cobaltstrike | b0d2c74a36d039cf7f0571bbe9712b294b54293c9ba9fe4aff9cfa7d8a678541

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

8a8adc37161e8aa2cc7b8abc1e0e21a8
SHA1

d0b2d85092896a76d6b82716e9c88aba67567b5f
SHA256

b0d2c74a36d039cf7f0571bbe9712b294b54293c9ba9fe4aff9cfa7d8a678541
SHA512

c763e2268bc0ee830259336ac2070d059c063c748e728c156d60e470066f096e0f8111382de1624c8b4352ab454f32260159285acb0a308f2b6675652f70564c
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUK:j+R56utgpPF8u/7K

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016b47-9.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000165c7-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3a-44.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-123.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-75.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-63.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-57.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-28.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/1988-0-0x000000013FC90000-0x000000013FFDD000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/memory/752-7-0x000000013FA90000-0x000000013FDDD000-memory.dmp	xmrig
behavioral1/files/0x0009000000016b47-9.dat	xmrig
behavioral1/memory/2060-13-0x000000013F5B0000-0x000000013F8FD000-memory.dmp	xmrig
behavioral1/files/0x00090000000165c7-12.dat	xmrig
behavioral1/memory/2292-18-0x000000013F910000-0x000000013FC5D000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c66-21.dat	xmrig
behavioral1/memory/2736-29-0x000000013FB30000-0x000000013FE7D000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd7-33.dat	xmrig
behavioral1/memory/2812-35-0x000000013F5E0000-0x000000013F92D000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d3a-44.dat	xmrig
behavioral1/memory/2900-47-0x000000013F9A0000-0x000000013FCED000-memory.dmp	xmrig
behavioral1/memory/2588-71-0x000000013F370000-0x000000013F6BD000-memory.dmp	xmrig
behavioral1/files/0x000600000001755b-69.dat	xmrig
behavioral1/memory/2664-77-0x000000013F830000-0x000000013FB7D000-memory.dmp	xmrig
behavioral1/memory/2084-83-0x000000013F290000-0x000000013F5DD000-memory.dmp	xmrig
behavioral1/memory/1844-89-0x000000013F4E0000-0x000000013F82D000-memory.dmp	xmrig
behavioral1/files/0x000500000001878e-123.dat	xmrig
behavioral1/files/0x0006000000018b4e-135.dat	xmrig
behavioral1/files/0x0005000000019297-177.dat	xmrig
behavioral1/memory/2176-191-0x000000013F790000-0x000000013FADD000-memory.dmp	xmrig
behavioral1/memory/2440-185-0x000000013FA60000-0x000000013FDAD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019360-189.dat	xmrig
behavioral1/files/0x000500000001933f-183.dat	xmrig
behavioral1/memory/1720-179-0x000000013F640000-0x000000013F98D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019284-171.dat	xmrig
behavioral1/memory/2692-167-0x000000013FFB0000-0x00000001402FD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-165.dat	xmrig
behavioral1/memory/2360-161-0x000000013F840000-0x000000013FB8D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019269-159.dat	xmrig
behavioral1/memory/2092-155-0x000000013F420000-0x000000013F76D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019250-153.dat	xmrig
behavioral1/memory/2776-149-0x000000013F140000-0x000000013F48D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019246-147.dat	xmrig
behavioral1/memory/1676-143-0x000000013F4D0000-0x000000013F81D000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c16-141.dat	xmrig
behavioral1/memory/1344-131-0x000000013FF90000-0x00000001402DD000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a8-129.dat	xmrig
behavioral1/memory/2256-125-0x000000013F680000-0x000000013F9CD000-memory.dmp	xmrig
behavioral1/memory/1948-119-0x000000013FE50000-0x000000014019D000-memory.dmp	xmrig
behavioral1/memory/1864-113-0x000000013F340000-0x000000013F68D000-memory.dmp	xmrig
behavioral1/files/0x0005000000018744-117.dat	xmrig
behavioral1/files/0x0005000000018739-111.dat	xmrig
behavioral1/memory/1872-107-0x000000013FEA0000-0x00000001401ED000-memory.dmp	xmrig
behavioral1/files/0x0005000000018704-105.dat	xmrig
behavioral1/files/0x00050000000186f4-99.dat	xmrig
behavioral1/memory/784-95-0x000000013F090000-0x000000013F3DD000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f1-93.dat	xmrig
behavioral1/files/0x00050000000186ed-87.dat	xmrig
behavioral1/files/0x00050000000186e7-81.dat	xmrig
behavioral1/files/0x0005000000018686-75.dat	xmrig
behavioral1/memory/2892-65-0x000000013F220000-0x000000013F56D000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-63.dat	xmrig
behavioral1/memory/2840-59-0x000000013F360000-0x000000013F6AD000-memory.dmp	xmrig
behavioral1/files/0x0006000000017497-57.dat	xmrig
behavioral1/memory/2384-53-0x000000013F850000-0x000000013FB9D000-memory.dmp	xmrig
behavioral1/files/0x0006000000017049-51.dat	xmrig
behavioral1/memory/2220-41-0x000000013FFC0000-0x000000014030D000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf5-40.dat	xmrig
behavioral1/files/0x0007000000016c88-28.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
752	oknjGyB.exe
2060	CUXnMHG.exe
2292	ohFFAci.exe
2444	WkwawvC.exe
2736	tIbGMgX.exe
2812	blWnnnC.exe
2220	Tkpabzg.exe
2900	humbwLE.exe
2384	svLDizQ.exe
2840	sRKYzAz.exe
2892	egBuLSc.exe
2588	vFKIRuH.exe
2664	VECjroT.exe
2084	dPWRAlR.exe
1844	gXsWMYM.exe
784	VGsPHID.exe
2888	TnBeiqI.exe
1872	HwPizzt.exe
1864	TzciwPH.exe
1948	NWAKgNO.exe
2256	TGhCaxe.exe
1344	SYxAbOf.exe
1712	ZxkRjcG.exe
1676	uPcyYbR.exe
2776	qlrcYoZ.exe
2092	jpQakPp.exe
2360	UijphSE.exe
2692	LQeYoPv.exe
1392	UbVWhdL.exe
1720	ftWKnoC.exe
2440	TqWnIEo.exe
2176	pnpAUsC.exe
816	bVXKrRy.exe
948	JiCoipG.exe
920	ucVEgIh.exe
340	wJChMZg.exe
1648	gaMdQaS.exe
1892	UtDJvLN.exe
1952	lfmcWrM.exe
1692	NJPpgWv.exe
1740	XgXJSVl.exe
1672	mqttdqJ.exe
2164	xrxpSIW.exe
2564	qcLGysB.exe
1464	WOPVGSe.exe
2156	LflOxge.exe
1516	QUUxsYH.exe
3060	qDWlShG.exe
2484	hHHccsb.exe
3064	cRglYen.exe
1524	QOrwVZp.exe
2672	sZgMHLz.exe
1900	RCpikeJ.exe
2772	rSsFkWQ.exe
2436	hryRukP.exe
2748	POqJnWr.exe
2724	NQCzSvl.exe
2756	rkqOucO.exe
2652	kIGgXTg.exe
2640	KnezPoU.exe
1008	GnolkYQ.exe
2496	HPNhDSM.exe
616	iNnEuIl.exe
2864	hsrjYlF.exe

