cobaltstrike | c6756f5c1c9da98b5c1fd121aca65643ae8fdce3bcfc8beda577eb50d789844c

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

52cfbc64891d6f1af59decc177d93f79
SHA1

106452a2ca83a6a21251aae82a50397491e6d94a
SHA256

c6756f5c1c9da98b5c1fd121aca65643ae8fdce3bcfc8beda577eb50d789844c
SHA512

20eaf63a8519c86eb9ee9dbb62e6a43bcc9b1f306d2e7eb1bea923e38488902ee4eda058b5d2954716b63b9df70b4c36d20be67060a564698a2199db36c96e5c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012260-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d49-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5a-18.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016e1d-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f45-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018634-48.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-151.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ccd-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf0-11.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2480-0-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x000b000000012260-3.dat	xmrig
behavioral1/files/0x0007000000016d49-16.dat	xmrig
behavioral1/files/0x0007000000016d5a-18.dat	xmrig
behavioral1/memory/2840-31-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x000a000000016e1d-34.dat	xmrig
behavioral1/files/0x0009000000016f45-44.dat	xmrig
behavioral1/memory/2652-40-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/1752-39-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0007000000018634-48.dat	xmrig
behavioral1/files/0x00050000000194e2-59.dat	xmrig
behavioral1/files/0x000500000001958b-64.dat	xmrig
behavioral1/files/0x00050000000195c6-76.dat	xmrig
behavioral1/memory/2480-87-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ca-100.dat	xmrig
behavioral1/memory/3012-112-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x00050000000195e0-132.dat	xmrig
behavioral1/files/0x0005000000019624-136.dat	xmrig
behavioral1/files/0x0005000000019665-144.dat	xmrig
behavioral1/files/0x0005000000019c0b-171.dat	xmrig
behavioral1/memory/2480-1148-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cfc-179.dat	xmrig
behavioral1/files/0x0005000000019cd5-176.dat	xmrig
behavioral1/files/0x0005000000019bf0-161.dat	xmrig
behavioral1/files/0x0005000000019bf2-167.dat	xmrig
behavioral1/files/0x0005000000019bec-159.dat	xmrig
behavioral1/files/0x0005000000019931-155.dat	xmrig
behavioral1/files/0x00050000000196a0-151.dat	xmrig
behavioral1/files/0x0009000000016ccd-147.dat	xmrig
behavioral1/memory/2604-128-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x00050000000195d0-127.dat	xmrig
behavioral1/files/0x00050000000195ce-122.dat	xmrig
behavioral1/files/0x00050000000195cc-120.dat	xmrig
behavioral1/files/0x00050000000195c8-117.dat	xmrig
behavioral1/memory/2920-96-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-93.dat	xmrig
behavioral1/memory/2480-92-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2724-91-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2764-89-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2668-88-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2808-86-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c4-72.dat	xmrig
behavioral1/memory/2712-83-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2516-71-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c2-68.dat	xmrig
behavioral1/memory/2316-55-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x000500000001948d-52.dat	xmrig
behavioral1/memory/2480-36-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2324-30-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d71-25.dat	xmrig
behavioral1/files/0x0008000000016cf0-11.dat	xmrig
behavioral1/memory/2668-3597-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2652-3585-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2920-3584-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2724-3593-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2712-3592-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/3012-3623-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2324-3625-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2516-3624-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2764-3626-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1752-3587-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2604-3627-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2808-3596-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2840-3590-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2316	RAsYITI.exe
2324	jEyoFYC.exe
2840	QVLpfLl.exe
2516	zITzSWq.exe
1752	xPzwszF.exe
2652	UFfZRAk.exe
2712	fybBgFO.exe
2808	iulKyBU.exe
2668	QyXBHMl.exe
2764	shqNaIu.exe
2724	yxpUxTU.exe
2920	SNUwNQv.exe
2604	oZweIsZ.exe
3012	YcqfYbV.exe
2608	CbrAskc.exe
1328	MuadurI.exe
2732	mdZTjbr.exe
2004	TyQefOb.exe
1696	NmrPdNy.exe
2384	tauAiFJ.exe
1236	ZZdHuQD.exe
1316	fjvPazu.exe
1656	eLJWYsb.exe
2600	FGSQuNS.exe
2924	YItXieb.exe
2176	dRrvWKV.exe
2896	IFQcKBS.exe
1088	lIopSbw.exe
596	nijFVOq.exe
2364	YFfCdac.exe
2032	ZYesTVA.exe
852	totHGrq.exe
1616	KECAQRs.exe
1360	vBvawlx.exe
1860	affSwqa.exe
640	zkAEWir.exe
2880	tOPKktU.exe
1064	sstkelk.exe
1552	emJLcjE.exe
1596	BeFopeq.exe
1520	pCnVudy.exe
908	eyBkQvo.exe
1676	FvCwxYN.exe
2260	vLjRkWu.exe
1812	rJbjnQh.exe
656	dAbkYiG.exe
2292	nNXYxRM.exe
1648	EiDhiua.exe
2124	kzLIlVu.exe
2412	aYwCngr.exe
1516	kOifcyJ.exe
2188	KiKkERO.exe
1980	zwoilCC.exe
584	mKkLIII.exe
2644	RWpioWf.exe
592	IXPxabu.exe
2504	PyyHjgB.exe
1612	eXeNTLS.exe
1604	ZgqfFPu.exe
2072	hUjritB.exe
1096	sCbvJVd.exe
2056	YEZGVTi.exe
2532	mKJMEOW.exe
2796	CvvcIsx.exe

