cobaltstrike | f3cf3f591cfa520faf15f3884e9736b0c4e2fe6b4a90cc2675cad790a7c843fa

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

83915d4675664ea1c78e6a7476308dbc
SHA1

377cfc304c57dad9fbcb19f31cac98c989d0be14
SHA256

f3cf3f591cfa520faf15f3884e9736b0c4e2fe6b4a90cc2675cad790a7c843fa
SHA512

966b0c9e437dc1d74f42f7c27118c2cf6e1810c7f95e313d0888258d586f576dd8822505a6a415951660fa1795f54238e57127f5cd83f204b9d7a57f68dbb403
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012244-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-5.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ea1-32.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d40-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9a-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da9-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d18-152.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017021-144.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc8-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb8-189.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019581-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-134.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017466-61.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d66-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc0-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2708-0-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x000c000000012244-3.dat	xmrig
behavioral1/files/0x0008000000016d4a-5.dat	xmrig
behavioral1/files/0x0007000000016ea1-32.dat	xmrig
behavioral1/files/0x00050000000195c0-62.dat	xmrig
behavioral1/files/0x0005000000019999-114.dat	xmrig
behavioral1/files/0x0005000000019d40-163.dat	xmrig
behavioral1/memory/2708-70-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c36-137.dat	xmrig
behavioral1/files/0x0005000000019c32-186.dat	xmrig
behavioral1/files/0x00050000000196ed-183.dat	xmrig
behavioral1/files/0x0005000000019f9a-180.dat	xmrig
behavioral1/files/0x0005000000019605-170.dat	xmrig
behavioral1/files/0x0005000000019da9-168.dat	xmrig
behavioral1/files/0x00050000000195fe-160.dat	xmrig
behavioral1/files/0x00050000000195fb-156.dat	xmrig
behavioral1/memory/2756-213-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/3024-212-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195f7-155.dat	xmrig
behavioral1/files/0x0005000000019d18-152.dat	xmrig
behavioral1/files/0x0008000000017021-144.dat	xmrig
behavioral1/files/0x0007000000016dc8-142.dat	xmrig
behavioral1/files/0x000500000001969b-124.dat	xmrig
behavioral1/files/0x0005000000019615-123.dat	xmrig
behavioral1/files/0x0005000000019603-122.dat	xmrig
behavioral1/files/0x00050000000195ff-121.dat	xmrig
behavioral1/files/0x00050000000195fd-120.dat	xmrig
behavioral1/files/0x00050000000195f9-119.dat	xmrig
behavioral1/files/0x0005000000019659-103.dat	xmrig
behavioral1/memory/2708-98-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2708-90-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/3000-89-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0005000000019601-86.dat	xmrig
behavioral1/files/0x0005000000019fb8-189.dat	xmrig
behavioral1/files/0x0006000000019581-49.dat	xmrig
behavioral1/memory/2312-42-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2708-26-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0005000000019db5-176.dat	xmrig
behavioral1/files/0x0005000000019c50-147.dat	xmrig
behavioral1/files/0x0005000000019c34-134.dat	xmrig
behavioral1/memory/2312-110-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2708-102-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/3024-65-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2756-64-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/1748-63-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x0008000000017466-61.dat	xmrig
behavioral1/memory/3060-46-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2708-38-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d66-37.dat	xmrig
behavioral1/memory/1128-36-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/3000-35-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dc0-31.dat	xmrig
behavioral1/memory/1748-21-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/3060-11-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/3060-3304-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2756-3292-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/1748-3294-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/3000-3293-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/1128-3291-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/3024-3296-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2312-3327-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3060	JOcQlZT.exe
1748	DSXJCXt.exe
3000	XtDXhID.exe
1128	UGFvUZU.exe
2312	EXrdGsN.exe
2756	xlUQEAi.exe
3024	GRZQgFu.exe
2888	giKlPen.exe
2656	VkacnaW.exe
2648	yhjYcoN.exe
2860	gTVQsIB.exe
1796	dAbdeHe.exe
2528	TFaUalD.exe
1956	lZgjeGU.exe
2932	gpasWuj.exe
2568	GTfBBGN.exe
2172	cNfPpkR.exe
1732	caxdGFX.exe
2852	WdwgMSy.exe
2760	JZnGSQa.exe
2988	IuUVIeL.exe
2684	nwspBqZ.exe
1104	GLOJlqp.exe
2704	AhXOpcE.exe
2800	acrUgeV.exe
448	stQvaXH.exe
1384	YoCHEpG.exe
1664	mUAiUzS.exe
1660	LxJGDDp.exe
1212	CUuezzl.exe
1944	lahKcgA.exe
2224	QLoTTUU.exe
1296	toJQTkm.exe
1484	ioviADW.exe
2104	hcYeRiC.exe
1160	JqZsgBY.exe
1708	NEVyMbI.exe
1904	pUbdPFq.exe
1724	xGvASLV.exe
2436	gbfTEar.exe
2244	wpuQqjF.exe
1036	woMyfGi.exe
2228	UIuQwNO.exe
1624	OgPQhBa.exe
1572	EhIOLYr.exe
2100	eAUXETm.exe
1736	vvMGGpa.exe
2168	jmAGlyV.exe
1576	XjsOViG.exe
2916	PzQSyiZ.exe
1248	UleJgmR.exe
2772	lFhCWrZ.exe
2140	FJZpZar.exe
2368	XJHCAYh.exe
2376	maypYOG.exe
1200	qHGZCbZ.exe
2900	SuWnVcn.exe
1368	CCcaVyf.exe
2868	XAmrFYp.exe
1976	rdzLgWT.exe
2824	uBDBZUX.exe
1340	wUDfMVf.exe
1564	YtnoUtX.exe
316	oJViaeE.exe

