cobaltstrike | 6d32e09de8248e112e025b5142471e7a8ecf67a91db66c9dbe598abcb761e057

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a83bb0b46862ef5595b61ca945c4b48d
SHA1

e525f381305f932d67aa349cafefef3e47a962ee
SHA256

6d32e09de8248e112e025b5142471e7a8ecf67a91db66c9dbe598abcb761e057
SHA512

b44c87d9b8a72918ea842a61c93e49feb0f5e487247dbab1a9d35f9749a867b260e439e60bbb75830c0a75887fa042710cb5009b5cf7330ebd8bb0cf32bde31b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d13-10.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d1b-14.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d24-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3f-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d50-34.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-69.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-61.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-73.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-37.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 44 IoCs

miner

resource	yara_rule
behavioral1/memory/1640-0-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x000d000000012262-3.dat	xmrig
behavioral1/files/0x0008000000016d13-10.dat	xmrig
behavioral1/files/0x0009000000016d1b-14.dat	xmrig
behavioral1/files/0x0008000000016d24-15.dat	xmrig
behavioral1/files/0x0007000000016d36-22.dat	xmrig
behavioral1/files/0x0007000000016d3f-25.dat	xmrig
behavioral1/files/0x0007000000016d47-30.dat	xmrig
behavioral1/files/0x0008000000016d50-34.dat	xmrig
behavioral1/files/0x001500000001866d-41.dat	xmrig
behavioral1/files/0x000500000001879b-58.dat	xmrig
behavioral1/files/0x0005000000019229-95.dat	xmrig
behavioral1/files/0x000500000001926b-110.dat	xmrig
behavioral1/files/0x0005000000019401-159.dat	xmrig
behavioral1/files/0x0005000000019403-162.dat	xmrig
behavioral1/files/0x0005000000019382-154.dat	xmrig
behavioral1/files/0x00050000000193df-152.dat	xmrig
behavioral1/files/0x00050000000193cc-143.dat	xmrig
behavioral1/files/0x00050000000193be-136.dat	xmrig
behavioral1/files/0x00050000000193d9-150.dat	xmrig
behavioral1/files/0x00050000000193c4-141.dat	xmrig
behavioral1/files/0x0005000000019273-120.dat	xmrig
behavioral1/files/0x0005000000019389-133.dat	xmrig
behavioral1/files/0x0005000000019277-125.dat	xmrig
behavioral1/files/0x0005000000019271-116.dat	xmrig
behavioral1/files/0x000500000001924c-105.dat	xmrig
behavioral1/files/0x0005000000019234-100.dat	xmrig
behavioral1/files/0x0005000000019218-90.dat	xmrig
behavioral1/files/0x00050000000191f7-85.dat	xmrig
behavioral1/files/0x00050000000191f3-80.dat	xmrig
behavioral1/files/0x0005000000018690-69.dat	xmrig
behavioral1/files/0x00060000000190cd-61.dat	xmrig
behavioral1/files/0x00060000000190d6-73.dat	xmrig
behavioral1/files/0x0009000000018678-45.dat	xmrig
behavioral1/files/0x0008000000016d9f-37.dat	xmrig
behavioral1/memory/836-2223-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2564-2474-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2408-2831-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/1640-3399-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1640-3541-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2564-3979-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2408-3981-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/836-3980-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2108-3978-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2108	ILrkkUE.exe
836	GgAkizg.exe
2564	kAsIObS.exe
2408	EmxoYcQ.exe
2064	kzuRYIf.exe
1212	ddtVQgg.exe
2236	eYhqMjb.exe
2200	UXFNcUs.exe
2196	DhfDffM.exe
2312	PvCFIwf.exe
2576	eABwHaA.exe
2760	kNzCpxm.exe
2624	IHqZygU.exe
2252	kJNeWOQ.exe
2632	pFRMmip.exe
2672	WhwhBTG.exe
2648	PCfoIVo.exe
2480	sGmLCVw.exe
2540	VLQrYII.exe
2304	HLVlAEJ.exe
2940	ydZVHkk.exe
1840	iQfvXsM.exe
2032	iUxXDIn.exe
1412	cMegzzm.exe
1916	CziBfCy.exe
2404	INvXfzp.exe
1908	pufzMVN.exe
2708	dKwCDPF.exe
624	vzFwHxI.exe
2932	vrUVJkt.exe
1964	wYQTXio.exe
2788	aXtdWcF.exe
2804	LUHQvIa.exe
2824	PNAtvCQ.exe
1524	LBDGVki.exe
2580	tqcZfpU.exe
1132	WFmjBda.exe
1608	IxdVbHD.exe
1832	zzethla.exe
496	lNssgVQ.exe
1596	nwrsDkk.exe
1548	SPtLCBk.exe
1536	itPwiZE.exe
272	ccqQleN.exe
1556	QPXqFcu.exe
3068	OEOoGix.exe
1900	sFTnAvk.exe
848	JmqNBmD.exe
564	maCtyaJ.exe
2888	CVVsMzT.exe
2348	bibLbxc.exe
1688	usGJtsr.exe
1988	gZyqKCD.exe
2368	VFirEtq.exe
2308	WsffcLn.exe
2920	ilNJVXp.exe
2188	PQMrMTR.exe
2184	crnkGAA.exe
2080	eqciDLB.exe
2052	LSBHgrA.exe
1588	hQnRpAQ.exe
1080	wTQEACo.exe
2104	RzauaTh.exe
1684	eeKsUAl.exe