Loads dropped DLL 64 IoCs

pid	Process
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2480-0-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x000b000000012260-3.dat	upx
behavioral1/files/0x0007000000016d49-16.dat	upx
behavioral1/files/0x0007000000016d5a-18.dat	upx
behavioral1/memory/2840-31-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x000a000000016e1d-34.dat	upx
behavioral1/files/0x0009000000016f45-44.dat	upx
behavioral1/memory/2652-40-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/1752-39-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0007000000018634-48.dat	upx
behavioral1/files/0x00050000000194e2-59.dat	upx
behavioral1/files/0x000500000001958b-64.dat	upx
behavioral1/files/0x00050000000195c6-76.dat	upx
behavioral1/files/0x00050000000195ca-100.dat	upx
behavioral1/memory/3012-112-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x00050000000195e0-132.dat	upx
behavioral1/files/0x0005000000019624-136.dat	upx
behavioral1/files/0x0005000000019665-144.dat	upx
behavioral1/files/0x0005000000019c0b-171.dat	upx
behavioral1/memory/2480-1148-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0005000000019cfc-179.dat	upx
behavioral1/files/0x0005000000019cd5-176.dat	upx
behavioral1/files/0x0005000000019bf0-161.dat	upx
behavioral1/files/0x0005000000019bf2-167.dat	upx
behavioral1/files/0x0005000000019bec-159.dat	upx
behavioral1/files/0x0005000000019931-155.dat	upx
behavioral1/files/0x00050000000196a0-151.dat	upx
behavioral1/files/0x0009000000016ccd-147.dat	upx
behavioral1/memory/2604-128-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x00050000000195d0-127.dat	upx
behavioral1/files/0x00050000000195ce-122.dat	upx
behavioral1/files/0x00050000000195cc-120.dat	upx
behavioral1/files/0x00050000000195c8-117.dat	upx
behavioral1/memory/2920-96-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-93.dat	upx
behavioral1/memory/2724-91-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2764-89-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2668-88-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2808-86-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00050000000195c4-72.dat	upx
behavioral1/memory/2712-83-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2516-71-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00050000000195c2-68.dat	upx
behavioral1/memory/2316-55-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x000500000001948d-52.dat	upx
behavioral1/memory/2324-30-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0007000000016d71-25.dat	upx
behavioral1/files/0x0008000000016cf0-11.dat	upx
behavioral1/memory/2668-3597-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2652-3585-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2920-3584-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2724-3593-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2712-3592-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/3012-3623-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2324-3625-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2516-3624-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2764-3626-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1752-3587-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2604-3627-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2808-3596-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2840-3590-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2316-3589-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nCrjlFd.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqmxeFV.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mAHSIfQ.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLkHMbI.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scAHSBh.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsGMnPl.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZweIsZ.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHAftmk.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzOtekR.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAtJqjw.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdOeNVA.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTUXBbC.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaTiXdg.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYUhkGZ.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbLuVmY.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQEsTRi.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMRzhEB.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FaktgHV.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOifcyJ.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIdDAcG.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaKfOJX.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\insznZD.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJwJbDG.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgPZyAx.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJBAOcM.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kULIFxu.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuKBNKS.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qCOjrGK.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIEiISe.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKdHhxd.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\islCzAR.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbkCUKL.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSxAVnH.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgSXLIc.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpgRSMq.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHzYiZN.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQCZwtY.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHaKFOC.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPNffBO.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaiSBBi.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCbvJVd.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PisqhXW.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETHULQh.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkYkbCC.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcsxpzF.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\addoSes.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpNfxmC.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyNCymP.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suIjiDF.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UXJElip.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFogMAw.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fimxFjN.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVbzBIq.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYCjfTQ.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqogUKz.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYPtVVz.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQJxecz.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsvOqPe.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpkRhiX.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUrTCwv.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrcHBbC.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtAgNQK.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTczziK.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxUjuKk.exe	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2316	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2480 wrote to memory of 2316	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2480 wrote to memory of 2316	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2480 wrote to memory of 2324	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 2324	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 2324	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 2840	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 2840	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 2840	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 2516	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 2516	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 2516	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 1752	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 1752	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 1752	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 2652	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2652	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2652	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2712	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2712	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2712	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2808	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2808	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2808	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2668	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2668	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2668	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2764	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2764	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2764	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2724	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2724	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2724	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2920	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2920	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2920	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 3012	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 3012	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 3012	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2604	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2604	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2604	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2608	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 2608	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 2608	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 2732	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 2732	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 2732	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 1328	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 1328	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 1328	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 2004	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 2004	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 2004	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 1696	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 1696	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 1696	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 2384	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 2384	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 2384	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 1236	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 1236	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 1236	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 1316	2480	2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_52cfbc64891d6f1af59decc177d93f79_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\System\RAsYITI.exe
  C:\Windows\System\RAsYITI.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\jEyoFYC.exe
  C:\Windows\System\jEyoFYC.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\QVLpfLl.exe
  C:\Windows\System\QVLpfLl.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\zITzSWq.exe
  C:\Windows\System\zITzSWq.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\xPzwszF.exe
  C:\Windows\System\xPzwszF.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\UFfZRAk.exe
  C:\Windows\System\UFfZRAk.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\fybBgFO.exe
  C:\Windows\System\fybBgFO.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\iulKyBU.exe
  C:\Windows\System\iulKyBU.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\QyXBHMl.exe
  C:\Windows\System\QyXBHMl.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\shqNaIu.exe
  C:\Windows\System\shqNaIu.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\yxpUxTU.exe
  C:\Windows\System\yxpUxTU.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\SNUwNQv.exe
  C:\Windows\System\SNUwNQv.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\YcqfYbV.exe
  C:\Windows\System\YcqfYbV.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\oZweIsZ.exe
  C:\Windows\System\oZweIsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\CbrAskc.exe
  C:\Windows\System\CbrAskc.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\mdZTjbr.exe
  C:\Windows\System\mdZTjbr.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\MuadurI.exe
  C:\Windows\System\MuadurI.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\TyQefOb.exe
  C:\Windows\System\TyQefOb.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\NmrPdNy.exe
  C:\Windows\System\NmrPdNy.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\tauAiFJ.exe
  C:\Windows\System\tauAiFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\ZZdHuQD.exe
  C:\Windows\System\ZZdHuQD.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\fjvPazu.exe
  C:\Windows\System\fjvPazu.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\eLJWYsb.exe
  C:\Windows\System\eLJWYsb.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\FGSQuNS.exe
  C:\Windows\System\FGSQuNS.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\YItXieb.exe
  C:\Windows\System\YItXieb.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\dRrvWKV.exe
  C:\Windows\System\dRrvWKV.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\IFQcKBS.exe
  C:\Windows\System\IFQcKBS.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\nijFVOq.exe
  C:\Windows\System\nijFVOq.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\lIopSbw.exe
  C:\Windows\System\lIopSbw.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\YFfCdac.exe
  C:\Windows\System\YFfCdac.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\ZYesTVA.exe
  C:\Windows\System\ZYesTVA.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\totHGrq.exe
  C:\Windows\System\totHGrq.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\KECAQRs.exe
  C:\Windows\System\KECAQRs.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\vBvawlx.exe
  C:\Windows\System\vBvawlx.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\affSwqa.exe
  C:\Windows\System\affSwqa.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\tOPKktU.exe
  C:\Windows\System\tOPKktU.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\zkAEWir.exe
  C:\Windows\System\zkAEWir.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\sstkelk.exe
  C:\Windows\System\sstkelk.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\emJLcjE.exe
  C:\Windows\System\emJLcjE.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\BeFopeq.exe
  C:\Windows\System\BeFopeq.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\pCnVudy.exe
  C:\Windows\System\pCnVudy.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\eyBkQvo.exe
  C:\Windows\System\eyBkQvo.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\FvCwxYN.exe
  C:\Windows\System\FvCwxYN.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\vLjRkWu.exe
  C:\Windows\System\vLjRkWu.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\rJbjnQh.exe
  C:\Windows\System\rJbjnQh.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\dAbkYiG.exe
  C:\Windows\System\dAbkYiG.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\nNXYxRM.exe
  C:\Windows\System\nNXYxRM.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\EiDhiua.exe
