cobaltstrike | d9e542b8f3406abc4fdd17693f9c62394af4b7ebab1efd3970c27b6d59c493d6

Analysis

max time kernel
149s
max time network
132s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

1a1d18f9d7f63a98b5b2ff7ac928cccd
SHA1

ccf120333bc2d4e43db56cb7e8695a29dfbf62f4
SHA256

d9e542b8f3406abc4fdd17693f9c62394af4b7ebab1efd3970c27b6d59c493d6
SHA512

807675416feeb4528f7fb3e128395f38d60889651c3f58460fb8b46f3e1ff485be546ad744f45a15d983b88151325ab9ecea07f68065c2a81b39ceb1e74185ed
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUV:j+R56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c23-9.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000167e3-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-28.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce0-32.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756b-35.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-39.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-43.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-63.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-51.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2544-0-0x000000013F7C0000-0x000000013FB0D000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-3.dat	xmrig
behavioral1/memory/1976-7-0x000000013FC00000-0x000000013FF4D000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c23-9.dat	xmrig
behavioral1/files/0x00090000000167e3-13.dat	xmrig
behavioral1/files/0x0007000000016cab-20.dat	xmrig
behavioral1/files/0x0007000000016ccc-24.dat	xmrig
behavioral1/files/0x0007000000016cd8-28.dat	xmrig
behavioral1/files/0x0009000000016ce0-32.dat	xmrig
behavioral1/files/0x000900000001756b-35.dat	xmrig
behavioral1/files/0x00050000000194a3-39.dat	xmrig
behavioral1/files/0x00050000000194eb-43.dat	xmrig
behavioral1/files/0x0005000000019515-55.dat	xmrig
behavioral1/files/0x000500000001957c-63.dat	xmrig
behavioral1/files/0x00050000000195a7-67.dat	xmrig
behavioral1/files/0x00050000000195ad-79.dat	xmrig
behavioral1/files/0x00050000000195af-83.dat	xmrig
behavioral1/files/0x00050000000195b1-88.dat	xmrig
behavioral1/files/0x00050000000195b5-93.dat	xmrig
behavioral1/files/0x00050000000195b7-99.dat	xmrig
behavioral1/files/0x00050000000195b3-91.dat	xmrig
behavioral1/files/0x00050000000195c1-109.dat	xmrig
behavioral1/files/0x00050000000195c7-127.dat	xmrig
behavioral1/memory/2720-326-0x000000013F680000-0x000000013F9CD000-memory.dmp	xmrig
behavioral1/memory/1908-337-0x000000013F8B0000-0x000000013FBFD000-memory.dmp	xmrig
behavioral1/memory/3300-357-0x000000013FAF0000-0x000000013FE3D000-memory.dmp	xmrig
behavioral1/memory/2312-362-0x000000013F160000-0x000000013F4AD000-memory.dmp	xmrig
behavioral1/memory/908-365-0x000000013FA40000-0x000000013FD8D000-memory.dmp	xmrig
behavioral1/memory/1712-376-0x000000013F590000-0x000000013F8DD000-memory.dmp	xmrig
behavioral1/memory/2236-375-0x000000013FD90000-0x00000001400DD000-memory.dmp	xmrig
behavioral1/memory/2488-374-0x000000013FDC0000-0x000000014010D000-memory.dmp	xmrig
behavioral1/memory/2456-373-0x000000013FA70000-0x000000013FDBD000-memory.dmp	xmrig
behavioral1/memory/1980-372-0x000000013F920000-0x000000013FC6D000-memory.dmp	xmrig
behavioral1/memory/2180-371-0x000000013FE70000-0x00000001401BD000-memory.dmp	xmrig
behavioral1/memory/1488-370-0x000000013F3F0000-0x000000013F73D000-memory.dmp	xmrig
behavioral1/memory/1292-369-0x000000013FFC0000-0x000000014030D000-memory.dmp	xmrig
behavioral1/memory/2944-367-0x000000013F860000-0x000000013FBAD000-memory.dmp	xmrig
behavioral1/memory/960-366-0x000000013F470000-0x000000013F7BD000-memory.dmp	xmrig
behavioral1/memory/1752-364-0x000000013FAE0000-0x000000013FE2D000-memory.dmp	xmrig
behavioral1/memory/1056-361-0x000000013F500000-0x000000013F84D000-memory.dmp	xmrig
behavioral1/memory/2184-360-0x000000013F2D0000-0x000000013F61D000-memory.dmp	xmrig
behavioral1/memory/2076-359-0x000000013F980000-0x000000013FCCD000-memory.dmp	xmrig
behavioral1/memory/940-335-0x000000013F440000-0x000000013F78D000-memory.dmp	xmrig
behavioral1/memory/2084-334-0x000000013F740000-0x000000013FA8D000-memory.dmp	xmrig
behavioral1/memory/1612-333-0x000000013FA30000-0x000000013FD7D000-memory.dmp	xmrig
behavioral1/memory/2124-332-0x000000013F0C0000-0x000000013F40D000-memory.dmp	xmrig
behavioral1/memory/588-331-0x000000013F620000-0x000000013F96D000-memory.dmp	xmrig
behavioral1/memory/2704-330-0x000000013F840000-0x000000013FB8D000-memory.dmp	xmrig
behavioral1/memory/2652-329-0x000000013FF30000-0x000000014027D000-memory.dmp	xmrig
behavioral1/memory/2896-328-0x000000013F850000-0x000000013FB9D000-memory.dmp	xmrig
behavioral1/memory/2804-327-0x000000013FCB0000-0x000000013FFFD000-memory.dmp	xmrig
behavioral1/memory/2100-325-0x000000013F870000-0x000000013FBBD000-memory.dmp	xmrig
behavioral1/memory/2888-324-0x000000013F770000-0x000000013FABD000-memory.dmp	xmrig
behavioral1/memory/2872-323-0x000000013F2E0000-0x000000013F62D000-memory.dmp	xmrig
behavioral1/memory/2228-322-0x000000013FD00000-0x000000014004D000-memory.dmp	xmrig
behavioral1/memory/2784-321-0x000000013F4C0000-0x000000013F80D000-memory.dmp	xmrig
behavioral1/memory/2880-320-0x000000013F4B0000-0x000000013F7FD000-memory.dmp	xmrig
behavioral1/memory/2788-319-0x000000013FB20000-0x000000013FE6D000-memory.dmp	xmrig
behavioral1/memory/2500-318-0x000000013FA20000-0x000000013FD6D000-memory.dmp	xmrig
behavioral1/memory/2324-317-0x000000013F670000-0x000000013F9BD000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-131.dat	xmrig
behavioral1/files/0x00050000000195c6-124.dat	xmrig
behavioral1/files/0x00050000000195c5-120.dat	xmrig
behavioral1/files/0x00050000000195c3-115.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1976	hzDrcIZ.exe
588	sWwFiYX.exe
2324	FgBTims.exe
2500	vUiGvxF.exe
2788	FWcKAkr.exe
2880	neXFSui.exe
2784	oAedGzp.exe
2228	XahQpRm.exe
2872	FgMbiPm.exe
2888	HWdxToA.exe
2100	KIBrRjs.exe
2720	xpszBod.exe
2804	VVSCmXN.exe
2896	HaIJdBk.exe
2652	JDPpEps.exe
2704	WqIHdaQ.exe
2124	AwrTUpZ.exe
1612	KyztZIm.exe
2084	TyvjNry.exe
940	ZsOJYmT.exe
2956	HthZXzR.exe
1908	LhoUUBY.exe
1924	OtmtteS.exe
2076	DfEnbaM.exe
2940	ouTJHWw.exe
2184	TzDmhRy.exe
2244	PdlVjju.exe
1056	HXZjRfZ.exe
2728	fpOlJLL.exe
2312	IizgUCH.exe
1932	faBMBjy.exe
2176	VyJrvdz.exe
2072	LpCaXrj.exe
1752	rKGNkca.exe
1152	SAjtwuw.exe
908	MSnAKvf.exe
976	JroanOW.exe
1356	KyCNGbn.exe
960	ePaTHbc.exe
2460	tlbnJcC.exe
1656	YYwGDYh.exe
2600	Yaigdzs.exe
2944	bJksMtl.exe
1536	UvQVYwb.exe
1704	IzhCyoK.exe
1292	NHkxJBI.exe
1488	ooxxCeX.exe
2180	FulxSrm.exe
1968	kbcFAPN.exe
3048	HzMtpJu.exe
1980	EwwBgWI.exe
848	cfLaqsz.exe
1912	HzwIsvL.exe
2456	VvOzNIJ.exe
2488	JMkKWFY.exe
2236	NWbfryk.exe
264	ycatebV.exe
1712	jgMQTOS.exe
2588	ypRUVVB.exe
2484	JqpaVvG.exe
2284	YQhLNEC.exe
1608	RTCPjAV.exe
2024	pjAPyur.exe
2036	ZHlbYVd.exe