Loads dropped DLL 64 IoCs

pid	Process
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 43 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1640-0-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x000d000000012262-3.dat	upx
behavioral1/files/0x0008000000016d13-10.dat	upx
behavioral1/files/0x0009000000016d1b-14.dat	upx
behavioral1/files/0x0008000000016d24-15.dat	upx
behavioral1/files/0x0007000000016d36-22.dat	upx
behavioral1/files/0x0007000000016d3f-25.dat	upx
behavioral1/files/0x0007000000016d47-30.dat	upx
behavioral1/files/0x0008000000016d50-34.dat	upx
behavioral1/files/0x001500000001866d-41.dat	upx
behavioral1/files/0x000500000001879b-58.dat	upx
behavioral1/files/0x0005000000019229-95.dat	upx
behavioral1/files/0x000500000001926b-110.dat	upx
behavioral1/files/0x0005000000019401-159.dat	upx
behavioral1/files/0x0005000000019403-162.dat	upx
behavioral1/files/0x0005000000019382-154.dat	upx
behavioral1/files/0x00050000000193df-152.dat	upx
behavioral1/files/0x00050000000193cc-143.dat	upx
behavioral1/files/0x00050000000193be-136.dat	upx
behavioral1/files/0x00050000000193d9-150.dat	upx
behavioral1/files/0x00050000000193c4-141.dat	upx
behavioral1/files/0x0005000000019273-120.dat	upx
behavioral1/files/0x0005000000019389-133.dat	upx
behavioral1/files/0x0005000000019277-125.dat	upx
behavioral1/files/0x0005000000019271-116.dat	upx
behavioral1/files/0x000500000001924c-105.dat	upx
behavioral1/files/0x0005000000019234-100.dat	upx
behavioral1/files/0x0005000000019218-90.dat	upx
behavioral1/files/0x00050000000191f7-85.dat	upx
behavioral1/files/0x00050000000191f3-80.dat	upx
behavioral1/files/0x0005000000018690-69.dat	upx
behavioral1/files/0x00060000000190cd-61.dat	upx
behavioral1/files/0x00060000000190d6-73.dat	upx
behavioral1/files/0x0009000000018678-45.dat	upx
behavioral1/files/0x0008000000016d9f-37.dat	upx
behavioral1/memory/836-2223-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2564-2474-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2408-2831-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/1640-3399-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2564-3979-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2408-3981-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/836-3980-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2108-3978-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uHMdwcb.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojwPrhl.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfuOfYh.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmsLfnM.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNsGPsE.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhtxKqL.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBrwzUS.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWsJJJV.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hchOADL.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYlakFx.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDqYGLd.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjPcbOI.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjoeMuL.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdULfLG.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhHStmH.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbpWeGl.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTBWerX.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKJkBgL.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGxyInV.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNSUmik.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYnqbmF.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UazHoxo.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXujDhM.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qiIJFzI.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrEeqpp.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxfMABI.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbzVHuU.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxZDdUp.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hflFGhq.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVVytYA.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVNEeTu.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjYrNhD.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDAKouT.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQXvYFP.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYBCZvy.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydZVHkk.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEhDyfj.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALlJHxw.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcXtwQR.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vALdlua.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcaobyk.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FggnBxN.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fChTODI.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWMKpEa.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEXPjAo.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQuAgeB.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLaoBRc.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWucolJ.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCKWjGb.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJItTeh.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uCKJzrw.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZZjval.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZrvEjE.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KcnRHwv.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAVLEmw.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxdVbHD.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgnNoWw.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyAwEtu.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDbDwHg.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpsvTBu.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROgJjMY.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUIaNEv.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGZaYxf.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXtDsdf.exe	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2108	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1640 wrote to memory of 2108	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1640 wrote to memory of 2108	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1640 wrote to memory of 836	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1640 wrote to memory of 836	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1640 wrote to memory of 836	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1640 wrote to memory of 2564	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1640 wrote to memory of 2564	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1640 wrote to memory of 2564	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1640 wrote to memory of 2408	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1640 wrote to memory of 2408	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1640 wrote to memory of 2408	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1640 wrote to memory of 2064	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1640 wrote to memory of 2064	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1640 wrote to memory of 2064	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1640 wrote to memory of 1212	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1640 wrote to memory of 1212	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1640 wrote to memory of 1212	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1640 wrote to memory of 2236	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1640 wrote to memory of 2236	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1640 wrote to memory of 2236	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1640 wrote to memory of 2200	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1640 wrote to memory of 2200	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1640 wrote to memory of 2200	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1640 wrote to memory of 2196	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1640 wrote to memory of 2196	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1640 wrote to memory of 2196	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1640 wrote to memory of 2312	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1640 wrote to memory of 2312	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1640 wrote to memory of 2312	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1640 wrote to memory of 2576	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1640 wrote to memory of 2576	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1640 wrote to memory of 2576	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1640 wrote to memory of 2624	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1640 wrote to memory of 2624	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1640 wrote to memory of 2624	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1640 wrote to memory of 2760	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1640 wrote to memory of 2760	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1640 wrote to memory of 2760	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1640 wrote to memory of 2632	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1640 wrote to memory of 2632	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1640 wrote to memory of 2632	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1640 wrote to memory of 2252	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1640 wrote to memory of 2252	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1640 wrote to memory of 2252	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1640 wrote to memory of 2672	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1640 wrote to memory of 2672	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1640 wrote to memory of 2672	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1640 wrote to memory of 2648	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1640 wrote to memory of 2648	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1640 wrote to memory of 2648	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1640 wrote to memory of 2480	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1640 wrote to memory of 2480	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1640 wrote to memory of 2480	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1640 wrote to memory of 2540	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1640 wrote to memory of 2540	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1640 wrote to memory of 2540	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1640 wrote to memory of 2304	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1640 wrote to memory of 2304	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1640 wrote to memory of 2304	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1640 wrote to memory of 2940	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1640 wrote to memory of 2940	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1640 wrote to memory of 2940	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1640 wrote to memory of 1840	1640	2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_a83bb0b46862ef5595b61ca945c4b48d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\System\ILrkkUE.exe
  C:\Windows\System\ILrkkUE.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\GgAkizg.exe
  C:\Windows\System\GgAkizg.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\kAsIObS.exe
  C:\Windows\System\kAsIObS.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\EmxoYcQ.exe
  C:\Windows\System\EmxoYcQ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\kzuRYIf.exe
  C:\Windows\System\kzuRYIf.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ddtVQgg.exe
  C:\Windows\System\ddtVQgg.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\eYhqMjb.exe
  C:\Windows\System\eYhqMjb.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\UXFNcUs.exe
  C:\Windows\System\UXFNcUs.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\DhfDffM.exe
  C:\Windows\System\DhfDffM.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\PvCFIwf.exe
  C:\Windows\System\PvCFIwf.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\eABwHaA.exe
  C:\Windows\System\eABwHaA.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\IHqZygU.exe
  C:\Windows\System\IHqZygU.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\kNzCpxm.exe
  C:\Windows\System\kNzCpxm.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\pFRMmip.exe
  C:\Windows\System\pFRMmip.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\kJNeWOQ.exe
  C:\Windows\System\kJNeWOQ.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\WhwhBTG.exe
  C:\Windows\System\WhwhBTG.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\PCfoIVo.exe
  C:\Windows\System\PCfoIVo.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\sGmLCVw.exe
  C:\Windows\System\sGmLCVw.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\VLQrYII.exe
  C:\Windows\System\VLQrYII.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\HLVlAEJ.exe
  C:\Windows\System\HLVlAEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\ydZVHkk.exe
  C:\Windows\System\ydZVHkk.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\iQfvXsM.exe
  C:\Windows\System\iQfvXsM.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\iUxXDIn.exe
  C:\Windows\System\iUxXDIn.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\cMegzzm.exe
  C:\Windows\System\cMegzzm.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\CziBfCy.exe
  C:\Windows\System\CziBfCy.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\vzFwHxI.exe
  C:\Windows\System\vzFwHxI.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\INvXfzp.exe
  C:\Windows\System\INvXfzp.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\wYQTXio.exe
  C:\Windows\System\wYQTXio.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\pufzMVN.exe
  C:\Windows\System\pufzMVN.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\aXtdWcF.exe
  C:\Windows\System\aXtdWcF.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\dKwCDPF.exe
  C:\Windows\System\dKwCDPF.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\PNAtvCQ.exe
  C:\Windows\System\PNAtvCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\vrUVJkt.exe
  C:\Windows\System\vrUVJkt.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\tqcZfpU.exe
  C:\Windows\System\tqcZfpU.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\LUHQvIa.exe
  C:\Windows\System\LUHQvIa.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\WFmjBda.exe
  C:\Windows\System\WFmjBda.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\LBDGVki.exe
  C:\Windows\System\LBDGVki.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\IxdVbHD.exe
  C:\Windows\System\IxdVbHD.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\zzethla.exe
  C:\Windows\System\zzethla.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\lNssgVQ.exe
  C:\Windows\System\lNssgVQ.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\nwrsDkk.exe
  C:\Windows\System\nwrsDkk.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\SPtLCBk.exe
  C:\Windows\System\SPtLCBk.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\itPwiZE.exe
  C:\Windows\System\itPwiZE.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ccqQleN.exe
  C:\Windows\System\ccqQleN.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\QPXqFcu.exe