  C:\Windows\System\EiDhiua.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\kzLIlVu.exe
  C:\Windows\System\kzLIlVu.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\aYwCngr.exe
  C:\Windows\System\aYwCngr.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\kOifcyJ.exe
  C:\Windows\System\kOifcyJ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\KiKkERO.exe
  C:\Windows\System\KiKkERO.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\zwoilCC.exe
  C:\Windows\System\zwoilCC.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\mKkLIII.exe
  C:\Windows\System\mKkLIII.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\RWpioWf.exe
  C:\Windows\System\RWpioWf.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\IXPxabu.exe
  C:\Windows\System\IXPxabu.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\PyyHjgB.exe
  C:\Windows\System\PyyHjgB.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\eXeNTLS.exe
  C:\Windows\System\eXeNTLS.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\ZgqfFPu.exe
  C:\Windows\System\ZgqfFPu.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\hUjritB.exe
  C:\Windows\System\hUjritB.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\sCbvJVd.exe
  C:\Windows\System\sCbvJVd.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\YEZGVTi.exe
  C:\Windows\System\YEZGVTi.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\mKJMEOW.exe
  C:\Windows\System\mKJMEOW.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\vKpxdIR.exe
  C:\Windows\System\vKpxdIR.exe
  2⤵
  PID:2172
- C:\Windows\System\CvvcIsx.exe
  C:\Windows\System\CvvcIsx.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\bhSRZxn.exe
  C:\Windows\System\bhSRZxn.exe
  2⤵
  PID:2568
- C:\Windows\System\UYEhNMr.exe
  C:\Windows\System\UYEhNMr.exe
  2⤵
  PID:2676
- C:\Windows\System\YPmCudG.exe
  C:\Windows\System\YPmCudG.exe
  2⤵
  PID:2700
- C:\Windows\System\eXFByMT.exe
  C:\Windows\System\eXFByMT.exe
  2⤵
  PID:2556
- C:\Windows\System\zkapQwl.exe
  C:\Windows\System\zkapQwl.exe
  2⤵
  PID:2564
- C:\Windows\System\XrLIEQZ.exe
  C:\Windows\System\XrLIEQZ.exe
  2⤵
  PID:2232
- C:\Windows\System\njrqevi.exe
  C:\Windows\System\njrqevi.exe
  2⤵
  PID:2108
- C:\Windows\System\ShKvCpx.exe
  C:\Windows\System\ShKvCpx.exe
  2⤵
  PID:836
- C:\Windows\System\bnZySBl.exe
  C:\Windows\System\bnZySBl.exe
  2⤵
  PID:752
- C:\Windows\System\YywtGGw.exe
  C:\Windows\System\YywtGGw.exe
  2⤵
  PID:1100
- C:\Windows\System\YRnKXVR.exe
  C:\Windows\System\YRnKXVR.exe
  2⤵
  PID:2628
- C:\Windows\System\upJooFA.exe
  C:\Windows\System\upJooFA.exe
  2⤵
  PID:816
- C:\Windows\System\YvSPtHI.exe
  C:\Windows\System\YvSPtHI.exe
  2⤵
  PID:2900
- C:\Windows\System\xHAftmk.exe
  C:\Windows\System\xHAftmk.exe
  2⤵
  PID:2160
- C:\Windows\System\fVTmRZt.exe
  C:\Windows\System\fVTmRZt.exe
  2⤵
  PID:1480
- C:\Windows\System\EEUnAkv.exe
  C:\Windows\System\EEUnAkv.exe
  2⤵
  PID:2844
- C:\Windows\System\FnWmsvN.exe
  C:\Windows\System\FnWmsvN.exe
  2⤵
  PID:1772
- C:\Windows\System\JGIHhQm.exe
  C:\Windows\System\JGIHhQm.exe
  2⤵
  PID:828
- C:\Windows\System\nCrjlFd.exe
  C:\Windows\System\nCrjlFd.exe
  2⤵
  PID:1324
- C:\Windows\System\GnYpPsl.exe
  C:\Windows\System\GnYpPsl.exe
  2⤵
  PID:1204
- C:\Windows\System\yRdSfSl.exe
  C:\Windows\System\yRdSfSl.exe
  2⤵
  PID:2016
- C:\Windows\System\OkFYqXp.exe
  C:\Windows\System\OkFYqXp.exe
  2⤵
  PID:1852
- C:\Windows\System\MeiXinB.exe
  C:\Windows\System\MeiXinB.exe
  2⤵
  PID:2696
- C:\Windows\System\Dcpwkkm.exe
  C:\Windows\System\Dcpwkkm.exe
  2⤵
  PID:2020
- C:\Windows\System\qPtvfRG.exe
  C:\Windows\System\qPtvfRG.exe
  2⤵
  PID:1820
- C:\Windows\System\cKKJwJO.exe
  C:\Windows\System\cKKJwJO.exe
  2⤵
  PID:2424
- C:\Windows\System\pqiGlXK.exe
  C:\Windows\System\pqiGlXK.exe
  2⤵
  PID:1492
- C:\Windows\System\dkhNqUH.exe
  C:\Windows\System\dkhNqUH.exe
  2⤵
  PID:2208
- C:\Windows\System\MjguddZ.exe
  C:\Windows\System\MjguddZ.exe
  2⤵
  PID:2100
- C:\Windows\System\wCKthKe.exe
  C:\Windows\System\wCKthKe.exe
  2⤵
  PID:2816
- C:\Windows\System\YGMcijD.exe
  C:\Windows\System\YGMcijD.exe
  2⤵
  PID:3016
- C:\Windows\System\vXWiNyr.exe
  C:\Windows\System\vXWiNyr.exe
  2⤵
  PID:3080
- C:\Windows\System\EbNbmEJ.exe
  C:\Windows\System\EbNbmEJ.exe
  2⤵
  PID:3104
- C:\Windows\System\rOhhEBX.exe
  C:\Windows\System\rOhhEBX.exe
  2⤵
  PID:3124
- C:\Windows\System\aRIXNQZ.exe
  C:\Windows\System\aRIXNQZ.exe
  2⤵
  PID:3168
- C:\Windows\System\nCSbsne.exe
  C:\Windows\System\nCSbsne.exe
  2⤵
  PID:3340
- C:\Windows\System\setuLta.exe
  C:\Windows\System\setuLta.exe
  2⤵
  PID:3356
- C:\Windows\System\VpPyfNX.exe
  C:\Windows\System\VpPyfNX.exe
  2⤵
  PID:3376
- C:\Windows\System\AzsXrFQ.exe
  C:\Windows\System\AzsXrFQ.exe
  2⤵
  PID:3400
- C:\Windows\System\ajMHEdR.exe
  C:\Windows\System\ajMHEdR.exe
  2⤵
  PID:3420
- C:\Windows\System\kDbvhgv.exe
  C:\Windows\System\kDbvhgv.exe
  2⤵
  PID:3440
- C:\Windows\System\uOlLKbx.exe
  C:\Windows\System\uOlLKbx.exe
  2⤵
  PID:3460
- C:\Windows\System\DdkvZhE.exe
  C:\Windows\System\DdkvZhE.exe
  2⤵
  PID:3480
- C:\Windows\System\STcDVUG.exe
  C:\Windows\System\STcDVUG.exe
  2⤵
  PID:3500
- C:\Windows\System\vMPlTDk.exe
  C:\Windows\System\vMPlTDk.exe
  2⤵
  PID:3520
- C:\Windows\System\HApVjTK.exe
  C:\Windows\System\HApVjTK.exe
  2⤵
  PID:3540
- C:\Windows\System\FVBerHl.exe
  C:\Windows\System\FVBerHl.exe
  2⤵
  PID:3560
- C:\Windows\System\stWttTX.exe
  C:\Windows\System\stWttTX.exe
  2⤵
  PID:3580
- C:\Windows\System\tyzdpPz.exe
  C:\Windows\System\tyzdpPz.exe
  2⤵
  PID:3600
- C:\Windows\System\cqsTKSY.exe
  C:\Windows\System\cqsTKSY.exe
  2⤵
  PID:3620
- C:\Windows\System\EpkRhiX.exe
  C:\Windows\System\EpkRhiX.exe
  2⤵
  PID:3640
- C:\Windows\System\fNqSqNI.exe
  C:\Windows\System\fNqSqNI.exe
  2⤵
  PID:3660
- C:\Windows\System\tgHvtIU.exe
  C:\Windows\System\tgHvtIU.exe
  2⤵
  PID:3680
- C:\Windows\System\XBYZNEl.exe
  C:\Windows\System\XBYZNEl.exe
  2⤵
  PID:3700
- C:\Windows\System\UjtOMGv.exe
  C:\Windows\System\UjtOMGv.exe
  2⤵
  PID:3720
- C:\Windows\System\gaYkQRD.exe
  C:\Windows\System\gaYkQRD.exe
  2⤵
  PID:3740
- C:\Windows\System\qAjHApP.exe
  C:\Windows\System\qAjHApP.exe
  2⤵
  PID:3760
- C:\Windows\System\lkUJTnz.exe
  C:\Windows\System\lkUJTnz.exe
  2⤵
  PID:3780
- C:\Windows\System\gfIsxtl.exe
  C:\Windows\System\gfIsxtl.exe
  2⤵
  PID:3800
- C:\Windows\System\IKdLElj.exe
  C:\Windows\System\IKdLElj.exe
  2⤵
  PID:3820
- C:\Windows\System\eLhjgxP.exe
  C:\Windows\System\eLhjgxP.exe
  2⤵
  PID:3840
- C:\Windows\System\MkenrgK.exe
  C:\Windows\System\MkenrgK.exe
  2⤵
  PID:3856
- C:\Windows\System\AobHBhT.exe
  C:\Windows\System\AobHBhT.exe
  2⤵
  PID:3880
- C:\Windows\System\vhENnTa.exe
  C:\Windows\System\vhENnTa.exe
  2⤵
  PID:3900
- C:\Windows\System\tQNpymW.exe
  C:\Windows\System\tQNpymW.exe
  2⤵
  PID:3920
- C:\Windows\System\OgwzHFq.exe
  C:\Windows\System\OgwzHFq.exe
  2⤵
  PID:3936
- C:\Windows\System\FRPlcdF.exe
  C:\Windows\System\FRPlcdF.exe
  2⤵
  PID:3960
- C:\Windows\System\dIWpkov.exe
  C:\Windows\System\dIWpkov.exe
  2⤵
  PID:3980
- C:\Windows\System\PqmxeFV.exe
  C:\Windows\System\PqmxeFV.exe
  2⤵
  PID:4000
- C:\Windows\System\bsogqgg.exe
  C:\Windows\System\bsogqgg.exe
  2⤵
  PID:4016
- C:\Windows\System\rZcYCAu.exe
  C:\Windows\System\rZcYCAu.exe
  2⤵
  PID:4040
- C:\Windows\System\tQuFERE.exe
  C:\Windows\System\tQuFERE.exe
  2⤵
  PID:4060
- C:\Windows\System\zmHmHiW.exe
  C:\Windows\System\zmHmHiW.exe
  2⤵
  PID:4080
- C:\Windows\System\QQCZwtY.exe
  C:\Windows\System\QQCZwtY.exe
  2⤵
  PID:352
- C:\Windows\System\uJKoCrS.exe
  C:\Windows\System\uJKoCrS.exe
  2⤵
  PID:2496
- C:\Windows\System\ubjUJms.exe
  C:\Windows\System\ubjUJms.exe
  2⤵
  PID:1200
- C:\Windows\System\QEEBEzN.exe
  C:\Windows\System\QEEBEzN.exe
  2⤵
  PID:2432
- C:\Windows\System\BCHKTdT.exe
  C:\Windows\System\BCHKTdT.exe
  2⤵
  PID:1136
- C:\Windows\System\PElQOqM.exe
  C:\Windows\System\PElQOqM.exe
  2⤵
  PID:1400
- C:\Windows\System\ciYuAOF.exe
  C:\Windows\System\ciYuAOF.exe
  2⤵
  PID:1800
- C:\Windows\System\ohfkMLL.exe
  C:\Windows\System\ohfkMLL.exe
  2⤵
  PID:3088
- C:\Windows\System\bHASJWz.exe
  C:\Windows\System\bHASJWz.exe
  2⤵
  PID:876
- C:\Windows\System\VFNWuzH.exe
  C:\Windows\System\VFNWuzH.exe
  2⤵
  PID:2968
- C:\Windows\System\qDuKITs.exe
  C:\Windows\System\qDuKITs.exe
  2⤵
  PID:3136
- C:\Windows\System\MPNcqGO.exe
  C:\Windows\System\MPNcqGO.exe
  2⤵
  PID:1076
- C:\Windows\System\HpiXGdi.exe
  C:\Windows\System\HpiXGdi.exe
  2⤵
  PID:2052
- C:\Windows\System\ZzocGsx.exe
  C:\Windows\System\ZzocGsx.exe
  2⤵
  PID:956
- C:\Windows\System\hOtlkfI.exe
  C:\Windows\System\hOtlkfI.exe
  2⤵
  PID:1640
- C:\Windows\System\hjaHULv.exe
  C:\Windows\System\hjaHULv.exe
  2⤵
  PID:1816
- C:\Windows\System\vETsOQA.exe
  C:\Windows\System\vETsOQA.exe
  2⤵
  PID:3180
- C:\Windows\System\bqWsvii.exe
  C:\Windows\System\bqWsvii.exe
  2⤵
  PID:3200
- C:\Windows\System\HNxAyKI.exe
  C:\Windows\System\HNxAyKI.exe
  2⤵
  PID:3220
- C:\Windows\System\sYffOWZ.exe
  C:\Windows\System\sYffOWZ.exe
  2⤵
  PID:3236
- C:\Windows\System\ntIaRRH.exe
  C:\Windows\System\ntIaRRH.exe
  2⤵
  PID:3260
- C:\Windows\System\wruozYW.exe
  C:\Windows\System\wruozYW.exe
  2⤵
  PID:3280
- C:\Windows\System\FRYxNuJ.exe
  C:\Windows\System\FRYxNuJ.exe
  2⤵
  PID:3296
- C:\Windows\System\zHaKFOC.exe
  C:\Windows\System\zHaKFOC.exe
  2⤵
  PID:3316
- C:\Windows\System\SbXCsTM.exe
  C:\Windows\System\SbXCsTM.exe
  2⤵
  PID:3352
- C:\Windows\System\LDZpoNu.exe
  C:\Windows\System\LDZpoNu.exe
  2⤵
  PID:3392
- C:\Windows\System\iCeLabW.exe
  C:\Windows\System\iCeLabW.exe
  2⤵
  PID:3416
- C:\Windows\System\sRSpBvU.exe
  C:\Windows\System\sRSpBvU.exe
  2⤵
  PID:3456
- C:\Windows\System\zQjGMxh.exe
  C:\Windows\System\zQjGMxh.exe
  2⤵
  PID:3508
- C:\Windows\System\BanJFcC.exe
  C:\Windows\System\BanJFcC.exe
  2⤵
  PID:3492
- C:\Windows\System\mAHSIfQ.exe
  C:\Windows\System\mAHSIfQ.exe
  2⤵
  PID:3536
- C:\Windows\System\cJAcpZw.exe
  C:\Windows\System\cJAcpZw.exe
  2⤵
  PID:3576
- C:\Windows\System\NTTELBu.exe
  C:\Windows\System\NTTELBu.exe
  2⤵
  PID:3636
- C:\Windows\System\PKuiEWk.exe
  C:\Windows\System\PKuiEWk.exe
  2⤵
  PID:3648
- C:\Windows\System\veQbLch.exe
  C:\Windows\System\veQbLch.exe
  2⤵
  PID:3672
- C:\Windows\System\xIBjRfJ.exe
  C:\Windows\System\xIBjRfJ.exe
  2⤵
  PID:3748
- C:\Windows\System\vcwfOrr.exe
  C:\Windows\System\vcwfOrr.exe
  2⤵
  PID:3732
- C:\Windows\System\HyCRdRA.exe
  C:\Windows\System\HyCRdRA.exe
  2⤵
  PID:3776
- C:\Windows\System\BSvOChj.exe
  C:\Windows\System\BSvOChj.exe
  2⤵
  PID:3832
- C:\Windows\System\aVSXkVZ.exe
  C:\Windows\System\aVSXkVZ.exe
  2⤵
  PID:3812
- C:\Windows\System\TNSZMbU.exe
  C:\Windows\System\TNSZMbU.exe
  2⤵
  PID:3848
- C:\Windows\System\yQuiLUf.exe
  C:\Windows\System\yQuiLUf.exe
  2⤵
  PID:3896
- C:\Windows\System\OQrRHVQ.exe
  C:\Windows\System\OQrRHVQ.exe
  2⤵
  PID:3928
- C:\Windows\System\opHxRNj.exe
  C:\Windows\System\opHxRNj.exe
  2⤵
  PID:3988
- C:\Windows\System\KIYIpoa.exe
  C:\Windows\System\KIYIpoa.exe
  2⤵
  PID:4036
- C:\Windows\System\HyxvSlq.exe
  C:\Windows\System\HyxvSlq.exe
  2⤵
  PID:4008
- C:\Windows\System\kTDCzjN.exe
  C:\Windows\System\kTDCzjN.exe
  2⤵
  PID:2472
- C:\Windows\System\suIjiDF.exe
  C:\Windows\System\suIjiDF.exe
  2⤵
  PID:4052
- C:\Windows\System\eVgCmCt.exe
  C:\Windows\System\eVgCmCt.exe
  2⤵
  PID:1908
- C:\Windows\System\YMzCjel.exe
  C:\Windows\System\YMzCjel.exe
  2⤵
  PID:2112
- C:\Windows\System\bFzBKEi.exe
  C:\Windows\System\bFzBKEi.exe
  2⤵
  PID:2672
- C:\Windows\System\QjzoQFn.exe
  C:\Windows\System\QjzoQFn.exe
  2⤵
  PID:2180
- C:\Windows\System\LLkHMbI.exe
  C:\Windows\System\LLkHMbI.exe
  2⤵
  PID:1512
- C:\Windows\System\HrNUSdq.exe
  C:\Windows\System\HrNUSdq.exe
  2⤵
  PID:580
- C:\Windows\System\hLKyfra.exe
  C:\Windows\System\hLKyfra.exe
  2⤵
  PID:2788
- C:\Windows\System\qcIQuKZ.exe
  C:\Windows\System\qcIQuKZ.exe
  2⤵
  PID:1368
- C:\Windows\System\alXUFdS.exe
  C:\Windows\System\alXUFdS.exe
  2⤵
  PID:2744
- C:\Windows\System\qPdBwbX.exe
  C:\Windows\System\qPdBwbX.exe
  2⤵
  PID:3232
- C:\Windows\System\OumTaYf.exe
  C:\Windows\System\OumTaYf.exe
  2⤵
  PID:3308
- C:\Windows\System\LIrXxUk.exe
  C:\Windows\System\LIrXxUk.exe
  2⤵
  PID:3212
- C:\Windows\System\wNWkqDq.exe
  C:\Windows\System\wNWkqDq.exe
  2⤵
  PID:3384
- C:\Windows\System\ZxUVilD.exe
  C:\Windows\System\ZxUVilD.exe
  2⤵
  PID:3328
- C:\Windows\System\vKfVnJS.exe
  C:\Windows\System\vKfVnJS.exe
  2⤵
  PID:3364
- C:\Windows\System\iXwUvLr.exe
  C:\Windows\System\iXwUvLr.exe
  2⤵
  PID:3488
- C:\Windows\System\Owjjhje.exe
  C:\Windows\System\Owjjhje.exe
  2⤵
  PID:3608
- C:\Windows\System\cZPDwTm.exe
  C:\Windows\System\cZPDwTm.exe
  2⤵
  PID:3556
- C:\Windows\System\NTpHtkx.exe
  C:\Windows\System\NTpHtkx.exe
  2⤵
  PID:3716
- C:\Windows\System\AWEHRey.exe
  C:\Windows\System\AWEHRey.exe
  2⤵
  PID:3796
- C:\Windows\System\hBKGMal.exe
  C:\Windows\System\hBKGMal.exe
  2⤵
  PID:3908
- C:\Windows\System\BfpBPLh.exe
  C:\Windows\System\BfpBPLh.exe
  2⤵
  PID:3628
- C:\Windows\System\VPBxKCn.exe
  C:\Windows\System\VPBxKCn.exe
  2⤵
  PID:3652
- C:\Windows\System\SZvVlHn.exe
  C:\Windows\System\SZvVlHn.exe
  2⤵
  PID:3596
- C:\Windows\System\CHPQlEa.exe
  C:\Windows\System\CHPQlEa.exe
  2⤵
  PID:3736
- C:\Windows\System\XgoaKeB.exe
  C:\Windows\System\XgoaKeB.exe
  2⤵
  PID:3828
- C:\Windows\System\QUayJaA.exe
  C:\Windows\System\QUayJaA.exe
  2⤵
  PID:3944
- C:\Windows\System\jXJEzEn.exe
  C:\Windows\System\jXJEzEn.exe
  2⤵
  PID:3192
- C:\Windows\System\zCMmJrj.exe
  C:\Windows\System\zCMmJrj.exe
  2⤵
  PID:4072
- C:\Windows\System\JKCzClG.exe
  C:\Windows\System\JKCzClG.exe
  2⤵
  PID:3112
- C:\Windows\System\ItCXJYd.exe
  C:\Windows\System\ItCXJYd.exe
  2⤵
  PID:2008
- C:\Windows\System\XYZRtMq.exe
  C:\Windows\System\XYZRtMq.exe
  2⤵
  PID:2220
- C:\Windows\System\IlnWdoT.exe
  C:\Windows\System\IlnWdoT.exe
  2⤵
  PID:3304
- C:\Windows\System\tNjycqR.exe
  C:\Windows\System\tNjycqR.exe
  2⤵
  PID:3176
- C:\Windows\System\qsUVLLp.exe
  C:\Windows\System\qsUVLLp.exe
  2⤵
  PID:3252
- C:\Windows\System\ceXUiZF.exe
  C:\Windows\System\ceXUiZF.exe
  2⤵
  PID:3468
- C:\Windows\System\ySzsvdv.exe
  C:\Windows\System\ySzsvdv.exe
  2⤵
  PID:3616
- C:\Windows\System\mZTCnYJ.exe
  C:\Windows\System\mZTCnYJ.exe
  2⤵
  PID:3568
- C:\Windows\System\CbGtTzb.exe
  C:\Windows\System\CbGtTzb.exe
  2⤵
  PID:3976
- C:\Windows\System\tkqnfgg.exe
  C:\Windows\System\tkqnfgg.exe
  2⤵
  PID:3096
- C:\Windows\System\nKUvgxT.exe
  C:\Windows\System\nKUvgxT.exe
  2⤵
  PID:3132
- C:\Windows\System\EMjLtoh.exe
  C:\Windows\System\EMjLtoh.exe
  2⤵
  PID:3592
- C:\Windows\System\mYeTwXn.exe
  C:\Windows\System\mYeTwXn.exe
  2⤵
  PID:3872
- C:\Windows\System\UWXlOfR.exe
  C:\Windows\System\UWXlOfR.exe
  2⤵
  PID:1824
- C:\Windows\System\yvnyLmq.exe
  C:\Windows\System\yvnyLmq.exe
  2⤵
  PID:4028
- C:\Windows\System\EzxxYPF.exe
  C:\Windows\System\EzxxYPF.exe
  2⤵
  PID:3272
- C:\Windows\System\PgOBrzO.exe
  C:\Windows\System\PgOBrzO.exe
  2⤵
  PID:768
- C:\Windows\System\mENQZRS.exe
  C:\Windows\System\mENQZRS.exe
  2⤵
  PID:3428
- C:\Windows\System\vBgkhgg.exe
  C:\Windows\System\vBgkhgg.exe
  2⤵
  PID:3348
- C:\Windows\System\nMdJplk.exe
  C:\Windows\System\nMdJplk.exe
  2⤵
  PID:3548
- C:\Windows\System\TaupyWM.exe
  C:\Windows\System\TaupyWM.exe
  2⤵
  PID:4112
- C:\Windows\System\vnzdGUt.exe
  C:\Windows\System\vnzdGUt.exe
  2⤵
  PID:4128
- C:\Windows\System\nWQdgRi.exe
  C:\Windows\System\nWQdgRi.exe
  2⤵
  PID:4148
- C:\Windows\System\skyTSKN.exe
  C:\Windows\System\skyTSKN.exe
  2⤵
  PID:4168
- C:\Windows\System\VncrxWK.exe
