cobaltstrike | 9ebc28ffed21b293c02b9d7683694b737c25c366a0d52b5d6305c046e188ddd6

Analysis

max time kernel
139s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01/03/2025, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

44a24a5e84d0383729c46694f2c31e8f
SHA1

edaea7214eddd7704d4c05197d5329e4d8c5f045
SHA256

9ebc28ffed21b293c02b9d7683694b737c25c366a0d52b5d6305c046e188ddd6
SHA512

0be15bcdb7af32021d0ea46ef8fd11a1b77c71331a332b235462b7c9f118f28ce0041903d4f214e94122ae86f817a2e0b1cda550318f95c87b2b32b0d67c0ef3
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lU/:j+R56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 39 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012257-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019490-8.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001949d-15.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e4-27.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194e6-32.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-43.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-47.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e3-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4de-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4da-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d6-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e5-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e1-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4dc-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d8-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d4-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-52.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019551-36.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194da-24.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d0-20.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2272-0-0x000000013F890000-0x000000013FBDD000-memory.dmp	xmrig
behavioral1/files/0x000d000000012257-3.dat	xmrig
behavioral1/files/0x0007000000019490-8.dat	xmrig
behavioral1/files/0x000700000001949d-15.dat	xmrig
behavioral1/files/0x00060000000194e4-27.dat	xmrig
behavioral1/files/0x00080000000194e6-32.dat	xmrig
behavioral1/files/0x000500000001a4a5-43.dat	xmrig
behavioral1/files/0x000500000001a4ab-47.dat	xmrig
behavioral1/files/0x000500000001a4b5-65.dat	xmrig
behavioral1/files/0x000500000001a4bb-79.dat	xmrig
behavioral1/files/0x000500000001a4bf-87.dat	xmrig
behavioral1/memory/2328-340-0x000000013FA10000-0x000000013FD5D000-memory.dmp	xmrig
behavioral1/memory/1716-229-0x000000013FE50000-0x000000014019D000-memory.dmp	xmrig
behavioral1/memory/2620-364-0x000000013F230000-0x000000013F57D000-memory.dmp	xmrig
behavioral1/memory/2568-363-0x000000013FEE0000-0x000000014022D000-memory.dmp	xmrig
behavioral1/memory/316-362-0x000000013F190000-0x000000013F4DD000-memory.dmp	xmrig
behavioral1/memory/2436-361-0x000000013FB90000-0x000000013FEDD000-memory.dmp	xmrig
behavioral1/memory/2576-359-0x000000013FE40000-0x000000014018D000-memory.dmp	xmrig
behavioral1/memory/2040-360-0x000000013F0F0000-0x000000013F43D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c9-134.dat	xmrig
behavioral1/memory/536-339-0x000000013F770000-0x000000013FABD000-memory.dmp	xmrig
behavioral1/memory/388-338-0x000000013FCC0000-0x000000014000D000-memory.dmp	xmrig
behavioral1/memory/700-337-0x000000013F630000-0x000000013F97D000-memory.dmp	xmrig
behavioral1/memory/876-335-0x000000013F090000-0x000000013F3DD000-memory.dmp	xmrig
behavioral1/memory/1584-334-0x000000013F570000-0x000000013F8BD000-memory.dmp	xmrig
behavioral1/memory/1228-333-0x000000013FCA0000-0x000000013FFED000-memory.dmp	xmrig
behavioral1/memory/2552-332-0x000000013F6E0000-0x000000013FA2D000-memory.dmp	xmrig
behavioral1/memory/2992-331-0x000000013F5C0000-0x000000013F90D000-memory.dmp	xmrig
behavioral1/memory/2872-330-0x000000013F380000-0x000000013F6CD000-memory.dmp	xmrig
behavioral1/memory/2668-329-0x000000013F250000-0x000000013F59D000-memory.dmp	xmrig
behavioral1/memory/3016-328-0x000000013F430000-0x000000013F77D000-memory.dmp	xmrig
behavioral1/memory/1308-327-0x000000013F7C0000-0x000000013FB0D000-memory.dmp	xmrig
behavioral1/memory/2044-326-0x000000013F9E0000-0x000000013FD2D000-memory.dmp	xmrig
behavioral1/memory/1712-325-0x000000013F470000-0x000000013F7BD000-memory.dmp	xmrig
behavioral1/memory/608-324-0x000000013F4B0000-0x000000013F7FD000-memory.dmp	xmrig
behavioral1/memory/2680-323-0x000000013F240000-0x000000013F58D000-memory.dmp	xmrig
behavioral1/memory/3312-322-0x000000013F640000-0x000000013F98D000-memory.dmp	xmrig
behavioral1/memory/2288-321-0x000000013F1F0000-0x000000013F53D000-memory.dmp	xmrig
behavioral1/memory/3344-320-0x000000013FB00000-0x000000013FE4D000-memory.dmp	xmrig
behavioral1/memory/448-319-0x000000013F020000-0x000000013F36D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4e3-170.dat	xmrig
behavioral1/files/0x000500000001a4de-164.dat	xmrig
behavioral1/files/0x000500000001a4da-158.dat	xmrig
behavioral1/files/0x000500000001a4d6-152.dat	xmrig
behavioral1/files/0x000500000001a4d1-146.dat	xmrig
behavioral1/files/0x000500000001a4cd-140.dat	xmrig
behavioral1/memory/1996-304-0x000000013F610000-0x000000013F95D000-memory.dmp	xmrig
behavioral1/memory/2100-227-0x000000013F7D0000-0x000000013FB1D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4e5-173.dat	xmrig
behavioral1/files/0x000500000001a4e1-167.dat	xmrig
behavioral1/files/0x000500000001a4dc-161.dat	xmrig
behavioral1/files/0x000500000001a4d8-155.dat	xmrig
behavioral1/files/0x000500000001a4d4-149.dat	xmrig
behavioral1/files/0x000500000001a4cf-143.dat	xmrig
behavioral1/files/0x000500000001a4cb-137.dat	xmrig
behavioral1/memory/2972-130-0x000000013FE70000-0x00000001401BD000-memory.dmp	xmrig
behavioral1/memory/2648-129-0x000000013F970000-0x000000013FCBD000-memory.dmp	xmrig
behavioral1/memory/2492-126-0x000000013FB60000-0x000000013FEAD000-memory.dmp	xmrig
behavioral1/memory/2780-125-0x000000013FCB0000-0x000000013FFFD000-memory.dmp	xmrig
behavioral1/memory/604-124-0x000000013FD90000-0x00000001400DD000-memory.dmp	xmrig
behavioral1/memory/2472-122-0x000000013F5B0000-0x000000013F8FD000-memory.dmp	xmrig
behavioral1/memory/2644-121-0x000000013F450000-0x000000013F79D000-memory.dmp	xmrig
behavioral1/memory/2712-119-0x000000013F6A0000-0x000000013F9ED000-memory.dmp	xmrig
behavioral1/memory/2008-118-0x000000013F870000-0x000000013FBBD000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
484	evsqSuJ.exe
1528	wXsrtyD.exe
2316	hIhFCIk.exe
2732	AFrcujh.exe
2244	PKWaOJA.exe
2748	xoRjgyl.exe
2852	tBVIlrU.exe
2836	AlxZioR.exe
2644	qnCWlpj.exe
2804	VWgjRMb.exe
2672	vNZRlLb.exe
2904	EynILlH.exe
2780	vpZXYtu.exe
2696	KtMHtkS.exe
2648	aqNCYXT.exe
2712	pgBlolJ.exe
2488	tcukiCl.exe
2472	xQghwcL.exe
308	xSqwGHD.exe
604	NVJNrue.exe
3036	AQwTjNJ.exe
2492	PgBigKs.exe
3048	bgSSkzC.exe
2972	zquVwAt.exe
2008	vymwnEs.exe
2100	EKjfGWN.exe
1996	iJMvfMS.exe
1716	TBXkWJc.exe
448	QwLXUKM.exe
1144	OHVUdon.exe
1344	hQjileu.exe
2876	YIlQNsF.exe
1820	vvZkvPI.exe
1540	CjrEBQY.exe
792	dSqxDwk.exe
2436	GprgfFL.exe
1736	GuiMRBH.exe
316	spSzHWY.exe
2576	AezIXBD.exe
2568	Zmowqum.exe
700	JfkKxiq.exe
1644	XQljaJd.exe
876	yFgEHsI.exe
2552	uCyaXlz.exe
1584	voBMpBG.exe
1228	bZEyjgQ.exe
2872	CHaSiiZ.exe
2992	owvasge.exe
2668	POgniIB.exe
3016	XHZrnnZ.exe
1308	HLeTJOk.exe
2288	pKZbABM.exe
2044	vWiZofE.exe
1712	uVtnKJl.exe
2680	exWEZCQ.exe
608	QczPGhP.exe
2040	XwnimBF.exe
1856	AShHGxu.exe
2864	eqHotYG.exe
3084	XjMsfBa.exe
3116	fFNMLRR.exe
3148	RaocnXS.exe
3180	gCJWngO.exe
3212	bFXJdcU.exe

