:\Windows\System\peHAgez.exe
  C:\Windows\System\peHAgez.exe
  2⤵
  PID:9888
- C:\Windows\System\yJOMZtE.exe
  C:\Windows\System\yJOMZtE.exe
  2⤵
  PID:9932
- C:\Windows\System\jcwYhWy.exe
  C:\Windows\System\jcwYhWy.exe
  2⤵
  PID:9836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AUkwNgj.exe

Filesize
6.0MB

MD5
da851caedb14ece3c0d88f694e6ddba3

SHA1
79851e577da882b84b051be90d728401e3b63149

SHA256
de321a46e1cdeb8b3e0d0b75c3a260d87a30957b5ca414ecb3e961bf959b9190

SHA512
f3f1c0fca6212475ce4dbca4f5970d790472eb437ad979eeb4d7573b4e91869a8397b02ec3faa90ac09ef0e18f325d7dcf23042dbdb366e902d490f1dba742cc

Download Submit
C:\Windows\system\DOWAYFg.exe

Filesize
6.0MB

MD5
93c9db1c68ca45a67b6bf41b6245f05c

SHA1
04ee9a0f3e42f2d6e9f26bfbc36180c6033e259e

SHA256
2213a52119a8910d227405ac266e7268ebf532c11ac519d692a6de1497003a04

SHA512
3c9e56dfbd628c0bd81a7d2c06db498b5dac41f4e744f77bb9551cd8e9cb2d69143e03e6fd0bb6abc575419ded4dacf3c1695ee9d70f48e26cb1772c1b45d470

Download Submit
C:\Windows\system\EspbfhM.exe

Filesize
6.0MB

MD5
dbc4f3d631c2fa09eee4301c66f02d38

SHA1
084f329fedc0c54aed3060d0df1509633764176d

SHA256
4fd819abb4382542f960a1c36b9f6cedc98929c8037c326a21d0b678f3c38cd0

SHA512
661c82c6fca108f9a06b20a13ed14ce32bfc3bf815fb1aa0f949c74ecae6825995a7b6e57525206686a523064e334288882215d3fe132f31c6d521bc1ae1cd74

Download Submit
C:\Windows\system\IJAFFEU.exe

Filesize
6.0MB

MD5
bc95a8b8ab7e65ebcd620842c53b8e17

SHA1
247a1e1c824dbaf14aa561a8e77f6614f5b0ca9c

SHA256
5bece62bdd3036d0c69e44764498262e4f8227a820b44264055431b80c54f457

SHA512
3e2072f2edaad6b05c7355899113568f764bd76ed5e82295d2877fd7c557cdffba9f71e2f9f1cdcbdd3b2ed9c9fe278f1a039d116ae0fb48a613747d9789a946

Download Submit
C:\Windows\system\LJXycpc.exe

Filesize
6.0MB

MD5
4517197ec7fb8d871afa2dd908a1feeb

SHA1
4b7ffe9031c44b7c42a038a685910c9c1d227e3c

SHA256
61838426ebb0d092916b698a4a4a8c985c4c597c20e5c0df6454e0ce6fc65c11

SHA512
521c9fa6af22427b2f10ab7b3fd6d487a540bc1ee274701ea1e115c3903efb1564c758b8e6d86a419dd5e0e7ee5198cac672f2d1bbea76a427ec457d0201b935

Download Submit
C:\Windows\system\NzVUFYT.exe

Filesize
6.0MB

MD5
b3770552a57be6db391e24d07d69e048

SHA1
565d502d01a958e2d197fd301b777ba40191dff9

SHA256
7482afa183ff0200cfd4bfa4babd766e7bcf8ffd6f2e1b54d21a7160db6c25d4

SHA512
dd1451ac9c57cabed5a697a9a893d8ef3f8656a8fae3980e9c113f81325f131ad22314daba6692a9552751964be5d8154684f5afd37314644f3ec5b9942d7557

