cobaltstrike | d960a923870868b39d283b0d67816b930028447325a6a2a273359c5aa79051fa

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31/01/2025, 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5c696bba40559af1ec6967cb7580ecf5
SHA1

4a71287df7f8bc95f48b36c6676985907a798599
SHA256

d960a923870868b39d283b0d67816b930028447325a6a2a273359c5aa79051fa
SHA512

2357f0e4341617d2fd243f9f949cac1d7192f2defe2216cc46a7d44d1be60b64be548771ad84c5dcade672a9bc4dd2d0fd0f9b241eb9811504096773629ea665
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fb-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d49-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d71-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f45-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017342-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017355-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001919c-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017349-69.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018741-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191cf-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ad-78.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce8-42.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191df-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019214-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f8-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001921d-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019232-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019345-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-182.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-202.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-197.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019329-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019219-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d1-100.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2500-0-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fb-3.dat	xmrig
behavioral1/memory/2500-6-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d49-11.dat	xmrig
behavioral1/memory/2500-16-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2108-15-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/1216-12-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d71-10.dat	xmrig
behavioral1/files/0x0007000000016f45-24.dat	xmrig
behavioral1/memory/2880-29-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2632-22-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x0007000000017342-30.dat	xmrig
behavioral1/memory/2500-33-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x0009000000017355-50.dat	xmrig
behavioral1/files/0x000500000001919c-63.dat	xmrig
behavioral1/files/0x0007000000017349-69.dat	xmrig
behavioral1/files/0x0007000000018741-72.dat	xmrig
behavioral1/memory/2632-62-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2500-84-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x00050000000191cf-87.dat	xmrig
behavioral1/memory/2584-81-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2708-79-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191ad-78.dat	xmrig
behavioral1/memory/2136-76-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/3068-88-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2500-61-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2808-60-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2808-91-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/1216-38-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2640-73-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2792-71-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2880-67-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2500-65-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2108-43-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ce8-42.dat	xmrig
behavioral1/memory/2724-93-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2792-94-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2640-95-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191df-109.dat	xmrig
behavioral1/files/0x0005000000019214-121.dat	xmrig
behavioral1/files/0x00050000000191f8-118.dat	xmrig
behavioral1/files/0x000500000001921d-130.dat	xmrig
behavioral1/files/0x0005000000019232-137.dat	xmrig
behavioral1/files/0x0005000000019345-147.dat	xmrig
behavioral1/files/0x000500000001938e-172.dat	xmrig
behavioral1/files/0x00050000000193d1-182.dat	xmrig
behavioral1/files/0x00050000000193f0-192.dat	xmrig
behavioral1/files/0x000500000001948d-202.dat	xmrig
behavioral1/memory/2500-704-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/972-703-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-197.dat	xmrig
behavioral1/files/0x00050000000193e6-187.dat	xmrig
behavioral1/files/0x00050000000193a8-177.dat	xmrig
behavioral1/files/0x0005000000019382-167.dat	xmrig
behavioral1/files/0x000500000001937b-162.dat	xmrig
behavioral1/files/0x0005000000019371-157.dat	xmrig
behavioral1/files/0x0005000000019369-152.dat	xmrig
behavioral1/files/0x0005000000019329-142.dat	xmrig
behavioral1/files/0x0005000000019219-127.dat	xmrig
behavioral1/memory/2844-115-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/972-102-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2500-101-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d1-100.dat	xmrig
behavioral1/memory/2584-98-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1216	DSkOlUn.exe
2108	GginFly.exe
2632	iynBBOD.exe
2880	hiXjAiL.exe
2136	wfDXxTU.exe
2708	GRPGjhX.exe
2808	FWPzaNr.exe
2724	SalSnIi.exe
2792	JwRreOP.exe
2640	nMQgylx.exe
2584	pnyqGGP.exe
3068	GjggaXr.exe
972	iumEcdi.exe
2844	lYbprLu.exe
1428	UapFZod.exe
980	qqcyurZ.exe
1952	bDtFgcG.exe
1988	rxgUoIb.exe
1832	lSuseFJ.exe
1280	mguaBLs.exe
1900	pehkdgb.exe
3024	yicaozA.exe
2872	GwZiAiK.exe
1796	EXDGxwp.exe
2648	CnBThvh.exe
2244	mQTsXTV.exe
2876	WOLKhpo.exe
2044	WELchLn.exe
892	TApRLDP.exe
440	ZMszriF.exe
940	RjXNJQf.exe
2424	eGHHzGj.exe
300	lDyTYvx.exe
1520	uRpZrrp.exe
1048	cJriNuz.exe
1324	QuTLKaL.exe
1532	xKtVFIj.exe
820	gmmtFHn.exe
2064	GNWgVwG.exe
2536	IhhhLDh.exe
2180	FtExTBU.exe
2940	rvcFhcB.exe
3020	mEVeRUf.exe
2432	stWAMRb.exe
2068	LiMeKKN.exe
632	BooDjdr.exe
2888	fsKzcLZ.exe
2140	NIjiurk.exe
2488	ExENVWt.exe
2304	QYDFnCz.exe
1260	GMAWLBu.exe
2336	OqbCWyy.exe
2764	yCRsKoh.exe
2732	YEeJDMx.exe
2412	VapXUnb.exe
2348	poZVnFA.exe
2816	cwBKIAE.exe
1628	xKqcymF.exe
2452	xdcbkpR.exe
2096	EKRhgCU.exe
624	qGbiJIC.exe
2576	TdkRAnl.exe
2144	MnpSRTD.exe
2772	lObmtlX.exe

