cobaltstrike | a0b6c9d6d88f0d09e3d84b3555b3ccb07665cfc180d11ed55ef8f28ba3dc249b

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ad0d90d3215dc6d8eac51b9d73ed75c5
SHA1

bde27e26e3b8b0da62cae28e948050b04892340e
SHA256

a0b6c9d6d88f0d09e3d84b3555b3ccb07665cfc180d11ed55ef8f28ba3dc249b
SHA512

fa8ae481c7f823d3e2de3b06ec1bce320382f18ee66b6c26000fc6333216bf5ce64eec80774a0d2b9275c98ee1c791de95f97f5f42440cd497917a9c26557fce
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ea4-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001706d-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173da-19.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f1-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f4-30.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ae-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-45.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191d4-40.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173fc-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/296-0-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/files/0x0008000000016ea4-11.dat	xmrig
behavioral1/files/0x000800000001706d-15.dat	xmrig
behavioral1/files/0x00070000000173da-19.dat	xmrig
behavioral1/files/0x00070000000173f1-26.dat	xmrig
behavioral1/files/0x00070000000173f4-30.dat	xmrig
behavioral1/files/0x0005000000019259-65.dat	xmrig
behavioral1/files/0x0005000000019266-75.dat	xmrig
behavioral1/files/0x000500000001928c-85.dat	xmrig
behavioral1/files/0x0005000000019423-120.dat	xmrig
behavioral1/memory/296-1775-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2968-1753-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/296-1736-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1924-1797-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2872-1799-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/296-1802-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2584-1801-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2736-1803-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2560-1805-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2624-1807-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/3060-1963-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001944d-157.dat	xmrig
behavioral1/files/0x0005000000019438-155.dat	xmrig
behavioral1/files/0x000500000001946e-151.dat	xmrig
behavioral1/files/0x0005000000019458-145.dat	xmrig
behavioral1/files/0x000500000001945c-142.dat	xmrig
behavioral1/files/0x0005000000019442-135.dat	xmrig
behavioral1/files/0x00050000000194ae-160.dat	xmrig
behavioral1/files/0x000500000001946b-148.dat	xmrig
behavioral1/files/0x0005000000019426-125.dat	xmrig
behavioral1/files/0x00050000000193a5-115.dat	xmrig
behavioral1/files/0x0005000000019397-110.dat	xmrig
behavioral1/files/0x000500000001937b-105.dat	xmrig
behavioral1/files/0x000500000001936b-100.dat	xmrig
behavioral1/files/0x0005000000019356-95.dat	xmrig
behavioral1/files/0x0005000000019353-90.dat	xmrig
behavioral1/files/0x0005000000019284-80.dat	xmrig
behavioral1/files/0x0005000000019263-70.dat	xmrig
behavioral1/files/0x0005000000019256-60.dat	xmrig
behavioral1/files/0x0005000000019244-55.dat	xmrig
behavioral1/files/0x000500000001922c-50.dat	xmrig
behavioral1/files/0x00050000000191ff-45.dat	xmrig
behavioral1/files/0x00070000000191d4-40.dat	xmrig
behavioral1/files/0x00070000000173fc-36.dat	xmrig
behavioral1/memory/1360-2256-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/3060-3602-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2184-3660-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2624-3666-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/296-3667-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2432-3705-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2816-3675-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/316-4016-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2968-3674-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2584-3673-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2872-3672-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/1360-3671-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2560-3670-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/1924-3669-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2748	EWYBvIn.exe
2816	kBMDtNA.exe
2968	IrBZuyW.exe
1924	btIPnRK.exe
2872	XydaQjf.exe
2584	ngxDlIL.exe
2736	egigFlh.exe
2560	MEaiFRs.exe
2624	yuHhbQB.exe
3060	XkiTado.exe
1360	uvOdoCs.exe
316	SZHgniU.exe
2184	VhbBuXZ.exe
2432	XthCBGc.exe
2012	qYZMVjV.exe
2992	SCmRJfQ.exe
2808	eQamzCh.exe
2008	ZeemLjo.exe
596	vjlbDkA.exe
1268	FyzAcon.exe
1664	JCZbNsz.exe
772	ZSlkBWt.exe
1052	OvhzRzL.exe
2060	tAfiNzS.exe
1820	GoQmkBb.exe
684	FTLgkVk.exe
2356	zoghWuf.exe
2164	ecgZoDL.exe
288	xfEVxIb.exe
1936	HSEtoIS.exe
2960	DSOgzvO.exe
2336	dqtLhVg.exe
1336	DlvhQTc.exe
2900	tMgEeko.exe
916	GlEhOEb.exe
2416	tlNZHXM.exe
1696	IXHlHsv.exe
1084	mubEKDQ.exe
1340	NMuHwaL.exe
1980	OqRABMe.exe
1988	VvCNlVc.exe
2124	oGOAOfF.exe
1508	YxOJyIW.exe
2456	CpCaBuz.exe
2176	WYAhspp.exe
1248	ksiSlfk.exe
3012	khYkyIW.exe
1788	aKyNELi.exe
2972	XXZMCdl.exe
640	LGfVkzv.exe
1012	MIOURkj.exe
1636	hgJeoPe.exe
2288	BuNWItk.exe
1596	YGrfLQn.exe
2264	lXcgJDb.exe
2296	xdOhZPQ.exe
2668	BZedvJd.exe
1776	cNbdsvg.exe
2696	jtcAksT.exe
2836	zsFuXbz.exe
1256	ALMwWOZ.exe
2636	UrQcQga.exe
2328	Rkhcsnl.exe
1720	WJYdpWk.exe