Loads dropped DLL 64 IoCs

pid	Process
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2708-0-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000c000000012244-3.dat	upx
behavioral1/files/0x0008000000016d4a-5.dat	upx
behavioral1/files/0x0007000000016ea1-32.dat	upx
behavioral1/files/0x00050000000195c0-62.dat	upx
behavioral1/files/0x0005000000019999-114.dat	upx
behavioral1/files/0x0005000000019d40-163.dat	upx
behavioral1/files/0x0005000000019c36-137.dat	upx
behavioral1/files/0x0005000000019c32-186.dat	upx
behavioral1/files/0x00050000000196ed-183.dat	upx
behavioral1/files/0x0005000000019f9a-180.dat	upx
behavioral1/files/0x0005000000019605-170.dat	upx
behavioral1/files/0x0005000000019da9-168.dat	upx
behavioral1/files/0x00050000000195fe-160.dat	upx
behavioral1/files/0x00050000000195fb-156.dat	upx
behavioral1/memory/2756-213-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/3024-212-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00050000000195f7-155.dat	upx
behavioral1/files/0x0005000000019d18-152.dat	upx
behavioral1/files/0x0008000000017021-144.dat	upx
behavioral1/files/0x0007000000016dc8-142.dat	upx
behavioral1/files/0x000500000001969b-124.dat	upx
behavioral1/files/0x0005000000019615-123.dat	upx
behavioral1/files/0x0005000000019603-122.dat	upx
behavioral1/files/0x00050000000195ff-121.dat	upx
behavioral1/files/0x00050000000195fd-120.dat	upx
behavioral1/files/0x00050000000195f9-119.dat	upx
behavioral1/files/0x0005000000019659-103.dat	upx
behavioral1/memory/3000-89-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0005000000019601-86.dat	upx
behavioral1/files/0x0005000000019fb8-189.dat	upx
behavioral1/files/0x0006000000019581-49.dat	upx
behavioral1/memory/2312-42-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0005000000019db5-176.dat	upx
behavioral1/files/0x0005000000019c50-147.dat	upx
behavioral1/files/0x0005000000019c34-134.dat	upx
behavioral1/memory/2312-110-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/3024-65-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2756-64-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/1748-63-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x0008000000017466-61.dat	upx
behavioral1/memory/3060-46-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2708-38-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0008000000016d66-37.dat	upx
behavioral1/memory/1128-36-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/3000-35-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0007000000016dc0-31.dat	upx
behavioral1/memory/1748-21-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/3060-11-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/3060-3304-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2756-3292-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/1748-3294-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/3000-3293-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/1128-3291-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/3024-3296-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2312-3327-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YtnoUtX.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijuUXbY.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AeCQPrf.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpXJIIj.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPoIlSi.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIMqbhc.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCLUxGt.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldzRaeK.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SufzYbO.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkZqWit.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiDCrEX.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlrluQQ.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNbzzZe.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRmdaNk.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCqlGuM.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEgSePQ.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwCsBJX.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdyWHRW.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obqRqYB.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxUmijU.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwqzYCQ.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFtgmkT.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmYSUew.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcFHCAr.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMcqrWj.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPJURuz.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYxSkPz.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFHpHFc.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SllKlTh.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzoTNrP.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMUZrPH.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLziMQt.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufmuUvG.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGvASLV.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJZpZar.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayiHKyk.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipZOXQq.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgZjigm.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOufzsU.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kroJkpH.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwXvCYm.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OztWOrO.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYpaHYV.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLLcPtZ.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYYXPXl.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBlVUFE.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxrsUVs.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqCdmUL.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHAIGRR.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\woMyfGi.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVjsjUX.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDTzfpP.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVfnoRA.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrMAdAk.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbZZdVS.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdwgMSy.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEHIDsu.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBfVJnT.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWtrKPK.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCuUZaE.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvvuRlV.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmBdJQn.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZkbbqk.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdLNANx.exe	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 3060	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2708 wrote to memory of 3060	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2708 wrote to memory of 3060	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2708 wrote to memory of 1748	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2708 wrote to memory of 1748	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2708 wrote to memory of 1748	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2708 wrote to memory of 2312	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2708 wrote to memory of 2312	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2708 wrote to memory of 2312	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2708 wrote to memory of 3000	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2708 wrote to memory of 3000	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2708 wrote to memory of 3000	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2708 wrote to memory of 2568	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2708 wrote to memory of 2568	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2708 wrote to memory of 2568	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2708 wrote to memory of 1128	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2708 wrote to memory of 1128	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2708 wrote to memory of 1128	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2708 wrote to memory of 2172	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2708 wrote to memory of 2172	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2708 wrote to memory of 2172	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2708 wrote to memory of 2756	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2708 wrote to memory of 2756	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2708 wrote to memory of 2756	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2708 wrote to memory of 2852	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2708 wrote to memory of 2852	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2708 wrote to memory of 2852	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2708 wrote to memory of 3024	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2708 wrote to memory of 3024	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2708 wrote to memory of 3024	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2708 wrote to memory of 2760	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2708 wrote to memory of 2760	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2708 wrote to memory of 2760	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2708 wrote to memory of 2888	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2708 wrote to memory of 2888	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2708 wrote to memory of 2888	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2708 wrote to memory of 2988	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2708 wrote to memory of 2988	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2708 wrote to memory of 2988	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2708 wrote to memory of 2656	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2708 wrote to memory of 2656	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2708 wrote to memory of 2656	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2708 wrote to memory of 2684	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2708 wrote to memory of 2684	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2708 wrote to memory of 2684	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2708 wrote to memory of 2648	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2708 wrote to memory of 2648	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2708 wrote to memory of 2648	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2708 wrote to memory of 2704	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2708 wrote to memory of 2704	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2708 wrote to memory of 2704	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2708 wrote to memory of 2860	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2708 wrote to memory of 2860	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2708 wrote to memory of 2860	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2708 wrote to memory of 2800	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2708 wrote to memory of 2800	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2708 wrote to memory of 2800	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2708 wrote to memory of 1796	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2708 wrote to memory of 1796	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2708 wrote to memory of 1796	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2708 wrote to memory of 1384	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2708 wrote to memory of 1384	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2708 wrote to memory of 1384	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2708 wrote to memory of 2528	2708	2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_83915d4675664ea1c78e6a7476308dbc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\System\JOcQlZT.exe
  C:\Windows\System\JOcQlZT.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\DSXJCXt.exe
  C:\Windows\System\DSXJCXt.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\EXrdGsN.exe
  C:\Windows\System\EXrdGsN.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\XtDXhID.exe
  C:\Windows\System\XtDXhID.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\GTfBBGN.exe
  C:\Windows\System\GTfBBGN.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\UGFvUZU.exe
  C:\Windows\System\UGFvUZU.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\cNfPpkR.exe
  C:\Windows\System\cNfPpkR.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\xlUQEAi.exe
  C:\Windows\System\xlUQEAi.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\WdwgMSy.exe
  C:\Windows\System\WdwgMSy.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\GRZQgFu.exe
  C:\Windows\System\GRZQgFu.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\JZnGSQa.exe
  C:\Windows\System\JZnGSQa.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\giKlPen.exe
  C:\Windows\System\giKlPen.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\IuUVIeL.exe
  C:\Windows\System\IuUVIeL.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\VkacnaW.exe
  C:\Windows\System\VkacnaW.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\nwspBqZ.exe
  C:\Windows\System\nwspBqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\yhjYcoN.exe
  C:\Windows\System\yhjYcoN.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\AhXOpcE.exe
  C:\Windows\System\AhXOpcE.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\gTVQsIB.exe
  C:\Windows\System\gTVQsIB.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\acrUgeV.exe
  C:\Windows\System\acrUgeV.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\dAbdeHe.exe
  C:\Windows\System\dAbdeHe.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\YoCHEpG.exe
  C:\Windows\System\YoCHEpG.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\TFaUalD.exe
  C:\Windows\System\TFaUalD.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\mUAiUzS.exe
  C:\Windows\System\mUAiUzS.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\lZgjeGU.exe
  C:\Windows\System\lZgjeGU.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\LxJGDDp.exe
  C:\Windows\System\LxJGDDp.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\gpasWuj.exe
  C:\Windows\System\gpasWuj.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\lahKcgA.exe
  C:\Windows\System\lahKcgA.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\caxdGFX.exe
  C:\Windows\System\caxdGFX.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\QLoTTUU.exe
  C:\Windows\System\QLoTTUU.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\GLOJlqp.exe
  C:\Windows\System\GLOJlqp.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\ioviADW.exe
  C:\Windows\System\ioviADW.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\stQvaXH.exe
  C:\Windows\System\stQvaXH.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\hcYeRiC.exe
  C:\Windows\System\hcYeRiC.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\CUuezzl.exe
  C:\Windows\System\CUuezzl.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\JqZsgBY.exe
  C:\Windows\System\JqZsgBY.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\toJQTkm.exe
  C:\Windows\System\toJQTkm.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\pUbdPFq.exe
  C:\Windows\System\pUbdPFq.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\NEVyMbI.exe
  C:\Windows\System\NEVyMbI.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\xGvASLV.exe
