cobaltstrike | 49df4a43086a86f4a1be8ceee12b74cfb833174b8d781efc7994538cc0df5b5a

Analysis

max time kernel
125s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/03/2025, 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

3ddca67ae3115b5c0e30aebe13f8a94b
SHA1

974feef12ba61b2157940fe6ec7d035c48f0937f
SHA256

49df4a43086a86f4a1be8ceee12b74cfb833174b8d781efc7994538cc0df5b5a
SHA512

4ec3a7da660f46c263443e31c2e5b0296bc82ebcb13d07747cf2fe3ffd396c3850cbd45d6b1272594b684cec2f151e4d8ac1bdb3c682f325903030c526ab5d8f
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUQ:j+R56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c0000000122e4-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019275-7.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019377-31.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193a4-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-43.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-47.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c2-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0d-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cbe-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a32f-138.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019259-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0ab-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a06a-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a074-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f58-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f6e-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8c-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c87-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c85-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c6c-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0f-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a72-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964b-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964a-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019642-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-52.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194df-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019319-19.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019365-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019278-16.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1960-0-0x000000013F6B0000-0x000000013F9FD000-memory.dmp	xmrig
behavioral1/files/0x000c0000000122e4-6.dat	xmrig
behavioral1/memory/2440-15-0x000000013F340000-0x000000013F68D000-memory.dmp	xmrig
behavioral1/files/0x0008000000019275-7.dat	xmrig
behavioral1/files/0x0006000000019377-31.dat	xmrig
behavioral1/files/0x00080000000193a4-36.dat	xmrig
behavioral1/files/0x0005000000019513-43.dat	xmrig
behavioral1/files/0x000500000001953e-47.dat	xmrig
behavioral1/files/0x00050000000197c2-67.dat	xmrig
behavioral1/files/0x0005000000019b0d-76.dat	xmrig
behavioral1/files/0x0005000000019cbe-95.dat	xmrig
behavioral1/files/0x000500000001a301-128.dat	xmrig
behavioral1/files/0x000500000001a32f-138.dat	xmrig
behavioral1/memory/1676-152-0x000000013FDD0000-0x000000014011D000-memory.dmp	xmrig
behavioral1/memory/1652-202-0x000000013F960000-0x000000013FCAD000-memory.dmp	xmrig
behavioral1/files/0x0008000000019259-187.dat	xmrig
behavioral1/memory/2484-194-0x000000013F260000-0x000000013F5AD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a43f-191.dat	xmrig
behavioral1/files/0x000500000001a438-184.dat	xmrig
behavioral1/memory/2716-180-0x000000013FB30000-0x000000013FE7D000-memory.dmp	xmrig
behavioral1/memory/1056-178-0x000000013FE70000-0x00000001401BD000-memory.dmp	xmrig
behavioral1/memory/2772-176-0x000000013F690000-0x000000013F9DD000-memory.dmp	xmrig
behavioral1/memory/2356-174-0x000000013F980000-0x000000013FCCD000-memory.dmp	xmrig
behavioral1/memory/2896-172-0x000000013FD60000-0x00000001400AD000-memory.dmp	xmrig
behavioral1/memory/2724-170-0x000000013F2D0000-0x000000013F61D000-memory.dmp	xmrig
behavioral1/memory/1984-167-0x000000013FE60000-0x00000001401AD000-memory.dmp	xmrig
behavioral1/memory/2160-166-0x000000013F6D0000-0x000000013FA1D000-memory.dmp	xmrig
behavioral1/memory/320-164-0x000000013FD50000-0x000000014009D000-memory.dmp	xmrig
behavioral1/memory/1780-162-0x000000013F5E0000-0x000000013F92D000-memory.dmp	xmrig
behavioral1/memory/864-160-0x000000013F4A0000-0x000000013F7ED000-memory.dmp	xmrig
behavioral1/memory/1000-158-0x000000013FED0000-0x000000014021D000-memory.dmp	xmrig
behavioral1/memory/2560-156-0x000000013F5C0000-0x000000013F90D000-memory.dmp	xmrig
behavioral1/memory/3044-154-0x000000013F3A0000-0x000000013F6ED000-memory.dmp	xmrig
behavioral1/memory/2784-146-0x000000013FFB0000-0x00000001402FD000-memory.dmp	xmrig
behavioral1/memory/2340-145-0x000000013FA80000-0x000000013FDCD000-memory.dmp	xmrig
behavioral1/memory/3016-144-0x000000013F950000-0x000000013FC9D000-memory.dmp	xmrig
behavioral1/memory/2652-143-0x000000013F0D0000-0x000000013F41D000-memory.dmp	xmrig
behavioral1/memory/2528-142-0x000000013F290000-0x000000013F5DD000-memory.dmp	xmrig
behavioral1/memory/2816-140-0x000000013F900000-0x000000013FC4D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0ab-137.dat	xmrig
behavioral1/files/0x000500000001a06a-136.dat	xmrig
behavioral1/files/0x000500000001a074-127.dat	xmrig
behavioral1/memory/2220-124-0x000000013FD40000-0x000000014008D000-memory.dmp	xmrig
behavioral1/memory/2832-122-0x000000013FC30000-0x000000013FF7D000-memory.dmp	xmrig
behavioral1/memory/2688-120-0x000000013F750000-0x000000013FA9D000-memory.dmp	xmrig
behavioral1/memory/3064-119-0x000000013F660000-0x000000013F9AD000-memory.dmp	xmrig
behavioral1/memory/2680-118-0x000000013F840000-0x000000013FB8D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f58-103.dat	xmrig
behavioral1/files/0x0005000000019f6e-107.dat	xmrig
behavioral1/files/0x0005000000019d8c-99.dat	xmrig
behavioral1/files/0x0005000000019c87-91.dat	xmrig
behavioral1/files/0x0005000000019c85-88.dat	xmrig
behavioral1/files/0x0005000000019c6c-83.dat	xmrig
behavioral1/files/0x0005000000019b0f-79.dat	xmrig
behavioral1/files/0x0005000000019a72-71.dat	xmrig
behavioral1/files/0x000500000001964b-63.dat	xmrig
behavioral1/files/0x000500000001964a-60.dat	xmrig
behavioral1/files/0x0005000000019642-55.dat	xmrig
behavioral1/files/0x0005000000019640-52.dat	xmrig
behavioral1/files/0x00060000000194df-39.dat	xmrig
behavioral1/files/0x0006000000019319-19.dat	xmrig
behavioral1/files/0x0006000000019365-27.dat	xmrig
behavioral1/files/0x0007000000019278-16.dat	xmrig
behavioral1/memory/2316-11-0x000000013F620000-0x000000013F96D000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2316	xEvDQzO.exe
2440	DKEgpeM.exe
1956	dnJXePh.exe
2680	YAjSvFO.exe
3064	VwJDmTZ.exe
2824	BDKfkfQ.exe
2688	LcOHAaJ.exe
2220	LecfLbE.exe
2832	dyAvqNg.exe
2724	htvYMzM.exe
2816	AwQZHdK.exe
864	liuRrip.exe
2528	RvJOJhU.exe
2560	kqAoSmI.exe
2652	yloIBMO.exe
3044	qECBgyR.exe
3016	kFgZhgQ.exe
1676	WhQiMLP.exe
2340	XMamIJV.exe
1780	QsGZiTv.exe
2784	oTYVLjb.exe
1000	WbcMtGK.exe
320	aYjRGvs.exe
1056	PZbSaCO.exe
1984	nWZcRuo.exe
2896	pIBRGSC.exe
2160	zDCxiVg.exe
2772	lgNPkup.exe
2716	DKnhmpn.exe
2356	XfTxkrA.exe
2928	HcCAcdv.exe
2484	HxYoRga.exe
560	pFwuEUf.exe
1652	zoBCNoJ.exe
2096	gYDzDsC.exe
2248	kFpZJnx.exe
1540	PNlEwFw.exe
3028	SVfqvTf.exe
1636	QGsFpOO.exe
2488	jokVYKa.exe
3032	YKuDjOy.exe
2292	JEuywpv.exe
1160	KorQEve.exe
1592	kTouxRa.exe
900	WjIDZiK.exe
2028	cXdjVeL.exe
556	JBGZcfR.exe
1596	QyxuJzP.exe
2844	WUOROuG.exe
2924	ZYbhaiH.exe
2800	pjRelEM.exe
1764	aWXvFLH.exe
756	UuqfGRs.exe
1996	VNnAQAi.exe
2164	LJDqhnL.exe
2416	fpGEZwp.exe
956	uWOvGWG.exe
2992	oaWtTyW.exe
1940	QxwlOCT.exe
2860	zhvTmGV.exe
2788	XPbLEtA.exe
2192	PFRkgeF.exe
2620	BGzPdTf.exe
1856	mEhlATd.exe