Loads dropped DLL 64 IoCs

pid	Process
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2500-0-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x00080000000120fb-3.dat	upx
behavioral1/memory/2500-6-0x00000000023C0000-0x0000000002714000-memory.dmp	upx
behavioral1/files/0x0008000000016d49-11.dat	upx
behavioral1/memory/2108-15-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/1216-12-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0008000000016d71-10.dat	upx
behavioral1/files/0x0007000000016f45-24.dat	upx
behavioral1/memory/2880-29-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2632-22-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x0007000000017342-30.dat	upx
behavioral1/memory/2500-33-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x0009000000017355-50.dat	upx
behavioral1/files/0x000500000001919c-63.dat	upx
behavioral1/files/0x0007000000017349-69.dat	upx
behavioral1/files/0x0007000000018741-72.dat	upx
behavioral1/memory/2632-62-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x00050000000191cf-87.dat	upx
behavioral1/memory/2584-81-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2708-79-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x00050000000191ad-78.dat	upx
behavioral1/memory/2136-76-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/3068-88-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2808-60-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2808-91-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/1216-38-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2640-73-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2792-71-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2880-67-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2500-65-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2108-43-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0009000000016ce8-42.dat	upx
behavioral1/memory/2724-93-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2792-94-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2640-95-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x00050000000191df-109.dat	upx
behavioral1/files/0x0005000000019214-121.dat	upx
behavioral1/files/0x00050000000191f8-118.dat	upx
behavioral1/files/0x000500000001921d-130.dat	upx
behavioral1/files/0x0005000000019232-137.dat	upx
behavioral1/files/0x0005000000019345-147.dat	upx
behavioral1/files/0x000500000001938e-172.dat	upx
behavioral1/files/0x00050000000193d1-182.dat	upx
behavioral1/files/0x00050000000193f0-192.dat	upx
behavioral1/files/0x000500000001948d-202.dat	upx
behavioral1/memory/972-703-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x000500000001945c-197.dat	upx
behavioral1/files/0x00050000000193e6-187.dat	upx
behavioral1/files/0x00050000000193a8-177.dat	upx
behavioral1/files/0x0005000000019382-167.dat	upx
behavioral1/files/0x000500000001937b-162.dat	upx
behavioral1/files/0x0005000000019371-157.dat	upx
behavioral1/files/0x0005000000019369-152.dat	upx
behavioral1/files/0x0005000000019329-142.dat	upx
behavioral1/files/0x0005000000019219-127.dat	upx
behavioral1/memory/2844-115-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/972-102-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x00050000000191d1-100.dat	upx
behavioral1/memory/2584-98-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/3068-107-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/1216-2837-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2108-2834-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2632-2839-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2880-2840-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rcVzCpq.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mejphyy.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INHdPaY.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghbGwub.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPWPQSZ.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJEhQrS.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOnnjxm.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRtPSXk.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XflhjbR.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAyepKb.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzOEXEW.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsfPwRE.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuHdQol.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNsLHSG.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjQuTPm.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHlEbKw.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHdPgqu.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFCZwKz.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEaEhOY.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBqCRck.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwJNdtI.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlLyFqZ.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVNGjPr.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQcdlSJ.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsvGGyl.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DViWwBY.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhEsarV.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBOsHTn.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COVbMPT.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAcfbMW.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvcRtdC.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVwclaZ.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDtqRFQ.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldGCYzU.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pntWelW.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gClMkKh.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtwZnfi.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siEMYHA.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owahoUu.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYouUop.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWHBiMB.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAtzEcb.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKWurVS.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDdTTdR.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnKTBXh.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bodFjJE.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWNGPBg.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sghvXgq.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWaYGfO.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbDZcBU.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJXkotQ.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCorEGq.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKtKGRC.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AujvVuL.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNnJldX.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPTNpcL.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDdggXE.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvxJcVD.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JeHkVps.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfwAQxE.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTRLUck.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVKXHkF.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hLyPBUv.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdPSQoQ.exe	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 1216	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2500 wrote to memory of 1216	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2500 wrote to memory of 1216	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2500 wrote to memory of 2108	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2500 wrote to memory of 2108	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2500 wrote to memory of 2108	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2500 wrote to memory of 2632	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2500 wrote to memory of 2632	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2500 wrote to memory of 2632	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2500 wrote to memory of 2880	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2500 wrote to memory of 2880	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2500 wrote to memory of 2880	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2500 wrote to memory of 2136	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2500 wrote to memory of 2136	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2500 wrote to memory of 2136	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2500 wrote to memory of 2708	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2500 wrote to memory of 2708	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2500 wrote to memory of 2708	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2500 wrote to memory of 2792	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2500 wrote to memory of 2792	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2500 wrote to memory of 2792	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2500 wrote to memory of 2808	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2500 wrote to memory of 2808	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2500 wrote to memory of 2808	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2500 wrote to memory of 2640	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2500 wrote to memory of 2640	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2500 wrote to memory of 2640	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2500 wrote to memory of 2724	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2500 wrote to memory of 2724	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2500 wrote to memory of 2724	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2500 wrote to memory of 2584	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2500 wrote to memory of 2584	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2500 wrote to memory of 2584	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2500 wrote to memory of 3068	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2500 wrote to memory of 3068	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2500 wrote to memory of 3068	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2500 wrote to memory of 972	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2500 wrote to memory of 972	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2500 wrote to memory of 972	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2500 wrote to memory of 2844	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2500 wrote to memory of 2844	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2500 wrote to memory of 2844	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2500 wrote to memory of 1428	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2500 wrote to memory of 1428	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2500 wrote to memory of 1428	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2500 wrote to memory of 980	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2500 wrote to memory of 980	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2500 wrote to memory of 980	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2500 wrote to memory of 1952	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2500 wrote to memory of 1952	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2500 wrote to memory of 1952	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2500 wrote to memory of 1988	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2500 wrote to memory of 1988	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2500 wrote to memory of 1988	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2500 wrote to memory of 1832	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2500 wrote to memory of 1832	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2500 wrote to memory of 1832	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2500 wrote to memory of 1280	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2500 wrote to memory of 1280	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2500 wrote to memory of 1280	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2500 wrote to memory of 1900	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2500 wrote to memory of 1900	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2500 wrote to memory of 1900	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2500 wrote to memory of 3024	2500	2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_5c696bba40559af1ec6967cb7580ecf5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\System\DSkOlUn.exe
  C:\Windows\System\DSkOlUn.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\GginFly.exe
  C:\Windows\System\GginFly.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\iynBBOD.exe
  C:\Windows\System\iynBBOD.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\hiXjAiL.exe
  C:\Windows\System\hiXjAiL.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\wfDXxTU.exe
  C:\Windows\System\wfDXxTU.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\GRPGjhX.exe
  C:\Windows\System\GRPGjhX.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\JwRreOP.exe
  C:\Windows\System\JwRreOP.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\FWPzaNr.exe
  C:\Windows\System\FWPzaNr.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\nMQgylx.exe
  C:\Windows\System\nMQgylx.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\SalSnIi.exe
  C:\Windows\System\SalSnIi.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\pnyqGGP.exe
  C:\Windows\System\pnyqGGP.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\GjggaXr.exe
  C:\Windows\System\GjggaXr.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\iumEcdi.exe
  C:\Windows\System\iumEcdi.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\lYbprLu.exe
  C:\Windows\System\lYbprLu.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\UapFZod.exe
  C:\Windows\System\UapFZod.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\qqcyurZ.exe
  C:\Windows\System\qqcyurZ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\bDtFgcG.exe
  C:\Windows\System\bDtFgcG.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\rxgUoIb.exe
  C:\Windows\System\rxgUoIb.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\lSuseFJ.exe
  C:\Windows\System\lSuseFJ.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\mguaBLs.exe
  C:\Windows\System\mguaBLs.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\pehkdgb.exe
  C:\Windows\System\pehkdgb.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\yicaozA.exe
  C:\Windows\System\yicaozA.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\GwZiAiK.exe
  C:\Windows\System\GwZiAiK.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\EXDGxwp.exe
  C:\Windows\System\EXDGxwp.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\CnBThvh.exe
  C:\Windows\System\CnBThvh.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\mQTsXTV.exe
  C:\Windows\System\mQTsXTV.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\WOLKhpo.exe
  C:\Windows\System\WOLKhpo.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\WELchLn.exe
  C:\Windows\System\WELchLn.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\TApRLDP.exe
  C:\Windows\System\TApRLDP.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\ZMszriF.exe
  C:\Windows\System\ZMszriF.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\RjXNJQf.exe
  C:\Windows\System\RjXNJQf.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\eGHHzGj.exe
  C:\Windows\System\eGHHzGj.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\lDyTYvx.exe
  C:\Windows\System\lDyTYvx.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\uRpZrrp.exe
