cobaltstrike | e5495944c9f55cb18f34f80be7cdc12cf1e33e2e9ee8edd081035dcc2fd2a487

Analysis

max time kernel
121s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

9d768e4b66cc06c238c1cf9e2a4f3665
SHA1

a77a92fb1921d7c65c1a46cd9b921e1bffa6c356
SHA256

e5495944c9f55cb18f34f80be7cdc12cf1e33e2e9ee8edd081035dcc2fd2a487
SHA512

1175793fd0c9e6020408ffdf996a67f9e156df10ab42a2f2f65d77d00eed99675f5e44e628413dc6cb29a38d5d168aa0aea3e02b9d94d63a3050a39dd6b6b842
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUz:j+R56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012259-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186d2-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186de-16.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001875d-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018761-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bcd-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018d63-38.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018d68-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c66-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c68-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f4e-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a325-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a497-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a455-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08a-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2e7-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a061-108.dat	cobalt_reflective_dll
behavioral1/files/0x000e0000000175d2-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a04e-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f4a-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8b-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cbf-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aee-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2084-0-0x000000013FA10000-0x000000013FD5D000-memory.dmp	xmrig
behavioral1/files/0x000b000000012259-3.dat	xmrig
behavioral1/memory/2788-7-0x000000013F340000-0x000000013F68D000-memory.dmp	xmrig
behavioral1/files/0x00070000000186d2-9.dat	xmrig
behavioral1/files/0x00070000000186de-16.dat	xmrig
behavioral1/memory/2656-18-0x000000013F0D0000-0x000000013F41D000-memory.dmp	xmrig
behavioral1/memory/2192-17-0x000000013FB30000-0x000000013FE7D000-memory.dmp	xmrig
behavioral1/files/0x000600000001875d-21.dat	xmrig
behavioral1/files/0x0006000000018761-27.dat	xmrig
behavioral1/memory/2832-25-0x000000013F5C0000-0x000000013F90D000-memory.dmp	xmrig
behavioral1/files/0x0007000000018bcd-33.dat	xmrig
behavioral1/files/0x0009000000018d63-38.dat	xmrig
behavioral1/files/0x0009000000018d68-42.dat	xmrig
behavioral1/files/0x0005000000019c66-53.dat	xmrig
behavioral1/files/0x0005000000019c68-57.dat	xmrig
behavioral1/memory/2724-77-0x000000013F3C0000-0x000000013F70D000-memory.dmp	xmrig
behavioral1/memory/2548-76-0x000000013F3E0000-0x000000013F72D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f4e-95.dat	xmrig
behavioral1/files/0x000500000001a41a-138.dat	xmrig
behavioral1/files/0x000500000001a41b-140.dat	xmrig
behavioral1/files/0x000500000001a478-171.dat	xmrig
behavioral1/files/0x000500000001a48a-182.dat	xmrig
behavioral1/memory/2168-165-0x000000013FFE0000-0x000000014032D000-memory.dmp	xmrig
behavioral1/memory/2248-199-0x000000013F140000-0x000000013F48D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-152.dat	xmrig
behavioral1/memory/888-192-0x000000013FBE0000-0x000000013FF2D000-memory.dmp	xmrig
behavioral1/memory/276-133-0x000000013FC20000-0x000000013FF6D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a325-132.dat	xmrig
behavioral1/files/0x000500000001a497-191.dat	xmrig
behavioral1/memory/1984-190-0x000000013F910000-0x000000013FC5D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a455-188.dat	xmrig
behavioral1/memory/340-181-0x000000013F9F0000-0x000000013FD3D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a486-179.dat	xmrig
behavioral1/memory/1504-170-0x000000013FEC0000-0x000000014020D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a477-169.dat	xmrig
behavioral1/memory/908-161-0x000000013F3F0000-0x000000013F73D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-159.dat	xmrig
behavioral1/memory/2428-151-0x000000013F3A0000-0x000000013F6ED000-memory.dmp	xmrig
behavioral1/memory/2348-148-0x000000013F150000-0x000000013F49D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41c-147.dat	xmrig
behavioral1/memory/484-139-0x000000013F270000-0x000000013F5BD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a08a-120.dat	xmrig
behavioral1/memory/1144-126-0x000000013FA20000-0x000000013FD6D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a2e7-124.dat	xmrig
behavioral1/memory/1912-121-0x000000013FF40000-0x000000014028D000-memory.dmp	xmrig
behavioral1/memory/2012-115-0x000000013F460000-0x000000013F7AD000-memory.dmp	xmrig
behavioral1/memory/2044-109-0x000000013F5D0000-0x000000013F91D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a061-108.dat	xmrig
behavioral1/files/0x000e0000000175d2-113.dat	xmrig
behavioral1/memory/2356-103-0x000000013F8E0000-0x000000013FC2D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a04e-101.dat	xmrig
behavioral1/memory/2716-97-0x000000013F9E0000-0x000000013FD2D000-memory.dmp	xmrig
behavioral1/memory/2384-91-0x000000013F510000-0x000000013F85D000-memory.dmp	xmrig
behavioral1/memory/2976-89-0x000000013FB10000-0x000000013FE5D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f4a-87.dat	xmrig
behavioral1/files/0x0005000000019d8b-84.dat	xmrig
behavioral1/memory/3000-74-0x000000013FD20000-0x000000014006D000-memory.dmp	xmrig
behavioral1/memory/2860-73-0x000000013F890000-0x000000013FBDD000-memory.dmp	xmrig
behavioral1/memory/1436-67-0x000000013F4A0000-0x000000013F7ED000-memory.dmp	xmrig
behavioral1/memory/2592-66-0x000000013FC90000-0x000000013FFDD000-memory.dmp	xmrig
behavioral1/memory/2580-65-0x000000013F730000-0x000000013FA7D000-memory.dmp	xmrig
behavioral1/memory/2596-64-0x000000013F1B0000-0x000000013F4FD000-memory.dmp	xmrig
behavioral1/memory/2636-63-0x000000013F980000-0x000000013FCCD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cbf-61.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2788	equxChe.exe
2192	hcgfNcl.exe
2656	jDxHSeO.exe
2832	DbIqBBk.exe
2636	umUMHLV.exe
2860	wVPfyUU.exe
2596	rbJBgNy.exe
2548	aUJVwzJ.exe
2580	eQhxlaN.exe
2724	hmGEakt.exe
2592	qXuAyLN.exe
3000	TJgNOYr.exe
1436	TNYGJiH.exe
2976	tRfselm.exe
2384	hAXWfuJ.exe
2716	TSuKOpw.exe
2356	UudEsVM.exe
2044	qsmXUgR.exe
2012	EVsweYd.exe
1912	HPGztLg.exe
1144	SrQQbBj.exe
276	eixBgtT.exe
484	KHBqXGD.exe
2348	kIRWWyK.exe
2428	UOXHvnm.exe
908	dqUscKR.exe
2168	MiUbQnd.exe
1504	adNeldd.exe
340	GfoyOZt.exe
1984	gwYtjoh.exe
888	XkveFFd.exe
628	rOQFzWX.exe
2248	dRDzPuX.exe
1692	MGVNOmY.exe
2524	vEmGlOb.exe
552	DZwdwWD.exe
2508	LXseOha.exe
1952	SaMBtzz.exe
1000	sRSXSSr.exe
880	uyywcyu.exe
3024	OzmQOhO.exe
1532	yzvwqej.exe
2668	wJOYsIx.exe
1628	PzWGgpK.exe
2332	jlaRlyM.exe
2624	LqkyKdM.exe
2328	NxYKeJV.exe
1664	NTnaNLi.exe
1868	zJRrwyH.exe
1128	NYtWsbq.exe
1860	spLFmdI.exe
2616	MYpumjt.exe
1288	IPwwgLx.exe
2960	QZcNeZM.exe
1500	oISRajO.exe
2820	uzPePBV.exe
2576	NcmuryU.exe
2056	lCciGdk.exe
2896	FMwleIk.exe
1416	NBhzjNp.exe
2136	FiNpCMg.exe
1704	JmJIzPF.exe
2000	HaUKfyo.exe
2532	WZXIfoW.exe

