cobaltstrike | 61335663c628079d8cdc4ee635b39e3debec547665a60a36361ed23e9abe4079

Analysis

max time kernel
122s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/01/2025, 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

66f967dfb688b1b070226f296cd90a6d
SHA1

02d757b69d189158cdbae0edbe9144b5df54edea
SHA256

61335663c628079d8cdc4ee635b39e3debec547665a60a36361ed23e9abe4079
SHA512

851cf5b5373409977047acfa0ca7531072f986fcd610c85a1f1e02919c5d1a834401dc8f82a8c2fd3beb52fe1bec90b62c1414ff57c11986285bd4459a89b051
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUm:T+q56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186dd-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186d9-11.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018710-19.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018718-29.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933b-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018766-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018780-42.dat	cobalt_reflective_dll
behavioral1/files/0x002f000000017530-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b62-55.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2440-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/files/0x00060000000186dd-12.dat	xmrig
behavioral1/files/0x00070000000186d9-11.dat	xmrig
behavioral1/files/0x0006000000018710-19.dat	xmrig
behavioral1/memory/2180-24-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2884-25-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0006000000018718-29.dat	xmrig
behavioral1/memory/2756-27-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2888-26-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2956-61-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x000600000001933b-64.dat	xmrig
behavioral1/files/0x000500000001961c-80.dat	xmrig
behavioral1/memory/2600-99-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-108.dat	xmrig
behavioral1/files/0x000500000001a075-162.dat	xmrig
behavioral1/files/0x000500000001a307-181.dat	xmrig
behavioral1/files/0x000500000001a41b-191.dat	xmrig
behavioral1/memory/1152-315-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2600-894-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x000500000001a359-186.dat	xmrig
behavioral1/files/0x000500000001a09e-176.dat	xmrig
behavioral1/files/0x000500000001a07e-172.dat	xmrig
behavioral1/files/0x0005000000019f94-170.dat	xmrig
behavioral1/files/0x0005000000019dbf-168.dat	xmrig
behavioral1/files/0x0005000000019cca-166.dat	xmrig
behavioral1/files/0x0005000000019c3c-144.dat	xmrig
behavioral1/files/0x0005000000019c57-125.dat	xmrig
behavioral1/files/0x0005000000019f8a-150.dat	xmrig
behavioral1/files/0x0005000000019d8e-139.dat	xmrig
behavioral1/memory/2956-100-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2440-98-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-97.dat	xmrig
behavioral1/files/0x0005000000019cba-130.dat	xmrig
behavioral1/files/0x0005000000019c3e-122.dat	xmrig
behavioral1/files/0x0005000000019c34-115.dat	xmrig
behavioral1/files/0x00050000000196a1-105.dat	xmrig
behavioral1/memory/1376-94-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2836-92-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2860-86-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2668-85-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2276-84-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961e-89.dat	xmrig
behavioral1/memory/2440-70-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/1684-69-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1152-76-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-73.dat	xmrig
behavioral1/memory/2860-47-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x0006000000018766-46.dat	xmrig
behavioral1/files/0x0008000000018780-42.dat	xmrig
behavioral1/memory/2692-59-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x002f000000017530-35.dat	xmrig
behavioral1/files/0x0008000000018b62-55.dat	xmrig
behavioral1/memory/2836-54-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2668-34-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2180-3052-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2756-3084-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2888-3113-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2884-3246-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2860-3319-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2692-3358-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2836-3359-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2276-3364-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2668-3351-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2756	gZAnluW.exe
2180	SnmajeY.exe
2884	BRGfxQQ.exe
2888	bcaeBBw.exe
2668	mnGjlyr.exe
2860	SpAoDjt.exe
2836	XmyuLzl.exe
2692	FIzHvPy.exe
2956	WyqzKhT.exe
1684	XmXiBYH.exe
1152	hJlfBUG.exe
2276	SyrWnBv.exe
1376	DpaDfsM.exe
2600	Ktflenc.exe
2920	nghAoJq.exe
1088	ctByzcx.exe
2064	EoDhmAI.exe
2092	OAQQHiY.exe
2408	uIABVaq.exe
568	QipIjtx.exe
2236	FrZvqrT.exe
2332	RyRjpQk.exe
1884	NmlYkBY.exe
2060	qKEUphv.exe
1252	ptCbAjS.exe
588	Ybkcpvo.exe
2072	VEsszQr.exe
2144	NUxJNnB.exe
2068	quaWgHh.exe
1060	XzVMTZC.exe
1888	pIkvnKL.exe
988	uLHjicI.exe
980	QtLfpvE.exe
2496	bPXsSks.exe
780	KGtTjvj.exe
1640	fhtsnFC.exe
1908	bubrnmJ.exe
3024	EyUgcLY.exe
2228	FGsIONl.exe
2824	bsloAoY.exe
1896	xiButDm.exe
1320	BeBOlAa.exe
2376	ykhstyd.exe
1804	FoNOLSZ.exe
1660	rxgjaWW.exe
3064	oWAuExR.exe
1972	KqFmEyS.exe
876	fwpaaFn.exe
1596	bPHMChO.exe
2416	TssHwkK.exe
2808	BPNeaTw.exe
2880	dvEgrPo.exe
2776	EduRaee.exe
2672	GzTaqAc.exe
2116	iUXsfxt.exe
2856	sAlwdnA.exe
3048	ZxeCBOB.exe
2368	kCmFVJn.exe
1816	YLOiUuE.exe
1100	nPMFcPP.exe
1744	ZmBvqQu.exe
1700	uGHVEjS.exe
300	rdRPTWd.exe
2136	FHICMQa.exe