  C:\Windows\System\uRpZrrp.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\cJriNuz.exe
  C:\Windows\System\cJriNuz.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\QuTLKaL.exe
  C:\Windows\System\QuTLKaL.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\xKtVFIj.exe
  C:\Windows\System\xKtVFIj.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\gmmtFHn.exe
  C:\Windows\System\gmmtFHn.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\GNWgVwG.exe
  C:\Windows\System\GNWgVwG.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\IhhhLDh.exe
  C:\Windows\System\IhhhLDh.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\FtExTBU.exe
  C:\Windows\System\FtExTBU.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\rvcFhcB.exe
  C:\Windows\System\rvcFhcB.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\mEVeRUf.exe
  C:\Windows\System\mEVeRUf.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\stWAMRb.exe
  C:\Windows\System\stWAMRb.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\LiMeKKN.exe
  C:\Windows\System\LiMeKKN.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\BooDjdr.exe
  C:\Windows\System\BooDjdr.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\fsKzcLZ.exe
  C:\Windows\System\fsKzcLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\NIjiurk.exe
  C:\Windows\System\NIjiurk.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\ExENVWt.exe
  C:\Windows\System\ExENVWt.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\QYDFnCz.exe
  C:\Windows\System\QYDFnCz.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\GMAWLBu.exe
  C:\Windows\System\GMAWLBu.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\OqbCWyy.exe
  C:\Windows\System\OqbCWyy.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\yCRsKoh.exe
  C:\Windows\System\yCRsKoh.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\YEeJDMx.exe
  C:\Windows\System\YEeJDMx.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\VapXUnb.exe
  C:\Windows\System\VapXUnb.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\poZVnFA.exe
  C:\Windows\System\poZVnFA.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\cwBKIAE.exe
  C:\Windows\System\cwBKIAE.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\xKqcymF.exe
  C:\Windows\System\xKqcymF.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\xdcbkpR.exe
  C:\Windows\System\xdcbkpR.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\EKRhgCU.exe
  C:\Windows\System\EKRhgCU.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\qGbiJIC.exe
  C:\Windows\System\qGbiJIC.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\TdkRAnl.exe
  C:\Windows\System\TdkRAnl.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\MnpSRTD.exe
  C:\Windows\System\MnpSRTD.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\lObmtlX.exe
  C:\Windows\System\lObmtlX.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\ngGcpZK.exe
  C:\Windows\System\ngGcpZK.exe
  2⤵
  PID:2716
- C:\Windows\System\ODpBKVr.exe
  C:\Windows\System\ODpBKVr.exe
  2⤵
  PID:2564
- C:\Windows\System\rtBSCOp.exe
  C:\Windows\System\rtBSCOp.exe
  2⤵
  PID:1444
- C:\Windows\System\YBtipPl.exe
  C:\Windows\System\YBtipPl.exe
  2⤵
  PID:1896
- C:\Windows\System\qJMDssk.exe
  C:\Windows\System\qJMDssk.exe
  2⤵
  PID:2540
- C:\Windows\System\TmhUDkp.exe
  C:\Windows\System\TmhUDkp.exe
  2⤵
  PID:1792
- C:\Windows\System\jgNrdyJ.exe
  C:\Windows\System\jgNrdyJ.exe
  2⤵
  PID:984
- C:\Windows\System\rDzqYDz.exe
  C:\Windows\System\rDzqYDz.exe
  2⤵
  PID:2560
- C:\Windows\System\wOjzRIJ.exe
  C:\Windows\System\wOjzRIJ.exe
  2⤵
  PID:1152
- C:\Windows\System\FvZPueg.exe
  C:\Windows\System\FvZPueg.exe
  2⤵
  PID:3028
- C:\Windows\System\DzWPLUs.exe
  C:\Windows\System\DzWPLUs.exe
  2⤵
  PID:772
- C:\Windows\System\olzrIxg.exe
  C:\Windows\System\olzrIxg.exe
  2⤵
  PID:1984
- C:\Windows\System\NcgmtXL.exe
  C:\Windows\System\NcgmtXL.exe
  2⤵
  PID:2420
- C:\Windows\System\ztQGdis.exe
  C:\Windows\System\ztQGdis.exe
  2⤵
  PID:684
- C:\Windows\System\tUbDBXF.exe
  C:\Windows\System\tUbDBXF.exe
  2⤵
  PID:1664
- C:\Windows\System\POMRJZS.exe
  C:\Windows\System\POMRJZS.exe
  2⤵
  PID:2188
- C:\Windows\System\wlKQZcA.exe
  C:\Windows\System\wlKQZcA.exe
  2⤵
  PID:2220
- C:\Windows\System\dDyNYKT.exe
  C:\Windows\System\dDyNYKT.exe
  2⤵
  PID:608
- C:\Windows\System\RSFfXAw.exe
  C:\Windows\System\RSFfXAw.exe
  2⤵
  PID:1772
- C:\Windows\System\cOwkxFk.exe
  C:\Windows\System\cOwkxFk.exe
  2⤵
  PID:1284
- C:\Windows\System\IBcPQCB.exe
  C:\Windows\System\IBcPQCB.exe
  2⤵
  PID:1536
- C:\Windows\System\sDglZmd.exe
  C:\Windows\System\sDglZmd.exe
  2⤵
  PID:340
- C:\Windows\System\ipEwujv.exe
  C:\Windows\System\ipEwujv.exe
  2⤵
  PID:1636
- C:\Windows\System\wwegmLN.exe
  C:\Windows\System\wwegmLN.exe
  2⤵
  PID:1496
- C:\Windows\System\RCqjjBE.exe
  C:\Windows\System\RCqjjBE.exe
  2⤵
  PID:2208
- C:\Windows\System\cdCytdT.exe
  C:\Windows\System\cdCytdT.exe
  2⤵
  PID:2148
- C:\Windows\System\iCLnxyd.exe
  C:\Windows\System\iCLnxyd.exe
  2⤵
  PID:2228
- C:\Windows\System\ekyspxz.exe
  C:\Windows\System\ekyspxz.exe
  2⤵
  PID:1552
- C:\Windows\System\zhuHarm.exe
  C:\Windows\System\zhuHarm.exe
  2⤵
  PID:576
- C:\Windows\System\chchwSn.exe
  C:\Windows\System\chchwSn.exe
  2⤵
  PID:2496
- C:\Windows\System\HRwAHXG.exe
  C:\Windows\System\HRwAHXG.exe
  2⤵
  PID:112
- C:\Windows\System\ooppHUW.exe
  C:\Windows\System\ooppHUW.exe
  2⤵
  PID:2352
- C:\Windows\System\lcPldQo.exe
  C:\Windows\System\lcPldQo.exe
  2⤵
  PID:2760
- C:\Windows\System\jUALuAL.exe
  C:\Windows\System\jUALuAL.exe
  2⤵
  PID:1696
- C:\Windows\System\mftRpri.exe
  C:\Windows\System\mftRpri.exe
  2⤵
  PID:2784
- C:\Windows\System\fEbFYne.exe
  C:\Windows\System\fEbFYne.exe
  2⤵
  PID:3052
- C:\Windows\System\fGMPzkW.exe
  C:\Windows\System\fGMPzkW.exe
  2⤵
  PID:1840
- C:\Windows\System\ZuODWDa.exe
  C:\Windows\System\ZuODWDa.exe
  2⤵
  PID:2912
- C:\Windows\System\eVTJnyB.exe
  C:\Windows\System\eVTJnyB.exe
  2⤵
  PID:2840
- C:\Windows\System\UmJggWu.exe
  C:\Windows\System\UmJggWu.exe
  2⤵
  PID:1992
- C:\Windows\System\gffpqRl.exe
  C:\Windows\System\gffpqRl.exe
  2⤵
  PID:2000
- C:\Windows\System\WJlscSS.exe
  C:\Windows\System\WJlscSS.exe
  2⤵
  PID:2672
- C:\Windows\System\DibJKtu.exe
  C:\Windows\System\DibJKtu.exe
  2⤵
  PID:2436
- C:\Windows\System\YAugZVl.exe
  C:\Windows\System\YAugZVl.exe
  2⤵
  PID:2192
- C:\Windows\System\HDSxxBS.exe
  C:\Windows\System\HDSxxBS.exe
  2⤵
  PID:2200
- C:\Windows\System\FKixhDX.exe
  C:\Windows\System\FKixhDX.exe
  2⤵
  PID:2532
- C:\Windows\System\gtvlZzN.exe
  C:\Windows\System\gtvlZzN.exe
  2⤵
  PID:1736
- C:\Windows\System\OnEEmcz.exe
  C:\Windows\System\OnEEmcz.exe
  2⤵
  PID:904
- C:\Windows\System\NOjMgCL.exe
  C:\Windows\System\NOjMgCL.exe
  2⤵
  PID:936
- C:\Windows\System\HCRmUcs.exe
  C:\Windows\System\HCRmUcs.exe
  2⤵
  PID:2260
- C:\Windows\System\vwDtHuH.exe
  C:\Windows\System\vwDtHuH.exe
  2⤵
  PID:1144
- C:\Windows\System\YrwfTIR.exe
  C:\Windows\System\YrwfTIR.exe
  2⤵
  PID:2448
- C:\Windows\System\UkmtuFl.exe
  C:\Windows\System\UkmtuFl.exe
  2⤵
  PID:1576
- C:\Windows\System\PppzSnK.exe
  C:\Windows\System\PppzSnK.exe
  2⤵
  PID:1740
- C:\Windows\System\fIaeRNS.exe
  C:\Windows\System\fIaeRNS.exe
  2⤵
  PID:2644
- C:\Windows\System\KRgAJRl.exe
  C:\Windows\System\KRgAJRl.exe
  2⤵
  PID:3004
- C:\Windows\System\tMIsxMl.exe
  C:\Windows\System\tMIsxMl.exe
  2⤵
  PID:2548
- C:\Windows\System\rBHgFaS.exe
  C:\Windows\System\rBHgFaS.exe
  2⤵
  PID:2788
- C:\Windows\System\JKqKkcR.exe
  C:\Windows\System\JKqKkcR.exe
  2⤵
  PID:2848
- C:\Windows\System\SCorEGq.exe
  C:\Windows\System\SCorEGq.exe
  2⤵
  PID:768
- C:\Windows\System\bHUAnEn.exe
  C:\Windows\System\bHUAnEn.exe
  2⤵
  PID:1452
- C:\Windows\System\JQlpYZp.exe
  C:\Windows\System\JQlpYZp.exe
  2⤵
  PID:3060
- C:\Windows\System\PQsFhtW.exe
  C:\Windows\System\PQsFhtW.exe
  2⤵
  PID:2016
- C:\Windows\System\GDbaJWp.exe
  C:\Windows\System\GDbaJWp.exe
  2⤵
  PID:1072
- C:\Windows\System\rTNtfSY.exe
  C:\Windows\System\rTNtfSY.exe
  2⤵
  PID:1356
- C:\Windows\System\xfYnAXl.exe
  C:\Windows\System\xfYnAXl.exe
  2⤵
  PID:1620
- C:\Windows\System\OYfFAQV.exe
  C:\Windows\System\OYfFAQV.exe
  2⤵
  PID:1968
- C:\Windows\System\HKwQQAA.exe
  C:\Windows\System\HKwQQAA.exe
  2⤵
  PID:1700
- C:\Windows\System\XflhjbR.exe
  C:\Windows\System\XflhjbR.exe
  2⤵
  PID:1236
- C:\Windows\System\YBFFiEs.exe
  C:\Windows\System\YBFFiEs.exe
  2⤵
  PID:2608
- C:\Windows\System\JRXCiru.exe
  C:\Windows\System\JRXCiru.exe
  2⤵
  PID:2380
- C:\Windows\System\fZPiSTF.exe
  C:\Windows\System\fZPiSTF.exe
  2⤵
  PID:2552
- C:\Windows\System\uteYXij.exe
  C:\Windows\System\uteYXij.exe
  2⤵
  PID:668
- C:\Windows\System\XzkNFbL.exe
  C:\Windows\System\XzkNFbL.exe
  2⤵
  PID:832
- C:\Windows\System\TeVtZkS.exe
  C:\Windows\System\TeVtZkS.exe
  2⤵
  PID:2332
- C:\Windows\System\KiwYNjH.exe
  C:\Windows\System\KiwYNjH.exe
  2⤵
  PID:2924
- C:\Windows\System\yhKtnfJ.exe
  C:\Windows\System\yhKtnfJ.exe
  2⤵
  PID:1580
- C:\Windows\System\gjGSnCl.exe
  C:\Windows\System\gjGSnCl.exe
  2⤵
  PID:2676
- C:\Windows\System\mPXEMLE.exe
  C:\Windows\System\mPXEMLE.exe
  2⤵
  PID:2288
- C:\Windows\System\yrAhthw.exe
  C:\Windows\System\yrAhthw.exe
  2⤵
  PID:3080
- C:\Windows\System\dBICpoG.exe
  C:\Windows\System\dBICpoG.exe
  2⤵
  PID:3100
- C:\Windows\System\RCkzcBN.exe
  C:\Windows\System\RCkzcBN.exe
  2⤵
  PID:3120
- C:\Windows\System\kmowCKO.exe
  C:\Windows\System\kmowCKO.exe
  2⤵
  PID:3140
- C:\Windows\System\GNIcgbv.exe
  C:\Windows\System\GNIcgbv.exe
  2⤵
  PID:3160
- C:\Windows\System\lZbuZJZ.exe
  C:\Windows\System\lZbuZJZ.exe
  2⤵
  PID:3180
- C:\Windows\System\bPGLycX.exe
  C:\Windows\System\bPGLycX.exe
  2⤵
  PID:3200
- C:\Windows\System\OUKhOHM.exe
  C:\Windows\System\OUKhOHM.exe
  2⤵
  PID:3220
- C:\Windows\System\ClJaCQf.exe
  C:\Windows\System\ClJaCQf.exe
  2⤵
  PID:3240
- C:\Windows\System\gAJzLgD.exe
  C:\Windows\System\gAJzLgD.exe
  2⤵
  PID:3256
- C:\Windows\System\JKRYMkr.exe
  C:\Windows\System\JKRYMkr.exe
  2⤵
  PID:3284
- C:\Windows\System\xxThpow.exe
  C:\Windows\System\xxThpow.exe
  2⤵
  PID:3304
- C:\Windows\System\jmyPFyD.exe
  C:\Windows\System\jmyPFyD.exe
  2⤵
  PID:3324
- C:\Windows\System\epLBmsY.exe
  C:\Windows\System\epLBmsY.exe
  2⤵
  PID:3340
- C:\Windows\System\sZGfUqY.exe
  C:\Windows\System\sZGfUqY.exe
  2⤵
  PID:3364
- C:\Windows\System\yZqGfes.exe
  C:\Windows\System\yZqGfes.exe
  2⤵
  PID:3384
- C:\Windows\System\AXygIMO.exe
  C:\Windows\System\AXygIMO.exe
  2⤵
  PID:3404
- C:\Windows\System\SeJaRqG.exe
  C:\Windows\System\SeJaRqG.exe
  2⤵
  PID:3424
- C:\Windows\System\bcPWCPa.exe
  C:\Windows\System\bcPWCPa.exe
  2⤵
  PID:3444
- C:\Windows\System\HafQBaz.exe
  C:\Windows\System\HafQBaz.exe
  2⤵
  PID:3464
- C:\Windows\System\DktfRsg.exe
  C:\Windows\System\DktfRsg.exe
  2⤵
  PID:3484
- C:\Windows\System\jJDnfCu.exe
  C:\Windows\System\jJDnfCu.exe
  2⤵
  PID:3504
- C:\Windows\System\DQVviXE.exe
  C:\Windows\System\DQVviXE.exe
  2⤵
  PID:3524
- C:\Windows\System\XUCGkcM.exe
  C:\Windows\System\XUCGkcM.exe
  2⤵
  PID:3544
- C:\Windows\System\VYJIUiJ.exe
  C:\Windows\System\VYJIUiJ.exe
  2⤵
  PID:3564
- C:\Windows\System\IckQHGd.exe
  C:\Windows\System\IckQHGd.exe
  2⤵
  PID:3580
- C:\Windows\System\zcGNweo.exe
  C:\Windows\System\zcGNweo.exe
  2⤵
  PID:3604
- C:\Windows\System\HIoJMYj.exe
  C:\Windows\System\HIoJMYj.exe
  2⤵
  PID:3628
- C:\Windows\System\synLxJv.exe
  C:\Windows\System\synLxJv.exe
  2⤵
  PID:3648
- C:\Windows\System\tpcMBeN.exe
  C:\Windows\System\tpcMBeN.exe
  2⤵
  PID:3668
- C:\Windows\System\dxZbyBu.exe
  C:\Windows\System\dxZbyBu.exe
  2⤵
  PID:3688
- C:\Windows\System\Gbiaqng.exe
  C:\Windows\System\Gbiaqng.exe
  2⤵
  PID:3708
- C:\Windows\System\tRWbSjA.exe
  C:\Windows\System\tRWbSjA.exe
  2⤵
  PID:3728
- C:\Windows\System\HZYtNPI.exe
  C:\Windows\System\HZYtNPI.exe
  2⤵
  PID:3748
- C:\Windows\System\xpvEyJv.exe
  C:\Windows\System\xpvEyJv.exe
  2⤵
  PID:3768
- C:\Windows\System\MgpOAMR.exe
  C:\Windows\System\MgpOAMR.exe
  2⤵
  PID:3788
- C:\Windows\System\bRHbcGE.exe
  C:\Windows\System\bRHbcGE.exe
  2⤵
  PID:3808
- C:\Windows\System\xOrzqzY.exe
  C:\Windows\System\xOrzqzY.exe
  2⤵
  PID:3832
- C:\Windows\System\ZzeAQqD.exe
  C:\Windows\System\ZzeAQqD.exe
  2⤵
  PID:3852
- C:\Windows\System\ussEoQt.exe
  C:\Windows\System\ussEoQt.exe
  2⤵
  PID:3872
- C:\Windows\System\OGzfMfb.exe
  C:\Windows\System\OGzfMfb.exe
  2⤵
  PID:3892
- C:\Windows\System\revcBth.exe
  C:\Windows\System\revcBth.exe
  2⤵
  PID:3912
- C:\Windows\System\nkUZApk.exe
  C:\Windows\System\nkUZApk.exe
  2⤵
  PID:3932
- C:\Windows\System\zQbvlqC.exe
  C:\Windows\System\zQbvlqC.exe
  2⤵
  PID:3952
- C:\Windows\System\ZJtUbic.exe
  C:\Windows\System\ZJtUbic.exe
  2⤵
  PID:3972
- C:\Windows\System\jDBOYvF.exe
  C:\Windows\System\jDBOYvF.exe
  2⤵
  PID:3992
- C:\Windows\System\zhMEUHQ.exe
  C:\Windows\System\zhMEUHQ.exe
  2⤵
  PID:4012
- C:\Windows\System\uztWLQo.exe
  C:\Windows\System\uztWLQo.exe
  2⤵
  PID:4032
- C:\Windows\System\KMaHrml.exe
  C:\Windows\System\KMaHrml.exe
  2⤵
  PID:4052
- C:\Windows\System\MJfOkAe.exe
  C:\Windows\System\MJfOkAe.exe
  2⤵
  PID:4068
- C:\Windows\System\WKzXKoG.exe
  C:\Windows\System\WKzXKoG.exe
  2⤵
  PID:4092
- C:\Windows\System\UjZNDkL.exe
  C:\Windows\System\UjZNDkL.exe
  2⤵
  PID:1300
- C:\Windows\System\PpZtOVK.exe
  C:\Windows\System\PpZtOVK.exe
  2⤵
  PID:2224
- C:\Windows\System\nNGrLYE.exe
  C:\Windows\System\nNGrLYE.exe
  2⤵
  PID:2528
- C:\Windows\System\GfyFvsG.exe
  C:\Windows\System\GfyFvsG.exe
  2⤵
  PID:2376
- C:\Windows\System\kFetWfH.exe
  C:\Windows\System\kFetWfH.exe
  2⤵
  PID:3096
- C:\Windows\System\qPzSGFp.exe
  C:\Windows\System\qPzSGFp.exe
  2⤵
  PID:3128
- C:\Windows\System\wTvVcZy.exe
  C:\Windows\System\wTvVcZy.exe
  2⤵
  PID:3152
- C:\Windows\System\AcnEtSo.exe
  C:\Windows\System\AcnEtSo.exe
  2⤵
  PID:3196
- C:\Windows\System\KmUITrK.exe
  C:\Windows\System\KmUITrK.exe
  2⤵
  PID:3228
- C:\Windows\System\loaRQNz.exe
  C:\Windows\System\loaRQNz.exe
  2⤵
  PID:3264
- C:\Windows\System\NfbOxpI.exe
  C:\Windows\System\NfbOxpI.exe
  2⤵
  PID:3320
- C:\Windows\System\rrStKDW.exe
  C:\Windows\System\rrStKDW.exe
  2⤵
  PID:3332
- C:\Windows\System\RBUhazr.exe
  C:\Windows\System\RBUhazr.exe
  2⤵
  PID:3336
- C:\Windows\System\czTXJSf.exe
  C:\Windows\System\czTXJSf.exe
  2⤵
  PID:3400
- C:\Windows\System\nDkjsBP.exe
  C:\Windows\System\nDkjsBP.exe
  2⤵
  PID:3412
- C:\Windows\System\QgGiMXB.exe
  C:\Windows\System\QgGiMXB.exe
  2⤵
  PID:3476
- C:\Windows\System\yCaZZFZ.exe
  C:\Windows\System\yCaZZFZ.exe
  2⤵
  PID:3512
- C:\Windows\System\mihoupl.exe
  C:\Windows\System\mihoupl.exe
  2⤵
  PID:3500
- C:\Windows\System\qRimCrC.exe
  C:\Windows\System\qRimCrC.exe
  2⤵
  PID:3560
- C:\Windows\System\iVhIRfc.exe
  C:\Windows\System\iVhIRfc.exe
  2⤵
  PID:3600
- C:\Windows\System\Pdwhskl.exe
  C:\Windows\System\Pdwhskl.exe
  2⤵
  PID:3640
- C:\Windows\System\XizeITy.exe
  C:\Windows\System\XizeITy.exe
  2⤵
  PID:3684
- C:\Windows\System\prylyDl.exe
  C:\Windows\System\prylyDl.exe
  2⤵
  PID:3716
- C:\Windows\System\lvgXkhY.exe
  C:\Windows\System\lvgXkhY.exe
  2⤵
  PID:3736
- C:\Windows\System\KZycbBE.exe
  C:\Windows\System\KZycbBE.exe
  2⤵
  PID:3764
- C:\Windows\System\cNHyqUn.exe
  C:\Windows\System\cNHyqUn.exe
  2⤵
  PID:3780
- C:\Windows\System\ruLQasr.exe
  C:\Windows\System\ruLQasr.exe
  2⤵
  PID:3848
- C:\Windows\System\RbuszyZ.exe
  C:\Windows\System\RbuszyZ.exe
  2⤵
  PID:3868
- C:\Windows\System\eQGvTsG.exe
  C:\Windows\System\eQGvTsG.exe
  2⤵
  PID:3908
- C:\Windows\System\LSLIKzQ.exe
  C:\Windows\System\LSLIKzQ.exe
  2⤵
  PID:3960
- C:\Windows\System\rPyqLzo.exe
  C:\Windows\System\rPyqLzo.exe
  2⤵
  PID:3964
- C:\Windows\System\indurVk.exe
  C:\Windows\System\indurVk.exe
  2⤵
  PID:3988
- C:\Windows\System\udgUivh.exe
  C:\Windows\System\udgUivh.exe
  2⤵
  PID:4044
- C:\Windows\System\IlhAAlF.exe