  C:\Windows\System\xGvASLV.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\gbfTEar.exe
  C:\Windows\System\gbfTEar.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\wpuQqjF.exe
  C:\Windows\System\wpuQqjF.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\woMyfGi.exe
  C:\Windows\System\woMyfGi.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\UIuQwNO.exe
  C:\Windows\System\UIuQwNO.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\vvMGGpa.exe
  C:\Windows\System\vvMGGpa.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\OgPQhBa.exe
  C:\Windows\System\OgPQhBa.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\jmAGlyV.exe
  C:\Windows\System\jmAGlyV.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\EhIOLYr.exe
  C:\Windows\System\EhIOLYr.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\XjsOViG.exe
  C:\Windows\System\XjsOViG.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\eAUXETm.exe
  C:\Windows\System\eAUXETm.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\PzQSyiZ.exe
  C:\Windows\System\PzQSyiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\UleJgmR.exe
  C:\Windows\System\UleJgmR.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\XJHCAYh.exe
  C:\Windows\System\XJHCAYh.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\lFhCWrZ.exe
  C:\Windows\System\lFhCWrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\uBDBZUX.exe
  C:\Windows\System\uBDBZUX.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\FJZpZar.exe
  C:\Windows\System\FJZpZar.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\wUDfMVf.exe
  C:\Windows\System\wUDfMVf.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\maypYOG.exe
  C:\Windows\System\maypYOG.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\YtnoUtX.exe
  C:\Windows\System\YtnoUtX.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\qHGZCbZ.exe
  C:\Windows\System\qHGZCbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\oJViaeE.exe
  C:\Windows\System\oJViaeE.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\SuWnVcn.exe
  C:\Windows\System\SuWnVcn.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\zYFsSFc.exe
  C:\Windows\System\zYFsSFc.exe
  2⤵
  PID:2600
- C:\Windows\System\CCcaVyf.exe
  C:\Windows\System\CCcaVyf.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\EegAMUD.exe
  C:\Windows\System\EegAMUD.exe
  2⤵
  PID:1700
- C:\Windows\System\XAmrFYp.exe
  C:\Windows\System\XAmrFYp.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ymaCjQs.exe
  C:\Windows\System\ymaCjQs.exe
  2⤵
  PID:2948
- C:\Windows\System\rdzLgWT.exe
  C:\Windows\System\rdzLgWT.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\RvNlEvk.exe
  C:\Windows\System\RvNlEvk.exe
  2⤵
  PID:2924
- C:\Windows\System\rNqATbo.exe
  C:\Windows\System\rNqATbo.exe
  2⤵
  PID:1044
- C:\Windows\System\rVfnoRA.exe
  C:\Windows\System\rVfnoRA.exe
  2⤵
  PID:1532
- C:\Windows\System\mZkbbqk.exe
  C:\Windows\System\mZkbbqk.exe
  2⤵
  PID:1964
- C:\Windows\System\daowFFg.exe
  C:\Windows\System\daowFFg.exe
  2⤵
  PID:2076
- C:\Windows\System\xscgxep.exe
  C:\Windows\System\xscgxep.exe
  2⤵
  PID:2292
- C:\Windows\System\TjUURsd.exe
  C:\Windows\System\TjUURsd.exe
  2⤵
  PID:1080
- C:\Windows\System\ZBQwImj.exe
  C:\Windows\System\ZBQwImj.exe
  2⤵
  PID:1776
- C:\Windows\System\bGeJLbg.exe
  C:\Windows\System\bGeJLbg.exe
  2⤵
  PID:1788
- C:\Windows\System\JuCHYYs.exe
  C:\Windows\System\JuCHYYs.exe
  2⤵
  PID:1640
- C:\Windows\System\QsIHgae.exe
  C:\Windows\System\QsIHgae.exe
  2⤵
  PID:1672
- C:\Windows\System\sfUgPfT.exe
  C:\Windows\System\sfUgPfT.exe
  2⤵
  PID:2676
- C:\Windows\System\OiShTGT.exe
  C:\Windows\System\OiShTGT.exe
  2⤵
  PID:2720
- C:\Windows\System\gsYdpID.exe
  C:\Windows\System\gsYdpID.exe
  2⤵
  PID:2680
- C:\Windows\System\Moixxjc.exe
  C:\Windows\System\Moixxjc.exe
  2⤵
  PID:2472
- C:\Windows\System\IQrAsMN.exe
  C:\Windows\System\IQrAsMN.exe
  2⤵
  PID:896
- C:\Windows\System\UEHIDsu.exe
  C:\Windows\System\UEHIDsu.exe
  2⤵
  PID:2476
- C:\Windows\System\oKJIcKL.exe
  C:\Windows\System\oKJIcKL.exe
  2⤵
  PID:2264
- C:\Windows\System\dJjICOd.exe
  C:\Windows\System\dJjICOd.exe
  2⤵
  PID:2788
- C:\Windows\System\MqpfUWE.exe
  C:\Windows\System\MqpfUWE.exe
  2⤵
  PID:2880
- C:\Windows\System\ejyCfAB.exe
  C:\Windows\System\ejyCfAB.exe
  2⤵
  PID:1628
- C:\Windows\System\NVYyDFK.exe
  C:\Windows\System\NVYyDFK.exe
  2⤵
  PID:1932
- C:\Windows\System\LEYRLoi.exe
  C:\Windows\System\LEYRLoi.exe
  2⤵
  PID:1136
- C:\Windows\System\oUXtGXe.exe
  C:\Windows\System\oUXtGXe.exe
  2⤵
  PID:2188
- C:\Windows\System\DMEiAAy.exe
  C:\Windows\System\DMEiAAy.exe
  2⤵
  PID:2408
- C:\Windows\System\SjfMvkC.exe
  C:\Windows\System\SjfMvkC.exe
  2⤵
  PID:1740
- C:\Windows\System\lwMhjIX.exe
  C:\Windows\System\lwMhjIX.exe
  2⤵
  PID:2348
- C:\Windows\System\yEOkDlh.exe
  C:\Windows\System\yEOkDlh.exe
  2⤵
  PID:1584
- C:\Windows\System\oLLcPtZ.exe
  C:\Windows\System\oLLcPtZ.exe
  2⤵
  PID:484
- C:\Windows\System\aYKfpmJ.exe
  C:\Windows\System\aYKfpmJ.exe
  2⤵
  PID:1908
- C:\Windows\System\FAlJuia.exe
  C:\Windows\System\FAlJuia.exe
  2⤵
  PID:2764
- C:\Windows\System\sDltDcI.exe
  C:\Windows\System\sDltDcI.exe
  2⤵
  PID:592
- C:\Windows\System\vZXHpyf.exe
  C:\Windows\System\vZXHpyf.exe
  2⤵
  PID:2404
- C:\Windows\System\PMEcBMl.exe
  C:\Windows\System\PMEcBMl.exe
  2⤵
  PID:1692
- C:\Windows\System\HeObPfV.exe
  C:\Windows\System\HeObPfV.exe
  2⤵
  PID:496
- C:\Windows\System\cOmrajv.exe
  C:\Windows\System\cOmrajv.exe
  2⤵
  PID:1244
- C:\Windows\System\pMkhvHO.exe
  C:\Windows\System\pMkhvHO.exe
  2⤵
  PID:2836
- C:\Windows\System\oMcviSC.exe
  C:\Windows\System\oMcviSC.exe
  2⤵
  PID:1224
- C:\Windows\System\UHWyzPE.exe
  C:\Windows\System\UHWyzPE.exe
  2⤵
  PID:1332
- C:\Windows\System\eyJWNRb.exe
  C:\Windows\System\eyJWNRb.exe
  2⤵
  PID:396
- C:\Windows\System\nwkdcwB.exe
  C:\Windows\System\nwkdcwB.exe
  2⤵
  PID:2416
- C:\Windows\System\zDdwGQh.exe
  C:\Windows\System\zDdwGQh.exe
  2⤵
  PID:1772
- C:\Windows\System\IijBgDE.exe
  C:\Windows\System\IijBgDE.exe
  2⤵
  PID:1856
- C:\Windows\System\AbrSxJJ.exe
  C:\Windows\System\AbrSxJJ.exe
  2⤵
  PID:2280
- C:\Windows\System\tjlEHOo.exe
  C:\Windows\System\tjlEHOo.exe
  2⤵
  PID:2344
- C:\Windows\System\lpsbBHm.exe
  C:\Windows\System\lpsbBHm.exe
  2⤵
  PID:2056
- C:\Windows\System\vQxxYGl.exe
  C:\Windows\System\vQxxYGl.exe
  2⤵
  PID:2144
- C:\Windows\System\upCbxUq.exe
  C:\Windows\System\upCbxUq.exe
  2⤵
  PID:2112
- C:\Windows\System\dcGbJtK.exe
  C:\Windows\System\dcGbJtK.exe
  2⤵
  PID:2524
- C:\Windows\System\kIuvOem.exe
  C:\Windows\System\kIuvOem.exe
  2⤵
  PID:1760
- C:\Windows\System\TLfCZNW.exe
  C:\Windows\System\TLfCZNW.exe
  2⤵
  PID:2424
- C:\Windows\System\cLHofLz.exe
  C:\Windows\System\cLHofLz.exe
  2⤵
  PID:2640
- C:\Windows\System\VdNQKUC.exe
  C:\Windows\System\VdNQKUC.exe
  2⤵
  PID:1684
- C:\Windows\System\ZDvtanB.exe
  C:\Windows\System\ZDvtanB.exe
  2⤵
  PID:2260
- C:\Windows\System\ZuDlwxH.exe
  C:\Windows\System\ZuDlwxH.exe
  2⤵
  PID:2072
- C:\Windows\System\LfnZjhu.exe
  C:\Windows\System\LfnZjhu.exe
  2⤵
  PID:2460
- C:\Windows\System\QHCJrrd.exe
  C:\Windows\System\QHCJrrd.exe
  2⤵
  PID:1728
- C:\Windows\System\MCqvdVJ.exe
  C:\Windows\System\MCqvdVJ.exe
  2⤵
  PID:2356
- C:\Windows\System\DOYzbJZ.exe
  C:\Windows\System\DOYzbJZ.exe
  2⤵
  PID:2884
- C:\Windows\System\gYiFcrD.exe
  C:\Windows\System\gYiFcrD.exe
  2⤵
  PID:1428
- C:\Windows\System\zyaGgpw.exe
  C:\Windows\System\zyaGgpw.exe
  2⤵
  PID:2912
- C:\Windows\System\iwYFJvJ.exe
  C:\Windows\System\iwYFJvJ.exe
  2⤵
  PID:1588
- C:\Windows\System\xOGTLrm.exe
  C:\Windows\System\xOGTLrm.exe
  2⤵
  PID:2928
- C:\Windows\System\mygyRms.exe
  C:\Windows\System\mygyRms.exe
  2⤵
  PID:756
- C:\Windows\System\aOnFiFa.exe
  C:\Windows\System\aOnFiFa.exe
  2⤵
  PID:468
- C:\Windows\System\LCyGHpP.exe
  C:\Windows\System\LCyGHpP.exe
  2⤵
  PID:1784
- C:\Windows\System\dOgqjsS.exe
  C:\Windows\System\dOgqjsS.exe
  2⤵
  PID:1860
- C:\Windows\System\qycpAPB.exe
  C:\Windows\System\qycpAPB.exe
  2⤵
  PID:1308
- C:\Windows\System\qLSUVbB.exe
  C:\Windows\System\qLSUVbB.exe
  2⤵
  PID:2236
- C:\Windows\System\JNqmUOI.exe
  C:\Windows\System\JNqmUOI.exe
  2⤵
  PID:2000
- C:\Windows\System\NMNIkgX.exe
  C:\Windows\System\NMNIkgX.exe
  2⤵
  PID:1280
- C:\Windows\System\qhBTYcM.exe
  C:\Windows\System\qhBTYcM.exe
  2⤵
  PID:2536
- C:\Windows\System\ogcfYLO.exe
  C:\Windows\System\ogcfYLO.exe
  2⤵
  PID:1756
- C:\Windows\System\mVYVnMJ.exe
  C:\Windows\System\mVYVnMJ.exe
  2⤵
  PID:668
- C:\Windows\System\OQxyIhL.exe
  C:\Windows\System\OQxyIhL.exe
  2⤵
  PID:980
- C:\Windows\System\wkjBVoa.exe
  C:\Windows\System\wkjBVoa.exe
  2⤵
  PID:648
- C:\Windows\System\ekWbnZZ.exe
  C:\Windows\System\ekWbnZZ.exe
  2⤵
  PID:3080
- C:\Windows\System\qsFKWAE.exe
  C:\Windows\System\qsFKWAE.exe
  2⤵
  PID:3096
- C:\Windows\System\YtjmMYm.exe
  C:\Windows\System\YtjmMYm.exe
  2⤵
  PID:3112
- C:\Windows\System\mkzUDfQ.exe
  C:\Windows\System\mkzUDfQ.exe
  2⤵
  PID:3128
- C:\Windows\System\FdVqlFM.exe
  C:\Windows\System\FdVqlFM.exe
  2⤵
  PID:3144
- C:\Windows\System\gLZCbcR.exe
  C:\Windows\System\gLZCbcR.exe
  2⤵
  PID:3160
- C:\Windows\System\pijmzmQ.exe
  C:\Windows\System\pijmzmQ.exe
  2⤵
  PID:3176
- C:\Windows\System\zZZBwND.exe
  C:\Windows\System\zZZBwND.exe
  2⤵
  PID:3192
- C:\Windows\System\MUlKPwy.exe
  C:\Windows\System\MUlKPwy.exe
  2⤵
  PID:3208
- C:\Windows\System\pTTlvnA.exe
  C:\Windows\System\pTTlvnA.exe
  2⤵
  PID:3224
- C:\Windows\System\PvXybnd.exe
  C:\Windows\System\PvXybnd.exe
  2⤵
  PID:3240
- C:\Windows\System\rmnVLsz.exe
  C:\Windows\System\rmnVLsz.exe
  2⤵
  PID:3256
- C:\Windows\System\sLCJOnO.exe
  C:\Windows\System\sLCJOnO.exe
  2⤵
  PID:3272
- C:\Windows\System\oHLrUBm.exe
  C:\Windows\System\oHLrUBm.exe
  2⤵
  PID:3288
- C:\Windows\System\WiVUyZn.exe
  C:\Windows\System\WiVUyZn.exe
  2⤵
  PID:3304
- C:\Windows\System\wIIQCOl.exe
  C:\Windows\System\wIIQCOl.exe
  2⤵
  PID:3320
- C:\Windows\System\ksjRmJd.exe
  C:\Windows\System\ksjRmJd.exe
  2⤵
  PID:3336
- C:\Windows\System\ATPKNwR.exe
  C:\Windows\System\ATPKNwR.exe
  2⤵
  PID:3352
- C:\Windows\System\tgaAitC.exe
  C:\Windows\System\tgaAitC.exe
  2⤵
  PID:3368
- C:\Windows\System\fszmRJy.exe
  C:\Windows\System\fszmRJy.exe
  2⤵
  PID:3384
- C:\Windows\System\njhZIXW.exe
  C:\Windows\System\njhZIXW.exe
  2⤵
  PID:3400
- C:\Windows\System\WjjHoVC.exe
  C:\Windows\System\WjjHoVC.exe
  2⤵
  PID:3416
- C:\Windows\System\gNvbvmD.exe
  C:\Windows\System\gNvbvmD.exe
  2⤵
  PID:3432
- C:\Windows\System\ldzRaeK.exe
  C:\Windows\System\ldzRaeK.exe
  2⤵
  PID:3448
- C:\Windows\System\tMnTwqY.exe
  C:\Windows\System\tMnTwqY.exe
  2⤵
  PID:3464
- C:\Windows\System\NyMYikw.exe
  C:\Windows\System\NyMYikw.exe
  2⤵
  PID:3480
- C:\Windows\System\TSFOFnV.exe
  C:\Windows\System\TSFOFnV.exe
  2⤵
  PID:3496
- C:\Windows\System\BzEtgbb.exe
  C:\Windows\System\BzEtgbb.exe
  2⤵
  PID:3512
- C:\Windows\System\aGMbOWe.exe
  C:\Windows\System\aGMbOWe.exe
  2⤵
  PID:3528
- C:\Windows\System\NiEpVJz.exe
  C:\Windows\System\NiEpVJz.exe
  2⤵
  PID:3544
- C:\Windows\System\eviGiUf.exe
  C:\Windows\System\eviGiUf.exe
  2⤵
  PID:3560
- C:\Windows\System\beuEjlp.exe
  C:\Windows\System\beuEjlp.exe
  2⤵
  PID:3580
- C:\Windows\System\ruATnEu.exe
  C:\Windows\System\ruATnEu.exe
  2⤵
  PID:3596
- C:\Windows\System\iEgSePQ.exe
  C:\Windows\System\iEgSePQ.exe
  2⤵
  PID:3612
- C:\Windows\System\vQjlYHV.exe
  C:\Windows\System\vQjlYHV.exe
  2⤵
  PID:3628
- C:\Windows\System\QpXGZAD.exe
  C:\Windows\System\QpXGZAD.exe
  2⤵
  PID:3644
- C:\Windows\System\tgoqbWk.exe
  C:\Windows\System\tgoqbWk.exe
  2⤵
  PID:3664
- C:\Windows\System\ijhpwsf.exe
  C:\Windows\System\ijhpwsf.exe
  2⤵
  PID:3680
- C:\Windows\System\zvyGyRZ.exe
  C:\Windows\System\zvyGyRZ.exe
  2⤵
  PID:3696
- C:\Windows\System\NXpapEY.exe
  C:\Windows\System\NXpapEY.exe
  2⤵
  PID:3712
- C:\Windows\System\PDhzqRk.exe
  C:\Windows\System\PDhzqRk.exe
  2⤵
  PID:3728
- C:\Windows\System\SufzYbO.exe
  C:\Windows\System\SufzYbO.exe
  2⤵
  PID:3744
- C:\Windows\System\XbNqDvd.exe
  C:\Windows\System\XbNqDvd.exe
  2⤵
  PID:3760
- C:\Windows\System\UOZBCVL.exe
  C:\Windows\System\UOZBCVL.exe
  2⤵
  PID:3776
- C:\Windows\System\ijuUXbY.exe
  C:\Windows\System\ijuUXbY.exe
  2⤵
  PID:3792
- C:\Windows\System\iSOIgLz.exe
  C:\Windows\System\iSOIgLz.exe
  2⤵
  PID:3808
- C:\Windows\System\xBKCosz.exe
  C:\Windows\System\xBKCosz.exe
  2⤵
  PID:3824
- C:\Windows\System\lwkbjJT.exe
  C:\Windows\System\lwkbjJT.exe
  2⤵
  PID:3840
- C:\Windows\System\pxQPGYY.exe
  C:\Windows\System\pxQPGYY.exe
  2⤵
  PID:3856
- C:\Windows\System\MxZJxyV.exe
  C:\Windows\System\MxZJxyV.exe
  2⤵
  PID:3872
- C:\Windows\System\QCLxkgw.exe
  C:\Windows\System\QCLxkgw.exe
  2⤵
  PID:3888
- C:\Windows\System\tTPNMQg.exe
  C:\Windows\System\tTPNMQg.exe
  2⤵
  PID:3904
- C:\Windows\System\tTIERmV.exe
  C:\Windows\System\tTIERmV.exe
  2⤵
  PID:3920
- C:\Windows\System\fMLOGNk.exe
  C:\Windows\System\fMLOGNk.exe
  2⤵
  PID:3936
- C:\Windows\System\gYYXPXl.exe
  C:\Windows\System\gYYXPXl.exe
  2⤵
  PID:3952
- C:\Windows\System\ZiPyeoP.exe
  C:\Windows\System\ZiPyeoP.exe
  2⤵
  PID:3968
- C:\Windows\System\izdoXXQ.exe
  C:\Windows\System\izdoXXQ.exe
  2⤵
  PID:3984
- C:\Windows\System\EjwCKeR.exe
  C:\Windows\System\EjwCKeR.exe
  2⤵
  PID:4000
- C:\Windows\System\eouFtqM.exe
  C:\Windows\System\eouFtqM.exe
  2⤵
  PID:4016
- C:\Windows\System\TUbOGhH.exe
  C:\Windows\System\TUbOGhH.exe
  2⤵
  PID:4032
- C:\Windows\System\gzBEskV.exe
  C:\Windows\System\gzBEskV.exe
  2⤵
  PID:4048
- C:\Windows\System\HAQkDGY.exe
  C:\Windows\System\HAQkDGY.exe
  2⤵
  PID:4064
- C:\Windows\System\RPJHdoh.exe
  C:\Windows\System\RPJHdoh.exe
  2⤵
  PID:4080
- C:\Windows\System\BKdYDEm.exe
  C:\Windows\System\BKdYDEm.exe
  2⤵
  PID:2732
- C:\Windows\System\CVzOOWO.exe
  C:\Windows\System\CVzOOWO.exe
  2⤵
  PID:2372
- C:\Windows\System\iBImHES.exe
  C:\Windows\System\iBImHES.exe
  2⤵
  PID:1004
- C:\Windows\System\QGRAJin.exe
  C:\Windows\System\QGRAJin.exe
  2⤵
  PID:3136
- C:\Windows\System\NHVqrAW.exe
  C:\Windows\System\NHVqrAW.exe
  2⤵
  PID:2936
- C:\Windows\System\pNbzzZe.exe
  C:\Windows\System\pNbzzZe.exe
  2⤵
  PID:3124
- C:\Windows\System\JozVkAd.exe
  C:\Windows\System\JozVkAd.exe
  2⤵
  PID:2208
- C:\Windows\System\LJyDjCA.exe
  C:\Windows\System\LJyDjCA.exe
  2⤵
  PID:760
- C:\Windows\System\lxcHrUH.exe
  C:\Windows\System\lxcHrUH.exe
  2⤵
  PID:2700
- C:\Windows\System\tBVbQxy.exe
  C:\Windows\System\tBVbQxy.exe
  2⤵
  PID:1240
- C:\Windows\System\UvQSwJX.exe
  C:\Windows\System\UvQSwJX.exe
  2⤵
  PID:3184
- C:\Windows\System\yBiUwDz.exe
  C:\Windows\System\yBiUwDz.exe
  2⤵
  PID:2220
- C:\Windows\System\OfkGxTz.exe
  C:\Windows\System\OfkGxTz.exe
  2⤵
  PID:2628
- C:\Windows\System\LrMqVdL.exe
  C:\Windows\System\LrMqVdL.exe
  2⤵
  PID:3188
- C:\Windows\System\yzIWksN.exe
  C:\Windows\System\yzIWksN.exe
  2⤵
  PID:1100
- C:\Windows\System\RaRVpiz.exe
  C:\Windows\System\RaRVpiz.exe
  2⤵
  PID:3364
- C:\Windows\System\IvlUdfC.exe
  C:\Windows\System\IvlUdfC.exe
  2⤵
  PID:3428
- C:\Windows\System\oRQToOx.exe
  C:\Windows\System\oRQToOx.exe
  2⤵
  PID:3492
- C:\Windows\System\dHYLBbO.exe
  C:\Windows\System\dHYLBbO.exe
  2⤵
  PID:3316
- C:\Windows\System\UfoRVzN.exe
  C:\Windows\System\UfoRVzN.exe
  2⤵
  PID:3252
- C:\Windows\System\HZOnWHw.exe
  C:\Windows\System\HZOnWHw.exe
  2⤵
  PID:3408
- C:\Windows\System\BXNtipF.exe
  C:\Windows\System\BXNtipF.exe
  2⤵
  PID:3312
- C:\Windows\System\cueblEP.exe
  C:\Windows\System\cueblEP.exe
  2⤵
  PID:3508
- C:\Windows\System\OryiysX.exe
  C:\Windows\System\OryiysX.exe
  2⤵
  PID:4008
- C:\Windows\System\plcdqhS.exe
  C:\Windows\System\plcdqhS.exe
  2⤵
  PID:4076
- C:\Windows\System\JAWKzfu.exe
  C:\Windows\System\JAWKzfu.exe