Loads dropped DLL 64 IoCs

pid	Process
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xBQHvPG.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQBTylf.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBfFoPL.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYVGUDz.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQWYsDd.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRXyDVv.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuzTarb.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEpSxUx.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmVgJOg.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfalSwW.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CerbfgF.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIFSVCb.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKJpudq.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfoyOZt.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeHNKkM.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIDcHDU.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTMkaVe.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRoNlPY.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrIZXZX.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lwxpqpf.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlaRlyM.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVTPpOu.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABIsrnT.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjdHvgj.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBgPtBK.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjurEur.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErwGGOo.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipZPlkA.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cowLOga.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBloDlN.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulBbKCt.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqUscKR.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXseOha.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AflOYUO.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZZfnPM.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJusgYl.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGselLf.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDxQeGr.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYUWnsH.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAJdGft.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PagCwmH.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMouXlE.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuEPHaa.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTqsope.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDwgwGe.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCYZZFN.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjNGivZ.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlZeDMC.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNqYCaD.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWVkZXX.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtHVsha.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNSSRBH.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMgzGtq.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkLgOpk.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQKwOHs.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wJOYsIx.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcHcxDd.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksOrsab.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiWwapr.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLUTrCy.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zubZvVY.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFDmheb.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SadqQdI.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAnKURk.exe	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2788	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2084 wrote to memory of 2788	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2084 wrote to memory of 2788	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2084 wrote to memory of 2192	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2084 wrote to memory of 2192	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2084 wrote to memory of 2192	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2084 wrote to memory of 2656	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2084 wrote to memory of 2656	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2084 wrote to memory of 2656	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2084 wrote to memory of 2832	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2084 wrote to memory of 2832	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2084 wrote to memory of 2832	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2084 wrote to memory of 2636	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2084 wrote to memory of 2636	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2084 wrote to memory of 2636	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2084 wrote to memory of 2860	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2084 wrote to memory of 2860	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2084 wrote to memory of 2860	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2084 wrote to memory of 2596	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2084 wrote to memory of 2596	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2084 wrote to memory of 2596	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2084 wrote to memory of 2548	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2084 wrote to memory of 2548	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2084 wrote to memory of 2548	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2084 wrote to memory of 2580	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2084 wrote to memory of 2580	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2084 wrote to memory of 2580	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2084 wrote to memory of 2724	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2084 wrote to memory of 2724	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2084 wrote to memory of 2724	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2084 wrote to memory of 2592	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2084 wrote to memory of 2592	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2084 wrote to memory of 2592	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2084 wrote to memory of 3000	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2084 wrote to memory of 3000	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2084 wrote to memory of 3000	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2084 wrote to memory of 1436	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2084 wrote to memory of 1436	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2084 wrote to memory of 1436	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2084 wrote to memory of 2976	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2084 wrote to memory of 2976	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2084 wrote to memory of 2976	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2084 wrote to memory of 2384	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2084 wrote to memory of 2384	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2084 wrote to memory of 2384	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2084 wrote to memory of 2716	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2084 wrote to memory of 2716	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2084 wrote to memory of 2716	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2084 wrote to memory of 2356	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2084 wrote to memory of 2356	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2084 wrote to memory of 2356	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2084 wrote to memory of 2044	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2084 wrote to memory of 2044	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2084 wrote to memory of 2044	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2084 wrote to memory of 2012	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2084 wrote to memory of 2012	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2084 wrote to memory of 2012	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2084 wrote to memory of 1912	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2084 wrote to memory of 1912	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2084 wrote to memory of 1912	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2084 wrote to memory of 1144	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2084 wrote to memory of 1144	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2084 wrote to memory of 1144	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2084 wrote to memory of 276	2084	2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_9d768e4b66cc06c238c1cf9e2a4f3665_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\System\equxChe.exe
  C:\Windows\System\equxChe.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\hcgfNcl.exe
  C:\Windows\System\hcgfNcl.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\jDxHSeO.exe
  C:\Windows\System\jDxHSeO.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\DbIqBBk.exe
  C:\Windows\System\DbIqBBk.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\umUMHLV.exe
  C:\Windows\System\umUMHLV.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\wVPfyUU.exe
  C:\Windows\System\wVPfyUU.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\rbJBgNy.exe
  C:\Windows\System\rbJBgNy.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\aUJVwzJ.exe
  C:\Windows\System\aUJVwzJ.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\eQhxlaN.exe
  C:\Windows\System\eQhxlaN.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\hmGEakt.exe
  C:\Windows\System\hmGEakt.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\qXuAyLN.exe
  C:\Windows\System\qXuAyLN.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\TJgNOYr.exe
  C:\Windows\System\TJgNOYr.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\TNYGJiH.exe
  C:\Windows\System\TNYGJiH.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\tRfselm.exe
  C:\Windows\System\tRfselm.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\hAXWfuJ.exe
  C:\Windows\System\hAXWfuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\TSuKOpw.exe
  C:\Windows\System\TSuKOpw.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\UudEsVM.exe
  C:\Windows\System\UudEsVM.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\qsmXUgR.exe
  C:\Windows\System\qsmXUgR.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\EVsweYd.exe
  C:\Windows\System\EVsweYd.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\HPGztLg.exe
  C:\Windows\System\HPGztLg.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\SrQQbBj.exe
  C:\Windows\System\SrQQbBj.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\eixBgtT.exe
  C:\Windows\System\eixBgtT.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\KHBqXGD.exe
  C:\Windows\System\KHBqXGD.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\UOXHvnm.exe
  C:\Windows\System\UOXHvnm.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\kIRWWyK.exe
  C:\Windows\System\kIRWWyK.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\dqUscKR.exe
  C:\Windows\System\dqUscKR.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\MiUbQnd.exe
  C:\Windows\System\MiUbQnd.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\gwYtjoh.exe
  C:\Windows\System\gwYtjoh.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\adNeldd.exe
  C:\Windows\System\adNeldd.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\rOQFzWX.exe
  C:\Windows\System\rOQFzWX.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\GfoyOZt.exe
  C:\Windows\System\GfoyOZt.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\dRDzPuX.exe
  C:\Windows\System\dRDzPuX.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\XkveFFd.exe
  C:\Windows\System\XkveFFd.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\DZwdwWD.exe
  C:\Windows\System\DZwdwWD.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\MGVNOmY.exe
  C:\Windows\System\MGVNOmY.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\PzWGgpK.exe
  C:\Windows\System\PzWGgpK.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\vEmGlOb.exe
  C:\Windows\System\vEmGlOb.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\jlaRlyM.exe
  C:\Windows\System\jlaRlyM.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\LXseOha.exe
  C:\Windows\System\LXseOha.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\NxYKeJV.exe
  C:\Windows\System\NxYKeJV.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\SaMBtzz.exe
  C:\Windows\System\SaMBtzz.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\zJRrwyH.exe
  C:\Windows\System\zJRrwyH.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\sRSXSSr.exe
  C:\Windows\System\sRSXSSr.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\spLFmdI.exe
  C:\Windows\System\spLFmdI.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\uyywcyu.exe
  C:\Windows\System\uyywcyu.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\QZcNeZM.exe
  C:\Windows\System\QZcNeZM.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\OzmQOhO.exe
  C:\Windows\System\OzmQOhO.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\oISRajO.exe
  C:\Windows\System\oISRajO.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\yzvwqej.exe
  C:\Windows\System\yzvwqej.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\uzPePBV.exe
  C:\Windows\System\uzPePBV.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\wJOYsIx.exe
  C:\Windows\System\wJOYsIx.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\NcmuryU.exe
  C:\Windows\System\NcmuryU.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\LqkyKdM.exe
  C:\Windows\System\LqkyKdM.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\lCciGdk.exe
  C:\Windows\System\lCciGdk.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\NTnaNLi.exe
  C:\Windows\System\NTnaNLi.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\FMwleIk.exe
  C:\Windows\System\FMwleIk.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\NYtWsbq.exe
  C:\Windows\System\NYtWsbq.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\NBhzjNp.exe
  C:\Windows\System\NBhzjNp.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\MYpumjt.exe
  C:\Windows\System\MYpumjt.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\FiNpCMg.exe
  C:\Windows\System\FiNpCMg.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\IPwwgLx.exe
  C:\Windows\System\IPwwgLx.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\JmJIzPF.exe
  C:\Windows\System\JmJIzPF.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\HaUKfyo.exe
  C:\Windows\System\HaUKfyo.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\OgajhSz.exe
  C:\Windows\System\OgajhSz.exe
  2⤵
  PID:2980
- C:\Windows\System\WZXIfoW.exe
  C:\Windows\System\WZXIfoW.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\KCyvpNx.exe
  C:\Windows\System\KCyvpNx.exe
  2⤵
  PID:2800
- C:\Windows\System\uvAupoi.exe
  C:\Windows\System\uvAupoi.exe
  2⤵
  PID:2468
- C:\Windows\System\tQXPZEu.exe
  C:\Windows\System\tQXPZEu.exe
  2⤵
  PID:2584
- C:\Windows\System\BoSnntb.exe
  C:\Windows\System\BoSnntb.exe
  2⤵
  PID:2492
- C:\Windows\System\TZmZqMX.exe
  C:\Windows\System\TZmZqMX.exe
  2⤵
  PID:1568
- C:\Windows\System\XegHwDH.exe
  C:\Windows\System\XegHwDH.exe
  2⤵
  PID:2220
- C:\Windows\System\rHFYVLL.exe
  C:\Windows\System\rHFYVLL.exe
  2⤵
  PID:956
- C:\Windows\System\MGmzWYd.exe
  C:\Windows\System\MGmzWYd.exe
  2⤵
  PID:3020
- C:\Windows\System\vklStPW.exe
  C:\Windows\System\vklStPW.exe
  2⤵
  PID:1552
- C:\Windows\System\CerYASf.exe
  C:\Windows\System\CerYASf.exe
  2⤵
  PID:2824
- C:\Windows\System\JcpJfzL.exe
  C:\Windows\System\JcpJfzL.exe
  2⤵
  PID:2760
- C:\Windows\System\juvZMbD.exe
  C:\Windows\System\juvZMbD.exe
  2⤵
  PID:2080
- C:\Windows\System\FKVvEQC.exe
  C:\Windows\System\FKVvEQC.exe
  2⤵
  PID:2444
- C:\Windows\System\pRFFZdt.exe
  C:\Windows\System\pRFFZdt.exe
  2⤵
  PID:2456
- C:\Windows\System\sreshnT.exe
  C:\Windows\System\sreshnT.exe
  2⤵
  PID:3016
- C:\Windows\System\nHFdTDv.exe
  C:\Windows\System\nHFdTDv.exe
  2⤵
  PID:1980
- C:\Windows\System\mLUXXxW.exe
  C:\Windows\System\mLUXXxW.exe
  2⤵
  PID:2476
- C:\Windows\System\EzFheHT.exe
  C:\Windows\System\EzFheHT.exe
  2⤵
  PID:3028
- C:\Windows\System\avGJthQ.exe
  C:\Windows\System\avGJthQ.exe
  2⤵
  PID:1840
- C:\Windows\System\DZhRtEB.exe
  C:\Windows\System\DZhRtEB.exe
  2⤵
  PID:1524
- C:\Windows\System\DvolTKT.exe
  C:\Windows\System\DvolTKT.exe
  2⤵
  PID:2016
- C:\Windows\System\KRpbSpF.exe
  C:\Windows\System\KRpbSpF.exe
  2⤵
  PID:3084
- C:\Windows\System\EdnCvxp.exe
  C:\Windows\System\EdnCvxp.exe
  2⤵
  PID:3108
- C:\Windows\System\aUGDaFv.exe
  C:\Windows\System\aUGDaFv.exe
  2⤵
  PID:3132
- C:\Windows\System\mRIUPhg.exe
  C:\Windows\System\mRIUPhg.exe
  2⤵
  PID:3148
- C:\Windows\System\oqGZWdx.exe
  C:\Windows\System\oqGZWdx.exe
  2⤵
  PID:3180
- C:\Windows\System\JBpIgMK.exe
  C:\Windows\System\JBpIgMK.exe
  2⤵
  PID:3216
- C:\Windows\System\JCUszoO.exe
  C:\Windows\System\JCUszoO.exe
  2⤵
  PID:3284
- C:\Windows\System\upfzNvg.exe
  C:\Windows\System\upfzNvg.exe
  2⤵
  PID:3304
- C:\Windows\System\YRtXaxR.exe
  C:\Windows\System\YRtXaxR.exe
  2⤵
  PID:3320
- C:\Windows\System\MNidsmp.exe
  C:\Windows\System\MNidsmp.exe
  2⤵
  PID:3340
- C:\Windows\System\yQdbltS.exe
  C:\Windows\System\yQdbltS.exe
  2⤵
  PID:3356
- C:\Windows\System\YmsMpny.exe
  C:\Windows\System\YmsMpny.exe
  2⤵
  PID:3372
- C:\Windows\System\iciDRQP.exe
  C:\Windows\System\iciDRQP.exe
  2⤵
  PID:3436
- C:\Windows\System\gNOqnvK.exe
  C:\Windows\System\gNOqnvK.exe
  2⤵
  PID:3452
- C:\Windows\System\QXoNHAK.exe
  C:\Windows\System\QXoNHAK.exe
  2⤵
  PID:3484
- C:\Windows\System\olKNgFS.exe
  C:\Windows\System\olKNgFS.exe
  2⤵
  PID:3504
- C:\Windows\System\cpiwbTD.exe
  C:\Windows\System\cpiwbTD.exe
  2⤵
  PID:3524
- C:\Windows\System\KGeLoQW.exe
