cobaltstrike | 79f65ed9524e17c800c6a12942dd354b185a35cdf5b35f4876b921c20d61b0c9

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

65c4ce2ea3fc9cf44c8207a7b9297693
SHA1

189385c9c772d67368e2c6cb1db5ecf38755ac81
SHA256

79f65ed9524e17c800c6a12942dd354b185a35cdf5b35f4876b921c20d61b0c9
SHA512

e72c5d9ca47b293da949373dd7a3129fb644207adf9d85a8d2608ab790e0ac8a52cc7dca3f7041b0975a99547c452a70184041df0188cd19ca1fbaa1a2079baa
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001613e-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016210-14.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164db-18.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001659b-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016645-25.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001686c-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-111.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-146.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-151.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-115.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-105.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-100.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-95.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-79.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-67.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-37.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ac1-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/files/0x000800000001613e-10.dat	xmrig
behavioral1/files/0x0008000000016210-14.dat	xmrig
behavioral1/files/0x00070000000164db-18.dat	xmrig
behavioral1/files/0x000700000001659b-22.dat	xmrig
behavioral1/files/0x0007000000016645-25.dat	xmrig
behavioral1/files/0x000900000001686c-30.dat	xmrig
behavioral1/files/0x0006000000016eb8-41.dat	xmrig
behavioral1/files/0x0006000000017400-75.dat	xmrig
behavioral1/files/0x00060000000174a6-90.dat	xmrig
behavioral1/files/0x0005000000018696-111.dat	xmrig
behavioral1/files/0x000600000001904c-157.dat	xmrig
behavioral1/files/0x0005000000019217-153.dat	xmrig
behavioral1/files/0x00050000000191d2-146.dat	xmrig
behavioral1/files/0x0006000000018c44-130.dat	xmrig
behavioral1/files/0x0005000000019240-161.dat	xmrig
behavioral1/files/0x00050000000191f6-151.dat	xmrig
behavioral1/files/0x00060000000190e1-143.dat	xmrig
behavioral1/files/0x0006000000018f65-134.dat	xmrig
behavioral1/files/0x00050000000187a2-120.dat	xmrig
behavioral1/files/0x0006000000018c34-125.dat	xmrig
behavioral1/files/0x0005000000018697-115.dat	xmrig
behavioral1/files/0x0015000000018676-105.dat	xmrig
behavioral1/files/0x000600000001757f-100.dat	xmrig
behavioral1/files/0x00060000000174c3-95.dat	xmrig
behavioral1/files/0x000600000001746a-70.dat	xmrig
behavioral1/files/0x0006000000017488-79.dat	xmrig
behavioral1/files/0x000600000001707c-49.dat	xmrig
behavioral1/files/0x0006000000017403-67.dat	xmrig
behavioral1/files/0x00060000000173f3-53.dat	xmrig
behavioral1/files/0x0006000000016edb-45.dat	xmrig
behavioral1/files/0x0006000000016de8-37.dat	xmrig
behavioral1/files/0x0009000000016ac1-33.dat	xmrig
behavioral1/memory/2212-2084-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2580-2243-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2580-2256-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2536-2254-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/1536-2242-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2948-2332-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2720-2382-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2580-3245-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2580-3317-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2720-3936-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2536-3918-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2212-3921-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1536-3910-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2948-3909-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3048	jVAHFXX.exe
2212	CZMVHOX.exe
1536	nAWQZvq.exe
2536	hTyTDcF.exe
2948	BRoLKCA.exe
2720	UoZypEE.exe
2768	vzpLcHx.exe
2888	smKnOOP.exe
2764	tRHNpxO.exe
2744	VZdXUCQ.exe
2772	KEomBIj.exe
2952	rXmBmpB.exe
2156	GRyuOkC.exe
2632	IzqVhfn.exe
2660	DYUdsCM.exe
2396	viuRTow.exe
2444	qOdVhpL.exe
1304	jahWqzm.exe
1676	sVHBWwK.exe
2804	PRthcsT.exe
1112	hoTHdNl.exe
1488	qGqibsA.exe
2012	IvcuEKP.exe
532	MPxUyuV.exe
1760	vuJtbLk.exe
2112	YAUNVLb.exe
2388	LnrSRUe.exe
2272	HwXrMVD.exe
984	etlhQne.exe
2392	oriZjUR.exe
2936	qFkMRpm.exe
2044	SMhDCmm.exe
2448	vwRVoEY.exe
1756	hXkgFAZ.exe
1836	TQqBtjt.exe
1392	DsbbzsG.exe
644	TyvICcZ.exe
616	HISuoTU.exe
3016	XuicNwB.exe
2056	iiGxeFW.exe
1784	FvSdgxe.exe
1548	wSKSehe.exe
2060	wWmBsUq.exe
1544	BFbRXKV.exe
3008	bynkrwi.exe
1728	uXLXvQd.exe
1048	RihxYWQ.exe
2576	FHHfJyc.exe
2552	OgmxOZJ.exe
1164	kFvpMVe.exe
2296	wywZyvr.exe
760	ohsMLyI.exe
2328	tFdfizW.exe
1228	hYqmZLg.exe
872	IPjbHBb.exe
1580	vUPJEDy.exe
1884	JVKLqRZ.exe
2148	WquMvkO.exe
2484	VCTlESd.exe
2876	MYkPYbq.exe
2916	HWGJEVI.exe
2728	RHEgOlK.exe
2732	AJVUDZs.exe
560	duqGNXM.exe