Loads dropped DLL 64 IoCs

pid	Process
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/296-0-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/files/0x0008000000016ea4-11.dat	upx
behavioral1/files/0x000800000001706d-15.dat	upx
behavioral1/files/0x00070000000173da-19.dat	upx
behavioral1/files/0x00070000000173f1-26.dat	upx
behavioral1/files/0x00070000000173f4-30.dat	upx
behavioral1/files/0x0005000000019259-65.dat	upx
behavioral1/files/0x0005000000019266-75.dat	upx
behavioral1/files/0x000500000001928c-85.dat	upx
behavioral1/files/0x0005000000019423-120.dat	upx
behavioral1/memory/2968-1753-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1924-1797-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2872-1799-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2584-1801-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2736-1803-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2560-1805-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2624-1807-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/3060-1963-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x000500000001944d-157.dat	upx
behavioral1/files/0x0005000000019438-155.dat	upx
behavioral1/files/0x000500000001946e-151.dat	upx
behavioral1/files/0x0005000000019458-145.dat	upx
behavioral1/files/0x000500000001945c-142.dat	upx
behavioral1/files/0x0005000000019442-135.dat	upx
behavioral1/files/0x00050000000194ae-160.dat	upx
behavioral1/files/0x000500000001946b-148.dat	upx
behavioral1/files/0x0005000000019426-125.dat	upx
behavioral1/files/0x00050000000193a5-115.dat	upx
behavioral1/files/0x0005000000019397-110.dat	upx
behavioral1/files/0x000500000001937b-105.dat	upx
behavioral1/files/0x000500000001936b-100.dat	upx
behavioral1/files/0x0005000000019356-95.dat	upx
behavioral1/files/0x0005000000019353-90.dat	upx
behavioral1/files/0x0005000000019284-80.dat	upx
behavioral1/files/0x0005000000019263-70.dat	upx
behavioral1/files/0x0005000000019256-60.dat	upx
behavioral1/files/0x0005000000019244-55.dat	upx
behavioral1/files/0x000500000001922c-50.dat	upx
behavioral1/files/0x00050000000191ff-45.dat	upx
behavioral1/files/0x00070000000191d4-40.dat	upx
behavioral1/files/0x00070000000173fc-36.dat	upx
behavioral1/memory/1360-2256-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/3060-3602-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2184-3660-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2624-3666-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/296-3667-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2432-3705-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2816-3675-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/316-4016-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2968-3674-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2584-3673-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2872-3672-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/1360-3671-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2560-3670-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1924-3669-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\agDSCip.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IzoIVmG.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucXuJUO.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujNkbwx.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtZeTIu.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGFStzI.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgsVUSY.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMpSuNa.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXShMGP.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odbPQIx.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBvuBcI.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDxzIDW.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaFVqly.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukxedQV.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYinSrt.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSEtoIS.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoghWuf.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAtlwIl.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDJuyoy.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlIxyWS.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXFhVOB.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVXLqXt.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMCZQqI.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdCVaNW.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRmPZIC.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahhjPie.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETDGQEh.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emvVbmf.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQqyRNJ.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGIxeLQ.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmhpVay.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfEVxIb.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGtFkel.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiAKzPA.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFsDjAj.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBRJphc.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvwWnxd.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COcpaQI.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COSNMtF.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Uczsugo.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHoiuGL.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWNytSj.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtgiQaB.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGxTaly.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAERWeH.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riupuPf.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAzukEC.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaEOucQ.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcfwBMN.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyEBpoE.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQgGbmv.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxnBYWA.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CavruFr.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHxJBjM.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIIcRBI.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkWLZrg.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOtIBwe.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjXlnPH.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIkCIxq.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSlJYRT.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEFZdBt.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilDmkUT.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQRABbj.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrJjMgT.exe	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 296 wrote to memory of 2748	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 296 wrote to memory of 2748	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 296 wrote to memory of 2748	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 296 wrote to memory of 2816	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 296 wrote to memory of 2816	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 296 wrote to memory of 2816	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 296 wrote to memory of 2968	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 296 wrote to memory of 2968	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 296 wrote to memory of 2968	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 296 wrote to memory of 1924	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 296 wrote to memory of 1924	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 296 wrote to memory of 1924	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 296 wrote to memory of 2872	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 296 wrote to memory of 2872	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 296 wrote to memory of 2872	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 296 wrote to memory of 2584	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 296 wrote to memory of 2584	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 296 wrote to memory of 2584	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 296 wrote to memory of 2736	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 296 wrote to memory of 2736	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 296 wrote to memory of 2736	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 296 wrote to memory of 2560	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 296 wrote to memory of 2560	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 296 wrote to memory of 2560	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 296 wrote to memory of 2624	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 296 wrote to memory of 2624	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 296 wrote to memory of 2624	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 296 wrote to memory of 3060	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 296 wrote to memory of 3060	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 296 wrote to memory of 3060	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 296 wrote to memory of 1360	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 296 wrote to memory of 1360	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 296 wrote to memory of 1360	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 296 wrote to memory of 316	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 296 wrote to memory of 316	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 296 wrote to memory of 316	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 296 wrote to memory of 2184	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 296 wrote to memory of 2184	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 296 wrote to memory of 2184	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 296 wrote to memory of 2432	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 296 wrote to memory of 2432	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 296 wrote to memory of 2432	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 296 wrote to memory of 2012	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 296 wrote to memory of 2012	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 296 wrote to memory of 2012	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 296 wrote to memory of 2992	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 296 wrote to memory of 2992	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 296 wrote to memory of 2992	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 296 wrote to memory of 2808	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 296 wrote to memory of 2808	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 296 wrote to memory of 2808	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 296 wrote to memory of 2008	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 296 wrote to memory of 2008	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 296 wrote to memory of 2008	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 296 wrote to memory of 596	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 296 wrote to memory of 596	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 296 wrote to memory of 596	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 296 wrote to memory of 1268	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 296 wrote to memory of 1268	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 296 wrote to memory of 1268	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 296 wrote to memory of 1664	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 296 wrote to memory of 1664	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 296 wrote to memory of 1664	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 296 wrote to memory of 772	296	2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_ad0d90d3215dc6d8eac51b9d73ed75c5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:296
- C:\Windows\System\EWYBvIn.exe
  C:\Windows\System\EWYBvIn.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\kBMDtNA.exe
  C:\Windows\System\kBMDtNA.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\IrBZuyW.exe
  C:\Windows\System\IrBZuyW.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\btIPnRK.exe
  C:\Windows\System\btIPnRK.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\XydaQjf.exe
  C:\Windows\System\XydaQjf.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ngxDlIL.exe
  C:\Windows\System\ngxDlIL.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\egigFlh.exe
  C:\Windows\System\egigFlh.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\MEaiFRs.exe
  C:\Windows\System\MEaiFRs.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\yuHhbQB.exe
  C:\Windows\System\yuHhbQB.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\XkiTado.exe
  C:\Windows\System\XkiTado.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\uvOdoCs.exe
  C:\Windows\System\uvOdoCs.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\SZHgniU.exe
  C:\Windows\System\SZHgniU.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\VhbBuXZ.exe
  C:\Windows\System\VhbBuXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\XthCBGc.exe
  C:\Windows\System\XthCBGc.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\qYZMVjV.exe
  C:\Windows\System\qYZMVjV.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\SCmRJfQ.exe
  C:\Windows\System\SCmRJfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\eQamzCh.exe
  C:\Windows\System\eQamzCh.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\ZeemLjo.exe
  C:\Windows\System\ZeemLjo.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\vjlbDkA.exe
  C:\Windows\System\vjlbDkA.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\FyzAcon.exe
  C:\Windows\System\FyzAcon.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\JCZbNsz.exe
  C:\Windows\System\JCZbNsz.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ZSlkBWt.exe
  C:\Windows\System\ZSlkBWt.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\OvhzRzL.exe
  C:\Windows\System\OvhzRzL.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\tAfiNzS.exe
  C:\Windows\System\tAfiNzS.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\GoQmkBb.exe
  C:\Windows\System\GoQmkBb.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\xfEVxIb.exe
  C:\Windows\System\xfEVxIb.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\FTLgkVk.exe
  C:\Windows\System\FTLgkVk.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\HSEtoIS.exe
  C:\Windows\System\HSEtoIS.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\zoghWuf.exe
  C:\Windows\System\zoghWuf.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\dqtLhVg.exe
  C:\Windows\System\dqtLhVg.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ecgZoDL.exe
  C:\Windows\System\ecgZoDL.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\DlvhQTc.exe
  C:\Windows\System\DlvhQTc.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\DSOgzvO.exe
  C:\Windows\System\DSOgzvO.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\GlEhOEb.exe
  C:\Windows\System\GlEhOEb.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\tMgEeko.exe
  C:\Windows\System\tMgEeko.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\IXHlHsv.exe
  C:\Windows\System\IXHlHsv.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\tlNZHXM.exe
  C:\Windows\System\tlNZHXM.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\NMuHwaL.exe
  C:\Windows\System\NMuHwaL.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\mubEKDQ.exe