Loads dropped DLL 64 IoCs

pid	Process
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BdHvidB.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmufOxY.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDgCByY.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnzlSsL.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSZxcdI.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZVzvQb.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aQNKaqx.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxKiVyy.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlwOtsJ.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhBDwMk.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSzRxLA.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZJXWJk.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAAUfDw.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfLPjhb.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luQoXFf.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtpBvsP.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzMtpJu.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAcHLIT.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpDkgzK.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adGCTvX.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUCKMae.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbvyXiy.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXfpUHJ.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhPOMWh.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bdfcxjf.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpXmxZy.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcMgRXc.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RovjBkr.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbjihXv.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxpsBrg.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrDiavi.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKewMnv.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpWnZnw.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYMRVnC.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhoUUBY.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXyhuGz.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNltAMf.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUMqSUX.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYzeNwR.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpJodaW.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmmVwVi.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXNgQUr.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUmBNhO.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPVOneF.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQTJXCe.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYFZeAD.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXSNupn.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIfhhzr.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIlGVGA.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzHWcud.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPbxwEX.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATDqVjC.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkjKkbr.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFxlPBp.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCLVQtu.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbGyevA.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWnsDrH.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFlsAiW.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Daetexz.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRAQVlX.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lELTYyJ.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYjguTt.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEFcoDN.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCeyxvO.exe	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 1976	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2544 wrote to memory of 1976	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2544 wrote to memory of 1976	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2544 wrote to memory of 588	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2544 wrote to memory of 588	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2544 wrote to memory of 588	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2544 wrote to memory of 2324	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2544 wrote to memory of 2324	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2544 wrote to memory of 2324	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2544 wrote to memory of 2500	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2544 wrote to memory of 2500	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2544 wrote to memory of 2500	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2544 wrote to memory of 2788	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2544 wrote to memory of 2788	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2544 wrote to memory of 2788	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2544 wrote to memory of 2880	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2544 wrote to memory of 2880	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2544 wrote to memory of 2880	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2544 wrote to memory of 2784	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2544 wrote to memory of 2784	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2544 wrote to memory of 2784	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2544 wrote to memory of 2228	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2544 wrote to memory of 2228	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2544 wrote to memory of 2228	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2544 wrote to memory of 2872	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2544 wrote to memory of 2872	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2544 wrote to memory of 2872	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2544 wrote to memory of 2888	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2544 wrote to memory of 2888	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2544 wrote to memory of 2888	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2544 wrote to memory of 2100	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2544 wrote to memory of 2100	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2544 wrote to memory of 2100	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2544 wrote to memory of 2720	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2544 wrote to memory of 2720	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2544 wrote to memory of 2720	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2544 wrote to memory of 2804	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2544 wrote to memory of 2804	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2544 wrote to memory of 2804	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2544 wrote to memory of 2896	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2544 wrote to memory of 2896	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2544 wrote to memory of 2896	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2544 wrote to memory of 2652	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2544 wrote to memory of 2652	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2544 wrote to memory of 2652	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2544 wrote to memory of 2704	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2544 wrote to memory of 2704	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2544 wrote to memory of 2704	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2544 wrote to memory of 2124	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2544 wrote to memory of 2124	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2544 wrote to memory of 2124	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2544 wrote to memory of 1612	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2544 wrote to memory of 1612	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2544 wrote to memory of 1612	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2544 wrote to memory of 2084	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2544 wrote to memory of 2084	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2544 wrote to memory of 2084	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2544 wrote to memory of 940	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2544 wrote to memory of 940	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2544 wrote to memory of 940	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2544 wrote to memory of 2956	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2544 wrote to memory of 2956	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2544 wrote to memory of 2956	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2544 wrote to memory of 1908	2544	2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_1a1d18f9d7f63a98b5b2ff7ac928cccd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\System\hzDrcIZ.exe
  C:\Windows\System\hzDrcIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\sWwFiYX.exe
  C:\Windows\System\sWwFiYX.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\FgBTims.exe
  C:\Windows\System\FgBTims.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\vUiGvxF.exe
  C:\Windows\System\vUiGvxF.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\FWcKAkr.exe
  C:\Windows\System\FWcKAkr.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\neXFSui.exe
  C:\Windows\System\neXFSui.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\oAedGzp.exe
  C:\Windows\System\oAedGzp.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\XahQpRm.exe
  C:\Windows\System\XahQpRm.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\FgMbiPm.exe
  C:\Windows\System\FgMbiPm.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\HWdxToA.exe
  C:\Windows\System\HWdxToA.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\KIBrRjs.exe
  C:\Windows\System\KIBrRjs.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\xpszBod.exe
  C:\Windows\System\xpszBod.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\VVSCmXN.exe
  C:\Windows\System\VVSCmXN.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\HaIJdBk.exe
  C:\Windows\System\HaIJdBk.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\JDPpEps.exe
  C:\Windows\System\JDPpEps.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\WqIHdaQ.exe
  C:\Windows\System\WqIHdaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\AwrTUpZ.exe
  C:\Windows\System\AwrTUpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\KyztZIm.exe
  C:\Windows\System\KyztZIm.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\TyvjNry.exe
  C:\Windows\System\TyvjNry.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\ZsOJYmT.exe
  C:\Windows\System\ZsOJYmT.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\HthZXzR.exe
  C:\Windows\System\HthZXzR.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\LhoUUBY.exe
  C:\Windows\System\LhoUUBY.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\OtmtteS.exe
  C:\Windows\System\OtmtteS.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\DfEnbaM.exe
  C:\Windows\System\DfEnbaM.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\ouTJHWw.exe
  C:\Windows\System\ouTJHWw.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\TzDmhRy.exe
  C:\Windows\System\TzDmhRy.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\PdlVjju.exe
  C:\Windows\System\PdlVjju.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\HXZjRfZ.exe
  C:\Windows\System\HXZjRfZ.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\fpOlJLL.exe
  C:\Windows\System\fpOlJLL.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\IizgUCH.exe
  C:\Windows\System\IizgUCH.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\faBMBjy.exe
  C:\Windows\System\faBMBjy.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\VyJrvdz.exe
  C:\Windows\System\VyJrvdz.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\LpCaXrj.exe
  C:\Windows\System\LpCaXrj.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\rKGNkca.exe
  C:\Windows\System\rKGNkca.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\SAjtwuw.exe
  C:\Windows\System\SAjtwuw.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\MSnAKvf.exe
  C:\Windows\System\MSnAKvf.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\JroanOW.exe
  C:\Windows\System\JroanOW.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\ePaTHbc.exe
  C:\Windows\System\ePaTHbc.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\KyCNGbn.exe
  C:\Windows\System\KyCNGbn.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\bJksMtl.exe
  C:\Windows\System\bJksMtl.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\tlbnJcC.exe
  C:\Windows\System\tlbnJcC.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\IzhCyoK.exe
  C:\Windows\System\IzhCyoK.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\YYwGDYh.exe
  C:\Windows\System\YYwGDYh.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\NHkxJBI.exe
  C:\Windows\System\NHkxJBI.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\Yaigdzs.exe
  C:\Windows\System\Yaigdzs.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\ooxxCeX.exe
  C:\Windows\System\ooxxCeX.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\UvQVYwb.exe
  C:\Windows\System\UvQVYwb.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\FulxSrm.exe
  C:\Windows\System\FulxSrm.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\kbcFAPN.exe
  C:\Windows\System\kbcFAPN.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\EwwBgWI.exe
  C:\Windows\System\EwwBgWI.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\HzMtpJu.exe
  C:\Windows\System\HzMtpJu.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\VvOzNIJ.exe
  C:\Windows\System\VvOzNIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\cfLaqsz.exe
  C:\Windows\System\cfLaqsz.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\JMkKWFY.exe
  C:\Windows\System\JMkKWFY.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\HzwIsvL.exe
  C:\Windows\System\HzwIsvL.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\NWbfryk.exe
  C:\Windows\System\NWbfryk.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\ycatebV.exe
  C:\Windows\System\ycatebV.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\jgMQTOS.exe
  C:\Windows\System\jgMQTOS.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\ypRUVVB.exe
  C:\Windows\System\ypRUVVB.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\JqpaVvG.exe
  C:\Windows\System\JqpaVvG.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\YQhLNEC.exe
  C:\Windows\System\YQhLNEC.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\RTCPjAV.exe
  C:\Windows\System\RTCPjAV.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\pjAPyur.exe
  C:\Windows\System\pjAPyur.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\ZHlbYVd.exe
  C:\Windows\System\ZHlbYVd.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\mmBJmlX.exe
  C:\Windows\System\mmBJmlX.exe
  2⤵
  PID:1724
- C:\Windows\System\IIqRpwW.exe
  C:\Windows\System\IIqRpwW.exe
  2⤵
  PID:2760
- C:\Windows\System\EobjQSY.exe
  C:\Windows\System\EobjQSY.exe
  2⤵
  PID:2860
- C:\Windows\System\Latpdzf.exe
  C:\Windows\System\Latpdzf.exe
  2⤵
  PID:2736
- C:\Windows\System\USmqcfK.exe
  C:\Windows\System\USmqcfK.exe
  2⤵
  PID:2928
- C:\Windows\System\LkMRYjn.exe
  C:\Windows\System\LkMRYjn.exe
  2⤵
  PID:2892
- C:\Windows\System\hXFhmIW.exe
  C:\Windows\System\hXFhmIW.exe
  2⤵
  PID:2680
- C:\Windows\System\WuEnEuY.exe
  C:\Windows\System\WuEnEuY.exe
  2⤵
  PID:2648
- C:\Windows\System\dSnliNV.exe
  C:\Windows\System\dSnliNV.exe
  2⤵
  PID:1144
- C:\Windows\System\CxlBoYN.exe
  C:\Windows\System\CxlBoYN.exe
  2⤵
  PID:672
- C:\Windows\System\TzVsscC.exe
  C:\Windows\System\TzVsscC.exe
  2⤵
  PID:2300
- C:\Windows\System\bjjrIwx.exe
  C:\Windows\System\bjjrIwx.exe
  2⤵
  PID:836
- C:\Windows\System\AagSOKU.exe
  C:\Windows\System\AagSOKU.exe
  2⤵
  PID:2836
- C:\Windows\System\ZCEmkaN.exe
  C:\Windows\System\ZCEmkaN.exe
  2⤵
  PID:2144
- C:\Windows\System\zDAupxV.exe
  C:\Windows\System\zDAupxV.exe
  2⤵
  PID:2088
- C:\Windows\System\FnmAnFb.exe
  C:\Windows\System\FnmAnFb.exe
  2⤵
  PID:2408
- C:\Windows\System\MbvyXiy.exe
  C:\Windows\System\MbvyXiy.exe
  2⤵
  PID:2976
- C:\Windows\System\HMpLbtu.exe
  C:\Windows\System\HMpLbtu.exe
  2⤵
  PID:3064
- C:\Windows\System\dxKiVyy.exe
  C:\Windows\System\dxKiVyy.exe
  2⤵
  PID:1620
- C:\Windows\System\ZfADkub.exe
  C:\Windows\System\ZfADkub.exe
  2⤵
  PID:1052
- C:\Windows\System\iAlhuKw.exe
  C:\Windows\System\iAlhuKw.exe
  2⤵
  PID:880
- C:\Windows\System\SjxVfWU.exe
  C:\Windows\System\SjxVfWU.exe
  2⤵
  PID:1468
- C:\Windows\System\PJqTcZL.exe
  C:\Windows\System\PJqTcZL.exe
  2⤵
  PID:1528
- C:\Windows\System\vQTTyfY.exe
  C:\Windows\System\vQTTyfY.exe
  2⤵
  PID:2520
- C:\Windows\System\sEpcdhk.exe
  C:\Windows\System\sEpcdhk.exe
  2⤵
  PID:1552
- C:\Windows\System\nrPYSWS.exe
  C:\Windows\System\nrPYSWS.exe
  2⤵
  PID:1404
- C:\Windows\System\WBBMjhv.exe
  C:\Windows\System\WBBMjhv.exe
  2⤵
  PID:1372
- C:\Windows\System\JFWVXwB.exe
  C:\Windows\System\JFWVXwB.exe
  2⤵
  PID:1400
- C:\Windows\System\vWADVHZ.exe
  C:\Windows\System\vWADVHZ.exe
  2⤵
  PID:2128
- C:\Windows\System\yrJYtcR.exe
  C:\Windows\System\yrJYtcR.exe
  2⤵
  PID:1936
- C:\Windows\System\oGOuTYK.exe
  C:\Windows\System\oGOuTYK.exe
  2⤵
  PID:2316
- C:\Windows\System\ZumiUvm.exe
  C:\Windows\System\ZumiUvm.exe
  2⤵
  PID:1988
- C:\Windows\System\HpJodaW.exe
  C:\Windows\System\HpJodaW.exe
  2⤵
  PID:1600
- C:\Windows\System\getyEES.exe
  C:\Windows\System\getyEES.exe
  2⤵
  PID:3052
- C:\Windows\System\mPKRfGC.exe
  C:\Windows\System\mPKRfGC.exe
  2⤵
  PID:596
- C:\Windows\System\YsXjEbO.exe
  C:\Windows\System\YsXjEbO.exe
  2⤵
  PID:2628
- C:\Windows\System\eHtFarZ.exe
  C:\Windows\System\eHtFarZ.exe
  2⤵
  PID:2396
- C:\Windows\System\VrSCJuK.exe
  C:\Windows\System\VrSCJuK.exe
  2⤵
  PID:1972
- C:\Windows\System\JVSDdUT.exe
  C:\Windows\System\JVSDdUT.exe
  2⤵
  PID:372
- C:\Windows\System\zPFoYYu.exe