Loads dropped DLL 64 IoCs

pid	Process
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/files/0x000800000001613e-10.dat	upx
behavioral1/files/0x0008000000016210-14.dat	upx
behavioral1/files/0x00070000000164db-18.dat	upx
behavioral1/files/0x000700000001659b-22.dat	upx
behavioral1/files/0x0007000000016645-25.dat	upx
behavioral1/files/0x000900000001686c-30.dat	upx
behavioral1/files/0x0006000000016eb8-41.dat	upx
behavioral1/files/0x0006000000017400-75.dat	upx
behavioral1/files/0x00060000000174a6-90.dat	upx
behavioral1/files/0x0005000000018696-111.dat	upx
behavioral1/files/0x000600000001904c-157.dat	upx
behavioral1/files/0x0005000000019217-153.dat	upx
behavioral1/files/0x00050000000191d2-146.dat	upx
behavioral1/files/0x0006000000018c44-130.dat	upx
behavioral1/files/0x0005000000019240-161.dat	upx
behavioral1/files/0x00050000000191f6-151.dat	upx
behavioral1/files/0x00060000000190e1-143.dat	upx
behavioral1/files/0x0006000000018f65-134.dat	upx
behavioral1/files/0x00050000000187a2-120.dat	upx
behavioral1/files/0x0006000000018c34-125.dat	upx
behavioral1/files/0x0005000000018697-115.dat	upx
behavioral1/files/0x0015000000018676-105.dat	upx
behavioral1/files/0x000600000001757f-100.dat	upx
behavioral1/files/0x00060000000174c3-95.dat	upx
behavioral1/files/0x000600000001746a-70.dat	upx
behavioral1/files/0x0006000000017488-79.dat	upx
behavioral1/files/0x000600000001707c-49.dat	upx
behavioral1/files/0x0006000000017403-67.dat	upx
behavioral1/files/0x00060000000173f3-53.dat	upx
behavioral1/files/0x0006000000016edb-45.dat	upx
behavioral1/files/0x0006000000016de8-37.dat	upx
behavioral1/files/0x0009000000016ac1-33.dat	upx
behavioral1/memory/2212-2084-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2536-2254-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/1536-2242-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2948-2332-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2720-2382-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2580-3245-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2720-3936-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2536-3918-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2212-3921-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1536-3910-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2948-3909-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TAbeGLP.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyezILn.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRLJxIW.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XulxkDt.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoYHFhS.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gORVCdx.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNLtWTQ.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMAFQXj.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWIMARd.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDEqVcT.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asihjui.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKaatep.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufqYeRb.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdclOXZ.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeoFSjJ.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGQjAnm.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSSYmke.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqKIwPU.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAgqjDH.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcqbfyM.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRtnPSo.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAtolOn.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKVxvAT.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnLzUiu.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVzuiyR.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSiKOQD.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKwjrEN.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxRuZSP.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwXrMVD.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pnapaid.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcgFQjd.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPlSMPR.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwEjgmV.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbzzMfU.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CuZQUpw.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wywZyvr.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QECqZuQ.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhUaXvT.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpCscLC.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juSXNbf.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dILfUij.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLErBzu.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BcGVHtP.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTrrDKG.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNlsQIF.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnGGPav.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igmeamK.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JozoKlS.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSoLTck.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duqGNXM.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQdfEAd.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYEVnkL.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxJXYkx.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTgdUYw.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igPHWah.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rirrcQn.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNuUUqH.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlczzHF.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rApjsfb.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLlEdBw.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWssuKp.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riDeBye.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrDJjJY.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auZdgNf.exe	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 3048	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 3048	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 3048	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 2212	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 2212	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 2212	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 1536	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 1536	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 1536	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 2536	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2536	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2536	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2948	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2948	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2948	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2720	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2720	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2720	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2768	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2768	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2768	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2888	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2888	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2888	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2764	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 2764	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 2764	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 2744	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 2744	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 2744	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 2772	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 2772	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 2772	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 2952	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2952	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2952	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2156	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2156	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2156	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2660	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 2660	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 2660	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 2632	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 2632	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 2632	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 2444	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 2444	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 2444	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 2396	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 2396	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 2396	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 1304	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 1304	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 1304	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 1676	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 1676	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 1676	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 2804	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 2804	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 2804	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 1112	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2580 wrote to memory of 1112	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2580 wrote to memory of 1112	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2580 wrote to memory of 1488	2580	2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_65c4ce2ea3fc9cf44c8207a7b9297693_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\System\jVAHFXX.exe
  C:\Windows\System\jVAHFXX.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\CZMVHOX.exe
  C:\Windows\System\CZMVHOX.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\nAWQZvq.exe
  C:\Windows\System\nAWQZvq.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\hTyTDcF.exe
  C:\Windows\System\hTyTDcF.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\BRoLKCA.exe
  C:\Windows\System\BRoLKCA.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\UoZypEE.exe
  C:\Windows\System\UoZypEE.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\vzpLcHx.exe
  C:\Windows\System\vzpLcHx.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\smKnOOP.exe
  C:\Windows\System\smKnOOP.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\tRHNpxO.exe
  C:\Windows\System\tRHNpxO.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\VZdXUCQ.exe
  C:\Windows\System\VZdXUCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\KEomBIj.exe
  C:\Windows\System\KEomBIj.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\rXmBmpB.exe
  C:\Windows\System\rXmBmpB.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\GRyuOkC.exe
  C:\Windows\System\GRyuOkC.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\DYUdsCM.exe
  C:\Windows\System\DYUdsCM.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\IzqVhfn.exe
  C:\Windows\System\IzqVhfn.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\qOdVhpL.exe
  C:\Windows\System\qOdVhpL.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\viuRTow.exe
  C:\Windows\System\viuRTow.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\jahWqzm.exe
  C:\Windows\System\jahWqzm.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\sVHBWwK.exe
  C:\Windows\System\sVHBWwK.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\PRthcsT.exe
  C:\Windows\System\PRthcsT.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\hoTHdNl.exe
  C:\Windows\System\hoTHdNl.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\qGqibsA.exe
  C:\Windows\System\qGqibsA.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\IvcuEKP.exe
  C:\Windows\System\IvcuEKP.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\MPxUyuV.exe
  C:\Windows\System\MPxUyuV.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\vuJtbLk.exe
  C:\Windows\System\vuJtbLk.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\YAUNVLb.exe
  C:\Windows\System\YAUNVLb.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\LnrSRUe.exe
  C:\Windows\System\LnrSRUe.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\oriZjUR.exe
  C:\Windows\System\oriZjUR.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\HwXrMVD.exe
  C:\Windows\System\HwXrMVD.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\SMhDCmm.exe
  C:\Windows\System\SMhDCmm.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\etlhQne.exe
  C:\Windows\System\etlhQne.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\vwRVoEY.exe
  C:\Windows\System\vwRVoEY.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\qFkMRpm.exe
  C:\Windows\System\qFkMRpm.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\hXkgFAZ.exe
  C:\Windows\System\hXkgFAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\TQqBtjt.exe
  C:\Windows\System\TQqBtjt.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\DsbbzsG.exe
  C:\Windows\System\DsbbzsG.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\TyvICcZ.exe
  C:\Windows\System\TyvICcZ.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\HISuoTU.exe
  C:\Windows\System\HISuoTU.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\XuicNwB.exe
  C:\Windows\System\XuicNwB.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\iiGxeFW.exe
  C:\Windows\System\iiGxeFW.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\FvSdgxe.exe
  C:\Windows\System\FvSdgxe.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\wSKSehe.exe
  C:\Windows\System\wSKSehe.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\wWmBsUq.exe
  C:\Windows\System\wWmBsUq.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\RihxYWQ.exe
  C:\Windows\System\RihxYWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\BFbRXKV.exe
  C:\Windows\System\BFbRXKV.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\OgmxOZJ.exe
  C:\Windows\System\OgmxOZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\bynkrwi.exe
  C:\Windows\System\bynkrwi.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\kFvpMVe.exe
  C:\Windows\System\kFvpMVe.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\uXLXvQd.exe
  C:\Windows\System\uXLXvQd.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\wywZyvr.exe
  C:\Windows\System\wywZyvr.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\FHHfJyc.exe
  C:\Windows\System\FHHfJyc.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\hYqmZLg.exe
  C:\Windows\System\hYqmZLg.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\ohsMLyI.exe
  C:\Windows\System\ohsMLyI.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\IPjbHBb.exe
  C:\Windows\System\IPjbHBb.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\tFdfizW.exe
  C:\Windows\System\tFdfizW.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\vUPJEDy.exe
  C:\Windows\System\vUPJEDy.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\JVKLqRZ.exe
  C:\Windows\System\JVKLqRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\WquMvkO.exe
