cobaltstrike | b72a270687540af803989b3995dfca541fb1b220f215746fc4b67e643faaf240

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

139af362a783730cba1b7e76e174b146
SHA1

efb03dcbd9266252da1bd49604ce864e05b4d1b3
SHA256

b72a270687540af803989b3995dfca541fb1b220f215746fc4b67e643faaf240
SHA512

c9b8facdf32cb36c663687fb71d3c825ec79c49ac3da1f2fc622c9652a8351798329b69e341c11d49215255d264065ca3de7bbdaa3166b38307f12dd3a706379
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUE:eOl56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012254-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf6-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0c-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c53-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1f-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d27-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d30-47.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c6-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191fd-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186c8-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019220-111.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c9-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878d-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001867d-82.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174bf-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017481-75.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018657-72.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019238-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-134.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018662-95.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d40-58.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d38-62.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1984-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012254-3.dat	xmrig
behavioral1/files/0x0008000000016cf6-11.dat	xmrig
behavioral1/memory/2324-14-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/3040-10-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d0c-9.dat	xmrig
behavioral1/files/0x0009000000016c53-25.dat	xmrig
behavioral1/memory/3064-31-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1984-29-0x00000000022D0000-0x0000000002624000-memory.dmp	xmrig
behavioral1/memory/1964-42-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2816-41-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d1f-38.dat	xmrig
behavioral1/files/0x0007000000016d27-36.dat	xmrig
behavioral1/memory/2700-23-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2720-49-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/3040-48-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d30-47.dat	xmrig
behavioral1/memory/1984-44-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2324-51-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000190c6-94.dat	xmrig
behavioral1/files/0x0005000000019278-133.dat	xmrig
behavioral1/memory/2700-71-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/3064-148-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191fd-161.dat	xmrig
behavioral1/files/0x0005000000019263-167.dat	xmrig
behavioral1/files/0x000500000001938b-180.dat	xmrig
behavioral1/memory/2720-814-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1984-1117-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0005000000019399-185.dat	xmrig
behavioral1/files/0x00050000000193b7-190.dat	xmrig
behavioral1/files/0x0005000000019280-175.dat	xmrig
behavioral1/memory/1984-132-0x00000000022D0000-0x0000000002624000-memory.dmp	xmrig
behavioral1/memory/2108-123-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-121.dat	xmrig
behavioral1/files/0x00050000000186c8-114.dat	xmrig
behavioral1/files/0x0005000000019220-111.dat	xmrig
behavioral1/files/0x00060000000190c9-99.dat	xmrig
behavioral1/memory/1984-93-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x000500000001878d-90.dat	xmrig
behavioral1/memory/1984-85-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x000500000001867d-82.dat	xmrig
behavioral1/files/0x00060000000174bf-76.dat	xmrig
behavioral1/files/0x0006000000017481-75.dat	xmrig
behavioral1/files/0x0014000000018657-72.dat	xmrig
behavioral1/memory/2728-149-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-145.dat	xmrig
behavioral1/files/0x000500000001925d-137.dat	xmrig
behavioral1/files/0x0005000000019238-136.dat	xmrig
behavioral1/files/0x0005000000019217-135.dat	xmrig
behavioral1/files/0x00050000000191f3-134.dat	xmrig
behavioral1/memory/2648-128-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x000d000000018662-95.dat	xmrig
behavioral1/files/0x0008000000016d40-58.dat	xmrig
behavioral1/memory/2904-89-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d38-62.dat	xmrig
behavioral1/memory/2324-3849-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/3040-3884-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/3064-3930-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2816-3939-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2700-3957-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1964-3960-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2720-3963-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2904-4058-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2728-4060-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3040	NYnaLVs.exe
2324	Xsoqkwv.exe
2700	gkKwvLg.exe
3064	TAdrpXI.exe
2816	vJujGEv.exe
1964	iLNkbDU.exe
2720	XbouBnk.exe
2904	ytAVgAe.exe
2108	oUpzhID.exe
2728	UDgUhLQ.exe