  C:\Windows\System\zPFoYYu.exe
  2⤵
  PID:1796
- C:\Windows\System\HSYzIKE.exe
  C:\Windows\System\HSYzIKE.exe
  2⤵
  PID:1472
- C:\Windows\System\pCQtuob.exe
  C:\Windows\System\pCQtuob.exe
  2⤵
  PID:3036
- C:\Windows\System\MwnNiOn.exe
  C:\Windows\System\MwnNiOn.exe
  2⤵
  PID:1596
- C:\Windows\System\qUxXPhH.exe
  C:\Windows\System\qUxXPhH.exe
  2⤵
  PID:2536
- C:\Windows\System\gFhNadi.exe
  C:\Windows\System\gFhNadi.exe
  2⤵
  PID:2740
- C:\Windows\System\gHXgDXP.exe
  C:\Windows\System\gHXgDXP.exe
  2⤵
  PID:3088
- C:\Windows\System\eIlGVGA.exe
  C:\Windows\System\eIlGVGA.exe
  2⤵
  PID:3108
- C:\Windows\System\iXfpUHJ.exe
  C:\Windows\System\iXfpUHJ.exe
  2⤵
  PID:3124
- C:\Windows\System\kcQokzH.exe
  C:\Windows\System\kcQokzH.exe
  2⤵
  PID:3140
- C:\Windows\System\RZqPoyH.exe
  C:\Windows\System\RZqPoyH.exe
  2⤵
  PID:3156
- C:\Windows\System\uUpFOwc.exe
  C:\Windows\System\uUpFOwc.exe
  2⤵
  PID:3172
- C:\Windows\System\WTodqaG.exe
  C:\Windows\System\WTodqaG.exe
  2⤵
  PID:3188
- C:\Windows\System\pObeYwD.exe
  C:\Windows\System\pObeYwD.exe
  2⤵
  PID:3204
- C:\Windows\System\jLZCiUp.exe
  C:\Windows\System\jLZCiUp.exe
  2⤵
  PID:3220
- C:\Windows\System\dbKUVeI.exe
  C:\Windows\System\dbKUVeI.exe
  2⤵
  PID:3236
- C:\Windows\System\yMbcMHm.exe
  C:\Windows\System\yMbcMHm.exe
  2⤵
  PID:3252
- C:\Windows\System\TOuusqQ.exe
  C:\Windows\System\TOuusqQ.exe
  2⤵
  PID:3268
- C:\Windows\System\ysHZgdm.exe
  C:\Windows\System\ysHZgdm.exe
  2⤵
  PID:3284
- C:\Windows\System\UlklRBS.exe
  C:\Windows\System\UlklRBS.exe
  2⤵
  PID:3300
- C:\Windows\System\NYwOhxJ.exe
  C:\Windows\System\NYwOhxJ.exe
  2⤵
  PID:3316
- C:\Windows\System\lAvlKfe.exe
  C:\Windows\System\lAvlKfe.exe
  2⤵
  PID:3888
- C:\Windows\System\kPmonub.exe
  C:\Windows\System\kPmonub.exe
  2⤵
  PID:3904
- C:\Windows\System\FUFdpYU.exe
  C:\Windows\System\FUFdpYU.exe
  2⤵
  PID:3920
- C:\Windows\System\bDhslRE.exe
  C:\Windows\System\bDhslRE.exe
  2⤵
  PID:1676
- C:\Windows\System\KgELhuf.exe
  C:\Windows\System\KgELhuf.exe
  2⤵
  PID:3424
- C:\Windows\System\crinHHk.exe
  C:\Windows\System\crinHHk.exe
  2⤵
  PID:3440
- C:\Windows\System\kGDkNBA.exe
  C:\Windows\System\kGDkNBA.exe
  2⤵
  PID:3464
- C:\Windows\System\GeNoDhg.exe
  C:\Windows\System\GeNoDhg.exe
  2⤵
  PID:3476
- C:\Windows\System\LimoDpA.exe
  C:\Windows\System\LimoDpA.exe
  2⤵
  PID:3500
- C:\Windows\System\eVxcnoW.exe
  C:\Windows\System\eVxcnoW.exe
  2⤵
  PID:3896
- C:\Windows\System\KhvMEmC.exe
  C:\Windows\System\KhvMEmC.exe
  2⤵
  PID:3936
- C:\Windows\System\eamLita.exe
  C:\Windows\System\eamLita.exe
  2⤵
  PID:3944
- C:\Windows\System\gKCCobf.exe
  C:\Windows\System\gKCCobf.exe
  2⤵
  PID:3968
- C:\Windows\System\ZceGAqD.exe
  C:\Windows\System\ZceGAqD.exe
  2⤵
  PID:3984
- C:\Windows\System\RjimebY.exe
  C:\Windows\System\RjimebY.exe
  2⤵
  PID:4020
- C:\Windows\System\lHWbpAq.exe
  C:\Windows\System\lHWbpAq.exe
  2⤵
  PID:3576
- C:\Windows\System\sTNwtIw.exe
  C:\Windows\System\sTNwtIw.exe
  2⤵
  PID:3700
- C:\Windows\System\aQUrgbR.exe
  C:\Windows\System\aQUrgbR.exe
  2⤵
  PID:3732
- C:\Windows\System\kWQjDtM.exe
  C:\Windows\System\kWQjDtM.exe
  2⤵
  PID:3760
- C:\Windows\System\dArcYbR.exe
  C:\Windows\System\dArcYbR.exe
  2⤵
  PID:4084
- C:\Windows\System\zhzoPgR.exe
  C:\Windows\System\zhzoPgR.exe
  2⤵
  PID:756
- C:\Windows\System\OXMChtP.exe
  C:\Windows\System\OXMChtP.exe
  2⤵
  PID:628
- C:\Windows\System\Bdkvcbt.exe
  C:\Windows\System\Bdkvcbt.exe
  2⤵
  PID:4064
- C:\Windows\System\hpDhmzV.exe
  C:\Windows\System\hpDhmzV.exe
  2⤵
  PID:3468
- C:\Windows\System\CDsgrXk.exe
  C:\Windows\System\CDsgrXk.exe
  2⤵
  PID:3520
- C:\Windows\System\YYjQDHn.exe
  C:\Windows\System\YYjQDHn.exe
  2⤵
  PID:3596
- C:\Windows\System\zQPZjPX.exe
  C:\Windows\System\zQPZjPX.exe
  2⤵
  PID:4028
- C:\Windows\System\lotxISh.exe
  C:\Windows\System\lotxISh.exe
  2⤵
  PID:4032
- C:\Windows\System\vyOjhFJ.exe
  C:\Windows\System\vyOjhFJ.exe
  2⤵
  PID:3624
- C:\Windows\System\BwJcTWm.exe
  C:\Windows\System\BwJcTWm.exe
  2⤵
  PID:3636
- C:\Windows\System\HKXcCao.exe
  C:\Windows\System\HKXcCao.exe
  2⤵
  PID:3800
- C:\Windows\System\vCjnhyM.exe
  C:\Windows\System\vCjnhyM.exe
  2⤵
  PID:3652
- C:\Windows\System\ZDYWQdn.exe
  C:\Windows\System\ZDYWQdn.exe
  2⤵
  PID:4068
- C:\Windows\System\HKDfUzh.exe
  C:\Windows\System\HKDfUzh.exe
  2⤵
  PID:3660
- C:\Windows\System\swEECIB.exe
  C:\Windows\System\swEECIB.exe
  2⤵
  PID:3912
- C:\Windows\System\dmmVwVi.exe
  C:\Windows\System\dmmVwVi.exe
  2⤵
  PID:3784
- C:\Windows\System\LJcCVmm.exe
  C:\Windows\System\LJcCVmm.exe
  2⤵
  PID:3844
- C:\Windows\System\ZTWMQOb.exe
  C:\Windows\System\ZTWMQOb.exe
  2⤵
  PID:3976
- C:\Windows\System\THEXqsw.exe
  C:\Windows\System\THEXqsw.exe
  2⤵
  PID:4108
- C:\Windows\System\zCuyjzk.exe
  C:\Windows\System\zCuyjzk.exe
  2⤵
  PID:4124
- C:\Windows\System\oDgCByY.exe
  C:\Windows\System\oDgCByY.exe
  2⤵
  PID:4140
- C:\Windows\System\ApbpMyS.exe
  C:\Windows\System\ApbpMyS.exe
  2⤵
  PID:4156
- C:\Windows\System\HLDcKiu.exe
  C:\Windows\System\HLDcKiu.exe
  2⤵
  PID:4172
- C:\Windows\System\AWQpgnu.exe
  C:\Windows\System\AWQpgnu.exe
  2⤵
  PID:4188
- C:\Windows\System\cWdxYlZ.exe
  C:\Windows\System\cWdxYlZ.exe
  2⤵
  PID:4204
- C:\Windows\System\LGcJhgY.exe
  C:\Windows\System\LGcJhgY.exe
  2⤵
  PID:4260
- C:\Windows\System\VQLeArR.exe
  C:\Windows\System\VQLeArR.exe
  2⤵
  PID:4276
- C:\Windows\System\dXSBGWc.exe
  C:\Windows\System\dXSBGWc.exe
  2⤵
  PID:4292
- C:\Windows\System\tIzfXGM.exe
  C:\Windows\System\tIzfXGM.exe
  2⤵
  PID:4308
- C:\Windows\System\qlezaYW.exe
  C:\Windows\System\qlezaYW.exe
  2⤵
  PID:4324
- C:\Windows\System\iwayYtM.exe
  C:\Windows\System\iwayYtM.exe
  2⤵
  PID:4340
- C:\Windows\System\lQvYVeM.exe
  C:\Windows\System\lQvYVeM.exe
  2⤵
  PID:4356
- C:\Windows\System\iGMPpjv.exe
  C:\Windows\System\iGMPpjv.exe
  2⤵
  PID:4372
- C:\Windows\System\sqjrTta.exe
  C:\Windows\System\sqjrTta.exe
  2⤵
  PID:4388
- C:\Windows\System\CioaLBW.exe
  C:\Windows\System\CioaLBW.exe
  2⤵
  PID:4404
- C:\Windows\System\hGnHANZ.exe
  C:\Windows\System\hGnHANZ.exe
  2⤵
  PID:4420
- C:\Windows\System\TptjmnH.exe
  C:\Windows\System\TptjmnH.exe
  2⤵
  PID:4436
- C:\Windows\System\YVHhOYx.exe
  C:\Windows\System\YVHhOYx.exe
  2⤵
  PID:4452
- C:\Windows\System\jVwDXta.exe
  C:\Windows\System\jVwDXta.exe
  2⤵
  PID:4468
- C:\Windows\System\YPVOneF.exe
  C:\Windows\System\YPVOneF.exe
  2⤵
  PID:4484
- C:\Windows\System\wHBfKuR.exe
  C:\Windows\System\wHBfKuR.exe
  2⤵
  PID:4500
- C:\Windows\System\rpUHkeu.exe
  C:\Windows\System\rpUHkeu.exe
  2⤵
  PID:4516
- C:\Windows\System\PyRczYb.exe
  C:\Windows\System\PyRczYb.exe
  2⤵
  PID:4532
- C:\Windows\System\EYDBeXC.exe
  C:\Windows\System\EYDBeXC.exe
  2⤵
  PID:4548
- C:\Windows\System\LEINagS.exe
  C:\Windows\System\LEINagS.exe
  2⤵
  PID:4564
- C:\Windows\System\rCLVQtu.exe
  C:\Windows\System\rCLVQtu.exe
  2⤵
  PID:4580
- C:\Windows\System\FwXCojg.exe
  C:\Windows\System\FwXCojg.exe
  2⤵
  PID:4596
- C:\Windows\System\aDoaQTA.exe
  C:\Windows\System\aDoaQTA.exe
  2⤵
  PID:4612
- C:\Windows\System\yIfBJFZ.exe
  C:\Windows\System\yIfBJFZ.exe
  2⤵
  PID:4636
- C:\Windows\System\jOUuoND.exe
  C:\Windows\System\jOUuoND.exe
  2⤵
  PID:4676
- C:\Windows\System\aIiaWzo.exe
  C:\Windows\System\aIiaWzo.exe
  2⤵
  PID:4760
- C:\Windows\System\lAcHLIT.exe
  C:\Windows\System\lAcHLIT.exe
  2⤵
  PID:4776
- C:\Windows\System\UuUvFiD.exe
  C:\Windows\System\UuUvFiD.exe
  2⤵
  PID:4792
- C:\Windows\System\wgyqGmc.exe
  C:\Windows\System\wgyqGmc.exe
  2⤵
  PID:4808
- C:\Windows\System\FutYDIT.exe
  C:\Windows\System\FutYDIT.exe
  2⤵
  PID:4824
- C:\Windows\System\YXWJvqF.exe
  C:\Windows\System\YXWJvqF.exe
  2⤵
  PID:4840
- C:\Windows\System\PtZeuiO.exe
  C:\Windows\System\PtZeuiO.exe
  2⤵
  PID:4872
- C:\Windows\System\BYCVvuM.exe
  C:\Windows\System\BYCVvuM.exe
  2⤵
  PID:4888
- C:\Windows\System\APyVAtG.exe
  C:\Windows\System\APyVAtG.exe
  2⤵
  PID:4916
- C:\Windows\System\epOemCe.exe
  C:\Windows\System\epOemCe.exe
  2⤵
  PID:3680
- C:\Windows\System\aJvTnsA.exe
  C:\Windows\System\aJvTnsA.exe
  2⤵
  PID:3716
- C:\Windows\System\eRAQVlX.exe
  C:\Windows\System\eRAQVlX.exe
  2⤵
  PID:3744
- C:\Windows\System\NfRDqqJ.exe
  C:\Windows\System\NfRDqqJ.exe
  2⤵
  PID:3768
- C:\Windows\System\OJKxxDc.exe
  C:\Windows\System\OJKxxDc.exe
  2⤵
  PID:3828
- C:\Windows\System\ptrnRyW.exe
  C:\Windows\System\ptrnRyW.exe
  2⤵
  PID:3832
- C:\Windows\System\FiqXSTn.exe
  C:\Windows\System\FiqXSTn.exe
  2⤵
  PID:3840
- C:\Windows\System\qVRpqDt.exe
  C:\Windows\System\qVRpqDt.exe
  2⤵
  PID:4480
- C:\Windows\System\lVJfVwp.exe
  C:\Windows\System\lVJfVwp.exe
  2⤵
  PID:3416
- C:\Windows\System\XLpMUrY.exe
  C:\Windows\System\XLpMUrY.exe
  2⤵
  PID:4656
- C:\Windows\System\gDZQUyU.exe
  C:\Windows\System\gDZQUyU.exe
  2⤵
  PID:4668
- C:\Windows\System\StLOsTB.exe
  C:\Windows\System\StLOsTB.exe
  2⤵
  PID:4800
- C:\Windows\System\cOQkFZV.exe
  C:\Windows\System\cOQkFZV.exe
  2⤵
  PID:3180
- C:\Windows\System\NFTKyNV.exe
  C:\Windows\System\NFTKyNV.exe
  2⤵
  PID:2908
- C:\Windows\System\MZlpzQr.exe
  C:\Windows\System\MZlpzQr.exe
  2⤵
  PID:3168
- C:\Windows\System\BzHWcud.exe
  C:\Windows\System\BzHWcud.exe
  2⤵
  PID:3232
- C:\Windows\System\jhdQpIA.exe
  C:\Windows\System\jhdQpIA.exe
  2⤵
  PID:3960
- C:\Windows\System\MZdzNuR.exe
  C:\Windows\System\MZdzNuR.exe
  2⤵
  PID:3928
- C:\Windows\System\bDpuHGM.exe
  C:\Windows\System\bDpuHGM.exe
  2⤵
  PID:3864
- C:\Windows\System\LNONbOV.exe
  C:\Windows\System\LNONbOV.exe
  2⤵
  PID:3248
- C:\Windows\System\HuHLroW.exe
  C:\Windows\System\HuHLroW.exe
  2⤵
  PID:2388
- C:\Windows\System\yKHHdjV.exe
  C:\Windows\System\yKHHdjV.exe
  2⤵
  PID:2672
- C:\Windows\System\IEtAPLQ.exe
  C:\Windows\System\IEtAPLQ.exe
  2⤵
  PID:2328
- C:\Windows\System\FTvygNy.exe
  C:\Windows\System\FTvygNy.exe
  2⤵
  PID:1568
- C:\Windows\System\oGisnAg.exe
  C:\Windows\System\oGisnAg.exe
  2⤵
  PID:3836
- C:\Windows\System\PgWgSIT.exe
  C:\Windows\System\PgWgSIT.exe
  2⤵
  PID:3412
- C:\Windows\System\JWATViU.exe
  C:\Windows\System\JWATViU.exe
  2⤵
  PID:4000
- C:\Windows\System\YLLmzNa.exe
  C:\Windows\System\YLLmzNa.exe
  2⤵
  PID:3748
- C:\Windows\System\aSNIbIr.exe
  C:\Windows\System\aSNIbIr.exe
  2⤵
  PID:1300
- C:\Windows\System\MMmYhAz.exe
  C:\Windows\System\MMmYhAz.exe
  2⤵
  PID:2476
- C:\Windows\System\yavWUma.exe
  C:\Windows\System\yavWUma.exe
  2⤵
  PID:3712
- C:\Windows\System\XEuEBbv.exe
  C:\Windows\System\XEuEBbv.exe
  2⤵
  PID:3644
- C:\Windows\System\gNguWvS.exe
  C:\Windows\System\gNguWvS.exe
  2⤵
  PID:4944
- C:\Windows\System\HVesvSm.exe
  C:\Windows\System\HVesvSm.exe
  2⤵
  PID:4964
- C:\Windows\System\ENYihDL.exe
  C:\Windows\System\ENYihDL.exe
  2⤵
  PID:4104
- C:\Windows\System\Ozivbxm.exe
  C:\Windows\System\Ozivbxm.exe
  2⤵
  PID:4164
- C:\Windows\System\JuNgtIn.exe
  C:\Windows\System\JuNgtIn.exe
  2⤵
  PID:4272
- C:\Windows\System\cIUZjri.exe
  C:\Windows\System\cIUZjri.exe
  2⤵
  PID:4336
- C:\Windows\System\EjxhizY.exe
  C:\Windows\System\EjxhizY.exe
  2⤵
  PID:4400
- C:\Windows\System\HVVlvwE.exe
  C:\Windows\System\HVVlvwE.exe
  2⤵
  PID:4464
- C:\Windows\System\ooeRAoy.exe
  C:\Windows\System\ooeRAoy.exe
  2⤵
  PID:4996
- C:\Windows\System\LVtyCVr.exe
  C:\Windows\System\LVtyCVr.exe
  2⤵
  PID:5016
- C:\Windows\System\cupxMhf.exe
  C:\Windows\System\cupxMhf.exe
  2⤵
  PID:5044
- C:\Windows\System\YJvCPNQ.exe
  C:\Windows\System\YJvCPNQ.exe
  2⤵
  PID:5060
- C:\Windows\System\njBPKfX.exe
  C:\Windows\System\njBPKfX.exe
  2⤵
  PID:3664
- C:\Windows\System\wmYHRqg.exe
  C:\Windows\System\wmYHRqg.exe
  2⤵
  PID:4152
- C:\Windows\System\kfLPjhb.exe
  C:\Windows\System\kfLPjhb.exe
  2⤵
  PID:4224
- C:\Windows\System\jsNNxZF.exe
  C:\Windows\System\jsNNxZF.exe
  2⤵
  PID:4248
- C:\Windows\System\SKLMBFN.exe
  C:\Windows\System\SKLMBFN.exe
  2⤵
  PID:4560
- C:\Windows\System\HADnCAi.exe
  C:\Windows\System\HADnCAi.exe
  2⤵
  PID:4624
- C:\Windows\System\APPZSQX.exe
  C:\Windows\System\APPZSQX.exe
  2⤵
  PID:4688
- C:\Windows\System\UegMVjZ.exe
  C:\Windows\System\UegMVjZ.exe
  2⤵
  PID:4704
- C:\Windows\System\bscDHsw.exe
  C:\Windows\System\bscDHsw.exe
  2⤵
  PID:4752
- C:\Windows\System\YTDuGQN.exe
  C:\Windows\System\YTDuGQN.exe
  2⤵
  PID:4820
- C:\Windows\System\iCEDJlC.exe
  C:\Windows\System\iCEDJlC.exe
  2⤵
  PID:3484
- C:\Windows\System\wCLrxfE.exe
  C:\Windows\System\wCLrxfE.exe
  2⤵
  PID:4908
- C:\Windows\System\OGgZfkA.exe
  C:\Windows\System\OGgZfkA.exe
  2⤵
  PID:3492
- C:\Windows\System\tARAOJy.exe
  C:\Windows\System\tARAOJy.exe
  2⤵
  PID:4284
- C:\Windows\System\ZKPwjBz.exe
  C:\Windows\System\ZKPwjBz.exe
  2⤵
  PID:1572
- C:\Windows\System\fxwmijn.exe
  C:\Windows\System\fxwmijn.exe
  2⤵
  PID:3728
- C:\Windows\System\ahIFYzA.exe
  C:\Windows\System\ahIFYzA.exe
  2⤵
  PID:4476
- C:\Windows\System\UHlzSOc.exe
  C:\Windows\System\UHlzSOc.exe
  2⤵
  PID:3292
- C:\Windows\System\nxTplCy.exe
  C:\Windows\System\nxTplCy.exe
  2⤵
  PID:4576
- C:\Windows\System\lELTYyJ.exe
  C:\Windows\System\lELTYyJ.exe
  2⤵
  PID:4664
- C:\Windows\System\KfNhtDU.exe
  C:\Windows\System\KfNhtDU.exe
  2⤵
  PID:3868
- C:\Windows\System\xgIURnJ.exe
  C:\Windows\System\xgIURnJ.exe
  2⤵
  PID:3788
- C:\Windows\System\dlFcPEf.exe
  C:\Windows\System\dlFcPEf.exe
  2⤵
  PID:3084
- C:\Windows\System\QjaAOMQ.exe
  C:\Windows\System\QjaAOMQ.exe
  2⤵
  PID:4772
- C:\Windows\System\prXkYuX.exe
  C:\Windows\System\prXkYuX.exe
  2⤵
  PID:3452
- C:\Windows\System\bQTJXCe.exe
  C:\Windows\System\bQTJXCe.exe
  2⤵
  PID:3860
- C:\Windows\System\mGNpfYw.exe
  C:\Windows\System\mGNpfYw.exe
  2⤵
  PID:2356
- C:\Windows\System\riPQoam.exe
  C:\Windows\System\riPQoam.exe
  2⤵
  PID:2832
- C:\Windows\System\zQwYJdw.exe
  C:\Windows\System\zQwYJdw.exe
  2⤵
  PID:2132
- C:\Windows\System\VgIZwew.exe
  C:\Windows\System\VgIZwew.exe
  2⤵
  PID:4648
- C:\Windows\System\MlnzSVb.exe
  C:\Windows\System\MlnzSVb.exe
  2⤵
  PID:3148
- C:\Windows\System\UpMbXfl.exe
  C:\Windows\System\UpMbXfl.exe
  2⤵
  PID:1736
- C:\Windows\System\wQhSBdK.exe
  C:\Windows\System\wQhSBdK.exe
  2⤵
  PID:3436
- C:\Windows\System\ToswAOr.exe
  C:\Windows\System\ToswAOr.exe
  2⤵
  PID:3948
- C:\Windows\System\knbIRVX.exe
  C:\Windows\System\knbIRVX.exe
  2⤵
  PID:3616
- C:\Windows\System\XZKuysG.exe
  C:\Windows\System\XZKuysG.exe
  2⤵
  PID:4016
- C:\Windows\System\vXONezC.exe
  C:\Windows\System\vXONezC.exe
  2⤵
  PID:1564
- C:\Windows\System\MUhRuVj.exe
  C:\Windows\System\MUhRuVj.exe
  2⤵
  PID:916
- C:\Windows\System\uwwkcZI.exe
  C:\Windows\System\uwwkcZI.exe
  2⤵
  PID:5036
- C:\Windows\System\etLusIM.exe
  C:\Windows\System\etLusIM.exe
  2⤵
  PID:5080
- C:\Windows\System\yAzeRLm.exe
  C:\Windows\System\yAzeRLm.exe
  2⤵
  PID:5104
- C:\Windows\System\EHmQHAO.exe
  C:\Windows\System\EHmQHAO.exe
  2⤵
  PID:2748
- C:\Windows\System\MWeOBOJ.exe
  C:\Windows\System\MWeOBOJ.exe
  2⤵
  PID:4080
- C:\Windows\System\gcZIlgk.exe
  C:\Windows\System\gcZIlgk.exe
  2⤵
  PID:4496
- C:\Windows\System\NICOwee.exe
  C:\Windows\System\NICOwee.exe
  2⤵
  PID:1120
- C:\Windows\System\ziJIrtu.exe
  C:\Windows\System\ziJIrtu.exe
  2⤵
  PID:4744
- C:\Windows\System\mRetCrw.exe
  C:\Windows\System\mRetCrw.exe
  2⤵
  PID:4736
- C:\Windows\System\IlwOtsJ.exe
  C:\Windows\System\IlwOtsJ.exe
  2⤵
  PID:4332
- C:\Windows\System\ZascxDo.exe
  C:\Windows\System\ZascxDo.exe
  2⤵
  PID:3104
- C:\Windows\System\fWIqTok.exe
  C:\Windows\System\fWIqTok.exe
  2⤵
  PID:2876
- C:\Windows\System\SLnKFuE.exe
  C:\Windows\System\SLnKFuE.exe
  2⤵
  PID:5048
- C:\Windows\System\aWXwBdO.exe
  C:\Windows\System\aWXwBdO.exe
  2⤵
  PID:3792
- C:\Windows\System\tuBTzqD.exe
  C:\Windows\System\tuBTzqD.exe
  2⤵
  PID:4540
- C:\Windows\System\qKguloA.exe
  C:\Windows\System\qKguloA.exe
  2⤵
  PID:4832
- C:\Windows\System\FwOEGhC.exe
  C:\Windows\System\FwOEGhC.exe
  2⤵
  PID:4460
- C:\Windows\System\KAHqAJe.exe
  C:\Windows\System\KAHqAJe.exe
  2⤵
  PID:2864
- C:\Windows\System\CRVVIcG.exe
  C:\Windows\System\CRVVIcG.exe
  2⤵
  PID:3080
- C:\Windows\System\pYIPONK.exe
  C:\Windows\System\pYIPONK.exe
  2⤵
  PID:3136
- C:\Windows\System\dKewMnv.exe
  C:\Windows\System\dKewMnv.exe
  2⤵
  PID:3280
- C:\Windows\System\mYNGVaC.exe
  C:\Windows\System\mYNGVaC.exe
  2⤵
  PID:4316
- C:\Windows\System\JANyMoa.exe
  C:\Windows\System\JANyMoa.exe
  2⤵
  PID:3964
- C:\Windows\System\HezWZJv.exe
  C:\Windows\System\HezWZJv.exe
  2⤵
  PID:4092
- C:\Windows\System\kpYnOij.exe
  C:\Windows\System\kpYnOij.exe
  2⤵
  PID:4732
- C:\Windows\System\LhVsAFT.exe
  C:\Windows\System\LhVsAFT.exe
  2⤵
  PID:2492
- C:\Windows\System\EHwJwnu.exe
  C:\Windows\System\EHwJwnu.exe
  2⤵
  PID:4924
- C:\Windows\System\rXUDiQN.exe
  C:\Windows\System\rXUDiQN.exe
  2⤵
  PID:1496
- C:\Windows\System\uNRBZov.exe
  C:\Windows\System\uNRBZov.exe
  2⤵
  PID:3572
- C:\Windows\System\hLqQWcK.exe
  C:\Windows\System\hLqQWcK.exe
  2⤵
  PID:3552
- C:\Windows\System\PcqfkpH.exe
  C:\Windows\System\PcqfkpH.exe
  2⤵
  PID:3364
- C:\Windows\System\DtkKszr.exe
  C:\Windows\System\DtkKszr.exe
  2⤵
  PID:3508
- C:\Windows\System\lCTZpET.exe
  C:\Windows\System\lCTZpET.exe
  2⤵
  PID:3372
- C:\Windows\System\tnacnLN.exe
  C:\Windows\System\tnacnLN.exe
  2⤵
  PID:3212
- C:\Windows\System\oqzIpoQ.exe
  C:\Windows\System\oqzIpoQ.exe
  2⤵
  PID:4200
- C:\Windows\System\aFGzwrH.exe
  C:\Windows\System\aFGzwrH.exe
  2⤵
  PID:4976
- C:\Windows\System\CaWqYUR.exe
  C:\Windows\System\CaWqYUR.exe
  2⤵
  PID:1644
- C:\Windows\System\QJilcxA.exe
  C:\Windows\System\QJilcxA.exe
  2⤵
  PID:3200
- C:\Windows\System\nRUTBkf.exe
  C:\Windows\System\nRUTBkf.exe
  2⤵
  PID:3152
- C:\Windows\System\sWDrqTh.exe
  C:\Windows\System\sWDrqTh.exe
  2⤵
  PID:5032
- C:\Windows\System\FvwiFkw.exe
  C:\Windows\System\FvwiFkw.exe
  2⤵
  PID:5096
- C:\Windows\System\JrSJXPk.exe
  C:\Windows\System\JrSJXPk.exe
  2⤵
  PID:5112
- C:\Windows\System\yEYuLhP.exe
  C:\Windows\System\yEYuLhP.exe
  2⤵
  PID:5076
- C:\Windows\System\hnEumqL.exe
  C:\Windows\System\hnEumqL.exe
  2⤵
  PID:4528
- C:\Windows\System\qKTImsH.exe
  C:\Windows\System\qKTImsH.exe
  2⤵
  PID:2764
- C:\Windows\System\PyDaEuL.exe
  C:\Windows\System\PyDaEuL.exe
  2⤵
  PID:4632
- C:\Windows\System\ZDVrseA.exe
  C:\Windows\System\ZDVrseA.exe
  2⤵
  PID:3780
- C:\Windows\System\UPSrZId.exe
  C:\Windows\System\UPSrZId.exe
  2⤵
  PID:3640
- C:\Windows\System\XrBMPLx.exe
  C:\Windows\System\XrBMPLx.exe