Loads dropped DLL 64 IoCs

pid	Process
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lXWfMPk.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmrsHyt.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkBBWfi.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpSimFB.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGksOJZ.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXdjVeL.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVIYDpx.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IzHMjHb.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvhrUAU.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNKqKxz.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEVyqGp.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQYOZMW.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xtaxltg.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIfMlyY.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUKLXDt.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBjdrBd.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDKVpFU.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGxHVqk.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTdJpfI.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oasWveq.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNiEaBD.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPzWOHd.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRTWpVB.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXUjmpk.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKzHUbE.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btFWFzk.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uivcQeC.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIaSORe.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaVziqa.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSLeFAB.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiPpPyE.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYQfDDJ.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCdfvsm.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fchRiGn.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtrCOtX.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKuDjOy.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfbGjmw.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrnXBSf.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJUiHQg.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKAAOuS.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYwCaaF.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdKkurf.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtmMkEA.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBGZcfR.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKijueH.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDPRjot.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XUgkAox.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIYiZRM.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbxIEPR.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgebNAJ.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezwzqDk.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJtQQOS.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkaHGWn.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogKbZtn.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqvylxl.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaNKIsp.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySNxMPk.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOCUgqk.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxdLRiV.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgNPkup.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiSpcEc.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXLItda.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zReUoAQ.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNVAdyt.exe	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2316	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1960 wrote to memory of 2316	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1960 wrote to memory of 2316	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1960 wrote to memory of 2440	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1960 wrote to memory of 2440	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1960 wrote to memory of 2440	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1960 wrote to memory of 1956	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1960 wrote to memory of 1956	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1960 wrote to memory of 1956	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1960 wrote to memory of 3064	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1960 wrote to memory of 3064	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1960 wrote to memory of 3064	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1960 wrote to memory of 2680	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1960 wrote to memory of 2680	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1960 wrote to memory of 2680	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1960 wrote to memory of 2824	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1960 wrote to memory of 2824	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1960 wrote to memory of 2824	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1960 wrote to memory of 2688	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1960 wrote to memory of 2688	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1960 wrote to memory of 2688	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1960 wrote to memory of 2220	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1960 wrote to memory of 2220	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1960 wrote to memory of 2220	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1960 wrote to memory of 2832	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1960 wrote to memory of 2832	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1960 wrote to memory of 2832	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1960 wrote to memory of 2724	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1960 wrote to memory of 2724	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1960 wrote to memory of 2724	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1960 wrote to memory of 2816	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1960 wrote to memory of 2816	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1960 wrote to memory of 2816	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1960 wrote to memory of 864	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1960 wrote to memory of 864	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1960 wrote to memory of 864	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1960 wrote to memory of 2528	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1960 wrote to memory of 2528	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1960 wrote to memory of 2528	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1960 wrote to memory of 2560	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1960 wrote to memory of 2560	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1960 wrote to memory of 2560	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1960 wrote to memory of 2652	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1960 wrote to memory of 2652	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1960 wrote to memory of 2652	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1960 wrote to memory of 3044	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1960 wrote to memory of 3044	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1960 wrote to memory of 3044	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1960 wrote to memory of 3016	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1960 wrote to memory of 3016	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1960 wrote to memory of 3016	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1960 wrote to memory of 1676	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1960 wrote to memory of 1676	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1960 wrote to memory of 1676	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1960 wrote to memory of 2340	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1960 wrote to memory of 2340	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1960 wrote to memory of 2340	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1960 wrote to memory of 1780	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1960 wrote to memory of 1780	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1960 wrote to memory of 1780	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1960 wrote to memory of 2784	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1960 wrote to memory of 2784	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1960 wrote to memory of 2784	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1960 wrote to memory of 1000	1960	2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-01_3ddca67ae3115b5c0e30aebe13f8a94b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\System\xEvDQzO.exe
  C:\Windows\System\xEvDQzO.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\DKEgpeM.exe
  C:\Windows\System\DKEgpeM.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\dnJXePh.exe
  C:\Windows\System\dnJXePh.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\VwJDmTZ.exe
  C:\Windows\System\VwJDmTZ.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\YAjSvFO.exe
  C:\Windows\System\YAjSvFO.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\BDKfkfQ.exe
  C:\Windows\System\BDKfkfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\LcOHAaJ.exe
  C:\Windows\System\LcOHAaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\LecfLbE.exe
  C:\Windows\System\LecfLbE.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\dyAvqNg.exe
  C:\Windows\System\dyAvqNg.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\htvYMzM.exe
  C:\Windows\System\htvYMzM.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\AwQZHdK.exe
  C:\Windows\System\AwQZHdK.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\liuRrip.exe
  C:\Windows\System\liuRrip.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\RvJOJhU.exe
  C:\Windows\System\RvJOJhU.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\kqAoSmI.exe
  C:\Windows\System\kqAoSmI.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\yloIBMO.exe
  C:\Windows\System\yloIBMO.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\qECBgyR.exe
  C:\Windows\System\qECBgyR.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\kFgZhgQ.exe
  C:\Windows\System\kFgZhgQ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\WhQiMLP.exe
  C:\Windows\System\WhQiMLP.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\XMamIJV.exe
  C:\Windows\System\XMamIJV.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\QsGZiTv.exe
  C:\Windows\System\QsGZiTv.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\oTYVLjb.exe
  C:\Windows\System\oTYVLjb.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\WbcMtGK.exe
  C:\Windows\System\WbcMtGK.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\aYjRGvs.exe
  C:\Windows\System\aYjRGvs.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\PZbSaCO.exe
  C:\Windows\System\PZbSaCO.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\nWZcRuo.exe
  C:\Windows\System\nWZcRuo.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\lgNPkup.exe
  C:\Windows\System\lgNPkup.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\pIBRGSC.exe
  C:\Windows\System\pIBRGSC.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\DKnhmpn.exe
  C:\Windows\System\DKnhmpn.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\zDCxiVg.exe
  C:\Windows\System\zDCxiVg.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\XfTxkrA.exe
  C:\Windows\System\XfTxkrA.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\HcCAcdv.exe
  C:\Windows\System\HcCAcdv.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\pFwuEUf.exe
  C:\Windows\System\pFwuEUf.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\HxYoRga.exe
  C:\Windows\System\HxYoRga.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\gYDzDsC.exe
  C:\Windows\System\gYDzDsC.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\zoBCNoJ.exe
  C:\Windows\System\zoBCNoJ.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\PNlEwFw.exe
  C:\Windows\System\PNlEwFw.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\kFpZJnx.exe
  C:\Windows\System\kFpZJnx.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\SVfqvTf.exe
  C:\Windows\System\SVfqvTf.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\QGsFpOO.exe
  C:\Windows\System\QGsFpOO.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\YKuDjOy.exe
  C:\Windows\System\YKuDjOy.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\jokVYKa.exe
  C:\Windows\System\jokVYKa.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\WjIDZiK.exe
  C:\Windows\System\WjIDZiK.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\JEuywpv.exe
  C:\Windows\System\JEuywpv.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\JBGZcfR.exe
  C:\Windows\System\JBGZcfR.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\KorQEve.exe
  C:\Windows\System\KorQEve.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\QyxuJzP.exe
  C:\Windows\System\QyxuJzP.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\kTouxRa.exe
  C:\Windows\System\kTouxRa.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\WUOROuG.exe
  C:\Windows\System\WUOROuG.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\cXdjVeL.exe
  C:\Windows\System\cXdjVeL.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\ZYbhaiH.exe
  C:\Windows\System\ZYbhaiH.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\pjRelEM.exe
  C:\Windows\System\pjRelEM.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\oaWtTyW.exe
  C:\Windows\System\oaWtTyW.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\aWXvFLH.exe
  C:\Windows\System\aWXvFLH.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\QxwlOCT.exe
  C:\Windows\System\QxwlOCT.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\UuqfGRs.exe
  C:\Windows\System\UuqfGRs.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\zhvTmGV.exe
  C:\Windows\System\zhvTmGV.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\VNnAQAi.exe
  C:\Windows\System\VNnAQAi.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\XPbLEtA.exe
  C:\Windows\System\XPbLEtA.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\LJDqhnL.exe
  C:\Windows\System\LJDqhnL.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\PFRkgeF.exe
  C:\Windows\System\PFRkgeF.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\fpGEZwp.exe
  C:\Windows\System\fpGEZwp.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\BGzPdTf.exe
  C:\Windows\System\BGzPdTf.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\uWOvGWG.exe
  C:\Windows\System\uWOvGWG.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\gXSnZaM.exe
  C:\Windows\System\gXSnZaM.exe
  2⤵
  PID:928
- C:\Windows\System\mEhlATd.exe
  C:\Windows\System\mEhlATd.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\Xgaftlt.exe
  C:\Windows\System\Xgaftlt.exe
  2⤵
  PID:2080
- C:\Windows\System\jPCKBLu.exe
  C:\Windows\System\jPCKBLu.exe
  2⤵
  PID:1792
- C:\Windows\System\sEomEYd.exe
  C:\Windows\System\sEomEYd.exe
  2⤵
  PID:1756
- C:\Windows\System\SfbGjmw.exe
  C:\Windows\System\SfbGjmw.exe
  2⤵
  PID:1532
- C:\Windows\System\HsYigtk.exe
  C:\Windows\System\HsYigtk.exe
  2⤵
  PID:2252
- C:\Windows\System\CdlTXVM.exe
  C:\Windows\System\CdlTXVM.exe
  2⤵
  PID:324
- C:\Windows\System\xhvntOK.exe
  C:\Windows\System\xhvntOK.exe
  2⤵
  PID:2540
- C:\Windows\System\qdiUIyP.exe
  C:\Windows\System\qdiUIyP.exe
  2⤵
  PID:2004
- C:\Windows\System\uvhdwXv.exe
  C:\Windows\System\uvhdwXv.exe
  2⤵
  PID:1704
- C:\Windows\System\XtkLRHt.exe
  C:\Windows\System\XtkLRHt.exe
  2⤵
  PID:2748
- C:\Windows\System\IEtpalo.exe
  C:\Windows\System\IEtpalo.exe
  2⤵
  PID:2060
- C:\Windows\System\RDTUrnu.exe
  C:\Windows\System\RDTUrnu.exe
  2⤵
  PID:2336
- C:\Windows\System\YFuhbfy.exe
  C:\Windows\System\YFuhbfy.exe
  2⤵
  PID:1936
- C:\Windows\System\DFaOIav.exe
  C:\Windows\System\DFaOIav.exe
  2⤵
  PID:2144
- C:\Windows\System\fDiDqNo.exe
  C:\Windows\System\fDiDqNo.exe
  2⤵
  PID:3092
- C:\Windows\System\xnjoscD.exe
  C:\Windows\System\xnjoscD.exe
  2⤵
  PID:3120
- C:\Windows\System\RGBYGWl.exe
  C:\Windows\System\RGBYGWl.exe
  2⤵
  PID:3140
- C:\Windows\System\GpsdPza.exe
  C:\Windows\System\GpsdPza.exe
  2⤵
  PID:3176
- C:\Windows\System\WQkAYph.exe
  C:\Windows\System\WQkAYph.exe
  2⤵
  PID:3196
- C:\Windows\System\TASyAjx.exe
  C:\Windows\System\TASyAjx.exe
  2⤵
  PID:3224
- C:\Windows\System\MGnhAzd.exe
  C:\Windows\System\MGnhAzd.exe
  2⤵
  PID:3244
- C:\Windows\System\vJljuCH.exe
  C:\Windows\System\vJljuCH.exe
  2⤵
  PID:3264
- C:\Windows\System\hDtFesW.exe
  C:\Windows\System\hDtFesW.exe
  2⤵
  PID:3280
- C:\Windows\System\ahcvjDe.exe
  C:\Windows\System\ahcvjDe.exe
  2⤵
  PID:3336
- C:\Windows\System\yqegqWP.exe
  C:\Windows\System\yqegqWP.exe
  2⤵
  PID:3372
- C:\Windows\System\IJRSGMz.exe
  C:\Windows\System\IJRSGMz.exe
  2⤵
  PID:3392
- C:\Windows\System\bzMABjW.exe
  C:\Windows\System\bzMABjW.exe
  2⤵
  PID:3412
- C:\Windows\System\XmLlxzA.exe
  C:\Windows\System\XmLlxzA.exe
  2⤵
  PID:3440
- C:\Windows\System\hVeBMMO.exe
  C:\Windows\System\hVeBMMO.exe
  2⤵
  PID:3456
- C:\Windows\System\BOtviVb.exe
  C:\Windows\System\BOtviVb.exe
  2⤵
  PID:3476
- C:\Windows\System\EmKxWqi.exe
  C:\Windows\System\EmKxWqi.exe
  2⤵
  PID:3500
- C:\Windows\System\TIaSORe.exe
  C:\Windows\System\TIaSORe.exe
  2⤵
  PID:3520
- C:\Windows\System\cmSFZBs.exe
  C:\Windows\System\cmSFZBs.exe
  2⤵
  PID:3544
- C:\Windows\System\JXCDGkP.exe
  C:\Windows\System\JXCDGkP.exe
  2⤵
  PID:3560
- C:\Windows\System\NwghdWc.exe
  C:\Windows\System\NwghdWc.exe
  2⤵
  PID:3580
- C:\Windows\System\QubOBKi.exe
  C:\Windows\System\QubOBKi.exe
  2⤵
  PID:3608
- C:\Windows\System\zwVOPQD.exe
  C:\Windows\System\zwVOPQD.exe
  2⤵
  PID:3628
- C:\Windows\System\gtpEXaI.exe
  C:\Windows\System\gtpEXaI.exe
  2⤵
  PID:3644
- C:\Windows\System\fhROWSh.exe
