cobaltstrike | 59c1e65586b37d1aa87c6a13af415666a0181f9788f10b106bb6b28ba4f4a593

Analysis

max time kernel
124s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2643fa869e06d6d7a1502cfb8db76739
SHA1

ace1d24578503429f18821f738f0907d728d8c1f
SHA256

59c1e65586b37d1aa87c6a13af415666a0181f9788f10b106bb6b28ba4f4a593
SHA512

eec2a18e35c037d8389f30effa77f1464838048c99cbb9649b7bba80aea772823ae38e235327fbf58f91b307c78f654cc30cb0ec5452b9229239485f582146a2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001225f-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017520-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018634-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018741-18.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001907c-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019080-30.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001919c-36.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191ad-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-55.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/2700-0-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x000d00000001225f-3.dat	xmrig
behavioral1/files/0x0008000000017520-11.dat	xmrig
behavioral1/files/0x0007000000018634-15.dat	xmrig
behavioral1/files/0x0006000000018741-18.dat	xmrig
behavioral1/files/0x000700000001907c-26.dat	xmrig
behavioral1/files/0x0007000000019080-30.dat	xmrig
behavioral1/files/0x000700000001919c-36.dat	xmrig
behavioral1/files/0x00070000000191ad-41.dat	xmrig
behavioral1/files/0x0005000000019bf2-45.dat	xmrig
behavioral1/files/0x0005000000019c0b-50.dat	xmrig
behavioral1/files/0x0005000000019d5c-65.dat	xmrig
behavioral1/files/0x000500000001a033-90.dat	xmrig
behavioral1/files/0x000500000001a2b9-100.dat	xmrig
behavioral1/files/0x000500000001a423-134.dat	xmrig
behavioral1/files/0x000500000001a452-151.dat	xmrig
behavioral1/files/0x000500000001a463-160.dat	xmrig
behavioral1/files/0x000500000001a454-154.dat	xmrig
behavioral1/files/0x000500000001a447-145.dat	xmrig
behavioral1/files/0x000500000001a445-141.dat	xmrig
behavioral1/files/0x000500000001a3ed-130.dat	xmrig
behavioral1/files/0x000500000001a3ea-125.dat	xmrig
behavioral1/files/0x000500000001a3e8-121.dat	xmrig
behavioral1/files/0x000500000001a3e6-115.dat	xmrig
behavioral1/files/0x000500000001a3e4-111.dat	xmrig
behavioral1/files/0x000500000001a2fc-104.dat	xmrig
behavioral1/files/0x000500000001a05a-95.dat	xmrig
behavioral1/files/0x000500000001a020-84.dat	xmrig
behavioral1/files/0x0005000000019f71-80.dat	xmrig
behavioral1/files/0x0005000000019f57-74.dat	xmrig
behavioral1/files/0x0005000000019d69-70.dat	xmrig
behavioral1/files/0x0005000000019cfc-60.dat	xmrig
behavioral1/files/0x0005000000019cd5-55.dat	xmrig
behavioral1/memory/2792-1571-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2724-1779-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2608-1872-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2552-1825-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2832-1643-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2700-1540-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2924-1539-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2716-1509-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/1872-2010-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2732-2083-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/1076-2235-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2500-2265-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2700-2269-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2552-2966-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1872-2996-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2732-3025-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2608-2992-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2832-2989-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2700-3100-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2500-3024-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/1076-3023-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2948-3022-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2924-2988-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2792-2983-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2724-2978-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2716-2965-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2820	AgDvFlj.exe
2716	ELbMoME.exe
2924	ZKsvcEA.exe
2792	RBBvouT.exe
2832	ehxygEg.exe
2724	GPkZgwQ.exe
2552	tGSKWuZ.exe
2608	MFzQfWJ.exe
1872	pzRgycg.exe
2732	ZOABPrp.exe
1076	tUAkvyJ.exe
2500	dhfLQOP.exe
2948	FQhnYvq.exe
2176	EVCvXdG.exe
2136	rYCeZxR.exe
1796	VuclQXT.exe
2032	GFqMQxV.exe
2852	TutzPaJ.exe
2908	OzGEyvQ.exe
2628	MdedVuF.exe
1904	zPBXsxV.exe
1004	aPfkvMa.exe
2080	SJeZLTR.exe
480	PrbsfdT.exe
1136	IxHIELB.exe
1160	zxAMIXm.exe
2372	aHkOHvj.exe
2348	gICOWxq.exe
2920	ffbrHxN.exe
2340	LcEycGQ.exe
1852	zhwSbSN.exe
560	hOsSulm.exe
2120	fnQlAnO.exe
1596	oTZvMhi.exe
2460	IxWPayc.exe
1792	GJADHvo.exe
1636	Zqgseuf.exe
2984	MDkXWiR.exe
1060	gKIpHeT.exe
860	WzdaWoC.exe
1116	vRKPtpz.exe
1404	lpOjJnn.exe
580	RZLVBCa.exe
2292	LRRBRqZ.exe
1888	kYQStUU.exe
1536	YeAbszu.exe
2992	NitbXmy.exe
1464	WHQaNBq.exe
2304	xFCaIlg.exe
812	fsfEoqX.exe
684	eimPbtB.exe
2200	ZswtqXX.exe
2312	pIFEcfz.exe
1412	nMNSFNP.exe
984	sKeZdgp.exe
340	JoxdvSk.exe
1624	kGrzqXb.exe
2476	iyZAiab.exe
2708	yjKpxPS.exe
1580	MzcMyXf.exe
2784	yOHoWMW.exe
2692	vygIexV.exe
2836	hStCiBi.exe
2812	KQsirqg.exe

