cobaltstrike | f95dd7d9a891a069c1e3c64125de0457bc02992ca1d83a70c924eeccde11eb04

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

da61656254d6f7d1a842f8ae52a3411f
SHA1

e22c2ab1f601f8bd9363e060348f40b56c7c526d
SHA256

f95dd7d9a891a069c1e3c64125de0457bc02992ca1d83a70c924eeccde11eb04
SHA512

d7cd8a6bc29f4901142c36d10e40fbe657e543249afc7cd759a01885371e14b383b4e043b74c39d603cb6cab6ec38b7d056d12e90330ac948df6fd68c63d971d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012263-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001921d-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019242-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001930d-37.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925d-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9a-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a494-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a487-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a489-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a467-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41f-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a303-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a355-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07a-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a071-87.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001876a-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb8-71.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932a-52.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925b-32.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001921f-23.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2520-0-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x000c000000012263-6.dat	xmrig
behavioral1/memory/2488-9-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2364-18-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000700000001921d-10.dat	xmrig
behavioral1/files/0x0006000000019242-26.dat	xmrig
behavioral1/memory/2760-38-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x000700000001930d-37.dat	xmrig
behavioral1/files/0x000600000001925d-50.dat	xmrig
behavioral1/memory/2620-58-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f9a-63.dat	xmrig
behavioral1/memory/2916-64-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2872-53-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2656-73-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2980-97-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41a-122.dat	xmrig
behavioral1/files/0x000500000001a4a5-171.dat	xmrig
behavioral1/memory/332-896-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2980-746-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/344-551-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2084-387-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2656-233-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b1-192.dat	xmrig
behavioral1/files/0x000500000001a4b3-196.dat	xmrig
behavioral1/files/0x000500000001a4af-186.dat	xmrig
behavioral1/files/0x000500000001a4ad-182.dat	xmrig
behavioral1/files/0x000500000001a4ab-176.dat	xmrig
behavioral1/files/0x000500000001a495-166.dat	xmrig
behavioral1/files/0x000500000001a494-162.dat	xmrig
behavioral1/files/0x000500000001a487-151.dat	xmrig
behavioral1/files/0x000500000001a489-155.dat	xmrig
behavioral1/files/0x000500000001a42d-141.dat	xmrig
behavioral1/files/0x000500000001a467-146.dat	xmrig
behavioral1/files/0x000500000001a41f-131.dat	xmrig
behavioral1/files/0x000500000001a423-136.dat	xmrig
behavioral1/files/0x000500000001a41c-126.dat	xmrig
behavioral1/files/0x000500000001a303-111.dat	xmrig
behavioral1/memory/2520-108-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/files/0x000500000001a355-116.dat	xmrig
behavioral1/memory/2916-104-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x000500000001a09a-103.dat	xmrig
behavioral1/files/0x000500000001a07a-96.dat	xmrig
behavioral1/memory/2620-93-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2872-92-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/344-88-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x000500000001a071-87.dat	xmrig
behavioral1/files/0x000800000001876a-79.dat	xmrig
behavioral1/memory/2760-72-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fb8-71.dat	xmrig
behavioral1/memory/2520-68-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/1780-67-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x000700000001932a-52.dat	xmrig
behavioral1/memory/2764-49-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2364-48-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2520-46-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2520-34-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x000600000001925b-32.dat	xmrig
behavioral1/memory/1780-27-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2796-25-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x000700000001921f-23.dat	xmrig
behavioral1/memory/2520-21-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2488-3297-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2796-3310-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2620-3320-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2488	wplNyQk.exe
2364	oNKoQCv.exe
2796	OnHVxFM.exe
1780	NvPTtPL.exe
2760	SlnmChR.exe
2764	ihrJhHF.exe
2872	MDJrSum.exe
2620	FesNiDG.exe
2916	vPwsLAI.exe
2656	zsTQlqM.exe
2084	PVkToXd.exe
344	NUmXksk.exe
2980	OMZrjyA.exe
332	UcskkBC.exe
2848	SlmdyWw.exe
348	LVLZleY.exe
2272	eWMeLGd.exe
1408	ScEGzmB.exe
1940	gTubkVd.exe
1080	duNussv.exe
2232	RROqNfO.exe
1792	XiOJrxf.exe
1212	KFXGbhn.exe
2708	NiJsuQl.exe
2580	cnyfpLM.exe
1916	uTQxjYW.exe
408	wUcsvDT.exe
1812	rvSbSUJ.exe
836	UeeVWun.exe
1356	toARVzW.exe
1248	RcwGQQm.exe
1748	qUBQFIU.exe
840	seXPiQB.exe
2948	KDVjMYW.exe
1604	NWCblIt.exe
2192	HnUwxsQ.exe
1772	NpJUpcQ.exe
1768	kkomFMt.exe
2572	pUluhHv.exe
1932	pTyGisF.exe
2292	eTltnZi.exe
2268	VTXRmhr.exe
2276	EwgodLu.exe
1980	hqbRvCy.exe
992	SNLFqeH.exe
316	zlDremN.exe
2336	SxkMoBl.exe
876	ufsMfmR.exe
2552	XGEhJpP.exe
396	BCdPJoR.exe
1692	aeLkAlT.exe
2456	IxReTNq.exe
2416	ZZZxGPm.exe
2832	nCcliHw.exe
3016	GevCkfH.exe
2640	mOhUlWF.exe
2896	KGjedje.exe
2732	Qisymkg.exe
2260	eTIgVLI.exe
1700	elUjZeH.exe
2840	SulbkLD.exe
2052	YzGrhKI.exe
2712	VzxNnjA.exe
1232	uMLTRUl.exe