Loads dropped DLL 64 IoCs

pid	Process
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2440-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/files/0x00060000000186dd-12.dat	upx
behavioral1/files/0x00070000000186d9-11.dat	upx
behavioral1/files/0x0006000000018710-19.dat	upx
behavioral1/memory/2180-24-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2884-25-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0006000000018718-29.dat	upx
behavioral1/memory/2756-27-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2888-26-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2956-61-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x000600000001933b-64.dat	upx
behavioral1/files/0x000500000001961c-80.dat	upx
behavioral1/memory/2600-99-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0005000000019926-108.dat	upx
behavioral1/files/0x000500000001a075-162.dat	upx
behavioral1/files/0x000500000001a307-181.dat	upx
behavioral1/files/0x000500000001a41b-191.dat	upx
behavioral1/memory/1152-315-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2600-894-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x000500000001a359-186.dat	upx
behavioral1/files/0x000500000001a09e-176.dat	upx
behavioral1/files/0x000500000001a07e-172.dat	upx
behavioral1/files/0x0005000000019f94-170.dat	upx
behavioral1/files/0x0005000000019dbf-168.dat	upx
behavioral1/files/0x0005000000019cca-166.dat	upx
behavioral1/files/0x0005000000019c3c-144.dat	upx
behavioral1/files/0x0005000000019c57-125.dat	upx
behavioral1/files/0x0005000000019f8a-150.dat	upx
behavioral1/files/0x0005000000019d8e-139.dat	upx
behavioral1/memory/2956-100-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x0005000000019667-97.dat	upx
behavioral1/files/0x0005000000019cba-130.dat	upx
behavioral1/files/0x0005000000019c3e-122.dat	upx
behavioral1/files/0x0005000000019c34-115.dat	upx
behavioral1/files/0x00050000000196a1-105.dat	upx
behavioral1/memory/1376-94-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2836-92-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2860-86-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2668-85-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2276-84-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000500000001961e-89.dat	upx
behavioral1/memory/2440-70-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/1684-69-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1152-76-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x000500000001960c-73.dat	upx
behavioral1/memory/2860-47-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0006000000018766-46.dat	upx
behavioral1/files/0x0008000000018780-42.dat	upx
behavioral1/memory/2692-59-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x002f000000017530-35.dat	upx
behavioral1/files/0x0008000000018b62-55.dat	upx
behavioral1/memory/2836-54-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2668-34-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2180-3052-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2756-3084-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2888-3113-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2884-3246-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2860-3319-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2692-3358-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2836-3359-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2276-3364-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2668-3351-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2956-3328-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RJFKFcy.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdLUWVt.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASnwjYn.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZksXsvx.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKXBBiZ.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUfJhhu.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAJXKXY.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paLlYYX.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQTJTxE.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzKXHHo.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWrQQRA.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QipIjtx.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrEfwRs.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykRZXpx.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUuNVqD.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZAnEJQ.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzbPGax.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdgJaci.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfhCEYS.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhQjpJo.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFOGhtu.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmTCQge.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTiRgmB.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTVhmhO.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKiJLfn.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYUxpXr.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMaThEo.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqGBNca.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOZPLFp.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmHarfj.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsIkgJp.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxAWigd.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whgcTkC.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVDaoWr.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYjJVgX.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpWVTAb.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEnFsOF.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmXiBYH.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ktflenc.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osQlobs.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlanmTz.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrxALIc.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKlSkFQ.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbCbsIe.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHcihbT.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnwuRmt.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbJaHsw.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VeJAHdy.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVZscPC.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPuWjzr.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptLsTrQ.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYuNrWw.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMgOqTi.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhNhbcM.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bsloAoY.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DAPusvc.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJOiFMm.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSPkAJr.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYbzDOk.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HadOyUj.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmlYkBY.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpCMfky.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahAieSd.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHGOezD.exe	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2756	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2440 wrote to memory of 2756	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2440 wrote to memory of 2756	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2440 wrote to memory of 2180	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2440 wrote to memory of 2180	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2440 wrote to memory of 2180	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2440 wrote to memory of 2884	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2440 wrote to memory of 2884	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2440 wrote to memory of 2884	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2440 wrote to memory of 2888	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2440 wrote to memory of 2888	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2440 wrote to memory of 2888	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2440 wrote to memory of 2668	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2440 wrote to memory of 2668	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2440 wrote to memory of 2668	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2440 wrote to memory of 2860	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2440 wrote to memory of 2860	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2440 wrote to memory of 2860	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2440 wrote to memory of 2836	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2440 wrote to memory of 2836	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2440 wrote to memory of 2836	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2440 wrote to memory of 2956	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2440 wrote to memory of 2956	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2440 wrote to memory of 2956	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2440 wrote to memory of 2692	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2440 wrote to memory of 2692	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2440 wrote to memory of 2692	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2440 wrote to memory of 1684	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2440 wrote to memory of 1684	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2440 wrote to memory of 1684	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2440 wrote to memory of 1152	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2440 wrote to memory of 1152	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2440 wrote to memory of 1152	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2440 wrote to memory of 2276	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2440 wrote to memory of 2276	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2440 wrote to memory of 2276	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2440 wrote to memory of 1376	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2440 wrote to memory of 1376	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2440 wrote to memory of 1376	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2440 wrote to memory of 2600	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2440 wrote to memory of 2600	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2440 wrote to memory of 2600	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2440 wrote to memory of 2920	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2440 wrote to memory of 2920	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2440 wrote to memory of 2920	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2440 wrote to memory of 2092	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2440 wrote to memory of 2092	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2440 wrote to memory of 2092	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2440 wrote to memory of 1088	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2440 wrote to memory of 1088	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2440 wrote to memory of 1088	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2440 wrote to memory of 2236	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2440 wrote to memory of 2236	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2440 wrote to memory of 2236	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2440 wrote to memory of 2064	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2440 wrote to memory of 2064	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2440 wrote to memory of 2064	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2440 wrote to memory of 1884	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2440 wrote to memory of 1884	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2440 wrote to memory of 1884	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2440 wrote to memory of 2408	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2440 wrote to memory of 2408	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2440 wrote to memory of 2408	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2440 wrote to memory of 1252	2440	2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_66f967dfb688b1b070226f296cd90a6d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\System\gZAnluW.exe
  C:\Windows\System\gZAnluW.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\SnmajeY.exe
  C:\Windows\System\SnmajeY.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\BRGfxQQ.exe
  C:\Windows\System\BRGfxQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\bcaeBBw.exe
  C:\Windows\System\bcaeBBw.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\mnGjlyr.exe
  C:\Windows\System\mnGjlyr.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\SpAoDjt.exe
  C:\Windows\System\SpAoDjt.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\XmyuLzl.exe
  C:\Windows\System\XmyuLzl.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\WyqzKhT.exe
  C:\Windows\System\WyqzKhT.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\FIzHvPy.exe
  C:\Windows\System\FIzHvPy.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\XmXiBYH.exe
  C:\Windows\System\XmXiBYH.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\hJlfBUG.exe
  C:\Windows\System\hJlfBUG.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\SyrWnBv.exe
  C:\Windows\System\SyrWnBv.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\DpaDfsM.exe
  C:\Windows\System\DpaDfsM.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\Ktflenc.exe
  C:\Windows\System\Ktflenc.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\nghAoJq.exe
  C:\Windows\System\nghAoJq.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\OAQQHiY.exe
  C:\Windows\System\OAQQHiY.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\ctByzcx.exe
  C:\Windows\System\ctByzcx.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\FrZvqrT.exe
  C:\Windows\System\FrZvqrT.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\EoDhmAI.exe
  C:\Windows\System\EoDhmAI.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\NmlYkBY.exe
  C:\Windows\System\NmlYkBY.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\uIABVaq.exe
  C:\Windows\System\uIABVaq.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\ptCbAjS.exe
  C:\Windows\System\ptCbAjS.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\QipIjtx.exe
  C:\Windows\System\QipIjtx.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\Ybkcpvo.exe
  C:\Windows\System\Ybkcpvo.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\RyRjpQk.exe
  C:\Windows\System\RyRjpQk.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\VEsszQr.exe
  C:\Windows\System\VEsszQr.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\qKEUphv.exe
  C:\Windows\System\qKEUphv.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\NUxJNnB.exe
  C:\Windows\System\NUxJNnB.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\quaWgHh.exe
  C:\Windows\System\quaWgHh.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\XzVMTZC.exe
  C:\Windows\System\XzVMTZC.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\pIkvnKL.exe
  C:\Windows\System\pIkvnKL.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\uLHjicI.exe
  C:\Windows\System\uLHjicI.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\QtLfpvE.exe
  C:\Windows\System\QtLfpvE.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\bPXsSks.exe
  C:\Windows\System\bPXsSks.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\KGtTjvj.exe
