cobaltstrike | 32eb5322c61399b615c283114776dff7f74806cf02d550821e35665a7aa79d8c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5736e70e300b49cfb4db4e5aa89c90f6
SHA1

0336693304513803318a9ad0dba8c21dc2907a4e
SHA256

32eb5322c61399b615c283114776dff7f74806cf02d550821e35665a7aa79d8c
SHA512

8e9645956f97c79b57d58a2ea157e337d9d5437de8bb0307f4a0e437c72be5088095709742f90f90c8540903b0ef759a77cd2b4a0e1d0d47a2a77208e7535390
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUK:T+q56utgpPF8u/7K

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d0000000122de-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b47-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-26.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3a-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d43-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b6-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-65.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017049-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 40 IoCs

miner

resource	yara_rule
behavioral1/memory/684-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000d0000000122de-3.dat	xmrig
behavioral1/files/0x0008000000016b47-11.dat	xmrig
behavioral1/files/0x0008000000016c66-15.dat	xmrig
behavioral1/files/0x0007000000016c88-21.dat	xmrig
behavioral1/files/0x0007000000016cd7-26.dat	xmrig
behavioral1/files/0x0009000000016d3a-36.dat	xmrig
behavioral1/files/0x0008000000016d43-38.dat	xmrig
behavioral1/files/0x0005000000018686-55.dat	xmrig
behavioral1/files/0x00050000000186e7-60.dat	xmrig
behavioral1/files/0x00050000000186f4-75.dat	xmrig
behavioral1/files/0x00050000000187a8-100.dat	xmrig
behavioral1/files/0x0005000000019278-134.dat	xmrig
behavioral1/files/0x0005000000019360-150.dat	xmrig
behavioral1/memory/2616-2467-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2484-2449-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2060-2498-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b6-160.dat	xmrig
behavioral1/files/0x00050000000193a6-154.dat	xmrig
behavioral1/files/0x000500000001933f-145.dat	xmrig
behavioral1/files/0x0005000000019297-140.dat	xmrig
behavioral1/files/0x0005000000019284-133.dat	xmrig
behavioral1/files/0x0005000000019250-120.dat	xmrig
behavioral1/files/0x0006000000018c16-110.dat	xmrig
behavioral1/files/0x0005000000019269-125.dat	xmrig
behavioral1/files/0x0005000000019246-115.dat	xmrig
behavioral1/files/0x0006000000018b4e-105.dat	xmrig
behavioral1/files/0x000500000001878e-95.dat	xmrig
behavioral1/files/0x0005000000018744-90.dat	xmrig
behavioral1/files/0x0005000000018739-85.dat	xmrig
behavioral1/files/0x0005000000018704-80.dat	xmrig
behavioral1/files/0x00050000000186f1-70.dat	xmrig
behavioral1/files/0x00050000000186ed-65.dat	xmrig
behavioral1/files/0x000600000001755b-50.dat	xmrig
behavioral1/files/0x0008000000017049-45.dat	xmrig
behavioral1/files/0x0007000000016cf5-30.dat	xmrig
behavioral1/memory/684-2912-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2060-4072-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2484-4074-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2616-4077-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2484	ueUVWpp.exe
2616	hHHWrtG.exe
2060	YQgzZjT.exe
2900	msgkuXW.exe
2996	pXNiRrI.exe
2772	sMevPDk.exe
2784	hrsIAdk.exe
2928	zamqYUz.exe
2920	wEWLvbJ.exe
2804	mVPCQYX.exe
2972	HUcrZid.exe
2472	PXrNoDi.exe
2780	kjyRmkM.exe
2848	sVNKNyW.exe
2676	uNVhKFE.exe
2744	HVHxFkC.exe
2156	BycPNCm.exe
2448	kJwRryY.exe
1188	PAPbnFn.exe
2336	KFkDSrJ.exe
2000	qfRtoso.exe
1724	vZpQIyf.exe
1616	uDzhQQX.exe
1924	kXHbUFl.exe
2644	durCcjp.exe
2252	FIwQTrQ.exe
2072	MVHRQrf.exe
2268	wlUfYEu.exe
572	RajGFWz.exe
1232	UnRwypt.exe
1848	zMghrij.exe
1860	MukTQMD.exe
2196	ipfhIbi.exe
1300	wWotFpy.exe
828	RlbLqES.exe
1220	voKilcB.exe
1360	ZpkWKvN.exe
604	TABgrzL.exe
308	qdpzuhN.exe
1472	rGPZDmv.exe
2660	ZMlLmZX.exe
1260	jwZsGgX.exe
744	cwZkxTd.exe
1664	vNVJABK.exe
1076	flMSGAo.exe
1952	joHVOTl.exe
1316	xnqmkDc.exe
1916	sxJyLHc.exe
1996	WSBqHdx.exe
2308	cBzZzPM.exe
2376	GbYhnkz.exe
2596	ITdhTGy.exe
876	ifITDHt.exe
376	ixioNyf.exe
2500	aQGurgK.exe
1432	xrUfRIZ.exe
2456	NIdtWWa.exe
1716	URIwuES.exe
2184	FmAtjKf.exe
2984	DAKmXPy.exe
2520	QFfoKIk.exe
2544	gFFvNFC.exe
2944	qisgSZs.exe
3008	pRrSExk.exe