  2⤵
  PID:4556
- C:\Windows\System\DxbTIDd.exe
  C:\Windows\System\DxbTIDd.exe
  2⤵
  PID:4848
- C:\Windows\System\MKSgjnz.exe
  C:\Windows\System\MKSgjnz.exe
  2⤵
  PID:4320
- C:\Windows\System\jBvevlH.exe
  C:\Windows\System\jBvevlH.exe
  2⤵
  PID:2220
- C:\Windows\System\fmjtibl.exe
  C:\Windows\System\fmjtibl.exe
  2⤵
  PID:4132
- C:\Windows\System\rPHegEK.exe
  C:\Windows\System\rPHegEK.exe
  2⤵
  PID:1984
- C:\Windows\System\MVvtuow.exe
  C:\Windows\System\MVvtuow.exe
  2⤵
  PID:4788
- C:\Windows\System\MJVkTUo.exe
  C:\Windows\System\MJVkTUo.exe
  2⤵
  PID:3648
- C:\Windows\System\HJyaBww.exe
  C:\Windows\System\HJyaBww.exe
  2⤵
  PID:4700
- C:\Windows\System\tUkrmsQ.exe
  C:\Windows\System\tUkrmsQ.exe
  2⤵
  PID:3816
- C:\Windows\System\QKRkpFT.exe
  C:\Windows\System\QKRkpFT.exe
  2⤵
  PID:2612
- C:\Windows\System\LReyLDH.exe
  C:\Windows\System\LReyLDH.exe
  2⤵
  PID:2156
- C:\Windows\System\FpUBrNw.exe
  C:\Windows\System\FpUBrNw.exe
  2⤵
  PID:3856
- C:\Windows\System\bwSTylo.exe
  C:\Windows\System\bwSTylo.exe
  2⤵
  PID:3604
- C:\Windows\System\OIIGkrP.exe
  C:\Windows\System\OIIGkrP.exe
  2⤵
  PID:4244
- C:\Windows\System\xsINfPx.exe
  C:\Windows\System\xsINfPx.exe
  2⤵
  PID:4936
- C:\Windows\System\cnKOeeT.exe
  C:\Windows\System\cnKOeeT.exe
  2⤵
  PID:4608
- C:\Windows\System\vfNHzOV.exe
  C:\Windows\System\vfNHzOV.exe
  2⤵
  PID:2636
- C:\Windows\System\ZukbnEy.exe
  C:\Windows\System\ZukbnEy.exe
  2⤵
  PID:3516
- C:\Windows\System\NSRtGip.exe
  C:\Windows\System\NSRtGip.exe
  2⤵
  PID:3360
- C:\Windows\System\BhFqadK.exe
  C:\Windows\System\BhFqadK.exe
  2⤵
  PID:3344
- C:\Windows\System\UKROZiG.exe
  C:\Windows\System\UKROZiG.exe
  2⤵
  PID:2620
- C:\Windows\System\xlGsqJu.exe
  C:\Windows\System\xlGsqJu.exe
  2⤵
  PID:3332
- C:\Windows\System\EwHKDId.exe
  C:\Windows\System\EwHKDId.exe
  2⤵
  PID:3456
- C:\Windows\System\eYrDJNz.exe
  C:\Windows\System\eYrDJNz.exe
  2⤵
  PID:4368
- C:\Windows\System\TrAvFES.exe
  C:\Windows\System\TrAvFES.exe
  2⤵
  PID:4572
- C:\Windows\System\dndGmlR.exe
  C:\Windows\System\dndGmlR.exe
  2⤵
  PID:3776
- C:\Windows\System\aBWcvtK.exe
  C:\Windows\System\aBWcvtK.exe
  2⤵
  PID:3692
- C:\Windows\System\jVyXuGp.exe
  C:\Windows\System\jVyXuGp.exe
  2⤵
  PID:4184
- C:\Windows\System\yASycts.exe
  C:\Windows\System\yASycts.exe
  2⤵
  PID:3688
- C:\Windows\System\GlPPdMv.exe
  C:\Windows\System\GlPPdMv.exe
  2⤵
  PID:3656
- C:\Windows\System\bHbRPIf.exe
  C:\Windows\System\bHbRPIf.exe
  2⤵
  PID:4740
- C:\Windows\System\RqxmsJb.exe
  C:\Windows\System\RqxmsJb.exe
  2⤵
  PID:4116
- C:\Windows\System\YYMauuF.exe
  C:\Windows\System\YYMauuF.exe
  2⤵
  PID:4300
- C:\Windows\System\oYjguTt.exe
  C:\Windows\System\oYjguTt.exe
  2⤵
  PID:4040
- C:\Windows\System\tjRsazZ.exe
  C:\Windows\System\tjRsazZ.exe
  2⤵
  PID:3752
- C:\Windows\System\TNxtFua.exe
  C:\Windows\System\TNxtFua.exe
  2⤵
  PID:5008
- C:\Windows\System\FzyQTDg.exe
  C:\Windows\System\FzyQTDg.exe
  2⤵
  PID:3880
- C:\Windows\System\eTcWONg.exe
  C:\Windows\System\eTcWONg.exe
  2⤵
  PID:3812
- C:\Windows\System\xArAELj.exe
  C:\Windows\System\xArAELj.exe
  2⤵
  PID:2252
- C:\Windows\System\Huamqkh.exe
  C:\Windows\System\Huamqkh.exe
  2⤵
  PID:3388
- C:\Windows\System\uHcbhew.exe
  C:\Windows\System\uHcbhew.exe
  2⤵
  PID:3340
- C:\Windows\System\NApQNqp.exe
  C:\Windows\System\NApQNqp.exe
  2⤵
  PID:4972
- C:\Windows\System\ZIjHjZc.exe
  C:\Windows\System\ZIjHjZc.exe
  2⤵
  PID:3480
- C:\Windows\System\SvsQHhU.exe
  C:\Windows\System\SvsQHhU.exe
  2⤵
  PID:4784
- C:\Windows\System\LKpgufk.exe
  C:\Windows\System\LKpgufk.exe
  2⤵
  PID:3544
- C:\Windows\System\YguJMpn.exe
  C:\Windows\System\YguJMpn.exe
  2⤵
  PID:3532
- C:\Windows\System\tvnnqRz.exe
  C:\Windows\System\tvnnqRz.exe
  2⤵
  PID:3560
- C:\Windows\System\Alotdxk.exe
  C:\Windows\System\Alotdxk.exe
  2⤵
  PID:1824
- C:\Windows\System\yuYJbYj.exe
  C:\Windows\System\yuYJbYj.exe
  2⤵
  PID:3824
- C:\Windows\System\mkDsyLY.exe
  C:\Windows\System\mkDsyLY.exe
  2⤵
  PID:2848
- C:\Windows\System\aNpLEPr.exe
  C:\Windows\System\aNpLEPr.exe
  2⤵
  PID:4652
- C:\Windows\System\oLPODVM.exe
  C:\Windows\System\oLPODVM.exe
  2⤵
  PID:3096
- C:\Windows\System\BFbcWjZ.exe
  C:\Windows\System\BFbcWjZ.exe
  2⤵
  PID:4252
- C:\Windows\System\OIERohs.exe
  C:\Windows\System\OIERohs.exe
  2⤵
  PID:2904
- C:\Windows\System\IcMgRXc.exe
  C:\Windows\System\IcMgRXc.exe
  2⤵
  PID:4620
- C:\Windows\System\oPywdwM.exe
  C:\Windows\System\oPywdwM.exe
  2⤵
  PID:2668
- C:\Windows\System\xIRDBLI.exe
  C:\Windows\System\xIRDBLI.exe
  2⤵
  PID:3696
- C:\Windows\System\rPuhKjW.exe
  C:\Windows\System\rPuhKjW.exe
  2⤵
  PID:4288
- C:\Windows\System\lGwmUjx.exe
  C:\Windows\System\lGwmUjx.exe
  2⤵
  PID:4720
- C:\Windows\System\usNDGYl.exe
  C:\Windows\System\usNDGYl.exe
  2⤵
  PID:2868
- C:\Windows\System\ZsJiHru.exe
  C:\Windows\System\ZsJiHru.exe
  2⤵
  PID:2696
- C:\Windows\System\ElYeNVW.exe
  C:\Windows\System\ElYeNVW.exe
  2⤵
  PID:4228
- C:\Windows\System\dbvchYV.exe
  C:\Windows\System\dbvchYV.exe
  2⤵
  PID:1172
- C:\Windows\System\JIuQTzt.exe
  C:\Windows\System\JIuQTzt.exe
  2⤵
  PID:1624
- C:\Windows\System\ZLYrOWw.exe
  C:\Windows\System\ZLYrOWw.exe
  2⤵
  PID:4056
- C:\Windows\System\tuDqVXy.exe
  C:\Windows\System\tuDqVXy.exe
  2⤵
  PID:1328
- C:\Windows\System\ilMMgVP.exe
  C:\Windows\System\ilMMgVP.exe
  2⤵
  PID:2504
- C:\Windows\System\OQnDUCK.exe
  C:\Windows\System\OQnDUCK.exe
  2⤵
  PID:2828
- C:\Windows\System\HZCVbci.exe
  C:\Windows\System\HZCVbci.exe
  2⤵
  PID:1368
- C:\Windows\System\oJKpcbD.exe
  C:\Windows\System\oJKpcbD.exe
  2⤵
  PID:1952
- C:\Windows\System\IjIxNwc.exe
  C:\Windows\System\IjIxNwc.exe
  2⤵
  PID:2756
- C:\Windows\System\ZcEAGof.exe
  C:\Windows\System\ZcEAGof.exe
  2⤵
  PID:4352
- C:\Windows\System\uVJjulQ.exe
  C:\Windows\System\uVJjulQ.exe
  2⤵
  PID:3820
- C:\Windows\System\PiHNPXI.exe
  C:\Windows\System\PiHNPXI.exe
  2⤵
  PID:2824
- C:\Windows\System\zgsvvtq.exe
  C:\Windows\System\zgsvvtq.exe
  2⤵
  PID:3004
- C:\Windows\System\LUKrEjt.exe
  C:\Windows\System\LUKrEjt.exe
  2⤵
  PID:4816
- C:\Windows\System\kDQmaFq.exe
  C:\Windows\System\kDQmaFq.exe
  2⤵
  PID:1992
- C:\Windows\System\kTGajvG.exe
  C:\Windows\System\kTGajvG.exe
  2⤵
  PID:5124
- C:\Windows\System\PoMzaoI.exe
  C:\Windows\System\PoMzaoI.exe
  2⤵
  PID:5140
- C:\Windows\System\BsFHMfr.exe
  C:\Windows\System\BsFHMfr.exe
  2⤵
  PID:5164
- C:\Windows\System\kEbPnlD.exe
  C:\Windows\System\kEbPnlD.exe
  2⤵
  PID:5180
- C:\Windows\System\KwkZHgT.exe
  C:\Windows\System\KwkZHgT.exe
  2⤵
  PID:5196
- C:\Windows\System\tUdhOET.exe
  C:\Windows\System\tUdhOET.exe
  2⤵
  PID:5212
- C:\Windows\System\vMvHaZn.exe
  C:\Windows\System\vMvHaZn.exe
  2⤵
  PID:5228
- C:\Windows\System\CIrXdbs.exe
  C:\Windows\System\CIrXdbs.exe
  2⤵
  PID:5244
- C:\Windows\System\NxCVmAE.exe
  C:\Windows\System\NxCVmAE.exe
  2⤵
  PID:5260
- C:\Windows\System\PDDxmOw.exe
  C:\Windows\System\PDDxmOw.exe
  2⤵
  PID:5276
- C:\Windows\System\xEQMhPE.exe
  C:\Windows\System\xEQMhPE.exe
  2⤵
  PID:5292
- C:\Windows\System\lyJztQc.exe
  C:\Windows\System\lyJztQc.exe
  2⤵
  PID:5308
- C:\Windows\System\XQsaKWG.exe
  C:\Windows\System\XQsaKWG.exe
  2⤵
  PID:5324
- C:\Windows\System\PfLVXeX.exe
  C:\Windows\System\PfLVXeX.exe
  2⤵
  PID:5340
- C:\Windows\System\CnzlSsL.exe
  C:\Windows\System\CnzlSsL.exe
  2⤵
  PID:5356
- C:\Windows\System\QinSrkn.exe
  C:\Windows\System\QinSrkn.exe
  2⤵
  PID:5376
- C:\Windows\System\yDdvYAY.exe
  C:\Windows\System\yDdvYAY.exe
  2⤵
  PID:5408
- C:\Windows\System\gqhmQsB.exe
  C:\Windows\System\gqhmQsB.exe
  2⤵
  PID:5424
- C:\Windows\System\keMnDpa.exe
  C:\Windows\System\keMnDpa.exe
  2⤵
  PID:5440
- C:\Windows\System\hmpdJnp.exe
  C:\Windows\System\hmpdJnp.exe
  2⤵
  PID:5456
- C:\Windows\System\DkjtPME.exe
  C:\Windows\System\DkjtPME.exe
  2⤵
  PID:5472
- C:\Windows\System\MsNJXVC.exe
  C:\Windows\System\MsNJXVC.exe
  2⤵
  PID:5488
- C:\Windows\System\zomDpTB.exe
  C:\Windows\System\zomDpTB.exe
  2⤵
  PID:5504
- C:\Windows\System\msCkwyP.exe
  C:\Windows\System\msCkwyP.exe
  2⤵
  PID:5520
- C:\Windows\System\CtPSNyD.exe
  C:\Windows\System\CtPSNyD.exe
  2⤵
  PID:5536
- C:\Windows\System\ICdgmRv.exe
  C:\Windows\System\ICdgmRv.exe
  2⤵
  PID:5552
- C:\Windows\System\EvUkjSB.exe
  C:\Windows\System\EvUkjSB.exe
  2⤵
  PID:5568
- C:\Windows\System\kPbxwEX.exe
  C:\Windows\System\kPbxwEX.exe
  2⤵
  PID:5584
- C:\Windows\System\EiHVVEM.exe
  C:\Windows\System\EiHVVEM.exe
  2⤵
  PID:5600
- C:\Windows\System\CTTiScF.exe
  C:\Windows\System\CTTiScF.exe
  2⤵
  PID:5616
- C:\Windows\System\zXqFswt.exe
  C:\Windows\System\zXqFswt.exe
  2⤵
  PID:5632
- C:\Windows\System\HRbSBoi.exe
  C:\Windows\System\HRbSBoi.exe
  2⤵
  PID:5648
- C:\Windows\System\ouenGdM.exe
  C:\Windows\System\ouenGdM.exe
  2⤵
  PID:5664
- C:\Windows\System\HNJWTtI.exe
  C:\Windows\System\HNJWTtI.exe
  2⤵
  PID:5728
- C:\Windows\System\HGhgLuU.exe
  C:\Windows\System\HGhgLuU.exe
  2⤵
  PID:5768
- C:\Windows\System\vwHFDef.exe
  C:\Windows\System\vwHFDef.exe
  2⤵
  PID:5784
- C:\Windows\System\ybStOwd.exe
  C:\Windows\System\ybStOwd.exe
  2⤵
  PID:5808
- C:\Windows\System\iYJLAwd.exe
  C:\Windows\System\iYJLAwd.exe
  2⤵
  PID:5824
- C:\Windows\System\GNpcdZL.exe
  C:\Windows\System\GNpcdZL.exe
  2⤵
  PID:5844
- C:\Windows\System\HaaGmrR.exe
  C:\Windows\System\HaaGmrR.exe
  2⤵
  PID:5876
- C:\Windows\System\JFgiAmj.exe
  C:\Windows\System\JFgiAmj.exe
  2⤵
  PID:6064
- C:\Windows\System\pofugur.exe
  C:\Windows\System\pofugur.exe
  2⤵
  PID:6088
- C:\Windows\System\HxjBBhy.exe
  C:\Windows\System\HxjBBhy.exe
  2⤵
  PID:6112
- C:\Windows\System\tfotBIe.exe
  C:\Windows\System\tfotBIe.exe
  2⤵
  PID:6128
- C:\Windows\System\ZDGaozR.exe
  C:\Windows\System\ZDGaozR.exe
  2⤵
  PID:4988
- C:\Windows\System\AgQxXNV.exe
  C:\Windows\System\AgQxXNV.exe
  2⤵
  PID:4992
- C:\Windows\System\DGVNGED.exe
  C:\Windows\System\DGVNGED.exe
  2⤵
  PID:900
- C:\Windows\System\xbxgRYk.exe
  C:\Windows\System\xbxgRYk.exe
  2⤵
  PID:4060
- C:\Windows\System\luQoXFf.exe
  C:\Windows\System\luQoXFf.exe
  2⤵
  PID:5156
- C:\Windows\System\TsmVLXe.exe
  C:\Windows\System\TsmVLXe.exe
  2⤵
  PID:5160
- C:\Windows\System\KwqzJTj.exe
  C:\Windows\System\KwqzJTj.exe
  2⤵
  PID:5224
- C:\Windows\System\hWpqOFa.exe
  C:\Windows\System\hWpqOFa.exe
  2⤵
  PID:5240
- C:\Windows\System\jeCReyt.exe
  C:\Windows\System\jeCReyt.exe
  2⤵
  PID:5268
- C:\Windows\System\lkYNRqF.exe
  C:\Windows\System\lkYNRqF.exe
  2⤵
  PID:5304
- C:\Windows\System\qdJamKD.exe
  C:\Windows\System\qdJamKD.exe
  2⤵
  PID:5400
- C:\Windows\System\cweVaqr.exe
  C:\Windows\System\cweVaqr.exe
  2⤵
  PID:5452
- C:\Windows\System\oQFhzuQ.exe
  C:\Windows\System\oQFhzuQ.exe
  2⤵
  PID:5484
- C:\Windows\System\BhWYeHY.exe
  C:\Windows\System\BhWYeHY.exe
  2⤵
  PID:5576
- C:\Windows\System\DObifNw.exe
  C:\Windows\System\DObifNw.exe
  2⤵
  PID:5560
- C:\Windows\System\hlybAvy.exe
  C:\Windows\System\hlybAvy.exe
  2⤵
  PID:5564
- C:\Windows\System\qBLvFkZ.exe
  C:\Windows\System\qBLvFkZ.exe
  2⤵
  PID:5628
- C:\Windows\System\iyBoMEC.exe
  C:\Windows\System\iyBoMEC.exe
  2⤵
  PID:5656
- C:\Windows\System\iYzzVkS.exe
  C:\Windows\System\iYzzVkS.exe
  2⤵
  PID:5688
- C:\Windows\System\ibpXRXH.exe
  C:\Windows\System\ibpXRXH.exe
  2⤵
  PID:5712
- C:\Windows\System\WdPmnEH.exe
  C:\Windows\System\WdPmnEH.exe
  2⤵
  PID:5752
- C:\Windows\System\WsCKsfe.exe
  C:\Windows\System\WsCKsfe.exe
  2⤵
  PID:5368
- C:\Windows\System\eFAMQsG.exe
  C:\Windows\System\eFAMQsG.exe
  2⤵
  PID:5792
- C:\Windows\System\jzWLzpU.exe
  C:\Windows\System\jzWLzpU.exe
  2⤵
  PID:5820
- C:\Windows\System\EwGxTiH.exe
  C:\Windows\System\EwGxTiH.exe
  2⤵
  PID:5856
- C:\Windows\System\JcEJfjW.exe
  C:\Windows\System\JcEJfjW.exe
  2⤵
  PID:5860
- C:\Windows\System\GQOBiRc.exe
  C:\Windows\System\GQOBiRc.exe
  2⤵
  PID:5884
- C:\Windows\System\oTHZLub.exe
  C:\Windows\System\oTHZLub.exe
  2⤵
  PID:5924
- C:\Windows\System\LIeSqIR.exe
  C:\Windows\System\LIeSqIR.exe
  2⤵
  PID:5912
- C:\Windows\System\TmdGgKL.exe
  C:\Windows\System\TmdGgKL.exe
  2⤵
  PID:5936
- C:\Windows\System\jAWJBWq.exe
  C:\Windows\System\jAWJBWq.exe
  2⤵
  PID:5948
- C:\Windows\System\OFSubut.exe
  C:\Windows\System\OFSubut.exe
  2⤵
  PID:5968
- C:\Windows\System\diRQuKn.exe
  C:\Windows\System\diRQuKn.exe
  2⤵
  PID:5972
- C:\Windows\System\csRmFcW.exe
  C:\Windows\System\csRmFcW.exe
  2⤵
  PID:6004
- C:\Windows\System\ROWdhMt.exe
  C:\Windows\System\ROWdhMt.exe
  2⤵
  PID:6044
- C:\Windows\System\yNuHsqi.exe
  C:\Windows\System\yNuHsqi.exe
  2⤵
  PID:6104
- C:\Windows\System\RovjBkr.exe
  C:\Windows\System\RovjBkr.exe
  2⤵
  PID:6036
- C:\Windows\System\XtxxtCs.exe
  C:\Windows\System\XtxxtCs.exe
  2⤵
  PID:6056
- C:\Windows\System\GByQoOT.exe
  C:\Windows\System\GByQoOT.exe
  2⤵
  PID:6108
- C:\Windows\System\mHCYhxn.exe
  C:\Windows\System\mHCYhxn.exe
  2⤵
  PID:5092
- C:\Windows\System\cgVjUUI.exe
  C:\Windows\System\cgVjUUI.exe
  2⤵
  PID:5204
- C:\Windows\System\KoGKmUR.exe
  C:\Windows\System\KoGKmUR.exe
  2⤵
  PID:3328
- C:\Windows\System\vEFcoDN.exe
  C:\Windows\System\vEFcoDN.exe
  2⤵
  PID:5272
- C:\Windows\System\kBnNhMp.exe
  C:\Windows\System\kBnNhMp.exe
  2⤵
  PID:5152
- C:\Windows\System\qxyCkcx.exe
  C:\Windows\System\qxyCkcx.exe
  2⤵
  PID:5332
- C:\Windows\System\MIiZWVf.exe
  C:\Windows\System\MIiZWVf.exe
  2⤵
  PID:5220
- C:\Windows\System\NmPiCJD.exe
  C:\Windows\System\NmPiCJD.exe
  2⤵
  PID:5372
- C:\Windows\System\RKSysXp.exe
  C:\Windows\System\RKSysXp.exe
  2⤵
  PID:5468
- C:\Windows\System\UAUIkMP.exe
  C:\Windows\System\UAUIkMP.exe
  2⤵
  PID:5624
- C:\Windows\System\SATZuLx.exe
  C:\Windows\System\SATZuLx.exe
  2⤵
  PID:5392
- C:\Windows\System\xjVEjae.exe
  C:\Windows\System\xjVEjae.exe
  2⤵
  PID:5544
- C:\Windows\System\DaDdUbz.exe
  C:\Windows\System\DaDdUbz.exe
  2⤵
  PID:5644
- C:\Windows\System\WHWthaU.exe
  C:\Windows\System\WHWthaU.exe
  2⤵
  PID:5672
- C:\Windows\System\HgAWLHQ.exe
  C:\Windows\System\HgAWLHQ.exe
  2⤵
  PID:5816
- C:\Windows\System\xJJDVUe.exe
  C:\Windows\System\xJJDVUe.exe
  2⤵
  PID:5692
- C:\Windows\System\ytZRkcd.exe
  C:\Windows\System\ytZRkcd.exe
  2⤵
  PID:5720
- C:\Windows\System\Wazsqft.exe
  C:\Windows\System\Wazsqft.exe
  2⤵
  PID:5684
- C:\Windows\System\dWkympC.exe
  C:\Windows\System\dWkympC.exe
  2⤵
  PID:5940
- C:\Windows\System\ajufFYu.exe
  C:\Windows\System\ajufFYu.exe
  2⤵
  PID:5928
- C:\Windows\System\iHvgStW.exe
  C:\Windows\System\iHvgStW.exe
  2⤵
  PID:5960
- C:\Windows\System\nVwTJUp.exe
  C:\Windows\System\nVwTJUp.exe
  2⤵
  PID:5996
- C:\Windows\System\HTEpxUz.exe
  C:\Windows\System\HTEpxUz.exe
  2⤵
  PID:6012
- C:\Windows\System\wNFdOiW.exe
  C:\Windows\System\wNFdOiW.exe
  2⤵
  PID:6052
- C:\Windows\System\IhPuRBi.exe
  C:\Windows\System\IhPuRBi.exe
  2⤵
  PID:5208
- C:\Windows\System\ojFAQSI.exe
  C:\Windows\System\ojFAQSI.exe
  2⤵
  PID:6100
- C:\Windows\System\uUEknLD.exe
  C:\Windows\System\uUEknLD.exe
  2⤵
  PID:5236
- C:\Windows\System\hhbAIxJ.exe
  C:\Windows\System\hhbAIxJ.exe
  2⤵
  PID:5528
- C:\Windows\System\KmAMerL.exe
  C:\Windows\System\KmAMerL.exe
  2⤵
  PID:5516
- C:\Windows\System\tmUtiht.exe
  C:\Windows\System\tmUtiht.exe
  2⤵
  PID:5480
- C:\Windows\System\aZDFZUG.exe
  C:\Windows\System\aZDFZUG.exe
  2⤵
  PID:5496
- C:\Windows\System\BGbiQMT.exe
  C:\Windows\System\BGbiQMT.exe
  2⤵
  PID:5756
- C:\Windows\System\ZFSwfqR.exe
  C:\Windows\System\ZFSwfqR.exe
  2⤵
  PID:5760
- C:\Windows\System\mqYeebt.exe
  C:\Windows\System\mqYeebt.exe
  2⤵
  PID:5988
- C:\Windows\System\TFFhcgd.exe
  C:\Windows\System\TFFhcgd.exe
  2⤵
  PID:5364
- C:\Windows\System\rANnPSZ.exe
  C:\Windows\System\rANnPSZ.exe
  2⤵
  PID:6080
- C:\Windows\System\CXNgQUr.exe
  C:\Windows\System\CXNgQUr.exe
  2⤵
  PID:6032
- C:\Windows\System\TCtRgqX.exe
  C:\Windows\System\TCtRgqX.exe
  2⤵
  PID:6136
- C:\Windows\System\ooRYvQg.exe
  C:\Windows\System\ooRYvQg.exe
  2⤵
  PID:5336
- C:\Windows\System\nWtQiWj.exe
  C:\Windows\System\nWtQiWj.exe
  2⤵
  PID:5920
- C:\Windows\System\IDviGCD.exe
  C:\Windows\System\IDviGCD.exe
  2⤵
  PID:5868
- C:\Windows\System\OqBmhPP.exe
  C:\Windows\System\OqBmhPP.exe
  2⤵
  PID:5864
- C:\Windows\System\ojPxKrJ.exe
  C:\Windows\System\ojPxKrJ.exe
  2⤵
  PID:2780
- C:\Windows\System\GoNQATv.exe
  C:\Windows\System\GoNQATv.exe
  2⤵
  PID:5256
- C:\Windows\System\awEtWwJ.exe
  C:\Windows\System\awEtWwJ.exe
  2⤵
  PID:5676
- C:\Windows\System\SxJRQpm.exe
  C:\Windows\System\SxJRQpm.exe
  2⤵
  PID:6152
- C:\Windows\System\OSfDihp.exe
  C:\Windows\System\OSfDihp.exe
  2⤵
  PID:6168
- C:\Windows\System\JXyhuGz.exe
  C:\Windows\System\JXyhuGz.exe
  2⤵
  PID:6184
- C:\Windows\System\GhUuJWH.exe
  C:\Windows\System\GhUuJWH.exe
  2⤵
  PID:6200
- C:\Windows\System\gHaGCLM.exe
  C:\Windows\System\gHaGCLM.exe
  2⤵
  PID:6216
- C:\Windows\System\TPUoVHE.exe
  C:\Windows\System\TPUoVHE.exe
  2⤵
  PID:6232
- C:\Windows\System\qpImobV.exe
  C:\Windows\System\qpImobV.exe
  2⤵
  PID:6248
- C:\Windows\System\kKdQsIa.exe
  C:\Windows\System\kKdQsIa.exe
  2⤵
  PID:6264
- C:\Windows\System\xFmzMIb.exe
  C:\Windows\System\xFmzMIb.exe
  2⤵
  PID:6280
- C:\Windows\System\HvNsxZb.exe
  C:\Windows\System\HvNsxZb.exe
  2⤵
  PID:6308
- C:\Windows\System\oBnBPuL.exe
  C:\Windows\System\oBnBPuL.exe
  2⤵
  PID:6344
- C:\Windows\System\PCbtuHo.exe
  C:\Windows\System\PCbtuHo.exe
  2⤵
  PID:6436
- C:\Windows\System\RhBDwMk.exe
  C:\Windows\System\RhBDwMk.exe
  2⤵
  PID:6452
- C:\Windows\System\XwzTvqT.exe
  C:\Windows\System\XwzTvqT.exe
  2⤵
  PID:6480
- C:\Windows\System\ehMTrHn.exe
  C:\Windows\System\ehMTrHn.exe
  2⤵
  PID:6496
- C:\Windows\System\KRzhhrF.exe
  C:\Windows\System\KRzhhrF.exe
  2⤵
  PID:6516
- C:\Windows\System\LnRebBt.exe
  C:\Windows\System\LnRebBt.exe
  2⤵
  PID:6536
- C:\Windows\System\moPpgqO.exe
  C:\Windows\System\moPpgqO.exe
  2⤵
  PID:6552
- C:\Windows\System\HalVhfn.exe
  C:\Windows\System\HalVhfn.exe
  2⤵
  PID:6572
- C:\Windows\System\tvgSuko.exe
  C:\Windows\System\tvgSuko.exe
  2⤵
  PID:6588
- C:\Windows\System\NFKfLDr.exe
  C:\Windows\System\NFKfLDr.exe
  2⤵
  PID:6684
- C:\Windows\System\vfOaxEu.exe
  C:\Windows\System\vfOaxEu.exe
  2⤵
  PID:6704
- C:\Windows\System\lFSlSKE.exe
  C:\Windows\System\lFSlSKE.exe
  2⤵
  PID:6720
- C:\Windows\System\vCTMEdc.exe
  C:\Windows\System\vCTMEdc.exe
  2⤵
  PID:6812
- C:\Windows\System\wjVmJKt.exe
  C:\Windows\System\wjVmJKt.exe