Download Submit
C:\Windows\system\Rajsilo.exe

Filesize
6.0MB

MD5
4716c1659b9f01005d6680130df873a0

SHA1
44d859c26c1b32f7d7769598a686b345eb581939

SHA256
b2c947cbc9ef58de101ef734ea4d39fe0de1a9647a9a4ce29be1b276d765e37c

SHA512
e429ce940800c744e7f9b1325fc0dd8d7afd2f3b093102bb9e1cc40301b9fad398da8a622a08402e9a0d40fdb60c05b4f6b3f05c1220276d3a55b141af4705f8

Download Submit
C:\Windows\system\SIdrYUj.exe

Filesize
6.0MB

MD5
5dbcb2c414a11bcd8250e60e990bafd9

SHA1
f2e849f4763824b7fca1721bf87953ef9977a00e

SHA256
93680837d280e88e2a9363d0659ef945f3d932bd1b00e18b3239636ff2853e53

SHA512
a2d4a3ac090f4a7bdbf18d5bca4b4f9c6bc01edf230bddd5a4232f44b59309b6be76f3970d03040d0cd9adc520b454ef3574f1886c01b601f98eb4a094c349b8

Download Submit
C:\Windows\system\SiAnvyK.exe

Filesize
6.0MB

MD5
08e779f617d0982a4770230b17e61d29

SHA1
2ca30708f7449eda8cec803d72d9908bb090609a

SHA256
5ed3441966c73722d4b3eb97ce679a20f27d3aa96b5a53e13e878ca87493b886

SHA512
b6a054718634eaac1550acaaa464941f5768ad9b5e2c9d55af622a91c8df5aed11b23f4f406cc9fd71ec727317c074218a6cbfb1f1fc51ada181524c04076825

Download Submit
C:\Windows\system\VlPgLZf.exe

Filesize
6.0MB

MD5
e0e95d1098da93b231a84ede1d5737aa

SHA1
64e0d25a531f987a89228d99d1175b289dc7cb2f

SHA256
12fb4cdef8b0fb111dbf0198a0bf0093e2ef0998bb4e23292f1ed83d39e09244

SHA512
4e3ea1de6c6caf286a82313587a3fd98d817df7e44b63a178628bc7c304efc5d889b1b6fedc46f30dc6eb3092d830c19972a776004e7ab877095ca0f32cdbf2a

Download Submit
C:\Windows\system\VuZiGFL.exe

Filesize
6.0MB

MD5
ebda9517c53d5b5f62f7e4aaf825e8d1

SHA1
89f1f2b97573143edf98feea7efa6861a9a6bc0a

SHA256
77f109a24654b8a8d0d53de9c629c997701fdb33223ffc421d31c3bde7b39db4

SHA512
080d134e49180598b6b4bc6c6ea7fc7410e12344d2a167062b06ed0fad2bb93cd3cac8a13b99230a0ceb9ef9606984c6cdf5f338f2a01a4a8753dd8c6ab59aef

Download Submit
C:\Windows\system\XHQSens.exe

Filesize
6.0MB

MD5
0c2c9598c61bd410647960219ebba97a

SHA1
cdb69c3b8b63744bdebeb1eb10dee5a982feefd8

SHA256
ace5a90254a0b3fa839ccc2c864ebe6f971bf31b0a901ff9d2d47db33c5e5900

SHA512
1b22f155d97e530bbdc9560c0a90d4ffec85c7f481469c9388a9ce20f91dfc08cc081d1fe4a7aa91665e58076ad06f25de752c209cd2e37deeea8717748324f9

Download Submit
C:\Windows\system\XcaJrsh.exe

Filesize
6.0MB

MD5
dd292f15ca27655b14b527e415de4959

SHA1
5533555152ff025c5857c974b10f2082d600ebf3

SHA256
1f697d5838dfffc6280da17ba5ee9240486634d6f6080e96cd3e9f7de8f1a228

SHA512
8c685b4d59446a58b413a1e7b2b68e95f1d5e73b0322c080c9c2f460fe6c3aced1a708b404f6d751f440609a886b85ed610178d061e7b7a4c9b88cde72c64801