Loads dropped DLL 64 IoCs

pid	Process
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2520-0-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x000c000000012263-6.dat	upx
behavioral1/memory/2488-9-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2364-18-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000700000001921d-10.dat	upx
behavioral1/files/0x0006000000019242-26.dat	upx
behavioral1/memory/2760-38-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x000700000001930d-37.dat	upx
behavioral1/files/0x000600000001925d-50.dat	upx
behavioral1/memory/2620-58-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x0005000000019f9a-63.dat	upx
behavioral1/memory/2916-64-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2872-53-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2656-73-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2980-97-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x000500000001a41a-122.dat	upx
behavioral1/files/0x000500000001a4a5-171.dat	upx
behavioral1/memory/332-896-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2980-746-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/344-551-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2084-387-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2656-233-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000500000001a4b1-192.dat	upx
behavioral1/files/0x000500000001a4b3-196.dat	upx
behavioral1/files/0x000500000001a4af-186.dat	upx
behavioral1/files/0x000500000001a4ad-182.dat	upx
behavioral1/files/0x000500000001a4ab-176.dat	upx
behavioral1/files/0x000500000001a495-166.dat	upx
behavioral1/files/0x000500000001a494-162.dat	upx
behavioral1/files/0x000500000001a487-151.dat	upx
behavioral1/files/0x000500000001a489-155.dat	upx
behavioral1/files/0x000500000001a42d-141.dat	upx
behavioral1/files/0x000500000001a467-146.dat	upx
behavioral1/files/0x000500000001a41f-131.dat	upx
behavioral1/files/0x000500000001a423-136.dat	upx
behavioral1/files/0x000500000001a41c-126.dat	upx
behavioral1/files/0x000500000001a303-111.dat	upx
behavioral1/files/0x000500000001a355-116.dat	upx
behavioral1/memory/2916-104-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x000500000001a09a-103.dat	upx
behavioral1/files/0x000500000001a07a-96.dat	upx
behavioral1/memory/2620-93-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2872-92-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/344-88-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x000500000001a071-87.dat	upx
behavioral1/files/0x000800000001876a-79.dat	upx
behavioral1/memory/2760-72-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x0005000000019fb8-71.dat	upx
behavioral1/memory/1780-67-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x000700000001932a-52.dat	upx
behavioral1/memory/2764-49-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2364-48-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2520-34-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x000600000001925b-32.dat	upx
behavioral1/memory/1780-27-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2796-25-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x000700000001921f-23.dat	upx
behavioral1/memory/2488-3297-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2796-3310-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2620-3320-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2364-3318-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2764-3316-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/1780-3330-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2872-3325-0x000000013F320000-0x000000013F674000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TrGTJQO.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTnWxXS.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoDSdhU.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIRcdqW.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHlvXBD.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyHQYWC.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swFkySA.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hutcdwk.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvmpAKY.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btbFgRz.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pngNVce.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENBAcby.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgMZeSW.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrWcGBJ.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYXPPBU.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbAkYWY.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECMaPzq.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfVPWzU.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpOIGWl.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SONXOXn.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LicgwQb.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MAaNTBI.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQgMFYw.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxMjrUc.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mseXKRC.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQNoAPr.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKlrhRe.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdUXGWx.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIBFDkU.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mERMLDW.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTuSfGQ.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFTOuAZ.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SeoueJF.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXBDIpg.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiXpbOG.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPoSpkO.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuFijBp.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yocYtTD.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmodZkW.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruxSRZu.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsSfLZr.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFQXZOe.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnZSmUx.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAEHslL.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBNqVOp.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xExxwCz.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZeDPBl.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPoWOLK.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNsCILq.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpsBBJR.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkfehEj.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixPxRqa.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBSvHAz.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnabpID.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahrkrOm.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEvDMCD.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQNYXvm.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFxWzdd.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGDEpiD.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZJMvkk.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKUcKaJ.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGivqFj.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxpYQxr.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBuWJXq.exe	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2488	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2520 wrote to memory of 2488	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2520 wrote to memory of 2488	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2520 wrote to memory of 2364	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2520 wrote to memory of 2364	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2520 wrote to memory of 2364	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2520 wrote to memory of 2796	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2520 wrote to memory of 2796	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2520 wrote to memory of 2796	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2520 wrote to memory of 1780	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2520 wrote to memory of 1780	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2520 wrote to memory of 1780	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2520 wrote to memory of 2760	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2520 wrote to memory of 2760	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2520 wrote to memory of 2760	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2520 wrote to memory of 2872	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2520 wrote to memory of 2872	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2520 wrote to memory of 2872	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2520 wrote to memory of 2764	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2520 wrote to memory of 2764	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2520 wrote to memory of 2764	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2520 wrote to memory of 2620	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2520 wrote to memory of 2620	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2520 wrote to memory of 2620	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2520 wrote to memory of 2916	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2520 wrote to memory of 2916	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2520 wrote to memory of 2916	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2520 wrote to memory of 2656	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2520 wrote to memory of 2656	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2520 wrote to memory of 2656	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2520 wrote to memory of 2084	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2520 wrote to memory of 2084	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2520 wrote to memory of 2084	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2520 wrote to memory of 344	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2520 wrote to memory of 344	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2520 wrote to memory of 344	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2520 wrote to memory of 2980	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2520 wrote to memory of 2980	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2520 wrote to memory of 2980	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2520 wrote to memory of 332	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2520 wrote to memory of 332	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2520 wrote to memory of 332	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2520 wrote to memory of 2848	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2520 wrote to memory of 2848	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2520 wrote to memory of 2848	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2520 wrote to memory of 348	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2520 wrote to memory of 348	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2520 wrote to memory of 348	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2520 wrote to memory of 2272	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2520 wrote to memory of 2272	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2520 wrote to memory of 2272	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2520 wrote to memory of 1408	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2520 wrote to memory of 1408	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2520 wrote to memory of 1408	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2520 wrote to memory of 1940	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2520 wrote to memory of 1940	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2520 wrote to memory of 1940	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2520 wrote to memory of 1080	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2520 wrote to memory of 1080	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2520 wrote to memory of 1080	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2520 wrote to memory of 2232	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2520 wrote to memory of 2232	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2520 wrote to memory of 2232	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2520 wrote to memory of 1792	2520	2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_da61656254d6f7d1a842f8ae52a3411f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\System\wplNyQk.exe
  C:\Windows\System\wplNyQk.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\oNKoQCv.exe
  C:\Windows\System\oNKoQCv.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\OnHVxFM.exe
  C:\Windows\System\OnHVxFM.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\NvPTtPL.exe
  C:\Windows\System\NvPTtPL.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\SlnmChR.exe
  C:\Windows\System\SlnmChR.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\MDJrSum.exe
  C:\Windows\System\MDJrSum.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ihrJhHF.exe
  C:\Windows\System\ihrJhHF.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\FesNiDG.exe
  C:\Windows\System\FesNiDG.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\vPwsLAI.exe
  C:\Windows\System\vPwsLAI.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\zsTQlqM.exe
  C:\Windows\System\zsTQlqM.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\PVkToXd.exe
  C:\Windows\System\PVkToXd.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\NUmXksk.exe
  C:\Windows\System\NUmXksk.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\OMZrjyA.exe
  C:\Windows\System\OMZrjyA.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\UcskkBC.exe
  C:\Windows\System\UcskkBC.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\SlmdyWw.exe
  C:\Windows\System\SlmdyWw.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\LVLZleY.exe
  C:\Windows\System\LVLZleY.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\eWMeLGd.exe
  C:\Windows\System\eWMeLGd.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ScEGzmB.exe
  C:\Windows\System\ScEGzmB.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\gTubkVd.exe
  C:\Windows\System\gTubkVd.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\duNussv.exe
  C:\Windows\System\duNussv.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\RROqNfO.exe
  C:\Windows\System\RROqNfO.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\XiOJrxf.exe
  C:\Windows\System\XiOJrxf.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\KFXGbhn.exe
  C:\Windows\System\KFXGbhn.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\NiJsuQl.exe
  C:\Windows\System\NiJsuQl.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\cnyfpLM.exe
  C:\Windows\System\cnyfpLM.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\uTQxjYW.exe
  C:\Windows\System\uTQxjYW.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\wUcsvDT.exe
  C:\Windows\System\wUcsvDT.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\rvSbSUJ.exe
  C:\Windows\System\rvSbSUJ.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\UeeVWun.exe
  C:\Windows\System\UeeVWun.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\toARVzW.exe
  C:\Windows\System\toARVzW.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\RcwGQQm.exe
  C:\Windows\System\RcwGQQm.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\qUBQFIU.exe
  C:\Windows\System\qUBQFIU.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\seXPiQB.exe
  C:\Windows\System\seXPiQB.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\KDVjMYW.exe