  C:\Windows\System\fhROWSh.exe
  2⤵
  PID:3668
- C:\Windows\System\dFUJYBD.exe
  C:\Windows\System\dFUJYBD.exe
  2⤵
  PID:3688
- C:\Windows\System\RGsFDAh.exe
  C:\Windows\System\RGsFDAh.exe
  2⤵
  PID:3708
- C:\Windows\System\uvcttCK.exe
  C:\Windows\System\uvcttCK.exe
  2⤵
  PID:3728
- C:\Windows\System\pHTtcIH.exe
  C:\Windows\System\pHTtcIH.exe
  2⤵
  PID:3748
- C:\Windows\System\bTNRqaO.exe
  C:\Windows\System\bTNRqaO.exe
  2⤵
  PID:3776
- C:\Windows\System\JuMuHhg.exe
  C:\Windows\System\JuMuHhg.exe
  2⤵
  PID:3792
- C:\Windows\System\EuxJAWU.exe
  C:\Windows\System\EuxJAWU.exe
  2⤵
  PID:3816
- C:\Windows\System\yEgDwIU.exe
  C:\Windows\System\yEgDwIU.exe
  2⤵
  PID:3836
- C:\Windows\System\AEXfoFu.exe
  C:\Windows\System\AEXfoFu.exe
  2⤵
  PID:3920
- C:\Windows\System\UAcpteD.exe
  C:\Windows\System\UAcpteD.exe
  2⤵
  PID:3940
- C:\Windows\System\UDErxCW.exe
  C:\Windows\System\UDErxCW.exe
  2⤵
  PID:3964
- C:\Windows\System\ptoVuEQ.exe
  C:\Windows\System\ptoVuEQ.exe
  2⤵
  PID:3984
- C:\Windows\System\vlokRZZ.exe
  C:\Windows\System\vlokRZZ.exe
  2⤵
  PID:4008
- C:\Windows\System\VrnXBSf.exe
  C:\Windows\System\VrnXBSf.exe
  2⤵
  PID:4028
- C:\Windows\System\SMUxQem.exe
  C:\Windows\System\SMUxQem.exe
  2⤵
  PID:4052
- C:\Windows\System\wKKUCFb.exe
  C:\Windows\System\wKKUCFb.exe
  2⤵
  PID:4072
- C:\Windows\System\VNsfknc.exe
  C:\Windows\System\VNsfknc.exe
  2⤵
  PID:4088
- C:\Windows\System\SSzYYZi.exe
  C:\Windows\System\SSzYYZi.exe
  2⤵
  PID:1488
- C:\Windows\System\MQakolw.exe
  C:\Windows\System\MQakolw.exe
  2⤵
  PID:1012
- C:\Windows\System\wPceAjO.exe
  C:\Windows\System\wPceAjO.exe
  2⤵
  PID:2636
- C:\Windows\System\TvwmhyX.exe
  C:\Windows\System\TvwmhyX.exe
  2⤵
  PID:1052
- C:\Windows\System\cxEOkZM.exe
  C:\Windows\System\cxEOkZM.exe
  2⤵
  PID:2044
- C:\Windows\System\PnUgUuS.exe
  C:\Windows\System\PnUgUuS.exe
  2⤵
  PID:3004
- C:\Windows\System\VFTqPvL.exe
  C:\Windows\System\VFTqPvL.exe
  2⤵
  PID:1912
- C:\Windows\System\ptulxoJ.exe
  C:\Windows\System\ptulxoJ.exe
  2⤵
  PID:1820
- C:\Windows\System\TdhvQXx.exe
  C:\Windows\System\TdhvQXx.exe
  2⤵
  PID:3020
- C:\Windows\System\GWVircB.exe
  C:\Windows\System\GWVircB.exe
  2⤵
  PID:2720
- C:\Windows\System\JGbgFhS.exe
  C:\Windows\System\JGbgFhS.exe
  2⤵
  PID:2556
- C:\Windows\System\fiIOWEg.exe
  C:\Windows\System\fiIOWEg.exe
  2⤵
  PID:3084
- C:\Windows\System\yeuHlCk.exe
  C:\Windows\System\yeuHlCk.exe
  2⤵
  PID:3024
- C:\Windows\System\fpouPQI.exe
  C:\Windows\System\fpouPQI.exe
  2⤵
  PID:3132
- C:\Windows\System\kwsohqQ.exe
  C:\Windows\System\kwsohqQ.exe
  2⤵
  PID:3272
- C:\Windows\System\xHPbeXa.exe
  C:\Windows\System\xHPbeXa.exe
  2⤵
  PID:1624
- C:\Windows\System\jtrjhVl.exe
  C:\Windows\System\jtrjhVl.exe
  2⤵
  PID:3348
- C:\Windows\System\iaCeQuK.exe
  C:\Windows\System\iaCeQuK.exe
  2⤵
  PID:3112
- C:\Windows\System\JrTsgjs.exe
  C:\Windows\System\JrTsgjs.exe
  2⤵
  PID:3160
- C:\Windows\System\TGlnGvU.exe
  C:\Windows\System\TGlnGvU.exe
  2⤵
  PID:3212
- C:\Windows\System\PiaVXjt.exe
  C:\Windows\System\PiaVXjt.exe
  2⤵
  PID:3256
- C:\Windows\System\maSHfrR.exe
  C:\Windows\System\maSHfrR.exe
  2⤵
  PID:3488
- C:\Windows\System\UpfSyuu.exe
  C:\Windows\System\UpfSyuu.exe
  2⤵
  PID:3536
- C:\Windows\System\NvYVkPi.exe
  C:\Windows\System\NvYVkPi.exe
  2⤵
  PID:3620
- C:\Windows\System\QvIuPSf.exe
  C:\Windows\System\QvIuPSf.exe
  2⤵
  PID:3312
- C:\Windows\System\CZMxcOV.exe
  C:\Windows\System\CZMxcOV.exe
  2⤵
  PID:3328
- C:\Windows\System\aeFGrXf.exe
  C:\Windows\System\aeFGrXf.exe
  2⤵
  PID:3428
- C:\Windows\System\qZdsDQK.exe
  C:\Windows\System\qZdsDQK.exe
  2⤵
  PID:3784
- C:\Windows\System\IDVnbGl.exe
  C:\Windows\System\IDVnbGl.exe
  2⤵
  PID:3932
- C:\Windows\System\OsxFKRg.exe
  C:\Windows\System\OsxFKRg.exe
  2⤵
  PID:4016
- C:\Windows\System\uAlAowJ.exe
  C:\Windows\System\uAlAowJ.exe
  2⤵
  PID:4068
- C:\Windows\System\qFfJpja.exe
  C:\Windows\System\qFfJpja.exe
  2⤵
  PID:1616
- C:\Windows\System\McNFugs.exe
  C:\Windows\System\McNFugs.exe
  2⤵
  PID:1708
- C:\Windows\System\fmCoEgg.exe
  C:\Windows\System\fmCoEgg.exe
  2⤵
  PID:3468
- C:\Windows\System\qhYSbGe.exe
  C:\Windows\System\qhYSbGe.exe
  2⤵
  PID:2628
- C:\Windows\System\fgFXSeY.exe
  C:\Windows\System\fgFXSeY.exe
  2⤵
  PID:3756
- C:\Windows\System\BGdrcwW.exe
  C:\Windows\System\BGdrcwW.exe
  2⤵
  PID:3804
- C:\Windows\System\QiSpcEc.exe
  C:\Windows\System\QiSpcEc.exe
  2⤵
  PID:3680
- C:\Windows\System\bqVMThw.exe
  C:\Windows\System\bqVMThw.exe
  2⤵
  PID:3556
- C:\Windows\System\CEKQyoW.exe
  C:\Windows\System\CEKQyoW.exe
  2⤵
  PID:3852
- C:\Windows\System\MPOrMbe.exe
  C:\Windows\System\MPOrMbe.exe
  2⤵
  PID:3872
- C:\Windows\System\UTdJpfI.exe
  C:\Windows\System\UTdJpfI.exe
  2⤵
  PID:3892
- C:\Windows\System\hwqYXiy.exe
  C:\Windows\System\hwqYXiy.exe
  2⤵
  PID:1584
- C:\Windows\System\buuHikm.exe
  C:\Windows\System\buuHikm.exe
  2⤵
  PID:2544
- C:\Windows\System\qNawoVM.exe
  C:\Windows\System\qNawoVM.exe
  2⤵
  PID:3948
- C:\Windows\System\aRdnxHD.exe
  C:\Windows\System\aRdnxHD.exe
  2⤵
  PID:3960
- C:\Windows\System\JTyCnTx.exe
  C:\Windows\System\JTyCnTx.exe
  2⤵
  PID:4004
- C:\Windows\System\dPickvV.exe
  C:\Windows\System\dPickvV.exe
  2⤵
  PID:4048
- C:\Windows\System\wKNfUNP.exe
  C:\Windows\System\wKNfUNP.exe
  2⤵
  PID:3240
- C:\Windows\System\rGkQDwD.exe
  C:\Windows\System\rGkQDwD.exe
  2⤵
  PID:2648
- C:\Windows\System\HjujlwK.exe
  C:\Windows\System\HjujlwK.exe
  2⤵
  PID:336
- C:\Windows\System\oasWveq.exe
  C:\Windows\System\oasWveq.exe
  2⤵
  PID:1644
- C:\Windows\System\hwqNKTV.exe
  C:\Windows\System\hwqNKTV.exe
  2⤵
  PID:3156
- C:\Windows\System\WKJjDrG.exe
  C:\Windows\System\WKJjDrG.exe
  2⤵
  PID:3528
- C:\Windows\System\hQgajrJ.exe
  C:\Windows\System\hQgajrJ.exe
  2⤵
  PID:3380
- C:\Windows\System\baYqwEm.exe
  C:\Windows\System\baYqwEm.exe
  2⤵
  PID:3136
- C:\Windows\System\PlvCCXe.exe
  C:\Windows\System\PlvCCXe.exe
  2⤵
  PID:3388
- C:\Windows\System\vDApPyn.exe
  C:\Windows\System\vDApPyn.exe
  2⤵
  PID:3360
- C:\Windows\System\smNUMRn.exe
  C:\Windows\System\smNUMRn.exe
  2⤵
  PID:3104
- C:\Windows\System\ILdWftK.exe
  C:\Windows\System\ILdWftK.exe
  2⤵
  PID:3576
- C:\Windows\System\FydnVKM.exe
  C:\Windows\System\FydnVKM.exe
  2⤵
  PID:3324
- C:\Windows\System\iXCmeyl.exe
  C:\Windows\System\iXCmeyl.exe
  2⤵
  PID:3700
- C:\Windows\System\iUalxis.exe
  C:\Windows\System\iUalxis.exe
  2⤵
  PID:3596
- C:\Windows\System\GyNgshK.exe
  C:\Windows\System\GyNgshK.exe
  2⤵
  PID:3772
- C:\Windows\System\SKMyXVL.exe
  C:\Windows\System\SKMyXVL.exe
  2⤵
  PID:3588
- C:\Windows\System\VbyaavQ.exe
  C:\Windows\System\VbyaavQ.exe
  2⤵
  PID:3900
- C:\Windows\System\QSZDdbd.exe
  C:\Windows\System\QSZDdbd.exe
  2⤵
  PID:540
- C:\Windows\System\zBKyPak.exe
  C:\Windows\System\zBKyPak.exe
  2⤵
  PID:3812
- C:\Windows\System\ZKEkWDC.exe
  C:\Windows\System\ZKEkWDC.exe
  2⤵
  PID:2736
- C:\Windows\System\hCpPGVY.exe
  C:\Windows\System\hCpPGVY.exe
  2⤵
  PID:2136
- C:\Windows\System\inxiDFJ.exe
  C:\Windows\System\inxiDFJ.exe
  2⤵
  PID:4084
- C:\Windows\System\yMqPGPG.exe
  C:\Windows\System\yMqPGPG.exe
  2⤵
  PID:3056
- C:\Windows\System\HipMZCE.exe
  C:\Windows\System\HipMZCE.exe
  2⤵
  PID:2640
- C:\Windows\System\oJUiHQg.exe
  C:\Windows\System\oJUiHQg.exe
  2⤵
  PID:3192
- C:\Windows\System\tdxdPuw.exe
  C:\Windows\System\tdxdPuw.exe
  2⤵
  PID:2056
- C:\Windows\System\AgVXTZA.exe
  C:\Windows\System\AgVXTZA.exe
  2⤵
  PID:3888
- C:\Windows\System\MCGrdiC.exe
  C:\Windows\System\MCGrdiC.exe
  2⤵
  PID:3664
- C:\Windows\System\vupTPmK.exe
  C:\Windows\System\vupTPmK.exe
  2⤵
  PID:1316
- C:\Windows\System\maJegFE.exe
  C:\Windows\System\maJegFE.exe
  2⤵
  PID:3356
- C:\Windows\System\yhDFBWT.exe
  C:\Windows\System\yhDFBWT.exe
  2⤵
  PID:4044
- C:\Windows\System\pGTGgsz.exe
  C:\Windows\System\pGTGgsz.exe
  2⤵
  PID:328
- C:\Windows\System\hHEmKMn.exe
  C:\Windows\System\hHEmKMn.exe
  2⤵
  PID:3828
- C:\Windows\System\EYgKyxl.exe
  C:\Windows\System\EYgKyxl.exe
  2⤵
  PID:4064
- C:\Windows\System\wJpqUcQ.exe
  C:\Windows\System\wJpqUcQ.exe
  2⤵
  PID:2000
- C:\Windows\System\YJOTkTZ.exe
  C:\Windows\System\YJOTkTZ.exe
  2⤵
  PID:4000
- C:\Windows\System\fZayHrc.exe
  C:\Windows\System\fZayHrc.exe
  2⤵
  PID:2776
- C:\Windows\System\liVNJEq.exe
  C:\Windows\System\liVNJEq.exe
  2⤵
  PID:3704
- C:\Windows\System\bIxlgBn.exe
  C:\Windows\System\bIxlgBn.exe
  2⤵
  PID:3232
- C:\Windows\System\rHntpJA.exe
  C:\Windows\System\rHntpJA.exe
  2⤵
  PID:4104
- C:\Windows\System\JNhhEKU.exe
  C:\Windows\System\JNhhEKU.exe
  2⤵
  PID:4120
- C:\Windows\System\XmmqSUf.exe
  C:\Windows\System\XmmqSUf.exe
  2⤵
  PID:4140
- C:\Windows\System\ZVZvImr.exe
  C:\Windows\System\ZVZvImr.exe
  2⤵
  PID:4164
- C:\Windows\System\PZapGKu.exe
  C:\Windows\System\PZapGKu.exe
  2⤵
  PID:4184
- C:\Windows\System\WYUdSHa.exe
  C:\Windows\System\WYUdSHa.exe
  2⤵
  PID:4212
- C:\Windows\System\oppQDWH.exe
  C:\Windows\System\oppQDWH.exe
  2⤵
  PID:4228
- C:\Windows\System\ZrVuDDv.exe
  C:\Windows\System\ZrVuDDv.exe
  2⤵
  PID:4244
- C:\Windows\System\lJJvYAl.exe
  C:\Windows\System\lJJvYAl.exe
  2⤵
  PID:4272
- C:\Windows\System\eXRnEWb.exe
  C:\Windows\System\eXRnEWb.exe
  2⤵
  PID:4292
- C:\Windows\System\iyryJco.exe
  C:\Windows\System\iyryJco.exe
  2⤵
  PID:4320
- C:\Windows\System\kKAAOuS.exe
  C:\Windows\System\kKAAOuS.exe
  2⤵
  PID:4388
- C:\Windows\System\EkykBji.exe
  C:\Windows\System\EkykBji.exe
  2⤵
  PID:4408
- C:\Windows\System\urPmKYq.exe
  C:\Windows\System\urPmKYq.exe
  2⤵
  PID:4436
- C:\Windows\System\iBGwKia.exe
  C:\Windows\System\iBGwKia.exe
  2⤵
  PID:4452
- C:\Windows\System\KCGnnoU.exe
  C:\Windows\System\KCGnnoU.exe
  2⤵
  PID:4484
- C:\Windows\System\cMevmTS.exe
  C:\Windows\System\cMevmTS.exe
  2⤵
  PID:4504
- C:\Windows\System\WZJUVHB.exe
  C:\Windows\System\WZJUVHB.exe
  2⤵
  PID:4528
- C:\Windows\System\QbXahfV.exe
  C:\Windows\System\QbXahfV.exe
  2⤵
  PID:4548
- C:\Windows\System\SWuYCjR.exe
  C:\Windows\System\SWuYCjR.exe
  2⤵
  PID:4572
- C:\Windows\System\DvimIBX.exe
  C:\Windows\System\DvimIBX.exe
  2⤵
  PID:4596
- C:\Windows\System\uncXnvv.exe
  C:\Windows\System\uncXnvv.exe
  2⤵
  PID:4616
- C:\Windows\System\zRsybKz.exe
  C:\Windows\System\zRsybKz.exe
  2⤵
  PID:4636
- C:\Windows\System\gisdYpk.exe
  C:\Windows\System\gisdYpk.exe
  2⤵
  PID:4652
- C:\Windows\System\oxTjKrg.exe
  C:\Windows\System\oxTjKrg.exe
  2⤵
  PID:4676
- C:\Windows\System\AlRkMYX.exe
  C:\Windows\System\AlRkMYX.exe
  2⤵
  PID:4720
- C:\Windows\System\jZBwtIy.exe
  C:\Windows\System\jZBwtIy.exe
  2⤵
  PID:4756
- C:\Windows\System\RFEoWcE.exe
  C:\Windows\System\RFEoWcE.exe
  2⤵
  PID:4784
- C:\Windows\System\DgTTlRA.exe
  C:\Windows\System\DgTTlRA.exe
  2⤵
  PID:4804
- C:\Windows\System\CoBnyPm.exe
  C:\Windows\System\CoBnyPm.exe
  2⤵
  PID:4820
- C:\Windows\System\gsNZQQt.exe
  C:\Windows\System\gsNZQQt.exe
  2⤵
  PID:4840
- C:\Windows\System\saYsoab.exe
  C:\Windows\System\saYsoab.exe
  2⤵
  PID:4856
- C:\Windows\System\CYHPqSI.exe
  C:\Windows\System\CYHPqSI.exe
  2⤵
  PID:4872
- C:\Windows\System\PvtMbTb.exe
  C:\Windows\System\PvtMbTb.exe
  2⤵
  PID:4888
- C:\Windows\System\VdYevXr.exe
  C:\Windows\System\VdYevXr.exe
  2⤵
  PID:4904
- C:\Windows\System\GFcljjK.exe
  C:\Windows\System\GFcljjK.exe
  2⤵
  PID:4920
- C:\Windows\System\WnuVkRh.exe
  C:\Windows\System\WnuVkRh.exe
  2⤵
  PID:4964
- C:\Windows\System\vcvCwqO.exe
  C:\Windows\System\vcvCwqO.exe
  2⤵
  PID:4984
- C:\Windows\System\rYHPCtQ.exe
  C:\Windows\System\rYHPCtQ.exe
  2⤵
  PID:5044
- C:\Windows\System\qlAEEqG.exe
  C:\Windows\System\qlAEEqG.exe
  2⤵
  PID:5064
- C:\Windows\System\FJbYYsi.exe
  C:\Windows\System\FJbYYsi.exe
  2⤵
  PID:5088
- C:\Windows\System\SyHSNww.exe
  C:\Windows\System\SyHSNww.exe
  2⤵
  PID:5112
- C:\Windows\System\ZzmfBnG.exe
  C:\Windows\System\ZzmfBnG.exe
  2⤵
  PID:3516
- C:\Windows\System\cXpKDPc.exe
  C:\Windows\System\cXpKDPc.exe
  2⤵
  PID:2912
- C:\Windows\System\xtXkVER.exe
  C:\Windows\System\xtXkVER.exe
  2⤵
  PID:3532
- C:\Windows\System\qCBtFQP.exe
  C:\Windows\System\qCBtFQP.exe
  2⤵
  PID:3904
- C:\Windows\System\PRMfpAu.exe
  C:\Windows\System\PRMfpAu.exe
  2⤵
  PID:1868
- C:\Windows\System\BIdIfDk.exe
  C:\Windows\System\BIdIfDk.exe
  2⤵
  PID:2984
- C:\Windows\System\jfCGguG.exe
  C:\Windows\System\jfCGguG.exe
  2⤵
  PID:676
- C:\Windows\System\XYVLFde.exe
  C:\Windows\System\XYVLFde.exe
  2⤵
  PID:2216
- C:\Windows\System\maFUJuA.exe
  C:\Windows\System\maFUJuA.exe
  2⤵
  PID:3404
- C:\Windows\System\quoFlzP.exe
  C:\Windows\System\quoFlzP.exe
  2⤵
  PID:4136
- C:\Windows\System\ArSxRql.exe
  C:\Windows\System\ArSxRql.exe
  2⤵
  PID:968
- C:\Windows\System\YMifoMB.exe
  C:\Windows\System\YMifoMB.exe
  2⤵
  PID:3292
- C:\Windows\System\VXTokAA.exe
  C:\Windows\System\VXTokAA.exe
  2⤵
  PID:3100
- C:\Windows\System\qSWqHOo.exe
  C:\Windows\System\qSWqHOo.exe
  2⤵
  PID:4264
- C:\Windows\System\mzftmdw.exe
  C:\Windows\System\mzftmdw.exe
  2⤵
  PID:4308
- C:\Windows\System\UHjOKOv.exe
  C:\Windows\System\UHjOKOv.exe
  2⤵
  PID:4204
- C:\Windows\System\xypyNPn.exe
  C:\Windows\System\xypyNPn.exe
  2⤵
  PID:4448
- C:\Windows\System\lXWfMPk.exe
  C:\Windows\System\lXWfMPk.exe
  2⤵
  PID:2188
- C:\Windows\System\fJtQQOS.exe
  C:\Windows\System\fJtQQOS.exe
  2⤵
  PID:4192
- C:\Windows\System\rCBHKHs.exe
  C:\Windows\System\rCBHKHs.exe
  2⤵
  PID:3832
- C:\Windows\System\qUkoJcq.exe
  C:\Windows\System\qUkoJcq.exe
  2⤵
  PID:4336
- C:\Windows\System\nHRoQjo.exe
  C:\Windows\System\nHRoQjo.exe
  2⤵
  PID:4500
- C:\Windows\System\yCQZdAL.exe
  C:\Windows\System\yCQZdAL.exe
  2⤵
  PID:4544
- C:\Windows\System\dhOixZN.exe
  C:\Windows\System\dhOixZN.exe
  2⤵
  PID:4592
- C:\Windows\System\IvpNFFc.exe
  C:\Windows\System\IvpNFFc.exe
  2⤵
  PID:2392
- C:\Windows\System\BBWKgXe.exe
  C:\Windows\System\BBWKgXe.exe
  2⤵
  PID:4476
- C:\Windows\System\LQbhuxp.exe
  C:\Windows\System\LQbhuxp.exe
  2⤵
  PID:4604
- C:\Windows\System\xmLAWth.exe
  C:\Windows\System\xmLAWth.exe
  2⤵
  PID:4648
- C:\Windows\System\FuHoaRN.exe
  C:\Windows\System\FuHoaRN.exe
  2⤵
  PID:4516
- C:\Windows\System\CvmuiDV.exe
  C:\Windows\System\CvmuiDV.exe
  2⤵
  PID:4740
- C:\Windows\System\PaWJcRI.exe
  C:\Windows\System\PaWJcRI.exe
  2⤵
  PID:4696
- C:\Windows\System\mzdubhe.exe
  C:\Windows\System\mzdubhe.exe
  2⤵
  PID:4828
- C:\Windows\System\FDVRsND.exe
  C:\Windows\System\FDVRsND.exe
  2⤵
  PID:4764
- C:\Windows\System\gLQXDoI.exe
  C:\Windows\System\gLQXDoI.exe
  2⤵
  PID:4952
- C:\Windows\System\xHXAinU.exe
  C:\Windows\System\xHXAinU.exe
  2⤵
  PID:4772
- C:\Windows\System\eKHptbS.exe
  C:\Windows\System\eKHptbS.exe
  2⤵
  PID:5000
- C:\Windows\System\uNnxDwH.exe
  C:\Windows\System\uNnxDwH.exe
  2⤵
  PID:5016
- C:\Windows\System\QlsqBPP.exe
  C:\Windows\System\QlsqBPP.exe
  2⤵
  PID:5072
- C:\Windows\System\QUYaqIu.exe
  C:\Windows\System\QUYaqIu.exe
  2⤵
  PID:4976
- C:\Windows\System\ZcCbopY.exe
  C:\Windows\System\ZcCbopY.exe
  2⤵
  PID:4884
- C:\Windows\System\oOjOHiV.exe
  C:\Windows\System\oOjOHiV.exe
  2⤵
  PID:3308
- C:\Windows\System\aaoiUME.exe
  C:\Windows\System\aaoiUME.exe
  2⤵
  PID:4980
- C:\Windows\System\qQeJNVi.exe
  C:\Windows\System\qQeJNVi.exe
  2⤵
  PID:3884
- C:\Windows\System\oavLtHI.exe
  C:\Windows\System\oavLtHI.exe
  2⤵
  PID:5052
- C:\Windows\System\uuHCcXk.exe
  C:\Windows\System\uuHCcXk.exe
  2⤵
  PID:3868
- C:\Windows\System\gUFxJSg.exe
  C:\Windows\System\gUFxJSg.exe
  2⤵
  PID:5108
- C:\Windows\System\voHSPrN.exe
  C:\Windows\System\voHSPrN.exe
  2⤵
  PID:3716
- C:\Windows\System\uXPEzOn.exe
  C:\Windows\System\uXPEzOn.exe
  2⤵
  PID:3824
- C:\Windows\System\FgroeHn.exe
  C:\Windows\System\FgroeHn.exe
  2⤵
  PID:1064
- C:\Windows\System\vsiuncV.exe
  C:\Windows\System\vsiuncV.exe
  2⤵
  PID:3204
- C:\Windows\System\TRgbPSs.exe
  C:\Windows\System\TRgbPSs.exe
  2⤵
  PID:4240
- C:\Windows\System\xTHmiPi.exe
  C:\Windows\System\xTHmiPi.exe
  2⤵
  PID:2156
- C:\Windows\System\bfXxYPV.exe
  C:\Windows\System\bfXxYPV.exe
  2⤵
  PID:4160
- C:\Windows\System\DEgsokW.exe
  C:\Windows\System\DEgsokW.exe
  2⤵
  PID:4148
- C:\Windows\System\iAYZkPF.exe
  C:\Windows\System\iAYZkPF.exe
  2⤵
  PID:4344
- C:\Windows\System\vOcXmCu.exe
  C:\Windows\System\vOcXmCu.exe
  2⤵
  PID:4524
- C:\Windows\System\kJYiuXA.exe
  C:\Windows\System\kJYiuXA.exe
  2⤵
  PID:4364
- C:\Windows\System\fjXUuap.exe
  C:\Windows\System\fjXUuap.exe
  2⤵
  PID:4416
- C:\Windows\System\etybwks.exe
  C:\Windows\System\etybwks.exe
  2⤵
  PID:4424
- C:\Windows\System\HTfIfeX.exe
  C:\Windows\System\HTfIfeX.exe
  2⤵
  PID:4628
- C:\Windows\System\ZdZmVFP.exe
  C:\Windows\System\ZdZmVFP.exe
  2⤵
  PID:4668
- C:\Windows\System\oSXzMci.exe
  C:\Windows\System\oSXzMci.exe
  2⤵
  PID:4472
- C:\Windows\System\ZrqLnkh.exe
  C:\Windows\System\ZrqLnkh.exe
  2⤵
  PID:4748
- C:\Windows\System\QkGVSKK.exe
  C:\Windows\System\QkGVSKK.exe
  2⤵
  PID:4736
- C:\Windows\System\NOCxaKT.exe
  C:\Windows\System\NOCxaKT.exe
  2⤵
  PID:4712
- C:\Windows\System\wkaHGWn.exe
  C:\Windows\System\wkaHGWn.exe
  2⤵
  PID:4956
- C:\Windows\System\rqRfgdV.exe
  C:\Windows\System\rqRfgdV.exe
  2⤵
  PID:4896
- C:\Windows\System\lcMaPPr.exe
  C:\Windows\System\lcMaPPr.exe
  2⤵
  PID:5012
- C:\Windows\System\JecopBT.exe
  C:\Windows\System\JecopBT.exe
  2⤵
  PID:4996
- C:\Windows\System\bnzYwqo.exe
  C:\Windows\System\bnzYwqo.exe
  2⤵
  PID:5032
- C:\Windows\System\DbpgBQn.exe
  C:\Windows\System\DbpgBQn.exe
  2⤵
  PID:5036
- C:\Windows\System\hyKIhHL.exe
  C:\Windows\System\hyKIhHL.exe
  2⤵
  PID:3508
- C:\Windows\System\OMNCLdZ.exe
  C:\Windows\System\OMNCLdZ.exe
  2⤵
  PID:4812
- C:\Windows\System\nrgwOqo.exe
  C:\Windows\System\nrgwOqo.exe
  2⤵
  PID:4180
- C:\Windows\System\veRSuCR.exe
  C:\Windows\System\veRSuCR.exe
  2⤵
  PID:2916
- C:\Windows\System\TESqEux.exe
  C:\Windows\System\TESqEux.exe
  2⤵
  PID:4404
- C:\Windows\System\ARzvrOH.exe
  C:\Windows\System\ARzvrOH.exe
  2⤵
  PID:1136
- C:\Windows\System\PkNCJhT.exe
  C:\Windows\System\PkNCJhT.exe
  2⤵
  PID:1356
- C:\Windows\System\wTBxxEn.exe
  C:\Windows\System\wTBxxEn.exe
  2⤵
  PID:2780
- C:\Windows\System\krEDkfG.exe
  C:\Windows\System\krEDkfG.exe
  2⤵
  PID:4112
- C:\Windows\System\wSopEIL.exe
  C:\Windows\System\wSopEIL.exe
  2⤵
  PID:580
- C:\Windows\System\GqkPqUr.exe
  C:\Windows\System\GqkPqUr.exe
  2⤵
  PID:4556
- C:\Windows\System\wnHUpZB.exe