  C:\Windows\System\VncrxWK.exe
  2⤵
  PID:4188
- C:\Windows\System\ZJQzGuL.exe
  C:\Windows\System\ZJQzGuL.exe
  2⤵
  PID:4212
- C:\Windows\System\YVCOnKB.exe
  C:\Windows\System\YVCOnKB.exe
  2⤵
  PID:4228
- C:\Windows\System\gvmxjwm.exe
  C:\Windows\System\gvmxjwm.exe
  2⤵
  PID:4244
- C:\Windows\System\XwEmIXo.exe
  C:\Windows\System\XwEmIXo.exe
  2⤵
  PID:4268
- C:\Windows\System\vaEywAO.exe
  C:\Windows\System\vaEywAO.exe
  2⤵
  PID:4284
- C:\Windows\System\UXlzDui.exe
  C:\Windows\System\UXlzDui.exe
  2⤵
  PID:4308
- C:\Windows\System\PisqhXW.exe
  C:\Windows\System\PisqhXW.exe
  2⤵
  PID:4324
- C:\Windows\System\BTXRUnJ.exe
  C:\Windows\System\BTXRUnJ.exe
  2⤵
  PID:4344
- C:\Windows\System\ZObrbgY.exe
  C:\Windows\System\ZObrbgY.exe
  2⤵
  PID:4360
- C:\Windows\System\OQoZgVN.exe
  C:\Windows\System\OQoZgVN.exe
  2⤵
  PID:4388
- C:\Windows\System\YZeJGJH.exe
  C:\Windows\System\YZeJGJH.exe
  2⤵
  PID:4408
- C:\Windows\System\cRXJxTB.exe
  C:\Windows\System\cRXJxTB.exe
  2⤵
  PID:4428
- C:\Windows\System\OlhhDDm.exe
  C:\Windows\System\OlhhDDm.exe
  2⤵
  PID:4448
- C:\Windows\System\ykwzfky.exe
  C:\Windows\System\ykwzfky.exe
  2⤵
  PID:4472
- C:\Windows\System\xoJoORe.exe
  C:\Windows\System\xoJoORe.exe
  2⤵
  PID:4492
- C:\Windows\System\WtlkaNY.exe
  C:\Windows\System\WtlkaNY.exe
  2⤵
  PID:4512
- C:\Windows\System\ImJAPVG.exe
  C:\Windows\System\ImJAPVG.exe
  2⤵
  PID:4532
- C:\Windows\System\lJGvHJL.exe
  C:\Windows\System\lJGvHJL.exe
  2⤵
  PID:4552
- C:\Windows\System\AkoyCTQ.exe
  C:\Windows\System\AkoyCTQ.exe
  2⤵
  PID:4572
- C:\Windows\System\hfOfQYR.exe
  C:\Windows\System\hfOfQYR.exe
  2⤵
  PID:4592
- C:\Windows\System\vyGNvQy.exe
  C:\Windows\System\vyGNvQy.exe
  2⤵
  PID:4612
- C:\Windows\System\plmJYWm.exe
  C:\Windows\System\plmJYWm.exe
  2⤵
  PID:4632
- C:\Windows\System\FOAdeux.exe
  C:\Windows\System\FOAdeux.exe
  2⤵
  PID:4648
- C:\Windows\System\SRNIcgI.exe
  C:\Windows\System\SRNIcgI.exe
  2⤵
  PID:4668
- C:\Windows\System\LxMRjPR.exe
  C:\Windows\System\LxMRjPR.exe
  2⤵
  PID:4692
- C:\Windows\System\eVEECxY.exe
  C:\Windows\System\eVEECxY.exe
  2⤵
  PID:4712
- C:\Windows\System\OIdDAcG.exe
  C:\Windows\System\OIdDAcG.exe
  2⤵
  PID:4732
- C:\Windows\System\NERUKgD.exe
  C:\Windows\System\NERUKgD.exe
  2⤵
  PID:4752
- C:\Windows\System\gbliQue.exe
  C:\Windows\System\gbliQue.exe
  2⤵
  PID:4772
- C:\Windows\System\FcjzyED.exe
  C:\Windows\System\FcjzyED.exe
  2⤵
  PID:4792
- C:\Windows\System\NlcQJkS.exe
  C:\Windows\System\NlcQJkS.exe
  2⤵
  PID:4808
- C:\Windows\System\RMrVLTD.exe
  C:\Windows\System\RMrVLTD.exe
  2⤵
  PID:4832
- C:\Windows\System\uWbxtfc.exe
  C:\Windows\System\uWbxtfc.exe
  2⤵
  PID:4852
- C:\Windows\System\UXJElip.exe
  C:\Windows\System\UXJElip.exe
  2⤵
  PID:4872
- C:\Windows\System\qSYPjHy.exe
  C:\Windows\System\qSYPjHy.exe
  2⤵
  PID:4892
- C:\Windows\System\ETHULQh.exe
  C:\Windows\System\ETHULQh.exe
  2⤵
  PID:4916
- C:\Windows\System\iovsakn.exe
  C:\Windows\System\iovsakn.exe
  2⤵
  PID:4936
- C:\Windows\System\kicOGsK.exe
  C:\Windows\System\kicOGsK.exe
  2⤵
  PID:4952
- C:\Windows\System\yrbymRx.exe
  C:\Windows\System\yrbymRx.exe
  2⤵
  PID:4972
- C:\Windows\System\nzVitHV.exe
  C:\Windows\System\nzVitHV.exe
  2⤵
  PID:4992
- C:\Windows\System\urQmPWh.exe
  C:\Windows\System\urQmPWh.exe
  2⤵
  PID:5016
- C:\Windows\System\jKLnnyf.exe
  C:\Windows\System\jKLnnyf.exe
  2⤵
  PID:5032
- C:\Windows\System\jghBKkj.exe
  C:\Windows\System\jghBKkj.exe
  2⤵
  PID:5056
- C:\Windows\System\AtOdfYH.exe
  C:\Windows\System\AtOdfYH.exe
  2⤵
  PID:5072
- C:\Windows\System\ZmlGkxH.exe
  C:\Windows\System\ZmlGkxH.exe
  2⤵
  PID:5096
- C:\Windows\System\FMjTDqe.exe
  C:\Windows\System\FMjTDqe.exe
  2⤵
  PID:3708
- C:\Windows\System\DZzXkvG.exe
  C:\Windows\System\DZzXkvG.exe
  2⤵
  PID:3572
- C:\Windows\System\IBdFuqH.exe
  C:\Windows\System\IBdFuqH.exe
  2⤵
  PID:3912
- C:\Windows\System\MrJPCRj.exe
  C:\Windows\System\MrJPCRj.exe
  2⤵
  PID:3792
- C:\Windows\System\zWwJRDT.exe
  C:\Windows\System\zWwJRDT.exe
  2⤵
  PID:3208
- C:\Windows\System\ySzCYQU.exe
  C:\Windows\System\ySzCYQU.exe
  2⤵
  PID:3324
- C:\Windows\System\wbFZqKm.exe
  C:\Windows\System\wbFZqKm.exe
  2⤵
  PID:2616
- C:\Windows\System\UILtNMw.exe
  C:\Windows\System\UILtNMw.exe
  2⤵
  PID:4164
- C:\Windows\System\ItRDVgH.exe
  C:\Windows\System\ItRDVgH.exe
  2⤵
  PID:4100
- C:\Windows\System\BtRACRG.exe
  C:\Windows\System\BtRACRG.exe
  2⤵
  PID:4204
- C:\Windows\System\EkTZHEz.exe
  C:\Windows\System\EkTZHEz.exe
  2⤵
  PID:4276
- C:\Windows\System\ClVWeZN.exe
  C:\Windows\System\ClVWeZN.exe
  2⤵
  PID:4184
- C:\Windows\System\euQaKJn.exe
  C:\Windows\System\euQaKJn.exe
  2⤵
  PID:4224
- C:\Windows\System\bFSlsNb.exe
  C:\Windows\System\bFSlsNb.exe
  2⤵
  PID:4304
- C:\Windows\System\gAgNUpV.exe
  C:\Windows\System\gAgNUpV.exe
  2⤵
  PID:4336
- C:\Windows\System\VtbssHV.exe
  C:\Windows\System\VtbssHV.exe
  2⤵
  PID:4400
- C:\Windows\System\fBNYggG.exe
  C:\Windows\System\fBNYggG.exe
  2⤵
  PID:4380
- C:\Windows\System\AYVAEqT.exe
  C:\Windows\System\AYVAEqT.exe
  2⤵
  PID:4420
- C:\Windows\System\mEbKnoY.exe
  C:\Windows\System\mEbKnoY.exe
  2⤵
  PID:4424
- C:\Windows\System\KHICFoq.exe
  C:\Windows\System\KHICFoq.exe
  2⤵
  PID:4520
- C:\Windows\System\LCqlFWz.exe
  C:\Windows\System\LCqlFWz.exe
  2⤵
  PID:4568
- C:\Windows\System\fpzIaKN.exe
  C:\Windows\System\fpzIaKN.exe
  2⤵
  PID:4600
- C:\Windows\System\eJblhtK.exe
  C:\Windows\System\eJblhtK.exe
  2⤵
  PID:4604
- C:\Windows\System\GizJkpz.exe
  C:\Windows\System\GizJkpz.exe
  2⤵
  PID:4620
- C:\Windows\System\XJrMqxB.exe
  C:\Windows\System\XJrMqxB.exe
  2⤵
  PID:4688
- C:\Windows\System\yzfEjyD.exe
  C:\Windows\System\yzfEjyD.exe
  2⤵
  PID:4680
- C:\Windows\System\GLgIyJR.exe
  C:\Windows\System\GLgIyJR.exe
  2⤵
  PID:4704
- C:\Windows\System\fwKRABh.exe
  C:\Windows\System\fwKRABh.exe
  2⤵
  PID:4764
- C:\Windows\System\MsfvLQB.exe
  C:\Windows\System\MsfvLQB.exe
  2⤵
  PID:4840
- C:\Windows\System\JiXIweJ.exe
  C:\Windows\System\JiXIweJ.exe
  2⤵
  PID:4780
- C:\Windows\System\bGndbZO.exe
  C:\Windows\System\bGndbZO.exe
  2⤵
  PID:4888
- C:\Windows\System\YEFgoKM.exe
  C:\Windows\System\YEFgoKM.exe
  2⤵
  PID:4932
- C:\Windows\System\hSssAzT.exe
  C:\Windows\System\hSssAzT.exe
  2⤵
  PID:4908
- C:\Windows\System\FbJmPcM.exe
  C:\Windows\System\FbJmPcM.exe
  2⤵
  PID:4944
- C:\Windows\System\sLRPjBi.exe
  C:\Windows\System\sLRPjBi.exe
  2⤵
  PID:5004
- C:\Windows\System\hCeoIoT.exe
  C:\Windows\System\hCeoIoT.exe
  2⤵
  PID:5048
- C:\Windows\System\Zijpdku.exe
  C:\Windows\System\Zijpdku.exe
  2⤵
  PID:5080
- C:\Windows\System\xZIzSMM.exe
  C:\Windows\System\xZIzSMM.exe
  2⤵
  PID:5068
- C:\Windows\System\fZYnXvk.exe
  C:\Windows\System\fZYnXvk.exe
  2⤵
  PID:3728
- C:\Windows\System\vXuznGT.exe
  C:\Windows\System\vXuznGT.exe
  2⤵
  PID:2560
- C:\Windows\System\RZGeVoK.exe
  C:\Windows\System\RZGeVoK.exe
  2⤵
  PID:3332
- C:\Windows\System\PBWfjKc.exe
  C:\Windows\System\PBWfjKc.exe
  2⤵
  PID:4156
- C:\Windows\System\xqgxcgc.exe
  C:\Windows\System\xqgxcgc.exe
  2⤵
  PID:4208
- C:\Windows\System\qpPhYvN.exe
  C:\Windows\System\qpPhYvN.exe
  2⤵
  PID:4200
- C:\Windows\System\xszsUfI.exe
  C:\Windows\System\xszsUfI.exe
  2⤵
  PID:4136
- C:\Windows\System\UDMYrXM.exe
  C:\Windows\System\UDMYrXM.exe
  2⤵
  PID:4220
- C:\Windows\System\EngQCte.exe
  C:\Windows\System\EngQCte.exe
  2⤵
  PID:4404
- C:\Windows\System\ZXjppPl.exe
  C:\Windows\System\ZXjppPl.exe
  2⤵
  PID:4440
- C:\Windows\System\VCIgTAX.exe
  C:\Windows\System\VCIgTAX.exe
  2⤵
  PID:4416
- C:\Windows\System\ncPubEZ.exe
  C:\Windows\System\ncPubEZ.exe
  2⤵
  PID:4528
- C:\Windows\System\qwTClCf.exe
  C:\Windows\System\qwTClCf.exe
  2⤵
  PID:4564
- C:\Windows\System\wJFLGSy.exe
  C:\Windows\System\wJFLGSy.exe
  2⤵
  PID:4580
- C:\Windows\System\EGSCiXG.exe
  C:\Windows\System\EGSCiXG.exe
  2⤵
  PID:4684
- C:\Windows\System\okqMLqe.exe
  C:\Windows\System\okqMLqe.exe
  2⤵
  PID:4728
- C:\Windows\System\WnytYjH.exe
  C:\Windows\System\WnytYjH.exe
  2⤵
  PID:4844
- C:\Windows\System\ZkmdkOC.exe
  C:\Windows\System\ZkmdkOC.exe
  2⤵
  PID:4784
- C:\Windows\System\tKdHhxd.exe
  C:\Windows\System\tKdHhxd.exe
  2⤵
  PID:4860
- C:\Windows\System\mKLXrhE.exe
  C:\Windows\System\mKLXrhE.exe
  2⤵
  PID:4868
- C:\Windows\System\islCzAR.exe
  C:\Windows\System\islCzAR.exe
  2⤵
  PID:5012
- C:\Windows\System\QPqxIzK.exe
  C:\Windows\System\QPqxIzK.exe
  2⤵
  PID:5028
- C:\Windows\System\AaFiyFg.exe
  C:\Windows\System\AaFiyFg.exe
  2⤵
  PID:5116
- C:\Windows\System\BXcZzPc.exe
  C:\Windows\System\BXcZzPc.exe
  2⤵
  PID:4076
- C:\Windows\System\wwrgUkL.exe
  C:\Windows\System\wwrgUkL.exe
  2⤵
  PID:3228
- C:\Windows\System\ZvvlLLN.exe
  C:\Windows\System\ZvvlLLN.exe
  2⤵
  PID:3248
- C:\Windows\System\ghcjumQ.exe
  C:\Windows\System\ghcjumQ.exe
  2⤵
  PID:4260
- C:\Windows\System\CaPqRLc.exe
  C:\Windows\System\CaPqRLc.exe
  2⤵
  PID:4368
- C:\Windows\System\mCiyhmi.exe
  C:\Windows\System\mCiyhmi.exe
  2⤵
  PID:4484
- C:\Windows\System\eTLeFOD.exe
  C:\Windows\System\eTLeFOD.exe
  2⤵
  PID:4560
- C:\Windows\System\owvLhgQ.exe
  C:\Windows\System\owvLhgQ.exe
  2⤵
  PID:4740
- C:\Windows\System\fvYdlWm.exe
  C:\Windows\System\fvYdlWm.exe
  2⤵
  PID:4664
- C:\Windows\System\BYzJdBV.exe
  C:\Windows\System\BYzJdBV.exe
  2⤵
  PID:4900
- C:\Windows\System\AVbOGXH.exe
  C:\Windows\System\AVbOGXH.exe
  2⤵
  PID:4816
- C:\Windows\System\rTgVYBK.exe
  C:\Windows\System\rTgVYBK.exe
  2⤵
  PID:3868
- C:\Windows\System\kxpOtzI.exe
  C:\Windows\System\kxpOtzI.exe
  2⤵
  PID:5000
- C:\Windows\System\dXdqiHj.exe
  C:\Windows\System\dXdqiHj.exe
  2⤵
  PID:4124
- C:\Windows\System\scAHSBh.exe
  C:\Windows\System\scAHSBh.exe
  2⤵
  PID:4396
- C:\Windows\System\wXjzQvQ.exe
  C:\Windows\System\wXjzQvQ.exe
  2⤵
  PID:5140
- C:\Windows\System\npTKNfx.exe
  C:\Windows\System\npTKNfx.exe
  2⤵
  PID:5160
- C:\Windows\System\UcNZHLv.exe
  C:\Windows\System\UcNZHLv.exe
  2⤵
  PID:5180
- C:\Windows\System\vMbEgjT.exe
  C:\Windows\System\vMbEgjT.exe
  2⤵
  PID:5200
- C:\Windows\System\TfsjBYg.exe
  C:\Windows\System\TfsjBYg.exe
  2⤵
  PID:5220
- C:\Windows\System\JWvnOeu.exe
  C:\Windows\System\JWvnOeu.exe
  2⤵
  PID:5240
- C:\Windows\System\TUPFiIp.exe
  C:\Windows\System\TUPFiIp.exe
  2⤵
  PID:5260
- C:\Windows\System\RLIYEpr.exe
  C:\Windows\System\RLIYEpr.exe
  2⤵
  PID:5280
- C:\Windows\System\IetHHxG.exe
  C:\Windows\System\IetHHxG.exe
  2⤵
  PID:5304
- C:\Windows\System\ZPNffBO.exe
  C:\Windows\System\ZPNffBO.exe
  2⤵
  PID:5324
- C:\Windows\System\HsGMnPl.exe
  C:\Windows\System\HsGMnPl.exe
  2⤵
  PID:5344
- C:\Windows\System\RmyEizA.exe
  C:\Windows\System\RmyEizA.exe
  2⤵
  PID:5364
- C:\Windows\System\ibSUcun.exe
  C:\Windows\System\ibSUcun.exe
  2⤵
  PID:5384
- C:\Windows\System\XrZQizN.exe
  C:\Windows\System\XrZQizN.exe
  2⤵
  PID:5404
- C:\Windows\System\XSOYQgY.exe
  C:\Windows\System\XSOYQgY.exe
  2⤵
  PID:5424
- C:\Windows\System\gjHFymK.exe
  C:\Windows\System\gjHFymK.exe
  2⤵
  PID:5444
- C:\Windows\System\MWFYtyb.exe
  C:\Windows\System\MWFYtyb.exe
  2⤵
  PID:5464
- C:\Windows\System\ljVUEsh.exe
  C:\Windows\System\ljVUEsh.exe
  2⤵
  PID:5484
- C:\Windows\System\YteDCDR.exe
  C:\Windows\System\YteDCDR.exe
  2⤵
  PID:5504
- C:\Windows\System\PWOKnmC.exe
  C:\Windows\System\PWOKnmC.exe
  2⤵
  PID:5524
- C:\Windows\System\ojiScvX.exe
  C:\Windows\System\ojiScvX.exe
  2⤵
  PID:5544
- C:\Windows\System\KLAPITu.exe
  C:\Windows\System\KLAPITu.exe
  2⤵
  PID:5564
- C:\Windows\System\iUuaeSn.exe
  C:\Windows\System\iUuaeSn.exe
  2⤵
  PID:5584
- C:\Windows\System\bbNWFnC.exe
  C:\Windows\System\bbNWFnC.exe
  2⤵
  PID:5604
- C:\Windows\System\owUGgbB.exe
  C:\Windows\System\owUGgbB.exe
  2⤵
  PID:5624
- C:\Windows\System\vGpkcSw.exe
  C:\Windows\System\vGpkcSw.exe
  2⤵
  PID:5644
- C:\Windows\System\uFVVRuE.exe
  C:\Windows\System\uFVVRuE.exe
  2⤵
  PID:5664
- C:\Windows\System\PkKuJSo.exe
  C:\Windows\System\PkKuJSo.exe
  2⤵
  PID:5684
- C:\Windows\System\yhnsvfF.exe
  C:\Windows\System\yhnsvfF.exe
  2⤵
  PID:5704
- C:\Windows\System\jSHEvdQ.exe
  C:\Windows\System\jSHEvdQ.exe
  2⤵
  PID:5724
- C:\Windows\System\MYhmlBA.exe
  C:\Windows\System\MYhmlBA.exe
  2⤵
  PID:5744
- C:\Windows\System\wXyrcbu.exe
  C:\Windows\System\wXyrcbu.exe
  2⤵
  PID:5764
- C:\Windows\System\SEWGCkZ.exe
  C:\Windows\System\SEWGCkZ.exe
  2⤵
  PID:5784
- C:\Windows\System\fJUJjsd.exe
  C:\Windows\System\fJUJjsd.exe
  2⤵
  PID:5804
- C:\Windows\System\AwLvvtP.exe
  C:\Windows\System\AwLvvtP.exe
  2⤵
  PID:5832
- C:\Windows\System\dbqdhqn.exe
  C:\Windows\System\dbqdhqn.exe
  2⤵
  PID:5852
- C:\Windows\System\hsviWFP.exe
  C:\Windows\System\hsviWFP.exe
  2⤵
  PID:5872
- C:\Windows\System\IEwHZYI.exe
  C:\Windows\System\IEwHZYI.exe
  2⤵
  PID:5892
- C:\Windows\System\LUnvaSW.exe
  C:\Windows\System\LUnvaSW.exe
  2⤵
  PID:5912
- C:\Windows\System\RKvIzJZ.exe
  C:\Windows\System\RKvIzJZ.exe
  2⤵
  PID:5932
- C:\Windows\System\qCmIekE.exe
  C:\Windows\System\qCmIekE.exe
  2⤵
  PID:5952
- C:\Windows\System\PCMaVWR.exe
  C:\Windows\System\PCMaVWR.exe
  2⤵
  PID:5972
- C:\Windows\System\qpgRSMq.exe
  C:\Windows\System\qpgRSMq.exe
  2⤵
  PID:5992
- C:\Windows\System\JsyObFJ.exe
  C:\Windows\System\JsyObFJ.exe
  2⤵
  PID:6012
- C:\Windows\System\yeKEixD.exe
  C:\Windows\System\yeKEixD.exe
  2⤵
  PID:6032
- C:\Windows\System\AaTiXdg.exe
  C:\Windows\System\AaTiXdg.exe
  2⤵
  PID:6052
- C:\Windows\System\dhVeLKn.exe
  C:\Windows\System\dhVeLKn.exe
  2⤵
  PID:6076
- C:\Windows\System\IREnaXo.exe
  C:\Windows\System\IREnaXo.exe
  2⤵
  PID:6096
- C:\Windows\System\PHTsFfe.exe
  C:\Windows\System\PHTsFfe.exe
  2⤵
  PID:6116
- C:\Windows\System\QiZpSAw.exe
  C:\Windows\System\QiZpSAw.exe
  2⤵
  PID:6136
- C:\Windows\System\qYEVZIQ.exe
  C:\Windows\System\qYEVZIQ.exe
  2⤵
  PID:4236
- C:\Windows\System\hbKkJTm.exe
  C:\Windows\System\hbKkJTm.exe
  2⤵
  PID:4488
- C:\Windows\System\jOSnqvG.exe
  C:\Windows\System\jOSnqvG.exe
  2⤵
  PID:1276
- C:\Windows\System\qFFtJlD.exe
  C:\Windows\System\qFFtJlD.exe
  2⤵
  PID:4924
- C:\Windows\System\rbwTVMF.exe
  C:\Windows\System\rbwTVMF.exe
  2⤵
  PID:3864
- C:\Windows\System\ChccQTQ.exe
  C:\Windows\System\ChccQTQ.exe
  2⤵
  PID:5112
- C:\Windows\System\MjtzuZa.exe
  C:\Windows\System\MjtzuZa.exe
  2⤵
  PID:3552
- C:\Windows\System\lrJJchP.exe
  C:\Windows\System\lrJJchP.exe
  2⤵
  PID:5156
- C:\Windows\System\EHkxbMq.exe
  C:\Windows\System\EHkxbMq.exe
  2⤵
  PID:5188
- C:\Windows\System\EWQkxEh.exe
  C:\Windows\System\EWQkxEh.exe
  2⤵
  PID:5212
- C:\Windows\System\ekgLCDN.exe
  C:\Windows\System\ekgLCDN.exe
  2⤵
  PID:5256
- C:\Windows\System\pPoWftK.exe
  C:\Windows\System\pPoWftK.exe
  2⤵
  PID:5312
- C:\Windows\System\irEnqfG.exe
  C:\Windows\System\irEnqfG.exe
  2⤵
  PID:5316
- C:\Windows\System\tRyiPFS.exe
  C:\Windows\System\tRyiPFS.exe
  2⤵
  PID:5360
- C:\Windows\System\HTRyqUh.exe
  C:\Windows\System\HTRyqUh.exe
  2⤵
  PID:3816
- C:\Windows\System\Lmifoyy.exe
  C:\Windows\System\Lmifoyy.exe
  2⤵
  PID:5432
- C:\Windows\System\NmieSRu.exe
  C:\Windows\System\NmieSRu.exe
  2⤵
  PID:5452
- C:\Windows\System\aaFsjNR.exe
  C:\Windows\System\aaFsjNR.exe
  2⤵
  PID:5476
- C:\Windows\System\fpPMVTR.exe
  C:\Windows\System\fpPMVTR.exe
  2⤵
  PID:5496
- C:\Windows\System\AKwVIaO.exe
  C:\Windows\System\AKwVIaO.exe
  2⤵
  PID:5556
- C:\Windows\System\jYIwcdJ.exe
  C:\Windows\System\jYIwcdJ.exe
  2⤵
  PID:5640
- C:\Windows\System\nxwMzRx.exe
  C:\Windows\System\nxwMzRx.exe
  2⤵
  PID:5580
- C:\Windows\System\rmzUuIb.exe
  C:\Windows\System\rmzUuIb.exe
  2⤵
  PID:5652
- C:\Windows\System\kMAoWGv.exe
  C:\Windows\System\kMAoWGv.exe
  2⤵
  PID:5676
- C:\Windows\System\ORktFxY.exe