  C:\Windows\System\mubEKDQ.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\OqRABMe.exe
  C:\Windows\System\OqRABMe.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\VvCNlVc.exe
  C:\Windows\System\VvCNlVc.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\oGOAOfF.exe
  C:\Windows\System\oGOAOfF.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\YxOJyIW.exe
  C:\Windows\System\YxOJyIW.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\WYAhspp.exe
  C:\Windows\System\WYAhspp.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\CpCaBuz.exe
  C:\Windows\System\CpCaBuz.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\ksiSlfk.exe
  C:\Windows\System\ksiSlfk.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\khYkyIW.exe
  C:\Windows\System\khYkyIW.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\aKyNELi.exe
  C:\Windows\System\aKyNELi.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\XXZMCdl.exe
  C:\Windows\System\XXZMCdl.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\LGfVkzv.exe
  C:\Windows\System\LGfVkzv.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\MIOURkj.exe
  C:\Windows\System\MIOURkj.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\hgJeoPe.exe
  C:\Windows\System\hgJeoPe.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\BuNWItk.exe
  C:\Windows\System\BuNWItk.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\YGrfLQn.exe
  C:\Windows\System\YGrfLQn.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\lXcgJDb.exe
  C:\Windows\System\lXcgJDb.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\xdOhZPQ.exe
  C:\Windows\System\xdOhZPQ.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\BZedvJd.exe
  C:\Windows\System\BZedvJd.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\jtcAksT.exe
  C:\Windows\System\jtcAksT.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\cNbdsvg.exe
  C:\Windows\System\cNbdsvg.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\zsFuXbz.exe
  C:\Windows\System\zsFuXbz.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\ALMwWOZ.exe
  C:\Windows\System\ALMwWOZ.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\UrQcQga.exe
  C:\Windows\System\UrQcQga.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\Rkhcsnl.exe
  C:\Windows\System\Rkhcsnl.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\luosqol.exe
  C:\Windows\System\luosqol.exe
  2⤵
  PID:920
- C:\Windows\System\WJYdpWk.exe
  C:\Windows\System\WJYdpWk.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\oSLuJtA.exe
  C:\Windows\System\oSLuJtA.exe
  2⤵
  PID:2984
- C:\Windows\System\IVGODow.exe
  C:\Windows\System\IVGODow.exe
  2⤵
  PID:2784
- C:\Windows\System\mYDamKa.exe
  C:\Windows\System\mYDamKa.exe
  2⤵
  PID:2804
- C:\Windows\System\RfHYunR.exe
  C:\Windows\System\RfHYunR.exe
  2⤵
  PID:2648
- C:\Windows\System\uEjfdAz.exe
  C:\Windows\System\uEjfdAz.exe
  2⤵
  PID:1032
- C:\Windows\System\izqCgzY.exe
  C:\Windows\System\izqCgzY.exe
  2⤵
  PID:1088
- C:\Windows\System\EekkQyr.exe
  C:\Windows\System\EekkQyr.exe
  2⤵
  PID:2620
- C:\Windows\System\BgFtWan.exe
  C:\Windows\System\BgFtWan.exe
  2⤵
  PID:2376
- C:\Windows\System\QJPqlcl.exe
  C:\Windows\System\QJPqlcl.exe
  2⤵
  PID:2332
- C:\Windows\System\fjZTUJf.exe
  C:\Windows\System\fjZTUJf.exe
  2⤵
  PID:1648
- C:\Windows\System\eFBRvAp.exe
  C:\Windows\System\eFBRvAp.exe
  2⤵
  PID:1488
- C:\Windows\System\SuwvSim.exe
  C:\Windows\System\SuwvSim.exe
  2⤵
  PID:1856
- C:\Windows\System\FckGUkk.exe
  C:\Windows\System\FckGUkk.exe
  2⤵
  PID:1752
- C:\Windows\System\YQahHyM.exe
  C:\Windows\System\YQahHyM.exe
  2⤵
  PID:1692
- C:\Windows\System\ZzmNEEd.exe
  C:\Windows\System\ZzmNEEd.exe
  2⤵
  PID:2976
- C:\Windows\System\qgiakii.exe
  C:\Windows\System\qgiakii.exe
  2⤵
  PID:1996
- C:\Windows\System\VohatpX.exe
  C:\Windows\System\VohatpX.exe
  2⤵
  PID:2480
- C:\Windows\System\xkwnhea.exe
  C:\Windows\System\xkwnhea.exe
  2⤵
  PID:464
- C:\Windows\System\PAtlwIl.exe
  C:\Windows\System\PAtlwIl.exe
  2⤵
  PID:2460
- C:\Windows\System\BcdZxEC.exe
  C:\Windows\System\BcdZxEC.exe
  2⤵
  PID:2472
- C:\Windows\System\JLgwUDV.exe
  C:\Windows\System\JLgwUDV.exe
  2⤵
  PID:1784
- C:\Windows\System\oMAWhgv.exe
  C:\Windows\System\oMAWhgv.exe
  2⤵
  PID:2452
- C:\Windows\System\kfkkabb.exe
  C:\Windows\System\kfkkabb.exe
  2⤵
  PID:536
- C:\Windows\System\vEATTli.exe
  C:\Windows\System\vEATTli.exe
  2⤵
  PID:1744
- C:\Windows\System\jjCdnDE.exe
  C:\Windows\System\jjCdnDE.exe
  2⤵
  PID:1568
- C:\Windows\System\vELrfTS.exe
  C:\Windows\System\vELrfTS.exe
  2⤵
  PID:2772
- C:\Windows\System\BnrLRUE.exe
  C:\Windows\System\BnrLRUE.exe
  2⤵
  PID:1680
- C:\Windows\System\NyVUkcH.exe
  C:\Windows\System\NyVUkcH.exe
  2⤵
  PID:2572
- C:\Windows\System\KvKIJeO.exe
  C:\Windows\System\KvKIJeO.exe
  2⤵
  PID:2068
- C:\Windows\System\BQiWigm.exe
  C:\Windows\System\BQiWigm.exe
  2⤵
  PID:1000
- C:\Windows\System\QTilkYX.exe
  C:\Windows\System\QTilkYX.exe
  2⤵
  PID:2912
- C:\Windows\System\ZVuSNKl.exe
  C:\Windows\System\ZVuSNKl.exe
  2⤵
  PID:2448
- C:\Windows\System\nDlDtqT.exe
  C:\Windows\System\nDlDtqT.exe
  2⤵
  PID:2192
- C:\Windows\System\SbTQJIZ.exe
  C:\Windows\System\SbTQJIZ.exe
  2⤵
  PID:1296
- C:\Windows\System\sdDCHWB.exe
  C:\Windows\System\sdDCHWB.exe
  2⤵
  PID:1960
- C:\Windows\System\CxaFeOe.exe
  C:\Windows\System\CxaFeOe.exe
  2⤵
  PID:1300
- C:\Windows\System\AMACcSp.exe
  C:\Windows\System\AMACcSp.exe
  2⤵
  PID:1964
- C:\Windows\System\calyEPD.exe
  C:\Windows\System\calyEPD.exe
  2⤵
  PID:1796
- C:\Windows\System\PpnBCgr.exe
  C:\Windows\System\PpnBCgr.exe
  2⤵
  PID:2036
- C:\Windows\System\yHeqrpu.exe
  C:\Windows\System\yHeqrpu.exe
  2⤵
  PID:1672
- C:\Windows\System\spDsSSY.exe
  C:\Windows\System\spDsSSY.exe
  2⤵
  PID:2396
- C:\Windows\System\UDtjqbB.exe
  C:\Windows\System\UDtjqbB.exe
  2⤵
  PID:1812
- C:\Windows\System\cxQHTKq.exe
  C:\Windows\System\cxQHTKq.exe
  2⤵
  PID:1984
- C:\Windows\System\VHdzzUi.exe
  C:\Windows\System\VHdzzUi.exe
  2⤵
  PID:3020
- C:\Windows\System\QNwWUQM.exe
  C:\Windows\System\QNwWUQM.exe
  2⤵
  PID:2672
- C:\Windows\System\KRmPZIC.exe
  C:\Windows\System\KRmPZIC.exe
  2⤵
  PID:2344
- C:\Windows\System\odOyzcj.exe
  C:\Windows\System\odOyzcj.exe
  2⤵
  PID:1932
- C:\Windows\System\Sjyeslz.exe
  C:\Windows\System\Sjyeslz.exe
  2⤵
  PID:3056
- C:\Windows\System\sVYNxaZ.exe
  C:\Windows\System\sVYNxaZ.exe
  2⤵
  PID:2348
- C:\Windows\System\DjXLUEU.exe
  C:\Windows\System\DjXLUEU.exe
  2⤵
  PID:3092
- C:\Windows\System\cdARlkB.exe
  C:\Windows\System\cdARlkB.exe
  2⤵
  PID:3112
- C:\Windows\System\BipNPmn.exe
  C:\Windows\System\BipNPmn.exe
  2⤵
  PID:3132
- C:\Windows\System\Irrymiw.exe
  C:\Windows\System\Irrymiw.exe
  2⤵
  PID:3148
- C:\Windows\System\dKJsYOi.exe
  C:\Windows\System\dKJsYOi.exe
  2⤵
  PID:3164
- C:\Windows\System\FKMXowM.exe
  C:\Windows\System\FKMXowM.exe
  2⤵
  PID:3180
- C:\Windows\System\smhrdNM.exe
  C:\Windows\System\smhrdNM.exe
  2⤵
  PID:3200
- C:\Windows\System\wrNleVd.exe
  C:\Windows\System\wrNleVd.exe
  2⤵
  PID:3224
- C:\Windows\System\BBqeDFz.exe
  C:\Windows\System\BBqeDFz.exe
  2⤵
  PID:3256
- C:\Windows\System\LrLpOvo.exe
  C:\Windows\System\LrLpOvo.exe
  2⤵
  PID:3272
- C:\Windows\System\OjHNVuz.exe
  C:\Windows\System\OjHNVuz.exe
  2⤵
  PID:3292
- C:\Windows\System\SKUdDbX.exe
  C:\Windows\System\SKUdDbX.exe
  2⤵
  PID:3312
- C:\Windows\System\MFbzTFC.exe
  C:\Windows\System\MFbzTFC.exe
  2⤵
  PID:3332
- C:\Windows\System\RWHNadY.exe
  C:\Windows\System\RWHNadY.exe
  2⤵
  PID:3348
- C:\Windows\System\lgsVUSY.exe
  C:\Windows\System\lgsVUSY.exe
  2⤵
  PID:3368
- C:\Windows\System\SBSoCUG.exe
  C:\Windows\System\SBSoCUG.exe
  2⤵
  PID:3388
- C:\Windows\System\GtnNtCT.exe
  C:\Windows\System\GtnNtCT.exe
  2⤵
  PID:3404
- C:\Windows\System\ySUleFC.exe
  C:\Windows\System\ySUleFC.exe
  2⤵
  PID:3424
- C:\Windows\System\BqQshSj.exe
  C:\Windows\System\BqQshSj.exe
  2⤵
  PID:3440
- C:\Windows\System\VIeYydG.exe
  C:\Windows\System\VIeYydG.exe
  2⤵
  PID:3460
- C:\Windows\System\axYMhzj.exe
  C:\Windows\System\axYMhzj.exe
  2⤵
  PID:3496
- C:\Windows\System\aiscjkG.exe
  C:\Windows\System\aiscjkG.exe
  2⤵
  PID:3512
- C:\Windows\System\Iidvjmp.exe
  C:\Windows\System\Iidvjmp.exe
  2⤵
  PID:3532
- C:\Windows\System\ozrXZnE.exe
  C:\Windows\System\ozrXZnE.exe
  2⤵
  PID:3556
- C:\Windows\System\mLbXTgr.exe
  C:\Windows\System\mLbXTgr.exe
  2⤵
  PID:3572
- C:\Windows\System\BwHTNQZ.exe
  C:\Windows\System\BwHTNQZ.exe
  2⤵
  PID:3592
- C:\Windows\System\WFJjNWc.exe
  C:\Windows\System\WFJjNWc.exe
  2⤵
  PID:3612
- C:\Windows\System\sOdOSoo.exe
  C:\Windows\System\sOdOSoo.exe
  2⤵
  PID:3632
- C:\Windows\System\yQsigzC.exe
  C:\Windows\System\yQsigzC.exe
  2⤵
  PID:3656
- C:\Windows\System\WJikLhn.exe
  C:\Windows\System\WJikLhn.exe
  2⤵
  PID:3676
- C:\Windows\System\RbIXzPx.exe
  C:\Windows\System\RbIXzPx.exe
  2⤵
  PID:3692
- C:\Windows\System\TBXxYqn.exe
  C:\Windows\System\TBXxYqn.exe
  2⤵
  PID:3716
- C:\Windows\System\NwLZbQq.exe
  C:\Windows\System\NwLZbQq.exe
  2⤵
  PID:3736
- C:\Windows\System\ahhjPie.exe
  C:\Windows\System\ahhjPie.exe
  2⤵
  PID:3756
- C:\Windows\System\sDthAJK.exe
  C:\Windows\System\sDthAJK.exe
  2⤵
  PID:3772
- C:\Windows\System\FhQxFSo.exe
  C:\Windows\System\FhQxFSo.exe
  2⤵
  PID:3792
- C:\Windows\System\mEbSmZy.exe
  C:\Windows\System\mEbSmZy.exe
  2⤵
  PID:3812
- C:\Windows\System\lMshfOV.exe
  C:\Windows\System\lMshfOV.exe
  2⤵
  PID:3828
- C:\Windows\System\UAlWpLQ.exe
  C:\Windows\System\UAlWpLQ.exe
  2⤵
  PID:3848
- C:\Windows\System\DvDwKom.exe
  C:\Windows\System\DvDwKom.exe
  2⤵
  PID:3868
- C:\Windows\System\LIulCxl.exe
  C:\Windows\System\LIulCxl.exe
  2⤵
  PID:3888
- C:\Windows\System\KYAmvqd.exe
  C:\Windows\System\KYAmvqd.exe
  2⤵
  PID:3908
- C:\Windows\System\camoGCP.exe
  C:\Windows\System\camoGCP.exe
  2⤵
  PID:3932
- C:\Windows\System\WzFBzUu.exe
  C:\Windows\System\WzFBzUu.exe
  2⤵
  PID:3952
- C:\Windows\System\AhdraGc.exe
  C:\Windows\System\AhdraGc.exe
  2⤵
  PID:3968
- C:\Windows\System\wWpPwCW.exe
  C:\Windows\System\wWpPwCW.exe
  2⤵
  PID:3992
- C:\Windows\System\YLLwybX.exe
  C:\Windows\System\YLLwybX.exe
  2⤵
  PID:4012
- C:\Windows\System\nftpwTf.exe
  C:\Windows\System\nftpwTf.exe
  2⤵
  PID:4028
- C:\Windows\System\xYmXpAb.exe
  C:\Windows\System\xYmXpAb.exe
  2⤵
  PID:4048
- C:\Windows\System\kPwAZhV.exe
  C:\Windows\System\kPwAZhV.exe
  2⤵
  PID:4064
- C:\Windows\System\tuufUCZ.exe
  C:\Windows\System\tuufUCZ.exe
  2⤵
  PID:4088
- C:\Windows\System\HcYVGtB.exe
  C:\Windows\System\HcYVGtB.exe
  2⤵
  PID:2728
- C:\Windows\System\PfFQwVJ.exe
  C:\Windows\System\PfFQwVJ.exe
  2⤵
  PID:648
- C:\Windows\System\KpJhevp.exe
  C:\Windows\System\KpJhevp.exe
  2⤵
  PID:1328
- C:\Windows\System\nuAPngT.exe
  C:\Windows\System\nuAPngT.exe
  2⤵
  PID:1736
- C:\Windows\System\HumLqVn.exe
  C:\Windows\System\HumLqVn.exe
  2⤵
  PID:2856
- C:\Windows\System\KrbRRKB.exe
  C:\Windows\System\KrbRRKB.exe
  2⤵
  PID:2596
- C:\Windows\System\ROhlkpu.exe
  C:\Windows\System\ROhlkpu.exe
  2⤵
  PID:2032
- C:\Windows\System\iTYWdZT.exe
  C:\Windows\System\iTYWdZT.exe
  2⤵
  PID:2920
- C:\Windows\System\UJLrVqs.exe
  C:\Windows\System\UJLrVqs.exe
  2⤵
  PID:480
- C:\Windows\System\sQUinhy.exe
  C:\Windows\System\sQUinhy.exe
  2⤵
  PID:3004
- C:\Windows\System\IDJuyoy.exe
  C:\Windows\System\IDJuyoy.exe
  2⤵
  PID:1620
- C:\Windows\System\KCBZcod.exe
  C:\Windows\System\KCBZcod.exe
  2⤵
  PID:3144
- C:\Windows\System\WrwzCVg.exe
  C:\Windows\System\WrwzCVg.exe
  2⤵
  PID:3220
- C:\Windows\System\vjsBgrb.exe
  C:\Windows\System\vjsBgrb.exe
  2⤵
  PID:3160
- C:\Windows\System\PqFJdLU.exe
  C:\Windows\System\PqFJdLU.exe
  2⤵
  PID:3236
- C:\Windows\System\OgMmHen.exe
  C:\Windows\System\OgMmHen.exe
  2⤵
  PID:3264
- C:\Windows\System\cIMlgdF.exe
  C:\Windows\System\cIMlgdF.exe
  2⤵
  PID:3244
- C:\Windows\System\ZcTItKd.exe
  C:\Windows\System\ZcTItKd.exe
  2⤵
  PID:3284
- C:\Windows\System\sLCPTdM.exe
  C:\Windows\System\sLCPTdM.exe
  2⤵
  PID:3328
- C:\Windows\System\rshKypW.exe
  C:\Windows\System\rshKypW.exe
  2⤵
  PID:3412
- C:\Windows\System\AHaORDg.exe
  C:\Windows\System\AHaORDg.exe
  2⤵
  PID:3452
- C:\Windows\System\AjddaDq.exe
  C:\Windows\System\AjddaDq.exe
  2⤵
  PID:3396
- C:\Windows\System\yKCssAN.exe
  C:\Windows\System\yKCssAN.exe
  2⤵
  PID:3504
- C:\Windows\System\HftVVRq.exe
  C:\Windows\System\HftVVRq.exe
  2⤵
  PID:3476
- C:\Windows\System\ZkhPBcn.exe
  C:\Windows\System\ZkhPBcn.exe
  2⤵
  PID:3548
- C:\Windows\System\odbPQIx.exe
  C:\Windows\System\odbPQIx.exe
  2⤵
  PID:3620
- C:\Windows\System\wYVlauc.exe
  C:\Windows\System\wYVlauc.exe
  2⤵
  PID:3568
- C:\Windows\System\UKSmmcY.exe
  C:\Windows\System\UKSmmcY.exe
  2⤵
  PID:3604
- C:\Windows\System\qiLpvjZ.exe
  C:\Windows\System\qiLpvjZ.exe
  2⤵
  PID:3712
- C:\Windows\System\XTvoSLo.exe
  C:\Windows\System\XTvoSLo.exe
  2⤵
  PID:3648
- C:\Windows\System\CApdSGU.exe
  C:\Windows\System\CApdSGU.exe
  2⤵
  PID:3724
- C:\Windows\System\bSjsbpf.exe
  C:\Windows\System\bSjsbpf.exe
  2⤵
  PID:3780
- C:\Windows\System\gsaVVBk.exe
  C:\Windows\System\gsaVVBk.exe
  2⤵
  PID:3824
- C:\Windows\System\mbuvBQk.exe
  C:\Windows\System\mbuvBQk.exe
  2⤵
  PID:3896
- C:\Windows\System\WjIrRRL.exe
  C:\Windows\System\WjIrRRL.exe
  2⤵
  PID:3876
- C:\Windows\System\HPtgSXG.exe
  C:\Windows\System\HPtgSXG.exe
  2⤵
  PID:3836
- C:\Windows\System\mTCrkFQ.exe
  C:\Windows\System\mTCrkFQ.exe
  2⤵
  PID:3980
- C:\Windows\System\cuwqbvY.exe
  C:\Windows\System\cuwqbvY.exe
  2⤵
  PID:4024
- C:\Windows\System\xyXxxZh.exe
  C:\Windows\System\xyXxxZh.exe
  2⤵
  PID:3916
- C:\Windows\System\VFVqlxP.exe
  C:\Windows\System\VFVqlxP.exe
  2⤵
  PID:4000
- C:\Windows\System\acScumz.exe
  C:\Windows\System\acScumz.exe
  2⤵
  PID:2952
- C:\Windows\System\QXSofqH.exe
  C:\Windows\System\QXSofqH.exe
  2⤵
  PID:1764
- C:\Windows\System\tWwRWtq.exe
  C:\Windows\System\tWwRWtq.exe
  2⤵
  PID:328
- C:\Windows\System\lCgQQXw.exe
  C:\Windows\System\lCgQQXw.exe
  2⤵
  PID:344
- C:\Windows\System\CPRTLTc.exe
  C:\Windows\System\CPRTLTc.exe
  2⤵
  PID:2536
- C:\Windows\System\TohCwBH.exe
  C:\Windows\System\TohCwBH.exe
  2⤵
  PID:892
- C:\Windows\System\diStHam.exe
  C:\Windows\System\diStHam.exe
  2⤵
  PID:1908
- C:\Windows\System\RjjYMYP.exe
  C:\Windows\System\RjjYMYP.exe
  2⤵
  PID:1240
- C:\Windows\System\uNCOEjy.exe
  C:\Windows\System\uNCOEjy.exe
  2⤵
  PID:3212
- C:\Windows\System\QYcaWhc.exe
  C:\Windows\System\QYcaWhc.exe
  2⤵
  PID:3088
- C:\Windows\System\FLHwklM.exe
  C:\Windows\System\FLHwklM.exe
  2⤵
  PID:3120
- C:\Windows\System\RfAFIvu.exe
  C:\Windows\System\RfAFIvu.exe
  2⤵
  PID:3324
- C:\Windows\System\JyHucay.exe
  C:\Windows\System\JyHucay.exe
  2⤵
  PID:3252
- C:\Windows\System\NkMxJDB.exe
  C:\Windows\System\NkMxJDB.exe
  2⤵
  PID:3380
- C:\Windows\System\ERqScOh.exe
  C:\Windows\System\ERqScOh.exe
  2⤵
  PID:3492
- C:\Windows\System\OzRsLvQ.exe
  C:\Windows\System\OzRsLvQ.exe
  2⤵
  PID:3524
- C:\Windows\System\TbVUAoO.exe
  C:\Windows\System\TbVUAoO.exe
  2⤵
  PID:3700
- C:\Windows\System\QJlFMut.exe
  C:\Windows\System\QJlFMut.exe
  2⤵
  PID:3540
- C:\Windows\System\FKSNYni.exe
  C:\Windows\System\FKSNYni.exe
  2⤵
  PID:3784
- C:\Windows\System\vdyIoaf.exe
  C:\Windows\System\vdyIoaf.exe
  2⤵
  PID:3588
- C:\Windows\System\cRUFrvR.exe
  C:\Windows\System\cRUFrvR.exe
  2⤵
  PID:3940
- C:\Windows\System\LWMIVfK.exe
  C:\Windows\System\LWMIVfK.exe
  2⤵
  PID:3860
- C:\Windows\System\YFHiJWZ.exe
  C:\Windows\System\YFHiJWZ.exe
  2⤵
  PID:3808
- C:\Windows\System\yFezbwS.exe
  C:\Windows\System\yFezbwS.exe
  2⤵
  PID:3800
- C:\Windows\System\WAlxjFF.exe
  C:\Windows\System\WAlxjFF.exe
  2⤵
  PID:2568
- C:\Windows\System\dmKsDJm.exe
  C:\Windows\System\dmKsDJm.exe
  2⤵
  PID:2076
- C:\Windows\System\rzbDLpx.exe
