cobaltstrike | ef7672a43b6aa6fe53a53fc9b25d1539a460904b28ee9953ef8062e005fae70a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16/02/2025, 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f817ddf0c0c78432de01a460972609c3
SHA1

367d0d7ce032843a94e12f053a20a3b8af3cdf14
SHA256

ef7672a43b6aa6fe53a53fc9b25d1539a460904b28ee9953ef8062e005fae70a
SHA512

38292ac749d53f82803a1309bb6d2a953e339a0e6fac8c7250824a71b1c2d8364993fb67d6d0d57ad39b2f76e4e1a6a1b9f3257670ef7cbcda550b1cfac40f99
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012033-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016276-12.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-173.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015fba-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-72.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c36-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016a49-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016588-30.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000167ea-25.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001650a-19.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2684-0-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012033-6.dat	xmrig
behavioral1/files/0x0008000000016276-12.dat	xmrig
behavioral1/memory/2024-15-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001925d-57.dat	xmrig
behavioral1/files/0x0005000000019240-71.dat	xmrig
behavioral1/memory/1296-77-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001938b-92.dat	xmrig
behavioral1/files/0x00050000000193c8-113.dat	xmrig
behavioral1/files/0x000500000001941a-129.dat	xmrig
behavioral1/files/0x0005000000019417-125.dat	xmrig
behavioral1/files/0x00050000000194f3-150.dat	xmrig
behavioral1/files/0x0005000000019537-166.dat	xmrig
behavioral1/memory/2684-388-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2684-390-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x000500000001960d-189.dat	xmrig
behavioral1/files/0x000500000001960c-184.dat	xmrig
behavioral1/files/0x000500000001960a-178.dat	xmrig
behavioral1/files/0x00050000000195d9-173.dat	xmrig
behavioral1/memory/2880-403-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2824-3974-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2312-3978-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2384-3981-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2888-3987-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2880-3986-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2836-3985-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2828-3984-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2696-3983-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1296-3982-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2912-3980-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2024-3979-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2764-3977-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2724-3975-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2992-3976-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2836-742-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2684-738-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0009000000015fba-163.dat	xmrig
behavioral1/files/0x00050000000194bd-142.dat	xmrig
behavioral1/files/0x0005000000019436-133.dat	xmrig
behavioral1/files/0x0005000000019441-137.dat	xmrig
behavioral1/files/0x00050000000193ec-121.dat	xmrig
behavioral1/files/0x00050000000193d4-117.dat	xmrig
behavioral1/files/0x00050000000193c1-109.dat	xmrig
behavioral1/files/0x00050000000193b7-105.dat	xmrig
behavioral1/memory/2724-101-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2992-100-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0005000000019399-99.dat	xmrig
behavioral1/memory/2888-89-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2880-88-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2836-95-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0005000000019280-86.dat	xmrig
behavioral1/memory/2312-93-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0005000000019263-85.dat	xmrig
behavioral1/memory/2024-82-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2912-80-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2724-56-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2824-76-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-72.dat	xmrig
behavioral1/memory/2828-52-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c53-51.dat	xmrig
behavioral1/memory/2684-59-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c36-45.dat	xmrig
behavioral1/memory/2992-44-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2684-40-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2384	BZRLSip.exe
2024	OFZnJQi.exe
2696	dGAkBVn.exe
2312	LPnyjaS.exe
2764	juYfPgI.exe
2992	zqBbpkM.exe
2828	nxvzDxt.exe
2724	QWYKlEu.exe
2824	LicbyOK.exe
2912	MKeQIZI.exe
1296	rDUkoVW.exe
2880	BqFTuSc.exe
2888	jrpBpBF.exe
2836	MIeHRlU.exe
2440	HhRhjNy.exe
860	zbKMbun.exe
2000	hYeaPEv.exe
1796	riSwuiE.exe
1756	UyAbYGu.exe
2692	ahEcxYV.exe
1624	XzgwwcF.exe
2940	drklfkY.exe
1592	QXKumQo.exe
3056	chEmrNL.exe
2952	dBNKFNA.exe
1060	SpKvpNP.exe
604	kysFmRW.exe
1352	Oaqbqch.exe
2580	IuVizZF.exe
2128	FtuoXkV.exe
1492	elpkBgl.exe
960	vLZOSxT.exe
952	YntGPRd.exe
576	RRLDofa.exe
1332	sESUKqh.exe
2432	THhnwNK.exe
1832	ZEuSzlg.exe
2112	mHqZhOf.exe
1580	BSIayTA.exe
1856	cvFbkOO.exe
2324	NKWXjvc.exe
2520	qFSRMmS.exe
2168	rMuOIrL.exe
2056	iXFNUQS.exe
556	uJJLseh.exe
896	dwPHTjG.exe
1980	lywaxfb.exe
2896	WuKNPZC.exe
1612	AUQPJYa.exe
2396	hXfToah.exe
2220	NqCTFvR.exe
2804	YAtoDxW.exe
2820	oWMripA.exe
2640	BCmWLiq.exe
2720	CIyqJwv.exe
2212	IMQusyH.exe
2604	BLtwDQh.exe
1660	IpuBZQu.exe
1792	ltzfFcM.exe
884	cfzAcUK.exe
3052	jNXXVtN.exe
1772	nOgltkj.exe
1104	VXOgLTJ.exe
1096	OAQgoEp.exe