  C:\Windows\System\IlhAAlF.exe
  2⤵
  PID:4088
- C:\Windows\System\idKEXGr.exe
  C:\Windows\System\idKEXGr.exe
  2⤵
  PID:2212
- C:\Windows\System\VVZTVHC.exe
  C:\Windows\System\VVZTVHC.exe
  2⤵
  PID:2464
- C:\Windows\System\AxiOPPb.exe
  C:\Windows\System\AxiOPPb.exe
  2⤵
  PID:2416
- C:\Windows\System\qGkJKZS.exe
  C:\Windows\System\qGkJKZS.exe
  2⤵
  PID:1712
- C:\Windows\System\lzaGXjl.exe
  C:\Windows\System\lzaGXjl.exe
  2⤵
  PID:3820
- C:\Windows\System\rLbrJkn.exe
  C:\Windows\System\rLbrJkn.exe
  2⤵
  PID:860
- C:\Windows\System\ldZDqJG.exe
  C:\Windows\System\ldZDqJG.exe
  2⤵
  PID:3248
- C:\Windows\System\epCWfpY.exe
  C:\Windows\System\epCWfpY.exe
  2⤵
  PID:3312
- C:\Windows\System\aLBFtlq.exe
  C:\Windows\System\aLBFtlq.exe
  2⤵
  PID:3360
- C:\Windows\System\KfSQZbt.exe
  C:\Windows\System\KfSQZbt.exe
  2⤵
  PID:3432
- C:\Windows\System\ZICmdDL.exe
  C:\Windows\System\ZICmdDL.exe
  2⤵
  PID:3280
- C:\Windows\System\GkfHfQO.exe
  C:\Windows\System\GkfHfQO.exe
  2⤵
  PID:3480
- C:\Windows\System\auDqtTB.exe
  C:\Windows\System\auDqtTB.exe
  2⤵
  PID:3588
- C:\Windows\System\FMkkdsE.exe
  C:\Windows\System\FMkkdsE.exe
  2⤵
  PID:3656
- C:\Windows\System\GwYoFtJ.exe
  C:\Windows\System\GwYoFtJ.exe
  2⤵
  PID:3720
- C:\Windows\System\jxfzHYv.exe
  C:\Windows\System\jxfzHYv.exe
  2⤵
  PID:3796
- C:\Windows\System\QgnCPMs.exe
  C:\Windows\System\QgnCPMs.exe
  2⤵
  PID:3804
- C:\Windows\System\BJQRUto.exe
  C:\Windows\System\BJQRUto.exe
  2⤵
  PID:3828
- C:\Windows\System\SSbGyPM.exe
  C:\Windows\System\SSbGyPM.exe
  2⤵
  PID:3928
- C:\Windows\System\gztUIIj.exe
  C:\Windows\System\gztUIIj.exe
  2⤵
  PID:4000
- C:\Windows\System\KSxMMSm.exe
  C:\Windows\System\KSxMMSm.exe
  2⤵
  PID:4024
- C:\Windows\System\KfZbfRR.exe
  C:\Windows\System\KfZbfRR.exe
  2⤵
  PID:4048
- C:\Windows\System\QKsszOt.exe
  C:\Windows\System\QKsszOt.exe
  2⤵
  PID:2852
- C:\Windows\System\cOAMEGt.exe
  C:\Windows\System\cOAMEGt.exe
  2⤵
  PID:2636
- C:\Windows\System\ushKHEl.exe
  C:\Windows\System\ushKHEl.exe
  2⤵
  PID:2892
- C:\Windows\System\awMLdxP.exe
  C:\Windows\System\awMLdxP.exe
  2⤵
  PID:3148
- C:\Windows\System\CQQLPXG.exe
  C:\Windows\System\CQQLPXG.exe
  2⤵
  PID:3316
- C:\Windows\System\UFFSNLN.exe
  C:\Windows\System\UFFSNLN.exe
  2⤵
  PID:3356
- C:\Windows\System\mFWtYJg.exe
  C:\Windows\System\mFWtYJg.exe
  2⤵
  PID:3416
- C:\Windows\System\KGtIJKU.exe
  C:\Windows\System\KGtIJKU.exe
  2⤵
  PID:3496
- C:\Windows\System\xWWSKny.exe
  C:\Windows\System\xWWSKny.exe
  2⤵
  PID:3592
- C:\Windows\System\cqPurDj.exe
  C:\Windows\System\cqPurDj.exe
  2⤵
  PID:3696
- C:\Windows\System\RnjOvok.exe
  C:\Windows\System\RnjOvok.exe
  2⤵
  PID:3824
- C:\Windows\System\RyBkvsj.exe
  C:\Windows\System\RyBkvsj.exe
  2⤵
  PID:2656
- C:\Windows\System\rXDWoQH.exe
  C:\Windows\System\rXDWoQH.exe
  2⤵
  PID:3968
- C:\Windows\System\EpOMtRP.exe
  C:\Windows\System\EpOMtRP.exe
  2⤵
  PID:2812
- C:\Windows\System\HbCEjQo.exe
  C:\Windows\System\HbCEjQo.exe
  2⤵
  PID:1848
- C:\Windows\System\oFhICvu.exe
  C:\Windows\System\oFhICvu.exe
  2⤵
  PID:1548
- C:\Windows\System\QOnHKHr.exe
  C:\Windows\System\QOnHKHr.exe
  2⤵
  PID:3232
- C:\Windows\System\VJSJqbC.exe
  C:\Windows\System\VJSJqbC.exe
  2⤵
  PID:3276
- C:\Windows\System\PNsLHSG.exe
  C:\Windows\System\PNsLHSG.exe
  2⤵
  PID:3380
- C:\Windows\System\GqcTBfD.exe
  C:\Windows\System\GqcTBfD.exe
  2⤵
  PID:3676
- C:\Windows\System\HdDQKbG.exe
  C:\Windows\System\HdDQKbG.exe
  2⤵
  PID:3740
- C:\Windows\System\ZQKaXPh.exe
  C:\Windows\System\ZQKaXPh.exe
  2⤵
  PID:4004
- C:\Windows\System\GTFzlGY.exe
  C:\Windows\System\GTFzlGY.exe
  2⤵
  PID:2592
- C:\Windows\System\xfXWJTr.exe
  C:\Windows\System\xfXWJTr.exe
  2⤵
  PID:4084
- C:\Windows\System\GeRjcry.exe
  C:\Windows\System\GeRjcry.exe
  2⤵
  PID:3644
- C:\Windows\System\eaUPuQg.exe
  C:\Windows\System\eaUPuQg.exe
  2⤵
  PID:4108
- C:\Windows\System\EJsQnXJ.exe
  C:\Windows\System\EJsQnXJ.exe
  2⤵
  PID:4128
- C:\Windows\System\mlrASqg.exe
  C:\Windows\System\mlrASqg.exe
  2⤵
  PID:4148
- C:\Windows\System\VAtUeVd.exe
  C:\Windows\System\VAtUeVd.exe
  2⤵
  PID:4164
- C:\Windows\System\afFkiNT.exe
  C:\Windows\System\afFkiNT.exe
  2⤵
  PID:4188
- C:\Windows\System\iowrwRv.exe
  C:\Windows\System\iowrwRv.exe
  2⤵
  PID:4208
- C:\Windows\System\fcSkMpf.exe
  C:\Windows\System\fcSkMpf.exe
  2⤵
  PID:4232
- C:\Windows\System\jVBAVMB.exe
  C:\Windows\System\jVBAVMB.exe
  2⤵
  PID:4256
- C:\Windows\System\uIzvnDC.exe
  C:\Windows\System\uIzvnDC.exe
  2⤵
  PID:4276
- C:\Windows\System\brHNPCs.exe
  C:\Windows\System\brHNPCs.exe
  2⤵
  PID:4296
- C:\Windows\System\OXTsYye.exe
  C:\Windows\System\OXTsYye.exe
  2⤵
  PID:4316
- C:\Windows\System\asjXEbn.exe
  C:\Windows\System\asjXEbn.exe
  2⤵
  PID:4336
- C:\Windows\System\dBUlQDY.exe
  C:\Windows\System\dBUlQDY.exe
  2⤵
  PID:4356
- C:\Windows\System\FqHlIxm.exe
  C:\Windows\System\FqHlIxm.exe
  2⤵
  PID:4376
- C:\Windows\System\Xvzwgka.exe
  C:\Windows\System\Xvzwgka.exe
  2⤵
  PID:4396
- C:\Windows\System\kFBWsrq.exe
  C:\Windows\System\kFBWsrq.exe
  2⤵
  PID:4416
- C:\Windows\System\FOOfuLL.exe
  C:\Windows\System\FOOfuLL.exe
  2⤵
  PID:4436
- C:\Windows\System\rNwKgJK.exe
  C:\Windows\System\rNwKgJK.exe
  2⤵
  PID:4456
- C:\Windows\System\MoSyavX.exe
  C:\Windows\System\MoSyavX.exe
  2⤵
  PID:4476
- C:\Windows\System\acwRtmB.exe
  C:\Windows\System\acwRtmB.exe
  2⤵
  PID:4492
- C:\Windows\System\FAzAIDA.exe
  C:\Windows\System\FAzAIDA.exe
  2⤵
  PID:4516
- C:\Windows\System\WXJDVMJ.exe
  C:\Windows\System\WXJDVMJ.exe
  2⤵
  PID:4536
- C:\Windows\System\yWfZKoc.exe
  C:\Windows\System\yWfZKoc.exe
  2⤵
  PID:4556
- C:\Windows\System\OTWJBha.exe
  C:\Windows\System\OTWJBha.exe
  2⤵
  PID:4572
- C:\Windows\System\wnjrgZt.exe
  C:\Windows\System\wnjrgZt.exe
  2⤵
  PID:4596
- C:\Windows\System\GJSLCbs.exe
  C:\Windows\System\GJSLCbs.exe
  2⤵
  PID:4616
- C:\Windows\System\rmxAbZc.exe
  C:\Windows\System\rmxAbZc.exe
  2⤵
  PID:4636
- C:\Windows\System\oPsNKPZ.exe
  C:\Windows\System\oPsNKPZ.exe
  2⤵
  PID:4656
- C:\Windows\System\qHMIcDT.exe
  C:\Windows\System\qHMIcDT.exe
  2⤵
  PID:4676
- C:\Windows\System\xufmQQi.exe
  C:\Windows\System\xufmQQi.exe
  2⤵
  PID:4692
- C:\Windows\System\kTNpxpS.exe
  C:\Windows\System\kTNpxpS.exe
  2⤵
  PID:4720
- C:\Windows\System\cUBTnkX.exe
  C:\Windows\System\cUBTnkX.exe
  2⤵
  PID:4740
- C:\Windows\System\XwQNdnt.exe
  C:\Windows\System\XwQNdnt.exe
  2⤵
  PID:4760
- C:\Windows\System\uuziRHZ.exe
  C:\Windows\System\uuziRHZ.exe
  2⤵
  PID:4780
- C:\Windows\System\tokYHYg.exe
  C:\Windows\System\tokYHYg.exe
  2⤵
  PID:4800
- C:\Windows\System\ybdGTtC.exe
  C:\Windows\System\ybdGTtC.exe
  2⤵
  PID:4820
- C:\Windows\System\VYjmMfV.exe
  C:\Windows\System\VYjmMfV.exe
  2⤵
  PID:4840
- C:\Windows\System\hVwclaZ.exe
  C:\Windows\System\hVwclaZ.exe
  2⤵
  PID:4860
- C:\Windows\System\ECdmIEO.exe
  C:\Windows\System\ECdmIEO.exe
  2⤵
  PID:4880
- C:\Windows\System\LMszlsV.exe
  C:\Windows\System\LMszlsV.exe
  2⤵
  PID:4900
- C:\Windows\System\oZUYAuy.exe
  C:\Windows\System\oZUYAuy.exe
  2⤵
  PID:4920
- C:\Windows\System\bVBbenr.exe
  C:\Windows\System\bVBbenr.exe
  2⤵
  PID:4940
- C:\Windows\System\JpepSYW.exe
  C:\Windows\System\JpepSYW.exe
  2⤵
  PID:4960
- C:\Windows\System\qkEXCOX.exe
  C:\Windows\System\qkEXCOX.exe
  2⤵
  PID:4980
- C:\Windows\System\lycBXDk.exe
  C:\Windows\System\lycBXDk.exe
  2⤵
  PID:5000
- C:\Windows\System\ATisCnS.exe
  C:\Windows\System\ATisCnS.exe
  2⤵
  PID:5020
- C:\Windows\System\kOfGRPr.exe
  C:\Windows\System\kOfGRPr.exe
  2⤵
  PID:5040
- C:\Windows\System\sFfAyvj.exe
  C:\Windows\System\sFfAyvj.exe
  2⤵
  PID:5056
- C:\Windows\System\yVbVewk.exe
  C:\Windows\System\yVbVewk.exe
  2⤵
  PID:5076
- C:\Windows\System\eBDbQZO.exe
  C:\Windows\System\eBDbQZO.exe
  2⤵
  PID:5100
- C:\Windows\System\YQlbxEx.exe
  C:\Windows\System\YQlbxEx.exe
  2⤵
  PID:3540
- C:\Windows\System\gXyWypX.exe
  C:\Windows\System\gXyWypX.exe
  2⤵
  PID:760
- C:\Windows\System\NslzarO.exe
  C:\Windows\System\NslzarO.exe
  2⤵
  PID:3888
- C:\Windows\System\KBXjBvi.exe
  C:\Windows\System\KBXjBvi.exe
  2⤵
  PID:2296
- C:\Windows\System\CKnOwCO.exe
  C:\Windows\System\CKnOwCO.exe
  2⤵
  PID:4104
- C:\Windows\System\IGqFxCS.exe
  C:\Windows\System\IGqFxCS.exe
  2⤵
  PID:4136
- C:\Windows\System\pHIYuxZ.exe
  C:\Windows\System\pHIYuxZ.exe
  2⤵
  PID:4172
- C:\Windows\System\ozthfUp.exe
  C:\Windows\System\ozthfUp.exe
  2⤵
  PID:4160
- C:\Windows\System\ZjEBKHM.exe
  C:\Windows\System\ZjEBKHM.exe
  2⤵
  PID:4224
- C:\Windows\System\DXQLVbM.exe
  C:\Windows\System\DXQLVbM.exe
  2⤵
  PID:4248
- C:\Windows\System\VtgCYRI.exe
  C:\Windows\System\VtgCYRI.exe
  2⤵
  PID:4312
- C:\Windows\System\tKMLJSc.exe
  C:\Windows\System\tKMLJSc.exe
  2⤵
  PID:4332
- C:\Windows\System\eSsHfia.exe
  C:\Windows\System\eSsHfia.exe
  2⤵
  PID:4364
- C:\Windows\System\lrKyEXk.exe
  C:\Windows\System\lrKyEXk.exe
  2⤵
  PID:4388
- C:\Windows\System\ScEZVuy.exe
  C:\Windows\System\ScEZVuy.exe
  2⤵
  PID:4408
- C:\Windows\System\ixqjdZh.exe
  C:\Windows\System\ixqjdZh.exe
  2⤵
  PID:4468
- C:\Windows\System\OEFTKZI.exe
  C:\Windows\System\OEFTKZI.exe
  2⤵
  PID:4504
- C:\Windows\System\DKziGhB.exe
  C:\Windows\System\DKziGhB.exe
  2⤵
  PID:4524
- C:\Windows\System\AwfWspl.exe
  C:\Windows\System\AwfWspl.exe
  2⤵
  PID:4580
- C:\Windows\System\AgsfNcl.exe
  C:\Windows\System\AgsfNcl.exe
  2⤵
  PID:4592
- C:\Windows\System\gFwJkmD.exe
  C:\Windows\System\gFwJkmD.exe
  2⤵
  PID:4632
- C:\Windows\System\FxjRXFd.exe
  C:\Windows\System\FxjRXFd.exe
  2⤵
  PID:4672
- C:\Windows\System\YQsUylp.exe
  C:\Windows\System\YQsUylp.exe
  2⤵
  PID:4708
- C:\Windows\System\OcLyZai.exe
  C:\Windows\System\OcLyZai.exe
  2⤵
  PID:4748
- C:\Windows\System\IymwPqj.exe
  C:\Windows\System\IymwPqj.exe
  2⤵
  PID:4788
- C:\Windows\System\uLCiFTo.exe
  C:\Windows\System\uLCiFTo.exe
  2⤵
  PID:4792
- C:\Windows\System\tcpDHSV.exe
  C:\Windows\System\tcpDHSV.exe
  2⤵
  PID:4812
- C:\Windows\System\HLzrUzD.exe
  C:\Windows\System\HLzrUzD.exe
  2⤵
  PID:4852
- C:\Windows\System\PPJCqab.exe
  C:\Windows\System\PPJCqab.exe
  2⤵
  PID:4896
- C:\Windows\System\kcGxysH.exe
  C:\Windows\System\kcGxysH.exe
  2⤵
  PID:4928
- C:\Windows\System\zgxebUo.exe
  C:\Windows\System\zgxebUo.exe
  2⤵
  PID:4968
- C:\Windows\System\PiCFVpT.exe
  C:\Windows\System\PiCFVpT.exe
  2⤵
  PID:4972
- C:\Windows\System\AsNbWDU.exe
  C:\Windows\System\AsNbWDU.exe
  2⤵
  PID:5016
- C:\Windows\System\MlonCdL.exe
  C:\Windows\System\MlonCdL.exe
  2⤵
  PID:5068
- C:\Windows\System\nPmTjug.exe
  C:\Windows\System\nPmTjug.exe
  2⤵
  PID:5096
- C:\Windows\System\ozHQnFZ.exe
  C:\Windows\System\ozHQnFZ.exe
  2⤵
  PID:3636
- C:\Windows\System\bCrlwCP.exe
  C:\Windows\System\bCrlwCP.exe
  2⤵
  PID:3784
- C:\Windows\System\NJGpFOj.exe
  C:\Windows\System\NJGpFOj.exe
  2⤵
  PID:564
- C:\Windows\System\SWNooOy.exe
  C:\Windows\System\SWNooOy.exe
  2⤵
  PID:4124
- C:\Windows\System\snKeQKA.exe
  C:\Windows\System\snKeQKA.exe
  2⤵
  PID:4156
- C:\Windows\System\pAZnPwG.exe
  C:\Windows\System\pAZnPwG.exe
  2⤵
  PID:4240
- C:\Windows\System\cQbjyDv.exe
  C:\Windows\System\cQbjyDv.exe
  2⤵
  PID:4264
- C:\Windows\System\haIHikk.exe
  C:\Windows\System\haIHikk.exe
  2⤵
  PID:4308
- C:\Windows\System\AfRhBBW.exe
  C:\Windows\System\AfRhBBW.exe
  2⤵
  PID:4368
- C:\Windows\System\GySiBsi.exe
  C:\Windows\System\GySiBsi.exe
  2⤵
  PID:4488
- C:\Windows\System\MtXfFNi.exe
  C:\Windows\System\MtXfFNi.exe
  2⤵
  PID:4508
- C:\Windows\System\kdjThlP.exe
  C:\Windows\System\kdjThlP.exe
  2⤵
  PID:4568
- C:\Windows\System\ngHTIIp.exe
  C:\Windows\System\ngHTIIp.exe
  2⤵
  PID:4644
- C:\Windows\System\qJGXszU.exe
  C:\Windows\System\qJGXszU.exe
  2⤵
  PID:4704
- C:\Windows\System\qBYKCUX.exe
  C:\Windows\System\qBYKCUX.exe
  2⤵
  PID:4752
- C:\Windows\System\AORhJrk.exe
  C:\Windows\System\AORhJrk.exe
  2⤵
  PID:4816
- C:\Windows\System\VxxuxTd.exe
  C:\Windows\System\VxxuxTd.exe
  2⤵
  PID:4872
- C:\Windows\System\kRFGVdV.exe
  C:\Windows\System\kRFGVdV.exe
  2⤵
  PID:1508
- C:\Windows\System\haVvrQo.exe
  C:\Windows\System\haVvrQo.exe
  2⤵
  PID:4892
- C:\Windows\System\dLSGKHu.exe
  C:\Windows\System\dLSGKHu.exe
  2⤵
  PID:5032
- C:\Windows\System\rikqKUq.exe
  C:\Windows\System\rikqKUq.exe
  2⤵
  PID:5088
- C:\Windows\System\FUyddac.exe
  C:\Windows\System\FUyddac.exe
  2⤵
  PID:5112
- C:\Windows\System\DViWwBY.exe
  C:\Windows\System\DViWwBY.exe
  2⤵
  PID:4040
- C:\Windows\System\NPSejVs.exe
  C:\Windows\System\NPSejVs.exe
  2⤵
  PID:2800
- C:\Windows\System\vXUuDRn.exe
  C:\Windows\System\vXUuDRn.exe
  2⤵
  PID:4184
- C:\Windows\System\qaVRBiV.exe
  C:\Windows\System\qaVRBiV.exe
  2⤵
  PID:4352
- C:\Windows\System\tdHUDWO.exe
  C:\Windows\System\tdHUDWO.exe
  2⤵
  PID:4464
- C:\Windows\System\UWJTYmV.exe
  C:\Windows\System\UWJTYmV.exe
  2⤵
  PID:4484
- C:\Windows\System\trqciFq.exe
  C:\Windows\System\trqciFq.exe
  2⤵
  PID:4544
- C:\Windows\System\coTYyYq.exe
  C:\Windows\System\coTYyYq.exe
  2⤵
  PID:4584
- C:\Windows\System\QFiqWqP.exe
  C:\Windows\System\QFiqWqP.exe
  2⤵
  PID:4732
- C:\Windows\System\kmHfLTe.exe
  C:\Windows\System\kmHfLTe.exe
  2⤵
  PID:580
- C:\Windows\System\ahNBWyj.exe
  C:\Windows\System\ahNBWyj.exe
  2⤵
  PID:4868
- C:\Windows\System\rsxUuTU.exe
  C:\Windows\System\rsxUuTU.exe
  2⤵
  PID:5028
- C:\Windows\System\DCYfhim.exe
  C:\Windows\System\DCYfhim.exe
  2⤵
  PID:4992
- C:\Windows\System\OQHaZDA.exe
  C:\Windows\System\OQHaZDA.exe
  2⤵
  PID:3924
- C:\Windows\System\YBdNDNB.exe
  C:\Windows\System\YBdNDNB.exe
  2⤵
  PID:3516
- C:\Windows\System\tqIGScc.exe
  C:\Windows\System\tqIGScc.exe
  2⤵
  PID:4120
- C:\Windows\System\XfasaLi.exe
  C:\Windows\System\XfasaLi.exe
  2⤵
  PID:4200
- C:\Windows\System\jCzTLpg.exe
  C:\Windows\System\jCzTLpg.exe
  2⤵
  PID:4500
- C:\Windows\System\NuBywHM.exe
  C:\Windows\System\NuBywHM.exe
  2⤵
  PID:4548
- C:\Windows\System\JdMuqqC.exe
  C:\Windows\System\JdMuqqC.exe
  2⤵
  PID:4588
- C:\Windows\System\mbsTVio.exe
  C:\Windows\System\mbsTVio.exe
  2⤵
  PID:1528
- C:\Windows\System\UPyPTpQ.exe
  C:\Windows\System\UPyPTpQ.exe
  2⤵
  PID:4768
- C:\Windows\System\yWjjQFj.exe
  C:\Windows\System\yWjjQFj.exe
  2⤵
  PID:5052
- C:\Windows\System\PsiJRYw.exe
  C:\Windows\System\PsiJRYw.exe
  2⤵
  PID:5084
- C:\Windows\System\idrjEOZ.exe
  C:\Windows\System\idrjEOZ.exe
  2⤵
  PID:3092
- C:\Windows\System\NRkRHjh.exe
  C:\Windows\System\NRkRHjh.exe
  2⤵
  PID:4384
- C:\Windows\System\edWjAUW.exe
  C:\Windows\System\edWjAUW.exe
  2⤵
  PID:4284
- C:\Windows\System\LaiQxqt.exe
  C:\Windows\System\LaiQxqt.exe
  2⤵
  PID:4684
- C:\Windows\System\XhZsiga.exe
  C:\Windows\System\XhZsiga.exe
  2⤵
  PID:4828
- C:\Windows\System\vOqIsLv.exe
  C:\Windows\System\vOqIsLv.exe
  2⤵
  PID:2216
- C:\Windows\System\fhqlHou.exe
  C:\Windows\System\fhqlHou.exe
  2⤵
  PID:4948
- C:\Windows\System\GqSWGXD.exe
  C:\Windows\System\GqSWGXD.exe
  2⤵
  PID:532
- C:\Windows\System\QbfVoaB.exe
  C:\Windows\System\QbfVoaB.exe
  2⤵
  PID:2392
- C:\Windows\System\oPJaqPI.exe
  C:\Windows\System\oPJaqPI.exe
  2⤵
  PID:4608
- C:\Windows\System\qKoVeJs.exe
  C:\Windows\System\qKoVeJs.exe
  2⤵
  PID:1492
- C:\Windows\System\xrqCRWR.exe
  C:\Windows\System\xrqCRWR.exe
  2⤵
  PID:4664
- C:\Windows\System\HHyllUj.exe
  C:\Windows\System\HHyllUj.exe
  2⤵
  PID:4936
- C:\Windows\System\ZcugKak.exe
  C:\Windows\System\ZcugKak.exe
  2⤵
  PID:4304
- C:\Windows\System\GmXVjwK.exe
  C:\Windows\System\GmXVjwK.exe
  2⤵
  PID:1756
- C:\Windows\System\MDeMkPF.exe
  C:\Windows\System\MDeMkPF.exe
  2⤵
  PID:2396
- C:\Windows\System\IMVYpEE.exe
  C:\Windows\System\IMVYpEE.exe
  2⤵
  PID:3440
- C:\Windows\System\vhEsarV.exe
  C:\Windows\System\vhEsarV.exe
  2⤵
  PID:2264
- C:\Windows\System\ywysuSM.exe
  C:\Windows\System\ywysuSM.exe
  2⤵
  PID:2980
- C:\Windows\System\cRuKyCM.exe
  C:\Windows\System\cRuKyCM.exe
  2⤵
  PID:1396
- C:\Windows\System\AMCCpiH.exe