  C:\Windows\System\QPXqFcu.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\OEOoGix.exe
  C:\Windows\System\OEOoGix.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\sFTnAvk.exe
  C:\Windows\System\sFTnAvk.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\JmqNBmD.exe
  C:\Windows\System\JmqNBmD.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\maCtyaJ.exe
  C:\Windows\System\maCtyaJ.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\CVVsMzT.exe
  C:\Windows\System\CVVsMzT.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\bibLbxc.exe
  C:\Windows\System\bibLbxc.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\usGJtsr.exe
  C:\Windows\System\usGJtsr.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\gZyqKCD.exe
  C:\Windows\System\gZyqKCD.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\VFirEtq.exe
  C:\Windows\System\VFirEtq.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\WsffcLn.exe
  C:\Windows\System\WsffcLn.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\PQMrMTR.exe
  C:\Windows\System\PQMrMTR.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ilNJVXp.exe
  C:\Windows\System\ilNJVXp.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\crnkGAA.exe
  C:\Windows\System\crnkGAA.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\eqciDLB.exe
  C:\Windows\System\eqciDLB.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\hQnRpAQ.exe
  C:\Windows\System\hQnRpAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\LSBHgrA.exe
  C:\Windows\System\LSBHgrA.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\RzauaTh.exe
  C:\Windows\System\RzauaTh.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\wTQEACo.exe
  C:\Windows\System\wTQEACo.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\eeKsUAl.exe
  C:\Windows\System\eeKsUAl.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\rtXczIZ.exe
  C:\Windows\System\rtXczIZ.exe
  2⤵
  PID:3008
- C:\Windows\System\SMiwjXD.exe
  C:\Windows\System\SMiwjXD.exe
  2⤵
  PID:1776
- C:\Windows\System\nUNJBAl.exe
  C:\Windows\System\nUNJBAl.exe
  2⤵
  PID:2740
- C:\Windows\System\lqiMcsW.exe
  C:\Windows\System\lqiMcsW.exe
  2⤵
  PID:2836
- C:\Windows\System\JYWnulK.exe
  C:\Windows\System\JYWnulK.exe
  2⤵
  PID:2488
- C:\Windows\System\PPobnfR.exe
  C:\Windows\System\PPobnfR.exe
  2⤵
  PID:2980
- C:\Windows\System\NgAhaai.exe
  C:\Windows\System\NgAhaai.exe
  2⤵
  PID:2680
- C:\Windows\System\FSfuwPx.exe
  C:\Windows\System\FSfuwPx.exe
  2⤵
  PID:2300
- C:\Windows\System\AKeApEI.exe
  C:\Windows\System\AKeApEI.exe
  2⤵
  PID:672
- C:\Windows\System\TYnqbmF.exe
  C:\Windows\System\TYnqbmF.exe
  2⤵
  PID:2272
- C:\Windows\System\exOVupO.exe
  C:\Windows\System\exOVupO.exe
  2⤵
  PID:2216
- C:\Windows\System\cljlosD.exe
  C:\Windows\System\cljlosD.exe
  2⤵
  PID:1944
- C:\Windows\System\WdiWySl.exe
  C:\Windows\System\WdiWySl.exe
  2⤵
  PID:2380
- C:\Windows\System\IairoMs.exe
  C:\Windows\System\IairoMs.exe
  2⤵
  PID:2552
- C:\Windows\System\WWwEZCg.exe
  C:\Windows\System\WWwEZCg.exe
  2⤵
  PID:2344
- C:\Windows\System\vfAcLNt.exe
  C:\Windows\System\vfAcLNt.exe
  2⤵
  PID:1956
- C:\Windows\System\wTmXkWx.exe
  C:\Windows\System\wTmXkWx.exe
  2⤵
  PID:2072
- C:\Windows\System\rzoxiGL.exe
  C:\Windows\System\rzoxiGL.exe
  2⤵
  PID:2808
- C:\Windows\System\Uzzntnx.exe
  C:\Windows\System\Uzzntnx.exe
  2⤵
  PID:2060
- C:\Windows\System\cgvSYzx.exe
  C:\Windows\System\cgvSYzx.exe
  2⤵
  PID:2148
- C:\Windows\System\wfjMTUv.exe
  C:\Windows\System\wfjMTUv.exe
  2⤵
  PID:3016
- C:\Windows\System\yeJQoxc.exe
  C:\Windows\System\yeJQoxc.exe
  2⤵
  PID:1376
- C:\Windows\System\znEyQtX.exe
  C:\Windows\System\znEyQtX.exe
  2⤵
  PID:1884
- C:\Windows\System\XtsWaen.exe
  C:\Windows\System\XtsWaen.exe
  2⤵
  PID:896
- C:\Windows\System\psAyAJO.exe
  C:\Windows\System\psAyAJO.exe
  2⤵
  PID:1148
- C:\Windows\System\WaGcihe.exe
  C:\Windows\System\WaGcihe.exe
  2⤵
  PID:1224
- C:\Windows\System\TYBHGjN.exe
  C:\Windows\System\TYBHGjN.exe
  2⤵
  PID:2144
- C:\Windows\System\XTlvkYn.exe
  C:\Windows\System\XTlvkYn.exe
  2⤵
  PID:3028
- C:\Windows\System\QUlSQrY.exe
  C:\Windows\System\QUlSQrY.exe
  2⤵
  PID:2128
- C:\Windows\System\LPpEXpv.exe
  C:\Windows\System\LPpEXpv.exe
  2⤵
  PID:2960
- C:\Windows\System\NSuHpdh.exe
  C:\Windows\System\NSuHpdh.exe
  2⤵
  PID:352
- C:\Windows\System\sDqYGLd.exe
  C:\Windows\System\sDqYGLd.exe
  2⤵
  PID:1740
- C:\Windows\System\cREKidz.exe
  C:\Windows\System\cREKidz.exe
  2⤵
  PID:1920
- C:\Windows\System\zmffoEt.exe
  C:\Windows\System\zmffoEt.exe
  2⤵
  PID:2412
- C:\Windows\System\slFmCQu.exe
  C:\Windows\System\slFmCQu.exe
  2⤵
  PID:2640
- C:\Windows\System\UNcXMuN.exe
  C:\Windows\System\UNcXMuN.exe
  2⤵
  PID:2568
- C:\Windows\System\ApibVxt.exe
  C:\Windows\System\ApibVxt.exe
  2⤵
  PID:3012
- C:\Windows\System\PnIYwjl.exe
  C:\Windows\System\PnIYwjl.exe
  2⤵
  PID:2176
- C:\Windows\System\alXTXyU.exe
  C:\Windows\System\alXTXyU.exe
  2⤵
  PID:2560
- C:\Windows\System\ZSLKHOS.exe
  C:\Windows\System\ZSLKHOS.exe
  2⤵
  PID:2620
- C:\Windows\System\Psrgawf.exe
  C:\Windows\System\Psrgawf.exe
  2⤵
  PID:2384
- C:\Windows\System\WOQPKsu.exe
  C:\Windows\System\WOQPKsu.exe
  2⤵
  PID:928
- C:\Windows\System\zsbFffr.exe
  C:\Windows\System\zsbFffr.exe
  2⤵
  PID:1288
- C:\Windows\System\kURrflS.exe
  C:\Windows\System\kURrflS.exe
  2⤵
  PID:1500
- C:\Windows\System\cgXIdjT.exe
  C:\Windows\System\cgXIdjT.exe
  2⤵
  PID:2068
- C:\Windows\System\jOENQEG.exe
  C:\Windows\System\jOENQEG.exe
  2⤵
  PID:780
- C:\Windows\System\jqeaSpB.exe
  C:\Windows\System\jqeaSpB.exe
  2⤵
  PID:1968
- C:\Windows\System\uGJvcIm.exe
  C:\Windows\System\uGJvcIm.exe
  2⤵
  PID:2996
- C:\Windows\System\hflFGhq.exe
  C:\Windows\System\hflFGhq.exe
  2⤵
  PID:2320
- C:\Windows\System\KjPcbOI.exe
  C:\Windows\System\KjPcbOI.exe
  2⤵
  PID:1068
- C:\Windows\System\cHOeKWm.exe
  C:\Windows\System\cHOeKWm.exe
  2⤵
  PID:1752
- C:\Windows\System\sNsGPsE.exe
  C:\Windows\System\sNsGPsE.exe
  2⤵
  PID:2752
- C:\Windows\System\iKLrbym.exe
  C:\Windows\System\iKLrbym.exe
  2⤵
  PID:2748
- C:\Windows\System\GCMJXbn.exe
  C:\Windows\System\GCMJXbn.exe
  2⤵
  PID:760
- C:\Windows\System\TeUAGfa.exe
  C:\Windows\System\TeUAGfa.exe
  2⤵
  PID:2844
- C:\Windows\System\hmSGmEH.exe
  C:\Windows\System\hmSGmEH.exe
  2⤵
  PID:1240
- C:\Windows\System\llVZvaw.exe
  C:\Windows\System\llVZvaw.exe
  2⤵
  PID:2492
- C:\Windows\System\TFTzywf.exe
  C:\Windows\System\TFTzywf.exe
  2⤵
  PID:2952
- C:\Windows\System\aURWfil.exe
  C:\Windows\System\aURWfil.exe
  2⤵
  PID:1856
- C:\Windows\System\nlSIBqN.exe
  C:\Windows\System\nlSIBqN.exe
  2⤵
  PID:1764
- C:\Windows\System\hsIPnHN.exe
  C:\Windows\System\hsIPnHN.exe
  2⤵
  PID:2704
- C:\Windows\System\JJYAfnb.exe
  C:\Windows\System\JJYAfnb.exe
  2⤵
  PID:1304
- C:\Windows\System\ODmmIhM.exe
  C:\Windows\System\ODmmIhM.exe
  2⤵
  PID:2088
- C:\Windows\System\gzwDJFv.exe
  C:\Windows\System\gzwDJFv.exe
  2⤵
  PID:1444
- C:\Windows\System\dfLNazI.exe
  C:\Windows\System\dfLNazI.exe
  2⤵
  PID:3088
- C:\Windows\System\KSKzGsu.exe
  C:\Windows\System\KSKzGsu.exe
  2⤵
  PID:3108
- C:\Windows\System\SrEBcGb.exe
  C:\Windows\System\SrEBcGb.exe
  2⤵
  PID:3128
- C:\Windows\System\hijIlFK.exe
  C:\Windows\System\hijIlFK.exe
  2⤵
  PID:3148
- C:\Windows\System\fHjPoiO.exe
  C:\Windows\System\fHjPoiO.exe
  2⤵
  PID:3164
- C:\Windows\System\jZXTjIv.exe
  C:\Windows\System\jZXTjIv.exe
  2⤵
  PID:3184
- C:\Windows\System\mgnNoWw.exe
  C:\Windows\System\mgnNoWw.exe
  2⤵
  PID:3204
- C:\Windows\System\vMnJSGd.exe
  C:\Windows\System\vMnJSGd.exe
  2⤵
  PID:3224
- C:\Windows\System\UQMvwvF.exe
  C:\Windows\System\UQMvwvF.exe
  2⤵
  PID:3248
- C:\Windows\System\jGZaYxf.exe
  C:\Windows\System\jGZaYxf.exe
  2⤵
  PID:3268
- C:\Windows\System\DDlRcgl.exe
  C:\Windows\System\DDlRcgl.exe
  2⤵
  PID:3284
- C:\Windows\System\zYgSiGX.exe
  C:\Windows\System\zYgSiGX.exe
  2⤵
  PID:3300
- C:\Windows\System\IfKCirY.exe
  C:\Windows\System\IfKCirY.exe
  2⤵
  PID:3320
- C:\Windows\System\hSmGmZH.exe
  C:\Windows\System\hSmGmZH.exe
  2⤵
  PID:3348
- C:\Windows\System\nLPwCBO.exe
  C:\Windows\System\nLPwCBO.exe
  2⤵
  PID:3372
- C:\Windows\System\kjmhfEL.exe
  C:\Windows\System\kjmhfEL.exe
  2⤵
  PID:3392
- C:\Windows\System\wEhDyfj.exe
  C:\Windows\System\wEhDyfj.exe
  2⤵
  PID:3408
- C:\Windows\System\xWzOUjF.exe
  C:\Windows\System\xWzOUjF.exe
  2⤵
  PID:3428
- C:\Windows\System\YRLDsWF.exe
  C:\Windows\System\YRLDsWF.exe
  2⤵
  PID:3448
- C:\Windows\System\bpRTdYP.exe
  C:\Windows\System\bpRTdYP.exe
  2⤵
  PID:3468
- C:\Windows\System\vKjhCch.exe
  C:\Windows\System\vKjhCch.exe
  2⤵
  PID:3488
- C:\Windows\System\QvuHWDW.exe
  C:\Windows\System\QvuHWDW.exe
  2⤵
  PID:3508
- C:\Windows\System\oPHOaAp.exe
  C:\Windows\System\oPHOaAp.exe
  2⤵
  PID:3524
- C:\Windows\System\XYnEgVb.exe
  C:\Windows\System\XYnEgVb.exe
  2⤵
  PID:3548
- C:\Windows\System\IqOlbnU.exe
  C:\Windows\System\IqOlbnU.exe
  2⤵
  PID:3564
- C:\Windows\System\JrpHPcJ.exe
  C:\Windows\System\JrpHPcJ.exe
  2⤵
  PID:3584
- C:\Windows\System\HFISDuI.exe
  C:\Windows\System\HFISDuI.exe
  2⤵
  PID:3604
- C:\Windows\System\hSWpFtv.exe
  C:\Windows\System\hSWpFtv.exe
  2⤵
  PID:3628
- C:\Windows\System\VfQPOAf.exe
  C:\Windows\System\VfQPOAf.exe
  2⤵
  PID:3648
- C:\Windows\System\nglcwYM.exe
  C:\Windows\System\nglcwYM.exe
  2⤵
  PID:3668
- C:\Windows\System\MPsycSK.exe
  C:\Windows\System\MPsycSK.exe
  2⤵
  PID:3684
- C:\Windows\System\LTTHwty.exe
  C:\Windows\System\LTTHwty.exe
  2⤵
  PID:3704
- C:\Windows\System\nTQfPNn.exe
  C:\Windows\System\nTQfPNn.exe
  2⤵
  PID:3724
- C:\Windows\System\edMIuvN.exe
  C:\Windows\System\edMIuvN.exe
  2⤵
  PID:3740
- C:\Windows\System\mZdknfa.exe
  C:\Windows\System\mZdknfa.exe
  2⤵
  PID:3760
- C:\Windows\System\SpsvTBu.exe
  C:\Windows\System\SpsvTBu.exe
  2⤵
  PID:3780
- C:\Windows\System\uASzTyh.exe
  C:\Windows\System\uASzTyh.exe
  2⤵
  PID:3812
- C:\Windows\System\sqHECJA.exe
  C:\Windows\System\sqHECJA.exe
  2⤵
  PID:3832
- C:\Windows\System\GPwVKxJ.exe
  C:\Windows\System\GPwVKxJ.exe
  2⤵
  PID:3852
- C:\Windows\System\pFDPlfU.exe
  C:\Windows\System\pFDPlfU.exe
  2⤵
  PID:3872
- C:\Windows\System\qnrxdKT.exe
  C:\Windows\System\qnrxdKT.exe
  2⤵
  PID:3892
- C:\Windows\System\rLKSBKT.exe
  C:\Windows\System\rLKSBKT.exe
  2⤵
  PID:3912
- C:\Windows\System\LmAJCSl.exe
  C:\Windows\System\LmAJCSl.exe
  2⤵
  PID:3928
- C:\Windows\System\OhjblCR.exe
  C:\Windows\System\OhjblCR.exe
  2⤵
  PID:3952
- C:\Windows\System\lrwNYbr.exe
  C:\Windows\System\lrwNYbr.exe
  2⤵
  PID:3968
- C:\Windows\System\gRarajR.exe
  C:\Windows\System\gRarajR.exe
  2⤵
  PID:3992
- C:\Windows\System\WUZCRwr.exe
  C:\Windows\System\WUZCRwr.exe
  2⤵
  PID:4008
- C:\Windows\System\MFSJizU.exe
  C:\Windows\System\MFSJizU.exe
  2⤵
  PID:4028
- C:\Windows\System\aRweRCR.exe
  C:\Windows\System\aRweRCR.exe
  2⤵
  PID:4044
- C:\Windows\System\bsDHcxs.exe
  C:\Windows\System\bsDHcxs.exe
  2⤵
  PID:4064
- C:\Windows\System\WGIPBEg.exe
  C:\Windows\System\WGIPBEg.exe
  2⤵
  PID:4084
- C:\Windows\System\VaioKTm.exe
  C:\Windows\System\VaioKTm.exe
  2⤵
  PID:2924
- C:\Windows\System\KxiYvOI.exe
  C:\Windows\System\KxiYvOI.exe
  2⤵
  PID:344
- C:\Windows\System\JklYLOy.exe
  C:\Windows\System\JklYLOy.exe
  2⤵
  PID:2364
- C:\Windows\System\mcpXkxL.exe
  C:\Windows\System\mcpXkxL.exe
  2⤵
  PID:2016
- C:\Windows\System\HzHRzJJ.exe
  C:\Windows\System\HzHRzJJ.exe
  2⤵
  PID:556
- C:\Windows\System\igAqqHh.exe
  C:\Windows\System\igAqqHh.exe
  2⤵
  PID:1852
- C:\Windows\System\HgJSxjd.exe
  C:\Windows\System\HgJSxjd.exe
  2⤵
  PID:1628
- C:\Windows\System\mAbgOCg.exe
  C:\Windows\System\mAbgOCg.exe
  2⤵
  PID:2832
- C:\Windows\System\UOxcThp.exe
  C:\Windows\System\UOxcThp.exe
  2⤵
  PID:3048
- C:\Windows\System\YVdOJWR.exe
  C:\Windows\System\YVdOJWR.exe
  2⤵
  PID:3144
- C:\Windows\System\wICudBm.exe
  C:\Windows\System\wICudBm.exe
  2⤵
  PID:3080
- C:\Windows\System\WsYRZLy.exe
  C:\Windows\System\WsYRZLy.exe
  2⤵
  PID:3192
- C:\Windows\System\aPjRsPY.exe
  C:\Windows\System\aPjRsPY.exe
  2⤵
  PID:3256
- C:\Windows\System\yVDASAU.exe
  C:\Windows\System\yVDASAU.exe
  2⤵
  PID:3328
- C:\Windows\System\fRYykBY.exe
  C:\Windows\System\fRYykBY.exe
  2⤵
  PID:3236
- C:\Windows\System\yAwEFTh.exe
  C:\Windows\System\yAwEFTh.exe
  2⤵
  PID:3312
- C:\Windows\System\XnEheFo.exe
  C:\Windows\System\XnEheFo.exe
  2⤵
  PID:3380
- C:\Windows\System\iIOrTHp.exe
  C:\Windows\System\iIOrTHp.exe
  2⤵
  PID:3420
- C:\Windows\System\SstrXvL.exe
  C:\Windows\System\SstrXvL.exe
  2⤵
  PID:3460
- C:\Windows\System\WIyqMwH.exe
  C:\Windows\System\WIyqMwH.exe
  2⤵
  PID:3400
- C:\Windows\System\WoIQExZ.exe
  C:\Windows\System\WoIQExZ.exe
  2⤵
  PID:3480
- C:\Windows\System\KKlWIwQ.exe
  C:\Windows\System\KKlWIwQ.exe
  2⤵
  PID:3544
- C:\Windows\System\wWpRxEY.exe
  C:\Windows\System\wWpRxEY.exe
  2⤵
  PID:3576
- C:\Windows\System\McRcRGz.exe
  C:\Windows\System\McRcRGz.exe
  2⤵
  PID:3624
- C:\Windows\System\wjERoOY.exe
  C:\Windows\System\wjERoOY.exe
  2⤵
  PID:3556
- C:\Windows\System\jvMBINa.exe
  C:\Windows\System\jvMBINa.exe
  2⤵
  PID:3636
- C:\Windows\System\cnpfBoB.exe
  C:\Windows\System\cnpfBoB.exe
  2⤵
  PID:3700
- C:\Windows\System\XUiIvGF.exe
  C:\Windows\System\XUiIvGF.exe
  2⤵
  PID:3676
- C:\Windows\System\edRKyaN.exe
  C:\Windows\System\edRKyaN.exe
  2⤵
  PID:3788
- C:\Windows\System\GpTNAJT.exe
  C:\Windows\System\GpTNAJT.exe
  2⤵
  PID:3720
- C:\Windows\System\VcYWlsQ.exe
  C:\Windows\System\VcYWlsQ.exe
  2⤵
  PID:3824
- C:\Windows\System\AVVStuR.exe
  C:\Windows\System\AVVStuR.exe
  2⤵
  PID:3848
- C:\Windows\System\tvTmGMa.exe
  C:\Windows\System\tvTmGMa.exe
  2⤵
  PID:3904
- C:\Windows\System\mMgVEoz.exe
  C:\Windows\System\mMgVEoz.exe
  2⤵
  PID:3976
- C:\Windows\System\RMAOkgi.exe
  C:\Windows\System\RMAOkgi.exe
  2⤵
  PID:3888
- C:\Windows\System\qDRUQpI.exe
  C:\Windows\System\qDRUQpI.exe
  2⤵
  PID:3964
- C:\Windows\System\gyAwEtu.exe
  C:\Windows\System\gyAwEtu.exe
  2⤵
  PID:4024
- C:\Windows\System\lMIhOyz.exe
  C:\Windows\System\lMIhOyz.exe
  2⤵
  PID:4092
- C:\Windows\System\daSpDoL.exe
  C:\Windows\System\daSpDoL.exe
  2⤵
  PID:4080
- C:\Windows\System\bpBkvaH.exe
  C:\Windows\System\bpBkvaH.exe
  2⤵
  PID:4040
- C:\Windows\System\VRyLzvN.exe
  C:\Windows\System\VRyLzvN.exe
  2⤵
  PID:1584
- C:\Windows\System\OhWorVh.exe
  C:\Windows\System\OhWorVh.exe
  2⤵
  PID:2532
- C:\Windows\System\ttIVGle.exe
  C:\Windows\System\ttIVGle.exe
  2⤵
  PID:3172
- C:\Windows\System\FDqaLkd.exe
  C:\Windows\System\FDqaLkd.exe
  2⤵
  PID:3136
- C:\Windows\System\uOFAtfz.exe
  C:\Windows\System\uOFAtfz.exe
  2⤵
  PID:2812
- C:\Windows\System\NmniCzc.exe
  C:\Windows\System\NmniCzc.exe
  2⤵
  PID:3220
- C:\Windows\System\eiagYKG.exe
  C:\Windows\System\eiagYKG.exe
  2⤵
  PID:3216
- C:\Windows\System\gjqNIba.exe
  C:\Windows\System\gjqNIba.exe
  2⤵
  PID:3292
- C:\Windows\System\padBuWw.exe
  C:\Windows\System\padBuWw.exe
  2⤵
  PID:3308
- C:\Windows\System\lwwuwbP.exe
  C:\Windows\System\lwwuwbP.exe
  2⤵
  PID:3384
- C:\Windows\System\hsJRgFl.exe
  C:\Windows\System\hsJRgFl.exe
  2⤵
  PID:3496
- C:\Windows\System\ypYNCnq.exe
  C:\Windows\System\ypYNCnq.exe
  2⤵
  PID:3596
- C:\Windows\System\yyOfmIa.exe
  C:\Windows\System\yyOfmIa.exe
  2⤵
  PID:3532
- C:\Windows\System\gHizhrk.exe
  C:\Windows\System\gHizhrk.exe
  2⤵
  PID:3560
- C:\Windows\System\ALlJHxw.exe
  C:\Windows\System\ALlJHxw.exe
  2⤵
  PID:3716
- C:\Windows\System\VaDzMBj.exe
  C:\Windows\System\VaDzMBj.exe
  2⤵
  PID:3776
- C:\Windows\System\nWucolJ.exe
  C:\Windows\System\nWucolJ.exe
  2⤵
  PID:3868
- C:\Windows\System\GcedWuH.exe
  C:\Windows\System\GcedWuH.exe
  2⤵
  PID:3796
- C:\Windows\System\ecznuZl.exe
  C:\Windows\System\ecznuZl.exe
  2⤵
  PID:3988