Loads dropped DLL 64 IoCs

pid	Process
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 40 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/684-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000d0000000122de-3.dat	upx
behavioral1/files/0x0008000000016b47-11.dat	upx
behavioral1/files/0x0008000000016c66-15.dat	upx
behavioral1/files/0x0007000000016c88-21.dat	upx
behavioral1/files/0x0007000000016cd7-26.dat	upx
behavioral1/files/0x0009000000016d3a-36.dat	upx
behavioral1/files/0x0008000000016d43-38.dat	upx
behavioral1/files/0x0005000000018686-55.dat	upx
behavioral1/files/0x00050000000186e7-60.dat	upx
behavioral1/files/0x00050000000186f4-75.dat	upx
behavioral1/files/0x00050000000187a8-100.dat	upx
behavioral1/files/0x0005000000019278-134.dat	upx
behavioral1/files/0x0005000000019360-150.dat	upx
behavioral1/memory/2616-2467-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2484-2449-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2060-2498-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x00050000000193b6-160.dat	upx
behavioral1/files/0x00050000000193a6-154.dat	upx
behavioral1/files/0x000500000001933f-145.dat	upx
behavioral1/files/0x0005000000019297-140.dat	upx
behavioral1/files/0x0005000000019284-133.dat	upx
behavioral1/files/0x0005000000019250-120.dat	upx
behavioral1/files/0x0006000000018c16-110.dat	upx
behavioral1/files/0x0005000000019269-125.dat	upx
behavioral1/files/0x0005000000019246-115.dat	upx
behavioral1/files/0x0006000000018b4e-105.dat	upx
behavioral1/files/0x000500000001878e-95.dat	upx
behavioral1/files/0x0005000000018744-90.dat	upx
behavioral1/files/0x0005000000018739-85.dat	upx
behavioral1/files/0x0005000000018704-80.dat	upx
behavioral1/files/0x00050000000186f1-70.dat	upx
behavioral1/files/0x00050000000186ed-65.dat	upx
behavioral1/files/0x000600000001755b-50.dat	upx
behavioral1/files/0x0008000000017049-45.dat	upx
behavioral1/files/0x0007000000016cf5-30.dat	upx
behavioral1/memory/684-2912-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2060-4072-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2484-4074-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2616-4077-0x000000013FD10000-0x0000000140064000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fvOOEFD.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfTAvfR.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciJPBhx.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfbiwJO.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFrMkBr.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMtKBAp.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoNKQmq.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcpqITV.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLRCIUu.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnymMgG.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiLkExb.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAsEagQ.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlgYFMA.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axuwGEs.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STmZDMo.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWjlQDf.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmcKQBP.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spBqlRc.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrvKVpE.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhQaCjt.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZpQIyf.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVZpEbp.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WabnCKp.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CulzEnP.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTTbBje.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDspmkE.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBnOwQb.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJlwzET.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhVerHe.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iiUITnS.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjGqpbs.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nylUYGx.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgzHyjb.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlLpoNj.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NApipHh.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opYkxEf.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYojZnk.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQPJxUa.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzfVKUD.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRTMrZg.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUphvph.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMBiVmC.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJwsaGg.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkJkJwx.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URIwuES.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmHsnAQ.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onuKfqJ.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pdGhBvB.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlLGaRq.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSyyuUW.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VceYvHn.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfRtoso.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXNkhAJ.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asNVwhe.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKHQBAI.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YuNrpRP.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzknopT.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaggSOx.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfKFDMd.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvZyBBe.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGWLazA.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKwkllF.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utYZXpb.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlstVFg.exe	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 2484	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 684 wrote to memory of 2484	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 684 wrote to memory of 2484	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 684 wrote to memory of 2616	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 684 wrote to memory of 2616	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 684 wrote to memory of 2616	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 684 wrote to memory of 2060	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 684 wrote to memory of 2060	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 684 wrote to memory of 2060	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 684 wrote to memory of 2900	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 684 wrote to memory of 2900	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 684 wrote to memory of 2900	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 684 wrote to memory of 2996	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 684 wrote to memory of 2996	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 684 wrote to memory of 2996	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 684 wrote to memory of 2772	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 684 wrote to memory of 2772	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 684 wrote to memory of 2772	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 684 wrote to memory of 2784	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 684 wrote to memory of 2784	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 684 wrote to memory of 2784	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 684 wrote to memory of 2928	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 684 wrote to memory of 2928	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 684 wrote to memory of 2928	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 684 wrote to memory of 2920	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 684 wrote to memory of 2920	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 684 wrote to memory of 2920	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 684 wrote to memory of 2804	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 684 wrote to memory of 2804	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 684 wrote to memory of 2804	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 684 wrote to memory of 2972	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 684 wrote to memory of 2972	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 684 wrote to memory of 2972	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 684 wrote to memory of 2472	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 684 wrote to memory of 2472	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 684 wrote to memory of 2472	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 684 wrote to memory of 2780	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 684 wrote to memory of 2780	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 684 wrote to memory of 2780	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 684 wrote to memory of 2848	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 684 wrote to memory of 2848	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 684 wrote to memory of 2848	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 684 wrote to memory of 2676	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 684 wrote to memory of 2676	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 684 wrote to memory of 2676	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 684 wrote to memory of 2744	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 684 wrote to memory of 2744	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 684 wrote to memory of 2744	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 684 wrote to memory of 2156	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 684 wrote to memory of 2156	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 684 wrote to memory of 2156	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 684 wrote to memory of 2448	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 684 wrote to memory of 2448	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 684 wrote to memory of 2448	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 684 wrote to memory of 1188	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 684 wrote to memory of 1188	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 684 wrote to memory of 1188	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 684 wrote to memory of 2336	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 684 wrote to memory of 2336	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 684 wrote to memory of 2336	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 684 wrote to memory of 2000	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 684 wrote to memory of 2000	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 684 wrote to memory of 2000	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 684 wrote to memory of 1724	684	2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_5736e70e300b49cfb4db4e5aa89c90f6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:684
- C:\Windows\System\ueUVWpp.exe
  C:\Windows\System\ueUVWpp.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\hHHWrtG.exe
  C:\Windows\System\hHHWrtG.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\YQgzZjT.exe
  C:\Windows\System\YQgzZjT.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\msgkuXW.exe
  C:\Windows\System\msgkuXW.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\pXNiRrI.exe
  C:\Windows\System\pXNiRrI.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\sMevPDk.exe
  C:\Windows\System\sMevPDk.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\hrsIAdk.exe
  C:\Windows\System\hrsIAdk.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\zamqYUz.exe
  C:\Windows\System\zamqYUz.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\wEWLvbJ.exe
  C:\Windows\System\wEWLvbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\mVPCQYX.exe
  C:\Windows\System\mVPCQYX.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\HUcrZid.exe
  C:\Windows\System\HUcrZid.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\PXrNoDi.exe
  C:\Windows\System\PXrNoDi.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\kjyRmkM.exe
  C:\Windows\System\kjyRmkM.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\sVNKNyW.exe
  C:\Windows\System\sVNKNyW.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\uNVhKFE.exe
  C:\Windows\System\uNVhKFE.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\HVHxFkC.exe
  C:\Windows\System\HVHxFkC.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\BycPNCm.exe
  C:\Windows\System\BycPNCm.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\kJwRryY.exe
  C:\Windows\System\kJwRryY.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\PAPbnFn.exe
  C:\Windows\System\PAPbnFn.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\KFkDSrJ.exe
  C:\Windows\System\KFkDSrJ.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\qfRtoso.exe
  C:\Windows\System\qfRtoso.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\vZpQIyf.exe
  C:\Windows\System\vZpQIyf.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\uDzhQQX.exe
  C:\Windows\System\uDzhQQX.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\kXHbUFl.exe
  C:\Windows\System\kXHbUFl.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\durCcjp.exe
  C:\Windows\System\durCcjp.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\MVHRQrf.exe
  C:\Windows\System\MVHRQrf.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\FIwQTrQ.exe
  C:\Windows\System\FIwQTrQ.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\wlUfYEu.exe
  C:\Windows\System\wlUfYEu.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\RajGFWz.exe
  C:\Windows\System\RajGFWz.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\UnRwypt.exe
  C:\Windows\System\UnRwypt.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\zMghrij.exe
  C:\Windows\System\zMghrij.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\MukTQMD.exe
  C:\Windows\System\MukTQMD.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\ipfhIbi.exe
  C:\Windows\System\ipfhIbi.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\wWotFpy.exe
  C:\Windows\System\wWotFpy.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\RlbLqES.exe
  C:\Windows\System\RlbLqES.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\voKilcB.exe
  C:\Windows\System\voKilcB.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\ZpkWKvN.exe
  C:\Windows\System\ZpkWKvN.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\TABgrzL.exe
  C:\Windows\System\TABgrzL.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\qdpzuhN.exe
  C:\Windows\System\qdpzuhN.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\rGPZDmv.exe
  C:\Windows\System\rGPZDmv.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\ZMlLmZX.exe
  C:\Windows\System\ZMlLmZX.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\jwZsGgX.exe
  C:\Windows\System\jwZsGgX.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\cwZkxTd.exe
  C:\Windows\System\cwZkxTd.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\vNVJABK.exe
  C:\Windows\System\vNVJABK.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\flMSGAo.exe
  C:\Windows\System\flMSGAo.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\joHVOTl.exe
