cobaltstrike | d8e3ee10eab3591978580b7a77cc2646b12563d200e24f63738fef6264ba18a7

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ef6829d2f02b063b616a6755b5031a02
SHA1

62e2c403deacd1b81b6e57383d0d42a07755e35d
SHA256

d8e3ee10eab3591978580b7a77cc2646b12563d200e24f63738fef6264ba18a7
SHA512

bd244d988c07385f110d5da993470a4f6b17d5e4c424c7c829f594b38d3096f0c105a6f346d2eb1eb734bbc2820c8276074d775d7d95ae769f4f0338f93302f9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUI:T+q56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x002e000000015e5b-10.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000015e9a-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016458-22.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660b-38.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658d-34.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019326-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a0-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c7-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019480-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-203.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-198.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019470-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b8-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019394-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-80.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-65.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000167e3-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2c-59.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2772-0-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-3.dat	xmrig
behavioral1/memory/2772-6-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2876-9-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x002e000000015e5b-10.dat	xmrig
behavioral1/memory/3068-15-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x0014000000015e9a-12.dat	xmrig
behavioral1/files/0x0007000000016458-22.dat	xmrig
behavioral1/memory/2792-23-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2772-25-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x000900000001660b-38.dat	xmrig
behavioral1/memory/2876-43-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2060-36-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2772-35-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x000700000001658d-34.dat	xmrig
behavioral1/memory/2256-52-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/1716-60-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019326-70.dat	xmrig
behavioral1/memory/548-75-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/1524-82-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/760-90-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2256-89-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/1236-99-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/1716-98-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a0-97.dat	xmrig
behavioral1/memory/980-109-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c7-115.dat	xmrig
behavioral1/memory/548-113-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019480-125.dat	xmrig
behavioral1/files/0x0005000000019515-165.dat	xmrig
behavioral1/memory/760-241-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/1236-298-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/980-320-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195af-203.dat	xmrig
behavioral1/files/0x00050000000195ad-198.dat	xmrig
behavioral1/files/0x00050000000195a9-188.dat	xmrig
behavioral1/files/0x00050000000195ab-192.dat	xmrig
behavioral1/files/0x00050000000195a7-182.dat	xmrig
behavioral1/files/0x000500000001957c-177.dat	xmrig
behavioral1/files/0x0005000000019547-172.dat	xmrig
behavioral1/memory/1524-163-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-161.dat	xmrig
behavioral1/memory/3068-896-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2792-936-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2660-935-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2876-864-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2060-937-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2668-938-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2256-939-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/1716-940-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/1328-941-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/548-942-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/1524-943-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/760-944-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-156.dat	xmrig
behavioral1/files/0x00050000000194eb-151.dat	xmrig
behavioral1/files/0x00050000000194a3-146.dat	xmrig
behavioral1/files/0x0005000000019490-141.dat	xmrig
behavioral1/files/0x000500000001948c-135.dat	xmrig
behavioral1/files/0x0005000000019489-130.dat	xmrig
behavioral1/memory/1236-945-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019470-120.dat	xmrig
behavioral1/memory/980-946-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b8-107.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2876	vQiuXXM.exe
3068	DsPSbRT.exe
2792	UOVRllZ.exe
2660	RocXKLC.exe
2060	YzTDziz.exe
2668	rLzWqmi.exe
2256	aBeVTLW.exe
1716	qQFDaSW.exe
1328	AuyyUzd.exe
548	vRkJUCw.exe
1524	tEhXVhD.exe
760	RUaFFYk.exe
1236	ePTxvhV.exe
980	bkukceJ.exe
1140	XfoNmaM.exe
2880	oiUuZmY.exe
2992	NqqPAtn.exe
2404	fqriIVT.exe
1940	CPkPHzF.exe
844	VZitmku.exe
520	fgADpwg.exe
1900	oLPXPya.exe
2156	livKHVO.exe
2372	zLrADju.exe
2068	nOJBiKD.exe
1692	NkmUvhf.exe
2560	OGCNDNE.exe
676	CxRXyVm.exe
2532	NfzkSOf.exe
848	FiqtMKn.exe
936	jAjDRTR.exe
1628	wWsbGcN.exe
1536	DAJnJOx.exe
1756	TOuxdJC.exe
280	ZRlTWVP.exe
1376	IEWzpgs.exe
3004	qkMPWDm.exe
1040	rWLKnNI.exe
328	oABAUxg.exe
928	xICMLMG.exe
2288	ophhLJi.exe
1708	JCqnLSn.exe
2312	YcTTIXk.exe
1784	FtITURQ.exe
684	xJncexK.exe
1000	fIzzaub.exe
1808	TYqcbuP.exe
740	CYgWxqI.exe
860	CAUaVlZ.exe
1720	fdbDBBF.exe
292	XIKbVkD.exe
1568	dMpYXbe.exe
1600	ILBLKBV.exe
2836	okLxkyt.exe
2808	MnllRXN.exe
2824	ehEenMk.exe
1980	qxemXaD.exe
1180	xmHZMlD.exe
2024	rXwvgzS.exe
2140	JiBWOUW.exe
2440	oOwtXpS.exe
1572	GcesSpi.exe
2936	YwoTxHN.exe
1948	iDIagBG.exe