2648	vEYsgUZ.exe
2664	aOKlRHz.exe
3048	wKICmkc.exe
380	mkgNvrJ.exe
1536	lNfeMVI.exe
2916	giLDzsw.exe
1440	ofwXmTK.exe
840	ETuPbLZ.exe
2620	tABlAyG.exe
2140	gqINNCU.exe
1376	jBDXKAA.exe
2268	kWTtbUx.exe
2924	Quufncg.exe
2884	ENxamBu.exe
2796	WekFdKm.exe
1540	tKxdFMB.exe
2212	GJgrWQA.exe
1792	zALRJhz.exe
2296	cWntXvC.exe
808	sIvbxkU.exe
816	eUYjEGG.exe
3012	hsXWBkN.exe
2044	QOfzMBF.exe
1356	OUUrDHe.exe
2576	xQkVjBV.exe
1364	ZmpjXfl.exe
1412	UtaEuar.exe
2020	vyLtqvy.exe
1216	FwnglTI.exe
900	qlsqacx.exe
1108	vWMlOEk.exe
2452	BTIuuRO.exe
1548	PiGenll.exe
2400	AXRuNOs.exe
2488	WzqyyGg.exe
1784	sbyCCPp.exe
2408	AmwxeeC.exe
2228	hmgrCuc.exe
1080	jtvAPYh.exe
1068	BreQsgk.exe
2520	YHLXutt.exe
2484	URhdzGv.exe
1944	IQzSPKN.exe
1616	kwprCKp.exe
3032	IClQsYU.exe
2480	kLyNFRW.exe
2980	MRMLBwj.exe
2316	nrKTejU.exe
2828	mwNvaJE.exe
2752	OAwZbnb.exe
2848	ttGUukp.exe
2768	GxMdiiB.exe
2988	PWdXTMS.exe
2876	kwsaMlj.exe

Loads dropped DLL 64 IoCs

pid	Process
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1984-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x000c000000012254-3.dat	upx
behavioral1/files/0x0008000000016cf6-11.dat	upx
behavioral1/memory/2324-14-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/3040-10-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0008000000016d0c-9.dat	upx
behavioral1/files/0x0009000000016c53-25.dat	upx
behavioral1/memory/3064-31-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1964-42-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2816-41-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x0007000000016d1f-38.dat	upx
behavioral1/files/0x0007000000016d27-36.dat	upx
behavioral1/memory/2700-23-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2720-49-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/3040-48-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0007000000016d30-47.dat	upx
behavioral1/memory/1984-44-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2324-51-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00060000000190c6-94.dat	upx
behavioral1/files/0x0005000000019278-133.dat	upx
behavioral1/memory/2700-71-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/3064-148-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00050000000191fd-161.dat	upx
behavioral1/files/0x0005000000019263-167.dat	upx
behavioral1/files/0x000500000001938b-180.dat	upx
behavioral1/memory/2720-814-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0005000000019399-185.dat	upx
behavioral1/files/0x00050000000193b7-190.dat	upx
behavioral1/files/0x0005000000019280-175.dat	upx
behavioral1/memory/2108-123-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0005000000019240-121.dat	upx
behavioral1/files/0x00050000000186c8-114.dat	upx
behavioral1/files/0x0005000000019220-111.dat	upx
behavioral1/files/0x00060000000190c9-99.dat	upx
behavioral1/files/0x000500000001878d-90.dat	upx
behavioral1/files/0x000500000001867d-82.dat	upx
behavioral1/files/0x00060000000174bf-76.dat	upx
behavioral1/files/0x0006000000017481-75.dat	upx
behavioral1/files/0x0014000000018657-72.dat	upx
behavioral1/memory/2728-149-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x000600000001749c-145.dat	upx
behavioral1/files/0x000500000001925d-137.dat	upx
behavioral1/files/0x0005000000019238-136.dat	upx
behavioral1/files/0x0005000000019217-135.dat	upx
behavioral1/files/0x00050000000191f3-134.dat	upx
behavioral1/memory/2648-128-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x000d000000018662-95.dat	upx
behavioral1/files/0x0008000000016d40-58.dat	upx
behavioral1/memory/2904-89-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0009000000016d38-62.dat	upx
behavioral1/memory/2324-3849-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/3040-3884-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/3064-3930-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2816-3939-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2700-3957-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/1964-3960-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2720-3963-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2904-4058-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2728-4060-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2648-4059-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tQXnFEJ.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBjmOxi.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPTUSbL.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLhktXM.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZDAkYl.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPIYXlk.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQSmHCW.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axstwDx.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPMrEDq.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPqpyFK.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPCebHo.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQFvlzH.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFinwOR.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSWQzXW.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjDsKUr.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNaHkvM.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCeNEZt.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGeixJd.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STuiohl.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgYZxTl.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGcPeVs.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnEvXAy.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDSfdSU.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRIzzPD.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoleMmm.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCovBXk.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvUyWqu.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAMNGFj.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtwPMXq.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFNSRGt.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttGUukp.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqkYlQL.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGuBImj.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxPdUHD.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHwKjQZ.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKLKcWx.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTOrPcO.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAjIzHO.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WiGqnxC.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvvatUz.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPleCPm.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytqLbJl.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aizKdfC.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzjkmUw.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukolgeo.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtvDWKd.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmwxeeC.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMthDce.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLVDdZI.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rugfDkc.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvnsYJz.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEbnHxs.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZGGWtr.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwCzswF.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvTvrff.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTJJYed.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFdhnfd.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfUOusF.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJfDWnq.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWPjvgE.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muFPhVT.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypKuADw.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvWdhMy.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnWWGoy.exe	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 3040	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1984 wrote to memory of 3040	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1984 wrote to memory of 3040	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1984 wrote to memory of 2324	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1984 wrote to memory of 2324	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1984 wrote to memory of 2324	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1984 wrote to memory of 2700	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1984 wrote to memory of 2700	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1984 wrote to memory of 2700	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1984 wrote to memory of 3064	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1984 wrote to memory of 3064	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1984 wrote to memory of 3064	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1984 wrote to memory of 1964	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1984 wrote to memory of 1964	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1984 wrote to memory of 1964	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1984 wrote to memory of 2816	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1984 wrote to memory of 2816	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1984 wrote to memory of 2816	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1984 wrote to memory of 2720	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1984 wrote to memory of 2720	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1984 wrote to memory of 2720	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1984 wrote to memory of 2108	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1984 wrote to memory of 2108	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1984 wrote to memory of 2108	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1984 wrote to memory of 2904	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1984 wrote to memory of 2904	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1984 wrote to memory of 2904	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1984 wrote to memory of 2728	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1984 wrote to memory of 2728	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1984 wrote to memory of 2728	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1984 wrote to memory of 2620	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1984 wrote to memory of 2620	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1984 wrote to memory of 2620	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1984 wrote to memory of 2648	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1984 wrote to memory of 2648	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1984 wrote to memory of 2648	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1984 