Loads dropped DLL 64 IoCs

pid	Process
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2700-0-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x000d00000001225f-3.dat	upx
behavioral1/files/0x0008000000017520-11.dat	upx
behavioral1/files/0x0007000000018634-15.dat	upx
behavioral1/files/0x0006000000018741-18.dat	upx
behavioral1/files/0x000700000001907c-26.dat	upx
behavioral1/files/0x0007000000019080-30.dat	upx
behavioral1/files/0x000700000001919c-36.dat	upx
behavioral1/files/0x00070000000191ad-41.dat	upx
behavioral1/files/0x0005000000019bf2-45.dat	upx
behavioral1/files/0x0005000000019c0b-50.dat	upx
behavioral1/files/0x0005000000019d5c-65.dat	upx
behavioral1/files/0x000500000001a033-90.dat	upx
behavioral1/files/0x000500000001a2b9-100.dat	upx
behavioral1/files/0x000500000001a423-134.dat	upx
behavioral1/files/0x000500000001a452-151.dat	upx
behavioral1/files/0x000500000001a463-160.dat	upx
behavioral1/files/0x000500000001a454-154.dat	upx
behavioral1/files/0x000500000001a447-145.dat	upx
behavioral1/files/0x000500000001a445-141.dat	upx
behavioral1/files/0x000500000001a3ed-130.dat	upx
behavioral1/files/0x000500000001a3ea-125.dat	upx
behavioral1/files/0x000500000001a3e8-121.dat	upx
behavioral1/files/0x000500000001a3e6-115.dat	upx
behavioral1/files/0x000500000001a3e4-111.dat	upx
behavioral1/files/0x000500000001a2fc-104.dat	upx
behavioral1/files/0x000500000001a05a-95.dat	upx
behavioral1/files/0x000500000001a020-84.dat	upx
behavioral1/files/0x0005000000019f71-80.dat	upx
behavioral1/files/0x0005000000019f57-74.dat	upx
behavioral1/files/0x0005000000019d69-70.dat	upx
behavioral1/files/0x0005000000019cfc-60.dat	upx
behavioral1/files/0x0005000000019cd5-55.dat	upx
behavioral1/memory/2792-1571-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2724-1779-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2608-1872-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2552-1825-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2832-1643-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2924-1539-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2716-1509-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/1872-2010-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2732-2083-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/1076-2235-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2500-2265-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2552-2966-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/1872-2996-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2732-3025-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2608-2992-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2832-2989-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2700-3100-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2500-3024-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/1076-3023-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2948-3022-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2924-2988-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2792-2983-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2724-2978-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2716-2965-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sswFVIk.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSwgQIF.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIIBsOl.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXkcMXX.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVXRTGS.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNBlsJc.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFYHzGU.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOsSulm.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFlXlzR.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnrMHiQ.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmeVAkr.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMjgNSc.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSkHDut.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdzItHk.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKeTSmy.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnopaXy.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtaeOBL.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XSZzEMZ.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Eawbvet.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPjjpzj.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jresEDl.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usyNqLf.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gICOWxq.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWOnHyq.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZNOcwr.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqKcTEA.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RotznIR.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLzBfZz.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvgpYuP.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwVaJYY.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHLBcwB.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLikAZO.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqRFhCy.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TscMpeS.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAfjdTn.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHimNOK.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEAillA.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHFgknm.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TutzPaJ.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucXLNmc.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DxDoprC.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aEjaySq.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdXEwQa.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvzoZlm.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWyhnkO.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhOLQnA.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBLrTIG.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDLfWUW.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLhBIGI.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihWWnHf.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByrrKKe.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtJxNDv.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPFiLDp.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwwOiPi.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsxfeVp.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBgqhHJ.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEGwFJx.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBrBIJS.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDLOgnI.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWwSDDt.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTrvKGN.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaIPbqW.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozwSsBV.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwNAVvq.exe	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2820	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2700 wrote to memory of 2820	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2700 wrote to memory of 2820	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2700 wrote to memory of 2716	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2700 wrote to memory of 2716	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2700 wrote to memory of 2716	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2700 wrote to memory of 2924	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2700 wrote to memory of 2924	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2700 wrote to memory of 2924	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2700 wrote to memory of 2792	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2700 wrote to memory of 2792	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2700 wrote to memory of 2792	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2700 wrote to memory of 2832	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2700 wrote to memory of 2832	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2700 wrote to memory of 2832	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2700 wrote to memory of 2724	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2700 wrote to memory of 2724	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2700 wrote to memory of 2724	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2700 wrote to memory of 2552	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2700 wrote to memory of 2552	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2700 wrote to memory of 2552	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2700 wrote to memory of 2608	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2700 wrote to memory of 2608	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2700 wrote to memory of 2608	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2700 wrote to memory of 1872	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2700 wrote to memory of 1872	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2700 wrote to memory of 1872	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2700 wrote to memory of 2732	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2700 wrote to memory of 2732	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2700 wrote to memory of 2732	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2700 wrote to memory of 1076	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2700 wrote to memory of 1076	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2700 wrote to memory of 1076	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2700 wrote to memory of 2500	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2700 wrote to memory of 2500	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2700 wrote to memory of 2500	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2700 wrote to memory of 2948	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2700 wrote to memory of 2948	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2700 wrote to memory of 2948	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2700 wrote to memory of 2176	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2700 wrote to memory of 2176	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2700 wrote to memory of 2176	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2700 wrote to memory of 2136	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2700 wrote to memory of 2136	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2700 wrote to memory of 2136	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2700 wrote to memory of 1796	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2700 wrote to memory of 1796	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2700 wrote to memory of 1796	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2700 wrote to memory of 2032	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2700 wrote to memory of 2032	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2700 wrote to memory of 2032	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2700 wrote to memory of 2852	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2700 wrote to memory of 2852	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2700 wrote to memory of 2852	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2700 wrote to memory of 2908	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2700 wrote to memory of 2908	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2700 wrote to memory of 2908	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2700 wrote to memory of 2628	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2700 wrote to memory of 2628	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2700 wrote to memory of 2628	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2700 wrote to memory of 1904	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2700 wrote to memory of 1904	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2700 wrote to memory of 1904	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2700 wrote to memory of 1004	2700	2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_2643fa869e06d6d7a1502cfb8db76739_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\System\AgDvFlj.exe
  C:\Windows\System\AgDvFlj.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ELbMoME.exe
  C:\Windows\System\ELbMoME.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ZKsvcEA.exe
  C:\Windows\System\ZKsvcEA.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\RBBvouT.exe
  C:\Windows\System\RBBvouT.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\ehxygEg.exe
  C:\Windows\System\ehxygEg.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\GPkZgwQ.exe
  C:\Windows\System\GPkZgwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\tGSKWuZ.exe
  C:\Windows\System\tGSKWuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\MFzQfWJ.exe
  C:\Windows\System\MFzQfWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\pzRgycg.exe
  C:\Windows\System\pzRgycg.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\ZOABPrp.exe
  C:\Windows\System\ZOABPrp.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\tUAkvyJ.exe
  C:\Windows\System\tUAkvyJ.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\dhfLQOP.exe
  C:\Windows\System\dhfLQOP.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\FQhnYvq.exe
  C:\Windows\System\FQhnYvq.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\EVCvXdG.exe
  C:\Windows\System\EVCvXdG.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\rYCeZxR.exe
  C:\Windows\System\rYCeZxR.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\VuclQXT.exe
  C:\Windows\System\VuclQXT.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\GFqMQxV.exe
  C:\Windows\System\GFqMQxV.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\TutzPaJ.exe
  C:\Windows\System\TutzPaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\OzGEyvQ.exe
  C:\Windows\System\OzGEyvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\MdedVuF.exe
  C:\Windows\System\MdedVuF.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\zPBXsxV.exe
  C:\Windows\System\zPBXsxV.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\aPfkvMa.exe
  C:\Windows\System\aPfkvMa.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\SJeZLTR.exe
  C:\Windows\System\SJeZLTR.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\PrbsfdT.exe
  C:\Windows\System\PrbsfdT.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\IxHIELB.exe
  C:\Windows\System\IxHIELB.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\zxAMIXm.exe
  C:\Windows\System\zxAMIXm.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\aHkOHvj.exe
  C:\Windows\System\aHkOHvj.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\gICOWxq.exe
  C:\Windows\System\gICOWxq.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ffbrHxN.exe
  C:\Windows\System\ffbrHxN.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\LcEycGQ.exe
  C:\Windows\System\LcEycGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\zhwSbSN.exe
  C:\Windows\System\zhwSbSN.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\hOsSulm.exe
  C:\Windows\System\hOsSulm.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\fnQlAnO.exe
  C:\Windows\System\fnQlAnO.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\oTZvMhi.exe
  C:\Windows\System\oTZvMhi.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\IxWPayc.exe
  C:\Windows\System\IxWPayc.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\GJADHvo.exe
  C:\Windows\System\GJADHvo.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\Zqgseuf.exe
  C:\Windows\System\Zqgseuf.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\MDkXWiR.exe