Loads dropped DLL 64 IoCs

pid	Process
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zAvcGMN.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQwTjNJ.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiAbjCD.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VoPwGAj.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpjvsIa.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqeMwZw.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztSrggd.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtEgKuU.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZAkyka.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqwwbBz.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFrcujh.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMrKsZK.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyMHdXj.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzBNtUz.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuqppYC.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onEbMLM.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phsIOPd.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkotfZK.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwzCqBx.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCJWngO.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiUKket.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpiyjfC.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owOdnhL.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfofLPX.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uidWqkF.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDLCZOE.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBawMhX.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyHHuGt.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFKmCJT.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKptwJu.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlZaBuL.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsEDDms.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njafgJb.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGTidat.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNEgqus.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNbAagJ.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzvSmGL.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKRHsAt.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLPtsfH.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGNSzYg.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KASUQdm.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNyODNF.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlEtsRr.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYtmiFD.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJYXUFX.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKTCiJH.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCGTamN.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wasEiFH.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DxvGfCy.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCaEQJg.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofIuxRd.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuIGupr.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjZPYUx.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiRbvVM.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMpxZbR.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svsKhMa.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVgIQsg.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCqFPSn.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDcQNNe.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDSgNPe.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVpPKWc.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFKSAza.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzsKxTh.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otBtmlt.exe	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 484	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 484	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 484	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 1528	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 1528	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 1528	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 2316	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2316	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2316	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2732	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2732	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2732	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2244	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2244	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2244	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2748	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2748	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2748	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2852	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2852	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2852	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2836	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 2836	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 2836	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 2644	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 2644	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 2644	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 2804	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2804	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2804	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2672	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2672	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2672	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2904	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2904	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2904	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2780	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2780	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2780	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2696	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 2696	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 2696	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 2648	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 2648	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 2648	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 2712	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 2712	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 2712	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 2488	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2488	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2488	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2472	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 2472	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 2472	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 308	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 308	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 308	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 604	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 604	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 604	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 3036	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2272 wrote to memory of 3036	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2272 wrote to memory of 3036	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2272 wrote to memory of 2492	2272	2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-01_44a24a5e84d0383729c46694f2c31e8f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\System\evsqSuJ.exe
  C:\Windows\System\evsqSuJ.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\wXsrtyD.exe
  C:\Windows\System\wXsrtyD.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\hIhFCIk.exe
  C:\Windows\System\hIhFCIk.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\AFrcujh.exe
  C:\Windows\System\AFrcujh.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\PKWaOJA.exe
  C:\Windows\System\PKWaOJA.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\xoRjgyl.exe
  C:\Windows\System\xoRjgyl.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\tBVIlrU.exe
  C:\Windows\System\tBVIlrU.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\AlxZioR.exe
  C:\Windows\System\AlxZioR.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\qnCWlpj.exe
  C:\Windows\System\qnCWlpj.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\VWgjRMb.exe
  C:\Windows\System\VWgjRMb.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\vNZRlLb.exe
  C:\Windows\System\vNZRlLb.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\EynILlH.exe
  C:\Windows\System\EynILlH.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\vpZXYtu.exe
  C:\Windows\System\vpZXYtu.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\KtMHtkS.exe
  C:\Windows\System\KtMHtkS.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\aqNCYXT.exe
  C:\Windows\System\aqNCYXT.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\pgBlolJ.exe
  C:\Windows\System\pgBlolJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\tcukiCl.exe
  C:\Windows\System\tcukiCl.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\xQghwcL.exe
  C:\Windows\System\xQghwcL.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\xSqwGHD.exe
  C:\Windows\System\xSqwGHD.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\NVJNrue.exe
  C:\Windows\System\NVJNrue.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\AQwTjNJ.exe
  C:\Windows\System\AQwTjNJ.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\PgBigKs.exe
  C:\Windows\System\PgBigKs.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\bgSSkzC.exe
  C:\Windows\System\bgSSkzC.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\zquVwAt.exe
  C:\Windows\System\zquVwAt.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\vymwnEs.exe
  C:\Windows\System\vymwnEs.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\pKZbABM.exe
  C:\Windows\System\pKZbABM.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\EKjfGWN.exe
  C:\Windows\System\EKjfGWN.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\jPQodsZ.exe
  C:\Windows\System\jPQodsZ.exe
  2⤵
  PID:388
- C:\Windows\System\iJMvfMS.exe
  C:\Windows\System\iJMvfMS.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\PDlpUcA.exe
  C:\Windows\System\PDlpUcA.exe
  2⤵
  PID:536
- C:\Windows\System\TBXkWJc.exe
  C:\Windows\System\TBXkWJc.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\BReEMaQ.exe
  C:\Windows\System\BReEMaQ.exe
  2⤵
  PID:2328
- C:\Windows\System\QwLXUKM.exe
  C:\Windows\System\QwLXUKM.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\oRfiiGl.exe
  C:\Windows\System\oRfiiGl.exe
  2⤵
  PID:2620
- C:\Windows\System\OHVUdon.exe
  C:\Windows\System\OHVUdon.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\InBQeYW.exe
  C:\Windows\System\InBQeYW.exe
  2⤵
  PID:1872
- C:\Windows\System\hQjileu.exe
  C:\Windows\System\hQjileu.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\HmvpihI.exe
  C:\Windows\System\HmvpihI.exe
  2⤵
  PID:2080
- C:\Windows\System\YIlQNsF.exe
  C:\Windows\System\YIlQNsF.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\WbjehsF.exe
  C:\Windows\System\WbjehsF.exe
  2⤵
  PID:2052
- C:\Windows\System\vvZkvPI.exe
  C:\Windows\System\vvZkvPI.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\HhyfqgU.exe
  C:\Windows\System\HhyfqgU.exe
  2⤵
  PID:108
- C:\Windows\System\CjrEBQY.exe
  C:\Windows\System\CjrEBQY.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\AVLlsxt.exe
  C:\Windows\System\AVLlsxt.exe
  2⤵
  PID:1160
- C:\Windows\System\dSqxDwk.exe
  C:\Windows\System\dSqxDwk.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\fPhomDy.exe
  C:\Windows\System\fPhomDy.exe
  2⤵
  PID:1632
- C:\Windows\System\GprgfFL.exe
  C:\Windows\System\GprgfFL.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\RXtfpXQ.exe
  C:\Windows\System\RXtfpXQ.exe
  2⤵
  PID:1788
- C:\Windows\System\GuiMRBH.exe
  C:\Windows\System\GuiMRBH.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\jUGghSJ.exe
  C:\Windows\System\jUGghSJ.exe
  2⤵
  PID:2120
- C:\Windows\System\spSzHWY.exe
  C:\Windows\System\spSzHWY.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\FtCJqmX.exe
  C:\Windows\System\FtCJqmX.exe
  2⤵
  PID:2224
- C:\Windows\System\AezIXBD.exe
  C:\Windows\System\AezIXBD.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\nXZpHop.exe
  C:\Windows\System\nXZpHop.exe
  2⤵
  PID:1808
- C:\Windows\System\Zmowqum.exe
  C:\Windows\System\Zmowqum.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\KsnNIei.exe
  C:\Windows\System\KsnNIei.exe
  2⤵
  PID:2572
- C:\Windows\System\JfkKxiq.exe
  C:\Windows\System\JfkKxiq.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\SZkMVGE.exe
  C:\Windows\System\SZkMVGE.exe
  2⤵
  PID:1004
- C:\Windows\System\XQljaJd.exe
  C:\Windows\System\XQljaJd.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\NnRlbfg.exe
  C:\Windows\System\NnRlbfg.exe
  2⤵
  PID:572
- C:\Windows\System\yFgEHsI.exe
  C:\Windows\System\yFgEHsI.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\OJIEkEY.exe
  C:\Windows\System\OJIEkEY.exe
  2⤵
  PID:2536
- C:\Windows\System\uCyaXlz.exe
  C:\Windows\System\uCyaXlz.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\DhsLhLa.exe
  C:\Windows\System\DhsLhLa.exe
  2⤵
  PID:2508
- C:\Windows\System\voBMpBG.exe
  C:\Windows\System\voBMpBG.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\ZdhlSyQ.exe
  C:\Windows\System\ZdhlSyQ.exe
  2⤵
  PID:1560
- C:\Windows\System\bZEyjgQ.exe
  C:\Windows\System\bZEyjgQ.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\HsIsPjd.exe
  C:\Windows\System\HsIsPjd.exe
  2⤵
  PID:2784
- C:\Windows\System\CHaSiiZ.exe
  C:\Windows\System\CHaSiiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\yDJIrfm.exe
  C:\Windows\System\yDJIrfm.exe
  2⤵
  PID:2760
- C:\Windows\System\owvasge.exe
  C:\Windows\System\owvasge.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\CnaIIGw.exe
  C:\Windows\System\CnaIIGw.exe
  2⤵
  PID:2400
- C:\Windows\System\POgniIB.exe
  C:\Windows\System\POgniIB.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\dNTgzUH.exe
  C:\Windows\System\dNTgzUH.exe
  2⤵
  PID:2692
- C:\Windows\System\XHZrnnZ.exe
  C:\Windows\System\XHZrnnZ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\BiDRxvI.exe
  C:\Windows\System\BiDRxvI.exe
  2⤵
  PID:1812
- C:\Windows\System\HLeTJOk.exe
  C:\Windows\System\HLeTJOk.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\xBreFZb.exe
  C:\Windows\System\xBreFZb.exe
  2⤵
  PID:324
- C:\Windows\System\vWiZofE.exe
  C:\Windows\System\vWiZofE.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\bjZHKmJ.exe
  C:\Windows\System\bjZHKmJ.exe
  2⤵
  PID:2320
- C:\Windows\System\uVtnKJl.exe
  C:\Windows\System\uVtnKJl.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\jORdYqe.exe
  C:\Windows\System\jORdYqe.exe
  2⤵
  PID:2132
- C:\Windows\System\exWEZCQ.exe
  C:\Windows\System\exWEZCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\tKBnvAD.exe
  C:\Windows\System\tKBnvAD.exe
  2⤵
  PID:872
- C:\Windows\System\QczPGhP.exe
  C:\Windows\System\QczPGhP.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\rKeVIjb.exe
  C:\Windows\System\rKeVIjb.exe
  2⤵
  PID:2380
- C:\Windows\System\XwnimBF.exe
  C:\Windows\System\XwnimBF.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\GpKlmUr.exe
  C:\Windows\System\GpKlmUr.exe
  2⤵
  PID:2164
- C:\Windows\System\AShHGxu.exe
  C:\Windows\System\AShHGxu.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\LyAQPav.exe
  C:\Windows\System\LyAQPav.exe
  2⤵
  PID:1688
- C:\Windows\System\eqHotYG.exe
  C:\Windows\System\eqHotYG.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\BvSCSTO.exe
  C:\Windows\System\BvSCSTO.exe
  2⤵
  PID:2704
- C:\Windows\System\XjMsfBa.exe
  C:\Windows\System\XjMsfBa.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\qIOLPip.exe
  C:\Windows\System\qIOLPip.exe
  2⤵
  PID:3100
- C:\Windows\System\fFNMLRR.exe
  C:\Windows\System\fFNMLRR.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\gnwKkvp.exe
  C:\Windows\System\gnwKkvp.exe
  2⤵
  PID:3132
- C:\Windows\System\RaocnXS.exe
  C:\Windows\System\RaocnXS.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\mRepomp.exe
  C:\Windows\System\mRepomp.exe
  2⤵
  PID:3164
- C:\Windows\System\gCJWngO.exe
  C:\Windows\System\gCJWngO.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\bIugTWK.exe
  C:\Windows\System\bIugTWK.exe
  2⤵
  PID:3196
- C:\Windows\System\bFXJdcU.exe
  C:\Windows\System\bFXJdcU.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\LSnHZwq.exe
  C:\Windows\System\LSnHZwq.exe
  2⤵
  PID:3228
- C:\Windows\System\hmpnfxW.exe
  C:\Windows\System\hmpnfxW.exe
  2⤵
  PID:3244
- C:\Windows\System\RQtiouf.exe
  C:\Windows\System\RQtiouf.exe
  2⤵
  PID:3264
- C:\Windows\System\OVFvqKt.exe
  C:\Windows\System\OVFvqKt.exe
  2⤵
  PID:3280
- C:\Windows\System\BADPkpp.exe
  C:\Windows\System\BADPkpp.exe
  2⤵
  PID:3296
- C:\Windows\System\oCqFPSn.exe
  C:\Windows\System\oCqFPSn.exe
  2⤵
  PID:3312
- C:\Windows\System\gkOfJot.exe
  C:\Windows\System\gkOfJot.exe
  2⤵
  PID:3328
- C:\Windows\System\ZrQGFAZ.exe
  C:\Windows\System\ZrQGFAZ.exe
  2⤵
  PID:3344
- C:\Windows\System\vbeStMe.exe
  C:\Windows\System\vbeStMe.exe
  2⤵
  PID:3448
- C:\Windows\System\fWwjzvC.exe
  C:\Windows\System\fWwjzvC.exe
  2⤵
  PID:3464
- C:\Windows\System\yGYAemE.exe
  C:\Windows\System\yGYAemE.exe
  2⤵
  PID:3480
- C:\Windows\System\SwFLxOg.exe
  C:\Windows\System\SwFLxOg.exe
  2⤵
  PID:3496
- C:\Windows\System\WJwYXPP.exe
  C:\Windows\System\WJwYXPP.exe
  2⤵
  PID:3512
- C:\Windows\System\iGHYvsK.exe
  C:\Windows\System\iGHYvsK.exe
  2⤵
  PID:3528
- C:\Windows\System\FwaPePt.exe
  C:\Windows\System\FwaPePt.exe
  2⤵
  PID:3544
- C:\Windows\System\pfSDmfd.exe
  C:\Windows\System\pfSDmfd.exe
  2⤵
  PID:3560
- C:\Windows\System\XrmPgjG.exe