wrote to memory of 2140	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1984 wrote to memory of 2140	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1984 wrote to memory of 2140	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1984 wrote to memory of 2664	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1984 wrote to memory of 2664	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1984 wrote to memory of 2664	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1984 wrote to memory of 1376	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1984 wrote to memory of 1376	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1984 wrote to memory of 1376	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1984 wrote to memory of 3048	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1984 wrote to memory of 3048	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1984 wrote to memory of 3048	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1984 wrote to memory of 2268	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1984 wrote to memory of 2268	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1984 wrote to memory of 2268	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1984 wrote to memory of 380	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1984 wrote to memory of 380	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1984 wrote to memory of 380	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1984 wrote to memory of 2924	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1984 wrote to memory of 2924	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1984 wrote to memory of 2924	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1984 wrote to memory of 1536	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1984 wrote to memory of 1536	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1984 wrote to memory of 1536	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1984 wrote to memory of 2884	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1984 wrote to memory of 2884	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1984 wrote to memory of 2884	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1984 wrote to memory of 2916	1984	2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-13_139af362a783730cba1b7e76e174b146_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\System\NYnaLVs.exe
  C:\Windows\System\NYnaLVs.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\Xsoqkwv.exe
  C:\Windows\System\Xsoqkwv.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\gkKwvLg.exe
  C:\Windows\System\gkKwvLg.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\TAdrpXI.exe
  C:\Windows\System\TAdrpXI.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\iLNkbDU.exe
  C:\Windows\System\iLNkbDU.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\vJujGEv.exe
  C:\Windows\System\vJujGEv.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\XbouBnk.exe
  C:\Windows\System\XbouBnk.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\oUpzhID.exe
  C:\Windows\System\oUpzhID.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ytAVgAe.exe
  C:\Windows\System\ytAVgAe.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\UDgUhLQ.exe
  C:\Windows\System\UDgUhLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\tABlAyG.exe
  C:\Windows\System\tABlAyG.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\vEYsgUZ.exe
  C:\Windows\System\vEYsgUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\gqINNCU.exe
  C:\Windows\System\gqINNCU.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\aOKlRHz.exe
  C:\Windows\System\aOKlRHz.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\jBDXKAA.exe
  C:\Windows\System\jBDXKAA.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\wKICmkc.exe
  C:\Windows\System\wKICmkc.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\kWTtbUx.exe
  C:\Windows\System\kWTtbUx.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\mkgNvrJ.exe
  C:\Windows\System\mkgNvrJ.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\Quufncg.exe
  C:\Windows\System\Quufncg.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\lNfeMVI.exe
  C:\Windows\System\lNfeMVI.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ENxamBu.exe
  C:\Windows\System\ENxamBu.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\giLDzsw.exe
  C:\Windows\System\giLDzsw.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\WekFdKm.exe
  C:\Windows\System\WekFdKm.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ofwXmTK.exe
  C:\Windows\System\ofwXmTK.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\tKxdFMB.exe
  C:\Windows\System\tKxdFMB.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\ETuPbLZ.exe
  C:\Windows\System\ETuPbLZ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\GJgrWQA.exe
  C:\Windows\System\GJgrWQA.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\zALRJhz.exe
  C:\Windows\System\zALRJhz.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\cWntXvC.exe
  C:\Windows\System\cWntXvC.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\sIvbxkU.exe
  C:\Windows\System\sIvbxkU.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\eUYjEGG.exe
  C:\Windows\System\eUYjEGG.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\hsXWBkN.exe
  C:\Windows\System\hsXWBkN.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\QOfzMBF.exe
  C:\Windows\System\QOfzMBF.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\OUUrDHe.exe