- C:\Windows\System\PVTXAjo.exe
  C:\Windows\System\PVTXAjo.exe
  2⤵
  PID:4004
- C:\Windows\System\WSURGxK.exe
  C:\Windows\System\WSURGxK.exe
  2⤵
  PID:3920
- C:\Windows\System\NuSESmi.exe
  C:\Windows\System\NuSESmi.exe
  2⤵
  PID:1516
- C:\Windows\System\ZeBMVAg.exe
  C:\Windows\System\ZeBMVAg.exe
  2⤵
  PID:1808
- C:\Windows\System\FLCctZm.exe
  C:\Windows\System\FLCctZm.exe
  2⤵
  PID:2724
- C:\Windows\System\MDswmvy.exe
  C:\Windows\System\MDswmvy.exe
  2⤵
  PID:2024
- C:\Windows\System\NVCQGGa.exe
  C:\Windows\System\NVCQGGa.exe
  2⤵
  PID:536
- C:\Windows\System\DtuRUUO.exe
  C:\Windows\System\DtuRUUO.exe
  2⤵
  PID:3356
- C:\Windows\System\waNPPVx.exe
  C:\Windows\System\waNPPVx.exe
  2⤵
  PID:3344
- C:\Windows\System\mdYraLG.exe
  C:\Windows\System\mdYraLG.exe
  2⤵
  PID:3464
- C:\Windows\System\XUABRBL.exe
  C:\Windows\System\XUABRBL.exe
  2⤵
  PID:3660
- C:\Windows\System\ALUPKjv.exe
  C:\Windows\System\ALUPKjv.exe
  2⤵
  PID:3232
- C:\Windows\System\PbOisSK.exe
  C:\Windows\System\PbOisSK.exe
  2⤵
  PID:3580
- C:\Windows\System\vHDFJLZ.exe
  C:\Windows\System\vHDFJLZ.exe
  2⤵
  PID:3520
- C:\Windows\System\PkzQBRu.exe
  C:\Windows\System\PkzQBRu.exe
  2⤵
  PID:3900
- C:\Windows\System\VmbGExz.exe
  C:\Windows\System\VmbGExz.exe
  2⤵
  PID:4108
- C:\Windows\System\ZMipHqS.exe
  C:\Windows\System\ZMipHqS.exe
  2⤵
  PID:4128
- C:\Windows\System\WkMrSwU.exe
  C:\Windows\System\WkMrSwU.exe
  2⤵
  PID:4144
- C:\Windows\System\pkeLHyW.exe
  C:\Windows\System\pkeLHyW.exe
  2⤵
  PID:4172
- C:\Windows\System\JUDrhyS.exe
  C:\Windows\System\JUDrhyS.exe
  2⤵
  PID:4192
- C:\Windows\System\bLyyUZa.exe
  C:\Windows\System\bLyyUZa.exe
  2⤵
  PID:4212
- C:\Windows\System\MPAooDb.exe
  C:\Windows\System\MPAooDb.exe
  2⤵
  PID:4232
- C:\Windows\System\ZHXxuAE.exe
  C:\Windows\System\ZHXxuAE.exe
  2⤵
  PID:4252
- C:\Windows\System\cKXJvIN.exe
  C:\Windows\System\cKXJvIN.exe
  2⤵
  PID:4272
- C:\Windows\System\pIAoQJr.exe
  C:\Windows\System\pIAoQJr.exe
  2⤵
  PID:4288
- C:\Windows\System\xigiMNc.exe
  C:\Windows\System\xigiMNc.exe
  2⤵
  PID:4308
- C:\Windows\System\bHuTono.exe
  C:\Windows\System\bHuTono.exe
  2⤵
  PID:4328
- C:\Windows\System\SVjHjHA.exe
  C:\Windows\System\SVjHjHA.exe
  2⤵
  PID:4352
- C:\Windows\System\KfbzYpU.exe
  C:\Windows\System\KfbzYpU.exe
  2⤵
  PID:4376
- C:\Windows\System\YvYAngf.exe
  C:\Windows\System\YvYAngf.exe
  2⤵
  PID:4396
- C:\Windows\System\qKrGVms.exe
  C:\Windows\System\qKrGVms.exe
  2⤵
  PID:4412
- C:\Windows\System\GAMVNcg.exe
  C:\Windows\System\GAMVNcg.exe
  2⤵
  PID:4436
- C:\Windows\System\JSAmdRi.exe
  C:\Windows\System\JSAmdRi.exe
  2⤵
  PID:4456
- C:\Windows\System\kFvKgpq.exe
  C:\Windows\System\kFvKgpq.exe
  2⤵
  PID:4472
- C:\Windows\System\bjFDbNp.exe
  C:\Windows\System\bjFDbNp.exe
  2⤵
  PID:4496
- C:\Windows\System\hrDtode.exe
  C:\Windows\System\hrDtode.exe
  2⤵
  PID:4512
- C:\Windows\System\wAMohyY.exe
  C:\Windows\System\wAMohyY.exe
  2⤵
  PID:4532
- C:\Windows\System\SsEegJm.exe
  C:\Windows\System\SsEegJm.exe
  2⤵
  PID:4548
- C:\Windows\System\rcXtwQR.exe
  C:\Windows\System\rcXtwQR.exe
  2⤵
  PID:4564
- C:\Windows\System\EuMTjvH.exe
  C:\Windows\System\EuMTjvH.exe
  2⤵
  PID:4588
- C:\Windows\System\oUgCoYp.exe
  C:\Windows\System\oUgCoYp.exe
  2⤵
  PID:4616
- C:\Windows\System\VqfcKYm.exe
  C:\Windows\System\VqfcKYm.exe
  2⤵
  PID:4632
- C:\Windows\System\kVVytYA.exe
  C:\Windows\System\kVVytYA.exe
  2⤵
  PID:4652
- C:\Windows\System\OrIOFAM.exe
  C:\Windows\System\OrIOFAM.exe
  2⤵
  PID:4672
- C:\Windows\System\gujtequ.exe
  C:\Windows\System\gujtequ.exe
  2⤵
  PID:4688
- C:\Windows\System\HkWXpwB.exe
  C:\Windows\System\HkWXpwB.exe
  2⤵
  PID:4712
- C:\Windows\System\TptPTjT.exe
  C:\Windows\System\TptPTjT.exe
  2⤵
  PID:4732
- C:\Windows\System\qdTQBFh.exe
  C:\Windows\System\qdTQBFh.exe
  2⤵
  PID:4756
- C:\Windows\System\FTPjjNR.exe
  C:\Windows\System\FTPjjNR.exe
  2⤵
  PID:4772
- C:\Windows\System\xqMRUsT.exe
  C:\Windows\System\xqMRUsT.exe
  2⤵
  PID:4792
- C:\Windows\System\KoaqNTf.exe
  C:\Windows\System\KoaqNTf.exe
  2⤵
  PID:4812
- C:\Windows\System\eJfHoCl.exe
  C:\Windows\System\eJfHoCl.exe
  2⤵
  PID:4828
- C:\Windows\System\HPxlHPh.exe
  C:\Windows\System\HPxlHPh.exe
  2⤵
  PID:4848
- C:\Windows\System\wCVtudp.exe
  C:\Windows\System\wCVtudp.exe
  2⤵
  PID:4872
- C:\Windows\System\smnUgkO.exe
  C:\Windows\System\smnUgkO.exe
  2⤵
  PID:4892
- C:\Windows\System\oDbDwHg.exe
  C:\Windows\System\oDbDwHg.exe
  2⤵
  PID:4916
- C:\Windows\System\czElSfu.exe
  C:\Windows\System\czElSfu.exe
  2⤵
  PID:4932
- C:\Windows\System\jByHlub.exe
  C:\Windows\System\jByHlub.exe
  2⤵
  PID:4952
- C:\Windows\System\ojluOtU.exe
  C:\Windows\System\ojluOtU.exe
  2⤵
  PID:4972
- C:\Windows\System\GBpbPMV.exe
  C:\Windows\System\GBpbPMV.exe
  2⤵
  PID:4992
- C:\Windows\System\bAMdMMk.exe
  C:\Windows\System\bAMdMMk.exe
  2⤵
  PID:5012
- C:\Windows\System\KUHuPqH.exe
  C:\Windows\System\KUHuPqH.exe
  2⤵
  PID:5032
- C:\Windows\System\fMnJWqX.exe
  C:\Windows\System\fMnJWqX.exe
  2⤵
  PID:5052
- C:\Windows\System\UuUrClP.exe
  C:\Windows\System\UuUrClP.exe
  2⤵
  PID:5076
- C:\Windows\System\HmlpdzV.exe
  C:\Windows\System\HmlpdzV.exe
  2⤵
  PID:5092
- C:\Windows\System\dFsphML.exe
  C:\Windows\System\dFsphML.exe
  2⤵
  PID:5108
- C:\Windows\System\AwMbjzU.exe
  C:\Windows\System\AwMbjzU.exe
  2⤵
  PID:4072
- C:\Windows\System\DzVJfoU.exe
  C:\Windows\System\DzVJfoU.exe
  2⤵
  PID:2828
- C:\Windows\System\oLSHtLz.exe
  C:\Windows\System\oLSHtLz.exe
  2⤵
  PID:3960
- C:\Windows\System\yJdAiaH.exe
  C:\Windows\System\yJdAiaH.exe
  2⤵
  PID:3924
- C:\Windows\System\ugIfADU.exe
  C:\Windows\System\ugIfADU.exe
  2⤵
  PID:3260
- C:\Windows\System\ojrqVUM.exe
  C:\Windows\System\ojrqVUM.exe
  2⤵
  PID:1488
- C:\Windows\System\hIhMicp.exe
  C:\Windows\System\hIhMicp.exe
  2⤵
  PID:3828
- C:\Windows\System\eKYFMUP.exe
  C:\Windows\System\eKYFMUP.exe
  2⤵
  PID:3808
- C:\Windows\System\OkXMZGS.exe
  C:\Windows\System\OkXMZGS.exe
  2⤵
  PID:4136
- C:\Windows\System\NTRUuXU.exe
  C:\Windows\System\NTRUuXU.exe
  2⤵
  PID:4120
- C:\Windows\System\QTszomd.exe
  C:\Windows\System\QTszomd.exe
  2⤵
  PID:3612
- C:\Windows\System\lcJcPOM.exe
  C:\Windows\System\lcJcPOM.exe
  2⤵
  PID:4180
- C:\Windows\System\PNrdQRR.exe
  C:\Windows\System\PNrdQRR.exe
  2⤵
  PID:4208
- C:\Windows\System\mhojDkZ.exe
  C:\Windows\System\mhojDkZ.exe
  2⤵
  PID:4260
- C:\Windows\System\GtjmpYL.exe
  C:\Windows\System\GtjmpYL.exe
  2⤵
  PID:4300
- C:\Windows\System\ZIajyeN.exe
  C:\Windows\System\ZIajyeN.exe
  2⤵
  PID:4336
- C:\Windows\System\fWgLkfC.exe
  C:\Windows\System\fWgLkfC.exe
  2⤵
  PID:4384
- C:\Windows\System\cIUQJAg.exe
  C:\Windows\System\cIUQJAg.exe
  2⤵
  PID:4280
- C:\Windows\System\YnikevL.exe
  C:\Windows\System\YnikevL.exe
  2⤵
  PID:4428
- C:\Windows\System\MQIoioM.exe
  C:\Windows\System\MQIoioM.exe
  2⤵
  PID:4372
- C:\Windows\System\MxdLryu.exe
  C:\Windows\System\MxdLryu.exe
  2⤵
  PID:4444
- C:\Windows\System\ARdLtPU.exe
  C:\Windows\System\ARdLtPU.exe
  2⤵
  PID:4480
- C:\Windows\System\CoxwUsu.exe
  C:\Windows\System\CoxwUsu.exe
  2⤵
  PID:4572
- C:\Windows\System\cWRDjEX.exe
  C:\Windows\System\cWRDjEX.exe
  2⤵
  PID:4560
- C:\Windows\System\zNbxlhD.exe
  C:\Windows\System\zNbxlhD.exe
  2⤵
  PID:4624
- C:\Windows\System\ISDAJeJ.exe
  C:\Windows\System\ISDAJeJ.exe
  2⤵
  PID:4668
- C:\Windows\System\lgjoukS.exe
  C:\Windows\System\lgjoukS.exe
  2⤵
  PID:4696
- C:\Windows\System\bWAZbcI.exe
  C:\Windows\System\bWAZbcI.exe
  2⤵
  PID:4684
- C:\Windows\System\OOVDRQx.exe
  C:\Windows\System\OOVDRQx.exe
  2⤵
  PID:4748
- C:\Windows\System\TgzYhzp.exe
  C:\Windows\System\TgzYhzp.exe
  2⤵
  PID:4720
- C:\Windows\System\OjqIrTJ.exe
  C:\Windows\System\OjqIrTJ.exe
  2⤵
  PID:4860
- C:\Windows\System\fTVFwYo.exe
  C:\Windows\System\fTVFwYo.exe
  2⤵
  PID:4912
- C:\Windows\System\XZzHasw.exe
  C:\Windows\System\XZzHasw.exe
  2⤵
  PID:4944
- C:\Windows\System\ZtLYCjP.exe
  C:\Windows\System\ZtLYCjP.exe
  2⤵
  PID:4800
- C:\Windows\System\SAhdIOf.exe
  C:\Windows\System\SAhdIOf.exe
  2⤵
  PID:4888
- C:\Windows\System\RaFjrBp.exe
  C:\Windows\System\RaFjrBp.exe
  2⤵
  PID:4928
- C:\Windows\System\EiwPWhS.exe
  C:\Windows\System\EiwPWhS.exe
  2⤵
  PID:5064
- C:\Windows\System\ectxTYS.exe
  C:\Windows\System\ectxTYS.exe
  2⤵
  PID:4060
- C:\Windows\System\sgRKLJg.exe
  C:\Windows\System\sgRKLJg.exe
  2⤵
  PID:3156
- C:\Windows\System\jnjycQg.exe
  C:\Windows\System\jnjycQg.exe
  2⤵
  PID:5008
- C:\Windows\System\ivaYNQK.exe
  C:\Windows\System\ivaYNQK.exe
  2⤵
  PID:3712
- C:\Windows\System\DyIWfMd.exe
  C:\Windows\System\DyIWfMd.exe
  2⤵
  PID:3820
- C:\Windows\System\KqTyUys.exe
  C:\Windows\System\KqTyUys.exe
  2⤵
  PID:4000
- C:\Windows\System\tUGUoHq.exe
  C:\Windows\System\tUGUoHq.exe
  2⤵
  PID:3948
- C:\Windows\System\VrNKBEs.exe
  C:\Windows\System\VrNKBEs.exe
  2⤵
  PID:4160
- C:\Windows\System\JqyHASz.exe
  C:\Windows\System\JqyHASz.exe
  2⤵
  PID:4228
- C:\Windows\System\MEAdcsr.exe
  C:\Windows\System\MEAdcsr.exe
  2⤵
  PID:3572
- C:\Windows\System\uhtxKqL.exe
  C:\Windows\System\uhtxKqL.exe
  2⤵
  PID:4156
- C:\Windows\System\BzZLIJc.exe
  C:\Windows\System\BzZLIJc.exe
  2⤵
  PID:4152
- C:\Windows\System\LXEqzFR.exe
  C:\Windows\System\LXEqzFR.exe
  2⤵
  PID:4188
- C:\Windows\System\mFOooOo.exe
  C:\Windows\System\mFOooOo.exe
  2⤵
  PID:4540
- C:\Windows\System\RvBJnmm.exe
  C:\Windows\System\RvBJnmm.exe
  2⤵
  PID:4464
- C:\Windows\System\wXUOaGU.exe
  C:\Windows\System\wXUOaGU.exe
  2⤵
  PID:4556
- C:\Windows\System\BxcqLkI.exe
  C:\Windows\System\BxcqLkI.exe
  2⤵
  PID:4388
- C:\Windows\System\huobrRD.exe
  C:\Windows\System\huobrRD.exe
  2⤵
  PID:4660
- C:\Windows\System\ROgJjMY.exe
  C:\Windows\System\ROgJjMY.exe
  2⤵
  PID:4604
- C:\Windows\System\LrYifKl.exe
  C:\Windows\System\LrYifKl.exe
  2⤵
  PID:4868
- C:\Windows\System\hYjwybx.exe
  C:\Windows\System\hYjwybx.exe
  2⤵
  PID:4644
- C:\Windows\System\OIzrALV.exe
  C:\Windows\System\OIzrALV.exe
  2⤵
  PID:4764
- C:\Windows\System\IZFlPBj.exe
  C:\Windows\System\IZFlPBj.exe
  2⤵
  PID:4940
- C:\Windows\System\WZtbtFL.exe
  C:\Windows\System\WZtbtFL.exe
  2⤵
  PID:4840
- C:\Windows\System\sptNqzD.exe
  C:\Windows\System\sptNqzD.exe
  2⤵
  PID:4880
- C:\Windows\System\BoTwlFx.exe
  C:\Windows\System\BoTwlFx.exe
  2⤵
  PID:5068
- C:\Windows\System\oDezOHU.exe
  C:\Windows\System\oDezOHU.exe
  2⤵
  PID:1744
- C:\Windows\System\dZtbgTM.exe
  C:\Windows\System\dZtbgTM.exe
  2⤵
  PID:844
- C:\Windows\System\WaahFrP.exe
  C:\Windows\System\WaahFrP.exe
  2⤵
  PID:5088
- C:\Windows\System\TYMCnRY.exe
  C:\Windows\System\TYMCnRY.exe
  2⤵
  PID:4320
- C:\Windows\System\nOlSnLK.exe
  C:\Windows\System\nOlSnLK.exe
  2⤵
  PID:3980
- C:\Windows\System\fxLZEDt.exe
  C:\Windows\System\fxLZEDt.exe
  2⤵
  PID:4544
- C:\Windows\System\nUPhrGc.exe
  C:\Windows\System\nUPhrGc.exe
  2⤵
  PID:3436
- C:\Windows\System\wDEeacy.exe
  C:\Windows\System\wDEeacy.exe
  2⤵
  PID:4704
- C:\Windows\System\CNpRZqI.exe
  C:\Windows\System\CNpRZqI.exe
  2⤵
  PID:4424
- C:\Windows\System\PYthOpI.exe
  C:\Windows\System\PYthOpI.exe
  2⤵
  PID:4360
- C:\Windows\System\CZELAPt.exe
  C:\Windows\System\CZELAPt.exe
  2⤵
  PID:4836
- C:\Windows\System\SCKWjGb.exe
  C:\Windows\System\SCKWjGb.exe
  2⤵
  PID:4768
- C:\Windows\System\GaWzmMc.exe
  C:\Windows\System\GaWzmMc.exe
  2⤵
  PID:4824
- C:\Windows\System\HYopOdN.exe
  C:\Windows\System\HYopOdN.exe
  2⤵
  PID:5028
- C:\Windows\System\dIpVmoF.exe
  C:\Windows\System\dIpVmoF.exe
  2⤵
  PID:4808
- C:\Windows\System\qtTdIsq.exe
  C:\Windows\System\qtTdIsq.exe
  2⤵
  PID:5084
- C:\Windows\System\SWKeGQg.exe
  C:\Windows\System\SWKeGQg.exe
  2⤵
  PID:5060
- C:\Windows\System\wVnlWaT.exe
  C:\Windows\System\wVnlWaT.exe
  2⤵
  PID:4244
- C:\Windows\System\HmnYTlp.exe
  C:\Windows\System\HmnYTlp.exe
  2⤵
  PID:4168
- C:\Windows\System\GXbgbNE.exe
  C:\Windows\System\GXbgbNE.exe
  2⤵
  PID:5128
- C:\Windows\System\GkowhOL.exe
  C:\Windows\System\GkowhOL.exe
  2⤵
  PID:5172
- C:\Windows\System\JAhwrbQ.exe
  C:\Windows\System\JAhwrbQ.exe
  2⤵
  PID:5192
- C:\Windows\System\rUmHHxR.exe
  C:\Windows\System\rUmHHxR.exe
  2⤵
  PID:5212
- C:\Windows\System\TAfYFVZ.exe
  C:\Windows\System\TAfYFVZ.exe
  2⤵
  PID:5232
- C:\Windows\System\ZhPnYwJ.exe
  C:\Windows\System\ZhPnYwJ.exe
  2⤵
  PID:5252
- C:\Windows\System\FDEMLIK.exe
  C:\Windows\System\FDEMLIK.exe
  2⤵
  PID:5272
- C:\Windows\System\XBoltlp.exe
  C:\Windows\System\XBoltlp.exe
  2⤵
  PID:5292
- C:\Windows\System\cPAhaoG.exe
  C:\Windows\System\cPAhaoG.exe
  2⤵
  PID:5308
- C:\Windows\System\xZrSHSv.exe
  C:\Windows\System\xZrSHSv.exe
  2⤵
  PID:5332
- C:\Windows\System\rFngvaX.exe
  C:\Windows\System\rFngvaX.exe
  2⤵
  PID:5348
- C:\Windows\System\blqRSQs.exe
  C:\Windows\System\blqRSQs.exe
  2⤵
  PID:5372
- C:\Windows\System\GNEQmqJ.exe
  C:\Windows\System\GNEQmqJ.exe
  2⤵
  PID:5388
- C:\Windows\System\DwmDzec.exe
  C:\Windows\System\DwmDzec.exe
  2⤵
  PID:5404
- C:\Windows\System\hWooWkZ.exe
  C:\Windows\System\hWooWkZ.exe
  2⤵
  PID:5420
- C:\Windows\System\yxhuTkw.exe
  C:\Windows\System\yxhuTkw.exe
  2⤵
  PID:5440
- C:\Windows\System\IzgSOGt.exe
  C:\Windows\System\IzgSOGt.exe
  2⤵
  PID:5464
- C:\Windows\System\rXVByvd.exe
  C:\Windows\System\rXVByvd.exe
  2⤵
  PID:5480
- C:\Windows\System\ZOmlkRT.exe
  C:\Windows\System\ZOmlkRT.exe
  2⤵
  PID:5496
- C:\Windows\System\uVRczru.exe
  C:\Windows\System\uVRczru.exe
  2⤵
  PID:5520
- C:\Windows\System\bIGCAgc.exe
  C:\Windows\System\bIGCAgc.exe
  2⤵
  PID:5544
- C:\Windows\System\izZoAPL.exe
  C:\Windows\System\izZoAPL.exe
  2⤵
  PID:5568
- C:\Windows\System\nVGLqaH.exe
  C:\Windows\System\nVGLqaH.exe
  2⤵
  PID:5588
- C:\Windows\System\BrlhSZG.exe
  C:\Windows\System\BrlhSZG.exe
  2⤵
  PID:5612
- C:\Windows\System\ALtlgCe.exe
  C:\Windows\System\ALtlgCe.exe
  2⤵
  PID:5628
- C:\Windows\System\lfdyHLF.exe
  C:\Windows\System\lfdyHLF.exe
  2⤵
  PID:5648
- C:\Windows\System\wvbIOqK.exe
  C:\Windows\System\wvbIOqK.exe
  2⤵
  PID:5672
- C:\Windows\System\vDIPoiq.exe
  C:\Windows\System\vDIPoiq.exe
  2⤵
  PID:5688
- C:\Windows\System\thgchdT.exe
  C:\Windows\System\thgchdT.exe
  2⤵
  PID:5708
- C:\Windows\System\Lqswqwv.exe
  C:\Windows\System\Lqswqwv.exe
  2⤵
  PID:5728
- C:\Windows\System\jubtEtC.exe
  C:\Windows\System\jubtEtC.exe
  2⤵
  PID:5748
- C:\Windows\System\oCsLEME.exe
  C:\Windows\System\oCsLEME.exe
  2⤵
  PID:5764
- C:\Windows\System\mJcacKa.exe
  C:\Windows\System\mJcacKa.exe
  2⤵
  PID:5784
- C:\Windows\System\oowuIWy.exe
  C:\Windows\System\oowuIWy.exe
  2⤵
  PID:5804
- C:\Windows\System\pRHSTLG.exe
  C:\Windows\System\pRHSTLG.exe
  2⤵
  PID:5820
- C:\Windows\System\FQhDouy.exe
  C:\Windows\System\FQhDouy.exe
  2⤵
  PID:5840
- C:\Windows\System\wsTWMhV.exe
  C:\Windows\System\wsTWMhV.exe
  2⤵
  PID:5856
- C:\Windows\System\UazHoxo.exe
  C:\Windows\System\UazHoxo.exe
  2⤵
  PID:5876
- C:\Windows\System\gzCQxUT.exe
  C:\Windows\System\gzCQxUT.exe
  2⤵
  PID:5896
- C:\Windows\System\MOjwfnM.exe
  C:\Windows\System\MOjwfnM.exe
  2⤵
  PID:5928
- C:\Windows\System\aebDVKi.exe
  C:\Windows\System\aebDVKi.exe
  2⤵
  PID:5948
- C:\Windows\System\JbutMzg.exe
  C:\Windows\System\JbutMzg.exe
  2⤵
  PID:5968
- C:\Windows\System\JhIVjRa.exe
  C:\Windows\System\JhIVjRa.exe
  2⤵
  PID:5988
- C:\Windows\System\ztNIHPs.exe
  C:\Windows\System\ztNIHPs.exe
  2⤵
  PID:6008
- C:\Windows\System\iyRtbSy.exe
  C:\Windows\System\iyRtbSy.exe
  2⤵
  PID:6028
- C:\Windows\System\YOtBzyl.exe
  C:\Windows\System\YOtBzyl.exe
  2⤵
  PID:6048
- C:\Windows\System\gXONrsW.exe
  C:\Windows\System\gXONrsW.exe
  2⤵
  PID:6072
- C:\Windows\System\OyNlxPG.exe
  C:\Windows\System\OyNlxPG.exe
  2⤵
  PID:6088
- C:\Windows\System\kUEkIzo.exe