  C:\Windows\System\KGeLoQW.exe
  2⤵
  PID:3544
- C:\Windows\System\VDneTdr.exe
  C:\Windows\System\VDneTdr.exe
  2⤵
  PID:3560
- C:\Windows\System\mTEpduZ.exe
  C:\Windows\System\mTEpduZ.exe
  2⤵
  PID:3576
- C:\Windows\System\SczAHOi.exe
  C:\Windows\System\SczAHOi.exe
  2⤵
  PID:3592
- C:\Windows\System\mSLhFsI.exe
  C:\Windows\System\mSLhFsI.exe
  2⤵
  PID:3624
- C:\Windows\System\iRDByRE.exe
  C:\Windows\System\iRDByRE.exe
  2⤵
  PID:3640
- C:\Windows\System\QhWciEn.exe
  C:\Windows\System\QhWciEn.exe
  2⤵
  PID:3656
- C:\Windows\System\sAIJfnw.exe
  C:\Windows\System\sAIJfnw.exe
  2⤵
  PID:3672
- C:\Windows\System\mtCfDmF.exe
  C:\Windows\System\mtCfDmF.exe
  2⤵
  PID:3700
- C:\Windows\System\HVQaQiF.exe
  C:\Windows\System\HVQaQiF.exe
  2⤵
  PID:3720
- C:\Windows\System\ukfODgk.exe
  C:\Windows\System\ukfODgk.exe
  2⤵
  PID:3744
- C:\Windows\System\LFtfAmO.exe
  C:\Windows\System\LFtfAmO.exe
  2⤵
  PID:3760
- C:\Windows\System\WtbebdZ.exe
  C:\Windows\System\WtbebdZ.exe
  2⤵
  PID:3776
- C:\Windows\System\ZolVmJH.exe
  C:\Windows\System\ZolVmJH.exe
  2⤵
  PID:3792
- C:\Windows\System\MkEfvoG.exe
  C:\Windows\System\MkEfvoG.exe
  2⤵
  PID:3816
- C:\Windows\System\thCviWw.exe
  C:\Windows\System\thCviWw.exe
  2⤵
  PID:3832
- C:\Windows\System\YdKLPhl.exe
  C:\Windows\System\YdKLPhl.exe
  2⤵
  PID:3848
- C:\Windows\System\TENTKer.exe
  C:\Windows\System\TENTKer.exe
  2⤵
  PID:3864
- C:\Windows\System\wQtPMdg.exe
  C:\Windows\System\wQtPMdg.exe
  2⤵
  PID:3880
- C:\Windows\System\GYrEqmd.exe
  C:\Windows\System\GYrEqmd.exe
  2⤵
  PID:3900
- C:\Windows\System\mWpQkNN.exe
  C:\Windows\System\mWpQkNN.exe
  2⤵
  PID:3948
- C:\Windows\System\ySRKOFI.exe
  C:\Windows\System\ySRKOFI.exe
  2⤵
  PID:4076
- C:\Windows\System\XgWWLUN.exe
  C:\Windows\System\XgWWLUN.exe
  2⤵
  PID:2480
- C:\Windows\System\PdeYnjF.exe
  C:\Windows\System\PdeYnjF.exe
  2⤵
  PID:2564
- C:\Windows\System\KsJdhjG.exe
  C:\Windows\System\KsJdhjG.exe
  2⤵
  PID:1852
- C:\Windows\System\fzpbuOx.exe
  C:\Windows\System\fzpbuOx.exe
  2⤵
  PID:2504
- C:\Windows\System\HZgsupC.exe
  C:\Windows\System\HZgsupC.exe
  2⤵
  PID:2276
- C:\Windows\System\QDHGDEX.exe
  C:\Windows\System\QDHGDEX.exe
  2⤵
  PID:2096
- C:\Windows\System\ELQwPAM.exe
  C:\Windows\System\ELQwPAM.exe
  2⤵
  PID:1872
- C:\Windows\System\rrAWfUf.exe
  C:\Windows\System\rrAWfUf.exe
  2⤵
  PID:2500
- C:\Windows\System\aOjqQVv.exe
  C:\Windows\System\aOjqQVv.exe
  2⤵
  PID:1712
- C:\Windows\System\YkBxalE.exe
  C:\Windows\System\YkBxalE.exe
  2⤵
  PID:1348
- C:\Windows\System\TzJQbJL.exe
  C:\Windows\System\TzJQbJL.exe
  2⤵
  PID:2876
- C:\Windows\System\DyIoCHd.exe
  C:\Windows\System\DyIoCHd.exe
  2⤵
  PID:2140
- C:\Windows\System\HWjZFYw.exe
  C:\Windows\System\HWjZFYw.exe
  2⤵
  PID:3120
- C:\Windows\System\etImGjH.exe
  C:\Windows\System\etImGjH.exe
  2⤵
  PID:3012
- C:\Windows\System\TNPQvmT.exe
  C:\Windows\System\TNPQvmT.exe
  2⤵
  PID:2696
- C:\Windows\System\GPKZXCp.exe
  C:\Windows\System\GPKZXCp.exe
  2⤵
  PID:3204
- C:\Windows\System\hhimSEp.exe
  C:\Windows\System\hhimSEp.exe
  2⤵
  PID:3240
- C:\Windows\System\qfkXpVs.exe
  C:\Windows\System\qfkXpVs.exe
  2⤵
  PID:3248
- C:\Windows\System\TXyPBQf.exe
  C:\Windows\System\TXyPBQf.exe
  2⤵
  PID:3264
- C:\Windows\System\SqzGFyH.exe
  C:\Windows\System\SqzGFyH.exe
  2⤵
  PID:3364
- C:\Windows\System\dtmRgfQ.exe
  C:\Windows\System\dtmRgfQ.exe
  2⤵
  PID:3444
- C:\Windows\System\apqjyYz.exe
  C:\Windows\System\apqjyYz.exe
  2⤵
  PID:3612
- C:\Windows\System\xSZFBDY.exe
  C:\Windows\System\xSZFBDY.exe
  2⤵
  PID:3680
- C:\Windows\System\mDtAjlg.exe
  C:\Windows\System\mDtAjlg.exe
  2⤵
  PID:3728
- C:\Windows\System\obMYkHy.exe
  C:\Windows\System\obMYkHy.exe
  2⤵
  PID:3772
- C:\Windows\System\uViAkEz.exe
  C:\Windows\System\uViAkEz.exe
  2⤵
  PID:3316
- C:\Windows\System\vETHUOx.exe
  C:\Windows\System\vETHUOx.exe
  2⤵
  PID:3384
- C:\Windows\System\kfdupMI.exe
  C:\Windows\System\kfdupMI.exe
  2⤵
  PID:3812
- C:\Windows\System\OdDAWNs.exe
  C:\Windows\System\OdDAWNs.exe
  2⤵
  PID:3416
- C:\Windows\System\iKQAVtS.exe
  C:\Windows\System\iKQAVtS.exe
  2⤵
  PID:3432
- C:\Windows\System\ylMFEpj.exe
  C:\Windows\System\ylMFEpj.exe
  2⤵
  PID:3876
- C:\Windows\System\iXfpGOD.exe
  C:\Windows\System\iXfpGOD.exe
  2⤵
  PID:2916
- C:\Windows\System\FzolefY.exe
  C:\Windows\System\FzolefY.exe
  2⤵
  PID:3476
- C:\Windows\System\DhIblFU.exe
  C:\Windows\System\DhIblFU.exe
  2⤵
  PID:3556
- C:\Windows\System\ZQljqQZ.exe
  C:\Windows\System\ZQljqQZ.exe
  2⤵
  PID:3668
- C:\Windows\System\BTwjcez.exe
  C:\Windows\System\BTwjcez.exe
  2⤵
  PID:3752
- C:\Windows\System\TqAMuqS.exe
  C:\Windows\System\TqAMuqS.exe
  2⤵
  PID:3788
- C:\Windows\System\bZnRYnX.exe
  C:\Windows\System\bZnRYnX.exe
  2⤵
  PID:3860
- C:\Windows\System\VZMwxJl.exe
  C:\Windows\System\VZMwxJl.exe
  2⤵
  PID:3956
- C:\Windows\System\XqmZZJr.exe
  C:\Windows\System\XqmZZJr.exe
  2⤵
  PID:3976
- C:\Windows\System\mgHwesz.exe
  C:\Windows\System\mgHwesz.exe
  2⤵
  PID:3996
- C:\Windows\System\BOGhSxj.exe
  C:\Windows\System\BOGhSxj.exe
  2⤵
  PID:4016
- C:\Windows\System\ZMwpuJZ.exe
  C:\Windows\System\ZMwpuJZ.exe
  2⤵
  PID:4024
- C:\Windows\System\AWpnHEL.exe
  C:\Windows\System\AWpnHEL.exe
  2⤵
  PID:4052
- C:\Windows\System\DlPxDAw.exe
  C:\Windows\System\DlPxDAw.exe
  2⤵
  PID:4092
- C:\Windows\System\KnMejcP.exe
  C:\Windows\System\KnMejcP.exe
  2⤵
  PID:2660
- C:\Windows\System\oKVLOPf.exe
  C:\Windows\System\oKVLOPf.exe
  2⤵
  PID:1636
- C:\Windows\System\PwgoykM.exe
  C:\Windows\System\PwgoykM.exe
  2⤵
  PID:2372
- C:\Windows\System\AflOYUO.exe
  C:\Windows\System\AflOYUO.exe
  2⤵
  PID:2996
- C:\Windows\System\LYdYTcx.exe
  C:\Windows\System\LYdYTcx.exe
  2⤵
  PID:2240
- C:\Windows\System\DtavtkW.exe
  C:\Windows\System\DtavtkW.exe
  2⤵
  PID:1132
- C:\Windows\System\cVCUGzx.exe
  C:\Windows\System\cVCUGzx.exe
  2⤵
  PID:3144
- C:\Windows\System\sUXKIGN.exe
  C:\Windows\System\sUXKIGN.exe
  2⤵
  PID:2292
- C:\Windows\System\dJUgMyZ.exe
  C:\Windows\System\dJUgMyZ.exe
  2⤵
  PID:3116
- C:\Windows\System\vNqYCaD.exe
  C:\Windows\System\vNqYCaD.exe
  2⤵
  PID:2320
- C:\Windows\System\WKBUvrr.exe
  C:\Windows\System\WKBUvrr.exe
  2⤵
  PID:3124
- C:\Windows\System\XUFHgXj.exe
  C:\Windows\System\XUFHgXj.exe
  2⤵
  PID:3256
- C:\Windows\System\NoqmtJh.exe
  C:\Windows\System\NoqmtJh.exe
  2⤵
  PID:3280
- C:\Windows\System\OWzeooY.exe
  C:\Windows\System\OWzeooY.exe
  2⤵
  PID:3172
- C:\Windows\System\BBiWWhb.exe
  C:\Windows\System\BBiWWhb.exe
  2⤵
  PID:3244
- C:\Windows\System\xrMgSSV.exe
  C:\Windows\System\xrMgSSV.exe
  2⤵
  PID:3328
- C:\Windows\System\qspTXff.exe
  C:\Windows\System\qspTXff.exe
  2⤵
  PID:3620
- C:\Windows\System\kRDNRhN.exe
  C:\Windows\System\kRDNRhN.exe
  2⤵
  PID:3768
- C:\Windows\System\qVFkhOk.exe
  C:\Windows\System\qVFkhOk.exe
  2⤵
  PID:3380
- C:\Windows\System\nRaTdUZ.exe
  C:\Windows\System\nRaTdUZ.exe
  2⤵
  PID:3412
- C:\Windows\System\xKtKplq.exe
  C:\Windows\System\xKtKplq.exe
  2⤵
  PID:3588
- C:\Windows\System\pLcMdyO.exe
  C:\Windows\System\pLcMdyO.exe
  2⤵
  PID:3516
- C:\Windows\System\FHRQgVc.exe
  C:\Windows\System\FHRQgVc.exe
  2⤵
  PID:4028
- C:\Windows\System\azmLosG.exe
  C:\Windows\System\azmLosG.exe
  2⤵
  PID:2312
- C:\Windows\System\snRDjvu.exe
  C:\Windows\System\snRDjvu.exe
  2⤵
  PID:3536
- C:\Windows\System\DUixAsJ.exe
  C:\Windows\System\DUixAsJ.exe
  2⤵
  PID:3428
- C:\Windows\System\MOJbcyt.exe
  C:\Windows\System\MOJbcyt.exe
  2⤵
  PID:828
- C:\Windows\System\WqWqVKm.exe
  C:\Windows\System\WqWqVKm.exe
  2⤵
  PID:2884
- C:\Windows\System\mUghrPM.exe
  C:\Windows\System\mUghrPM.exe
  2⤵
  PID:3076
- C:\Windows\System\SWIRqFk.exe
  C:\Windows\System\SWIRqFk.exe
  2⤵
  PID:4116
- C:\Windows\System\GswIQhc.exe
  C:\Windows\System\GswIQhc.exe
  2⤵
  PID:4132
- C:\Windows\System\SYiqpnd.exe
  C:\Windows\System\SYiqpnd.exe
  2⤵
  PID:4156
- C:\Windows\System\bQtAGCJ.exe
  C:\Windows\System\bQtAGCJ.exe
  2⤵
  PID:4176
- C:\Windows\System\CcAGOSi.exe
  C:\Windows\System\CcAGOSi.exe
  2⤵
  PID:4200
- C:\Windows\System\bAIennE.exe
  C:\Windows\System\bAIennE.exe
  2⤵
  PID:4220
- C:\Windows\System\KHLoqXE.exe
  C:\Windows\System\KHLoqXE.exe
  2⤵
  PID:4240
- C:\Windows\System\TjpsYZj.exe
  C:\Windows\System\TjpsYZj.exe
  2⤵
  PID:4264
- C:\Windows\System\WsiIpCZ.exe
  C:\Windows\System\WsiIpCZ.exe
  2⤵
  PID:4284
- C:\Windows\System\iDqBuQJ.exe
  C:\Windows\System\iDqBuQJ.exe
  2⤵
  PID:4408
- C:\Windows\System\HEksFob.exe
  C:\Windows\System\HEksFob.exe
  2⤵
  PID:4428
- C:\Windows\System\zDyeujs.exe
  C:\Windows\System\zDyeujs.exe
  2⤵
  PID:4444
- C:\Windows\System\EWFxCRT.exe
  C:\Windows\System\EWFxCRT.exe
  2⤵
  PID:4460
- C:\Windows\System\YdeoiAl.exe
  C:\Windows\System\YdeoiAl.exe
  2⤵
  PID:4476
- C:\Windows\System\SYeCnLZ.exe
  C:\Windows\System\SYeCnLZ.exe
  2⤵
  PID:4492
- C:\Windows\System\aAJrcrU.exe
  C:\Windows\System\aAJrcrU.exe
  2⤵
  PID:4508
- C:\Windows\System\gkqMyEL.exe
  C:\Windows\System\gkqMyEL.exe
  2⤵
  PID:4524
- C:\Windows\System\yfVtvQE.exe
  C:\Windows\System\yfVtvQE.exe
  2⤵
  PID:4548
- C:\Windows\System\tcrSzUF.exe
  C:\Windows\System\tcrSzUF.exe
  2⤵
  PID:4564
- C:\Windows\System\gKaHwgV.exe
  C:\Windows\System\gKaHwgV.exe
  2⤵
  PID:4596
- C:\Windows\System\EmVPidv.exe
  C:\Windows\System\EmVPidv.exe
  2⤵
  PID:4616
- C:\Windows\System\yoJyMNH.exe
  C:\Windows\System\yoJyMNH.exe
  2⤵
  PID:4636
- C:\Windows\System\RTaWasA.exe
  C:\Windows\System\RTaWasA.exe
  2⤵
  PID:4652
- C:\Windows\System\rLFqvlf.exe
  C:\Windows\System\rLFqvlf.exe
  2⤵
  PID:4672
- C:\Windows\System\VocLVsy.exe
  C:\Windows\System\VocLVsy.exe
  2⤵
  PID:4732
- C:\Windows\System\FLgqRCo.exe
  C:\Windows\System\FLgqRCo.exe
  2⤵
  PID:4748
- C:\Windows\System\qbPVkHs.exe
  C:\Windows\System\qbPVkHs.exe
  2⤵
  PID:4768
- C:\Windows\System\bYnhfpl.exe
  C:\Windows\System\bYnhfpl.exe
  2⤵
  PID:4784
- C:\Windows\System\DTvyhPI.exe
  C:\Windows\System\DTvyhPI.exe
  2⤵
  PID:4804
- C:\Windows\System\pZjqVLp.exe
  C:\Windows\System\pZjqVLp.exe
  2⤵
  PID:4820
- C:\Windows\System\YomFOzk.exe
  C:\Windows\System\YomFOzk.exe
  2⤵
  PID:4840
- C:\Windows\System\jBfFoPL.exe
  C:\Windows\System\jBfFoPL.exe
  2⤵
  PID:4856
- C:\Windows\System\LxtBJEZ.exe
  C:\Windows\System\LxtBJEZ.exe
  2⤵
  PID:4872
- C:\Windows\System\XLUTrCy.exe
  C:\Windows\System\XLUTrCy.exe
  2⤵
  PID:4892
- C:\Windows\System\AwhGehx.exe
  C:\Windows\System\AwhGehx.exe
  2⤵
  PID:4920
- C:\Windows\System\VPgpVUJ.exe
  C:\Windows\System\VPgpVUJ.exe
  2⤵
  PID:4936
- C:\Windows\System\AJEtqSf.exe
  C:\Windows\System\AJEtqSf.exe
  2⤵
  PID:4956
- C:\Windows\System\wAYrOgu.exe
  C:\Windows\System\wAYrOgu.exe
  2⤵
  PID:4972
- C:\Windows\System\NXlLuDZ.exe
  C:\Windows\System\NXlLuDZ.exe
  2⤵
  PID:5000
- C:\Windows\System\PVTPpOu.exe
  C:\Windows\System\PVTPpOu.exe
  2⤵
  PID:5016
- C:\Windows\System\LOmoQHV.exe
  C:\Windows\System\LOmoQHV.exe
  2⤵
  PID:5036
- C:\Windows\System\GHWxGLS.exe
  C:\Windows\System\GHWxGLS.exe
  2⤵
  PID:5052
- C:\Windows\System\ddKvpxr.exe
  C:\Windows\System\ddKvpxr.exe
  2⤵
  PID:5072
- C:\Windows\System\ptOGkMN.exe
  C:\Windows\System\ptOGkMN.exe
  2⤵
  PID:5088
- C:\Windows\System\hWThDuA.exe
  C:\Windows\System\hWThDuA.exe
  2⤵
  PID:5108
- C:\Windows\System\FYOsAXJ.exe
  C:\Windows\System\FYOsAXJ.exe
  2⤵
  PID:3552
- C:\Windows\System\UqnHrts.exe
  C:\Windows\System\UqnHrts.exe
  2⤵
  PID:3968
- C:\Windows\System\ytsFalW.exe
  C:\Windows\System\ytsFalW.exe
  2⤵
  PID:4040
- C:\Windows\System\fIltqmB.exe
  C:\Windows\System\fIltqmB.exe
  2⤵
  PID:3228
- C:\Windows\System\kZitJQD.exe
  C:\Windows\System\kZitJQD.exe
  2⤵
  PID:348
- C:\Windows\System\lHrPwaT.exe
  C:\Windows\System\lHrPwaT.exe
  2⤵
  PID:3164
- C:\Windows\System\dZeAxPL.exe
  C:\Windows\System\dZeAxPL.exe
  2⤵
  PID:3736
- C:\Windows\System\WeXSVxC.exe
  C:\Windows\System\WeXSVxC.exe
  2⤵
  PID:3664
- C:\Windows\System\hJeIUlX.exe
  C:\Windows\System\hJeIUlX.exe
  2⤵
  PID:3824
- C:\Windows\System\DkLgOpk.exe
  C:\Windows\System\DkLgOpk.exe
  2⤵
  PID:3568
- C:\Windows\System\uxjaufn.exe
  C:\Windows\System\uxjaufn.exe
  2⤵
  PID:3600
- C:\Windows\System\qnGAyPp.exe
  C:\Windows\System\qnGAyPp.exe
  2⤵
  PID:2556
- C:\Windows\System\vQqVZnW.exe
  C:\Windows\System\vQqVZnW.exe
  2⤵
  PID:4100
- C:\Windows\System\fmjfmUO.exe
  C:\Windows\System\fmjfmUO.exe
  2⤵
  PID:4144
- C:\Windows\System\HTAtjMf.exe
  C:\Windows\System\HTAtjMf.exe
  2⤵
  PID:4196
- C:\Windows\System\MTqsope.exe
  C:\Windows\System\MTqsope.exe
  2⤵
  PID:2968
- C:\Windows\System\TSiYiKk.exe
  C:\Windows\System\TSiYiKk.exe
  2⤵
  PID:3332
- C:\Windows\System\XQipljh.exe
  C:\Windows\System\XQipljh.exe
  2⤵
  PID:4280
- C:\Windows\System\MWExyNE.exe
  C:\Windows\System\MWExyNE.exe
  2⤵
  PID:4456
- C:\Windows\System\YRzrJbP.exe
  C:\Windows\System\YRzrJbP.exe
  2⤵
  PID:4556
- C:\Windows\System\XkejIfv.exe
  C:\Windows\System\XkejIfv.exe
  2⤵
  PID:4728
- C:\Windows\System\cPAzCda.exe
  C:\Windows\System\cPAzCda.exe
  2⤵
  PID:4764
- C:\Windows\System\gLZgVvg.exe
  C:\Windows\System\gLZgVvg.exe
  2⤵
  PID:4796
- C:\Windows\System\NdGYDhd.exe
  C:\Windows\System\NdGYDhd.exe
  2⤵
  PID:2864
- C:\Windows\System\uOGAXWM.exe
  C:\Windows\System\uOGAXWM.exe
  2⤵
  PID:4908
- C:\Windows\System\TiHFIHq.exe
  C:\Windows\System\TiHFIHq.exe
  2⤵
  PID:4944
- C:\Windows\System\pCYZZFN.exe
  C:\Windows\System\pCYZZFN.exe
  2⤵
  PID:4984
- C:\Windows\System\HAJdGft.exe
  C:\Windows\System\HAJdGft.exe
  2⤵
  PID:4996
- C:\Windows\System\eWmPdHo.exe
  C:\Windows\System\eWmPdHo.exe
  2⤵
  PID:5032
- C:\Windows\System\rDNgGDE.exe
  C:\Windows\System\rDNgGDE.exe
  2⤵
  PID:5096
- C:\Windows\System\mZqvbQj.exe
  C:\Windows\System\mZqvbQj.exe
  2⤵
  PID:3856
- C:\Windows\System\JZuIvDm.exe
  C:\Windows\System\JZuIvDm.exe
  2⤵
  PID:1864
- C:\Windows\System\BHVdmVY.exe
  C:\Windows\System\BHVdmVY.exe
  2⤵
  PID:3188
- C:\Windows\System\JftLJIL.exe
  C:\Windows\System\JftLJIL.exe
  2⤵
  PID:3408
- C:\Windows\System\MpqNjik.exe
  C:\Windows\System\MpqNjik.exe
  2⤵
  PID:2804
- C:\Windows\System\ErpyEZu.exe
  C:\Windows\System\ErpyEZu.exe
  2⤵
  PID:3312
- C:\Windows\System\CuPTPPA.exe
  C:\Windows\System\CuPTPPA.exe
  2⤵
  PID:1908
- C:\Windows\System\uYJdfxE.exe
  C:\Windows\System\uYJdfxE.exe
  2⤵
  PID:4228
- C:\Windows\System\szHIUJN.exe
  C:\Windows\System\szHIUJN.exe
  2⤵
  PID:4520
- C:\Windows\System\fWgbPik.exe
  C:\Windows\System\fWgbPik.exe
  2⤵
  PID:4828
- C:\Windows\System\YmLoErc.exe
  C:\Windows\System\YmLoErc.exe
  2⤵
  PID:4832
- C:\Windows\System\mcqdwwD.exe
  C:\Windows\System\mcqdwwD.exe
  2⤵
  PID:4304
- C:\Windows\System\HXrUTxh.exe
  C:\Windows\System\HXrUTxh.exe
  2⤵
  PID:4308
- C:\Windows\System\Akeogel.exe
  C:\Windows\System\Akeogel.exe
  2⤵
  PID:4328
- C:\Windows\System\SyWIJLE.exe
  C:\Windows\System\SyWIJLE.exe
  2⤵
  PID:4348
- C:\Windows\System\ykGrHCA.exe
  C:\Windows\System\ykGrHCA.exe
  2⤵
  PID:4056
- C:\Windows\System\hCvJUEw.exe
  C:\Windows\System\hCvJUEw.exe
  2⤵
  PID:4376
- C:\Windows\System\djALFtH.exe
  C:\Windows\System\djALFtH.exe
  2⤵
  PID:4392
- C:\Windows\System\ZQgstIZ.exe
  C:\Windows\System\ZQgstIZ.exe
  2⤵
  PID:3464
- C:\Windows\System\TffCZiQ.exe
  C:\Windows\System\TffCZiQ.exe
  2⤵
  PID:4760
- C:\Windows\System\NmiAFVn.exe
  C:\Windows\System\NmiAFVn.exe
  2⤵
  PID:4988
- C:\Windows\System\YjaWcBz.exe
  C:\Windows\System\YjaWcBz.exe
  2⤵
  PID:4256
- C:\Windows\System\kjcyxZJ.exe
  C:\Windows\System\kjcyxZJ.exe
  2⤵
  PID:5064
- C:\Windows\System\LeLkZbw.exe
  C:\Windows\System\LeLkZbw.exe
  2⤵
  PID:4540
- C:\Windows\System\jOwpzLt.exe
  C:\Windows\System\jOwpzLt.exe
  2⤵
  PID:5128
- C:\Windows\System\rtduFqW.exe
  C:\Windows\System\rtduFqW.exe
  2⤵
  PID:5204
- C:\Windows\System\TfwAvqu.exe
  C:\Windows\System\TfwAvqu.exe
  2⤵
  PID:5220
- C:\Windows\System\fiwQqrL.exe
  C:\Windows\System\fiwQqrL.exe
  2⤵
  PID:5236
- C:\Windows\System\vpmlKIi.exe
  C:\Windows\System\vpmlKIi.exe
  2⤵
  PID:5252
- C:\Windows\System\dXRKnlR.exe
  C:\Windows\System\dXRKnlR.exe
  2⤵
  PID:5268
- C:\Windows\System\xEzFUku.exe
  C:\Windows\System\xEzFUku.exe
  2⤵
  PID:5284
- C:\Windows\System\QiRSnnH.exe
  C:\Windows\System\QiRSnnH.exe
  2⤵
  PID:5300
- C:\Windows\System\nxEFWUz.exe
  C:\Windows\System\nxEFWUz.exe
  2⤵
  PID:5316
- C:\Windows\System\HeZivGg.exe
  C:\Windows\System\HeZivGg.exe
  2⤵
  PID:5332
- C:\Windows\System\biJCChI.exe
  C:\Windows\System\biJCChI.exe
  2⤵
  PID:5348
- C:\Windows\System\xbwmwEo.exe
  C:\Windows\System\xbwmwEo.exe
  2⤵
  PID:5364
- C:\Windows\System\gdETfgX.exe
  C:\Windows\System\gdETfgX.exe
  2⤵
  PID:5380
- C:\Windows\System\SthGNqD.exe
  C:\Windows\System\SthGNqD.exe
  2⤵
  PID:5396
- C:\Windows\System\YTHuTQH.exe
  C:\Windows\System\YTHuTQH.exe
  2⤵
  PID:5412
- C:\Windows\System\gTGygcj.exe
  C:\Windows\System\gTGygcj.exe
  2⤵
  PID:5428
- C:\Windows\System\uJLVDdk.exe
  C:\Windows\System\uJLVDdk.exe
  2⤵
  PID:5444
- C:\Windows\System\FgsNHaR.exe
  C:\Windows\System\FgsNHaR.exe
  2⤵
  PID:5460
- C:\Windows\System\PQFhoVL.exe
  C:\Windows\System\PQFhoVL.exe
  2⤵
  PID:5476
- C:\Windows\System\QNWfKOT.exe
  C:\Windows\System\QNWfKOT.exe
  2⤵
  PID:5492
- C:\Windows\System\NmKepNH.exe
  C:\Windows\System\NmKepNH.exe
  2⤵
  PID:5508
- C:\Windows\System\qnYqvms.exe
  C:\Windows\System\qnYqvms.exe
  2⤵
  PID:5524
- C:\Windows\System\yUFxwWx.exe
  C:\Windows\System\yUFxwWx.exe
  2⤵
  PID:5540
- C:\Windows\System\vZYsWmR.exe
  C:\Windows\System\vZYsWmR.exe
  2⤵
  PID:5556
- C:\Windows\System\MLFdbKh.exe
  C:\Windows\System\MLFdbKh.exe
  2⤵
  PID:5572
- C:\Windows\System\kIIundr.exe
  C:\Windows\System\kIIundr.exe
  2⤵
  PID:5588
- C:\Windows\System\EpTLsvZ.exe
  C:\Windows\System\EpTLsvZ.exe
  2⤵
  PID:5604
- C:\Windows\System\ocbozoP.exe
  C:\Windows\System\ocbozoP.exe
  2⤵
  PID:5620
- C:\Windows\System\byqsMPE.exe
  C:\Windows\System\byqsMPE.exe
  2⤵
  PID:5636
- C:\Windows\System\bFiKwTY.exe
  C:\Windows\System\bFiKwTY.exe
  2⤵
  PID:5652
- C:\Windows\System\rDuuICu.exe
  C:\Windows\System\rDuuICu.exe
  2⤵
  PID:5668
- C:\Windows\System\cRBGPQS.exe
  C:\Windows\System\cRBGPQS.exe
  2⤵
  PID:5684
- C:\Windows\System\jDlUanY.exe
  C:\Windows\System\jDlUanY.exe
  2⤵
  PID:5700
- C:\Windows\System\lcOoHNU.exe
  C:\Windows\System\lcOoHNU.exe
  2⤵
  PID:5716
- C:\Windows\System\tPkvEQr.exe
  C:\Windows\System\tPkvEQr.exe
  2⤵
  PID:5732
- C:\Windows\System\tPshdTo.exe