  C:\Windows\System\rzbDLpx.exe
  2⤵
  PID:4008
- C:\Windows\System\oBvuBcI.exe
  C:\Windows\System\oBvuBcI.exe
  2⤵
  PID:3104
- C:\Windows\System\opBoBTk.exe
  C:\Windows\System\opBoBTk.exe
  2⤵
  PID:1544
- C:\Windows\System\TQDthED.exe
  C:\Windows\System\TQDthED.exe
  2⤵
  PID:1432
- C:\Windows\System\vOAAXdt.exe
  C:\Windows\System\vOAAXdt.exe
  2⤵
  PID:3232
- C:\Windows\System\JsBpTWM.exe
  C:\Windows\System\JsBpTWM.exe
  2⤵
  PID:3420
- C:\Windows\System\ZJvIcbu.exe
  C:\Windows\System\ZJvIcbu.exe
  2⤵
  PID:3080
- C:\Windows\System\fPHrTwV.exe
  C:\Windows\System\fPHrTwV.exe
  2⤵
  PID:3564
- C:\Windows\System\aWjVZER.exe
  C:\Windows\System\aWjVZER.exe
  2⤵
  PID:3688
- C:\Windows\System\ytxAGkd.exe
  C:\Windows\System\ytxAGkd.exe
  2⤵
  PID:3820
- C:\Windows\System\TlyIzLo.exe
  C:\Windows\System\TlyIzLo.exe
  2⤵
  PID:4108
- C:\Windows\System\qtLBQmG.exe
  C:\Windows\System\qtLBQmG.exe
  2⤵
  PID:4124
- C:\Windows\System\uDyeKcp.exe
  C:\Windows\System\uDyeKcp.exe
  2⤵
  PID:4140
- C:\Windows\System\iUGfLRl.exe
  C:\Windows\System\iUGfLRl.exe
  2⤵
  PID:4164
- C:\Windows\System\RJWdYTw.exe
  C:\Windows\System\RJWdYTw.exe
  2⤵
  PID:4184
- C:\Windows\System\JVaUfkj.exe
  C:\Windows\System\JVaUfkj.exe
  2⤵
  PID:4228
- C:\Windows\System\FLjOuii.exe
  C:\Windows\System\FLjOuii.exe
  2⤵
  PID:4248
- C:\Windows\System\WlSFQkk.exe
  C:\Windows\System\WlSFQkk.exe
  2⤵
  PID:4268
- C:\Windows\System\ZINAcYA.exe
  C:\Windows\System\ZINAcYA.exe
  2⤵
  PID:4288
- C:\Windows\System\xjiLRwD.exe
  C:\Windows\System\xjiLRwD.exe
  2⤵
  PID:4308
- C:\Windows\System\KIfknGF.exe
  C:\Windows\System\KIfknGF.exe
  2⤵
  PID:4332
- C:\Windows\System\CCaYpAm.exe
  C:\Windows\System\CCaYpAm.exe
  2⤵
  PID:4348
- C:\Windows\System\blXucnK.exe
  C:\Windows\System\blXucnK.exe
  2⤵
  PID:4372
- C:\Windows\System\nRPbnQn.exe
  C:\Windows\System\nRPbnQn.exe
  2⤵
  PID:4392
- C:\Windows\System\kYinSrt.exe
  C:\Windows\System\kYinSrt.exe
  2⤵
  PID:4408
- C:\Windows\System\GApoRXe.exe
  C:\Windows\System\GApoRXe.exe
  2⤵
  PID:4432
- C:\Windows\System\goMJoZq.exe
  C:\Windows\System\goMJoZq.exe
  2⤵
  PID:4448
- C:\Windows\System\xirFEsK.exe
  C:\Windows\System\xirFEsK.exe
  2⤵
  PID:4472
- C:\Windows\System\CqAyLAu.exe
  C:\Windows\System\CqAyLAu.exe
  2⤵
  PID:4488
- C:\Windows\System\PoyaWcM.exe
  C:\Windows\System\PoyaWcM.exe
  2⤵
  PID:4508
- C:\Windows\System\oInbvhN.exe
  C:\Windows\System\oInbvhN.exe
  2⤵
  PID:4528
- C:\Windows\System\KVWvyGp.exe
  C:\Windows\System\KVWvyGp.exe
  2⤵
  PID:4548
- C:\Windows\System\wKGkQdF.exe
  C:\Windows\System\wKGkQdF.exe
  2⤵
  PID:4572
- C:\Windows\System\iwmXXyW.exe
  C:\Windows\System\iwmXXyW.exe
  2⤵
  PID:4588
- C:\Windows\System\VJwawnN.exe
  C:\Windows\System\VJwawnN.exe
  2⤵
  PID:4608
- C:\Windows\System\rmIDEhq.exe
  C:\Windows\System\rmIDEhq.exe
  2⤵
  PID:4624
- C:\Windows\System\QFspTYU.exe
  C:\Windows\System\QFspTYU.exe
  2⤵
  PID:4644
- C:\Windows\System\dTUrZYb.exe
  C:\Windows\System\dTUrZYb.exe
  2⤵
  PID:4672
- C:\Windows\System\BydZkNt.exe
  C:\Windows\System\BydZkNt.exe
  2⤵
  PID:4692
- C:\Windows\System\DeSubqj.exe
  C:\Windows\System\DeSubqj.exe
  2⤵
  PID:4708
- C:\Windows\System\qgSiFRT.exe
  C:\Windows\System\qgSiFRT.exe
  2⤵
  PID:4728
- C:\Windows\System\FVAqUfr.exe
  C:\Windows\System\FVAqUfr.exe
  2⤵
  PID:4748
- C:\Windows\System\ACNnSzL.exe
  C:\Windows\System\ACNnSzL.exe
  2⤵
  PID:4764
- C:\Windows\System\vLqVOOJ.exe
  C:\Windows\System\vLqVOOJ.exe
  2⤵
  PID:4788
- C:\Windows\System\waNwiwV.exe
  C:\Windows\System\waNwiwV.exe
  2⤵
  PID:4808
- C:\Windows\System\HKZiTkh.exe
  C:\Windows\System\HKZiTkh.exe
  2⤵
  PID:4828
- C:\Windows\System\iSYkZFv.exe
  C:\Windows\System\iSYkZFv.exe
  2⤵
  PID:4844
- C:\Windows\System\vwiDkmO.exe
  C:\Windows\System\vwiDkmO.exe
  2⤵
  PID:4860
- C:\Windows\System\bPmXVPA.exe
  C:\Windows\System\bPmXVPA.exe
  2⤵
  PID:4884
- C:\Windows\System\mGcgusX.exe
  C:\Windows\System\mGcgusX.exe
  2⤵
  PID:4908
- C:\Windows\System\mauKDfS.exe
  C:\Windows\System\mauKDfS.exe
  2⤵
  PID:4932
- C:\Windows\System\tbpcoUD.exe
  C:\Windows\System\tbpcoUD.exe
  2⤵
  PID:4948
- C:\Windows\System\qVtuiYl.exe
  C:\Windows\System\qVtuiYl.exe
  2⤵
  PID:4968
- C:\Windows\System\GXoGVPL.exe
  C:\Windows\System\GXoGVPL.exe
  2⤵
  PID:4984
- C:\Windows\System\XHtHiqZ.exe
  C:\Windows\System\XHtHiqZ.exe
  2⤵
  PID:5008
- C:\Windows\System\LZGsZDF.exe
  C:\Windows\System\LZGsZDF.exe
  2⤵
  PID:5024
- C:\Windows\System\xJrooEE.exe
  C:\Windows\System\xJrooEE.exe
  2⤵
  PID:5048
- C:\Windows\System\GXxDRyT.exe
  C:\Windows\System\GXxDRyT.exe
  2⤵
  PID:5068
- C:\Windows\System\PYqAqss.exe
  C:\Windows\System\PYqAqss.exe
  2⤵
  PID:5088
- C:\Windows\System\GmwNxiq.exe
  C:\Windows\System\GmwNxiq.exe
  2⤵
  PID:5108
- C:\Windows\System\MGSxbFZ.exe
  C:\Windows\System\MGSxbFZ.exe
  2⤵
  PID:4036
- C:\Windows\System\ROIDtHf.exe
  C:\Windows\System\ROIDtHf.exe
  2⤵
  PID:3304
- C:\Windows\System\uPmdKOo.exe
  C:\Windows\System\uPmdKOo.exe
  2⤵
  PID:4072
- C:\Windows\System\DulYXXq.exe
  C:\Windows\System\DulYXXq.exe
  2⤵
  PID:3064
- C:\Windows\System\CPXEEwB.exe
  C:\Windows\System\CPXEEwB.exe
  2⤵
  PID:3100
- C:\Windows\System\povIxJn.exe
  C:\Windows\System\povIxJn.exe
  2⤵
  PID:3864
- C:\Windows\System\TyjwNhF.exe
  C:\Windows\System\TyjwNhF.exe
  2⤵
  PID:3768
- C:\Windows\System\hvfIyKN.exe
  C:\Windows\System\hvfIyKN.exe
  2⤵
  PID:3804
- C:\Windows\System\havfJuE.exe
  C:\Windows\System\havfJuE.exe
  2⤵
  PID:2232
- C:\Windows\System\TOSiZnr.exe
  C:\Windows\System\TOSiZnr.exe
  2⤵
  PID:4136
- C:\Windows\System\awciNxo.exe
  C:\Windows\System\awciNxo.exe
  2⤵
  PID:4180
- C:\Windows\System\NOoLJJC.exe
  C:\Windows\System\NOoLJJC.exe
  2⤵
  PID:3900
- C:\Windows\System\iDxzIDW.exe
  C:\Windows\System\iDxzIDW.exe
  2⤵
  PID:3300
- C:\Windows\System\yHBIidB.exe
  C:\Windows\System\yHBIidB.exe
  2⤵
  PID:4236
- C:\Windows\System\iGYjciF.exe
  C:\Windows\System\iGYjciF.exe
  2⤵
  PID:4196
- C:\Windows\System\TsKIMZW.exe
  C:\Windows\System\TsKIMZW.exe
  2⤵
  PID:4208
- C:\Windows\System\dLVPKye.exe
  C:\Windows\System\dLVPKye.exe
  2⤵
  PID:4224
- C:\Windows\System\cRfhSEc.exe
  C:\Windows\System\cRfhSEc.exe
  2⤵
  PID:4324
- C:\Windows\System\VVdBHuz.exe
  C:\Windows\System\VVdBHuz.exe
  2⤵
  PID:4400
- C:\Windows\System\tnfmggo.exe
  C:\Windows\System\tnfmggo.exe
  2⤵
  PID:4440
- C:\Windows\System\XsHzhGI.exe
  C:\Windows\System\XsHzhGI.exe
  2⤵
  PID:4380
- C:\Windows\System\tyEBpoE.exe
  C:\Windows\System\tyEBpoE.exe
  2⤵
  PID:4424
- C:\Windows\System\svcePdl.exe
  C:\Windows\System\svcePdl.exe
  2⤵
  PID:4524
- C:\Windows\System\gEHboFJ.exe
  C:\Windows\System\gEHboFJ.exe
  2⤵
  PID:4464
- C:\Windows\System\eadNFmk.exe
  C:\Windows\System\eadNFmk.exe
  2⤵
  PID:4500
- C:\Windows\System\OuvepSH.exe
  C:\Windows\System\OuvepSH.exe
  2⤵
  PID:4596
- C:\Windows\System\qrTNCDJ.exe
  C:\Windows\System\qrTNCDJ.exe
  2⤵
  PID:4636
- C:\Windows\System\rwlUlrN.exe
  C:\Windows\System\rwlUlrN.exe
  2⤵
  PID:4684
- C:\Windows\System\nBWIeEj.exe
  C:\Windows\System\nBWIeEj.exe
  2⤵
  PID:4756
- C:\Windows\System\FGVeToM.exe
  C:\Windows\System\FGVeToM.exe
  2⤵
  PID:4616
- C:\Windows\System\NcQzdrz.exe
  C:\Windows\System\NcQzdrz.exe
  2⤵
  PID:4700
- C:\Windows\System\ieFEucc.exe
  C:\Windows\System\ieFEucc.exe
  2⤵
  PID:4740
- C:\Windows\System\STcYSfK.exe
  C:\Windows\System\STcYSfK.exe
  2⤵
  PID:4872
- C:\Windows\System\RLQCtyC.exe
  C:\Windows\System\RLQCtyC.exe
  2⤵
  PID:4780
- C:\Windows\System\fnqOrQi.exe
  C:\Windows\System\fnqOrQi.exe
  2⤵
  PID:4820
- C:\Windows\System\nOHnNmJ.exe
  C:\Windows\System\nOHnNmJ.exe
  2⤵
  PID:4892
- C:\Windows\System\YuwdPJU.exe
  C:\Windows\System\YuwdPJU.exe
  2⤵
  PID:4956
- C:\Windows\System\lhlCvaV.exe
  C:\Windows\System\lhlCvaV.exe
  2⤵
  PID:4904
- C:\Windows\System\sQCHkZI.exe
  C:\Windows\System\sQCHkZI.exe
  2⤵
  PID:5036
- C:\Windows\System\hwEDUTV.exe
  C:\Windows\System\hwEDUTV.exe
  2⤵
  PID:4976
- C:\Windows\System\ESykTEd.exe
  C:\Windows\System\ESykTEd.exe
  2⤵
  PID:5084
- C:\Windows\System\biazZqR.exe
  C:\Windows\System\biazZqR.exe
  2⤵
  PID:5060
- C:\Windows\System\IzoIVmG.exe
  C:\Windows\System\IzoIVmG.exe
  2⤵
  PID:1972
- C:\Windows\System\qcQSyvW.exe
  C:\Windows\System\qcQSyvW.exe
  2⤵
  PID:5104
- C:\Windows\System\iHDwxMQ.exe
  C:\Windows\System\iHDwxMQ.exe
  2⤵
  PID:3208
- C:\Windows\System\dMRwJuM.exe
  C:\Windows\System\dMRwJuM.exe
  2⤵
  PID:2020
- C:\Windows\System\UAhVtHq.exe
  C:\Windows\System\UAhVtHq.exe
  2⤵
  PID:4120
- C:\Windows\System\ZbuokCw.exe
  C:\Windows\System\ZbuokCw.exe
  2⤵
  PID:3472
- C:\Windows\System\HmUoDLU.exe
  C:\Windows\System\HmUoDLU.exe
  2⤵
  PID:3964
- C:\Windows\System\kNFWDPw.exe
  C:\Windows\System\kNFWDPw.exe
  2⤵
  PID:4276
- C:\Windows\System\GWEXIdb.exe
  C:\Windows\System\GWEXIdb.exe
  2⤵
  PID:4004
- C:\Windows\System\FPxoEgu.exe
  C:\Windows\System\FPxoEgu.exe
  2⤵
  PID:4360
- C:\Windows\System\jVbbCVS.exe
  C:\Windows\System\jVbbCVS.exe
  2⤵
  PID:4480
- C:\Windows\System\vVUseLD.exe
  C:\Windows\System\vVUseLD.exe
  2⤵
  PID:4568
- C:\Windows\System\UQEFqLz.exe
  C:\Windows\System\UQEFqLz.exe
  2⤵
  PID:4280
- C:\Windows\System\DfJmDcx.exe
  C:\Windows\System\DfJmDcx.exe
  2⤵
  PID:4300
- C:\Windows\System\nAxjXPP.exe
  C:\Windows\System\nAxjXPP.exe
  2⤵
  PID:4660
- C:\Windows\System\QUCbnUu.exe
  C:\Windows\System\QUCbnUu.exe
  2⤵
  PID:4416
- C:\Windows\System\cOHSrNv.exe
  C:\Windows\System\cOHSrNv.exe
  2⤵
  PID:4468
- C:\Windows\System\PYEXTrM.exe
  C:\Windows\System\PYEXTrM.exe
  2⤵
  PID:4784
- C:\Windows\System\jVPbhob.exe
  C:\Windows\System\jVPbhob.exe
  2⤵
  PID:4924
- C:\Windows\System\lceEYYm.exe
  C:\Windows\System\lceEYYm.exe
  2⤵
  PID:4980
- C:\Windows\System\pcYpBQc.exe
  C:\Windows\System\pcYpBQc.exe
  2⤵
  PID:4580
- C:\Windows\System\AnAvJUg.exe
  C:\Windows\System\AnAvJUg.exe
  2⤵
  PID:5016
- C:\Windows\System\ADPdLSH.exe
  C:\Windows\System\ADPdLSH.exe
  2⤵
  PID:3280
- C:\Windows\System\jEqdgxJ.exe
  C:\Windows\System\jEqdgxJ.exe
  2⤵
  PID:4900
- C:\Windows\System\tWhqORW.exe
  C:\Windows\System\tWhqORW.exe
  2⤵
  PID:3752
- C:\Windows\System\ChwdRix.exe
  C:\Windows\System\ChwdRix.exe
  2⤵
  PID:5096
- C:\Windows\System\TwmjueT.exe
  C:\Windows\System\TwmjueT.exe
  2⤵
  PID:5116
- C:\Windows\System\zfQwwlm.exe
  C:\Windows\System\zfQwwlm.exe
  2⤵
  PID:3488
- C:\Windows\System\kgsChjo.exe
  C:\Windows\System\kgsChjo.exe
  2⤵
  PID:3976
- C:\Windows\System\GMCRyft.exe
  C:\Windows\System\GMCRyft.exe
  2⤵
  PID:2776
- C:\Windows\System\rmvvYWB.exe
  C:\Windows\System\rmvvYWB.exe
  2⤵
  PID:4044
- C:\Windows\System\ubldjXP.exe
  C:\Windows\System\ubldjXP.exe
  2⤵
  PID:4344
- C:\Windows\System\WbyRwYo.exe
  C:\Windows\System\WbyRwYo.exe
  2⤵
  PID:4460
- C:\Windows\System\MolllMf.exe
  C:\Windows\System\MolllMf.exe
  2⤵
  PID:4084
- C:\Windows\System\kJZPITw.exe
  C:\Windows\System\kJZPITw.exe
  2⤵
  PID:5020
- C:\Windows\System\COzxsZE.exe
  C:\Windows\System\COzxsZE.exe
  2⤵
  PID:4640
- C:\Windows\System\nwShpXH.exe
  C:\Windows\System\nwShpXH.exe
  2⤵
  PID:3356
- C:\Windows\System\bJzZYrQ.exe
  C:\Windows\System\bJzZYrQ.exe
  2⤵
  PID:5040
- C:\Windows\System\IfpdYie.exe
  C:\Windows\System\IfpdYie.exe
  2⤵
  PID:4388
- C:\Windows\System\YHfTynU.exe
  C:\Windows\System\YHfTynU.exe
  2⤵
  PID:4940
- C:\Windows\System\yExSPOl.exe
  C:\Windows\System\yExSPOl.exe
  2⤵
  PID:4220
- C:\Windows\System\CsobvaE.exe
  C:\Windows\System\CsobvaE.exe
  2⤵
  PID:4856
- C:\Windows\System\cfOHwug.exe
  C:\Windows\System\cfOHwug.exe
  2⤵
  PID:5144
- C:\Windows\System\AWQuQGj.exe
  C:\Windows\System\AWQuQGj.exe
  2⤵
  PID:5160
- C:\Windows\System\CQOCGmz.exe
  C:\Windows\System\CQOCGmz.exe
  2⤵
  PID:5184
- C:\Windows\System\NTbuEes.exe
  C:\Windows\System\NTbuEes.exe
  2⤵
  PID:5204
- C:\Windows\System\ucXuJUO.exe
  C:\Windows\System\ucXuJUO.exe
  2⤵
  PID:5224
- C:\Windows\System\RMqOpsZ.exe
  C:\Windows\System\RMqOpsZ.exe
  2⤵
  PID:5240
- C:\Windows\System\tMjNiFS.exe
  C:\Windows\System\tMjNiFS.exe
  2⤵
  PID:5264
- C:\Windows\System\XYUyAfS.exe
  C:\Windows\System\XYUyAfS.exe
  2⤵
  PID:5284
- C:\Windows\System\AURMnQG.exe
  C:\Windows\System\AURMnQG.exe
  2⤵
  PID:5304
- C:\Windows\System\tbuBXXA.exe
  C:\Windows\System\tbuBXXA.exe
  2⤵
  PID:5320
- C:\Windows\System\oJvIatR.exe
  C:\Windows\System\oJvIatR.exe
  2⤵
  PID:5344
- C:\Windows\System\AxmmwVk.exe
  C:\Windows\System\AxmmwVk.exe
  2⤵
  PID:5364
- C:\Windows\System\mAyWTQi.exe
  C:\Windows\System\mAyWTQi.exe
  2⤵
  PID:5380
- C:\Windows\System\acxKcXt.exe
  C:\Windows\System\acxKcXt.exe
  2⤵
  PID:5400
- C:\Windows\System\HZddhIZ.exe
  C:\Windows\System\HZddhIZ.exe
  2⤵
  PID:5420
- C:\Windows\System\rjcInQU.exe
  C:\Windows\System\rjcInQU.exe
  2⤵
  PID:5440
- C:\Windows\System\rVhzHFY.exe
  C:\Windows\System\rVhzHFY.exe
  2⤵
  PID:5464
- C:\Windows\System\tVseMIf.exe
  C:\Windows\System\tVseMIf.exe
  2⤵
  PID:5480
- C:\Windows\System\kROzAOf.exe
  C:\Windows\System\kROzAOf.exe
  2⤵
  PID:5504
- C:\Windows\System\ETDGQEh.exe
  C:\Windows\System\ETDGQEh.exe
  2⤵
  PID:5528
- C:\Windows\System\MUNRmvC.exe
  C:\Windows\System\MUNRmvC.exe
  2⤵
  PID:5544
- C:\Windows\System\YDTmBAv.exe
  C:\Windows\System\YDTmBAv.exe
  2⤵
  PID:5564
- C:\Windows\System\moNrXMK.exe
  C:\Windows\System\moNrXMK.exe
  2⤵
  PID:5588
- C:\Windows\System\duWJrLp.exe
  C:\Windows\System\duWJrLp.exe
  2⤵
  PID:5608
- C:\Windows\System\ncruIDj.exe
  C:\Windows\System\ncruIDj.exe
  2⤵
  PID:5624
- C:\Windows\System\NigjFWU.exe
  C:\Windows\System\NigjFWU.exe
  2⤵
  PID:5644
- C:\Windows\System\zXLDxDT.exe
  C:\Windows\System\zXLDxDT.exe
  2⤵
  PID:5668
- C:\Windows\System\JJNwaWs.exe
  C:\Windows\System\JJNwaWs.exe
  2⤵
  PID:5688
- C:\Windows\System\TWkwivB.exe
  C:\Windows\System\TWkwivB.exe
  2⤵
  PID:5708
- C:\Windows\System\bftFneR.exe
  C:\Windows\System\bftFneR.exe
  2⤵
  PID:5728
- C:\Windows\System\TNQqCyT.exe
  C:\Windows\System\TNQqCyT.exe
  2⤵
  PID:5748
- C:\Windows\System\MGxTaly.exe
  C:\Windows\System\MGxTaly.exe
  2⤵
  PID:5764
- C:\Windows\System\xFEjnPE.exe
  C:\Windows\System\xFEjnPE.exe
  2⤵
  PID:5784
- C:\Windows\System\UPGxgky.exe
  C:\Windows\System\UPGxgky.exe
  2⤵
  PID:5804
- C:\Windows\System\RfFKZQO.exe
  C:\Windows\System\RfFKZQO.exe
  2⤵
  PID:5824
- C:\Windows\System\XFtTXNx.exe
  C:\Windows\System\XFtTXNx.exe
  2⤵
  PID:5840
- C:\Windows\System\yILtKnh.exe
  C:\Windows\System\yILtKnh.exe
  2⤵
  PID:5868
- C:\Windows\System\wGraiET.exe
  C:\Windows\System\wGraiET.exe
  2⤵
  PID:5884
- C:\Windows\System\BFfaOuU.exe
  C:\Windows\System\BFfaOuU.exe
  2⤵
  PID:5908
- C:\Windows\System\fbwvIze.exe
  C:\Windows\System\fbwvIze.exe
  2⤵
  PID:5924
- C:\Windows\System\vOtIBwe.exe
  C:\Windows\System\vOtIBwe.exe
  2⤵
  PID:5944
- C:\Windows\System\MZDJZfV.exe
  C:\Windows\System\MZDJZfV.exe
  2⤵
  PID:5964
- C:\Windows\System\NLgBpDh.exe
  C:\Windows\System\NLgBpDh.exe
  2⤵
  PID:5988
- C:\Windows\System\QbPxpSK.exe
  C:\Windows\System\QbPxpSK.exe
  2⤵
  PID:6004
- C:\Windows\System\IcRRWEc.exe
  C:\Windows\System\IcRRWEc.exe
  2⤵
  PID:6020
- C:\Windows\System\OQyJjqV.exe
  C:\Windows\System\OQyJjqV.exe
  2⤵
  PID:6040
- C:\Windows\System\BxZXlCP.exe
  C:\Windows\System\BxZXlCP.exe
  2⤵
  PID:6056
- C:\Windows\System\gQAmSqI.exe
  C:\Windows\System\gQAmSqI.exe
  2⤵
  PID:6076
- C:\Windows\System\THhNXzt.exe
  C:\Windows\System\THhNXzt.exe
  2⤵
  PID:6096
- C:\Windows\System\oZWcEio.exe
  C:\Windows\System\oZWcEio.exe
  2⤵
  PID:6116
- C:\Windows\System\HwEcRkI.exe
  C:\Windows\System\HwEcRkI.exe
  2⤵
  PID:6132
- C:\Windows\System\ZaFVqly.exe
  C:\Windows\System\ZaFVqly.exe
  2⤵
  PID:4284
- C:\Windows\System\lFtINPt.exe
  C:\Windows\System\lFtINPt.exe
  2⤵
  PID:3288
- C:\Windows\System\csofFjc.exe
  C:\Windows\System\csofFjc.exe
  2⤵
  PID:4920
- C:\Windows\System\zSaNZCM.exe
  C:\Windows\System\zSaNZCM.exe