Loads dropped DLL 64 IoCs

pid	Process
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pQQMguU.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWXIGYU.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhJJIfV.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWLuoCW.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSnClUy.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgXJSVl.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLXPZex.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHXRgoW.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAuxUSN.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFZZcNK.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmxIGja.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNBIJFB.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYBdceq.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJdebhh.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNcBZDP.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEmEBYr.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRhedis.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLMiYcC.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxxUREO.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gaMdQaS.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRdVkVD.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjtBBWF.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiPIHSF.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJOVEyZ.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiaEjZq.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYJyIJP.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Qxoprga.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbOfHDH.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLyeCjR.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOiyxZi.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAlFUuT.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njCwDDD.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnVESRH.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEUfmNn.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKRXsHW.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAJnXOr.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jwrgdMS.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvSFGgr.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWohVqP.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHPElJX.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNRpHAf.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTquwqR.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkuSLzC.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDWlShG.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMAavkD.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnuGIJF.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YpfPxck.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIPeaZP.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJWzzUz.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riplUEY.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddaddBq.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVgSCXs.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDgWBJz.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlmVFyz.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKoUpQt.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LicVIRP.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFSdiCF.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSoXKFp.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKVPTaS.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykxkBrX.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMqPQdA.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdAUmKr.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSfafsS.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAWxDoX.exe	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 752	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1988 wrote to memory of 752	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1988 wrote to memory of 752	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1988 wrote to memory of 2060	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1988 wrote to memory of 2060	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1988 wrote to memory of 2060	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1988 wrote to memory of 2292	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1988 wrote to memory of 2292	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1988 wrote to memory of 2292	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1988 wrote to memory of 2444	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1988 wrote to memory of 2444	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1988 wrote to memory of 2444	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1988 wrote to memory of 2736	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1988 wrote to memory of 2736	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1988 wrote to memory of 2736	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1988 wrote to memory of 2812	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1988 wrote to memory of 2812	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1988 wrote to memory of 2812	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1988 wrote to memory of 2220	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1988 wrote to memory of 2220	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1988 wrote to memory of 2220	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1988 wrote to memory of 2900	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1988 wrote to memory of 2900	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1988 wrote to memory of 2900	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1988 wrote to memory of 2384	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1988 wrote to memory of 2384	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1988 wrote to memory of 2384	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1988 wrote to memory of 2840	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1988 wrote to memory of 2840	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1988 wrote to memory of 2840	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1988 wrote to memory of 2892	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1988 wrote to memory of 2892	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1988 wrote to memory of 2892	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1988 wrote to memory of 2588	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1988 wrote to memory of 2588	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1988 wrote to memory of 2588	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1988 wrote to memory of 2664	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1988 wrote to memory of 2664	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1988 wrote to memory of 2664	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1988 wrote to memory of 2084	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1988 wrote to memory of 2084	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1988 wrote to memory of 2084	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1988 wrote to memory of 1844	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1988 wrote to memory of 1844	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1988 wrote to memory of 1844	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1988 wrote to memory of 784	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1988 wrote to memory of 784	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1988 wrote to memory of 784	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1988 wrote to memory of 2888	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1988 wrote to memory of 2888	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1988 wrote to memory of 2888	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1988 wrote to memory of 1872	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1988 wrote to memory of 1872	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1988 wrote to memory of 1872	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1988 wrote to memory of 1864	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1988 wrote to memory of 1864	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1988 wrote to memory of 1864	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1988 wrote to memory of 1948	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1988 wrote to memory of 1948	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1988 wrote to memory of 1948	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1988 wrote to memory of 2256	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1988 wrote to memory of 2256	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1988 wrote to memory of 2256	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1988 wrote to memory of 1344	1988	2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_8a8adc37161e8aa2cc7b8abc1e0e21a8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\System\oknjGyB.exe
  C:\Windows\System\oknjGyB.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\CUXnMHG.exe
  C:\Windows\System\CUXnMHG.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ohFFAci.exe
  C:\Windows\System\ohFFAci.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\WkwawvC.exe
  C:\Windows\System\WkwawvC.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\tIbGMgX.exe
  C:\Windows\System\tIbGMgX.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\blWnnnC.exe
  C:\Windows\System\blWnnnC.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\Tkpabzg.exe
  C:\Windows\System\Tkpabzg.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\humbwLE.exe
  C:\Windows\System\humbwLE.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\svLDizQ.exe
  C:\Windows\System\svLDizQ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\sRKYzAz.exe
  C:\Windows\System\sRKYzAz.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\egBuLSc.exe
  C:\Windows\System\egBuLSc.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\vFKIRuH.exe
  C:\Windows\System\vFKIRuH.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\VECjroT.exe
  C:\Windows\System\VECjroT.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\dPWRAlR.exe
  C:\Windows\System\dPWRAlR.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\gXsWMYM.exe
  C:\Windows\System\gXsWMYM.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\VGsPHID.exe
  C:\Windows\System\VGsPHID.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\TnBeiqI.exe
  C:\Windows\System\TnBeiqI.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\HwPizzt.exe
  C:\Windows\System\HwPizzt.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\TzciwPH.exe
  C:\Windows\System\TzciwPH.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\NWAKgNO.exe
  C:\Windows\System\NWAKgNO.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\TGhCaxe.exe
  C:\Windows\System\TGhCaxe.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\SYxAbOf.exe
  C:\Windows\System\SYxAbOf.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\ZxkRjcG.exe
  C:\Windows\System\ZxkRjcG.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\uPcyYbR.exe
  C:\Windows\System\uPcyYbR.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\qlrcYoZ.exe
  C:\Windows\System\qlrcYoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\jpQakPp.exe
  C:\Windows\System\jpQakPp.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\UijphSE.exe
  C:\Windows\System\UijphSE.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\LQeYoPv.exe
  C:\Windows\System\LQeYoPv.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\UbVWhdL.exe
  C:\Windows\System\UbVWhdL.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\ftWKnoC.exe
  C:\Windows\System\ftWKnoC.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\TqWnIEo.exe
  C:\Windows\System\TqWnIEo.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\pnpAUsC.exe
  C:\Windows\System\pnpAUsC.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\bVXKrRy.exe
  C:\Windows\System\bVXKrRy.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\JiCoipG.exe
  C:\Windows\System\JiCoipG.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\ucVEgIh.exe
  C:\Windows\System\ucVEgIh.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\wJChMZg.exe
  C:\Windows\System\wJChMZg.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\gaMdQaS.exe
  C:\Windows\System\gaMdQaS.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\UtDJvLN.exe
  C:\Windows\System\UtDJvLN.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\lfmcWrM.exe
  C:\Windows\System\lfmcWrM.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\NJPpgWv.exe
  C:\Windows\System\NJPpgWv.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\XgXJSVl.exe
  C:\Windows\System\XgXJSVl.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\mqttdqJ.exe
  C:\Windows\System\mqttdqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\xrxpSIW.exe
  C:\Windows\System\xrxpSIW.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\qcLGysB.exe
  C:\Windows\System\qcLGysB.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\WOPVGSe.exe
  C:\Windows\System\WOPVGSe.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\LflOxge.exe
  C:\Windows\System\LflOxge.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\QUUxsYH.exe
  C:\Windows\System\QUUxsYH.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\qDWlShG.exe
  C:\Windows\System\qDWlShG.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\hHHccsb.exe
  C:\Windows\System\hHHccsb.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\cRglYen.exe
  C:\Windows\System\cRglYen.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\QOrwVZp.exe
  C:\Windows\System\QOrwVZp.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\sZgMHLz.exe
  C:\Windows\System\sZgMHLz.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\RCpikeJ.exe
  C:\Windows\System\RCpikeJ.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\rSsFkWQ.exe
  C:\Windows\System\rSsFkWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\hryRukP.exe
  C:\Windows\System\hryRukP.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\POqJnWr.exe
  C:\Windows\System\POqJnWr.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\NQCzSvl.exe
  C:\Windows\System\NQCzSvl.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\rkqOucO.exe
  C:\Windows\System\rkqOucO.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\kIGgXTg.exe
  C:\Windows\System\kIGgXTg.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\KnezPoU.exe
  C:\Windows\System\KnezPoU.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\GnolkYQ.exe
  C:\Windows\System\GnolkYQ.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\HPNhDSM.exe
  C:\Windows\System\HPNhDSM.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\iNnEuIl.exe
  C:\Windows\System\iNnEuIl.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\hsrjYlF.exe
  C:\Windows\System\hsrjYlF.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\NwEDwgH.exe
  C:\Windows\System\NwEDwgH.exe
  2⤵
  PID:1908