  2⤵
  PID:3108
- C:\Windows\System\pFfkKmg.exe
  C:\Windows\System\pFfkKmg.exe
  2⤵
  PID:2508
- C:\Windows\System\fUpPpsW.exe
  C:\Windows\System\fUpPpsW.exe
  2⤵
  PID:3200
- C:\Windows\System\okFdNet.exe
  C:\Windows\System\okFdNet.exe
  2⤵
  PID:4092
- C:\Windows\System\qyXTlIf.exe
  C:\Windows\System\qyXTlIf.exe
  2⤵
  PID:4060
- C:\Windows\System\SdtKLTQ.exe
  C:\Windows\System\SdtKLTQ.exe
  2⤵
  PID:3832
- C:\Windows\System\rzjHtBU.exe
  C:\Windows\System\rzjHtBU.exe
  2⤵
  PID:3740
- C:\Windows\System\jvUFtlZ.exe
  C:\Windows\System\jvUFtlZ.exe
  2⤵
  PID:3672
- C:\Windows\System\GwTCpgy.exe
  C:\Windows\System\GwTCpgy.exe
  2⤵
  PID:3332
- C:\Windows\System\eEwrzCy.exe
  C:\Windows\System\eEwrzCy.exe
  2⤵
  PID:3460
- C:\Windows\System\sVyNeyn.exe
  C:\Windows\System\sVyNeyn.exe
  2⤵
  PID:3440
- C:\Windows\System\PQhSyGm.exe
  C:\Windows\System\PQhSyGm.exe
  2⤵
  PID:3524
- C:\Windows\System\kuZoESP.exe
  C:\Windows\System\kuZoESP.exe
  2⤵
  PID:3380
- C:\Windows\System\laJwUnf.exe
  C:\Windows\System\laJwUnf.exe
  2⤵
  PID:3552
- C:\Windows\System\AZlwnki.exe
  C:\Windows\System\AZlwnki.exe
  2⤵
  PID:3588
- C:\Windows\System\kgJjPpb.exe
  C:\Windows\System\kgJjPpb.exe
  2⤵
  PID:3652
- C:\Windows\System\wLWqtDq.exe
  C:\Windows\System\wLWqtDq.exe
  2⤵
  PID:3720
- C:\Windows\System\ayiHKyk.exe
  C:\Windows\System\ayiHKyk.exe
  2⤵
  PID:3784
- C:\Windows\System\xvvpPry.exe
  C:\Windows\System\xvvpPry.exe
  2⤵
  PID:3848
- C:\Windows\System\txIeUzH.exe
  C:\Windows\System\txIeUzH.exe
  2⤵
  PID:2080
- C:\Windows\System\WUAVovU.exe
  C:\Windows\System\WUAVovU.exe
  2⤵
  PID:3948
- C:\Windows\System\ISMhtLU.exe
  C:\Windows\System\ISMhtLU.exe
  2⤵
  PID:1344
- C:\Windows\System\upAjJDW.exe
  C:\Windows\System\upAjJDW.exe
  2⤵
  PID:2232
- C:\Windows\System\oJcvKxN.exe
  C:\Windows\System\oJcvKxN.exe
  2⤵
  PID:3120
- C:\Windows\System\XnIGbgQ.exe
  C:\Windows\System\XnIGbgQ.exe
  2⤵
  PID:2728
- C:\Windows\System\wMIstYf.exe
  C:\Windows\System\wMIstYf.exe
  2⤵
  PID:888
- C:\Windows\System\stNkkaI.exe
  C:\Windows\System\stNkkaI.exe
  2⤵
  PID:1900
- C:\Windows\System\IbGcxDb.exe
  C:\Windows\System\IbGcxDb.exe
  2⤵
  PID:3608
- C:\Windows\System\WaoNgvd.exe
  C:\Windows\System\WaoNgvd.exe
  2⤵
  PID:3804
- C:\Windows\System\YkZqWit.exe
  C:\Windows\System\YkZqWit.exe
  2⤵
  PID:3996
- C:\Windows\System\iQvrWKV.exe
  C:\Windows\System\iQvrWKV.exe
  2⤵
  PID:3932
- C:\Windows\System\piWhEBx.exe
  C:\Windows\System\piWhEBx.exe
  2⤵
  PID:3864
- C:\Windows\System\zzRdrtX.exe
  C:\Windows\System\zzRdrtX.exe
  2⤵
  PID:3640
- C:\Windows\System\ZvBOQan.exe
  C:\Windows\System\ZvBOQan.exe
  2⤵
  PID:3328
- C:\Windows\System\MtdqYWg.exe
  C:\Windows\System\MtdqYWg.exe
  2⤵
  PID:3376
- C:\Windows\System\VPzqWLq.exe
  C:\Windows\System\VPzqWLq.exe
  2⤵
  PID:3556
- C:\Windows\System\RIagRnl.exe
  C:\Windows\System\RIagRnl.exe
  2⤵
  PID:3816
- C:\Windows\System\EyxjRxj.exe
  C:\Windows\System\EyxjRxj.exe
  2⤵
  PID:2284
- C:\Windows\System\PLwOunY.exe
  C:\Windows\System\PLwOunY.exe
  2⤵
  PID:1968
- C:\Windows\System\xNTeZID.exe
  C:\Windows\System\xNTeZID.exe
  2⤵
  PID:3756
- C:\Windows\System\ipZOXQq.exe
  C:\Windows\System\ipZOXQq.exe
  2⤵
  PID:3768
- C:\Windows\System\AJrQYLd.exe
  C:\Windows\System\AJrQYLd.exe
  2⤵
  PID:3348
- C:\Windows\System\BKBLAJk.exe
  C:\Windows\System\BKBLAJk.exe
  2⤵
  PID:3220
- C:\Windows\System\zvMIOKz.exe
  C:\Windows\System\zvMIOKz.exe
  2⤵
  PID:3424
- C:\Windows\System\eiMeEBx.exe
  C:\Windows\System\eiMeEBx.exe
  2⤵
  PID:2908
- C:\Windows\System\tFNMDms.exe
  C:\Windows\System\tFNMDms.exe
  2⤵
  PID:3576
- C:\Windows\System\ACQGgpy.exe
  C:\Windows\System\ACQGgpy.exe
  2⤵
  PID:3868
- C:\Windows\System\KHCzDHw.exe
  C:\Windows\System\KHCzDHw.exe
  2⤵
  PID:3772
- C:\Windows\System\DmbwUYs.exe
  C:\Windows\System\DmbwUYs.exe
  2⤵
  PID:3896
- C:\Windows\System\YYxSkPz.exe
  C:\Windows\System\YYxSkPz.exe
  2⤵
  PID:3676
- C:\Windows\System\KYfvMdb.exe
  C:\Windows\System\KYfvMdb.exe
  2⤵
  PID:3752
- C:\Windows\System\GgZjigm.exe
  C:\Windows\System\GgZjigm.exe
  2⤵
  PID:3020
- C:\Windows\System\wCADAKC.exe
  C:\Windows\System\wCADAKC.exe
  2⤵
  PID:3620
- C:\Windows\System\ZvTZaZY.exe
  C:\Windows\System\ZvTZaZY.exe
  2⤵
  PID:3168
- C:\Windows\System\vLkywLp.exe
  C:\Windows\System\vLkywLp.exe
  2⤵
  PID:2004
- C:\Windows\System\iHNZYIJ.exe
  C:\Windows\System\iHNZYIJ.exe
  2⤵
  PID:3884
- C:\Windows\System\JxPGHdY.exe
  C:\Windows\System\JxPGHdY.exe
  2⤵
  PID:608
- C:\Windows\System\AprrRxE.exe
  C:\Windows\System\AprrRxE.exe
  2⤵
  PID:4112
- C:\Windows\System\sWveGCv.exe
  C:\Windows\System\sWveGCv.exe
  2⤵
  PID:4128
- C:\Windows\System\mdalMft.exe
  C:\Windows\System\mdalMft.exe
  2⤵
  PID:4144
- C:\Windows\System\poVYZiq.exe
  C:\Windows\System\poVYZiq.exe
  2⤵
  PID:4160
- C:\Windows\System\ntTrRQk.exe
  C:\Windows\System\ntTrRQk.exe
  2⤵
  PID:4184
- C:\Windows\System\PRJTiLH.exe
  C:\Windows\System\PRJTiLH.exe
  2⤵
  PID:4204
- C:\Windows\System\mKYsqTo.exe
  C:\Windows\System\mKYsqTo.exe
  2⤵
  PID:4224
- C:\Windows\System\OkjeIJC.exe
  C:\Windows\System\OkjeIJC.exe
  2⤵
  PID:4240
- C:\Windows\System\btKXXro.exe
  C:\Windows\System\btKXXro.exe
  2⤵
  PID:4256
- C:\Windows\System\jSWdXaF.exe
  C:\Windows\System\jSWdXaF.exe
  2⤵
  PID:4272
- C:\Windows\System\Uhnekno.exe
  C:\Windows\System\Uhnekno.exe
  2⤵
  PID:4288
- C:\Windows\System\ZYGGQSm.exe
  C:\Windows\System\ZYGGQSm.exe
  2⤵
  PID:4304
- C:\Windows\System\zLiTiTs.exe
  C:\Windows\System\zLiTiTs.exe
  2⤵
  PID:4320
- C:\Windows\System\GAAJAWO.exe
  C:\Windows\System\GAAJAWO.exe
  2⤵
  PID:4336
- C:\Windows\System\qNtgMpP.exe
  C:\Windows\System\qNtgMpP.exe
  2⤵
  PID:4352
- C:\Windows\System\ovQWhtC.exe
  C:\Windows\System\ovQWhtC.exe
  2⤵
  PID:4368
- C:\Windows\System\zGKbMVN.exe
  C:\Windows\System\zGKbMVN.exe
  2⤵
  PID:4384
- C:\Windows\System\kciuKTt.exe
  C:\Windows\System\kciuKTt.exe
  2⤵
  PID:4400
- C:\Windows\System\ZLVqyBp.exe
  C:\Windows\System\ZLVqyBp.exe
  2⤵
  PID:4416
- C:\Windows\System\kmSVWej.exe
  C:\Windows\System\kmSVWej.exe
  2⤵
  PID:4432
- C:\Windows\System\TxmEanR.exe
  C:\Windows\System\TxmEanR.exe
  2⤵
  PID:4448
- C:\Windows\System\zQiZvrM.exe
  C:\Windows\System\zQiZvrM.exe
  2⤵
  PID:4472
- C:\Windows\System\dztPJdy.exe
  C:\Windows\System\dztPJdy.exe
  2⤵
  PID:4488
- C:\Windows\System\ecQWpaa.exe
  C:\Windows\System\ecQWpaa.exe
  2⤵
  PID:4508
- C:\Windows\System\jVlrBuz.exe
  C:\Windows\System\jVlrBuz.exe
  2⤵
  PID:4524
- C:\Windows\System\ufTjaYf.exe
  C:\Windows\System\ufTjaYf.exe
  2⤵
  PID:4548
- C:\Windows\System\rIkMceV.exe
  C:\Windows\System\rIkMceV.exe
  2⤵
  PID:4564
- C:\Windows\System\AcqkcPh.exe
  C:\Windows\System\AcqkcPh.exe
  2⤵
  PID:4580
- C:\Windows\System\HBjLUlk.exe
  C:\Windows\System\HBjLUlk.exe
  2⤵
  PID:4596
- C:\Windows\System\MUdSCNr.exe
  C:\Windows\System\MUdSCNr.exe
  2⤵
  PID:4612
- C:\Windows\System\SAMieSU.exe
  C:\Windows\System\SAMieSU.exe
  2⤵
  PID:4628
- C:\Windows\System\JaZhtpy.exe
  C:\Windows\System\JaZhtpy.exe
  2⤵
  PID:4644
- C:\Windows\System\yhzppaa.exe
  C:\Windows\System\yhzppaa.exe
  2⤵
  PID:4660
- C:\Windows\System\fLFTmGo.exe
  C:\Windows\System\fLFTmGo.exe
  2⤵
  PID:4676
- C:\Windows\System\QbPRNLG.exe
  C:\Windows\System\QbPRNLG.exe
  2⤵
  PID:4692
- C:\Windows\System\xiDCrEX.exe
  C:\Windows\System\xiDCrEX.exe
  2⤵
  PID:4708
- C:\Windows\System\pBgvdFU.exe
  C:\Windows\System\pBgvdFU.exe
  2⤵
  PID:4724
- C:\Windows\System\aGluuQa.exe
  C:\Windows\System\aGluuQa.exe
  2⤵
  PID:4740
- C:\Windows\System\UhTkuRZ.exe
  C:\Windows\System\UhTkuRZ.exe
  2⤵
  PID:4756
- C:\Windows\System\fyzXBke.exe
  C:\Windows\System\fyzXBke.exe
  2⤵
  PID:4772
- C:\Windows\System\AwFsHpT.exe
  C:\Windows\System\AwFsHpT.exe
  2⤵
  PID:4788
- C:\Windows\System\yFtgmkT.exe
  C:\Windows\System\yFtgmkT.exe
  2⤵
  PID:4804
- C:\Windows\System\eGnbIqr.exe
  C:\Windows\System\eGnbIqr.exe
  2⤵
  PID:4824
- C:\Windows\System\RmuCdvW.exe
  C:\Windows\System\RmuCdvW.exe
  2⤵
  PID:4840
- C:\Windows\System\ewkXuWx.exe
  C:\Windows\System\ewkXuWx.exe
  2⤵
  PID:4856
- C:\Windows\System\rNnMLGp.exe
  C:\Windows\System\rNnMLGp.exe
  2⤵
  PID:4872
- C:\Windows\System\rPrTAfp.exe
  C:\Windows\System\rPrTAfp.exe
  2⤵
  PID:4892
- C:\Windows\System\PBkeSgi.exe
  C:\Windows\System\PBkeSgi.exe
  2⤵
  PID:4908
- C:\Windows\System\JOpltCx.exe
  C:\Windows\System\JOpltCx.exe
  2⤵
  PID:4924
- C:\Windows\System\alCSFvz.exe
  C:\Windows\System\alCSFvz.exe
  2⤵
  PID:4940
- C:\Windows\System\WGYSnun.exe
  C:\Windows\System\WGYSnun.exe
  2⤵
  PID:4956
- C:\Windows\System\GQcsKFK.exe
  C:\Windows\System\GQcsKFK.exe
  2⤵
  PID:4972
- C:\Windows\System\CdlEQaD.exe
  C:\Windows\System\CdlEQaD.exe
  2⤵
  PID:4988
- C:\Windows\System\CcpVRgQ.exe
  C:\Windows\System\CcpVRgQ.exe
  2⤵
  PID:5008
- C:\Windows\System\sjTGUFC.exe
  C:\Windows\System\sjTGUFC.exe
  2⤵
  PID:5024
- C:\Windows\System\BSNWdJO.exe
  C:\Windows\System\BSNWdJO.exe
  2⤵
  PID:5044
- C:\Windows\System\XvlRVUl.exe
  C:\Windows\System\XvlRVUl.exe
  2⤵
  PID:5100
- C:\Windows\System\ChFqKJX.exe
  C:\Windows\System\ChFqKJX.exe
  2⤵
  PID:5116
- C:\Windows\System\hdEpVGp.exe
  C:\Windows\System\hdEpVGp.exe
  2⤵
  PID:4136
- C:\Windows\System\POIaaAN.exe
  C:\Windows\System\POIaaAN.exe
  2⤵
  PID:4168
- C:\Windows\System\TKCNafp.exe
  C:\Windows\System\TKCNafp.exe
  2⤵
  PID:4176
- C:\Windows\System\yXKAbzc.exe
  C:\Windows\System\yXKAbzc.exe
  2⤵
  PID:4232
- C:\Windows\System\rdlCHgE.exe
  C:\Windows\System\rdlCHgE.exe
  2⤵
  PID:4328
- C:\Windows\System\dtKFplu.exe
  C:\Windows\System\dtKFplu.exe
  2⤵
  PID:4280
- C:\Windows\System\FcOqRnT.exe
  C:\Windows\System\FcOqRnT.exe
  2⤵
  PID:4248
- C:\Windows\System\TQvbRLk.exe
  C:\Windows\System\TQvbRLk.exe
  2⤵
  PID:4428
- C:\Windows\System\aNYgcgt.exe
  C:\Windows\System\aNYgcgt.exe
  2⤵
  PID:4412
- C:\Windows\System\TLXeUWk.exe
  C:\Windows\System\TLXeUWk.exe
  2⤵
  PID:4468
- C:\Windows\System\eLRIuKT.exe
  C:\Windows\System\eLRIuKT.exe
  2⤵
  PID:4700
- C:\Windows\System\SSjDilF.exe
  C:\Windows\System\SSjDilF.exe
  2⤵
  PID:4748
- C:\Windows\System\iBTVGBe.exe
  C:\Windows\System\iBTVGBe.exe
  2⤵
  PID:4624
- C:\Windows\System\HTlmHNW.exe
  C:\Windows\System\HTlmHNW.exe
  2⤵
  PID:4656
- C:\Windows\System\bwQAXwG.exe
  C:\Windows\System\bwQAXwG.exe
  2⤵
  PID:4796
- C:\Windows\System\DUJHcHA.exe
  C:\Windows\System\DUJHcHA.exe
  2⤵
  PID:4820
- C:\Windows\System\byOLqJV.exe
  C:\Windows\System\byOLqJV.exe
  2⤵
  PID:4812
- C:\Windows\System\RTzMGXG.exe
  C:\Windows\System\RTzMGXG.exe
  2⤵
  PID:4900
- C:\Windows\System\tFJGAlE.exe
  C:\Windows\System\tFJGAlE.exe
  2⤵
  PID:4888
- C:\Windows\System\DOITjSd.exe
  C:\Windows\System\DOITjSd.exe
  2⤵
  PID:4932
- C:\Windows\System\nNRyGUy.exe
  C:\Windows\System\nNRyGUy.exe
  2⤵
  PID:4952
- C:\Windows\System\eZhCTAZ.exe
  C:\Windows\System\eZhCTAZ.exe
  2⤵
  PID:5000
- C:\Windows\System\nmTxpEG.exe
  C:\Windows\System\nmTxpEG.exe
  2⤵
  PID:5016
- C:\Windows\System\xcQglVC.exe
  C:\Windows\System\xcQglVC.exe
  2⤵
  PID:5040
- C:\Windows\System\oqZXkyj.exe
  C:\Windows\System\oqZXkyj.exe
  2⤵
  PID:5060
- C:\Windows\System\LEtQYFk.exe
  C:\Windows\System\LEtQYFk.exe
  2⤵
  PID:5088
- C:\Windows\System\efAUqpD.exe
  C:\Windows\System\efAUqpD.exe
  2⤵
  PID:5112
- C:\Windows\System\lpHRwCb.exe
  C:\Windows\System\lpHRwCb.exe
  2⤵
  PID:4152
- C:\Windows\System\xPEtfxT.exe
  C:\Windows\System\xPEtfxT.exe
  2⤵
  PID:4108
- C:\Windows\System\oIDiEYB.exe
  C:\Windows\System\oIDiEYB.exe
  2⤵
  PID:2216
- C:\Windows\System\vYKFzUr.exe
  C:\Windows\System\vYKFzUr.exe
  2⤵
  PID:4316
- C:\Windows\System\kfzvzmW.exe
  C:\Windows\System\kfzvzmW.exe
  2⤵
  PID:4396
- C:\Windows\System\sadeSDL.exe
  C:\Windows\System\sadeSDL.exe
  2⤵
  PID:4408
- C:\Windows\System\sYDLBir.exe
  C:\Windows\System\sYDLBir.exe
  2⤵
  PID:4300
- C:\Windows\System\hkTFZsj.exe
  C:\Windows\System\hkTFZsj.exe
  2⤵
  PID:4268
- C:\Windows\System\RMAgDLY.exe
  C:\Windows\System\RMAgDLY.exe
  2⤵
  PID:4500
- C:\Windows\System\hRXgxSo.exe
  C:\Windows\System\hRXgxSo.exe
  2⤵
  PID:4532
- C:\Windows\System\YjjYilg.exe
  C:\Windows\System\YjjYilg.exe
  2⤵
  PID:3236
- C:\Windows\System\qTCtJLl.exe
  C:\Windows\System\qTCtJLl.exe
  2⤵
  PID:4736
- C:\Windows\System\zGhfGsW.exe
  C:\Windows\System\zGhfGsW.exe
  2⤵
  PID:4780
- C:\Windows\System\IiluKeA.exe
  C:\Windows\System\IiluKeA.exe
  2⤵
  PID:4920
- C:\Windows\System\iEBwiUR.exe
  C:\Windows\System\iEBwiUR.exe
  2⤵
  PID:4544
- C:\Windows\System\utNApOr.exe
  C:\Windows\System\utNApOr.exe
  2⤵
  PID:4576
- C:\Windows\System\MRXfyVw.exe
  C:\Windows\System\MRXfyVw.exe
  2⤵
  PID:4672
- C:\Windows\System\FtkMRBG.exe
  C:\Windows\System\FtkMRBG.exe
  2⤵
  PID:4984
- C:\Windows\System\MtVqRtP.exe
  C:\Windows\System\MtVqRtP.exe
  2⤵
  PID:5096
- C:\Windows\System\JPtxVMX.exe
  C:\Windows\System\JPtxVMX.exe
  2⤵
  PID:4592
- C:\Windows\System\kkijdfR.exe
  C:\Windows\System\kkijdfR.exe
  2⤵
  PID:5108
- C:\Windows\System\LcpEdEc.exe
  C:\Windows\System\LcpEdEc.exe
  2⤵
  PID:4392
- C:\Windows\System\PXZzCmw.exe
  C:\Windows\System\PXZzCmw.exe
  2⤵
  PID:4504
- C:\Windows\System\IyXggIm.exe
  C:\Windows\System\IyXggIm.exe
  2⤵
  PID:4684
- C:\Windows\System\ZUZhcTr.exe
  C:\Windows\System\ZUZhcTr.exe
  2⤵
  PID:4784
- C:\Windows\System\LODWWut.exe
  C:\Windows\System\LODWWut.exe
  2⤵
  PID:4216
- C:\Windows\System\nJobciU.exe
  C:\Windows\System\nJobciU.exe
  2⤵
  PID:4536
- C:\Windows\System\AcmdXsW.exe
  C:\Windows\System\AcmdXsW.exe
  2⤵
  PID:4640
- C:\Windows\System\OocuBWi.exe
  C:\Windows\System\OocuBWi.exe
  2⤵
  PID:5076
- C:\Windows\System\oktBysv.exe
  C:\Windows\System\oktBysv.exe
  2⤵
  PID:4200
- C:\Windows\System\ckfRcgk.exe
  C:\Windows\System\ckfRcgk.exe
  2⤵
  PID:4120
- C:\Windows\System\TBxUPbE.exe
  C:\Windows\System\TBxUPbE.exe
  2⤵
  PID:4948
- C:\Windows\System\PspmSjI.exe
  C:\Windows\System\PspmSjI.exe
  2⤵
  PID:4816
- C:\Windows\System\cgMXYPl.exe
  C:\Windows\System\cgMXYPl.exe
  2⤵
  PID:4764
- C:\Windows\System\qyhldTD.exe
  C:\Windows\System\qyhldTD.exe
  2⤵
  PID:4220
- C:\Windows\System\ngEShYo.exe
  C:\Windows\System\ngEShYo.exe
  2⤵
  PID:4444
- C:\Windows\System\uPdWaXz.exe
  C:\Windows\System\uPdWaXz.exe
  2⤵
  PID:1552
- C:\Windows\System\YVYHGRC.exe
  C:\Windows\System\YVYHGRC.exe
  2⤵
  PID:5136
- C:\Windows\System\oDuLNZy.exe
  C:\Windows\System\oDuLNZy.exe
  2⤵
  PID:5152
- C:\Windows\System\CIjaEPq.exe
  C:\Windows\System\CIjaEPq.exe
  2⤵
  PID:5168
- C:\Windows\System\YnXKOTg.exe
  C:\Windows\System\YnXKOTg.exe
  2⤵
  PID:5184
- C:\Windows\System\dAHpLIx.exe
  C:\Windows\System\dAHpLIx.exe
  2⤵
  PID:5200
- C:\Windows\System\qBfVJnT.exe
  C:\Windows\System\qBfVJnT.exe
  2⤵
  PID:5216
- C:\Windows\System\kRPDqIw.exe
  C:\Windows\System\kRPDqIw.exe
  2⤵
  PID:5232
- C:\Windows\System\nHwpqNA.exe
  C:\Windows\System\nHwpqNA.exe
  2⤵
  PID:5248
- C:\Windows\System\RAyvnnV.exe
  C:\Windows\System\RAyvnnV.exe
  2⤵
  PID:5264
- C:\Windows\System\rAZqLuD.exe
  C:\Windows\System\rAZqLuD.exe
  2⤵
  PID:5280
- C:\Windows\System\hBUOWlN.exe
  C:\Windows\System\hBUOWlN.exe
  2⤵
  PID:5296
- C:\Windows\System\bwMJKWs.exe
  C:\Windows\System\bwMJKWs.exe
  2⤵
  PID:5312
- C:\Windows\System\QqhpSzq.exe
  C:\Windows\System\QqhpSzq.exe
  2⤵
  PID:5328
- C:\Windows\System\IGAfAPN.exe
  C:\Windows\System\IGAfAPN.exe
  2⤵
  PID:5344
- C:\Windows\System\qTZIEsB.exe
  C:\Windows\System\qTZIEsB.exe
  2⤵
  PID:5360
- C:\Windows\System\zxcWaIu.exe
  C:\Windows\System\zxcWaIu.exe
  2⤵
  PID:5376
- C:\Windows\System\rCzUBxd.exe
  C:\Windows\System\rCzUBxd.exe
  2⤵
  PID:5392
- C:\Windows\System\kYLAJYL.exe
  C:\Windows\System\kYLAJYL.exe
  2⤵
  PID:5408
- C:\Windows\System\qfJlowC.exe
  C:\Windows\System\qfJlowC.exe
  2⤵
  PID:5424
- C:\Windows\System\qiHznOd.exe
  C:\Windows\System\qiHznOd.exe
  2⤵