  C:\Windows\System\KGtTjvj.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\fhtsnFC.exe
  C:\Windows\System\fhtsnFC.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\bubrnmJ.exe
  C:\Windows\System\bubrnmJ.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\EyUgcLY.exe
  C:\Windows\System\EyUgcLY.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\FGsIONl.exe
  C:\Windows\System\FGsIONl.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\bsloAoY.exe
  C:\Windows\System\bsloAoY.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\xiButDm.exe
  C:\Windows\System\xiButDm.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\ykhstyd.exe
  C:\Windows\System\ykhstyd.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\BeBOlAa.exe
  C:\Windows\System\BeBOlAa.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\TssHwkK.exe
  C:\Windows\System\TssHwkK.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\FoNOLSZ.exe
  C:\Windows\System\FoNOLSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\YLOiUuE.exe
  C:\Windows\System\YLOiUuE.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\rxgjaWW.exe
  C:\Windows\System\rxgjaWW.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\nPMFcPP.exe
  C:\Windows\System\nPMFcPP.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\oWAuExR.exe
  C:\Windows\System\oWAuExR.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\uGHVEjS.exe
  C:\Windows\System\uGHVEjS.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\KqFmEyS.exe
  C:\Windows\System\KqFmEyS.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\rdRPTWd.exe
  C:\Windows\System\rdRPTWd.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\fwpaaFn.exe
  C:\Windows\System\fwpaaFn.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\QfOIpvj.exe
  C:\Windows\System\QfOIpvj.exe
  2⤵
  PID:1248
- C:\Windows\System\bPHMChO.exe
  C:\Windows\System\bPHMChO.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\RxkwvQA.exe
  C:\Windows\System\RxkwvQA.exe
  2⤵
  PID:1580
- C:\Windows\System\BPNeaTw.exe
  C:\Windows\System\BPNeaTw.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\GuaLlYK.exe
  C:\Windows\System\GuaLlYK.exe
  2⤵
  PID:3044
- C:\Windows\System\dvEgrPo.exe
  C:\Windows\System\dvEgrPo.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\efMyAGA.exe
  C:\Windows\System\efMyAGA.exe
  2⤵
  PID:2688
- C:\Windows\System\EduRaee.exe
  C:\Windows\System\EduRaee.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\rxEkazA.exe
  C:\Windows\System\rxEkazA.exe
  2⤵
  PID:2840
- C:\Windows\System\GzTaqAc.exe
  C:\Windows\System\GzTaqAc.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\uPweudw.exe
  C:\Windows\System\uPweudw.exe
  2⤵
  PID:2988
- C:\Windows\System\iUXsfxt.exe
  C:\Windows\System\iUXsfxt.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\innYhvu.exe
  C:\Windows\System\innYhvu.exe
  2⤵
  PID:1204
- C:\Windows\System\sAlwdnA.exe
  C:\Windows\System\sAlwdnA.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\tCtPyxF.exe
  C:\Windows\System\tCtPyxF.exe
  2⤵
  PID:2372
- C:\Windows\System\ZxeCBOB.exe
  C:\Windows\System\ZxeCBOB.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\UHdZiTb.exe
  C:\Windows\System\UHdZiTb.exe
  2⤵
  PID:636
- C:\Windows\System\kCmFVJn.exe
  C:\Windows\System\kCmFVJn.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\jlOUMKR.exe
  C:\Windows\System\jlOUMKR.exe
  2⤵
  PID:1244
- C:\Windows\System\ZmBvqQu.exe
  C:\Windows\System\ZmBvqQu.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\PfUAfBe.exe
  C:\Windows\System\PfUAfBe.exe
  2⤵
  PID:1876
- C:\Windows\System\FHICMQa.exe
  C:\Windows\System\FHICMQa.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\qwAoArT.exe
  C:\Windows\System\qwAoArT.exe
  2⤵
  PID:884
- C:\Windows\System\dMMCKwF.exe
  C:\Windows\System\dMMCKwF.exe
  2⤵
  PID:1068
- C:\Windows\System\yhjZNXd.exe
  C:\Windows\System\yhjZNXd.exe
  2⤵
  PID:660
- C:\Windows\System\IZGAsuy.exe
  C:\Windows\System\IZGAsuy.exe
  2⤵
  PID:2056
- C:\Windows\System\yzFoutJ.exe
  C:\Windows\System\yzFoutJ.exe
  2⤵
  PID:2100
- C:\Windows\System\WViMkxl.exe
  C:\Windows\System\WViMkxl.exe
  2⤵
  PID:1556
- C:\Windows\System\HsvbgmR.exe
  C:\Windows\System\HsvbgmR.exe
  2⤵
  PID:2968
- C:\Windows\System\kawrNDk.exe
  C:\Windows\System\kawrNDk.exe
  2⤵
  PID:2736
- C:\Windows\System\tOUNxws.exe
  C:\Windows\System\tOUNxws.exe
  2⤵
  PID:1768
- C:\Windows\System\vZDJpCK.exe
  C:\Windows\System\vZDJpCK.exe
  2⤵
  PID:1748
- C:\Windows\System\jnlrppR.exe
  C:\Windows\System\jnlrppR.exe
  2⤵
  PID:2256
- C:\Windows\System\VkMuXBA.exe
  C:\Windows\System\VkMuXBA.exe
  2⤵
  PID:1900
- C:\Windows\System\jTYnERR.exe
  C:\Windows\System\jTYnERR.exe
  2⤵
  PID:2972
- C:\Windows\System\OqqWDWp.exe
  C:\Windows\System\OqqWDWp.exe
  2⤵
  PID:2004
- C:\Windows\System\gDbuWsq.exe
  C:\Windows\System\gDbuWsq.exe
  2⤵
  PID:2644
- C:\Windows\System\ymguigU.exe
  C:\Windows\System\ymguigU.exe
  2⤵
  PID:1644
- C:\Windows\System\SwhSdzf.exe
  C:\Windows\System\SwhSdzf.exe
  2⤵
  PID:832
- C:\Windows\System\OSonjYG.exe
  C:\Windows\System\OSonjYG.exe
  2⤵
  PID:2924
- C:\Windows\System\fdrrCcF.exe
  C:\Windows\System\fdrrCcF.exe
  2⤵
  PID:2088
- C:\Windows\System\JuXlepA.exe
  C:\Windows\System\JuXlepA.exe
  2⤵
  PID:2172
- C:\Windows\System\TrAIpsK.exe
  C:\Windows\System\TrAIpsK.exe
  2⤵
  PID:1416
- C:\Windows\System\oTomuDS.exe
  C:\Windows\System\oTomuDS.exe
  2⤵
  PID:2664
- C:\Windows\System\RjflXDT.exe
  C:\Windows\System\RjflXDT.exe
  2⤵
  PID:2852
- C:\Windows\System\cKDTrED.exe
  C:\Windows\System\cKDTrED.exe
  2⤵
  PID:1668
- C:\Windows\System\HaWXelK.exe
  C:\Windows\System\HaWXelK.exe
  2⤵
  PID:2176
- C:\Windows\System\naQuFdZ.exe
  C:\Windows\System\naQuFdZ.exe
  2⤵
  PID:1924
- C:\Windows\System\MIAUpMe.exe
  C:\Windows\System\MIAUpMe.exe
  2⤵
  PID:2448
- C:\Windows\System\JkUukNE.exe
  C:\Windows\System\JkUukNE.exe
  2⤵
  PID:3076
- C:\Windows\System\irJDpKO.exe
  C:\Windows\System\irJDpKO.exe
  2⤵
  PID:3092
- C:\Windows\System\tKfSxxi.exe
  C:\Windows\System\tKfSxxi.exe
  2⤵
  PID:3116
- C:\Windows\System\TXHaciD.exe
  C:\Windows\System\TXHaciD.exe
  2⤵
  PID:3140
- C:\Windows\System\WDZOSEE.exe
  C:\Windows\System\WDZOSEE.exe
  2⤵
  PID:3160
- C:\Windows\System\mLtBFBT.exe
  C:\Windows\System\mLtBFBT.exe
  2⤵
  PID:3176
- C:\Windows\System\iQCEtnv.exe
  C:\Windows\System\iQCEtnv.exe
  2⤵
  PID:3204
- C:\Windows\System\jAZOUtT.exe
  C:\Windows\System\jAZOUtT.exe
  2⤵
  PID:3224
- C:\Windows\System\pOHEtAt.exe
  C:\Windows\System\pOHEtAt.exe
  2⤵
  PID:3256
- C:\Windows\System\DhLWZOa.exe
  C:\Windows\System\DhLWZOa.exe
  2⤵
  PID:3276
- C:\Windows\System\ERXCHmk.exe
  C:\Windows\System\ERXCHmk.exe
  2⤵
  PID:3296
- C:\Windows\System\CDkJmIE.exe
  C:\Windows\System\CDkJmIE.exe
  2⤵
  PID:3316
- C:\Windows\System\VVhvjmP.exe
  C:\Windows\System\VVhvjmP.exe
  2⤵
  PID:3336
- C:\Windows\System\FYSCXtw.exe
  C:\Windows\System\FYSCXtw.exe
  2⤵
  PID:3360
- C:\Windows\System\ggKvDds.exe
  C:\Windows\System\ggKvDds.exe
  2⤵
  PID:3380
- C:\Windows\System\QtPNNtd.exe
  C:\Windows\System\QtPNNtd.exe
  2⤵
  PID:3396
- C:\Windows\System\AKiJLfn.exe
  C:\Windows\System\AKiJLfn.exe
  2⤵
  PID:3416
- C:\Windows\System\mFACtrh.exe
  C:\Windows\System\mFACtrh.exe
  2⤵
  PID:3436
- C:\Windows\System\hUmFBUF.exe
  C:\Windows\System\hUmFBUF.exe
  2⤵
  PID:3456
- C:\Windows\System\DvGdOnw.exe
  C:\Windows\System\DvGdOnw.exe
  2⤵
  PID:3472
- C:\Windows\System\lWpHmxq.exe
  C:\Windows\System\lWpHmxq.exe
  2⤵
  PID:3496
- C:\Windows\System\qcEjEdb.exe
  C:\Windows\System\qcEjEdb.exe
  2⤵
  PID:3520
- C:\Windows\System\QCcFNVe.exe
  C:\Windows\System\QCcFNVe.exe
  2⤵
  PID:3536
- C:\Windows\System\iIeDRos.exe
  C:\Windows\System\iIeDRos.exe
  2⤵
  PID:3560
- C:\Windows\System\oUgGHDX.exe
  C:\Windows\System\oUgGHDX.exe
  2⤵
  PID:3576
- C:\Windows\System\oxHoDUN.exe
  C:\Windows\System\oxHoDUN.exe
  2⤵
  PID:3596
- C:\Windows\System\syHUHtm.exe
  C:\Windows\System\syHUHtm.exe
  2⤵
  PID:3612
- C:\Windows\System\SrOMFIZ.exe
  C:\Windows\System\SrOMFIZ.exe
  2⤵
  PID:3632
- C:\Windows\System\xkyTENc.exe
  C:\Windows\System\xkyTENc.exe
  2⤵
  PID:3648
- C:\Windows\System\vOgbjVD.exe
  C:\Windows\System\vOgbjVD.exe
  2⤵
  PID:3672
- C:\Windows\System\BrkTXwS.exe
  C:\Windows\System\BrkTXwS.exe
  2⤵
  PID:3692
- C:\Windows\System\usTvikE.exe
  C:\Windows\System\usTvikE.exe
  2⤵
  PID:3708
- C:\Windows\System\IZOXnor.exe
  C:\Windows\System\IZOXnor.exe
  2⤵
  PID:3724
- C:\Windows\System\twlKUNP.exe
  C:\Windows\System\twlKUNP.exe
  2⤵
  PID:3744
- C:\Windows\System\gbnnHtv.exe
  C:\Windows\System\gbnnHtv.exe
  2⤵
  PID:3764
- C:\Windows\System\AJroPZG.exe
  C:\Windows\System\AJroPZG.exe
  2⤵
  PID:3784
- C:\Windows\System\uuoffnn.exe
  C:\Windows\System\uuoffnn.exe
  2⤵
  PID:3820
- C:\Windows\System\VNWGiim.exe
  C:\Windows\System\VNWGiim.exe
  2⤵
  PID:3836
- C:\Windows\System\JEUPHGK.exe
  C:\Windows\System\JEUPHGK.exe
  2⤵
  PID:3856
- C:\Windows\System\MYORhpB.exe
  C:\Windows\System\MYORhpB.exe
  2⤵
  PID:3876
- C:\Windows\System\XFTMaUd.exe
  C:\Windows\System\XFTMaUd.exe
  2⤵
  PID:3896
- C:\Windows\System\yTxKMkq.exe
  C:\Windows\System\yTxKMkq.exe
  2⤵
  PID:3912
- C:\Windows\System\LvrnqVz.exe
  C:\Windows\System\LvrnqVz.exe
  2⤵
  PID:3932
- C:\Windows\System\dxWlRwf.exe
  C:\Windows\System\dxWlRwf.exe
  2⤵
  PID:3952
- C:\Windows\System\NxAWigd.exe
  C:\Windows\System\NxAWigd.exe
  2⤵
  PID:3984
- C:\Windows\System\FFnNjPh.exe
  C:\Windows\System\FFnNjPh.exe
  2⤵
  PID:4000
- C:\Windows\System\gYBHnVe.exe
  C:\Windows\System\gYBHnVe.exe
  2⤵
  PID:4024
- C:\Windows\System\xhBmvXq.exe
  C:\Windows\System\xhBmvXq.exe
  2⤵
  PID:4044
- C:\Windows\System\WIDyZOS.exe
  C:\Windows\System\WIDyZOS.exe
  2⤵
  PID:4064
- C:\Windows\System\DXLPFGi.exe
  C:\Windows\System\DXLPFGi.exe
  2⤵
  PID:4088
- C:\Windows\System\iQTJTxE.exe
  C:\Windows\System\iQTJTxE.exe
  2⤵
  PID:2996
- C:\Windows\System\lyDVYym.exe
  C:\Windows\System\lyDVYym.exe
  2⤵
  PID:2220
- C:\Windows\System\aDaSvRI.exe
  C:\Windows\System\aDaSvRI.exe
  2⤵
  PID:2784
- C:\Windows\System\uGVCSwn.exe
  C:\Windows\System\uGVCSwn.exe
  2⤵
  PID:1948
- C:\Windows\System\MfmLZIi.exe
  C:\Windows\System\MfmLZIi.exe
  2⤵
  PID:2032
- C:\Windows\System\qNWiJQu.exe
  C:\Windows\System\qNWiJQu.exe
  2⤵
  PID:2160
- C:\Windows\System\RmKPWgP.exe
  C:\Windows\System\RmKPWgP.exe
  2⤵
  PID:2148
- C:\Windows\System\tfwUjnF.exe
  C:\Windows\System\tfwUjnF.exe
  2⤵
  PID:944
- C:\Windows\System\nQKEpjO.exe
  C:\Windows\System\nQKEpjO.exe
  2⤵
  PID:1592
- C:\Windows\System\MLRAfNR.exe
  C:\Windows\System\MLRAfNR.exe
  2⤵
  PID:2636
- C:\Windows\System\YObVdrf.exe
  C:\Windows\System\YObVdrf.exe
  2⤵
  PID:2320
- C:\Windows\System\aSvZqZI.exe
  C:\Windows\System\aSvZqZI.exe
  2⤵
  PID:2656
- C:\Windows\System\gLrEpfh.exe
  C:\Windows\System\gLrEpfh.exe
  2⤵
  PID:3128
- C:\Windows\System\DoTzMBR.exe
  C:\Windows\System\DoTzMBR.exe
  2⤵
  PID:3172
- C:\Windows\System\sowAHWJ.exe
  C:\Windows\System\sowAHWJ.exe
  2⤵
  PID:1504
- C:\Windows\System\TSyBlXk.exe
  C:\Windows\System\TSyBlXk.exe
  2⤵
  PID:3104
- C:\Windows\System\gwayeRB.exe
  C:\Windows\System\gwayeRB.exe
  2⤵
  PID:3268
- C:\Windows\System\pDvvjlR.exe
  C:\Windows\System\pDvvjlR.exe
  2⤵
  PID:868
- C:\Windows\System\PwfYaGf.exe
  C:\Windows\System\PwfYaGf.exe
  2⤵
  PID:3232
- C:\Windows\System\xFmOQGL.exe
  C:\Windows\System\xFmOQGL.exe
  2⤵
  PID:3248
- C:\Windows\System\UweYteY.exe
  C:\Windows\System\UweYteY.exe
  2⤵
  PID:3292
- C:\Windows\System\RsYagFD.exe
  C:\Windows\System\RsYagFD.exe
  2⤵
  PID:3352
- C:\Windows\System\mJSmdGG.exe
  C:\Windows\System\mJSmdGG.exe
  2⤵
  PID:3368
- C:\Windows\System\UrUohDJ.exe
  C:\Windows\System\UrUohDJ.exe
  2⤵
  PID:3464
- C:\Windows\System\LbXKwfN.exe
  C:\Windows\System\LbXKwfN.exe
  2⤵
  PID:3508
- C:\Windows\System\gZzlyvG.exe
  C:\Windows\System\gZzlyvG.exe
  2⤵
  PID:3408
- C:\Windows\System\pwIRotk.exe
  C:\Windows\System\pwIRotk.exe
  2⤵
  PID:3448
- C:\Windows\System\CzTIfoU.exe
  C:\Windows\System\CzTIfoU.exe
  2⤵
  PID:3548
- C:\Windows\System\GdMCsvG.exe
  C:\Windows\System\GdMCsvG.exe
  2⤵
  PID:3588
- C:\Windows\System\LCpmqHl.exe
  C:\Windows\System\LCpmqHl.exe
  2⤵
  PID:3568
- C:\Windows\System\snSqWae.exe
  C:\Windows\System\snSqWae.exe
  2⤵
  PID:3660
- C:\Windows\System\hFiiKyu.exe
  C:\Windows\System\hFiiKyu.exe
  2⤵
  PID:3604
- C:\Windows\System\xkEMRqK.exe
  C:\Windows\System\xkEMRqK.exe
  2⤵
  PID:3688
- C:\Windows\System\spgZGxS.exe
  C:\Windows\System\spgZGxS.exe
  2⤵
  PID:3644
- C:\Windows\System\idcooqJ.exe
  C:\Windows\System\idcooqJ.exe
  2⤵
  PID:3828
- C:\Windows\System\JcgHSdI.exe
  C:\Windows\System\JcgHSdI.exe
  2⤵
  PID:3804
- C:\Windows\System\gvoEvqz.exe
  C:\Windows\System\gvoEvqz.exe
  2⤵
  PID:3864
- C:\Windows\System\liBVFiq.exe
  C:\Windows\System\liBVFiq.exe
  2⤵
  PID:3908
- C:\Windows\System\NIFxOeO.exe
  C:\Windows\System\NIFxOeO.exe
  2⤵
  PID:3844
- C:\Windows\System\WfLUPGm.exe
  C:\Windows\System\WfLUPGm.exe
  2⤵
  PID:3960
- C:\Windows\System\VSeYolS.exe
  C:\Windows\System\VSeYolS.exe
  2⤵
  PID:3852
- C:\Windows\System\osQlobs.exe
  C:\Windows\System\osQlobs.exe
  2⤵
  PID:4032
- C:\Windows\System\HcFoydL.exe
  C:\Windows\System\HcFoydL.exe
  2⤵
  PID:4080
- C:\Windows\System\whrUeyt.exe
  C:\Windows\System\whrUeyt.exe
  2⤵
  PID:2212
- C:\Windows\System\OactFZc.exe
  C:\Windows\System\OactFZc.exe
  2⤵
  PID:3980
- C:\Windows\System\LTsPDai.exe
  C:\Windows\System\LTsPDai.exe
  2⤵
  PID:4056
- C:\Windows\System\XSyYrzq.exe
  C:\Windows\System\XSyYrzq.exe
  2⤵
  PID:1724
- C:\Windows\System\wrFuEfV.exe
  C:\Windows\System\wrFuEfV.exe
  2⤵
  PID:1868
- C:\Windows\System\biGPUKT.exe
  C:\Windows\System\biGPUKT.exe
  2⤵
  PID:2436
- C:\Windows\System\LvEBzfO.exe
  C:\Windows\System\LvEBzfO.exe
  2⤵
  PID:320
- C:\Windows\System\NJDpQAL.exe
  C:\Windows\System\NJDpQAL.exe
  2⤵
  PID:1628
- C:\Windows\System\fILveay.exe
  C:\Windows\System\fILveay.exe
  2⤵
  PID:3132
- C:\Windows\System\xNDKIzk.exe
  C:\Windows\System\xNDKIzk.exe
  2⤵
  PID:3184
- C:\Windows\System\xFdFGrG.exe
  C:\Windows\System\xFdFGrG.exe
  2⤵
  PID:3272
- C:\Windows\System\ivkvIjJ.exe
  C:\Windows\System\ivkvIjJ.exe
  2⤵
  PID:1104
- C:\Windows\System\kIPdGQO.exe
  C:\Windows\System\kIPdGQO.exe
  2⤵
  PID:3428
- C:\Windows\System\YApoBDf.exe
  C:\Windows\System\YApoBDf.exe
  2⤵
  PID:3148
- C:\Windows\System\dzMdBJE.exe
  C:\Windows\System\dzMdBJE.exe
  2⤵
  PID:3392
- C:\Windows\System\TpCMfky.exe
  C:\Windows\System\TpCMfky.exe
  2⤵
  PID:3032
- C:\Windows\System\QSiNnDB.exe
  C:\Windows\System\QSiNnDB.exe
  2⤵
  PID:3480
- C:\Windows\System\njUXNaa.exe
  C:\Windows\System\njUXNaa.exe
  2⤵
  PID:3624
- C:\Windows\System\BlUkrqZ.exe
  C:\Windows\System\BlUkrqZ.exe
  2⤵
  PID:3664
- C:\Windows\System\SPivMoa.exe
  C:\Windows\System\SPivMoa.exe
  2⤵
  PID:3584
- C:\Windows\System\lcYNWqP.exe
  C:\Windows\System\lcYNWqP.exe
  2⤵
  PID:3772
- C:\Windows\System\CiQHsRx.exe
  C:\Windows\System\CiQHsRx.exe
  2⤵
  PID:3892
- C:\Windows\System\nTCFyTm.exe
  C:\Windows\System\nTCFyTm.exe
  2⤵
  PID:3968
- C:\Windows\System\cAfwWlV.exe
  C:\Windows\System\cAfwWlV.exe
  2⤵
  PID:3716
- C:\Windows\System\UvKjNip.exe
  C:\Windows\System\UvKjNip.exe
  2⤵
  PID:3976
- C:\Windows\System\DxNgeTz.exe
  C:\Windows\System\DxNgeTz.exe
  2⤵
  PID:2624
- C:\Windows\System\lEQodYp.exe
  C:\Windows\System\lEQodYp.exe
  2⤵
  PID:1064
- C:\Windows\System\zRxkjIY.exe
  C:\Windows\System\zRxkjIY.exe
  2⤵
  PID:3188
- C:\Windows\System\sbZolVw.exe
  C:\Windows\System\sbZolVw.exe
  2⤵
  PID:3776
- C:\Windows\System\VEnpgzd.exe
  C:\Windows\System\VEnpgzd.exe
  2⤵
  PID:1468
- C:\Windows\System\sIakuNE.exe
  C:\Windows\System\sIakuNE.exe
  2⤵
  PID:2344
- C:\Windows\System\kjqBLsi.exe
  C:\Windows\System\kjqBLsi.exe
  2⤵
  PID:1996
- C:\Windows\System\ZgkTAmw.exe
  C:\Windows\System\ZgkTAmw.exe