  2⤵
  PID:6828
- C:\Windows\System\VcwgqQw.exe
  C:\Windows\System\VcwgqQw.exe
  2⤵
  PID:6848
- C:\Windows\System\xvWfRpU.exe
  C:\Windows\System\xvWfRpU.exe
  2⤵
  PID:6864
- C:\Windows\System\ZIlTelI.exe
  C:\Windows\System\ZIlTelI.exe
  2⤵
  PID:6880
- C:\Windows\System\pTfBuLv.exe
  C:\Windows\System\pTfBuLv.exe
  2⤵
  PID:6900
- C:\Windows\System\GcvUTuS.exe
  C:\Windows\System\GcvUTuS.exe
  2⤵
  PID:6924
- C:\Windows\System\YzXAifD.exe
  C:\Windows\System\YzXAifD.exe
  2⤵
  PID:6948
- C:\Windows\System\pCxqNJN.exe
  C:\Windows\System\pCxqNJN.exe
  2⤵
  PID:5956
- C:\Windows\System\MnmCpsC.exe
  C:\Windows\System\MnmCpsC.exe
  2⤵
  PID:6148
- C:\Windows\System\YwSsqgJ.exe
  C:\Windows\System\YwSsqgJ.exe
  2⤵
  PID:6196
- C:\Windows\System\OvCuJry.exe
  C:\Windows\System\OvCuJry.exe
  2⤵
  PID:6256
- C:\Windows\System\govcLTR.exe
  C:\Windows\System\govcLTR.exe
  2⤵
  PID:6212
- C:\Windows\System\MvKQsyW.exe
  C:\Windows\System\MvKQsyW.exe
  2⤵
  PID:6120
- C:\Windows\System\vasmVDc.exe
  C:\Windows\System\vasmVDc.exe
  2⤵
  PID:6324
- C:\Windows\System\HmZNFlx.exe
  C:\Windows\System\HmZNFlx.exe
  2⤵
  PID:1964
- C:\Windows\System\OdKVRfK.exe
  C:\Windows\System\OdKVRfK.exe
  2⤵
  PID:6340
- C:\Windows\System\kThrPfY.exe
  C:\Windows\System\kThrPfY.exe
  2⤵
  PID:6396
- C:\Windows\System\DEzbOgG.exe
  C:\Windows\System\DEzbOgG.exe
  2⤵
  PID:6600
- C:\Windows\System\dcOmlog.exe
  C:\Windows\System\dcOmlog.exe
  2⤵
  PID:6624
- C:\Windows\System\CZuXiMY.exe
  C:\Windows\System\CZuXiMY.exe
  2⤵
  PID:6644
- C:\Windows\System\QkJEoXb.exe
  C:\Windows\System\QkJEoXb.exe
  2⤵
  PID:6660
- C:\Windows\System\XnYKhCP.exe
  C:\Windows\System\XnYKhCP.exe
  2⤵
  PID:6716
- C:\Windows\System\otEkeqL.exe
  C:\Windows\System\otEkeqL.exe
  2⤵
  PID:6896
- C:\Windows\System\oiQiaVW.exe
  C:\Windows\System\oiQiaVW.exe
  2⤵
  PID:5740
- C:\Windows\System\BRMGOqm.exe
  C:\Windows\System\BRMGOqm.exe
  2⤵
  PID:6316
- C:\Windows\System\XWiyWkf.exe
  C:\Windows\System\XWiyWkf.exe
  2⤵
  PID:6760
- C:\Windows\System\UjEpQOi.exe
  C:\Windows\System\UjEpQOi.exe
  2⤵
  PID:6872
- C:\Windows\System\VCcKgPf.exe
  C:\Windows\System\VCcKgPf.exe
  2⤵
  PID:1092
- C:\Windows\System\eEPVBfo.exe
  C:\Windows\System\eEPVBfo.exe
  2⤵
  PID:2348
- C:\Windows\System\UlyRBeX.exe
  C:\Windows\System\UlyRBeX.exe
  2⤵
  PID:832
- C:\Windows\System\JLoaeUe.exe
  C:\Windows\System\JLoaeUe.exe
  2⤵
  PID:6244
- C:\Windows\System\KfOIlkA.exe
  C:\Windows\System\KfOIlkA.exe
  2⤵
  PID:6488
- C:\Windows\System\diIkNbI.exe
  C:\Windows\System\diIkNbI.exe
  2⤵
  PID:7088
- C:\Windows\System\LUDVSsd.exe
  C:\Windows\System\LUDVSsd.exe
  2⤵
  PID:6796
- C:\Windows\System\rtQhCIB.exe
  C:\Windows\System\rtQhCIB.exe
  2⤵
  PID:924
- C:\Windows\System\WscFiJO.exe
  C:\Windows\System\WscFiJO.exe
  2⤵
  PID:6192
- C:\Windows\System\krlHhpY.exe
  C:\Windows\System\krlHhpY.exe
  2⤵
  PID:6296
- C:\Windows\System\RHltaPF.exe
  C:\Windows\System\RHltaPF.exe
  2⤵
  PID:6656
- C:\Windows\System\kpiLyWE.exe
  C:\Windows\System\kpiLyWE.exe
  2⤵
  PID:6764
- C:\Windows\System\qtpBvsP.exe
  C:\Windows\System\qtpBvsP.exe
  2⤵
  PID:6824
- C:\Windows\System\VxoUXTv.exe
  C:\Windows\System\VxoUXTv.exe
  2⤵
  PID:6836
- C:\Windows\System\UQlmaWY.exe
  C:\Windows\System\UQlmaWY.exe
  2⤵
  PID:1048
- C:\Windows\System\IJZOAde.exe
  C:\Windows\System\IJZOAde.exe
  2⤵
  PID:6792
- C:\Windows\System\kOeBpHp.exe
  C:\Windows\System\kOeBpHp.exe
  2⤵
  PID:6364
- C:\Windows\System\YsMWILk.exe
  C:\Windows\System\YsMWILk.exe
  2⤵
  PID:6408
- C:\Windows\System\NckflPP.exe
  C:\Windows\System\NckflPP.exe
  2⤵
  PID:6964
- C:\Windows\System\smgcicH.exe
  C:\Windows\System\smgcicH.exe
  2⤵
  PID:6980
- C:\Windows\System\FmuiNBA.exe
  C:\Windows\System\FmuiNBA.exe
  2⤵
  PID:7004
- C:\Windows\System\ZkzfHJs.exe
  C:\Windows\System\ZkzfHJs.exe
  2⤵
  PID:6492
- C:\Windows\System\pPnEJTK.exe
  C:\Windows\System\pPnEJTK.exe
  2⤵
  PID:7160
- C:\Windows\System\cqBOqyG.exe
  C:\Windows\System\cqBOqyG.exe
  2⤵
  PID:6840
- C:\Windows\System\WmlIuyq.exe
  C:\Windows\System\WmlIuyq.exe
  2⤵
  PID:7044
- C:\Windows\System\toKPWAG.exe
  C:\Windows\System\toKPWAG.exe
  2⤵
  PID:7060
- C:\Windows\System\OehLrpi.exe
  C:\Windows\System\OehLrpi.exe
  2⤵
  PID:6632
- C:\Windows\System\YNvbsdR.exe
  C:\Windows\System\YNvbsdR.exe
  2⤵
  PID:7104
- C:\Windows\System\mFepVSU.exe
  C:\Windows\System\mFepVSU.exe
  2⤵
  PID:7128
- C:\Windows\System\MEvtFao.exe
  C:\Windows\System\MEvtFao.exe
  2⤵
  PID:7144
- C:\Windows\System\rkjwuRd.exe
  C:\Windows\System\rkjwuRd.exe
  2⤵
  PID:7148
- C:\Windows\System\gbwlYNo.exe
  C:\Windows\System\gbwlYNo.exe
  2⤵
  PID:5800
- C:\Windows\System\stJshzT.exe
  C:\Windows\System\stJshzT.exe
  2⤵
  PID:6304
- C:\Windows\System\kbthicD.exe
  C:\Windows\System\kbthicD.exe
  2⤵
  PID:6444
- C:\Windows\System\Msniext.exe
  C:\Windows\System\Msniext.exe
  2⤵
  PID:6332
- C:\Windows\System\kqeJEfT.exe
  C:\Windows\System\kqeJEfT.exe
  2⤵
  PID:6464
- C:\Windows\System\bYFZeAD.exe
  C:\Windows\System\bYFZeAD.exe
  2⤵
  PID:6544
- C:\Windows\System\ZBhZUpv.exe
  C:\Windows\System\ZBhZUpv.exe
  2⤵
  PID:6424
- C:\Windows\System\HUVANFI.exe
  C:\Windows\System\HUVANFI.exe
  2⤵
  PID:6728
- C:\Windows\System\ggkERdi.exe
  C:\Windows\System\ggkERdi.exe
  2⤵
  PID:6636
- C:\Windows\System\hxckIhS.exe
  C:\Windows\System\hxckIhS.exe
  2⤵
  PID:6680
- C:\Windows\System\jOAvroi.exe
  C:\Windows\System\jOAvroi.exe
  2⤵
  PID:6360
- C:\Windows\System\ATDqVjC.exe
  C:\Windows\System\ATDqVjC.exe
  2⤵
  PID:6944
- C:\Windows\System\gxfGQfR.exe
  C:\Windows\System\gxfGQfR.exe
  2⤵
  PID:2064
- C:\Windows\System\YctBiWz.exe
  C:\Windows\System\YctBiWz.exe
  2⤵
  PID:6984
- C:\Windows\System\xOWvuPq.exe
  C:\Windows\System\xOWvuPq.exe
  2⤵
  PID:1940
- C:\Windows\System\CoxLMgW.exe
  C:\Windows\System\CoxLMgW.exe
  2⤵
  PID:6392
- C:\Windows\System\ngUEWiI.exe
  C:\Windows\System\ngUEWiI.exe
  2⤵
  PID:6736
- C:\Windows\System\SKKnLeL.exe
  C:\Windows\System\SKKnLeL.exe
  2⤵
  PID:6416
- C:\Windows\System\TbjihXv.exe
  C:\Windows\System\TbjihXv.exe
  2⤵
  PID:6300
- C:\Windows\System\ABYMtex.exe
  C:\Windows\System\ABYMtex.exe
  2⤵
  PID:7036
- C:\Windows\System\ZCGPZpp.exe
  C:\Windows\System\ZCGPZpp.exe
  2⤵
  PID:7116
- C:\Windows\System\EjYrQPP.exe
  C:\Windows\System\EjYrQPP.exe
  2⤵
  PID:5416
- C:\Windows\System\IAhjDSO.exe
  C:\Windows\System\IAhjDSO.exe
  2⤵
  PID:6472
- C:\Windows\System\fVoxGvO.exe
  C:\Windows\System\fVoxGvO.exe
  2⤵
  PID:6548
- C:\Windows\System\dmIqUjo.exe
  C:\Windows\System\dmIqUjo.exe
  2⤵
  PID:6972
- C:\Windows\System\rYyctaZ.exe
  C:\Windows\System\rYyctaZ.exe
  2⤵
  PID:7164
- C:\Windows\System\xKgJkbX.exe
  C:\Windows\System\xKgJkbX.exe
  2⤵
  PID:1216
- C:\Windows\System\ogAEfBN.exe
  C:\Windows\System\ogAEfBN.exe
  2⤵
  PID:6740
- C:\Windows\System\NVaiXZi.exe
  C:\Windows\System\NVaiXZi.exe
  2⤵
  PID:7096
- C:\Windows\System\svGdpyp.exe
  C:\Windows\System\svGdpyp.exe
  2⤵
  PID:3504
- C:\Windows\System\IuRnEMs.exe
  C:\Windows\System\IuRnEMs.exe
  2⤵
  PID:1632
- C:\Windows\System\ctXlOfw.exe
  C:\Windows\System\ctXlOfw.exe
  2⤵
  PID:6460
- C:\Windows\System\OmpXlAy.exe
  C:\Windows\System\OmpXlAy.exe
  2⤵
  PID:6568
- C:\Windows\System\Tdpwfwb.exe
  C:\Windows\System\Tdpwfwb.exe
  2⤵
  PID:6748
- C:\Windows\System\zaVGziY.exe
  C:\Windows\System\zaVGziY.exe
  2⤵
  PID:6772
- C:\Windows\System\kvbFKJf.exe
  C:\Windows\System\kvbFKJf.exe
  2⤵
  PID:6936
- C:\Windows\System\ETgyBQI.exe
  C:\Windows\System\ETgyBQI.exe
  2⤵
  PID:2580
- C:\Windows\System\vDRVdSN.exe
  C:\Windows\System\vDRVdSN.exe
  2⤵
  PID:7024
- C:\Windows\System\SYDfAJD.exe
  C:\Windows\System\SYDfAJD.exe
  2⤵
  PID:1520
- C:\Windows\System\IofJlzu.exe
  C:\Windows\System\IofJlzu.exe
  2⤵
  PID:6712
- C:\Windows\System\FbLKrTh.exe
  C:\Windows\System\FbLKrTh.exe
  2⤵
  PID:7000
- C:\Windows\System\vsSAnpy.exe
  C:\Windows\System\vsSAnpy.exe
  2⤵
  PID:7068
- C:\Windows\System\qhPOMWh.exe
  C:\Windows\System\qhPOMWh.exe
  2⤵
  PID:7140
- C:\Windows\System\dNYtHMs.exe
  C:\Windows\System\dNYtHMs.exe
  2⤵
  PID:3028
- C:\Windows\System\HypUYuJ.exe
  C:\Windows\System\HypUYuJ.exe
  2⤵
  PID:7084
- C:\Windows\System\YbkOcua.exe
  C:\Windows\System\YbkOcua.exe
  2⤵
  PID:6696
- C:\Windows\System\USSLKCu.exe
  C:\Windows\System\USSLKCu.exe
  2⤵
  PID:6380
- C:\Windows\System\jeGyWtX.exe
  C:\Windows\System\jeGyWtX.exe
  2⤵
  PID:5908
- C:\Windows\System\ydFmjxn.exe
  C:\Windows\System\ydFmjxn.exe
  2⤵
  PID:6672
- C:\Windows\System\FRdQJBY.exe
  C:\Windows\System\FRdQJBY.exe
  2⤵
  PID:6940
- C:\Windows\System\xxsitpR.exe
  C:\Windows\System\xxsitpR.exe
  2⤵
  PID:6384
- C:\Windows\System\CdIuJgB.exe
  C:\Windows\System\CdIuJgB.exe
  2⤵
  PID:6800
- C:\Windows\System\yoajKjY.exe
  C:\Windows\System\yoajKjY.exe
  2⤵
  PID:6888
- C:\Windows\System\jnINdsL.exe
  C:\Windows\System\jnINdsL.exe
  2⤵
  PID:2032
- C:\Windows\System\hjrXDaD.exe
  C:\Windows\System\hjrXDaD.exe
  2⤵
  PID:1556
- C:\Windows\System\ApLOczC.exe
  C:\Windows\System\ApLOczC.exe
  2⤵
  PID:1128
- C:\Windows\System\wJXtHXQ.exe
  C:\Windows\System\wJXtHXQ.exe
  2⤵
  PID:2988
- C:\Windows\System\BkajXNZ.exe
  C:\Windows\System\BkajXNZ.exe
  2⤵
  PID:1652
- C:\Windows\System\XUmtiUP.exe
  C:\Windows\System\XUmtiUP.exe
  2⤵
  PID:6856
- C:\Windows\System\ofbnYRL.exe
  C:\Windows\System\ofbnYRL.exe
  2⤵
  PID:7008
- C:\Windows\System\faIgdRM.exe
  C:\Windows\System\faIgdRM.exe
  2⤵
  PID:2448
- C:\Windows\System\EGAPYAP.exe
  C:\Windows\System\EGAPYAP.exe
  2⤵
  PID:1296
- C:\Windows\System\VtRIhIG.exe
  C:\Windows\System\VtRIhIG.exe
  2⤵
  PID:1728
- C:\Windows\System\ZBpDUXw.exe
  C:\Windows\System\ZBpDUXw.exe
  2⤵
  PID:6404
- C:\Windows\System\jdwFjgs.exe
  C:\Windows\System\jdwFjgs.exe
  2⤵
  PID:7180
- C:\Windows\System\eGPiUno.exe
  C:\Windows\System\eGPiUno.exe
  2⤵
  PID:7196
- C:\Windows\System\oZNMYcn.exe
  C:\Windows\System\oZNMYcn.exe
  2⤵
  PID:7212
- C:\Windows\System\HAQKwSa.exe
  C:\Windows\System\HAQKwSa.exe
  2⤵
  PID:7228
- C:\Windows\System\jkjKkbr.exe
  C:\Windows\System\jkjKkbr.exe
  2⤵
  PID:7244
- C:\Windows\System\wrpnkGa.exe
  C:\Windows\System\wrpnkGa.exe
  2⤵
  PID:7272
- C:\Windows\System\GhIYbBw.exe
  C:\Windows\System\GhIYbBw.exe
  2⤵
  PID:7296
- C:\Windows\System\SYwGUtJ.exe
  C:\Windows\System\SYwGUtJ.exe
  2⤵
  PID:7316
- C:\Windows\System\KSHhXqH.exe
  C:\Windows\System\KSHhXqH.exe
  2⤵
  PID:7332
- C:\Windows\System\bcIcbpK.exe
  C:\Windows\System\bcIcbpK.exe
  2⤵
  PID:7348
- C:\Windows\System\KyUeYQK.exe
  C:\Windows\System\KyUeYQK.exe
  2⤵
  PID:7372
- C:\Windows\System\WknYwkY.exe
  C:\Windows\System\WknYwkY.exe
  2⤵
  PID:7392
- C:\Windows\System\VCdtmli.exe
  C:\Windows\System\VCdtmli.exe
  2⤵
  PID:7408
- C:\Windows\System\gKzdFei.exe
  C:\Windows\System\gKzdFei.exe
  2⤵
  PID:7424
- C:\Windows\System\ZrjPoGN.exe
  C:\Windows\System\ZrjPoGN.exe
  2⤵
  PID:7468
- C:\Windows\System\Bdfcxjf.exe
  C:\Windows\System\Bdfcxjf.exe
  2⤵
  PID:7484
- C:\Windows\System\GAVSoOg.exe
  C:\Windows\System\GAVSoOg.exe
  2⤵
  PID:7500
- C:\Windows\System\SnYJvKf.exe
  C:\Windows\System\SnYJvKf.exe
  2⤵
  PID:7516
- C:\Windows\System\fxaCCCH.exe
  C:\Windows\System\fxaCCCH.exe
  2⤵
  PID:7532
- C:\Windows\System\dPYTGFU.exe
  C:\Windows\System\dPYTGFU.exe
  2⤵
  PID:7628
- C:\Windows\System\wSZMbEd.exe
  C:\Windows\System\wSZMbEd.exe
  2⤵
  PID:7644
- C:\Windows\System\KWDfNFw.exe
  C:\Windows\System\KWDfNFw.exe
  2⤵
  PID:7660
- C:\Windows\System\zwqvXOS.exe
  C:\Windows\System\zwqvXOS.exe
  2⤵
  PID:7676
- C:\Windows\System\hbvKNdO.exe
  C:\Windows\System\hbvKNdO.exe
  2⤵
  PID:7692
- C:\Windows\System\ozWpZqK.exe
  C:\Windows\System\ozWpZqK.exe
  2⤵
  PID:7708
- C:\Windows\System\jqxAxOb.exe
  C:\Windows\System\jqxAxOb.exe
  2⤵
  PID:7724
- C:\Windows\System\IYJcaSD.exe
  C:\Windows\System\IYJcaSD.exe
  2⤵
  PID:7740
- C:\Windows\System\DpQqSNB.exe
  C:\Windows\System\DpQqSNB.exe
  2⤵
  PID:7756
- C:\Windows\System\qWvqjjc.exe
  C:\Windows\System\qWvqjjc.exe
  2⤵
  PID:7772
- C:\Windows\System\coTFsZF.exe
  C:\Windows\System\coTFsZF.exe
  2⤵
  PID:7788
- C:\Windows\System\mpdDGWF.exe
  C:\Windows\System\mpdDGWF.exe
  2⤵
  PID:7804
- C:\Windows\System\OcCSlUB.exe
  C:\Windows\System\OcCSlUB.exe
  2⤵
  PID:7820
- C:\Windows\System\zwjFjHh.exe
  C:\Windows\System\zwjFjHh.exe
  2⤵
  PID:7840
- C:\Windows\System\cEHOkKR.exe
  C:\Windows\System\cEHOkKR.exe
  2⤵
  PID:7856
- C:\Windows\System\hQpIpnY.exe
  C:\Windows\System\hQpIpnY.exe
  2⤵
  PID:7872
- C:\Windows\System\LFsoEgS.exe
  C:\Windows\System\LFsoEgS.exe
  2⤵
  PID:7888
- C:\Windows\System\BnLkMoV.exe
  C:\Windows\System\BnLkMoV.exe
  2⤵
  PID:7904
- C:\Windows\System\IwOswbq.exe
  C:\Windows\System\IwOswbq.exe
  2⤵
  PID:7920
- C:\Windows\System\OOziUft.exe
  C:\Windows\System\OOziUft.exe
  2⤵
  PID:7936
- C:\Windows\System\yJQpGAj.exe
  C:\Windows\System\yJQpGAj.exe
  2⤵
  PID:7952
- C:\Windows\System\fDaqVeW.exe
  C:\Windows\System\fDaqVeW.exe
  2⤵
  PID:7968
- C:\Windows\System\bHXKdqx.exe
  C:\Windows\System\bHXKdqx.exe
  2⤵
  PID:7984
- C:\Windows\System\arfHahX.exe
  C:\Windows\System\arfHahX.exe
  2⤵
  PID:8000
- C:\Windows\System\IKGRolR.exe
  C:\Windows\System\IKGRolR.exe
  2⤵
  PID:8016
- C:\Windows\System\GZemBKj.exe
  C:\Windows\System\GZemBKj.exe
  2⤵
  PID:8032
- C:\Windows\System\iJRZPKU.exe
  C:\Windows\System\iJRZPKU.exe
  2⤵
  PID:8048
- C:\Windows\System\mLgZTCb.exe
  C:\Windows\System\mLgZTCb.exe
  2⤵
  PID:8064
- C:\Windows\System\adhAtzy.exe
  C:\Windows\System\adhAtzy.exe
  2⤵
  PID:8080
- C:\Windows\System\zUIpwxO.exe
  C:\Windows\System\zUIpwxO.exe
  2⤵
  PID:8096
- C:\Windows\System\pfMHeXF.exe
  C:\Windows\System\pfMHeXF.exe
  2⤵
  PID:8112
- C:\Windows\System\IveBtGm.exe
  C:\Windows\System\IveBtGm.exe
  2⤵
  PID:8128
- C:\Windows\System\aHIcrtN.exe
  C:\Windows\System\aHIcrtN.exe
  2⤵
  PID:8144
- C:\Windows\System\yriBOda.exe
  C:\Windows\System\yriBOda.exe
  2⤵
  PID:8160
- C:\Windows\System\SYFRgmO.exe
  C:\Windows\System\SYFRgmO.exe
  2⤵
  PID:8176
- C:\Windows\System\AsoPIxj.exe
  C:\Windows\System\AsoPIxj.exe
  2⤵
  PID:2260
- C:\Windows\System\pXNxLKq.exe
  C:\Windows\System\pXNxLKq.exe
  2⤵
  PID:6652
- C:\Windows\System\GPFtMgv.exe
  C:\Windows\System\GPFtMgv.exe
  2⤵
  PID:6372
- C:\Windows\System\bdbRxBz.exe
  C:\Windows\System\bdbRxBz.exe
  2⤵
  PID:7124
- C:\Windows\System\uxgNGuN.exe
  C:\Windows\System\uxgNGuN.exe
  2⤵
  PID:2732
- C:\Windows\System\JKaieef.exe
  C:\Windows\System\JKaieef.exe
  2⤵
  PID:7192
- C:\Windows\System\PfIagsi.exe
  C:\Windows\System\PfIagsi.exe
  2⤵
  PID:7204
- C:\Windows\System\nYcvqwe.exe
  C:\Windows\System\nYcvqwe.exe
  2⤵
  PID:7256
- C:\Windows\System\AMMeGWq.exe
  C:\Windows\System\AMMeGWq.exe
  2⤵
  PID:7312
- C:\Windows\System\MaKYVwz.exe
  C:\Windows\System\MaKYVwz.exe
  2⤵
  PID:7344
- C:\Windows\System\GbDFAXe.exe
  C:\Windows\System\GbDFAXe.exe
  2⤵
  PID:7292
- C:\Windows\System\fSdDJzf.exe
  C:\Windows\System\fSdDJzf.exe
  2⤵
  PID:7364
- C:\Windows\System\hIMRJOT.exe
  C:\Windows\System\hIMRJOT.exe
  2⤵
  PID:7384
- C:\Windows\System\SyxdPLi.exe
  C:\Windows\System\SyxdPLi.exe
  2⤵
  PID:7432
- C:\Windows\System\MvbIcSv.exe
  C:\Windows\System\MvbIcSv.exe
  2⤵
  PID:7512
- C:\Windows\System\LTPvQGJ.exe
  C:\Windows\System\LTPvQGJ.exe
  2⤵
  PID:7440
- C:\Windows\System\dbAKjZG.exe
  C:\Windows\System\dbAKjZG.exe
  2⤵
  PID:7452
- C:\Windows\System\DpJKVPa.exe
  C:\Windows\System\DpJKVPa.exe
  2⤵
  PID:7492
- C:\Windows\System\wIWpJYW.exe
  C:\Windows\System\wIWpJYW.exe
  2⤵
  PID:7564
- C:\Windows\System\FtLsMuE.exe
  C:\Windows\System\FtLsMuE.exe
  2⤵
  PID:7572
- C:\Windows\System\uXpgPSF.exe
  C:\Windows\System\uXpgPSF.exe
  2⤵
  PID:7588
- C:\Windows\System\nkgdMNk.exe
  C:\Windows\System\nkgdMNk.exe
  2⤵
  PID:7604
- C:\Windows\System\bdxaCJr.exe
  C:\Windows\System\bdxaCJr.exe
  2⤵
  PID:7732
- C:\Windows\System\SFnvMIc.exe
  C:\Windows\System\SFnvMIc.exe
  2⤵
  PID:7556
- C:\Windows\System\BeLnPyp.exe
  C:\Windows\System\BeLnPyp.exe
  2⤵
  PID:7768
- C:\Windows\System\arfzmcE.exe
  C:\Windows\System\arfzmcE.exe
  2⤵
  PID:7612
- C:\Windows\System\YaSMniu.exe
  C:\Windows\System\YaSMniu.exe
  2⤵
  PID:7652
- C:\Windows\System\KGHcRPe.exe
  C:\Windows\System\KGHcRPe.exe
  2⤵
  PID:7748
- C:\Windows\System\oTEvyYk.exe
  C:\Windows\System\oTEvyYk.exe
  2⤵
  PID:7684
- C:\Windows\System\MLEpkVF.exe
  C:\Windows\System\MLEpkVF.exe
  2⤵
  PID:7076
- C:\Windows\System\AXmeghc.exe
  C:\Windows\System\AXmeghc.exe
  2⤵
  PID:7864
- C:\Windows\System\qVdoNaR.exe
  C:\Windows\System\qVdoNaR.exe
  2⤵
  PID:7884
- C:\Windows\System\eaKKJPw.exe
  C:\Windows\System\eaKKJPw.exe
  2⤵
  PID:7944
- C:\Windows\System\olVgTpq.exe
  C:\Windows\System\olVgTpq.exe
  2⤵
  PID:7948
- C:\Windows\System\yCYcHNC.exe
  C:\Windows\System\yCYcHNC.exe
  2⤵
  PID:7964
- C:\Windows\System\LSJcaas.exe
  C:\Windows\System\LSJcaas.exe
  2⤵
  PID:8012
- C:\Windows\System\PLYtfvS.exe
  C:\Windows\System\PLYtfvS.exe
  2⤵
  PID:8044
- C:\Windows\System\yDwfXGo.exe
  C:\Windows\System\yDwfXGo.exe
  2⤵
  PID:8056
- C:\Windows\System\ZUZQWDH.exe
  C:\Windows\System\ZUZQWDH.exe
  2⤵
  PID:8124
- C:\Windows\System\OGCUFeU.exe
  C:\Windows\System\OGCUFeU.exe
  2⤵
  PID:8140
- C:\Windows\System\fUOnKps.exe
  C:\Windows\System\fUOnKps.exe
  2⤵
  PID:7052
- C:\Windows\System\mMwIjfy.exe
  C:\Windows\System\mMwIjfy.exe
  2⤵
  PID:6692
- C:\Windows\System\gpYaSfC.exe
  C:\Windows\System\gpYaSfC.exe
  2⤵
  PID:2808
- C:\Windows\System\dtxvBJB.exe
  C:\Windows\System\dtxvBJB.exe
  2⤵
  PID:1364
- C:\Windows\System\dfHfRzg.exe
  C:\Windows\System\dfHfRzg.exe
  2⤵
  PID:7236
- C:\Windows\System\lMdfIga.exe
  C:\Windows\System\lMdfIga.exe
  2⤵
  PID:7264
- C:\Windows\System\ycTfBmn.exe
  C:\Windows\System\ycTfBmn.exe
  2⤵
  PID:7368
- C:\Windows\System\jWVdeTD.exe
  C:\Windows\System\jWVdeTD.exe
  2⤵
  PID:7420
- C:\Windows\System\BGjYZVc.exe
  C:\Windows\System\BGjYZVc.exe
  2⤵
  PID:7464
- C:\Windows\System\xaMMLgT.exe
  C:\Windows\System\xaMMLgT.exe
  2⤵
  PID:7668
- C:\Windows\System\oGJmgeW.exe
  C:\Windows\System\oGJmgeW.exe
  2⤵
  PID:7528
- C:\Windows\System\qANcsTK.exe
  C:\Windows\System\qANcsTK.exe
  2⤵
  PID:2996
- C:\Windows\System\TWShnPR.exe
  C:\Windows\System\TWShnPR.exe
  2⤵
  PID:7548
- C:\Windows\System\ShcArHM.exe
  C:\Windows\System\ShcArHM.exe
  2⤵
  PID:7780
- C:\Windows\System\vvlytMg.exe
  C:\Windows\System\vvlytMg.exe
  2⤵