  C:\Windows\System\wnHUpZB.exe
  2⤵
  PID:4580
- C:\Windows\System\wkjwyLJ.exe
  C:\Windows\System\wkjwyLJ.exe
  2⤵
  PID:4560
- C:\Windows\System\MNAxYFt.exe
  C:\Windows\System\MNAxYFt.exe
  2⤵
  PID:4672
- C:\Windows\System\tMUaUtT.exe
  C:\Windows\System\tMUaUtT.exe
  2⤵
  PID:4868
- C:\Windows\System\xpRRIey.exe
  C:\Windows\System\xpRRIey.exe
  2⤵
  PID:4936
- C:\Windows\System\hMZgdpC.exe
  C:\Windows\System\hMZgdpC.exe
  2⤵
  PID:4944
- C:\Windows\System\aqUCENt.exe
  C:\Windows\System\aqUCENt.exe
  2⤵
  PID:4796
- C:\Windows\System\RAYJtBt.exe
  C:\Windows\System\RAYJtBt.exe
  2⤵
  PID:4852
- C:\Windows\System\imuzWIU.exe
  C:\Windows\System\imuzWIU.exe
  2⤵
  PID:4848
- C:\Windows\System\WiRpquR.exe
  C:\Windows\System\WiRpquR.exe
  2⤵
  PID:4256
- C:\Windows\System\faKVuea.exe
  C:\Windows\System\faKVuea.exe
  2⤵
  PID:3636
- C:\Windows\System\NhKgQeo.exe
  C:\Windows\System\NhKgQeo.exe
  2⤵
  PID:3344
- C:\Windows\System\UmkwGsn.exe
  C:\Windows\System\UmkwGsn.exe
  2⤵
  PID:1748
- C:\Windows\System\NzCCvCY.exe
  C:\Windows\System\NzCCvCY.exe
  2⤵
  PID:780
- C:\Windows\System\BjHjXrG.exe
  C:\Windows\System\BjHjXrG.exe
  2⤵
  PID:1864
- C:\Windows\System\YNBeHUx.exe
  C:\Windows\System\YNBeHUx.exe
  2⤵
  PID:3568
- C:\Windows\System\rJPmXdz.exe
  C:\Windows\System\rJPmXdz.exe
  2⤵
  PID:4420
- C:\Windows\System\kfVnPOW.exe
  C:\Windows\System\kfVnPOW.exe
  2⤵
  PID:4564
- C:\Windows\System\NoGLWQu.exe
  C:\Windows\System\NoGLWQu.exe
  2⤵
  PID:4664
- C:\Windows\System\BKijueH.exe
  C:\Windows\System\BKijueH.exe
  2⤵
  PID:4708
- C:\Windows\System\BkfDhfM.exe
  C:\Windows\System\BkfDhfM.exe
  2⤵
  PID:2880
- C:\Windows\System\AaUXRwL.exe
  C:\Windows\System\AaUXRwL.exe
  2⤵
  PID:1992
- C:\Windows\System\nEjJdOu.exe
  C:\Windows\System\nEjJdOu.exe
  2⤵
  PID:4972
- C:\Windows\System\yBClIux.exe
  C:\Windows\System\yBClIux.exe
  2⤵
  PID:5060
- C:\Windows\System\DxoDJpb.exe
  C:\Windows\System\DxoDJpb.exe
  2⤵
  PID:3068
- C:\Windows\System\Broxcqb.exe
  C:\Windows\System\Broxcqb.exe
  2⤵
  PID:2756
- C:\Windows\System\RnXrkVp.exe
  C:\Windows\System\RnXrkVp.exe
  2⤵
  PID:3400
- C:\Windows\System\DqVcxHC.exe
  C:\Windows\System\DqVcxHC.exe
  2⤵
  PID:3148
- C:\Windows\System\TWjeCUc.exe
  C:\Windows\System\TWjeCUc.exe
  2⤵
  PID:4316
- C:\Windows\System\DBadEBi.exe
  C:\Windows\System\DBadEBi.exe
  2⤵
  PID:1360
- C:\Windows\System\JVQyjCt.exe
  C:\Windows\System\JVQyjCt.exe
  2⤵
  PID:4260
- C:\Windows\System\kWkuWte.exe
  C:\Windows\System\kWkuWte.exe
  2⤵
  PID:4428
- C:\Windows\System\uPzWOHd.exe
  C:\Windows\System\uPzWOHd.exe
  2⤵
  PID:4612
- C:\Windows\System\BgBkCHI.exe
  C:\Windows\System\BgBkCHI.exe
  2⤵
  PID:2576
- C:\Windows\System\TyCauLH.exe
  C:\Windows\System\TyCauLH.exe
  2⤵
  PID:3000
- C:\Windows\System\YXmyVmt.exe
  C:\Windows\System\YXmyVmt.exe
  2⤵
  PID:908
- C:\Windows\System\dXLULJi.exe
  C:\Windows\System\dXLULJi.exe
  2⤵
  PID:3008
- C:\Windows\System\XVLPWbx.exe
  C:\Windows\System\XVLPWbx.exe
  2⤵
  PID:4224
- C:\Windows\System\JPSRZsv.exe
  C:\Windows\System\JPSRZsv.exe
  2⤵
  PID:1436
- C:\Windows\System\ZsAcaXf.exe
  C:\Windows\System\ZsAcaXf.exe
  2⤵
  PID:2740
- C:\Windows\System\wdpjrfs.exe
  C:\Windows\System\wdpjrfs.exe
  2⤵
  PID:1308
- C:\Windows\System\tXLItda.exe
  C:\Windows\System\tXLItda.exe
  2⤵
  PID:2656
- C:\Windows\System\zBUljKV.exe
  C:\Windows\System\zBUljKV.exe
  2⤵
  PID:1928
- C:\Windows\System\gEJwhls.exe
  C:\Windows\System\gEJwhls.exe
  2⤵
  PID:4492
- C:\Windows\System\FOHycqw.exe
  C:\Windows\System\FOHycqw.exe
  2⤵
  PID:4360
- C:\Windows\System\KVBquGf.exe
  C:\Windows\System\KVBquGf.exe
  2⤵
  PID:4780
- C:\Windows\System\bSZaXxZ.exe
  C:\Windows\System\bSZaXxZ.exe
  2⤵
  PID:2364
- C:\Windows\System\FBsQePB.exe
  C:\Windows\System\FBsQePB.exe
  2⤵
  PID:4916
- C:\Windows\System\ykjxXuS.exe
  C:\Windows\System\ykjxXuS.exe
  2⤵
  PID:896
- C:\Windows\System\yzmpGak.exe
  C:\Windows\System\yzmpGak.exe
  2⤵
  PID:3864
- C:\Windows\System\fLlWLsS.exe
  C:\Windows\System\fLlWLsS.exe
  2⤵
  PID:3592
- C:\Windows\System\umFatcJ.exe
  C:\Windows\System\umFatcJ.exe
  2⤵
  PID:4792
- C:\Windows\System\ArsHkMP.exe
  C:\Windows\System\ArsHkMP.exe
  2⤵
  PID:1724
- C:\Windows\System\MQhLbzv.exe
  C:\Windows\System\MQhLbzv.exe
  2⤵
  PID:2804
- C:\Windows\System\IQYOZMW.exe
  C:\Windows\System\IQYOZMW.exe
  2⤵
  PID:2752
- C:\Windows\System\RYVzyTt.exe
  C:\Windows\System\RYVzyTt.exe
  2⤵
  PID:1480
- C:\Windows\System\nOHWzyj.exe
  C:\Windows\System\nOHWzyj.exe
  2⤵
  PID:3660
- C:\Windows\System\paZfQvO.exe
  C:\Windows\System\paZfQvO.exe
  2⤵
  PID:1164
- C:\Windows\System\SqPLglF.exe
  C:\Windows\System\SqPLglF.exe
  2⤵
  PID:2672
- C:\Windows\System\LAiUMwL.exe
  C:\Windows\System\LAiUMwL.exe
  2⤵
  PID:912
- C:\Windows\System\ZYwSnQa.exe
  C:\Windows\System\ZYwSnQa.exe
  2⤵
  PID:2812
- C:\Windows\System\YPuMAlV.exe
  C:\Windows\System\YPuMAlV.exe
  2⤵
  PID:1972
- C:\Windows\System\xAnPzFQ.exe
  C:\Windows\System\xAnPzFQ.exe
  2⤵
  PID:2768
- C:\Windows\System\cLPVWSO.exe
  C:\Windows\System\cLPVWSO.exe
  2⤵
  PID:812
- C:\Windows\System\kOkKyYZ.exe
  C:\Windows\System\kOkKyYZ.exe
  2⤵
  PID:2584
- C:\Windows\System\crIbaKY.exe
  C:\Windows\System\crIbaKY.exe
  2⤵
  PID:3484
- C:\Windows\System\tmSxpND.exe
  C:\Windows\System\tmSxpND.exe
  2⤵
  PID:2568
- C:\Windows\System\FqKeFXj.exe
  C:\Windows\System\FqKeFXj.exe
  2⤵
  PID:2536
- C:\Windows\System\RQEKdBQ.exe
  C:\Windows\System\RQEKdBQ.exe
  2⤵
  PID:1320
- C:\Windows\System\RHdSeSS.exe
  C:\Windows\System\RHdSeSS.exe
  2⤵
  PID:2616
- C:\Windows\System\CTeWTGU.exe
  C:\Windows\System\CTeWTGU.exe
  2⤵
  PID:5084
- C:\Windows\System\BboCFsz.exe
  C:\Windows\System\BboCFsz.exe
  2⤵
  PID:2760
- C:\Windows\System\rQtpNOZ.exe
  C:\Windows\System\rQtpNOZ.exe
  2⤵
  PID:1784
- C:\Windows\System\JfxtbXu.exe
  C:\Windows\System\JfxtbXu.exe
  2⤵
  PID:2588
- C:\Windows\System\hSafgFF.exe
  C:\Windows\System\hSafgFF.exe
  2⤵
  PID:2360
- C:\Windows\System\KAGkvMp.exe
  C:\Windows\System\KAGkvMp.exe
  2⤵
  PID:5124
- C:\Windows\System\aubkqBs.exe
  C:\Windows\System\aubkqBs.exe
  2⤵
  PID:5140
- C:\Windows\System\tTwDWhx.exe
  C:\Windows\System\tTwDWhx.exe
  2⤵
  PID:5176
- C:\Windows\System\AAnbiPn.exe
  C:\Windows\System\AAnbiPn.exe
  2⤵
  PID:5196
- C:\Windows\System\thLRUSB.exe
  C:\Windows\System\thLRUSB.exe
  2⤵
  PID:5212
- C:\Windows\System\sXmjYEn.exe
  C:\Windows\System\sXmjYEn.exe
  2⤵
  PID:5228
- C:\Windows\System\sNbkSUk.exe
  C:\Windows\System\sNbkSUk.exe
  2⤵
  PID:5244
- C:\Windows\System\JKadIhF.exe
  C:\Windows\System\JKadIhF.exe
  2⤵
  PID:5260
- C:\Windows\System\XoHvXUo.exe
  C:\Windows\System\XoHvXUo.exe
  2⤵
  PID:5276
- C:\Windows\System\VkvghPu.exe
  C:\Windows\System\VkvghPu.exe
  2⤵
  PID:5292
- C:\Windows\System\TYQbhlE.exe
  C:\Windows\System\TYQbhlE.exe
  2⤵
  PID:5312
- C:\Windows\System\IPdjvhx.exe
  C:\Windows\System\IPdjvhx.exe
  2⤵
  PID:5332
- C:\Windows\System\WEihWSW.exe
  C:\Windows\System\WEihWSW.exe
  2⤵
  PID:5356
- C:\Windows\System\aFewqEN.exe
  C:\Windows\System\aFewqEN.exe
  2⤵
  PID:5372
- C:\Windows\System\TyFSKNK.exe
  C:\Windows\System\TyFSKNK.exe
  2⤵
  PID:5492
- C:\Windows\System\swgxahs.exe
  C:\Windows\System\swgxahs.exe
  2⤵
  PID:5516
- C:\Windows\System\zXghuEY.exe
  C:\Windows\System\zXghuEY.exe
  2⤵
  PID:5560
- C:\Windows\System\XQtHyfW.exe
  C:\Windows\System\XQtHyfW.exe
  2⤵
  PID:5576
- C:\Windows\System\xCODnKY.exe
  C:\Windows\System\xCODnKY.exe
  2⤵
  PID:5608
- C:\Windows\System\rHFXMxY.exe
  C:\Windows\System\rHFXMxY.exe
  2⤵
  PID:5636
- C:\Windows\System\GXgBLQW.exe
  C:\Windows\System\GXgBLQW.exe
  2⤵
  PID:5664
- C:\Windows\System\GoioBLb.exe
  C:\Windows\System\GoioBLb.exe
  2⤵
  PID:5684
- C:\Windows\System\wqVohGX.exe
  C:\Windows\System\wqVohGX.exe
  2⤵
  PID:5704
- C:\Windows\System\PgqjudV.exe
  C:\Windows\System\PgqjudV.exe
  2⤵
  PID:5724
- C:\Windows\System\HUkIpER.exe
  C:\Windows\System\HUkIpER.exe
  2⤵
  PID:5740
- C:\Windows\System\tiSnltd.exe
  C:\Windows\System\tiSnltd.exe
  2⤵
  PID:5756
- C:\Windows\System\vskERVW.exe
  C:\Windows\System\vskERVW.exe
  2⤵
  PID:5772
- C:\Windows\System\oKruEYG.exe
  C:\Windows\System\oKruEYG.exe
  2⤵
  PID:5792
- C:\Windows\System\Xtaxltg.exe
  C:\Windows\System\Xtaxltg.exe
  2⤵
  PID:5808
- C:\Windows\System\cDbpTpl.exe
  C:\Windows\System\cDbpTpl.exe
  2⤵
  PID:5828
- C:\Windows\System\lZxUEgO.exe
  C:\Windows\System\lZxUEgO.exe
  2⤵
  PID:5852
- C:\Windows\System\lUxReaC.exe
  C:\Windows\System\lUxReaC.exe
  2⤵
  PID:5880
- C:\Windows\System\bMhsiZL.exe
  C:\Windows\System\bMhsiZL.exe
  2⤵
  PID:5916
- C:\Windows\System\lsVikxJ.exe
  C:\Windows\System\lsVikxJ.exe
  2⤵
  PID:5936
- C:\Windows\System\HvdOwjU.exe
  C:\Windows\System\HvdOwjU.exe
  2⤵
  PID:5972
- C:\Windows\System\WMrpowh.exe
  C:\Windows\System\WMrpowh.exe
  2⤵
  PID:6000
- C:\Windows\System\pOPShtr.exe
  C:\Windows\System\pOPShtr.exe
  2⤵
  PID:6056
- C:\Windows\System\EDjRynd.exe
  C:\Windows\System\EDjRynd.exe
  2⤵
  PID:6072
- C:\Windows\System\dkInRQq.exe
  C:\Windows\System\dkInRQq.exe
  2⤵
  PID:6096
- C:\Windows\System\kvLIwoM.exe
  C:\Windows\System\kvLIwoM.exe
  2⤵
  PID:6112
- C:\Windows\System\MYVMrre.exe
  C:\Windows\System\MYVMrre.exe
  2⤵
  PID:6128
- C:\Windows\System\QbFuWpC.exe
  C:\Windows\System\QbFuWpC.exe
  2⤵
  PID:4688
- C:\Windows\System\LJddXpC.exe
  C:\Windows\System\LJddXpC.exe
  2⤵
  PID:5104
- C:\Windows\System\UiaRHfp.exe
  C:\Windows\System\UiaRHfp.exe
  2⤵
  PID:4928
- C:\Windows\System\XxEnLyO.exe
  C:\Windows\System\XxEnLyO.exe
  2⤵
  PID:2020
- C:\Windows\System\pUAkLxx.exe
  C:\Windows\System\pUAkLxx.exe
  2⤵
  PID:5136
- C:\Windows\System\VezDpco.exe
  C:\Windows\System\VezDpco.exe
  2⤵
  PID:5164
- C:\Windows\System\ZaVziqa.exe
  C:\Windows\System\ZaVziqa.exe
  2⤵
  PID:4836
- C:\Windows\System\wRbsTPZ.exe
  C:\Windows\System\wRbsTPZ.exe
  2⤵
  PID:5268
- C:\Windows\System\nzcXLSs.exe
  C:\Windows\System\nzcXLSs.exe
  2⤵
  PID:5188
- C:\Windows\System\vaMaGtG.exe
  C:\Windows\System\vaMaGtG.exe
  2⤵
  PID:5284
- C:\Windows\System\sLJrGCx.exe
  C:\Windows\System\sLJrGCx.exe
  2⤵
  PID:5348
- C:\Windows\System\uBrDwBH.exe
  C:\Windows\System\uBrDwBH.exe
  2⤵
  PID:5352
- C:\Windows\System\tjQXnqJ.exe
  C:\Windows\System\tjQXnqJ.exe
  2⤵
  PID:5328
- C:\Windows\System\xJRUVNL.exe
  C:\Windows\System\xJRUVNL.exe
  2⤵
  PID:5400
- C:\Windows\System\ruFHYdF.exe
  C:\Windows\System\ruFHYdF.exe
  2⤵
  PID:5404
- C:\Windows\System\TCLsdoA.exe
  C:\Windows\System\TCLsdoA.exe
  2⤵
  PID:5424
- C:\Windows\System\VXsrwed.exe
  C:\Windows\System\VXsrwed.exe
  2⤵
  PID:5460
- C:\Windows\System\thntuJp.exe
  C:\Windows\System\thntuJp.exe
  2⤵
  PID:5440
- C:\Windows\System\UBPhaFN.exe
  C:\Windows\System\UBPhaFN.exe
  2⤵
  PID:5468
- C:\Windows\System\deMqnZQ.exe
  C:\Windows\System\deMqnZQ.exe
  2⤵
  PID:5512
- C:\Windows\System\ixzdxgS.exe
  C:\Windows\System\ixzdxgS.exe
  2⤵
  PID:5504
- C:\Windows\System\mOZgTQd.exe
  C:\Windows\System\mOZgTQd.exe
  2⤵
  PID:5544
- C:\Windows\System\nxbVUFY.exe
  C:\Windows\System\nxbVUFY.exe
  2⤵
  PID:5596
- C:\Windows\System\RMwcRnC.exe
  C:\Windows\System\RMwcRnC.exe
  2⤵
  PID:5600
- C:\Windows\System\cSkYlvp.exe
  C:\Windows\System\cSkYlvp.exe
  2⤵
  PID:5656
- C:\Windows\System\NmnEbtB.exe
  C:\Windows\System\NmnEbtB.exe
  2⤵
  PID:5624
- C:\Windows\System\ZSLeFAB.exe
  C:\Windows\System\ZSLeFAB.exe
  2⤵
  PID:5680
- C:\Windows\System\eeuuwlI.exe
  C:\Windows\System\eeuuwlI.exe
  2⤵
  PID:5700
- C:\Windows\System\zkAyJWQ.exe
  C:\Windows\System\zkAyJWQ.exe
  2⤵
  PID:5732
- C:\Windows\System\OtYDtmL.exe
  C:\Windows\System\OtYDtmL.exe
  2⤵
  PID:5804
- C:\Windows\System\NgbTDEj.exe
  C:\Windows\System\NgbTDEj.exe
  2⤵
  PID:5788
- C:\Windows\System\EIDhtDf.exe
  C:\Windows\System\EIDhtDf.exe
  2⤵
  PID:5864
- C:\Windows\System\eIlVfib.exe
  C:\Windows\System\eIlVfib.exe
  2⤵
  PID:5876
- C:\Windows\System\aVoQSLN.exe
  C:\Windows\System\aVoQSLN.exe
  2⤵
  PID:5904
- C:\Windows\System\zrvERwI.exe
  C:\Windows\System\zrvERwI.exe
  2⤵
  PID:5908
- C:\Windows\System\GDPRjot.exe
  C:\Windows\System\GDPRjot.exe
  2⤵
  PID:5960
- C:\Windows\System\wxmoLDM.exe
  C:\Windows\System\wxmoLDM.exe
  2⤵
  PID:5948
- C:\Windows\System\IaxJBYb.exe
  C:\Windows\System\IaxJBYb.exe
  2⤵
  PID:6028
- C:\Windows\System\nsPkabf.exe
  C:\Windows\System\nsPkabf.exe
  2⤵
  PID:6048
- C:\Windows\System\OVeBzQY.exe
  C:\Windows\System\OVeBzQY.exe
  2⤵
  PID:6108
- C:\Windows\System\PmvhNYU.exe
  C:\Windows\System\PmvhNYU.exe
  2⤵
  PID:2732
- C:\Windows\System\nvQadBY.exe
  C:\Windows\System\nvQadBY.exe
  2⤵
  PID:2872
- C:\Windows\System\snInpoM.exe
  C:\Windows\System\snInpoM.exe
  2⤵
  PID:5184
- C:\Windows\System\EEcmKpl.exe
  C:\Windows\System\EEcmKpl.exe
  2⤵
  PID:6032
- C:\Windows\System\BiIEYzP.exe
  C:\Windows\System\BiIEYzP.exe
  2⤵
  PID:5384
- C:\Windows\System\ZfxnBND.exe
  C:\Windows\System\ZfxnBND.exe
  2⤵
  PID:5340
- C:\Windows\System\OuPBExe.exe
  C:\Windows\System\OuPBExe.exe
  2⤵
  PID:2264
- C:\Windows\System\ELtYdlj.exe
  C:\Windows\System\ELtYdlj.exe
  2⤵
  PID:5152
- C:\Windows\System\ZojvZjA.exe
  C:\Windows\System\ZojvZjA.exe
  2⤵
  PID:5368
- C:\Windows\System\vayhuxb.exe
  C:\Windows\System\vayhuxb.exe
  2⤵
  PID:5584
- C:\Windows\System\aLEqsbz.exe
  C:\Windows\System\aLEqsbz.exe
  2⤵
  PID:5984
- C:\Windows\System\lxZeqZh.exe
  C:\Windows\System\lxZeqZh.exe
  2⤵
  PID:6020
- C:\Windows\System\emFuDPw.exe
  C:\Windows\System\emFuDPw.exe
  2⤵
  PID:6040
- C:\Windows\System\ItbOWnn.exe
  C:\Windows\System\ItbOWnn.exe
  2⤵
  PID:1556
- C:\Windows\System\DkzCXfT.exe
  C:\Windows\System\DkzCXfT.exe
  2⤵
  PID:5488
- C:\Windows\System\vxtzGNz.exe
  C:\Windows\System\vxtzGNz.exe
  2⤵
  PID:5208
- C:\Windows\System\VRMfRqh.exe
  C:\Windows\System\VRMfRqh.exe
  2⤵
  PID:1368
- C:\Windows\System\BAzwIGQ.exe
  C:\Windows\System\BAzwIGQ.exe
  2⤵
  PID:6120
- C:\Windows\System\wrkshyh.exe
  C:\Windows\System\wrkshyh.exe
  2⤵
  PID:5240
- C:\Windows\System\SmDMGJk.exe
  C:\Windows\System\SmDMGJk.exe
  2⤵
  PID:5484
- C:\Windows\System\whvABaU.exe
  C:\Windows\System\whvABaU.exe
  2⤵
  PID:5472
- C:\Windows\System\XHtsEee.exe
  C:\Windows\System\XHtsEee.exe
  2⤵
  PID:5692
- C:\Windows\System\aHHzmOi.exe
  C:\Windows\System\aHHzmOi.exe
  2⤵
  PID:5320
- C:\Windows\System\APprUcV.exe
  C:\Windows\System\APprUcV.exe
  2⤵
  PID:5672
- C:\Windows\System\ZqfiNgd.exe
  C:\Windows\System\ZqfiNgd.exe
  2⤵
  PID:5588
- C:\Windows\System\SnmxFsp.exe
  C:\Windows\System\SnmxFsp.exe
  2⤵
  PID:5752
- C:\Windows\System\aCQvFmh.exe
  C:\Windows\System\aCQvFmh.exe
  2⤵
  PID:5820
- C:\Windows\System\VCDvinJ.exe
  C:\Windows\System\VCDvinJ.exe
  2⤵
  PID:5768
- C:\Windows\System\iwoFAXl.exe
  C:\Windows\System\iwoFAXl.exe
  2⤵
  PID:5860
- C:\Windows\System\OLNSCcj.exe
  C:\Windows\System\OLNSCcj.exe
  2⤵
  PID:5928
- C:\Windows\System\MvQMPIq.exe
  C:\Windows\System\MvQMPIq.exe
  2⤵
  PID:5912
- C:\Windows\System\ogKbZtn.exe
  C:\Windows\System\ogKbZtn.exe
  2⤵
  PID:5968
- C:\Windows\System\ZjpNNpB.exe
  C:\Windows\System\ZjpNNpB.exe
  2⤵
  PID:2120
- C:\Windows\System\vNctHev.exe
  C:\Windows\System\vNctHev.exe
  2⤵
  PID:5148
- C:\Windows\System\OIuytWM.exe
  C:\Windows\System\OIuytWM.exe
  2⤵
  PID:5304
- C:\Windows\System\cOAaRvb.exe
  C:\Windows\System\cOAaRvb.exe
  2⤵
  PID:5620
- C:\Windows\System\ZCEWxsn.exe
  C:\Windows\System\ZCEWxsn.exe
  2⤵
  PID:5780
- C:\Windows\System\lgIElkY.exe
  C:\Windows\System\lgIElkY.exe
  2⤵
  PID:5204
- C:\Windows\System\tGMZxQl.exe
  C:\Windows\System\tGMZxQl.exe
  2⤵
  PID:5308
- C:\Windows\System\DvMqCZC.exe
  C:\Windows\System\DvMqCZC.exe
  2⤵
  PID:5844
- C:\Windows\System\YxhWBUm.exe
  C:\Windows\System\YxhWBUm.exe
  2⤵
  PID:5500
- C:\Windows\System\FrZJwmD.exe
  C:\Windows\System\FrZJwmD.exe
  2⤵
  PID:5480
- C:\Windows\System\xZHSdNm.exe
  C:\Windows\System\xZHSdNm.exe
  2⤵
  PID:6140
- C:\Windows\System\lEWIawA.exe
  C:\Windows\System\lEWIawA.exe
  2⤵
  PID:6104
- C:\Windows\System\jvwfphl.exe
  C:\Windows\System\jvwfphl.exe
  2⤵
  PID:5556
- C:\Windows\System\mvoJIcc.exe
  C:\Windows\System\mvoJIcc.exe
  2⤵
  PID:5524
- C:\Windows\System\toZsffi.exe
  C:\Windows\System\toZsffi.exe
  2⤵
  PID:5220
- C:\Windows\System\fzaJIJl.exe
  C:\Windows\System\fzaJIJl.exe
  2⤵
  PID:5528
- C:\Windows\System\CpJhtjd.exe
  C:\Windows\System\CpJhtjd.exe
  2⤵
  PID:5452
- C:\Windows\System\BsziGGM.exe
  C:\Windows\System\BsziGGM.exe
  2⤵
  PID:5132
- C:\Windows\System\sfxzAYB.exe
  C:\Windows\System\sfxzAYB.exe
  2⤵
  PID:6164
- C:\Windows\System\KajCauS.exe
  C:\Windows\System\KajCauS.exe
  2⤵
  PID:6180
- C:\Windows\System\wyxEWUO.exe
  C:\Windows\System\wyxEWUO.exe
  2⤵
  PID:6212
- C:\Windows\System\CSVhYbj.exe
  C:\Windows\System\CSVhYbj.exe
  2⤵
  PID:6228
- C:\Windows\System\lWJXtdZ.exe
  C:\Windows\System\lWJXtdZ.exe
  2⤵
  PID:6244
- C:\Windows\System\vmCKmwO.exe
  C:\Windows\System\vmCKmwO.exe
  2⤵
  PID:6264
- C:\Windows\System\LPbMwpL.exe
  C:\Windows\System\LPbMwpL.exe
  2⤵
  PID:6284
- C:\Windows\System\VGSKRgJ.exe
  C:\Windows\System\VGSKRgJ.exe
  2⤵
  PID:6300
- C:\Windows\System\cdcPbGp.exe
  C:\Windows\System\cdcPbGp.exe
  2⤵
  PID:6316
- C:\Windows\System\ehVeRvo.exe
  C:\Windows\System\ehVeRvo.exe
  2⤵
  PID:6332
- C:\Windows\System\wYuqkZI.exe
  C:\Windows\System\wYuqkZI.exe
  2⤵
  PID:6352
- C:\Windows\System\LksrUOp.exe
  C:\Windows\System\LksrUOp.exe
  2⤵
  PID:6376
- C:\Windows\System\WgyfEuR.exe
  C:\Windows\System\WgyfEuR.exe
  2⤵
  PID:6392
- C:\Windows\System\zNznzMN.exe
  C:\Windows\System\zNznzMN.exe
  2⤵
  PID:6408
- C:\Windows\System\PnHjSex.exe
  C:\Windows\System\PnHjSex.exe
  2⤵
  PID:6432
- C:\Windows\System\hoqRQhp.exe
  C:\Windows\System\hoqRQhp.exe
  2⤵
  PID:6448
- C:\Windows\System\rBqVySa.exe
  C:\Windows\System\rBqVySa.exe
  2⤵
  PID:6464
- C:\Windows\System\plOTIzH.exe
  C:\Windows\System\plOTIzH.exe
  2⤵
  PID:6480
- C:\Windows\System\JtVugHr.exe
  C:\Windows\System\JtVugHr.exe
  2⤵
  PID:6496
- C:\Windows\System\ExYYpbI.exe
  C:\Windows\System\ExYYpbI.exe
  2⤵
  PID:6512
- C:\Windows\System\CExzgCq.exe
  C:\Windows\System\CExzgCq.exe
  2⤵
  PID:6528
- C:\Windows\System\EHxOGBu.exe
  C:\Windows\System\EHxOGBu.exe
  2⤵
  PID:6544
- C:\Windows\System\MuwPXOS.exe
  C:\Windows\System\MuwPXOS.exe
  2⤵
  PID:6560
- C:\Windows\System\DoMrdHW.exe
  C:\Windows\System\DoMrdHW.exe
  2⤵
  PID:6576
- C:\Windows\System\OeXJHqZ.exe
  C:\Windows\System\OeXJHqZ.exe