  2⤵
  PID:4620
- C:\Windows\System\XicfXMj.exe
  C:\Windows\System\XicfXMj.exe
  2⤵
  PID:4564
- C:\Windows\System\ZpZlDRH.exe
  C:\Windows\System\ZpZlDRH.exe
  2⤵
  PID:3944
- C:\Windows\System\izqqRFO.exe
  C:\Windows\System\izqqRFO.exe
  2⤵
  PID:3544
- C:\Windows\System\HImqHhq.exe
  C:\Windows\System\HImqHhq.exe
  2⤵
  PID:5032
- C:\Windows\System\QHIhcBf.exe
  C:\Windows\System\QHIhcBf.exe
  2⤵
  PID:4800
- C:\Windows\System\PvegUrh.exe
  C:\Windows\System\PvegUrh.exe
  2⤵
  PID:5152
- C:\Windows\System\qsPLmaA.exe
  C:\Windows\System\qsPLmaA.exe
  2⤵
  PID:5176
- C:\Windows\System\aQSEVEm.exe
  C:\Windows\System\aQSEVEm.exe
  2⤵
  PID:5252
- C:\Windows\System\SQjyItH.exe
  C:\Windows\System\SQjyItH.exe
  2⤵
  PID:5200
- C:\Windows\System\jvwWnxd.exe
  C:\Windows\System\jvwWnxd.exe
  2⤵
  PID:5292
- C:\Windows\System\oaILttW.exe
  C:\Windows\System\oaILttW.exe
  2⤵
  PID:5340
- C:\Windows\System\eSnJtWe.exe
  C:\Windows\System\eSnJtWe.exe
  2⤵
  PID:5280
- C:\Windows\System\kYWsvOI.exe
  C:\Windows\System\kYWsvOI.exe
  2⤵
  PID:5352
- C:\Windows\System\SpjQnAT.exe
  C:\Windows\System\SpjQnAT.exe
  2⤵
  PID:5392
- C:\Windows\System\SXFhVOB.exe
  C:\Windows\System\SXFhVOB.exe
  2⤵
  PID:5452
- C:\Windows\System\gIViUpX.exe
  C:\Windows\System\gIViUpX.exe
  2⤵
  PID:5436
- C:\Windows\System\HGwgmUm.exe
  C:\Windows\System\HGwgmUm.exe
  2⤵
  PID:5520
- C:\Windows\System\TMDaozX.exe
  C:\Windows\System\TMDaozX.exe
  2⤵
  PID:5576
- C:\Windows\System\UDhEtns.exe
  C:\Windows\System\UDhEtns.exe
  2⤵
  PID:5560
- C:\Windows\System\EBlfAOd.exe
  C:\Windows\System\EBlfAOd.exe
  2⤵
  PID:5660
- C:\Windows\System\pFPvrsJ.exe
  C:\Windows\System\pFPvrsJ.exe
  2⤵
  PID:5640
- C:\Windows\System\nUYIPvx.exe
  C:\Windows\System\nUYIPvx.exe
  2⤵
  PID:5704
- C:\Windows\System\YbRnblt.exe
  C:\Windows\System\YbRnblt.exe
  2⤵
  PID:5736
- C:\Windows\System\vwedolM.exe
  C:\Windows\System\vwedolM.exe
  2⤵
  PID:5724
- C:\Windows\System\ozDCjku.exe
  C:\Windows\System\ozDCjku.exe
  2⤵
  PID:5820
- C:\Windows\System\HJNRSMi.exe
  C:\Windows\System\HJNRSMi.exe
  2⤵
  PID:5856
- C:\Windows\System\wxdaMwV.exe
  C:\Windows\System\wxdaMwV.exe
  2⤵
  PID:5892
- C:\Windows\System\uAGFQnY.exe
  C:\Windows\System\uAGFQnY.exe
  2⤵
  PID:5800
- C:\Windows\System\yokDRJz.exe
  C:\Windows\System\yokDRJz.exe
  2⤵
  PID:5792
- C:\Windows\System\VtJGWbi.exe
  C:\Windows\System\VtJGWbi.exe
  2⤵
  PID:5976
- C:\Windows\System\iOcouqD.exe
  C:\Windows\System\iOcouqD.exe
  2⤵
  PID:6052
- C:\Windows\System\thTKTIe.exe
  C:\Windows\System\thTKTIe.exe
  2⤵
  PID:5956
- C:\Windows\System\zQFGfgz.exe
  C:\Windows\System\zQFGfgz.exe
  2⤵
  PID:2392
- C:\Windows\System\bHKOsqK.exe
  C:\Windows\System\bHKOsqK.exe
  2⤵
  PID:6000
- C:\Windows\System\pvjzOLw.exe
  C:\Windows\System\pvjzOLw.exe
  2⤵
  PID:4840
- C:\Windows\System\bvtbQuV.exe
  C:\Windows\System\bvtbQuV.exe
  2⤵
  PID:5000
- C:\Windows\System\LQUoJWV.exe
  C:\Windows\System\LQUoJWV.exe
  2⤵
  PID:6140
- C:\Windows\System\GByhTGq.exe
  C:\Windows\System\GByhTGq.exe
  2⤵
  PID:6072
- C:\Windows\System\saIivYC.exe
  C:\Windows\System\saIivYC.exe
  2⤵
  PID:5132
- C:\Windows\System\UMyKlxp.exe
  C:\Windows\System\UMyKlxp.exe
  2⤵
  PID:5256
- C:\Windows\System\qgKdqTJ.exe
  C:\Windows\System\qgKdqTJ.exe
  2⤵
  PID:4316
- C:\Windows\System\BCQldgs.exe
  C:\Windows\System\BCQldgs.exe
  2⤵
  PID:5356
- C:\Windows\System\idpbgaw.exe
  C:\Windows\System\idpbgaw.exe
  2⤵
  PID:4680
- C:\Windows\System\IsSyMsS.exe
  C:\Windows\System\IsSyMsS.exe
  2⤵
  PID:5572
- C:\Windows\System\psDaupy.exe
  C:\Windows\System\psDaupy.exe
  2⤵
  PID:4736
- C:\Windows\System\InVbfly.exe
  C:\Windows\System\InVbfly.exe
  2⤵
  PID:5328
- C:\Windows\System\aWzgkXN.exe
  C:\Windows\System\aWzgkXN.exe
  2⤵
  PID:5396
- C:\Windows\System\SnnrfQE.exe
  C:\Windows\System\SnnrfQE.exe
  2⤵
  PID:5196
- C:\Windows\System\HelgeWY.exe
  C:\Windows\System\HelgeWY.exe
  2⤵
  PID:5716
- C:\Windows\System\lJTvGvr.exe
  C:\Windows\System\lJTvGvr.exe
  2⤵
  PID:5476
- C:\Windows\System\guybgcK.exe
  C:\Windows\System\guybgcK.exe
  2⤵
  PID:5540
- C:\Windows\System\vzkckOP.exe
  C:\Windows\System\vzkckOP.exe
  2⤵
  PID:5552
- C:\Windows\System\GDtxZQu.exe
  C:\Windows\System\GDtxZQu.exe
  2⤵
  PID:5812
- C:\Windows\System\VATWTnZ.exe
  C:\Windows\System\VATWTnZ.exe
  2⤵
  PID:2588
- C:\Windows\System\cmaIurC.exe
  C:\Windows\System\cmaIurC.exe
  2⤵
  PID:6084
- C:\Windows\System\pTqdCBU.exe
  C:\Windows\System\pTqdCBU.exe
  2⤵
  PID:5936
- C:\Windows\System\HaKMhhl.exe
  C:\Windows\System\HaKMhhl.exe
  2⤵
  PID:5760
- C:\Windows\System\dwumAdV.exe
  C:\Windows\System\dwumAdV.exe
  2⤵
  PID:6048
- C:\Windows\System\ujNkbwx.exe
  C:\Windows\System\ujNkbwx.exe
  2⤵
  PID:4772
- C:\Windows\System\UFXPxlp.exe
  C:\Windows\System\UFXPxlp.exe
  2⤵
  PID:6104
- C:\Windows\System\dtOMzVc.exe
  C:\Windows\System\dtOMzVc.exe
  2⤵
  PID:4484
- C:\Windows\System\nQkhBut.exe
  C:\Windows\System\nQkhBut.exe
  2⤵
  PID:5136
- C:\Windows\System\rEikjKW.exe
  C:\Windows\System\rEikjKW.exe
  2⤵
  PID:4724
- C:\Windows\System\MYCNNAv.exe
  C:\Windows\System\MYCNNAv.exe
  2⤵
  PID:4204
- C:\Windows\System\CQgGbmv.exe
  C:\Windows\System\CQgGbmv.exe
  2⤵
  PID:4996
- C:\Windows\System\oLIvnUQ.exe
  C:\Windows\System\oLIvnUQ.exe
  2⤵
  PID:5604
- C:\Windows\System\vRDUgAf.exe
  C:\Windows\System\vRDUgAf.exe
  2⤵
  PID:5296
- C:\Windows\System\IdppciH.exe
  C:\Windows\System\IdppciH.exe
  2⤵
  PID:5676
- C:\Windows\System\PkkkYiL.exe
  C:\Windows\System\PkkkYiL.exe
  2⤵
  PID:5796
- C:\Windows\System\jScXWWY.exe
  C:\Windows\System\jScXWWY.exe
  2⤵
  PID:5848
- C:\Windows\System\imNmeQr.exe
  C:\Windows\System\imNmeQr.exe
  2⤵
  PID:5636
- C:\Windows\System\PzAqqQi.exe
  C:\Windows\System\PzAqqQi.exe
  2⤵
  PID:5980
- C:\Windows\System\LZTxAGi.exe
  C:\Windows\System\LZTxAGi.exe
  2⤵
  PID:5680
- C:\Windows\System\hdSzPAj.exe
  C:\Windows\System\hdSzPAj.exe
  2⤵
  PID:2608
- C:\Windows\System\HqidEuE.exe
  C:\Windows\System\HqidEuE.exe
  2⤵
  PID:6128
- C:\Windows\System\IizOsBS.exe
  C:\Windows\System\IizOsBS.exe
  2⤵
  PID:6112
- C:\Windows\System\yKYYPJl.exe
  C:\Windows\System\yKYYPJl.exe
  2⤵
  PID:5248
- C:\Windows\System\eugKHtw.exe
  C:\Windows\System\eugKHtw.exe
  2⤵
  PID:5456
- C:\Windows\System\SMKyuzt.exe
  C:\Windows\System\SMKyuzt.exe
  2⤵
  PID:5376
- C:\Windows\System\LtgHIOL.exe
  C:\Windows\System\LtgHIOL.exe
  2⤵
  PID:5412
- C:\Windows\System\rddrKzx.exe
  C:\Windows\System\rddrKzx.exe
  2⤵
  PID:6152
- C:\Windows\System\QGhvsfY.exe
  C:\Windows\System\QGhvsfY.exe
  2⤵
  PID:6172
- C:\Windows\System\fUcFxlT.exe
  C:\Windows\System\fUcFxlT.exe
  2⤵
  PID:6188
- C:\Windows\System\TpqFBLe.exe
  C:\Windows\System\TpqFBLe.exe
  2⤵
  PID:6208
- C:\Windows\System\MaLOZsn.exe
  C:\Windows\System\MaLOZsn.exe
  2⤵
  PID:6224
- C:\Windows\System\jIHAdcv.exe
  C:\Windows\System\jIHAdcv.exe
  2⤵
  PID:6240
- C:\Windows\System\NTVkSKv.exe
  C:\Windows\System\NTVkSKv.exe
  2⤵
  PID:6264
- C:\Windows\System\qOTtTky.exe
  C:\Windows\System\qOTtTky.exe
  2⤵
  PID:6284
- C:\Windows\System\NnzMwlr.exe
  C:\Windows\System\NnzMwlr.exe
  2⤵
  PID:6304
- C:\Windows\System\COcpaQI.exe
  C:\Windows\System\COcpaQI.exe
  2⤵
  PID:6320
- C:\Windows\System\QJnfNZB.exe
  C:\Windows\System\QJnfNZB.exe
  2⤵
  PID:6336
- C:\Windows\System\ukxedQV.exe
  C:\Windows\System\ukxedQV.exe
  2⤵
  PID:6356
- C:\Windows\System\amRfBax.exe
  C:\Windows\System\amRfBax.exe
  2⤵
  PID:6372
- C:\Windows\System\FKCfpEp.exe
  C:\Windows\System\FKCfpEp.exe
  2⤵
  PID:6392
- C:\Windows\System\rGzQSjr.exe
  C:\Windows\System\rGzQSjr.exe
  2⤵
  PID:6416
- C:\Windows\System\YdGXGOI.exe
  C:\Windows\System\YdGXGOI.exe
  2⤵
  PID:6436
- C:\Windows\System\uJuvMWH.exe
  C:\Windows\System\uJuvMWH.exe
  2⤵
  PID:6464
- C:\Windows\System\ATxUMUv.exe
  C:\Windows\System\ATxUMUv.exe
  2⤵
  PID:6492
- C:\Windows\System\CwEfaTe.exe
  C:\Windows\System\CwEfaTe.exe
  2⤵
  PID:6508
- C:\Windows\System\NVOiwds.exe
  C:\Windows\System\NVOiwds.exe
  2⤵
  PID:6528
- C:\Windows\System\gNliDiQ.exe
  C:\Windows\System\gNliDiQ.exe
  2⤵
  PID:6548
- C:\Windows\System\FMpSuNa.exe
  C:\Windows\System\FMpSuNa.exe
  2⤵
  PID:6568
- C:\Windows\System\nXWajaV.exe
  C:\Windows\System\nXWajaV.exe
  2⤵
  PID:6588
- C:\Windows\System\JzdfvOX.exe
  C:\Windows\System\JzdfvOX.exe
  2⤵
  PID:6608
- C:\Windows\System\pKJpBGb.exe
  C:\Windows\System\pKJpBGb.exe
  2⤵
  PID:6628
- C:\Windows\System\zNnJetA.exe
  C:\Windows\System\zNnJetA.exe
  2⤵
  PID:6652
- C:\Windows\System\waRhSpl.exe
  C:\Windows\System\waRhSpl.exe
  2⤵
  PID:6672
- C:\Windows\System\pzFRMXD.exe
  C:\Windows\System\pzFRMXD.exe
  2⤵
  PID:6692
- C:\Windows\System\KJtjeUH.exe
  C:\Windows\System\KJtjeUH.exe
  2⤵
  PID:6712
- C:\Windows\System\allmrFK.exe
  C:\Windows\System\allmrFK.exe
  2⤵
  PID:6728
- C:\Windows\System\iMWxyuE.exe
  C:\Windows\System\iMWxyuE.exe
  2⤵
  PID:6748
- C:\Windows\System\jNYRiAn.exe
  C:\Windows\System\jNYRiAn.exe
  2⤵
  PID:6772
- C:\Windows\System\DcqNriM.exe
  C:\Windows\System\DcqNriM.exe
  2⤵
  PID:6788
- C:\Windows\System\VWglLml.exe
  C:\Windows\System\VWglLml.exe
  2⤵
  PID:6808
- C:\Windows\System\LyClBjq.exe
  C:\Windows\System\LyClBjq.exe
  2⤵
  PID:6828
- C:\Windows\System\vYPJAdi.exe
  C:\Windows\System\vYPJAdi.exe
  2⤵
  PID:6844
- C:\Windows\System\qyLkWhK.exe
  C:\Windows\System\qyLkWhK.exe
  2⤵
  PID:6860
- C:\Windows\System\hIrgJNc.exe
  C:\Windows\System\hIrgJNc.exe
  2⤵
  PID:6884
- C:\Windows\System\IVlOtUE.exe
  C:\Windows\System\IVlOtUE.exe
  2⤵
  PID:6900
- C:\Windows\System\coYoRJr.exe
  C:\Windows\System\coYoRJr.exe
  2⤵
  PID:6924
- C:\Windows\System\aUkKmxO.exe
  C:\Windows\System\aUkKmxO.exe
  2⤵
  PID:6940
- C:\Windows\System\seXVOxW.exe
  C:\Windows\System\seXVOxW.exe
  2⤵
  PID:6956
- C:\Windows\System\nwqNEkZ.exe
  C:\Windows\System\nwqNEkZ.exe
  2⤵
  PID:6972
- C:\Windows\System\QkOWWpv.exe
  C:\Windows\System\QkOWWpv.exe
  2⤵
  PID:6988
- C:\Windows\System\lXShMGP.exe
  C:\Windows\System\lXShMGP.exe
  2⤵
  PID:7004
- C:\Windows\System\dGwbrGk.exe
  C:\Windows\System\dGwbrGk.exe
  2⤵
  PID:7020
- C:\Windows\System\VVzLONC.exe
  C:\Windows\System\VVzLONC.exe
  2⤵
  PID:7036
- C:\Windows\System\SqUNvJB.exe
  C:\Windows\System\SqUNvJB.exe
  2⤵
  PID:7052
- C:\Windows\System\dxxVZVR.exe
  C:\Windows\System\dxxVZVR.exe
  2⤵
  PID:7068
- C:\Windows\System\wKaqTid.exe
  C:\Windows\System\wKaqTid.exe
  2⤵
  PID:7084
- C:\Windows\System\DqkLBEP.exe
  C:\Windows\System\DqkLBEP.exe
  2⤵
  PID:7100
- C:\Windows\System\LkQbuuw.exe
  C:\Windows\System\LkQbuuw.exe
  2⤵
  PID:7116
- C:\Windows\System\pNnpNsQ.exe
  C:\Windows\System\pNnpNsQ.exe
  2⤵
  PID:7136
- C:\Windows\System\uVXLqXt.exe
  C:\Windows\System\uVXLqXt.exe
  2⤵
  PID:7152
- C:\Windows\System\EdLjvim.exe
  C:\Windows\System\EdLjvim.exe
  2⤵
  PID:6088
- C:\Windows\System\YuINlKR.exe
  C:\Windows\System\YuINlKR.exe
  2⤵
  PID:5860
- C:\Windows\System\EYEhlYD.exe
  C:\Windows\System\EYEhlYD.exe
  2⤵
  PID:2948
- C:\Windows\System\MNiPajD.exe
  C:\Windows\System\MNiPajD.exe
  2⤵
  PID:5832
- C:\Windows\System\fRoLqMN.exe
  C:\Windows\System\fRoLqMN.exe
  2⤵
  PID:5232
- C:\Windows\System\wvCGTts.exe
  C:\Windows\System\wvCGTts.exe
  2⤵
  PID:5600
- C:\Windows\System\RZBHjpM.exe
  C:\Windows\System\RZBHjpM.exe
  2⤵
  PID:6160
- C:\Windows\System\rWSRhbr.exe
  C:\Windows\System\rWSRhbr.exe
  2⤵
  PID:6236
- C:\Windows\System\PCTGykH.exe
  C:\Windows\System\PCTGykH.exe
  2⤵
  PID:2544
- C:\Windows\System\iwUBeZN.exe
  C:\Windows\System\iwUBeZN.exe
  2⤵
  PID:5996
- C:\Windows\System\HrsWTAP.exe
  C:\Windows\System\HrsWTAP.exe
  2⤵
  PID:6344
- C:\Windows\System\oaWnxSP.exe
  C:\Windows\System\oaWnxSP.exe
  2⤵
  PID:6368
- C:\Windows\System\joBxkVB.exe
  C:\Windows\System\joBxkVB.exe
  2⤵
  PID:1252
- C:\Windows\System\QUqynwA.exe
  C:\Windows\System\QUqynwA.exe
  2⤵
  PID:6484
- C:\Windows\System\teFUXLf.exe
  C:\Windows\System\teFUXLf.exe
  2⤵
  PID:6564
- C:\Windows\System\owMzsWw.exe
  C:\Windows\System\owMzsWw.exe
  2⤵
  PID:6560
- C:\Windows\System\wBzHFLp.exe
  C:\Windows\System\wBzHFLp.exe
  2⤵
  PID:6596
- C:\Windows\System\uDGSXhD.exe
  C:\Windows\System\uDGSXhD.exe
  2⤵
  PID:6584
- C:\Windows\System\CDhbcEP.exe
  C:\Windows\System\CDhbcEP.exe
  2⤵
  PID:6644
- C:\Windows\System\bNKfpOQ.exe
  C:\Windows\System\bNKfpOQ.exe
  2⤵
  PID:6680
- C:\Windows\System\kcaEpgl.exe
  C:\Windows\System\kcaEpgl.exe
  2⤵
  PID:2364
- C:\Windows\System\NmrSxcw.exe
  C:\Windows\System\NmrSxcw.exe
  2⤵
  PID:6764
- C:\Windows\System\MjJWaON.exe
  C:\Windows\System\MjJWaON.exe
  2⤵
  PID:6804
- C:\Windows\System\xqBtiHA.exe
  C:\Windows\System\xqBtiHA.exe
  2⤵
  PID:6868
- C:\Windows\System\OoGGeQl.exe
  C:\Windows\System\OoGGeQl.exe
  2⤵
  PID:6908
- C:\Windows\System\UVqoPZa.exe
  C:\Windows\System\UVqoPZa.exe
  2⤵
  PID:6920
- C:\Windows\System\emvVbmf.exe
  C:\Windows\System\emvVbmf.exe
  2⤵
  PID:6820
- C:\Windows\System\QJWFUCx.exe
  C:\Windows\System\QJWFUCx.exe
  2⤵
  PID:6980
- C:\Windows\System\etSEoIk.exe
  C:\Windows\System\etSEoIk.exe
  2⤵
  PID:5700
- C:\Windows\System\mBCrHLs.exe
  C:\Windows\System\mBCrHLs.exe
  2⤵
  PID:1632
- C:\Windows\System\SkaWVxX.exe
  C:\Windows\System\SkaWVxX.exe
  2⤵
  PID:6200
- C:\Windows\System\VPgMzTl.exe
  C:\Windows\System\VPgMzTl.exe
  2⤵
  PID:6704
- C:\Windows\System\RRgxELR.exe
  C:\Windows\System\RRgxELR.exe
  2⤵
  PID:2680
- C:\Windows\System\iWhobUg.exe
  C:\Windows\System\iWhobUg.exe
  2⤵
  PID:1600
- C:\Windows\System\QEQRlDQ.exe
  C:\Windows\System\QEQRlDQ.exe
  2⤵
  PID:6784
- C:\Windows\System\Dattcau.exe
  C:\Windows\System\Dattcau.exe
  2⤵
  PID:6892
- C:\Windows\System\KzrUPXq.exe
  C:\Windows\System\KzrUPXq.exe
  2⤵
  PID:6964
- C:\Windows\System\gHMWbyJ.exe
  C:\Windows\System\gHMWbyJ.exe
  2⤵
  PID:7028
- C:\Windows\System\ZHdzFLK.exe
  C:\Windows\System\ZHdzFLK.exe
  2⤵
  PID:7128
- C:\Windows\System\QwFJELV.exe
  C:\Windows\System\QwFJELV.exe
  2⤵
  PID:6124
- C:\Windows\System\gnJwFFQ.exe
  C:\Windows\System\gnJwFFQ.exe
  2⤵
  PID:6036
- C:\Windows\System\EXbnjOJ.exe
  C:\Windows\System\EXbnjOJ.exe
  2⤵
  PID:2724
- C:\Windows\System\zCFnWLI.exe
  C:\Windows\System\zCFnWLI.exe
  2⤵
  PID:6180
- C:\Windows\System\nZVWAlh.exe
  C:\Windows\System\nZVWAlh.exe
  2⤵
  PID:6424
- C:\Windows\System\Lxkkpna.exe
  C:\Windows\System\Lxkkpna.exe
  2⤵
  PID:6260
- C:\Windows\System\NnsRLfb.exe
  C:\Windows\System\NnsRLfb.exe
  2⤵
  PID:6428
- C:\Windows\System\EOHhCio.exe
  C:\Windows\System\EOHhCio.exe
  2⤵
  PID:2016
- C:\Windows\System\WngqqgL.exe
  C:\Windows\System\WngqqgL.exe
  2⤵
  PID:1164
- C:\Windows\System\iuzKRZz.exe
  C:\Windows\System\iuzKRZz.exe
  2⤵
  PID:1468
- C:\Windows\System\UuoITiW.exe
  C:\Windows\System\UuoITiW.exe
  2⤵
  PID:1048
- C:\Windows\System\ZxEmFem.exe
  C:\Windows\System\ZxEmFem.exe
  2⤵
  PID:2436
- C:\Windows\System\iefbQSg.exe
  C:\Windows\System\iefbQSg.exe
  2⤵
  PID:1312
- C:\Windows\System\ZFDrbqg.exe
  C:\Windows\System\ZFDrbqg.exe
  2⤵
  PID:6916
- C:\Windows\System\ihLrOhj.exe
  C:\Windows\System\ihLrOhj.exe
  2⤵
  PID:6480
- C:\Windows\System\iSaBoGr.exe
  C:\Windows\System\iSaBoGr.exe
  2⤵
  PID:6620
- C:\Windows\System\YtZeTIu.exe
  C:\Windows\System\YtZeTIu.exe
  2⤵
  PID:2104
- C:\Windows\System\REHtYEu.exe
  C:\Windows\System\REHtYEu.exe
  2⤵
  PID:2072
- C:\Windows\System\HQLqaXO.exe
  C:\Windows\System\HQLqaXO.exe
  2⤵
  PID:6952
- C:\Windows\System\wyjlGyb.exe
  C:\Windows\System\wyjlGyb.exe
  2⤵
  PID:6796
- C:\Windows\System\vjXlnPH.exe
  C:\Windows\System\vjXlnPH.exe
  2⤵
  PID:6640
- C:\Windows\System\MLqiDSC.exe
  C:\Windows\System\MLqiDSC.exe
  2⤵
  PID:6668
- C:\Windows\System\BBBIwrH.exe
  C:\Windows\System\BBBIwrH.exe
  2⤵
  PID:7048
- C:\Windows\System\pZNlpcu.exe
  C:\Windows\System\pZNlpcu.exe
  2⤵
  PID:6856
- C:\Windows\System\KngjtdO.exe
  C:\Windows\System\KngjtdO.exe