  C:\Windows\System\MDkXWiR.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\gKIpHeT.exe
  C:\Windows\System\gKIpHeT.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\WzdaWoC.exe
  C:\Windows\System\WzdaWoC.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\vRKPtpz.exe
  C:\Windows\System\vRKPtpz.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\lpOjJnn.exe
  C:\Windows\System\lpOjJnn.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\RZLVBCa.exe
  C:\Windows\System\RZLVBCa.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\LRRBRqZ.exe
  C:\Windows\System\LRRBRqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\kYQStUU.exe
  C:\Windows\System\kYQStUU.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\YeAbszu.exe
  C:\Windows\System\YeAbszu.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\NitbXmy.exe
  C:\Windows\System\NitbXmy.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\WHQaNBq.exe
  C:\Windows\System\WHQaNBq.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\xFCaIlg.exe
  C:\Windows\System\xFCaIlg.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\fsfEoqX.exe
  C:\Windows\System\fsfEoqX.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\eimPbtB.exe
  C:\Windows\System\eimPbtB.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\ZswtqXX.exe
  C:\Windows\System\ZswtqXX.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\pIFEcfz.exe
  C:\Windows\System\pIFEcfz.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\nMNSFNP.exe
  C:\Windows\System\nMNSFNP.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\sKeZdgp.exe
  C:\Windows\System\sKeZdgp.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\JoxdvSk.exe
  C:\Windows\System\JoxdvSk.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\kGrzqXb.exe
  C:\Windows\System\kGrzqXb.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\iyZAiab.exe
  C:\Windows\System\iyZAiab.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\yjKpxPS.exe
  C:\Windows\System\yjKpxPS.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\MzcMyXf.exe
  C:\Windows\System\MzcMyXf.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\yOHoWMW.exe
  C:\Windows\System\yOHoWMW.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\vygIexV.exe
  C:\Windows\System\vygIexV.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\hStCiBi.exe
  C:\Windows\System\hStCiBi.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\KQsirqg.exe
  C:\Windows\System\KQsirqg.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\rmOgazK.exe
  C:\Windows\System\rmOgazK.exe
  2⤵
  PID:2576
- C:\Windows\System\uZkfkho.exe
  C:\Windows\System\uZkfkho.exe
  2⤵
  PID:1932
- C:\Windows\System\VWOjEvE.exe
  C:\Windows\System\VWOjEvE.exe
  2⤵
  PID:568
- C:\Windows\System\ujDzFGH.exe
  C:\Windows\System\ujDzFGH.exe
  2⤵
  PID:2540
- C:\Windows\System\YRxVwJh.exe
  C:\Windows\System\YRxVwJh.exe
  2⤵
  PID:2164
- C:\Windows\System\FHgqjpb.exe
  C:\Windows\System\FHgqjpb.exe
  2⤵
  PID:2240
- C:\Windows\System\RGxDiSP.exe
  C:\Windows\System\RGxDiSP.exe
  2⤵
  PID:492
- C:\Windows\System\TVgLILm.exe
  C:\Windows\System\TVgLILm.exe
  2⤵
  PID:2892
- C:\Windows\System\WynjHMZ.exe
  C:\Windows\System\WynjHMZ.exe
  2⤵
  PID:2856
- C:\Windows\System\TzWPsfq.exe
  C:\Windows\System\TzWPsfq.exe
  2⤵
  PID:2112
- C:\Windows\System\zTfCvUS.exe
  C:\Windows\System\zTfCvUS.exe
  2⤵
  PID:1244
- C:\Windows\System\wqvSvmA.exe
  C:\Windows\System\wqvSvmA.exe
  2⤵
  PID:2448
- C:\Windows\System\pXpuDza.exe
  C:\Windows\System\pXpuDza.exe
  2⤵
  PID:2212
- C:\Windows\System\MtnMgDS.exe
  C:\Windows\System\MtnMgDS.exe
  2⤵
  PID:1968
- C:\Windows\System\iwdWxCf.exe
  C:\Windows\System\iwdWxCf.exe
  2⤵
  PID:2296
- C:\Windows\System\hfTsrSK.exe
  C:\Windows\System\hfTsrSK.exe
  2⤵
  PID:1964
- C:\Windows\System\JtCqgCM.exe
  C:\Windows\System\JtCqgCM.exe
  2⤵
  PID:596
- C:\Windows\System\APRnUrv.exe
  C:\Windows\System\APRnUrv.exe
  2⤵
  PID:2132
- C:\Windows\System\jQJVCTB.exe
  C:\Windows\System\jQJVCTB.exe
  2⤵
  PID:1680
- C:\Windows\System\gLDUjTq.exe
  C:\Windows\System\gLDUjTq.exe
  2⤵
  PID:968
- C:\Windows\System\rpPfxAv.exe
  C:\Windows\System\rpPfxAv.exe
  2⤵
  PID:1736
- C:\Windows\System\iVRqABg.exe
  C:\Windows\System\iVRqABg.exe
  2⤵
  PID:1644
- C:\Windows\System\XRnEeAg.exe
  C:\Windows\System\XRnEeAg.exe
  2⤵
  PID:1684
- C:\Windows\System\VWiKUSO.exe
  C:\Windows\System\VWiKUSO.exe
  2⤵
  PID:624
- C:\Windows\System\CUaFZTi.exe
  C:\Windows\System\CUaFZTi.exe
  2⤵
  PID:2988
- C:\Windows\System\FtTpPrT.exe
  C:\Windows\System\FtTpPrT.exe
  2⤵
  PID:1876
- C:\Windows\System\JyHrFay.exe
  C:\Windows\System\JyHrFay.exe
  2⤵
  PID:1184
- C:\Windows\System\pIgwZQj.exe
  C:\Windows\System\pIgwZQj.exe
  2⤵
  PID:2272
- C:\Windows\System\StWoIYn.exe
  C:\Windows\System\StWoIYn.exe
  2⤵
  PID:2320
- C:\Windows\System\JYYJpxv.exe
  C:\Windows\System\JYYJpxv.exe
  2⤵
  PID:2224
- C:\Windows\System\KstnvCa.exe
  C:\Windows\System\KstnvCa.exe
  2⤵
  PID:1724
- C:\Windows\System\vSunwmy.exe
  C:\Windows\System\vSunwmy.exe
  2⤵
  PID:1544
- C:\Windows\System\pvXzmku.exe
  C:\Windows\System\pvXzmku.exe
  2⤵
  PID:1572
- C:\Windows\System\mhaQZTM.exe
  C:\Windows\System\mhaQZTM.exe
  2⤵
  PID:2872
- C:\Windows\System\sBUFPeK.exe
  C:\Windows\System\sBUFPeK.exe
  2⤵
  PID:2128
- C:\Windows\System\qyekYPY.exe
  C:\Windows\System\qyekYPY.exe
  2⤵
  PID:2560
- C:\Windows\System\RQLjNqn.exe
  C:\Windows\System\RQLjNqn.exe
  2⤵
  PID:444
- C:\Windows\System\GhwJVjs.exe
  C:\Windows\System\GhwJVjs.exe
  2⤵
  PID:2236
- C:\Windows\System\QDlQNgo.exe
  C:\Windows\System\QDlQNgo.exe
  2⤵
  PID:2884
- C:\Windows\System\hLDMkqA.exe
  C:\Windows\System\hLDMkqA.exe
  2⤵
  PID:2796
- C:\Windows\System\hWkZYOS.exe
  C:\Windows\System\hWkZYOS.exe
  2⤵
  PID:1332
- C:\Windows\System\cXbJYRc.exe
  C:\Windows\System\cXbJYRc.exe
  2⤵
  PID:2440
- C:\Windows\System\aqljcgK.exe
  C:\Windows\System\aqljcgK.exe
  2⤵
  PID:1940
- C:\Windows\System\zHvrWvI.exe
  C:\Windows\System\zHvrWvI.exe
  2⤵
  PID:2064
- C:\Windows\System\gLJfiBa.exe
  C:\Windows\System\gLJfiBa.exe
  2⤵
  PID:660
- C:\Windows\System\RTjXDnc.exe
  C:\Windows\System\RTjXDnc.exe
  2⤵
  PID:604
- C:\Windows\System\YJkogaU.exe
  C:\Windows\System\YJkogaU.exe
  2⤵
  PID:944
- C:\Windows\System\YWiFiGw.exe
  C:\Windows\System\YWiFiGw.exe
  2⤵
  PID:2960
- C:\Windows\System\rIlKlKI.exe
  C:\Windows\System\rIlKlKI.exe
  2⤵
  PID:1516
- C:\Windows\System\RlkWHsH.exe
  C:\Windows\System\RlkWHsH.exe
  2⤵
  PID:2980
- C:\Windows\System\ryCuPOP.exe
  C:\Windows\System\ryCuPOP.exe
  2⤵
  PID:2084
- C:\Windows\System\EpYykzp.exe
  C:\Windows\System\EpYykzp.exe
  2⤵
  PID:1652
- C:\Windows\System\gQhMohN.exe
  C:\Windows\System\gQhMohN.exe
  2⤵
  PID:976
- C:\Windows\System\itaJzZV.exe
  C:\Windows\System\itaJzZV.exe
  2⤵
  PID:868
- C:\Windows\System\SLRMSaa.exe
  C:\Windows\System\SLRMSaa.exe
  2⤵
  PID:2764
- C:\Windows\System\YCOxiLU.exe
  C:\Windows\System\YCOxiLU.exe
  2⤵
  PID:2636
- C:\Windows\System\DiLzlUi.exe
  C:\Windows\System\DiLzlUi.exe
  2⤵
  PID:2720
- C:\Windows\System\SZmaIha.exe
  C:\Windows\System\SZmaIha.exe
  2⤵
  PID:2256
- C:\Windows\System\OwoOnZF.exe
  C:\Windows\System\OwoOnZF.exe
  2⤵
  PID:1552
- C:\Windows\System\mEPBfgO.exe
  C:\Windows\System\mEPBfgO.exe
  2⤵
  PID:2620
- C:\Windows\System\FLikAZO.exe
  C:\Windows\System\FLikAZO.exe
  2⤵
  PID:2452
- C:\Windows\System\aLVahCT.exe
  C:\Windows\System\aLVahCT.exe
  2⤵
  PID:3088
- C:\Windows\System\sswFVIk.exe
  C:\Windows\System\sswFVIk.exe
  2⤵
  PID:3108
- C:\Windows\System\qRMXVaY.exe
  C:\Windows\System\qRMXVaY.exe
  2⤵
  PID:3132
- C:\Windows\System\oaknUwD.exe
  C:\Windows\System\oaknUwD.exe
  2⤵
  PID:3152
- C:\Windows\System\tTGSPng.exe
  C:\Windows\System\tTGSPng.exe
  2⤵
  PID:3180
- C:\Windows\System\wtNYizA.exe
  C:\Windows\System\wtNYizA.exe
  2⤵
  PID:3204
- C:\Windows\System\OeoJlaA.exe
  C:\Windows\System\OeoJlaA.exe
  2⤵
  PID:3220
- C:\Windows\System\SFCcDsl.exe
  C:\Windows\System\SFCcDsl.exe
  2⤵
  PID:3244
- C:\Windows\System\LkAEJbr.exe
  C:\Windows\System\LkAEJbr.exe
  2⤵
  PID:3260
- C:\Windows\System\KkwytvG.exe
  C:\Windows\System\KkwytvG.exe
  2⤵
  PID:3284
- C:\Windows\System\TMuIyxe.exe
  C:\Windows\System\TMuIyxe.exe
  2⤵
  PID:3304
- C:\Windows\System\RsDsYfP.exe
  C:\Windows\System\RsDsYfP.exe
  2⤵
  PID:3320
- C:\Windows\System\NDaunsD.exe
  C:\Windows\System\NDaunsD.exe
  2⤵
  PID:3344
- C:\Windows\System\ayQQdku.exe
  C:\Windows\System\ayQQdku.exe
  2⤵
  PID:3364
- C:\Windows\System\pxlvjpJ.exe
  C:\Windows\System\pxlvjpJ.exe
  2⤵
  PID:3384
- C:\Windows\System\xReeJti.exe
  C:\Windows\System\xReeJti.exe
  2⤵
  PID:3400
- C:\Windows\System\mbUUtSy.exe
  C:\Windows\System\mbUUtSy.exe
  2⤵
  PID:3420
- C:\Windows\System\zqwtyzW.exe
  C:\Windows\System\zqwtyzW.exe
  2⤵
  PID:3440
- C:\Windows\System\SoEInGs.exe
  C:\Windows\System\SoEInGs.exe
  2⤵
  PID:3456
- C:\Windows\System\frpwBSo.exe
  C:\Windows\System\frpwBSo.exe
  2⤵
  PID:3476
- C:\Windows\System\mXnxcxl.exe
  C:\Windows\System\mXnxcxl.exe
  2⤵
  PID:3496
- C:\Windows\System\HMyqLxo.exe
  C:\Windows\System\HMyqLxo.exe
  2⤵
  PID:3516
- C:\Windows\System\ijfCZIE.exe
  C:\Windows\System\ijfCZIE.exe
  2⤵
  PID:3536
- C:\Windows\System\DPPcsKc.exe
  C:\Windows\System\DPPcsKc.exe
  2⤵
  PID:3556
- C:\Windows\System\MAZLyJX.exe
  C:\Windows\System\MAZLyJX.exe
  2⤵
  PID:3580
- C:\Windows\System\GjDtqYX.exe
  C:\Windows\System\GjDtqYX.exe
  2⤵
  PID:3600
- C:\Windows\System\oUbVAfH.exe
  C:\Windows\System\oUbVAfH.exe
  2⤵
  PID:3620
- C:\Windows\System\zpQhKuc.exe
  C:\Windows\System\zpQhKuc.exe
  2⤵
  PID:3636
- C:\Windows\System\bRrHwYa.exe
  C:\Windows\System\bRrHwYa.exe
  2⤵
  PID:3652
- C:\Windows\System\bVswqTN.exe
  C:\Windows\System\bVswqTN.exe
  2⤵
  PID:3676
- C:\Windows\System\XXEsQvh.exe
  C:\Windows\System\XXEsQvh.exe
  2⤵
  PID:3700
- C:\Windows\System\hmLmfBk.exe
  C:\Windows\System\hmLmfBk.exe
  2⤵
  PID:3716
- C:\Windows\System\ZSOruco.exe
  C:\Windows\System\ZSOruco.exe
  2⤵
  PID:3744
- C:\Windows\System\RAMIeVg.exe
  C:\Windows\System\RAMIeVg.exe
  2⤵
  PID:3760
- C:\Windows\System\tQJPJVx.exe
  C:\Windows\System\tQJPJVx.exe
  2⤵
  PID:3776
- C:\Windows\System\ORRIYqL.exe
  C:\Windows\System\ORRIYqL.exe
  2⤵
  PID:3804
- C:\Windows\System\VyhtUWJ.exe
  C:\Windows\System\VyhtUWJ.exe
  2⤵
  PID:3820
- C:\Windows\System\TTUsWfn.exe
  C:\Windows\System\TTUsWfn.exe
  2⤵
  PID:3844
- C:\Windows\System\AgXfZON.exe
  C:\Windows\System\AgXfZON.exe
  2⤵
  PID:3864
- C:\Windows\System\BWOGLXr.exe
  C:\Windows\System\BWOGLXr.exe
  2⤵
  PID:3884
- C:\Windows\System\TpfdAoU.exe
  C:\Windows\System\TpfdAoU.exe
  2⤵
  PID:3900
- C:\Windows\System\viNPOCu.exe
  C:\Windows\System\viNPOCu.exe
  2⤵
  PID:3920
- C:\Windows\System\oiBbrtG.exe
  C:\Windows\System\oiBbrtG.exe
  2⤵
  PID:3944
- C:\Windows\System\FYmVnsD.exe
  C:\Windows\System\FYmVnsD.exe
  2⤵
  PID:3960
- C:\Windows\System\ohFBCNg.exe
  C:\Windows\System\ohFBCNg.exe
  2⤵
  PID:3984
- C:\Windows\System\PHkFpvR.exe
  C:\Windows\System\PHkFpvR.exe
  2⤵
  PID:4004
- C:\Windows\System\BLPUIYI.exe
  C:\Windows\System\BLPUIYI.exe
  2⤵
  PID:4020
- C:\Windows\System\YGGNZzS.exe
  C:\Windows\System\YGGNZzS.exe
  2⤵
  PID:4040
- C:\Windows\System\MOOiaTD.exe
  C:\Windows\System\MOOiaTD.exe
  2⤵
  PID:4064
- C:\Windows\System\EumAkbY.exe
  C:\Windows\System\EumAkbY.exe
  2⤵
  PID:4080
- C:\Windows\System\KFRFBJu.exe
  C:\Windows\System\KFRFBJu.exe
  2⤵
  PID:3012
- C:\Windows\System\ctcoxmo.exe
  C:\Windows\System\ctcoxmo.exe
  2⤵
  PID:2356
- C:\Windows\System\LuuOMOG.exe
  C:\Windows\System\LuuOMOG.exe
  2⤵
  PID:2108
- C:\Windows\System\cifVCdU.exe
  C:\Windows\System\cifVCdU.exe
  2⤵
  PID:1632
- C:\Windows\System\VUnpNwv.exe
  C:\Windows\System\VUnpNwv.exe
  2⤵
  PID:304
- C:\Windows\System\OQfBKFd.exe
  C:\Windows\System\OQfBKFd.exe
  2⤵
  PID:376
- C:\Windows\System\DDWTdpN.exe
  C:\Windows\System\DDWTdpN.exe
  2⤵
  PID:2976
- C:\Windows\System\GdfNIJE.exe
  C:\Windows\System\GdfNIJE.exe
  2⤵
  PID:2480
- C:\Windows\System\OsLSPqD.exe
  C:\Windows\System\OsLSPqD.exe
  2⤵
  PID:2196
- C:\Windows\System\BErGkSn.exe
  C:\Windows\System\BErGkSn.exe
  2⤵
  PID:3080
- C:\Windows\System\ZqsMkZJ.exe
  C:\Windows\System\ZqsMkZJ.exe
  2⤵
  PID:3120
- C:\Windows\System\PlnAiNj.exe
  C:\Windows\System\PlnAiNj.exe
  2⤵
  PID:2556
- C:\Windows\System\VPFIBxT.exe
  C:\Windows\System\VPFIBxT.exe
  2⤵
  PID:3164
- C:\Windows\System\YxHEEHc.exe
  C:\Windows\System\YxHEEHc.exe
  2⤵
  PID:3172
- C:\Windows\System\DBlAYOS.exe
  C:\Windows\System\DBlAYOS.exe
  2⤵
  PID:3140
- C:\Windows\System\lXDftcT.exe
  C:\Windows\System\lXDftcT.exe
  2⤵
  PID:3200
- C:\Windows\System\yRicpwW.exe
  C:\Windows\System\yRicpwW.exe
  2⤵
  PID:3296
- C:\Windows\System\zfGOmxV.exe
  C:\Windows\System\zfGOmxV.exe
  2⤵
  PID:3336
- C:\Windows\System\XAyOvoL.exe
  C:\Windows\System\XAyOvoL.exe
  2⤵
  PID:3376
- C:\Windows\System\MYRBGVO.exe
  C:\Windows\System\MYRBGVO.exe
  2⤵
  PID:3276
- C:\Windows\System\LvFqqFl.exe
  C:\Windows\System\LvFqqFl.exe
  2⤵
  PID:3412
- C:\Windows\System\dIIYXcU.exe
  C:\Windows\System\dIIYXcU.exe
  2⤵
  PID:3448
- C:\Windows\System\KDLOgnI.exe
  C:\Windows\System\KDLOgnI.exe
  2⤵
  PID:3488
- C:\Windows\System\eUNXgfH.exe
  C:\Windows\System\eUNXgfH.exe
  2⤵
  PID:3508
- C:\Windows\System\yDMJCVt.exe
  C:\Windows\System\yDMJCVt.exe
  2⤵
  PID:3464
- C:\Windows\System\qbnQZzG.exe
  C:\Windows\System\qbnQZzG.exe
  2⤵
  PID:3608
- C:\Windows\System\vqTRbqq.exe
  C:\Windows\System\vqTRbqq.exe
  2⤵
  PID:3616
- C:\Windows\System\UMlnZCY.exe
  C:\Windows\System\UMlnZCY.exe
  2⤵
  PID:3684
- C:\Windows\System\AtbLCww.exe
  C:\Windows\System\AtbLCww.exe
  2⤵
  PID:3692
- C:\Windows\System\RwYepIE.exe
  C:\Windows\System\RwYepIE.exe
  2⤵
  PID:3668
- C:\Windows\System\nTUiWwX.exe
  C:\Windows\System\nTUiWwX.exe
  2⤵
  PID:3660
- C:\Windows\System\TGKiTLW.exe
  C:\Windows\System\TGKiTLW.exe
  2⤵
  PID:3772
- C:\Windows\System\iphcxAy.exe
  C:\Windows\System\iphcxAy.exe
  2⤵
  PID:3784
- C:\Windows\System\nWYDWiF.exe
  C:\Windows\System\nWYDWiF.exe
  2⤵
  PID:3792
- C:\Windows\System\gwJiGgy.exe
  C:\Windows\System\gwJiGgy.exe
  2⤵
  PID:3828
- C:\Windows\System\wPQrjtC.exe
  C:\Windows\System\wPQrjtC.exe
  2⤵
  PID:3872
- C:\Windows\System\qgerGob.exe
  C:\Windows\System\qgerGob.exe
  2⤵
  PID:3968
- C:\Windows\System\IInNdZw.exe
  C:\Windows\System\IInNdZw.exe
  2⤵
  PID:3916
- C:\Windows\System\UCAKsFP.exe
  C:\Windows\System\UCAKsFP.exe
  2⤵
  PID:4016
- C:\Windows\System\zCzexIs.exe
  C:\Windows\System\zCzexIs.exe
  2⤵
  PID:4052
- C:\Windows\System\qmaUiLE.exe
  C:\Windows\System\qmaUiLE.exe
  2⤵
  PID:3996
- C:\Windows\System\CLZsfhf.exe
  C:\Windows\System\CLZsfhf.exe
  2⤵
  PID:4036
- C:\Windows\System\hMwiofk.exe
  C:\Windows\System\hMwiofk.exe
  2⤵
  PID:2116
- C:\Windows\System\ezRisRq.exe
  C:\Windows\System\ezRisRq.exe
  2⤵
  PID:2124
- C:\Windows\System\MjkOceo.exe
  C:\Windows\System\MjkOceo.exe
  2⤵
  PID:2068
- C:\Windows\System\wHMZMYU.exe
  C:\Windows\System\wHMZMYU.exe
  2⤵
  PID:2800
- C:\Windows\System\bZoEzNJ.exe
  C:\Windows\System\bZoEzNJ.exe
  2⤵
  PID:2432
- C:\Windows\System\pqyiSYL.exe
  C:\Windows\System\pqyiSYL.exe
  2⤵
  PID:2944
- C:\Windows\System\AXtlsBz.exe
  C:\Windows\System\AXtlsBz.exe
  2⤵
  PID:3100
- C:\Windows\System\cNSMiCl.exe
  C:\Windows\System\cNSMiCl.exe
  2⤵
  PID:2736
- C:\Windows\System\YsxTqDO.exe
  C:\Windows\System\YsxTqDO.exe
  2⤵
  PID:3196
- C:\Windows\System\XyJIvZj.exe
  C:\Windows\System\XyJIvZj.exe
  2⤵
  PID:3380
- C:\Windows\System\VQmpONM.exe
  C:\Windows\System\VQmpONM.exe
  2⤵
  PID:3316
- C:\Windows\System\pHDvfnB.exe
  C:\Windows\System\pHDvfnB.exe
  2⤵
  PID:3268
- C:\Windows\System\NbmArhC.exe
  C:\Windows\System\NbmArhC.exe
  2⤵
  PID:3492
- C:\Windows\System\vSwgQIF.exe
  C:\Windows\System\vSwgQIF.exe
  2⤵
  PID:3432