  PID:7616
- C:\Windows\System\KsMWdSW.exe
  C:\Windows\System\KsMWdSW.exe
  2⤵
  PID:7636
- C:\Windows\System\COfHtCv.exe
  C:\Windows\System\COfHtCv.exe
  2⤵
  PID:7832
- C:\Windows\System\TRiUTPV.exe
  C:\Windows\System\TRiUTPV.exe
  2⤵
  PID:7916
- C:\Windows\System\HZHxJJY.exe
  C:\Windows\System\HZHxJJY.exe
  2⤵
  PID:7980
- C:\Windows\System\dMfBBCh.exe
  C:\Windows\System\dMfBBCh.exe
  2⤵
  PID:8040
- C:\Windows\System\cFbNQNb.exe
  C:\Windows\System\cFbNQNb.exe
  2⤵
  PID:7172
- C:\Windows\System\FBMmCAX.exe
  C:\Windows\System\FBMmCAX.exe
  2⤵
  PID:7224
- C:\Windows\System\TKUfFto.exe
  C:\Windows\System\TKUfFto.exe
  2⤵
  PID:8152
- C:\Windows\System\eKUTCuy.exe
  C:\Windows\System\eKUTCuy.exe
  2⤵
  PID:928
- C:\Windows\System\aLROikS.exe
  C:\Windows\System\aLROikS.exe
  2⤵
  PID:7416
- C:\Windows\System\SCeyxvO.exe
  C:\Windows\System\SCeyxvO.exe
  2⤵
  PID:7436
- C:\Windows\System\cjjMfyg.exe
  C:\Windows\System\cjjMfyg.exe
  2⤵
  PID:1464
- C:\Windows\System\klRmFtW.exe
  C:\Windows\System\klRmFtW.exe
  2⤵
  PID:7480
- C:\Windows\System\GacLxyr.exe
  C:\Windows\System\GacLxyr.exe
  2⤵
  PID:7624
- C:\Windows\System\xUgJZrE.exe
  C:\Windows\System\xUgJZrE.exe
  2⤵
  PID:7900
- C:\Windows\System\UFaTjiB.exe
  C:\Windows\System\UFaTjiB.exe
  2⤵
  PID:7596
- C:\Windows\System\rSxIjfi.exe
  C:\Windows\System\rSxIjfi.exe
  2⤵
  PID:7852
- C:\Windows\System\vJGkMFU.exe
  C:\Windows\System\vJGkMFU.exe
  2⤵
  PID:8136
- C:\Windows\System\AYMrATj.exe
  C:\Windows\System\AYMrATj.exe
  2⤵
  PID:7356
- C:\Windows\System\kfGEarW.exe
  C:\Windows\System\kfGEarW.exe
  2⤵
  PID:7288
- C:\Windows\System\fIzoXIs.exe
  C:\Windows\System\fIzoXIs.exe
  2⤵
  PID:7448
- C:\Windows\System\vDRrVMb.exe
  C:\Windows\System\vDRrVMb.exe
  2⤵
  PID:7560
- C:\Windows\System\cjHgjOb.exe
  C:\Windows\System\cjHgjOb.exe
  2⤵
  PID:8156
- C:\Windows\System\qOpFOrL.exe
  C:\Windows\System\qOpFOrL.exe
  2⤵
  PID:8108
- C:\Windows\System\aHUNoFs.exe
  C:\Windows\System\aHUNoFs.exe
  2⤵
  PID:7308
- C:\Windows\System\QAMgFqC.exe
  C:\Windows\System\QAMgFqC.exe
  2⤵
  PID:7812
- C:\Windows\System\AvkHZNH.exe
  C:\Windows\System\AvkHZNH.exe
  2⤵
  PID:8104
- C:\Windows\System\YwSxdqb.exe
  C:\Windows\System\YwSxdqb.exe
  2⤵
  PID:7848
- C:\Windows\System\CKHUGUo.exe
  C:\Windows\System\CKHUGUo.exe
  2⤵
  PID:8196
- C:\Windows\System\fltyqEt.exe
  C:\Windows\System\fltyqEt.exe
  2⤵
  PID:8212
- C:\Windows\System\Lbkeyju.exe
  C:\Windows\System\Lbkeyju.exe
  2⤵
  PID:8228
- C:\Windows\System\DUvJFpx.exe
  C:\Windows\System\DUvJFpx.exe
  2⤵
  PID:8244
- C:\Windows\System\oYFPKIu.exe
  C:\Windows\System\oYFPKIu.exe
  2⤵
  PID:8260
- C:\Windows\System\PZoDIWc.exe
  C:\Windows\System\PZoDIWc.exe
  2⤵
  PID:8276
- C:\Windows\System\PtdXlUF.exe
  C:\Windows\System\PtdXlUF.exe
  2⤵
  PID:8292
- C:\Windows\System\iKwxnnL.exe
  C:\Windows\System\iKwxnnL.exe
  2⤵
  PID:8308
- C:\Windows\System\lYOBIsP.exe
  C:\Windows\System\lYOBIsP.exe
  2⤵
  PID:8324
- C:\Windows\System\LpXmxZy.exe
  C:\Windows\System\LpXmxZy.exe
  2⤵
  PID:8340
- C:\Windows\System\fuoPQBU.exe
  C:\Windows\System\fuoPQBU.exe
  2⤵
  PID:8360
- C:\Windows\System\ugZZtdc.exe
  C:\Windows\System\ugZZtdc.exe
  2⤵
  PID:8376
- C:\Windows\System\bOxLFSj.exe
  C:\Windows\System\bOxLFSj.exe
  2⤵
  PID:8392
- C:\Windows\System\frTBowA.exe
  C:\Windows\System\frTBowA.exe
  2⤵
  PID:8408
- C:\Windows\System\jEUEYUe.exe
  C:\Windows\System\jEUEYUe.exe
  2⤵
  PID:8424
- C:\Windows\System\XwKvqad.exe
  C:\Windows\System\XwKvqad.exe
  2⤵
  PID:8440
- C:\Windows\System\ZBsIgeC.exe
  C:\Windows\System\ZBsIgeC.exe
  2⤵
  PID:8456
- C:\Windows\System\sadzIXS.exe
  C:\Windows\System\sadzIXS.exe
  2⤵
  PID:8472
- C:\Windows\System\DJRUVXE.exe
  C:\Windows\System\DJRUVXE.exe
  2⤵
  PID:8488
- C:\Windows\System\QOGfMCF.exe
  C:\Windows\System\QOGfMCF.exe
  2⤵
  PID:8504
- C:\Windows\System\QMrceXU.exe
  C:\Windows\System\QMrceXU.exe
  2⤵
  PID:8520
- C:\Windows\System\fhKDuYx.exe
  C:\Windows\System\fhKDuYx.exe
  2⤵
  PID:8536
- C:\Windows\System\vgbLsSU.exe
  C:\Windows\System\vgbLsSU.exe
  2⤵
  PID:8552
- C:\Windows\System\vwGzbLx.exe
  C:\Windows\System\vwGzbLx.exe
  2⤵
  PID:8568
- C:\Windows\System\QszsLJX.exe
  C:\Windows\System\QszsLJX.exe
  2⤵
  PID:8584
- C:\Windows\System\VDjtxJQ.exe
  C:\Windows\System\VDjtxJQ.exe
  2⤵
  PID:8600
- C:\Windows\System\ijeKEtF.exe
  C:\Windows\System\ijeKEtF.exe
  2⤵
  PID:8616
- C:\Windows\System\RVGMhKB.exe
  C:\Windows\System\RVGMhKB.exe
  2⤵
  PID:8632
- C:\Windows\System\TwTTbBA.exe
  C:\Windows\System\TwTTbBA.exe
  2⤵
  PID:8648
- C:\Windows\System\HcjeLli.exe
  C:\Windows\System\HcjeLli.exe
  2⤵
  PID:8664
- C:\Windows\System\hwfsbCx.exe
  C:\Windows\System\hwfsbCx.exe
  2⤵
  PID:8680
- C:\Windows\System\cDEKgfg.exe
  C:\Windows\System\cDEKgfg.exe
  2⤵
  PID:8696
- C:\Windows\System\AbSlcMO.exe
  C:\Windows\System\AbSlcMO.exe
  2⤵
  PID:8712
- C:\Windows\System\xyalgYf.exe
  C:\Windows\System\xyalgYf.exe
  2⤵
  PID:8728
- C:\Windows\System\ULbLjRt.exe
  C:\Windows\System\ULbLjRt.exe
  2⤵
  PID:8744
- C:\Windows\System\NrnbIwG.exe
  C:\Windows\System\NrnbIwG.exe
  2⤵
  PID:8760
- C:\Windows\System\vkmEPIt.exe
  C:\Windows\System\vkmEPIt.exe
  2⤵
  PID:8776
- C:\Windows\System\aXqoQCc.exe
  C:\Windows\System\aXqoQCc.exe
  2⤵
  PID:8792
- C:\Windows\System\RuVxMuA.exe
  C:\Windows\System\RuVxMuA.exe
  2⤵
  PID:8808
- C:\Windows\System\WhngMvz.exe
  C:\Windows\System\WhngMvz.exe
  2⤵
  PID:8824
- C:\Windows\System\PzSCotn.exe
  C:\Windows\System\PzSCotn.exe
  2⤵
  PID:8840
- C:\Windows\System\lYmyPbI.exe
  C:\Windows\System\lYmyPbI.exe
  2⤵
  PID:8856
- C:\Windows\System\XhhraiH.exe
  C:\Windows\System\XhhraiH.exe
  2⤵
  PID:8872
- C:\Windows\System\dZhIPxe.exe
  C:\Windows\System\dZhIPxe.exe
  2⤵
  PID:8888
- C:\Windows\System\UlRXXNJ.exe
  C:\Windows\System\UlRXXNJ.exe
  2⤵
  PID:8904
- C:\Windows\System\PlKwOPo.exe
  C:\Windows\System\PlKwOPo.exe
  2⤵
  PID:8920
- C:\Windows\System\klRBlnC.exe
  C:\Windows\System\klRBlnC.exe
  2⤵
  PID:8940
- C:\Windows\System\RTmSGJU.exe
  C:\Windows\System\RTmSGJU.exe
  2⤵
  PID:8956
- C:\Windows\System\oXPcJaE.exe
  C:\Windows\System\oXPcJaE.exe
  2⤵
  PID:8972
- C:\Windows\System\AsCqnxl.exe
  C:\Windows\System\AsCqnxl.exe
  2⤵
  PID:8988
- C:\Windows\System\AtnwaQw.exe
  C:\Windows\System\AtnwaQw.exe
  2⤵
  PID:9004
- C:\Windows\System\aYGdJOQ.exe
  C:\Windows\System\aYGdJOQ.exe
  2⤵
  PID:9020
- C:\Windows\System\QVZjjtJ.exe
  C:\Windows\System\QVZjjtJ.exe
  2⤵
  PID:9036
- C:\Windows\System\oSZxcdI.exe
  C:\Windows\System\oSZxcdI.exe
  2⤵
  PID:9052
- C:\Windows\System\JPhATZm.exe
  C:\Windows\System\JPhATZm.exe
  2⤵
  PID:9068
- C:\Windows\System\FpWnZnw.exe
  C:\Windows\System\FpWnZnw.exe
  2⤵
  PID:9084
- C:\Windows\System\mFxZyqv.exe
  C:\Windows\System\mFxZyqv.exe
  2⤵
  PID:9100
- C:\Windows\System\WzEXcDj.exe
  C:\Windows\System\WzEXcDj.exe
  2⤵
  PID:9116
- C:\Windows\System\FbkuExb.exe
  C:\Windows\System\FbkuExb.exe
  2⤵
  PID:9132
- C:\Windows\System\WyECkLr.exe
  C:\Windows\System\WyECkLr.exe
  2⤵
  PID:9148
- C:\Windows\System\jTqYnrg.exe
  C:\Windows\System\jTqYnrg.exe
  2⤵
  PID:9164
- C:\Windows\System\yskKjEZ.exe
  C:\Windows\System\yskKjEZ.exe
  2⤵
  PID:9180
- C:\Windows\System\DeJitIY.exe
  C:\Windows\System\DeJitIY.exe
  2⤵
  PID:9196
- C:\Windows\System\AzBJCZq.exe
  C:\Windows\System\AzBJCZq.exe
  2⤵
  PID:9212
- C:\Windows\System\uUvfQSX.exe
  C:\Windows\System\uUvfQSX.exe
  2⤵
  PID:8208
- C:\Windows\System\WyKjUoZ.exe
  C:\Windows\System\WyKjUoZ.exe
  2⤵
  PID:8252
- C:\Windows\System\CwBbcSG.exe
  C:\Windows\System\CwBbcSG.exe
  2⤵
  PID:8336
- C:\Windows\System\zospsWb.exe
  C:\Windows\System\zospsWb.exe
  2⤵
  PID:8224
- C:\Windows\System\oEWAbsh.exe
  C:\Windows\System\oEWAbsh.exe
  2⤵
  PID:8288
- C:\Windows\System\ZWEKtvo.exe
  C:\Windows\System\ZWEKtvo.exe
  2⤵
  PID:8372
- C:\Windows\System\ukptcCv.exe
  C:\Windows\System\ukptcCv.exe
  2⤵
  PID:8404
- C:\Windows\System\bWFJEVl.exe
  C:\Windows\System\bWFJEVl.exe
  2⤵
  PID:8468
- C:\Windows\System\LBJvBaV.exe
  C:\Windows\System\LBJvBaV.exe
  2⤵
  PID:8416
- C:\Windows\System\eFdCnVf.exe
  C:\Windows\System\eFdCnVf.exe
  2⤵
  PID:8452
- C:\Windows\System\RzxAISB.exe
  C:\Windows\System\RzxAISB.exe
  2⤵
  PID:8544
- C:\Windows\System\kKjblwo.exe
  C:\Windows\System\kKjblwo.exe
  2⤵
  PID:8612
- C:\Windows\System\NnrcooE.exe
  C:\Windows\System\NnrcooE.exe
  2⤵
  PID:8564
- C:\Windows\System\YuEsgla.exe
  C:\Windows\System\YuEsgla.exe
  2⤵
  PID:8640
- C:\Windows\System\cUmBNhO.exe
  C:\Windows\System\cUmBNhO.exe
  2⤵
  PID:8676
- C:\Windows\System\oEZeWnh.exe
  C:\Windows\System\oEZeWnh.exe
  2⤵
  PID:8692
- C:\Windows\System\DTwLjTz.exe
  C:\Windows\System\DTwLjTz.exe
  2⤵
  PID:8720
- C:\Windows\System\mqwLEuW.exe
  C:\Windows\System\mqwLEuW.exe
  2⤵
  PID:8752
- C:\Windows\System\QdeRYFr.exe
  C:\Windows\System\QdeRYFr.exe
  2⤵
  PID:8800
- C:\Windows\System\FxpsBrg.exe
  C:\Windows\System\FxpsBrg.exe
  2⤵
  PID:8836
- C:\Windows\System\IAKZSun.exe
  C:\Windows\System\IAKZSun.exe
  2⤵
  PID:8788
- C:\Windows\System\eYTOsgQ.exe
  C:\Windows\System\eYTOsgQ.exe
  2⤵
  PID:8848
- C:\Windows\System\lxBZdLB.exe
  C:\Windows\System\lxBZdLB.exe
  2⤵
  PID:8916
- C:\Windows\System\uePkcQq.exe
  C:\Windows\System\uePkcQq.exe
  2⤵
  PID:9000
- C:\Windows\System\LKVgLxb.exe
  C:\Windows\System\LKVgLxb.exe
  2⤵
  PID:9060
- C:\Windows\System\LkFfwSo.exe
  C:\Windows\System\LkFfwSo.exe
  2⤵
  PID:9124
- C:\Windows\System\jswcKaa.exe
  C:\Windows\System\jswcKaa.exe
  2⤵
  PID:8236
- C:\Windows\System\tcLnsRb.exe
  C:\Windows\System\tcLnsRb.exe
  2⤵
  PID:8220
- C:\Windows\System\kTKTADG.exe
  C:\Windows\System\kTKTADG.exe
  2⤵
  PID:8500
- C:\Windows\System\BdHvidB.exe
  C:\Windows\System\BdHvidB.exe
  2⤵
  PID:8512
- C:\Windows\System\CrDiavi.exe
  C:\Windows\System\CrDiavi.exe
  2⤵
  PID:8596
- C:\Windows\System\zbsNuEw.exe
  C:\Windows\System\zbsNuEw.exe
  2⤵
  PID:8028
- C:\Windows\System\WVMyKzn.exe
  C:\Windows\System\WVMyKzn.exe
  2⤵
  PID:8756
- C:\Windows\System\kKReDDV.exe
  C:\Windows\System\kKReDDV.exe
  2⤵
  PID:8996
- C:\Windows\System\AsOZkRw.exe
  C:\Windows\System\AsOZkRw.exe
  2⤵
  PID:8980
- C:\Windows\System\JbGyevA.exe
  C:\Windows\System\JbGyevA.exe
  2⤵
  PID:9156
- C:\Windows\System\JcFwXsT.exe
  C:\Windows\System\JcFwXsT.exe
  2⤵
  PID:9076
- C:\Windows\System\eAwNAkw.exe
  C:\Windows\System\eAwNAkw.exe
  2⤵
  PID:9108
- C:\Windows\System\kvOslwA.exe
  C:\Windows\System\kvOslwA.exe
  2⤵
  PID:9204
- C:\Windows\System\IUKqgVN.exe
  C:\Windows\System\IUKqgVN.exe
  2⤵
  PID:8464
- C:\Windows\System\dNVfJWz.exe
  C:\Windows\System\dNVfJWz.exe
  2⤵
  PID:8560
- C:\Windows\System\zgGmFwp.exe
  C:\Windows\System\zgGmFwp.exe
  2⤵
  PID:8516
- C:\Windows\System\Iwthfex.exe
  C:\Windows\System\Iwthfex.exe
  2⤵
  PID:9032
- C:\Windows\System\AuPWtew.exe
  C:\Windows\System\AuPWtew.exe
  2⤵
  PID:9172
- C:\Windows\System\iYkBbfg.exe
  C:\Windows\System\iYkBbfg.exe
  2⤵
  PID:7996
- C:\Windows\System\rOvDSfv.exe
  C:\Windows\System\rOvDSfv.exe
  2⤵
  PID:8384
- C:\Windows\System\odRlRee.exe
  C:\Windows\System\odRlRee.exe
  2⤵
  PID:8660
- C:\Windows\System\hUANnsp.exe
  C:\Windows\System\hUANnsp.exe
  2⤵
  PID:8484
- C:\Windows\System\XAtZjDc.exe
  C:\Windows\System\XAtZjDc.exe
  2⤵
  PID:9240
- C:\Windows\System\yWqfpLn.exe
  C:\Windows\System\yWqfpLn.exe
  2⤵
  PID:9256
- C:\Windows\System\bMZnDGe.exe
  C:\Windows\System\bMZnDGe.exe
  2⤵
  PID:9272
- C:\Windows\System\ODMEapq.exe
  C:\Windows\System\ODMEapq.exe
  2⤵
  PID:9288
- C:\Windows\System\TkjjzlR.exe
  C:\Windows\System\TkjjzlR.exe
  2⤵
  PID:9304
- C:\Windows\System\ZRcqUCS.exe
  C:\Windows\System\ZRcqUCS.exe
  2⤵
  PID:9320
- C:\Windows\System\ECIWVRp.exe
  C:\Windows\System\ECIWVRp.exe
  2⤵
  PID:9336
- C:\Windows\System\lnaBFgs.exe
  C:\Windows\System\lnaBFgs.exe
  2⤵
  PID:9352
- C:\Windows\System\ggTtGcU.exe
  C:\Windows\System\ggTtGcU.exe
  2⤵
  PID:9368
- C:\Windows\System\yMuJvSH.exe
  C:\Windows\System\yMuJvSH.exe
  2⤵
  PID:9384
- C:\Windows\System\dhpIaMd.exe
  C:\Windows\System\dhpIaMd.exe
  2⤵
  PID:9400
- C:\Windows\System\mbuudNH.exe
  C:\Windows\System\mbuudNH.exe
  2⤵
  PID:9416
- C:\Windows\System\RljtJcz.exe
  C:\Windows\System\RljtJcz.exe
  2⤵
  PID:9432
- C:\Windows\System\brIfTqy.exe
  C:\Windows\System\brIfTqy.exe
  2⤵
  PID:9448
- C:\Windows\System\rNcvUTB.exe
  C:\Windows\System\rNcvUTB.exe
  2⤵
  PID:9464
- C:\Windows\System\ioQkMQv.exe
  C:\Windows\System\ioQkMQv.exe
  2⤵
  PID:9480
- C:\Windows\System\FmrGgwf.exe
  C:\Windows\System\FmrGgwf.exe
  2⤵
  PID:9496
- C:\Windows\System\CdGZJSF.exe
  C:\Windows\System\CdGZJSF.exe
  2⤵
  PID:9512
- C:\Windows\System\IsaXARU.exe
  C:\Windows\System\IsaXARU.exe
  2⤵
  PID:9528
- C:\Windows\System\RYyLdnV.exe
  C:\Windows\System\RYyLdnV.exe
  2⤵
  PID:9544
- C:\Windows\System\UlUGrmo.exe
  C:\Windows\System\UlUGrmo.exe
  2⤵
  PID:9560
- C:\Windows\System\lNltAMf.exe
  C:\Windows\System\lNltAMf.exe
  2⤵
  PID:9576
- C:\Windows\System\xTYhuPc.exe
  C:\Windows\System\xTYhuPc.exe
  2⤵
  PID:9592
- C:\Windows\System\TEbuDTW.exe
  C:\Windows\System\TEbuDTW.exe
  2⤵
  PID:9608
- C:\Windows\System\QEMEixK.exe
  C:\Windows\System\QEMEixK.exe
  2⤵
  PID:9628
- C:\Windows\System\vRJxwfk.exe
  C:\Windows\System\vRJxwfk.exe
  2⤵
  PID:9656
- C:\Windows\System\hTdRycA.exe
  C:\Windows\System\hTdRycA.exe
  2⤵
  PID:9676
- C:\Windows\System\chairZg.exe
  C:\Windows\System\chairZg.exe
  2⤵
  PID:9692
- C:\Windows\System\kIHGhRB.exe
  C:\Windows\System\kIHGhRB.exe
  2⤵
  PID:9708
- C:\Windows\System\UttKxky.exe
  C:\Windows\System\UttKxky.exe
  2⤵
  PID:9728
- C:\Windows\System\ugGEkyy.exe
  C:\Windows\System\ugGEkyy.exe
  2⤵
  PID:9744
- C:\Windows\System\zvzMkcA.exe
  C:\Windows\System\zvzMkcA.exe
  2⤵
  PID:9812
- C:\Windows\System\gPcNDxK.exe
  C:\Windows\System\gPcNDxK.exe
  2⤵
  PID:9836
- C:\Windows\System\MHlRiTW.exe
  C:\Windows\System\MHlRiTW.exe
  2⤵
  PID:9860
- C:\Windows\System\kbGFskg.exe
  C:\Windows\System\kbGFskg.exe
  2⤵
  PID:9960
- C:\Windows\System\zNyKykz.exe
  C:\Windows\System\zNyKykz.exe
  2⤵
  PID:9976
- C:\Windows\System\tvvoZvz.exe
  C:\Windows\System\tvvoZvz.exe
  2⤵
  PID:9992
- C:\Windows\System\NzcVbRq.exe
  C:\Windows\System\NzcVbRq.exe
  2⤵
  PID:10008
- C:\Windows\System\IqlgJDT.exe
  C:\Windows\System\IqlgJDT.exe
  2⤵
  PID:10028
- C:\Windows\System\DDNwrVR.exe
  C:\Windows\System\DDNwrVR.exe
  2⤵
  PID:10044
- C:\Windows\System\xbfobhe.exe
  C:\Windows\System\xbfobhe.exe
  2⤵
  PID:10060
- C:\Windows\System\uFqAWGN.exe
  C:\Windows\System\uFqAWGN.exe
  2⤵
  PID:10080
- C:\Windows\System\mHZKBYs.exe
  C:\Windows\System\mHZKBYs.exe
  2⤵
  PID:10096
- C:\Windows\System\mOWrrrt.exe
  C:\Windows\System\mOWrrrt.exe
  2⤵
  PID:10112
- C:\Windows\System\TTQFnWH.exe
  C:\Windows\System\TTQFnWH.exe
  2⤵
  PID:10136
- C:\Windows\System\tRPwWpv.exe
  C:\Windows\System\tRPwWpv.exe
  2⤵
  PID:10152
- C:\Windows\System\FPlhtnz.exe
  C:\Windows\System\FPlhtnz.exe
  2⤵
  PID:10172
- C:\Windows\System\yWDIYFr.exe
  C:\Windows\System\yWDIYFr.exe
  2⤵
  PID:10200
- C:\Windows\System\KuGHgiG.exe
  C:\Windows\System\KuGHgiG.exe
  2⤵
  PID:10216
- C:\Windows\System\kXSNupn.exe
  C:\Windows\System\kXSNupn.exe
  2⤵
  PID:10232
- C:\Windows\System\YnEfzAm.exe
  C:\Windows\System\YnEfzAm.exe
  2⤵
  PID:9236
- C:\Windows\System\BjIXbFG.exe
  C:\Windows\System\BjIXbFG.exe
  2⤵
  PID:8964
- C:\Windows\System\oxPanIa.exe
  C:\Windows\System\oxPanIa.exe
  2⤵
  PID:8936
- C:\Windows\System\MmLidtm.exe
  C:\Windows\System\MmLidtm.exe
  2⤵
  PID:8968
- C:\Windows\System\dRaswMH.exe
  C:\Windows\System\dRaswMH.exe
  2⤵
  PID:9048
- C:\Windows\System\aRWAdDV.exe
  C:\Windows\System\aRWAdDV.exe
  2⤵
  PID:8672
- C:\Windows\System\BxEgXnx.exe
  C:\Windows\System\BxEgXnx.exe
  2⤵
  PID:8608
- C:\Windows\System\iMZLRsn.exe
  C:\Windows\System\iMZLRsn.exe
  2⤵
  PID:8284
- C:\Windows\System\EpWdVuG.exe
  C:\Windows\System\EpWdVuG.exe
  2⤵
  PID:8356
- C:\Windows\System\kbEqRbe.exe
  C:\Windows\System\kbEqRbe.exe
  2⤵
  PID:9296
- C:\Windows\System\KnNkLzk.exe
  C:\Windows\System\KnNkLzk.exe
  2⤵
  PID:9316
- C:\Windows\System\OGAxIoI.exe
  C:\Windows\System\OGAxIoI.exe
  2⤵
  PID:9392
- C:\Windows\System\MRYrIYC.exe
  C:\Windows\System\MRYrIYC.exe
  2⤵
  PID:2540
- C:\Windows\System\ExjHBcV.exe
  C:\Windows\System\ExjHBcV.exe
  2⤵
  PID:9456
- C:\Windows\System\dTmdaFy.exe
  C:\Windows\System\dTmdaFy.exe
  2⤵
  PID:9520
- C:\Windows\System\VhNVhcR.exe
  C:\Windows\System\VhNVhcR.exe
  2⤵
  PID:9408
- C:\Windows\System\MOcBSpi.exe
  C:\Windows\System\MOcBSpi.exe
  2⤵
  PID:9472
- C:\Windows\System\SbcBmXB.exe
  C:\Windows\System\SbcBmXB.exe
  2⤵
  PID:9536
- C:\Windows\System\mtUJhIV.exe
  C:\Windows\System\mtUJhIV.exe
  2⤵
  PID:9600
- C:\Windows\System\dqPrZrP.exe
  C:\Windows\System\dqPrZrP.exe
  2⤵
  PID:9616
- C:\Windows\System\nuJuHcJ.exe
  C:\Windows\System\nuJuHcJ.exe
  2⤵
  PID:9652
- C:\Windows\System\sPVAGyi.exe
  C:\Windows\System\sPVAGyi.exe
  2⤵
  PID:9584
- C:\Windows\System\CyNZPfQ.exe
  C:\Windows\System\CyNZPfQ.exe
  2⤵
  PID:9668
- C:\Windows\System\fJpIUbo.exe
  C:\Windows\System\fJpIUbo.exe
  2⤵
  PID:9700
- C:\Windows\System\IKzOaMB.exe
  C:\Windows\System\IKzOaMB.exe
  2⤵
  PID:9764
- C:\Windows\System\LoXTWmz.exe
  C:\Windows\System\LoXTWmz.exe
  2⤵
  PID:9808
- C:\Windows\System\TThbibr.exe
  C:\Windows\System\TThbibr.exe
  2⤵
  PID:9892
- C:\Windows\System\foQwgtx.exe
  C:\Windows\System\foQwgtx.exe
  2⤵
  PID:9932
- C:\Windows\System\cQSRicv.exe
  C:\Windows\System\cQSRicv.exe
  2⤵
  PID:9912
- C:\Windows\System\cIIXTwG.exe
  C:\Windows\System\cIIXTwG.exe
  2⤵
  PID:9984
- C:\Windows\System\HarMxcJ.exe
  C:\Windows\System\HarMxcJ.exe
  2⤵
  PID:9940
- C:\Windows\System\SYMRVnC.exe
  C:\Windows\System\SYMRVnC.exe
  2⤵
  PID:9944
- C:\Windows\System\ZjyPZZJ.exe
  C:\Windows\System\ZjyPZZJ.exe
  2⤵
  PID:9920
- C:\Windows\System\INzLWan.exe
  C:\Windows\System\INzLWan.exe
  2⤵
  PID:10040
- C:\Windows\System\yylTfSP.exe
  C:\Windows\System\yylTfSP.exe
  2⤵
  PID:10164
- C:\Windows\System\BbqAwPs.exe
  C:\Windows\System\BbqAwPs.exe
  2⤵
  PID:10072
- C:\Windows\System\Grcmbfq.exe
  C:\Windows\System\Grcmbfq.exe
  2⤵
  PID:10208
- C:\Windows\System\qIhOOaN.exe
  C:\Windows\System\qIhOOaN.exe
  2⤵
  PID:10104
- C:\Windows\System\EejhIop.exe
  C:\Windows\System\EejhIop.exe
  2⤵
  PID:10192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AwrTUpZ.exe