  C:\Windows\System\tPshdTo.exe
  2⤵
  PID:5964
- C:\Windows\System\IPNoahc.exe
  C:\Windows\System\IPNoahc.exe
  2⤵
  PID:5988
- C:\Windows\System\mFUIzei.exe
  C:\Windows\System\mFUIzei.exe
  2⤵
  PID:6012
- C:\Windows\System\TEJhfaW.exe
  C:\Windows\System\TEJhfaW.exe
  2⤵
  PID:6028
- C:\Windows\System\CiCJobT.exe
  C:\Windows\System\CiCJobT.exe
  2⤵
  PID:6052
- C:\Windows\System\wTmMBDw.exe
  C:\Windows\System\wTmMBDw.exe
  2⤵
  PID:6076
- C:\Windows\System\lCduOyg.exe
  C:\Windows\System\lCduOyg.exe
  2⤵
  PID:6092
- C:\Windows\System\cyNviks.exe
  C:\Windows\System\cyNviks.exe
  2⤵
  PID:6116
- C:\Windows\System\ctmjGOC.exe
  C:\Windows\System\ctmjGOC.exe
  2⤵
  PID:6132
- C:\Windows\System\ybgHJuR.exe
  C:\Windows\System\ybgHJuR.exe
  2⤵
  PID:4584
- C:\Windows\System\jLgmPsY.exe
  C:\Windows\System\jLgmPsY.exe
  2⤵
  PID:4632
- C:\Windows\System\CHnRKPs.exe
  C:\Windows\System\CHnRKPs.exe
  2⤵
  PID:4888
- C:\Windows\System\eHkBlAV.exe
  C:\Windows\System\eHkBlAV.exe
  2⤵
  PID:4968
- C:\Windows\System\fjguRTb.exe
  C:\Windows\System\fjguRTb.exe
  2⤵
  PID:3912
- C:\Windows\System\acwSbmf.exe
  C:\Windows\System\acwSbmf.exe
  2⤵
  PID:3168
- C:\Windows\System\Fkhjkvb.exe
  C:\Windows\System\Fkhjkvb.exe
  2⤵
  PID:3604
- C:\Windows\System\rcbwVNS.exe
  C:\Windows\System\rcbwVNS.exe
  2⤵
  PID:4424
- C:\Windows\System\YxjpiJv.exe
  C:\Windows\System\YxjpiJv.exe
  2⤵
  PID:4680
- C:\Windows\System\NQgeXOG.exe
  C:\Windows\System\NQgeXOG.exe
  2⤵
  PID:4700
- C:\Windows\System\jbmSYgQ.exe
  C:\Windows\System\jbmSYgQ.exe
  2⤵
  PID:4716
- C:\Windows\System\WBNziQF.exe
  C:\Windows\System\WBNziQF.exe
  2⤵
  PID:3944
- C:\Windows\System\VgzXFed.exe
  C:\Windows\System\VgzXFed.exe
  2⤵
  PID:3992
- C:\Windows\System\oqCqyIi.exe
  C:\Windows\System\oqCqyIi.exe
  2⤵
  PID:3692
- C:\Windows\System\gYkAFPn.exe
  C:\Windows\System\gYkAFPn.exe
  2⤵
  PID:3156
- C:\Windows\System\KEiGedd.exe
  C:\Windows\System\KEiGedd.exe
  2⤵
  PID:644
- C:\Windows\System\YCbjAAy.exe
  C:\Windows\System\YCbjAAy.exe
  2⤵
  PID:4252
- C:\Windows\System\LwrwcJi.exe
  C:\Windows\System\LwrwcJi.exe
  2⤵
  PID:2420
- C:\Windows\System\NwiwBnX.exe
  C:\Windows\System\NwiwBnX.exe
  2⤵
  PID:4356
- C:\Windows\System\cZkgYLQ.exe
  C:\Windows\System\cZkgYLQ.exe
  2⤵
  PID:3348
- C:\Windows\System\jycWyjq.exe
  C:\Windows\System\jycWyjq.exe
  2⤵
  PID:2112
- C:\Windows\System\ErwGGOo.exe
  C:\Windows\System\ErwGGOo.exe
  2⤵
  PID:4756
- C:\Windows\System\grDhEPb.exe
  C:\Windows\System\grDhEPb.exe
  2⤵
  PID:3224
- C:\Windows\System\lSYEEHB.exe
  C:\Windows\System\lSYEEHB.exe
  2⤵
  PID:5144
- C:\Windows\System\sHjOxbC.exe
  C:\Windows\System\sHjOxbC.exe
  2⤵
  PID:4372
- C:\Windows\System\SIUdrlr.exe
  C:\Windows\System\SIUdrlr.exe
  2⤵
  PID:4440
- C:\Windows\System\UuzYZpW.exe
  C:\Windows\System\UuzYZpW.exe
  2⤵
  PID:5420
- C:\Windows\System\ffEyWvh.exe
  C:\Windows\System\ffEyWvh.exe
  2⤵
  PID:4916
- C:\Windows\System\tqhxcGS.exe
  C:\Windows\System\tqhxcGS.exe
  2⤵
  PID:4588
- C:\Windows\System\HQtWRKF.exe
  C:\Windows\System\HQtWRKF.exe
  2⤵
  PID:4628
- C:\Windows\System\clJMxmF.exe
  C:\Windows\System\clJMxmF.exe
  2⤵
  PID:4740
- C:\Windows\System\rNejwYQ.exe
  C:\Windows\System\rNejwYQ.exe
  2⤵
  PID:4852
- C:\Windows\System\mLVVunH.exe
  C:\Windows\System\mLVVunH.exe
  2⤵
  PID:5216
- C:\Windows\System\UHGNQsX.exe
  C:\Windows\System\UHGNQsX.exe
  2⤵
  PID:5044
- C:\Windows\System\cjdHvgj.exe
  C:\Windows\System\cjdHvgj.exe
  2⤵
  PID:5248
- C:\Windows\System\licDzEd.exe
  C:\Windows\System\licDzEd.exe
  2⤵
  PID:5276
- C:\Windows\System\meQgyBH.exe
  C:\Windows\System\meQgyBH.exe
  2⤵
  PID:5308
- C:\Windows\System\xtPcUbJ.exe
  C:\Windows\System\xtPcUbJ.exe
  2⤵
  PID:3608
- C:\Windows\System\fUxztMQ.exe
  C:\Windows\System\fUxztMQ.exe
  2⤵
  PID:4152
- C:\Windows\System\CwiVUvW.exe
  C:\Windows\System\CwiVUvW.exe
  2⤵
  PID:4416
- C:\Windows\System\IlSBrkT.exe
  C:\Windows\System\IlSBrkT.exe
  2⤵
  PID:5344
- C:\Windows\System\hvmYdLm.exe
  C:\Windows\System\hvmYdLm.exe
  2⤵
  PID:5404
- C:\Windows\System\RWdYWVm.exe
  C:\Windows\System\RWdYWVm.exe
  2⤵
  PID:5440
- C:\Windows\System\CItJVjF.exe
  C:\Windows\System\CItJVjF.exe
  2⤵
  PID:5500
- C:\Windows\System\QQnJcXB.exe
  C:\Windows\System\QQnJcXB.exe
  2⤵
  PID:4868
- C:\Windows\System\iknskJT.exe
  C:\Windows\System\iknskJT.exe
  2⤵
  PID:5564
- C:\Windows\System\RsbnHzT.exe
  C:\Windows\System\RsbnHzT.exe
  2⤵
  PID:5600
- C:\Windows\System\OivhMhx.exe
  C:\Windows\System\OivhMhx.exe
  2⤵
  PID:5100
- C:\Windows\System\eltiNyb.exe
  C:\Windows\System\eltiNyb.exe
  2⤵
  PID:5660
- C:\Windows\System\KxtWpmG.exe
  C:\Windows\System\KxtWpmG.exe
  2⤵
  PID:5696
- C:\Windows\System\xjyHGVR.exe
  C:\Windows\System\xjyHGVR.exe
  2⤵
  PID:4232
- C:\Windows\System\vUriJBH.exe
  C:\Windows\System\vUriJBH.exe
  2⤵
  PID:4336
- C:\Windows\System\cvZmjoj.exe
  C:\Windows\System\cvZmjoj.exe
  2⤵
  PID:5976
- C:\Windows\System\WanoasS.exe
  C:\Windows\System\WanoasS.exe
  2⤵
  PID:6024
- C:\Windows\System\utqDuHv.exe
  C:\Windows\System\utqDuHv.exe
  2⤵
  PID:6072
- C:\Windows\System\QzTMFPO.exe
  C:\Windows\System\QzTMFPO.exe
  2⤵
  PID:6140
- C:\Windows\System\nxvbQRV.exe
  C:\Windows\System\nxvbQRV.exe
  2⤵
  PID:4780
- C:\Windows\System\syXXqHh.exe
  C:\Windows\System\syXXqHh.exe
  2⤵
  PID:5504
- C:\Windows\System\lDdCfxf.exe
  C:\Windows\System\lDdCfxf.exe
  2⤵
  PID:5664
- C:\Windows\System\HBmXjWM.exe
  C:\Windows\System\HBmXjWM.exe
  2⤵
  PID:5164
- C:\Windows\System\ZmhXTNq.exe
  C:\Windows\System\ZmhXTNq.exe
  2⤵
  PID:5584
- C:\Windows\System\nMaIkga.exe
  C:\Windows\System\nMaIkga.exe
  2⤵
  PID:5176
- C:\Windows\System\GccuzKy.exe
  C:\Windows\System\GccuzKy.exe
  2⤵
  PID:5192
- C:\Windows\System\kkNOCrw.exe
  C:\Windows\System\kkNOCrw.exe
  2⤵
  PID:5232
- C:\Windows\System\ckMARBR.exe
  C:\Windows\System\ckMARBR.exe
  2⤵
  PID:5296
- C:\Windows\System\QieqjpW.exe
  C:\Windows\System\QieqjpW.exe
  2⤵
  PID:5360
- C:\Windows\System\eStZkHT.exe
  C:\Windows\System\eStZkHT.exe
  2⤵
  PID:5452
- C:\Windows\System\JbiaHxX.exe
  C:\Windows\System\JbiaHxX.exe
  2⤵
  PID:5516
- C:\Windows\System\EooByUX.exe
  C:\Windows\System\EooByUX.exe
  2⤵
  PID:5612
- C:\Windows\System\igdAtna.exe
  C:\Windows\System\igdAtna.exe
  2⤵
  PID:5680
- C:\Windows\System\tZWoVNX.exe
  C:\Windows\System\tZWoVNX.exe
  2⤵
  PID:5752
- C:\Windows\System\hvCeEeU.exe
  C:\Windows\System\hvCeEeU.exe
  2⤵
  PID:5764
- C:\Windows\System\JmYtLZp.exe
  C:\Windows\System\JmYtLZp.exe
  2⤵
  PID:5780
- C:\Windows\System\pUCFktk.exe
  C:\Windows\System\pUCFktk.exe
  2⤵
  PID:5796
- C:\Windows\System\ZavOJtn.exe
  C:\Windows\System\ZavOJtn.exe
  2⤵
  PID:5812
- C:\Windows\System\UinjWbU.exe
  C:\Windows\System\UinjWbU.exe
  2⤵
  PID:5828
- C:\Windows\System\NnKWSmQ.exe
  C:\Windows\System\NnKWSmQ.exe
  2⤵
  PID:5844
- C:\Windows\System\QabqHWg.exe
  C:\Windows\System\QabqHWg.exe
  2⤵
  PID:5860
- C:\Windows\System\OnMAmQm.exe
  C:\Windows\System\OnMAmQm.exe
  2⤵
  PID:5880
- C:\Windows\System\SLiJvQY.exe
  C:\Windows\System\SLiJvQY.exe
  2⤵
  PID:5892
- C:\Windows\System\wLNcqyp.exe
  C:\Windows\System\wLNcqyp.exe
  2⤵
  PID:5908
- C:\Windows\System\Jyrulir.exe
  C:\Windows\System\Jyrulir.exe
  2⤵
  PID:5924
- C:\Windows\System\SEqZxmy.exe
  C:\Windows\System\SEqZxmy.exe
  2⤵
  PID:5940
- C:\Windows\System\kcdIxyK.exe
  C:\Windows\System\kcdIxyK.exe
  2⤵
  PID:5956
- C:\Windows\System\OOwQNNN.exe
  C:\Windows\System\OOwQNNN.exe
  2⤵
  PID:6008
- C:\Windows\System\FkwdSRm.exe
  C:\Windows\System\FkwdSRm.exe
  2⤵
  PID:6088
- C:\Windows\System\hnrMmlW.exe
  C:\Windows\System\hnrMmlW.exe
  2⤵
  PID:3196
- C:\Windows\System\shRSRXe.exe
  C:\Windows\System\shRSRXe.exe
  2⤵
  PID:6000
- C:\Windows\System\hzayLBy.exe
  C:\Windows\System\hzayLBy.exe
  2⤵
  PID:4324
- C:\Windows\System\lZGmDfP.exe
  C:\Windows\System\lZGmDfP.exe
  2⤵
  PID:3648
- C:\Windows\System\YTrydyR.exe
  C:\Windows\System\YTrydyR.exe
  2⤵
  PID:4648
- C:\Windows\System\boWONps.exe
  C:\Windows\System\boWONps.exe
  2⤵
  PID:4712
- C:\Windows\System\hqSOnLz.exe
  C:\Windows\System\hqSOnLz.exe
  2⤵
  PID:3988
- C:\Windows\System\eYPBOvJ.exe
  C:\Windows\System\eYPBOvJ.exe
  2⤵
  PID:2792
- C:\Windows\System\LLncYRE.exe
  C:\Windows\System\LLncYRE.exe
  2⤵
  PID:4112
- C:\Windows\System\huNwLfY.exe
  C:\Windows\System\huNwLfY.exe
  2⤵
  PID:4344
- C:\Windows\System\RTPJobb.exe
  C:\Windows\System\RTPJobb.exe
  2⤵
  PID:3964
- C:\Windows\System\NxewokR.exe
  C:\Windows\System\NxewokR.exe
  2⤵
  PID:4472
- C:\Windows\System\xBhjify.exe
  C:\Windows\System\xBhjify.exe
  2⤵
  PID:2956
- C:\Windows\System\NqWAUmk.exe
  C:\Windows\System\NqWAUmk.exe
  2⤵
  PID:4532
- C:\Windows\System\QWMrpTj.exe
  C:\Windows\System\QWMrpTj.exe
  2⤵
  PID:4400
- C:\Windows\System\tQXWkXw.exe
  C:\Windows\System\tQXWkXw.exe
  2⤵
  PID:4848
- C:\Windows\System\CooiaBj.exe
  C:\Windows\System\CooiaBj.exe
  2⤵
  PID:4004
- C:\Windows\System\sdgPlII.exe
  C:\Windows\System\sdgPlII.exe
  2⤵
  PID:4124
- C:\Windows\System\EncDgeq.exe
  C:\Windows\System\EncDgeq.exe
  2⤵
  PID:1904
- C:\Windows\System\eTTooTF.exe
  C:\Windows\System\eTTooTF.exe
  2⤵
  PID:5340
- C:\Windows\System\OyIiCwE.exe
  C:\Windows\System\OyIiCwE.exe
  2⤵
  PID:5468
- C:\Windows\System\sHBFuNK.exe
  C:\Windows\System\sHBFuNK.exe
  2⤵
  PID:2608
- C:\Windows\System\zcYbKCy.exe
  C:\Windows\System\zcYbKCy.exe
  2⤵
  PID:2992
- C:\Windows\System\kxwErGb.exe
  C:\Windows\System\kxwErGb.exe
  2⤵
  PID:5140
- C:\Windows\System\cAHIfeA.exe
  C:\Windows\System\cAHIfeA.exe
  2⤵
  PID:5984
- C:\Windows\System\suIKLyP.exe
  C:\Windows\System\suIKLyP.exe
  2⤵
  PID:6104
- C:\Windows\System\ilSHskV.exe
  C:\Windows\System\ilSHskV.exe
  2⤵
  PID:4164
- C:\Windows\System\vMDYqSi.exe
  C:\Windows\System\vMDYqSi.exe
  2⤵
  PID:5596
- C:\Windows\System\byVkCvT.exe
  C:\Windows\System\byVkCvT.exe
  2⤵
  PID:5580
- C:\Windows\System\RHbfAhV.exe
  C:\Windows\System\RHbfAhV.exe
  2⤵
  PID:5200
- C:\Windows\System\ZOwFETn.exe
  C:\Windows\System\ZOwFETn.exe
  2⤵
  PID:5328
- C:\Windows\System\jRaPvgU.exe
  C:\Windows\System\jRaPvgU.exe
  2⤵
  PID:5484
- C:\Windows\System\hvHhAdg.exe
  C:\Windows\System\hvHhAdg.exe
  2⤵
  PID:5548
- C:\Windows\System\nVrmwvD.exe
  C:\Windows\System\nVrmwvD.exe
  2⤵
  PID:5820
- C:\Windows\System\bGSgOir.exe
  C:\Windows\System\bGSgOir.exe
  2⤵
  PID:5836
- C:\Windows\System\hfhEket.exe
  C:\Windows\System\hfhEket.exe
  2⤵
  PID:5868
- C:\Windows\System\fVStrMI.exe
  C:\Windows\System\fVStrMI.exe
  2⤵
  PID:5948
- C:\Windows\System\LgGvvge.exe
  C:\Windows\System\LgGvvge.exe
  2⤵
  PID:5996
- C:\Windows\System\cowLOga.exe
  C:\Windows\System\cowLOga.exe
  2⤵
  PID:3520
- C:\Windows\System\dJYwgPU.exe
  C:\Windows\System\dJYwgPU.exe
  2⤵
  PID:6084
- C:\Windows\System\rvDuNKW.exe
  C:\Windows\System\rvDuNKW.exe
  2⤵
  PID:4692
- C:\Windows\System\pymlQwt.exe
  C:\Windows\System\pymlQwt.exe
  2⤵
  PID:3140
- C:\Windows\System\nXOgwBx.exe
  C:\Windows\System\nXOgwBx.exe
  2⤵
  PID:4272
- C:\Windows\System\suoYjcv.exe
  C:\Windows\System\suoYjcv.exe
  2⤵
  PID:4248
- C:\Windows\System\fDwgwGe.exe
  C:\Windows\System\fDwgwGe.exe
  2⤵
  PID:3352
- C:\Windows\System\mDIYywj.exe
  C:\Windows\System\mDIYywj.exe
  2⤵
  PID:3872
- C:\Windows\System\MZAhcjo.exe
  C:\Windows\System\MZAhcjo.exe
  2⤵
  PID:1960
- C:\Windows\System\qWlCiEJ.exe
  C:\Windows\System\qWlCiEJ.exe
  2⤵
  PID:1732
- C:\Windows\System\XDPKChR.exe
  C:\Windows\System\XDPKChR.exe
  2⤵
  PID:2612
- C:\Windows\System\LbDTaDn.exe
  C:\Windows\System\LbDTaDn.exe
  2⤵
  PID:1228
- C:\Windows\System\XALFXKb.exe
  C:\Windows\System\XALFXKb.exe
  2⤵
  PID:5212
- C:\Windows\System\TsLVpxA.exe
  C:\Windows\System\TsLVpxA.exe
  2⤵
  PID:3128
- C:\Windows\System\HzOeZKP.exe
  C:\Windows\System\HzOeZKP.exe
  2⤵
  PID:5472
- C:\Windows\System\xLFZvFA.exe
  C:\Windows\System\xLFZvFA.exe
  2⤵
  PID:5408
- C:\Windows\System\jFBKIwY.exe
  C:\Windows\System\jFBKIwY.exe
  2⤵
  PID:4900
- C:\Windows\System\EtcIupN.exe
  C:\Windows\System\EtcIupN.exe
  2⤵
  PID:5568
- C:\Windows\System\OnYqEDL.exe
  C:\Windows\System\OnYqEDL.exe
  2⤵
  PID:6020
- C:\Windows\System\HFUcxDg.exe
  C:\Windows\System\HFUcxDg.exe
  2⤵
  PID:6064
- C:\Windows\System\APFlnpY.exe
  C:\Windows\System\APFlnpY.exe
  2⤵
  PID:2944
- C:\Windows\System\NAHrqCy.exe
  C:\Windows\System\NAHrqCy.exe
  2⤵
  PID:5188
- C:\Windows\System\ZpIJORw.exe
  C:\Windows\System\ZpIJORw.exe
  2⤵
  PID:960
- C:\Windows\System\DXaeeDl.exe
  C:\Windows\System\DXaeeDl.exe
  2⤵
  PID:1996
- C:\Windows\System\stPwFea.exe
  C:\Windows\System\stPwFea.exe
  2⤵
  PID:5740
- C:\Windows\System\GidwVtE.exe
  C:\Windows\System\GidwVtE.exe
  2⤵
  PID:5264
- C:\Windows\System\jyCAtyi.exe
  C:\Windows\System\jyCAtyi.exe
  2⤵
  PID:5744
- C:\Windows\System\UOdApHQ.exe
  C:\Windows\System\UOdApHQ.exe
  2⤵
  PID:5776
- C:\Windows\System\gFvNgnB.exe
  C:\Windows\System\gFvNgnB.exe
  2⤵
  PID:1700
- C:\Windows\System\cCMnBbo.exe
  C:\Windows\System\cCMnBbo.exe
  2⤵
  PID:3684
- C:\Windows\System\BeGDgHM.exe
  C:\Windows\System\BeGDgHM.exe
  2⤵
  PID:6112
- C:\Windows\System\PlQcBVx.exe
  C:\Windows\System\PlQcBVx.exe
  2⤵
  PID:772
- C:\Windows\System\PPLNuFm.exe
  C:\Windows\System\PPLNuFm.exe
  2⤵
  PID:2544
- C:\Windows\System\zaSLyUg.exe
  C:\Windows\System\zaSLyUg.exe
  2⤵
  PID:2752
- C:\Windows\System\ByyFQlI.exe
  C:\Windows\System\ByyFQlI.exe
  2⤵
  PID:5152
- C:\Windows\System\wNasgiv.exe
  C:\Windows\System\wNasgiv.exe
  2⤵
  PID:3048
- C:\Windows\System\oJMQkKm.exe
  C:\Windows\System\oJMQkKm.exe
  2⤵
  PID:1788
- C:\Windows\System\krewoag.exe
  C:\Windows\System\krewoag.exe
  2⤵
  PID:4580
- C:\Windows\System\iFXGXXt.exe
  C:\Windows\System\iFXGXXt.exe
  2⤵
  PID:332
- C:\Windows\System\HuEbNeB.exe
  C:\Windows\System\HuEbNeB.exe
  2⤵
  PID:664
- C:\Windows\System\ezgkBHy.exe
  C:\Windows\System\ezgkBHy.exe
  2⤵
  PID:532
- C:\Windows\System\uBFHqMb.exe
  C:\Windows\System\uBFHqMb.exe
  2⤵
  PID:1644
- C:\Windows\System\LkvKDRU.exe
  C:\Windows\System\LkvKDRU.exe
  2⤵
  PID:1740
- C:\Windows\System\XskMoBC.exe
  C:\Windows\System\XskMoBC.exe
  2⤵
  PID:5888
- C:\Windows\System\smMEAAm.exe
  C:\Windows\System\smMEAAm.exe
  2⤵
  PID:2676
- C:\Windows\System\yjAVfwx.exe
  C:\Windows\System\yjAVfwx.exe
  2⤵
  PID:5824
- C:\Windows\System\WhrLRbM.exe
  C:\Windows\System\WhrLRbM.exe
  2⤵
  PID:5792
- C:\Windows\System\gOMVyCK.exe
  C:\Windows\System\gOMVyCK.exe
  2⤵
  PID:1544
- C:\Windows\System\ctIFhbB.exe
  C:\Windows\System\ctIFhbB.exe
  2⤵
  PID:5952
- C:\Windows\System\KlTEdvK.exe
  C:\Windows\System\KlTEdvK.exe
  2⤵
  PID:2604
- C:\Windows\System\VzuqPSp.exe
  C:\Windows\System\VzuqPSp.exe
  2⤵
  PID:5916
- C:\Windows\System\LIqOpcU.exe
  C:\Windows\System\LIqOpcU.exe
  2⤵
  PID:5552
- C:\Windows\System\PIRTybg.exe
  C:\Windows\System\PIRTybg.exe
  2⤵
  PID:4720
- C:\Windows\System\LwsOPJw.exe
  C:\Windows\System\LwsOPJw.exe
  2⤵
  PID:2728
- C:\Windows\System\pLVwdKo.exe
  C:\Windows\System\pLVwdKo.exe
  2⤵
  PID:1172
- C:\Windows\System\RyEBLTp.exe
  C:\Windows\System\RyEBLTp.exe
  2⤵
  PID:824
- C:\Windows\System\zubZvVY.exe
  C:\Windows\System\zubZvVY.exe
  2⤵
  PID:2700
- C:\Windows\System\VfmJzwa.exe
  C:\Windows\System\VfmJzwa.exe
  2⤵
  PID:1400
- C:\Windows\System\TRvDfIz.exe
  C:\Windows\System\TRvDfIz.exe
  2⤵
  PID:4184
- C:\Windows\System\bEFgxfQ.exe
  C:\Windows\System\bEFgxfQ.exe
  2⤵
  PID:1592
- C:\Windows\System\PyrxuWE.exe
  C:\Windows\System\PyrxuWE.exe
  2⤵
  PID:1360
- C:\Windows\System\ZcvGADT.exe
  C:\Windows\System\ZcvGADT.exe
  2⤵
  PID:4168
- C:\Windows\System\StqAgvZ.exe
  C:\Windows\System\StqAgvZ.exe
  2⤵
  PID:6036
- C:\Windows\System\aDWTnvF.exe
  C:\Windows\System\aDWTnvF.exe
  2⤵
  PID:1604
- C:\Windows\System\efCIOqL.exe
  C:\Windows\System\efCIOqL.exe
  2⤵
  PID:5856
- C:\Windows\System\gBQEbNJ.exe
  C:\Windows\System\gBQEbNJ.exe
  2⤵
  PID:5116
- C:\Windows\System\adJcnzn.exe
  C:\Windows\System\adJcnzn.exe
  2⤵
  PID:5932
- C:\Windows\System\eenDkie.exe
  C:\Windows\System\eenDkie.exe
  2⤵
  PID:4812
- C:\Windows\System\HkBPyYE.exe
  C:\Windows\System\HkBPyYE.exe
  2⤵
  PID:2008
- C:\Windows\System\yeWzsVt.exe
  C:\Windows\System\yeWzsVt.exe
  2⤵
  PID:1784
- C:\Windows\System\RzwbnGt.exe
  C:\Windows\System\RzwbnGt.exe
  2⤵
  PID:3396
- C:\Windows\System\CPhQdpJ.exe
  C:\Windows\System\CPhQdpJ.exe
  2⤵
  PID:5904
- C:\Windows\System\yusvyJn.exe
  C:\Windows\System\yusvyJn.exe
  2⤵
  PID:4300
- C:\Windows\System\XSubRRc.exe
  C:\Windows\System\XSubRRc.exe
  2⤵
  PID:5852
- C:\Windows\System\oxkklcZ.exe
  C:\Windows\System\oxkklcZ.exe
  2⤵
  PID:5488
- C:\Windows\System\eViIbVg.exe
  C:\Windows\System\eViIbVg.exe
  2⤵
  PID:4208
- C:\Windows\System\ilonKiA.exe
  C:\Windows\System\ilonKiA.exe
  2⤵
  PID:6156
- C:\Windows\System\kIPiuQp.exe
  C:\Windows\System\kIPiuQp.exe
  2⤵
  PID:6172
- C:\Windows\System\qybcrDF.exe
  C:\Windows\System\qybcrDF.exe
  2⤵
  PID:6188
- C:\Windows\System\Igbkwtu.exe
  C:\Windows\System\Igbkwtu.exe
  2⤵
  PID:6204
- C:\Windows\System\nQLUzke.exe
  C:\Windows\System\nQLUzke.exe
  2⤵
  PID:6220
- C:\Windows\System\RJcVrEG.exe
  C:\Windows\System\RJcVrEG.exe
  2⤵
  PID:6236
- C:\Windows\System\JGPASVG.exe
  C:\Windows\System\JGPASVG.exe
  2⤵
  PID:6252
- C:\Windows\System\gIrpXjL.exe
  C:\Windows\System\gIrpXjL.exe
  2⤵
  PID:6332
- C:\Windows\System\JsrNysm.exe
  C:\Windows\System\JsrNysm.exe
  2⤵
  PID:6364
- C:\Windows\System\pqaEszH.exe
  C:\Windows\System\pqaEszH.exe
  2⤵
  PID:6380
- C:\Windows\System\oJTojMF.exe
  C:\Windows\System\oJTojMF.exe
  2⤵
  PID:6396
- C:\Windows\System\JuqEHhq.exe
  C:\Windows\System\JuqEHhq.exe
  2⤵
  PID:6412
- C:\Windows\System\YphpedQ.exe
  C:\Windows\System\YphpedQ.exe
  2⤵
  PID:6428
- C:\Windows\System\ZnVtSpS.exe
  C:\Windows\System\ZnVtSpS.exe
  2⤵
  PID:6444
- C:\Windows\System\pWcNAdg.exe
  C:\Windows\System\pWcNAdg.exe
  2⤵
  PID:6460
- C:\Windows\System\UVxxDHc.exe
  C:\Windows\System\UVxxDHc.exe
  2⤵
  PID:6476
- C:\Windows\System\GZdoPas.exe
  C:\Windows\System\GZdoPas.exe
  2⤵
  PID:6492
- C:\Windows\System\sfuSORX.exe
  C:\Windows\System\sfuSORX.exe
  2⤵
  PID:6508
- C:\Windows\System\yyKEVIz.exe
  C:\Windows\System\yyKEVIz.exe
  2⤵
  PID:6548
- C:\Windows\System\BWlLZwP.exe
  C:\Windows\System\BWlLZwP.exe
  2⤵
  PID:6564
- C:\Windows\System\NcrUaSC.exe
  C:\Windows\System\NcrUaSC.exe
  2⤵
  PID:6580
- C:\Windows\System\UqnocEP.exe
  C:\Windows\System\UqnocEP.exe