  2⤵
  PID:6592
- C:\Windows\System\rWycZfA.exe
  C:\Windows\System\rWycZfA.exe
  2⤵
  PID:6608
- C:\Windows\System\uLVKPcP.exe
  C:\Windows\System\uLVKPcP.exe
  2⤵
  PID:6624
- C:\Windows\System\cqvylxl.exe
  C:\Windows\System\cqvylxl.exe
  2⤵
  PID:6640
- C:\Windows\System\FbNrfNX.exe
  C:\Windows\System\FbNrfNX.exe
  2⤵
  PID:6656
- C:\Windows\System\ZYRsXxs.exe
  C:\Windows\System\ZYRsXxs.exe
  2⤵
  PID:6672
- C:\Windows\System\lqQcptp.exe
  C:\Windows\System\lqQcptp.exe
  2⤵
  PID:6688
- C:\Windows\System\XAWCeOr.exe
  C:\Windows\System\XAWCeOr.exe
  2⤵
  PID:6704
- C:\Windows\System\BgkEygb.exe
  C:\Windows\System\BgkEygb.exe
  2⤵
  PID:6720
- C:\Windows\System\jCYMtrn.exe
  C:\Windows\System\jCYMtrn.exe
  2⤵
  PID:6736
- C:\Windows\System\jYSpYmB.exe
  C:\Windows\System\jYSpYmB.exe
  2⤵
  PID:6752
- C:\Windows\System\aPMnnbS.exe
  C:\Windows\System\aPMnnbS.exe
  2⤵
  PID:6768
- C:\Windows\System\cToXTOr.exe
  C:\Windows\System\cToXTOr.exe
  2⤵
  PID:6784
- C:\Windows\System\yrgtqeZ.exe
  C:\Windows\System\yrgtqeZ.exe
  2⤵
  PID:6800
- C:\Windows\System\ONabflf.exe
  C:\Windows\System\ONabflf.exe
  2⤵
  PID:6816
- C:\Windows\System\OLQVitG.exe
  C:\Windows\System\OLQVitG.exe
  2⤵
  PID:6832
- C:\Windows\System\SrYHUwO.exe
  C:\Windows\System\SrYHUwO.exe
  2⤵
  PID:6848
- C:\Windows\System\birsoZH.exe
  C:\Windows\System\birsoZH.exe
  2⤵
  PID:6864
- C:\Windows\System\RtYQlWx.exe
  C:\Windows\System\RtYQlWx.exe
  2⤵
  PID:6880
- C:\Windows\System\mKxTOsj.exe
  C:\Windows\System\mKxTOsj.exe
  2⤵
  PID:6896
- C:\Windows\System\ACwJrkS.exe
  C:\Windows\System\ACwJrkS.exe
  2⤵
  PID:6912
- C:\Windows\System\OAlpwmK.exe
  C:\Windows\System\OAlpwmK.exe
  2⤵
  PID:6928
- C:\Windows\System\oOkrduC.exe
  C:\Windows\System\oOkrduC.exe
  2⤵
  PID:6944
- C:\Windows\System\XTdsFpm.exe
  C:\Windows\System\XTdsFpm.exe
  2⤵
  PID:6960
- C:\Windows\System\mCCjUqw.exe
  C:\Windows\System\mCCjUqw.exe
  2⤵
  PID:6976
- C:\Windows\System\NvGhPef.exe
  C:\Windows\System\NvGhPef.exe
  2⤵
  PID:6992
- C:\Windows\System\PyacKtW.exe
  C:\Windows\System\PyacKtW.exe
  2⤵
  PID:7008
- C:\Windows\System\vdXnpCR.exe
  C:\Windows\System\vdXnpCR.exe
  2⤵
  PID:7024
- C:\Windows\System\DpdMMsZ.exe
  C:\Windows\System\DpdMMsZ.exe
  2⤵
  PID:7040
- C:\Windows\System\KibmaVF.exe
  C:\Windows\System\KibmaVF.exe
  2⤵
  PID:7056
- C:\Windows\System\QTkcoMl.exe
  C:\Windows\System\QTkcoMl.exe
  2⤵
  PID:7072
- C:\Windows\System\ltMxgkM.exe
  C:\Windows\System\ltMxgkM.exe
  2⤵
  PID:7092
- C:\Windows\System\IqmmxoI.exe
  C:\Windows\System\IqmmxoI.exe
  2⤵
  PID:7108
- C:\Windows\System\RGNKUZz.exe
  C:\Windows\System\RGNKUZz.exe
  2⤵
  PID:7124
- C:\Windows\System\evIgpTh.exe
  C:\Windows\System\evIgpTh.exe
  2⤵
  PID:7140
- C:\Windows\System\ftPpZwN.exe
  C:\Windows\System\ftPpZwN.exe
  2⤵
  PID:7156
- C:\Windows\System\bXcYYew.exe
  C:\Windows\System\bXcYYew.exe
  2⤵
  PID:6172
- C:\Windows\System\OLOijWM.exe
  C:\Windows\System\OLOijWM.exe
  2⤵
  PID:5592
- C:\Windows\System\UIsfIFU.exe
  C:\Windows\System\UIsfIFU.exe
  2⤵
  PID:5548
- C:\Windows\System\hvEQXuj.exe
  C:\Windows\System\hvEQXuj.exe
  2⤵
  PID:6156
- C:\Windows\System\dpXTjwR.exe
  C:\Windows\System\dpXTjwR.exe
  2⤵
  PID:6208
- C:\Windows\System\vBNwKcT.exe
  C:\Windows\System\vBNwKcT.exe
  2⤵
  PID:6224
- C:\Windows\System\QyltPpJ.exe
  C:\Windows\System\QyltPpJ.exe
  2⤵
  PID:6204
- C:\Windows\System\ZFMVPIo.exe
  C:\Windows\System\ZFMVPIo.exe
  2⤵
  PID:6292
- C:\Windows\System\BYovdAV.exe
  C:\Windows\System\BYovdAV.exe
  2⤵
  PID:6360
- C:\Windows\System\wqNSoyD.exe
  C:\Windows\System\wqNSoyD.exe
  2⤵
  PID:6404
- C:\Windows\System\AdnrHHn.exe
  C:\Windows\System\AdnrHHn.exe
  2⤵
  PID:6276
- C:\Windows\System\EPFUDaM.exe
  C:\Windows\System\EPFUDaM.exe
  2⤵
  PID:6348
- C:\Windows\System\bBAUqIy.exe
  C:\Windows\System\bBAUqIy.exe
  2⤵
  PID:6420
- C:\Windows\System\KPUvmUS.exe
  C:\Windows\System\KPUvmUS.exe
  2⤵
  PID:6424
- C:\Windows\System\BUVTxIJ.exe
  C:\Windows\System\BUVTxIJ.exe
  2⤵
  PID:6520
- C:\Windows\System\ozZvuUo.exe
  C:\Windows\System\ozZvuUo.exe
  2⤵
  PID:6492
- C:\Windows\System\dIzXYvG.exe
  C:\Windows\System\dIzXYvG.exe
  2⤵
  PID:6508
- C:\Windows\System\imEFgwT.exe
  C:\Windows\System\imEFgwT.exe
  2⤵
  PID:6632
- C:\Windows\System\bcceuiR.exe
  C:\Windows\System\bcceuiR.exe
  2⤵
  PID:6700
- C:\Windows\System\nAOYSWY.exe
  C:\Windows\System\nAOYSWY.exe
  2⤵
  PID:6764
- C:\Windows\System\DwotfLY.exe
  C:\Windows\System\DwotfLY.exe
  2⤵
  PID:6792
- C:\Windows\System\DmpMrfs.exe
  C:\Windows\System\DmpMrfs.exe
  2⤵
  PID:6572
- C:\Windows\System\IKNQHeR.exe
  C:\Windows\System\IKNQHeR.exe
  2⤵
  PID:6684
- C:\Windows\System\RAadGpL.exe
  C:\Windows\System\RAadGpL.exe
  2⤵
  PID:6776
- C:\Windows\System\WNJXaNt.exe
  C:\Windows\System\WNJXaNt.exe
  2⤵
  PID:6716
- C:\Windows\System\xVIYDpx.exe
  C:\Windows\System\xVIYDpx.exe
  2⤵
  PID:6844
- C:\Windows\System\IzHMjHb.exe
  C:\Windows\System\IzHMjHb.exe
  2⤵
  PID:6908
- C:\Windows\System\fyYSOSN.exe
  C:\Windows\System\fyYSOSN.exe
  2⤵
  PID:6824
- C:\Windows\System\nSiKrBE.exe
  C:\Windows\System\nSiKrBE.exe
  2⤵
  PID:6888
- C:\Windows\System\tVHnmaL.exe
  C:\Windows\System\tVHnmaL.exe
  2⤵
  PID:6952
- C:\Windows\System\UelFjdL.exe
  C:\Windows\System\UelFjdL.exe
  2⤵
  PID:7016
- C:\Windows\System\zlnxwug.exe
  C:\Windows\System\zlnxwug.exe
  2⤵
  PID:7080
- C:\Windows\System\LZJpRuV.exe
  C:\Windows\System\LZJpRuV.exe
  2⤵
  PID:7084
- C:\Windows\System\eVjoQsm.exe
  C:\Windows\System\eVjoQsm.exe
  2⤵
  PID:7148
- C:\Windows\System\ZnliHRf.exe
  C:\Windows\System\ZnliHRf.exe
  2⤵
  PID:5996
- C:\Windows\System\RYCVqpZ.exe
  C:\Windows\System\RYCVqpZ.exe
  2⤵
  PID:6272
- C:\Windows\System\PnHIPSi.exe
  C:\Windows\System\PnHIPSi.exe
  2⤵
  PID:7104
- C:\Windows\System\gFWLeuO.exe
  C:\Windows\System\gFWLeuO.exe
  2⤵
  PID:6372
- C:\Windows\System\zwPFwRD.exe
  C:\Windows\System\zwPFwRD.exe
  2⤵
  PID:5324
- C:\Windows\System\YRzhOkY.exe
  C:\Windows\System\YRzhOkY.exe
  2⤵
  PID:7164
- C:\Windows\System\iaJXarL.exe
  C:\Windows\System\iaJXarL.exe
  2⤵
  PID:6240
- C:\Windows\System\OlFKEnm.exe
  C:\Windows\System\OlFKEnm.exe
  2⤵
  PID:6388
- C:\Windows\System\XwiwPbP.exe
  C:\Windows\System\XwiwPbP.exe
  2⤵
  PID:6416
- C:\Windows\System\ZwzBssz.exe
  C:\Windows\System\ZwzBssz.exe
  2⤵
  PID:6760
- C:\Windows\System\AVYaeKZ.exe
  C:\Windows\System\AVYaeKZ.exe
  2⤵
  PID:6384
- C:\Windows\System\GJluzUx.exe
  C:\Windows\System\GJluzUx.exe
  2⤵
  PID:6504
- C:\Windows\System\KwairHH.exe
  C:\Windows\System\KwairHH.exe
  2⤵
  PID:6840
- C:\Windows\System\YGxHzwp.exe
  C:\Windows\System\YGxHzwp.exe
  2⤵
  PID:6668
- C:\Windows\System\fKNPkGM.exe
  C:\Windows\System\fKNPkGM.exe
  2⤵
  PID:7048
- C:\Windows\System\euPCDcP.exe
  C:\Windows\System\euPCDcP.exe
  2⤵
  PID:6680
- C:\Windows\System\GJDmQRJ.exe
  C:\Windows\System\GJDmQRJ.exe
  2⤵
  PID:6856
- C:\Windows\System\HSYsOlR.exe
  C:\Windows\System\HSYsOlR.exe
  2⤵
  PID:6988
- C:\Windows\System\jbZHPdZ.exe
  C:\Windows\System\jbZHPdZ.exe
  2⤵
  PID:6252
- C:\Windows\System\sfWRkyN.exe
  C:\Windows\System\sfWRkyN.exe
  2⤵
  PID:7136
- C:\Windows\System\uUgNvKn.exe
  C:\Windows\System\uUgNvKn.exe
  2⤵
  PID:7036
- C:\Windows\System\rvEROYY.exe
  C:\Windows\System\rvEROYY.exe
  2⤵
  PID:5224
- C:\Windows\System\tUDHZBj.exe
  C:\Windows\System\tUDHZBj.exe
  2⤵
  PID:6600
- C:\Windows\System\yfWAvNm.exe
  C:\Windows\System\yfWAvNm.exe
  2⤵
  PID:6748
- C:\Windows\System\IIfMlyY.exe
  C:\Windows\System\IIfMlyY.exe
  2⤵
  PID:6904
- C:\Windows\System\RaNmCkp.exe
  C:\Windows\System\RaNmCkp.exe
  2⤵
  PID:7000
- C:\Windows\System\xhkdwPU.exe
  C:\Windows\System\xhkdwPU.exe
  2⤵
  PID:6340
- C:\Windows\System\tTFRFvF.exe
  C:\Windows\System\tTFRFvF.exe
  2⤵
  PID:6556
- C:\Windows\System\AEzgZvW.exe
  C:\Windows\System\AEzgZvW.exe
  2⤵
  PID:6972
- C:\Windows\System\nEYgKwz.exe
  C:\Windows\System\nEYgKwz.exe
  2⤵
  PID:6872
- C:\Windows\System\SBoQTjs.exe
  C:\Windows\System\SBoQTjs.exe
  2⤵
  PID:5476
- C:\Windows\System\AIyNWMh.exe
  C:\Windows\System\AIyNWMh.exe
  2⤵
  PID:6328
- C:\Windows\System\DHHtdAm.exe
  C:\Windows\System\DHHtdAm.exe
  2⤵
  PID:7172
- C:\Windows\System\RhPoubY.exe
  C:\Windows\System\RhPoubY.exe
  2⤵
  PID:7188
- C:\Windows\System\dcIqbre.exe
  C:\Windows\System\dcIqbre.exe
  2⤵
  PID:7204
- C:\Windows\System\BcDqIAo.exe
  C:\Windows\System\BcDqIAo.exe
  2⤵
  PID:7220
- C:\Windows\System\VfoYtGO.exe
  C:\Windows\System\VfoYtGO.exe
  2⤵
  PID:7236
- C:\Windows\System\OmvQuJi.exe
  C:\Windows\System\OmvQuJi.exe
  2⤵
  PID:7252
- C:\Windows\System\xtIHKwI.exe
  C:\Windows\System\xtIHKwI.exe
  2⤵
  PID:7268
- C:\Windows\System\zTGQmOQ.exe
  C:\Windows\System\zTGQmOQ.exe
  2⤵
  PID:7284
- C:\Windows\System\NMbGLax.exe
  C:\Windows\System\NMbGLax.exe
  2⤵
  PID:7300
- C:\Windows\System\AbIjHdS.exe
  C:\Windows\System\AbIjHdS.exe
  2⤵
  PID:7316
- C:\Windows\System\UHrNFhZ.exe
  C:\Windows\System\UHrNFhZ.exe
  2⤵
  PID:7332
- C:\Windows\System\uYUBQmf.exe
  C:\Windows\System\uYUBQmf.exe
  2⤵
  PID:7348
- C:\Windows\System\JqHSSZn.exe
  C:\Windows\System\JqHSSZn.exe
  2⤵
  PID:7364
- C:\Windows\System\zBLitZk.exe
  C:\Windows\System\zBLitZk.exe
  2⤵
  PID:7380
- C:\Windows\System\tPcjuJO.exe
  C:\Windows\System\tPcjuJO.exe
  2⤵
  PID:7396
- C:\Windows\System\vJjAZbe.exe
  C:\Windows\System\vJjAZbe.exe
  2⤵
  PID:7412
- C:\Windows\System\ssKhDQz.exe
  C:\Windows\System\ssKhDQz.exe
  2⤵
  PID:7428
- C:\Windows\System\tgTEeyS.exe
  C:\Windows\System\tgTEeyS.exe
  2⤵
  PID:7444
- C:\Windows\System\StBZtII.exe
  C:\Windows\System\StBZtII.exe
  2⤵
  PID:7460
- C:\Windows\System\aatDBwU.exe
  C:\Windows\System\aatDBwU.exe
  2⤵
  PID:7476
- C:\Windows\System\JFAkzdk.exe
  C:\Windows\System\JFAkzdk.exe
  2⤵
  PID:7492
- C:\Windows\System\EhUbKvy.exe
  C:\Windows\System\EhUbKvy.exe
  2⤵
  PID:7508
- C:\Windows\System\zaNumtv.exe
  C:\Windows\System\zaNumtv.exe
  2⤵
  PID:7524
- C:\Windows\System\BsCQYJW.exe
  C:\Windows\System\BsCQYJW.exe
  2⤵
  PID:7540
- C:\Windows\System\cBTuuRz.exe
  C:\Windows\System\cBTuuRz.exe
  2⤵
  PID:7556
- C:\Windows\System\MXqldPr.exe
  C:\Windows\System\MXqldPr.exe
  2⤵
  PID:7572
- C:\Windows\System\fUMmycQ.exe
  C:\Windows\System\fUMmycQ.exe
  2⤵
  PID:7588
- C:\Windows\System\EdBSNPh.exe
  C:\Windows\System\EdBSNPh.exe
  2⤵
  PID:7604
- C:\Windows\System\VWAiUKJ.exe
  C:\Windows\System\VWAiUKJ.exe
  2⤵
  PID:7620
- C:\Windows\System\faqfXAB.exe
  C:\Windows\System\faqfXAB.exe
  2⤵
  PID:7636
- C:\Windows\System\CzSshYv.exe
  C:\Windows\System\CzSshYv.exe
  2⤵
  PID:7652
- C:\Windows\System\lwouhkt.exe
  C:\Windows\System\lwouhkt.exe
  2⤵
  PID:7668
- C:\Windows\System\RLTVWbR.exe
  C:\Windows\System\RLTVWbR.exe
  2⤵
  PID:7684
- C:\Windows\System\nkvYQgS.exe
  C:\Windows\System\nkvYQgS.exe
  2⤵
  PID:7700
- C:\Windows\System\XzSOVfu.exe
  C:\Windows\System\XzSOVfu.exe
  2⤵
  PID:7716
- C:\Windows\System\pINUxXU.exe
  C:\Windows\System\pINUxXU.exe
  2⤵
  PID:7732
- C:\Windows\System\pGcgzcG.exe
  C:\Windows\System\pGcgzcG.exe
  2⤵
  PID:7748
- C:\Windows\System\rMdlFAK.exe
  C:\Windows\System\rMdlFAK.exe
  2⤵
  PID:7764
- C:\Windows\System\MFUsTqe.exe
  C:\Windows\System\MFUsTqe.exe
  2⤵
  PID:7780
- C:\Windows\System\kJaOOsd.exe
  C:\Windows\System\kJaOOsd.exe
  2⤵
  PID:7796
- C:\Windows\System\kKPiZXT.exe
  C:\Windows\System\kKPiZXT.exe
  2⤵
  PID:7812
- C:\Windows\System\lokLZIz.exe
  C:\Windows\System\lokLZIz.exe
  2⤵
  PID:7828
- C:\Windows\System\AOmgNfc.exe
  C:\Windows\System\AOmgNfc.exe
  2⤵
  PID:7844
- C:\Windows\System\AYAIJtF.exe
  C:\Windows\System\AYAIJtF.exe
  2⤵
  PID:7860
- C:\Windows\System\JxAjANu.exe
  C:\Windows\System\JxAjANu.exe
  2⤵
  PID:7876
- C:\Windows\System\BgrFsjA.exe
  C:\Windows\System\BgrFsjA.exe
  2⤵
  PID:7892
- C:\Windows\System\WRwmfxq.exe
  C:\Windows\System\WRwmfxq.exe
  2⤵
  PID:7908
- C:\Windows\System\ZSQVnFs.exe
  C:\Windows\System\ZSQVnFs.exe
  2⤵
  PID:7928
- C:\Windows\System\UrkKgZE.exe
  C:\Windows\System\UrkKgZE.exe
  2⤵
  PID:7944
- C:\Windows\System\grvVpsP.exe
  C:\Windows\System\grvVpsP.exe
  2⤵
  PID:7960
- C:\Windows\System\bsLOvAk.exe
  C:\Windows\System\bsLOvAk.exe
  2⤵
  PID:7976
- C:\Windows\System\KTLOvhD.exe
  C:\Windows\System\KTLOvhD.exe
  2⤵
  PID:7992
- C:\Windows\System\IwlYtrk.exe
  C:\Windows\System\IwlYtrk.exe
  2⤵
  PID:8008
- C:\Windows\System\CfZxWSw.exe
  C:\Windows\System\CfZxWSw.exe
  2⤵
  PID:8024
- C:\Windows\System\nDKDdJt.exe
  C:\Windows\System\nDKDdJt.exe
  2⤵
  PID:8040
- C:\Windows\System\dtEtwhn.exe
  C:\Windows\System\dtEtwhn.exe
  2⤵
  PID:8056
- C:\Windows\System\VlEYVZh.exe
  C:\Windows\System\VlEYVZh.exe
  2⤵
  PID:8072
- C:\Windows\System\mPfDmGk.exe
  C:\Windows\System\mPfDmGk.exe
  2⤵
  PID:8088
- C:\Windows\System\PqRWExd.exe
  C:\Windows\System\PqRWExd.exe
  2⤵
  PID:8104
- C:\Windows\System\SVWYXGH.exe
  C:\Windows\System\SVWYXGH.exe
  2⤵
  PID:8120
- C:\Windows\System\vjaiKAM.exe
  C:\Windows\System\vjaiKAM.exe
  2⤵
  PID:8136
- C:\Windows\System\cqUdLPK.exe
  C:\Windows\System\cqUdLPK.exe
  2⤵
  PID:8152
- C:\Windows\System\cfudDqj.exe
  C:\Windows\System\cfudDqj.exe
  2⤵
  PID:8168
- C:\Windows\System\gnNXewv.exe
  C:\Windows\System\gnNXewv.exe
  2⤵
  PID:8184
- C:\Windows\System\RRkUcAo.exe
  C:\Windows\System\RRkUcAo.exe
  2⤵
  PID:6192
- C:\Windows\System\RnaDftZ.exe
  C:\Windows\System\RnaDftZ.exe
  2⤵
  PID:6260
- C:\Windows\System\ytMTaCN.exe
  C:\Windows\System\ytMTaCN.exe
  2⤵
  PID:7232
- C:\Windows\System\qfbtRWz.exe
  C:\Windows\System\qfbtRWz.exe
  2⤵
  PID:7296
- C:\Windows\System\EqDWiLk.exe
  C:\Windows\System\EqDWiLk.exe
  2⤵
  PID:7360
- C:\Windows\System\QYwCaaF.exe
  C:\Windows\System\QYwCaaF.exe
  2⤵
  PID:7184
- C:\Windows\System\xNiEaBD.exe
  C:\Windows\System\xNiEaBD.exe
  2⤵
  PID:7248
- C:\Windows\System\FpjRAfP.exe
  C:\Windows\System\FpjRAfP.exe
  2⤵
  PID:7312
- C:\Windows\System\mGlOSru.exe
  C:\Windows\System\mGlOSru.exe
  2⤵
  PID:7420
- C:\Windows\System\DLVXwmc.exe
  C:\Windows\System\DLVXwmc.exe
  2⤵
  PID:7376
- C:\Windows\System\MuVkbXZ.exe
  C:\Windows\System\MuVkbXZ.exe
  2⤵
  PID:7520
- C:\Windows\System\nNZLxiX.exe
  C:\Windows\System\nNZLxiX.exe
  2⤵
  PID:7468
- C:\Windows\System\HKwQcjz.exe
  C:\Windows\System\HKwQcjz.exe
  2⤵
  PID:7584
- C:\Windows\System\ALnMlGp.exe
  C:\Windows\System\ALnMlGp.exe
  2⤵
  PID:7564
- C:\Windows\System\MmrsHyt.exe
  C:\Windows\System\MmrsHyt.exe
  2⤵
  PID:6636
- C:\Windows\System\PymjztG.exe
  C:\Windows\System\PymjztG.exe
  2⤵
  PID:7612
- C:\Windows\System\EkBBWfi.exe
  C:\Windows\System\EkBBWfi.exe
  2⤵
  PID:7676
- C:\Windows\System\vTQZnPH.exe
  C:\Windows\System\vTQZnPH.exe
  2⤵
  PID:7440
- C:\Windows\System\bgMHyJp.exe
  C:\Windows\System\bgMHyJp.exe
  2⤵
  PID:7776
- C:\Windows\System\AauKtXD.exe
  C:\Windows\System\AauKtXD.exe
  2⤵
  PID:7760
- C:\Windows\System\kRqyeAr.exe
  C:\Windows\System\kRqyeAr.exe
  2⤵
  PID:7724
- C:\Windows\System\lkUlyMj.exe
  C:\Windows\System\lkUlyMj.exe
  2⤵
  PID:7660
- C:\Windows\System\DbPzRDd.exe
  C:\Windows\System\DbPzRDd.exe
  2⤵
  PID:7824
- C:\Windows\System\zRTWpVB.exe
  C:\Windows\System\zRTWpVB.exe
  2⤵
  PID:7804
- C:\Windows\System\JpUNCCG.exe
  C:\Windows\System\JpUNCCG.exe
  2⤵
  PID:7840
- C:\Windows\System\ocgIyuI.exe
  C:\Windows\System\ocgIyuI.exe
  2⤵
  PID:7936
- C:\Windows\System\JjNhyOR.exe
  C:\Windows\System\JjNhyOR.exe
  2⤵
  PID:8000
- C:\Windows\System\awVlWJW.exe
  C:\Windows\System\awVlWJW.exe
  2⤵
  PID:8064
- C:\Windows\System\vcOxgWQ.exe
  C:\Windows\System\vcOxgWQ.exe
  2⤵
  PID:8016
- C:\Windows\System\OEIcSxW.exe
  C:\Windows\System\OEIcSxW.exe
  2⤵
  PID:8100
- C:\Windows\System\QVAjjjo.exe
  C:\Windows\System\QVAjjjo.exe
  2⤵
  PID:7920
- C:\Windows\System\lMhHHKK.exe
  C:\Windows\System\lMhHHKK.exe
  2⤵
  PID:8080
- C:\Windows\System\WTzocbm.exe
  C:\Windows\System\WTzocbm.exe
  2⤵
  PID:8160
- C:\Windows\System\egZMYGW.exe
  C:\Windows\System\egZMYGW.exe
  2⤵
  PID:7200
- C:\Windows\System\iVfyioX.exe
  C:\Windows\System\iVfyioX.exe
  2⤵
  PID:8112
- C:\Windows\System\CLWFKZt.exe
  C:\Windows\System\CLWFKZt.exe
  2⤵
  PID:7264
- C:\Windows\System\WGANTPW.exe
  C:\Windows\System\WGANTPW.exe
  2⤵
  PID:7196
- C:\Windows\System\VlfQplK.exe
  C:\Windows\System\VlfQplK.exe
  2⤵
  PID:7244
- C:\Windows\System\zjAhiCM.exe
  C:\Windows\System\zjAhiCM.exe
  2⤵
  PID:7372
- C:\Windows\System\xPDkUQA.exe
  C:\Windows\System\xPDkUQA.exe
  2⤵
  PID:7536
- C:\Windows\System\CblIppm.exe
  C:\Windows\System\CblIppm.exe
  2⤵
  PID:7708
- C:\Windows\System\oftVwix.exe
  C:\Windows\System\oftVwix.exe
  2⤵
  PID:7692
- C:\Windows\System\XUgkAox.exe
  C:\Windows\System\XUgkAox.exe
  2⤵
  PID:7504
- C:\Windows\System\TjMDhwx.exe
  C:\Windows\System\TjMDhwx.exe
  2⤵
  PID:7456
- C:\Windows\System\WfIihuG.exe
  C:\Windows\System\WfIihuG.exe
  2⤵
  PID:7488
- C:\Windows\System\bzVHGOT.exe
  C:\Windows\System\bzVHGOT.exe
  2⤵
  PID:7744
- C:\Windows\System\egPltaf.exe
  C:\Windows\System\egPltaf.exe
  2⤵
  PID:7792
- C:\Windows\System\FcBLuFv.exe
  C:\Windows\System\FcBLuFv.exe
  2⤵
  PID:7968
- C:\Windows\System\DJmOOvh.exe
  C:\Windows\System\DJmOOvh.exe
  2⤵
  PID:8096
- C:\Windows\System\MJbmqcw.exe
  C:\Windows\System\MJbmqcw.exe
  2⤵
  PID:7956
- C:\Windows\System\VYZPazz.exe
  C:\Windows\System\VYZPazz.exe
  2⤵
  PID:6652
- C:\Windows\System\gbcTQMo.exe
  C:\Windows\System\gbcTQMo.exe
  2⤵
  PID:8176
- C:\Windows\System\IlUKvgO.exe
  C:\Windows\System\IlUKvgO.exe
  2⤵
  PID:8144
- C:\Windows\System\mMJbiTF.exe
  C:\Windows\System\mMJbiTF.exe
  2⤵
  PID:7500
- C:\Windows\System\KmjcOtC.exe
  C:\Windows\System\KmjcOtC.exe
  2⤵
  PID:7436
- C:\Windows\System\mdpJBke.exe
  C:\Windows\System\mdpJBke.exe
  2⤵
  PID:7552
- C:\Windows\System\RSpcOCq.exe
  C:\Windows\System\RSpcOCq.exe
  2⤵
  PID:7756
- C:\Windows\System\rAFRlFL.exe
  C:\Windows\System\rAFRlFL.exe
  2⤵
  PID:6364
- C:\Windows\System\ZcquczC.exe
  C:\Windows\System\ZcquczC.exe
  2⤵
  PID:7648
- C:\Windows\System\epYgjkf.exe
  C:\Windows\System\epYgjkf.exe
  2⤵
  PID:7952
- C:\Windows\System\BcvnSgs.exe
  C:\Windows\System\BcvnSgs.exe
  2⤵
  PID:7344
- C:\Windows\System\ApYYISa.exe
  C:\Windows\System\ApYYISa.exe
  2⤵
  PID:7988
- C:\Windows\System\nJxKbCm.exe
  C:\Windows\System\nJxKbCm.exe
  2⤵
  PID:8132
- C:\Windows\System\msHHBRK.exe
  C:\Windows\System\msHHBRK.exe
  2⤵
  PID:7644
- C:\Windows\System\APCUBjk.exe
  C:\Windows\System\APCUBjk.exe
  2⤵
  PID:7836