  C:\Windows\System\XrmPgjG.exe
  2⤵
  PID:3576
- C:\Windows\System\zODBion.exe
  C:\Windows\System\zODBion.exe
  2⤵
  PID:3616
- C:\Windows\System\fdUugxx.exe
  C:\Windows\System\fdUugxx.exe
  2⤵
  PID:3772
- C:\Windows\System\EriTjrX.exe
  C:\Windows\System\EriTjrX.exe
  2⤵
  PID:3832
- C:\Windows\System\LeSDPFD.exe
  C:\Windows\System\LeSDPFD.exe
  2⤵
  PID:3848
- C:\Windows\System\QQJeoJi.exe
  C:\Windows\System\QQJeoJi.exe
  2⤵
  PID:3864
- C:\Windows\System\YTFNKns.exe
  C:\Windows\System\YTFNKns.exe
  2⤵
  PID:3912
- C:\Windows\System\zvxCphH.exe
  C:\Windows\System\zvxCphH.exe
  2⤵
  PID:3976
- C:\Windows\System\XxDoRGE.exe
  C:\Windows\System\XxDoRGE.exe
  2⤵
  PID:4004
- C:\Windows\System\lKQGQUF.exe
  C:\Windows\System\lKQGQUF.exe
  2⤵
  PID:4028
- C:\Windows\System\UXGIRyf.exe
  C:\Windows\System\UXGIRyf.exe
  2⤵
  PID:4044
- C:\Windows\System\ccjJRUU.exe
  C:\Windows\System\ccjJRUU.exe
  2⤵
  PID:4060
- C:\Windows\System\TMUpByO.exe
  C:\Windows\System\TMUpByO.exe
  2⤵
  PID:4076
- C:\Windows\System\GWNdvbV.exe
  C:\Windows\System\GWNdvbV.exe
  2⤵
  PID:4092
- C:\Windows\System\FKkHgoH.exe
  C:\Windows\System\FKkHgoH.exe
  2⤵
  PID:2984
- C:\Windows\System\aRVjyZi.exe
  C:\Windows\System\aRVjyZi.exe
  2⤵
  PID:528
- C:\Windows\System\WIFhvwE.exe
  C:\Windows\System\WIFhvwE.exe
  2⤵
  PID:1372
- C:\Windows\System\TuzLdxm.exe
  C:\Windows\System\TuzLdxm.exe
  2⤵
  PID:2368
- C:\Windows\System\mqhRSfg.exe
  C:\Windows\System\mqhRSfg.exe
  2⤵
  PID:2012
- C:\Windows\System\fEOcElx.exe
  C:\Windows\System\fEOcElx.exe
  2⤵
  PID:2200
- C:\Windows\System\SQvMoew.exe
  C:\Windows\System\SQvMoew.exe
  2⤵
  PID:1444
- C:\Windows\System\onEbMLM.exe
  C:\Windows\System\onEbMLM.exe
  2⤵
  PID:3000
- C:\Windows\System\XEcQBCb.exe
  C:\Windows\System\XEcQBCb.exe
  2⤵
  PID:3124
- C:\Windows\System\Mmlpwpz.exe
  C:\Windows\System\Mmlpwpz.exe
  2⤵
  PID:3188
- C:\Windows\System\kYSyevh.exe
  C:\Windows\System\kYSyevh.exe
  2⤵
  PID:3252
- C:\Windows\System\XcTTsbE.exe
  C:\Windows\System\XcTTsbE.exe
  2⤵
  PID:3320
- C:\Windows\System\eyHHuGt.exe
  C:\Windows\System\eyHHuGt.exe
  2⤵
  PID:3060
- C:\Windows\System\VIvBzYH.exe
  C:\Windows\System\VIvBzYH.exe
  2⤵
  PID:1680
- C:\Windows\System\DxvGfCy.exe
  C:\Windows\System\DxvGfCy.exe
  2⤵
  PID:3472
- C:\Windows\System\IgtKmvw.exe
  C:\Windows\System\IgtKmvw.exe
  2⤵
  PID:2736
- C:\Windows\System\IKZZYbT.exe
  C:\Windows\System\IKZZYbT.exe
  2⤵
  PID:3572
- C:\Windows\System\QFUlZFO.exe
  C:\Windows\System\QFUlZFO.exe
  2⤵
  PID:3520
- C:\Windows\System\CPjPypd.exe
  C:\Windows\System\CPjPypd.exe
  2⤵
  PID:3556
- C:\Windows\System\tHoZwnJ.exe
  C:\Windows\System\tHoZwnJ.exe
  2⤵
  PID:3336
- C:\Windows\System\jEpnUuJ.exe
  C:\Windows\System\jEpnUuJ.exe
  2⤵
  PID:3272
- C:\Windows\System\cBJmWiz.exe
  C:\Windows\System\cBJmWiz.exe
  2⤵
  PID:3204
- C:\Windows\System\yPZRNGf.exe
  C:\Windows\System\yPZRNGf.exe
  2⤵
  PID:3140
- C:\Windows\System\WramrtA.exe
  C:\Windows\System\WramrtA.exe
  2⤵
  PID:3076
- C:\Windows\System\iylosXa.exe
  C:\Windows\System\iylosXa.exe
  2⤵
  PID:1824
- C:\Windows\System\WvrfHZv.exe
  C:\Windows\System\WvrfHZv.exe
  2⤵
  PID:1748
- C:\Windows\System\AUbcqRR.exe
  C:\Windows\System\AUbcqRR.exe
  2⤵
  PID:2028
- C:\Windows\System\hPzzVlc.exe
  C:\Windows\System\hPzzVlc.exe
  2⤵
  PID:2296
- C:\Windows\System\npxykna.exe
  C:\Windows\System\npxykna.exe
  2⤵
  PID:2880
- C:\Windows\System\tbOyboh.exe
  C:\Windows\System\tbOyboh.exe
  2⤵
  PID:2788
- C:\Windows\System\ZqqGRBY.exe
  C:\Windows\System\ZqqGRBY.exe
  2⤵
  PID:1576
- C:\Windows\System\shzhhCh.exe
  C:\Windows\System\shzhhCh.exe
  2⤵
  PID:884
- C:\Windows\System\xAfnZdN.exe
  C:\Windows\System\xAfnZdN.exe
  2⤵
  PID:1948
- C:\Windows\System\irRZsRF.exe
  C:\Windows\System\irRZsRF.exe
  2⤵
  PID:1056
- C:\Windows\System\vNbAagJ.exe
  C:\Windows\System\vNbAagJ.exe
  2⤵
  PID:2228
- C:\Windows\System\KjveKHt.exe
  C:\Windows\System\KjveKHt.exe
  2⤵
  PID:3652
- C:\Windows\System\ZVhTvrV.exe
  C:\Windows\System\ZVhTvrV.exe
  2⤵
  PID:3668
- C:\Windows\System\fHxxvfY.exe
  C:\Windows\System\fHxxvfY.exe
  2⤵
  PID:3684
- C:\Windows\System\UIfmBIB.exe
  C:\Windows\System\UIfmBIB.exe
  2⤵
  PID:3700
- C:\Windows\System\YKrIweW.exe
  C:\Windows\System\YKrIweW.exe
  2⤵
  PID:3716
- C:\Windows\System\iaUFfPz.exe
  C:\Windows\System\iaUFfPz.exe
  2⤵
  PID:3732
- C:\Windows\System\fVYAGWu.exe
  C:\Windows\System\fVYAGWu.exe
  2⤵
  PID:3748
- C:\Windows\System\LpIXROw.exe
  C:\Windows\System\LpIXROw.exe
  2⤵
  PID:3764
- C:\Windows\System\uOpJEhO.exe
  C:\Windows\System\uOpJEhO.exe
  2⤵
  PID:3788
- C:\Windows\System\QWlyaDU.exe
  C:\Windows\System\QWlyaDU.exe
  2⤵
  PID:3804
- C:\Windows\System\RwEZDEr.exe
  C:\Windows\System\RwEZDEr.exe
  2⤵
  PID:3840
- C:\Windows\System\SiUKket.exe
  C:\Windows\System\SiUKket.exe
  2⤵
  PID:3820
- C:\Windows\System\xPjDmcJ.exe
  C:\Windows\System\xPjDmcJ.exe
  2⤵
  PID:3860
- C:\Windows\System\kNGRcMB.exe
  C:\Windows\System\kNGRcMB.exe
  2⤵
  PID:3896
- C:\Windows\System\lISQQbE.exe
  C:\Windows\System\lISQQbE.exe
  2⤵
  PID:3908
- C:\Windows\System\dZPdqPZ.exe
  C:\Windows\System\dZPdqPZ.exe
  2⤵
  PID:3936
- C:\Windows\System\DfXuLfP.exe
  C:\Windows\System\DfXuLfP.exe
  2⤵
  PID:3952
- C:\Windows\System\QOUpyeV.exe
  C:\Windows\System\QOUpyeV.exe
  2⤵
  PID:3964
- C:\Windows\System\BNAAWkz.exe
  C:\Windows\System\BNAAWkz.exe
  2⤵
  PID:3992
- C:\Windows\System\kXGPAyX.exe
  C:\Windows\System\kXGPAyX.exe
  2⤵
  PID:4012
- C:\Windows\System\pBTjCHI.exe
  C:\Windows\System\pBTjCHI.exe
  2⤵
  PID:4016
- C:\Windows\System\vBmsvnD.exe
  C:\Windows\System\vBmsvnD.exe
  2⤵
  PID:4056
- C:\Windows\System\iwdGGkC.exe
  C:\Windows\System\iwdGGkC.exe
  2⤵
  PID:2280
- C:\Windows\System\OoCbTZL.exe
  C:\Windows\System\OoCbTZL.exe
  2⤵
  PID:2096
- C:\Windows\System\zazJzqV.exe
  C:\Windows\System\zazJzqV.exe
  2⤵
  PID:2252
- C:\Windows\System\uWhzMiU.exe
  C:\Windows\System\uWhzMiU.exe
  2⤵
  PID:496
- C:\Windows\System\YyNSaYR.exe
  C:\Windows\System\YyNSaYR.exe
  2⤵
  PID:1520
- C:\Windows\System\zTyTMgE.exe
  C:\Windows\System\zTyTMgE.exe
  2⤵
  PID:3160
- C:\Windows\System\uEkmWQJ.exe
  C:\Windows\System\uEkmWQJ.exe
  2⤵
  PID:3292
- C:\Windows\System\nvpendb.exe
  C:\Windows\System\nvpendb.exe
  2⤵
  PID:1224
- C:\Windows\System\Ukfnxck.exe
  C:\Windows\System\Ukfnxck.exe
  2⤵
  PID:3508
- C:\Windows\System\SEFGkHM.exe
  C:\Windows\System\SEFGkHM.exe
  2⤵
  PID:3552
- C:\Windows\System\NyagGDV.exe
  C:\Windows\System\NyagGDV.exe
  2⤵
  PID:3276
- C:\Windows\System\SJyvqHk.exe
  C:\Windows\System\SJyvqHk.exe
  2⤵
  PID:3144
- C:\Windows\System\qVwojhb.exe
  C:\Windows\System\qVwojhb.exe
  2⤵
  PID:2556
- C:\Windows\System\jESVpTp.exe
  C:\Windows\System\jESVpTp.exe
  2⤵
  PID:2476
- C:\Windows\System\ubwUNAj.exe
  C:\Windows\System\ubwUNAj.exe
  2⤵
  PID:2636
- C:\Windows\System\fFcgZSk.exe
  C:\Windows\System\fFcgZSk.exe
  2⤵
  PID:1580
- C:\Windows\System\iOakXvq.exe
  C:\Windows\System\iOakXvq.exe
  2⤵
  PID:2108
- C:\Windows\System\dNqtAxm.exe
  C:\Windows\System\dNqtAxm.exe
  2⤵
  PID:1740
- C:\Windows\System\OdlluUd.exe
  C:\Windows\System\OdlluUd.exe
  2⤵
  PID:3664
- C:\Windows\System\rmjQKdF.exe
  C:\Windows\System\rmjQKdF.exe
  2⤵
  PID:3680
- C:\Windows\System\cCGTJAP.exe
  C:\Windows\System\cCGTJAP.exe
  2⤵
  PID:3712
- C:\Windows\System\cowZhUO.exe
  C:\Windows\System\cowZhUO.exe
  2⤵
  PID:3760
- C:\Windows\System\IwGeHvt.exe
  C:\Windows\System\IwGeHvt.exe
  2⤵
  PID:3800
- C:\Windows\System\PANvmOl.exe
  C:\Windows\System\PANvmOl.exe
  2⤵
  PID:3828
- C:\Windows\System\mLcFWvA.exe
  C:\Windows\System\mLcFWvA.exe
  2⤵
  PID:3892
- C:\Windows\System\EnElUbV.exe
  C:\Windows\System\EnElUbV.exe
  2⤵
  PID:3932
- C:\Windows\System\XgOkwfE.exe
  C:\Windows\System\XgOkwfE.exe
  2⤵
  PID:3948
- C:\Windows\System\JPRzMOr.exe
  C:\Windows\System\JPRzMOr.exe
  2⤵
  PID:4024
- C:\Windows\System\nqVMkYJ.exe
  C:\Windows\System\nqVMkYJ.exe
  2⤵
  PID:4068
- C:\Windows\System\SgIVWFv.exe
  C:\Windows\System\SgIVWFv.exe
  2⤵
  PID:2512
- C:\Windows\System\yMrKsZK.exe
  C:\Windows\System\yMrKsZK.exe
  2⤵
  PID:2524
- C:\Windows\System\KYvazQr.exe
  C:\Windows\System\KYvazQr.exe
  2⤵
  PID:3288
- C:\Windows\System\NDjLxEw.exe
  C:\Windows\System\NDjLxEw.exe
  2⤵
  PID:2236
- C:\Windows\System\FiVNzES.exe
  C:\Windows\System\FiVNzES.exe
  2⤵
  PID:4108
- C:\Windows\System\HjeakSd.exe
  C:\Windows\System\HjeakSd.exe
  2⤵
  PID:4124
- C:\Windows\System\kgjcmtD.exe
  C:\Windows\System\kgjcmtD.exe
  2⤵
  PID:4140
- C:\Windows\System\ljwPMjr.exe
  C:\Windows\System\ljwPMjr.exe
  2⤵
  PID:4156
- C:\Windows\System\hUYQJGk.exe
  C:\Windows\System\hUYQJGk.exe
  2⤵
  PID:4172
- C:\Windows\System\tlMnWyz.exe
  C:\Windows\System\tlMnWyz.exe
  2⤵
  PID:4188
- C:\Windows\System\uqYapIO.exe
  C:\Windows\System\uqYapIO.exe
  2⤵
  PID:4204
- C:\Windows\System\huhPfpb.exe
  C:\Windows\System\huhPfpb.exe
  2⤵
  PID:4220
- C:\Windows\System\WmrcjdW.exe
  C:\Windows\System\WmrcjdW.exe
  2⤵
  PID:4236
- C:\Windows\System\lPgdeFu.exe
  C:\Windows\System\lPgdeFu.exe
  2⤵
  PID:4252
- C:\Windows\System\KrHCiuT.exe
  C:\Windows\System\KrHCiuT.exe
  2⤵
  PID:4268
- C:\Windows\System\cfBDhgq.exe
  C:\Windows\System\cfBDhgq.exe
  2⤵
  PID:4284
- C:\Windows\System\kRtGIea.exe
  C:\Windows\System\kRtGIea.exe
  2⤵
  PID:4300
- C:\Windows\System\gSTAvJN.exe
  C:\Windows\System\gSTAvJN.exe
  2⤵
  PID:4316
- C:\Windows\System\gqDaHzj.exe
  C:\Windows\System\gqDaHzj.exe
  2⤵
  PID:4332
- C:\Windows\System\urisvzi.exe
  C:\Windows\System\urisvzi.exe
  2⤵
  PID:4352
- C:\Windows\System\OFdYKgo.exe
  C:\Windows\System\OFdYKgo.exe
  2⤵
  PID:4368
- C:\Windows\System\VsDPLIl.exe
  C:\Windows\System\VsDPLIl.exe
  2⤵
  PID:4388
- C:\Windows\System\TiIrOjk.exe
  C:\Windows\System\TiIrOjk.exe
  2⤵
  PID:4404
- C:\Windows\System\vAOrhqo.exe
  C:\Windows\System\vAOrhqo.exe
  2⤵
  PID:4420
- C:\Windows\System\jYBuUYb.exe
  C:\Windows\System\jYBuUYb.exe
  2⤵
  PID:4436
- C:\Windows\System\hlFgdfc.exe
  C:\Windows\System\hlFgdfc.exe
  2⤵
  PID:4452
- C:\Windows\System\RlSjftc.exe
  C:\Windows\System\RlSjftc.exe
  2⤵
  PID:4468
- C:\Windows\System\dmdjlze.exe
  C:\Windows\System\dmdjlze.exe
  2⤵
  PID:4484
- C:\Windows\System\TVcOksq.exe
  C:\Windows\System\TVcOksq.exe
  2⤵
  PID:4500
- C:\Windows\System\GcmHufU.exe
  C:\Windows\System\GcmHufU.exe
  2⤵
  PID:4516
- C:\Windows\System\fohJwmx.exe
  C:\Windows\System\fohJwmx.exe
  2⤵
  PID:4532
- C:\Windows\System\emmgGfp.exe
  C:\Windows\System\emmgGfp.exe
  2⤵
  PID:4548
- C:\Windows\System\TIgalaj.exe
  C:\Windows\System\TIgalaj.exe
  2⤵
  PID:4564
- C:\Windows\System\sbfGugq.exe
  C:\Windows\System\sbfGugq.exe
  2⤵
  PID:4580
- C:\Windows\System\kuiMYEr.exe
  C:\Windows\System\kuiMYEr.exe
  2⤵
  PID:4596
- C:\Windows\System\umuXSyV.exe
  C:\Windows\System\umuXSyV.exe
  2⤵
  PID:4612
- C:\Windows\System\BFKmCJT.exe
  C:\Windows\System\BFKmCJT.exe
  2⤵
  PID:4628
- C:\Windows\System\xQZEGOz.exe
  C:\Windows\System\xQZEGOz.exe
  2⤵
  PID:4644
- C:\Windows\System\OJjseum.exe
  C:\Windows\System\OJjseum.exe
  2⤵
  PID:4660
- C:\Windows\System\UjPXIJQ.exe
  C:\Windows\System\UjPXIJQ.exe
  2⤵
  PID:4676
- C:\Windows\System\jXhORAC.exe
  C:\Windows\System\jXhORAC.exe
  2⤵
  PID:4692
- C:\Windows\System\cuycYIK.exe
  C:\Windows\System\cuycYIK.exe
  2⤵
  PID:4708
- C:\Windows\System\gLKVTHh.exe
  C:\Windows\System\gLKVTHh.exe
  2⤵
  PID:4724
- C:\Windows\System\OnKEGRG.exe
  C:\Windows\System\OnKEGRG.exe
  2⤵
  PID:4740
- C:\Windows\System\AmVvKuL.exe
  C:\Windows\System\AmVvKuL.exe
  2⤵
  PID:4756
- C:\Windows\System\mJZFBWx.exe
  C:\Windows\System\mJZFBWx.exe
  2⤵
  PID:4772
- C:\Windows\System\YedniOA.exe
  C:\Windows\System\YedniOA.exe
  2⤵
  PID:4788
- C:\Windows\System\dpyIrTn.exe
  C:\Windows\System\dpyIrTn.exe
  2⤵
  PID:4804
- C:\Windows\System\OlnYkXF.exe
  C:\Windows\System\OlnYkXF.exe
  2⤵
  PID:4820
- C:\Windows\System\CYPrcJu.exe
  C:\Windows\System\CYPrcJu.exe
  2⤵
  PID:4836
- C:\Windows\System\aVFvPaf.exe
  C:\Windows\System\aVFvPaf.exe
  2⤵
  PID:4852
- C:\Windows\System\ieNdRXw.exe
  C:\Windows\System\ieNdRXw.exe
  2⤵
  PID:4868
- C:\Windows\System\ihOwsUK.exe
  C:\Windows\System\ihOwsUK.exe
  2⤵
  PID:4884
- C:\Windows\System\spmjBWl.exe
  C:\Windows\System\spmjBWl.exe
  2⤵
  PID:4900
- C:\Windows\System\dupfJaV.exe
  C:\Windows\System\dupfJaV.exe
  2⤵
  PID:4916
- C:\Windows\System\uKptwJu.exe
  C:\Windows\System\uKptwJu.exe
  2⤵
  PID:4932
- C:\Windows\System\NhDynRC.exe
  C:\Windows\System\NhDynRC.exe
  2⤵
  PID:4948
- C:\Windows\System\xEhQPJy.exe
  C:\Windows\System\xEhQPJy.exe
  2⤵
  PID:4964
- C:\Windows\System\YCpppCc.exe
  C:\Windows\System\YCpppCc.exe
  2⤵
  PID:4980
- C:\Windows\System\thWqvvP.exe
  C:\Windows\System\thWqvvP.exe
  2⤵
  PID:4996
- C:\Windows\System\VtOKXKj.exe
  C:\Windows\System\VtOKXKj.exe
  2⤵
  PID:5012
- C:\Windows\System\UTnHBLx.exe
  C:\Windows\System\UTnHBLx.exe
  2⤵
  PID:5028
- C:\Windows\System\UYkAzFx.exe
  C:\Windows\System\UYkAzFx.exe
  2⤵
  PID:5044
- C:\Windows\System\BvCOHnu.exe
  C:\Windows\System\BvCOHnu.exe
  2⤵
  PID:5060
- C:\Windows\System\POOSuSf.exe
  C:\Windows\System\POOSuSf.exe
  2⤵
  PID:5076
- C:\Windows\System\ASyLYHQ.exe
  C:\Windows\System\ASyLYHQ.exe
  2⤵
  PID:5092
- C:\Windows\System\pIyPbhD.exe
  C:\Windows\System\pIyPbhD.exe
  2⤵
  PID:5108
- C:\Windows\System\OLSGPJF.exe
  C:\Windows\System\OLSGPJF.exe
  2⤵
  PID:3568
- C:\Windows\System\KqaFNkK.exe
  C:\Windows\System\KqaFNkK.exe
  2⤵
  PID:3304
- C:\Windows\System\cPYBpcs.exe
  C:\Windows\System\cPYBpcs.exe
  2⤵
  PID:3080
- C:\Windows\System\moUjsaE.exe
  C:\Windows\System\moUjsaE.exe
  2⤵
  PID:2088
- C:\Windows\System\gFmcvSj.exe
  C:\Windows\System\gFmcvSj.exe
  2⤵
  PID:1744
- C:\Windows\System\mqBYkKQ.exe
  C:\Windows\System\mqBYkKQ.exe
  2⤵
  PID:3660
- C:\Windows\System\HuuBJxO.exe
  C:\Windows\System\HuuBJxO.exe
  2⤵
  PID:3708
- C:\Windows\System\PvBApgC.exe
  C:\Windows\System\PvBApgC.exe
  2⤵
  PID:3784
- C:\Windows\System\OmUHsrc.exe
  C:\Windows\System\OmUHsrc.exe
  2⤵
  PID:3884
- C:\Windows\System\QJkZaiG.exe
  C:\Windows\System\QJkZaiG.exe
  2⤵
  PID:3996
- C:\Windows\System\sFZYfgZ.exe
  C:\Windows\System\sFZYfgZ.exe
  2⤵
  PID:4084
- C:\Windows\System\EpnfzAh.exe
  C:\Windows\System\EpnfzAh.exe
  2⤵
  PID:3092
- C:\Windows\System\AaNxgCB.exe
  C:\Windows\System\AaNxgCB.exe
  2⤵
  PID:4104
- C:\Windows\System\imJvLXn.exe
  C:\Windows\System\imJvLXn.exe
  2⤵
  PID:4120
- C:\Windows\System\CPQSKXg.exe
  C:\Windows\System\CPQSKXg.exe
  2⤵
  PID:4168
- C:\Windows\System\BhyvXnh.exe
  C:\Windows\System\BhyvXnh.exe
  2⤵
  PID:4200
- C:\Windows\System\qdPSSXf.exe
  C:\Windows\System\qdPSSXf.exe
  2⤵
  PID:4228
- C:\Windows\System\kdvMArO.exe
  C:\Windows\System\kdvMArO.exe
  2⤵
  PID:4248
- C:\Windows\System\HxklqEK.exe
  C:\Windows\System\HxklqEK.exe
  2⤵
  PID:4280
- C:\Windows\System\nCaEQJg.exe
  C:\Windows\System\nCaEQJg.exe
  2⤵
  PID:4312
- C:\Windows\System\pCZFtJL.exe
  C:\Windows\System\pCZFtJL.exe
  2⤵
  PID:4348
- C:\Windows\System\KOtsTAl.exe
  C:\Windows\System\KOtsTAl.exe
  2⤵
  PID:4380
- C:\Windows\System\KYtmiFD.exe
  C:\Windows\System\KYtmiFD.exe
  2⤵
  PID:4416
- C:\Windows\System\inGcGsN.exe
  C:\Windows\System\inGcGsN.exe
  2⤵
  PID:4448
- C:\Windows\System\OViTxIZ.exe
  C:\Windows\System\OViTxIZ.exe
  2⤵
  PID:4480
- C:\Windows\System\btejJSh.exe
  C:\Windows\System\btejJSh.exe
  2⤵
  PID:4528
- C:\Windows\System\VXtjhTA.exe
  C:\Windows\System\VXtjhTA.exe
  2⤵
  PID:4560
- C:\Windows\System\OWpLpsl.exe
  C:\Windows\System\OWpLpsl.exe
  2⤵
  PID:4576
- C:\Windows\System\hdUcvGB.exe
  C:\Windows\System\hdUcvGB.exe
  2⤵
  PID:4624
- C:\Windows\System\GrJaMxH.exe
  C:\Windows\System\GrJaMxH.exe
  2⤵
  PID:4640
- C:\Windows\System\EtxWiXd.exe
  C:\Windows\System\EtxWiXd.exe
  2⤵
  PID:4672
- C:\Windows\System\hmvzXqW.exe
  C:\Windows\System\hmvzXqW.exe
  2⤵
  PID:4720
- C:\Windows\System\kZWqJWY.exe
  C:\Windows\System\kZWqJWY.exe
  2⤵
  PID:4732
- C:\Windows\System\TZawvNi.exe
  C:\Windows\System\TZawvNi.exe
  2⤵
  PID:4764
- C:\Windows\System\uEoKXes.exe
  C:\Windows\System\uEoKXes.exe
  2⤵
  PID:4796
- C:\Windows\System\qRPinEr.exe
  C:\Windows\System\qRPinEr.exe
  2⤵
  PID:4844
- C:\Windows\System\iCFMruQ.exe
  C:\Windows\System\iCFMruQ.exe
  2⤵
  PID:4880
- C:\Windows\System\xwnTeDw.exe
  C:\Windows\System\xwnTeDw.exe
  2⤵
  PID:4908
- C:\Windows\System\OpJkpCP.exe
  C:\Windows\System\OpJkpCP.exe
  2⤵
  PID:4940
- C:\Windows\System\LJfjAdp.exe
  C:\Windows\System\LJfjAdp.exe
  2⤵
  PID:4956
- C:\Windows\System\uLTKjgf.exe
  C:\Windows\System\uLTKjgf.exe
  2⤵
  PID:5004
- C:\Windows\System\SryTSJM.exe
  C:\Windows\System\SryTSJM.exe
  2⤵
  PID:5020
- C:\Windows\System\DXQhRpH.exe
  C:\Windows\System\DXQhRpH.exe
  2⤵
  PID:5068
- C:\Windows\System\TKCdRrU.exe
  C:\Windows\System\TKCdRrU.exe
  2⤵
  PID:5084
- C:\Windows\System\mDcQNNe.exe
  C:\Windows\System\mDcQNNe.exe
  2⤵
  PID:5116
- C:\Windows\System\SLGsSJW.exe
  C:\Windows\System\SLGsSJW.exe
  2⤵
  PID:2924
- C:\Windows\System\qVPsqQe.exe
  C:\Windows\System\qVPsqQe.exe
  2⤵
  PID:3696
- C:\Windows\System\kfGWmSd.exe
  C:\Windows\System\kfGWmSd.exe
  2⤵
  PID:3676
- C:\Windows\System\CMXPeTI.exe
  C:\Windows\System\CMXPeTI.exe
  2⤵
  PID:3924
- C:\Windows\System\lURWBvv.exe
  C:\Windows\System\lURWBvv.exe
  2⤵
  PID:3988
- C:\Windows\System\OzMxtwD.exe
  C:\Windows\System\OzMxtwD.exe
  2⤵
  PID:3156
- C:\Windows\System\AfBTrNS.exe
  C:\Windows\System\AfBTrNS.exe
  2⤵
  PID:4180
- C:\Windows\System\vpIXMyK.exe
  C:\Windows\System\vpIXMyK.exe
  2⤵
  PID:4260
- C:\Windows\System\QZYUHlO.exe
  C:\Windows\System\QZYUHlO.exe
  2⤵
  PID:4276
- C:\Windows\System\mBubCfD.exe
  C:\Windows\System\mBubCfD.exe
  2⤵
  PID:4396
- C:\Windows\System\VZpSunO.exe
  C:\Windows\System\VZpSunO.exe
  2⤵
  PID:4444
- C:\Windows\System\NcWNfSW.exe
  C:\Windows\System\NcWNfSW.exe
  2⤵
  PID:4508
- C:\Windows\System\pRfzAaw.exe
  C:\Windows\System\pRfzAaw.exe
  2⤵
  PID:4512
- C:\Windows\System\cqAJfrI.exe
  C:\Windows\System\cqAJfrI.exe
  2⤵
  PID:4604
- C:\Windows\System\kMVnunH.exe
  C:\Windows\System\kMVnunH.exe
  2⤵
  PID:4688
- C:\Windows\System\WVSQGSB.exe