  C:\Windows\System\kUEkIzo.exe
  2⤵
  PID:6108
- C:\Windows\System\iQFMduP.exe
  C:\Windows\System\iQFMduP.exe
  2⤵
  PID:6128
- C:\Windows\System\BwwKGcR.exe
  C:\Windows\System\BwwKGcR.exe
  2⤵
  PID:4488
- C:\Windows\System\NmLQGSl.exe
  C:\Windows\System\NmLQGSl.exe
  2⤵
  PID:4524
- C:\Windows\System\axPaXeF.exe
  C:\Windows\System\axPaXeF.exe
  2⤵
  PID:5100
- C:\Windows\System\vGYcwUE.exe
  C:\Windows\System\vGYcwUE.exe
  2⤵
  PID:4600
- C:\Windows\System\TwInPzD.exe
  C:\Windows\System\TwInPzD.exe
  2⤵
  PID:4988
- C:\Windows\System\VlYyNcq.exe
  C:\Windows\System\VlYyNcq.exe
  2⤵
  PID:3416
- C:\Windows\System\NePFsXs.exe
  C:\Windows\System\NePFsXs.exe
  2⤵
  PID:2124
- C:\Windows\System\NnDIGcS.exe
  C:\Windows\System\NnDIGcS.exe
  2⤵
  PID:5020
- C:\Windows\System\YlzBiJj.exe
  C:\Windows\System\YlzBiJj.exe
  2⤵
  PID:5152
- C:\Windows\System\aXVEXHn.exe
  C:\Windows\System\aXVEXHn.exe
  2⤵
  PID:5200
- C:\Windows\System\UqAxfmK.exe
  C:\Windows\System\UqAxfmK.exe
  2⤵
  PID:5240
- C:\Windows\System\fWIlASA.exe
  C:\Windows\System\fWIlASA.exe
  2⤵
  PID:5288
- C:\Windows\System\vYVAoLG.exe
  C:\Windows\System\vYVAoLG.exe
  2⤵
  PID:5320
- C:\Windows\System\WebXHji.exe
  C:\Windows\System\WebXHji.exe
  2⤵
  PID:5224
- C:\Windows\System\oYCcnPQ.exe
  C:\Windows\System\oYCcnPQ.exe
  2⤵
  PID:5300
- C:\Windows\System\nhHStmH.exe
  C:\Windows\System\nhHStmH.exe
  2⤵
  PID:5428
- C:\Windows\System\KuiYBdm.exe
  C:\Windows\System\KuiYBdm.exe
  2⤵
  PID:5504
- C:\Windows\System\JDvEJcQ.exe
  C:\Windows\System\JDvEJcQ.exe
  2⤵
  PID:5344
- C:\Windows\System\ZhsyjQL.exe
  C:\Windows\System\ZhsyjQL.exe
  2⤵
  PID:5416
- C:\Windows\System\uhLWUMk.exe
  C:\Windows\System\uhLWUMk.exe
  2⤵
  PID:5596
- C:\Windows\System\ehMspWU.exe
  C:\Windows\System\ehMspWU.exe
  2⤵
  PID:5644
- C:\Windows\System\HRWpEEo.exe
  C:\Windows\System\HRWpEEo.exe
  2⤵
  PID:5456
- C:\Windows\System\QovpFzb.exe
  C:\Windows\System\QovpFzb.exe
  2⤵
  PID:5532
- C:\Windows\System\dVqlQHn.exe
  C:\Windows\System\dVqlQHn.exe
  2⤵
  PID:5680
- C:\Windows\System\wREPcAk.exe
  C:\Windows\System\wREPcAk.exe
  2⤵
  PID:5720
- C:\Windows\System\VfoSfXA.exe
  C:\Windows\System\VfoSfXA.exe
  2⤵
  PID:5660
- C:\Windows\System\sXhZqQv.exe
  C:\Windows\System\sXhZqQv.exe
  2⤵
  PID:5696
- C:\Windows\System\jqgNFNx.exe
  C:\Windows\System\jqgNFNx.exe
  2⤵
  PID:5832
- C:\Windows\System\aYNevbT.exe
  C:\Windows\System\aYNevbT.exe
  2⤵
  PID:5780
- C:\Windows\System\wbpWeGl.exe
  C:\Windows\System\wbpWeGl.exe
  2⤵
  PID:5916
- C:\Windows\System\yogVimo.exe
  C:\Windows\System\yogVimo.exe
  2⤵
  PID:5960
- C:\Windows\System\AVNEeTu.exe
  C:\Windows\System\AVNEeTu.exe
  2⤵
  PID:5736
- C:\Windows\System\ngeWACs.exe
  C:\Windows\System\ngeWACs.exe
  2⤵
  PID:5772
- C:\Windows\System\CrVREQE.exe
  C:\Windows\System\CrVREQE.exe
  2⤵
  PID:5940
- C:\Windows\System\sJvIlCS.exe
  C:\Windows\System\sJvIlCS.exe
  2⤵
  PID:6044
- C:\Windows\System\xxpdubt.exe
  C:\Windows\System\xxpdubt.exe
  2⤵
  PID:6116
- C:\Windows\System\PHSHEyt.exe
  C:\Windows\System\PHSHEyt.exe
  2⤵
  PID:5980
- C:\Windows\System\UjYrNhD.exe
  C:\Windows\System\UjYrNhD.exe
  2⤵
  PID:6068
- C:\Windows\System\bXUsnPL.exe
  C:\Windows\System\bXUsnPL.exe
  2⤵
  PID:6104
- C:\Windows\System\IjAxfOG.exe
  C:\Windows\System\IjAxfOG.exe
  2⤵
  PID:4404
- C:\Windows\System\MRvBtIK.exe
  C:\Windows\System\MRvBtIK.exe
  2⤵
  PID:4452
- C:\Windows\System\IlWZFrS.exe
  C:\Windows\System\IlWZFrS.exe
  2⤵
  PID:6140
- C:\Windows\System\lZVgHIE.exe
  C:\Windows\System\lZVgHIE.exe
  2⤵
  PID:5156
- C:\Windows\System\ApByluW.exe
  C:\Windows\System\ApByluW.exe
  2⤵
  PID:3940
- C:\Windows\System\UgBYRDS.exe
  C:\Windows\System\UgBYRDS.exe
  2⤵
  PID:5244
- C:\Windows\System\mTpbwwu.exe
  C:\Windows\System\mTpbwwu.exe
  2⤵
  PID:5140
- C:\Windows\System\PvvbTTM.exe
  C:\Windows\System\PvvbTTM.exe
  2⤵
  PID:5396
- C:\Windows\System\igbZWHb.exe
  C:\Windows\System\igbZWHb.exe
  2⤵
  PID:5340
- C:\Windows\System\yyHefhw.exe
  C:\Windows\System\yyHefhw.exe
  2⤵
  PID:5512
- C:\Windows\System\gnuMcvR.exe
  C:\Windows\System\gnuMcvR.exe
  2⤵
  PID:5264
- C:\Windows\System\ebmueXa.exe
  C:\Windows\System\ebmueXa.exe
  2⤵
  PID:5452
- C:\Windows\System\jjYQDLE.exe
  C:\Windows\System\jjYQDLE.exe
  2⤵
  PID:5576
- C:\Windows\System\BHsTEZY.exe
  C:\Windows\System\BHsTEZY.exe
  2⤵
  PID:5792
- C:\Windows\System\EClrLGI.exe
  C:\Windows\System\EClrLGI.exe
  2⤵
  PID:5636
- C:\Windows\System\mqlyGSe.exe
  C:\Windows\System\mqlyGSe.exe
  2⤵
  PID:5620
- C:\Windows\System\kkDutSj.exe
  C:\Windows\System\kkDutSj.exe
  2⤵
  PID:5872
- C:\Windows\System\kzuGrJk.exe
  C:\Windows\System\kzuGrJk.exe
  2⤵
  PID:5888
- C:\Windows\System\QUFgFRL.exe
  C:\Windows\System\QUFgFRL.exe
  2⤵
  PID:5848
- C:\Windows\System\hgmKVAR.exe
  C:\Windows\System\hgmKVAR.exe
  2⤵
  PID:5812
- C:\Windows\System\tsieddl.exe
  C:\Windows\System\tsieddl.exe
  2⤵
  PID:5936
- C:\Windows\System\qBjXSsd.exe
  C:\Windows\System\qBjXSsd.exe
  2⤵
  PID:1624
- C:\Windows\System\eZZjval.exe
  C:\Windows\System\eZZjval.exe
  2⤵
  PID:6016
- C:\Windows\System\YGtpsJA.exe
  C:\Windows\System\YGtpsJA.exe
  2⤵
  PID:6100
- C:\Windows\System\MelcnXO.exe
  C:\Windows\System\MelcnXO.exe
  2⤵
  PID:5000
- C:\Windows\System\fqPXYsa.exe
  C:\Windows\System\fqPXYsa.exe
  2⤵
  PID:4744
- C:\Windows\System\loDZZUk.exe
  C:\Windows\System\loDZZUk.exe
  2⤵
  PID:3120
- C:\Windows\System\zsyKsbG.exe
  C:\Windows\System\zsyKsbG.exe
  2⤵
  PID:5204
- C:\Windows\System\gBgziJA.exe
  C:\Windows\System\gBgziJA.exe
  2⤵
  PID:5516
- C:\Windows\System\GkleJeE.exe
  C:\Windows\System\GkleJeE.exe
  2⤵
  PID:5364
- C:\Windows\System\IUesZEm.exe
  C:\Windows\System\IUesZEm.exe
  2⤵
  PID:5584
- C:\Windows\System\MVxoQLO.exe
  C:\Windows\System\MVxoQLO.exe
  2⤵
  PID:5656
- C:\Windows\System\vJItTeh.exe
  C:\Windows\System\vJItTeh.exe
  2⤵
  PID:5488
- C:\Windows\System\uMgjJRG.exe
  C:\Windows\System\uMgjJRG.exe
  2⤵
  PID:5668
- C:\Windows\System\GLZgkDq.exe
  C:\Windows\System\GLZgkDq.exe
  2⤵
  PID:5964
- C:\Windows\System\Cnntrmg.exe
  C:\Windows\System\Cnntrmg.exe
  2⤵
  PID:6160
- C:\Windows\System\xYbfogX.exe
  C:\Windows\System\xYbfogX.exe
  2⤵
  PID:6180
- C:\Windows\System\BLenTLv.exe
  C:\Windows\System\BLenTLv.exe
  2⤵
  PID:6200
- C:\Windows\System\nNdNOEW.exe
  C:\Windows\System\nNdNOEW.exe
  2⤵
  PID:6220
- C:\Windows\System\fbXnxVY.exe
  C:\Windows\System\fbXnxVY.exe
  2⤵
  PID:6240
- C:\Windows\System\vWGZhFp.exe
  C:\Windows\System\vWGZhFp.exe
  2⤵
  PID:6260
- C:\Windows\System\zWeryHz.exe
  C:\Windows\System\zWeryHz.exe
  2⤵
  PID:6280
- C:\Windows\System\xOPGdas.exe
  C:\Windows\System\xOPGdas.exe
  2⤵
  PID:6300
- C:\Windows\System\ONYUGNO.exe
  C:\Windows\System\ONYUGNO.exe
  2⤵
  PID:6320
- C:\Windows\System\IUlkyYt.exe
  C:\Windows\System\IUlkyYt.exe
  2⤵
  PID:6340
- C:\Windows\System\dcMVgeX.exe
  C:\Windows\System\dcMVgeX.exe
  2⤵
  PID:6360
- C:\Windows\System\PJnnFor.exe
  C:\Windows\System\PJnnFor.exe
  2⤵
  PID:6380
- C:\Windows\System\gTzcXSb.exe
  C:\Windows\System\gTzcXSb.exe
  2⤵
  PID:6400
- C:\Windows\System\josJCtl.exe
  C:\Windows\System\josJCtl.exe
  2⤵
  PID:6420
- C:\Windows\System\ywqVPSw.exe
  C:\Windows\System\ywqVPSw.exe
  2⤵
  PID:6440
- C:\Windows\System\aMRkVNN.exe
  C:\Windows\System\aMRkVNN.exe
  2⤵
  PID:6460
- C:\Windows\System\lJSHuLP.exe
  C:\Windows\System\lJSHuLP.exe
  2⤵
  PID:6480
- C:\Windows\System\kzkRpdB.exe
  C:\Windows\System\kzkRpdB.exe
  2⤵
  PID:6500
- C:\Windows\System\dqNtQwX.exe
  C:\Windows\System\dqNtQwX.exe
  2⤵
  PID:6520
- C:\Windows\System\DTCWkUp.exe
  C:\Windows\System\DTCWkUp.exe
  2⤵
  PID:6540
- C:\Windows\System\WSCQdiF.exe
  C:\Windows\System\WSCQdiF.exe
  2⤵
  PID:6560
- C:\Windows\System\zrFcbdt.exe
  C:\Windows\System\zrFcbdt.exe
  2⤵
  PID:6580
- C:\Windows\System\qxnqaDs.exe
  C:\Windows\System\qxnqaDs.exe
  2⤵
  PID:6600
- C:\Windows\System\XZkmVvE.exe
  C:\Windows\System\XZkmVvE.exe
  2⤵
  PID:6620
- C:\Windows\System\AZQraex.exe
  C:\Windows\System\AZQraex.exe
  2⤵
  PID:6640
- C:\Windows\System\VpOdLnr.exe
  C:\Windows\System\VpOdLnr.exe
  2⤵
  PID:6660
- C:\Windows\System\tyidSlI.exe
  C:\Windows\System\tyidSlI.exe
  2⤵
  PID:6680
- C:\Windows\System\vJhByhP.exe
  C:\Windows\System\vJhByhP.exe
  2⤵
  PID:6700
- C:\Windows\System\TFNlwLA.exe
  C:\Windows\System\TFNlwLA.exe
  2⤵
  PID:6720
- C:\Windows\System\NqmxIAw.exe
  C:\Windows\System\NqmxIAw.exe
  2⤵
  PID:6740
- C:\Windows\System\QWxJvqD.exe
  C:\Windows\System\QWxJvqD.exe
  2⤵
  PID:6760
- C:\Windows\System\AOksyjs.exe
  C:\Windows\System\AOksyjs.exe
  2⤵
  PID:6784
- C:\Windows\System\bKcpdZH.exe
  C:\Windows\System\bKcpdZH.exe
  2⤵
  PID:6804
- C:\Windows\System\CKHjvsx.exe
  C:\Windows\System\CKHjvsx.exe
  2⤵
  PID:6824
- C:\Windows\System\rHmBanD.exe
  C:\Windows\System\rHmBanD.exe
  2⤵
  PID:6844
- C:\Windows\System\FjHHTop.exe
  C:\Windows\System\FjHHTop.exe
  2⤵
  PID:6864
- C:\Windows\System\lrlbcLW.exe
  C:\Windows\System\lrlbcLW.exe
  2⤵
  PID:6884
- C:\Windows\System\TlyUBTB.exe
  C:\Windows\System\TlyUBTB.exe
  2⤵
  PID:6904
- C:\Windows\System\MJJRtbt.exe
  C:\Windows\System\MJJRtbt.exe
  2⤵
  PID:6924
- C:\Windows\System\yiSnSyW.exe
  C:\Windows\System\yiSnSyW.exe
  2⤵
  PID:6944
- C:\Windows\System\HJUIJvM.exe
  C:\Windows\System\HJUIJvM.exe
  2⤵
  PID:6964
- C:\Windows\System\fzewJZY.exe
  C:\Windows\System\fzewJZY.exe
  2⤵
  PID:6984
- C:\Windows\System\bbiaLoF.exe
  C:\Windows\System\bbiaLoF.exe
  2⤵
  PID:7004
- C:\Windows\System\kEEhOSD.exe
  C:\Windows\System\kEEhOSD.exe
  2⤵
  PID:7024
- C:\Windows\System\acopthm.exe
  C:\Windows\System\acopthm.exe
  2⤵
  PID:7044
- C:\Windows\System\uaLhfYI.exe
  C:\Windows\System\uaLhfYI.exe
  2⤵
  PID:7064
- C:\Windows\System\MSlNCJT.exe
  C:\Windows\System\MSlNCJT.exe
  2⤵
  PID:7084
- C:\Windows\System\AfMlXmz.exe
  C:\Windows\System\AfMlXmz.exe
  2⤵
  PID:7104
- C:\Windows\System\cGydLJJ.exe
  C:\Windows\System\cGydLJJ.exe
  2⤵
  PID:7124
- C:\Windows\System\GjcuXwB.exe
  C:\Windows\System\GjcuXwB.exe
  2⤵
  PID:7144
- C:\Windows\System\nvTHFSa.exe
  C:\Windows\System\nvTHFSa.exe
  2⤵
  PID:7164
- C:\Windows\System\nzrUpSb.exe
  C:\Windows\System\nzrUpSb.exe
  2⤵
  PID:6000
- C:\Windows\System\KyclOsI.exe
  C:\Windows\System\KyclOsI.exe
  2⤵
  PID:6056
- C:\Windows\System\tkpVSWu.exe
  C:\Windows\System\tkpVSWu.exe
  2⤵
  PID:308
- C:\Windows\System\upfOfVS.exe
  C:\Windows\System\upfOfVS.exe
  2⤵
  PID:5184
- C:\Windows\System\MOGfEhA.exe
  C:\Windows\System\MOGfEhA.exe
  2⤵
  PID:5144
- C:\Windows\System\uGwguWY.exe
  C:\Windows\System\uGwguWY.exe
  2⤵
  PID:5228
- C:\Windows\System\uCKJzrw.exe
  C:\Windows\System\uCKJzrw.exe
  2⤵
  PID:5540
- C:\Windows\System\fsnaPLW.exe
  C:\Windows\System\fsnaPLW.exe
  2⤵
  PID:5580
- C:\Windows\System\HVxpDJy.exe
  C:\Windows\System\HVxpDJy.exe
  2⤵
  PID:5724
- C:\Windows\System\ISxNLIi.exe
  C:\Windows\System\ISxNLIi.exe
  2⤵
  PID:5868
- C:\Windows\System\QTcckSy.exe
  C:\Windows\System\QTcckSy.exe
  2⤵
  PID:6176
- C:\Windows\System\oymZSlU.exe
  C:\Windows\System\oymZSlU.exe
  2⤵
  PID:6216
- C:\Windows\System\tuUFRGL.exe
  C:\Windows\System\tuUFRGL.exe
  2⤵
  PID:6248
- C:\Windows\System\ykLrgEA.exe
  C:\Windows\System\ykLrgEA.exe
  2⤵
  PID:6288
- C:\Windows\System\nAEDHCa.exe
  C:\Windows\System\nAEDHCa.exe
  2⤵
  PID:6308
- C:\Windows\System\JKHkrcR.exe
  C:\Windows\System\JKHkrcR.exe
  2⤵
  PID:6336
- C:\Windows\System\wWEicqW.exe
  C:\Windows\System\wWEicqW.exe
  2⤵
  PID:6356
- C:\Windows\System\fQthSYn.exe
  C:\Windows\System\fQthSYn.exe
  2⤵
  PID:6392
- C:\Windows\System\BDwqWSg.exe
  C:\Windows\System\BDwqWSg.exe
  2⤵
  PID:1260
- C:\Windows\System\NYGOlpM.exe
  C:\Windows\System\NYGOlpM.exe
  2⤵
  PID:6468
- C:\Windows\System\AZjaluu.exe
  C:\Windows\System\AZjaluu.exe
  2⤵
  PID:6492
- C:\Windows\System\qepMRAX.exe
  C:\Windows\System\qepMRAX.exe
  2⤵
  PID:6528
- C:\Windows\System\aEkOngr.exe
  C:\Windows\System\aEkOngr.exe
  2⤵
  PID:6568
- C:\Windows\System\jKTjkcg.exe
  C:\Windows\System\jKTjkcg.exe
  2⤵
  PID:6596
- C:\Windows\System\MCIFpnW.exe
  C:\Windows\System\MCIFpnW.exe
  2⤵
  PID:6628
- C:\Windows\System\pRaurCD.exe
  C:\Windows\System\pRaurCD.exe
  2⤵
  PID:6652
- C:\Windows\System\EgmSoaI.exe
  C:\Windows\System\EgmSoaI.exe
  2⤵
  PID:6692
- C:\Windows\System\sFuTRwI.exe
  C:\Windows\System\sFuTRwI.exe
  2⤵
  PID:6716
- C:\Windows\System\pdHkUcJ.exe
  C:\Windows\System\pdHkUcJ.exe
  2⤵
  PID:6768
- C:\Windows\System\dXujDhM.exe
  C:\Windows\System\dXujDhM.exe
  2⤵
  PID:6800
- C:\Windows\System\SiJZHEY.exe
  C:\Windows\System\SiJZHEY.exe
  2⤵
  PID:6832
- C:\Windows\System\UgBhuXt.exe
  C:\Windows\System\UgBhuXt.exe
  2⤵
  PID:6872
- C:\Windows\System\uBNNNdN.exe
  C:\Windows\System\uBNNNdN.exe
  2⤵
  PID:6896
- C:\Windows\System\FTapieT.exe
  C:\Windows\System\FTapieT.exe
  2⤵
  PID:6936
- C:\Windows\System\BxNWMle.exe
  C:\Windows\System\BxNWMle.exe
  2⤵
  PID:6980
- C:\Windows\System\pfvBPkg.exe
  C:\Windows\System\pfvBPkg.exe
  2⤵
  PID:6992
- C:\Windows\System\svbdjtJ.exe
  C:\Windows\System\svbdjtJ.exe
  2⤵
  PID:7016
- C:\Windows\System\CKwTsTi.exe
  C:\Windows\System\CKwTsTi.exe
  2⤵
  PID:7092
- C:\Windows\System\NbxVnnU.exe
  C:\Windows\System\NbxVnnU.exe
  2⤵
  PID:7140
- C:\Windows\System\lYlEgJt.exe
  C:\Windows\System\lYlEgJt.exe
  2⤵
  PID:7040
- C:\Windows\System\vALdlua.exe
  C:\Windows\System\vALdlua.exe
  2⤵
  PID:7112
- C:\Windows\System\jFUysAx.exe
  C:\Windows\System\jFUysAx.exe
  2⤵
  PID:7156
- C:\Windows\System\FCwXerb.exe
  C:\Windows\System\FCwXerb.exe
  2⤵
  PID:4924
- C:\Windows\System\UsoYMoL.exe
  C:\Windows\System\UsoYMoL.exe
  2⤵
  PID:6084
- C:\Windows\System\OvVscZM.exe
  C:\Windows\System\OvVscZM.exe
  2⤵
  PID:5368
- C:\Windows\System\QbIswwU.exe
  C:\Windows\System\QbIswwU.exe
  2⤵
  PID:5564
- C:\Windows\System\BZrvEjE.exe
  C:\Windows\System\BZrvEjE.exe
  2⤵
  PID:5148
- C:\Windows\System\BXrCseK.exe
  C:\Windows\System\BXrCseK.exe
  2⤵
  PID:6192
- C:\Windows\System\spUqwsb.exe
  C:\Windows\System\spUqwsb.exe
  2⤵
  PID:5664
- C:\Windows\System\jWofMjY.exe
  C:\Windows\System\jWofMjY.exe
  2⤵
  PID:6208
- C:\Windows\System\DKUNkhp.exe
  C:\Windows\System\DKUNkhp.exe
  2⤵
  PID:6232
- C:\Windows\System\fipKSJZ.exe
  C:\Windows\System\fipKSJZ.exe
  2⤵
  PID:6296
- C:\Windows\System\WFijIbV.exe
  C:\Windows\System\WFijIbV.exe
  2⤵
  PID:6412
- C:\Windows\System\eMmuVlz.exe
  C:\Windows\System\eMmuVlz.exe
  2⤵
  PID:6396
- C:\Windows\System\gdSryvn.exe
  C:\Windows\System\gdSryvn.exe
  2⤵
  PID:6472
- C:\Windows\System\xAnPvhR.exe
  C:\Windows\System\xAnPvhR.exe
  2⤵
  PID:2756
- C:\Windows\System\FZcvXVx.exe
  C:\Windows\System\FZcvXVx.exe
  2⤵
  PID:6516
- C:\Windows\System\whNyylO.exe
  C:\Windows\System\whNyylO.exe
  2⤵
  PID:6576
- C:\Windows\System\yQbZqkS.exe
  C:\Windows\System\yQbZqkS.exe
  2⤵
  PID:6592
- C:\Windows\System\dEpcvVg.exe
  C:\Windows\System\dEpcvVg.exe
  2⤵
  PID:6696
- C:\Windows\System\zXwzWoV.exe
  C:\Windows\System\zXwzWoV.exe
  2⤵
  PID:6636
- C:\Windows\System\oMmJGoL.exe
  C:\Windows\System\oMmJGoL.exe
  2⤵
  PID:6728
- C:\Windows\System\EtVZLoM.exe
  C:\Windows\System\EtVZLoM.exe
  2⤵
  PID:6792
- C:\Windows\System\bdjQNOg.exe
  C:\Windows\System\bdjQNOg.exe
  2⤵
  PID:6880
- C:\Windows\System\YyHpIyx.exe
  C:\Windows\System\YyHpIyx.exe
  2⤵
  PID:6876
- C:\Windows\System\Ikoweuf.exe
  C:\Windows\System\Ikoweuf.exe
  2⤵
  PID:6912
- C:\Windows\System\sawbxXn.exe
  C:\Windows\System\sawbxXn.exe
  2⤵
  PID:1732
- C:\Windows\System\qzxFaGh.exe
  C:\Windows\System\qzxFaGh.exe
  2⤵
  PID:7132
- C:\Windows\System\qFtetPe.exe
  C:\Windows\System\qFtetPe.exe
  2⤵
  PID:2116
- C:\Windows\System\ktWexvw.exe
  C:\Windows\System\ktWexvw.exe
  2⤵
  PID:7080