  C:\Windows\System\KDVjMYW.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\NWCblIt.exe
  C:\Windows\System\NWCblIt.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\HnUwxsQ.exe
  C:\Windows\System\HnUwxsQ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\NpJUpcQ.exe
  C:\Windows\System\NpJUpcQ.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\kkomFMt.exe
  C:\Windows\System\kkomFMt.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\pUluhHv.exe
  C:\Windows\System\pUluhHv.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\pTyGisF.exe
  C:\Windows\System\pTyGisF.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\eTltnZi.exe
  C:\Windows\System\eTltnZi.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\VTXRmhr.exe
  C:\Windows\System\VTXRmhr.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\EwgodLu.exe
  C:\Windows\System\EwgodLu.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\hqbRvCy.exe
  C:\Windows\System\hqbRvCy.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\SNLFqeH.exe
  C:\Windows\System\SNLFqeH.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\zlDremN.exe
  C:\Windows\System\zlDremN.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\SxkMoBl.exe
  C:\Windows\System\SxkMoBl.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ufsMfmR.exe
  C:\Windows\System\ufsMfmR.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\XGEhJpP.exe
  C:\Windows\System\XGEhJpP.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\BCdPJoR.exe
  C:\Windows\System\BCdPJoR.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\aeLkAlT.exe
  C:\Windows\System\aeLkAlT.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\IxReTNq.exe
  C:\Windows\System\IxReTNq.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\ZZZxGPm.exe
  C:\Windows\System\ZZZxGPm.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\nCcliHw.exe
  C:\Windows\System\nCcliHw.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\GevCkfH.exe
  C:\Windows\System\GevCkfH.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\mOhUlWF.exe
  C:\Windows\System\mOhUlWF.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\KGjedje.exe
  C:\Windows\System\KGjedje.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\Qisymkg.exe
  C:\Windows\System\Qisymkg.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\eTIgVLI.exe
  C:\Windows\System\eTIgVLI.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\elUjZeH.exe
  C:\Windows\System\elUjZeH.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\SulbkLD.exe
  C:\Windows\System\SulbkLD.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\YzGrhKI.exe
  C:\Windows\System\YzGrhKI.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\VzxNnjA.exe
  C:\Windows\System\VzxNnjA.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\uMLTRUl.exe
  C:\Windows\System\uMLTRUl.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\ePODXHS.exe
  C:\Windows\System\ePODXHS.exe
  2⤵
  PID:2212
- C:\Windows\System\AiIlKXc.exe
  C:\Windows\System\AiIlKXc.exe
  2⤵
  PID:1312
- C:\Windows\System\UkpXTvY.exe
  C:\Windows\System\UkpXTvY.exe
  2⤵
  PID:2224
- C:\Windows\System\XandWdc.exe
  C:\Windows\System\XandWdc.exe
  2⤵
  PID:888
- C:\Windows\System\nHWRaqZ.exe
  C:\Windows\System\nHWRaqZ.exe
  2⤵
  PID:1920
- C:\Windows\System\ycOYXCx.exe
  C:\Windows\System\ycOYXCx.exe
  2⤵
  PID:1336
- C:\Windows\System\ACvNTSk.exe
  C:\Windows\System\ACvNTSk.exe
  2⤵
  PID:1468
- C:\Windows\System\OJbdzQB.exe
  C:\Windows\System\OJbdzQB.exe
  2⤵
  PID:296
- C:\Windows\System\ILFJQTo.exe
  C:\Windows\System\ILFJQTo.exe
  2⤵
  PID:1808
- C:\Windows\System\MPrGQaO.exe
  C:\Windows\System\MPrGQaO.exe
  2⤵
  PID:1524
- C:\Windows\System\kHHXPSK.exe
  C:\Windows\System\kHHXPSK.exe
  2⤵
  PID:2196
- C:\Windows\System\BDENNTz.exe
  C:\Windows\System\BDENNTz.exe
  2⤵
  PID:2512
- C:\Windows\System\aqIXvzU.exe
  C:\Windows\System\aqIXvzU.exe
  2⤵
  PID:496
- C:\Windows\System\wSwuEXW.exe
  C:\Windows\System\wSwuEXW.exe
  2⤵
  PID:2004
- C:\Windows\System\evCHTSY.exe
  C:\Windows\System\evCHTSY.exe
  2⤵
  PID:1596
- C:\Windows\System\GiuLlve.exe
  C:\Windows\System\GiuLlve.exe
  2⤵
  PID:2320
- C:\Windows\System\bLgUhiE.exe
  C:\Windows\System\bLgUhiE.exe
  2⤵
  PID:884
- C:\Windows\System\LxDqAYh.exe
  C:\Windows\System\LxDqAYh.exe
  2⤵
  PID:1548
- C:\Windows\System\pXLfsnr.exe
  C:\Windows\System\pXLfsnr.exe
  2⤵
  PID:1852
- C:\Windows\System\HLdytRv.exe
  C:\Windows\System\HLdytRv.exe
  2⤵
  PID:2836
- C:\Windows\System\aXRcwZp.exe
  C:\Windows\System\aXRcwZp.exe
  2⤵
  PID:2852
- C:\Windows\System\nHSeUCL.exe
  C:\Windows\System\nHSeUCL.exe
  2⤵
  PID:2932
- C:\Windows\System\ITaDnyo.exe
  C:\Windows\System\ITaDnyo.exe
  2⤵
  PID:1044
- C:\Windows\System\baVsrTg.exe
  C:\Windows\System\baVsrTg.exe
  2⤵
  PID:1960
- C:\Windows\System\MIeNAnr.exe
  C:\Windows\System\MIeNAnr.exe
  2⤵
  PID:2060
- C:\Windows\System\VZeEXTp.exe
  C:\Windows\System\VZeEXTp.exe
  2⤵
  PID:1760
- C:\Windows\System\IIeZrJh.exe
  C:\Windows\System\IIeZrJh.exe
  2⤵
  PID:1492
- C:\Windows\System\TrIChhG.exe
  C:\Windows\System\TrIChhG.exe
  2⤵
  PID:1516
- C:\Windows\System\CMHZOtj.exe
  C:\Windows\System\CMHZOtj.exe
  2⤵
  PID:2544
- C:\Windows\System\sAMsLPd.exe
  C:\Windows\System\sAMsLPd.exe
  2⤵
  PID:1256
- C:\Windows\System\GqjrCWG.exe
  C:\Windows\System\GqjrCWG.exe
  2⤵
  PID:896
- C:\Windows\System\siARTtJ.exe
  C:\Windows\System\siARTtJ.exe
  2⤵
  PID:2380
- C:\Windows\System\BesLDfH.exe
  C:\Windows\System\BesLDfH.exe
  2⤵
  PID:1512
- C:\Windows\System\qcPuqiV.exe
  C:\Windows\System\qcPuqiV.exe
  2⤵
  PID:2176
- C:\Windows\System\jbIHhzH.exe
  C:\Windows\System\jbIHhzH.exe
  2⤵
  PID:2460
- C:\Windows\System\RcjwbSB.exe
  C:\Windows\System\RcjwbSB.exe
  2⤵
  PID:2692
- C:\Windows\System\JgeLxUI.exe
  C:\Windows\System\JgeLxUI.exe
  2⤵
  PID:1660
- C:\Windows\System\dHigVkZ.exe
  C:\Windows\System\dHigVkZ.exe
  2⤵
  PID:740
- C:\Windows\System\ERBaVgw.exe
  C:\Windows\System\ERBaVgw.exe
  2⤵
  PID:2632
- C:\Windows\System\lVeZlbS.exe
  C:\Windows\System\lVeZlbS.exe
  2⤵
  PID:2956
- C:\Windows\System\wsblOCd.exe
  C:\Windows\System\wsblOCd.exe
  2⤵
  PID:2080
- C:\Windows\System\oxhTokd.exe
  C:\Windows\System\oxhTokd.exe
  2⤵
  PID:2968
- C:\Windows\System\IEeMXRc.exe
  C:\Windows\System\IEeMXRc.exe
  2⤵
  PID:1272
- C:\Windows\System\DSXjuSH.exe
  C:\Windows\System\DSXjuSH.exe
  2⤵
  PID:2068
- C:\Windows\System\LunnflB.exe
  C:\Windows\System\LunnflB.exe
  2⤵
  PID:2208
- C:\Windows\System\MUQpkOc.exe
  C:\Windows\System\MUQpkOc.exe
  2⤵
  PID:2588
- C:\Windows\System\kxsCQJh.exe
  C:\Windows\System\kxsCQJh.exe
  2⤵
  PID:1720
- C:\Windows\System\LWlFyZX.exe
  C:\Windows\System\LWlFyZX.exe
  2⤵
  PID:3092
- C:\Windows\System\yiAFLNf.exe
  C:\Windows\System\yiAFLNf.exe
  2⤵
  PID:3112
- C:\Windows\System\jXEXHDL.exe
  C:\Windows\System\jXEXHDL.exe
  2⤵
  PID:3132
- C:\Windows\System\raUWJAD.exe
  C:\Windows\System\raUWJAD.exe
  2⤵
  PID:3152
- C:\Windows\System\SBZbkaL.exe
  C:\Windows\System\SBZbkaL.exe
  2⤵
  PID:3168
- C:\Windows\System\ZhTrIgc.exe
  C:\Windows\System\ZhTrIgc.exe
  2⤵
  PID:3188
- C:\Windows\System\aCkzMYp.exe
  C:\Windows\System\aCkzMYp.exe
  2⤵
  PID:3208
- C:\Windows\System\REHnLmy.exe
  C:\Windows\System\REHnLmy.exe
  2⤵
  PID:3228
- C:\Windows\System\cGyAzpx.exe
  C:\Windows\System\cGyAzpx.exe
  2⤵
  PID:3252
- C:\Windows\System\DZJrSOr.exe
  C:\Windows\System\DZJrSOr.exe
  2⤵
  PID:3272
- C:\Windows\System\RSAhtJT.exe
  C:\Windows\System\RSAhtJT.exe
  2⤵
  PID:3292
- C:\Windows\System\XxkKUke.exe
  C:\Windows\System\XxkKUke.exe
  2⤵
  PID:3312
- C:\Windows\System\HeztupP.exe
  C:\Windows\System\HeztupP.exe
  2⤵
  PID:3332
- C:\Windows\System\vUvJNKI.exe
  C:\Windows\System\vUvJNKI.exe
  2⤵
  PID:3352
- C:\Windows\System\hkHeMwe.exe
  C:\Windows\System\hkHeMwe.exe
  2⤵
  PID:3372
- C:\Windows\System\ZUHrVIl.exe
  C:\Windows\System\ZUHrVIl.exe
  2⤵
  PID:3392
- C:\Windows\System\uTBIjUy.exe
  C:\Windows\System\uTBIjUy.exe
  2⤵
  PID:3412
- C:\Windows\System\uhDJEah.exe
  C:\Windows\System\uhDJEah.exe
  2⤵
  PID:3432
- C:\Windows\System\NmzueFc.exe
  C:\Windows\System\NmzueFc.exe
  2⤵
  PID:3452
- C:\Windows\System\aFbiMkY.exe
  C:\Windows\System\aFbiMkY.exe
  2⤵
  PID:3472
- C:\Windows\System\MeqtTzK.exe
  C:\Windows\System\MeqtTzK.exe
  2⤵
  PID:3488
- C:\Windows\System\dRqcFdg.exe
  C:\Windows\System\dRqcFdg.exe
  2⤵
  PID:3512
- C:\Windows\System\ZmjLbOS.exe
  C:\Windows\System\ZmjLbOS.exe
  2⤵
  PID:3532
- C:\Windows\System\UsJZWxI.exe
  C:\Windows\System\UsJZWxI.exe
  2⤵
  PID:3552
- C:\Windows\System\vcjvfnT.exe
  C:\Windows\System\vcjvfnT.exe
  2⤵
  PID:3572
- C:\Windows\System\nZEZtpi.exe
  C:\Windows\System\nZEZtpi.exe
  2⤵
  PID:3588
- C:\Windows\System\xTssZMA.exe
  C:\Windows\System\xTssZMA.exe
  2⤵
  PID:3608
- C:\Windows\System\yocYtTD.exe
  C:\Windows\System\yocYtTD.exe
  2⤵
  PID:3632
- C:\Windows\System\UseCmdv.exe
  C:\Windows\System\UseCmdv.exe
  2⤵
  PID:3652
- C:\Windows\System\HXhfqio.exe
  C:\Windows\System\HXhfqio.exe
  2⤵
  PID:3672
- C:\Windows\System\irrDgNk.exe
  C:\Windows\System\irrDgNk.exe
  2⤵
  PID:3692
- C:\Windows\System\rCmCkaw.exe
  C:\Windows\System\rCmCkaw.exe
  2⤵
  PID:3712
- C:\Windows\System\NXuonFf.exe
  C:\Windows\System\NXuonFf.exe
  2⤵
  PID:3728
- C:\Windows\System\xywpfCl.exe
  C:\Windows\System\xywpfCl.exe
  2⤵
  PID:3752
- C:\Windows\System\ozbUvkR.exe
  C:\Windows\System\ozbUvkR.exe
  2⤵
  PID:3768
- C:\Windows\System\SGlzCzc.exe
  C:\Windows\System\SGlzCzc.exe
  2⤵
  PID:3788
- C:\Windows\System\YtBJldQ.exe
  C:\Windows\System\YtBJldQ.exe
  2⤵
  PID:3808
- C:\Windows\System\oYBzdMf.exe
  C:\Windows\System\oYBzdMf.exe
  2⤵
  PID:3832
- C:\Windows\System\hSdVCrJ.exe
  C:\Windows\System\hSdVCrJ.exe
  2⤵
  PID:3856
- C:\Windows\System\IisTwLi.exe
  C:\Windows\System\IisTwLi.exe
  2⤵
  PID:3876
- C:\Windows\System\lmOeecZ.exe
  C:\Windows\System\lmOeecZ.exe
  2⤵
  PID:3892
- C:\Windows\System\bXxSUfn.exe
  C:\Windows\System\bXxSUfn.exe
  2⤵
  PID:3916
- C:\Windows\System\EeeLVbj.exe
  C:\Windows\System\EeeLVbj.exe
  2⤵
  PID:3932
- C:\Windows\System\UPozRdW.exe
  C:\Windows\System\UPozRdW.exe
  2⤵
  PID:3956
- C:\Windows\System\yFagUdg.exe
  C:\Windows\System\yFagUdg.exe
  2⤵
  PID:3976
- C:\Windows\System\HWxKoOq.exe
  C:\Windows\System\HWxKoOq.exe
  2⤵
  PID:3996
- C:\Windows\System\qWuaNPe.exe
  C:\Windows\System\qWuaNPe.exe
  2⤵
  PID:4012
- C:\Windows\System\yxRvsng.exe
  C:\Windows\System\yxRvsng.exe
  2⤵
  PID:4036
- C:\Windows\System\PPxFcTQ.exe
  C:\Windows\System\PPxFcTQ.exe
  2⤵
  PID:4056
- C:\Windows\System\MEotZOH.exe
  C:\Windows\System\MEotZOH.exe
  2⤵
  PID:4072
- C:\Windows\System\XUWKXtC.exe
  C:\Windows\System\XUWKXtC.exe
  2⤵
  PID:4092
- C:\Windows\System\JffwCYA.exe
  C:\Windows\System\JffwCYA.exe
  2⤵
  PID:1676
- C:\Windows\System\UHuakvc.exe
  C:\Windows\System\UHuakvc.exe
  2⤵
  PID:2612
- C:\Windows\System\IooPWaP.exe
  C:\Windows\System\IooPWaP.exe
  2⤵
  PID:2600
- C:\Windows\System\PICBaky.exe
  C:\Windows\System\PICBaky.exe
  2⤵
  PID:2284
- C:\Windows\System\NMRRKVe.exe
  C:\Windows\System\NMRRKVe.exe
  2⤵
  PID:1072
- C:\Windows\System\nIixdnF.exe
  C:\Windows\System\nIixdnF.exe
  2⤵
  PID:688
- C:\Windows\System\sKUcKaJ.exe
  C:\Windows\System\sKUcKaJ.exe
  2⤵
  PID:604
- C:\Windows\System\jaRxFpK.exe
  C:\Windows\System\jaRxFpK.exe
  2⤵
  PID:3084
- C:\Windows\System\cTlqwZU.exe
  C:\Windows\System\cTlqwZU.exe
  2⤵
  PID:3148
- C:\Windows\System\PUmrZbq.exe
  C:\Windows\System\PUmrZbq.exe
  2⤵
  PID:3180
- C:\Windows\System\PrIuXxB.exe
  C:\Windows\System\PrIuXxB.exe
  2⤵
  PID:3220
- C:\Windows\System\WBoNWdt.exe
  C:\Windows\System\WBoNWdt.exe
  2⤵
  PID:3200
- C:\Windows\System\xHPjBhR.exe
  C:\Windows\System\xHPjBhR.exe
  2⤵
  PID:3264
- C:\Windows\System\UZEXoKD.exe
  C:\Windows\System\UZEXoKD.exe
  2⤵
  PID:3308
- C:\Windows\System\gkPfBlY.exe
  C:\Windows\System\gkPfBlY.exe
  2⤵
  PID:3348
- C:\Windows\System\IgtirAE.exe
  C:\Windows\System\IgtirAE.exe
  2⤵
  PID:3364
- C:\Windows\System\kJTuMNW.exe
  C:\Windows\System\kJTuMNW.exe
  2⤵
  PID:3408
- C:\Windows\System\KngnwGp.exe
  C:\Windows\System\KngnwGp.exe
  2⤵
  PID:3468
- C:\Windows\System\poBKkmy.exe
  C:\Windows\System\poBKkmy.exe
  2⤵
  PID:3440
- C:\Windows\System\jvjUmQT.exe
  C:\Windows\System\jvjUmQT.exe
  2⤵
  PID:3484
- C:\Windows\System\thPyCxX.exe
  C:\Windows\System\thPyCxX.exe
  2⤵
  PID:3524
- C:\Windows\System\SpMLLXo.exe
  C:\Windows\System\SpMLLXo.exe
  2⤵
  PID:3616
- C:\Windows\System\flOaIgd.exe
  C:\Windows\System\flOaIgd.exe
  2⤵
  PID:3628
- C:\Windows\System\WByAmZd.exe
  C:\Windows\System\WByAmZd.exe
  2⤵
  PID:3604
- C:\Windows\System\RuiItnD.exe
  C:\Windows\System\RuiItnD.exe
  2⤵
  PID:3708
- C:\Windows\System\jhiaDjE.exe
  C:\Windows\System\jhiaDjE.exe
  2⤵
  PID:3736
- C:\Windows\System\FulEwIl.exe
  C:\Windows\System\FulEwIl.exe
  2⤵
  PID:3784
- C:\Windows\System\jqTnkld.exe
  C:\Windows\System\jqTnkld.exe
  2⤵
  PID:3820
- C:\Windows\System\UahAPJb.exe
  C:\Windows\System\UahAPJb.exe
  2⤵
  PID:3800
- C:\Windows\System\PyAJXCR.exe
  C:\Windows\System\PyAJXCR.exe
  2⤵
  PID:3868
- C:\Windows\System\ASuQpVF.exe
  C:\Windows\System\ASuQpVF.exe
  2⤵
  PID:3908
- C:\Windows\System\tWDoXqD.exe
  C:\Windows\System\tWDoXqD.exe
  2⤵
  PID:3884
- C:\Windows\System\YxHxvWm.exe
  C:\Windows\System\YxHxvWm.exe
  2⤵
  PID:3928
- C:\Windows\System\msYxlcS.exe
  C:\Windows\System\msYxlcS.exe
  2⤵
  PID:4020
- C:\Windows\System\viCANyL.exe
  C:\Windows\System\viCANyL.exe
  2⤵
  PID:3968
- C:\Windows\System\nCaFgtD.exe
  C:\Windows\System\nCaFgtD.exe
  2⤵
  PID:2324
- C:\Windows\System\yDXvlwp.exe
  C:\Windows\System\yDXvlwp.exe
  2⤵
  PID:4048
- C:\Windows\System\ImodsgY.exe
  C:\Windows\System\ImodsgY.exe
  2⤵
  PID:4088
- C:\Windows\System\MYHrbHZ.exe
  C:\Windows\System\MYHrbHZ.exe
  2⤵
  PID:2008
- C:\Windows\System\liDHIMB.exe
  C:\Windows\System\liDHIMB.exe
  2⤵
  PID:536
- C:\Windows\System\UtCtBia.exe
  C:\Windows\System\UtCtBia.exe
  2⤵
  PID:1816
- C:\Windows\System\xCTZTLU.exe
  C:\Windows\System\xCTZTLU.exe
  2⤵
  PID:3024
- C:\Windows\System\zonViPy.exe
  C:\Windows\System\zonViPy.exe
  2⤵
  PID:3224
- C:\Windows\System\atIHQvj.exe
  C:\Windows\System\atIHQvj.exe
  2⤵
  PID:3176
- C:\Windows\System\iKFlpuJ.exe
  C:\Windows\System\iKFlpuJ.exe
  2⤵
  PID:3284
- C:\Windows\System\wUnfUNb.exe
  C:\Windows\System\wUnfUNb.exe
  2⤵
  PID:3300
- C:\Windows\System\mnCRJGu.exe
  C:\Windows\System\mnCRJGu.exe
  2⤵
  PID:3328
- C:\Windows\System\OLEqUWc.exe
  C:\Windows\System\OLEqUWc.exe
  2⤵
  PID:3496
- C:\Windows\System\blUpHFF.exe
  C:\Windows\System\blUpHFF.exe
  2⤵
  PID:3540
- C:\Windows\System\IZYyVSb.exe
  C:\Windows\System\IZYyVSb.exe
  2⤵
  PID:3564
- C:\Windows\System\OFuyAic.exe
  C:\Windows\System\OFuyAic.exe
  2⤵
  PID:3560
- C:\Windows\System\FawDUrs.exe
  C:\Windows\System\FawDUrs.exe
  2⤵
  PID:3668
- C:\Windows\System\JPdlkUB.exe
  C:\Windows\System\JPdlkUB.exe
  2⤵
  PID:3680
- C:\Windows\System\bNpgryW.exe
  C:\Windows\System\bNpgryW.exe
  2⤵
  PID:3764
- C:\Windows\System\rcwlHPk.exe
  C:\Windows\System\rcwlHPk.exe
  2⤵
  PID:3900
- C:\Windows\System\jzObwth.exe
  C:\Windows\System\jzObwth.exe
  2⤵
  PID:3872
- C:\Windows\System\MikyhKn.exe
  C:\Windows\System\MikyhKn.exe
  2⤵
  PID:3848
- C:\Windows\System\qdiUstg.exe
  C:\Windows\System\qdiUstg.exe
  2⤵
  PID:4032
- C:\Windows\System\FAkwgYg.exe
  C:\Windows\System\FAkwgYg.exe
  2⤵
  PID:2532
- C:\Windows\System\RdwSnuf.exe
  C:\Windows\System\RdwSnuf.exe
  2⤵
  PID:4064
- C:\Windows\System\YSLdaze.exe
  C:\Windows\System\YSLdaze.exe
  2⤵
  PID:2184
- C:\Windows\System\eUurAjT.exe
  C:\Windows\System\eUurAjT.exe
  2⤵
  PID:3160
- C:\Windows\System\BrrOyEs.exe
  C:\Windows\System\BrrOyEs.exe
  2⤵
  PID:2704
- C:\Windows\System\LIfKyeL.exe
  C:\Windows\System\LIfKyeL.exe
  2⤵
  PID:1796
- C:\Windows\System\HjPiazA.exe
  C:\Windows\System\HjPiazA.exe
  2⤵
  PID:3400
- C:\Windows\System\uwfbFRk.exe