  C:\Windows\System\WquMvkO.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\VCTlESd.exe
  C:\Windows\System\VCTlESd.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\MYkPYbq.exe
  C:\Windows\System\MYkPYbq.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\HWGJEVI.exe
  C:\Windows\System\HWGJEVI.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\RHEgOlK.exe
  C:\Windows\System\RHEgOlK.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\AJVUDZs.exe
  C:\Windows\System\AJVUDZs.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\duqGNXM.exe
  C:\Windows\System\duqGNXM.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\BAuInvb.exe
  C:\Windows\System\BAuInvb.exe
  2⤵
  PID:2900
- C:\Windows\System\ndzTgLO.exe
  C:\Windows\System\ndzTgLO.exe
  2⤵
  PID:1084
- C:\Windows\System\mLErBzu.exe
  C:\Windows\System\mLErBzu.exe
  2⤵
  PID:2664
- C:\Windows\System\lhzpNQy.exe
  C:\Windows\System\lhzpNQy.exe
  2⤵
  PID:264
- C:\Windows\System\gjtjqBe.exe
  C:\Windows\System\gjtjqBe.exe
  2⤵
  PID:300
- C:\Windows\System\SYLuyfP.exe
  C:\Windows\System\SYLuyfP.exe
  2⤵
  PID:1808
- C:\Windows\System\GgHPUsr.exe
  C:\Windows\System\GgHPUsr.exe
  2⤵
  PID:268
- C:\Windows\System\pReAJvn.exe
  C:\Windows\System\pReAJvn.exe
  2⤵
  PID:2420
- C:\Windows\System\yiWhuqu.exe
  C:\Windows\System\yiWhuqu.exe
  2⤵
  PID:2228
- C:\Windows\System\DLbOiZy.exe
  C:\Windows\System\DLbOiZy.exe
  2⤵
  PID:444
- C:\Windows\System\svJjCnS.exe
  C:\Windows\System\svJjCnS.exe
  2⤵
  PID:1720
- C:\Windows\System\ZvTfPvd.exe
  C:\Windows\System\ZvTfPvd.exe
  2⤵
  PID:1440
- C:\Windows\System\zlBIxBZ.exe
  C:\Windows\System\zlBIxBZ.exe
  2⤵
  PID:2072
- C:\Windows\System\OpdKASp.exe
  C:\Windows\System\OpdKASp.exe
  2⤵
  PID:2592
- C:\Windows\System\wLWHNLm.exe
  C:\Windows\System\wLWHNLm.exe
  2⤵
  PID:2832
- C:\Windows\System\wdyfGvU.exe
  C:\Windows\System\wdyfGvU.exe
  2⤵
  PID:1696
- C:\Windows\System\GWVagmQ.exe
  C:\Windows\System\GWVagmQ.exe
  2⤵
  PID:1660
- C:\Windows\System\NYYteKf.exe
  C:\Windows\System\NYYteKf.exe
  2⤵
  PID:1700
- C:\Windows\System\gjMqjYi.exe
  C:\Windows\System\gjMqjYi.exe
  2⤵
  PID:2236
- C:\Windows\System\GKOBDPe.exe
  C:\Windows\System\GKOBDPe.exe
  2⤵
  PID:1100
- C:\Windows\System\yzaGmoQ.exe
  C:\Windows\System\yzaGmoQ.exe
  2⤵
  PID:1508
- C:\Windows\System\BTeeXEL.exe
  C:\Windows\System\BTeeXEL.exe
  2⤵
  PID:2232
- C:\Windows\System\yZEIEla.exe
  C:\Windows\System\yZEIEla.exe
  2⤵
  PID:1764
- C:\Windows\System\AShGrtw.exe
  C:\Windows\System\AShGrtw.exe
  2⤵
  PID:2460
- C:\Windows\System\hUyWGbg.exe
  C:\Windows\System\hUyWGbg.exe
  2⤵
  PID:2144
- C:\Windows\System\CcbOORI.exe
  C:\Windows\System\CcbOORI.exe
  2⤵
  PID:1608
- C:\Windows\System\VMyVNWr.exe
  C:\Windows\System\VMyVNWr.exe
  2⤵
  PID:1432
- C:\Windows\System\gGWExky.exe
  C:\Windows\System\gGWExky.exe
  2⤵
  PID:3044
- C:\Windows\System\jSuVKDs.exe
  C:\Windows\System\jSuVKDs.exe
  2⤵
  PID:2428
- C:\Windows\System\XWFiqQU.exe
  C:\Windows\System\XWFiqQU.exe
  2⤵
  PID:2336
- C:\Windows\System\baSLsMh.exe
  C:\Windows\System\baSLsMh.exe
  2⤵
  PID:2608
- C:\Windows\System\wcxeuDx.exe
  C:\Windows\System\wcxeuDx.exe
  2⤵
  PID:2668
- C:\Windows\System\hEzLIaQ.exe
  C:\Windows\System\hEzLIaQ.exe
  2⤵
  PID:2152
- C:\Windows\System\gwYlgfv.exe
  C:\Windows\System\gwYlgfv.exe
  2⤵
  PID:2836
- C:\Windows\System\HUSrrZA.exe
  C:\Windows\System\HUSrrZA.exe
  2⤵
  PID:2036
- C:\Windows\System\bWMLOIw.exe
  C:\Windows\System\bWMLOIw.exe
  2⤵
  PID:688
- C:\Windows\System\pwwFCmj.exe
  C:\Windows\System\pwwFCmj.exe
  2⤵
  PID:1792
- C:\Windows\System\UItUevF.exe
  C:\Windows\System\UItUevF.exe
  2⤵
  PID:2140
- C:\Windows\System\MRrlIbH.exe
  C:\Windows\System\MRrlIbH.exe
  2⤵
  PID:556
- C:\Windows\System\oNLRboo.exe
  C:\Windows\System\oNLRboo.exe
  2⤵
  PID:2280
- C:\Windows\System\cCHtgBl.exe
  C:\Windows\System\cCHtgBl.exe
  2⤵
  PID:1312
- C:\Windows\System\FCcyMYR.exe
  C:\Windows\System\FCcyMYR.exe
  2⤵
  PID:1560
- C:\Windows\System\xjjEBrB.exe
  C:\Windows\System\xjjEBrB.exe
  2⤵
  PID:752
- C:\Windows\System\oAwfAIE.exe
  C:\Windows\System\oAwfAIE.exe
  2⤵
  PID:2848
- C:\Windows\System\fKfiYwz.exe
  C:\Windows\System\fKfiYwz.exe
  2⤵
  PID:2332
- C:\Windows\System\jLenFfm.exe
  C:\Windows\System\jLenFfm.exe
  2⤵
  PID:1916
- C:\Windows\System\qysnYhT.exe
  C:\Windows\System\qysnYhT.exe
  2⤵
  PID:2880
- C:\Windows\System\hHkVGLX.exe
  C:\Windows\System\hHkVGLX.exe
  2⤵
  PID:756
- C:\Windows\System\hzCmuaz.exe
  C:\Windows\System\hzCmuaz.exe
  2⤵
  PID:2624
- C:\Windows\System\KsMrIor.exe
  C:\Windows\System\KsMrIor.exe
  2⤵
  PID:2636
- C:\Windows\System\muNHIkb.exe
  C:\Windows\System\muNHIkb.exe
  2⤵
  PID:2852
- C:\Windows\System\cNLtWTQ.exe
  C:\Windows\System\cNLtWTQ.exe
  2⤵
  PID:1644
- C:\Windows\System\oKEpwlr.exe
  C:\Windows\System\oKEpwlr.exe
  2⤵
  PID:2252
- C:\Windows\System\fFPJQOz.exe
  C:\Windows\System\fFPJQOz.exe
  2⤵
  PID:3080
- C:\Windows\System\cuItRtd.exe
  C:\Windows\System\cuItRtd.exe
  2⤵
  PID:3096
- C:\Windows\System\hZxazcD.exe
  C:\Windows\System\hZxazcD.exe
  2⤵
  PID:3116
- C:\Windows\System\pmBUvUB.exe
  C:\Windows\System\pmBUvUB.exe
  2⤵
  PID:3148
- C:\Windows\System\PJdKcqj.exe
  C:\Windows\System\PJdKcqj.exe
  2⤵
  PID:3168
- C:\Windows\System\yidFFcY.exe
  C:\Windows\System\yidFFcY.exe
  2⤵
  PID:3184
- C:\Windows\System\RoOuxXq.exe
  C:\Windows\System\RoOuxXq.exe
  2⤵
  PID:3204
- C:\Windows\System\UdzHjFE.exe
  C:\Windows\System\UdzHjFE.exe
  2⤵
  PID:3220
- C:\Windows\System\QECqZuQ.exe
  C:\Windows\System\QECqZuQ.exe
  2⤵
  PID:3240
- C:\Windows\System\NWnEMAd.exe
  C:\Windows\System\NWnEMAd.exe
  2⤵
  PID:3264
- C:\Windows\System\ohVtTqf.exe
  C:\Windows\System\ohVtTqf.exe
  2⤵
  PID:3284
- C:\Windows\System\UjVxnpL.exe
  C:\Windows\System\UjVxnpL.exe
  2⤵
  PID:3300
- C:\Windows\System\vTUPRcW.exe
  C:\Windows\System\vTUPRcW.exe
  2⤵
  PID:3320
- C:\Windows\System\SQGUCXn.exe
  C:\Windows\System\SQGUCXn.exe
  2⤵
  PID:3340
- C:\Windows\System\hCGYdJm.exe
  C:\Windows\System\hCGYdJm.exe
  2⤵
  PID:3360
- C:\Windows\System\QzYCqnR.exe
  C:\Windows\System\QzYCqnR.exe
  2⤵
  PID:3380
- C:\Windows\System\zciSNzZ.exe
  C:\Windows\System\zciSNzZ.exe
  2⤵
  PID:3404
- C:\Windows\System\eMmQRiA.exe
  C:\Windows\System\eMmQRiA.exe
  2⤵
  PID:3428
- C:\Windows\System\wJhIEYh.exe
  C:\Windows\System\wJhIEYh.exe
  2⤵
  PID:3444
- C:\Windows\System\brNZSlx.exe
  C:\Windows\System\brNZSlx.exe
  2⤵
  PID:3464
- C:\Windows\System\ajJIUIZ.exe
  C:\Windows\System\ajJIUIZ.exe
  2⤵
  PID:3480
- C:\Windows\System\bCSTcul.exe
  C:\Windows\System\bCSTcul.exe
  2⤵
  PID:3500
- C:\Windows\System\ngVmWIM.exe
  C:\Windows\System\ngVmWIM.exe
  2⤵
  PID:3516
- C:\Windows\System\uLvcIdh.exe
  C:\Windows\System\uLvcIdh.exe
  2⤵
  PID:3536
- C:\Windows\System\hJYUlDO.exe
  C:\Windows\System\hJYUlDO.exe
  2⤵
  PID:3556
- C:\Windows\System\nyHFQVF.exe
  C:\Windows\System\nyHFQVF.exe
  2⤵
  PID:3576
- C:\Windows\System\MeuPTlJ.exe
  C:\Windows\System\MeuPTlJ.exe
  2⤵
  PID:3600
- C:\Windows\System\mqCnAZD.exe
  C:\Windows\System\mqCnAZD.exe
  2⤵
  PID:3616
- C:\Windows\System\sjFeRll.exe
  C:\Windows\System\sjFeRll.exe
  2⤵
  PID:3636
- C:\Windows\System\iEzSgvn.exe
  C:\Windows\System\iEzSgvn.exe
  2⤵
  PID:3656
- C:\Windows\System\JSLKFAs.exe
  C:\Windows\System\JSLKFAs.exe
  2⤵
  PID:3680
- C:\Windows\System\RbpVDvZ.exe
  C:\Windows\System\RbpVDvZ.exe
  2⤵
  PID:3700
- C:\Windows\System\ocCaqqx.exe
  C:\Windows\System\ocCaqqx.exe
  2⤵
  PID:3724
- C:\Windows\System\zcRCeiM.exe
  C:\Windows\System\zcRCeiM.exe
  2⤵
  PID:3744
- C:\Windows\System\nsrzAAv.exe
  C:\Windows\System\nsrzAAv.exe
  2⤵
  PID:3760
- C:\Windows\System\UCgnKQo.exe
  C:\Windows\System\UCgnKQo.exe
  2⤵
  PID:3780
- C:\Windows\System\quZdnnr.exe
  C:\Windows\System\quZdnnr.exe
  2⤵
  PID:3800
- C:\Windows\System\VCzimse.exe
  C:\Windows\System\VCzimse.exe
  2⤵
  PID:3824
- C:\Windows\System\wkGgYzi.exe
  C:\Windows\System\wkGgYzi.exe
  2⤵
  PID:3840
- C:\Windows\System\ueUWPRn.exe
  C:\Windows\System\ueUWPRn.exe
  2⤵
  PID:3860
- C:\Windows\System\owORgrK.exe
  C:\Windows\System\owORgrK.exe
  2⤵
  PID:3876
- C:\Windows\System\nWpdSIQ.exe
  C:\Windows\System\nWpdSIQ.exe
  2⤵
  PID:3896
- C:\Windows\System\SOMHUeg.exe
  C:\Windows\System\SOMHUeg.exe
  2⤵
  PID:3912
- C:\Windows\System\jrvjZoR.exe
  C:\Windows\System\jrvjZoR.exe
  2⤵
  PID:3932
- C:\Windows\System\xnTJYWa.exe
  C:\Windows\System\xnTJYWa.exe
  2⤵
  PID:3948
- C:\Windows\System\cBpcSGo.exe
  C:\Windows\System\cBpcSGo.exe
  2⤵
  PID:3972
- C:\Windows\System\jDTEHWK.exe
  C:\Windows\System\jDTEHWK.exe
  2⤵
  PID:3992
- C:\Windows\System\ZffyqTm.exe
  C:\Windows\System\ZffyqTm.exe
  2⤵
  PID:4024
- C:\Windows\System\CUAymct.exe
  C:\Windows\System\CUAymct.exe
  2⤵
  PID:4048
- C:\Windows\System\iLMCURk.exe
  C:\Windows\System\iLMCURk.exe
  2⤵
  PID:4064
- C:\Windows\System\YKQFgqE.exe
  C:\Windows\System\YKQFgqE.exe
  2⤵
  PID:4084
- C:\Windows\System\qwRdzrg.exe
  C:\Windows\System\qwRdzrg.exe
  2⤵
  PID:1880
- C:\Windows\System\DMJtmWg.exe
  C:\Windows\System\DMJtmWg.exe
  2⤵
  PID:1372
- C:\Windows\System\DVANmqe.exe
  C:\Windows\System\DVANmqe.exe
  2⤵
  PID:2292
- C:\Windows\System\MipjabO.exe
  C:\Windows\System\MipjabO.exe
  2⤵
  PID:1340
- C:\Windows\System\nBvqqKO.exe
  C:\Windows\System\nBvqqKO.exe
  2⤵
  PID:3064
- C:\Windows\System\ctThBrC.exe
  C:\Windows\System\ctThBrC.exe
  2⤵
  PID:2528
- C:\Windows\System\aBCbsjk.exe
  C:\Windows\System\aBCbsjk.exe
  2⤵
  PID:2492
- C:\Windows\System\UPgzPdq.exe
  C:\Windows\System\UPgzPdq.exe
  2⤵
  PID:2736
- C:\Windows\System\sXXanys.exe
  C:\Windows\System\sXXanys.exe
  2⤵
  PID:1468
- C:\Windows\System\fAvjdpw.exe
  C:\Windows\System\fAvjdpw.exe
  2⤵
  PID:2168
- C:\Windows\System\FHqDLGD.exe
  C:\Windows\System\FHqDLGD.exe
  2⤵
  PID:3160
- C:\Windows\System\nWZEYIc.exe
  C:\Windows\System\nWZEYIc.exe
  2⤵
  PID:3196
- C:\Windows\System\yOCJhHc.exe
  C:\Windows\System\yOCJhHc.exe
  2⤵
  PID:3140
- C:\Windows\System\SuIQwND.exe
  C:\Windows\System\SuIQwND.exe
  2⤵
  PID:3232
- C:\Windows\System\HGsTmdu.exe
  C:\Windows\System\HGsTmdu.exe
  2⤵
  PID:3312
- C:\Windows\System\YHRrCUt.exe
  C:\Windows\System\YHRrCUt.exe
  2⤵
  PID:3176
- C:\Windows\System\WOFFWQV.exe
  C:\Windows\System\WOFFWQV.exe
  2⤵
  PID:3348
- C:\Windows\System\KaizeQq.exe
  C:\Windows\System\KaizeQq.exe
  2⤵
  PID:3400
- C:\Windows\System\pzyExNP.exe
  C:\Windows\System\pzyExNP.exe
  2⤵
  PID:3440
- C:\Windows\System\vZROAsJ.exe
  C:\Windows\System\vZROAsJ.exe
  2⤵
  PID:3292
- C:\Windows\System\gBuPDpp.exe
  C:\Windows\System\gBuPDpp.exe
  2⤵
  PID:3412
- C:\Windows\System\HkRKekq.exe
  C:\Windows\System\HkRKekq.exe
  2⤵
  PID:3368
- C:\Windows\System\CCDcHUW.exe
  C:\Windows\System\CCDcHUW.exe
  2⤵
  PID:3592
- C:\Windows\System\aNYHphm.exe
  C:\Windows\System\aNYHphm.exe
  2⤵
  PID:3624
- C:\Windows\System\OWRzKUZ.exe
  C:\Windows\System\OWRzKUZ.exe
  2⤵
  PID:3676
- C:\Windows\System\NvVXDFz.exe
  C:\Windows\System\NvVXDFz.exe
  2⤵
  PID:3720
- C:\Windows\System\dPfYzLh.exe
  C:\Windows\System\dPfYzLh.exe
  2⤵
  PID:3756
- C:\Windows\System\RMdXUsp.exe
  C:\Windows\System\RMdXUsp.exe
  2⤵
  PID:3496
- C:\Windows\System\PpfMLIl.exe
  C:\Windows\System\PpfMLIl.exe
  2⤵
  PID:3792
- C:\Windows\System\JYvmGJf.exe
  C:\Windows\System\JYvmGJf.exe
  2⤵
  PID:3692
- C:\Windows\System\JxKCVOx.exe
  C:\Windows\System\JxKCVOx.exe
  2⤵
  PID:3740
- C:\Windows\System\ZuITHIj.exe
  C:\Windows\System\ZuITHIj.exe
  2⤵
  PID:3732
- C:\Windows\System\vjyWYev.exe
  C:\Windows\System\vjyWYev.exe
  2⤵
  PID:3872
- C:\Windows\System\YoRoWqF.exe
  C:\Windows\System\YoRoWqF.exe
  2⤵
  PID:3980
- C:\Windows\System\lsmNpNG.exe
  C:\Windows\System\lsmNpNG.exe
  2⤵
  PID:3820
- C:\Windows\System\MYshAJe.exe
  C:\Windows\System\MYshAJe.exe
  2⤵
  PID:3964
- C:\Windows\System\PnRPkRP.exe
  C:\Windows\System\PnRPkRP.exe
  2⤵
  PID:3920
- C:\Windows\System\ctDfthO.exe
  C:\Windows\System\ctDfthO.exe
  2⤵
  PID:4036
- C:\Windows\System\zaGbtoH.exe
  C:\Windows\System\zaGbtoH.exe
  2⤵
  PID:2344
- C:\Windows\System\LtizEqQ.exe
  C:\Windows\System\LtizEqQ.exe
  2⤵
  PID:4000
- C:\Windows\System\tijBmCJ.exe
  C:\Windows\System\tijBmCJ.exe
  2⤵
  PID:4020
- C:\Windows\System\ysOmxAl.exe
  C:\Windows\System\ysOmxAl.exe
  2⤵
  PID:1616
- C:\Windows\System\CCmFVni.exe
  C:\Windows\System\CCmFVni.exe
  2⤵
  PID:2960
- C:\Windows\System\MDCvVih.exe
  C:\Windows\System\MDCvVih.exe
  2⤵
  PID:832
- C:\Windows\System\riDeBye.exe
  C:\Windows\System\riDeBye.exe
  2⤵
  PID:2944
- C:\Windows\System\zpfvTCu.exe
  C:\Windows\System\zpfvTCu.exe
  2⤵
  PID:1188
- C:\Windows\System\NewJiVN.exe
  C:\Windows\System\NewJiVN.exe
  2⤵
  PID:3192
- C:\Windows\System\YfFyNqg.exe
  C:\Windows\System\YfFyNqg.exe
  2⤵
  PID:2828
- C:\Windows\System\rEOGArH.exe
  C:\Windows\System\rEOGArH.exe
  2⤵
  PID:3280
- C:\Windows\System\gpuDUYS.exe
  C:\Windows\System\gpuDUYS.exe
  2⤵
  PID:3256
- C:\Windows\System\kaIOOtO.exe
  C:\Windows\System\kaIOOtO.exe
  2⤵
  PID:3216
- C:\Windows\System\XeoFSjJ.exe
  C:\Windows\System\XeoFSjJ.exe
  2⤵
  PID:3336
- C:\Windows\System\GHNyFja.exe
  C:\Windows\System\GHNyFja.exe
  2⤵
  PID:3548
- C:\Windows\System\lyINdsn.exe
  C:\Windows\System\lyINdsn.exe
  2⤵
  PID:3588
- C:\Windows\System\cetPTky.exe
  C:\Windows\System\cetPTky.exe
  2⤵
  PID:3628
- C:\Windows\System\nRmyaAp.exe
  C:\Windows\System\nRmyaAp.exe
  2⤵
  PID:3712
- C:\Windows\System\qpfLpFl.exe
  C:\Windows\System\qpfLpFl.exe
  2⤵
  PID:3532
- C:\Windows\System\MnJAfZy.exe
  C:\Windows\System\MnJAfZy.exe
  2⤵
  PID:3688
- C:\Windows\System\UxEjpkJ.exe
  C:\Windows\System\UxEjpkJ.exe
  2⤵
  PID:3772
- C:\Windows\System\LIjBLuD.exe
  C:\Windows\System\LIjBLuD.exe
  2⤵
  PID:3868
- C:\Windows\System\XzyQrpv.exe
  C:\Windows\System\XzyQrpv.exe
  2⤵
  PID:3892
- C:\Windows\System\kYpyUPs.exe
  C:\Windows\System\kYpyUPs.exe
  2⤵
  PID:4044
- C:\Windows\System\fVnovjo.exe
  C:\Windows\System\fVnovjo.exe
  2⤵
  PID:3956
- C:\Windows\System\mBgjBZh.exe
  C:\Windows\System\mBgjBZh.exe
  2⤵
  PID:2532
- C:\Windows\System\dGQjAnm.exe
  C:\Windows\System\dGQjAnm.exe
  2⤵
  PID:1556
- C:\Windows\System\gQdfEAd.exe
  C:\Windows\System\gQdfEAd.exe
  2⤵
  PID:3028
- C:\Windows\System\sevtQkX.exe
  C:\Windows\System\sevtQkX.exe
  2⤵
  PID:2516
- C:\Windows\System\soXuzzI.exe
  C:\Windows\System\soXuzzI.exe
  2⤵
  PID:1232
- C:\Windows\System\deVIbAW.exe
  C:\Windows\System\deVIbAW.exe
  2⤵
  PID:3136
- C:\Windows\System\xntssgu.exe
  C:\Windows\System\xntssgu.exe
  2⤵
  PID:3092
- C:\Windows\System\qUhcWIH.exe
  C:\Windows\System\qUhcWIH.exe
  2⤵
  PID:3512
- C:\Windows\System\NMjssGh.exe
  C:\Windows\System\NMjssGh.exe
  2⤵
  PID:3552
- C:\Windows\System\sPZyykU.exe
  C:\Windows\System\sPZyykU.exe
  2⤵
  PID:3420
- C:\Windows\System\datzPey.exe
  C:\Windows\System\datzPey.exe
  2⤵
  PID:4108
- C:\Windows\System\fuzcuHw.exe
  C:\Windows\System\fuzcuHw.exe
  2⤵
  PID:4128
- C:\Windows\System\yaxHhPq.exe
  C:\Windows\System\yaxHhPq.exe
  2⤵
  PID:4148
- C:\Windows\System\fTrrDKG.exe
  C:\Windows\System\fTrrDKG.exe
  2⤵
  PID:4168
- C:\Windows\System\hyyXGtq.exe
  C:\Windows\System\hyyXGtq.exe
  2⤵
  PID:4192
- C:\Windows\System\bqhDdqT.exe
  C:\Windows\System\bqhDdqT.exe
  2⤵
  PID:4212
- C:\Windows\System\iHJdBQQ.exe
  C:\Windows\System\iHJdBQQ.exe
  2⤵
  PID:4232
- C:\Windows\System\HGrUUOf.exe
  C:\Windows\System\HGrUUOf.exe
  2⤵
  PID:4252
- C:\Windows\System\nAXKLtm.exe
  C:\Windows\System\nAXKLtm.exe