- C:\Windows\System\lwOeMyf.exe
  C:\Windows\System\lwOeMyf.exe
  2⤵
  PID:2984
- C:\Windows\System\syyvxma.exe
  C:\Windows\System\syyvxma.exe
  2⤵
  PID:2472
- C:\Windows\System\yKMRsqD.exe
  C:\Windows\System\yKMRsqD.exe
  2⤵
  PID:2044
- C:\Windows\System\musMABn.exe
  C:\Windows\System\musMABn.exe
  2⤵
  PID:1272
- C:\Windows\System\pyFFPjV.exe
  C:\Windows\System\pyFFPjV.exe
  2⤵
  PID:1176
- C:\Windows\System\dqYKExR.exe
  C:\Windows\System\dqYKExR.exe
  2⤵
  PID:1416
- C:\Windows\System\OiDEGwL.exe
  C:\Windows\System\OiDEGwL.exe
  2⤵
  PID:1652
- C:\Windows\System\nYmGbXU.exe
  C:\Windows\System\nYmGbXU.exe
  2⤵
  PID:1628
- C:\Windows\System\uzGuwvr.exe
  C:\Windows\System\uzGuwvr.exe
  2⤵
  PID:1592
- C:\Windows\System\PGZyHrk.exe
  C:\Windows\System\PGZyHrk.exe
  2⤵
  PID:2448
- C:\Windows\System\pYJxGWc.exe
  C:\Windows\System\pYJxGWc.exe
  2⤵
  PID:2140
- C:\Windows\System\OHdyxKb.exe
  C:\Windows\System\OHdyxKb.exe
  2⤵
  PID:1620
- C:\Windows\System\fwuBivl.exe
  C:\Windows\System\fwuBivl.exe
  2⤵
  PID:980
- C:\Windows\System\FAHLaCp.exe
  C:\Windows\System\FAHLaCp.exe
  2⤵
  PID:1412
- C:\Windows\System\RReUfNX.exe
  C:\Windows\System\RReUfNX.exe
  2⤵
  PID:2124
- C:\Windows\System\FZIEtId.exe
  C:\Windows\System\FZIEtId.exe
  2⤵
  PID:1632
- C:\Windows\System\bgFaYSh.exe
  C:\Windows\System\bgFaYSh.exe
  2⤵
  PID:1348
- C:\Windows\System\iKFXwHo.exe
  C:\Windows\System\iKFXwHo.exe
  2⤵
  PID:2300
- C:\Windows\System\jwQhfeY.exe
  C:\Windows\System\jwQhfeY.exe
  2⤵
  PID:2052
- C:\Windows\System\szjMTXw.exe
  C:\Windows\System\szjMTXw.exe
  2⤵
  PID:2796
- C:\Windows\System\tLOgUTU.exe
  C:\Windows\System\tLOgUTU.exe
  2⤵
  PID:2848
- C:\Windows\System\xTKJGUK.exe
  C:\Windows\System\xTKJGUK.exe
  2⤵
  PID:2312
- C:\Windows\System\lojogTz.exe
  C:\Windows\System\lojogTz.exe
  2⤵
  PID:1768
- C:\Windows\System\qiNGkVF.exe
  C:\Windows\System\qiNGkVF.exe
  2⤵
  PID:1964
- C:\Windows\System\fhUJIvR.exe
  C:\Windows\System\fhUJIvR.exe
  2⤵
  PID:1700
- C:\Windows\System\bqPvfbX.exe
  C:\Windows\System\bqPvfbX.exe
  2⤵
  PID:2860
- C:\Windows\System\GtZtTNz.exe
  C:\Windows\System\GtZtTNz.exe
  2⤵
  PID:2968
- C:\Windows\System\GSOaRXm.exe
  C:\Windows\System\GSOaRXm.exe
  2⤵
  PID:2196
- C:\Windows\System\bUwhzDW.exe
  C:\Windows\System\bUwhzDW.exe
  2⤵
  PID:1536
- C:\Windows\System\IaGDMzv.exe
  C:\Windows\System\IaGDMzv.exe
  2⤵
  PID:2568
- C:\Windows\System\NClZwvl.exe
  C:\Windows\System\NClZwvl.exe
  2⤵
  PID:864
- C:\Windows\System\jQWBOmP.exe
  C:\Windows\System\jQWBOmP.exe
  2⤵
  PID:1688
- C:\Windows\System\IlPTDFb.exe
  C:\Windows\System\IlPTDFb.exe
  2⤵
  PID:1684
- C:\Windows\System\zrsmWqE.exe
  C:\Windows\System\zrsmWqE.exe
  2⤵
  PID:1396
- C:\Windows\System\HxYTNXI.exe
  C:\Windows\System\HxYTNXI.exe
  2⤵
  PID:564
- C:\Windows\System\jNtdDIV.exe
  C:\Windows\System\jNtdDIV.exe
  2⤵
  PID:880
- C:\Windows\System\SsYSrDj.exe
  C:\Windows\System\SsYSrDj.exe
  2⤵
  PID:2280
- C:\Windows\System\ctZlZOm.exe
  C:\Windows\System\ctZlZOm.exe
  2⤵
  PID:3080
- C:\Windows\System\yxSRfnK.exe
  C:\Windows\System\yxSRfnK.exe
  2⤵
  PID:3104
- C:\Windows\System\jFSteJu.exe
  C:\Windows\System\jFSteJu.exe
  2⤵
  PID:3128
- C:\Windows\System\mxmMxrL.exe
  C:\Windows\System\mxmMxrL.exe
  2⤵
  PID:3152
- C:\Windows\System\kXqylfH.exe
  C:\Windows\System\kXqylfH.exe
  2⤵
  PID:3176
- C:\Windows\System\ZjTkOiD.exe
  C:\Windows\System\ZjTkOiD.exe
  2⤵
  PID:3200
- C:\Windows\System\rjNzlkp.exe
  C:\Windows\System\rjNzlkp.exe
  2⤵
  PID:3224
- C:\Windows\System\LHFOtuf.exe
  C:\Windows\System\LHFOtuf.exe
  2⤵
  PID:3248
- C:\Windows\System\EnIlOFr.exe
  C:\Windows\System\EnIlOFr.exe
  2⤵
  PID:3272
- C:\Windows\System\VEJTNdg.exe
  C:\Windows\System\VEJTNdg.exe
  2⤵
  PID:3296
- C:\Windows\System\LroFIRv.exe
  C:\Windows\System\LroFIRv.exe
  2⤵
  PID:3316
- C:\Windows\System\EkYJvGn.exe
  C:\Windows\System\EkYJvGn.exe
  2⤵
  PID:3340
- C:\Windows\System\vsTkvES.exe
  C:\Windows\System\vsTkvES.exe
  2⤵
  PID:3368
- C:\Windows\System\RxmaCvA.exe
  C:\Windows\System\RxmaCvA.exe
  2⤵
  PID:3392
- C:\Windows\System\QhEKsLe.exe
  C:\Windows\System\QhEKsLe.exe
  2⤵
  PID:3416
- C:\Windows\System\xjDrVyU.exe
  C:\Windows\System\xjDrVyU.exe
  2⤵
  PID:3440
- C:\Windows\System\CIUiIIk.exe
  C:\Windows\System\CIUiIIk.exe
  2⤵
  PID:3464
- C:\Windows\System\KiwGZFx.exe
  C:\Windows\System\KiwGZFx.exe
  2⤵
  PID:3488
- C:\Windows\System\qsYKUJV.exe
  C:\Windows\System\qsYKUJV.exe
  2⤵
  PID:3512
- C:\Windows\System\GUreKao.exe
  C:\Windows\System\GUreKao.exe
  2⤵
  PID:3544
- C:\Windows\System\qkffhap.exe
  C:\Windows\System\qkffhap.exe
  2⤵
  PID:3568
- C:\Windows\System\HIxooPt.exe
  C:\Windows\System\HIxooPt.exe
  2⤵
  PID:3604
- C:\Windows\System\UlwohVD.exe
  C:\Windows\System\UlwohVD.exe
  2⤵
  PID:3632
- C:\Windows\System\xCgNeLs.exe
  C:\Windows\System\xCgNeLs.exe
  2⤵
  PID:3660
- C:\Windows\System\PbNOptX.exe
  C:\Windows\System\PbNOptX.exe
  2⤵
  PID:3684
- C:\Windows\System\EMTNQfJ.exe
  C:\Windows\System\EMTNQfJ.exe
  2⤵
  PID:3708
- C:\Windows\System\dURQPbP.exe
  C:\Windows\System\dURQPbP.exe
  2⤵
  PID:3732
- C:\Windows\System\weWkfrN.exe
  C:\Windows\System\weWkfrN.exe
  2⤵
  PID:3756
- C:\Windows\System\dkgAcUV.exe
  C:\Windows\System\dkgAcUV.exe
  2⤵
  PID:3776
- C:\Windows\System\PAYhZze.exe
  C:\Windows\System\PAYhZze.exe
  2⤵
  PID:3808
- C:\Windows\System\AOLRWdE.exe
  C:\Windows\System\AOLRWdE.exe
  2⤵
  PID:3828
- C:\Windows\System\efsQryi.exe
  C:\Windows\System\efsQryi.exe
  2⤵
  PID:3856
- C:\Windows\System\mNmoeFM.exe
  C:\Windows\System\mNmoeFM.exe
  2⤵
  PID:3884
- C:\Windows\System\IIBortp.exe
  C:\Windows\System\IIBortp.exe
  2⤵
  PID:3908
- C:\Windows\System\ApRSmIC.exe
  C:\Windows\System\ApRSmIC.exe
  2⤵
  PID:3932
- C:\Windows\System\gbdCIbC.exe
  C:\Windows\System\gbdCIbC.exe
  2⤵
  PID:3956
- C:\Windows\System\ZiHtuQD.exe
  C:\Windows\System\ZiHtuQD.exe
  2⤵
  PID:3980
- C:\Windows\System\pqcwcoS.exe
  C:\Windows\System\pqcwcoS.exe
  2⤵
  PID:4004
- C:\Windows\System\PTOgOIm.exe
  C:\Windows\System\PTOgOIm.exe
  2⤵
  PID:4028
- C:\Windows\System\coyqlXX.exe
  C:\Windows\System\coyqlXX.exe
  2⤵
  PID:4052
- C:\Windows\System\RCJmdGk.exe
  C:\Windows\System\RCJmdGk.exe
  2⤵
  PID:4076
- C:\Windows\System\tHaglfk.exe
  C:\Windows\System\tHaglfk.exe
  2⤵
  PID:2556
- C:\Windows\System\aMDwBkv.exe
  C:\Windows\System\aMDwBkv.exe
  2⤵
  PID:2788
- C:\Windows\System\HOTNghG.exe
  C:\Windows\System\HOTNghG.exe
  2⤵
  PID:2752
- C:\Windows\System\CvITLSI.exe
  C:\Windows\System\CvITLSI.exe
  2⤵
  PID:1996
- C:\Windows\System\sZTJHSH.exe
  C:\Windows\System\sZTJHSH.exe
  2⤵
  PID:1932
- C:\Windows\System\SvHNWSe.exe
  C:\Windows\System\SvHNWSe.exe
  2⤵
  PID:1732
- C:\Windows\System\aKPeViE.exe
  C:\Windows\System\aKPeViE.exe
  2⤵
  PID:448
- C:\Windows\System\HkntulU.exe
  C:\Windows\System\HkntulU.exe
  2⤵
  PID:2948
- C:\Windows\System\HroliWc.exe
  C:\Windows\System\HroliWc.exe
  2⤵
  PID:900
- C:\Windows\System\VereMoK.exe
  C:\Windows\System\VereMoK.exe
  2⤵
  PID:1616
- C:\Windows\System\IaGbbuU.exe
  C:\Windows\System\IaGbbuU.exe
  2⤵
  PID:2108
- C:\Windows\System\OTsXAQq.exe
  C:\Windows\System\OTsXAQq.exe
  2⤵
  PID:2412
- C:\Windows\System\tyGqnhN.exe
  C:\Windows\System\tyGqnhN.exe
  2⤵
  PID:1520
- C:\Windows\System\pPOlogH.exe
  C:\Windows\System\pPOlogH.exe
  2⤵
  PID:3112
- C:\Windows\System\xQXRAFP.exe
  C:\Windows\System\xQXRAFP.exe
  2⤵
  PID:3100
- C:\Windows\System\xleHvvE.exe
  C:\Windows\System\xleHvvE.exe
  2⤵
  PID:3172
- C:\Windows\System\OYKUDLz.exe
  C:\Windows\System\OYKUDLz.exe
  2⤵
  PID:3216
- C:\Windows\System\HClpFgl.exe
  C:\Windows\System\HClpFgl.exe
  2⤵
  PID:3188
- C:\Windows\System\sqrlzCo.exe
  C:\Windows\System\sqrlzCo.exe
  2⤵
  PID:3312
- C:\Windows\System\YZtfLdI.exe
  C:\Windows\System\YZtfLdI.exe
  2⤵
  PID:3352
- C:\Windows\System\sNxNKHm.exe
  C:\Windows\System\sNxNKHm.exe
  2⤵
  PID:3292
- C:\Windows\System\PycgNLf.exe
  C:\Windows\System\PycgNLf.exe
  2⤵
  PID:3336
- C:\Windows\System\qfxnrNm.exe
  C:\Windows\System\qfxnrNm.exe
  2⤵
  PID:3380
- C:\Windows\System\uUzTdzZ.exe
  C:\Windows\System\uUzTdzZ.exe
  2⤵
  PID:3432
- C:\Windows\System\ICrNWPd.exe
  C:\Windows\System\ICrNWPd.exe
  2⤵
  PID:3504
- C:\Windows\System\lfpdLoF.exe
  C:\Windows\System\lfpdLoF.exe
  2⤵
  PID:3476
- C:\Windows\System\fZhSVBI.exe
  C:\Windows\System\fZhSVBI.exe
  2⤵
  PID:3524
- C:\Windows\System\EolavKU.exe
  C:\Windows\System\EolavKU.exe
  2⤵
  PID:3580
- C:\Windows\System\PZlMaVm.exe
  C:\Windows\System\PZlMaVm.exe
  2⤵
  PID:3692
- C:\Windows\System\wDgBLHk.exe
  C:\Windows\System\wDgBLHk.exe
  2⤵
  PID:3612
- C:\Windows\System\FQsIKHh.exe
  C:\Windows\System\FQsIKHh.exe
  2⤵
  PID:3748
- C:\Windows\System\DPIqREU.exe
  C:\Windows\System\DPIqREU.exe
  2⤵
  PID:3724
- C:\Windows\System\HHCRyIi.exe
  C:\Windows\System\HHCRyIi.exe
  2⤵
  PID:3768
- C:\Windows\System\zcNTFEY.exe
  C:\Windows\System\zcNTFEY.exe
  2⤵
  PID:3852
- C:\Windows\System\pZSIUlD.exe
  C:\Windows\System\pZSIUlD.exe
  2⤵
  PID:3892
- C:\Windows\System\fANXHkS.exe
  C:\Windows\System\fANXHkS.exe
  2⤵
  PID:3896
- C:\Windows\System\ZpYdzCW.exe
  C:\Windows\System\ZpYdzCW.exe
  2⤵
  PID:3944
- C:\Windows\System\AWMRCgK.exe
  C:\Windows\System\AWMRCgK.exe
  2⤵
  PID:3988
- C:\Windows\System\CoeHjky.exe
  C:\Windows\System\CoeHjky.exe
  2⤵
  PID:4020
- C:\Windows\System\lCpTmnz.exe
  C:\Windows\System\lCpTmnz.exe
  2⤵
  PID:4040
- C:\Windows\System\RAMPIdm.exe
  C:\Windows\System\RAMPIdm.exe
  2⤵
  PID:4092
- C:\Windows\System\qMKSnZP.exe
  C:\Windows\System\qMKSnZP.exe
  2⤵
  PID:1436
- C:\Windows\System\NKGGATl.exe
  C:\Windows\System\NKGGATl.exe
  2⤵
  PID:2072
- C:\Windows\System\MPhFGJq.exe
  C:\Windows\System\MPhFGJq.exe
  2⤵
  PID:2612
- C:\Windows\System\rquzWIH.exe
  C:\Windows\System\rquzWIH.exe
  2⤵
  PID:2096
- C:\Windows\System\TuubNHg.exe
  C:\Windows\System\TuubNHg.exe
  2⤵
  PID:1284
- C:\Windows\System\xOiyxZi.exe
  C:\Windows\System\xOiyxZi.exe
  2⤵
  PID:532
- C:\Windows\System\KIPeaZP.exe
  C:\Windows\System\KIPeaZP.exe
  2⤵
  PID:1236
- C:\Windows\System\zSRyyZS.exe
  C:\Windows\System\zSRyyZS.exe
  2⤵
  PID:2192
- C:\Windows\System\whaOvBt.exe
  C:\Windows\System\whaOvBt.exe
  2⤵
  PID:3124
- C:\Windows\System\kJIqAXK.exe
  C:\Windows\System\kJIqAXK.exe
  2⤵
  PID:3160
- C:\Windows\System\WBYByPs.exe
  C:\Windows\System\WBYByPs.exe
  2⤵
  PID:3140
- C:\Windows\System\gCYzfuf.exe
  C:\Windows\System\gCYzfuf.exe
  2⤵
  PID:3184
- C:\Windows\System\eAjhnCX.exe
  C:\Windows\System\eAjhnCX.exe
  2⤵
  PID:3364
- C:\Windows\System\KYrQMbs.exe
  C:\Windows\System\KYrQMbs.exe
  2⤵
  PID:3328
- C:\Windows\System\ZgYPkLc.exe
  C:\Windows\System\ZgYPkLc.exe
  2⤵
  PID:3408
- C:\Windows\System\qJtszOY.exe
  C:\Windows\System\qJtszOY.exe
  2⤵
  PID:3436
- C:\Windows\System\TSjrNgZ.exe
  C:\Windows\System\TSjrNgZ.exe
  2⤵
  PID:3480
- C:\Windows\System\HxlSbuV.exe
  C:\Windows\System\HxlSbuV.exe
  2⤵
  PID:3648
- C:\Windows\System\PQvqrJC.exe
  C:\Windows\System\PQvqrJC.exe
  2⤵
  PID:3652
- C:\Windows\System\kQHMyNO.exe
  C:\Windows\System\kQHMyNO.exe
  2⤵
  PID:3616
- C:\Windows\System\VaUFtfU.exe
  C:\Windows\System\VaUFtfU.exe
  2⤵
  PID:3716
- C:\Windows\System\rppIghK.exe
  C:\Windows\System\rppIghK.exe
  2⤵
  PID:3788
- C:\Windows\System\fTaxswY.exe
  C:\Windows\System\fTaxswY.exe
  2⤵
  PID:3824
- C:\Windows\System\LngzdZA.exe
  C:\Windows\System\LngzdZA.exe
  2⤵
  PID:3868
- C:\Windows\System\ZDShyiT.exe
  C:\Windows\System\ZDShyiT.exe
  2⤵
  PID:3972
- C:\Windows\System\oCAkHgx.exe
  C:\Windows\System\oCAkHgx.exe
  2⤵
  PID:4064
- C:\Windows\System\ejBilps.exe
  C:\Windows\System\ejBilps.exe
  2⤵
  PID:4068
- C:\Windows\System\XsDzEHs.exe
  C:\Windows\System\XsDzEHs.exe
  2⤵
  PID:2764
- C:\Windows\System\gRMpIpw.exe
  C:\Windows\System\gRMpIpw.exe
  2⤵
  PID:2500
- C:\Windows\System\ThzMHQB.exe
  C:\Windows\System\ThzMHQB.exe
  2⤵
  PID:2144
- C:\Windows\System\gKsAWJk.exe
  C:\Windows\System\gKsAWJk.exe
  2⤵
  PID:600
- C:\Windows\System\XcKFPbC.exe
  C:\Windows\System\XcKFPbC.exe
  2⤵
  PID:892
- C:\Windows\System\Kasalhd.exe
  C:\Windows\System\Kasalhd.exe
  2⤵
  PID:3092
- C:\Windows\System\ZxpwwNf.exe
  C:\Windows\System\ZxpwwNf.exe
  2⤵
  PID:3260
- C:\Windows\System\uLnbklV.exe
  C:\Windows\System\uLnbklV.exe
  2⤵
  PID:3268
- C:\Windows\System\dzIlLTc.exe
  C:\Windows\System\dzIlLTc.exe
  2⤵
  PID:3284
- C:\Windows\System\kCnLoON.exe
  C:\Windows\System\kCnLoON.exe
  2⤵
  PID:3412
- C:\Windows\System\PslaBci.exe
  C:\Windows\System\PslaBci.exe
  2⤵
  PID:3520
- C:\Windows\System\glZZkaH.exe
  C:\Windows\System\glZZkaH.exe
  2⤵
  PID:3672
- C:\Windows\System\zrtTwnV.exe
  C:\Windows\System\zrtTwnV.exe
  2⤵
  PID:3696
- C:\Windows\System\thEJZdG.exe
  C:\Windows\System\thEJZdG.exe
  2⤵
  PID:3744
- C:\Windows\System\ERTCBet.exe
  C:\Windows\System\ERTCBet.exe
  2⤵
  PID:3864
- C:\Windows\System\tZMGuvL.exe
  C:\Windows\System\tZMGuvL.exe
  2⤵
  PID:3976
- C:\Windows\System\gxfBgVZ.exe
  C:\Windows\System\gxfBgVZ.exe
  2⤵
  PID:4036
- C:\Windows\System\rZRGhmV.exe
  C:\Windows\System\rZRGhmV.exe
  2⤵
  PID:4016
- C:\Windows\System\dqRSBdg.exe
  C:\Windows\System\dqRSBdg.exe
  2⤵
  PID:4108
- C:\Windows\System\fXBbFiu.exe
  C:\Windows\System\fXBbFiu.exe
  2⤵
  PID:4132
- C:\Windows\System\baCgmZv.exe
  C:\Windows\System\baCgmZv.exe
  2⤵
  PID:4156
- C:\Windows\System\aUzXQFJ.exe
  C:\Windows\System\aUzXQFJ.exe
  2⤵
  PID:4180
- C:\Windows\System\pAeLfmJ.exe
  C:\Windows\System\pAeLfmJ.exe
  2⤵
  PID:4204
- C:\Windows\System\YHtdfpp.exe
  C:\Windows\System\YHtdfpp.exe
  2⤵
  PID:4228
- C:\Windows\System\sTAEOfb.exe
  C:\Windows\System\sTAEOfb.exe
  2⤵
  PID:4252
- C:\Windows\System\DcCdgdr.exe
  C:\Windows\System\DcCdgdr.exe
  2⤵
  PID:4276
- C:\Windows\System\WtvnPru.exe
  C:\Windows\System\WtvnPru.exe
  2⤵
  PID:4300
- C:\Windows\System\BHPElJX.exe
  C:\Windows\System\BHPElJX.exe
  2⤵
  PID:4324
- C:\Windows\System\zoQNOkk.exe
  C:\Windows\System\zoQNOkk.exe
  2⤵
  PID:4348
- C:\Windows\System\NoGeCuK.exe
  C:\Windows\System\NoGeCuK.exe
  2⤵
  PID:4372
- C:\Windows\System\WthhsEr.exe
  C:\Windows\System\WthhsEr.exe
  2⤵
  PID:4396
- C:\Windows\System\YPAiava.exe
  C:\Windows\System\YPAiava.exe
  2⤵
  PID:4420
- C:\Windows\System\DRNVoma.exe
  C:\Windows\System\DRNVoma.exe
  2⤵
  PID:4440
- C:\Windows\System\hcymgBS.exe
  C:\Windows\System\hcymgBS.exe
  2⤵
  PID:4468
- C:\Windows\System\hhMctFe.exe
  C:\Windows\System\hhMctFe.exe
  2⤵
  PID:4492
- C:\Windows\System\YUBWkAH.exe
  C:\Windows\System\YUBWkAH.exe
  2⤵
  PID:4520
- C:\Windows\System\ZAJnXOr.exe
  C:\Windows\System\ZAJnXOr.exe
  2⤵
  PID:4544
- C:\Windows\System\tkvjfDD.exe
  C:\Windows\System\tkvjfDD.exe
  2⤵
  PID:4568
- C:\Windows\System\ZXylJBW.exe
  C:\Windows\System\ZXylJBW.exe
  2⤵
  PID:4592
- C:\Windows\System\qQMqtlf.exe
  C:\Windows\System\qQMqtlf.exe
  2⤵
  PID:4616
- C:\Windows\System\BXYuhXj.exe
  C:\Windows\System\BXYuhXj.exe
  2⤵
  PID:4640
- C:\Windows\System\ukeEzFi.exe
  C:\Windows\System\ukeEzFi.exe
  2⤵
  PID:4664
- C:\Windows\System\buEcIqa.exe
  C:\Windows\System\buEcIqa.exe
  2⤵
  PID:4688
- C:\Windows\System\hSsWHXA.exe
  C:\Windows\System\hSsWHXA.exe
  2⤵
  PID:4712
- C:\Windows\System\GnJHeet.exe
  C:\Windows\System\GnJHeet.exe
  2⤵
  PID:4736
- C:\Windows\System\NqGyTtU.exe
  C:\Windows\System\NqGyTtU.exe
  2⤵
  PID:4760