  PID:5440
- C:\Windows\System\WjxTtzO.exe
  C:\Windows\System\WjxTtzO.exe
  2⤵
  PID:5456
- C:\Windows\System\RaUrUpH.exe
  C:\Windows\System\RaUrUpH.exe
  2⤵
  PID:5472
- C:\Windows\System\oPMWjqw.exe
  C:\Windows\System\oPMWjqw.exe
  2⤵
  PID:5488
- C:\Windows\System\KDSWVFq.exe
  C:\Windows\System\KDSWVFq.exe
  2⤵
  PID:5504
- C:\Windows\System\PgPBQxM.exe
  C:\Windows\System\PgPBQxM.exe
  2⤵
  PID:5520
- C:\Windows\System\QTsOXQu.exe
  C:\Windows\System\QTsOXQu.exe
  2⤵
  PID:5536
- C:\Windows\System\VdLNANx.exe
  C:\Windows\System\VdLNANx.exe
  2⤵
  PID:5552
- C:\Windows\System\gsvzhxn.exe
  C:\Windows\System\gsvzhxn.exe
  2⤵
  PID:5568
- C:\Windows\System\yKyeFtZ.exe
  C:\Windows\System\yKyeFtZ.exe
  2⤵
  PID:5584
- C:\Windows\System\NALflPM.exe
  C:\Windows\System\NALflPM.exe
  2⤵
  PID:5600
- C:\Windows\System\oZHJeDY.exe
  C:\Windows\System\oZHJeDY.exe
  2⤵
  PID:5616
- C:\Windows\System\nqBjKqR.exe
  C:\Windows\System\nqBjKqR.exe
  2⤵
  PID:5632
- C:\Windows\System\mUgxOBN.exe
  C:\Windows\System\mUgxOBN.exe
  2⤵
  PID:5648
- C:\Windows\System\KLkPSMq.exe
  C:\Windows\System\KLkPSMq.exe
  2⤵
  PID:5664
- C:\Windows\System\wGYgoVh.exe
  C:\Windows\System\wGYgoVh.exe
  2⤵
  PID:5680
- C:\Windows\System\HpzhgFy.exe
  C:\Windows\System\HpzhgFy.exe
  2⤵
  PID:5696
- C:\Windows\System\GXpkdiC.exe
  C:\Windows\System\GXpkdiC.exe
  2⤵
  PID:5640
- C:\Windows\System\LRWQhig.exe
  C:\Windows\System\LRWQhig.exe
  2⤵
  PID:5676
- C:\Windows\System\cefEWhu.exe
  C:\Windows\System\cefEWhu.exe
  2⤵
  PID:5728
- C:\Windows\System\jAjrYzw.exe
  C:\Windows\System\jAjrYzw.exe
  2⤵
  PID:5748
- C:\Windows\System\rCQMaJQ.exe
  C:\Windows\System\rCQMaJQ.exe
  2⤵
  PID:5776
- C:\Windows\System\SbjiFEx.exe
  C:\Windows\System\SbjiFEx.exe
  2⤵
  PID:5824
- C:\Windows\System\fcuussZ.exe
  C:\Windows\System\fcuussZ.exe
  2⤵
  PID:5844
- C:\Windows\System\wqnnifj.exe
  C:\Windows\System\wqnnifj.exe
  2⤵
  PID:5860
- C:\Windows\System\QavAbMU.exe
  C:\Windows\System\QavAbMU.exe
  2⤵
  PID:5888
- C:\Windows\System\VEINwDP.exe
  C:\Windows\System\VEINwDP.exe
  2⤵
  PID:5916
- C:\Windows\System\YgHgUao.exe
  C:\Windows\System\YgHgUao.exe
  2⤵
  PID:5968
- C:\Windows\System\arIGznT.exe
  C:\Windows\System\arIGznT.exe
  2⤵
  PID:6016
- C:\Windows\System\ZSEKzaA.exe
  C:\Windows\System\ZSEKzaA.exe
  2⤵
  PID:6028
- C:\Windows\System\WgnLfYQ.exe
  C:\Windows\System\WgnLfYQ.exe
  2⤵
  PID:6052
- C:\Windows\System\ZHjtdEm.exe
  C:\Windows\System\ZHjtdEm.exe
  2⤵
  PID:6092
- C:\Windows\System\tpNsWFV.exe
  C:\Windows\System\tpNsWFV.exe
  2⤵
  PID:6120
- C:\Windows\System\kWWYRBJ.exe
  C:\Windows\System\kWWYRBJ.exe
  2⤵
  PID:4884
- C:\Windows\System\osRYnJV.exe
  C:\Windows\System\osRYnJV.exe
  2⤵
  PID:4996
- C:\Windows\System\gMSTYaU.exe
  C:\Windows\System\gMSTYaU.exe
  2⤵
  PID:5148
- C:\Windows\System\brvTCOv.exe
  C:\Windows\System\brvTCOv.exe
  2⤵
  PID:5208
- C:\Windows\System\PiLpTXx.exe
  C:\Windows\System\PiLpTXx.exe
  2⤵
  PID:5308
- C:\Windows\System\QyVIzfH.exe
  C:\Windows\System\QyVIzfH.exe
  2⤵
  PID:5404
- C:\Windows\System\IpDhUBR.exe
  C:\Windows\System\IpDhUBR.exe
  2⤵
  PID:5432
- C:\Windows\System\VFIdzdc.exe
  C:\Windows\System\VFIdzdc.exe
  2⤵
  PID:5928
- C:\Windows\System\TPnbsIi.exe
  C:\Windows\System\TPnbsIi.exe
  2⤵
  PID:5468
- C:\Windows\System\UKlkHbL.exe
  C:\Windows\System\UKlkHbL.exe
  2⤵
  PID:5164
- C:\Windows\System\SCuyGgf.exe
  C:\Windows\System\SCuyGgf.exe
  2⤵
  PID:5192
- C:\Windows\System\esVmsyV.exe
  C:\Windows\System\esVmsyV.exe
  2⤵
  PID:5288
- C:\Windows\System\sFRGhSr.exe
  C:\Windows\System\sFRGhSr.exe
  2⤵
  PID:5480
- C:\Windows\System\DbIfMdk.exe
  C:\Windows\System\DbIfMdk.exe
  2⤵
  PID:5512
- C:\Windows\System\UCYjpdy.exe
  C:\Windows\System\UCYjpdy.exe
  2⤵
  PID:5612
- C:\Windows\System\zaMahml.exe
  C:\Windows\System\zaMahml.exe
  2⤵
  PID:5688
- C:\Windows\System\BlNqrYj.exe
  C:\Windows\System\BlNqrYj.exe
  2⤵
  PID:5592
- C:\Windows\System\PgMqDHT.exe
  C:\Windows\System\PgMqDHT.exe
  2⤵
  PID:5712
- C:\Windows\System\WPQHmpJ.exe
  C:\Windows\System\WPQHmpJ.exe
  2⤵
  PID:5724
- C:\Windows\System\vwCsBJX.exe
  C:\Windows\System\vwCsBJX.exe
  2⤵
  PID:5788
- C:\Windows\System\hTVfrwP.exe
  C:\Windows\System\hTVfrwP.exe
  2⤵
  PID:5808
- C:\Windows\System\mWeVnmn.exe
  C:\Windows\System\mWeVnmn.exe
  2⤵
  PID:5852
- C:\Windows\System\ITcIweL.exe
  C:\Windows\System\ITcIweL.exe
  2⤵
  PID:4364
- C:\Windows\System\rIgzWzE.exe
  C:\Windows\System\rIgzWzE.exe
  2⤵
  PID:5976
- C:\Windows\System\cdOEDQC.exe
  C:\Windows\System\cdOEDQC.exe
  2⤵
  PID:5996
- C:\Windows\System\BYooIea.exe
  C:\Windows\System\BYooIea.exe
  2⤵
  PID:5984
- C:\Windows\System\GhVzNZt.exe
  C:\Windows\System\GhVzNZt.exe
  2⤵
  PID:6048
- C:\Windows\System\rmhSPsv.exe
  C:\Windows\System\rmhSPsv.exe
  2⤵
  PID:5956
- C:\Windows\System\etsPzDV.exe
  C:\Windows\System\etsPzDV.exe
  2⤵
  PID:5876
- C:\Windows\System\pfXrUgB.exe
  C:\Windows\System\pfXrUgB.exe
  2⤵
  PID:5936
- C:\Windows\System\EECkRBw.exe
  C:\Windows\System\EECkRBw.exe
  2⤵
  PID:6064
- C:\Windows\System\XIWqWRb.exe
  C:\Windows\System\XIWqWRb.exe
  2⤵
  PID:6104
- C:\Windows\System\frXyfln.exe
  C:\Windows\System\frXyfln.exe
  2⤵
  PID:4880
- C:\Windows\System\gHwFWPw.exe
  C:\Windows\System\gHwFWPw.exe
  2⤵
  PID:6076
- C:\Windows\System\MOLOQMX.exe
  C:\Windows\System\MOLOQMX.exe
  2⤵
  PID:5068
- C:\Windows\System\bBxRQaN.exe
  C:\Windows\System\bBxRQaN.exe
  2⤵
  PID:4668
- C:\Windows\System\ayKzOBc.exe
  C:\Windows\System\ayKzOBc.exe
  2⤵
  PID:5240
- C:\Windows\System\PzKSpHi.exe
  C:\Windows\System\PzKSpHi.exe
  2⤵
  PID:5400
- C:\Windows\System\oSoeYjB.exe
  C:\Windows\System\oSoeYjB.exe
  2⤵
  PID:4768
- C:\Windows\System\GcmsWTQ.exe
  C:\Windows\System\GcmsWTQ.exe
  2⤵
  PID:5548
- C:\Windows\System\yNjRgsw.exe
  C:\Windows\System\yNjRgsw.exe
  2⤵
  PID:5484
- C:\Windows\System\zHMAsjC.exe
  C:\Windows\System\zHMAsjC.exe
  2⤵
  PID:5660
- C:\Windows\System\scjZlpW.exe
  C:\Windows\System\scjZlpW.exe
  2⤵
  PID:5736
- C:\Windows\System\ZNgoToT.exe
  C:\Windows\System\ZNgoToT.exe
  2⤵
  PID:5756
- C:\Windows\System\jGEEERd.exe
  C:\Windows\System\jGEEERd.exe
  2⤵
  PID:5912
- C:\Windows\System\vnnTvjC.exe
  C:\Windows\System\vnnTvjC.exe
  2⤵
  PID:5924
- C:\Windows\System\nUXwWPD.exe
  C:\Windows\System\nUXwWPD.exe
  2⤵
  PID:5576
- C:\Windows\System\ocdYSiW.exe
  C:\Windows\System\ocdYSiW.exe
  2⤵
  PID:5532
- C:\Windows\System\qrmXQxM.exe
  C:\Windows\System\qrmXQxM.exe
  2⤵
  PID:6032
- C:\Windows\System\luyVGcI.exe
  C:\Windows\System\luyVGcI.exe
  2⤵
  PID:5716
- C:\Windows\System\RQPByxh.exe
  C:\Windows\System\RQPByxh.exe
  2⤵
  PID:5516
- C:\Windows\System\PxuUcwl.exe
  C:\Windows\System\PxuUcwl.exe
  2⤵
  PID:5992
- C:\Windows\System\XwwaHDo.exe
  C:\Windows\System\XwwaHDo.exe
  2⤵
  PID:6088
- C:\Windows\System\DAziMoe.exe
  C:\Windows\System\DAziMoe.exe
  2⤵
  PID:4980
- C:\Windows\System\oUJoBAe.exe
  C:\Windows\System\oUJoBAe.exe
  2⤵
  PID:5304
- C:\Windows\System\HlrluQQ.exe
  C:\Windows\System\HlrluQQ.exe
  2⤵
  PID:6132
- C:\Windows\System\hVeydHs.exe
  C:\Windows\System\hVeydHs.exe
  2⤵
  PID:5448
- C:\Windows\System\aWJowjT.exe
  C:\Windows\System\aWJowjT.exe
  2⤵
  PID:5528
- C:\Windows\System\GuRGTsT.exe
  C:\Windows\System\GuRGTsT.exe
  2⤵
  PID:5800
- C:\Windows\System\EuHyGKE.exe
  C:\Windows\System\EuHyGKE.exe
  2⤵
  PID:5372
- C:\Windows\System\WEIpQfP.exe
  C:\Windows\System\WEIpQfP.exe
  2⤵
  PID:4516
- C:\Windows\System\goAFETp.exe
  C:\Windows\System\goAFETp.exe
  2⤵
  PID:5932
- C:\Windows\System\rIBfQGd.exe
  C:\Windows\System\rIBfQGd.exe
  2⤵
  PID:5872
- C:\Windows\System\szVSvat.exe
  C:\Windows\System\szVSvat.exe
  2⤵
  PID:5804
- C:\Windows\System\pQExAfP.exe
  C:\Windows\System\pQExAfP.exe
  2⤵
  PID:5496
- C:\Windows\System\dnEqEeC.exe
  C:\Windows\System\dnEqEeC.exe
  2⤵
  PID:4916
- C:\Windows\System\XCtsuwg.exe
  C:\Windows\System\XCtsuwg.exe
  2⤵
  PID:6108
- C:\Windows\System\MqnoqFk.exe
  C:\Windows\System\MqnoqFk.exe
  2⤵
  PID:5160
- C:\Windows\System\qYDOOAb.exe
  C:\Windows\System\qYDOOAb.exe
  2⤵
  PID:6160
- C:\Windows\System\yKyhNlv.exe
  C:\Windows\System\yKyhNlv.exe
  2⤵
  PID:6176
- C:\Windows\System\xQSTAtV.exe
  C:\Windows\System\xQSTAtV.exe
  2⤵
  PID:6196
- C:\Windows\System\yILzMHu.exe
  C:\Windows\System\yILzMHu.exe
  2⤵
  PID:6220
- C:\Windows\System\nYmqBdb.exe
  C:\Windows\System\nYmqBdb.exe
  2⤵
  PID:6236
- C:\Windows\System\rVjsjUX.exe
  C:\Windows\System\rVjsjUX.exe
  2⤵
  PID:6252
- C:\Windows\System\LBYBHYc.exe
  C:\Windows\System\LBYBHYc.exe
  2⤵
  PID:6284
- C:\Windows\System\WlqfUGW.exe
  C:\Windows\System\WlqfUGW.exe
  2⤵
  PID:6312
- C:\Windows\System\AQXGqZr.exe
  C:\Windows\System\AQXGqZr.exe
  2⤵
  PID:6328
- C:\Windows\System\hEVivlC.exe
  C:\Windows\System\hEVivlC.exe
  2⤵
  PID:6344
- C:\Windows\System\TwnJrkR.exe
  C:\Windows\System\TwnJrkR.exe
  2⤵
  PID:6360
- C:\Windows\System\dyfUNZH.exe
  C:\Windows\System\dyfUNZH.exe
  2⤵
  PID:6376
- C:\Windows\System\oDmWSDK.exe
  C:\Windows\System\oDmWSDK.exe
  2⤵
  PID:6392
- C:\Windows\System\rDTzfpP.exe
  C:\Windows\System\rDTzfpP.exe
  2⤵
  PID:6408
- C:\Windows\System\hAAenKg.exe
  C:\Windows\System\hAAenKg.exe
  2⤵
  PID:6424
- C:\Windows\System\LWtrKPK.exe
  C:\Windows\System\LWtrKPK.exe
  2⤵
  PID:6448
- C:\Windows\System\NyOkqqo.exe
  C:\Windows\System\NyOkqqo.exe
  2⤵
  PID:6468
- C:\Windows\System\GCSmSZo.exe
  C:\Windows\System\GCSmSZo.exe
  2⤵
  PID:6508
- C:\Windows\System\fMlLMdz.exe
  C:\Windows\System\fMlLMdz.exe
  2⤵
  PID:6540
- C:\Windows\System\EpDOSsx.exe
  C:\Windows\System\EpDOSsx.exe
  2⤵
  PID:6560
- C:\Windows\System\mFHpHFc.exe
  C:\Windows\System\mFHpHFc.exe
  2⤵
  PID:6584
- C:\Windows\System\yWJiJTX.exe
  C:\Windows\System\yWJiJTX.exe
  2⤵
  PID:6616
- C:\Windows\System\QggkacC.exe
  C:\Windows\System\QggkacC.exe
  2⤵
  PID:6652
- C:\Windows\System\XjvqGRn.exe
  C:\Windows\System\XjvqGRn.exe
  2⤵
  PID:6672
- C:\Windows\System\KFHSfOX.exe
  C:\Windows\System\KFHSfOX.exe
  2⤵
  PID:6688
- C:\Windows\System\MzioXkc.exe
  C:\Windows\System\MzioXkc.exe
  2⤵
  PID:6704
- C:\Windows\System\KdEAxIp.exe
  C:\Windows\System\KdEAxIp.exe
  2⤵
  PID:6720
- C:\Windows\System\DXfjRAh.exe
  C:\Windows\System\DXfjRAh.exe
  2⤵
  PID:6736
- C:\Windows\System\yApUWnp.exe
  C:\Windows\System\yApUWnp.exe
  2⤵
  PID:6752
- C:\Windows\System\nINjXnc.exe
  C:\Windows\System\nINjXnc.exe
  2⤵
  PID:6792
- C:\Windows\System\WTaUGtn.exe
  C:\Windows\System\WTaUGtn.exe
  2⤵
  PID:6816
- C:\Windows\System\gsSBRhk.exe
  C:\Windows\System\gsSBRhk.exe
  2⤵
  PID:6832
- C:\Windows\System\ZwiqCmT.exe
  C:\Windows\System\ZwiqCmT.exe
  2⤵
  PID:6848
- C:\Windows\System\EZyNntS.exe
  C:\Windows\System\EZyNntS.exe
  2⤵
  PID:6864
- C:\Windows\System\HrNcnCI.exe
  C:\Windows\System\HrNcnCI.exe
  2⤵
  PID:6880
- C:\Windows\System\eiQXwpu.exe
  C:\Windows\System\eiQXwpu.exe
  2⤵
  PID:6896
- C:\Windows\System\jrHHmTo.exe
  C:\Windows\System\jrHHmTo.exe
  2⤵
  PID:6912
- C:\Windows\System\uOTuhiO.exe
  C:\Windows\System\uOTuhiO.exe
  2⤵
  PID:6928
- C:\Windows\System\WNxWMfp.exe
  C:\Windows\System\WNxWMfp.exe
  2⤵
  PID:6944
- C:\Windows\System\vjYNvYA.exe
  C:\Windows\System\vjYNvYA.exe
  2⤵
  PID:6988
- C:\Windows\System\NndAsfQ.exe
  C:\Windows\System\NndAsfQ.exe
  2⤵
  PID:7004
- C:\Windows\System\KBlVUFE.exe
  C:\Windows\System\KBlVUFE.exe
  2⤵
  PID:7020
- C:\Windows\System\KCyMlDn.exe
  C:\Windows\System\KCyMlDn.exe
  2⤵
  PID:7036
- C:\Windows\System\rZqWDfT.exe
  C:\Windows\System\rZqWDfT.exe
  2⤵
  PID:7052
- C:\Windows\System\gojpMEQ.exe
  C:\Windows\System\gojpMEQ.exe
  2⤵
  PID:7068
- C:\Windows\System\gzzLdAz.exe
  C:\Windows\System\gzzLdAz.exe
  2⤵
  PID:7084
- C:\Windows\System\Dvfpnqw.exe
  C:\Windows\System\Dvfpnqw.exe
  2⤵
  PID:7100
- C:\Windows\System\zeZevaZ.exe
  C:\Windows\System\zeZevaZ.exe
  2⤵
  PID:7116
- C:\Windows\System\frxdPeH.exe
  C:\Windows\System\frxdPeH.exe
  2⤵
  PID:7140
- C:\Windows\System\HnjdEfn.exe
  C:\Windows\System\HnjdEfn.exe
  2⤵
  PID:7156
- C:\Windows\System\xXJTkhe.exe
  C:\Windows\System\xXJTkhe.exe
  2⤵
  PID:5388
- C:\Windows\System\bdyWHRW.exe
  C:\Windows\System\bdyWHRW.exe
  2⤵
  PID:5796
- C:\Windows\System\EmYSUew.exe
  C:\Windows\System\EmYSUew.exe
  2⤵
  PID:6080
- C:\Windows\System\nwrZLJt.exe
  C:\Windows\System\nwrZLJt.exe
  2⤵
  PID:6204
- C:\Windows\System\NyFqWCb.exe
  C:\Windows\System\NyFqWCb.exe
  2⤵
  PID:5964
- C:\Windows\System\XcnvQKD.exe
  C:\Windows\System\XcnvQKD.exe
  2⤵
  PID:6292
- C:\Windows\System\ItFczld.exe
  C:\Windows\System\ItFczld.exe
  2⤵
  PID:6308
- C:\Windows\System\RtUCJtG.exe
  C:\Windows\System\RtUCJtG.exe
  2⤵
  PID:6436
- C:\Windows\System\lRXNtqX.exe
  C:\Windows\System\lRXNtqX.exe
  2⤵
  PID:6476
- C:\Windows\System\MAIbBra.exe
  C:\Windows\System\MAIbBra.exe
  2⤵
  PID:6192
- C:\Windows\System\jItEXRK.exe
  C:\Windows\System\jItEXRK.exe
  2⤵
  PID:6084
- C:\Windows\System\qmfdIdi.exe
  C:\Windows\System\qmfdIdi.exe
  2⤵
  PID:5324
- C:\Windows\System\oxrsUVs.exe
  C:\Windows\System\oxrsUVs.exe
  2⤵
  PID:6272
- C:\Windows\System\RsMyExA.exe
  C:\Windows\System\RsMyExA.exe
  2⤵
  PID:6416
- C:\Windows\System\RpvnfDM.exe
  C:\Windows\System\RpvnfDM.exe
  2⤵
  PID:6464
- C:\Windows\System\yXqeLnM.exe
  C:\Windows\System\yXqeLnM.exe
  2⤵
  PID:6260
- C:\Windows\System\WruRRbk.exe
  C:\Windows\System\WruRRbk.exe
  2⤵
  PID:6232
- C:\Windows\System\ltUghcR.exe
  C:\Windows\System\ltUghcR.exe
  2⤵
  PID:5272
- C:\Windows\System\mWnTFSy.exe
  C:\Windows\System\mWnTFSy.exe
  2⤵
  PID:5132
- C:\Windows\System\lgykpbd.exe
  C:\Windows\System\lgykpbd.exe
  2⤵
  PID:6496
- C:\Windows\System\OPgiEIu.exe
  C:\Windows\System\OPgiEIu.exe
  2⤵
  PID:6552
- C:\Windows\System\DtJBvNH.exe
  C:\Windows\System\DtJBvNH.exe
  2⤵
  PID:6600
- C:\Windows\System\vjzTyaG.exe
  C:\Windows\System\vjzTyaG.exe
  2⤵
  PID:6608
- C:\Windows\System\JeVUiZy.exe
  C:\Windows\System\JeVUiZy.exe
  2⤵
  PID:6664
- C:\Windows\System\eaXwIZD.exe
  C:\Windows\System\eaXwIZD.exe
  2⤵
  PID:6728
- C:\Windows\System\VPGGhki.exe
  C:\Windows\System\VPGGhki.exe
  2⤵
  PID:6532
- C:\Windows\System\lYJduiK.exe
  C:\Windows\System\lYJduiK.exe
  2⤵
  PID:6572
- C:\Windows\System\cRPJNnl.exe
  C:\Windows\System\cRPJNnl.exe
  2⤵
  PID:6628
- C:\Windows\System\rJXjcCM.exe
  C:\Windows\System\rJXjcCM.exe
  2⤵
  PID:6648
- C:\Windows\System\TbOEmWg.exe
  C:\Windows\System\TbOEmWg.exe
  2⤵
  PID:6516
- C:\Windows\System\hAsBzmR.exe
  C:\Windows\System\hAsBzmR.exe
  2⤵
  PID:6764
- C:\Windows\System\dvdqawr.exe
  C:\Windows\System\dvdqawr.exe
  2⤵
  PID:6776
- C:\Windows\System\uYwCKNz.exe
  C:\Windows\System\uYwCKNz.exe
  2⤵
  PID:6824
- C:\Windows\System\bgeJDpL.exe
  C:\Windows\System\bgeJDpL.exe
  2⤵
  PID:6888
- C:\Windows\System\bOqVwyj.exe
  C:\Windows\System\bOqVwyj.exe
  2⤵
  PID:6952
- C:\Windows\System\DYHQRBw.exe
  C:\Windows\System\DYHQRBw.exe
  2⤵
  PID:6968
- C:\Windows\System\BhaQfcg.exe
  C:\Windows\System\BhaQfcg.exe
  2⤵
  PID:6984
- C:\Windows\System\sjufacT.exe
  C:\Windows\System\sjufacT.exe
  2⤵
  PID:7044
- C:\Windows\System\mAWlcPh.exe
  C:\Windows\System\mAWlcPh.exe
  2⤵
  PID:7080
- C:\Windows\System\pNrAHcg.exe
  C:\Windows\System\pNrAHcg.exe
  2⤵
  PID:5128
- C:\Windows\System\UJjxbMJ.exe
  C:\Windows\System\UJjxbMJ.exe
  2⤵
  PID:6212
- C:\Windows\System\YEoLRPp.exe
  C:\Windows\System\YEoLRPp.exe
  2⤵
  PID:6340
- C:\Windows\System\DShYNxl.exe
  C:\Windows\System\DShYNxl.exe
  2⤵
  PID:6400
- C:\Windows\System\KRXaBIn.exe
  C:\Windows\System\KRXaBIn.exe
  2⤵
  PID:6484
- C:\Windows\System\KxcJczQ.exe
  C:\Windows\System\KxcJczQ.exe
  2⤵
  PID:7184
- C:\Windows\System\JyYJUyp.exe
  C:\Windows\System\JyYJUyp.exe
  2⤵
  PID:7200
- C:\Windows\System\YZjhBKW.exe
  C:\Windows\System\YZjhBKW.exe
  2⤵
  PID:7216
- C:\Windows\System\btiraDU.exe
  C:\Windows\System\btiraDU.exe
  2⤵