- C:\Windows\System\asLonCh.exe
  C:\Windows\System\asLonCh.exe
  2⤵
  PID:6616
- C:\Windows\System\mAjnehw.exe
  C:\Windows\System\mAjnehw.exe
  2⤵
  PID:7452
- C:\Windows\System\PuEsrBW.exe
  C:\Windows\System\PuEsrBW.exe
  2⤵
  PID:8208
- C:\Windows\System\WrpnUDu.exe
  C:\Windows\System\WrpnUDu.exe
  2⤵
  PID:8224
- C:\Windows\System\FoBCFCu.exe
  C:\Windows\System\FoBCFCu.exe
  2⤵
  PID:8240
- C:\Windows\System\ZWQukpp.exe
  C:\Windows\System\ZWQukpp.exe
  2⤵
  PID:8256
- C:\Windows\System\QdKkurf.exe
  C:\Windows\System\QdKkurf.exe
  2⤵
  PID:8272
- C:\Windows\System\bHkDnpb.exe
  C:\Windows\System\bHkDnpb.exe
  2⤵
  PID:8288
- C:\Windows\System\bioPkFY.exe
  C:\Windows\System\bioPkFY.exe
  2⤵
  PID:8304
- C:\Windows\System\RPqJKnW.exe
  C:\Windows\System\RPqJKnW.exe
  2⤵
  PID:8320
- C:\Windows\System\jusboAv.exe
  C:\Windows\System\jusboAv.exe
  2⤵
  PID:8336
- C:\Windows\System\fHUJBID.exe
  C:\Windows\System\fHUJBID.exe
  2⤵
  PID:8352
- C:\Windows\System\oEulIbT.exe
  C:\Windows\System\oEulIbT.exe
  2⤵
  PID:8368
- C:\Windows\System\MFfCVPn.exe
  C:\Windows\System\MFfCVPn.exe
  2⤵
  PID:8384
- C:\Windows\System\EIYkUov.exe
  C:\Windows\System\EIYkUov.exe
  2⤵
  PID:8400
- C:\Windows\System\tclmAHj.exe
  C:\Windows\System\tclmAHj.exe
  2⤵
  PID:8416
- C:\Windows\System\OPDHPGg.exe
  C:\Windows\System\OPDHPGg.exe
  2⤵
  PID:8432
- C:\Windows\System\CQrTMOv.exe
  C:\Windows\System\CQrTMOv.exe
  2⤵
  PID:8448
- C:\Windows\System\mJhxzUi.exe
  C:\Windows\System\mJhxzUi.exe
  2⤵
  PID:8464
- C:\Windows\System\dLnMaiQ.exe
  C:\Windows\System\dLnMaiQ.exe
  2⤵
  PID:8480
- C:\Windows\System\QAohfZs.exe
  C:\Windows\System\QAohfZs.exe
  2⤵
  PID:8496
- C:\Windows\System\DXysxfR.exe
  C:\Windows\System\DXysxfR.exe
  2⤵
  PID:8512
- C:\Windows\System\HwcnyUE.exe
  C:\Windows\System\HwcnyUE.exe
  2⤵
  PID:8528
- C:\Windows\System\FGKHRXB.exe
  C:\Windows\System\FGKHRXB.exe
  2⤵
  PID:8544
- C:\Windows\System\dAzNiqk.exe
  C:\Windows\System\dAzNiqk.exe
  2⤵
  PID:8568
- C:\Windows\System\FkxauMk.exe
  C:\Windows\System\FkxauMk.exe
  2⤵
  PID:8584
- C:\Windows\System\puqiymi.exe
  C:\Windows\System\puqiymi.exe
  2⤵
  PID:8600
- C:\Windows\System\AUPwJys.exe
  C:\Windows\System\AUPwJys.exe
  2⤵
  PID:8616
- C:\Windows\System\vMhrpyt.exe
  C:\Windows\System\vMhrpyt.exe
  2⤵
  PID:8632
- C:\Windows\System\HvXrHQo.exe
  C:\Windows\System\HvXrHQo.exe
  2⤵
  PID:8648
- C:\Windows\System\ANgfEIg.exe
  C:\Windows\System\ANgfEIg.exe
  2⤵
  PID:8664
- C:\Windows\System\OrDwZYi.exe
  C:\Windows\System\OrDwZYi.exe
  2⤵
  PID:8680
- C:\Windows\System\gTwJjht.exe
  C:\Windows\System\gTwJjht.exe
  2⤵
  PID:8696
- C:\Windows\System\edoycot.exe
  C:\Windows\System\edoycot.exe
  2⤵
  PID:8712
- C:\Windows\System\UNfWmle.exe
  C:\Windows\System\UNfWmle.exe
  2⤵
  PID:8728
- C:\Windows\System\dcEdrRT.exe
  C:\Windows\System\dcEdrRT.exe
  2⤵
  PID:8744
- C:\Windows\System\JQHKMlz.exe
  C:\Windows\System\JQHKMlz.exe
  2⤵
  PID:8760
- C:\Windows\System\xVBPPAp.exe
  C:\Windows\System\xVBPPAp.exe
  2⤵
  PID:8776
- C:\Windows\System\XailCss.exe
  C:\Windows\System\XailCss.exe
  2⤵
  PID:8792
- C:\Windows\System\PhFvHws.exe
  C:\Windows\System\PhFvHws.exe
  2⤵
  PID:8808
- C:\Windows\System\ITMjBOP.exe
  C:\Windows\System\ITMjBOP.exe
  2⤵
  PID:8824
- C:\Windows\System\krFXLli.exe
  C:\Windows\System\krFXLli.exe
  2⤵
  PID:8840
- C:\Windows\System\tOJCDds.exe
  C:\Windows\System\tOJCDds.exe
  2⤵
  PID:8856
- C:\Windows\System\JHUcLTj.exe
  C:\Windows\System\JHUcLTj.exe
  2⤵
  PID:8872
- C:\Windows\System\zdmiTBs.exe
  C:\Windows\System\zdmiTBs.exe
  2⤵
  PID:8888
- C:\Windows\System\WSrBAVC.exe
  C:\Windows\System\WSrBAVC.exe
  2⤵
  PID:8904
- C:\Windows\System\LHQTJBH.exe
  C:\Windows\System\LHQTJBH.exe
  2⤵
  PID:8920
- C:\Windows\System\ViIvbbW.exe
  C:\Windows\System\ViIvbbW.exe
  2⤵
  PID:8936
- C:\Windows\System\dexoxxg.exe
  C:\Windows\System\dexoxxg.exe
  2⤵
  PID:8956
- C:\Windows\System\OxFPytU.exe
  C:\Windows\System\OxFPytU.exe
  2⤵
  PID:8972
- C:\Windows\System\eiPpPyE.exe
  C:\Windows\System\eiPpPyE.exe
  2⤵
  PID:8988
- C:\Windows\System\bMnTVLO.exe
  C:\Windows\System\bMnTVLO.exe
  2⤵
  PID:9004
- C:\Windows\System\UfgZnvc.exe
  C:\Windows\System\UfgZnvc.exe
  2⤵
  PID:9020
- C:\Windows\System\QgoRSwW.exe
  C:\Windows\System\QgoRSwW.exe
  2⤵
  PID:9036
- C:\Windows\System\ReNMvzm.exe
  C:\Windows\System\ReNMvzm.exe
  2⤵
  PID:9052
- C:\Windows\System\pqUCaNO.exe
  C:\Windows\System\pqUCaNO.exe
  2⤵
  PID:9068
- C:\Windows\System\PAhoxup.exe
  C:\Windows\System\PAhoxup.exe
  2⤵
  PID:9084
- C:\Windows\System\AQOJUQt.exe
  C:\Windows\System\AQOJUQt.exe
  2⤵
  PID:9104
- C:\Windows\System\PmTRafP.exe
  C:\Windows\System\PmTRafP.exe
  2⤵
  PID:9120
- C:\Windows\System\FKMrLQI.exe
  C:\Windows\System\FKMrLQI.exe
  2⤵
  PID:9136
- C:\Windows\System\OhbzKUP.exe
  C:\Windows\System\OhbzKUP.exe
  2⤵
  PID:9152
- C:\Windows\System\WmRBgUn.exe
  C:\Windows\System\WmRBgUn.exe
  2⤵
  PID:9172
- C:\Windows\System\CHAuEVC.exe
  C:\Windows\System\CHAuEVC.exe
  2⤵
  PID:8268
- C:\Windows\System\WINgEfY.exe
  C:\Windows\System\WINgEfY.exe
  2⤵
  PID:8456
- C:\Windows\System\GRxhMzM.exe
  C:\Windows\System\GRxhMzM.exe
  2⤵
  PID:8520
- C:\Windows\System\bcqOVTh.exe
  C:\Windows\System\bcqOVTh.exe
  2⤵
  PID:8248
- C:\Windows\System\RsbsruU.exe
  C:\Windows\System\RsbsruU.exe
  2⤵
  PID:8284
- C:\Windows\System\eNhqiLa.exe
  C:\Windows\System\eNhqiLa.exe
  2⤵
  PID:8476
- C:\Windows\System\YWZllBb.exe
  C:\Windows\System\YWZllBb.exe
  2⤵
  PID:8412
- C:\Windows\System\WeQVlZR.exe
  C:\Windows\System\WeQVlZR.exe
  2⤵
  PID:8540
- C:\Windows\System\irVWYXg.exe
  C:\Windows\System\irVWYXg.exe
  2⤵
  PID:8612
- C:\Windows\System\lYwZDRr.exe
  C:\Windows\System\lYwZDRr.exe
  2⤵
  PID:8640
- C:\Windows\System\vFjseVE.exe
  C:\Windows\System\vFjseVE.exe
  2⤵
  PID:8864
- C:\Windows\System\hxPRhMY.exe
  C:\Windows\System\hxPRhMY.exe
  2⤵
  PID:8752
- C:\Windows\System\guTWhLd.exe
  C:\Windows\System\guTWhLd.exe
  2⤵
  PID:8816
- C:\Windows\System\qpQYbwl.exe
  C:\Windows\System\qpQYbwl.exe
  2⤵
  PID:8880
- C:\Windows\System\JeBorvP.exe
  C:\Windows\System\JeBorvP.exe
  2⤵
  PID:8704
- C:\Windows\System\orAkKDl.exe
  C:\Windows\System\orAkKDl.exe
  2⤵
  PID:9012
- C:\Windows\System\cExsGyW.exe
  C:\Windows\System\cExsGyW.exe
  2⤵
  PID:9076
- C:\Windows\System\xDjnwub.exe
  C:\Windows\System\xDjnwub.exe
  2⤵
  PID:8768
- C:\Windows\System\opIlRuE.exe
  C:\Windows\System\opIlRuE.exe
  2⤵
  PID:8832
- C:\Windows\System\XiaXmue.exe
  C:\Windows\System\XiaXmue.exe
  2⤵
  PID:8900
- C:\Windows\System\RQQZTqP.exe
  C:\Windows\System\RQQZTqP.exe
  2⤵
  PID:8964
- C:\Windows\System\BnEwGYr.exe
  C:\Windows\System\BnEwGYr.exe
  2⤵
  PID:9028
- C:\Windows\System\mqWHXCb.exe
  C:\Windows\System\mqWHXCb.exe
  2⤵
  PID:8084
- C:\Windows\System\MXatIsB.exe
  C:\Windows\System\MXatIsB.exe
  2⤵
  PID:8200
- C:\Windows\System\doHjrWI.exe
  C:\Windows\System\doHjrWI.exe
  2⤵
  PID:9208
- C:\Windows\System\mKSXhHG.exe
  C:\Windows\System\mKSXhHG.exe
  2⤵
  PID:9184
- C:\Windows\System\SAMCDjE.exe
  C:\Windows\System\SAMCDjE.exe
  2⤵
  PID:8328
- C:\Windows\System\QLcGypD.exe
  C:\Windows\System\QLcGypD.exe
  2⤵
  PID:8252
- C:\Windows\System\sYQfDDJ.exe
  C:\Windows\System\sYQfDDJ.exe
  2⤵
  PID:8360
- C:\Windows\System\PNjRRRl.exe
  C:\Windows\System\PNjRRRl.exe
  2⤵
  PID:8508
- C:\Windows\System\GlxoJOY.exe
  C:\Windows\System\GlxoJOY.exe
  2⤵
  PID:8492
- C:\Windows\System\iYgLtzH.exe
  C:\Windows\System\iYgLtzH.exe
  2⤵
  PID:8660
- C:\Windows\System\VRPpKye.exe
  C:\Windows\System\VRPpKye.exe
  2⤵
  PID:8628
- C:\Windows\System\zeFUTzp.exe
  C:\Windows\System\zeFUTzp.exe
  2⤵
  PID:8580
- C:\Windows\System\LtRyvqY.exe
  C:\Windows\System\LtRyvqY.exe
  2⤵
  PID:8912
- C:\Windows\System\NGskOoN.exe
  C:\Windows\System\NGskOoN.exe
  2⤵
  PID:9048
- C:\Windows\System\pfmlgvF.exe
  C:\Windows\System\pfmlgvF.exe
  2⤵
  PID:8720
- C:\Windows\System\VPuzHOG.exe
  C:\Windows\System\VPuzHOG.exe
  2⤵
  PID:9128
- C:\Windows\System\jkWSwwp.exe
  C:\Windows\System\jkWSwwp.exe
  2⤵
  PID:8928
- C:\Windows\System\UnoWSYx.exe
  C:\Windows\System\UnoWSYx.exe
  2⤵
  PID:7916
- C:\Windows\System\oSMcwMK.exe
  C:\Windows\System\oSMcwMK.exe
  2⤵
  PID:9064
- C:\Windows\System\MaZDfAO.exe
  C:\Windows\System\MaZDfAO.exe
  2⤵
  PID:9168
- C:\Windows\System\oOAaYzZ.exe
  C:\Windows\System\oOAaYzZ.exe
  2⤵
  PID:9196
- C:\Windows\System\KcRcuZB.exe
  C:\Windows\System\KcRcuZB.exe
  2⤵
  PID:8488
- C:\Windows\System\UQvOXby.exe
  C:\Windows\System\UQvOXby.exe
  2⤵
  PID:8896
- C:\Windows\System\axrZtjF.exe
  C:\Windows\System\axrZtjF.exe
  2⤵
  PID:8852
- C:\Windows\System\qXSxYLq.exe
  C:\Windows\System\qXSxYLq.exe
  2⤵
  PID:9212
- C:\Windows\System\mgFqmVG.exe
  C:\Windows\System\mgFqmVG.exe
  2⤵
  PID:8868
- C:\Windows\System\UDXiVBU.exe
  C:\Windows\System\UDXiVBU.exe
  2⤵
  PID:8392
- C:\Windows\System\kEoBekG.exe
  C:\Windows\System\kEoBekG.exe
  2⤵
  PID:8984
- C:\Windows\System\dCcmGsf.exe
  C:\Windows\System\dCcmGsf.exe
  2⤵
  PID:8408
- C:\Windows\System\EnRWeHR.exe
  C:\Windows\System\EnRWeHR.exe
  2⤵
  PID:8692
- C:\Windows\System\dtLvwNz.exe
  C:\Windows\System\dtLvwNz.exe
  2⤵
  PID:9192
- C:\Windows\System\DpJiObe.exe
  C:\Windows\System\DpJiObe.exe
  2⤵
  PID:9200
- C:\Windows\System\tQydAUj.exe
  C:\Windows\System\tQydAUj.exe
  2⤵
  PID:8424
- C:\Windows\System\XFvXQAt.exe
  C:\Windows\System\XFvXQAt.exe
  2⤵
  PID:9160
- C:\Windows\System\yxYRseP.exe
  C:\Windows\System\yxYRseP.exe
  2⤵
  PID:8216
- C:\Windows\System\uWAgQRZ.exe
  C:\Windows\System\uWAgQRZ.exe
  2⤵
  PID:8504
- C:\Windows\System\AoGXcRe.exe
  C:\Windows\System\AoGXcRe.exe
  2⤵
  PID:7628
- C:\Windows\System\hWsmgFd.exe
  C:\Windows\System\hWsmgFd.exe
  2⤵
  PID:8380
- C:\Windows\System\YeLayrO.exe
  C:\Windows\System\YeLayrO.exe
  2⤵
  PID:8564
- C:\Windows\System\OeQdkXm.exe
  C:\Windows\System\OeQdkXm.exe
  2⤵
  PID:8676
- C:\Windows\System\yIdoLex.exe
  C:\Windows\System\yIdoLex.exe
  2⤵
  PID:9032
- C:\Windows\System\InhXzcw.exe
  C:\Windows\System\InhXzcw.exe
  2⤵
  PID:8948
- C:\Windows\System\cTMUcdI.exe
  C:\Windows\System\cTMUcdI.exe
  2⤵
  PID:8300
- C:\Windows\System\JJaINAu.exe
  C:\Windows\System\JJaINAu.exe
  2⤵
  PID:9232
- C:\Windows\System\jZgmITG.exe
  C:\Windows\System\jZgmITG.exe
  2⤵
  PID:9248
- C:\Windows\System\HiHLhxj.exe
  C:\Windows\System\HiHLhxj.exe
  2⤵
  PID:9264
- C:\Windows\System\mGOVqlp.exe
  C:\Windows\System\mGOVqlp.exe
  2⤵
  PID:9280
- C:\Windows\System\UlZQYbn.exe
  C:\Windows\System\UlZQYbn.exe
  2⤵
  PID:9296
- C:\Windows\System\htoTNpm.exe
  C:\Windows\System\htoTNpm.exe
  2⤵
  PID:9312
- C:\Windows\System\TdtUvMF.exe
  C:\Windows\System\TdtUvMF.exe
  2⤵
  PID:9328
- C:\Windows\System\BzHHCGi.exe
  C:\Windows\System\BzHHCGi.exe
  2⤵
  PID:9344
- C:\Windows\System\OVVzEqB.exe
  C:\Windows\System\OVVzEqB.exe
  2⤵
  PID:9360
- C:\Windows\System\LkztnXq.exe
  C:\Windows\System\LkztnXq.exe
  2⤵
  PID:9376
- C:\Windows\System\zReUoAQ.exe
  C:\Windows\System\zReUoAQ.exe
  2⤵
  PID:9392
- C:\Windows\System\tmgfMUz.exe
  C:\Windows\System\tmgfMUz.exe
  2⤵
  PID:9408
- C:\Windows\System\CqmaRAo.exe
  C:\Windows\System\CqmaRAo.exe
  2⤵
  PID:9424
- C:\Windows\System\pByZzjX.exe
  C:\Windows\System\pByZzjX.exe
  2⤵
  PID:9440
- C:\Windows\System\wJqbFcN.exe
  C:\Windows\System\wJqbFcN.exe
  2⤵
  PID:9456
- C:\Windows\System\pVFarzV.exe
  C:\Windows\System\pVFarzV.exe
  2⤵
  PID:9472
- C:\Windows\System\emppqqL.exe
  C:\Windows\System\emppqqL.exe
  2⤵
  PID:9488
- C:\Windows\System\XgNcuQL.exe
  C:\Windows\System\XgNcuQL.exe
  2⤵
  PID:9508
- C:\Windows\System\LFPpHau.exe
  C:\Windows\System\LFPpHau.exe
  2⤵
  PID:9524
- C:\Windows\System\vPNCJeo.exe
  C:\Windows\System\vPNCJeo.exe
  2⤵
  PID:9540
- C:\Windows\System\iUQOetq.exe
  C:\Windows\System\iUQOetq.exe
  2⤵
  PID:9556
- C:\Windows\System\hyUZoqr.exe
  C:\Windows\System\hyUZoqr.exe
  2⤵
  PID:9572
- C:\Windows\System\hWXrZTj.exe
  C:\Windows\System\hWXrZTj.exe
  2⤵
  PID:9588
- C:\Windows\System\dmyBRNa.exe
  C:\Windows\System\dmyBRNa.exe
  2⤵
  PID:9604
- C:\Windows\System\CiWboAz.exe
  C:\Windows\System\CiWboAz.exe
  2⤵
  PID:9620
- C:\Windows\System\LItfPnq.exe
  C:\Windows\System\LItfPnq.exe
  2⤵
  PID:9636
- C:\Windows\System\wgrsauA.exe
  C:\Windows\System\wgrsauA.exe
  2⤵
  PID:9652
- C:\Windows\System\Hirwrjw.exe
  C:\Windows\System\Hirwrjw.exe
  2⤵
  PID:9668
- C:\Windows\System\gPqoaEf.exe
  C:\Windows\System\gPqoaEf.exe
  2⤵
  PID:9684
- C:\Windows\System\XAlJsyR.exe
  C:\Windows\System\XAlJsyR.exe
  2⤵
  PID:9700
- C:\Windows\System\hAhkNDa.exe
  C:\Windows\System\hAhkNDa.exe
  2⤵
  PID:9716
- C:\Windows\System\thJmXAu.exe
  C:\Windows\System\thJmXAu.exe
  2⤵
  PID:9732
- C:\Windows\System\UNURHvv.exe
  C:\Windows\System\UNURHvv.exe
  2⤵
  PID:9748
- C:\Windows\System\Gsewacp.exe
  C:\Windows\System\Gsewacp.exe
  2⤵
  PID:9764
- C:\Windows\System\utjosgp.exe
  C:\Windows\System\utjosgp.exe
  2⤵
  PID:9780
- C:\Windows\System\rIuQLiH.exe
  C:\Windows\System\rIuQLiH.exe
  2⤵
  PID:9796
- C:\Windows\System\QrXErwx.exe
  C:\Windows\System\QrXErwx.exe
  2⤵
  PID:9812
- C:\Windows\System\rWJlcrZ.exe
  C:\Windows\System\rWJlcrZ.exe
  2⤵
  PID:9828
- C:\Windows\System\SgfmvZh.exe
  C:\Windows\System\SgfmvZh.exe
  2⤵
  PID:9844
- C:\Windows\System\CFWKjLh.exe
  C:\Windows\System\CFWKjLh.exe
  2⤵
  PID:9860
- C:\Windows\System\qSbgJjS.exe
  C:\Windows\System\qSbgJjS.exe
  2⤵
  PID:9876
- C:\Windows\System\kMZaJWp.exe
  C:\Windows\System\kMZaJWp.exe
  2⤵
  PID:9892
- C:\Windows\System\TTQYVJl.exe
  C:\Windows\System\TTQYVJl.exe
  2⤵
  PID:9908
- C:\Windows\System\XmePRnL.exe
  C:\Windows\System\XmePRnL.exe
  2⤵
  PID:9924
- C:\Windows\System\eMxUqrd.exe
  C:\Windows\System\eMxUqrd.exe
  2⤵
  PID:9940
- C:\Windows\System\fkVOitF.exe
  C:\Windows\System\fkVOitF.exe
  2⤵
  PID:9960
- C:\Windows\System\mhwXmDE.exe
  C:\Windows\System\mhwXmDE.exe
  2⤵
  PID:9976
- C:\Windows\System\LqAnxhC.exe
  C:\Windows\System\LqAnxhC.exe
  2⤵
  PID:9996
- C:\Windows\System\PUKLXDt.exe
  C:\Windows\System\PUKLXDt.exe
  2⤵
  PID:10012
- C:\Windows\System\WibVlVu.exe
  C:\Windows\System\WibVlVu.exe
  2⤵
  PID:10028
- C:\Windows\System\oXUjmpk.exe
  C:\Windows\System\oXUjmpk.exe
  2⤵
  PID:10044
- C:\Windows\System\cjAGPSJ.exe
  C:\Windows\System\cjAGPSJ.exe
  2⤵
  PID:10060
- C:\Windows\System\JTbsduo.exe
  C:\Windows\System\JTbsduo.exe
  2⤵
  PID:10076
- C:\Windows\System\MTIPFkk.exe
  C:\Windows\System\MTIPFkk.exe
  2⤵
  PID:10092
- C:\Windows\System\dbCmciH.exe
  C:\Windows\System\dbCmciH.exe
  2⤵
  PID:10116
- C:\Windows\System\JKycxYh.exe
  C:\Windows\System\JKycxYh.exe
  2⤵
  PID:10132
- C:\Windows\System\Sptyofr.exe
  C:\Windows\System\Sptyofr.exe
  2⤵
  PID:10148
- C:\Windows\System\FTtXVRq.exe
  C:\Windows\System\FTtXVRq.exe
  2⤵
  PID:10164
- C:\Windows\System\wFOmsuK.exe
  C:\Windows\System\wFOmsuK.exe
  2⤵
  PID:10180
- C:\Windows\System\RdBYJBs.exe
  C:\Windows\System\RdBYJBs.exe
  2⤵
  PID:10196
- C:\Windows\System\OEmewmU.exe
  C:\Windows\System\OEmewmU.exe
  2⤵
  PID:10216
- C:\Windows\System\BnKHBoR.exe
  C:\Windows\System\BnKHBoR.exe
  2⤵
  PID:10236
- C:\Windows\System\fQPbMFs.exe
  C:\Windows\System\fQPbMFs.exe
  2⤵
  PID:8560
- C:\Windows\System\osMYwsC.exe
  C:\Windows\System\osMYwsC.exe
  2⤵
  PID:8344
- C:\Windows\System\Eavalws.exe
  C:\Windows\System\Eavalws.exe
  2⤵
  PID:9244
- C:\Windows\System\ElcBmkj.exe
  C:\Windows\System\ElcBmkj.exe
  2⤵
  PID:9340
- C:\Windows\System\xecLFuC.exe
  C:\Windows\System\xecLFuC.exe
  2⤵
  PID:9304
- C:\Windows\System\EnqCXhh.exe
  C:\Windows\System\EnqCXhh.exe
  2⤵
  PID:9292
- C:\Windows\System\EiwQiSt.exe
  C:\Windows\System\EiwQiSt.exe
  2⤵
  PID:9436
- C:\Windows\System\wOqLJTa.exe
  C:\Windows\System\wOqLJTa.exe
  2⤵
  PID:9288
- C:\Windows\System\zcjPnME.exe
  C:\Windows\System\zcjPnME.exe
  2⤵
  PID:9480
- C:\Windows\System\PgECdGi.exe
  C:\Windows\System\PgECdGi.exe
  2⤵
  PID:9416
- C:\Windows\System\cpLVTeD.exe
  C:\Windows\System\cpLVTeD.exe
  2⤵
  PID:9500
- C:\Windows\System\nCpjpjM.exe
  C:\Windows\System\nCpjpjM.exe
  2⤵
  PID:8596
- C:\Windows\System\HHhdsIE.exe
  C:\Windows\System\HHhdsIE.exe
  2⤵
  PID:9580
- C:\Windows\System\KeSQGXn.exe
  C:\Windows\System\KeSQGXn.exe
  2⤵
  PID:9664
- C:\Windows\System\pAUruUk.exe
  C:\Windows\System\pAUruUk.exe
  2⤵
  PID:9516
- C:\Windows\System\XPvWqXx.exe
  C:\Windows\System\XPvWqXx.exe
  2⤵
  PID:9756
- C:\Windows\System\giOuuuB.exe
  C:\Windows\System\giOuuuB.exe
  2⤵
  PID:9788
- C:\Windows\System\pMcTxFS.exe
  C:\Windows\System\pMcTxFS.exe
  2⤵
  PID:9616
- C:\Windows\System\PhNbtzF.exe
  C:\Windows\System\PhNbtzF.exe
  2⤵
  PID:9712
- C:\Windows\System\CKzHUbE.exe
  C:\Windows\System\CKzHUbE.exe
  2⤵
  PID:9776
- C:\Windows\System\UOndVpD.exe
  C:\Windows\System\UOndVpD.exe
  2⤵
  PID:9852
- C:\Windows\System\ihSLdso.exe
  C:\Windows\System\ihSLdso.exe
  2⤵
  PID:9916
- C:\Windows\System\hzePuSW.exe
  C:\Windows\System\hzePuSW.exe
  2⤵
  PID:9984
- C:\Windows\System\rbZYlKk.exe
  C:\Windows\System\rbZYlKk.exe
  2⤵
  PID:10020
- C:\Windows\System\JaNKIsp.exe
  C:\Windows\System\JaNKIsp.exe
  2⤵
  PID:9840
- C:\Windows\System\vtoiyXs.exe
  C:\Windows\System\vtoiyXs.exe
  2⤵
  PID:9932
- C:\Windows\System\TlgMdez.exe
  C:\Windows\System\TlgMdez.exe
  2⤵
  PID:10008
- C:\Windows\System\czstNYA.exe
  C:\Windows\System\czstNYA.exe
  2⤵
  PID:10056
- C:\Windows\System\CycFDid.exe
  C:\Windows\System\CycFDid.exe
  2⤵
  PID:10156
- C:\Windows\System\OEHmhAd.exe
  C:\Windows\System\OEHmhAd.exe
  2⤵
  PID:10084
- C:\Windows\System\LsVDXPi.exe
  C:\Windows\System\LsVDXPi.exe
  2⤵
  PID:10036
- C:\Windows\System\PlLIkFL.exe
  C:\Windows\System\PlLIkFL.exe
  2⤵
  PID:10104
- C:\Windows\System\MZQyAxv.exe
  C:\Windows\System\MZQyAxv.exe
  2⤵
  PID:10144
- C:\Windows\System\mYSeVlz.exe
  C:\Windows\System\mYSeVlz.exe
  2⤵
  PID:8740
- C:\Windows\System\pMQzulB.exe
  C:\Windows\System\pMQzulB.exe
  2⤵
  PID:9336
- C:\Windows\System\cCdfvsm.exe
  C:\Windows\System\cCdfvsm.exe
  2⤵
  PID:9260
- C:\Windows\System\JhpzaLH.exe
  C:\Windows\System\JhpzaLH.exe
  2⤵
  PID:9536
- C:\Windows\System\JSjXJLB.exe
  C:\Windows\System\JSjXJLB.exe
  2⤵
  PID:9744
- C:\Windows\System\NqMAHlS.exe
  C:\Windows\System\NqMAHlS.exe
  2⤵
  PID:9884
- C:\Windows\System\pWiaYSh.exe
  C:\Windows\System\pWiaYSh.exe
  2⤵
  PID:9900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AwQZHdK.exe