Loads dropped DLL 64 IoCs

pid	Process
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2684-0-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x000a000000012033-6.dat	upx
behavioral1/files/0x0008000000016276-12.dat	upx
behavioral1/memory/2024-15-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x000500000001925d-57.dat	upx
behavioral1/files/0x0005000000019240-71.dat	upx
behavioral1/memory/1296-77-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x000500000001938b-92.dat	upx
behavioral1/files/0x00050000000193c8-113.dat	upx
behavioral1/files/0x000500000001941a-129.dat	upx
behavioral1/files/0x0005000000019417-125.dat	upx
behavioral1/files/0x00050000000194f3-150.dat	upx
behavioral1/files/0x0005000000019537-166.dat	upx
behavioral1/files/0x000500000001960d-189.dat	upx
behavioral1/files/0x000500000001960c-184.dat	upx
behavioral1/files/0x000500000001960a-178.dat	upx
behavioral1/files/0x00050000000195d9-173.dat	upx
behavioral1/memory/2880-403-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2824-3974-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2312-3978-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2384-3981-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2888-3987-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2880-3986-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2836-3985-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2828-3984-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2696-3983-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1296-3982-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2912-3980-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2024-3979-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2764-3977-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2724-3975-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2992-3976-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2836-742-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0009000000015fba-163.dat	upx
behavioral1/files/0x00050000000194bd-142.dat	upx
behavioral1/files/0x0005000000019436-133.dat	upx
behavioral1/files/0x0005000000019441-137.dat	upx
behavioral1/files/0x00050000000193ec-121.dat	upx
behavioral1/files/0x00050000000193d4-117.dat	upx
behavioral1/files/0x00050000000193c1-109.dat	upx
behavioral1/files/0x00050000000193b7-105.dat	upx
behavioral1/memory/2724-101-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2992-100-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x0005000000019399-99.dat	upx
behavioral1/memory/2888-89-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2880-88-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2836-95-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0005000000019280-86.dat	upx
behavioral1/memory/2312-93-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0005000000019263-85.dat	upx
behavioral1/memory/2024-82-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2912-80-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2724-56-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2824-76-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0005000000019278-72.dat	upx
behavioral1/memory/2828-52-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0008000000016c53-51.dat	upx
behavioral1/memory/2684-59-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0007000000016c36-45.dat	upx
behavioral1/memory/2992-44-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2764-37-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0007000000016a49-33.dat	upx
behavioral1/files/0x0007000000016588-30.dat	upx
behavioral1/memory/2696-28-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RzLjNdM.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqFTuSc.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBPmPzS.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCvfEFU.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgOGcSw.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjnMMRD.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxfgxic.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AORpgyQ.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkGQqtL.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYpbHHY.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSLhEDr.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnUGjGk.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEFKMLr.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoDRnqX.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFMIjUM.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lywaxfb.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHAIVxQ.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzXIaJj.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSdjVyx.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZZqnxb.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYHJpoS.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njSMtEv.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcijipP.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DILVKaD.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iizLJPl.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbHHUJw.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vptUmtv.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYkMVhq.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYeaPEv.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFHtCZF.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnaTGto.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eeUjTFq.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZxeAsr.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlIeRJe.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNmZyig.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrMidJu.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKmOXiD.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvoNQjd.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zThtARu.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjjyDTv.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvbgMTg.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnbmoGI.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztmvGqb.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCocxyl.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiRDyjE.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkdakWr.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMrjbTM.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JokVbNg.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYEbvwI.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlbtqfK.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAPRiqF.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOnnuMN.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmKPtEJ.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqKAqhl.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWTXvVB.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulAxzSU.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiCtGlL.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IElLQnX.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIZmFcV.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFZnJQi.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHXWNoH.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMurKum.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWLUKat.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwGSboT.exe	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2384	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2684 wrote to memory of 2384	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2684 wrote to memory of 2384	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2684 wrote to memory of 2024	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2684 wrote to memory of 2024	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2684 wrote to memory of 2024	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2684 wrote to memory of 2696	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2684 wrote to memory of 2696	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2684 wrote to memory of 2696	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2684 wrote to memory of 2312	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2684 wrote to memory of 2312	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2684 wrote to memory of 2312	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2684 wrote to memory of 2764	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2684 wrote to memory of 2764	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2684 wrote to memory of 2764	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2684 wrote to memory of 2992	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2684 wrote to memory of 2992	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2684 wrote to memory of 2992	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2684 wrote to memory of 2828	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2684 wrote to memory of 2828	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2684 wrote to memory of 2828	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2684 wrote to memory of 2724	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2684 wrote to memory of 2724	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2684 wrote to memory of 2724	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2684 wrote to memory of 2912	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2684 wrote to memory of 2912	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2684 wrote to memory of 2912	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2684 wrote to memory of 2824	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2684 wrote to memory of 2824	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2684 wrote to memory of 2824	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2684 wrote to memory of 2880	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2684 wrote to memory of 2880	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2684 wrote to memory of 2880	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2684 wrote to memory of 1296	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2684 wrote to memory of 1296	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2684 wrote to memory of 1296	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2684 wrote to memory of 2888	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2684 wrote to memory of 2888	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2684 wrote to memory of 2888	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2684 wrote to memory of 2836	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2684 wrote to memory of 2836	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2684 wrote to memory of 2836	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2684 wrote to memory of 2440	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2684 wrote to memory of 2440	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2684 wrote to memory of 2440	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2684 wrote to memory of 860	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2684 wrote to memory of 860	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2684 wrote to memory of 860	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2684 wrote to memory of 2000	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2684 wrote to memory of 2000	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2684 wrote to memory of 2000	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2684 wrote to memory of 1796	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2684 wrote to memory of 1796	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2684 wrote to memory of 1796	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2684 wrote to memory of 1756	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2684 wrote to memory of 1756	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2684 wrote to memory of 1756	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2684 wrote to memory of 2692	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2684 wrote to memory of 2692	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2684 wrote to memory of 2692	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2684 wrote to memory of 1624	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2684 wrote to memory of 1624	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2684 wrote to memory of 1624	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2684 wrote to memory of 2940	2684	2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_f817ddf0c0c78432de01a460972609c3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\System\BZRLSip.exe
  C:\Windows\System\BZRLSip.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\OFZnJQi.exe
  C:\Windows\System\OFZnJQi.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\dGAkBVn.exe
  C:\Windows\System\dGAkBVn.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\LPnyjaS.exe
  C:\Windows\System\LPnyjaS.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\juYfPgI.exe
  C:\Windows\System\juYfPgI.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\zqBbpkM.exe
  C:\Windows\System\zqBbpkM.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\nxvzDxt.exe
  C:\Windows\System\nxvzDxt.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\QWYKlEu.exe
  C:\Windows\System\QWYKlEu.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\MKeQIZI.exe
  C:\Windows\System\MKeQIZI.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\LicbyOK.exe
  C:\Windows\System\LicbyOK.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\BqFTuSc.exe
  C:\Windows\System\BqFTuSc.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\rDUkoVW.exe
  C:\Windows\System\rDUkoVW.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\jrpBpBF.exe
  C:\Windows\System\jrpBpBF.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\MIeHRlU.exe
  C:\Windows\System\MIeHRlU.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\HhRhjNy.exe
  C:\Windows\System\HhRhjNy.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\zbKMbun.exe
  C:\Windows\System\zbKMbun.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\hYeaPEv.exe
  C:\Windows\System\hYeaPEv.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\riSwuiE.exe
  C:\Windows\System\riSwuiE.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\UyAbYGu.exe
  C:\Windows\System\UyAbYGu.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\ahEcxYV.exe
  C:\Windows\System\ahEcxYV.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\XzgwwcF.exe
  C:\Windows\System\XzgwwcF.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\drklfkY.exe
  C:\Windows\System\drklfkY.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\QXKumQo.exe
  C:\Windows\System\QXKumQo.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\chEmrNL.exe
  C:\Windows\System\chEmrNL.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\dBNKFNA.exe
  C:\Windows\System\dBNKFNA.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\SpKvpNP.exe
  C:\Windows\System\SpKvpNP.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\kysFmRW.exe
  C:\Windows\System\kysFmRW.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\Oaqbqch.exe
  C:\Windows\System\Oaqbqch.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\IuVizZF.exe
  C:\Windows\System\IuVizZF.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\FtuoXkV.exe
  C:\Windows\System\FtuoXkV.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\elpkBgl.exe
  C:\Windows\System\elpkBgl.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\vLZOSxT.exe
  C:\Windows\System\vLZOSxT.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\YntGPRd.exe
  C:\Windows\System\YntGPRd.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\RRLDofa.exe