  C:\Windows\System\uwfbFRk.exe
  2⤵
  PID:3236
- C:\Windows\System\Qbwrexs.exe
  C:\Windows\System\Qbwrexs.exe
  2⤵
  PID:3380
- C:\Windows\System\UTBdHbI.exe
  C:\Windows\System\UTBdHbI.exe
  2⤵
  PID:3624
- C:\Windows\System\MFMGGNW.exe
  C:\Windows\System\MFMGGNW.exe
  2⤵
  PID:3700
- C:\Windows\System\AqEpEsI.exe
  C:\Windows\System\AqEpEsI.exe
  2⤵
  PID:3688
- C:\Windows\System\KzFehmO.exe
  C:\Windows\System\KzFehmO.exe
  2⤵
  PID:3924
- C:\Windows\System\BDiIrYz.exe
  C:\Windows\System\BDiIrYz.exe
  2⤵
  PID:4044
- C:\Windows\System\jClTHXP.exe
  C:\Windows\System\jClTHXP.exe
  2⤵
  PID:4084
- C:\Windows\System\NbMSQLi.exe
  C:\Windows\System\NbMSQLi.exe
  2⤵
  PID:3244
- C:\Windows\System\YAGWtSx.exe
  C:\Windows\System\YAGWtSx.exe
  2⤵
  PID:1904
- C:\Windows\System\PAwVYZW.exe
  C:\Windows\System\PAwVYZW.exe
  2⤵
  PID:3420
- C:\Windows\System\XrWHiNz.exe
  C:\Windows\System\XrWHiNz.exe
  2⤵
  PID:3144
- C:\Windows\System\ZgnOkZv.exe
  C:\Windows\System\ZgnOkZv.exe
  2⤵
  PID:4108
- C:\Windows\System\XHRngwn.exe
  C:\Windows\System\XHRngwn.exe
  2⤵
  PID:4128
- C:\Windows\System\OZGrqqF.exe
  C:\Windows\System\OZGrqqF.exe
  2⤵
  PID:4148
- C:\Windows\System\lUedKPc.exe
  C:\Windows\System\lUedKPc.exe
  2⤵
  PID:4172
- C:\Windows\System\seDpEzg.exe
  C:\Windows\System\seDpEzg.exe
  2⤵
  PID:4188
- C:\Windows\System\gjZBHei.exe
  C:\Windows\System\gjZBHei.exe
  2⤵
  PID:4212
- C:\Windows\System\fOtDUMj.exe
  C:\Windows\System\fOtDUMj.exe
  2⤵
  PID:4228
- C:\Windows\System\UjOIsHh.exe
  C:\Windows\System\UjOIsHh.exe
  2⤵
  PID:4248
- C:\Windows\System\cETcRKP.exe
  C:\Windows\System\cETcRKP.exe
  2⤵
  PID:4268
- C:\Windows\System\lKaRGZV.exe
  C:\Windows\System\lKaRGZV.exe
  2⤵
  PID:4296
- C:\Windows\System\jcNYZhy.exe
  C:\Windows\System\jcNYZhy.exe
  2⤵
  PID:4312
- C:\Windows\System\fPEnRrr.exe
  C:\Windows\System\fPEnRrr.exe
  2⤵
  PID:4336
- C:\Windows\System\IBIBxZa.exe
  C:\Windows\System\IBIBxZa.exe
  2⤵
  PID:4356
- C:\Windows\System\PcFYZLY.exe
  C:\Windows\System\PcFYZLY.exe
  2⤵
  PID:4376
- C:\Windows\System\YKSbwqY.exe
  C:\Windows\System\YKSbwqY.exe
  2⤵
  PID:4396
- C:\Windows\System\taiAxFO.exe
  C:\Windows\System\taiAxFO.exe
  2⤵
  PID:4416
- C:\Windows\System\IYITBxw.exe
  C:\Windows\System\IYITBxw.exe
  2⤵
  PID:4436
- C:\Windows\System\YjhzrTf.exe
  C:\Windows\System\YjhzrTf.exe
  2⤵
  PID:4456
- C:\Windows\System\ONgHzvp.exe
  C:\Windows\System\ONgHzvp.exe
  2⤵
  PID:4472
- C:\Windows\System\uBAxwJs.exe
  C:\Windows\System\uBAxwJs.exe
  2⤵
  PID:4496
- C:\Windows\System\LvNjSxK.exe
  C:\Windows\System\LvNjSxK.exe
  2⤵
  PID:4516
- C:\Windows\System\hzgdQko.exe
  C:\Windows\System\hzgdQko.exe
  2⤵
  PID:4536
- C:\Windows\System\LkxKxkG.exe
  C:\Windows\System\LkxKxkG.exe
  2⤵
  PID:4552
- C:\Windows\System\zdrjvGv.exe
  C:\Windows\System\zdrjvGv.exe
  2⤵
  PID:4576
- C:\Windows\System\JPaDUPs.exe
  C:\Windows\System\JPaDUPs.exe
  2⤵
  PID:4596
- C:\Windows\System\DJtohpp.exe
  C:\Windows\System\DJtohpp.exe
  2⤵
  PID:4616
- C:\Windows\System\KdOylZg.exe
  C:\Windows\System\KdOylZg.exe
  2⤵
  PID:4636
- C:\Windows\System\OeskzXB.exe
  C:\Windows\System\OeskzXB.exe
  2⤵
  PID:4656
- C:\Windows\System\FeOYIlT.exe
  C:\Windows\System\FeOYIlT.exe
  2⤵
  PID:4672
- C:\Windows\System\gkuHNKw.exe
  C:\Windows\System\gkuHNKw.exe
  2⤵
  PID:4696
- C:\Windows\System\wclaEIz.exe
  C:\Windows\System\wclaEIz.exe
  2⤵
  PID:4720
- C:\Windows\System\HgeOKRc.exe
  C:\Windows\System\HgeOKRc.exe
  2⤵
  PID:4740
- C:\Windows\System\XBpdfyX.exe
  C:\Windows\System\XBpdfyX.exe
  2⤵
  PID:4756
- C:\Windows\System\IJnrkFh.exe
  C:\Windows\System\IJnrkFh.exe
  2⤵
  PID:4780
- C:\Windows\System\MovVIFe.exe
  C:\Windows\System\MovVIFe.exe
  2⤵
  PID:4796
- C:\Windows\System\loELVYw.exe
  C:\Windows\System\loELVYw.exe
  2⤵
  PID:4820
- C:\Windows\System\VTelWyf.exe
  C:\Windows\System\VTelWyf.exe
  2⤵
  PID:4836
- C:\Windows\System\AKVppwM.exe
  C:\Windows\System\AKVppwM.exe
  2⤵
  PID:4856
- C:\Windows\System\skBftfw.exe
  C:\Windows\System\skBftfw.exe
  2⤵
  PID:4876
- C:\Windows\System\ReCzhAa.exe
  C:\Windows\System\ReCzhAa.exe
  2⤵
  PID:4900
- C:\Windows\System\pzcPeem.exe
  C:\Windows\System\pzcPeem.exe
  2⤵
  PID:4916
- C:\Windows\System\OudKzXK.exe
  C:\Windows\System\OudKzXK.exe
  2⤵
  PID:4936
- C:\Windows\System\mkoQOFt.exe
  C:\Windows\System\mkoQOFt.exe
  2⤵
  PID:4956
- C:\Windows\System\wUZFoty.exe
  C:\Windows\System\wUZFoty.exe
  2⤵
  PID:4976
- C:\Windows\System\NOGifpk.exe
  C:\Windows\System\NOGifpk.exe
  2⤵
  PID:4992
- C:\Windows\System\qmceLsh.exe
  C:\Windows\System\qmceLsh.exe
  2⤵
  PID:5016
- C:\Windows\System\fylNBNF.exe
  C:\Windows\System\fylNBNF.exe
  2⤵
  PID:5040
- C:\Windows\System\ExvqITu.exe
  C:\Windows\System\ExvqITu.exe
  2⤵
  PID:5060
- C:\Windows\System\lIAJhVh.exe
  C:\Windows\System\lIAJhVh.exe
  2⤵
  PID:5080
- C:\Windows\System\ZcpybDq.exe
  C:\Windows\System\ZcpybDq.exe
  2⤵
  PID:5100
- C:\Windows\System\wbILrVH.exe
  C:\Windows\System\wbILrVH.exe
  2⤵
  PID:5116
- C:\Windows\System\xPtwAsD.exe
  C:\Windows\System\xPtwAsD.exe
  2⤵
  PID:3528
- C:\Windows\System\VCYGHdJ.exe
  C:\Windows\System\VCYGHdJ.exe
  2⤵
  PID:3948
- C:\Windows\System\AGEYcfp.exe
  C:\Windows\System\AGEYcfp.exe
  2⤵
  PID:2472
- C:\Windows\System\HYXPPBU.exe
  C:\Windows\System\HYXPPBU.exe
  2⤵
  PID:3644
- C:\Windows\System\uPbOvxz.exe
  C:\Windows\System\uPbOvxz.exe
  2⤵
  PID:3796
- C:\Windows\System\hTnWxXS.exe
  C:\Windows\System\hTnWxXS.exe
  2⤵
  PID:2144
- C:\Windows\System\KUUiNpR.exe
  C:\Windows\System\KUUiNpR.exe
  2⤵
  PID:4120
- C:\Windows\System\obQMYIy.exe
  C:\Windows\System\obQMYIy.exe
  2⤵
  PID:4100
- C:\Windows\System\UYLCAuh.exe
  C:\Windows\System\UYLCAuh.exe
  2⤵
  PID:4140
- C:\Windows\System\FvFbEyj.exe
  C:\Windows\System\FvFbEyj.exe
  2⤵
  PID:4180
- C:\Windows\System\UYGiUZc.exe
  C:\Windows\System\UYGiUZc.exe
  2⤵
  PID:4236
- C:\Windows\System\uEqOWUx.exe
  C:\Windows\System\uEqOWUx.exe
  2⤵
  PID:4280
- C:\Windows\System\jIDuLsC.exe
  C:\Windows\System\jIDuLsC.exe
  2⤵
  PID:4260
- C:\Windows\System\mOkFNlO.exe
  C:\Windows\System\mOkFNlO.exe
  2⤵
  PID:4320
- C:\Windows\System\RJyzmfm.exe
  C:\Windows\System\RJyzmfm.exe
  2⤵
  PID:4352
- C:\Windows\System\QlZEuiE.exe
  C:\Windows\System\QlZEuiE.exe
  2⤵
  PID:4372
- C:\Windows\System\aOjWhnV.exe
  C:\Windows\System\aOjWhnV.exe
  2⤵
  PID:4384
- C:\Windows\System\hakWFiw.exe
  C:\Windows\System\hakWFiw.exe
  2⤵
  PID:4412
- C:\Windows\System\wGauXMi.exe
  C:\Windows\System\wGauXMi.exe
  2⤵
  PID:4444
- C:\Windows\System\IzqxNYT.exe
  C:\Windows\System\IzqxNYT.exe
  2⤵
  PID:4464
- C:\Windows\System\lSgBvxk.exe
  C:\Windows\System\lSgBvxk.exe
  2⤵
  PID:4468
- C:\Windows\System\ySjhpew.exe
  C:\Windows\System\ySjhpew.exe
  2⤵
  PID:4560
- C:\Windows\System\wtFVfra.exe
  C:\Windows\System\wtFVfra.exe
  2⤵
  PID:4504
- C:\Windows\System\oGGNmkq.exe
  C:\Windows\System\oGGNmkq.exe
  2⤵
  PID:4508
- C:\Windows\System\RHQviRe.exe
  C:\Windows\System\RHQviRe.exe
  2⤵
  PID:4652
- C:\Windows\System\MDiLCON.exe
  C:\Windows\System\MDiLCON.exe
  2⤵
  PID:4688
- C:\Windows\System\MNBFNHn.exe
  C:\Windows\System\MNBFNHn.exe
  2⤵
  PID:4632
- C:\Windows\System\WwQNFvt.exe
  C:\Windows\System\WwQNFvt.exe
  2⤵
  PID:4624
- C:\Windows\System\ojaWPZy.exe
  C:\Windows\System\ojaWPZy.exe
  2⤵
  PID:4716
- C:\Windows\System\tKxtSlV.exe
  C:\Windows\System\tKxtSlV.exe
  2⤵
  PID:4764
- C:\Windows\System\XLrkoJh.exe
  C:\Windows\System\XLrkoJh.exe
  2⤵
  PID:4752
- C:\Windows\System\HsOWhnr.exe
  C:\Windows\System\HsOWhnr.exe
  2⤵
  PID:4808
- C:\Windows\System\ctSefSV.exe
  C:\Windows\System\ctSefSV.exe
  2⤵
  PID:2688
- C:\Windows\System\Sxdnsqo.exe
  C:\Windows\System\Sxdnsqo.exe
  2⤵
  PID:4884
- C:\Windows\System\DXDeFQo.exe
  C:\Windows\System\DXDeFQo.exe
  2⤵
  PID:4888
- C:\Windows\System\NnvuefG.exe
  C:\Windows\System\NnvuefG.exe
  2⤵
  PID:4928
- C:\Windows\System\RjvWuDm.exe
  C:\Windows\System\RjvWuDm.exe
  2⤵
  PID:4868
- C:\Windows\System\HxuyqvU.exe
  C:\Windows\System\HxuyqvU.exe
  2⤵
  PID:4964
- C:\Windows\System\ogKPiqy.exe
  C:\Windows\System\ogKPiqy.exe
  2⤵
  PID:5008
- C:\Windows\System\nLnSBgL.exe
  C:\Windows\System\nLnSBgL.exe
  2⤵
  PID:4912
- C:\Windows\System\sGguvtf.exe
  C:\Windows\System\sGguvtf.exe
  2⤵
  PID:4952
- C:\Windows\System\eThMKGW.exe
  C:\Windows\System\eThMKGW.exe
  2⤵
  PID:5048
- C:\Windows\System\toCxuxA.exe
  C:\Windows\System\toCxuxA.exe
  2⤵
  PID:5088
- C:\Windows\System\YxenkJE.exe
  C:\Windows\System\YxenkJE.exe
  2⤵
  PID:3508
- C:\Windows\System\XcPyjsn.exe
  C:\Windows\System\XcPyjsn.exe
  2⤵
  PID:5072
- C:\Windows\System\GdUtnhZ.exe
  C:\Windows\System\GdUtnhZ.exe
  2⤵
  PID:4124
- C:\Windows\System\xxcnSoF.exe
  C:\Windows\System\xxcnSoF.exe
  2⤵
  PID:4164
- C:\Windows\System\aEKIJWb.exe
  C:\Windows\System\aEKIJWb.exe
  2⤵
  PID:3500
- C:\Windows\System\CvlhiED.exe
  C:\Windows\System\CvlhiED.exe
  2⤵
  PID:3068
- C:\Windows\System\cvfAONX.exe
  C:\Windows\System\cvfAONX.exe
  2⤵
  PID:3080
- C:\Windows\System\qugGYRb.exe
  C:\Windows\System\qugGYRb.exe
  2⤵
  PID:4204
- C:\Windows\System\wPaHvSl.exe
  C:\Windows\System\wPaHvSl.exe
  2⤵
  PID:1996
- C:\Windows\System\Tahbanz.exe
  C:\Windows\System\Tahbanz.exe
  2⤵
  PID:2344
- C:\Windows\System\waxyLHR.exe
  C:\Windows\System\waxyLHR.exe
  2⤵
  PID:2388
- C:\Windows\System\HmGeTaZ.exe
  C:\Windows\System\HmGeTaZ.exe
  2⤵
  PID:1728
- C:\Windows\System\FszdWad.exe
  C:\Windows\System\FszdWad.exe
  2⤵
  PID:2476
- C:\Windows\System\ACglVWB.exe
  C:\Windows\System\ACglVWB.exe
  2⤵
  PID:2800
- C:\Windows\System\iBYkmga.exe
  C:\Windows\System\iBYkmga.exe
  2⤵
  PID:3776
- C:\Windows\System\kbBIDNS.exe
  C:\Windows\System\kbBIDNS.exe
  2⤵
  PID:4224
- C:\Windows\System\OQNjDAl.exe
  C:\Windows\System\OQNjDAl.exe
  2⤵
  PID:4344
- C:\Windows\System\ShbVaPr.exe
  C:\Windows\System\ShbVaPr.exe
  2⤵
  PID:2864
- C:\Windows\System\AIUEspL.exe
  C:\Windows\System\AIUEspL.exe
  2⤵
  PID:2820
- C:\Windows\System\yGOkpsV.exe
  C:\Windows\System\yGOkpsV.exe
  2⤵
  PID:4424
- C:\Windows\System\RmbAiJV.exe
  C:\Windows\System\RmbAiJV.exe
  2⤵
  PID:3004
- C:\Windows\System\nWAjcWp.exe
  C:\Windows\System\nWAjcWp.exe
  2⤵
  PID:4404
- C:\Windows\System\TaEEhSL.exe
  C:\Windows\System\TaEEhSL.exe
  2⤵
  PID:4548
- C:\Windows\System\koOSQNx.exe
  C:\Windows\System\koOSQNx.exe
  2⤵
  PID:4628
- C:\Windows\System\hutcdwk.exe
  C:\Windows\System\hutcdwk.exe
  2⤵
  PID:4816
- C:\Windows\System\ljMxoFc.exe
  C:\Windows\System\ljMxoFc.exe
  2⤵
  PID:4892
- C:\Windows\System\jkbQroW.exe
  C:\Windows\System\jkbQroW.exe
  2⤵
  PID:5000
- C:\Windows\System\doCpRYo.exe
  C:\Windows\System\doCpRYo.exe
  2⤵
  PID:5028
- C:\Windows\System\YXLUCFQ.exe
  C:\Windows\System\YXLUCFQ.exe
  2⤵
  PID:5036
- C:\Windows\System\sOxBvHv.exe
  C:\Windows\System\sOxBvHv.exe
  2⤵
  PID:4608
- C:\Windows\System\fyurDdN.exe
  C:\Windows\System\fyurDdN.exe
  2⤵
  PID:5024
- C:\Windows\System\ZoqHWaH.exe
  C:\Windows\System\ZoqHWaH.exe
  2⤵
  PID:4480
- C:\Windows\System\USsvoax.exe
  C:\Windows\System\USsvoax.exe
  2⤵
  PID:4872
- C:\Windows\System\qyDfFPO.exe
  C:\Windows\System\qyDfFPO.exe
  2⤵
  PID:4848
- C:\Windows\System\TEmlBPk.exe
  C:\Windows\System\TEmlBPk.exe
  2⤵
  PID:4732
- C:\Windows\System\RPmZhWO.exe
  C:\Windows\System\RPmZhWO.exe
  2⤵
  PID:4584
- C:\Windows\System\ixFNlYr.exe
  C:\Windows\System\ixFNlYr.exe
  2⤵
  PID:4528
- C:\Windows\System\AZJqbst.exe
  C:\Windows\System\AZJqbst.exe
  2⤵
  PID:2148
- C:\Windows\System\ThtyyqZ.exe
  C:\Windows\System\ThtyyqZ.exe
  2⤵
  PID:4104
- C:\Windows\System\YooiljJ.exe
  C:\Windows\System\YooiljJ.exe
  2⤵
  PID:804
- C:\Windows\System\YJiBkLF.exe
  C:\Windows\System\YJiBkLF.exe
  2⤵
  PID:2944
- C:\Windows\System\EjJQazo.exe
  C:\Windows\System\EjJQazo.exe
  2⤵
  PID:2988
- C:\Windows\System\tRwnUFx.exe
  C:\Windows\System\tRwnUFx.exe
  2⤵
  PID:2700
- C:\Windows\System\muItZIf.exe
  C:\Windows\System\muItZIf.exe
  2⤵
  PID:4948
- C:\Windows\System\tYbPVka.exe
  C:\Windows\System\tYbPVka.exe
  2⤵
  PID:1948
- C:\Windows\System\bvtbGMA.exe
  C:\Windows\System\bvtbGMA.exe
  2⤵
  PID:4116
- C:\Windows\System\ejeQXDl.exe
  C:\Windows\System\ejeQXDl.exe
  2⤵
  PID:3000
- C:\Windows\System\KGHaqtB.exe
  C:\Windows\System\KGHaqtB.exe
  2⤵
  PID:2452
- C:\Windows\System\DjWGlMv.exe
  C:\Windows\System\DjWGlMv.exe
  2⤵
  PID:4788
- C:\Windows\System\ZfKLZVE.exe
  C:\Windows\System\ZfKLZVE.exe
  2⤵
  PID:4776
- C:\Windows\System\TwncgfO.exe
  C:\Windows\System\TwncgfO.exe
  2⤵
  PID:4448
- C:\Windows\System\rcsrmzh.exe
  C:\Windows\System\rcsrmzh.exe
  2⤵
  PID:4704
- C:\Windows\System\wXtyRcH.exe
  C:\Windows\System\wXtyRcH.exe
  2⤵
  PID:2000
- C:\Windows\System\TMpHEBV.exe
  C:\Windows\System\TMpHEBV.exe
  2⤵
  PID:2464
- C:\Windows\System\TXFnxOG.exe
  C:\Windows\System\TXFnxOG.exe
  2⤵
  PID:2808
- C:\Windows\System\dbAkYWY.exe
  C:\Windows\System\dbAkYWY.exe
  2⤵
  PID:4160
- C:\Windows\System\xIQMTFz.exe
  C:\Windows\System\xIQMTFz.exe
  2⤵
  PID:4988
- C:\Windows\System\KQmAFhS.exe
  C:\Windows\System\KQmAFhS.exe
  2⤵
  PID:4968
- C:\Windows\System\sOWWmYW.exe
  C:\Windows\System\sOWWmYW.exe
  2⤵
  PID:4368
- C:\Windows\System\kkeWsTU.exe
  C:\Windows\System\kkeWsTU.exe
  2⤵
  PID:5112
- C:\Windows\System\FtUfDgt.exe
  C:\Windows\System\FtUfDgt.exe
  2⤵
  PID:2856
- C:\Windows\System\SSRSNlY.exe
  C:\Windows\System\SSRSNlY.exe
  2⤵
  PID:4896
- C:\Windows\System\ZfrgPLL.exe
  C:\Windows\System\ZfrgPLL.exe
  2⤵
  PID:2940
- C:\Windows\System\qczotzI.exe
  C:\Windows\System\qczotzI.exe
  2⤵
  PID:3864
- C:\Windows\System\KAVOtdb.exe
  C:\Windows\System\KAVOtdb.exe
  2⤵
  PID:2036
- C:\Windows\System\VWngErY.exe
  C:\Windows\System\VWngErY.exe
  2⤵
  PID:2088
- C:\Windows\System\hIllOOH.exe
  C:\Windows\System\hIllOOH.exe
  2⤵
  PID:2884
- C:\Windows\System\MPsfByy.exe
  C:\Windows\System\MPsfByy.exe
  2⤵
  PID:1984
- C:\Windows\System\cMngFAz.exe
  C:\Windows\System\cMngFAz.exe
  2⤵
  PID:3600
- C:\Windows\System\cBXtgeA.exe
  C:\Windows\System\cBXtgeA.exe
  2⤵
  PID:5124
- C:\Windows\System\SALYHAJ.exe
  C:\Windows\System\SALYHAJ.exe
  2⤵
  PID:5140
- C:\Windows\System\ciBzerm.exe
  C:\Windows\System\ciBzerm.exe
  2⤵
  PID:5156
- C:\Windows\System\bxuMmKj.exe
  C:\Windows\System\bxuMmKj.exe
  2⤵
  PID:5172
- C:\Windows\System\QEcBfTC.exe
  C:\Windows\System\QEcBfTC.exe
  2⤵
  PID:5188
- C:\Windows\System\OfPOfLn.exe
  C:\Windows\System\OfPOfLn.exe
  2⤵
  PID:5204
- C:\Windows\System\SIaZrkx.exe
  C:\Windows\System\SIaZrkx.exe
  2⤵
  PID:5220
- C:\Windows\System\EsnHVxc.exe
  C:\Windows\System\EsnHVxc.exe
  2⤵
  PID:5236
- C:\Windows\System\YoPSPQv.exe
  C:\Windows\System\YoPSPQv.exe
  2⤵
  PID:5252
- C:\Windows\System\lSmkOTh.exe
  C:\Windows\System\lSmkOTh.exe
  2⤵
  PID:5268
- C:\Windows\System\KfzcWAp.exe
  C:\Windows\System\KfzcWAp.exe
  2⤵
  PID:5284
- C:\Windows\System\AdUXGWx.exe
  C:\Windows\System\AdUXGWx.exe
  2⤵
  PID:5300
- C:\Windows\System\abevQrt.exe
  C:\Windows\System\abevQrt.exe
  2⤵
  PID:5320
- C:\Windows\System\QjBzGmD.exe
  C:\Windows\System\QjBzGmD.exe
  2⤵
  PID:5336
- C:\Windows\System\FaXxnOR.exe
  C:\Windows\System\FaXxnOR.exe
  2⤵
  PID:5356
- C:\Windows\System\GYXmrjL.exe
  C:\Windows\System\GYXmrjL.exe
  2⤵
  PID:5388
- C:\Windows\System\utvuDlf.exe
  C:\Windows\System\utvuDlf.exe
  2⤵
  PID:5412
- C:\Windows\System\vkXYqOa.exe
  C:\Windows\System\vkXYqOa.exe
  2⤵
  PID:5432
- C:\Windows\System\QKVkmWx.exe
  C:\Windows\System\QKVkmWx.exe
  2⤵
  PID:5448
- C:\Windows\System\YJCTamt.exe
  C:\Windows\System\YJCTamt.exe
  2⤵
  PID:5464
- C:\Windows\System\jYMSJAf.exe
  C:\Windows\System\jYMSJAf.exe
  2⤵
  PID:5480
- C:\Windows\System\oNsCILq.exe
  C:\Windows\System\oNsCILq.exe
  2⤵
  PID:5496
- C:\Windows\System\BEUOJfh.exe
  C:\Windows\System\BEUOJfh.exe
  2⤵
  PID:5512
- C:\Windows\System\nXrNrZW.exe
  C:\Windows\System\nXrNrZW.exe
  2⤵
  PID:5528
- C:\Windows\System\gsRpEmM.exe