  C:\Windows\System\ORktFxY.exe
  2⤵
  PID:5760
- C:\Windows\System\QKrbTjo.exe
  C:\Windows\System\QKrbTjo.exe
  2⤵
  PID:5700
- C:\Windows\System\RYyegEY.exe
  C:\Windows\System\RYyegEY.exe
  2⤵
  PID:5772
- C:\Windows\System\pfubsxQ.exe
  C:\Windows\System\pfubsxQ.exe
  2⤵
  PID:5840
- C:\Windows\System\MFGITZW.exe
  C:\Windows\System\MFGITZW.exe
  2⤵
  PID:5868
- C:\Windows\System\TYUhkGZ.exe
  C:\Windows\System\TYUhkGZ.exe
  2⤵
  PID:5900
- C:\Windows\System\rCyTkcm.exe
  C:\Windows\System\rCyTkcm.exe
  2⤵
  PID:5924
- C:\Windows\System\RPwtCsV.exe
  C:\Windows\System\RPwtCsV.exe
  2⤵
  PID:5944
- C:\Windows\System\jOkHFZo.exe
  C:\Windows\System\jOkHFZo.exe
  2⤵
  PID:6000
- C:\Windows\System\hQcWUZu.exe
  C:\Windows\System\hQcWUZu.exe
  2⤵
  PID:6040
- C:\Windows\System\AjUcJBC.exe
  C:\Windows\System\AjUcJBC.exe
  2⤵
  PID:6064
- C:\Windows\System\qtCTtCp.exe
  C:\Windows\System\qtCTtCp.exe
  2⤵
  PID:6112
- C:\Windows\System\LxMFgNT.exe
  C:\Windows\System\LxMFgNT.exe
  2⤵
  PID:4332
- C:\Windows\System\gSErmmG.exe
  C:\Windows\System\gSErmmG.exe
  2⤵
  PID:4540
- C:\Windows\System\ElXxTye.exe
  C:\Windows\System\ElXxTye.exe
  2⤵
  PID:4904
- C:\Windows\System\JOgjprm.exe
  C:\Windows\System\JOgjprm.exe
  2⤵
  PID:5044
- C:\Windows\System\QeGVQgp.exe
  C:\Windows\System\QeGVQgp.exe
  2⤵
  PID:4292
- C:\Windows\System\TZAexvv.exe
  C:\Windows\System\TZAexvv.exe
  2⤵
  PID:5168
- C:\Windows\System\jUeTUoU.exe
  C:\Windows\System\jUeTUoU.exe
  2⤵
  PID:5208
- C:\Windows\System\uMEosZi.exe
  C:\Windows\System\uMEosZi.exe
  2⤵
  PID:5352
- C:\Windows\System\rlXjZFn.exe
  C:\Windows\System\rlXjZFn.exe
  2⤵
  PID:5472
- C:\Windows\System\XeLktyQ.exe
  C:\Windows\System\XeLktyQ.exe
  2⤵
  PID:5232
- C:\Windows\System\ELQDIlr.exe
  C:\Windows\System\ELQDIlr.exe
  2⤵
  PID:5392
- C:\Windows\System\JPFyNOO.exe
  C:\Windows\System\JPFyNOO.exe
  2⤵
  PID:5500
- C:\Windows\System\DmVUwUU.exe
  C:\Windows\System\DmVUwUU.exe
  2⤵
  PID:5552
- C:\Windows\System\qbfeajo.exe
  C:\Windows\System\qbfeajo.exe
  2⤵
  PID:5656
- C:\Windows\System\dFPgjhy.exe
  C:\Windows\System\dFPgjhy.exe
  2⤵
  PID:5776
- C:\Windows\System\mXJarYZ.exe
  C:\Windows\System\mXJarYZ.exe
  2⤵
  PID:5612
- C:\Windows\System\ckRVEBo.exe
  C:\Windows\System\ckRVEBo.exe
  2⤵
  PID:5716
- C:\Windows\System\TULMQTp.exe
  C:\Windows\System\TULMQTp.exe
  2⤵
  PID:5820
- C:\Windows\System\XTqQfUT.exe
  C:\Windows\System\XTqQfUT.exe
  2⤵
  PID:5816
- C:\Windows\System\BjUAxTs.exe
  C:\Windows\System\BjUAxTs.exe
  2⤵
  PID:5968
- C:\Windows\System\MBJvLaf.exe
  C:\Windows\System\MBJvLaf.exe
  2⤵
  PID:6004
- C:\Windows\System\gbTENKS.exe
  C:\Windows\System\gbTENKS.exe
  2⤵
  PID:6044
- C:\Windows\System\jtFKRSg.exe
  C:\Windows\System\jtFKRSg.exe
  2⤵
  PID:6128
- C:\Windows\System\YzRFwgG.exe
  C:\Windows\System\YzRFwgG.exe
  2⤵
  PID:4644
- C:\Windows\System\ESPnKBl.exe
  C:\Windows\System\ESPnKBl.exe
  2⤵
  PID:4968
- C:\Windows\System\aBcXwDD.exe
  C:\Windows\System\aBcXwDD.exe
  2⤵
  PID:5136
- C:\Windows\System\ItHckBe.exe
  C:\Windows\System\ItHckBe.exe
  2⤵
  PID:6160
- C:\Windows\System\OciCLPc.exe
  C:\Windows\System\OciCLPc.exe
  2⤵
  PID:6180
- C:\Windows\System\fdvBiLV.exe
  C:\Windows\System\fdvBiLV.exe
  2⤵
  PID:6200
- C:\Windows\System\WSDctYq.exe
  C:\Windows\System\WSDctYq.exe
  2⤵
  PID:6220
- C:\Windows\System\qiJTthC.exe
  C:\Windows\System\qiJTthC.exe
  2⤵
  PID:6240
- C:\Windows\System\FCjZSwT.exe
  C:\Windows\System\FCjZSwT.exe
  2⤵
  PID:6260
- C:\Windows\System\RgSNrQn.exe
  C:\Windows\System\RgSNrQn.exe
  2⤵
  PID:6280
- C:\Windows\System\sRBYjQD.exe
  C:\Windows\System\sRBYjQD.exe
  2⤵
  PID:6300
- C:\Windows\System\SweJKVp.exe
  C:\Windows\System\SweJKVp.exe
  2⤵
  PID:6320
- C:\Windows\System\mfwGqGT.exe
  C:\Windows\System\mfwGqGT.exe
  2⤵
  PID:6340
- C:\Windows\System\MrwHqGb.exe
  C:\Windows\System\MrwHqGb.exe
  2⤵
  PID:6360
- C:\Windows\System\VyrGaWq.exe
  C:\Windows\System\VyrGaWq.exe
  2⤵
  PID:6380
- C:\Windows\System\VttKNya.exe
  C:\Windows\System\VttKNya.exe
  2⤵
  PID:6404
- C:\Windows\System\dOrRGuS.exe
  C:\Windows\System\dOrRGuS.exe
  2⤵
  PID:6424
- C:\Windows\System\TxgJBBx.exe
  C:\Windows\System\TxgJBBx.exe
  2⤵
  PID:6444
- C:\Windows\System\vDvxggZ.exe
  C:\Windows\System\vDvxggZ.exe
  2⤵
  PID:6464
- C:\Windows\System\xsfYsYk.exe
  C:\Windows\System\xsfYsYk.exe
  2⤵
  PID:6484
- C:\Windows\System\oSSpeIK.exe
  C:\Windows\System\oSSpeIK.exe
  2⤵
  PID:6504
- C:\Windows\System\Zhdfhvy.exe
  C:\Windows\System\Zhdfhvy.exe
  2⤵
  PID:6528
- C:\Windows\System\NLwFrcq.exe
  C:\Windows\System\NLwFrcq.exe
  2⤵
  PID:6548
- C:\Windows\System\AOQAAfR.exe
  C:\Windows\System\AOQAAfR.exe
  2⤵
  PID:6568
- C:\Windows\System\qbcNGVM.exe
  C:\Windows\System\qbcNGVM.exe
  2⤵
  PID:6588
- C:\Windows\System\oAGVYUx.exe
  C:\Windows\System\oAGVYUx.exe
  2⤵
  PID:6608
- C:\Windows\System\KMufmCP.exe
  C:\Windows\System\KMufmCP.exe
  2⤵
  PID:6628
- C:\Windows\System\tZIXxqo.exe
  C:\Windows\System\tZIXxqo.exe
  2⤵
  PID:6652
- C:\Windows\System\TBUcDNb.exe
  C:\Windows\System\TBUcDNb.exe
  2⤵
  PID:6672
- C:\Windows\System\sgBgaKZ.exe
  C:\Windows\System\sgBgaKZ.exe
  2⤵
  PID:6692
- C:\Windows\System\oZYoCEv.exe
  C:\Windows\System\oZYoCEv.exe
  2⤵
  PID:6712
- C:\Windows\System\cJsQzYV.exe
  C:\Windows\System\cJsQzYV.exe
  2⤵
  PID:6732
- C:\Windows\System\CiygXSI.exe
  C:\Windows\System\CiygXSI.exe
  2⤵
  PID:6752
- C:\Windows\System\psSNcTj.exe
  C:\Windows\System\psSNcTj.exe
  2⤵
  PID:6772
- C:\Windows\System\srIbiSc.exe
  C:\Windows\System\srIbiSc.exe
  2⤵
  PID:6792
- C:\Windows\System\TwqJThm.exe
  C:\Windows\System\TwqJThm.exe
  2⤵
  PID:6812
- C:\Windows\System\mbkWaxY.exe
  C:\Windows\System\mbkWaxY.exe
  2⤵
  PID:6832
- C:\Windows\System\thRawXM.exe
  C:\Windows\System\thRawXM.exe
  2⤵
  PID:6852
- C:\Windows\System\kOXKDhC.exe
  C:\Windows\System\kOXKDhC.exe
  2⤵
  PID:6872
- C:\Windows\System\XfYfhkk.exe
  C:\Windows\System\XfYfhkk.exe
  2⤵
  PID:6892
- C:\Windows\System\EonlCoW.exe
  C:\Windows\System\EonlCoW.exe
  2⤵
  PID:6912
- C:\Windows\System\BZnafdD.exe
  C:\Windows\System\BZnafdD.exe
  2⤵
  PID:6932
- C:\Windows\System\zHmbfkP.exe
  C:\Windows\System\zHmbfkP.exe
  2⤵
  PID:6952
- C:\Windows\System\XfSvREs.exe
  C:\Windows\System\XfSvREs.exe
  2⤵
  PID:6972
- C:\Windows\System\SuLOXhw.exe
  C:\Windows\System\SuLOXhw.exe
  2⤵
  PID:6992
- C:\Windows\System\YNaBbiM.exe
  C:\Windows\System\YNaBbiM.exe
  2⤵
  PID:7012
- C:\Windows\System\AlHHbue.exe
  C:\Windows\System\AlHHbue.exe
  2⤵
  PID:7032
- C:\Windows\System\RjqWWat.exe
  C:\Windows\System\RjqWWat.exe
  2⤵
  PID:7052
- C:\Windows\System\SgEiRQI.exe
  C:\Windows\System\SgEiRQI.exe
  2⤵
  PID:7072
- C:\Windows\System\HlpdLxM.exe
  C:\Windows\System\HlpdLxM.exe
  2⤵
  PID:7092
- C:\Windows\System\gbsQidX.exe
  C:\Windows\System\gbsQidX.exe
  2⤵
  PID:7112
- C:\Windows\System\FulTmtL.exe
  C:\Windows\System\FulTmtL.exe
  2⤵
  PID:7128
- C:\Windows\System\MlQxmOi.exe
  C:\Windows\System\MlQxmOi.exe
  2⤵
  PID:7152
- C:\Windows\System\ECOMlsL.exe
  C:\Windows\System\ECOMlsL.exe
  2⤵
  PID:5176
- C:\Windows\System\iugrKdx.exe
  C:\Windows\System\iugrKdx.exe
  2⤵
  PID:5400
- C:\Windows\System\KiQrCqo.exe
  C:\Windows\System\KiQrCqo.exe
  2⤵
  PID:3028
- C:\Windows\System\zSxAVnH.exe
  C:\Windows\System\zSxAVnH.exe
  2⤵
  PID:5292
- C:\Windows\System\RnvjZwl.exe
  C:\Windows\System\RnvjZwl.exe
  2⤵
  PID:5572
- C:\Windows\System\kovKldf.exe
  C:\Windows\System\kovKldf.exe
  2⤵
  PID:1668
- C:\Windows\System\dfNOkYT.exe
  C:\Windows\System\dfNOkYT.exe
  2⤵
  PID:5692
- C:\Windows\System\owVsPHV.exe
  C:\Windows\System\owVsPHV.exe
  2⤵
  PID:5752
- C:\Windows\System\sWqYBDY.exe
  C:\Windows\System\sWqYBDY.exe
  2⤵
  PID:5928
- C:\Windows\System\fDKnpkC.exe
  C:\Windows\System\fDKnpkC.exe
  2⤵
  PID:5884
- C:\Windows\System\oIpYSpY.exe
  C:\Windows\System\oIpYSpY.exe
  2⤵
  PID:5980
- C:\Windows\System\ibDCVbJ.exe
  C:\Windows\System\ibDCVbJ.exe
  2⤵
  PID:6088
- C:\Windows\System\ELaYmfZ.exe
  C:\Windows\System\ELaYmfZ.exe
  2⤵
  PID:5132
- C:\Windows\System\eSDjCDY.exe
  C:\Windows\System\eSDjCDY.exe
  2⤵
  PID:5824
- C:\Windows\System\TGrYfqi.exe
  C:\Windows\System\TGrYfqi.exe
  2⤵
  PID:6168
- C:\Windows\System\RxtYefC.exe
  C:\Windows\System\RxtYefC.exe
  2⤵
  PID:6212
- C:\Windows\System\Bhafjvc.exe
  C:\Windows\System\Bhafjvc.exe
  2⤵
  PID:6252
- C:\Windows\System\rWVwszJ.exe
  C:\Windows\System\rWVwszJ.exe
  2⤵
  PID:6236
- C:\Windows\System\iSWwGOC.exe
  C:\Windows\System\iSWwGOC.exe
  2⤵
  PID:6276
- C:\Windows\System\ugrtEOE.exe
  C:\Windows\System\ugrtEOE.exe
  2⤵
  PID:6332
- C:\Windows\System\IcKQfRP.exe
  C:\Windows\System\IcKQfRP.exe
  2⤵
  PID:6356
- C:\Windows\System\wWlPirf.exe
  C:\Windows\System\wWlPirf.exe
  2⤵
  PID:6412
- C:\Windows\System\ibnibFF.exe
  C:\Windows\System\ibnibFF.exe
  2⤵
  PID:6452
- C:\Windows\System\MvYDNBO.exe
  C:\Windows\System\MvYDNBO.exe
  2⤵
  PID:6472
- C:\Windows\System\XsjzhQW.exe
  C:\Windows\System\XsjzhQW.exe
  2⤵
  PID:6496
- C:\Windows\System\lqKApZH.exe
  C:\Windows\System\lqKApZH.exe
  2⤵
  PID:6536
- C:\Windows\System\teIWjIr.exe
  C:\Windows\System\teIWjIr.exe
  2⤵
  PID:6580
- C:\Windows\System\auUXhnH.exe
  C:\Windows\System\auUXhnH.exe
  2⤵
  PID:6596
- C:\Windows\System\ZUeomhu.exe
  C:\Windows\System\ZUeomhu.exe
  2⤵
  PID:6636
- C:\Windows\System\gbLuVmY.exe
  C:\Windows\System\gbLuVmY.exe
  2⤵
  PID:6640
- C:\Windows\System\BKTReoY.exe
  C:\Windows\System\BKTReoY.exe
  2⤵
  PID:6684
- C:\Windows\System\JxHMFyZ.exe
  C:\Windows\System\JxHMFyZ.exe
  2⤵
  PID:6740
- C:\Windows\System\zxbuAor.exe
  C:\Windows\System\zxbuAor.exe
  2⤵
  PID:6744
- C:\Windows\System\PYsHqyx.exe
  C:\Windows\System\PYsHqyx.exe
  2⤵
  PID:6784
- C:\Windows\System\sTBmcZl.exe
  C:\Windows\System\sTBmcZl.exe
  2⤵
  PID:6800
- C:\Windows\System\txosMMm.exe
  C:\Windows\System\txosMMm.exe
  2⤵
  PID:6848
- C:\Windows\System\ujJpyNv.exe
  C:\Windows\System\ujJpyNv.exe
  2⤵
  PID:6888
- C:\Windows\System\YYXUJGL.exe
  C:\Windows\System\YYXUJGL.exe
  2⤵
  PID:6920
- C:\Windows\System\UVwlMsv.exe
  C:\Windows\System\UVwlMsv.exe
  2⤵
  PID:6948
- C:\Windows\System\mGmaKli.exe
  C:\Windows\System\mGmaKli.exe
  2⤵
  PID:6968
- C:\Windows\System\zchvQvn.exe
  C:\Windows\System\zchvQvn.exe
  2⤵
  PID:1748
- C:\Windows\System\vgPZyAx.exe
  C:\Windows\System\vgPZyAx.exe
  2⤵
  PID:2736
- C:\Windows\System\DSWLTxp.exe
  C:\Windows\System\DSWLTxp.exe
  2⤵
  PID:7048
- C:\Windows\System\yCxlWDx.exe
  C:\Windows\System\yCxlWDx.exe
  2⤵
  PID:7080
- C:\Windows\System\DiUXkHL.exe
  C:\Windows\System\DiUXkHL.exe
  2⤵
  PID:7136
- C:\Windows\System\jLDvEiR.exe
  C:\Windows\System\jLDvEiR.exe
  2⤵
  PID:7124
- C:\Windows\System\JvyFuer.exe
  C:\Windows\System\JvyFuer.exe
  2⤵
  PID:5252
- C:\Windows\System\HulsoFK.exe
  C:\Windows\System\HulsoFK.exe
  2⤵
  PID:5236
- C:\Windows\System\AdhMjwu.exe
  C:\Windows\System\AdhMjwu.exe
  2⤵
  PID:5436
- C:\Windows\System\zbPbEiA.exe
  C:\Windows\System\zbPbEiA.exe
  2⤵
  PID:5620
- C:\Windows\System\jHNfjJJ.exe
  C:\Windows\System\jHNfjJJ.exe
  2⤵
  PID:5596
- C:\Windows\System\cJrSbyU.exe
  C:\Windows\System\cJrSbyU.exe
  2⤵
  PID:5948
- C:\Windows\System\YRAToLV.exe
  C:\Windows\System\YRAToLV.exe
  2⤵
  PID:6068
- C:\Windows\System\AlrlUmJ.exe
  C:\Windows\System\AlrlUmJ.exe
  2⤵
  PID:4608
- C:\Windows\System\sqogUKz.exe
  C:\Windows\System\sqogUKz.exe
  2⤵
  PID:4436
- C:\Windows\System\YWcZkgB.exe
  C:\Windows\System\YWcZkgB.exe
  2⤵
  PID:6148
- C:\Windows\System\alVrpsb.exe
  C:\Windows\System\alVrpsb.exe
  2⤵
  PID:6228
- C:\Windows\System\MBPkXDI.exe
  C:\Windows\System\MBPkXDI.exe
  2⤵
  PID:6308
- C:\Windows\System\yGzWjSV.exe
  C:\Windows\System\yGzWjSV.exe
  2⤵
  PID:6268
- C:\Windows\System\dVLXemo.exe
  C:\Windows\System\dVLXemo.exe
  2⤵
  PID:6348
- C:\Windows\System\Odlozgx.exe
  C:\Windows\System\Odlozgx.exe
  2⤵
  PID:6432
- C:\Windows\System\sKYeXUX.exe
  C:\Windows\System\sKYeXUX.exe
  2⤵
  PID:6524
- C:\Windows\System\IoZBkJv.exe
  C:\Windows\System\IoZBkJv.exe
  2⤵
  PID:6564
- C:\Windows\System\CWvwAYl.exe
  C:\Windows\System\CWvwAYl.exe
  2⤵
  PID:6604
- C:\Windows\System\nviWGnj.exe
  C:\Windows\System\nviWGnj.exe
  2⤵
  PID:6644
- C:\Windows\System\XpPpAVc.exe
  C:\Windows\System\XpPpAVc.exe
  2⤵
  PID:6688
- C:\Windows\System\mjHbAIB.exe
  C:\Windows\System\mjHbAIB.exe
  2⤵
  PID:6748
- C:\Windows\System\tkYkbCC.exe
  C:\Windows\System\tkYkbCC.exe
  2⤵
  PID:6828
- C:\Windows\System\OWbvEeB.exe
  C:\Windows\System\OWbvEeB.exe
  2⤵
  PID:6880
- C:\Windows\System\SdCKqnJ.exe
  C:\Windows\System\SdCKqnJ.exe
  2⤵
  PID:1912
- C:\Windows\System\qUGjdgk.exe
  C:\Windows\System\qUGjdgk.exe
  2⤵
  PID:7020
- C:\Windows\System\vkXjjcB.exe
  C:\Windows\System\vkXjjcB.exe
  2⤵
  PID:7000
- C:\Windows\System\TZeozrT.exe
  C:\Windows\System\TZeozrT.exe
  2⤵
  PID:7060
- C:\Windows\System\zdFaqYW.exe
  C:\Windows\System\zdFaqYW.exe
  2⤵
  PID:7088
- C:\Windows\System\CuqzxBH.exe
  C:\Windows\System\CuqzxBH.exe
  2⤵
  PID:5412
- C:\Windows\System\aUDdedJ.exe
  C:\Windows\System\aUDdedJ.exe
  2⤵
  PID:5320
- C:\Windows\System\rrbiBhF.exe
  C:\Windows\System\rrbiBhF.exe
  2⤵
  PID:5796
- C:\Windows\System\EVucMKF.exe
  C:\Windows\System\EVucMKF.exe
  2⤵
  PID:2476
- C:\Windows\System\BHihGDA.exe
  C:\Windows\System\BHihGDA.exe
  2⤵
  PID:5600
- C:\Windows\System\oituLRA.exe
  C:\Windows\System\oituLRA.exe
  2⤵
  PID:2624
- C:\Windows\System\CRYIQJc.exe
  C:\Windows\System\CRYIQJc.exe
  2⤵
  PID:6372
- C:\Windows\System\ERXBYHL.exe
  C:\Windows\System\ERXBYHL.exe
  2⤵
  PID:6416
- C:\Windows\System\huDCQEp.exe
  C:\Windows\System\huDCQEp.exe
  2⤵
  PID:6328
- C:\Windows\System\eMTrdUe.exe
  C:\Windows\System\eMTrdUe.exe
  2⤵
  PID:6576
- C:\Windows\System\qUrTCwv.exe
  C:\Windows\System\qUrTCwv.exe
  2⤵
  PID:6500
- C:\Windows\System\yRLIRTH.exe
  C:\Windows\System\yRLIRTH.exe
  2⤵
  PID:6560
- C:\Windows\System\wTSGwBv.exe
  C:\Windows\System\wTSGwBv.exe
  2⤵
  PID:6788
- C:\Windows\System\areRPWQ.exe
  C:\Windows\System\areRPWQ.exe
  2⤵
  PID:6860
- C:\Windows\System\kQaioKG.exe
  C:\Windows\System\kQaioKG.exe
  2⤵
  PID:6808
- C:\Windows\System\meHEKzm.exe
  C:\Windows\System\meHEKzm.exe
  2⤵
  PID:6940
- C:\Windows\System\UjveLyb.exe
  C:\Windows\System\UjveLyb.exe
  2⤵
  PID:7120
- C:\Windows\System\CZkTkza.exe
  C:\Windows\System\CZkTkza.exe
  2⤵
  PID:5340
- C:\Windows\System\iCAzJuP.exe
  C:\Windows\System\iCAzJuP.exe
  2⤵
  PID:5984
- C:\Windows\System\mUOFqpB.exe
  C:\Windows\System\mUOFqpB.exe
  2⤵
  PID:7164
- C:\Windows\System\rTnVEAY.exe
  C:\Windows\System\rTnVEAY.exe
  2⤵
  PID:6156
- C:\Windows\System\polrDjA.exe
  C:\Windows\System\polrDjA.exe
  2⤵
  PID:6584
- C:\Windows\System\LUBEngF.exe
  C:\Windows\System\LUBEngF.exe
  2⤵
  PID:5248
- C:\Windows\System\KpRBjcF.exe
  C:\Windows\System\KpRBjcF.exe
  2⤵
  PID:6192
- C:\Windows\System\ZfwIuIH.exe
  C:\Windows\System\ZfwIuIH.exe
  2⤵
  PID:6824
- C:\Windows\System\DuyGenC.exe
  C:\Windows\System\DuyGenC.exe
  2⤵
  PID:7172
- C:\Windows\System\fxBHqPF.exe
  C:\Windows\System\fxBHqPF.exe
  2⤵
  PID:7188
- C:\Windows\System\fzMcBtw.exe
  C:\Windows\System\fzMcBtw.exe
  2⤵
  PID:7208
- C:\Windows\System\qHvCrtP.exe
  C:\Windows\System\qHvCrtP.exe
  2⤵
  PID:7232
- C:\Windows\System\pbIQnLM.exe
  C:\Windows\System\pbIQnLM.exe
  2⤵
  PID:7252
- C:\Windows\System\dusHKTz.exe
  C:\Windows\System\dusHKTz.exe
  2⤵
  PID:7268
- C:\Windows\System\juretIG.exe
  C:\Windows\System\juretIG.exe
  2⤵
  PID:7292
- C:\Windows\System\LqaaJJX.exe
  C:\Windows\System\LqaaJJX.exe
  2⤵
  PID:7320
- C:\Windows\System\TIrfhjg.exe
  C:\Windows\System\TIrfhjg.exe
  2⤵
  PID:7336