  C:\Windows\System\RRLDofa.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\sESUKqh.exe
  C:\Windows\System\sESUKqh.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\THhnwNK.exe
  C:\Windows\System\THhnwNK.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\ZEuSzlg.exe
  C:\Windows\System\ZEuSzlg.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\mHqZhOf.exe
  C:\Windows\System\mHqZhOf.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\BSIayTA.exe
  C:\Windows\System\BSIayTA.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\cvFbkOO.exe
  C:\Windows\System\cvFbkOO.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\NKWXjvc.exe
  C:\Windows\System\NKWXjvc.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\qFSRMmS.exe
  C:\Windows\System\qFSRMmS.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\rMuOIrL.exe
  C:\Windows\System\rMuOIrL.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\iXFNUQS.exe
  C:\Windows\System\iXFNUQS.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\uJJLseh.exe
  C:\Windows\System\uJJLseh.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\dwPHTjG.exe
  C:\Windows\System\dwPHTjG.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\lywaxfb.exe
  C:\Windows\System\lywaxfb.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\WuKNPZC.exe
  C:\Windows\System\WuKNPZC.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\AUQPJYa.exe
  C:\Windows\System\AUQPJYa.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\hXfToah.exe
  C:\Windows\System\hXfToah.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\NqCTFvR.exe
  C:\Windows\System\NqCTFvR.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\YAtoDxW.exe
  C:\Windows\System\YAtoDxW.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\oWMripA.exe
  C:\Windows\System\oWMripA.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\BCmWLiq.exe
  C:\Windows\System\BCmWLiq.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\CIyqJwv.exe
  C:\Windows\System\CIyqJwv.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\IMQusyH.exe
  C:\Windows\System\IMQusyH.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\BLtwDQh.exe
  C:\Windows\System\BLtwDQh.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\IpuBZQu.exe
  C:\Windows\System\IpuBZQu.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\ltzfFcM.exe
  C:\Windows\System\ltzfFcM.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\cfzAcUK.exe
  C:\Windows\System\cfzAcUK.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\jNXXVtN.exe
  C:\Windows\System\jNXXVtN.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\nOgltkj.exe
  C:\Windows\System\nOgltkj.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\VXOgLTJ.exe
  C:\Windows\System\VXOgLTJ.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\OAQgoEp.exe
  C:\Windows\System\OAQgoEp.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\ZCVfBLr.exe
  C:\Windows\System\ZCVfBLr.exe
  2⤵
  PID:3000
- C:\Windows\System\bUjuSTl.exe
  C:\Windows\System\bUjuSTl.exe
  2⤵
  PID:3004
- C:\Windows\System\lYbvTto.exe
  C:\Windows\System\lYbvTto.exe
  2⤵
  PID:844
- C:\Windows\System\qMrCpdK.exe
  C:\Windows\System\qMrCpdK.exe
  2⤵
  PID:1700
- C:\Windows\System\OievAXM.exe
  C:\Windows\System\OievAXM.exe
  2⤵
  PID:1696
- C:\Windows\System\MFHtCZF.exe
  C:\Windows\System\MFHtCZF.exe
  2⤵
  PID:892
- C:\Windows\System\jvGeUZt.exe
  C:\Windows\System\jvGeUZt.exe
  2⤵
  PID:704
- C:\Windows\System\atmKfQN.exe
  C:\Windows\System\atmKfQN.exe
  2⤵
  PID:2360
- C:\Windows\System\yALBIUk.exe
  C:\Windows\System\yALBIUk.exe
  2⤵
  PID:1488
- C:\Windows\System\kvoknpQ.exe
  C:\Windows\System\kvoknpQ.exe
  2⤵
  PID:592
- C:\Windows\System\lzSPsoP.exe
  C:\Windows\System\lzSPsoP.exe
  2⤵
  PID:2172
- C:\Windows\System\vKJcWkw.exe
  C:\Windows\System\vKJcWkw.exe
  2⤵
  PID:820
- C:\Windows\System\GlHgpRP.exe
  C:\Windows\System\GlHgpRP.exe
  2⤵
  PID:1744
- C:\Windows\System\eqgeKnB.exe
  C:\Windows\System\eqgeKnB.exe
  2⤵
  PID:2984
- C:\Windows\System\XByQixx.exe
  C:\Windows\System\XByQixx.exe
  2⤵
  PID:1576
- C:\Windows\System\Lbfafej.exe
  C:\Windows\System\Lbfafej.exe
  2⤵
  PID:2964
- C:\Windows\System\QYUEgsd.exe
  C:\Windows\System\QYUEgsd.exe
  2⤵
  PID:1336
- C:\Windows\System\BXZObEd.exe
  C:\Windows\System\BXZObEd.exe
  2⤵
  PID:2776
- C:\Windows\System\wtRIkTo.exe
  C:\Windows\System\wtRIkTo.exe
  2⤵
  PID:2732
- C:\Windows\System\KaguTdH.exe
  C:\Windows\System\KaguTdH.exe
  2⤵
  PID:2704
- C:\Windows\System\DkVWUNS.exe
  C:\Windows\System\DkVWUNS.exe
  2⤵
  PID:1260
- C:\Windows\System\dYkjuUJ.exe
  C:\Windows\System\dYkjuUJ.exe
  2⤵
  PID:1320
- C:\Windows\System\gEIhJop.exe
  C:\Windows\System\gEIhJop.exe
  2⤵
  PID:2864
- C:\Windows\System\YTCaJZB.exe
  C:\Windows\System\YTCaJZB.exe
  2⤵
  PID:1140
- C:\Windows\System\vaYsgEA.exe
  C:\Windows\System\vaYsgEA.exe
  2⤵
  PID:1092
- C:\Windows\System\qWksfAx.exe
  C:\Windows\System\qWksfAx.exe
  2⤵
  PID:2292
- C:\Windows\System\UDCBVPN.exe
  C:\Windows\System\UDCBVPN.exe
  2⤵
  PID:908
- C:\Windows\System\mrBIbbD.exe
  C:\Windows\System\mrBIbbD.exe
  2⤵
  PID:2264
- C:\Windows\System\IPjRzoV.exe
  C:\Windows\System\IPjRzoV.exe
  2⤵
  PID:2568
- C:\Windows\System\PSCfnRD.exe
  C:\Windows\System\PSCfnRD.exe
  2⤵
  PID:1820
- C:\Windows\System\dPfGWrN.exe
  C:\Windows\System\dPfGWrN.exe
  2⤵
  PID:1480
- C:\Windows\System\MZRwwPY.exe
  C:\Windows\System\MZRwwPY.exe
  2⤵
  PID:2332
- C:\Windows\System\FXFCoKV.exe
  C:\Windows\System\FXFCoKV.exe
  2⤵
  PID:2756
- C:\Windows\System\TojHYGY.exe
  C:\Windows\System\TojHYGY.exe
  2⤵
  PID:2980
- C:\Windows\System\WVYNbWt.exe
  C:\Windows\System\WVYNbWt.exe
  2⤵
  PID:2876
- C:\Windows\System\vWqArAV.exe
  C:\Windows\System\vWqArAV.exe
  2⤵
  PID:2120
- C:\Windows\System\UpkaRiR.exe
  C:\Windows\System\UpkaRiR.exe
  2⤵
  PID:2608
- C:\Windows\System\IQSAgam.exe
  C:\Windows\System\IQSAgam.exe
  2⤵
  PID:956
- C:\Windows\System\PQavGwA.exe
  C:\Windows\System\PQavGwA.exe
  2⤵
  PID:328
- C:\Windows\System\jugasSk.exe
  C:\Windows\System\jugasSk.exe
  2⤵
  PID:2552
- C:\Windows\System\pQZjPrY.exe
  C:\Windows\System\pQZjPrY.exe
  2⤵
  PID:1848
- C:\Windows\System\LwyiuUt.exe
  C:\Windows\System\LwyiuUt.exe
  2⤵
  PID:2020
- C:\Windows\System\DyPpmqU.exe
  C:\Windows\System\DyPpmqU.exe
  2⤵
  PID:1812
- C:\Windows\System\MlQcdZM.exe
  C:\Windows\System\MlQcdZM.exe
  2⤵
  PID:1724
- C:\Windows\System\vfpcuyO.exe
  C:\Windows\System\vfpcuyO.exe
  2⤵
  PID:2632
- C:\Windows\System\teEJrGI.exe
  C:\Windows\System\teEJrGI.exe
  2⤵
  PID:2924
- C:\Windows\System\hcOeWPF.exe
  C:\Windows\System\hcOeWPF.exe
  2⤵
  PID:600
- C:\Windows\System\CgnAvrf.exe
  C:\Windows\System\CgnAvrf.exe
  2⤵
  PID:2620
- C:\Windows\System\smOqXXa.exe
  C:\Windows\System\smOqXXa.exe
  2⤵
  PID:2624
- C:\Windows\System\JIrbgxO.exe
  C:\Windows\System\JIrbgxO.exe
  2⤵
  PID:2132
- C:\Windows\System\GfKWsUq.exe
  C:\Windows\System\GfKWsUq.exe
  2⤵
  PID:1040
- C:\Windows\System\oAyfSkG.exe
  C:\Windows\System\oAyfSkG.exe
  2⤵
  PID:1016
- C:\Windows\System\cUupTQn.exe
  C:\Windows\System\cUupTQn.exe
  2⤵
  PID:2744
- C:\Windows\System\yyTIYxp.exe
  C:\Windows\System\yyTIYxp.exe
  2⤵
  PID:1976
- C:\Windows\System\uavfgeX.exe
  C:\Windows\System\uavfgeX.exe
  2⤵
  PID:2852
- C:\Windows\System\ddHFtNw.exe
  C:\Windows\System\ddHFtNw.exe
  2⤵
  PID:2392
- C:\Windows\System\eYHJpoS.exe
  C:\Windows\System\eYHJpoS.exe
  2⤵
  PID:2816
- C:\Windows\System\wnbmoGI.exe
  C:\Windows\System\wnbmoGI.exe
  2⤵
  PID:2028
- C:\Windows\System\UztwsEM.exe
  C:\Windows\System\UztwsEM.exe
  2⤵
  PID:1156
- C:\Windows\System\jldbMMp.exe
  C:\Windows\System\jldbMMp.exe
  2⤵
  PID:1564
- C:\Windows\System\BlcgnAo.exe
  C:\Windows\System\BlcgnAo.exe
  2⤵
  PID:1340
- C:\Windows\System\TfUXVrN.exe
  C:\Windows\System\TfUXVrN.exe
  2⤵
  PID:1608
- C:\Windows\System\cEpnmlv.exe
  C:\Windows\System\cEpnmlv.exe
  2⤵
  PID:2012
- C:\Windows\System\uDYxXAs.exe
  C:\Windows\System\uDYxXAs.exe
  2⤵
  PID:1764
- C:\Windows\System\zgHDrOl.exe
  C:\Windows\System\zgHDrOl.exe
  2⤵
  PID:2800
- C:\Windows\System\HZqcULu.exe
  C:\Windows\System\HZqcULu.exe
  2⤵
  PID:2144
- C:\Windows\System\IkviHRf.exe
  C:\Windows\System\IkviHRf.exe
  2⤵
  PID:3008
- C:\Windows\System\WhekWIv.exe
  C:\Windows\System\WhekWIv.exe
  2⤵
  PID:2688
- C:\Windows\System\xYIuTDS.exe
  C:\Windows\System\xYIuTDS.exe
  2⤵
  PID:2456
- C:\Windows\System\qdwJPpR.exe
  C:\Windows\System\qdwJPpR.exe
  2⤵
  PID:900
- C:\Windows\System\VRqKgAl.exe
  C:\Windows\System\VRqKgAl.exe
  2⤵
  PID:2728
- C:\Windows\System\frcmmtT.exe
  C:\Windows\System\frcmmtT.exe
  2⤵
  PID:2656
- C:\Windows\System\MCVEjNT.exe
  C:\Windows\System\MCVEjNT.exe
  2⤵
  PID:2752
- C:\Windows\System\lHAIVxQ.exe
  C:\Windows\System\lHAIVxQ.exe
  2⤵
  PID:3080
- C:\Windows\System\xzDmLqV.exe
  C:\Windows\System\xzDmLqV.exe
  2⤵
  PID:3100
- C:\Windows\System\DdjuYem.exe
  C:\Windows\System\DdjuYem.exe
  2⤵
  PID:3120
- C:\Windows\System\EKKriua.exe
  C:\Windows\System\EKKriua.exe
  2⤵
  PID:3136
- C:\Windows\System\AsBviwi.exe
  C:\Windows\System\AsBviwi.exe
  2⤵
  PID:3152
- C:\Windows\System\suxodAV.exe
  C:\Windows\System\suxodAV.exe
  2⤵
  PID:3168
- C:\Windows\System\uzolfDV.exe
  C:\Windows\System\uzolfDV.exe
  2⤵
  PID:3196
- C:\Windows\System\BgvIxKH.exe
  C:\Windows\System\BgvIxKH.exe
  2⤵
  PID:3216
- C:\Windows\System\HozIxul.exe
  C:\Windows\System\HozIxul.exe
  2⤵
  PID:3232
- C:\Windows\System\razJeBM.exe
  C:\Windows\System\razJeBM.exe
  2⤵
  PID:3248
- C:\Windows\System\TMmhMse.exe
  C:\Windows\System\TMmhMse.exe
  2⤵
  PID:3272
- C:\Windows\System\PUWMuau.exe
  C:\Windows\System\PUWMuau.exe
  2⤵
  PID:3288
- C:\Windows\System\yuGqACi.exe
  C:\Windows\System\yuGqACi.exe
  2⤵
  PID:3304
- C:\Windows\System\eGzZEKK.exe
  C:\Windows\System\eGzZEKK.exe
  2⤵
  PID:3320
- C:\Windows\System\PQwmwUx.exe
  C:\Windows\System\PQwmwUx.exe
  2⤵
  PID:3336
- C:\Windows\System\SXpouNl.exe
  C:\Windows\System\SXpouNl.exe
  2⤵
  PID:3352
- C:\Windows\System\iRpWSwc.exe
  C:\Windows\System\iRpWSwc.exe
  2⤵
  PID:3372
- C:\Windows\System\GWMSxxG.exe
  C:\Windows\System\GWMSxxG.exe
  2⤵
  PID:3396
- C:\Windows\System\rVumzsW.exe
  C:\Windows\System\rVumzsW.exe
  2⤵
  PID:3416
- C:\Windows\System\MKeUEAD.exe
  C:\Windows\System\MKeUEAD.exe
  2⤵
  PID:3432
- C:\Windows\System\hglBWOC.exe
  C:\Windows\System\hglBWOC.exe
  2⤵
  PID:3504
- C:\Windows\System\hVgaDVc.exe
  C:\Windows\System\hVgaDVc.exe
  2⤵
  PID:3520
- C:\Windows\System\AORpgyQ.exe
  C:\Windows\System\AORpgyQ.exe
  2⤵
  PID:3540
- C:\Windows\System\DvAfQAd.exe
  C:\Windows\System\DvAfQAd.exe
  2⤵
  PID:3556
- C:\Windows\System\gtMXAKk.exe
  C:\Windows\System\gtMXAKk.exe
  2⤵
  PID:3572
- C:\Windows\System\vZWGFDf.exe
  C:\Windows\System\vZWGFDf.exe
  2⤵
  PID:3588
- C:\Windows\System\PuWfmVb.exe
  C:\Windows\System\PuWfmVb.exe
  2⤵
  PID:3604
- C:\Windows\System\mwThrMg.exe
  C:\Windows\System\mwThrMg.exe
  2⤵
  PID:3628
- C:\Windows\System\COLYaxM.exe
  C:\Windows\System\COLYaxM.exe
  2⤵
  PID:3648
- C:\Windows\System\jzySKkc.exe
  C:\Windows\System\jzySKkc.exe
  2⤵
  PID:3680
- C:\Windows\System\SHEEKzF.exe
  C:\Windows\System\SHEEKzF.exe
  2⤵
  PID:3700
- C:\Windows\System\faLFRen.exe
  C:\Windows\System\faLFRen.exe
  2⤵
  PID:3716
- C:\Windows\System\UhyuoWu.exe
  C:\Windows\System\UhyuoWu.exe
  2⤵
  PID:3740
- C:\Windows\System\uAAcmbD.exe
  C:\Windows\System\uAAcmbD.exe
  2⤵
  PID:3756
- C:\Windows\System\gVCZmoS.exe
  C:\Windows\System\gVCZmoS.exe
  2⤵
  PID:3772
- C:\Windows\System\GnuoJTA.exe
  C:\Windows\System\GnuoJTA.exe
  2⤵
  PID:3792
- C:\Windows\System\iVvNfgt.exe
  C:\Windows\System\iVvNfgt.exe
  2⤵
  PID:3824
- C:\Windows\System\iTXbGBi.exe
  C:\Windows\System\iTXbGBi.exe
  2⤵
  PID:3840
- C:\Windows\System\tFNqwmm.exe
  C:\Windows\System\tFNqwmm.exe
  2⤵
  PID:3856
- C:\Windows\System\WxTPxYa.exe
  C:\Windows\System\WxTPxYa.exe
  2⤵
  PID:3872
- C:\Windows\System\sHMypcY.exe
  C:\Windows\System\sHMypcY.exe
  2⤵
  PID:3892
- C:\Windows\System\rUitwOh.exe
  C:\Windows\System\rUitwOh.exe
  2⤵
  PID:3908
- C:\Windows\System\acRUcif.exe
  C:\Windows\System\acRUcif.exe
  2⤵
  PID:3924
- C:\Windows\System\TJXbxcv.exe
  C:\Windows\System\TJXbxcv.exe
  2⤵
  PID:3948
- C:\Windows\System\zGjAUqw.exe
  C:\Windows\System\zGjAUqw.exe
  2⤵
  PID:3968
- C:\Windows\System\OMFPiJU.exe
  C:\Windows\System\OMFPiJU.exe
  2⤵
  PID:3984
- C:\Windows\System\qJvjPGv.exe
  C:\Windows\System\qJvjPGv.exe
  2⤵
  PID:4000
- C:\Windows\System\biDXmfK.exe
  C:\Windows\System\biDXmfK.exe
  2⤵
  PID:4016
- C:\Windows\System\vYZfPkB.exe
  C:\Windows\System\vYZfPkB.exe
  2⤵
  PID:4040
- C:\Windows\System\qwvMNNX.exe
  C:\Windows\System\qwvMNNX.exe
  2⤵
  PID:4060
- C:\Windows\System\mcBNUzI.exe
  C:\Windows\System\mcBNUzI.exe
  2⤵
  PID:4076
- C:\Windows\System\qPpQbAx.exe
  C:\Windows\System\qPpQbAx.exe
  2⤵
  PID:4092
- C:\Windows\System\hZNsjNw.exe
  C:\Windows\System\hZNsjNw.exe
  2⤵
  PID:3092
- C:\Windows\System\BAzcsCR.exe
  C:\Windows\System\BAzcsCR.exe
  2⤵
  PID:3160
- C:\Windows\System\GeMjjZQ.exe
  C:\Windows\System\GeMjjZQ.exe
  2⤵
  PID:3244
- C:\Windows\System\tHXWNoH.exe
  C:\Windows\System\tHXWNoH.exe
  2⤵
  PID:3280
- C:\Windows\System\ieBFjbJ.exe
  C:\Windows\System\ieBFjbJ.exe
  2⤵
  PID:3380
- C:\Windows\System\zrnJDap.exe
  C:\Windows\System\zrnJDap.exe
  2⤵
  PID:3428
- C:\Windows\System\bkGQqtL.exe
  C:\Windows\System\bkGQqtL.exe
  2⤵
  PID:2872
- C:\Windows\System\zlbtqfK.exe
  C:\Windows\System\zlbtqfK.exe
  2⤵
  PID:3412
- C:\Windows\System\NBPmPzS.exe
  C:\Windows\System\NBPmPzS.exe
  2⤵
  PID:3460
- C:\Windows\System\fJRMnhd.exe
  C:\Windows\System\fJRMnhd.exe
  2⤵
  PID:3448
- C:\Windows\System\QvSOOGC.exe
  C:\Windows\System\QvSOOGC.exe
  2⤵
  PID:3256
- C:\Windows\System\Eoitlpb.exe
  C:\Windows\System\Eoitlpb.exe
  2⤵
  PID:3328
- C:\Windows\System\IdNoUum.exe
  C:\Windows\System\IdNoUum.exe
  2⤵
  PID:3364
- C:\Windows\System\wdwZfBd.exe
  C:\Windows\System\wdwZfBd.exe
  2⤵
  PID:3496
- C:\Windows\System\NsAisnY.exe
  C:\Windows\System\NsAisnY.exe
  2⤵
  PID:3484
- C:\Windows\System\BBlZEDU.exe
  C:\Windows\System\BBlZEDU.exe
  2⤵
  PID:3612
- C:\Windows\System\rgnumbk.exe
  C:\Windows\System\rgnumbk.exe
  2⤵
  PID:1988
- C:\Windows\System\hfHPiKB.exe
  C:\Windows\System\hfHPiKB.exe
  2⤵
  PID:3636
- C:\Windows\System\JRxnwwh.exe
  C:\Windows\System\JRxnwwh.exe
  2⤵
  PID:3596
- C:\Windows\System\zhhmMvl.exe
  C:\Windows\System\zhhmMvl.exe
  2⤵
  PID:624
- C:\Windows\System\ciOBVVP.exe
  C:\Windows\System\ciOBVVP.exe
  2⤵
  PID:3676
- C:\Windows\System\OtRaZHC.exe
  C:\Windows\System\OtRaZHC.exe
  2⤵
  PID:3688
- C:\Windows\System\BTyaslV.exe
  C:\Windows\System\BTyaslV.exe
  2⤵
  PID:3708
- C:\Windows\System\pmMuFRj.exe
  C:\Windows\System\pmMuFRj.exe
  2⤵
  PID:3752
- C:\Windows\System\BcSiaHP.exe
  C:\Windows\System\BcSiaHP.exe
  2⤵
  PID:2336
- C:\Windows\System\tgYEybH.exe
  C:\Windows\System\tgYEybH.exe
  2⤵
  PID:3808
- C:\Windows\System\hLaSdFX.exe
  C:\Windows\System\hLaSdFX.exe
  2⤵
  PID:2504
- C:\Windows\System\ehcpfti.exe
  C:\Windows\System\ehcpfti.exe
  2⤵
  PID:3868
- C:\Windows\System\MPvTXFu.exe
  C:\Windows\System\MPvTXFu.exe
  2⤵
  PID:4056
- C:\Windows\System\fMaZWgq.exe
  C:\Windows\System\fMaZWgq.exe
  2⤵
  PID:3132
- C:\Windows\System\Zwtqegd.exe
  C:\Windows\System\Zwtqegd.exe
  2⤵
  PID:3916
- C:\Windows\System\fwJGWEb.exe
  C:\Windows\System\fwJGWEb.exe
  2⤵
  PID:3992
- C:\Windows\System\NSSQUZQ.exe
  C:\Windows\System\NSSQUZQ.exe
  2⤵
  PID:4032
- C:\Windows\System\aVfsytA.exe
  C:\Windows\System\aVfsytA.exe
  2⤵
  PID:3920
- C:\Windows\System\TahmdtK.exe
  C:\Windows\System\TahmdtK.exe
  2⤵
  PID:1272
- C:\Windows\System\GkeyXSR.exe
  C:\Windows\System\GkeyXSR.exe
  2⤵
  PID:3888
- C:\Windows\System\JcpqWGD.exe
  C:\Windows\System\JcpqWGD.exe
  2⤵
  PID:2156
- C:\Windows\System\nnUSIEU.exe
  C:\Windows\System\nnUSIEU.exe
  2⤵
  PID:2328
- C:\Windows\System\JTzoouO.exe