  C:\Windows\System\OUUrDHe.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\xQkVjBV.exe
  C:\Windows\System\xQkVjBV.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ZmpjXfl.exe
  C:\Windows\System\ZmpjXfl.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\UtaEuar.exe
  C:\Windows\System\UtaEuar.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\vyLtqvy.exe
  C:\Windows\System\vyLtqvy.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\FwnglTI.exe
  C:\Windows\System\FwnglTI.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\qlsqacx.exe
  C:\Windows\System\qlsqacx.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\vWMlOEk.exe
  C:\Windows\System\vWMlOEk.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\BTIuuRO.exe
  C:\Windows\System\BTIuuRO.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\PiGenll.exe
  C:\Windows\System\PiGenll.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\AXRuNOs.exe
  C:\Windows\System\AXRuNOs.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\WzqyyGg.exe
  C:\Windows\System\WzqyyGg.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\sbyCCPp.exe
  C:\Windows\System\sbyCCPp.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\AmwxeeC.exe
  C:\Windows\System\AmwxeeC.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\hmgrCuc.exe
  C:\Windows\System\hmgrCuc.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\jtvAPYh.exe
  C:\Windows\System\jtvAPYh.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\BreQsgk.exe
  C:\Windows\System\BreQsgk.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\YHLXutt.exe
  C:\Windows\System\YHLXutt.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\URhdzGv.exe
  C:\Windows\System\URhdzGv.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\IQzSPKN.exe
  C:\Windows\System\IQzSPKN.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\kwprCKp.exe
  C:\Windows\System\kwprCKp.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\IClQsYU.exe
  C:\Windows\System\IClQsYU.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\kLyNFRW.exe
  C:\Windows\System\kLyNFRW.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\MRMLBwj.exe
  C:\Windows\System\MRMLBwj.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\nrKTejU.exe
  C:\Windows\System\nrKTejU.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\mwNvaJE.exe
  C:\Windows\System\mwNvaJE.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\OAwZbnb.exe
  C:\Windows\System\OAwZbnb.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\ttGUukp.exe
  C:\Windows\System\ttGUukp.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GxMdiiB.exe
  C:\Windows\System\GxMdiiB.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\PWdXTMS.exe
  C:\Windows\System\PWdXTMS.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\kwsaMlj.exe
  C:\Windows\System\kwsaMlj.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\jrRVjdg.exe
  C:\Windows\System\jrRVjdg.exe
  2⤵
  PID:2500
- C:\Windows\System\xoQRXeN.exe
  C:\Windows\System\xoQRXeN.exe
  2⤵
  PID:2644
- C:\Windows\System\YxvnQIO.exe
  C:\Windows\System\YxvnQIO.exe
  2⤵
  PID:2736
- C:\Windows\System\IsrgRjG.exe
  C:\Windows\System\IsrgRjG.exe
  2⤵
  PID:692
- C:\Windows\System\QeOpiPx.exe
  C:\Windows\System\QeOpiPx.exe
  2⤵
  PID:2932
- C:\Windows\System\YTPMcmS.exe
  C:\Windows\System\YTPMcmS.exe
  2⤵
  PID:1232
- C:\Windows\System\iCLxoFQ.exe
  C:\Windows\System\iCLxoFQ.exe
  2⤵
  PID:2224
- C:\Windows\System\gEPdNqY.exe
  C:\Windows\System\gEPdNqY.exe
  2⤵
  PID:580
- C:\Windows\System\lDfFoVD.exe
  C:\Windows\System\lDfFoVD.exe
  2⤵
  PID:1112
- C:\Windows\System\ijmVyJo.exe
  C:\Windows\System\ijmVyJo.exe
  2⤵
  PID:2636
- C:\Windows\System\vfbTzMq.exe
  C:\Windows\System\vfbTzMq.exe
  2⤵
  PID:640
- C:\Windows\System\ooYQsHr.exe
  C:\Windows\System\ooYQsHr.exe
  2⤵
  PID:968
- C:\Windows\System\fXgAFlr.exe
  C:\Windows\System\fXgAFlr.exe
  2⤵
  PID:1960
- C:\Windows\System\HMthDce.exe
  C:\Windows\System\HMthDce.exe
  2⤵
  PID:2712
- C:\Windows\System\kokJrWT.exe
  C:\Windows\System\kokJrWT.exe
  2⤵
  PID:1160
- C:\Windows\System\RuFSqBM.exe
  C:\Windows\System\RuFSqBM.exe
  2⤵
  PID:3016
- C:\Windows\System\ESVlfBT.exe
  C:\Windows\System\ESVlfBT.exe
  2⤵
  PID:2940
- C:\Windows\System\cMrGoWg.exe
  C:\Windows\System\cMrGoWg.exe
  2⤵
  PID:2196
- C:\Windows\System\RinysUk.exe
  C:\Windows\System\RinysUk.exe
  2⤵
  PID:1780
- C:\Windows\System\tbiiqtq.exe
  C:\Windows\System\tbiiqtq.exe
  2⤵
  PID:1748
- C:\Windows\System\IQqcutr.exe
  C:\Windows\System\IQqcutr.exe
  2⤵
  PID:916
- C:\Windows\System\mnvZOqN.exe
  C:\Windows\System\mnvZOqN.exe
  2⤵
  PID:1752
- C:\Windows\System\reUvUyl.exe
  C:\Windows\System\reUvUyl.exe
  2⤵
  PID:2304
- C:\Windows\System\jDRncTX.exe
  C:\Windows\System\jDRncTX.exe
  2⤵
  PID:1856
- C:\Windows\System\GlMnanp.exe
  C:\Windows\System\GlMnanp.exe
  2⤵
  PID:2156
- C:\Windows\System\XNbjUWu.exe
  C:\Windows\System\XNbjUWu.exe
  2⤵
  PID:2180
- C:\Windows\System\tjlARTp.exe
  C:\Windows\System\tjlARTp.exe
  2⤵
  PID:884
- C:\Windows\System\mtofReJ.exe
  C:\Windows\System\mtofReJ.exe
  2⤵
  PID:3028
- C:\Windows\System\zvtWFzV.exe
  C:\Windows\System\zvtWFzV.exe
  2⤵
  PID:2052
- C:\Windows\System\vgPLATi.exe
  C:\Windows\System\vgPLATi.exe
  2⤵
  PID:1724
- C:\Windows\System\QkEDQpL.exe
  C:\Windows\System\QkEDQpL.exe
  2⤵
  PID:3056
- C:\Windows\System\RHtnGNA.exe
  C:\Windows\System\RHtnGNA.exe
  2⤵
  PID:2200
- C:\Windows\System\bvebeQv.exe
  C:\Windows\System\bvebeQv.exe
  2⤵
  PID:2820