  C:\Windows\System\WVSQGSB.exe
  2⤵
  PID:4668
- C:\Windows\System\dFphFyK.exe
  C:\Windows\System\dFphFyK.exe
  2⤵
  PID:4816
- C:\Windows\System\SADaPUn.exe
  C:\Windows\System\SADaPUn.exe
  2⤵
  PID:4828
- C:\Windows\System\DrNnEnJ.exe
  C:\Windows\System\DrNnEnJ.exe
  2⤵
  PID:4876
- C:\Windows\System\sVDeYta.exe
  C:\Windows\System\sVDeYta.exe
  2⤵
  PID:5136
- C:\Windows\System\VhkWcVk.exe
  C:\Windows\System\VhkWcVk.exe
  2⤵
  PID:5152
- C:\Windows\System\FtvoySe.exe
  C:\Windows\System\FtvoySe.exe
  2⤵
  PID:5168
- C:\Windows\System\hQPIcpC.exe
  C:\Windows\System\hQPIcpC.exe
  2⤵
  PID:5184
- C:\Windows\System\CyYcnJl.exe
  C:\Windows\System\CyYcnJl.exe
  2⤵
  PID:5200
- C:\Windows\System\QNvObMJ.exe
  C:\Windows\System\QNvObMJ.exe
  2⤵
  PID:5216
- C:\Windows\System\avHWUfV.exe
  C:\Windows\System\avHWUfV.exe
  2⤵
  PID:5232
- C:\Windows\System\OCGiLRf.exe
  C:\Windows\System\OCGiLRf.exe
  2⤵
  PID:5248
- C:\Windows\System\lakIZEi.exe
  C:\Windows\System\lakIZEi.exe
  2⤵
  PID:5268
- C:\Windows\System\doohugY.exe
  C:\Windows\System\doohugY.exe
  2⤵
  PID:5284
- C:\Windows\System\yOfmNUv.exe
  C:\Windows\System\yOfmNUv.exe
  2⤵
  PID:5300
- C:\Windows\System\AUaFbsv.exe
  C:\Windows\System\AUaFbsv.exe
  2⤵
  PID:5316
- C:\Windows\System\nrZnAYi.exe
  C:\Windows\System\nrZnAYi.exe
  2⤵
  PID:5332
- C:\Windows\System\AIfaBHY.exe
  C:\Windows\System\AIfaBHY.exe
  2⤵
  PID:5348
- C:\Windows\System\ZFwSkUD.exe
  C:\Windows\System\ZFwSkUD.exe
  2⤵
  PID:5364
- C:\Windows\System\BfNMxcS.exe
  C:\Windows\System\BfNMxcS.exe
  2⤵
  PID:5380
- C:\Windows\System\ntBJhKh.exe
  C:\Windows\System\ntBJhKh.exe
  2⤵
  PID:5396
- C:\Windows\System\JzRsvnz.exe
  C:\Windows\System\JzRsvnz.exe
  2⤵
  PID:5412
- C:\Windows\System\wNWOTFx.exe
  C:\Windows\System\wNWOTFx.exe
  2⤵
  PID:5428
- C:\Windows\System\hkNItWh.exe
  C:\Windows\System\hkNItWh.exe
  2⤵
  PID:5444
- C:\Windows\System\SeNieJJ.exe
  C:\Windows\System\SeNieJJ.exe
  2⤵
  PID:5460
- C:\Windows\System\tyMHdXj.exe
  C:\Windows\System\tyMHdXj.exe
  2⤵
  PID:5476
- C:\Windows\System\BgvynOy.exe
  C:\Windows\System\BgvynOy.exe
  2⤵
  PID:5492
- C:\Windows\System\PAGxDTE.exe
  C:\Windows\System\PAGxDTE.exe
  2⤵
  PID:5508
- C:\Windows\System\UMBFMJQ.exe
  C:\Windows\System\UMBFMJQ.exe
  2⤵
  PID:5524
- C:\Windows\System\LjjsScr.exe
  C:\Windows\System\LjjsScr.exe
  2⤵
  PID:5540
- C:\Windows\System\mwZHiQO.exe
  C:\Windows\System\mwZHiQO.exe
  2⤵
  PID:5556
- C:\Windows\System\fiXnpxB.exe
  C:\Windows\System\fiXnpxB.exe
  2⤵
  PID:5572
- C:\Windows\System\gTrnNJf.exe
  C:\Windows\System\gTrnNJf.exe
  2⤵
  PID:5588
- C:\Windows\System\PiAbjCD.exe
  C:\Windows\System\PiAbjCD.exe
  2⤵
  PID:5604
- C:\Windows\System\uAhgdJf.exe
  C:\Windows\System\uAhgdJf.exe
  2⤵
  PID:5620
- C:\Windows\System\lowNbAz.exe
  C:\Windows\System\lowNbAz.exe
  2⤵
  PID:5636
- C:\Windows\System\qJYXUFX.exe
  C:\Windows\System\qJYXUFX.exe
  2⤵
  PID:5652
- C:\Windows\System\IoaaMeT.exe
  C:\Windows\System\IoaaMeT.exe
  2⤵
  PID:5668
- C:\Windows\System\hEqplaq.exe
  C:\Windows\System\hEqplaq.exe
  2⤵
  PID:5684
- C:\Windows\System\UNNabtN.exe
  C:\Windows\System\UNNabtN.exe
  2⤵
  PID:5704
- C:\Windows\System\zYLsDQP.exe
  C:\Windows\System\zYLsDQP.exe
  2⤵
  PID:5720
- C:\Windows\System\gNaROty.exe
  C:\Windows\System\gNaROty.exe
  2⤵
  PID:5736
- C:\Windows\System\WMrpeAg.exe
  C:\Windows\System\WMrpeAg.exe
  2⤵
  PID:5752
- C:\Windows\System\yyZVCso.exe
  C:\Windows\System\yyZVCso.exe
  2⤵
  PID:5768
- C:\Windows\System\jbzmIWl.exe
  C:\Windows\System\jbzmIWl.exe
  2⤵
  PID:5784
- C:\Windows\System\WzvSmGL.exe
  C:\Windows\System\WzvSmGL.exe
  2⤵
  PID:5800
- C:\Windows\System\mPwpVhk.exe
  C:\Windows\System\mPwpVhk.exe
  2⤵
  PID:5816
- C:\Windows\System\PcuomPk.exe
  C:\Windows\System\PcuomPk.exe
  2⤵
  PID:5832
- C:\Windows\System\jLTbIoi.exe
  C:\Windows\System\jLTbIoi.exe
  2⤵
  PID:5848
- C:\Windows\System\rlPWkyv.exe
  C:\Windows\System\rlPWkyv.exe
  2⤵
  PID:5864
- C:\Windows\System\UbWCoGV.exe
  C:\Windows\System\UbWCoGV.exe
  2⤵
  PID:5880
- C:\Windows\System\SQXZeMA.exe
  C:\Windows\System\SQXZeMA.exe
  2⤵
  PID:5896
- C:\Windows\System\wlakSEL.exe
  C:\Windows\System\wlakSEL.exe
  2⤵
  PID:5912
- C:\Windows\System\ollkXHK.exe
  C:\Windows\System\ollkXHK.exe
  2⤵
  PID:5928
- C:\Windows\System\mYaCTrj.exe
  C:\Windows\System\mYaCTrj.exe
  2⤵
  PID:5944
- C:\Windows\System\XNoZoUG.exe
  C:\Windows\System\XNoZoUG.exe
  2⤵
  PID:5960
- C:\Windows\System\EfDwOcI.exe
  C:\Windows\System\EfDwOcI.exe
  2⤵
  PID:5976
- C:\Windows\System\oTfEXTH.exe
  C:\Windows\System\oTfEXTH.exe
  2⤵
  PID:5992
- C:\Windows\System\lrpsxOY.exe
  C:\Windows\System\lrpsxOY.exe
  2⤵
  PID:6008
- C:\Windows\System\QcVqfgm.exe
  C:\Windows\System\QcVqfgm.exe
  2⤵
  PID:6024
- C:\Windows\System\mgoGpcR.exe
  C:\Windows\System\mgoGpcR.exe
  2⤵
  PID:6040
- C:\Windows\System\hRBHyWK.exe
  C:\Windows\System\hRBHyWK.exe
  2⤵
  PID:6056
- C:\Windows\System\vnKjukZ.exe
  C:\Windows\System\vnKjukZ.exe
  2⤵
  PID:6072
- C:\Windows\System\eOQggrV.exe
  C:\Windows\System\eOQggrV.exe
  2⤵
  PID:6088
- C:\Windows\System\TfKlDWq.exe
  C:\Windows\System\TfKlDWq.exe
  2⤵
  PID:6104
- C:\Windows\System\JEvhXUP.exe
  C:\Windows\System\JEvhXUP.exe
  2⤵
  PID:6120
- C:\Windows\System\eLWjqnl.exe
  C:\Windows\System\eLWjqnl.exe
  2⤵
  PID:6136
- C:\Windows\System\RsggHxZ.exe
  C:\Windows\System\RsggHxZ.exe
  2⤵
  PID:4924
- C:\Windows\System\rOSXAPT.exe
  C:\Windows\System\rOSXAPT.exe
  2⤵
  PID:5036
- C:\Windows\System\gbKJMin.exe
  C:\Windows\System\gbKJMin.exe
  2⤵
  PID:5052
- C:\Windows\System\AxyGlVx.exe
  C:\Windows\System\AxyGlVx.exe
  2⤵
  PID:3340
- C:\Windows\System\VlATcDD.exe
  C:\Windows\System\VlATcDD.exe
  2⤵
  PID:3744
- C:\Windows\System\XJiwPJV.exe
  C:\Windows\System\XJiwPJV.exe
  2⤵
  PID:3816
- C:\Windows\System\bJcZgNV.exe
  C:\Windows\System\bJcZgNV.exe
  2⤵
  PID:4036
- C:\Windows\System\KFeUmAw.exe
  C:\Windows\System\KFeUmAw.exe
  2⤵
  PID:4244
- C:\Windows\System\QIzcyOf.exe
  C:\Windows\System\QIzcyOf.exe
  2⤵
  PID:4376
- C:\Windows\System\seHjMTY.exe
  C:\Windows\System\seHjMTY.exe
  2⤵
  PID:4524
- C:\Windows\System\Rddkfuo.exe
  C:\Windows\System\Rddkfuo.exe
  2⤵
  PID:4704
- C:\Windows\System\nSkHJcm.exe
  C:\Windows\System\nSkHJcm.exe
  2⤵
  PID:4684
- C:\Windows\System\dgWxjHl.exe
  C:\Windows\System\dgWxjHl.exe
  2⤵
  PID:4848
- C:\Windows\System\FDSgNPe.exe
  C:\Windows\System\FDSgNPe.exe
  2⤵
  PID:5128
- C:\Windows\System\MqbDWtx.exe
  C:\Windows\System\MqbDWtx.exe
  2⤵
  PID:5132
- C:\Windows\System\RjejNPD.exe
  C:\Windows\System\RjejNPD.exe
  2⤵
  PID:5212
- C:\Windows\System\AfYoXKA.exe
  C:\Windows\System\AfYoXKA.exe
  2⤵
  PID:5244
- C:\Windows\System\JpiyjfC.exe
  C:\Windows\System\JpiyjfC.exe
  2⤵
  PID:5280
- C:\Windows\System\WXLkDXx.exe
  C:\Windows\System\WXLkDXx.exe
  2⤵
  PID:5260
- C:\Windows\System\UvkjViu.exe
  C:\Windows\System\UvkjViu.exe
  2⤵
  PID:5328
- C:\Windows\System\HWqBWal.exe
  C:\Windows\System\HWqBWal.exe
  2⤵
  PID:5360
- C:\Windows\System\xZAHwNM.exe
  C:\Windows\System\xZAHwNM.exe
  2⤵
  PID:5388
- C:\Windows\System\GZsYWNp.exe
  C:\Windows\System\GZsYWNp.exe
  2⤵
  PID:5440
- C:\Windows\System\QEYQvdp.exe
  C:\Windows\System\QEYQvdp.exe
  2⤵
  PID:5472
- C:\Windows\System\KcOuJqN.exe
  C:\Windows\System\KcOuJqN.exe
  2⤵
  PID:5504
- C:\Windows\System\sUCsXsn.exe
  C:\Windows\System\sUCsXsn.exe
  2⤵
  PID:5548
- C:\Windows\System\mfVBQWi.exe
  C:\Windows\System\mfVBQWi.exe
  2⤵
  PID:5568
- C:\Windows\System\XdUrTNe.exe
  C:\Windows\System\XdUrTNe.exe
  2⤵
  PID:5600
- C:\Windows\System\NtDldNC.exe
  C:\Windows\System\NtDldNC.exe
  2⤵
  PID:5632
- C:\Windows\System\WUpSZJb.exe
  C:\Windows\System\WUpSZJb.exe
  2⤵
  PID:5644
- C:\Windows\System\dNQPJeX.exe
  C:\Windows\System\dNQPJeX.exe
  2⤵
  PID:5728
- C:\Windows\System\QrLvjSp.exe
  C:\Windows\System\QrLvjSp.exe
  2⤵
  PID:5732
- C:\Windows\System\LUNfEjO.exe
  C:\Windows\System\LUNfEjO.exe
  2⤵
  PID:2360
- C:\Windows\System\ZJIdpfG.exe
  C:\Windows\System\ZJIdpfG.exe
  2⤵
  PID:5792
- C:\Windows\System\kBOcTwS.exe
  C:\Windows\System\kBOcTwS.exe
  2⤵
  PID:5808
- C:\Windows\System\AVhmcoz.exe
  C:\Windows\System\AVhmcoz.exe
  2⤵
  PID:5812
- C:\Windows\System\rDhnXgK.exe
  C:\Windows\System\rDhnXgK.exe
  2⤵
  PID:5888
- C:\Windows\System\oxhAwOM.exe
  C:\Windows\System\oxhAwOM.exe
  2⤵
  PID:5876
- C:\Windows\System\ofIuxRd.exe
  C:\Windows\System\ofIuxRd.exe
  2⤵
  PID:5924
- C:\Windows\System\zdjcurq.exe
  C:\Windows\System\zdjcurq.exe
  2⤵
  PID:5984
- C:\Windows\System\EViOlsM.exe
  C:\Windows\System\EViOlsM.exe
  2⤵
  PID:5972
- C:\Windows\System\sskIjfr.exe
  C:\Windows\System\sskIjfr.exe
  2⤵
  PID:6004
- C:\Windows\System\alXWEqA.exe
  C:\Windows\System\alXWEqA.exe
  2⤵
  PID:6032
- C:\Windows\System\RaQpjWG.exe
  C:\Windows\System\RaQpjWG.exe
  2⤵
  PID:6068
- C:\Windows\System\EOjtEpR.exe
  C:\Windows\System\EOjtEpR.exe
  2⤵
  PID:6116
- C:\Windows\System\GTFafLh.exe
  C:\Windows\System\GTFafLh.exe
  2⤵
  PID:6132
- C:\Windows\System\mwvqlts.exe
  C:\Windows\System\mwvqlts.exe
  2⤵
  PID:5056
- C:\Windows\System\GZPelel.exe
  C:\Windows\System\GZPelel.exe
  2⤵
  PID:3172
- C:\Windows\System\zfkDPKG.exe
  C:\Windows\System\zfkDPKG.exe
  2⤵
  PID:4360
- C:\Windows\System\HTYlSZW.exe
  C:\Windows\System\HTYlSZW.exe
  2⤵
  PID:4164
- C:\Windows\System\Spptpgg.exe
  C:\Windows\System\Spptpgg.exe
  2⤵
  PID:4428
- C:\Windows\System\OzojByB.exe
  C:\Windows\System\OzojByB.exe
  2⤵
  PID:4588
- C:\Windows\System\lvcpAxz.exe
  C:\Windows\System\lvcpAxz.exe
  2⤵
  PID:5160
- C:\Windows\System\jcesdjN.exe
  C:\Windows\System\jcesdjN.exe
  2⤵
  PID:5240
- C:\Windows\System\RpdWyQL.exe
  C:\Windows\System\RpdWyQL.exe
  2⤵
  PID:5340
- C:\Windows\System\lNDOmpx.exe
  C:\Windows\System\lNDOmpx.exe
  2⤵
  PID:5324
- C:\Windows\System\fJljuSA.exe
  C:\Windows\System\fJljuSA.exe
  2⤵
  PID:5484
- C:\Windows\System\cgAkvZA.exe
  C:\Windows\System\cgAkvZA.exe
  2⤵
  PID:5468
- C:\Windows\System\PTzoETz.exe
  C:\Windows\System\PTzoETz.exe
  2⤵
  PID:5520
- C:\Windows\System\pqsAmuM.exe
  C:\Windows\System\pqsAmuM.exe
  2⤵
  PID:5596
- C:\Windows\System\UsZexLw.exe
  C:\Windows\System\UsZexLw.exe
  2⤵
  PID:5696
- C:\Windows\System\WTnWJfd.exe
  C:\Windows\System\WTnWJfd.exe
  2⤵
  PID:5676
- C:\Windows\System\hMLjZmr.exe
  C:\Windows\System\hMLjZmr.exe
  2⤵
  PID:576
- C:\Windows\System\PTINLhM.exe
  C:\Windows\System\PTINLhM.exe
  2⤵
  PID:5856
- C:\Windows\System\VoPwGAj.exe
  C:\Windows\System\VoPwGAj.exe
  2⤵
  PID:5904
- C:\Windows\System\fpzanQg.exe
  C:\Windows\System\fpzanQg.exe
  2⤵
  PID:5936
- C:\Windows\System\VwYtlkJ.exe
  C:\Windows\System\VwYtlkJ.exe
  2⤵
  PID:6148
- C:\Windows\System\WQxrEhf.exe
  C:\Windows\System\WQxrEhf.exe
  2⤵
  PID:6164
- C:\Windows\System\jaPzDUR.exe
  C:\Windows\System\jaPzDUR.exe
  2⤵
  PID:6180
- C:\Windows\System\zrMHpiz.exe
  C:\Windows\System\zrMHpiz.exe
  2⤵
  PID:6196
- C:\Windows\System\klPadxF.exe
  C:\Windows\System\klPadxF.exe
  2⤵
  PID:6212
- C:\Windows\System\kvXsHnc.exe
  C:\Windows\System\kvXsHnc.exe
  2⤵
  PID:6228
- C:\Windows\System\mZhplgw.exe
  C:\Windows\System\mZhplgw.exe
  2⤵
  PID:6244
- C:\Windows\System\UorYbqy.exe
  C:\Windows\System\UorYbqy.exe
  2⤵
  PID:6260
- C:\Windows\System\ckSvhum.exe
  C:\Windows\System\ckSvhum.exe
  2⤵
  PID:6276
- C:\Windows\System\DsitNhA.exe
  C:\Windows\System\DsitNhA.exe
  2⤵
  PID:6292
- C:\Windows\System\OAVztho.exe
  C:\Windows\System\OAVztho.exe
  2⤵
  PID:6308
- C:\Windows\System\ayihTLH.exe
  C:\Windows\System\ayihTLH.exe
  2⤵
  PID:6324
- C:\Windows\System\JRSSTuy.exe
  C:\Windows\System\JRSSTuy.exe
  2⤵
  PID:6340
- C:\Windows\System\qiFJWcm.exe
  C:\Windows\System\qiFJWcm.exe
  2⤵
  PID:6356
- C:\Windows\System\ilfwLUp.exe
  C:\Windows\System\ilfwLUp.exe
  2⤵
  PID:6376
- C:\Windows\System\QhkRIGX.exe
  C:\Windows\System\QhkRIGX.exe
  2⤵
  PID:6392
- C:\Windows\System\NaxjNwa.exe
  C:\Windows\System\NaxjNwa.exe
  2⤵
  PID:6408
- C:\Windows\System\fQyIQst.exe
  C:\Windows\System\fQyIQst.exe
  2⤵
  PID:6424
- C:\Windows\System\zMOrCQS.exe
  C:\Windows\System\zMOrCQS.exe
  2⤵
  PID:6440
- C:\Windows\System\sDrrXSq.exe
  C:\Windows\System\sDrrXSq.exe
  2⤵
  PID:6456
- C:\Windows\System\rWiejRw.exe
  C:\Windows\System\rWiejRw.exe
  2⤵
  PID:6472
- C:\Windows\System\VgKHWDU.exe
  C:\Windows\System\VgKHWDU.exe
  2⤵
  PID:6488
- C:\Windows\System\kmPOECU.exe
  C:\Windows\System\kmPOECU.exe
  2⤵
  PID:6504
- C:\Windows\System\tcxFYCC.exe
  C:\Windows\System\tcxFYCC.exe
  2⤵
  PID:6520
- C:\Windows\System\sTjFHSQ.exe
  C:\Windows\System\sTjFHSQ.exe
  2⤵
  PID:6536
- C:\Windows\System\rYkKCfB.exe
  C:\Windows\System\rYkKCfB.exe
  2⤵
  PID:6552
- C:\Windows\System\AyxszUe.exe
  C:\Windows\System\AyxszUe.exe
  2⤵
  PID:6568
- C:\Windows\System\jjYNVyN.exe
  C:\Windows\System\jjYNVyN.exe
  2⤵
  PID:6584
- C:\Windows\System\AVzjuAX.exe
  C:\Windows\System\AVzjuAX.exe
  2⤵
  PID:6600
- C:\Windows\System\ArAIAJA.exe
  C:\Windows\System\ArAIAJA.exe
  2⤵
  PID:6616
- C:\Windows\System\JgSxSSf.exe
  C:\Windows\System\JgSxSSf.exe
  2⤵
  PID:6632
- C:\Windows\System\ayqBCbl.exe
  C:\Windows\System\ayqBCbl.exe
  2⤵
  PID:6648
- C:\Windows\System\nUGFvqr.exe
  C:\Windows\System\nUGFvqr.exe
  2⤵
  PID:6664
- C:\Windows\System\CuIIIqi.exe
  C:\Windows\System\CuIIIqi.exe
  2⤵
  PID:6680
- C:\Windows\System\iYDWhOg.exe
  C:\Windows\System\iYDWhOg.exe
  2⤵
  PID:6696
- C:\Windows\System\EwXPrVo.exe
  C:\Windows\System\EwXPrVo.exe
  2⤵
  PID:6712
- C:\Windows\System\YGMLzwj.exe
  C:\Windows\System\YGMLzwj.exe
  2⤵
  PID:6728
- C:\Windows\System\BJxMoyv.exe
  C:\Windows\System\BJxMoyv.exe
  2⤵
  PID:6744
- C:\Windows\System\xPHDeIz.exe
  C:\Windows\System\xPHDeIz.exe
  2⤵
  PID:6760
- C:\Windows\System\ndMTJnR.exe
  C:\Windows\System\ndMTJnR.exe
  2⤵
  PID:6776
- C:\Windows\System\lakxuwH.exe
  C:\Windows\System\lakxuwH.exe
  2⤵
  PID:6792
- C:\Windows\System\GgHAeHv.exe
  C:\Windows\System\GgHAeHv.exe
  2⤵
  PID:6808
- C:\Windows\System\zwnLoCx.exe
  C:\Windows\System\zwnLoCx.exe
  2⤵
  PID:6824
- C:\Windows\System\VFIIkTC.exe
  C:\Windows\System\VFIIkTC.exe
  2⤵
  PID:6840
- C:\Windows\System\NjkTMrS.exe
  C:\Windows\System\NjkTMrS.exe
  2⤵
  PID:6856
- C:\Windows\System\itGoxVM.exe
  C:\Windows\System\itGoxVM.exe
  2⤵
  PID:6872
- C:\Windows\System\ytlVCIJ.exe
  C:\Windows\System\ytlVCIJ.exe
  2⤵
  PID:6888
- C:\Windows\System\GaXxcoN.exe
  C:\Windows\System\GaXxcoN.exe
  2⤵
  PID:6904
- C:\Windows\System\vzRGyhL.exe
  C:\Windows\System\vzRGyhL.exe
  2⤵
  PID:6920
- C:\Windows\System\lFGDUGq.exe
  C:\Windows\System\lFGDUGq.exe
  2⤵
  PID:6936
- C:\Windows\System\vmPDrwI.exe
  C:\Windows\System\vmPDrwI.exe
  2⤵
  PID:6952
- C:\Windows\System\CHOsoOM.exe
  C:\Windows\System\CHOsoOM.exe
  2⤵
  PID:6968
- C:\Windows\System\sQUdwEg.exe
  C:\Windows\System\sQUdwEg.exe
  2⤵
  PID:6984
- C:\Windows\System\bUSOOyf.exe
  C:\Windows\System\bUSOOyf.exe
  2⤵
  PID:7000
- C:\Windows\System\JRKfREw.exe
  C:\Windows\System\JRKfREw.exe
  2⤵
  PID:7016
- C:\Windows\System\bsCgVUn.exe
  C:\Windows\System\bsCgVUn.exe
  2⤵
  PID:7032
- C:\Windows\System\pPBogZp.exe
  C:\Windows\System\pPBogZp.exe
  2⤵
  PID:7048
- C:\Windows\System\zBtNHYx.exe
  C:\Windows\System\zBtNHYx.exe
  2⤵
  PID:7064
- C:\Windows\System\IbYaEUS.exe
  C:\Windows\System\IbYaEUS.exe
  2⤵
  PID:7080
- C:\Windows\System\dVMCUoi.exe
  C:\Windows\System\dVMCUoi.exe
  2⤵
  PID:7096
- C:\Windows\System\fxZzZNP.exe
  C:\Windows\System\fxZzZNP.exe
  2⤵
  PID:7112
- C:\Windows\System\hXHdoOW.exe
  C:\Windows\System\hXHdoOW.exe
  2⤵
  PID:7128
- C:\Windows\System\ZDzgTYD.exe
  C:\Windows\System\ZDzgTYD.exe
  2⤵
  PID:7144
- C:\Windows\System\sMCrpsu.exe
  C:\Windows\System\sMCrpsu.exe
  2⤵
  PID:7160
- C:\Windows\System\mbqYASa.exe
  C:\Windows\System\mbqYASa.exe
  2⤵
  PID:6064
- C:\Windows\System\MSksZBz.exe
  C:\Windows\System\MSksZBz.exe
  2⤵
  PID:4148
- C:\Windows\System\NxEJhTz.exe
  C:\Windows\System\NxEJhTz.exe
  2⤵
  PID:6128
- C:\Windows\System\GYXeIvn.exe
  C:\Windows\System\GYXeIvn.exe
  2⤵
  PID:4412
- C:\Windows\System\BuApxzC.exe
  C:\Windows\System\BuApxzC.exe
  2⤵
  PID:5180
- C:\Windows\System\yTqRMgL.exe
  C:\Windows\System\yTqRMgL.exe
  2⤵
  PID:4784
- C:\Windows\System\TsaGWHw.exe
  C:\Windows\System\TsaGWHw.exe
  2⤵
  PID:5420
- C:\Windows\System\GJCmxyp.exe
  C:\Windows\System\GJCmxyp.exe
  2⤵
  PID:5532
- C:\Windows\System\HirqcBe.exe
  C:\Windows\System\HirqcBe.exe
  2⤵
  PID:5452
- C:\Windows\System\KJUKnzU.exe
  C:\Windows\System\KJUKnzU.exe
  2⤵
  PID:5796
- C:\Windows\System\ZhSiThW.exe
  C:\Windows\System\ZhSiThW.exe
  2⤵
  PID:5828
- C:\Windows\System\HfflaLD.exe
  C:\Windows\System\HfflaLD.exe
  2⤵
  PID:6016
- C:\Windows\System\vZKayFP.exe
  C:\Windows\System\vZKayFP.exe
  2⤵
  PID:6204
- C:\Windows\System\VZIOxQC.exe
  C:\Windows\System\VZIOxQC.exe
  2⤵
  PID:6156
- C:\Windows\System\krmoQfw.exe
  C:\Windows\System\krmoQfw.exe
  2⤵
  PID:6240
- C:\Windows\System\RHpRIhB.exe
  C:\Windows\System\RHpRIhB.exe
  2⤵
  PID:2208
- C:\Windows\System\YYbukyA.exe
  C:\Windows\System\YYbukyA.exe
  2⤵
  PID:6252
- C:\Windows\System\qXgEEGX.exe
  C:\Windows\System\qXgEEGX.exe
  2⤵
  PID:6288
- C:\Windows\System\YosTlVb.exe
  C:\Windows\System\YosTlVb.exe
  2⤵
  PID:6400
- C:\Windows\System\WvLzkkS.exe
  C:\Windows\System\WvLzkkS.exe
  2⤵
  PID:6404
- C:\Windows\System\CHLCSYD.exe
  C:\Windows\System\CHLCSYD.exe
  2⤵
  PID:6416
- C:\Windows\System\zCrgQvE.exe
  C:\Windows\System\zCrgQvE.exe
  2⤵
  PID:6468
- C:\Windows\System\ynXldbd.exe
  C:\Windows\System\ynXldbd.exe
  2⤵
  PID:6480
- C:\Windows\System\nhigtiN.exe
  C:\Windows\System\nhigtiN.exe
  2⤵
  PID:6528
- C:\Windows\System\pUFsMyf.exe
  C:\Windows\System\pUFsMyf.exe
  2⤵
  PID:6564
- C:\Windows\System\OlINuCV.exe
  C:\Windows\System\OlINuCV.exe
  2⤵
  PID:6548
- C:\Windows\System\MHdcxYr.exe
  C:\Windows\System\MHdcxYr.exe
  2⤵
  PID:6608
- C:\Windows\System\XNHHLbp.exe
  C:\Windows\System\XNHHLbp.exe
  2⤵
  PID:6656
- C:\Windows\System\FuIGupr.exe
  C:\Windows\System\FuIGupr.exe
  2⤵
  PID:6644
- C:\Windows\System\oYyzUnr.exe
  C:\Windows\System\oYyzUnr.exe
  2⤵