  C:\Windows\System\JTzoouO.exe
  2⤵
  PID:2848
- C:\Windows\System\EOVYvTl.exe
  C:\Windows\System\EOVYvTl.exe
  2⤵
  PID:3148
- C:\Windows\System\OxLGgWH.exe
  C:\Windows\System\OxLGgWH.exe
  2⤵
  PID:3456
- C:\Windows\System\USQfIDI.exe
  C:\Windows\System\USQfIDI.exe
  2⤵
  PID:268
- C:\Windows\System\AnYJsNb.exe
  C:\Windows\System\AnYJsNb.exe
  2⤵
  PID:3296
- C:\Windows\System\lpSJzIH.exe
  C:\Windows\System\lpSJzIH.exe
  2⤵
  PID:3516
- C:\Windows\System\rojOMxJ.exe
  C:\Windows\System\rojOMxJ.exe
  2⤵
  PID:2592
- C:\Windows\System\BDmjWMI.exe
  C:\Windows\System\BDmjWMI.exe
  2⤵
  PID:3488
- C:\Windows\System\YENgmus.exe
  C:\Windows\System\YENgmus.exe
  2⤵
  PID:3584
- C:\Windows\System\htDUFcN.exe
  C:\Windows\System\htDUFcN.exe
  2⤵
  PID:3568
- C:\Windows\System\gkUiKRj.exe
  C:\Windows\System\gkUiKRj.exe
  2⤵
  PID:3732
- C:\Windows\System\dSVKdKs.exe
  C:\Windows\System\dSVKdKs.exe
  2⤵
  PID:3764
- C:\Windows\System\nYqkadz.exe
  C:\Windows\System\nYqkadz.exe
  2⤵
  PID:3864
- C:\Windows\System\EAVVClK.exe
  C:\Windows\System\EAVVClK.exe
  2⤵
  PID:3696
- C:\Windows\System\CVdJyXl.exe
  C:\Windows\System\CVdJyXl.exe
  2⤵
  PID:3620
- C:\Windows\System\TueoSYC.exe
  C:\Windows\System\TueoSYC.exe
  2⤵
  PID:1768
- C:\Windows\System\xRKauPH.exe
  C:\Windows\System\xRKauPH.exe
  2⤵
  PID:3976
- C:\Windows\System\JBNpxVK.exe
  C:\Windows\System\JBNpxVK.exe
  2⤵
  PID:4048
- C:\Windows\System\CasNLLL.exe
  C:\Windows\System\CasNLLL.exe
  2⤵
  PID:4088
- C:\Windows\System\HnFoHcu.exe
  C:\Windows\System\HnFoHcu.exe
  2⤵
  PID:3880
- C:\Windows\System\ZPLAqaB.exe
  C:\Windows\System\ZPLAqaB.exe
  2⤵
  PID:1300
- C:\Windows\System\SoxbPQr.exe
  C:\Windows\System\SoxbPQr.exe
  2⤵
  PID:1584
- C:\Windows\System\dbewcTQ.exe
  C:\Windows\System\dbewcTQ.exe
  2⤵
  PID:3068
- C:\Windows\System\frSTvOj.exe
  C:\Windows\System\frSTvOj.exe
  2⤵
  PID:3184
- C:\Windows\System\PzXIaJj.exe
  C:\Windows\System\PzXIaJj.exe
  2⤵
  PID:3500
- C:\Windows\System\CpOQnIY.exe
  C:\Windows\System\CpOQnIY.exe
  2⤵
  PID:3480
- C:\Windows\System\DDRSNZD.exe
  C:\Windows\System\DDRSNZD.exe
  2⤵
  PID:3268
- C:\Windows\System\GGzSBZm.exe
  C:\Windows\System\GGzSBZm.exe
  2⤵
  PID:3564
- C:\Windows\System\RzUjcDL.exe
  C:\Windows\System\RzUjcDL.exe
  2⤵
  PID:3672
- C:\Windows\System\hPNalxV.exe
  C:\Windows\System\hPNalxV.exe
  2⤵
  PID:4012
- C:\Windows\System\lIDKsgu.exe
  C:\Windows\System\lIDKsgu.exe
  2⤵
  PID:3552
- C:\Windows\System\JFfPRwk.exe
  C:\Windows\System\JFfPRwk.exe
  2⤵
  PID:3944
- C:\Windows\System\BblyCQA.exe
  C:\Windows\System\BblyCQA.exe
  2⤵
  PID:2996
- C:\Windows\System\gANwvgQ.exe
  C:\Windows\System\gANwvgQ.exe
  2⤵
  PID:3836
- C:\Windows\System\diIBOkv.exe
  C:\Windows\System\diIBOkv.exe
  2⤵
  PID:3904
- C:\Windows\System\HsSvFJZ.exe
  C:\Windows\System\HsSvFJZ.exe
  2⤵
  PID:2344
- C:\Windows\System\LzQCPco.exe
  C:\Windows\System\LzQCPco.exe
  2⤵
  PID:1288
- C:\Windows\System\JQsAyQD.exe
  C:\Windows\System\JQsAyQD.exe
  2⤵
  PID:3240
- C:\Windows\System\DWxQsnm.exe
  C:\Windows\System\DWxQsnm.exe
  2⤵
  PID:3112
- C:\Windows\System\FaxjQZv.exe
  C:\Windows\System\FaxjQZv.exe
  2⤵
  PID:2960
- C:\Windows\System\FxObfii.exe
  C:\Windows\System\FxObfii.exe
  2⤵
  PID:3368
- C:\Windows\System\anALbID.exe
  C:\Windows\System\anALbID.exe
  2⤵
  PID:1284
- C:\Windows\System\QznOUlC.exe
  C:\Windows\System\QznOUlC.exe
  2⤵
  PID:3964
- C:\Windows\System\QQSvnut.exe
  C:\Windows\System\QQSvnut.exe
  2⤵
  PID:2760
- C:\Windows\System\eOmsbif.exe
  C:\Windows\System\eOmsbif.exe
  2⤵
  PID:3088
- C:\Windows\System\mrVtyKv.exe
  C:\Windows\System\mrVtyKv.exe
  2⤵
  PID:4028
- C:\Windows\System\YwByZNv.exe
  C:\Windows\System\YwByZNv.exe
  2⤵
  PID:1392
- C:\Windows\System\XLvigae.exe
  C:\Windows\System\XLvigae.exe
  2⤵
  PID:676
- C:\Windows\System\ReYtLJL.exe
  C:\Windows\System\ReYtLJL.exe
  2⤵
  PID:2436
- C:\Windows\System\njSMtEv.exe
  C:\Windows\System\njSMtEv.exe
  2⤵
  PID:2616
- C:\Windows\System\EHRRiuU.exe
  C:\Windows\System\EHRRiuU.exe
  2⤵
  PID:3820
- C:\Windows\System\RXcQrDI.exe
  C:\Windows\System\RXcQrDI.exe
  2⤵
  PID:1636
- C:\Windows\System\CRctWWD.exe
  C:\Windows\System\CRctWWD.exe
  2⤵
  PID:4112
- C:\Windows\System\XzRozDr.exe
  C:\Windows\System\XzRozDr.exe
  2⤵
  PID:4164
- C:\Windows\System\qoIkseu.exe
  C:\Windows\System\qoIkseu.exe
  2⤵
  PID:4184
- C:\Windows\System\UZlNggj.exe
  C:\Windows\System\UZlNggj.exe
  2⤵
  PID:4204
- C:\Windows\System\AcGIkrw.exe
  C:\Windows\System\AcGIkrw.exe
  2⤵
  PID:4220
- C:\Windows\System\dJUwSdF.exe
  C:\Windows\System\dJUwSdF.exe
  2⤵
  PID:4236
- C:\Windows\System\CZxhimX.exe
  C:\Windows\System\CZxhimX.exe
  2⤵
  PID:4252
- C:\Windows\System\ZYcXZcU.exe
  C:\Windows\System\ZYcXZcU.exe
  2⤵
  PID:4268
- C:\Windows\System\qsOvXBh.exe
  C:\Windows\System\qsOvXBh.exe
  2⤵
  PID:4296
- C:\Windows\System\CSdjVyx.exe
  C:\Windows\System\CSdjVyx.exe
  2⤵
  PID:4316
- C:\Windows\System\ZWJJFXz.exe
  C:\Windows\System\ZWJJFXz.exe
  2⤵
  PID:4332
- C:\Windows\System\rkynomn.exe
  C:\Windows\System\rkynomn.exe
  2⤵
  PID:4348
- C:\Windows\System\AYHGoMh.exe
  C:\Windows\System\AYHGoMh.exe
  2⤵
  PID:4364
- C:\Windows\System\RyMGFCI.exe
  C:\Windows\System\RyMGFCI.exe
  2⤵
  PID:4380
- C:\Windows\System\qQpSMvq.exe
  C:\Windows\System\qQpSMvq.exe
  2⤵
  PID:4396
- C:\Windows\System\CusJigo.exe
  C:\Windows\System\CusJigo.exe
  2⤵
  PID:4412
- C:\Windows\System\VScLAPE.exe
  C:\Windows\System\VScLAPE.exe
  2⤵
  PID:4428
- C:\Windows\System\RBQqoID.exe
  C:\Windows\System\RBQqoID.exe
  2⤵
  PID:4444
- C:\Windows\System\ZPsGpIq.exe
  C:\Windows\System\ZPsGpIq.exe
  2⤵
  PID:4460
- C:\Windows\System\SqvtsOf.exe
  C:\Windows\System\SqvtsOf.exe
  2⤵
  PID:4524
- C:\Windows\System\aBHUdGi.exe
  C:\Windows\System\aBHUdGi.exe
  2⤵
  PID:4544
- C:\Windows\System\zOokLyL.exe
  C:\Windows\System\zOokLyL.exe
  2⤵
  PID:4560
- C:\Windows\System\DsUSMQB.exe
  C:\Windows\System\DsUSMQB.exe
  2⤵
  PID:4576
- C:\Windows\System\ouWnwaK.exe
  C:\Windows\System\ouWnwaK.exe
  2⤵
  PID:4604
- C:\Windows\System\gGPxBNm.exe
  C:\Windows\System\gGPxBNm.exe
  2⤵
  PID:4620
- C:\Windows\System\wUqypnK.exe
  C:\Windows\System\wUqypnK.exe
  2⤵
  PID:4640
- C:\Windows\System\kaOAeQM.exe
  C:\Windows\System\kaOAeQM.exe
  2⤵
  PID:4656
- C:\Windows\System\qQmywvV.exe
  C:\Windows\System\qQmywvV.exe
  2⤵
  PID:4676
- C:\Windows\System\papBGjk.exe
  C:\Windows\System\papBGjk.exe
  2⤵
  PID:4692
- C:\Windows\System\zbnjFun.exe
  C:\Windows\System\zbnjFun.exe
  2⤵
  PID:4708
- C:\Windows\System\GUcURhm.exe
  C:\Windows\System\GUcURhm.exe
  2⤵
  PID:4724
- C:\Windows\System\lKIbMJz.exe
  C:\Windows\System\lKIbMJz.exe
  2⤵
  PID:4740
- C:\Windows\System\wEzhSIA.exe
  C:\Windows\System\wEzhSIA.exe
  2⤵
  PID:4756
- C:\Windows\System\qHJlaUM.exe
  C:\Windows\System\qHJlaUM.exe
  2⤵
  PID:4776
- C:\Windows\System\uVAFizI.exe
  C:\Windows\System\uVAFizI.exe
  2⤵
  PID:4804
- C:\Windows\System\ntAGGUe.exe
  C:\Windows\System\ntAGGUe.exe
  2⤵
  PID:4836
- C:\Windows\System\tfHoshi.exe
  C:\Windows\System\tfHoshi.exe
  2⤵
  PID:4852
- C:\Windows\System\KonAhBd.exe
  C:\Windows\System\KonAhBd.exe
  2⤵
  PID:4872
- C:\Windows\System\GebpyAt.exe
  C:\Windows\System\GebpyAt.exe
  2⤵
  PID:4900
- C:\Windows\System\BIhyZbc.exe
  C:\Windows\System\BIhyZbc.exe
  2⤵
  PID:4920
- C:\Windows\System\jzBUfRE.exe
  C:\Windows\System\jzBUfRE.exe
  2⤵
  PID:4936
- C:\Windows\System\CvJTNJT.exe
  C:\Windows\System\CvJTNJT.exe
  2⤵
  PID:4952
- C:\Windows\System\WOmDBth.exe
  C:\Windows\System\WOmDBth.exe
  2⤵
  PID:4968
- C:\Windows\System\NJPpfia.exe
  C:\Windows\System\NJPpfia.exe
  2⤵
  PID:4984
- C:\Windows\System\EuCxIeB.exe
  C:\Windows\System\EuCxIeB.exe
  2⤵
  PID:5004
- C:\Windows\System\BCkyNtp.exe
  C:\Windows\System\BCkyNtp.exe
  2⤵
  PID:5024
- C:\Windows\System\mHTJwPk.exe
  C:\Windows\System\mHTJwPk.exe
  2⤵
  PID:5048
- C:\Windows\System\PRpQOgF.exe
  C:\Windows\System\PRpQOgF.exe
  2⤵
  PID:5072
- C:\Windows\System\CMCNiXw.exe
  C:\Windows\System\CMCNiXw.exe
  2⤵
  PID:5096
- C:\Windows\System\wsBgfez.exe
  C:\Windows\System\wsBgfez.exe
  2⤵
  PID:5112
- C:\Windows\System\NauPtMh.exe
  C:\Windows\System\NauPtMh.exe
  2⤵
  PID:3128
- C:\Windows\System\COXFClo.exe
  C:\Windows\System\COXFClo.exe
  2⤵
  PID:3580
- C:\Windows\System\BePCeYo.exe
  C:\Windows\System\BePCeYo.exe
  2⤵
  PID:2284
- C:\Windows\System\pfbwTal.exe
  C:\Windows\System\pfbwTal.exe
  2⤵
  PID:648
- C:\Windows\System\isicGqI.exe
  C:\Windows\System\isicGqI.exe
  2⤵
  PID:4132
- C:\Windows\System\EHkkLtN.exe
  C:\Windows\System\EHkkLtN.exe
  2⤵
  PID:4156
- C:\Windows\System\fBMWfgU.exe
  C:\Windows\System\fBMWfgU.exe
  2⤵
  PID:4200
- C:\Windows\System\KRKKYgi.exe
  C:\Windows\System\KRKKYgi.exe
  2⤵
  PID:4172
- C:\Windows\System\bIwzvWp.exe
  C:\Windows\System\bIwzvWp.exe
  2⤵
  PID:4216
- C:\Windows\System\gEOGJBU.exe
  C:\Windows\System\gEOGJBU.exe
  2⤵
  PID:1144
- C:\Windows\System\FSJaZMO.exe
  C:\Windows\System\FSJaZMO.exe
  2⤵
  PID:4304
- C:\Windows\System\cKrlWTF.exe
  C:\Windows\System\cKrlWTF.exe
  2⤵
  PID:4344
- C:\Windows\System\tXZBWIp.exe
  C:\Windows\System\tXZBWIp.exe
  2⤵
  PID:4436
- C:\Windows\System\lLeZHmK.exe
  C:\Windows\System\lLeZHmK.exe
  2⤵
  PID:4480
- C:\Windows\System\rBqYloy.exe
  C:\Windows\System\rBqYloy.exe
  2⤵
  PID:4496
- C:\Windows\System\SClQOJg.exe
  C:\Windows\System\SClQOJg.exe
  2⤵
  PID:4388
- C:\Windows\System\rTCIXIw.exe
  C:\Windows\System\rTCIXIw.exe
  2⤵
  PID:4516
- C:\Windows\System\EYrwMEz.exe
  C:\Windows\System\EYrwMEz.exe
  2⤵
  PID:4520
- C:\Windows\System\RcqMmhb.exe
  C:\Windows\System\RcqMmhb.exe
  2⤵
  PID:4556
- C:\Windows\System\uAPRiqF.exe
  C:\Windows\System\uAPRiqF.exe
  2⤵
  PID:4572
- C:\Windows\System\UMurKum.exe
  C:\Windows\System\UMurKum.exe
  2⤵
  PID:4612
- C:\Windows\System\IFbIWpA.exe
  C:\Windows\System\IFbIWpA.exe
  2⤵
  PID:4700
- C:\Windows\System\ztmvGqb.exe
  C:\Windows\System\ztmvGqb.exe
  2⤵
  PID:4704
- C:\Windows\System\QRiiOJx.exe
  C:\Windows\System\QRiiOJx.exe
  2⤵
  PID:4768
- C:\Windows\System\MXeLpBW.exe
  C:\Windows\System\MXeLpBW.exe
  2⤵
  PID:4748
- C:\Windows\System\RnwKGdP.exe
  C:\Windows\System\RnwKGdP.exe
  2⤵
  PID:4820
- C:\Windows\System\MGFqwGk.exe
  C:\Windows\System\MGFqwGk.exe
  2⤵
  PID:4828
- C:\Windows\System\kunwXFS.exe
  C:\Windows\System\kunwXFS.exe
  2⤵
  PID:5012
- C:\Windows\System\AIJDARC.exe
  C:\Windows\System\AIJDARC.exe
  2⤵
  PID:4880
- C:\Windows\System\izWtnRt.exe
  C:\Windows\System\izWtnRt.exe
  2⤵
  PID:5064
- C:\Windows\System\BvBMJGL.exe
  C:\Windows\System\BvBMJGL.exe
  2⤵
  PID:4024
- C:\Windows\System\SxkFkLv.exe
  C:\Windows\System\SxkFkLv.exe
  2⤵
  PID:4104
- C:\Windows\System\jEUBakK.exe
  C:\Windows\System\jEUBakK.exe
  2⤵
  PID:4992
- C:\Windows\System\abtHSgU.exe
  C:\Windows\System\abtHSgU.exe
  2⤵
  PID:4896
- C:\Windows\System\NCDGvVg.exe
  C:\Windows\System\NCDGvVg.exe
  2⤵
  PID:2424
- C:\Windows\System\EyRLmJA.exe
  C:\Windows\System\EyRLmJA.exe
  2⤵
  PID:3816
- C:\Windows\System\gJFeJeL.exe
  C:\Windows\System\gJFeJeL.exe
  2⤵
  PID:5088
- C:\Windows\System\lWVCZQo.exe
  C:\Windows\System\lWVCZQo.exe
  2⤵
  PID:3644
- C:\Windows\System\QjdSByw.exe
  C:\Windows\System\QjdSByw.exe
  2⤵
  PID:5044
- C:\Windows\System\IlVTZFS.exe
  C:\Windows\System\IlVTZFS.exe
  2⤵
  PID:4264
- C:\Windows\System\hOnnuMN.exe
  C:\Windows\System\hOnnuMN.exe
  2⤵
  PID:4192
- C:\Windows\System\wECrobX.exe
  C:\Windows\System\wECrobX.exe
  2⤵
  PID:4284
- C:\Windows\System\CUvWaRF.exe
  C:\Windows\System\CUvWaRF.exe
  2⤵
  PID:4472
- C:\Windows\System\LkocrUO.exe
  C:\Windows\System\LkocrUO.exe
  2⤵
  PID:4456
- C:\Windows\System\EmlFeXN.exe
  C:\Windows\System\EmlFeXN.exe
  2⤵
  PID:4568
- C:\Windows\System\lylHbdQ.exe
  C:\Windows\System\lylHbdQ.exe
  2⤵
  PID:4764
- C:\Windows\System\ecjuXWx.exe
  C:\Windows\System\ecjuXWx.exe
  2⤵
  PID:4652
- C:\Windows\System\LCocxyl.exe
  C:\Windows\System\LCocxyl.exe
  2⤵
  PID:4376
- C:\Windows\System\zmSVJTD.exe
  C:\Windows\System\zmSVJTD.exe
  2⤵
  PID:4648
- C:\Windows\System\aCLlmzf.exe
  C:\Windows\System\aCLlmzf.exe
  2⤵
  PID:4868
- C:\Windows\System\IfCKhzJ.exe
  C:\Windows\System\IfCKhzJ.exe
  2⤵
  PID:4916
- C:\Windows\System\ZrQDMjJ.exe
  C:\Windows\System\ZrQDMjJ.exe
  2⤵
  PID:4420
- C:\Windows\System\fCjCytc.exe
  C:\Windows\System\fCjCytc.exe
  2⤵
  PID:4720
- C:\Windows\System\ZjCYYIr.exe
  C:\Windows\System\ZjCYYIr.exe
  2⤵
  PID:1692
- C:\Windows\System\whdgegf.exe
  C:\Windows\System\whdgegf.exe
  2⤵
  PID:5108
- C:\Windows\System\kXAqsXK.exe
  C:\Windows\System\kXAqsXK.exe
  2⤵
  PID:4108
- C:\Windows\System\KWNzfXL.exe
  C:\Windows\System\KWNzfXL.exe
  2⤵
  PID:4136
- C:\Windows\System\BHkajFi.exe
  C:\Windows\System\BHkajFi.exe
  2⤵
  PID:3664
- C:\Windows\System\JutxyTa.exe
  C:\Windows\System\JutxyTa.exe
  2⤵
  PID:4152
- C:\Windows\System\oCjsnjH.exe
  C:\Windows\System\oCjsnjH.exe
  2⤵
  PID:5000
- C:\Windows\System\VZIDxpW.exe
  C:\Windows\System\VZIDxpW.exe
  2⤵
  PID:4288
- C:\Windows\System\tWzTjWe.exe
  C:\Windows\System\tWzTjWe.exe
  2⤵
  PID:4124
- C:\Windows\System\LZUfdCi.exe
  C:\Windows\System\LZUfdCi.exe
  2⤵
  PID:4468
- C:\Windows\System\zEENqiD.exe
  C:\Windows\System\zEENqiD.exe
  2⤵
  PID:4752
- C:\Windows\System\iAXCkLl.exe
  C:\Windows\System\iAXCkLl.exe
  2⤵
  PID:4912
- C:\Windows\System\OIQXlhC.exe
  C:\Windows\System\OIQXlhC.exe
  2⤵
  PID:4508
- C:\Windows\System\aDuzYMu.exe
  C:\Windows\System\aDuzYMu.exe
  2⤵
  PID:4636
- C:\Windows\System\rTelwBp.exe
  C:\Windows\System\rTelwBp.exe
  2⤵
  PID:5160
- C:\Windows\System\lpWAjJu.exe
  C:\Windows\System\lpWAjJu.exe
  2⤵
  PID:5176
- C:\Windows\System\SeYHWiB.exe
  C:\Windows\System\SeYHWiB.exe
  2⤵
  PID:5192
- C:\Windows\System\PfBPgna.exe
  C:\Windows\System\PfBPgna.exe
  2⤵
  PID:5212
- C:\Windows\System\fUutMRE.exe
  C:\Windows\System\fUutMRE.exe
  2⤵
  PID:5232
- C:\Windows\System\NrfzCLh.exe
  C:\Windows\System\NrfzCLh.exe
  2⤵
  PID:5248
- C:\Windows\System\njkdIRZ.exe
  C:\Windows\System\njkdIRZ.exe
  2⤵
  PID:5264
- C:\Windows\System\DWLUKat.exe
  C:\Windows\System\DWLUKat.exe
  2⤵
  PID:5280
- C:\Windows\System\QBxqoTF.exe
  C:\Windows\System\QBxqoTF.exe
  2⤵
  PID:5300
- C:\Windows\System\jrMidJu.exe
  C:\Windows\System\jrMidJu.exe
  2⤵
  PID:5316
- C:\Windows\System\cfxUSTj.exe
  C:\Windows\System\cfxUSTj.exe
  2⤵
  PID:5332
- C:\Windows\System\CowPhmq.exe
  C:\Windows\System\CowPhmq.exe
  2⤵
  PID:5348
- C:\Windows\System\iaeukoJ.exe
  C:\Windows\System\iaeukoJ.exe
  2⤵
  PID:5368
- C:\Windows\System\WlQQGfs.exe
  C:\Windows\System\WlQQGfs.exe
  2⤵
  PID:5388
- C:\Windows\System\buCOoBl.exe
  C:\Windows\System\buCOoBl.exe
  2⤵
  PID:5408
- C:\Windows\System\eAfVmRb.exe
  C:\Windows\System\eAfVmRb.exe
  2⤵
  PID:5428
- C:\Windows\System\WuSusYU.exe
  C:\Windows\System\WuSusYU.exe
  2⤵
  PID:5488
- C:\Windows\System\PMpvSdZ.exe
  C:\Windows\System\PMpvSdZ.exe
  2⤵
  PID:5504
- C:\Windows\System\gKZrnhk.exe
  C:\Windows\System\gKZrnhk.exe
  2⤵
  PID:5520
- C:\Windows\System\EZvjqHT.exe
  C:\Windows\System\EZvjqHT.exe
  2⤵
  PID:5536
- C:\Windows\System\ioaSyKV.exe
  C:\Windows\System\ioaSyKV.exe
  2⤵
  PID:5552
- C:\Windows\System\inYmibW.exe
  C:\Windows\System\inYmibW.exe
  2⤵
  PID:5568
- C:\Windows\System\uNiusgS.exe
  C:\Windows\System\uNiusgS.exe
  2⤵
  PID:5584
- C:\Windows\System\BcBLoyf.exe
  C:\Windows\System\BcBLoyf.exe
  2⤵
  PID:5600
- C:\Windows\System\bgaaaSJ.exe
  C:\Windows\System\bgaaaSJ.exe
  2⤵
  PID:5616
- C:\Windows\System\fInSGDp.exe
  C:\Windows\System\fInSGDp.exe
  2⤵
  PID:5632
- C:\Windows\System\mxzmbPx.exe
  C:\Windows\System\mxzmbPx.exe
  2⤵
  PID:5652
- C:\Windows\System\QaRcraA.exe
  C:\Windows\System\QaRcraA.exe
  2⤵
  PID:5672
- C:\Windows\System\waeBzsz.exe
  C:\Windows\System\waeBzsz.exe
  2⤵
  PID:5688
- C:\Windows\System\LLdItRH.exe
  C:\Windows\System\LLdItRH.exe
  2⤵
  PID:5704
- C:\Windows\System\aaileXM.exe