Filesize
5.7MB

MD5
bad0f8656fb961f1413799c187df28f1

SHA1
bc86090d67938950da35b3824fae089a89c406e6

SHA256
9566a9af4e4e0fe9d8ee8bb9c2a25c58d52ede5249f60ec22fe8049339c070d4

SHA512
71aa28b63ee8ff45d76f43967cbf175b120755e7d8b4034a7c03ec75b0bc5f11c82ddcb536efba7b0be4d9526514069a2f7adbb3d4848224732463e8c78ee5c2

Download Submit
C:\Windows\system\BDKfkfQ.exe

Filesize
5.7MB

MD5
e29992bfeb716d1ae980a24d51929a71

SHA1
06e4ebcf4da680d74fddf89557d9a5bba7277421

SHA256
cda517cdf0f485c5cd48657d38647b3dc2ba1fcc9a263894091e08c6e3fba31d

SHA512
c0ae473626adb5bd6fbf3602472f19ca2738607a7a721865f6ac05d8d0692a2804f9cad8809da5141551ea21e94c51c4965e749f49cc639b0b10d2e8c6859b85

Download Submit
C:\Windows\system\DKnhmpn.exe

Filesize
5.7MB

MD5
bfe3243dfbf7a0914687e3e74857316e

SHA1
99a6047ec0b86e38c46fe42ee557d4798f82a136

SHA256
a2666b91ac8db088f670918da04f89dbcb6fa9ec1e474a99d324039044f36370

SHA512
e8bd39cd9761be4fb43f946b3827aee463433eb7620329dd998963e7907a394ca20525ef8dfb016e84f64324790a4aabadbd1e9d3e5f8f5ab92138e777c1da46