- C:\Windows\System\goQqwiH.exe
  C:\Windows\System\goQqwiH.exe
  2⤵
  PID:3576
- C:\Windows\System\EgocKRM.exe
  C:\Windows\System\EgocKRM.exe
  2⤵
  PID:3708
- C:\Windows\System\gjAgqTn.exe
  C:\Windows\System\gjAgqTn.exe
  2⤵
  PID:3592
- C:\Windows\System\rnHsYrM.exe
  C:\Windows\System\rnHsYrM.exe
  2⤵
  PID:3752
- C:\Windows\System\xAyHRRi.exe
  C:\Windows\System\xAyHRRi.exe
  2⤵
  PID:3724
- C:\Windows\System\AjtwhQW.exe
  C:\Windows\System\AjtwhQW.exe
  2⤵
  PID:3740
- C:\Windows\System\aPjjpzj.exe
  C:\Windows\System\aPjjpzj.exe
  2⤵
  PID:3936
- C:\Windows\System\LNzHBvM.exe
  C:\Windows\System\LNzHBvM.exe
  2⤵
  PID:1224
- C:\Windows\System\tXFCnOH.exe
  C:\Windows\System\tXFCnOH.exe
  2⤵
  PID:3840
- C:\Windows\System\TvhRyte.exe
  C:\Windows\System\TvhRyte.exe
  2⤵
  PID:3912
- C:\Windows\System\cadmHXQ.exe
  C:\Windows\System\cadmHXQ.exe
  2⤵
  PID:2596
- C:\Windows\System\JdNxbJg.exe
  C:\Windows\System\JdNxbJg.exe
  2⤵
  PID:4076
- C:\Windows\System\QAaDHkX.exe
  C:\Windows\System\QAaDHkX.exe
  2⤵
  PID:4028
- C:\Windows\System\AXKLinM.exe
  C:\Windows\System\AXKLinM.exe
  2⤵
  PID:4072
- C:\Windows\System\OjRkbMe.exe
  C:\Windows\System\OjRkbMe.exe
  2⤵
  PID:3128
- C:\Windows\System\cpzgWuf.exe
  C:\Windows\System\cpzgWuf.exe
  2⤵
  PID:3272
- C:\Windows\System\FKeTSmy.exe
  C:\Windows\System\FKeTSmy.exe
  2⤵
  PID:3504
- C:\Windows\System\xvGQjSx.exe
  C:\Windows\System\xvGQjSx.exe
  2⤵
  PID:3644
- C:\Windows\System\ysMbDfT.exe
  C:\Windows\System\ysMbDfT.exe
  2⤵
  PID:3552
- C:\Windows\System\YpzGAuQ.exe
  C:\Windows\System\YpzGAuQ.exe
  2⤵
  PID:3396
- C:\Windows\System\bgnuayJ.exe
  C:\Windows\System\bgnuayJ.exe
  2⤵
  PID:4100
- C:\Windows\System\TJFdbWa.exe
  C:\Windows\System\TJFdbWa.exe
  2⤵
  PID:4116
- C:\Windows\System\ulEoLyC.exe
  C:\Windows\System\ulEoLyC.exe
  2⤵
  PID:4148
- C:\Windows\System\cYdXNHO.exe
  C:\Windows\System\cYdXNHO.exe
  2⤵
  PID:4172
- C:\Windows\System\CGAODrE.exe
  C:\Windows\System\CGAODrE.exe
  2⤵
  PID:4192
- C:\Windows\System\ENinwac.exe
  C:\Windows\System\ENinwac.exe
  2⤵
  PID:4212
- C:\Windows\System\mJCyOxB.exe
  C:\Windows\System\mJCyOxB.exe
  2⤵
  PID:4232
- C:\Windows\System\MuvIZkc.exe
  C:\Windows\System\MuvIZkc.exe
  2⤵
  PID:4248
- C:\Windows\System\HSMpnEt.exe
  C:\Windows\System\HSMpnEt.exe
  2⤵
  PID:4272
- C:\Windows\System\Dvzpeae.exe
  C:\Windows\System\Dvzpeae.exe
  2⤵
  PID:4288
- C:\Windows\System\kIQeTwu.exe
  C:\Windows\System\kIQeTwu.exe
  2⤵
  PID:4312
- C:\Windows\System\gNeAAqh.exe
  C:\Windows\System\gNeAAqh.exe
  2⤵
  PID:4328
- C:\Windows\System\WqwGFTz.exe
  C:\Windows\System\WqwGFTz.exe
  2⤵
  PID:4348
- C:\Windows\System\GfFyCJS.exe
  C:\Windows\System\GfFyCJS.exe
  2⤵
  PID:4368
- C:\Windows\System\BykmLbp.exe
  C:\Windows\System\BykmLbp.exe
  2⤵
  PID:4388
- C:\Windows\System\LSTOnau.exe
  C:\Windows\System\LSTOnau.exe
  2⤵
  PID:4412
- C:\Windows\System\hkgSerY.exe
  C:\Windows\System\hkgSerY.exe
  2⤵
  PID:4428
- C:\Windows\System\BBjLfFt.exe
  C:\Windows\System\BBjLfFt.exe
  2⤵
  PID:4448
- C:\Windows\System\iNrXPuy.exe
  C:\Windows\System\iNrXPuy.exe
  2⤵
  PID:4472
- C:\Windows\System\lDvaUDj.exe
  C:\Windows\System\lDvaUDj.exe
  2⤵
  PID:4492
- C:\Windows\System\mBoJyEq.exe
  C:\Windows\System\mBoJyEq.exe
  2⤵
  PID:4512
- C:\Windows\System\oDVWrdr.exe
  C:\Windows\System\oDVWrdr.exe
  2⤵
  PID:4528
- C:\Windows\System\lIVNCuy.exe
  C:\Windows\System\lIVNCuy.exe
  2⤵
  PID:4552
- C:\Windows\System\tzGeBys.exe
  C:\Windows\System\tzGeBys.exe
  2⤵
  PID:4572
- C:\Windows\System\EzwqcXf.exe
  C:\Windows\System\EzwqcXf.exe
  2⤵
  PID:4592
- C:\Windows\System\EhNGhpD.exe
  C:\Windows\System\EhNGhpD.exe
  2⤵
  PID:4612
- C:\Windows\System\GNnsycN.exe
  C:\Windows\System\GNnsycN.exe
  2⤵
  PID:4632
- C:\Windows\System\SGBxBHW.exe
  C:\Windows\System\SGBxBHW.exe
  2⤵
  PID:4648
- C:\Windows\System\RDJoiIE.exe
  C:\Windows\System\RDJoiIE.exe
  2⤵
  PID:4668
- C:\Windows\System\DHGpscM.exe
  C:\Windows\System\DHGpscM.exe
  2⤵
  PID:4688
- C:\Windows\System\vIOdywe.exe
  C:\Windows\System\vIOdywe.exe
  2⤵
  PID:4712
- C:\Windows\System\FtAxZJb.exe
  C:\Windows\System\FtAxZJb.exe
  2⤵
  PID:4732
- C:\Windows\System\ywuYINY.exe
  C:\Windows\System\ywuYINY.exe
  2⤵
  PID:4752
- C:\Windows\System\TQGgcpr.exe
  C:\Windows\System\TQGgcpr.exe
  2⤵
  PID:4768
- C:\Windows\System\zugggLo.exe
  C:\Windows\System\zugggLo.exe
  2⤵
  PID:4792
- C:\Windows\System\vagAKLo.exe
  C:\Windows\System\vagAKLo.exe
  2⤵
  PID:4812
- C:\Windows\System\yVuvlbI.exe
  C:\Windows\System\yVuvlbI.exe
  2⤵
  PID:4832
- C:\Windows\System\wfCSAbs.exe
  C:\Windows\System\wfCSAbs.exe
  2⤵
  PID:4852
- C:\Windows\System\LQmmeOS.exe
  C:\Windows\System\LQmmeOS.exe
  2⤵
  PID:4872
- C:\Windows\System\EwPwCKm.exe
  C:\Windows\System\EwPwCKm.exe
  2⤵
  PID:4892
- C:\Windows\System\EFZOLYP.exe
  C:\Windows\System\EFZOLYP.exe
  2⤵
  PID:4912
- C:\Windows\System\CEtTdEj.exe
  C:\Windows\System\CEtTdEj.exe
  2⤵
  PID:4928
- C:\Windows\System\GSLJSpY.exe
  C:\Windows\System\GSLJSpY.exe
  2⤵
  PID:4948
- C:\Windows\System\OMaHVpF.exe
  C:\Windows\System\OMaHVpF.exe
  2⤵
  PID:4968
- C:\Windows\System\MzdyYZv.exe
  C:\Windows\System\MzdyYZv.exe
  2⤵
  PID:4988
- C:\Windows\System\UpUiRFv.exe
  C:\Windows\System\UpUiRFv.exe
  2⤵
  PID:5004
- C:\Windows\System\pIIBsOl.exe
  C:\Windows\System\pIIBsOl.exe
  2⤵
  PID:5024
- C:\Windows\System\sTYEual.exe
  C:\Windows\System\sTYEual.exe
  2⤵
  PID:5052
- C:\Windows\System\HbFJDBw.exe
  C:\Windows\System\HbFJDBw.exe
  2⤵
  PID:5068
- C:\Windows\System\AZQXwxx.exe
  C:\Windows\System\AZQXwxx.exe
  2⤵
  PID:5088
- C:\Windows\System\epzfwnE.exe
  C:\Windows\System\epzfwnE.exe
  2⤵
  PID:5108
- C:\Windows\System\YtMYeqG.exe
  C:\Windows\System\YtMYeqG.exe
  2⤵
  PID:3544
- C:\Windows\System\bVjrTFD.exe
  C:\Windows\System\bVjrTFD.exe
  2⤵
  PID:3816
- C:\Windows\System\QjaxLlI.exe
  C:\Windows\System\QjaxLlI.exe
  2⤵
  PID:1800
- C:\Windows\System\aadzclC.exe
  C:\Windows\System\aadzclC.exe
  2⤵
  PID:3940
- C:\Windows\System\yYAlZjj.exe
  C:\Windows\System\yYAlZjj.exe
  2⤵
  PID:4012
- C:\Windows\System\RWkEVPs.exe
  C:\Windows\System\RWkEVPs.exe
  2⤵
  PID:3980
- C:\Windows\System\DaXxJKr.exe
  C:\Windows\System\DaXxJKr.exe
  2⤵
  PID:1692
- C:\Windows\System\TlHjxog.exe
  C:\Windows\System\TlHjxog.exe
  2⤵
  PID:3236
- C:\Windows\System\NOEjHkE.exe
  C:\Windows\System\NOEjHkE.exe
  2⤵
  PID:3472
- C:\Windows\System\TriRLUs.exe
  C:\Windows\System\TriRLUs.exe
  2⤵
  PID:3332
- C:\Windows\System\zMQFaTc.exe
  C:\Windows\System\zMQFaTc.exe
  2⤵
  PID:4144
- C:\Windows\System\KFBjoyY.exe
  C:\Windows\System\KFBjoyY.exe
  2⤵
  PID:3416
- C:\Windows\System\VJoZgYg.exe
  C:\Windows\System\VJoZgYg.exe
  2⤵
  PID:4160
- C:\Windows\System\SDPvAGj.exe
  C:\Windows\System\SDPvAGj.exe
  2⤵
  PID:4164
- C:\Windows\System\HSEejgO.exe
  C:\Windows\System\HSEejgO.exe
  2⤵
  PID:4208
- C:\Windows\System\PPDXOFz.exe
  C:\Windows\System\PPDXOFz.exe
  2⤵
  PID:4268
- C:\Windows\System\ZaLSJZD.exe
  C:\Windows\System\ZaLSJZD.exe
  2⤵
  PID:4308
- C:\Windows\System\zWUIHIB.exe
  C:\Windows\System\zWUIHIB.exe
  2⤵
  PID:4336
- C:\Windows\System\UOamqWv.exe
  C:\Windows\System\UOamqWv.exe
  2⤵
  PID:4384
- C:\Windows\System\VOYLitW.exe
  C:\Windows\System\VOYLitW.exe
  2⤵
  PID:4364
- C:\Windows\System\JQNOJih.exe
  C:\Windows\System\JQNOJih.exe
  2⤵
  PID:4396
- C:\Windows\System\QyykcOt.exe
  C:\Windows\System\QyykcOt.exe
  2⤵
  PID:4468
- C:\Windows\System\SCQSPOk.exe
  C:\Windows\System\SCQSPOk.exe
  2⤵
  PID:4480
- C:\Windows\System\ceZhKcd.exe
  C:\Windows\System\ceZhKcd.exe
  2⤵
  PID:4544
- C:\Windows\System\zEqbQRj.exe
  C:\Windows\System\zEqbQRj.exe
  2⤵
  PID:4524
- C:\Windows\System\ikxdaKh.exe
  C:\Windows\System\ikxdaKh.exe
  2⤵
  PID:4584
- C:\Windows\System\LpffMsn.exe
  C:\Windows\System\LpffMsn.exe
  2⤵
  PID:4620
- C:\Windows\System\fhPeEsT.exe
  C:\Windows\System\fhPeEsT.exe
  2⤵
  PID:4664
- C:\Windows\System\WMLqgvn.exe
  C:\Windows\System\WMLqgvn.exe
  2⤵
  PID:4644
- C:\Windows\System\cPgTeNB.exe
  C:\Windows\System\cPgTeNB.exe
  2⤵
  PID:4720
- C:\Windows\System\RTUdqEW.exe
  C:\Windows\System\RTUdqEW.exe
  2⤵
  PID:4748
- C:\Windows\System\aUhuJPV.exe
  C:\Windows\System\aUhuJPV.exe
  2⤵
  PID:4784
- C:\Windows\System\JKvthil.exe
  C:\Windows\System\JKvthil.exe
  2⤵
  PID:4820
- C:\Windows\System\fZQXBRK.exe
  C:\Windows\System\fZQXBRK.exe
  2⤵
  PID:4860
- C:\Windows\System\YitfAoe.exe
  C:\Windows\System\YitfAoe.exe
  2⤵
  PID:4900
- C:\Windows\System\XbWkYIB.exe
  C:\Windows\System\XbWkYIB.exe
  2⤵
  PID:4884
- C:\Windows\System\XRmoZIl.exe
  C:\Windows\System\XRmoZIl.exe
  2⤵
  PID:4920
- C:\Windows\System\wENcerh.exe
  C:\Windows\System\wENcerh.exe
  2⤵
  PID:5012
- C:\Windows\System\JlMFCDl.exe
  C:\Windows\System\JlMFCDl.exe
  2⤵
  PID:5020
- C:\Windows\System\KNdYAfT.exe
  C:\Windows\System\KNdYAfT.exe
  2⤵
  PID:5040
- C:\Windows\System\YQXStbF.exe
  C:\Windows\System\YQXStbF.exe
  2⤵
  PID:5104
- C:\Windows\System\YIxMpno.exe
  C:\Windows\System\YIxMpno.exe
  2⤵
  PID:3696
- C:\Windows\System\hxpASmZ.exe
  C:\Windows\System\hxpASmZ.exe
  2⤵
  PID:5116
- C:\Windows\System\hqRFhCy.exe
  C:\Windows\System\hqRFhCy.exe
  2⤵
  PID:3796
- C:\Windows\System\AXkcMXX.exe
  C:\Windows\System\AXkcMXX.exe
  2⤵
  PID:3928
- C:\Windows\System\HbwUXLa.exe
  C:\Windows\System\HbwUXLa.exe
  2⤵
  PID:3116
- C:\Windows\System\GgOzFfR.exe
  C:\Windows\System\GgOzFfR.exe
  2⤵
  PID:3144
- C:\Windows\System\StUmuQY.exe
  C:\Windows\System\StUmuQY.exe
  2⤵
  PID:4180
- C:\Windows\System\LnRIitZ.exe
  C:\Windows\System\LnRIitZ.exe
  2⤵
  PID:3292
- C:\Windows\System\NDwKtXh.exe
  C:\Windows\System\NDwKtXh.exe
  2⤵
  PID:4136
- C:\Windows\System\ryZryzh.exe
  C:\Windows\System\ryZryzh.exe
  2⤵
  PID:4156
- C:\Windows\System\WdINzGg.exe
  C:\Windows\System\WdINzGg.exe
  2⤵
  PID:4280
- C:\Windows\System\cKGZQAZ.exe
  C:\Windows\System\cKGZQAZ.exe
  2⤵
  PID:4300
- C:\Windows\System\kpjaoCM.exe
  C:\Windows\System\kpjaoCM.exe
  2⤵
  PID:4464
- C:\Windows\System\bJwJVyk.exe
  C:\Windows\System\bJwJVyk.exe
  2⤵
  PID:4580
- C:\Windows\System\JPzBpZU.exe
  C:\Windows\System\JPzBpZU.exe
  2⤵
  PID:4440
- C:\Windows\System\PMEZHOn.exe
  C:\Windows\System\PMEZHOn.exe
  2⤵
  PID:4656
- C:\Windows\System\UheLuhm.exe
  C:\Windows\System\UheLuhm.exe
  2⤵
  PID:4740
- C:\Windows\System\TofyphL.exe
  C:\Windows\System\TofyphL.exe
  2⤵
  PID:4520
- C:\Windows\System\VEaidCD.exe
  C:\Windows\System\VEaidCD.exe
  2⤵
  PID:4804
- C:\Windows\System\NOGYZaW.exe
  C:\Windows\System\NOGYZaW.exe
  2⤵
  PID:4824
- C:\Windows\System\fsytBBk.exe
  C:\Windows\System\fsytBBk.exe
  2⤵
  PID:4980
- C:\Windows\System\MitvhlL.exe
  C:\Windows\System\MitvhlL.exe
  2⤵
  PID:4724
- C:\Windows\System\shfaIiW.exe
  C:\Windows\System\shfaIiW.exe
  2⤵
  PID:4848
- C:\Windows\System\rCjofmh.exe
  C:\Windows\System\rCjofmh.exe
  2⤵
  PID:5048
- C:\Windows\System\OvpZUZy.exe
  C:\Windows\System\OvpZUZy.exe
  2⤵
  PID:5076
- C:\Windows\System\jgOQpkI.exe
  C:\Windows\System\jgOQpkI.exe
  2⤵
  PID:4996
- C:\Windows\System\sdCQPwq.exe
  C:\Windows\System\sdCQPwq.exe
  2⤵
  PID:3856
- C:\Windows\System\HDhbCSh.exe
  C:\Windows\System\HDhbCSh.exe
  2⤵
  PID:5064
- C:\Windows\System\JaIPbqW.exe
  C:\Windows\System\JaIPbqW.exe
  2⤵
  PID:2928
- C:\Windows\System\KcMXxzQ.exe
  C:\Windows\System\KcMXxzQ.exe
  2⤵
  PID:3952
- C:\Windows\System\XlopPOn.exe
  C:\Windows\System\XlopPOn.exe
  2⤵
  PID:4264
- C:\Windows\System\jlbsddi.exe
  C:\Windows\System\jlbsddi.exe
  2⤵
  PID:4360
- C:\Windows\System\eADYnQo.exe
  C:\Windows\System\eADYnQo.exe
  2⤵
  PID:4356
- C:\Windows\System\biBIiDM.exe
  C:\Windows\System\biBIiDM.exe
  2⤵
  PID:4376
- C:\Windows\System\qNajKAE.exe
  C:\Windows\System\qNajKAE.exe
  2⤵
  PID:4696
- C:\Windows\System\KQOpWJP.exe
  C:\Windows\System\KQOpWJP.exe
  2⤵
  PID:4708
- C:\Windows\System\cjCCiWn.exe
  C:\Windows\System\cjCCiWn.exe
  2⤵
  PID:4484
- C:\Windows\System\mGQUybi.exe
  C:\Windows\System\mGQUybi.exe
  2⤵
  PID:4600
- C:\Windows\System\TmoAOka.exe
  C:\Windows\System\TmoAOka.exe
  2⤵
  PID:4844
- C:\Windows\System\puLLxPN.exe
  C:\Windows\System\puLLxPN.exe
  2⤵
  PID:5128
- C:\Windows\System\cZNXqnw.exe
  C:\Windows\System\cZNXqnw.exe
  2⤵
  PID:5148
- C:\Windows\System\BXxoYOV.exe
  C:\Windows\System\BXxoYOV.exe
  2⤵
  PID:5172
- C:\Windows\System\ICiQdqb.exe
  C:\Windows\System\ICiQdqb.exe
  2⤵
  PID:5192
- C:\Windows\System\deNuIox.exe
  C:\Windows\System\deNuIox.exe
  2⤵
  PID:5212
- C:\Windows\System\AEEsNgq.exe
  C:\Windows\System\AEEsNgq.exe
  2⤵
  PID:5232
- C:\Windows\System\wkpcucI.exe
  C:\Windows\System\wkpcucI.exe
  2⤵
  PID:5248
- C:\Windows\System\aGBaOAi.exe
  C:\Windows\System\aGBaOAi.exe
  2⤵
  PID:5272
- C:\Windows\System\pERQMML.exe
  C:\Windows\System\pERQMML.exe
  2⤵
  PID:5292
- C:\Windows\System\WOkUpnJ.exe
  C:\Windows\System\WOkUpnJ.exe
  2⤵
  PID:5308
- C:\Windows\System\Dhcntee.exe
  C:\Windows\System\Dhcntee.exe
  2⤵
  PID:5332
- C:\Windows\System\iLXkDsk.exe
  C:\Windows\System\iLXkDsk.exe
  2⤵
  PID:5352
- C:\Windows\System\ptjzCCY.exe
  C:\Windows\System\ptjzCCY.exe
  2⤵
  PID:5368
- C:\Windows\System\RNLzViU.exe
  C:\Windows\System\RNLzViU.exe
  2⤵
  PID:5392
- C:\Windows\System\KMhzBgp.exe
  C:\Windows\System\KMhzBgp.exe
  2⤵
  PID:5408
- C:\Windows\System\JRywOwS.exe
  C:\Windows\System\JRywOwS.exe
  2⤵
  PID:5432
- C:\Windows\System\PeKyytc.exe
  C:\Windows\System\PeKyytc.exe
  2⤵
  PID:5452
- C:\Windows\System\MgZFagh.exe
  C:\Windows\System\MgZFagh.exe
  2⤵
  PID:5472
- C:\Windows\System\qqFDRTG.exe
  C:\Windows\System\qqFDRTG.exe
  2⤵
  PID:5492
- C:\Windows\System\xKQsNRD.exe
  C:\Windows\System\xKQsNRD.exe
  2⤵
  PID:5512
- C:\Windows\System\McrkXQE.exe
  C:\Windows\System\McrkXQE.exe
  2⤵
  PID:5532
- C:\Windows\System\nuhktmw.exe
  C:\Windows\System\nuhktmw.exe
  2⤵
  PID:5552
- C:\Windows\System\ymvIure.exe
  C:\Windows\System\ymvIure.exe
  2⤵
  PID:5572
- C:\Windows\System\VklrDuj.exe
  C:\Windows\System\VklrDuj.exe
  2⤵
  PID:5592
- C:\Windows\System\LAMGdJF.exe
  C:\Windows\System\LAMGdJF.exe
  2⤵
  PID:5612
- C:\Windows\System\bNHBJny.exe
  C:\Windows\System\bNHBJny.exe
  2⤵
  PID:5632
- C:\Windows\System\rsYjTMA.exe
  C:\Windows\System\rsYjTMA.exe
  2⤵
  PID:5652
- C:\Windows\System\gZpSDiG.exe
  C:\Windows\System\gZpSDiG.exe
  2⤵
  PID:5672
- C:\Windows\System\TscMpeS.exe
  C:\Windows\System\TscMpeS.exe
  2⤵
  PID:5692
- C:\Windows\System\OYxCzAw.exe
  C:\Windows\System\OYxCzAw.exe
  2⤵
  PID:5708
- C:\Windows\System\SEzkNjO.exe
  C:\Windows\System\SEzkNjO.exe
  2⤵
  PID:5732
- C:\Windows\System\mFjaLZh.exe
  C:\Windows\System\mFjaLZh.exe
  2⤵
  PID:5752
- C:\Windows\System\iaNLSPo.exe
  C:\Windows\System\iaNLSPo.exe
  2⤵
  PID:5772
- C:\Windows\System\TIDVuQI.exe
  C:\Windows\System\TIDVuQI.exe
  2⤵
  PID:5788
- C:\Windows\System\DeomwWC.exe
  C:\Windows\System\DeomwWC.exe
  2⤵
  PID:5808
- C:\Windows\System\BRzVzQu.exe
  C:\Windows\System\BRzVzQu.exe
  2⤵
  PID:5832
- C:\Windows\System\YXyzwry.exe
  C:\Windows\System\YXyzwry.exe
  2⤵
  PID:5848
- C:\Windows\System\DhkUpAG.exe
  C:\Windows\System\DhkUpAG.exe
  2⤵
  PID:5868
- C:\Windows\System\HpEPzWg.exe
  C:\Windows\System\HpEPzWg.exe
  2⤵
  PID:5888
- C:\Windows\System\aefMMEN.exe
  C:\Windows\System\aefMMEN.exe
  2⤵
  PID:5912
- C:\Windows\System\iFISJHR.exe
  C:\Windows\System\iFISJHR.exe
  2⤵
  PID:5928
- C:\Windows\System\AetsiDI.exe
  C:\Windows\System\AetsiDI.exe
  2⤵
  PID:5952
- C:\Windows\System\TNmJoFA.exe
  C:\Windows\System\TNmJoFA.exe
  2⤵
  PID:5968
- C:\Windows\System\pFsULBP.exe
  C:\Windows\System\pFsULBP.exe
  2⤵
  PID:5992
- C:\Windows\System\iBddTvF.exe
  C:\Windows\System\iBddTvF.exe
  2⤵
  PID:6008
- C:\Windows\System\mefxrZx.exe
  C:\Windows\System\mefxrZx.exe
  2⤵
  PID:6032
- C:\Windows\System\BrHnUaQ.exe
  C:\Windows\System\BrHnUaQ.exe
  2⤵
  PID:6052
- C:\Windows\System\EDiHLVB.exe