  C:\Windows\System\gsRpEmM.exe
  2⤵
  PID:5600
- C:\Windows\System\gWeSbQw.exe
  C:\Windows\System\gWeSbQw.exe
  2⤵
  PID:5620
- C:\Windows\System\ygcZKko.exe
  C:\Windows\System\ygcZKko.exe
  2⤵
  PID:5636
- C:\Windows\System\nWdCuVK.exe
  C:\Windows\System\nWdCuVK.exe
  2⤵
  PID:5652
- C:\Windows\System\DHTeKxo.exe
  C:\Windows\System\DHTeKxo.exe
  2⤵
  PID:5668
- C:\Windows\System\INReTCZ.exe
  C:\Windows\System\INReTCZ.exe
  2⤵
  PID:5684
- C:\Windows\System\rIBFDkU.exe
  C:\Windows\System\rIBFDkU.exe
  2⤵
  PID:5700
- C:\Windows\System\sASMlLw.exe
  C:\Windows\System\sASMlLw.exe
  2⤵
  PID:5716
- C:\Windows\System\trAUnDI.exe
  C:\Windows\System\trAUnDI.exe
  2⤵
  PID:5732
- C:\Windows\System\cctoXFM.exe
  C:\Windows\System\cctoXFM.exe
  2⤵
  PID:5748
- C:\Windows\System\JaDUaYn.exe
  C:\Windows\System\JaDUaYn.exe
  2⤵
  PID:5764
- C:\Windows\System\KleECeY.exe
  C:\Windows\System\KleECeY.exe
  2⤵
  PID:5780
- C:\Windows\System\eqNGhkZ.exe
  C:\Windows\System\eqNGhkZ.exe
  2⤵
  PID:5796
- C:\Windows\System\fyGJcBh.exe
  C:\Windows\System\fyGJcBh.exe
  2⤵
  PID:5812
- C:\Windows\System\yMdPrse.exe
  C:\Windows\System\yMdPrse.exe
  2⤵
  PID:5828
- C:\Windows\System\GaRRCiQ.exe
  C:\Windows\System\GaRRCiQ.exe
  2⤵
  PID:5844
- C:\Windows\System\Ceycchu.exe
  C:\Windows\System\Ceycchu.exe
  2⤵
  PID:5872
- C:\Windows\System\SZxTNMW.exe
  C:\Windows\System\SZxTNMW.exe
  2⤵
  PID:5888
- C:\Windows\System\wbGLCFy.exe
  C:\Windows\System\wbGLCFy.exe
  2⤵
  PID:5916
- C:\Windows\System\CkyKlsu.exe
  C:\Windows\System\CkyKlsu.exe
  2⤵
  PID:5948
- C:\Windows\System\wTQqTEC.exe
  C:\Windows\System\wTQqTEC.exe
  2⤵
  PID:5968
- C:\Windows\System\kCuYZzC.exe
  C:\Windows\System\kCuYZzC.exe
  2⤵
  PID:6008
- C:\Windows\System\qzEWAQq.exe
  C:\Windows\System\qzEWAQq.exe
  2⤵
  PID:6024
- C:\Windows\System\xKhCYPv.exe
  C:\Windows\System\xKhCYPv.exe
  2⤵
  PID:6056
- C:\Windows\System\JCJEYWM.exe
  C:\Windows\System\JCJEYWM.exe
  2⤵
  PID:6076
- C:\Windows\System\acvpDCq.exe
  C:\Windows\System\acvpDCq.exe
  2⤵
  PID:6104
- C:\Windows\System\PzZKdRH.exe
  C:\Windows\System\PzZKdRH.exe
  2⤵
  PID:6124
- C:\Windows\System\witZsnN.exe
  C:\Windows\System\witZsnN.exe
  2⤵
  PID:860
- C:\Windows\System\xiIBtuo.exe
  C:\Windows\System\xiIBtuo.exe
  2⤵
  PID:2672
- C:\Windows\System\CesPgEA.exe
  C:\Windows\System\CesPgEA.exe
  2⤵
  PID:5184
- C:\Windows\System\tCRmazH.exe
  C:\Windows\System\tCRmazH.exe
  2⤵
  PID:1696
- C:\Windows\System\KKDEPye.exe
  C:\Windows\System\KKDEPye.exe
  2⤵
  PID:2624
- C:\Windows\System\hJbuhiV.exe
  C:\Windows\System\hJbuhiV.exe
  2⤵
  PID:5212
- C:\Windows\System\zXdqxks.exe
  C:\Windows\System\zXdqxks.exe
  2⤵
  PID:5280
- C:\Windows\System\HAtcSqP.exe
  C:\Windows\System\HAtcSqP.exe
  2⤵
  PID:5344
- C:\Windows\System\mAvFxRa.exe
  C:\Windows\System\mAvFxRa.exe
  2⤵
  PID:5440
- C:\Windows\System\wZSBGxa.exe
  C:\Windows\System\wZSBGxa.exe
  2⤵
  PID:5504
- C:\Windows\System\IIiSccb.exe
  C:\Windows\System\IIiSccb.exe
  2⤵
  PID:5548
- C:\Windows\System\FaHVgMU.exe
  C:\Windows\System\FaHVgMU.exe
  2⤵
  PID:5560
- C:\Windows\System\yvcgjoO.exe
  C:\Windows\System\yvcgjoO.exe
  2⤵
  PID:5584
- C:\Windows\System\pOPptyV.exe
  C:\Windows\System\pOPptyV.exe
  2⤵
  PID:5168
- C:\Windows\System\xqSgMjc.exe
  C:\Windows\System\xqSgMjc.exe
  2⤵
  PID:5332
- C:\Windows\System\uuKoBWT.exe
  C:\Windows\System\uuKoBWT.exe
  2⤵
  PID:5632
- C:\Windows\System\YUVBQAv.exe
  C:\Windows\System\YUVBQAv.exe
  2⤵
  PID:5724
- C:\Windows\System\SQCWQKR.exe
  C:\Windows\System\SQCWQKR.exe
  2⤵
  PID:5760
- C:\Windows\System\FhGjwfp.exe
  C:\Windows\System\FhGjwfp.exe
  2⤵
  PID:5824
- C:\Windows\System\nnxHrXr.exe
  C:\Windows\System\nnxHrXr.exe
  2⤵
  PID:5868
- C:\Windows\System\PzgBpOu.exe
  C:\Windows\System\PzgBpOu.exe
  2⤵
  PID:5908
- C:\Windows\System\YhHzUEI.exe
  C:\Windows\System\YhHzUEI.exe
  2⤵
  PID:5964
- C:\Windows\System\awDSNGd.exe
  C:\Windows\System\awDSNGd.exe
  2⤵
  PID:948
- C:\Windows\System\UcjYStQ.exe
  C:\Windows\System\UcjYStQ.exe
  2⤵
  PID:6068
- C:\Windows\System\UCmuwUL.exe
  C:\Windows\System\UCmuwUL.exe
  2⤵
  PID:1704
- C:\Windows\System\sLowDuE.exe
  C:\Windows\System\sLowDuE.exe
  2⤵
  PID:5196
- C:\Windows\System\fvTnRMG.exe
  C:\Windows\System\fvTnRMG.exe
  2⤵
  PID:2920
- C:\Windows\System\HLnFsXb.exe
  C:\Windows\System\HLnFsXb.exe
  2⤵
  PID:1708
- C:\Windows\System\zTYVfOp.exe
  C:\Windows\System\zTYVfOp.exe
  2⤵
  PID:5944
- C:\Windows\System\FgMSPjs.exe
  C:\Windows\System\FgMSPjs.exe
  2⤵
  PID:5492
- C:\Windows\System\NvJUkqG.exe
  C:\Windows\System\NvJUkqG.exe
  2⤵
  PID:6132
- C:\Windows\System\hbJPaAf.exe
  C:\Windows\System\hbJPaAf.exe
  2⤵
  PID:5556
- C:\Windows\System\xSOpXzo.exe
  C:\Windows\System\xSOpXzo.exe
  2⤵
  PID:5992
- C:\Windows\System\nTcZHPD.exe
  C:\Windows\System\nTcZHPD.exe
  2⤵
  PID:5460
- C:\Windows\System\yyWlYnq.exe
  C:\Windows\System\yyWlYnq.exe
  2⤵
  PID:6040
- C:\Windows\System\IPBCZNL.exe
  C:\Windows\System\IPBCZNL.exe
  2⤵
  PID:5524
- C:\Windows\System\ynknaKb.exe
  C:\Windows\System\ynknaKb.exe
  2⤵
  PID:5644
- C:\Windows\System\chlFkiz.exe
  C:\Windows\System\chlFkiz.exe
  2⤵
  PID:6100
- C:\Windows\System\nPcHmfE.exe
  C:\Windows\System\nPcHmfE.exe
  2⤵
  PID:5628
- C:\Windows\System\bfTPgtA.exe
  C:\Windows\System\bfTPgtA.exe
  2⤵
  PID:5728
- C:\Windows\System\EvNTtqI.exe
  C:\Windows\System\EvNTtqI.exe
  2⤵
  PID:5956
- C:\Windows\System\KReNjjS.exe
  C:\Windows\System\KReNjjS.exe
  2⤵
  PID:5004
- C:\Windows\System\CbtvbXl.exe
  C:\Windows\System\CbtvbXl.exe
  2⤵
  PID:5740
- C:\Windows\System\nKEQGuf.exe
  C:\Windows\System\nKEQGuf.exe
  2⤵
  PID:5476
- C:\Windows\System\eDtaAcx.exe
  C:\Windows\System\eDtaAcx.exe
  2⤵
  PID:5472
- C:\Windows\System\rggKRYX.exe
  C:\Windows\System\rggKRYX.exe
  2⤵
  PID:5928
- C:\Windows\System\aGrNEfv.exe
  C:\Windows\System\aGrNEfv.exe
  2⤵
  PID:1752
- C:\Windows\System\ZPftBSg.exe
  C:\Windows\System\ZPftBSg.exe
  2⤵
  PID:6140
- C:\Windows\System\uPYqcZk.exe
  C:\Windows\System\uPYqcZk.exe
  2⤵
  PID:5580
- C:\Windows\System\lORmVcn.exe
  C:\Windows\System\lORmVcn.exe
  2⤵
  PID:5820
- C:\Windows\System\eouEfWM.exe
  C:\Windows\System\eouEfWM.exe
  2⤵
  PID:4492
- C:\Windows\System\hkOURkn.exe
  C:\Windows\System\hkOURkn.exe
  2⤵
  PID:5292
- C:\Windows\System\fnZHRJG.exe
  C:\Windows\System\fnZHRJG.exe
  2⤵
  PID:5792
- C:\Windows\System\gZxWgca.exe
  C:\Windows\System\gZxWgca.exe
  2⤵
  PID:5536
- C:\Windows\System\UgElvsp.exe
  C:\Windows\System\UgElvsp.exe
  2⤵
  PID:5572
- C:\Windows\System\CXOlDbS.exe
  C:\Windows\System\CXOlDbS.exe
  2⤵
  PID:5936
- C:\Windows\System\zveIWAv.exe
  C:\Windows\System\zveIWAv.exe
  2⤵
  PID:5376
- C:\Windows\System\yWxAmHW.exe
  C:\Windows\System\yWxAmHW.exe
  2⤵
  PID:2124
- C:\Windows\System\hvewjtJ.exe
  C:\Windows\System\hvewjtJ.exe
  2⤵
  PID:5456
- C:\Windows\System\yLnmZFk.exe
  C:\Windows\System\yLnmZFk.exe
  2⤵
  PID:6092
- C:\Windows\System\OYLjkDt.exe
  C:\Windows\System\OYLjkDt.exe
  2⤵
  PID:6032
- C:\Windows\System\sxffpIi.exe
  C:\Windows\System\sxffpIi.exe
  2⤵
  PID:5680
- C:\Windows\System\jJFphBv.exe
  C:\Windows\System\jJFphBv.exe
  2⤵
  PID:5864
- C:\Windows\System\aSzJoGd.exe
  C:\Windows\System\aSzJoGd.exe
  2⤵
  PID:5884
- C:\Windows\System\cCUwyEg.exe
  C:\Windows\System\cCUwyEg.exe
  2⤵
  PID:2952
- C:\Windows\System\iyZssaq.exe
  C:\Windows\System\iyZssaq.exe
  2⤵
  PID:6160
- C:\Windows\System\cHLwoZc.exe
  C:\Windows\System\cHLwoZc.exe
  2⤵
  PID:6176
- C:\Windows\System\ZhDiUfH.exe
  C:\Windows\System\ZhDiUfH.exe
  2⤵
  PID:6192
- C:\Windows\System\TYPyguL.exe
  C:\Windows\System\TYPyguL.exe
  2⤵
  PID:6208
- C:\Windows\System\bQrDIZU.exe
  C:\Windows\System\bQrDIZU.exe
  2⤵
  PID:6224
- C:\Windows\System\HuRCHoz.exe
  C:\Windows\System\HuRCHoz.exe
  2⤵
  PID:6240
- C:\Windows\System\gfIMZHB.exe
  C:\Windows\System\gfIMZHB.exe
  2⤵
  PID:6256
- C:\Windows\System\hudmeZv.exe
  C:\Windows\System\hudmeZv.exe
  2⤵
  PID:6272
- C:\Windows\System\iuNBbnN.exe
  C:\Windows\System\iuNBbnN.exe
  2⤵
  PID:6288
- C:\Windows\System\MHFvfUr.exe
  C:\Windows\System\MHFvfUr.exe
  2⤵
  PID:6304
- C:\Windows\System\lvVtzSf.exe
  C:\Windows\System\lvVtzSf.exe
  2⤵
  PID:6320
- C:\Windows\System\kKHmXSh.exe
  C:\Windows\System\kKHmXSh.exe
  2⤵
  PID:6336
- C:\Windows\System\DoAJMsN.exe
  C:\Windows\System\DoAJMsN.exe
  2⤵
  PID:6352
- C:\Windows\System\zLVCtOB.exe
  C:\Windows\System\zLVCtOB.exe
  2⤵
  PID:6372
- C:\Windows\System\dhZbTEY.exe
  C:\Windows\System\dhZbTEY.exe
  2⤵
  PID:6388
- C:\Windows\System\rcTgavn.exe
  C:\Windows\System\rcTgavn.exe
  2⤵
  PID:6404
- C:\Windows\System\WtDOeQK.exe
  C:\Windows\System\WtDOeQK.exe
  2⤵
  PID:6420
- C:\Windows\System\gCWcYSF.exe
  C:\Windows\System\gCWcYSF.exe
  2⤵
  PID:6436
- C:\Windows\System\GwvLPlB.exe
  C:\Windows\System\GwvLPlB.exe
  2⤵
  PID:6452
- C:\Windows\System\jKKwbAD.exe
  C:\Windows\System\jKKwbAD.exe
  2⤵
  PID:6484
- C:\Windows\System\xiZJXBs.exe
  C:\Windows\System\xiZJXBs.exe
  2⤵
  PID:6500
- C:\Windows\System\lMXkNQW.exe
  C:\Windows\System\lMXkNQW.exe
  2⤵
  PID:6516
- C:\Windows\System\CgwUpfi.exe
  C:\Windows\System\CgwUpfi.exe
  2⤵
  PID:6532
- C:\Windows\System\quDcLKq.exe
  C:\Windows\System\quDcLKq.exe
  2⤵
  PID:6548
- C:\Windows\System\NQVzddk.exe
  C:\Windows\System\NQVzddk.exe
  2⤵
  PID:6564
- C:\Windows\System\fmGQPRN.exe
  C:\Windows\System\fmGQPRN.exe
  2⤵
  PID:6584
- C:\Windows\System\brRbiLR.exe
  C:\Windows\System\brRbiLR.exe
  2⤵
  PID:6600
- C:\Windows\System\wEOQwYB.exe
  C:\Windows\System\wEOQwYB.exe
  2⤵
  PID:6616
- C:\Windows\System\XGivqFj.exe
  C:\Windows\System\XGivqFj.exe
  2⤵
  PID:6632
- C:\Windows\System\OIyhuZQ.exe
  C:\Windows\System\OIyhuZQ.exe
  2⤵
  PID:6648
- C:\Windows\System\xESOQMM.exe
  C:\Windows\System\xESOQMM.exe
  2⤵
  PID:6664
- C:\Windows\System\ZxoewFM.exe
  C:\Windows\System\ZxoewFM.exe
  2⤵
  PID:6680
- C:\Windows\System\pHPYkFJ.exe
  C:\Windows\System\pHPYkFJ.exe
  2⤵
  PID:6696
- C:\Windows\System\YCVkplo.exe
  C:\Windows\System\YCVkplo.exe
  2⤵
  PID:6712
- C:\Windows\System\dPFZdTZ.exe
  C:\Windows\System\dPFZdTZ.exe
  2⤵
  PID:6728
- C:\Windows\System\eyLZDUn.exe
  C:\Windows\System\eyLZDUn.exe
  2⤵
  PID:6744
- C:\Windows\System\pmPeBAy.exe
  C:\Windows\System\pmPeBAy.exe
  2⤵
  PID:6760
- C:\Windows\System\LHSDaRp.exe
  C:\Windows\System\LHSDaRp.exe
  2⤵
  PID:6776
- C:\Windows\System\oueNxug.exe
  C:\Windows\System\oueNxug.exe
  2⤵
  PID:6792
- C:\Windows\System\sWUUAsv.exe
  C:\Windows\System\sWUUAsv.exe
  2⤵
  PID:6808
- C:\Windows\System\jELexVm.exe
  C:\Windows\System\jELexVm.exe
  2⤵
  PID:6824
- C:\Windows\System\fTqoeyN.exe
  C:\Windows\System\fTqoeyN.exe
  2⤵
  PID:6840
- C:\Windows\System\RxpexMe.exe
  C:\Windows\System\RxpexMe.exe
  2⤵
  PID:6856
- C:\Windows\System\ASEiNGF.exe
  C:\Windows\System\ASEiNGF.exe
  2⤵
  PID:6872
- C:\Windows\System\BVtdxSc.exe
  C:\Windows\System\BVtdxSc.exe
  2⤵
  PID:6888
- C:\Windows\System\XlxERiI.exe
  C:\Windows\System\XlxERiI.exe
  2⤵
  PID:6904
- C:\Windows\System\ugswJHI.exe
  C:\Windows\System\ugswJHI.exe
  2⤵
  PID:6920
- C:\Windows\System\QWmqbjJ.exe
  C:\Windows\System\QWmqbjJ.exe
  2⤵
  PID:6936
- C:\Windows\System\SwXVUdz.exe
  C:\Windows\System\SwXVUdz.exe
  2⤵
  PID:6952
- C:\Windows\System\dZnckte.exe
  C:\Windows\System\dZnckte.exe
  2⤵
  PID:6968
- C:\Windows\System\xmtjokE.exe
  C:\Windows\System\xmtjokE.exe
  2⤵
  PID:6984
- C:\Windows\System\VsmjPqy.exe
  C:\Windows\System\VsmjPqy.exe
  2⤵
  PID:7000
- C:\Windows\System\vAqoyke.exe
  C:\Windows\System\vAqoyke.exe
  2⤵
  PID:7016
- C:\Windows\System\VQZapEs.exe
  C:\Windows\System\VQZapEs.exe
  2⤵
  PID:7032
- C:\Windows\System\RvzIvOW.exe
  C:\Windows\System\RvzIvOW.exe
  2⤵
  PID:7048
- C:\Windows\System\aLZFbfk.exe
  C:\Windows\System\aLZFbfk.exe
  2⤵
  PID:7064
- C:\Windows\System\FWShJqf.exe
  C:\Windows\System\FWShJqf.exe
  2⤵
  PID:7080
- C:\Windows\System\jjsxkUn.exe
  C:\Windows\System\jjsxkUn.exe
  2⤵
  PID:7096
- C:\Windows\System\BBFeLqv.exe
  C:\Windows\System\BBFeLqv.exe
  2⤵
  PID:7112
- C:\Windows\System\PxdBvlj.exe
  C:\Windows\System\PxdBvlj.exe
  2⤵
  PID:7128
- C:\Windows\System\bzpyhQr.exe
  C:\Windows\System\bzpyhQr.exe
  2⤵
  PID:7144
- C:\Windows\System\GNuMfdh.exe
  C:\Windows\System\GNuMfdh.exe
  2⤵
  PID:7160
- C:\Windows\System\kJPliJu.exe
  C:\Windows\System\kJPliJu.exe
  2⤵
  PID:5776
- C:\Windows\System\LwDGrZw.exe
  C:\Windows\System\LwDGrZw.exe
  2⤵
  PID:5132
- C:\Windows\System\hXJFzPG.exe
  C:\Windows\System\hXJFzPG.exe
  2⤵
  PID:5696
- C:\Windows\System\uOTySLM.exe
  C:\Windows\System\uOTySLM.exe
  2⤵
  PID:5396
- C:\Windows\System\PmxEbrp.exe
  C:\Windows\System\PmxEbrp.exe
  2⤵
  PID:6052
- C:\Windows\System\VIsYIzq.exe
  C:\Windows\System\VIsYIzq.exe
  2⤵
  PID:3816
- C:\Windows\System\ibbUYmy.exe
  C:\Windows\System\ibbUYmy.exe
  2⤵
  PID:5152
- C:\Windows\System\EKcRtEf.exe
  C:\Windows\System\EKcRtEf.exe
  2⤵
  PID:5904
- C:\Windows\System\pNNyreO.exe
  C:\Windows\System\pNNyreO.exe
  2⤵
  PID:6184
- C:\Windows\System\OyxlvsI.exe
  C:\Windows\System\OyxlvsI.exe
  2⤵
  PID:5372
- C:\Windows\System\OcCLhIB.exe
  C:\Windows\System\OcCLhIB.exe
  2⤵
  PID:6064
- C:\Windows\System\sRFGkOe.exe
  C:\Windows\System\sRFGkOe.exe
  2⤵
  PID:2772
- C:\Windows\System\qdqUeXg.exe
  C:\Windows\System\qdqUeXg.exe
  2⤵
  PID:6220
- C:\Windows\System\WwXXpRz.exe
  C:\Windows\System\WwXXpRz.exe
  2⤵
  PID:6200
- C:\Windows\System\lJRiBfM.exe
  C:\Windows\System\lJRiBfM.exe
  2⤵
  PID:6348
- C:\Windows\System\PxOjikK.exe
  C:\Windows\System\PxOjikK.exe
  2⤵
  PID:6232
- C:\Windows\System\foZmTTc.exe
  C:\Windows\System\foZmTTc.exe
  2⤵
  PID:6332
- C:\Windows\System\MupyVhh.exe
  C:\Windows\System\MupyVhh.exe
  2⤵
  PID:6264
- C:\Windows\System\dQjYjyw.exe
  C:\Windows\System\dQjYjyw.exe
  2⤵
  PID:6412
- C:\Windows\System\fDHyWCt.exe
  C:\Windows\System\fDHyWCt.exe
  2⤵
  PID:6448
- C:\Windows\System\ICQebKZ.exe
  C:\Windows\System\ICQebKZ.exe
  2⤵
  PID:6460
- C:\Windows\System\WhpMIrD.exe
  C:\Windows\System\WhpMIrD.exe
  2⤵
  PID:6464
- C:\Windows\System\ifsHYcz.exe
  C:\Windows\System\ifsHYcz.exe
  2⤵
  PID:6492
- C:\Windows\System\HVuPJNU.exe
  C:\Windows\System\HVuPJNU.exe
  2⤵
  PID:6512
- C:\Windows\System\RzRuinr.exe
  C:\Windows\System\RzRuinr.exe
  2⤵
  PID:6560
- C:\Windows\System\arwMabe.exe
  C:\Windows\System\arwMabe.exe
  2⤵
  PID:6580
- C:\Windows\System\nPxNgXe.exe
  C:\Windows\System\nPxNgXe.exe
  2⤵
  PID:6628
- C:\Windows\System\qUuFXPD.exe
  C:\Windows\System\qUuFXPD.exe
  2⤵
  PID:6608
- C:\Windows\System\JwTMQcd.exe
  C:\Windows\System\JwTMQcd.exe
  2⤵
  PID:6692
- C:\Windows\System\eGRQIeM.exe
  C:\Windows\System\eGRQIeM.exe
  2⤵
  PID:6676
- C:\Windows\System\SMtkOqO.exe
  C:\Windows\System\SMtkOqO.exe
  2⤵
  PID:3404
- C:\Windows\System\IyHeNUq.exe
  C:\Windows\System\IyHeNUq.exe
  2⤵
  PID:6740
- C:\Windows\System\mpIKcZN.exe
  C:\Windows\System\mpIKcZN.exe
  2⤵
  PID:6820
- C:\Windows\System\razVmGV.exe
  C:\Windows\System\razVmGV.exe
  2⤵
  PID:6832
- C:\Windows\System\lKVpZfX.exe
  C:\Windows\System\lKVpZfX.exe
  2⤵
  PID:6852
- C:\Windows\System\yBCAcct.exe
  C:\Windows\System\yBCAcct.exe
  2⤵
  PID:6868
- C:\Windows\System\YpwjFoJ.exe
  C:\Windows\System\YpwjFoJ.exe
  2⤵
  PID:6900
- C:\Windows\System\ZAiEycy.exe
  C:\Windows\System\ZAiEycy.exe
  2⤵
  PID:6948
- C:\Windows\System\OGKsdoI.exe
  C:\Windows\System\OGKsdoI.exe
  2⤵
  PID:6964
- C:\Windows\System\qzLxyyY.exe
  C:\Windows\System\qzLxyyY.exe
  2⤵
  PID:6960
- C:\Windows\System\GtHRnRP.exe
  C:\Windows\System\GtHRnRP.exe
  2⤵
  PID:6996
- C:\Windows\System\mWmfzVz.exe
  C:\Windows\System\mWmfzVz.exe
  2⤵
  PID:7072
- C:\Windows\System\epkhDqK.exe
  C:\Windows\System\epkhDqK.exe
  2⤵
  PID:7028
- C:\Windows\System\hQVjeyH.exe
  C:\Windows\System\hQVjeyH.exe
  2⤵
  PID:7104
- C:\Windows\System\Cberwpv.exe
  C:\Windows\System\Cberwpv.exe
  2⤵
  PID:6096
- C:\Windows\System\CIMCIWA.exe
  C:\Windows\System\CIMCIWA.exe