- C:\Windows\System\IHMizLK.exe
  C:\Windows\System\IHMizLK.exe
  2⤵
  PID:4784
- C:\Windows\System\sYKEftb.exe
  C:\Windows\System\sYKEftb.exe
  2⤵
  PID:4808
- C:\Windows\System\Tonttvx.exe
  C:\Windows\System\Tonttvx.exe
  2⤵
  PID:4832
- C:\Windows\System\QxQpXHX.exe
  C:\Windows\System\QxQpXHX.exe
  2⤵
  PID:4856
- C:\Windows\System\cBNBxqE.exe
  C:\Windows\System\cBNBxqE.exe
  2⤵
  PID:4880
- C:\Windows\System\vDJjCXR.exe
  C:\Windows\System\vDJjCXR.exe
  2⤵
  PID:4904
- C:\Windows\System\ZYzylLy.exe
  C:\Windows\System\ZYzylLy.exe
  2⤵
  PID:4928
- C:\Windows\System\OAlFUuT.exe
  C:\Windows\System\OAlFUuT.exe
  2⤵
  PID:4952
- C:\Windows\System\btScMmY.exe
  C:\Windows\System\btScMmY.exe
  2⤵
  PID:4976
- C:\Windows\System\lRQDbmh.exe
  C:\Windows\System\lRQDbmh.exe
  2⤵
  PID:5000
- C:\Windows\System\WeJsFfk.exe
  C:\Windows\System\WeJsFfk.exe
  2⤵
  PID:5024
- C:\Windows\System\YvYZvOD.exe
  C:\Windows\System\YvYZvOD.exe
  2⤵
  PID:5048
- C:\Windows\System\uyvjElr.exe
  C:\Windows\System\uyvjElr.exe
  2⤵
  PID:5072
- C:\Windows\System\khDSQUZ.exe
  C:\Windows\System\khDSQUZ.exe
  2⤵
  PID:5096
- C:\Windows\System\IVTlgDw.exe
  C:\Windows\System\IVTlgDw.exe
  2⤵
  PID:2580
- C:\Windows\System\XpQeLKp.exe
  C:\Windows\System\XpQeLKp.exe
  2⤵
  PID:2828
- C:\Windows\System\CNepVch.exe
  C:\Windows\System\CNepVch.exe
  2⤵
  PID:1640
- C:\Windows\System\DsnoJBA.exe
  C:\Windows\System\DsnoJBA.exe
  2⤵
  PID:1528
- C:\Windows\System\BSmKdjj.exe
  C:\Windows\System\BSmKdjj.exe
  2⤵
  PID:3196
- C:\Windows\System\jwrgdMS.exe
  C:\Windows\System\jwrgdMS.exe
  2⤵
  PID:3240
- C:\Windows\System\xYbgiIj.exe
  C:\Windows\System\xYbgiIj.exe
  2⤵
  PID:3576
- C:\Windows\System\AIMHrDZ.exe
  C:\Windows\System\AIMHrDZ.exe
  2⤵
  PID:3564
- C:\Windows\System\njCwDDD.exe
  C:\Windows\System\njCwDDD.exe
  2⤵
  PID:3720
- C:\Windows\System\GTNojAi.exe
  C:\Windows\System\GTNojAi.exe
  2⤵
  PID:3848
- C:\Windows\System\nbKtMBq.exe
  C:\Windows\System\nbKtMBq.exe
  2⤵
  PID:3904
- C:\Windows\System\vFYJjbA.exe
  C:\Windows\System\vFYJjbA.exe
  2⤵
  PID:4048
- C:\Windows\System\tFFScHh.exe
  C:\Windows\System\tFFScHh.exe
  2⤵
  PID:4116
- C:\Windows\System\Tjdgory.exe
  C:\Windows\System\Tjdgory.exe
  2⤵
  PID:4144
- C:\Windows\System\OQbRbqy.exe
  C:\Windows\System\OQbRbqy.exe
  2⤵
  PID:4196
- C:\Windows\System\lNcBZDP.exe
  C:\Windows\System\lNcBZDP.exe
  2⤵
  PID:4224
- C:\Windows\System\pBhhszL.exe
  C:\Windows\System\pBhhszL.exe
  2⤵
  PID:4292
- C:\Windows\System\JUaLtAE.exe
  C:\Windows\System\JUaLtAE.exe
  2⤵
  PID:4288
- C:\Windows\System\BmqaiuR.exe
  C:\Windows\System\BmqaiuR.exe
  2⤵
  PID:4320
- C:\Windows\System\PrBBwuG.exe
  C:\Windows\System\PrBBwuG.exe
  2⤵
  PID:4360
- C:\Windows\System\GZLKCJa.exe
  C:\Windows\System\GZLKCJa.exe
  2⤵
  PID:4412
- C:\Windows\System\VKgfdxG.exe
  C:\Windows\System\VKgfdxG.exe
  2⤵
  PID:4476
- C:\Windows\System\yZJSSzy.exe
  C:\Windows\System\yZJSSzy.exe
  2⤵
  PID:4464
- C:\Windows\System\OuCfvLl.exe
  C:\Windows\System\OuCfvLl.exe
  2⤵
  PID:4504
- C:\Windows\System\SrfCKCR.exe
  C:\Windows\System\SrfCKCR.exe
  2⤵
  PID:4552
- C:\Windows\System\umdymcL.exe
  C:\Windows\System\umdymcL.exe
  2⤵
  PID:4556
- C:\Windows\System\HJRbDsC.exe
  C:\Windows\System\HJRbDsC.exe
  2⤵
  PID:4608
- C:\Windows\System\xJfkKVB.exe
  C:\Windows\System\xJfkKVB.exe
  2⤵
  PID:4632
- C:\Windows\System\TqOBUWV.exe
  C:\Windows\System\TqOBUWV.exe
  2⤵
  PID:4672
- C:\Windows\System\JwNtjYl.exe
  C:\Windows\System\JwNtjYl.exe
  2⤵
  PID:4768
- C:\Windows\System\OKuvBUb.exe
  C:\Windows\System\OKuvBUb.exe
  2⤵
  PID:4776
- C:\Windows\System\BGyPtQP.exe
  C:\Windows\System\BGyPtQP.exe
  2⤵
  PID:4828
- C:\Windows\System\vDYZgEi.exe
  C:\Windows\System\vDYZgEi.exe
  2⤵
  PID:4796
- C:\Windows\System\idOOHdL.exe
  C:\Windows\System\idOOHdL.exe
  2⤵
  PID:4876
- C:\Windows\System\ImKynzy.exe
  C:\Windows\System\ImKynzy.exe
  2⤵
  PID:4852
- C:\Windows\System\xjVnkzm.exe
  C:\Windows\System\xjVnkzm.exe
  2⤵
  PID:4912
- C:\Windows\System\AFFClNz.exe
  C:\Windows\System\AFFClNz.exe
  2⤵
  PID:4924
- C:\Windows\System\yBOHvih.exe
  C:\Windows\System\yBOHvih.exe
  2⤵
  PID:4944
- C:\Windows\System\niaDQEL.exe
  C:\Windows\System\niaDQEL.exe
  2⤵
  PID:4984
- C:\Windows\System\UKRSfil.exe
  C:\Windows\System\UKRSfil.exe
  2⤵
  PID:4988
- C:\Windows\System\ZiUhQak.exe
  C:\Windows\System\ZiUhQak.exe
  2⤵
  PID:5044
- C:\Windows\System\SlUNbco.exe
  C:\Windows\System\SlUNbco.exe
  2⤵
  PID:5080
- C:\Windows\System\BBLvsmq.exe
  C:\Windows\System\BBLvsmq.exe
  2⤵
  PID:5084
- C:\Windows\System\BXKWeIr.exe
  C:\Windows\System\BXKWeIr.exe
  2⤵
  PID:1696
- C:\Windows\System\JpITdQR.exe
  C:\Windows\System\JpITdQR.exe
  2⤵
  PID:3144
- C:\Windows\System\DYfJkWr.exe
  C:\Windows\System\DYfJkWr.exe
  2⤵
  PID:3496
- C:\Windows\System\cudvcBr.exe
  C:\Windows\System\cudvcBr.exe
  2⤵
  PID:3168
- C:\Windows\System\ugJMImn.exe
  C:\Windows\System\ugJMImn.exe
  2⤵
  PID:3472
- C:\Windows\System\bOOStAt.exe
  C:\Windows\System\bOOStAt.exe
  2⤵
  PID:3784
- C:\Windows\System\VzqCQuJ.exe
  C:\Windows\System\VzqCQuJ.exe
  2⤵
  PID:4044
- C:\Windows\System\SLdGOMq.exe
  C:\Windows\System\SLdGOMq.exe
  2⤵
  PID:4104
- C:\Windows\System\vhtmWcC.exe
  C:\Windows\System\vhtmWcC.exe
  2⤵
  PID:4240
- C:\Windows\System\pzdlIal.exe
  C:\Windows\System\pzdlIal.exe
  2⤵
  PID:4248
- C:\Windows\System\wHkAiQW.exe
  C:\Windows\System\wHkAiQW.exe
  2⤵
  PID:4312
- C:\Windows\System\peyITci.exe
  C:\Windows\System\peyITci.exe
  2⤵
  PID:4404
- C:\Windows\System\XGWYCal.exe
  C:\Windows\System\XGWYCal.exe
  2⤵
  PID:4436
- C:\Windows\System\ZEmEBYr.exe
  C:\Windows\System\ZEmEBYr.exe
  2⤵
  PID:4452
- C:\Windows\System\rJfxgqJ.exe
  C:\Windows\System\rJfxgqJ.exe
  2⤵
  PID:4532
- C:\Windows\System\IDVGslS.exe
  C:\Windows\System\IDVGslS.exe
  2⤵
  PID:4604
- C:\Windows\System\NjHftsv.exe
  C:\Windows\System\NjHftsv.exe
  2⤵
  PID:4700
- C:\Windows\System\ahXGxkD.exe
  C:\Windows\System\ahXGxkD.exe
  2⤵
  PID:4772
- C:\Windows\System\HFiFTFd.exe
  C:\Windows\System\HFiFTFd.exe
  2⤵
  PID:4804
- C:\Windows\System\ijKwUfm.exe
  C:\Windows\System\ijKwUfm.exe
  2⤵
  PID:4900
- C:\Windows\System\fPMUpqZ.exe
  C:\Windows\System\fPMUpqZ.exe
  2⤵
  PID:4936
- C:\Windows\System\TKMiKRP.exe
  C:\Windows\System\TKMiKRP.exe
  2⤵
  PID:5016
- C:\Windows\System\EUaBWNw.exe
  C:\Windows\System\EUaBWNw.exe
  2⤵
  PID:5036
- C:\Windows\System\MpiFFnc.exe
  C:\Windows\System\MpiFFnc.exe
  2⤵
  PID:748
- C:\Windows\System\FgbVEZz.exe
  C:\Windows\System\FgbVEZz.exe
  2⤵
  PID:3404
- C:\Windows\System\lMAavkD.exe
  C:\Windows\System\lMAavkD.exe
  2⤵
  PID:3244
- C:\Windows\System\eCMPsbb.exe
  C:\Windows\System\eCMPsbb.exe
  2⤵
  PID:3592
- C:\Windows\System\DbDdRWr.exe
  C:\Windows\System\DbDdRWr.exe
  2⤵
  PID:3876
- C:\Windows\System\aWMfdvQ.exe
  C:\Windows\System\aWMfdvQ.exe
  2⤵
  PID:4152
- C:\Windows\System\oAYTGbb.exe
  C:\Windows\System\oAYTGbb.exe
  2⤵
  PID:4220
- C:\Windows\System\lzqixaQ.exe
  C:\Windows\System\lzqixaQ.exe
  2⤵
  PID:4284
- C:\Windows\System\yKZhXhQ.exe
  C:\Windows\System\yKZhXhQ.exe
  2⤵
  PID:4332
- C:\Windows\System\xpKHYYS.exe
  C:\Windows\System\xpKHYYS.exe
  2⤵
  PID:2896
- C:\Windows\System\zKmvqFI.exe
  C:\Windows\System\zKmvqFI.exe
  2⤵
  PID:4488
- C:\Windows\System\gnVESRH.exe
  C:\Windows\System\gnVESRH.exe
  2⤵
  PID:4584
- C:\Windows\System\JUIxVaE.exe
  C:\Windows\System\JUIxVaE.exe
  2⤵
  PID:4660
- C:\Windows\System\CoXxvGE.exe
  C:\Windows\System\CoXxvGE.exe
  2⤵
  PID:4704
- C:\Windows\System\PVgSCXs.exe
  C:\Windows\System\PVgSCXs.exe
  2⤵
  PID:2648
- C:\Windows\System\tGMfTBD.exe
  C:\Windows\System\tGMfTBD.exe
  2⤵
  PID:4848
- C:\Windows\System\aJCNivt.exe
  C:\Windows\System\aJCNivt.exe
  2⤵
  PID:2592
- C:\Windows\System\qPjTxwo.exe
  C:\Windows\System\qPjTxwo.exe
  2⤵
  PID:5068
- C:\Windows\System\blkkhHl.exe
  C:\Windows\System\blkkhHl.exe
  2⤵
  PID:5088
- C:\Windows\System\Giwzior.exe
  C:\Windows\System\Giwzior.exe
  2⤵
  PID:3024
- C:\Windows\System\SEknhET.exe
  C:\Windows\System\SEknhET.exe
  2⤵
  PID:2408
- C:\Windows\System\gFjVEzJ.exe
  C:\Windows\System\gFjVEzJ.exe
  2⤵
  PID:3804
- C:\Windows\System\GDFXcvK.exe
  C:\Windows\System\GDFXcvK.exe
  2⤵
  PID:3948
- C:\Windows\System\sfTysdG.exe
  C:\Windows\System\sfTysdG.exe
  2⤵
  PID:4120
- C:\Windows\System\qJlKvCe.exe
  C:\Windows\System\qJlKvCe.exe
  2⤵
  PID:4176
- C:\Windows\System\XojpYod.exe
  C:\Windows\System\XojpYod.exe
  2⤵
  PID:4272
- C:\Windows\System\cArIJMZ.exe
  C:\Windows\System\cArIJMZ.exe
  2⤵
  PID:2800
- C:\Windows\System\dSJkBna.exe
  C:\Windows\System\dSJkBna.exe
  2⤵
  PID:4728
- C:\Windows\System\ArULAvP.exe
  C:\Windows\System\ArULAvP.exe
  2⤵
  PID:4744
- C:\Windows\System\kKFMLKW.exe
  C:\Windows\System\kKFMLKW.exe
  2⤵
  PID:4872
- C:\Windows\System\oxGkeUX.exe
  C:\Windows\System\oxGkeUX.exe
  2⤵
  PID:5008
- C:\Windows\System\qeBbuWF.exe
  C:\Windows\System\qeBbuWF.exe
  2⤵
  PID:2708
- C:\Windows\System\fCFuUvJ.exe
  C:\Windows\System\fCFuUvJ.exe
  2⤵
  PID:3208
- C:\Windows\System\rCAAcHt.exe
  C:\Windows\System\rCAAcHt.exe
  2⤵
  PID:3992
- C:\Windows\System\MOmJfOu.exe
  C:\Windows\System\MOmJfOu.exe
  2⤵
  PID:1992
- C:\Windows\System\AkgnKPI.exe
  C:\Windows\System\AkgnKPI.exe
  2⤵
  PID:2980
- C:\Windows\System\YPDqotW.exe
  C:\Windows\System\YPDqotW.exe
  2⤵
  PID:2976
- C:\Windows\System\YJVzDDx.exe
  C:\Windows\System\YJVzDDx.exe
  2⤵
  PID:1668
- C:\Windows\System\Kapnsmc.exe
  C:\Windows\System\Kapnsmc.exe
  2⤵
  PID:2520
- C:\Windows\System\iSMQXyv.exe
  C:\Windows\System\iSMQXyv.exe
  2⤵
  PID:1596
- C:\Windows\System\iCLRmIK.exe
  C:\Windows\System\iCLRmIK.exe
  2⤵
  PID:2644
- C:\Windows\System\dsJdzPH.exe
  C:\Windows\System\dsJdzPH.exe
  2⤵
  PID:1124
- C:\Windows\System\lORVRjt.exe
  C:\Windows\System\lORVRjt.exe
  2⤵
  PID:2656
- C:\Windows\System\fTSonYb.exe
  C:\Windows\System\fTSonYb.exe
  2⤵
  PID:2992
- C:\Windows\System\gqanpaa.exe
  C:\Windows\System\gqanpaa.exe
  2⤵
  PID:2836
- C:\Windows\System\tuGDOYH.exe
  C:\Windows\System\tuGDOYH.exe
  2⤵
  PID:2996
- C:\Windows\System\jPtRvbU.exe
  C:\Windows\System\jPtRvbU.exe
  2⤵
  PID:4756
- C:\Windows\System\UHuMxnb.exe
  C:\Windows\System\UHuMxnb.exe
  2⤵
  PID:2000
- C:\Windows\System\vegBLga.exe
  C:\Windows\System\vegBLga.exe
  2⤵
  PID:3136
- C:\Windows\System\aQCokrg.exe
  C:\Windows\System\aQCokrg.exe
  2⤵
  PID:2728
- C:\Windows\System\FpndnwK.exe
  C:\Windows\System\FpndnwK.exe
  2⤵
  PID:2344
- C:\Windows\System\QPolnWB.exe
  C:\Windows\System\QPolnWB.exe
  2⤵
  PID:4408
- C:\Windows\System\cbEbqvZ.exe
  C:\Windows\System\cbEbqvZ.exe
  2⤵
  PID:1560
- C:\Windows\System\ClfaGem.exe
  C:\Windows\System\ClfaGem.exe
  2⤵
  PID:2620
- C:\Windows\System\hbnldqZ.exe
  C:\Windows\System\hbnldqZ.exe
  2⤵
  PID:2780
- C:\Windows\System\CfAlJgi.exe
  C:\Windows\System\CfAlJgi.exe
  2⤵
  PID:2712
- C:\Windows\System\ZDSPnJY.exe
  C:\Windows\System\ZDSPnJY.exe
  2⤵
  PID:2184
- C:\Windows\System\VcnyGld.exe
  C:\Windows\System\VcnyGld.exe
  2⤵
  PID:408
- C:\Windows\System\hEwexHU.exe
  C:\Windows\System\hEwexHU.exe
  2⤵
  PID:2876
- C:\Windows\System\bDGrTUK.exe
  C:\Windows\System\bDGrTUK.exe
  2⤵
  PID:5092
- C:\Windows\System\OssNpYW.exe
  C:\Windows\System\OssNpYW.exe
  2⤵
  PID:4192
- C:\Windows\System\FBxHKfi.exe
  C:\Windows\System\FBxHKfi.exe
  2⤵
  PID:2696
- C:\Windows\System\WQOCbHe.exe
  C:\Windows\System\WQOCbHe.exe
  2⤵
  PID:4868
- C:\Windows\System\bTABQpx.exe
  C:\Windows\System\bTABQpx.exe
  2⤵
  PID:1656
- C:\Windows\System\jojdfPj.exe
  C:\Windows\System\jojdfPj.exe
  2⤵
  PID:2928
- C:\Windows\System\HFMpmhy.exe
  C:\Windows\System\HFMpmhy.exe
  2⤵
  PID:1180
- C:\Windows\System\sWKXKQl.exe
  C:\Windows\System\sWKXKQl.exe
  2⤵
  PID:1784
- C:\Windows\System\WKmEqiw.exe
  C:\Windows\System\WKmEqiw.exe
  2⤵
  PID:4148
- C:\Windows\System\LDOipVF.exe
  C:\Windows\System\LDOipVF.exe
  2⤵
  PID:1340
- C:\Windows\System\fVQhbZc.exe
  C:\Windows\System\fVQhbZc.exe
  2⤵
  PID:320
- C:\Windows\System\tAfwXvT.exe
  C:\Windows\System\tAfwXvT.exe
  2⤵
  PID:2004
- C:\Windows\System\aAaKkxg.exe
  C:\Windows\System\aAaKkxg.exe
  2⤵
  PID:2956
- C:\Windows\System\xQdXEBy.exe
  C:\Windows\System\xQdXEBy.exe
  2⤵
  PID:1904
- C:\Windows\System\DjWMnyo.exe
  C:\Windows\System\DjWMnyo.exe
  2⤵
  PID:4392
- C:\Windows\System\HAqJcGo.exe
  C:\Windows\System\HAqJcGo.exe
  2⤵
  PID:1188
- C:\Windows\System\dYDvTvP.exe
  C:\Windows\System\dYDvTvP.exe
  2⤵
  PID:2676
- C:\Windows\System\GgdFtos.exe
  C:\Windows\System\GgdFtos.exe
  2⤵
  PID:1608
- C:\Windows\System\EUdyefg.exe
  C:\Windows\System\EUdyefg.exe
  2⤵
  PID:5140
- C:\Windows\System\zjXuPXR.exe
  C:\Windows\System\zjXuPXR.exe
  2⤵
  PID:5160
- C:\Windows\System\WCZjIwg.exe
  C:\Windows\System\WCZjIwg.exe
  2⤵
  PID:5184
- C:\Windows\System\MeYUAbl.exe
  C:\Windows\System\MeYUAbl.exe
  2⤵
  PID:5204
- C:\Windows\System\ipPwUjK.exe
  C:\Windows\System\ipPwUjK.exe
  2⤵
  PID:5228
- C:\Windows\System\XawElEF.exe
  C:\Windows\System\XawElEF.exe
  2⤵
  PID:5252
- C:\Windows\System\VEVrDQw.exe
  C:\Windows\System\VEVrDQw.exe
  2⤵
  PID:5276
- C:\Windows\System\FEYVseZ.exe
  C:\Windows\System\FEYVseZ.exe
  2⤵
  PID:5296
- C:\Windows\System\EVvsHgv.exe
  C:\Windows\System\EVvsHgv.exe
  2⤵
  PID:5320
- C:\Windows\System\KdNIQtT.exe
  C:\Windows\System\KdNIQtT.exe
  2⤵
  PID:5352
- C:\Windows\System\lpwXPsX.exe
  C:\Windows\System\lpwXPsX.exe
  2⤵
  PID:5368
- C:\Windows\System\ZOCVgEW.exe
  C:\Windows\System\ZOCVgEW.exe
  2⤵
  PID:5384
- C:\Windows\System\JKEKocZ.exe
  C:\Windows\System\JKEKocZ.exe
  2⤵
  PID:5404
- C:\Windows\System\UrVDUEj.exe
  C:\Windows\System\UrVDUEj.exe
  2⤵
  PID:5432
- C:\Windows\System\pqjWZus.exe
  C:\Windows\System\pqjWZus.exe
  2⤵
  PID:5448
- C:\Windows\System\NwmRMpc.exe
  C:\Windows\System\NwmRMpc.exe
  2⤵
  PID:5464
- C:\Windows\System\NafFsBx.exe
  C:\Windows\System\NafFsBx.exe
  2⤵
  PID:5484
- C:\Windows\System\hYhKJVg.exe
  C:\Windows\System\hYhKJVg.exe
  2⤵
  PID:5512
- C:\Windows\System\NbxOReA.exe
  C:\Windows\System\NbxOReA.exe
  2⤵
  PID:5528
- C:\Windows\System\uIBKMvM.exe
  C:\Windows\System\uIBKMvM.exe
  2⤵
  PID:5560
- C:\Windows\System\eHEQHbE.exe
  C:\Windows\System\eHEQHbE.exe
  2⤵
  PID:5580
- C:\Windows\System\mmeQKtn.exe
  C:\Windows\System\mmeQKtn.exe
  2⤵
  PID:5612
- C:\Windows\System\OdXWnAO.exe
  C:\Windows\System\OdXWnAO.exe
  2⤵
  PID:5696
- C:\Windows\System\vtgmUQf.exe
  C:\Windows\System\vtgmUQf.exe
  2⤵
  PID:5712
- C:\Windows\System\CDRZgfS.exe
  C:\Windows\System\CDRZgfS.exe
  2⤵
  PID:5740
- C:\Windows\System\ENvEiHo.exe
  C:\Windows\System\ENvEiHo.exe
  2⤵
  PID:5804
- C:\Windows\System\xvAZhTI.exe
  C:\Windows\System\xvAZhTI.exe
  2⤵
  PID:5820
- C:\Windows\System\PJIxSaK.exe
  C:\Windows\System\PJIxSaK.exe
  2⤵
  PID:5836
- C:\Windows\System\OrycejL.exe
  C:\Windows\System\OrycejL.exe
  2⤵
  PID:5852
- C:\Windows\System\OANkldK.exe
  C:\Windows\System\OANkldK.exe
  2⤵
  PID:5868
- C:\Windows\System\UrTHpuL.exe
  C:\Windows\System\UrTHpuL.exe
  2⤵
  PID:5884
- C:\Windows\System\eWXoTBK.exe
  C:\Windows\System\eWXoTBK.exe
  2⤵
  PID:5936
- C:\Windows\System\nACDxVC.exe
  C:\Windows\System\nACDxVC.exe
  2⤵
  PID:5952
- C:\Windows\System\VRqaABH.exe
  C:\Windows\System\VRqaABH.exe
  2⤵
  PID:5972
- C:\Windows\System\ZxVvcFT.exe
  C:\Windows\System\ZxVvcFT.exe