- C:\Windows\System\ZNGJmGr.exe
  C:\Windows\System\ZNGJmGr.exe
  2⤵
  PID:7160
- C:\Windows\System\ntwLare.exe
  C:\Windows\System\ntwLare.exe
  2⤵
  PID:6040
- C:\Windows\System\wbTxkRl.exe
  C:\Windows\System\wbTxkRl.exe
  2⤵
  PID:2864
- C:\Windows\System\wVixccH.exe
  C:\Windows\System\wVixccH.exe
  2⤵
  PID:5600
- C:\Windows\System\zlokyxU.exe
  C:\Windows\System\zlokyxU.exe
  2⤵
  PID:2536
- C:\Windows\System\LxemyRO.exe
  C:\Windows\System\LxemyRO.exe
  2⤵
  PID:2716
- C:\Windows\System\yqbcXTC.exe
  C:\Windows\System\yqbcXTC.exe
  2⤵
  PID:1952
- C:\Windows\System\QROWpJN.exe
  C:\Windows\System\QROWpJN.exe
  2⤵
  PID:2372
- C:\Windows\System\TavDJNk.exe
  C:\Windows\System\TavDJNk.exe
  2⤵
  PID:6388
- C:\Windows\System\QtUSbUp.exe
  C:\Windows\System\QtUSbUp.exe
  2⤵
  PID:2556
- C:\Windows\System\FFpWdQu.exe
  C:\Windows\System\FFpWdQu.exe
  2⤵
  PID:6508
- C:\Windows\System\fYVGRWf.exe
  C:\Windows\System\fYVGRWf.exe
  2⤵
  PID:6548
- C:\Windows\System\ZsCXgMR.exe
  C:\Windows\System\ZsCXgMR.exe
  2⤵
  PID:6632
- C:\Windows\System\wclfXPN.exe
  C:\Windows\System\wclfXPN.exe
  2⤵
  PID:6708
- C:\Windows\System\VMrudAS.exe
  C:\Windows\System\VMrudAS.exe
  2⤵
  PID:6772
- C:\Windows\System\RrUxZCx.exe
  C:\Windows\System\RrUxZCx.exe
  2⤵
  PID:7020
- C:\Windows\System\NjNeLAc.exe
  C:\Windows\System\NjNeLAc.exe
  2⤵
  PID:7032
- C:\Windows\System\cAazEQu.exe
  C:\Windows\System\cAazEQu.exe
  2⤵
  PID:6024
- C:\Windows\System\BNwyILE.exe
  C:\Windows\System\BNwyILE.exe
  2⤵
  PID:3500
- C:\Windows\System\zcBvCyq.exe
  C:\Windows\System\zcBvCyq.exe
  2⤵
  PID:1932
- C:\Windows\System\skQUPll.exe
  C:\Windows\System\skQUPll.exe
  2⤵
  PID:6168
- C:\Windows\System\LYrzCqk.exe
  C:\Windows\System\LYrzCqk.exe
  2⤵
  PID:2692
- C:\Windows\System\XLYFTxq.exe
  C:\Windows\System\XLYFTxq.exe
  2⤵
  PID:1912
- C:\Windows\System\PZizRtj.exe
  C:\Windows\System\PZizRtj.exe
  2⤵
  PID:2496
- C:\Windows\System\EOwDpns.exe
  C:\Windows\System\EOwDpns.exe
  2⤵
  PID:2268
- C:\Windows\System\kzRLgMM.exe
  C:\Windows\System\kzRLgMM.exe
  2⤵
  PID:6328
- C:\Windows\System\GBxjoDF.exe
  C:\Windows\System\GBxjoDF.exe
  2⤵
  PID:6572
- C:\Windows\System\SmLCCjw.exe
  C:\Windows\System\SmLCCjw.exe
  2⤵
  PID:6556
- C:\Windows\System\RvwcJsl.exe
  C:\Windows\System\RvwcJsl.exe
  2⤵
  PID:2132
- C:\Windows\System\VUnXzpj.exe
  C:\Windows\System\VUnXzpj.exe
  2⤵
  PID:2084
- C:\Windows\System\jeCsKwM.exe
  C:\Windows\System\jeCsKwM.exe
  2⤵
  PID:2572
- C:\Windows\System\kDwUfTx.exe
  C:\Windows\System\kDwUfTx.exe
  2⤵
  PID:6900
- C:\Windows\System\WIpHOzl.exe
  C:\Windows\System\WIpHOzl.exe
  2⤵
  PID:6836
- C:\Windows\System\FToPIEU.exe
  C:\Windows\System\FToPIEU.exe
  2⤵
  PID:7076
- C:\Windows\System\YifVULa.exe
  C:\Windows\System\YifVULa.exe
  2⤵
  PID:6064
- C:\Windows\System\wrEeqpp.exe
  C:\Windows\System\wrEeqpp.exe
  2⤵
  PID:2296
- C:\Windows\System\jWSBQQh.exe
  C:\Windows\System\jWSBQQh.exe
  2⤵
  PID:6496
- C:\Windows\System\ehdrUnW.exe
  C:\Windows\System\ehdrUnW.exe
  2⤵
  PID:6752
- C:\Windows\System\epmNbFN.exe
  C:\Windows\System\epmNbFN.exe
  2⤵
  PID:6136
- C:\Windows\System\MEXjgWi.exe
  C:\Windows\System\MEXjgWi.exe
  2⤵
  PID:2840
- C:\Windows\System\IjQjjtu.exe
  C:\Windows\System\IjQjjtu.exe
  2⤵
  PID:648
- C:\Windows\System\VekxnuH.exe
  C:\Windows\System\VekxnuH.exe
  2⤵
  PID:268
- C:\Windows\System\IJtkIsg.exe
  C:\Windows\System\IJtkIsg.exe
  2⤵
  PID:6376
- C:\Windows\System\BzchDIJ.exe
  C:\Windows\System\BzchDIJ.exe
  2⤵
  PID:6656
- C:\Windows\System\tsCDApD.exe
  C:\Windows\System\tsCDApD.exe
  2⤵
  PID:7184
- C:\Windows\System\epKXanS.exe
  C:\Windows\System\epKXanS.exe
  2⤵
  PID:7200
- C:\Windows\System\FlmzfuF.exe
  C:\Windows\System\FlmzfuF.exe
  2⤵
  PID:7216
- C:\Windows\System\IfYqtGU.exe
  C:\Windows\System\IfYqtGU.exe
  2⤵
  PID:7232
- C:\Windows\System\BNEFxZi.exe
  C:\Windows\System\BNEFxZi.exe
  2⤵
  PID:7304
- C:\Windows\System\ZYcxzcK.exe
  C:\Windows\System\ZYcxzcK.exe
  2⤵
  PID:7320
- C:\Windows\System\TvzDnhg.exe
  C:\Windows\System\TvzDnhg.exe
  2⤵
  PID:7336
- C:\Windows\System\KkDjvhV.exe
  C:\Windows\System\KkDjvhV.exe
  2⤵
  PID:7352
- C:\Windows\System\KOihZKi.exe
  C:\Windows\System\KOihZKi.exe
  2⤵
  PID:7368
- C:\Windows\System\jlXnvGq.exe
  C:\Windows\System\jlXnvGq.exe
  2⤵
  PID:7392
- C:\Windows\System\UKqeutt.exe
  C:\Windows\System\UKqeutt.exe
  2⤵
  PID:7408
- C:\Windows\System\gyedihX.exe
  C:\Windows\System\gyedihX.exe
  2⤵
  PID:7424
- C:\Windows\System\qBmPSnP.exe
  C:\Windows\System\qBmPSnP.exe
  2⤵
  PID:7444
- C:\Windows\System\hAjOaIc.exe
  C:\Windows\System\hAjOaIc.exe
  2⤵
  PID:7464
- C:\Windows\System\yHkYbyW.exe
  C:\Windows\System\yHkYbyW.exe
  2⤵
  PID:7504
- C:\Windows\System\rUaXGdm.exe
  C:\Windows\System\rUaXGdm.exe
  2⤵
  PID:7548
- C:\Windows\System\agfuRDW.exe
  C:\Windows\System\agfuRDW.exe
  2⤵
  PID:7564
- C:\Windows\System\iOFjXTt.exe
  C:\Windows\System\iOFjXTt.exe
  2⤵
  PID:7580
- C:\Windows\System\aHfyicS.exe
  C:\Windows\System\aHfyicS.exe
  2⤵
  PID:7596
- C:\Windows\System\ZEsykqa.exe
  C:\Windows\System\ZEsykqa.exe
  2⤵
  PID:7612
- C:\Windows\System\APvNHQS.exe
  C:\Windows\System\APvNHQS.exe
  2⤵
  PID:7628
- C:\Windows\System\eZBhRUj.exe
  C:\Windows\System\eZBhRUj.exe
  2⤵
  PID:7644
- C:\Windows\System\sgRtoes.exe
  C:\Windows\System\sgRtoes.exe
  2⤵
  PID:7660
- C:\Windows\System\xSlpIlz.exe
  C:\Windows\System\xSlpIlz.exe
  2⤵
  PID:7676
- C:\Windows\System\hjvtsJN.exe
  C:\Windows\System\hjvtsJN.exe
  2⤵
  PID:7692
- C:\Windows\System\jrbyJlr.exe
  C:\Windows\System\jrbyJlr.exe
  2⤵
  PID:7708
- C:\Windows\System\eZWfCWu.exe
  C:\Windows\System\eZWfCWu.exe
  2⤵
  PID:7724
- C:\Windows\System\ButDjPA.exe
  C:\Windows\System\ButDjPA.exe
  2⤵
  PID:7740
- C:\Windows\System\CPLmhza.exe
  C:\Windows\System\CPLmhza.exe
  2⤵
  PID:7780
- C:\Windows\System\OZxOQpT.exe
  C:\Windows\System\OZxOQpT.exe
  2⤵
  PID:7796
- C:\Windows\System\HdQGoKp.exe
  C:\Windows\System\HdQGoKp.exe
  2⤵
  PID:7812
- C:\Windows\System\gWCSHxl.exe
  C:\Windows\System\gWCSHxl.exe
  2⤵
  PID:7828
- C:\Windows\System\lJYdeRA.exe
  C:\Windows\System\lJYdeRA.exe
  2⤵
  PID:7848
- C:\Windows\System\suJgsBp.exe
  C:\Windows\System\suJgsBp.exe
  2⤵
  PID:7872
- C:\Windows\System\VnirecX.exe
  C:\Windows\System\VnirecX.exe
  2⤵
  PID:7924
- C:\Windows\System\WgYnRtl.exe
  C:\Windows\System\WgYnRtl.exe
  2⤵
  PID:7940
- C:\Windows\System\wEoCSYt.exe
  C:\Windows\System\wEoCSYt.exe
  2⤵
  PID:7956
- C:\Windows\System\bPBnlSe.exe
  C:\Windows\System\bPBnlSe.exe
  2⤵
  PID:7972
- C:\Windows\System\jXJmBfq.exe
  C:\Windows\System\jXJmBfq.exe
  2⤵
  PID:7988
- C:\Windows\System\ZmTDwSF.exe
  C:\Windows\System\ZmTDwSF.exe
  2⤵
  PID:8004
- C:\Windows\System\bcaobyk.exe
  C:\Windows\System\bcaobyk.exe
  2⤵
  PID:8020
- C:\Windows\System\nxujaUH.exe
  C:\Windows\System\nxujaUH.exe
  2⤵
  PID:8040
- C:\Windows\System\AIoHzpc.exe
  C:\Windows\System\AIoHzpc.exe
  2⤵
  PID:8056
- C:\Windows\System\fjKMXvT.exe
  C:\Windows\System\fjKMXvT.exe
  2⤵
  PID:8072
- C:\Windows\System\fpgxVDm.exe
  C:\Windows\System\fpgxVDm.exe
  2⤵
  PID:8092
- C:\Windows\System\ABIFrrB.exe
  C:\Windows\System\ABIFrrB.exe
  2⤵
  PID:8116
- C:\Windows\System\iUjAqdw.exe
  C:\Windows\System\iUjAqdw.exe
  2⤵
  PID:8140
- C:\Windows\System\PsCmxjF.exe
  C:\Windows\System\PsCmxjF.exe
  2⤵
  PID:8164
- C:\Windows\System\Yyuggcx.exe
  C:\Windows\System\Yyuggcx.exe
  2⤵
  PID:8184
- C:\Windows\System\mSuomiS.exe
  C:\Windows\System\mSuomiS.exe
  2⤵
  PID:2152
- C:\Windows\System\RIkRRGE.exe
  C:\Windows\System\RIkRRGE.exe
  2⤵
  PID:7176
- C:\Windows\System\bonXLJO.exe
  C:\Windows\System\bonXLJO.exe
  2⤵
  PID:7212
- C:\Windows\System\wKfoXDW.exe
  C:\Windows\System\wKfoXDW.exe
  2⤵
  PID:7256
- C:\Windows\System\zxfMABI.exe
  C:\Windows\System\zxfMABI.exe
  2⤵
  PID:7272
- C:\Windows\System\duRAtoZ.exe
  C:\Windows\System\duRAtoZ.exe
  2⤵
  PID:7192
- C:\Windows\System\FryNMaV.exe
  C:\Windows\System\FryNMaV.exe
  2⤵
  PID:824
- C:\Windows\System\savduwI.exe
  C:\Windows\System\savduwI.exe
  2⤵
  PID:6816
- C:\Windows\System\cfTwGNy.exe
  C:\Windows\System\cfTwGNy.exe
  2⤵
  PID:2588
- C:\Windows\System\azGXCfs.exe
  C:\Windows\System\azGXCfs.exe
  2⤵
  PID:7280
- C:\Windows\System\zWJcYxa.exe
  C:\Windows\System\zWJcYxa.exe
  2⤵
  PID:7332
- C:\Windows\System\ECHasAY.exe
  C:\Windows\System\ECHasAY.exe
  2⤵
  PID:7440
- C:\Windows\System\gxUNCZR.exe
  C:\Windows\System\gxUNCZR.exe
  2⤵
  PID:7416
- C:\Windows\System\cXpZeId.exe
  C:\Windows\System\cXpZeId.exe
  2⤵
  PID:7492
- C:\Windows\System\hVPTAAp.exe
  C:\Windows\System\hVPTAAp.exe
  2⤵
  PID:7316
- C:\Windows\System\uZTyRLf.exe
  C:\Windows\System\uZTyRLf.exe
  2⤵
  PID:7656
- C:\Windows\System\FGVUMFm.exe
  C:\Windows\System\FGVUMFm.exe
  2⤵
  PID:7748
- C:\Windows\System\WIJmKHT.exe
  C:\Windows\System\WIJmKHT.exe
  2⤵
  PID:7764
- C:\Windows\System\ceZChEL.exe
  C:\Windows\System\ceZChEL.exe
  2⤵
  PID:7604
- C:\Windows\System\LnkWWEQ.exe
  C:\Windows\System\LnkWWEQ.exe
  2⤵
  PID:7636
- C:\Windows\System\LZEsgdB.exe
  C:\Windows\System\LZEsgdB.exe
  2⤵
  PID:7668
- C:\Windows\System\RwrPtpl.exe
  C:\Windows\System\RwrPtpl.exe
  2⤵
  PID:7820
- C:\Windows\System\cQojphI.exe
  C:\Windows\System\cQojphI.exe
  2⤵
  PID:7880
- C:\Windows\System\DQWbxCz.exe
  C:\Windows\System\DQWbxCz.exe
  2⤵
  PID:7896
- C:\Windows\System\xDnEmar.exe
  C:\Windows\System\xDnEmar.exe
  2⤵
  PID:7912
- C:\Windows\System\sWtiKDX.exe
  C:\Windows\System\sWtiKDX.exe
  2⤵
  PID:7980
- C:\Windows\System\SAunrQU.exe
  C:\Windows\System\SAunrQU.exe
  2⤵
  PID:7792
- C:\Windows\System\inmVvPm.exe
  C:\Windows\System\inmVvPm.exe
  2⤵
  PID:7868
- C:\Windows\System\FKOVgwW.exe
  C:\Windows\System\FKOVgwW.exe
  2⤵
  PID:8088
- C:\Windows\System\pzDXQGT.exe
  C:\Windows\System\pzDXQGT.exe
  2⤵
  PID:8132
- C:\Windows\System\SWGYsrY.exe
  C:\Windows\System\SWGYsrY.exe
  2⤵
  PID:8180
- C:\Windows\System\mntmuMH.exe
  C:\Windows\System\mntmuMH.exe
  2⤵
  PID:7252
- C:\Windows\System\PguUzwk.exe
  C:\Windows\System\PguUzwk.exe
  2⤵
  PID:7932
- C:\Windows\System\uZJQTSD.exe
  C:\Windows\System\uZJQTSD.exe
  2⤵
  PID:2948
- C:\Windows\System\cXVLcTp.exe
  C:\Windows\System\cXVLcTp.exe
  2⤵
  PID:7404
- C:\Windows\System\ACWQcuU.exe
  C:\Windows\System\ACWQcuU.exe
  2⤵
  PID:7380
- C:\Windows\System\vmJZeAy.exe
  C:\Windows\System\vmJZeAy.exe
  2⤵
  PID:7460
- C:\Windows\System\aTufKLf.exe
  C:\Windows\System\aTufKLf.exe
  2⤵
  PID:8160
- C:\Windows\System\zpCgeun.exe
  C:\Windows\System\zpCgeun.exe
  2⤵
  PID:7268
- C:\Windows\System\dZGrHAC.exe
  C:\Windows\System\dZGrHAC.exe
  2⤵
  PID:1924
- C:\Windows\System\rbfBKeh.exe
  C:\Windows\System\rbfBKeh.exe
  2⤵
  PID:7344
- C:\Windows\System\hBAwmkU.exe
  C:\Windows\System\hBAwmkU.exe
  2⤵
  PID:7500
- C:\Windows\System\FTfEqQB.exe
  C:\Windows\System\FTfEqQB.exe
  2⤵
  PID:7560
- C:\Windows\System\fJsdweM.exe
  C:\Windows\System\fJsdweM.exe
  2⤵
  PID:7544
- C:\Windows\System\mIBiCZa.exe
  C:\Windows\System\mIBiCZa.exe
  2⤵
  PID:7808
- C:\Windows\System\mxYMScU.exe
  C:\Windows\System\mxYMScU.exe
  2⤵
  PID:7888
- C:\Windows\System\CWVJsfc.exe
  C:\Windows\System\CWVJsfc.exe
  2⤵
  PID:7952
- C:\Windows\System\rLdZAME.exe
  C:\Windows\System\rLdZAME.exe
  2⤵
  PID:1948
- C:\Windows\System\sCazsfM.exe
  C:\Windows\System\sCazsfM.exe
  2⤵
  PID:7572
- C:\Windows\System\ojhGcei.exe
  C:\Windows\System\ojhGcei.exe
  2⤵
  PID:7736
- C:\Windows\System\ipXCOvK.exe
  C:\Windows\System\ipXCOvK.exe
  2⤵
  PID:8112
- C:\Windows\System\wnUhjsd.exe
  C:\Windows\System\wnUhjsd.exe
  2⤵
  PID:7420
- C:\Windows\System\RyTtyaX.exe
  C:\Windows\System\RyTtyaX.exe
  2⤵
  PID:7576
- C:\Windows\System\qiIJFzI.exe
  C:\Windows\System\qiIJFzI.exe
  2⤵
  PID:7964
- C:\Windows\System\IuibEeg.exe
  C:\Windows\System\IuibEeg.exe
  2⤵
  PID:2288
- C:\Windows\System\oYLoHFg.exe
  C:\Windows\System\oYLoHFg.exe
  2⤵
  PID:8028
- C:\Windows\System\URSyIfW.exe
  C:\Windows\System\URSyIfW.exe
  2⤵
  PID:7328
- C:\Windows\System\fiEKgnY.exe
  C:\Windows\System\fiEKgnY.exe
  2⤵
  PID:7512
- C:\Windows\System\zltPqjh.exe
  C:\Windows\System\zltPqjh.exe
  2⤵
  PID:7704
- C:\Windows\System\GimKDfZ.exe
  C:\Windows\System\GimKDfZ.exe
  2⤵
  PID:8124
- C:\Windows\System\KcnRHwv.exe
  C:\Windows\System\KcnRHwv.exe
  2⤵
  PID:7484
- C:\Windows\System\DUTheEX.exe
  C:\Windows\System\DUTheEX.exe
  2⤵
  PID:7760
- C:\Windows\System\NLKxWUF.exe
  C:\Windows\System\NLKxWUF.exe
  2⤵
  PID:7716
- C:\Windows\System\WoYJvjC.exe
  C:\Windows\System\WoYJvjC.exe
  2⤵
  PID:7456
- C:\Windows\System\LzyFvrp.exe
  C:\Windows\System\LzyFvrp.exe
  2⤵
  PID:8176
- C:\Windows\System\xTKzNye.exe
  C:\Windows\System\xTKzNye.exe
  2⤵
  PID:8108
- C:\Windows\System\Otemnif.exe
  C:\Windows\System\Otemnif.exe
  2⤵
  PID:7244
- C:\Windows\System\GbfFaAe.exe
  C:\Windows\System\GbfFaAe.exe
  2⤵
  PID:1540
- C:\Windows\System\joBScvS.exe
  C:\Windows\System\joBScvS.exe
  2⤵
  PID:7920
- C:\Windows\System\rgYeUBD.exe
  C:\Windows\System\rgYeUBD.exe
  2⤵
  PID:7904
- C:\Windows\System\LVlYoDc.exe
  C:\Windows\System\LVlYoDc.exe
  2⤵
  PID:8208
- C:\Windows\System\EKYhmdk.exe
  C:\Windows\System\EKYhmdk.exe
  2⤵
  PID:8224
- C:\Windows\System\yQHVesY.exe
  C:\Windows\System\yQHVesY.exe
  2⤵
  PID:8240
- C:\Windows\System\XEeyRYR.exe
  C:\Windows\System\XEeyRYR.exe
  2⤵
  PID:8256
- C:\Windows\System\sXHWFvX.exe
  C:\Windows\System\sXHWFvX.exe
  2⤵
  PID:8272
- C:\Windows\System\xoPTRWp.exe
  C:\Windows\System\xoPTRWp.exe
  2⤵
  PID:8292
- C:\Windows\System\uRwJKWF.exe
  C:\Windows\System\uRwJKWF.exe
  2⤵
  PID:8308
- C:\Windows\System\tTCpPUm.exe
  C:\Windows\System\tTCpPUm.exe
  2⤵
  PID:8324
- C:\Windows\System\AyPQwlJ.exe
  C:\Windows\System\AyPQwlJ.exe
  2⤵
  PID:8340
- C:\Windows\System\tudyifc.exe
  C:\Windows\System\tudyifc.exe
  2⤵
  PID:8364
- C:\Windows\System\aetvYvF.exe
  C:\Windows\System\aetvYvF.exe
  2⤵
  PID:8380
- C:\Windows\System\ucYZPKD.exe
  C:\Windows\System\ucYZPKD.exe
  2⤵
  PID:8396
- C:\Windows\System\jluknpL.exe
  C:\Windows\System\jluknpL.exe
  2⤵
  PID:8412
- C:\Windows\System\pfNWvai.exe
  C:\Windows\System\pfNWvai.exe
  2⤵
  PID:8428
- C:\Windows\System\Jqdxmlx.exe
  C:\Windows\System\Jqdxmlx.exe
  2⤵
  PID:8444
- C:\Windows\System\EqgGbxv.exe
  C:\Windows\System\EqgGbxv.exe
  2⤵
  PID:8464
- C:\Windows\System\nvhCjVO.exe
  C:\Windows\System\nvhCjVO.exe
  2⤵
  PID:8480
- C:\Windows\System\gWMKpEa.exe
  C:\Windows\System\gWMKpEa.exe
  2⤵
  PID:8504
- C:\Windows\System\XjoAPTw.exe
  C:\Windows\System\XjoAPTw.exe
  2⤵
  PID:8520
- C:\Windows\System\LCHsDkS.exe
  C:\Windows\System\LCHsDkS.exe
  2⤵
  PID:8536
- C:\Windows\System\fXtDsdf.exe
  C:\Windows\System\fXtDsdf.exe
  2⤵
  PID:8552
- C:\Windows\System\dbzVHuU.exe
  C:\Windows\System\dbzVHuU.exe
  2⤵
  PID:8568
- C:\Windows\System\pdZtKzh.exe
  C:\Windows\System\pdZtKzh.exe
  2⤵
  PID:8584
- C:\Windows\System\koUpcyY.exe
  C:\Windows\System\koUpcyY.exe
  2⤵
  PID:8600
- C:\Windows\System\mrDpwmb.exe
  C:\Windows\System\mrDpwmb.exe
  2⤵
  PID:8620
- C:\Windows\System\pBrwzUS.exe
  C:\Windows\System\pBrwzUS.exe
  2⤵
  PID:8636
- C:\Windows\System\poBcZmS.exe
  C:\Windows\System\poBcZmS.exe
  2⤵
  PID:8652
- C:\Windows\System\rAnudba.exe
  C:\Windows\System\rAnudba.exe
  2⤵
  PID:8672
- C:\Windows\System\qvKxsCi.exe
  C:\Windows\System\qvKxsCi.exe
  2⤵
  PID:8692
- C:\Windows\System\lAqOLBu.exe
  C:\Windows\System\lAqOLBu.exe
  2⤵
  PID:8708
- C:\Windows\System\LTNZrKL.exe
  C:\Windows\System\LTNZrKL.exe
  2⤵
  PID:8728
- C:\Windows\System\EFkRTIh.exe
  C:\Windows\System\EFkRTIh.exe
  2⤵
  PID:8744
- C:\Windows\System\OPMxTHO.exe
  C:\Windows\System\OPMxTHO.exe
  2⤵
  PID:8764
- C:\Windows\System\dPxzPwu.exe
  C:\Windows\System\dPxzPwu.exe