  C:\Windows\System\aaileXM.exe
  2⤵
  PID:5760
- C:\Windows\System\xkJBYrS.exe
  C:\Windows\System\xkJBYrS.exe
  2⤵
  PID:5780
- C:\Windows\System\QZCKtEr.exe
  C:\Windows\System\QZCKtEr.exe
  2⤵
  PID:5796
- C:\Windows\System\ButdGuR.exe
  C:\Windows\System\ButdGuR.exe
  2⤵
  PID:5816
- C:\Windows\System\vUJlCIK.exe
  C:\Windows\System\vUJlCIK.exe
  2⤵
  PID:5836
- C:\Windows\System\QOOzebf.exe
  C:\Windows\System\QOOzebf.exe
  2⤵
  PID:5852
- C:\Windows\System\mKqTrxH.exe
  C:\Windows\System\mKqTrxH.exe
  2⤵
  PID:5868
- C:\Windows\System\kwcpLOg.exe
  C:\Windows\System\kwcpLOg.exe
  2⤵
  PID:5888
- C:\Windows\System\NbDERfW.exe
  C:\Windows\System\NbDERfW.exe
  2⤵
  PID:5904
- C:\Windows\System\cvuVRqG.exe
  C:\Windows\System\cvuVRqG.exe
  2⤵
  PID:5924
- C:\Windows\System\XoiclaX.exe
  C:\Windows\System\XoiclaX.exe
  2⤵
  PID:5940
- C:\Windows\System\KYpbHHY.exe
  C:\Windows\System\KYpbHHY.exe
  2⤵
  PID:5956
- C:\Windows\System\yuoxqDK.exe
  C:\Windows\System\yuoxqDK.exe
  2⤵
  PID:5980
- C:\Windows\System\zmwLlgR.exe
  C:\Windows\System\zmwLlgR.exe
  2⤵
  PID:6004
- C:\Windows\System\BmoFTzH.exe
  C:\Windows\System\BmoFTzH.exe
  2⤵
  PID:6032
- C:\Windows\System\WhcxdMN.exe
  C:\Windows\System\WhcxdMN.exe
  2⤵
  PID:6060
- C:\Windows\System\ptVYbiq.exe
  C:\Windows\System\ptVYbiq.exe
  2⤵
  PID:6076
- C:\Windows\System\EYOmxdw.exe
  C:\Windows\System\EYOmxdw.exe
  2⤵
  PID:6104
- C:\Windows\System\SQVaUNa.exe
  C:\Windows\System\SQVaUNa.exe
  2⤵
  PID:6128
- C:\Windows\System\NLSFJFE.exe
  C:\Windows\System\NLSFJFE.exe
  2⤵
  PID:5068
- C:\Windows\System\uWYPzst.exe
  C:\Windows\System\uWYPzst.exe
  2⤵
  PID:5036
- C:\Windows\System\EWybvPY.exe
  C:\Windows\System\EWybvPY.exe
  2⤵
  PID:4312
- C:\Windows\System\DNsravw.exe
  C:\Windows\System\DNsravw.exe
  2⤵
  PID:4860
- C:\Windows\System\GtRnTeP.exe
  C:\Windows\System\GtRnTeP.exe
  2⤵
  PID:4232
- C:\Windows\System\wVUoAJg.exe
  C:\Windows\System\wVUoAJg.exe
  2⤵
  PID:4976
- C:\Windows\System\WDuDCTL.exe
  C:\Windows\System\WDuDCTL.exe
  2⤵
  PID:3016
- C:\Windows\System\uxSOvmI.exe
  C:\Windows\System\uxSOvmI.exe
  2⤵
  PID:4932
- C:\Windows\System\YwPbhOr.exe
  C:\Windows\System\YwPbhOr.exe
  2⤵
  PID:1824
- C:\Windows\System\wwezaGO.exe
  C:\Windows\System\wwezaGO.exe
  2⤵
  PID:4552
- C:\Windows\System\AcLGWOS.exe
  C:\Windows\System\AcLGWOS.exe
  2⤵
  PID:5132
- C:\Windows\System\PRllZpH.exe
  C:\Windows\System\PRllZpH.exe
  2⤵
  PID:5244
- C:\Windows\System\ulAxzSU.exe
  C:\Windows\System\ulAxzSU.exe
  2⤵
  PID:5340
- C:\Windows\System\GhiAhLy.exe
  C:\Windows\System\GhiAhLy.exe
  2⤵
  PID:5152
- C:\Windows\System\tpjZxTY.exe
  C:\Windows\System\tpjZxTY.exe
  2⤵
  PID:5292
- C:\Windows\System\pkJWOhr.exe
  C:\Windows\System\pkJWOhr.exe
  2⤵
  PID:5220
- C:\Windows\System\paBxfPA.exe
  C:\Windows\System\paBxfPA.exe
  2⤵
  PID:5256
- C:\Windows\System\olaQMGV.exe
  C:\Windows\System\olaQMGV.exe
  2⤵
  PID:5324
- C:\Windows\System\iQfnhjf.exe
  C:\Windows\System\iQfnhjf.exe
  2⤵
  PID:5424
- C:\Windows\System\tLQNggH.exe
  C:\Windows\System\tLQNggH.exe
  2⤵
  PID:5400
- C:\Windows\System\vcijipP.exe
  C:\Windows\System\vcijipP.exe
  2⤵
  PID:5444
- C:\Windows\System\eNqAfKH.exe
  C:\Windows\System\eNqAfKH.exe
  2⤵
  PID:5240
- C:\Windows\System\CfcvDCM.exe
  C:\Windows\System\CfcvDCM.exe
  2⤵
  PID:5500
- C:\Windows\System\zJXmrgX.exe
  C:\Windows\System\zJXmrgX.exe
  2⤵
  PID:5544
- C:\Windows\System\xgwJXQY.exe
  C:\Windows\System\xgwJXQY.exe
  2⤵
  PID:5608
- C:\Windows\System\HEHBkuQ.exe
  C:\Windows\System\HEHBkuQ.exe
  2⤵
  PID:5680
- C:\Windows\System\lWLxtpJ.exe
  C:\Windows\System\lWLxtpJ.exe
  2⤵
  PID:5720
- C:\Windows\System\miCKBrG.exe
  C:\Windows\System\miCKBrG.exe
  2⤵
  PID:5736
- C:\Windows\System\ViCvjSi.exe
  C:\Windows\System\ViCvjSi.exe
  2⤵
  PID:5748
- C:\Windows\System\VXNJmWJ.exe
  C:\Windows\System\VXNJmWJ.exe
  2⤵
  PID:5756
- C:\Windows\System\xCznyrW.exe
  C:\Windows\System\xCznyrW.exe
  2⤵
  PID:5788
- C:\Windows\System\GiRDyjE.exe
  C:\Windows\System\GiRDyjE.exe
  2⤵
  PID:5920
- C:\Windows\System\vlydIXM.exe
  C:\Windows\System\vlydIXM.exe
  2⤵
  PID:5952
- C:\Windows\System\ygcrLAN.exe
  C:\Windows\System\ygcrLAN.exe
  2⤵
  PID:5812
- C:\Windows\System\gjPmbJl.exe
  C:\Windows\System\gjPmbJl.exe
  2⤵
  PID:5864
- C:\Windows\System\WfXXOWu.exe
  C:\Windows\System\WfXXOWu.exe
  2⤵
  PID:5936
- C:\Windows\System\TxVDESd.exe
  C:\Windows\System\TxVDESd.exe
  2⤵
  PID:5976
- C:\Windows\System\TKtBwsr.exe
  C:\Windows\System\TKtBwsr.exe
  2⤵
  PID:5844
- C:\Windows\System\TXHGGtG.exe
  C:\Windows\System\TXHGGtG.exe
  2⤵
  PID:6040
- C:\Windows\System\RwxLDLD.exe
  C:\Windows\System\RwxLDLD.exe
  2⤵
  PID:6044
- C:\Windows\System\ApszAfg.exe
  C:\Windows\System\ApszAfg.exe
  2⤵
  PID:6124
- C:\Windows\System\nHpdihy.exe
  C:\Windows\System\nHpdihy.exe
  2⤵
  PID:4600
- C:\Windows\System\XFJIuKv.exe
  C:\Windows\System\XFJIuKv.exe
  2⤵
  PID:4280
- C:\Windows\System\LnOHZYU.exe
  C:\Windows\System\LnOHZYU.exe
  2⤵
  PID:5080
- C:\Windows\System\DRKGliz.exe
  C:\Windows\System\DRKGliz.exe
  2⤵
  PID:4212
- C:\Windows\System\dNkebfl.exe
  C:\Windows\System\dNkebfl.exe
  2⤵
  PID:5020
- C:\Windows\System\qfdKhol.exe
  C:\Windows\System\qfdKhol.exe
  2⤵
  PID:4688
- C:\Windows\System\XynZeIZ.exe
  C:\Windows\System\XynZeIZ.exe
  2⤵
  PID:4616
- C:\Windows\System\rArlVOP.exe
  C:\Windows\System\rArlVOP.exe
  2⤵
  PID:5128
- C:\Windows\System\KmYjZAR.exe
  C:\Windows\System\KmYjZAR.exe
  2⤵
  PID:5136
- C:\Windows\System\GQsTFtB.exe
  C:\Windows\System\GQsTFtB.exe
  2⤵
  PID:5380
- C:\Windows\System\VwtAozn.exe
  C:\Windows\System\VwtAozn.exe
  2⤵
  PID:5364
- C:\Windows\System\bBZOqUZ.exe
  C:\Windows\System\bBZOqUZ.exe
  2⤵
  PID:5468
- C:\Windows\System\agPJWok.exe
  C:\Windows\System\agPJWok.exe
  2⤵
  PID:5420
- C:\Windows\System\kWECbVA.exe
  C:\Windows\System\kWECbVA.exe
  2⤵
  PID:5576
- C:\Windows\System\OaUcBli.exe
  C:\Windows\System\OaUcBli.exe
  2⤵
  PID:5596
- C:\Windows\System\NQTbmmw.exe
  C:\Windows\System\NQTbmmw.exe
  2⤵
  PID:5744
- C:\Windows\System\vEdMYkj.exe
  C:\Windows\System\vEdMYkj.exe
  2⤵
  PID:5648
- C:\Windows\System\vPITVYf.exe
  C:\Windows\System\vPITVYf.exe
  2⤵
  PID:5696
- C:\Windows\System\VnLkkjY.exe
  C:\Windows\System\VnLkkjY.exe
  2⤵
  PID:5916
- C:\Windows\System\FfycPFo.exe
  C:\Windows\System\FfycPFo.exe
  2⤵
  PID:5832
- C:\Windows\System\mTkuFSv.exe
  C:\Windows\System\mTkuFSv.exe
  2⤵
  PID:5900
- C:\Windows\System\RSJosls.exe
  C:\Windows\System\RSJosls.exe
  2⤵
  PID:1548
- C:\Windows\System\vUiotYK.exe
  C:\Windows\System\vUiotYK.exe
  2⤵
  PID:5776
- C:\Windows\System\nwGSboT.exe
  C:\Windows\System\nwGSboT.exe
  2⤵
  PID:6072
- C:\Windows\System\YigMIqT.exe
  C:\Windows\System\YigMIqT.exe
  2⤵
  PID:6084
- C:\Windows\System\nJbmtPn.exe
  C:\Windows\System\nJbmtPn.exe
  2⤵
  PID:6100
- C:\Windows\System\PjjyDTv.exe
  C:\Windows\System\PjjyDTv.exe
  2⤵
  PID:3492
- C:\Windows\System\JGwbYhN.exe
  C:\Windows\System\JGwbYhN.exe
  2⤵
  PID:5228
- C:\Windows\System\ilRMOFo.exe
  C:\Windows\System\ilRMOFo.exe
  2⤵
  PID:5148
- C:\Windows\System\tFlvKtM.exe
  C:\Windows\System\tFlvKtM.exe
  2⤵
  PID:4672
- C:\Windows\System\snlrQxK.exe
  C:\Windows\System\snlrQxK.exe
  2⤵
  PID:5480
- C:\Windows\System\hQwkwtF.exe
  C:\Windows\System\hQwkwtF.exe
  2⤵
  PID:5484
- C:\Windows\System\sSsxxQj.exe
  C:\Windows\System\sSsxxQj.exe
  2⤵
  PID:5560
- C:\Windows\System\kxhMzGk.exe
  C:\Windows\System\kxhMzGk.exe
  2⤵
  PID:5440
- C:\Windows\System\VnUGjGk.exe
  C:\Windows\System\VnUGjGk.exe
  2⤵
  PID:5716
- C:\Windows\System\SMlHQJt.exe
  C:\Windows\System\SMlHQJt.exe
  2⤵
  PID:6020
- C:\Windows\System\ktAZjJx.exe
  C:\Windows\System\ktAZjJx.exe
  2⤵
  PID:6136
- C:\Windows\System\MIuFENP.exe
  C:\Windows\System\MIuFENP.exe
  2⤵
  PID:5712
- C:\Windows\System\eRQCORz.exe
  C:\Windows\System\eRQCORz.exe
  2⤵
  PID:4944
- C:\Windows\System\CQScGLO.exe
  C:\Windows\System\CQScGLO.exe
  2⤵
  PID:5824
- C:\Windows\System\Txubxpt.exe
  C:\Windows\System\Txubxpt.exe
  2⤵
  PID:4824
- C:\Windows\System\ovlXBve.exe
  C:\Windows\System\ovlXBve.exe
  2⤵
  PID:5876
- C:\Windows\System\hLlzPOZ.exe
  C:\Windows\System\hLlzPOZ.exe
  2⤵
  PID:6092
- C:\Windows\System\LYJzfjL.exe
  C:\Windows\System\LYJzfjL.exe
  2⤵
  PID:5624
- C:\Windows\System\AeVjzfI.exe
  C:\Windows\System\AeVjzfI.exe
  2⤵
  PID:5968
- C:\Windows\System\WciJuFM.exe
  C:\Windows\System\WciJuFM.exe
  2⤵
  PID:5628
- C:\Windows\System\eJWCHub.exe
  C:\Windows\System\eJWCHub.exe
  2⤵
  PID:6112
- C:\Windows\System\pCnKEaR.exe
  C:\Windows\System\pCnKEaR.exe
  2⤵
  PID:5144
- C:\Windows\System\DJPjmsK.exe
  C:\Windows\System\DJPjmsK.exe
  2⤵
  PID:5060
- C:\Windows\System\nCFjbJW.exe
  C:\Windows\System\nCFjbJW.exe
  2⤵
  PID:5172
- C:\Windows\System\czjPSsY.exe
  C:\Windows\System\czjPSsY.exe
  2⤵
  PID:5452
- C:\Windows\System\kpoDhRG.exe
  C:\Windows\System\kpoDhRG.exe
  2⤵
  PID:5732
- C:\Windows\System\SqbDVBz.exe
  C:\Windows\System\SqbDVBz.exe
  2⤵
  PID:5884
- C:\Windows\System\tQtfBle.exe
  C:\Windows\System\tQtfBle.exe
  2⤵
  PID:5288
- C:\Windows\System\YNcXaiv.exe
  C:\Windows\System\YNcXaiv.exe
  2⤵
  PID:5640
- C:\Windows\System\ByiQejX.exe
  C:\Windows\System\ByiQejX.exe
  2⤵
  PID:4960
- C:\Windows\System\JWGBaBN.exe
  C:\Windows\System\JWGBaBN.exe
  2⤵
  PID:4228
- C:\Windows\System\eAQhBPq.exe
  C:\Windows\System\eAQhBPq.exe
  2⤵
  PID:6156
- C:\Windows\System\nDrvMtr.exe
  C:\Windows\System\nDrvMtr.exe
  2⤵
  PID:6176
- C:\Windows\System\DSylHuq.exe
  C:\Windows\System\DSylHuq.exe
  2⤵
  PID:6200
- C:\Windows\System\HdcHoQG.exe
  C:\Windows\System\HdcHoQG.exe
  2⤵
  PID:6216
- C:\Windows\System\erHbbSx.exe
  C:\Windows\System\erHbbSx.exe
  2⤵
  PID:6232
- C:\Windows\System\qLQgIMf.exe
  C:\Windows\System\qLQgIMf.exe
  2⤵
  PID:6248
- C:\Windows\System\VXydhdQ.exe
  C:\Windows\System\VXydhdQ.exe
  2⤵
  PID:6276
- C:\Windows\System\SVmqYIi.exe
  C:\Windows\System\SVmqYIi.exe
  2⤵
  PID:6292
- C:\Windows\System\sqOsavN.exe
  C:\Windows\System\sqOsavN.exe
  2⤵
  PID:6340
- C:\Windows\System\bdkTGLM.exe
  C:\Windows\System\bdkTGLM.exe
  2⤵
  PID:6356
- C:\Windows\System\qKfgHIR.exe
  C:\Windows\System\qKfgHIR.exe
  2⤵
  PID:6372
- C:\Windows\System\HlibdnR.exe
  C:\Windows\System\HlibdnR.exe
  2⤵
  PID:6388
- C:\Windows\System\wSLhEDr.exe
  C:\Windows\System\wSLhEDr.exe
  2⤵
  PID:6404
- C:\Windows\System\dthDwws.exe
  C:\Windows\System\dthDwws.exe
  2⤵
  PID:6420
- C:\Windows\System\fPLCwzV.exe
  C:\Windows\System\fPLCwzV.exe
  2⤵
  PID:6444
- C:\Windows\System\CktGcKT.exe
  C:\Windows\System\CktGcKT.exe
  2⤵
  PID:6472
- C:\Windows\System\MtiDRYh.exe
  C:\Windows\System\MtiDRYh.exe
  2⤵
  PID:6488
- C:\Windows\System\FCvfEFU.exe
  C:\Windows\System\FCvfEFU.exe
  2⤵
  PID:6504
- C:\Windows\System\VgvQNPR.exe
  C:\Windows\System\VgvQNPR.exe
  2⤵
  PID:6524
- C:\Windows\System\FMEGRSX.exe
  C:\Windows\System\FMEGRSX.exe
  2⤵
  PID:6540
- C:\Windows\System\AacwUfh.exe
  C:\Windows\System\AacwUfh.exe
  2⤵
  PID:6556
- C:\Windows\System\wnbgmVP.exe
  C:\Windows\System\wnbgmVP.exe
  2⤵
  PID:6588
- C:\Windows\System\SrfhJfL.exe
  C:\Windows\System\SrfhJfL.exe
  2⤵
  PID:6612
- C:\Windows\System\SJcCtsl.exe
  C:\Windows\System\SJcCtsl.exe
  2⤵
  PID:6628
- C:\Windows\System\XDVmxQS.exe
  C:\Windows\System\XDVmxQS.exe
  2⤵
  PID:6648
- C:\Windows\System\RYcAsdF.exe
  C:\Windows\System\RYcAsdF.exe
  2⤵
  PID:6664
- C:\Windows\System\KfQzdTR.exe
  C:\Windows\System\KfQzdTR.exe
  2⤵
  PID:6680
- C:\Windows\System\foHjsqe.exe
  C:\Windows\System\foHjsqe.exe
  2⤵
  PID:6696
- C:\Windows\System\cIujHjf.exe
  C:\Windows\System\cIujHjf.exe
  2⤵
  PID:6716
- C:\Windows\System\PCMiUkI.exe
  C:\Windows\System\PCMiUkI.exe
  2⤵
  PID:6744
- C:\Windows\System\rhRgNeu.exe
  C:\Windows\System\rhRgNeu.exe
  2⤵
  PID:6760
- C:\Windows\System\TjDnZiW.exe
  C:\Windows\System\TjDnZiW.exe
  2⤵
  PID:6776
- C:\Windows\System\iAbJAoA.exe
  C:\Windows\System\iAbJAoA.exe
  2⤵
  PID:6792
- C:\Windows\System\sFIqDcu.exe
  C:\Windows\System\sFIqDcu.exe
  2⤵
  PID:6840
- C:\Windows\System\CWbCeJc.exe
  C:\Windows\System\CWbCeJc.exe
  2⤵
  PID:6856
- C:\Windows\System\IPdFOaa.exe
  C:\Windows\System\IPdFOaa.exe
  2⤵
  PID:6872
- C:\Windows\System\RHWJtRm.exe
  C:\Windows\System\RHWJtRm.exe
  2⤵
  PID:6888
- C:\Windows\System\ZkYHHpn.exe
  C:\Windows\System\ZkYHHpn.exe
  2⤵
  PID:6904
- C:\Windows\System\HkQrnLe.exe
  C:\Windows\System\HkQrnLe.exe
  2⤵
  PID:6920
- C:\Windows\System\ZZDdrFM.exe
  C:\Windows\System\ZZDdrFM.exe
  2⤵
  PID:6936
- C:\Windows\System\TSMBiHo.exe
  C:\Windows\System\TSMBiHo.exe
  2⤵
  PID:6952
- C:\Windows\System\MdqADiE.exe
  C:\Windows\System\MdqADiE.exe
  2⤵
  PID:6968
- C:\Windows\System\cKedmNA.exe
  C:\Windows\System\cKedmNA.exe
  2⤵
  PID:6988
- C:\Windows\System\FrSCuHq.exe
  C:\Windows\System\FrSCuHq.exe
  2⤵
  PID:7008
- C:\Windows\System\pHQegJS.exe
  C:\Windows\System\pHQegJS.exe
  2⤵
  PID:7036
- C:\Windows\System\tcsmyZy.exe
  C:\Windows\System\tcsmyZy.exe
  2⤵
  PID:7068
- C:\Windows\System\cnNoUyM.exe
  C:\Windows\System\cnNoUyM.exe
  2⤵
  PID:7084
- C:\Windows\System\ouETSaO.exe
  C:\Windows\System\ouETSaO.exe
  2⤵
  PID:7100
- C:\Windows\System\RJTXhcK.exe
  C:\Windows\System\RJTXhcK.exe
  2⤵
  PID:7116
- C:\Windows\System\ZkvLhLE.exe
  C:\Windows\System\ZkvLhLE.exe
  2⤵
  PID:7132
- C:\Windows\System\vvtGVuC.exe
  C:\Windows\System\vvtGVuC.exe
  2⤵
  PID:5772
- C:\Windows\System\ZlIeRJe.exe
  C:\Windows\System\ZlIeRJe.exe
  2⤵
  PID:5496
- C:\Windows\System\nzLApSv.exe
  C:\Windows\System\nzLApSv.exe
  2⤵
  PID:6208
- C:\Windows\System\bbYORQu.exe
  C:\Windows\System\bbYORQu.exe
  2⤵
  PID:5224
- C:\Windows\System\XwkYZPn.exe
  C:\Windows\System\XwkYZPn.exe
  2⤵
  PID:6188
- C:\Windows\System\JnaTGto.exe
  C:\Windows\System\JnaTGto.exe
  2⤵
  PID:6260
- C:\Windows\System\Hdgsypx.exe
  C:\Windows\System\Hdgsypx.exe
  2⤵
  PID:6316
- C:\Windows\System\PVfaNTh.exe
  C:\Windows\System\PVfaNTh.exe
  2⤵
  PID:6300
- C:\Windows\System\NyaCMel.exe
  C:\Windows\System\NyaCMel.exe
  2⤵
  PID:6352
- C:\Windows\System\acWoAXL.exe
  C:\Windows\System\acWoAXL.exe
  2⤵
  PID:6416
- C:\Windows\System\CidpyJB.exe
  C:\Windows\System\CidpyJB.exe
  2⤵
  PID:6460
- C:\Windows\System\qXYrTSU.exe
  C:\Windows\System\qXYrTSU.exe
  2⤵
  PID:6400
- C:\Windows\System\TwvdPhf.exe
  C:\Windows\System\TwvdPhf.exe
  2⤵
  PID:6440
- C:\Windows\System\FJFoAJO.exe
  C:\Windows\System\FJFoAJO.exe
  2⤵
  PID:6496
- C:\Windows\System\MMRcBms.exe
  C:\Windows\System\MMRcBms.exe
  2⤵
  PID:6516
- C:\Windows\System\pAlYCig.exe
  C:\Windows\System\pAlYCig.exe
  2⤵
  PID:6536
- C:\Windows\System\HxcusSR.exe
  C:\Windows\System\HxcusSR.exe
  2⤵
  PID:6580
- C:\Windows\System\GLyRyZE.exe
  C:\Windows\System\GLyRyZE.exe
  2⤵
  PID:6600
- C:\Windows\System\KHGNEyl.exe
  C:\Windows\System\KHGNEyl.exe
  2⤵
  PID:6636
- C:\Windows\System\DlDNXat.exe
  C:\Windows\System\DlDNXat.exe
  2⤵
  PID:6772
- C:\Windows\System\rdjtJDP.exe
  C:\Windows\System\rdjtJDP.exe
  2⤵
  PID:6640
- C:\Windows\System\WtINFbn.exe
  C:\Windows\System\WtINFbn.exe
  2⤵
  PID:6596
- C:\Windows\System\xlXjosQ.exe
  C:\Windows\System\xlXjosQ.exe
  2⤵
  PID:6804
- C:\Windows\System\kotAWUJ.exe
  C:\Windows\System\kotAWUJ.exe
  2⤵
  PID:6884
- C:\Windows\System\QFFylGF.exe
  C:\Windows\System\QFFylGF.exe
  2⤵
  PID:6836
- C:\Windows\System\UpcLggX.exe
  C:\Windows\System\UpcLggX.exe
  2⤵
  PID:6960
- C:\Windows\System\TtwBnAO.exe
  C:\Windows\System\TtwBnAO.exe
  2⤵
  PID:7044
- C:\Windows\System\zQKtcpV.exe
  C:\Windows\System\zQKtcpV.exe
  2⤵
  PID:6880
- C:\Windows\System\YehOqwE.exe
  C:\Windows\System\YehOqwE.exe
  2⤵
  PID:7048
- C:\Windows\System\DPdfmSy.exe
  C:\Windows\System\DPdfmSy.exe
  2⤵
  PID:7028
- C:\Windows\System\lEETZzT.exe
  C:\Windows\System\lEETZzT.exe
  2⤵
  PID:6916
- C:\Windows\System\OdOHMdV.exe
  C:\Windows\System\OdOHMdV.exe
  2⤵
  PID:7152
- C:\Windows\System\DycBuyC.exe
  C:\Windows\System\DycBuyC.exe