  C:\Windows\System\EDiHLVB.exe
  2⤵
  PID:6072
- C:\Windows\System\MqWCsJx.exe
  C:\Windows\System\MqWCsJx.exe
  2⤵
  PID:6088
- C:\Windows\System\sYlrwfp.exe
  C:\Windows\System\sYlrwfp.exe
  2⤵
  PID:6112
- C:\Windows\System\kviVqqB.exe
  C:\Windows\System\kviVqqB.exe
  2⤵
  PID:6132
- C:\Windows\System\rQZGlKm.exe
  C:\Windows\System\rQZGlKm.exe
  2⤵
  PID:4940
- C:\Windows\System\tpmMCXz.exe
  C:\Windows\System\tpmMCXz.exe
  2⤵
  PID:1028
- C:\Windows\System\mvggelR.exe
  C:\Windows\System\mvggelR.exe
  2⤵
  PID:3356
- C:\Windows\System\YyGjkap.exe
  C:\Windows\System\YyGjkap.exe
  2⤵
  PID:3732
- C:\Windows\System\guwlyVr.exe
  C:\Windows\System\guwlyVr.exe
  2⤵
  PID:3216
- C:\Windows\System\MKZHnZY.exe
  C:\Windows\System\MKZHnZY.exe
  2⤵
  PID:3096
- C:\Windows\System\tohrAho.exe
  C:\Windows\System\tohrAho.exe
  2⤵
  PID:4436
- C:\Windows\System\dmuhiHJ.exe
  C:\Windows\System\dmuhiHJ.exe
  2⤵
  PID:4588
- C:\Windows\System\mVxkTac.exe
  C:\Windows\System\mVxkTac.exe
  2⤵
  PID:4604
- C:\Windows\System\TvCtave.exe
  C:\Windows\System\TvCtave.exe
  2⤵
  PID:5140
- C:\Windows\System\MwpoUNU.exe
  C:\Windows\System\MwpoUNU.exe
  2⤵
  PID:5180
- C:\Windows\System\KiCDurZ.exe
  C:\Windows\System\KiCDurZ.exe
  2⤵
  PID:5188
- C:\Windows\System\AvdwBXJ.exe
  C:\Windows\System\AvdwBXJ.exe
  2⤵
  PID:5168
- C:\Windows\System\ngyHFpU.exe
  C:\Windows\System\ngyHFpU.exe
  2⤵
  PID:2824
- C:\Windows\System\oArfiPA.exe
  C:\Windows\System\oArfiPA.exe
  2⤵
  PID:5240
- C:\Windows\System\tLzBfZz.exe
  C:\Windows\System\tLzBfZz.exe
  2⤵
  PID:5280
- C:\Windows\System\HeinCJe.exe
  C:\Windows\System\HeinCJe.exe
  2⤵
  PID:5316
- C:\Windows\System\NbONYdU.exe
  C:\Windows\System\NbONYdU.exe
  2⤵
  PID:5376
- C:\Windows\System\CkRYfeQ.exe
  C:\Windows\System\CkRYfeQ.exe
  2⤵
  PID:5380
- C:\Windows\System\zagGLfE.exe
  C:\Windows\System\zagGLfE.exe
  2⤵
  PID:5420
- C:\Windows\System\avUaVTP.exe
  C:\Windows\System\avUaVTP.exe
  2⤵
  PID:5444
- C:\Windows\System\SurQkPE.exe
  C:\Windows\System\SurQkPE.exe
  2⤵
  PID:5480
- C:\Windows\System\SrznSmR.exe
  C:\Windows\System\SrznSmR.exe
  2⤵
  PID:5548
- C:\Windows\System\YfoFvDV.exe
  C:\Windows\System\YfoFvDV.exe
  2⤵
  PID:5580
- C:\Windows\System\olBOFFE.exe
  C:\Windows\System\olBOFFE.exe
  2⤵
  PID:5600
- C:\Windows\System\cuhkvWL.exe
  C:\Windows\System\cuhkvWL.exe
  2⤵
  PID:5608
- C:\Windows\System\dEmCxoP.exe
  C:\Windows\System\dEmCxoP.exe
  2⤵
  PID:5648
- C:\Windows\System\ucQJdKM.exe
  C:\Windows\System\ucQJdKM.exe
  2⤵
  PID:5704
- C:\Windows\System\SfaNocI.exe
  C:\Windows\System\SfaNocI.exe
  2⤵
  PID:5740
- C:\Windows\System\HgkxvsJ.exe
  C:\Windows\System\HgkxvsJ.exe
  2⤵
  PID:5720
- C:\Windows\System\IvzoZlm.exe
  C:\Windows\System\IvzoZlm.exe
  2⤵
  PID:5820
- C:\Windows\System\nokBfxg.exe
  C:\Windows\System\nokBfxg.exe
  2⤵
  PID:5796
- C:\Windows\System\UFHkHbA.exe
  C:\Windows\System\UFHkHbA.exe
  2⤵
  PID:5804
- C:\Windows\System\JaZofCX.exe
  C:\Windows\System\JaZofCX.exe
  2⤵
  PID:5900
- C:\Windows\System\rKVXvcn.exe
  C:\Windows\System\rKVXvcn.exe
  2⤵
  PID:5884
- C:\Windows\System\eGYzzwy.exe
  C:\Windows\System\eGYzzwy.exe
  2⤵
  PID:5980
- C:\Windows\System\drJxdQA.exe
  C:\Windows\System\drJxdQA.exe
  2⤵
  PID:6016
- C:\Windows\System\FWjZVwP.exe
  C:\Windows\System\FWjZVwP.exe
  2⤵
  PID:6004
- C:\Windows\System\aBxvYVQ.exe
  C:\Windows\System\aBxvYVQ.exe
  2⤵
  PID:6068
- C:\Windows\System\mhWwdis.exe
  C:\Windows\System\mhWwdis.exe
  2⤵
  PID:6108
- C:\Windows\System\KnnTzEF.exe
  C:\Windows\System\KnnTzEF.exe
  2⤵
  PID:5044
- C:\Windows\System\KtioRzE.exe
  C:\Windows\System\KtioRzE.exe
  2⤵
  PID:2488
- C:\Windows\System\TrlTDuU.exe
  C:\Windows\System\TrlTDuU.exe
  2⤵
  PID:4168
- C:\Windows\System\uHRhWMr.exe
  C:\Windows\System\uHRhWMr.exe
  2⤵
  PID:3512
- C:\Windows\System\VXxNJaH.exe
  C:\Windows\System\VXxNJaH.exe
  2⤵
  PID:4228
- C:\Windows\System\bzIAvlf.exe
  C:\Windows\System\bzIAvlf.exe
  2⤵
  PID:4788
- C:\Windows\System\KJshePf.exe
  C:\Windows\System\KJshePf.exe
  2⤵
  PID:5124
- C:\Windows\System\ulhIDOF.exe
  C:\Windows\System\ulhIDOF.exe
  2⤵
  PID:4864
- C:\Windows\System\UhHZZXz.exe
  C:\Windows\System\UhHZZXz.exe
  2⤵
  PID:5228
- C:\Windows\System\Fgslxdj.exe
  C:\Windows\System\Fgslxdj.exe
  2⤵
  PID:5288
- C:\Windows\System\cwVIGON.exe
  C:\Windows\System\cwVIGON.exe
  2⤵
  PID:2712
- C:\Windows\System\khNyHEb.exe
  C:\Windows\System\khNyHEb.exe
  2⤵
  PID:5344
- C:\Windows\System\NmeVAkr.exe
  C:\Windows\System\NmeVAkr.exe
  2⤵
  PID:5428
- C:\Windows\System\foguzTx.exe
  C:\Windows\System\foguzTx.exe
  2⤵
  PID:5568
- C:\Windows\System\cHZCEyR.exe
  C:\Windows\System\cHZCEyR.exe
  2⤵
  PID:5504
- C:\Windows\System\WvvrYBq.exe
  C:\Windows\System\WvvrYBq.exe
  2⤵
  PID:5640
- C:\Windows\System\mlgKkdn.exe
  C:\Windows\System\mlgKkdn.exe
  2⤵
  PID:5624
- C:\Windows\System\ggKLnmQ.exe
  C:\Windows\System\ggKLnmQ.exe
  2⤵
  PID:5724
- C:\Windows\System\auHqBoa.exe
  C:\Windows\System\auHqBoa.exe
  2⤵
  PID:5784
- C:\Windows\System\ywSJKlE.exe
  C:\Windows\System\ywSJKlE.exe
  2⤵
  PID:5860
- C:\Windows\System\mGAnXzq.exe
  C:\Windows\System\mGAnXzq.exe
  2⤵
  PID:5880
- C:\Windows\System\nWYfaPa.exe
  C:\Windows\System\nWYfaPa.exe
  2⤵
  PID:2684
- C:\Windows\System\vxubCSq.exe
  C:\Windows\System\vxubCSq.exe
  2⤵
  PID:2760
- C:\Windows\System\bowcLAD.exe
  C:\Windows\System\bowcLAD.exe
  2⤵
  PID:6040
- C:\Windows\System\hPFdUZF.exe
  C:\Windows\System\hPFdUZF.exe
  2⤵
  PID:6140
- C:\Windows\System\GLtbHqT.exe
  C:\Windows\System\GLtbHqT.exe
  2⤵
  PID:5032
- C:\Windows\System\mOnhcQu.exe
  C:\Windows\System\mOnhcQu.exe
  2⤵
  PID:3256
- C:\Windows\System\jYmCZCV.exe
  C:\Windows\System\jYmCZCV.exe
  2⤵
  PID:4092
- C:\Windows\System\IwgYYnQ.exe
  C:\Windows\System\IwgYYnQ.exe
  2⤵
  PID:4976
- C:\Windows\System\zEPJVBo.exe
  C:\Windows\System\zEPJVBo.exe
  2⤵
  PID:2580
- C:\Windows\System\FIsnUUv.exe
  C:\Windows\System\FIsnUUv.exe
  2⤵
  PID:5440
- C:\Windows\System\tkZKNCo.exe
  C:\Windows\System\tkZKNCo.exe
  2⤵
  PID:5488
- C:\Windows\System\bNFeuPu.exe
  C:\Windows\System\bNFeuPu.exe
  2⤵
  PID:5584
- C:\Windows\System\wGiFFaM.exe
  C:\Windows\System\wGiFFaM.exe
  2⤵
  PID:5668
- C:\Windows\System\urrsmdG.exe
  C:\Windows\System\urrsmdG.exe
  2⤵
  PID:5384
- C:\Windows\System\ZVQmdRT.exe
  C:\Windows\System\ZVQmdRT.exe
  2⤵
  PID:1080
- C:\Windows\System\MaQvVJi.exe
  C:\Windows\System\MaQvVJi.exe
  2⤵
  PID:5684
- C:\Windows\System\arZmWiZ.exe
  C:\Windows\System\arZmWiZ.exe
  2⤵
  PID:5764
- C:\Windows\System\RjyPhxO.exe
  C:\Windows\System\RjyPhxO.exe
  2⤵
  PID:5976
- C:\Windows\System\TIIwpMa.exe
  C:\Windows\System\TIIwpMa.exe
  2⤵
  PID:6104
- C:\Windows\System\HRjpRpR.exe
  C:\Windows\System\HRjpRpR.exe
  2⤵
  PID:5948
- C:\Windows\System\WcoOjLH.exe
  C:\Windows\System\WcoOjLH.exe
  2⤵
  PID:4340
- C:\Windows\System\qlIqYzA.exe
  C:\Windows\System\qlIqYzA.exe
  2⤵
  PID:2572
- C:\Windows\System\CMQxyLu.exe
  C:\Windows\System\CMQxyLu.exe
  2⤵
  PID:5300
- C:\Windows\System\EWbddme.exe
  C:\Windows\System\EWbddme.exe
  2⤵
  PID:5200
- C:\Windows\System\gGITQNz.exe
  C:\Windows\System\gGITQNz.exe
  2⤵
  PID:5324
- C:\Windows\System\ucXLNmc.exe
  C:\Windows\System\ucXLNmc.exe
  2⤵
  PID:5748
- C:\Windows\System\wiXitNC.exe
  C:\Windows\System\wiXitNC.exe
  2⤵
  PID:5508
- C:\Windows\System\LLDEcIX.exe
  C:\Windows\System\LLDEcIX.exe
  2⤵
  PID:5876
- C:\Windows\System\ozQOqkZ.exe
  C:\Windows\System\ozQOqkZ.exe
  2⤵
  PID:6128
- C:\Windows\System\idrzGhT.exe
  C:\Windows\System\idrzGhT.exe
  2⤵
  PID:6160
- C:\Windows\System\nVXRTGS.exe
  C:\Windows\System\nVXRTGS.exe
  2⤵
  PID:6188
- C:\Windows\System\yHmwhFz.exe
  C:\Windows\System\yHmwhFz.exe
  2⤵
  PID:6208
- C:\Windows\System\tMBMEOa.exe
  C:\Windows\System\tMBMEOa.exe
  2⤵
  PID:6224
- C:\Windows\System\NevzKDD.exe
  C:\Windows\System\NevzKDD.exe
  2⤵
  PID:6244
- C:\Windows\System\pweKsTb.exe
  C:\Windows\System\pweKsTb.exe
  2⤵
  PID:6260
- C:\Windows\System\acvxwPA.exe
  C:\Windows\System\acvxwPA.exe
  2⤵
  PID:6276
- C:\Windows\System\jERhFmC.exe
  C:\Windows\System\jERhFmC.exe
  2⤵
  PID:6296
- C:\Windows\System\OwQVRvI.exe
  C:\Windows\System\OwQVRvI.exe
  2⤵
  PID:6312
- C:\Windows\System\fFqcPjW.exe
  C:\Windows\System\fFqcPjW.exe
  2⤵
  PID:6328
- C:\Windows\System\oJkdTCx.exe
  C:\Windows\System\oJkdTCx.exe
  2⤵
  PID:6352
- C:\Windows\System\ZhOXFSh.exe
  C:\Windows\System\ZhOXFSh.exe
  2⤵
  PID:6380
- C:\Windows\System\lZNVYNA.exe
  C:\Windows\System\lZNVYNA.exe
  2⤵
  PID:6404
- C:\Windows\System\njPbnvZ.exe
  C:\Windows\System\njPbnvZ.exe
  2⤵
  PID:6420
- C:\Windows\System\pcRpVbv.exe
  C:\Windows\System\pcRpVbv.exe
  2⤵
  PID:6436
- C:\Windows\System\JZSRexl.exe
  C:\Windows\System\JZSRexl.exe
  2⤵
  PID:6452
- C:\Windows\System\iDdroOh.exe
  C:\Windows\System\iDdroOh.exe
  2⤵
  PID:6468
- C:\Windows\System\VHYSaHK.exe
  C:\Windows\System\VHYSaHK.exe
  2⤵
  PID:6488
- C:\Windows\System\NWOnHyq.exe
  C:\Windows\System\NWOnHyq.exe
  2⤵
  PID:6512
- C:\Windows\System\RNGYbSA.exe
  C:\Windows\System\RNGYbSA.exe
  2⤵
  PID:6528
- C:\Windows\System\NadSbkk.exe
  C:\Windows\System\NadSbkk.exe
  2⤵
  PID:6544
- C:\Windows\System\HpuxVER.exe
  C:\Windows\System\HpuxVER.exe
  2⤵
  PID:6564
- C:\Windows\System\TwZiBFX.exe
  C:\Windows\System\TwZiBFX.exe
  2⤵
  PID:6612
- C:\Windows\System\xNOsdwf.exe
  C:\Windows\System\xNOsdwf.exe
  2⤵
  PID:6636
- C:\Windows\System\gcQMIXN.exe
  C:\Windows\System\gcQMIXN.exe
  2⤵
  PID:6656
- C:\Windows\System\psINlcp.exe
  C:\Windows\System\psINlcp.exe
  2⤵
  PID:6676
- C:\Windows\System\yAcxnSm.exe
  C:\Windows\System\yAcxnSm.exe
  2⤵
  PID:6692
- C:\Windows\System\fdfYCba.exe
  C:\Windows\System\fdfYCba.exe
  2⤵
  PID:6712
- C:\Windows\System\gguAADR.exe
  C:\Windows\System\gguAADR.exe
  2⤵
  PID:6732
- C:\Windows\System\DDkjEAZ.exe
  C:\Windows\System\DDkjEAZ.exe
  2⤵
  PID:6752
- C:\Windows\System\mUdxuae.exe
  C:\Windows\System\mUdxuae.exe
  2⤵
  PID:6772
- C:\Windows\System\ZHnhJLO.exe
  C:\Windows\System\ZHnhJLO.exe
  2⤵
  PID:6792
- C:\Windows\System\dQGrDjh.exe
  C:\Windows\System\dQGrDjh.exe
  2⤵
  PID:6812
- C:\Windows\System\DsrSRtQ.exe
  C:\Windows\System\DsrSRtQ.exe
  2⤵
  PID:6832
- C:\Windows\System\KLdavpz.exe
  C:\Windows\System\KLdavpz.exe
  2⤵
  PID:6856
- C:\Windows\System\xxxHfpE.exe
  C:\Windows\System\xxxHfpE.exe
  2⤵
  PID:6872
- C:\Windows\System\CqbGrjr.exe
  C:\Windows\System\CqbGrjr.exe
  2⤵
  PID:6892
- C:\Windows\System\cGZbtKe.exe
  C:\Windows\System\cGZbtKe.exe
  2⤵
  PID:6908
- C:\Windows\System\XxZImdn.exe
  C:\Windows\System\XxZImdn.exe
  2⤵
  PID:6932
- C:\Windows\System\cZVyyaL.exe
  C:\Windows\System\cZVyyaL.exe
  2⤵
  PID:6948
- C:\Windows\System\vuqsTan.exe
  C:\Windows\System\vuqsTan.exe
  2⤵
  PID:6964
- C:\Windows\System\GRezrog.exe
  C:\Windows\System\GRezrog.exe
  2⤵
  PID:6984
- C:\Windows\System\VxrWHxj.exe
  C:\Windows\System\VxrWHxj.exe
  2⤵
  PID:7000
- C:\Windows\System\DQraTlZ.exe
  C:\Windows\System\DQraTlZ.exe
  2⤵
  PID:7016
- C:\Windows\System\UYMgpYC.exe
  C:\Windows\System\UYMgpYC.exe
  2⤵
  PID:7032
- C:\Windows\System\gHAcNFr.exe
  C:\Windows\System\gHAcNFr.exe
  2⤵
  PID:7048
- C:\Windows\System\AVqAMRE.exe
  C:\Windows\System\AVqAMRE.exe
  2⤵
  PID:7068
- C:\Windows\System\CQovtYw.exe
  C:\Windows\System\CQovtYw.exe
  2⤵
  PID:7084
- C:\Windows\System\KQfbgPi.exe
  C:\Windows\System\KQfbgPi.exe
  2⤵
  PID:7104
- C:\Windows\System\BQLOups.exe
  C:\Windows\System\BQLOups.exe
  2⤵
  PID:7120
- C:\Windows\System\eSHMlPg.exe
  C:\Windows\System\eSHMlPg.exe
  2⤵
  PID:7136
- C:\Windows\System\gUvLSjG.exe
  C:\Windows\System\gUvLSjG.exe
  2⤵
  PID:7152
- C:\Windows\System\iGuotgL.exe
  C:\Windows\System\iGuotgL.exe
  2⤵
  PID:6096
- C:\Windows\System\mXYOgva.exe
  C:\Windows\System\mXYOgva.exe
  2⤵
  PID:5220
- C:\Windows\System\uVRZynz.exe
  C:\Windows\System\uVRZynz.exe
  2⤵
  PID:5940
- C:\Windows\System\HYvLovk.exe
  C:\Windows\System\HYvLovk.exe
  2⤵
  PID:5588
- C:\Windows\System\kovyVMJ.exe
  C:\Windows\System\kovyVMJ.exe
  2⤵
  PID:5768
- C:\Windows\System\pNBlsJc.exe
  C:\Windows\System\pNBlsJc.exe
  2⤵
  PID:6196
- C:\Windows\System\ozwSsBV.exe
  C:\Windows\System\ozwSsBV.exe
  2⤵
  PID:6232
- C:\Windows\System\UUpUonS.exe
  C:\Windows\System\UUpUonS.exe
  2⤵
  PID:6120
- C:\Windows\System\iRpAekq.exe
  C:\Windows\System\iRpAekq.exe
  2⤵
  PID:6272
- C:\Windows\System\OTOCKuw.exe
  C:\Windows\System\OTOCKuw.exe
  2⤵
  PID:6344
- C:\Windows\System\RcmoWYm.exe
  C:\Windows\System\RcmoWYm.exe
  2⤵
  PID:6392
- C:\Windows\System\fnAIjUz.exe
  C:\Windows\System\fnAIjUz.exe
  2⤵
  PID:6432
- C:\Windows\System\CjUWCuV.exe
  C:\Windows\System\CjUWCuV.exe
  2⤵
  PID:1144
- C:\Windows\System\wtYtrXD.exe
  C:\Windows\System\wtYtrXD.exe
  2⤵
  PID:6504
- C:\Windows\System\XJcSrsH.exe
  C:\Windows\System\XJcSrsH.exe
  2⤵
  PID:6168
- C:\Windows\System\SJuZisR.exe
  C:\Windows\System\SJuZisR.exe
  2⤵
  PID:2828
- C:\Windows\System\uAfjdTn.exe
  C:\Windows\System\uAfjdTn.exe
  2⤵
  PID:6540
- C:\Windows\System\dljWeBy.exe
  C:\Windows\System\dljWeBy.exe
  2⤵
  PID:6220
- C:\Windows\System\UGAzzoQ.exe
  C:\Windows\System\UGAzzoQ.exe
  2⤵
  PID:6292
- C:\Windows\System\dBBmerv.exe
  C:\Windows\System\dBBmerv.exe
  2⤵
  PID:6364
- C:\Windows\System\KfZJMgy.exe
  C:\Windows\System\KfZJMgy.exe
  2⤵
  PID:6576
- C:\Windows\System\doyoBUM.exe
  C:\Windows\System\doyoBUM.exe
  2⤵
  PID:6596
- C:\Windows\System\hsHEmrI.exe
  C:\Windows\System\hsHEmrI.exe
  2⤵
  PID:6552
- C:\Windows\System\fuNvBDZ.exe
  C:\Windows\System\fuNvBDZ.exe
  2⤵
  PID:6324
- C:\Windows\System\spGMTGc.exe
  C:\Windows\System\spGMTGc.exe
  2⤵
  PID:6476
- C:\Windows\System\bkLlBcb.exe
  C:\Windows\System\bkLlBcb.exe
  2⤵
  PID:6412
- C:\Windows\System\kKVTtQw.exe
  C:\Windows\System\kKVTtQw.exe
  2⤵
  PID:6560
- C:\Windows\System\FJmbSdJ.exe
  C:\Windows\System\FJmbSdJ.exe
  2⤵
  PID:6648
- C:\Windows\System\PQXFMDG.exe
  C:\Windows\System\PQXFMDG.exe
  2⤵
  PID:6628
- C:\Windows\System\pVAcgDN.exe
  C:\Windows\System\pVAcgDN.exe
  2⤵
  PID:6720
- C:\Windows\System\QvDAVZX.exe
  C:\Windows\System\QvDAVZX.exe
  2⤵
  PID:2244
- C:\Windows\System\awTHIfe.exe
  C:\Windows\System\awTHIfe.exe
  2⤵
  PID:2400
- C:\Windows\System\Eawbvet.exe
  C:\Windows\System\Eawbvet.exe
  2⤵
  PID:6808
- C:\Windows\System\WaWEADW.exe
  C:\Windows\System\WaWEADW.exe
  2⤵
  PID:6852
- C:\Windows\System\zvDEYjL.exe
  C:\Windows\System\zvDEYjL.exe
  2⤵
  PID:6928
- C:\Windows\System\mZmUfYi.exe
  C:\Windows\System\mZmUfYi.exe
  2⤵
  PID:2336
- C:\Windows\System\RqTutUW.exe
  C:\Windows\System\RqTutUW.exe
  2⤵
  PID:6668
- C:\Windows\System\DvbBGJv.exe
  C:\Windows\System\DvbBGJv.exe
  2⤵
  PID:6868
- C:\Windows\System\VgoIXtj.exe
  C:\Windows\System\VgoIXtj.exe
  2⤵
  PID:7060
- C:\Windows\System\QDBNczj.exe
  C:\Windows\System\QDBNczj.exe
  2⤵
  PID:7132
- C:\Windows\System\UFQTmSZ.exe
  C:\Windows\System\UFQTmSZ.exe
  2⤵
  PID:6708
- C:\Windows\System\qJMCQSe.exe
  C:\Windows\System\qJMCQSe.exe
  2⤵
  PID:6788
- C:\Windows\System\DTjAvqz.exe
  C:\Windows\System\DTjAvqz.exe
  2⤵
  PID:6396
- C:\Windows\System\eVWExuX.exe
  C:\Windows\System\eVWExuX.exe
  2⤵
  PID:1316
- C:\Windows\System\uPUmKZK.exe
  C:\Windows\System\uPUmKZK.exe
  2⤵
  PID:6180
- C:\Windows\System\XnopaXy.exe
  C:\Windows\System\XnopaXy.exe
  2⤵
  PID:1616
- C:\Windows\System\kFNXrTG.exe
  C:\Windows\System\kFNXrTG.exe
  2⤵
  PID:2880
- C:\Windows\System\gtJxNDv.exe
  C:\Windows\System\gtJxNDv.exe
  2⤵
  PID:6360
- C:\Windows\System\taqLJyS.exe
  C:\Windows\System\taqLJyS.exe
  2⤵
  PID:6604
- C:\Windows\System\gqKULLn.exe
  C:\Windows\System\gqKULLn.exe
  2⤵
  PID:6724
- C:\Windows\System\WjHYGrg.exe
  C:\Windows\System\WjHYGrg.exe
  2⤵
  PID:6664
- C:\Windows\System\CqqlAcp.exe
  C:\Windows\System\CqqlAcp.exe
  2⤵
  PID:6768
- C:\Windows\System\bQzNlbF.exe