- C:\Windows\System\KzCgANX.exe
  C:\Windows\System\KzCgANX.exe
  2⤵
  PID:2772
- C:\Windows\System\VxfpGOP.exe
  C:\Windows\System\VxfpGOP.exe
  2⤵
  PID:2732
- C:\Windows\System\vcLxlrN.exe
  C:\Windows\System\vcLxlrN.exe
  2⤵
  PID:2436
- C:\Windows\System\BZmBpQy.exe
  C:\Windows\System\BZmBpQy.exe
  2⤵
  PID:2952
- C:\Windows\System\xaNeeMH.exe
  C:\Windows\System\xaNeeMH.exe
  2⤵
  PID:1012
- C:\Windows\System\ePhqIXI.exe
  C:\Windows\System\ePhqIXI.exe
  2⤵
  PID:2964
- C:\Windows\System\LYpHobA.exe
  C:\Windows\System\LYpHobA.exe
  2⤵
  PID:2552
- C:\Windows\System\kZpHieZ.exe
  C:\Windows\System\kZpHieZ.exe
  2⤵
  PID:2632
- C:\Windows\System\iUNeUlb.exe
  C:\Windows\System\iUNeUlb.exe
  2⤵
  PID:2288
- C:\Windows\System\dfLADBt.exe
  C:\Windows\System\dfLADBt.exe
  2⤵
  PID:532
- C:\Windows\System\DDNxUOf.exe
  C:\Windows\System\DDNxUOf.exe
  2⤵
  PID:2148
- C:\Windows\System\juUyNdd.exe
  C:\Windows\System\juUyNdd.exe
  2⤵
  PID:1868
- C:\Windows\System\zewSfWk.exe
  C:\Windows\System\zewSfWk.exe
  2⤵
  PID:1040
- C:\Windows\System\yISYkbz.exe
  C:\Windows\System\yISYkbz.exe
  2⤵
  PID:1032
- C:\Windows\System\NPcHvhB.exe
  C:\Windows\System\NPcHvhB.exe
  2⤵
  PID:1912
- C:\Windows\System\PrnUZYZ.exe
  C:\Windows\System\PrnUZYZ.exe
  2⤵
  PID:1808
- C:\Windows\System\kXXLHLl.exe
  C:\Windows\System\kXXLHLl.exe
  2⤵
  PID:1764
- C:\Windows\System\vymTypR.exe
  C:\Windows\System\vymTypR.exe
  2⤵
  PID:1996
- C:\Windows\System\YVRiGVv.exe
  C:\Windows\System\YVRiGVv.exe
  2⤵
  PID:2404
- C:\Windows\System\QMsEXEz.exe
  C:\Windows\System\QMsEXEz.exe
  2⤵
  PID:1196
- C:\Windows\System\PLSxKEU.exe
  C:\Windows\System\PLSxKEU.exe
  2⤵
  PID:1608
- C:\Windows\System\QHsAfBo.exe
  C:\Windows\System\QHsAfBo.exe
  2⤵
  PID:2352
- C:\Windows\System\hSAvplq.exe
  C:\Windows\System\hSAvplq.exe
  2⤵
  PID:888
- C:\Windows\System\oQaYldv.exe
  C:\Windows\System\oQaYldv.exe
  2⤵
  PID:2892
- C:\Windows\System\RvviHQH.exe
  C:\Windows\System\RvviHQH.exe
  2⤵
  PID:1824
- C:\Windows\System\EKCjNDS.exe
  C:\Windows\System\EKCjNDS.exe
  2⤵
  PID:1928
- C:\Windows\System\Lxgnfds.exe
  C:\Windows\System\Lxgnfds.exe
  2⤵
  PID:320
- C:\Windows\System\WiGqnxC.exe
  C:\Windows\System\WiGqnxC.exe
  2⤵
  PID:1324
- C:\Windows\System\zifvnCj.exe
  C:\Windows\System\zifvnCj.exe
  2⤵
  PID:1804
- C:\Windows\System\OQrsEhx.exe
  C:\Windows\System\OQrsEhx.exe
  2⤵
  PID:2572
- C:\Windows\System\XkNrhkQ.exe
  C:\Windows\System\XkNrhkQ.exe
  2⤵
  PID:2028
- C:\Windows\System\vreJDbc.exe
  C:\Windows\System\vreJDbc.exe
  2⤵
  PID:2588
- C:\Windows\System\WOpkWJt.exe
  C:\Windows\System\WOpkWJt.exe
  2⤵
  PID:1396
- C:\Windows\System\qAMNGFj.exe
  C:\Windows\System\qAMNGFj.exe
  2⤵
  PID:3036
- C:\Windows\System\KoiywPt.exe
  C:\Windows\System\KoiywPt.exe
  2⤵
  PID:2764
- C:\Windows\System\AvvNxPh.exe
  C:\Windows\System\AvvNxPh.exe
  2⤵
  PID:2012
- C:\Windows\System\jAZJSCm.exe
  C:\Windows\System\jAZJSCm.exe
  2⤵
  PID:2896
- C:\Windows\System\ZiZuRHR.exe
  C:\Windows\System\ZiZuRHR.exe
  2⤵
  PID:1200
- C:\Windows\System\WxBDeJm.exe
  C:\Windows\System\WxBDeJm.exe
  2⤵
  PID:1016
- C:\Windows\System\pGDXYxc.exe
  C:\Windows\System\pGDXYxc.exe
  2⤵
  PID:1876
- C:\Windows\System\yyDxlGm.exe
  C:\Windows\System\yyDxlGm.exe
  2⤵
  PID:3020
- C:\Windows\System\ctkArCk.exe
  C:\Windows\System\ctkArCk.exe
  2⤵
  PID:3076
- C:\Windows\System\OILimkG.exe
  C:\Windows\System\OILimkG.exe
  2⤵
  PID:3096
- C:\Windows\System\yBkSiRr.exe
  C:\Windows\System\yBkSiRr.exe
  2⤵
  PID:3116
- C:\Windows\System\VIKYvkl.exe
  C:\Windows\System\VIKYvkl.exe
  2⤵
  PID:3136
- C:\Windows\System\StoaimS.exe
  C:\Windows\System\StoaimS.exe
  2⤵
  PID:3156
- C:\Windows\System\VQSmHCW.exe
  C:\Windows\System\VQSmHCW.exe
  2⤵
  PID:3176
- C:\Windows\System\xeNavFt.exe
  C:\Windows\System\xeNavFt.exe
  2⤵
  PID:3196
- C:\Windows\System\JLeGCKQ.exe
  C:\Windows\System\JLeGCKQ.exe
  2⤵
  PID:3212
- C:\Windows\System\xUZIygP.exe
  C:\Windows\System\xUZIygP.exe
  2⤵
  PID:3236
- C:\Windows\System\uBPETis.exe
  C:\Windows\System\uBPETis.exe
  2⤵
  PID:3256
- C:\Windows\System\YpQRyVb.exe
  C:\Windows\System\YpQRyVb.exe
  2⤵
  PID:3276
- C:\Windows\System\SBpQjbO.exe
  C:\Windows\System\SBpQjbO.exe
  2⤵
  PID:3296
- C:\Windows\System\pznbLlQ.exe
  C:\Windows\System\pznbLlQ.exe
  2⤵
  PID:3316
- C:\Windows\System\ddlcfXa.exe
  C:\Windows\System\ddlcfXa.exe
  2⤵
  PID:3332
- C:\Windows\System\MNZQmBF.exe
  C:\Windows\System\MNZQmBF.exe
  2⤵
  PID:3356
- C:\Windows\System\cevuayW.exe
  C:\Windows\System\cevuayW.exe
  2⤵
  PID:3372
- C:\Windows\System\butoQEs.exe
  C:\Windows\System\butoQEs.exe
  2⤵
  PID:3396
- C:\Windows\System\yWvLdhi.exe
  C:\Windows\System\yWvLdhi.exe
  2⤵
  PID:3416
- C:\Windows\System\NKfiMMh.exe
  C:\Windows\System\NKfiMMh.exe
  2⤵
  PID:3436
- C:\Windows\System\zFYTpds.exe
  C:\Windows\System\zFYTpds.exe
  2⤵
  PID:3452
- C:\Windows\System\kYHRXGY.exe
  C:\Windows\System\kYHRXGY.exe
  2⤵
  PID:3476
- C:\Windows\System\PpyXZHC.exe
  C:\Windows\System\PpyXZHC.exe
  2⤵
  PID:3492
- C:\Windows\System\PioIoCq.exe
  C:\Windows\System\PioIoCq.exe
  2⤵
  PID:3512
- C:\Windows\System\phxlGoi.exe
  C:\Windows\System\phxlGoi.exe
  2⤵
  PID:3536
- C:\Windows\System\RIzVCsC.exe
  C:\Windows\System\RIzVCsC.exe
  2⤵
  PID:3556
- C:\Windows\System\hOYsqyZ.exe
  C:\Windows\System\hOYsqyZ.exe
  2⤵
  PID:3572
- C:\Windows\System\FAvxpaH.exe
  C:\Windows\System\FAvxpaH.exe
  2⤵
  PID:3596
- C:\Windows\System\wqMltrp.exe
  C:\Windows\System\wqMltrp.exe
  2⤵
  PID:3612
- C:\Windows\System\gDylpFt.exe