  2⤵
  PID:7144
- C:\Windows\System\MSlKhop.exe
  C:\Windows\System\MSlKhop.exe
  2⤵
  PID:1440
- C:\Windows\System\mHVwcQy.exe
  C:\Windows\System\mHVwcQy.exe
  2⤵
  PID:6284
- C:\Windows\System\dStUERn.exe
  C:\Windows\System\dStUERn.exe
  2⤵
  PID:6228
- C:\Windows\System\IoJUzfT.exe
  C:\Windows\System\IoJUzfT.exe
  2⤵
  PID:1804
- C:\Windows\System\SAtYZKf.exe
  C:\Windows\System\SAtYZKf.exe
  2⤵
  PID:7160
- C:\Windows\System\BVyuXgo.exe
  C:\Windows\System\BVyuXgo.exe
  2⤵
  PID:6464
- C:\Windows\System\rKmOXiD.exe
  C:\Windows\System\rKmOXiD.exe
  2⤵
  PID:6368
- C:\Windows\System\bamOZWF.exe
  C:\Windows\System\bamOZWF.exe
  2⤵
  PID:6308
- C:\Windows\System\PvexRjz.exe
  C:\Windows\System\PvexRjz.exe
  2⤵
  PID:6348
- C:\Windows\System\vzdfkZr.exe
  C:\Windows\System\vzdfkZr.exe
  2⤵
  PID:6712
- C:\Windows\System\PblMbEA.exe
  C:\Windows\System\PblMbEA.exe
  2⤵
  PID:6644
- C:\Windows\System\gERHJWq.exe
  C:\Windows\System\gERHJWq.exe
  2⤵
  PID:6572
- C:\Windows\System\okwHBSY.exe
  C:\Windows\System\okwHBSY.exe
  2⤵
  PID:6688
- C:\Windows\System\DhYwINY.exe
  C:\Windows\System\DhYwINY.exe
  2⤵
  PID:6784
- C:\Windows\System\nEnkKJs.exe
  C:\Windows\System\nEnkKJs.exe
  2⤵
  PID:6928
- C:\Windows\System\jlnBhFa.exe
  C:\Windows\System\jlnBhFa.exe
  2⤵
  PID:6752
- C:\Windows\System\kpqlmzj.exe
  C:\Windows\System\kpqlmzj.exe
  2⤵
  PID:7024
- C:\Windows\System\qxiMLBv.exe
  C:\Windows\System\qxiMLBv.exe
  2⤵
  PID:6068
- C:\Windows\System\ojIIypu.exe
  C:\Windows\System\ojIIypu.exe
  2⤵
  PID:7164
- C:\Windows\System\WYagYAc.exe
  C:\Windows\System\WYagYAc.exe
  2⤵
  PID:6272
- C:\Windows\System\IUNWDpR.exe
  C:\Windows\System\IUNWDpR.exe
  2⤵
  PID:6196
- C:\Windows\System\BBbWCVH.exe
  C:\Windows\System\BBbWCVH.exe
  2⤵
  PID:6412
- C:\Windows\System\bcFQXtp.exe
  C:\Windows\System\bcFQXtp.exe
  2⤵
  PID:6624
- C:\Windows\System\qvjTNax.exe
  C:\Windows\System\qvjTNax.exe
  2⤵
  PID:6168
- C:\Windows\System\OUkuduI.exe
  C:\Windows\System\OUkuduI.exe
  2⤵
  PID:448
- C:\Windows\System\LvrVeYc.exe
  C:\Windows\System\LvrVeYc.exe
  2⤵
  PID:6672
- C:\Windows\System\Qpoewvy.exe
  C:\Windows\System\Qpoewvy.exe
  2⤵
  PID:6740
- C:\Windows\System\jzGatgX.exe
  C:\Windows\System\jzGatgX.exe
  2⤵
  PID:6660
- C:\Windows\System\uvEIRKH.exe
  C:\Windows\System\uvEIRKH.exe
  2⤵
  PID:6848
- C:\Windows\System\OxBGKBN.exe
  C:\Windows\System\OxBGKBN.exe
  2⤵
  PID:6816
- C:\Windows\System\LpzYSGP.exe
  C:\Windows\System\LpzYSGP.exe
  2⤵
  PID:6896
- C:\Windows\System\Zkcksyq.exe
  C:\Windows\System\Zkcksyq.exe
  2⤵
  PID:7096
- C:\Windows\System\mXXnrEz.exe
  C:\Windows\System\mXXnrEz.exe
  2⤵
  PID:6944
- C:\Windows\System\FCuEPyr.exe
  C:\Windows\System\FCuEPyr.exe
  2⤵
  PID:6768
- C:\Windows\System\sgKdvme.exe
  C:\Windows\System\sgKdvme.exe
  2⤵
  PID:6584
- C:\Windows\System\dbkQMyo.exe
  C:\Windows\System\dbkQMyo.exe
  2⤵
  PID:6812
- C:\Windows\System\fKaFCBu.exe
  C:\Windows\System\fKaFCBu.exe
  2⤵
  PID:6184
- C:\Windows\System\TbvKHyx.exe
  C:\Windows\System\TbvKHyx.exe
  2⤵
  PID:6264
- C:\Windows\System\vPpjcCb.exe
  C:\Windows\System\vPpjcCb.exe
  2⤵
  PID:6604
- C:\Windows\System\JvcMMTx.exe
  C:\Windows\System\JvcMMTx.exe
  2⤵
  PID:7016
- C:\Windows\System\dBiRhHO.exe
  C:\Windows\System\dBiRhHO.exe
  2⤵
  PID:6240
- C:\Windows\System\YdrNXTh.exe
  C:\Windows\System\YdrNXTh.exe
  2⤵
  PID:7032
- C:\Windows\System\iLUmdmT.exe
  C:\Windows\System\iLUmdmT.exe
  2⤵
  PID:6656
- C:\Windows\System\TfnrPbK.exe
  C:\Windows\System\TfnrPbK.exe
  2⤵
  PID:6900
- C:\Windows\System\agjJCIa.exe
  C:\Windows\System\agjJCIa.exe
  2⤵
  PID:6708
- C:\Windows\System\GyWuxaw.exe
  C:\Windows\System\GyWuxaw.exe
  2⤵
  PID:7200
- C:\Windows\System\cGViXOk.exe
  C:\Windows\System\cGViXOk.exe
  2⤵
  PID:7216
- C:\Windows\System\JnxeBrC.exe
  C:\Windows\System\JnxeBrC.exe
  2⤵
  PID:7236
- C:\Windows\System\AsNztPb.exe
  C:\Windows\System\AsNztPb.exe
  2⤵
  PID:7252
- C:\Windows\System\MAWxXJw.exe
  C:\Windows\System\MAWxXJw.exe
  2⤵
  PID:7268
- C:\Windows\System\KBrtHZJ.exe
  C:\Windows\System\KBrtHZJ.exe
  2⤵
  PID:7284
- C:\Windows\System\nEFKMLr.exe
  C:\Windows\System\nEFKMLr.exe
  2⤵
  PID:7304
- C:\Windows\System\bINJaUQ.exe
  C:\Windows\System\bINJaUQ.exe
  2⤵
  PID:7320
- C:\Windows\System\ZEDCKqV.exe
  C:\Windows\System\ZEDCKqV.exe
  2⤵
  PID:7336
- C:\Windows\System\mrbXaoJ.exe
  C:\Windows\System\mrbXaoJ.exe
  2⤵
  PID:7352
- C:\Windows\System\hcebYtj.exe
  C:\Windows\System\hcebYtj.exe
  2⤵
  PID:7376
- C:\Windows\System\kXyXtmX.exe
  C:\Windows\System\kXyXtmX.exe
  2⤵
  PID:7400
- C:\Windows\System\DmKPtEJ.exe
  C:\Windows\System\DmKPtEJ.exe
  2⤵
  PID:7416
- C:\Windows\System\fRQiQLp.exe
  C:\Windows\System\fRQiQLp.exe
  2⤵
  PID:7444
- C:\Windows\System\uaVaiDC.exe
  C:\Windows\System\uaVaiDC.exe
  2⤵
  PID:7464
- C:\Windows\System\RHSajuF.exe
  C:\Windows\System\RHSajuF.exe
  2⤵
  PID:7480
- C:\Windows\System\AiKCvjb.exe
  C:\Windows\System\AiKCvjb.exe
  2⤵
  PID:7496
- C:\Windows\System\UNfdjHq.exe
  C:\Windows\System\UNfdjHq.exe
  2⤵
  PID:7512
- C:\Windows\System\bHSBwiu.exe
  C:\Windows\System\bHSBwiu.exe
  2⤵
  PID:7532
- C:\Windows\System\OcWiLvV.exe
  C:\Windows\System\OcWiLvV.exe
  2⤵
  PID:7552
- C:\Windows\System\NgiNAfY.exe
  C:\Windows\System\NgiNAfY.exe
  2⤵
  PID:7588
- C:\Windows\System\NorTvGE.exe
  C:\Windows\System\NorTvGE.exe
  2⤵
  PID:7612
- C:\Windows\System\SNdJkhD.exe
  C:\Windows\System\SNdJkhD.exe
  2⤵
  PID:7636
- C:\Windows\System\XvoNQjd.exe
  C:\Windows\System\XvoNQjd.exe
  2⤵
  PID:7656
- C:\Windows\System\fqrguVI.exe
  C:\Windows\System\fqrguVI.exe
  2⤵
  PID:7676
- C:\Windows\System\tUzxNWd.exe
  C:\Windows\System\tUzxNWd.exe
  2⤵
  PID:7692
- C:\Windows\System\LQtcSRb.exe
  C:\Windows\System\LQtcSRb.exe
  2⤵
  PID:7716
- C:\Windows\System\GtBaqVv.exe
  C:\Windows\System\GtBaqVv.exe
  2⤵
  PID:7732
- C:\Windows\System\ESmetFv.exe
  C:\Windows\System\ESmetFv.exe
  2⤵
  PID:7752
- C:\Windows\System\tfHJUhK.exe
  C:\Windows\System\tfHJUhK.exe
  2⤵
  PID:7768
- C:\Windows\System\fTERhsB.exe
  C:\Windows\System\fTERhsB.exe
  2⤵
  PID:7796
- C:\Windows\System\VeTlHAT.exe
  C:\Windows\System\VeTlHAT.exe
  2⤵
  PID:7820
- C:\Windows\System\cwSyVzl.exe
  C:\Windows\System\cwSyVzl.exe
  2⤵
  PID:7840
- C:\Windows\System\qEQzloX.exe
  C:\Windows\System\qEQzloX.exe
  2⤵
  PID:7860
- C:\Windows\System\burvxav.exe
  C:\Windows\System\burvxav.exe
  2⤵
  PID:7880
- C:\Windows\System\IoDxURl.exe
  C:\Windows\System\IoDxURl.exe
  2⤵
  PID:7896
- C:\Windows\System\AZPVcHZ.exe
  C:\Windows\System\AZPVcHZ.exe
  2⤵
  PID:7912
- C:\Windows\System\PsXcaaD.exe
  C:\Windows\System\PsXcaaD.exe
  2⤵
  PID:7944
- C:\Windows\System\idZWxzy.exe
  C:\Windows\System\idZWxzy.exe
  2⤵
  PID:7960
- C:\Windows\System\PdhBfQm.exe
  C:\Windows\System\PdhBfQm.exe
  2⤵
  PID:7976
- C:\Windows\System\PKJPDLr.exe
  C:\Windows\System\PKJPDLr.exe
  2⤵
  PID:8012
- C:\Windows\System\UkraCqu.exe
  C:\Windows\System\UkraCqu.exe
  2⤵
  PID:8032
- C:\Windows\System\zzhIlQQ.exe
  C:\Windows\System\zzhIlQQ.exe
  2⤵
  PID:8048
- C:\Windows\System\KLyKmuh.exe
  C:\Windows\System\KLyKmuh.exe
  2⤵
  PID:8064
- C:\Windows\System\aMpyDtP.exe
  C:\Windows\System\aMpyDtP.exe
  2⤵
  PID:8084
- C:\Windows\System\XKPRvlB.exe
  C:\Windows\System\XKPRvlB.exe
  2⤵
  PID:8100
- C:\Windows\System\svmWBAK.exe
  C:\Windows\System\svmWBAK.exe
  2⤵
  PID:8120
- C:\Windows\System\oJHDYlD.exe
  C:\Windows\System\oJHDYlD.exe
  2⤵
  PID:8136
- C:\Windows\System\pojJhLC.exe
  C:\Windows\System\pojJhLC.exe
  2⤵
  PID:8168
- C:\Windows\System\GXSbqke.exe
  C:\Windows\System\GXSbqke.exe
  2⤵
  PID:8188
- C:\Windows\System\fAMzFWx.exe
  C:\Windows\System\fAMzFWx.exe
  2⤵
  PID:6548
- C:\Windows\System\xUWxHHC.exe
  C:\Windows\System\xUWxHHC.exe
  2⤵
  PID:7140
- C:\Windows\System\tRrSYVu.exe
  C:\Windows\System\tRrSYVu.exe
  2⤵
  PID:7188
- C:\Windows\System\knFsTyd.exe
  C:\Windows\System\knFsTyd.exe
  2⤵
  PID:7208
- C:\Windows\System\IaZSPwW.exe
  C:\Windows\System\IaZSPwW.exe
  2⤵
  PID:7276
- C:\Windows\System\XaQkNvw.exe
  C:\Windows\System\XaQkNvw.exe
  2⤵
  PID:7344
- C:\Windows\System\HfyyUTl.exe
  C:\Windows\System\HfyyUTl.exe
  2⤵
  PID:7396
- C:\Windows\System\ASRtarN.exe
  C:\Windows\System\ASRtarN.exe
  2⤵
  PID:7408
- C:\Windows\System\dmbSZAc.exe
  C:\Windows\System\dmbSZAc.exe
  2⤵
  PID:7224
- C:\Windows\System\QYhOQny.exe
  C:\Windows\System\QYhOQny.exe
  2⤵
  PID:7332
- C:\Windows\System\rhrmwoZ.exe
  C:\Windows\System\rhrmwoZ.exe
  2⤵
  PID:7436
- C:\Windows\System\SiHlATM.exe
  C:\Windows\System\SiHlATM.exe
  2⤵
  PID:7524
- C:\Windows\System\AmtTuLK.exe
  C:\Windows\System\AmtTuLK.exe
  2⤵
  PID:7520
- C:\Windows\System\sJjgKdf.exe
  C:\Windows\System\sJjgKdf.exe
  2⤵
  PID:7608
- C:\Windows\System\WfjgTWz.exe
  C:\Windows\System\WfjgTWz.exe
  2⤵
  PID:7560
- C:\Windows\System\AsbCfgC.exe
  C:\Windows\System\AsbCfgC.exe
  2⤵
  PID:7620
- C:\Windows\System\TvrvgUt.exe
  C:\Windows\System\TvrvgUt.exe
  2⤵
  PID:7584
- C:\Windows\System\hPQlpJx.exe
  C:\Windows\System\hPQlpJx.exe
  2⤵
  PID:7664
- C:\Windows\System\CiBDeOw.exe
  C:\Windows\System\CiBDeOw.exe
  2⤵
  PID:7728
- C:\Windows\System\ckKhwBX.exe
  C:\Windows\System\ckKhwBX.exe
  2⤵
  PID:7708
- C:\Windows\System\XIOBDxP.exe
  C:\Windows\System\XIOBDxP.exe
  2⤵
  PID:7748
- C:\Windows\System\JNAmlUx.exe
  C:\Windows\System\JNAmlUx.exe
  2⤵
  PID:7812
- C:\Windows\System\MskZeZd.exe
  C:\Windows\System\MskZeZd.exe
  2⤵
  PID:7848
- C:\Windows\System\SjUEFXm.exe
  C:\Windows\System\SjUEFXm.exe
  2⤵
  PID:7920
- C:\Windows\System\OoPohVn.exe
  C:\Windows\System\OoPohVn.exe
  2⤵
  PID:7940
- C:\Windows\System\rUcfiQJ.exe
  C:\Windows\System\rUcfiQJ.exe
  2⤵
  PID:7876
- C:\Windows\System\hnrvZLg.exe
  C:\Windows\System\hnrvZLg.exe
  2⤵
  PID:7952
- C:\Windows\System\foijVlO.exe
  C:\Windows\System\foijVlO.exe
  2⤵
  PID:8000
- C:\Windows\System\pmfRWwp.exe
  C:\Windows\System\pmfRWwp.exe
  2⤵
  PID:8028
- C:\Windows\System\EvCmboz.exe
  C:\Windows\System\EvCmboz.exe
  2⤵
  PID:8044
- C:\Windows\System\nSEtqzl.exe
  C:\Windows\System\nSEtqzl.exe
  2⤵
  PID:8096
- C:\Windows\System\wtjhkgD.exe
  C:\Windows\System\wtjhkgD.exe
  2⤵
  PID:8108
- C:\Windows\System\ymsJXCk.exe
  C:\Windows\System\ymsJXCk.exe
  2⤵
  PID:8164
- C:\Windows\System\zfHpdnP.exe
  C:\Windows\System\zfHpdnP.exe
  2⤵
  PID:6324
- C:\Windows\System\hdwUuZC.exe
  C:\Windows\System\hdwUuZC.exe
  2⤵
  PID:7180
- C:\Windows\System\sRyGrIU.exe
  C:\Windows\System\sRyGrIU.exe
  2⤵
  PID:7428
- C:\Windows\System\ObTcYPv.exe
  C:\Windows\System\ObTcYPv.exe
  2⤵
  PID:7244
- C:\Windows\System\SSKLHqr.exe
  C:\Windows\System\SSKLHqr.exe
  2⤵
  PID:7264
- C:\Windows\System\PWsnKvK.exe
  C:\Windows\System\PWsnKvK.exe
  2⤵
  PID:7372
- C:\Windows\System\BzzmPYH.exe
  C:\Windows\System\BzzmPYH.exe
  2⤵
  PID:7540
- C:\Windows\System\ikHakRS.exe
  C:\Windows\System\ikHakRS.exe
  2⤵
  PID:7508
- C:\Windows\System\glwGRXE.exe
  C:\Windows\System\glwGRXE.exe
  2⤵
  PID:7440
- C:\Windows\System\yGliUPH.exe
  C:\Windows\System\yGliUPH.exe
  2⤵
  PID:7300
- C:\Windows\System\axZKVWC.exe
  C:\Windows\System\axZKVWC.exe
  2⤵
  PID:7684
- C:\Windows\System\yuBEoKZ.exe
  C:\Windows\System\yuBEoKZ.exe
  2⤵
  PID:7632
- C:\Windows\System\MUoZNkS.exe
  C:\Windows\System\MUoZNkS.exe
  2⤵
  PID:7852
- C:\Windows\System\MWzAnOB.exe
  C:\Windows\System\MWzAnOB.exe
  2⤵
  PID:7712
- C:\Windows\System\ndrgyaL.exe
  C:\Windows\System\ndrgyaL.exe
  2⤵
  PID:7832
- C:\Windows\System\PuONKYF.exe
  C:\Windows\System\PuONKYF.exe
  2⤵
  PID:7996
- C:\Windows\System\mDgsOAG.exe
  C:\Windows\System\mDgsOAG.exe
  2⤵
  PID:8112
- C:\Windows\System\PxTztTT.exe
  C:\Windows\System\PxTztTT.exe
  2⤵
  PID:7904
- C:\Windows\System\JhfzMEm.exe
  C:\Windows\System\JhfzMEm.exe
  2⤵
  PID:8152
- C:\Windows\System\DLzaZVk.exe
  C:\Windows\System\DLzaZVk.exe
  2⤵
  PID:8180
- C:\Windows\System\ABbZjhv.exe
  C:\Windows\System\ABbZjhv.exe
  2⤵
  PID:8008
- C:\Windows\System\zGQQBGq.exe
  C:\Windows\System\zGQQBGq.exe
  2⤵
  PID:8116
- C:\Windows\System\PkiOhub.exe
  C:\Windows\System\PkiOhub.exe
  2⤵
  PID:7248
- C:\Windows\System\WNOpCmt.exe
  C:\Windows\System\WNOpCmt.exe
  2⤵
  PID:7476
- C:\Windows\System\URFeoHB.exe
  C:\Windows\System\URFeoHB.exe
  2⤵
  PID:7688
- C:\Windows\System\KtFZsaK.exe
  C:\Windows\System\KtFZsaK.exe
  2⤵
  PID:7804
- C:\Windows\System\kwPsHnB.exe
  C:\Windows\System\kwPsHnB.exe
  2⤵
  PID:7604
- C:\Windows\System\JbLLNfg.exe
  C:\Windows\System\JbLLNfg.exe
  2⤵
  PID:7628
- C:\Windows\System\QwrEOiw.exe
  C:\Windows\System\QwrEOiw.exe
  2⤵
  PID:7788
- C:\Windows\System\kyJoQSC.exe
  C:\Windows\System\kyJoQSC.exe
  2⤵
  PID:7828
- C:\Windows\System\amvrNMR.exe
  C:\Windows\System\amvrNMR.exe
  2⤵
  PID:8060
- C:\Windows\System\MTkxijW.exe
  C:\Windows\System\MTkxijW.exe
  2⤵
  PID:8200
- C:\Windows\System\fzdeMaL.exe
  C:\Windows\System\fzdeMaL.exe
  2⤵
  PID:8220
- C:\Windows\System\phPOcOK.exe
  C:\Windows\System\phPOcOK.exe
  2⤵
  PID:8244
- C:\Windows\System\exffgOB.exe
  C:\Windows\System\exffgOB.exe
  2⤵
  PID:8268
- C:\Windows\System\laodkJM.exe
  C:\Windows\System\laodkJM.exe
  2⤵
  PID:8284
- C:\Windows\System\QOhlaYK.exe
  C:\Windows\System\QOhlaYK.exe
  2⤵
  PID:8304
- C:\Windows\System\lWhjuxG.exe
  C:\Windows\System\lWhjuxG.exe
  2⤵
  PID:8336
- C:\Windows\System\LdwtfyL.exe
  C:\Windows\System\LdwtfyL.exe
  2⤵
  PID:8352
- C:\Windows\System\TrZgUTJ.exe
  C:\Windows\System\TrZgUTJ.exe
  2⤵
  PID:8368
- C:\Windows\System\JxsmbTR.exe
  C:\Windows\System\JxsmbTR.exe
  2⤵
  PID:8384
- C:\Windows\System\AxtpjIF.exe
  C:\Windows\System\AxtpjIF.exe
  2⤵
  PID:8400
- C:\Windows\System\hjnMMRD.exe
  C:\Windows\System\hjnMMRD.exe
  2⤵
  PID:8424
- C:\Windows\System\yuQFltm.exe
  C:\Windows\System\yuQFltm.exe
  2⤵
  PID:8444
- C:\Windows\System\jxlAOhU.exe
  C:\Windows\System\jxlAOhU.exe
  2⤵
  PID:8460
- C:\Windows\System\dKBxefw.exe
  C:\Windows\System\dKBxefw.exe
  2⤵
  PID:8480
- C:\Windows\System\trDwyNf.exe
  C:\Windows\System\trDwyNf.exe
  2⤵
  PID:8500
- C:\Windows\System\DrhjEiK.exe
  C:\Windows\System\DrhjEiK.exe
  2⤵
  PID:8540
- C:\Windows\System\ZpjueYM.exe
  C:\Windows\System\ZpjueYM.exe
  2⤵
  PID:8556
- C:\Windows\System\SgOGcSw.exe
  C:\Windows\System\SgOGcSw.exe
  2⤵
  PID:8572
- C:\Windows\System\qGKwCRr.exe
  C:\Windows\System\qGKwCRr.exe
  2⤵
  PID:8604
- C:\Windows\System\RkdakWr.exe
  C:\Windows\System\RkdakWr.exe
  2⤵
  PID:8620
- C:\Windows\System\sSxGQei.exe
  C:\Windows\System\sSxGQei.exe
  2⤵
  PID:8640
- C:\Windows\System\qgeXWcv.exe
  C:\Windows\System\qgeXWcv.exe
  2⤵
  PID:8668
- C:\Windows\System\uMnCGwT.exe
  C:\Windows\System\uMnCGwT.exe
  2⤵
  PID:8696
- C:\Windows\System\ZrxZreS.exe
  C:\Windows\System\ZrxZreS.exe
  2⤵
  PID:8720
- C:\Windows\System\yHrGFnx.exe
  C:\Windows\System\yHrGFnx.exe
  2⤵
  PID:8736
- C:\Windows\System\cMCMdFf.exe
  C:\Windows\System\cMCMdFf.exe
  2⤵
  PID:8752
- C:\Windows\System\lSYooAS.exe
  C:\Windows\System\lSYooAS.exe
  2⤵
  PID:8816
- C:\Windows\System\FXYVJUA.exe
  C:\Windows\System\FXYVJUA.exe
  2⤵
  PID:8836
- C:\Windows\System\ZMDLjMW.exe
  C:\Windows\System\ZMDLjMW.exe
  2⤵
  PID:8856
- C:\Windows\System\GpaLSwN.exe
  C:\Windows\System\GpaLSwN.exe
  2⤵
  PID:8872
- C:\Windows\System\AyhKZkQ.exe
  C:\Windows\System\AyhKZkQ.exe
  2⤵
  PID:8888
- C:\Windows\System\VcmFfUH.exe
  C:\Windows\System\VcmFfUH.exe
  2⤵
  PID:8908
- C:\Windows\System\biksIPv.exe
  C:\Windows\System\biksIPv.exe
  2⤵
  PID:8924
- C:\Windows\System\iUAhUik.exe
  C:\Windows\System\iUAhUik.exe
  2⤵
  PID:8944
- C:\Windows\System\XkhEliW.exe
  C:\Windows\System\XkhEliW.exe
  2⤵
  PID:8960
- C:\Windows\System\bBAcnOD.exe
  C:\Windows\System\bBAcnOD.exe
  2⤵
  PID:8976
- C:\Windows\System\ZnFvYcV.exe
  C:\Windows\System\ZnFvYcV.exe
  2⤵
  PID:8992
- C:\Windows\System\voldDtL.exe
  C:\Windows\System\voldDtL.exe
  2⤵
  PID:9008
- C:\Windows\System\qLkBPtl.exe
  C:\Windows\System\qLkBPtl.exe
  2⤵