  2⤵
  PID:4272
- C:\Windows\System\mGmxZHE.exe
  C:\Windows\System\mGmxZHE.exe
  2⤵
  PID:4292
- C:\Windows\System\FENvgzs.exe
  C:\Windows\System\FENvgzs.exe
  2⤵
  PID:4312
- C:\Windows\System\VnpSewf.exe
  C:\Windows\System\VnpSewf.exe
  2⤵
  PID:4332
- C:\Windows\System\eIuaxHW.exe
  C:\Windows\System\eIuaxHW.exe
  2⤵
  PID:4352
- C:\Windows\System\SiXpJql.exe
  C:\Windows\System\SiXpJql.exe
  2⤵
  PID:4372
- C:\Windows\System\qzSbcTX.exe
  C:\Windows\System\qzSbcTX.exe
  2⤵
  PID:4392
- C:\Windows\System\tByuCBT.exe
  C:\Windows\System\tByuCBT.exe
  2⤵
  PID:4412
- C:\Windows\System\dkJdBJd.exe
  C:\Windows\System\dkJdBJd.exe
  2⤵
  PID:4432
- C:\Windows\System\yTzKhyJ.exe
  C:\Windows\System\yTzKhyJ.exe
  2⤵
  PID:4452
- C:\Windows\System\FVWjAEb.exe
  C:\Windows\System\FVWjAEb.exe
  2⤵
  PID:4472
- C:\Windows\System\UdyULpm.exe
  C:\Windows\System\UdyULpm.exe
  2⤵
  PID:4492
- C:\Windows\System\rAUwFFr.exe
  C:\Windows\System\rAUwFFr.exe
  2⤵
  PID:4512
- C:\Windows\System\FwQsOcQ.exe
  C:\Windows\System\FwQsOcQ.exe
  2⤵
  PID:4532
- C:\Windows\System\MGxdiED.exe
  C:\Windows\System\MGxdiED.exe
  2⤵
  PID:4552
- C:\Windows\System\YOrbcpc.exe
  C:\Windows\System\YOrbcpc.exe
  2⤵
  PID:4572
- C:\Windows\System\vChLhYf.exe
  C:\Windows\System\vChLhYf.exe
  2⤵
  PID:4592
- C:\Windows\System\RzSGGnM.exe
  C:\Windows\System\RzSGGnM.exe
  2⤵
  PID:4612
- C:\Windows\System\KAlhHpc.exe
  C:\Windows\System\KAlhHpc.exe
  2⤵
  PID:4632
- C:\Windows\System\SNlsQIF.exe
  C:\Windows\System\SNlsQIF.exe
  2⤵
  PID:4652
- C:\Windows\System\vNMabVK.exe
  C:\Windows\System\vNMabVK.exe
  2⤵
  PID:4672
- C:\Windows\System\HtyKUZI.exe
  C:\Windows\System\HtyKUZI.exe
  2⤵
  PID:4692
- C:\Windows\System\jBYFOUM.exe
  C:\Windows\System\jBYFOUM.exe
  2⤵
  PID:4712
- C:\Windows\System\RBekqoT.exe
  C:\Windows\System\RBekqoT.exe
  2⤵
  PID:4732
- C:\Windows\System\lHVtsOm.exe
  C:\Windows\System\lHVtsOm.exe
  2⤵
  PID:4752
- C:\Windows\System\IxQiGqe.exe
  C:\Windows\System\IxQiGqe.exe
  2⤵
  PID:4772
- C:\Windows\System\Pnapaid.exe
  C:\Windows\System\Pnapaid.exe
  2⤵
  PID:4792
- C:\Windows\System\OZYeCUw.exe
  C:\Windows\System\OZYeCUw.exe
  2⤵
  PID:4812
- C:\Windows\System\KViAxfa.exe
  C:\Windows\System\KViAxfa.exe
  2⤵
  PID:4832
- C:\Windows\System\mbgYQlB.exe
  C:\Windows\System\mbgYQlB.exe
  2⤵
  PID:4852
- C:\Windows\System\HYXIaIS.exe
  C:\Windows\System\HYXIaIS.exe
  2⤵
  PID:4872
- C:\Windows\System\eGWMJkt.exe
  C:\Windows\System\eGWMJkt.exe
  2⤵
  PID:4892
- C:\Windows\System\gaOcWlb.exe
  C:\Windows\System\gaOcWlb.exe
  2⤵
  PID:4912
- C:\Windows\System\gjEFuSn.exe
  C:\Windows\System\gjEFuSn.exe
  2⤵
  PID:4932
- C:\Windows\System\vATKCZX.exe
  C:\Windows\System\vATKCZX.exe
  2⤵
  PID:4952
- C:\Windows\System\pilITsP.exe
  C:\Windows\System\pilITsP.exe
  2⤵
  PID:4972
- C:\Windows\System\yonFPSr.exe
  C:\Windows\System\yonFPSr.exe
  2⤵
  PID:4992
- C:\Windows\System\BeWPqfX.exe
  C:\Windows\System\BeWPqfX.exe
  2⤵
  PID:5012
- C:\Windows\System\adDktui.exe
  C:\Windows\System\adDktui.exe
  2⤵
  PID:5032
- C:\Windows\System\gItYeGM.exe
  C:\Windows\System\gItYeGM.exe
  2⤵
  PID:5052
- C:\Windows\System\ldvtTrb.exe
  C:\Windows\System\ldvtTrb.exe
  2⤵
  PID:5072
- C:\Windows\System\meZZJgP.exe
  C:\Windows\System\meZZJgP.exe
  2⤵
  PID:5092
- C:\Windows\System\nlMnYzO.exe
  C:\Windows\System\nlMnYzO.exe
  2⤵
  PID:5112
- C:\Windows\System\jVfubOB.exe
  C:\Windows\System\jVfubOB.exe
  2⤵
  PID:3752
- C:\Windows\System\uzLBpra.exe
  C:\Windows\System\uzLBpra.exe
  2⤵
  PID:3524
- C:\Windows\System\xuLfzQv.exe
  C:\Windows\System\xuLfzQv.exe
  2⤵
  PID:3816
- C:\Windows\System\nlzEuWI.exe
  C:\Windows\System\nlzEuWI.exe
  2⤵
  PID:4032
- C:\Windows\System\obQQvwb.exe
  C:\Windows\System\obQQvwb.exe
  2⤵
  PID:4076
- C:\Windows\System\OWETPeX.exe
  C:\Windows\System\OWETPeX.exe
  2⤵
  PID:4012
- C:\Windows\System\PsmjRaJ.exe
  C:\Windows\System\PsmjRaJ.exe
  2⤵
  PID:1844
- C:\Windows\System\MCqLByx.exe
  C:\Windows\System\MCqLByx.exe
  2⤵
  PID:3164
- C:\Windows\System\dQvFppj.exe
  C:\Windows\System\dQvFppj.exe
  2⤵
  PID:3088
- C:\Windows\System\iIgUVzx.exe
  C:\Windows\System\iIgUVzx.exe
  2⤵
  PID:3508
- C:\Windows\System\CPdSree.exe
  C:\Windows\System\CPdSree.exe
  2⤵
  PID:4104
- C:\Windows\System\xnhbWHm.exe
  C:\Windows\System\xnhbWHm.exe
  2⤵
  PID:4144
- C:\Windows\System\ACwbbfL.exe
  C:\Windows\System\ACwbbfL.exe
  2⤵
  PID:4176
- C:\Windows\System\mueolql.exe
  C:\Windows\System\mueolql.exe
  2⤵
  PID:4200
- C:\Windows\System\umORJnH.exe
  C:\Windows\System\umORJnH.exe
  2⤵
  PID:4224
- C:\Windows\System\StBrAkc.exe
  C:\Windows\System\StBrAkc.exe
  2⤵
  PID:4268
- C:\Windows\System\RhIEkzh.exe
  C:\Windows\System\RhIEkzh.exe
  2⤵
  PID:4300
- C:\Windows\System\wSFreDo.exe
  C:\Windows\System\wSFreDo.exe
  2⤵
  PID:4340
- C:\Windows\System\DNLWmln.exe
  C:\Windows\System\DNLWmln.exe
  2⤵
  PID:4360
- C:\Windows\System\OdLfkQx.exe
  C:\Windows\System\OdLfkQx.exe
  2⤵
  PID:4400
- C:\Windows\System\wdNbsaR.exe
  C:\Windows\System\wdNbsaR.exe
  2⤵
  PID:4424
- C:\Windows\System\aMDwhyD.exe
  C:\Windows\System\aMDwhyD.exe
  2⤵
  PID:4468
- C:\Windows\System\xOGdekZ.exe
  C:\Windows\System\xOGdekZ.exe
  2⤵
  PID:4500
- C:\Windows\System\HsyRPAW.exe
  C:\Windows\System\HsyRPAW.exe
  2⤵
  PID:4528
- C:\Windows\System\xPCUKHn.exe
  C:\Windows\System\xPCUKHn.exe
  2⤵
  PID:4568
- C:\Windows\System\inbXSpy.exe
  C:\Windows\System\inbXSpy.exe
  2⤵
  PID:4600
- C:\Windows\System\PmFThBb.exe
  C:\Windows\System\PmFThBb.exe
  2⤵
  PID:4624
- C:\Windows\System\MHnKyhN.exe
  C:\Windows\System\MHnKyhN.exe
  2⤵
  PID:4644
- C:\Windows\System\cbYlNwc.exe
  C:\Windows\System\cbYlNwc.exe
  2⤵
  PID:4688
- C:\Windows\System\MnsdWRV.exe
  C:\Windows\System\MnsdWRV.exe
  2⤵
  PID:4724
- C:\Windows\System\MdWLCYB.exe
  C:\Windows\System\MdWLCYB.exe
  2⤵
  PID:4768
- C:\Windows\System\tFHrruQ.exe
  C:\Windows\System\tFHrruQ.exe
  2⤵
  PID:4800
- C:\Windows\System\febCUSk.exe
  C:\Windows\System\febCUSk.exe
  2⤵
  PID:4824
- C:\Windows\System\dnGGPav.exe
  C:\Windows\System\dnGGPav.exe
  2⤵
  PID:4844
- C:\Windows\System\QAWTejT.exe
  C:\Windows\System\QAWTejT.exe
  2⤵
  PID:4888
- C:\Windows\System\WDJZiEc.exe
  C:\Windows\System\WDJZiEc.exe
  2⤵
  PID:4928
- C:\Windows\System\FNCKWlB.exe
  C:\Windows\System\FNCKWlB.exe
  2⤵
  PID:4968
- C:\Windows\System\RPTlnex.exe
  C:\Windows\System\RPTlnex.exe
  2⤵
  PID:5000
- C:\Windows\System\fYMGIFr.exe
  C:\Windows\System\fYMGIFr.exe
  2⤵
  PID:5004
- C:\Windows\System\EvzeNGo.exe
  C:\Windows\System\EvzeNGo.exe
  2⤵
  PID:5068
- C:\Windows\System\LcgFQjd.exe
  C:\Windows\System\LcgFQjd.exe
  2⤵
  PID:5084
- C:\Windows\System\DcmeeLk.exe
  C:\Windows\System\DcmeeLk.exe
  2⤵
  PID:3716
- C:\Windows\System\XHXKCIk.exe
  C:\Windows\System\XHXKCIk.exe
  2⤵
  PID:3944
- C:\Windows\System\STimoQR.exe
  C:\Windows\System\STimoQR.exe
  2⤵
  PID:3928
- C:\Windows\System\NUJYYgf.exe
  C:\Windows\System\NUJYYgf.exe
  2⤵
  PID:1904
- C:\Windows\System\LDkGcsX.exe
  C:\Windows\System\LDkGcsX.exe
  2⤵
  PID:1500
- C:\Windows\System\RyFBrEf.exe
  C:\Windows\System\RyFBrEf.exe
  2⤵
  PID:3332
- C:\Windows\System\GOfDugo.exe
  C:\Windows\System\GOfDugo.exe
  2⤵
  PID:3456
- C:\Windows\System\oLkwgNg.exe
  C:\Windows\System\oLkwgNg.exe
  2⤵
  PID:4156
- C:\Windows\System\xNSzyRm.exe
  C:\Windows\System\xNSzyRm.exe
  2⤵
  PID:4208
- C:\Windows\System\UIgNUqE.exe
  C:\Windows\System\UIgNUqE.exe
  2⤵
  PID:4204
- C:\Windows\System\wWTBDRJ.exe
  C:\Windows\System\wWTBDRJ.exe
  2⤵
  PID:4328
- C:\Windows\System\tzDrELa.exe
  C:\Windows\System\tzDrELa.exe
  2⤵
  PID:4344
- C:\Windows\System\WRtnPSo.exe
  C:\Windows\System\WRtnPSo.exe
  2⤵
  PID:4420
- C:\Windows\System\GmnOvLe.exe
  C:\Windows\System\GmnOvLe.exe
  2⤵
  PID:4484
- C:\Windows\System\glDUQYw.exe
  C:\Windows\System\glDUQYw.exe
  2⤵
  PID:4540
- C:\Windows\System\pWgtRxl.exe
  C:\Windows\System\pWgtRxl.exe
  2⤵
  PID:4564
- C:\Windows\System\kVzmjua.exe
  C:\Windows\System\kVzmjua.exe
  2⤵
  PID:4620
- C:\Windows\System\KmEGinn.exe
  C:\Windows\System\KmEGinn.exe
  2⤵
  PID:4700
- C:\Windows\System\zYgsLEM.exe
  C:\Windows\System\zYgsLEM.exe
  2⤵
  PID:4784
- C:\Windows\System\jqkpKyq.exe
  C:\Windows\System\jqkpKyq.exe
  2⤵
  PID:4868
- C:\Windows\System\olnxbJR.exe
  C:\Windows\System\olnxbJR.exe
  2⤵
  PID:4940
- C:\Windows\System\yQeZotu.exe
  C:\Windows\System\yQeZotu.exe
  2⤵
  PID:4924
- C:\Windows\System\clbikut.exe
  C:\Windows\System\clbikut.exe
  2⤵
  PID:4988
- C:\Windows\System\dpECMKQ.exe
  C:\Windows\System\dpECMKQ.exe
  2⤵
  PID:5028
- C:\Windows\System\tWuajBn.exe
  C:\Windows\System\tWuajBn.exe
  2⤵
  PID:5104
- C:\Windows\System\DsEmuWh.exe
  C:\Windows\System\DsEmuWh.exe
  2⤵
  PID:3528
- C:\Windows\System\BnhTMMv.exe
  C:\Windows\System\BnhTMMv.exe
  2⤵
  PID:3848
- C:\Windows\System\oYePcbX.exe
  C:\Windows\System\oYePcbX.exe
  2⤵
  PID:3156
- C:\Windows\System\fRqOGAq.exe
  C:\Windows\System\fRqOGAq.exe
  2⤵
  PID:3544
- C:\Windows\System\AzYsngF.exe
  C:\Windows\System\AzYsngF.exe
  2⤵
  PID:4120
- C:\Windows\System\EbqQSZB.exe
  C:\Windows\System\EbqQSZB.exe
  2⤵
  PID:4248
- C:\Windows\System\jsUELCt.exe
  C:\Windows\System\jsUELCt.exe
  2⤵
  PID:4428
- C:\Windows\System\UNRAwMv.exe
  C:\Windows\System\UNRAwMv.exe
  2⤵
  PID:4520
- C:\Windows\System\eZnAFRI.exe
  C:\Windows\System\eZnAFRI.exe
  2⤵
  PID:4488
- C:\Windows\System\GQCdnEL.exe
  C:\Windows\System\GQCdnEL.exe
  2⤵
  PID:4720
- C:\Windows\System\wxlBeAx.exe
  C:\Windows\System\wxlBeAx.exe
  2⤵
  PID:4728
- C:\Windows\System\JDfljFR.exe
  C:\Windows\System\JDfljFR.exe
  2⤵
  PID:4808
- C:\Windows\System\AlYIcwC.exe
  C:\Windows\System\AlYIcwC.exe
  2⤵
  PID:4900
- C:\Windows\System\FRvkdSE.exe
  C:\Windows\System\FRvkdSE.exe
  2⤵
  PID:5128
- C:\Windows\System\GeDoaVZ.exe
  C:\Windows\System\GeDoaVZ.exe
  2⤵
  PID:5148
- C:\Windows\System\buBjkeN.exe
  C:\Windows\System\buBjkeN.exe
  2⤵
  PID:5168
- C:\Windows\System\aIbHtRe.exe
  C:\Windows\System\aIbHtRe.exe
  2⤵
  PID:5188
- C:\Windows\System\ooJzcHK.exe
  C:\Windows\System\ooJzcHK.exe
  2⤵
  PID:5208
- C:\Windows\System\dAZWRvm.exe
  C:\Windows\System\dAZWRvm.exe
  2⤵
  PID:5224
- C:\Windows\System\INaRqqy.exe
  C:\Windows\System\INaRqqy.exe
  2⤵
  PID:5244
- C:\Windows\System\vEswGEY.exe
  C:\Windows\System\vEswGEY.exe
  2⤵
  PID:5264
- C:\Windows\System\lnNfMCi.exe
  C:\Windows\System\lnNfMCi.exe
  2⤵
  PID:5288
- C:\Windows\System\DYPkqGT.exe
  C:\Windows\System\DYPkqGT.exe
  2⤵
  PID:5308
- C:\Windows\System\ViioyIw.exe
  C:\Windows\System\ViioyIw.exe
  2⤵
  PID:5328
- C:\Windows\System\QBoFjCN.exe
  C:\Windows\System\QBoFjCN.exe
  2⤵
  PID:5344
- C:\Windows\System\sAfUFjg.exe
  C:\Windows\System\sAfUFjg.exe
  2⤵
  PID:5364
- C:\Windows\System\zQYlSAs.exe
  C:\Windows\System\zQYlSAs.exe
  2⤵
  PID:5384
- C:\Windows\System\wrKEgBu.exe
  C:\Windows\System\wrKEgBu.exe
  2⤵
  PID:5400
- C:\Windows\System\pwAjnWf.exe
  C:\Windows\System\pwAjnWf.exe
  2⤵
  PID:5424
- C:\Windows\System\aZawrOV.exe
  C:\Windows\System\aZawrOV.exe
  2⤵
  PID:5440
- C:\Windows\System\ZMTzoGr.exe
  C:\Windows\System\ZMTzoGr.exe
  2⤵
  PID:5464
- C:\Windows\System\MJCBOBy.exe
  C:\Windows\System\MJCBOBy.exe
  2⤵
  PID:5484
- C:\Windows\System\ouybgEN.exe
  C:\Windows\System\ouybgEN.exe
  2⤵
  PID:5500
- C:\Windows\System\hVNPFHx.exe
  C:\Windows\System\hVNPFHx.exe
  2⤵
  PID:5520
- C:\Windows\System\zomUWGg.exe
  C:\Windows\System\zomUWGg.exe
  2⤵
  PID:5540
- C:\Windows\System\ptVZWrV.exe
  C:\Windows\System\ptVZWrV.exe
  2⤵
  PID:5560
- C:\Windows\System\LaBcWmb.exe
  C:\Windows\System\LaBcWmb.exe
  2⤵
  PID:5580
- C:\Windows\System\jyZLQAE.exe
  C:\Windows\System\jyZLQAE.exe
  2⤵
  PID:5600
- C:\Windows\System\CILEIpu.exe
  C:\Windows\System\CILEIpu.exe
  2⤵
  PID:5620
- C:\Windows\System\ijRCpSZ.exe
  C:\Windows\System\ijRCpSZ.exe
  2⤵
  PID:5636
- C:\Windows\System\vVxGlxk.exe
  C:\Windows\System\vVxGlxk.exe
  2⤵
  PID:5660
- C:\Windows\System\urOppBw.exe
  C:\Windows\System\urOppBw.exe
  2⤵
  PID:5676
- C:\Windows\System\FPWAlWf.exe
  C:\Windows\System\FPWAlWf.exe
  2⤵
  PID:5700
- C:\Windows\System\jpiCwii.exe
  C:\Windows\System\jpiCwii.exe
  2⤵
  PID:5716
- C:\Windows\System\bhlUNOd.exe
  C:\Windows\System\bhlUNOd.exe
  2⤵
  PID:5740
- C:\Windows\System\yJZGxLW.exe
  C:\Windows\System\yJZGxLW.exe
  2⤵
  PID:5756
- C:\Windows\System\UGvJujx.exe
  C:\Windows\System\UGvJujx.exe
  2⤵
  PID:5776
- C:\Windows\System\ARrJZqg.exe
  C:\Windows\System\ARrJZqg.exe
  2⤵
  PID:5792
- C:\Windows\System\SNqVGKr.exe
  C:\Windows\System\SNqVGKr.exe
  2⤵
  PID:5816
- C:\Windows\System\TeeUVGx.exe
  C:\Windows\System\TeeUVGx.exe
  2⤵
  PID:5836
- C:\Windows\System\AEaDkfL.exe
  C:\Windows\System\AEaDkfL.exe
  2⤵
  PID:5864
- C:\Windows\System\rhIBJyz.exe
  C:\Windows\System\rhIBJyz.exe
  2⤵
  PID:5884
- C:\Windows\System\DPlSMPR.exe
  C:\Windows\System\DPlSMPR.exe
  2⤵
  PID:5904
- C:\Windows\System\wuUOsVV.exe
  C:\Windows\System\wuUOsVV.exe
  2⤵
  PID:5924
- C:\Windows\System\MkTsfRI.exe
  C:\Windows\System\MkTsfRI.exe
  2⤵
  PID:5940
- C:\Windows\System\aGYMSkY.exe
  C:\Windows\System\aGYMSkY.exe
  2⤵
  PID:5968
- C:\Windows\System\PhoLpta.exe
  C:\Windows\System\PhoLpta.exe
  2⤵
  PID:5988
- C:\Windows\System\OQbjCBY.exe
  C:\Windows\System\OQbjCBY.exe
  2⤵
  PID:6012
- C:\Windows\System\WbUosDw.exe
  C:\Windows\System\WbUosDw.exe
  2⤵
  PID:6028
- C:\Windows\System\OirXzeM.exe
  C:\Windows\System\OirXzeM.exe
  2⤵
  PID:6052
- C:\Windows\System\EpGYMly.exe
  C:\Windows\System\EpGYMly.exe
  2⤵
  PID:6072
- C:\Windows\System\sFWJNiz.exe
  C:\Windows\System\sFWJNiz.exe
  2⤵
  PID:6092
- C:\Windows\System\yLAMFqQ.exe
  C:\Windows\System\yLAMFqQ.exe
  2⤵
  PID:6108
- C:\Windows\System\LEenMVr.exe
  C:\Windows\System\LEenMVr.exe
  2⤵
  PID:6136
- C:\Windows\System\loGWjeW.exe
  C:\Windows\System\loGWjeW.exe
  2⤵
  PID:3564
- C:\Windows\System\emyhBRr.exe
  C:\Windows\System\emyhBRr.exe
  2⤵
  PID:5080
- C:\Windows\System\vhsaIni.exe
  C:\Windows\System\vhsaIni.exe
  2⤵
  PID:4100
- C:\Windows\System\eSDMgZm.exe
  C:\Windows\System\eSDMgZm.exe
  2⤵
  PID:4288
- C:\Windows\System\nkZboBa.exe
  C:\Windows\System\nkZboBa.exe
  2⤵
  PID:4188
- C:\Windows\System\skwlcnA.exe
  C:\Windows\System\skwlcnA.exe
  2⤵
  PID:4388
- C:\Windows\System\sFgyNGo.exe
  C:\Windows\System\sFgyNGo.exe
  2⤵
  PID:4804
- C:\Windows\System\iuqlRCw.exe
  C:\Windows\System\iuqlRCw.exe
  2⤵
  PID:4788
- C:\Windows\System\iDlChSZ.exe
  C:\Windows\System\iDlChSZ.exe
  2⤵
  PID:5156
- C:\Windows\System\iXaFJMO.exe
  C:\Windows\System\iXaFJMO.exe
  2⤵
  PID:5160
- C:\Windows\System\cXOfAua.exe
  C:\Windows\System\cXOfAua.exe
  2⤵
  PID:5200
- C:\Windows\System\WlOMJJb.exe
  C:\Windows\System\WlOMJJb.exe
  2⤵
  PID:5272
- C:\Windows\System\jECVgQf.exe
  C:\Windows\System\jECVgQf.exe
  2⤵
  PID:5216
- C:\Windows\System\EcdWxyU.exe
  C:\Windows\System\EcdWxyU.exe
  2⤵
  PID:5356
- C:\Windows\System\JoyaACG.exe
  C:\Windows\System\JoyaACG.exe
  2⤵
  PID:5360
- C:\Windows\System\jlDpofN.exe
  C:\Windows\System\jlDpofN.exe
  2⤵
  PID:5472
- C:\Windows\System\uDzcTIc.exe
  C:\Windows\System\uDzcTIc.exe
  2⤵
  PID:5508
- C:\Windows\System\MhSKreZ.exe
  C:\Windows\System\MhSKreZ.exe
  2⤵
  PID:5548
- C:\Windows\System\mbmDpSK.exe
  C:\Windows\System\mbmDpSK.exe
  2⤵
  PID:5372
- C:\Windows\System\zYsQUup.exe
  C:\Windows\System\zYsQUup.exe
  2⤵
  PID:5632
- C:\Windows\System\joyVnkg.exe
  C:\Windows\System\joyVnkg.exe
  2⤵
  PID:5420
- C:\Windows\System\XxkCwuK.exe