Loads dropped DLL 64 IoCs

pid	Process
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2772-0-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x000c000000012262-3.dat	upx
behavioral1/memory/2772-6-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2876-9-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x002e000000015e5b-10.dat	upx
behavioral1/memory/3068-15-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x0014000000015e9a-12.dat	upx
behavioral1/files/0x0007000000016458-22.dat	upx
behavioral1/memory/2792-23-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2772-25-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000900000001660b-38.dat	upx
behavioral1/memory/2876-43-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2060-36-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2772-35-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x000700000001658d-34.dat	upx
behavioral1/memory/2256-52-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/1716-60-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0005000000019326-70.dat	upx
behavioral1/memory/548-75-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/1524-82-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/760-90-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2256-89-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/1236-99-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/1716-98-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x00050000000193a0-97.dat	upx
behavioral1/memory/980-109-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x00050000000193c7-115.dat	upx
behavioral1/memory/548-113-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x0005000000019480-125.dat	upx
behavioral1/files/0x0005000000019515-165.dat	upx
behavioral1/memory/760-241-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/1236-298-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/980-320-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x00050000000195af-203.dat	upx
behavioral1/files/0x00050000000195ad-198.dat	upx
behavioral1/files/0x00050000000195a9-188.dat	upx
behavioral1/files/0x00050000000195ab-192.dat	upx
behavioral1/files/0x00050000000195a7-182.dat	upx
behavioral1/files/0x000500000001957c-177.dat	upx
behavioral1/files/0x0005000000019547-172.dat	upx
behavioral1/memory/1524-163-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x000500000001950f-161.dat	upx
behavioral1/memory/3068-896-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2792-936-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2660-935-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2876-864-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2060-937-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2668-938-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2256-939-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/1716-940-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/1328-941-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/548-942-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/1524-943-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/760-944-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-156.dat	upx
behavioral1/files/0x00050000000194eb-151.dat	upx
behavioral1/files/0x00050000000194a3-146.dat	upx
behavioral1/files/0x0005000000019490-141.dat	upx
behavioral1/files/0x000500000001948c-135.dat	upx
behavioral1/files/0x0005000000019489-130.dat	upx
behavioral1/memory/1236-945-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0005000000019470-120.dat	upx
behavioral1/memory/980-946-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x00050000000193b8-107.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vIeWNIs.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSWIfLg.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGuZBBM.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAvuPjC.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQPQuIF.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRexqUB.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kaqavhp.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgGRDEl.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAfXENx.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaVrLWN.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtNAdTl.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWbgDzy.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYxEihV.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXsAvKh.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoaPKRD.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQTXczj.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgTBhHN.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWYbliA.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNNyiBf.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqiYuUw.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgWukDS.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlnBBys.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DifKVjO.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWfNRmL.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQkdnNF.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoHAmlN.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vplqFRI.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZfDZMg.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCiUURU.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORIEjHE.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMSouUd.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSMfEsq.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjdkPGu.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMvYhYa.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toQFxug.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxZuzlu.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIaNPNB.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdDpfAB.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVigLoh.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ViXMNtj.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLPFWth.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AosDfRV.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjFWDGx.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxVUyOc.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSmuaAj.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUxfxHW.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTCMuso.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmCEyWm.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXmGbBL.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYqNPxg.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYESKzm.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnIWyYB.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfIPLdv.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAqzecB.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBpEAiN.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJncexK.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHrcvfh.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQJgPOf.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbdvSlg.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjmENQi.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNMcAOy.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIrbyow.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXiifHp.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdlPaZF.exe	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2876	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2772 wrote to memory of 2876	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2772 wrote to memory of 2876	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2772 wrote to memory of 3068	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2772 wrote to memory of 3068	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2772 wrote to memory of 3068	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2772 wrote to memory of 2792	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2772 wrote to memory of 2792	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2772 wrote to memory of 2792	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2772 wrote to memory of 2660	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2772 wrote to memory of 2660	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2772 wrote to memory of 2660	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2772 wrote to memory of 2060	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2772 wrote to memory of 2060	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2772 wrote to memory of 2060	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2772 wrote to memory of 2668	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2772 wrote to memory of 2668	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2772 wrote to memory of 2668	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2772 wrote to memory of 2256	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2772 wrote to memory of 2256	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2772 wrote to memory of 2256	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2772 wrote to memory of 1716	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2772 wrote to memory of 1716	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2772 wrote to memory of 1716	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2772 wrote to memory of 1328	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2772 wrote to memory of 1328	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2772 wrote to memory of 1328	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2772 wrote to memory of 548	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2772 wrote to memory of 548	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2772 wrote to memory of 548	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2772 wrote to memory of 1524	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2772 wrote to memory of 1524	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2772 wrote to memory of 1524	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2772 wrote to memory of 760	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2772 wrote to memory of 760	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2772 wrote to memory of 760	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2772 wrote to memory of 1236	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2772 wrote to memory of 1236	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2772 wrote to memory of 1236	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2772 wrote to memory of 980	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2772 wrote to memory of 980	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2772 wrote to memory of 980	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2772 wrote to memory of 1140	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2772 wrote to memory of 1140	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2772 wrote to memory of 1140	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2772 wrote to memory of 2880	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2772 wrote to memory of 2880	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2772 wrote to memory of 2880	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2772 wrote to memory of 2992	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2772 wrote to memory of 2992	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2772 wrote to memory of 2992	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2772 wrote to memory of 2404	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2772 wrote to memory of 2404	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2772 wrote to memory of 2404	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2772 wrote to memory of 1940	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2772 wrote to memory of 1940	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2772 wrote to memory of 1940	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2772 wrote to memory of 844	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2772 wrote to memory of 844	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2772 wrote to memory of 844	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2772 wrote to memory of 520	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2772 wrote to memory of 520	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2772 wrote to memory of 520	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2772 wrote to memory of 1900	2772	2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_ef6829d2f02b063b616a6755b5031a02_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\System\vQiuXXM.exe
  C:\Windows\System\vQiuXXM.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\DsPSbRT.exe
  C:\Windows\System\DsPSbRT.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\UOVRllZ.exe
  C:\Windows\System\UOVRllZ.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\RocXKLC.exe
  C:\Windows\System\RocXKLC.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\YzTDziz.exe
  C:\Windows\System\YzTDziz.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\rLzWqmi.exe
  C:\Windows\System\rLzWqmi.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\aBeVTLW.exe
  C:\Windows\System\aBeVTLW.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\qQFDaSW.exe
  C:\Windows\System\qQFDaSW.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\AuyyUzd.exe
  C:\Windows\System\AuyyUzd.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\vRkJUCw.exe
  C:\Windows\System\vRkJUCw.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\tEhXVhD.exe
  C:\Windows\System\tEhXVhD.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\RUaFFYk.exe
  C:\Windows\System\RUaFFYk.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\ePTxvhV.exe
  C:\Windows\System\ePTxvhV.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\bkukceJ.exe
  C:\Windows\System\bkukceJ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\XfoNmaM.exe
  C:\Windows\System\XfoNmaM.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\oiUuZmY.exe
  C:\Windows\System\oiUuZmY.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\NqqPAtn.exe
  C:\Windows\System\NqqPAtn.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\fqriIVT.exe
  C:\Windows\System\fqriIVT.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\CPkPHzF.exe
  C:\Windows\System\CPkPHzF.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\VZitmku.exe
  C:\Windows\System\VZitmku.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\fgADpwg.exe
  C:\Windows\System\fgADpwg.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\oLPXPya.exe
  C:\Windows\System\oLPXPya.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\livKHVO.exe
  C:\Windows\System\livKHVO.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\zLrADju.exe
  C:\Windows\System\zLrADju.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\nOJBiKD.exe
  C:\Windows\System\nOJBiKD.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\NkmUvhf.exe
  C:\Windows\System\NkmUvhf.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\OGCNDNE.exe
  C:\Windows\System\OGCNDNE.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\CxRXyVm.exe
  C:\Windows\System\CxRXyVm.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\NfzkSOf.exe
  C:\Windows\System\NfzkSOf.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\FiqtMKn.exe
  C:\Windows\System\FiqtMKn.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\jAjDRTR.exe
  C:\Windows\System\jAjDRTR.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\wWsbGcN.exe
  C:\Windows\System\wWsbGcN.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\DAJnJOx.exe
  C:\Windows\System\DAJnJOx.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\TOuxdJC.exe