Download Submit
C:\Windows\system\bXraaPl.exe

Filesize
6.0MB

MD5
997fdbcbf819597428e790a5e6d1abdc

SHA1
345f6ccd0285074d4cd2a7ca3ed83591e357d42e

SHA256
8e45d202e069d2c7ed33b4d42d5bc530e8b486a24e1c0e01557f72b26a9a0f6b

SHA512
531d4e25ef56e304cb4436a0cd630ab440c1fc0f0f68b65440236e6e48b47898c69249350dc0fc5386c38a6d1b335effeb0144b672eef8f146160d07ecd7f371

Download Submit
C:\Windows\system\dCbSMAg.exe

Filesize
6.0MB

MD5
c9a0f34c1c44e1b45236edc746f5c790

SHA1
95123b5ce7e8fd1080181c3cd9ef49193603a50c

SHA256
de3d9e60643ec97da7888ef5315e7959039ed90dafb50031ecf9ea0f62a662e0

SHA512
c51a00541c44b69b25d3f9f025ba8d0289686769f950ef1378f5d53a7ba0123695b42fa44d9658d81feab1de25a47eabf48cd085f1d1fc28876f906ce84721ed

Download Submit
C:\Windows\system\doOaite.exe

Filesize
6.0MB

MD5
8c6f23387918491675cb7e41b3884176

SHA1
94898ee9556596b00b915e68bd8569b0c48457fd

SHA256
51a11ba034629e3b5d40438dfdd372eaf8e14fada5e9c7ec4683c9219cd98e74

SHA512
98f42a1c3a05059526a5b26db94ad402a4b8113231ffd2a263000f4bb361c7d10224e3bd07ffb3e0d7c8794ccf2217f9c500b0ce4e2adc6650c319165d56a292

Download Submit
C:\Windows\system\evkogsu.exe

Filesize
6.0MB

MD5
bf59e61772d4e412df02e30daf74339a

SHA1
5edefafb6c55dadde0359d4bc3c9fb4dc7af70c9

SHA256
54a2be1f8c803cb0e3991b71060d0cef491cab7300ed470698a7da9ad7b90df3

SHA512
619a2e1f936b1fad7b33c551f4a0aef6a91dd9481fbf1e5c9c489073ac3738449a9699a1def4e07dae48aeb3a114b6857d87951a5f6348b43e4f3abd0403690b

Download Submit
C:\Windows\system\ippreQy.exe

Filesize
6.0MB

MD5
eac803fce42c4be67c214036829cb132

SHA1
55b3f1f2fbb13f8bf252d64ad3611d098b1b4d5e

SHA256
e67373b035e523c468c10314cd78dea747116cecc20851086e5b83736fad7c63

SHA512
f3613b8176154ce7480fd564fcdbe1ac25eb63f3e58eee781805530fa7a8c940572c84dcb17cbc45d039980b22d96b21d752ace1a20ccc46add85ab74772261d

Download Submit
C:\Windows\system\mekRlnY.exe

Filesize
6.0MB

MD5
92899bdac1026b5e6810e22669c330f1

SHA1
1f954efca95921ce0614fd411407a7b72e6f62e1

SHA256
0aab0ec9c78cf5a31f2aee18281982a2e551463bac2c7e589cb64b1946146c7c

SHA512
87184affd8792028b268a8983b831a8993f14893cd74a7e88302b9d8b8ad7268e5a94c6d8651745c0484251e06358ea13cda35c188f36ca2dac4ca2e11352b97

Download Submit
C:\Windows\system\nyIaLUG.exe

Filesize
6.0MB

MD5
4dcbbc70799fafb10c7bdb438cb45a9f

SHA1
125e57ac55fb4f5759190fe5a31af93b47007635

SHA256
1a62266e27caf01b57f286d27b554b159694ac40c242736bd158e53e7731567f

SHA512
6ddcb86cba3a4ed607138c9df7ad7e5afdbb9092a5f52a510adbd88fe2794f85699e943437462c1ce4ce0bc8e836de723c3a8f004d1918ae31c170ac4f571ede