  PID:6720
- C:\Windows\System\XeYXtyW.exe
  C:\Windows\System\XeYXtyW.exe
  2⤵
  PID:6752
- C:\Windows\System\wrzHKWl.exe
  C:\Windows\System\wrzHKWl.exe
  2⤵
  PID:6372
- C:\Windows\System\OTeOUlG.exe
  C:\Windows\System\OTeOUlG.exe
  2⤵
  PID:6772
- C:\Windows\System\Hhcpysr.exe
  C:\Windows\System\Hhcpysr.exe
  2⤵
  PID:6832
- C:\Windows\System\vvzrbWm.exe
  C:\Windows\System\vvzrbWm.exe
  2⤵
  PID:6880
- C:\Windows\System\HuSSqZd.exe
  C:\Windows\System\HuSSqZd.exe
  2⤵
  PID:6896
- C:\Windows\System\PpmDdei.exe
  C:\Windows\System\PpmDdei.exe
  2⤵
  PID:6928
- C:\Windows\System\YzRHOLQ.exe
  C:\Windows\System\YzRHOLQ.exe
  2⤵
  PID:6960
- C:\Windows\System\ScRULVM.exe
  C:\Windows\System\ScRULVM.exe
  2⤵
  PID:6992
- C:\Windows\System\QgOwjRI.exe
  C:\Windows\System\QgOwjRI.exe
  2⤵
  PID:7024
- C:\Windows\System\LVpPKWc.exe
  C:\Windows\System\LVpPKWc.exe
  2⤵
  PID:7056
- C:\Windows\System\noTjPVa.exe
  C:\Windows\System\noTjPVa.exe
  2⤵
  PID:7088
- C:\Windows\System\arNErqi.exe
  C:\Windows\System\arNErqi.exe
  2⤵
  PID:7120
- C:\Windows\System\bpDrSfA.exe
  C:\Windows\System\bpDrSfA.exe
  2⤵
  PID:7152
- C:\Windows\System\RbEWLEP.exe
  C:\Windows\System\RbEWLEP.exe
  2⤵
  PID:5040
- C:\Windows\System\XIHPsfw.exe
  C:\Windows\System\XIHPsfw.exe
  2⤵
  PID:1992
- C:\Windows\System\tGrGFkv.exe
  C:\Windows\System\tGrGFkv.exe
  2⤵
  PID:5536
- C:\Windows\System\XSJyKdB.exe
  C:\Windows\System\XSJyKdB.exe
  2⤵
  PID:5296
- C:\Windows\System\LIKPDPR.exe
  C:\Windows\System\LIKPDPR.exe
  2⤵
  PID:5264
- C:\Windows\System\iWcnxrM.exe
  C:\Windows\System\iWcnxrM.exe
  2⤵
  PID:5844
- C:\Windows\System\qWEuiSU.exe
  C:\Windows\System\qWEuiSU.exe
  2⤵
  PID:5940
- C:\Windows\System\HEtMhux.exe
  C:\Windows\System\HEtMhux.exe
  2⤵
  PID:6272
- C:\Windows\System\DPyWNSc.exe
  C:\Windows\System\DPyWNSc.exe
  2⤵
  PID:6256
- C:\Windows\System\BUscWCg.exe
  C:\Windows\System\BUscWCg.exe
  2⤵
  PID:6320
- C:\Windows\System\OnPqezP.exe
  C:\Windows\System\OnPqezP.exe
  2⤵
  PID:6420
- C:\Windows\System\XCyhJum.exe
  C:\Windows\System\XCyhJum.exe
  2⤵
  PID:6448
- C:\Windows\System\mCTnObK.exe
  C:\Windows\System\mCTnObK.exe
  2⤵
  PID:6596
- C:\Windows\System\bhXiCDV.exe
  C:\Windows\System\bhXiCDV.exe
  2⤵
  PID:6576
- C:\Windows\System\xKRHsAt.exe
  C:\Windows\System\xKRHsAt.exe
  2⤵
  PID:6692
- C:\Windows\System\TmoyZRy.exe
  C:\Windows\System\TmoyZRy.exe
  2⤵
  PID:6736
- C:\Windows\System\KuNUJQY.exe
  C:\Windows\System\KuNUJQY.exe
  2⤵
  PID:6816
- C:\Windows\System\QkNjYtF.exe
  C:\Windows\System\QkNjYtF.exe
  2⤵
  PID:6868
- C:\Windows\System\LkGTAdl.exe
  C:\Windows\System\LkGTAdl.exe
  2⤵
  PID:6916
- C:\Windows\System\aQghHSD.exe
  C:\Windows\System\aQghHSD.exe
  2⤵
  PID:6980
- C:\Windows\System\qJZbblw.exe
  C:\Windows\System\qJZbblw.exe
  2⤵
  PID:7040
- C:\Windows\System\BTHxfSR.exe
  C:\Windows\System\BTHxfSR.exe
  2⤵
  PID:7108
- C:\Windows\System\hfcMDJB.exe
  C:\Windows\System\hfcMDJB.exe
  2⤵
  PID:6112
- C:\Windows\System\dvdRhKh.exe
  C:\Windows\System\dvdRhKh.exe
  2⤵
  PID:5148
- C:\Windows\System\IjrlDwn.exe
  C:\Windows\System\IjrlDwn.exe
  2⤵
  PID:7180
- C:\Windows\System\Omjwrxn.exe
  C:\Windows\System\Omjwrxn.exe
  2⤵
  PID:7196
- C:\Windows\System\bWgWIua.exe
  C:\Windows\System\bWgWIua.exe
  2⤵
  PID:7212
- C:\Windows\System\MEPCmCn.exe
  C:\Windows\System\MEPCmCn.exe
  2⤵
  PID:7228
- C:\Windows\System\YXgggGg.exe
  C:\Windows\System\YXgggGg.exe
  2⤵
  PID:7244
- C:\Windows\System\FlqOKRK.exe
  C:\Windows\System\FlqOKRK.exe
  2⤵
  PID:7260
- C:\Windows\System\NjZPYUx.exe
  C:\Windows\System\NjZPYUx.exe
  2⤵
  PID:7276
- C:\Windows\System\WrctLoF.exe
  C:\Windows\System\WrctLoF.exe
  2⤵
  PID:7296
- C:\Windows\System\mddHMPh.exe
  C:\Windows\System\mddHMPh.exe
  2⤵
  PID:7312
- C:\Windows\System\wpIgkrS.exe
  C:\Windows\System\wpIgkrS.exe
  2⤵
  PID:7328
- C:\Windows\System\AvmXyeE.exe
  C:\Windows\System\AvmXyeE.exe
  2⤵
  PID:7344
- C:\Windows\System\GIsbvaC.exe
  C:\Windows\System\GIsbvaC.exe
  2⤵
  PID:7360
- C:\Windows\System\pIpFXEt.exe
  C:\Windows\System\pIpFXEt.exe
  2⤵
  PID:7376
- C:\Windows\System\TmmsBNa.exe
  C:\Windows\System\TmmsBNa.exe
  2⤵
  PID:7392
- C:\Windows\System\qgYdLgo.exe
  C:\Windows\System\qgYdLgo.exe
  2⤵
  PID:7408
- C:\Windows\System\QqCjJiE.exe
  C:\Windows\System\QqCjJiE.exe
  2⤵
  PID:7424
- C:\Windows\System\WIZgFyx.exe
  C:\Windows\System\WIZgFyx.exe
  2⤵
  PID:7440
- C:\Windows\System\VoxShCY.exe
  C:\Windows\System\VoxShCY.exe
  2⤵
  PID:7456
- C:\Windows\System\yXQFucN.exe
  C:\Windows\System\yXQFucN.exe
  2⤵
  PID:7476
- C:\Windows\System\tzOYFtR.exe
  C:\Windows\System\tzOYFtR.exe
  2⤵
  PID:7492
- C:\Windows\System\yNLEVmB.exe
  C:\Windows\System\yNLEVmB.exe
  2⤵
  PID:7508
- C:\Windows\System\kZoXfRo.exe
  C:\Windows\System\kZoXfRo.exe
  2⤵
  PID:7524
- C:\Windows\System\lBgbhwQ.exe
  C:\Windows\System\lBgbhwQ.exe
  2⤵
  PID:7540
- C:\Windows\System\TGZdmZY.exe
  C:\Windows\System\TGZdmZY.exe
  2⤵
  PID:7556
- C:\Windows\System\qAHKaVU.exe
  C:\Windows\System\qAHKaVU.exe
  2⤵
  PID:7572
- C:\Windows\System\eRTMfQu.exe
  C:\Windows\System\eRTMfQu.exe
  2⤵
  PID:7588
- C:\Windows\System\zDdwNrg.exe
  C:\Windows\System\zDdwNrg.exe
  2⤵
  PID:7604
- C:\Windows\System\LtpatkB.exe
  C:\Windows\System\LtpatkB.exe
  2⤵
  PID:7620
- C:\Windows\System\vgmiCIL.exe
  C:\Windows\System\vgmiCIL.exe
  2⤵
  PID:7636
- C:\Windows\System\sXvWEbW.exe
  C:\Windows\System\sXvWEbW.exe
  2⤵
  PID:7652
- C:\Windows\System\SmudEaQ.exe
  C:\Windows\System\SmudEaQ.exe
  2⤵
  PID:7668
- C:\Windows\System\lLVkrVM.exe
  C:\Windows\System\lLVkrVM.exe
  2⤵
  PID:7684
- C:\Windows\System\uRWQpOx.exe
  C:\Windows\System\uRWQpOx.exe
  2⤵
  PID:7700
- C:\Windows\System\IFbbvye.exe
  C:\Windows\System\IFbbvye.exe
  2⤵
  PID:7716
- C:\Windows\System\RTLYmzm.exe
  C:\Windows\System\RTLYmzm.exe
  2⤵
  PID:7732
- C:\Windows\System\RHCTntS.exe
  C:\Windows\System\RHCTntS.exe
  2⤵
  PID:7748
- C:\Windows\System\owOdnhL.exe
  C:\Windows\System\owOdnhL.exe
  2⤵
  PID:7764
- C:\Windows\System\zLPtsfH.exe
  C:\Windows\System\zLPtsfH.exe
  2⤵
  PID:7780
- C:\Windows\System\XzBNtUz.exe
  C:\Windows\System\XzBNtUz.exe
  2⤵
  PID:7796
- C:\Windows\System\gguQZQp.exe
  C:\Windows\System\gguQZQp.exe
  2⤵
  PID:7812
- C:\Windows\System\PsVKNTV.exe
  C:\Windows\System\PsVKNTV.exe
  2⤵
  PID:7828
- C:\Windows\System\thagKLQ.exe
  C:\Windows\System\thagKLQ.exe
  2⤵
  PID:7844
- C:\Windows\System\nZMDSYf.exe
  C:\Windows\System\nZMDSYf.exe
  2⤵
  PID:7860
- C:\Windows\System\tahEXul.exe
  C:\Windows\System\tahEXul.exe
  2⤵
  PID:7876
- C:\Windows\System\CEuLtlp.exe
  C:\Windows\System\CEuLtlp.exe
  2⤵
  PID:7892
- C:\Windows\System\viuirkp.exe
  C:\Windows\System\viuirkp.exe
  2⤵
  PID:7908
- C:\Windows\System\yCziDHZ.exe
  C:\Windows\System\yCziDHZ.exe
  2⤵
  PID:7924
- C:\Windows\System\sdhUbDA.exe
  C:\Windows\System\sdhUbDA.exe
  2⤵
  PID:7940
- C:\Windows\System\AXFIFTl.exe
  C:\Windows\System\AXFIFTl.exe
  2⤵
  PID:7956
- C:\Windows\System\oIALpsK.exe
  C:\Windows\System\oIALpsK.exe
  2⤵
  PID:7972
- C:\Windows\System\iAPpEHn.exe
  C:\Windows\System\iAPpEHn.exe
  2⤵
  PID:7988
- C:\Windows\System\BMlYMyF.exe
  C:\Windows\System\BMlYMyF.exe
  2⤵
  PID:8004
- C:\Windows\System\WoZiQSZ.exe
  C:\Windows\System\WoZiQSZ.exe
  2⤵
  PID:8020
- C:\Windows\System\HNVGCvK.exe
  C:\Windows\System\HNVGCvK.exe
  2⤵
  PID:8036
- C:\Windows\System\eKBOWDz.exe
  C:\Windows\System\eKBOWDz.exe
  2⤵
  PID:8052
- C:\Windows\System\YiRWakb.exe
  C:\Windows\System\YiRWakb.exe
  2⤵
  PID:8068
- C:\Windows\System\ygDHERc.exe
  C:\Windows\System\ygDHERc.exe
  2⤵
  PID:8084
- C:\Windows\System\xaRCzTI.exe
  C:\Windows\System\xaRCzTI.exe
  2⤵
  PID:8100
- C:\Windows\System\hwmWvWi.exe
  C:\Windows\System\hwmWvWi.exe
  2⤵
  PID:8116
- C:\Windows\System\xMPpLbp.exe
  C:\Windows\System\xMPpLbp.exe
  2⤵
  PID:8132
- C:\Windows\System\JxDJEZU.exe
  C:\Windows\System\JxDJEZU.exe
  2⤵
  PID:8148
- C:\Windows\System\AWmuWQd.exe
  C:\Windows\System\AWmuWQd.exe
  2⤵
  PID:8164
- C:\Windows\System\CDVxjBH.exe
  C:\Windows\System\CDVxjBH.exe
  2⤵
  PID:8180
- C:\Windows\System\OZAkyka.exe
  C:\Windows\System\OZAkyka.exe
  2⤵
  PID:5256
- C:\Windows\System\EpcPRAM.exe
  C:\Windows\System\EpcPRAM.exe
  2⤵
  PID:6172
- C:\Windows\System\KvCBCIC.exe
  C:\Windows\System\KvCBCIC.exe
  2⤵
  PID:6192
- C:\Windows\System\mjWCcGa.exe
  C:\Windows\System\mjWCcGa.exe
  2⤵
  PID:6368
- C:\Windows\System\MjOTSMl.exe
  C:\Windows\System\MjOTSMl.exe
  2⤵
  PID:6500
- C:\Windows\System\dTRWqfB.exe
  C:\Windows\System\dTRWqfB.exe
  2⤵
  PID:6628
- C:\Windows\System\qTwGmsC.exe
  C:\Windows\System\qTwGmsC.exe
  2⤵
  PID:6708
- C:\Windows\System\uhtOwOc.exe
  C:\Windows\System\uhtOwOc.exe
  2⤵
  PID:6900
- C:\Windows\System\NShRhZF.exe
  C:\Windows\System\NShRhZF.exe
  2⤵
  PID:7044
- C:\Windows\System\qKKzGUT.exe
  C:\Windows\System\qKKzGUT.exe
  2⤵
  PID:7104
- C:\Windows\System\pmKPZpu.exe
  C:\Windows\System\pmKPZpu.exe
  2⤵
  PID:4324
- C:\Windows\System\AVZqFPL.exe
  C:\Windows\System\AVZqFPL.exe
  2⤵
  PID:7192
- C:\Windows\System\dLpmBJk.exe
  C:\Windows\System\dLpmBJk.exe
  2⤵
  PID:7236
- C:\Windows\System\SfsLkvU.exe
  C:\Windows\System\SfsLkvU.exe
  2⤵
  PID:7272
- C:\Windows\System\oiRbvVM.exe
  C:\Windows\System\oiRbvVM.exe
  2⤵
  PID:7308
- C:\Windows\System\BQCxUXN.exe
  C:\Windows\System\BQCxUXN.exe
  2⤵
  PID:7352
- C:\Windows\System\kQSuQNQ.exe
  C:\Windows\System\kQSuQNQ.exe
  2⤵
  PID:7384
- C:\Windows\System\nnSbeGU.exe
  C:\Windows\System\nnSbeGU.exe
  2⤵
  PID:7416
- C:\Windows\System\BOKatXX.exe
  C:\Windows\System\BOKatXX.exe
  2⤵
  PID:7436
- C:\Windows\System\OVJYcSK.exe
  C:\Windows\System\OVJYcSK.exe
  2⤵
  PID:7468
- C:\Windows\System\NNjKAbY.exe
  C:\Windows\System\NNjKAbY.exe
  2⤵
  PID:7504
- C:\Windows\System\RENSAft.exe
  C:\Windows\System\RENSAft.exe
  2⤵
  PID:7536
- C:\Windows\System\FUgaZRA.exe
  C:\Windows\System\FUgaZRA.exe
  2⤵
  PID:7568
- C:\Windows\System\cnUvRak.exe
  C:\Windows\System\cnUvRak.exe
  2⤵
  PID:7600
- C:\Windows\System\dBAOagg.exe
  C:\Windows\System\dBAOagg.exe
  2⤵
  PID:7632
- C:\Windows\System\MSBIAHY.exe
  C:\Windows\System\MSBIAHY.exe
  2⤵
  PID:7664
- C:\Windows\System\RnyaGfU.exe
  C:\Windows\System\RnyaGfU.exe
  2⤵
  PID:7696
- C:\Windows\System\SynQuYf.exe
  C:\Windows\System\SynQuYf.exe
  2⤵
  PID:7712
- C:\Windows\System\PAqnzYE.exe
  C:\Windows\System\PAqnzYE.exe
  2⤵
  PID:7744
- C:\Windows\System\UwLCtIb.exe
  C:\Windows\System\UwLCtIb.exe
  2⤵
  PID:7776
- C:\Windows\System\XjCacnD.exe
  C:\Windows\System\XjCacnD.exe
  2⤵
  PID:7820
- C:\Windows\System\xdSdMjG.exe
  C:\Windows\System\xdSdMjG.exe
  2⤵
  PID:7292
- C:\Windows\System\uyzXZKu.exe
  C:\Windows\System\uyzXZKu.exe
  2⤵
  PID:7868
- C:\Windows\System\udoTppo.exe
  C:\Windows\System\udoTppo.exe
  2⤵
  PID:1496
- C:\Windows\System\RUsQfZs.exe
  C:\Windows\System\RUsQfZs.exe
  2⤵
  PID:7904
- C:\Windows\System\cRtsKdg.exe
  C:\Windows\System\cRtsKdg.exe
  2⤵
  PID:7948
- C:\Windows\System\vawrHht.exe
  C:\Windows\System\vawrHht.exe
  2⤵
  PID:380
- C:\Windows\System\IgLzBMt.exe
  C:\Windows\System\IgLzBMt.exe
  2⤵
  PID:1956
- C:\Windows\System\KMXbKTm.exe
  C:\Windows\System\KMXbKTm.exe
  2⤵
  PID:8016
- C:\Windows\System\IwTxHRr.exe
  C:\Windows\System\IwTxHRr.exe
  2⤵
  PID:8032
- C:\Windows\System\lOBmlik.exe
  C:\Windows\System\lOBmlik.exe
  2⤵
  PID:2456
- C:\Windows\System\SBtsmJi.exe
  C:\Windows\System\SBtsmJi.exe
  2⤵
  PID:8092
- C:\Windows\System\sqTqPyw.exe
  C:\Windows\System\sqTqPyw.exe
  2⤵
  PID:1980
- C:\Windows\System\BXWfvEZ.exe
  C:\Windows\System\BXWfvEZ.exe
  2⤵
  PID:8128
- C:\Windows\System\RPTkDxQ.exe
  C:\Windows\System\RPTkDxQ.exe
  2⤵
  PID:8156
- C:\Windows\System\FeCYQBb.exe
  C:\Windows\System\FeCYQBb.exe
  2⤵
  PID:8176
- C:\Windows\System\koFCGyP.exe
  C:\Windows\System\koFCGyP.exe
  2⤵
  PID:1988
- C:\Windows\System\svowAnT.exe
  C:\Windows\System\svowAnT.exe
  2⤵
  PID:6300
- C:\Windows\System\IHJTawN.exe
  C:\Windows\System\IHJTawN.exe
  2⤵
  PID:1676
- C:\Windows\System\ZbPUAbW.exe
  C:\Windows\System\ZbPUAbW.exe
  2⤵
  PID:6580
- C:\Windows\System\BltkrJQ.exe
  C:\Windows\System\BltkrJQ.exe
  2⤵
  PID:6804
- C:\Windows\System\Gvccrfi.exe
  C:\Windows\System\Gvccrfi.exe
  2⤵
  PID:6948
- C:\Windows\System\jmBZbJV.exe
  C:\Windows\System\jmBZbJV.exe
  2⤵
  PID:7172
- C:\Windows\System\Nwvhvuq.exe
  C:\Windows\System\Nwvhvuq.exe
  2⤵
  PID:7220
- C:\Windows\System\iPkmizm.exe
  C:\Windows\System\iPkmizm.exe
  2⤵
  PID:7284
- C:\Windows\System\tLeHzVO.exe
  C:\Windows\System\tLeHzVO.exe
  2⤵
  PID:7356
- C:\Windows\System\QpmlpHD.exe
  C:\Windows\System\QpmlpHD.exe
  2⤵
  PID:7404
- C:\Windows\System\rSEoiQx.exe
  C:\Windows\System\rSEoiQx.exe
  2⤵
  PID:7452
- C:\Windows\System\qEaPdbz.exe
  C:\Windows\System\qEaPdbz.exe
  2⤵
  PID:7520
- C:\Windows\System\ybpsDTM.exe
  C:\Windows\System\ybpsDTM.exe
  2⤵
  PID:7596
- C:\Windows\System\qZlXnnb.exe
  C:\Windows\System\qZlXnnb.exe
  2⤵
  PID:7660
- C:\Windows\System\zIBrdVX.exe
  C:\Windows\System\zIBrdVX.exe
  2⤵
  PID:7680
- C:\Windows\System\PjSyWaz.exe
  C:\Windows\System\PjSyWaz.exe
  2⤵
  PID:7788
- C:\Windows\System\nrlsGsB.exe
  C:\Windows\System\nrlsGsB.exe
  2⤵
  PID:7836
- C:\Windows\System\PqniEHN.exe
  C:\Windows\System\PqniEHN.exe
  2⤵
  PID:7888
- C:\Windows\System\RwDereZ.exe
  C:\Windows\System\RwDereZ.exe
  2⤵
  PID:1968
- C:\Windows\System\EkcLXVS.exe
  C:\Windows\System\EkcLXVS.exe
  2⤵
  PID:7984
- C:\Windows\System\sSQqgbc.exe
  C:\Windows\System\sSQqgbc.exe
  2⤵
  PID:8044
- C:\Windows\System\RHnCdQk.exe
  C:\Windows\System\RHnCdQk.exe
  2⤵
  PID:1784
- C:\Windows\System\VFSQtMz.exe
  C:\Windows\System\VFSQtMz.exe
  2⤵
  PID:8140
- C:\Windows\System\nkyerPI.exe
  C:\Windows\System\nkyerPI.exe
  2⤵
  PID:1324
- C:\Windows\System\QwRanWG.exe
  C:\Windows\System\QwRanWG.exe
  2⤵
  PID:1336
- C:\Windows\System\PXGAznT.exe
  C:\Windows\System\PXGAznT.exe
  2⤵
  PID:6484
- C:\Windows\System\DcQYvrw.exe
  C:\Windows\System\DcQYvrw.exe
  2⤵
  PID:6964
- C:\Windows\System\PgqBGVy.exe
  C:\Windows\System\PgqBGVy.exe
  2⤵
  PID:2152
- C:\Windows\System\uHdghDB.exe
  C:\Windows\System\uHdghDB.exe
  2⤵
  PID:7268
- C:\Windows\System\VOwPnsi.exe
  C:\Windows\System\VOwPnsi.exe
  2⤵
  PID:1196
- C:\Windows\System\yJGlWiV.exe
  C:\Windows\System\yJGlWiV.exe
  2⤵
  PID:7564
- C:\Windows\System\HKTCiJH.exe
  C:\Windows\System\HKTCiJH.exe
  2⤵
  PID:7648
- C:\Windows\System\RFKSAza.exe
  C:\Windows\System\RFKSAza.exe
  2⤵
  PID:7756
- C:\Windows\System\DEmRPwq.exe
  C:\Windows\System\DEmRPwq.exe
  2⤵
  PID:7884
- C:\Windows\System\RFlwTNf.exe
  C:\Windows\System\RFlwTNf.exe
  2⤵
  PID:7964
- C:\Windows\System\qlpkJQX.exe
  C:\Windows\System\qlpkJQX.exe
  2⤵
  PID:8200
- C:\Windows\System\duGekJe.exe
  C:\Windows\System\duGekJe.exe
  2⤵
  PID:8216
- C:\Windows\System\rkTpebQ.exe
  C:\Windows\System\rkTpebQ.exe
  2⤵
  PID:8232
- C:\Windows\System\MGrBgJz.exe
  C:\Windows\System\MGrBgJz.exe
  2⤵
  PID:8252
- C:\Windows\System\aWgLtaX.exe
  C:\Windows\System\aWgLtaX.exe
  2⤵
  PID:8268
- C:\Windows\System\zmfAELd.exe
  C:\Windows\System\zmfAELd.exe
  2⤵
  PID:8284
- C:\Windows\System\jfofLPX.exe
  C:\Windows\System\jfofLPX.exe
  2⤵
  PID:8300
- C:\Windows\System\sEAXasx.exe
  C:\Windows\System\sEAXasx.exe
  2⤵
  PID:8316
- C:\Windows\System\leXJfdE.exe
  C:\Windows\System\leXJfdE.exe
  2⤵
  PID:8332
- C:\Windows\System\xctxNOp.exe
  C:\Windows\System\xctxNOp.exe
  2⤵
  PID:8348
- C:\Windows\System\ITcdsvM.exe
  C:\Windows\System\ITcdsvM.exe
  2⤵
  PID:8364
- C:\Windows\System\sSbCJFg.exe
  C:\Windows\System\sSbCJFg.exe
  2⤵
  PID:8380
- C:\Windows\System\VqmaNju.exe
  C:\Windows\System\VqmaNju.exe
  2⤵
  PID:8396
- C:\Windows\System\RGNSzYg.exe
  C:\Windows\System\RGNSzYg.exe
  2⤵
  PID:8412
- C:\Windows\System\OQmAsUy.exe
  C:\Windows\System\OQmAsUy.exe
  2⤵
  PID:8428
- C:\Windows\System\YSJjzzT.exe
  C:\Windows\System\YSJjzzT.exe
  2⤵
  PID:8444
- C:\Windows\System\vrSTiqm.exe
  C:\Windows\System\vrSTiqm.exe
  2⤵
  PID:8460
- C:\Windows\System\llHkvsr.exe
  C:\Windows\System\llHkvsr.exe
  2⤵
  PID:8476
- C:\Windows\System\XyIxevX.exe
  C:\Windows\System\XyIxevX.exe
  2⤵
  PID:8492
- C:\Windows\System\ocxRUcU.exe
  C:\Windows\System\ocxRUcU.exe
  2⤵
  PID:8508
- C:\Windows\System\EgMVKmY.exe
  C:\Windows\System\EgMVKmY.exe
  2⤵
  PID:8524
- C:\Windows\System\XNrdEkI.exe
  C:\Windows\System\XNrdEkI.exe
  2⤵
  PID:8540
- C:\Windows\System\gTwbbxi.exe
  C:\Windows\System\gTwbbxi.exe
  2⤵
  PID:8556
- C:\Windows\System\uPfQLOU.exe
  C:\Windows\System\uPfQLOU.exe
  2⤵
  PID:8572
- C:\Windows\System\kgTKjDE.exe
  C:\Windows\System\kgTKjDE.exe
  2⤵
  PID:8588
- C:\Windows\System\VMHkStd.exe
  C:\Windows\System\VMHkStd.exe
  2⤵
  PID:8604
- C:\Windows\System\FEwumSs.exe
  C:\Windows\System\FEwumSs.exe
  2⤵
  PID:8620
- C:\Windows\System\CXHbpsP.exe
  C:\Windows\System\CXHbpsP.exe
  2⤵
  PID:8636
- C:\Windows\System\bQXpuFA.exe
  C:\Windows\System\bQXpuFA.exe
  2⤵
  PID:8652
- C:\Windows\System\zsvcgBY.exe
  C:\Windows\System\zsvcgBY.exe
  2⤵
  PID:8668
- C:\Windows\System\fxlSzNs.exe
  C:\Windows\System\fxlSzNs.exe
  2⤵
  PID:8684
- C:\Windows\System\QxPyvtz.exe
  C:\Windows\System\QxPyvtz.exe
  2⤵
  PID:8700
- C:\Windows\System\SbdGwcV.exe
  C:\Windows\System\SbdGwcV.exe
  2⤵
  PID:8716
- C:\Windows\System\MZlHHwS.exe
  C:\Windows\System\MZlHHwS.exe
  2⤵
  PID:8732
- C:\Windows\System\rWcrszZ.exe
  C:\Windows\System\rWcrszZ.exe
  2⤵
  PID:8748
- C:\Windows\System\fEJXASF.exe
  C:\Windows\System\fEJXASF.exe
  2⤵
  PID:8764
- C:\Windows\System\EsmOQMM.exe
  C:\Windows\System\EsmOQMM.exe
  2⤵
  PID:8780
- C:\Windows\System\ZQidYZN.exe
  C:\Windows\System\ZQidYZN.exe
  2⤵
  PID:8796
- C:\Windows\System\DawsEGY.exe
  C:\Windows\System\DawsEGY.exe
  2⤵
  PID:8812
- C:\Windows\System\FRmCvWi.exe
  C:\Windows\System\FRmCvWi.exe
  2⤵
  PID:8828
- C:\Windows\System\pjudaOO.exe
  C:\Windows\System\pjudaOO.exe
  2⤵
  PID:8844
- C:\Windows\System\CQtaIBt.exe
  C:\Windows\System\CQtaIBt.exe
  2⤵
  PID:8860
- C:\Windows\System\geZCKZd.exe
  C:\Windows\System\geZCKZd.exe
  2⤵
  PID:8876
- C:\Windows\System\dOYAcun.exe