  C:\Windows\System\XxkCwuK.exe
  2⤵
  PID:5748
- C:\Windows\System\mPDzKMd.exe
  C:\Windows\System\mPDzKMd.exe
  2⤵
  PID:5496
- C:\Windows\System\hcmuYoC.exe
  C:\Windows\System\hcmuYoC.exe
  2⤵
  PID:5828
- C:\Windows\System\WcUoTAW.exe
  C:\Windows\System\WcUoTAW.exe
  2⤵
  PID:5536
- C:\Windows\System\mTmIIAE.exe
  C:\Windows\System\mTmIIAE.exe
  2⤵
  PID:5900
- C:\Windows\System\OOhuNOj.exe
  C:\Windows\System\OOhuNOj.exe
  2⤵
  PID:5936
- C:\Windows\System\iFjufIP.exe
  C:\Windows\System\iFjufIP.exe
  2⤵
  PID:5652
- C:\Windows\System\pBaVZAi.exe
  C:\Windows\System\pBaVZAi.exe
  2⤵
  PID:5688
- C:\Windows\System\eVOFOrA.exe
  C:\Windows\System\eVOFOrA.exe
  2⤵
  PID:6024
- C:\Windows\System\chTrpug.exe
  C:\Windows\System\chTrpug.exe
  2⤵
  PID:5724
- C:\Windows\System\uXDUgNQ.exe
  C:\Windows\System\uXDUgNQ.exe
  2⤵
  PID:6104
- C:\Windows\System\wVCnwrV.exe
  C:\Windows\System\wVCnwrV.exe
  2⤵
  PID:3200
- C:\Windows\System\rKYNsmo.exe
  C:\Windows\System\rKYNsmo.exe
  2⤵
  PID:5844
- C:\Windows\System\ADnQFmb.exe
  C:\Windows\System\ADnQFmb.exe
  2⤵
  PID:5912
- C:\Windows\System\LwaQtkl.exe
  C:\Windows\System\LwaQtkl.exe
  2⤵
  PID:5960
- C:\Windows\System\JGetzLk.exe
  C:\Windows\System\JGetzLk.exe
  2⤵
  PID:4588
- C:\Windows\System\NAppOVS.exe
  C:\Windows\System\NAppOVS.exe
  2⤵
  PID:6036
- C:\Windows\System\cvddAwc.exe
  C:\Windows\System\cvddAwc.exe
  2⤵
  PID:5124
- C:\Windows\System\ieFMhjC.exe
  C:\Windows\System\ieFMhjC.exe
  2⤵
  PID:6120
- C:\Windows\System\THsnSrO.exe
  C:\Windows\System\THsnSrO.exe
  2⤵
  PID:5060
- C:\Windows\System\twKXvBv.exe
  C:\Windows\System\twKXvBv.exe
  2⤵
  PID:5140
- C:\Windows\System\lxgwPtW.exe
  C:\Windows\System\lxgwPtW.exe
  2⤵
  PID:5176
- C:\Windows\System\xMvIcji.exe
  C:\Windows\System\xMvIcji.exe
  2⤵
  PID:4660
- C:\Windows\System\caABKMA.exe
  C:\Windows\System\caABKMA.exe
  2⤵
  PID:4960
- C:\Windows\System\doQOpzr.exe
  C:\Windows\System\doQOpzr.exe
  2⤵
  PID:5240
- C:\Windows\System\SfJoIXj.exe
  C:\Windows\System\SfJoIXj.exe
  2⤵
  PID:4460
- C:\Windows\System\MYlRTcm.exe
  C:\Windows\System\MYlRTcm.exe
  2⤵
  PID:5324
- C:\Windows\System\oeRrjvU.exe
  C:\Windows\System\oeRrjvU.exe
  2⤵
  PID:5452
- C:\Windows\System\IcRSzfm.exe
  C:\Windows\System\IcRSzfm.exe
  2⤵
  PID:5296
- C:\Windows\System\EANwPoK.exe
  C:\Windows\System\EANwPoK.exe
  2⤵
  PID:5572
- C:\Windows\System\RHqqzOv.exe
  C:\Windows\System\RHqqzOv.exe
  2⤵
  PID:5512
- C:\Windows\System\eSntxLC.exe
  C:\Windows\System\eSntxLC.exe
  2⤵
  PID:5976
- C:\Windows\System\AmuxfsA.exe
  C:\Windows\System\AmuxfsA.exe
  2⤵
  PID:5628
- C:\Windows\System\BkYuxBE.exe
  C:\Windows\System\BkYuxBE.exe
  2⤵
  PID:5708
- C:\Windows\System\zavmfYe.exe
  C:\Windows\System\zavmfYe.exe
  2⤵
  PID:5784
- C:\Windows\System\wfUkyUY.exe
  C:\Windows\System\wfUkyUY.exe
  2⤵
  PID:5696
- C:\Windows\System\YJKgxiQ.exe
  C:\Windows\System\YJKgxiQ.exe
  2⤵
  PID:5616
- C:\Windows\System\WQpTcNA.exe
  C:\Windows\System\WQpTcNA.exe
  2⤵
  PID:5044
- C:\Windows\System\ZhONPPY.exe
  C:\Windows\System\ZhONPPY.exe
  2⤵
  PID:5732
- C:\Windows\System\UCdqfpv.exe
  C:\Windows\System\UCdqfpv.exe
  2⤵
  PID:5764
- C:\Windows\System\FhXhhwo.exe
  C:\Windows\System\FhXhhwo.exe
  2⤵
  PID:4848
- C:\Windows\System\USXhOyx.exe
  C:\Windows\System\USXhOyx.exe
  2⤵
  PID:4180
- C:\Windows\System\pWcwHSX.exe
  C:\Windows\System\pWcwHSX.exe
  2⤵
  PID:5948
- C:\Windows\System\vNWeajm.exe
  C:\Windows\System\vNWeajm.exe
  2⤵
  PID:5336
- C:\Windows\System\FvCmzaN.exe
  C:\Windows\System\FvCmzaN.exe
  2⤵
  PID:6000
- C:\Windows\System\qFUaFNI.exe
  C:\Windows\System\qFUaFNI.exe
  2⤵
  PID:6084
- C:\Windows\System\jocQDmr.exe
  C:\Windows\System\jocQDmr.exe
  2⤵
  PID:4140
- C:\Windows\System\gPNCOSn.exe
  C:\Windows\System\gPNCOSn.exe
  2⤵
  PID:4380
- C:\Windows\System\xUCnBeH.exe
  C:\Windows\System\xUCnBeH.exe
  2⤵
  PID:5260
- C:\Windows\System\ywAHvON.exe
  C:\Windows\System\ywAHvON.exe
  2⤵
  PID:4748
- C:\Windows\System\LClygOg.exe
  C:\Windows\System\LClygOg.exe
  2⤵
  PID:5656
- C:\Windows\System\mhBGgtZ.exe
  C:\Windows\System\mhBGgtZ.exe
  2⤵
  PID:5808
- C:\Windows\System\oTWJPcu.exe
  C:\Windows\System\oTWJPcu.exe
  2⤵
  PID:5352
- C:\Windows\System\ANFmfSD.exe
  C:\Windows\System\ANFmfSD.exe
  2⤵
  PID:4444
- C:\Windows\System\JSxGzAB.exe
  C:\Windows\System\JSxGzAB.exe
  2⤵
  PID:5772
- C:\Windows\System\dVrunbE.exe
  C:\Windows\System\dVrunbE.exe
  2⤵
  PID:4280
- C:\Windows\System\UuRIqnT.exe
  C:\Windows\System\UuRIqnT.exe
  2⤵
  PID:6100
- C:\Windows\System\OPonGrN.exe
  C:\Windows\System\OPonGrN.exe
  2⤵
  PID:6160
- C:\Windows\System\OMxSiuk.exe
  C:\Windows\System\OMxSiuk.exe
  2⤵
  PID:6176
- C:\Windows\System\mhJpevx.exe
  C:\Windows\System\mhJpevx.exe
  2⤵
  PID:6200
- C:\Windows\System\HXOTvlF.exe
  C:\Windows\System\HXOTvlF.exe
  2⤵
  PID:6220
- C:\Windows\System\olYDPSd.exe
  C:\Windows\System\olYDPSd.exe
  2⤵
  PID:6240
- C:\Windows\System\RRduWyK.exe
  C:\Windows\System\RRduWyK.exe
  2⤵
  PID:6260
- C:\Windows\System\QZHlAch.exe
  C:\Windows\System\QZHlAch.exe
  2⤵
  PID:6280
- C:\Windows\System\ScFpVXB.exe
  C:\Windows\System\ScFpVXB.exe
  2⤵
  PID:6300
- C:\Windows\System\AkaQGqH.exe
  C:\Windows\System\AkaQGqH.exe
  2⤵
  PID:6316
- C:\Windows\System\ZWLFfmX.exe
  C:\Windows\System\ZWLFfmX.exe
  2⤵
  PID:6340
- C:\Windows\System\jfZThpJ.exe
  C:\Windows\System\jfZThpJ.exe
  2⤵
  PID:6360
- C:\Windows\System\zPojahh.exe
  C:\Windows\System\zPojahh.exe
  2⤵
  PID:6380
- C:\Windows\System\FiGLKVV.exe
  C:\Windows\System\FiGLKVV.exe
  2⤵
  PID:6400
- C:\Windows\System\vJXPxDa.exe
  C:\Windows\System\vJXPxDa.exe
  2⤵
  PID:6420
- C:\Windows\System\igmeamK.exe
  C:\Windows\System\igmeamK.exe
  2⤵
  PID:6440
- C:\Windows\System\zFnQrKv.exe
  C:\Windows\System\zFnQrKv.exe
  2⤵
  PID:6460
- C:\Windows\System\SfOqSOG.exe
  C:\Windows\System\SfOqSOG.exe
  2⤵
  PID:6480
- C:\Windows\System\ZBtwkkt.exe
  C:\Windows\System\ZBtwkkt.exe
  2⤵
  PID:6496
- C:\Windows\System\YHsAePR.exe
  C:\Windows\System\YHsAePR.exe
  2⤵
  PID:6516
- C:\Windows\System\PUmFowk.exe
  C:\Windows\System\PUmFowk.exe
  2⤵
  PID:6536
- C:\Windows\System\ltxcdmt.exe
  C:\Windows\System\ltxcdmt.exe
  2⤵
  PID:6560
- C:\Windows\System\XBOxgVL.exe
  C:\Windows\System\XBOxgVL.exe
  2⤵
  PID:6580
- C:\Windows\System\hMVpJsn.exe
  C:\Windows\System\hMVpJsn.exe
  2⤵
  PID:6600
- C:\Windows\System\PneMGmc.exe
  C:\Windows\System\PneMGmc.exe
  2⤵
  PID:6620
- C:\Windows\System\jCpNAVX.exe
  C:\Windows\System\jCpNAVX.exe
  2⤵
  PID:6640
- C:\Windows\System\SACJnmO.exe
  C:\Windows\System\SACJnmO.exe
  2⤵
  PID:6660
- C:\Windows\System\MUYNqqQ.exe
  C:\Windows\System\MUYNqqQ.exe
  2⤵
  PID:6680
- C:\Windows\System\qbRThZP.exe
  C:\Windows\System\qbRThZP.exe
  2⤵
  PID:6700
- C:\Windows\System\VzTCEmw.exe
  C:\Windows\System\VzTCEmw.exe
  2⤵
  PID:6724
- C:\Windows\System\ldntFcI.exe
  C:\Windows\System\ldntFcI.exe
  2⤵
  PID:6744
- C:\Windows\System\PgaYACI.exe
  C:\Windows\System\PgaYACI.exe
  2⤵
  PID:6764
- C:\Windows\System\JSxSjWk.exe
  C:\Windows\System\JSxSjWk.exe
  2⤵
  PID:6784
- C:\Windows\System\OdTmygp.exe
  C:\Windows\System\OdTmygp.exe
  2⤵
  PID:6804
- C:\Windows\System\PLMJOnv.exe
  C:\Windows\System\PLMJOnv.exe
  2⤵
  PID:6824
- C:\Windows\System\emSMCNx.exe
  C:\Windows\System\emSMCNx.exe
  2⤵
  PID:6844
- C:\Windows\System\AzOjoHx.exe
  C:\Windows\System\AzOjoHx.exe
  2⤵
  PID:6864
- C:\Windows\System\vEZJsoR.exe
  C:\Windows\System\vEZJsoR.exe
  2⤵
  PID:6884
- C:\Windows\System\avSdxmI.exe
  C:\Windows\System\avSdxmI.exe
  2⤵
  PID:6900
- C:\Windows\System\zSriWTL.exe
  C:\Windows\System\zSriWTL.exe
  2⤵
  PID:6924
- C:\Windows\System\xKVxvAT.exe
  C:\Windows\System\xKVxvAT.exe
  2⤵
  PID:6944
- C:\Windows\System\oNtbHJK.exe
  C:\Windows\System\oNtbHJK.exe
  2⤵
  PID:6964
- C:\Windows\System\liqtyNO.exe
  C:\Windows\System\liqtyNO.exe
  2⤵
  PID:6980
- C:\Windows\System\qayGqlC.exe
  C:\Windows\System\qayGqlC.exe
  2⤵
  PID:7004
- C:\Windows\System\PRgtEnO.exe
  C:\Windows\System\PRgtEnO.exe
  2⤵
  PID:7024
- C:\Windows\System\hlECKqc.exe
  C:\Windows\System\hlECKqc.exe
  2⤵
  PID:7044
- C:\Windows\System\LpQcPMS.exe
  C:\Windows\System\LpQcPMS.exe
  2⤵
  PID:7060
- C:\Windows\System\SOnyPwK.exe
  C:\Windows\System\SOnyPwK.exe
  2⤵
  PID:7084
- C:\Windows\System\xAkxTsN.exe
  C:\Windows\System\xAkxTsN.exe
  2⤵
  PID:7104
- C:\Windows\System\xvuRfpf.exe
  C:\Windows\System\xvuRfpf.exe
  2⤵
  PID:7124
- C:\Windows\System\sQeyzNV.exe
  C:\Windows\System\sQeyzNV.exe
  2⤵
  PID:7140
- C:\Windows\System\RxiXTya.exe
  C:\Windows\System\RxiXTya.exe
  2⤵
  PID:7160
- C:\Windows\System\yayBxiv.exe
  C:\Windows\System\yayBxiv.exe
  2⤵
  PID:6132
- C:\Windows\System\eBYyZBx.exe
  C:\Windows\System\eBYyZBx.exe
  2⤵
  PID:5144
- C:\Windows\System\igPHWah.exe
  C:\Windows\System\igPHWah.exe
  2⤵
  PID:5596
- C:\Windows\System\QIwDMea.exe
  C:\Windows\System\QIwDMea.exe
  2⤵
  PID:5932
- C:\Windows\System\pcZuEDA.exe
  C:\Windows\System\pcZuEDA.exe
  2⤵
  PID:5848
- C:\Windows\System\rtGDKSW.exe
  C:\Windows\System\rtGDKSW.exe
  2⤵
  PID:2540
- C:\Windows\System\xOxQBnv.exe
  C:\Windows\System\xOxQBnv.exe
  2⤵
  PID:6148
- C:\Windows\System\bqGetac.exe
  C:\Windows\System\bqGetac.exe
  2⤵
  PID:6152
- C:\Windows\System\AEwqFvL.exe
  C:\Windows\System\AEwqFvL.exe
  2⤵
  PID:6196
- C:\Windows\System\EnYipAC.exe
  C:\Windows\System\EnYipAC.exe
  2⤵
  PID:6228
- C:\Windows\System\mQeStGR.exe
  C:\Windows\System\mQeStGR.exe
  2⤵
  PID:6272
- C:\Windows\System\tAfhLrD.exe
  C:\Windows\System\tAfhLrD.exe
  2⤵
  PID:6248
- C:\Windows\System\cQeKxmN.exe
  C:\Windows\System\cQeKxmN.exe
  2⤵
  PID:6328
- C:\Windows\System\ZAlCgrA.exe
  C:\Windows\System\ZAlCgrA.exe
  2⤵
  PID:6332
- C:\Windows\System\KPNlmna.exe
  C:\Windows\System\KPNlmna.exe
  2⤵
  PID:6392
- C:\Windows\System\zfYYINx.exe
  C:\Windows\System\zfYYINx.exe
  2⤵
  PID:6436
- C:\Windows\System\DkFfvLO.exe
  C:\Windows\System\DkFfvLO.exe
  2⤵
  PID:6468
- C:\Windows\System\RHfJftv.exe
  C:\Windows\System\RHfJftv.exe
  2⤵
  PID:6476
- C:\Windows\System\MMpSIBX.exe
  C:\Windows\System\MMpSIBX.exe
  2⤵
  PID:6544
- C:\Windows\System\cQzUVcX.exe
  C:\Windows\System\cQzUVcX.exe
  2⤵
  PID:6548
- C:\Windows\System\UqfRcXg.exe
  C:\Windows\System\UqfRcXg.exe
  2⤵
  PID:6588
- C:\Windows\System\NOAQvrn.exe
  C:\Windows\System\NOAQvrn.exe
  2⤵
  PID:6592
- C:\Windows\System\JAtolOn.exe
  C:\Windows\System\JAtolOn.exe
  2⤵
  PID:6608
- C:\Windows\System\sJfUJaI.exe
  C:\Windows\System\sJfUJaI.exe
  2⤵
  PID:6656
- C:\Windows\System\RZxhdtk.exe
  C:\Windows\System\RZxhdtk.exe
  2⤵
  PID:6716
- C:\Windows\System\MjhYhKW.exe
  C:\Windows\System\MjhYhKW.exe
  2⤵
  PID:6736
- C:\Windows\System\WWXevam.exe
  C:\Windows\System\WWXevam.exe
  2⤵
  PID:6776
- C:\Windows\System\RUOmgnn.exe
  C:\Windows\System\RUOmgnn.exe
  2⤵
  PID:6872
- C:\Windows\System\IIGeWut.exe
  C:\Windows\System\IIGeWut.exe
  2⤵
  PID:6860
- C:\Windows\System\xOnPTpQ.exe
  C:\Windows\System\xOnPTpQ.exe
  2⤵
  PID:6952
- C:\Windows\System\jfAwGPl.exe
  C:\Windows\System\jfAwGPl.exe
  2⤵
  PID:6932
- C:\Windows\System\hVzxuNU.exe
  C:\Windows\System\hVzxuNU.exe
  2⤵
  PID:6992
- C:\Windows\System\hnLzUiu.exe
  C:\Windows\System\hnLzUiu.exe
  2⤵
  PID:7012
- C:\Windows\System\DTBAwNa.exe
  C:\Windows\System\DTBAwNa.exe
  2⤵
  PID:7068
- C:\Windows\System\JAVRbxG.exe
  C:\Windows\System\JAVRbxG.exe
  2⤵
  PID:7056
- C:\Windows\System\cjsPrcG.exe
  C:\Windows\System\cjsPrcG.exe
  2⤵
  PID:7116
- C:\Windows\System\qwEjgmV.exe
  C:\Windows\System\qwEjgmV.exe
  2⤵
  PID:7156
- C:\Windows\System\BktsQPn.exe
  C:\Windows\System\BktsQPn.exe
  2⤵
  PID:5896
- C:\Windows\System\mlBwXSE.exe
  C:\Windows\System\mlBwXSE.exe
  2⤵
  PID:5892
- C:\Windows\System\gRybgnl.exe
  C:\Windows\System\gRybgnl.exe
  2⤵
  PID:6064
- C:\Windows\System\pPLaDcB.exe
  C:\Windows\System\pPLaDcB.exe
  2⤵
  PID:5480
- C:\Windows\System\mMrMSQJ.exe
  C:\Windows\System\mMrMSQJ.exe
  2⤵
  PID:6308
- C:\Windows\System\XUmldEC.exe
  C:\Windows\System\XUmldEC.exe
  2⤵
  PID:5256
- C:\Windows\System\QjAnWrt.exe
  C:\Windows\System\QjAnWrt.exe
  2⤵
  PID:6428
- C:\Windows\System\xQCXYqr.exe
  C:\Windows\System\xQCXYqr.exe
  2⤵
  PID:6552
- C:\Windows\System\EBjfggG.exe
  C:\Windows\System\EBjfggG.exe
  2⤵
  PID:2884
- C:\Windows\System\rFoePsf.exe
  C:\Windows\System\rFoePsf.exe
  2⤵
  PID:6192
- C:\Windows\System\UunLOmF.exe
  C:\Windows\System\UunLOmF.exe
  2⤵
  PID:2716
- C:\Windows\System\NgDSGXI.exe
  C:\Windows\System\NgDSGXI.exe
  2⤵
  PID:6652
- C:\Windows\System\XUXDAFi.exe
  C:\Windows\System\XUXDAFi.exe
  2⤵
  PID:2312
- C:\Windows\System\hwOHPte.exe
  C:\Windows\System\hwOHPte.exe
  2⤵
  PID:6508
- C:\Windows\System\RrrqbSi.exe
  C:\Windows\System\RrrqbSi.exe
  2⤵
  PID:6416
- C:\Windows\System\VeCNdqY.exe
  C:\Windows\System\VeCNdqY.exe
  2⤵
  PID:6528
- C:\Windows\System\NcMHZNI.exe
  C:\Windows\System\NcMHZNI.exe
  2⤵
  PID:6816
- C:\Windows\System\vuTRbzK.exe
  C:\Windows\System\vuTRbzK.exe
  2⤵
  PID:6920
- C:\Windows\System\fgIYzYe.exe
  C:\Windows\System\fgIYzYe.exe
  2⤵
  PID:6832
- C:\Windows\System\ddcPXrB.exe
  C:\Windows\System\ddcPXrB.exe
  2⤵
  PID:6800
- C:\Windows\System\IJfOaIb.exe
  C:\Windows\System\IJfOaIb.exe
  2⤵
  PID:6956
- C:\Windows\System\DEJnIYs.exe
  C:\Windows\System\DEJnIYs.exe
  2⤵
  PID:6972
- C:\Windows\System\LLgtHnO.exe
  C:\Windows\System\LLgtHnO.exe
  2⤵
  PID:4760
- C:\Windows\System\qXbjPpw.exe
  C:\Windows\System\qXbjPpw.exe
  2⤵
  PID:7016
- C:\Windows\System\HZTUEhm.exe
  C:\Windows\System\HZTUEhm.exe
  2⤵
  PID:2780
- C:\Windows\System\PtlBGaT.exe
  C:\Windows\System\PtlBGaT.exe
  2⤵
  PID:6372
- C:\Windows\System\nMcZuDx.exe
  C:\Windows\System\nMcZuDx.exe
  2⤵
  PID:2352
- C:\Windows\System\dqQfOCr.exe
  C:\Windows\System\dqQfOCr.exe
  2⤵
  PID:6080
- C:\Windows\System\JdCDbWC.exe
  C:\Windows\System\JdCDbWC.exe
  2⤵
  PID:6268
- C:\Windows\System\oKqQead.exe
  C:\Windows\System\oKqQead.exe
  2⤵
  PID:6296
- C:\Windows\System\hemmOKC.exe
  C:\Windows\System\hemmOKC.exe
  2⤵
  PID:6756
- C:\Windows\System\SEeSFhM.exe
  C:\Windows\System\SEeSFhM.exe
  2⤵
  PID:6504
- C:\Windows\System\tTDBEZB.exe
  C:\Windows\System\tTDBEZB.exe
  2⤵
  PID:2384
- C:\Windows\System\bWWThCt.exe
  C:\Windows\System\bWWThCt.exe
  2⤵
  PID:6396
- C:\Windows\System\LvYuHQa.exe
  C:\Windows\System\LvYuHQa.exe
  2⤵
  PID:6524
- C:\Windows\System\WEGzDKZ.exe
  C:\Windows\System\WEGzDKZ.exe
  2⤵
  PID:6908
- C:\Windows\System\pUteUrZ.exe
  C:\Windows\System\pUteUrZ.exe
  2⤵
  PID:6936
- C:\Windows\System\lnXdUVO.exe
  C:\Windows\System\lnXdUVO.exe
  2⤵
  PID:316
- C:\Windows\System\PFqyHxP.exe
  C:\Windows\System\PFqyHxP.exe
  2⤵
  PID:5136
- C:\Windows\System\QiQiXDS.exe
  C:\Windows\System\QiQiXDS.exe
  2⤵
  PID:2028
- C:\Windows\System\OXxpefZ.exe
  C:\Windows\System\OXxpefZ.exe
  2⤵
  PID:2016
- C:\Windows\System\GNSEZJM.exe
  C:\Windows\System\GNSEZJM.exe
  2⤵
  PID:7072
- C:\Windows\System\ntALgIx.exe
  C:\Windows\System\ntALgIx.exe
  2⤵
  PID:5528
- C:\Windows\System\CVwpjNA.exe
  C:\Windows\System\CVwpjNA.exe
  2⤵
  PID:6252
- C:\Windows\System\fAnrqIo.exe
  C:\Windows\System\fAnrqIo.exe
  2⤵
  PID:6212
- C:\Windows\System\qYhBWAG.exe
  C:\Windows\System\qYhBWAG.exe
  2⤵
  PID:6452
- C:\Windows\System\aMqhGbr.exe
  C:\Windows\System\aMqhGbr.exe
  2⤵
  PID:6556
- C:\Windows\System\XvqCeDx.exe
  C:\Windows\System\XvqCeDx.exe
  2⤵
  PID:6836
- C:\Windows\System\PdVrzdM.exe
  C:\Windows\System\PdVrzdM.exe
  2⤵
  PID:6820