  C:\Windows\System\joHVOTl.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\xnqmkDc.exe
  C:\Windows\System\xnqmkDc.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\sxJyLHc.exe
  C:\Windows\System\sxJyLHc.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\WSBqHdx.exe
  C:\Windows\System\WSBqHdx.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\cBzZzPM.exe
  C:\Windows\System\cBzZzPM.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\GbYhnkz.exe
  C:\Windows\System\GbYhnkz.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\ITdhTGy.exe
  C:\Windows\System\ITdhTGy.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\ifITDHt.exe
  C:\Windows\System\ifITDHt.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\ixioNyf.exe
  C:\Windows\System\ixioNyf.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\aQGurgK.exe
  C:\Windows\System\aQGurgK.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\xrUfRIZ.exe
  C:\Windows\System\xrUfRIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\NIdtWWa.exe
  C:\Windows\System\NIdtWWa.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\URIwuES.exe
  C:\Windows\System\URIwuES.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\FmAtjKf.exe
  C:\Windows\System\FmAtjKf.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\DAKmXPy.exe
  C:\Windows\System\DAKmXPy.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\QFfoKIk.exe
  C:\Windows\System\QFfoKIk.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\gFFvNFC.exe
  C:\Windows\System\gFFvNFC.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\qisgSZs.exe
  C:\Windows\System\qisgSZs.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\pRrSExk.exe
  C:\Windows\System\pRrSExk.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\YnYnQYD.exe
  C:\Windows\System\YnYnQYD.exe
  2⤵
  PID:2716
- C:\Windows\System\yIZSUQX.exe
  C:\Windows\System\yIZSUQX.exe
  2⤵
  PID:2816
- C:\Windows\System\JpdtIMb.exe
  C:\Windows\System\JpdtIMb.exe
  2⤵
  PID:2680
- C:\Windows\System\wLhanlL.exe
  C:\Windows\System\wLhanlL.exe
  2⤵
  PID:2160
- C:\Windows\System\zNMoFZj.exe
  C:\Windows\System\zNMoFZj.exe
  2⤵
  PID:1668
- C:\Windows\System\XGJXbhq.exe
  C:\Windows\System\XGJXbhq.exe
  2⤵
  PID:2432
- C:\Windows\System\iwRjizk.exe
  C:\Windows\System\iwRjizk.exe
  2⤵
  PID:2328
- C:\Windows\System\fnoZxiL.exe
  C:\Windows\System\fnoZxiL.exe
  2⤵
  PID:2116
- C:\Windows\System\EcpqITV.exe
  C:\Windows\System\EcpqITV.exe
  2⤵
  PID:1632
- C:\Windows\System\cezdCXJ.exe
  C:\Windows\System\cezdCXJ.exe
  2⤵
  PID:2256
- C:\Windows\System\KLXNpeC.exe
  C:\Windows\System\KLXNpeC.exe
  2⤵
  PID:2232
- C:\Windows\System\vRWptQw.exe
  C:\Windows\System\vRWptQw.exe
  2⤵
  PID:2248
- C:\Windows\System\AilxyXK.exe
  C:\Windows\System\AilxyXK.exe
  2⤵
  PID:1824
- C:\Windows\System\UCCtzwR.exe
  C:\Windows\System\UCCtzwR.exe
  2⤵
  PID:1516
- C:\Windows\System\eZfiLyN.exe
  C:\Windows\System\eZfiLyN.exe
  2⤵
  PID:1072
- C:\Windows\System\pFYLAvN.exe
  C:\Windows\System\pFYLAvN.exe
  2⤵
  PID:2408
- C:\Windows\System\BKGcyZJ.exe
  C:\Windows\System\BKGcyZJ.exe
  2⤵
  PID:3012
- C:\Windows\System\ilChrRM.exe
  C:\Windows\System\ilChrRM.exe
  2⤵
  PID:2172
- C:\Windows\System\eWbuLxw.exe
  C:\Windows\System\eWbuLxw.exe
  2⤵
  PID:1284
- C:\Windows\System\UCpiNLk.exe
  C:\Windows\System\UCpiNLk.exe
  2⤵
  PID:1540
- C:\Windows\System\ajbxRKE.exe
  C:\Windows\System\ajbxRKE.exe
  2⤵
  PID:2648
- C:\Windows\System\AKmDHgZ.exe
  C:\Windows\System\AKmDHgZ.exe
  2⤵
  PID:2224
- C:\Windows\System\dEHgrTd.exe
  C:\Windows\System\dEHgrTd.exe
  2⤵
  PID:1940
- C:\Windows\System\Urpugrr.exe
  C:\Windows\System\Urpugrr.exe
  2⤵
  PID:1976
- C:\Windows\System\cbscOkC.exe
  C:\Windows\System\cbscOkC.exe
  2⤵
  PID:872
- C:\Windows\System\iXogxcp.exe
  C:\Windows\System\iXogxcp.exe
  2⤵
  PID:1648
- C:\Windows\System\WsdpWZB.exe
  C:\Windows\System\WsdpWZB.exe
  2⤵
  PID:1568
- C:\Windows\System\rCiDhha.exe
  C:\Windows\System\rCiDhha.exe
  2⤵
  PID:1036
- C:\Windows\System\NpnuzWI.exe
  C:\Windows\System\NpnuzWI.exe
  2⤵
  PID:2364
- C:\Windows\System\bYZrGLZ.exe
  C:\Windows\System\bYZrGLZ.exe
  2⤵
  PID:3068
- C:\Windows\System\FfwRgjU.exe
  C:\Windows\System\FfwRgjU.exe
  2⤵
  PID:2304
- C:\Windows\System\oSNDJmn.exe
  C:\Windows\System\oSNDJmn.exe
  2⤵
  PID:2516
- C:\Windows\System\NiBTPoj.exe
  C:\Windows\System\NiBTPoj.exe
  2⤵
  PID:2420
- C:\Windows\System\ccUCRCG.exe
  C:\Windows\System\ccUCRCG.exe
  2⤵
  PID:3004
- C:\Windows\System\IIvtUgN.exe
  C:\Windows\System\IIvtUgN.exe
  2⤵
  PID:2864
- C:\Windows\System\yUBzMRQ.exe
  C:\Windows\System\yUBzMRQ.exe
  2⤵
  PID:2876
- C:\Windows\System\zzLecGB.exe
  C:\Windows\System\zzLecGB.exe
  2⤵
  PID:2436
- C:\Windows\System\rSyYZHH.exe
  C:\Windows\System\rSyYZHH.exe
  2⤵
  PID:856
- C:\Windows\System\tdSccwi.exe
  C:\Windows\System\tdSccwi.exe
  2⤵
  PID:2572
- C:\Windows\System\pEjlDIb.exe
  C:\Windows\System\pEjlDIb.exe
  2⤵
  PID:536
- C:\Windows\System\JkDvrFs.exe
  C:\Windows\System\JkDvrFs.exe
  2⤵
  PID:1772
- C:\Windows\System\oRxNBAa.exe
  C:\Windows\System\oRxNBAa.exe
  2⤵
  PID:1612
- C:\Windows\System\PXQgVYD.exe
  C:\Windows\System\PXQgVYD.exe
  2⤵
  PID:1524
- C:\Windows\System\CCAKYth.exe
  C:\Windows\System\CCAKYth.exe
  2⤵
  PID:1768
- C:\Windows\System\VaKWQql.exe
  C:\Windows\System\VaKWQql.exe
  2⤵
  PID:928
- C:\Windows\System\WYnFEpk.exe
  C:\Windows\System\WYnFEpk.exe
  2⤵
  PID:900
- C:\Windows\System\bfaGaCr.exe
  C:\Windows\System\bfaGaCr.exe
  2⤵
  PID:692
- C:\Windows\System\qeLSwLB.exe
  C:\Windows\System\qeLSwLB.exe
  2⤵
  PID:1972
- C:\Windows\System\SOpiOOu.exe
  C:\Windows\System\SOpiOOu.exe
  2⤵
  PID:296
- C:\Windows\System\wzfVKUD.exe
  C:\Windows\System\wzfVKUD.exe
  2⤵
  PID:2476
- C:\Windows\System\uHeQybk.exe
  C:\Windows\System\uHeQybk.exe
  2⤵
  PID:1564
- C:\Windows\System\vlIXUkj.exe
  C:\Windows\System\vlIXUkj.exe
  2⤵
  PID:3080
- C:\Windows\System\TUnJGle.exe
  C:\Windows\System\TUnJGle.exe
  2⤵
  PID:3108
- C:\Windows\System\DHMOfyX.exe
  C:\Windows\System\DHMOfyX.exe
  2⤵
  PID:3128
- C:\Windows\System\ooimvvo.exe
  C:\Windows\System\ooimvvo.exe
  2⤵
  PID:3148
- C:\Windows\System\LyJqcOc.exe
  C:\Windows\System\LyJqcOc.exe
  2⤵
  PID:3168
- C:\Windows\System\HUCAgrp.exe
  C:\Windows\System\HUCAgrp.exe
  2⤵
  PID:3188
- C:\Windows\System\PvaulGx.exe
  C:\Windows\System\PvaulGx.exe
  2⤵
  PID:3208
- C:\Windows\System\WmdJDkV.exe
  C:\Windows\System\WmdJDkV.exe
  2⤵
  PID:3228
- C:\Windows\System\ZQMOIwa.exe
  C:\Windows\System\ZQMOIwa.exe
  2⤵
  PID:3248
- C:\Windows\System\qOFjQmc.exe
  C:\Windows\System\qOFjQmc.exe
  2⤵
  PID:3268
- C:\Windows\System\FNMvBMS.exe
  C:\Windows\System\FNMvBMS.exe
  2⤵
  PID:3288
- C:\Windows\System\NOBbYsD.exe
  C:\Windows\System\NOBbYsD.exe
  2⤵
  PID:3308
- C:\Windows\System\eMkgGRL.exe
  C:\Windows\System\eMkgGRL.exe
  2⤵
  PID:3328
- C:\Windows\System\MwrElTD.exe
  C:\Windows\System\MwrElTD.exe
  2⤵
  PID:3348
- C:\Windows\System\kAjAPLH.exe
  C:\Windows\System\kAjAPLH.exe
  2⤵
  PID:3368
- C:\Windows\System\Bmcghzm.exe
  C:\Windows\System\Bmcghzm.exe
  2⤵
  PID:3388
- C:\Windows\System\hUxvgbB.exe
  C:\Windows\System\hUxvgbB.exe
  2⤵
  PID:3408
- C:\Windows\System\IeVaHZs.exe
  C:\Windows\System\IeVaHZs.exe
  2⤵
  PID:3428
- C:\Windows\System\wRrSrng.exe
  C:\Windows\System\wRrSrng.exe
  2⤵
  PID:3448
- C:\Windows\System\EbeVJKR.exe
  C:\Windows\System\EbeVJKR.exe
  2⤵
  PID:3468
- C:\Windows\System\szwNEij.exe
  C:\Windows\System\szwNEij.exe
  2⤵
  PID:3488
- C:\Windows\System\LDTLZLi.exe
  C:\Windows\System\LDTLZLi.exe
  2⤵
  PID:3508
- C:\Windows\System\RXnhOwi.exe
  C:\Windows\System\RXnhOwi.exe
  2⤵
  PID:3528
- C:\Windows\System\eGXPqEG.exe
  C:\Windows\System\eGXPqEG.exe
  2⤵
  PID:3548
- C:\Windows\System\FMRDBIj.exe
  C:\Windows\System\FMRDBIj.exe
  2⤵
  PID:3568
- C:\Windows\System\odKOMYf.exe
  C:\Windows\System\odKOMYf.exe
  2⤵
  PID:3588
- C:\Windows\System\SRqPKlA.exe
  C:\Windows\System\SRqPKlA.exe
  2⤵
  PID:3608
- C:\Windows\System\WGnezDK.exe
  C:\Windows\System\WGnezDK.exe
  2⤵
  PID:3628
- C:\Windows\System\WyOomvj.exe
  C:\Windows\System\WyOomvj.exe
  2⤵
  PID:3648
- C:\Windows\System\KXPcHAt.exe
  C:\Windows\System\KXPcHAt.exe
  2⤵
  PID:3668
- C:\Windows\System\QiZJFdL.exe
  C:\Windows\System\QiZJFdL.exe
  2⤵
  PID:3688
- C:\Windows\System\slnSxCc.exe
  C:\Windows\System\slnSxCc.exe
  2⤵
  PID:3708
- C:\Windows\System\sEVQwPA.exe
  C:\Windows\System\sEVQwPA.exe
  2⤵
  PID:3728
- C:\Windows\System\HEzFZFv.exe
  C:\Windows\System\HEzFZFv.exe
  2⤵
  PID:3748
- C:\Windows\System\WgqQbGb.exe
  C:\Windows\System\WgqQbGb.exe
  2⤵
  PID:3768
- C:\Windows\System\SsyOzDn.exe
  C:\Windows\System\SsyOzDn.exe
  2⤵
  PID:3788
- C:\Windows\System\VzEhmct.exe
  C:\Windows\System\VzEhmct.exe
  2⤵
  PID:3808
- C:\Windows\System\iypZYkR.exe
  C:\Windows\System\iypZYkR.exe
  2⤵
  PID:3828
- C:\Windows\System\NNOQpCC.exe
  C:\Windows\System\NNOQpCC.exe
  2⤵
  PID:3848
- C:\Windows\System\vkSUPEI.exe
  C:\Windows\System\vkSUPEI.exe
  2⤵
  PID:3868
- C:\Windows\System\YuPZjzu.exe
  C:\Windows\System\YuPZjzu.exe
  2⤵
  PID:3888
- C:\Windows\System\NXcOcEY.exe
  C:\Windows\System\NXcOcEY.exe
  2⤵
  PID:3908
- C:\Windows\System\YLAAyqt.exe
  C:\Windows\System\YLAAyqt.exe
  2⤵
  PID:3928
- C:\Windows\System\KMjLEkB.exe
  C:\Windows\System\KMjLEkB.exe
  2⤵
  PID:3948
- C:\Windows\System\txLLsaL.exe
  C:\Windows\System\txLLsaL.exe
  2⤵
  PID:3968
- C:\Windows\System\PhFPyBZ.exe
  C:\Windows\System\PhFPyBZ.exe
  2⤵
  PID:3988
- C:\Windows\System\nCSEfIC.exe
  C:\Windows\System\nCSEfIC.exe
  2⤵
  PID:4008
- C:\Windows\System\CicQEqE.exe
  C:\Windows\System\CicQEqE.exe
  2⤵
  PID:4028
- C:\Windows\System\vmHsnAQ.exe
  C:\Windows\System\vmHsnAQ.exe
  2⤵
  PID:4048
- C:\Windows\System\wcYbXOI.exe
  C:\Windows\System\wcYbXOI.exe
  2⤵
  PID:4068
- C:\Windows\System\pOuhzOY.exe
  C:\Windows\System\pOuhzOY.exe
  2⤵
  PID:4088
- C:\Windows\System\HGlznyf.exe
  C:\Windows\System\HGlznyf.exe
  2⤵
  PID:2480
- C:\Windows\System\YihmNCW.exe
  C:\Windows\System\YihmNCW.exe
  2⤵
  PID:2820
- C:\Windows\System\DNEFclu.exe
  C:\Windows\System\DNEFclu.exe
  2⤵
  PID:2800
- C:\Windows\System\mqWzSZt.exe
  C:\Windows\System\mqWzSZt.exe
  2⤵
  PID:1708
- C:\Windows\System\nylUYGx.exe
  C:\Windows\System\nylUYGx.exe
  2⤵
  PID:1288
- C:\Windows\System\UEyRZdg.exe
  C:\Windows\System\UEyRZdg.exe
  2⤵
  PID:1908
- C:\Windows\System\fGBLRSy.exe
  C:\Windows\System\fGBLRSy.exe
  2⤵
  PID:2020
- C:\Windows\System\IpjsTeQ.exe
  C:\Windows\System\IpjsTeQ.exe
  2⤵
  PID:1856
- C:\Windows\System\nWYqltG.exe
  C:\Windows\System\nWYqltG.exe
  2⤵
  PID:532
- C:\Windows\System\PyiSXYY.exe
  C:\Windows\System\PyiSXYY.exe
  2⤵
  PID:2368
- C:\Windows\System\VUHpZvV.exe
  C:\Windows\System\VUHpZvV.exe
  2⤵
  PID:884
- C:\Windows\System\QhVerHe.exe
  C:\Windows\System\QhVerHe.exe
  2⤵
  PID:3076
- C:\Windows\System\HgGQzLv.exe
  C:\Windows\System\HgGQzLv.exe
  2⤵
  PID:3100
- C:\Windows\System\TAVcJSi.exe
  C:\Windows\System\TAVcJSi.exe
  2⤵
  PID:3120
- C:\Windows\System\XQHAbBH.exe
  C:\Windows\System\XQHAbBH.exe
  2⤵
  PID:3164
- C:\Windows\System\PayShGx.exe
  C:\Windows\System\PayShGx.exe
  2⤵
  PID:3196
- C:\Windows\System\lewJvib.exe
  C:\Windows\System\lewJvib.exe
  2⤵
  PID:3236
- C:\Windows\System\yfbWVZx.exe
  C:\Windows\System\yfbWVZx.exe
  2⤵
  PID:3264
- C:\Windows\System\sNzmuzk.exe
  C:\Windows\System\sNzmuzk.exe
  2⤵
  PID:3296
- C:\Windows\System\RlosqVw.exe
  C:\Windows\System\RlosqVw.exe
  2⤵
  PID:3320
- C:\Windows\System\PCzahAS.exe
  C:\Windows\System\PCzahAS.exe
  2⤵
  PID:3364
- C:\Windows\System\cPwiWJD.exe
  C:\Windows\System\cPwiWJD.exe
  2⤵
  PID:3404
- C:\Windows\System\gWUcjzv.exe
  C:\Windows\System\gWUcjzv.exe
  2⤵
  PID:3420
- C:\Windows\System\tzTexSX.exe
  C:\Windows\System\tzTexSX.exe
  2⤵
  PID:3464
- C:\Windows\System\DoRFfbv.exe
  C:\Windows\System\DoRFfbv.exe
  2⤵
  PID:3496
- C:\Windows\System\PwnWntI.exe
  C:\Windows\System\PwnWntI.exe
  2⤵
  PID:3520
- C:\Windows\System\egtIGyv.exe
  C:\Windows\System\egtIGyv.exe
  2⤵
  PID:3564
- C:\Windows\System\ewnagNn.exe
  C:\Windows\System\ewnagNn.exe
  2⤵
  PID:3604
- C:\Windows\System\iSMDUUY.exe
  C:\Windows\System\iSMDUUY.exe
  2⤵
  PID:3624
- C:\Windows\System\TLBahlb.exe
  C:\Windows\System\TLBahlb.exe
  2⤵
  PID:3676
- C:\Windows\System\ycSpzyk.exe
  C:\Windows\System\ycSpzyk.exe
  2⤵
  PID:3704
- C:\Windows\System\DpJnHQT.exe
  C:\Windows\System\DpJnHQT.exe
  2⤵
  PID:3736
- C:\Windows\System\dLBWccA.exe
  C:\Windows\System\dLBWccA.exe
  2⤵
  PID:3760
- C:\Windows\System\InwWSgl.exe
  C:\Windows\System\InwWSgl.exe
  2⤵
  PID:3804
- C:\Windows\System\wqozyOd.exe
  C:\Windows\System\wqozyOd.exe
  2⤵
  PID:3844
- C:\Windows\System\vUJxRzb.exe
  C:\Windows\System\vUJxRzb.exe
  2⤵
  PID:3856
- C:\Windows\System\CYUaaDF.exe
  C:\Windows\System\CYUaaDF.exe
  2⤵
  PID:3904
- C:\Windows\System\axuwGEs.exe
  C:\Windows\System\axuwGEs.exe
  2⤵
  PID:3936
- C:\Windows\System\gPQPkXX.exe
  C:\Windows\System\gPQPkXX.exe
  2⤵
  PID:3960
- C:\Windows\System\HZVzNKY.exe
  C:\Windows\System\HZVzNKY.exe
  2⤵
  PID:3980
- C:\Windows\System\bhbVEsY.exe
  C:\Windows\System\bhbVEsY.exe
  2⤵
  PID:4036
- C:\Windows\System\YyerGRk.exe
  C:\Windows\System\YyerGRk.exe
  2⤵
  PID:4076
- C:\Windows\System\yGXKNPS.exe
  C:\Windows\System\yGXKNPS.exe
  2⤵
  PID:2488
- C:\Windows\System\yFVeAHJ.exe
  C:\Windows\System\yFVeAHJ.exe
  2⤵
  PID:1932
- C:\Windows\System\fvOOEFD.exe
  C:\Windows\System\fvOOEFD.exe
  2⤵
  PID:2140
- C:\Windows\System\JkwsHOp.exe
  C:\Windows\System\JkwsHOp.exe
  2⤵
  PID:2132
- C:\Windows\System\EEvGvSe.exe
  C:\Windows\System\EEvGvSe.exe
  2⤵
  PID:1264
- C:\Windows\System\uodQUrf.exe
  C:\Windows\System\uodQUrf.exe
  2⤵
  PID:1852
- C:\Windows\System\pQIKDqj.exe
  C:\Windows\System\pQIKDqj.exe
  2⤵
  PID:2080
- C:\Windows\System\qTppBGn.exe
  C:\Windows\System\qTppBGn.exe
  2⤵
  PID:2932
- C:\Windows\System\ZCYMywB.exe
  C:\Windows\System\ZCYMywB.exe
  2⤵
  PID:3116
- C:\Windows\System\YOJRTSG.exe
  C:\Windows\System\YOJRTSG.exe
  2⤵
  PID:3144
- C:\Windows\System\sXwjyYL.exe
  C:\Windows\System\sXwjyYL.exe
  2⤵
  PID:3216
- C:\Windows\System\jvDNpbL.exe
  C:\Windows\System\jvDNpbL.exe
  2⤵
  PID:3284
- C:\Windows\System\xumiCnf.exe
  C:\Windows\System\xumiCnf.exe
  2⤵
  PID:3356
- C:\Windows\System\ToFEugX.exe
  C:\Windows\System\ToFEugX.exe
  2⤵
  PID:3400
- C:\Windows\System\QqANNhY.exe
  C:\Windows\System\QqANNhY.exe
  2⤵
  PID:3440
- C:\Windows\System\qgJrhfG.exe
  C:\Windows\System\qgJrhfG.exe
  2⤵
  PID:3460
- C:\Windows\System\aJBzFRN.exe
  C:\Windows\System\aJBzFRN.exe
  2⤵
  PID:3596
- C:\Windows\System\PgMaTtx.exe
  C:\Windows\System\PgMaTtx.exe
  2⤵
  PID:3616
- C:\Windows\System\doDUSZG.exe
  C:\Windows\System\doDUSZG.exe
  2⤵
  PID:3696
- C:\Windows\System\jivKngu.exe
  C:\Windows\System\jivKngu.exe
  2⤵
  PID:3764
- C:\Windows\System\ehSwQNK.exe
  C:\Windows\System\ehSwQNK.exe
  2⤵
  PID:3780
- C:\Windows\System\dvZyBBe.exe
  C:\Windows\System\dvZyBBe.exe
  2⤵
  PID:3880
- C:\Windows\System\jBUFCMX.exe
  C:\Windows\System\jBUFCMX.exe
  2⤵
  PID:3924
- C:\Windows\System\msIrufg.exe
  C:\Windows\System\msIrufg.exe
  2⤵
  PID:3984
- C:\Windows\System\bgNrRUx.exe
  C:\Windows\System\bgNrRUx.exe
  2⤵
  PID:4020
- C:\Windows\System\YGkqigv.exe
  C:\Windows\System\YGkqigv.exe
  2⤵
  PID:4084
- C:\Windows\System\rEaRxud.exe
  C:\Windows\System\rEaRxud.exe
  2⤵
  PID:2992
- C:\Windows\System\rnjwdVR.exe
  C:\Windows\System\rnjwdVR.exe
  2⤵
  PID:1572
- C:\Windows\System\RaZVcMx.exe
  C:\Windows\System\RaZVcMx.exe
  2⤵
  PID:1468
- C:\Windows\System\zQdlmrZ.exe
  C:\Windows\System\zQdlmrZ.exe
  2⤵
  PID:4108
- C:\Windows\System\xdBMwkz.exe
  C:\Windows\System\xdBMwkz.exe
  2⤵