  C:\Windows\System\dOYAcun.exe
  2⤵
  PID:8896
- C:\Windows\System\VwSqjYH.exe
  C:\Windows\System\VwSqjYH.exe
  2⤵
  PID:8912
- C:\Windows\System\ubfIhqD.exe
  C:\Windows\System\ubfIhqD.exe
  2⤵
  PID:8928
- C:\Windows\System\zxmzYrl.exe
  C:\Windows\System\zxmzYrl.exe
  2⤵
  PID:8944
- C:\Windows\System\rnxgjnG.exe
  C:\Windows\System\rnxgjnG.exe
  2⤵
  PID:8960
- C:\Windows\System\HqvnEtK.exe
  C:\Windows\System\HqvnEtK.exe
  2⤵
  PID:8976
- C:\Windows\System\VkWxtcI.exe
  C:\Windows\System\VkWxtcI.exe
  2⤵
  PID:8992
- C:\Windows\System\rzObcQT.exe
  C:\Windows\System\rzObcQT.exe
  2⤵
  PID:9008
- C:\Windows\System\gpwJQnA.exe
  C:\Windows\System\gpwJQnA.exe
  2⤵
  PID:9024
- C:\Windows\System\mzsKxTh.exe
  C:\Windows\System\mzsKxTh.exe
  2⤵
  PID:9040
- C:\Windows\System\cbWItVi.exe
  C:\Windows\System\cbWItVi.exe
  2⤵
  PID:9056
- C:\Windows\System\kCrDzyg.exe
  C:\Windows\System\kCrDzyg.exe
  2⤵
  PID:9072
- C:\Windows\System\WuRynVi.exe
  C:\Windows\System\WuRynVi.exe
  2⤵
  PID:9088
- C:\Windows\System\dWlDmEm.exe
  C:\Windows\System\dWlDmEm.exe
  2⤵
  PID:9104
- C:\Windows\System\QzViKxw.exe
  C:\Windows\System\QzViKxw.exe
  2⤵
  PID:9120
- C:\Windows\System\KOuaTAw.exe
  C:\Windows\System\KOuaTAw.exe
  2⤵
  PID:9136
- C:\Windows\System\hlRCVzA.exe
  C:\Windows\System\hlRCVzA.exe
  2⤵
  PID:9152
- C:\Windows\System\OsqRjWJ.exe
  C:\Windows\System\OsqRjWJ.exe
  2⤵
  PID:9168
- C:\Windows\System\OPsoHrv.exe
  C:\Windows\System\OPsoHrv.exe
  2⤵
  PID:9184
- C:\Windows\System\KPCEMQm.exe
  C:\Windows\System\KPCEMQm.exe
  2⤵
  PID:9200
- C:\Windows\System\tBaCvSe.exe
  C:\Windows\System\tBaCvSe.exe
  2⤵
  PID:8124
- C:\Windows\System\BdyPfDP.exe
  C:\Windows\System\BdyPfDP.exe
  2⤵
  PID:5628
- C:\Windows\System\jxzJZkz.exe
  C:\Windows\System\jxzJZkz.exe
  2⤵
  PID:1268
- C:\Windows\System\VgxWvaY.exe
  C:\Windows\System\VgxWvaY.exe
  2⤵
  PID:7320
- C:\Windows\System\GaqjJEz.exe
  C:\Windows\System\GaqjJEz.exe
  2⤵
  PID:7532
- C:\Windows\System\JKxRpDw.exe
  C:\Windows\System\JKxRpDw.exe
  2⤵
  PID:7772
- C:\Windows\System\IVEvGvG.exe
  C:\Windows\System\IVEvGvG.exe
  2⤵
  PID:7932
- C:\Windows\System\zTLgVDQ.exe
  C:\Windows\System\zTLgVDQ.exe
  2⤵
  PID:8060
- C:\Windows\System\pMqAeci.exe
  C:\Windows\System\pMqAeci.exe
  2⤵
  PID:8224
- C:\Windows\System\GNiXIxn.exe
  C:\Windows\System\GNiXIxn.exe
  2⤵
  PID:8228
- C:\Windows\System\WgihNFZ.exe
  C:\Windows\System\WgihNFZ.exe
  2⤵
  PID:8260
- C:\Windows\System\ebVZMFo.exe
  C:\Windows\System\ebVZMFo.exe
  2⤵
  PID:3376
- C:\Windows\System\CTMGfqU.exe
  C:\Windows\System\CTMGfqU.exe
  2⤵
  PID:3368
- C:\Windows\System\jcptyEr.exe
  C:\Windows\System\jcptyEr.exe
  2⤵
  PID:3440
- C:\Windows\System\LDCZxje.exe
  C:\Windows\System\LDCZxje.exe
  2⤵
  PID:8324
- C:\Windows\System\RNBGEOc.exe
  C:\Windows\System\RNBGEOc.exe
  2⤵
  PID:8344
- C:\Windows\System\GozpdHe.exe
  C:\Windows\System\GozpdHe.exe
  2⤵
  PID:3364
- C:\Windows\System\vrrghJA.exe
  C:\Windows\System\vrrghJA.exe
  2⤵
  PID:3384
- C:\Windows\System\SsprZHg.exe
  C:\Windows\System\SsprZHg.exe
  2⤵
  PID:3412
- C:\Windows\System\jjqZILu.exe
  C:\Windows\System\jjqZILu.exe
  2⤵
  PID:8424
- C:\Windows\System\eeGSdhO.exe
  C:\Windows\System\eeGSdhO.exe
  2⤵
  PID:8456
- C:\Windows\System\hTwOjvz.exe
  C:\Windows\System\hTwOjvz.exe
  2⤵
  PID:8488
- C:\Windows\System\TzNUvru.exe
  C:\Windows\System\TzNUvru.exe
  2⤵
  PID:8532
- C:\Windows\System\CqPcRoR.exe
  C:\Windows\System\CqPcRoR.exe
  2⤵
  PID:8564
- C:\Windows\System\ntjVyxK.exe
  C:\Windows\System\ntjVyxK.exe
  2⤵
  PID:3640
- C:\Windows\System\GOdkPnU.exe
  C:\Windows\System\GOdkPnU.exe
  2⤵
  PID:8612
- C:\Windows\System\sDlQaDE.exe
  C:\Windows\System\sDlQaDE.exe
  2⤵
  PID:8632
- C:\Windows\System\PqiqMWA.exe
  C:\Windows\System\PqiqMWA.exe
  2⤵
  PID:3632
- C:\Windows\System\DnUyHBp.exe
  C:\Windows\System\DnUyHBp.exe
  2⤵
  PID:8680
- C:\Windows\System\VIqbzAj.exe
  C:\Windows\System\VIqbzAj.exe
  2⤵
  PID:8708
- C:\Windows\System\jyJGztN.exe
  C:\Windows\System\jyJGztN.exe
  2⤵
  PID:1536
- C:\Windows\System\ttNAskR.exe
  C:\Windows\System\ttNAskR.exe
  2⤵
  PID:8772
- C:\Windows\System\weRZNiY.exe
  C:\Windows\System\weRZNiY.exe
  2⤵
  PID:8804
- C:\Windows\System\pdEXImn.exe
  C:\Windows\System\pdEXImn.exe
  2⤵
  PID:8836
- C:\Windows\System\SKOZBFB.exe
  C:\Windows\System\SKOZBFB.exe
  2⤵
  PID:8856
- C:\Windows\System\wSlHlrJ.exe
  C:\Windows\System\wSlHlrJ.exe
  2⤵
  PID:8888
- C:\Windows\System\QxoFpSO.exe
  C:\Windows\System\QxoFpSO.exe
  2⤵
  PID:8248
- C:\Windows\System\ZvURPiI.exe
  C:\Windows\System\ZvURPiI.exe
  2⤵
  PID:8956
- C:\Windows\System\vGAVrgJ.exe
  C:\Windows\System\vGAVrgJ.exe
  2⤵
  PID:8988
- C:\Windows\System\BuFDlWA.exe
  C:\Windows\System\BuFDlWA.exe
  2⤵
  PID:9020
- C:\Windows\System\QZrhLbz.exe
  C:\Windows\System\QZrhLbz.exe
  2⤵
  PID:9052
- C:\Windows\System\oCVZiMJ.exe
  C:\Windows\System\oCVZiMJ.exe
  2⤵
  PID:9084
- C:\Windows\System\FIxoCoY.exe
  C:\Windows\System\FIxoCoY.exe
  2⤵
  PID:9116
- C:\Windows\System\SFmbEeD.exe
  C:\Windows\System\SFmbEeD.exe
  2⤵
  PID:9148
- C:\Windows\System\hGfOAkq.exe
  C:\Windows\System\hGfOAkq.exe
  2⤵
  PID:9164
- C:\Windows\System\rPBVGcy.exe
  C:\Windows\System\rPBVGcy.exe
  2⤵
  PID:9212
- C:\Windows\System\fsKuTWG.exe
  C:\Windows\System\fsKuTWG.exe
  2⤵
  PID:1776
- C:\Windows\System\BHphcEM.exe
  C:\Windows\System\BHphcEM.exe
  2⤵
  PID:7372
- C:\Windows\System\ebcGeeL.exe
  C:\Windows\System\ebcGeeL.exe
  2⤵
  PID:7616
- C:\Windows\System\PoVxYcm.exe
  C:\Windows\System\PoVxYcm.exe
  2⤵
  PID:1512
- C:\Windows\System\xcIowRq.exe
  C:\Windows\System\xcIowRq.exe
  2⤵
  PID:3372
- C:\Windows\System\aIYJJlO.exe
  C:\Windows\System\aIYJJlO.exe
  2⤵
  PID:3404
- C:\Windows\System\GlZaBuL.exe
  C:\Windows\System\GlZaBuL.exe
  2⤵
  PID:3436
- C:\Windows\System\NhXxYcf.exe
  C:\Windows\System\NhXxYcf.exe
  2⤵
  PID:3408
- C:\Windows\System\AfFDiWB.exe
  C:\Windows\System\AfFDiWB.exe
  2⤵
  PID:8376
- C:\Windows\System\sxcBAyq.exe
  C:\Windows\System\sxcBAyq.exe
  2⤵
  PID:8436
- C:\Windows\System\dFMymFg.exe
  C:\Windows\System\dFMymFg.exe
  2⤵
  PID:8500
- C:\Windows\System\BICIBly.exe
  C:\Windows\System\BICIBly.exe
  2⤵
  PID:8536
- C:\Windows\System\RpdYdvh.exe
  C:\Windows\System\RpdYdvh.exe
  2⤵
  PID:8600
- C:\Windows\System\UyFerIC.exe
  C:\Windows\System\UyFerIC.exe
  2⤵
  PID:8660
- C:\Windows\System\TQAjWfy.exe
  C:\Windows\System\TQAjWfy.exe
  2⤵
  PID:8712
- C:\Windows\System\UUwzFnh.exe
  C:\Windows\System\UUwzFnh.exe
  2⤵
  PID:8760
- C:\Windows\System\otBtmlt.exe
  C:\Windows\System\otBtmlt.exe
  2⤵
  PID:8824
- C:\Windows\System\kMmOCZd.exe
  C:\Windows\System\kMmOCZd.exe
  2⤵
  PID:8920
- C:\Windows\System\NdpuKnC.exe
  C:\Windows\System\NdpuKnC.exe
  2⤵
  PID:8940
- C:\Windows\System\UalwFMH.exe
  C:\Windows\System\UalwFMH.exe
  2⤵
  PID:768
- C:\Windows\System\sQsvnEH.exe
  C:\Windows\System\sQsvnEH.exe
  2⤵
  PID:9100
- C:\Windows\System\oIBtXIb.exe
  C:\Windows\System\oIBtXIb.exe
  2⤵
  PID:2060
- C:\Windows\System\StMJLPi.exe
  C:\Windows\System\StMJLPi.exe
  2⤵
  PID:9208
- C:\Windows\System\EMpaLhb.exe
  C:\Windows\System\EMpaLhb.exe
  2⤵
  PID:8160
- C:\Windows\System\uOLkvRo.exe
  C:\Windows\System\uOLkvRo.exe
  2⤵
  PID:6080
- C:\Windows\System\TmOlQwD.exe
  C:\Windows\System\TmOlQwD.exe
  2⤵
  PID:3424
- C:\Windows\System\XwFiWKT.exe
  C:\Windows\System\XwFiWKT.exe
  2⤵
  PID:3416
- C:\Windows\System\QQvhMMm.exe
  C:\Windows\System\QQvhMMm.exe
  2⤵
  PID:3444
- C:\Windows\System\DckgZMf.exe
  C:\Windows\System\DckgZMf.exe
  2⤵
  PID:8484
- C:\Windows\System\NMwbspA.exe
  C:\Windows\System\NMwbspA.exe
  2⤵
  PID:8548
- C:\Windows\System\oCZVREa.exe
  C:\Windows\System\oCZVREa.exe
  2⤵
  PID:8728
- C:\Windows\System\YsZhVqr.exe
  C:\Windows\System\YsZhVqr.exe
  2⤵
  PID:8776
- C:\Windows\System\lkNOqcB.exe
  C:\Windows\System\lkNOqcB.exe
  2⤵
  PID:8872
- C:\Windows\System\scQHxpX.exe
  C:\Windows\System\scQHxpX.exe
  2⤵
  PID:9048
- C:\Windows\System\iSMkuFd.exe
  C:\Windows\System\iSMkuFd.exe
  2⤵
  PID:9144
- C:\Windows\System\Awhmebm.exe
  C:\Windows\System\Awhmebm.exe
  2⤵
  PID:2588
- C:\Windows\System\maTacbr.exe
  C:\Windows\System\maTacbr.exe
  2⤵
  PID:3400
- C:\Windows\System\JYjqZGZ.exe
  C:\Windows\System\JYjqZGZ.exe
  2⤵
  PID:8360
- C:\Windows\System\YOAyaqC.exe
  C:\Windows\System\YOAyaqC.exe
  2⤵
  PID:3636
- C:\Windows\System\SMNXFoF.exe
  C:\Windows\System\SMNXFoF.exe
  2⤵
  PID:8840
- C:\Windows\System\MpCYijn.exe
  C:\Windows\System\MpCYijn.exe
  2⤵
  PID:2684
- C:\Windows\System\csHAZTa.exe
  C:\Windows\System\csHAZTa.exe
  2⤵
  PID:9272
- C:\Windows\System\xUtgtjI.exe
  C:\Windows\System\xUtgtjI.exe
  2⤵
  PID:9300
- C:\Windows\System\ANIPVyg.exe
  C:\Windows\System\ANIPVyg.exe
  2⤵
  PID:9320
- C:\Windows\System\Phnrntk.exe
  C:\Windows\System\Phnrntk.exe
  2⤵
  PID:9544
- C:\Windows\System\lhqPxdR.exe
  C:\Windows\System\lhqPxdR.exe
  2⤵
  PID:9564
- C:\Windows\System\fNlBauO.exe
  C:\Windows\System\fNlBauO.exe
  2⤵
  PID:9584
- C:\Windows\System\rZFBNkQ.exe
  C:\Windows\System\rZFBNkQ.exe
  2⤵
  PID:9604
- C:\Windows\System\HtsNhNL.exe
  C:\Windows\System\HtsNhNL.exe
  2⤵
  PID:9620
- C:\Windows\System\SwtWKnt.exe
  C:\Windows\System\SwtWKnt.exe
  2⤵
  PID:9636
- C:\Windows\System\JFpKdhy.exe
  C:\Windows\System\JFpKdhy.exe
  2⤵
  PID:9652
- C:\Windows\System\lsEYzjW.exe
  C:\Windows\System\lsEYzjW.exe
  2⤵
  PID:9672
- C:\Windows\System\CGoWPQC.exe
  C:\Windows\System\CGoWPQC.exe
  2⤵
  PID:9692
- C:\Windows\System\uOAAhyc.exe
  C:\Windows\System\uOAAhyc.exe
  2⤵
  PID:9708
- C:\Windows\System\cpjvsIa.exe
  C:\Windows\System\cpjvsIa.exe
  2⤵
  PID:9724
- C:\Windows\System\hdfTvsK.exe
  C:\Windows\System\hdfTvsK.exe
  2⤵
  PID:9740
- C:\Windows\System\hJEPChE.exe
  C:\Windows\System\hJEPChE.exe
  2⤵
  PID:9756
- C:\Windows\System\KEChrHW.exe
  C:\Windows\System\KEChrHW.exe
  2⤵
  PID:9772
- C:\Windows\System\ctVnTXc.exe
  C:\Windows\System\ctVnTXc.exe
  2⤵
  PID:9788
- C:\Windows\System\xHVfFlJ.exe
  C:\Windows\System\xHVfFlJ.exe
  2⤵
  PID:9804
- C:\Windows\System\MTVlqsd.exe
  C:\Windows\System\MTVlqsd.exe
  2⤵
  PID:9820
- C:\Windows\System\WXqydVJ.exe
  C:\Windows\System\WXqydVJ.exe
  2⤵
  PID:9836
- C:\Windows\System\ZRWaFmn.exe
  C:\Windows\System\ZRWaFmn.exe
  2⤵
  PID:9852
- C:\Windows\System\jEdMdwu.exe
  C:\Windows\System\jEdMdwu.exe
  2⤵
  PID:9868
- C:\Windows\System\oaUZLZw.exe
  C:\Windows\System\oaUZLZw.exe
  2⤵
  PID:9884
- C:\Windows\System\kTcxypJ.exe
  C:\Windows\System\kTcxypJ.exe
  2⤵
  PID:9900
- C:\Windows\System\OYKbpAA.exe
  C:\Windows\System\OYKbpAA.exe
  2⤵
  PID:9916
- C:\Windows\System\kHskvWe.exe
  C:\Windows\System\kHskvWe.exe
  2⤵
  PID:9932
- C:\Windows\System\lfSPwAv.exe
  C:\Windows\System\lfSPwAv.exe
  2⤵
  PID:9948
- C:\Windows\System\TOTFCaw.exe
  C:\Windows\System\TOTFCaw.exe
  2⤵
  PID:9972
- C:\Windows\System\PzfDrBA.exe
  C:\Windows\System\PzfDrBA.exe
  2⤵
  PID:9988
- C:\Windows\System\fqeMwZw.exe
  C:\Windows\System\fqeMwZw.exe
  2⤵
  PID:10004
- C:\Windows\System\eErAvyk.exe
  C:\Windows\System\eErAvyk.exe
  2⤵
  PID:10020
- C:\Windows\System\XqGrPKK.exe
  C:\Windows\System\XqGrPKK.exe
  2⤵
  PID:10036
- C:\Windows\System\KASUQdm.exe
  C:\Windows\System\KASUQdm.exe
  2⤵
  PID:10052
- C:\Windows\System\WbceDVn.exe
  C:\Windows\System\WbceDVn.exe
  2⤵
  PID:10068
- C:\Windows\System\dWJNBmJ.exe
  C:\Windows\System\dWJNBmJ.exe
  2⤵
  PID:10084
- C:\Windows\System\bDewOmk.exe
  C:\Windows\System\bDewOmk.exe
  2⤵
  PID:10100
- C:\Windows\System\Nqfgrtx.exe
  C:\Windows\System\Nqfgrtx.exe
  2⤵
  PID:10116
- C:\Windows\System\tDnpnVb.exe
  C:\Windows\System\tDnpnVb.exe
  2⤵
  PID:10132
- C:\Windows\System\MoXbcFu.exe
  C:\Windows\System\MoXbcFu.exe
  2⤵
  PID:10148
- C:\Windows\System\kASghyN.exe
  C:\Windows\System\kASghyN.exe
  2⤵
  PID:10164
- C:\Windows\System\HaeMhxl.exe
  C:\Windows\System\HaeMhxl.exe
  2⤵
  PID:10180
- C:\Windows\System\prTzaAX.exe
  C:\Windows\System\prTzaAX.exe
  2⤵
  PID:10196
- C:\Windows\System\YMVMSwh.exe
  C:\Windows\System\YMVMSwh.exe
  2⤵
  PID:10212
- C:\Windows\System\hFvtjkz.exe
  C:\Windows\System\hFvtjkz.exe
  2⤵
  PID:10228
- C:\Windows\System\CTvyXeS.exe
  C:\Windows\System\CTvyXeS.exe
  2⤵
  PID:2520
- C:\Windows\System\dmOOpPc.exe
  C:\Windows\System\dmOOpPc.exe
  2⤵
  PID:808
- C:\Windows\System\Mjkubpl.exe
  C:\Windows\System\Mjkubpl.exe
  2⤵
  PID:8280
- C:\Windows\System\GAqlBJg.exe
  C:\Windows\System\GAqlBJg.exe
  2⤵
  PID:2188
- C:\Windows\System\Osjjdbs.exe
  C:\Windows\System\Osjjdbs.exe
  2⤵
  PID:8308
- C:\Windows\System\Ypqiruq.exe
  C:\Windows\System\Ypqiruq.exe
  2⤵
  PID:3024
- C:\Windows\System\ndfMHYf.exe
  C:\Windows\System\ndfMHYf.exe
  2⤵
  PID:2832
- C:\Windows\System\yxBOekp.exe
  C:\Windows\System\yxBOekp.exe
  2⤵
  PID:1760
- C:\Windows\System\OVeThme.exe
  C:\Windows\System\OVeThme.exe
  2⤵
  PID:9236
- C:\Windows\System\YrVDFYt.exe
  C:\Windows\System\YrVDFYt.exe
  2⤵
  PID:9252
- C:\Windows\System\VKuAvdb.exe
  C:\Windows\System\VKuAvdb.exe
  2⤵
  PID:1796
- C:\Windows\System\FxUkfsq.exe
  C:\Windows\System\FxUkfsq.exe
  2⤵
  PID:9220
- C:\Windows\System\bRLhmvo.exe
  C:\Windows\System\bRLhmvo.exe
  2⤵
  PID:9312
- C:\Windows\System\phqCzYo.exe
  C:\Windows\System\phqCzYo.exe
  2⤵
  PID:2172
- C:\Windows\System\ZvRQUoF.exe
  C:\Windows\System\ZvRQUoF.exe
  2⤵
  PID:9244
- C:\Windows\System\wGZRREc.exe
  C:\Windows\System\wGZRREc.exe
  2⤵
  PID:2988
- C:\Windows\System\AyCTNAo.exe
  C:\Windows\System\AyCTNAo.exe
  2⤵
  PID:9348
- C:\Windows\System\xgdjoZU.exe
  C:\Windows\System\xgdjoZU.exe
  2⤵
  PID:9376
- C:\Windows\System\qYsaMDM.exe
  C:\Windows\System\qYsaMDM.exe
  2⤵
  PID:9360
- C:\Windows\System\hIicOIC.exe
  C:\Windows\System\hIicOIC.exe
  2⤵
  PID:9440
- C:\Windows\System\MEmxWXq.exe
  C:\Windows\System\MEmxWXq.exe
  2⤵
  PID:9476
- C:\Windows\System\AougnXB.exe
  C:\Windows\System\AougnXB.exe
  2⤵
  PID:9508
- C:\Windows\System\JxFSpAL.exe
  C:\Windows\System\JxFSpAL.exe
  2⤵
  PID:9448
- C:\Windows\System\RMpxZbR.exe
  C:\Windows\System\RMpxZbR.exe
  2⤵
  PID:9464
- C:\Windows\System\uCeoKUY.exe
  C:\Windows\System\uCeoKUY.exe
  2⤵
  PID:9504
- C:\Windows\System\UuwnIEP.exe
  C:\Windows\System\UuwnIEP.exe
  2⤵
  PID:9520
- C:\Windows\System\OcOCarQ.exe
  C:\Windows\System\OcOCarQ.exe
  2⤵
  PID:9332
- C:\Windows\System\WxNwaqa.exe
  C:\Windows\System\WxNwaqa.exe
  2⤵
  PID:9580
- C:\Windows\System\zMcVFnH.exe
  C:\Windows\System\zMcVFnH.exe
  2⤵
  PID:9612
- C:\Windows\System\mLKIFPU.exe
  C:\Windows\System\mLKIFPU.exe
  2⤵
  PID:9700
- C:\Windows\System\aQBczOF.exe
  C:\Windows\System\aQBczOF.exe
  2⤵
  PID:9764
- C:\Windows\System\tvlsEPR.exe
  C:\Windows\System\tvlsEPR.exe
  2⤵
  PID:9828
- C:\Windows\System\wgxsACr.exe
  C:\Windows\System\wgxsACr.exe
  2⤵
  PID:9644
- C:\Windows\System\wiGuxbe.exe
  C:\Windows\System\wiGuxbe.exe
  2⤵
  PID:9688
- C:\Windows\System\ksaigJT.exe
  C:\Windows\System\ksaigJT.exe
  2⤵
  PID:9784
- C:\Windows\System\fNIvmxq.exe
  C:\Windows\System\fNIvmxq.exe
  2⤵
  PID:9748
- C:\Windows\System\OGKmRlV.exe
  C:\Windows\System\OGKmRlV.exe
  2⤵
  PID:9892
- C:\Windows\System\PbnaQQI.exe
  C:\Windows\System\PbnaQQI.exe
  2⤵
  PID:9956
- C:\Windows\System\hkpKOMo.exe
  C:\Windows\System\hkpKOMo.exe
  2⤵
  PID:9880
- C:\Windows\System\jjBSdnn.exe
  C:\Windows\System\jjBSdnn.exe
  2⤵
  PID:9940
- C:\Windows\System\fWhPQZG.exe
  C:\Windows\System\fWhPQZG.exe
  2⤵
  PID:9912
- C:\Windows\System\mIJrugh.exe
  C:\Windows\System\mIJrugh.exe
  2⤵
  PID:10032
- C:\Windows\System\qNsfLPD.exe
  C:\Windows\System\qNsfLPD.exe
  2⤵
  PID:10096
- C:\Windows\System\harilLA.exe
  C:\Windows\System\harilLA.exe
  2⤵
  PID:10188
- C:\Windows\System\sxalWhK.exe
  C:\Windows\System\sxalWhK.exe
  2⤵
  PID:10160
- C:\Windows\System\nOGRtuL.exe
  C:\Windows\System\nOGRtuL.exe
  2⤵
  PID:3064
- C:\Windows\System\DZFdRve.exe
  C:\Windows\System\DZFdRve.exe
  2⤵
  PID:10076
- C:\Windows\System\IAhXupY.exe
  C:\Windows\System\IAhXupY.exe
  2⤵
  PID:10112
- C:\Windows\System\jThPipH.exe
  C:\Windows\System\jThPipH.exe
  2⤵
  PID:10044
- C:\Windows\System\AVsGKTS.exe
  C:\Windows\System\AVsGKTS.exe
  2⤵
  PID:2656
- C:\Windows\System\dlmXjlX.exe
  C:\Windows\System\dlmXjlX.exe
  2⤵
  PID:9268
- C:\Windows\System\dKzpmGx.exe
  C:\Windows\System\dKzpmGx.exe
  2⤵
  PID:10236
- C:\Windows\System\ooNLZeA.exe
  C:\Windows\System\ooNLZeA.exe
  2⤵
  PID:1684
- C:\Windows\System\hTtWRwX.exe
  C:\Windows\System\hTtWRwX.exe
  2⤵
  PID:2916
- C:\Windows\System\ZCZiBJu.exe
  C:\Windows\System\ZCZiBJu.exe
  2⤵
  PID:9576
- C:\Windows\System\nFSDQzO.exe
  C:\Windows\System\nFSDQzO.exe
  2⤵
  PID:9800
- C:\Windows\System\RiyIZTb.exe
  C:\Windows\System\RiyIZTb.exe
  2⤵
  PID:9668
- C:\Windows\System\uJKvPkY.exe
  C:\Windows\System\uJKvPkY.exe
  2⤵
  PID:9780
- C:\Windows\System\UwQGAdw.exe
  C:\Windows\System\UwQGAdw.exe
  2⤵
  PID:1668
- C:\Windows\System\krKZpYI.exe
  C:\Windows\System\krKZpYI.exe
  2⤵
  PID:9924
- C:\Windows\System\KXmwyjE.exe
  C:\Windows\System\KXmwyjE.exe
  2⤵
  PID:10128
- C:\Windows\System\eESPSvA.exe
  C:\Windows\System\eESPSvA.exe
  2⤵
  PID:2464
- C:\Windows\System\gEXZGCl.exe
  C:\Windows\System\gEXZGCl.exe
  2⤵
  PID:10080
- C:\Windows\System\PafHlnA.exe
  C:\Windows\System\PafHlnA.exe
  2⤵
  PID:9412
- C:\Windows\System\JPynzbR.exe
  C:\Windows\System\JPynzbR.exe
  2⤵
  PID:10204
- C:\Windows\System\uJbmluH.exe
  C:\Windows\System\uJbmluH.exe
  2⤵
  PID:9864
- C:\Windows\System\pcfaPBm.exe
  C:\Windows\System\pcfaPBm.exe
  2⤵
  PID:9420
- C:\Windows\System\wYdgufr.exe
  C:\Windows\System\wYdgufr.exe
  2⤵
  PID:9452
- C:\Windows\System\eCzcfCR.exe
  C:\Windows\System\eCzcfCR.exe
  2⤵
  PID:9472
- C:\Windows\System\gKYcJKl.exe
  C:\Windows\System\gKYcJKl.exe
  2⤵
  PID:9720
- C:\Windows\System\uidWqkF.exe
  C:\Windows\System\uidWqkF.exe
  2⤵
  PID:9484
- C:\Windows\System\nKwTsZF.exe
  C:\Windows\System\nKwTsZF.exe
  2⤵
  PID:10016
- C:\Windows\System\aZftSeo.exe
  C:\Windows\System\aZftSeo.exe
  2⤵
  PID:2940
- C:\Windows\System\TgduTfY.exe
  C:\Windows\System\TgduTfY.exe
  2⤵
  PID:10208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFrcujh.exe