- C:\Windows\System\skfRdJD.exe
  C:\Windows\System\skfRdJD.exe
  2⤵
  PID:7356
- C:\Windows\System\otpyClz.exe
  C:\Windows\System\otpyClz.exe
  2⤵
  PID:7376
- C:\Windows\System\WnEcmjB.exe
  C:\Windows\System\WnEcmjB.exe
  2⤵
  PID:7408
- C:\Windows\System\EBbCEVA.exe
  C:\Windows\System\EBbCEVA.exe
  2⤵
  PID:7428
- C:\Windows\System\qzJoOUQ.exe
  C:\Windows\System\qzJoOUQ.exe
  2⤵
  PID:7444
- C:\Windows\System\ePNAIiG.exe
  C:\Windows\System\ePNAIiG.exe
  2⤵
  PID:7468
- C:\Windows\System\WjDbncq.exe
  C:\Windows\System\WjDbncq.exe
  2⤵
  PID:7484
- C:\Windows\System\nIHhYvr.exe
  C:\Windows\System\nIHhYvr.exe
  2⤵
  PID:7508
- C:\Windows\System\aBJkAjS.exe
  C:\Windows\System\aBJkAjS.exe
  2⤵
  PID:7524
- C:\Windows\System\UcsxpzF.exe
  C:\Windows\System\UcsxpzF.exe
  2⤵
  PID:7540
- C:\Windows\System\nrprPvD.exe
  C:\Windows\System\nrprPvD.exe
  2⤵
  PID:7564
- C:\Windows\System\WlKiedo.exe
  C:\Windows\System\WlKiedo.exe
  2⤵
  PID:7580
- C:\Windows\System\mMPzRZf.exe
  C:\Windows\System\mMPzRZf.exe
  2⤵
  PID:7604
- C:\Windows\System\dAFJGZZ.exe
  C:\Windows\System\dAFJGZZ.exe
  2⤵
  PID:7624
- C:\Windows\System\nYxbSMZ.exe
  C:\Windows\System\nYxbSMZ.exe
  2⤵
  PID:7644
- C:\Windows\System\SJJuzZx.exe
  C:\Windows\System\SJJuzZx.exe
  2⤵
  PID:7668
- C:\Windows\System\atiUBQK.exe
  C:\Windows\System\atiUBQK.exe
  2⤵
  PID:7688
- C:\Windows\System\OCnrEuc.exe
  C:\Windows\System\OCnrEuc.exe
  2⤵
  PID:7708
- C:\Windows\System\FTRdqVs.exe
  C:\Windows\System\FTRdqVs.exe
  2⤵
  PID:7724
- C:\Windows\System\VTUnNjX.exe
  C:\Windows\System\VTUnNjX.exe
  2⤵
  PID:7740
- C:\Windows\System\wGpTINw.exe
  C:\Windows\System\wGpTINw.exe
  2⤵
  PID:7764
- C:\Windows\System\EUyrgfv.exe
  C:\Windows\System\EUyrgfv.exe
  2⤵
  PID:7784
- C:\Windows\System\zzarvYR.exe
  C:\Windows\System\zzarvYR.exe
  2⤵
  PID:7804
- C:\Windows\System\ezSbBQm.exe
  C:\Windows\System\ezSbBQm.exe
  2⤵
  PID:7820
- C:\Windows\System\QFAauZY.exe
  C:\Windows\System\QFAauZY.exe
  2⤵
  PID:7844
- C:\Windows\System\fZcmskt.exe
  C:\Windows\System\fZcmskt.exe
  2⤵
  PID:7864
- C:\Windows\System\UavzyYa.exe
  C:\Windows\System\UavzyYa.exe
  2⤵
  PID:7884
- C:\Windows\System\KpaMdyt.exe
  C:\Windows\System\KpaMdyt.exe
  2⤵
  PID:7900
- C:\Windows\System\oaYOlTz.exe
  C:\Windows\System\oaYOlTz.exe
  2⤵
  PID:7924
- C:\Windows\System\HMqiCJV.exe
  C:\Windows\System\HMqiCJV.exe
  2⤵
  PID:7940
- C:\Windows\System\zAJffzZ.exe
  C:\Windows\System\zAJffzZ.exe
  2⤵
  PID:7960
- C:\Windows\System\UujPXEe.exe
  C:\Windows\System\UujPXEe.exe
  2⤵
  PID:7980
- C:\Windows\System\nvQBVKM.exe
  C:\Windows\System\nvQBVKM.exe
  2⤵
  PID:8000
- C:\Windows\System\ImgNmls.exe
  C:\Windows\System\ImgNmls.exe
  2⤵
  PID:8016
- C:\Windows\System\pbgStEG.exe
  C:\Windows\System\pbgStEG.exe
  2⤵
  PID:8040
- C:\Windows\System\iXGIyVp.exe
  C:\Windows\System\iXGIyVp.exe
  2⤵
  PID:8060
- C:\Windows\System\EAJwmsO.exe
  C:\Windows\System\EAJwmsO.exe
  2⤵
  PID:8080
- C:\Windows\System\pDnDvFd.exe
  C:\Windows\System\pDnDvFd.exe
  2⤵
  PID:8096
- C:\Windows\System\JROFRvz.exe
  C:\Windows\System\JROFRvz.exe
  2⤵
  PID:8128
- C:\Windows\System\rOGIehR.exe
  C:\Windows\System\rOGIehR.exe
  2⤵
  PID:8148
- C:\Windows\System\MPiXTUG.exe
  C:\Windows\System\MPiXTUG.exe
  2⤵
  PID:8168
- C:\Windows\System\GuVUhKp.exe
  C:\Windows\System\GuVUhKp.exe
  2⤵
  PID:8188
- C:\Windows\System\oJlxxcS.exe
  C:\Windows\System\oJlxxcS.exe
  2⤵
  PID:7104
- C:\Windows\System\hGUUbMS.exe
  C:\Windows\System\hGUUbMS.exe
  2⤵
  PID:5800
- C:\Windows\System\YVLsPPr.exe
  C:\Windows\System\YVLsPPr.exe
  2⤵
  PID:6600
- C:\Windows\System\addoSes.exe
  C:\Windows\System\addoSes.exe
  2⤵
  PID:1320
- C:\Windows\System\YrcHBbC.exe
  C:\Windows\System\YrcHBbC.exe
  2⤵
  PID:1916
- C:\Windows\System\EZESjnp.exe
  C:\Windows\System\EZESjnp.exe
  2⤵
  PID:6092
- C:\Windows\System\kLIPCxW.exe
  C:\Windows\System\kLIPCxW.exe
  2⤵
  PID:7248
- C:\Windows\System\THNbjnT.exe
  C:\Windows\System\THNbjnT.exe
  2⤵
  PID:6904
- C:\Windows\System\zRuLWIq.exe
  C:\Windows\System\zRuLWIq.exe
  2⤵
  PID:7224
- C:\Windows\System\GnwrfJl.exe
  C:\Windows\System\GnwrfJl.exe
  2⤵
  PID:7260
- C:\Windows\System\xEWIXZR.exe
  C:\Windows\System\xEWIXZR.exe
  2⤵
  PID:2164
- C:\Windows\System\tyzgeNH.exe
  C:\Windows\System\tyzgeNH.exe
  2⤵
  PID:7372
- C:\Windows\System\GrgqXZh.exe
  C:\Windows\System\GrgqXZh.exe
  2⤵
  PID:7352
- C:\Windows\System\bYsjxJP.exe
  C:\Windows\System\bYsjxJP.exe
  2⤵
  PID:7456
- C:\Windows\System\IAjhknu.exe
  C:\Windows\System\IAjhknu.exe
  2⤵
  PID:7464
- C:\Windows\System\RHrnkUC.exe
  C:\Windows\System\RHrnkUC.exe
  2⤵
  PID:7500
- C:\Windows\System\RyOpWzc.exe
  C:\Windows\System\RyOpWzc.exe
  2⤵
  PID:7396
- C:\Windows\System\YekHWiJ.exe
  C:\Windows\System\YekHWiJ.exe
  2⤵
  PID:7476
- C:\Windows\System\MNCjILr.exe
  C:\Windows\System\MNCjILr.exe
  2⤵
  PID:7612
- C:\Windows\System\nBcgqbm.exe
  C:\Windows\System\nBcgqbm.exe
  2⤵
  PID:7520
- C:\Windows\System\CyfqimV.exe
  C:\Windows\System\CyfqimV.exe
  2⤵
  PID:7652
- C:\Windows\System\mjMlorr.exe
  C:\Windows\System\mjMlorr.exe
  2⤵
  PID:7596
- C:\Windows\System\GauURUl.exe
  C:\Windows\System\GauURUl.exe
  2⤵
  PID:7704
- C:\Windows\System\MMmIUYC.exe
  C:\Windows\System\MMmIUYC.exe
  2⤵
  PID:7636
- C:\Windows\System\tKyWpgc.exe
  C:\Windows\System\tKyWpgc.exe
  2⤵
  PID:7776
- C:\Windows\System\QErFmQU.exe
  C:\Windows\System\QErFmQU.exe
  2⤵
  PID:7816
- C:\Windows\System\hyfACoM.exe
  C:\Windows\System\hyfACoM.exe
  2⤵
  PID:7716
- C:\Windows\System\ZkDKRmb.exe
  C:\Windows\System\ZkDKRmb.exe
  2⤵
  PID:7760
- C:\Windows\System\KGDsNcx.exe
  C:\Windows\System\KGDsNcx.exe
  2⤵
  PID:7836
- C:\Windows\System\DNtDeFT.exe
  C:\Windows\System\DNtDeFT.exe
  2⤵
  PID:7972
- C:\Windows\System\MYkzugb.exe
  C:\Windows\System\MYkzugb.exe
  2⤵
  PID:7916
- C:\Windows\System\dSPZfMV.exe
  C:\Windows\System\dSPZfMV.exe
  2⤵
  PID:8176
- C:\Windows\System\VmCtSUU.exe
  C:\Windows\System\VmCtSUU.exe
  2⤵
  PID:6316
- C:\Windows\System\ZARbrwH.exe
  C:\Windows\System\ZARbrwH.exe
  2⤵
  PID:2704
- C:\Windows\System\gPsugaZ.exe
  C:\Windows\System\gPsugaZ.exe
  2⤵
  PID:8164
- C:\Windows\System\iHzYiZN.exe
  C:\Windows\System\iHzYiZN.exe
  2⤵
  PID:7004
- C:\Windows\System\BSQgjbs.exe
  C:\Windows\System\BSQgjbs.exe
  2⤵
  PID:6680
- C:\Windows\System\BVOQwHO.exe
  C:\Windows\System\BVOQwHO.exe
  2⤵
  PID:7288
- C:\Windows\System\phgUNid.exe
  C:\Windows\System\phgUNid.exe
  2⤵
  PID:7452
- C:\Windows\System\KkpyBzy.exe
  C:\Windows\System\KkpyBzy.exe
  2⤵
  PID:7304
- C:\Windows\System\hIjlhcr.exe
  C:\Windows\System\hIjlhcr.exe
  2⤵
  PID:6720
- C:\Windows\System\IISvMgk.exe
  C:\Windows\System\IISvMgk.exe
  2⤵
  PID:7616
- C:\Windows\System\HLLjpbm.exe
  C:\Windows\System\HLLjpbm.exe
  2⤵
  PID:7592
- C:\Windows\System\JqjOyCE.exe
  C:\Windows\System\JqjOyCE.exe
  2⤵
  PID:7632
- C:\Windows\System\EzLstqE.exe
  C:\Windows\System\EzLstqE.exe
  2⤵
  PID:7720
- C:\Windows\System\FkzZwSb.exe
  C:\Windows\System\FkzZwSb.exe
  2⤵
  PID:7316
- C:\Windows\System\FbCnFCi.exe
  C:\Windows\System\FbCnFCi.exe
  2⤵
  PID:7348
- C:\Windows\System\WxxEBhl.exe
  C:\Windows\System\WxxEBhl.exe
  2⤵
  PID:7556
- C:\Windows\System\BufijjC.exe
  C:\Windows\System\BufijjC.exe
  2⤵
  PID:7860
- C:\Windows\System\uIeFuLw.exe
  C:\Windows\System\uIeFuLw.exe
  2⤵
  PID:7800
- C:\Windows\System\WAqrAbo.exe
  C:\Windows\System\WAqrAbo.exe
  2⤵
  PID:4456
- C:\Windows\System\rlnyFVv.exe
  C:\Windows\System\rlnyFVv.exe
  2⤵
  PID:5828
- C:\Windows\System\ByYDyHz.exe
  C:\Windows\System\ByYDyHz.exe
  2⤵
  PID:7976
- C:\Windows\System\NHOkkNg.exe
  C:\Windows\System\NHOkkNg.exe
  2⤵
  PID:2304
- C:\Windows\System\yyCcEom.exe
  C:\Windows\System\yyCcEom.exe
  2⤵
  PID:8120
- C:\Windows\System\OEMwkwD.exe
  C:\Windows\System\OEMwkwD.exe
  2⤵
  PID:7204
- C:\Windows\System\iwVZpwG.exe
  C:\Windows\System\iwVZpwG.exe
  2⤵
  PID:7424
- C:\Windows\System\JsUEYqp.exe
  C:\Windows\System\JsUEYqp.exe
  2⤵
  PID:2132
- C:\Windows\System\xoVTbio.exe
  C:\Windows\System\xoVTbio.exe
  2⤵
  PID:7908
- C:\Windows\System\qZRtPhZ.exe
  C:\Windows\System\qZRtPhZ.exe
  2⤵
  PID:7200
- C:\Windows\System\RoiEdow.exe
  C:\Windows\System\RoiEdow.exe
  2⤵
  PID:7440
- C:\Windows\System\CNMXweO.exe
  C:\Windows\System\CNMXweO.exe
  2⤵
  PID:7244
- C:\Windows\System\bGtQtyZ.exe
  C:\Windows\System\bGtQtyZ.exe
  2⤵
  PID:2664
- C:\Windows\System\dIazMls.exe
  C:\Windows\System\dIazMls.exe
  2⤵
  PID:1592
- C:\Windows\System\OVXanrZ.exe
  C:\Windows\System\OVXanrZ.exe
  2⤵
  PID:2904
- C:\Windows\System\nQjHJPK.exe
  C:\Windows\System\nQjHJPK.exe
  2⤵
  PID:796
- C:\Windows\System\lzwxiPJ.exe
  C:\Windows\System\lzwxiPJ.exe
  2⤵
  PID:7460
- C:\Windows\System\jcMIbyW.exe
  C:\Windows\System\jcMIbyW.exe
  2⤵
  PID:7684
- C:\Windows\System\PWdYFBR.exe
  C:\Windows\System\PWdYFBR.exe
  2⤵
  PID:7400
- C:\Windows\System\kyHPabh.exe
  C:\Windows\System\kyHPabh.exe
  2⤵
  PID:4296
- C:\Windows\System\qZEnemh.exe
  C:\Windows\System\qZEnemh.exe
  2⤵
  PID:1284
- C:\Windows\System\CAGQYoy.exe
  C:\Windows\System\CAGQYoy.exe
  2⤵
  PID:8052
- C:\Windows\System\esAHRfi.exe
  C:\Windows\System\esAHRfi.exe
  2⤵
  PID:7796
- C:\Windows\System\TtAgNQK.exe
  C:\Windows\System\TtAgNQK.exe
  2⤵
  PID:860
- C:\Windows\System\ihmbKNa.exe
  C:\Windows\System\ihmbKNa.exe
  2⤵
  PID:1760
- C:\Windows\System\oSCjLPQ.exe
  C:\Windows\System\oSCjLPQ.exe
  2⤵
  PID:8156
- C:\Windows\System\qnZSpfS.exe
  C:\Windows\System\qnZSpfS.exe
  2⤵
  PID:1496
- C:\Windows\System\FzBKLbM.exe
  C:\Windows\System\FzBKLbM.exe
  2⤵
  PID:2828
- C:\Windows\System\eKhUody.exe
  C:\Windows\System\eKhUody.exe
  2⤵
  PID:2832
- C:\Windows\System\Zoqosbm.exe
  C:\Windows\System\Zoqosbm.exe
  2⤵
  PID:7696
- C:\Windows\System\jbsKJrq.exe
  C:\Windows\System\jbsKJrq.exe
  2⤵
  PID:7892
- C:\Windows\System\PyAOsbV.exe
  C:\Windows\System\PyAOsbV.exe
  2⤵
  PID:8140
- C:\Windows\System\eSctnbt.exe
  C:\Windows\System\eSctnbt.exe
  2⤵
  PID:7368
- C:\Windows\System\jGnDNTy.exe
  C:\Windows\System\jGnDNTy.exe
  2⤵
  PID:7880
- C:\Windows\System\qZxDUUO.exe
  C:\Windows\System\qZxDUUO.exe
  2⤵
  PID:696
- C:\Windows\System\ogRxjfU.exe
  C:\Windows\System\ogRxjfU.exe
  2⤵
  PID:6456
- C:\Windows\System\UPLIHhL.exe
  C:\Windows\System\UPLIHhL.exe
  2⤵
  PID:6704
- C:\Windows\System\tVjAOmO.exe
  C:\Windows\System\tVjAOmO.exe
  2⤵
  PID:2452
- C:\Windows\System\uiKqJsJ.exe
  C:\Windows\System\uiKqJsJ.exe
  2⤵
  PID:8056
- C:\Windows\System\OeAljsf.exe
  C:\Windows\System\OeAljsf.exe
  2⤵
  PID:2596
- C:\Windows\System\LjJNFsN.exe
  C:\Windows\System\LjJNFsN.exe
  2⤵
  PID:2940
- C:\Windows\System\kYPtVVz.exe
  C:\Windows\System\kYPtVVz.exe
  2⤵
  PID:6400
- C:\Windows\System\ikHddWs.exe
  C:\Windows\System\ikHddWs.exe
  2⤵
  PID:1808
- C:\Windows\System\JmLwjFc.exe
  C:\Windows\System\JmLwjFc.exe
  2⤵
  PID:1056
- C:\Windows\System\bzYyGXT.exe
  C:\Windows\System\bzYyGXT.exe
  2⤵
  PID:1248
- C:\Windows\System\lNyDUtL.exe
  C:\Windows\System\lNyDUtL.exe
  2⤵
  PID:8104
- C:\Windows\System\AiRByFG.exe
  C:\Windows\System\AiRByFG.exe
  2⤵
  PID:1976
- C:\Windows\System\bnNISNS.exe
  C:\Windows\System\bnNISNS.exe
  2⤵
  PID:7872
- C:\Windows\System\BhcQTzg.exe
  C:\Windows\System\BhcQTzg.exe
  2⤵
  PID:7100
- C:\Windows\System\DeTPFqM.exe
  C:\Windows\System\DeTPFqM.exe
  2⤵
  PID:2772
- C:\Windows\System\bLclqAd.exe
  C:\Windows\System\bLclqAd.exe
  2⤵
  PID:8220
- C:\Windows\System\egKVRQx.exe
  C:\Windows\System\egKVRQx.exe
  2⤵
  PID:8264
- C:\Windows\System\xEYEoRD.exe
  C:\Windows\System\xEYEoRD.exe
  2⤵
  PID:8280
- C:\Windows\System\UHCQnlm.exe
  C:\Windows\System\UHCQnlm.exe
  2⤵
  PID:8296
- C:\Windows\System\uKIbrLj.exe
  C:\Windows\System\uKIbrLj.exe
  2⤵
  PID:8316
- C:\Windows\System\DYFAxmI.exe
  C:\Windows\System\DYFAxmI.exe
  2⤵
  PID:8336
- C:\Windows\System\hudZnZp.exe
  C:\Windows\System\hudZnZp.exe
  2⤵
  PID:8352
- C:\Windows\System\DwdaSbh.exe
  C:\Windows\System\DwdaSbh.exe
  2⤵
  PID:8368
- C:\Windows\System\VToORpr.exe
  C:\Windows\System\VToORpr.exe
  2⤵
  PID:8388
- C:\Windows\System\GOcxegq.exe
  C:\Windows\System\GOcxegq.exe
  2⤵
  PID:8404
- C:\Windows\System\PJBAOcM.exe
  C:\Windows\System\PJBAOcM.exe
  2⤵
  PID:8424
- C:\Windows\System\zAqwbCz.exe
  C:\Windows\System\zAqwbCz.exe
  2⤵
  PID:8444
- C:\Windows\System\MIWzolL.exe
  C:\Windows\System\MIWzolL.exe
  2⤵
  PID:8460
- C:\Windows\System\FUTeoNC.exe
  C:\Windows\System\FUTeoNC.exe
  2⤵
  PID:8480
- C:\Windows\System\vMnaeXW.exe
  C:\Windows\System\vMnaeXW.exe
  2⤵
  PID:8496
- C:\Windows\System\DvmnFho.exe
  C:\Windows\System\DvmnFho.exe
  2⤵
  PID:8520
- C:\Windows\System\OLRoIwU.exe
  C:\Windows\System\OLRoIwU.exe
  2⤵
  PID:8536
- C:\Windows\System\HIIzuTP.exe
  C:\Windows\System\HIIzuTP.exe
  2⤵
  PID:8552
- C:\Windows\System\mpeUNsP.exe
  C:\Windows\System\mpeUNsP.exe
  2⤵
  PID:8568
- C:\Windows\System\DIIWOuM.exe
  C:\Windows\System\DIIWOuM.exe
  2⤵
  PID:8584
- C:\Windows\System\qfFqMQH.exe
  C:\Windows\System\qfFqMQH.exe
  2⤵
  PID:8628
- C:\Windows\System\VUzUDNM.exe
  C:\Windows\System\VUzUDNM.exe
  2⤵
  PID:8664
- C:\Windows\System\guUXlQD.exe
  C:\Windows\System\guUXlQD.exe
  2⤵
  PID:8680
- C:\Windows\System\jffkmCF.exe
  C:\Windows\System\jffkmCF.exe
  2⤵
  PID:8696
- C:\Windows\System\VXHUmTU.exe
  C:\Windows\System\VXHUmTU.exe
  2⤵
  PID:8712
- C:\Windows\System\YqVVZLk.exe
  C:\Windows\System\YqVVZLk.exe
  2⤵
  PID:8744
- C:\Windows\System\NZFtiei.exe
  C:\Windows\System\NZFtiei.exe
  2⤵
  PID:8760
- C:\Windows\System\BsGMIEs.exe
  C:\Windows\System\BsGMIEs.exe
  2⤵
  PID:8776
- C:\Windows\System\zmwCIGy.exe
  C:\Windows\System\zmwCIGy.exe
  2⤵
  PID:8792
- C:\Windows\System\hrQjdBu.exe
  C:\Windows\System\hrQjdBu.exe
  2⤵
  PID:8808
- C:\Windows\System\YwYEacx.exe
  C:\Windows\System\YwYEacx.exe
  2⤵
  PID:8824
- C:\Windows\System\ESUeHlP.exe
  C:\Windows\System\ESUeHlP.exe
  2⤵
  PID:8840
- C:\Windows\System\rlkDLFe.exe
  C:\Windows\System\rlkDLFe.exe
  2⤵
  PID:8856
- C:\Windows\System\qSIrWaH.exe
  C:\Windows\System\qSIrWaH.exe
  2⤵
  PID:8896
- C:\Windows\System\QKWwPAD.exe
  C:\Windows\System\QKWwPAD.exe
  2⤵
  PID:8916
- C:\Windows\System\fWHDOVy.exe
  C:\Windows\System\fWHDOVy.exe
  2⤵
  PID:8932
- C:\Windows\System\GpRfnai.exe
  C:\Windows\System\GpRfnai.exe
  2⤵
  PID:8948
- C:\Windows\System\lraJJhG.exe
  C:\Windows\System\lraJJhG.exe
  2⤵
  PID:8964
- C:\Windows\System\gQJxecz.exe
  C:\Windows\System\gQJxecz.exe
  2⤵
  PID:8980
- C:\Windows\System\oVfnjPs.exe
  C:\Windows\System\oVfnjPs.exe
  2⤵
  PID:8996
- C:\Windows\System\XvEiyLK.exe
  C:\Windows\System\XvEiyLK.exe
  2⤵
  PID:9012
- C:\Windows\System\hcRfChn.exe
  C:\Windows\System\hcRfChn.exe
  2⤵
  PID:9028
- C:\Windows\System\LfRnXAt.exe
  C:\Windows\System\LfRnXAt.exe
  2⤵
  PID:9044
- C:\Windows\System\jQEsTRi.exe
  C:\Windows\System\jQEsTRi.exe
  2⤵
  PID:9060
- C:\Windows\System\raUjMUh.exe
  C:\Windows\System\raUjMUh.exe
  2⤵
  PID:9076
- C:\Windows\System\LxyqDSt.exe
  C:\Windows\System\LxyqDSt.exe
  2⤵
  PID:9092
- C:\Windows\System\GVFSZaX.exe
  C:\Windows\System\GVFSZaX.exe
  2⤵
  PID:9108
- C:\Windows\System\TgSXLIc.exe
  C:\Windows\System\TgSXLIc.exe
  2⤵
  PID:9124
- C:\Windows\System\agsMFIH.exe
  C:\Windows\System\agsMFIH.exe
  2⤵
  PID:9140
- C:\Windows\System\PXUQnai.exe
  C:\Windows\System\PXUQnai.exe
  2⤵
  PID:9156
- C:\Windows\System\OMhkrYw.exe
  C:\Windows\System\OMhkrYw.exe
  2⤵
  PID:9172
- C:\Windows\System\VMejBsI.exe
  C:\Windows\System\VMejBsI.exe
  2⤵
  PID:9188
- C:\Windows\System\traRcvm.exe
  C:\Windows\System\traRcvm.exe
  2⤵
  PID:9204
- C:\Windows\System\LYVJlRe.exe
  C:\Windows\System\LYVJlRe.exe
  2⤵
  PID:1700