  C:\Windows\System\gDylpFt.exe
  2⤵
  PID:3636
- C:\Windows\System\jhJnTOG.exe
  C:\Windows\System\jhJnTOG.exe
  2⤵
  PID:3656
- C:\Windows\System\ncscFQO.exe
  C:\Windows\System\ncscFQO.exe
  2⤵
  PID:3676
- C:\Windows\System\uFvqDJO.exe
  C:\Windows\System\uFvqDJO.exe
  2⤵
  PID:3696
- C:\Windows\System\ybthouY.exe
  C:\Windows\System\ybthouY.exe
  2⤵
  PID:3716
- C:\Windows\System\rInhWZh.exe
  C:\Windows\System\rInhWZh.exe
  2⤵
  PID:3732
- C:\Windows\System\XMOzAGQ.exe
  C:\Windows\System\XMOzAGQ.exe
  2⤵
  PID:3752
- C:\Windows\System\gSQzDoH.exe
  C:\Windows\System\gSQzDoH.exe
  2⤵
  PID:3776
- C:\Windows\System\pnWOJDY.exe
  C:\Windows\System\pnWOJDY.exe
  2⤵
  PID:3796
- C:\Windows\System\EOVWxtQ.exe
  C:\Windows\System\EOVWxtQ.exe
  2⤵
  PID:3816
- C:\Windows\System\FdUPKTl.exe
  C:\Windows\System\FdUPKTl.exe
  2⤵
  PID:3836
- C:\Windows\System\axstwDx.exe
  C:\Windows\System\axstwDx.exe
  2⤵
  PID:3852
- C:\Windows\System\ZYmjuav.exe
  C:\Windows\System\ZYmjuav.exe
  2⤵
  PID:3876
- C:\Windows\System\qqHdxiA.exe
  C:\Windows\System\qqHdxiA.exe
  2⤵
  PID:3896
- C:\Windows\System\LKWNMjD.exe
  C:\Windows\System\LKWNMjD.exe
  2⤵
  PID:3916
- C:\Windows\System\sDJppsj.exe
  C:\Windows\System\sDJppsj.exe
  2⤵
  PID:3936
- C:\Windows\System\QAxapaD.exe
  C:\Windows\System\QAxapaD.exe
  2⤵
  PID:3956
- C:\Windows\System\dQzZvBh.exe
  C:\Windows\System\dQzZvBh.exe
  2⤵
  PID:3976
- C:\Windows\System\wsCTpDz.exe
  C:\Windows\System\wsCTpDz.exe
  2⤵
  PID:3996
- C:\Windows\System\KlEFVPL.exe
  C:\Windows\System\KlEFVPL.exe
  2⤵
  PID:4016
- C:\Windows\System\CjPzJST.exe
  C:\Windows\System\CjPzJST.exe
  2⤵
  PID:4036
- C:\Windows\System\mLOxWGm.exe
  C:\Windows\System\mLOxWGm.exe
  2⤵
  PID:4056
- C:\Windows\System\uEfFcOe.exe
  C:\Windows\System\uEfFcOe.exe
  2⤵
  PID:4076
- C:\Windows\System\ejjjoWp.exe
  C:\Windows\System\ejjjoWp.exe
  2⤵
  PID:932
- C:\Windows\System\OvSbReM.exe
  C:\Windows\System\OvSbReM.exe
  2⤵
  PID:2244
- C:\Windows\System\ZoDTtZD.exe
  C:\Windows\System\ZoDTtZD.exe
  2⤵
  PID:2160
- C:\Windows\System\TntHaBw.exe
  C:\Windows\System\TntHaBw.exe
  2⤵
  PID:768
- C:\Windows\System\yfPenoL.exe
  C:\Windows\System\yfPenoL.exe
  2⤵
  PID:1428
- C:\Windows\System\LDKblbN.exe
  C:\Windows\System\LDKblbN.exe
  2⤵
  PID:2412
- C:\Windows\System\dsYnHoj.exe
  C:\Windows\System\dsYnHoj.exe
  2⤵
  PID:3112
- C:\Windows\System\MzsJCgD.exe
  C:\Windows\System\MzsJCgD.exe
  2⤵
  PID:3144
- C:\Windows\System\DKiZXdJ.exe
  C:\Windows\System\DKiZXdJ.exe
  2⤵
  PID:3128
- C:\Windows\System\eylUaTV.exe
  C:\Windows\System\eylUaTV.exe
  2⤵
  PID:3172
- C:\Windows\System\cuYVUBn.exe
  C:\Windows\System\cuYVUBn.exe
  2⤵
  PID:3208
- C:\Windows\System\aqFePfd.exe
  C:\Windows\System\aqFePfd.exe
  2⤵
  PID:3272
- C:\Windows\System\mQJhUVO.exe
  C:\Windows\System\mQJhUVO.exe
  2⤵
  PID:3304
- C:\Windows\System\FOmhspM.exe
  C:\Windows\System\FOmhspM.exe
  2⤵
  PID:3340
- C:\Windows\System\choVApc.exe
  C:\Windows\System\choVApc.exe
  2⤵
  PID:3380
- C:\Windows\System\LjAQcmR.exe
  C:\Windows\System\LjAQcmR.exe
  2⤵
  PID:3424
- C:\Windows\System\IoJQTHM.exe
  C:\Windows\System\IoJQTHM.exe
  2⤵
  PID:3412
- C:\Windows\System\xGRsBtd.exe
  C:\Windows\System\xGRsBtd.exe
  2⤵
  PID:3464
- C:\Windows\System\XduZVtn.exe
  C:\Windows\System\XduZVtn.exe
  2⤵
  PID:3484
- C:\Windows\System\jSgGWvQ.exe
  C:\Windows\System\jSgGWvQ.exe
  2⤵
  PID:3520
- C:\Windows\System\JhdvhSL.exe
  C:\Windows\System\JhdvhSL.exe
  2⤵
  PID:3580
- C:\Windows\System\ZdiiFxk.exe
  C:\Windows\System\ZdiiFxk.exe
  2⤵
  PID:3568
- C:\Windows\System\cTzkUPS.exe
  C:\Windows\System\cTzkUPS.exe
  2⤵
  PID:3604
- C:\Windows\System\yoKKcuA.exe
  C:\Windows\System\yoKKcuA.exe
  2⤵
  PID:3668
- C:\Windows\System\TLylcqQ.exe
  C:\Windows\System\TLylcqQ.exe
  2⤵
  PID:3684
- C:\Windows\System\gwjzILA.exe
  C:\Windows\System\gwjzILA.exe
  2⤵
  PID:3728
- C:\Windows\System\riSPQYD.exe
  C:\Windows\System\riSPQYD.exe
  2⤵
  PID:3760
- C:\Windows\System\smcVyVB.exe
  C:\Windows\System\smcVyVB.exe
  2⤵
  PID:3772
- C:\Windows\System\lyYFVvT.exe
  C:\Windows\System\lyYFVvT.exe
  2⤵
  PID:3812
- C:\Windows\System\ZliMtle.exe
  C:\Windows\System\ZliMtle.exe
  2⤵
  PID:3872
- C:\Windows\System\HUkZnLo.exe
  C:\Windows\System\HUkZnLo.exe
  2⤵
  PID:3912
- C:\Windows\System\jMJugmM.exe
  C:\Windows\System\jMJugmM.exe
  2⤵
  PID:3924
- C:\Windows\System\FCcCFtO.exe
  C:\Windows\System\FCcCFtO.exe
  2⤵
  PID:3984
- C:\Windows\System\kZQtJyJ.exe
  C:\Windows\System\kZQtJyJ.exe
  2⤵
  PID:3988
- C:\Windows\System\VlkfdNq.exe
  C:\Windows\System\VlkfdNq.exe
  2⤵
  PID:4008
- C:\Windows\System\EMQasPc.exe
  C:\Windows\System\EMQasPc.exe
  2⤵
  PID:4048
- C:\Windows\System\iJxlxwH.exe
  C:\Windows\System\iJxlxwH.exe
  2⤵
  PID:4084
- C:\Windows\System\gZCZQug.exe
  C:\Windows\System\gZCZQug.exe
  2⤵
  PID:1564
- C:\Windows\System\pBfSCPS.exe
  C:\Windows\System\pBfSCPS.exe
  2⤵
  PID:2332
- C:\Windows\System\YtQRqdq.exe
  C:\Windows\System\YtQRqdq.exe
  2⤵
  PID:1404
- C:\Windows\System\NSKdsNq.exe
  C:\Windows\System\NSKdsNq.exe
  2⤵
  PID:3104
- C:\Windows\System\DHJDdOq.exe
  C:\Windows\System\DHJDdOq.exe
  2⤵
  PID:3188
- C:\Windows\System\GsSDoyS.exe
  C:\Windows\System\GsSDoyS.exe
  2⤵
  PID:3244
- C:\Windows\System\efuOoTH.exe
  C:\Windows\System\efuOoTH.exe
  2⤵
  PID:3312
- C:\Windows\System\uIpmAiH.exe
  C:\Windows\System\uIpmAiH.exe
  2⤵
  PID:3388
- C:\Windows\System\WBbmBXC.exe
  C:\Windows\System\WBbmBXC.exe
  2⤵
  PID:3344
- C:\Windows\System\lhrAvnI.exe