  2⤵
  PID:6596
- C:\Windows\System\qdEjtoC.exe
  C:\Windows\System\qdEjtoC.exe
  2⤵
  PID:6616
- C:\Windows\System\zplsEKS.exe
  C:\Windows\System\zplsEKS.exe
  2⤵
  PID:6668
- C:\Windows\System\whinLOh.exe
  C:\Windows\System\whinLOh.exe
  2⤵
  PID:6688
- C:\Windows\System\mRRiliF.exe
  C:\Windows\System\mRRiliF.exe
  2⤵
  PID:6708
- C:\Windows\System\IbXoovH.exe
  C:\Windows\System\IbXoovH.exe
  2⤵
  PID:6888
- C:\Windows\System\RWRHnID.exe
  C:\Windows\System\RWRHnID.exe
  2⤵
  PID:6920
- C:\Windows\System\GgACKRp.exe
  C:\Windows\System\GgACKRp.exe
  2⤵
  PID:6936
- C:\Windows\System\zBloDlN.exe
  C:\Windows\System\zBloDlN.exe
  2⤵
  PID:6952
- C:\Windows\System\ccxEiqz.exe
  C:\Windows\System\ccxEiqz.exe
  2⤵
  PID:6968
- C:\Windows\System\GmxLWmU.exe
  C:\Windows\System\GmxLWmU.exe
  2⤵
  PID:6984
- C:\Windows\System\xQKwOHs.exe
  C:\Windows\System\xQKwOHs.exe
  2⤵
  PID:7000
- C:\Windows\System\IbtqjUo.exe
  C:\Windows\System\IbtqjUo.exe
  2⤵
  PID:7016
- C:\Windows\System\YxRbrHV.exe
  C:\Windows\System\YxRbrHV.exe
  2⤵
  PID:7032
- C:\Windows\System\KeMisBb.exe
  C:\Windows\System\KeMisBb.exe
  2⤵
  PID:7048
- C:\Windows\System\IGVhIPO.exe
  C:\Windows\System\IGVhIPO.exe
  2⤵
  PID:7064
- C:\Windows\System\eaPnuHZ.exe
  C:\Windows\System\eaPnuHZ.exe
  2⤵
  PID:7080
- C:\Windows\System\KPdpDkR.exe
  C:\Windows\System\KPdpDkR.exe
  2⤵
  PID:7096
- C:\Windows\System\zpeNWhR.exe
  C:\Windows\System\zpeNWhR.exe
  2⤵
  PID:7112
- C:\Windows\System\UsmurqO.exe
  C:\Windows\System\UsmurqO.exe
  2⤵
  PID:7128
- C:\Windows\System\KFZiGiv.exe
  C:\Windows\System\KFZiGiv.exe
  2⤵
  PID:7144
- C:\Windows\System\YpzXnJu.exe
  C:\Windows\System\YpzXnJu.exe
  2⤵
  PID:7160
- C:\Windows\System\ABIsrnT.exe
  C:\Windows\System\ABIsrnT.exe
  2⤵
  PID:2880
- C:\Windows\System\ZuhOytL.exe
  C:\Windows\System\ZuhOytL.exe
  2⤵
  PID:6152
- C:\Windows\System\cDRqWwb.exe
  C:\Windows\System\cDRqWwb.exe
  2⤵
  PID:6196
- C:\Windows\System\MnoLneg.exe
  C:\Windows\System\MnoLneg.exe
  2⤵
  PID:6232
- C:\Windows\System\kqtgBsQ.exe
  C:\Windows\System\kqtgBsQ.exe
  2⤵
  PID:6264
- C:\Windows\System\sXiJYfp.exe
  C:\Windows\System\sXiJYfp.exe
  2⤵
  PID:6288
- C:\Windows\System\PagCwmH.exe
  C:\Windows\System\PagCwmH.exe
  2⤵
  PID:6304
- C:\Windows\System\uPqaBXS.exe
  C:\Windows\System\uPqaBXS.exe
  2⤵
  PID:6324
- C:\Windows\System\nDpxHwf.exe
  C:\Windows\System\nDpxHwf.exe
  2⤵
  PID:6436
- C:\Windows\System\XmVOCar.exe
  C:\Windows\System\XmVOCar.exe
  2⤵
  PID:6500
- C:\Windows\System\PKmGQoi.exe
  C:\Windows\System\PKmGQoi.exe
  2⤵
  PID:6356
- C:\Windows\System\swPuqfq.exe
  C:\Windows\System\swPuqfq.exe
  2⤵
  PID:6504
- C:\Windows\System\EYrnQrX.exe
  C:\Windows\System\EYrnQrX.exe
  2⤵
  PID:6340
- C:\Windows\System\QvyVCob.exe
  C:\Windows\System\QvyVCob.exe
  2⤵
  PID:6392
- C:\Windows\System\PybzVQY.exe
  C:\Windows\System\PybzVQY.exe
  2⤵
  PID:6528
- C:\Windows\System\fQrhpXH.exe
  C:\Windows\System\fQrhpXH.exe
  2⤵
  PID:6560
- C:\Windows\System\svCEJYM.exe
  C:\Windows\System\svCEJYM.exe
  2⤵
  PID:6572
- C:\Windows\System\DzLhJEU.exe
  C:\Windows\System\DzLhJEU.exe
  2⤵
  PID:6604
- C:\Windows\System\FsASjCG.exe
  C:\Windows\System\FsASjCG.exe
  2⤵
  PID:6632
- C:\Windows\System\zDUYzci.exe
  C:\Windows\System\zDUYzci.exe
  2⤵
  PID:6640
- C:\Windows\System\iWKLaSG.exe
  C:\Windows\System\iWKLaSG.exe
  2⤵
  PID:6656
- C:\Windows\System\RjixbzI.exe
  C:\Windows\System\RjixbzI.exe
  2⤵
  PID:6716
- C:\Windows\System\sEYppNM.exe
  C:\Windows\System\sEYppNM.exe
  2⤵
  PID:6696
- C:\Windows\System\qcJiQdc.exe
  C:\Windows\System\qcJiQdc.exe
  2⤵
  PID:6744
- C:\Windows\System\qOkYqjm.exe
  C:\Windows\System\qOkYqjm.exe
  2⤵
  PID:6760
- C:\Windows\System\fjNGivZ.exe
  C:\Windows\System\fjNGivZ.exe
  2⤵
  PID:6800
- C:\Windows\System\vUNVDKD.exe
  C:\Windows\System\vUNVDKD.exe
  2⤵
  PID:6828
- C:\Windows\System\nOeMRcq.exe
  C:\Windows\System\nOeMRcq.exe
  2⤵
  PID:6732
- C:\Windows\System\qWoBvCB.exe
  C:\Windows\System\qWoBvCB.exe
  2⤵
  PID:6852
- C:\Windows\System\bkCAUSU.exe
  C:\Windows\System\bkCAUSU.exe
  2⤵
  PID:6808
- C:\Windows\System\WoRibTV.exe
  C:\Windows\System\WoRibTV.exe
  2⤵
  PID:6820
- C:\Windows\System\znbbKLa.exe
  C:\Windows\System\znbbKLa.exe
  2⤵
  PID:6772
- C:\Windows\System\xRmkBaR.exe
  C:\Windows\System\xRmkBaR.exe
  2⤵
  PID:6796
- C:\Windows\System\rJDGXek.exe
  C:\Windows\System\rJDGXek.exe
  2⤵
  PID:6928
- C:\Windows\System\HSSyeZv.exe
  C:\Windows\System\HSSyeZv.exe
  2⤵
  PID:6964
- C:\Windows\System\tXiDweI.exe
  C:\Windows\System\tXiDweI.exe
  2⤵
  PID:7028
- C:\Windows\System\xWMxUgN.exe
  C:\Windows\System\xWMxUgN.exe
  2⤵
  PID:7088
- C:\Windows\System\SjQltgu.exe
  C:\Windows\System\SjQltgu.exe
  2⤵
  PID:6900
- C:\Windows\System\IhTGtSX.exe
  C:\Windows\System\IhTGtSX.exe
  2⤵
  PID:6944
- C:\Windows\System\EhjfAON.exe
  C:\Windows\System\EhjfAON.exe
  2⤵
  PID:7008
- C:\Windows\System\OcOHyww.exe
  C:\Windows\System\OcOHyww.exe
  2⤵
  PID:7072
- C:\Windows\System\VQDRGJQ.exe
  C:\Windows\System\VQDRGJQ.exe
  2⤵
  PID:7136
- C:\Windows\System\ukdYldW.exe
  C:\Windows\System\ukdYldW.exe
  2⤵
  PID:7156
- C:\Windows\System\hQCOmpe.exe
  C:\Windows\System\hQCOmpe.exe
  2⤵
  PID:2988
- C:\Windows\System\LJNSHpR.exe
  C:\Windows\System\LJNSHpR.exe
  2⤵
  PID:6164
- C:\Windows\System\BHtcQyE.exe
  C:\Windows\System\BHtcQyE.exe
  2⤵
  PID:4604
- C:\Windows\System\KjkcTkH.exe
  C:\Windows\System\KjkcTkH.exe
  2⤵
  PID:6296
- C:\Windows\System\TcgVKIV.exe
  C:\Windows\System\TcgVKIV.exe
  2⤵
  PID:6316
- C:\Windows\System\UOaQtBg.exe
  C:\Windows\System\UOaQtBg.exe
  2⤵
  PID:6148
- C:\Windows\System\AZLdYlr.exe
  C:\Windows\System\AZLdYlr.exe
  2⤵
  PID:6472
- C:\Windows\System\RuzTarb.exe
  C:\Windows\System\RuzTarb.exe
  2⤵
  PID:6520
- C:\Windows\System\uEjaNeP.exe
  C:\Windows\System\uEjaNeP.exe
  2⤵
  PID:6516
- C:\Windows\System\GRwmrwJ.exe
  C:\Windows\System\GRwmrwJ.exe
  2⤵
  PID:6664
- C:\Windows\System\mAJnyiP.exe
  C:\Windows\System\mAJnyiP.exe
  2⤵
  PID:6792
- C:\Windows\System\FYZVsKX.exe
  C:\Windows\System\FYZVsKX.exe
  2⤵
  PID:6840
- C:\Windows\System\STcijOh.exe
  C:\Windows\System\STcijOh.exe
  2⤵
  PID:6768
- C:\Windows\System\YpfZSKV.exe
  C:\Windows\System\YpfZSKV.exe
  2⤵
  PID:6996
- C:\Windows\System\rrYePow.exe
  C:\Windows\System\rrYePow.exe
  2⤵
  PID:6648
- C:\Windows\System\RyJlqEc.exe
  C:\Windows\System\RyJlqEc.exe
  2⤵
  PID:6488
- C:\Windows\System\YToKhRy.exe
  C:\Windows\System\YToKhRy.exe
  2⤵
  PID:6784
- C:\Windows\System\jHUfhzJ.exe
  C:\Windows\System\jHUfhzJ.exe
  2⤵
  PID:6700
- C:\Windows\System\ivAduZD.exe
  C:\Windows\System\ivAduZD.exe
  2⤵
  PID:6844
- C:\Windows\System\HZKHYVM.exe
  C:\Windows\System\HZKHYVM.exe
  2⤵
  PID:7060
- C:\Windows\System\UmrhsJr.exe
  C:\Windows\System\UmrhsJr.exe
  2⤵
  PID:6976
- C:\Windows\System\docgrhn.exe
  C:\Windows\System\docgrhn.exe
  2⤵
  PID:6180
- C:\Windows\System\BmDNNjI.exe
  C:\Windows\System\BmDNNjI.exe
  2⤵
  PID:6980
- C:\Windows\System\nMouXlE.exe
  C:\Windows\System\nMouXlE.exe
  2⤵
  PID:7040
- C:\Windows\System\URzTnyn.exe
  C:\Windows\System\URzTnyn.exe
  2⤵
  PID:6372
- C:\Windows\System\FeqknYN.exe
  C:\Windows\System\FeqknYN.exe
  2⤵
  PID:6200
- C:\Windows\System\uiXoGvV.exe
  C:\Windows\System\uiXoGvV.exe
  2⤵
  PID:6408
- C:\Windows\System\vzZuNIQ.exe
  C:\Windows\System\vzZuNIQ.exe
  2⤵
  PID:6484
- C:\Windows\System\GztnAKu.exe
  C:\Windows\System\GztnAKu.exe
  2⤵
  PID:6848
- C:\Windows\System\nqgTFYO.exe
  C:\Windows\System\nqgTFYO.exe
  2⤵
  PID:6344
- C:\Windows\System\WAyVHMD.exe
  C:\Windows\System\WAyVHMD.exe
  2⤵
  PID:6740
- C:\Windows\System\jlRgVjr.exe
  C:\Windows\System\jlRgVjr.exe
  2⤵
  PID:6816
- C:\Windows\System\ZTVeRJm.exe
  C:\Windows\System\ZTVeRJm.exe
  2⤵
  PID:6228
- C:\Windows\System\mQwTOJH.exe
  C:\Windows\System\mQwTOJH.exe
  2⤵
  PID:5756
- C:\Windows\System\ZVEKJIB.exe
  C:\Windows\System\ZVEKJIB.exe
  2⤵
  PID:6260
- C:\Windows\System\PXgQzeS.exe
  C:\Windows\System\PXgQzeS.exe
  2⤵
  PID:7176
- C:\Windows\System\OnKFFXN.exe
  C:\Windows\System\OnKFFXN.exe
  2⤵
  PID:7192
- C:\Windows\System\xoLyeup.exe
  C:\Windows\System\xoLyeup.exe
  2⤵
  PID:7208
- C:\Windows\System\zwqpFNu.exe
  C:\Windows\System\zwqpFNu.exe
  2⤵
  PID:7224
- C:\Windows\System\PtkhELY.exe
  C:\Windows\System\PtkhELY.exe
  2⤵
  PID:7240
- C:\Windows\System\xZQxfjx.exe
  C:\Windows\System\xZQxfjx.exe
  2⤵
  PID:7256
- C:\Windows\System\qYvRATX.exe
  C:\Windows\System\qYvRATX.exe
  2⤵
  PID:7272
- C:\Windows\System\dgeKXnE.exe
  C:\Windows\System\dgeKXnE.exe
  2⤵
  PID:7288
- C:\Windows\System\OFogEMl.exe
  C:\Windows\System\OFogEMl.exe
  2⤵
  PID:7304
- C:\Windows\System\uLdDIiu.exe
  C:\Windows\System\uLdDIiu.exe
  2⤵
  PID:7320
- C:\Windows\System\rzdBEHY.exe
  C:\Windows\System\rzdBEHY.exe
  2⤵
  PID:7336
- C:\Windows\System\MWfhKHX.exe
  C:\Windows\System\MWfhKHX.exe
  2⤵
  PID:7352
- C:\Windows\System\ZhrlGBk.exe
  C:\Windows\System\ZhrlGBk.exe
  2⤵
  PID:7368
- C:\Windows\System\XeQpZKA.exe
  C:\Windows\System\XeQpZKA.exe
  2⤵
  PID:7384
- C:\Windows\System\hxLZlSQ.exe
  C:\Windows\System\hxLZlSQ.exe
  2⤵
  PID:7400
- C:\Windows\System\JSjqlpR.exe
  C:\Windows\System\JSjqlpR.exe
  2⤵
  PID:7416
- C:\Windows\System\XKQpWVg.exe
  C:\Windows\System\XKQpWVg.exe
  2⤵
  PID:7432
- C:\Windows\System\TzysUir.exe
  C:\Windows\System\TzysUir.exe
  2⤵
  PID:7448
- C:\Windows\System\wUNVAlt.exe
  C:\Windows\System\wUNVAlt.exe
  2⤵
  PID:7464
- C:\Windows\System\cyVFhZe.exe
  C:\Windows\System\cyVFhZe.exe
  2⤵
  PID:7480
- C:\Windows\System\DzcVMeL.exe
  C:\Windows\System\DzcVMeL.exe
  2⤵
  PID:7496
- C:\Windows\System\cnsHwlN.exe
  C:\Windows\System\cnsHwlN.exe
  2⤵
  PID:7512
- C:\Windows\System\rFwNocZ.exe
  C:\Windows\System\rFwNocZ.exe
  2⤵
  PID:7528
- C:\Windows\System\aQmSurR.exe
  C:\Windows\System\aQmSurR.exe
  2⤵
  PID:7544
- C:\Windows\System\WegmIwV.exe
  C:\Windows\System\WegmIwV.exe
  2⤵
  PID:7560
- C:\Windows\System\mePirzj.exe
  C:\Windows\System\mePirzj.exe
  2⤵
  PID:7576
- C:\Windows\System\tpbdobl.exe
  C:\Windows\System\tpbdobl.exe
  2⤵
  PID:7592
- C:\Windows\System\rdjbIek.exe
  C:\Windows\System\rdjbIek.exe
  2⤵
  PID:7608
- C:\Windows\System\AVVfUWo.exe
  C:\Windows\System\AVVfUWo.exe
  2⤵
  PID:7624
- C:\Windows\System\HjfSEYD.exe
  C:\Windows\System\HjfSEYD.exe
  2⤵
  PID:7640
- C:\Windows\System\geUrcpT.exe
  C:\Windows\System\geUrcpT.exe
  2⤵
  PID:7656
- C:\Windows\System\eAndECe.exe
  C:\Windows\System\eAndECe.exe
  2⤵
  PID:7672
- C:\Windows\System\tNHABBv.exe
  C:\Windows\System\tNHABBv.exe
  2⤵
  PID:7688
- C:\Windows\System\SPDJsgb.exe
  C:\Windows\System\SPDJsgb.exe
  2⤵
  PID:7704
- C:\Windows\System\rnyCggB.exe
  C:\Windows\System\rnyCggB.exe
  2⤵
  PID:7720
- C:\Windows\System\dfalSwW.exe
  C:\Windows\System\dfalSwW.exe
  2⤵
  PID:7736
- C:\Windows\System\AZilsEN.exe
  C:\Windows\System\AZilsEN.exe
  2⤵
  PID:7756
- C:\Windows\System\wMZiczg.exe
  C:\Windows\System\wMZiczg.exe
  2⤵
  PID:7772
- C:\Windows\System\WTMkaVe.exe
  C:\Windows\System\WTMkaVe.exe
  2⤵
  PID:7788
- C:\Windows\System\dKhCVoh.exe
  C:\Windows\System\dKhCVoh.exe
  2⤵
  PID:7804
- C:\Windows\System\pklRRaN.exe
  C:\Windows\System\pklRRaN.exe
  2⤵
  PID:7820
- C:\Windows\System\YAYJiOV.exe
  C:\Windows\System\YAYJiOV.exe
  2⤵
  PID:7836
- C:\Windows\System\EdWsJJB.exe
  C:\Windows\System\EdWsJJB.exe
  2⤵
  PID:7852
- C:\Windows\System\cQoEMYo.exe
  C:\Windows\System\cQoEMYo.exe
  2⤵
  PID:7868
- C:\Windows\System\GYcWEle.exe
  C:\Windows\System\GYcWEle.exe
  2⤵
  PID:7884
- C:\Windows\System\GTufvXc.exe
  C:\Windows\System\GTufvXc.exe
  2⤵
  PID:7904
- C:\Windows\System\YYownhl.exe
  C:\Windows\System\YYownhl.exe
  2⤵
  PID:7920
- C:\Windows\System\conicUd.exe
  C:\Windows\System\conicUd.exe
  2⤵
  PID:7936
- C:\Windows\System\mBHJkmi.exe
  C:\Windows\System\mBHJkmi.exe
  2⤵
  PID:7956
- C:\Windows\System\tyQqTET.exe
  C:\Windows\System\tyQqTET.exe
  2⤵
  PID:7972
- C:\Windows\System\NAnKURk.exe
  C:\Windows\System\NAnKURk.exe
  2⤵
  PID:7988
- C:\Windows\System\kblcJPq.exe
  C:\Windows\System\kblcJPq.exe
  2⤵
  PID:8004
- C:\Windows\System\vYKZSFh.exe
  C:\Windows\System\vYKZSFh.exe
  2⤵
  PID:8020
- C:\Windows\System\msbxwpX.exe
  C:\Windows\System\msbxwpX.exe
  2⤵
  PID:8036
- C:\Windows\System\qxRTstw.exe
  C:\Windows\System\qxRTstw.exe
  2⤵
  PID:8052
- C:\Windows\System\lEpSxUx.exe
  C:\Windows\System\lEpSxUx.exe
  2⤵
  PID:8072
- C:\Windows\System\LNKbyHz.exe
  C:\Windows\System\LNKbyHz.exe
  2⤵
  PID:8092
- C:\Windows\System\upRsRSa.exe
  C:\Windows\System\upRsRSa.exe
  2⤵
  PID:8108
- C:\Windows\System\OanLDtu.exe
  C:\Windows\System\OanLDtu.exe
  2⤵
  PID:8124
- C:\Windows\System\MvARgIi.exe
  C:\Windows\System\MvARgIi.exe
  2⤵
  PID:8140
- C:\Windows\System\wTWNXCD.exe
  C:\Windows\System\wTWNXCD.exe
  2⤵
  PID:8160
- C:\Windows\System\AOqLeOs.exe
  C:\Windows\System\AOqLeOs.exe
  2⤵
  PID:8176
- C:\Windows\System\Vabeifv.exe
  C:\Windows\System\Vabeifv.exe
  2⤵
  PID:6544
- C:\Windows\System\qMciaML.exe
  C:\Windows\System\qMciaML.exe
  2⤵
  PID:6276
- C:\Windows\System\ZLgvOhU.exe
  C:\Windows\System\ZLgvOhU.exe
  2⤵
  PID:5184
- C:\Windows\System\yFMNnHu.exe
  C:\Windows\System\yFMNnHu.exe
  2⤵
  PID:6780
- C:\Windows\System\pgnprek.exe
  C:\Windows\System\pgnprek.exe
  2⤵
  PID:7296
- C:\Windows\System\atFqJdG.exe
  C:\Windows\System\atFqJdG.exe
  2⤵
  PID:6320
- C:\Windows\System\ujaHDFJ.exe
  C:\Windows\System\ujaHDFJ.exe
  2⤵
  PID:6280
- C:\Windows\System\mAzkCTd.exe
  C:\Windows\System\mAzkCTd.exe
  2⤵
  PID:7236
- C:\Windows\System\jlXPFBk.exe
  C:\Windows\System\jlXPFBk.exe
  2⤵
  PID:7328
- C:\Windows\System\BXvKdcU.exe
  C:\Windows\System\BXvKdcU.exe
  2⤵
  PID:6904
- C:\Windows\System\zKzpvNP.exe
  C:\Windows\System\zKzpvNP.exe
  2⤵
  PID:7252
- C:\Windows\System\zFqvCID.exe
  C:\Windows\System\zFqvCID.exe
  2⤵
  PID:7348
- C:\Windows\System\qhFPotf.exe
  C:\Windows\System\qhFPotf.exe
  2⤵
  PID:7412
- C:\Windows\System\hFMmPmF.exe
  C:\Windows\System\hFMmPmF.exe
  2⤵
  PID:7472
- C:\Windows\System\cksckJQ.exe
  C:\Windows\System\cksckJQ.exe
  2⤵
  PID:7428
- C:\Windows\System\iGyHJVr.exe
  C:\Windows\System\iGyHJVr.exe
  2⤵
  PID:7392
- C:\Windows\System\EjPsyeq.exe
  C:\Windows\System\EjPsyeq.exe
  2⤵
  PID:7540
- C:\Windows\System\wCJXABu.exe
  C:\Windows\System\wCJXABu.exe
  2⤵
  PID:7520
- C:\Windows\System\yBWSuRy.exe
  C:\Windows\System\yBWSuRy.exe
  2⤵
  PID:7616
- C:\Windows\System\YVStMCj.exe
  C:\Windows\System\YVStMCj.exe
  2⤵
  PID:7604
- C:\Windows\System\lAZzArH.exe
  C:\Windows\System\lAZzArH.exe
  2⤵
  PID:7684
- C:\Windows\System\AKPlfGJ.exe
  C:\Windows\System\AKPlfGJ.exe
  2⤵
  PID:7668
- C:\Windows\System\HmVgJOg.exe
  C:\Windows\System\HmVgJOg.exe
  2⤵
  PID:7732
- C:\Windows\System\hLhbdmk.exe
  C:\Windows\System\hLhbdmk.exe
  2⤵
  PID:7716
- C:\Windows\System\FmebOdY.exe
  C:\Windows\System\FmebOdY.exe
  2⤵
  PID:7768
- C:\Windows\System\OqsipWO.exe
  C:\Windows\System\OqsipWO.exe
  2⤵
  PID:7864
- C:\Windows\System\mgsUvxN.exe
  C:\Windows\System\mgsUvxN.exe
  2⤵
  PID:7900
- C:\Windows\System\iubMkxV.exe
  C:\Windows\System\iubMkxV.exe
  2⤵
  PID:7796
- C:\Windows\System\jPDDKMd.exe
  C:\Windows\System\jPDDKMd.exe
  2⤵
  PID:7996
- C:\Windows\System\QHmSptV.exe
  C:\Windows\System\QHmSptV.exe
  2⤵
  PID:8060
- C:\Windows\System\vnziKvK.exe
  C:\Windows\System\vnziKvK.exe
  2⤵
  PID:7876
- C:\Windows\System\PiggOhW.exe
  C:\Windows\System\PiggOhW.exe
  2⤵
  PID:8012
- C:\Windows\System\OVzwktV.exe
  C:\Windows\System\OVzwktV.exe
  2⤵
  PID:7980
- C:\Windows\System\Uaepbik.exe
  C:\Windows\System\Uaepbik.exe
  2⤵
  PID:8048
- C:\Windows\System\DQxBEzF.exe
  C:\Windows\System\DQxBEzF.exe
  2⤵
  PID:8132
- C:\Windows\System\GHbFMIk.exe
  C:\Windows\System\GHbFMIk.exe
  2⤵
  PID:3532
- C:\Windows\System\UHCBkUR.exe
  C:\Windows\System\UHCBkUR.exe
  2⤵
  PID:7712
- C:\Windows\System\NAsycIK.exe
  C:\Windows\System\NAsycIK.exe
  2⤵
  PID:7476
- C:\Windows\System\vHanpNC.exe
  C:\Windows\System\vHanpNC.exe
  2⤵
  PID:7300
- C:\Windows\System\IwufZHY.exe
  C:\Windows\System\IwufZHY.exe
  2⤵
  PID:7696
- C:\Windows\System\IDGagnX.exe
  C:\Windows\System\IDGagnX.exe
  2⤵
  PID:7584
- C:\Windows\System\fSwzrrb.exe
  C:\Windows\System\fSwzrrb.exe
  2⤵
  PID:7748
- C:\Windows\System\DZIregc.exe
  C:\Windows\System\DZIregc.exe
  2⤵
  PID:7896
- C:\Windows\System\wzziUZB.exe
  C:\Windows\System\wzziUZB.exe
  2⤵
  PID:7932
- C:\Windows\System\eUAZIKX.exe
  C:\Windows\System\eUAZIKX.exe
  2⤵
  PID:8088
- C:\Windows\System\AJfjhFu.exe
  C:\Windows\System\AJfjhFu.exe
  2⤵
  PID:7944
- C:\Windows\System\LIFChPs.exe
  C:\Windows\System\LIFChPs.exe
  2⤵
  PID:7700
- C:\Windows\System\SfYOBYc.exe
  C:\Windows\System\SfYOBYc.exe
  2⤵
  PID:8064
- C:\Windows\System\unRsrDt.exe
  C:\Windows\System\unRsrDt.exe
  2⤵
  PID:8172
- C:\Windows\System\YHpjwTG.exe
  C:\Windows\System\YHpjwTG.exe
  2⤵
  PID:8104
- C:\Windows\System\VCPIExW.exe
  C:\Windows\System\VCPIExW.exe
  2⤵
  PID:7204
- C:\Windows\System\qXnCgXX.exe
  C:\Windows\System\qXnCgXX.exe
  2⤵
  PID:6592
- C:\Windows\System\svGsuXj.exe
  C:\Windows\System\svGsuXj.exe
  2⤵
  PID:7312
- C:\Windows\System\NPCdeVC.exe
  C:\Windows\System\NPCdeVC.exe
  2⤵
  PID:7508
- C:\Windows\System\zzlrZBl.exe
  C:\Windows\System\zzlrZBl.exe
  2⤵
  PID:8120
- C:\Windows\System\CWWMRlc.exe
  C:\Windows\System\CWWMRlc.exe
  2⤵
  PID:6916
- C:\Windows\System\VpyZYxU.exe
  C:\Windows\System\VpyZYxU.exe
  2⤵
  PID:7832
- C:\Windows\System\sjskgxd.exe
  C:\Windows\System\sjskgxd.exe
  2⤵
  PID:7948
- C:\Windows\System\FTaCgVE.exe
  C:\Windows\System\FTaCgVE.exe
  2⤵
  PID:7952
- C:\Windows\System\olXrypx.exe
  C:\Windows\System\olXrypx.exe
  2⤵
  PID:7848
- C:\Windows\System\nVNAJVM.exe
  C:\Windows\System\nVNAJVM.exe
  2⤵
  PID:7752
- C:\Windows\System\sLJLumC.exe
  C:\Windows\System\sLJLumC.exe
  2⤵
  PID:8148
- C:\Windows\System\tLkFhez.exe
  C:\Windows\System\tLkFhez.exe
  2⤵
  PID:7652
- C:\Windows\System\yeHNKkM.exe
  C:\Windows\System\yeHNKkM.exe
  2⤵
  PID:7664
- C:\Windows\System\ViQEZNz.exe
  C:\Windows\System\ViQEZNz.exe
  2⤵
  PID:7648
- C:\Windows\System\dCSyfdV.exe
  C:\Windows\System\dCSyfdV.exe
  2⤵
  PID:7344
- C:\Windows\System\iUAOhjJ.exe
  C:\Windows\System\iUAOhjJ.exe
  2⤵
  PID:7332
- C:\Windows\System\WlrUZoz.exe
  C:\Windows\System\WlrUZoz.exe
  2⤵
  PID:6932
- C:\Windows\System\rpbhdvk.exe
  C:\Windows\System\rpbhdvk.exe
  2⤵