  2⤵
  PID:5692
- C:\Windows\System\DasUDSt.exe
  C:\Windows\System\DasUDSt.exe
  2⤵
  PID:7156
- C:\Windows\System\WyDWuTO.exe
  C:\Windows\System\WyDWuTO.exe
  2⤵
  PID:6048
- C:\Windows\System\qlLzwkP.exe
  C:\Windows\System\qlLzwkP.exe
  2⤵
  PID:5276
- C:\Windows\System\orXRpEn.exe
  C:\Windows\System\orXRpEn.exe
  2⤵
  PID:2508
- C:\Windows\System\GQlHntr.exe
  C:\Windows\System\GQlHntr.exe
  2⤵
  PID:6328
- C:\Windows\System\gRIIHmf.exe
  C:\Windows\System\gRIIHmf.exe
  2⤵
  PID:6368
- C:\Windows\System\DJQZavG.exe
  C:\Windows\System\DJQZavG.exe
  2⤵
  PID:6540
- C:\Windows\System\vBoDbAa.exe
  C:\Windows\System\vBoDbAa.exe
  2⤵
  PID:6364
- C:\Windows\System\NffDSyl.exe
  C:\Windows\System\NffDSyl.exe
  2⤵
  PID:6296
- C:\Windows\System\naSRvgt.exe
  C:\Windows\System\naSRvgt.exe
  2⤵
  PID:6576
- C:\Windows\System\DiWoNyg.exe
  C:\Windows\System\DiWoNyg.exe
  2⤵
  PID:6284
- C:\Windows\System\HlvNwWH.exe
  C:\Windows\System\HlvNwWH.exe
  2⤵
  PID:5860
- C:\Windows\System\XnagLUV.exe
  C:\Windows\System\XnagLUV.exe
  2⤵
  PID:4284
- C:\Windows\System\lknXHRw.exe
  C:\Windows\System\lknXHRw.exe
  2⤵
  PID:6660
- C:\Windows\System\eBvsyyj.exe
  C:\Windows\System\eBvsyyj.exe
  2⤵
  PID:6704
- C:\Windows\System\kuFnrsQ.exe
  C:\Windows\System\kuFnrsQ.exe
  2⤵
  PID:6768
- C:\Windows\System\qAhJGJI.exe
  C:\Windows\System\qAhJGJI.exe
  2⤵
  PID:6752
- C:\Windows\System\YiCqWHg.exe
  C:\Windows\System\YiCqWHg.exe
  2⤵
  PID:6708
- C:\Windows\System\XYcxlRm.exe
  C:\Windows\System\XYcxlRm.exe
  2⤵
  PID:6980
- C:\Windows\System\cngDBCq.exe
  C:\Windows\System\cngDBCq.exe
  2⤵
  PID:924
- C:\Windows\System\OCJeXfX.exe
  C:\Windows\System\OCJeXfX.exe
  2⤵
  PID:7024
- C:\Windows\System\QuoMjzT.exe
  C:\Windows\System\QuoMjzT.exe
  2⤵
  PID:7152
- C:\Windows\System\HpqBhST.exe
  C:\Windows\System\HpqBhST.exe
  2⤵
  PID:7092
- C:\Windows\System\bpuXnSd.exe
  C:\Windows\System\bpuXnSd.exe
  2⤵
  PID:2092
- C:\Windows\System\oJJGXkw.exe
  C:\Windows\System\oJJGXkw.exe
  2⤵
  PID:6156
- C:\Windows\System\Qvfrrnk.exe
  C:\Windows\System\Qvfrrnk.exe
  2⤵
  PID:6480
- C:\Windows\System\HMufaWK.exe
  C:\Windows\System\HMufaWK.exe
  2⤵
  PID:5612
- C:\Windows\System\EbRQHXn.exe
  C:\Windows\System\EbRQHXn.exe
  2⤵
  PID:6172
- C:\Windows\System\JgjszlO.exe
  C:\Windows\System\JgjszlO.exe
  2⤵
  PID:6188
- C:\Windows\System\DzKsXlM.exe
  C:\Windows\System\DzKsXlM.exe
  2⤵
  PID:6756
- C:\Windows\System\FVKWxER.exe
  C:\Windows\System\FVKWxER.exe
  2⤵
  PID:6896
- C:\Windows\System\lWgCBCf.exe
  C:\Windows\System\lWgCBCf.exe
  2⤵
  PID:7088
- C:\Windows\System\PVskVcH.exe
  C:\Windows\System\PVskVcH.exe
  2⤵
  PID:3824
- C:\Windows\System\Jgnufdc.exe
  C:\Windows\System\Jgnufdc.exe
  2⤵
  PID:7180
- C:\Windows\System\ePmpFrH.exe
  C:\Windows\System\ePmpFrH.exe
  2⤵
  PID:7196
- C:\Windows\System\UulCXij.exe
  C:\Windows\System\UulCXij.exe
  2⤵
  PID:7216
- C:\Windows\System\OIWFJUn.exe
  C:\Windows\System\OIWFJUn.exe
  2⤵
  PID:7232
- C:\Windows\System\GvONuXn.exe
  C:\Windows\System\GvONuXn.exe
  2⤵
  PID:7248
- C:\Windows\System\PWZjgPy.exe
  C:\Windows\System\PWZjgPy.exe
  2⤵
  PID:7264
- C:\Windows\System\WvqYDBz.exe
  C:\Windows\System\WvqYDBz.exe
  2⤵
  PID:7280
- C:\Windows\System\OHrWQpe.exe
  C:\Windows\System\OHrWQpe.exe
  2⤵
  PID:7296
- C:\Windows\System\OkpidvQ.exe
  C:\Windows\System\OkpidvQ.exe
  2⤵
  PID:7312
- C:\Windows\System\rWoHtAX.exe
  C:\Windows\System\rWoHtAX.exe
  2⤵
  PID:7328
- C:\Windows\System\oprTlMn.exe
  C:\Windows\System\oprTlMn.exe
  2⤵
  PID:7344
- C:\Windows\System\AfYGrRk.exe
  C:\Windows\System\AfYGrRk.exe
  2⤵
  PID:7360
- C:\Windows\System\iODHFCE.exe
  C:\Windows\System\iODHFCE.exe
  2⤵
  PID:7376
- C:\Windows\System\NScTDcW.exe
  C:\Windows\System\NScTDcW.exe
  2⤵
  PID:7392
- C:\Windows\System\zbpxdbj.exe
  C:\Windows\System\zbpxdbj.exe
  2⤵
  PID:7408
- C:\Windows\System\pNJutYc.exe
  C:\Windows\System\pNJutYc.exe
  2⤵
  PID:7424
- C:\Windows\System\RyKRDrm.exe
  C:\Windows\System\RyKRDrm.exe
  2⤵
  PID:7444
- C:\Windows\System\PCLrXog.exe
  C:\Windows\System\PCLrXog.exe
  2⤵
  PID:7460
- C:\Windows\System\GcknYeD.exe
  C:\Windows\System\GcknYeD.exe
  2⤵
  PID:7476
- C:\Windows\System\rWyUjpK.exe
  C:\Windows\System\rWyUjpK.exe
  2⤵
  PID:7492
- C:\Windows\System\spgRaJK.exe
  C:\Windows\System\spgRaJK.exe
  2⤵
  PID:7508
- C:\Windows\System\JJKDyJH.exe
  C:\Windows\System\JJKDyJH.exe
  2⤵
  PID:7524
- C:\Windows\System\NDvrrSE.exe
  C:\Windows\System\NDvrrSE.exe
  2⤵
  PID:7540
- C:\Windows\System\mniubtF.exe
  C:\Windows\System\mniubtF.exe
  2⤵
  PID:7556
- C:\Windows\System\fCTXmEr.exe
  C:\Windows\System\fCTXmEr.exe
  2⤵
  PID:7572
- C:\Windows\System\HvmpAKY.exe
  C:\Windows\System\HvmpAKY.exe
  2⤵
  PID:7764
- C:\Windows\System\OwbItGM.exe
  C:\Windows\System\OwbItGM.exe
  2⤵
  PID:7780
- C:\Windows\System\HAJQJbk.exe
  C:\Windows\System\HAJQJbk.exe
  2⤵
  PID:8176
- C:\Windows\System\XwoGRcF.exe
  C:\Windows\System\XwoGRcF.exe
  2⤵
  PID:7388
- C:\Windows\System\EKCefWx.exe
  C:\Windows\System\EKCefWx.exe
  2⤵
  PID:7548
- C:\Windows\System\ZWWvusT.exe
  C:\Windows\System\ZWWvusT.exe
  2⤵
  PID:7500
- C:\Windows\System\ByHBPYl.exe
  C:\Windows\System\ByHBPYl.exe
  2⤵
  PID:7580
- C:\Windows\System\XIrLnld.exe
  C:\Windows\System\XIrLnld.exe
  2⤵
  PID:7568
- C:\Windows\System\XhSvRoy.exe
  C:\Windows\System\XhSvRoy.exe
  2⤵
  PID:7596
- C:\Windows\System\ievrQKm.exe
  C:\Windows\System\ievrQKm.exe
  2⤵
  PID:7612
- C:\Windows\System\Qpxjfgh.exe
  C:\Windows\System\Qpxjfgh.exe
  2⤵
  PID:7628
- C:\Windows\System\btbFgRz.exe
  C:\Windows\System\btbFgRz.exe
  2⤵
  PID:7644
- C:\Windows\System\wOuOAWt.exe
  C:\Windows\System\wOuOAWt.exe
  2⤵
  PID:7660
- C:\Windows\System\MdjnwRl.exe
  C:\Windows\System\MdjnwRl.exe
  2⤵
  PID:7684
- C:\Windows\System\UBpetZj.exe
  C:\Windows\System\UBpetZj.exe
  2⤵
  PID:7704
- C:\Windows\System\YCKzJbf.exe
  C:\Windows\System\YCKzJbf.exe
  2⤵
  PID:7724
- C:\Windows\System\lZhgFdu.exe
  C:\Windows\System\lZhgFdu.exe
  2⤵
  PID:7736
- C:\Windows\System\GssbVNu.exe
  C:\Windows\System\GssbVNu.exe
  2⤵
  PID:7752
- C:\Windows\System\ziVaOqI.exe
  C:\Windows\System\ziVaOqI.exe
  2⤵
  PID:7788
- C:\Windows\System\nkyBQXh.exe
  C:\Windows\System\nkyBQXh.exe
  2⤵
  PID:7792
- C:\Windows\System\BeDFMhp.exe
  C:\Windows\System\BeDFMhp.exe
  2⤵
  PID:7812
- C:\Windows\System\aremGRk.exe
  C:\Windows\System\aremGRk.exe
  2⤵
  PID:7828
- C:\Windows\System\FyiGOss.exe
  C:\Windows\System\FyiGOss.exe
  2⤵
  PID:7852
- C:\Windows\System\XBRuACo.exe
  C:\Windows\System\XBRuACo.exe
  2⤵
  PID:7880
- C:\Windows\System\haaWLfx.exe
  C:\Windows\System\haaWLfx.exe
  2⤵
  PID:7928
- C:\Windows\System\DAtieiI.exe
  C:\Windows\System\DAtieiI.exe
  2⤵
  PID:7940
- C:\Windows\System\xrrtuSt.exe
  C:\Windows\System\xrrtuSt.exe
  2⤵
  PID:7956
- C:\Windows\System\CxOHNNR.exe
  C:\Windows\System\CxOHNNR.exe
  2⤵
  PID:8044
- C:\Windows\System\pxpYQxr.exe
  C:\Windows\System\pxpYQxr.exe
  2⤵
  PID:8104
- C:\Windows\System\EJFrDHW.exe
  C:\Windows\System\EJFrDHW.exe
  2⤵
  PID:8004
- C:\Windows\System\PfjoEgV.exe
  C:\Windows\System\PfjoEgV.exe
  2⤵
  PID:8024
- C:\Windows\System\izVIJvO.exe
  C:\Windows\System\izVIJvO.exe
  2⤵
  PID:8040
- C:\Windows\System\suBKEvd.exe
  C:\Windows\System\suBKEvd.exe
  2⤵
  PID:8060
- C:\Windows\System\FuoAEpv.exe
  C:\Windows\System\FuoAEpv.exe
  2⤵
  PID:8076
- C:\Windows\System\heCchSw.exe
  C:\Windows\System\heCchSw.exe
  2⤵
  PID:8096
- C:\Windows\System\nFkfxFt.exe
  C:\Windows\System\nFkfxFt.exe
  2⤵
  PID:8120
- C:\Windows\System\bHdWUJY.exe
  C:\Windows\System\bHdWUJY.exe
  2⤵
  PID:8140
- C:\Windows\System\zMKtHxn.exe
  C:\Windows\System\zMKtHxn.exe
  2⤵
  PID:8164
- C:\Windows\System\FtweeKM.exe
  C:\Windows\System\FtweeKM.exe
  2⤵
  PID:7224
- C:\Windows\System\RqncRvM.exe
  C:\Windows\System\RqncRvM.exe
  2⤵
  PID:7368
- C:\Windows\System\lpsBBJR.exe
  C:\Windows\System\lpsBBJR.exe
  2⤵
  PID:7416
- C:\Windows\System\ZjxZafb.exe
  C:\Windows\System\ZjxZafb.exe
  2⤵
  PID:7484
- C:\Windows\System\YqIpOKw.exe
  C:\Windows\System\YqIpOKw.exe
  2⤵
  PID:5576
- C:\Windows\System\xXlwoyh.exe
  C:\Windows\System\xXlwoyh.exe
  2⤵
  PID:6116
- C:\Windows\System\xEIPMIE.exe
  C:\Windows\System\xEIPMIE.exe
  2⤵
  PID:6880
- C:\Windows\System\qtHBbMV.exe
  C:\Windows\System\qtHBbMV.exe
  2⤵
  PID:7188
- C:\Windows\System\bDEONbb.exe
  C:\Windows\System\bDEONbb.exe
  2⤵
  PID:7172
- C:\Windows\System\QJGPlQQ.exe
  C:\Windows\System\QJGPlQQ.exe
  2⤵
  PID:844
- C:\Windows\System\uZcimbK.exe
  C:\Windows\System\uZcimbK.exe
  2⤵
  PID:6344
- C:\Windows\System\ZOixcAF.exe
  C:\Windows\System\ZOixcAF.exe
  2⤵
  PID:6624
- C:\Windows\System\zNDVCbc.exe
  C:\Windows\System\zNDVCbc.exe
  2⤵
  PID:7320
- C:\Windows\System\qUphdro.exe
  C:\Windows\System\qUphdro.exe
  2⤵
  PID:7384
- C:\Windows\System\bikdJLM.exe
  C:\Windows\System\bikdJLM.exe
  2⤵
  PID:7536
- C:\Windows\System\FoDSdhU.exe
  C:\Windows\System\FoDSdhU.exe
  2⤵
  PID:7652
- C:\Windows\System\wWnIKUN.exe
  C:\Windows\System\wWnIKUN.exe
  2⤵
  PID:7700
- C:\Windows\System\bQJztZr.exe
  C:\Windows\System\bQJztZr.exe
  2⤵
  PID:7804
- C:\Windows\System\nCfgcVv.exe
  C:\Windows\System\nCfgcVv.exe
  2⤵
  PID:7680
- C:\Windows\System\EAMQRGG.exe
  C:\Windows\System\EAMQRGG.exe
  2⤵
  PID:7716
- C:\Windows\System\sfSjhSf.exe
  C:\Windows\System\sfSjhSf.exe
  2⤵
  PID:7712
- C:\Windows\System\KvumdIV.exe
  C:\Windows\System\KvumdIV.exe
  2⤵
  PID:7888
- C:\Windows\System\oKLhKKB.exe
  C:\Windows\System\oKLhKKB.exe
  2⤵
  PID:7864
- C:\Windows\System\VARDuVd.exe
  C:\Windows\System\VARDuVd.exe
  2⤵
  PID:7908
- C:\Windows\System\nWAJPzu.exe
  C:\Windows\System\nWAJPzu.exe
  2⤵
  PID:7948
- C:\Windows\System\eqvGiks.exe
  C:\Windows\System\eqvGiks.exe
  2⤵
  PID:7980
- C:\Windows\System\pUNhyZN.exe
  C:\Windows\System\pUNhyZN.exe
  2⤵
  PID:8016
- C:\Windows\System\vMQQJer.exe
  C:\Windows\System\vMQQJer.exe
  2⤵
  PID:8056
- C:\Windows\System\aoEYHvz.exe
  C:\Windows\System\aoEYHvz.exe
  2⤵
  PID:8168
- C:\Windows\System\RPlRdcd.exe
  C:\Windows\System\RPlRdcd.exe
  2⤵
  PID:8156
- C:\Windows\System\ZixUvGh.exe
  C:\Windows\System\ZixUvGh.exe
  2⤵
  PID:6848
- C:\Windows\System\rIxYBcc.exe
  C:\Windows\System\rIxYBcc.exe
  2⤵
  PID:7992
- C:\Windows\System\zqYduXM.exe
  C:\Windows\System\zqYduXM.exe
  2⤵
  PID:7256
- C:\Windows\System\WUOCBWZ.exe
  C:\Windows\System\WUOCBWZ.exe
  2⤵
  PID:5352
- C:\Windows\System\wNjYtJv.exe
  C:\Windows\System\wNjYtJv.exe
  2⤵
  PID:7260
- C:\Windows\System\vKGLrXu.exe
  C:\Windows\System\vKGLrXu.exe
  2⤵
  PID:6268
- C:\Windows\System\YgRurck.exe
  C:\Windows\System\YgRurck.exe
  2⤵
  PID:7468
- C:\Windows\System\CFzmPxS.exe
  C:\Windows\System\CFzmPxS.exe
  2⤵
  PID:2972
- C:\Windows\System\KYnFbVu.exe
  C:\Windows\System\KYnFbVu.exe
  2⤵
  PID:7696
- C:\Windows\System\WlLwomr.exe
  C:\Windows\System\WlLwomr.exe
  2⤵
  PID:7844
- C:\Windows\System\zmdSJGA.exe
  C:\Windows\System\zmdSJGA.exe
  2⤵
  PID:7564
- C:\Windows\System\GgVHnyy.exe
  C:\Windows\System\GgVHnyy.exe
  2⤵
  PID:7896
- C:\Windows\System\YEidbMb.exe
  C:\Windows\System\YEidbMb.exe
  2⤵
  PID:7136
- C:\Windows\System\wegQaTf.exe
  C:\Windows\System\wegQaTf.exe
  2⤵
  PID:6120
- C:\Windows\System\VTbupLg.exe
  C:\Windows\System\VTbupLg.exe
  2⤵
  PID:7796
- C:\Windows\System\VnPsTXs.exe
  C:\Windows\System\VnPsTXs.exe
  2⤵
  PID:7860
- C:\Windows\System\iFTQaRz.exe
  C:\Windows\System\iFTQaRz.exe
  2⤵
  PID:7584
- C:\Windows\System\IUIZrQf.exe
  C:\Windows\System\IUIZrQf.exe
  2⤵
  PID:7772
- C:\Windows\System\YjgWAIu.exe
  C:\Windows\System\YjgWAIu.exe
  2⤵
  PID:8008
- C:\Windows\System\dubhDkC.exe
  C:\Windows\System\dubhDkC.exe
  2⤵
  PID:7932
- C:\Windows\System\cMlESWr.exe
  C:\Windows\System\cMlESWr.exe
  2⤵
  PID:7972
- C:\Windows\System\YaRoAWE.exe
  C:\Windows\System\YaRoAWE.exe
  2⤵
  PID:8112
- C:\Windows\System\qVleeBE.exe
  C:\Windows\System\qVleeBE.exe
  2⤵
  PID:8152
- C:\Windows\System\YwJXGJm.exe
  C:\Windows\System\YwJXGJm.exe
  2⤵
  PID:5428
- C:\Windows\System\ZfoCyco.exe
  C:\Windows\System\ZfoCyco.exe
  2⤵
  PID:8188
- C:\Windows\System\yRGHlNb.exe
  C:\Windows\System\yRGHlNb.exe
  2⤵
  PID:5368
- C:\Windows\System\eBLPPiF.exe
  C:\Windows\System\eBLPPiF.exe
  2⤵
  PID:7288
- C:\Windows\System\vkJLzVJ.exe
  C:\Windows\System\vkJLzVJ.exe
  2⤵
  PID:7404
- C:\Windows\System\OLFUvXU.exe
  C:\Windows\System\OLFUvXU.exe
  2⤵
  PID:2912
- C:\Windows\System\kvOYCXs.exe
  C:\Windows\System\kvOYCXs.exe
  2⤵
  PID:1964
- C:\Windows\System\zNtSvyE.exe
  C:\Windows\System\zNtSvyE.exe
  2⤵
  PID:7668
- C:\Windows\System\rrPLpgZ.exe
  C:\Windows\System\rrPLpgZ.exe
  2⤵
  PID:8132
- C:\Windows\System\PWgRQtE.exe
  C:\Windows\System\PWgRQtE.exe
  2⤵
  PID:8072
- C:\Windows\System\WiNtUBi.exe
  C:\Windows\System\WiNtUBi.exe
  2⤵
  PID:7748
- C:\Windows\System\XJKhqeM.exe
  C:\Windows\System\XJKhqeM.exe
  2⤵
  PID:2404
- C:\Windows\System\vkmpaod.exe
  C:\Windows\System\vkmpaod.exe
  2⤵
  PID:7820
- C:\Windows\System\oLTyDVy.exe
  C:\Windows\System\oLTyDVy.exe
  2⤵
  PID:7964
- C:\Windows\System\IeHqhww.exe
  C:\Windows\System\IeHqhww.exe
  2⤵
  PID:7440
- C:\Windows\System\ZaBfQPp.exe
  C:\Windows\System\ZaBfQPp.exe
  2⤵
  PID:1860
- C:\Windows\System\cjuTkPe.exe
  C:\Windows\System\cjuTkPe.exe
  2⤵
  PID:3028
- C:\Windows\System\VDTJJhX.exe
  C:\Windows\System\VDTJJhX.exe
  2⤵
  PID:7924
- C:\Windows\System\uzyquEb.exe
  C:\Windows\System\uzyquEb.exe
  2⤵
  PID:7692
- C:\Windows\System\cXymxfI.exe
  C:\Windows\System\cXymxfI.exe
  2⤵
  PID:8172
- C:\Windows\System\nrznCRG.exe
  C:\Windows\System\nrznCRG.exe
  2⤵
  PID:7456
- C:\Windows\System\gMRNBoc.exe
  C:\Windows\System\gMRNBoc.exe
  2⤵
  PID:7520
- C:\Windows\System\bAAdzEQ.exe
  C:\Windows\System\bAAdzEQ.exe
  2⤵
  PID:7276
- C:\Windows\System\wdkLRYA.exe
  C:\Windows\System\wdkLRYA.exe
  2⤵
  PID:7620
- C:\Windows\System\KBRMzKT.exe
  C:\Windows\System\KBRMzKT.exe
  2⤵
  PID:7920
- C:\Windows\System\jgcuXiD.exe
  C:\Windows\System\jgcuXiD.exe
  2⤵
  PID:2392
- C:\Windows\System\noBgLgl.exe
  C:\Windows\System\noBgLgl.exe
  2⤵
  PID:8036
- C:\Windows\System\MDNMBxW.exe
  C:\Windows\System\MDNMBxW.exe
  2⤵
  PID:8200
- C:\Windows\System\QTWnInd.exe
  C:\Windows\System\QTWnInd.exe
  2⤵
  PID:8216
- C:\Windows\System\Ixhymzh.exe
  C:\Windows\System\Ixhymzh.exe
  2⤵
  PID:8232
- C:\Windows\System\gVvLniG.exe
  C:\Windows\System\gVvLniG.exe
  2⤵
  PID:8248
- C:\Windows\System\qadEzHU.exe
  C:\Windows\System\qadEzHU.exe
  2⤵
  PID:8264
- C:\Windows\System\MuukbIQ.exe
  C:\Windows\System\MuukbIQ.exe
  2⤵
  PID:8280
- C:\Windows\System\NAUCzqM.exe
  C:\Windows\System\NAUCzqM.exe
  2⤵
  PID:8300
- C:\Windows\System\xecwsGd.exe
  C:\Windows\System\xecwsGd.exe
  2⤵
  PID:8316
- C:\Windows\System\IyactgZ.exe
  C:\Windows\System\IyactgZ.exe
  2⤵
  PID:8332
- C:\Windows\System\sctNvRO.exe
  C:\Windows\System\sctNvRO.exe
  2⤵
  PID:8348
- C:\Windows\System\byVHPxN.exe
  C:\Windows\System\byVHPxN.exe
  2⤵
  PID:8364
- C:\Windows\System\kRTLsWL.exe
  C:\Windows\System\kRTLsWL.exe
  2⤵
  PID:8380
- C:\Windows\System\MLKktfn.exe
  C:\Windows\System\MLKktfn.exe
  2⤵
  PID:8548
- C:\Windows\System\fjKqoNV.exe
  C:\Windows\System\fjKqoNV.exe
  2⤵
  PID:8564
- C:\Windows\System\IIDUaiZ.exe
  C:\Windows\System\IIDUaiZ.exe
  2⤵
  PID:8580
- C:\Windows\System\ixYqjtB.exe
  C:\Windows\System\ixYqjtB.exe
  2⤵
  PID:8600
- C:\Windows\System\pGSTSci.exe
  C:\Windows\System\pGSTSci.exe
  2⤵
  PID:8620
- C:\Windows\System\DmhYyTC.exe
  C:\Windows\System\DmhYyTC.exe
  2⤵
  PID:8656
- C:\Windows\System\NVlVODE.exe
  C:\Windows\System\NVlVODE.exe
  2⤵
  PID:8672
- C:\Windows\System\ygsqCQA.exe
  C:\Windows\System\ygsqCQA.exe
  2⤵
  PID:8692
- C:\Windows\System\SJQcXOw.exe
  C:\Windows\System\SJQcXOw.exe
  2⤵
  PID:8708
- C:\Windows\System\qJgkciN.exe
  C:\Windows\System\qJgkciN.exe
  2⤵
  PID:8728
- C:\Windows\System\rgbvSDU.exe
  C:\Windows\System\rgbvSDU.exe
  2⤵