- C:\Windows\System\fhVJpYX.exe
  C:\Windows\System\fhVJpYX.exe
  2⤵
  PID:2392
- C:\Windows\System\HjAEDNm.exe
  C:\Windows\System\HjAEDNm.exe
  2⤵
  PID:7364
- C:\Windows\System\eTczziK.exe
  C:\Windows\System\eTczziK.exe
  2⤵
  PID:6388
- C:\Windows\System\uigXRKG.exe
  C:\Windows\System\uigXRKG.exe
  2⤵
  PID:7936
- C:\Windows\System\ONVlQPS.exe
  C:\Windows\System\ONVlQPS.exe
  2⤵
  PID:7700
- C:\Windows\System\KZXDOpp.exe
  C:\Windows\System\KZXDOpp.exe
  2⤵
  PID:1304
- C:\Windows\System\OMvYRdi.exe
  C:\Windows\System\OMvYRdi.exe
  2⤵
  PID:8236
- C:\Windows\System\ZFWqcvj.exe
  C:\Windows\System\ZFWqcvj.exe
  2⤵
  PID:8436
- C:\Windows\System\vcYUOHs.exe
  C:\Windows\System\vcYUOHs.exe
  2⤵
  PID:8472
- C:\Windows\System\EgXKaxK.exe
  C:\Windows\System\EgXKaxK.exe
  2⤵
  PID:8508
- C:\Windows\System\AMtQgfC.exe
  C:\Windows\System\AMtQgfC.exe
  2⤵
  PID:8576
- C:\Windows\System\lUNxPxe.exe
  C:\Windows\System\lUNxPxe.exe
  2⤵
  PID:8528
- C:\Windows\System\xGsykud.exe
  C:\Windows\System\xGsykud.exe
  2⤵
  PID:8532
- C:\Windows\System\oAaJgiS.exe
  C:\Windows\System\oAaJgiS.exe
  2⤵
  PID:8616
- C:\Windows\System\qyBjmyv.exe
  C:\Windows\System\qyBjmyv.exe
  2⤵
  PID:8640
- C:\Windows\System\rcNWkSU.exe
  C:\Windows\System\rcNWkSU.exe
  2⤵
  PID:8648
- C:\Windows\System\oWRKkSt.exe
  C:\Windows\System\oWRKkSt.exe
  2⤵
  PID:8704
- C:\Windows\System\EVMbgyF.exe
  C:\Windows\System\EVMbgyF.exe
  2⤵
  PID:8692
- C:\Windows\System\CiDAyaU.exe
  C:\Windows\System\CiDAyaU.exe
  2⤵
  PID:8720
- C:\Windows\System\Rivktpt.exe
  C:\Windows\System\Rivktpt.exe
  2⤵
  PID:8732
- C:\Windows\System\cGZxKAZ.exe
  C:\Windows\System\cGZxKAZ.exe
  2⤵
  PID:8864
- C:\Windows\System\eglYZOS.exe
  C:\Windows\System\eglYZOS.exe
  2⤵
  PID:8788
- C:\Windows\System\pUBzykA.exe
  C:\Windows\System\pUBzykA.exe
  2⤵
  PID:1072
- C:\Windows\System\pLeFBgn.exe
  C:\Windows\System\pLeFBgn.exe
  2⤵
  PID:8876
- C:\Windows\System\uBPwomN.exe
  C:\Windows\System\uBPwomN.exe
  2⤵
  PID:8924
- C:\Windows\System\LYaZvYk.exe
  C:\Windows\System\LYaZvYk.exe
  2⤵
  PID:8912
- C:\Windows\System\EoqaEjf.exe
  C:\Windows\System\EoqaEjf.exe
  2⤵
  PID:9052
- C:\Windows\System\ksFNTwc.exe
  C:\Windows\System\ksFNTwc.exe
  2⤵
  PID:9116
- C:\Windows\System\uMmYwtQ.exe
  C:\Windows\System\uMmYwtQ.exe
  2⤵
  PID:9184
- C:\Windows\System\uNHWNwS.exe
  C:\Windows\System\uNHWNwS.exe
  2⤵
  PID:8112
- C:\Windows\System\QbRXEHt.exe
  C:\Windows\System\QbRXEHt.exe
  2⤵
  PID:8940
- C:\Windows\System\kULIFxu.exe
  C:\Windows\System\kULIFxu.exe
  2⤵
  PID:9068
- C:\Windows\System\lVOPeJM.exe
  C:\Windows\System\lVOPeJM.exe
  2⤵
  PID:9040
- C:\Windows\System\AUCMrZg.exe
  C:\Windows\System\AUCMrZg.exe
  2⤵
  PID:9136
- C:\Windows\System\FFFkBbI.exe
  C:\Windows\System\FFFkBbI.exe
  2⤵
  PID:9200
- C:\Windows\System\QMyOXrb.exe
  C:\Windows\System\QMyOXrb.exe
  2⤵
  PID:8200
- C:\Windows\System\cHfblbu.exe
  C:\Windows\System\cHfblbu.exe
  2⤵
  PID:8364
- C:\Windows\System\wddskKm.exe
  C:\Windows\System\wddskKm.exe
  2⤵
  PID:8400
- C:\Windows\System\tZMoNMw.exe
  C:\Windows\System\tZMoNMw.exe
  2⤵
  PID:8276
- C:\Windows\System\IVmrnPx.exe
  C:\Windows\System\IVmrnPx.exe
  2⤵
  PID:8452
- C:\Windows\System\epfNVwd.exe
  C:\Windows\System\epfNVwd.exe
  2⤵
  PID:8380
- C:\Windows\System\FQdwFtP.exe
  C:\Windows\System\FQdwFtP.exe
  2⤵
  PID:8420
- C:\Windows\System\bMMFkib.exe
  C:\Windows\System\bMMFkib.exe
  2⤵
  PID:8600
- C:\Windows\System\COpSRhW.exe
  C:\Windows\System\COpSRhW.exe
  2⤵
  PID:8416
- C:\Windows\System\WSFaHoU.exe
  C:\Windows\System\WSFaHoU.exe
  2⤵
  PID:8672
- C:\Windows\System\ianpPqX.exe
  C:\Windows\System\ianpPqX.exe
  2⤵
  PID:8820
- C:\Windows\System\Rolpuwv.exe
  C:\Windows\System\Rolpuwv.exe
  2⤵
  PID:8608
- C:\Windows\System\CdYrXEJ.exe
  C:\Windows\System\CdYrXEJ.exe
  2⤵
  PID:8800
- C:\Windows\System\BBndGoi.exe
  C:\Windows\System\BBndGoi.exe
  2⤵
  PID:8908
- C:\Windows\System\fFogMAw.exe
  C:\Windows\System\fFogMAw.exe
  2⤵
  PID:2092
- C:\Windows\System\tSLShtF.exe
  C:\Windows\System\tSLShtF.exe
  2⤵
  PID:8988
- C:\Windows\System\jDMbtyf.exe
  C:\Windows\System\jDMbtyf.exe
  2⤵
  PID:2276
- C:\Windows\System\xMGDrYj.exe
  C:\Windows\System\xMGDrYj.exe
  2⤵
  PID:9020
- C:\Windows\System\MMxnzTQ.exe
  C:\Windows\System\MMxnzTQ.exe
  2⤵
  PID:9152
- C:\Windows\System\VaEGkYh.exe
  C:\Windows\System\VaEGkYh.exe
  2⤵
  PID:9036
- C:\Windows\System\eoxrtaA.exe
  C:\Windows\System\eoxrtaA.exe
  2⤵
  PID:9100
- C:\Windows\System\wlsdwtr.exe
  C:\Windows\System\wlsdwtr.exe
  2⤵
  PID:8976
- C:\Windows\System\jReveMe.exe
  C:\Windows\System\jReveMe.exe
  2⤵
  PID:2716
- C:\Windows\System\qXQWQau.exe
  C:\Windows\System\qXQWQau.exe
  2⤵
  PID:8516
- C:\Windows\System\JDzZSdx.exe
  C:\Windows\System\JDzZSdx.exe
  2⤵
  PID:8328
- C:\Windows\System\QQhJloL.exe
  C:\Windows\System\QQhJloL.exe
  2⤵
  PID:8548
- C:\Windows\System\egtljaC.exe
  C:\Windows\System\egtljaC.exe
  2⤵
  PID:8440
- C:\Windows\System\impngjp.exe
  C:\Windows\System\impngjp.exe
  2⤵
  PID:8488
- C:\Windows\System\cuIaqZc.exe
  C:\Windows\System\cuIaqZc.exe
  2⤵
  PID:8492
- C:\Windows\System\BqFgxXW.exe
  C:\Windows\System\BqFgxXW.exe
  2⤵
  PID:8652
- C:\Windows\System\PyaIqHR.exe
  C:\Windows\System\PyaIqHR.exe
  2⤵
  PID:8904
- C:\Windows\System\WBjiUrX.exe
  C:\Windows\System\WBjiUrX.exe
  2⤵
  PID:9168
- C:\Windows\System\dDDtDCR.exe
  C:\Windows\System\dDDtDCR.exe
  2⤵
  PID:8892
- C:\Windows\System\ALXxcSw.exe
  C:\Windows\System\ALXxcSw.exe
  2⤵
  PID:8884
- C:\Windows\System\yUQyoNt.exe
  C:\Windows\System\yUQyoNt.exe
  2⤵
  PID:7772
- C:\Windows\System\JgdShdW.exe
  C:\Windows\System\JgdShdW.exe
  2⤵
  PID:8228
- C:\Windows\System\AHshPKD.exe
  C:\Windows\System\AHshPKD.exe
  2⤵
  PID:8292
- C:\Windows\System\AourWzp.exe
  C:\Windows\System\AourWzp.exe
  2⤵
  PID:8324
- C:\Windows\System\tONqZmM.exe
  C:\Windows\System\tONqZmM.exe
  2⤵
  PID:8596
- C:\Windows\System\SlkTHDP.exe
  C:\Windows\System\SlkTHDP.exe
  2⤵
  PID:8308
- C:\Windows\System\GRcacmr.exe
  C:\Windows\System\GRcacmr.exe
  2⤵
  PID:8468
- C:\Windows\System\FpiEXFB.exe
  C:\Windows\System\FpiEXFB.exe
  2⤵
  PID:8612
- C:\Windows\System\KzdsuiE.exe
  C:\Windows\System\KzdsuiE.exe
  2⤵
  PID:8852
- C:\Windows\System\HMRzhEB.exe
  C:\Windows\System\HMRzhEB.exe
  2⤵
  PID:8184
- C:\Windows\System\mHiUKsm.exe
  C:\Windows\System\mHiUKsm.exe
  2⤵
  PID:8868
- C:\Windows\System\iPBmCUS.exe
  C:\Windows\System\iPBmCUS.exe
  2⤵
  PID:8836
- C:\Windows\System\lHgUtqg.exe
  C:\Windows\System\lHgUtqg.exe
  2⤵
  PID:7780
- C:\Windows\System\HxDXCNx.exe
  C:\Windows\System\HxDXCNx.exe
  2⤵
  PID:9148
- C:\Windows\System\HUOBAWy.exe
  C:\Windows\System\HUOBAWy.exe
  2⤵
  PID:8832
- C:\Windows\System\KfbobZk.exe
  C:\Windows\System\KfbobZk.exe
  2⤵
  PID:8048
- C:\Windows\System\HRraTai.exe
  C:\Windows\System\HRraTai.exe
  2⤵
  PID:8344
- C:\Windows\System\AVKpDtH.exe
  C:\Windows\System\AVKpDtH.exe
  2⤵
  PID:9220
- C:\Windows\System\EhlsIxf.exe
  C:\Windows\System\EhlsIxf.exe
  2⤵
  PID:9236
- C:\Windows\System\PcPhvJR.exe
  C:\Windows\System\PcPhvJR.exe
  2⤵
  PID:9252
- C:\Windows\System\TxvHIoz.exe
  C:\Windows\System\TxvHIoz.exe
  2⤵
  PID:9268
- C:\Windows\System\SFpYOUC.exe
  C:\Windows\System\SFpYOUC.exe
  2⤵
  PID:9284
- C:\Windows\System\bBGSdMB.exe
  C:\Windows\System\bBGSdMB.exe
  2⤵
  PID:9316
- C:\Windows\System\SywldUz.exe
  C:\Windows\System\SywldUz.exe
  2⤵
  PID:9416
- C:\Windows\System\OhShcah.exe
  C:\Windows\System\OhShcah.exe
  2⤵
  PID:9436
- C:\Windows\System\xBfiQyd.exe
  C:\Windows\System\xBfiQyd.exe
  2⤵
  PID:9512
- C:\Windows\System\PzFOpvz.exe
  C:\Windows\System\PzFOpvz.exe
  2⤵
  PID:9552
- C:\Windows\System\ECPpsei.exe
  C:\Windows\System\ECPpsei.exe
  2⤵
  PID:9568
- C:\Windows\System\GFKEWyt.exe
  C:\Windows\System\GFKEWyt.exe
  2⤵
  PID:9592
- C:\Windows\System\ZjMxrpm.exe
  C:\Windows\System\ZjMxrpm.exe
  2⤵
  PID:9620
- C:\Windows\System\SgxRdTW.exe
  C:\Windows\System\SgxRdTW.exe
  2⤵
  PID:9652
- C:\Windows\System\bZGxbSW.exe
  C:\Windows\System\bZGxbSW.exe
  2⤵
  PID:9676
- C:\Windows\System\RsEjXvw.exe
  C:\Windows\System\RsEjXvw.exe
  2⤵
  PID:9696
- C:\Windows\System\GlbZzWX.exe
  C:\Windows\System\GlbZzWX.exe
  2⤵
  PID:9716
- C:\Windows\System\CuogXQv.exe
  C:\Windows\System\CuogXQv.exe
  2⤵
  PID:9740
- C:\Windows\System\lNtmdDj.exe
  C:\Windows\System\lNtmdDj.exe
  2⤵
  PID:9760
- C:\Windows\System\TWDKtqu.exe
  C:\Windows\System\TWDKtqu.exe
  2⤵
  PID:9776
- C:\Windows\System\fDxZaRO.exe
  C:\Windows\System\fDxZaRO.exe
  2⤵
  PID:9800
- C:\Windows\System\JxlLtot.exe
  C:\Windows\System\JxlLtot.exe
  2⤵
  PID:9820
- C:\Windows\System\QylgQdo.exe
  C:\Windows\System\QylgQdo.exe
  2⤵
  PID:9840
- C:\Windows\System\cLGqxKJ.exe
  C:\Windows\System\cLGqxKJ.exe
  2⤵
  PID:9860
- C:\Windows\System\RAQphem.exe
  C:\Windows\System\RAQphem.exe
  2⤵
  PID:9880
- C:\Windows\System\bSIRwpX.exe
  C:\Windows\System\bSIRwpX.exe
  2⤵
  PID:9900
- C:\Windows\System\zwMoSmm.exe
  C:\Windows\System\zwMoSmm.exe
  2⤵
  PID:9920
- C:\Windows\System\vrnZDvr.exe
  C:\Windows\System\vrnZDvr.exe
  2⤵
  PID:9936
- C:\Windows\System\iYTLWFo.exe
  C:\Windows\System\iYTLWFo.exe
  2⤵
  PID:9952
- C:\Windows\System\fEyqHXB.exe
  C:\Windows\System\fEyqHXB.exe
  2⤵
  PID:9968
- C:\Windows\System\TpMQuDx.exe
  C:\Windows\System\TpMQuDx.exe
  2⤵
  PID:9984
- C:\Windows\System\abNELNO.exe
  C:\Windows\System\abNELNO.exe
  2⤵
  PID:10000
- C:\Windows\System\SEvfPkG.exe
  C:\Windows\System\SEvfPkG.exe
  2⤵
  PID:10020
- C:\Windows\System\mThABQN.exe
  C:\Windows\System\mThABQN.exe
  2⤵
  PID:10040
- C:\Windows\System\UXfDOwU.exe
  C:\Windows\System\UXfDOwU.exe
  2⤵
  PID:10064
- C:\Windows\System\HZIbYtf.exe
  C:\Windows\System\HZIbYtf.exe
  2⤵
  PID:10080
- C:\Windows\System\qSVYRVU.exe
  C:\Windows\System\qSVYRVU.exe
  2⤵
  PID:10096
- C:\Windows\System\FlVVevp.exe
  C:\Windows\System\FlVVevp.exe
  2⤵
  PID:10120
- C:\Windows\System\agpmBua.exe
  C:\Windows\System\agpmBua.exe
  2⤵
  PID:10144
- C:\Windows\System\uOWpKrK.exe
  C:\Windows\System\uOWpKrK.exe
  2⤵
  PID:10160
- C:\Windows\System\lnbjsax.exe
  C:\Windows\System\lnbjsax.exe
  2⤵
  PID:10176
- C:\Windows\System\NjQvZKN.exe
  C:\Windows\System\NjQvZKN.exe
  2⤵
  PID:10192
- C:\Windows\System\enoylGO.exe
  C:\Windows\System\enoylGO.exe
  2⤵
  PID:10212
- C:\Windows\System\yppQBCW.exe
  C:\Windows\System\yppQBCW.exe
  2⤵
  PID:10228
- C:\Windows\System\COjlieD.exe
  C:\Windows\System\COjlieD.exe
  2⤵
  PID:8848
- C:\Windows\System\GuKBNKS.exe
  C:\Windows\System\GuKBNKS.exe
  2⤵
  PID:9232
- C:\Windows\System\LhCaGpx.exe
  C:\Windows\System\LhCaGpx.exe
  2⤵
  PID:9280
- C:\Windows\System\sbwkCla.exe
  C:\Windows\System\sbwkCla.exe
  2⤵
  PID:9300
- C:\Windows\System\LFWSsBg.exe
  C:\Windows\System\LFWSsBg.exe
  2⤵
  PID:9332
- C:\Windows\System\rgLgkAj.exe
  C:\Windows\System\rgLgkAj.exe
  2⤵
  PID:9356
- C:\Windows\System\zHoNSib.exe
  C:\Windows\System\zHoNSib.exe
  2⤵
  PID:9376
- C:\Windows\System\qUwTCos.exe
  C:\Windows\System\qUwTCos.exe
  2⤵
  PID:1008
- C:\Windows\System\wpkKttW.exe
  C:\Windows\System\wpkKttW.exe
  2⤵
  PID:9412
- C:\Windows\System\RBSzuSB.exe
  C:\Windows\System\RBSzuSB.exe
  2⤵
  PID:9444
- C:\Windows\System\NfUikpR.exe
  C:\Windows\System\NfUikpR.exe
  2⤵
  PID:9492
- C:\Windows\System\DbkCUKL.exe
  C:\Windows\System\DbkCUKL.exe
  2⤵
  PID:9504
- C:\Windows\System\HrUpfGQ.exe
  C:\Windows\System\HrUpfGQ.exe
  2⤵
  PID:9528
- C:\Windows\System\JOYCdPg.exe
  C:\Windows\System\JOYCdPg.exe
  2⤵
  PID:9560
- C:\Windows\System\ZOsMIcd.exe
  C:\Windows\System\ZOsMIcd.exe
  2⤵
  PID:9580
- C:\Windows\System\XXVhksr.exe
  C:\Windows\System\XXVhksr.exe
  2⤵
  PID:9684
- C:\Windows\System\FgMTBZN.exe
  C:\Windows\System\FgMTBZN.exe
  2⤵
  PID:9712
- C:\Windows\System\KHMajLo.exe
  C:\Windows\System\KHMajLo.exe
  2⤵
  PID:9520
- C:\Windows\System\Iohvfpv.exe
  C:\Windows\System\Iohvfpv.exe
  2⤵
  PID:9756
- C:\Windows\System\LRdeNps.exe
  C:\Windows\System\LRdeNps.exe
  2⤵
  PID:9796
- C:\Windows\System\xHbOVLT.exe
  C:\Windows\System\xHbOVLT.exe
  2⤵
  PID:9816
- C:\Windows\System\oMCjFcG.exe
  C:\Windows\System\oMCjFcG.exe
  2⤵
  PID:9836
- C:\Windows\System\TddQWHj.exe
  C:\Windows\System\TddQWHj.exe
  2⤵
  PID:9852
- C:\Windows\System\TdRCGyN.exe
  C:\Windows\System\TdRCGyN.exe
  2⤵
  PID:9896
- C:\Windows\System\ItFrOKs.exe
  C:\Windows\System\ItFrOKs.exe
  2⤵
  PID:7180
- C:\Windows\System\UQFNbZs.exe
  C:\Windows\System\UQFNbZs.exe
  2⤵
  PID:9960
- C:\Windows\System\ygzbIJu.exe
  C:\Windows\System\ygzbIJu.exe
  2⤵
  PID:9992
- C:\Windows\System\FdzeinB.exe
  C:\Windows\System\FdzeinB.exe
  2⤵
  PID:10072
- C:\Windows\System\LFJDcVZ.exe
  C:\Windows\System\LFJDcVZ.exe
  2⤵
  PID:7184
- C:\Windows\System\PWfTPHI.exe
  C:\Windows\System\PWfTPHI.exe
  2⤵
  PID:10156
- C:\Windows\System\thYyiqw.exe
  C:\Windows\System\thYyiqw.exe
  2⤵
  PID:10224
- C:\Windows\System\LWIpDgu.exe
  C:\Windows\System\LWIpDgu.exe
  2⤵
  PID:1264
- C:\Windows\System\uYcrKVs.exe
  C:\Windows\System\uYcrKVs.exe
  2⤵
  PID:9304
- C:\Windows\System\iKMnrmL.exe
  C:\Windows\System\iKMnrmL.exe
  2⤵
  PID:9372
- C:\Windows\System\GvxYCzR.exe
  C:\Windows\System\GvxYCzR.exe
  2⤵
  PID:10060
- C:\Windows\System\UJVMkBP.exe
  C:\Windows\System\UJVMkBP.exe
  2⤵
  PID:9324
- C:\Windows\System\ZnpFdDY.exe
  C:\Windows\System\ZnpFdDY.exe
  2⤵
  PID:9364
- C:\Windows\System\ljQSuWA.exe
  C:\Windows\System\ljQSuWA.exe
  2⤵
  PID:9404
- C:\Windows\System\fimxFjN.exe
  C:\Windows\System\fimxFjN.exe
  2⤵
  PID:9532
- C:\Windows\System\sTLRrhs.exe
  C:\Windows\System\sTLRrhs.exe
  2⤵
  PID:9548
- C:\Windows\System\XxnVveJ.exe
  C:\Windows\System\XxnVveJ.exe
  2⤵
  PID:9584
- C:\Windows\System\hpNfxmC.exe
  C:\Windows\System\hpNfxmC.exe
  2⤵
  PID:9608
- C:\Windows\System\uOmvgsg.exe
  C:\Windows\System\uOmvgsg.exe
  2⤵
  PID:9636
- C:\Windows\System\PbQNjeR.exe
  C:\Windows\System\PbQNjeR.exe
  2⤵
  PID:9668
- C:\Windows\System\oGfkwMF.exe
  C:\Windows\System\oGfkwMF.exe
  2⤵
  PID:9704
- C:\Windows\System\pnRoaPY.exe
  C:\Windows\System\pnRoaPY.exe
  2⤵
  PID:9792
- C:\Windows\System\csIpaZn.exe
  C:\Windows\System\csIpaZn.exe
  2⤵
  PID:9664
- C:\Windows\System\iOzjFgI.exe
  C:\Windows\System\iOzjFgI.exe
  2⤵
  PID:9788
- C:\Windows\System\PbBFpOt.exe
  C:\Windows\System\PbBFpOt.exe
  2⤵
  PID:9876
- C:\Windows\System\qmrsCHf.exe
  C:\Windows\System\qmrsCHf.exe
  2⤵
  PID:10032
- C:\Windows\System\RSfNfvV.exe
  C:\Windows\System\RSfNfvV.exe
  2⤵
  PID:10104
- C:\Windows\System\urMYbay.exe
  C:\Windows\System\urMYbay.exe
  2⤵
  PID:10116
- C:\Windows\System\kThovXx.exe
  C:\Windows\System\kThovXx.exe
  2⤵
  PID:9344
- C:\Windows\System\CBPSjoy.exe
  C:\Windows\System\CBPSjoy.exe
  2⤵
  PID:10092
- C:\Windows\System\fiBfpym.exe
  C:\Windows\System\fiBfpym.exe
  2⤵
  PID:10052
- C:\Windows\System\rivYTDP.exe
  C:\Windows\System\rivYTDP.exe
  2⤵
  PID:10172
- C:\Windows\System\aEMrICi.exe
  C:\Windows\System\aEMrICi.exe
  2⤵
  PID:10208
- C:\Windows\System\PxCLqBK.exe
  C:\Windows\System\PxCLqBK.exe
  2⤵
  PID:9500
- C:\Windows\System\MYnAnRB.exe
  C:\Windows\System\MYnAnRB.exe
  2⤵
  PID:9912
- C:\Windows\System\cqPQVMC.exe
  C:\Windows\System\cqPQVMC.exe
  2⤵
  PID:9456
- C:\Windows\System\amsWsMZ.exe
  C:\Windows\System\amsWsMZ.exe
  2⤵
  PID:9748
- C:\Windows\System\XgxKKwJ.exe
  C:\Windows\System\XgxKKwJ.exe
  2⤵
  PID:9976
- C:\Windows\System\QfmyhEk.exe
  C:\Windows\System\QfmyhEk.exe
  2⤵
  PID:9724
- C:\Windows\System\OohdxHb.exe
  C:\Windows\System\OohdxHb.exe
  2⤵
  PID:8412
- C:\Windows\System\jgUVfKG.exe
  C:\Windows\System\jgUVfKG.exe
  2⤵
  PID:10016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FGSQuNS.exe