  PID:4128
- C:\Windows\System\haqvHrz.exe
  C:\Windows\System\haqvHrz.exe
  2⤵
  PID:4148
- C:\Windows\System\KMxLVPs.exe
  C:\Windows\System\KMxLVPs.exe
  2⤵
  PID:4172
- C:\Windows\System\wnzzGkT.exe
  C:\Windows\System\wnzzGkT.exe
  2⤵
  PID:4192
- C:\Windows\System\MQnkylm.exe
  C:\Windows\System\MQnkylm.exe
  2⤵
  PID:4212
- C:\Windows\System\mFarrLe.exe
  C:\Windows\System\mFarrLe.exe
  2⤵
  PID:4232
- C:\Windows\System\MgsDGrb.exe
  C:\Windows\System\MgsDGrb.exe
  2⤵
  PID:4252
- C:\Windows\System\MzfVvZD.exe
  C:\Windows\System\MzfVvZD.exe
  2⤵
  PID:4272
- C:\Windows\System\XWGCzlA.exe
  C:\Windows\System\XWGCzlA.exe
  2⤵
  PID:4292
- C:\Windows\System\EVeGQGy.exe
  C:\Windows\System\EVeGQGy.exe
  2⤵
  PID:4312
- C:\Windows\System\eNSnorV.exe
  C:\Windows\System\eNSnorV.exe
  2⤵
  PID:4332
- C:\Windows\System\QmkjZFR.exe
  C:\Windows\System\QmkjZFR.exe
  2⤵
  PID:4352
- C:\Windows\System\gRybGdL.exe
  C:\Windows\System\gRybGdL.exe
  2⤵
  PID:4372
- C:\Windows\System\mTMUzZt.exe
  C:\Windows\System\mTMUzZt.exe
  2⤵
  PID:4392
- C:\Windows\System\aONNERq.exe
  C:\Windows\System\aONNERq.exe
  2⤵
  PID:4412
- C:\Windows\System\jmcLFIZ.exe
  C:\Windows\System\jmcLFIZ.exe
  2⤵
  PID:4432
- C:\Windows\System\PXsWSVs.exe
  C:\Windows\System\PXsWSVs.exe
  2⤵
  PID:4452
- C:\Windows\System\QquyxIo.exe
  C:\Windows\System\QquyxIo.exe
  2⤵
  PID:4472
- C:\Windows\System\TRannMh.exe
  C:\Windows\System\TRannMh.exe
  2⤵
  PID:4492
- C:\Windows\System\sDEMAAZ.exe
  C:\Windows\System\sDEMAAZ.exe
  2⤵
  PID:4512
- C:\Windows\System\TyRmKqu.exe
  C:\Windows\System\TyRmKqu.exe
  2⤵
  PID:4532
- C:\Windows\System\PDHUnuz.exe
  C:\Windows\System\PDHUnuz.exe
  2⤵
  PID:4552
- C:\Windows\System\MgAwuFQ.exe
  C:\Windows\System\MgAwuFQ.exe
  2⤵
  PID:4572
- C:\Windows\System\QwFDvxE.exe
  C:\Windows\System\QwFDvxE.exe
  2⤵
  PID:4592
- C:\Windows\System\wJzBPVE.exe
  C:\Windows\System\wJzBPVE.exe
  2⤵
  PID:4612
- C:\Windows\System\JSBHtnq.exe
  C:\Windows\System\JSBHtnq.exe
  2⤵
  PID:4632
- C:\Windows\System\TQgVPtN.exe
  C:\Windows\System\TQgVPtN.exe
  2⤵
  PID:4652
- C:\Windows\System\RAAaxvm.exe
  C:\Windows\System\RAAaxvm.exe
  2⤵
  PID:4672
- C:\Windows\System\yezmMrj.exe
  C:\Windows\System\yezmMrj.exe
  2⤵
  PID:4692
- C:\Windows\System\IfTAvfR.exe
  C:\Windows\System\IfTAvfR.exe
  2⤵
  PID:4712
- C:\Windows\System\cFiNSoa.exe
  C:\Windows\System\cFiNSoa.exe
  2⤵
  PID:4732
- C:\Windows\System\hDbOwLK.exe
  C:\Windows\System\hDbOwLK.exe
  2⤵
  PID:4752
- C:\Windows\System\CayCJIg.exe
  C:\Windows\System\CayCJIg.exe
  2⤵
  PID:4772
- C:\Windows\System\OdPmcdE.exe
  C:\Windows\System\OdPmcdE.exe
  2⤵
  PID:4792
- C:\Windows\System\gWKPKFs.exe
  C:\Windows\System\gWKPKFs.exe
  2⤵
  PID:4812
- C:\Windows\System\oBDsyWW.exe
  C:\Windows\System\oBDsyWW.exe
  2⤵
  PID:4832
- C:\Windows\System\WtBvqmN.exe
  C:\Windows\System\WtBvqmN.exe
  2⤵
  PID:4852
- C:\Windows\System\xWuODFv.exe
  C:\Windows\System\xWuODFv.exe
  2⤵
  PID:4872
- C:\Windows\System\NPJzXUX.exe
  C:\Windows\System\NPJzXUX.exe
  2⤵
  PID:4892
- C:\Windows\System\dyHmcAI.exe
  C:\Windows\System\dyHmcAI.exe
  2⤵
  PID:4912
- C:\Windows\System\STmZDMo.exe
  C:\Windows\System\STmZDMo.exe
  2⤵
  PID:4932
- C:\Windows\System\qCPejyX.exe
  C:\Windows\System\qCPejyX.exe
  2⤵
  PID:4952
- C:\Windows\System\nQLbIYa.exe
  C:\Windows\System\nQLbIYa.exe
  2⤵
  PID:4972
- C:\Windows\System\mUdOTDm.exe
  C:\Windows\System\mUdOTDm.exe
  2⤵
  PID:4996
- C:\Windows\System\JSIHoed.exe
  C:\Windows\System\JSIHoed.exe
  2⤵
  PID:5016
- C:\Windows\System\rCvlifS.exe
  C:\Windows\System\rCvlifS.exe
  2⤵
  PID:5036
- C:\Windows\System\xvhciYI.exe
  C:\Windows\System\xvhciYI.exe
  2⤵
  PID:5056
- C:\Windows\System\EuKvONe.exe
  C:\Windows\System\EuKvONe.exe
  2⤵
  PID:5076
- C:\Windows\System\hWpFKpI.exe
  C:\Windows\System\hWpFKpI.exe
  2⤵
  PID:5096
- C:\Windows\System\vCuJlvc.exe
  C:\Windows\System\vCuJlvc.exe
  2⤵
  PID:5116
- C:\Windows\System\QLwcVRh.exe
  C:\Windows\System\QLwcVRh.exe
  2⤵
  PID:1792
- C:\Windows\System\vBDJCeX.exe
  C:\Windows\System\vBDJCeX.exe
  2⤵
  PID:3176
- C:\Windows\System\cWeYPXv.exe
  C:\Windows\System\cWeYPXv.exe
  2⤵
  PID:3224
- C:\Windows\System\wngMmjw.exe
  C:\Windows\System\wngMmjw.exe
  2⤵
  PID:3344
- C:\Windows\System\IBltMon.exe
  C:\Windows\System\IBltMon.exe
  2⤵
  PID:3456
- C:\Windows\System\XODpsYZ.exe
  C:\Windows\System\XODpsYZ.exe
  2⤵
  PID:3500
- C:\Windows\System\weOOhJv.exe
  C:\Windows\System\weOOhJv.exe
  2⤵
  PID:3636
- C:\Windows\System\xNIkINd.exe
  C:\Windows\System\xNIkINd.exe
  2⤵
  PID:3620
- C:\Windows\System\lAQKePN.exe
  C:\Windows\System\lAQKePN.exe
  2⤵
  PID:3756
- C:\Windows\System\KWcRflM.exe
  C:\Windows\System\KWcRflM.exe
  2⤵
  PID:3900
- C:\Windows\System\MapLYLN.exe
  C:\Windows\System\MapLYLN.exe
  2⤵
  PID:3964
- C:\Windows\System\wQTUmQn.exe
  C:\Windows\System\wQTUmQn.exe
  2⤵
  PID:4064
- C:\Windows\System\nKHElTo.exe
  C:\Windows\System\nKHElTo.exe
  2⤵
  PID:4080
- C:\Windows\System\ZVfWxPL.exe
  C:\Windows\System\ZVfWxPL.exe
  2⤵
  PID:1656
- C:\Windows\System\qOCoGiG.exe
  C:\Windows\System\qOCoGiG.exe
  2⤵
  PID:4136
- C:\Windows\System\rdMJuck.exe
  C:\Windows\System\rdMJuck.exe
  2⤵
  PID:4168
- C:\Windows\System\lNKDcHp.exe
  C:\Windows\System\lNKDcHp.exe
  2⤵
  PID:4200
- C:\Windows\System\YcTpvaI.exe
  C:\Windows\System\YcTpvaI.exe
  2⤵
  PID:4224
- C:\Windows\System\RbUujBs.exe
  C:\Windows\System\RbUujBs.exe
  2⤵
  PID:4244
- C:\Windows\System\vLmVgsO.exe
  C:\Windows\System\vLmVgsO.exe
  2⤵
  PID:4300
- C:\Windows\System\dfKzfSK.exe
  C:\Windows\System\dfKzfSK.exe
  2⤵
  PID:4324
- C:\Windows\System\EZbvRXW.exe
  C:\Windows\System\EZbvRXW.exe
  2⤵
  PID:4368
- C:\Windows\System\TfjObPl.exe
  C:\Windows\System\TfjObPl.exe
  2⤵
  PID:4400
- C:\Windows\System\rOOjZRS.exe
  C:\Windows\System\rOOjZRS.exe
  2⤵
  PID:4424
- C:\Windows\System\DZQfuPS.exe
  C:\Windows\System\DZQfuPS.exe
  2⤵
  PID:4468
- C:\Windows\System\HLACyXi.exe
  C:\Windows\System\HLACyXi.exe
  2⤵
  PID:4488
- C:\Windows\System\acSxsYG.exe
  C:\Windows\System\acSxsYG.exe
  2⤵
  PID:4540
- C:\Windows\System\WEnoxVk.exe
  C:\Windows\System\WEnoxVk.exe
  2⤵
  PID:4568
- C:\Windows\System\NqiywBH.exe
  C:\Windows\System\NqiywBH.exe
  2⤵
  PID:4600
- C:\Windows\System\HnpvVhU.exe
  C:\Windows\System\HnpvVhU.exe
  2⤵
  PID:4624
- C:\Windows\System\ZfrZNrL.exe
  C:\Windows\System\ZfrZNrL.exe
  2⤵
  PID:4668
- C:\Windows\System\lUPZtIE.exe
  C:\Windows\System\lUPZtIE.exe
  2⤵
  PID:4684
- C:\Windows\System\hPrDpuE.exe
  C:\Windows\System\hPrDpuE.exe
  2⤵
  PID:4724
- C:\Windows\System\KjeoGhK.exe
  C:\Windows\System\KjeoGhK.exe
  2⤵
  PID:4768
- C:\Windows\System\UhfTVWK.exe
  C:\Windows\System\UhfTVWK.exe
  2⤵
  PID:4800
- C:\Windows\System\iVZpEbp.exe
  C:\Windows\System\iVZpEbp.exe
  2⤵
  PID:4824
- C:\Windows\System\yBsYuaq.exe
  C:\Windows\System\yBsYuaq.exe
  2⤵
  PID:4868
- C:\Windows\System\TIlFHWm.exe
  C:\Windows\System\TIlFHWm.exe
  2⤵
  PID:4884
- C:\Windows\System\VBlPSbU.exe
  C:\Windows\System\VBlPSbU.exe
  2⤵
  PID:4924
- C:\Windows\System\SVchiYv.exe
  C:\Windows\System\SVchiYv.exe
  2⤵
  PID:4980
- C:\Windows\System\ATjqNIS.exe
  C:\Windows\System\ATjqNIS.exe
  2⤵
  PID:5012
- C:\Windows\System\PUEsEQd.exe
  C:\Windows\System\PUEsEQd.exe
  2⤵
  PID:5044
- C:\Windows\System\vUyCcSE.exe
  C:\Windows\System\vUyCcSE.exe
  2⤵
  PID:5068
- C:\Windows\System\MLjCDqU.exe
  C:\Windows\System\MLjCDqU.exe
  2⤵
  PID:5088
- C:\Windows\System\taKoaeY.exe
  C:\Windows\System\taKoaeY.exe
  2⤵
  PID:2396
- C:\Windows\System\CGRcTXE.exe
  C:\Windows\System\CGRcTXE.exe
  2⤵
  PID:3324
- C:\Windows\System\EkZSdAg.exe
  C:\Windows\System\EkZSdAg.exe
  2⤵
  PID:3340
- C:\Windows\System\gUFWcHv.exe
  C:\Windows\System\gUFWcHv.exe
  2⤵
  PID:3576
- C:\Windows\System\VcoLAfL.exe
  C:\Windows\System\VcoLAfL.exe
  2⤵
  PID:3680
- C:\Windows\System\iwtzzYa.exe
  C:\Windows\System\iwtzzYa.exe
  2⤵
  PID:3796
- C:\Windows\System\VStISRa.exe
  C:\Windows\System\VStISRa.exe
  2⤵
  PID:4056
- C:\Windows\System\XtUMqwT.exe
  C:\Windows\System\XtUMqwT.exe
  2⤵
  PID:2284
- C:\Windows\System\ujkVZwj.exe
  C:\Windows\System\ujkVZwj.exe
  2⤵
  PID:4124
- C:\Windows\System\uttjAky.exe
  C:\Windows\System\uttjAky.exe
  2⤵
  PID:4180
- C:\Windows\System\SzWnTay.exe
  C:\Windows\System\SzWnTay.exe
  2⤵
  PID:4220
- C:\Windows\System\DxBXznu.exe
  C:\Windows\System\DxBXznu.exe
  2⤵
  PID:4284
- C:\Windows\System\eEBXmYI.exe
  C:\Windows\System\eEBXmYI.exe
  2⤵
  PID:4348
- C:\Windows\System\ZsuwpmE.exe
  C:\Windows\System\ZsuwpmE.exe
  2⤵
  PID:4388
- C:\Windows\System\GdFTfyW.exe
  C:\Windows\System\GdFTfyW.exe
  2⤵
  PID:4480
- C:\Windows\System\bCxHcXO.exe
  C:\Windows\System\bCxHcXO.exe
  2⤵
  PID:4504
- C:\Windows\System\JtZuFDe.exe
  C:\Windows\System\JtZuFDe.exe
  2⤵
  PID:4544
- C:\Windows\System\jaOgOiN.exe
  C:\Windows\System\jaOgOiN.exe
  2⤵
  PID:4584
- C:\Windows\System\kPpDTpd.exe
  C:\Windows\System\kPpDTpd.exe
  2⤵
  PID:4688
- C:\Windows\System\IoXzmbl.exe
  C:\Windows\System\IoXzmbl.exe
  2⤵
  PID:4720
- C:\Windows\System\PiaQoRr.exe
  C:\Windows\System\PiaQoRr.exe
  2⤵
  PID:4788
- C:\Windows\System\MicZzek.exe
  C:\Windows\System\MicZzek.exe
  2⤵
  PID:4860
- C:\Windows\System\HzrMdRj.exe
  C:\Windows\System\HzrMdRj.exe
  2⤵
  PID:4900
- C:\Windows\System\IaXUKNs.exe
  C:\Windows\System\IaXUKNs.exe
  2⤵
  PID:4968
- C:\Windows\System\WyBcOiL.exe
  C:\Windows\System\WyBcOiL.exe
  2⤵
  PID:5024
- C:\Windows\System\rDEDmnq.exe
  C:\Windows\System\rDEDmnq.exe
  2⤵
  PID:5048
- C:\Windows\System\oFXNQyE.exe
  C:\Windows\System\oFXNQyE.exe
  2⤵
  PID:1588
- C:\Windows\System\ciJPBhx.exe
  C:\Windows\System\ciJPBhx.exe
  2⤵
  PID:3240
- C:\Windows\System\BmfBPFL.exe
  C:\Windows\System\BmfBPFL.exe
  2⤵
  PID:3480
- C:\Windows\System\ESgBbIA.exe
  C:\Windows\System\ESgBbIA.exe
  2⤵
  PID:3860
- C:\Windows\System\YsRKxbk.exe
  C:\Windows\System\YsRKxbk.exe
  2⤵
  PID:3996
- C:\Windows\System\YnqsTLe.exe
  C:\Windows\System\YnqsTLe.exe
  2⤵
  PID:976
- C:\Windows\System\JKlTwAm.exe
  C:\Windows\System\JKlTwAm.exe
  2⤵
  PID:4228
- C:\Windows\System\VPwAcnK.exe
  C:\Windows\System\VPwAcnK.exe
  2⤵
  PID:4304
- C:\Windows\System\wpOndox.exe
  C:\Windows\System\wpOndox.exe
  2⤵
  PID:4380
- C:\Windows\System\tIujveF.exe
  C:\Windows\System\tIujveF.exe
  2⤵
  PID:5136
- C:\Windows\System\egtqMTX.exe
  C:\Windows\System\egtqMTX.exe
  2⤵
  PID:5156
- C:\Windows\System\gJwsaGg.exe
  C:\Windows\System\gJwsaGg.exe
  2⤵
  PID:5180
- C:\Windows\System\WabnCKp.exe
  C:\Windows\System\WabnCKp.exe
  2⤵
  PID:5200
- C:\Windows\System\WIVGilY.exe
  C:\Windows\System\WIVGilY.exe
  2⤵
  PID:5220
- C:\Windows\System\WGWLazA.exe
  C:\Windows\System\WGWLazA.exe
  2⤵
  PID:5240
- C:\Windows\System\qyGvMyH.exe
  C:\Windows\System\qyGvMyH.exe
  2⤵
  PID:5260
- C:\Windows\System\GaLdnpA.exe
  C:\Windows\System\GaLdnpA.exe
  2⤵
  PID:5280
- C:\Windows\System\qnokARJ.exe
  C:\Windows\System\qnokARJ.exe
  2⤵
  PID:5300
- C:\Windows\System\ZMmlZCd.exe
  C:\Windows\System\ZMmlZCd.exe
  2⤵
  PID:5320
- C:\Windows\System\CAmiZXm.exe
  C:\Windows\System\CAmiZXm.exe
  2⤵
  PID:5340
- C:\Windows\System\PKwkllF.exe
  C:\Windows\System\PKwkllF.exe
  2⤵
  PID:5360
- C:\Windows\System\wzxXvBQ.exe
  C:\Windows\System\wzxXvBQ.exe
  2⤵
  PID:5380
- C:\Windows\System\PhVlqGw.exe
  C:\Windows\System\PhVlqGw.exe
  2⤵
  PID:5400
- C:\Windows\System\GawZtSN.exe
  C:\Windows\System\GawZtSN.exe
  2⤵
  PID:5420
- C:\Windows\System\BOMTrVm.exe
  C:\Windows\System\BOMTrVm.exe
  2⤵
  PID:5440
- C:\Windows\System\WmlVURy.exe
  C:\Windows\System\WmlVURy.exe
  2⤵
  PID:5460
- C:\Windows\System\WkOrXTF.exe
  C:\Windows\System\WkOrXTF.exe
  2⤵
  PID:5480
- C:\Windows\System\gdVoRvn.exe
  C:\Windows\System\gdVoRvn.exe
  2⤵
  PID:5500
- C:\Windows\System\pUCQnQC.exe
  C:\Windows\System\pUCQnQC.exe
  2⤵
  PID:5520
- C:\Windows\System\WNJcGzr.exe
  C:\Windows\System\WNJcGzr.exe
  2⤵
  PID:5540
- C:\Windows\System\IlgYFMA.exe
  C:\Windows\System\IlgYFMA.exe
  2⤵
  PID:5560
- C:\Windows\System\QlAygCx.exe
  C:\Windows\System\QlAygCx.exe
  2⤵
  PID:5580
- C:\Windows\System\QCeDtvO.exe
  C:\Windows\System\QCeDtvO.exe
  2⤵
  PID:5600
- C:\Windows\System\HATcCnz.exe
  C:\Windows\System\HATcCnz.exe
  2⤵
  PID:5620
- C:\Windows\System\jEFyKSc.exe
  C:\Windows\System\jEFyKSc.exe
  2⤵
  PID:5640
- C:\Windows\System\hsFaEDf.exe
  C:\Windows\System\hsFaEDf.exe
  2⤵
  PID:5660
- C:\Windows\System\zljzmOg.exe
  C:\Windows\System\zljzmOg.exe
  2⤵
  PID:5680
- C:\Windows\System\jUuzERP.exe
  C:\Windows\System\jUuzERP.exe
  2⤵
  PID:5700
- C:\Windows\System\VkvAkhx.exe
  C:\Windows\System\VkvAkhx.exe
  2⤵
  PID:5720
- C:\Windows\System\BDVoqnM.exe
  C:\Windows\System\BDVoqnM.exe
  2⤵
  PID:5740
- C:\Windows\System\TTupeUG.exe
  C:\Windows\System\TTupeUG.exe
  2⤵
  PID:5760
- C:\Windows\System\fjgDimq.exe
  C:\Windows\System\fjgDimq.exe
  2⤵
  PID:5780
- C:\Windows\System\XQihNQM.exe
  C:\Windows\System\XQihNQM.exe
  2⤵
  PID:5800
- C:\Windows\System\cnAqZGa.exe
  C:\Windows\System\cnAqZGa.exe
  2⤵
  PID:5820
- C:\Windows\System\ELvzpRv.exe
  C:\Windows\System\ELvzpRv.exe
  2⤵
  PID:5840
- C:\Windows\System\EqQQOyb.exe
  C:\Windows\System\EqQQOyb.exe
  2⤵
  PID:5860
- C:\Windows\System\nlAAlST.exe
  C:\Windows\System\nlAAlST.exe
  2⤵
  PID:5880
- C:\Windows\System\FKhjlsF.exe
  C:\Windows\System\FKhjlsF.exe
  2⤵
  PID:5900
- C:\Windows\System\HsRvPEp.exe
  C:\Windows\System\HsRvPEp.exe
  2⤵
  PID:5920
- C:\Windows\System\gndkiax.exe
  C:\Windows\System\gndkiax.exe
  2⤵
  PID:5940
- C:\Windows\System\chmLhXo.exe
  C:\Windows\System\chmLhXo.exe
  2⤵
  PID:5960
- C:\Windows\System\UVJeVHZ.exe
  C:\Windows\System\UVJeVHZ.exe
  2⤵
  PID:5980
- C:\Windows\System\MPTUdMy.exe
  C:\Windows\System\MPTUdMy.exe
  2⤵
  PID:6000
- C:\Windows\System\YgzHyjb.exe
  C:\Windows\System\YgzHyjb.exe
  2⤵
  PID:6020
- C:\Windows\System\ySmMSXG.exe
  C:\Windows\System\ySmMSXG.exe
  2⤵
  PID:6044
- C:\Windows\System\YLSwuPr.exe
  C:\Windows\System\YLSwuPr.exe
  2⤵
  PID:6064
- C:\Windows\System\lagcgEn.exe
  C:\Windows\System\lagcgEn.exe
  2⤵
  PID:6084
- C:\Windows\System\NWVNmyN.exe
  C:\Windows\System\NWVNmyN.exe
  2⤵
  PID:6104
- C:\Windows\System\ljXLYcR.exe
  C:\Windows\System\ljXLYcR.exe
  2⤵
  PID:6124
- C:\Windows\System\grWhRPo.exe
  C:\Windows\System\grWhRPo.exe
  2⤵
  PID:4448
- C:\Windows\System\ioMxmif.exe
  C:\Windows\System\ioMxmif.exe
  2⤵
  PID:4520
- C:\Windows\System\CeRWJkd.exe
  C:\Windows\System\CeRWJkd.exe
  2⤵
  PID:4620
- C:\Windows\System\RxamZFm.exe
  C:\Windows\System\RxamZFm.exe
  2⤵
  PID:4728
- C:\Windows\System\SFQrtZr.exe
  C:\Windows\System\SFQrtZr.exe
  2⤵
  PID:4820
- C:\Windows\System\nlgPwvL.exe
  C:\Windows\System\nlgPwvL.exe
  2⤵
  PID:4940
- C:\Windows\System\ryjlbOU.exe
  C:\Windows\System\ryjlbOU.exe
  2⤵
  PID:5032
- C:\Windows\System\PpdKdfd.exe
  C:\Windows\System\PpdKdfd.exe
  2⤵
  PID:5112
- C:\Windows\System\qVKiBEQ.exe
  C:\Windows\System\qVKiBEQ.exe
  2⤵
  PID:3088
- C:\Windows\System\AJqdYEG.exe
  C:\Windows\System\AJqdYEG.exe
  2⤵
  PID:3720
- C:\Windows\System\aDNaAVa.exe
  C:\Windows\System\aDNaAVa.exe
  2⤵
  PID:4024
- C:\Windows\System\IRhHqin.exe
  C:\Windows\System\IRhHqin.exe
  2⤵
  PID:4268
- C:\Windows\System\TnomvbC.exe
  C:\Windows\System\TnomvbC.exe
  2⤵
  PID:5124
- C:\Windows\System\FupxQdF.exe
  C:\Windows\System\FupxQdF.exe
  2⤵
  PID:5144
- C:\Windows\System\onuKfqJ.exe
  C:\Windows\System\onuKfqJ.exe
  2⤵
  PID:5168
- C:\Windows\System\KtcUsOu.exe
  C:\Windows\System\KtcUsOu.exe
  2⤵
  PID:5216
- C:\Windows\System\tlWITID.exe
  C:\Windows\System\tlWITID.exe
  2⤵
  PID:5248
- C:\Windows\System\PVjGXxJ.exe
  C:\Windows\System\PVjGXxJ.exe
  2⤵
  PID:5288