  C:\Windows\System\bQzNlbF.exe
  2⤵
  PID:1856
- C:\Windows\System\eCAUcfO.exe
  C:\Windows\System\eCAUcfO.exe
  2⤵
  PID:2352
- C:\Windows\System\NzYeyyq.exe
  C:\Windows\System\NzYeyyq.exe
  2⤵
  PID:1948
- C:\Windows\System\aqLVGFQ.exe
  C:\Windows\System\aqLVGFQ.exe
  2⤵
  PID:7056
- C:\Windows\System\XAGhZqv.exe
  C:\Windows\System\XAGhZqv.exe
  2⤵
  PID:1648
- C:\Windows\System\MwlyNsg.exe
  C:\Windows\System\MwlyNsg.exe
  2⤵
  PID:7160
- C:\Windows\System\BUxanwU.exe
  C:\Windows\System\BUxanwU.exe
  2⤵
  PID:6864
- C:\Windows\System\HqXhQWM.exe
  C:\Windows\System\HqXhQWM.exe
  2⤵
  PID:6944
- C:\Windows\System\hHHBPKS.exe
  C:\Windows\System\hHHBPKS.exe
  2⤵
  PID:6980
- C:\Windows\System\hXMWxOd.exe
  C:\Windows\System\hXMWxOd.exe
  2⤵
  PID:7076
- C:\Windows\System\hctIdZX.exe
  C:\Windows\System\hctIdZX.exe
  2⤵
  PID:7148
- C:\Windows\System\cOsfPUx.exe
  C:\Windows\System\cOsfPUx.exe
  2⤵
  PID:3048
- C:\Windows\System\DEQikFf.exe
  C:\Windows\System\DEQikFf.exe
  2⤵
  PID:5920
- C:\Windows\System\AfXXSVs.exe
  C:\Windows\System\AfXXSVs.exe
  2⤵
  PID:5204
- C:\Windows\System\yngpGuz.exe
  C:\Windows\System\yngpGuz.exe
  2⤵
  PID:6308
- C:\Windows\System\zMvxDkt.exe
  C:\Windows\System\zMvxDkt.exe
  2⤵
  PID:6920
- C:\Windows\System\hkCuvZP.exe
  C:\Windows\System\hkCuvZP.exe
  2⤵
  PID:6376
- C:\Windows\System\ZGjKbBt.exe
  C:\Windows\System\ZGjKbBt.exe
  2⤵
  PID:1216
- C:\Windows\System\CdZyQHi.exe
  C:\Windows\System\CdZyQHi.exe
  2⤵
  PID:6284
- C:\Windows\System\fHggRwy.exe
  C:\Windows\System\fHggRwy.exe
  2⤵
  PID:5744
- C:\Windows\System\jNoFVcP.exe
  C:\Windows\System\jNoFVcP.exe
  2⤵
  PID:1788
- C:\Windows\System\iRvAYij.exe
  C:\Windows\System\iRvAYij.exe
  2⤵
  PID:6416
- C:\Windows\System\kZvvCWn.exe
  C:\Windows\System\kZvvCWn.exe
  2⤵
  PID:1844
- C:\Windows\System\LHtTeZE.exe
  C:\Windows\System\LHtTeZE.exe
  2⤵
  PID:1612
- C:\Windows\System\krEhKSc.exe
  C:\Windows\System\krEhKSc.exe
  2⤵
  PID:6956
- C:\Windows\System\VEydeWr.exe
  C:\Windows\System\VEydeWr.exe
  2⤵
  PID:6844
- C:\Windows\System\KgCyFQc.exe
  C:\Windows\System\KgCyFQc.exe
  2⤵
  PID:7092
- C:\Windows\System\YMpYIOJ.exe
  C:\Windows\System\YMpYIOJ.exe
  2⤵
  PID:6992
- C:\Windows\System\YCtQKsL.exe
  C:\Windows\System\YCtQKsL.exe
  2⤵
  PID:6740
- C:\Windows\System\IjHAsSz.exe
  C:\Windows\System\IjHAsSz.exe
  2⤵
  PID:7144
- C:\Windows\System\PjLZrnq.exe
  C:\Windows\System\PjLZrnq.exe
  2⤵
  PID:5304
- C:\Windows\System\rCjkwdD.exe
  C:\Windows\System\rCjkwdD.exe
  2⤵
  PID:6340
- C:\Windows\System\VgWIDWt.exe
  C:\Windows\System\VgWIDWt.exe
  2⤵
  PID:5364
- C:\Windows\System\qHimNOK.exe
  C:\Windows\System\qHimNOK.exe
  2⤵
  PID:5660
- C:\Windows\System\PtAOFkt.exe
  C:\Windows\System\PtAOFkt.exe
  2⤵
  PID:7044
- C:\Windows\System\foqliNm.exe
  C:\Windows\System\foqliNm.exe
  2⤵
  PID:6592
- C:\Windows\System\gAErAJr.exe
  C:\Windows\System\gAErAJr.exe
  2⤵
  PID:6484
- C:\Windows\System\oxamnoO.exe
  C:\Windows\System\oxamnoO.exe
  2⤵
  PID:6620
- C:\Windows\System\uXSeASM.exe
  C:\Windows\System\uXSeASM.exe
  2⤵
  PID:2860
- C:\Windows\System\dpvRHrR.exe
  C:\Windows\System\dpvRHrR.exe
  2⤵
  PID:2396
- C:\Windows\System\LcsmUXJ.exe
  C:\Windows\System\LcsmUXJ.exe
  2⤵
  PID:6976
- C:\Windows\System\NMFjgqD.exe
  C:\Windows\System\NMFjgqD.exe
  2⤵
  PID:7040
- C:\Windows\System\NGyXzNo.exe
  C:\Windows\System\NGyXzNo.exe
  2⤵
  PID:7012
- C:\Windows\System\BywoUDd.exe
  C:\Windows\System\BywoUDd.exe
  2⤵
  PID:2188
- C:\Windows\System\DKwNJud.exe
  C:\Windows\System\DKwNJud.exe
  2⤵
  PID:5540
- C:\Windows\System\PGdmntE.exe
  C:\Windows\System\PGdmntE.exe
  2⤵
  PID:5260
- C:\Windows\System\zCzfMYF.exe
  C:\Windows\System\zCzfMYF.exe
  2⤵
  PID:1924
- C:\Windows\System\vBLAbio.exe
  C:\Windows\System\vBLAbio.exe
  2⤵
  PID:6764
- C:\Windows\System\INMOLQN.exe
  C:\Windows\System\INMOLQN.exe
  2⤵
  PID:5528
- C:\Windows\System\wWoqITT.exe
  C:\Windows\System\wWoqITT.exe
  2⤵
  PID:6500
- C:\Windows\System\LZNNbrY.exe
  C:\Windows\System\LZNNbrY.exe
  2⤵
  PID:6176
- C:\Windows\System\InaYWOK.exe
  C:\Windows\System\InaYWOK.exe
  2⤵
  PID:6460
- C:\Windows\System\BFYHzGU.exe
  C:\Windows\System\BFYHzGU.exe
  2⤵
  PID:4224
- C:\Windows\System\vYvPMhH.exe
  C:\Windows\System\vYvPMhH.exe
  2⤵
  PID:7184
- C:\Windows\System\kqiNyOp.exe
  C:\Windows\System\kqiNyOp.exe
  2⤵
  PID:7200
- C:\Windows\System\ESBDLas.exe
  C:\Windows\System\ESBDLas.exe
  2⤵
  PID:7216
- C:\Windows\System\xzaMcfT.exe
  C:\Windows\System\xzaMcfT.exe
  2⤵
  PID:7232
- C:\Windows\System\RLDwmfU.exe
  C:\Windows\System\RLDwmfU.exe
  2⤵
  PID:7248
- C:\Windows\System\VtQXDEC.exe
  C:\Windows\System\VtQXDEC.exe
  2⤵
  PID:7272
- C:\Windows\System\ODUWewT.exe
  C:\Windows\System\ODUWewT.exe
  2⤵
  PID:7288
- C:\Windows\System\VGjAluR.exe
  C:\Windows\System\VGjAluR.exe
  2⤵
  PID:7312
- C:\Windows\System\SkdbERU.exe
  C:\Windows\System\SkdbERU.exe
  2⤵
  PID:7332
- C:\Windows\System\IYWlMDY.exe
  C:\Windows\System\IYWlMDY.exe
  2⤵
  PID:7348
- C:\Windows\System\ATwefTH.exe
  C:\Windows\System\ATwefTH.exe
  2⤵
  PID:7364
- C:\Windows\System\JQriUFR.exe
  C:\Windows\System\JQriUFR.exe
  2⤵
  PID:7384
- C:\Windows\System\JjLukhA.exe
  C:\Windows\System\JjLukhA.exe
  2⤵
  PID:7400
- C:\Windows\System\jGRlAXP.exe
  C:\Windows\System\jGRlAXP.exe
  2⤵
  PID:7420
- C:\Windows\System\vZOHMcT.exe
  C:\Windows\System\vZOHMcT.exe
  2⤵
  PID:7476
- C:\Windows\System\HrkPvGD.exe
  C:\Windows\System\HrkPvGD.exe
  2⤵
  PID:7492
- C:\Windows\System\PPqOBKi.exe
  C:\Windows\System\PPqOBKi.exe
  2⤵
  PID:7508
- C:\Windows\System\RiwqshU.exe
  C:\Windows\System\RiwqshU.exe
  2⤵
  PID:7528
- C:\Windows\System\ZTvTknv.exe
  C:\Windows\System\ZTvTknv.exe
  2⤵
  PID:7544
- C:\Windows\System\dPeZJsg.exe
  C:\Windows\System\dPeZJsg.exe
  2⤵
  PID:7564
- C:\Windows\System\lhejaZc.exe
  C:\Windows\System\lhejaZc.exe
  2⤵
  PID:7584
- C:\Windows\System\vgSqZqP.exe
  C:\Windows\System\vgSqZqP.exe
  2⤵
  PID:7604
- C:\Windows\System\evUGYMA.exe
  C:\Windows\System\evUGYMA.exe
  2⤵
  PID:7624
- C:\Windows\System\JZyodwH.exe
  C:\Windows\System\JZyodwH.exe
  2⤵
  PID:7668
- C:\Windows\System\ddiidnn.exe
  C:\Windows\System\ddiidnn.exe
  2⤵
  PID:7684
- C:\Windows\System\lSomLAD.exe
  C:\Windows\System\lSomLAD.exe
  2⤵
  PID:7700
- C:\Windows\System\ckdHQPw.exe
  C:\Windows\System\ckdHQPw.exe
  2⤵
  PID:7716
- C:\Windows\System\HDbMRtR.exe
  C:\Windows\System\HDbMRtR.exe
  2⤵
  PID:7732
- C:\Windows\System\gyWSVPh.exe
  C:\Windows\System\gyWSVPh.exe
  2⤵
  PID:7748
- C:\Windows\System\DJAxsdI.exe
  C:\Windows\System\DJAxsdI.exe
  2⤵
  PID:7772
- C:\Windows\System\vbvrdVo.exe
  C:\Windows\System\vbvrdVo.exe
  2⤵
  PID:7792
- C:\Windows\System\TtgjTFT.exe
  C:\Windows\System\TtgjTFT.exe
  2⤵
  PID:7812
- C:\Windows\System\YtMxjqP.exe
  C:\Windows\System\YtMxjqP.exe
  2⤵
  PID:7828
- C:\Windows\System\XewIsKE.exe
  C:\Windows\System\XewIsKE.exe
  2⤵
  PID:7852
- C:\Windows\System\CuHTTUL.exe
  C:\Windows\System\CuHTTUL.exe
  2⤵
  PID:7868
- C:\Windows\System\swOyPGL.exe
  C:\Windows\System\swOyPGL.exe
  2⤵
  PID:7884
- C:\Windows\System\KLRHTme.exe
  C:\Windows\System\KLRHTme.exe
  2⤵
  PID:7900
- C:\Windows\System\gNnJIny.exe
  C:\Windows\System\gNnJIny.exe
  2⤵
  PID:7924
- C:\Windows\System\tJoLZfm.exe
  C:\Windows\System\tJoLZfm.exe
  2⤵
  PID:7940
- C:\Windows\System\ZswmCjV.exe
  C:\Windows\System\ZswmCjV.exe
  2⤵
  PID:7960
- C:\Windows\System\RMmdhjd.exe
  C:\Windows\System\RMmdhjd.exe
  2⤵
  PID:7988
- C:\Windows\System\KlykSkk.exe
  C:\Windows\System\KlykSkk.exe
  2⤵
  PID:8012
- C:\Windows\System\xXJbVyT.exe
  C:\Windows\System\xXJbVyT.exe
  2⤵
  PID:8032
- C:\Windows\System\ufyKdvd.exe
  C:\Windows\System\ufyKdvd.exe
  2⤵
  PID:8048
- C:\Windows\System\nBgQnen.exe
  C:\Windows\System\nBgQnen.exe
  2⤵
  PID:8104
- C:\Windows\System\BDgKYpm.exe
  C:\Windows\System\BDgKYpm.exe
  2⤵
  PID:8120
- C:\Windows\System\ZEqjqaX.exe
  C:\Windows\System\ZEqjqaX.exe
  2⤵
  PID:8136
- C:\Windows\System\rDvcTRJ.exe
  C:\Windows\System\rDvcTRJ.exe
  2⤵
  PID:8176
- C:\Windows\System\cZReVUD.exe
  C:\Windows\System\cZReVUD.exe
  2⤵
  PID:1976
- C:\Windows\System\RPQCUis.exe
  C:\Windows\System\RPQCUis.exe
  2⤵
  PID:7208
- C:\Windows\System\wgiEbak.exe
  C:\Windows\System\wgiEbak.exe
  2⤵
  PID:7244
- C:\Windows\System\wpZuFnF.exe
  C:\Windows\System\wpZuFnF.exe
  2⤵
  PID:7328
- C:\Windows\System\ZODvKiA.exe
  C:\Windows\System\ZODvKiA.exe
  2⤵
  PID:7392
- C:\Windows\System\AOJxxkD.exe
  C:\Windows\System\AOJxxkD.exe
  2⤵
  PID:6828
- C:\Windows\System\DxDoprC.exe
  C:\Windows\System\DxDoprC.exe
  2⤵
  PID:5268
- C:\Windows\System\XthHRPI.exe
  C:\Windows\System\XthHRPI.exe
  2⤵
  PID:7196
- C:\Windows\System\aCnyKHT.exe
  C:\Windows\System\aCnyKHT.exe
  2⤵
  PID:7260
- C:\Windows\System\ykEuieq.exe
  C:\Windows\System\ykEuieq.exe
  2⤵
  PID:7304
- C:\Windows\System\olVUeuZ.exe
  C:\Windows\System\olVUeuZ.exe
  2⤵
  PID:7372
- C:\Windows\System\milStsU.exe
  C:\Windows\System\milStsU.exe
  2⤵
  PID:7412
- C:\Windows\System\VwSjxIL.exe
  C:\Windows\System\VwSjxIL.exe
  2⤵
  PID:7468
- C:\Windows\System\ucIVzBH.exe
  C:\Windows\System\ucIVzBH.exe
  2⤵
  PID:7448
- C:\Windows\System\dgWqBhb.exe
  C:\Windows\System\dgWqBhb.exe
  2⤵
  PID:7456
- C:\Windows\System\pBUjdAt.exe
  C:\Windows\System\pBUjdAt.exe
  2⤵
  PID:7536
- C:\Windows\System\mlNkUfm.exe
  C:\Windows\System\mlNkUfm.exe
  2⤵
  PID:7612
- C:\Windows\System\FpGlvNx.exe
  C:\Windows\System\FpGlvNx.exe
  2⤵
  PID:7432
- C:\Windows\System\ujSTDob.exe
  C:\Windows\System\ujSTDob.exe
  2⤵
  PID:7488
- C:\Windows\System\OOycLFV.exe
  C:\Windows\System\OOycLFV.exe
  2⤵
  PID:7552
- C:\Windows\System\SqWrkMF.exe
  C:\Windows\System\SqWrkMF.exe
  2⤵
  PID:7600
- C:\Windows\System\PPWVXJS.exe
  C:\Windows\System\PPWVXJS.exe
  2⤵
  PID:7652
- C:\Windows\System\JCimIZh.exe
  C:\Windows\System\JCimIZh.exe
  2⤵
  PID:7636
- C:\Windows\System\MBoxEwH.exe
  C:\Windows\System\MBoxEwH.exe
  2⤵
  PID:7740
- C:\Windows\System\dTsFiVS.exe
  C:\Windows\System\dTsFiVS.exe
  2⤵
  PID:7784
- C:\Windows\System\fNOOMQH.exe
  C:\Windows\System\fNOOMQH.exe
  2⤵
  PID:7864
- C:\Windows\System\GnzLJdo.exe
  C:\Windows\System\GnzLJdo.exe
  2⤵
  PID:7936
- C:\Windows\System\xZzZnlG.exe
  C:\Windows\System\xZzZnlG.exe
  2⤵
  PID:7976
- C:\Windows\System\UPTsBTI.exe
  C:\Windows\System\UPTsBTI.exe
  2⤵
  PID:7760
- C:\Windows\System\fPFiLDp.exe
  C:\Windows\System\fPFiLDp.exe
  2⤵
  PID:7804
- C:\Windows\System\DykszOz.exe
  C:\Windows\System\DykszOz.exe
  2⤵
  PID:7876
- C:\Windows\System\qJAFHDH.exe
  C:\Windows\System\qJAFHDH.exe
  2⤵
  PID:7916
- C:\Windows\System\THWZdIB.exe
  C:\Windows\System\THWZdIB.exe
  2⤵
  PID:7956
- C:\Windows\System\DZNOcwr.exe
  C:\Windows\System\DZNOcwr.exe
  2⤵
  PID:8008
- C:\Windows\System\PAYTzxy.exe
  C:\Windows\System\PAYTzxy.exe
  2⤵
  PID:8056
- C:\Windows\System\IRpEUla.exe
  C:\Windows\System\IRpEUla.exe
  2⤵
  PID:8144
- C:\Windows\System\iXNBROz.exe
  C:\Windows\System\iXNBROz.exe
  2⤵
  PID:8160
- C:\Windows\System\wxmXFaY.exe
  C:\Windows\System\wxmXFaY.exe
  2⤵
  PID:8148
- C:\Windows\System\yEvPJYB.exe
  C:\Windows\System\yEvPJYB.exe
  2⤵
  PID:7176
- C:\Windows\System\yvOTYgu.exe
  C:\Windows\System\yvOTYgu.exe
  2⤵
  PID:6060
- C:\Windows\System\DJHMEpn.exe
  C:\Windows\System\DJHMEpn.exe
  2⤵
  PID:7324
- C:\Windows\System\hkujDee.exe
  C:\Windows\System\hkujDee.exe
  2⤵
  PID:7268
- C:\Windows\System\pPHbYnf.exe
  C:\Windows\System\pPHbYnf.exe
  2⤵
  PID:7296
- C:\Windows\System\kGbArpi.exe
  C:\Windows\System\kGbArpi.exe
  2⤵
  PID:2332
- C:\Windows\System\PGuEdWc.exe
  C:\Windows\System\PGuEdWc.exe
  2⤵
  PID:7340
- C:\Windows\System\CbHeEuT.exe
  C:\Windows\System\CbHeEuT.exe
  2⤵
  PID:7572
- C:\Windows\System\mlAMSKX.exe
  C:\Windows\System\mlAMSKX.exe
  2⤵
  PID:7708
- C:\Windows\System\gApSKDK.exe
  C:\Windows\System\gApSKDK.exe
  2⤵
  PID:7524
- C:\Windows\System\tLPUJyM.exe
  C:\Windows\System\tLPUJyM.exe
  2⤵
  PID:7712
- C:\Windows\System\SOPpojH.exe
  C:\Windows\System\SOPpojH.exe
  2⤵
  PID:7824
- C:\Windows\System\KhXAmxO.exe
  C:\Windows\System\KhXAmxO.exe
  2⤵
  PID:7728
- C:\Windows\System\KIcFoxg.exe
  C:\Windows\System\KIcFoxg.exe
  2⤵
  PID:7948
- C:\Windows\System\PmCRGUI.exe
  C:\Windows\System\PmCRGUI.exe
  2⤵
  PID:7908
- C:\Windows\System\rkjXSZO.exe
  C:\Windows\System\rkjXSZO.exe
  2⤵
  PID:8024
- C:\Windows\System\TXeIjUI.exe
  C:\Windows\System\TXeIjUI.exe
  2⤵
  PID:8028
- C:\Windows\System\mBLrTIG.exe
  C:\Windows\System\mBLrTIG.exe
  2⤵
  PID:8080
- C:\Windows\System\jyoQnLM.exe
  C:\Windows\System\jyoQnLM.exe
  2⤵
  PID:8100
- C:\Windows\System\NmrjQuZ.exe
  C:\Windows\System\NmrjQuZ.exe
  2⤵
  PID:6780
- C:\Windows\System\HfNakMd.exe
  C:\Windows\System\HfNakMd.exe
  2⤵
  PID:8152
- C:\Windows\System\NbVGEUf.exe
  C:\Windows\System\NbVGEUf.exe
  2⤵
  PID:2632
- C:\Windows\System\ZDOrYAb.exe
  C:\Windows\System\ZDOrYAb.exe
  2⤵
  PID:8164
- C:\Windows\System\cXgJDOg.exe
  C:\Windows\System\cXgJDOg.exe
  2⤵
  PID:6464
- C:\Windows\System\JeePnqK.exe
  C:\Windows\System\JeePnqK.exe
  2⤵
  PID:7256
- C:\Windows\System\nZHcsca.exe
  C:\Windows\System\nZHcsca.exe
  2⤵
  PID:3040
- C:\Windows\System\CqKcTEA.exe
  C:\Windows\System\CqKcTEA.exe
  2⤵
  PID:7344
- C:\Windows\System\FTXuzAW.exe
  C:\Windows\System\FTXuzAW.exe
  2⤵
  PID:7520
- C:\Windows\System\YDpgpXB.exe
  C:\Windows\System\YDpgpXB.exe
  2⤵
  PID:8004
- C:\Windows\System\UvRkqOD.exe
  C:\Windows\System\UvRkqOD.exe
  2⤵
  PID:7648
- C:\Windows\System\msXfDHI.exe
  C:\Windows\System\msXfDHI.exe
  2⤵
  PID:7664
- C:\Windows\System\lgGpDyr.exe
  C:\Windows\System\lgGpDyr.exe
  2⤵
  PID:7680
- C:\Windows\System\aJGHWjj.exe
  C:\Windows\System\aJGHWjj.exe
  2⤵
  PID:8092
- C:\Windows\System\ORTTbqj.exe
  C:\Windows\System\ORTTbqj.exe
  2⤵
  PID:6480
- C:\Windows\System\PJImxIs.exe
  C:\Windows\System\PJImxIs.exe
  2⤵
  PID:7632
- C:\Windows\System\aumpzxX.exe
  C:\Windows\System\aumpzxX.exe
  2⤵
  PID:8196
- C:\Windows\System\dwwOiPi.exe
  C:\Windows\System\dwwOiPi.exe
  2⤵
  PID:8212
- C:\Windows\System\RotznIR.exe
  C:\Windows\System\RotznIR.exe
  2⤵
  PID:8228
- C:\Windows\System\riZhkpa.exe
  C:\Windows\System\riZhkpa.exe
  2⤵
  PID:8244
- C:\Windows\System\kcaMfuG.exe
  C:\Windows\System\kcaMfuG.exe
  2⤵
  PID:8260
- C:\Windows\System\drpDAHE.exe
  C:\Windows\System\drpDAHE.exe
  2⤵
  PID:8276
- C:\Windows\System\mQhECTm.exe
  C:\Windows\System\mQhECTm.exe
  2⤵
  PID:8292
- C:\Windows\System\LLqCMkO.exe
  C:\Windows\System\LLqCMkO.exe
  2⤵
  PID:8308
- C:\Windows\System\uPcHuls.exe
  C:\Windows\System\uPcHuls.exe
  2⤵
  PID:8324
- C:\Windows\System\wsswdzO.exe
  C:\Windows\System\wsswdzO.exe
  2⤵
  PID:8340
- C:\Windows\System\RmBHBGV.exe
  C:\Windows\System\RmBHBGV.exe
  2⤵
  PID:8356
- C:\Windows\System\bIvXwfV.exe
  C:\Windows\System\bIvXwfV.exe
  2⤵
  PID:8372
- C:\Windows\System\IqwuwdV.exe
  C:\Windows\System\IqwuwdV.exe
  2⤵
  PID:8388
- C:\Windows\System\nTswmyz.exe
  C:\Windows\System\nTswmyz.exe
  2⤵
  PID:8404
- C:\Windows\System\EECwkLE.exe
  C:\Windows\System\EECwkLE.exe
  2⤵
  PID:8448
- C:\Windows\System\DIOyZRa.exe
  C:\Windows\System\DIOyZRa.exe
  2⤵
  PID:8472
- C:\Windows\System\yKAUuMm.exe
  C:\Windows\System\yKAUuMm.exe
  2⤵
  PID:8488
- C:\Windows\System\MznEVbJ.exe
  C:\Windows\System\MznEVbJ.exe
  2⤵
  PID:8536
- C:\Windows\System\rUpGGSA.exe
  C:\Windows\System\rUpGGSA.exe
  2⤵
  PID:8556
- C:\Windows\System\EuMjYkM.exe
  C:\Windows\System\EuMjYkM.exe
  2⤵
  PID:8572
- C:\Windows\System\ayYKWIQ.exe
  C:\Windows\System\ayYKWIQ.exe
  2⤵
  PID:8588
- C:\Windows\System\gsxfeVp.exe
  C:\Windows\System\gsxfeVp.exe
  2⤵
  PID:8604
- C:\Windows\System\KvxJhyJ.exe
  C:\Windows\System\KvxJhyJ.exe
  2⤵
  PID:8620
- C:\Windows\System\uRFuqlp.exe
  C:\Windows\System\uRFuqlp.exe
  2⤵
  PID:8636
- C:\Windows\System\ErOyqBB.exe
  C:\Windows\System\ErOyqBB.exe