- C:\Windows\System\pqEwZYu.exe
  C:\Windows\System\pqEwZYu.exe
  2⤵
  PID:6188
- C:\Windows\System\yXKYjer.exe
  C:\Windows\System\yXKYjer.exe
  2⤵
  PID:6796
- C:\Windows\System\eZmpVJD.exe
  C:\Windows\System\eZmpVJD.exe
  2⤵
  PID:6988
- C:\Windows\System\ErtXqFr.exe
  C:\Windows\System\ErtXqFr.exe
  2⤵
  PID:2600
- C:\Windows\System\PhNDmQg.exe
  C:\Windows\System\PhNDmQg.exe
  2⤵
  PID:2712
- C:\Windows\System\vatseIx.exe
  C:\Windows\System\vatseIx.exe
  2⤵
  PID:480
- C:\Windows\System\JXpKXBy.exe
  C:\Windows\System\JXpKXBy.exe
  2⤵
  PID:2136
- C:\Windows\System\fHQXYAA.exe
  C:\Windows\System\fHQXYAA.exe
  2⤵
  PID:2820
- C:\Windows\System\CQwpuVU.exe
  C:\Windows\System\CQwpuVU.exe
  2⤵
  PID:5412
- C:\Windows\System\Jbsbcgr.exe
  C:\Windows\System\Jbsbcgr.exe
  2⤵
  PID:2324
- C:\Windows\System\BcjYwYk.exe
  C:\Windows\System\BcjYwYk.exe
  2⤵
  PID:6976
- C:\Windows\System\VwZxBFG.exe
  C:\Windows\System\VwZxBFG.exe
  2⤵
  PID:4284
- C:\Windows\System\JozoKlS.exe
  C:\Windows\System\JozoKlS.exe
  2⤵
  PID:1824
- C:\Windows\System\EwSMCgb.exe
  C:\Windows\System\EwSMCgb.exe
  2⤵
  PID:1632
- C:\Windows\System\VujHIXd.exe
  C:\Windows\System\VujHIXd.exe
  2⤵
  PID:2964
- C:\Windows\System\ELQhpIE.exe
  C:\Windows\System\ELQhpIE.exe
  2⤵
  PID:6208
- C:\Windows\System\CLQLGwC.exe
  C:\Windows\System\CLQLGwC.exe
  2⤵
  PID:2844
- C:\Windows\System\VeEOUKx.exe
  C:\Windows\System\VeEOUKx.exe
  2⤵
  PID:6388
- C:\Windows\System\KJhsNPo.exe
  C:\Windows\System\KJhsNPo.exe
  2⤵
  PID:7180
- C:\Windows\System\iFJSzQN.exe
  C:\Windows\System\iFJSzQN.exe
  2⤵
  PID:7200
- C:\Windows\System\EcpXWgx.exe
  C:\Windows\System\EcpXWgx.exe
  2⤵
  PID:7216
- C:\Windows\System\XZQLcLA.exe
  C:\Windows\System\XZQLcLA.exe
  2⤵
  PID:7232
- C:\Windows\System\xOZRCby.exe
  C:\Windows\System\xOZRCby.exe
  2⤵
  PID:7248
- C:\Windows\System\UzjziMz.exe
  C:\Windows\System\UzjziMz.exe
  2⤵
  PID:7264
- C:\Windows\System\HjKzXvG.exe
  C:\Windows\System\HjKzXvG.exe
  2⤵
  PID:7292
- C:\Windows\System\LZhSBfM.exe
  C:\Windows\System\LZhSBfM.exe
  2⤵
  PID:7308
- C:\Windows\System\BfLgszF.exe
  C:\Windows\System\BfLgszF.exe
  2⤵
  PID:7324
- C:\Windows\System\bHypdrf.exe
  C:\Windows\System\bHypdrf.exe
  2⤵
  PID:7344
- C:\Windows\System\ubdrKzW.exe
  C:\Windows\System\ubdrKzW.exe
  2⤵
  PID:7364
- C:\Windows\System\nyRckVi.exe
  C:\Windows\System\nyRckVi.exe
  2⤵
  PID:7384
- C:\Windows\System\iVzuiyR.exe
  C:\Windows\System\iVzuiyR.exe
  2⤵
  PID:7404
- C:\Windows\System\xBnJQXc.exe
  C:\Windows\System\xBnJQXc.exe
  2⤵
  PID:7428
- C:\Windows\System\JpBlWDU.exe
  C:\Windows\System\JpBlWDU.exe
  2⤵
  PID:7444
- C:\Windows\System\hhYjWMW.exe
  C:\Windows\System\hhYjWMW.exe
  2⤵
  PID:7460
- C:\Windows\System\AottavB.exe
  C:\Windows\System\AottavB.exe
  2⤵
  PID:7484
- C:\Windows\System\ItMXUXV.exe
  C:\Windows\System\ItMXUXV.exe
  2⤵
  PID:7540
- C:\Windows\System\lftogIE.exe
  C:\Windows\System\lftogIE.exe
  2⤵
  PID:7560
- C:\Windows\System\JCgGPpa.exe
  C:\Windows\System\JCgGPpa.exe
  2⤵
  PID:7576
- C:\Windows\System\DmLApcb.exe
  C:\Windows\System\DmLApcb.exe
  2⤵
  PID:7592
- C:\Windows\System\wdnZNjn.exe
  C:\Windows\System\wdnZNjn.exe
  2⤵
  PID:7608
- C:\Windows\System\yyWdTso.exe
  C:\Windows\System\yyWdTso.exe
  2⤵
  PID:7624
- C:\Windows\System\aETvkBm.exe
  C:\Windows\System\aETvkBm.exe
  2⤵
  PID:7640
- C:\Windows\System\GkaYUpQ.exe
  C:\Windows\System\GkaYUpQ.exe
  2⤵
  PID:7660
- C:\Windows\System\doVMqNp.exe
  C:\Windows\System\doVMqNp.exe
  2⤵
  PID:7676
- C:\Windows\System\bBwZFKC.exe
  C:\Windows\System\bBwZFKC.exe
  2⤵
  PID:7692
- C:\Windows\System\pZYgBmv.exe
  C:\Windows\System\pZYgBmv.exe
  2⤵
  PID:7712
- C:\Windows\System\uboKoBY.exe
  C:\Windows\System\uboKoBY.exe
  2⤵
  PID:7736
- C:\Windows\System\evYFfYR.exe
  C:\Windows\System\evYFfYR.exe
  2⤵
  PID:7752
- C:\Windows\System\llACXbb.exe
  C:\Windows\System\llACXbb.exe
  2⤵
  PID:7768
- C:\Windows\System\QbzzMfU.exe
  C:\Windows\System\QbzzMfU.exe
  2⤵
  PID:7784
- C:\Windows\System\OgHaBFB.exe
  C:\Windows\System\OgHaBFB.exe
  2⤵
  PID:7804
- C:\Windows\System\lRHDawi.exe
  C:\Windows\System\lRHDawi.exe
  2⤵
  PID:7820
- C:\Windows\System\DwHXumw.exe
  C:\Windows\System\DwHXumw.exe
  2⤵
  PID:7836
- C:\Windows\System\rjYybkU.exe
  C:\Windows\System\rjYybkU.exe
  2⤵
  PID:7852
- C:\Windows\System\MYDevaf.exe
  C:\Windows\System\MYDevaf.exe
  2⤵
  PID:7868
- C:\Windows\System\WMAFQXj.exe
  C:\Windows\System\WMAFQXj.exe
  2⤵
  PID:7884
- C:\Windows\System\yTMPmQl.exe
  C:\Windows\System\yTMPmQl.exe
  2⤵
  PID:7908
- C:\Windows\System\XyFGSMj.exe
  C:\Windows\System\XyFGSMj.exe
  2⤵
  PID:7928
- C:\Windows\System\iBliTyD.exe
  C:\Windows\System\iBliTyD.exe
  2⤵
  PID:7952
- C:\Windows\System\ppMSCqU.exe
  C:\Windows\System\ppMSCqU.exe
  2⤵
  PID:7972
- C:\Windows\System\eNAXVfy.exe
  C:\Windows\System\eNAXVfy.exe
  2⤵
  PID:7988
- C:\Windows\System\auZdgNf.exe
  C:\Windows\System\auZdgNf.exe
  2⤵
  PID:8004
- C:\Windows\System\awuzKOB.exe
  C:\Windows\System\awuzKOB.exe
  2⤵
  PID:8040
- C:\Windows\System\bHqEslD.exe
  C:\Windows\System\bHqEslD.exe
  2⤵
  PID:8060
- C:\Windows\System\RTcgrLw.exe
  C:\Windows\System\RTcgrLw.exe
  2⤵
  PID:8096
- C:\Windows\System\cweqwrc.exe
  C:\Windows\System\cweqwrc.exe
  2⤵
  PID:8136
- C:\Windows\System\ImZXopk.exe
  C:\Windows\System\ImZXopk.exe
  2⤵
  PID:8156
- C:\Windows\System\DvaStZq.exe
  C:\Windows\System\DvaStZq.exe
  2⤵
  PID:8172
- C:\Windows\System\RuLgMFq.exe
  C:\Windows\System\RuLgMFq.exe
  2⤵
  PID:6792
- C:\Windows\System\vSbJooF.exe
  C:\Windows\System\vSbJooF.exe
  2⤵
  PID:6696
- C:\Windows\System\aRhGiIS.exe
  C:\Windows\System\aRhGiIS.exe
  2⤵
  PID:7112
- C:\Windows\System\byYNWKJ.exe
  C:\Windows\System\byYNWKJ.exe
  2⤵
  PID:2068
- C:\Windows\System\BBFrEAD.exe
  C:\Windows\System\BBFrEAD.exe
  2⤵
  PID:7092
- C:\Windows\System\pohWhBo.exe
  C:\Windows\System\pohWhBo.exe
  2⤵
  PID:2992
- C:\Windows\System\nziQEhI.exe
  C:\Windows\System\nziQEhI.exe
  2⤵
  PID:7188
- C:\Windows\System\DZnTwjV.exe
  C:\Windows\System\DZnTwjV.exe
  2⤵
  PID:7256
- C:\Windows\System\oLhuGUL.exe
  C:\Windows\System\oLhuGUL.exe
  2⤵
  PID:7300
- C:\Windows\System\biPPcsQ.exe
  C:\Windows\System\biPPcsQ.exe
  2⤵
  PID:7376
- C:\Windows\System\PzYDiiJ.exe
  C:\Windows\System\PzYDiiJ.exe
  2⤵
  PID:7316
- C:\Windows\System\WgvFxhP.exe
  C:\Windows\System\WgvFxhP.exe
  2⤵
  PID:7356
- C:\Windows\System\Wwtmjrz.exe
  C:\Windows\System\Wwtmjrz.exe
  2⤵
  PID:7400
- C:\Windows\System\FWEGWrk.exe
  C:\Windows\System\FWEGWrk.exe
  2⤵
  PID:7476
- C:\Windows\System\xhpVQZI.exe
  C:\Windows\System\xhpVQZI.exe
  2⤵
  PID:7504
- C:\Windows\System\fCbFqiM.exe
  C:\Windows\System\fCbFqiM.exe
  2⤵
  PID:7424
- C:\Windows\System\iSSYmke.exe
  C:\Windows\System\iSSYmke.exe
  2⤵
  PID:7500
- C:\Windows\System\kUInmog.exe
  C:\Windows\System\kUInmog.exe
  2⤵
  PID:7524
- C:\Windows\System\JbgbPKg.exe
  C:\Windows\System\JbgbPKg.exe
  2⤵
  PID:7552
- C:\Windows\System\imyBobB.exe
  C:\Windows\System\imyBobB.exe
  2⤵
  PID:7616
- C:\Windows\System\ntgxdss.exe
  C:\Windows\System\ntgxdss.exe
  2⤵
  PID:7684
- C:\Windows\System\FclmODe.exe
  C:\Windows\System\FclmODe.exe
  2⤵
  PID:7728
- C:\Windows\System\bTKMaCD.exe
  C:\Windows\System\bTKMaCD.exe
  2⤵
  PID:7792
- C:\Windows\System\eKOMAPL.exe
  C:\Windows\System\eKOMAPL.exe
  2⤵
  PID:7600
- C:\Windows\System\JbfawCG.exe
  C:\Windows\System\JbfawCG.exe
  2⤵
  PID:7668
- C:\Windows\System\mPrNVcf.exe
  C:\Windows\System\mPrNVcf.exe
  2⤵
  PID:7708
- C:\Windows\System\DYiYZzp.exe
  C:\Windows\System\DYiYZzp.exe
  2⤵
  PID:7812
- C:\Windows\System\GXxZuut.exe
  C:\Windows\System\GXxZuut.exe
  2⤵
  PID:7876
- C:\Windows\System\DskVbxW.exe
  C:\Windows\System\DskVbxW.exe
  2⤵
  PID:7924
- C:\Windows\System\TWZXoak.exe
  C:\Windows\System\TWZXoak.exe
  2⤵
  PID:7860
- C:\Windows\System\GcIdqGi.exe
  C:\Windows\System\GcIdqGi.exe
  2⤵
  PID:7944
- C:\Windows\System\TZZwFEu.exe
  C:\Windows\System\TZZwFEu.exe
  2⤵
  PID:8016
- C:\Windows\System\tBUjZsx.exe
  C:\Windows\System\tBUjZsx.exe
  2⤵
  PID:8032
- C:\Windows\System\GSoLTck.exe
  C:\Windows\System\GSoLTck.exe
  2⤵
  PID:7900
- C:\Windows\System\YkgPlNk.exe
  C:\Windows\System\YkgPlNk.exe
  2⤵
  PID:8048
- C:\Windows\System\TLzYqCo.exe
  C:\Windows\System\TLzYqCo.exe
  2⤵
  PID:8076
- C:\Windows\System\NPIdbcs.exe
  C:\Windows\System\NPIdbcs.exe
  2⤵
  PID:8124
- C:\Windows\System\EzueXRD.exe
  C:\Windows\System\EzueXRD.exe
  2⤵
  PID:8148
- C:\Windows\System\twTPbgK.exe
  C:\Windows\System\twTPbgK.exe
  2⤵
  PID:8188
- C:\Windows\System\dzJfgiM.exe
  C:\Windows\System\dzJfgiM.exe
  2⤵
  PID:1640
- C:\Windows\System\hGlnwpv.exe
  C:\Windows\System\hGlnwpv.exe
  2⤵
  PID:6676
- C:\Windows\System\rnUVrau.exe
  C:\Windows\System\rnUVrau.exe
  2⤵
  PID:664
- C:\Windows\System\DWvHaer.exe
  C:\Windows\System\DWvHaer.exe
  2⤵
  PID:7208
- C:\Windows\System\VVwVNCe.exe
  C:\Windows\System\VVwVNCe.exe
  2⤵
  PID:7196
- C:\Windows\System\kbbqydc.exe
  C:\Windows\System\kbbqydc.exe
  2⤵
  PID:7284
- C:\Windows\System\xrDJjJY.exe
  C:\Windows\System\xrDJjJY.exe
  2⤵
  PID:7392
- C:\Windows\System\YHvgALt.exe
  C:\Windows\System\YHvgALt.exe
  2⤵
  PID:7456
- C:\Windows\System\WhONyKX.exe
  C:\Windows\System\WhONyKX.exe
  2⤵
  PID:7372
- C:\Windows\System\GjiXdQf.exe
  C:\Windows\System\GjiXdQf.exe
  2⤵
  PID:7512
- C:\Windows\System\hjZhHau.exe
  C:\Windows\System\hjZhHau.exe
  2⤵
  PID:7436
- C:\Windows\System\opMiMqW.exe
  C:\Windows\System\opMiMqW.exe
  2⤵
  PID:7648
- C:\Windows\System\TinBnai.exe
  C:\Windows\System\TinBnai.exe
  2⤵
  PID:8024
- C:\Windows\System\usbQIBM.exe
  C:\Windows\System\usbQIBM.exe
  2⤵
  PID:8084
- C:\Windows\System\YrTuGbR.exe
  C:\Windows\System\YrTuGbR.exe
  2⤵
  PID:1788
- C:\Windows\System\pCeubPP.exe
  C:\Windows\System\pCeubPP.exe
  2⤵
  PID:7548
- C:\Windows\System\vaSFUlc.exe
  C:\Windows\System\vaSFUlc.exe
  2⤵
  PID:3020
- C:\Windows\System\sQlwLVP.exe
  C:\Windows\System\sQlwLVP.exe
  2⤵
  PID:7288
- C:\Windows\System\JGeTZQt.exe
  C:\Windows\System\JGeTZQt.exe
  2⤵
  PID:7276
- C:\Windows\System\hZjJsCl.exe
  C:\Windows\System\hZjJsCl.exe
  2⤵
  PID:7800
- C:\Windows\System\CGlkYKe.exe
  C:\Windows\System\CGlkYKe.exe
  2⤵
  PID:7496
- C:\Windows\System\RnWlMHe.exe
  C:\Windows\System\RnWlMHe.exe
  2⤵
  PID:7780
- C:\Windows\System\ChsECqs.exe
  C:\Windows\System\ChsECqs.exe
  2⤵
  PID:7632
- C:\Windows\System\dBEZnEV.exe
  C:\Windows\System\dBEZnEV.exe
  2⤵
  PID:7700
- C:\Windows\System\XuxCvfB.exe
  C:\Windows\System\XuxCvfB.exe
  2⤵
  PID:7848
- C:\Windows\System\PgMbXfB.exe
  C:\Windows\System\PgMbXfB.exe
  2⤵
  PID:8104
- C:\Windows\System\YDEMCUl.exe
  C:\Windows\System\YDEMCUl.exe
  2⤵
  PID:7224
- C:\Windows\System\LXjbPCp.exe
  C:\Windows\System\LXjbPCp.exe
  2⤵
  PID:8116
- C:\Windows\System\ZHTqjtI.exe
  C:\Windows\System\ZHTqjtI.exe
  2⤵
  PID:8012
- C:\Windows\System\EFfygEs.exe
  C:\Windows\System\EFfygEs.exe
  2⤵
  PID:7332
- C:\Windows\System\uITFoEM.exe
  C:\Windows\System\uITFoEM.exe
  2⤵
  PID:7536
- C:\Windows\System\sDwzwSQ.exe
  C:\Windows\System\sDwzwSQ.exe
  2⤵
  PID:2896
- C:\Windows\System\VSBORuv.exe
  C:\Windows\System\VSBORuv.exe
  2⤵
  PID:7420
- C:\Windows\System\RKJqZnO.exe
  C:\Windows\System\RKJqZnO.exe
  2⤵
  PID:7636
- C:\Windows\System\sKPtuLz.exe
  C:\Windows\System\sKPtuLz.exe
  2⤵
  PID:7844
- C:\Windows\System\yfhMDur.exe
  C:\Windows\System\yfhMDur.exe
  2⤵
  PID:7896
- C:\Windows\System\GuIYipG.exe
  C:\Windows\System\GuIYipG.exe
  2⤵
  PID:8068
- C:\Windows\System\CIfGVQE.exe
  C:\Windows\System\CIfGVQE.exe
  2⤵
  PID:5284
- C:\Windows\System\KuRWGJS.exe
  C:\Windows\System\KuRWGJS.exe
  2⤵
  PID:7320
- C:\Windows\System\HKIMqrd.exe
  C:\Windows\System\HKIMqrd.exe
  2⤵
  PID:7516
- C:\Windows\System\TSnpbhv.exe
  C:\Windows\System\TSnpbhv.exe
  2⤵
  PID:7572
- C:\Windows\System\nizUnfA.exe
  C:\Windows\System\nizUnfA.exe
  2⤵
  PID:7828
- C:\Windows\System\jkXdsLI.exe
  C:\Windows\System\jkXdsLI.exe
  2⤵
  PID:7940
- C:\Windows\System\VYtmiPR.exe
  C:\Windows\System\VYtmiPR.exe
  2⤵
  PID:8168
- C:\Windows\System\TTENTKh.exe
  C:\Windows\System\TTENTKh.exe
  2⤵
  PID:2400
- C:\Windows\System\nKcnkeB.exe
  C:\Windows\System\nKcnkeB.exe
  2⤵
  PID:7764
- C:\Windows\System\sTyrNMz.exe
  C:\Windows\System\sTyrNMz.exe
  2⤵
  PID:7588
- C:\Windows\System\ztUcMdy.exe
  C:\Windows\System\ztUcMdy.exe
  2⤵
  PID:8208
- C:\Windows\System\CVmkmBe.exe
  C:\Windows\System\CVmkmBe.exe
  2⤵
  PID:8224
- C:\Windows\System\mFJsyAk.exe
  C:\Windows\System\mFJsyAk.exe
  2⤵
  PID:8240
- C:\Windows\System\PqAtfqd.exe
  C:\Windows\System\PqAtfqd.exe
  2⤵
  PID:8256
- C:\Windows\System\MTxCGaA.exe
  C:\Windows\System\MTxCGaA.exe
  2⤵
  PID:8272
- C:\Windows\System\OTGYNcK.exe
  C:\Windows\System\OTGYNcK.exe
  2⤵
  PID:8288
- C:\Windows\System\OKYnudz.exe
  C:\Windows\System\OKYnudz.exe
  2⤵
  PID:8304
- C:\Windows\System\BbPjjCS.exe
  C:\Windows\System\BbPjjCS.exe
  2⤵
  PID:8320
- C:\Windows\System\TggeTjq.exe
  C:\Windows\System\TggeTjq.exe
  2⤵
  PID:8344
- C:\Windows\System\TAbeGLP.exe
  C:\Windows\System\TAbeGLP.exe
  2⤵
  PID:8360
- C:\Windows\System\BcGVHtP.exe
  C:\Windows\System\BcGVHtP.exe
  2⤵
  PID:8384
- C:\Windows\System\mmWiAXl.exe
  C:\Windows\System\mmWiAXl.exe
  2⤵
  PID:8400
- C:\Windows\System\MyezILn.exe
  C:\Windows\System\MyezILn.exe
  2⤵
  PID:8416
- C:\Windows\System\MbXSAJP.exe
  C:\Windows\System\MbXSAJP.exe
  2⤵
  PID:8432
- C:\Windows\System\fdDmVeL.exe
  C:\Windows\System\fdDmVeL.exe
  2⤵
  PID:8448
- C:\Windows\System\fdHsBXx.exe
  C:\Windows\System\fdHsBXx.exe
  2⤵
  PID:8464
- C:\Windows\System\xRLJxIW.exe
  C:\Windows\System\xRLJxIW.exe
  2⤵
  PID:8480
- C:\Windows\System\csxhQgm.exe
  C:\Windows\System\csxhQgm.exe
  2⤵
  PID:8496
- C:\Windows\System\SewYOld.exe
  C:\Windows\System\SewYOld.exe
  2⤵
  PID:8512
- C:\Windows\System\kUHIhqx.exe
  C:\Windows\System\kUHIhqx.exe
  2⤵
  PID:8532
- C:\Windows\System\aMnmYYY.exe
  C:\Windows\System\aMnmYYY.exe
  2⤵
  PID:8552
- C:\Windows\System\GOPfQNj.exe
  C:\Windows\System\GOPfQNj.exe
  2⤵
  PID:8568
- C:\Windows\System\KzNEBQs.exe
  C:\Windows\System\KzNEBQs.exe
  2⤵
  PID:8584
- C:\Windows\System\xryMaJn.exe
  C:\Windows\System\xryMaJn.exe
  2⤵
  PID:8600
- C:\Windows\System\TNOnEbb.exe
  C:\Windows\System\TNOnEbb.exe
  2⤵
  PID:8616
- C:\Windows\System\YDUysdP.exe
  C:\Windows\System\YDUysdP.exe
  2⤵
  PID:8648
- C:\Windows\System\qwhfDIC.exe
  C:\Windows\System\qwhfDIC.exe
  2⤵
  PID:8680
- C:\Windows\System\sZJvgrJ.exe
  C:\Windows\System\sZJvgrJ.exe
  2⤵
  PID:8700
- C:\Windows\System\PxEfBdy.exe
  C:\Windows\System\PxEfBdy.exe
  2⤵
  PID:8720
- C:\Windows\System\mpjoNIP.exe
  C:\Windows\System\mpjoNIP.exe
  2⤵
  PID:8736
- C:\Windows\System\pbKPorW.exe
  C:\Windows\System\pbKPorW.exe
  2⤵
  PID:8756
- C:\Windows\System\WYtFrQR.exe
  C:\Windows\System\WYtFrQR.exe
  2⤵
  PID:8772
- C:\Windows\System\tKeJdJX.exe
  C:\Windows\System\tKeJdJX.exe
  2⤵
  PID:8804
- C:\Windows\System\xdSrGip.exe
  C:\Windows\System\xdSrGip.exe
  2⤵
  PID:8824
- C:\Windows\System\BTeAGGT.exe
  C:\Windows\System\BTeAGGT.exe
  2⤵
  PID:8844
- C:\Windows\System\AtRnEfs.exe
  C:\Windows\System\AtRnEfs.exe
  2⤵
  PID:8860
- C:\Windows\System\SqEbtqy.exe
  C:\Windows\System\SqEbtqy.exe
  2⤵
  PID:8880
- C:\Windows\System\tUAzaKq.exe
  C:\Windows\System\tUAzaKq.exe
  2⤵
  PID:8908
- C:\Windows\System\opDyfeo.exe
  C:\Windows\System\opDyfeo.exe
  2⤵
  PID:8932
- C:\Windows\System\EGeFzvk.exe