  2⤵
  PID:3196
- C:\Windows\System\ZksXsvx.exe
  C:\Windows\System\ZksXsvx.exe
  2⤵
  PID:3432
- C:\Windows\System\JuvNYrn.exe
  C:\Windows\System\JuvNYrn.exe
  2⤵
  PID:4104
- C:\Windows\System\vDkhjEZ.exe
  C:\Windows\System\vDkhjEZ.exe
  2⤵
  PID:4124
- C:\Windows\System\xievFee.exe
  C:\Windows\System\xievFee.exe
  2⤵
  PID:4140
- C:\Windows\System\uZIBNJJ.exe
  C:\Windows\System\uZIBNJJ.exe
  2⤵
  PID:4160
- C:\Windows\System\svaVUvv.exe
  C:\Windows\System\svaVUvv.exe
  2⤵
  PID:4176
- C:\Windows\System\WJSzRed.exe
  C:\Windows\System\WJSzRed.exe
  2⤵
  PID:4192
- C:\Windows\System\OCsEgEI.exe
  C:\Windows\System\OCsEgEI.exe
  2⤵
  PID:4216
- C:\Windows\System\oFkCqVi.exe
  C:\Windows\System\oFkCqVi.exe
  2⤵
  PID:4232
- C:\Windows\System\xDoduhC.exe
  C:\Windows\System\xDoduhC.exe
  2⤵
  PID:4280
- C:\Windows\System\ujRjSBK.exe
  C:\Windows\System\ujRjSBK.exe
  2⤵
  PID:4296
- C:\Windows\System\WSvsYPP.exe
  C:\Windows\System\WSvsYPP.exe
  2⤵
  PID:4316
- C:\Windows\System\ZjaWFZg.exe
  C:\Windows\System\ZjaWFZg.exe
  2⤵
  PID:4332
- C:\Windows\System\CTQUeFD.exe
  C:\Windows\System\CTQUeFD.exe
  2⤵
  PID:4352
- C:\Windows\System\dMtpUyI.exe
  C:\Windows\System\dMtpUyI.exe
  2⤵
  PID:4372
- C:\Windows\System\qPcKVhz.exe
  C:\Windows\System\qPcKVhz.exe
  2⤵
  PID:4388
- C:\Windows\System\NWZWHgA.exe
  C:\Windows\System\NWZWHgA.exe
  2⤵
  PID:4424
- C:\Windows\System\VpXCEGj.exe
  C:\Windows\System\VpXCEGj.exe
  2⤵
  PID:4444
- C:\Windows\System\TodChyv.exe
  C:\Windows\System\TodChyv.exe
  2⤵
  PID:4464
- C:\Windows\System\SHevuqr.exe
  C:\Windows\System\SHevuqr.exe
  2⤵
  PID:4480
- C:\Windows\System\QKFvzAk.exe
  C:\Windows\System\QKFvzAk.exe
  2⤵
  PID:4500
- C:\Windows\System\OPoGdVQ.exe
  C:\Windows\System\OPoGdVQ.exe
  2⤵
  PID:4520
- C:\Windows\System\oNOyhZs.exe
  C:\Windows\System\oNOyhZs.exe
  2⤵
  PID:4540
- C:\Windows\System\TqRISNr.exe
  C:\Windows\System\TqRISNr.exe
  2⤵
  PID:4560
- C:\Windows\System\xhHHIOX.exe
  C:\Windows\System\xhHHIOX.exe
  2⤵
  PID:4580
- C:\Windows\System\CiDnyQn.exe
  C:\Windows\System\CiDnyQn.exe
  2⤵
  PID:4604
- C:\Windows\System\tLmsVWu.exe
  C:\Windows\System\tLmsVWu.exe
  2⤵
  PID:4620
- C:\Windows\System\KuiBJXT.exe
  C:\Windows\System\KuiBJXT.exe
  2⤵
  PID:4644
- C:\Windows\System\cJWsRKo.exe
  C:\Windows\System\cJWsRKo.exe
  2⤵
  PID:4664
- C:\Windows\System\WtrYnob.exe
  C:\Windows\System\WtrYnob.exe
  2⤵
  PID:4680
- C:\Windows\System\ylOnvsb.exe
  C:\Windows\System\ylOnvsb.exe
  2⤵
  PID:4704
- C:\Windows\System\EKizuDA.exe
  C:\Windows\System\EKizuDA.exe
  2⤵
  PID:4728
- C:\Windows\System\NNuxSdG.exe
  C:\Windows\System\NNuxSdG.exe
  2⤵
  PID:4744
- C:\Windows\System\eFSMKkH.exe
  C:\Windows\System\eFSMKkH.exe
  2⤵
  PID:4760
- C:\Windows\System\hmmmgPX.exe
  C:\Windows\System\hmmmgPX.exe
  2⤵
  PID:4784
- C:\Windows\System\dUskDDL.exe
  C:\Windows\System\dUskDDL.exe
  2⤵
  PID:4808
- C:\Windows\System\sEEyHcp.exe
  C:\Windows\System\sEEyHcp.exe
  2⤵
  PID:4824
- C:\Windows\System\nNwIeQe.exe
  C:\Windows\System\nNwIeQe.exe
  2⤵
  PID:4856
- C:\Windows\System\YNcFJwY.exe
  C:\Windows\System\YNcFJwY.exe
  2⤵
  PID:4876
- C:\Windows\System\MqBYmql.exe
  C:\Windows\System\MqBYmql.exe
  2⤵
  PID:4896
- C:\Windows\System\fSsejHm.exe
  C:\Windows\System\fSsejHm.exe
  2⤵
  PID:4916
- C:\Windows\System\yNpwIFa.exe
  C:\Windows\System\yNpwIFa.exe
  2⤵
  PID:4936
- C:\Windows\System\wMhqMaM.exe
  C:\Windows\System\wMhqMaM.exe
  2⤵
  PID:4952
- C:\Windows\System\Xdsebwb.exe
  C:\Windows\System\Xdsebwb.exe
  2⤵
  PID:4972
- C:\Windows\System\LsbWtpm.exe
  C:\Windows\System\LsbWtpm.exe
  2⤵
  PID:4992
- C:\Windows\System\KpEeJUK.exe
  C:\Windows\System\KpEeJUK.exe
  2⤵
  PID:5008
- C:\Windows\System\TdWSTbX.exe
  C:\Windows\System\TdWSTbX.exe
  2⤵
  PID:5028
- C:\Windows\System\talNzki.exe
  C:\Windows\System\talNzki.exe
  2⤵
  PID:5048
- C:\Windows\System\mWWUGbZ.exe
  C:\Windows\System\mWWUGbZ.exe
  2⤵
  PID:5068
- C:\Windows\System\dzsDgxG.exe
  C:\Windows\System\dzsDgxG.exe
  2⤵
  PID:5092
- C:\Windows\System\xVeHoWN.exe
  C:\Windows\System\xVeHoWN.exe
  2⤵
  PID:5112
- C:\Windows\System\YpodSYZ.exe
  C:\Windows\System\YpodSYZ.exe
  2⤵
  PID:3704
- C:\Windows\System\QxmyWJd.exe
  C:\Windows\System\QxmyWJd.exe
  2⤵
  PID:3668
- C:\Windows\System\mnPAjzH.exe
  C:\Windows\System\mnPAjzH.exe
  2⤵
  PID:2616
- C:\Windows\System\zmBzlDG.exe
  C:\Windows\System\zmBzlDG.exe
  2⤵
  PID:3544
- C:\Windows\System\OryTJlO.exe
  C:\Windows\System\OryTJlO.exe
  2⤵
  PID:3492
- C:\Windows\System\XUGrzoo.exe
  C:\Windows\System\XUGrzoo.exe
  2⤵
  PID:4012
- C:\Windows\System\aqKGPQz.exe
  C:\Windows\System\aqKGPQz.exe
  2⤵
  PID:3816
- C:\Windows\System\BLExBQf.exe
  C:\Windows\System\BLExBQf.exe
  2⤵
  PID:3084
- C:\Windows\System\ElRrlZX.exe
  C:\Windows\System\ElRrlZX.exe
  2⤵
  PID:4136
- C:\Windows\System\uSxzktq.exe
  C:\Windows\System\uSxzktq.exe
  2⤵
  PID:3620
- C:\Windows\System\amUSMoL.exe
  C:\Windows\System\amUSMoL.exe
  2⤵
  PID:3656
- C:\Windows\System\yUuKIUH.exe
  C:\Windows\System\yUuKIUH.exe
  2⤵
  PID:4052
- C:\Windows\System\ehNJCgz.exe
  C:\Windows\System\ehNJCgz.exe
  2⤵
  PID:4200
- C:\Windows\System\sCXsjOB.exe
  C:\Windows\System\sCXsjOB.exe
  2⤵
  PID:3308
- C:\Windows\System\LELDpyv.exe
  C:\Windows\System\LELDpyv.exe
  2⤵
  PID:4152
- C:\Windows\System\VsRWFiT.exe
  C:\Windows\System\VsRWFiT.exe
  2⤵
  PID:3884
- C:\Windows\System\YLfnrbg.exe
  C:\Windows\System\YLfnrbg.exe
  2⤵
  PID:4120
- C:\Windows\System\boyUMNk.exe
  C:\Windows\System\boyUMNk.exe
  2⤵
  PID:2192
- C:\Windows\System\wEDBkzp.exe
  C:\Windows\System\wEDBkzp.exe
  2⤵
  PID:2772
- C:\Windows\System\jrEfwRs.exe
  C:\Windows\System\jrEfwRs.exe
  2⤵
  PID:4256
- C:\Windows\System\XBJMpfQ.exe
  C:\Windows\System\XBJMpfQ.exe
  2⤵
  PID:4272
- C:\Windows\System\QHDJtuI.exe
  C:\Windows\System\QHDJtuI.exe
  2⤵
  PID:4344
- C:\Windows\System\yUPUVij.exe
  C:\Windows\System\yUPUVij.exe
  2⤵
  PID:4288
- C:\Windows\System\qzUAZBI.exe
  C:\Windows\System\qzUAZBI.exe
  2⤵
  PID:4396
- C:\Windows\System\qJgqSyu.exe
  C:\Windows\System\qJgqSyu.exe
  2⤵
  PID:4412
- C:\Windows\System\KSelUnx.exe
  C:\Windows\System\KSelUnx.exe
  2⤵
  PID:4432
- C:\Windows\System\aOfUdOF.exe
  C:\Windows\System\aOfUdOF.exe
  2⤵
  PID:4476
- C:\Windows\System\rkIjsKa.exe
  C:\Windows\System\rkIjsKa.exe
  2⤵
  PID:4488
- C:\Windows\System\WPFnkhY.exe
  C:\Windows\System\WPFnkhY.exe
  2⤵
  PID:4492
- C:\Windows\System\ysIchji.exe
  C:\Windows\System\ysIchji.exe
  2⤵
  PID:4556
- C:\Windows\System\mfUaXeD.exe
  C:\Windows\System\mfUaXeD.exe
  2⤵
  PID:4552
- C:\Windows\System\SDVeCjP.exe
  C:\Windows\System\SDVeCjP.exe
  2⤵
  PID:4632
- C:\Windows\System\LQFFdyA.exe
  C:\Windows\System\LQFFdyA.exe
  2⤵
  PID:4672
- C:\Windows\System\ijPUZqM.exe
  C:\Windows\System\ijPUZqM.exe
  2⤵
  PID:4716
- C:\Windows\System\CfSFHMe.exe
  C:\Windows\System\CfSFHMe.exe
  2⤵
  PID:4752
- C:\Windows\System\MFZXdXX.exe
  C:\Windows\System\MFZXdXX.exe
  2⤵
  PID:4792
- C:\Windows\System\pDVjKWc.exe
  C:\Windows\System\pDVjKWc.exe
  2⤵
  PID:4796
- C:\Windows\System\cQHNowU.exe
  C:\Windows\System\cQHNowU.exe
  2⤵
  PID:4776
- C:\Windows\System\nZWxMAB.exe
  C:\Windows\System\nZWxMAB.exe
  2⤵
  PID:4840
- C:\Windows\System\UkbneDE.exe
  C:\Windows\System\UkbneDE.exe
  2⤵
  PID:4884
- C:\Windows\System\WSDIXvs.exe
  C:\Windows\System\WSDIXvs.exe
  2⤵
  PID:4888
- C:\Windows\System\DLuTAPA.exe
  C:\Windows\System\DLuTAPA.exe
  2⤵
  PID:4928
- C:\Windows\System\OzZxRsC.exe
  C:\Windows\System\OzZxRsC.exe
  2⤵
  PID:4968
- C:\Windows\System\vLKHQdM.exe
  C:\Windows\System\vLKHQdM.exe
  2⤵
  PID:5044
- C:\Windows\System\jidvrRJ.exe
  C:\Windows\System\jidvrRJ.exe
  2⤵
  PID:3288
- C:\Windows\System\cxaWynA.exe
  C:\Windows\System\cxaWynA.exe
  2⤵
  PID:3684
- C:\Windows\System\JKwcFjW.exe
  C:\Windows\System\JKwcFjW.exe
  2⤵
  PID:2740
- C:\Windows\System\GZnOWoR.exe
  C:\Windows\System\GZnOWoR.exe
  2⤵
  PID:4264
- C:\Windows\System\SlhztSe.exe
  C:\Windows\System\SlhztSe.exe
  2⤵
  PID:4908
- C:\Windows\System\ZlfRnDQ.exe
  C:\Windows\System\ZlfRnDQ.exe
  2⤵
  PID:4324
- C:\Windows\System\jdWgbET.exe
  C:\Windows\System\jdWgbET.exe
  2⤵
  PID:4508
- C:\Windows\System\FlfuBih.exe
  C:\Windows\System\FlfuBih.exe
  2⤵
  PID:4612
- C:\Windows\System\QDKBkbS.exe
  C:\Windows\System\QDKBkbS.exe
  2⤵
  PID:2864
- C:\Windows\System\CELoyVz.exe
  C:\Windows\System\CELoyVz.exe
  2⤵
  PID:4988
- C:\Windows\System\pEkiwdQ.exe
  C:\Windows\System\pEkiwdQ.exe
  2⤵
  PID:2892
- C:\Windows\System\RwXBpeh.exe
  C:\Windows\System\RwXBpeh.exe
  2⤵
  PID:5108
- C:\Windows\System\HbWBCKJ.exe
  C:\Windows\System\HbWBCKJ.exe
  2⤵
  PID:3608
- C:\Windows\System\WqUvuQe.exe
  C:\Windows\System\WqUvuQe.exe
  2⤵
  PID:4892
- C:\Windows\System\kwDtfKo.exe
  C:\Windows\System\kwDtfKo.exe
  2⤵
  PID:4872
- C:\Windows\System\fqAfSgI.exe
  C:\Windows\System\fqAfSgI.exe
  2⤵
  PID:4076
- C:\Windows\System\eRYpwdm.exe
  C:\Windows\System\eRYpwdm.exe
  2⤵
  PID:4312
- C:\Windows\System\POizVFq.exe
  C:\Windows\System\POizVFq.exe
  2⤵
  PID:4720
- C:\Windows\System\YcoNidS.exe
  C:\Windows\System\YcoNidS.exe
  2⤵
  PID:4912
- C:\Windows\System\zdNzSVl.exe
  C:\Windows\System\zdNzSVl.exe
  2⤵
  PID:4208
- C:\Windows\System\TnpDNMG.exe
  C:\Windows\System\TnpDNMG.exe
  2⤵
  PID:4768
- C:\Windows\System\lsnHFOq.exe
  C:\Windows\System\lsnHFOq.exe
  2⤵
  PID:4676
- C:\Windows\System\SFzgmBj.exe
  C:\Windows\System\SFzgmBj.exe
  2⤵
  PID:4512
- C:\Windows\System\jpmUftD.exe
  C:\Windows\System\jpmUftD.exe
  2⤵
  PID:4364
- C:\Windows\System\LdLytwg.exe
  C:\Windows\System\LdLytwg.exe
  2⤵
  PID:896
- C:\Windows\System\gzhzuIE.exe
  C:\Windows\System\gzhzuIE.exe
  2⤵
  PID:5084
- C:\Windows\System\OqRYuWm.exe
  C:\Windows\System\OqRYuWm.exe
  2⤵
  PID:3220
- C:\Windows\System\GkspYxs.exe
  C:\Windows\System\GkspYxs.exe
  2⤵
  PID:3812
- C:\Windows\System\NnfnxMe.exe
  C:\Windows\System\NnfnxMe.exe
  2⤵
  PID:3868
- C:\Windows\System\DHvcmWd.exe
  C:\Windows\System\DHvcmWd.exe
  2⤵
  PID:4172
- C:\Windows\System\sIhZpha.exe
  C:\Windows\System\sIhZpha.exe
  2⤵
  PID:4380
- C:\Windows\System\pOFtPrz.exe
  C:\Windows\System\pOFtPrz.exe
  2⤵
  PID:1864
- C:\Windows\System\nYqSKLz.exe
  C:\Windows\System\nYqSKLz.exe
  2⤵
  PID:4984
- C:\Windows\System\okMGNLB.exe
  C:\Windows\System\okMGNLB.exe
  2⤵
  PID:4656
- C:\Windows\System\LDWxHRd.exe
  C:\Windows\System\LDWxHRd.exe
  2⤵
  PID:5056
- C:\Windows\System\CchTDtT.exe
  C:\Windows\System\CchTDtT.exe
  2⤵
  PID:5132
- C:\Windows\System\EAbRFYT.exe
  C:\Windows\System\EAbRFYT.exe
  2⤵
  PID:5152
- C:\Windows\System\DuNXsyR.exe
  C:\Windows\System\DuNXsyR.exe
  2⤵
  PID:5168
- C:\Windows\System\pGlqkXH.exe
  C:\Windows\System\pGlqkXH.exe
  2⤵
  PID:5192
- C:\Windows\System\kecSBLn.exe
  C:\Windows\System\kecSBLn.exe
  2⤵
  PID:5212
- C:\Windows\System\nTzBPqa.exe
  C:\Windows\System\nTzBPqa.exe
  2⤵
  PID:5236
- C:\Windows\System\tdFxnhx.exe
  C:\Windows\System\tdFxnhx.exe
  2⤵
  PID:5256
- C:\Windows\System\ZsjnBcm.exe
  C:\Windows\System\ZsjnBcm.exe
  2⤵
  PID:5272
- C:\Windows\System\gWUYoJo.exe
  C:\Windows\System\gWUYoJo.exe
  2⤵
  PID:5296
- C:\Windows\System\KtcWQYi.exe
  C:\Windows\System\KtcWQYi.exe
  2⤵
  PID:5320
- C:\Windows\System\vAmgsOt.exe
  C:\Windows\System\vAmgsOt.exe
  2⤵
  PID:5340
- C:\Windows\System\alMCPNg.exe
  C:\Windows\System\alMCPNg.exe
  2⤵
  PID:5360
- C:\Windows\System\edJyDAv.exe
  C:\Windows\System\edJyDAv.exe
  2⤵
  PID:5380
- C:\Windows\System\IhDJsDi.exe
  C:\Windows\System\IhDJsDi.exe
  2⤵
  PID:5400
- C:\Windows\System\DOJsTJk.exe
  C:\Windows\System\DOJsTJk.exe
  2⤵
  PID:5420
- C:\Windows\System\KzqGPXm.exe
  C:\Windows\System\KzqGPXm.exe
  2⤵
  PID:5440
- C:\Windows\System\AwIREoo.exe
  C:\Windows\System\AwIREoo.exe
  2⤵
  PID:5460
- C:\Windows\System\lfhCEYS.exe
  C:\Windows\System\lfhCEYS.exe
  2⤵
  PID:5480
- C:\Windows\System\LfIGFeT.exe
  C:\Windows\System\LfIGFeT.exe
  2⤵
  PID:5500
- C:\Windows\System\aqKGESx.exe
  C:\Windows\System\aqKGESx.exe
  2⤵
  PID:5520
- C:\Windows\System\kCvgBAu.exe
  C:\Windows\System\kCvgBAu.exe
  2⤵
  PID:5540
- C:\Windows\System\qzKXHHo.exe
  C:\Windows\System\qzKXHHo.exe
  2⤵
  PID:5560
- C:\Windows\System\AHhwHiR.exe
  C:\Windows\System\AHhwHiR.exe
  2⤵
  PID:5580
- C:\Windows\System\bKcrbTF.exe
  C:\Windows\System\bKcrbTF.exe
  2⤵
  PID:5600
- C:\Windows\System\uTJRDkA.exe
  C:\Windows\System\uTJRDkA.exe
  2⤵
  PID:5620
- C:\Windows\System\gieRNNt.exe
  C:\Windows\System\gieRNNt.exe
  2⤵
  PID:5640
- C:\Windows\System\JjFWYSG.exe
  C:\Windows\System\JjFWYSG.exe
  2⤵
  PID:5660
- C:\Windows\System\fVBjSLd.exe
  C:\Windows\System\fVBjSLd.exe
  2⤵
  PID:5680
- C:\Windows\System\wlXEfJA.exe
  C:\Windows\System\wlXEfJA.exe
  2⤵
  PID:5696
- C:\Windows\System\VZVKKkg.exe
  C:\Windows\System\VZVKKkg.exe
  2⤵
  PID:5720
- C:\Windows\System\tiJSSQu.exe
  C:\Windows\System\tiJSSQu.exe
  2⤵
  PID:5740
- C:\Windows\System\QlanmTz.exe
  C:\Windows\System\QlanmTz.exe
  2⤵
  PID:5760
- C:\Windows\System\fasTllC.exe
  C:\Windows\System\fasTllC.exe
  2⤵
  PID:5780
- C:\Windows\System\tSkwrEs.exe
  C:\Windows\System\tSkwrEs.exe
  2⤵
  PID:5800
- C:\Windows\System\hwJzQvS.exe
  C:\Windows\System\hwJzQvS.exe
  2⤵
  PID:5820
- C:\Windows\System\xpNGtbv.exe
  C:\Windows\System\xpNGtbv.exe
  2⤵
  PID:5840
- C:\Windows\System\TKERMES.exe
  C:\Windows\System\TKERMES.exe
  2⤵
  PID:5860
- C:\Windows\System\riEROch.exe
  C:\Windows\System\riEROch.exe
  2⤵
  PID:5880
- C:\Windows\System\qawUQSZ.exe
  C:\Windows\System\qawUQSZ.exe
  2⤵
  PID:5900
- C:\Windows\System\oxQBYUw.exe
  C:\Windows\System\oxQBYUw.exe
  2⤵
  PID:5920
- C:\Windows\System\pWczzas.exe
  C:\Windows\System\pWczzas.exe
  2⤵
  PID:5940
- C:\Windows\System\wtCRVby.exe
  C:\Windows\System\wtCRVby.exe
  2⤵
  PID:5960
- C:\Windows\System\AzyURfh.exe
  C:\Windows\System\AzyURfh.exe
  2⤵
  PID:5984
- C:\Windows\System\owbyFSH.exe
  C:\Windows\System\owbyFSH.exe
  2⤵
  PID:6004
- C:\Windows\System\JfohpwV.exe
  C:\Windows\System\JfohpwV.exe
  2⤵
  PID:6024
- C:\Windows\System\SCUozLY.exe
  C:\Windows\System\SCUozLY.exe
  2⤵
  PID:6044
- C:\Windows\System\dXkPkDi.exe
  C:\Windows\System\dXkPkDi.exe
  2⤵
  PID:6064
- C:\Windows\System\GEYGhej.exe
  C:\Windows\System\GEYGhej.exe
  2⤵
  PID:6084
- C:\Windows\System\swlGwQn.exe
  C:\Windows\System\swlGwQn.exe
  2⤵
  PID:6104
- C:\Windows\System\ASoerkY.exe
  C:\Windows\System\ASoerkY.exe
  2⤵
  PID:6124
- C:\Windows\System\ScRVJQe.exe
  C:\Windows\System\ScRVJQe.exe
  2⤵
  PID:4772
- C:\Windows\System\bvsxBOX.exe
  C:\Windows\System\bvsxBOX.exe
  2⤵
  PID:3156
- C:\Windows\System\IAQDQcQ.exe
  C:\Windows\System\IAQDQcQ.exe
  2⤵
  PID:3152
- C:\Windows\System\YOolrng.exe
  C:\Windows\System\YOolrng.exe
  2⤵
  PID:2260
- C:\Windows\System\OKXBBiZ.exe
  C:\Windows\System\OKXBBiZ.exe
  2⤵
  PID:4252
- C:\Windows\System\SBsVZwz.exe
  C:\Windows\System\SBsVZwz.exe
  2⤵
  PID:4016
- C:\Windows\System\VHDxYrw.exe
  C:\Windows\System\VHDxYrw.exe
  2⤵
  PID:4696
- C:\Windows\System\PZfovFh.exe
  C:\Windows\System\PZfovFh.exe
  2⤵
  PID:4688
- C:\Windows\System\vuxIcRG.exe
  C:\Windows\System\vuxIcRG.exe
  2⤵
  PID:4244
- C:\Windows\System\sLYKqNR.exe
  C:\Windows\System\sLYKqNR.exe
  2⤵
  PID:2268
- C:\Windows\System\pBBJGMj.exe
  C:\Windows\System\pBBJGMj.exe
  2⤵
  PID:608
- C:\Windows\System\vaUPTeF.exe
  C:\Windows\System\vaUPTeF.exe
  2⤵
  PID:1796
- C:\Windows\System\WTceRYF.exe
  C:\Windows\System\WTceRYF.exe
  2⤵
  PID:4148
- C:\Windows\System\vOOmCNB.exe
  C:\Windows\System\vOOmCNB.exe
  2⤵
  PID:4944
- C:\Windows\System\hfufHQZ.exe
  C:\Windows\System\hfufHQZ.exe
  2⤵
  PID:4576
- C:\Windows\System\lyptavR.exe
  C:\Windows\System\lyptavR.exe
  2⤵
  PID:2868
- C:\Windows\System\CTwhWUw.exe
  C:\Windows\System\CTwhWUw.exe
  2⤵
  PID:5144
- C:\Windows\System\wwWRqkC.exe
  C:\Windows\System\wwWRqkC.exe
  2⤵
  PID:5160
- C:\Windows\System\GyzaqMC.exe
  C:\Windows\System\GyzaqMC.exe
  2⤵