  C:\Windows\System\TOuxdJC.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\ZRlTWVP.exe
  C:\Windows\System\ZRlTWVP.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\IEWzpgs.exe
  C:\Windows\System\IEWzpgs.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\qkMPWDm.exe
  C:\Windows\System\qkMPWDm.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\rWLKnNI.exe
  C:\Windows\System\rWLKnNI.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\oABAUxg.exe
  C:\Windows\System\oABAUxg.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\xICMLMG.exe
  C:\Windows\System\xICMLMG.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\ophhLJi.exe
  C:\Windows\System\ophhLJi.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\JCqnLSn.exe
  C:\Windows\System\JCqnLSn.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\YcTTIXk.exe
  C:\Windows\System\YcTTIXk.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\FtITURQ.exe
  C:\Windows\System\FtITURQ.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\xJncexK.exe
  C:\Windows\System\xJncexK.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\fIzzaub.exe
  C:\Windows\System\fIzzaub.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\TYqcbuP.exe
  C:\Windows\System\TYqcbuP.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\CYgWxqI.exe
  C:\Windows\System\CYgWxqI.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\CAUaVlZ.exe
  C:\Windows\System\CAUaVlZ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\fdbDBBF.exe
  C:\Windows\System\fdbDBBF.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\XIKbVkD.exe
  C:\Windows\System\XIKbVkD.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\dMpYXbe.exe
  C:\Windows\System\dMpYXbe.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\ILBLKBV.exe
  C:\Windows\System\ILBLKBV.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\okLxkyt.exe
  C:\Windows\System\okLxkyt.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\MnllRXN.exe
  C:\Windows\System\MnllRXN.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\ehEenMk.exe
  C:\Windows\System\ehEenMk.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\qxemXaD.exe
  C:\Windows\System\qxemXaD.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\xmHZMlD.exe
  C:\Windows\System\xmHZMlD.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\rXwvgzS.exe
  C:\Windows\System\rXwvgzS.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\JiBWOUW.exe
  C:\Windows\System\JiBWOUW.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\oOwtXpS.exe
  C:\Windows\System\oOwtXpS.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\GcesSpi.exe
  C:\Windows\System\GcesSpi.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\YwoTxHN.exe
  C:\Windows\System\YwoTxHN.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\iDIagBG.exe
  C:\Windows\System\iDIagBG.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\ZycXOQZ.exe
  C:\Windows\System\ZycXOQZ.exe
  2⤵
  PID:2596
- C:\Windows\System\UjUqGVH.exe
  C:\Windows\System\UjUqGVH.exe
  2⤵
  PID:2100
- C:\Windows\System\fXddjhH.exe
  C:\Windows\System\fXddjhH.exe
  2⤵
  PID:2180
- C:\Windows\System\QXlvylR.exe
  C:\Windows\System\QXlvylR.exe
  2⤵
  PID:2396
- C:\Windows\System\PzNcVHq.exe
  C:\Windows\System\PzNcVHq.exe
  2⤵
  PID:2468
- C:\Windows\System\dPLaMQC.exe
  C:\Windows\System\dPLaMQC.exe
  2⤵
  PID:1960
- C:\Windows\System\PVCewOH.exe
  C:\Windows\System\PVCewOH.exe
  2⤵
  PID:680
- C:\Windows\System\uOrzBfR.exe
  C:\Windows\System\uOrzBfR.exe
  2⤵
  PID:2064
- C:\Windows\System\PNCNzXa.exe
  C:\Windows\System\PNCNzXa.exe
  2⤵
  PID:1812
- C:\Windows\System\QzwXGnk.exe
  C:\Windows\System\QzwXGnk.exe
  2⤵
  PID:3060
- C:\Windows\System\ThrSysJ.exe
  C:\Windows\System\ThrSysJ.exe
  2⤵
  PID:1772
- C:\Windows\System\BEIDNqS.exe
  C:\Windows\System\BEIDNqS.exe
  2⤵
  PID:1780
- C:\Windows\System\IebsvXT.exe
  C:\Windows\System\IebsvXT.exe
  2⤵
  PID:2576
- C:\Windows\System\BfEQCeg.exe
  C:\Windows\System\BfEQCeg.exe
  2⤵
  PID:1516
- C:\Windows\System\LhpVyme.exe
  C:\Windows\System\LhpVyme.exe
  2⤵
  PID:1304
- C:\Windows\System\lCzDFbS.exe
  C:\Windows\System\lCzDFbS.exe
  2⤵
  PID:2480
- C:\Windows\System\SvAesLf.exe
  C:\Windows\System\SvAesLf.exe
  2⤵
  PID:1028
- C:\Windows\System\JVPnHqF.exe
  C:\Windows\System\JVPnHqF.exe
  2⤵
  PID:1008
- C:\Windows\System\DuBCfTL.exe
  C:\Windows\System\DuBCfTL.exe
  2⤵
  PID:1504
- C:\Windows\System\FRGcFjS.exe
  C:\Windows\System\FRGcFjS.exe
  2⤵
  PID:1252
- C:\Windows\System\LnlNaIA.exe
  C:\Windows\System\LnlNaIA.exe
  2⤵
  PID:2212
- C:\Windows\System\YCxdrfR.exe
  C:\Windows\System\YCxdrfR.exe
  2⤵
  PID:2844
- C:\Windows\System\uHFpzhL.exe
  C:\Windows\System\uHFpzhL.exe
  2⤵
  PID:1972
- C:\Windows\System\sNolVlP.exe
  C:\Windows\System\sNolVlP.exe
  2⤵
  PID:2724
- C:\Windows\System\ZqvGkrl.exe
  C:\Windows\System\ZqvGkrl.exe
  2⤵
  PID:2940
- C:\Windows\System\MCuMfrz.exe
  C:\Windows\System\MCuMfrz.exe
  2⤵
  PID:2324
- C:\Windows\System\qslqFSl.exe
  C:\Windows\System\qslqFSl.exe
  2⤵
  PID:3064
- C:\Windows\System\eqFTAEx.exe
  C:\Windows\System\eqFTAEx.exe
  2⤵
  PID:2664
- C:\Windows\System\ZGuZBBM.exe
  C:\Windows\System\ZGuZBBM.exe
  2⤵
  PID:2052
- C:\Windows\System\vWWLcHO.exe
  C:\Windows\System\vWWLcHO.exe
  2⤵
  PID:1904
- C:\Windows\System\ivdwWOj.exe
  C:\Windows\System\ivdwWOj.exe
  2⤵
  PID:1748
- C:\Windows\System\KNqthRs.exe
  C:\Windows\System\KNqthRs.exe
  2⤵
  PID:1184
- C:\Windows\System\MHakElM.exe
  C:\Windows\System\MHakElM.exe
  2⤵
  PID:2572
- C:\Windows\System\lqQuisQ.exe
  C:\Windows\System\lqQuisQ.exe
  2⤵
  PID:1508
- C:\Windows\System\YreXWlj.exe
  C:\Windows\System\YreXWlj.exe
  2⤵
  PID:1844
- C:\Windows\System\vIrbyow.exe
  C:\Windows\System\vIrbyow.exe
  2⤵
  PID:1852
- C:\Windows\System\kAFTvte.exe
  C:\Windows\System\kAFTvte.exe
  2⤵
  PID:1764
- C:\Windows\System\RHDyqdZ.exe
  C:\Windows\System\RHDyqdZ.exe
  2⤵
  PID:2228
- C:\Windows\System\GknevwH.exe
  C:\Windows\System\GknevwH.exe
  2⤵
  PID:2300
- C:\Windows\System\BYVZbVw.exe
  C:\Windows\System\BYVZbVw.exe
  2⤵
  PID:1488
- C:\Windows\System\UPHyZxa.exe
  C:\Windows\System\UPHyZxa.exe
  2⤵
  PID:1032
- C:\Windows\System\RXVYNwU.exe
  C:\Windows\System\RXVYNwU.exe
  2⤵
  PID:2272
- C:\Windows\System\VBRAZoi.exe
  C:\Windows\System\VBRAZoi.exe
  2⤵
  PID:992
- C:\Windows\System\bxEPqER.exe
  C:\Windows\System\bxEPqER.exe
  2⤵
  PID:3084
- C:\Windows\System\QyQMAOe.exe
  C:\Windows\System\QyQMAOe.exe
  2⤵
  PID:3104
- C:\Windows\System\aqOOrNQ.exe
  C:\Windows\System\aqOOrNQ.exe
  2⤵
  PID:3124
- C:\Windows\System\bISIPTq.exe
  C:\Windows\System\bISIPTq.exe
  2⤵
  PID:3144
- C:\Windows\System\eMuqlNu.exe
  C:\Windows\System\eMuqlNu.exe
  2⤵
  PID:3164
- C:\Windows\System\hfbkedP.exe
  C:\Windows\System\hfbkedP.exe
  2⤵
  PID:3184
- C:\Windows\System\emsadkx.exe
  C:\Windows\System\emsadkx.exe
  2⤵
  PID:3204
- C:\Windows\System\ZponmPj.exe
  C:\Windows\System\ZponmPj.exe
  2⤵
  PID:3224
- C:\Windows\System\VuYyDtv.exe
  C:\Windows\System\VuYyDtv.exe
  2⤵
  PID:3244
- C:\Windows\System\mOQzGzd.exe
  C:\Windows\System\mOQzGzd.exe
  2⤵
  PID:3264
- C:\Windows\System\lhJSEqB.exe
  C:\Windows\System\lhJSEqB.exe
  2⤵
  PID:3292
- C:\Windows\System\CXiifHp.exe
  C:\Windows\System\CXiifHp.exe
  2⤵
  PID:3312
- C:\Windows\System\HJfZTOI.exe
  C:\Windows\System\HJfZTOI.exe
  2⤵
  PID:3332
- C:\Windows\System\FseoLzc.exe
  C:\Windows\System\FseoLzc.exe
  2⤵
  PID:3352
- C:\Windows\System\XhDTvFr.exe
  C:\Windows\System\XhDTvFr.exe
  2⤵
  PID:3372
- C:\Windows\System\KtuqdVn.exe
  C:\Windows\System\KtuqdVn.exe
  2⤵
  PID:3392
- C:\Windows\System\LuDdTjv.exe
  C:\Windows\System\LuDdTjv.exe
  2⤵
  PID:3412
- C:\Windows\System\YTNelfd.exe
  C:\Windows\System\YTNelfd.exe
  2⤵
  PID:3432
- C:\Windows\System\hHshFGQ.exe
  C:\Windows\System\hHshFGQ.exe
  2⤵
  PID:3452
- C:\Windows\System\GcCIjFP.exe
  C:\Windows\System\GcCIjFP.exe
  2⤵
  PID:3472
- C:\Windows\System\yudvvQN.exe
  C:\Windows\System\yudvvQN.exe
  2⤵
  PID:3616
- C:\Windows\System\hrJxDBl.exe
  C:\Windows\System\hrJxDBl.exe
  2⤵
  PID:3636
- C:\Windows\System\adizFUr.exe
  C:\Windows\System\adizFUr.exe
  2⤵
  PID:3656
- C:\Windows\System\eEyakVx.exe
  C:\Windows\System\eEyakVx.exe
  2⤵
  PID:3676
- C:\Windows\System\DgRTPbK.exe
  C:\Windows\System\DgRTPbK.exe
  2⤵
  PID:3692
- C:\Windows\System\AjFWDGx.exe
  C:\Windows\System\AjFWDGx.exe
  2⤵
  PID:3716
- C:\Windows\System\WRYSwKr.exe
  C:\Windows\System\WRYSwKr.exe
  2⤵
  PID:3732
- C:\Windows\System\fEXCKBh.exe
  C:\Windows\System\fEXCKBh.exe
  2⤵
  PID:3748
- C:\Windows\System\PQzBiTV.exe
  C:\Windows\System\PQzBiTV.exe
  2⤵
  PID:3768
- C:\Windows\System\RaJkMzd.exe
  C:\Windows\System\RaJkMzd.exe
  2⤵
  PID:3784
- C:\Windows\System\ncOCQih.exe
  C:\Windows\System\ncOCQih.exe
  2⤵
  PID:3820
- C:\Windows\System\qawSGOc.exe
  C:\Windows\System\qawSGOc.exe
  2⤵
  PID:3836
- C:\Windows\System\VrXtGYe.exe
  C:\Windows\System\VrXtGYe.exe
  2⤵
  PID:3852
- C:\Windows\System\YpxgDwu.exe
  C:\Windows\System\YpxgDwu.exe
  2⤵
  PID:3876
- C:\Windows\System\uNqUVRA.exe
  C:\Windows\System\uNqUVRA.exe
  2⤵
  PID:3900
- C:\Windows\System\irSdeeq.exe
  C:\Windows\System\irSdeeq.exe
  2⤵
  PID:3916
- C:\Windows\System\QfEyEcw.exe
  C:\Windows\System\QfEyEcw.exe
  2⤵
  PID:3936
- C:\Windows\System\FMzYuUr.exe
  C:\Windows\System\FMzYuUr.exe
  2⤵
  PID:3960
- C:\Windows\System\pQBGdFA.exe
  C:\Windows\System\pQBGdFA.exe
  2⤵
  PID:3976
- C:\Windows\System\NVYSaVq.exe
  C:\Windows\System\NVYSaVq.exe
  2⤵
  PID:4000
- C:\Windows\System\ZvhiWAI.exe
  C:\Windows\System\ZvhiWAI.exe
  2⤵
  PID:4020
- C:\Windows\System\cOzzKmt.exe
  C:\Windows\System\cOzzKmt.exe
  2⤵
  PID:4036
- C:\Windows\System\MQPtopW.exe
  C:\Windows\System\MQPtopW.exe
  2⤵
  PID:4056
- C:\Windows\System\KGcsIhi.exe
  C:\Windows\System\KGcsIhi.exe
  2⤵
  PID:4072
- C:\Windows\System\DMMNDup.exe
  C:\Windows\System\DMMNDup.exe
  2⤵
  PID:4092
- C:\Windows\System\qoJSXlE.exe
  C:\Windows\System\qoJSXlE.exe
  2⤵
  PID:2672
- C:\Windows\System\VVZKhQH.exe
  C:\Windows\System\VVZKhQH.exe
  2⤵
  PID:2380
- C:\Windows\System\caPgGND.exe
  C:\Windows\System\caPgGND.exe
  2⤵
  PID:2456
- C:\Windows\System\qWmTjvh.exe
  C:\Windows\System\qWmTjvh.exe
  2⤵
  PID:2160
- C:\Windows\System\ypcGhKB.exe
  C:\Windows\System\ypcGhKB.exe
  2⤵
  PID:2384
- C:\Windows\System\QFqteQL.exe
  C:\Windows\System\QFqteQL.exe
  2⤵
  PID:2116
- C:\Windows\System\YgLFgvf.exe
  C:\Windows\System\YgLFgvf.exe
  2⤵
  PID:2524
- C:\Windows\System\ZVZUyVD.exe
  C:\Windows\System\ZVZUyVD.exe
  2⤵
  PID:2320
- C:\Windows\System\ANUpRVQ.exe
  C:\Windows\System\ANUpRVQ.exe
  2⤵
  PID:1640
- C:\Windows\System\LgEtOKz.exe
  C:\Windows\System\LgEtOKz.exe
  2⤵
  PID:2316
- C:\Windows\System\YTBVoQY.exe
  C:\Windows\System\YTBVoQY.exe
  2⤵
  PID:996
- C:\Windows\System\luAmQha.exe
  C:\Windows\System\luAmQha.exe
  2⤵
  PID:2764
- C:\Windows\System\fYgIQlZ.exe
  C:\Windows\System\fYgIQlZ.exe
  2⤵
  PID:2332
- C:\Windows\System\dCAuvxk.exe
  C:\Windows\System\dCAuvxk.exe
  2⤵
  PID:3080
- C:\Windows\System\QqmdgQR.exe
  C:\Windows\System\QqmdgQR.exe
  2⤵
  PID:3136
- C:\Windows\System\HBKUvsp.exe
  C:\Windows\System\HBKUvsp.exe
  2⤵
  PID:3192
- C:\Windows\System\gwRuoOs.exe
  C:\Windows\System\gwRuoOs.exe
  2⤵
  PID:3252
- C:\Windows\System\Kaqavhp.exe
  C:\Windows\System\Kaqavhp.exe
  2⤵
  PID:3272
- C:\Windows\System\WOdLhHd.exe
  C:\Windows\System\WOdLhHd.exe
  2⤵
  PID:3304
- C:\Windows\System\gLQfmXg.exe
  C:\Windows\System\gLQfmXg.exe
  2⤵
  PID:3324
- C:\Windows\System\wkMhRuz.exe
  C:\Windows\System\wkMhRuz.exe
  2⤵
  PID:3380
- C:\Windows\System\ZbyMppP.exe
  C:\Windows\System\ZbyMppP.exe
  2⤵
  PID:3408
- C:\Windows\System\lebwgKr.exe
  C:\Windows\System\lebwgKr.exe
  2⤵
  PID:3448
- C:\Windows\System\cqugLrQ.exe
  C:\Windows\System\cqugLrQ.exe
  2⤵
  PID:3464
- C:\Windows\System\EttCEZn.exe
  C:\Windows\System\EttCEZn.exe
  2⤵
  PID:2708
- C:\Windows\System\CnTORvB.exe
  C:\Windows\System\CnTORvB.exe
  2⤵
  PID:3508
- C:\Windows\System\YWdcuYn.exe
  C:\Windows\System\YWdcuYn.exe
  2⤵
  PID:1696
- C:\Windows\System\gyEYTQa.exe
  C:\Windows\System\gyEYTQa.exe
  2⤵
  PID:2652
- C:\Windows\System\mSmJmLm.exe
  C:\Windows\System\mSmJmLm.exe
  2⤵
  PID:3536
- C:\Windows\System\ocyXyus.exe
  C:\Windows\System\ocyXyus.exe
  2⤵
  PID:2436
- C:\Windows\System\AlzaCcb.exe
  C:\Windows\System\AlzaCcb.exe
  2⤵
  PID:2088
- C:\Windows\System\OabhqdH.exe
  C:\Windows\System\OabhqdH.exe
  2⤵
  PID:1480
- C:\Windows\System\gOSfZtC.exe
  C:\Windows\System\gOSfZtC.exe
  2⤵
  PID:3552
- C:\Windows\System\roREybr.exe
  C:\Windows\System\roREybr.exe
  2⤵
  PID:2028
- C:\Windows\System\CMjQWqJ.exe
  C:\Windows\System\CMjQWqJ.exe
  2⤵
  PID:3576
- C:\Windows\System\zBOONzb.exe
  C:\Windows\System\zBOONzb.exe
  2⤵
  PID:2200
- C:\Windows\System\GBzNVHE.exe
  C:\Windows\System\GBzNVHE.exe
  2⤵
  PID:2804
- C:\Windows\System\AdCYlPo.exe
  C:\Windows\System\AdCYlPo.exe
  2⤵
  PID:3028
- C:\Windows\System\fCEpNLY.exe
  C:\Windows\System\fCEpNLY.exe
  2⤵
  PID:2344
- C:\Windows\System\YrvlkZU.exe
  C:\Windows\System\YrvlkZU.exe
  2⤵
  PID:3600
- C:\Windows\System\xGvOQIC.exe
  C:\Windows\System\xGvOQIC.exe
  2⤵
  PID:2704
- C:\Windows\System\xpjPWNz.exe
  C:\Windows\System\xpjPWNz.exe
  2⤵
  PID:3020
- C:\Windows\System\GZadwTP.exe
  C:\Windows\System\GZadwTP.exe
  2⤵
  PID:2168
- C:\Windows\System\NzeaRqF.exe
  C:\Windows\System\NzeaRqF.exe
  2⤵
  PID:2084
- C:\Windows\System\KcAiXPB.exe
  C:\Windows\System\KcAiXPB.exe
  2⤵
  PID:2388
- C:\Windows\System\KuQZZcH.exe
  C:\Windows\System\KuQZZcH.exe
  2⤵
  PID:824
- C:\Windows\System\OVwPuRK.exe
  C:\Windows\System\OVwPuRK.exe
  2⤵
  PID:1360
- C:\Windows\System\BvtlPeB.exe
  C:\Windows\System\BvtlPeB.exe
  2⤵
  PID:1868
- C:\Windows\System\dSmuaAj.exe
  C:\Windows\System\dSmuaAj.exe
  2⤵
  PID:3632
- C:\Windows\System\bzqjOdL.exe
  C:\Windows\System\bzqjOdL.exe
  2⤵
  PID:3652
- C:\Windows\System\iwHkdPK.exe
  C:\Windows\System\iwHkdPK.exe
  2⤵
  PID:3700
- C:\Windows\System\YVtLonk.exe
  C:\Windows\System\YVtLonk.exe
  2⤵
  PID:3704
- C:\Windows\System\VtBqxvx.exe
  C:\Windows\System\VtBqxvx.exe
  2⤵
  PID:3756
- C:\Windows\System\bpsweuG.exe
  C:\Windows\System\bpsweuG.exe
  2⤵
  PID:3808
- C:\Windows\System\AqjIUHw.exe
  C:\Windows\System\AqjIUHw.exe
  2⤵
  PID:3800
- C:\Windows\System\IsnDGPy.exe
  C:\Windows\System\IsnDGPy.exe
  2⤵
  PID:3844
- C:\Windows\System\PvqWFnk.exe
  C:\Windows\System\PvqWFnk.exe
  2⤵
  PID:3892
- C:\Windows\System\lQlLuCO.exe
  C:\Windows\System\lQlLuCO.exe
  2⤵
  PID:3912
- C:\Windows\System\NJKYUpM.exe
  C:\Windows\System\NJKYUpM.exe
  2⤵
  PID:3952
- C:\Windows\System\bENUTJJ.exe
  C:\Windows\System\bENUTJJ.exe
  2⤵
  PID:3968
- C:\Windows\System\uWAEJcl.exe
  C:\Windows\System\uWAEJcl.exe
  2⤵
  PID:3988
- C:\Windows\System\rdsSOoi.exe
  C:\Windows\System\rdsSOoi.exe
  2⤵
  PID:4084
- C:\Windows\System\ggPiRqf.exe
  C:\Windows\System\ggPiRqf.exe
  2⤵
  PID:2424
- C:\Windows\System\KvNCYpn.exe
  C:\Windows\System\KvNCYpn.exe
  2⤵
  PID:1388
- C:\Windows\System\zhXCHba.exe
  C:\Windows\System\zhXCHba.exe
  2⤵
  PID:1936
- C:\Windows\System\PdWpXwb.exe
  C:\Windows\System\PdWpXwb.exe
  2⤵
  PID:2780
- C:\Windows\System\OZOMWMM.exe
  C:\Windows\System\OZOMWMM.exe
  2⤵
  PID:828
- C:\Windows\System\YQfLEcs.exe
  C:\Windows\System\YQfLEcs.exe
  2⤵
  PID:916
- C:\Windows\System\AeDmbyy.exe
  C:\Windows\System\AeDmbyy.exe
  2⤵
  PID:3120
- C:\Windows\System\AyqHENW.exe
  C:\Windows\System\AyqHENW.exe
  2⤵
  PID:3076
- C:\Windows\System\ZbFNjLk.exe
  C:\Windows\System\ZbFNjLk.exe
  2⤵
  PID:3096
- C:\Windows\System\GabdvoC.exe
  C:\Windows\System\GabdvoC.exe
  2⤵
  PID:3176
- C:\Windows\System\IqOePdX.exe
  C:\Windows\System\IqOePdX.exe
  2⤵
  PID:3256
- C:\Windows\System\TuBhxPx.exe
  C:\Windows\System\TuBhxPx.exe
  2⤵
  PID:3368
- C:\Windows\System\lDuJCpc.exe
  C:\Windows\System\lDuJCpc.exe
  2⤵
  PID:3360