  PID:7968
- C:\Windows\System\nDXjCPz.exe
  C:\Windows\System\nDXjCPz.exe
  2⤵
  PID:8196
- C:\Windows\System\SUaZhiG.exe
  C:\Windows\System\SUaZhiG.exe
  2⤵
  PID:8212
- C:\Windows\System\hSOPrij.exe
  C:\Windows\System\hSOPrij.exe
  2⤵
  PID:8228
- C:\Windows\System\xAAwQbQ.exe
  C:\Windows\System\xAAwQbQ.exe
  2⤵
  PID:8244
- C:\Windows\System\KIuxflU.exe
  C:\Windows\System\KIuxflU.exe
  2⤵
  PID:8260
- C:\Windows\System\TqrrbYz.exe
  C:\Windows\System\TqrrbYz.exe
  2⤵
  PID:8276
- C:\Windows\System\xVJKHCJ.exe
  C:\Windows\System\xVJKHCJ.exe
  2⤵
  PID:8292
- C:\Windows\System\EjhWLNX.exe
  C:\Windows\System\EjhWLNX.exe
  2⤵
  PID:8308
- C:\Windows\System\UMhcYue.exe
  C:\Windows\System\UMhcYue.exe
  2⤵
  PID:8324
- C:\Windows\System\HFKOwAQ.exe
  C:\Windows\System\HFKOwAQ.exe
  2⤵
  PID:8340
- C:\Windows\System\PHIPSfw.exe
  C:\Windows\System\PHIPSfw.exe
  2⤵
  PID:8364
- C:\Windows\System\YPteCqz.exe
  C:\Windows\System\YPteCqz.exe
  2⤵
  PID:8380
- C:\Windows\System\nMtThEj.exe
  C:\Windows\System\nMtThEj.exe
  2⤵
  PID:8396
- C:\Windows\System\zjAEecc.exe
  C:\Windows\System\zjAEecc.exe
  2⤵
  PID:8416
- C:\Windows\System\FSvBndb.exe
  C:\Windows\System\FSvBndb.exe
  2⤵
  PID:8432
- C:\Windows\System\dbLKwaf.exe
  C:\Windows\System\dbLKwaf.exe
  2⤵
  PID:8448
- C:\Windows\System\jOcuqNW.exe
  C:\Windows\System\jOcuqNW.exe
  2⤵
  PID:8472
- C:\Windows\System\wPGqRnI.exe
  C:\Windows\System\wPGqRnI.exe
  2⤵
  PID:8492
- C:\Windows\System\VYGpDBM.exe
  C:\Windows\System\VYGpDBM.exe
  2⤵
  PID:8508
- C:\Windows\System\vdNxnOb.exe
  C:\Windows\System\vdNxnOb.exe
  2⤵
  PID:8524
- C:\Windows\System\YfNpzdw.exe
  C:\Windows\System\YfNpzdw.exe
  2⤵
  PID:8540
- C:\Windows\System\uugfQDT.exe
  C:\Windows\System\uugfQDT.exe
  2⤵
  PID:8672
- C:\Windows\System\pDKZfjy.exe
  C:\Windows\System\pDKZfjy.exe
  2⤵
  PID:8688
- C:\Windows\System\ndHbNeu.exe
  C:\Windows\System\ndHbNeu.exe
  2⤵
  PID:8720
- C:\Windows\System\gctCIiQ.exe
  C:\Windows\System\gctCIiQ.exe
  2⤵
  PID:8756
- C:\Windows\System\vAivbRU.exe
  C:\Windows\System\vAivbRU.exe
  2⤵
  PID:8792
- C:\Windows\System\TNpKxtW.exe
  C:\Windows\System\TNpKxtW.exe
  2⤵
  PID:8816
- C:\Windows\System\IiIrupy.exe
  C:\Windows\System\IiIrupy.exe
  2⤵
  PID:8840
- C:\Windows\System\rDCcdTy.exe
  C:\Windows\System\rDCcdTy.exe
  2⤵
  PID:8856
- C:\Windows\System\PebbgsY.exe
  C:\Windows\System\PebbgsY.exe
  2⤵
  PID:8872
- C:\Windows\System\SytgCxV.exe
  C:\Windows\System\SytgCxV.exe
  2⤵
  PID:8888
- C:\Windows\System\LkaewPC.exe
  C:\Windows\System\LkaewPC.exe
  2⤵
  PID:8904
- C:\Windows\System\TaCdXzN.exe
  C:\Windows\System\TaCdXzN.exe
  2⤵
  PID:8920
- C:\Windows\System\nTEoYfP.exe
  C:\Windows\System\nTEoYfP.exe
  2⤵
  PID:8936
- C:\Windows\System\qpDBSNA.exe
  C:\Windows\System\qpDBSNA.exe
  2⤵
  PID:8952
- C:\Windows\System\GdKiNlX.exe
  C:\Windows\System\GdKiNlX.exe
  2⤵
  PID:8968
- C:\Windows\System\nQIcMqk.exe
  C:\Windows\System\nQIcMqk.exe
  2⤵
  PID:8984
- C:\Windows\System\sKztpUR.exe
  C:\Windows\System\sKztpUR.exe
  2⤵
  PID:9004
- C:\Windows\System\TUHTMVk.exe
  C:\Windows\System\TUHTMVk.exe
  2⤵
  PID:9020
- C:\Windows\System\ksOrsab.exe
  C:\Windows\System\ksOrsab.exe
  2⤵
  PID:9040
- C:\Windows\System\uSusuFl.exe
  C:\Windows\System\uSusuFl.exe
  2⤵
  PID:9056
- C:\Windows\System\dPAuAgK.exe
  C:\Windows\System\dPAuAgK.exe
  2⤵
  PID:9080
- C:\Windows\System\xwSScPe.exe
  C:\Windows\System\xwSScPe.exe
  2⤵
  PID:9096
- C:\Windows\System\gsHEvpE.exe
  C:\Windows\System\gsHEvpE.exe
  2⤵
  PID:9112
- C:\Windows\System\jUDjHvW.exe
  C:\Windows\System\jUDjHvW.exe
  2⤵
  PID:9132
- C:\Windows\System\WGPMdCU.exe
  C:\Windows\System\WGPMdCU.exe
  2⤵
  PID:9148
- C:\Windows\System\zqrZxTn.exe
  C:\Windows\System\zqrZxTn.exe
  2⤵
  PID:9164
- C:\Windows\System\NLJwQDH.exe
  C:\Windows\System\NLJwQDH.exe
  2⤵
  PID:9180
- C:\Windows\System\hozCkdw.exe
  C:\Windows\System\hozCkdw.exe
  2⤵
  PID:9200
- C:\Windows\System\FvtJeud.exe
  C:\Windows\System\FvtJeud.exe
  2⤵
  PID:7912
- C:\Windows\System\SFdJfLM.exe
  C:\Windows\System\SFdJfLM.exe
  2⤵
  PID:6876
- C:\Windows\System\YPwaGeP.exe
  C:\Windows\System\YPwaGeP.exe
  2⤵
  PID:7184
- C:\Windows\System\XlygFiU.exe
  C:\Windows\System\XlygFiU.exe
  2⤵
  PID:6836
- C:\Windows\System\tcupyRO.exe
  C:\Windows\System\tcupyRO.exe
  2⤵
  PID:8220
- C:\Windows\System\KzKaNdc.exe
  C:\Windows\System\KzKaNdc.exe
  2⤵
  PID:8284
- C:\Windows\System\jRjSRTo.exe
  C:\Windows\System\jRjSRTo.exe
  2⤵
  PID:8348
- C:\Windows\System\jqVmluD.exe
  C:\Windows\System\jqVmluD.exe
  2⤵
  PID:8388
- C:\Windows\System\PspUNle.exe
  C:\Windows\System\PspUNle.exe
  2⤵
  PID:8428
- C:\Windows\System\GZPIoAF.exe
  C:\Windows\System\GZPIoAF.exe
  2⤵
  PID:8532
- C:\Windows\System\xpGhTjW.exe
  C:\Windows\System\xpGhTjW.exe
  2⤵
  PID:8272
- C:\Windows\System\kyJkdhL.exe
  C:\Windows\System\kyJkdhL.exe
  2⤵
  PID:8548
- C:\Windows\System\WsAvljL.exe
  C:\Windows\System\WsAvljL.exe
  2⤵
  PID:8376
- C:\Windows\System\nLwTVAk.exe
  C:\Windows\System\nLwTVAk.exe
  2⤵
  PID:8480
- C:\Windows\System\UpHyUTS.exe
  C:\Windows\System\UpHyUTS.exe
  2⤵
  PID:8520
- C:\Windows\System\CUJaIau.exe
  C:\Windows\System\CUJaIau.exe
  2⤵
  PID:8684
- C:\Windows\System\ObPFOkr.exe
  C:\Windows\System\ObPFOkr.exe
  2⤵
  PID:8576
- C:\Windows\System\TBhHwTP.exe
  C:\Windows\System\TBhHwTP.exe
  2⤵
  PID:8592
- C:\Windows\System\fdCwyJM.exe
  C:\Windows\System\fdCwyJM.exe
  2⤵
  PID:8608
- C:\Windows\System\ogfLqWr.exe
  C:\Windows\System\ogfLqWr.exe
  2⤵
  PID:8624
- C:\Windows\System\lzxScBp.exe
  C:\Windows\System\lzxScBp.exe
  2⤵
  PID:8640
- C:\Windows\System\HfWpvvu.exe
  C:\Windows\System\HfWpvvu.exe
  2⤵
  PID:8656
- C:\Windows\System\NJBqIbd.exe
  C:\Windows\System\NJBqIbd.exe
  2⤵
  PID:8704
- C:\Windows\System\GHZXWJM.exe
  C:\Windows\System\GHZXWJM.exe
  2⤵
  PID:8716
- C:\Windows\System\DhJGWjv.exe
  C:\Windows\System\DhJGWjv.exe
  2⤵
  PID:8808
- C:\Windows\System\zbGjQbv.exe
  C:\Windows\System\zbGjQbv.exe
  2⤵
  PID:8852
- C:\Windows\System\hZwrlSY.exe
  C:\Windows\System\hZwrlSY.exe
  2⤵
  PID:9048
- C:\Windows\System\PwDyyfz.exe
  C:\Windows\System\PwDyyfz.exe
  2⤵
  PID:9120
- C:\Windows\System\giqjPwR.exe
  C:\Windows\System\giqjPwR.exe
  2⤵
  PID:9160
- C:\Windows\System\gsGgtNv.exe
  C:\Windows\System\gsGgtNv.exe
  2⤵
  PID:7280
- C:\Windows\System\wjOWwLY.exe
  C:\Windows\System\wjOWwLY.exe
  2⤵
  PID:8256
- C:\Windows\System\gvZduid.exe
  C:\Windows\System\gvZduid.exe
  2⤵
  PID:8460
- C:\Windows\System\FGunXTf.exe
  C:\Windows\System\FGunXTf.exe
  2⤵
  PID:8788
- C:\Windows\System\gQHUdLP.exe
  C:\Windows\System\gQHUdLP.exe
  2⤵
  PID:8444
- C:\Windows\System\TzSprbm.exe
  C:\Windows\System\TzSprbm.exe
  2⤵
  PID:8584
- C:\Windows\System\CerbfgF.exe
  C:\Windows\System\CerbfgF.exe
  2⤵
  PID:8440
- C:\Windows\System\rboUAcW.exe
  C:\Windows\System\rboUAcW.exe
  2⤵
  PID:8712
- C:\Windows\System\quyFZZP.exe
  C:\Windows\System\quyFZZP.exe
  2⤵
  PID:8456
- C:\Windows\System\rnvXwvc.exe
  C:\Windows\System\rnvXwvc.exe
  2⤵
  PID:8268
- C:\Windows\System\KVPfHKY.exe
  C:\Windows\System\KVPfHKY.exe
  2⤵
  PID:8776
- C:\Windows\System\fjDMCWp.exe
  C:\Windows\System\fjDMCWp.exe
  2⤵
  PID:8928
- C:\Windows\System\EhNiVqo.exe
  C:\Windows\System\EhNiVqo.exe
  2⤵
  PID:9064
- C:\Windows\System\mSbWktj.exe
  C:\Windows\System\mSbWktj.exe
  2⤵
  PID:9208
- C:\Windows\System\iGselLf.exe
  C:\Windows\System\iGselLf.exe
  2⤵
  PID:8868
- C:\Windows\System\iJoiETp.exe
  C:\Windows\System\iJoiETp.exe
  2⤵
  PID:8960
- C:\Windows\System\crYNoip.exe
  C:\Windows\System\crYNoip.exe
  2⤵
  PID:8748
- C:\Windows\System\ipZPlkA.exe
  C:\Windows\System\ipZPlkA.exe
  2⤵
  PID:8568
- C:\Windows\System\EXoUXcc.exe
  C:\Windows\System\EXoUXcc.exe
  2⤵
  PID:8636
- C:\Windows\System\TRoUacL.exe
  C:\Windows\System\TRoUacL.exe
  2⤵
  PID:9068
- C:\Windows\System\UOPszxb.exe
  C:\Windows\System\UOPszxb.exe
  2⤵
  PID:9144
- C:\Windows\System\EtLJMPH.exe
  C:\Windows\System\EtLJMPH.exe
  2⤵
  PID:6540
- C:\Windows\System\vgZkbqJ.exe
  C:\Windows\System\vgZkbqJ.exe
  2⤵
  PID:8944
- C:\Windows\System\PXmVQjv.exe
  C:\Windows\System\PXmVQjv.exe
  2⤵
  PID:8800
- C:\Windows\System\sDUvnpK.exe
  C:\Windows\System\sDUvnpK.exe
  2⤵
  PID:8948
- C:\Windows\System\PoTKZnA.exe
  C:\Windows\System\PoTKZnA.exe
  2⤵
  PID:8980
- C:\Windows\System\vTgBcrK.exe
  C:\Windows\System\vTgBcrK.exe
  2⤵
  PID:9128
- C:\Windows\System\jrdEmZf.exe
  C:\Windows\System\jrdEmZf.exe
  2⤵
  PID:8560
- C:\Windows\System\uQzekAe.exe
  C:\Windows\System\uQzekAe.exe
  2⤵
  PID:8652
- C:\Windows\System\vzAqILr.exe
  C:\Windows\System\vzAqILr.exe
  2⤵
  PID:8620
- C:\Windows\System\QIwuteW.exe
  C:\Windows\System\QIwuteW.exe
  2⤵
  PID:8772
- C:\Windows\System\hnCiuJL.exe
  C:\Windows\System\hnCiuJL.exe
  2⤵
  PID:8100
- C:\Windows\System\OgxgMDa.exe
  C:\Windows\System\OgxgMDa.exe
  2⤵
  PID:8316
- C:\Windows\System\FfnxDmN.exe
  C:\Windows\System\FfnxDmN.exe
  2⤵
  PID:8604
- C:\Windows\System\YEcRuoH.exe
  C:\Windows\System\YEcRuoH.exe
  2⤵
  PID:8764
- C:\Windows\System\qRoNlPY.exe
  C:\Windows\System\qRoNlPY.exe
  2⤵
  PID:8832
- C:\Windows\System\krvCukp.exe
  C:\Windows\System\krvCukp.exe
  2⤵
  PID:8916
- C:\Windows\System\cQPmzXC.exe
  C:\Windows\System\cQPmzXC.exe
  2⤵
  PID:8964
- C:\Windows\System\npNcBUH.exe
  C:\Windows\System\npNcBUH.exe
  2⤵
  PID:8744
- C:\Windows\System\EmmeSOe.exe
  C:\Windows\System\EmmeSOe.exe
  2⤵
  PID:8976
- C:\Windows\System\hwnnCVz.exe
  C:\Windows\System\hwnnCVz.exe
  2⤵
  PID:8752
- C:\Windows\System\SZwOgvW.exe
  C:\Windows\System\SZwOgvW.exe
  2⤵
  PID:8700
- C:\Windows\System\VFOxRle.exe
  C:\Windows\System\VFOxRle.exe
  2⤵
  PID:7556
- C:\Windows\System\yUGKTId.exe
  C:\Windows\System\yUGKTId.exe
  2⤵
  PID:8536
- C:\Windows\System\FYHoKfI.exe
  C:\Windows\System\FYHoKfI.exe
  2⤵
  PID:8932
- C:\Windows\System\SVxuANJ.exe
  C:\Windows\System\SVxuANJ.exe
  2⤵
  PID:7232
- C:\Windows\System\Hcuijxg.exe
  C:\Windows\System\Hcuijxg.exe
  2⤵
  PID:8696
- C:\Windows\System\YVXshpb.exe
  C:\Windows\System\YVXshpb.exe
  2⤵
  PID:8824
- C:\Windows\System\gzaAjpk.exe
  C:\Windows\System\gzaAjpk.exe
  2⤵
  PID:8360
- C:\Windows\System\YCiYvVF.exe
  C:\Windows\System\YCiYvVF.exe
  2⤵
  PID:9000
- C:\Windows\System\duSnqIf.exe
  C:\Windows\System\duSnqIf.exe
  2⤵
  PID:8680
- C:\Windows\System\vAdglBv.exe
  C:\Windows\System\vAdglBv.exe
  2⤵
  PID:9232
- C:\Windows\System\YgTFuas.exe
  C:\Windows\System\YgTFuas.exe
  2⤵
  PID:9248
- C:\Windows\System\CcSXnrD.exe
  C:\Windows\System\CcSXnrD.exe
  2⤵
  PID:9264
- C:\Windows\System\vdWZxAu.exe
  C:\Windows\System\vdWZxAu.exe
  2⤵
  PID:9280
- C:\Windows\System\aUkWxZQ.exe
  C:\Windows\System\aUkWxZQ.exe
  2⤵
  PID:9296
- C:\Windows\System\KDlSxBu.exe
  C:\Windows\System\KDlSxBu.exe
  2⤵
  PID:9312
- C:\Windows\System\gDMchAN.exe
  C:\Windows\System\gDMchAN.exe
  2⤵
  PID:9328
- C:\Windows\System\WPybVWr.exe
  C:\Windows\System\WPybVWr.exe
  2⤵
  PID:9352
- C:\Windows\System\AiSuIvG.exe
  C:\Windows\System\AiSuIvG.exe
  2⤵
  PID:9368
- C:\Windows\System\OLTkuVH.exe
  C:\Windows\System\OLTkuVH.exe
  2⤵
  PID:9384
- C:\Windows\System\ulBbKCt.exe
  C:\Windows\System\ulBbKCt.exe
  2⤵
  PID:9400
- C:\Windows\System\MbuhhXr.exe
  C:\Windows\System\MbuhhXr.exe
  2⤵
  PID:9416
- C:\Windows\System\fFDmheb.exe
  C:\Windows\System\fFDmheb.exe
  2⤵
  PID:9432
- C:\Windows\System\epzOJRe.exe
  C:\Windows\System\epzOJRe.exe
  2⤵
  PID:9448
- C:\Windows\System\dnAEyPD.exe
  C:\Windows\System\dnAEyPD.exe
  2⤵
  PID:9464
- C:\Windows\System\IkZMyet.exe
  C:\Windows\System\IkZMyet.exe
  2⤵
  PID:9480
- C:\Windows\System\zgTTEkG.exe
  C:\Windows\System\zgTTEkG.exe
  2⤵
  PID:9496
- C:\Windows\System\NpzroKS.exe
  C:\Windows\System\NpzroKS.exe
  2⤵
  PID:9552
- C:\Windows\System\PzwtRUV.exe
  C:\Windows\System\PzwtRUV.exe
  2⤵
  PID:9568
- C:\Windows\System\QSrguMZ.exe
  C:\Windows\System\QSrguMZ.exe
  2⤵
  PID:9584
- C:\Windows\System\sNoxife.exe
  C:\Windows\System\sNoxife.exe
  2⤵
  PID:9600
- C:\Windows\System\Xokoqfj.exe
  C:\Windows\System\Xokoqfj.exe
  2⤵
  PID:9616
- C:\Windows\System\wtmZwiB.exe
  C:\Windows\System\wtmZwiB.exe
  2⤵
  PID:9632
- C:\Windows\System\bDBtjbe.exe
  C:\Windows\System\bDBtjbe.exe
  2⤵
  PID:9656
- C:\Windows\System\UcKEgcm.exe
  C:\Windows\System\UcKEgcm.exe
  2⤵
  PID:9672
- C:\Windows\System\ZYxqJuQ.exe
  C:\Windows\System\ZYxqJuQ.exe
  2⤵
  PID:9688
- C:\Windows\System\uUAUnyo.exe
  C:\Windows\System\uUAUnyo.exe
  2⤵
  PID:9704
- C:\Windows\System\qzsIfMc.exe
  C:\Windows\System\qzsIfMc.exe
  2⤵
  PID:9720
- C:\Windows\System\oktuBgY.exe
  C:\Windows\System\oktuBgY.exe
  2⤵
  PID:9736
- C:\Windows\System\NOGCkOx.exe
  C:\Windows\System\NOGCkOx.exe
  2⤵
  PID:9752
- C:\Windows\System\jxwWmHI.exe
  C:\Windows\System\jxwWmHI.exe
  2⤵
  PID:9768
- C:\Windows\System\kBhpwzS.exe
  C:\Windows\System\kBhpwzS.exe
  2⤵
  PID:9784
- C:\Windows\System\FVuDrSX.exe
  C:\Windows\System\FVuDrSX.exe
  2⤵
  PID:9804
- C:\Windows\System\kqUgJzj.exe
  C:\Windows\System\kqUgJzj.exe
  2⤵
  PID:9820
- C:\Windows\System\nviciBS.exe
  C:\Windows\System\nviciBS.exe
  2⤵
  PID:9836
- C:\Windows\System\EnwXlNd.exe
  C:\Windows\System\EnwXlNd.exe
  2⤵
  PID:9852
- C:\Windows\System\NQYxoXL.exe
  C:\Windows\System\NQYxoXL.exe
  2⤵
  PID:9868
- C:\Windows\System\xgPCFpl.exe
  C:\Windows\System\xgPCFpl.exe
  2⤵
  PID:9884
- C:\Windows\System\ywwOeHm.exe
  C:\Windows\System\ywwOeHm.exe
  2⤵
  PID:9900
- C:\Windows\System\PpeozfY.exe
  C:\Windows\System\PpeozfY.exe
  2⤵
  PID:9916
- C:\Windows\System\Geyizfs.exe
  C:\Windows\System\Geyizfs.exe
  2⤵
  PID:9932
- C:\Windows\System\WhIIpTD.exe
  C:\Windows\System\WhIIpTD.exe
  2⤵
  PID:9948
- C:\Windows\System\mQakJxm.exe
  C:\Windows\System\mQakJxm.exe
  2⤵
  PID:9976
- C:\Windows\System\RVaQJqS.exe
  C:\Windows\System\RVaQJqS.exe
  2⤵
  PID:9992
- C:\Windows\System\gwxUMLU.exe
  C:\Windows\System\gwxUMLU.exe
  2⤵
  PID:10008
- C:\Windows\System\JXduVPh.exe
  C:\Windows\System\JXduVPh.exe
  2⤵
  PID:10024
- C:\Windows\System\rjNrbzR.exe
  C:\Windows\System\rjNrbzR.exe
  2⤵
  PID:10040
- C:\Windows\System\JVYFUgY.exe
  C:\Windows\System\JVYFUgY.exe
  2⤵
  PID:10056
- C:\Windows\System\dqABnfP.exe
  C:\Windows\System\dqABnfP.exe
  2⤵
  PID:10080
- C:\Windows\System\IipYdGH.exe
  C:\Windows\System\IipYdGH.exe
  2⤵
  PID:10108
- C:\Windows\System\wXBOyIQ.exe
  C:\Windows\System\wXBOyIQ.exe
  2⤵
  PID:10132
- C:\Windows\System\gnVvvhZ.exe
  C:\Windows\System\gnVvvhZ.exe
  2⤵
  PID:10168
- C:\Windows\System\qtNwNiH.exe
  C:\Windows\System\qtNwNiH.exe
  2⤵
  PID:10184
- C:\Windows\System\QPBEKJB.exe
  C:\Windows\System\QPBEKJB.exe
  2⤵
  PID:10200
- C:\Windows\System\vGVGhpJ.exe
  C:\Windows\System\vGVGhpJ.exe
  2⤵
  PID:10216
- C:\Windows\System\NNSSRBH.exe
  C:\Windows\System\NNSSRBH.exe
  2⤵
  PID:10232
- C:\Windows\System\NGegxUk.exe
  C:\Windows\System\NGegxUk.exe
  2⤵
  PID:9108
- C:\Windows\System\fgDlozU.exe
  C:\Windows\System\fgDlozU.exe
  2⤵
  PID:9244
- C:\Windows\System\kQTBHzz.exe
  C:\Windows\System\kQTBHzz.exe
  2⤵
  PID:8600
- C:\Windows\System\PTlTDSo.exe
  C:\Windows\System\PTlTDSo.exe
  2⤵
  PID:9340
- C:\Windows\System\tqufblk.exe
  C:\Windows\System\tqufblk.exe
  2⤵
  PID:9380
- C:\Windows\System\vByIUqw.exe
  C:\Windows\System\vByIUqw.exe
  2⤵
  PID:9392
- C:\Windows\System\CbcbXqS.exe
  C:\Windows\System\CbcbXqS.exe
  2⤵
  PID:9324
- C:\Windows\System\VEIcBoh.exe
  C:\Windows\System\VEIcBoh.exe
  2⤵
  PID:9288
- C:\Windows\System\YLuLvPj.exe
  C:\Windows\System\YLuLvPj.exe
  2⤵
  PID:9396
- C:\Windows\System\DWVkZXX.exe
  C:\Windows\System\DWVkZXX.exe
  2⤵
  PID:9424
- C:\Windows\System\NxUFqlH.exe
  C:\Windows\System\NxUFqlH.exe
  2⤵
  PID:9528
- C:\Windows\System\qZqVyRs.exe
  C:\Windows\System\qZqVyRs.exe
  2⤵
  PID:9524
- C:\Windows\System\pJibPiR.exe
  C:\Windows\System\pJibPiR.exe
  2⤵
  PID:9576
- C:\Windows\System\dxVXqIy.exe
  C:\Windows\System\dxVXqIy.exe
  2⤵
  PID:9644
- C:\Windows\System\KJrfKjP.exe
  C:\Windows\System\KJrfKjP.exe
  2⤵
  PID:9652
- C:\Windows\System\hmdwwhh.exe
  C:\Windows\System\hmdwwhh.exe
  2⤵
  PID:9684
- C:\Windows\System\pSpqQSp.exe
  C:\Windows\System\pSpqQSp.exe
  2⤵
  PID:9748
- C:\Windows\System\LknjJtJ.exe
  C:\Windows\System\LknjJtJ.exe
  2⤵
  PID:9624
- C:\Windows\System\YXsCpXR.exe
  C:\Windows\System\YXsCpXR.exe
  2⤵
  PID:9848
- C:\Windows\System\tXbSqyT.exe
  C:\Windows\System\tXbSqyT.exe
  2⤵
  PID:9732
- C:\Windows\System\oQQcHHj.exe
  C:\Windows\System\oQQcHHj.exe
  2⤵
  PID:9764
- C:\Windows\System\NbdzUgR.exe
  C:\Windows\System\NbdzUgR.exe
  2⤵
  PID:9800
- C:\Windows\System\xDKuAFP.exe
  C:\Windows\System\xDKuAFP.exe
  2⤵
  PID:9912
- C:\Windows\System\vpBYDjW.exe
  C:\Windows\System\vpBYDjW.exe
  2⤵
  PID:9972
- C:\Windows\System\CLqngxN.exe
  C:\Windows\System\CLqngxN.exe
  2⤵
  PID:9964
- C:\Windows\System\lePQwog.exe
  C:\Windows\System\lePQwog.exe
  2⤵
  PID:10052
- C:\Windows\System\fMxceRz.exe
  C:\Windows\System\fMxceRz.exe
  2⤵
  PID:10100
- C:\Windows\System\rZAYkTG.exe
  C:\Windows\System\rZAYkTG.exe
  2⤵
  PID:10004
- C:\Windows\System\rwLzkoQ.exe
  C:\Windows\System\rwLzkoQ.exe
  2⤵
  PID:10160
- C:\Windows\System\oQrLOJr.exe
  C:\Windows\System\oQrLOJr.exe
  2⤵
  PID:10224
- C:\Windows\System\JrRoFoK.exe
  C:\Windows\System\JrRoFoK.exe
  2⤵
  PID:10128
- C:\Windows\System\DkHEbrO.exe
  C:\Windows\System\DkHEbrO.exe
  2⤵
  PID:10208
- C:\Windows\System\ZzWrlNn.exe
  C:\Windows\System\ZzWrlNn.exe
  2⤵
  PID:10032
- C:\Windows\System\EQZEKIJ.exe
  C:\Windows\System\EQZEKIJ.exe
  2⤵
  PID:10072
- C:\Windows\System\JLmJKGA.exe
  C:\Windows\System\JLmJKGA.exe
  2⤵
  PID:9212
- C:\Windows\System\fKVgoEI.exe
  C:\Windows\System\fKVgoEI.exe
  2⤵
  PID:9256
- C:\Windows\System\QviLSbI.exe
  C:\Windows\System\QviLSbI.exe
  2⤵
  PID:9304
- C:\Windows\System\wvoiCvp.exe
  C:\Windows\System\wvoiCvp.exe
  2⤵
  PID:9440
- C:\Windows\System\OSTuEwS.exe
  C:\Windows\System\OSTuEwS.exe
  2⤵
  PID:9476
- C:\Windows\System\uDKXpEJ.exe
  C:\Windows\System\uDKXpEJ.exe
  2⤵
  PID:9520
- C:\Windows\System\aPdpikb.exe
  C:\Windows\System\aPdpikb.exe
  2⤵
  PID:9492
- C:\Windows\System\ynjxszx.exe
  C:\Windows\System\ynjxszx.exe
  2⤵
  PID:9816
- C:\Windows\System\XPzaurB.exe
  C:\Windows\System\XPzaurB.exe
  2⤵
  PID:9516
- C:\Windows\System\djZFFYt.exe
  C:\Windows\System\djZFFYt.exe
  2⤵
  PID:9612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EVsweYd.exe