  2⤵
  PID:8780
- C:\Windows\System\wQLzGyJ.exe
  C:\Windows\System\wQLzGyJ.exe
  2⤵
  PID:8796
- C:\Windows\System\GdiWCjH.exe
  C:\Windows\System\GdiWCjH.exe
  2⤵
  PID:8812
- C:\Windows\System\PxdSRPf.exe
  C:\Windows\System\PxdSRPf.exe
  2⤵
  PID:8828
- C:\Windows\System\LSsKehp.exe
  C:\Windows\System\LSsKehp.exe
  2⤵
  PID:8848
- C:\Windows\System\RskfITC.exe
  C:\Windows\System\RskfITC.exe
  2⤵
  PID:8868
- C:\Windows\System\WGeOefD.exe
  C:\Windows\System\WGeOefD.exe
  2⤵
  PID:8888
- C:\Windows\System\UrCcTyS.exe
  C:\Windows\System\UrCcTyS.exe
  2⤵
  PID:8904
- C:\Windows\System\AAyuMKe.exe
  C:\Windows\System\AAyuMKe.exe
  2⤵
  PID:8924
- C:\Windows\System\kxRKCxY.exe
  C:\Windows\System\kxRKCxY.exe
  2⤵
  PID:8944
- C:\Windows\System\laESWfu.exe
  C:\Windows\System\laESWfu.exe
  2⤵
  PID:8960
- C:\Windows\System\suKrvPC.exe
  C:\Windows\System\suKrvPC.exe
  2⤵
  PID:8976
- C:\Windows\System\dZOfqBF.exe
  C:\Windows\System\dZOfqBF.exe
  2⤵
  PID:8992
- C:\Windows\System\qRlgsFW.exe
  C:\Windows\System\qRlgsFW.exe
  2⤵
  PID:9008
- C:\Windows\System\dAsYDnx.exe
  C:\Windows\System\dAsYDnx.exe
  2⤵
  PID:9028
- C:\Windows\System\rgqRDia.exe
  C:\Windows\System\rgqRDia.exe
  2⤵
  PID:9044
- C:\Windows\System\EBPGsGO.exe
  C:\Windows\System\EBPGsGO.exe
  2⤵
  PID:9068
- C:\Windows\System\tulwUBx.exe
  C:\Windows\System\tulwUBx.exe
  2⤵
  PID:9084
- C:\Windows\System\RQcOlfq.exe
  C:\Windows\System\RQcOlfq.exe
  2⤵
  PID:9160
- C:\Windows\System\FggnBxN.exe
  C:\Windows\System\FggnBxN.exe
  2⤵
  PID:7208
- C:\Windows\System\HSCiVaX.exe
  C:\Windows\System\HSCiVaX.exe
  2⤵
  PID:8048
- C:\Windows\System\yKCdfgP.exe
  C:\Windows\System\yKCdfgP.exe
  2⤵
  PID:7364
- C:\Windows\System\MzsgJSN.exe
  C:\Windows\System\MzsgJSN.exe
  2⤵
  PID:8252
- C:\Windows\System\vtlzGRx.exe
  C:\Windows\System\vtlzGRx.exe
  2⤵
  PID:8248
- C:\Windows\System\iXKPmAK.exe
  C:\Windows\System\iXKPmAK.exe
  2⤵
  PID:8236
- C:\Windows\System\dSzMGQD.exe
  C:\Windows\System\dSzMGQD.exe
  2⤵
  PID:8304
- C:\Windows\System\ohbqBvO.exe
  C:\Windows\System\ohbqBvO.exe
  2⤵
  PID:8280
- C:\Windows\System\TjVXsYH.exe
  C:\Windows\System\TjVXsYH.exe
  2⤵
  PID:8392
- C:\Windows\System\pisFFMm.exe
  C:\Windows\System\pisFFMm.exe
  2⤵
  PID:8452
- C:\Windows\System\jHORxUS.exe
  C:\Windows\System\jHORxUS.exe
  2⤵
  PID:8352
- C:\Windows\System\NMdbCCZ.exe
  C:\Windows\System\NMdbCCZ.exe
  2⤵
  PID:8408
- C:\Windows\System\yCOZGIY.exe
  C:\Windows\System\yCOZGIY.exe
  2⤵
  PID:8476
- C:\Windows\System\HDNrqdj.exe
  C:\Windows\System\HDNrqdj.exe
  2⤵
  PID:8488
- C:\Windows\System\hPUoSmz.exe
  C:\Windows\System\hPUoSmz.exe
  2⤵
  PID:8580
- C:\Windows\System\sOOqeSP.exe
  C:\Windows\System\sOOqeSP.exe
  2⤵
  PID:8644
- C:\Windows\System\vxxJjTC.exe
  C:\Windows\System\vxxJjTC.exe
  2⤵
  PID:8532
- C:\Windows\System\ycGczdu.exe
  C:\Windows\System\ycGczdu.exe
  2⤵
  PID:8596
- C:\Windows\System\eFHrTty.exe
  C:\Windows\System\eFHrTty.exe
  2⤵
  PID:8664
- C:\Windows\System\jZhETAW.exe
  C:\Windows\System\jZhETAW.exe
  2⤵
  PID:8716
- C:\Windows\System\dZoErOx.exe
  C:\Windows\System\dZoErOx.exe
  2⤵
  PID:8760
- C:\Windows\System\bYpDfBW.exe
  C:\Windows\System\bYpDfBW.exe
  2⤵
  PID:8824
- C:\Windows\System\PTDRMKM.exe
  C:\Windows\System\PTDRMKM.exe
  2⤵
  PID:8896
- C:\Windows\System\hXuBLMc.exe
  C:\Windows\System\hXuBLMc.exe
  2⤵
  PID:8940
- C:\Windows\System\FFCTEQt.exe
  C:\Windows\System\FFCTEQt.exe
  2⤵
  PID:8920
- C:\Windows\System\ERzieZg.exe
  C:\Windows\System\ERzieZg.exe
  2⤵
  PID:9016
- C:\Windows\System\gjoeMuL.exe
  C:\Windows\System\gjoeMuL.exe
  2⤵
  PID:8772
- C:\Windows\System\kvsYKpk.exe
  C:\Windows\System\kvsYKpk.exe
  2⤵
  PID:8836
- C:\Windows\System\nAVYjxY.exe
  C:\Windows\System\nAVYjxY.exe
  2⤵
  PID:8884
- C:\Windows\System\XMreOMf.exe
  C:\Windows\System\XMreOMf.exe
  2⤵
  PID:9024
- C:\Windows\System\DGLgvfg.exe
  C:\Windows\System\DGLgvfg.exe
  2⤵
  PID:9080
- C:\Windows\System\oSsbNPa.exe
  C:\Windows\System\oSsbNPa.exe
  2⤵
  PID:9100
- C:\Windows\System\iNYDWsX.exe
  C:\Windows\System\iNYDWsX.exe
  2⤵
  PID:9124
- C:\Windows\System\qqNdBqe.exe
  C:\Windows\System\qqNdBqe.exe
  2⤵
  PID:9136
- C:\Windows\System\ncjCYfy.exe
  C:\Windows\System\ncjCYfy.exe
  2⤵
  PID:9148
- C:\Windows\System\EYuOaDw.exe
  C:\Windows\System\EYuOaDw.exe
  2⤵
  PID:9172
- C:\Windows\System\zluNDlI.exe
  C:\Windows\System\zluNDlI.exe
  2⤵
  PID:9180
- C:\Windows\System\LkhSpSC.exe
  C:\Windows\System\LkhSpSC.exe
  2⤵
  PID:9196
- C:\Windows\System\fChTODI.exe
  C:\Windows\System\fChTODI.exe
  2⤵
  PID:9212
- C:\Windows\System\vvICkiH.exe
  C:\Windows\System\vvICkiH.exe
  2⤵
  PID:1800
- C:\Windows\System\OuOUdHE.exe
  C:\Windows\System\OuOUdHE.exe
  2⤵
  PID:7592
- C:\Windows\System\mosoEHs.exe
  C:\Windows\System\mosoEHs.exe
  2⤵
  PID:8232
- C:\Windows\System\WMJfImW.exe
  C:\Windows\System\WMJfImW.exe
  2⤵
  PID:7688
- C:\Windows\System\jUXdKRn.exe
  C:\Windows\System\jUXdKRn.exe
  2⤵
  PID:8268
- C:\Windows\System\NSEmLQh.exe
  C:\Windows\System\NSEmLQh.exe
  2⤵
  PID:8348
- C:\Windows\System\atfLrXL.exe
  C:\Windows\System\atfLrXL.exe
  2⤵
  PID:8492
- C:\Windows\System\WsuANXq.exe
  C:\Windows\System\WsuANXq.exe
  2⤵
  PID:8668
- C:\Windows\System\yxztWko.exe
  C:\Windows\System\yxztWko.exe
  2⤵
  PID:8864
- C:\Windows\System\AjLShsL.exe
  C:\Windows\System\AjLShsL.exe
  2⤵
  PID:8064
- C:\Windows\System\hZxyCAm.exe
  C:\Windows\System\hZxyCAm.exe
  2⤵
  PID:8068
- C:\Windows\System\jbQafzF.exe
  C:\Windows\System\jbQafzF.exe
  2⤵
  PID:8360
- C:\Windows\System\upCDhJt.exe
  C:\Windows\System\upCDhJt.exe
  2⤵
  PID:7096
- C:\Windows\System\LUstRVM.exe
  C:\Windows\System\LUstRVM.exe
  2⤵
  PID:8576
- C:\Windows\System\zmjnkhV.exe
  C:\Windows\System\zmjnkhV.exe
  2⤵
  PID:8756
- C:\Windows\System\upWgGkX.exe
  C:\Windows\System\upWgGkX.exe
  2⤵
  PID:8404
- C:\Windows\System\dqWWlNY.exe
  C:\Windows\System\dqWWlNY.exe
  2⤵
  PID:8876
- C:\Windows\System\VUcEiIr.exe
  C:\Windows\System\VUcEiIr.exe
  2⤵
  PID:8820
- C:\Windows\System\icRwFaA.exe
  C:\Windows\System\icRwFaA.exe
  2⤵
  PID:8700
- C:\Windows\System\VIGsbhT.exe
  C:\Windows\System\VIGsbhT.exe
  2⤵
  PID:8984
- C:\Windows\System\FYmxAXy.exe
  C:\Windows\System\FYmxAXy.exe
  2⤵
  PID:8916
- C:\Windows\System\bMlfIuA.exe
  C:\Windows\System\bMlfIuA.exe
  2⤵
  PID:9000
- C:\Windows\System\uZIwFex.exe
  C:\Windows\System\uZIwFex.exe
  2⤵
  PID:8156
- C:\Windows\System\uOcFfob.exe
  C:\Windows\System\uOcFfob.exe
  2⤵
  PID:9056
- C:\Windows\System\ZGzbLFS.exe
  C:\Windows\System\ZGzbLFS.exe
  2⤵
  PID:9112
- C:\Windows\System\FHjbZWS.exe
  C:\Windows\System\FHjbZWS.exe
  2⤵
  PID:9168
- C:\Windows\System\Pzgydyl.exe
  C:\Windows\System\Pzgydyl.exe
  2⤵
  PID:9184
- C:\Windows\System\upQTYtR.exe
  C:\Windows\System\upQTYtR.exe
  2⤵
  PID:7472
- C:\Windows\System\HEXPjAo.exe
  C:\Windows\System\HEXPjAo.exe
  2⤵
  PID:8376
- C:\Windows\System\OMAlMud.exe
  C:\Windows\System\OMAlMud.exe
  2⤵
  PID:8936
- C:\Windows\System\xhsiWmv.exe
  C:\Windows\System\xhsiWmv.exe
  2⤵
  PID:9060
- C:\Windows\System\zfXbdiF.exe
  C:\Windows\System\zfXbdiF.exe
  2⤵
  PID:8592
- C:\Windows\System\qIduiYk.exe
  C:\Windows\System\qIduiYk.exe
  2⤵
  PID:7056
- C:\Windows\System\DYDlNws.exe
  C:\Windows\System\DYDlNws.exe
  2⤵
  PID:9156
- C:\Windows\System\NrTUKpd.exe
  C:\Windows\System\NrTUKpd.exe
  2⤵
  PID:1672
- C:\Windows\System\sqIJTDv.exe
  C:\Windows\System\sqIJTDv.exe
  2⤵
  PID:8472
- C:\Windows\System\AnDrvvv.exe
  C:\Windows\System\AnDrvvv.exe
  2⤵
  PID:8740
- C:\Windows\System\RQltThu.exe
  C:\Windows\System\RQltThu.exe
  2⤵
  PID:8956
- C:\Windows\System\UTBWerX.exe
  C:\Windows\System\UTBWerX.exe
  2⤵
  PID:8460
- C:\Windows\System\loAbQRp.exe
  C:\Windows\System\loAbQRp.exe
  2⤵
  PID:8564
- C:\Windows\System\zotQbjL.exe
  C:\Windows\System\zotQbjL.exe
  2⤵
  PID:8388
- C:\Windows\System\SeLNRRb.exe
  C:\Windows\System\SeLNRRb.exe
  2⤵
  PID:9224
- C:\Windows\System\wKJkBgL.exe
  C:\Windows\System\wKJkBgL.exe
  2⤵
  PID:9244
- C:\Windows\System\tcqPECe.exe
  C:\Windows\System\tcqPECe.exe
  2⤵
  PID:9260
- C:\Windows\System\RSRLBpm.exe
  C:\Windows\System\RSRLBpm.exe
  2⤵
  PID:9276
- C:\Windows\System\iiXjMnp.exe
  C:\Windows\System\iiXjMnp.exe
  2⤵
  PID:9296
- C:\Windows\System\jiCyqBT.exe
  C:\Windows\System\jiCyqBT.exe
  2⤵
  PID:9332
- C:\Windows\System\dfDHKQj.exe
  C:\Windows\System\dfDHKQj.exe
  2⤵
  PID:9348
- C:\Windows\System\OvwuJnb.exe
  C:\Windows\System\OvwuJnb.exe
  2⤵
  PID:9364
- C:\Windows\System\dsfXbFh.exe
  C:\Windows\System\dsfXbFh.exe
  2⤵
  PID:9380
- C:\Windows\System\gZMUTTd.exe
  C:\Windows\System\gZMUTTd.exe
  2⤵
  PID:9396
- C:\Windows\System\vckNbyP.exe
  C:\Windows\System\vckNbyP.exe
  2⤵
  PID:9412
- C:\Windows\System\MWsJJJV.exe
  C:\Windows\System\MWsJJJV.exe
  2⤵
  PID:9432
- C:\Windows\System\QPmhiBS.exe
  C:\Windows\System\QPmhiBS.exe
  2⤵
  PID:9476
- C:\Windows\System\JfxgoLZ.exe
  C:\Windows\System\JfxgoLZ.exe
  2⤵
  PID:9492
- C:\Windows\System\XmECekw.exe
  C:\Windows\System\XmECekw.exe
  2⤵
  PID:9512
- C:\Windows\System\MKiuXMk.exe
  C:\Windows\System\MKiuXMk.exe
  2⤵
  PID:9532
- C:\Windows\System\IQuAgeB.exe
  C:\Windows\System\IQuAgeB.exe
  2⤵
  PID:9548
- C:\Windows\System\rmGAOOg.exe
  C:\Windows\System\rmGAOOg.exe
  2⤵
  PID:9564
- C:\Windows\System\fuxYHSd.exe
  C:\Windows\System\fuxYHSd.exe
  2⤵
  PID:9584
- C:\Windows\System\dmWmDTg.exe
  C:\Windows\System\dmWmDTg.exe
  2⤵
  PID:9600
- C:\Windows\System\weXcpsq.exe
  C:\Windows\System\weXcpsq.exe
  2⤵
  PID:9616
- C:\Windows\System\rLyenSQ.exe
  C:\Windows\System\rLyenSQ.exe
  2⤵
  PID:9632
- C:\Windows\System\WCrtCtG.exe
  C:\Windows\System\WCrtCtG.exe
  2⤵
  PID:9652
- C:\Windows\System\OGxyInV.exe
  C:\Windows\System\OGxyInV.exe
  2⤵
  PID:9668
- C:\Windows\System\dxOwDnE.exe
  C:\Windows\System\dxOwDnE.exe
  2⤵
  PID:9684
- C:\Windows\System\oiIcxqx.exe
  C:\Windows\System\oiIcxqx.exe
  2⤵
  PID:9700
- C:\Windows\System\PhUuGIO.exe
  C:\Windows\System\PhUuGIO.exe
  2⤵
  PID:9716
- C:\Windows\System\KZUlQHZ.exe
  C:\Windows\System\KZUlQHZ.exe
  2⤵
  PID:9736
- C:\Windows\System\sAlOKWc.exe
  C:\Windows\System\sAlOKWc.exe
  2⤵
  PID:9752
- C:\Windows\System\jUVJsEm.exe
  C:\Windows\System\jUVJsEm.exe
  2⤵
  PID:9768
- C:\Windows\System\QXqtyEF.exe
  C:\Windows\System\QXqtyEF.exe
  2⤵
  PID:9784
- C:\Windows\System\UFENggP.exe
  C:\Windows\System\UFENggP.exe
  2⤵
  PID:9800
- C:\Windows\System\AskjWzJ.exe
  C:\Windows\System\AskjWzJ.exe
  2⤵
  PID:9816
- C:\Windows\System\TOnWRHW.exe
  C:\Windows\System\TOnWRHW.exe
  2⤵
  PID:9832
- C:\Windows\System\jzbyWxN.exe
  C:\Windows\System\jzbyWxN.exe
  2⤵
  PID:9848
- C:\Windows\System\SqHPbYD.exe
  C:\Windows\System\SqHPbYD.exe
  2⤵
  PID:9864
- C:\Windows\System\mawuZwZ.exe
  C:\Windows\System\mawuZwZ.exe
  2⤵
  PID:9880
- C:\Windows\System\dADqhab.exe
  C:\Windows\System\dADqhab.exe
  2⤵
  PID:9896
- C:\Windows\System\EUBdSWa.exe
  C:\Windows\System\EUBdSWa.exe
  2⤵
  PID:9912
- C:\Windows\System\bukENyk.exe
  C:\Windows\System\bukENyk.exe
  2⤵
  PID:9928
- C:\Windows\System\RNaXogt.exe
  C:\Windows\System\RNaXogt.exe
  2⤵
  PID:9944
- C:\Windows\System\YNSUmik.exe
  C:\Windows\System\YNSUmik.exe
  2⤵
  PID:9960
- C:\Windows\System\vHkVeIa.exe
  C:\Windows\System\vHkVeIa.exe
  2⤵
  PID:9980
- C:\Windows\System\NCymgDT.exe
  C:\Windows\System\NCymgDT.exe
  2⤵
  PID:9996
- C:\Windows\System\gGpAEmF.exe
  C:\Windows\System\gGpAEmF.exe
  2⤵
  PID:10016
- C:\Windows\System\HibEbXS.exe
  C:\Windows\System\HibEbXS.exe
  2⤵
  PID:10036
- C:\Windows\System\dfGpNXR.exe
  C:\Windows\System\dfGpNXR.exe
  2⤵
  PID:10056
- C:\Windows\System\cYHlVhj.exe
  C:\Windows\System\cYHlVhj.exe
  2⤵
  PID:10076
- C:\Windows\System\NlplaQF.exe
  C:\Windows\System\NlplaQF.exe
  2⤵
  PID:10092
- C:\Windows\System\RvzYfOG.exe
  C:\Windows\System\RvzYfOG.exe
  2⤵
  PID:10112
- C:\Windows\System\LkqGeRJ.exe
  C:\Windows\System\LkqGeRJ.exe
  2⤵
  PID:10132
- C:\Windows\System\ibsJHXF.exe
  C:\Windows\System\ibsJHXF.exe
  2⤵
  PID:10148
- C:\Windows\System\KOqByTg.exe
  C:\Windows\System\KOqByTg.exe
  2⤵
  PID:10164
- C:\Windows\System\TslKPbF.exe
  C:\Windows\System\TslKPbF.exe
  2⤵
  PID:10180
- C:\Windows\System\yKDhmUf.exe
  C:\Windows\System\yKDhmUf.exe
  2⤵
  PID:10196
- C:\Windows\System\iXpzoGL.exe
  C:\Windows\System\iXpzoGL.exe
  2⤵
  PID:10212
- C:\Windows\System\ZaVPHLX.exe
  C:\Windows\System\ZaVPHLX.exe
  2⤵
  PID:10228
- C:\Windows\System\BePiJaU.exe
  C:\Windows\System\BePiJaU.exe
  2⤵
  PID:8720
- C:\Windows\System\hxpndVS.exe
  C:\Windows\System\hxpndVS.exe
  2⤵
  PID:9176
- C:\Windows\System\wPjbWYV.exe
  C:\Windows\System\wPjbWYV.exe
  2⤵
  PID:9268
- C:\Windows\System\dhpdDip.exe
  C:\Windows\System\dhpdDip.exe
  2⤵
  PID:9464
- C:\Windows\System\TcxqrLY.exe
  C:\Windows\System\TcxqrLY.exe
  2⤵
  PID:9500
- C:\Windows\System\uHMdwcb.exe
  C:\Windows\System\uHMdwcb.exe
  2⤵
  PID:9540
- C:\Windows\System\xTUDAtE.exe
  C:\Windows\System\xTUDAtE.exe
  2⤵
  PID:9572
- C:\Windows\System\ugEmoZF.exe
  C:\Windows\System\ugEmoZF.exe
  2⤵
  PID:9676
- C:\Windows\System\zOnnFjb.exe
  C:\Windows\System\zOnnFjb.exe
  2⤵
  PID:9744
- C:\Windows\System\mEdXNpS.exe
  C:\Windows\System\mEdXNpS.exe
  2⤵
  PID:9844
- C:\Windows\System\EUjoKWq.exe
  C:\Windows\System\EUjoKWq.exe
  2⤵
  PID:9904
- C:\Windows\System\cyMhAMI.exe
  C:\Windows\System\cyMhAMI.exe
  2⤵
  PID:10008
- C:\Windows\System\bsOBZER.exe
  C:\Windows\System\bsOBZER.exe
  2⤵
  PID:10044
- C:\Windows\System\fIUHyry.exe
  C:\Windows\System\fIUHyry.exe
  2⤵
  PID:10124
- C:\Windows\System\KHOZCdD.exe
  C:\Windows\System\KHOZCdD.exe
  2⤵
  PID:10160
- C:\Windows\System\QIGEqAi.exe
  C:\Windows\System\QIGEqAi.exe
  2⤵
  PID:9860
- C:\Windows\System\IQqKXuK.exe
  C:\Windows\System\IQqKXuK.exe
  2⤵
  PID:9924
- C:\Windows\System\EhfkPbY.exe
  C:\Windows\System\EhfkPbY.exe
  2⤵
  PID:9988
- C:\Windows\System\pXbNqGN.exe
  C:\Windows\System\pXbNqGN.exe
  2⤵
  PID:9824
- C:\Windows\System\lVJCHNf.exe
  C:\Windows\System\lVJCHNf.exe
  2⤵
  PID:10220
- C:\Windows\System\BxTuyXR.exe
  C:\Windows\System\BxTuyXR.exe
  2⤵
  PID:9724
- C:\Windows\System\bhaMLdA.exe
  C:\Windows\System\bhaMLdA.exe
  2⤵
  PID:9856
- C:\Windows\System\miWrObk.exe
  C:\Windows\System\miWrObk.exe
  2⤵
  PID:10104
- C:\Windows\System\ojwPrhl.exe
  C:\Windows\System\ojwPrhl.exe
  2⤵
  PID:10204
- C:\Windows\System\gZLqyCl.exe
  C:\Windows\System\gZLqyCl.exe
  2⤵
  PID:9308
- C:\Windows\System\mhPcDDF.exe
  C:\Windows\System\mhPcDDF.exe
  2⤵
  PID:9252
- C:\Windows\System\CyvmLcQ.exe
  C:\Windows\System\CyvmLcQ.exe
  2⤵
  PID:9376
- C:\Windows\System\ygxOyDn.exe
  C:\Windows\System\ygxOyDn.exe
  2⤵
  PID:8544
- C:\Windows\System\OKfTSov.exe
  C:\Windows\System\OKfTSov.exe
  2⤵
  PID:9428
- C:\Windows\System\pELzIWP.exe
  C:\Windows\System\pELzIWP.exe
  2⤵
  PID:9448
- C:\Windows\System\QpyYUvh.exe
  C:\Windows\System\QpyYUvh.exe
  2⤵
  PID:9324
- C:\Windows\System\TRyWpwa.exe
  C:\Windows\System\TRyWpwa.exe
  2⤵
  PID:9456
- C:\Windows\System\TqVwwRi.exe
  C:\Windows\System\TqVwwRi.exe
  2⤵
  PID:9524
- C:\Windows\System\jyXxdhb.exe
  C:\Windows\System\jyXxdhb.exe
  2⤵
  PID:9712
- C:\Windows\System\mRTwhkO.exe
  C:\Windows\System\mRTwhkO.exe
  2⤵
  PID:9936
- C:\Windows\System\ckgxjnm.exe
  C:\Windows\System\ckgxjnm.exe
  2⤵
  PID:10052
- C:\Windows\System\BeDnhzq.exe
  C:\Windows\System\BeDnhzq.exe
  2⤵
  PID:10120
- C:\Windows\System\iLTwaxt.exe
  C:\Windows\System\iLTwaxt.exe
  2⤵
  PID:9664
- C:\Windows\System\RZdOVyr.exe
  C:\Windows\System\RZdOVyr.exe
  2⤵
  PID:10028
- C:\Windows\System\SapMvoQ.exe
  C:\Windows\System\SapMvoQ.exe
  2⤵
  PID:8736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CziBfCy.exe