  PID:5208
- C:\Windows\System\eApluCq.exe
  C:\Windows\System\eApluCq.exe
  2⤵
  PID:5268
- C:\Windows\System\cIJUEjv.exe
  C:\Windows\System\cIJUEjv.exe
  2⤵
  PID:5284
- C:\Windows\System\rDfNWqT.exe
  C:\Windows\System\rDfNWqT.exe
  2⤵
  PID:5308
- C:\Windows\System\aoLcFaK.exe
  C:\Windows\System\aoLcFaK.exe
  2⤵
  PID:5332
- C:\Windows\System\oCBXcsx.exe
  C:\Windows\System\oCBXcsx.exe
  2⤵
  PID:5396
- C:\Windows\System\mwmCBKu.exe
  C:\Windows\System\mwmCBKu.exe
  2⤵
  PID:5436
- C:\Windows\System\AVvVdXi.exe
  C:\Windows\System\AVvVdXi.exe
  2⤵
  PID:5468
- C:\Windows\System\bLEDoVw.exe
  C:\Windows\System\bLEDoVw.exe
  2⤵
  PID:5508
- C:\Windows\System\epAxVtL.exe
  C:\Windows\System\epAxVtL.exe
  2⤵
  PID:5492
- C:\Windows\System\hNoNbCy.exe
  C:\Windows\System\hNoNbCy.exe
  2⤵
  PID:5536
- C:\Windows\System\mzEBpIK.exe
  C:\Windows\System\mzEBpIK.exe
  2⤵
  PID:5576
- C:\Windows\System\sxUNrhU.exe
  C:\Windows\System\sxUNrhU.exe
  2⤵
  PID:5628
- C:\Windows\System\pmjwCgn.exe
  C:\Windows\System\pmjwCgn.exe
  2⤵
  PID:5648
- C:\Windows\System\vZCzueL.exe
  C:\Windows\System\vZCzueL.exe
  2⤵
  PID:5672
- C:\Windows\System\QzkpVyf.exe
  C:\Windows\System\QzkpVyf.exe
  2⤵
  PID:5692
- C:\Windows\System\mkyEzfN.exe
  C:\Windows\System\mkyEzfN.exe
  2⤵
  PID:5736
- C:\Windows\System\pJXuCxR.exe
  C:\Windows\System\pJXuCxR.exe
  2⤵
  PID:5788
- C:\Windows\System\VzeJdJS.exe
  C:\Windows\System\VzeJdJS.exe
  2⤵
  PID:5816
- C:\Windows\System\SrnwEEI.exe
  C:\Windows\System\SrnwEEI.exe
  2⤵
  PID:5868
- C:\Windows\System\fqmbSan.exe
  C:\Windows\System\fqmbSan.exe
  2⤵
  PID:5872
- C:\Windows\System\jzLwFhy.exe
  C:\Windows\System\jzLwFhy.exe
  2⤵
  PID:5916
- C:\Windows\System\bORwmwq.exe
  C:\Windows\System\bORwmwq.exe
  2⤵
  PID:5936
- C:\Windows\System\FFqzCQk.exe
  C:\Windows\System\FFqzCQk.exe
  2⤵
  PID:5980
- C:\Windows\System\nwHIycM.exe
  C:\Windows\System\nwHIycM.exe
  2⤵
  PID:1960
- C:\Windows\System\PqgZBjK.exe
  C:\Windows\System\PqgZBjK.exe
  2⤵
  PID:6020
- C:\Windows\System\jrKOwPd.exe
  C:\Windows\System\jrKOwPd.exe
  2⤵
  PID:6056
- C:\Windows\System\lbUfgrS.exe
  C:\Windows\System\lbUfgrS.exe
  2⤵
  PID:6100
- C:\Windows\System\KSpvdvx.exe
  C:\Windows\System\KSpvdvx.exe
  2⤵
  PID:4820
- C:\Windows\System\NENaXcf.exe
  C:\Windows\System\NENaXcf.exe
  2⤵
  PID:2596
- C:\Windows\System\AeQVCrn.exe
  C:\Windows\System\AeQVCrn.exe
  2⤵
  PID:3124
- C:\Windows\System\MNPqhwY.exe
  C:\Windows\System\MNPqhwY.exe
  2⤵
  PID:4712
- C:\Windows\System\ugXSnjL.exe
  C:\Windows\System\ugXSnjL.exe
  2⤵
  PID:4548
- C:\Windows\System\KMKdmmi.exe
  C:\Windows\System\KMKdmmi.exe
  2⤵
  PID:4304
- C:\Windows\System\TWHRpdv.exe
  C:\Windows\System\TWHRpdv.exe
  2⤵
  PID:4132
- C:\Windows\System\iRIjmNG.exe
  C:\Windows\System\iRIjmNG.exe
  2⤵
  PID:2396
- C:\Windows\System\IPigikV.exe
  C:\Windows\System\IPigikV.exe
  2⤵
  PID:4536
- C:\Windows\System\eINnLKb.exe
  C:\Windows\System\eINnLKb.exe
  2⤵
  PID:5140
- C:\Windows\System\lKQMkzZ.exe
  C:\Windows\System\lKQMkzZ.exe
  2⤵
  PID:5124
- C:\Windows\System\UIZQeRd.exe
  C:\Windows\System\UIZQeRd.exe
  2⤵
  PID:5220
- C:\Windows\System\EJKFiiz.exe
  C:\Windows\System\EJKFiiz.exe
  2⤵
  PID:5280
- C:\Windows\System\GScKaps.exe
  C:\Windows\System\GScKaps.exe
  2⤵
  PID:5356
- C:\Windows\System\wxoVXrG.exe
  C:\Windows\System\wxoVXrG.exe
  2⤵
  PID:5368
- C:\Windows\System\TLMjlbL.exe
  C:\Windows\System\TLMjlbL.exe
  2⤵
  PID:5448
- C:\Windows\System\UGJtMsQ.exe
  C:\Windows\System\UGJtMsQ.exe
  2⤵
  PID:5472
- C:\Windows\System\qlyfYKN.exe
  C:\Windows\System\qlyfYKN.exe
  2⤵
  PID:5552
- C:\Windows\System\xQHCjqf.exe
  C:\Windows\System\xQHCjqf.exe
  2⤵
  PID:5596
- C:\Windows\System\lqzEfys.exe
  C:\Windows\System\lqzEfys.exe
  2⤵
  PID:5612
- C:\Windows\System\SohrYPV.exe
  C:\Windows\System\SohrYPV.exe
  2⤵
  PID:5676
- C:\Windows\System\DNEwisX.exe
  C:\Windows\System\DNEwisX.exe
  2⤵
  PID:5748
- C:\Windows\System\SvisPzK.exe
  C:\Windows\System\SvisPzK.exe
  2⤵
  PID:5808
- C:\Windows\System\UbvmGCj.exe
  C:\Windows\System\UbvmGCj.exe
  2⤵
  PID:5852
- C:\Windows\System\sUfJhhu.exe
  C:\Windows\System\sUfJhhu.exe
  2⤵
  PID:5928
- C:\Windows\System\fQRnlpV.exe
  C:\Windows\System\fQRnlpV.exe
  2⤵
  PID:5948
- C:\Windows\System\FdvlsQt.exe
  C:\Windows\System\FdvlsQt.exe
  2⤵
  PID:5996
- C:\Windows\System\wrNBSQN.exe
  C:\Windows\System\wrNBSQN.exe
  2⤵
  PID:6112
- C:\Windows\System\OYwnBsH.exe
  C:\Windows\System\OYwnBsH.exe
  2⤵
  PID:6120
- C:\Windows\System\iGCLJNu.exe
  C:\Windows\System\iGCLJNu.exe
  2⤵
  PID:5004
- C:\Windows\System\cOyHxOV.exe
  C:\Windows\System\cOyHxOV.exe
  2⤵
  PID:4212
- C:\Windows\System\yPLkKJb.exe
  C:\Windows\System\yPLkKJb.exe
  2⤵
  PID:3284
- C:\Windows\System\dozrwUB.exe
  C:\Windows\System\dozrwUB.exe
  2⤵
  PID:4228
- C:\Windows\System\DtVWuYw.exe
  C:\Windows\System\DtVWuYw.exe
  2⤵
  PID:4328
- C:\Windows\System\laPzxjh.exe
  C:\Windows\System\laPzxjh.exe
  2⤵
  PID:5180
- C:\Windows\System\HfFawFE.exe
  C:\Windows\System\HfFawFE.exe
  2⤵
  PID:5292
- C:\Windows\System\Oannivh.exe
  C:\Windows\System\Oannivh.exe
  2⤵
  PID:5336
- C:\Windows\System\orTRuuo.exe
  C:\Windows\System\orTRuuo.exe
  2⤵
  PID:5408
- C:\Windows\System\YDsYVce.exe
  C:\Windows\System\YDsYVce.exe
  2⤵
  PID:1604
- C:\Windows\System\EsPaMly.exe
  C:\Windows\System\EsPaMly.exe
  2⤵
  PID:6156
- C:\Windows\System\TsbAmna.exe
  C:\Windows\System\TsbAmna.exe
  2⤵
  PID:6176
- C:\Windows\System\DzpdwyY.exe
  C:\Windows\System\DzpdwyY.exe
  2⤵
  PID:6196
- C:\Windows\System\NLiRzqa.exe
  C:\Windows\System\NLiRzqa.exe
  2⤵
  PID:6216
- C:\Windows\System\HWRSpTE.exe
  C:\Windows\System\HWRSpTE.exe
  2⤵
  PID:6236
- C:\Windows\System\cthqBVW.exe
  C:\Windows\System\cthqBVW.exe
  2⤵
  PID:6256
- C:\Windows\System\itiuXET.exe
  C:\Windows\System\itiuXET.exe
  2⤵
  PID:6276
- C:\Windows\System\FBtIHxZ.exe
  C:\Windows\System\FBtIHxZ.exe
  2⤵
  PID:6296
- C:\Windows\System\EozwwpV.exe
  C:\Windows\System\EozwwpV.exe
  2⤵
  PID:6320
- C:\Windows\System\gkIbTQF.exe
  C:\Windows\System\gkIbTQF.exe
  2⤵
  PID:6340
- C:\Windows\System\ddEPiIt.exe
  C:\Windows\System\ddEPiIt.exe
  2⤵
  PID:6360
- C:\Windows\System\SuIgEuK.exe
  C:\Windows\System\SuIgEuK.exe
  2⤵
  PID:6380
- C:\Windows\System\XMRZwdW.exe
  C:\Windows\System\XMRZwdW.exe
  2⤵
  PID:6400
- C:\Windows\System\QSIplNM.exe
  C:\Windows\System\QSIplNM.exe
  2⤵
  PID:6420
- C:\Windows\System\cGYgNkd.exe
  C:\Windows\System\cGYgNkd.exe
  2⤵
  PID:6440
- C:\Windows\System\CkhHWkb.exe
  C:\Windows\System\CkhHWkb.exe
  2⤵
  PID:6460
- C:\Windows\System\kGeoVoN.exe
  C:\Windows\System\kGeoVoN.exe
  2⤵
  PID:6480
- C:\Windows\System\cfUMalM.exe
  C:\Windows\System\cfUMalM.exe
  2⤵
  PID:6504
- C:\Windows\System\fgGwApc.exe
  C:\Windows\System\fgGwApc.exe
  2⤵
  PID:6524
- C:\Windows\System\rzOuYYs.exe
  C:\Windows\System\rzOuYYs.exe
  2⤵
  PID:6544
- C:\Windows\System\tpOwloD.exe
  C:\Windows\System\tpOwloD.exe
  2⤵
  PID:6564
- C:\Windows\System\ykRZXpx.exe
  C:\Windows\System\ykRZXpx.exe
  2⤵
  PID:6584
- C:\Windows\System\zeoHyzS.exe
  C:\Windows\System\zeoHyzS.exe
  2⤵
  PID:6604
- C:\Windows\System\RZsRqJD.exe
  C:\Windows\System\RZsRqJD.exe
  2⤵
  PID:6624
- C:\Windows\System\JjqNeUv.exe
  C:\Windows\System\JjqNeUv.exe
  2⤵
  PID:6644
- C:\Windows\System\NgJrSJj.exe
  C:\Windows\System\NgJrSJj.exe
  2⤵
  PID:6664
- C:\Windows\System\CTkSfPB.exe
  C:\Windows\System\CTkSfPB.exe
  2⤵
  PID:6684
- C:\Windows\System\iyjPBgV.exe
  C:\Windows\System\iyjPBgV.exe
  2⤵
  PID:6704
- C:\Windows\System\EijgYfw.exe
  C:\Windows\System\EijgYfw.exe
  2⤵
  PID:6724
- C:\Windows\System\KyRNUaY.exe
  C:\Windows\System\KyRNUaY.exe
  2⤵
  PID:6744
- C:\Windows\System\MQccfxd.exe
  C:\Windows\System\MQccfxd.exe
  2⤵
  PID:6764
- C:\Windows\System\xhIANTq.exe
  C:\Windows\System\xhIANTq.exe
  2⤵
  PID:6784
- C:\Windows\System\LsAsdSS.exe
  C:\Windows\System\LsAsdSS.exe
  2⤵
  PID:6804
- C:\Windows\System\ybzGmVU.exe
  C:\Windows\System\ybzGmVU.exe
  2⤵
  PID:6824
- C:\Windows\System\hQOylEB.exe
  C:\Windows\System\hQOylEB.exe
  2⤵
  PID:6844
- C:\Windows\System\JgHcpEY.exe
  C:\Windows\System\JgHcpEY.exe
  2⤵
  PID:6864
- C:\Windows\System\JByQeXP.exe
  C:\Windows\System\JByQeXP.exe
  2⤵
  PID:6884
- C:\Windows\System\IgSKqnw.exe
  C:\Windows\System\IgSKqnw.exe
  2⤵
  PID:6904
- C:\Windows\System\gFLwnhq.exe
  C:\Windows\System\gFLwnhq.exe
  2⤵
  PID:6924
- C:\Windows\System\UnitQyz.exe
  C:\Windows\System\UnitQyz.exe
  2⤵
  PID:6944
- C:\Windows\System\TQQoStk.exe
  C:\Windows\System\TQQoStk.exe
  2⤵
  PID:6960
- C:\Windows\System\YGdEIgj.exe
  C:\Windows\System\YGdEIgj.exe
  2⤵
  PID:6984
- C:\Windows\System\adWdAuP.exe
  C:\Windows\System\adWdAuP.exe
  2⤵
  PID:7004
- C:\Windows\System\YqpKlFf.exe
  C:\Windows\System\YqpKlFf.exe
  2⤵
  PID:7024
- C:\Windows\System\ZthloUt.exe
  C:\Windows\System\ZthloUt.exe
  2⤵
  PID:7044
- C:\Windows\System\VhMZLEC.exe
  C:\Windows\System\VhMZLEC.exe
  2⤵
  PID:7064
- C:\Windows\System\FgdfjFI.exe
  C:\Windows\System\FgdfjFI.exe
  2⤵
  PID:7084
- C:\Windows\System\CYouUDA.exe
  C:\Windows\System\CYouUDA.exe
  2⤵
  PID:7104
- C:\Windows\System\anWnkih.exe
  C:\Windows\System\anWnkih.exe
  2⤵
  PID:7124
- C:\Windows\System\KtacMsB.exe
  C:\Windows\System\KtacMsB.exe
  2⤵
  PID:7144
- C:\Windows\System\nshkmcA.exe
  C:\Windows\System\nshkmcA.exe
  2⤵
  PID:7164
- C:\Windows\System\TRxpRwq.exe
  C:\Windows\System\TRxpRwq.exe
  2⤵
  PID:5632
- C:\Windows\System\qnklcBM.exe
  C:\Windows\System\qnklcBM.exe
  2⤵
  PID:5752
- C:\Windows\System\gAJXKXY.exe
  C:\Windows\System\gAJXKXY.exe
  2⤵
  PID:5792
- C:\Windows\System\wiXnkVJ.exe
  C:\Windows\System\wiXnkVJ.exe
  2⤵
  PID:5896
- C:\Windows\System\zDpmUsa.exe
  C:\Windows\System\zDpmUsa.exe
  2⤵
  PID:6052
- C:\Windows\System\bDrAYGr.exe
  C:\Windows\System\bDrAYGr.exe
  2⤵
  PID:6060
- C:\Windows\System\TMoKeNv.exe
  C:\Windows\System\TMoKeNv.exe
  2⤵
  PID:5100
- C:\Windows\System\DccJlpT.exe
  C:\Windows\System\DccJlpT.exe
  2⤵
  PID:4932
- C:\Windows\System\OYyBMqt.exe
  C:\Windows\System\OYyBMqt.exe
  2⤵
  PID:4224
- C:\Windows\System\EvOsdvH.exe
  C:\Windows\System\EvOsdvH.exe
  2⤵
  PID:5128
- C:\Windows\System\aeleZpp.exe
  C:\Windows\System\aeleZpp.exe
  2⤵
  PID:5372
- C:\Windows\System\lVVwgfI.exe
  C:\Windows\System\lVVwgfI.exe
  2⤵
  PID:5496
- C:\Windows\System\MHApBzQ.exe
  C:\Windows\System\MHApBzQ.exe
  2⤵
  PID:6148
- C:\Windows\System\JcLsLgf.exe
  C:\Windows\System\JcLsLgf.exe
  2⤵
  PID:6188
- C:\Windows\System\GXHzhxg.exe
  C:\Windows\System\GXHzhxg.exe
  2⤵
  PID:6204
- C:\Windows\System\CFTJKkQ.exe
  C:\Windows\System\CFTJKkQ.exe
  2⤵
  PID:6272
- C:\Windows\System\yEiGiTE.exe
  C:\Windows\System\yEiGiTE.exe
  2⤵
  PID:6284
- C:\Windows\System\XzMpVWD.exe
  C:\Windows\System\XzMpVWD.exe
  2⤵
  PID:6308
- C:\Windows\System\HRpOJHr.exe
  C:\Windows\System\HRpOJHr.exe
  2⤵
  PID:6332
- C:\Windows\System\yfoOTPs.exe
  C:\Windows\System\yfoOTPs.exe
  2⤵
  PID:6388
- C:\Windows\System\ClENyPD.exe
  C:\Windows\System\ClENyPD.exe
  2⤵
  PID:6416
- C:\Windows\System\iVJzfDK.exe
  C:\Windows\System\iVJzfDK.exe
  2⤵
  PID:6448
- C:\Windows\System\vxwicit.exe
  C:\Windows\System\vxwicit.exe
  2⤵
  PID:6452
- C:\Windows\System\zRzJOOn.exe
  C:\Windows\System\zRzJOOn.exe
  2⤵
  PID:6512
- C:\Windows\System\gZidHwH.exe
  C:\Windows\System\gZidHwH.exe
  2⤵
  PID:6560
- C:\Windows\System\XFjavnU.exe
  C:\Windows\System\XFjavnU.exe
  2⤵
  PID:6536
- C:\Windows\System\oZUzqxr.exe
  C:\Windows\System\oZUzqxr.exe
  2⤵
  PID:6596
- C:\Windows\System\OClvmbr.exe
  C:\Windows\System\OClvmbr.exe
  2⤵
  PID:6620
- C:\Windows\System\uBdffJw.exe
  C:\Windows\System\uBdffJw.exe
  2⤵
  PID:6656
- C:\Windows\System\SnhpMqI.exe
  C:\Windows\System\SnhpMqI.exe
  2⤵
  PID:6720
- C:\Windows\System\sOydnIW.exe
  C:\Windows\System\sOydnIW.exe
  2⤵
  PID:6752
- C:\Windows\System\YrPhDPF.exe
  C:\Windows\System\YrPhDPF.exe
  2⤵
  PID:6792
- C:\Windows\System\XPGsoQo.exe
  C:\Windows\System\XPGsoQo.exe
  2⤵
  PID:552
- C:\Windows\System\RxVbbnD.exe
  C:\Windows\System\RxVbbnD.exe
  2⤵
  PID:6816
- C:\Windows\System\vMlHApd.exe
  C:\Windows\System\vMlHApd.exe
  2⤵
  PID:6872
- C:\Windows\System\DJIVngv.exe
  C:\Windows\System\DJIVngv.exe
  2⤵
  PID:6880
- C:\Windows\System\JkZdGiK.exe
  C:\Windows\System\JkZdGiK.exe
  2⤵
  PID:6900
- C:\Windows\System\VeJAHdy.exe
  C:\Windows\System\VeJAHdy.exe
  2⤵
  PID:6936
- C:\Windows\System\rmfmFIm.exe
  C:\Windows\System\rmfmFIm.exe
  2⤵
  PID:6972
- C:\Windows\System\EmpbRNU.exe
  C:\Windows\System\EmpbRNU.exe
  2⤵
  PID:6492
- C:\Windows\System\jeekCxJ.exe
  C:\Windows\System\jeekCxJ.exe
  2⤵
  PID:7040
- C:\Windows\System\GkRrKlB.exe
  C:\Windows\System\GkRrKlB.exe
  2⤵
  PID:7076
- C:\Windows\System\jtohAfq.exe
  C:\Windows\System\jtohAfq.exe
  2⤵
  PID:7116
- C:\Windows\System\QgKoxRW.exe
  C:\Windows\System\QgKoxRW.exe
  2⤵
  PID:7140
- C:\Windows\System\BezEgQk.exe
  C:\Windows\System\BezEgQk.exe
  2⤵
  PID:5588
- C:\Windows\System\zhIFpkl.exe
  C:\Windows\System\zhIFpkl.exe
  2⤵
  PID:5968
- C:\Windows\System\khtDAoe.exe
  C:\Windows\System\khtDAoe.exe
  2⤵
  PID:6012
- C:\Windows\System\CgorJVu.exe
  C:\Windows\System\CgorJVu.exe
  2⤵
  PID:4628
- C:\Windows\System\sdlgixB.exe
  C:\Windows\System\sdlgixB.exe
  2⤵
  PID:4592
- C:\Windows\System\YXlOhzW.exe
  C:\Windows\System\YXlOhzW.exe
  2⤵
  PID:4436
- C:\Windows\System\RzJVSGq.exe
  C:\Windows\System\RzJVSGq.exe
  2⤵
  PID:5264
- C:\Windows\System\RWTmhQL.exe
  C:\Windows\System\RWTmhQL.exe
  2⤵
  PID:6184
- C:\Windows\System\tpHTQjH.exe
  C:\Windows\System\tpHTQjH.exe
  2⤵
  PID:5548
- C:\Windows\System\mIZMgIk.exe
  C:\Windows\System\mIZMgIk.exe
  2⤵
  PID:6316
- C:\Windows\System\idtOSus.exe
  C:\Windows\System\idtOSus.exe
  2⤵
  PID:6352
- C:\Windows\System\SyMtwhR.exe
  C:\Windows\System\SyMtwhR.exe
  2⤵
  PID:6428
- C:\Windows\System\KbzPBZB.exe
  C:\Windows\System\KbzPBZB.exe
  2⤵
  PID:6496
- C:\Windows\System\BtZgUZZ.exe
  C:\Windows\System\BtZgUZZ.exe
  2⤵
  PID:6408
- C:\Windows\System\myFchwc.exe
  C:\Windows\System\myFchwc.exe
  2⤵
  PID:6532
- C:\Windows\System\TkTFsCW.exe
  C:\Windows\System\TkTFsCW.exe
  2⤵
  PID:6516
- C:\Windows\System\IZgEoKp.exe
  C:\Windows\System\IZgEoKp.exe
  2⤵
  PID:6592
- C:\Windows\System\PiBnIiN.exe
  C:\Windows\System\PiBnIiN.exe
  2⤵
  PID:6696
- C:\Windows\System\sDOjwAb.exe
  C:\Windows\System\sDOjwAb.exe
  2⤵
  PID:6756
- C:\Windows\System\tEkLeFw.exe
  C:\Windows\System\tEkLeFw.exe
  2⤵
  PID:6796
- C:\Windows\System\whgcTkC.exe
  C:\Windows\System\whgcTkC.exe
  2⤵
  PID:2768
- C:\Windows\System\dnxryZg.exe
  C:\Windows\System\dnxryZg.exe
  2⤵
  PID:696
- C:\Windows\System\nIYdqwZ.exe
  C:\Windows\System\nIYdqwZ.exe
  2⤵
  PID:6916
- C:\Windows\System\tUdPEKK.exe
  C:\Windows\System\tUdPEKK.exe
  2⤵
  PID:6952
- C:\Windows\System\kkDvbka.exe
  C:\Windows\System\kkDvbka.exe
  2⤵
  PID:6976
- C:\Windows\System\dBbFecV.exe
  C:\Windows\System\dBbFecV.exe
  2⤵
  PID:7056
- C:\Windows\System\ImpFRGn.exe
  C:\Windows\System\ImpFRGn.exe
  2⤵
  PID:7156
- C:\Windows\System\vjAxjTe.exe
  C:\Windows\System\vjAxjTe.exe
  2⤵
  PID:7100
- C:\Windows\System\zAxKRdC.exe
  C:\Windows\System\zAxKRdC.exe
  2⤵
  PID:5992
- C:\Windows\System\afpsJBm.exe
  C:\Windows\System\afpsJBm.exe
  2⤵
  PID:5956
- C:\Windows\System\ogKLPNg.exe
  C:\Windows\System\ogKLPNg.exe
  2⤵
  PID:6136
- C:\Windows\System\pVTPSlT.exe
  C:\Windows\System\pVTPSlT.exe
  2⤵
  PID:4572
- C:\Windows\System\eImQIKi.exe
  C:\Windows\System\eImQIKi.exe
  2⤵
  PID:6152
- C:\Windows\System\paLlYYX.exe
  C:\Windows\System\paLlYYX.exe
  2⤵
  PID:6264
- C:\Windows\System\RFPGlUt.exe
  C:\Windows\System\RFPGlUt.exe
  2⤵
  PID:6396
- C:\Windows\System\rYrfMgs.exe
  C:\Windows\System\rYrfMgs.exe
  2⤵
  PID:2792
- C:\Windows\System\XMjUOpo.exe
  C:\Windows\System\XMjUOpo.exe
  2⤵
  PID:6476
- C:\Windows\System\sRONHkB.exe
  C:\Windows\System\sRONHkB.exe
  2⤵
  PID:6672