  PID:9024
- C:\Windows\System\YLOfXJs.exe
  C:\Windows\System\YLOfXJs.exe
  2⤵
  PID:9044
- C:\Windows\System\tswTxiw.exe
  C:\Windows\System\tswTxiw.exe
  2⤵
  PID:9072
- C:\Windows\System\BneXXkn.exe
  C:\Windows\System\BneXXkn.exe
  2⤵
  PID:9088
- C:\Windows\System\vOnnkMA.exe
  C:\Windows\System\vOnnkMA.exe
  2⤵
  PID:9104
- C:\Windows\System\iqkoqxt.exe
  C:\Windows\System\iqkoqxt.exe
  2⤵
  PID:9120
- C:\Windows\System\osfWizt.exe
  C:\Windows\System\osfWizt.exe
  2⤵
  PID:9140
- C:\Windows\System\Lfchrhz.exe
  C:\Windows\System\Lfchrhz.exe
  2⤵
  PID:9160
- C:\Windows\System\dOkvDGm.exe
  C:\Windows\System\dOkvDGm.exe
  2⤵
  PID:9176
- C:\Windows\System\tZGTYmp.exe
  C:\Windows\System\tZGTYmp.exe
  2⤵
  PID:9192
- C:\Windows\System\wwFHKPw.exe
  C:\Windows\System\wwFHKPw.exe
  2⤵
  PID:9208
- C:\Windows\System\LBxLQvM.exe
  C:\Windows\System\LBxLQvM.exe
  2⤵
  PID:8080
- C:\Windows\System\TMrjbTM.exe
  C:\Windows\System\TMrjbTM.exe
  2⤵
  PID:8264
- C:\Windows\System\duvEcli.exe
  C:\Windows\System\duvEcli.exe
  2⤵
  PID:8296
- C:\Windows\System\RzLjNdM.exe
  C:\Windows\System\RzLjNdM.exe
  2⤵
  PID:8344
- C:\Windows\System\vpYElCz.exe
  C:\Windows\System\vpYElCz.exe
  2⤵
  PID:8348
- C:\Windows\System\qBsjygg.exe
  C:\Windows\System\qBsjygg.exe
  2⤵
  PID:8408
- C:\Windows\System\xtQdUkB.exe
  C:\Windows\System\xtQdUkB.exe
  2⤵
  PID:8456
- C:\Windows\System\ayXJzMy.exe
  C:\Windows\System\ayXJzMy.exe
  2⤵
  PID:8552
- C:\Windows\System\rTmMzAh.exe
  C:\Windows\System\rTmMzAh.exe
  2⤵
  PID:8592
- C:\Windows\System\QuziMbU.exe
  C:\Windows\System\QuziMbU.exe
  2⤵
  PID:7932
- C:\Windows\System\IxyWwxz.exe
  C:\Windows\System\IxyWwxz.exe
  2⤵
  PID:1572
- C:\Windows\System\RHKLLWV.exe
  C:\Windows\System\RHKLLWV.exe
  2⤵
  PID:7868
- C:\Windows\System\trcaBBL.exe
  C:\Windows\System\trcaBBL.exe
  2⤵
  PID:8632
- C:\Windows\System\bJupoTc.exe
  C:\Windows\System\bJupoTc.exe
  2⤵
  PID:8236
- C:\Windows\System\wgsqZEV.exe
  C:\Windows\System\wgsqZEV.exe
  2⤵
  PID:8312
- C:\Windows\System\Vlgbivz.exe
  C:\Windows\System\Vlgbivz.exe
  2⤵
  PID:8328
- C:\Windows\System\zacTHGi.exe
  C:\Windows\System\zacTHGi.exe
  2⤵
  PID:8684
- C:\Windows\System\sNmZyig.exe
  C:\Windows\System\sNmZyig.exe
  2⤵
  PID:8468
- C:\Windows\System\GLGORwz.exe
  C:\Windows\System\GLGORwz.exe
  2⤵
  PID:8616
- C:\Windows\System\uavjLjk.exe
  C:\Windows\System\uavjLjk.exe
  2⤵
  PID:8656
- C:\Windows\System\aHYLuAp.exe
  C:\Windows\System\aHYLuAp.exe
  2⤵
  PID:8564
- C:\Windows\System\OVQSHkV.exe
  C:\Windows\System\OVQSHkV.exe
  2⤵
  PID:8712
- C:\Windows\System\JokVbNg.exe
  C:\Windows\System\JokVbNg.exe
  2⤵
  PID:8760
- C:\Windows\System\eeUjTFq.exe
  C:\Windows\System\eeUjTFq.exe
  2⤵
  PID:8776
- C:\Windows\System\RKpxRXN.exe
  C:\Windows\System\RKpxRXN.exe
  2⤵
  PID:8828
- C:\Windows\System\rILPBgN.exe
  C:\Windows\System\rILPBgN.exe
  2⤵
  PID:8852
- C:\Windows\System\BrOEyyi.exe
  C:\Windows\System\BrOEyyi.exe
  2⤵
  PID:8864
- C:\Windows\System\bTVOQjF.exe
  C:\Windows\System\bTVOQjF.exe
  2⤵
  PID:8920
- C:\Windows\System\AMSXiZT.exe
  C:\Windows\System\AMSXiZT.exe
  2⤵
  PID:8972
- C:\Windows\System\jWaPVlg.exe
  C:\Windows\System\jWaPVlg.exe
  2⤵
  PID:9060
- C:\Windows\System\DQniFlu.exe
  C:\Windows\System\DQniFlu.exe
  2⤵
  PID:8968
- C:\Windows\System\IlbrhYi.exe
  C:\Windows\System\IlbrhYi.exe
  2⤵
  PID:9128
- C:\Windows\System\bnJTNpw.exe
  C:\Windows\System\bnJTNpw.exe
  2⤵
  PID:9116
- C:\Windows\System\fCOHRup.exe
  C:\Windows\System\fCOHRup.exe
  2⤵
  PID:9156
- C:\Windows\System\gdWgBGH.exe
  C:\Windows\System\gdWgBGH.exe
  2⤵
  PID:7392
- C:\Windows\System\sUceWXk.exe
  C:\Windows\System\sUceWXk.exe
  2⤵
  PID:7156
- C:\Windows\System\zOnVUYr.exe
  C:\Windows\System\zOnVUYr.exe
  2⤵
  PID:7596
- C:\Windows\System\MRXKTEc.exe
  C:\Windows\System\MRXKTEc.exe
  2⤵
  PID:8252
- C:\Windows\System\UtbxKbC.exe
  C:\Windows\System\UtbxKbC.exe
  2⤵
  PID:8292
- C:\Windows\System\XNBFQyT.exe
  C:\Windows\System\XNBFQyT.exe
  2⤵
  PID:7672
- C:\Windows\System\baPjtFu.exe
  C:\Windows\System\baPjtFu.exe
  2⤵
  PID:8548
- C:\Windows\System\bzywLTI.exe
  C:\Windows\System\bzywLTI.exe
  2⤵
  PID:7764
- C:\Windows\System\aBqzobf.exe
  C:\Windows\System\aBqzobf.exe
  2⤵
  PID:7836
- C:\Windows\System\iizLJPl.exe
  C:\Windows\System\iizLJPl.exe
  2⤵
  PID:8680
- C:\Windows\System\jjVhIeH.exe
  C:\Windows\System\jjVhIeH.exe
  2⤵
  PID:8396
- C:\Windows\System\ivVhRuB.exe
  C:\Windows\System\ivVhRuB.exe
  2⤵
  PID:8628
- C:\Windows\System\nQQJwlt.exe
  C:\Windows\System\nQQJwlt.exe
  2⤵
  PID:8432
- C:\Windows\System\mTxbRLK.exe
  C:\Windows\System\mTxbRLK.exe
  2⤵
  PID:8520
- C:\Windows\System\UXOLJlK.exe
  C:\Windows\System\UXOLJlK.exe
  2⤵
  PID:8532
- C:\Windows\System\UaoezpF.exe
  C:\Windows\System\UaoezpF.exe
  2⤵
  PID:8900
- C:\Windows\System\BUSFaBL.exe
  C:\Windows\System\BUSFaBL.exe
  2⤵
  PID:8524
- C:\Windows\System\KELAVxI.exe
  C:\Windows\System\KELAVxI.exe
  2⤵
  PID:7872
- C:\Windows\System\GZGXFQl.exe
  C:\Windows\System\GZGXFQl.exe
  2⤵
  PID:8824
- C:\Windows\System\ofTVHIr.exe
  C:\Windows\System\ofTVHIr.exe
  2⤵
  PID:8952
- C:\Windows\System\yVZpLrc.exe
  C:\Windows\System\yVZpLrc.exe
  2⤵
  PID:8988
- C:\Windows\System\BubiWiG.exe
  C:\Windows\System\BubiWiG.exe
  2⤵
  PID:9000
- C:\Windows\System\dkaqRAf.exe
  C:\Windows\System\dkaqRAf.exe
  2⤵
  PID:9096
- C:\Windows\System\TBhXUnx.exe
  C:\Windows\System\TBhXUnx.exe
  2⤵
  PID:9200
- C:\Windows\System\cvBCzIt.exe
  C:\Windows\System\cvBCzIt.exe
  2⤵
  PID:9188
- C:\Windows\System\ljsdjpE.exe
  C:\Windows\System\ljsdjpE.exe
  2⤵
  PID:8216
- C:\Windows\System\ZeWqXZT.exe
  C:\Windows\System\ZeWqXZT.exe
  2⤵
  PID:6824
- C:\Windows\System\gfEbLNN.exe
  C:\Windows\System\gfEbLNN.exe
  2⤵
  PID:7784
- C:\Windows\System\uGSYMxs.exe
  C:\Windows\System\uGSYMxs.exe
  2⤵
  PID:9080
- C:\Windows\System\dkvdrTd.exe
  C:\Windows\System\dkvdrTd.exe
  2⤵
  PID:8516
- C:\Windows\System\BCdlnIe.exe
  C:\Windows\System\BCdlnIe.exe
  2⤵
  PID:8132
- C:\Windows\System\rhbSaur.exe
  C:\Windows\System\rhbSaur.exe
  2⤵
  PID:8392
- C:\Windows\System\lpdDuAQ.exe
  C:\Windows\System\lpdDuAQ.exe
  2⤵
  PID:8708
- C:\Windows\System\QBxvKnx.exe
  C:\Windows\System\QBxvKnx.exe
  2⤵
  PID:8744
- C:\Windows\System\FvTDNmG.exe
  C:\Windows\System\FvTDNmG.exe
  2⤵
  PID:8476
- C:\Windows\System\eXMBqBt.exe
  C:\Windows\System\eXMBqBt.exe
  2⤵
  PID:9100
- C:\Windows\System\LsmBnkO.exe
  C:\Windows\System\LsmBnkO.exe
  2⤵
  PID:9032
- C:\Windows\System\rZuYUuR.exe
  C:\Windows\System\rZuYUuR.exe
  2⤵
  PID:9152
- C:\Windows\System\xWKGGOx.exe
  C:\Windows\System\xWKGGOx.exe
  2⤵
  PID:8916
- C:\Windows\System\QufUWmJ.exe
  C:\Windows\System\QufUWmJ.exe
  2⤵
  PID:8056
- C:\Windows\System\UbEXthK.exe
  C:\Windows\System\UbEXthK.exe
  2⤵
  PID:8664
- C:\Windows\System\QfmPfgH.exe
  C:\Windows\System\QfmPfgH.exe
  2⤵
  PID:8884
- C:\Windows\System\yeOIjGC.exe
  C:\Windows\System\yeOIjGC.exe
  2⤵
  PID:9056
- C:\Windows\System\JheZWJQ.exe
  C:\Windows\System\JheZWJQ.exe
  2⤵
  PID:8212
- C:\Windows\System\QQMYlnS.exe
  C:\Windows\System\QQMYlnS.exe
  2⤵
  PID:7296
- C:\Windows\System\mtzEBAM.exe
  C:\Windows\System\mtzEBAM.exe
  2⤵
  PID:9112
- C:\Windows\System\BXTnRQC.exe
  C:\Windows\System\BXTnRQC.exe
  2⤵
  PID:8160
- C:\Windows\System\ehxvRvF.exe
  C:\Windows\System\ehxvRvF.exe
  2⤵
  PID:8768
- C:\Windows\System\ZEFRJCF.exe
  C:\Windows\System\ZEFRJCF.exe
  2⤵
  PID:8324
- C:\Windows\System\BbgQMhH.exe
  C:\Windows\System\BbgQMhH.exe
  2⤵
  PID:9016
- C:\Windows\System\jHHyjbr.exe
  C:\Windows\System\jHHyjbr.exe
  2⤵
  PID:7968
- C:\Windows\System\TiCtGlL.exe
  C:\Windows\System\TiCtGlL.exe
  2⤵
  PID:7564
- C:\Windows\System\eDHiEdR.exe
  C:\Windows\System\eDHiEdR.exe
  2⤵
  PID:8536
- C:\Windows\System\mFfuJOh.exe
  C:\Windows\System\mFfuJOh.exe
  2⤵
  PID:8808
- C:\Windows\System\EwEjnQZ.exe
  C:\Windows\System\EwEjnQZ.exe
  2⤵
  PID:8936
- C:\Windows\System\leMFgDs.exe
  C:\Windows\System\leMFgDs.exe
  2⤵
  PID:8676
- C:\Windows\System\xwXFDSC.exe
  C:\Windows\System\xwXFDSC.exe
  2⤵
  PID:7972
- C:\Windows\System\NdXKKoS.exe
  C:\Windows\System\NdXKKoS.exe
  2⤵
  PID:9224
- C:\Windows\System\VVIDvfw.exe
  C:\Windows\System\VVIDvfw.exe
  2⤵
  PID:9240
- C:\Windows\System\HuikCzZ.exe
  C:\Windows\System\HuikCzZ.exe
  2⤵
  PID:9256
- C:\Windows\System\axNdnsE.exe
  C:\Windows\System\axNdnsE.exe
  2⤵
  PID:9272
- C:\Windows\System\vYqXcQm.exe
  C:\Windows\System\vYqXcQm.exe
  2⤵
  PID:9288
- C:\Windows\System\hTOxRyI.exe
  C:\Windows\System\hTOxRyI.exe
  2⤵
  PID:9304
- C:\Windows\System\HJeqOrS.exe
  C:\Windows\System\HJeqOrS.exe
  2⤵
  PID:9320
- C:\Windows\System\ISBcJkY.exe
  C:\Windows\System\ISBcJkY.exe
  2⤵
  PID:9344
- C:\Windows\System\FGqlDvp.exe
  C:\Windows\System\FGqlDvp.exe
  2⤵
  PID:9364
- C:\Windows\System\fPYHbUR.exe
  C:\Windows\System\fPYHbUR.exe
  2⤵
  PID:9384
- C:\Windows\System\fbSgPKR.exe
  C:\Windows\System\fbSgPKR.exe
  2⤵
  PID:9400
- C:\Windows\System\teZxFop.exe
  C:\Windows\System\teZxFop.exe
  2⤵
  PID:9420
- C:\Windows\System\MyQsBSU.exe
  C:\Windows\System\MyQsBSU.exe
  2⤵
  PID:9436
- C:\Windows\System\ohibrTR.exe
  C:\Windows\System\ohibrTR.exe
  2⤵
  PID:9452
- C:\Windows\System\orkYMsc.exe
  C:\Windows\System\orkYMsc.exe
  2⤵
  PID:9468
- C:\Windows\System\JfTWRZC.exe
  C:\Windows\System\JfTWRZC.exe
  2⤵
  PID:9484
- C:\Windows\System\xQtIvlF.exe
  C:\Windows\System\xQtIvlF.exe
  2⤵
  PID:9504
- C:\Windows\System\HDLXKkc.exe
  C:\Windows\System\HDLXKkc.exe
  2⤵
  PID:9520
- C:\Windows\System\BKjdojn.exe
  C:\Windows\System\BKjdojn.exe
  2⤵
  PID:9536
- C:\Windows\System\fbKsSYi.exe
  C:\Windows\System\fbKsSYi.exe
  2⤵
  PID:9560
- C:\Windows\System\MrStPFK.exe
  C:\Windows\System\MrStPFK.exe
  2⤵
  PID:9580
- C:\Windows\System\XXTnFPU.exe
  C:\Windows\System\XXTnFPU.exe
  2⤵
  PID:9660
- C:\Windows\System\ZafUDdv.exe
  C:\Windows\System\ZafUDdv.exe
  2⤵
  PID:9680
- C:\Windows\System\RoDRnqX.exe
  C:\Windows\System\RoDRnqX.exe
  2⤵
  PID:9700
- C:\Windows\System\rdHfEYy.exe
  C:\Windows\System\rdHfEYy.exe
  2⤵
  PID:9716
- C:\Windows\System\kkfwAwW.exe
  C:\Windows\System\kkfwAwW.exe
  2⤵
  PID:9732
- C:\Windows\System\PQBnyDp.exe
  C:\Windows\System\PQBnyDp.exe
  2⤵
  PID:9752
- C:\Windows\System\qZwJkAO.exe
  C:\Windows\System\qZwJkAO.exe
  2⤵
  PID:9784
- C:\Windows\System\EuHOoyy.exe
  C:\Windows\System\EuHOoyy.exe
  2⤵
  PID:9800
- C:\Windows\System\KKLzCew.exe
  C:\Windows\System\KKLzCew.exe
  2⤵
  PID:9816
- C:\Windows\System\NbrTNiH.exe
  C:\Windows\System\NbrTNiH.exe
  2⤵
  PID:9844
- C:\Windows\System\fRgqjBx.exe
  C:\Windows\System\fRgqjBx.exe
  2⤵
  PID:9864
- C:\Windows\System\DILVKaD.exe
  C:\Windows\System\DILVKaD.exe
  2⤵
  PID:9884
- C:\Windows\System\qwXPpOZ.exe
  C:\Windows\System\qwXPpOZ.exe
  2⤵
  PID:9900
- C:\Windows\System\YWtdKHF.exe
  C:\Windows\System\YWtdKHF.exe
  2⤵
  PID:9924
- C:\Windows\System\TOvdJdd.exe
  C:\Windows\System\TOvdJdd.exe
  2⤵
  PID:9944
- C:\Windows\System\BSMjdLs.exe
  C:\Windows\System\BSMjdLs.exe
  2⤵
  PID:9964
- C:\Windows\System\vIrgcFp.exe
  C:\Windows\System\vIrgcFp.exe
  2⤵
  PID:9984
- C:\Windows\System\KdXwfNl.exe
  C:\Windows\System\KdXwfNl.exe
  2⤵
  PID:10012
- C:\Windows\System\iFicMWa.exe
  C:\Windows\System\iFicMWa.exe
  2⤵
  PID:10036
- C:\Windows\System\wAaszkL.exe
  C:\Windows\System\wAaszkL.exe
  2⤵
  PID:10060
- C:\Windows\System\LbGbPnj.exe
  C:\Windows\System\LbGbPnj.exe
  2⤵
  PID:10076
- C:\Windows\System\ftWSilK.exe
  C:\Windows\System\ftWSilK.exe
  2⤵
  PID:10104
- C:\Windows\System\xCYhMoq.exe
  C:\Windows\System\xCYhMoq.exe
  2⤵
  PID:10124
- C:\Windows\System\wXcyZMH.exe
  C:\Windows\System\wXcyZMH.exe
  2⤵
  PID:10140
- C:\Windows\System\hJQJseQ.exe
  C:\Windows\System\hJQJseQ.exe
  2⤵
  PID:10156
- C:\Windows\System\ulMadjQ.exe
  C:\Windows\System\ulMadjQ.exe
  2⤵
  PID:10176
- C:\Windows\System\NBkZODF.exe
  C:\Windows\System\NBkZODF.exe
  2⤵
  PID:10192
- C:\Windows\System\zAxJSRM.exe
  C:\Windows\System\zAxJSRM.exe
  2⤵
  PID:10220
- C:\Windows\System\mPFyuGU.exe
  C:\Windows\System\mPFyuGU.exe
  2⤵
  PID:9280
- C:\Windows\System\ZVWSGln.exe
  C:\Windows\System\ZVWSGln.exe
  2⤵
  PID:9352
- C:\Windows\System\yqUhKVZ.exe
  C:\Windows\System\yqUhKVZ.exe
  2⤵
  PID:9360
- C:\Windows\System\JYDYiST.exe
  C:\Windows\System\JYDYiST.exe
  2⤵
  PID:9496
- C:\Windows\System\tZhrftq.exe
  C:\Windows\System\tZhrftq.exe
  2⤵
  PID:9528
- C:\Windows\System\mnwIVpE.exe
  C:\Windows\System\mnwIVpE.exe
  2⤵
  PID:9544
- C:\Windows\System\ZSfdcOH.exe
  C:\Windows\System\ZSfdcOH.exe
  2⤵
  PID:9340
- C:\Windows\System\dJHhTCp.exe
  C:\Windows\System\dJHhTCp.exe
  2⤵
  PID:9268
- C:\Windows\System\GaupBXa.exe
  C:\Windows\System\GaupBXa.exe
  2⤵
  PID:8232
- C:\Windows\System\pjfmdtJ.exe
  C:\Windows\System\pjfmdtJ.exe
  2⤵
  PID:9592
- C:\Windows\System\KEyvWpc.exe
  C:\Windows\System\KEyvWpc.exe
  2⤵
  PID:9588
- C:\Windows\System\FWLJgdm.exe
  C:\Windows\System\FWLJgdm.exe
  2⤵
  PID:9372
- C:\Windows\System\oewrDXy.exe
  C:\Windows\System\oewrDXy.exe
  2⤵
  PID:9612
- C:\Windows\System\xoImQmi.exe
  C:\Windows\System\xoImQmi.exe
  2⤵
  PID:9632
- C:\Windows\System\GZBEiZK.exe
  C:\Windows\System\GZBEiZK.exe
  2⤵
  PID:9652
- C:\Windows\System\PYEbvwI.exe
  C:\Windows\System\PYEbvwI.exe
  2⤵
  PID:9688
- C:\Windows\System\yoBQxaL.exe
  C:\Windows\System\yoBQxaL.exe
  2⤵
  PID:9748
- C:\Windows\System\XDtfmsH.exe
  C:\Windows\System\XDtfmsH.exe
  2⤵
  PID:9764
- C:\Windows\System\owPkasT.exe
  C:\Windows\System\owPkasT.exe
  2⤵
  PID:9796
- C:\Windows\System\wGRDJBQ.exe
  C:\Windows\System\wGRDJBQ.exe
  2⤵
  PID:9836
- C:\Windows\System\oDdlkKQ.exe
  C:\Windows\System\oDdlkKQ.exe
  2⤵
  PID:9856
- C:\Windows\System\muqMbNg.exe
  C:\Windows\System\muqMbNg.exe
  2⤵
  PID:9896
- C:\Windows\System\xgfyfxM.exe
  C:\Windows\System\xgfyfxM.exe
  2⤵
  PID:9912
- C:\Windows\System\sRNhHxz.exe
  C:\Windows\System\sRNhHxz.exe
  2⤵
  PID:9956
- C:\Windows\System\eSasztx.exe
  C:\Windows\System\eSasztx.exe
  2⤵
  PID:10008
- C:\Windows\System\LNAnSvL.exe
  C:\Windows\System\LNAnSvL.exe
  2⤵
  PID:10052
- C:\Windows\System\qpPBTui.exe
  C:\Windows\System\qpPBTui.exe
  2⤵
  PID:10072
- C:\Windows\System\nZHGXTS.exe
  C:\Windows\System\nZHGXTS.exe
  2⤵
  PID:10092
- C:\Windows\System\etPhEdV.exe
  C:\Windows\System\etPhEdV.exe
  2⤵
  PID:10164
- C:\Windows\System\tdWXiwa.exe
  C:\Windows\System\tdWXiwa.exe
  2⤵
  PID:10204
- C:\Windows\System\EOCHJdB.exe
  C:\Windows\System\EOCHJdB.exe
  2⤵
  PID:10216
- C:\Windows\System\VXZyrJg.exe
  C:\Windows\System\VXZyrJg.exe
  2⤵
  PID:10236
- C:\Windows\System\zWewyXP.exe
  C:\Windows\System\zWewyXP.exe
  2⤵
  PID:9432
- C:\Windows\System\pwTzzTp.exe
  C:\Windows\System\pwTzzTp.exe
  2⤵
  PID:9492
- C:\Windows\System\zRACSTk.exe
  C:\Windows\System\zRACSTk.exe
  2⤵
  PID:9480
- C:\Windows\System\SxkXGXR.exe
  C:\Windows\System\SxkXGXR.exe
  2⤵
  PID:9300
- C:\Windows\System\QrScsfm.exe
  C:\Windows\System\QrScsfm.exe
  2⤵
  PID:9336
- C:\Windows\System\FFCtUJY.exe
  C:\Windows\System\FFCtUJY.exe
  2⤵
  PID:9600
- C:\Windows\System\FoiyMCo.exe
  C:\Windows\System\FoiyMCo.exe
  2⤵
  PID:9604
- C:\Windows\System\aDRLjaR.exe
  C:\Windows\System\aDRLjaR.exe
  2⤵
  PID:9648
- C:\Windows\System\tOddwIA.exe
  C:\Windows\System\tOddwIA.exe
  2⤵
  PID:9712
- C:\Windows\System\fidegrP.exe
  C:\Windows\System\fidegrP.exe
  2⤵
  PID:9760
- C:\Windows\System\ikvuyDb.exe
  C:\Windows\System\ikvuyDb.exe
  2⤵
  PID:9792
- C:\Windows\System\rRXZTfg.exe
  C:\Windows\System\rRXZTfg.exe
  2⤵
  PID:9852
- C:\Windows\System\wZfumnU.exe
  C:\Windows\System\wZfumnU.exe
  2⤵
  PID:9876
- C:\Windows\System\nImuzOI.exe
  C:\Windows\System\nImuzOI.exe
  2⤵
  PID:9960
- C:\Windows\System\ObJrCVN.exe
  C:\Windows\System\ObJrCVN.exe
  2⤵
  PID:10020
- C:\Windows\System\eBRjZdv.exe
  C:\Windows\System\eBRjZdv.exe
  2⤵
  PID:10068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BZRLSip.exe