  PID:7232
- C:\Windows\System\OsUrniX.exe
  C:\Windows\System\OsUrniX.exe
  2⤵
  PID:7248
- C:\Windows\System\QFJdFCi.exe
  C:\Windows\System\QFJdFCi.exe
  2⤵
  PID:7264
- C:\Windows\System\nSOfthV.exe
  C:\Windows\System\nSOfthV.exe
  2⤵
  PID:7280
- C:\Windows\System\kVuhgpW.exe
  C:\Windows\System\kVuhgpW.exe
  2⤵
  PID:7312
- C:\Windows\System\KvjLDYi.exe
  C:\Windows\System\KvjLDYi.exe
  2⤵
  PID:7336
- C:\Windows\System\GppnQhw.exe
  C:\Windows\System\GppnQhw.exe
  2⤵
  PID:7364
- C:\Windows\System\fQuBPCT.exe
  C:\Windows\System\fQuBPCT.exe
  2⤵
  PID:7380
- C:\Windows\System\egLCmuC.exe
  C:\Windows\System\egLCmuC.exe
  2⤵
  PID:7396
- C:\Windows\System\toaBjlL.exe
  C:\Windows\System\toaBjlL.exe
  2⤵
  PID:7412
- C:\Windows\System\QEnztUR.exe
  C:\Windows\System\QEnztUR.exe
  2⤵
  PID:7428
- C:\Windows\System\YXGxAHM.exe
  C:\Windows\System\YXGxAHM.exe
  2⤵
  PID:7444
- C:\Windows\System\LrOlGeF.exe
  C:\Windows\System\LrOlGeF.exe
  2⤵
  PID:7460
- C:\Windows\System\QjZgouM.exe
  C:\Windows\System\QjZgouM.exe
  2⤵
  PID:7476
- C:\Windows\System\HjPcDyR.exe
  C:\Windows\System\HjPcDyR.exe
  2⤵
  PID:7492
- C:\Windows\System\ztHMlXl.exe
  C:\Windows\System\ztHMlXl.exe
  2⤵
  PID:7508
- C:\Windows\System\prVejyK.exe
  C:\Windows\System\prVejyK.exe
  2⤵
  PID:7524
- C:\Windows\System\yxKLtUF.exe
  C:\Windows\System\yxKLtUF.exe
  2⤵
  PID:7540
- C:\Windows\System\tTUqLxY.exe
  C:\Windows\System\tTUqLxY.exe
  2⤵
  PID:7556
- C:\Windows\System\CBBCzUO.exe
  C:\Windows\System\CBBCzUO.exe
  2⤵
  PID:7572
- C:\Windows\System\NSmVgAH.exe
  C:\Windows\System\NSmVgAH.exe
  2⤵
  PID:7588
- C:\Windows\System\zYlJlvT.exe
  C:\Windows\System\zYlJlvT.exe
  2⤵
  PID:7604
- C:\Windows\System\tuNwYPe.exe
  C:\Windows\System\tuNwYPe.exe
  2⤵
  PID:7620
- C:\Windows\System\KFDUQlS.exe
  C:\Windows\System\KFDUQlS.exe
  2⤵
  PID:7636
- C:\Windows\System\DIvJfSF.exe
  C:\Windows\System\DIvJfSF.exe
  2⤵
  PID:7652
- C:\Windows\System\LpfIMPt.exe
  C:\Windows\System\LpfIMPt.exe
  2⤵
  PID:7668
- C:\Windows\System\bBeKWsE.exe
  C:\Windows\System\bBeKWsE.exe
  2⤵
  PID:7684
- C:\Windows\System\fCdKKLC.exe
  C:\Windows\System\fCdKKLC.exe
  2⤵
  PID:7700
- C:\Windows\System\nwIsupF.exe
  C:\Windows\System\nwIsupF.exe
  2⤵
  PID:7716
- C:\Windows\System\UmQqBqm.exe
  C:\Windows\System\UmQqBqm.exe
  2⤵
  PID:7732
- C:\Windows\System\nduREGD.exe
  C:\Windows\System\nduREGD.exe
  2⤵
  PID:7748
- C:\Windows\System\YGFUnXY.exe
  C:\Windows\System\YGFUnXY.exe
  2⤵
  PID:7764
- C:\Windows\System\kliRSBS.exe
  C:\Windows\System\kliRSBS.exe
  2⤵
  PID:7780
- C:\Windows\System\IVTAhXa.exe
  C:\Windows\System\IVTAhXa.exe
  2⤵
  PID:7796
- C:\Windows\System\avpTjiJ.exe
  C:\Windows\System\avpTjiJ.exe
  2⤵
  PID:7812
- C:\Windows\System\TKEraaO.exe
  C:\Windows\System\TKEraaO.exe
  2⤵
  PID:7828
- C:\Windows\System\jqPRVQr.exe
  C:\Windows\System\jqPRVQr.exe
  2⤵
  PID:7844
- C:\Windows\System\TOMaVfR.exe
  C:\Windows\System\TOMaVfR.exe
  2⤵
  PID:7860
- C:\Windows\System\TlVbHdO.exe
  C:\Windows\System\TlVbHdO.exe
  2⤵
  PID:7876
- C:\Windows\System\fWnwrMA.exe
  C:\Windows\System\fWnwrMA.exe
  2⤵
  PID:7892
- C:\Windows\System\iGgUyFc.exe
  C:\Windows\System\iGgUyFc.exe
  2⤵
  PID:7908
- C:\Windows\System\xnUbybU.exe
  C:\Windows\System\xnUbybU.exe
  2⤵
  PID:7924
- C:\Windows\System\HigWcOC.exe
  C:\Windows\System\HigWcOC.exe
  2⤵
  PID:7944
- C:\Windows\System\IqMLOYT.exe
  C:\Windows\System\IqMLOYT.exe
  2⤵
  PID:7960
- C:\Windows\System\qowzBgv.exe
  C:\Windows\System\qowzBgv.exe
  2⤵
  PID:7976
- C:\Windows\System\SRBvUaR.exe
  C:\Windows\System\SRBvUaR.exe
  2⤵
  PID:7992
- C:\Windows\System\sffUfvY.exe
  C:\Windows\System\sffUfvY.exe
  2⤵
  PID:8008
- C:\Windows\System\OqTHewF.exe
  C:\Windows\System\OqTHewF.exe
  2⤵
  PID:8024
- C:\Windows\System\aqzpdLe.exe
  C:\Windows\System\aqzpdLe.exe
  2⤵
  PID:8040
- C:\Windows\System\RlPqKny.exe
  C:\Windows\System\RlPqKny.exe
  2⤵
  PID:8056
- C:\Windows\System\ZdraHxS.exe
  C:\Windows\System\ZdraHxS.exe
  2⤵
  PID:8072
- C:\Windows\System\JqFgNqH.exe
  C:\Windows\System\JqFgNqH.exe
  2⤵
  PID:8088
- C:\Windows\System\cJSMDFb.exe
  C:\Windows\System\cJSMDFb.exe
  2⤵
  PID:8104
- C:\Windows\System\YDPywrU.exe
  C:\Windows\System\YDPywrU.exe
  2⤵
  PID:8120
- C:\Windows\System\obqRqYB.exe
  C:\Windows\System\obqRqYB.exe
  2⤵
  PID:8136
- C:\Windows\System\CundUmG.exe
  C:\Windows\System\CundUmG.exe
  2⤵
  PID:8152
- C:\Windows\System\pdITqrx.exe
  C:\Windows\System\pdITqrx.exe
  2⤵
  PID:8168
- C:\Windows\System\mdsLQSI.exe
  C:\Windows\System\mdsLQSI.exe
  2⤵
  PID:8184
- C:\Windows\System\UnfFxJh.exe
  C:\Windows\System\UnfFxJh.exe
  2⤵
  PID:5692
- C:\Windows\System\LKVIwOx.exe
  C:\Windows\System\LKVIwOx.exe
  2⤵
  PID:6276
- C:\Windows\System\xRLKGjy.exe
  C:\Windows\System\xRLKGjy.exe
  2⤵
  PID:5224
- C:\Windows\System\shZAZrC.exe
  C:\Windows\System\shZAZrC.exe
  2⤵
  PID:6636
- C:\Windows\System\affSBYq.exe
  C:\Windows\System\affSBYq.exe
  2⤵
  PID:6624
- C:\Windows\System\PlRpVfL.exe
  C:\Windows\System\PlRpVfL.exe
  2⤵
  PID:6772
- C:\Windows\System\NHtbMhb.exe
  C:\Windows\System\NHtbMhb.exe
  2⤵
  PID:6964
- C:\Windows\System\qQQSmhM.exe
  C:\Windows\System\qQQSmhM.exe
  2⤵
  PID:7152
- C:\Windows\System\ASheTju.exe
  C:\Windows\System\ASheTju.exe
  2⤵
  PID:6488
- C:\Windows\System\RrhPUHA.exe
  C:\Windows\System\RrhPUHA.exe
  2⤵
  PID:7228
- C:\Windows\System\mbvApDB.exe
  C:\Windows\System\mbvApDB.exe
  2⤵
  PID:6804
- C:\Windows\System\BflemJE.exe
  C:\Windows\System\BflemJE.exe
  2⤵
  PID:7304
- C:\Windows\System\AvEuwkL.exe
  C:\Windows\System\AvEuwkL.exe
  2⤵
  PID:1712
- C:\Windows\System\JkaGDHo.exe
  C:\Windows\System\JkaGDHo.exe
  2⤵
  PID:6368
- C:\Windows\System\JVctvka.exe
  C:\Windows\System\JVctvka.exe
  2⤵
  PID:7128
- C:\Windows\System\MAQXPEq.exe
  C:\Windows\System\MAQXPEq.exe
  2⤵
  PID:6744
- C:\Windows\System\fAKOrso.exe
  C:\Windows\System\fAKOrso.exe
  2⤵
  PID:6980
- C:\Windows\System\BApcMhC.exe
  C:\Windows\System\BApcMhC.exe
  2⤵
  PID:7176
- C:\Windows\System\jrJHyGH.exe
  C:\Windows\System\jrJHyGH.exe
  2⤵
  PID:7244
- C:\Windows\System\GqHJFlW.exe
  C:\Windows\System\GqHJFlW.exe
  2⤵
  PID:6520
- C:\Windows\System\kcFHCAr.exe
  C:\Windows\System\kcFHCAr.exe
  2⤵
  PID:5704
- C:\Windows\System\QTjwZdL.exe
  C:\Windows\System\QTjwZdL.exe
  2⤵
  PID:6612
- C:\Windows\System\kNnyXon.exe
  C:\Windows\System\kNnyXon.exe
  2⤵
  PID:6324
- C:\Windows\System\MXQEExY.exe
  C:\Windows\System\MXQEExY.exe
  2⤵
  PID:6184
- C:\Windows\System\KjBYbZs.exe
  C:\Windows\System\KjBYbZs.exe
  2⤵
  PID:6440
- C:\Windows\System\VFJweOg.exe
  C:\Windows\System\VFJweOg.exe
  2⤵
  PID:5960
- C:\Windows\System\SPyfjNU.exe
  C:\Windows\System\SPyfjNU.exe
  2⤵
  PID:7164
- C:\Windows\System\PjUDssh.exe
  C:\Windows\System\PjUDssh.exe
  2⤵
  PID:7092
- C:\Windows\System\QgbOiyA.exe
  C:\Windows\System\QgbOiyA.exe
  2⤵
  PID:7000
- C:\Windows\System\kieVbif.exe
  C:\Windows\System\kieVbif.exe
  2⤵
  PID:6908
- C:\Windows\System\XUOjULR.exe
  C:\Windows\System\XUOjULR.exe
  2⤵
  PID:6840
- C:\Windows\System\VhsMOdt.exe
  C:\Windows\System\VhsMOdt.exe
  2⤵
  PID:7344
- C:\Windows\System\rpTgUoI.exe
  C:\Windows\System\rpTgUoI.exe
  2⤵
  PID:7388
- C:\Windows\System\uBNStEX.exe
  C:\Windows\System\uBNStEX.exe
  2⤵
  PID:7452
- C:\Windows\System\QqKgenP.exe
  C:\Windows\System\QqKgenP.exe
  2⤵
  PID:7488
- C:\Windows\System\NdVjDTt.exe
  C:\Windows\System\NdVjDTt.exe
  2⤵
  PID:7552
- C:\Windows\System\AzaMalx.exe
  C:\Windows\System\AzaMalx.exe
  2⤵
  PID:7616
- C:\Windows\System\IrfTMNH.exe
  C:\Windows\System\IrfTMNH.exe
  2⤵
  PID:7376
- C:\Windows\System\JeJyJLJ.exe
  C:\Windows\System\JeJyJLJ.exe
  2⤵
  PID:7440
- C:\Windows\System\hDmorUn.exe
  C:\Windows\System\hDmorUn.exe
  2⤵
  PID:7680
- C:\Windows\System\KrhFYOC.exe
  C:\Windows\System\KrhFYOC.exe
  2⤵
  PID:7504
- C:\Windows\System\WMcqrWj.exe
  C:\Windows\System\WMcqrWj.exe
  2⤵
  PID:7568
- C:\Windows\System\SYMLIuD.exe
  C:\Windows\System\SYMLIuD.exe
  2⤵
  PID:7692
- C:\Windows\System\zOqYuuJ.exe
  C:\Windows\System\zOqYuuJ.exe
  2⤵
  PID:7724
- C:\Windows\System\gwSiSuV.exe
  C:\Windows\System\gwSiSuV.exe
  2⤵
  PID:7824
- C:\Windows\System\rAdlTgR.exe
  C:\Windows\System\rAdlTgR.exe
  2⤵
  PID:7740
- C:\Windows\System\SISetAC.exe
  C:\Windows\System\SISetAC.exe
  2⤵
  PID:7776
- C:\Windows\System\pISTDbk.exe
  C:\Windows\System\pISTDbk.exe
  2⤵
  PID:7868
- C:\Windows\System\vvVMgIk.exe
  C:\Windows\System\vvVMgIk.exe
  2⤵
  PID:7932
- C:\Windows\System\hBrHSmt.exe
  C:\Windows\System\hBrHSmt.exe
  2⤵
  PID:8000
- C:\Windows\System\bFeewaA.exe
  C:\Windows\System\bFeewaA.exe
  2⤵
  PID:8064
- C:\Windows\System\EyjJtBv.exe
  C:\Windows\System\EyjJtBv.exe
  2⤵
  PID:7788
- C:\Windows\System\oAipHyo.exe
  C:\Windows\System\oAipHyo.exe
  2⤵
  PID:8052
- C:\Windows\System\CHvljzP.exe
  C:\Windows\System\CHvljzP.exe
  2⤵
  PID:7888
- C:\Windows\System\RPxOdlP.exe
  C:\Windows\System\RPxOdlP.exe
  2⤵
  PID:7988
- C:\Windows\System\NlkLwuA.exe
  C:\Windows\System\NlkLwuA.exe
  2⤵
  PID:8116
- C:\Windows\System\pnYBggD.exe
  C:\Windows\System\pnYBggD.exe
  2⤵
  PID:4604
- C:\Windows\System\yaTdSVw.exe
  C:\Windows\System\yaTdSVw.exe
  2⤵
  PID:6580
- C:\Windows\System\aivMPvF.exe
  C:\Windows\System\aivMPvF.exe
  2⤵
  PID:6432
- C:\Windows\System\UrUPhpU.exe
  C:\Windows\System\UrUPhpU.exe
  2⤵
  PID:8084
- C:\Windows\System\RyHXPmf.exe
  C:\Windows\System\RyHXPmf.exe
  2⤵
  PID:6388
- C:\Windows\System\WQReWGW.exe
  C:\Windows\System\WQReWGW.exe
  2⤵
  PID:6228
- C:\Windows\System\iGYYxCE.exe
  C:\Windows\System\iGYYxCE.exe
  2⤵
  PID:7196
- C:\Windows\System\RphlCty.exe
  C:\Windows\System\RphlCty.exe
  2⤵
  PID:7148
- C:\Windows\System\ejqjhbz.exe
  C:\Windows\System\ejqjhbz.exe
  2⤵
  PID:7064
- C:\Windows\System\kMUZrPH.exe
  C:\Windows\System\kMUZrPH.exe
  2⤵
  PID:7296
- C:\Windows\System\YkXWtgf.exe
  C:\Windows\System\YkXWtgf.exe
  2⤵
  PID:7076
- C:\Windows\System\pXJvHYF.exe
  C:\Windows\System\pXJvHYF.exe
  2⤵
  PID:3964
- C:\Windows\System\MwznEYR.exe
  C:\Windows\System\MwznEYR.exe
  2⤵
  PID:6024
- C:\Windows\System\yKUWUVM.exe
  C:\Windows\System\yKUWUVM.exe
  2⤵
  PID:6640
- C:\Windows\System\waEGbCz.exe
  C:\Windows\System\waEGbCz.exe
  2⤵
  PID:6172
- C:\Windows\System\tANWfsJ.exe
  C:\Windows\System\tANWfsJ.exe
  2⤵
  PID:6300
- C:\Windows\System\uBIFQss.exe
  C:\Windows\System\uBIFQss.exe
  2⤵
  PID:6940
- C:\Windows\System\hVuxfhT.exe
  C:\Windows\System\hVuxfhT.exe
  2⤵
  PID:7420
- C:\Windows\System\hdNIdSU.exe
  C:\Windows\System\hdNIdSU.exe
  2⤵
  PID:7648
- C:\Windows\System\FUdotJq.exe
  C:\Windows\System\FUdotJq.exe
  2⤵
  PID:6904
- C:\Windows\System\XcrNBUp.exe
  C:\Windows\System\XcrNBUp.exe
  2⤵
  PID:7360
- C:\Windows\System\XhGIiyB.exe
  C:\Windows\System\XhGIiyB.exe
  2⤵
  PID:7408
- C:\Windows\System\SfAHMpz.exe
  C:\Windows\System\SfAHMpz.exe
  2⤵
  PID:7664
- C:\Windows\System\vFjtMxA.exe
  C:\Windows\System\vFjtMxA.exe
  2⤵
  PID:7792
- C:\Windows\System\QNhwpcA.exe
  C:\Windows\System\QNhwpcA.exe
  2⤵
  PID:7772
- C:\Windows\System\CGyhdrt.exe
  C:\Windows\System\CGyhdrt.exe
  2⤵
  PID:7708
- C:\Windows\System\qrSXnfn.exe
  C:\Windows\System\qrSXnfn.exe
  2⤵
  PID:8032
- C:\Windows\System\vachWpg.exe
  C:\Windows\System\vachWpg.exe
  2⤵
  PID:8036
- C:\Windows\System\goYLOUk.exe
  C:\Windows\System\goYLOUk.exe
  2⤵
  PID:7956
- C:\Windows\System\ksvZzRb.exe
  C:\Windows\System\ksvZzRb.exe
  2⤵
  PID:8132
- C:\Windows\System\qUEcHCY.exe
  C:\Windows\System\qUEcHCY.exe
  2⤵
  PID:6768
- C:\Windows\System\xxTNerF.exe
  C:\Windows\System\xxTNerF.exe
  2⤵
  PID:6528
- C:\Windows\System\BkdRcEx.exe
  C:\Windows\System\BkdRcEx.exe
  2⤵
  PID:7760
- C:\Windows\System\LThkVoU.exe
  C:\Windows\System\LThkVoU.exe
  2⤵
  PID:6596
- C:\Windows\System\cQrVMzg.exe
  C:\Windows\System\cQrVMzg.exe
  2⤵
  PID:6788
- C:\Windows\System\pQKbrYQ.exe
  C:\Windows\System\pQKbrYQ.exe
  2⤵
  PID:6320
- C:\Windows\System\rJnonHh.exe
  C:\Windows\System\rJnonHh.exe
  2⤵
  PID:7096
- C:\Windows\System\quDSslm.exe
  C:\Windows\System\quDSslm.exe
  2⤵
  PID:7240
- C:\Windows\System\mmYYeoe.exe
  C:\Windows\System\mmYYeoe.exe
  2⤵
  PID:7472
- C:\Windows\System\MpicxeR.exe
  C:\Windows\System\MpicxeR.exe
  2⤵
  PID:5228
- C:\Windows\System\CikRKLU.exe
  C:\Windows\System\CikRKLU.exe
  2⤵
  PID:7328
- C:\Windows\System\CtHVghZ.exe
  C:\Windows\System\CtHVghZ.exe
  2⤵
  PID:1164
- C:\Windows\System\lYpYsKM.exe
  C:\Windows\System\lYpYsKM.exe
  2⤵
  PID:7804
- C:\Windows\System\INBbWbl.exe
  C:\Windows\System\INBbWbl.exe
  2⤵
  PID:7940
- C:\Windows\System\iUKLaei.exe
  C:\Windows\System\iUKLaei.exe
  2⤵
  PID:6492
- C:\Windows\System\fLziMQt.exe
  C:\Windows\System\fLziMQt.exe
  2⤵
  PID:7132
- C:\Windows\System\XvWqAUi.exe
  C:\Windows\System\XvWqAUi.exe
  2⤵
  PID:8048
- C:\Windows\System\Hphsrvf.exe
  C:\Windows\System\Hphsrvf.exe
  2⤵
  PID:6976
- C:\Windows\System\LAwuezA.exe
  C:\Windows\System\LAwuezA.exe
  2⤵
  PID:7712
- C:\Windows\System\nLHfcpd.exe
  C:\Windows\System\nLHfcpd.exe
  2⤵
  PID:6264
- C:\Windows\System\sSCJgeL.exe
  C:\Windows\System\sSCJgeL.exe
  2⤵
  PID:8020
- C:\Windows\System\olExksr.exe
  C:\Windows\System\olExksr.exe
  2⤵
  PID:7548
- C:\Windows\System\pYkGbZv.exe
  C:\Windows\System\pYkGbZv.exe
  2⤵
  PID:7756
- C:\Windows\System\MqAkUJJ.exe
  C:\Windows\System\MqAkUJJ.exe
  2⤵
  PID:8204
- C:\Windows\System\UrwMVuF.exe
  C:\Windows\System\UrwMVuF.exe
  2⤵
  PID:8220
- C:\Windows\System\kgCsKRE.exe
  C:\Windows\System\kgCsKRE.exe
  2⤵
  PID:8236
- C:\Windows\System\ymxdkGf.exe
  C:\Windows\System\ymxdkGf.exe
  2⤵
  PID:8252
- C:\Windows\System\UKYCDkZ.exe
  C:\Windows\System\UKYCDkZ.exe
  2⤵
  PID:8268
- C:\Windows\System\wHtCweE.exe
  C:\Windows\System\wHtCweE.exe
  2⤵
  PID:8284
- C:\Windows\System\MJHnzcq.exe
  C:\Windows\System\MJHnzcq.exe
  2⤵
  PID:8300
- C:\Windows\System\UUOPhmL.exe
  C:\Windows\System\UUOPhmL.exe
  2⤵
  PID:8316
- C:\Windows\System\SQQQqcl.exe
  C:\Windows\System\SQQQqcl.exe
  2⤵
  PID:8332
- C:\Windows\System\SllKlTh.exe
  C:\Windows\System\SllKlTh.exe
  2⤵
  PID:8348
- C:\Windows\System\MkVspTd.exe
  C:\Windows\System\MkVspTd.exe
  2⤵
  PID:8364
- C:\Windows\System\jrMAdAk.exe
  C:\Windows\System\jrMAdAk.exe
  2⤵
  PID:8380
- C:\Windows\System\wZIJbxr.exe
  C:\Windows\System\wZIJbxr.exe
  2⤵
  PID:8396
- C:\Windows\System\cPJURuz.exe
  C:\Windows\System\cPJURuz.exe
  2⤵
  PID:8412
- C:\Windows\System\fVTDPgO.exe
  C:\Windows\System\fVTDPgO.exe
  2⤵
  PID:8428
- C:\Windows\System\WJtmmKr.exe
  C:\Windows\System\WJtmmKr.exe
  2⤵
  PID:8452
- C:\Windows\System\SuwvPox.exe
  C:\Windows\System\SuwvPox.exe
  2⤵
  PID:8512
- C:\Windows\System\etQMxpk.exe
  C:\Windows\System\etQMxpk.exe
  2⤵
  PID:8548
- C:\Windows\System\vEoDSiD.exe
  C:\Windows\System\vEoDSiD.exe
  2⤵
  PID:8564
- C:\Windows\System\JNkHlJe.exe
  C:\Windows\System\JNkHlJe.exe
  2⤵
  PID:8580
- C:\Windows\System\gYKODsa.exe
  C:\Windows\System\gYKODsa.exe
  2⤵
  PID:8596
- C:\Windows\System\QglfuKo.exe
  C:\Windows\System\QglfuKo.exe
  2⤵
  PID:8612
- C:\Windows\System\PegPewy.exe
  C:\Windows\System\PegPewy.exe
  2⤵
  PID:8628
- C:\Windows\System\VBkplKE.exe
  C:\Windows\System\VBkplKE.exe
  2⤵
  PID:8644
- C:\Windows\System\qqtLpKn.exe
  C:\Windows\System\qqtLpKn.exe
  2⤵
  PID:8660
- C:\Windows\System\KXdcOrc.exe
  C:\Windows\System\KXdcOrc.exe
  2⤵
  PID:8676
- C:\Windows\System\pHTuOux.exe
  C:\Windows\System\pHTuOux.exe
  2⤵
  PID:8692
- C:\Windows\System\fVjLWwX.exe
  C:\Windows\System\fVjLWwX.exe
  2⤵
  PID:8708
- C:\Windows\System\HFbpSeY.exe
  C:\Windows\System\HFbpSeY.exe
  2⤵
  PID:8724
- C:\Windows\System\sfAhebt.exe
  C:\Windows\System\sfAhebt.exe
  2⤵
  PID:8740
- C:\Windows\System\PPoIlSi.exe
  C:\Windows\System\PPoIlSi.exe
  2⤵
  PID:8756
- C:\Windows\System\yBgBtyL.exe
  C:\Windows\System\yBgBtyL.exe
  2⤵
  PID:8772