  2⤵
  PID:5992
- C:\Windows\System\WWJPuVa.exe
  C:\Windows\System\WWJPuVa.exe
  2⤵
  PID:6024
- C:\Windows\System\CdZYoem.exe
  C:\Windows\System\CdZYoem.exe
  2⤵
  PID:6064
- C:\Windows\System\IsBrPHF.exe
  C:\Windows\System\IsBrPHF.exe
  2⤵
  PID:6088
- C:\Windows\System\YanmKPU.exe
  C:\Windows\System\YanmKPU.exe
  2⤵
  PID:6104
- C:\Windows\System\iFxQZVu.exe
  C:\Windows\System\iFxQZVu.exe
  2⤵
  PID:6128
- C:\Windows\System\cAwNaBs.exe
  C:\Windows\System\cAwNaBs.exe
  2⤵
  PID:4188
- C:\Windows\System\CMKYLHC.exe
  C:\Windows\System\CMKYLHC.exe
  2⤵
  PID:5032
- C:\Windows\System\UVBLPAE.exe
  C:\Windows\System\UVBLPAE.exe
  2⤵
  PID:5152
- C:\Windows\System\fNpHkly.exe
  C:\Windows\System\fNpHkly.exe
  2⤵
  PID:5192
- C:\Windows\System\RTRdSHa.exe
  C:\Windows\System\RTRdSHa.exe
  2⤵
  PID:5248
- C:\Windows\System\rWBCuov.exe
  C:\Windows\System\rWBCuov.exe
  2⤵
  PID:5128
- C:\Windows\System\vynNYfn.exe
  C:\Windows\System\vynNYfn.exe
  2⤵
  PID:5340
- C:\Windows\System\kqNcfyQ.exe
  C:\Windows\System\kqNcfyQ.exe
  2⤵
  PID:5420
- C:\Windows\System\unxPEyo.exe
  C:\Windows\System\unxPEyo.exe
  2⤵
  PID:5460
- C:\Windows\System\CNCOSRV.exe
  C:\Windows\System\CNCOSRV.exe
  2⤵
  PID:5504
- C:\Windows\System\Faxijgr.exe
  C:\Windows\System\Faxijgr.exe
  2⤵
  PID:5176
- C:\Windows\System\bBeYAWN.exe
  C:\Windows\System\bBeYAWN.exe
  2⤵
  PID:4316
- C:\Windows\System\qNnVull.exe
  C:\Windows\System\qNnVull.exe
  2⤵
  PID:5220
- C:\Windows\System\SZkBZyl.exe
  C:\Windows\System\SZkBZyl.exe
  2⤵
  PID:5540
- C:\Windows\System\vVWdeSI.exe
  C:\Windows\System\vVWdeSI.exe
  2⤵
  PID:5588
- C:\Windows\System\tGttdHw.exe
  C:\Windows\System\tGttdHw.exe
  2⤵
  PID:5608
- C:\Windows\System\KjfXexe.exe
  C:\Windows\System\KjfXexe.exe
  2⤵
  PID:5704
- C:\Windows\System\bVwxWcX.exe
  C:\Windows\System\bVwxWcX.exe
  2⤵
  PID:5676
- C:\Windows\System\yxmDErB.exe
  C:\Windows\System\yxmDErB.exe
  2⤵
  PID:5664
- C:\Windows\System\dgHFsNn.exe
  C:\Windows\System\dgHFsNn.exe
  2⤵
  PID:5632
- C:\Windows\System\JQoEpkR.exe
  C:\Windows\System\JQoEpkR.exe
  2⤵
  PID:5728
- C:\Windows\System\KeuhnIm.exe
  C:\Windows\System\KeuhnIm.exe
  2⤵
  PID:5788
- C:\Windows\System\KwOxLeD.exe
  C:\Windows\System\KwOxLeD.exe
  2⤵
  PID:5864
- C:\Windows\System\iIdvosN.exe
  C:\Windows\System\iIdvosN.exe
  2⤵
  PID:5844
- C:\Windows\System\CRHNpiF.exe
  C:\Windows\System\CRHNpiF.exe
  2⤵
  PID:5908
- C:\Windows\System\SDJpfUt.exe
  C:\Windows\System\SDJpfUt.exe
  2⤵
  PID:5928
- C:\Windows\System\HhGAzZz.exe
  C:\Windows\System\HhGAzZz.exe
  2⤵
  PID:6000
- C:\Windows\System\vBbRJsc.exe
  C:\Windows\System\vBbRJsc.exe
  2⤵
  PID:6032
- C:\Windows\System\mdAUmKr.exe
  C:\Windows\System\mdAUmKr.exe
  2⤵
  PID:5984
- C:\Windows\System\paEERaL.exe
  C:\Windows\System\paEERaL.exe
  2⤵
  PID:6048
- C:\Windows\System\PjttCHE.exe
  C:\Windows\System\PjttCHE.exe
  2⤵
  PID:6084
- C:\Windows\System\SzawPrd.exe
  C:\Windows\System\SzawPrd.exe
  2⤵
  PID:6116
- C:\Windows\System\DoMPtUq.exe
  C:\Windows\System\DoMPtUq.exe
  2⤵
  PID:5196
- C:\Windows\System\UtWDwKI.exe
  C:\Windows\System\UtWDwKI.exe
  2⤵
  PID:5376
- C:\Windows\System\FHsFTNm.exe
  C:\Windows\System\FHsFTNm.exe
  2⤵
  PID:5240
- C:\Windows\System\tVCzBmN.exe
  C:\Windows\System\tVCzBmN.exe
  2⤵
  PID:5380
- C:\Windows\System\YWfevEE.exe
  C:\Windows\System\YWfevEE.exe
  2⤵
  PID:2716
- C:\Windows\System\DaCkjyi.exe
  C:\Windows\System\DaCkjyi.exe
  2⤵
  PID:5508
- C:\Windows\System\uhXLQJh.exe
  C:\Windows\System\uhXLQJh.exe
  2⤵
  PID:5216
- C:\Windows\System\UhLRAsb.exe
  C:\Windows\System\UhLRAsb.exe
  2⤵
  PID:5476
- C:\Windows\System\dDVYCfv.exe
  C:\Windows\System\dDVYCfv.exe
  2⤵
  PID:5536
- C:\Windows\System\rWmDwtA.exe
  C:\Windows\System\rWmDwtA.exe
  2⤵
  PID:5708
- C:\Windows\System\igMeUgK.exe
  C:\Windows\System\igMeUgK.exe
  2⤵
  PID:1724
- C:\Windows\System\uomsPii.exe
  C:\Windows\System\uomsPii.exe
  2⤵
  PID:5688
- C:\Windows\System\ZlCHszC.exe
  C:\Windows\System\ZlCHszC.exe
  2⤵
  PID:5672
- C:\Windows\System\LjFJKmR.exe
  C:\Windows\System\LjFJKmR.exe
  2⤵
  PID:5680
- C:\Windows\System\VBAxPWA.exe
  C:\Windows\System\VBAxPWA.exe
  2⤵
  PID:5792
- C:\Windows\System\tmtoxNN.exe
  C:\Windows\System\tmtoxNN.exe
  2⤵
  PID:5876
- C:\Windows\System\DRIIdQB.exe
  C:\Windows\System\DRIIdQB.exe
  2⤵
  PID:5880
- C:\Windows\System\exXNfrE.exe
  C:\Windows\System\exXNfrE.exe
  2⤵
  PID:5924
- C:\Windows\System\aIgivqm.exe
  C:\Windows\System\aIgivqm.exe
  2⤵
  PID:6020
- C:\Windows\System\eOLgVsp.exe
  C:\Windows\System\eOLgVsp.exe
  2⤵
  PID:6112
- C:\Windows\System\zRwmnXS.exe
  C:\Windows\System\zRwmnXS.exe
  2⤵
  PID:5308
- C:\Windows\System\fWZwzUl.exe
  C:\Windows\System\fWZwzUl.exe
  2⤵
  PID:6072
- C:\Windows\System\qepFylD.exe
  C:\Windows\System\qepFylD.exe
  2⤵
  PID:5964
- C:\Windows\System\MLXPZex.exe
  C:\Windows\System\MLXPZex.exe
  2⤵
  PID:5136
- C:\Windows\System\AyCUVTd.exe
  C:\Windows\System\AyCUVTd.exe
  2⤵
  PID:5520
- C:\Windows\System\HbMPHHx.exe
  C:\Windows\System\HbMPHHx.exe
  2⤵
  PID:5056
- C:\Windows\System\gSoXKFp.exe
  C:\Windows\System\gSoXKFp.exe
  2⤵
  PID:5784
- C:\Windows\System\lATwlKV.exe
  C:\Windows\System\lATwlKV.exe
  2⤵
  PID:5336
- C:\Windows\System\yxdUvFP.exe
  C:\Windows\System\yxdUvFP.exe
  2⤵
  PID:5916
- C:\Windows\System\yyfOAFq.exe
  C:\Windows\System\yyfOAFq.exe
  2⤵
  PID:6076
- C:\Windows\System\OzbSZYW.exe
  C:\Windows\System\OzbSZYW.exe
  2⤵
  PID:5224
- C:\Windows\System\fXpWVsJ.exe
  C:\Windows\System\fXpWVsJ.exe
  2⤵
  PID:5576
- C:\Windows\System\kkYSwat.exe
  C:\Windows\System\kkYSwat.exe
  2⤵
  PID:5284
- C:\Windows\System\Pjyfbhy.exe
  C:\Windows\System\Pjyfbhy.exe
  2⤵
  PID:6140
- C:\Windows\System\xrGupef.exe
  C:\Windows\System\xrGupef.exe
  2⤵
  PID:5400
- C:\Windows\System\FyBHwVf.exe
  C:\Windows\System\FyBHwVf.exe
  2⤵
  PID:5412
- C:\Windows\System\eMVSQhP.exe
  C:\Windows\System\eMVSQhP.exe
  2⤵
  PID:5292
- C:\Windows\System\zBiDzfb.exe
  C:\Windows\System\zBiDzfb.exe
  2⤵
  PID:2832
- C:\Windows\System\knZVVCQ.exe
  C:\Windows\System\knZVVCQ.exe
  2⤵
  PID:5988
- C:\Windows\System\lvjUlnY.exe
  C:\Windows\System\lvjUlnY.exe
  2⤵
  PID:5124
- C:\Windows\System\OFtUTuN.exe
  C:\Windows\System\OFtUTuN.exe
  2⤵
  PID:6052
- C:\Windows\System\yDMErYr.exe
  C:\Windows\System\yDMErYr.exe
  2⤵
  PID:5480
- C:\Windows\System\BtKcLVT.exe
  C:\Windows\System\BtKcLVT.exe
  2⤵
  PID:5832
- C:\Windows\System\fUiScyP.exe
  C:\Windows\System\fUiScyP.exe
  2⤵
  PID:5628
- C:\Windows\System\OzkTNFD.exe
  C:\Windows\System\OzkTNFD.exe
  2⤵
  PID:5684
- C:\Windows\System\WkOQRui.exe
  C:\Windows\System\WkOQRui.exe
  2⤵
  PID:6096
- C:\Windows\System\ttcldNA.exe
  C:\Windows\System\ttcldNA.exe
  2⤵
  PID:5552
- C:\Windows\System\PmUOikZ.exe
  C:\Windows\System\PmUOikZ.exe
  2⤵
  PID:5268
- C:\Windows\System\gyGnZHS.exe
  C:\Windows\System\gyGnZHS.exe
  2⤵
  PID:5304
- C:\Windows\System\WNbQkVu.exe
  C:\Windows\System\WNbQkVu.exe
  2⤵
  PID:5668
- C:\Windows\System\dGNxQbM.exe
  C:\Windows\System\dGNxQbM.exe
  2⤵
  PID:5648
- C:\Windows\System\RarCOBw.exe
  C:\Windows\System\RarCOBw.exe
  2⤵
  PID:2904
- C:\Windows\System\pibAGhe.exe
  C:\Windows\System\pibAGhe.exe
  2⤵
  PID:5416
- C:\Windows\System\IICJnZi.exe
  C:\Windows\System\IICJnZi.exe
  2⤵
  PID:5620
- C:\Windows\System\RuHbpsD.exe
  C:\Windows\System\RuHbpsD.exe
  2⤵
  PID:5764
- C:\Windows\System\YRhedis.exe
  C:\Windows\System\YRhedis.exe
  2⤵
  PID:6044
- C:\Windows\System\WldEBHX.exe
  C:\Windows\System\WldEBHX.exe
  2⤵
  PID:5624
- C:\Windows\System\LhUQSEV.exe
  C:\Windows\System\LhUQSEV.exe
  2⤵
  PID:5428
- C:\Windows\System\yorzikQ.exe
  C:\Windows\System\yorzikQ.exe
  2⤵
  PID:6160
- C:\Windows\System\mDgWBJz.exe
  C:\Windows\System\mDgWBJz.exe
  2⤵
  PID:6188
- C:\Windows\System\aQnAqBc.exe
  C:\Windows\System\aQnAqBc.exe
  2⤵
  PID:6204
- C:\Windows\System\qfryWnq.exe
  C:\Windows\System\qfryWnq.exe
  2⤵
  PID:6220
- C:\Windows\System\zVuTXvQ.exe
  C:\Windows\System\zVuTXvQ.exe
  2⤵
  PID:6240
- C:\Windows\System\CvxxcJy.exe
  C:\Windows\System\CvxxcJy.exe
  2⤵
  PID:6260
- C:\Windows\System\lgYopmb.exe
  C:\Windows\System\lgYopmb.exe
  2⤵
  PID:6280
- C:\Windows\System\pLxtasA.exe
  C:\Windows\System\pLxtasA.exe
  2⤵
  PID:6300
- C:\Windows\System\TNRpHAf.exe
  C:\Windows\System\TNRpHAf.exe
  2⤵
  PID:6316
- C:\Windows\System\qrqbAEc.exe
  C:\Windows\System\qrqbAEc.exe
  2⤵
  PID:6336
- C:\Windows\System\MYvJgLX.exe
  C:\Windows\System\MYvJgLX.exe
  2⤵
  PID:6356
- C:\Windows\System\ZlSSryH.exe
  C:\Windows\System\ZlSSryH.exe
  2⤵
  PID:6400
- C:\Windows\System\DZpHypF.exe
  C:\Windows\System\DZpHypF.exe
  2⤵
  PID:6416
- C:\Windows\System\eTIlAqX.exe
  C:\Windows\System\eTIlAqX.exe
  2⤵
  PID:6436
- C:\Windows\System\svHYpnW.exe
  C:\Windows\System\svHYpnW.exe
  2⤵
  PID:6456
- C:\Windows\System\KdMXhOE.exe
  C:\Windows\System\KdMXhOE.exe
  2⤵
  PID:6492
- C:\Windows\System\umCKFYd.exe
  C:\Windows\System\umCKFYd.exe
  2⤵
  PID:6508
- C:\Windows\System\uCyFkuw.exe
  C:\Windows\System\uCyFkuw.exe
  2⤵
  PID:6524
- C:\Windows\System\lKlloPw.exe
  C:\Windows\System\lKlloPw.exe
  2⤵
  PID:6548
- C:\Windows\System\XkdHORp.exe
  C:\Windows\System\XkdHORp.exe
  2⤵
  PID:6576
- C:\Windows\System\dmiqBHS.exe
  C:\Windows\System\dmiqBHS.exe
  2⤵
  PID:6592
- C:\Windows\System\CcRPOQZ.exe
  C:\Windows\System\CcRPOQZ.exe
  2⤵
  PID:6608
- C:\Windows\System\eUPMPbt.exe
  C:\Windows\System\eUPMPbt.exe
  2⤵
  PID:6636
- C:\Windows\System\FQcgTkn.exe
  C:\Windows\System\FQcgTkn.exe
  2⤵
  PID:6676
- C:\Windows\System\yxrZFzO.exe
  C:\Windows\System\yxrZFzO.exe
  2⤵
  PID:6708
- C:\Windows\System\wpfrPSg.exe
  C:\Windows\System\wpfrPSg.exe
  2⤵
  PID:6756
- C:\Windows\System\UcUCnXh.exe
  C:\Windows\System\UcUCnXh.exe
  2⤵
  PID:6780
- C:\Windows\System\yQghhCF.exe
  C:\Windows\System\yQghhCF.exe
  2⤵
  PID:6796
- C:\Windows\System\ZnpmafH.exe
  C:\Windows\System\ZnpmafH.exe
  2⤵
  PID:6816
- C:\Windows\System\njvmYtE.exe
  C:\Windows\System\njvmYtE.exe
  2⤵
  PID:6836
- C:\Windows\System\fVJixnf.exe
  C:\Windows\System\fVJixnf.exe
  2⤵
  PID:6860
- C:\Windows\System\WCwHEaH.exe
  C:\Windows\System\WCwHEaH.exe
  2⤵
  PID:6876
- C:\Windows\System\nrrUyXo.exe
  C:\Windows\System\nrrUyXo.exe
  2⤵
  PID:6944
- C:\Windows\System\ARqoVDH.exe
  C:\Windows\System\ARqoVDH.exe
  2⤵
  PID:6960
- C:\Windows\System\DWfPRAY.exe
  C:\Windows\System\DWfPRAY.exe
  2⤵
  PID:6984
- C:\Windows\System\yZgqpgg.exe
  C:\Windows\System\yZgqpgg.exe
  2⤵
  PID:7016
- C:\Windows\System\natCiqj.exe
  C:\Windows\System\natCiqj.exe
  2⤵
  PID:7032
- C:\Windows\System\mENhSih.exe
  C:\Windows\System\mENhSih.exe
  2⤵
  PID:7052
- C:\Windows\System\TkHbmNT.exe
  C:\Windows\System\TkHbmNT.exe
  2⤵
  PID:7076
- C:\Windows\System\NAQdnvu.exe
  C:\Windows\System\NAQdnvu.exe
  2⤵
  PID:7108
- C:\Windows\System\xtyirvg.exe
  C:\Windows\System\xtyirvg.exe
  2⤵
  PID:7124
- C:\Windows\System\YQbxKZU.exe
  C:\Windows\System\YQbxKZU.exe
  2⤵
  PID:7140
- C:\Windows\System\kLqbpvc.exe
  C:\Windows\System\kLqbpvc.exe
  2⤵
  PID:5316
- C:\Windows\System\mMyKyIN.exe
  C:\Windows\System\mMyKyIN.exe
  2⤵
  PID:6180
- C:\Windows\System\OStlcJE.exe
  C:\Windows\System\OStlcJE.exe
  2⤵
  PID:6248
- C:\Windows\System\AVQNAWx.exe
  C:\Windows\System\AVQNAWx.exe
  2⤵
  PID:6328
- C:\Windows\System\wggfyVq.exe
  C:\Windows\System\wggfyVq.exe
  2⤵
  PID:6376
- C:\Windows\System\HMzCMCV.exe
  C:\Windows\System\HMzCMCV.exe
  2⤵
  PID:6056
- C:\Windows\System\EFyogYJ.exe
  C:\Windows\System\EFyogYJ.exe
  2⤵
  PID:6196
- C:\Windows\System\EBAPHqc.exe
  C:\Windows\System\EBAPHqc.exe
  2⤵
  PID:6312
- C:\Windows\System\qrmpORx.exe
  C:\Windows\System\qrmpORx.exe
  2⤵
  PID:6428
- C:\Windows\System\ZPDstFN.exe
  C:\Windows\System\ZPDstFN.exe
  2⤵
  PID:6480
- C:\Windows\System\DPfgbFH.exe
  C:\Windows\System\DPfgbFH.exe
  2⤵
  PID:6516
- C:\Windows\System\fOajYiE.exe
  C:\Windows\System\fOajYiE.exe
  2⤵
  PID:6600
- C:\Windows\System\RoBcFAv.exe
  C:\Windows\System\RoBcFAv.exe
  2⤵
  PID:6448
- C:\Windows\System\xzfLNSm.exe
  C:\Windows\System\xzfLNSm.exe
  2⤵
  PID:6652
- C:\Windows\System\CDMkZBh.exe
  C:\Windows\System\CDMkZBh.exe
  2⤵
  PID:6668
- C:\Windows\System\rCAagRp.exe
  C:\Windows\System\rCAagRp.exe
  2⤵
  PID:6504
- C:\Windows\System\ZTPiiPO.exe
  C:\Windows\System\ZTPiiPO.exe
  2⤵
  PID:6588
- C:\Windows\System\ZiBHzMT.exe
  C:\Windows\System\ZiBHzMT.exe
  2⤵
  PID:6684
- C:\Windows\System\TOKrxWK.exe
  C:\Windows\System\TOKrxWK.exe
  2⤵
  PID:6736
- C:\Windows\System\ZKxyOKR.exe
  C:\Windows\System\ZKxyOKR.exe
  2⤵
  PID:6696
- C:\Windows\System\FFmFxzg.exe
  C:\Windows\System\FFmFxzg.exe
  2⤵
  PID:6764
- C:\Windows\System\shdFfxZ.exe
  C:\Windows\System\shdFfxZ.exe
  2⤵
  PID:6768
- C:\Windows\System\cjbqySW.exe
  C:\Windows\System\cjbqySW.exe
  2⤵
  PID:6888
- C:\Windows\System\WjCmjKl.exe
  C:\Windows\System\WjCmjKl.exe
  2⤵
  PID:6912
- C:\Windows\System\wAMixBh.exe
  C:\Windows\System\wAMixBh.exe
  2⤵
  PID:6928
- C:\Windows\System\SsOIsBM.exe
  C:\Windows\System\SsOIsBM.exe
  2⤵
  PID:6952
- C:\Windows\System\XJkfcKD.exe
  C:\Windows\System\XJkfcKD.exe
  2⤵
  PID:6976
- C:\Windows\System\JzjyBmp.exe
  C:\Windows\System\JzjyBmp.exe
  2⤵
  PID:6972
- C:\Windows\System\FjfWFSK.exe
  C:\Windows\System\FjfWFSK.exe
  2⤵
  PID:7060
- C:\Windows\System\QryTKiA.exe
  C:\Windows\System\QryTKiA.exe
  2⤵
  PID:6288
- C:\Windows\System\njlBsGR.exe
  C:\Windows\System\njlBsGR.exe
  2⤵
  PID:6296
- C:\Windows\System\bKhraiT.exe
  C:\Windows\System\bKhraiT.exe
  2⤵
  PID:5444
- C:\Windows\System\ooZHljW.exe
  C:\Windows\System\ooZHljW.exe
  2⤵
  PID:7160
- C:\Windows\System\dEKhPhm.exe
  C:\Windows\System\dEKhPhm.exe
  2⤵
  PID:6036
- C:\Windows\System\NLYbWAh.exe
  C:\Windows\System\NLYbWAh.exe
  2⤵
  PID:6232
- C:\Windows\System\vUVadmF.exe
  C:\Windows\System\vUVadmF.exe
  2⤵
  PID:6308
- C:\Windows\System\pTMdtBC.exe
  C:\Windows\System\pTMdtBC.exe
  2⤵
  PID:6352
- C:\Windows\System\hLgOUKQ.exe
  C:\Windows\System\hLgOUKQ.exe
  2⤵
  PID:6476
- C:\Windows\System\cfVgFyx.exe
  C:\Windows\System\cfVgFyx.exe
  2⤵
  PID:6564
- C:\Windows\System\XejeYux.exe
  C:\Windows\System\XejeYux.exe
  2⤵
  PID:6648
- C:\Windows\System\lOSWzLq.exe
  C:\Windows\System\lOSWzLq.exe
  2⤵
  PID:6744
- C:\Windows\System\thAVnSj.exe
  C:\Windows\System\thAVnSj.exe
  2⤵
  PID:6808
- C:\Windows\System\VxWbWho.exe
  C:\Windows\System\VxWbWho.exe
  2⤵
  PID:6908
- C:\Windows\System\BuVGkFi.exe
  C:\Windows\System\BuVGkFi.exe
  2⤵
  PID:7092
- C:\Windows\System\UXJxhpz.exe
  C:\Windows\System\UXJxhpz.exe
  2⤵
  PID:6844
- C:\Windows\System\dNrqVVO.exe
  C:\Windows\System\dNrqVVO.exe
  2⤵
  PID:6828
- C:\Windows\System\cKKcsaf.exe
  C:\Windows\System\cKKcsaf.exe
  2⤵
  PID:6176
- C:\Windows\System\ASBBEtv.exe
  C:\Windows\System\ASBBEtv.exe
  2⤵
  PID:6788
- C:\Windows\System\nKdyafb.exe
  C:\Windows\System\nKdyafb.exe
  2⤵
  PID:6924
- C:\Windows\System\QqIDLij.exe
  C:\Windows\System\QqIDLij.exe
  2⤵
  PID:6968
- C:\Windows\System\cmOeYNa.exe
  C:\Windows\System\cmOeYNa.exe
  2⤵
  PID:7072
- C:\Windows\System\ZwfbTaS.exe
  C:\Windows\System\ZwfbTaS.exe
  2⤵
  PID:6384
- C:\Windows\System\BnkhpSG.exe
  C:\Windows\System\BnkhpSG.exe
  2⤵
  PID:6148
- C:\Windows\System\JzhGoUo.exe
  C:\Windows\System\JzhGoUo.exe
  2⤵
  PID:6364
- C:\Windows\System\UpVaeAl.exe