- C:\Windows\System\LLlhiSe.exe
  C:\Windows\System\LLlhiSe.exe
  2⤵
  PID:3484
- C:\Windows\System\YJdvssd.exe
  C:\Windows\System\YJdvssd.exe
  2⤵
  PID:3400
- C:\Windows\System\VJdZwqB.exe
  C:\Windows\System\VJdZwqB.exe
  2⤵
  PID:2588
- C:\Windows\System\JWRrPUB.exe
  C:\Windows\System\JWRrPUB.exe
  2⤵
  PID:2336
- C:\Windows\System\aPRcRGj.exe
  C:\Windows\System\aPRcRGj.exe
  2⤵
  PID:1036
- C:\Windows\System\CsLmcvg.exe
  C:\Windows\System\CsLmcvg.exe
  2⤵
  PID:1988
- C:\Windows\System\wQtZMpu.exe
  C:\Windows\System\wQtZMpu.exe
  2⤵
  PID:2892
- C:\Windows\System\dYjAgFP.exe
  C:\Windows\System\dYjAgFP.exe
  2⤵
  PID:2640
- C:\Windows\System\cMxTGOp.exe
  C:\Windows\System\cMxTGOp.exe
  2⤵
  PID:3584
- C:\Windows\System\eqZARsM.exe
  C:\Windows\System\eqZARsM.exe
  2⤵
  PID:1728
- C:\Windows\System\nHSNEiJ.exe
  C:\Windows\System\nHSNEiJ.exe
  2⤵
  PID:2828
- C:\Windows\System\XvAHDZK.exe
  C:\Windows\System\XvAHDZK.exe
  2⤵
  PID:3000
- C:\Windows\System\GPMndwW.exe
  C:\Windows\System\GPMndwW.exe
  2⤵
  PID:2972
- C:\Windows\System\uqAonad.exe
  C:\Windows\System\uqAonad.exe
  2⤵
  PID:1608
- C:\Windows\System\LVIbYoC.exe
  C:\Windows\System\LVIbYoC.exe
  2⤵
  PID:580
- C:\Windows\System\QsjbGIg.exe
  C:\Windows\System\QsjbGIg.exe
  2⤵
  PID:1460
- C:\Windows\System\PkEmGTg.exe
  C:\Windows\System\PkEmGTg.exe
  2⤵
  PID:3668
- C:\Windows\System\fytcRlj.exe
  C:\Windows\System\fytcRlj.exe
  2⤵
  PID:2460
- C:\Windows\System\yWgfZzk.exe
  C:\Windows\System\yWgfZzk.exe
  2⤵
  PID:3644
- C:\Windows\System\MboSehL.exe
  C:\Windows\System\MboSehL.exe
  2⤵
  PID:3932
- C:\Windows\System\eUmXAcD.exe
  C:\Windows\System\eUmXAcD.exe
  2⤵
  PID:3864
- C:\Windows\System\XyLRsvz.exe
  C:\Windows\System\XyLRsvz.exe
  2⤵
  PID:3888
- C:\Windows\System\nAVWLAD.exe
  C:\Windows\System\nAVWLAD.exe
  2⤵
  PID:4012
- C:\Windows\System\nzJnOOi.exe
  C:\Windows\System\nzJnOOi.exe
  2⤵
  PID:2176
- C:\Windows\System\HvsMEQI.exe
  C:\Windows\System\HvsMEQI.exe
  2⤵
  PID:4048
- C:\Windows\System\UHkJNLv.exe
  C:\Windows\System\UHkJNLv.exe
  2⤵
  PID:1260
- C:\Windows\System\RhcoTJS.exe
  C:\Windows\System\RhcoTJS.exe
  2⤵
  PID:908
- C:\Windows\System\cHqphDn.exe
  C:\Windows\System\cHqphDn.exe
  2⤵
  PID:1676
- C:\Windows\System\vwskAFX.exe
  C:\Windows\System\vwskAFX.exe
  2⤵
  PID:2520
- C:\Windows\System\EVNeeCW.exe
  C:\Windows\System\EVNeeCW.exe
  2⤵
  PID:3196
- C:\Windows\System\SlOkTsw.exe
  C:\Windows\System\SlOkTsw.exe
  2⤵
  PID:3284
- C:\Windows\System\ETIlvwu.exe
  C:\Windows\System\ETIlvwu.exe
  2⤵
  PID:3308
- C:\Windows\System\CtbhoVe.exe
  C:\Windows\System\CtbhoVe.exe
  2⤵
  PID:2712
- C:\Windows\System\FxAgmwZ.exe
  C:\Windows\System\FxAgmwZ.exe
  2⤵
  PID:1148
- C:\Windows\System\qmpgrXl.exe
  C:\Windows\System\qmpgrXl.exe
  2⤵
  PID:1616
- C:\Windows\System\IdlPaZF.exe
  C:\Windows\System\IdlPaZF.exe
  2⤵
  PID:2684
- C:\Windows\System\sDZucTV.exe
  C:\Windows\System\sDZucTV.exe
  2⤵
  PID:3036
- C:\Windows\System\xFuQBiK.exe
  C:\Windows\System\xFuQBiK.exe
  2⤵
  PID:1076
- C:\Windows\System\ISQxOVY.exe
  C:\Windows\System\ISQxOVY.exe
  2⤵
  PID:2616
- C:\Windows\System\IPgzoet.exe
  C:\Windows\System\IPgzoet.exe
  2⤵
  PID:2284
- C:\Windows\System\hJYtYfU.exe
  C:\Windows\System\hJYtYfU.exe
  2⤵
  PID:3728
- C:\Windows\System\HyrmHxE.exe
  C:\Windows\System\HyrmHxE.exe
  2⤵
  PID:3760
- C:\Windows\System\Oxmbfbf.exe
  C:\Windows\System\Oxmbfbf.exe
  2⤵
  PID:3884
- C:\Windows\System\OxcTDgZ.exe
  C:\Windows\System\OxcTDgZ.exe
  2⤵
  PID:3928
- C:\Windows\System\FvotTBU.exe
  C:\Windows\System\FvotTBU.exe
  2⤵
  PID:3740
- C:\Windows\System\VdhYZGf.exe
  C:\Windows\System\VdhYZGf.exe
  2⤵
  PID:3832
- C:\Windows\System\zYYWrvA.exe
  C:\Windows\System\zYYWrvA.exe
  2⤵
  PID:2888
- C:\Windows\System\uppAJxS.exe
  C:\Windows\System\uppAJxS.exe
  2⤵
  PID:3500
- C:\Windows\System\FIlWSus.exe
  C:\Windows\System\FIlWSus.exe
  2⤵
  PID:2252
- C:\Windows\System\haTGHMO.exe
  C:\Windows\System\haTGHMO.exe
  2⤵
  PID:2496
- C:\Windows\System\hEWSqrn.exe
  C:\Windows\System\hEWSqrn.exe
  2⤵
  PID:2624
- C:\Windows\System\qhVwUIP.exe
  C:\Windows\System\qhVwUIP.exe
  2⤵
  PID:2788
- C:\Windows\System\OfFAkvR.exe
  C:\Windows\System\OfFAkvR.exe
  2⤵
  PID:1700
- C:\Windows\System\DIVmQWi.exe
  C:\Windows\System\DIVmQWi.exe
  2⤵
  PID:536
- C:\Windows\System\ylpagbo.exe
  C:\Windows\System\ylpagbo.exe
  2⤵
  PID:3848
- C:\Windows\System\aRkadJa.exe
  C:\Windows\System\aRkadJa.exe
  2⤵
  PID:4032
- C:\Windows\System\aRXaFlg.exe
  C:\Windows\System\aRXaFlg.exe
  2⤵
  PID:2904
- C:\Windows\System\bCpTAdT.exe
  C:\Windows\System\bCpTAdT.exe
  2⤵
  PID:4052
- C:\Windows\System\HuqIYzz.exe
  C:\Windows\System\HuqIYzz.exe
  2⤵
  PID:3236
- C:\Windows\System\thfNbtk.exe
  C:\Windows\System\thfNbtk.exe
  2⤵
  PID:3492
- C:\Windows\System\XbKHHqh.exe
  C:\Windows\System\XbKHHqh.exe
  2⤵
  PID:1072
- C:\Windows\System\qeIzaDM.exe
  C:\Windows\System\qeIzaDM.exe
  2⤵
  PID:2968
- C:\Windows\System\UARnfug.exe
  C:\Windows\System\UARnfug.exe
  2⤵
  PID:3780
- C:\Windows\System\zvZWfJV.exe
  C:\Windows\System\zvZWfJV.exe
  2⤵
  PID:2148
- C:\Windows\System\XqiYuUw.exe
  C:\Windows\System\XqiYuUw.exe
  2⤵
  PID:3712
- C:\Windows\System\OXsAvKh.exe
  C:\Windows\System\OXsAvKh.exe
  2⤵
  PID:3956
- C:\Windows\System\AuRYrwo.exe
  C:\Windows\System\AuRYrwo.exe
  2⤵
  PID:2956
- C:\Windows\System\sFghypP.exe
  C:\Windows\System\sFghypP.exe
  2⤵
  PID:900
- C:\Windows\System\NxKCDOx.exe
  C:\Windows\System\NxKCDOx.exe
  2⤵
  PID:1796
- C:\Windows\System\PSdqGFX.exe
  C:\Windows\System\PSdqGFX.exe
  2⤵
  PID:632
- C:\Windows\System\ggvTsjD.exe
  C:\Windows\System\ggvTsjD.exe
  2⤵
  PID:932
- C:\Windows\System\BDvOFum.exe
  C:\Windows\System\BDvOFum.exe
  2⤵
  PID:3908
- C:\Windows\System\nwqaQWA.exe
  C:\Windows\System\nwqaQWA.exe
  2⤵
  PID:3328
- C:\Windows\System\QZUUQKl.exe
  C:\Windows\System\QZUUQKl.exe
  2⤵
  PID:944
- C:\Windows\System\IWymQnk.exe
  C:\Windows\System\IWymQnk.exe
  2⤵
  PID:1264
- C:\Windows\System\wvSyOBA.exe
  C:\Windows\System\wvSyOBA.exe
  2⤵
  PID:4108
- C:\Windows\System\SmsoOHE.exe
  C:\Windows\System\SmsoOHE.exe
  2⤵
  PID:4128
- C:\Windows\System\fpbpgnZ.exe
  C:\Windows\System\fpbpgnZ.exe
  2⤵
  PID:4144
- C:\Windows\System\VYESKzm.exe
  C:\Windows\System\VYESKzm.exe
  2⤵
  PID:4168
- C:\Windows\System\iLwctTg.exe
  C:\Windows\System\iLwctTg.exe
  2⤵
  PID:4196
- C:\Windows\System\ARkwRDU.exe
  C:\Windows\System\ARkwRDU.exe
  2⤵
  PID:4212
- C:\Windows\System\JbvBafT.exe
  C:\Windows\System\JbvBafT.exe
  2⤵
  PID:4228
- C:\Windows\System\wLyfdFT.exe
  C:\Windows\System\wLyfdFT.exe
  2⤵
  PID:4252
- C:\Windows\System\kzQyQvm.exe
  C:\Windows\System\kzQyQvm.exe
  2⤵
  PID:4268
- C:\Windows\System\XiaSiFn.exe
  C:\Windows\System\XiaSiFn.exe
  2⤵
  PID:4288
- C:\Windows\System\oAvuPjC.exe
  C:\Windows\System\oAvuPjC.exe
  2⤵
  PID:4304
- C:\Windows\System\dYOaUMo.exe
  C:\Windows\System\dYOaUMo.exe
  2⤵
  PID:4320
- C:\Windows\System\xXSvMkY.exe
  C:\Windows\System\xXSvMkY.exe
  2⤵
  PID:4352
- C:\Windows\System\ObbdkZU.exe
  C:\Windows\System\ObbdkZU.exe
  2⤵
  PID:4368
- C:\Windows\System\wLPrQgK.exe
  C:\Windows\System\wLPrQgK.exe
  2⤵
  PID:4392
- C:\Windows\System\qgOnBce.exe
  C:\Windows\System\qgOnBce.exe
  2⤵
  PID:4412
- C:\Windows\System\IWUlCec.exe
  C:\Windows\System\IWUlCec.exe
  2⤵
  PID:4432
- C:\Windows\System\HpaiwcD.exe
  C:\Windows\System\HpaiwcD.exe
  2⤵
  PID:4448
- C:\Windows\System\GpDXOCs.exe
  C:\Windows\System\GpDXOCs.exe
  2⤵
  PID:4468
- C:\Windows\System\HmvWrTE.exe
  C:\Windows\System\HmvWrTE.exe
  2⤵
  PID:4488
- C:\Windows\System\qmELdfk.exe
  C:\Windows\System\qmELdfk.exe
  2⤵
  PID:4516
- C:\Windows\System\GKQDZFx.exe
  C:\Windows\System\GKQDZFx.exe
  2⤵
  PID:4532
- C:\Windows\System\JPebBXp.exe
  C:\Windows\System\JPebBXp.exe
  2⤵
  PID:4560
- C:\Windows\System\wUmXbnl.exe
  C:\Windows\System\wUmXbnl.exe
  2⤵
  PID:4576
- C:\Windows\System\dgWukDS.exe
  C:\Windows\System\dgWukDS.exe
  2⤵
  PID:4592
- C:\Windows\System\JHrcvfh.exe
  C:\Windows\System\JHrcvfh.exe
  2⤵
  PID:4608
- C:\Windows\System\oSyRJdD.exe
  C:\Windows\System\oSyRJdD.exe
  2⤵
  PID:4628
- C:\Windows\System\tORdNdx.exe
  C:\Windows\System\tORdNdx.exe
  2⤵
  PID:4660
- C:\Windows\System\SyjQRcw.exe
  C:\Windows\System\SyjQRcw.exe
  2⤵
  PID:4680
- C:\Windows\System\GknWoTa.exe
  C:\Windows\System\GknWoTa.exe
  2⤵
  PID:4696
- C:\Windows\System\OfgzvGb.exe
  C:\Windows\System\OfgzvGb.exe
  2⤵
  PID:4712
- C:\Windows\System\BaAKuwi.exe
  C:\Windows\System\BaAKuwi.exe
  2⤵
  PID:4736
- C:\Windows\System\WepCXSL.exe
  C:\Windows\System\WepCXSL.exe
  2⤵
  PID:4760
- C:\Windows\System\gBDwEJy.exe
  C:\Windows\System\gBDwEJy.exe
  2⤵
  PID:4776
- C:\Windows\System\mWMxlWM.exe
  C:\Windows\System\mWMxlWM.exe
  2⤵
  PID:4792
- C:\Windows\System\SVMtOOv.exe
  C:\Windows\System\SVMtOOv.exe
  2⤵
  PID:4812
- C:\Windows\System\MmvCJDJ.exe
  C:\Windows\System\MmvCJDJ.exe
  2⤵
  PID:4832
- C:\Windows\System\uLtbeRc.exe
  C:\Windows\System\uLtbeRc.exe
  2⤵
  PID:4860
- C:\Windows\System\asUaVen.exe
  C:\Windows\System\asUaVen.exe
  2⤵
  PID:4876
- C:\Windows\System\DOYyeLL.exe
  C:\Windows\System\DOYyeLL.exe
  2⤵
  PID:4892
- C:\Windows\System\bsgpYuY.exe
  C:\Windows\System\bsgpYuY.exe
  2⤵
  PID:4912
- C:\Windows\System\MIaMDPn.exe
  C:\Windows\System\MIaMDPn.exe
  2⤵
  PID:4932
- C:\Windows\System\ymERCJc.exe
  C:\Windows\System\ymERCJc.exe
  2⤵
  PID:4948
- C:\Windows\System\niOcRgw.exe
  C:\Windows\System\niOcRgw.exe
  2⤵
  PID:4976
- C:\Windows\System\iFrifAM.exe
  C:\Windows\System\iFrifAM.exe
  2⤵
  PID:4992
- C:\Windows\System\Kpkxkyr.exe
  C:\Windows\System\Kpkxkyr.exe
  2⤵
  PID:5012
- C:\Windows\System\jMtmBeM.exe
  C:\Windows\System\jMtmBeM.exe
  2⤵
  PID:5032
- C:\Windows\System\SIOFFCK.exe
  C:\Windows\System\SIOFFCK.exe
  2⤵
  PID:5052
- C:\Windows\System\wSRRtTy.exe
  C:\Windows\System\wSRRtTy.exe
  2⤵
  PID:5080
- C:\Windows\System\ydkTqWM.exe
  C:\Windows\System\ydkTqWM.exe
  2⤵
  PID:5096
- C:\Windows\System\XoaPKRD.exe
  C:\Windows\System\XoaPKRD.exe
  2⤵
  PID:2360
- C:\Windows\System\aTPytni.exe
  C:\Windows\System\aTPytni.exe
  2⤵
  PID:2900
- C:\Windows\System\OgGRDEl.exe
  C:\Windows\System\OgGRDEl.exe
  2⤵
  PID:4100
- C:\Windows\System\DVzyrSN.exe
  C:\Windows\System\DVzyrSN.exe
  2⤵
  PID:4120
- C:\Windows\System\oFOGFCx.exe
  C:\Windows\System\oFOGFCx.exe
  2⤵
  PID:4156
- C:\Windows\System\OtiKPah.exe
  C:\Windows\System\OtiKPah.exe
  2⤵
  PID:4188
- C:\Windows\System\rPvmuiv.exe
  C:\Windows\System\rPvmuiv.exe
  2⤵
  PID:4236
- C:\Windows\System\avNxoZb.exe
  C:\Windows\System\avNxoZb.exe
  2⤵
  PID:4312
- C:\Windows\System\cToBQcD.exe
  C:\Windows\System\cToBQcD.exe
  2⤵
  PID:4260
- C:\Windows\System\IMiNmXl.exe
  C:\Windows\System\IMiNmXl.exe
  2⤵
  PID:4336
- C:\Windows\System\OKZmnBl.exe
  C:\Windows\System\OKZmnBl.exe
  2⤵
  PID:2264
- C:\Windows\System\GWTlzbm.exe
  C:\Windows\System\GWTlzbm.exe
  2⤵
  PID:4364
- C:\Windows\System\YpGqCNy.exe
  C:\Windows\System\YpGqCNy.exe
  2⤵
  PID:4404
- C:\Windows\System\kLnXFFS.exe
  C:\Windows\System\kLnXFFS.exe
  2⤵
  PID:4460
- C:\Windows\System\MeHUPpj.exe
  C:\Windows\System\MeHUPpj.exe
  2⤵
  PID:4484
- C:\Windows\System\HtiiOoq.exe
  C:\Windows\System\HtiiOoq.exe
  2⤵
  PID:4512
- C:\Windows\System\QXTyBZE.exe
  C:\Windows\System\QXTyBZE.exe
  2⤵
  PID:4584
- C:\Windows\System\ZjFPPWf.exe
  C:\Windows\System\ZjFPPWf.exe
  2⤵
  PID:4572
- C:\Windows\System\QyiaGUB.exe
  C:\Windows\System\QyiaGUB.exe
  2⤵
  PID:4600
- C:\Windows\System\dJEldje.exe
  C:\Windows\System\dJEldje.exe
  2⤵
  PID:4656
- C:\Windows\System\wYHsXOg.exe
  C:\Windows\System\wYHsXOg.exe
  2⤵
  PID:4704
- C:\Windows\System\NWwaWjz.exe
  C:\Windows\System\NWwaWjz.exe
  2⤵
  PID:4692
- C:\Windows\System\WlSNmum.exe
  C:\Windows\System\WlSNmum.exe
  2⤵
  PID:3260
- C:\Windows\System\BtdrSVf.exe
  C:\Windows\System\BtdrSVf.exe
  2⤵
  PID:4756
- C:\Windows\System\EiPMIyz.exe
  C:\Windows\System\EiPMIyz.exe
  2⤵
  PID:4804
- C:\Windows\System\clvrLus.exe
  C:\Windows\System\clvrLus.exe
  2⤵
  PID:4848
- C:\Windows\System\ZfsBKtq.exe
  C:\Windows\System\ZfsBKtq.exe
  2⤵
  PID:4940
- C:\Windows\System\JCaaNXS.exe
  C:\Windows\System\JCaaNXS.exe
  2⤵
  PID:4904
- C:\Windows\System\FmArqxp.exe
  C:\Windows\System\FmArqxp.exe
  2⤵
  PID:4988
- C:\Windows\System\KSlawvA.exe
  C:\Windows\System\KSlawvA.exe
  2⤵
  PID:4964
- C:\Windows\System\zgLFQvD.exe
  C:\Windows\System\zgLFQvD.exe
  2⤵
  PID:4960
- C:\Windows\System\wXTxzyy.exe
  C:\Windows\System\wXTxzyy.exe
  2⤵
  PID:5040
- C:\Windows\System\fRdnfWo.exe
  C:\Windows\System\fRdnfWo.exe
  2⤵
  PID:5072
- C:\Windows\System\uoKbhIN.exe
  C:\Windows\System\uoKbhIN.exe
  2⤵
  PID:5116
- C:\Windows\System\OdvvDRb.exe
  C:\Windows\System\OdvvDRb.exe
  2⤵
  PID:4152
- C:\Windows\System\KuVJOqP.exe
  C:\Windows\System\KuVJOqP.exe
  2⤵
  PID:4116
- C:\Windows\System\jujkWkF.exe
  C:\Windows\System\jujkWkF.exe
  2⤵
  PID:880
- C:\Windows\System\WJfSvbc.exe
  C:\Windows\System\WJfSvbc.exe
  2⤵
  PID:4164
- C:\Windows\System\GdDpfAB.exe
  C:\Windows\System\GdDpfAB.exe
  2⤵
  PID:4244
- C:\Windows\System\WwgZdJZ.exe
  C:\Windows\System\WwgZdJZ.exe
  2⤵
  PID:4332
- C:\Windows\System\aCnKCQj.exe
  C:\Windows\System\aCnKCQj.exe
  2⤵
  PID:4388
- C:\Windows\System\BqrHIzb.exe
  C:\Windows\System\BqrHIzb.exe
  2⤵
  PID:4476
- C:\Windows\System\ethHaVi.exe
  C:\Windows\System\ethHaVi.exe
  2⤵
  PID:4548
- C:\Windows\System\mymeqgX.exe
  C:\Windows\System\mymeqgX.exe
  2⤵
  PID:4508
- C:\Windows\System\aBeKbNG.exe
  C:\Windows\System\aBeKbNG.exe
  2⤵
  PID:4652
- C:\Windows\System\KDOFeGi.exe
  C:\Windows\System\KDOFeGi.exe
  2⤵
  PID:4676
- C:\Windows\System\OCrRtto.exe
  C:\Windows\System\OCrRtto.exe
  2⤵
  PID:4648
- C:\Windows\System\DNNOTQJ.exe
  C:\Windows\System\DNNOTQJ.exe
  2⤵
  PID:4752
- C:\Windows\System\VlPqcWA.exe
  C:\Windows\System\VlPqcWA.exe
  2⤵
  PID:4872
- C:\Windows\System\WnbHtvq.exe
  C:\Windows\System\WnbHtvq.exe
  2⤵
  PID:3156
- C:\Windows\System\vHLtwLg.exe
  C:\Windows\System\vHLtwLg.exe
  2⤵
  PID:4888
- C:\Windows\System\nQBsHDv.exe
  C:\Windows\System\nQBsHDv.exe
  2⤵
  PID:5024
- C:\Windows\System\bZDnJnU.exe
  C:\Windows\System\bZDnJnU.exe
  2⤵
  PID:5044
- C:\Windows\System\LyipcEB.exe
  C:\Windows\System\LyipcEB.exe
  2⤵
  PID:5008
- C:\Windows\System\IOQySJA.exe
  C:\Windows\System\IOQySJA.exe
  2⤵
  PID:3744
- C:\Windows\System\XZOepCl.exe
  C:\Windows\System\XZOepCl.exe
  2⤵
  PID:4140
- C:\Windows\System\YvyIGmk.exe
  C:\Windows\System\YvyIGmk.exe
  2⤵
  PID:4316
- C:\Windows\System\grlFwnU.exe
  C:\Windows\System\grlFwnU.exe
  2⤵
  PID:4348
- C:\Windows\System\YCRLBaG.exe
  C:\Windows\System\YCRLBaG.exe
  2⤵
  PID:4428
- C:\Windows\System\azZYgAk.exe
  C:\Windows\System\azZYgAk.exe
  2⤵
  PID:4420
- C:\Windows\System\NSPysJV.exe
  C:\Windows\System\NSPysJV.exe
  2⤵
  PID:4556
- C:\Windows\System\TJSFHNE.exe
  C:\Windows\System\TJSFHNE.exe
  2⤵
  PID:4688
- C:\Windows\System\HJgALKy.exe
  C:\Windows\System\HJgALKy.exe
  2⤵
  PID:4984
- C:\Windows\System\lUQFRYk.exe
  C:\Windows\System\lUQFRYk.exe
  2⤵
  PID:5064
- C:\Windows\System\ExtCYrw.exe
  C:\Windows\System\ExtCYrw.exe
  2⤵
  PID:5108
- C:\Windows\System\tfrTVbN.exe
  C:\Windows\System\tfrTVbN.exe
  2⤵
  PID:5088
- C:\Windows\System\yCmdWRu.exe
  C:\Windows\System\yCmdWRu.exe
  2⤵
  PID:4296
- C:\Windows\System\iFMYBRH.exe
  C:\Windows\System\iFMYBRH.exe
  2⤵
  PID:4136
- C:\Windows\System\cMVeGxl.exe
  C:\Windows\System\cMVeGxl.exe
  2⤵
  PID:4620
- C:\Windows\System\PvEFAAt.exe
  C:\Windows\System\PvEFAAt.exe
  2⤵
  PID:4732
- C:\Windows\System\tcKnwYd.exe
  C:\Windows\System\tcKnwYd.exe
  2⤵
  PID:4820
- C:\Windows\System\wjXPTnZ.exe
  C:\Windows\System\wjXPTnZ.exe
  2⤵
  PID:4772
- C:\Windows\System\UyOQgLa.exe
  C:\Windows\System\UyOQgLa.exe
  2⤵
  PID:5068
- C:\Windows\System\esEqJzy.exe
  C:\Windows\System\esEqJzy.exe
  2⤵
  PID:4376
- C:\Windows\System\YDWjznk.exe