Filesize
5.7MB

MD5
9d7fe6f7cc95658a773a04319acd641d

SHA1
c2ba5c7944ab69edaa30fa8cc83c5c262af66eb7

SHA256
e38ce78fa308cc819c4346e195beaf760bebdf792a3d0eb45ee0d507a07e6193

SHA512
1257d5ddb51bfeb46ff397d2bcbde433bafe39b7a036b90218765baae915013be8ed19b649689c729a2d65c173b0679a83be60c28ac93307ab20fbc78ac1e1e9

Download Submit
C:\Windows\system\DfEnbaM.exe

Filesize
5.7MB

MD5
4d4564be2833ffdfe51f13e76989eae6

SHA1
6f6fe980aba3669a18c2b6682bcf402747ad50fc

SHA256
bb276fe6f1a3ba91afed727c4ad3688f97ec6e3782e60daa152079697d97dc0d

SHA512
cbea276000f6e7757f2b041105c66b1e968f48e13a72495c9b1ca1de4358426fef3e32d8cbadb5273cd1372f8592e2e1713d51dbb2fe2fc463cfbe7b0fac1ce2

Download Submit
C:\Windows\system\FWcKAkr.exe

Filesize
5.7MB

MD5
db5f95bfde09c2177e15f2a54b72c20e

SHA1
e9d37f1e2f29b25195daf6e76bd9d9fa1dd69a10

SHA256
4e5cfb52a06210ab4a1a3021bf31186269e97e070c94b5ecb9f9788c3894e6f8

SHA512
99cc1e0615c5b95836515a828a251a1cb42ca06e679790b37d4a82498c24570209a1de7f5f39db00be728ef07bd2ec1caa9c32d40c55a4e7a61c1bcb3ee03c83