Filesize
5.7MB

MD5
ea09c6a1f65c7ccaa4c1a86a2c10378b

SHA1
985f4b2a8a8446c7c90da0022134b1e538cb6854

SHA256
6ca9a1d872b28cab7bcbe34685f61683a3bbcc48917e603de7c8e68b32e3d70b

SHA512
bc0591c12568c947255a88e73655b2aa978394570de4563bfd91d510a0eee4b4488fd18f26a11702eba73b725ec9a610c96a5d3a7cbd282d893a97509748fb4b

Download Submit
C:\Windows\system\GfoyOZt.exe

Filesize
5.7MB

MD5
7fc12b4d73bd8c3d88560e2da0dfa20a

SHA1
c02bf63392a3957775b3812dd93b9365c1fe4b2b

SHA256
e3bce13616d6e8c9b2af9144432c014f80938d8d4ee7a42f5c467ab843696514

SHA512
08277ab3b1e9cc76bdbc1b0f7b48618c51778c35b3308b589d21e0c63f6b21b2785bac9d3e7bbfe59b6d7dbaf53440b4d6a2ed0303161a85b45c5d3c82f5da38

Download Submit
C:\Windows\system\HPGztLg.exe

Filesize
5.7MB

MD5
d898ac5c2153a074416624da303f0a4e

SHA1
e4d0adad7eb5b17f0960435ab4ecfbc3241e6322

SHA256
d60eb760b8c296ff57754d3d8ceabe83160a8c0bfc73771a7c498594c09b95bf

SHA512
84f91546a0b39fa14d7ad6fbbbd2680980e67e4429a735d6f9374058771b010068650158040e4fef118720e8e9a105541c4974fddba069cd5fa72ba510652ff3