  C:\Windows\System\AMCCpiH.exe
  2⤵
  PID:3012
- C:\Windows\System\hMZjyKO.exe
  C:\Windows\System\hMZjyKO.exe
  2⤵
  PID:1512
- C:\Windows\System\MRKmysd.exe
  C:\Windows\System\MRKmysd.exe
  2⤵
  PID:2804
- C:\Windows\System\voDZyKo.exe
  C:\Windows\System\voDZyKo.exe
  2⤵
  PID:3300
- C:\Windows\System\MrkQtDh.exe
  C:\Windows\System\MrkQtDh.exe
  2⤵
  PID:2004
- C:\Windows\System\rNoqpbo.exe
  C:\Windows\System\rNoqpbo.exe
  2⤵
  PID:4912
- C:\Windows\System\FzAMhRi.exe
  C:\Windows\System\FzAMhRi.exe
  2⤵
  PID:2736
- C:\Windows\System\OhKBVCj.exe
  C:\Windows\System\OhKBVCj.exe
  2⤵
  PID:5140
- C:\Windows\System\rBcoIUP.exe
  C:\Windows\System\rBcoIUP.exe
  2⤵
  PID:5164
- C:\Windows\System\lwQIcoQ.exe
  C:\Windows\System\lwQIcoQ.exe
  2⤵
  PID:5184
- C:\Windows\System\mjWqLPh.exe
  C:\Windows\System\mjWqLPh.exe
  2⤵
  PID:5200
- C:\Windows\System\bQhVgmc.exe
  C:\Windows\System\bQhVgmc.exe
  2⤵
  PID:5224
- C:\Windows\System\QiwlsrR.exe
  C:\Windows\System\QiwlsrR.exe
  2⤵
  PID:5244
- C:\Windows\System\avitLad.exe
  C:\Windows\System\avitLad.exe
  2⤵
  PID:5260
- C:\Windows\System\qkfXrZM.exe
  C:\Windows\System\qkfXrZM.exe
  2⤵
  PID:5276
- C:\Windows\System\aMoXyPS.exe
  C:\Windows\System\aMoXyPS.exe
  2⤵
  PID:5296
- C:\Windows\System\SsNAPmL.exe
  C:\Windows\System\SsNAPmL.exe
  2⤵
  PID:5312
- C:\Windows\System\CWVrTLX.exe
  C:\Windows\System\CWVrTLX.exe
  2⤵
  PID:5328
- C:\Windows\System\NLbZOjT.exe
  C:\Windows\System\NLbZOjT.exe
  2⤵
  PID:5344
- C:\Windows\System\mGDhSlK.exe
  C:\Windows\System\mGDhSlK.exe
  2⤵
  PID:5360
- C:\Windows\System\dRRwwgA.exe
  C:\Windows\System\dRRwwgA.exe
  2⤵
  PID:5384
- C:\Windows\System\voMQqwC.exe
  C:\Windows\System\voMQqwC.exe
  2⤵
  PID:5412
- C:\Windows\System\mlYjOWc.exe
  C:\Windows\System\mlYjOWc.exe
  2⤵
  PID:5428
- C:\Windows\System\haOZKuE.exe
  C:\Windows\System\haOZKuE.exe
  2⤵
  PID:5444
- C:\Windows\System\iovsIbW.exe
  C:\Windows\System\iovsIbW.exe
  2⤵
  PID:5460
- C:\Windows\System\SustlQR.exe
  C:\Windows\System\SustlQR.exe
  2⤵
  PID:5476
- C:\Windows\System\bidnUaz.exe
  C:\Windows\System\bidnUaz.exe
  2⤵
  PID:5496
- C:\Windows\System\ROPFqIK.exe
  C:\Windows\System\ROPFqIK.exe
  2⤵
  PID:5516
- C:\Windows\System\aVMIMbW.exe
  C:\Windows\System\aVMIMbW.exe
  2⤵
  PID:5544
- C:\Windows\System\JYlZZWd.exe
  C:\Windows\System\JYlZZWd.exe
  2⤵
  PID:5568
- C:\Windows\System\bDtqRFQ.exe
  C:\Windows\System\bDtqRFQ.exe
  2⤵
  PID:5592
- C:\Windows\System\qJyoErD.exe
  C:\Windows\System\qJyoErD.exe
  2⤵
  PID:5608
- C:\Windows\System\QWuqNRp.exe
  C:\Windows\System\QWuqNRp.exe
  2⤵
  PID:5628
- C:\Windows\System\AjvfrKa.exe
  C:\Windows\System\AjvfrKa.exe
  2⤵
  PID:5668
- C:\Windows\System\afdpLwc.exe
  C:\Windows\System\afdpLwc.exe
  2⤵
  PID:5688
- C:\Windows\System\OLfVAkw.exe
  C:\Windows\System\OLfVAkw.exe
  2⤵
  PID:5704
- C:\Windows\System\IBCFyLT.exe
  C:\Windows\System\IBCFyLT.exe
  2⤵
  PID:5720
- C:\Windows\System\UggdePj.exe
  C:\Windows\System\UggdePj.exe
  2⤵
  PID:5736
- C:\Windows\System\OxnHFoo.exe
  C:\Windows\System\OxnHFoo.exe
  2⤵
  PID:5780
- C:\Windows\System\uUQFdQB.exe
  C:\Windows\System\uUQFdQB.exe
  2⤵
  PID:5796
- C:\Windows\System\mEUFieC.exe
  C:\Windows\System\mEUFieC.exe
  2⤵
  PID:5812
- C:\Windows\System\xVKXHkF.exe
  C:\Windows\System\xVKXHkF.exe
  2⤵
  PID:5832
- C:\Windows\System\tuhcEXr.exe
  C:\Windows\System\tuhcEXr.exe
  2⤵
  PID:5852
- C:\Windows\System\JioGWQM.exe
  C:\Windows\System\JioGWQM.exe
  2⤵
  PID:5868
- C:\Windows\System\CLwstHk.exe
  C:\Windows\System\CLwstHk.exe
  2⤵
  PID:5884
- C:\Windows\System\oDduPOz.exe
  C:\Windows\System\oDduPOz.exe
  2⤵
  PID:5908
- C:\Windows\System\pxBKqfv.exe
  C:\Windows\System\pxBKqfv.exe
  2⤵
  PID:5932
- C:\Windows\System\dcXsrEF.exe
  C:\Windows\System\dcXsrEF.exe
  2⤵
  PID:5948
- C:\Windows\System\PaffuOY.exe
  C:\Windows\System\PaffuOY.exe
  2⤵
  PID:5964
- C:\Windows\System\PbarMud.exe
  C:\Windows\System\PbarMud.exe
  2⤵
  PID:5980
- C:\Windows\System\nCNJlYg.exe
  C:\Windows\System\nCNJlYg.exe
  2⤵
  PID:5996
- C:\Windows\System\RAwXDXa.exe
  C:\Windows\System\RAwXDXa.exe
  2⤵
  PID:6020
- C:\Windows\System\uKtKGRC.exe
  C:\Windows\System\uKtKGRC.exe
  2⤵
  PID:6040
- C:\Windows\System\tuQrfOB.exe
  C:\Windows\System\tuQrfOB.exe
  2⤵
  PID:6060
- C:\Windows\System\WcSlnax.exe
  C:\Windows\System\WcSlnax.exe
  2⤵
  PID:6076
- C:\Windows\System\inTbcER.exe
  C:\Windows\System\inTbcER.exe
  2⤵
  PID:6116
- C:\Windows\System\BHWChyg.exe
  C:\Windows\System\BHWChyg.exe
  2⤵
  PID:6136
- C:\Windows\System\onsmMXY.exe
  C:\Windows\System\onsmMXY.exe
  2⤵
  PID:5128
- C:\Windows\System\YvsqSJy.exe
  C:\Windows\System\YvsqSJy.exe
  2⤵
  PID:5148
- C:\Windows\System\VYNdhjJ.exe
  C:\Windows\System\VYNdhjJ.exe
  2⤵
  PID:5156
- C:\Windows\System\vlgMfXh.exe
  C:\Windows\System\vlgMfXh.exe
  2⤵
  PID:5208
- C:\Windows\System\qEaSqPw.exe
  C:\Windows\System\qEaSqPw.exe
  2⤵
  PID:5216
- C:\Windows\System\NziShrf.exe
  C:\Windows\System\NziShrf.exe
  2⤵
  PID:5288
- C:\Windows\System\iwpANxu.exe
  C:\Windows\System\iwpANxu.exe
  2⤵
  PID:5396
- C:\Windows\System\YCugCIE.exe
  C:\Windows\System\YCugCIE.exe
  2⤵
  PID:5368
- C:\Windows\System\JgumfiO.exe
  C:\Windows\System\JgumfiO.exe
  2⤵
  PID:5240
- C:\Windows\System\Uzijtkw.exe
  C:\Windows\System\Uzijtkw.exe
  2⤵
  PID:5472
- C:\Windows\System\KGeygNe.exe
  C:\Windows\System\KGeygNe.exe
  2⤵
  PID:5340
- C:\Windows\System\NVjUisi.exe
  C:\Windows\System\NVjUisi.exe
  2⤵
  PID:5524
- C:\Windows\System\XNUvBBR.exe
  C:\Windows\System\XNUvBBR.exe
  2⤵
  PID:5552
- C:\Windows\System\RRhJTnR.exe
  C:\Windows\System\RRhJTnR.exe
  2⤵
  PID:5604
- C:\Windows\System\FoONXpC.exe
  C:\Windows\System\FoONXpC.exe
  2⤵
  PID:5652
- C:\Windows\System\gixCEWd.exe
  C:\Windows\System\gixCEWd.exe
  2⤵
  PID:5540
- C:\Windows\System\QBLgtvB.exe
  C:\Windows\System\QBLgtvB.exe
  2⤵
  PID:5616
- C:\Windows\System\cFdJjlM.exe
  C:\Windows\System\cFdJjlM.exe
  2⤵
  PID:5680
- C:\Windows\System\haayXmL.exe
  C:\Windows\System\haayXmL.exe
  2⤵
  PID:5684
- C:\Windows\System\JdKLAny.exe
  C:\Windows\System\JdKLAny.exe
  2⤵
  PID:5772
- C:\Windows\System\DZrepnw.exe
  C:\Windows\System\DZrepnw.exe
  2⤵
  PID:5792
- C:\Windows\System\PNvsoyn.exe
  C:\Windows\System\PNvsoyn.exe
  2⤵
  PID:5892
- C:\Windows\System\sALagYp.exe
  C:\Windows\System\sALagYp.exe
  2⤵
  PID:5896
- C:\Windows\System\peEazHl.exe
  C:\Windows\System\peEazHl.exe
  2⤵
  PID:5944
- C:\Windows\System\cwqMjse.exe
  C:\Windows\System\cwqMjse.exe
  2⤵
  PID:5976
- C:\Windows\System\atqGPox.exe
  C:\Windows\System\atqGPox.exe
  2⤵
  PID:6012
- C:\Windows\System\zBOsHTn.exe
  C:\Windows\System\zBOsHTn.exe
  2⤵
  PID:5924
- C:\Windows\System\jjfBjEZ.exe
  C:\Windows\System\jjfBjEZ.exe
  2⤵
  PID:5916
- C:\Windows\System\bdanniW.exe
  C:\Windows\System\bdanniW.exe
  2⤵
  PID:6056
- C:\Windows\System\qReDoVQ.exe
  C:\Windows\System\qReDoVQ.exe
  2⤵
  PID:6092
- C:\Windows\System\EnOqnFo.exe
  C:\Windows\System\EnOqnFo.exe
  2⤵
  PID:6108
- C:\Windows\System\ZkDaaRY.exe
  C:\Windows\System\ZkDaaRY.exe
  2⤵
  PID:1248
- C:\Windows\System\aPRaIdt.exe
  C:\Windows\System\aPRaIdt.exe
  2⤵
  PID:5212
- C:\Windows\System\UEwPDSG.exe
  C:\Windows\System\UEwPDSG.exe
  2⤵
  PID:5176
- C:\Windows\System\quQENBu.exe
  C:\Windows\System\quQENBu.exe
  2⤵
  PID:5272
- C:\Windows\System\YHQClwF.exe
  C:\Windows\System\YHQClwF.exe
  2⤵
  PID:6128
- C:\Windows\System\eXTXzOo.exe
  C:\Windows\System\eXTXzOo.exe
  2⤵
  PID:5236
- C:\Windows\System\kXuDqck.exe
  C:\Windows\System\kXuDqck.exe
  2⤵
  PID:5488
- C:\Windows\System\sPrYogI.exe
  C:\Windows\System\sPrYogI.exe
  2⤵
  PID:5640
- C:\Windows\System\ozrybqQ.exe
  C:\Windows\System\ozrybqQ.exe
  2⤵
  PID:284
- C:\Windows\System\WsaofkP.exe
  C:\Windows\System\WsaofkP.exe
  2⤵
  PID:5744
- C:\Windows\System\vphjoNw.exe
  C:\Windows\System\vphjoNw.exe
  2⤵
  PID:5660
- C:\Windows\System\YmfIxVT.exe
  C:\Windows\System\YmfIxVT.exe
  2⤵
  PID:5588
- C:\Windows\System\pVIFRUd.exe
  C:\Windows\System\pVIFRUd.exe
  2⤵
  PID:5788
- C:\Windows\System\zhioFAT.exe
  C:\Windows\System\zhioFAT.exe
  2⤵
  PID:5848
- C:\Windows\System\DufElRv.exe
  C:\Windows\System\DufElRv.exe
  2⤵
  PID:5960
- C:\Windows\System\WAIiQxE.exe
  C:\Windows\System\WAIiQxE.exe
  2⤵
  PID:6100
- C:\Windows\System\xIpEUcF.exe
  C:\Windows\System\xIpEUcF.exe
  2⤵
  PID:5196
- C:\Windows\System\AVfneKC.exe
  C:\Windows\System\AVfneKC.exe
  2⤵
  PID:5160
- C:\Windows\System\WzdqgkE.exe
  C:\Windows\System\WzdqgkE.exe
  2⤵
  PID:5904
- C:\Windows\System\nbYvyHT.exe
  C:\Windows\System\nbYvyHT.exe
  2⤵
  PID:5408
- C:\Windows\System\eTjzxRv.exe
  C:\Windows\System\eTjzxRv.exe
  2⤵
  PID:6124
- C:\Windows\System\aYKIYJO.exe
  C:\Windows\System\aYKIYJO.exe
  2⤵
  PID:5180
- C:\Windows\System\srGYaub.exe
  C:\Windows\System\srGYaub.exe
  2⤵
  PID:5456
- C:\Windows\System\GVIxmgC.exe
  C:\Windows\System\GVIxmgC.exe
  2⤵
  PID:5580
- C:\Windows\System\WqEkqxt.exe
  C:\Windows\System\WqEkqxt.exe
  2⤵
  PID:5712
- C:\Windows\System\PdgBPcf.exe
  C:\Windows\System\PdgBPcf.exe
  2⤵
  PID:5644
- C:\Windows\System\BLrGhjT.exe
  C:\Windows\System\BLrGhjT.exe
  2⤵
  PID:6048
- C:\Windows\System\pFssesR.exe
  C:\Windows\System\pFssesR.exe
  2⤵
  PID:6004
- C:\Windows\System\UPxjShK.exe
  C:\Windows\System\UPxjShK.exe
  2⤵
  PID:5748
- C:\Windows\System\ldEkLXf.exe
  C:\Windows\System\ldEkLXf.exe
  2⤵
  PID:1804
- C:\Windows\System\DDrdTpB.exe
  C:\Windows\System\DDrdTpB.exe
  2⤵
  PID:6072
- C:\Windows\System\CQkAEkq.exe
  C:\Windows\System\CQkAEkq.exe
  2⤵
  PID:5992
- C:\Windows\System\VLVQxmr.exe
  C:\Windows\System\VLVQxmr.exe
  2⤵
  PID:6028
- C:\Windows\System\YzrmlRg.exe
  C:\Windows\System\YzrmlRg.exe
  2⤵
  PID:5824
- C:\Windows\System\cTFpJsI.exe
  C:\Windows\System\cTFpJsI.exe
  2⤵
  PID:5440
- C:\Windows\System\WTZUZcd.exe
  C:\Windows\System\WTZUZcd.exe
  2⤵
  PID:5804
- C:\Windows\System\gkYnHum.exe
  C:\Windows\System\gkYnHum.exe
  2⤵
  PID:5392
- C:\Windows\System\UWoFzgt.exe
  C:\Windows\System\UWoFzgt.exe
  2⤵
  PID:5508
- C:\Windows\System\JMpUCYV.exe
  C:\Windows\System\JMpUCYV.exe
  2⤵
  PID:5696
- C:\Windows\System\oYowFJK.exe
  C:\Windows\System\oYowFJK.exe
  2⤵
  PID:5404
- C:\Windows\System\sghvXgq.exe
  C:\Windows\System\sghvXgq.exe
  2⤵
  PID:5920
- C:\Windows\System\aSGwbny.exe
  C:\Windows\System\aSGwbny.exe
  2⤵
  PID:5252
- C:\Windows\System\WpiZxKZ.exe
  C:\Windows\System\WpiZxKZ.exe
  2⤵
  PID:5152
- C:\Windows\System\uSzfMMD.exe
  C:\Windows\System\uSzfMMD.exe
  2⤵
  PID:5284
- C:\Windows\System\ncXQKsH.exe
  C:\Windows\System\ncXQKsH.exe
  2⤵
  PID:6156
- C:\Windows\System\JQXlxRo.exe
  C:\Windows\System\JQXlxRo.exe
  2⤵
  PID:6188
- C:\Windows\System\DNEBpEJ.exe
  C:\Windows\System\DNEBpEJ.exe
  2⤵
  PID:6204
- C:\Windows\System\avRrlDX.exe
  C:\Windows\System\avRrlDX.exe
  2⤵
  PID:6228
- C:\Windows\System\UTJpUpq.exe
  C:\Windows\System\UTJpUpq.exe
  2⤵
  PID:6244
- C:\Windows\System\SgDHmSu.exe
  C:\Windows\System\SgDHmSu.exe
  2⤵
  PID:6260
- C:\Windows\System\xgUqfUc.exe
  C:\Windows\System\xgUqfUc.exe
  2⤵
  PID:6280
- C:\Windows\System\kWoSUJu.exe
  C:\Windows\System\kWoSUJu.exe
  2⤵
  PID:6296
- C:\Windows\System\AOqsDeC.exe
  C:\Windows\System\AOqsDeC.exe
  2⤵
  PID:6312
- C:\Windows\System\KKzMoSU.exe
  C:\Windows\System\KKzMoSU.exe
  2⤵
  PID:6344
- C:\Windows\System\ZQFvYvR.exe
  C:\Windows\System\ZQFvYvR.exe
  2⤵
  PID:6360
- C:\Windows\System\szqpzkR.exe
  C:\Windows\System\szqpzkR.exe
  2⤵
  PID:6388
- C:\Windows\System\ntTtUJM.exe
  C:\Windows\System\ntTtUJM.exe
  2⤵
  PID:6408
- C:\Windows\System\jrIEVEe.exe
  C:\Windows\System\jrIEVEe.exe
  2⤵
  PID:6424
- C:\Windows\System\quIbRct.exe
  C:\Windows\System\quIbRct.exe
  2⤵
  PID:6448
- C:\Windows\System\lzyvKug.exe
  C:\Windows\System\lzyvKug.exe
  2⤵
  PID:6476
- C:\Windows\System\uSVVlDc.exe
  C:\Windows\System\uSVVlDc.exe
  2⤵
  PID:6496
- C:\Windows\System\jbnDsXL.exe
  C:\Windows\System\jbnDsXL.exe
  2⤵
  PID:6512
- C:\Windows\System\bURGVnM.exe
  C:\Windows\System\bURGVnM.exe
  2⤵
  PID:6528
- C:\Windows\System\xzXZqbK.exe
  C:\Windows\System\xzXZqbK.exe
  2⤵
  PID:6548
- C:\Windows\System\ynyYRCo.exe
  C:\Windows\System\ynyYRCo.exe
  2⤵
  PID:6564
- C:\Windows\System\GTHuibR.exe
  C:\Windows\System\GTHuibR.exe
  2⤵
  PID:6580
- C:\Windows\System\rXjoLoP.exe
  C:\Windows\System\rXjoLoP.exe
  2⤵
  PID:6596
- C:\Windows\System\XQnfGFq.exe
  C:\Windows\System\XQnfGFq.exe
  2⤵
  PID:6620
- C:\Windows\System\fwpzpFo.exe
  C:\Windows\System\fwpzpFo.exe
  2⤵
  PID:6644
- C:\Windows\System\disnyda.exe
  C:\Windows\System\disnyda.exe
  2⤵
  PID:6660
- C:\Windows\System\qKhGzgh.exe
  C:\Windows\System\qKhGzgh.exe
  2⤵
  PID:6680
- C:\Windows\System\ZEsagIT.exe
  C:\Windows\System\ZEsagIT.exe
  2⤵
  PID:6696
- C:\Windows\System\nrIAwJG.exe
  C:\Windows\System\nrIAwJG.exe
  2⤵
  PID:6712
- C:\Windows\System\RTyPiXF.exe
  C:\Windows\System\RTyPiXF.exe
  2⤵
  PID:6748
- C:\Windows\System\WcsSKwZ.exe
  C:\Windows\System\WcsSKwZ.exe
  2⤵
  PID:6764
- C:\Windows\System\GXxuUaS.exe
  C:\Windows\System\GXxuUaS.exe
  2⤵
  PID:6780
- C:\Windows\System\LkDgWUB.exe
  C:\Windows\System\LkDgWUB.exe
  2⤵
  PID:6796
- C:\Windows\System\BmnxSLM.exe
  C:\Windows\System\BmnxSLM.exe
  2⤵
  PID:6840
- C:\Windows\System\NBYUbqi.exe
  C:\Windows\System\NBYUbqi.exe
  2⤵
  PID:6856
- C:\Windows\System\hXzoVXS.exe
  C:\Windows\System\hXzoVXS.exe
  2⤵
  PID:6876
- C:\Windows\System\upJIXZq.exe
  C:\Windows\System\upJIXZq.exe
  2⤵
  PID:6896
- C:\Windows\System\nYGpsti.exe
  C:\Windows\System\nYGpsti.exe
  2⤵
  PID:6912
- C:\Windows\System\WAeVEan.exe
  C:\Windows\System\WAeVEan.exe
  2⤵
  PID:6928
- C:\Windows\System\yadrRHR.exe
  C:\Windows\System\yadrRHR.exe
  2⤵
  PID:6948
- C:\Windows\System\zJQeTOd.exe
  C:\Windows\System\zJQeTOd.exe
  2⤵
  PID:6972
- C:\Windows\System\XiSWRdj.exe
  C:\Windows\System\XiSWRdj.exe
  2⤵
  PID:7000
- C:\Windows\System\MTkhpen.exe
  C:\Windows\System\MTkhpen.exe
  2⤵
  PID:7016
- C:\Windows\System\tPsHJWh.exe
  C:\Windows\System\tPsHJWh.exe
  2⤵
  PID:7036
- C:\Windows\System\zLpGzvy.exe
  C:\Windows\System\zLpGzvy.exe
  2⤵
  PID:7056
- C:\Windows\System\omTLhDE.exe
  C:\Windows\System\omTLhDE.exe
  2⤵
  PID:7072
- C:\Windows\System\eZRMNHc.exe
  C:\Windows\System\eZRMNHc.exe
  2⤵
  PID:7088
- C:\Windows\System\ZIRwVdk.exe
  C:\Windows\System\ZIRwVdk.exe
  2⤵
  PID:7104
- C:\Windows\System\zyvXRkJ.exe
  C:\Windows\System\zyvXRkJ.exe
  2⤵
  PID:7128
- C:\Windows\System\UprvtSz.exe
  C:\Windows\System\UprvtSz.exe
  2⤵
  PID:7160
- C:\Windows\System\owhMBrB.exe
  C:\Windows\System\owhMBrB.exe
  2⤵
  PID:6164
- C:\Windows\System\sggYAGB.exe
  C:\Windows\System\sggYAGB.exe
  2⤵
  PID:6148
- C:\Windows\System\kaYfuAL.exe
  C:\Windows\System\kaYfuAL.exe
  2⤵
  PID:6184
- C:\Windows\System\IadBknU.exe
  C:\Windows\System\IadBknU.exe
  2⤵
  PID:6252
- C:\Windows\System\ekJsBNj.exe
  C:\Windows\System\ekJsBNj.exe
  2⤵
  PID:6324
- C:\Windows\System\pZCODtl.exe
  C:\Windows\System\pZCODtl.exe
  2⤵
  PID:6340
- C:\Windows\System\pWeCuSC.exe
  C:\Windows\System\pWeCuSC.exe
  2⤵
  PID:6240
- C:\Windows\System\gNFVMEr.exe
  C:\Windows\System\gNFVMEr.exe
  2⤵
  PID:6376
- C:\Windows\System\BUMZRyH.exe
  C:\Windows\System\BUMZRyH.exe
  2⤵
  PID:6356
- C:\Windows\System\LgyQxUj.exe
  C:\Windows\System\LgyQxUj.exe
  2⤵
  PID:6404
- C:\Windows\System\yHkDiiP.exe
  C:\Windows\System\yHkDiiP.exe
  2⤵
  PID:6444
- C:\Windows\System\ffyNBkB.exe
  C:\Windows\System\ffyNBkB.exe
  2⤵
  PID:6464
- C:\Windows\System\LUllhOL.exe
  C:\Windows\System\LUllhOL.exe
  2⤵
  PID:6536
- C:\Windows\System\PQCKnrQ.exe
  C:\Windows\System\PQCKnrQ.exe
  2⤵
  PID:6616
- C:\Windows\System\FtRmFNw.exe
  C:\Windows\System\FtRmFNw.exe
  2⤵
  PID:6560
- C:\Windows\System\fAuoleo.exe
  C:\Windows\System\fAuoleo.exe
  2⤵
  PID:6488
- C:\Windows\System\BfoBkhX.exe
  C:\Windows\System\BfoBkhX.exe
  2⤵
  PID:6632
- C:\Windows\System\GDsdTDt.exe
  C:\Windows\System\GDsdTDt.exe