- C:\Windows\System\yQustAx.exe
  C:\Windows\System\yQustAx.exe
  2⤵
  PID:2400
- C:\Windows\System\tjmpvXX.exe
  C:\Windows\System\tjmpvXX.exe
  2⤵
  PID:6856
- C:\Windows\System\rbCbsIe.exe
  C:\Windows\System\rbCbsIe.exe
  2⤵
  PID:6836
- C:\Windows\System\HYbVwCc.exe
  C:\Windows\System\HYbVwCc.exe
  2⤵
  PID:6920
- C:\Windows\System\BBUcSmP.exe
  C:\Windows\System\BBUcSmP.exe
  2⤵
  PID:6980
- C:\Windows\System\eyUbNGl.exe
  C:\Windows\System\eyUbNGl.exe
  2⤵
  PID:7152
- C:\Windows\System\uvYlPJG.exe
  C:\Windows\System\uvYlPJG.exe
  2⤵
  PID:5756
- C:\Windows\System\wYUxpXr.exe
  C:\Windows\System\wYUxpXr.exe
  2⤵
  PID:5200
- C:\Windows\System\JMujVcT.exe
  C:\Windows\System\JMujVcT.exe
  2⤵
  PID:3948
- C:\Windows\System\nICwsLX.exe
  C:\Windows\System\nICwsLX.exe
  2⤵
  PID:7184
- C:\Windows\System\mXYROVK.exe
  C:\Windows\System\mXYROVK.exe
  2⤵
  PID:7204
- C:\Windows\System\STUJsUA.exe
  C:\Windows\System\STUJsUA.exe
  2⤵
  PID:7224
- C:\Windows\System\GAUOxoD.exe
  C:\Windows\System\GAUOxoD.exe
  2⤵
  PID:7248
- C:\Windows\System\qRPtEff.exe
  C:\Windows\System\qRPtEff.exe
  2⤵
  PID:7268
- C:\Windows\System\FyGlYJv.exe
  C:\Windows\System\FyGlYJv.exe
  2⤵
  PID:7284
- C:\Windows\System\aSpslUD.exe
  C:\Windows\System\aSpslUD.exe
  2⤵
  PID:7308
- C:\Windows\System\FxXHgMC.exe
  C:\Windows\System\FxXHgMC.exe
  2⤵
  PID:7328
- C:\Windows\System\uykumRD.exe
  C:\Windows\System\uykumRD.exe
  2⤵
  PID:7348
- C:\Windows\System\HLMyypc.exe
  C:\Windows\System\HLMyypc.exe
  2⤵
  PID:7368
- C:\Windows\System\DAPusvc.exe
  C:\Windows\System\DAPusvc.exe
  2⤵
  PID:7388
- C:\Windows\System\HxMVZcj.exe
  C:\Windows\System\HxMVZcj.exe
  2⤵
  PID:7408
- C:\Windows\System\fWQfblf.exe
  C:\Windows\System\fWQfblf.exe
  2⤵
  PID:7428
- C:\Windows\System\PHxFjbk.exe
  C:\Windows\System\PHxFjbk.exe
  2⤵
  PID:7448
- C:\Windows\System\gKKLUGu.exe
  C:\Windows\System\gKKLUGu.exe
  2⤵
  PID:7468
- C:\Windows\System\FRKKMTL.exe
  C:\Windows\System\FRKKMTL.exe
  2⤵
  PID:7488
- C:\Windows\System\kpAyIpW.exe
  C:\Windows\System\kpAyIpW.exe
  2⤵
  PID:7508
- C:\Windows\System\hjhmXIi.exe
  C:\Windows\System\hjhmXIi.exe
  2⤵
  PID:7528
- C:\Windows\System\ahAieSd.exe
  C:\Windows\System\ahAieSd.exe
  2⤵
  PID:7548
- C:\Windows\System\ESfgiDR.exe
  C:\Windows\System\ESfgiDR.exe
  2⤵
  PID:7564
- C:\Windows\System\zRtikwI.exe
  C:\Windows\System\zRtikwI.exe
  2⤵
  PID:7584
- C:\Windows\System\LFnPNHs.exe
  C:\Windows\System\LFnPNHs.exe
  2⤵
  PID:7608
- C:\Windows\System\whZFLqh.exe
  C:\Windows\System\whZFLqh.exe
  2⤵
  PID:7628
- C:\Windows\System\LvRydNY.exe
  C:\Windows\System\LvRydNY.exe
  2⤵
  PID:7648
- C:\Windows\System\eWzEUFZ.exe
  C:\Windows\System\eWzEUFZ.exe
  2⤵
  PID:7668
- C:\Windows\System\UdhasXE.exe
  C:\Windows\System\UdhasXE.exe
  2⤵
  PID:7684
- C:\Windows\System\MqtYYbe.exe
  C:\Windows\System\MqtYYbe.exe
  2⤵
  PID:7708
- C:\Windows\System\oqhIJEf.exe
  C:\Windows\System\oqhIJEf.exe
  2⤵
  PID:7728
- C:\Windows\System\PDAnCbj.exe
  C:\Windows\System\PDAnCbj.exe
  2⤵
  PID:7752
- C:\Windows\System\nmJDOtN.exe
  C:\Windows\System\nmJDOtN.exe
  2⤵
  PID:7772
- C:\Windows\System\jVqYkVi.exe
  C:\Windows\System\jVqYkVi.exe
  2⤵
  PID:7792
- C:\Windows\System\bcIRaaJ.exe
  C:\Windows\System\bcIRaaJ.exe
  2⤵
  PID:7812
- C:\Windows\System\wokuaMn.exe
  C:\Windows\System\wokuaMn.exe
  2⤵
  PID:7836
- C:\Windows\System\nzKhzTj.exe
  C:\Windows\System\nzKhzTj.exe
  2⤵
  PID:7856
- C:\Windows\System\HbcCsmX.exe
  C:\Windows\System\HbcCsmX.exe
  2⤵
  PID:7876
- C:\Windows\System\gxWiUMH.exe
  C:\Windows\System\gxWiUMH.exe
  2⤵
  PID:7896
- C:\Windows\System\UlADRRA.exe
  C:\Windows\System\UlADRRA.exe
  2⤵
  PID:7912
- C:\Windows\System\RfmjKhL.exe
  C:\Windows\System\RfmjKhL.exe
  2⤵
  PID:7952
- C:\Windows\System\xBoSjwX.exe
  C:\Windows\System\xBoSjwX.exe
  2⤵
  PID:7968
- C:\Windows\System\sBFYCwt.exe
  C:\Windows\System\sBFYCwt.exe
  2⤵
  PID:7988
- C:\Windows\System\NMvTxUo.exe
  C:\Windows\System\NMvTxUo.exe
  2⤵
  PID:8020
- C:\Windows\System\uVDaoWr.exe
  C:\Windows\System\uVDaoWr.exe
  2⤵
  PID:8044
- C:\Windows\System\pyUASyi.exe
  C:\Windows\System\pyUASyi.exe
  2⤵
  PID:8060
- C:\Windows\System\ZHqUVAm.exe
  C:\Windows\System\ZHqUVAm.exe
  2⤵
  PID:8076
- C:\Windows\System\FgqjpBh.exe
  C:\Windows\System\FgqjpBh.exe
  2⤵
  PID:8092
- C:\Windows\System\fTkrfmG.exe
  C:\Windows\System\fTkrfmG.exe
  2⤵
  PID:8108
- C:\Windows\System\FHzlodJ.exe
  C:\Windows\System\FHzlodJ.exe
  2⤵
  PID:8124
- C:\Windows\System\TapiwcA.exe
  C:\Windows\System\TapiwcA.exe
  2⤵
  PID:8140
- C:\Windows\System\VQhWqDr.exe
  C:\Windows\System\VQhWqDr.exe
  2⤵
  PID:8156
- C:\Windows\System\FlzNGyl.exe
  C:\Windows\System\FlzNGyl.exe
  2⤵
  PID:8172
- C:\Windows\System\gvjxaRI.exe
  C:\Windows\System\gvjxaRI.exe
  2⤵
  PID:8188
- C:\Windows\System\sVfUivX.exe
  C:\Windows\System\sVfUivX.exe
  2⤵
  PID:6268
- C:\Windows\System\OLdHZSH.exe
  C:\Windows\System\OLdHZSH.exe
  2⤵
  PID:6336
- C:\Windows\System\DjbdQvq.exe
  C:\Windows\System\DjbdQvq.exe
  2⤵
  PID:6288
- C:\Windows\System\zMaThEo.exe
  C:\Windows\System\zMaThEo.exe
  2⤵
  PID:6600
- C:\Windows\System\zwyfTAj.exe
  C:\Windows\System\zwyfTAj.exe
  2⤵
  PID:2708
- C:\Windows\System\vykdRwh.exe
  C:\Windows\System\vykdRwh.exe
  2⤵
  PID:6940
- C:\Windows\System\qIRnNTd.exe
  C:\Windows\System\qIRnNTd.exe
  2⤵
  PID:6968
- C:\Windows\System\jxiDGWy.exe
  C:\Windows\System\jxiDGWy.exe
  2⤵
  PID:1056
- C:\Windows\System\LsoaGGv.exe
  C:\Windows\System\LsoaGGv.exe
  2⤵
  PID:6032
- C:\Windows\System\OYHIPBL.exe
  C:\Windows\System\OYHIPBL.exe
  2⤵
  PID:7060
- C:\Windows\System\mwWkBsr.exe
  C:\Windows\System\mwWkBsr.exe
  2⤵
  PID:7336
- C:\Windows\System\CyHyVii.exe
  C:\Windows\System\CyHyVii.exe
  2⤵
  PID:7356
- C:\Windows\System\HwjhEum.exe
  C:\Windows\System\HwjhEum.exe
  2⤵
  PID:1680
- C:\Windows\System\oYEmjbR.exe
  C:\Windows\System\oYEmjbR.exe
  2⤵
  PID:2712
- C:\Windows\System\TiVsJzT.exe
  C:\Windows\System\TiVsJzT.exe
  2⤵
  PID:7436
- C:\Windows\System\WScAtrU.exe
  C:\Windows\System\WScAtrU.exe
  2⤵
  PID:7440
- C:\Windows\System\IJOiFMm.exe
  C:\Windows\System\IJOiFMm.exe
  2⤵
  PID:7484
- C:\Windows\System\ORwiBPF.exe
  C:\Windows\System\ORwiBPF.exe
  2⤵
  PID:7520
- C:\Windows\System\rDTaiaf.exe
  C:\Windows\System\rDTaiaf.exe
  2⤵
  PID:7572
- C:\Windows\System\JYvWlcK.exe
  C:\Windows\System\JYvWlcK.exe
  2⤵
  PID:7600
- C:\Windows\System\QubVrhX.exe
  C:\Windows\System\QubVrhX.exe
  2⤵
  PID:7664
- C:\Windows\System\AOkYSDR.exe
  C:\Windows\System\AOkYSDR.exe
  2⤵
  PID:2296
- C:\Windows\System\ZDFNBDv.exe
  C:\Windows\System\ZDFNBDv.exe
  2⤵
  PID:7704
- C:\Windows\System\ZQKAiiA.exe
  C:\Windows\System\ZQKAiiA.exe
  2⤵
  PID:7748
- C:\Windows\System\gcdIVoH.exe
  C:\Windows\System\gcdIVoH.exe
  2⤵
  PID:7760
- C:\Windows\System\PfSwMce.exe
  C:\Windows\System\PfSwMce.exe
  2⤵
  PID:7764
- C:\Windows\System\OUFKuag.exe
  C:\Windows\System\OUFKuag.exe
  2⤵
  PID:7820
- C:\Windows\System\zlgaZyr.exe
  C:\Windows\System\zlgaZyr.exe
  2⤵
  PID:7852
- C:\Windows\System\JhWVbRB.exe
  C:\Windows\System\JhWVbRB.exe
  2⤵
  PID:7872
- C:\Windows\System\fimdsNz.exe
  C:\Windows\System\fimdsNz.exe
  2⤵
  PID:7904
- C:\Windows\System\jEwOYJx.exe
  C:\Windows\System\jEwOYJx.exe
  2⤵
  PID:1488
- C:\Windows\System\FLwfARE.exe
  C:\Windows\System\FLwfARE.exe
  2⤵
  PID:4836
- C:\Windows\System\ElNoeCL.exe
  C:\Windows\System\ElNoeCL.exe
  2⤵
  PID:1424
- C:\Windows\System\yqgCPay.exe
  C:\Windows\System\yqgCPay.exe
  2⤵
  PID:2388
- C:\Windows\System\UPWiRZd.exe
  C:\Windows\System\UPWiRZd.exe
  2⤵
  PID:5232
- C:\Windows\System\pMsFQMD.exe
  C:\Windows\System\pMsFQMD.exe
  2⤵
  PID:684
- C:\Windows\System\SAsAPCS.exe
  C:\Windows\System\SAsAPCS.exe
  2⤵
  PID:7940
- C:\Windows\System\yAbhoSa.exe
  C:\Windows\System\yAbhoSa.exe
  2⤵
  PID:2676
- C:\Windows\System\TBieCpl.exe
  C:\Windows\System\TBieCpl.exe
  2⤵
  PID:2140
- C:\Windows\System\GfCAkLy.exe
  C:\Windows\System\GfCAkLy.exe
  2⤵
  PID:2760
- C:\Windows\System\BSaxBWk.exe
  C:\Windows\System\BSaxBWk.exe
  2⤵
  PID:348
- C:\Windows\System\qtiKkQh.exe
  C:\Windows\System\qtiKkQh.exe
  2⤵
  PID:2380
- C:\Windows\System\nVXaIiX.exe
  C:\Windows\System\nVXaIiX.exe
  2⤵
  PID:7960
- C:\Windows\System\VrGlOnH.exe
  C:\Windows\System\VrGlOnH.exe
  2⤵
  PID:8004
- C:\Windows\System\quBMHjD.exe
  C:\Windows\System\quBMHjD.exe
  2⤵
  PID:8068
- C:\Windows\System\TGdASHq.exe
  C:\Windows\System\TGdASHq.exe
  2⤵
  PID:8136
- C:\Windows\System\PaSzJaw.exe
  C:\Windows\System\PaSzJaw.exe
  2⤵
  PID:6228
- C:\Windows\System\uHcihbT.exe
  C:\Windows\System\uHcihbT.exe
  2⤵
  PID:6760
- C:\Windows\System\bBKoyph.exe
  C:\Windows\System\bBKoyph.exe
  2⤵
  PID:7032
- C:\Windows\System\ELHpYgT.exe
  C:\Windows\System\ELHpYgT.exe
  2⤵
  PID:8180
- C:\Windows\System\oTVyDLH.exe
  C:\Windows\System\oTVyDLH.exe
  2⤵
  PID:8056
- C:\Windows\System\aHyrzNj.exe
  C:\Windows\System\aHyrzNj.exe
  2⤵
  PID:8148
- C:\Windows\System\djtghvO.exe
  C:\Windows\System\djtghvO.exe
  2⤵
  PID:6436
- C:\Windows\System\NHyWgue.exe
  C:\Windows\System\NHyWgue.exe
  2⤵
  PID:6932
- C:\Windows\System\IzSyETA.exe
  C:\Windows\System\IzSyETA.exe
  2⤵
  PID:7220
- C:\Windows\System\gukUrlZ.exe
  C:\Windows\System\gukUrlZ.exe
  2⤵
  PID:920
- C:\Windows\System\ADIHajD.exe
  C:\Windows\System\ADIHajD.exe
  2⤵
  PID:7192
- C:\Windows\System\IpTzVRY.exe
  C:\Windows\System\IpTzVRY.exe
  2⤵
  PID:7232
- C:\Windows\System\uxnPvjD.exe
  C:\Windows\System\uxnPvjD.exe
  2⤵
  PID:7296
- C:\Windows\System\FJWouEw.exe
  C:\Windows\System\FJWouEw.exe
  2⤵
  PID:7360
- C:\Windows\System\HQVyAtT.exe
  C:\Windows\System\HQVyAtT.exe
  2⤵
  PID:7380
- C:\Windows\System\oeMUPqq.exe
  C:\Windows\System\oeMUPqq.exe
  2⤵
  PID:7456
- C:\Windows\System\KLaYrxr.exe
  C:\Windows\System\KLaYrxr.exe
  2⤵
  PID:7544
- C:\Windows\System\NHMuIyc.exe
  C:\Windows\System\NHMuIyc.exe
  2⤵
  PID:7556
- C:\Windows\System\pgDqQbY.exe
  C:\Windows\System\pgDqQbY.exe
  2⤵
  PID:7692
- C:\Windows\System\NDRsZXH.exe
  C:\Windows\System\NDRsZXH.exe
  2⤵
  PID:7740
- C:\Windows\System\msARilu.exe
  C:\Windows\System\msARilu.exe
  2⤵
  PID:7560
- C:\Windows\System\Kfgbejj.exe
  C:\Windows\System\Kfgbejj.exe
  2⤵
  PID:2284
- C:\Windows\System\phsoESV.exe
  C:\Windows\System\phsoESV.exe
  2⤵
  PID:3348
- C:\Windows\System\JoCADNQ.exe
  C:\Windows\System\JoCADNQ.exe
  2⤵
  PID:1892
- C:\Windows\System\CWXUBZc.exe
  C:\Windows\System\CWXUBZc.exe
  2⤵
  PID:7624
- C:\Windows\System\mStAJaB.exe
  C:\Windows\System\mStAJaB.exe
  2⤵
  PID:7832
- C:\Windows\System\jFdzubF.exe
  C:\Windows\System\jFdzubF.exe
  2⤵
  PID:4832
- C:\Windows\System\fKgGovl.exe
  C:\Windows\System\fKgGovl.exe
  2⤵
  PID:7640
- C:\Windows\System\SQRUfLK.exe
  C:\Windows\System\SQRUfLK.exe
  2⤵
  PID:7892
- C:\Windows\System\RmYZBrp.exe
  C:\Windows\System\RmYZBrp.exe
  2⤵
  PID:2328
- C:\Windows\System\jNllOau.exe
  C:\Windows\System\jNllOau.exe
  2⤵
  PID:2312
- C:\Windows\System\vIJPzsZ.exe
  C:\Windows\System\vIJPzsZ.exe
  2⤵
  PID:1588
- C:\Windows\System\iltBLgp.exe
  C:\Windows\System\iltBLgp.exe
  2⤵
  PID:7980
- C:\Windows\System\FPrbLKB.exe
  C:\Windows\System\FPrbLKB.exe
  2⤵
  PID:8040
- C:\Windows\System\ZhQjpJo.exe
  C:\Windows\System\ZhQjpJo.exe
  2⤵
  PID:6820
- C:\Windows\System\aRgUVcb.exe
  C:\Windows\System\aRgUVcb.exe
  2⤵
  PID:6328
- C:\Windows\System\wzvDNoC.exe
  C:\Windows\System\wzvDNoC.exe
  2⤵
  PID:2492
- C:\Windows\System\NWICtTi.exe
  C:\Windows\System\NWICtTi.exe
  2⤵
  PID:1872
- C:\Windows\System\AYKhOdQ.exe
  C:\Windows\System\AYKhOdQ.exe
  2⤵
  PID:7300
- C:\Windows\System\ZEoRnlt.exe
  C:\Windows\System\ZEoRnlt.exe
  2⤵
  PID:7276
- C:\Windows\System\sfoCvHe.exe
  C:\Windows\System\sfoCvHe.exe
  2⤵
  PID:7948
- C:\Windows\System\yrgNFZh.exe
  C:\Windows\System\yrgNFZh.exe
  2⤵
  PID:8100
- C:\Windows\System\bRWebFF.exe
  C:\Windows\System\bRWebFF.exe
  2⤵
  PID:8028
- C:\Windows\System\wMSqkhG.exe
  C:\Windows\System\wMSqkhG.exe
  2⤵
  PID:8116
- C:\Windows\System\dbwCqRH.exe
  C:\Windows\System\dbwCqRH.exe
  2⤵
  PID:6692
- C:\Windows\System\AhRVogY.exe
  C:\Windows\System\AhRVogY.exe
  2⤵
  PID:7264
- C:\Windows\System\VagGVOr.exe
  C:\Windows\System\VagGVOr.exe
  2⤵
  PID:7280
- C:\Windows\System\GxNfGPz.exe
  C:\Windows\System\GxNfGPz.exe
  2⤵
  PID:7476
- C:\Windows\System\CTmfFGo.exe
  C:\Windows\System\CTmfFGo.exe
  2⤵
  PID:7524
- C:\Windows\System\KIxrjVo.exe
  C:\Windows\System\KIxrjVo.exe
  2⤵
  PID:7404
- C:\Windows\System\vXfkmfi.exe
  C:\Windows\System\vXfkmfi.exe
  2⤵
  PID:7464
- C:\Windows\System\CEGEtiA.exe
  C:\Windows\System\CEGEtiA.exe
  2⤵
  PID:7944
- C:\Windows\System\lrxALIc.exe
  C:\Windows\System\lrxALIc.exe
  2⤵
  PID:7576
- C:\Windows\System\DQRwRwC.exe
  C:\Windows\System\DQRwRwC.exe
  2⤵
  PID:7844
- C:\Windows\System\zBJIwho.exe
  C:\Windows\System\zBJIwho.exe
  2⤵
  PID:7596
- C:\Windows\System\QVAaWDc.exe
  C:\Windows\System\QVAaWDc.exe
  2⤵
  PID:3056
- C:\Windows\System\kVZscPC.exe
  C:\Windows\System\kVZscPC.exe
  2⤵
  PID:7644
- C:\Windows\System\LOuLSDt.exe
  C:\Windows\System\LOuLSDt.exe
  2⤵
  PID:2916
- C:\Windows\System\xVuSCpr.exe
  C:\Windows\System\xVuSCpr.exe
  2⤵
  PID:8184
- C:\Windows\System\iXiLVjr.exe
  C:\Windows\System\iXiLVjr.exe
  2⤵
  PID:7292
- C:\Windows\System\ClGRDLz.exe
  C:\Windows\System\ClGRDLz.exe
  2⤵
  PID:2804
- C:\Windows\System\RkIpscJ.exe
  C:\Windows\System\RkIpscJ.exe
  2⤵
  PID:2652
- C:\Windows\System\eZxUvyd.exe
  C:\Windows\System\eZxUvyd.exe
  2⤵
  PID:7420
- C:\Windows\System\CCfFTLE.exe
  C:\Windows\System\CCfFTLE.exe
  2⤵
  PID:924
- C:\Windows\System\cZhDfES.exe
  C:\Windows\System\cZhDfES.exe
  2⤵
  PID:7864
- C:\Windows\System\VKfdkld.exe
  C:\Windows\System\VKfdkld.exe
  2⤵
  PID:7884
- C:\Windows\System\SoDSdit.exe
  C:\Windows\System\SoDSdit.exe
  2⤵
  PID:7340
- C:\Windows\System\FBXgBdw.exe
  C:\Windows\System\FBXgBdw.exe
  2⤵
  PID:1444
- C:\Windows\System\KnnsIJh.exe
  C:\Windows\System\KnnsIJh.exe
  2⤵
  PID:8168
- C:\Windows\System\pNlOeNz.exe
  C:\Windows\System\pNlOeNz.exe
  2⤵
  PID:2280
- C:\Windows\System\sZSOSQP.exe
  C:\Windows\System\sZSOSQP.exe
  2⤵
  PID:7240
- C:\Windows\System\rpEYLdN.exe
  C:\Windows\System\rpEYLdN.exe
  2⤵
  PID:6468
- C:\Windows\System\wOCfovd.exe
  C:\Windows\System\wOCfovd.exe
  2⤵
  PID:2980
- C:\Windows\System\ucJPtBR.exe
  C:\Windows\System\ucJPtBR.exe
  2⤵
  PID:1020
- C:\Windows\System\DlRBwyR.exe
  C:\Windows\System\DlRBwyR.exe
  2⤵
  PID:8200
- C:\Windows\System\EWaUlIj.exe
  C:\Windows\System\EWaUlIj.exe
  2⤵
  PID:8216
- C:\Windows\System\olfbXUr.exe
  C:\Windows\System\olfbXUr.exe
  2⤵
  PID:8232
- C:\Windows\System\GzwFAdD.exe
  C:\Windows\System\GzwFAdD.exe
  2⤵
  PID:8248
- C:\Windows\System\srgHISz.exe
  C:\Windows\System\srgHISz.exe
  2⤵
  PID:8264
- C:\Windows\System\ZGKORmX.exe
  C:\Windows\System\ZGKORmX.exe
  2⤵
  PID:8280
- C:\Windows\System\zCCoPnq.exe
  C:\Windows\System\zCCoPnq.exe
  2⤵
  PID:8296
- C:\Windows\System\LBsSgIJ.exe
  C:\Windows\System\LBsSgIJ.exe
  2⤵
  PID:8312
- C:\Windows\System\ptDMsoK.exe
  C:\Windows\System\ptDMsoK.exe
  2⤵
  PID:8328
- C:\Windows\System\RDTjVzf.exe
  C:\Windows\System\RDTjVzf.exe
  2⤵
  PID:8344
- C:\Windows\System\kUoyidE.exe
  C:\Windows\System\kUoyidE.exe
  2⤵
  PID:8360
- C:\Windows\System\vKQImEO.exe
  C:\Windows\System\vKQImEO.exe
  2⤵
  PID:8376
- C:\Windows\System\EnYjpfH.exe
  C:\Windows\System\EnYjpfH.exe
  2⤵
  PID:8392
- C:\Windows\System\tkwivfK.exe
  C:\Windows\System\tkwivfK.exe
  2⤵
  PID:8408
- C:\Windows\System\kRbrIen.exe
  C:\Windows\System\kRbrIen.exe
  2⤵
  PID:8424
- C:\Windows\System\EJjxGzO.exe
  C:\Windows\System\EJjxGzO.exe
  2⤵
  PID:8440
- C:\Windows\System\OllQYUR.exe
  C:\Windows\System\OllQYUR.exe
  2⤵
  PID:8456
- C:\Windows\System\dxbiFTL.exe
  C:\Windows\System\dxbiFTL.exe
  2⤵
  PID:8472
- C:\Windows\System\JujzrTf.exe
  C:\Windows\System\JujzrTf.exe
  2⤵
  PID:8488