  PID:8744
- C:\Windows\System\UYMCeiY.exe
  C:\Windows\System\UYMCeiY.exe
  2⤵
  PID:8768
- C:\Windows\System\qUFTAto.exe
  C:\Windows\System\qUFTAto.exe
  2⤵
  PID:8784
- C:\Windows\System\frjaFEm.exe
  C:\Windows\System\frjaFEm.exe
  2⤵
  PID:8800
- C:\Windows\System\XyLGUCG.exe
  C:\Windows\System\XyLGUCG.exe
  2⤵
  PID:8840
- C:\Windows\System\LIcXXdd.exe
  C:\Windows\System\LIcXXdd.exe
  2⤵
  PID:8856
- C:\Windows\System\pyotYEl.exe
  C:\Windows\System\pyotYEl.exe
  2⤵
  PID:8872
- C:\Windows\System\jWNzZBD.exe
  C:\Windows\System\jWNzZBD.exe
  2⤵
  PID:8892
- C:\Windows\System\muWaZsn.exe
  C:\Windows\System\muWaZsn.exe
  2⤵
  PID:8912
- C:\Windows\System\dwLWiRu.exe
  C:\Windows\System\dwLWiRu.exe
  2⤵
  PID:8936
- C:\Windows\System\vnTsUvI.exe
  C:\Windows\System\vnTsUvI.exe
  2⤵
  PID:8956
- C:\Windows\System\VgwbRpk.exe
  C:\Windows\System\VgwbRpk.exe
  2⤵
  PID:8972
- C:\Windows\System\DlxSEnx.exe
  C:\Windows\System\DlxSEnx.exe
  2⤵
  PID:8996
- C:\Windows\System\vnkQqON.exe
  C:\Windows\System\vnkQqON.exe
  2⤵
  PID:9012
- C:\Windows\System\mdynqkE.exe
  C:\Windows\System\mdynqkE.exe
  2⤵
  PID:9028
- C:\Windows\System\iCmPFyi.exe
  C:\Windows\System\iCmPFyi.exe
  2⤵
  PID:9052
- C:\Windows\System\AaWbJiS.exe
  C:\Windows\System\AaWbJiS.exe
  2⤵
  PID:9072
- C:\Windows\System\gobQKVP.exe
  C:\Windows\System\gobQKVP.exe
  2⤵
  PID:9092
- C:\Windows\System\hegnsBw.exe
  C:\Windows\System\hegnsBw.exe
  2⤵
  PID:9112
- C:\Windows\System\FmlcxQy.exe
  C:\Windows\System\FmlcxQy.exe
  2⤵
  PID:9132
- C:\Windows\System\PcCAlsy.exe
  C:\Windows\System\PcCAlsy.exe
  2⤵
  PID:9152
- C:\Windows\System\RlHKTpO.exe
  C:\Windows\System\RlHKTpO.exe
  2⤵
  PID:9172
- C:\Windows\System\IqPXZKd.exe
  C:\Windows\System\IqPXZKd.exe
  2⤵
  PID:9188
- C:\Windows\System\bgHgXUR.exe
  C:\Windows\System\bgHgXUR.exe
  2⤵
  PID:9204
- C:\Windows\System\BDmbjtx.exe
  C:\Windows\System\BDmbjtx.exe
  2⤵
  PID:8296
- C:\Windows\System\VDGpang.exe
  C:\Windows\System\VDGpang.exe
  2⤵
  PID:8092
- C:\Windows\System\dcgBnYw.exe
  C:\Windows\System\dcgBnYw.exe
  2⤵
  PID:8212
- C:\Windows\System\zhIEgwa.exe
  C:\Windows\System\zhIEgwa.exe
  2⤵
  PID:8240
- C:\Windows\System\zYXzkzi.exe
  C:\Windows\System\zYXzkzi.exe
  2⤵
  PID:8312
- C:\Windows\System\efBagxq.exe
  C:\Windows\System\efBagxq.exe
  2⤵
  PID:8360
- C:\Windows\System\kPycGPr.exe
  C:\Windows\System\kPycGPr.exe
  2⤵
  PID:8404
- C:\Windows\System\bCTofWm.exe
  C:\Windows\System\bCTofWm.exe
  2⤵
  PID:8420
- C:\Windows\System\mIVLyFU.exe
  C:\Windows\System\mIVLyFU.exe
  2⤵
  PID:320
- C:\Windows\System\moNMEPb.exe
  C:\Windows\System\moNMEPb.exe
  2⤵
  PID:8452
- C:\Windows\System\xudnexY.exe
  C:\Windows\System\xudnexY.exe
  2⤵
  PID:8472
- C:\Windows\System\pLCliRM.exe
  C:\Windows\System\pLCliRM.exe
  2⤵
  PID:8480
- C:\Windows\System\vqABDit.exe
  C:\Windows\System\vqABDit.exe
  2⤵
  PID:8504
- C:\Windows\System\kHZDaIN.exe
  C:\Windows\System\kHZDaIN.exe
  2⤵
  PID:8520
- C:\Windows\System\XSNLYhS.exe
  C:\Windows\System\XSNLYhS.exe
  2⤵
  PID:8540
- C:\Windows\System\KqhwbGB.exe
  C:\Windows\System\KqhwbGB.exe
  2⤵
  PID:8576
- C:\Windows\System\RTelmRD.exe
  C:\Windows\System\RTelmRD.exe
  2⤵
  PID:3056
- C:\Windows\System\EUtWTVJ.exe
  C:\Windows\System\EUtWTVJ.exe
  2⤵
  PID:8632
- C:\Windows\System\DLJnWYN.exe
  C:\Windows\System\DLJnWYN.exe
  2⤵
  PID:1788
- C:\Windows\System\HwbKioU.exe
  C:\Windows\System\HwbKioU.exe
  2⤵
  PID:8664
- C:\Windows\System\JFEFHfm.exe
  C:\Windows\System\JFEFHfm.exe
  2⤵
  PID:8680
- C:\Windows\System\CcqdBxn.exe
  C:\Windows\System\CcqdBxn.exe
  2⤵
  PID:8716
- C:\Windows\System\LnnrtAz.exe
  C:\Windows\System\LnnrtAz.exe
  2⤵
  PID:8812
- C:\Windows\System\nELDzSu.exe
  C:\Windows\System\nELDzSu.exe
  2⤵
  PID:8828
- C:\Windows\System\MtbiECJ.exe
  C:\Windows\System\MtbiECJ.exe
  2⤵
  PID:8868
- C:\Windows\System\ZbUVcpt.exe
  C:\Windows\System\ZbUVcpt.exe
  2⤵
  PID:8888
- C:\Windows\System\xlNAFOo.exe
  C:\Windows\System\xlNAFOo.exe
  2⤵
  PID:8944
- C:\Windows\System\TbuSPpd.exe
  C:\Windows\System\TbuSPpd.exe
  2⤵
  PID:8992
- C:\Windows\System\wnTcWbF.exe
  C:\Windows\System\wnTcWbF.exe
  2⤵
  PID:9024
- C:\Windows\System\yEmozxf.exe
  C:\Windows\System\yEmozxf.exe
  2⤵
  PID:9008
- C:\Windows\System\bKoWzTk.exe
  C:\Windows\System\bKoWzTk.exe
  2⤵
  PID:9104
- C:\Windows\System\NBBLlIo.exe
  C:\Windows\System\NBBLlIo.exe
  2⤵
  PID:9036
- C:\Windows\System\xIsLKSG.exe
  C:\Windows\System\xIsLKSG.exe
  2⤵
  PID:9124
- C:\Windows\System\FixdCjw.exe
  C:\Windows\System\FixdCjw.exe
  2⤵
  PID:9088
- C:\Windows\System\gVMUVif.exe
  C:\Windows\System\gVMUVif.exe
  2⤵
  PID:7836
- C:\Windows\System\rJeJMDF.exe
  C:\Windows\System\rJeJMDF.exe
  2⤵
  PID:8228
- C:\Windows\System\GkMetLo.exe
  C:\Windows\System\GkMetLo.exe
  2⤵
  PID:6644
- C:\Windows\System\SDJUZgX.exe
  C:\Windows\System\SDJUZgX.exe
  2⤵
  PID:8272
- C:\Windows\System\WTasrVd.exe
  C:\Windows\System\WTasrVd.exe
  2⤵
  PID:8388
- C:\Windows\System\xsfPLWy.exe
  C:\Windows\System\xsfPLWy.exe
  2⤵
  PID:8208
- C:\Windows\System\KOLkdhD.exe
  C:\Windows\System\KOLkdhD.exe
  2⤵
  PID:8436
- C:\Windows\System\CnGpang.exe
  C:\Windows\System\CnGpang.exe
  2⤵
  PID:8492
- C:\Windows\System\RhLwgyX.exe
  C:\Windows\System\RhLwgyX.exe
  2⤵
  PID:8596
- C:\Windows\System\aQFEwiU.exe
  C:\Windows\System\aQFEwiU.exe
  2⤵
  PID:8700
- C:\Windows\System\aIKcmht.exe
  C:\Windows\System\aIKcmht.exe
  2⤵
  PID:7624
- C:\Windows\System\dpahAGA.exe
  C:\Windows\System\dpahAGA.exe
  2⤵
  PID:8720
- C:\Windows\System\PKUvkls.exe
  C:\Windows\System\PKUvkls.exe
  2⤵
  PID:1864
- C:\Windows\System\lVRLYIF.exe
  C:\Windows\System\lVRLYIF.exe
  2⤵
  PID:8588
- C:\Windows\System\LocHHWT.exe
  C:\Windows\System\LocHHWT.exe
  2⤵
  PID:8592
- C:\Windows\System\zMrKXTD.exe
  C:\Windows\System\zMrKXTD.exe
  2⤵
  PID:8764
- C:\Windows\System\XfnurfV.exe
  C:\Windows\System\XfnurfV.exe
  2⤵
  PID:8920
- C:\Windows\System\HbIPkfM.exe
  C:\Windows\System\HbIPkfM.exe
  2⤵
  PID:8928
- C:\Windows\System\ybWhYqV.exe
  C:\Windows\System\ybWhYqV.exe
  2⤵
  PID:9048
- C:\Windows\System\sUOsMhj.exe
  C:\Windows\System\sUOsMhj.exe
  2⤵
  PID:9140
- C:\Windows\System\wfBxWiJ.exe
  C:\Windows\System\wfBxWiJ.exe
  2⤵
  PID:8984
- C:\Windows\System\NMDEesy.exe
  C:\Windows\System\NMDEesy.exe
  2⤵
  PID:9080
- C:\Windows\System\UrPOMkJ.exe
  C:\Windows\System\UrPOMkJ.exe
  2⤵
  PID:8288
- C:\Windows\System\bTuWlTe.exe
  C:\Windows\System\bTuWlTe.exe
  2⤵
  PID:8408
- C:\Windows\System\xTqEHOK.exe
  C:\Windows\System\xTqEHOK.exe
  2⤵
  PID:8516
- C:\Windows\System\lKglQGH.exe
  C:\Windows\System\lKglQGH.exe
  2⤵
  PID:9200
- C:\Windows\System\xpsIVOy.exe
  C:\Windows\System\xpsIVOy.exe
  2⤵
  PID:8572
- C:\Windows\System\JIbjIDa.exe
  C:\Windows\System\JIbjIDa.exe
  2⤵
  PID:8356
- C:\Windows\System\KEYefyK.exe
  C:\Windows\System\KEYefyK.exe
  2⤵
  PID:8512
- C:\Windows\System\wcZlbRn.exe
  C:\Windows\System\wcZlbRn.exe
  2⤵
  PID:8752
- C:\Windows\System\xKWTXVP.exe
  C:\Windows\System\xKWTXVP.exe
  2⤵
  PID:8836
- C:\Windows\System\sXXuLiJ.exe
  C:\Windows\System\sXXuLiJ.exe
  2⤵
  PID:8904
- C:\Windows\System\UPPVPHv.exe
  C:\Windows\System\UPPVPHv.exe
  2⤵
  PID:9064
- C:\Windows\System\mnZSmUx.exe
  C:\Windows\System\mnZSmUx.exe
  2⤵
  PID:8968
- C:\Windows\System\ydJlCqh.exe
  C:\Windows\System\ydJlCqh.exe
  2⤵
  PID:9044
- C:\Windows\System\yluFPhB.exe
  C:\Windows\System\yluFPhB.exe
  2⤵
  PID:8524
- C:\Windows\System\SOmjokL.exe
  C:\Windows\System\SOmjokL.exe
  2⤵
  PID:8292
- C:\Windows\System\Thexnid.exe
  C:\Windows\System\Thexnid.exe
  2⤵
  PID:8396
- C:\Windows\System\yDNDDBJ.exe
  C:\Windows\System\yDNDDBJ.exe
  2⤵
  PID:2116
- C:\Windows\System\OliDzzL.exe
  C:\Windows\System\OliDzzL.exe
  2⤵
  PID:8644
- C:\Windows\System\jgSNmMT.exe
  C:\Windows\System\jgSNmMT.exe
  2⤵
  PID:8756
- C:\Windows\System\JNVibVM.exe
  C:\Windows\System\JNVibVM.exe
  2⤵
  PID:9164
- C:\Windows\System\ucDdqWS.exe
  C:\Windows\System\ucDdqWS.exe
  2⤵
  PID:8392
- C:\Windows\System\rIRxdPu.exe
  C:\Windows\System\rIRxdPu.exe
  2⤵
  PID:8468
- C:\Windows\System\kZJKPtF.exe
  C:\Windows\System\kZJKPtF.exe
  2⤵
  PID:8792
- C:\Windows\System\frbEmpi.exe
  C:\Windows\System\frbEmpi.exe
  2⤵
  PID:8980
- C:\Windows\System\CgMvpDk.exe
  C:\Windows\System\CgMvpDk.exe
  2⤵
  PID:8864
- C:\Windows\System\GjyCKUA.exe
  C:\Windows\System\GjyCKUA.exe
  2⤵
  PID:8964
- C:\Windows\System\TnpAVtU.exe
  C:\Windows\System\TnpAVtU.exe
  2⤵
  PID:8224
- C:\Windows\System\EWjPtlw.exe
  C:\Windows\System\EWjPtlw.exe
  2⤵
  PID:8544
- C:\Windows\System\rLDQaoK.exe
  C:\Windows\System\rLDQaoK.exe
  2⤵
  PID:8952
- C:\Windows\System\vYIhzgK.exe
  C:\Windows\System\vYIhzgK.exe
  2⤵
  PID:8260
- C:\Windows\System\BhdNrIf.exe
  C:\Windows\System\BhdNrIf.exe
  2⤵
  PID:9220
- C:\Windows\System\xedmVJP.exe
  C:\Windows\System\xedmVJP.exe
  2⤵
  PID:9236
- C:\Windows\System\ujKlBSD.exe
  C:\Windows\System\ujKlBSD.exe
  2⤵
  PID:9268
- C:\Windows\System\pMNbFRT.exe
  C:\Windows\System\pMNbFRT.exe
  2⤵
  PID:9288
- C:\Windows\System\fHKVnNh.exe
  C:\Windows\System\fHKVnNh.exe
  2⤵
  PID:9304
- C:\Windows\System\gYnNsBR.exe
  C:\Windows\System\gYnNsBR.exe
  2⤵
  PID:9328
- C:\Windows\System\SjqDbeD.exe
  C:\Windows\System\SjqDbeD.exe
  2⤵
  PID:9348
- C:\Windows\System\aJQkKJF.exe
  C:\Windows\System\aJQkKJF.exe
  2⤵
  PID:9368
- C:\Windows\System\dbITBzz.exe
  C:\Windows\System\dbITBzz.exe
  2⤵
  PID:9388
- C:\Windows\System\PMdwcIu.exe
  C:\Windows\System\PMdwcIu.exe
  2⤵
  PID:9408
- C:\Windows\System\gZggCtZ.exe
  C:\Windows\System\gZggCtZ.exe
  2⤵
  PID:9424
- C:\Windows\System\omjosnj.exe
  C:\Windows\System\omjosnj.exe
  2⤵
  PID:9448
- C:\Windows\System\mgQjSeD.exe
  C:\Windows\System\mgQjSeD.exe
  2⤵
  PID:9464
- C:\Windows\System\UeLIiHY.exe
  C:\Windows\System\UeLIiHY.exe
  2⤵
  PID:9488
- C:\Windows\System\bnwFzlf.exe
  C:\Windows\System\bnwFzlf.exe
  2⤵
  PID:9504
- C:\Windows\System\BAaoYsC.exe
  C:\Windows\System\BAaoYsC.exe
  2⤵
  PID:9528
- C:\Windows\System\cHYXDXH.exe
  C:\Windows\System\cHYXDXH.exe
  2⤵
  PID:9544
- C:\Windows\System\FKSmlCn.exe
  C:\Windows\System\FKSmlCn.exe
  2⤵
  PID:9568
- C:\Windows\System\nmhPsHr.exe
  C:\Windows\System\nmhPsHr.exe
  2⤵
  PID:9584
- C:\Windows\System\pGiAtGA.exe
  C:\Windows\System\pGiAtGA.exe
  2⤵
  PID:9600
- C:\Windows\System\pVuOjcC.exe
  C:\Windows\System\pVuOjcC.exe
  2⤵
  PID:9620
- C:\Windows\System\LWtQqYS.exe
  C:\Windows\System\LWtQqYS.exe
  2⤵
  PID:9644
- C:\Windows\System\ZNCjziL.exe
  C:\Windows\System\ZNCjziL.exe
  2⤵
  PID:9664
- C:\Windows\System\FDMWmvY.exe
  C:\Windows\System\FDMWmvY.exe
  2⤵
  PID:9688
- C:\Windows\System\vzDwLxz.exe
  C:\Windows\System\vzDwLxz.exe
  2⤵
  PID:9704
- C:\Windows\System\TzlkSRO.exe
  C:\Windows\System\TzlkSRO.exe
  2⤵
  PID:9732
- C:\Windows\System\DIRWmVZ.exe
  C:\Windows\System\DIRWmVZ.exe
  2⤵
  PID:9748
- C:\Windows\System\pDJoaqv.exe
  C:\Windows\System\pDJoaqv.exe
  2⤵
  PID:9768
- C:\Windows\System\qrUFzAN.exe
  C:\Windows\System\qrUFzAN.exe
  2⤵
  PID:9788
- C:\Windows\System\LhcCHcx.exe
  C:\Windows\System\LhcCHcx.exe
  2⤵
  PID:9808
- C:\Windows\System\CfgROOZ.exe
  C:\Windows\System\CfgROOZ.exe
  2⤵
  PID:9824
- C:\Windows\System\TYLxfAa.exe
  C:\Windows\System\TYLxfAa.exe
  2⤵
  PID:9840
- C:\Windows\System\rOcvicI.exe
  C:\Windows\System\rOcvicI.exe
  2⤵
  PID:9856
- C:\Windows\System\HSWdxdA.exe
  C:\Windows\System\HSWdxdA.exe
  2⤵
  PID:9892
- C:\Windows\System\zyvkDFN.exe
  C:\Windows\System\zyvkDFN.exe
  2⤵
  PID:9916
- C:\Windows\System\lKNMpqw.exe
  C:\Windows\System\lKNMpqw.exe
  2⤵
  PID:9932
- C:\Windows\System\EDNtBYX.exe
  C:\Windows\System\EDNtBYX.exe
  2⤵
  PID:9948
- C:\Windows\System\AcrkenO.exe
  C:\Windows\System\AcrkenO.exe
  2⤵
  PID:9964
- C:\Windows\System\zmHdbCm.exe
  C:\Windows\System\zmHdbCm.exe
  2⤵
  PID:9980
- C:\Windows\System\mijyegy.exe
  C:\Windows\System\mijyegy.exe
  2⤵
  PID:9996
- C:\Windows\System\HEQwmdZ.exe
  C:\Windows\System\HEQwmdZ.exe
  2⤵
  PID:10024
- C:\Windows\System\otPvBdt.exe
  C:\Windows\System\otPvBdt.exe
  2⤵
  PID:10040
- C:\Windows\System\DSGKngm.exe
  C:\Windows\System\DSGKngm.exe
  2⤵
  PID:10056
- C:\Windows\System\fwafSne.exe
  C:\Windows\System\fwafSne.exe
  2⤵
  PID:10076
- C:\Windows\System\faQGBwl.exe
  C:\Windows\System\faQGBwl.exe
  2⤵
  PID:10096
- C:\Windows\System\uPBrQkd.exe
  C:\Windows\System\uPBrQkd.exe
  2⤵
  PID:10116
- C:\Windows\System\RSksnGc.exe
  C:\Windows\System\RSksnGc.exe
  2⤵
  PID:10132
- C:\Windows\System\EhSnuJW.exe
  C:\Windows\System\EhSnuJW.exe
  2⤵
  PID:10148
- C:\Windows\System\lLklvvs.exe
  C:\Windows\System\lLklvvs.exe
  2⤵
  PID:10164
- C:\Windows\System\LUqOioE.exe
  C:\Windows\System\LUqOioE.exe
  2⤵
  PID:10200
- C:\Windows\System\BXxtAMz.exe
  C:\Windows\System\BXxtAMz.exe
  2⤵
  PID:10232
- C:\Windows\System\SewDgke.exe
  C:\Windows\System\SewDgke.exe
  2⤵
  PID:9244
- C:\Windows\System\wbzzwhh.exe
  C:\Windows\System\wbzzwhh.exe
  2⤵
  PID:9232
- C:\Windows\System\DMHSvkZ.exe
  C:\Windows\System\DMHSvkZ.exe
  2⤵
  PID:9060
- C:\Windows\System\NBMCooK.exe
  C:\Windows\System\NBMCooK.exe
  2⤵
  PID:9312
- C:\Windows\System\QTwllmJ.exe
  C:\Windows\System\QTwllmJ.exe
  2⤵
  PID:9340
- C:\Windows\System\DxMsLRO.exe
  C:\Windows\System\DxMsLRO.exe
  2⤵
  PID:9380
- C:\Windows\System\PXiRnEX.exe
  C:\Windows\System\PXiRnEX.exe
  2⤵
  PID:9404
- C:\Windows\System\NzsYINX.exe
  C:\Windows\System\NzsYINX.exe
  2⤵
  PID:9440
- C:\Windows\System\EDcZGZa.exe
  C:\Windows\System\EDcZGZa.exe
  2⤵
  PID:9476
- C:\Windows\System\GXjZrPF.exe
  C:\Windows\System\GXjZrPF.exe
  2⤵
  PID:9500
- C:\Windows\System\XOOUciK.exe
  C:\Windows\System\XOOUciK.exe
  2⤵
  PID:9524
- C:\Windows\System\oWEHfDS.exe
  C:\Windows\System\oWEHfDS.exe
  2⤵
  PID:9576
- C:\Windows\System\droMmPu.exe
  C:\Windows\System\droMmPu.exe
  2⤵
  PID:9596
- C:\Windows\System\SptOhAM.exe
  C:\Windows\System\SptOhAM.exe
  2⤵
  PID:9640
- C:\Windows\System\IbdaVWv.exe
  C:\Windows\System\IbdaVWv.exe
  2⤵
  PID:9656
- C:\Windows\System\SeoueJF.exe
  C:\Windows\System\SeoueJF.exe
  2⤵
  PID:9684
- C:\Windows\System\yYvxRvp.exe
  C:\Windows\System\yYvxRvp.exe
  2⤵
  PID:9776
- C:\Windows\System\IaQegrW.exe
  C:\Windows\System\IaQegrW.exe
  2⤵
  PID:9720
- C:\Windows\System\gXDYgwm.exe
  C:\Windows\System\gXDYgwm.exe
  2⤵
  PID:9764
- C:\Windows\System\MIluWrw.exe
  C:\Windows\System\MIluWrw.exe
  2⤵
  PID:9836
- C:\Windows\System\YPJfScU.exe
  C:\Windows\System\YPJfScU.exe
  2⤵
  PID:9872
- C:\Windows\System\RGMaMeK.exe
  C:\Windows\System\RGMaMeK.exe
  2⤵
  PID:9912
- C:\Windows\System\eueWdbw.exe
  C:\Windows\System\eueWdbw.exe
  2⤵
  PID:9908
- C:\Windows\System\lcklaYZ.exe
  C:\Windows\System\lcklaYZ.exe
  2⤵
  PID:10004
- C:\Windows\System\PfroExB.exe
  C:\Windows\System\PfroExB.exe
  2⤵
  PID:10048
- C:\Windows\System\xGxupwf.exe
  C:\Windows\System\xGxupwf.exe
  2⤵
  PID:10088
- C:\Windows\System\EdvmsfB.exe
  C:\Windows\System\EdvmsfB.exe
  2⤵
  PID:9956
- C:\Windows\System\sxNUuxd.exe
  C:\Windows\System\sxNUuxd.exe
  2⤵
  PID:10064
- C:\Windows\System\mbaeHrz.exe
  C:\Windows\System\mbaeHrz.exe
  2⤵
  PID:10104
- C:\Windows\System\YMUUPpi.exe
  C:\Windows\System\YMUUPpi.exe
  2⤵
  PID:10140
- C:\Windows\System\VpCOVVn.exe
  C:\Windows\System\VpCOVVn.exe
  2⤵
  PID:10176
- C:\Windows\System\uXjRHUo.exe
  C:\Windows\System\uXjRHUo.exe
  2⤵
  PID:10228
- C:\Windows\System\fYijVWK.exe
  C:\Windows\System\fYijVWK.exe
  2⤵
  PID:9168
- C:\Windows\System\cFacUTf.exe
  C:\Windows\System\cFacUTf.exe
  2⤵
  PID:9320
- C:\Windows\System\KGEPBRF.exe
  C:\Windows\System\KGEPBRF.exe
  2⤵
  PID:8832
- C:\Windows\System\MCHStAl.exe
  C:\Windows\System\MCHStAl.exe
  2⤵
  PID:9400
- C:\Windows\System\HqEBPUZ.exe
  C:\Windows\System\HqEBPUZ.exe
  2⤵
  PID:9460
- C:\Windows\System\VHqLvpA.exe
  C:\Windows\System\VHqLvpA.exe
  2⤵
  PID:9520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FesNiDG.exe