Download Submit
C:\Windows\system\HcCAcdv.exe

Filesize
5.7MB

MD5
11470a448ab6b6b8149dbb56e0ec1cdd

SHA1
523ffa6546957a50faeb434d936541a58a50220e

SHA256
416332c7bb69a1c64ee066b9e613ae8213fcf0819413f95b5e899817a8e87d1d

SHA512
9ace67cf6ec3a0a04356c9691c6dfe3af33bbc2e08541aedf83f3051dc258b5b3936b816d14b7512044d02d34353fb92208d70d5cbc2645e841fae0b2e1cdf6e

Download Submit
C:\Windows\system\LcOHAaJ.exe

Filesize
5.7MB

MD5
134ccbf5a98e25734fa025b098396dd9

SHA1
a6e8557bb67a42329fec06303301b55f9b4d0ef9

SHA256
2f21ad92921c9e84cba5fdb2cb401b169142c972eb66506717b4989e3385fecc

SHA512
ea712e259720bee9efc96f5853a0d64436812d224f52c20998c40b828362b3ffb13d1b9908265dc12ad8393400155431fff11abba50e031c4b6f9ffc3eb8de4e

Download Submit
C:\Windows\system\LecfLbE.exe

Filesize
5.7MB

MD5
8f846456bc10bdc6df664b8ed0c1f510

SHA1
4e65c707f1bf447ccf7aa19037c43c7ef0123428

SHA256
b6dcc4782b079c48abfeed7f9751ad1e6933aab16875a740c09630c14a7e26ac

SHA512
5fa060deb2916c7084638f5d838d9088a0f019ebf7bf2271dbdb9a742b33fd6ea9b1906f2ae0fa8ab3c83c8795df66dd866665a19b403083f4bf6e9273733e39

Download Submit
C:\Windows\system\PZbSaCO.exe

Filesize
5.7MB

MD5
dcd3b9ffcc9753eae04cbcdaeb881042

SHA1
21264a473cc742a2ac4f820e3104369897179c87

SHA256
7e0596ee3c4b2ac8c0934a98c296a6c7a4f44db69dcb50a9b00c3dd9d12360cd

SHA512
86b7123c685e1662fd25bbe464b40f7ee0f2d2d91981c5afb1a1e9ea1ad7e898612e6923142cb82a7d60608fcc758bd81814507ae282dc65040580707c2c6f4c

Download Submit
C:\Windows\system\QsGZiTv.exe

Filesize
5.7MB

MD5
86755c6de50aff423dd5ee80ff764e2c

SHA1
9a9a66eb54de23627c7bb0ab196d1b9cfda20b29

SHA256
6202a2ed7ec8dacf6d8a26ee6636aca4ee6666ee4b786af13b327dfe8015cee7

SHA512
a6993af00607b1220c49392f67f3d8a40c08b8974bff095870b9fbc42f56430eb6112f19e15b5cf94125ded6a24f0031ca2c0902cf097db6793982bb5e5ecd17

Download Submit
C:\Windows\system\RvJOJhU.exe

Filesize
5.7MB

MD5
2d1e3604406e920ef17ad24a6dddc0cd

SHA1
8b8a82e4e80a4d746f9df7e183900d71e16bbc6a

SHA256
b2b2ad1598aaba506bbae49126bcdff1c90897b36fffe9c0f9ce313e89663985

SHA512
d353374b048365346d5518355f0f06403aedc47018129b047494b1bedcc37b6db545bc2bb08b20ca83da3bde3f7aa229b06fd4e6fbde04da03552fa13a1f9989

Download Submit
C:\Windows\system\WbcMtGK.exe

Filesize
5.7MB

MD5
cba8ce4b6db95d0ded6005d44e2bdde6

SHA1
4a97a8071841739eead2b6fe27e99ba35ab5d55a

SHA256
b204769803accfdabd2482626905f95364c4dba9d00e7bb6b0cc770cf12ecffe

SHA512
95f3118f9b64e610707a3b36458bf8a8b2052d49bbcc02a6b5310fd42b90cdf7ed2490b7b7597dbbee85ab8806578069f2f26400e5d63cf72a663bcb7e907d71

Download Submit
C:\Windows\system\WhQiMLP.exe

Filesize
5.7MB

MD5
bb5e3854f7e5da1acc8056fbd3f4d486

SHA1
9e63b9681c3a84ead28683bfb7216d99b976a2ec

SHA256
4fdc262be09e795ff05d81a5aa94401ba21de21190758e0e75f9575df7c313d3

SHA512
cc5527f64e8b3edefb407756c9f6b87f01d3918e41e67e9f41383ed2d496590d7f10604b688df62c2cb449f759feb3d96e9c2d38a136598806252d611daa22b5

Download Submit
C:\Windows\system\XMamIJV.exe

Filesize
5.7MB

MD5
bed7b39b549ee53799d614859e335bd8

SHA1
842be1225257ebb62061d0cfd4a7a6eee6f946dd

SHA256
89e9985836cc8b93a97f14aa33caf6070433fbdad87c44e23616997b727bf236

SHA512
da8490373017f10cb089b9b64f9c991898be95c3bc671ceb39300f8a1b5ab955bb14d92dc22b63feba9c82e2ba5f47525f80b3a9e5fbc5199a7af34889120897

Download Submit
C:\Windows\system\XfTxkrA.exe

Filesize
5.7MB

MD5
19a4e61183594a32b52101249ad71376

SHA1
d63cbda70da80dc45139bc9a6c827444171b9327

SHA256
09e888156754c5357c7c73dcc6b8866f2f39ed6d0c9581eb5203c97d0ae8fef6

SHA512
ec7c579f329844c1b7c45f9dd7b26cefd35f140fac5cd8a36ee1bd2c9f7a0bf131f9631b81a591a2eabca8a3a12950eec1e597b1eb05cd8c5984d627dc34a207

Download Submit
C:\Windows\system\YAjSvFO.exe

Filesize
5.7MB

MD5
ac34d804688a1ca2dbd9a7df996b7fdd

SHA1
1dfc4d94c997c7daf603acf8d20782f77cdb75d1

SHA256
781cf1cb4fea777e735645b86c94bc4902994e7275cab1b1dd8d0bed5a50fc92

SHA512
1108bda10544345713616caf4a6b1ae9b62d068150d7b75458a2fbfa762474765dc73adfaee8b68c3ff3ca6ee567bc483630bd46ec191e4e825839ddc2dac60c

Download Submit
C:\Windows\system\aYjRGvs.exe

Filesize
5.7MB

MD5
fe0c12b20b51313c1b468fd126ced0bc

SHA1
4e408a4047c446595280d68d8675a32200fe43db

SHA256
81f660db802d2103a4a460e72cf4adf17b7c6a95e5041fc57c6e9c4127a47a07

SHA512
304777e31cac569caeb27b21851ec411bc09d3264de47566299e0eb5c3c3f5abc0f1190894169890aa28e6772d7583bf307b8f18d7c1178589c9534ff8b9021b

Download Submit
C:\Windows\system\dnJXePh.exe

Filesize
5.7MB

MD5
05d1275439a1d82531c151391d5b783e

SHA1
45f593d92fe328478c7644c2aa0db54c21ef642c

SHA256
41b7db4460c2c2bc5681cd75ff1eee5c1e1cd2d9d99c156c59589e6316ba64c7

SHA512
fb39e3a9a661c3eb2d63b79c496bf13a9276c748fb3cd8f7029d1962a613d151f005d016a6942252bf56155951d4743b8599571a643fb55ecd0689e0e529d666

Download Submit
C:\Windows\system\dyAvqNg.exe

Filesize
5.7MB

MD5
1eebdfdb7dac535f1e246e9d891f731d

SHA1
3257864244f5483e4d59f8f496a6bace6251aead

SHA256
46b26f384637273fc59dd67e25fb9ebdaafa0d350a98ae2debb8a25ffa634e2d

SHA512
c642366445f9255d6dcd6d85a23f736b32a9ebf85d952f6ab378c808d177b9b1b4e3e75d9dc7f807631b7837584db4c2c21364ae44be583d9262d94b78540aad

Download Submit
C:\Windows\system\htvYMzM.exe

Filesize
5.7MB

MD5
f9b73a00f076e055d2e6aed45c4cab22

SHA1
73491fad4b6d2b289d3bf1cac8fff52a9d7b46af

SHA256
6e2343b5a1ca423f48d4169cf0fd4e6207f0ad6465f0ac94dbec72034f6c4283

SHA512
c0b8ad8786f6e948731cb82d31b8d88c91a0c3e67ebdcb1a4c9331027f130b07bd2ecf86711f916334b73911b879a824ed8eed97b43d5937c7610d50a074c62c

Download Submit
C:\Windows\system\kFgZhgQ.exe

Filesize
5.7MB

MD5
f64cda985d170fc5daa38a48a2989dbc

SHA1
001df545e0a403ee5223f615bac6aeb103dbc6e9

SHA256
3e916a14fff1c80269fbf8e4e94dabc2c0529b26036888f1233570d10f570524

SHA512
a989ba1f1a386e7e28ccce0b24191fcff4526a19ecc0267a77cd1ae598a191ba8803870cf05e8e5f4d8a040da44c59bd488c15972399841a62b7474766f81e8e

Download Submit
C:\Windows\system\kqAoSmI.exe

Filesize
5.7MB

MD5
5b7cba206f881ab7ccc6e87c4fa4cdd2

SHA1
87fdf661fae82200c2eea2bc3799923005d66e10

SHA256
bb41b98e68890f37c2bb4c9a940566092ac4d636dea920011be9301eda9d6020

SHA512
61d032cec06668096b8e6cb3c0993489b4864dcf05fde2ea4a9a731829ebab392204d0a0cadfe34584bd4cc26fac053e4e68920f9380076f3869f6ad72ead1eb

Download Submit
C:\Windows\system\lgNPkup.exe

Filesize
5.7MB

MD5
73bda7f05c4bdcec001ae8fdcc833e1f

SHA1
2adc88127971da0158f03f496b5909f02165e984

SHA256
8fea15c4793af4c0ac7284217a9f9c3d39607c4ba36aa465eba22bb5c176c0aa

SHA512
6ae0859da7a47f835647926e6cdca31d3f9310858baacc8b3f99d15444f15abcc1e6dc70430fec37770129414add3ed7667589415a8a5e1695443e750cc06c7b

Download Submit
C:\Windows\system\liuRrip.exe

Filesize
5.7MB

MD5
7c67389900fce8eee3860cd5268cf839

SHA1
46e7b1cb8b2c97c7b3e0c411fca6fc8c8de82345

SHA256
e6af8698430f1b8a798e476450276e7de106202d9a68d290f8f49df3443a22db

SHA512
b496824f0d57d4f3851b62ec3f0062555bc4842325d78747d8db23d1cf0f0265d719f9c54116977a76cd26937852fc637db1b78137ee7a83e6b38b4101cc52a2

Download Submit
C:\Windows\system\nWZcRuo.exe

Filesize
5.7MB

MD5
edf3f41167288e503e6441e0fd5be8c3

SHA1
bb3547e4e9130ce8fde66524d835aeb273dd1295

SHA256
7bd675738384fb2efe30c91a3fc7dccb991241c58048b22db3dbe9406ce2766d

SHA512
c26888f284835a8f9888a013b1d24c5b9d953ce68d85d6f1070a86492ab3c2b8b25adbf8ceb93bd28d687fd4f34ca9540d3d718f1ccf988e7fafacc81f101df9

Download Submit
C:\Windows\system\oTYVLjb.exe

Filesize
5.7MB

MD5
70a721849776b59b2fcc1c4b3ac1d378

SHA1
8460efb96b248ebcd6a6a57f51600a30488d897f

SHA256
9d0c49d3899f959ea671cab98da422a90d44362e270927b1750632a0d74ffc0b

SHA512
37a3b68db5edc23b694b90a2ab1f8297446b926f7f38f5fc6021649be1e2c8a28fd0745a32878e83a7d9f73315b830c2af32df8a3da86ff1ff48c1449f7a676f

Download Submit
C:\Windows\system\pIBRGSC.exe

Filesize
5.7MB

MD5
9d6b449af3e3bd7aa161c98710fd973f

SHA1
efa64500cb08846706ff81ef2cc7678601732086

SHA256
d3aba6705f2806686daa43169a316325cac8a3c3b52002892b94caddb91ae2d1

SHA512
f184bc487eb5b46f41a5c30d18ffdaa3502cc719612ecfb6658609ebe08f461d40fef8493dee024d64ee08c3d888a68d345ce59e62b73558ebf9cda3a8e0b20a

Download Submit
C:\Windows\system\qECBgyR.exe

Filesize
5.7MB

MD5
1f39cca5d7b3afc86492d165cdba39fd

SHA1
52c3e675d7e8e383019da9c5532826945e4a2fa4

SHA256
e35a89d2c003e643fd4d8fbb958f6609acd3487af82b7fa5eef05e4d80bf9946

SHA512
c7ec51ff7cfd191fce94e19426cd1e9d72a293ed9c745a334fb87adc501c591630d5996c006fa76d3caa34377b47185d0958eba7d3c9f9ec2f322af332b18e1a

Download Submit
C:\Windows\system\xEvDQzO.exe

Filesize
5.7MB

MD5
244b67e20827e0e8f5e4222d2efa8865

SHA1
475c9554678eddc8fcd5e13c0b7302f86e516d9c

SHA256
d249d492f8a91938779abad51c7c581cd0460c41f9a29912338a2339e0069f2c

SHA512
da7d04dd99b8d3bd7e79040e06c83f39f62709fe63f1ac5010b3e0a22dd39d1ca934561e6a30d03e5b40074fa372b0c535aaea00738d4f25e54f916616bc9f0a

Download Submit
C:\Windows\system\yloIBMO.exe

Filesize
5.7MB

MD5
706344eb285a4e7c3f839d9f127a07ff

SHA1
df0ae4379393c775ec3d4f436d21620f88d0d897

SHA256
2bb2633497561d6a3df7fec6bea4c9fd0d2114be9da1d80bad35f26a3862c67f

SHA512
3db5953ab28c7044ea808743680740a35b4fda3d67252502cfb0a759eb3c2158000b28e6c858e0b48bbb15375535e87ec463037980d05119d9cc68f6becb75a5

Download Submit
\Windows\system\DKEgpeM.exe

Filesize
5.7MB

MD5
762eea8cda1260126b3a9b18464014fd

SHA1
6b9a271228d875acaa92b21417b4e0e854ba8350

SHA256
cdff567f8a5e508a1e678322275d8a45080a0aa47c65f5768a229be994ba1f59

SHA512
97342e70ec2e1ae5108ae6e4d38ac7e17317774a58d5144fe4430ec640bb1c64e9e1ea6d39525c18c46ee915ab515ce7d50531a12ab44f071fa6cf00978e91d3

Download Submit
\Windows\system\HxYoRga.exe

Filesize
5.7MB

MD5
0c0c83e797c782ec47ccf6187b2a1a2b

SHA1
9d66a6015820985015829bb20a19060885161940

SHA256
eb5ab47084932956bf0d2c9241b7527f120a6b106a25e02ae6e03c20eb54473f

SHA512
ea7b67dce92c6489c2762ae9c0a30e56ed14fcd21815a02580b87ca1c8c749ffd784a7e98f3e9a688605398de3b59596c0e5f2626046bad9bc306fa520ea4ee8

Download Submit
\Windows\system\VwJDmTZ.exe

Filesize
5.7MB

MD5
22c1f3669e6b3c81252baf8d55f4dadb

SHA1
4e3187d9f22dc82e3fbcdec25b3d34ca8ec2b719

SHA256
90094b2a5288c55e5177be07486c4ac48e05e2997d1c309d03d8e7a81707c2ef

SHA512
c9482beef45bc91e1b80e0b9373760018e74a0e09e3f18bfbb704f4327e16e4003fde23d2fdf20f996089f5e049ac415c42fecb7630580d46e95dfa00bf7e86f

Download Submit
\Windows\system\pFwuEUf.exe

Filesize
5.7MB

MD5
9c7cbcc932a9bf62b73a5354328527e2

SHA1
dc99c1af41bebf70956852ca70fb778eb60e98a4

SHA256
ef1fca25686c4ac2b00e2c68d17192e14c4833e58f9ca73d543be2b85a156d53

SHA512
5e4c9033b69a958481e0b00fa0683f76414b2731c0570a380e3c5d1317b7f547cabce936b6e3c6e39094390e544c4537c4c1639e8f30e778fba770d112cda010

Download Submit
\Windows\system\zDCxiVg.exe

Filesize
5.7MB

MD5
b57c37b34dcc355c0020b08b6ef8c40f

SHA1
8ac7f6cc03ce794b424e581aba9b9dc42c0e433a

SHA256
50b0a437c048920832e008b6a8ca52b094d534a94d00e2ece0be1f95a549ac6d

SHA512
3f9db2145317c46651670edf52b48cb7f4e1a6661c229c5de1d08f308eec10aea9481defb6ec9f336c4803645cb44ebc5a5309885cb3072d74d58f55a7b10602

Download Submit
memory/320-164-0x000000013FD50000-0x000000014009D000-memory.dmp

Filesize
3.3MB

Download
memory/864-160-0x000000013F4A0000-0x000000013F7ED000-memory.dmp

Filesize
3.3MB

Download
memory/1000-158-0x000000013FED0000-0x000000014021D000-memory.dmp

Filesize
3.3MB

Download
memory/1056-178-0x000000013FE70000-0x00000001401BD000-memory.dmp

Filesize
3.3MB

Download
memory/1652-202-0x000000013F960000-0x000000013FCAD000-memory.dmp

Filesize
3.3MB

Download
memory/1676-152-0x000000013FDD0000-0x000000014011D000-memory.dmp

Filesize
3.3MB

Download
memory/1780-162-0x000000013F5E0000-0x000000013F92D000-memory.dmp

Filesize
3.3MB

Download
memory/1960-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/1960-0-0x000000013F6B0000-0x000000013F9FD000-memory.dmp

Filesize
3.3MB

Download
memory/1984-167-0x000000013FE60000-0x00000001401AD000-memory.dmp

Filesize
3.3MB

Download
memory/2160-166-0x000000013F6D0000-0x000000013FA1D000-memory.dmp

Filesize
3.3MB

Download
memory/2220-124-0x000000013FD40000-0x000000014008D000-memory.dmp

Filesize
3.3MB

Download
memory/2316-11-0x000000013F620000-0x000000013F96D000-memory.dmp

Filesize
3.3MB

Download
memory/2340-145-0x000000013FA80000-0x000000013FDCD000-memory.dmp

Filesize
3.3MB

Download
memory/2356-174-0x000000013F980000-0x000000013FCCD000-memory.dmp

Filesize
3.3MB

Download
memory/2440-15-0x000000013F340000-0x000000013F68D000-memory.dmp

Filesize
3.3MB

Download
memory/2484-194-0x000000013F260000-0x000000013F5AD000-memory.dmp

Filesize
3.3MB

Download
memory/2528-142-0x000000013F290000-0x000000013F5DD000-memory.dmp

Filesize
3.3MB

Download
memory/2560-156-0x000000013F5C0000-0x000000013F90D000-memory.dmp

Filesize
3.3MB

Download
memory/2652-143-0x000000013F0D0000-0x000000013F41D000-memory.dmp

Filesize
3.3MB

Download
memory/2680-118-0x000000013F840000-0x000000013FB8D000-memory.dmp

Filesize
3.3MB

Download
memory/2688-120-0x000000013F750000-0x000000013FA9D000-memory.dmp

Filesize
3.3MB

Download
memory/2716-180-0x000000013FB30000-0x000000013FE7D000-memory.dmp

Filesize
3.3MB

Download
memory/2724-170-0x000000013F2D0000-0x000000013F61D000-memory.dmp

Filesize
3.3MB

Download
memory/2772-176-0x000000013F690000-0x000000013F9DD000-memory.dmp

Filesize
3.3MB

Download
memory/2784-146-0x000000013FFB0000-0x00000001402FD000-memory.dmp

Filesize
3.3MB

Download
memory/2816-140-0x000000013F900000-0x000000013FC4D000-memory.dmp

Filesize
3.3MB

Download
memory/2832-122-0x000000013FC30000-0x000000013FF7D000-memory.dmp

Filesize
3.3MB

Download
memory/2896-172-0x000000013FD60000-0x00000001400AD000-memory.dmp

Filesize
3.3MB

Download
memory/3016-144-0x000000013F950000-0x000000013FC9D000-memory.dmp

Filesize
3.3MB

Download
memory/3044-154-0x000000013F3A0000-0x000000013F6ED000-memory.dmp

Filesize
3.3MB

Download
memory/3064-119-0x000000013F660000-0x000000013F9AD000-memory.dmp

Filesize
3.3MB

Download