  2⤵
  PID:6520
- C:\Windows\System\Gbdypnv.exe
  C:\Windows\System\Gbdypnv.exe
  2⤵
  PID:6772
- C:\Windows\System\WVZlINK.exe
  C:\Windows\System\WVZlINK.exe
  2⤵
  PID:6808
- C:\Windows\System\MOCoECK.exe
  C:\Windows\System\MOCoECK.exe
  2⤵
  PID:6760
- C:\Windows\System\jzFpAtd.exe
  C:\Windows\System\jzFpAtd.exe
  2⤵
  PID:6756
- C:\Windows\System\DlsMZhP.exe
  C:\Windows\System\DlsMZhP.exe
  2⤵
  PID:6864
- C:\Windows\System\sQLbTIh.exe
  C:\Windows\System\sQLbTIh.exe
  2⤵
  PID:6872
- C:\Windows\System\nJoieJz.exe
  C:\Windows\System\nJoieJz.exe
  2⤵
  PID:6940
- C:\Windows\System\aLsuDtD.exe
  C:\Windows\System\aLsuDtD.exe
  2⤵
  PID:6968
- C:\Windows\System\UnayFak.exe
  C:\Windows\System\UnayFak.exe
  2⤵
  PID:6992
- C:\Windows\System\qpRjShR.exe
  C:\Windows\System\qpRjShR.exe
  2⤵
  PID:7032
- C:\Windows\System\goaGHZL.exe
  C:\Windows\System\goaGHZL.exe
  2⤵
  PID:7068
- C:\Windows\System\AzUMPRt.exe
  C:\Windows\System\AzUMPRt.exe
  2⤵
  PID:7048
- C:\Windows\System\lxGgJTQ.exe
  C:\Windows\System\lxGgJTQ.exe
  2⤵
  PID:7140
- C:\Windows\System\xAvQChZ.exe
  C:\Windows\System\xAvQChZ.exe
  2⤵
  PID:7124
- C:\Windows\System\wtCdlRs.exe
  C:\Windows\System\wtCdlRs.exe
  2⤵
  PID:5564
- C:\Windows\System\oHTQoGq.exe
  C:\Windows\System\oHTQoGq.exe
  2⤵
  PID:6176
- C:\Windows\System\ObpYsyx.exe
  C:\Windows\System\ObpYsyx.exe
  2⤵
  PID:6220
- C:\Windows\System\ORcpixU.exe
  C:\Windows\System\ORcpixU.exe
  2⤵
  PID:6328
- C:\Windows\System\RmRSPMN.exe
  C:\Windows\System\RmRSPMN.exe
  2⤵
  PID:6576
- C:\Windows\System\yFHxlCG.exe
  C:\Windows\System\yFHxlCG.exe
  2⤵
  PID:6572
- C:\Windows\System\eOQHPLa.exe
  C:\Windows\System\eOQHPLa.exe
  2⤵
  PID:6640
- C:\Windows\System\mhlvJNx.exe
  C:\Windows\System\mhlvJNx.exe
  2⤵
  PID:6672
- C:\Windows\System\NXidiTJ.exe
  C:\Windows\System\NXidiTJ.exe
  2⤵
  PID:6200
- C:\Windows\System\UOkdseT.exe
  C:\Windows\System\UOkdseT.exe
  2⤵
  PID:6656
- C:\Windows\System\wQQDLGd.exe
  C:\Windows\System\wQQDLGd.exe
  2⤵
  PID:6820
- C:\Windows\System\wkTmQaO.exe
  C:\Windows\System\wkTmQaO.exe
  2⤵
  PID:6848
- C:\Windows\System\UmnSxpY.exe
  C:\Windows\System\UmnSxpY.exe
  2⤵
  PID:6676
- C:\Windows\System\liNXTLB.exe
  C:\Windows\System\liNXTLB.exe
  2⤵
  PID:6744
- C:\Windows\System\CQjWqti.exe
  C:\Windows\System\CQjWqti.exe
  2⤵
  PID:6892
- C:\Windows\System\ukDunvH.exe
  C:\Windows\System\ukDunvH.exe
  2⤵
  PID:7044
- C:\Windows\System\fOzLgIU.exe
  C:\Windows\System\fOzLgIU.exe
  2⤵
  PID:7100
- C:\Windows\System\ujWDxUh.exe
  C:\Windows\System\ujWDxUh.exe
  2⤵
  PID:7052
- C:\Windows\System\qGJBaXh.exe
  C:\Windows\System\qGJBaXh.exe
  2⤵
  PID:6372
- C:\Windows\System\vgjLMQe.exe
  C:\Windows\System\vgjLMQe.exe
  2⤵
  PID:7152
- C:\Windows\System\cwCWmvg.exe
  C:\Windows\System\cwCWmvg.exe
  2⤵
  PID:6172
- C:\Windows\System\ajEZqjQ.exe
  C:\Windows\System\ajEZqjQ.exe
  2⤵
  PID:6608
- C:\Windows\System\IJmEIcX.exe
  C:\Windows\System\IJmEIcX.exe
  2⤵
  PID:6804
- C:\Windows\System\mkGijjq.exe
  C:\Windows\System\mkGijjq.exe
  2⤵
  PID:6436
- C:\Windows\System\FJIVrJf.exe
  C:\Windows\System\FJIVrJf.exe
  2⤵
  PID:6440
- C:\Windows\System\jtFSVbW.exe
  C:\Windows\System\jtFSVbW.exe
  2⤵
  PID:6824
- C:\Windows\System\XfhNFaS.exe
  C:\Windows\System\XfhNFaS.exe
  2⤵
  PID:6956
- C:\Windows\System\uFMzJyZ.exe
  C:\Windows\System\uFMzJyZ.exe
  2⤵
  PID:6960
- C:\Windows\System\aGzAlSf.exe
  C:\Windows\System\aGzAlSf.exe
  2⤵
  PID:6964
- C:\Windows\System\qZgzFav.exe
  C:\Windows\System\qZgzFav.exe
  2⤵
  PID:7120
- C:\Windows\System\XDqezEx.exe
  C:\Windows\System\XDqezEx.exe
  2⤵
  PID:6544
- C:\Windows\System\ZRBzvbl.exe
  C:\Windows\System\ZRBzvbl.exe
  2⤵
  PID:6980
- C:\Windows\System\FkwCxFw.exe
  C:\Windows\System\FkwCxFw.exe
  2⤵
  PID:6724
- C:\Windows\System\ttcghKp.exe
  C:\Windows\System\ttcghKp.exe
  2⤵
  PID:6612
- C:\Windows\System\OaTLjkh.exe
  C:\Windows\System\OaTLjkh.exe
  2⤵
  PID:6832
- C:\Windows\System\FDgImqT.exe
  C:\Windows\System\FDgImqT.exe
  2⤵
  PID:6888
- C:\Windows\System\vpltxAo.exe
  C:\Windows\System\vpltxAo.exe
  2⤵
  PID:6320
- C:\Windows\System\LsuggdM.exe
  C:\Windows\System\LsuggdM.exe
  2⤵
  PID:6728
- C:\Windows\System\mKeDEpW.exe
  C:\Windows\System\mKeDEpW.exe
  2⤵
  PID:6460
- C:\Windows\System\DoJqmmH.exe
  C:\Windows\System\DoJqmmH.exe
  2⤵
  PID:5372
- C:\Windows\System\OuKRUnV.exe
  C:\Windows\System\OuKRUnV.exe
  2⤵
  PID:7184
- C:\Windows\System\mvQuOpG.exe
  C:\Windows\System\mvQuOpG.exe
  2⤵
  PID:7200
- C:\Windows\System\iKKEweZ.exe
  C:\Windows\System\iKKEweZ.exe
  2⤵
  PID:7220
- C:\Windows\System\xFBeWFD.exe
  C:\Windows\System\xFBeWFD.exe
  2⤵
  PID:7236
- C:\Windows\System\qrTdqcH.exe
  C:\Windows\System\qrTdqcH.exe
  2⤵
  PID:7256
- C:\Windows\System\QxShcGc.exe
  C:\Windows\System\QxShcGc.exe
  2⤵
  PID:7276
- C:\Windows\System\AVJAuVc.exe
  C:\Windows\System\AVJAuVc.exe
  2⤵
  PID:7292
- C:\Windows\System\fzwUeqS.exe
  C:\Windows\System\fzwUeqS.exe
  2⤵
  PID:7308
- C:\Windows\System\YjSkHqa.exe
  C:\Windows\System\YjSkHqa.exe
  2⤵
  PID:7328
- C:\Windows\System\ViXknIB.exe
  C:\Windows\System\ViXknIB.exe
  2⤵
  PID:7344
- C:\Windows\System\IkZcHTv.exe
  C:\Windows\System\IkZcHTv.exe
  2⤵
  PID:7360
- C:\Windows\System\SQgPKUu.exe
  C:\Windows\System\SQgPKUu.exe
  2⤵
  PID:7384
- C:\Windows\System\yRYDxip.exe
  C:\Windows\System\yRYDxip.exe
  2⤵
  PID:7452
- C:\Windows\System\HzSHLhD.exe
  C:\Windows\System\HzSHLhD.exe
  2⤵
  PID:7476
- C:\Windows\System\XKTAFRL.exe
  C:\Windows\System\XKTAFRL.exe
  2⤵
  PID:7496
- C:\Windows\System\YeXwTfF.exe
  C:\Windows\System\YeXwTfF.exe
  2⤵
  PID:7520
- C:\Windows\System\iUFEvSU.exe
  C:\Windows\System\iUFEvSU.exe
  2⤵
  PID:7536
- C:\Windows\System\rzOEXEW.exe
  C:\Windows\System\rzOEXEW.exe
  2⤵
  PID:7556
- C:\Windows\System\zaorfsj.exe
  C:\Windows\System\zaorfsj.exe
  2⤵
  PID:7576
- C:\Windows\System\CJKRdyz.exe
  C:\Windows\System\CJKRdyz.exe
  2⤵
  PID:7592
- C:\Windows\System\FZEmKRT.exe
  C:\Windows\System\FZEmKRT.exe
  2⤵
  PID:7612
- C:\Windows\System\LhYYXsl.exe
  C:\Windows\System\LhYYXsl.exe
  2⤵
  PID:7628
- C:\Windows\System\RxMPYPH.exe
  C:\Windows\System\RxMPYPH.exe
  2⤵
  PID:7644
- C:\Windows\System\ZuUTgpq.exe
  C:\Windows\System\ZuUTgpq.exe
  2⤵
  PID:7684
- C:\Windows\System\mTMeXTL.exe
  C:\Windows\System\mTMeXTL.exe
  2⤵
  PID:7700
- C:\Windows\System\HweNgDP.exe
  C:\Windows\System\HweNgDP.exe
  2⤵
  PID:7720
- C:\Windows\System\djXNHHn.exe
  C:\Windows\System\djXNHHn.exe
  2⤵
  PID:7736
- C:\Windows\System\jsFLGMX.exe
  C:\Windows\System\jsFLGMX.exe
  2⤵
  PID:7752
- C:\Windows\System\tFnhznk.exe
  C:\Windows\System\tFnhznk.exe
  2⤵
  PID:7768
- C:\Windows\System\hzKKPbd.exe
  C:\Windows\System\hzKKPbd.exe
  2⤵
  PID:7788
- C:\Windows\System\ifYysEg.exe
  C:\Windows\System\ifYysEg.exe
  2⤵
  PID:7804
- C:\Windows\System\WYqlaUG.exe
  C:\Windows\System\WYqlaUG.exe
  2⤵
  PID:7820
- C:\Windows\System\kNcmbrA.exe
  C:\Windows\System\kNcmbrA.exe
  2⤵
  PID:7840
- C:\Windows\System\yckVuJN.exe
  C:\Windows\System\yckVuJN.exe
  2⤵
  PID:7856
- C:\Windows\System\sYtieRy.exe
  C:\Windows\System\sYtieRy.exe
  2⤵
  PID:7872
- C:\Windows\System\wMXEYly.exe
  C:\Windows\System\wMXEYly.exe
  2⤵
  PID:7888
- C:\Windows\System\ptZbEUN.exe
  C:\Windows\System\ptZbEUN.exe
  2⤵
  PID:7912
- C:\Windows\System\oMGPTIT.exe
  C:\Windows\System\oMGPTIT.exe
  2⤵
  PID:7928
- C:\Windows\System\ZrqwBiG.exe
  C:\Windows\System\ZrqwBiG.exe
  2⤵
  PID:7944
- C:\Windows\System\lyExQyM.exe
  C:\Windows\System\lyExQyM.exe
  2⤵
  PID:7968
- C:\Windows\System\jxICUtv.exe
  C:\Windows\System\jxICUtv.exe
  2⤵
  PID:8016
- C:\Windows\System\CasaHXm.exe
  C:\Windows\System\CasaHXm.exe
  2⤵
  PID:8048
- C:\Windows\System\oDoPyAx.exe
  C:\Windows\System\oDoPyAx.exe
  2⤵
  PID:8064
- C:\Windows\System\PChQzoi.exe
  C:\Windows\System\PChQzoi.exe
  2⤵
  PID:8080
- C:\Windows\System\SxxnPOm.exe
  C:\Windows\System\SxxnPOm.exe
  2⤵
  PID:8096
- C:\Windows\System\yuUrSKG.exe
  C:\Windows\System\yuUrSKG.exe
  2⤵
  PID:8112
- C:\Windows\System\jPKlUZB.exe
  C:\Windows\System\jPKlUZB.exe
  2⤵
  PID:8128
- C:\Windows\System\AKmjxfW.exe
  C:\Windows\System\AKmjxfW.exe
  2⤵
  PID:8144
- C:\Windows\System\LWWhTtO.exe
  C:\Windows\System\LWWhTtO.exe
  2⤵
  PID:8160
- C:\Windows\System\cngvpBQ.exe
  C:\Windows\System\cngvpBQ.exe
  2⤵
  PID:8176
- C:\Windows\System\xkSJLwj.exe
  C:\Windows\System\xkSJLwj.exe
  2⤵
  PID:6884
- C:\Windows\System\ciLLIxh.exe
  C:\Windows\System\ciLLIxh.exe
  2⤵
  PID:7024
- C:\Windows\System\cYQoLvr.exe
  C:\Windows\System\cYQoLvr.exe
  2⤵
  PID:7244
- C:\Windows\System\nYoxhTp.exe
  C:\Windows\System\nYoxhTp.exe
  2⤵
  PID:7320
- C:\Windows\System\IiXgrkr.exe
  C:\Windows\System\IiXgrkr.exe
  2⤵
  PID:7352
- C:\Windows\System\tYzEWLg.exe
  C:\Windows\System\tYzEWLg.exe
  2⤵
  PID:7336
- C:\Windows\System\vihHlAf.exe
  C:\Windows\System\vihHlAf.exe
  2⤵
  PID:7316
- C:\Windows\System\NhfBvVM.exe
  C:\Windows\System\NhfBvVM.exe
  2⤵
  PID:7372
- C:\Windows\System\uGalxeU.exe
  C:\Windows\System\uGalxeU.exe
  2⤵
  PID:7396
- C:\Windows\System\qeQaGQN.exe
  C:\Windows\System\qeQaGQN.exe
  2⤵
  PID:7420
- C:\Windows\System\vmpTmpO.exe
  C:\Windows\System\vmpTmpO.exe
  2⤵
  PID:7432
- C:\Windows\System\nyfkrOP.exe
  C:\Windows\System\nyfkrOP.exe
  2⤵
  PID:7472
- C:\Windows\System\JrnYkpG.exe
  C:\Windows\System\JrnYkpG.exe
  2⤵
  PID:7544
- C:\Windows\System\gjuIAit.exe
  C:\Windows\System\gjuIAit.exe
  2⤵
  PID:7588
- C:\Windows\System\kFBsZVu.exe
  C:\Windows\System\kFBsZVu.exe
  2⤵
  PID:7656
- C:\Windows\System\LbawvEn.exe
  C:\Windows\System\LbawvEn.exe
  2⤵
  PID:7608
- C:\Windows\System\hsoKwoQ.exe
  C:\Windows\System\hsoKwoQ.exe
  2⤵
  PID:7564
- C:\Windows\System\HttlqCO.exe
  C:\Windows\System\HttlqCO.exe
  2⤵
  PID:7660
- C:\Windows\System\cdxHbYt.exe
  C:\Windows\System\cdxHbYt.exe
  2⤵
  PID:7708
- C:\Windows\System\ZzcjMFk.exe
  C:\Windows\System\ZzcjMFk.exe
  2⤵
  PID:7744
- C:\Windows\System\UTqdCGs.exe
  C:\Windows\System\UTqdCGs.exe
  2⤵
  PID:7784
- C:\Windows\System\JrORIsx.exe
  C:\Windows\System\JrORIsx.exe
  2⤵
  PID:7900
- C:\Windows\System\vRKqsgk.exe
  C:\Windows\System\vRKqsgk.exe
  2⤵
  PID:7880
- C:\Windows\System\qSFBacf.exe
  C:\Windows\System\qSFBacf.exe
  2⤵
  PID:7836
- C:\Windows\System\XdMuZYk.exe
  C:\Windows\System\XdMuZYk.exe
  2⤵
  PID:7728
- C:\Windows\System\HWJbaXC.exe
  C:\Windows\System\HWJbaXC.exe
  2⤵
  PID:7964
- C:\Windows\System\LcmPoXC.exe
  C:\Windows\System\LcmPoXC.exe
  2⤵
  PID:7988
- C:\Windows\System\vpCVUsV.exe
  C:\Windows\System\vpCVUsV.exe
  2⤵
  PID:8008
- C:\Windows\System\XdPSMUS.exe
  C:\Windows\System\XdPSMUS.exe
  2⤵
  PID:8028
- C:\Windows\System\owahoUu.exe
  C:\Windows\System\owahoUu.exe
  2⤵
  PID:8092
- C:\Windows\System\upQtLYp.exe
  C:\Windows\System\upQtLYp.exe
  2⤵
  PID:8188
- C:\Windows\System\TvTTHCT.exe
  C:\Windows\System\TvTTHCT.exe
  2⤵
  PID:7192
- C:\Windows\System\thWyBJf.exe
  C:\Windows\System\thWyBJf.exe
  2⤵
  PID:7208
- C:\Windows\System\bnmCfny.exe
  C:\Windows\System\bnmCfny.exe
  2⤵
  PID:8108
- C:\Windows\System\RblHmXj.exe
  C:\Windows\System\RblHmXj.exe
  2⤵
  PID:8168
- C:\Windows\System\zVdkWPF.exe
  C:\Windows\System\zVdkWPF.exe
  2⤵
  PID:8140
- C:\Windows\System\iPvlmTG.exe
  C:\Windows\System\iPvlmTG.exe
  2⤵
  PID:5336
- C:\Windows\System\BUAGrIY.exe
  C:\Windows\System\BUAGrIY.exe
  2⤵
  PID:7272
- C:\Windows\System\NoAzvei.exe
  C:\Windows\System\NoAzvei.exe
  2⤵
  PID:7404
- C:\Windows\System\UtuLgrq.exe
  C:\Windows\System\UtuLgrq.exe
  2⤵
  PID:7492
- C:\Windows\System\jLqXIyc.exe
  C:\Windows\System\jLqXIyc.exe
  2⤵
  PID:7516
- C:\Windows\System\lmdwDGq.exe
  C:\Windows\System\lmdwDGq.exe
  2⤵
  PID:7552
- C:\Windows\System\tkECBfS.exe
  C:\Windows\System\tkECBfS.exe
  2⤵
  PID:7600
- C:\Windows\System\kAlWYoP.exe
  C:\Windows\System\kAlWYoP.exe
  2⤵
  PID:7672
- C:\Windows\System\iSmFIGd.exe
  C:\Windows\System\iSmFIGd.exe
  2⤵
  PID:7832
- C:\Windows\System\JrykOFA.exe
  C:\Windows\System\JrykOFA.exe
  2⤵
  PID:7904
- C:\Windows\System\IawfMvb.exe
  C:\Windows\System\IawfMvb.exe
  2⤵
  PID:7636
- C:\Windows\System\GKDbfnk.exe
  C:\Windows\System\GKDbfnk.exe
  2⤵
  PID:7848
- C:\Windows\System\SNNnWzs.exe
  C:\Windows\System\SNNnWzs.exe
  2⤵
  PID:8024
- C:\Windows\System\BFAtDkS.exe
  C:\Windows\System\BFAtDkS.exe
  2⤵
  PID:7764
- C:\Windows\System\kcLxkpb.exe
  C:\Windows\System\kcLxkpb.exe
  2⤵
  PID:7980
- C:\Windows\System\QbsvHZN.exe
  C:\Windows\System\QbsvHZN.exe
  2⤵
  PID:7232
- C:\Windows\System\BQaoGfp.exe
  C:\Windows\System\BQaoGfp.exe
  2⤵
  PID:8124
- C:\Windows\System\jAUFmLO.exe
  C:\Windows\System\jAUFmLO.exe
  2⤵
  PID:8088
- C:\Windows\System\GrLbinQ.exe
  C:\Windows\System\GrLbinQ.exe
  2⤵
  PID:8104
- C:\Windows\System\JiecpwA.exe
  C:\Windows\System\JiecpwA.exe
  2⤵
  PID:7268
- C:\Windows\System\dsgWLzv.exe
  C:\Windows\System\dsgWLzv.exe
  2⤵
  PID:7392
- C:\Windows\System\UjlMAbe.exe
  C:\Windows\System\UjlMAbe.exe
  2⤵
  PID:7444
- C:\Windows\System\VuZKOHa.exe
  C:\Windows\System\VuZKOHa.exe
  2⤵
  PID:7464
- C:\Windows\System\DraExKf.exe
  C:\Windows\System\DraExKf.exe
  2⤵
  PID:7508
- C:\Windows\System\NIXdufm.exe
  C:\Windows\System\NIXdufm.exe
  2⤵
  PID:7940
- C:\Windows\System\kMtWAyw.exe
  C:\Windows\System\kMtWAyw.exe
  2⤵
  PID:7800
- C:\Windows\System\hUJzKld.exe
  C:\Windows\System\hUJzKld.exe
  2⤵
  PID:8044
- C:\Windows\System\HlkIGKk.exe
  C:\Windows\System\HlkIGKk.exe
  2⤵
  PID:7436
- C:\Windows\System\jJZCuYS.exe
  C:\Windows\System\jJZCuYS.exe
  2⤵
  PID:7624
- C:\Windows\System\bJjRVUZ.exe
  C:\Windows\System\bJjRVUZ.exe
  2⤵
  PID:8004
- C:\Windows\System\VSJuoGR.exe
  C:\Windows\System\VSJuoGR.exe
  2⤵
  PID:7620
- C:\Windows\System\VJeCfsT.exe
  C:\Windows\System\VJeCfsT.exe
  2⤵
  PID:7460
- C:\Windows\System\BvlFaAi.exe
  C:\Windows\System\BvlFaAi.exe
  2⤵
  PID:8184
- C:\Windows\System\Yspedol.exe
  C:\Windows\System\Yspedol.exe
  2⤵
  PID:7288
- C:\Windows\System\aukbHGy.exe
  C:\Windows\System\aukbHGy.exe
  2⤵
  PID:7180
- C:\Windows\System\XKevxRz.exe
  C:\Windows\System\XKevxRz.exe
  2⤵
  PID:7960
- C:\Windows\System\gXHPobC.exe
  C:\Windows\System\gXHPobC.exe
  2⤵
  PID:8136
- C:\Windows\System\YTLOtaY.exe
  C:\Windows\System\YTLOtaY.exe
  2⤵
  PID:7488
- C:\Windows\System\ifgCUxD.exe
  C:\Windows\System\ifgCUxD.exe
  2⤵
  PID:7868
- C:\Windows\System\zhZASzZ.exe
  C:\Windows\System\zhZASzZ.exe
  2⤵
  PID:8060
- C:\Windows\System\DneQHMh.exe
  C:\Windows\System\DneQHMh.exe
  2⤵
  PID:7812
- C:\Windows\System\guikQoM.exe
  C:\Windows\System\guikQoM.exe
  2⤵
  PID:6668
- C:\Windows\System\aryPELb.exe
  C:\Windows\System\aryPELb.exe
  2⤵
  PID:7668
- C:\Windows\System\LoPgKxl.exe
  C:\Windows\System\LoPgKxl.exe
  2⤵
  PID:8212
- C:\Windows\System\PbWCgZR.exe
  C:\Windows\System\PbWCgZR.exe
  2⤵
  PID:8228
- C:\Windows\System\WMrvMrQ.exe
  C:\Windows\System\WMrvMrQ.exe
  2⤵
  PID:8244
- C:\Windows\System\UMvSVLY.exe
  C:\Windows\System\UMvSVLY.exe
  2⤵
  PID:8260
- C:\Windows\System\wQvEbok.exe
  C:\Windows\System\wQvEbok.exe
  2⤵
  PID:8276
- C:\Windows\System\ErxJwjD.exe
  C:\Windows\System\ErxJwjD.exe
  2⤵
  PID:8304
- C:\Windows\System\CnonfcT.exe
  C:\Windows\System\CnonfcT.exe
  2⤵
  PID:8324
- C:\Windows\System\DeTevNx.exe
  C:\Windows\System\DeTevNx.exe
  2⤵
  PID:8348
- C:\Windows\System\iSHbrSy.exe
  C:\Windows\System\iSHbrSy.exe
  2⤵
  PID:8364
- C:\Windows\System\mnfOMMq.exe
  C:\Windows\System\mnfOMMq.exe
  2⤵
  PID:8388
- C:\Windows\System\USwbBLh.exe
  C:\Windows\System\USwbBLh.exe
  2⤵
  PID:8404
- C:\Windows\System\OzvYOHJ.exe
  C:\Windows\System\OzvYOHJ.exe
  2⤵
  PID:8420
- C:\Windows\System\EqvZAYO.exe
  C:\Windows\System\EqvZAYO.exe
  2⤵
  PID:8444
- C:\Windows\System\AeVAyIx.exe
  C:\Windows\System\AeVAyIx.exe
  2⤵
  PID:8464
- C:\Windows\System\pGNApUp.exe
  C:\Windows\System\pGNApUp.exe
  2⤵
  PID:8480
- C:\Windows\System\CpYdNqK.exe
  C:\Windows\System\CpYdNqK.exe
  2⤵