- C:\Windows\System\mWbRNIF.exe
  C:\Windows\System\mWbRNIF.exe
  2⤵
  PID:8504
- C:\Windows\System\HCRaQxS.exe
  C:\Windows\System\HCRaQxS.exe
  2⤵
  PID:8520
- C:\Windows\System\iqbkUur.exe
  C:\Windows\System\iqbkUur.exe
  2⤵
  PID:8536
- C:\Windows\System\tEmswUv.exe
  C:\Windows\System\tEmswUv.exe
  2⤵
  PID:8552
- C:\Windows\System\qznSObE.exe
  C:\Windows\System\qznSObE.exe
  2⤵
  PID:8568
- C:\Windows\System\hPuWjzr.exe
  C:\Windows\System\hPuWjzr.exe
  2⤵
  PID:8584
- C:\Windows\System\sFuokdp.exe
  C:\Windows\System\sFuokdp.exe
  2⤵
  PID:8600
- C:\Windows\System\MmUXhCP.exe
  C:\Windows\System\MmUXhCP.exe
  2⤵
  PID:8616
- C:\Windows\System\eVmMccS.exe
  C:\Windows\System\eVmMccS.exe
  2⤵
  PID:8632
- C:\Windows\System\tPKOTTZ.exe
  C:\Windows\System\tPKOTTZ.exe
  2⤵
  PID:8648
- C:\Windows\System\dRExNQo.exe
  C:\Windows\System\dRExNQo.exe
  2⤵
  PID:8664
- C:\Windows\System\NYGFYfB.exe
  C:\Windows\System\NYGFYfB.exe
  2⤵
  PID:8680
- C:\Windows\System\mhLOuJp.exe
  C:\Windows\System\mhLOuJp.exe
  2⤵
  PID:8696
- C:\Windows\System\BUMsSrE.exe
  C:\Windows\System\BUMsSrE.exe
  2⤵
  PID:8712
- C:\Windows\System\DWnmjhx.exe
  C:\Windows\System\DWnmjhx.exe
  2⤵
  PID:8728
- C:\Windows\System\eAQOCxo.exe
  C:\Windows\System\eAQOCxo.exe
  2⤵
  PID:8748
- C:\Windows\System\yBnTjxJ.exe
  C:\Windows\System\yBnTjxJ.exe
  2⤵
  PID:8764
- C:\Windows\System\foURyNl.exe
  C:\Windows\System\foURyNl.exe
  2⤵
  PID:8780
- C:\Windows\System\HWkcclJ.exe
  C:\Windows\System\HWkcclJ.exe
  2⤵
  PID:8796
- C:\Windows\System\dFOGhtu.exe
  C:\Windows\System\dFOGhtu.exe
  2⤵
  PID:8812
- C:\Windows\System\XslGYFv.exe
  C:\Windows\System\XslGYFv.exe
  2⤵
  PID:8828
- C:\Windows\System\kQaDYPk.exe
  C:\Windows\System\kQaDYPk.exe
  2⤵
  PID:8844
- C:\Windows\System\bzFANuO.exe
  C:\Windows\System\bzFANuO.exe
  2⤵
  PID:8860
- C:\Windows\System\BePShgG.exe
  C:\Windows\System\BePShgG.exe
  2⤵
  PID:8876
- C:\Windows\System\uQEUInZ.exe
  C:\Windows\System\uQEUInZ.exe
  2⤵
  PID:8892
- C:\Windows\System\cPwVgjG.exe
  C:\Windows\System\cPwVgjG.exe
  2⤵
  PID:8908
- C:\Windows\System\qpcGwOl.exe
  C:\Windows\System\qpcGwOl.exe
  2⤵
  PID:8924
- C:\Windows\System\iLVkZKj.exe
  C:\Windows\System\iLVkZKj.exe
  2⤵
  PID:8940
- C:\Windows\System\atfKlAZ.exe
  C:\Windows\System\atfKlAZ.exe
  2⤵
  PID:8956
- C:\Windows\System\cGTXcNU.exe
  C:\Windows\System\cGTXcNU.exe
  2⤵
  PID:8972
- C:\Windows\System\aOgeRJy.exe
  C:\Windows\System\aOgeRJy.exe
  2⤵
  PID:8988
- C:\Windows\System\xdEYTlm.exe
  C:\Windows\System\xdEYTlm.exe
  2⤵
  PID:9004
- C:\Windows\System\CDZiwDm.exe
  C:\Windows\System\CDZiwDm.exe
  2⤵
  PID:9020
- C:\Windows\System\vNmmdhS.exe
  C:\Windows\System\vNmmdhS.exe
  2⤵
  PID:9036
- C:\Windows\System\dKwhMLn.exe
  C:\Windows\System\dKwhMLn.exe
  2⤵
  PID:9052
- C:\Windows\System\iOtMTFM.exe
  C:\Windows\System\iOtMTFM.exe
  2⤵
  PID:9068
- C:\Windows\System\WXfXYXp.exe
  C:\Windows\System\WXfXYXp.exe
  2⤵
  PID:9084
- C:\Windows\System\klzHqoM.exe
  C:\Windows\System\klzHqoM.exe
  2⤵
  PID:9100
- C:\Windows\System\TcaBuRQ.exe
  C:\Windows\System\TcaBuRQ.exe
  2⤵
  PID:9116
- C:\Windows\System\koOuPgB.exe
  C:\Windows\System\koOuPgB.exe
  2⤵
  PID:9132
- C:\Windows\System\MVvflkD.exe
  C:\Windows\System\MVvflkD.exe
  2⤵
  PID:9148
- C:\Windows\System\IwyGDgJ.exe
  C:\Windows\System\IwyGDgJ.exe
  2⤵
  PID:9164
- C:\Windows\System\JJWnwoW.exe
  C:\Windows\System\JJWnwoW.exe
  2⤵
  PID:9180
- C:\Windows\System\JFsaDGm.exe
  C:\Windows\System\JFsaDGm.exe
  2⤵
  PID:9196
- C:\Windows\System\oZCSIBw.exe
  C:\Windows\System\oZCSIBw.exe
  2⤵
  PID:9212
- C:\Windows\System\xuHykau.exe
  C:\Windows\System\xuHykau.exe
  2⤵
  PID:7768
- C:\Windows\System\xgfXfVv.exe
  C:\Windows\System\xgfXfVv.exe
  2⤵
  PID:7736
- C:\Windows\System\tkOjgfF.exe
  C:\Windows\System\tkOjgfF.exe
  2⤵
  PID:7400
- C:\Windows\System\slrbcVz.exe
  C:\Windows\System\slrbcVz.exe
  2⤵
  PID:8208
- C:\Windows\System\GHxzutv.exe
  C:\Windows\System\GHxzutv.exe
  2⤵
  PID:8260
- C:\Windows\System\qZtDguZ.exe
  C:\Windows\System\qZtDguZ.exe
  2⤵
  PID:8324
- C:\Windows\System\thxaywd.exe
  C:\Windows\System\thxaywd.exe
  2⤵
  PID:8244
- C:\Windows\System\bSxJpLp.exe
  C:\Windows\System\bSxJpLp.exe
  2⤵
  PID:8336
- C:\Windows\System\xNDishD.exe
  C:\Windows\System\xNDishD.exe
  2⤵
  PID:8388
- C:\Windows\System\HUPffWQ.exe
  C:\Windows\System\HUPffWQ.exe
  2⤵
  PID:8452
- C:\Windows\System\CqJBnJx.exe
  C:\Windows\System\CqJBnJx.exe
  2⤵
  PID:8484
- C:\Windows\System\UbCTtMd.exe
  C:\Windows\System\UbCTtMd.exe
  2⤵
  PID:8516
- C:\Windows\System\MtWjxyB.exe
  C:\Windows\System\MtWjxyB.exe
  2⤵
  PID:8672
- C:\Windows\System\ErzwQOK.exe
  C:\Windows\System\ErzwQOK.exe
  2⤵
  PID:8736
- C:\Windows\System\ipdoDhe.exe
  C:\Windows\System\ipdoDhe.exe
  2⤵
  PID:8804
- C:\Windows\System\FmCijIp.exe
  C:\Windows\System\FmCijIp.exe
  2⤵
  PID:8500
- C:\Windows\System\JEagryg.exe
  C:\Windows\System\JEagryg.exe
  2⤵
  PID:8868
- C:\Windows\System\tANvIem.exe
  C:\Windows\System\tANvIem.exe
  2⤵
  PID:8660
- C:\Windows\System\vKGprLj.exe
  C:\Windows\System\vKGprLj.exe
  2⤵
  PID:8560
- C:\Windows\System\bzgzDeM.exe
  C:\Windows\System\bzgzDeM.exe
  2⤵
  PID:8596
- C:\Windows\System\ZQgNseG.exe
  C:\Windows\System\ZQgNseG.exe
  2⤵
  PID:8756
- C:\Windows\System\HKgMrwD.exe
  C:\Windows\System\HKgMrwD.exe
  2⤵
  PID:8820
- C:\Windows\System\WZJggKJ.exe
  C:\Windows\System\WZJggKJ.exe
  2⤵
  PID:8904
- C:\Windows\System\TuHcuLN.exe
  C:\Windows\System\TuHcuLN.exe
  2⤵
  PID:8888
- C:\Windows\System\pHRNyys.exe
  C:\Windows\System\pHRNyys.exe
  2⤵
  PID:8952
- C:\Windows\System\bypOeIb.exe
  C:\Windows\System\bypOeIb.exe
  2⤵
  PID:9028
- C:\Windows\System\vnlrWdS.exe
  C:\Windows\System\vnlrWdS.exe
  2⤵
  PID:8984
- C:\Windows\System\UdrXSgK.exe
  C:\Windows\System\UdrXSgK.exe
  2⤵
  PID:9060
- C:\Windows\System\sWNAjRW.exe
  C:\Windows\System\sWNAjRW.exe
  2⤵
  PID:9124
- C:\Windows\System\ANFhsks.exe
  C:\Windows\System\ANFhsks.exe
  2⤵
  PID:9188
- C:\Windows\System\yyphIsU.exe
  C:\Windows\System\yyphIsU.exe
  2⤵
  PID:9048
- C:\Windows\System\BBijAxr.exe
  C:\Windows\System\BBijAxr.exe
  2⤵
  PID:8256
- C:\Windows\System\mXWxOtm.exe
  C:\Windows\System\mXWxOtm.exe
  2⤵
  PID:9172
- C:\Windows\System\XpDodEU.exe
  C:\Windows\System\XpDodEU.exe
  2⤵
  PID:8276
- C:\Windows\System\rBjColT.exe
  C:\Windows\System\rBjColT.exe
  2⤵
  PID:8420
- C:\Windows\System\dOEqFQL.exe
  C:\Windows\System\dOEqFQL.exe
  2⤵
  PID:8308
- C:\Windows\System\eOiNSDL.exe
  C:\Windows\System\eOiNSDL.exe
  2⤵
  PID:772
- C:\Windows\System\fHuOwbh.exe
  C:\Windows\System\fHuOwbh.exe
  2⤵
  PID:8432
- C:\Windows\System\ehULPDN.exe
  C:\Windows\System\ehULPDN.exe
  2⤵
  PID:8468
- C:\Windows\System\SeiWBCw.exe
  C:\Windows\System\SeiWBCw.exe
  2⤵
  PID:8612
- C:\Windows\System\Scgnrlc.exe
  C:\Windows\System\Scgnrlc.exe
  2⤵
  PID:8576
- C:\Windows\System\JeSxpfY.exe
  C:\Windows\System\JeSxpfY.exe
  2⤵
  PID:8776
- C:\Windows\System\IIWowwR.exe
  C:\Windows\System\IIWowwR.exe
  2⤵
  PID:8720
- C:\Windows\System\SseFjEg.exe
  C:\Windows\System\SseFjEg.exe
  2⤵
  PID:8692
- C:\Windows\System\DxRcjAY.exe
  C:\Windows\System\DxRcjAY.exe
  2⤵
  PID:8836
- C:\Windows\System\fPsSosY.exe
  C:\Windows\System\fPsSosY.exe
  2⤵
  PID:8964
- C:\Windows\System\pUYqJdg.exe
  C:\Windows\System\pUYqJdg.exe
  2⤵
  PID:9000
- C:\Windows\System\JVsJVun.exe
  C:\Windows\System\JVsJVun.exe
  2⤵
  PID:9096
- C:\Windows\System\GWrQQRA.exe
  C:\Windows\System\GWrQQRA.exe
  2⤵
  PID:9012
- C:\Windows\System\YKlSkFQ.exe
  C:\Windows\System\YKlSkFQ.exe
  2⤵
  PID:8372
- C:\Windows\System\WmTCQge.exe
  C:\Windows\System\WmTCQge.exe
  2⤵
  PID:8292
- C:\Windows\System\dSPkAJr.exe
  C:\Windows\System\dSPkAJr.exe
  2⤵
  PID:8480
- C:\Windows\System\xxWWPSQ.exe
  C:\Windows\System\xxWWPSQ.exe
  2⤵
  PID:8240
- C:\Windows\System\KwupjTs.exe
  C:\Windows\System\KwupjTs.exe
  2⤵
  PID:9208
- C:\Windows\System\VaHTHpm.exe
  C:\Windows\System\VaHTHpm.exe
  2⤵
  PID:8404
- C:\Windows\System\XXKBJyU.exe
  C:\Windows\System\XXKBJyU.exe
  2⤵
  PID:8708
- C:\Windows\System\ptLsTrQ.exe
  C:\Windows\System\ptLsTrQ.exe
  2⤵
  PID:8532
- C:\Windows\System\OsTAxXE.exe
  C:\Windows\System\OsTAxXE.exe
  2⤵
  PID:8920
- C:\Windows\System\IBpQKTb.exe
  C:\Windows\System\IBpQKTb.exe
  2⤵
  PID:8228
- C:\Windows\System\tlbhiBL.exe
  C:\Windows\System\tlbhiBL.exe
  2⤵
  PID:8448
- C:\Windows\System\JEbUrqG.exe
  C:\Windows\System\JEbUrqG.exe
  2⤵
  PID:9160
- C:\Windows\System\OgFsWAa.exe
  C:\Windows\System\OgFsWAa.exe
  2⤵
  PID:8640
- C:\Windows\System\HxBLgHX.exe
  C:\Windows\System\HxBLgHX.exe
  2⤵
  PID:8592
- C:\Windows\System\dQnAIiR.exe
  C:\Windows\System\dQnAIiR.exe
  2⤵
  PID:8196
- C:\Windows\System\mSBEBrx.exe
  C:\Windows\System\mSBEBrx.exe
  2⤵
  PID:9232
- C:\Windows\System\nTuQple.exe
  C:\Windows\System\nTuQple.exe
  2⤵
  PID:9248
- C:\Windows\System\RqGWjBR.exe
  C:\Windows\System\RqGWjBR.exe
  2⤵
  PID:9276
- C:\Windows\System\jUJzEAC.exe
  C:\Windows\System\jUJzEAC.exe
  2⤵
  PID:9292
- C:\Windows\System\hclsQCr.exe
  C:\Windows\System\hclsQCr.exe
  2⤵
  PID:9308
- C:\Windows\System\SLkQsTG.exe
  C:\Windows\System\SLkQsTG.exe
  2⤵
  PID:9324
- C:\Windows\System\ttqltjA.exe
  C:\Windows\System\ttqltjA.exe
  2⤵
  PID:9364
- C:\Windows\System\eyWwfCP.exe
  C:\Windows\System\eyWwfCP.exe
  2⤵
  PID:9388
- C:\Windows\System\fwkmeLO.exe
  C:\Windows\System\fwkmeLO.exe
  2⤵
  PID:9432
- C:\Windows\System\BKuRwXs.exe
  C:\Windows\System\BKuRwXs.exe
  2⤵
  PID:9448
- C:\Windows\System\SUuNVqD.exe
  C:\Windows\System\SUuNVqD.exe
  2⤵
  PID:9464
- C:\Windows\System\jAPHbfA.exe
  C:\Windows\System\jAPHbfA.exe
  2⤵
  PID:9480
- C:\Windows\System\lIGFvkj.exe
  C:\Windows\System\lIGFvkj.exe
  2⤵
  PID:9496
- C:\Windows\System\XdRWuJk.exe
  C:\Windows\System\XdRWuJk.exe
  2⤵
  PID:9512
- C:\Windows\System\httusbx.exe
  C:\Windows\System\httusbx.exe
  2⤵
  PID:9532
- C:\Windows\System\CONKpGv.exe
  C:\Windows\System\CONKpGv.exe
  2⤵
  PID:9552
- C:\Windows\System\rpbxjlI.exe
  C:\Windows\System\rpbxjlI.exe
  2⤵
  PID:9568
- C:\Windows\System\ZwIeToc.exe
  C:\Windows\System\ZwIeToc.exe
  2⤵
  PID:9584
- C:\Windows\System\sdlIhQY.exe
  C:\Windows\System\sdlIhQY.exe
  2⤵
  PID:9600
- C:\Windows\System\OYcGsAc.exe
  C:\Windows\System\OYcGsAc.exe
  2⤵
  PID:9620
- C:\Windows\System\bXZljqK.exe
  C:\Windows\System\bXZljqK.exe
  2⤵
  PID:9640
- C:\Windows\System\AmCoeHi.exe
  C:\Windows\System\AmCoeHi.exe
  2⤵
  PID:9656
- C:\Windows\System\gWzlrfv.exe
  C:\Windows\System\gWzlrfv.exe
  2⤵
  PID:9672
- C:\Windows\System\bnuODRZ.exe
  C:\Windows\System\bnuODRZ.exe
  2⤵
  PID:9688
- C:\Windows\System\LrnYZZI.exe
  C:\Windows\System\LrnYZZI.exe
  2⤵
  PID:9704
- C:\Windows\System\bYfJDeK.exe
  C:\Windows\System\bYfJDeK.exe
  2⤵
  PID:9720
- C:\Windows\System\hTKCcBr.exe
  C:\Windows\System\hTKCcBr.exe
  2⤵
  PID:9740
- C:\Windows\System\XlOofGf.exe
  C:\Windows\System\XlOofGf.exe
  2⤵
  PID:9756
- C:\Windows\System\TaBBHgg.exe
  C:\Windows\System\TaBBHgg.exe
  2⤵
  PID:9772
- C:\Windows\System\mDShFID.exe
  C:\Windows\System\mDShFID.exe
  2⤵
  PID:9788
- C:\Windows\System\lYDCDxb.exe
  C:\Windows\System\lYDCDxb.exe
  2⤵
  PID:9816
- C:\Windows\System\TwRvKeT.exe
  C:\Windows\System\TwRvKeT.exe
  2⤵
  PID:9836
- C:\Windows\System\DMHCXMS.exe
  C:\Windows\System\DMHCXMS.exe
  2⤵
  PID:9852
- C:\Windows\System\zIVrbRE.exe
  C:\Windows\System\zIVrbRE.exe
  2⤵
  PID:9868
- C:\Windows\System\vgvNAKQ.exe
  C:\Windows\System\vgvNAKQ.exe
  2⤵
  PID:9884
- C:\Windows\System\lYbzDOk.exe
  C:\Windows\System\lYbzDOk.exe
  2⤵
  PID:9900
- C:\Windows\System\KdiDlgJ.exe
  C:\Windows\System\KdiDlgJ.exe
  2⤵
  PID:9920
- C:\Windows\System\HmlrdSr.exe
  C:\Windows\System\HmlrdSr.exe
  2⤵
  PID:9936
- C:\Windows\System\xZQBFMY.exe
  C:\Windows\System\xZQBFMY.exe
  2⤵
  PID:9960
- C:\Windows\System\RXvRcfb.exe
  C:\Windows\System\RXvRcfb.exe
  2⤵
  PID:9980
- C:\Windows\System\WufFvXG.exe
  C:\Windows\System\WufFvXG.exe
  2⤵
  PID:9996
- C:\Windows\System\ASioQEr.exe
  C:\Windows\System\ASioQEr.exe
  2⤵
  PID:10012
- C:\Windows\System\yBRBNZL.exe
  C:\Windows\System\yBRBNZL.exe
  2⤵
  PID:10028
- C:\Windows\System\wGlZdgk.exe
  C:\Windows\System\wGlZdgk.exe
  2⤵
  PID:10044
- C:\Windows\System\nYhxRDi.exe
  C:\Windows\System\nYhxRDi.exe
  2⤵
  PID:10060
- C:\Windows\System\MUFdMgl.exe
  C:\Windows\System\MUFdMgl.exe
  2⤵
  PID:10076
- C:\Windows\System\xTiRgmB.exe
  C:\Windows\System\xTiRgmB.exe
  2⤵
  PID:10092
- C:\Windows\System\PJlvqIc.exe
  C:\Windows\System\PJlvqIc.exe
  2⤵
  PID:10108
- C:\Windows\System\PZosUGZ.exe
  C:\Windows\System\PZosUGZ.exe
  2⤵
  PID:10124
- C:\Windows\System\neTgKwf.exe
  C:\Windows\System\neTgKwf.exe
  2⤵
  PID:10140
- C:\Windows\System\TnmhrTN.exe
  C:\Windows\System\TnmhrTN.exe
  2⤵
  PID:10156
- C:\Windows\System\EOvwTmx.exe
  C:\Windows\System\EOvwTmx.exe
  2⤵
  PID:10172
- C:\Windows\System\kKQLwBD.exe
  C:\Windows\System\kKQLwBD.exe
  2⤵
  PID:10188
- C:\Windows\System\yYANnlg.exe
  C:\Windows\System\yYANnlg.exe
  2⤵
  PID:10204
- C:\Windows\System\irAPCfI.exe
  C:\Windows\System\irAPCfI.exe
  2⤵
  PID:10220
- C:\Windows\System\qSKznWB.exe
  C:\Windows\System\qSKznWB.exe
  2⤵
  PID:10236
- C:\Windows\System\YgcxFWH.exe
  C:\Windows\System\YgcxFWH.exe
  2⤵
  PID:9204
- C:\Windows\System\XEGYEcw.exe
  C:\Windows\System\XEGYEcw.exe
  2⤵
  PID:8368
- C:\Windows\System\UIoVjHn.exe
  C:\Windows\System\UIoVjHn.exe
  2⤵
  PID:8000
- C:\Windows\System\CttIPsM.exe
  C:\Windows\System\CttIPsM.exe
  2⤵
  PID:8884
- C:\Windows\System\HcDneDH.exe
  C:\Windows\System\HcDneDH.exe
  2⤵
  PID:9340
- C:\Windows\System\ieLyllf.exe
  C:\Windows\System\ieLyllf.exe
  2⤵
  PID:9376
- C:\Windows\System\bGDONix.exe
  C:\Windows\System\bGDONix.exe
  2⤵
  PID:9360
- C:\Windows\System\QPAmins.exe
  C:\Windows\System\QPAmins.exe
  2⤵
  PID:9408
- C:\Windows\System\iciNyUe.exe
  C:\Windows\System\iciNyUe.exe
  2⤵
  PID:9476
- C:\Windows\System\HTfOCoK.exe
  C:\Windows\System\HTfOCoK.exe
  2⤵
  PID:9424
- C:\Windows\System\pqClbRD.exe
  C:\Windows\System\pqClbRD.exe
  2⤵
  PID:9456
- C:\Windows\System\cQpJKle.exe
  C:\Windows\System\cQpJKle.exe
  2⤵
  PID:9560
- C:\Windows\System\ahKitqn.exe
  C:\Windows\System\ahKitqn.exe
  2⤵
  PID:9592
- C:\Windows\System\lXjhWJx.exe
  C:\Windows\System\lXjhWJx.exe
  2⤵
  PID:9576
- C:\Windows\System\uphaORX.exe
  C:\Windows\System\uphaORX.exe
  2⤵
  PID:9616
- C:\Windows\System\MYPHOiY.exe
  C:\Windows\System\MYPHOiY.exe
  2⤵
  PID:9668
- C:\Windows\System\RZAnEJQ.exe
  C:\Windows\System\RZAnEJQ.exe
  2⤵
  PID:9684
- C:\Windows\System\JMeRZOk.exe
  C:\Windows\System\JMeRZOk.exe
  2⤵
  PID:9764
- C:\Windows\System\WDnAgzI.exe
  C:\Windows\System\WDnAgzI.exe
  2⤵
  PID:9780
- C:\Windows\System\ryNdFYL.exe
  C:\Windows\System\ryNdFYL.exe
  2⤵
  PID:9804
- C:\Windows\System\cfUcxlu.exe
  C:\Windows\System\cfUcxlu.exe
  2⤵
  PID:9784
- C:\Windows\System\BVYkiVQ.exe
  C:\Windows\System\BVYkiVQ.exe
  2⤵
  PID:9848
- C:\Windows\System\GOHihzw.exe
  C:\Windows\System\GOHihzw.exe
  2⤵
  PID:9908
- C:\Windows\System\RpBidAf.exe
  C:\Windows\System\RpBidAf.exe
  2⤵
  PID:9860
- C:\Windows\System\QxwEIcv.exe
  C:\Windows\System\QxwEIcv.exe
  2⤵
  PID:9992
- C:\Windows\System\ThSfRkL.exe
  C:\Windows\System\ThSfRkL.exe
  2⤵
  PID:9972
- C:\Windows\System\cfvFUqQ.exe
  C:\Windows\System\cfvFUqQ.exe
  2⤵
  PID:10020
- C:\Windows\System\CyhLNMn.exe
  C:\Windows\System\CyhLNMn.exe
  2⤵
  PID:10052
- C:\Windows\System\zqorGVa.exe
  C:\Windows\System\zqorGVa.exe
  2⤵
  PID:10120
- C:\Windows\System\EDIcPfH.exe
  C:\Windows\System\EDIcPfH.exe
  2⤵
  PID:10184
- C:\Windows\System\bDzxmyx.exe
  C:\Windows\System\bDzxmyx.exe
  2⤵
  PID:10132
- C:\Windows\System\rXqYOOD.exe
  C:\Windows\System\rXqYOOD.exe
  2⤵
  PID:10136
- C:\Windows\System\tlenGcd.exe
  C:\Windows\System\tlenGcd.exe
  2⤵
  PID:10228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DpaDfsM.exe