- C:\Windows\System\hsfziix.exe
  C:\Windows\System\hsfziix.exe
  2⤵
  PID:8788
- C:\Windows\System\dkvEWdB.exe
  C:\Windows\System\dkvEWdB.exe
  2⤵
  PID:8804
- C:\Windows\System\TNjEULl.exe
  C:\Windows\System\TNjEULl.exe
  2⤵
  PID:8820
- C:\Windows\System\oUyJPfF.exe
  C:\Windows\System\oUyJPfF.exe
  2⤵
  PID:8836
- C:\Windows\System\wqPVRgh.exe
  C:\Windows\System\wqPVRgh.exe
  2⤵
  PID:8852
- C:\Windows\System\xGAPjhW.exe
  C:\Windows\System\xGAPjhW.exe
  2⤵
  PID:8872
- C:\Windows\System\ybcXTUc.exe
  C:\Windows\System\ybcXTUc.exe
  2⤵
  PID:8888
- C:\Windows\System\pLIflhR.exe
  C:\Windows\System\pLIflhR.exe
  2⤵
  PID:8940
- C:\Windows\System\hxpHDbH.exe
  C:\Windows\System\hxpHDbH.exe
  2⤵
  PID:8956
- C:\Windows\System\rZoaPQu.exe
  C:\Windows\System\rZoaPQu.exe
  2⤵
  PID:8976
- C:\Windows\System\LCHWdLu.exe
  C:\Windows\System\LCHWdLu.exe
  2⤵
  PID:9040
- C:\Windows\System\OyIVNvX.exe
  C:\Windows\System\OyIVNvX.exe
  2⤵
  PID:9056
- C:\Windows\System\GSvHQNN.exe
  C:\Windows\System\GSvHQNN.exe
  2⤵
  PID:9084
- C:\Windows\System\twVobDn.exe
  C:\Windows\System\twVobDn.exe
  2⤵
  PID:9100
- C:\Windows\System\JWvqHEw.exe
  C:\Windows\System\JWvqHEw.exe
  2⤵
  PID:9116
- C:\Windows\System\qGYTdGB.exe
  C:\Windows\System\qGYTdGB.exe
  2⤵
  PID:9132
- C:\Windows\System\RZgzHaR.exe
  C:\Windows\System\RZgzHaR.exe
  2⤵
  PID:9148
- C:\Windows\System\KeAXfJI.exe
  C:\Windows\System\KeAXfJI.exe
  2⤵
  PID:9164
- C:\Windows\System\WEdFrDQ.exe
  C:\Windows\System\WEdFrDQ.exe
  2⤵
  PID:9180
- C:\Windows\System\vVzUkza.exe
  C:\Windows\System\vVzUkza.exe
  2⤵
  PID:9196
- C:\Windows\System\RcxXzNU.exe
  C:\Windows\System\RcxXzNU.exe
  2⤵
  PID:7852
- C:\Windows\System\vFxNsTc.exe
  C:\Windows\System\vFxNsTc.exe
  2⤵
  PID:8216
- C:\Windows\System\iDwtAPW.exe
  C:\Windows\System\iDwtAPW.exe
  2⤵
  PID:7984
- C:\Windows\System\PQkUNgD.exe
  C:\Windows\System\PQkUNgD.exe
  2⤵
  PID:5868
- C:\Windows\System\TLkFCdK.exe
  C:\Windows\System\TLkFCdK.exe
  2⤵
  PID:8196
- C:\Windows\System\knrtvsk.exe
  C:\Windows\System\knrtvsk.exe
  2⤵
  PID:8248
- C:\Windows\System\sCdlVjz.exe
  C:\Windows\System\sCdlVjz.exe
  2⤵
  PID:8312
- C:\Windows\System\KrSNoPY.exe
  C:\Windows\System\KrSNoPY.exe
  2⤵
  PID:8376
- C:\Windows\System\uPKztAw.exe
  C:\Windows\System\uPKztAw.exe
  2⤵
  PID:8260
- C:\Windows\System\rzKYHQq.exe
  C:\Windows\System\rzKYHQq.exe
  2⤵
  PID:8356
- C:\Windows\System\vQVhdCF.exe
  C:\Windows\System\vQVhdCF.exe
  2⤵
  PID:8408
- C:\Windows\System\mqTqamU.exe
  C:\Windows\System\mqTqamU.exe
  2⤵
  PID:8424
- C:\Windows\System\QjoeQUJ.exe
  C:\Windows\System\QjoeQUJ.exe
  2⤵
  PID:8460
- C:\Windows\System\VMQPZBK.exe
  C:\Windows\System\VMQPZBK.exe
  2⤵
  PID:8492
- C:\Windows\System\sECFroC.exe
  C:\Windows\System\sECFroC.exe
  2⤵
  PID:8520
- C:\Windows\System\KyghcnW.exe
  C:\Windows\System\KyghcnW.exe
  2⤵
  PID:8532
- C:\Windows\System\lFAbbNF.exe
  C:\Windows\System\lFAbbNF.exe
  2⤵
  PID:8540
- C:\Windows\System\qUqWngz.exe
  C:\Windows\System\qUqWngz.exe
  2⤵
  PID:8604
- C:\Windows\System\SNTGoHv.exe
  C:\Windows\System\SNTGoHv.exe
  2⤵
  PID:8560
- C:\Windows\System\hfHOYQm.exe
  C:\Windows\System\hfHOYQm.exe
  2⤵
  PID:8624
- C:\Windows\System\vpWAPuK.exe
  C:\Windows\System\vpWAPuK.exe
  2⤵
  PID:8700
- C:\Windows\System\hlhElZk.exe
  C:\Windows\System\hlhElZk.exe
  2⤵
  PID:8764
- C:\Windows\System\IMkKjaV.exe
  C:\Windows\System\IMkKjaV.exe
  2⤵
  PID:8828
- C:\Windows\System\fxbIdvX.exe
  C:\Windows\System\fxbIdvX.exe
  2⤵
  PID:8656
- C:\Windows\System\NVQvoAe.exe
  C:\Windows\System\NVQvoAe.exe
  2⤵
  PID:8688
- C:\Windows\System\dDoJZrk.exe
  C:\Windows\System\dDoJZrk.exe
  2⤵
  PID:8848
- C:\Windows\System\cYahcGo.exe
  C:\Windows\System\cYahcGo.exe
  2⤵
  PID:8716
- C:\Windows\System\DMEBLPb.exe
  C:\Windows\System\DMEBLPb.exe
  2⤵
  PID:8884
- C:\Windows\System\eskytnj.exe
  C:\Windows\System\eskytnj.exe
  2⤵
  PID:8908
- C:\Windows\System\zhKDxPA.exe
  C:\Windows\System\zhKDxPA.exe
  2⤵
  PID:8932
- C:\Windows\System\NXzztBH.exe
  C:\Windows\System\NXzztBH.exe
  2⤵
  PID:8948
- C:\Windows\System\DdlxVSi.exe
  C:\Windows\System\DdlxVSi.exe
  2⤵
  PID:8988
- C:\Windows\System\CdnlWQl.exe
  C:\Windows\System\CdnlWQl.exe
  2⤵
  PID:9004
- C:\Windows\System\fjPIJao.exe
  C:\Windows\System\fjPIJao.exe
  2⤵
  PID:9012
- C:\Windows\System\QGjrQro.exe
  C:\Windows\System\QGjrQro.exe
  2⤵
  PID:9032
- C:\Windows\System\PmucdFO.exe
  C:\Windows\System\PmucdFO.exe
  2⤵
  PID:9036
- C:\Windows\System\lyGBbEu.exe
  C:\Windows\System\lyGBbEu.exe
  2⤵
  PID:9092
- C:\Windows\System\FxRIJLq.exe
  C:\Windows\System\FxRIJLq.exe
  2⤵
  PID:9156
- C:\Windows\System\lemrLdc.exe
  C:\Windows\System\lemrLdc.exe
  2⤵
  PID:9108
- C:\Windows\System\xjdMwIb.exe
  C:\Windows\System\xjdMwIb.exe
  2⤵
  PID:9172
- C:\Windows\System\QmrQtHJ.exe
  C:\Windows\System\QmrQtHJ.exe
  2⤵
  PID:5884
- C:\Windows\System\KskKyNZ.exe
  C:\Windows\System\KskKyNZ.exe
  2⤵
  PID:7628
- C:\Windows\System\cAnvsev.exe
  C:\Windows\System\cAnvsev.exe
  2⤵
  PID:8372
- C:\Windows\System\JWBqTez.exe
  C:\Windows\System\JWBqTez.exe
  2⤵
  PID:8280
- C:\Windows\System\QwhOBAo.exe
  C:\Windows\System\QwhOBAo.exe
  2⤵
  PID:8264
- C:\Windows\System\KpFroxs.exe
  C:\Windows\System\KpFroxs.exe
  2⤵
  PID:8528
- C:\Windows\System\WlALHHN.exe
  C:\Windows\System\WlALHHN.exe
  2⤵
  PID:8592
- C:\Windows\System\BNXoFOP.exe
  C:\Windows\System\BNXoFOP.exe
  2⤵
  PID:8860
- C:\Windows\System\sfjopye.exe
  C:\Windows\System\sfjopye.exe
  2⤵
  PID:8780
- C:\Windows\System\ZJXTNKV.exe
  C:\Windows\System\ZJXTNKV.exe
  2⤵
  PID:8920
- C:\Windows\System\ruzUZmt.exe
  C:\Windows\System\ruzUZmt.exe
  2⤵
  PID:7900
- C:\Windows\System\yjCsWLB.exe
  C:\Windows\System\yjCsWLB.exe
  2⤵
  PID:8800
- C:\Windows\System\JlYFKat.exe
  C:\Windows\System\JlYFKat.exe
  2⤵
  PID:9020
- C:\Windows\System\JcoNLpG.exe
  C:\Windows\System\JcoNLpG.exe
  2⤵
  PID:9064
- C:\Windows\System\VLhNfdO.exe
  C:\Windows\System\VLhNfdO.exe
  2⤵
  PID:8308
- C:\Windows\System\FnznCqr.exe
  C:\Windows\System\FnznCqr.exe
  2⤵
  PID:8468
- C:\Windows\System\wHRZrGT.exe
  C:\Windows\System\wHRZrGT.exe
  2⤵
  PID:8668
- C:\Windows\System\zIcrEZx.exe
  C:\Windows\System\zIcrEZx.exe
  2⤵
  PID:8868
- C:\Windows\System\DSoAWMK.exe
  C:\Windows\System\DSoAWMK.exe
  2⤵
  PID:8488
- C:\Windows\System\NvefVql.exe
  C:\Windows\System\NvefVql.exe
  2⤵
  PID:8344
- C:\Windows\System\XFHGdcX.exe
  C:\Windows\System\XFHGdcX.exe
  2⤵
  PID:9068
- C:\Windows\System\hjYJRRM.exe
  C:\Windows\System\hjYJRRM.exe
  2⤵
  PID:8576
- C:\Windows\System\xSWPWni.exe
  C:\Windows\System\xSWPWni.exe
  2⤵
  PID:8984
- C:\Windows\System\uduSqaw.exe
  C:\Windows\System\uduSqaw.exe
  2⤵
  PID:992
- C:\Windows\System\KghrnZB.exe
  C:\Windows\System\KghrnZB.exe
  2⤵
  PID:8816
- C:\Windows\System\YdeTman.exe
  C:\Windows\System\YdeTman.exe
  2⤵
  PID:8556
- C:\Windows\System\ZzBlOmQ.exe
  C:\Windows\System\ZzBlOmQ.exe
  2⤵
  PID:9192
- C:\Windows\System\FFvphUm.exe
  C:\Windows\System\FFvphUm.exe
  2⤵
  PID:9144
- C:\Windows\System\eqCdmUL.exe
  C:\Windows\System\eqCdmUL.exe
  2⤵
  PID:9048
- C:\Windows\System\LwXvCYm.exe
  C:\Windows\System\LwXvCYm.exe
  2⤵
  PID:6460
- C:\Windows\System\mvvuRlV.exe
  C:\Windows\System\mvvuRlV.exe
  2⤵
  PID:8904
- C:\Windows\System\cUjrKmM.exe
  C:\Windows\System\cUjrKmM.exe
  2⤵
  PID:6808
- C:\Windows\System\gCPZCPg.exe
  C:\Windows\System\gCPZCPg.exe
  2⤵
  PID:8996
- C:\Windows\System\yomcIHY.exe
  C:\Windows\System\yomcIHY.exe
  2⤵
  PID:9080
- C:\Windows\System\xWBjTUV.exe
  C:\Windows\System\xWBjTUV.exe
  2⤵
  PID:8420
- C:\Windows\System\vxbHnls.exe
  C:\Windows\System\vxbHnls.exe
  2⤵
  PID:8916
- C:\Windows\System\odxumhP.exe
  C:\Windows\System\odxumhP.exe
  2⤵
  PID:9140
- C:\Windows\System\THkaEzX.exe
  C:\Windows\System\THkaEzX.exe
  2⤵
  PID:9228
- C:\Windows\System\TEYHmRE.exe
  C:\Windows\System\TEYHmRE.exe
  2⤵
  PID:9244
- C:\Windows\System\hzbIwcH.exe
  C:\Windows\System\hzbIwcH.exe
  2⤵
  PID:9260
- C:\Windows\System\ZBYHgaz.exe
  C:\Windows\System\ZBYHgaz.exe
  2⤵
  PID:9276
- C:\Windows\System\vkjnMjR.exe
  C:\Windows\System\vkjnMjR.exe
  2⤵
  PID:9292
- C:\Windows\System\aLGZVpk.exe
  C:\Windows\System\aLGZVpk.exe
  2⤵
  PID:9308
- C:\Windows\System\amtVmbf.exe
  C:\Windows\System\amtVmbf.exe
  2⤵
  PID:9324
- C:\Windows\System\AeCQPrf.exe
  C:\Windows\System\AeCQPrf.exe
  2⤵
  PID:9340
- C:\Windows\System\SHkZhek.exe
  C:\Windows\System\SHkZhek.exe
  2⤵
  PID:9356
- C:\Windows\System\AWcxICs.exe
  C:\Windows\System\AWcxICs.exe
  2⤵
  PID:9372
- C:\Windows\System\dMdwGZf.exe
  C:\Windows\System\dMdwGZf.exe
  2⤵
  PID:9388
- C:\Windows\System\QLXUJfX.exe
  C:\Windows\System\QLXUJfX.exe
  2⤵
  PID:9404
- C:\Windows\System\DHvnLGb.exe
  C:\Windows\System\DHvnLGb.exe
  2⤵
  PID:9420
- C:\Windows\System\AxUmijU.exe
  C:\Windows\System\AxUmijU.exe
  2⤵
  PID:9436
- C:\Windows\System\MqVhXOS.exe
  C:\Windows\System\MqVhXOS.exe
  2⤵
  PID:9452
- C:\Windows\System\bRBUWMY.exe
  C:\Windows\System\bRBUWMY.exe
  2⤵
  PID:9468
- C:\Windows\System\PXjYlZO.exe
  C:\Windows\System\PXjYlZO.exe
  2⤵
  PID:9484
- C:\Windows\System\AuIjKdD.exe
  C:\Windows\System\AuIjKdD.exe
  2⤵
  PID:9504
- C:\Windows\System\Iaxuxuf.exe
  C:\Windows\System\Iaxuxuf.exe
  2⤵
  PID:9520
- C:\Windows\System\GwPqqwi.exe
  C:\Windows\System\GwPqqwi.exe
  2⤵
  PID:9536
- C:\Windows\System\vpnGDLb.exe
  C:\Windows\System\vpnGDLb.exe
  2⤵
  PID:9552
- C:\Windows\System\zxktOTq.exe
  C:\Windows\System\zxktOTq.exe
  2⤵
  PID:9568
- C:\Windows\System\dqeDiOr.exe
  C:\Windows\System\dqeDiOr.exe
  2⤵
  PID:9584
- C:\Windows\System\FFFjczs.exe
  C:\Windows\System\FFFjczs.exe
  2⤵
  PID:9600
- C:\Windows\System\HVlzcbd.exe
  C:\Windows\System\HVlzcbd.exe
  2⤵
  PID:9616
- C:\Windows\System\hJudKSS.exe
  C:\Windows\System\hJudKSS.exe
  2⤵
  PID:9632
- C:\Windows\System\KzJDuTw.exe
  C:\Windows\System\KzJDuTw.exe
  2⤵
  PID:9648
- C:\Windows\System\KuCOpgw.exe
  C:\Windows\System\KuCOpgw.exe
  2⤵
  PID:9664
- C:\Windows\System\BRpAEJR.exe
  C:\Windows\System\BRpAEJR.exe
  2⤵
  PID:9680
- C:\Windows\System\bOkJMhZ.exe
  C:\Windows\System\bOkJMhZ.exe
  2⤵
  PID:9696
- C:\Windows\System\cmoXTXf.exe
  C:\Windows\System\cmoXTXf.exe
  2⤵
  PID:9712
- C:\Windows\System\OztWOrO.exe
  C:\Windows\System\OztWOrO.exe
  2⤵
  PID:9728
- C:\Windows\System\WRmdaNk.exe
  C:\Windows\System\WRmdaNk.exe
  2⤵
  PID:9744
- C:\Windows\System\eJujzdU.exe
  C:\Windows\System\eJujzdU.exe
  2⤵
  PID:9760
- C:\Windows\System\REfhLFP.exe
  C:\Windows\System\REfhLFP.exe
  2⤵
  PID:9780
- C:\Windows\System\bCqlGuM.exe
  C:\Windows\System\bCqlGuM.exe
  2⤵
  PID:9796
- C:\Windows\System\VDfZAPH.exe
  C:\Windows\System\VDfZAPH.exe
  2⤵
  PID:9816
- C:\Windows\System\TPOcCoP.exe
  C:\Windows\System\TPOcCoP.exe
  2⤵
  PID:9844
- C:\Windows\System\eaxZpbE.exe
  C:\Windows\System\eaxZpbE.exe
  2⤵
  PID:9896
- C:\Windows\System\eKofafr.exe
  C:\Windows\System\eKofafr.exe
  2⤵
  PID:9932
- C:\Windows\System\dUGEHiK.exe
  C:\Windows\System\dUGEHiK.exe
  2⤵
  PID:9952
- C:\Windows\System\PAzIPwh.exe
  C:\Windows\System\PAzIPwh.exe
  2⤵
  PID:9968
- C:\Windows\System\SFEEjYT.exe
  C:\Windows\System\SFEEjYT.exe
  2⤵
  PID:10060
- C:\Windows\System\wxZRKWK.exe
  C:\Windows\System\wxZRKWK.exe
  2⤵
  PID:9368
- C:\Windows\System\RYJXrla.exe
  C:\Windows\System\RYJXrla.exe
  2⤵
  PID:9300
- C:\Windows\System\rwLMCTY.exe
  C:\Windows\System\rwLMCTY.exe
  2⤵
  PID:9412
- C:\Windows\System\YnVbEvr.exe
  C:\Windows\System\YnVbEvr.exe
  2⤵
  PID:9840
- C:\Windows\System\WUrBUYk.exe
  C:\Windows\System\WUrBUYk.exe
  2⤵
  PID:9860
- C:\Windows\System\KSLZDsM.exe
  C:\Windows\System\KSLZDsM.exe
  2⤵
  PID:10180
- C:\Windows\System\vpXJIIj.exe
  C:\Windows\System\vpXJIIj.exe
  2⤵
  PID:10200
- C:\Windows\System\TvfaREo.exe
  C:\Windows\System\TvfaREo.exe
  2⤵
  PID:10220
- C:\Windows\System\ZVBaCli.exe
  C:\Windows\System\ZVBaCli.exe
  2⤵
  PID:9492
- C:\Windows\System\CudNjeK.exe
  C:\Windows\System\CudNjeK.exe
  2⤵
  PID:9224
- C:\Windows\System\vIiVZhL.exe
  C:\Windows\System\vIiVZhL.exe
  2⤵
  PID:9364
- C:\Windows\System\HMPSwiJ.exe
  C:\Windows\System\HMPSwiJ.exe
  2⤵
  PID:9460
- C:\Windows\System\exWWEci.exe
  C:\Windows\System\exWWEci.exe
  2⤵
  PID:9792
- C:\Windows\System\HbSzZQW.exe
  C:\Windows\System\HbSzZQW.exe
  2⤵
  PID:9880
- C:\Windows\System\kQywngj.exe
  C:\Windows\System\kQywngj.exe
  2⤵
  PID:10000
- C:\Windows\System\InbPUei.exe
  C:\Windows\System\InbPUei.exe
  2⤵
  PID:10016
- C:\Windows\System\nGzmElO.exe
  C:\Windows\System\nGzmElO.exe
  2⤵
  PID:10120
- C:\Windows\System\llkcbgd.exe
  C:\Windows\System\llkcbgd.exe
  2⤵
  PID:9220
- C:\Windows\System\llIcctV.exe
  C:\Windows\System\llIcctV.exe
  2⤵
  PID:9316
- C:\Windows\System\UvsRKpc.exe
  C:\Windows\System\UvsRKpc.exe
  2⤵
  PID:9352
- C:\Windows\System\hdHCyLp.exe
  C:\Windows\System\hdHCyLp.exe
  2⤵
  PID:8392
- C:\Windows\System\vjnfkoC.exe
  C:\Windows\System\vjnfkoC.exe
  2⤵
  PID:9464
- C:\Windows\System\PnmJMLd.exe
  C:\Windows\System\PnmJMLd.exe
  2⤵
  PID:9548
- C:\Windows\System\yTgtdxJ.exe
  C:\Windows\System\yTgtdxJ.exe
  2⤵
  PID:9532
- C:\Windows\System\ufmuUvG.exe
  C:\Windows\System\ufmuUvG.exe
  2⤵
  PID:9476
- C:\Windows\System\lNSUfAG.exe
  C:\Windows\System\lNSUfAG.exe
  2⤵
  PID:9788
- C:\Windows\System\NyjOjDn.exe
  C:\Windows\System\NyjOjDn.exe
  2⤵
  PID:9828
- C:\Windows\System\jxoNHQT.exe
  C:\Windows\System\jxoNHQT.exe
  2⤵
  PID:9852
- C:\Windows\System\wyWBcAa.exe
  C:\Windows\System\wyWBcAa.exe
  2⤵
  PID:10128
- C:\Windows\System\OSudtvV.exe
  C:\Windows\System\OSudtvV.exe
  2⤵
  PID:10136
- C:\Windows\System\wRJsrEb.exe
  C:\Windows\System\wRJsrEb.exe
  2⤵
  PID:10204
- C:\Windows\System\xtaGHHD.exe
  C:\Windows\System\xtaGHHD.exe
  2⤵
  PID:10144
- C:\Windows\System\RGBYiJF.exe
  C:\Windows\System\RGBYiJF.exe
  2⤵
  PID:9608
- C:\Windows\System\hHwRcOe.exe
  C:\Windows\System\hHwRcOe.exe
  2⤵
  PID:9892
- C:\Windows\System\xYpaHYV.exe
  C:\Windows\System\xYpaHYV.exe
  2⤵
  PID:9996
- C:\Windows\System\NkqlFWc.exe
  C:\Windows\System\NkqlFWc.exe
  2⤵
  PID:9656
- C:\Windows\System\rVsoYHl.exe
  C:\Windows\System\rVsoYHl.exe
  2⤵
  PID:9876
- C:\Windows\System\FnIYVrd.exe
  C:\Windows\System\FnIYVrd.exe
  2⤵
  PID:10040
- C:\Windows\System\nAWfZLB.exe
  C:\Windows\System\nAWfZLB.exe
  2⤵
  PID:10096
- C:\Windows\System\mAwyJDm.exe
  C:\Windows\System\mAwyJDm.exe
  2⤵
  PID:10032
- C:\Windows\System\EETjxLg.exe
  C:\Windows\System\EETjxLg.exe
  2⤵
  PID:9692
- C:\Windows\System\nDMtSTt.exe
  C:\Windows\System\nDMtSTt.exe
  2⤵
  PID:9756
- C:\Windows\System\vdVZtdq.exe
  C:\Windows\System\vdVZtdq.exe
  2⤵
  PID:9812
- C:\Windows\System\bFSPGkP.exe
  C:\Windows\System\bFSPGkP.exe
  2⤵
  PID:9976
- C:\Windows\System\JYpWwoZ.exe
  C:\Windows\System\JYpWwoZ.exe
  2⤵
  PID:10028
- C:\Windows\System\LOcQDvG.exe
  C:\Windows\System\LOcQDvG.exe
  2⤵
  PID:10108
- C:\Windows\System\NcnEkkL.exe
  C:\Windows\System\NcnEkkL.exe
  2⤵
  PID:8180
- C:\Windows\System\FYttQSy.exe
  C:\Windows\System\FYttQSy.exe
  2⤵
  PID:9320
- C:\Windows\System\vCMyEIM.exe
  C:\Windows\System\vCMyEIM.exe
  2⤵
  PID:9000
- C:\Windows\System\IBzDIvE.exe
  C:\Windows\System\IBzDIvE.exe
  2⤵
  PID:9512
- C:\Windows\System\seldsMV.exe
  C:\Windows\System\seldsMV.exe
  2⤵
  PID:9448
- C:\Windows\System\HuMwmeS.exe
  C:\Windows\System\HuMwmeS.exe
  2⤵
  PID:9612
- C:\Windows\System\tdeyyEH.exe
  C:\Windows\System\tdeyyEH.exe
  2⤵
  PID:9864
- C:\Windows\System\PuStoIq.exe
  C:\Windows\System\PuStoIq.exe
  2⤵
  PID:10160
- C:\Windows\System\iwlcJYy.exe
  C:\Windows\System\iwlcJYy.exe
  2⤵
  PID:9704
- C:\Windows\System\jUOOZXD.exe
  C:\Windows\System\jUOOZXD.exe
  2⤵
  PID:10112
- C:\Windows\System\bjEtPvY.exe
  C:\Windows\System\bjEtPvY.exe
  2⤵
  PID:9916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CUuezzl.exe