  C:\Windows\System\UpVaeAl.exe
  2⤵
  PID:7148
- C:\Windows\System\dEMDFMm.exe
  C:\Windows\System\dEMDFMm.exe
  2⤵
  PID:6348
- C:\Windows\System\ECrpyTA.exe
  C:\Windows\System\ECrpyTA.exe
  2⤵
  PID:6424
- C:\Windows\System\FEFUzSk.exe
  C:\Windows\System\FEFUzSk.exe
  2⤵
  PID:6616
- C:\Windows\System\GHQwxcd.exe
  C:\Windows\System\GHQwxcd.exe
  2⤵
  PID:6704
- C:\Windows\System\cOdhPOX.exe
  C:\Windows\System\cOdhPOX.exe
  2⤵
  PID:7132
- C:\Windows\System\tXDagmq.exe
  C:\Windows\System\tXDagmq.exe
  2⤵
  PID:6904
- C:\Windows\System\QcDPZVC.exe
  C:\Windows\System\QcDPZVC.exe
  2⤵
  PID:7048
- C:\Windows\System\DXyrDNv.exe
  C:\Windows\System\DXyrDNv.exe
  2⤵
  PID:7004
- C:\Windows\System\HNybXqw.exe
  C:\Windows\System\HNybXqw.exe
  2⤵
  PID:5828
- C:\Windows\System\DQhqMdQ.exe
  C:\Windows\System\DQhqMdQ.exe
  2⤵
  PID:6272
- C:\Windows\System\XESpYnY.exe
  C:\Windows\System\XESpYnY.exe
  2⤵
  PID:6408
- C:\Windows\System\oUnYalM.exe
  C:\Windows\System\oUnYalM.exe
  2⤵
  PID:6852
- C:\Windows\System\KOwLMas.exe
  C:\Windows\System\KOwLMas.exe
  2⤵
  PID:6996
- C:\Windows\System\IqbqiWO.exe
  C:\Windows\System\IqbqiWO.exe
  2⤵
  PID:7008
- C:\Windows\System\ELoXnhq.exe
  C:\Windows\System\ELoXnhq.exe
  2⤵
  PID:6724
- C:\Windows\System\OMWYJZw.exe
  C:\Windows\System\OMWYJZw.exe
  2⤵
  PID:6380
- C:\Windows\System\RsYfkau.exe
  C:\Windows\System\RsYfkau.exe
  2⤵
  PID:7164
- C:\Windows\System\XpKWilv.exe
  C:\Windows\System\XpKWilv.exe
  2⤵
  PID:6572
- C:\Windows\System\rWvuWRt.exe
  C:\Windows\System\rWvuWRt.exe
  2⤵
  PID:7068
- C:\Windows\System\ZwoOfFz.exe
  C:\Windows\System\ZwoOfFz.exe
  2⤵
  PID:6344
- C:\Windows\System\tyPpiKk.exe
  C:\Windows\System\tyPpiKk.exe
  2⤵
  PID:7028
- C:\Windows\System\YvzmuyC.exe
  C:\Windows\System\YvzmuyC.exe
  2⤵
  PID:7104
- C:\Windows\System\teBNZLA.exe
  C:\Windows\System\teBNZLA.exe
  2⤵
  PID:6892
- C:\Windows\System\qoLVHtz.exe
  C:\Windows\System\qoLVHtz.exe
  2⤵
  PID:7044
- C:\Windows\System\MUOeDhG.exe
  C:\Windows\System\MUOeDhG.exe
  2⤵
  PID:6776
- C:\Windows\System\dCqzoVH.exe
  C:\Windows\System\dCqzoVH.exe
  2⤵
  PID:6200
- C:\Windows\System\MIcikBG.exe
  C:\Windows\System\MIcikBG.exe
  2⤵
  PID:5860
- C:\Windows\System\DkeDVBt.exe
  C:\Windows\System\DkeDVBt.exe
  2⤵
  PID:6664
- C:\Windows\System\dSBUAJn.exe
  C:\Windows\System\dSBUAJn.exe
  2⤵
  PID:6856
- C:\Windows\System\OefrKgK.exe
  C:\Windows\System\OefrKgK.exe
  2⤵
  PID:6536
- C:\Windows\System\GAvaSRx.exe
  C:\Windows\System\GAvaSRx.exe
  2⤵
  PID:7176
- C:\Windows\System\IDbPSxm.exe
  C:\Windows\System\IDbPSxm.exe
  2⤵
  PID:7196
- C:\Windows\System\DIvJsjE.exe
  C:\Windows\System\DIvJsjE.exe
  2⤵
  PID:7228
- C:\Windows\System\WXCMzYS.exe
  C:\Windows\System\WXCMzYS.exe
  2⤵
  PID:7288
- C:\Windows\System\MxBoWay.exe
  C:\Windows\System\MxBoWay.exe
  2⤵
  PID:7304
- C:\Windows\System\YDBrfSX.exe
  C:\Windows\System\YDBrfSX.exe
  2⤵
  PID:7328
- C:\Windows\System\SDYdqpy.exe
  C:\Windows\System\SDYdqpy.exe
  2⤵
  PID:7352
- C:\Windows\System\UrimOYW.exe
  C:\Windows\System\UrimOYW.exe
  2⤵
  PID:7368
- C:\Windows\System\rqcMNMU.exe
  C:\Windows\System\rqcMNMU.exe
  2⤵
  PID:7388
- C:\Windows\System\PuEDaZA.exe
  C:\Windows\System\PuEDaZA.exe
  2⤵
  PID:7408
- C:\Windows\System\VUpeOgt.exe
  C:\Windows\System\VUpeOgt.exe
  2⤵
  PID:7428
- C:\Windows\System\dOlgXMw.exe
  C:\Windows\System\dOlgXMw.exe
  2⤵
  PID:7456
- C:\Windows\System\AXilQVW.exe
  C:\Windows\System\AXilQVW.exe
  2⤵
  PID:7472
- C:\Windows\System\YcUxFkd.exe
  C:\Windows\System\YcUxFkd.exe
  2⤵
  PID:7488
- C:\Windows\System\SuxBnEd.exe
  C:\Windows\System\SuxBnEd.exe
  2⤵
  PID:7504
- C:\Windows\System\BYJLxJh.exe
  C:\Windows\System\BYJLxJh.exe
  2⤵
  PID:7576
- C:\Windows\System\FraVrzn.exe
  C:\Windows\System\FraVrzn.exe
  2⤵
  PID:7592
- C:\Windows\System\VpSfDKL.exe
  C:\Windows\System\VpSfDKL.exe
  2⤵
  PID:7612
- C:\Windows\System\NIlWGPS.exe
  C:\Windows\System\NIlWGPS.exe
  2⤵
  PID:7628
- C:\Windows\System\CvhXUXz.exe
  C:\Windows\System\CvhXUXz.exe
  2⤵
  PID:7664
- C:\Windows\System\mymGwGu.exe
  C:\Windows\System\mymGwGu.exe
  2⤵
  PID:7680
- C:\Windows\System\mDQeRLR.exe
  C:\Windows\System\mDQeRLR.exe
  2⤵
  PID:7700
- C:\Windows\System\LAZfnBV.exe
  C:\Windows\System\LAZfnBV.exe
  2⤵
  PID:7716
- C:\Windows\System\MpvssQP.exe
  C:\Windows\System\MpvssQP.exe
  2⤵
  PID:7736
- C:\Windows\System\dkEECqk.exe
  C:\Windows\System\dkEECqk.exe
  2⤵
  PID:7768
- C:\Windows\System\hXEJoLz.exe
  C:\Windows\System\hXEJoLz.exe
  2⤵
  PID:7784
- C:\Windows\System\EtUtHHV.exe
  C:\Windows\System\EtUtHHV.exe
  2⤵
  PID:7800
- C:\Windows\System\VyoBUrp.exe
  C:\Windows\System\VyoBUrp.exe
  2⤵
  PID:7816
- C:\Windows\System\ckOfCwf.exe
  C:\Windows\System\ckOfCwf.exe
  2⤵
  PID:7840
- C:\Windows\System\cTSWswl.exe
  C:\Windows\System\cTSWswl.exe
  2⤵
  PID:7884
- C:\Windows\System\qFWdvip.exe
  C:\Windows\System\qFWdvip.exe
  2⤵
  PID:7904
- C:\Windows\System\iubBbOj.exe
  C:\Windows\System\iubBbOj.exe
  2⤵
  PID:7920
- C:\Windows\System\tPpEvPi.exe
  C:\Windows\System\tPpEvPi.exe
  2⤵
  PID:7936
- C:\Windows\System\kieBqzc.exe
  C:\Windows\System\kieBqzc.exe
  2⤵
  PID:7952
- C:\Windows\System\lJLqbVv.exe
  C:\Windows\System\lJLqbVv.exe
  2⤵
  PID:7972
- C:\Windows\System\TcUWdfh.exe
  C:\Windows\System\TcUWdfh.exe
  2⤵
  PID:7988
- C:\Windows\System\enpONyG.exe
  C:\Windows\System\enpONyG.exe
  2⤵
  PID:8008
- C:\Windows\System\JalJMCK.exe
  C:\Windows\System\JalJMCK.exe
  2⤵
  PID:8032
- C:\Windows\System\MQQqtsO.exe
  C:\Windows\System\MQQqtsO.exe
  2⤵
  PID:8052
- C:\Windows\System\ljiqLxL.exe
  C:\Windows\System\ljiqLxL.exe
  2⤵
  PID:8068
- C:\Windows\System\vxwDdrp.exe
  C:\Windows\System\vxwDdrp.exe
  2⤵
  PID:8092
- C:\Windows\System\QeVtLKg.exe
  C:\Windows\System\QeVtLKg.exe
  2⤵
  PID:8116
- C:\Windows\System\QAHPHiF.exe
  C:\Windows\System\QAHPHiF.exe
  2⤵
  PID:8140
- C:\Windows\System\KTmtOnE.exe
  C:\Windows\System\KTmtOnE.exe
  2⤵
  PID:8156
- C:\Windows\System\jnuGIJF.exe
  C:\Windows\System\jnuGIJF.exe
  2⤵
  PID:8172
- C:\Windows\System\LgXSOoo.exe
  C:\Windows\System\LgXSOoo.exe
  2⤵
  PID:7184
- C:\Windows\System\bcgyMNo.exe
  C:\Windows\System\bcgyMNo.exe
  2⤵
  PID:6732
- C:\Windows\System\otujKVL.exe
  C:\Windows\System\otujKVL.exe
  2⤵
  PID:7252
- C:\Windows\System\CYibUQT.exe
  C:\Windows\System\CYibUQT.exe
  2⤵
  PID:7260
- C:\Windows\System\OQeWbYt.exe
  C:\Windows\System\OQeWbYt.exe
  2⤵
  PID:6172
- C:\Windows\System\byqGsnm.exe
  C:\Windows\System\byqGsnm.exe
  2⤵
  PID:7312
- C:\Windows\System\suQWdmM.exe
  C:\Windows\System\suQWdmM.exe
  2⤵
  PID:7380
- C:\Windows\System\XBoQoYH.exe
  C:\Windows\System\XBoQoYH.exe
  2⤵
  PID:7364
- C:\Windows\System\BzSfSgy.exe
  C:\Windows\System\BzSfSgy.exe
  2⤵
  PID:7496
- C:\Windows\System\yiBVRdK.exe
  C:\Windows\System\yiBVRdK.exe
  2⤵
  PID:7436
- C:\Windows\System\aStpLXi.exe
  C:\Windows\System\aStpLXi.exe
  2⤵
  PID:7448
- C:\Windows\System\twgWXci.exe
  C:\Windows\System\twgWXci.exe
  2⤵
  PID:7556
- C:\Windows\System\cSxmdnz.exe
  C:\Windows\System\cSxmdnz.exe
  2⤵
  PID:7536
- C:\Windows\System\HtfcmWm.exe
  C:\Windows\System\HtfcmWm.exe
  2⤵
  PID:7572
- C:\Windows\System\buiQNMe.exe
  C:\Windows\System\buiQNMe.exe
  2⤵
  PID:7644
- C:\Windows\System\azyKOsi.exe
  C:\Windows\System\azyKOsi.exe
  2⤵
  PID:7708
- C:\Windows\System\noYWvzE.exe
  C:\Windows\System\noYWvzE.exe
  2⤵
  PID:7748
- C:\Windows\System\PHIOSRj.exe
  C:\Windows\System\PHIOSRj.exe
  2⤵
  PID:7792
- C:\Windows\System\inEazwp.exe
  C:\Windows\System\inEazwp.exe
  2⤵
  PID:7692
- C:\Windows\System\wgzKQaM.exe
  C:\Windows\System\wgzKQaM.exe
  2⤵
  PID:7928
- C:\Windows\System\LzTpLzT.exe
  C:\Windows\System\LzTpLzT.exe
  2⤵
  PID:7732
- C:\Windows\System\kIAfTUV.exe
  C:\Windows\System\kIAfTUV.exe
  2⤵
  PID:7660
- C:\Windows\System\QEmxnsq.exe
  C:\Windows\System\QEmxnsq.exe
  2⤵
  PID:8020
- C:\Windows\System\xqnFRFz.exe
  C:\Windows\System\xqnFRFz.exe
  2⤵
  PID:8128
- C:\Windows\System\hTquwqR.exe
  C:\Windows\System\hTquwqR.exe
  2⤵
  PID:8168
- C:\Windows\System\GLGVECk.exe
  C:\Windows\System\GLGVECk.exe
  2⤵
  PID:7696
- C:\Windows\System\JnBuTsU.exe
  C:\Windows\System\JnBuTsU.exe
  2⤵
  PID:6392
- C:\Windows\System\aCgoHez.exe
  C:\Windows\System\aCgoHez.exe
  2⤵
  PID:6472
- C:\Windows\System\NoYWojm.exe
  C:\Windows\System\NoYWojm.exe
  2⤵
  PID:8112
- C:\Windows\System\kkvtpzX.exe
  C:\Windows\System\kkvtpzX.exe
  2⤵
  PID:8184
- C:\Windows\System\uLudZIZ.exe
  C:\Windows\System\uLudZIZ.exe
  2⤵
  PID:7172
- C:\Windows\System\ZHhnOIE.exe
  C:\Windows\System\ZHhnOIE.exe
  2⤵
  PID:6628
- C:\Windows\System\DzHXnjJ.exe
  C:\Windows\System\DzHXnjJ.exe
  2⤵
  PID:7220
- C:\Windows\System\AUhdmUW.exe
  C:\Windows\System\AUhdmUW.exe
  2⤵
  PID:7256
- C:\Windows\System\UNNqyLl.exe
  C:\Windows\System\UNNqyLl.exe
  2⤵
  PID:7324
- C:\Windows\System\FBxWvgq.exe
  C:\Windows\System\FBxWvgq.exe
  2⤵
  PID:7404
- C:\Windows\System\dmUXdkr.exe
  C:\Windows\System\dmUXdkr.exe
  2⤵
  PID:7548
- C:\Windows\System\HRyIkHn.exe
  C:\Windows\System\HRyIkHn.exe
  2⤵
  PID:7564
- C:\Windows\System\AWhWoME.exe
  C:\Windows\System\AWhWoME.exe
  2⤵
  PID:7620
- C:\Windows\System\dLYXujv.exe
  C:\Windows\System\dLYXujv.exe
  2⤵
  PID:7280
- C:\Windows\System\sHvJIRV.exe
  C:\Windows\System\sHvJIRV.exe
  2⤵
  PID:7764
- C:\Windows\System\LygBmOy.exe
  C:\Windows\System\LygBmOy.exe
  2⤵
  PID:7376
- C:\Windows\System\YYFEgeM.exe
  C:\Windows\System\YYFEgeM.exe
  2⤵
  PID:7440
- C:\Windows\System\StilZfO.exe
  C:\Windows\System\StilZfO.exe
  2⤵
  PID:7584
- C:\Windows\System\NBGjUOH.exe
  C:\Windows\System\NBGjUOH.exe
  2⤵
  PID:7640
- C:\Windows\System\JDWJcyD.exe
  C:\Windows\System\JDWJcyD.exe
  2⤵
  PID:7892
- C:\Windows\System\pYpHATX.exe
  C:\Windows\System\pYpHATX.exe
  2⤵
  PID:7652
- C:\Windows\System\DbVPusE.exe
  C:\Windows\System\DbVPusE.exe
  2⤵
  PID:8124
- C:\Windows\System\EKSYUzD.exe
  C:\Windows\System\EKSYUzD.exe
  2⤵
  PID:7824
- C:\Windows\System\eBRkIHp.exe
  C:\Windows\System\eBRkIHp.exe
  2⤵
  PID:7688
- C:\Windows\System\pcFLZFp.exe
  C:\Windows\System\pcFLZFp.exe
  2⤵
  PID:7996
- C:\Windows\System\KcBOlSO.exe
  C:\Windows\System\KcBOlSO.exe
  2⤵
  PID:8044
- C:\Windows\System\akUmTLU.exe
  C:\Windows\System\akUmTLU.exe
  2⤵
  PID:8164
- C:\Windows\System\XLzHIml.exe
  C:\Windows\System\XLzHIml.exe
  2⤵
  PID:7780
- C:\Windows\System\KsKXCiF.exe
  C:\Windows\System\KsKXCiF.exe
  2⤵
  PID:7944
- C:\Windows\System\GuZNVwh.exe
  C:\Windows\System\GuZNVwh.exe
  2⤵
  PID:8064
- C:\Windows\System\JLMiYcC.exe
  C:\Windows\System\JLMiYcC.exe
  2⤵
  PID:7880
- C:\Windows\System\jCIpXoH.exe
  C:\Windows\System\jCIpXoH.exe
  2⤵
  PID:7012
- C:\Windows\System\MfsnDGu.exe
  C:\Windows\System\MfsnDGu.exe
  2⤵
  PID:8108
- C:\Windows\System\TVbachQ.exe
  C:\Windows\System\TVbachQ.exe
  2⤵
  PID:7212
- C:\Windows\System\PkQEjlO.exe
  C:\Windows\System\PkQEjlO.exe
  2⤵
  PID:7300
- C:\Windows\System\NxxXlLI.exe
  C:\Windows\System\NxxXlLI.exe
  2⤵
  PID:7568
- C:\Windows\System\BtcjLmo.exe
  C:\Windows\System\BtcjLmo.exe
  2⤵
  PID:7340
- C:\Windows\System\eytMQdI.exe
  C:\Windows\System\eytMQdI.exe
  2⤵
  PID:7752
- C:\Windows\System\jRULNEP.exe
  C:\Windows\System\jRULNEP.exe
  2⤵
  PID:7832
- C:\Windows\System\WOACJri.exe
  C:\Windows\System\WOACJri.exe
  2⤵
  PID:8040
- C:\Windows\System\KwAdDTG.exe
  C:\Windows\System\KwAdDTG.exe
  2⤵
  PID:7760
- C:\Windows\System\hHvWAPc.exe
  C:\Windows\System\hHvWAPc.exe
  2⤵
  PID:7624
- C:\Windows\System\dMhwVqo.exe
  C:\Windows\System\dMhwVqo.exe
  2⤵
  PID:7948
- C:\Windows\System\mlVwKjj.exe
  C:\Windows\System\mlVwKjj.exe
  2⤵
  PID:7968
- C:\Windows\System\KsbBSGY.exe
  C:\Windows\System\KsbBSGY.exe
  2⤵
  PID:8016
- C:\Windows\System\NMoUyUD.exe
  C:\Windows\System\NMoUyUD.exe
  2⤵
  PID:7468
- C:\Windows\System\cbGAzwM.exe
  C:\Windows\System\cbGAzwM.exe
  2⤵
  PID:8104
- C:\Windows\System\qKuxRad.exe
  C:\Windows\System\qKuxRad.exe
  2⤵
  PID:7516
- C:\Windows\System\qhKxNyV.exe
  C:\Windows\System\qhKxNyV.exe
  2⤵
  PID:8004
- C:\Windows\System\jJRTAlM.exe
  C:\Windows\System\jJRTAlM.exe
  2⤵
  PID:8076
- C:\Windows\System\FfnhvgA.exe
  C:\Windows\System\FfnhvgA.exe
  2⤵
  PID:8060
- C:\Windows\System\WvFGjvV.exe
  C:\Windows\System\WvFGjvV.exe
  2⤵
  PID:7916
- C:\Windows\System\QRLQsGC.exe
  C:\Windows\System\QRLQsGC.exe
  2⤵
  PID:7276
- C:\Windows\System\yJxfURA.exe
  C:\Windows\System\yJxfURA.exe
  2⤵
  PID:8196
- C:\Windows\System\gqgonWq.exe
  C:\Windows\System\gqgonWq.exe
  2⤵
  PID:8212
- C:\Windows\System\MweeVAQ.exe
  C:\Windows\System\MweeVAQ.exe
  2⤵
  PID:8228
- C:\Windows\System\AzoyyGC.exe
  C:\Windows\System\AzoyyGC.exe
  2⤵
  PID:8244
- C:\Windows\System\nzgZVjy.exe
  C:\Windows\System\nzgZVjy.exe
  2⤵
  PID:8260
- C:\Windows\System\wqWowra.exe
  C:\Windows\System\wqWowra.exe
  2⤵
  PID:8276
- C:\Windows\System\WuQkhev.exe
  C:\Windows\System\WuQkhev.exe
  2⤵
  PID:8292
- C:\Windows\System\vPwsqLV.exe
  C:\Windows\System\vPwsqLV.exe
  2⤵
  PID:8308
- C:\Windows\System\Uzlfgzl.exe
  C:\Windows\System\Uzlfgzl.exe
  2⤵
  PID:8328
- C:\Windows\System\ruWAYWQ.exe
  C:\Windows\System\ruWAYWQ.exe
  2⤵
  PID:8344
- C:\Windows\System\MvuGvdY.exe
  C:\Windows\System\MvuGvdY.exe
  2⤵
  PID:8360
- C:\Windows\System\ZDTAWSE.exe
  C:\Windows\System\ZDTAWSE.exe
  2⤵
  PID:8376
- C:\Windows\System\TZBTAcq.exe
  C:\Windows\System\TZBTAcq.exe
  2⤵
  PID:8392
- C:\Windows\System\OybJXXh.exe
  C:\Windows\System\OybJXXh.exe
  2⤵
  PID:8408
- C:\Windows\System\XCyOTqg.exe
  C:\Windows\System\XCyOTqg.exe
  2⤵
  PID:8424
- C:\Windows\System\wFFkFIf.exe
  C:\Windows\System\wFFkFIf.exe
  2⤵
  PID:8440
- C:\Windows\System\JaltQIY.exe
  C:\Windows\System\JaltQIY.exe
  2⤵
  PID:8456
- C:\Windows\System\PwSQLzE.exe
  C:\Windows\System\PwSQLzE.exe
  2⤵
  PID:8472
- C:\Windows\System\MiBZdCZ.exe
  C:\Windows\System\MiBZdCZ.exe
  2⤵
  PID:8488
- C:\Windows\System\Jhhnzsi.exe
  C:\Windows\System\Jhhnzsi.exe
  2⤵
  PID:8504
- C:\Windows\System\CZivvVJ.exe
  C:\Windows\System\CZivvVJ.exe
  2⤵
  PID:8524
- C:\Windows\System\bsRZAwU.exe
  C:\Windows\System\bsRZAwU.exe
  2⤵
  PID:8540
- C:\Windows\System\SXXWTjX.exe
  C:\Windows\System\SXXWTjX.exe
  2⤵
  PID:8556
- C:\Windows\System\yofhntF.exe
  C:\Windows\System\yofhntF.exe
  2⤵
  PID:8572
- C:\Windows\System\TkyBtTV.exe
  C:\Windows\System\TkyBtTV.exe
  2⤵
  PID:8588
- C:\Windows\System\eNQbQre.exe
  C:\Windows\System\eNQbQre.exe
  2⤵
  PID:8604
- C:\Windows\System\GMmhCCo.exe
  C:\Windows\System\GMmhCCo.exe
  2⤵
  PID:8620
- C:\Windows\System\xTCEcOX.exe
  C:\Windows\System\xTCEcOX.exe
  2⤵
  PID:8636
- C:\Windows\System\XMOYjAc.exe
  C:\Windows\System\XMOYjAc.exe
  2⤵
  PID:8656
- C:\Windows\System\LWALxLG.exe
  C:\Windows\System\LWALxLG.exe
  2⤵
  PID:8672
- C:\Windows\System\eWcUwkQ.exe
  C:\Windows\System\eWcUwkQ.exe
  2⤵
  PID:8688
- C:\Windows\System\xIgFGEM.exe
  C:\Windows\System\xIgFGEM.exe
  2⤵
  PID:8704
- C:\Windows\System\ltSNjav.exe
  C:\Windows\System\ltSNjav.exe
  2⤵
  PID:8720
- C:\Windows\System\hgZRpyd.exe
  C:\Windows\System\hgZRpyd.exe
  2⤵
  PID:8736
- C:\Windows\System\IzfMZnQ.exe
  C:\Windows\System\IzfMZnQ.exe
  2⤵
  PID:8752
- C:\Windows\System\bbTavWt.exe
  C:\Windows\System\bbTavWt.exe
  2⤵
  PID:8768
- C:\Windows\System\LUUKpVb.exe
  C:\Windows\System\LUUKpVb.exe
  2⤵
  PID:8784
- C:\Windows\System\vmxThix.exe