  PID:8520
- C:\Windows\System\GDpPJtC.exe
  C:\Windows\System\GDpPJtC.exe
  2⤵
  PID:8540
- C:\Windows\System\mIIilQA.exe
  C:\Windows\System\mIIilQA.exe
  2⤵
  PID:8556
- C:\Windows\System\MfvGQQQ.exe
  C:\Windows\System\MfvGQQQ.exe
  2⤵
  PID:8572
- C:\Windows\System\vVeBiDi.exe
  C:\Windows\System\vVeBiDi.exe
  2⤵
  PID:8592
- C:\Windows\System\rHIXnnh.exe
  C:\Windows\System\rHIXnnh.exe
  2⤵
  PID:8612
- C:\Windows\System\rrdFCrA.exe
  C:\Windows\System\rrdFCrA.exe
  2⤵
  PID:8632
- C:\Windows\System\OufHvwf.exe
  C:\Windows\System\OufHvwf.exe
  2⤵
  PID:8660
- C:\Windows\System\wThzbts.exe
  C:\Windows\System\wThzbts.exe
  2⤵
  PID:8676
- C:\Windows\System\nWQmEYf.exe
  C:\Windows\System\nWQmEYf.exe
  2⤵
  PID:8692
- C:\Windows\System\XgfmRIK.exe
  C:\Windows\System\XgfmRIK.exe
  2⤵
  PID:8708
- C:\Windows\System\kbWhEkg.exe
  C:\Windows\System\kbWhEkg.exe
  2⤵
  PID:8724
- C:\Windows\System\uDhHrih.exe
  C:\Windows\System\uDhHrih.exe
  2⤵
  PID:8760
- C:\Windows\System\ZizaIdZ.exe
  C:\Windows\System\ZizaIdZ.exe
  2⤵
  PID:8776
- C:\Windows\System\ETGmiwq.exe
  C:\Windows\System\ETGmiwq.exe
  2⤵
  PID:8792
- C:\Windows\System\uiGQQFM.exe
  C:\Windows\System\uiGQQFM.exe
  2⤵
  PID:8812
- C:\Windows\System\xxKjSXa.exe
  C:\Windows\System\xxKjSXa.exe
  2⤵
  PID:8828
- C:\Windows\System\VsqVyMp.exe
  C:\Windows\System\VsqVyMp.exe
  2⤵
  PID:8852
- C:\Windows\System\sacZiqE.exe
  C:\Windows\System\sacZiqE.exe
  2⤵
  PID:8884
- C:\Windows\System\iNapgHa.exe
  C:\Windows\System\iNapgHa.exe
  2⤵
  PID:8900
- C:\Windows\System\eTlpElf.exe
  C:\Windows\System\eTlpElf.exe
  2⤵
  PID:8916
- C:\Windows\System\ctFZdWi.exe
  C:\Windows\System\ctFZdWi.exe
  2⤵
  PID:8936
- C:\Windows\System\uTLQqYN.exe
  C:\Windows\System\uTLQqYN.exe
  2⤵
  PID:8960
- C:\Windows\System\zybSZTC.exe
  C:\Windows\System\zybSZTC.exe
  2⤵
  PID:8976
- C:\Windows\System\zenAfQC.exe
  C:\Windows\System\zenAfQC.exe
  2⤵
  PID:8992
- C:\Windows\System\aWUmwHE.exe
  C:\Windows\System\aWUmwHE.exe
  2⤵
  PID:9008
- C:\Windows\System\Ftmrgse.exe
  C:\Windows\System\Ftmrgse.exe
  2⤵
  PID:9032
- C:\Windows\System\qSKPQbp.exe
  C:\Windows\System\qSKPQbp.exe
  2⤵
  PID:9048
- C:\Windows\System\ooMStKv.exe
  C:\Windows\System\ooMStKv.exe
  2⤵
  PID:9068
- C:\Windows\System\EOSMinZ.exe
  C:\Windows\System\EOSMinZ.exe
  2⤵
  PID:9084
- C:\Windows\System\BWOgPlv.exe
  C:\Windows\System\BWOgPlv.exe
  2⤵
  PID:9112
- C:\Windows\System\zWrVYrr.exe
  C:\Windows\System\zWrVYrr.exe
  2⤵
  PID:9132
- C:\Windows\System\vgOJrdY.exe
  C:\Windows\System\vgOJrdY.exe
  2⤵
  PID:9160
- C:\Windows\System\IHfbYwB.exe
  C:\Windows\System\IHfbYwB.exe
  2⤵
  PID:9176
- C:\Windows\System\eKZdtuC.exe
  C:\Windows\System\eKZdtuC.exe
  2⤵
  PID:9196
- C:\Windows\System\SiFDxjF.exe
  C:\Windows\System\SiFDxjF.exe
  2⤵
  PID:8200
- C:\Windows\System\gguUvPI.exe
  C:\Windows\System\gguUvPI.exe
  2⤵
  PID:8272
- C:\Windows\System\oUqGweY.exe
  C:\Windows\System\oUqGweY.exe
  2⤵
  PID:8360
- C:\Windows\System\GrxZTUg.exe
  C:\Windows\System\GrxZTUg.exe
  2⤵
  PID:8252
- C:\Windows\System\JYjZlYn.exe
  C:\Windows\System\JYjZlYn.exe
  2⤵
  PID:8288
- C:\Windows\System\iMECbVQ.exe
  C:\Windows\System\iMECbVQ.exe
  2⤵
  PID:8332
- C:\Windows\System\gfRDMMl.exe
  C:\Windows\System\gfRDMMl.exe
  2⤵
  PID:8428
- C:\Windows\System\OHVHvJI.exe
  C:\Windows\System\OHVHvJI.exe
  2⤵
  PID:8440
- C:\Windows\System\LaaWvxe.exe
  C:\Windows\System\LaaWvxe.exe
  2⤵
  PID:8472
- C:\Windows\System\nsvGGyl.exe
  C:\Windows\System\nsvGGyl.exe
  2⤵
  PID:8504
- C:\Windows\System\XzKzyEc.exe
  C:\Windows\System\XzKzyEc.exe
  2⤵
  PID:8528
- C:\Windows\System\jVSzxYM.exe
  C:\Windows\System\jVSzxYM.exe
  2⤵
  PID:8564
- C:\Windows\System\fqywnsN.exe
  C:\Windows\System\fqywnsN.exe
  2⤵
  PID:8600
- C:\Windows\System\NrAkONf.exe
  C:\Windows\System\NrAkONf.exe
  2⤵
  PID:8624
- C:\Windows\System\hUERokN.exe
  C:\Windows\System\hUERokN.exe
  2⤵
  PID:8652
- C:\Windows\System\ICnWsbQ.exe
  C:\Windows\System\ICnWsbQ.exe
  2⤵
  PID:8688
- C:\Windows\System\RtWtcMy.exe
  C:\Windows\System\RtWtcMy.exe
  2⤵
  PID:8736
- C:\Windows\System\gzBOYLR.exe
  C:\Windows\System\gzBOYLR.exe
  2⤵
  PID:8772
- C:\Windows\System\yzowULH.exe
  C:\Windows\System\yzowULH.exe
  2⤵
  PID:8844
- C:\Windows\System\lhFMWZm.exe
  C:\Windows\System\lhFMWZm.exe
  2⤵
  PID:8860
- C:\Windows\System\GHBfWOh.exe
  C:\Windows\System\GHBfWOh.exe
  2⤵
  PID:8864
- C:\Windows\System\UoKzefW.exe
  C:\Windows\System\UoKzefW.exe
  2⤵
  PID:8896
- C:\Windows\System\ECdlUbj.exe
  C:\Windows\System\ECdlUbj.exe
  2⤵
  PID:8944
- C:\Windows\System\zsdrfGu.exe
  C:\Windows\System\zsdrfGu.exe
  2⤵
  PID:8988
- C:\Windows\System\CHQSKCw.exe
  C:\Windows\System\CHQSKCw.exe
  2⤵
  PID:9016
- C:\Windows\System\IPHuyxZ.exe
  C:\Windows\System\IPHuyxZ.exe
  2⤵
  PID:9044
- C:\Windows\System\aYFtOZD.exe
  C:\Windows\System\aYFtOZD.exe
  2⤵
  PID:9064
- C:\Windows\System\yCRpeIc.exe
  C:\Windows\System\yCRpeIc.exe
  2⤵
  PID:9104
- C:\Windows\System\KZsELWN.exe
  C:\Windows\System\KZsELWN.exe
  2⤵
  PID:9148
- C:\Windows\System\nLdkCon.exe
  C:\Windows\System\nLdkCon.exe
  2⤵
  PID:9152
- C:\Windows\System\PzRQTnK.exe
  C:\Windows\System\PzRQTnK.exe
  2⤵
  PID:9204
- C:\Windows\System\dbJzYxT.exe
  C:\Windows\System\dbJzYxT.exe
  2⤵
  PID:7716
- C:\Windows\System\yJqVsuJ.exe
  C:\Windows\System\yJqVsuJ.exe
  2⤵
  PID:8356
- C:\Windows\System\QPGAPde.exe
  C:\Windows\System\QPGAPde.exe
  2⤵
  PID:8344
- C:\Windows\System\woBcDaE.exe
  C:\Windows\System\woBcDaE.exe
  2⤵
  PID:8224
- C:\Windows\System\pGrtxzm.exe
  C:\Windows\System\pGrtxzm.exe
  2⤵
  PID:8452
- C:\Windows\System\fYrJzTA.exe
  C:\Windows\System\fYrJzTA.exe
  2⤵
  PID:8488
- C:\Windows\System\cAtZZve.exe
  C:\Windows\System\cAtZZve.exe
  2⤵
  PID:8568
- C:\Windows\System\hDTCZEx.exe
  C:\Windows\System\hDTCZEx.exe
  2⤵
  PID:8588
- C:\Windows\System\uYdCejN.exe
  C:\Windows\System\uYdCejN.exe
  2⤵
  PID:8620
- C:\Windows\System\LhQgHPN.exe
  C:\Windows\System\LhQgHPN.exe
  2⤵
  PID:8720
- C:\Windows\System\PKiCdeC.exe
  C:\Windows\System\PKiCdeC.exe
  2⤵
  PID:8748
- C:\Windows\System\CDaMSmP.exe
  C:\Windows\System\CDaMSmP.exe
  2⤵
  PID:8808
- C:\Windows\System\lCDfvKL.exe
  C:\Windows\System\lCDfvKL.exe
  2⤵
  PID:8924
- C:\Windows\System\DBtpmCm.exe
  C:\Windows\System\DBtpmCm.exe
  2⤵
  PID:8932
- C:\Windows\System\yWVeAvw.exe
  C:\Windows\System\yWVeAvw.exe
  2⤵
  PID:9080
- C:\Windows\System\XeBQBWo.exe
  C:\Windows\System\XeBQBWo.exe
  2⤵
  PID:8984
- C:\Windows\System\jEvlTwu.exe
  C:\Windows\System\jEvlTwu.exe
  2⤵
  PID:8972
- C:\Windows\System\YjWwAbC.exe
  C:\Windows\System\YjWwAbC.exe
  2⤵
  PID:9140
- C:\Windows\System\WaDppCx.exe
  C:\Windows\System\WaDppCx.exe
  2⤵
  PID:8256
- C:\Windows\System\qNrXaEH.exe
  C:\Windows\System\qNrXaEH.exe
  2⤵
  PID:8300
- C:\Windows\System\vcXqkNj.exe
  C:\Windows\System\vcXqkNj.exe
  2⤵
  PID:8496
- C:\Windows\System\HAmMswE.exe
  C:\Windows\System\HAmMswE.exe
  2⤵
  PID:8548
- C:\Windows\System\ksEHjuP.exe
  C:\Windows\System\ksEHjuP.exe
  2⤵
  PID:8516
- C:\Windows\System\WmVNDJC.exe
  C:\Windows\System\WmVNDJC.exe
  2⤵
  PID:8704
- C:\Windows\System\HzxcGDH.exe
  C:\Windows\System\HzxcGDH.exe
  2⤵
  PID:8824
- C:\Windows\System\oiFSfen.exe
  C:\Windows\System\oiFSfen.exe
  2⤵
  PID:9056
- C:\Windows\System\xxGzJTy.exe
  C:\Windows\System\xxGzJTy.exe
  2⤵
  PID:8880
- C:\Windows\System\GbgAtnx.exe
  C:\Windows\System\GbgAtnx.exe
  2⤵
  PID:9028
- C:\Windows\System\dLPCHLk.exe
  C:\Windows\System\dLPCHLk.exe
  2⤵
  PID:8240
- C:\Windows\System\hxyNMqR.exe
  C:\Windows\System\hxyNMqR.exe
  2⤵
  PID:8376
- C:\Windows\System\DfZesha.exe
  C:\Windows\System\DfZesha.exe
  2⤵
  PID:8456
- C:\Windows\System\ldlHexl.exe
  C:\Windows\System\ldlHexl.exe
  2⤵
  PID:8684
- C:\Windows\System\NTogOGU.exe
  C:\Windows\System\NTogOGU.exe
  2⤵
  PID:8752
- C:\Windows\System\ulZUEnA.exe
  C:\Windows\System\ulZUEnA.exe
  2⤵
  PID:8912
- C:\Windows\System\yOCYmeB.exe
  C:\Windows\System\yOCYmeB.exe
  2⤵
  PID:9184
- C:\Windows\System\PRTCXjR.exe
  C:\Windows\System\PRTCXjR.exe
  2⤵
  PID:8744
- C:\Windows\System\phnNvUK.exe
  C:\Windows\System\phnNvUK.exe
  2⤵
  PID:8768
- C:\Windows\System\lgQBNCj.exe
  C:\Windows\System\lgQBNCj.exe
  2⤵
  PID:8604
- C:\Windows\System\OoKlSAa.exe
  C:\Windows\System\OoKlSAa.exe
  2⤵
  PID:8644
- C:\Windows\System\DsfPwRE.exe
  C:\Windows\System\DsfPwRE.exe
  2⤵
  PID:9124
- C:\Windows\System\eLOUrul.exe
  C:\Windows\System\eLOUrul.exe
  2⤵
  PID:8292
- C:\Windows\System\rjMBPTX.exe
  C:\Windows\System\rjMBPTX.exe
  2⤵
  PID:8320
- C:\Windows\System\CNxztus.exe
  C:\Windows\System\CNxztus.exe
  2⤵
  PID:9040
- C:\Windows\System\gfzJmCl.exe
  C:\Windows\System\gfzJmCl.exe
  2⤵
  PID:9220
- C:\Windows\System\HxEJJAy.exe
  C:\Windows\System\HxEJJAy.exe
  2⤵
  PID:9252
- C:\Windows\System\ZJJycSw.exe
  C:\Windows\System\ZJJycSw.exe
  2⤵
  PID:9272
- C:\Windows\System\weQBHrI.exe
  C:\Windows\System\weQBHrI.exe
  2⤵
  PID:9304
- C:\Windows\System\WoZjcNa.exe
  C:\Windows\System\WoZjcNa.exe
  2⤵
  PID:9320
- C:\Windows\System\feQwGEg.exe
  C:\Windows\System\feQwGEg.exe
  2⤵
  PID:9336
- C:\Windows\System\mEPqoeb.exe
  C:\Windows\System\mEPqoeb.exe
  2⤵
  PID:9360
- C:\Windows\System\ZGiLnaH.exe
  C:\Windows\System\ZGiLnaH.exe
  2⤵
  PID:9384
- C:\Windows\System\GgHDEfq.exe
  C:\Windows\System\GgHDEfq.exe
  2⤵
  PID:9404
- C:\Windows\System\rZkeleF.exe
  C:\Windows\System\rZkeleF.exe
  2⤵
  PID:9420
- C:\Windows\System\dnaUVna.exe
  C:\Windows\System\dnaUVna.exe
  2⤵
  PID:9436
- C:\Windows\System\RxaWaVj.exe
  C:\Windows\System\RxaWaVj.exe
  2⤵
  PID:9480
- C:\Windows\System\NOSFmxh.exe
  C:\Windows\System\NOSFmxh.exe
  2⤵
  PID:9500
- C:\Windows\System\nxwFjvY.exe
  C:\Windows\System\nxwFjvY.exe
  2⤵
  PID:9536
- C:\Windows\System\QzCnWeH.exe
  C:\Windows\System\QzCnWeH.exe
  2⤵
  PID:9552
- C:\Windows\System\gKYWKyH.exe
  C:\Windows\System\gKYWKyH.exe
  2⤵
  PID:9568
- C:\Windows\System\gopEbVY.exe
  C:\Windows\System\gopEbVY.exe
  2⤵
  PID:9596
- C:\Windows\System\EgrJJYm.exe
  C:\Windows\System\EgrJJYm.exe
  2⤵
  PID:9616
- C:\Windows\System\ZfClSKb.exe
  C:\Windows\System\ZfClSKb.exe
  2⤵
  PID:9636
- C:\Windows\System\FyBqFqT.exe
  C:\Windows\System\FyBqFqT.exe
  2⤵
  PID:9652
- C:\Windows\System\fMqeVfc.exe
  C:\Windows\System\fMqeVfc.exe
  2⤵
  PID:9672
- C:\Windows\System\LaKlZVY.exe
  C:\Windows\System\LaKlZVY.exe
  2⤵
  PID:9696
- C:\Windows\System\YWaYGfO.exe
  C:\Windows\System\YWaYGfO.exe
  2⤵
  PID:9712
- C:\Windows\System\XtyYQtE.exe
  C:\Windows\System\XtyYQtE.exe
  2⤵
  PID:9732
- C:\Windows\System\imvJuWL.exe
  C:\Windows\System\imvJuWL.exe
  2⤵
  PID:9752
- C:\Windows\System\wLIcabE.exe
  C:\Windows\System\wLIcabE.exe
  2⤵
  PID:9772
- C:\Windows\System\iSeXoMv.exe
  C:\Windows\System\iSeXoMv.exe
  2⤵
  PID:9792
- C:\Windows\System\QbmzpKo.exe
  C:\Windows\System\QbmzpKo.exe
  2⤵
  PID:9812
- C:\Windows\System\ikxDjih.exe
  C:\Windows\System\ikxDjih.exe
  2⤵
  PID:9836
- C:\Windows\System\LBGIVBb.exe
  C:\Windows\System\LBGIVBb.exe
  2⤵
  PID:9856
- C:\Windows\System\vRNncGL.exe
  C:\Windows\System\vRNncGL.exe
  2⤵
  PID:9880
- C:\Windows\System\OSCKhFg.exe
  C:\Windows\System\OSCKhFg.exe
  2⤵
  PID:9900
- C:\Windows\System\LSKyzjl.exe
  C:\Windows\System\LSKyzjl.exe
  2⤵
  PID:9916
- C:\Windows\System\wrOSmQL.exe
  C:\Windows\System\wrOSmQL.exe
  2⤵
  PID:9932
- C:\Windows\System\JtYPpZt.exe
  C:\Windows\System\JtYPpZt.exe
  2⤵
  PID:9952
- C:\Windows\System\QNCMszi.exe
  C:\Windows\System\QNCMszi.exe
  2⤵
  PID:9968
- C:\Windows\System\PpbVNmE.exe
  C:\Windows\System\PpbVNmE.exe
  2⤵
  PID:9984
- C:\Windows\System\GVWZZcF.exe
  C:\Windows\System\GVWZZcF.exe
  2⤵
  PID:10000
- C:\Windows\System\iPQiTCp.exe
  C:\Windows\System\iPQiTCp.exe
  2⤵
  PID:10028
- C:\Windows\System\RFfTmCY.exe
  C:\Windows\System\RFfTmCY.exe
  2⤵
  PID:10056
- C:\Windows\System\cvCYVNM.exe
  C:\Windows\System\cvCYVNM.exe
  2⤵
  PID:10076
- C:\Windows\System\QTYEJqS.exe
  C:\Windows\System\QTYEJqS.exe
  2⤵
  PID:10096
- C:\Windows\System\EOJvNPD.exe
  C:\Windows\System\EOJvNPD.exe
  2⤵
  PID:10116
- C:\Windows\System\BYXipcM.exe
  C:\Windows\System\BYXipcM.exe
  2⤵
  PID:10136
- C:\Windows\System\cSeavEJ.exe
  C:\Windows\System\cSeavEJ.exe
  2⤵
  PID:10160
- C:\Windows\System\IgGvota.exe
  C:\Windows\System\IgGvota.exe
  2⤵
  PID:10176
- C:\Windows\System\jJGLQyu.exe
  C:\Windows\System\jJGLQyu.exe
  2⤵
  PID:10192
- C:\Windows\System\lOkFRuP.exe
  C:\Windows\System\lOkFRuP.exe
  2⤵
  PID:10208
- C:\Windows\System\ZzLOcbm.exe
  C:\Windows\System\ZzLOcbm.exe
  2⤵
  PID:10224
- C:\Windows\System\pxFQtdE.exe
  C:\Windows\System\pxFQtdE.exe
  2⤵
  PID:9168
- C:\Windows\System\VbQLtSr.exe
  C:\Windows\System\VbQLtSr.exe
  2⤵
  PID:9240
- C:\Windows\System\DcxOSJY.exe
  C:\Windows\System\DcxOSJY.exe
  2⤵
  PID:9268
- C:\Windows\System\gsDkNMl.exe
  C:\Windows\System\gsDkNMl.exe
  2⤵
  PID:7692
- C:\Windows\System\agWlylM.exe
  C:\Windows\System\agWlylM.exe
  2⤵
  PID:9348
- C:\Windows\System\PvaAlGf.exe
  C:\Windows\System\PvaAlGf.exe
  2⤵
  PID:9356
- C:\Windows\System\fkmtaro.exe
  C:\Windows\System\fkmtaro.exe
  2⤵
  PID:9380
- C:\Windows\System\rleMNdy.exe
  C:\Windows\System\rleMNdy.exe
  2⤵
  PID:9416
- C:\Windows\System\MgeIKBz.exe
  C:\Windows\System\MgeIKBz.exe
  2⤵
  PID:9476
- C:\Windows\System\fJcDTml.exe
  C:\Windows\System\fJcDTml.exe
  2⤵
  PID:9508
- C:\Windows\System\vCiCszg.exe
  C:\Windows\System\vCiCszg.exe
  2⤵
  PID:9520
- C:\Windows\System\SFxlswN.exe
  C:\Windows\System\SFxlswN.exe
  2⤵
  PID:9564
- C:\Windows\System\tAzysVr.exe
  C:\Windows\System\tAzysVr.exe
  2⤵
  PID:9580
- C:\Windows\System\TjLseKo.exe
  C:\Windows\System\TjLseKo.exe
  2⤵
  PID:9524
- C:\Windows\System\RXvVpMt.exe
  C:\Windows\System\RXvVpMt.exe
  2⤵
  PID:9632
- C:\Windows\System\CZnGQzv.exe
  C:\Windows\System\CZnGQzv.exe
  2⤵
  PID:9660
- C:\Windows\System\EYouUop.exe
  C:\Windows\System\EYouUop.exe
  2⤵
  PID:9684
- C:\Windows\System\tokJdvs.exe
  C:\Windows\System\tokJdvs.exe
  2⤵
  PID:9708
- C:\Windows\System\AiaAblL.exe
  C:\Windows\System\AiaAblL.exe
  2⤵
  PID:9740
- C:\Windows\System\SZdqINO.exe
  C:\Windows\System\SZdqINO.exe
  2⤵
  PID:9788
- C:\Windows\System\dVVPgnn.exe
  C:\Windows\System\dVVPgnn.exe
  2⤵
  PID:9808
- C:\Windows\System\mFBxSPs.exe
  C:\Windows\System\mFBxSPs.exe
  2⤵
  PID:9844
- C:\Windows\System\SxTVLvD.exe
  C:\Windows\System\SxTVLvD.exe
  2⤵
  PID:9868
- C:\Windows\System\mTAJvLt.exe
  C:\Windows\System\mTAJvLt.exe
  2⤵
  PID:9892
- C:\Windows\System\dHDEkHD.exe
  C:\Windows\System\dHDEkHD.exe
  2⤵
  PID:9924
- C:\Windows\System\KknlmJo.exe
  C:\Windows\System\KknlmJo.exe
  2⤵
  PID:9940
- C:\Windows\System\HIUACTo.exe
  C:\Windows\System\HIUACTo.exe
  2⤵
  PID:10052
- C:\Windows\System\BSDGcKd.exe
  C:\Windows\System\BSDGcKd.exe
  2⤵
  PID:10092
- C:\Windows\System\dPRJUpk.exe
  C:\Windows\System\dPRJUpk.exe
  2⤵
  PID:10108
- C:\Windows\System\LxJkMmF.exe
  C:\Windows\System\LxJkMmF.exe
  2⤵
  PID:10148
- C:\Windows\System\XuYDDcL.exe
  C:\Windows\System\XuYDDcL.exe
  2⤵
  PID:10184
- C:\Windows\System\PzPibJk.exe
  C:\Windows\System\PzPibJk.exe
  2⤵
  PID:8204
- C:\Windows\System\nTKoOUw.exe
  C:\Windows\System\nTKoOUw.exe
  2⤵
  PID:8532
- C:\Windows\System\SqwzdwW.exe
  C:\Windows\System\SqwzdwW.exe
  2⤵
  PID:8956
- C:\Windows\System\PYCsDBa.exe
  C:\Windows\System\PYCsDBa.exe
  2⤵
  PID:9284
- C:\Windows\System\xweiAZk.exe
  C:\Windows\System\xweiAZk.exe
  2⤵
  PID:9372
- C:\Windows\System\LKqsOWn.exe
  C:\Windows\System\LKqsOWn.exe
  2⤵
  PID:9316
- C:\Windows\System\XQsNmdb.exe
  C:\Windows\System\XQsNmdb.exe
  2⤵
  PID:9448
- C:\Windows\System\ebiuqwc.exe
  C:\Windows\System\ebiuqwc.exe
  2⤵
  PID:9512
- C:\Windows\System\sDPqTtS.exe
  C:\Windows\System\sDPqTtS.exe
  2⤵
  PID:9800
- C:\Windows\System\zFmWOkZ.exe
  C:\Windows\System\zFmWOkZ.exe
  2⤵
  PID:9688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CnBThvh.exe