Filesize
6.0MB

MD5
f4d5dc7feec8e2e5df3bf82084fe2202

SHA1
a4c98ed4d5a0c5209e27667f7ff00ed3fc91b670

SHA256
62cf200099f1c6280a5ee88f4c75903f192118def7ef601a84c53611813533b0

SHA512
0edc011f2c6849c84c0fb67937c7252628468ac53bf799dca72140d56b40bcbc5013724aa54600ad79f720e6b84a9b1df79412dd58f6c28bf9516a44fc640bb8

Download Submit
C:\Windows\system\DhfDffM.exe

Filesize
6.0MB

MD5
3c41a5e13419198aa0f816a193ad945f

SHA1
e93768c872cda6e170e44fe9e26057c20fcb7172

SHA256
9d1039fd39dded3db5b40f606bffedcf858709d50a2af4bd96ee943f16e1cc15

SHA512
4a2cbd249d124bbe849733f7ee3b9c904cf2db232fe1aaa061c743b5e2ad13b8cdee047090cbdca23f42417f247d470bf2b579d200d213360cc96009c528f67e

Download Submit
C:\Windows\system\GgAkizg.exe

Filesize
6.0MB

MD5
35d9a376e724009a2e9cf167158fa28c

SHA1
e363891175f7c04072c15a9f6a060c36486922a1

SHA256
06eb07eebeaca982d4e720497392889bd4aa434cd900234ad353c8930b93711a

SHA512
cf32b6e2f0e65ca20691dbe79fcff1bf30204083f747beff2ab8dd9d09057b9c9e0d2c3f49dcdb86de80b9d6f9cde0d7f8bdf52342ca31d18821104e670f0551

Download Submit
C:\Windows\system\HLVlAEJ.exe

Filesize
6.0MB

MD5
d4b270aac68c91c8c916e3b282dc3d0d

SHA1
b072c2c49809874a05b7e20e470b8728caeb3355

SHA256
f183ebaeb748b4fdab712142000cc97f1388c2660b77cc20388cac4ba04cb0b7

SHA512
9267b0118a13ee190a979ac233dced43d5610881b2472d7bf643a0538b9373be1cd6ea3025be618796198c70a2ce8fcc467478a667393f702de401758bdb6944

Download Submit
C:\Windows\system\IHqZygU.exe

Filesize
6.0MB

MD5
c17cafe3c58d86b24ff60cf5628fd948

SHA1
298119c655fa61609b85e6a25cc8e1e4afb96ca8

SHA256
452a1496d5a493142b10ce0989f88cef8b6aaf1b6062d0e874594d21140432c2

SHA512
a9200a2658a1f9c4142f860f2dd188d472ced8e0b5037dce3f1ccfa1a761acd0544390154215f00f66213a2a51174e2654240ba1b991b2e74be6e779fb61e877

Download Submit
C:\Windows\system\INvXfzp.exe

Filesize
6.0MB

MD5
931873556b738cbcbf50ddbbec5cc4d9

SHA1
34c45563d837188b3a53fd45451258e333a036f5

SHA256
3e6779a0dde536665eef7171ef6605c4cc02c7e1403734044fd0a231d02261e0

SHA512
ab88ddce792a14b5339a6bada97197a10695b3e9bc6e5f8e7125b2217f3ea9c1a40023b016738d754a54118e334255957fdf9d9dd7ba697b29402f906c64b50e

Download Submit
C:\Windows\system\PCfoIVo.exe

Filesize
6.0MB

MD5
041229e92ecb621804fa76288734f634

SHA1
d4d29d05c07b01c04e11a2eac1ceff7b2581d220

SHA256
dd1701508668bce7be42d0d0b1dcf2dae7a67de69ab4242f35989a220d550be4

SHA512
3217bfd7ae11eecaa358c7d19750f2eb5c1e0f815811894c5ab2177226ffc5a96e3f5261ac16c3c297f3407df2224258b5c40ed6d2006330c040ffbfca0a138f

Download Submit
C:\Windows\system\PvCFIwf.exe

Filesize
6.0MB

MD5
406bd2cbccaffd2f992f410534aded59

SHA1
ee7b284e6d7be9099bae7e10700ccf039eba0046

SHA256
e66c3a4dfaab8b58fc9a5098fbbb4797a9122c6433c79b9b0b0e51504904b794

SHA512
4f591cf734b251d03ad6f6f9c1b1d4937a2411fc38e4ce62e830dddc61cd04df2fc8ed1a5657becd41ca6a547d9f218160eb33d99f3f9de09ce9dc105b4a32f6

Download Submit
C:\Windows\system\UXFNcUs.exe

Filesize
6.0MB

MD5
0f91756dea5e3d890458585ce033933b

SHA1
2b6ca32a3c8ffe9adc949f208b686dadf6b8ec51

SHA256
56dc0c382902717c956190794a91567ca269d328f9bf561aaa95be9c65d9032c

SHA512
31e2c986e782a6e05d3c3c3245a7d6bcf097f020c142bd86f9a80a6b7430a6c874cd3ea9de11a75eaf499d4b36e3073dbc64a7d3002f64276e23293a99a114ef

Download Submit
C:\Windows\system\VLQrYII.exe

Filesize
6.0MB

MD5
95969ae5be667e2ba4aa9206088ca4b1

SHA1
bf1bab757aebb2a7f8cd03037ffa9b32f4957fe0

SHA256
114e9967b39403791d4eae603f8946a55b0767e92e85814c725f7464c34dfdb4

SHA512
a0dcf06aa53f927f77d09c0922c72021168a361d9fefec5d5f5e3340d5eda8973475ffc407d530e0c08aa6752501be397beaceee8b6fadbd16f20cd934cbccb1

Download Submit
C:\Windows\system\WhwhBTG.exe

Filesize
6.0MB

MD5
dcafe5ea3d4ca904d1cc4aeaafba4b94

SHA1
25cef17746379f3bb388db23edf7a94e56a8df6e

SHA256
bf9faa8e255b2f0aaf0c3266e61761327dcccedb0d191e2ff604c8bd90ba367b

SHA512
b784e5d6840e44b3937b89e6fe65bb4b23560cfb57659e388eac716ae66bfdfbd54ded20bae9e6ccf87520ce56de5b9cd656e9da67eb3be93e4bd0ec114c705e

Download Submit
C:\Windows\system\cMegzzm.exe

Filesize
6.0MB

MD5
294165b8b3fb17913944843036f0d449

SHA1
db9b1a514f8c4c18c0820c832f7766a40fcdd910

SHA256
c8d3435f6c7a73d842230305d5cb1c163299e0cf46803a42d0591896d53d28ca

SHA512
2507100c0769d4c11aa27aa0d895196a9f710e94fa0206d93a67d5b4304494de6888f12d638f87cb3041af0be0109bd049835c5ef6153c7a8d32696e171b86a5

Download Submit
C:\Windows\system\dKwCDPF.exe

Filesize
6.0MB

MD5
20b57dbbb21932c59166eded9bd7847e

SHA1
57e82ce7bbc12f42888d8712718d1a3ba7c39cd4

SHA256
5c5f95903d2662b4083696015b52d8b1090a7e71eff346208d439b3b0f06ba11

SHA512
1739dc7039e8225585b794f761a3061d63a23da7b4b7beb330378d058fb259648b74891e6fdc6f9fbcf1914c3fba120d4fa209e87131d6e30e608d26d80cf222

Download Submit
C:\Windows\system\ddtVQgg.exe

Filesize
6.0MB

MD5
39d77c90b3c4af44dea92c3b44bb348d

SHA1
cb68aef1575f48d2e0d1e9a7f33d64e12129959b

SHA256
52f16a93d30ab5a25854105d383486740d038d8c9e3566c17348da8eeed7ced1

SHA512
e945074230b5f4b21b6a1802fff0351ec8d1360fdf5dd49a422be28001bdc4912d769a895273439716c112fe8cbe2f258005332de5ba45d932ac3e537e433c99

Download Submit
C:\Windows\system\eABwHaA.exe

Filesize
6.0MB

MD5
021bbcf09b40c9ed365493ce8e010ff0

SHA1
c9f2a74a3c497d8131e29e5729cdaba909f979a9

SHA256
ee1aa03c7c09dfbc0d2f674539570c1c77a2a2bbbf99a5eb56fa676614bdf5e8

SHA512
4901b61946b1db266b961acc40d826a2ab02f4ede3bdb01a1b04244888aa5d7edc4f385f2e99ba051baf48269870dd018b48566694ab8ecf418f1e89fe36d4ec

Download Submit
C:\Windows\system\eYhqMjb.exe

Filesize
6.0MB

MD5
e42b7fd02d79354af6623df8c0a01e54

SHA1
2c6ebb624f06ba291838691f07d4a0770681aaf3

SHA256
2a0db2b5bc8b2a770883100ca40800816c0cf4b6cee733fb682fdac5e62bf5bd

SHA512
64d9841de830cf4f239b6263b821b464ad5f1ad5af5422201e10bfbe8750848cd4e0fd46573e095185a8973aac41ff124036b8cb6c8057b8ded672b8c365666a

Download Submit
C:\Windows\system\iQfvXsM.exe

Filesize
6.0MB

MD5
07fe62c8bb2aed7e817551dcdb490fe0

SHA1
a47a91e073dfe056b12934d16b1bb28d04bae6b1

SHA256
c40037c9d07f8ac08ae5296d20ac694df11236a5fdeafde92444d47bbc899cb4

SHA512
80addf8a28945abbeb97f86e8ad5b82b7788a79ff8b884571695d762f6ce16f175e7510b281b4322881aa09e345311c67f490fcedec992716d2dd922eea5a8c2

Download Submit
C:\Windows\system\iUxXDIn.exe

Filesize
6.0MB

MD5
628c789ae5b5d1865d8c7a20b3bf89b7

SHA1
da260474844fb4b4fe09d84b38998acd4a7ea85c

SHA256
038876c91eca39041d828438fb5d337c6674e95ba785b4fef75f5b9f4c68f809

SHA512
b6b9af346aa72b84ca9a09dd42c7415ca5707d63418046eb5c92b034adcc199f2e41b58ce194675f0c142dfd8257162c217581cdc6a33a2659525e2351b133d3

Download Submit
C:\Windows\system\kAsIObS.exe

Filesize
6.0MB

MD5
864812beae3e0c4dfaa25a65a5e4e5c8

SHA1
57cbd158e0aa026905f6eb303608b6007989bf32

SHA256
65ae1c659a30312887c119d3af46022fba98e2452f8b2d4cc8391a9281e5e9ff

SHA512
3e6f873de744469db2c8cf1af40ccc9ecba1542cec2c2694f88e21b5b2b472ec87e9847ddb06ce68f9eebc2d04d48fe7d2e4e08650b7d86deae149c506c5b432

Download Submit
C:\Windows\system\kJNeWOQ.exe

Filesize
6.0MB

MD5
eff793a19765681236ba0a8332f4f511

SHA1
46b07641c9d5a7dbaea7c5635b0abe30c576776c

SHA256
6f25579b81b83a5710b0af91af64ca8abab4c5626bbab0ab6d24c98c2e5e9220

SHA512
637417eaabe390021f78942e96e8b6fddb2651d2f2ab28ef7b1e04891fd606ac598c2b29f3b4049356f15b2674e3715e34184151a2ac7864e4e9e422f4103b93

Download Submit
C:\Windows\system\kNzCpxm.exe

Filesize
6.0MB

MD5
a342bdf3e0c12fa5d95cd8c9550dfb61

SHA1
83bc5b7a5898d3ef3426eb5cd301f17c8e46c9d7

SHA256
ae7ca6d158c6736bdb945d90779871cf0963e428ce8e3eff9b635a83d4ba005c

SHA512
e87567864322ae05c13dfce7652e92889ce73a06a257629e4f4b8dda99859e8dcb5aeec4c5cbc142a2b158992943eaf5fe6fe9a46950e970d87da16f312b7819

Download Submit
C:\Windows\system\kzuRYIf.exe

Filesize
6.0MB

MD5
953a4d0d6e33b1641e3682a20f403672

SHA1
72b410fc73b60c1db83532b3c68ffb5589d166d8

SHA256
73eda121ae731ccda6a08e40119c3138172068196944b766b02ce60bc0e6637a

SHA512
a01906d3a3820a7963a66f74a097891783fdee033a8b48ad1eabb6206a1530aca1f97682cded68c46ac7905c2e59cf2ec435130e7280ae6baacef0a701522337

Download Submit
C:\Windows\system\pufzMVN.exe

Filesize
6.0MB

MD5
9b03f7aa6d79fd1204d4d101d5aa8101

SHA1
b469603b63fdf628206b6e0636126372e2913e82

SHA256
17a60f3e22b4d86a125c48e5b395cd5cfa25836ef08f826191d80b2df37dfe91

SHA512
e29de3fbaf136b0847f2edc0591e916bfa3e28e95d57727319a33e7d810114bb6da837625ebdc1257e3463074234c3426709ac3719e99eff63c0511f36a870a5

Download Submit
C:\Windows\system\sGmLCVw.exe

Filesize
6.0MB

MD5
03426ff0abf95ec3d60039fc11b072a4

SHA1
3f335b129d04328fe73de44f33c1d82c48a72646

SHA256
e116cc43678d6608954c388e3271654817bca09861c42eaa76a12259135aaa96

SHA512
378aa53ff5fabf76ecbe53acffb175ac059c174365b1564d63e4239be79201d94fc82f531fd0a11ed9c1287ec1e114eff99370a8a9c9d1b548a1d6d905942e6d

Download Submit
C:\Windows\system\vrUVJkt.exe

Filesize
6.0MB

MD5
a8af1ca938e5e10c1a9e18289075942f

SHA1
0fdf8658b5dad2c3a8371b0deb1ef4953fa0d0f0

SHA256
6087f8ea23945cc42ec249e8401a625f58e4aa949098ebc8f43cf91ca1f48c5c

SHA512
4e191e449b83f5e9707f0ad1af5e6e2c307bf51df7552f489b1d28fd304842b46aab4ee6a8b53c7e628faeeda51f3afd4cd5859bcd8477d9c13367040cbce0b4

Download Submit
C:\Windows\system\vzFwHxI.exe

Filesize
6.0MB

MD5
d6bd9b6ac11be462a77ffed34cdfe058

SHA1
01d7b59473465670d804ed07486a79512e0821a7

SHA256
598902c6970333d0311a393848d8311354e3e8ddc8791e8e85c6aae3f75919e6

SHA512
e9cc657deef9761ea3fd4105d07587ebd0c19deab1aae8c16a6808439c86c6de8b1f09b25b86d82df4d9f287c1a7137962d22ffcefaf42faca15458d8cf4c069

Download Submit
C:\Windows\system\ydZVHkk.exe

Filesize
6.0MB

MD5
47afeac80fa11be67e08e73d07224a67

SHA1
b9b5b8f6866f184391d534a81b48b0d675f766bb

SHA256
9eacfb585a2c6412dfc2e1059306d1276827f29c08f1e9737c88418f1b694f66

SHA512
c7e566a19f693ae74ffc527bace44836358c0067228979c2e09e232cb4e114d0db154e42f9cfb4c5f49b248e13f2500e00a7b0ff63f5c343c69a0cb527e0258f

Download Submit
\Windows\system\EmxoYcQ.exe

Filesize
6.0MB

MD5
86a79b5368016895889043dca1496281

SHA1
a04a201c82781f5cd3e37c7bc9b61e8ab9bcab1a

SHA256
6d889336aa6b1b012bd922d86d4e5509832faa3bcbd941bcbdb6192ea2e137c9

SHA512
6d7346d8e90e4fff42664b5bfc83014f9b7998423845dfc626e5a9b345a26b7b1cc737603dca737e26c2f48748d89ac9c82ee37aebe6829d968c94effc931e63

Download Submit
\Windows\system\ILrkkUE.exe

Filesize
6.0MB

MD5
3f71fcf7532e666ba66e62f055843af9

SHA1
d98e164367e7cf8c6657db848e743f0a12844e95

SHA256
d73765643bf5a4d117854eafb6e36ae994bbeaec0c950b4e34f77ffe6d2fd181

SHA512
42e7e0704492cd92b0a3f4f89536ff37407318883f647fc7e30b33a2ad432e126bceac425521830a158167fc7533fd60ed827e358c1f544c9728fe1919a7a31c

Download Submit
\Windows\system\PNAtvCQ.exe

Filesize
6.0MB

MD5
aadce53377da38237048af272131e0c0

SHA1
89333b12309e2cf5fe88c51c5459b17abbb94216

SHA256
169b271576f5df7b514b5f1ef6d6961195699c1f3dae4e5af5aab175bdf491df

SHA512
b8b22f7f2a49a76834e22592f0162d5e3ca6cdf0615b577a09696d641572a73462aaffd9a0f8256a4817c51180cc357c598c75ab9ffc73e6d738cea67edacde9

Download Submit
\Windows\system\aXtdWcF.exe

Filesize
6.0MB

MD5
9dd62701cf17389df237f7cf0efadf64

SHA1
71bd82e02bf615da24fd08462690f73caae4eff2

SHA256
90a932869c51c9265b94692e66ec2341c026540be8b61e66d64ccdbb58d97b4b

SHA512
2b78338fd00f88c47e97c492357faca5c8c45fd4090fba219b21b3804eb7ea2fa8ea1255140c877fe53e89803cc6b33433c5da8f694eb47a11682c51ae5084c6

Download Submit
\Windows\system\pFRMmip.exe

Filesize
6.0MB

MD5
d69c3428279c2cffdc842455af8cc393

SHA1
c417c8b782b3e8a401a9e937a1b66b6eeef30fa1

SHA256
79c626365e332aa81b42c7f73fb422568eb100a1c95b3df95edfb90d0eb613b4

SHA512
e00ac22b040fe340c92bce3930ce949089ebecc9ff1baf3d6dd0a196f1b51fa4cad774684ef40a7126afc87a1a1e4847457f99057f02c567d2702dee6aef71e5

Download Submit
\Windows\system\tqcZfpU.exe

Filesize
6.0MB

MD5
33b23013dc8e497fe0ae138122c0f136

SHA1
f91f5b8552f4e8ef9396d9ff1321e8f9bd2d4fdf

SHA256
d88d7e1c6e3ddc1a5705bd2d1e90d7f1250cfcb8c07e9549940f1fd25de35ff6

SHA512
5782ea311d8c393d5ec288c3bc0c50a52fb2e8ab4aaab2f1c00939674c0b40ca4962ec6eb4ca475a9d44d046de7e5316f661b8fb55f8ed6a54b1a891fa7b559b

Download Submit
\Windows\system\wYQTXio.exe

Filesize
6.0MB

MD5
b14ed158c5435a4f257ebedcacc3ef9c

SHA1
c668034a9eb6ff3ea0ae134941223a59a9bd9669

SHA256
a0e05ee97a6218a9360926c7d9d2d64656edf84f7054a5515e94d1b828e28c10

SHA512
964a324d7b6450afc8fe6e67cf3af24ac5922f8c1cae5ac68730f809c2c77832e152e92d2ce9098e22929742fa2385132893ef1b22290515c6a10586bb81bcf6

Download Submit
memory/836-2223-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/836-3980-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1640-3399-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1640-3542-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2225-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1640-0-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1640-3539-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2828-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2004-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2005-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1640-3543-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1640-3541-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1640-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2108-3978-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3981-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2831-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2474-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3979-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download