  C:\Windows\System\EGeFzvk.exe
  2⤵
  PID:8952
- C:\Windows\System\bhUaXvT.exe
  C:\Windows\System\bhUaXvT.exe
  2⤵
  PID:8968
- C:\Windows\System\WoMQGMm.exe
  C:\Windows\System\WoMQGMm.exe
  2⤵
  PID:8984
- C:\Windows\System\omIWVsn.exe
  C:\Windows\System\omIWVsn.exe
  2⤵
  PID:9000
- C:\Windows\System\QxmAjBY.exe
  C:\Windows\System\QxmAjBY.exe
  2⤵
  PID:9016
- C:\Windows\System\NJOmdef.exe
  C:\Windows\System\NJOmdef.exe
  2⤵
  PID:9032
- C:\Windows\System\fVjZSTV.exe
  C:\Windows\System\fVjZSTV.exe
  2⤵
  PID:9048
- C:\Windows\System\DdDpYUA.exe
  C:\Windows\System\DdDpYUA.exe
  2⤵
  PID:9064
- C:\Windows\System\WpCscLC.exe
  C:\Windows\System\WpCscLC.exe
  2⤵
  PID:9080
- C:\Windows\System\XulxkDt.exe
  C:\Windows\System\XulxkDt.exe
  2⤵
  PID:9096
- C:\Windows\System\DHtsdad.exe
  C:\Windows\System\DHtsdad.exe
  2⤵
  PID:9112
- C:\Windows\System\TojahKb.exe
  C:\Windows\System\TojahKb.exe
  2⤵
  PID:9128
- C:\Windows\System\ZoAKpsc.exe
  C:\Windows\System\ZoAKpsc.exe
  2⤵
  PID:9144
- C:\Windows\System\ViUZHJr.exe
  C:\Windows\System\ViUZHJr.exe
  2⤵
  PID:9184
- C:\Windows\System\PwJvmnD.exe
  C:\Windows\System\PwJvmnD.exe
  2⤵
  PID:9200
- C:\Windows\System\bOrrMZv.exe
  C:\Windows\System\bOrrMZv.exe
  2⤵
  PID:8200
- C:\Windows\System\SVrZdJX.exe
  C:\Windows\System\SVrZdJX.exe
  2⤵
  PID:7832
- C:\Windows\System\wGjuyyI.exe
  C:\Windows\System\wGjuyyI.exe
  2⤵
  PID:8300
- C:\Windows\System\RPnOsWy.exe
  C:\Windows\System\RPnOsWy.exe
  2⤵
  PID:7892
- C:\Windows\System\RqRCCrK.exe
  C:\Windows\System\RqRCCrK.exe
  2⤵
  PID:8144
- C:\Windows\System\JRfObKR.exe
  C:\Windows\System\JRfObKR.exe
  2⤵
  PID:8252
- C:\Windows\System\qxRZpNp.exe
  C:\Windows\System\qxRZpNp.exe
  2⤵
  PID:8316
- C:\Windows\System\PXBbKta.exe
  C:\Windows\System\PXBbKta.exe
  2⤵
  PID:8372
- C:\Windows\System\XZTknHo.exe
  C:\Windows\System\XZTknHo.exe
  2⤵
  PID:8396
- C:\Windows\System\JQpdPEG.exe
  C:\Windows\System\JQpdPEG.exe
  2⤵
  PID:8460
- C:\Windows\System\bjZgSFR.exe
  C:\Windows\System\bjZgSFR.exe
  2⤵
  PID:8444
- C:\Windows\System\FpNcdFj.exe
  C:\Windows\System\FpNcdFj.exe
  2⤵
  PID:8412
- C:\Windows\System\vegzoLs.exe
  C:\Windows\System\vegzoLs.exe
  2⤵
  PID:8564
- C:\Windows\System\lhqtdiL.exe
  C:\Windows\System\lhqtdiL.exe
  2⤵
  PID:8580
- C:\Windows\System\LASuUON.exe
  C:\Windows\System\LASuUON.exe
  2⤵
  PID:2128
- C:\Windows\System\EAJxAST.exe
  C:\Windows\System\EAJxAST.exe
  2⤵
  PID:8696
- C:\Windows\System\bgewljP.exe
  C:\Windows\System\bgewljP.exe
  2⤵
  PID:8672
- C:\Windows\System\kRvxpwo.exe
  C:\Windows\System\kRvxpwo.exe
  2⤵
  PID:8768
- C:\Windows\System\nvAdQLC.exe
  C:\Windows\System\nvAdQLC.exe
  2⤵
  PID:8872
- C:\Windows\System\HIkCLCa.exe
  C:\Windows\System\HIkCLCa.exe
  2⤵
  PID:8904
- C:\Windows\System\aUILrPj.exe
  C:\Windows\System\aUILrPj.exe
  2⤵
  PID:8976
- C:\Windows\System\znqKADx.exe
  C:\Windows\System\znqKADx.exe
  2⤵
  PID:8960
- C:\Windows\System\XbYQadr.exe
  C:\Windows\System\XbYQadr.exe
  2⤵
  PID:9028
- C:\Windows\System\fDbPrch.exe
  C:\Windows\System\fDbPrch.exe
  2⤵
  PID:9120
- C:\Windows\System\aDFuJFz.exe
  C:\Windows\System\aDFuJFz.exe
  2⤵
  PID:9180
- C:\Windows\System\asihjui.exe
  C:\Windows\System\asihjui.exe
  2⤵
  PID:9208
- C:\Windows\System\NDxtzcv.exe
  C:\Windows\System\NDxtzcv.exe
  2⤵
  PID:8296
- C:\Windows\System\CMgEnmy.exe
  C:\Windows\System\CMgEnmy.exe
  2⤵
  PID:8236
- C:\Windows\System\ESrKQbK.exe
  C:\Windows\System\ESrKQbK.exe
  2⤵
  PID:8248
- C:\Windows\System\deICzii.exe
  C:\Windows\System\deICzii.exe
  2⤵
  PID:8356
- C:\Windows\System\BNdzveT.exe
  C:\Windows\System\BNdzveT.exe
  2⤵
  PID:8380
- C:\Windows\System\wAxEoje.exe
  C:\Windows\System\wAxEoje.exe
  2⤵
  PID:8476
- C:\Windows\System\rirrcQn.exe
  C:\Windows\System\rirrcQn.exe
  2⤵
  PID:8524
- C:\Windows\System\XlEbVvl.exe
  C:\Windows\System\XlEbVvl.exe
  2⤵
  PID:8548
- C:\Windows\System\gRjKlcm.exe
  C:\Windows\System\gRjKlcm.exe
  2⤵
  PID:8656
- C:\Windows\System\UiGIbKF.exe
  C:\Windows\System\UiGIbKF.exe
  2⤵
  PID:8752
- C:\Windows\System\ELxzchG.exe
  C:\Windows\System\ELxzchG.exe
  2⤵
  PID:8832
- C:\Windows\System\xWIhqjy.exe
  C:\Windows\System\xWIhqjy.exe
  2⤵
  PID:8836
- C:\Windows\System\YTtXgrb.exe
  C:\Windows\System\YTtXgrb.exe
  2⤵
  PID:8892
- C:\Windows\System\OOwaQdx.exe
  C:\Windows\System\OOwaQdx.exe
  2⤵
  PID:8916
- C:\Windows\System\NrqktQe.exe
  C:\Windows\System\NrqktQe.exe
  2⤵
  PID:9140
- C:\Windows\System\VMcejUb.exe
  C:\Windows\System\VMcejUb.exe
  2⤵
  PID:8928
- C:\Windows\System\TivVYLk.exe
  C:\Windows\System\TivVYLk.exe
  2⤵
  PID:8948
- C:\Windows\System\XsasAAc.exe
  C:\Windows\System\XsasAAc.exe
  2⤵
  PID:9152
- C:\Windows\System\QKSUEvH.exe
  C:\Windows\System\QKSUEvH.exe
  2⤵
  PID:9092
- C:\Windows\System\TJlLauq.exe
  C:\Windows\System\TJlLauq.exe
  2⤵
  PID:9160
- C:\Windows\System\NRWEClg.exe
  C:\Windows\System\NRWEClg.exe
  2⤵
  PID:9212
- C:\Windows\System\OIEpfqG.exe
  C:\Windows\System\OIEpfqG.exe
  2⤵
  PID:8428
- C:\Windows\System\OOCtace.exe
  C:\Windows\System\OOCtace.exe
  2⤵
  PID:7440
- C:\Windows\System\JcrXLNE.exe
  C:\Windows\System\JcrXLNE.exe
  2⤵
  PID:8492
- C:\Windows\System\DwNDcwf.exe
  C:\Windows\System\DwNDcwf.exe
  2⤵
  PID:8504
- C:\Windows\System\bRTkBMv.exe
  C:\Windows\System\bRTkBMv.exe
  2⤵
  PID:8644
- C:\Windows\System\WKDzPnZ.exe
  C:\Windows\System\WKDzPnZ.exe
  2⤵
  PID:8632
- C:\Windows\System\WKaatep.exe
  C:\Windows\System\WKaatep.exe
  2⤵
  PID:8668
- C:\Windows\System\fEHkaoj.exe
  C:\Windows\System\fEHkaoj.exe
  2⤵
  PID:8732
- C:\Windows\System\LRHAzTx.exe
  C:\Windows\System\LRHAzTx.exe
  2⤵
  PID:8764
- C:\Windows\System\gxXyPyz.exe
  C:\Windows\System\gxXyPyz.exe
  2⤵
  PID:8868
- C:\Windows\System\vpyHtPF.exe
  C:\Windows\System\vpyHtPF.exe
  2⤵
  PID:8900
- C:\Windows\System\NKmRdep.exe
  C:\Windows\System\NKmRdep.exe
  2⤵
  PID:8944
- C:\Windows\System\ISXBIUe.exe
  C:\Windows\System\ISXBIUe.exe
  2⤵
  PID:8376
- C:\Windows\System\kkFVMZY.exe
  C:\Windows\System\kkFVMZY.exe
  2⤵
  PID:8712
- C:\Windows\System\JYYQGsZ.exe
  C:\Windows\System\JYYQGsZ.exe
  2⤵
  PID:9192
- C:\Windows\System\RkAhEot.exe
  C:\Windows\System\RkAhEot.exe
  2⤵
  PID:8812
- C:\Windows\System\fcZNtot.exe
  C:\Windows\System\fcZNtot.exe
  2⤵
  PID:8996
- C:\Windows\System\oNuUUqH.exe
  C:\Windows\System\oNuUUqH.exe
  2⤵
  PID:7352
- C:\Windows\System\cyxJHzC.exe
  C:\Windows\System\cyxJHzC.exe
  2⤵
  PID:8636
- C:\Windows\System\xWtnwBZ.exe
  C:\Windows\System\xWtnwBZ.exe
  2⤵
  PID:8788
- C:\Windows\System\WqNnJIK.exe
  C:\Windows\System\WqNnJIK.exe
  2⤵
  PID:8528
- C:\Windows\System\smSFxCx.exe
  C:\Windows\System\smSFxCx.exe
  2⤵
  PID:9156
- C:\Windows\System\WxumSys.exe
  C:\Windows\System\WxumSys.exe
  2⤵
  PID:9232
- C:\Windows\System\zBFHIjn.exe
  C:\Windows\System\zBFHIjn.exe
  2⤵
  PID:9252
- C:\Windows\System\LbOSmTV.exe
  C:\Windows\System\LbOSmTV.exe
  2⤵
  PID:9268
- C:\Windows\System\NvuJePT.exe
  C:\Windows\System\NvuJePT.exe
  2⤵
  PID:9284
- C:\Windows\System\ldieJyf.exe
  C:\Windows\System\ldieJyf.exe
  2⤵
  PID:9300
- C:\Windows\System\DIcxnya.exe
  C:\Windows\System\DIcxnya.exe
  2⤵
  PID:9316
- C:\Windows\System\OedHEma.exe
  C:\Windows\System\OedHEma.exe
  2⤵
  PID:9332
- C:\Windows\System\AIYkiVJ.exe
  C:\Windows\System\AIYkiVJ.exe
  2⤵
  PID:9348
- C:\Windows\System\ibkoesE.exe
  C:\Windows\System\ibkoesE.exe
  2⤵
  PID:9444
- C:\Windows\System\zrifPsh.exe
  C:\Windows\System\zrifPsh.exe
  2⤵
  PID:9460
- C:\Windows\System\bWjAjFD.exe
  C:\Windows\System\bWjAjFD.exe
  2⤵
  PID:9480
- C:\Windows\System\JwDiRuM.exe
  C:\Windows\System\JwDiRuM.exe
  2⤵
  PID:9496
- C:\Windows\System\YGEdkqY.exe
  C:\Windows\System\YGEdkqY.exe
  2⤵
  PID:9512
- C:\Windows\System\LdlgLNM.exe
  C:\Windows\System\LdlgLNM.exe
  2⤵
  PID:9536
- C:\Windows\System\ifpmwYS.exe
  C:\Windows\System\ifpmwYS.exe
  2⤵
  PID:9560
- C:\Windows\System\ZxJXYkx.exe
  C:\Windows\System\ZxJXYkx.exe
  2⤵
  PID:9576
- C:\Windows\System\ooGqjVY.exe
  C:\Windows\System\ooGqjVY.exe
  2⤵
  PID:9596
- C:\Windows\System\RJtHLKo.exe
  C:\Windows\System\RJtHLKo.exe
  2⤵
  PID:9616
- C:\Windows\System\SOctpVT.exe
  C:\Windows\System\SOctpVT.exe
  2⤵
  PID:9632
- C:\Windows\System\RxJzXKl.exe
  C:\Windows\System\RxJzXKl.exe
  2⤵
  PID:9652
- C:\Windows\System\EgkQeYf.exe
  C:\Windows\System\EgkQeYf.exe
  2⤵
  PID:9668
- C:\Windows\System\pxMhfFn.exe
  C:\Windows\System\pxMhfFn.exe
  2⤵
  PID:9688
- C:\Windows\System\uKqPXQn.exe
  C:\Windows\System\uKqPXQn.exe
  2⤵
  PID:9708
- C:\Windows\System\skdrHCH.exe
  C:\Windows\System\skdrHCH.exe
  2⤵
  PID:9724
- C:\Windows\System\DMqNKdy.exe
  C:\Windows\System\DMqNKdy.exe
  2⤵
  PID:9740
- C:\Windows\System\rXKmqUk.exe
  C:\Windows\System\rXKmqUk.exe
  2⤵
  PID:9756
- C:\Windows\System\XhjSuuQ.exe
  C:\Windows\System\XhjSuuQ.exe
  2⤵
  PID:9772
- C:\Windows\System\sJHuVCd.exe
  C:\Windows\System\sJHuVCd.exe
  2⤵
  PID:9788
- C:\Windows\System\YghlEwB.exe
  C:\Windows\System\YghlEwB.exe
  2⤵
  PID:9808
- C:\Windows\System\pFKxzwh.exe
  C:\Windows\System\pFKxzwh.exe
  2⤵
  PID:9832
- C:\Windows\System\KRyMqin.exe
  C:\Windows\System\KRyMqin.exe
  2⤵
  PID:9896
- C:\Windows\System\JwYpUWA.exe
  C:\Windows\System\JwYpUWA.exe
  2⤵
  PID:9912
- C:\Windows\System\xiLozDH.exe
  C:\Windows\System\xiLozDH.exe
  2⤵
  PID:9928
- C:\Windows\System\wttXjdl.exe
  C:\Windows\System\wttXjdl.exe
  2⤵
  PID:9944
- C:\Windows\System\yCrAlXW.exe
  C:\Windows\System\yCrAlXW.exe
  2⤵
  PID:9960
- C:\Windows\System\ybMmrTl.exe
  C:\Windows\System\ybMmrTl.exe
  2⤵
  PID:9976
- C:\Windows\System\fiqtgUj.exe
  C:\Windows\System\fiqtgUj.exe
  2⤵
  PID:9992
- C:\Windows\System\JuAzpfF.exe
  C:\Windows\System\JuAzpfF.exe
  2⤵
  PID:10012
- C:\Windows\System\fohcnZt.exe
  C:\Windows\System\fohcnZt.exe
  2⤵
  PID:10028
- C:\Windows\System\snxqCIc.exe
  C:\Windows\System\snxqCIc.exe
  2⤵
  PID:10044
- C:\Windows\System\WRROSLO.exe
  C:\Windows\System\WRROSLO.exe
  2⤵
  PID:10060
- C:\Windows\System\qkvIjlK.exe
  C:\Windows\System\qkvIjlK.exe
  2⤵
  PID:10076
- C:\Windows\System\DPlEVPN.exe
  C:\Windows\System\DPlEVPN.exe
  2⤵
  PID:10092
- C:\Windows\System\YGrZDoo.exe
  C:\Windows\System\YGrZDoo.exe
  2⤵
  PID:10108
- C:\Windows\System\lAfdmoB.exe
  C:\Windows\System\lAfdmoB.exe
  2⤵
  PID:10124
- C:\Windows\System\DCOYovL.exe
  C:\Windows\System\DCOYovL.exe
  2⤵
  PID:10140
- C:\Windows\System\bMBbUpG.exe
  C:\Windows\System\bMBbUpG.exe
  2⤵
  PID:10156
- C:\Windows\System\qUZiiSh.exe
  C:\Windows\System\qUZiiSh.exe
  2⤵
  PID:10172
- C:\Windows\System\jHTNAka.exe
  C:\Windows\System\jHTNAka.exe
  2⤵
  PID:10188
- C:\Windows\System\AKwNkxx.exe
  C:\Windows\System\AKwNkxx.exe
  2⤵
  PID:10204
- C:\Windows\System\aEBNOor.exe
  C:\Windows\System\aEBNOor.exe
  2⤵
  PID:10220
- C:\Windows\System\psRbsWV.exe
  C:\Windows\System\psRbsWV.exe
  2⤵
  PID:10236
- C:\Windows\System\WGGKpPB.exe
  C:\Windows\System\WGGKpPB.exe
  2⤵
  PID:9044
- C:\Windows\System\rlAhVap.exe
  C:\Windows\System\rlAhVap.exe
  2⤵
  PID:9088
- C:\Windows\System\XbpRoaj.exe
  C:\Windows\System\XbpRoaj.exe
  2⤵
  PID:9280
- C:\Windows\System\flTjyTP.exe
  C:\Windows\System\flTjyTP.exe
  2⤵
  PID:8748
- C:\Windows\System\wfYfktZ.exe
  C:\Windows\System\wfYfktZ.exe
  2⤵
  PID:9248
- C:\Windows\System\jTHPdog.exe
  C:\Windows\System\jTHPdog.exe
  2⤵
  PID:8992
- C:\Windows\System\AkrbHdv.exe
  C:\Windows\System\AkrbHdv.exe
  2⤵
  PID:9136
- C:\Windows\System\OkqOzVT.exe
  C:\Windows\System\OkqOzVT.exe
  2⤵
  PID:9260
- C:\Windows\System\sgWcKcK.exe
  C:\Windows\System\sgWcKcK.exe
  2⤵
  PID:9324
- C:\Windows\System\KFsYjFh.exe
  C:\Windows\System\KFsYjFh.exe
  2⤵
  PID:9368
- C:\Windows\System\pDDOKuv.exe
  C:\Windows\System\pDDOKuv.exe
  2⤵
  PID:9392
- C:\Windows\System\GkmrfpB.exe
  C:\Windows\System\GkmrfpB.exe
  2⤵
  PID:9404
- C:\Windows\System\SQjncnr.exe
  C:\Windows\System\SQjncnr.exe
  2⤵
  PID:9420
- C:\Windows\System\BnUnzda.exe
  C:\Windows\System\BnUnzda.exe
  2⤵
  PID:8340
- C:\Windows\System\YTBLtSM.exe
  C:\Windows\System\YTBLtSM.exe
  2⤵
  PID:9476
- C:\Windows\System\MIWMgdm.exe
  C:\Windows\System\MIWMgdm.exe
  2⤵
  PID:9520
- C:\Windows\System\bYpdQcp.exe
  C:\Windows\System\bYpdQcp.exe
  2⤵
  PID:9524
- C:\Windows\System\rmkDHYe.exe
  C:\Windows\System\rmkDHYe.exe
  2⤵
  PID:9592
- C:\Windows\System\WljALjT.exe
  C:\Windows\System\WljALjT.exe
  2⤵
  PID:9608
- C:\Windows\System\AfKYMCe.exe
  C:\Windows\System\AfKYMCe.exe
  2⤵
  PID:9780
- C:\Windows\System\PIkotIJ.exe
  C:\Windows\System\PIkotIJ.exe
  2⤵
  PID:9828
- C:\Windows\System\lsgGatf.exe
  C:\Windows\System\lsgGatf.exe
  2⤵
  PID:9892
- C:\Windows\System\FzOrJpF.exe
  C:\Windows\System\FzOrJpF.exe
  2⤵
  PID:10052
- C:\Windows\System\LjAEbiz.exe
  C:\Windows\System\LjAEbiz.exe
  2⤵
  PID:10116
- C:\Windows\System\rBgHQYq.exe
  C:\Windows\System\rBgHQYq.exe
  2⤵
  PID:10212
- C:\Windows\System\vrkkAdi.exe
  C:\Windows\System\vrkkAdi.exe
  2⤵
  PID:9936
- C:\Windows\System\ODBEdqA.exe
  C:\Windows\System\ODBEdqA.exe
  2⤵
  PID:9972
- C:\Windows\System\KkNFkxb.exe
  C:\Windows\System\KkNFkxb.exe
  2⤵
  PID:10040
- C:\Windows\System\GRnDMAS.exe
  C:\Windows\System\GRnDMAS.exe
  2⤵
  PID:10104
- C:\Windows\System\gONNVDO.exe
  C:\Windows\System\gONNVDO.exe
  2⤵
  PID:10168
- C:\Windows\System\OdiPhwD.exe
  C:\Windows\System\OdiPhwD.exe
  2⤵
  PID:8440
- C:\Windows\System\QyFdnJi.exe
  C:\Windows\System\QyFdnJi.exe
  2⤵
  PID:9240
- C:\Windows\System\wvppYdm.exe
  C:\Windows\System\wvppYdm.exe
  2⤵
  PID:9296
- C:\Windows\System\GqxpekK.exe
  C:\Windows\System\GqxpekK.exe
  2⤵
  PID:9412
- C:\Windows\System\gNYojya.exe
  C:\Windows\System\gNYojya.exe
  2⤵
  PID:8708
- C:\Windows\System\jIqOqwm.exe
  C:\Windows\System\jIqOqwm.exe
  2⤵
  PID:8544
- C:\Windows\System\gNiIoFB.exe
  C:\Windows\System\gNiIoFB.exe
  2⤵
  PID:9360
- C:\Windows\System\uXGQVZR.exe
  C:\Windows\System\uXGQVZR.exe
  2⤵
  PID:9508
- C:\Windows\System\arvoujl.exe
  C:\Windows\System\arvoujl.exe
  2⤵
  PID:9884
- C:\Windows\System\povzlyW.exe
  C:\Windows\System\povzlyW.exe
  2⤵
  PID:9624
- C:\Windows\System\fROtDFe.exe
  C:\Windows\System\fROtDFe.exe
  2⤵
  PID:9664
- C:\Windows\System\aYRVQxm.exe
  C:\Windows\System\aYRVQxm.exe
  2⤵
  PID:9696
- C:\Windows\System\qTavVKH.exe
  C:\Windows\System\qTavVKH.exe
  2⤵
  PID:9684
- C:\Windows\System\nixDpbC.exe
  C:\Windows\System\nixDpbC.exe
  2⤵
  PID:9796
- C:\Windows\System\mJQDVCb.exe
  C:\Windows\System\mJQDVCb.exe
  2⤵
  PID:9852
- C:\Windows\System\iaYECvA.exe
  C:\Windows\System\iaYECvA.exe
  2⤵
  PID:9824
- C:\Windows\System\juSXNbf.exe
  C:\Windows\System\juSXNbf.exe
  2⤵
  PID:9920
- C:\Windows\System\cCehIAf.exe
  C:\Windows\System\cCehIAf.exe
  2⤵
  PID:10020
- C:\Windows\System\aOHotok.exe
  C:\Windows\System\aOHotok.exe
  2⤵
  PID:10148
- C:\Windows\System\kNDIsFF.exe
  C:\Windows\System\kNDIsFF.exe
  2⤵
  PID:8716
- C:\Windows\System\qmHPCGW.exe
  C:\Windows\System\qmHPCGW.exe
  2⤵
  PID:10228
- C:\Windows\System\HNrLghK.exe
  C:\Windows\System\HNrLghK.exe
  2⤵
  PID:9468
- C:\Windows\System\qQvbgqj.exe
  C:\Windows\System\qQvbgqj.exe
  2⤵
  PID:9228
- C:\Windows\System\hSLegky.exe
  C:\Windows\System\hSLegky.exe
  2⤵
  PID:9660
- C:\Windows\System\POnoaGP.exe
  C:\Windows\System\POnoaGP.exe
  2⤵
  PID:9648
- C:\Windows\System\aVleyJl.exe
  C:\Windows\System\aVleyJl.exe
  2⤵
  PID:9804
- C:\Windows\System\ahWYKRn.exe
  C:\Windows\System\ahWYKRn.exe
  2⤵
  PID:9748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BRoLKCA.exe