Filesize
5.7MB

MD5
4d2ed7c7cbc9e8001949985d45138174

SHA1
7d5c9f0568be96876e17cb79fde1b556a4f18168

SHA256
f05d93f33c6bb9d0353abd365ebf9319281b8b31765facc909aba8c8e5978bdd

SHA512
9dd3b2cb4f921523aaeb4a733def3b9255c2453149d0659b6b207b3ef4c7f979b57bfd26019afb46d203d452148af773e51eb408f10c10f2cd5de60e2c531703

Download Submit
C:\Windows\system\AQwTjNJ.exe

Filesize
5.7MB

MD5
e5dc1885051f59f0186fad06d6171e97

SHA1
5d151525702bb526e85cda3e5c5561d1e508222b

SHA256
a1b7479c97343abf9048de46151f6e87358eb90897e53bd61a7bae48e9d983ee

SHA512
ffc39a5e29ab125cfa08afc85a0269b09605e0b318674c4cb8e974b0343335b451d71a3c1c6d3792c4fc8cf122c0e14b1fc16bf4385b01c06f257cdc17022dc0

Download Submit
C:\Windows\system\AlxZioR.exe

Filesize
5.7MB

MD5
e842626c81f9498f5917a47e3fa605b9

SHA1
0ea3bc96f002f547dbcaf51c5d619b0bcae48bd1

SHA256
2f412c44592a9f4e607b5b213326f137a02c91cc660ba03108bb5df1e3ca5529

SHA512
37e3bae1cd0a5dbcf23cd1db93361dec98aa5739bc9cdeed26c123b33f8dab885632236cd4ece4f2bfbca5c8364528465af4db1dc129c19f2453a2c96824cfd8

Download Submit
C:\Windows\system\EynILlH.exe

Filesize
5.7MB

MD5
25637370b5c741f54cf1b22825c4b296

SHA1
8ae6cfe2698d89c854d2e8f60962d4270d3948ee

SHA256
4c2447032bb01340ba48386c17d6ccc30eb776da730432ac35187860d73e7250

SHA512
75e2fe6f2df33dd6077f307c9cae4399c91daa51e6ee09bd3d1fb78cecb8e776610fa3fb0d3c5f56b3ea62c0f95a1f8deb1a82130ba930eb1e5c589cd78b1e05

Download Submit
C:\Windows\system\KtMHtkS.exe

Filesize
5.7MB

MD5
e8ace767e0ee81d5eb8fe34b65a5a7af

SHA1
08bc087b0d3ecade71d378e50052d4121ac61820

SHA256
1a35c8d63d50a5d6c879279f40e004333e74c1f39d6a2437c0fd0f414f430d41

SHA512
f8805fe47b4bec649342b58af377b2e2860f595c98cf92127412e820cfbe33f701609c519b3033bd9eb9dbb2fbd79636ad2bfa4cd6f52f118bad329bd572dd7e

Download Submit
C:\Windows\system\NVJNrue.exe

Filesize
5.7MB

MD5
a24b87a90641820a87943b512189f7f6

SHA1
3a38f8c0a58fc4147d89760bf6a8459c5fb1b9df

SHA256
90f5aefb9dce4908b3745eb9955736ed33216ef873590544068eeb6f67803164

SHA512
1ad9ac8a0d58035778057cd5575ed6c5f6627ba030644bbde89548ebf2ace2014d41d64ad5c5f43cdd1f01f17199dbbbad42dd5894ee674df46f18bbf4afd5a4

Download Submit
C:\Windows\system\PKWaOJA.exe

Filesize
5.7MB

MD5
d66d709baa44a393cf966eb3c8f490bb

SHA1
1148e9f028b51239481c5a8b80f85d9d2695473d

SHA256
3a5d763b82ba112a9184772932f7f6e5f80dd6392a729be92cf219f2f968236d

SHA512
e4e6d479a8ecececb80238f29553efe6bce1fe43267346b5ecee7bf9abdf47d82dd00b6b96d36d4b8ed85d22ab7e62f8ed58533aa20e0003d59a75e44b880661

Download Submit
C:\Windows\system\PgBigKs.exe

Filesize
5.7MB

MD5
7b8bd61ef47d35d00a9470c0ab1841e4

SHA1
85cd39aafe43d9bcbbc6a573d7816618fe90f45c

SHA256
66a88ba2eafd5cc8edd5fc865c45636db3ff4686b4256b2b7d94699acaccf74a

SHA512
38d0865f5f31574d86e916b68853d9eba561f4a98677a27ddf7d6a63816e02eb3e358b3101a521516395db19b9661e71186a5a5b4063465b2ea315fb4012d466

Download Submit
C:\Windows\system\VWgjRMb.exe

Filesize
5.7MB

MD5
70aaef09e0592b41402a8956f45e2575

SHA1
3bd78a38557ed7041509cafea4677f4fe7b92130

SHA256
d236500a1fce8a06acd4f99af10a5dc9b789a614c4efa155971705fff26d6e76

SHA512
9d252d319797ba17ed9548653fe6591b977ab58f842bab43ae05e8ca3da5a0ee63d3a77c74825fb5705de1ca74e3e10567a346196791a6c305a42d726d300a7b

Download Submit
C:\Windows\system\aqNCYXT.exe

Filesize
5.7MB

MD5
6bf80e62200086461950ce62daf29d0c

SHA1
58a38470d90aa1cca44c16aa668bdc76171f90a7

SHA256
65298e7f915751f8dff029e6313eea30f8bca0104f6b7b5950b36eb663c96583

SHA512
4eae1b326b660c1990d80519bf60e560a7d013d68517c9508ed43286e7699d6084c1bad9eccdb863b81d9667c25b9f5bb59d09aaaed38e78edacdea5abd5fb38

Download Submit
C:\Windows\system\bgSSkzC.exe

Filesize
5.7MB

MD5
7e29e949b5eaee483acf965c72bb80d7

SHA1
9b4b6977a8c16959250d2a27c555965c892404f7

SHA256
d555bf44d90c00e137323efc4c1b54113c1d09fc4a12b61e694053c65e325d64

SHA512
c1a799653cdccd426f4884d1e139163da6d1f3fc836a32a4692bc6b950ddb30c681169cfe60f6c7d4d15dd81744f6cb8b856c4b76bd9cd3349c2a724eef5cc2e

Download Submit
C:\Windows\system\hIhFCIk.exe

Filesize
5.7MB

MD5
16781f4496372c96e460b4b8d2a5c487

SHA1
acc99a4d7b0e0f8579a20b7e39e728827dc37d43

SHA256
b4e516f7018ffa4956ebe5d5978328d9d07a0b405dc0ef9014f018b88be89ba8

SHA512
2933145fd07621ddecf8f54b08a3c477d138d3ceee71f6a4089d4cdf95971880b58dae2962340329bff79b94110c9795361adaf0389ed880ff55972de0cb5e4d