Download Submit
C:\Windows\system\sxNOfWi.exe

Filesize
6.0MB

MD5
2fa92a7b496c585ed4a9a52b4423199d

SHA1
d6e2e055a3d274a1fbd59c3495febf8df6baa019

SHA256
b2a83e44bd90a6c3d68b33e224d2e3f66ec317a3485969a64f6f3fcabb2c53a5

SHA512
f3c88a27537e372e05b655dd05362c9fdff4999519e2c7586fbcdfab9a15e66ea89ee9d0ca451552ad7a0fc81ff71dfe67b82b0d6f89678fa2b747ee367ad11c

Download Submit
C:\Windows\system\uJxpVXa.exe

Filesize
6.0MB

MD5
10404a527cefc7105a03320afe6d0439

SHA1
9b5762b7313e78a0592c9f187cffbf4f987bd8d5

SHA256
62ba904e913b694ebae6f65c7c2232d396651fa83c650d5bb544e426be03b7cb

SHA512
f1b7de04eab4ded2d569ffe931ff716c3d2d45b8e763f5a46839acd8b76613b929485d8da9226612fefbb65ad3d1bb55b171be95de63259cd23af448ad553843

Download Submit
C:\Windows\system\xAnjVNR.exe

Filesize
6.0MB

MD5
e661a81936d36eda3e12b44282ba9aff

SHA1
c10664a251009f877b6121a71e6ae85728cfba12

SHA256
1b86cd5f6cea71e0c5377326ed1e16ceec96d2710504e89a2849187696c46c3f

SHA512
d242ba5df8fcc5d6d43e7341f5bde09cc3c7d5a4afe6b4fd7f098c61dd8133df6005ed07e7ef9c90e0a16e99d0a5a90ec49859e9e5cb103e95d5aee78a37fffd

Download Submit
C:\Windows\system\ykpGdie.exe

Filesize
6.0MB

MD5
80ba3e02c85de65548c3112e876fd8d3

SHA1
98441f24fe14f127cc11f6eb1f208db58c7e31aa

SHA256
ec0836416138d6fe51e4ec86ef6dd829f7ee9718ba4cf70a3e52b396b9b48760

SHA512
6f316706be6c281eb5ea5bb778e721ff6bd06a20fb9ca1b04a96b03758703a7519aea903ba240eda73e2842d5c402f6889161206306086e470ecfe0c7d5f5d1d

Download Submit
C:\Windows\system\zzsrcrH.exe

Filesize
6.0MB

MD5
bae203d64c44c33fadfe8b1f872c6c05

SHA1
f82e333cb6eeed7539698d24e860dae948b4da7b

SHA256
5a469a5dc76cdd1834ae488582f1ccaa418db670b7d10f473d62346b6e108e03

SHA512
46cc485504ce08798006e6a35c25593d32df3fb387b4b3e71c9e6346463c0718198bff005aa79534414667a2f76bd1a047e866cb78fa9ff8280898ab492bbfbe

Download Submit
\Windows\system\GyHIfQA.exe

Filesize
6.0MB

MD5
1bff316cbae4f0de5a74585e5b624b29

SHA1
e240710453fcbe6a7f2aadadf97e08394723b3ca

SHA256
e5989a94e5a6e3cd8ee455e047c1837d7b27fa057ff87676879d3c9b42fd1351

SHA512
76f8afdb656b695968a420d16483cd097fac576480e98265af8ffab0effb0213e1e950d9729876526330d5556cc443ca447d0e09e53d6da84382b2a5cab19f70