Filesize
6.0MB

MD5
505fa08815469198ae0b1cfafb729510

SHA1
d6e6764ef1c3854edf6d28b1661067f6b04090b2

SHA256
d665d7b1c908b2e2e7f9c8a2405e9bebd01dde087531e6461a803f2f6a7556ea

SHA512
963532a7bceeed710d49a5f9fbe10894a75f5a6c75d756d9cc1bc1c997664e13a748243094a1b121ad33bf9c897b54b89648cce5254eb68641520d038cb5deab

Download Submit
C:\Windows\system\IFQcKBS.exe

Filesize
6.0MB

MD5
78e96f230fe1f58acee17085ba0480d8

SHA1
8c498f5f08c6cc630097e5db52e9677450ed6164

SHA256
cc1aedbcec5fb80a18f7a657a2926ba3d195da76b0b732228e616d72e9458946

SHA512
ae09bd5f60c0d5e0e19b78edf3fd881396ed63cfe0ec91cbbba025896d41563cb09a328dfc808e338f5c02e82e33e66224bc69d854f595351a5f56bb5fc9f758

Download Submit
C:\Windows\system\NmrPdNy.exe

Filesize
6.0MB

MD5
92b1ede56795480ef6a95e392dc75340

SHA1
56e5cafb19fe0f5b02c83dcd015b83c318121fbb

SHA256
ad4b8089a5f5ec1ff3591f12d49b904e6fe8856e16605cd67fe2177137c1f35b

SHA512
98f3a48e68d6981d4c4ef92536e49ed0fc7d565c960bd46cf9d8741e24618aa6a7f3cc9670de058f34ec258a8582471ee6f82c2256f21c35cc7cbe88a1ff65ec

Download Submit
C:\Windows\system\QVLpfLl.exe

Filesize
6.0MB

MD5
c0c8beba9c38ccc8bd0c388c8b7e3ca0

SHA1
b1adb432657cccf2795fabc90384380bdf6192d3

SHA256
802aacf32bf278c00b073bddd93c2302aab3306dad131481083283fafceacb2a

SHA512
997610a59171e6f744074b589f9dc346b2a7d74b34d02a31dd7d46ed1ec81f04dc56a4cbe7ba3f10688b5dd2865cf0470347088d760ea0c157179f18775f0052

Download Submit
C:\Windows\system\QyXBHMl.exe

Filesize
6.0MB

MD5
3d31345879f0ef86916a43fb495720da

SHA1
e40ace3538aaa6ff91e5f8ea5bda7306006e4174

SHA256
0b1a852bbc3a7a731eb325858e05a4181482f3681005696b18857e113e5642c8

SHA512
6a713de362243d010dacdef2898e1376402e4d6979f38f0ccb871a2b494d6cb12d4d4133a960e09eb09d2a8eb5af8526707adef8e74928cf68640cda26279e03

Download Submit
C:\Windows\system\SNUwNQv.exe

Filesize
6.0MB

MD5
4cbd6afaea07824033d3f23a7c707a83

SHA1
f98672f3e15248e2c30ea812467284d9a2b4512b

SHA256
03500792768ff0c2b1e3d71d868938d7cf5eec9651355b31c02249f9d0b42a61

SHA512
60d0d03ff66f3ceabd69ecd0b6ff5fb99e1206eb25fbf1aea0a783dcab1d6bf69051882d83d29d436fb38c4442a789b92ea4b30b5960e3f83bfb9c1a23af306a

Download Submit
C:\Windows\system\TyQefOb.exe

Filesize
6.0MB

MD5
45e36d6f3ad7fa8959cd3206686e6e59

SHA1
0d6633ddefbd6eae9a78e4ac24e2a4fe4590f5f2

SHA256
3818c63875da682fb59d3cab56a8886f672c60d2ff3387138725edac96884310

SHA512
1590038cab446ae512107c0934c5d96522e5277a298faae269ea75a1ff3760338faf3a8c12ca9eb2acc2b52defb0410b2533409d8a9f9f042f597fb31573c15a

Download Submit
C:\Windows\system\UFfZRAk.exe

Filesize
6.0MB

MD5
54972c9db243d00c5c926b055d9ef906

SHA1
cd15773142fc32d2f6ed2cfba59bc1399dbb8af2

SHA256
bdfe886f3776bf991d6bb1c4664fc76285532df8712050e3f03f285d347ae39a

SHA512
65fdfa9ae36d2f67e5b40c1d4ab8f4b0088f732d69cdbfa3dbdc8d8d1bc95b7294b57d5d76872a750b5608de9e019b514316a94870b1b1b77be9455baed809e1

Download Submit
C:\Windows\system\YFfCdac.exe

Filesize
6.0MB

MD5
e9f1c2c34fb9c698c01e87b775a897f4

SHA1
dca99555f6dff09af19d29b268a4cad5c6e4ec70

SHA256
4b14007a568f053351b81a4131ef5225920f5ca006c988150c57588319be23c0

SHA512
ee512a3a534408659b4c351d11d0f7cecc822fa888bc9fecdaa88266ad677814768715c83f8399ae04c0be0c8c8d049af123bc435dd08604d5908be91244de0a

Download Submit
C:\Windows\system\YItXieb.exe

Filesize
6.0MB

MD5
114fea06d22201300c5026b24764919d

SHA1
3e9303d577400ea2f7c5d817aab013e8acd60b5a

SHA256
377377da430a1032962af36ec168d398c7898e4b789054409650ed3304421eb0

SHA512
1042331c94e9d60e6b224e9d96d6b08df44af133a5dd0de78224a5456c304aad151cbc5adda93574e55708e4e60c7d41454d7c9c1266dc99cdaf99d7be7c8042

Download Submit
C:\Windows\system\ZYesTVA.exe

Filesize
6.0MB

MD5
57d68f24c6b0d303df9f5ae11cca497d

SHA1
2c9fb9bf35a8eff9ebbee64efeeb1322d200783f

SHA256
63be37e6f10c638567db4b38b13b8007b5b9b1b5f11acafc15278d88e15b0a88

SHA512
561214637ec4ddd2d7aed9781b045bc73f96e5bf8b5f3a7ec804caaaf3d47c78ca4b643b1bd80443eea772621ca438177b5522d84eb6f61d9aefbb72c0afb596

Download Submit
C:\Windows\system\ZZdHuQD.exe

Filesize
6.0MB

MD5
2192fafb5d75c5e9d46a942693886e44

SHA1
4f25f22bf2fec70c54d9fc28c9b1ae4937262933

SHA256
27c85bc7184f412df6116f1737f6787683ac76cc05919d3b88490aa192e057b8

SHA512
93e3391e46f17694fc1bc3b9161a5294954f4b3cca4aa6ad0480b3730f3ac430303ac4a7aeb6146de2920b92786a7c102b670697f9071d191cf9ff501fc85b07

Download Submit
C:\Windows\system\dRrvWKV.exe

Filesize
6.0MB

MD5
957a7b43b7c85e8723bb31b9762f1c2b

SHA1
7b001203af0cb79a7dd9224ea26d01f1c4732850

SHA256
ed59672e62fdc2f1220231149831f2458fd02f20c388403188b2a4bfcfe2d28e

SHA512
d3666827d9a0d13ebcd8828f05180626c78b0cd9e717855c075b0c658bddbfb1490846717e803d6dc4ef669a8b5d3ebe5149693272d7a0cc22aa15295b93b5fb

Download Submit
C:\Windows\system\eLJWYsb.exe

Filesize
6.0MB

MD5
6b3003d2a021ea38d4509d80d918ed4f

SHA1
ded53c820e4bfc9b85489db44f56fb9a260b798c

SHA256
0e3a20d7cd724ee275b9ff113635d38de526ae5c04695b3830d0807dfc5774c5

SHA512
aaf2bc8ec4dcecf186da094648244db5fb53397c219a0c910a317033326b9b1da01adb5846dba818147241b41ff8817162ab4cce4a2394abb452b40a73a18ca5

Download Submit
C:\Windows\system\fjvPazu.exe

Filesize
6.0MB

MD5
7b020631e8e0cd60f802d674e94eb47e

SHA1
c5f0b114d6b0e92770c43cc7104cb14eea6b713a

SHA256
32f9040fe174b9921db612eb95bcecb695c8102ce4733bc58fff381ebd42bb8f

SHA512
2fbd9fb8454b752d910af05f2b79131e0eb7c442c71512821fecb6923da3191a511ee0643d9552449db8ef61111353972b80f48d405dc9a7f7d3da3b84ae2e81

Download Submit
C:\Windows\system\fybBgFO.exe

Filesize
6.0MB

MD5
d0e96f8b2102e12f101bc3b93bff8593

SHA1
b7495f4fe250a27aca96a544c90f8f2225380c5d

SHA256
d556ae6befcdd296ff2685aba4d3ce7ea2f937a5656c545dcebb31af7363e772

SHA512
0220900d606e84168d09ef799dd70021c916cdbd9ea55c9065389290c4ffd14b26e0d063e7c09a7125a81eed852b08e28b6beb79fbafa45b25064081c657da21

Download Submit
C:\Windows\system\iulKyBU.exe

Filesize
6.0MB

MD5
a2ec4faaff54777bc15db0a27ab93f06

SHA1
8b61f2a87c282ab5296628d6126db00e73a0d3bf

SHA256
4ac06bc04209953d8a768bb3030ea2a93d925afb401c21f261bcf58c73268d8b

SHA512
709d5797caad04e936c6af5c4f47e326751453356116808d4b67a8a68ddec3b8208136be89e7c6e1d11f60333db0a416934e52f85614d89b8af7336ff1b9202f

Download Submit
C:\Windows\system\jEyoFYC.exe

Filesize
6.0MB

MD5
3507c4e228d5fa62a4a8c1886edc8ad5

SHA1
43e99d06bcab1e3c24458d3aeb80840b4b45b1db

SHA256
499854bce9bb9081c0ec41e5a122fe85783ed3407a3982bc2ef460a9030a2645

SHA512
37a4f44925612fe143c603ef1e3820303565ccc9bc69e33afa66000e5f17964c15acdf8e003b37720d9fd692d2bd3b0cf8776045b2316a0c90a0f834b2c63043

Download Submit
C:\Windows\system\lIopSbw.exe

Filesize
6.0MB

MD5
51a9625506b2b4e5bd882bc5c5ac0f07

SHA1
a402de01e7655317741a25042a6e7bbb9496e002

SHA256
64f9980edb5360a20f2fdf05d4587a5598aabca2bfc4b3539610bf45b1bf9650

SHA512
eaa4ab6b4d654e628f2495fa16ae2284e6b5ebb269a274672308a6b9ee7746c654673b210da9f55e914b13b4c64616e194cf98598f0b0a4ad2bea694cf070cf5

Download Submit
C:\Windows\system\mdZTjbr.exe

Filesize
6.0MB

MD5
7ded0493989105753e0ed0d34356b51e

SHA1
75806b1955f19e3f33e49f495100b7b2f1892e47

SHA256
8af7c6ff16dbecb2b89baef42b7d84dd0066a96152ec721d2e2deb348926f51b

SHA512
a60ff343000989b803889d1e3c07cf297ed1e9c4bb2cabb8184dfc8892b04c0ee827f6595f6b0d1f18ddff7dd437fa19183b475096b2dd7bc9aeb607721bca92

Download Submit
C:\Windows\system\shqNaIu.exe

Filesize
6.0MB

MD5
4bcb832ab7a4af4b7dd27c61214972e2

SHA1
035b70f7594f7d6a5d2e8887fd346a7009e8f75a

SHA256
79c9d3db19b2c69bc71290c4d6e27b4d4d3ad0490c769015d38491141d151134

SHA512
0efc7627e26930bf77f26fe71dc87ae341734b6d09a937640fda13f9e3fb3362ce67743695041acb0b834a341275beff7e4e5a818e46bc31fc177178342452a4

Download Submit
C:\Windows\system\tauAiFJ.exe

Filesize
6.0MB

MD5
0d9361b8c74232fd0a21520cc430d7e7

SHA1
b636b05997789f5f104167ff08a6e49c66e0763e

SHA256
fc9236ed9fb38d4baade3dbbd6b76fb9403d295314911de7001a828cef8608ad

SHA512
345c1f9bc18f99061844ce5504f76a7ef471a39deeee7c5b695b317e187d7e273db1d15b73ceb104566dbc233a66f8eb649bc16bfc6892c4efad8cf434fb0139

Download Submit
C:\Windows\system\totHGrq.exe

Filesize
6.0MB

MD5
6971b593f820ce4ecda31d3dfd484997

SHA1
af2e7bd0321644e79ad6bd6c6095fa464fbebed8

SHA256
5900936bc4b91a37d3d76c04a56c0d4897abfa1c662c3b163cee7e1ef17aa9fe

SHA512
366eaf8721bb8676f13dbf19dea28a97c1ad17408195c2e704ff99e52c962e786b70f8a03810d84d9525fd6ea56d2c223848e9d4733089fc9374a207d1a42120

Download Submit
C:\Windows\system\xPzwszF.exe

Filesize
6.0MB

MD5
fb4be24f0db4c55943c8a76edaf80aa5

SHA1
6a85e62ac194bc233d3a3030200ac565c5be7582

SHA256
8f9fc63e359e05a827515816d062854d8ef9553cc8e57accf3f6e7bc154609dd

SHA512
771e260bad550d4f28af9d74755ab85bbd9034d192221e1655640d525f4eff2b7a531b829646d6176a903140500cca93b21059d8e37d1b0a28d61455163eb653

Download Submit
C:\Windows\system\yxpUxTU.exe

Filesize
6.0MB

MD5
acd0db8420fe2879bc72a6e150714112

SHA1
798f40ede7c841ae6693c971ea6d120b6ee4fee1

SHA256
ff7c7485e4fb787cc98978bbe65f6b2759dba343789954887f4b10a4c0eca774

SHA512
033cb7eec0091467f2d9c8af473ad5eeae4c5f0b924e643970e573e506169ee5b56fa3ba320a1472c0e33e8cbcf284ca05a51cbd10cc2975838edc8273e5dcef

Download Submit
\Windows\system\CbrAskc.exe

Filesize
6.0MB

MD5
4b1fe8500946d827fdc3fd2ec73609b5

SHA1
3742ba6156958a671294c5b2b9d1900950f589b6

SHA256
4ad5e5e4ebc1d9f7dae2f3e6940618059c72480bf7643e35b74c8d35a49a525a

SHA512
32c908b899f93da4065ce1be2c76e9e3fceac802c2e98d0a1790d98f13551a44ff0b1307d080da7fad178f51310c93b368c0c57be948856cf9633f8a66767014

Download Submit
\Windows\system\MuadurI.exe

Filesize
6.0MB

MD5
f3cf1d22e09b07c12dd8c2c4701dff86

SHA1
84903674c934ac5da304f2d7299a8537dba61acf

SHA256
51c4c1bff7493bb9eebfb77da706f8e347aaca44deb78fb0fdbd304eabc128b2

SHA512
19a5a97f236465140a1eb4aea234fc2c84f5a74657ec55bef91f9ad162bd19019b209b379d076eddfb177c94d8015e364085a773da77b071ff3ef6ae0510d761

Download Submit
\Windows\system\RAsYITI.exe

Filesize
6.0MB

MD5
ebb682163be8dafad31bcdd931100ead

SHA1
0b2907b16b495488bf30421b8e9fc4154d8c0e19

SHA256
7bb9d58d1ffb5721f5f9679597407d972109d80883844b47958da71318e34984

SHA512
9736bd9b04fed940c2cd191ba3827ea851109635d614ee323cc7ea51648d735ea88f183d6dab18bcbbe06fe8cbeaba1798a2046530d7fc36820f795e3789699a

Download Submit
\Windows\system\YcqfYbV.exe

Filesize
6.0MB

MD5
798253a5f88da6ee87dcd25c3d814a86

SHA1
e5f804dad53c272c25b9434ba02ad484835afbfa

SHA256
76aec34da2b20720bba32db91322d2a7581f3d87861d4de2475befe312a8586f

SHA512
5f0ddd2aae166adcc157e5c167e98b959bf26a1bc7c0922e0c13c4fce292d382f211d533c78b66fbbf8e79040e27765c980ecfe16dec02d7c86101984ac780d7

Download Submit
\Windows\system\nijFVOq.exe

Filesize
6.0MB

MD5
d4da894c5d95c7a276312ba62a008a03

SHA1
3f52ee2bbf64f163f9030c82e8e909562a7ec86f

SHA256
8ef698ac2ba70606258cad2872a761d8c4bf707324f580016493abea9f0616d5

SHA512
d9c89068a3079e5e729c869ee82112525d0acf5ab5143c6109d10ab8af9ce141fada2d3764fe25e72fe020185db44c9785e1e86af8273db44a566502ba26e8db

Download Submit
\Windows\system\oZweIsZ.exe

Filesize
6.0MB

MD5
98c412daceb12ab6184790b113bd529b

SHA1
c27076eab091c0a48f3cd35e7b8c3164b14a888c

SHA256
cdf1012242d5ba90ead054217c2c054ad7edf686d0e18047f65603eab924a7e0

SHA512
3bbb56103b61775f0136f504f74eb42178e6932bcd0aa29253e55929c1bc5657bf3a73e5ec07d8b964e5a67864b76dd09b5b679dbb3a04bf1a8f4e4fc4c6da32

Download Submit
\Windows\system\zITzSWq.exe

Filesize
6.0MB

MD5
34ebde585bc59f18e8323b73af8398ac

SHA1
08db288edf7371f28396a4fe0a56900b0026bc4e

SHA256
9199d42d29ce769281e75eb7be8901b510f08089e9eb61872c1c0d1c92392f9c

SHA512
38fe8f7aa7401aa906cef7246afc89166780067a60fa5049a404ad0086c128c537562120095b28c1e8a972ca3c10a0aaad30c39fe1cbd577bd4a50de0a7ea673

Download Submit
memory/1752-3587-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1752-39-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3589-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2316-55-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2324-30-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2324-3625-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2480-87-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2480-124-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2480-123-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1286-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2480-26-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2480-118-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1419-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2480-129-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2480-38-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2480-92-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2480-125-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2480-90-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2480-36-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-15-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-0-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2480-85-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2480-75-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1558-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1148-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1153-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1149-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2516-71-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3624-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-128-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3627-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2652-40-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3585-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2668-88-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3597-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2712-83-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3592-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3593-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2724-91-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3626-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-89-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3596-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2808-86-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2840-31-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3590-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3584-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2920-96-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3623-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/3012-112-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download