  2⤵
  PID:2820
- C:\Windows\System\JnobnXi.exe
  C:\Windows\System\JnobnXi.exe
  2⤵
  PID:7144
- C:\Windows\System\BoxdJNz.exe
  C:\Windows\System\BoxdJNz.exe
  2⤵
  PID:6164
- C:\Windows\System\FgahIAA.exe
  C:\Windows\System\FgahIAA.exe
  2⤵
  PID:6148
- C:\Windows\System\haaeqeb.exe
  C:\Windows\System\haaeqeb.exe
  2⤵
  PID:6408
- C:\Windows\System\jQciRVk.exe
  C:\Windows\System\jQciRVk.exe
  2⤵
  PID:704
- C:\Windows\System\SeUlrsi.exe
  C:\Windows\System\SeUlrsi.exe
  2⤵
  PID:6404
- C:\Windows\System\fDBxqoL.exe
  C:\Windows\System\fDBxqoL.exe
  2⤵
  PID:2236
- C:\Windows\System\DqOROMK.exe
  C:\Windows\System\DqOROMK.exe
  2⤵
  PID:1992
- C:\Windows\System\uLDJHVZ.exe
  C:\Windows\System\uLDJHVZ.exe
  2⤵
  PID:6624
- C:\Windows\System\mYVriOj.exe
  C:\Windows\System\mYVriOj.exe
  2⤵
  PID:6736
- C:\Windows\System\nlnPMvU.exe
  C:\Windows\System\nlnPMvU.exe
  2⤵
  PID:7012
- C:\Windows\System\tHdtGof.exe
  C:\Windows\System\tHdtGof.exe
  2⤵
  PID:7160
- C:\Windows\System\KLrvUWW.exe
  C:\Windows\System\KLrvUWW.exe
  2⤵
  PID:3036
- C:\Windows\System\ckWpxkj.exe
  C:\Windows\System\ckWpxkj.exe
  2⤵
  PID:2512
- C:\Windows\System\lODZOCT.exe
  C:\Windows\System\lODZOCT.exe
  2⤵
  PID:6524
- C:\Windows\System\ILhESak.exe
  C:\Windows\System\ILhESak.exe
  2⤵
  PID:6556
- C:\Windows\System\Rhlplrx.exe
  C:\Windows\System\Rhlplrx.exe
  2⤵
  PID:6880
- C:\Windows\System\HMWoBEb.exe
  C:\Windows\System\HMWoBEb.exe
  2⤵
  PID:6708
- C:\Windows\System\XrvGCYb.exe
  C:\Windows\System\XrvGCYb.exe
  2⤵
  PID:7080
- C:\Windows\System\mqsphYA.exe
  C:\Windows\System\mqsphYA.exe
  2⤵
  PID:6432
- C:\Windows\System\knWavxT.exe
  C:\Windows\System\knWavxT.exe
  2⤵
  PID:5632
- C:\Windows\System\SJUQukQ.exe
  C:\Windows\System\SJUQukQ.exe
  2⤵
  PID:6448
- C:\Windows\System\BQIDrKC.exe
  C:\Windows\System\BQIDrKC.exe
  2⤵
  PID:7096
- C:\Windows\System\KmEwBoh.exe
  C:\Windows\System\KmEwBoh.exe
  2⤵
  PID:6760
- C:\Windows\System\bInwvEo.exe
  C:\Windows\System\bInwvEo.exe
  2⤵
  PID:2136
- C:\Windows\System\zAERWeH.exe
  C:\Windows\System\zAERWeH.exe
  2⤵
  PID:2360
- C:\Windows\System\dLqnNci.exe
  C:\Windows\System\dLqnNci.exe
  2⤵
  PID:2700
- C:\Windows\System\aZrRoHI.exe
  C:\Windows\System\aZrRoHI.exe
  2⤵
  PID:5904
- C:\Windows\System\zGtFkel.exe
  C:\Windows\System\zGtFkel.exe
  2⤵
  PID:7000
- C:\Windows\System\NnRXbZV.exe
  C:\Windows\System\NnRXbZV.exe
  2⤵
  PID:1540
- C:\Windows\System\LwhSEnQ.exe
  C:\Windows\System\LwhSEnQ.exe
  2⤵
  PID:7176
- C:\Windows\System\BhxLTSn.exe
  C:\Windows\System\BhxLTSn.exe
  2⤵
  PID:7192
- C:\Windows\System\YlkOMZS.exe
  C:\Windows\System\YlkOMZS.exe
  2⤵
  PID:7228
- C:\Windows\System\PISuZgL.exe
  C:\Windows\System\PISuZgL.exe
  2⤵
  PID:7244
- C:\Windows\System\LBVVMOo.exe
  C:\Windows\System\LBVVMOo.exe
  2⤵
  PID:7260
- C:\Windows\System\KcmnyOl.exe
  C:\Windows\System\KcmnyOl.exe
  2⤵
  PID:7276
- C:\Windows\System\bEBXBqp.exe
  C:\Windows\System\bEBXBqp.exe
  2⤵
  PID:7296
- C:\Windows\System\JVOeDlg.exe
  C:\Windows\System\JVOeDlg.exe
  2⤵
  PID:7336
- C:\Windows\System\REtKdKC.exe
  C:\Windows\System\REtKdKC.exe
  2⤵
  PID:7356
- C:\Windows\System\XeflTmL.exe
  C:\Windows\System\XeflTmL.exe
  2⤵
  PID:7372
- C:\Windows\System\lAyOsjS.exe
  C:\Windows\System\lAyOsjS.exe
  2⤵
  PID:7392
- C:\Windows\System\iIKFPNn.exe
  C:\Windows\System\iIKFPNn.exe
  2⤵
  PID:7420
- C:\Windows\System\jzVxzqv.exe
  C:\Windows\System\jzVxzqv.exe
  2⤵
  PID:7440
- C:\Windows\System\ExwWRHl.exe
  C:\Windows\System\ExwWRHl.exe
  2⤵
  PID:7456
- C:\Windows\System\qRaACNo.exe
  C:\Windows\System\qRaACNo.exe
  2⤵
  PID:7480
- C:\Windows\System\lAhMvtY.exe
  C:\Windows\System\lAhMvtY.exe
  2⤵
  PID:7496
- C:\Windows\System\MTnFXmD.exe
  C:\Windows\System\MTnFXmD.exe
  2⤵
  PID:7512
- C:\Windows\System\LObVxQx.exe
  C:\Windows\System\LObVxQx.exe
  2⤵
  PID:7532
- C:\Windows\System\WIgZcpX.exe
  C:\Windows\System\WIgZcpX.exe
  2⤵
  PID:7548
- C:\Windows\System\RXQcqxD.exe
  C:\Windows\System\RXQcqxD.exe
  2⤵
  PID:7564
- C:\Windows\System\ETRpCpp.exe
  C:\Windows\System\ETRpCpp.exe
  2⤵
  PID:7580
- C:\Windows\System\uAWYRSX.exe
  C:\Windows\System\uAWYRSX.exe
  2⤵
  PID:7608
- C:\Windows\System\bueCcBO.exe
  C:\Windows\System\bueCcBO.exe
  2⤵
  PID:7624
- C:\Windows\System\tXUODRD.exe
  C:\Windows\System\tXUODRD.exe
  2⤵
  PID:7648
- C:\Windows\System\RKEERqp.exe
  C:\Windows\System\RKEERqp.exe
  2⤵
  PID:7664
- C:\Windows\System\uKXdlbT.exe
  C:\Windows\System\uKXdlbT.exe
  2⤵
  PID:7680
- C:\Windows\System\DEmGzaY.exe
  C:\Windows\System\DEmGzaY.exe
  2⤵
  PID:7696
- C:\Windows\System\klKUkXL.exe
  C:\Windows\System\klKUkXL.exe
  2⤵
  PID:7732
- C:\Windows\System\YOnucZH.exe
  C:\Windows\System\YOnucZH.exe
  2⤵
  PID:7748
- C:\Windows\System\gJbanFn.exe
  C:\Windows\System\gJbanFn.exe
  2⤵
  PID:7764
- C:\Windows\System\MjqegZN.exe
  C:\Windows\System\MjqegZN.exe
  2⤵
  PID:7784
- C:\Windows\System\BDqPdbv.exe
  C:\Windows\System\BDqPdbv.exe
  2⤵
  PID:7800
- C:\Windows\System\KSyoCBt.exe
  C:\Windows\System\KSyoCBt.exe
  2⤵
  PID:7820
- C:\Windows\System\upZoZVt.exe
  C:\Windows\System\upZoZVt.exe
  2⤵
  PID:7836
- C:\Windows\System\jaQyvoU.exe
  C:\Windows\System\jaQyvoU.exe
  2⤵
  PID:7852
- C:\Windows\System\COSNMtF.exe
  C:\Windows\System\COSNMtF.exe
  2⤵
  PID:7868
- C:\Windows\System\SfxiGhU.exe
  C:\Windows\System\SfxiGhU.exe
  2⤵
  PID:7884
- C:\Windows\System\BZlnKwd.exe
  C:\Windows\System\BZlnKwd.exe
  2⤵
  PID:7900
- C:\Windows\System\rjRqLKg.exe
  C:\Windows\System\rjRqLKg.exe
  2⤵
  PID:7916
- C:\Windows\System\aDKiPyG.exe
  C:\Windows\System\aDKiPyG.exe
  2⤵
  PID:7932
- C:\Windows\System\zSxpGeI.exe
  C:\Windows\System\zSxpGeI.exe
  2⤵
  PID:7948
- C:\Windows\System\UGqVYFY.exe
  C:\Windows\System\UGqVYFY.exe
  2⤵
  PID:7968
- C:\Windows\System\AwaeIdt.exe
  C:\Windows\System\AwaeIdt.exe
  2⤵
  PID:7984
- C:\Windows\System\BvTmZwA.exe
  C:\Windows\System\BvTmZwA.exe
  2⤵
  PID:8000
- C:\Windows\System\oaYfaHB.exe
  C:\Windows\System\oaYfaHB.exe
  2⤵
  PID:8016
- C:\Windows\System\MiAKzPA.exe
  C:\Windows\System\MiAKzPA.exe
  2⤵
  PID:8032
- C:\Windows\System\ualJXZm.exe
  C:\Windows\System\ualJXZm.exe
  2⤵
  PID:8052
- C:\Windows\System\hFsDjAj.exe
  C:\Windows\System\hFsDjAj.exe
  2⤵
  PID:8068
- C:\Windows\System\ulRENkt.exe
  C:\Windows\System\ulRENkt.exe
  2⤵
  PID:8084
- C:\Windows\System\hGIxeLQ.exe
  C:\Windows\System\hGIxeLQ.exe
  2⤵
  PID:8100
- C:\Windows\System\cCedMXC.exe
  C:\Windows\System\cCedMXC.exe
  2⤵
  PID:8116
- C:\Windows\System\HJnSqES.exe
  C:\Windows\System\HJnSqES.exe
  2⤵
  PID:8136
- C:\Windows\System\QyCiKOB.exe
  C:\Windows\System\QyCiKOB.exe
  2⤵
  PID:8160
- C:\Windows\System\bMAAxiy.exe
  C:\Windows\System\bMAAxiy.exe
  2⤵
  PID:8176
- C:\Windows\System\ItPBnzx.exe
  C:\Windows\System\ItPBnzx.exe
  2⤵
  PID:2716
- C:\Windows\System\ITAFawp.exe
  C:\Windows\System\ITAFawp.exe
  2⤵
  PID:1700
- C:\Windows\System\rgevIlg.exe
  C:\Windows\System\rgevIlg.exe
  2⤵
  PID:7236
- C:\Windows\System\yaVMWyq.exe
  C:\Windows\System\yaVMWyq.exe
  2⤵
  PID:7272
- C:\Windows\System\OJATABA.exe
  C:\Windows\System\OJATABA.exe
  2⤵
  PID:7320
- C:\Windows\System\TviDfRL.exe
  C:\Windows\System\TviDfRL.exe
  2⤵
  PID:7364
- C:\Windows\System\obaiFQl.exe
  C:\Windows\System\obaiFQl.exe
  2⤵
  PID:2888
- C:\Windows\System\KOacYkk.exe
  C:\Windows\System\KOacYkk.exe
  2⤵
  PID:6800
- C:\Windows\System\ceBrqCp.exe
  C:\Windows\System\ceBrqCp.exe
  2⤵
  PID:6936
- C:\Windows\System\xSAtTvI.exe
  C:\Windows\System\xSAtTvI.exe
  2⤵
  PID:7288
- C:\Windows\System\qSgoTRm.exe
  C:\Windows\System\qSgoTRm.exe
  2⤵
  PID:7208
- C:\Windows\System\VHDagrE.exe
  C:\Windows\System\VHDagrE.exe
  2⤵
  PID:7348
- C:\Windows\System\qPgmBCc.exe
  C:\Windows\System\qPgmBCc.exe
  2⤵
  PID:7220
- C:\Windows\System\wqBVhNj.exe
  C:\Windows\System\wqBVhNj.exe
  2⤵
  PID:1484
- C:\Windows\System\WGzLUar.exe
  C:\Windows\System\WGzLUar.exe
  2⤵
  PID:6744
- C:\Windows\System\WfiTjeh.exe
  C:\Windows\System\WfiTjeh.exe
  2⤵
  PID:2084
- C:\Windows\System\iEMHmKI.exe
  C:\Windows\System\iEMHmKI.exe
  2⤵
  PID:7412
- C:\Windows\System\pQbxaEo.exe
  C:\Windows\System\pQbxaEo.exe
  2⤵
  PID:7452
- C:\Windows\System\MtkcJZs.exe
  C:\Windows\System\MtkcJZs.exe
  2⤵
  PID:6328
- C:\Windows\System\KXSqxmU.exe
  C:\Windows\System\KXSqxmU.exe
  2⤵
  PID:6476
- C:\Windows\System\zHTTTxQ.exe
  C:\Windows\System\zHTTTxQ.exe
  2⤵
  PID:7436
- C:\Windows\System\TxnBYWA.exe
  C:\Windows\System\TxnBYWA.exe
  2⤵
  PID:7492
- C:\Windows\System\AkSRzTh.exe
  C:\Windows\System\AkSRzTh.exe
  2⤵
  PID:7524
- C:\Windows\System\jKyYCFC.exe
  C:\Windows\System\jKyYCFC.exe
  2⤵
  PID:7560
- C:\Windows\System\SYVIOdu.exe
  C:\Windows\System\SYVIOdu.exe
  2⤵
  PID:7600
- C:\Windows\System\LXeVbnT.exe
  C:\Windows\System\LXeVbnT.exe
  2⤵
  PID:7712
- C:\Windows\System\enpTkuf.exe
  C:\Windows\System\enpTkuf.exe
  2⤵
  PID:7576
- C:\Windows\System\kVWMSaC.exe
  C:\Windows\System\kVWMSaC.exe
  2⤵
  PID:7644
- C:\Windows\System\kcdnMNw.exe
  C:\Windows\System\kcdnMNw.exe
  2⤵
  PID:7720
- C:\Windows\System\RbKIEKA.exe
  C:\Windows\System\RbKIEKA.exe
  2⤵
  PID:7792
- C:\Windows\System\jXvKFOz.exe
  C:\Windows\System\jXvKFOz.exe
  2⤵
  PID:7832
- C:\Windows\System\YTgLXuI.exe
  C:\Windows\System\YTgLXuI.exe
  2⤵
  PID:7896
- C:\Windows\System\pmKFnqU.exe
  C:\Windows\System\pmKFnqU.exe
  2⤵
  PID:7620
- C:\Windows\System\LnMVMER.exe
  C:\Windows\System\LnMVMER.exe
  2⤵
  PID:8024
- C:\Windows\System\WlKtmBb.exe
  C:\Windows\System\WlKtmBb.exe
  2⤵
  PID:7656
- C:\Windows\System\lMeRVQj.exe
  C:\Windows\System\lMeRVQj.exe
  2⤵
  PID:7740
- C:\Windows\System\beJxGsG.exe
  C:\Windows\System\beJxGsG.exe
  2⤵
  PID:8064
- C:\Windows\System\aajbsoW.exe
  C:\Windows\System\aajbsoW.exe
  2⤵
  PID:6412
- C:\Windows\System\rGDjZZj.exe
  C:\Windows\System\rGDjZZj.exe
  2⤵
  PID:7816
- C:\Windows\System\jNiKDGQ.exe
  C:\Windows\System\jNiKDGQ.exe
  2⤵
  PID:7908
- C:\Windows\System\tDLeoeq.exe
  C:\Windows\System\tDLeoeq.exe
  2⤵
  PID:7976
- C:\Windows\System\TzmFDGE.exe
  C:\Windows\System\TzmFDGE.exe
  2⤵
  PID:8040
- C:\Windows\System\GZnxLpl.exe
  C:\Windows\System\GZnxLpl.exe
  2⤵
  PID:8076
- C:\Windows\System\CzMukPE.exe
  C:\Windows\System\CzMukPE.exe
  2⤵
  PID:8144
- C:\Windows\System\UyPvQZi.exe
  C:\Windows\System\UyPvQZi.exe
  2⤵
  PID:8184
- C:\Windows\System\ArRKtQx.exe
  C:\Windows\System\ArRKtQx.exe
  2⤵
  PID:7240
- C:\Windows\System\oOlPCZe.exe
  C:\Windows\System\oOlPCZe.exe
  2⤵
  PID:5896
- C:\Windows\System\CavruFr.exe
  C:\Windows\System\CavruFr.exe
  2⤵
  PID:7848
- C:\Windows\System\PdHuWue.exe
  C:\Windows\System\PdHuWue.exe
  2⤵
  PID:7108
- C:\Windows\System\RZiqWBf.exe
  C:\Windows\System\RZiqWBf.exe
  2⤵
  PID:7200
- C:\Windows\System\tnYYqhK.exe
  C:\Windows\System\tnYYqhK.exe
  2⤵
  PID:6204
- C:\Windows\System\YpMyhRV.exe
  C:\Windows\System\YpMyhRV.exe
  2⤵
  PID:4156
- C:\Windows\System\IIkCIxq.exe
  C:\Windows\System\IIkCIxq.exe
  2⤵
  PID:7384
- C:\Windows\System\VKmqxYF.exe
  C:\Windows\System\VKmqxYF.exe
  2⤵
  PID:7468
- C:\Windows\System\orddukk.exe
  C:\Windows\System\orddukk.exe
  2⤵
  PID:7256
- C:\Windows\System\umeRAQu.exe
  C:\Windows\System\umeRAQu.exe
  2⤵
  PID:7472
- C:\Windows\System\KNZDIxF.exe
  C:\Windows\System\KNZDIxF.exe
  2⤵
  PID:7672
- C:\Windows\System\AFmfBHg.exe
  C:\Windows\System\AFmfBHg.exe
  2⤵
  PID:7572
- C:\Windows\System\ZlBOkyT.exe
  C:\Windows\System\ZlBOkyT.exe
  2⤵
  PID:7704
- C:\Windows\System\SMUXVqG.exe
  C:\Windows\System\SMUXVqG.exe
  2⤵
  PID:7992
- C:\Windows\System\pltEImP.exe
  C:\Windows\System\pltEImP.exe
  2⤵
  PID:7960
- C:\Windows\System\bapVstR.exe
  C:\Windows\System\bapVstR.exe
  2⤵
  PID:8092
- C:\Windows\System\dcXLJur.exe
  C:\Windows\System\dcXLJur.exe
  2⤵
  PID:8172
- C:\Windows\System\mAsbpwF.exe
  C:\Windows\System\mAsbpwF.exe
  2⤵
  PID:6316
- C:\Windows\System\cbdxOjK.exe
  C:\Windows\System\cbdxOjK.exe
  2⤵
  PID:7808
- C:\Windows\System\JBLRzPX.exe
  C:\Windows\System\JBLRzPX.exe
  2⤵
  PID:8048
- C:\Windows\System\ftkRZlL.exe
  C:\Windows\System\ftkRZlL.exe
  2⤵
  PID:7880
- C:\Windows\System\blTEled.exe
  C:\Windows\System\blTEled.exe
  2⤵
  PID:8112
- C:\Windows\System\LMcqBcK.exe
  C:\Windows\System\LMcqBcK.exe
  2⤵
  PID:7316
- C:\Windows\System\SyWyWBS.exe
  C:\Windows\System\SyWyWBS.exe
  2⤵
  PID:8156
- C:\Windows\System\cnLFeRG.exe
  C:\Windows\System\cnLFeRG.exe
  2⤵
  PID:7344
- C:\Windows\System\ANhVwlq.exe
  C:\Windows\System\ANhVwlq.exe
  2⤵
  PID:7448
- C:\Windows\System\hmuumsU.exe
  C:\Windows\System\hmuumsU.exe
  2⤵
  PID:6520
- C:\Windows\System\gapKPMr.exe
  C:\Windows\System\gapKPMr.exe
  2⤵
  PID:7528
- C:\Windows\System\bpqgmPg.exe
  C:\Windows\System\bpqgmPg.exe
  2⤵
  PID:7756
- C:\Windows\System\NQHakxs.exe
  C:\Windows\System\NQHakxs.exe
  2⤵
  PID:7632
- C:\Windows\System\GuCNxaP.exe
  C:\Windows\System\GuCNxaP.exe
  2⤵
  PID:7928
- C:\Windows\System\pbcsDYR.exe
  C:\Windows\System\pbcsDYR.exe
  2⤵
  PID:7944
- C:\Windows\System\WGdpPkC.exe
  C:\Windows\System\WGdpPkC.exe
  2⤵
  PID:7692
- C:\Windows\System\ddmaxNW.exe
  C:\Windows\System\ddmaxNW.exe
  2⤵
  PID:8132
- C:\Windows\System\QsVflhu.exe
  C:\Windows\System\QsVflhu.exe
  2⤵
  PID:7876
- C:\Windows\System\eqzimaC.exe
  C:\Windows\System\eqzimaC.exe
  2⤵
  PID:7216
- C:\Windows\System\xNSYybe.exe
  C:\Windows\System\xNSYybe.exe
  2⤵
  PID:5180
- C:\Windows\System\ocuLZBV.exe
  C:\Windows\System\ocuLZBV.exe
  2⤵
  PID:7708
- C:\Windows\System\gPriNrQ.exe
  C:\Windows\System\gPriNrQ.exe
  2⤵
  PID:7828
- C:\Windows\System\pSlJYRT.exe
  C:\Windows\System\pSlJYRT.exe
  2⤵
  PID:8200
- C:\Windows\System\sZlUwOq.exe
  C:\Windows\System\sZlUwOq.exe
  2⤵
  PID:8216
- C:\Windows\System\bygtbHZ.exe
  C:\Windows\System\bygtbHZ.exe
  2⤵
  PID:8232
- C:\Windows\System\evCZQev.exe
  C:\Windows\System\evCZQev.exe
  2⤵
  PID:8248
- C:\Windows\System\AnNxbUW.exe
  C:\Windows\System\AnNxbUW.exe
  2⤵
  PID:8264
- C:\Windows\System\LwPZhSZ.exe
  C:\Windows\System\LwPZhSZ.exe
  2⤵
  PID:8280
- C:\Windows\System\BcrZdGi.exe
  C:\Windows\System\BcrZdGi.exe
  2⤵
  PID:8296
- C:\Windows\System\cqoPwgj.exe
  C:\Windows\System\cqoPwgj.exe
  2⤵
  PID:8312
- C:\Windows\System\JEpWfdM.exe
  C:\Windows\System\JEpWfdM.exe
  2⤵
  PID:8328
- C:\Windows\System\CoWnKEo.exe
  C:\Windows\System\CoWnKEo.exe
  2⤵
  PID:8344
- C:\Windows\System\JEFZdBt.exe
  C:\Windows\System\JEFZdBt.exe
  2⤵
  PID:8360
- C:\Windows\System\PGHdUtU.exe
  C:\Windows\System\PGHdUtU.exe
  2⤵
  PID:8376
- C:\Windows\System\LFeZwjn.exe
  C:\Windows\System\LFeZwjn.exe
  2⤵
  PID:8392
- C:\Windows\System\SgzxQAP.exe
  C:\Windows\System\SgzxQAP.exe
  2⤵
  PID:8408
- C:\Windows\System\MVidDjW.exe
  C:\Windows\System\MVidDjW.exe
  2⤵
  PID:8424
- C:\Windows\System\tSevNea.exe
  C:\Windows\System\tSevNea.exe
  2⤵
  PID:8440
- C:\Windows\System\UGGSjnV.exe
  C:\Windows\System\UGGSjnV.exe
  2⤵
  PID:8456
- C:\Windows\System\zOJpsve.exe
  C:\Windows\System\zOJpsve.exe
  2⤵
  PID:8472
- C:\Windows\System\lTEYvmS.exe
  C:\Windows\System\lTEYvmS.exe
  2⤵
  PID:8488
- C:\Windows\System\yGoHZhr.exe
  C:\Windows\System\yGoHZhr.exe
  2⤵
  PID:8504
- C:\Windows\System\XsddOlu.exe
  C:\Windows\System\XsddOlu.exe
  2⤵
  PID:8520
- C:\Windows\System\wVqdQoP.exe
  C:\Windows\System\wVqdQoP.exe
  2⤵
  PID:8536
- C:\Windows\System\yYscNCG.exe
  C:\Windows\System\yYscNCG.exe
  2⤵
  PID:8552
- C:\Windows\System\nQpzdNq.exe
  C:\Windows\System\nQpzdNq.exe
  2⤵
  PID:8568
- C:\Windows\System\lgZXlYR.exe
  C:\Windows\System\lgZXlYR.exe
  2⤵
  PID:8584
- C:\Windows\System\RYnqgFg.exe
  C:\Windows\System\RYnqgFg.exe
  2⤵
  PID:8600
- C:\Windows\System\eYgROyb.exe
  C:\Windows\System\eYgROyb.exe
  2⤵
  PID:8616
- C:\Windows\System\TSCPULX.exe
  C:\Windows\System\TSCPULX.exe
  2⤵
  PID:8632
- C:\Windows\System\hxWJeqJ.exe
  C:\Windows\System\hxWJeqJ.exe
  2⤵
  PID:8648