  C:\Windows\System\YDWjznk.exe
  2⤵
  PID:4672
- C:\Windows\System\nnIjjIh.exe
  C:\Windows\System\nnIjjIh.exe
  2⤵
  PID:4636
- C:\Windows\System\MZZGDIL.exe
  C:\Windows\System\MZZGDIL.exe
  2⤵
  PID:4444
- C:\Windows\System\ziHfTYq.exe
  C:\Windows\System\ziHfTYq.exe
  2⤵
  PID:4800
- C:\Windows\System\bTMHVOd.exe
  C:\Windows\System\bTMHVOd.exe
  2⤵
  PID:4248
- C:\Windows\System\ZRPHpFR.exe
  C:\Windows\System\ZRPHpFR.exe
  2⤵
  PID:4744
- C:\Windows\System\LLyrsgh.exe
  C:\Windows\System\LLyrsgh.exe
  2⤵
  PID:2044
- C:\Windows\System\ZTtyvnA.exe
  C:\Windows\System\ZTtyvnA.exe
  2⤵
  PID:4956
- C:\Windows\System\kOHiPMR.exe
  C:\Windows\System\kOHiPMR.exe
  2⤵
  PID:3796
- C:\Windows\System\kbRteBK.exe
  C:\Windows\System\kbRteBK.exe
  2⤵
  PID:4280
- C:\Windows\System\wHdIXpN.exe
  C:\Windows\System\wHdIXpN.exe
  2⤵
  PID:1248
- C:\Windows\System\BkyNYOy.exe
  C:\Windows\System\BkyNYOy.exe
  2⤵
  PID:892
- C:\Windows\System\kOnAeJl.exe
  C:\Windows\System\kOnAeJl.exe
  2⤵
  PID:4856
- C:\Windows\System\VpWSizI.exe
  C:\Windows\System\VpWSizI.exe
  2⤵
  PID:4920
- C:\Windows\System\gusQGja.exe
  C:\Windows\System\gusQGja.exe
  2⤵
  PID:5132
- C:\Windows\System\LPRCmLJ.exe
  C:\Windows\System\LPRCmLJ.exe
  2⤵
  PID:5152
- C:\Windows\System\dhVdLcA.exe
  C:\Windows\System\dhVdLcA.exe
  2⤵
  PID:5184
- C:\Windows\System\ybJyzqe.exe
  C:\Windows\System\ybJyzqe.exe
  2⤵
  PID:5200
- C:\Windows\System\TjnULwc.exe
  C:\Windows\System\TjnULwc.exe
  2⤵
  PID:5216
- C:\Windows\System\VebwBux.exe
  C:\Windows\System\VebwBux.exe
  2⤵
  PID:5232
- C:\Windows\System\ktJIPAY.exe
  C:\Windows\System\ktJIPAY.exe
  2⤵
  PID:5248
- C:\Windows\System\qGGdMSa.exe
  C:\Windows\System\qGGdMSa.exe
  2⤵
  PID:5272
- C:\Windows\System\PDgyRHC.exe
  C:\Windows\System\PDgyRHC.exe
  2⤵
  PID:5288
- C:\Windows\System\auLkbvy.exe
  C:\Windows\System\auLkbvy.exe
  2⤵
  PID:5304
- C:\Windows\System\PNzUMRy.exe
  C:\Windows\System\PNzUMRy.exe
  2⤵
  PID:5324
- C:\Windows\System\gIzmdvW.exe
  C:\Windows\System\gIzmdvW.exe
  2⤵
  PID:5344
- C:\Windows\System\dVlXvEl.exe
  C:\Windows\System\dVlXvEl.exe
  2⤵
  PID:5364
- C:\Windows\System\WYAURQE.exe
  C:\Windows\System\WYAURQE.exe
  2⤵
  PID:5380
- C:\Windows\System\lQQAXnm.exe
  C:\Windows\System\lQQAXnm.exe
  2⤵
  PID:5396
- C:\Windows\System\tOqfnXJ.exe
  C:\Windows\System\tOqfnXJ.exe
  2⤵
  PID:5416
- C:\Windows\System\IdLDMXY.exe
  C:\Windows\System\IdLDMXY.exe
  2⤵
  PID:5436
- C:\Windows\System\VPsehjQ.exe
  C:\Windows\System\VPsehjQ.exe
  2⤵
  PID:5452
- C:\Windows\System\SOkDace.exe
  C:\Windows\System\SOkDace.exe
  2⤵
  PID:5472
- C:\Windows\System\ZORPAaJ.exe
  C:\Windows\System\ZORPAaJ.exe
  2⤵
  PID:5492
- C:\Windows\System\XULDWCi.exe
  C:\Windows\System\XULDWCi.exe
  2⤵
  PID:5508
- C:\Windows\System\XOdDihh.exe
  C:\Windows\System\XOdDihh.exe
  2⤵
  PID:5524
- C:\Windows\System\kUMvvAa.exe
  C:\Windows\System\kUMvvAa.exe
  2⤵
  PID:5552
- C:\Windows\System\fREBuqX.exe
  C:\Windows\System\fREBuqX.exe
  2⤵
  PID:5568
- C:\Windows\System\gOXKXrW.exe
  C:\Windows\System\gOXKXrW.exe
  2⤵
  PID:5596
- C:\Windows\System\LpnuOPR.exe
  C:\Windows\System\LpnuOPR.exe
  2⤵
  PID:5616
- C:\Windows\System\vKFNTbW.exe
  C:\Windows\System\vKFNTbW.exe
  2⤵
  PID:5648
- C:\Windows\System\ukuNNDA.exe
  C:\Windows\System\ukuNNDA.exe
  2⤵
  PID:5680
- C:\Windows\System\WEUmhnV.exe
  C:\Windows\System\WEUmhnV.exe
  2⤵
  PID:5696
- C:\Windows\System\OOEojRF.exe
  C:\Windows\System\OOEojRF.exe
  2⤵
  PID:5716
- C:\Windows\System\TybHEhe.exe
  C:\Windows\System\TybHEhe.exe
  2⤵
  PID:5732
- C:\Windows\System\jLACWQP.exe
  C:\Windows\System\jLACWQP.exe
  2⤵
  PID:5748
- C:\Windows\System\JaxvmGq.exe
  C:\Windows\System\JaxvmGq.exe
  2⤵
  PID:5768
- C:\Windows\System\aBOKaat.exe
  C:\Windows\System\aBOKaat.exe
  2⤵
  PID:5792
- C:\Windows\System\rvdNhHQ.exe
  C:\Windows\System\rvdNhHQ.exe
  2⤵
  PID:5816
- C:\Windows\System\NICahrf.exe
  C:\Windows\System\NICahrf.exe
  2⤵
  PID:5832
- C:\Windows\System\DRvMzgW.exe
  C:\Windows\System\DRvMzgW.exe
  2⤵
  PID:5868
- C:\Windows\System\YNPtudj.exe
  C:\Windows\System\YNPtudj.exe
  2⤵
  PID:5888
- C:\Windows\System\kTObLtt.exe
  C:\Windows\System\kTObLtt.exe
  2⤵
  PID:5908
- C:\Windows\System\erCtqiL.exe
  C:\Windows\System\erCtqiL.exe
  2⤵
  PID:5924
- C:\Windows\System\AgbKSiv.exe
  C:\Windows\System\AgbKSiv.exe
  2⤵
  PID:5948
- C:\Windows\System\SDSWZqk.exe
  C:\Windows\System\SDSWZqk.exe
  2⤵
  PID:5964
- C:\Windows\System\zkjHoxD.exe
  C:\Windows\System\zkjHoxD.exe
  2⤵
  PID:5988
- C:\Windows\System\klVZJBA.exe
  C:\Windows\System\klVZJBA.exe
  2⤵
  PID:6004
- C:\Windows\System\BQnzOqt.exe
  C:\Windows\System\BQnzOqt.exe
  2⤵
  PID:6024
- C:\Windows\System\PAZaWcu.exe
  C:\Windows\System\PAZaWcu.exe
  2⤵
  PID:6040
- C:\Windows\System\SzVgKvh.exe
  C:\Windows\System\SzVgKvh.exe
  2⤵
  PID:6068
- C:\Windows\System\QvaBWkQ.exe
  C:\Windows\System\QvaBWkQ.exe
  2⤵
  PID:6084
- C:\Windows\System\jkhbVnb.exe
  C:\Windows\System\jkhbVnb.exe
  2⤵
  PID:6108
- C:\Windows\System\VBkICFI.exe
  C:\Windows\System\VBkICFI.exe
  2⤵
  PID:6128
- C:\Windows\System\AfkySHP.exe
  C:\Windows\System\AfkySHP.exe
  2⤵
  PID:5160
- C:\Windows\System\MapBUmL.exe
  C:\Windows\System\MapBUmL.exe
  2⤵
  PID:5140
- C:\Windows\System\ambwIBt.exe
  C:\Windows\System\ambwIBt.exe
  2⤵
  PID:5172
- C:\Windows\System\qhrHrTI.exe
  C:\Windows\System\qhrHrTI.exe
  2⤵
  PID:5228
- C:\Windows\System\pqSJkHl.exe
  C:\Windows\System\pqSJkHl.exe
  2⤵
  PID:5260
- C:\Windows\System\AFBEPAk.exe
  C:\Windows\System\AFBEPAk.exe
  2⤵
  PID:5284
- C:\Windows\System\NCVPYjT.exe
  C:\Windows\System\NCVPYjT.exe
  2⤵
  PID:5320
- C:\Windows\System\vIHumKR.exe
  C:\Windows\System\vIHumKR.exe
  2⤵
  PID:5356
- C:\Windows\System\UOKfzDC.exe
  C:\Windows\System\UOKfzDC.exe
  2⤵
  PID:5412
- C:\Windows\System\XsNChOk.exe
  C:\Windows\System\XsNChOk.exe
  2⤵
  PID:5444
- C:\Windows\System\pVCqSaX.exe
  C:\Windows\System\pVCqSaX.exe
  2⤵
  PID:5460
- C:\Windows\System\wMgQUJD.exe
  C:\Windows\System\wMgQUJD.exe
  2⤵
  PID:5484
- C:\Windows\System\hOQjPBq.exe
  C:\Windows\System\hOQjPBq.exe
  2⤵
  PID:5540
- C:\Windows\System\dVFWtgY.exe
  C:\Windows\System\dVFWtgY.exe
  2⤵
  PID:5580
- C:\Windows\System\asVNRcv.exe
  C:\Windows\System\asVNRcv.exe
  2⤵
  PID:5560
- C:\Windows\System\VCNqonl.exe
  C:\Windows\System\VCNqonl.exe
  2⤵
  PID:5632
- C:\Windows\System\zSgfvKC.exe
  C:\Windows\System\zSgfvKC.exe
  2⤵
  PID:5688
- C:\Windows\System\GvYqvFE.exe
  C:\Windows\System\GvYqvFE.exe
  2⤵
  PID:5668
- C:\Windows\System\qYYSvWA.exe
  C:\Windows\System\qYYSvWA.exe
  2⤵
  PID:5704
- C:\Windows\System\HtiqrnL.exe
  C:\Windows\System\HtiqrnL.exe
  2⤵
  PID:5760
- C:\Windows\System\iUoOfaY.exe
  C:\Windows\System\iUoOfaY.exe
  2⤵
  PID:5776
- C:\Windows\System\FevTFwF.exe
  C:\Windows\System\FevTFwF.exe
  2⤵
  PID:5812
- C:\Windows\System\WoyZkEH.exe
  C:\Windows\System\WoyZkEH.exe
  2⤵
  PID:5848
- C:\Windows\System\eALkFBn.exe
  C:\Windows\System\eALkFBn.exe
  2⤵
  PID:5876
- C:\Windows\System\dSWjrVN.exe
  C:\Windows\System\dSWjrVN.exe
  2⤵
  PID:5900
- C:\Windows\System\yIQwBxQ.exe
  C:\Windows\System\yIQwBxQ.exe
  2⤵
  PID:5940
- C:\Windows\System\oNKTHTZ.exe
  C:\Windows\System\oNKTHTZ.exe
  2⤵
  PID:5984
- C:\Windows\System\eGJFLuT.exe
  C:\Windows\System\eGJFLuT.exe
  2⤵
  PID:6020
- C:\Windows\System\EfxvYOi.exe
  C:\Windows\System\EfxvYOi.exe
  2⤵
  PID:6036
- C:\Windows\System\xAbyfKK.exe
  C:\Windows\System\xAbyfKK.exe
  2⤵
  PID:6100
- C:\Windows\System\suAnrLU.exe
  C:\Windows\System\suAnrLU.exe
  2⤵
  PID:6120
- C:\Windows\System\GIHbWjq.exe
  C:\Windows\System\GIHbWjq.exe
  2⤵
  PID:5128
- C:\Windows\System\wvGNRml.exe
  C:\Windows\System\wvGNRml.exe
  2⤵
  PID:5176
- C:\Windows\System\ENUPIAa.exe
  C:\Windows\System\ENUPIAa.exe
  2⤵
  PID:5256
- C:\Windows\System\abmxMnh.exe
  C:\Windows\System\abmxMnh.exe
  2⤵
  PID:5268
- C:\Windows\System\rLDpERe.exe
  C:\Windows\System\rLDpERe.exe
  2⤵
  PID:5332
- C:\Windows\System\GZaQbAT.exe
  C:\Windows\System\GZaQbAT.exe
  2⤵
  PID:5408
- C:\Windows\System\hBeFwGG.exe
  C:\Windows\System\hBeFwGG.exe
  2⤵
  PID:5500
- C:\Windows\System\CXKarAN.exe
  C:\Windows\System\CXKarAN.exe
  2⤵
  PID:5520
- C:\Windows\System\hACTnCw.exe
  C:\Windows\System\hACTnCw.exe
  2⤵
  PID:5576
- C:\Windows\System\YklUEst.exe
  C:\Windows\System\YklUEst.exe
  2⤵
  PID:5644
- C:\Windows\System\kimpkjz.exe
  C:\Windows\System\kimpkjz.exe
  2⤵
  PID:5660
- C:\Windows\System\yfTDsKe.exe
  C:\Windows\System\yfTDsKe.exe
  2⤵
  PID:5744
- C:\Windows\System\JHLazjL.exe
  C:\Windows\System\JHLazjL.exe
  2⤵
  PID:5784
- C:\Windows\System\KpGjDxy.exe
  C:\Windows\System\KpGjDxy.exe
  2⤵
  PID:5824
- C:\Windows\System\IBZvLou.exe
  C:\Windows\System\IBZvLou.exe
  2⤵
  PID:5916
- C:\Windows\System\tALhcUO.exe
  C:\Windows\System\tALhcUO.exe
  2⤵
  PID:5956
- C:\Windows\System\CkCuMva.exe
  C:\Windows\System\CkCuMva.exe
  2⤵
  PID:6016
- C:\Windows\System\DifKVjO.exe
  C:\Windows\System\DifKVjO.exe
  2⤵
  PID:6064
- C:\Windows\System\DTjwDDI.exe
  C:\Windows\System\DTjwDDI.exe
  2⤵
  PID:6124
- C:\Windows\System\vIWXVxA.exe
  C:\Windows\System\vIWXVxA.exe
  2⤵
  PID:5224
- C:\Windows\System\YPrNGip.exe
  C:\Windows\System\YPrNGip.exe
  2⤵
  PID:5404
- C:\Windows\System\BIpGIVB.exe
  C:\Windows\System\BIpGIVB.exe
  2⤵
  PID:4440
- C:\Windows\System\YXmGbBL.exe
  C:\Windows\System\YXmGbBL.exe
  2⤵
  PID:5428
- C:\Windows\System\mWdRiCA.exe
  C:\Windows\System\mWdRiCA.exe
  2⤵
  PID:5588
- C:\Windows\System\rNKSjwD.exe
  C:\Windows\System\rNKSjwD.exe
  2⤵
  PID:5640
- C:\Windows\System\azbPBEk.exe
  C:\Windows\System\azbPBEk.exe
  2⤵
  PID:5828
- C:\Windows\System\RPniRNO.exe
  C:\Windows\System\RPniRNO.exe
  2⤵
  PID:5972
- C:\Windows\System\fQfGayZ.exe
  C:\Windows\System\fQfGayZ.exe
  2⤵
  PID:5860
- C:\Windows\System\PXCcJMm.exe
  C:\Windows\System\PXCcJMm.exe
  2⤵
  PID:6052
- C:\Windows\System\rsAgCPv.exe
  C:\Windows\System\rsAgCPv.exe
  2⤵
  PID:5180
- C:\Windows\System\QzoqdLu.exe
  C:\Windows\System\QzoqdLu.exe
  2⤵
  PID:5316
- C:\Windows\System\dkkJjgp.exe
  C:\Windows\System\dkkJjgp.exe
  2⤵
  PID:5360
- C:\Windows\System\dHKgKpC.exe
  C:\Windows\System\dHKgKpC.exe
  2⤵
  PID:5676
- C:\Windows\System\QUxfxHW.exe
  C:\Windows\System\QUxfxHW.exe
  2⤵
  PID:5960
- C:\Windows\System\cYSLLpa.exe
  C:\Windows\System\cYSLLpa.exe
  2⤵
  PID:5296
- C:\Windows\System\JovGbci.exe
  C:\Windows\System\JovGbci.exe
  2⤵
  PID:5544
- C:\Windows\System\LGwTHPk.exe
  C:\Windows\System\LGwTHPk.exe
  2⤵
  PID:5920
- C:\Windows\System\bcLmMmn.exe
  C:\Windows\System\bcLmMmn.exe
  2⤵
  PID:5604
- C:\Windows\System\UGKYAxe.exe
  C:\Windows\System\UGKYAxe.exe
  2⤵
  PID:5896
- C:\Windows\System\bQVTNzY.exe
  C:\Windows\System\bQVTNzY.exe
  2⤵
  PID:6152
- C:\Windows\System\uJHbVIm.exe
  C:\Windows\System\uJHbVIm.exe
  2⤵
  PID:6172
- C:\Windows\System\WkHmKUX.exe
  C:\Windows\System\WkHmKUX.exe
  2⤵
  PID:6200
- C:\Windows\System\VcZmRlg.exe
  C:\Windows\System\VcZmRlg.exe
  2⤵
  PID:6224
- C:\Windows\System\HVkVhKI.exe
  C:\Windows\System\HVkVhKI.exe
  2⤵
  PID:6244
- C:\Windows\System\qjPeoxm.exe
  C:\Windows\System\qjPeoxm.exe
  2⤵
  PID:6264
- C:\Windows\System\FEttRWl.exe
  C:\Windows\System\FEttRWl.exe
  2⤵
  PID:6280
- C:\Windows\System\PVigLoh.exe
  C:\Windows\System\PVigLoh.exe
  2⤵
  PID:6308
- C:\Windows\System\kuFFKSv.exe
  C:\Windows\System\kuFFKSv.exe
  2⤵
  PID:6324
- C:\Windows\System\DtMQxla.exe
  C:\Windows\System\DtMQxla.exe
  2⤵
  PID:6348
- C:\Windows\System\thyOrPs.exe
  C:\Windows\System\thyOrPs.exe
  2⤵
  PID:6364
- C:\Windows\System\qmouMlw.exe
  C:\Windows\System\qmouMlw.exe
  2⤵
  PID:6388
- C:\Windows\System\eqYPvOr.exe
  C:\Windows\System\eqYPvOr.exe
  2⤵
  PID:6404
- C:\Windows\System\FrcnaoM.exe
  C:\Windows\System\FrcnaoM.exe
  2⤵
  PID:6424
- C:\Windows\System\eaSNlEx.exe
  C:\Windows\System\eaSNlEx.exe
  2⤵
  PID:6440
- C:\Windows\System\SinHKJx.exe
  C:\Windows\System\SinHKJx.exe
  2⤵
  PID:6456
- C:\Windows\System\pHJkYGN.exe
  C:\Windows\System\pHJkYGN.exe
  2⤵
  PID:6484
- C:\Windows\System\toQFxug.exe
  C:\Windows\System\toQFxug.exe
  2⤵
  PID:6508
- C:\Windows\System\sTSvaeE.exe
  C:\Windows\System\sTSvaeE.exe
  2⤵
  PID:6524
- C:\Windows\System\XoGUeEv.exe
  C:\Windows\System\XoGUeEv.exe
  2⤵
  PID:6548
- C:\Windows\System\BBVlmUN.exe
  C:\Windows\System\BBVlmUN.exe
  2⤵
  PID:6568
- C:\Windows\System\FTTWTgL.exe
  C:\Windows\System\FTTWTgL.exe
  2⤵
  PID:6584
- C:\Windows\System\usztTRr.exe
  C:\Windows\System\usztTRr.exe
  2⤵
  PID:6604
- C:\Windows\System\WneYDdO.exe
  C:\Windows\System\WneYDdO.exe
  2⤵
  PID:6624
- C:\Windows\System\guxTYom.exe
  C:\Windows\System\guxTYom.exe
  2⤵
  PID:6648
- C:\Windows\System\xCgmOQE.exe
  C:\Windows\System\xCgmOQE.exe
  2⤵
  PID:6664
- C:\Windows\System\XclYzuQ.exe
  C:\Windows\System\XclYzuQ.exe
  2⤵
  PID:6680
- C:\Windows\System\JGjGVLN.exe
  C:\Windows\System\JGjGVLN.exe
  2⤵
  PID:6700
- C:\Windows\System\xbetFKt.exe
  C:\Windows\System\xbetFKt.exe
  2⤵
  PID:6728
- C:\Windows\System\eYCGgNW.exe
  C:\Windows\System\eYCGgNW.exe
  2⤵
  PID:6744
- C:\Windows\System\DNjWDUG.exe
  C:\Windows\System\DNjWDUG.exe
  2⤵
  PID:6760
- C:\Windows\System\ITSgoNZ.exe
  C:\Windows\System\ITSgoNZ.exe
  2⤵
  PID:6776
- C:\Windows\System\raCqEXL.exe
  C:\Windows\System\raCqEXL.exe
  2⤵
  PID:6800
- C:\Windows\System\gjnGvIz.exe
  C:\Windows\System\gjnGvIz.exe
  2⤵
  PID:6816
- C:\Windows\System\akTkZBo.exe
  C:\Windows\System\akTkZBo.exe
  2⤵
  PID:6832
- C:\Windows\System\eDboEQp.exe
  C:\Windows\System\eDboEQp.exe
  2⤵
  PID:6852
- C:\Windows\System\jnsBhjs.exe
  C:\Windows\System\jnsBhjs.exe
  2⤵
  PID:6868
- C:\Windows\System\rEtgotD.exe
  C:\Windows\System\rEtgotD.exe
  2⤵
  PID:6896
- C:\Windows\System\vzyPIuQ.exe
  C:\Windows\System\vzyPIuQ.exe
  2⤵
  PID:6936
- C:\Windows\System\KBrFaLU.exe
  C:\Windows\System\KBrFaLU.exe
  2⤵
  PID:6952
- C:\Windows\System\kJazHKZ.exe
  C:\Windows\System\kJazHKZ.exe
  2⤵
  PID:6968
- C:\Windows\System\LznmgSD.exe
  C:\Windows\System\LznmgSD.exe
  2⤵
  PID:6984
- C:\Windows\System\JAfXENx.exe
  C:\Windows\System\JAfXENx.exe
  2⤵
  PID:7008
- C:\Windows\System\wZBFSXv.exe
  C:\Windows\System\wZBFSXv.exe
  2⤵
  PID:7024
- C:\Windows\System\IMadmIa.exe
  C:\Windows\System\IMadmIa.exe
  2⤵
  PID:7044
- C:\Windows\System\KQQpwfE.exe
  C:\Windows\System\KQQpwfE.exe
  2⤵
  PID:7060
- C:\Windows\System\EXwkGuw.exe
  C:\Windows\System\EXwkGuw.exe
  2⤵
  PID:7080
- C:\Windows\System\LjMgygn.exe
  C:\Windows\System\LjMgygn.exe
  2⤵
  PID:7096
- C:\Windows\System\YzQzOqA.exe
  C:\Windows\System\YzQzOqA.exe
  2⤵
  PID:7132
- C:\Windows\System\qudAlIO.exe
  C:\Windows\System\qudAlIO.exe
  2⤵
  PID:7156
- C:\Windows\System\uPMsSFd.exe
  C:\Windows\System\uPMsSFd.exe
  2⤵
  PID:6148
- C:\Windows\System\KvoPvSD.exe
  C:\Windows\System\KvoPvSD.exe
  2⤵
  PID:6180
- C:\Windows\System\eZNTMVR.exe
  C:\Windows\System\eZNTMVR.exe
  2⤵
  PID:6216
- C:\Windows\System\NpgFJsX.exe
  C:\Windows\System\NpgFJsX.exe
  2⤵
  PID:6260
- C:\Windows\System\ORIEjHE.exe
  C:\Windows\System\ORIEjHE.exe
  2⤵
  PID:6300
- C:\Windows\System\VNkUysl.exe
  C:\Windows\System\VNkUysl.exe
  2⤵
  PID:6316
- C:\Windows\System\uArDGJq.exe
  C:\Windows\System\uArDGJq.exe
  2⤵
  PID:6340
- C:\Windows\System\KWmtRgk.exe
  C:\Windows\System\KWmtRgk.exe
  2⤵
  PID:6360
- C:\Windows\System\tOLxCYy.exe
  C:\Windows\System\tOLxCYy.exe
  2⤵
  PID:6420
- C:\Windows\System\LtzYqIA.exe
  C:\Windows\System\LtzYqIA.exe
  2⤵
  PID:6400
- C:\Windows\System\xaJrirk.exe
  C:\Windows\System\xaJrirk.exe
  2⤵
  PID:6500
- C:\Windows\System\EZtSZvW.exe
  C:\Windows\System\EZtSZvW.exe
  2⤵
  PID:6504
- C:\Windows\System\fZtjdcH.exe
  C:\Windows\System\fZtjdcH.exe
  2⤵
  PID:6544
- C:\Windows\System\xHNJFap.exe
  C:\Windows\System\xHNJFap.exe
  2⤵
  PID:6576
- C:\Windows\System\YkADXTH.exe
  C:\Windows\System\YkADXTH.exe
  2⤵
  PID:6620
- C:\Windows\System\afNzLJb.exe