Download Submit
C:\Windows\system\qnCWlpj.exe

Filesize
5.7MB

MD5
7126d455d1659231800ad2af1c508f6c

SHA1
1a713c54129c274ee463aaf63797109e7d5b9f12

SHA256
1fe74c6fff3a863882d70e43db66b299984c8a6ed2555435478553c51fddf064

SHA512
867efe9d7dad3044b5cb068dcb7cbdfa90b360224b9554a2c35ca04fff7983545426953bfb3c6219ce364607e05390943f98cf37a08247388d60c997971ce39b

Download Submit
C:\Windows\system\tBVIlrU.exe

Filesize
5.7MB

MD5
cc3557fdf3f16f9d5cd77420242b004b

SHA1
44697c391fff28684f1904c1743703852f70940f

SHA256
777de3201a68833239beb1d1fe93899ba29c0b7ef6ecec011777187d3f204a82

SHA512
995576f17ee1267afc04381e9bd6a5298153cb344756ab68e1cd5a17b8932b789fefd311bd4bf2297d02013b199aeba4ea3606f0ff9d6895d5844e225a3e6ad1

Download Submit
C:\Windows\system\tcukiCl.exe

Filesize
5.7MB

MD5
8cfe6401d0ed57576aba966d140099d1

SHA1
884965c8cfef25f718344bcc037be4b543027dab

SHA256
47a3de4033a8410f8de321b888dd4d9a9fad1f2e0ddcf5ac47910f8352142815

SHA512
2126a06d5efcbb063ce050bfb7108990e8ef737efd378e93eb07c00162f5b9df18e0293a855fc75b98509d6d233101501b2e8919949224498f5962b268f1fe26

Download Submit
C:\Windows\system\vNZRlLb.exe

Filesize
5.7MB

MD5
68db419d25346eaa536a8854f8246715

SHA1
9cda02fe93b44c6f8a1d2ee659bce6fe23239f69

SHA256
954c24dc02ed90906ea77d814f70c332151ceac5ac8c43c24b2606c154f6c3b8

SHA512
f5aa8f1bf41f1483c74542a1a32fbf95a5377f8aad0e28d6d70fafbd08dc192e38a412a42ede1a5fa2df4fcd36872bc92d5a9593abf9dd0e707dba0b7e916df6

Download Submit
C:\Windows\system\vpZXYtu.exe

Filesize
5.7MB

MD5
868d8b897ec36fa200fe9cc1776b8b8b

SHA1
e00c5334fcb96f537c814257d4f0eaf4ac5be6cb

SHA256
3a5d70b06211c3c8e4a14e7bd72fc9a0bbc79a07018357aa6cbcc27934f32388

SHA512
8e23b062bdaee2ec5ec69ef7531b0b2fb710c7556520c735464e5494b5d8001e4cdd124fdee968572f768aed1312abb4a5e025404b0573b34a76eab8b0fcb6fe

Download Submit
C:\Windows\system\vymwnEs.exe

Filesize
5.7MB

MD5
f028636c784116c5d7c249910e47769e

SHA1
1e80104d45ca1fec99cebed535235807db34bc63

SHA256
176068d0e66fb5d2c147b165630531b2724b0756726b30a2ed2d3499cd3819f5

SHA512
53de0cb7ee773bfb9a499ee2c6cdcc57ff8889ee6fcc04e0874678133b00f1b759610a5901a8c519a7c496a6c7c1654b44f7820c65db5885be90c7277c11dea3

Download Submit
C:\Windows\system\xQghwcL.exe

Filesize
5.7MB

MD5
27bdbb9625c1681b3ee09acf4b179750

SHA1
85fda05445044c91112d62beb13e58d180dd0cee

SHA256
ec40002400e03a2b321ec69ff90733b06d630cf79f61abf6e985f9977fe1c222

SHA512
e6b46cb67009c6ad858dca15db46608ff30a016d359fccafdb5dd84a618d7e72967e0fd663d31a2056719de8e6ce8e6c0b96dd3cd6be5b81be1b0fbc8dfd2058

Download Submit
C:\Windows\system\xSqwGHD.exe

Filesize
5.7MB

MD5
9848a3dc60919ab5b42f618b73fa36ea

SHA1
2383048ad9df0f14f50011b0ec2eba694cffeaad

SHA256
0bd1717646fb5da821f8b53c99d7336a6796ad47e65a1ee05b633d8528829f86

SHA512
bc09c57cd30f94e052827de4653f8ffaf2cdd97dc451f9200bcc854b8ce14dc51a3bf2c5476b07d745394f03a7a423d5f4a053b7dd17e10689d349f8c9e790e8

Download Submit
C:\Windows\system\xoRjgyl.exe

Filesize
5.7MB

MD5
e3bac4a6feaa544cccab28f8588cd085

SHA1
5495de523006c62a8511c4b605328222b8c8237f

SHA256
7e09a4767097a34333a861faa2c9f0a04da85678d940b0f86cee41d87950ea5e

SHA512
62b477451fe25d975466c1aad525cd1d95855a0b85cf76d0a7c7ff02aaa9f27aa22705a1d5d26a8a646b598dc0245cd27d5145c73262252f0ea22067666e7b5a

Download Submit
C:\Windows\system\zquVwAt.exe

Filesize
5.7MB

MD5
1f60a0a7624990bfbc263fa29af17402

SHA1
f312b252cbf6d97c437677a53b385782745d7ae1

SHA256
b5435df59e7cbfd8ba80e859998db45328a003aa03fbb7c3489e6559ecde616c

SHA512
c31b81cb3af35eaac0ccfe30d324287939e3b9c93f72ca6c40c263cf96edcb1bbfc015ef6c1527e372a5a0d8e12bcbc7cf2cd4e4b74179f21b7938767508ad7f

Download Submit
\Windows\system\BReEMaQ.exe

Filesize
5.7MB

MD5
b4d14047ea55d765810b89aa5ece5682

SHA1
f4815db44e43db7109cfd2df9ee9839a852581b0

SHA256
c135846d647b6e9573d969e6a8579960d509c5bfc7945620e3bc7233d992cb2c

SHA512
68ef07855580a8aa5d75886c91cf96dba3e75ae9816b9d04b03b52116f717773fb6db25d256f53b177a8ab1c1f3a05e68d4cf52e02311f0770d21da621d7123d

Download Submit
\Windows\system\EKjfGWN.exe

Filesize
5.7MB

MD5
f57f8214e994681f5619147f46a5e123

SHA1
30a894ae9788587c0f80212a29b4d3e739623274

SHA256
0833ff745da400c21ab2e99f4b7748f1f9f1dae029ed84f4dfdeaa791642dad3

SHA512
178f0950b9f4f45a7bc3771a6afe92e4dbb01c65f0715815ed437b59ef398c31aca3a0a561241e28349be0664b8a705b763a135f46713de0c6ed2caecc3aee0e

Download Submit
\Windows\system\HmvpihI.exe

Filesize
5.7MB

MD5
003c199661844ca82311d328a0f340c9

SHA1
164e93676094996ef113199ef3e0388246bdfd78

SHA256
29bfe799177c0d1221d3e8a8ad8bf10ccffacf8fc3ea6263dbc6aeccef649fe7

SHA512
67bc97cbfa8aeb59d9f9f73b81a4d80d49cb744a06c4c0376905c2e9e0435936bcd3d5bcb8ac9f59d1f1fa32a8194e2193f755ea9311f96f719a9bd1b5fdd636

Download Submit
\Windows\system\InBQeYW.exe

Filesize
5.7MB

MD5
91670eca90938a9a22426c6ea201f71d

SHA1
9d36e5eb84c15fb21b936a2beecea83f0c034a62

SHA256
7e575f76a22ab0ef138f2987d2fbde2ba35d8f146fdc8e629ce8c234e71535cb

SHA512
e48f6e482420e7c1ebd98cce9c0ddb425d5df8e360dcd2e0bfbf25de5039f6604ae74ad99d35b094e602f6099674131cac4b8532a36de074ee88c842c6ecf4ab

Download Submit
\Windows\system\OHVUdon.exe

Filesize
5.7MB

MD5
02117ba37bf8585404ea4d4de20077dd

SHA1
671b3809f7fe48233b53c0048689248eb045b3a3

SHA256
1c960a508bfb650eb80d85e1352ac22ea04222e9db8bd2812d114bed1c2348c6

SHA512
e6dc813bb656b7b91794385f5e17ee37a2fc318a877eca5ea9e62e91c3bca3534428789c9125be5d4374c030c62134654a0643070e29dc804db5c446d9b8c84f

Download Submit
\Windows\system\PDlpUcA.exe

Filesize
5.7MB

MD5
d52d30c602a9f459a447522bd2d49609

SHA1
9f6d77db016f11bca823cce77f22c3edd7c18c10

SHA256
72dedbf8c720be6ecb2ee666506ce682e3d275fcf09494320aa1f1858ffec973

SHA512
9cf02ea093e1ef56bd73c596ed004567e1d6ae4cb22dbde6ca0b1f45955bcef81749f60a60259c21bb657592be122ae7e82b35396e9e6191ac6ac8d808d9c013

Download Submit
\Windows\system\QwLXUKM.exe

Filesize
5.7MB

MD5
2bbeaaad8ab312853f0bf4ae5d66d66b

SHA1
552b4c4277aaac583bff55683df1ae399d3c5b7c

SHA256
7cc50966e56652cc0e409ea5dc9d32e9ba2b5c34062ae54fe94a585047d6f715

SHA512
162438724f4b03c239c55bc7c6200e1c1a38ccc8ed7095b7c580867b4162051ca0053fb11a6e2b1c08b3f8354ba3c939cb980dcb9817eb78df83d1baa8499a72

Download Submit
\Windows\system\TBXkWJc.exe

Filesize
5.7MB

MD5
411dbefd9c3bab838a16d4c5fc9c993b

SHA1
38b20991c054d90a43b8d5d97d425b45125742f5

SHA256
8d20d25c0aa05cf111e29d2db5c24211a5684452800b992c85b348a4610621a7

SHA512
f79b7efa2fd99f78f47806addf1bbd9c103f5387244441fd875afb8746544cf14cdb3ba3c33aad66b2d49a085d5d20d0b89c9f10a923dec15e2ad6203917f5b6

Download Submit
\Windows\system\YIlQNsF.exe

Filesize
5.7MB

MD5
795c4fa57700995560ce075898bf140b

SHA1
764dcf31837001f5706e97cd9c3743b284bc05c8

SHA256
dbb70f1a32a683578f31669deb9957f847adfb8e136362b68e2456a1afbde39c

SHA512
a0de89c78346f7f9828b7421bea8d4d4b05850318dcbd8b02889df9acdec4efa2961ea966340c4590e61fad34f14ec5aa5d6bc732a327fd4eb47be1cca366db4

Download Submit
\Windows\system\evsqSuJ.exe

Filesize
5.7MB

MD5
8d663afc5c769227a8d9b67516ded0fc

SHA1
f664319c6fe492aad99278c8848dbaf673b44e83

SHA256
fe27008ed9bb4be18efc0b5b7aa9f09332f869c1e772b06979db0ca87e144c9f

SHA512
e6891635822dfa1e88828a309d7e94872fabdd0896ddda708c68d0c4f81ba8e7a8d9fa23f2525179c257f0b6400fb8181e75731e4647d307061c1b756ed368b3

Download Submit
\Windows\system\hQjileu.exe

Filesize
5.7MB

MD5
8c1067e5fa15b24193fbe889860ef006

SHA1
4dbe32440c70213cba997dd69810f46e7641ff84

SHA256
216327e0d828996fcff9d14d3b1ff7340e0ee0544fe8efe13d9c84097b5e982e

SHA512
58671c70a7a87e83775605b99b4d79b617e3b0c65fae47a78b1e69aec00c26ff0f17f52519fe69211ccea98d8ed99ed68e16ec03748ab10b0f63ed71cc3b6817

Download Submit
\Windows\system\iJMvfMS.exe

Filesize
5.7MB

MD5
9f935606236391515d5abc9a873d1b92

SHA1
c922748fdd243b5bf4402f875f6d12ed24bb08c6

SHA256
fe2f9060f0b6761d52b119d63aa7765d74dc31bc2888b8869b496e78784413b3

SHA512
aaad20a57ecda82959b8228155225ed049efaaac85999163cf008f67eaabd8fb1fd0d817664bad42c185500816fbf3dc821a990cb45932a3bc243514bc2efd54

Download Submit
\Windows\system\jPQodsZ.exe

Filesize
5.7MB

MD5
3acaff5daec8fb103151ff5724151801

SHA1
bd2a1dc1640fca236bd0ec29c1f133e340fd5323

SHA256
04aa2557ad71566e7922ec5af9b3204926bf8d00bfc10293a5a375ed1b080da4

SHA512
1c5918220da7044c3f8a9749ac94b390c126dc467f8cd9b245de4b6e1bc2d900e29c2d1c6321a162132bc36272fca839407bda44d9f26897b256164b03216844

Download Submit
\Windows\system\oRfiiGl.exe

Filesize
5.7MB

MD5
b35696a970b9f26ab26497e60141c3fe

SHA1
a67798a70c7e617bc41ee99a519e9fdb581423e4

SHA256
a63b69da7d4f4f68db6bf03436c4adf04bd24d6c2255c3481e803c88e9bd7969

SHA512
18f5c259359fc34c3b89f362b5e073731ca348f27f47193280b0cd1c1d0df5c061afa120967bcb1d53fb177f973bb3171b04826dea9facec537c3cf055146734

Download Submit
\Windows\system\pKZbABM.exe

Filesize
5.7MB

MD5
a2946424cd4ee80333afbc4417cae491

SHA1
fb82d6b78f59eb7f836630438bf37b45ad579f98

SHA256
a2b9fc16fa73721602456be954cfc28ef5742510a2860588984230937a73408f

SHA512
153509360990b1d024f88510af67f1ddaf744b6ead563752ff2b0cc8458ed0b28982668b227e6991e57ae6d2ebb21903a016f734589cf92395eba8b5c32f2d88

Download Submit
\Windows\system\pgBlolJ.exe

Filesize
5.7MB

MD5
f5286816346c90f305d60927475d4e2c

SHA1
54228cbb1852e1927f02f6ef80998e6fb916f472

SHA256
27197335dd84ea4c65b8ad7fed3c867ab50daba25526f058ad79b8e0bf27db0a

SHA512
5a5105638e13139284ddf27792459ba96125cbbeb6f7e6a759dbe53c680ba20fd393a3a243aecb4e0bcd1e6668f4c4d7c08993c64d93d8c0a5c413603810fa40

Download Submit
\Windows\system\wXsrtyD.exe

Filesize
5.7MB

MD5
63d4c0635274f1d9c5f67b086c591029

SHA1
da30caedf58f7ecd72b36967682afe811a37f89f

SHA256
5552b741216430320c253e1df4a7fe180cc742a61e115a5dba58f9244c6abb7d

SHA512
8a5e083a3af9553791b691f85c5f4de31e26e72ed2aecc819514f036b86c22b1e1268e735dd55b38abe9ed4d82202d91595fb42f5ee3d73942c8b1a8478187de

Download Submit
memory/308-112-0x000000013FBF0000-0x000000013FF3D000-memory.dmp

Filesize
3.3MB

Download
memory/316-362-0x000000013F190000-0x000000013F4DD000-memory.dmp

Filesize
3.3MB

Download
memory/388-338-0x000000013FCC0000-0x000000014000D000-memory.dmp

Filesize
3.3MB

Download
memory/448-319-0x000000013F020000-0x000000013F36D000-memory.dmp

Filesize
3.3MB

Download
memory/484-7-0x000000013F9C0000-0x000000013FD0D000-memory.dmp

Filesize
3.3MB

Download
memory/536-339-0x000000013F770000-0x000000013FABD000-memory.dmp

Filesize
3.3MB

Download
memory/604-124-0x000000013FD90000-0x00000001400DD000-memory.dmp

Filesize
3.3MB

Download
memory/608-324-0x000000013F4B0000-0x000000013F7FD000-memory.dmp

Filesize
3.3MB

Download
memory/700-337-0x000000013F630000-0x000000013F97D000-memory.dmp

Filesize
3.3MB

Download
memory/876-335-0x000000013F090000-0x000000013F3DD000-memory.dmp

Filesize
3.3MB

Download
memory/1228-333-0x000000013FCA0000-0x000000013FFED000-memory.dmp

Filesize
3.3MB

Download
memory/1308-327-0x000000013F7C0000-0x000000013FB0D000-memory.dmp

Filesize
3.3MB

Download
memory/1584-334-0x000000013F570000-0x000000013F8BD000-memory.dmp

Filesize
3.3MB

Download
memory/1712-325-0x000000013F470000-0x000000013F7BD000-memory.dmp

Filesize
3.3MB

Download
memory/1716-229-0x000000013FE50000-0x000000014019D000-memory.dmp

Filesize
3.3MB

Download
memory/1996-304-0x000000013F610000-0x000000013F95D000-memory.dmp

Filesize
3.3MB

Download
memory/2008-118-0x000000013F870000-0x000000013FBBD000-memory.dmp

Filesize
3.3MB

Download
memory/2040-360-0x000000013F0F0000-0x000000013F43D000-memory.dmp

Filesize
3.3MB

Download
memory/2044-326-0x000000013F9E0000-0x000000013FD2D000-memory.dmp

Filesize
3.3MB

Download
memory/2100-227-0x000000013F7D0000-0x000000013FB1D000-memory.dmp

Filesize
3.3MB

Download
memory/2244-106-0x000000013FEF0000-0x000000014023D000-memory.dmp

Filesize
3.3MB

Download
memory/2272-0-0x000000013F890000-0x000000013FBDD000-memory.dmp

Filesize
3.3MB

Download
memory/2272-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2288-321-0x000000013F1F0000-0x000000013F53D000-memory.dmp

Filesize
3.3MB

Download
memory/2316-16-0x000000013F5A0000-0x000000013F8ED000-memory.dmp

Filesize
3.3MB

Download
memory/2328-340-0x000000013FA10000-0x000000013FD5D000-memory.dmp

Filesize
3.3MB

Download
memory/2436-361-0x000000013FB90000-0x000000013FEDD000-memory.dmp

Filesize
3.3MB

Download
memory/2472-122-0x000000013F5B0000-0x000000013F8FD000-memory.dmp

Filesize
3.3MB

Download
memory/2488-110-0x000000013FCD0000-0x000000014001D000-memory.dmp

Filesize
3.3MB

Download
memory/2492-126-0x000000013FB60000-0x000000013FEAD000-memory.dmp

Filesize
3.3MB

Download
memory/2552-332-0x000000013F6E0000-0x000000013FA2D000-memory.dmp

Filesize
3.3MB

Download
memory/2568-363-0x000000013FEE0000-0x000000014022D000-memory.dmp

Filesize
3.3MB

Download
memory/2576-359-0x000000013FE40000-0x000000014018D000-memory.dmp

Filesize
3.3MB

Download
memory/2620-364-0x000000013F230000-0x000000013F57D000-memory.dmp

Filesize
3.3MB

Download
memory/2644-121-0x000000013F450000-0x000000013F79D000-memory.dmp

Filesize
3.3MB

Download
memory/2648-129-0x000000013F970000-0x000000013FCBD000-memory.dmp

Filesize
3.3MB

Download
memory/2668-329-0x000000013F250000-0x000000013F59D000-memory.dmp

Filesize
3.3MB

Download
memory/2680-323-0x000000013F240000-0x000000013F58D000-memory.dmp

Filesize
3.3MB

Download
memory/2696-117-0x000000013FA50000-0x000000013FD9D000-memory.dmp

Filesize
3.3MB

Download
memory/2712-119-0x000000013F6A0000-0x000000013F9ED000-memory.dmp

Filesize
3.3MB

Download
memory/2732-108-0x000000013F370000-0x000000013F6BD000-memory.dmp

Filesize
3.3MB

Download
memory/2748-109-0x000000013F130000-0x000000013F47D000-memory.dmp

Filesize
3.3MB

Download
memory/2780-125-0x000000013FCB0000-0x000000013FFFD000-memory.dmp

Filesize
3.3MB

Download
memory/2804-113-0x000000013F680000-0x000000013F9CD000-memory.dmp

Filesize
3.3MB

Download
memory/2836-111-0x000000013FB70000-0x000000013FEBD000-memory.dmp

Filesize
3.3MB

Download
memory/2852-107-0x000000013F3D0000-0x000000013F71D000-memory.dmp

Filesize
3.3MB

Download
memory/2872-330-0x000000013F380000-0x000000013F6CD000-memory.dmp

Filesize
3.3MB

Download
memory/2904-115-0x000000013FDA0000-0x00000001400ED000-memory.dmp

Filesize
3.3MB

Download
memory/2972-130-0x000000013FE70000-0x00000001401BD000-memory.dmp

Filesize
3.3MB

Download
memory/2992-331-0x000000013F5C0000-0x000000013F90D000-memory.dmp

Filesize
3.3MB

Download
memory/3016-328-0x000000013F430000-0x000000013F77D000-memory.dmp

Filesize
3.3MB

Download
memory/3036-114-0x000000013F460000-0x000000013F7AD000-memory.dmp

Filesize
3.3MB

Download
memory/3048-116-0x000000013F030000-0x000000013F37D000-memory.dmp

Filesize
3.3MB

Download
memory/3312-322-0x000000013F640000-0x000000013F98D000-memory.dmp

Filesize
3.3MB

Download
memory/3344-320-0x000000013FB00000-0x000000013FE4D000-memory.dmp

Filesize
3.3MB

Download