  C:\Windows\System\vmxThix.exe
  2⤵
  PID:8804
- C:\Windows\System\ZZuAfkW.exe
  C:\Windows\System\ZZuAfkW.exe
  2⤵
  PID:8820
- C:\Windows\System\taHGvWw.exe
  C:\Windows\System\taHGvWw.exe
  2⤵
  PID:8844
- C:\Windows\System\dZBiIYO.exe
  C:\Windows\System\dZBiIYO.exe
  2⤵
  PID:8864
- C:\Windows\System\dnYSQym.exe
  C:\Windows\System\dnYSQym.exe
  2⤵
  PID:8884
- C:\Windows\System\Fdakjqm.exe
  C:\Windows\System\Fdakjqm.exe
  2⤵
  PID:9016
- C:\Windows\System\hbGpfBq.exe
  C:\Windows\System\hbGpfBq.exe
  2⤵
  PID:9032
- C:\Windows\System\EfPhCjn.exe
  C:\Windows\System\EfPhCjn.exe
  2⤵
  PID:9048
- C:\Windows\System\pjDRAui.exe
  C:\Windows\System\pjDRAui.exe
  2⤵
  PID:9096
- C:\Windows\System\yEKmijc.exe
  C:\Windows\System\yEKmijc.exe
  2⤵
  PID:9112
- C:\Windows\System\qcwQKkj.exe
  C:\Windows\System\qcwQKkj.exe
  2⤵
  PID:9148
- C:\Windows\System\fisDQaY.exe
  C:\Windows\System\fisDQaY.exe
  2⤵
  PID:9176
- C:\Windows\System\ntjQSQm.exe
  C:\Windows\System\ntjQSQm.exe
  2⤵
  PID:9208
- C:\Windows\System\IobvuKq.exe
  C:\Windows\System\IobvuKq.exe
  2⤵
  PID:8220
- C:\Windows\System\CKuItKO.exe
  C:\Windows\System\CKuItKO.exe
  2⤵
  PID:7416
- C:\Windows\System\BUIUTiU.exe
  C:\Windows\System\BUIUTiU.exe
  2⤵
  PID:7964
- C:\Windows\System\CsMQMRI.exe
  C:\Windows\System\CsMQMRI.exe
  2⤵
  PID:7544
- C:\Windows\System\ZzBaTvz.exe
  C:\Windows\System\ZzBaTvz.exe
  2⤵
  PID:8204
- C:\Windows\System\BhnPmXh.exe
  C:\Windows\System\BhnPmXh.exe
  2⤵
  PID:7836
- C:\Windows\System\LbndVTA.exe
  C:\Windows\System\LbndVTA.exe
  2⤵
  PID:8384
- C:\Windows\System\ViITbxC.exe
  C:\Windows\System\ViITbxC.exe
  2⤵
  PID:8336
- C:\Windows\System\wiqbFIS.exe
  C:\Windows\System\wiqbFIS.exe
  2⤵
  PID:8404
- C:\Windows\System\BcLCUyc.exe
  C:\Windows\System\BcLCUyc.exe
  2⤵
  PID:8468
- C:\Windows\System\srYOjOe.exe
  C:\Windows\System\srYOjOe.exe
  2⤵
  PID:8324
- C:\Windows\System\FZZZzWz.exe
  C:\Windows\System\FZZZzWz.exe
  2⤵
  PID:8616
- C:\Windows\System\BgASiXd.exe
  C:\Windows\System\BgASiXd.exe
  2⤵
  PID:8760
- C:\Windows\System\HSrKaUZ.exe
  C:\Windows\System\HSrKaUZ.exe
  2⤵
  PID:8792
- C:\Windows\System\pwOBTAk.exe
  C:\Windows\System\pwOBTAk.exe
  2⤵
  PID:8860
- C:\Windows\System\xXxladc.exe
  C:\Windows\System\xXxladc.exe
  2⤵
  PID:8896
- C:\Windows\System\rRRiYBX.exe
  C:\Windows\System\rRRiYBX.exe
  2⤵
  PID:8836
- C:\Windows\System\KkYrtaF.exe
  C:\Windows\System\KkYrtaF.exe
  2⤵
  PID:8872
- C:\Windows\System\PsHfxYM.exe
  C:\Windows\System\PsHfxYM.exe
  2⤵
  PID:8952
- C:\Windows\System\RKBAbpS.exe
  C:\Windows\System\RKBAbpS.exe
  2⤵
  PID:8944
- C:\Windows\System\AWZMKDg.exe
  C:\Windows\System\AWZMKDg.exe
  2⤵
  PID:8972
- C:\Windows\System\TgjHsrl.exe
  C:\Windows\System\TgjHsrl.exe
  2⤵
  PID:8988
- C:\Windows\System\ixKeEes.exe
  C:\Windows\System\ixKeEes.exe
  2⤵
  PID:9040
- C:\Windows\System\yunezSi.exe
  C:\Windows\System\yunezSi.exe
  2⤵
  PID:9104
- C:\Windows\System\FHfIyrC.exe
  C:\Windows\System\FHfIyrC.exe
  2⤵
  PID:9080
- C:\Windows\System\gvFuILh.exe
  C:\Windows\System\gvFuILh.exe
  2⤵
  PID:9164
- C:\Windows\System\IeYRTGQ.exe
  C:\Windows\System\IeYRTGQ.exe
  2⤵
  PID:7980
- C:\Windows\System\NxROPJN.exe
  C:\Windows\System\NxROPJN.exe
  2⤵
  PID:7648
- C:\Windows\System\mSfafsS.exe
  C:\Windows\System\mSfafsS.exe
  2⤵
  PID:7604
- C:\Windows\System\bOavPRE.exe
  C:\Windows\System\bOavPRE.exe
  2⤵
  PID:8268
- C:\Windows\System\smjpXbl.exe
  C:\Windows\System\smjpXbl.exe
  2⤵
  PID:8400
- C:\Windows\System\zXMUKzi.exe
  C:\Windows\System\zXMUKzi.exe
  2⤵
  PID:8648
- C:\Windows\System\zkoDwKJ.exe
  C:\Windows\System\zkoDwKJ.exe
  2⤵
  PID:9136
- C:\Windows\System\pSRspqB.exe
  C:\Windows\System\pSRspqB.exe
  2⤵
  PID:9196
- C:\Windows\System\kkJPVKH.exe
  C:\Windows\System\kkJPVKH.exe
  2⤵
  PID:8240
- C:\Windows\System\QWmrffX.exe
  C:\Windows\System\QWmrffX.exe
  2⤵
  PID:8684
- C:\Windows\System\OcLbuov.exe
  C:\Windows\System\OcLbuov.exe
  2⤵
  PID:8564
- C:\Windows\System\hzPbgxh.exe
  C:\Windows\System\hzPbgxh.exe
  2⤵
  PID:8728
- C:\Windows\System\IZzwcFK.exe
  C:\Windows\System\IZzwcFK.exe
  2⤵
  PID:8420
- C:\Windows\System\lJuQAty.exe
  C:\Windows\System\lJuQAty.exe
  2⤵
  PID:8580
- C:\Windows\System\wLphTYg.exe
  C:\Windows\System\wLphTYg.exe
  2⤵
  PID:8520
- C:\Windows\System\WzTahgU.exe
  C:\Windows\System\WzTahgU.exe
  2⤵
  PID:7852
- C:\Windows\System\BlnTwOq.exe
  C:\Windows\System\BlnTwOq.exe
  2⤵
  PID:8464
- C:\Windows\System\YsOfXLV.exe
  C:\Windows\System\YsOfXLV.exe
  2⤵
  PID:8732
- C:\Windows\System\AYRTTDy.exe
  C:\Windows\System\AYRTTDy.exe
  2⤵
  PID:8908
- C:\Windows\System\iOANUEt.exe
  C:\Windows\System\iOANUEt.exe
  2⤵
  PID:8912
- C:\Windows\System\pQQMguU.exe
  C:\Windows\System\pQQMguU.exe
  2⤵
  PID:8932
- C:\Windows\System\fjlOWZz.exe
  C:\Windows\System\fjlOWZz.exe
  2⤵
  PID:8928
- C:\Windows\System\xMKZjxj.exe
  C:\Windows\System\xMKZjxj.exe
  2⤵
  PID:8964
- C:\Windows\System\IahRelO.exe
  C:\Windows\System\IahRelO.exe
  2⤵
  PID:9004
- C:\Windows\System\deYiYgr.exe
  C:\Windows\System\deYiYgr.exe
  2⤵
  PID:9076
- C:\Windows\System\iABmwrB.exe
  C:\Windows\System\iABmwrB.exe
  2⤵
  PID:9056
- C:\Windows\System\woGARBv.exe
  C:\Windows\System\woGARBv.exe
  2⤵
  PID:8900
- C:\Windows\System\VSxQeiP.exe
  C:\Windows\System\VSxQeiP.exe
  2⤵
  PID:9068
- C:\Windows\System\SRYgFvU.exe
  C:\Windows\System\SRYgFvU.exe
  2⤵
  PID:8320
- C:\Windows\System\CcSoScS.exe
  C:\Windows\System\CcSoScS.exe
  2⤵
  PID:8252
- C:\Windows\System\BXsZezm.exe
  C:\Windows\System\BXsZezm.exe
  2⤵
  PID:9088
- C:\Windows\System\qggkUbA.exe
  C:\Windows\System\qggkUbA.exe
  2⤵
  PID:8776
- C:\Windows\System\hDhvCat.exe
  C:\Windows\System\hDhvCat.exe
  2⤵
  PID:8480
- C:\Windows\System\tiNuSdD.exe
  C:\Windows\System\tiNuSdD.exe
  2⤵
  PID:8436
- C:\Windows\System\IlgEOIT.exe
  C:\Windows\System\IlgEOIT.exe
  2⤵
  PID:8696
- C:\Windows\System\XiJkMTO.exe
  C:\Windows\System\XiJkMTO.exe
  2⤵
  PID:8880
- C:\Windows\System\TaCbduq.exe
  C:\Windows\System\TaCbduq.exe
  2⤵
  PID:8960
- C:\Windows\System\YjjfmIZ.exe
  C:\Windows\System\YjjfmIZ.exe
  2⤵
  PID:8984
- C:\Windows\System\cCyuUfr.exe
  C:\Windows\System\cCyuUfr.exe
  2⤵
  PID:7676
- C:\Windows\System\JZjgfbQ.exe
  C:\Windows\System\JZjgfbQ.exe
  2⤵
  PID:9120
- C:\Windows\System\NMYyxJI.exe
  C:\Windows\System\NMYyxJI.exe
  2⤵
  PID:9144
- C:\Windows\System\bwSVszm.exe
  C:\Windows\System\bwSVszm.exe
  2⤵
  PID:9092
- C:\Windows\System\Bvwrjcn.exe
  C:\Windows\System\Bvwrjcn.exe
  2⤵
  PID:9012
- C:\Windows\System\sYCEFEF.exe
  C:\Windows\System\sYCEFEF.exe
  2⤵
  PID:9132
- C:\Windows\System\rnqvNsn.exe
  C:\Windows\System\rnqvNsn.exe
  2⤵
  PID:9024
- C:\Windows\System\OrHqqlQ.exe
  C:\Windows\System\OrHqqlQ.exe
  2⤵
  PID:9072
- C:\Windows\System\yTeyKpF.exe
  C:\Windows\System\yTeyKpF.exe
  2⤵
  PID:8664
- C:\Windows\System\TLgFfJe.exe
  C:\Windows\System\TLgFfJe.exe
  2⤵
  PID:8548
- C:\Windows\System\fXcolYz.exe
  C:\Windows\System\fXcolYz.exe
  2⤵
  PID:8352
- C:\Windows\System\HTmtrbw.exe
  C:\Windows\System\HTmtrbw.exe
  2⤵
  PID:8924
- C:\Windows\System\CTuWQEn.exe
  C:\Windows\System\CTuWQEn.exe
  2⤵
  PID:9060
- C:\Windows\System\qObQTDA.exe
  C:\Windows\System\qObQTDA.exe
  2⤵
  PID:8716
- C:\Windows\System\yykJaJR.exe
  C:\Windows\System\yykJaJR.exe
  2⤵
  PID:8816
- C:\Windows\System\jZIFMgR.exe
  C:\Windows\System\jZIFMgR.exe
  2⤵
  PID:8980
- C:\Windows\System\RqWwZIQ.exe
  C:\Windows\System\RqWwZIQ.exe
  2⤵
  PID:8832
- C:\Windows\System\RZPdAMN.exe
  C:\Windows\System\RZPdAMN.exe
  2⤵
  PID:9220
- C:\Windows\System\DaIcnNO.exe
  C:\Windows\System\DaIcnNO.exe
  2⤵
  PID:9236
- C:\Windows\System\bajFVFd.exe
  C:\Windows\System\bajFVFd.exe
  2⤵
  PID:9348
- C:\Windows\System\ExAcNtc.exe
  C:\Windows\System\ExAcNtc.exe
  2⤵
  PID:9372
- C:\Windows\System\jvIBMbn.exe
  C:\Windows\System\jvIBMbn.exe
  2⤵
  PID:9388
- C:\Windows\System\XCbKNnS.exe
  C:\Windows\System\XCbKNnS.exe
  2⤵
  PID:9412
- C:\Windows\System\xleahXT.exe
  C:\Windows\System\xleahXT.exe
  2⤵
  PID:9432
- C:\Windows\System\lATvKit.exe
  C:\Windows\System\lATvKit.exe
  2⤵
  PID:9460
- C:\Windows\System\WIfegZg.exe
  C:\Windows\System\WIfegZg.exe
  2⤵
  PID:9476
- C:\Windows\System\pFNekBO.exe
  C:\Windows\System\pFNekBO.exe
  2⤵
  PID:9492
- C:\Windows\System\fADxbRj.exe
  C:\Windows\System\fADxbRj.exe
  2⤵
  PID:9620
- C:\Windows\System\TJaGSrW.exe
  C:\Windows\System\TJaGSrW.exe
  2⤵
  PID:9640
- C:\Windows\System\idsdFpo.exe
  C:\Windows\System\idsdFpo.exe
  2⤵
  PID:9656
- C:\Windows\System\NtthPUc.exe
  C:\Windows\System\NtthPUc.exe
  2⤵
  PID:9676
- C:\Windows\System\BETrYLJ.exe
  C:\Windows\System\BETrYLJ.exe
  2⤵
  PID:9692
- C:\Windows\System\hCHGZBz.exe
  C:\Windows\System\hCHGZBz.exe
  2⤵
  PID:9712
- C:\Windows\System\TnQfQXu.exe
  C:\Windows\System\TnQfQXu.exe
  2⤵
  PID:9732
- C:\Windows\System\CYFxmrt.exe
  C:\Windows\System\CYFxmrt.exe
  2⤵
  PID:9748
- C:\Windows\System\LcCaTAo.exe
  C:\Windows\System\LcCaTAo.exe
  2⤵
  PID:9764
- C:\Windows\System\GLIAPUy.exe
  C:\Windows\System\GLIAPUy.exe
  2⤵
  PID:9780
- C:\Windows\System\dpEEIyN.exe
  C:\Windows\System\dpEEIyN.exe
  2⤵
  PID:9804
- C:\Windows\System\rvwZEdz.exe
  C:\Windows\System\rvwZEdz.exe
  2⤵
  PID:9824
- C:\Windows\System\srCoWHl.exe
  C:\Windows\System\srCoWHl.exe
  2⤵
  PID:9840
- C:\Windows\System\cNjeEgy.exe
  C:\Windows\System\cNjeEgy.exe
  2⤵
  PID:9860
- C:\Windows\System\hWTluMS.exe
  C:\Windows\System\hWTluMS.exe
  2⤵
  PID:9876
- C:\Windows\System\EhfZvvT.exe
  C:\Windows\System\EhfZvvT.exe
  2⤵
  PID:9896
- C:\Windows\System\wSbARJj.exe
  C:\Windows\System\wSbARJj.exe
  2⤵
  PID:9912
- C:\Windows\System\WgvARuy.exe
  C:\Windows\System\WgvARuy.exe
  2⤵
  PID:9928
- C:\Windows\System\rSRJUtp.exe
  C:\Windows\System\rSRJUtp.exe
  2⤵
  PID:9948
- C:\Windows\System\oHBIdxe.exe
  C:\Windows\System\oHBIdxe.exe
  2⤵
  PID:9968
- C:\Windows\System\BhyGxwk.exe
  C:\Windows\System\BhyGxwk.exe
  2⤵
  PID:9984
- C:\Windows\System\spDLFVV.exe
  C:\Windows\System\spDLFVV.exe
  2⤵
  PID:10004
- C:\Windows\System\XdSSCaG.exe
  C:\Windows\System\XdSSCaG.exe
  2⤵
  PID:10028
- C:\Windows\System\wOtIxkb.exe
  C:\Windows\System\wOtIxkb.exe
  2⤵
  PID:10044
- C:\Windows\System\IKeGjKC.exe
  C:\Windows\System\IKeGjKC.exe
  2⤵
  PID:10060
- C:\Windows\System\LprHazH.exe
  C:\Windows\System\LprHazH.exe
  2⤵
  PID:10084
- C:\Windows\System\qMIWjGm.exe
  C:\Windows\System\qMIWjGm.exe
  2⤵
  PID:10100
- C:\Windows\System\GUnOWHp.exe
  C:\Windows\System\GUnOWHp.exe
  2⤵
  PID:10120
- C:\Windows\System\IoyqHCm.exe
  C:\Windows\System\IoyqHCm.exe
  2⤵
  PID:10140
- C:\Windows\System\UmKjbxU.exe
  C:\Windows\System\UmKjbxU.exe
  2⤵
  PID:10156
- C:\Windows\System\oohAWGI.exe
  C:\Windows\System\oohAWGI.exe
  2⤵
  PID:10172
- C:\Windows\System\TZFsxwX.exe
  C:\Windows\System\TZFsxwX.exe
  2⤵
  PID:10188
- C:\Windows\System\FIvZBaC.exe
  C:\Windows\System\FIvZBaC.exe
  2⤵
  PID:10204
- C:\Windows\System\zZTRcJt.exe
  C:\Windows\System\zZTRcJt.exe
  2⤵
  PID:10220
- C:\Windows\System\kuschtk.exe
  C:\Windows\System\kuschtk.exe
  2⤵
  PID:10236
- C:\Windows\System\GpgUnQi.exe
  C:\Windows\System\GpgUnQi.exe
  2⤵
  PID:8256
- C:\Windows\System\tgxuhsD.exe
  C:\Windows\System\tgxuhsD.exe
  2⤵
  PID:8288
- C:\Windows\System\rAZBnTC.exe
  C:\Windows\System\rAZBnTC.exe
  2⤵
  PID:9260
- C:\Windows\System\LhEVmjv.exe
  C:\Windows\System\LhEVmjv.exe
  2⤵
  PID:9284
- C:\Windows\System\FZNCVgc.exe
  C:\Windows\System\FZNCVgc.exe
  2⤵
  PID:9300
- C:\Windows\System\hsETMep.exe
  C:\Windows\System\hsETMep.exe
  2⤵
  PID:9360
- C:\Windows\System\lMcGNhW.exe
  C:\Windows\System\lMcGNhW.exe
  2⤵
  PID:9400
- C:\Windows\System\EQyNyJc.exe
  C:\Windows\System\EQyNyJc.exe
  2⤵
  PID:9440
- C:\Windows\System\yKVmRLP.exe
  C:\Windows\System\yKVmRLP.exe
  2⤵
  PID:9484
- C:\Windows\System\MHwvvtl.exe
  C:\Windows\System\MHwvvtl.exe
  2⤵
  PID:9328
- C:\Windows\System\NzqqEgK.exe
  C:\Windows\System\NzqqEgK.exe
  2⤵
  PID:9472
- C:\Windows\System\rbYMjrp.exe
  C:\Windows\System\rbYMjrp.exe
  2⤵
  PID:9384
- C:\Windows\System\WeGyyRE.exe
  C:\Windows\System\WeGyyRE.exe
  2⤵
  PID:9516
- C:\Windows\System\YJPvzdS.exe
  C:\Windows\System\YJPvzdS.exe
  2⤵
  PID:9532
- C:\Windows\System\CrhZVxW.exe
  C:\Windows\System\CrhZVxW.exe
  2⤵
  PID:9548
- C:\Windows\System\CjapKum.exe
  C:\Windows\System\CjapKum.exe
  2⤵
  PID:9572
- C:\Windows\System\fBpluFU.exe
  C:\Windows\System\fBpluFU.exe
  2⤵
  PID:9588
- C:\Windows\System\eOocNTW.exe
  C:\Windows\System\eOocNTW.exe
  2⤵
  PID:9604
- C:\Windows\System\mgYrFtS.exe
  C:\Windows\System\mgYrFtS.exe
  2⤵
  PID:9636
- C:\Windows\System\sumFIkj.exe
  C:\Windows\System\sumFIkj.exe
  2⤵
  PID:9652
- C:\Windows\System\MffUnTE.exe
  C:\Windows\System\MffUnTE.exe
  2⤵
  PID:9700
- C:\Windows\System\BCxjxXN.exe
  C:\Windows\System\BCxjxXN.exe
  2⤵
  PID:9720
- C:\Windows\System\bVkyLHQ.exe
  C:\Windows\System\bVkyLHQ.exe
  2⤵
  PID:9744
- C:\Windows\System\kpWnDXO.exe
  C:\Windows\System\kpWnDXO.exe
  2⤵
  PID:9812
- C:\Windows\System\WYwgGrx.exe
  C:\Windows\System\WYwgGrx.exe
  2⤵
  PID:9848
- C:\Windows\System\himJhjV.exe
  C:\Windows\System\himJhjV.exe
  2⤵
  PID:9836
- C:\Windows\System\PMLnzId.exe
  C:\Windows\System\PMLnzId.exe
  2⤵
  PID:9892
- C:\Windows\System\uUEbLuA.exe
  C:\Windows\System\uUEbLuA.exe
  2⤵
  PID:9872
- C:\Windows\System\jSPHJgE.exe
  C:\Windows\System\jSPHJgE.exe
  2⤵
  PID:9964
- C:\Windows\System\zndokzD.exe
  C:\Windows\System\zndokzD.exe
  2⤵
  PID:9940
- C:\Windows\System\wRGdvOL.exe
  C:\Windows\System\wRGdvOL.exe
  2⤵
  PID:10020
- C:\Windows\System\CJANhmF.exe
  C:\Windows\System\CJANhmF.exe
  2⤵
  PID:10056
- C:\Windows\System\xFnrDjs.exe
  C:\Windows\System\xFnrDjs.exe
  2⤵
  PID:9596
- C:\Windows\System\OfkBIDf.exe
  C:\Windows\System\OfkBIDf.exe
  2⤵
  PID:9612
- C:\Windows\System\apZjClv.exe
  C:\Windows\System\apZjClv.exe
  2⤵
  PID:9708
- C:\Windows\System\ApPPrVQ.exe
  C:\Windows\System\ApPPrVQ.exe
  2⤵
  PID:9796
- C:\Windows\System\RTnExIm.exe
  C:\Windows\System\RTnExIm.exe
  2⤵
  PID:9776
- C:\Windows\System\tKWbfKG.exe
  C:\Windows\System\tKWbfKG.exe
  2⤵
  PID:9888
- C:\Windows\System\rEjvqJx.exe
  C:\Windows\System\rEjvqJx.exe
  2⤵
  PID:9908
- C:\Windows\System\FtzMTPE.exe
  C:\Windows\System\FtzMTPE.exe
  2⤵
  PID:10000
- C:\Windows\System\JcRfojb.exe
  C:\Windows\System\JcRfojb.exe
  2⤵
  PID:9936
- C:\Windows\System\djMXbaE.exe
  C:\Windows\System\djMXbaE.exe
  2⤵
  PID:10040
- C:\Windows\System\HkshdqF.exe
  C:\Windows\System\HkshdqF.exe
  2⤵
  PID:10076
- C:\Windows\System\PxDNAya.exe
  C:\Windows\System\PxDNAya.exe
  2⤵
  PID:10116
- C:\Windows\System\bebDVdz.exe
  C:\Windows\System\bebDVdz.exe
  2⤵
  PID:10132
- C:\Windows\System\qwvHEEC.exe
  C:\Windows\System\qwvHEEC.exe
  2⤵
  PID:10232
- C:\Windows\System\WqbwVhz.exe
  C:\Windows\System\WqbwVhz.exe
  2⤵
  PID:10200
- C:\Windows\System\VEVHWKN.exe
  C:\Windows\System\VEVHWKN.exe
  2⤵
  PID:8796
- C:\Windows\System\eWGhcKm.exe
  C:\Windows\System\eWGhcKm.exe
  2⤵
  PID:9268
- C:\Windows\System\MVtFfnx.exe
  C:\Windows\System\MVtFfnx.exe
  2⤵
  PID:9320
- C:\Windows\System\OCtrELM.exe
  C:\Windows\System\OCtrELM.exe
  2⤵
  PID:9456
- C:\Windows\System\NZzEetW.exe
  C:\Windows\System\NZzEetW.exe
  2⤵
  PID:9324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HwPizzt.exe