  C:\Windows\System\afNzLJb.exe
  2⤵
  PID:6632
- C:\Windows\System\JZfDZMg.exe
  C:\Windows\System\JZfDZMg.exe
  2⤵
  PID:6672
- C:\Windows\System\mqmBeYW.exe
  C:\Windows\System\mqmBeYW.exe
  2⤵
  PID:6720
- C:\Windows\System\XxwuSkF.exe
  C:\Windows\System\XxwuSkF.exe
  2⤵
  PID:6688
- C:\Windows\System\zxVUyOc.exe
  C:\Windows\System\zxVUyOc.exe
  2⤵
  PID:6736
- C:\Windows\System\sBTngfK.exe
  C:\Windows\System\sBTngfK.exe
  2⤵
  PID:6840
- C:\Windows\System\Nfivsyt.exe
  C:\Windows\System\Nfivsyt.exe
  2⤵
  PID:6880
- C:\Windows\System\JJSBbIY.exe
  C:\Windows\System\JJSBbIY.exe
  2⤵
  PID:6784
- C:\Windows\System\CYkodCf.exe
  C:\Windows\System\CYkodCf.exe
  2⤵
  PID:6792
- C:\Windows\System\ZIZTRHT.exe
  C:\Windows\System\ZIZTRHT.exe
  2⤵
  PID:6828
- C:\Windows\System\BsbxRpy.exe
  C:\Windows\System\BsbxRpy.exe
  2⤵
  PID:6932
- C:\Windows\System\YEppVxP.exe
  C:\Windows\System\YEppVxP.exe
  2⤵
  PID:7016
- C:\Windows\System\dzDdCBe.exe
  C:\Windows\System\dzDdCBe.exe
  2⤵
  PID:6964
- C:\Windows\System\VzBPHLd.exe
  C:\Windows\System\VzBPHLd.exe
  2⤵
  PID:7000
- C:\Windows\System\cDAZlNR.exe
  C:\Windows\System\cDAZlNR.exe
  2⤵
  PID:7068
- C:\Windows\System\GlrvNxt.exe
  C:\Windows\System\GlrvNxt.exe
  2⤵
  PID:7120
- C:\Windows\System\MoUYQlt.exe
  C:\Windows\System\MoUYQlt.exe
  2⤵
  PID:7148
- C:\Windows\System\YdpiwLX.exe
  C:\Windows\System\YdpiwLX.exe
  2⤵
  PID:5212
- C:\Windows\System\OmjFovl.exe
  C:\Windows\System\OmjFovl.exe
  2⤵
  PID:6196
- C:\Windows\System\LXSAUcC.exe
  C:\Windows\System\LXSAUcC.exe
  2⤵
  PID:6232
- C:\Windows\System\DCkHArO.exe
  C:\Windows\System\DCkHArO.exe
  2⤵
  PID:6304
- C:\Windows\System\PnEGOiL.exe
  C:\Windows\System\PnEGOiL.exe
  2⤵
  PID:6356
- C:\Windows\System\HrKLyxn.exe
  C:\Windows\System\HrKLyxn.exe
  2⤵
  PID:6492
- C:\Windows\System\OBaTmWe.exe
  C:\Windows\System\OBaTmWe.exe
  2⤵
  PID:6480
- C:\Windows\System\kpjSBJS.exe
  C:\Windows\System\kpjSBJS.exe
  2⤵
  PID:6520
- C:\Windows\System\vrjNMxn.exe
  C:\Windows\System\vrjNMxn.exe
  2⤵
  PID:2352
- C:\Windows\System\RWnRLLt.exe
  C:\Windows\System\RWnRLLt.exe
  2⤵
  PID:6612
- C:\Windows\System\CkOWibN.exe
  C:\Windows\System\CkOWibN.exe
  2⤵
  PID:6716
- C:\Windows\System\knJfgOv.exe
  C:\Windows\System\knJfgOv.exe
  2⤵
  PID:6660
- C:\Windows\System\zTtPVOH.exe
  C:\Windows\System\zTtPVOH.exe
  2⤵
  PID:924
- C:\Windows\System\wUbvIXk.exe
  C:\Windows\System\wUbvIXk.exe
  2⤵
  PID:6808
- C:\Windows\System\UbBFPdn.exe
  C:\Windows\System\UbBFPdn.exe
  2⤵
  PID:6944
- C:\Windows\System\tbeCewm.exe
  C:\Windows\System\tbeCewm.exe
  2⤵
  PID:6884
- C:\Windows\System\uAHJxoI.exe
  C:\Windows\System\uAHJxoI.exe
  2⤵
  PID:7004
- C:\Windows\System\mzjwRNU.exe
  C:\Windows\System\mzjwRNU.exe
  2⤵
  PID:7112
- C:\Windows\System\tzEBiuF.exe
  C:\Windows\System\tzEBiuF.exe
  2⤵
  PID:6996
- C:\Windows\System\wnIWyYB.exe
  C:\Windows\System\wnIWyYB.exe
  2⤵
  PID:7164
- C:\Windows\System\QnhvSzI.exe
  C:\Windows\System\QnhvSzI.exe
  2⤵
  PID:6192
- C:\Windows\System\BEbmxNn.exe
  C:\Windows\System\BEbmxNn.exe
  2⤵
  PID:6376
- C:\Windows\System\HwdZHQZ.exe
  C:\Windows\System\HwdZHQZ.exe
  2⤵
  PID:6412
- C:\Windows\System\xLzhwgI.exe
  C:\Windows\System\xLzhwgI.exe
  2⤵
  PID:6472
- C:\Windows\System\DgefaJT.exe
  C:\Windows\System\DgefaJT.exe
  2⤵
  PID:6596
- C:\Windows\System\kSCSiLR.exe
  C:\Windows\System\kSCSiLR.exe
  2⤵
  PID:6712
- C:\Windows\System\GZlLKrX.exe
  C:\Windows\System\GZlLKrX.exe
  2⤵
  PID:6908
- C:\Windows\System\IMxHiZO.exe
  C:\Windows\System\IMxHiZO.exe
  2⤵
  PID:6640
- C:\Windows\System\nZLCZPs.exe
  C:\Windows\System\nZLCZPs.exe
  2⤵
  PID:6756
- C:\Windows\System\XAFYNFD.exe
  C:\Windows\System\XAFYNFD.exe
  2⤵
  PID:6976
- C:\Windows\System\lCbOkzm.exe
  C:\Windows\System\lCbOkzm.exe
  2⤵
  PID:6320
- C:\Windows\System\GglQqjB.exe
  C:\Windows\System\GglQqjB.exe
  2⤵
  PID:1848
- C:\Windows\System\SrQnxlm.exe
  C:\Windows\System\SrQnxlm.exe
  2⤵
  PID:6912
- C:\Windows\System\xfmLFna.exe
  C:\Windows\System\xfmLFna.exe
  2⤵
  PID:6372
- C:\Windows\System\DWtVGuC.exe
  C:\Windows\System\DWtVGuC.exe
  2⤵
  PID:6948
- C:\Windows\System\zSFyHNj.exe
  C:\Windows\System\zSFyHNj.exe
  2⤵
  PID:6644
- C:\Windows\System\BIoYJXr.exe
  C:\Windows\System\BIoYJXr.exe
  2⤵
  PID:7124
- C:\Windows\System\AiWAGsM.exe
  C:\Windows\System\AiWAGsM.exe
  2⤵
  PID:7140
- C:\Windows\System\ihuYyzx.exe
  C:\Windows\System\ihuYyzx.exe
  2⤵
  PID:6208
- C:\Windows\System\AFwMEqq.exe
  C:\Windows\System\AFwMEqq.exe
  2⤵
  PID:6168
- C:\Windows\System\opgJbFV.exe
  C:\Windows\System\opgJbFV.exe
  2⤵
  PID:6980
- C:\Windows\System\ZkptHQY.exe
  C:\Windows\System\ZkptHQY.exe
  2⤵
  PID:7040
- C:\Windows\System\XFldoIm.exe
  C:\Windows\System\XFldoIm.exe
  2⤵
  PID:6848
- C:\Windows\System\MoaNYMP.exe
  C:\Windows\System\MoaNYMP.exe
  2⤵
  PID:6256
- C:\Windows\System\XFzMkgx.exe
  C:\Windows\System\XFzMkgx.exe
  2⤵
  PID:7032
- C:\Windows\System\ECSTgUc.exe
  C:\Windows\System\ECSTgUc.exe
  2⤵
  PID:6768
- C:\Windows\System\sboyGxE.exe
  C:\Windows\System\sboyGxE.exe
  2⤵
  PID:6188
- C:\Windows\System\bVhcrAI.exe
  C:\Windows\System\bVhcrAI.exe
  2⤵
  PID:7128
- C:\Windows\System\VMYqeGi.exe
  C:\Windows\System\VMYqeGi.exe
  2⤵
  PID:6928
- C:\Windows\System\ejfcjcb.exe
  C:\Windows\System\ejfcjcb.exe
  2⤵
  PID:7184
- C:\Windows\System\IlfZqdz.exe
  C:\Windows\System\IlfZqdz.exe
  2⤵
  PID:7208
- C:\Windows\System\wBsCIbL.exe
  C:\Windows\System\wBsCIbL.exe
  2⤵
  PID:7228
- C:\Windows\System\yJdokMV.exe
  C:\Windows\System\yJdokMV.exe
  2⤵
  PID:7248
- C:\Windows\System\FFPYkPy.exe
  C:\Windows\System\FFPYkPy.exe
  2⤵
  PID:7272
- C:\Windows\System\VkXMezA.exe
  C:\Windows\System\VkXMezA.exe
  2⤵
  PID:7292
- C:\Windows\System\OhXZhpw.exe
  C:\Windows\System\OhXZhpw.exe
  2⤵
  PID:7312
- C:\Windows\System\CQWtKBF.exe
  C:\Windows\System\CQWtKBF.exe
  2⤵
  PID:7332
- C:\Windows\System\fUjQQqz.exe
  C:\Windows\System\fUjQQqz.exe
  2⤵
  PID:7348
- C:\Windows\System\efZYPCf.exe
  C:\Windows\System\efZYPCf.exe
  2⤵
  PID:7372
- C:\Windows\System\BSWhLbX.exe
  C:\Windows\System\BSWhLbX.exe
  2⤵
  PID:7392
- C:\Windows\System\byUAHXy.exe
  C:\Windows\System\byUAHXy.exe
  2⤵
  PID:7408
- C:\Windows\System\uUbwrUF.exe
  C:\Windows\System\uUbwrUF.exe
  2⤵
  PID:7428
- C:\Windows\System\vxSpksw.exe
  C:\Windows\System\vxSpksw.exe
  2⤵
  PID:7448
- C:\Windows\System\YYJEPgX.exe
  C:\Windows\System\YYJEPgX.exe
  2⤵
  PID:7476
- C:\Windows\System\xAaRRCi.exe
  C:\Windows\System\xAaRRCi.exe
  2⤵
  PID:7492
- C:\Windows\System\NqFJTDN.exe
  C:\Windows\System\NqFJTDN.exe
  2⤵
  PID:7516
- C:\Windows\System\uARxWvS.exe
  C:\Windows\System\uARxWvS.exe
  2⤵
  PID:7532
- C:\Windows\System\YwKIinH.exe
  C:\Windows\System\YwKIinH.exe
  2⤵
  PID:7556
- C:\Windows\System\viKMbHo.exe
  C:\Windows\System\viKMbHo.exe
  2⤵
  PID:7572
- C:\Windows\System\LnRTwVw.exe
  C:\Windows\System\LnRTwVw.exe
  2⤵
  PID:7588
- C:\Windows\System\kavmowg.exe
  C:\Windows\System\kavmowg.exe
  2⤵
  PID:7604
- C:\Windows\System\ZlsIbwY.exe
  C:\Windows\System\ZlsIbwY.exe
  2⤵
  PID:7632
- C:\Windows\System\URXMsbb.exe
  C:\Windows\System\URXMsbb.exe
  2⤵
  PID:7656
- C:\Windows\System\xtCMmTE.exe
  C:\Windows\System\xtCMmTE.exe
  2⤵
  PID:7676
- C:\Windows\System\gRTNdjU.exe
  C:\Windows\System\gRTNdjU.exe
  2⤵
  PID:7692
- C:\Windows\System\SYQYFHm.exe
  C:\Windows\System\SYQYFHm.exe
  2⤵
  PID:7712
- C:\Windows\System\uQTXczj.exe
  C:\Windows\System\uQTXczj.exe
  2⤵
  PID:7732
- C:\Windows\System\xnHBUfX.exe
  C:\Windows\System\xnHBUfX.exe
  2⤵
  PID:7752
- C:\Windows\System\bwRUTJG.exe
  C:\Windows\System\bwRUTJG.exe
  2⤵
  PID:7772
- C:\Windows\System\uAskJTJ.exe
  C:\Windows\System\uAskJTJ.exe
  2⤵
  PID:7792
- C:\Windows\System\OtpAwOX.exe
  C:\Windows\System\OtpAwOX.exe
  2⤵
  PID:7812
- C:\Windows\System\qBAXwrO.exe
  C:\Windows\System\qBAXwrO.exe
  2⤵
  PID:7828
- C:\Windows\System\ogCWmxr.exe
  C:\Windows\System\ogCWmxr.exe
  2⤵
  PID:7848
- C:\Windows\System\AoqMhEu.exe
  C:\Windows\System\AoqMhEu.exe
  2⤵
  PID:7876
- C:\Windows\System\YuhucWW.exe
  C:\Windows\System\YuhucWW.exe
  2⤵
  PID:7896
- C:\Windows\System\axeHuVu.exe
  C:\Windows\System\axeHuVu.exe
  2⤵
  PID:7916
- C:\Windows\System\QyEaAUk.exe
  C:\Windows\System\QyEaAUk.exe
  2⤵
  PID:7932
- C:\Windows\System\PUdBHxR.exe
  C:\Windows\System\PUdBHxR.exe
  2⤵
  PID:7952
- C:\Windows\System\SwOovpW.exe
  C:\Windows\System\SwOovpW.exe
  2⤵
  PID:7976
- C:\Windows\System\UlUrPxQ.exe
  C:\Windows\System\UlUrPxQ.exe
  2⤵
  PID:8000
- C:\Windows\System\JCNYVAx.exe
  C:\Windows\System\JCNYVAx.exe
  2⤵
  PID:8016
- C:\Windows\System\FmqeSEq.exe
  C:\Windows\System\FmqeSEq.exe
  2⤵
  PID:8040
- C:\Windows\System\pmmDplT.exe
  C:\Windows\System\pmmDplT.exe
  2⤵
  PID:8056
- C:\Windows\System\lirCvlv.exe
  C:\Windows\System\lirCvlv.exe
  2⤵
  PID:8076
- C:\Windows\System\CQKvTJZ.exe
  C:\Windows\System\CQKvTJZ.exe
  2⤵
  PID:8096
- C:\Windows\System\zngNCYR.exe
  C:\Windows\System\zngNCYR.exe
  2⤵
  PID:8120
- C:\Windows\System\wcakwfv.exe
  C:\Windows\System\wcakwfv.exe
  2⤵
  PID:8136
- C:\Windows\System\oQALlmT.exe
  C:\Windows\System\oQALlmT.exe
  2⤵
  PID:8156
- C:\Windows\System\IAPFPKb.exe
  C:\Windows\System\IAPFPKb.exe
  2⤵
  PID:8176
- C:\Windows\System\MJzCVDl.exe
  C:\Windows\System\MJzCVDl.exe
  2⤵
  PID:7176
- C:\Windows\System\qJffMYw.exe
  C:\Windows\System\qJffMYw.exe
  2⤵
  PID:7200
- C:\Windows\System\MhGRGrf.exe
  C:\Windows\System\MhGRGrf.exe
  2⤵
  PID:7256
- C:\Windows\System\FOZholj.exe
  C:\Windows\System\FOZholj.exe
  2⤵
  PID:7264
- C:\Windows\System\vFcFmDE.exe
  C:\Windows\System\vFcFmDE.exe
  2⤵
  PID:7300
- C:\Windows\System\MYzDXgF.exe
  C:\Windows\System\MYzDXgF.exe
  2⤵
  PID:7328
- C:\Windows\System\uinmckC.exe
  C:\Windows\System\uinmckC.exe
  2⤵
  PID:7380
- C:\Windows\System\JEvhtTc.exe
  C:\Windows\System\JEvhtTc.exe
  2⤵
  PID:7416
- C:\Windows\System\GkvcAiB.exe
  C:\Windows\System\GkvcAiB.exe
  2⤵
  PID:7440
- C:\Windows\System\mPRgnAN.exe
  C:\Windows\System\mPRgnAN.exe
  2⤵
  PID:7460
- C:\Windows\System\LQJgPOf.exe
  C:\Windows\System\LQJgPOf.exe
  2⤵
  PID:7508
- C:\Windows\System\HxIdKmD.exe
  C:\Windows\System\HxIdKmD.exe
  2⤵
  PID:7524
- C:\Windows\System\xYnyTum.exe
  C:\Windows\System\xYnyTum.exe
  2⤵
  PID:7564
- C:\Windows\System\OXQqaPL.exe
  C:\Windows\System\OXQqaPL.exe
  2⤵
  PID:7624
- C:\Windows\System\aHYHXcB.exe
  C:\Windows\System\aHYHXcB.exe
  2⤵
  PID:7600
- C:\Windows\System\FbotOlR.exe
  C:\Windows\System\FbotOlR.exe
  2⤵
  PID:7668
- C:\Windows\System\zAzrYVV.exe
  C:\Windows\System\zAzrYVV.exe
  2⤵
  PID:7684
- C:\Windows\System\cbXpOXC.exe
  C:\Windows\System\cbXpOXC.exe
  2⤵
  PID:7740
- C:\Windows\System\KnbDgTj.exe
  C:\Windows\System\KnbDgTj.exe
  2⤵
  PID:7764
- C:\Windows\System\UNJrtTJ.exe
  C:\Windows\System\UNJrtTJ.exe
  2⤵
  PID:7800
- C:\Windows\System\wVEMnvB.exe
  C:\Windows\System\wVEMnvB.exe
  2⤵
  PID:7868
- C:\Windows\System\MYqNPxg.exe
  C:\Windows\System\MYqNPxg.exe
  2⤵
  PID:7844
- C:\Windows\System\cOibUcp.exe
  C:\Windows\System\cOibUcp.exe
  2⤵
  PID:7884
- C:\Windows\System\WTyWYyH.exe
  C:\Windows\System\WTyWYyH.exe
  2⤵
  PID:7948
- C:\Windows\System\TQFCNKC.exe
  C:\Windows\System\TQFCNKC.exe
  2⤵
  PID:7972
- C:\Windows\System\hwrSkDW.exe
  C:\Windows\System\hwrSkDW.exe
  2⤵
  PID:7992
- C:\Windows\System\OydspJF.exe
  C:\Windows\System\OydspJF.exe
  2⤵
  PID:8028
- C:\Windows\System\eRBmLgV.exe
  C:\Windows\System\eRBmLgV.exe
  2⤵
  PID:8068
- C:\Windows\System\NSZKIYU.exe
  C:\Windows\System\NSZKIYU.exe
  2⤵
  PID:8104
- C:\Windows\System\UfFvKUa.exe
  C:\Windows\System\UfFvKUa.exe
  2⤵
  PID:8128
- C:\Windows\System\gVbZfnr.exe
  C:\Windows\System\gVbZfnr.exe
  2⤵
  PID:8168
- C:\Windows\System\KTCACQf.exe
  C:\Windows\System\KTCACQf.exe
  2⤵
  PID:6892
- C:\Windows\System\JloMZjS.exe
  C:\Windows\System\JloMZjS.exe
  2⤵
  PID:7236
- C:\Windows\System\anYpIAE.exe
  C:\Windows\System\anYpIAE.exe
  2⤵
  PID:7288
- C:\Windows\System\HgTBhHN.exe
  C:\Windows\System\HgTBhHN.exe
  2⤵
  PID:7320
- C:\Windows\System\FGgVMTZ.exe
  C:\Windows\System\FGgVMTZ.exe
  2⤵
  PID:7424
- C:\Windows\System\TpgjcqO.exe
  C:\Windows\System\TpgjcqO.exe
  2⤵
  PID:7472
- C:\Windows\System\bNhobDf.exe
  C:\Windows\System\bNhobDf.exe
  2⤵
  PID:7484
- C:\Windows\System\EmyHycC.exe
  C:\Windows\System\EmyHycC.exe
  2⤵
  PID:7620
- C:\Windows\System\nKueQyM.exe
  C:\Windows\System\nKueQyM.exe
  2⤵
  PID:7616
- C:\Windows\System\ywDwwNI.exe
  C:\Windows\System\ywDwwNI.exe
  2⤵
  PID:7664
- C:\Windows\System\BvdzESY.exe
  C:\Windows\System\BvdzESY.exe
  2⤵
  PID:7720
- C:\Windows\System\jmCEyWm.exe
  C:\Windows\System\jmCEyWm.exe
  2⤵
  PID:7820
- C:\Windows\System\aCBXcZW.exe
  C:\Windows\System\aCBXcZW.exe
  2⤵
  PID:7864
- C:\Windows\System\RazTWYh.exe
  C:\Windows\System\RazTWYh.exe
  2⤵
  PID:7908
- C:\Windows\System\YGKdOOW.exe
  C:\Windows\System\YGKdOOW.exe
  2⤵
  PID:7964
- C:\Windows\System\tmJxHyN.exe
  C:\Windows\System\tmJxHyN.exe
  2⤵
  PID:8024
- C:\Windows\System\kJpxKVQ.exe
  C:\Windows\System\kJpxKVQ.exe
  2⤵
  PID:8084
- C:\Windows\System\bUdJaog.exe
  C:\Windows\System\bUdJaog.exe
  2⤵
  PID:8152
- C:\Windows\System\LoZRMUe.exe
  C:\Windows\System\LoZRMUe.exe
  2⤵
  PID:8184
- C:\Windows\System\bqGbjod.exe
  C:\Windows\System\bqGbjod.exe
  2⤵
  PID:7192
- C:\Windows\System\VqMbmgV.exe
  C:\Windows\System\VqMbmgV.exe
  2⤵
  PID:7304
- C:\Windows\System\AZYXNoG.exe
  C:\Windows\System\AZYXNoG.exe
  2⤵
  PID:7400
- C:\Windows\System\nMhDLnw.exe
  C:\Windows\System\nMhDLnw.exe
  2⤵
  PID:7584
- C:\Windows\System\iLWvOfK.exe
  C:\Windows\System\iLWvOfK.exe
  2⤵
  PID:7924
- C:\Windows\System\ZYcGXrD.exe
  C:\Windows\System\ZYcGXrD.exe
  2⤵
  PID:8064
- C:\Windows\System\GPDYPXA.exe
  C:\Windows\System\GPDYPXA.exe
  2⤵
  PID:8148
- C:\Windows\System\PFpUScE.exe
  C:\Windows\System\PFpUScE.exe
  2⤵
  PID:7216
- C:\Windows\System\HksKcfL.exe
  C:\Windows\System\HksKcfL.exe
  2⤵
  PID:7284
- C:\Windows\System\hQxZvzj.exe
  C:\Windows\System\hQxZvzj.exe
  2⤵
  PID:7404
- C:\Windows\System\tnBQFMY.exe
  C:\Windows\System\tnBQFMY.exe
  2⤵
  PID:7888
- C:\Windows\System\XhmGOsp.exe
  C:\Windows\System\XhmGOsp.exe
  2⤵
  PID:8036
- C:\Windows\System\ZdKmqYq.exe
  C:\Windows\System\ZdKmqYq.exe
  2⤵
  PID:7548
- C:\Windows\System\bvbKTBn.exe
  C:\Windows\System\bvbKTBn.exe
  2⤵
  PID:7368
- C:\Windows\System\TfFyZqp.exe
  C:\Windows\System\TfFyZqp.exe
  2⤵
  PID:7344
- C:\Windows\System\nCjhACS.exe
  C:\Windows\System\nCjhACS.exe
  2⤵
  PID:8208
- C:\Windows\System\QowUxhy.exe
  C:\Windows\System\QowUxhy.exe
  2⤵
  PID:8224
- C:\Windows\System\ElgqesC.exe
  C:\Windows\System\ElgqesC.exe
  2⤵
  PID:8240
- C:\Windows\System\TZzXrey.exe
  C:\Windows\System\TZzXrey.exe
  2⤵
  PID:8260
- C:\Windows\System\NUYWOJZ.exe
  C:\Windows\System\NUYWOJZ.exe
  2⤵
  PID:8280
- C:\Windows\System\aLQmrla.exe
  C:\Windows\System\aLQmrla.exe
  2⤵
  PID:8304
- C:\Windows\System\QUHDtde.exe
  C:\Windows\System\QUHDtde.exe
  2⤵
  PID:8320
- C:\Windows\System\dYAahAa.exe
  C:\Windows\System\dYAahAa.exe
  2⤵
  PID:8336
- C:\Windows\System\QwTokdE.exe
  C:\Windows\System\QwTokdE.exe
  2⤵
  PID:8352
- C:\Windows\System\IYmqBqv.exe
  C:\Windows\System\IYmqBqv.exe
  2⤵
  PID:8368
- C:\Windows\System\xJsbntp.exe
  C:\Windows\System\xJsbntp.exe
  2⤵
  PID:8388
- C:\Windows\System\IgwWyXv.exe
  C:\Windows\System\IgwWyXv.exe
  2⤵
  PID:8408
- C:\Windows\System\YiZzGHR.exe
  C:\Windows\System\YiZzGHR.exe
  2⤵
  PID:8424
- C:\Windows\System\oxZuzlu.exe
  C:\Windows\System\oxZuzlu.exe
  2⤵
  PID:8440
- C:\Windows\System\wQHDNHa.exe
  C:\Windows\System\wQHDNHa.exe
  2⤵
  PID:8456
- C:\Windows\System\OeOoBko.exe
  C:\Windows\System\OeOoBko.exe
  2⤵
  PID:8472
- C:\Windows\System\UsUyYmK.exe
  C:\Windows\System\UsUyYmK.exe
  2⤵
  PID:8488
- C:\Windows\System\AbdvSlg.exe
  C:\Windows\System\AbdvSlg.exe
  2⤵
  PID:8504
- C:\Windows\System\GtaFaDF.exe
  C:\Windows\System\GtaFaDF.exe