Filesize
6.0MB

MD5
5cd1baa4272f201e0a5f51ea6b44e3c9

SHA1
adb1765c32241214613acbf874bacc380e4f4e42

SHA256
73e80665d29004a40caa16be7bfe4a76aed196db916b005bdf6a8aaee647f32c

SHA512
a0a089fb8d3a8ae2a0541ee05a6f82419f40cda3af5cf9dff8633a0e26a97ba306cdbd0f933f106a25e5c5eb4d70bcb120f888404162c0f769297e520f0860c3

Download Submit
C:\Windows\system\EoDhmAI.exe

Filesize
6.0MB

MD5
fedbf98ec46aa0201a49684c716c446d

SHA1
3725dd39f231c83001c9c366e2a37d706282f843

SHA256
bec133d2549ec7030ac0c743a7309b9a8dc205ae7923a5679775f71c62716db5

SHA512
d35ce210c01acf0c9d58e74df8cde054beccdef4735b997e563a94a600eedc1854c3c75d0cc16806f890b1952eacf3026a10721f84c661c6983beea57f4d06c8

Download Submit
C:\Windows\system\FIzHvPy.exe

Filesize
6.0MB

MD5
56b8249ac7bf91a18e13d26f4d95628c

SHA1
abe30da40490f0d3f697a0d8ce821dfb2b4f0c2f

SHA256
ea046039f460b375c2723b608d2d6ac9020c9c4533a5cab610a8355a8e992d38

SHA512
0377dd1a123fdef2b00ba6a048b6d168579781037cbb82c3f72ddaec3d59626ebd7a626ee9bdba632ae8c9475b1a27295cdd6d8e5297d9937171835c60bbf50a

Download Submit
C:\Windows\system\FrZvqrT.exe

Filesize
6.0MB

MD5
f87722939f79c2bdea426125aa83240c

SHA1
1d98fe4a6218a7f9c99734964554060bef5cacf5

SHA256
65a3f451df52b2eb552e93c1ddec90eea518d932225522fcee95d4d4a3bc016a

SHA512
8c681921d4f46cf8feea8d05c950ebffea98ea6e016f53f5e59d453125d48731c664565c5b2bc481f209842997a44ba5d08caeae8dc3149e278259af24e743f2

Download Submit
C:\Windows\system\Ktflenc.exe

Filesize
6.0MB

MD5
e1f771810b2aa2efa58361258fa8007f

SHA1
59d4f588cfd077f5a1c15c92cf588a97b3988ea1

SHA256
57ca3861b55d302c04cf370c9b7680e44bb0de642b67de54490916435e7d995f

SHA512
8202afa579e38d5fcf4f811824dceaff1ba752b83b2faa3bc4445a4a177c2012cf0837825cf3e0f4d948abc62ff70ae917abdb50246517c91daa1b4a50518a3f

Download Submit
C:\Windows\system\NUxJNnB.exe

Filesize
6.0MB

MD5
3906bbacda6db6293314e1069d906a17

SHA1
35706240507d4aad6d9ce6289072d0551c7446bf

SHA256
b885d84a4b93995d8564ba0ad9545b65559c6ced599561b25acbdbf1983bf783

SHA512
d1c8bc66aed4750ef9078d34b6944433c36989d146fb847af1166ef3a3c871509f77824614cdf0cba734777e27c1b9f360c1113d8f55e85b04d70cb220e2f80f

Download Submit
C:\Windows\system\QipIjtx.exe

Filesize
6.0MB

MD5
3a246a1228c54f09e308032c86aa9724

SHA1
6f098a5bf8d9d7cf52bec5cc3e2fc9ca0d43cbba

SHA256
d1dc84a3a940d083b39cfd513fd8baf29120f552ec9af0b5b540d3b16bccb641

SHA512
579222940dc6b508e628917dd1ce3138fcd62cf8a5d7214382c78a5bd78a5bacb6adfac16e432967a7ae74f1bd04b897280c1bce1dbedd103de8d0ae661e2fa1

Download Submit
C:\Windows\system\RyRjpQk.exe

Filesize
6.0MB

MD5
e9eb8df0207f864ac801eb1497f0a9cc

SHA1
9d2d3c1da141b00b4bca5358781548d558c42edf

SHA256
5bc48139e6948b655bfbb2a2a22a57ef07008eea454cb6f89e4f49ba0b00981b

SHA512
e8a16de5e901eb814662de90d3fc3b9ded8289e303702c2a6b75a9a0dbcfeb164bf50b5f1b3adcdf2d4cefa70fc56ed003bc599e5f916b259327b76e6df6833e

Download Submit
C:\Windows\system\SnmajeY.exe

Filesize
6.0MB

MD5
5349c8cf1ef912c683654ee93f268eb3

SHA1
506236a360699c858b9c125913a84efd63b5725b

SHA256
375b38a12cfc955e2207ed016aef915f2a6b38c145c1a37dd6c27a590801a6cf

SHA512
6a24280a73aac67d79b1479cf75b7d3db527074a7207006b383d1bd8329e5789e9109d2710de42313fa4f10e6ca094aec77bf8874a4fa42d90e00c4357c59493

Download Submit
C:\Windows\system\SyrWnBv.exe

Filesize
6.0MB

MD5
078e224a37b9ea304f2da296f7772ff4

SHA1
2ab1e2b4ab029af207171a870a0ac86cf87d60ff

SHA256
e78f2bb5142475fb4d8c32c9a90b85f4042da82a83a5711c00f000e45c4a11ab

SHA512
def454e5619f29fe359a5af54f8d23eb55e919aff8a4dad0dc7bde1ccccbe1bfd28d399d0b6f93fa95896cc461858ab19422e6a049e0c54f92a726690a08188d

Download Submit
C:\Windows\system\VEsszQr.exe

Filesize
6.0MB

MD5
5a51653e1ee0ab873a35b3833b658fa6

SHA1
25a7dd0d652bed55f0dc80182a8e1aa246a7806d

SHA256
b496589b219ecd6722412bd3e860fc0fbcf6a9d71cf348a8dd85f95ab9ca7cb8

SHA512
a39cc5a0c1c0f8d85ec243c2bc3fbed97a57c9cfc49bd5c49d2ae0e2d276b6faf742736eb14dd3ae6937d2c8afc9365e8ca95ef15e9dc794ab9824317f755ba9

Download Submit
C:\Windows\system\XmXiBYH.exe

Filesize
6.0MB

MD5
d9b61448e7344425e5acdbaa2ddb7f95

SHA1
098c916d1d6f7da0c637039e4505c881183d6606

SHA256
1f88db6aa239f647cc37630c5568b676c6a876e05b1a9da37c30060f71c3c319

SHA512
2e819a7971e9a365b5a217ff91a5fc21f05e4fbb77ad3a3c2d039132ec351fd54d3d74bb04b1f68f069c9589593013024faff9af50c5df00035e5e32dda4bb2b

Download Submit
C:\Windows\system\XmyuLzl.exe

Filesize
6.0MB

MD5
8aa1372f62625c3d9e50da5a6e4c9b2d

SHA1
4f21d84f7d288cb8c52d31d6a413112ea84cc150

SHA256
ef4cfa851cf77d9d3c263789bfb5b1cbb2b77a28db554793b501c02947297918

SHA512
7ac33ecb46759706be90ac0d0b948ab8dc716358494a2c2895eb282db8db631413647826bf3d62a2be17f70da7131a156eb890572772bdf3526be31496dc3c8f

Download Submit
C:\Windows\system\XzVMTZC.exe

Filesize
6.0MB

MD5
9588feac5c84be264d1424b6b8490350

SHA1
6453ce379767a6fd7df3f9818d8366506f7f075c

SHA256
e5011b55d8324ea601de023b3efdeac7965b14d72f912d1f708788928f53b723

SHA512
7cedba163dad54b6e96c2ee1235a3e1d1e3bdc49dc01a0bf80cf48a18e9df30e5ebf6cd91495efa54809838aff892bbd05bbb1c1348e795a9b770e453b2a5bfe

Download Submit
C:\Windows\system\Ybkcpvo.exe

Filesize
6.0MB

MD5
8d641053f29fc23b44d3cf0393e4f7f8

SHA1
a0bd6a031a45b1d482606987a9670f09dae96067

SHA256
20ffec59dd3d0dc9219f212b5e441a9ebcbf40564b61f9e18f8f1fd613b194d5

SHA512
cee519d757bc99dc9b7a97c852f730a9a6ad1965b595a6cf8e25cb7833bba9adc0cda8b8c8ea92c95f4ebc6672c549e61d914fe64a8e01d4e485f0491bb258e2

Download Submit
C:\Windows\system\ctByzcx.exe

Filesize
6.0MB

MD5
6aa39c53acd8667dcd2c236eff52c0e2

SHA1
cb406505c8b1828d974e7358e8094eb2e2b2fd82

SHA256
765b44aefe47e2772f55dd27add0e41dfa14d8297fb27b11407b54c15c2d1d2b

SHA512
2a51dd58e84b21e7041966956dbc22b930bc77ff4cb2bd676d82461fd52cb9daa220495f7a4a9d0f0a162fca82376fcd7cea77908ae84fff1731e0d21fb1a136

Download Submit
C:\Windows\system\gZAnluW.exe

Filesize
6.0MB

MD5
bbde134d4df5a2c0824441319940cc87

SHA1
81dfc755d88ffa740dd2dcc6875878b06bd13327

SHA256
0bf8d10b6fe715d64f10bb9a61af04ba29472d28882f724acfe968b67d1acebe

SHA512
606e6fc0d71a340d76aca27a5d0203c3a29b420f73c9a71da28e16fb3c99918984f883cebc56d1a03cb52dbbac798fe97559e524e70e6707d5fd498e572d56a8

Download Submit
C:\Windows\system\hJlfBUG.exe

Filesize
6.0MB

MD5
806ad57d76385e51cc1af9926a957b12

SHA1
958e067a217b40cbe3a7578b79a12baf46023b6a

SHA256
56ff28a1a7d1c0ec3da6f17bf2acf9f71dcdb0690c8f801593194da3847a7d11

SHA512
4154c35a0b823839a868e478c2a9ece743dfbb1d7eeb2d2484a1bde048383d54a797d7b115139b7a3646d4d36490f7db074003117076c0b358b6da0353f8e54c

Download Submit
C:\Windows\system\nghAoJq.exe

Filesize
6.0MB

MD5
bd4bb73f314e403158e745f75205b845

SHA1
15cd13b6579816e778dd6e7aa15a9cb1dec87718

SHA256
5171c09c5c51817e49f9a1da3644ac5792edbf5e9f24a9d93884a2efd1a0300b

SHA512
03f11cd8e62f63bb43dc0ab8e3bfeb7130772fb8a49f7a051115091cde6a0ccdaa9ebd4ac5ffef1c647937d17646596bba0f7ca7d8f42fca9119b236c9e3152e

Download Submit
C:\Windows\system\pIkvnKL.exe

Filesize
6.0MB

MD5
1403f0c5a2871d715b626f1ea14d304a

SHA1
a091dfe3d1649429df75181fcf1e2acb4857e1ec

SHA256
90448c39db8883c76b4e21be67803740bbd56ec1aeff813735db5e5095202dd6

SHA512
167d29871990a9a3eb8d87a709091b34455116883a6297b2e1dbba47793b00c51b7aeb21871d626c530fa7116a1cd29e6845ac9b1ec867756df6798787037a90

Download Submit
C:\Windows\system\ptCbAjS.exe

Filesize
6.0MB

MD5
d331ad6df990d01457a74e7ac95f5ca5

SHA1
1123f50f2a31be7adf376051b68a2caf7980f474

SHA256
293ab9c22c13e3cc4c959cb2ae98b922c9879ae5078c3b0ddeb1aeb6091bd768

SHA512
f55df7902efc248a034ac55bffba1e196bb05e11ae806e183afd7a5bf6da7879ddd901cc4b12fc37d4662a7f4404584148096f4be6a9fbc4d4da3768a195377a

Download Submit
C:\Windows\system\qKEUphv.exe

Filesize
6.0MB

MD5
88a96ef0d31dd42683a10ae052a17c60

SHA1
4bd57c5f2168b1202eca7fcfd6778e4d9ac74817

SHA256
588757c4af3649dd5969501cb993fe1862b991da7b8ef7f59a871ba8a9303369

SHA512
4f02ef37db973938576ce8be34ee5bf8039a547aec4ffa06eff5a9b9c3c5e4a851cefacb0363051cd70186522dfc0a34f34a3cc0d9e0724b8747a6e69fbef561

Download Submit
C:\Windows\system\quaWgHh.exe

Filesize
6.0MB

MD5
2e3700dfe010fcc2a4666214cd921b73

SHA1
d6d2d7c675462c6af9084b7fa398a9dbe9781e43

SHA256
dd239596aca214b349a82802bc09417b55d6e1d6c9fa91fb1e6cbb10d7703c86

SHA512
14f9508c3cf0c0b5d54bb96e349bd83b67b97a8ca096ff068e3bcfa41aef1cc914a5764cfbd2da1f22f1b70639b5909667c7b2cfe61e743475c1331cddea527f

Download Submit
C:\Windows\system\uIABVaq.exe

Filesize
6.0MB

MD5
04db0a76d27c898622a86fbae8d7778d

SHA1
c06468240bb0b6b3c3753d25ecb0f7309504d91b

SHA256
ca769cafc5c654d8c9a45ba650b0f16deb42646b10cdba405dee0d9494b7dee5

SHA512
95b7865e6141f12df229354cc63025daf57b32160249ca17b0a7b12737a1bc878d08e2e4b7c4210861974a9c2215965ce153ecacb222c67a88821e5e4b55b4cf

Download Submit
C:\Windows\system\uLHjicI.exe

Filesize
6.0MB

MD5
767947bb6e73362313bf6c1acb970388

SHA1
55d2a5ae86ba7b5a5d9d93753e0a553393dd26c7

SHA256
de3b3050105ddf954aafe5ada3eeaf9b8a5391494f5cb7f9e5d6de94544c1d9e

SHA512
bcdaca4e5e46675a8154e321003f15b8df12b81bb7fbb31fb2bfda687d591f755c1ac9ca54ab980426d57f7cf4770fd364040f565756ed32b06d1b402b0d1c90

Download Submit
\Windows\system\BRGfxQQ.exe

Filesize
6.0MB

MD5
42c0a74765ac99e96ebf7685a88c0aac

SHA1
411fa78ecf94a91720b9d4ad92ca98dead322a4e

SHA256
b7fd37e5d6c221666bcb9d7e74430312c1a22b94a38fed41dc15c9970e4e8b96

SHA512
77cf9555f676e2c5392939bfc874a64366e93d49283c0719c767df0a7e688fd58f04b63cea1bd9dda8da633c94133f27e5e6c67303699550788722206fe60f96

Download Submit
\Windows\system\NmlYkBY.exe

Filesize
6.0MB

MD5
374edd017a85f6d4baac0a1f217bd89a

SHA1
041145a0c8bb2dab8c0cf764a6922e30524a0797

SHA256
351434f36fb1ad08a50dcb6caac681ca762295131b942fb5a3eaeb572e2e7fed

SHA512
cf3110049cb3e66cdd0957fd047d20d11194be89a1ca27a49408e6f91d2b812c26fa49a7819ee1c611369048c59533508565a328eb82922a1cc4adf7d17b0e4e

Download Submit
\Windows\system\OAQQHiY.exe

Filesize
6.0MB

MD5
09fe7a79ed8afdd806340e79e32e735d

SHA1
22c74c2e39b38830f1ebaa8dbbe20861d1ffc2bf

SHA256
f87869fc76a593a3aad8781018b119687953135705a7d0f45441dd3553a26ff0

SHA512
959e6db77128b601ad2812a5e7da2f5b482569847a2df62dc0c408640975956e4d4c4505eb22257b5ad4b26c5701c444ad004c661cbcaf387aedfeec748de8a3

Download Submit
\Windows\system\SpAoDjt.exe

Filesize
6.0MB

MD5
c7b7fffb4d1d8eb71e0f475a10d3ca3b

SHA1
72a644d99b0b2dd062eb6281d36e981d5d2e138a

SHA256
1fb5bc42d44fdbd542b4eb5edc63316681877508e7e401d8807ca778ef8cbef5

SHA512
02a46c0a34d07b460cfbf162f0fb4a62be5599f64b95745e4a4349d484d14c2047ae02f6ba6788fa098aeae8bd83ea968add8fc1eb87465df3f7ed0a8bfb0971

Download Submit
\Windows\system\WyqzKhT.exe

Filesize
6.0MB

MD5
58346415444ef008060a0ba8e35c2b81

SHA1
6850a9b303c5c04fc90aed514290c5324ac79402

SHA256
140576911fbfd689417eeaa172401f8352fb16b10c114ea077ba8c90da7713f7

SHA512
932b57a700a4bd70dfeacc26118b0b3bdff64c831db568aa51db0543a6def97f6b3df1a8b7d8fd54de49b9ff8d7ae6c2ebbc6899ed8f1fb6baa53908b173464a

Download Submit
\Windows\system\bcaeBBw.exe

Filesize
6.0MB

MD5
4583cbc0aff78857b28235583da13862

SHA1
96d10675e7a23a5e8f47387ca120ac3192f7183b

SHA256
22caf605bf422f71452f7d5a0c95106a12740e06e123fdaa094280b51e8d6a03

SHA512
ec6d593951c100a1e56e45bb4fde007a431d0e0bcc08f5d9fcbe756ab13f41d23a5862f2aea209ebf933f94f6f67ac62b81fd82b3152ebe4b020c500835623e9

Download Submit
\Windows\system\mnGjlyr.exe

Filesize
6.0MB

MD5
e5182962168218550fb58982a9e7a422

SHA1
c4aeda3d74ff1e46664450dabeda9d42bf3d6e54

SHA256
ae5d1dd500b8b283a0860c619e3f67f03e482f09702153de5f7a19a0bea7aa45

SHA512
2d805a66f807157e8b33366a98695910db955af37d551b9210377d1d7a1ae477c8629aad3dbbfe1835e2a5c719a442edf2da87caf5c5d71cbff7f217c4e2ff91

Download Submit
memory/1152-76-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-315-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-3398-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-3410-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1376-94-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1684-3327-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-69-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-3052-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-24-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-3364-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-84-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-51-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2440-83-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-532-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-114-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2440-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-30-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2440-93-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2440-28-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2440-314-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-729-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2440-98-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2440-56-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1193-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2440-70-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-893-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2440-68-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-58-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-75-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-17-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2600-894-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3399-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2600-99-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2668-34-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2668-85-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3351-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3358-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-59-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3084-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-27-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-92-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2836-54-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3359-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2860-86-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3319-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2860-47-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3246-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2884-25-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3113-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2888-26-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3328-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-61-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-100-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download