- C:\Windows\System\MlLpoNj.exe
  C:\Windows\System\MlLpoNj.exe
  2⤵
  PID:5328
- C:\Windows\System\kxqIDdN.exe
  C:\Windows\System\kxqIDdN.exe
  2⤵
  PID:5348
- C:\Windows\System\azcmWoV.exe
  C:\Windows\System\azcmWoV.exe
  2⤵
  PID:5372
- C:\Windows\System\rqqTjHX.exe
  C:\Windows\System\rqqTjHX.exe
  2⤵
  PID:5416
- C:\Windows\System\pbinZTf.exe
  C:\Windows\System\pbinZTf.exe
  2⤵
  PID:5436
- C:\Windows\System\WMWljZJ.exe
  C:\Windows\System\WMWljZJ.exe
  2⤵
  PID:5496
- C:\Windows\System\tAVveJp.exe
  C:\Windows\System\tAVveJp.exe
  2⤵
  PID:5528
- C:\Windows\System\lMqXPjC.exe
  C:\Windows\System\lMqXPjC.exe
  2⤵
  PID:5548
- C:\Windows\System\ZMyRppa.exe
  C:\Windows\System\ZMyRppa.exe
  2⤵
  PID:5572
- C:\Windows\System\GMJMipn.exe
  C:\Windows\System\GMJMipn.exe
  2⤵
  PID:5616
- C:\Windows\System\iWPmBjO.exe
  C:\Windows\System\iWPmBjO.exe
  2⤵
  PID:5656
- C:\Windows\System\jWpnXyj.exe
  C:\Windows\System\jWpnXyj.exe
  2⤵
  PID:5688
- C:\Windows\System\TUAKJBo.exe
  C:\Windows\System\TUAKJBo.exe
  2⤵
  PID:5716
- C:\Windows\System\JSpBlsS.exe
  C:\Windows\System\JSpBlsS.exe
  2⤵
  PID:5748
- C:\Windows\System\XcGQzTT.exe
  C:\Windows\System\XcGQzTT.exe
  2⤵
  PID:5772
- C:\Windows\System\erSFLfl.exe
  C:\Windows\System\erSFLfl.exe
  2⤵
  PID:5816
- C:\Windows\System\dyNisbK.exe
  C:\Windows\System\dyNisbK.exe
  2⤵
  PID:5848
- C:\Windows\System\joSWGAV.exe
  C:\Windows\System\joSWGAV.exe
  2⤵
  PID:5872
- C:\Windows\System\gwqSMOh.exe
  C:\Windows\System\gwqSMOh.exe
  2⤵
  PID:5916
- C:\Windows\System\xxFGckZ.exe
  C:\Windows\System\xxFGckZ.exe
  2⤵
  PID:5948
- C:\Windows\System\kSkrsLG.exe
  C:\Windows\System\kSkrsLG.exe
  2⤵
  PID:5988
- C:\Windows\System\dKLEwEH.exe
  C:\Windows\System\dKLEwEH.exe
  2⤵
  PID:6012
- C:\Windows\System\jXrtzoH.exe
  C:\Windows\System\jXrtzoH.exe
  2⤵
  PID:6036
- C:\Windows\System\cSggycY.exe
  C:\Windows\System\cSggycY.exe
  2⤵
  PID:6100
- C:\Windows\System\QvoaZjs.exe
  C:\Windows\System\QvoaZjs.exe
  2⤵
  PID:6132
- C:\Windows\System\KolYpXK.exe
  C:\Windows\System\KolYpXK.exe
  2⤵
  PID:4588
- C:\Windows\System\iqtSRTJ.exe
  C:\Windows\System\iqtSRTJ.exe
  2⤵
  PID:4680
- C:\Windows\System\xdaKfzt.exe
  C:\Windows\System\xdaKfzt.exe
  2⤵
  PID:4828
- C:\Windows\System\FqMQGyb.exe
  C:\Windows\System\FqMQGyb.exe
  2⤵
  PID:4992
- C:\Windows\System\bxmurZF.exe
  C:\Windows\System\bxmurZF.exe
  2⤵
  PID:3280
- C:\Windows\System\ylBJFXs.exe
  C:\Windows\System\ylBJFXs.exe
  2⤵
  PID:3884
- C:\Windows\System\HgNNhqD.exe
  C:\Windows\System\HgNNhqD.exe
  2⤵
  PID:4248
- C:\Windows\System\ihoumIp.exe
  C:\Windows\System\ihoumIp.exe
  2⤵
  PID:4384
- C:\Windows\System\gQtLMpS.exe
  C:\Windows\System\gQtLMpS.exe
  2⤵
  PID:5164
- C:\Windows\System\xhVJxUG.exe
  C:\Windows\System\xhVJxUG.exe
  2⤵
  PID:5192
- C:\Windows\System\Tccxsqq.exe
  C:\Windows\System\Tccxsqq.exe
  2⤵
  PID:5268
- C:\Windows\System\FKCXaru.exe
  C:\Windows\System\FKCXaru.exe
  2⤵
  PID:5332
- C:\Windows\System\wUClTpc.exe
  C:\Windows\System\wUClTpc.exe
  2⤵
  PID:5392
- C:\Windows\System\zBQtARG.exe
  C:\Windows\System\zBQtARG.exe
  2⤵
  PID:5472
- C:\Windows\System\pdGhBvB.exe
  C:\Windows\System\pdGhBvB.exe
  2⤵
  PID:5492
- C:\Windows\System\LzAqkmp.exe
  C:\Windows\System\LzAqkmp.exe
  2⤵
  PID:5536
- C:\Windows\System\fPJTFUB.exe
  C:\Windows\System\fPJTFUB.exe
  2⤵
  PID:5648
- C:\Windows\System\YSAyCYl.exe
  C:\Windows\System\YSAyCYl.exe
  2⤵
  PID:5668
- C:\Windows\System\tzrsRbO.exe
  C:\Windows\System\tzrsRbO.exe
  2⤵
  PID:5732
- C:\Windows\System\TQwdcGc.exe
  C:\Windows\System\TQwdcGc.exe
  2⤵
  PID:5808
- C:\Windows\System\laQZEvl.exe
  C:\Windows\System\laQZEvl.exe
  2⤵
  PID:5836
- C:\Windows\System\YnBCOaX.exe
  C:\Windows\System\YnBCOaX.exe
  2⤵
  PID:5868
- C:\Windows\System\SBXHFoZ.exe
  C:\Windows\System\SBXHFoZ.exe
  2⤵
  PID:5932
- C:\Windows\System\dwKDthH.exe
  C:\Windows\System\dwKDthH.exe
  2⤵
  PID:5992
- C:\Windows\System\ftoWTid.exe
  C:\Windows\System\ftoWTid.exe
  2⤵
  PID:6092
- C:\Windows\System\yxIWHGG.exe
  C:\Windows\System\yxIWHGG.exe
  2⤵
  PID:6116
- C:\Windows\System\PPXbjzW.exe
  C:\Windows\System\PPXbjzW.exe
  2⤵
  PID:4604
- C:\Windows\System\yuKBgdz.exe
  C:\Windows\System\yuKBgdz.exe
  2⤵
  PID:4700
- C:\Windows\System\gfKFDMd.exe
  C:\Windows\System\gfKFDMd.exe
  2⤵
  PID:5064
- C:\Windows\System\IEdTBlC.exe
  C:\Windows\System\IEdTBlC.exe
  2⤵
  PID:1992
- C:\Windows\System\ZyhhtGP.exe
  C:\Windows\System\ZyhhtGP.exe
  2⤵
  PID:5176
- C:\Windows\System\qRGLtHE.exe
  C:\Windows\System\qRGLtHE.exe
  2⤵
  PID:5252
- C:\Windows\System\rTBXNij.exe
  C:\Windows\System\rTBXNij.exe
  2⤵
  PID:5316
- C:\Windows\System\vIvSTCU.exe
  C:\Windows\System\vIvSTCU.exe
  2⤵
  PID:5456
- C:\Windows\System\kojiEub.exe
  C:\Windows\System\kojiEub.exe
  2⤵
  PID:5568
- C:\Windows\System\KpCJIjU.exe
  C:\Windows\System\KpCJIjU.exe
  2⤵
  PID:6156
- C:\Windows\System\zfvAUVK.exe
  C:\Windows\System\zfvAUVK.exe
  2⤵
  PID:6176
- C:\Windows\System\pJlMPjx.exe
  C:\Windows\System\pJlMPjx.exe
  2⤵
  PID:6196
- C:\Windows\System\tIwlutI.exe
  C:\Windows\System\tIwlutI.exe
  2⤵
  PID:6216
- C:\Windows\System\jRQvBAI.exe
  C:\Windows\System\jRQvBAI.exe
  2⤵
  PID:6236
- C:\Windows\System\BHQmjNZ.exe
  C:\Windows\System\BHQmjNZ.exe
  2⤵
  PID:6256
- C:\Windows\System\YvxIBpo.exe
  C:\Windows\System\YvxIBpo.exe
  2⤵
  PID:6276
- C:\Windows\System\BNQLAUs.exe
  C:\Windows\System\BNQLAUs.exe
  2⤵
  PID:6296
- C:\Windows\System\knilAys.exe
  C:\Windows\System\knilAys.exe
  2⤵
  PID:6316
- C:\Windows\System\ZhGNmUC.exe
  C:\Windows\System\ZhGNmUC.exe
  2⤵
  PID:6336
- C:\Windows\System\ooxAWQg.exe
  C:\Windows\System\ooxAWQg.exe
  2⤵
  PID:6356
- C:\Windows\System\CulzEnP.exe
  C:\Windows\System\CulzEnP.exe
  2⤵
  PID:6376
- C:\Windows\System\DGXinjU.exe
  C:\Windows\System\DGXinjU.exe
  2⤵
  PID:6396
- C:\Windows\System\sGOPwlS.exe
  C:\Windows\System\sGOPwlS.exe
  2⤵
  PID:6416
- C:\Windows\System\NApipHh.exe
  C:\Windows\System\NApipHh.exe
  2⤵
  PID:6436
- C:\Windows\System\PDxWKHs.exe
  C:\Windows\System\PDxWKHs.exe
  2⤵
  PID:6456
- C:\Windows\System\JBoQwmx.exe
  C:\Windows\System\JBoQwmx.exe
  2⤵
  PID:6476
- C:\Windows\System\uRryKtE.exe
  C:\Windows\System\uRryKtE.exe
  2⤵
  PID:6496
- C:\Windows\System\lWnZbgC.exe
  C:\Windows\System\lWnZbgC.exe
  2⤵
  PID:6516
- C:\Windows\System\opYkxEf.exe
  C:\Windows\System\opYkxEf.exe
  2⤵
  PID:6536
- C:\Windows\System\mJUmePz.exe
  C:\Windows\System\mJUmePz.exe
  2⤵
  PID:6556
- C:\Windows\System\BzpstRx.exe
  C:\Windows\System\BzpstRx.exe
  2⤵
  PID:6576
- C:\Windows\System\FVfIlVu.exe
  C:\Windows\System\FVfIlVu.exe
  2⤵
  PID:6596
- C:\Windows\System\kBgIYwx.exe
  C:\Windows\System\kBgIYwx.exe
  2⤵
  PID:6616
- C:\Windows\System\JIODYZI.exe
  C:\Windows\System\JIODYZI.exe
  2⤵
  PID:6636
- C:\Windows\System\QWHtZZz.exe
  C:\Windows\System\QWHtZZz.exe
  2⤵
  PID:6656
- C:\Windows\System\RtmQoHX.exe
  C:\Windows\System\RtmQoHX.exe
  2⤵
  PID:6676
- C:\Windows\System\IPnKJjj.exe
  C:\Windows\System\IPnKJjj.exe
  2⤵
  PID:6696
- C:\Windows\System\DIFgXNa.exe
  C:\Windows\System\DIFgXNa.exe
  2⤵
  PID:6716
- C:\Windows\System\utRgPaq.exe
  C:\Windows\System\utRgPaq.exe
  2⤵
  PID:6736
- C:\Windows\System\FGwIxiv.exe
  C:\Windows\System\FGwIxiv.exe
  2⤵
  PID:6756
- C:\Windows\System\JwadVKx.exe
  C:\Windows\System\JwadVKx.exe
  2⤵
  PID:6776
- C:\Windows\System\nwVFkJM.exe
  C:\Windows\System\nwVFkJM.exe
  2⤵
  PID:6796
- C:\Windows\System\aoSGRGw.exe
  C:\Windows\System\aoSGRGw.exe
  2⤵
  PID:6816
- C:\Windows\System\xfbiwJO.exe
  C:\Windows\System\xfbiwJO.exe
  2⤵
  PID:6836
- C:\Windows\System\nUphvph.exe
  C:\Windows\System\nUphvph.exe
  2⤵
  PID:6856
- C:\Windows\System\OVbbOik.exe
  C:\Windows\System\OVbbOik.exe
  2⤵
  PID:6876
- C:\Windows\System\yejXcmb.exe
  C:\Windows\System\yejXcmb.exe
  2⤵
  PID:6896
- C:\Windows\System\plAmevj.exe
  C:\Windows\System\plAmevj.exe
  2⤵
  PID:6916
- C:\Windows\System\ZNuzcjP.exe
  C:\Windows\System\ZNuzcjP.exe
  2⤵
  PID:6936
- C:\Windows\System\GrUecZX.exe
  C:\Windows\System\GrUecZX.exe
  2⤵
  PID:6956
- C:\Windows\System\aEqBWcO.exe
  C:\Windows\System\aEqBWcO.exe
  2⤵
  PID:6976
- C:\Windows\System\vwFpghK.exe
  C:\Windows\System\vwFpghK.exe
  2⤵
  PID:7000
- C:\Windows\System\rWWAHzk.exe
  C:\Windows\System\rWWAHzk.exe
  2⤵
  PID:7020
- C:\Windows\System\UpYsGtY.exe
  C:\Windows\System\UpYsGtY.exe
  2⤵
  PID:7040
- C:\Windows\System\TDEXuQH.exe
  C:\Windows\System\TDEXuQH.exe
  2⤵
  PID:7060
- C:\Windows\System\tTKzjoQ.exe
  C:\Windows\System\tTKzjoQ.exe
  2⤵
  PID:7080
- C:\Windows\System\qSoCGWi.exe
  C:\Windows\System\qSoCGWi.exe
  2⤵
  PID:7100
- C:\Windows\System\sZFYcMm.exe
  C:\Windows\System\sZFYcMm.exe
  2⤵
  PID:7120
- C:\Windows\System\TLvhkea.exe
  C:\Windows\System\TLvhkea.exe
  2⤵
  PID:7140
- C:\Windows\System\xntfVSC.exe
  C:\Windows\System\xntfVSC.exe
  2⤵
  PID:7160
- C:\Windows\System\NBrmOHn.exe
  C:\Windows\System\NBrmOHn.exe
  2⤵
  PID:5676
- C:\Windows\System\HsrbRDS.exe
  C:\Windows\System\HsrbRDS.exe
  2⤵
  PID:5768
- C:\Windows\System\dIwCrYq.exe
  C:\Windows\System\dIwCrYq.exe
  2⤵
  PID:5828
- C:\Windows\System\lzzwSbl.exe
  C:\Windows\System\lzzwSbl.exe
  2⤵
  PID:5968
- C:\Windows\System\VyVKSLn.exe
  C:\Windows\System\VyVKSLn.exe
  2⤵
  PID:6040
- C:\Windows\System\xWDFnKA.exe
  C:\Windows\System\xWDFnKA.exe
  2⤵
  PID:6120
- C:\Windows\System\adqPsuq.exe
  C:\Windows\System\adqPsuq.exe
  2⤵
  PID:6136
- C:\Windows\System\uvsZvxc.exe
  C:\Windows\System\uvsZvxc.exe
  2⤵
  PID:3716
- C:\Windows\System\iOcFBiD.exe
  C:\Windows\System\iOcFBiD.exe
  2⤵
  PID:4320
- C:\Windows\System\IlLGaRq.exe
  C:\Windows\System\IlLGaRq.exe
  2⤵
  PID:5368
- C:\Windows\System\lVPwXQW.exe
  C:\Windows\System\lVPwXQW.exe
  2⤵
  PID:5452
- C:\Windows\System\FzKEuhW.exe
  C:\Windows\System\FzKEuhW.exe
  2⤵
  PID:5596
- C:\Windows\System\wwoZbPV.exe
  C:\Windows\System\wwoZbPV.exe
  2⤵
  PID:6192
- C:\Windows\System\tjIBbOG.exe
  C:\Windows\System\tjIBbOG.exe
  2⤵
  PID:6224
- C:\Windows\System\LGIborX.exe
  C:\Windows\System\LGIborX.exe
  2⤵
  PID:6248
- C:\Windows\System\aZioYIS.exe
  C:\Windows\System\aZioYIS.exe
  2⤵
  PID:6292
- C:\Windows\System\aevJcTO.exe
  C:\Windows\System\aevJcTO.exe
  2⤵
  PID:6324
- C:\Windows\System\MmELsgV.exe
  C:\Windows\System\MmELsgV.exe
  2⤵
  PID:6348
- C:\Windows\System\rxuMcjs.exe
  C:\Windows\System\rxuMcjs.exe
  2⤵
  PID:6392
- C:\Windows\System\kgGAQic.exe
  C:\Windows\System\kgGAQic.exe
  2⤵
  PID:6408
- C:\Windows\System\asNVwhe.exe
  C:\Windows\System\asNVwhe.exe
  2⤵
  PID:6448
- C:\Windows\System\knKVKPg.exe
  C:\Windows\System\knKVKPg.exe
  2⤵
  PID:6492
- C:\Windows\System\SARyhmA.exe
  C:\Windows\System\SARyhmA.exe
  2⤵
  PID:6508
- C:\Windows\System\DDiCfZB.exe
  C:\Windows\System\DDiCfZB.exe
  2⤵
  PID:6548
- C:\Windows\System\wfmTPAj.exe
  C:\Windows\System\wfmTPAj.exe
  2⤵
  PID:6568
- C:\Windows\System\XmCFuio.exe
  C:\Windows\System\XmCFuio.exe
  2⤵
  PID:6608
- C:\Windows\System\rcMXMkI.exe
  C:\Windows\System\rcMXMkI.exe
  2⤵
  PID:6664
- C:\Windows\System\ljScSzZ.exe
  C:\Windows\System\ljScSzZ.exe
  2⤵
  PID:6704
- C:\Windows\System\emowJgz.exe
  C:\Windows\System\emowJgz.exe
  2⤵
  PID:6724
- C:\Windows\System\eqVyJcJ.exe
  C:\Windows\System\eqVyJcJ.exe
  2⤵
  PID:6748
- C:\Windows\System\lWsepRA.exe
  C:\Windows\System\lWsepRA.exe
  2⤵
  PID:6792
- C:\Windows\System\MbabtDw.exe
  C:\Windows\System\MbabtDw.exe
  2⤵
  PID:6832
- C:\Windows\System\hviOBOY.exe
  C:\Windows\System\hviOBOY.exe
  2⤵
  PID:6852
- C:\Windows\System\VBeesOY.exe
  C:\Windows\System\VBeesOY.exe
  2⤵
  PID:6888
- C:\Windows\System\gCRyyVs.exe
  C:\Windows\System\gCRyyVs.exe
  2⤵
  PID:6932
- C:\Windows\System\tgXpOYc.exe
  C:\Windows\System\tgXpOYc.exe
  2⤵
  PID:6964
- C:\Windows\System\uAWgnUD.exe
  C:\Windows\System\uAWgnUD.exe
  2⤵
  PID:6992
- C:\Windows\System\XdxsugV.exe
  C:\Windows\System\XdxsugV.exe
  2⤵
  PID:7036
- C:\Windows\System\yQDBDqZ.exe
  C:\Windows\System\yQDBDqZ.exe
  2⤵
  PID:7068
- C:\Windows\System\TMDovHf.exe
  C:\Windows\System\TMDovHf.exe
  2⤵
  PID:7116
- C:\Windows\System\VjbZVAA.exe
  C:\Windows\System\VjbZVAA.exe
  2⤵
  PID:7136
- C:\Windows\System\YbRZAal.exe
  C:\Windows\System\YbRZAal.exe
  2⤵
  PID:5628
- C:\Windows\System\DlRyoKA.exe
  C:\Windows\System\DlRyoKA.exe
  2⤵
  PID:5712
- C:\Windows\System\KwVoYBm.exe
  C:\Windows\System\KwVoYBm.exe
  2⤵
  PID:5796
- C:\Windows\System\rQFgGsC.exe
  C:\Windows\System\rQFgGsC.exe
  2⤵
  PID:6008
- C:\Windows\System\KCMopcs.exe
  C:\Windows\System\KCMopcs.exe
  2⤵
  PID:3140
- C:\Windows\System\OhxczKY.exe
  C:\Windows\System\OhxczKY.exe
  2⤵
  PID:5232
- C:\Windows\System\gYivQsr.exe
  C:\Windows\System\gYivQsr.exe
  2⤵
  PID:5292
- C:\Windows\System\icmdEKn.exe
  C:\Windows\System\icmdEKn.exe
  2⤵
  PID:6148
- C:\Windows\System\xnJDSPP.exe
  C:\Windows\System\xnJDSPP.exe
  2⤵
  PID:6208
- C:\Windows\System\TIuoXpg.exe
  C:\Windows\System\TIuoXpg.exe
  2⤵
  PID:6252
- C:\Windows\System\yjyajuV.exe
  C:\Windows\System\yjyajuV.exe
  2⤵
  PID:6328
- C:\Windows\System\tTTbBje.exe
  C:\Windows\System\tTTbBje.exe
  2⤵
  PID:6404
- C:\Windows\System\IRoOJlD.exe
  C:\Windows\System\IRoOJlD.exe
  2⤵
  PID:6424
- C:\Windows\System\WuEsZac.exe
  C:\Windows\System\WuEsZac.exe
  2⤵
  PID:6468
- C:\Windows\System\eIShHOZ.exe
  C:\Windows\System\eIShHOZ.exe
  2⤵
  PID:6552
- C:\Windows\System\VXvWDCV.exe
  C:\Windows\System\VXvWDCV.exe
  2⤵
  PID:6604
- C:\Windows\System\MzDEdHo.exe
  C:\Windows\System\MzDEdHo.exe
  2⤵
  PID:6628
- C:\Windows\System\ITFsFtl.exe
  C:\Windows\System\ITFsFtl.exe
  2⤵
  PID:6668
- C:\Windows\System\JVWzXLk.exe
  C:\Windows\System\JVWzXLk.exe
  2⤵
  PID:6728
- C:\Windows\System\qaYHroU.exe
  C:\Windows\System\qaYHroU.exe
  2⤵
  PID:6812
- C:\Windows\System\eRnRGzw.exe
  C:\Windows\System\eRnRGzw.exe
  2⤵
  PID:6828
- C:\Windows\System\bxKkgMw.exe
  C:\Windows\System\bxKkgMw.exe
  2⤵
  PID:6912
- C:\Windows\System\SnCdzgn.exe
  C:\Windows\System\SnCdzgn.exe
  2⤵
  PID:7028
- C:\Windows\System\NlYxJlb.exe
  C:\Windows\System\NlYxJlb.exe
  2⤵
  PID:6996
- C:\Windows\System\nRzONcq.exe
  C:\Windows\System\nRzONcq.exe
  2⤵
  PID:7156
- C:\Windows\System\AGwfasP.exe
  C:\Windows\System\AGwfasP.exe
  2⤵
  PID:7056
- C:\Windows\System\teEYRsi.exe
  C:\Windows\System\teEYRsi.exe
  2⤵
  PID:5908
- C:\Windows\System\iXHIGXp.exe
  C:\Windows\System\iXHIGXp.exe
  2⤵
  PID:4260
- C:\Windows\System\hdYWcwl.exe
  C:\Windows\System\hdYWcwl.exe
  2⤵
  PID:5592
- C:\Windows\System\vmNMSfw.exe
  C:\Windows\System\vmNMSfw.exe
  2⤵
  PID:4908
- C:\Windows\System\VtRzTiA.exe
  C:\Windows\System\VtRzTiA.exe
  2⤵
  PID:6344
- C:\Windows\System\vyVGKYi.exe
  C:\Windows\System\vyVGKYi.exe
  2⤵
  PID:6528
- C:\Windows\System\sSzUUOq.exe
  C:\Windows\System\sSzUUOq.exe
  2⤵
  PID:5448
- C:\Windows\System\UbGWGUl.exe
  C:\Windows\System\UbGWGUl.exe
  2⤵
  PID:6312
- C:\Windows\System\NAPOuge.exe
  C:\Windows\System\NAPOuge.exe
  2⤵
  PID:6752
- C:\Windows\System\PFUPeHp.exe
  C:\Windows\System\PFUPeHp.exe
  2⤵
  PID:6452
- C:\Windows\System\PgvGpjs.exe
  C:\Windows\System\PgvGpjs.exe
  2⤵
  PID:6572
- C:\Windows\System\IAsoABO.exe
  C:\Windows\System\IAsoABO.exe
  2⤵
  PID:7108
- C:\Windows\System\aIrRoST.exe
  C:\Windows\System\aIrRoST.exe
  2⤵
  PID:6944
- C:\Windows\System\EXOxjDY.exe
  C:\Windows\System\EXOxjDY.exe
  2⤵
  PID:7016
- C:\Windows\System\QFcyyjb.exe
  C:\Windows\System\QFcyyjb.exe
  2⤵
  PID:6168
- C:\Windows\System\gCKLYuf.exe
  C:\Windows\System\gCKLYuf.exe
  2⤵
  PID:6268
- C:\Windows\System\OyNLHrt.exe
  C:\Windows\System\OyNLHrt.exe
  2⤵
  PID:7052
- C:\Windows\System\lKGLhZR.exe
  C:\Windows\System\lKGLhZR.exe
  2⤵
  PID:6744
- C:\Windows\System\TekRZiA.exe