  2⤵
  PID:8520
- C:\Windows\System\rvXBtsn.exe
  C:\Windows\System\rvXBtsn.exe
  2⤵
  PID:8536
- C:\Windows\System\DJfCroT.exe
  C:\Windows\System\DJfCroT.exe
  2⤵
  PID:8552
- C:\Windows\System\UPWpZCm.exe
  C:\Windows\System\UPWpZCm.exe
  2⤵
  PID:8568
- C:\Windows\System\jXesQxz.exe
  C:\Windows\System\jXesQxz.exe
  2⤵
  PID:8584
- C:\Windows\System\JkESUmP.exe
  C:\Windows\System\JkESUmP.exe
  2⤵
  PID:8600
- C:\Windows\System\ucufxAc.exe
  C:\Windows\System\ucufxAc.exe
  2⤵
  PID:8616
- C:\Windows\System\XIhXdxB.exe
  C:\Windows\System\XIhXdxB.exe
  2⤵
  PID:8632
- C:\Windows\System\pmwDARU.exe
  C:\Windows\System\pmwDARU.exe
  2⤵
  PID:8648
- C:\Windows\System\AjjqxEG.exe
  C:\Windows\System\AjjqxEG.exe
  2⤵
  PID:8664
- C:\Windows\System\DXGaJkt.exe
  C:\Windows\System\DXGaJkt.exe
  2⤵
  PID:8680
- C:\Windows\System\xLJwxts.exe
  C:\Windows\System\xLJwxts.exe
  2⤵
  PID:8696
- C:\Windows\System\riSgeYQ.exe
  C:\Windows\System\riSgeYQ.exe
  2⤵
  PID:8712
- C:\Windows\System\wkushMH.exe
  C:\Windows\System\wkushMH.exe
  2⤵
  PID:8728
- C:\Windows\System\ZCuBHmu.exe
  C:\Windows\System\ZCuBHmu.exe
  2⤵
  PID:8744
- C:\Windows\System\clKNVoe.exe
  C:\Windows\System\clKNVoe.exe
  2⤵
  PID:8768
- C:\Windows\System\JsdQNGz.exe
  C:\Windows\System\JsdQNGz.exe
  2⤵
  PID:8788
- C:\Windows\System\CtxsVuc.exe
  C:\Windows\System\CtxsVuc.exe
  2⤵
  PID:8816
- C:\Windows\System\GtxCSKu.exe
  C:\Windows\System\GtxCSKu.exe
  2⤵
  PID:8848
- C:\Windows\System\GiiNnJF.exe
  C:\Windows\System\GiiNnJF.exe
  2⤵
  PID:8868
- C:\Windows\System\HNHENUw.exe
  C:\Windows\System\HNHENUw.exe
  2⤵
  PID:8888
- C:\Windows\System\abCcrMn.exe
  C:\Windows\System\abCcrMn.exe
  2⤵
  PID:8904
- C:\Windows\System\WBkzpVE.exe
  C:\Windows\System\WBkzpVE.exe
  2⤵
  PID:8924
- C:\Windows\System\iWCdDfV.exe
  C:\Windows\System\iWCdDfV.exe
  2⤵
  PID:8944
- C:\Windows\System\jMxtNSw.exe
  C:\Windows\System\jMxtNSw.exe
  2⤵
  PID:8964
- C:\Windows\System\RsxYTwc.exe
  C:\Windows\System\RsxYTwc.exe
  2⤵
  PID:8980
- C:\Windows\System\XABQDpa.exe
  C:\Windows\System\XABQDpa.exe
  2⤵
  PID:9000
- C:\Windows\System\rFyQQlj.exe
  C:\Windows\System\rFyQQlj.exe
  2⤵
  PID:9020
- C:\Windows\System\egnCUBS.exe
  C:\Windows\System\egnCUBS.exe
  2⤵
  PID:9044
- C:\Windows\System\xvENLth.exe
  C:\Windows\System\xvENLth.exe
  2⤵
  PID:9068
- C:\Windows\System\FsVzFMB.exe
  C:\Windows\System\FsVzFMB.exe
  2⤵
  PID:9084
- C:\Windows\System\GnBAjGE.exe
  C:\Windows\System\GnBAjGE.exe
  2⤵
  PID:9100
- C:\Windows\System\FxrjpcI.exe
  C:\Windows\System\FxrjpcI.exe
  2⤵
  PID:9156
- C:\Windows\System\lLivSuc.exe
  C:\Windows\System\lLivSuc.exe
  2⤵
  PID:9176
- C:\Windows\System\putXGLT.exe
  C:\Windows\System\putXGLT.exe
  2⤵
  PID:9204
- C:\Windows\System\EwvDWhu.exe
  C:\Windows\System\EwvDWhu.exe
  2⤵
  PID:8216
- C:\Windows\System\zrhOhBl.exe
  C:\Windows\System\zrhOhBl.exe
  2⤵
  PID:8200
- C:\Windows\System\lWUmpDE.exe
  C:\Windows\System\lWUmpDE.exe
  2⤵
  PID:7500
- C:\Windows\System\PuchZTf.exe
  C:\Windows\System\PuchZTf.exe
  2⤵
  PID:8204
- C:\Windows\System\OPbLUog.exe
  C:\Windows\System\OPbLUog.exe
  2⤵
  PID:8232
- C:\Windows\System\DTQaZyv.exe
  C:\Windows\System\DTQaZyv.exe
  2⤵
  PID:8344
- C:\Windows\System\ofoATHM.exe
  C:\Windows\System\ofoATHM.exe
  2⤵
  PID:8364
- C:\Windows\System\znsujsy.exe
  C:\Windows\System\znsujsy.exe
  2⤵
  PID:8404
- C:\Windows\System\qMkiAsI.exe
  C:\Windows\System\qMkiAsI.exe
  2⤵
  PID:8436
- C:\Windows\System\yfORmWU.exe
  C:\Windows\System\yfORmWU.exe
  2⤵
  PID:8500
- C:\Windows\System\GUbBqFc.exe
  C:\Windows\System\GUbBqFc.exe
  2⤵
  PID:8512
- C:\Windows\System\bMTYZFr.exe
  C:\Windows\System\bMTYZFr.exe
  2⤵
  PID:8548
- C:\Windows\System\GEcQapZ.exe
  C:\Windows\System\GEcQapZ.exe
  2⤵
  PID:8608
- C:\Windows\System\xboGqAE.exe
  C:\Windows\System\xboGqAE.exe
  2⤵
  PID:8640
- C:\Windows\System\FuvTWPp.exe
  C:\Windows\System\FuvTWPp.exe
  2⤵
  PID:8692
- C:\Windows\System\bEMDAVo.exe
  C:\Windows\System\bEMDAVo.exe
  2⤵
  PID:8708
- C:\Windows\System\WOaqvXV.exe
  C:\Windows\System\WOaqvXV.exe
  2⤵
  PID:8760
- C:\Windows\System\VRSeoSY.exe
  C:\Windows\System\VRSeoSY.exe
  2⤵
  PID:8800
- C:\Windows\System\WSRInDF.exe
  C:\Windows\System\WSRInDF.exe
  2⤵
  PID:8808
- C:\Windows\System\hnqwNSE.exe
  C:\Windows\System\hnqwNSE.exe
  2⤵
  PID:8828
- C:\Windows\System\CgtNaFu.exe
  C:\Windows\System\CgtNaFu.exe
  2⤵
  PID:8860
- C:\Windows\System\OIsxOYs.exe
  C:\Windows\System\OIsxOYs.exe
  2⤵
  PID:8884
- C:\Windows\System\EUacgeF.exe
  C:\Windows\System\EUacgeF.exe
  2⤵
  PID:8960
- C:\Windows\System\gPRuJJO.exe
  C:\Windows\System\gPRuJJO.exe
  2⤵
  PID:9008
- C:\Windows\System\iuuUgGx.exe
  C:\Windows\System\iuuUgGx.exe
  2⤵
  PID:9036
- C:\Windows\System\IHoTzkw.exe
  C:\Windows\System\IHoTzkw.exe
  2⤵
  PID:9060
- C:\Windows\System\oalkbDW.exe
  C:\Windows\System\oalkbDW.exe
  2⤵
  PID:9108
- C:\Windows\System\kHDygdH.exe
  C:\Windows\System\kHDygdH.exe
  2⤵
  PID:9120
- C:\Windows\System\fjIVgWN.exe
  C:\Windows\System\fjIVgWN.exe
  2⤵
  PID:9140
- C:\Windows\System\grTockX.exe
  C:\Windows\System\grTockX.exe
  2⤵
  PID:9144
- C:\Windows\System\ClwPSbU.exe
  C:\Windows\System\ClwPSbU.exe
  2⤵
  PID:9192
- C:\Windows\System\QTXCmay.exe
  C:\Windows\System\QTXCmay.exe
  2⤵
  PID:9200
- C:\Windows\System\bziHTBR.exe
  C:\Windows\System\bziHTBR.exe
  2⤵
  PID:7596
- C:\Windows\System\hoIxfzf.exe
  C:\Windows\System\hoIxfzf.exe
  2⤵
  PID:8248
- C:\Windows\System\qWfNRmL.exe
  C:\Windows\System\qWfNRmL.exe
  2⤵
  PID:8300
- C:\Windows\System\mXmTAdA.exe
  C:\Windows\System\mXmTAdA.exe
  2⤵
  PID:8360
- C:\Windows\System\NMrzxve.exe
  C:\Windows\System\NMrzxve.exe
  2⤵
  PID:8400
- C:\Windows\System\bnDEaKN.exe
  C:\Windows\System\bnDEaKN.exe
  2⤵
  PID:8528
- C:\Windows\System\QSXzVJn.exe
  C:\Windows\System\QSXzVJn.exe
  2⤵
  PID:8580
- C:\Windows\System\sPVCAzZ.exe
  C:\Windows\System\sPVCAzZ.exe
  2⤵
  PID:8644
- C:\Windows\System\tMXHQuO.exe
  C:\Windows\System\tMXHQuO.exe
  2⤵
  PID:8736
- C:\Windows\System\hFDmwHl.exe
  C:\Windows\System\hFDmwHl.exe
  2⤵
  PID:8752
- C:\Windows\System\bWcPCdr.exe
  C:\Windows\System\bWcPCdr.exe
  2⤵
  PID:5432
- C:\Windows\System\agUlPda.exe
  C:\Windows\System\agUlPda.exe
  2⤵
  PID:8812
- C:\Windows\System\rnXeoPD.exe
  C:\Windows\System\rnXeoPD.exe
  2⤵
  PID:8880
- C:\Windows\System\IdvGkKg.exe
  C:\Windows\System\IdvGkKg.exe
  2⤵
  PID:8932
- C:\Windows\System\KbNngNf.exe
  C:\Windows\System\KbNngNf.exe
  2⤵
  PID:8976
- C:\Windows\System\XafOwvi.exe
  C:\Windows\System\XafOwvi.exe
  2⤵
  PID:8956
- C:\Windows\System\zUKKGvO.exe
  C:\Windows\System\zUKKGvO.exe
  2⤵
  PID:9092
- C:\Windows\System\cQPQuIF.exe
  C:\Windows\System\cQPQuIF.exe
  2⤵
  PID:9040
- C:\Windows\System\QUhwgPl.exe
  C:\Windows\System\QUhwgPl.exe
  2⤵
  PID:9080
- C:\Windows\System\rKuKEYB.exe
  C:\Windows\System\rKuKEYB.exe
  2⤵
  PID:8164
- C:\Windows\System\Smsjgvl.exe
  C:\Windows\System\Smsjgvl.exe
  2⤵
  PID:8052
- C:\Windows\System\QomLYfh.exe
  C:\Windows\System\QomLYfh.exe
  2⤵
  PID:8276
- C:\Windows\System\WmwHKeA.exe
  C:\Windows\System\WmwHKeA.exe
  2⤵
  PID:8804
- C:\Windows\System\DmmQLzC.exe
  C:\Windows\System\DmmQLzC.exe
  2⤵
  PID:8452
- C:\Windows\System\ArEuehD.exe
  C:\Windows\System\ArEuehD.exe
  2⤵
  PID:8468
- C:\Windows\System\UKHAhPo.exe
  C:\Windows\System\UKHAhPo.exe
  2⤵
  PID:8624
- C:\Windows\System\KNjSePk.exe
  C:\Windows\System\KNjSePk.exe
  2⤵
  PID:8704
- C:\Windows\System\WTdaksG.exe
  C:\Windows\System\WTdaksG.exe
  2⤵
  PID:2280
- C:\Windows\System\dZGLeyD.exe
  C:\Windows\System\dZGLeyD.exe
  2⤵
  PID:8940
- C:\Windows\System\UzfDuRF.exe
  C:\Windows\System\UzfDuRF.exe
  2⤵
  PID:9028
- C:\Windows\System\vNnwnnB.exe
  C:\Windows\System\vNnwnnB.exe
  2⤵
  PID:8396
- C:\Windows\System\wkklJmS.exe
  C:\Windows\System\wkklJmS.exe
  2⤵
  PID:8720
- C:\Windows\System\JbxXWcE.exe
  C:\Windows\System\JbxXWcE.exe
  2⤵
  PID:8920
- C:\Windows\System\ZWYbliA.exe
  C:\Windows\System\ZWYbliA.exe
  2⤵
  PID:9032
- C:\Windows\System\oglgEjz.exe
  C:\Windows\System\oglgEjz.exe
  2⤵
  PID:7528
- C:\Windows\System\aDwpMvI.exe
  C:\Windows\System\aDwpMvI.exe
  2⤵
  PID:9128
- C:\Windows\System\zzoWvIc.exe
  C:\Windows\System\zzoWvIc.exe
  2⤵
  PID:8272
- C:\Windows\System\VpnXDZF.exe
  C:\Windows\System\VpnXDZF.exe
  2⤵
  PID:8544
- C:\Windows\System\EQVqpcc.exe
  C:\Windows\System\EQVqpcc.exe
  2⤵
  PID:8796
- C:\Windows\System\BiVzLqo.exe
  C:\Windows\System\BiVzLqo.exe
  2⤵
  PID:8916
- C:\Windows\System\OWysDAL.exe
  C:\Windows\System\OWysDAL.exe
  2⤵
  PID:1344
- C:\Windows\System\PTCmISd.exe
  C:\Windows\System\PTCmISd.exe
  2⤵
  PID:8780
- C:\Windows\System\ZTttItM.exe
  C:\Windows\System\ZTttItM.exe
  2⤵
  PID:8496
- C:\Windows\System\iOYuoIP.exe
  C:\Windows\System\iOYuoIP.exe
  2⤵
  PID:9016
- C:\Windows\System\dwzLbwA.exe
  C:\Windows\System\dwzLbwA.exe
  2⤵
  PID:8992
- C:\Windows\System\qzPOLMj.exe
  C:\Windows\System\qzPOLMj.exe
  2⤵
  PID:9152
- C:\Windows\System\AwakuQv.exe
  C:\Windows\System\AwakuQv.exe
  2⤵
  PID:8596
- C:\Windows\System\yRJhtYE.exe
  C:\Windows\System\yRJhtYE.exe
  2⤵
  PID:920
- C:\Windows\System\cEoVcuZ.exe
  C:\Windows\System\cEoVcuZ.exe
  2⤵
  PID:9236
- C:\Windows\System\PmWWDdK.exe
  C:\Windows\System\PmWWDdK.exe
  2⤵
  PID:9252
- C:\Windows\System\ODeZizV.exe
  C:\Windows\System\ODeZizV.exe
  2⤵
  PID:9280
- C:\Windows\System\hhcrQwT.exe
  C:\Windows\System\hhcrQwT.exe
  2⤵
  PID:9296
- C:\Windows\System\hZHaueJ.exe
  C:\Windows\System\hZHaueJ.exe
  2⤵
  PID:9316
- C:\Windows\System\OldPZja.exe
  C:\Windows\System\OldPZja.exe
  2⤵
  PID:9336
- C:\Windows\System\mRDsVov.exe
  C:\Windows\System\mRDsVov.exe
  2⤵
  PID:9356
- C:\Windows\System\ILPHHCI.exe
  C:\Windows\System\ILPHHCI.exe
  2⤵
  PID:9380
- C:\Windows\System\yZbpSpO.exe
  C:\Windows\System\yZbpSpO.exe
  2⤵
  PID:9396
- C:\Windows\System\xenkszi.exe
  C:\Windows\System\xenkszi.exe
  2⤵
  PID:9416
- C:\Windows\System\ZJshuHi.exe
  C:\Windows\System\ZJshuHi.exe
  2⤵
  PID:9440
- C:\Windows\System\ftVapan.exe
  C:\Windows\System\ftVapan.exe
  2⤵
  PID:9456
- C:\Windows\System\IDqVsVu.exe
  C:\Windows\System\IDqVsVu.exe
  2⤵
  PID:9480
- C:\Windows\System\UMRdDJr.exe
  C:\Windows\System\UMRdDJr.exe
  2⤵
  PID:9496
- C:\Windows\System\DQrDdFO.exe
  C:\Windows\System\DQrDdFO.exe
  2⤵
  PID:9520
- C:\Windows\System\FNFGAbB.exe
  C:\Windows\System\FNFGAbB.exe
  2⤵
  PID:9536
- C:\Windows\System\huOkjIm.exe
  C:\Windows\System\huOkjIm.exe
  2⤵
  PID:9556
- C:\Windows\System\kJkjlDL.exe
  C:\Windows\System\kJkjlDL.exe
  2⤵
  PID:9572
- C:\Windows\System\ecXxamY.exe
  C:\Windows\System\ecXxamY.exe
  2⤵
  PID:9596
- C:\Windows\System\EtZzZTL.exe
  C:\Windows\System\EtZzZTL.exe
  2⤵
  PID:9620
- C:\Windows\System\AILUgIO.exe
  C:\Windows\System\AILUgIO.exe
  2⤵
  PID:9640
- C:\Windows\System\xmbldEw.exe
  C:\Windows\System\xmbldEw.exe
  2⤵
  PID:9656
- C:\Windows\System\IZyeIWZ.exe
  C:\Windows\System\IZyeIWZ.exe
  2⤵
  PID:9680
- C:\Windows\System\qojNxVB.exe
  C:\Windows\System\qojNxVB.exe
  2⤵
  PID:9696
- C:\Windows\System\BveqPZK.exe
  C:\Windows\System\BveqPZK.exe
  2⤵
  PID:9716
- C:\Windows\System\tiXuywu.exe
  C:\Windows\System\tiXuywu.exe
  2⤵
  PID:9740
- C:\Windows\System\ICqCZHM.exe
  C:\Windows\System\ICqCZHM.exe
  2⤵
  PID:9756
- C:\Windows\System\nJORQpZ.exe
  C:\Windows\System\nJORQpZ.exe
  2⤵
  PID:9772
- C:\Windows\System\GqvtvGU.exe
  C:\Windows\System\GqvtvGU.exe
  2⤵
  PID:9792
- C:\Windows\System\XlUbbfW.exe
  C:\Windows\System\XlUbbfW.exe
  2⤵
  PID:9824
- C:\Windows\System\XdOzPzG.exe
  C:\Windows\System\XdOzPzG.exe
  2⤵
  PID:9844
- C:\Windows\System\UzwXUcO.exe
  C:\Windows\System\UzwXUcO.exe
  2⤵
  PID:9860
- C:\Windows\System\XheIWaq.exe
  C:\Windows\System\XheIWaq.exe
  2⤵
  PID:9880
- C:\Windows\System\avBtGvt.exe
  C:\Windows\System\avBtGvt.exe
  2⤵
  PID:9900
- C:\Windows\System\yYxPanF.exe
  C:\Windows\System\yYxPanF.exe
  2⤵
  PID:9924
- C:\Windows\System\DdAlXpp.exe
  C:\Windows\System\DdAlXpp.exe
  2⤵
  PID:9940
- C:\Windows\System\AzBjnSQ.exe
  C:\Windows\System\AzBjnSQ.exe
  2⤵
  PID:9960
- C:\Windows\System\YfCsZdI.exe
  C:\Windows\System\YfCsZdI.exe
  2⤵
  PID:9980
- C:\Windows\System\MdaXJsU.exe
  C:\Windows\System\MdaXJsU.exe
  2⤵
  PID:10000
- C:\Windows\System\MWEdXHB.exe
  C:\Windows\System\MWEdXHB.exe
  2⤵
  PID:10020
- C:\Windows\System\AsxHFlV.exe
  C:\Windows\System\AsxHFlV.exe
  2⤵
  PID:10044
- C:\Windows\System\oamECcu.exe
  C:\Windows\System\oamECcu.exe
  2⤵
  PID:10060
- C:\Windows\System\jdiNlRF.exe
  C:\Windows\System\jdiNlRF.exe
  2⤵
  PID:10076
- C:\Windows\System\yIxnrwI.exe
  C:\Windows\System\yIxnrwI.exe
  2⤵
  PID:10096
- C:\Windows\System\mcxLhcr.exe
  C:\Windows\System\mcxLhcr.exe
  2⤵
  PID:10112
- C:\Windows\System\yjCfHzI.exe
  C:\Windows\System\yjCfHzI.exe
  2⤵
  PID:10136
- C:\Windows\System\vYNKeyb.exe
  C:\Windows\System\vYNKeyb.exe
  2⤵
  PID:10156
- C:\Windows\System\QyVtOAF.exe
  C:\Windows\System\QyVtOAF.exe
  2⤵
  PID:10180
- C:\Windows\System\RIreAkk.exe
  C:\Windows\System\RIreAkk.exe
  2⤵
  PID:10204
- C:\Windows\System\xqFelJS.exe
  C:\Windows\System\xqFelJS.exe
  2⤵
  PID:10224
- C:\Windows\System\lpTtUQz.exe
  C:\Windows\System\lpTtUQz.exe
  2⤵
  PID:8384
- C:\Windows\System\FGbhdXz.exe
  C:\Windows\System\FGbhdXz.exe
  2⤵
  PID:9232
- C:\Windows\System\ZrruKSZ.exe
  C:\Windows\System\ZrruKSZ.exe
  2⤵
  PID:9244
- C:\Windows\System\ehjPqlV.exe
  C:\Windows\System\ehjPqlV.exe
  2⤵
  PID:9304
- C:\Windows\System\VBUyhsE.exe
  C:\Windows\System\VBUyhsE.exe
  2⤵
  PID:9324
- C:\Windows\System\LxrjCTW.exe
  C:\Windows\System\LxrjCTW.exe
  2⤵
  PID:9352
- C:\Windows\System\VyxzIUQ.exe
  C:\Windows\System\VyxzIUQ.exe
  2⤵
  PID:9392
- C:\Windows\System\lfNpuYO.exe
  C:\Windows\System\lfNpuYO.exe
  2⤵
  PID:9412
- C:\Windows\System\CJzXDdW.exe
  C:\Windows\System\CJzXDdW.exe
  2⤵
  PID:9468
- C:\Windows\System\gaEQDAk.exe
  C:\Windows\System\gaEQDAk.exe
  2⤵
  PID:9508
- C:\Windows\System\SFXyftT.exe
  C:\Windows\System\SFXyftT.exe
  2⤵
  PID:9516
- C:\Windows\System\uebKkpl.exe
  C:\Windows\System\uebKkpl.exe
  2⤵
  PID:9584
- C:\Windows\System\rSnLkjW.exe
  C:\Windows\System\rSnLkjW.exe
  2⤵
  PID:9564
- C:\Windows\System\uLURZaN.exe
  C:\Windows\System\uLURZaN.exe
  2⤵
  PID:9616
- C:\Windows\System\ysSVKRI.exe
  C:\Windows\System\ysSVKRI.exe
  2⤵
  PID:9652
- C:\Windows\System\KUZJcXN.exe
  C:\Windows\System\KUZJcXN.exe
  2⤵
  PID:9708
- C:\Windows\System\xCUSjDY.exe
  C:\Windows\System\xCUSjDY.exe
  2⤵
  PID:9732
- C:\Windows\System\UmDOMmw.exe
  C:\Windows\System\UmDOMmw.exe
  2⤵
  PID:9752
- C:\Windows\System\pauxBOF.exe
  C:\Windows\System\pauxBOF.exe
  2⤵
  PID:9764
- C:\Windows\System\ylxcmIK.exe
  C:\Windows\System\ylxcmIK.exe
  2⤵
  PID:9820
- C:\Windows\System\hzGpihh.exe
  C:\Windows\System\hzGpihh.exe
  2⤵
  PID:9872
- C:\Windows\System\idPGUym.exe
  C:\Windows\System\idPGUym.exe
  2⤵
  PID:9912
- C:\Windows\System\GPZLKbN.exe
  C:\Windows\System\GPZLKbN.exe
  2⤵
  PID:9952
- C:\Windows\System\kOAzgZw.exe
  C:\Windows\System\kOAzgZw.exe
  2⤵
  PID:9956
- C:\Windows\System\BCPMfAg.exe
  C:\Windows\System\BCPMfAg.exe
  2⤵
  PID:9968
- C:\Windows\System\RmHWvjx.exe
  C:\Windows\System\RmHWvjx.exe
  2⤵
  PID:9972
- C:\Windows\System\lwWCQTA.exe
  C:\Windows\System\lwWCQTA.exe
  2⤵
  PID:10072
- C:\Windows\System\IsrzjTy.exe
  C:\Windows\System\IsrzjTy.exe
  2⤵
  PID:10108
- C:\Windows\System\lXghAKg.exe
  C:\Windows\System\lXghAKg.exe
  2⤵
  PID:10084
- C:\Windows\System\YYFhJqE.exe
  C:\Windows\System\YYFhJqE.exe
  2⤵
  PID:10188
- C:\Windows\System\rPydHoJ.exe
  C:\Windows\System\rPydHoJ.exe
  2⤵
  PID:10200
- C:\Windows\System\ILLjyNQ.exe
  C:\Windows\System\ILLjyNQ.exe
  2⤵
  PID:10232
- C:\Windows\System\xQmENws.exe
  C:\Windows\System\xQmENws.exe
  2⤵
  PID:9212
- C:\Windows\System\TNVfuWv.exe
  C:\Windows\System\TNVfuWv.exe
  2⤵
  PID:9228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AuyyUzd.exe