Download Submit
\Windows\system\JfAmnxZ.exe

Filesize
6.0MB

MD5
8d1b4c5eb4ee3706eeaf612527d26ca5

SHA1
6af250a524a27ce4321e04757a7886ebd2e38241

SHA256
4ec1408cdaac6afbfcd261e9abdd524f15fd3ddd4430e62d1e47af102328aa95

SHA512
9330218159e10f0093b9b46266559d33aab0b1c9fa09c6c8540f51eb4f0a16bc9eb4560340b15cf1f9c2c335bde1515cad7f578c8ae739b5642ff59b06b04b56

Download Submit
\Windows\system\NoASFDA.exe

Filesize
6.0MB

MD5
ca4863d9d77c58efa7a488086e078e14

SHA1
f3441f3dbf1d8565b819e132f6b5dc7fecdfd2da

SHA256
6a7d2306b61c74656f919adbe58eb19f8882676d0a25a6a474d4e98f65e6295c

SHA512
765e69dab8f33a983792eee58997e0aa07128a85ac50d1281c418fe4da7d3b1b5629b4f3cfd008ccddc961f0a9b06e0fc719096f1eb9ad2a95f8bd0c96cc4872

Download Submit
\Windows\system\OfMfaqQ.exe

Filesize
6.0MB

MD5
b9a3b4dbdef8e46a8a6904bcf0aac259

SHA1
4b38ee780e7b643f1f2dd157affbf7511619462d

SHA256
6a81e08c7ba9117543d852fbd6590ef0597d8d3fccc89a918770184e1e7d8694

SHA512
9ceee392647e5eed2c72ec0e5451013a44bfcbc402e47e5d6f607f1bc531864a875d01b03b50497a5bef80bb388cbb6e407d1ab4fb8854106a17cc6d11ffbe97

Download Submit
\Windows\system\bVbAHrd.exe

Filesize
6.0MB

MD5
900f899c4a01dfc8a3f308db99c2d19d

SHA1
a1e57671591f59b37e1dfc17b56d7eaaaf8451b1

SHA256
0907caec559baa36532839d97e1e22584765f3186f027fd301f9278c84dcb4f9

SHA512
0cc3f080f297a32198f4c8ecd5e8e2b2c53d35d776977fab70629b51339dd2a79e3291be537d614ea2a9fccc4727dd1359f3d0af976f0768dd1a80c99565f6a7

Download Submit
\Windows\system\iZZPVOM.exe

Filesize
6.0MB

MD5
fc15b633a126c754980a786aed556cc7

SHA1
efdae5f3f34e98113eafcb318452b830651c1797

SHA256
cb847af0e5e68f5591288eb90c1475054d7726eaeb333a9c9f9854b28c89ff48

SHA512
941a6bbd140382f3ca6a967af8c57e4a69b71edec020ddcdc64a8310294259ccc4dff1263d28140d13bdbf747b30b272f435420deb8d834d89e06d3227a88e6a

Download Submit
\Windows\system\llCCfof.exe

Filesize
6.0MB

MD5
4a0be2f333633253f11dd936a1c07670

SHA1
8d58193178ea947199146f0c1041fd866fb6b1ee

SHA256
676b43cd1d7bf64c3aaed611592eeafa13a5c8fd2833b7345d9ed716e087813e

SHA512
751a3a4cc8d6a80088bb685299bf25cdecf89a6c9948b02273c5c3e0ac9fa6fb36540cdab7e7fea8b360413e69b545f1d1cf042827706a676de0565555922a1e

Download Submit
memory/1168-1065-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1168-90-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1168-253-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1061-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1800-218-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1800-86-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2028-96-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-320-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1062-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-806-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2136-50-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2136-7-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2432-1068-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-357-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-104-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-42-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2524-843-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2580-5-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-92-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-46-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-65-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-69-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2580-59-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2580-101-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-396-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-41-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-43-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2580-75-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2580-85-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-20-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-177-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-87-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-0-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2580-13-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2580-31-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-88-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-66-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-856-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-51-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-72-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-845-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-805-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-16-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-22-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-842-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-63-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-844-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2836-44-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2848-84-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2848-855-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2848-57-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1040-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2852-78-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2888-841-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-33-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download