  C:\Windows\System\TekRZiA.exe
  2⤵
  PID:6592
- C:\Windows\System\JxXfHvf.exe
  C:\Windows\System\JxXfHvf.exe
  2⤵
  PID:5952
- C:\Windows\System\jOFVnLN.exe
  C:\Windows\System\jOFVnLN.exe
  2⤵
  PID:7184
- C:\Windows\System\GQQVQAW.exe
  C:\Windows\System\GQQVQAW.exe
  2⤵
  PID:7204
- C:\Windows\System\akxrsYh.exe
  C:\Windows\System\akxrsYh.exe
  2⤵
  PID:7220
- C:\Windows\System\uaTEuXd.exe
  C:\Windows\System\uaTEuXd.exe
  2⤵
  PID:7244
- C:\Windows\System\gZixbOW.exe
  C:\Windows\System\gZixbOW.exe
  2⤵
  PID:7264
- C:\Windows\System\OHScRUT.exe
  C:\Windows\System\OHScRUT.exe
  2⤵
  PID:7280
- C:\Windows\System\ESbFQYE.exe
  C:\Windows\System\ESbFQYE.exe
  2⤵
  PID:7304
- C:\Windows\System\KZIoDVA.exe
  C:\Windows\System\KZIoDVA.exe
  2⤵
  PID:7320
- C:\Windows\System\qdBSNAF.exe
  C:\Windows\System\qdBSNAF.exe
  2⤵
  PID:7344
- C:\Windows\System\PViqLGY.exe
  C:\Windows\System\PViqLGY.exe
  2⤵
  PID:7376
- C:\Windows\System\WLETqVn.exe
  C:\Windows\System\WLETqVn.exe
  2⤵
  PID:7396
- C:\Windows\System\GZmNtpe.exe
  C:\Windows\System\GZmNtpe.exe
  2⤵
  PID:7412
- C:\Windows\System\bkGkrXf.exe
  C:\Windows\System\bkGkrXf.exe
  2⤵
  PID:7428
- C:\Windows\System\xjgLPrZ.exe
  C:\Windows\System\xjgLPrZ.exe
  2⤵
  PID:7444
- C:\Windows\System\QuRhaBd.exe
  C:\Windows\System\QuRhaBd.exe
  2⤵
  PID:7464
- C:\Windows\System\mXpztzn.exe
  C:\Windows\System\mXpztzn.exe
  2⤵
  PID:7488
- C:\Windows\System\SCIZZZd.exe
  C:\Windows\System\SCIZZZd.exe
  2⤵
  PID:7504
- C:\Windows\System\aLgMcuR.exe
  C:\Windows\System\aLgMcuR.exe
  2⤵
  PID:7528
- C:\Windows\System\zXwsZQZ.exe
  C:\Windows\System\zXwsZQZ.exe
  2⤵
  PID:7544
- C:\Windows\System\UIPAXca.exe
  C:\Windows\System\UIPAXca.exe
  2⤵
  PID:7564
- C:\Windows\System\JjaukTW.exe
  C:\Windows\System\JjaukTW.exe
  2⤵
  PID:7588
- C:\Windows\System\vPTJQCB.exe
  C:\Windows\System\vPTJQCB.exe
  2⤵
  PID:7616
- C:\Windows\System\lvrzIiC.exe
  C:\Windows\System\lvrzIiC.exe
  2⤵
  PID:7632
- C:\Windows\System\VvqFFiZ.exe
  C:\Windows\System\VvqFFiZ.exe
  2⤵
  PID:7652
- C:\Windows\System\eZGIPxy.exe
  C:\Windows\System\eZGIPxy.exe
  2⤵
  PID:7676
- C:\Windows\System\qQkZmBI.exe
  C:\Windows\System\qQkZmBI.exe
  2⤵
  PID:7692
- C:\Windows\System\GTaGmst.exe
  C:\Windows\System\GTaGmst.exe
  2⤵
  PID:7708
- C:\Windows\System\JpfhsBM.exe
  C:\Windows\System\JpfhsBM.exe
  2⤵
  PID:7732
- C:\Windows\System\VmnksFZ.exe
  C:\Windows\System\VmnksFZ.exe
  2⤵
  PID:7756
- C:\Windows\System\fPeJNTd.exe
  C:\Windows\System\fPeJNTd.exe
  2⤵
  PID:7772
- C:\Windows\System\ReoCvKq.exe
  C:\Windows\System\ReoCvKq.exe
  2⤵
  PID:7788
- C:\Windows\System\QSeukDI.exe
  C:\Windows\System\QSeukDI.exe
  2⤵
  PID:7812
- C:\Windows\System\GeZOcGr.exe
  C:\Windows\System\GeZOcGr.exe
  2⤵
  PID:7832
- C:\Windows\System\PMBiVmC.exe
  C:\Windows\System\PMBiVmC.exe
  2⤵
  PID:7852
- C:\Windows\System\CAFjTtG.exe
  C:\Windows\System\CAFjTtG.exe
  2⤵
  PID:7868
- C:\Windows\System\NSvhyDO.exe
  C:\Windows\System\NSvhyDO.exe
  2⤵
  PID:7892
- C:\Windows\System\ThGlorC.exe
  C:\Windows\System\ThGlorC.exe
  2⤵
  PID:7916
- C:\Windows\System\PnUDJOm.exe
  C:\Windows\System\PnUDJOm.exe
  2⤵
  PID:7936
- C:\Windows\System\gdhiqUN.exe
  C:\Windows\System\gdhiqUN.exe
  2⤵
  PID:7956
- C:\Windows\System\GMbxoZM.exe
  C:\Windows\System\GMbxoZM.exe
  2⤵
  PID:7976
- C:\Windows\System\OeAkKIc.exe
  C:\Windows\System\OeAkKIc.exe
  2⤵
  PID:7992
- C:\Windows\System\IwrVCoz.exe
  C:\Windows\System\IwrVCoz.exe
  2⤵
  PID:8012
- C:\Windows\System\SYFXWhH.exe
  C:\Windows\System\SYFXWhH.exe
  2⤵
  PID:8032
- C:\Windows\System\DBuAaVr.exe
  C:\Windows\System\DBuAaVr.exe
  2⤵
  PID:8048
- C:\Windows\System\MzhrgNE.exe
  C:\Windows\System\MzhrgNE.exe
  2⤵
  PID:8068
- C:\Windows\System\gVkYKKY.exe
  C:\Windows\System\gVkYKKY.exe
  2⤵
  PID:8088
- C:\Windows\System\AEPHXEp.exe
  C:\Windows\System\AEPHXEp.exe
  2⤵
  PID:8116
- C:\Windows\System\SgUMQjj.exe
  C:\Windows\System\SgUMQjj.exe
  2⤵
  PID:8140
- C:\Windows\System\LTouVUk.exe
  C:\Windows\System\LTouVUk.exe
  2⤵
  PID:8160
- C:\Windows\System\wGmLSLt.exe
  C:\Windows\System\wGmLSLt.exe
  2⤵
  PID:8180
- C:\Windows\System\qRmFJbO.exe
  C:\Windows\System\qRmFJbO.exe
  2⤵
  PID:7048
- C:\Windows\System\TVmAYxi.exe
  C:\Windows\System\TVmAYxi.exe
  2⤵
  PID:6412
- C:\Windows\System\Tqcqqyr.exe
  C:\Windows\System\Tqcqqyr.exe
  2⤵
  PID:6532
- C:\Windows\System\ZwkjWri.exe
  C:\Windows\System\ZwkjWri.exe
  2⤵
  PID:6772
- C:\Windows\System\uRDXddY.exe
  C:\Windows\System\uRDXddY.exe
  2⤵
  PID:7256
- C:\Windows\System\oPEMsjN.exe
  C:\Windows\System\oPEMsjN.exe
  2⤵
  PID:6948
- C:\Windows\System\bzVzKWG.exe
  C:\Windows\System\bzVzKWG.exe
  2⤵
  PID:6824
- C:\Windows\System\lRXSVAt.exe
  C:\Windows\System\lRXSVAt.exe
  2⤵
  PID:7332
- C:\Windows\System\uxCUolX.exe
  C:\Windows\System\uxCUolX.exe
  2⤵
  PID:5004
- C:\Windows\System\iovvazc.exe
  C:\Windows\System\iovvazc.exe
  2⤵
  PID:7388
- C:\Windows\System\zPoJmor.exe
  C:\Windows\System\zPoJmor.exe
  2⤵
  PID:7424
- C:\Windows\System\KJZfGlN.exe
  C:\Windows\System\KJZfGlN.exe
  2⤵
  PID:7236
- C:\Windows\System\vRXlTqS.exe
  C:\Windows\System\vRXlTqS.exe
  2⤵
  PID:7232
- C:\Windows\System\bwsyzBU.exe
  C:\Windows\System\bwsyzBU.exe
  2⤵
  PID:7132
- C:\Windows\System\rlYkFHV.exe
  C:\Windows\System\rlYkFHV.exe
  2⤵
  PID:7352
- C:\Windows\System\AQzyAAt.exe
  C:\Windows\System\AQzyAAt.exe
  2⤵
  PID:7368
- C:\Windows\System\rHHPPGX.exe
  C:\Windows\System\rHHPPGX.exe
  2⤵
  PID:7524
- C:\Windows\System\BIopKVm.exe
  C:\Windows\System\BIopKVm.exe
  2⤵
  PID:7576
- C:\Windows\System\VTeRvxM.exe
  C:\Windows\System\VTeRvxM.exe
  2⤵
  PID:7664
- C:\Windows\System\VqLroQE.exe
  C:\Windows\System\VqLroQE.exe
  2⤵
  PID:7436
- C:\Windows\System\yeCAliC.exe
  C:\Windows\System\yeCAliC.exe
  2⤵
  PID:7516
- C:\Windows\System\aenVNpa.exe
  C:\Windows\System\aenVNpa.exe
  2⤵
  PID:7744
- C:\Windows\System\JaelMbt.exe
  C:\Windows\System\JaelMbt.exe
  2⤵
  PID:7820
- C:\Windows\System\xmbKTkQ.exe
  C:\Windows\System\xmbKTkQ.exe
  2⤵
  PID:7824
- C:\Windows\System\xLcssHz.exe
  C:\Windows\System\xLcssHz.exe
  2⤵
  PID:7600
- C:\Windows\System\hvMlngM.exe
  C:\Windows\System\hvMlngM.exe
  2⤵
  PID:7908
- C:\Windows\System\DxZPUJU.exe
  C:\Windows\System\DxZPUJU.exe
  2⤵
  PID:7948
- C:\Windows\System\PZEpPCc.exe
  C:\Windows\System\PZEpPCc.exe
  2⤵
  PID:7716
- C:\Windows\System\iLiiksE.exe
  C:\Windows\System\iLiiksE.exe
  2⤵
  PID:8024
- C:\Windows\System\gsDcnPn.exe
  C:\Windows\System\gsDcnPn.exe
  2⤵
  PID:7768
- C:\Windows\System\MnLTcAK.exe
  C:\Windows\System\MnLTcAK.exe
  2⤵
  PID:7844
- C:\Windows\System\PKHUNiJ.exe
  C:\Windows\System\PKHUNiJ.exe
  2⤵
  PID:8064
- C:\Windows\System\swTibAO.exe
  C:\Windows\System\swTibAO.exe
  2⤵
  PID:8008
- C:\Windows\System\FwRijAj.exe
  C:\Windows\System\FwRijAj.exe
  2⤵
  PID:8108
- C:\Windows\System\bBaQEpE.exe
  C:\Windows\System\bBaQEpE.exe
  2⤵
  PID:8040
- C:\Windows\System\NKHQBAI.exe
  C:\Windows\System\NKHQBAI.exe
  2⤵
  PID:8148
- C:\Windows\System\wgQqUBY.exe
  C:\Windows\System\wgQqUBY.exe
  2⤵
  PID:5936
- C:\Windows\System\KTsYExX.exe
  C:\Windows\System\KTsYExX.exe
  2⤵
  PID:8128
- C:\Windows\System\pmjisst.exe
  C:\Windows\System\pmjisst.exe
  2⤵
  PID:7252
- C:\Windows\System\OjTvHtl.exe
  C:\Windows\System\OjTvHtl.exe
  2⤵
  PID:5208
- C:\Windows\System\gYizPoH.exe
  C:\Windows\System\gYizPoH.exe
  2⤵
  PID:6308
- C:\Windows\System\buwfrPf.exe
  C:\Windows\System\buwfrPf.exe
  2⤵
  PID:6184
- C:\Windows\System\fHHRpbO.exe
  C:\Windows\System\fHHRpbO.exe
  2⤵
  PID:5692
- C:\Windows\System\rxKiqXa.exe
  C:\Windows\System\rxKiqXa.exe
  2⤵
  PID:7292
- C:\Windows\System\zzOjIhk.exe
  C:\Windows\System\zzOjIhk.exe
  2⤵
  PID:7276
- C:\Windows\System\JbSfHUV.exe
  C:\Windows\System\JbSfHUV.exe
  2⤵
  PID:7456
- C:\Windows\System\BFNkzCw.exe
  C:\Windows\System\BFNkzCw.exe
  2⤵
  PID:7520
- C:\Windows\System\RZtSNPi.exe
  C:\Windows\System\RZtSNPi.exe
  2⤵
  PID:7628
- C:\Windows\System\meGVeXU.exe
  C:\Windows\System\meGVeXU.exe
  2⤵
  PID:7404
- C:\Windows\System\KSyyuUW.exe
  C:\Windows\System\KSyyuUW.exe
  2⤵
  PID:7360
- C:\Windows\System\zDdKNmJ.exe
  C:\Windows\System\zDdKNmJ.exe
  2⤵
  PID:7752
- C:\Windows\System\HmPRmgi.exe
  C:\Windows\System\HmPRmgi.exe
  2⤵
  PID:7688
- C:\Windows\System\iJhUkuQ.exe
  C:\Windows\System\iJhUkuQ.exe
  2⤵
  PID:7728
- C:\Windows\System\iJIBJzY.exe
  C:\Windows\System\iJIBJzY.exe
  2⤵
  PID:7808
- C:\Windows\System\rsYfDVk.exe
  C:\Windows\System\rsYfDVk.exe
  2⤵
  PID:7764
- C:\Windows\System\gXeBlwK.exe
  C:\Windows\System\gXeBlwK.exe
  2⤵
  PID:7888
- C:\Windows\System\ukbqati.exe
  C:\Windows\System\ukbqati.exe
  2⤵
  PID:8044
- C:\Windows\System\uLRCIUu.exe
  C:\Windows\System\uLRCIUu.exe
  2⤵
  PID:8188
- C:\Windows\System\JOVsrNn.exe
  C:\Windows\System\JOVsrNn.exe
  2⤵
  PID:7964
- C:\Windows\System\hOYjaBI.exe
  C:\Windows\System\hOYjaBI.exe
  2⤵
  PID:6228
- C:\Windows\System\gLfKxuI.exe
  C:\Windows\System\gLfKxuI.exe
  2⤵
  PID:2892
- C:\Windows\System\zrtKiHT.exe
  C:\Windows\System\zrtKiHT.exe
  2⤵
  PID:7216
- C:\Windows\System\SEHKqof.exe
  C:\Windows\System\SEHKqof.exe
  2⤵
  PID:2176
- C:\Windows\System\BVJGUsi.exe
  C:\Windows\System\BVJGUsi.exe
  2⤵
  PID:7092
- C:\Windows\System\mNwgLIQ.exe
  C:\Windows\System\mNwgLIQ.exe
  2⤵
  PID:7384
- C:\Windows\System\uSsPYjz.exe
  C:\Windows\System\uSsPYjz.exe
  2⤵
  PID:7192
- C:\Windows\System\cCrAiUZ.exe
  C:\Windows\System\cCrAiUZ.exe
  2⤵
  PID:7580
- C:\Windows\System\kdeulOg.exe
  C:\Windows\System\kdeulOg.exe
  2⤵
  PID:7988
- C:\Windows\System\tWdJfpQ.exe
  C:\Windows\System\tWdJfpQ.exe
  2⤵
  PID:7784
- C:\Windows\System\mzurksK.exe
  C:\Windows\System\mzurksK.exe
  2⤵
  PID:7840
- C:\Windows\System\cSNyCIB.exe
  C:\Windows\System\cSNyCIB.exe
  2⤵
  PID:7928
- C:\Windows\System\visrxTA.exe
  C:\Windows\System\visrxTA.exe
  2⤵
  PID:8000
- C:\Windows\System\CDspmkE.exe
  C:\Windows\System\CDspmkE.exe
  2⤵
  PID:8084
- C:\Windows\System\IcpnOyh.exe
  C:\Windows\System\IcpnOyh.exe
  2⤵
  PID:6284
- C:\Windows\System\ptSZlga.exe
  C:\Windows\System\ptSZlga.exe
  2⤵
  PID:7072
- C:\Windows\System\utYZXpb.exe
  C:\Windows\System\utYZXpb.exe
  2⤵
  PID:7480
- C:\Windows\System\WjjSzAY.exe
  C:\Windows\System\WjjSzAY.exe
  2⤵
  PID:3060
- C:\Windows\System\KYgsmCt.exe
  C:\Windows\System\KYgsmCt.exe
  2⤵
  PID:2896
- C:\Windows\System\CXxsRIQ.exe
  C:\Windows\System\CXxsRIQ.exe
  2⤵
  PID:7796
- C:\Windows\System\GlzVhfO.exe
  C:\Windows\System\GlzVhfO.exe
  2⤵
  PID:7364
- C:\Windows\System\GgHGlsm.exe
  C:\Windows\System\GgHGlsm.exe
  2⤵
  PID:2836
- C:\Windows\System\EdNXJEl.exe
  C:\Windows\System\EdNXJEl.exe
  2⤵
  PID:7972
- C:\Windows\System\EUUnQEf.exe
  C:\Windows\System\EUUnQEf.exe
  2⤵
  PID:7128
- C:\Windows\System\ayLponv.exe
  C:\Windows\System\ayLponv.exe
  2⤵
  PID:2088
- C:\Windows\System\UeXUIlT.exe
  C:\Windows\System\UeXUIlT.exe
  2⤵
  PID:7152
- C:\Windows\System\jYqAHUd.exe
  C:\Windows\System\jYqAHUd.exe
  2⤵
  PID:7340
- C:\Windows\System\guQMonc.exe
  C:\Windows\System\guQMonc.exe
  2⤵
  PID:7472
- C:\Windows\System\zzdDRnC.exe
  C:\Windows\System\zzdDRnC.exe
  2⤵
  PID:2788
- C:\Windows\System\TYMzrio.exe
  C:\Windows\System\TYMzrio.exe
  2⤵
  PID:2764
- C:\Windows\System\MgIVKEw.exe
  C:\Windows\System\MgIVKEw.exe
  2⤵
  PID:7260
- C:\Windows\System\lNSjJjq.exe
  C:\Windows\System\lNSjJjq.exe
  2⤵
  PID:2168
- C:\Windows\System\jErtLRl.exe
  C:\Windows\System\jErtLRl.exe
  2⤵
  PID:6672
- C:\Windows\System\zflBlND.exe
  C:\Windows\System\zflBlND.exe
  2⤵
  PID:3044
- C:\Windows\System\MKUfhzQ.exe
  C:\Windows\System\MKUfhzQ.exe
  2⤵
  PID:1968
- C:\Windows\System\DxvJGxH.exe
  C:\Windows\System\DxvJGxH.exe
  2⤵
  PID:2360
- C:\Windows\System\UdaNsMI.exe
  C:\Windows\System\UdaNsMI.exe
  2⤵
  PID:8100
- C:\Windows\System\kEhPxNh.exe
  C:\Windows\System\kEhPxNh.exe
  2⤵
  PID:1816
- C:\Windows\System\WPtFOKE.exe
  C:\Windows\System\WPtFOKE.exe
  2⤵
  PID:2940
- C:\Windows\System\CLSLQDC.exe
  C:\Windows\System\CLSLQDC.exe
  2⤵
  PID:832
- C:\Windows\System\ZQQDPyV.exe
  C:\Windows\System\ZQQDPyV.exe
  2⤵
  PID:2092
- C:\Windows\System\jMamHyi.exe
  C:\Windows\System\jMamHyi.exe
  2⤵
  PID:8200
- C:\Windows\System\BkYquEG.exe
  C:\Windows\System\BkYquEG.exe
  2⤵
  PID:8220
- C:\Windows\System\oDhpvBY.exe
  C:\Windows\System\oDhpvBY.exe
  2⤵
  PID:8240
- C:\Windows\System\CdPgiHg.exe
  C:\Windows\System\CdPgiHg.exe
  2⤵
  PID:8260
- C:\Windows\System\paFuvoC.exe
  C:\Windows\System\paFuvoC.exe
  2⤵
  PID:8304
- C:\Windows\System\lHrmAGK.exe
  C:\Windows\System\lHrmAGK.exe
  2⤵
  PID:8320
- C:\Windows\System\KyvQChA.exe
  C:\Windows\System\KyvQChA.exe
  2⤵
  PID:8336
- C:\Windows\System\OFUWfPw.exe
  C:\Windows\System\OFUWfPw.exe
  2⤵
  PID:8364
- C:\Windows\System\FbsYzaG.exe
  C:\Windows\System\FbsYzaG.exe
  2⤵
  PID:8380
- C:\Windows\System\PWiWqhX.exe
  C:\Windows\System\PWiWqhX.exe
  2⤵
  PID:8400
- C:\Windows\System\tHqecpM.exe
  C:\Windows\System\tHqecpM.exe
  2⤵
  PID:8420
- C:\Windows\System\DZRDAOJ.exe
  C:\Windows\System\DZRDAOJ.exe
  2⤵
  PID:8436
- C:\Windows\System\PurBNEc.exe
  C:\Windows\System\PurBNEc.exe
  2⤵
  PID:8456
- C:\Windows\System\zUGdnlA.exe
  C:\Windows\System\zUGdnlA.exe
  2⤵
  PID:8476
- C:\Windows\System\ZSDtCYs.exe
  C:\Windows\System\ZSDtCYs.exe
  2⤵
  PID:8496
- C:\Windows\System\dfNukZb.exe
  C:\Windows\System\dfNukZb.exe
  2⤵
  PID:8512
- C:\Windows\System\YpSqBzz.exe
  C:\Windows\System\YpSqBzz.exe
  2⤵
  PID:8528
- C:\Windows\System\xwsAVEd.exe
  C:\Windows\System\xwsAVEd.exe
  2⤵
  PID:8564
- C:\Windows\System\cfYDnwn.exe
  C:\Windows\System\cfYDnwn.exe
  2⤵
  PID:8584
- C:\Windows\System\MqjWDKE.exe
  C:\Windows\System\MqjWDKE.exe
  2⤵
  PID:8600
- C:\Windows\System\ADcxrlp.exe
  C:\Windows\System\ADcxrlp.exe
  2⤵
  PID:8620
- C:\Windows\System\pUJdxRQ.exe
  C:\Windows\System\pUJdxRQ.exe
  2⤵
  PID:8676
- C:\Windows\System\gSgIOlX.exe
  C:\Windows\System\gSgIOlX.exe
  2⤵
  PID:8728
- C:\Windows\System\MbHUKfl.exe
  C:\Windows\System\MbHUKfl.exe
  2⤵
  PID:8744
- C:\Windows\System\sBMIAdi.exe
  C:\Windows\System\sBMIAdi.exe
  2⤵
  PID:8760
- C:\Windows\System\SdWTJDI.exe
  C:\Windows\System\SdWTJDI.exe
  2⤵
  PID:8780
- C:\Windows\System\NFrOISd.exe
  C:\Windows\System\NFrOISd.exe
  2⤵
  PID:8796
- C:\Windows\System\SQJZAnf.exe
  C:\Windows\System\SQJZAnf.exe
  2⤵
  PID:8812
- C:\Windows\System\NzlKdQr.exe
  C:\Windows\System\NzlKdQr.exe
  2⤵
  PID:8852
- C:\Windows\System\CaKeWXy.exe
  C:\Windows\System\CaKeWXy.exe
  2⤵
  PID:8868
- C:\Windows\System\TkyZGtA.exe
  C:\Windows\System\TkyZGtA.exe
  2⤵
  PID:8884
- C:\Windows\System\lPQbVmX.exe
  C:\Windows\System\lPQbVmX.exe
  2⤵
  PID:8900
- C:\Windows\System\YDHLbrG.exe
  C:\Windows\System\YDHLbrG.exe
  2⤵
  PID:8916
- C:\Windows\System\OyMgJRT.exe
  C:\Windows\System\OyMgJRT.exe
  2⤵
  PID:8932
- C:\Windows\System\ZcGZELO.exe
  C:\Windows\System\ZcGZELO.exe
  2⤵
  PID:8948
- C:\Windows\System\VqTOHEz.exe
  C:\Windows\System\VqTOHEz.exe
  2⤵
  PID:8996
- C:\Windows\System\omRIpCJ.exe
  C:\Windows\System\omRIpCJ.exe
  2⤵
  PID:9012
- C:\Windows\System\KBxQkil.exe
  C:\Windows\System\KBxQkil.exe
  2⤵
  PID:9028
- C:\Windows\System\yMWbwjX.exe
  C:\Windows\System\yMWbwjX.exe
  2⤵
  PID:9044
- C:\Windows\System\TEOuEJB.exe
  C:\Windows\System\TEOuEJB.exe
  2⤵
  PID:9060
- C:\Windows\System\ypNEhgd.exe
  C:\Windows\System\ypNEhgd.exe
  2⤵
  PID:9076
- C:\Windows\System\QZssxaI.exe
  C:\Windows\System\QZssxaI.exe
  2⤵
  PID:9092
- C:\Windows\System\apahPwa.exe
  C:\Windows\System\apahPwa.exe
  2⤵
  PID:9108
- C:\Windows\System\wAoYlDe.exe
  C:\Windows\System\wAoYlDe.exe
  2⤵
  PID:9128
- C:\Windows\System\jnjjoNq.exe
  C:\Windows\System\jnjjoNq.exe