Filesize
6.0MB

MD5
f6576ef9a10f739d71b8c6b167347baf

SHA1
75643195bfae09cf0ee47238dd7da540c8e6a20c

SHA256
d1f01861a7abb1cde1b5d7d01298f458cc259cc4df2a536db092b0f414055226

SHA512
cbecaf4c8396dd806b0c3c6d3fd854335668fd3be7567390314279e771f51ee01167c07be7c4c84164010e76426d0809f33650276a895fc5eb5c34203890f3d5

Download Submit
C:\Windows\system\CZMVHOX.exe

Filesize
6.0MB

MD5
00eca63a834dd0aa8e5c2af0fde65203

SHA1
b997e4099d4405576bf2c6ac8821931574709392

SHA256
76f13288efcccfad9e5daccd217674148fd84f74b5ea52bca6e3b03e18d287f1

SHA512
2c9e012ef138d995790a1228778965c9bef2eed7150b9d6afe43533759531508313f29069433187ccd4f6ab972b3785d2aec947609ec4378e71614d411585a42

Download Submit
C:\Windows\system\DYUdsCM.exe

Filesize
6.0MB

MD5
5e27212e3228645ebbf58704f5dc7cd1

SHA1
b7bbae2e24ce50a13dcb120833b74a7ebb9db6e1

SHA256
36e0710bbd6dff817119df206b27a8e9ab91113936f858b40b2672f8b8037e11

SHA512
87050d01c72bdd7e2867995376bd4c4917a4502f2115733e8184a1c1a4c2b3de1d66994ae95bfcf924846093617aecce02fcf100dc7dd6bba14a9e588a3f5abf

Download Submit
C:\Windows\system\GRyuOkC.exe

Filesize
6.0MB

MD5
27dca18aed954bdc92b4441567c26f0c

SHA1
003298256ac0323fa70dc7e0db83876170c51f33

SHA256
e2a6d4009bf1d447312063f41d3984f461fee9cb0d167e1522e498341c547bd2

SHA512
9f8483d3cc425c569f9a8a03176af8ce99b302efd4f89b132a986e0aa19b6e4be6bf75337cb3b3d5e743cb7970d6ae5491bc6b55cfc9a54ef7cdffae92a08580

Download Submit
C:\Windows\system\HwXrMVD.exe

Filesize
6.0MB

MD5
e266afebea5c319b25f2179dbb89570a

SHA1
f4ecb4e953f6b0c88932974496873f1617f9ef83

SHA256
1e994dcdeff55603b5cf390cc10ddc2d8033048545b798072e87496b51f9a8f8

SHA512
ec28677ed516e912398dca5b741dd2df7a9c87aef2183e20d41544f8665344ff18bf225b194a6c44dc6297c4b496bc0ac62a69ee520571c494d5bb7706021530

Download Submit
C:\Windows\system\IvcuEKP.exe

Filesize
6.0MB

MD5
2efa598200d16c32b328e7ec9ee4226b

SHA1
b944da98eb35c63499f0f7cf393553623991bf6a

SHA256
6418c547872bd5e7f398da739fff83c7c6f17348846004262534adf9e47450f5

SHA512
afb88b48335b530a3dc019241fb72882fccc8f1981bf975a988b5d33c79c2b2d7129aa3610144662a8e9b8174a13aa34aa9f6bd4491969368868a6a66e127156

Download Submit
C:\Windows\system\IzqVhfn.exe

Filesize
6.0MB

MD5
8c0cd30b69d61386217757ad1f601f55

SHA1
8dfb8ce3453f0a340c5d83dfe0df422931fadc38

SHA256
45e56ec4b4e06793fd641c9b0c0d3e03f88dbb47a999efa2136e28c796964816

SHA512
448be78310665d9d47e0617b8b0025d60403adb52630bd1f933ba41f915135c4ccd2adf974701327eea836e3b20ff255044b913cedfe29701d05dde8038d9f6d

Download Submit
C:\Windows\system\KEomBIj.exe

Filesize
6.0MB

MD5
a07022f585a6908e02a841ca8be24ecf

SHA1
afe1982747cbec6ed1338ab8ee9e1058e6aaa4d7

SHA256
9990526c8fef83dafa1e437985a53cfca5689dbe5626d0789f17f9ff9369bda4

SHA512
f4b4ae217381cefb95f7bbe45809692ae8fa34c9b307c7555314cfa054b8c4f10c64c068ce0cc12b36d65698db309de1230e2938022ae00665cd84c5f1884d0f

Download Submit
C:\Windows\system\LnrSRUe.exe

Filesize
6.0MB

MD5
5ec2753a782adab98828fa7c6bb87ee6

SHA1
cb1a82e5f7e0d41cb2e8ffccd0e742a9f3bf0b78

SHA256
32c3c3a40734428bd83e985ddf8c664a475199ea88668ce343267159019c08bb

SHA512
4cf45fe1fcd1b067f0542ca147951122ddc1acf27d289af3ad7f5363b86469ddebbf0404937f90d68ba3ca6c50d7328ee18fba5e2836e49764d3e54304fbd13d

Download Submit
C:\Windows\system\MPxUyuV.exe

Filesize
6.0MB

MD5
72a795acac1c4b9b029c3171e14fc7a2

SHA1
d1acbdaafecfa471480275da62dc7ac9fac735cb

SHA256
1dd18ce0cf866d9aa03a596875fa42c3563f1f852480c6bd75fab06913c8bff1

SHA512
6aaaf9723d2e3f74c5632b1cec2bb4ad618da5dcae064368ed8176dc420b0a6be3aea14a07d32a009831729f0ebe382a31025933eda85fe2e1432c9aa2408350

Download Submit
C:\Windows\system\PRthcsT.exe

Filesize
6.0MB

MD5
d146af066124d4a9fc802c21770a5b1a

SHA1
0b76a4b1dccf8e659a59904f2dfcabdc482664c3

SHA256
76a8778fe8809ef0804e290f2db2729dd56ec6bb37b6de1de0b9c95a7df0b327

SHA512
06a8b440af927fd093ac1eae8f050d194722e098c6c1ff472104d72b39c41dbfa8fd141c9533b2b47504f98240ccd85f4be17efea2b637314b88249805fd07c0

Download Submit
C:\Windows\system\UoZypEE.exe

Filesize
6.0MB

MD5
75ff37089e55b21b151e8739c6c385ce

SHA1
3a541b70087c635bcb0cb191a8d9429fff577b3a

SHA256
6e3313c480e5a9c5bcd83a9c0346553fc97c63fab2a4d15ff12ba929074b4501

SHA512
8bac7eb98f731c6ac3c7323874e8edb433eab191e0ca9c71a37d2b81a7581a7fbf8eb4caa3f1a1d1de2ccfe2a1223193dd3c7d4dfae1e412e56e43846b55b1cc

Download Submit
C:\Windows\system\VZdXUCQ.exe

Filesize
6.0MB

MD5
49e6e15dbcc9272f42353751181c5f21

SHA1
b4f72d8686fd86d74f7d49b894c9f0ff7adb999f

SHA256
5224dc1d8b1c4b984074353930b91054d05099f9156d8f8bac52e2b5912cb26c

SHA512
89a03ac738d1839d51ed2745a08706883840637910b418a5cfff27fd58a67cf5a22cdafd24b7a8d433f6d36495ba137e7810907a72cd784f4774845182fb0bdd

Download Submit
C:\Windows\system\YAUNVLb.exe

Filesize
6.0MB

MD5
e3165ec141fe0338152b4f7fc3615ffd

SHA1
65554d59d16351764c4df6d01f2b93baf89d96d8

SHA256
b977c830d8e81f5206161258729ba54123c592d426f358441a3aaf3ae450a48e

SHA512
155140efa2c57799bc4b044df7bdab70d86d1b305da6765da4eabe2f048ee2d14867996e75e3966df6e7b768cfe3291b35c9810f260b4d72ac523ae42567ce85

Download Submit
C:\Windows\system\etlhQne.exe

Filesize
6.0MB

MD5
68c930b1103f3181239fc9023d8c327a

SHA1
8ce6a1969eac2339c2f5f027ea7f2b99b013e0f8

SHA256
366ffe9b534659e076d66a06f46464913635f950c3bd546789e68d4802c7ef8d

SHA512
07ffcd5a1717288479920a6f3471446f7d022fcb29702da3f2b9f456b2fe5e686935880405f0ae213dc5fc88638f43f180de965510eb514229527764dc2925c2

Download Submit
C:\Windows\system\hTyTDcF.exe

Filesize
6.0MB

MD5
3110fb4df36f9308521e20fa6263d712

SHA1
a48c378d014c0cab8fe4fbe97b0d8f6e27f84819

SHA256
52d9cfdf5c3cfe8a371d2b400b4bd5684db125c71bac4290497014d2f28b8dbd

SHA512
1ba521dc82f28b849d99d634b0fd2b81c6b8c762c9191bacd6e766f105bccb6aa70976046ec42d60e9a4487032d155a3c3a89cd48d4e2ca88905c4c532aefe63

Download Submit
C:\Windows\system\hoTHdNl.exe

Filesize
6.0MB

MD5
63cc93290aca54176510c1a3d2945f5e

SHA1
bcd06ce567c7e6f15ca3ae1e4c7dc647a0086ea8

SHA256
7392d9da2ce3f3c3b6dcd731760b7e9caf739330765d707ce3be174749a1ec87

SHA512
e20608247c3e4d5a0c882db527b69c60db7c933b3d9b2c1b15c92844604489a35864849efa5940a272345ffa0bc0abe466a606f27f96a1d7681e7d995be72d3f

Download Submit
C:\Windows\system\jahWqzm.exe

Filesize
6.0MB

MD5
8a0969e4c726f8eb2273b06a1f365027

SHA1
bee38201b27a9a3b2157a6989417b620854796ae

SHA256
2b7cb82d07b6df6b8d4a4a91b736d61a868b00939a77459474d9481981606ad4

SHA512
d7b29567a2d91a6124e98e53d955707879f982e80e4cca3fa09c8568cbea83eb82b40c1881d65ea546deaf40a6a8705a8bb3c207bfae69d1a9eb8aff89d6a87d

Download Submit
C:\Windows\system\nAWQZvq.exe

Filesize
6.0MB

MD5
7b8be39e9bad531edb3cf5753798f6a9

SHA1
acd46e42c31615ab56f9aa594557f465f56174fc

SHA256
3dedb1c2330c008cde41f9abe858cc5d4d73b7dc4e8f3df710221aa2e8941493

SHA512
56e7c09f8a0197fa1af8e8c1ae8bb36c1b969e24310a8c6ab59cf4cd8832e1c0ee789eba67425d3bf32647dab13a86716620380f8831e367a95ca87e4c405281

Download Submit
C:\Windows\system\oriZjUR.exe

Filesize
6.0MB

MD5
6b1a11aa6c4b6a43ff6e69ba71feb281

SHA1
5ec32f6f2bbd1e1686e57712d1645e1179893949

SHA256
cf0a514e3c365466cf84fdb5aa9d95df115e844dc0c9085b131b297f7214fb2f

SHA512
5303cc905d7e5cbc4404b2bd40ab0f8ff93adfbd7a0cbf06474b4a9f1c2b47697fa9d8e333d29d036370ec2010be18791a4b3cb005d3d3170473ea81781e75ae

Download Submit
C:\Windows\system\qFkMRpm.exe

Filesize
6.0MB

MD5
7494bdd6b5c22dc3212440d88befd3ef

SHA1
5a5f32392dbdd73e8b3d6c089670c27d3bf711c0

SHA256
2d3998d1a785df8cfe375e5eb129f3b9bd3649259ed42ce19e6aef0b69925185

SHA512
5bdf1b3b78438d96035ca3193d3b2b765707155bd43404b974a0792710fc57b39f5b3a36e351f589f9c7e1c5be92f0f8056ec72545c832d7fe1ecee49f7b271a

Download Submit
C:\Windows\system\qGqibsA.exe

Filesize
6.0MB

MD5
ca897d196ff6eada4248b99c62c05a48

SHA1
136060ec4b267bec1e5a9acb60e092ec5bec7d37

SHA256
ada8193a7b63a59f620fd138303f1e7033b71cf1803511f76ca4461bdd7d512a

SHA512
c676b334544ecaf3cc87db0d08ba782e4948e6f246c99cac3a3b3574792f67bca454c16f2c197e0b4d472ae436d3f02aca7020a006b09613a700d65a7a67b596

Download Submit
C:\Windows\system\rXmBmpB.exe

Filesize
6.0MB

MD5
47c7f58a470bb7d1a266517fcdc50939

SHA1
c8f13769c686fac8b58147881d8b7804cd2f346c

SHA256
05f9706078ab782da025d2aa8332b9ccb6e5a69435578ec34b137e3b12db1c84

SHA512
7f0f44239ccd90d6550c7a902224d971b8a2723a5ceaea92d0032dc468894a444a9c555c75aecce49e7ecd617cf17c85f3452e6fab4773bc11efdcde60f0056e

Download Submit
C:\Windows\system\sVHBWwK.exe

Filesize
6.0MB

MD5
04ed47132294c6a7da6e54eb13987d12

SHA1
85afaed09efd4ac21f55022c354430385ab75d3d

SHA256
43dd0c2e07f7e2511e3a89a0d055fac40ff84862ab759ea930dacddd63d1e107

SHA512
5ebd3a0b4e847c4911c4070fc9345365659fee7546e141a57c3a43ab9c75605a194bd489e21005ee73a49a737d8c66bee57d919eb5a06ba52ec05defbf484020

Download Submit
C:\Windows\system\smKnOOP.exe

Filesize
6.0MB

MD5
a3502aaf8228f3954080d8158fcd22bc

SHA1
308dbe85554cf59c7a67296f05e9083cfc68f6b0

SHA256
a29da58cef4ca6284603391babef0b2fe1632eb1e5aa06e514c07f64277f5d95

SHA512
8749d2012ef6c3158e92491aa357e42f805c0fc6ab2bab148ee70f817f79657680a7798d92739d5397117e804f920a2ddd1ae89cfebfd66703c76726d0ddd621

Download Submit
C:\Windows\system\tRHNpxO.exe

Filesize
6.0MB

MD5
7ad402e6564ba4e106b1ee1b2cf08f8a

SHA1
ed22b64f22c2e4600d24b8c0e206bcf66afcdc5a

SHA256
32ed5e4089fe030c7fdbc58a7ea2fae337565bb836f227627449b0f5a0ea458a

SHA512
f253371038180671228f028b67fc85c43d6ee9ed3c11b97dc857d7818b32bb226f118ed956dd5b70ad3e53c0e379eed8aaf43c4ba2279dabe27b7fdbc30fc90c

Download Submit
C:\Windows\system\viuRTow.exe

Filesize
6.0MB

MD5
7fc6cbe35d5a740d49fd9623b23050d4

SHA1
b42a7f45e46a7b74b35b55c4a969faf6332abb17

SHA256
44b3a9f6320a487fad17a3980526e8a1fe91eebd5ff1d73b66a4286c67816cb0

SHA512
8a1249b45c1da5333716f2121f24630eb76ce7f81c0bb1694548f30de8cfb4ce01eb17a31228091cedbe084496164a2183ec977dd580100acd2bcaa4ccc100b9

Download Submit
C:\Windows\system\vuJtbLk.exe

Filesize
6.0MB

MD5
8c6c8f3ad392fa67d54d908d3a25c793

SHA1
7a815e4a6d76d7a974e6adce3b20691d8ca78e8e

SHA256
4fe4a973cd32aa284d9287cb289f0ca61ce5cdc3b9d9969ca23ca5fe784635d4

SHA512
5ae6725108b20900594ded3551d30d92c1e28cd4132ad02b5a432c7bc43e3884ba5b7bcff4c8a26d3c3dae094cb1e1b7c02c73b761bd34386cd2acdc49fbbddd

Download Submit
C:\Windows\system\vzpLcHx.exe

Filesize
6.0MB

MD5
47ed22b74947ab8972b0a135f9192fec

SHA1
64ae44f19443c6f5b55cd45eb71571372ddf3637

SHA256
e5f5ecd1c6ae3725150e1b16d11376d8ef7206f960714bd43a91ae84687dba01

SHA512
2b0a43734e80899c4aa59d0fa7cdabb6707413224b5592841ba5cc3bf9f3d09bb728e1036cd59ff496b085a42ede3ec7dadf6fdad295600fe8f7efbf823b5812

Download Submit
\Windows\system\SMhDCmm.exe

Filesize
6.0MB

MD5
1980d2d5ea42f49bf4da1d5107121646

SHA1
43cf870236517ad0cc4fee82d5fb2b19024d1ab4

SHA256
6e08131463157bbaed16b42f7c3a7423fc81ccca41599d0d613b4246a6143904

SHA512
66794bdb7166a8b3cfbc39c2b21f943bdc958ef73457dc5c9a6cfcc9f365d58375feef89526f2846c23e5857232dc74ad286d613717ae4cdb7436728c388ba38

Download Submit
\Windows\system\jVAHFXX.exe

Filesize
6.0MB

MD5
59230b349d861f8f957ac3ee3292252a

SHA1
450453121317ea122063b4408f33defc53177067

SHA256
f3068211515d16e7380b8fd008c59f353f02f51a1c791084c9cf53554239a5d1

SHA512
8b26aa3d42259aa6e5bcb105adb104e1bae8b80d216dae6edd157b8a9d37b58035718c3692cb2420e35a621a5f08cc1b16e9957a753c56a7bf7ceec7c2a87709

Download Submit
\Windows\system\qOdVhpL.exe

Filesize
6.0MB

MD5
59d0e9961a9a7f93b3998e222ae987ef

SHA1
3252c565f3c2edae055f43e5ecadbaa863f497fd

SHA256
c7b8ee7f4c5bf0e1a76043c926b0b19f02087c3c486c45f002c01beacc904190

SHA512
827b6a3e0a82dab7f911872aa249bacd69f271dc986a53e69dbd5e5236b1d5b82af42f29642f45b141f07e4bbd86b43b0af6c06190b62412d2fa94baf562c879

Download Submit
\Windows\system\vwRVoEY.exe

Filesize
6.0MB

MD5
0f768b23ce0b1f44c4221c33499439ed

SHA1
91b75196f1e4544bf1a982e6f2cc9d9d3557afe1

SHA256
58e0b0a2746efe96545d58f5590ede4ab4bd04a5071d7fc6639883cab5f35ed1

SHA512
a8feb8f7540d5b005b9214459088ec6ad2a4c75210db735f043e2a45283f1e3be848dfb902f85ad59f1497974b11f3b1e610ad2d7e49bd36d4c3cfd8f1dd93c4

Download Submit
memory/1536-3910-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1536-2242-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-3921-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2084-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2254-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3918-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2383-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3310-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2243-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2333-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2099-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2580-3245-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3248-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2256-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3305-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3341-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3317-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3347-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3313-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1949-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3936-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2382-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2332-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-3909-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download