Filesize
5.7MB

MD5
dbafa799634a179313fb1193ad39686b

SHA1
d447d2ccf4799c85ac28fcf0cf31e40408aaf095

SHA256
3086f359e68bc1dc01909a9a86fa7d5838616a396e3a23ca792683ae029c66ee

SHA512
01dbb11b45095df96bb62a9c04514a91cef4fc05798862c98c2bb791c991d45996dba0d25fabe765b02927927ff43f7b7d49e245c6c48cd58334b0e94aad16c5

Download Submit
C:\Windows\system\LQeYoPv.exe

Filesize
5.7MB

MD5
cca18f81ad99a82a470fff659fd75c31

SHA1
e8196477ef1f5f2f62a5e49f37871b4445044840

SHA256
c34ce7da7a4b2580e2beaaeeec10a0fbed6b9fce1a3eaa87cff9e5b631242f8e

SHA512
41836e3b8587abc522b58905b2bde098f2ab65b85eb4fa0e69cbde905992f01cf1b2172c79748a4ad9e2a57a89573e09d8d1efcf68c6a7134611db0f7762ab90

Download Submit
C:\Windows\system\NWAKgNO.exe

Filesize
5.7MB

MD5
94ee5f4cad6eafad784884b0fdfeb715

SHA1
e359c78aa4c7249f98053b2de9b32737a045d79f

SHA256
01c86ae6f6f4adbcc68833bc07b4bf42e3ed305abe091ebd64a2d5ca9c6ec98b

SHA512
29b8f1874532d97124f1ee366f1e272099ca8631a4a506316866fe56fbc898475fc9395d58d81505274e93b6439ff27631e055ba34ad0731e6de1627b49e54a3

Download Submit
C:\Windows\system\SYxAbOf.exe

Filesize
5.7MB

MD5
e1a1305e122d54097778280f7b6fab89

SHA1
bc0e6b8a0cbe0bd401ae0c0e98f86124d6459221

SHA256
61bac5b620f884be494030554a7bc00c546da120eeb6b9a0ca1758a895ce2b34

SHA512
404dd6c1e503bdf790318dfc4dd10f1551dade219c689ca37828061d04f13efbbf0a933d0f6e78f701117f753f70924f6718f562b3a8833579e0cf9eb909e7a4

Download Submit
C:\Windows\system\TGhCaxe.exe

Filesize
5.7MB

MD5
dd6b229af88d788dd2e025d5b66af1b0

SHA1
1fd7260fba903a1f9f816d3caf2edb886aaa2044

SHA256
8f7d31b5b5257cb804ec176a73924b7a70e9e7f67e098ba7b8b1fb91cc00bd8c

SHA512
937a56053be244cdf93dacc1f53a6ff0a5212b5dfa875b8b83763ec9907978066c105062835c772ca95c0693c8d66fa684637b5423114651f8ad7aba42296431

Download Submit
C:\Windows\system\Tkpabzg.exe

Filesize
5.7MB

MD5
fb5ca99f4abbdc18ccbeaa19918a37a3

SHA1
2c3c88ab1b93ee8475bea4b2dd0fc1bdc34dcda9

SHA256
6dd8cb147aac12955ef49e16f3c4dfc4286b3fdce4e69223907de6d51304a3e8

SHA512
e94381f1e7e65b16044fbcedebe35f648cbd7faacb86c3847397614725b5826520d532857fb005149bd7b70fb4300c97088c20145c292f52707afc07a2c8a789

Download Submit
C:\Windows\system\TnBeiqI.exe

Filesize
5.7MB

MD5
a5a93c5b128160ed55dd156a90b4785f

SHA1
5dc88720465195ff01ae849e5d618282d0224d24

SHA256
976884e16528e74e85ff3a0c9870406caca7d6d34746801c03facaed267bc671

SHA512
296731d9aa894652e1e3a5b4864a8062eaf999643ecbfb9011359c82bbe2befb2a81ecc49697b0392537a68db9ec9f570401295a7831f5147a6395d7e5283dda

Download Submit
C:\Windows\system\TqWnIEo.exe

Filesize
5.7MB

MD5
bdfb4b607bc32ee83993f9b54a9a18d9

SHA1
b4a1f63175075d9153728a3b083928b0b5fc34ef

SHA256
ee6733f2b71bb7d4a76d9b109b5d57f76bd1318c86670a025ce8d690eb5c44c5

SHA512
4fd40269c934646571607a3a504ebe9cf755099757270cdc451b178b4ba1f4a6b5c1655148aa2f4f41b9f8e2ee78d00b573a6200a676c20e743f0694a4723dae

Download Submit
C:\Windows\system\TzciwPH.exe

Filesize
5.7MB

MD5
8b8936133a44ee68d3eae0eee52e7d67

SHA1
5fd69ec4829e7c04d52d4bbd89ee9405bbb8102b

SHA256
d83ec3d1f796a196f849eb03b8460c7eff7cc392c483b1d41728d5688be1020d

SHA512
4f4e22441ade64eb4431ad886e0ab07f4a34c7621cb5444dd2f7e5a99352a83f8a749e3c6106dee82a78d9662514417240f6a33c6b401f5f85df8632eec1807e

Download Submit
C:\Windows\system\UbVWhdL.exe

Filesize
5.7MB

MD5
729c9120047bc0dbc72efa19e25f48e2

SHA1
8e1d21ce895961f202a3273cd3a46f69eee77e0a

SHA256
102a55cb4e1dcf325aaeb3010ebdf7cd898f6f593d4e02bfcebeea915f5a5993

SHA512
c8e9dd2d8d53f3cd5a5857fa27cc81bcb223be71e2bbb126be5976b36c0d6aa705e573bf90f723acfb6a18afee9b7497ee870569d6266c8ddb22d8e3a22a7479

Download Submit
C:\Windows\system\UijphSE.exe

Filesize
5.7MB

MD5
b12e7e6fdde2b886b2371415ad9b03e8

SHA1
c0b3a1a71ec0c37bb9302383eb9b3c7463b41f4f

SHA256
a36b19cbda17c6d739959eb8dce250fb50ced13547b547483dceed9086507a63

SHA512
da7e60f15917d75e59a491f7efc88fc2249e8d14dd10ce868841fd7c8633a26f20265db526c0adacb33b3dfb922e50b3a99fd627c15e8c510cb3cbaef9935da0

Download Submit
C:\Windows\system\VECjroT.exe

Filesize
5.7MB

MD5
04dc47e61c3b9cfbfd6fdb482e61c480

SHA1
c8aad094c64446665ecf34126e1280fa89245743

SHA256
ba64dfd2e37af8db1a172ac4b4a38c6191b20411be18ce5fa61d10c9af98af7a

SHA512
9063d3b35ec693b3a7683b975decae814c6b921d2bbd46e11c0a61d03509ce206f6071765c99a9c7b5dc0ae69ad82cd7b458b6231eb2e1d794c57dbdceaa0f0d

Download Submit
C:\Windows\system\VGsPHID.exe

Filesize
5.7MB

MD5
9db522131b2f5d80594a1daf951267e0

SHA1
78fa2e884a37d770adba4c297862d2036c228545

SHA256
f4ffcaa5043101dc65f9c5377c2d327aee1ff9655101ce1958e2ca79eac2517a

SHA512
daa6f20f88c0993d922c863a42004d63d977e9dccd7d43981615f3b0d6673508199c754cd96dfbb25cc658b6647ea40a79deda786c02d84eeca2437ddd5f5684

Download Submit
C:\Windows\system\ZxkRjcG.exe

Filesize
5.7MB

MD5
72b16956f42b31013ab43525026357d2

SHA1
7f617b41e0b197b30f5a79aadc7ae8f53e8e5808

SHA256
d02420e8e1c5f2c74bc0815b987cbdd7448bdfac04a5e822fff3e197c81fad11

SHA512
ccfe1d5f96a05f07fdd3723d7610e69f297eba623afbac39473318dba69a465288ee7992ddd978ec55980857dc49ac13acaad38ca597e5c22652107502b84dd3

Download Submit
C:\Windows\system\blWnnnC.exe

Filesize
5.7MB

MD5
46b3d1f7f29fc1ea8ba841f4e71577e1

SHA1
609aaf3bb3a8e1823323ecf42ccc418eb8ba9320

SHA256
2ce6bd951d6f16627fe450cc78364b2315301092628be6610a248f173f06b539

SHA512
d85f5ac2d2b2f430941050fb64177e2f4f96ca49a53e8f8366ce78b1d4d9c5c5374f294939cf04497b59cda2a217959c6768de05758f8af86113f4b7040caaf0

Download Submit
C:\Windows\system\dPWRAlR.exe

Filesize
5.7MB

MD5
8995908b5525a0c5e9f28635e9f3dbac

SHA1
0fe528447edebb2b5d7db7a8339ec61580660f77

SHA256
ca9b0b873c122770d52a41b9efc5b43a7705cb705f17655c0f26239e0983b2f3

SHA512
3a04e1cd2cef4c3509f4fd240bf9b739ef15822cfec325bd8e11266eca74610e4887d1695323ee74a12e28353dce2a54e99848539818a5c8602cf00f30ae7845

Download Submit
C:\Windows\system\egBuLSc.exe

Filesize
5.7MB

MD5
97e9aec8ebfc3ad6502bc33dd9b73c17

SHA1
efcad8d8f4d8c97fe6002041f53cbebc7e56f26e

SHA256
1d4f8765fddff089a52b3aed82bed0b11b4386a1228f6722fef0c62bcf90fdf5

SHA512
9ed76cf0f3d5fa8d56a40cd56768a1c4e2abebc3c572dfc635497617405d001143197c3705e7f2955a728671e36324581c6541d0071c73b1f778e3a0c3bef255

Download Submit
C:\Windows\system\ftWKnoC.exe

Filesize
5.7MB

MD5
11d420c476b7bbe92c2ca7be8c59f823

SHA1
36a68be1ae7feef1a1ca9d0c1714775b5db8f9a9

SHA256
626875d772ab6a1fa843c6881dc86518bb79826b69ac0d5f1766d4f4dce98ca8

SHA512
94e6d53d8b865ece53cc1d93ed9971b560b099611ed508525beb427ed195343ce14911c6a3d3ffc834cdc54ccf6439bc5155d50b0264d4f9d1db46dcc2d535a2

Download Submit
C:\Windows\system\gXsWMYM.exe

Filesize
5.7MB

MD5
0930ab53b81ad5720317606371222729

SHA1
d9c2321d1a7184fdfe77b42432b92f7a77133fbc

SHA256
037e1a4000456bb4aaae9805c456f4d53f2b5de7436523a52bb8a19bb01b3bb8

SHA512
a486c41045fc6c50a0d1899b38a29f1741efaccee66c699b361d6876145bda53dd4548ee4cbe11b9ec3d5ce8071b931ad534315fa72f0b3f2d1270d4d8fd1744

Download Submit
C:\Windows\system\humbwLE.exe

Filesize
5.7MB

MD5
9822cc79d56a99303a5119ed72e16c9b

SHA1
60f3a8a876335f24c314bd3d79f18c8f35ce0df4

SHA256
728bedc0d9ffb9b05bd52da42af44561e1dbe18b94e03966904c6e26cf2fd378

SHA512
05c1d0c40c1bbca198d29d0337bbd72578d7ef1759321a63aceb9c35ffb0b79e1495035f5fd27606c988d30f1183a169c6b2660d722e3bad26b097c24c3a0901

Download Submit
C:\Windows\system\jpQakPp.exe

Filesize
5.7MB

MD5
8f2bd08f76046d60ec52d097f512ca9e

SHA1
c786b0f01a0d5c98c3ffb1540f249699bbf91c60

SHA256
01d9a2215cf9322a73be1cdd94e3929b26e9a1e250aa10834618bc4784805f92

SHA512
d9ecda80f6f53600a5ffb29cc8b0e282bd2ab24f8f83fd8a67a8f96180b8f6ff66ddc01454872e26f4f6b6af4e12a2797af519a6e3f4855461b21f639940fa9f

Download Submit
C:\Windows\system\ohFFAci.exe

Filesize
5.7MB

MD5
f441a026ebc744297ccc82b567df9af2

SHA1
b710c17510cb164241873e79f4e4932db5d03b50

SHA256
56d099bd9d022e0a3f3dfa93df270a23320629a7f8ffdeca03ccdaa22dfd22ef

SHA512
e950de815e93dca8a6a75e37e2735067f683c730612b41c4b4bcb78edcb82a2829a3e495be20d32cd731866ecb1421ee48616ee5622ce1d69bd5698b77126f4c

Download Submit
C:\Windows\system\pnpAUsC.exe

Filesize
5.7MB

MD5
6dd6d61170ae017398e99aee2946872d

SHA1
d78dbae8352bf8945b79fea3dfedb6482406879d

SHA256
13d6b1dbbc7e8f8ced93aacd25206337e9616446d29c7c8d83aeed10b7bfcfc2

SHA512
a2de688a1c4e26fad22d7f60d63b6bd8083196f7db5660be18ec6ecb6f5e9f12715f2ebc8e9093f2f4dbe0a681de494377326f6b07b69c1fa294d10838d953c6

Download Submit
C:\Windows\system\qlrcYoZ.exe

Filesize
5.7MB

MD5
1dd7438957ac2a3a3e517fa7b6d1a7f9

SHA1
967a051f3a0a4f635329e8665b04d2e02e28ea9a

SHA256
4012432853d1cefa9de3019db7e83d58333c31940895912ba160113f3b768c57

SHA512
3cbdcf10126be27f9a0a277011cb50b64a3e733ffa7634d31656efb207b483177a86434cec2bac165aeeaada98a4eed2285f06980c61b08c38d99b166426d9dd

Download Submit
C:\Windows\system\sRKYzAz.exe

Filesize
5.7MB

MD5
179b6a1cf38f7d4b6db58bcadcaedee8

SHA1
6d32a0301911ca24a978a71f5a79565219e659ce

SHA256
5f5ce5fc4e732e5691af37286ba5be2cf81a6ff7ac83c2b8ae1ee37b8a5acf44

SHA512
0611f53ec9e8cea4d2db0bd65d73371eca9513cdd29ad943e4306c4a21ad9fe0257c86bf33af0f9eabfc7be5b735fb6786d1579b4751b7c68b7b7540f89d6e49

Download Submit
C:\Windows\system\svLDizQ.exe

Filesize
5.7MB

MD5
e87c33c544a45b053a348fadc0ee0ec9

SHA1
4f2833d969a138a93da0fc205f57ab2e864ef545

SHA256
9563aed4266a6c7f9f65aa814cd0cbc8165150365ec50c62154ff0e9a3e4d7d2

SHA512
a40d200b5d2c4926f936e4a0efb782cb1d4360dab9bb25efd2d8e95d92fe824bb06439f99e2b5f2be95f05e38b7e1a26fd8a58fd874c1c3402015c39934c5480

Download Submit
C:\Windows\system\tIbGMgX.exe

Filesize
5.7MB

MD5
de9645359a2de3ea59abf7eebf177d51

SHA1
2d44561b10618fa9843b900069e2938aae4ca893

SHA256
b4f4a2f96a915abfd703d5d43dc04acac0047db45e27e8eb76b8c9ae3b47f507

SHA512
0a4b50cf64ccbc55a49817fb4c5d8853c3819477b1d2f7ca7fa30394737236d3272f3dcc1b9ed27aa185a381846781a468373d4cc399454502a765c75043b2c0

Download Submit
C:\Windows\system\uPcyYbR.exe

Filesize
5.7MB

MD5
605b8c064389cdc98fac8497af73ea30

SHA1
a92b3ca53d7398272a1b3faf6a74ba66d58ae120

SHA256
b57becf991fdc6770bb5f85d48701d77a8fe2573ab187d5637794b470fe6b732

SHA512
5c059af3a30f4585e4528d1f8880f419c5b65a3009853b2a5ce62f488bbc9602a75a200b2945d20439221d874b0da386c200452ae0a20632a7f07be00303f9c4

Download Submit
C:\Windows\system\vFKIRuH.exe

Filesize
5.7MB

MD5
ee394b0ce5833dff117f6ae53652b110

SHA1
ba109627a2e29075ec2f23d3b380fa99841dc838

SHA256
d061439a7a67f0c349ac798ead8904cbd920d53c46d254ff354c9b9e63825190

SHA512
4a6650b7648480e44c062494ecb589572659059cdff0c1de957914694db1378851ed4a4117e0ebdfa765bdce3f0419a8428f98b542bbd2f0f27af4250d586636

Download Submit
\Windows\system\CUXnMHG.exe

Filesize
5.7MB

MD5
99074914ccc371f8800faff60b90caf8

SHA1
3ec4948f3d6e78f3b08400d9fa1bacc27510243c

SHA256
714e15b973bdff49f3364818329d878ec21b4eb04cccee91be5f82a2d797b6ab

SHA512
66449d9a3cb70cea2e0b41618170bcd8a08387ede2ecc0699c96ba9c82b6d10d293b2dd169c50f89a43f11b20d43307785934e066060bd9010de114453c367dc

Download Submit
\Windows\system\WkwawvC.exe

Filesize
5.7MB

MD5
a2e80790ff788b5cff3d9cbb883fd345

SHA1
26a1b2e748f50210080c3c084a48e5288771754d

SHA256
4bf4e4f5d4caadad0e07f4f09d062b5ed411f3b74c8bb6d372a0113e90176fec

SHA512
d79de5fe45fa30b7823d43fe65d38d4c95e3b2e569de9314edf7c27c8455a8879bee6addf2e43ff06fd6fc03c1fd0fd08c96bc60f79e462a97baec7fcff4d355

Download Submit
\Windows\system\oknjGyB.exe

Filesize
5.7MB

MD5
2bbc3885436e8288170925ea10183c2e

SHA1
5e270a935c17cec3c75ea9baa6fdbdd17dd4edaf

SHA256
01b6b200f12ed89ca983d0d94051a74a36987d880cf150a1b0ba3ece5c75755f

SHA512
301b97fe32abb56c2e8b87159d3519643e179ae853210196b2c8758d6d1983bbba7a9d10d4c0c927991d9f49a1d3b97454b71831b85ce9c3c06ba11bb6161cf6

Download Submit
memory/752-7-0x000000013FA90000-0x000000013FDDD000-memory.dmp

Filesize
3.3MB

Download
memory/784-95-0x000000013F090000-0x000000013F3DD000-memory.dmp

Filesize
3.3MB

Download
memory/1344-131-0x000000013FF90000-0x00000001402DD000-memory.dmp

Filesize
3.3MB

Download
memory/1676-143-0x000000013F4D0000-0x000000013F81D000-memory.dmp

Filesize
3.3MB

Download
memory/1720-179-0x000000013F640000-0x000000013F98D000-memory.dmp

Filesize
3.3MB

Download
memory/1844-89-0x000000013F4E0000-0x000000013F82D000-memory.dmp

Filesize
3.3MB

Download
memory/1864-113-0x000000013F340000-0x000000013F68D000-memory.dmp

Filesize
3.3MB

Download
memory/1872-107-0x000000013FEA0000-0x00000001401ED000-memory.dmp

Filesize
3.3MB

Download
memory/1948-119-0x000000013FE50000-0x000000014019D000-memory.dmp

Filesize
3.3MB

Download
memory/1988-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1988-0-0x000000013FC90000-0x000000013FFDD000-memory.dmp

Filesize
3.3MB

Download
memory/2060-13-0x000000013F5B0000-0x000000013F8FD000-memory.dmp

Filesize
3.3MB

Download
memory/2084-83-0x000000013F290000-0x000000013F5DD000-memory.dmp

Filesize
3.3MB

Download
memory/2092-155-0x000000013F420000-0x000000013F76D000-memory.dmp

Filesize
3.3MB

Download
memory/2176-191-0x000000013F790000-0x000000013FADD000-memory.dmp

Filesize
3.3MB

Download
memory/2220-41-0x000000013FFC0000-0x000000014030D000-memory.dmp

Filesize
3.3MB

Download
memory/2256-125-0x000000013F680000-0x000000013F9CD000-memory.dmp

Filesize
3.3MB

Download
memory/2292-18-0x000000013F910000-0x000000013FC5D000-memory.dmp

Filesize
3.3MB

Download
memory/2360-161-0x000000013F840000-0x000000013FB8D000-memory.dmp

Filesize
3.3MB

Download
memory/2384-53-0x000000013F850000-0x000000013FB9D000-memory.dmp

Filesize
3.3MB

Download
memory/2440-185-0x000000013FA60000-0x000000013FDAD000-memory.dmp

Filesize
3.3MB

Download
memory/2588-71-0x000000013F370000-0x000000013F6BD000-memory.dmp

Filesize
3.3MB

Download
memory/2664-77-0x000000013F830000-0x000000013FB7D000-memory.dmp

Filesize
3.3MB

Download
memory/2692-167-0x000000013FFB0000-0x00000001402FD000-memory.dmp

Filesize
3.3MB

Download
memory/2736-29-0x000000013FB30000-0x000000013FE7D000-memory.dmp

Filesize
3.3MB

Download
memory/2776-149-0x000000013F140000-0x000000013F48D000-memory.dmp

Filesize
3.3MB

Download
memory/2812-35-0x000000013F5E0000-0x000000013F92D000-memory.dmp

Filesize
3.3MB

Download
memory/2840-59-0x000000013F360000-0x000000013F6AD000-memory.dmp

Filesize
3.3MB

Download
memory/2892-65-0x000000013F220000-0x000000013F56D000-memory.dmp

Filesize
3.3MB

Download
memory/2900-47-0x000000013F9A0000-0x000000013FCED000-memory.dmp

Filesize
3.3MB

Download