Filesize
6.0MB

MD5
099f99fb1313bf72b956142988092066

SHA1
3175001a9a39258c8b0481badc9d10c0cc1a6584

SHA256
f317988c9c206b039bedbf96a667e082f4a914743d1f8360cfab77eb1b137531

SHA512
ef2e5729217041b8b86384041f471ff27252d412b45002a304822810f6b5f4d74791b9311b09b62d6bb7aa8b5b094c519c467d477a673b02a80e44b3a4625069

Download Submit
C:\Windows\system\KFXGbhn.exe

Filesize
6.0MB

MD5
ab59ae0f568da6b14cba75cc0536f0f6

SHA1
f41ef10545dd96e121420aa69a6a21808ca29f2d

SHA256
6d45d80267c9d4421aabc96187f3290805bc9e8fe2b52422760bba244e27c496

SHA512
5ab7b5ff35f9c1ab34c775b4f2f74df1b5e5d7c75b6733dfdc184dc972a4883ac8c2a668c49ea431289ddf74723f940bb73d1cbf22c751e5238488ce2843c872

Download Submit
C:\Windows\system\LVLZleY.exe

Filesize
6.0MB

MD5
1ee01ba8363626c85186451b846e68eb

SHA1
3964df4d4ac254adcaced67c8b68cc32a1dfbce2

SHA256
a9303423f078d22f77d444e4a3229576755770eaa1d92c0678033e4e0eb60c92

SHA512
264aaf8e074ea8160f828ffdcbc6904abc7598d716c8df4dc30f1fc6bf344ac3b0d22a85fc6bd4b55a0d19d0b36a34b373cbfebf6470488018f5ff6490084b12

Download Submit
C:\Windows\system\MDJrSum.exe

Filesize
6.0MB

MD5
2ef53bbf8068ba03bb5ba48eda6c372f

SHA1
5ab55060555b76254c2585101d717b6fa541ef48

SHA256
cacc5a44bc0408f7710c90c60d65f38e30ec035bbc6599011b4e88d33ede8d82

SHA512
a568d4d74101986d42034d2bce6e051246ecf555059d16436c3441ecfc48fd94bdeae7b4f544fb222124bbe7c56d012cbab5e5e14e37dd0ed4bb99751dcb861e

Download Submit
C:\Windows\system\NUmXksk.exe

Filesize
6.0MB

MD5
6f5c49d89c5f3d23dac9d66352ea8e12

SHA1
4a8a6f01994421e734793207f41e32016f0f3ebd

SHA256
7f7f1b978d6de05d839cb4c3f29e585543441354a9a89e9468a513649667262e

SHA512
e45fe1f31439cead2310951aafc82a0defd370fa3c35ae223c002e853515a7d9f09b9b7f808143c8d71813428b779ff6171df8a62bc5de11af5fd821d7237e5c

Download Submit
C:\Windows\system\NiJsuQl.exe

Filesize
6.0MB

MD5
4a4eb94325f06fcd0bc65f0c260d6a5b

SHA1
b3710b58d98743c0b61389eb2d37b9291666c8a6

SHA256
1c15428e885027f41c47fc566695e4fa15ec2d7c281081741f87e86967f6ad03

SHA512
e417a62d5df088b2ac0506dce9a07ac67a5b5ccb11bf57e4d20b40959e589a1b197f71183beb6c4d87ae0d1835069f0b165be66e3e8c9a546d04533a04b9798a

Download Submit
C:\Windows\system\NvPTtPL.exe

Filesize
6.0MB

MD5
48214ba60eb7ac9a665ee77453639b9a

SHA1
d579c83a8f42c997e48367c46d6cd9af6fb386c8

SHA256
18a93a01c9ea4c003c162b729aaabe293450d505c70f51471bffcb538a81d77a

SHA512
e4f6621b5ac8b8ef1774aa670caa5646823deaf70c991e3d28c162d380b0a5a18cb658a8781f001b0e871ca0855a9f15c62d64771f0c9bb34a37af2d9286347b

Download Submit
C:\Windows\system\OMZrjyA.exe

Filesize
6.0MB

MD5
f3078ebdcb639b6b045fa149f1d288c3

SHA1
706a83548884ed2cb7942dee09e97e1792d227b9

SHA256
de20cb002b2db207a87fb66229ddd89e1fe5f6965c606a20de4d07f3f6f02f43

SHA512
04066fe4d3108ac71d80a5c54d0824265e164986fa510d569b8f19e7798f4a51fb4e8e0a2ce29c5563c8c033ecbc4a94c2cace374e5f5ec2d56c9abd2e3f1db4

Download Submit
C:\Windows\system\OnHVxFM.exe

Filesize
6.0MB

MD5
141ff12db2cf8c55ba914b6bb119bf8e

SHA1
22d5f9d232aa464210ac998e20b8e4b1e7880c44

SHA256
1477b1cbe508758bba4ced00533bca8d1f3341a34fe95ac90e7fbea3ef23f0ae

SHA512
034b8f2d715542654da938c9a4a7188910a6ce89dfa35524327833c3e5f871081d0062146ff51b512f37ef3a6b6857089332bec80f741beef794ecc1d623346f

Download Submit
C:\Windows\system\PVkToXd.exe

Filesize
6.0MB

MD5
782300b8b7e1848e5feea413fec63025

SHA1
6543e04d8209bbe485fbec023356420ca24ab496

SHA256
52bea00b2175e6d177a7b9980c6f7a624bb496245749b558fd2624c7d6b1d613

SHA512
d533f62ee117060a1011e913cbc771afea4d7f1a17d83e61da639d196a50dbeccdefa7b9af4949f4739b063934f3e2eba6e0ea57caab143616bf31459a39f5ac

Download Submit
C:\Windows\system\RROqNfO.exe

Filesize
6.0MB

MD5
a9dbb65cb5d86e949eae9e6ff3dd0555

SHA1
9041dce380eb0a05b7d16e899def626b59d5f898

SHA256
98104587cf103b6836f3384212076ab332432bee5b905cfdb2f952b9d67dad7f

SHA512
1f83933f93e5003cdce16afe9130760588cca625117c5e48bd8fc997949aec62346eb4e06e602462ec47859075426fcccaf4615e564f73c85a6c723ffd1e0f13

Download Submit
C:\Windows\system\RcwGQQm.exe

Filesize
6.0MB

MD5
10c42e5eae420dd421e6470f491788a9

SHA1
cb1cada21128f43cc23fcd983a8a400f7907f3eb

SHA256
32948adfe829157be3f640977ba4d0b734647b16f2098a16d97684e2407bddf8

SHA512
7be50e0c5428689890c33adeeb481909d87a2f9e3dbb2e5a13ef10fd741581c5a48f59c1a440267f9caa65b084c6caa74a6b727aa858d8cc3fa0eb2acd5ab35d

Download Submit
C:\Windows\system\ScEGzmB.exe

Filesize
6.0MB

MD5
2fd7e51b49d76e2f655d938fcd01c093

SHA1
6146f6004997b03243047f1ef20387090dc7813d

SHA256
b7388513d26e5a102d94e19dbc0f7f05088e2b4ab7d00c626ba06b1250b574f8

SHA512
115dfe09a06df10bc3736df47264cd3e8bdf04dc694f9351fb0918f4d74bb65c66f5eae0b20ceed39751006605020d18f762fdc9565c6827ff4782a9550a8c52

Download Submit
C:\Windows\system\SlmdyWw.exe

Filesize
6.0MB

MD5
342e13a182ea7220ed4838bc83623f93

SHA1
4660f931a42518333445ac241e74a59a71e51a81

SHA256
f42143ee7092548df637e304eaf4626581ba764a70f49f53f65b56a04283b7a8

SHA512
2c1f59d269bf9362cfdb2fcc0c1167d803717d518adaff196bb0085abe1ad1b93a8daf7184048cac924d2136b157c7d3b0234222669f178a0f899ee66c2c86c2

Download Submit
C:\Windows\system\SlnmChR.exe

Filesize
6.0MB

MD5
28fefa941c0a01f930b005eb92cfa58d

SHA1
0c351f061e6c7700ab9a1dd1922e18bb1346ee19

SHA256
dd153d58bb449823feb52e1e33812de3d2b9f977fb18cf6fad6499f9e265e224

SHA512
563005eb0c64f4c746a3e329ceb3d7246d2661380ee145a745927d1302a175d2ac502c432467c97f280a0387eb0596a25033ea1e1a0c3d8b449a932fd796832c

Download Submit
C:\Windows\system\UcskkBC.exe

Filesize
6.0MB

MD5
99cdcf95b11a60436f6ba627e10f6caa

SHA1
7e3f05103c14759bc8dd22a6c92975007c70f743

SHA256
89f9b9106f54e7eb79e2267ef2d88e71b0cfdd8e2dec795a96a03a736b74e5a7

SHA512
2c36d275419884ac952cca83d5b10204d19659669a8d4b59054f3bace245ef4b89e92ad9bae7aa83082c91105dafc43e4cbf69e41cc0b2d52048a76f7838482c

Download Submit
C:\Windows\system\UeeVWun.exe

Filesize
6.0MB

MD5
a0c4be451468fbc413a8de22ab9fc509

SHA1
a7b64b7088153d9b75bedb350446639891e4564f

SHA256
524803bda17d6f77c5dce79e415f542b54593097b2d3a6c65d8fe60c59cf6a2a

SHA512
e8b49b467ea7d5c7b8009cca147dc0ca3d27dfd43544dae1a8266e641522bdeaab04ee97f820ee28fcf04bc8b03ee6ec398af43bc5891f6da467c13498c66bb6

Download Submit
C:\Windows\system\XiOJrxf.exe

Filesize
6.0MB

MD5
412f224305a0cbe2629ce6aeed0107b3

SHA1
4f070b286b7d35c9564a8238b59dcfec4cc1846a

SHA256
d3c1c03f0c5002a344c3043781d3900c28df64d6ecc21e4565cef3a5c1da33aa

SHA512
c634cb6cb4341f09714463750065086a96ba370a3ab736234e4b8858d15d598dd79b2d9f973c652bddf002f636b48d48f53a63eaa5ed78eba4b1b52529be60d3

Download Submit
C:\Windows\system\cnyfpLM.exe

Filesize
6.0MB

MD5
b67d985f3047745a63d8aff947e63647

SHA1
ff289b36525ef47559b1b1550dc605529bb46d77

SHA256
ef642baaa9cf73f613ff42706203312da752dc33859cb073c248ae360fc2dcae

SHA512
61be08c73f0731f821e965f2bec58670afb4af6ecf503e83dd9515e4f373209d144d7b0791a2e505c8148bdb977bcb8867b3bde10fbec8b031f17e77a5fdfffa

Download Submit
C:\Windows\system\duNussv.exe

Filesize
6.0MB

MD5
130b79f4dd60c58ba96821659eb947b5

SHA1
678fedbdb919a835d97b5116294cda7205e2a9ab

SHA256
e11415e2a8c3fd69f476bd6886661bc28ed96c7826847cf70acc42bab677798e

SHA512
8186ba7ad1c15c677a86a828c73c4802e2b82cf4f10bc3bcd9c2e6dee225a9008426bba58c3d9c29147567b0bb9ccc8d671cc8347d40b843bf2576abdaaf7527

Download Submit
C:\Windows\system\eWMeLGd.exe

Filesize
6.0MB

MD5
e1caa43622359f9b676b92eaef06a6e1

SHA1
3e957d7b61b2d89bb6619898d7f00244c1e4f71b

SHA256
32d50d86f1b7afd1cb8ac02d44cbb76712782940bddda7c0c8d057e9cb6760a6

SHA512
b4890bfc387bf4fc706e2109a697bce92074b639c3188ba6d856ca3d5423752ae086fe7c316168d1e1665c54a15bd358b00a259021efaafdd39a40243e7dbaca

Download Submit
C:\Windows\system\gTubkVd.exe

Filesize
6.0MB

MD5
1472415f31fb99ddd7a290876366e036

SHA1
923907c41d24b509c1185e3b701a38c54ffd20da

SHA256
5048d30f0bd5cfb1634ee64f3796f3b9fdf980db6c7eeae6ed2ee3d105f232b8

SHA512
ce834ac9459bfca035759ee7d23cfe079fa150ce83044dab948e3193a7d6ac98da825055d5484f021b4bcbc596506dc6c27de004cde9a05d5e350ece1d0912b2

Download Submit
C:\Windows\system\okPbJel.exe

Filesize
8B

MD5
00ac711c99fb8e0bc0c8997761c98b22

SHA1
a17fe08e1511b543d8f7eccc0441a19c7e6e9344

SHA256
222436c98a6c1eccc5027877919b3ddcd7959822b587e89427051d8d3f700f0d

SHA512
6008abb3c7ab2cd04aad3f7634e94c05c91d646d4805216fc4ab26e908812c814e11a8c8d3908a6d7b39ee8995bcc05e78da5cbac34018c25d1b1d195fe3a9b9

Download Submit
C:\Windows\system\qUBQFIU.exe

Filesize
6.0MB

MD5
290d1ec836e53dca2079f2a8a5bd19a4

SHA1
76df4f2d0ce1751e7eb1369fe9c3184838e2d164

SHA256
67943e8703173662e87272e3861d686cbfdab37e487dcad74275c4f742550352

SHA512
86c14d6492a44e73a77ff65367db454ef34073e12bb4030330ca1a4143ccf430dc36a5e80ffeeb44d6b48b49ae5b8d36a0cc898d131e8ef38662e94ac142b041

Download Submit
C:\Windows\system\rvSbSUJ.exe

Filesize
6.0MB

MD5
25cec1f7c70e1d40628fa2f307f80210

SHA1
ee8600461b075c68473b96ecf0e6a39a82fc47c0

SHA256
5e8ce028057e7a03d970b1f18a9e14a513e23e384e350ee706222c9440e61334

SHA512
c1715174b4874975583bfc4635bcac224cdb920f57a4059f0d95a6cb31f12869fbfc2daaff1ac88bd1af0856e896cbfc3c92400c37e7e7b08f0099a43dc69fa5

Download Submit
C:\Windows\system\toARVzW.exe

Filesize
6.0MB

MD5
df23c6058d9b71a0c6514a981c6a0f59

SHA1
b5a8ba0d1d7e63f7c1786235db6477d47a1b6558

SHA256
cd0d88bea7a63e901e192151455a62b9e3c31d3852d0ac35fc41e0643e6d8de6

SHA512
1861dc758b995bcd2484268b1a1e40a8052c59d9cbd9c49c4285ccefb4a25677597df87b2ee41fda87c8b6c4e0b39994360ac7c28c442d6bf34945d0ad1362c6

Download Submit
C:\Windows\system\uTQxjYW.exe

Filesize
6.0MB

MD5
4bdde6e0cffb053d087c4c3895ce8a0a

SHA1
907469ee95811e5d9ea3429230f34c18d56a31c0

SHA256
ea0475032e7a8c712b3543d17aeafe9abadb88c575711a55f6d6710c639db659

SHA512
98620710f490089e9fc5cd2a43d21f09b3bb010182f5a8c0c0a562375ba5733c09a0fb9ebd0f37468f5dbbe4ef01a27ea887c98b42d6742c89110bb60a646c23

Download Submit
C:\Windows\system\vPwsLAI.exe

Filesize
6.0MB

MD5
01b9e0fb6e16f2522b26f08ba40e4d7b

SHA1
05db6fe72bc9269ce9bcd669a68cad549b87b977

SHA256
d920c88fcd54eed324bd0c8d6a2c6877db6e9451990949e20807fb8eebf5123b

SHA512
e22eecc80642b82ee14e130120c331a623547a9f1c98b88c6e30c63ec23745fae6a837f81e1746e2228faefea63ba75bde93cef2c80fc7e8b9e35cb9b2e50662

Download Submit
C:\Windows\system\wUcsvDT.exe

Filesize
6.0MB

MD5
134a4cc28dec9116ad727ac420719ba1

SHA1
8235f3d62240be22144c6b840a0745d4e9c0bca0

SHA256
1df759d72145718c7adcf60878b346aa43c01e35ae6b5a0136f1496f8faad145

SHA512
dff7dd94e916dc959c50e6e97214416a682364ab3f64f914724443b64a9ee41636550067fcde9821f4d9c16e790749555689b864a311e6458aab3fcc8ee64351

Download Submit
C:\Windows\system\wplNyQk.exe

Filesize
6.0MB

MD5
03f46e9b2249e9da3aef13a62a7e12d7

SHA1
ea48114fdbbb2cf515bcd3eb0f74a12b067494dc

SHA256
5db94e7792af6cde3cab155d9806ac0f3ef8dead2415833b29efd8f5a6cb9b39

SHA512
284ced57d28737047081628837b75c5279d0cf5017f71157ee323fcfe60318b48a719a7c7e0875dad915dc103fbc01de81d067758254a02387a8b9ce14688f76

Download Submit
C:\Windows\system\zsTQlqM.exe

Filesize
6.0MB

MD5
94660fc0fffbdf4c1276cfdfbb55be52

SHA1
f4af6aff9e86bc88be055a6e2fa536d2068267b7

SHA256
70dcffcd7949e3358cf15d9b55a0e107bb140e7ba17a3f03777698754c8b6ff2

SHA512
e9480bbc3c1d650a2c3b906d14ad0a01561f4cb4f28a67f95fe27fe0052080d6c4f6e3dff67878be58bf4939297ec81f158644dc3f3a619bce828aef2a5d1384

Download Submit
\Windows\system\ihrJhHF.exe

Filesize
6.0MB

MD5
6d88a1043e7498b41290e5e37fbd4c0d

SHA1
a56afae95fae3bfaa26f692c0d2865a7889ab50b

SHA256
8797aea264d2cecdc3a1bf3e74036eac98522473f8a09ce8165c6c5c1c245c9f

SHA512
585647a72e7bca359aaa21f35f93f0162343aadd36c5fb7b47407ff641c9154444e5a017fa6eef796dfa8937483d7ef8c22233ea88ed133597afb34102a24ddd

Download Submit
\Windows\system\oNKoQCv.exe

Filesize
6.0MB

MD5
fda39c4ae1f1cdc06697b711eeb795ac

SHA1
2dcdd0b244ce510930bac15f2ce5d637806f17db

SHA256
0d03a31abce6bc0b8b5de1ae2aab840d043a527dc5235cd1366d2f4ef867f982

SHA512
5a9dc46a24681253166eb4bd2347797ab14aaae197b3f3d18d6023b464122d380bb2d71b24dafc3febbfae6c7bae2d786210f69c69d3455ac07eaba164662e16

Download Submit
memory/332-896-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/332-3356-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/344-88-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/344-3361-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/344-551-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1780-27-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-3330-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-67-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-387-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3373-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3318-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-48-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-18-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-3297-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-9-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-850-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-34-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2520-101-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-108-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-94-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2520-8-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-60-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-319-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-85-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2520-80-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2520-642-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-77-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-76-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-13-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-21-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-68-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-982-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-0-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2520-81-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-109-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-46-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-44-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2520-31-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3320-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2620-93-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2620-58-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2656-233-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2656-73-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3359-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2760-72-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2760-38-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3342-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3316-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2764-49-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3310-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-25-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-92-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2872-53-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3325-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2916-64-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3336-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2916-104-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2980-97-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2980-746-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3376-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download