Download Submit
C:\Windows\system\FgMbiPm.exe

Filesize
5.7MB

MD5
9071dfb2054c933bcc2df65cda07811f

SHA1
e809a4a6d9f24a74ed4f081dbf70caefa2e90bcc

SHA256
765cdf784402c6e8d8e0a4ae7c261c8a373d96ab30da71f2c73129a1c2e24cc3

SHA512
6269e8260c02c2f44ad5674deea56b230bc5f5918def8585a26afc83951c8e049ce9b2dfc7b405ba7b812203a1d93d584ff834abb80149d7d84397e791438876

Download Submit
C:\Windows\system\HWdxToA.exe

Filesize
5.7MB

MD5
c05fcb22c6af297581c0c302f037b57f

SHA1
28bb964ed2d6038525885711edcb04492d71d44b

SHA256
658682aa712049ab45f2e1f4a41bb4cfcd38c1e4bd09b5a2f703113dc6bc1901

SHA512
f1c7152f5cbab9c15410b30c82b2ece63f0cc91efc35c7be62a37de0fe011ad5a1179dbd578066a9e0af64bfdd3949a33977c893fecb642e61f4498e3ac2a0c1

Download Submit
C:\Windows\system\HXZjRfZ.exe

Filesize
5.7MB

MD5
b14148b68232d94fdd18071a475a8e1f

SHA1
0b5db38ddb81a53e6662a8fc0fd527d7bb09e518

SHA256
2d65285394c3ffa2c99a74c52e8046b65857ed553c854b5c8c50411c1e856352

SHA512
35ab3044125429d80dfd9381b2a332f6140fcfd335a9d7ae2421d3c372b7dd851510b8ae609a842dceb0cb26e7f0ec9c0636dc71962f3a9d20ce049c3d1a0f01

Download Submit
C:\Windows\system\HaIJdBk.exe

Filesize
5.7MB

MD5
9896fad1dace4d8a8a09cf02f4900099

SHA1
6778aa351417809619046d7617bb200c2b2dacb9

SHA256
1716c750c4f9fbf4b8f4739fa3323422a80d7ff9f47eecda7c9e093b3a1d40dc

SHA512
2f696ffde03a0de34d3c21bdfa603360240e89baf0d5039d793226d494e87c15e73501fdfc47267c637dc8144638e520f822b48459a92678b6f28c8551b51399

Download Submit
C:\Windows\system\HthZXzR.exe

Filesize
5.7MB

MD5
4c55538ed1b6ddf1b6453f660b1b9df0

SHA1
3b9e2c2359ea0322ae6ec2e0871021934af791f3

SHA256
9381732dc929c9369aedcaba28837b8f60052573dfb6ea176fa9905142a73e6c

SHA512
d3d16f3413988495a68e76b185abe7f2dc531f84c1490b6cf24a6765055f43a96940319b39819c6ffb26aab7c15e067f54c14b96204f137dae53dda6400a5f13

Download Submit
C:\Windows\system\IizgUCH.exe

Filesize
5.7MB

MD5
b63dd75008363746a99b2ecbaa6f6327

SHA1
b5fae3fc0d00746a1ae2c87f954f3a9c3514ed4a

SHA256
005d2d9f971b58c9c053c1cb3a897ed473421b79e4cfabfbd57a2991d924c1f3

SHA512
7072e98e04823795805886d2222b088d2db400b7d2547776db2e8ea56829b62919ddd1464d3b7fcf4e2707da1193eec1d58714670f0111c9baf93e7c6445d5c9

Download Submit
C:\Windows\system\JDPpEps.exe

Filesize
5.7MB

MD5
b4b8ad0814e9418536f38b3b2e3f7d9c

SHA1
b7e9c91ad90554a827c5bec1d621e44cba471942

SHA256
9fec7dfb9e8c5f14b0169de21b6b931d6791d9e69cf60e78ebd0686f2c946b79

SHA512
f3c2d5431518c77c5a7942c62e2f33c23bae165208148049aea696e5a061d2bd0403aad07450eb2e63d40e7be73c8dd1a595865934f662ac0bdefe457a3de23b

Download Submit
C:\Windows\system\KIBrRjs.exe

Filesize
5.7MB

MD5
c8bf3b35aef474f20c6c1917b3b1bc28

SHA1
1c36787e27b51f77fc52f087cf9ebb59413a76be

SHA256
a9f16efa913046c330fb9588e2d5a81f0e80e3316cc3f7bf1d498dad18cd97bd

SHA512
6d026b8fcebd2e5bd926f3d69ec4db141e1594245695a4d4f38ff821955f96f5cd35c320ff6307f0e5f6292955241936da0a562da07865c692a3df0cbe0af562

Download Submit
C:\Windows\system\KyztZIm.exe

Filesize
5.7MB

MD5
8c76f4a2663f11547cab3c65cf9debc5

SHA1
0da524bd61b05acad6cfebcd8ce42ea700b429a5

SHA256
1196e5e9b3388200703b717f9f315ed8ec155a5cdc18132f6c53c1974bb3fa8b

SHA512
47099a336c5b0697696cce78c86d838af0fa73ad0446e12e9d6821fbae9c168c32086542f2f2ab3dea0d55f7efa3ee088f43d6410b660069103d187e9d7b1bb0

Download Submit
C:\Windows\system\LhoUUBY.exe

Filesize
5.7MB

MD5
7a81711153553fe00a5818303fa4487e

SHA1
8865c169fb7659cfed6d774b4d1be4181ebd7f71

SHA256
94e776fd69989f16cea5094ebf9abc1a7de0b64c4769091e4f26cbab00eacfb7

SHA512
0011f965c47bce9b22b89dde454cc56b7f2392f4c5789f36d7713adf6c1917ae8b72c7ea72bb460a3f4fe2e083e286c8c89e2a5fd1c6578167b0959f61c013d5

Download Submit
C:\Windows\system\TyvjNry.exe

Filesize
5.7MB

MD5
156b929fa7c81287463244c973aca788

SHA1
4ea858aabb379947e4247627de6d7f5a5ca6a7e9

SHA256
076b30ce78fae05c972fa682c7ea48ec5199fac6e450d19809dcc1e712770aee

SHA512
645ca8c33037e3e3b1cfa7bdc6177acca5006a19fe1830f906bbc71a89a08e133337897617c98670845f9d7c9b87e8b8e06b1556bc2e74e2889b07e3dd0308e4

Download Submit
C:\Windows\system\TzDmhRy.exe

Filesize
5.7MB

MD5
595c1f3d3802efe310cbff841455e180

SHA1
bf391f84376dabb2b276b865db6d496df69b55a2

SHA256
8e6dd9cfe3f4c5388b578ed88e04fb0257c4a4bc5bc9d558f77ad9c57baacacb

SHA512
81f28a8ea87dbc779425bf684e6bbb4bdd3d6874dadb4d98a2f8ea8fcd4ef9c499b27056b861e899e002978a1491ec548a35432b3671449e463933eb38c08c11

Download Submit
C:\Windows\system\VVSCmXN.exe

Filesize
5.7MB

MD5
3a3d65d8ddfd225381c52b1c912f2e0e

SHA1
9cbad1acc5c952194180214fde74188d019d24f4

SHA256
8db1054d727a26b240c9b56e79d7d6565407d5b69166747681ac0aa307078dbe

SHA512
eb46504fbf06b70096aabb808a63a669e200897b3ad36a795565ca545a030feacbea74df6e6ff489db0f1f03fab0eb5b3e3ceae6e666dee4e41b041a425c7674

Download Submit
C:\Windows\system\VyJrvdz.exe

Filesize
5.7MB

MD5
6692991cae7dfe5d5732b8c79857b2b8

SHA1
29d5c7e132551722711f509abfcfce4349de0f64

SHA256
72505df6c86481583b3dfea709aca980855e5f949cc31ad110cb8107b50801fb

SHA512
9cc1320eecf0051614a9ccd56da68ce07f872dae735f6c0bd86d6055b2b9b94176f2acc3cce52a8704639d991d55358840b26476a81635597d2b413add834c6c

Download Submit
C:\Windows\system\WqIHdaQ.exe

Filesize
5.7MB

MD5
0ffcb6697870b27442ca6bb1624a4f94

SHA1
96a6b41c20ec0d60c991092a3fcf26c66542e1b7

SHA256
198aeadac467722531306e516a1e867550fbc4f3ac3c31e0f03f7df2dda1ea95

SHA512
afa5a41aa47504ea03ca34347a4748a11dad1479af39281d3eced9755a0f92fdbf752e0bd2fb663ef8ab3edfa8c4f79d1f3693360b7437190932637a5bb6a655

Download Submit
C:\Windows\system\XahQpRm.exe

Filesize
5.7MB

MD5
67507ce4b9b7af4819d7d2325160b67c

SHA1
8fe413e4f81c359705685c6676315e073b323be5

SHA256
8c405d69d32b36064d927eaeca770c9eb206633280a950798d686c59832bff36

SHA512
4a9896adbccad942cf6802d436716fe0583ab97f057937ed7ca1c1433989743cde7006965e1dfe206e03e494651205527800386d5f90aa6a26ca4ade9357b1fd

Download Submit
C:\Windows\system\ZsOJYmT.exe

Filesize
5.7MB

MD5
3954d5fe4131d85451f32528957b3285

SHA1
f9adfdbe91b5108a6e50bca3a3d644a57f39a625

SHA256
b3dc0febddcdec4b0bd1a4636ee22d76e4f259f6e181de3f8397d976fce9c7e5

SHA512
c6a1cf9b6da10cae22740bd48bc438faaa75e6d45cb44f8b84ae544352546d3181a940347bb7ba7ce69fb3f7d718408f071ca54255b33f551566f37ee458fe6a

Download Submit
C:\Windows\system\faBMBjy.exe

Filesize
5.7MB

MD5
f30ba3126635b5ce5e043e2fb78857c7

SHA1
99edc36a6743d49de91f14ca34b179a46060cb91

SHA256
b027a5829168fc9979363d39e51271fdd80457df3f993677a23be18f7e217f07

SHA512
c5069cabd494ed4c8ec402aa2364ea835f0495f9890c31f3c9293cab7312a18fad970adea0d867f0403c7d1dd5e027220bbf011dcefae7d239c2258dd0d89aac

Download Submit
C:\Windows\system\fpOlJLL.exe

Filesize
5.7MB

MD5
cb39acf3b6a81c09dbcd0d2706a065d5

SHA1
13ed6369d7d9d1e0e3afd6f3ad03034336fc5196

SHA256
cfbe15d80514e3b59183953c1dabe8b9a571c0599170912b2abaf6fc422a591a

SHA512
d850959536a61dddf68a52eb357b3f9500b6f48791d3144b6c2d791778f267489a47e8823d1c256e54e76119fbd9a610bcbf7f03c1cd50d2e2d8cde8f2cb0ad8

Download Submit
C:\Windows\system\neXFSui.exe

Filesize
5.7MB

MD5
3c892e6de540044c2e011a009ba17665

SHA1
7df3914b87ee075580aad5111c1c4860695e2a7c

SHA256
59ca3f09967621b6ead9ff15d94df4d8085fc54da2d07f90de1d4f0b62c7b4ea

SHA512
a293ecb56f6428cf9d9a37a192bfbd0b93f07090beae6730bef02eb40cdb0d516f9460d5d9eab152c41213cd698b53027fc1a3a204235f1d18566db770343c1c

Download Submit
C:\Windows\system\oAedGzp.exe

Filesize
5.7MB

MD5
ae15394a0e775e2a02121d665e12b32b

SHA1
4379c1c08b6f2b448b20ac378dfe39752cad59d3

SHA256
60b8d96e71690fb6cd71d70bd119ef89dd77300959c8b332fe332cb004d5f285

SHA512
02de9adb5cecfdc2f420603badddf649fc4e9c086d0d862cf3950e245096a8ab6aedd82c49a1b4de0516d6e14f72d2b49d70b9b02e99c68af270068df1882866

Download Submit
C:\Windows\system\ouTJHWw.exe

Filesize
5.7MB

MD5
36130f63045005ecde9997e598d33399

SHA1
b8be2c7fa972abb6439f17dbc1a329d0f6c5d14b

SHA256
842f07409420aa04a8d32bc4c6b0dddc965b70adce1ec18b3246ddb180a7f335

SHA512
fb233fc897010d56123710bcc1c4b8fde0d9848414039caf6980a9f19c0cfd18b9af2c4a8b4b83b82611b3dee804a917dc11f9ec0471c7bec8b657115f4a8dd3

Download Submit
C:\Windows\system\vUiGvxF.exe

Filesize
5.7MB

MD5
d2e07a93b84dd9ff6897855c16416cae

SHA1
03f5f758169c71c7433c24886c3f73eb24e7e730

SHA256
6eae1fba184119bfb871112d6b5789bc54a41a5cd7c2cc326edc44475996cfa9

SHA512
406648abb975560ff7a64238b8731c434a2238b3633e0fa1c6d771d74850b2ff124eb6154087bd1cdc3581d2f56264d839e79e826b5c73d772987afeccd363c5

Download Submit
C:\Windows\system\xpszBod.exe

Filesize
5.7MB

MD5
6117edbbbd14d067a1011169a32448fa

SHA1
9ae7afbea50f608db27f5bbb70ae1a4eafa03e92

SHA256
e35fb082811f99dcda5c791001f96d505ab3e46aafd4e601624abcba1792e76b

SHA512
34afb73ebf18560b53835503defc484641d2d15bf7648ce10772405fa0fb976620b07b9c2380129089db68a19f6b9ebb91a1987bc40b6f5867a9c5abedace708

Download Submit
\Windows\system\FgBTims.exe

Filesize
5.7MB

MD5
924a64b72e3c564e35a202275a8d2b88

SHA1
980645436afd7810b34f12fc45b0b8b23a334eee

SHA256
67053ea563fdf64d69c6dbc07cba9a52087460d875eda6cd72990fad312494f1

SHA512
8df5cbef7164adeede136593e2275f2574d37a24a90e09fd3bd723d154619866c8e0021775bcb4b3bedda37f3a603a1cdfdad117a670481b69286ec10ef67a2a

Download Submit
\Windows\system\OtmtteS.exe

Filesize
5.7MB

MD5
3d220f378a903c775a00558a49e5237a

SHA1
2226ea8dac27fa0198d1bb89a4c45990379789ca

SHA256
6ae81a5b9621423d3c511cda77f5ae0feac576ad3f0d05d146ef78b4bd5014f6

SHA512
d975904d7b926faf80e7f190cf8db97bddb2405695990d31bd0465234c0d4cdd16147e86b84b65ed85754bfbef30cadf55ba79b8593819ab8b82806817377bae

Download Submit
\Windows\system\PdlVjju.exe

Filesize
5.7MB

MD5
69b0b64417cbdce4a432927582b82119

SHA1
c98826299695e48ed2730ed4575e60dd6d02c480

SHA256
e0da1e33ef67f6fcff8af10e328bc9a449bf5c7a8bb7c24f08691a0d00735b46

SHA512
23748c9e081950a5716f0d1c4da8569716be64acafaed72d37311b165f94fc4fcc41ac7e353edd1499a37bc6132d88ac1b5a438fc2302d9523a48eac05323ba2

Download Submit
\Windows\system\hzDrcIZ.exe

Filesize
5.7MB

MD5
c3ceadb0082d9faeb4a803d286f1b1fb

SHA1
a4fb6318d3fe220974fe5a4a6938822518a6d961

SHA256
a113a639053d624e3cff600c86396908a8e618a467c5911604a1f1e874d3f005

SHA512
46728adf1f4e36033a36700159de244087c9d0b0d0406caadd10cd2acd82b2f767283a964b994b523f3eeff3c95d3a5042a2184dfe743684fa160a5cd151a7c4

Download Submit
\Windows\system\sWwFiYX.exe

Filesize
5.7MB

MD5
fa3ed0987ce6fda33fbf5490fbe0e107

SHA1
b750895e732faae4d6ce88cedfa00ae8ed88bca3

SHA256
9465eb4a3e00eaaf0e55f3922b7d7ae7a61837c6f7f1181805312cff65321a0b

SHA512
60e0f0b235471baf21ef0b46deafc820f9d297f378002025fdd5bfcebe0f679e94d1ca1003a6a23dbce1b37003d8526a784893e8f2f972c2b1e9214ecbacd830

Download Submit
memory/588-331-0x000000013F620000-0x000000013F96D000-memory.dmp

Filesize
3.3MB

Download
memory/908-365-0x000000013FA40000-0x000000013FD8D000-memory.dmp

Filesize
3.3MB

Download
memory/940-335-0x000000013F440000-0x000000013F78D000-memory.dmp

Filesize
3.3MB

Download
memory/960-366-0x000000013F470000-0x000000013F7BD000-memory.dmp

Filesize
3.3MB

Download
memory/1056-361-0x000000013F500000-0x000000013F84D000-memory.dmp

Filesize
3.3MB

Download
memory/1292-369-0x000000013FFC0000-0x000000014030D000-memory.dmp

Filesize
3.3MB

Download
memory/1488-370-0x000000013F3F0000-0x000000013F73D000-memory.dmp

Filesize
3.3MB

Download
memory/1612-333-0x000000013FA30000-0x000000013FD7D000-memory.dmp

Filesize
3.3MB

Download
memory/1712-376-0x000000013F590000-0x000000013F8DD000-memory.dmp

Filesize
3.3MB

Download
memory/1752-364-0x000000013FAE0000-0x000000013FE2D000-memory.dmp

Filesize
3.3MB

Download
memory/1908-337-0x000000013F8B0000-0x000000013FBFD000-memory.dmp

Filesize
3.3MB

Download
memory/1976-7-0x000000013FC00000-0x000000013FF4D000-memory.dmp

Filesize
3.3MB

Download
memory/1980-372-0x000000013F920000-0x000000013FC6D000-memory.dmp

Filesize
3.3MB

Download
memory/2076-359-0x000000013F980000-0x000000013FCCD000-memory.dmp

Filesize
3.3MB

Download
memory/2084-334-0x000000013F740000-0x000000013FA8D000-memory.dmp

Filesize
3.3MB

Download
memory/2100-325-0x000000013F870000-0x000000013FBBD000-memory.dmp

Filesize
3.3MB

Download
memory/2124-332-0x000000013F0C0000-0x000000013F40D000-memory.dmp

Filesize
3.3MB

Download
memory/2180-371-0x000000013FE70000-0x00000001401BD000-memory.dmp

Filesize
3.3MB

Download
memory/2184-360-0x000000013F2D0000-0x000000013F61D000-memory.dmp

Filesize
3.3MB

Download
memory/2228-322-0x000000013FD00000-0x000000014004D000-memory.dmp

Filesize
3.3MB

Download
memory/2236-375-0x000000013FD90000-0x00000001400DD000-memory.dmp

Filesize
3.3MB

Download
memory/2312-362-0x000000013F160000-0x000000013F4AD000-memory.dmp

Filesize
3.3MB

Download
memory/2324-317-0x000000013F670000-0x000000013F9BD000-memory.dmp

Filesize
3.3MB

Download
memory/2456-373-0x000000013FA70000-0x000000013FDBD000-memory.dmp

Filesize
3.3MB

Download
memory/2488-374-0x000000013FDC0000-0x000000014010D000-memory.dmp

Filesize
3.3MB

Download
memory/2500-318-0x000000013FA20000-0x000000013FD6D000-memory.dmp

Filesize
3.3MB

Download
memory/2544-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2544-0-0x000000013F7C0000-0x000000013FB0D000-memory.dmp

Filesize
3.3MB

Download
memory/2652-329-0x000000013FF30000-0x000000014027D000-memory.dmp

Filesize
3.3MB

Download
memory/2704-330-0x000000013F840000-0x000000013FB8D000-memory.dmp

Filesize
3.3MB

Download
memory/2720-326-0x000000013F680000-0x000000013F9CD000-memory.dmp

Filesize
3.3MB

Download
memory/2784-321-0x000000013F4C0000-0x000000013F80D000-memory.dmp

Filesize
3.3MB

Download
memory/2788-319-0x000000013FB20000-0x000000013FE6D000-memory.dmp

Filesize
3.3MB

Download
memory/2804-327-0x000000013FCB0000-0x000000013FFFD000-memory.dmp

Filesize
3.3MB

Download
memory/2872-323-0x000000013F2E0000-0x000000013F62D000-memory.dmp

Filesize
3.3MB

Download
memory/2880-320-0x000000013F4B0000-0x000000013F7FD000-memory.dmp

Filesize
3.3MB

Download
memory/2888-324-0x000000013F770000-0x000000013FABD000-memory.dmp

Filesize
3.3MB

Download
memory/2896-328-0x000000013F850000-0x000000013FB9D000-memory.dmp

Filesize
3.3MB

Download
memory/2944-367-0x000000013F860000-0x000000013FBAD000-memory.dmp

Filesize
3.3MB

Download
memory/3300-357-0x000000013FAF0000-0x000000013FE3D000-memory.dmp

Filesize
3.3MB

Download