  2⤵
  PID:8652
- C:\Windows\System\VZqLUBv.exe
  C:\Windows\System\VZqLUBv.exe
  2⤵
  PID:8668
- C:\Windows\System\YcWOSSO.exe
  C:\Windows\System\YcWOSSO.exe
  2⤵
  PID:8688
- C:\Windows\System\igRLnwE.exe
  C:\Windows\System\igRLnwE.exe
  2⤵
  PID:8704
- C:\Windows\System\WYxfCrC.exe
  C:\Windows\System\WYxfCrC.exe
  2⤵
  PID:8720
- C:\Windows\System\xwxDGUr.exe
  C:\Windows\System\xwxDGUr.exe
  2⤵
  PID:8736
- C:\Windows\System\QIqKFiM.exe
  C:\Windows\System\QIqKFiM.exe
  2⤵
  PID:8752
- C:\Windows\System\PWYQHGn.exe
  C:\Windows\System\PWYQHGn.exe
  2⤵
  PID:8768
- C:\Windows\System\tlohkHB.exe
  C:\Windows\System\tlohkHB.exe
  2⤵
  PID:8784
- C:\Windows\System\nevWJix.exe
  C:\Windows\System\nevWJix.exe
  2⤵
  PID:8800
- C:\Windows\System\jMmLhAv.exe
  C:\Windows\System\jMmLhAv.exe
  2⤵
  PID:8816
- C:\Windows\System\fSoGbfL.exe
  C:\Windows\System\fSoGbfL.exe
  2⤵
  PID:8836
- C:\Windows\System\mepWkfn.exe
  C:\Windows\System\mepWkfn.exe
  2⤵
  PID:8852
- C:\Windows\System\jlpIuOa.exe
  C:\Windows\System\jlpIuOa.exe
  2⤵
  PID:8868
- C:\Windows\System\MHLBcwB.exe
  C:\Windows\System\MHLBcwB.exe
  2⤵
  PID:8888
- C:\Windows\System\neqajFS.exe
  C:\Windows\System\neqajFS.exe
  2⤵
  PID:8904
- C:\Windows\System\ByrrKKe.exe
  C:\Windows\System\ByrrKKe.exe
  2⤵
  PID:8920
- C:\Windows\System\CknFQDp.exe
  C:\Windows\System\CknFQDp.exe
  2⤵
  PID:8936
- C:\Windows\System\qIxkssm.exe
  C:\Windows\System\qIxkssm.exe
  2⤵
  PID:8952
- C:\Windows\System\FkHDGkS.exe
  C:\Windows\System\FkHDGkS.exe
  2⤵
  PID:8968
- C:\Windows\System\tkGjQMO.exe
  C:\Windows\System\tkGjQMO.exe
  2⤵
  PID:8984
- C:\Windows\System\ETrjdkn.exe
  C:\Windows\System\ETrjdkn.exe
  2⤵
  PID:9000
- C:\Windows\System\YakWjCT.exe
  C:\Windows\System\YakWjCT.exe
  2⤵
  PID:9016
- C:\Windows\System\keOauns.exe
  C:\Windows\System\keOauns.exe
  2⤵
  PID:9032
- C:\Windows\System\wCdjPSN.exe
  C:\Windows\System\wCdjPSN.exe
  2⤵
  PID:9048
- C:\Windows\System\RjWSpLP.exe
  C:\Windows\System\RjWSpLP.exe
  2⤵
  PID:9064
- C:\Windows\System\vxPNLER.exe
  C:\Windows\System\vxPNLER.exe
  2⤵
  PID:9080
- C:\Windows\System\uRKOqjK.exe
  C:\Windows\System\uRKOqjK.exe
  2⤵
  PID:9096
- C:\Windows\System\tdvOqys.exe
  C:\Windows\System\tdvOqys.exe
  2⤵
  PID:9112
- C:\Windows\System\HdMtMCG.exe
  C:\Windows\System\HdMtMCG.exe
  2⤵
  PID:9128
- C:\Windows\System\vHFqHza.exe
  C:\Windows\System\vHFqHza.exe
  2⤵
  PID:9144
- C:\Windows\System\icPwpTH.exe
  C:\Windows\System\icPwpTH.exe
  2⤵
  PID:9160
- C:\Windows\System\kDzXYDw.exe
  C:\Windows\System\kDzXYDw.exe
  2⤵
  PID:9176
- C:\Windows\System\QOmoFGa.exe
  C:\Windows\System\QOmoFGa.exe
  2⤵
  PID:9192
- C:\Windows\System\qQEVSNB.exe
  C:\Windows\System\qQEVSNB.exe
  2⤵
  PID:9212
- C:\Windows\System\Cdjrdaf.exe
  C:\Windows\System\Cdjrdaf.exe
  2⤵
  PID:8088
- C:\Windows\System\FMvURoD.exe
  C:\Windows\System\FMvURoD.exe
  2⤵
  PID:8204
- C:\Windows\System\HQIcnSx.exe
  C:\Windows\System\HQIcnSx.exe
  2⤵
  PID:8304
- C:\Windows\System\iPmOffI.exe
  C:\Windows\System\iPmOffI.exe
  2⤵
  PID:8132
- C:\Windows\System\rtMbUhV.exe
  C:\Windows\System\rtMbUhV.exe
  2⤵
  PID:7444
- C:\Windows\System\yjBtOnz.exe
  C:\Windows\System\yjBtOnz.exe
  2⤵
  PID:8156
- C:\Windows\System\STwAYyd.exe
  C:\Windows\System\STwAYyd.exe
  2⤵
  PID:8396
- C:\Windows\System\PAYoFPf.exe
  C:\Windows\System\PAYoFPf.exe
  2⤵
  PID:8436
- C:\Windows\System\IvJchxc.exe
  C:\Windows\System\IvJchxc.exe
  2⤵
  PID:8096
- C:\Windows\System\oGAtPvb.exe
  C:\Windows\System\oGAtPvb.exe
  2⤵
  PID:8548
- C:\Windows\System\jUgKOly.exe
  C:\Windows\System\jUgKOly.exe
  2⤵
  PID:8764
- C:\Windows\System\bHAKFhS.exe
  C:\Windows\System\bHAKFhS.exe
  2⤵
  PID:8860
- C:\Windows\System\fbrcZZq.exe
  C:\Windows\System\fbrcZZq.exe
  2⤵
  PID:8832
- C:\Windows\System\IEWNbje.exe
  C:\Windows\System\IEWNbje.exe
  2⤵
  PID:8944
- C:\Windows\System\CVLpGkv.exe
  C:\Windows\System\CVLpGkv.exe
  2⤵
  PID:9172
- C:\Windows\System\KjwAgTV.exe
  C:\Windows\System\KjwAgTV.exe
  2⤵
  PID:6524
- C:\Windows\System\EipwyTc.exe
  C:\Windows\System\EipwyTc.exe
  2⤵
  PID:7724
- C:\Windows\System\vDMaoZc.exe
  C:\Windows\System\vDMaoZc.exe
  2⤵
  PID:8224
- C:\Windows\System\vOoloeD.exe
  C:\Windows\System\vOoloeD.exe
  2⤵
  PID:8412
- C:\Windows\System\LHCrDIc.exe
  C:\Windows\System\LHCrDIc.exe
  2⤵
  PID:8320
- C:\Windows\System\DnLCbpL.exe
  C:\Windows\System\DnLCbpL.exe
  2⤵
  PID:8380
- C:\Windows\System\VCOqGcz.exe
  C:\Windows\System\VCOqGcz.exe
  2⤵
  PID:8496
- C:\Windows\System\GbFmnsQ.exe
  C:\Windows\System\GbFmnsQ.exe
  2⤵
  PID:8508
- C:\Windows\System\EFnOBOT.exe
  C:\Windows\System\EFnOBOT.exe
  2⤵
  PID:8528
- C:\Windows\System\cKrjStG.exe
  C:\Windows\System\cKrjStG.exe
  2⤵
  PID:8712
- C:\Windows\System\CLXtCLY.exe
  C:\Windows\System\CLXtCLY.exe
  2⤵
  PID:8848
- C:\Windows\System\rZhVIjz.exe
  C:\Windows\System\rZhVIjz.exe
  2⤵
  PID:8676
- C:\Windows\System\KtbMuPr.exe
  C:\Windows\System\KtbMuPr.exe
  2⤵
  PID:8748
- C:\Windows\System\jUjWGiC.exe
  C:\Windows\System\jUjWGiC.exe
  2⤵
  PID:8728
- C:\Windows\System\NwNAVvq.exe
  C:\Windows\System\NwNAVvq.exe
  2⤵
  PID:8884
- C:\Windows\System\raCrnCb.exe
  C:\Windows\System\raCrnCb.exe
  2⤵
  PID:9008
- C:\Windows\System\bdSWtzj.exe
  C:\Windows\System\bdSWtzj.exe
  2⤵
  PID:9168
- C:\Windows\System\qpaKaMl.exe
  C:\Windows\System\qpaKaMl.exe
  2⤵
  PID:9204
- C:\Windows\System\CEwRijq.exe
  C:\Windows\System\CEwRijq.exe
  2⤵
  PID:9056
- C:\Windows\System\ZxyFbve.exe
  C:\Windows\System\ZxyFbve.exe
  2⤵
  PID:9040
- C:\Windows\System\ZUkWhRg.exe
  C:\Windows\System\ZUkWhRg.exe
  2⤵
  PID:9188
- C:\Windows\System\GxcbfLC.exe
  C:\Windows\System\GxcbfLC.exe
  2⤵
  PID:8240
- C:\Windows\System\RjArABS.exe
  C:\Windows\System\RjArABS.exe
  2⤵
  PID:7840
- C:\Windows\System\sJwfBdO.exe
  C:\Windows\System\sJwfBdO.exe
  2⤵
  PID:8272
- C:\Windows\System\DfJpXLx.exe
  C:\Windows\System\DfJpXLx.exe
  2⤵
  PID:7660
- C:\Windows\System\ftipvls.exe
  C:\Windows\System\ftipvls.exe
  2⤵
  PID:8384
- C:\Windows\System\ZfKoEIl.exe
  C:\Windows\System\ZfKoEIl.exe
  2⤵
  PID:8348
- C:\Windows\System\mbtjHqP.exe
  C:\Windows\System\mbtjHqP.exe
  2⤵
  PID:8444
- C:\Windows\System\NmKNkOq.exe
  C:\Windows\System\NmKNkOq.exe
  2⤵
  PID:8524
- C:\Windows\System\PzsXWgi.exe
  C:\Windows\System\PzsXWgi.exe
  2⤵
  PID:8516
- C:\Windows\System\txEdyTY.exe
  C:\Windows\System\txEdyTY.exe
  2⤵
  PID:8824
- C:\Windows\System\GyharWS.exe
  C:\Windows\System\GyharWS.exe
  2⤵
  PID:8744
- C:\Windows\System\VnmBtDe.exe
  C:\Windows\System\VnmBtDe.exe
  2⤵
  PID:8876
- C:\Windows\System\OKZCmli.exe
  C:\Windows\System\OKZCmli.exe
  2⤵
  PID:9108
- C:\Windows\System\pekuLOQ.exe
  C:\Windows\System\pekuLOQ.exe
  2⤵
  PID:8684
- C:\Windows\System\fUnNvYo.exe
  C:\Windows\System\fUnNvYo.exe
  2⤵
  PID:9136
- C:\Windows\System\djbRVOn.exe
  C:\Windows\System\djbRVOn.exe
  2⤵
  PID:8932
- C:\Windows\System\zfaroXy.exe
  C:\Windows\System\zfaroXy.exe
  2⤵
  PID:9088
- C:\Windows\System\HungUTQ.exe
  C:\Windows\System\HungUTQ.exe
  2⤵
  PID:9200
- C:\Windows\System\LCQKIdE.exe
  C:\Windows\System\LCQKIdE.exe
  2⤵
  PID:7768
- C:\Windows\System\WQhaaMJ.exe
  C:\Windows\System\WQhaaMJ.exe
  2⤵
  PID:9224
- C:\Windows\System\Mmbefwc.exe
  C:\Windows\System\Mmbefwc.exe
  2⤵
  PID:9272
- C:\Windows\System\cEAillA.exe
  C:\Windows\System\cEAillA.exe
  2⤵
  PID:9288
- C:\Windows\System\UiCHESM.exe
  C:\Windows\System\UiCHESM.exe
  2⤵
  PID:9304
- C:\Windows\System\bRHQhlp.exe
  C:\Windows\System\bRHQhlp.exe
  2⤵
  PID:9320
- C:\Windows\System\IlOAomO.exe
  C:\Windows\System\IlOAomO.exe
  2⤵
  PID:9336
- C:\Windows\System\rGckSYx.exe
  C:\Windows\System\rGckSYx.exe
  2⤵
  PID:9352
- C:\Windows\System\oQUUjKi.exe
  C:\Windows\System\oQUUjKi.exe
  2⤵
  PID:9368
- C:\Windows\System\xlWxDIt.exe
  C:\Windows\System\xlWxDIt.exe
  2⤵
  PID:9384
- C:\Windows\System\TCJhOnq.exe
  C:\Windows\System\TCJhOnq.exe
  2⤵
  PID:9400
- C:\Windows\System\KtnuIOF.exe
  C:\Windows\System\KtnuIOF.exe
  2⤵
  PID:9416
- C:\Windows\System\rQVkoJt.exe
  C:\Windows\System\rQVkoJt.exe
  2⤵
  PID:9432
- C:\Windows\System\KSfTOdZ.exe
  C:\Windows\System\KSfTOdZ.exe
  2⤵
  PID:9456
- C:\Windows\System\QnrMHiQ.exe
  C:\Windows\System\QnrMHiQ.exe
  2⤵
  PID:9472
- C:\Windows\System\iEpSbdO.exe
  C:\Windows\System\iEpSbdO.exe
  2⤵
  PID:9488
- C:\Windows\System\QxFyRDU.exe
  C:\Windows\System\QxFyRDU.exe
  2⤵
  PID:9504
- C:\Windows\System\fWOjbSK.exe
  C:\Windows\System\fWOjbSK.exe
  2⤵
  PID:9520
- C:\Windows\System\OsaPkip.exe
  C:\Windows\System\OsaPkip.exe
  2⤵
  PID:9536
- C:\Windows\System\OmUwvDl.exe
  C:\Windows\System\OmUwvDl.exe
  2⤵
  PID:9556
- C:\Windows\System\TGRURPm.exe
  C:\Windows\System\TGRURPm.exe
  2⤵
  PID:9580
- C:\Windows\System\sVAkyfB.exe
  C:\Windows\System\sVAkyfB.exe
  2⤵
  PID:9596
- C:\Windows\System\JlKoVKI.exe
  C:\Windows\System\JlKoVKI.exe
  2⤵
  PID:9612
- C:\Windows\System\FmmQniQ.exe
  C:\Windows\System\FmmQniQ.exe
  2⤵
  PID:9632
- C:\Windows\System\EZbXtuA.exe
  C:\Windows\System\EZbXtuA.exe
  2⤵
  PID:9652
- C:\Windows\System\KjmEzwD.exe
  C:\Windows\System\KjmEzwD.exe
  2⤵
  PID:9668
- C:\Windows\System\CcoqKVi.exe
  C:\Windows\System\CcoqKVi.exe
  2⤵
  PID:9684
- C:\Windows\System\EaAollI.exe
  C:\Windows\System\EaAollI.exe
  2⤵
  PID:9700
- C:\Windows\System\FGwArOw.exe
  C:\Windows\System\FGwArOw.exe
  2⤵
  PID:9720
- C:\Windows\System\LxKmYbb.exe
  C:\Windows\System\LxKmYbb.exe
  2⤵
  PID:9756
- C:\Windows\System\tDXEtVR.exe
  C:\Windows\System\tDXEtVR.exe
  2⤵
  PID:9776
- C:\Windows\System\gSBhJew.exe
  C:\Windows\System\gSBhJew.exe
  2⤵
  PID:9792
- C:\Windows\System\UKjRjam.exe
  C:\Windows\System\UKjRjam.exe
  2⤵
  PID:9808
- C:\Windows\System\SvgpYuP.exe
  C:\Windows\System\SvgpYuP.exe
  2⤵
  PID:9844
- C:\Windows\System\QpurFlA.exe
  C:\Windows\System\QpurFlA.exe
  2⤵
  PID:9876
- C:\Windows\System\YBgqhHJ.exe
  C:\Windows\System\YBgqhHJ.exe
  2⤵
  PID:9924
- C:\Windows\System\RGsmfIz.exe
  C:\Windows\System\RGsmfIz.exe
  2⤵
  PID:9992
- C:\Windows\System\SbSJQFA.exe
  C:\Windows\System\SbSJQFA.exe
  2⤵
  PID:10008
- C:\Windows\System\zxsBHPU.exe
  C:\Windows\System\zxsBHPU.exe
  2⤵
  PID:10028
- C:\Windows\System\eZJdXrH.exe
  C:\Windows\System\eZJdXrH.exe
  2⤵
  PID:10044
- C:\Windows\System\JSWAwtH.exe
  C:\Windows\System\JSWAwtH.exe
  2⤵
  PID:10060
- C:\Windows\System\EYyZwoh.exe
  C:\Windows\System\EYyZwoh.exe
  2⤵
  PID:10088
- C:\Windows\System\DuUaoOh.exe
  C:\Windows\System\DuUaoOh.exe
  2⤵
  PID:10112
- C:\Windows\System\ZmBKTje.exe
  C:\Windows\System\ZmBKTje.exe
  2⤵
  PID:10128
- C:\Windows\System\IEPuASK.exe
  C:\Windows\System\IEPuASK.exe
  2⤵
  PID:10164
- C:\Windows\System\DUTXefR.exe
  C:\Windows\System\DUTXefR.exe
  2⤵
  PID:10180
- C:\Windows\System\HSXFCvR.exe
  C:\Windows\System\HSXFCvR.exe
  2⤵
  PID:10196
- C:\Windows\System\VAhriVG.exe
  C:\Windows\System\VAhriVG.exe
  2⤵
  PID:10212
- C:\Windows\System\BzJvWnW.exe
  C:\Windows\System\BzJvWnW.exe
  2⤵
  PID:10228
- C:\Windows\System\GHTiZGY.exe
  C:\Windows\System\GHTiZGY.exe
  2⤵
  PID:7504
- C:\Windows\System\DEGwFJx.exe
  C:\Windows\System\DEGwFJx.exe
  2⤵
  PID:8284
- C:\Windows\System\iNullUf.exe
  C:\Windows\System\iNullUf.exe
  2⤵
  PID:8580
- C:\Windows\System\XqkoERd.exe
  C:\Windows\System\XqkoERd.exe
  2⤵
  PID:9092
- C:\Windows\System\KtaeOBL.exe
  C:\Windows\System\KtaeOBL.exe
  2⤵
  PID:9220
- C:\Windows\System\OFRywHG.exe
  C:\Windows\System\OFRywHG.exe
  2⤵
  PID:9248
- C:\Windows\System\UJSsFtB.exe
  C:\Windows\System\UJSsFtB.exe
  2⤵
  PID:7380
- C:\Windows\System\msrxNAy.exe
  C:\Windows\System\msrxNAy.exe
  2⤵
  PID:9344
- C:\Windows\System\NTxAuRi.exe
  C:\Windows\System\NTxAuRi.exe
  2⤵
  PID:9360
- C:\Windows\System\MMRabMu.exe
  C:\Windows\System\MMRabMu.exe
  2⤵
  PID:8076
- C:\Windows\System\LhRsNzj.exe
  C:\Windows\System\LhRsNzj.exe
  2⤵
  PID:9428
- C:\Windows\System\wTCyKwF.exe
  C:\Windows\System\wTCyKwF.exe
  2⤵
  PID:9528
- C:\Windows\System\jDeplky.exe
  C:\Windows\System\jDeplky.exe
  2⤵
  PID:9028
- C:\Windows\System\daKnyrw.exe
  C:\Windows\System\daKnyrw.exe
  2⤵
  PID:9712
- C:\Windows\System\WWAVIiK.exe
  C:\Windows\System\WWAVIiK.exe
  2⤵
  PID:9332
- C:\Windows\System\yOvflvI.exe
  C:\Windows\System\yOvflvI.exe
  2⤵
  PID:9284
- C:\Windows\System\wpFyusK.exe
  C:\Windows\System\wpFyusK.exe
  2⤵
  PID:9564
- C:\Windows\System\GzRbyiy.exe
  C:\Windows\System\GzRbyiy.exe
  2⤵
  PID:9648
- C:\Windows\System\iNRxBES.exe
  C:\Windows\System\iNRxBES.exe
  2⤵
  PID:9860
- C:\Windows\System\PtvmBVO.exe
  C:\Windows\System\PtvmBVO.exe
  2⤵
  PID:9448
- C:\Windows\System\jiPDkkw.exe
  C:\Windows\System\jiPDkkw.exe
  2⤵
  PID:9516
- C:\Windows\System\EyVqfZX.exe
  C:\Windows\System\EyVqfZX.exe
  2⤵
  PID:9548
- C:\Windows\System\rpHbHXA.exe
  C:\Windows\System\rpHbHXA.exe
  2⤵
  PID:9620
- C:\Windows\System\YKnuPsV.exe
  C:\Windows\System\YKnuPsV.exe
  2⤵
  PID:9696
- C:\Windows\System\nhfrQWV.exe
  C:\Windows\System\nhfrQWV.exe
  2⤵
  PID:9748
- C:\Windows\System\vywbVJz.exe
  C:\Windows\System\vywbVJz.exe
  2⤵
  PID:9732
- C:\Windows\System\SYKSHQt.exe
  C:\Windows\System\SYKSHQt.exe
  2⤵
  PID:9788
- C:\Windows\System\gJdaWYi.exe
  C:\Windows\System\gJdaWYi.exe
  2⤵
  PID:9820
- C:\Windows\System\xQcEKhc.exe
  C:\Windows\System\xQcEKhc.exe
  2⤵
  PID:9836
- C:\Windows\System\oqyPHSI.exe
  C:\Windows\System\oqyPHSI.exe
  2⤵
  PID:9908
- C:\Windows\System\nBuguyU.exe
  C:\Windows\System\nBuguyU.exe
  2⤵
  PID:9920
- C:\Windows\System\FTMOEJq.exe
  C:\Windows\System\FTMOEJq.exe
  2⤵
  PID:9944
- C:\Windows\System\lqvlNIa.exe
  C:\Windows\System\lqvlNIa.exe
  2⤵
  PID:9964
- C:\Windows\System\sFQKhZF.exe
  C:\Windows\System\sFQKhZF.exe
  2⤵
  PID:9980
- C:\Windows\System\GzQzcjw.exe
  C:\Windows\System\GzQzcjw.exe
  2⤵
  PID:10020
- C:\Windows\System\xmmIkgu.exe
  C:\Windows\System\xmmIkgu.exe
  2⤵
  PID:10004
- C:\Windows\System\VUxbtYQ.exe
  C:\Windows\System\VUxbtYQ.exe
  2⤵
  PID:10056
- C:\Windows\System\YwRiyzE.exe
  C:\Windows\System\YwRiyzE.exe
  2⤵
  PID:10084
- C:\Windows\System\uquDgbV.exe
  C:\Windows\System\uquDgbV.exe
  2⤵
  PID:10108
- C:\Windows\System\CJVaFjQ.exe
  C:\Windows\System\CJVaFjQ.exe
  2⤵
  PID:10140
- C:\Windows\System\DDLfWUW.exe
  C:\Windows\System\DDLfWUW.exe
  2⤵
  PID:10172
- C:\Windows\System\QqIIkJb.exe
  C:\Windows\System\QqIIkJb.exe
  2⤵
  PID:9280
- C:\Windows\System\vGntpsF.exe
  C:\Windows\System\vGntpsF.exe
  2⤵
  PID:9240
- C:\Windows\System\lkDaFqy.exe
  C:\Windows\System\lkDaFqy.exe
  2⤵
  PID:10152
- C:\Windows\System\vPwKnXG.exe
  C:\Windows\System\vPwKnXG.exe
  2⤵
  PID:9640
- C:\Windows\System\ucugjgo.exe
  C:\Windows\System\ucugjgo.exe
  2⤵
  PID:9268
- C:\Windows\System\Uemhtyo.exe
  C:\Windows\System\Uemhtyo.exe
  2⤵
  PID:10224
- C:\Windows\System\XJzMOWU.exe
  C:\Windows\System\XJzMOWU.exe
  2⤵
  PID:8660
- C:\Windows\System\XrAqTVs.exe
  C:\Windows\System\XrAqTVs.exe
  2⤵
  PID:8520
- C:\Windows\System\MgrMTyp.exe
  C:\Windows\System\MgrMTyp.exe
  2⤵
  PID:8960
- C:\Windows\System\NIwelej.exe
  C:\Windows\System\NIwelej.exe
  2⤵
  PID:9408
- C:\Windows\System\xGPVzZg.exe
  C:\Windows\System\xGPVzZg.exe
  2⤵
  PID:9680
- C:\Windows\System\ewqCxhk.exe
  C:\Windows\System\ewqCxhk.exe
  2⤵
  PID:10104
- C:\Windows\System\wQJaTnw.exe
  C:\Windows\System\wQJaTnw.exe
  2⤵
  PID:9768
- C:\Windows\System\cWCYPQW.exe
  C:\Windows\System\cWCYPQW.exe
  2⤵
  PID:9868
- C:\Windows\System\LlACLeV.exe
  C:\Windows\System\LlACLeV.exe
  2⤵
  PID:9544
- C:\Windows\System\zQxezcw.exe
  C:\Windows\System\zQxezcw.exe
  2⤵
  PID:9552
- C:\Windows\System\IesakVc.exe
  C:\Windows\System\IesakVc.exe
  2⤵
  PID:9740
- C:\Windows\System\hKWiYeM.exe
  C:\Windows\System\hKWiYeM.exe
  2⤵
  PID:9904
- C:\Windows\System\JkiiNAg.exe
  C:\Windows\System\JkiiNAg.exe
  2⤵
  PID:9884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ELbMoME.exe