- C:\Windows\System\NlhdDCc.exe
  C:\Windows\System\NlhdDCc.exe
  2⤵
  PID:8664
- C:\Windows\System\VcGIwqR.exe
  C:\Windows\System\VcGIwqR.exe
  2⤵
  PID:8680
- C:\Windows\System\ltWMhoE.exe
  C:\Windows\System\ltWMhoE.exe
  2⤵
  PID:8696
- C:\Windows\System\oYHKwBU.exe
  C:\Windows\System\oYHKwBU.exe
  2⤵
  PID:8712
- C:\Windows\System\hzQvwwz.exe
  C:\Windows\System\hzQvwwz.exe
  2⤵
  PID:8756
- C:\Windows\System\qMEHyat.exe
  C:\Windows\System\qMEHyat.exe
  2⤵
  PID:8780
- C:\Windows\System\aImeWfc.exe
  C:\Windows\System\aImeWfc.exe
  2⤵
  PID:8796
- C:\Windows\System\KCLuHWS.exe
  C:\Windows\System\KCLuHWS.exe
  2⤵
  PID:8812
- C:\Windows\System\HLkHTLn.exe
  C:\Windows\System\HLkHTLn.exe
  2⤵
  PID:8832
- C:\Windows\System\nHxJBjM.exe
  C:\Windows\System\nHxJBjM.exe
  2⤵
  PID:8884
- C:\Windows\System\ImAJTmO.exe
  C:\Windows\System\ImAJTmO.exe
  2⤵
  PID:9156
- C:\Windows\System\sGoZRdC.exe
  C:\Windows\System\sGoZRdC.exe
  2⤵
  PID:9212
- C:\Windows\System\jCNxpTU.exe
  C:\Windows\System\jCNxpTU.exe
  2⤵
  PID:7332
- C:\Windows\System\DKnQFpx.exe
  C:\Windows\System\DKnQFpx.exe
  2⤵
  PID:8212
- C:\Windows\System\EVtlWpu.exe
  C:\Windows\System\EVtlWpu.exe
  2⤵
  PID:7940
- C:\Windows\System\IKSPEie.exe
  C:\Windows\System\IKSPEie.exe
  2⤵
  PID:8336
- C:\Windows\System\OzkWOXX.exe
  C:\Windows\System\OzkWOXX.exe
  2⤵
  PID:8196
- C:\Windows\System\kcxtOcs.exe
  C:\Windows\System\kcxtOcs.exe
  2⤵
  PID:7688
- C:\Windows\System\WArbiYI.exe
  C:\Windows\System\WArbiYI.exe
  2⤵
  PID:7408
- C:\Windows\System\aMfavPQ.exe
  C:\Windows\System\aMfavPQ.exe
  2⤵
  PID:8288
- C:\Windows\System\siRSKnW.exe
  C:\Windows\System\siRSKnW.exe
  2⤵
  PID:8356
- C:\Windows\System\lmrQYFg.exe
  C:\Windows\System\lmrQYFg.exe
  2⤵
  PID:8468
- C:\Windows\System\GFlBkQC.exe
  C:\Windows\System\GFlBkQC.exe
  2⤵
  PID:8404
- C:\Windows\System\htuavtA.exe
  C:\Windows\System\htuavtA.exe
  2⤵
  PID:8436
- C:\Windows\System\KbHHNdp.exe
  C:\Windows\System\KbHHNdp.exe
  2⤵
  PID:8532
- C:\Windows\System\BhzLSpw.exe
  C:\Windows\System\BhzLSpw.exe
  2⤵
  PID:8592
- C:\Windows\System\sHoiuGL.exe
  C:\Windows\System\sHoiuGL.exe
  2⤵
  PID:8656
- C:\Windows\System\TwJkbxa.exe
  C:\Windows\System\TwJkbxa.exe
  2⤵
  PID:8720
- C:\Windows\System\lrJjMgT.exe
  C:\Windows\System\lrJjMgT.exe
  2⤵
  PID:8548
- C:\Windows\System\CMwYIIF.exe
  C:\Windows\System\CMwYIIF.exe
  2⤵
  PID:8640
- C:\Windows\System\SorpqZO.exe
  C:\Windows\System\SorpqZO.exe
  2⤵
  PID:8704
- C:\Windows\System\aEKWCDI.exe
  C:\Windows\System\aEKWCDI.exe
  2⤵
  PID:8744
- C:\Windows\System\UGAneIB.exe
  C:\Windows\System\UGAneIB.exe
  2⤵
  PID:8752
- C:\Windows\System\bdwteNk.exe
  C:\Windows\System\bdwteNk.exe
  2⤵
  PID:8788
- C:\Windows\System\LtesdAI.exe
  C:\Windows\System\LtesdAI.exe
  2⤵
  PID:8860
- C:\Windows\System\jmEluxu.exe
  C:\Windows\System\jmEluxu.exe
  2⤵
  PID:8876
- C:\Windows\System\JqsRvea.exe
  C:\Windows\System\JqsRvea.exe
  2⤵
  PID:8896
- C:\Windows\System\yntAIox.exe
  C:\Windows\System\yntAIox.exe
  2⤵
  PID:8952
- C:\Windows\System\SpjHoxn.exe
  C:\Windows\System\SpjHoxn.exe
  2⤵
  PID:8976
- C:\Windows\System\KlvfrBX.exe
  C:\Windows\System\KlvfrBX.exe
  2⤵
  PID:8940
- C:\Windows\System\SCQUOqz.exe
  C:\Windows\System\SCQUOqz.exe
  2⤵
  PID:8980
- C:\Windows\System\OpQdLMp.exe
  C:\Windows\System\OpQdLMp.exe
  2⤵
  PID:9000
- C:\Windows\System\mlLSXHq.exe
  C:\Windows\System\mlLSXHq.exe
  2⤵
  PID:9016
- C:\Windows\System\akxUdBn.exe
  C:\Windows\System\akxUdBn.exe
  2⤵
  PID:9036
- C:\Windows\System\KQPoiRZ.exe
  C:\Windows\System\KQPoiRZ.exe
  2⤵
  PID:9060
- C:\Windows\System\XedhPgc.exe
  C:\Windows\System\XedhPgc.exe
  2⤵
  PID:9040
- C:\Windows\System\qdxVvdw.exe
  C:\Windows\System\qdxVvdw.exe
  2⤵
  PID:9076
- C:\Windows\System\BYkJVSb.exe
  C:\Windows\System\BYkJVSb.exe
  2⤵
  PID:9100
- C:\Windows\System\kSzDpfb.exe
  C:\Windows\System\kSzDpfb.exe
  2⤵
  PID:9116
- C:\Windows\System\zWQOvXs.exe
  C:\Windows\System\zWQOvXs.exe
  2⤵
  PID:9132
- C:\Windows\System\mHDfUfT.exe
  C:\Windows\System\mHDfUfT.exe
  2⤵
  PID:9140
- C:\Windows\System\VCdOPsS.exe
  C:\Windows\System\VCdOPsS.exe
  2⤵
  PID:9180
- C:\Windows\System\TRnrxqo.exe
  C:\Windows\System\TRnrxqo.exe
  2⤵
  PID:9196
- C:\Windows\System\QyOxAqZ.exe
  C:\Windows\System\QyOxAqZ.exe
  2⤵
  PID:8152
- C:\Windows\System\zSfRcZb.exe
  C:\Windows\System\zSfRcZb.exe
  2⤵
  PID:7476
- C:\Windows\System\ZkPssIZ.exe
  C:\Windows\System\ZkPssIZ.exe
  2⤵
  PID:8308
- C:\Windows\System\hfxXRch.exe
  C:\Windows\System\hfxXRch.exe
  2⤵
  PID:6312
- C:\Windows\System\GRQDrXn.exe
  C:\Windows\System\GRQDrXn.exe
  2⤵
  PID:8256
- C:\Windows\System\MAruOlX.exe
  C:\Windows\System\MAruOlX.exe
  2⤵
  PID:8324
- C:\Windows\System\XFaBKNg.exe
  C:\Windows\System\XFaBKNg.exe
  2⤵
  PID:8480
- C:\Windows\System\euNpEIS.exe
  C:\Windows\System\euNpEIS.exe
  2⤵
  PID:8420
- C:\Windows\System\AgITujA.exe
  C:\Windows\System\AgITujA.exe
  2⤵
  PID:8260
- C:\Windows\System\AIfQECc.exe
  C:\Windows\System\AIfQECc.exe
  2⤵
  PID:8416
- C:\Windows\System\QfZeCss.exe
  C:\Windows\System\QfZeCss.exe
  2⤵
  PID:8676
- C:\Windows\System\XJGlHwA.exe
  C:\Windows\System\XJGlHwA.exe
  2⤵
  PID:8612
- C:\Windows\System\efyydJs.exe
  C:\Windows\System\efyydJs.exe
  2⤵
  PID:8736
- C:\Windows\System\FEiRfPn.exe
  C:\Windows\System\FEiRfPn.exe
  2⤵
  PID:8772
- C:\Windows\System\wCYjpIS.exe
  C:\Windows\System\wCYjpIS.exe
  2⤵
  PID:8868
- C:\Windows\System\VIwiFgA.exe
  C:\Windows\System\VIwiFgA.exe
  2⤵
  PID:8844
- C:\Windows\System\IAskzXB.exe
  C:\Windows\System\IAskzXB.exe
  2⤵
  PID:7780
- C:\Windows\System\GWpaXPJ.exe
  C:\Windows\System\GWpaXPJ.exe
  2⤵
  PID:8912
- C:\Windows\System\BMSgtdW.exe
  C:\Windows\System\BMSgtdW.exe
  2⤵
  PID:8928
- C:\Windows\System\jmfWqpw.exe
  C:\Windows\System\jmfWqpw.exe
  2⤵
  PID:8984
- C:\Windows\System\lIHgHhd.exe
  C:\Windows\System\lIHgHhd.exe
  2⤵
  PID:8920
- C:\Windows\System\WQWqLAn.exe
  C:\Windows\System\WQWqLAn.exe
  2⤵
  PID:9084
- C:\Windows\System\QplVwuL.exe
  C:\Windows\System\QplVwuL.exe
  2⤵
  PID:8964
- C:\Windows\System\gwoDkyH.exe
  C:\Windows\System\gwoDkyH.exe
  2⤵
  PID:9124
- C:\Windows\System\LtdURqy.exe
  C:\Windows\System\LtdURqy.exe
  2⤵
  PID:9168
- C:\Windows\System\MmSlsAS.exe
  C:\Windows\System\MmSlsAS.exe
  2⤵
  PID:9188
- C:\Windows\System\uQLQtwe.exe
  C:\Windows\System\uQLQtwe.exe
  2⤵
  PID:9208
- C:\Windows\System\DAoOgKg.exe
  C:\Windows\System\DAoOgKg.exe
  2⤵
  PID:8060
- C:\Windows\System\dSeaaHe.exe
  C:\Windows\System\dSeaaHe.exe
  2⤵
  PID:8516
- C:\Windows\System\grevXrM.exe
  C:\Windows\System\grevXrM.exe
  2⤵
  PID:8372
- C:\Windows\System\uGoKyGZ.exe
  C:\Windows\System\uGoKyGZ.exe
  2⤵
  PID:8464
- C:\Windows\System\nlIKwIG.exe
  C:\Windows\System\nlIKwIG.exe
  2⤵
  PID:8692
- C:\Windows\System\foEndpL.exe
  C:\Windows\System\foEndpL.exe
  2⤵
  PID:8828
- C:\Windows\System\LoEhBhE.exe
  C:\Windows\System\LoEhBhE.exe
  2⤵
  PID:8848
- C:\Windows\System\NhNtXyC.exe
  C:\Windows\System\NhNtXyC.exe
  2⤵
  PID:8992
- C:\Windows\System\jRMFIGC.exe
  C:\Windows\System\jRMFIGC.exe
  2⤵
  PID:8908
- C:\Windows\System\xGowKHe.exe
  C:\Windows\System\xGowKHe.exe
  2⤵
  PID:8820
- C:\Windows\System\YyJiLWU.exe
  C:\Windows\System\YyJiLWU.exe
  2⤵
  PID:9052
- C:\Windows\System\plOYJza.exe
  C:\Windows\System\plOYJza.exe
  2⤵
  PID:9108
- C:\Windows\System\taPyDlQ.exe
  C:\Windows\System\taPyDlQ.exe
  2⤵
  PID:8388
- C:\Windows\System\ZEuxanU.exe
  C:\Windows\System\ZEuxanU.exe
  2⤵
  PID:8672
- C:\Windows\System\wHauZSK.exe
  C:\Windows\System\wHauZSK.exe
  2⤵
  PID:7956
- C:\Windows\System\vxpFKhs.exe
  C:\Windows\System\vxpFKhs.exe
  2⤵
  PID:8856
- C:\Windows\System\OJUsyui.exe
  C:\Windows\System\OJUsyui.exe
  2⤵
  PID:9028
- C:\Windows\System\aFyXyaf.exe
  C:\Windows\System\aFyXyaf.exe
  2⤵
  PID:9232
- C:\Windows\System\ohMgcty.exe
  C:\Windows\System\ohMgcty.exe
  2⤵
  PID:9248
- C:\Windows\System\ZakLCHo.exe
  C:\Windows\System\ZakLCHo.exe
  2⤵
  PID:9264
- C:\Windows\System\iiJaNEi.exe
  C:\Windows\System\iiJaNEi.exe
  2⤵
  PID:9280
- C:\Windows\System\bRFqSJy.exe
  C:\Windows\System\bRFqSJy.exe
  2⤵
  PID:9296
- C:\Windows\System\WPyRuJK.exe
  C:\Windows\System\WPyRuJK.exe
  2⤵
  PID:9320
- C:\Windows\System\bAxgAZV.exe
  C:\Windows\System\bAxgAZV.exe
  2⤵
  PID:9344
- C:\Windows\System\SCoHDBq.exe
  C:\Windows\System\SCoHDBq.exe
  2⤵
  PID:9360
- C:\Windows\System\fTLXabP.exe
  C:\Windows\System\fTLXabP.exe
  2⤵
  PID:9376
- C:\Windows\System\bqcsDaf.exe
  C:\Windows\System\bqcsDaf.exe
  2⤵
  PID:9392
- C:\Windows\System\zPiORHB.exe
  C:\Windows\System\zPiORHB.exe
  2⤵
  PID:9408
- C:\Windows\System\hIszzKA.exe
  C:\Windows\System\hIszzKA.exe
  2⤵
  PID:9424
- C:\Windows\System\vKZsebY.exe
  C:\Windows\System\vKZsebY.exe
  2⤵
  PID:9440
- C:\Windows\System\AksiVLf.exe
  C:\Windows\System\AksiVLf.exe
  2⤵
  PID:9456
- C:\Windows\System\ZFCXfUs.exe
  C:\Windows\System\ZFCXfUs.exe
  2⤵
  PID:9476
- C:\Windows\System\nJWYWNp.exe
  C:\Windows\System\nJWYWNp.exe
  2⤵
  PID:9492
- C:\Windows\System\WiGMelW.exe
  C:\Windows\System\WiGMelW.exe
  2⤵
  PID:9508
- C:\Windows\System\ESXKDYB.exe
  C:\Windows\System\ESXKDYB.exe
  2⤵
  PID:9524
- C:\Windows\System\TWNytSj.exe
  C:\Windows\System\TWNytSj.exe
  2⤵
  PID:9540
- C:\Windows\System\ywzTYHh.exe
  C:\Windows\System\ywzTYHh.exe
  2⤵
  PID:9556
- C:\Windows\System\qrexUiF.exe
  C:\Windows\System\qrexUiF.exe
  2⤵
  PID:9572
- C:\Windows\System\RMfraLa.exe
  C:\Windows\System\RMfraLa.exe
  2⤵
  PID:9588
- C:\Windows\System\BUQieuC.exe
  C:\Windows\System\BUQieuC.exe
  2⤵
  PID:9604
- C:\Windows\System\TWHRmbl.exe
  C:\Windows\System\TWHRmbl.exe
  2⤵
  PID:9620
- C:\Windows\System\aZiuoxv.exe
  C:\Windows\System\aZiuoxv.exe
  2⤵
  PID:9636
- C:\Windows\System\PNXzngd.exe
  C:\Windows\System\PNXzngd.exe
  2⤵
  PID:9652
- C:\Windows\System\xOFkBYK.exe
  C:\Windows\System\xOFkBYK.exe
  2⤵
  PID:9668
- C:\Windows\System\YoxACMS.exe
  C:\Windows\System\YoxACMS.exe
  2⤵
  PID:9684
- C:\Windows\System\AhnCbIe.exe
  C:\Windows\System\AhnCbIe.exe
  2⤵
  PID:9700
- C:\Windows\System\IFsPOej.exe
  C:\Windows\System\IFsPOej.exe
  2⤵
  PID:9716
- C:\Windows\System\wCSmmZg.exe
  C:\Windows\System\wCSmmZg.exe
  2⤵
  PID:9732
- C:\Windows\System\EWecjFm.exe
  C:\Windows\System\EWecjFm.exe
  2⤵
  PID:9748
- C:\Windows\System\XVLRkVy.exe
  C:\Windows\System\XVLRkVy.exe
  2⤵
  PID:9764
- C:\Windows\System\TMCZQqI.exe
  C:\Windows\System\TMCZQqI.exe
  2⤵
  PID:9780
- C:\Windows\System\sUXoYdE.exe
  C:\Windows\System\sUXoYdE.exe
  2⤵
  PID:9796
- C:\Windows\System\KXNFcrF.exe
  C:\Windows\System\KXNFcrF.exe
  2⤵
  PID:9812
- C:\Windows\System\ohjfVkS.exe
  C:\Windows\System\ohjfVkS.exe
  2⤵
  PID:9828
- C:\Windows\System\OkEvGce.exe
  C:\Windows\System\OkEvGce.exe
  2⤵
  PID:9844
- C:\Windows\System\roxozzO.exe
  C:\Windows\System\roxozzO.exe
  2⤵
  PID:9860
- C:\Windows\System\hDsMVta.exe
  C:\Windows\System\hDsMVta.exe
  2⤵
  PID:9876
- C:\Windows\System\aqfAstB.exe
  C:\Windows\System\aqfAstB.exe
  2⤵
  PID:9892
- C:\Windows\System\asMcPLE.exe
  C:\Windows\System\asMcPLE.exe
  2⤵
  PID:9908
- C:\Windows\System\NBKGlgK.exe
  C:\Windows\System\NBKGlgK.exe
  2⤵
  PID:9924
- C:\Windows\System\KygFYma.exe
  C:\Windows\System\KygFYma.exe
  2⤵
  PID:9940
- C:\Windows\System\UuayNWc.exe
  C:\Windows\System\UuayNWc.exe
  2⤵
  PID:9956
- C:\Windows\System\xHHTNUI.exe
  C:\Windows\System\xHHTNUI.exe
  2⤵
  PID:9972
- C:\Windows\System\JLMreic.exe
  C:\Windows\System\JLMreic.exe
  2⤵
  PID:9988
- C:\Windows\System\qinhdEH.exe
  C:\Windows\System\qinhdEH.exe
  2⤵
  PID:10004
- C:\Windows\System\aEnIfMb.exe
  C:\Windows\System\aEnIfMb.exe
  2⤵
  PID:10020
- C:\Windows\System\bODtwJU.exe
  C:\Windows\System\bODtwJU.exe
  2⤵
  PID:10036
- C:\Windows\System\irPqcrF.exe
  C:\Windows\System\irPqcrF.exe
  2⤵
  PID:10052
- C:\Windows\System\XkswJqR.exe
  C:\Windows\System\XkswJqR.exe
  2⤵
  PID:10068
- C:\Windows\System\sIIcRBI.exe
  C:\Windows\System\sIIcRBI.exe
  2⤵
  PID:10084
- C:\Windows\System\gDFGgfA.exe
  C:\Windows\System\gDFGgfA.exe
  2⤵
  PID:10100
- C:\Windows\System\WWsuoeN.exe
  C:\Windows\System\WWsuoeN.exe
  2⤵
  PID:10116
- C:\Windows\System\fCnOHDg.exe
  C:\Windows\System\fCnOHDg.exe
  2⤵
  PID:10132
- C:\Windows\System\KOLWcyM.exe
  C:\Windows\System\KOLWcyM.exe
  2⤵
  PID:10148
- C:\Windows\System\GWlBIVX.exe
  C:\Windows\System\GWlBIVX.exe
  2⤵
  PID:10168
- C:\Windows\System\ORBJWzG.exe
  C:\Windows\System\ORBJWzG.exe
  2⤵
  PID:10184
- C:\Windows\System\IipKIYY.exe
  C:\Windows\System\IipKIYY.exe
  2⤵
  PID:10200
- C:\Windows\System\avPkEFd.exe
  C:\Windows\System\avPkEFd.exe
  2⤵
  PID:10216
- C:\Windows\System\XGuZqFi.exe
  C:\Windows\System\XGuZqFi.exe
  2⤵
  PID:10232
- C:\Windows\System\LXuayNZ.exe
  C:\Windows\System\LXuayNZ.exe
  2⤵
  PID:8996
- C:\Windows\System\FdYEnLg.exe
  C:\Windows\System\FdYEnLg.exe
  2⤵
  PID:8484
- C:\Windows\System\VRNbNeV.exe
  C:\Windows\System\VRNbNeV.exe
  2⤵
  PID:9228
- C:\Windows\System\fWVXDmF.exe
  C:\Windows\System\fWVXDmF.exe
  2⤵
  PID:9012
- C:\Windows\System\fdZgYWy.exe
  C:\Windows\System\fdZgYWy.exe
  2⤵
  PID:8400
- C:\Windows\System\jBqDZbM.exe
  C:\Windows\System\jBqDZbM.exe
  2⤵
  PID:9256
- C:\Windows\System\KJIfIqQ.exe
  C:\Windows\System\KJIfIqQ.exe
  2⤵
  PID:9292
- C:\Windows\System\TYCIGTJ.exe
  C:\Windows\System\TYCIGTJ.exe
  2⤵
  PID:9308
- C:\Windows\System\eVhYUud.exe
  C:\Windows\System\eVhYUud.exe
  2⤵
  PID:9352
- C:\Windows\System\dwjUgjD.exe
  C:\Windows\System\dwjUgjD.exe
  2⤵
  PID:9368
- C:\Windows\System\xQrRgjB.exe
  C:\Windows\System\xQrRgjB.exe
  2⤵
  PID:9388
- C:\Windows\System\aFVEHkl.exe
  C:\Windows\System\aFVEHkl.exe
  2⤵
  PID:9432
- C:\Windows\System\rCcljuy.exe
  C:\Windows\System\rCcljuy.exe
  2⤵
  PID:9452
- C:\Windows\System\ZzGaXin.exe
  C:\Windows\System\ZzGaXin.exe
  2⤵
  PID:9516
- C:\Windows\System\usEycRE.exe
  C:\Windows\System\usEycRE.exe
  2⤵
  PID:9580
- C:\Windows\System\jHwMtrl.exe
  C:\Windows\System\jHwMtrl.exe
  2⤵
  PID:9648
- C:\Windows\System\kzmoQmS.exe
  C:\Windows\System\kzmoQmS.exe
  2⤵
  PID:9708
- C:\Windows\System\ZKZoYzY.exe
  C:\Windows\System\ZKZoYzY.exe
  2⤵
  PID:9468
- C:\Windows\System\ROGKGpu.exe
  C:\Windows\System\ROGKGpu.exe
  2⤵
  PID:9504
- C:\Windows\System\FriMbcM.exe
  C:\Windows\System\FriMbcM.exe
  2⤵
  PID:9568
- C:\Windows\System\NdDbiyD.exe
  C:\Windows\System\NdDbiyD.exe
  2⤵
  PID:9632
- C:\Windows\System\migSZat.exe
  C:\Windows\System\migSZat.exe
  2⤵
  PID:9696
- C:\Windows\System\RSuPRea.exe
  C:\Windows\System\RSuPRea.exe
  2⤵
  PID:9760
- C:\Windows\System\ODVKyGc.exe
  C:\Windows\System\ODVKyGc.exe
  2⤵
  PID:9824
- C:\Windows\System\TjVrNon.exe
  C:\Windows\System\TjVrNon.exe
  2⤵
  PID:9840
- C:\Windows\System\nwwIXFK.exe
  C:\Windows\System\nwwIXFK.exe
  2⤵
  PID:9904
- C:\Windows\System\nFOywNS.exe
  C:\Windows\System\nFOywNS.exe
  2⤵
  PID:9968
- C:\Windows\System\wgTfQww.exe
  C:\Windows\System\wgTfQww.exe
  2⤵
  PID:10032
- C:\Windows\System\KyMzXtL.exe
  C:\Windows\System\KyMzXtL.exe
  2⤵
  PID:10096
- C:\Windows\System\yZqwCal.exe
  C:\Windows\System\yZqwCal.exe
  2⤵
  PID:9884
- C:\Windows\System\qMVNTQB.exe
  C:\Windows\System\qMVNTQB.exe
  2⤵
  PID:10048
- C:\Windows\System\hmDpjoe.exe
  C:\Windows\System\hmDpjoe.exe
  2⤵
  PID:9852
- C:\Windows\System\HPrQvKN.exe
  C:\Windows\System\HPrQvKN.exe
  2⤵
  PID:9980
- C:\Windows\System\KNNJoiM.exe
  C:\Windows\System\KNNJoiM.exe
  2⤵
  PID:10076
- C:\Windows\System\drRIxfz.exe
  C:\Windows\System\drRIxfz.exe
  2⤵
  PID:10176
- C:\Windows\System\gGFLRQZ.exe
  C:\Windows\System\gGFLRQZ.exe
  2⤵
  PID:10192
- C:\Windows\System\gJfWxnp.exe
  C:\Windows\System\gJfWxnp.exe
  2⤵
  PID:9096
- C:\Windows\System\bnXFoLJ.exe
  C:\Windows\System\bnXFoLJ.exe
  2⤵
  PID:8732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DSOgzvO.exe