Filesize
6.0MB

MD5
c8f85969a17feb5874ce7587da25fd4d

SHA1
a59b31cc6ab154c8ae80ef1c5449eb053e3ce81b

SHA256
5fd995519df66750118dfc1a96d4eff284efa59bbc992fa4103fc3b58864baf2

SHA512
2848e0cf7ffd24fffe95863dac247fff783915ead01b3a280255459b573ee37a6c413c129278ed085325a9b755d12fb82d530ae91a332f093532bd1f35a32f5c

Download Submit
C:\Windows\system\EXDGxwp.exe

Filesize
6.0MB

MD5
2cd75fa1c745b4f12c162150afcb59a0

SHA1
b2b36cb718982cf59acc116f1eb8dbb9137a827b

SHA256
2a9bb36312c0d5503684526843a61745f23b4d6edf395d36b7f76c921da10aad

SHA512
d63ee512b52b18784a01607b64b563fd6e8b5e398fb7133bdc29a8dd48b9524705d59cc2b025c4b3ceddd2aa6596deb474f620ceeeba48d6456e02bd6bf117a0

Download Submit
C:\Windows\system\GRPGjhX.exe

Filesize
6.0MB

MD5
ca9385191f8b3576f778778279b1b8e1

SHA1
8e96575e8ef8f158af56d78bfdda7c70d930274c

SHA256
790681fd9cd08c13c21f3a47881a06570299bd23322d87760be7aec568a3f7d1

SHA512
82015e82dc860d3c89cb4b624aaea5e11811eee20bbbcf38c57d705961114825a2eb36af1b2532f924cf8e572bde86affe499da8f976098b412aa24d4029843f

Download Submit
C:\Windows\system\GginFly.exe

Filesize
6.0MB

MD5
cd325ffcd3653553fcd16753a31364ee

SHA1
f4692ce81e8fde401f45df50d4e6bedc51ef7138

SHA256
e80ece6fdc7615a0a589a7d0221d711789a8b177ef274e08ff53f53f3bf36242

SHA512
75fd8592a8a2c1594af7d8728d2578c02dfb5552693c03a6660febe4809b4ae9740e932ee3ba08f04a587de3569d7e9e88c69b4806e5e01867420fd0c1218b57

Download Submit
C:\Windows\system\GjggaXr.exe

Filesize
6.0MB

MD5
40daa0ac5a4c226c218425d99924eb9c

SHA1
bdb7c1a3bc6c9a4eb4ab7a07a846e3136947ce17

SHA256
227f44e97bbfd805c9262a8aecf2ddc2fb9172b42e97df3ffc77c6a2ba925be3

SHA512
957ab33784f0351e5261ab34174f039a8a03c64746c63bfe68f748b8021afb734a95ae411208441f69b2ee0046a1ca8d001ed0616a4e4c8eddbbf3172dc8f201

Download Submit
C:\Windows\system\GwZiAiK.exe

Filesize
6.0MB

MD5
2364b8c2f224f86addb4f31c9ca79278

SHA1
2619982824982be9d201f740fd9ae93c4d0b25a1

SHA256
f7db2bea819d1af28991a813c93c6e54e581db91f9b39228e05c56f91038991a

SHA512
2df26a4d4aa8e5ce3f694dbd4f67c8633c1729f8a48a0ac2df6e6c1f5d747104d867c3c20b89e6b6dedbd0ddca4fb61735fa084d089d5f63aaacc6eee80a0806

Download Submit
C:\Windows\system\JwRreOP.exe

Filesize
6.0MB

MD5
8651775eb17ffe6c658d2cea0e09761f

SHA1
5674c64a0ddfde607f161c48708c4774482b88eb

SHA256
991bd3481945fd17f246863694d7fb3e9ac4b8f988173d4111abd2990043827b

SHA512
9be653204d85848ae1365fac671f16b85445746bffc7a74ef340473b7653b0311088fdf0aea754fee789e83b1968e93db3f18c793869ed56d112fd0c2337cb45

Download Submit
C:\Windows\system\RjXNJQf.exe

Filesize
6.0MB

MD5
7d0780cba66b8486ae9bd8a428b6df84

SHA1
d4952bde2555902325240888a6ee9af7dc273aae

SHA256
7d810b90832e52149c1ad2892ecaba895415e61490580d4f2ae5b48e998a7788

SHA512
49d0a5f9683a1c7f669b0dd941943147c9b4c37c99868e190570370892f7daea822fca92db90c3a803e5afa8d64f8647c7dca44a65a47f7b0d2aeac7c46494ea

Download Submit
C:\Windows\system\TApRLDP.exe

Filesize
6.0MB

MD5
ef13d2edfbea09d7f0192e04e3788dc0

SHA1
b561ff080fcb40adaac8a50dd760662f05ad0771

SHA256
51cb5ed213e5623771b85a540665adb74665f4976879f1437b536158a582c267

SHA512
d243201c5ac570f1f7bf04ac429fdf5ebb838d584ea4cd3a68acfad9079e79172d3837ebc07f35eff09cd0e63dd0c54a5c0f964a1b63890039fea8f225a7de6a

Download Submit
C:\Windows\system\UapFZod.exe

Filesize
6.0MB

MD5
ba553c0760043178d1533251aa45f5db

SHA1
7e250bc3b624ed21faa2686ff105d196834b309b

SHA256
926ed33c66cee56869f558514019b41fac4beeb2d4965ac53f00bdae9a29e0f5

SHA512
243db560290cc418408b794ed8eb8ecc413b64e3062ad77fd7e35c85b4e0c1aae01d26a0d79f46f807ff81fb446793848b049407dbbfa9f58064f226a7f86de4

Download Submit
C:\Windows\system\WELchLn.exe

Filesize
6.0MB

MD5
deb3058fe22b066cdf081b525b0a5ae8

SHA1
8ba074cd727c5918316f78181b63852c7e15839e

SHA256
d452115f9595852e39b2989edd3dc33b50eb05533c3f8e505fe618de36093413

SHA512
315705667649d3e81ed4d96bbaa8b4bb1913adcd9e7772fb31a66e2bf82edfe1fa45e48fb4feb18cb96fc35ed91fccadb44758dbce758f0e25723978ad9133b0

Download Submit
C:\Windows\system\WOLKhpo.exe

Filesize
6.0MB

MD5
ae3a0afd1a8de9c3c3329d1374f564aa

SHA1
5be9f2325179199ae2b4ab2c10db92d17074cb8d

SHA256
31bec3fe18a37715b447381976ed4220f18348073317b0b739d5cbba6f3ac5cf

SHA512
db91c5fd87bd9e5f52301a228d6f432fa976e5602a72ad25c7413b21952974006ef460c43cbd1ef94c2377289baecb8dea084505150fd2cf875547c181bd3ac2

Download Submit
C:\Windows\system\ZMszriF.exe

Filesize
6.0MB

MD5
53c0cfc34d8a9692ed031f30da942da2

SHA1
1c6d09e012f62116c0efb130d3e1d9b7ec7aa084

SHA256
bec9bdb13a1f719da2d1f424ca3cb82015105b65f939068b57ea13fa1e6ea13e

SHA512
b0deafec54b8823989dd7b1f049fa5149d1b8b1e369716d30fc8ce2f9c3d7f90d12a2667cd28d00c2aa013feab5218c650e27b753d351c0769b5c464b3a8fcc5

Download Submit
C:\Windows\system\bDtFgcG.exe

Filesize
6.0MB

MD5
9aa0cf33858551175bbee5274e2de014

SHA1
6920ec75b5af769b868da6f2bd61830bbad24629

SHA256
3dc90760f9d85d779e12680ad6df0cb96633b7a16a582c1fa53071d9323b6ec3

SHA512
b5366567db2282ecd8f2046e57d1b178bfdeb4c20cda3777d36afcb22ffb5074c5ee074549bedb5bc96a7611cf704579a5198fe9a4c7bd52eeb5f7010005ed48

Download Submit
C:\Windows\system\eGHHzGj.exe

Filesize
6.0MB

MD5
52a97d69067ea2e4929db9214ac30667

SHA1
c7371588c9b3eaa2a64e7bb3c4354b24c26b07c3

SHA256
6b643001bf008619aea8827474827948a93f62ded1de3b7853d40bdd96940490

SHA512
0948ea2ce97ee9c6c013e526b6fe38051af4be3991a810457b18b17b80a0267e301f13a1f8260408aea3cf63f7edae2415718ec4b51b9468e014d0c67dbd07a6

Download Submit
C:\Windows\system\iumEcdi.exe

Filesize
6.0MB

MD5
19f9185b33254a2e2f8682ab4da6bec0

SHA1
6589c6369248e048917608edff9133868cbb336e

SHA256
da42c11ded1a3f3efacc09945bd7868f20f9da4d3bd60ca576f22144e169e0fd

SHA512
bb2a01e3e84d3fc4c456c7952568b1de926074bc3152ee7baae0d28cd6f4de158a8bb73b47b6d769e6a6068f18be4b021c3cac4a2c02a66ac9213bf6ca2a51eb

Download Submit
C:\Windows\system\iynBBOD.exe

Filesize
6.0MB

MD5
1709d28b04efb6dedb22bda8c73e0e12

SHA1
190aa08abd0116fb72cb9f21f1642adb7b35d154

SHA256
59387cee9f1f69c8d2a14300a7dbdab183d15221685e8a88b5199df906abe5aa

SHA512
b0893d4e8c09913502cea5e30f31c697e1cabec843224993dec98ad2c0ec2ffba739f7418704f2b2c88adc47d17555aef2448b070eb3f3c6fd9d4c58169a2283

Download Submit
C:\Windows\system\lSuseFJ.exe

Filesize
6.0MB

MD5
c32a9e44e9bad4af0460a3c2344a585d

SHA1
72df60721c2f9203bd2fc63a400a81ded45eed62

SHA256
fa7c3268eaac945b499b0a3f7c48f14dc0ff715be7a8993041254c1a7190fd87

SHA512
9b54af50b296e9e7e9e450a0fabd292b24b380368cdc09cfdc61d2d7bc0f8b40eeac059ed325c5286738b8dc15c0111de0c62843259eaef31091f65984834b5a

Download Submit
C:\Windows\system\lYbprLu.exe

Filesize
6.0MB

MD5
0dc6a1dcdca81b6518cdf9d0ea6e6fe1

SHA1
b22e6f2c8356ec4fc1cbd84b947969afb243b70b

SHA256
7ce08fc5a5341bd5618f8fc97c700c0a68426282895cc57712266d2e169241e5

SHA512
20141e2461e34f45415658ef788316184cc2d9daf0d56315c5ae8fdf0a1f130acba7e287b3f7724ade330adf2a12caf2ae3daa28c1b1c242e911961dc9413ae0

Download Submit
C:\Windows\system\mQTsXTV.exe

Filesize
6.0MB

MD5
2bbce510f5c8d332c22cfa69ffc389f4

SHA1
12b6a57ce082bb12a14e0d75545d3fda14747a0d

SHA256
30cbee234fed2b57f97a249f817fb33e302d7f2ce53f2767251b894a563a751c

SHA512
adf45b777baacf2984caba53f2430ef243dc43129c9ac5336be230a3ba72f26bc553ef106027654c64d98eca709b573a81955db802f88af3e8b47699758ba48c

Download Submit
C:\Windows\system\mguaBLs.exe

Filesize
6.0MB

MD5
9eb35cd43d51a6305bf6a5a8e126fb14

SHA1
153343e0a830081e98d45b379d511f4e76c5fc7f

SHA256
fe3abf636c4f8dd2229267e431e8d4190ed7fd1207464aa1368c0cff548babb6

SHA512
2e824133675a9788add3bbc422bec00f45cc5fe2da638790adab0084683fb003d9a3289f79fe4fa0407ca15b61bdc76b257800354afefd5cd088f6cedb389b4d

Download Submit
C:\Windows\system\nMQgylx.exe

Filesize
6.0MB

MD5
7107c97f098ae170efdcc2873c59da79

SHA1
79d30abb01aebdedc60dcfe324d3c99f8128bff1

SHA256
1769cb38c443cca12aff2e88e7844ab1864b3f55bbee7944aba0c89b77ae0147

SHA512
0e9430f18194bc7d792a176768eb5ad828c8e05c7f3b2bd9b93d347fd3111f74a753f0f53a30d48d3436d78a98e8ff3a9a9718c64447c227f5252ebcdc3b140d

Download Submit
C:\Windows\system\pehkdgb.exe

Filesize
6.0MB

MD5
8cb34d47da93f6b52decb0c84e268f35

SHA1
8c571c5d83504ad0ccf6428272350807a8b88509

SHA256
560bd90c828ab5df5a8f4c694343f9aa4fbc12889179047b7c8cc3f10de87580

SHA512
b6e2e9e56cf6e2dd2e934930a2826eb8166191eb46c885a6ffbd2944e3b93241b1de32a0700e4bebb1ff3bf852ee64f0cd735cc3617d70ddf8648da9b96cb5a3

Download Submit
C:\Windows\system\pnyqGGP.exe

Filesize
6.0MB

MD5
1e9f8d816795276abc2d37fe38d1f4e5

SHA1
188765a076b59a5b7e5d83492490705207ee2c3b

SHA256
b171c06f07ab237a7c9576bbefabaa3ccd82c83841ee0aa73908755ffd93e066

SHA512
6bc14715d2d50cb340d8b4291e5ff48e9f3fc64b6fb844ef7281a48b55734c215d448b215bcb4286491ca88317ee593625c0e3564f662e4ec82a3779494fe14f

Download Submit
C:\Windows\system\qqcyurZ.exe

Filesize
6.0MB

MD5
7a65a71ca18a116e3455e4cbfd7d3a65

SHA1
138534c9d89f26b5d2f45012f4de43c0c686705d

SHA256
01e22e0d51107ad3b65682d70b9d2ab3f7bfbb6289eab9701ce6efc466db4c8f

SHA512
e6ef9df585ab29a95bddd613777ec3bb6f3bf8e443d9e5b0be57a2f9b1c9b9b62580d7dcd8c0c548cfeaa224b42e7756cded954ca1eea0c0ec130d8750718aa8

Download Submit
C:\Windows\system\uklESDh.exe

Filesize
8B

MD5
b4c9cbf29bf6c28988d899ee41bab2fe

SHA1
652685497a54390f4f6d3113277980c7a3589183

SHA256
71f06dffc646a0bfeeaaee3be55b203c9505ad0848187ac84f0b06798b13bb52

SHA512
3cc51ccbfe86d83c0c2ac4fab6513cc31fc89289aa005843f0559e8cda8425b6fbe9bda7deb80ad0fd83cf759b814ee0b631ded9663ea7c30e3449deade339b4

Download Submit
C:\Windows\system\yicaozA.exe

Filesize
6.0MB

MD5
1388ffb7efb2a934057de8bb5a3c4482

SHA1
35a3713c88bcbb5ed2ce7194ed17a89b7697c954

SHA256
278d91dd379c9cc034a9deaa1803850b916a5e3fe5df2af19cd90ca4c12c9057

SHA512
6305d4b92743c082854b6e62a7f5881941bba292a6baf95baa5e81eacd528f818279feaeaef7fea9c3b73c1cb1de26de682b453f9e2c610b572b0d9122bdfb34

Download Submit
\Windows\system\DSkOlUn.exe

Filesize
6.0MB

MD5
1e17683290663db63a2642bf71da78a4

SHA1
eb61e6e1ec242130817a35b258165fc952f960d8

SHA256
ee5ea3b179b0a6ea9c7984744d157243eeffbb47ee73bedade3844a1d5dbe5df

SHA512
d9ce378350a531df6b25831f07e82fffbf71b48bc9442cb41010726f396d7d31ae71ab1addad4a3502fd6c9cd9bc362734f9bb22aebd382141c9e8853fac7bf1

Download Submit
\Windows\system\FWPzaNr.exe

Filesize
6.0MB

MD5
49a63d295dcf5f8ab04fdbd25a132f67

SHA1
89238a740433a192cf27e21b0914812e919e8abe

SHA256
99c9cdcf0e7ed9a63887a477f528c7f8771a981711baac723ef2e51ca5eafc42

SHA512
942e621ffdbde37c764829687846abfe8d7c49a47f78ad46d742c91ef0566026fa81aa951c95b7774ecee05681076241cbbfb6fddd1454a2567103c98f527909

Download Submit
\Windows\system\SalSnIi.exe

Filesize
6.0MB

MD5
67e8b81628f0446249bbcf24395a7f47

SHA1
25dc6e8678962286fe278d16fd478624dac37872

SHA256
f9b7b8a284b0c5d79b5c4689669e71ef354ad478623dee5c827365fb53dca0a7

SHA512
15d31fb63045e6e29cda70d9d3f1322f52636ee360da176f0338af0fa97650044ea0ac089e6780991ac91b1e5add6db74a81f67757f10549f69a1110602e178e

Download Submit
\Windows\system\hiXjAiL.exe

Filesize
6.0MB

MD5
4da1e3c8d8b385f0b726e25efbcc2e97

SHA1
260215dd597e32caba23d60c0c8f70eeece7017a

SHA256
12ffd6f0d0c28f4fc5941b3a844d8001adc29f0b0abe5ac1b8e3ac62af47b854

SHA512
e1adb91d8f2726a75f13971c518b6b2b7faf4587f1e5b28d427ca3ebf7ba13d66e002818bdef87544ba4b63e82c35d624ccb24a2c69ca98ca2aaa8d7795cad57

Download Submit
\Windows\system\rxgUoIb.exe

Filesize
6.0MB

MD5
22d4c2f6b3f7c644d167ee9760dd0bc9

SHA1
b6e7e6594846452bf770d23f3902dd4722d6ada4

SHA256
ad0566d3127a5df5718400bf9b94089d99f313a99254874a7285cf34cfbbc20a

SHA512
7b7fe4eecb835325c7db1c5e4374a4303ebb653f8079f50e8f66ce9c6114dc8c50773e6876f25b6ddcd2d4e5a6b0e4343696bb457ab9682c4e5e828de0f1790b

Download Submit
\Windows\system\wfDXxTU.exe

Filesize
6.0MB

MD5
cfe2896025fe1ecd5919ac479af80b3a

SHA1
30ffdd436a0569172e829853c6a0f553f3fea9bb

SHA256
2c36db6682d425ebd78f75e7e7faf3367932717a441e6df95107c4ba984755b3

SHA512
c78461e989f6ab139f91a78ba8863e2554ba597521e6fb18be07506e013e4e3cea17ae2477ac5d4e2b4d10754aae53221b36c16226d3b52273def0134b344dec

Download Submit
memory/972-3616-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/972-703-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/972-102-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2837-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1216-38-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1216-12-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2108-15-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2834-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2108-43-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2949-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-76-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-84-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-57-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2500-6-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-33-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2500-44-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-65-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2500-16-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2500-92-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2500-110-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2500-37-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-90-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-52-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-25-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-31-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-955-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-704-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2500-61-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-618-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-85-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-101-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-18-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2500-117-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2500-0-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2584-81-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2584-98-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2584-2959-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2839-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2632-62-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2632-22-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2640-95-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2956-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-73-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-79-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2948-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-93-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2954-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2792-71-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-2961-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-94-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2950-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-91-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-60-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-115-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3618-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2880-67-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-29-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2840-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-88-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3615-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-107-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download