Filesize
6.0MB

MD5
dffe85857a2904229f5af74875f2b5fa

SHA1
2436b0ed95b4fe200a2bcf78ffb4aad2a8c3bfc5

SHA256
b66d40ee152db1618cd70945da298b699c4cccab9a1bfbe73b64d9fc716bb324

SHA512
b4fa67381cf707a6abd52adad9a052a237c1b6df6a71a304f10b7512367501150dc6ea19a9a3529e59e2b3abe4424f26b67d5a38946dd1c0c3bce82df32ff7b2

Download Submit
C:\Windows\system\CPkPHzF.exe

Filesize
6.0MB

MD5
d65ddf259811b1a4be43734b4cd1627b

SHA1
4dcc6743a7e4eeae06afdd1c89b60bba55aeb265

SHA256
c4217da008cf8b737878ad6a375d483a507d57942fa1df1a9d6d9fedbd4f1c91

SHA512
3f98cf10c6612764403d6a7b74b3a36470814efaf0ccd39687021ae7082a3a5d54c12b54864c49986b227fe853af022cfa7c03e8bddce3bb0902131379941544

Download Submit
C:\Windows\system\CxRXyVm.exe

Filesize
6.0MB

MD5
f2ca2cb0c5eb5d8e9718ef465ab2cffd

SHA1
1258e30d252cb24d673c6c1898d46f0dab2d4cc8

SHA256
b3bfc5a48ded063712390e1ec9ce26002129097736e475109f0b60a20624b1cd

SHA512
099fe684356b694c65bcc1207d80af616ff978f79e69ae47010603a4a0da206ae84b79490b5b6ab91429859197dd60aa38fb614d1402dc4f0c22bc7f37357284

Download Submit
C:\Windows\system\FiqtMKn.exe

Filesize
6.0MB

MD5
a73142dda884078ebc4fc861d557cd8a

SHA1
688d87c0e82f5130b4bfcadbbdeaaf6578a9417d

SHA256
0889b80153a6ff6d334d538dc403ed5060140c2045d23358db2d2f7455ce2970

SHA512
85607dcdeb57320b4b8e2baa7aae963285bcab12b5f4807ff53255960aa665aad941ef097057ffbcdcd2f2bd57c250233a9adbee71dc2fe99094a418b59ef7f6

Download Submit
C:\Windows\system\NfzkSOf.exe

Filesize
6.0MB

MD5
f693225ccfaf49ca24432c483db70107

SHA1
f9c74ccc2485f08ab80d11f916c5c4fc8baa3a7b

SHA256
862ed3db45db742c607c15516b3e232b3f1d2fa5f3701dc99605a8a66653d380

SHA512
d5f393871829d1c8717c0cf9065a23d7d141488268a7148986f88e2fcfb160da45c771d4ff806b3fb65fb165b5167a81fd45f6477176ed4e813a69c19e280bc8

Download Submit
C:\Windows\system\NkmUvhf.exe

Filesize
6.0MB

MD5
00f361ec108c9abed6dabc9f85a548b4

SHA1
4f1cb01f904f3f68290d8d615d268cc5cb1bae35

SHA256
ea3b9645725b1aad52f93eb10e0cec43989d085a4b603356df924042b68c8914

SHA512
61452a769d56c580820f77278011461fdad0d5ab0924b6f978ccfb0de5de30adb48cb051dcb0baad5955e73516755a7f025df0d34c133ca91d59e72cb394bfab

Download Submit
C:\Windows\system\NqqPAtn.exe

Filesize
6.0MB

MD5
e8748947ec6374f6c45686b679b37406

SHA1
e1475d24ab2482cc6bae6e0cebcecbca5b689fff

SHA256
77e5c6f747a4691be0c1799f840abb1f0d268759821e514b1330007bc6b6d39a

SHA512
1773f4dabf69b91a5b93f2a7cce8b44a9575be11cc504fc1cdf31d5c0d79dcdc7f606c31893ec719e01b01d5ac0a7e955205ee476c8da7cde6b8f87ca7a759cb

Download Submit
C:\Windows\system\OGCNDNE.exe

Filesize
6.0MB

MD5
fba4b1c3608fed4fa35bccbb1b0ea9b9

SHA1
f4289f07b26d6adc9c52ed02d1fba7bfdb67977a

SHA256
7e5645bdbd47faab1e1fe2976ba4ea96242e0bb474b44168a7c23185faac6b96

SHA512
f2e991edfe539ae2d9118210cef2b47c55852094af0e4c9ed4f39affe6abac9eac1df23b986405583512603e10c17538fcf77e4dae84e9cd52f898885144000c

Download Submit
C:\Windows\system\RUaFFYk.exe

Filesize
6.0MB

MD5
0d32f8876e3f6dc317f6b3685fc9da93

SHA1
312dac62b2d7c5413f9475098d6d5e11b28c9cea

SHA256
d155a5205e985e2947df02a89dccddd0eec971f3dacbe361d6c54dc0b45ff124

SHA512
979f2f763bfa3c0639483dbcc448f3f983ae0e90920782708404aef9023e25a922676e4be0724b244ddf39ea09674a0851f94bce3d296c99314905cac0beed70

Download Submit
C:\Windows\system\UOVRllZ.exe

Filesize
6.0MB

MD5
2de79526767f7806e3068a92b81893f9

SHA1
151060037f35122e4a3abbbbff8a4665e5df1b06

SHA256
c5ca9623944e2b04606d1fe6b7f48717d44d20109aa47aad236060b27e562f2a

SHA512
0a0c669edaaba59ae5e4c5c7a55e144f819fdddf4c4e67c26251fdce14d9043d03074cb190a3db0a21d245b4cf8e0d778abd9e3dbaeb027567c06b4ed4bd630d

Download Submit
C:\Windows\system\VZitmku.exe

Filesize
6.0MB

MD5
0a2c9c52d3fa09ce8c2596118d4f21ca

SHA1
bfd895e279ea1151881b93c4e017055ddd4fa8fa

SHA256
cda34486758445741a5f64138d109ddc0c75cdd99b12bf5291848a73d2131de5

SHA512
eb2c9d41465f72585995e716b65ab7f78e87f58d65570b639b66a6d5025f11938e9b6adfa69e194c38acb3fd285eb3c7eb76c275132bcab2ce8ad25fa232a5d9

Download Submit
C:\Windows\system\XfoNmaM.exe

Filesize
6.0MB

MD5
91b33aab8e8839cf9bc920706b2a7275

SHA1
dbb0b7ce77a5d6c10aabfe64e8fb6bb94d6b9655

SHA256
a2a7a3c778cb3df6354d1493e04b469ac76bcc694232ddd0780f02d546132362

SHA512
e6762b153657ddc436baed9a6419fc20c14d81a05bc878516edb2789e86009444815e2a40e0da2c9d01a1b1f108f81d874458360d209652294bae5a28ae406ca

Download Submit
C:\Windows\system\YzTDziz.exe

Filesize
6.0MB

MD5
f842e662696f8604263a4ab29ab8c1ec

SHA1
57ff26552d9eb53897b54a9e062d074a8f9736a0

SHA256
58ae770a2e85435d396d23cdd86de6da560aff7950f57231505f934a49a9cd19

SHA512
4f9bb22d13d64d0acb87a700694c7244aae7f97d3ad4c89720c9ba160e30a251808d0aed79224b51d4b782a4c1c28e5b2e69c2473f7585e1a87f9ab7e9fb0863

Download Submit
C:\Windows\system\aBeVTLW.exe

Filesize
6.0MB

MD5
c2f6ebc6966962769e60b619c840c34c

SHA1
4c28df9c999e7bf7e1f85cfdca7042c1994c9637

SHA256
08681211db7906f573d9fed49bac3b5051a14e49649f055ab6605757ac68b050

SHA512
d24003fe9c79e86e1e95f341b8618ad402865167c93f8229eb87a36a57feb4924399516641fc6ddc4367aebe544d27e9b2592a3660374f0fe3f0b414ca13d866

Download Submit
C:\Windows\system\bkukceJ.exe

Filesize
6.0MB

MD5
6baf4bcd3d90a147eb4d83aad33c19e5

SHA1
3396dc7d24a881368ce0e15a79803ed33231c40f

SHA256
fa2e62ababdfb63ba791254a57029fe2d50d2ecc872590f03fa2554305a8a7e5

SHA512
d0a1e411c64aa74da864315a818d83ac6ac14c21afa4b9eac01951cea60382ad83b6064d375e1140e33940cd84f640615fbf39f9ba8b3f000de5bbee380d3174

Download Submit
C:\Windows\system\ePTxvhV.exe

Filesize
6.0MB

MD5
d611c518fd8f8e27d35297ec2887ad87

SHA1
9ecde404ccbcd665826a04bfb5875ba55da850fb

SHA256
887f9ecfe5886aea7efc8c78c9323de59f400ec7ea2ecd5318d016a287fb89d4

SHA512
7cf12d388878c2043ae2e405ab28d02b06a077a412e0e29f9f5091ca9e52208f6aa01c7a593e270a42a74206d63e5279ac373ef599be07249c09a4ba59baabb4

Download Submit
C:\Windows\system\fgADpwg.exe

Filesize
6.0MB

MD5
dfafaa014bb262696cf074c8c702a8c8

SHA1
5087fdeb6aafaa400fe81015d94d2410b55a8bad

SHA256
09c57c02db59f8cb59f1742ebb7091060e32e36fe7d6ec47fded444d6069dabb

SHA512
b230a720567ea0d2a213f7f562c3216b22935011253b75366a295d6ab7fb6b803d3fdf25e79cf2c929450fc21f5c612b6090f5704571a7eb6300af16366ccfdb

Download Submit
C:\Windows\system\fqriIVT.exe

Filesize
6.0MB

MD5
379b03beb41367c284edaa1760c907e5

SHA1
70e8bf81321d27382fb527da64a19ecc90657ba1

SHA256
c741e092adcb294edbb49661fb232201254a54ac5b56f7465ae80f88f5d1a59c

SHA512
33f5f3996844dc44491477304e0766f0387c9e4379951564046969b670c18bbf087ec56369a096727a5ee8804bb7ea50752034f8cc126f05a1a109845100be02

Download Submit
C:\Windows\system\jAjDRTR.exe

Filesize
6.0MB

MD5
c850eb3da68e806a55336fb6f6ee3dce

SHA1
24880908f95bd77f42eccb6769820cd527379ed0

SHA256
bdeef9de6a642afe55617f4afe8bffc871a99a41a13a91e37210a3c7b365253d

SHA512
c64c2c3e04570e78d2cd0d34de0ea147ca124168467fa87e564a1b1161c62e288eab56925aca85efdcf1d0912a1a30574f55164f0433902e410bb410e7088c41

Download Submit
C:\Windows\system\livKHVO.exe

Filesize
6.0MB

MD5
14c13f191fc60b477142184dc44e5a72

SHA1
d599764fc74d6aece69114bbd5a84d32c9e1b645

SHA256
84b2372ed7d2d835a09e41ba994853e634c7bb917c58d49d4d2c1d2709425ed3

SHA512
63fedbb4c50f6dc5910ec110baececcfc5cf607284c80cef893ae1fbd0cb4681258f6e4f58912002163bd22deba67123f78334e01573b2ad7c49913d788b8395

Download Submit
C:\Windows\system\oLPXPya.exe

Filesize
6.0MB

MD5
a480a2d30e2aecff326d49d82ca646d7

SHA1
c69a093b8cabea33fceee3043c93fad18cc908eb

SHA256
d33fc3ed2a605093a2fcfbaba8b62741a902e738e45144183c404d5e85061670

SHA512
f358c63bd36766db6584d822d5b413a211a84aea83b56a26749d8b49e7f11e3df86c202abcb5187a74ff021ea312fe4128cef76e5f9b3c8a6afbea25210599ac

Download Submit
C:\Windows\system\oiUuZmY.exe

Filesize
6.0MB

MD5
f1c0c87fe3e4cf07a53fdf4d76cfe726

SHA1
94face23f3897f406fec2f9255e6147ac53c3b32

SHA256
0fbe8414d3f8705664016a8435905adef7e18c425d08e9bf0e792fff9312c885

SHA512
e9eaf42e642650c1b05f12289063fb28011409dad0827bfcd4bd4cd460345f78c5b082168674e0e1ef49e142d52081dca507bb2e7d868b039c407df06d372eb2

Download Submit
C:\Windows\system\qQFDaSW.exe

Filesize
6.0MB

MD5
30cd6b3a7c4959d437e61f140b4409b3

SHA1
ba123c6dfd2165336e30a31d9353a39760233c1f

SHA256
f2813babbd8b68dfd96142ec46211f71c4b70309e0b76cdea754daecdff3759d

SHA512
4dcac23e30f6f20570da8609786be1ef56353f9441b5cac1b4a590cf650529c3e6e40e1b096840b84c6988717372c69c6eb201f64eec6cb6e885806d18f035aa

Download Submit
C:\Windows\system\tEhXVhD.exe

Filesize
6.0MB

MD5
23db4b036babb94bc80a194265ea569f

SHA1
f299dc420490c4d7f3cd91e66d0ae54de56a0fef

SHA256
265b430b4e885fe32d5b05cf486fa22b505ffe6d8d33d41a2b7b211e0f7976f8

SHA512
9831462f17a6066a5c888bffe08cd2ddda839e00cd41a73804a2b658d672175710fc6d399f493c3dda013c3d8b28e43e31fce7606bafa172ff5ee34fb893d9e2

Download Submit
C:\Windows\system\wWsbGcN.exe

Filesize
6.0MB

MD5
7dd6fefeca5540696aa5d5affc6c819d

SHA1
04829903fbebd4fb2375d38fe90152fb9ca32eaf

SHA256
66c34655fbeae3dcd5912f0425a3bba0a9e64be4c74a4c53eca45ea31d295016

SHA512
4c54b7d9e551aedd4c435f6ff1dd5b3036b22d90649c6038c1ed6e7d22c608a6282ca8abcffaaa62436a1134f0c8bb1c939c9125bce9931ba697c73e9e799d36

Download Submit
C:\Windows\system\zLrADju.exe

Filesize
6.0MB

MD5
1dffe8a63ab429d652a27119445dcd0b

SHA1
e7fa9fa77cb96209241ec9001661d6772c0be615

SHA256
82cc783a6ba21a67c4c1475e0dc5c07a259021cc93d5c5c1418c7a5771ad0cb6

SHA512
a85a44932171f15f9780d73a5999f26d04e8f522571d5c26f74754f8f07d0a8f070e20b5c349f82c2f1d3ae6fc49ce2f9077bb4f0bd8aec8e53cc9759d78464c

Download Submit
\Windows\system\DsPSbRT.exe

Filesize
6.0MB

MD5
eb6797e212877e826a58ea9df5268df4

SHA1
f5ea521ab9021bcf3bb887e199d39b9d3b202773

SHA256
50592bb68ee7d9602e08e7a8ea95b9228e114609413350c1b1744a1c3adcc78f

SHA512
56e4b18227cce36686e9331b787e1478d5acbf3d6c572fedd8e93e18552ee9a6d696ef0e09d5084d762c8c26fa77e24909f4408a55beac4f4c3d3534e95fb466

Download Submit
\Windows\system\RocXKLC.exe

Filesize
6.0MB

MD5
bc9f2c01256f7518da16327ce0645acb

SHA1
e867cd09675b90931163dc2886e777fcf5c52f3f

SHA256
778c1fb5f885efb80b472e5c7b3ac09941047de77d240ee955fc79ba880f7d10

SHA512
d402aa2155254d5f81f3d70fbc980345fc895bd7094f7522294aedc26a780ef5bee0923a48bdc1e0d60c6e3117fc5fa16ffb9d4d276f3a28a8cae307a476c5ad

Download Submit
\Windows\system\nOJBiKD.exe

Filesize
6.0MB

MD5
040c619d7f3713af9d13fffc7c2addab

SHA1
1a1213ab2f1567c9a068a7cc3bd2489195c4ab07

SHA256
aaffe8898de7b5b1d6b09df2c799a8c35a39f16e3894b14dfe36a2c492fefc4e

SHA512
44b0a073bd22ec2e59c5faeeabb6d47330c9265c3146f60b81b60c78765cafda6d1073e65c15229c06f7c63e982d8437f77ba13c9590b900be35042cf9f6a9ad

Download Submit
\Windows\system\rLzWqmi.exe

Filesize
6.0MB

MD5
4ba8dd7cccce055b47f66f697081ff44

SHA1
d3c42f7692abf3840ae222886775f4992f461b80

SHA256
49489af41054766ba6b71fe4265da822c0c68cf9fcc40b3d0648adab61be7e96

SHA512
cac17198b3231da0d7428dda3a148a24f15ba354df87651fdb07c215e87b351ca1485bbf9e8234652dbefe8b76bcc4d177d33f5f911ff2c71cf5e4fd52a1ce6b

Download Submit
\Windows\system\vQiuXXM.exe

Filesize
6.0MB

MD5
7127fa731d5ef503310f9770a4f6495b

SHA1
b913272858d12ceff051ce712c99d37c76bc5a6a

SHA256
73918393bbfa183efedcfe7a2b7b0a80f94099ad145b1577e947337ffe156af8

SHA512
56146f070af8d2b1a2cf967b5ac83660a329f09e8b9df5c1ccf170cb256f526d4bb442af3c7d53620b8fda3074f9f1d0f8ce060b07c96187cf0cad2c07a32bc0

Download Submit
\Windows\system\vRkJUCw.exe

Filesize
6.0MB

MD5
6de7a4e1217313cf5dd534d8e1d73f75

SHA1
c53d5bb89685948c1956b54665935c8dd170fc6c

SHA256
678d4553b18d7d551cc02fae8ff55a1a7fb8a8e2eca4bd7fa98366ba82931756

SHA512
8c3dbecf6907cc13c9ca3c46fe3c031e8b563d66c1097c8f62b5b633722b3220a727679980599e0158d3f0fb348d665b4a85d9d2297d586c2eba84cdc63cf99a

Download Submit
memory/548-75-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-942-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-113-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/760-90-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/760-241-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/760-944-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/980-109-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/980-320-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/980-946-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-99-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1236-298-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1236-945-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1328-941-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1328-67-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1328-104-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1524-82-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1524-163-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1524-943-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1716-940-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-60-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-98-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-36-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-74-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-937-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-89-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-939-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-52-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-935-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2660-66-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2668-938-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-81-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-44-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-56-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-299-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2772-35-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2772-31-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-39-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-40-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2772-20-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2772-279-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2772-25-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2772-108-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2772-6-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-105-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2772-0-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2772-100-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2772-63-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2772-86-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-95-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2772-13-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2772-200-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2772-71-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2772-94-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-138-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2792-23-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2792-55-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2792-936-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2876-9-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-43-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-864-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-15-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/3068-51-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/3068-896-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download