  2⤵
  PID:9148
- C:\Windows\System\gREWxYk.exe
  C:\Windows\System\gREWxYk.exe
  2⤵
  PID:9172
- C:\Windows\System\JSmMNWE.exe
  C:\Windows\System\JSmMNWE.exe
  2⤵
  PID:9192
- C:\Windows\System\hrrhMeS.exe
  C:\Windows\System\hrrhMeS.exe
  2⤵
  PID:9208
- C:\Windows\System\iRYBCeQ.exe
  C:\Windows\System\iRYBCeQ.exe
  2⤵
  PID:7644
- C:\Windows\System\vPHCajp.exe
  C:\Windows\System\vPHCajp.exe
  2⤵
  PID:2460
- C:\Windows\System\neTdLYD.exe
  C:\Windows\System\neTdLYD.exe
  2⤵
  PID:8236
- C:\Windows\System\lQoAOMk.exe
  C:\Windows\System\lQoAOMk.exe
  2⤵
  PID:8232
- C:\Windows\System\qbawhzG.exe
  C:\Windows\System\qbawhzG.exe
  2⤵
  PID:8288
- C:\Windows\System\zekOElo.exe
  C:\Windows\System\zekOElo.exe
  2⤵
  PID:2188
- C:\Windows\System\VdDzGJw.exe
  C:\Windows\System\VdDzGJw.exe
  2⤵
  PID:8248
- C:\Windows\System\VceYvHn.exe
  C:\Windows\System\VceYvHn.exe
  2⤵
  PID:8276
- C:\Windows\System\tfUAfio.exe
  C:\Windows\System\tfUAfio.exe
  2⤵
  PID:8372
- C:\Windows\System\eHhdEPa.exe
  C:\Windows\System\eHhdEPa.exe
  2⤵
  PID:8408
- C:\Windows\System\OtYTtAy.exe
  C:\Windows\System\OtYTtAy.exe
  2⤵
  PID:8312
- C:\Windows\System\FgeWFof.exe
  C:\Windows\System\FgeWFof.exe
  2⤵
  PID:8448
- C:\Windows\System\NZBebJk.exe
  C:\Windows\System\NZBebJk.exe
  2⤵
  PID:1788
- C:\Windows\System\YtCBgRX.exe
  C:\Windows\System\YtCBgRX.exe
  2⤵
  PID:8388
- C:\Windows\System\sgUyQwS.exe
  C:\Windows\System\sgUyQwS.exe
  2⤵
  PID:8464
- C:\Windows\System\wzPAFqS.exe
  C:\Windows\System\wzPAFqS.exe
  2⤵
  PID:8508
- C:\Windows\System\WxsnAwu.exe
  C:\Windows\System\WxsnAwu.exe
  2⤵
  PID:8540
- C:\Windows\System\KPDPRHa.exe
  C:\Windows\System\KPDPRHa.exe
  2⤵
  PID:8608
- C:\Windows\System\DLkRETZ.exe
  C:\Windows\System\DLkRETZ.exe
  2⤵
  PID:1088
- C:\Windows\System\GsoHHea.exe
  C:\Windows\System\GsoHHea.exe
  2⤵
  PID:8596
- C:\Windows\System\AbIdQoS.exe
  C:\Windows\System\AbIdQoS.exe
  2⤵
  PID:8652
- C:\Windows\System\fjHpzzD.exe
  C:\Windows\System\fjHpzzD.exe
  2⤵
  PID:8664
- C:\Windows\System\AqdivWT.exe
  C:\Windows\System\AqdivWT.exe
  2⤵
  PID:8696
- C:\Windows\System\OqBVoWH.exe
  C:\Windows\System\OqBVoWH.exe
  2⤵
  PID:8720
- C:\Windows\System\jToGglW.exe
  C:\Windows\System\jToGglW.exe
  2⤵
  PID:8756
- C:\Windows\System\MudgyCu.exe
  C:\Windows\System\MudgyCu.exe
  2⤵
  PID:8972
- C:\Windows\System\FNVhHxU.exe
  C:\Windows\System\FNVhHxU.exe
  2⤵
  PID:8992
- C:\Windows\System\xgnIQfX.exe
  C:\Windows\System\xgnIQfX.exe
  2⤵
  PID:9052
- C:\Windows\System\sHmEMFh.exe
  C:\Windows\System\sHmEMFh.exe
  2⤵
  PID:9068
- C:\Windows\System\BfLQjBT.exe
  C:\Windows\System\BfLQjBT.exe
  2⤵
  PID:9180
- C:\Windows\System\BbkPjCt.exe
  C:\Windows\System\BbkPjCt.exe
  2⤵
  PID:7180
- C:\Windows\System\RiyGWGt.exe
  C:\Windows\System\RiyGWGt.exe
  2⤵
  PID:2752
- C:\Windows\System\OQBhbAl.exe
  C:\Windows\System\OQBhbAl.exe
  2⤵
  PID:1960
- C:\Windows\System\BRjVKJY.exe
  C:\Windows\System\BRjVKJY.exe
  2⤵
  PID:1380
- C:\Windows\System\OpacdAp.exe
  C:\Windows\System\OpacdAp.exe
  2⤵
  PID:9168
- C:\Windows\System\MgsMqKZ.exe
  C:\Windows\System\MgsMqKZ.exe
  2⤵
  PID:8344
- C:\Windows\System\NmZuvtm.exe
  C:\Windows\System\NmZuvtm.exe
  2⤵
  PID:9156
- C:\Windows\System\YtyokwN.exe
  C:\Windows\System\YtyokwN.exe
  2⤵
  PID:8296
- C:\Windows\System\KIrHBAd.exe
  C:\Windows\System\KIrHBAd.exe
  2⤵
  PID:8428
- C:\Windows\System\RXJIqBr.exe
  C:\Windows\System\RXJIqBr.exe
  2⤵
  PID:8292
- C:\Windows\System\MTqMqOn.exe
  C:\Windows\System\MTqMqOn.exe
  2⤵
  PID:8348
- C:\Windows\System\XYNWfSb.exe
  C:\Windows\System\XYNWfSb.exe
  2⤵
  PID:8572
- C:\Windows\System\cyhztOS.exe
  C:\Windows\System\cyhztOS.exe
  2⤵
  PID:8716
- C:\Windows\System\zSGUuLf.exe
  C:\Windows\System\zSGUuLf.exe
  2⤵
  PID:8592
- C:\Windows\System\JDpzTAf.exe
  C:\Windows\System\JDpzTAf.exe
  2⤵
  PID:8752
- C:\Windows\System\JrJqCVV.exe
  C:\Windows\System\JrJqCVV.exe
  2⤵
  PID:8848
- C:\Windows\System\rDYNqyg.exe
  C:\Windows\System\rDYNqyg.exe
  2⤵
  PID:8792
- C:\Windows\System\VXdchwT.exe
  C:\Windows\System\VXdchwT.exe
  2⤵
  PID:8864
- C:\Windows\System\fXmChOw.exe
  C:\Windows\System\fXmChOw.exe
  2⤵
  PID:8924
- C:\Windows\System\hWBQqyy.exe
  C:\Windows\System\hWBQqyy.exe
  2⤵
  PID:8912
- C:\Windows\System\yqYZUEv.exe
  C:\Windows\System\yqYZUEv.exe
  2⤵
  PID:8960
- C:\Windows\System\nGjwrGN.exe
  C:\Windows\System\nGjwrGN.exe
  2⤵
  PID:8484
- C:\Windows\System\AsVFMfc.exe
  C:\Windows\System\AsVFMfc.exe
  2⤵
  PID:8984
- C:\Windows\System\klxpwkU.exe
  C:\Windows\System\klxpwkU.exe
  2⤵
  PID:9084
- C:\Windows\System\VdbRvzg.exe
  C:\Windows\System\VdbRvzg.exe
  2⤵
  PID:9040
- C:\Windows\System\DjnOtzB.exe
  C:\Windows\System\DjnOtzB.exe
  2⤵
  PID:9188
- C:\Windows\System\SrDHJhN.exe
  C:\Windows\System\SrDHJhN.exe
  2⤵
  PID:8216
- C:\Windows\System\sZeLwjX.exe
  C:\Windows\System\sZeLwjX.exe
  2⤵
  PID:9120
- C:\Windows\System\SjFiHID.exe
  C:\Windows\System\SjFiHID.exe
  2⤵
  PID:2220
- C:\Windows\System\WISPGQm.exe
  C:\Windows\System\WISPGQm.exe
  2⤵
  PID:7356
- C:\Windows\System\mjHcjhL.exe
  C:\Windows\System\mjHcjhL.exe
  2⤵
  PID:8632
- C:\Windows\System\PBnRUDV.exe
  C:\Windows\System\PBnRUDV.exe
  2⤵
  PID:8828
- C:\Windows\System\ZpazrQp.exe
  C:\Windows\System\ZpazrQp.exe
  2⤵
  PID:8212
- C:\Windows\System\GjhEQtX.exe
  C:\Windows\System\GjhEQtX.exe
  2⤵
  PID:8668
- C:\Windows\System\gkHaOZk.exe
  C:\Windows\System\gkHaOZk.exe
  2⤵
  PID:8896
- C:\Windows\System\ERgGhRy.exe
  C:\Windows\System\ERgGhRy.exe
  2⤵
  PID:9100
- C:\Windows\System\jiryYUJ.exe
  C:\Windows\System\jiryYUJ.exe
  2⤵
  PID:8840
- C:\Windows\System\HgMSpPV.exe
  C:\Windows\System\HgMSpPV.exe
  2⤵
  PID:8944
- C:\Windows\System\EQQpQpR.exe
  C:\Windows\System\EQQpQpR.exe
  2⤵
  PID:8228
- C:\Windows\System\qPeAUdX.exe
  C:\Windows\System\qPeAUdX.exe
  2⤵
  PID:8684
- C:\Windows\System\zgLBUSQ.exe
  C:\Windows\System\zgLBUSQ.exe
  2⤵
  PID:8268
- C:\Windows\System\JPgJfhC.exe
  C:\Windows\System\JPgJfhC.exe
  2⤵
  PID:8488
- C:\Windows\System\bLtHYSR.exe
  C:\Windows\System\bLtHYSR.exe
  2⤵
  PID:9116
- C:\Windows\System\ywsOqKN.exe
  C:\Windows\System\ywsOqKN.exe
  2⤵
  PID:8284
- C:\Windows\System\FiSeXEN.exe
  C:\Windows\System\FiSeXEN.exe
  2⤵
  PID:9004
- C:\Windows\System\jGoLEtk.exe
  C:\Windows\System\jGoLEtk.exe
  2⤵
  PID:8980
- C:\Windows\System\lXNkhAJ.exe
  C:\Windows\System\lXNkhAJ.exe
  2⤵
  PID:8928
- C:\Windows\System\VfohPhZ.exe
  C:\Windows\System\VfohPhZ.exe
  2⤵
  PID:2620
- C:\Windows\System\sSBvktr.exe
  C:\Windows\System\sSBvktr.exe
  2⤵
  PID:9220
- C:\Windows\System\MQBzLbt.exe
  C:\Windows\System\MQBzLbt.exe
  2⤵
  PID:9236
- C:\Windows\System\tcMpIAd.exe
  C:\Windows\System\tcMpIAd.exe
  2⤵
  PID:9252
- C:\Windows\System\hMpiLlE.exe
  C:\Windows\System\hMpiLlE.exe
  2⤵
  PID:9316
- C:\Windows\System\ruxJouF.exe
  C:\Windows\System\ruxJouF.exe
  2⤵
  PID:9332
- C:\Windows\System\iGzymPk.exe
  C:\Windows\System\iGzymPk.exe
  2⤵
  PID:9348
- C:\Windows\System\ltZZoTc.exe
  C:\Windows\System\ltZZoTc.exe
  2⤵
  PID:9368
- C:\Windows\System\BjgIwiU.exe
  C:\Windows\System\BjgIwiU.exe
  2⤵
  PID:9384
- C:\Windows\System\ggzjlwb.exe
  C:\Windows\System\ggzjlwb.exe
  2⤵
  PID:9400
- C:\Windows\System\tkiuCpH.exe
  C:\Windows\System\tkiuCpH.exe
  2⤵
  PID:9416
- C:\Windows\System\dyhdzBm.exe
  C:\Windows\System\dyhdzBm.exe
  2⤵
  PID:9432
- C:\Windows\System\PBbcxKf.exe
  C:\Windows\System\PBbcxKf.exe
  2⤵
  PID:9448
- C:\Windows\System\BuwMYCW.exe
  C:\Windows\System\BuwMYCW.exe
  2⤵
  PID:9464
- C:\Windows\System\gviCjik.exe
  C:\Windows\System\gviCjik.exe
  2⤵
  PID:9480
- C:\Windows\System\mWNWPSz.exe
  C:\Windows\System\mWNWPSz.exe
  2⤵
  PID:9496
- C:\Windows\System\qhpjNGc.exe
  C:\Windows\System\qhpjNGc.exe
  2⤵
  PID:9516
- C:\Windows\System\IxMwgsf.exe
  C:\Windows\System\IxMwgsf.exe
  2⤵
  PID:9532
- C:\Windows\System\HmyQIDs.exe
  C:\Windows\System\HmyQIDs.exe
  2⤵
  PID:9548
- C:\Windows\System\IrEpIcL.exe
  C:\Windows\System\IrEpIcL.exe
  2⤵
  PID:9564
- C:\Windows\System\kXFFHdg.exe
  C:\Windows\System\kXFFHdg.exe
  2⤵
  PID:9640
- C:\Windows\System\zOcRkuy.exe
  C:\Windows\System\zOcRkuy.exe
  2⤵
  PID:9656
- C:\Windows\System\IOzegPq.exe
  C:\Windows\System\IOzegPq.exe
  2⤵
  PID:9672
- C:\Windows\System\wcIpwAg.exe
  C:\Windows\System\wcIpwAg.exe
  2⤵
  PID:9692
- C:\Windows\System\vGIgMgF.exe
  C:\Windows\System\vGIgMgF.exe
  2⤵
  PID:9708
- C:\Windows\System\dPkMRjv.exe
  C:\Windows\System\dPkMRjv.exe
  2⤵
  PID:9724
- C:\Windows\System\EEuPWbX.exe
  C:\Windows\System\EEuPWbX.exe
  2⤵
  PID:9740
- C:\Windows\System\IklXJsr.exe
  C:\Windows\System\IklXJsr.exe
  2⤵
  PID:9756
- C:\Windows\System\SQwMGlX.exe
  C:\Windows\System\SQwMGlX.exe
  2⤵
  PID:9772
- C:\Windows\System\XWjlQDf.exe
  C:\Windows\System\XWjlQDf.exe
  2⤵
  PID:9788
- C:\Windows\System\BAoMahi.exe
  C:\Windows\System\BAoMahi.exe
  2⤵
  PID:9808
- C:\Windows\System\kwROlHU.exe
  C:\Windows\System\kwROlHU.exe
  2⤵
  PID:9824
- C:\Windows\System\xjODJZn.exe
  C:\Windows\System\xjODJZn.exe
  2⤵
  PID:9840
- C:\Windows\System\CQBgmTe.exe
  C:\Windows\System\CQBgmTe.exe
  2⤵
  PID:9856
- C:\Windows\System\ztQSdzE.exe
  C:\Windows\System\ztQSdzE.exe
  2⤵
  PID:9872
- C:\Windows\System\DiTqNTJ.exe
  C:\Windows\System\DiTqNTJ.exe
  2⤵
  PID:9888
- C:\Windows\System\VbtfeqG.exe
  C:\Windows\System\VbtfeqG.exe
  2⤵
  PID:9904
- C:\Windows\System\cYzliOv.exe
  C:\Windows\System\cYzliOv.exe
  2⤵
  PID:9920
- C:\Windows\System\KaEUROa.exe
  C:\Windows\System\KaEUROa.exe
  2⤵
  PID:9936
- C:\Windows\System\yyQlqgZ.exe
  C:\Windows\System\yyQlqgZ.exe
  2⤵
  PID:10024
- C:\Windows\System\OJerfku.exe
  C:\Windows\System\OJerfku.exe
  2⤵
  PID:10040
- C:\Windows\System\xMaNHSL.exe
  C:\Windows\System\xMaNHSL.exe
  2⤵
  PID:10064
- C:\Windows\System\QJDYSWu.exe
  C:\Windows\System\QJDYSWu.exe
  2⤵
  PID:10080
- C:\Windows\System\OcyOnUQ.exe
  C:\Windows\System\OcyOnUQ.exe
  2⤵
  PID:10096
- C:\Windows\System\VGYpEbk.exe
  C:\Windows\System\VGYpEbk.exe
  2⤵
  PID:10112
- C:\Windows\System\SgZDyvr.exe
  C:\Windows\System\SgZDyvr.exe
  2⤵
  PID:10148
- C:\Windows\System\dbyEWcl.exe
  C:\Windows\System\dbyEWcl.exe
  2⤵
  PID:10164
- C:\Windows\System\XEtaeOa.exe
  C:\Windows\System\XEtaeOa.exe
  2⤵
  PID:10184
- C:\Windows\System\TZEZBXW.exe
  C:\Windows\System\TZEZBXW.exe
  2⤵
  PID:10200
- C:\Windows\System\yOGegiM.exe
  C:\Windows\System\yOGegiM.exe
  2⤵
  PID:10220
- C:\Windows\System\ZMnCkrI.exe
  C:\Windows\System\ZMnCkrI.exe
  2⤵
  PID:8776
- C:\Windows\System\GzDUPNW.exe
  C:\Windows\System\GzDUPNW.exe
  2⤵
  PID:8256
- C:\Windows\System\gXwKXfA.exe
  C:\Windows\System\gXwKXfA.exe
  2⤵
  PID:9244
- C:\Windows\System\mpJnfVB.exe
  C:\Windows\System\mpJnfVB.exe
  2⤵
  PID:9056
- C:\Windows\System\JvVkprx.exe
  C:\Windows\System\JvVkprx.exe
  2⤵
  PID:9264
- C:\Windows\System\QGdQPCW.exe
  C:\Windows\System\QGdQPCW.exe
  2⤵
  PID:9280
- C:\Windows\System\aXBGyRt.exe
  C:\Windows\System\aXBGyRt.exe
  2⤵
  PID:8712
- C:\Windows\System\IMClZfp.exe
  C:\Windows\System\IMClZfp.exe
  2⤵
  PID:9328
- C:\Windows\System\fTAJvGO.exe
  C:\Windows\System\fTAJvGO.exe
  2⤵
  PID:9392
- C:\Windows\System\JuLcLTV.exe
  C:\Windows\System\JuLcLTV.exe
  2⤵
  PID:9424
- C:\Windows\System\EIeBFcp.exe
  C:\Windows\System\EIeBFcp.exe
  2⤵
  PID:9504
- C:\Windows\System\oWVWfeD.exe
  C:\Windows\System\oWVWfeD.exe
  2⤵
  PID:9544
- C:\Windows\System\QwbqJTl.exe
  C:\Windows\System\QwbqJTl.exe
  2⤵
  PID:9460
- C:\Windows\System\zDIEnsf.exe
  C:\Windows\System\zDIEnsf.exe
  2⤵
  PID:9576
- C:\Windows\System\DBnOwQb.exe
  C:\Windows\System\DBnOwQb.exe
  2⤵
  PID:9592
- C:\Windows\System\uVWvYhV.exe
  C:\Windows\System\uVWvYhV.exe
  2⤵
  PID:9616
- C:\Windows\System\bCXZNjh.exe
  C:\Windows\System\bCXZNjh.exe
  2⤵
  PID:9628
- C:\Windows\System\skGnBOk.exe
  C:\Windows\System\skGnBOk.exe
  2⤵
  PID:9664
- C:\Windows\System\bSLISrq.exe
  C:\Windows\System\bSLISrq.exe
  2⤵
  PID:9716
- C:\Windows\System\imqOpcV.exe
  C:\Windows\System\imqOpcV.exe
  2⤵
  PID:9784
- C:\Windows\System\uvWGMWc.exe
  C:\Windows\System\uvWGMWc.exe
  2⤵
  PID:9832
- C:\Windows\System\lIWBleK.exe
  C:\Windows\System\lIWBleK.exe
  2⤵
  PID:9912
- C:\Windows\System\kKqdgmL.exe
  C:\Windows\System\kKqdgmL.exe
  2⤵
  PID:9896
- C:\Windows\System\msPCqwE.exe
  C:\Windows\System\msPCqwE.exe
  2⤵
  PID:9916
- C:\Windows\System\CNByHfk.exe
  C:\Windows\System\CNByHfk.exe
  2⤵
  PID:9960
- C:\Windows\System\XVbFBGU.exe
  C:\Windows\System\XVbFBGU.exe
  2⤵
  PID:9980
- C:\Windows\System\cMonlxc.exe
  C:\Windows\System\cMonlxc.exe
  2⤵
  PID:9996
- C:\Windows\System\lPkwEOo.exe
  C:\Windows\System\lPkwEOo.exe
  2⤵
  PID:10076
- C:\Windows\System\yOqgMus.exe
  C:\Windows\System\yOqgMus.exe
  2⤵
  PID:10088
- C:\Windows\System\mCvuyCa.exe
  C:\Windows\System\mCvuyCa.exe
  2⤵
  PID:10104
- C:\Windows\System\oTtjNtA.exe
  C:\Windows\System\oTtjNtA.exe
  2⤵
  PID:10160
- C:\Windows\System\oJkAaWn.exe
  C:\Windows\System\oJkAaWn.exe
  2⤵
  PID:10232
- C:\Windows\System\bAltmTo.exe
  C:\Windows\System\bAltmTo.exe
  2⤵
  PID:10128
- C:\Windows\System\eBgBbNf.exe
  C:\Windows\System\eBgBbNf.exe
  2⤵
  PID:10208
- C:\Windows\System\lnnMfxo.exe
  C:\Windows\System\lnnMfxo.exe
  2⤵
  PID:8504
- C:\Windows\System\gvsfWmG.exe
  C:\Windows\System\gvsfWmG.exe
  2⤵
  PID:9260
- C:\Windows\System\twHFkGp.exe
  C:\Windows\System\twHFkGp.exe
  2⤵
  PID:9248
- C:\Windows\System\cPeHFfH.exe
  C:\Windows\System\cPeHFfH.exe
  2⤵
  PID:9296
- C:\Windows\System\imsxftB.exe
  C:\Windows\System\imsxftB.exe
  2⤵
  PID:9376
- C:\Windows\System\rUdsRGb.exe
  C:\Windows\System\rUdsRGb.exe
  2⤵
  PID:9276
- C:\Windows\System\JbSATIz.exe
  C:\Windows\System\JbSATIz.exe
  2⤵
  PID:9440
- C:\Windows\System\kJlwzET.exe
  C:\Windows\System\kJlwzET.exe
  2⤵
  PID:992
- C:\Windows\System\EOiVYkf.exe
  C:\Windows\System\EOiVYkf.exe
  2⤵
  PID:9540
- C:\Windows\System\SurrhVy.exe
  C:\Windows\System\SurrhVy.exe
  2⤵
  PID:9524
- C:\Windows\System\GSnNRIQ.exe
  C:\Windows\System\GSnNRIQ.exe
  2⤵
  PID:9700
- C:\Windows\System\JvzsPSj.exe
  C:\Windows\System\JvzsPSj.exe
  2⤵
  PID:9588
- C:\Windows\System\MWsQRWg.exe
  C:\Windows\System\MWsQRWg.exe
  2⤵
  PID:9684
- C:\Windows\System\vWxFeQk.exe
  C:\Windows\System\vWxFeQk.exe
  2⤵
  PID:9748
- C:\Windows\System\KcngxJf.exe
  C:\Windows\System\KcngxJf.exe
  2⤵
  PID:9764
- C:\Windows\System\ulxebhl.exe
  C:\Windows\System\ulxebhl.exe
  2⤵
  PID:9800
- C:\Windows\System\HGUonqH.exe
  C:\Windows\System\HGUonqH.exe
  2⤵
  PID:9848
- C:\Windows\System\dFnynyC.exe
  C:\Windows\System\dFnynyC.exe
  2⤵
  PID:9956
- C:\Windows\System\IGCYmDi.exe
  C:\Windows\System\IGCYmDi.exe
  2⤵
  PID:9992
- C:\Windows\System\enqcdVe.exe
  C:\Windows\System\enqcdVe.exe
  2⤵
  PID:10004
- C:\Windows\System\lMJOzJz.exe
  C:\Windows\System\lMJOzJz.exe
  2⤵
  PID:10008
- C:\Windows\System\RwwznYH.exe
  C:\Windows\System\RwwznYH.exe
  2⤵
  PID:9444
- C:\Windows\System\YIqhAgo.exe
  C:\Windows\System\YIqhAgo.exe
  2⤵
  PID:9688
- C:\Windows\System\eBfaEYC.exe
  C:\Windows\System\eBfaEYC.exe
  2⤵
  PID:9868
- C:\Windows\System\tQMNMuy.exe
  C:\Windows\System\tQMNMuy.exe
  2⤵
  PID:10124
- C:\Windows\System\mlSSSvq.exe
  C:\Windows\System\mlSSSvq.exe
  2⤵
  PID:10140
- C:\Windows\System\klCMQQn.exe
  C:\Windows\System\klCMQQn.exe
  2⤵
  PID:10176
- C:\Windows\System\mwOEdCa.exe
  C:\Windows\System\mwOEdCa.exe
  2⤵
  PID:9608
- C:\Windows\System\KtOGksi.exe
  C:\Windows\System\KtOGksi.exe
  2⤵
  PID:9312
- C:\Windows\System\SRduZXI.exe
  C:\Windows\System\SRduZXI.exe
  2⤵
  PID:10260
- C:\Windows\System\qmcKQBP.exe
  C:\Windows\System\qmcKQBP.exe
  2⤵
  PID:10284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BycPNCm.exe