Filesize
6.0MB

MD5
80005c41fc61ccd6ff82efcaefef431d

SHA1
6f99220dc66ff9455dc6e6934462439ee30fc826

SHA256
1af243a8f1351efb9655bc39f6cfb7f50c03d7f2b63fe75938deb0783b0a4178

SHA512
0a4115951b366330f767c6f332ed86a4c7e74ec98890943162277c94e976a1e57fcf75f2208753f143fcab47cb68d1ae9428b2c2eb9e968df0aa3b0eae3f41a6

Download Submit
C:\Windows\system\BqFTuSc.exe

Filesize
6.0MB

MD5
21e2ee610ae9a31ba6ecfc4cf4810c25

SHA1
8842aaca54920379fe6053a7d513bcfba6f6fa74

SHA256
0f2b3af303cf37c009aa4cc713684d439e8ffaeb4fd44521b4f6c5dc176b05e7

SHA512
81e1263230d13efb2fead1c94de8bc7cbe55ec8a3d452ac5b93ee19d83659ea5bac46c5ade1ea5dff4a97d0762cc5b8fcecfad40a4050ad6189fa515c0bf43e6

Download Submit
C:\Windows\system\FtuoXkV.exe

Filesize
6.0MB

MD5
17a7bccaad1e333aa52511091da22423

SHA1
f7e86ade2906f255a2d0907b20785271a4a8827e

SHA256
d14c43840211bae305316d290704780537ceb32099e7b44b73efaeefaf9d07ec

SHA512
59114c4bfa81119c13f284d87d1ab5d02f8b56b00aaf99adf5481f485bec1c6f7e2c3f26dd85d589efe6f919ac0def5ec15079b77a32a34f0aadeeb1f33ce274

Download Submit
C:\Windows\system\HhRhjNy.exe

Filesize
6.0MB

MD5
de4d4278246b26b79cc30556ad81d9f7

SHA1
0eb4fbf86fd29e7f77d482a26a834b03b3d463bf

SHA256
b0b10035cd9967ae263073ad0d5b836df465730500548bcef3572a02016f4aed

SHA512
3758e53eb31e7fd6a4e5e95a1de84ec1acc28c540059236a26b46ec057634994ca941295c1f09a23db2c605f06d65f4e2c6292eec998de882a562ed1ba635017

Download Submit
C:\Windows\system\IuVizZF.exe

Filesize
6.0MB

MD5
27939dbce5de63f342e2be2d2e9b2c46

SHA1
0450720bded7129a56880dd4cea0b00ea439c157

SHA256
9a7fcb84f8f97d9cb5abeb83329d42ea60738756069eac16db7defd8fa7500f4

SHA512
bcd3130ed115d253f6dac0d96fc26d65f6daf91fdb41bc9d3521f33ada7fbc09832e10649d3e4ae77dddea843863414c533483244e5b8a37057cbb338d270bff

Download Submit
C:\Windows\system\LPnyjaS.exe

Filesize
6.0MB

MD5
2e636b26b7a07e93ee27c479ffef25c3

SHA1
d777184526e5d6d32e38ace40444f2ae5345901a

SHA256
fca95c61fada163b55bd2fb7af8e8d95b77c123bc8ac0b11f1c00aa5c263683f

SHA512
90d448e27015454297cc4ebd92885d4a560aedb871423ddec369aed90c374be3399c04c8a59ec8fcd275dee5e4715e30d2b919f5c3f3f2d7aa745e5b4e6d2863

Download Submit
C:\Windows\system\MIeHRlU.exe

Filesize
6.0MB

MD5
8858e486cf7c4593f55a1b12714bbd91

SHA1
b786ff7053d1aee7bfb0a8f836064056062ac1f9

SHA256
a7e8a22afdd0b7b3837fca9b4dfcfdcf8143421f884ed4c44020391f201db6dd

SHA512
60be6f0716b7a75d725b07cc725b9e5ca4ff03f613805d4c5899cc4b8f5be6f0f484ac81d00e784a0327345fbccb8a01b3b6aa0c9155f0b516de266041e27304

Download Submit
C:\Windows\system\MKeQIZI.exe

Filesize
6.0MB

MD5
bf48ea53560d2104832cbe7decb1d7b5

SHA1
8c3ec92f15e73110c845efe1a13f1554aa5a47b4

SHA256
75c90596f9304c422feac09f3b87fa2079a706d43fa0621737b69ccbe5b8290e

SHA512
28e47540054f0bfdd65702c42db2464a09120b64a23231ef6eeb1445ba0ec66eaa4862cdbf662c283c6598de3d7f04d9438946bc150b3392aba73fbf3e288e7b

Download Submit
C:\Windows\system\OFZnJQi.exe

Filesize
6.0MB

MD5
e73df5d47a4b9103aa4d4efb12e91dac

SHA1
2dd805c1799864301eb0a1a9983cfd6042ed6d52

SHA256
df65e1010dae006c8b893772174a9b5e9ef271cbd569cd009c84dd146e6e1851

SHA512
d2ebeeeb09a93b0021e08ca7413e5c8e45236f74d637b98922afbed6cf0dc02a25eb0ed21cc533901d3d623b75a28509616e97eda49c725751ad569c111cd7df

Download Submit
C:\Windows\system\QWYKlEu.exe

Filesize
6.0MB

MD5
7390c1e7a731180d1154dad64c2c2c3a

SHA1
111ee5276038128ada2aeae0834330908d9d1b48

SHA256
a9020663a92920aefdde61d9a701e75a6ab9ca066ab8e97a587f3771cb48d31f

SHA512
952fe29c4c558bd763b1ae99a79e091897b0243c4132c4f6f6950d3fdd9a7c38c9364c78b016e53851d7557697f0cc3f15b7bbf185cade68aead86705bdda3e3

Download Submit
C:\Windows\system\QXKumQo.exe

Filesize
6.0MB

MD5
e61d70c0760262578b7ea29a946e50e1

SHA1
3f16565e81469a1aff26cb5ba8f082810b12abac

SHA256
fbcf5cdc1387d9261e29bdffaeac60ac174e1fafcd013a5ce6ce4c06f6ce4007

SHA512
fac20f0d17ed197d00126237a4651ab33e0fb3ea1f593500d8442b193682e254d75fa5bc4ac78588842e6ca20090e59693f38ded17a591067d6b307b0d362636

Download Submit
C:\Windows\system\SpKvpNP.exe

Filesize
6.0MB

MD5
7404e15e177246cf130ff3d932c8377e

SHA1
c6005849d6989898e2bacce3171493df2bc70931

SHA256
c508014a7fca8d65b230b5e415771586c576339641a0c2159bf4feb4a4f5e855

SHA512
ea6c8f81686e814730154ccd4d89a3dd72fcbae261e055f0905f335e344b3f204a0916e6d7f91a94715225e7e71f1051831ea9ebd54a42256613431484c03e4e

Download Submit
C:\Windows\system\UyAbYGu.exe

Filesize
6.0MB

MD5
e35e9f7ad396ea1774a718741f9e1289

SHA1
4c7e9e013171671ae936f77983cec54ea70b1e68

SHA256
5d130ec374c0daf9094297eb303576340dc2379ac74439a2a90ff7692de5c34f

SHA512
468754fe7da60cc8b44c4f05e88a4f662a60bda786f603962f1ff02efc356100417831f2688b70664c3333faef9d3ab88a4ae2764cbaebaa09d184d954e25ce3

Download Submit
C:\Windows\system\XzgwwcF.exe

Filesize
6.0MB

MD5
2b7dfca2d63521a29fcae40b2bfc8c73

SHA1
b8decdec505e073f915b7abccefcf3c3e7e39a29

SHA256
c1054d786389b70c866ad3abc7d38e9402c9d82aa19ea05c8406f5b5b65b563b

SHA512
d5e9623352ba4cae642017ad8e9ecffcbf58f461c431db62743ab9960a329a5adf8ef35d7d7de9f71f2dd6f54ae89fa59e9bf724ec10b9d4fe38cc55378c4333

Download Submit
C:\Windows\system\ahEcxYV.exe

Filesize
6.0MB

MD5
f95055b02238a4c31ef4762336ee48cd

SHA1
13fbf98ac8e602add6210cbb35fe90c68d933ae5

SHA256
530e855d24c1358e526531bda6ae21bb81a29369af8a30145ae47b66271b8d85

SHA512
572493a768a629bb9d2943f482641e7abe06965692f0606542faaf2fdf836859219c9519b5e85a3b582a3c272d899562076a62abd92cfe238eb40f20d20db002

Download Submit
C:\Windows\system\chEmrNL.exe

Filesize
6.0MB

MD5
b15f6b1f633945293838385fe8d74550

SHA1
82266588595909b1a43e85d6a246bf7654d01cb1

SHA256
b8b592b680498db95aa33a491ca083a236b6342a6806646e1f9508836d212377

SHA512
94c19441ce3d040dcb6421e7aaeddc9e6314f01c3f5a361d09be785726017a77467e4daf47511da28283591a8ad082ca654a7c0e98fd425b3115d05618edbc2a

Download Submit
C:\Windows\system\dBNKFNA.exe

Filesize
6.0MB

MD5
f14bd230fdb34cae9dffd216ea45fe7e

SHA1
d675f9f3c0a76942ff07f29dc19d5d52cc300591

SHA256
3e309b6b726d0093e49c18a3bf5ff8ea7effc9b642a5073fdf7e9582319cb4e3

SHA512
cea5788b88c12b245b44204edc263dab2fd398300462370c21fe0d3f5dd6a4e58c856db89710b43876300138f25c363a40f4141b1890285f65340df1fc6e345c

Download Submit
C:\Windows\system\dGAkBVn.exe

Filesize
6.0MB

MD5
e490d66776d282c555d8be05bbbd6ac9

SHA1
b878f84dfd8a3243963ea5930cc3a93ad547369e

SHA256
15ffddd8d80082cfc893445f98a92392ca64b8b437358597930cef1a4eaec1b5

SHA512
d2f155db2d2918ff87595860d68baff71558c8ec885d4b9a5f31f148253771635329b812fb04bd26b8537c2cec7ed2fa3c9dd6544d31590f442316878b28a5b8

Download Submit
C:\Windows\system\drklfkY.exe

Filesize
6.0MB

MD5
bdf72125b695cec62a84192f0f1af099

SHA1
bf162ce3cbe267c3dfebbe18d4616ec7eb498d33

SHA256
965113b7f4cbbf7c2446b94e9e0176f79e26d0c224ea752679952bd70d742284

SHA512
c730c532159a1c9939a19deaff303a97f1cc6763a79219a5c3a4fbbd5318a660f06bed308a3e5826b9bad1462c52d168230be876c3528c9c85e0bb05bf2ce6cf

Download Submit
C:\Windows\system\elpkBgl.exe

Filesize
6.0MB

MD5
96617e5a776e6fbc193ce52c12152a11

SHA1
48019d244516d5cab9a72c2b7833734c85ddd116

SHA256
b5daab082d297c43c0891e767e472b2fb23e793ddf221c7f22629a31bc2e542d

SHA512
2180f7e8f4d10998570c8abff6b5addaaa182acc29d5c6158cc625984f8559546c82ef5473172f1ee0b2dd84d9aa2c8ac9732fd46fbcb4b6be3b5eb024a00b43

Download Submit
C:\Windows\system\hYeaPEv.exe

Filesize
6.0MB

MD5
c16a1c55414ddcc73a9d56734e51cea6

SHA1
3baeef70c6eda13e0d533853f25d1fb2c51af1c8

SHA256
6aa3ac1e3d053a051d10f796b09ef04a095932bcc89c90175a71741374b9a2a2

SHA512
0aaef7b05774181f6c099b4c2794fa5d3ae28aefb2acabbab04cd0f355897b296b4bdc440409453eb791388e2f40546261f7d2c6404aa294597f550241b943b2

Download Submit
C:\Windows\system\jrpBpBF.exe

Filesize
6.0MB

MD5
58ca7b1e5a25b101ca766b6a8945a662

SHA1
0e16ee9b894008deb0ed65e014cda95d2700f149

SHA256
56f569217975d08fbe8b0e3ac216fa36f913c8222b6511095049081cf4d5e22d

SHA512
2b3f3a3c79c6c329d4ad6ec0c95f3c9cfe782d3357cc7ab537c6e35856706b3bc1f90134c880833b078f5b3aa9df3198964ea62b40412e7c92e687bfc5c5cca8

Download Submit
C:\Windows\system\kysFmRW.exe

Filesize
6.0MB

MD5
6a70542cc39413993b974f9b5956f4be

SHA1
d9a2c2888410cc7250edf12c7c1534ea9b8e43e4

SHA256
2d3450338cb381cf9b01b2adaa33e71e9df339f2cd3b5b2ba8b4c19284b61874

SHA512
7ce862277c01e634206ccee7f3a08666ce9fb0472369e21d08e809d07b41c6421801e5852b522bcbb56e7816f5431d1b740f01bd0f0783a5ba5677e54d55006e

Download Submit
C:\Windows\system\nxvzDxt.exe

Filesize
6.0MB

MD5
c1abdb7d97f7871c673c8cc6b9f8f85e

SHA1
6d3a921e043dc8894bf22715e78937c86bf0dab0

SHA256
aa16b7068147937e1f344efc8252ca398bc5f5ea2d0759417c5a6585e064d51c

SHA512
7f28cbf2761883337290523b9d2f18b8ce31a93199e1a38f08abd8c2109d620ce7c5b6d7ad4cfefee6fd8bcc67419960101628ce749463d33bf6288d82ca0ba8

Download Submit
C:\Windows\system\rDUkoVW.exe

Filesize
6.0MB

MD5
5402ef9a787b90ffb7c63d08847b65a6

SHA1
d81d2c239d4b834a1a41826ab97e2e3a789dd6e2

SHA256
3ffb177c00a020f999ec8e78876057c83bac5825302f26ed8de447932c589aed

SHA512
b3474b6d9c35520ebe687d446786472b5e8a5821d401936a4a77288d57069359273ac649333137b38895c94dc2bc907dbb486afd51129bade8efd9af09985028

Download Submit
C:\Windows\system\riSwuiE.exe

Filesize
6.0MB

MD5
bb6cb337bf2df0553cdf2d389bf254a3

SHA1
0b870dd3b6966dbe5cbbd1dd2137d20e77d82c3b

SHA256
9fe09901e286757c9d885b8745ce5189a8183a3cb43200f5a743b757c22a0983

SHA512
0cd165166b274edeab07fbfcdac3411904e7bbc3274ebddd36418d9af4725cc8c3c24303287c06560a279ba36c914c6f0f69c5ba7970e6e73c98df0ec9ed49f4

Download Submit
C:\Windows\system\vLZOSxT.exe

Filesize
6.0MB

MD5
0e88771cc38e23050b95d6e1bc52cd93

SHA1
3999f215f5133fe09b2b1ed4d8053941a153e665

SHA256
146dc667cf6c79cbdcb2257bc1d31871e7fbb6c8ef89267e48ab75df88fcc355

SHA512
dd6bb0ccea3164982456ba021940f8b211057217982afc97de12f8ca0f1764c21a6c1c4f67f145ec7df86affa076e91a329943c43300fcaba4b905a1dcfe95ed

Download Submit
C:\Windows\system\zbKMbun.exe

Filesize
6.0MB

MD5
acfc1cddc198f03b82d3f3c588fdf88b

SHA1
ecc11008dcd0278673c9b80e07671f1e96179418

SHA256
48fba466d8ec4c40a3d72cc091cd1fdbdc98f84be8d83e861d0da50a37e475bb

SHA512
2322aae984b52f11fa7a149248122eef11b908b65648eac2a6d0f1d55af4f189d9e06868a74b944bcdda32eb3669320d017287e893e57fce14c05073be933c91

Download Submit
\Windows\system\LicbyOK.exe

Filesize
6.0MB

MD5
d823199e875a0fce7d4b8583b4f22899

SHA1
54eb0a2749d3f592b673980adb459af5a83669a8

SHA256
0c5c127a69bf0a72a0a8b4f6f98e06d4c11f3811106b0fbf58901c2bc1c2925a

SHA512
b2797529216cf0038bfe65d3598c053f9836c87c07576308f751efefa0036ab628a8c7dbddb91edb4c2dd9a5d5ad9d484c02f0e28d937770ddb5756ed4f8bfa8

Download Submit
\Windows\system\Oaqbqch.exe

Filesize
6.0MB

MD5
515dec2ac13fe9632df9d472aaaa5686

SHA1
706534d7d0e911773970835c963c53c355cca08e

SHA256
96ab020ca18d9bcf874bc12e31402877600ca4813819b5440cc409f0672196c2

SHA512
ae1ddae28047754534bc742dcdf71e73f44757171260f7f3d64218ec8a3023e0ed8c65fb31509529a43895bf32ee8bbd1872c7d81149751ab9829a9841a30db5

Download Submit
\Windows\system\juYfPgI.exe

Filesize
6.0MB

MD5
d3e3ec0fc96e968fb09d4f2257ffbe46

SHA1
2b8680ec12a20d901b6d2016fcdcf5521abad39b

SHA256
cac8921f2ee08fb3ed412797385b0fbccedfe830ce1b09160579bb8fa5be7035

SHA512
8ce5fabd9427e99cd09407763e880b42262dc94079d4b8983e5222cbb3158f745d1c49ebdb5b5cc467cda557e91ff39dd2fb30c14ca6c06eb08ce3bb98358048

Download Submit
\Windows\system\zqBbpkM.exe

Filesize
6.0MB

MD5
b095234b249867adef95fb2e06a63608

SHA1
26f15b34bb674338bb3d6a2b9058a04d0a8facd0

SHA256
6deae4560d1bc0997e72b5a90824d7357857fa983e1f09c29d1410725d2a15a1

SHA512
6f27ee01af1c6b7be1e7d1b868a039bd9a7a457b1b20d135a275692e009205660a18872c8b3a27b73a08fc5060fbb8bf9d7c3bfc707477c1c99389fdc72424af

Download Submit
memory/1296-3982-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1296-77-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-15-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-3979-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-82-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3978-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2312-93-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2384-13-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2384-3981-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2684-40-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2684-738-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2684-29-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2684-388-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2684-65-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2684-66-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2684-78-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-73-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2684-59-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-390-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2684-0-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-94-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2684-9-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2684-24-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/2684-84-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2696-28-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3983-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3975-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-101-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-56-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3977-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2764-37-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3974-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-76-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3984-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2828-52-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2836-95-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2836-742-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3985-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2880-403-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2880-88-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3986-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3987-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2888-89-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2912-80-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3980-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2992-100-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3976-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2992-44-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download