Filesize
6.0MB

MD5
ebf86cb51af088bbd0ecbc143f9a4cd7

SHA1
f576ec220df92e1c5d5ed9bf49dc2bed211847b8

SHA256
83529772f6968d3ba186db1801c3131854c3ef427343686a95e14b76e7da0475

SHA512
3e4f9a2b7fe242dced81ba67b20c6a4e93af9783ee0af5d61e09802574149d7212d886a9cb1b4a81c7f043fec637f3e16e354692aca9613be6d0479fa574ef21

Download Submit
C:\Windows\system\DSXJCXt.exe

Filesize
6.0MB

MD5
5865b1d66669646e66401c43dd5ecb93

SHA1
f63b708c6d3f9454383efa241ccdd9bb81197bba

SHA256
27ac5314ef562e2a4c156cce82dc275be98dabb27b2d8742e465bac4683cdc81

SHA512
6c608e98b807338104794e0d0a318209e7c488aec297d6c436567959e0afa7474d316819c8318efa609126c075971655de7a43babf794f71e14cf28c28f16da3

Download Submit
C:\Windows\system\EXrdGsN.exe

Filesize
6.0MB

MD5
e4a94859d7dfba22a91a10870f254945

SHA1
e061c6d47c8bc5e8512958a5f40212ee1872c34c

SHA256
35316dc2e0f9b4bdbe656d3e05cfdb99641cad766b9d0e502b4808a237a7f815

SHA512
255a4931b134bac3f021d8d37693b672e7f278ce274379bcc43a8b4dcb35366a034de6a991dae6cccbf25fc14ceb0c8c43f7e6b874b84024a467005a0864d4b7

Download Submit
C:\Windows\system\GLOJlqp.exe

Filesize
6.0MB

MD5
702d96ce25a7cee26180758efffbc709

SHA1
26cad25896946c98899fd1d6cfb4ebed5092a100

SHA256
7ff1a288be6d3bac4d09303558e372b0322ee664584d0ee7f70a7281b00b02e6

SHA512
39c46a6acb272cfbf398ecce9fa2f8a25d1f8f898a8ee7f9bc7aa2adb7415beae96f0f22f6827472473b87de033d9d69345c754cd9b8a2fb70c37678bcd960b5

Download Submit
C:\Windows\system\GRZQgFu.exe

Filesize
6.0MB

MD5
2dc6498cf1f2169214e8b96a3d094a3b

SHA1
aeee1d6fe3ded93052b7744f6dcd38c298812c4e

SHA256
6353bdbdc228985f51922ca2297da0b83fe0775454c06adbfe20cfe391be7923

SHA512
ef741a629c47fd30d18f239eae3584f6e9db4ec23706179f3e5c1727d86b0f69352359f7594b78717e708eb525013c047dd4a1e658d9e43b87eb2be1c8f8768d

Download Submit
C:\Windows\system\GTfBBGN.exe

Filesize
6.0MB

MD5
c798052a16ad2921678d433f89743e01

SHA1
a6781de0b1991c794769f53f31b3d043189103d8

SHA256
ef69ef0c79eb83a8a99434323502c2d4430fef98310b3dfbd838ebbd118d3a9d

SHA512
2de74d40628993a6bfedaad51839f69b5b76a08b09305cfbdc4686ee3f296c1f0810b24f3dd4c75ae1b39b88feb00675780b61e9f3aaa6be7fa47bae8197171a

Download Submit
C:\Windows\system\IuUVIeL.exe

Filesize
6.0MB

MD5
dda80ad95b22d853fae4972c9d94df4f

SHA1
e78b205b8f92172aa2f2880400edf129f322e81c

SHA256
7a095a2e190af8df6a8f395f6dbcf73633e4ec8619af83e02f28406f2b4ce6ba

SHA512
6039896615c5a01aef65484a4b98b7a4fdcc4ccd9101c7efd8d1a291c0a31ba788ef873b7aead78cbe3ccd7e97750e17550ed26a4307c23f496c440640d569ac

Download Submit
C:\Windows\system\JZnGSQa.exe

Filesize
6.0MB

MD5
a29600892332b3cb36b46cf42c22b065

SHA1
0560ca3ad8f83166de7c3362d5164431f51f80bd

SHA256
9cb638078d3adbc4391c16e4c1ede8df0f77d38bf04fad5e95b990517d85afc5

SHA512
2c8c36fa5ab72cd6bcc47bfa4b7e4610d8e408f3ebffe28fea43fc7b9ad403385cd93efb59f7f264f354f58e663fd38742ee8cc0d7c127332fa67f5527ebff85

Download Submit
C:\Windows\system\LxJGDDp.exe

Filesize
6.0MB

MD5
f3a0c2f4758c94b701f5abcb955898ce

SHA1
f37904234f160652b0fb8910cb7174a1c200efa4

SHA256
25a74d2806ebd97e1964d85f0d8673694fcb5dfa71bf61d63b22b0c9b5f0054a

SHA512
5f0f25bc64955c638bd96be466a6de0ef322accf658a37a0c3d9b2f7196e04a94fb8a2896ea6e9d1a8c18fd8d9b246e382aaab8283ea24ccd592b41a8205ae6f

Download Submit
C:\Windows\system\TFaUalD.exe

Filesize
6.0MB

MD5
6c49eaa1556438ca52dcf247e7ce31f9

SHA1
94afb192a1164d5c7c5079b4a79ac56e292594d7

SHA256
3cd71326962896a0e581e313ab1dca9c112c49be6580efcf3fd504bcfbe772a9

SHA512
466d767bb5714b1b12e9e290888552a46fbe9d34da904afb98f322a6365e5d91d7b6be24768c94aa106ff69a69759a6b47b206dded97a1330d1515da4a5eb1a5

Download Submit
C:\Windows\system\UGFvUZU.exe

Filesize
6.0MB

MD5
e8d3f06f9a78b456cf2fc1d8502caf8d

SHA1
ea7d86da96cd697786551d7dbb5a208c9667f7fd

SHA256
81b3c6a796759af4de1e5fb9de3f51abc84f350b173acc330c0577cf34e7ef14

SHA512
6d1f0d8549ce46f23fdbef736df33303fd4692315b8049e02493fc877649f1b89da7ca799253eff20a7d851917e3b42a285782ed5ea49931fbf6725f102042b6

Download Submit
C:\Windows\system\VkacnaW.exe

Filesize
6.0MB

MD5
c0e174b6162467cac2fc0d5088c6f687

SHA1
d22a430c4bdc4417e7124e555d2677a10b6846a1

SHA256
3ab90b0917a57520fd0bbe1a18f8e9bd8470babf8cec75cb219d1d7c87cba679

SHA512
83ee725f367487280443cdbda42eae03b0447aa8f4152df8f03a2be68b012183350e34f824617429b86c3afd32b274898af1c7f71a95bb2ae1d7f5bdf0c7fba7

Download Submit
C:\Windows\system\XtDXhID.exe

Filesize
6.0MB

MD5
ba27b927c8c58f6e1b0516c90175f496

SHA1
3bd0e4e95c63b485b3659d986b004377a19d9ddd

SHA256
95a7c0833c54d5929450203d814a270189602ff963e16cd15da233a7942e96b8

SHA512
327f2a0b69a7c584d9935643b0911bbd0bfe581142c39b76614a92fb7d79931509807bbd090fb47836e5fb323554f471ecfbe9a978cacd734df2ecb2c45b2583

Download Submit
C:\Windows\system\acrUgeV.exe

Filesize
6.0MB

MD5
2d4e3d25bdf03198dd8dd0040aa396df

SHA1
7ccf7c6b5e7bf58f8c0339b8791bd69ea87f9552

SHA256
057db3e3ae9b665fa61c3fe777150852d004e3412097749bb7722c22a9fc60dc

SHA512
7d35a5e375e4a66cab20e8f295d2221f21edccdd9cc7f840266814e588c4687c89bec6f424bc13cdfe170376e76522b7e5d860e3931907924fc20d9553f7fef7

Download Submit
C:\Windows\system\cNfPpkR.exe

Filesize
6.0MB

MD5
27c1236e356c8e840d19708ae7c6ae67

SHA1
b07d8d39f776615b5b6d8fe12b7fffeba610b8fd

SHA256
9b28c80a3512a8a60aa9f81b14bcf087008298e0fc1c2e8a97a2b1f603a79eba

SHA512
c5db9ae8bf0a66ce99b0eab1cc031b643dde97006808dffd5af372ebf62c4de68f08a084da014607f2ebae9f00c17c326354eb76f3474ba623073294fd24cf23

Download Submit
C:\Windows\system\caxdGFX.exe

Filesize
6.0MB

MD5
f8fad6e125b60aaf8e39fa42ac778ecf

SHA1
1c9d807776c4f892f803efba7da5769e5811f961

SHA256
fefd0c87dc123eb32213e79aabc18b58970cec9ba707d8d5e458bf997279427e

SHA512
58ddcafd4d9514bb558a694edf4489d96efc0ebb4f10943779408c347396bb90f000eac453a859818f716fbed452f91b0ef178c9459532f6aee23575a134b2a8

Download Submit
C:\Windows\system\dAbdeHe.exe

Filesize
6.0MB

MD5
a22fd0785b0cb087940df886aeef1323

SHA1
314d8ad29242616429153afcb26d29d0887a9919

SHA256
1593061afff3f3227881dc69457dba3df9515240cdff61504a156829b4479903

SHA512
1948887106ebdc0b9bc77dd1e5a27235900680b8b36547e34f729f01d5d71f321a7d6387bab53eef30d141a87762e2d41d0be4f5bfa7ed602319fbd8d5c8fcb2

Download Submit
C:\Windows\system\gTVQsIB.exe

Filesize
6.0MB

MD5
498dbfdc523c837768db41442ac5d7b8

SHA1
f3b78f547bd8d532c1fd96f9aa7f56327b477e5d

SHA256
5a82ab5fb16a3390e931e05add8a368c8f8d99bb3185cf78ca54b5ed78412184

SHA512
bc5036937725135d8670b49a15e49474e1484588fd4f51733780536b2907e7c38111dfa71b2bdcb436ac064ca8d92067929ed9807d5f9d9b06c5a784858730c0

Download Submit
C:\Windows\system\giKlPen.exe

Filesize
6.0MB

MD5
824244772af5c937c8389d97412de1b3

SHA1
aa71dc94cdf82de66d9ea399dac7ad9a5352cefc

SHA256
55e671bab2228e519d3dd295356b484d7a087dbc47165af2a8a5ffdd723105e4

SHA512
75a465360febe599bd6a46bf68445af2f9558523efdb89e8354031273305422c3ba39dd20863b4aaa046196ce5934228eccadf8ccaa5544f40f4afc4ed0bed09

Download Submit
C:\Windows\system\gpasWuj.exe

Filesize
6.0MB

MD5
50e34513a56d1bf9c7bf25b7c2c0a802

SHA1
879669279ef870c7068f30c6cd7be678a8bb3483

SHA256
e19caf5c7ecb8c5115afb93e1c5b2d4909dc08f24fe6a9124876abcdf8253edc

SHA512
8c98f5194a5c1b23f8041be97d5b66481b7cecba118d43e67d3e71f3f03733044b701e5d34c0a531efd530840db7264748620f180ecace52dbec8aa911f47778

Download Submit
C:\Windows\system\mUAiUzS.exe

Filesize
6.0MB

MD5
f1131a33e52dea119db94a5f23dfe378

SHA1
8d8da67b26d76825045157c418435b25dbdf4b8c

SHA256
a4f07b655ec1000dd7c15de71b7b71742390d76c0016aee06816c1b30458c0d2

SHA512
bd6c1e8a6bfc3c8c50070eb19457caa0a561e9bbc3ed071ff37c2c018c17884db6aead9f9992a5eeca837796270a13d584d76d70be8acf63689d3535c49cc6b8

Download Submit
C:\Windows\system\nwspBqZ.exe

Filesize
6.0MB

MD5
f1854b806f73b6673002071d0b61c678

SHA1
9c1023ea92aa70c4368c8c9ec0620b575eedfd78

SHA256
f37c3393b665c68b5e3bc226f4a02c3e69b99c739acc9b47978a48d497eb68c2

SHA512
953f968ebfd9ba406f9d1836306ad56907c39249efa5c26a25ed54d66c8288faf82a79df6e12e55eb50c8090c176b995ba4bd9e39f629e21ec84c946da8a06d4

Download Submit
C:\Windows\system\stQvaXH.exe

Filesize
6.0MB

MD5
ccb516531cccbb3031a0904a9bf25da8

SHA1
b05e1c85b4254ef46b61ae6c212a55a4a37147ef

SHA256
d971c9a2d9b1713383479b31f0ec30126bbdb0c4ab6d0808954eeeca85fc7948

SHA512
ec12f0d62d154aa57c4eda27e3d8c958648580947f0926dddf9d3e59389a9419dbb8aefd31bef881d0f9880f6226520057e504fd4dbfbbdd5e64551efe389f90

Download Submit
C:\Windows\system\xlUQEAi.exe

Filesize
6.0MB

MD5
6a7dd1347ac8de8471e1036296e9f0ca

SHA1
3b8ae57b19e04769be8fed7addea64f045057f54

SHA256
9dc2d1c254ac566bed9348730186e4441694ddcc74182ac0474b9e7ad44b1d09

SHA512
0d6d140d7a5d07e9f5488208d3cbc2953e07e8f846e491b0f3cd7d48c5725a0fd339c5db5d04a5b36a5b12364dd538ff4c5b9775780b89f5013431f149811d5b

Download Submit
C:\Windows\system\yhjYcoN.exe

Filesize
6.0MB

MD5
1f737fae94a3051f8bd01170d70074f1

SHA1
060f011d9b930652740229a21ec0a1410ba1f242

SHA256
9366f7352ddf4ae9ae76b7554c6dfff11cc8504956f515e0cd2c2d433634c1e8

SHA512
0900bdd37f2f3c12194eaba70992650af3ee4456272a860eb2c525832328466ec5f87e3012c29db52d817ddad4fa0a8b53df12168c55a9d72308b7db144dfc19

Download Submit
\Windows\system\AhXOpcE.exe

Filesize
6.0MB

MD5
ff3c5af83a0934d17cb0eb1a37b17771

SHA1
d3a92b1d5abd16fe5522ef5ae133372246f78c59

SHA256
3ae3d7ccc25fe8795ce7b16b02905090cb4bb27f207bce7f619448820f4b344b

SHA512
10f3e1934db1780e78752237d2df3e2f00199ff861dbcda9d2112fcf8639623294ce2b4947441fb4103870819656a875c277775d64d054696d1e8485d38b4962

Download Submit
\Windows\system\JOcQlZT.exe

Filesize
6.0MB

MD5
7a394ed8b93f1175268bf231eabfc7a5

SHA1
7d0fcc65f1848325243000a405887b0e1c04d4bc

SHA256
4c8cca0866cb19168cbdaa8ee3b7e395fc6265873bc8d8deaa47747f2be58b8d

SHA512
f736f4baf65c32f052b7d3d5d28a9573e0f61d01a93377a80b4ee40c320c445c4a26eb3a9420e6db26bc33a920186cbbf47d5e62523538102096f4e3099a10d4

Download Submit
\Windows\system\QLoTTUU.exe

Filesize
6.0MB

MD5
1ddb9aa48a8aabbb4efd9b32eff14c1f

SHA1
fae65a46a23850639debb0864a264e2af7de4063

SHA256
4ba30e7df350b89cf183068e271d53ac5a3a8ab52d7713195bf80df06e7bad77

SHA512
8ade82f2b564ac3a6306777dc4a018b364243f5083b66a07972d71c8a509947c28c32b736c03213e83868f08d77a31eea658f1fa2e9ee8762d8d71620daef19f

Download Submit
\Windows\system\WdwgMSy.exe

Filesize
6.0MB

MD5
b340c82a3461f00e82b82f0767e38403

SHA1
0cbf280ee5266091f94dcb3d8b4df1d64fa9a473

SHA256
7feed5e3af8315e5b517c4b7353043a67f68e65f1d70bd2549bd72ee397360a9

SHA512
2a77dd49c6165cbc1dfc4f3bb2d6dd495f07127f26f09ac83d4f46f61db9020c038328901364e86fb26fdcc9ff89683098c4de20d3fb86009f1a7ddede9a2088

Download Submit
\Windows\system\YoCHEpG.exe

Filesize
6.0MB

MD5
ec992de247ccba8b8939acc7d275f98e

SHA1
8be5926023d20da39d0550c41fc5b4d3bd20945d

SHA256
e8dcacb624cfb33e04207386243d34f91787743678d5040cee590b1f356ba319

SHA512
1f899f90331a671c77ebe08adf9ca5f00d5baf8d6233c8958e1a8d4831ce0bf70dbf821ca12a8e8eb6a8202f4107bf3d362459f98928cfd783b93c1efea570f3

Download Submit
\Windows\system\hcYeRiC.exe

Filesize
6.0MB

MD5
f4cd12c43623f7f48e61866dd08f4f6d

SHA1
d52334c66797cebd52b45679116c848753d7dbc2

SHA256
dc2e16516f50c11ee059e745fee17403f1e548d0a2d0cab6cca5811df196413b

SHA512
fd7a4aa8bd66587a69a7f75bc131cfc4fc789426ff8f058a5fa53fb8bb5943712f60b9029df1065a2629c6380830d3eb299af3dcf23d16424daa6611683b59b0

Download Submit
\Windows\system\ioviADW.exe

Filesize
6.0MB

MD5
c57d54c593b410ed8907f38b6cdfce9a

SHA1
7c731f56680f06c55bdedc06afb271ce899edaff

SHA256
e53e36ef1b73584c83f9779a1ae01df7da00472d4b68c38c3e0b3fb2081f9263

SHA512
5ad4b3fbccc6f77be2d6f6717ddbbd319d9350076def6f104cd8dd2a4011a3d9465bdc9fbb351a8c67b8074e2049bef084892e165c997025d0b7e89ab9eb8050

Download Submit
\Windows\system\lZgjeGU.exe

Filesize
6.0MB

MD5
4a0b4a9541a175e4fdfa56fb19b68b01

SHA1
952e9584a133ff7904992b4276be44bbb22c8faf

SHA256
86f856a86f11cfb1f20c8c45d1a1dc30bf5fc540ec303a9fa98d262306c5ac4b

SHA512
3fb951656050b0763be0aac6568d772151a6b651e2abb4b43931f01970ae451ac8d3f596705f4750c2ed333cc84aaf1d96dfb25d2ee08b5ae24eb8346f5dbb63

Download Submit
\Windows\system\lahKcgA.exe

Filesize
6.0MB

MD5
9c57aa147c656e4616dd439108f97a4b

SHA1
f5e4fe1e2465d1ce75a23cc90aaf907ba50da166

SHA256
b993b3fa1c601cb77003f53fa6a729e0679547a0c503a9da428c0ca03524386c

SHA512
7e13cebee05cc2103784b6d29cbe38ccf4c834d78efde2d4ade194275da37ec477fb8ac9585c2585b0a4a3350186bbe56c152c1607ea8a114e08195dc4a43ea5

Download Submit
memory/1128-36-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1128-3291-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1748-63-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1748-21-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1748-3294-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2312-110-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2312-42-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3327-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2708-82-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2708-211-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-58-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-0-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2708-26-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2708-90-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2708-218-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-215-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2708-216-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-98-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-108-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-102-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-94-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-78-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2708-75-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-6-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-70-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-214-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-217-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2708-53-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2708-48-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2708-209-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2708-38-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2708-14-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2708-29-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2708-208-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2756-213-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3292-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2756-64-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/3000-35-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3293-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/3000-89-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/3024-212-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-65-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3296-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-46-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-11-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3304-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download