Filesize
6.0MB

MD5
a1b71179d652a8e076fac2d69d4d42d4

SHA1
26f36c3d3b456a46b27b04288e2f303398d6eb7c

SHA256
b6662a21a0f247f0cc3783394c71e723747f971ab0ca16c46e05cb68ae8bcbf4

SHA512
56ea408387b7b4ee5a1bd6db15172da78d04765326c71d724d43cd14b1514972368ab28b7b2cf59dcbef1146c74f646ebccee6dc43c4c848225d5f35b00f37ae

Download Submit
C:\Windows\system\FIwQTrQ.exe

Filesize
6.0MB

MD5
3dd0184c28cb1334655fbe0705c131ef

SHA1
298f0282687bddce80c0091e1b3be05219e41d26

SHA256
3412937e2f8d7d670d3d5a486d22c69e13e822ab6b5151f14717052ffcdceb8f

SHA512
aa106c6f8fc40536f90e4bcffcb18c2721166374076200dc2c383f48ecec506224672efbb074217aaaf9c4d87b4bfb6dcb5bf2c7396faa87f2b3251d8f33b573

Download Submit
C:\Windows\system\HUcrZid.exe

Filesize
6.0MB

MD5
b07a4acebe8e94562712b6cbdd3ac21c

SHA1
4deae73cdc43a6333ea0942bd4446313fdc55bb6

SHA256
c59e78923ab3b9cfc12042f24e488c9b47e3c0e76c08ec961c583b455af25e2b

SHA512
5dfc901b3c7bbd77cc04f8258d087ded19bce7dc0317c93e466b0e1c9b3fc6c6805f586ab61c38c004cbb0dd0b54b7b208e6878c2934ac2c65dea03ce17aff02

Download Submit
C:\Windows\system\HVHxFkC.exe

Filesize
6.0MB

MD5
c4078482dc70002fc240d459619935b8

SHA1
d86cbbab223699651f7b45292d96397fcb1ce61d

SHA256
32773728a70a716f6695aa28f6777ec561532d2c67b7d3b5524006eacbeb18a2

SHA512
6e472fe7e426f42409b28ec166495e9994425e65f4918e07d7acc4affab729db0cbde20f91a33c2f208cb1dda0bf697d18e943fa673aecfd3d4b1692d61cac0e

Download Submit
C:\Windows\system\KFkDSrJ.exe

Filesize
6.0MB

MD5
eeb802c62081bd9c463474ea3920f1a7

SHA1
0cb6431472880f7542ed95bd0830b704bbe4d517

SHA256
52380466c9debc937f207cae1efdce3c1cde3702affad2db969c6a97d255c404

SHA512
79b3ef0bf8ffbded569625a3259e89f427cdf83148f115806933f26465580c2bac0788f22f724a6a0f128436914bd6429c4458e19c8d84be8633bb1dacf0e927

Download Submit
C:\Windows\system\MVHRQrf.exe

Filesize
6.0MB

MD5
7aa2526783bba25008edc328c253ea0d

SHA1
5d5e9c02a701fc9bb088d425561c4eb9f1521080

SHA256
dfb5aec5b7c44dc25ae2eb1d48cc413e699ea48c6d3fbed27c0d073555c5c186

SHA512
d0feac1892465989e25cbafe995952f66fd3441878b0b1b5473bed880607c1c2edadcf656a9c493175c716e5395fa2eed3eb7638ab6e19e3b4bd6ee5bf241e53

Download Submit
C:\Windows\system\MukTQMD.exe

Filesize
6.0MB

MD5
ae0f0770039653314288521b7d8c0e6d

SHA1
095acb4613fa227873fcd3d20a6e7f52ca2e7afc

SHA256
b1d1cc6e2fda811f68970cd5f23a4976ea59c81db38bc8ad6f56ad2529abd32b

SHA512
60a56b66167a1c55eadb386966c70116d1d63e648b3dc4ba92d83cc824ecad57326838e19dba9837c4bb4902b220234ccd4d290ceb69267ef4fb4bcc99316a19

Download Submit
C:\Windows\system\PAPbnFn.exe

Filesize
6.0MB

MD5
00e6843f94b4178c9c00db1f2badf548

SHA1
a032507af8f39e411165553442e2c0cef3bfce09

SHA256
b0b17fca304c93c075db7bcd23f822de0f7e9d7d92013739a4e26090ba67dc46

SHA512
f801f9e9012196bcca69dbcdcd20ffdd5c0da0a41ce90491f0999fad116c09e425ad1e6f41ffee0ee1d558efd7028b6b6656d54a5821b8190c57591065743e49

Download Submit
C:\Windows\system\PXrNoDi.exe

Filesize
6.0MB

MD5
fdef0bc451d910420d4587394d7b1d39

SHA1
205816954d9b88db54ca019e9346e115fb03ecad

SHA256
73a50d03f1e81c883799d615d0163bb9558a6c525039190d4ff6999505946da3

SHA512
359d7fe50d479d20b5b02c5857c650f1dc4d9f2776b0b5e876fd3dc7e63eec4e3e2195596385787128a4bd1f2e65426486b2c11b2d7e0159120462104f96191c

Download Submit
C:\Windows\system\RajGFWz.exe

Filesize
6.0MB

MD5
b14eaac7b94bacef9331af00796f8d35

SHA1
900404338bbd684f334887f5e9ad9bd657542281

SHA256
333a768542b9096fe901ca59432a76e1ed588ae87a8ce597d755a0c5bca50bad

SHA512
e3612ef6aa9046f376290f12e5740537e98f0e6ca73fb75b42eee94bab493af3e4832e769104ba0d8f9792a74053f6d7927c8871b6456bbe2fd9ed8eee336622

Download Submit
C:\Windows\system\UnRwypt.exe

Filesize
6.0MB

MD5
57ea1b56972e516eaf97ab4bc30e2027

SHA1
f394d4b36a3ec0744ce83d3ea034f3fad79ea784

SHA256
ba1b97d25555186d10592e5cd8e92d21bf03074373586bcc3052052de21cf5ac

SHA512
5d106086b122d4bbb1f6efadea12d72af9a8562e50e21d0451c9d65d1d53d70ba4d5518035a0bc67287387c5ca8db27b6713d6c47b018d33f24e33bb3d391cde

Download Submit
C:\Windows\system\YQgzZjT.exe

Filesize
6.0MB

MD5
0af90a9e592e3b6afae441735ae01c1a

SHA1
0e14e0cf813698a9b5cada464e8e92accd9a5abe

SHA256
e5e4155fe3d2f26deb012ace5e0d1fe7fcfe38f42ec5e2199ef3c0392af3cd9c

SHA512
68a6782f5bc623a584d0329a4f1be75e4dcb5deb33792c83a4ac13d8a47f3cce0c95feb3ac7eaf5da2c30c0fe011d71f0938040cc4cae72598df2737be9ce9d4

Download Submit
C:\Windows\system\durCcjp.exe

Filesize
6.0MB

MD5
6f48adaf518f87efe2affa3e2fed2085

SHA1
1f0f5d7df97f40b1785ccba10c426a753941feae

SHA256
23f4fb74a04e02e6fd8b10890722dea474165c80700c49864ec5f7e3df200ce0

SHA512
fbd20e017de56e4d33efc6b670c0ad8d113f3ba90fd85d8ddf9bd1e92f605c90b0af808cc7f4323948cd60119366816f0750b05c82a57714750ae05b36f31bc3

Download Submit
C:\Windows\system\hHHWrtG.exe

Filesize
6.0MB

MD5
f5b3ab6eb39cfd50cc615480ea5c2de5

SHA1
b575551c86c9bcc4081dafd7e43e66f284ddc32a

SHA256
484ed126fe8b7065dd2b22737ce5e9a90c6119090292fb0344e4e14d8c636df0

SHA512
65323824f219d4afb745070bf16cbdac6ec7d2775bdef184d2606c1aee8308d01eb8421b0106bc254b141dac5b6b91a2be72e636c2c43e26c7409fa5dc4e282f

Download Submit
C:\Windows\system\hrsIAdk.exe

Filesize
6.0MB

MD5
5fb5a1e9bedbd38f19cb39d445ee2ab3

SHA1
af174d1692ca2792d1f3571afb1ac31b76ac01a5

SHA256
955ed18e5cfccaf3a79e36a39ef1ae6cac784b47f26d2438e6fa28a263ad9bb6

SHA512
6e1578dc8495cb50b7db18ec51bfc06e253ba9d30c6b5771155a784cf304115e8fc2040fccf1565836578668ec4ee7511ef07468df7768a53bb6e75c59bf0fa1

Download Submit
C:\Windows\system\kJwRryY.exe

Filesize
6.0MB

MD5
c1005d9e4db4b193979ab0ae411d097c

SHA1
7a041346a4ae82fea0cfe2d454fae394a0a71685

SHA256
60c12a7aca18d7cdab10cb5f2ca81d6de7c8c78b135eedfbe8d03461ea428eac

SHA512
1bc6146db1e141a235619966cf8321c955a054ffaea4569f3c7c2595260dc65bbab003c30138d1f5d02a0d9aa0b9b3e1c99841f0b1e6dda39c71c2899692d460

Download Submit
C:\Windows\system\kXHbUFl.exe

Filesize
6.0MB

MD5
72652d2072cc7a352384070272fb6531

SHA1
77f6f4119a416e82d3a8d74a44cd01b31bd64d7c

SHA256
b446d7b06b4ec29ce068bb69e427349ea5e405b1474dda749b42795855cd9f18

SHA512
1c158db982741a35abb25b243127b281453e95ba6dbfe448b3ecd7d358853d5d85e4ff3e1a415e2dfd06b7a709887c15f964420fd9a61fd3a68a3b3bd78dee3d

Download Submit
C:\Windows\system\kjyRmkM.exe

Filesize
6.0MB

MD5
bc3890e38ed17c872405d8d40790e64a

SHA1
7029c73f537a6107ca6fa8f3e9aa0e49793759c1

SHA256
a18652cea429dc0bb453e44e73f66ad77ffff9092124b6250993741f58627269

SHA512
cc4f7e347103839eadec4958fac2a85af0d00ab693f8cea10d00d2c1a10844def859560c6e24da1a58db58c1cf6709cc1e713da5d1797303821c47fac82ffc14

Download Submit
C:\Windows\system\mVPCQYX.exe

Filesize
6.0MB

MD5
d95ca6f00f99cc8fd9c92cd58d852e39

SHA1
e439d59076ea534a12c03a26d0f182118bb67a5b

SHA256
ca52b31347e422359083a93b7a23fe94c1f64dafe7c46f8a08a770c427020f62

SHA512
6c79ad2537d9eef26ab22bbe3a7b90bb2ff7432dd57ddc4c6e705f7f7160ff3e82cb8051c708860a103a8596b3ce5288bc0267df8e89fd41fa37dedbd2fcd309

Download Submit
C:\Windows\system\msgkuXW.exe

Filesize
6.0MB

MD5
bf06c4b050892ea013182be9168cc9a9

SHA1
9c82c0b98b8531a217bf5fe36c2680cc25332d9c

SHA256
3de81ef257924067a45310259073d738a318ce19a6c4f3656e2b3f26794c1222

SHA512
993a287d0dfb49be8197d5d5e0ea4e47d5dde6d9a28f2c1cf0b44684d9e03053e261d8fb548d71e2c1262cb139d7994eb1ed2bbbd5805425eab46f1aebaf0850

Download Submit
C:\Windows\system\pXNiRrI.exe

Filesize
6.0MB

MD5
48d9c7290925424723c2aa6e9990f132

SHA1
6b3fb68816f6164ac0a17e5f41a3ae65ab260681

SHA256
a27c8c63b0b29478625ac677233bb60269d159be97ba5a0605a45b91ac39674e

SHA512
46ca14bd573af8835db8797d824f5f75b8e9cc1d114db018151fb0c5b718f5b1256e5ad66e944208d7fb06fc5e383d1a61226094a4f0e2441800f178e565e1b2

Download Submit
C:\Windows\system\qfRtoso.exe

Filesize
6.0MB

MD5
6a427b1e8adf8a0981990b18b5394390

SHA1
95017f4a0a7b2f4c2b9795fa1abd047eaf926baa

SHA256
6a20a5e6ba28eee49269d363d2d25cac1c73bcb75826cfe61f8b72c7d9c9e6dc

SHA512
9cdda116be8574d17dde9fea01650b39695c6adaa397916d44ff13a15b7d5f0f199dbd02a2b0f8932399e3b4aa9559650cac16628dfb6f5ae2e72bed848727fb

Download Submit
C:\Windows\system\sMevPDk.exe

Filesize
6.0MB

MD5
4a88583ca1e33918b38fbbbd72f02bfd

SHA1
e0c18bc50be70a964afb6df3bcb67b4845e0217f

SHA256
4fcd0c531c83c729267d402a9f1985100e8ca407577da5dd69e18fb3a2c8aefb

SHA512
72a77c33b53a4c623189a861df1e7bb46c79be082425a957728ba3584a18b12bc5f30dc123c5ce59a736aba18e9fe2bd6a1be58ec88b9624091e54ddec489a6e

Download Submit
C:\Windows\system\sVNKNyW.exe

Filesize
6.0MB

MD5
df278a56a4f2a13ce9cf704c795ae868

SHA1
c6a5993fadef0826dd578d12fefa582e3d01a1ee

SHA256
99808321bd4d08fd60146f76d9228078d20811d5b3b1c159b254c33a5c3e7aaa

SHA512
47d685abd8e08f162b1872e7d03c34ba4b99538f4b786550e9fd7b666466c47e3c95ee8e66606d6f7014868821504c332ae882ad9583f2f54fa01a9a8d7830af

Download Submit
C:\Windows\system\uDzhQQX.exe

Filesize
6.0MB

MD5
81ff811cc0532bd5ff21ac78d0a17d4f

SHA1
9ae0b50bf76a5575a67e82d8288573f96bb6763a

SHA256
f2bfcd0b12f541731a37a01dcb9e9a1273081532efc51209ae9a3e95ea5ccada

SHA512
77f20806bd4a947e572db397d086255993f517e8fa4ee8812443a9efcb9122017ec79f37b37d6ff9d00799e5ac669db1622ec008c012269aa7498324ab87cfa4

Download Submit
C:\Windows\system\uNVhKFE.exe

Filesize
6.0MB

MD5
d5b919e0539dc4d132dc8f833a71f647

SHA1
27c1760fcfc8abdf3d435a6bb70b9078642ba4e8

SHA256
a30f87e9ad397aa5239cc44e3d177f3a413e7d78c5f8b10651ee8c8f2a27f311

SHA512
a33d04307b0de484294b6d011c6af82ffe394f2cf51199495d17ba4c5ee41c395e919e95b3376dc55382a065030547664dfe90a21aa0b89d58efefbaf523ac6e

Download Submit
C:\Windows\system\vZpQIyf.exe

Filesize
6.0MB

MD5
12fc514e2408e71d228af828503673ce

SHA1
79ff24ddffedb935736a532d14c8641fec6747cb

SHA256
36430840c54f85bc018c157301622f176dbce4bc868115440f4c5709577e7e2c

SHA512
f5af19c68d83d5ccf3920b234f03efca42b3c6f512b50b3fb814d6c8aa8831446fd49532944f0c375ef3e969eb7777e15e6cb70b636a2a12d10868621ddf66bb

Download Submit
C:\Windows\system\wEWLvbJ.exe

Filesize
6.0MB

MD5
c002840d1d403f311705e0187a1462ed

SHA1
2ad797bc82382da1326da08ea3aad121104782c6

SHA256
6ded6954d236cc859d0a5fd4a8ac1b889b6d6d4296cb697073e29f97fb12b5ad

SHA512
a991cac44f07755039c09f40b7561e8f0e0c18a770bdd083f1ec3f33b93a1f46305e8fe0185541e66418b922417c96f9986c44c0dea3721c80d3328aa4d807ce

Download Submit
C:\Windows\system\wlUfYEu.exe

Filesize
6.0MB

MD5
7bbce7538b35e2f69cfa845088a79fef

SHA1
d3e42469f9cd2b01ee4e4f6272ccd1ede5d2c7ab

SHA256
25f1b99e52abbc46baa5328844b10e78c88733959a6b73b05064ddd26e025bef

SHA512
7f37a8ecaf04c9f24267af00ac16e16b3ba5bbb0c9b825101ad800f121cd9061cdb1045d3d2ceda64df3625ad8af008d1cf46364c5c8220662dd4836e7bf40ad

Download Submit
C:\Windows\system\zMghrij.exe

Filesize
6.0MB

MD5
d2f1a059b6407b19eaca49099f5d2bf2

SHA1
4d2dbadac0823abef9e1776fecf63c653df8fea3

SHA256
e2aa970dcf5f0a481d3d2e1a7a278e54f50c6ec66ae1e0c8f82d150dc48c9917

SHA512
bf975ddd440e472aca3e854119a12ce908833b56cce9798bfacca96c3e6fa5b13f9df622aa84e1fb514a9b1032f81f908ef103e89b63684af66cc233e339b279

Download Submit
\Windows\system\ueUVWpp.exe

Filesize
6.0MB

MD5
26fa96648c4e1ef6193def6394c99c29

SHA1
c334b9decf7dcdceb6ea3db1e2068b7be66809ae

SHA256
c152a8973d822c0175bc97ead3e1979128d2295d825c686e4b2358a4ff8449c8

SHA512
c8b7c50a209c3c6cfad142a930a79b213451f2622f951fa3a9765c0486bdb856f7ce70926ad6dfcbe2b1b58ff10076379ca671fd94d5fcf7b7f2bdfebca62cec

Download Submit
\Windows\system\zamqYUz.exe

Filesize
6.0MB

MD5
afe9d8a5229a5a3caaa51bae3930581c

SHA1
98a27b5494e74796feb0e0387f36db5b913af8bd

SHA256
efb64e769902877f389207916dfc70a38e26e65a5c6ae793244640c4c694bf1e

SHA512
05d6749cf562740255963512d5999ce07eea893040a1a8fcc1256553847467c408a81c42833a72b0eca957309e2441aba5c65505b12963c1749b71615d30394c

Download Submit
memory/684-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/684-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/684-2912-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/684-2913-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/684-2987-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/684-3112-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-2498-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2060-4072-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2484-2449-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2484-4074-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2467-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4077-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download