Filesize
6.0MB

MD5
0979443c19b6aa829bef32bdeaef8fd2

SHA1
a2ffea8988507dbe2b93d3a863851c522aee03be

SHA256
48be52701a3429ef91bd750f15e264496503f89f81f7c7f37a3a481339632d0c

SHA512
947621dcabfa6514d851f770ff4c0f31267165b76b01b6b01220555d92051c7ebf1f9c897cbc1e64fdde52d0db2e1b310248146ad4441a19d78b76f499014893

Download Submit
C:\Windows\system\EWYBvIn.exe

Filesize
6.0MB

MD5
c21a855328ab5f23486a2018707f7348

SHA1
08e74f3ef1dfa3acac5f780cdadf15ea754b913c

SHA256
6571763ed99aa84c26ea0600c5f83028a5d4a8b2e1de3a4dc2c5d98ff0b9ab78

SHA512
a77ce4379161b8f8d6a1490fde562e8367ffdf37d2d3b5e53bd34b583db6588df8958054785ee24c41098a978d1dee0c3c62ffe0c502e8ee38219000812fa7fe

Download Submit
C:\Windows\system\FTLgkVk.exe

Filesize
6.0MB

MD5
ad49f4de156043d72d160174ec6ce3e0

SHA1
b234288dd862e8a4186499b0bbdadaf05243c925

SHA256
5c82d188db7ab92f0c9f5e6256dff4dcafc35c58bacc71cab5fcc40836db89f4

SHA512
89a17ffa792c25362758d60cf59c0c74aa9a8789eff1c8e747d80e7e5886bad3485c2876c3dc51566c449d479ca8194397eab814fa962b96e71a286fc56d79bf

Download Submit
C:\Windows\system\FyzAcon.exe

Filesize
6.0MB

MD5
1e3d3be05f5c3b1547955c3183371e07

SHA1
914dfd54a88260d750efd11423bdec9e738b1a10

SHA256
0be199b11672a932a6df935f7d2f5fe953fe1ce4787cc19520161493d3fd8460

SHA512
2378cf6674ad47b605af4396a006822dcf7054c48c5f7494f571fdd0d6134f5775466b650b86ec692717e6ec43952a219f7d04d12e818f9a6126157d763bd787

Download Submit
C:\Windows\system\GoQmkBb.exe

Filesize
6.0MB

MD5
7beac8b0da0eb57a275e93bcf920405c

SHA1
9666fda513d05ed5f709ff4b01b7160afb28ca24

SHA256
8517bcce48aeffe58fd276b03fd7e1508bf28018ffa0554e466ae89080bb576a

SHA512
b0e4deb94424ebf3ae6c29c1ac0e74477e62b7fc0e544e777464e8702e5ed7ea777e33bcee883ef31af301a6d1e89be80d7c4cba0659abc6c44f88a1fb12b27f

Download Submit
C:\Windows\system\HSEtoIS.exe

Filesize
6.0MB

MD5
7abf092d8c14d837e085972a5877e037

SHA1
1a0823c648d97a47c250b2daf03d060ac59b5d83

SHA256
5370a2f00094e6a4fe408176418bc420776d31466ea098969ac9d94936519625

SHA512
3fd9ab806b4e5a7a49c926683fa5779cf79e1bef1b9b47fba85f3143a40916ce6b0074435c543666e28af1eaceda5d2b8c5ccb8fcdd50c6d4df9b1c278c05246

Download Submit
C:\Windows\system\IrBZuyW.exe

Filesize
6.0MB

MD5
e7ce66084ea670a186cc5a3a8c838fb3

SHA1
f8900beba3d55997ee4b081a6ebcbabb99b7ee84

SHA256
07da87d5bc4f919584de9421ea97bd39de7f4e1a1f4ce975d327968ab9e64045

SHA512
ead739bd3f7b4884dc5e064b9041e2f55d5196e7bb7b13fba844f5dda9d4bafdc9b9b575220a7f908328499d3063c735cbcec7105f4630723f39684d63d5d3b4

Download Submit
C:\Windows\system\JCZbNsz.exe

Filesize
6.0MB

MD5
8316b6cc9b974d1d465d23d800fc22ba

SHA1
c046e7a940c7d9b96b6921c1b76eb70c91713d3f

SHA256
2e7961aef3782b728624ad8dc07aed6e3ea0475b3ee2d72568e33bc5856e298b

SHA512
e97869b9b2d6ab8a5a9b98fb84a3fd248b0bda43e1a614d1fd9eae92cf09fb8cb6bd7e3329b501cd66a4d5b09f8d4e19ddce21615c930a36adbe422cbaa52c35

Download Submit
C:\Windows\system\MEaiFRs.exe

Filesize
6.0MB

MD5
e9e2cc4c33888e1c6d7288f5821a3d5d

SHA1
6649ccf878ff587f4bd4919ff02ff04db150b37f

SHA256
d94b66d373192b6a7fc1b0ec81c526906c8dc7d280629a6e11482f25ade6990e

SHA512
8fe8daa3977d4f0066b098b47260b6170d49ff228d640d04268a0c81cf5e311dee7221ef0868acfa2afb0162d2f7039d74dedc8698836233a56b44d697c6faee

Download Submit
C:\Windows\system\OvhzRzL.exe

Filesize
6.0MB

MD5
895548dcc0a422796b06aa797dbf916c

SHA1
15ef62989c32c74d5a029da39bec10349dada8e7

SHA256
a16f58519c6881acd85b2b8f77c12a6eaae095b13d6123c403bed230c158394b

SHA512
0ecf451788ec77b3a78a8a9a1db97035c8d02834ea626e0ffe4ef5fb78058d095dd5a9658661ee1a77a2f3d56955ba7a769f879f612918374c070327d29f1b62

Download Submit
C:\Windows\system\SCmRJfQ.exe

Filesize
6.0MB

MD5
ae9c616fe6b0c0e7b0d6829b15c0e183

SHA1
149d4dde43054866a686b0a39b330001d961c833

SHA256
21d1cf237914cb4fb4f0d3da5ab0431593323cfa9d36ff3ab709e40872d9c66b

SHA512
f5b427acfa6629dadb5209d6e5c2c5a10b3c3db70b7d7c19385aa40e782545f5523bfe70c8a65897f3922fb6d6807c0b58605b2ed87db52cf95ad02d265e15f6

Download Submit
C:\Windows\system\SZHgniU.exe

Filesize
6.0MB

MD5
e12c2a8bfa73b34ba552a3adf2ed1ab9

SHA1
022f21e0332585d488b85da849705efdfe611d08

SHA256
135ab84bf9103c21b1a617edf2a116756732ec610d5090626b51f5a9b63ca9db

SHA512
6afa1336c2b21f8b41f4a72df8a18e29ca7c635fcad329b49e7106fc3c9796bd93d3717e84a59edb65ef848a4d35f272b729f28ec0dc304050a2192dc9a298b3

Download Submit
C:\Windows\system\VhbBuXZ.exe

Filesize
6.0MB

MD5
2d50002376dd9832c8216f56fe35ae33

SHA1
e799494b1d61c42c5eb804cbef02fcb8ed592978

SHA256
cdeb9f1d7d77585ca5ec17fdcc20d4947397f02baa8998a73c2d1f6c582ee46a

SHA512
fc8c0013810c07a67e67856ebc8cdb414e2cc9ab0507896804d23fd9d908fa94283b54a02b1a0d826d61b140f349e4663b19ed133d12e93f7244adb0521b241a

Download Submit
C:\Windows\system\XkiTado.exe

Filesize
6.0MB

MD5
000dfb1107f1fcb6bdfa289228a356da

SHA1
fdb66c6491d44d4e76f96c46c96417012eb59f01

SHA256
dcd4ecbaa5324b27bd86bba92f458f54eb54da5b63b2e636a926eb93b6ba27c0

SHA512
9d17d0c9f622b388c401402f4de07302dc3ddbb2f4dfc937c693636262b372bf765189b1531966920e7f438ec5cbca3ccd77e11b829780579b670a3045956f0b

Download Submit
C:\Windows\system\XthCBGc.exe

Filesize
6.0MB

MD5
ac90f71f052834b8ca1e5cd12aa57359

SHA1
406c90df7b0f955352b96709c3f65856f73f956d

SHA256
c586303f9cdb3db06efe87f39bc2f32565214ad9df710fa8a901cb1c5bec70ef

SHA512
b335abc7b97f65eaa8ed7ea03015ea0cdaaf7c01310adcc03b7f9ac1991bdeb1aebba03b8ecb4b8f00cb84fe38254ce697f80ae70d00f02597f019060231d7ca

Download Submit
C:\Windows\system\XydaQjf.exe

Filesize
6.0MB

MD5
967b895e463566fe4f1bdb79431652aa

SHA1
37b1175ad372d3d9733a3f782dd26265e8876687

SHA256
da42699458554eb26e4b6a83459c091e0df16e148fe5bd9e0189e668601349a1

SHA512
67a3a57e7745be3d6b3d36993021e245818970af8c0b2fd8dff5553aaeed8c249e97506256d2710b6cab9fec144ab97bc228e18d63b2b690ae3461c7f150bcfa

Download Submit
C:\Windows\system\ZSlkBWt.exe

Filesize
6.0MB

MD5
fc233858a86db05b7e9fa13a83467741

SHA1
aee642bf164fec19ea0dbe50a81b5b28c24885e7

SHA256
e68be96b2d2633bb7137f5451cd6e9b3e50d8403e4a496415eeb8ea1274ce3a9

SHA512
1c090fbfad5fb0d0b5914a22b0119df270fecc69a127cf7bbea0aa35f1b1a1e110c96b89c2319d4ee044aa62c9fb23eeace13e12b6d08629a45a209322ad472f

Download Submit
C:\Windows\system\ZeemLjo.exe

Filesize
6.0MB

MD5
941530c9a329d9142dde250de99aab0c

SHA1
a6a03c3985cfdf6e782209a229cab8cff54431e1

SHA256
235a48c386b6aa810e3aace7e9eb2ad97f3981fb09723cc33bbc8045f5ff76c9

SHA512
e13a90f274e4723cd7eb58488c33570c36d72c13abaa7970766ed472d86d95ebc51b4d6cc38ef2a29df71306c003e3660aaca746b831b087f5dce6c338f5cc52

Download Submit
C:\Windows\system\btIPnRK.exe

Filesize
6.0MB

MD5
1f0e05c267ddb9b3997ce842c2fe21ce

SHA1
a37bc206807b9a8cfe86dd77884800aa302ce5b6

SHA256
35a3dc222804ef1f3f11787da029004be59a2a2cedec703b8ce1bebb87b58c61

SHA512
276ca85c32aa81fb091ee1b4cb4a0595bc498b6f9ab89d299064f2a3f62b55fa8a72c3d454fafd9a5354a6b9dc4d2689ef10a13c6e4a3292093f7a533f42d32e

Download Submit
C:\Windows\system\eQamzCh.exe

Filesize
6.0MB

MD5
2446a93a8917b6968f0971eb116836bf

SHA1
8887bbc6e01408476a89a9c01da2e7865d897b76

SHA256
edb831c37630ba9127d3fb321d2c42a184b2854aa48e5b28a13337e22c997f0c

SHA512
104d2c8f873b202fbfff295b2bd9ac5d0c93584b303e383642d00a5dd6d94453e9d9bb236cd5c54b57480d2b678015c5d4d452cf69ea63904a6e5eaac72ee174

Download Submit
C:\Windows\system\ecgZoDL.exe

Filesize
6.0MB

MD5
468d7174804cc5c6503ba5e07bdb0916

SHA1
217c89caec8938bfd9f2924357d1296a16864209

SHA256
c0092de87b005c87136f9fc2eabc038b1635ff4575b4b69a5ad07f118541b60f

SHA512
231a887ccd79069e4134f08bf9c74f1e08c0d04789faf7fc022cd7dd4dbe33451a5a79f1fbdbbffdc1c78c12903f7e1c03643fddc1ba10fcbfa2f1a68d6e74fe

Download Submit
C:\Windows\system\egigFlh.exe

Filesize
6.0MB

MD5
d4991ab61cd212d3acda0c84151bfe15

SHA1
612560796b7cfb8b9b6bbd43cf68ddbba386089e

SHA256
f04eb82e88c379c237de46a5761757a866953c00a53e66f94e91bb43c95dd402

SHA512
f05cc0d16543be1cb339b2ec9186b98ef062514a1ee8a5a62103829d330aea8c8b2acd67263e44ee685a7d09d10f2fa31f3a23835946493e4af8648049b6883d

Download Submit
C:\Windows\system\kBMDtNA.exe

Filesize
6.0MB

MD5
9133626f3b39be90e2752a7b42b97050

SHA1
8eb636a9a608e76e6c8757935a77d22e277b004a

SHA256
307ec7eb4cbab221966763ba893657e640111c9f67010d24be02bc6d7811938b

SHA512
2255be1f564c27183b4bb3f32ef12cc6571d02b651d2abb049b8fcf92bcdd137330833ed121e2ac0670f77bd70a5e2cedc3df70ead4eb01a34c5f86a5d597e74

Download Submit
C:\Windows\system\ngxDlIL.exe

Filesize
6.0MB

MD5
160dd40fe5b76eea14d930a6769a81b6

SHA1
273caa94da48c71e57b67de654705c3465420fc8

SHA256
b79c919bcf8010d20c9391254511cde66129496bdd628919027d8457e3ae958f

SHA512
6a8fccec1972fff879934fb587e0dba3c1aae2f7f5b0e659904568a2655d15a5f69055d0dfd59bc2408e0e5a8934591f0c735bcd709fb9c17e75dd58c951effb

Download Submit
C:\Windows\system\qYZMVjV.exe

Filesize
6.0MB

MD5
5c1e6f8a472d2a9a78d4f7e9c76765c7

SHA1
6e5f8af7be984d89381bdd210bed905684b1f6c2

SHA256
1cc3d2f903b4f0dadf1ad93b6cf85fc64ff0d9f0c3a0f54dc0a1696391b6de60

SHA512
d8ffc51923ea4da687b4ee568af931b29118535bf9dc28d81ff30afd83fd6446aee8db6cd30ae8a41118bc7e706ed6cb9d24cd785f69fdcfdbdc36b9e71ba0ab

Download Submit
C:\Windows\system\tAfiNzS.exe

Filesize
6.0MB

MD5
676653f805651d4c8d4562f14f5e09eb

SHA1
cde3b6f1360702871a02c48a3ce25c4ef9a4f50e

SHA256
5aa71f2d95ed59e0e0a39ec02d5da3df296ae4ca39908e6497bae791044f2a67

SHA512
29703d422026c5e288952410d4594b555e0cbbffed9b8de1ab3fd6623544316a3bc7116bb02ac73de88c086e601a03628a56ecdcc79bab1de012e8ea2278dc2a

Download Submit
C:\Windows\system\uvOdoCs.exe

Filesize
6.0MB

MD5
81d0bb70f8c12bf8c2714a126f814d6e

SHA1
20fe4f124d59427116500d0962bbe0ea182984b4

SHA256
9d8a51a803be002f7668b56852130eff05ac440cdbb334a0412dcdc32369b35a

SHA512
5970912e0df5849828b970a28dad2193a8a253985719d6ea80e9516ebb54522ac837c839b19168499299a390d2d69a2f5bb3a0cba6e039f49b44fceb03d95b30

Download Submit
C:\Windows\system\vjlbDkA.exe

Filesize
6.0MB

MD5
b356838f66718d09c906c85fd52e0c66

SHA1
556df45c2c87e3e7a5faf1582a2080810fd834c2

SHA256
0fa0730e59d1f9d40d41c6ddc954b4dd8dcf39c4984fc00e5893f76720c1fde6

SHA512
352855cd76352da00f9022d157428e227c8f9e1fa88d70b1c4a2b2afe3db659357d5db77fc4fc51cd215833628174d10535b67426eb4eeb92b88c11e87f80700

Download Submit
C:\Windows\system\xfEVxIb.exe

Filesize
6.0MB

MD5
551ef48c44e568b83481e533900feb59

SHA1
9cb57dbb02113ce33acd82a0274ef69a529e05de

SHA256
d8a42c5dbc04de5b676db5d1c32acfaae7ed64f1977e8dd83d2f977cc333f6f7

SHA512
57f044dffc515e5cecc9e633f1d4f02081f0b42744dab1746b1f09d7093311edb652c3599c94af7f4ca93a6465d1736fb5f370b3c416b8d7f853a634793f4bd3

Download Submit
C:\Windows\system\yuHhbQB.exe

Filesize
6.0MB

MD5
7ff05774bedee685ece6fca919a00709

SHA1
661a9ac11be79395a93d7bd621749d75b3c3b38b

SHA256
bb65bad6c65c15e712ac0ca32b9319b385a942b4dc19e780b55d876a8b9cd797

SHA512
1c28ddf25212f18ed5172c4cefd7fbcb2119701289ed65643c8e886dd643eacdc8c5529475c7b0dee91e085e302d36859cb3581b5ed92f8a5f4ec26d9ef13fc0

Download Submit
C:\Windows\system\zoghWuf.exe

Filesize
6.0MB

MD5
59a46e75d1f000b8196aae6fb46fcb9a

SHA1
1fc396eedfefdef41ffcbba56ff2b3920ef48a0a

SHA256
14d1075af0503a52ada0573a13aac43fe7ca4dc97f8bb28e60383ee9b4e4af42

SHA512
a9b34df718ad5c940dc31ede525248511176df6171db40a470b4a56896dc0ff9ec68a514ac2d14f022bf328634696dbaddaa67eca672eea0c36b27a39d73f7dc

Download Submit
\Windows\system\DlvhQTc.exe

Filesize
6.0MB

MD5
b496af0df7422f37e02f0e1b88a2ab01

SHA1
28a79f23aa3e976cd153fd3ca4255afb9384faab

SHA256
7c1840593dc52a2510d78341b9ae77e8aed0e5ba24ad5784bd45cdf6aa006c82

SHA512
d7fe97ac845d1c779c2d5d706897e81cdee7014d1b71d263923dac11104cf2095d0209f8078e223096ba1a8242f190146aadb80c3cffac7f95bd4b990b294982

Download Submit
\Windows\system\dqtLhVg.exe

Filesize
6.0MB

MD5
501822332d1b2633378dfc35fc0f687b

SHA1
f9bf5ddd92408bb76d1983368d43fa362da1cc9b

SHA256
8f361c0d794616ad518d3eb316a6bdf0c4409818895e99d7c70b25ddb28fb1f1

SHA512
592a1cfe43fb3c6d20b4b3c29bd78f515d736f4bf1dc7a4cc08edf0efcf4b5d506e91298c0509c1c9753f8d36630296967049af3d81643cd8afb1c4fd8c7ee78

Download Submit
memory/296-1806-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/296-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/296-1736-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/296-1710-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/296-1804-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/296-1808-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/296-1798-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/296-3667-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/296-0-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/296-1975-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/296-1746-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/296-1802-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/296-1775-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/296-1800-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/316-4016-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1360-2256-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1360-3671-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1924-3669-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1797-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2184-3660-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3705-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3670-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1805-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2584-1801-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3673-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3666-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1807-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1803-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3675-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3672-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1799-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3674-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-1753-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-1963-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3602-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download