Download Submit
C:\Windows\system\KHBqXGD.exe

Filesize
5.7MB

MD5
76f95ae485d0fc021b83382f41d4c8f2

SHA1
b847db22ef2e2fe0ac82ba5d5fadee94eb225514

SHA256
73b3d47ef384a26df19aeb401ba7da8b5e91d921349fba5bfb3d1c0dab7457c1

SHA512
a1985c5785cd6be29231b1dfbce91b53aa3bda0536ff8fc68d7dff4ddd6d80ff363c101a5b7d3d8dcd390905569683b4e6935ed50cc1fc0e59413db71c932fbd

Download Submit
C:\Windows\system\MiUbQnd.exe

Filesize
5.7MB

MD5
d4b883e7c93a207dd40b9adff4f1e37b

SHA1
624d43d99c6f97775ca30222246e30d4d7459769

SHA256
900c96dbc3d40b888cff0cfad3410db720e5c58081a7f0ae29548952a5a73f9e

SHA512
3ef24db6f23eaf49a3bd7a6561bbe6c3834a5d83cab0c3a2fabe7064298ca24764c7a71d0c995b4c25acd61077254b32ac7d9eadd3fa6c37a811c539e4e876f0

Download Submit
C:\Windows\system\SrQQbBj.exe

Filesize
5.7MB

MD5
14b273dd684e200839343457b0279191

SHA1
7269c66ef40a22b74c13c47f14f753478edee313

SHA256
d24f9b7b3bde5f4d0519a953031faa55a5709399df9c3d5cb0ef31d028470dce

SHA512
eea77e59215c4c7f46f7bb76c4cd8599abc4a981c91403824e4346eab5d365f038c167fa5ebf09eaa4105c23dfb00f6a0f40fc609e52790edc7d6867ac2204a1

Download Submit
C:\Windows\system\TJgNOYr.exe

Filesize
5.7MB

MD5
3df71e0121faf54d324c2beb9af3c9fc

SHA1
9fcc9052fb433e26e810023cafbf447a1536670c

SHA256
21ffb0300661864bed9b906cc32a2ead246ac186964a6be15bd4db226d62bfb2

SHA512
960716bd934651b6d6437896fc9159910e6653e356a6bba22a8cab64e383b5e984a7665fd4e604aa8c5a4a05c09d58ee36698b91bfa5aed84d46d1b03de3362e

Download Submit
C:\Windows\system\TNYGJiH.exe

Filesize
5.7MB

MD5
1336a9f76d9df45bb370f9e1cde01548

SHA1
f36e00159a4f6a3a370007433fcb3afda0fe1108

SHA256
6048dbd14eb6ad87ce866990c4046691494536725817e0bf7788638509afe32b

SHA512
b423c03bb558f62786099e2a9a214da8d9af7529509f3dc8833b32cd8a9cb942ebb651c6cb5bf1d3dc3eaad27477eab5e3ce18e05509ffefe3000bf9ce4e747c

Download Submit
C:\Windows\system\TSuKOpw.exe

Filesize
5.7MB

MD5
4135cf8e4ba2f6d2fc2bf5b3626df73f

SHA1
39248fb6df6f6a842d69461586f9b1cdc68c98c2

SHA256
d3ff37f4c95d2bc00dc7ce88ef5c9cd9a352d270b0e5020b821cc533859a26ae

SHA512
45735bc2011ec51d2a09e0e81e97545eb8c8f49c6ef9972c4d3fc7e0b288f2bdf5b82d2389e51a4e6e18e8a3fa1ceb265698ff9e08e11fdd63e7117e21eaf243

Download Submit
C:\Windows\system\UudEsVM.exe

Filesize
5.7MB

MD5
d01b68f1f4c009471272e18c60b5b110

SHA1
3ec02c2053ed456c4bd9cef4139fa7803e0688e4

SHA256
cf90efff07c8311bc0fbdf96d28ce02123f234b6ca57992219532d4ad10f51ea

SHA512
6f6649ab87d35a93e09dd0e72ffa3a7c5939815baba317da180f16d9743e8050f465b2fba03dcf9581efbd3f6905d73739eb0849d2a4b225c3d63c94a1b891ae

Download Submit
C:\Windows\system\XkveFFd.exe

Filesize
5.7MB

MD5
e656ed27c42853fad37d39ea4f2d5f1c

SHA1
5a034ad071719baf6aa181c709707078e9c89640

SHA256
4e412734fa8ec114701bf0c8f2c31a2614aafb154fd7c7896344233f39789c42

SHA512
1aa0f3cbd6feda2dd6862101d3e43e059cdaaa484f24aa9e4b86e068f56c2f4099aaed25cbfdf28dc277661d9c16acd0338b560b6fd788bed1e213b93bfc6e50

Download Submit
C:\Windows\system\aUJVwzJ.exe

Filesize
5.7MB

MD5
010a0ffceece7b76d5734cb53d65a2de

SHA1
09766dd7aaae14ed4b9cfc590120207bde79f18e

SHA256
f28b675f03efcda7847ef42b61c8e30fdb8c22c9b4247b08e21cb1b4810a4f8d

SHA512
6952b3b329a3c3f6ab304f2196514af0497bfb4cd84b66df75fc993ae9ddc085639bf88459413825fe404a218adcdfe69354f62e826983920e548583f0e54080

Download Submit
C:\Windows\system\adNeldd.exe

Filesize
5.7MB

MD5
ae38e461ad538584ba55ec3864e680c1

SHA1
eb268906d55b2d02403c88f83250fdea0bab6fdd

SHA256
d0ff5140a1dd3da7ac4846c12cb6da9f6fc68c498bf9d4ef3c2b8dc0bc83d36e

SHA512
4af14c01bd344b676c7a2d782661aad105588f48eb235fe92b60714ce8f119fe7cc254a7b4a4b23e6e17c4416807e3a4acaabd3fba8a9045dc66a2a2b7211916

Download Submit
C:\Windows\system\eQhxlaN.exe

Filesize
5.7MB

MD5
ee56219bf7e25705fb7c10670e23463d

SHA1
74668c7c7481102b9652a2c8c0d5477ea4685b69

SHA256
df2844690f3eec126ac247a548980c73681172a6e15f25deb4105bce2d9a0e03

SHA512
29aa804845ad46cdb7af1897b3671c3ac58b6761782553c217a1bc9e171cb8bf3f2840dbd8479ba996ae95107aa86d8b087d21ea166b9c0d2dea1595501048d7

Download Submit
C:\Windows\system\eixBgtT.exe

Filesize
5.7MB

MD5
fbc24d08257523b1000ebcefc54bc2f0

SHA1
95ba6b3bb98d5e7d578e79d2b0429fe5b44a60f4

SHA256
fe5298521a65ef058320594bbab0ae315d0000233f1a81e65d5da8d94ac92aa9

SHA512
d54b630c3bfdd68291ffa6d8b91577f387e081dbe9ce63e6f96c5d8d960d4379e8f34422a63f3534d1e2c5b2b2570c3f3476b6a270aa7f0e84b4e7483ccac450

Download Submit
C:\Windows\system\gwYtjoh.exe

Filesize
5.7MB

MD5
7920aa47925de6f6ac92686110420edb

SHA1
bb1f5ed00f92762af3de8eb352ef113804944dc3

SHA256
40a58d3bcd22a8de7a940e312b9e40ee743cae3d3bef47a272cbaecef919a77f

SHA512
b8940f9ede974611840a1dfc0c2cddf4c2039067c11b8f0b7682880846b1ab0d050ac959494e02c009ef6005e0e8ffe225b60b27022ecffd56214f79f049a00e

Download Submit
C:\Windows\system\hAXWfuJ.exe

Filesize
5.7MB

MD5
3cace25ec02fcbcc1418b322c817313d

SHA1
871d232e7f8ec9eb78d1f5e69014e9dca91899ed

SHA256
64cee14c6885d0c0b822cc29b4762070247597bf66f0cf3061d987c305a480ca

SHA512
05bd863be689d2c30d044ea30e9e5fd0ac5833c45cc7e03b2956337865c9536375358320126b2f6fa4a2dfc0c48b21233ed86675fd32f3df058fc75a643b834c

Download Submit
C:\Windows\system\hmGEakt.exe

Filesize
5.7MB

MD5
7a9350f841c28c326d7d7773043140ce

SHA1
b1fddd9753feccdb34d2f580298c3f1f57eaecbe

SHA256
9acea90dee534b59d28d927256b51192d49b32bcd89555f2643f21e477f64772

SHA512
bd3c704c58af432a81a6aef787ca4885110452452a77f6fad23484a5a4ccf4b36eeecb1610342e31ba077b13d4f911a102c5b7a71796b9f6ea726417522ea6ad

Download Submit
C:\Windows\system\jDxHSeO.exe

Filesize
5.7MB

MD5
405f74fc039a6cd86b3863dbc7bdd265

SHA1
9186e1bec907da86873ba78fa69bc4eee4fd9cd5

SHA256
b617d4e40cdd5bc1508370b9750187ce58379abddc6b775c0a428c0d8c90299f

SHA512
9e97d106049dc985fe69b87a873d1324c010779fc912a47cda42ebbb33489d601747e311ae00c9168f502146007a945db5da054a825f88e788b317494958e6ed

Download Submit
C:\Windows\system\kIRWWyK.exe

Filesize
5.7MB

MD5
0124d5c8081b3982504b0b483a821732

SHA1
afceebd3f1ec470056495ccd7eff0dbf8ebad97e

SHA256
9b421a166817a1fa86cc32a442ca865a03e880f8f7def9afec618ce70225979b

SHA512
6b13dd3a11d09d885246cdf5eca791832dd8de28351123dcfd0caaf5d1923fddca7b72b0d72aa787265a0176b62d82696f3901a2666900ef73cb54c45935ddee

Download Submit
C:\Windows\system\qXuAyLN.exe

Filesize
5.7MB

MD5
ca237b81c6f9581c8d60c34a84831512

SHA1
476589dce85821c240e9aeae9035852a9f4de418

SHA256
bf1ddcb2cdeb79895f3f54143d3c50ff2249659c0911501376180b51b13150b3

SHA512
e6e4d30269240265c56116ec290caa8c0fe50b71fe75c1f695cb0cb25d058d4fa9cfb0f38adaaedafd5e98ce6fa033af7101a4ad6f46c232ecd591397bd49f9e

Download Submit
C:\Windows\system\qsmXUgR.exe

Filesize
5.7MB

MD5
d1d6a37aa60b9456e20b61f7053c1149

SHA1
b11fbcc390a10f30ced6cf40367c26a7bd52a460

SHA256
e0804ba393440b758520ad23beb111148e08c8a3e3ac63224b1d93f4b767060e

SHA512
e8e57ba73dff28ce8cfaa6039dd2cd0556a90fe0bc81057cc6236d37900cfe04fb07551b4489c270e29a4847e1405941d8ce366acc6460a78051fe685b3726b4

Download Submit
C:\Windows\system\rbJBgNy.exe

Filesize
5.7MB

MD5
fd69fae8760beb37c59a78a7a750538c

SHA1
caf7ceb002e205e8fda2b4162c2729a563860800

SHA256
3c1437b0bbfb9b2b3fb1860c092dfbfb456ab95eff4ea2b9a2e7be1b4328aca9

SHA512
82ae7a880f466519fb4726e4a8234e50583d3d50efe135e3cbbfa5fc1bf91fa7c6cb05aaf7cfcaaee887a073d66b0afd87afba367e8994f3be1f39c4ebce25fd

Download Submit
C:\Windows\system\tRfselm.exe

Filesize
5.7MB

MD5
1cab876716a9913292e83dea643ee32f

SHA1
7efd36822dd7aaadad301084959777311ae67a8f

SHA256
75badf12eec925f2271314e05921203a28d4d326568f483d0abdf32c0a35f872

SHA512
ddfbc9329b959e2d8a031dcb3e07a3727a0935753dbca80788739de86791202e4fa3a702d10771f4ab86d09797d371484f3236e56123123052788ce3e30e4040

Download Submit
C:\Windows\system\wVPfyUU.exe

Filesize
5.7MB

MD5
a2db8da518138a5c1c86c211f8264d7f

SHA1
35e436e32ebd235051522f416f5bb2d64d080abf

SHA256
e691ff91538c86f297f5c9910fe84947c19e3170d332332709461b1536e87a59

SHA512
8e92b05efc9cf7b9b55bacd74e2c880365a4130fb1bc8e28f693ba18ff50ce8410dc917113666e65550ea703be45783c8cb45c78cd19e08494bf13b5adcf0ee2

Download Submit
\Windows\system\DbIqBBk.exe

Filesize
5.7MB

MD5
c057882f9f472e9ef2e6d93ad787d0e0

SHA1
f5f52d2c2a9a13d10600b0adabf7133cd25265be

SHA256
e729d941d80622aaa15daf5523f9a4b9204470e8a08cfad360950a6593c908ad

SHA512
b9855f2cac02f93bd4c64ed0e1851875fe4233f838c3827c6280492ff3993eaa8e8bc9e4502525df08f6250d792de1fd5668898b20b0b8c149f2b23f3a634d58

Download Submit
\Windows\system\UOXHvnm.exe

Filesize
5.7MB

MD5
69eb53cb00df038a0948ca6c9aef5e3f

SHA1
53e2d61e167911ab3c3854a1a7d3c210c6764658

SHA256
7e0511d38347d17efd0c87cc83dd8c64e17fecfcd9960e4b056b7378d1649cd9

SHA512
3d76827d29a96cc80a9c43c88ea35867257535f380109bb778650ee463ff27a089bf389fbda60486c6e959f57fd7f0c946c22f314b7ca0e1184cf937dfb71e12

Download Submit
\Windows\system\dRDzPuX.exe

Filesize
5.7MB

MD5
22c602f95016cf502ffc8c02f9d34e66

SHA1
33fe682fee961a5f841b078f936ce8c963a4f0fb

SHA256
8cd3d99939ed678b279682f8e25fdbe4b3d17eaa00753fc96c00ba25f9b47ed3

SHA512
832ae1795b0da04f9363767b6edc3272def67e2fcc92e94419334c1d28497ba59300c92c55a9f25c52eea6d2a5eee78d0b128763758683690efc819bd87ebd5a

Download Submit
\Windows\system\dqUscKR.exe

Filesize
5.7MB

MD5
8d30c13e7e5d233b1a245ce141beaaed

SHA1
abbddfafe1813c29a479a23518b162e6645e3712

SHA256
9e8568aaf7821205aa4f5874573a3b8e1fae1ae197d5917f05672edeaf1ec270

SHA512
8ce7fb280f0f55c69ad127276cf7f812a9dd504907d7b2c6a0f40944b5a505c663dcb014f42a1a0fa98c3fc807ed93fff487995738f9c76e243d6fcf4b37501e

Download Submit
\Windows\system\equxChe.exe

Filesize
5.7MB

MD5
1d071d7262cf6f8fc79a0570d8ab0d45

SHA1
c989e1e31079f76974ea86f4c576345c6b7a9a3e

SHA256
4a52b9200c49fc2cfb72d147a9cdad67f54bd7f803ae011794875c6c355345f7

SHA512
2cf7161baa32973e9b5d26a4a9838e86834f84843f947608c0a40245ace2a6581ca1d0dbc14e4ff80a3cc2132f39dea6a15478a1b938faa3854b3fde91583c6b

Download Submit
\Windows\system\hcgfNcl.exe

Filesize
5.7MB

MD5
c4cf45f230c1a7204d062c4d7c1b8df9

SHA1
79876ef745bd7eab074515414624749524737fd3

SHA256
dbb1bc2f1854d992bc560936afe119220a0d030ea499cbf302560cfcb626080d

SHA512
111f164faf2b310e8ce738874d0d863bdd28be6f41ed909402cd52527167c453bef55d2bef497677ee88ed3deb49ba23ef97000d826516db82bda5869040c172

Download Submit
\Windows\system\rOQFzWX.exe

Filesize
5.7MB

MD5
60fe39284df5b293c58db56c1f4467a3

SHA1
f869cd3db52a7898c1daac6c2ebc8cde5960d426

SHA256
622b1af3def88472d5c038d6e007296e91d57f85a11f6e9b9cbf5a8e13f58bb6

SHA512
0c0d6ec70171f7fc7911ce7a26d90244094d56b8b7c3e9d7f402d0205c907572efaa73d301f0df88b091c2c2acc0ee9e7e207a1b48bbea7b8b9783274bb7940d

Download Submit
\Windows\system\umUMHLV.exe

Filesize
5.7MB

MD5
7f11f1a4a68b29f10db88740abb48860

SHA1
b492f69b9f46f0304a44418ff824264888089f7c

SHA256
c3318ae41abac30d3f0d63afa62fc7fe11f833d1488194d2d171e46feaf64d5b

SHA512
d87b887211f98fa5fb6c304551ceb41a314f3f7d15115b5b33fe24d6942e8a02414ea3f8716559376bf66d0167401d4a301f999e7e8f492ac38e540bc75e87b1

Download Submit
memory/276-133-0x000000013FC20000-0x000000013FF6D000-memory.dmp

Filesize
3.3MB

Download
memory/340-181-0x000000013F9F0000-0x000000013FD3D000-memory.dmp

Filesize
3.3MB

Download
memory/484-139-0x000000013F270000-0x000000013F5BD000-memory.dmp

Filesize
3.3MB

Download
memory/888-192-0x000000013FBE0000-0x000000013FF2D000-memory.dmp

Filesize
3.3MB

Download
memory/908-161-0x000000013F3F0000-0x000000013F73D000-memory.dmp

Filesize
3.3MB

Download
memory/1144-126-0x000000013FA20000-0x000000013FD6D000-memory.dmp

Filesize
3.3MB

Download
memory/1436-67-0x000000013F4A0000-0x000000013F7ED000-memory.dmp

Filesize
3.3MB

Download
memory/1504-170-0x000000013FEC0000-0x000000014020D000-memory.dmp

Filesize
3.3MB

Download
memory/1912-121-0x000000013FF40000-0x000000014028D000-memory.dmp

Filesize
3.3MB

Download
memory/1984-190-0x000000013F910000-0x000000013FC5D000-memory.dmp

Filesize
3.3MB

Download
memory/2012-115-0x000000013F460000-0x000000013F7AD000-memory.dmp

Filesize
3.3MB

Download
memory/2044-109-0x000000013F5D0000-0x000000013F91D000-memory.dmp

Filesize
3.3MB

Download
memory/2084-0-0x000000013FA10000-0x000000013FD5D000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2168-165-0x000000013FFE0000-0x000000014032D000-memory.dmp

Filesize
3.3MB

Download
memory/2192-17-0x000000013FB30000-0x000000013FE7D000-memory.dmp

Filesize
3.3MB

Download
memory/2248-199-0x000000013F140000-0x000000013F48D000-memory.dmp

Filesize
3.3MB

Download
memory/2348-148-0x000000013F150000-0x000000013F49D000-memory.dmp

Filesize
3.3MB

Download
memory/2356-103-0x000000013F8E0000-0x000000013FC2D000-memory.dmp

Filesize
3.3MB

Download
memory/2384-91-0x000000013F510000-0x000000013F85D000-memory.dmp

Filesize
3.3MB

Download
memory/2428-151-0x000000013F3A0000-0x000000013F6ED000-memory.dmp

Filesize
3.3MB

Download
memory/2548-76-0x000000013F3E0000-0x000000013F72D000-memory.dmp

Filesize
3.3MB

Download
memory/2580-65-0x000000013F730000-0x000000013FA7D000-memory.dmp

Filesize
3.3MB

Download
memory/2592-66-0x000000013FC90000-0x000000013FFDD000-memory.dmp

Filesize
3.3MB

Download
memory/2596-64-0x000000013F1B0000-0x000000013F4FD000-memory.dmp

Filesize
3.3MB

Download
memory/2636-63-0x000000013F980000-0x000000013FCCD000-memory.dmp

Filesize
3.3MB

Download
memory/2656-18-0x000000013F0D0000-0x000000013F41D000-memory.dmp

Filesize
3.3MB

Download
memory/2716-97-0x000000013F9E0000-0x000000013FD2D000-memory.dmp

Filesize
3.3MB

Download
memory/2724-77-0x000000013F3C0000-0x000000013F70D000-memory.dmp

Filesize
3.3MB

Download
memory/2788-7-0x000000013F340000-0x000000013F68D000-memory.dmp

Filesize
3.3MB

Download
memory/2832-25-0x000000013F5C0000-0x000000013F90D000-memory.dmp

Filesize
3.3MB

Download
memory/2860-73-0x000000013F890000-0x000000013FBDD000-memory.dmp

Filesize
3.3MB

Download
memory/2976-89-0x000000013FB10000-0x000000013FE5D000-memory.dmp

Filesize
3.3MB

Download
memory/3000-74-0x000000013FD20000-0x000000014006D000-memory.dmp

Filesize
3.3MB

Download