Filesize
6.0MB

MD5
915ace322e75c172f68f880d2d79b7f0

SHA1
a0d06c3942b294cdad2158b61e3e5bc2bb3e50d5

SHA256
a7af2cfef2182febafb5adb19ce43f0e70158d69b1be02c49ec0681a108b4bed

SHA512
73431a51d3f9874ece8bc58b5f2b3a87415ba1fcef6048c803aa8794e33056be7c17e377e7eba48b8d31192e9feace60c9d6f0495146e69d09e26049c6432dad

Download Submit
C:\Windows\system\EVCvXdG.exe

Filesize
6.0MB

MD5
738602061bedd33933bb57c975b5dbfc

SHA1
0c1ccec7a41c21724b396859dc63a30af6d8194c

SHA256
4ec0af53e001e56661fb60b7374892e7a86cf19e8764cd7631b1ca0f27186e27

SHA512
527d4240b887743d35ef190d1e81fc8c015049ef99185d5336064df782b1fb4731af04f4b3c1c567f761e34f1601e7ccff5ad4362c5a898f24f7c9122f37b3b6

Download Submit
C:\Windows\system\FQhnYvq.exe

Filesize
6.0MB

MD5
7a796ca7a9cb5f4d7df747c8b2b331ed

SHA1
08c6430799ee9788d4ec662095576ee7f3e7775b

SHA256
12176a6bcd13e3328c56b71104a20cf92d2a4b99c58422689bad08e52aa1c1f7

SHA512
a5670a956641c004bbbd93e5ce50c0af809c47877196ebd162cd51833c8eb93edb525d5302a9d8eb27822604b76380f94d4aa8b8bb0947d4665fee21b74eba39

Download Submit
C:\Windows\system\GFqMQxV.exe

Filesize
6.0MB

MD5
10ff75380ed3ab5165733365408c0413

SHA1
d9cec18a7c22868b455efdb667204730301d9279

SHA256
e42d16476e5c14ba12db3f3e9ab629c920508d91cbe73e57fa2b8790c4dff9c8

SHA512
12800afcb76b71d5c65e5870810c7f0fe70519dac8e991f6b4b782d26783602e82e2ccd043ef39c9622ec31b1baaa261944599533930cf39a466a16a07cdff81

Download Submit
C:\Windows\system\GPkZgwQ.exe

Filesize
6.0MB

MD5
98dfc9cefa76b1b2fe7ceaa588c6d9f3

SHA1
a317cbbecc1e1dd10e0155eca969efad11cb1478

SHA256
1ee1ab259b2f27c98a3e26505b9d16667e881b69822f4652c8a6c89dd8e8efde

SHA512
ca5fda28ddbca2ea622c1100cd927764dba366dffc4d96b423c8be1b75627591a15569793b3c5fa24cb7c7613f7dfb4957483b1dc2e74a2e01cadbfe9e14640b

Download Submit
C:\Windows\system\IxHIELB.exe

Filesize
6.0MB

MD5
5f1b86c1fe03799956df89dd8e714a62

SHA1
2b7d9388ea9d55b6295fe0285cb8986148f56bd5

SHA256
1ee244ec66381cfbe7d17cad428780de32e1c6f0fac13269ff0b134c69c37787

SHA512
8297354d139791186a5257c222a7ddd79143e9adac49f48823b26022ad22feb5a08dd71e0d71d3c8f7b67fc10390e8854003439705b4d51ec6b863f812a3c59f

Download Submit
C:\Windows\system\LcEycGQ.exe

Filesize
6.0MB

MD5
785a6187eff17b62053e9b6e9b11c672

SHA1
74806480ca2a1c665cb21b3c0229996fa6e5541f

SHA256
a93ed51567dd63c3da25bbf3928a92343036ebbab6b4332deb5d0ee7544bdc29

SHA512
0d0f33b59e40bc5d1a778f1f81b803c470aaa2fb8b2ed9a9c5345cfb97094e483576dbec79d88f2585c9624df1b4d8774ecbac57acc3c7a4aa7194aff79bc351

Download Submit
C:\Windows\system\MFzQfWJ.exe

Filesize
6.0MB

MD5
ce195980f0a5e3e25a984b9cd1a5707d

SHA1
ce5387237684a8b8cf4fe7a187726b64ef47a85d

SHA256
87067a5343f6850a760381e862188cf81f58da3a712d717560a3e3aef9c4657c

SHA512
7f5ee26fdc69633680782a6570225fb4c218bc86f7010fd112e75a79b734e639e07c403961fa3b3bf73f0b0cc907af00deb51ad5ef9945a0ece23dfb1d1b7f1b

Download Submit
C:\Windows\system\MdedVuF.exe

Filesize
6.0MB

MD5
a0aa92a96b56754999f6c269dfbec546

SHA1
d0972fe37ce8a1579d302a40dc45ee78a07e9d90

SHA256
20272517e93a446b3f12e157b095723be4a7be9970ee839c3873415a1b6a3fc0

SHA512
851b21a92a55f1b2d9df575e81447bee2ada45bcfc33c8795db535de65e8f3929f5b99ad435d0d4bbb24724ca2e747287b1da5067e20db2ce7f82251aa7e0a4c

Download Submit
C:\Windows\system\OzGEyvQ.exe

Filesize
6.0MB

MD5
61701f15e330e49f83a535829a1f262f

SHA1
85ea039bef1a17759e0a32ca58a2c71c5e7535ca

SHA256
6f4aeee693f16127b1e3c9865b7719f445b6db3193d8ae4d372584c89273179a

SHA512
9ec22e400f0123676c3adfee403df61ff54c7be61f1395db70bd6fd5da9589240faf71fc7effd3a9ec387b3294d9c3a7fd16bebb1755e622c1344cb338ab07c4

Download Submit
C:\Windows\system\PrbsfdT.exe

Filesize
6.0MB

MD5
e1095a88faccb0bd2d4c34c166d5bcc1

SHA1
63b385176369ee85fd87a3130646b5bdf91a0618

SHA256
baa9c91d39ee80889d0b5bbd709873902da820d3eb76c5195dbd5c4f3d232f59

SHA512
ce60f8ee30d5d11bf50abe70f10bd5a1a2a1821d2302024638a762c0781fe70ef99e9718cd111bc0792c7123de34db5ebdb1e6bca6dc2a909bae8eff263b2231

Download Submit
C:\Windows\system\SJeZLTR.exe

Filesize
6.0MB

MD5
8c4314a3b686c6e2e25ba976ccecd27f

SHA1
dabae354e0c0bbf3878f288674ec95f39d2007ac

SHA256
a4f64005dede2f435cf441112158b72bd98939945de2373efbeab90e2e1da97e

SHA512
805635b90988759ff13763830cc72bd4700794f5e10fc4e7e6ccb76dc6b10c1bf33e2a351222fde8283fe9327825ae20f0d85f328b350d56bef6270a5288843c

Download Submit
C:\Windows\system\TutzPaJ.exe

Filesize
6.0MB

MD5
9a79e4c04122e2d76ce9733df3bf9474

SHA1
dfd8a3e42d20a247102b7d16f8dfa57547a79589

SHA256
2da8c221ca353dcaadd93f02e4fc40c9184ab5227c200fb2045bde64aa8e59d2

SHA512
4a4b992a7435a84d49ad6bce16a2aac2d1cd21bc4728af2f28e363640068c4f1d5400b57c03c10f2f8c0ed1d071c12eaada49fdc4309ffcfc9107b63cff4371a

Download Submit
C:\Windows\system\VuclQXT.exe

Filesize
6.0MB

MD5
cb70ace658c6d4e999eb1c6d805aa9bf

SHA1
6ea8eb5d545f7a8eb6041145ae45bc5e5703d559

SHA256
cb8a3181ae9e772575b6f9dfa9d1fdd24a3e7d3df30ca913c36a6b3c157b6b0b

SHA512
5ce55383467681ebc482b8d7d0ad29ed1e3e49b8830cd594d0cd395f5a4688b2c13dea1aee00ca39a41f05dd66e286b9f2f55a932e6685f36a32a17692f49945

Download Submit
C:\Windows\system\ZKsvcEA.exe

Filesize
6.0MB

MD5
62ddb521e5b3f98234f2d3d6f5fdcc0b

SHA1
20ea08bc7fbddb345142173162ca1d120f210bf1

SHA256
545879d8726490a68fd4265b51413a1748a6132764dd0b72a1279c92c5a6d2bf

SHA512
d9cfb0d4c91b960ec4b8a61466a1ca7ff258d46981a0d6533e4e3ba3315466ea76f50fff130e9ebebb3495c60e2524f591fcc25089a6daf15ebd7b401039681f

Download Submit
C:\Windows\system\ZOABPrp.exe

Filesize
6.0MB

MD5
373fec11fb1ad029622c8e0523007181

SHA1
af2908fb55d2be826432a68b843caac53651bdcc

SHA256
c6782607bfb02b197ed9c2c80ebff207c8c1b79b9975ecb93195c2fe3a75d2bd

SHA512
ec9280369bc42fd8c316128c36b88ba97bd23855d198b9455f172ed495c40cc0e6a108827917f37dc4bbb08dcd8525578f742bd3b731120dc7f253ad0fc0145f

Download Submit
C:\Windows\system\aHkOHvj.exe

Filesize
6.0MB

MD5
dde7362b2f8aa946a50f04d88956f1dd

SHA1
9cfb2222975eb825a842e35213973b90ddf278b4

SHA256
73150d69c6b6ded431fe307a1afedb1426fbe9fc751bea2b15fa84c904869e9f

SHA512
3b48e14ce93bca7e7cb4a962c230a46535415d19c352d0039026332d773cdcd149e23c230c17096c3705fc4afc697f27e57b7097a7b53ee001548651faead5b8

Download Submit
C:\Windows\system\aPfkvMa.exe

Filesize
6.0MB

MD5
696750e93890c4b0d534c51b94f37fc4

SHA1
4c99989608dc5521a0f645144ec8aca4adf9981e

SHA256
dcd4bf7198768a1172093d0c26ac364c36ab259091d9b78df028d5e0d1343c93

SHA512
cabb8f37574ba64c0033572adeed1122f4026bbe42ae29ddc382c74463ef9bb28cf27e2bd7269955ca4f771a86a49341c0a257a2071e8188caa8a4c1ed57d975

Download Submit
C:\Windows\system\dhfLQOP.exe

Filesize
6.0MB

MD5
ccf0edc7261a95af4b938ef3c73c77df

SHA1
b05e3a213859f769638a320e52cd0e46bc3c1107

SHA256
1b8e70829a8fc4526e561f9bc328cda85edb4cd7d0a62df579efe0cd56a1b137

SHA512
9943a0c65fc0fd7f347f65075ee59b26c0fc47a770860108ae501b09f46d4da80d225105391d9074bf87d84d2d6b1336b7370163ed3bde39c291a1a88d68cf56

Download Submit
C:\Windows\system\ehxygEg.exe

Filesize
6.0MB

MD5
791b3b35ebabe2a8c2cb7fc9f1e370f0

SHA1
04c601f6b7096e82dab33fdb2d1e6ff0facf4b54

SHA256
c4911fa54e09c2060a7a5dc1f719da371fbaeff73ad5c9171395009dbf2e8ae9

SHA512
a5e78f2e7d45543bc68326237d8e584734fca0a8d93429b4e1841e29b7d1f7255c734af0d66409bbe0e93b28c1fdba46c2cd88fe3094c71530b930e6da69f07d

Download Submit
C:\Windows\system\ffbrHxN.exe

Filesize
6.0MB

MD5
bcbddc217043a71f04eb125a6003a2f6

SHA1
d6b6614c0405cbf8e7303d93a68fa8a917264f27

SHA256
9d2437d1afaea689c9a9876b0734ddf1d4f43b4ac1054e61d1439084d428d787

SHA512
283a5c76f65d90866bc8a8976cce35d0fc17408dc0ddc3b646a75801ecde3c579561326a157034c8ed6785afcd4e409c274d6ef674baab57f7a4b95913992d4c

Download Submit
C:\Windows\system\gICOWxq.exe

Filesize
6.0MB

MD5
09a262c87d9c9600ab32190e0d2155cc

SHA1
52e04f72188d8da9d3ff9c399f3a69a59598a793

SHA256
cc548d3c28316256fe6193b21e61d47c6fb58c43f6485e17c7164027c155aa3b

SHA512
f0dae79fe8231c56178482855e4a4d50860845d39fdfadcfb4e49bed90a0040c1cc44f41b6c2d220d7dae3c20d7c6951bc3773fa510c89d031e0c85deae73f40

Download Submit
C:\Windows\system\hOsSulm.exe

Filesize
6.0MB

MD5
748c1860043b846ddbff8dedc1238052

SHA1
d40af05f92d2dfeb1ff2db3362bcbd87d9586947

SHA256
315e6a2f5a2e27578417f8d7a46654bfbcc05fbf358745f02aee4ac24a10deee

SHA512
b1661ed92c4a098f366c0d01c96d72e45d8ccdb939750d5f6c73fa6868661083796f0f84a018c4e085381f6e395d46c8523e5366ad48aee540575d36b6cac25e

Download Submit
C:\Windows\system\pzRgycg.exe

Filesize
6.0MB

MD5
77d9d15f9adada1adf87acaa108dceaa

SHA1
bec9ac37b322c9bc386a5bc2254b36c44eb6d1c6

SHA256
4a6d3e80bd045de4ade9bfc051f59ad9f862ed4b8f24037e04983ed684bb619b

SHA512
83d63b59fa23b9232d50114a0ef079c687b454cf7c27c0fe07cfe08fd20573e421a01802b634827827a9216fd6d834c5d412683a71897842f879d5377a691f43

Download Submit
C:\Windows\system\rYCeZxR.exe

Filesize
6.0MB

MD5
d727339ec183b765ef3805bbd491cbcc

SHA1
a578b44fd31addfa1273c70bb4d720b13c4b368e

SHA256
c8c858c07018ef26b2f146fc1404dea6dfe5c9ce209a7dac6b6090f231afd4fc

SHA512
ff03c878c0d4b10fca123ef20535cc6b2e8abc30b5a967a7b3e243a74018508e8da6f7770d84e54c09c798bb17c9af27f9d4a51143c99c22e8cebffc1836270c

Download Submit
C:\Windows\system\tGSKWuZ.exe

Filesize
6.0MB

MD5
23eb50d3ed56ec6cfaeed62ca3dfd3fc

SHA1
72a06edd4aa105e3f898e8c73933fe7c8076d17a

SHA256
04041923ad693f7909db77de4190293c4bfb188d93d2e50766f1fa891a15a97e

SHA512
09dcc7f402690024f5c97b6de66d4c06ae11d3bfb2354b6276065ea71380ee4d27afa94d175c5d97034403bd2072e49ef233fa72a2b6fe12d85c6dc83abd64f0

Download Submit
C:\Windows\system\tUAkvyJ.exe

Filesize
6.0MB

MD5
59dfae1534f4f2b0587505e0bd4c9d79

SHA1
c85a21c29cfbb126eb775c19b97671bceecc0bee

SHA256
70ed839256b1c8853911a78aa7df3e423ff8fb465123781ca277ae85e7c4a1e6

SHA512
3845f147d0405db56cf7377888c788d5bfd085b785bb38fa5a0f0e050edf89fb4ca02f4ba3e0fdd731017b7372625126e9a60bb7de5142a2d1435d0d0b6b626e

Download Submit
C:\Windows\system\zPBXsxV.exe

Filesize
6.0MB

MD5
a98b79839122286961b5dbb11f63431e

SHA1
78ba425622290079b81eff91de3f301e3b00a343

SHA256
2d5cb2436665c417dfb837791cfbb5583d1b2afb7d1abdf74ce8b1d298a6525c

SHA512
7973a3fa7f093efe27d01ed947eb5227306cecadd79847d529d518d4d1c76dd93c4ebeb7a4e1a888af9641b133c52791375b3a44aca5ab8a8a7279fbf07867b3

Download Submit
C:\Windows\system\zhwSbSN.exe

Filesize
6.0MB

MD5
e032aad73982dba137c768b4b483c946

SHA1
fe80068479043f937a36daa9a903f01fbad0e3ce

SHA256
a751a357a9dfd4060f91eaba94aa2fcbfc973342a4cff0e919be7712983c332b

SHA512
9650cda9287d76857e0f4d9f35b92e2cb8a82c9c6d3122b084bfc724340c98e0793b1cb7749e3acee359e6d75cfa940158706bf62eff7855b45e5adb247625df

Download Submit
C:\Windows\system\zxAMIXm.exe

Filesize
6.0MB

MD5
5d8d7be6231180b8f959d314a9587948

SHA1
9247efcc114b2c7316650554f91192292b0985d1

SHA256
88525fb3b44e5273d59e86f0760c5916679b538d67f1f2edbf4586fdc9b7a35f

SHA512
a28982629728b792eb8d189bdbe3b3d360196250ce745965053ecf72d358a0ccd1b5aa9a6ba961e028f3fb10b39223c1f91dcdd1036377cecc3d5e1d866b9b71

Download Submit
\Windows\system\AgDvFlj.exe

Filesize
6.0MB

MD5
a61b871b5b73eb65854135f4a8d0ec4e

SHA1
66d3fa5ef50b4ce085f514dad42595ab53b9f208

SHA256
faaa045bae97f860f5b0a49f2b7de33f5b6b0135c4c4aa28c9ed2e2d9451397f

SHA512
41f183129d18ff003a82a0a980c45b5359b9388a17858aca24d7562bc81a5ad0b5508cd37c2e346b7e899b898ebb39cbb6855a9ea60b06ab2b6c8037c8f7645a

Download Submit
\Windows\system\RBBvouT.exe

Filesize
6.0MB

MD5
75a89ae655e77409f7d0196b8306b4ee

SHA1
38b77e15bed6c079192cee3e6fa4d6e3cee5529e

SHA256
e367d506695908eb2874788e117734328d90d6a42f46b4cddacd23cce10f1ff6

SHA512
8316bc9a794a3e0c364a3f6d1bed47aea12eccb875f967760afb2d40057a32e51b314c6a9889b82d66a442c84b3347d78327ce839d36f76f8d5dfb5353473707

Download Submit
memory/1076-3023-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1076-2235-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1872-2010-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1872-2996-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3024-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-2265-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-2966-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1825-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2992-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1872-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2085-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2269-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1540-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2700-1510-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3100-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2011-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1788-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1473-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1873-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2700-0-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1644-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2237-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2266-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1832-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1572-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2965-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1509-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1779-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2978-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2083-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3025-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1571-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-2983-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2989-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1643-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1539-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2988-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-3022-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download