  C:\Windows\System\lhrAvnI.exe
  2⤵
  PID:3472
- C:\Windows\System\mdMHdzO.exe
  C:\Windows\System\mdMHdzO.exe
  2⤵
  PID:3544
- C:\Windows\System\yuuWSEi.exe
  C:\Windows\System\yuuWSEi.exe
  2⤵
  PID:3564
- C:\Windows\System\gmpklBm.exe
  C:\Windows\System\gmpklBm.exe
  2⤵
  PID:3664
- C:\Windows\System\XsGpset.exe
  C:\Windows\System\XsGpset.exe
  2⤵
  PID:3688
- C:\Windows\System\HQgLKUp.exe
  C:\Windows\System\HQgLKUp.exe
  2⤵
  PID:3748
- C:\Windows\System\kGlLtrm.exe
  C:\Windows\System\kGlLtrm.exe
  2⤵
  PID:3804
- C:\Windows\System\hkeXYjn.exe
  C:\Windows\System\hkeXYjn.exe
  2⤵
  PID:3828
- C:\Windows\System\JPDhjFA.exe
  C:\Windows\System\JPDhjFA.exe
  2⤵
  PID:3944
- C:\Windows\System\xHMdbOe.exe
  C:\Windows\System\xHMdbOe.exe
  2⤵
  PID:3992
- C:\Windows\System\lgmXEHn.exe
  C:\Windows\System\lgmXEHn.exe
  2⤵
  PID:4028
- C:\Windows\System\KllCDJH.exe
  C:\Windows\System\KllCDJH.exe
  2⤵
  PID:4092
- C:\Windows\System\YMySSOh.exe
  C:\Windows\System\YMySSOh.exe
  2⤵
  PID:2136
- C:\Windows\System\yFsDURD.exe
  C:\Windows\System\yFsDURD.exe
  2⤵
  PID:2888
- C:\Windows\System\OCFMZWK.exe
  C:\Windows\System\OCFMZWK.exe
  2⤵
  PID:3184
- C:\Windows\System\XTcnudW.exe
  C:\Windows\System\XTcnudW.exe
  2⤵
  PID:3220
- C:\Windows\System\tdeCgpI.exe
  C:\Windows\System\tdeCgpI.exe
  2⤵
  PID:3288
- C:\Windows\System\BWPjvgE.exe
  C:\Windows\System\BWPjvgE.exe
  2⤵
  PID:3328
- C:\Windows\System\yousgvT.exe
  C:\Windows\System\yousgvT.exe
  2⤵
  PID:3552
- C:\Windows\System\XLVDdZI.exe
  C:\Windows\System\XLVDdZI.exe
  2⤵
  PID:3584
- C:\Windows\System\muFPhVT.exe
  C:\Windows\System\muFPhVT.exe
  2⤵
  PID:3632
- C:\Windows\System\tdCmBZt.exe
  C:\Windows\System\tdCmBZt.exe
  2⤵
  PID:2356
- C:\Windows\System\uqkYlQL.exe
  C:\Windows\System\uqkYlQL.exe
  2⤵
  PID:3712
- C:\Windows\System\AskEkmO.exe
  C:\Windows\System\AskEkmO.exe
  2⤵
  PID:3768
- C:\Windows\System\RBcdhVh.exe
  C:\Windows\System\RBcdhVh.exe
  2⤵
  PID:3904
- C:\Windows\System\KyYxfar.exe
  C:\Windows\System\KyYxfar.exe
  2⤵
  PID:3928
- C:\Windows\System\PNRCDyc.exe
  C:\Windows\System\PNRCDyc.exe
  2⤵
  PID:4072
- C:\Windows\System\kbPJaFi.exe
  C:\Windows\System\kbPJaFi.exe
  2⤵
  PID:4068
- C:\Windows\System\hFfzrRa.exe
  C:\Windows\System\hFfzrRa.exe
  2⤵
  PID:4108
- C:\Windows\System\QSijssC.exe
  C:\Windows\System\QSijssC.exe
  2⤵
  PID:4128
- C:\Windows\System\BxTRRIw.exe
  C:\Windows\System\BxTRRIw.exe
  2⤵
  PID:4148
- C:\Windows\System\UewCXUW.exe
  C:\Windows\System\UewCXUW.exe
  2⤵
  PID:4168
- C:\Windows\System\gvvatUz.exe
  C:\Windows\System\gvvatUz.exe
  2⤵
  PID:4188
- C:\Windows\System\IjAuPHi.exe
  C:\Windows\System\IjAuPHi.exe
  2⤵
  PID:4208
- C:\Windows\System\MhDZxBL.exe
  C:\Windows\System\MhDZxBL.exe
  2⤵
  PID:4228
- C:\Windows\System\yjtjazd.exe
  C:\Windows\System\yjtjazd.exe
  2⤵
  PID:4248
- C:\Windows\System\tQXnFEJ.exe
  C:\Windows\System\tQXnFEJ.exe
  2⤵
  PID:4268
- C:\Windows\System\uoQuIfm.exe
  C:\Windows\System\uoQuIfm.exe
  2⤵
  PID:4288
- C:\Windows\System\IZMadnz.exe
  C:\Windows\System\IZMadnz.exe
  2⤵
  PID:4308
- C:\Windows\System\vhEHiLM.exe
  C:\Windows\System\vhEHiLM.exe
  2⤵
  PID:4328
- C:\Windows\System\QLcVXSJ.exe
  C:\Windows\System\QLcVXSJ.exe
  2⤵
  PID:4348
- C:\Windows\System\rugfDkc.exe
  C:\Windows\System\rugfDkc.exe
  2⤵
  PID:4368
- C:\Windows\System\ieETsgJ.exe
  C:\Windows\System\ieETsgJ.exe
  2⤵
  PID:4388
- C:\Windows\System\cqqeRzA.exe
  C:\Windows\System\cqqeRzA.exe
  2⤵
  PID:4408
- C:\Windows\System\ouaDhxG.exe
  C:\Windows\System\ouaDhxG.exe
  2⤵
  PID:4424
- C:\Windows\System\ULdlBUd.exe
  C:\Windows\System\ULdlBUd.exe
  2⤵
  PID:4448
- C:\Windows\System\hIlTJgL.exe
  C:\Windows\System\hIlTJgL.exe
  2⤵
  PID:4468
- C:\Windows\System\ReTMiWS.exe
  C:\Windows\System\ReTMiWS.exe
  2⤵
  PID:4488
- C:\Windows\System\FXYMtst.exe
  C:\Windows\System\FXYMtst.exe
  2⤵
  PID:4508
- C:\Windows\System\nBjmOxi.exe
  C:\Windows\System\nBjmOxi.exe
  2⤵
  PID:4528
- C:\Windows\System\LsKmdAI.exe
  C:\Windows\System\LsKmdAI.exe
  2⤵
  PID:4548
- C:\Windows\System\SfLCvMT.exe
  C:\Windows\System\SfLCvMT.exe
  2⤵
  PID:4568
- C:\Windows\System\qUqvNNM.exe
  C:\Windows\System\qUqvNNM.exe
  2⤵
  PID:4588
- C:\Windows\System\SgCyYOr.exe
  C:\Windows\System\SgCyYOr.exe
  2⤵
  PID:4608
- C:\Windows\System\roYEeYj.exe
  C:\Windows\System\roYEeYj.exe
  2⤵
  PID:4628
- C:\Windows\System\OSyIGBE.exe
  C:\Windows\System\OSyIGBE.exe
  2⤵
  PID:4648
- C:\Windows\System\FRYIumS.exe
  C:\Windows\System\FRYIumS.exe
  2⤵
  PID:4668
- C:\Windows\System\mxdgtBf.exe
  C:\Windows\System\mxdgtBf.exe
  2⤵
  PID:4688
- C:\Windows\System\asSrxOr.exe
  C:\Windows\System\asSrxOr.exe
  2⤵
  PID:4708
- C:\Windows\System\ocfaBae.exe
  C:\Windows\System\ocfaBae.exe
  2⤵
  PID:4728
- C:\Windows\System\tyPGJWQ.exe
  C:\Windows\System\tyPGJWQ.exe
  2⤵
  PID:4748
- C:\Windows\System\HkxqdOU.exe
  C:\Windows\System\HkxqdOU.exe
  2⤵
  PID:4768
- C:\Windows\System\IaTmJTm.exe
  C:\Windows\System\IaTmJTm.exe
  2⤵
  PID:4788
- C:\Windows\System\lWpeElx.exe
  C:\Windows\System\lWpeElx.exe
  2⤵
  PID:4808
- C:\Windows\System\nPMrEDq.exe
  C:\Windows\System\nPMrEDq.exe
  2⤵
  PID:4828
- C:\Windows\System\hMmWyMG.exe
  C:\Windows\System\hMmWyMG.exe
  2⤵
  PID:4848
- C:\Windows\System\NTaisKC.exe
  C:\Windows\System\NTaisKC.exe
  2⤵
  PID:4868
- C:\Windows\System\FGuBImj.exe
  C:\Windows\System\FGuBImj.exe
  2⤵
  PID:4888
- C:\Windows\System\oBfEkHd.exe
  C:\Windows\System\oBfEkHd.exe
  2⤵
  PID:4908
- C:\Windows\System\DYxMmoG.exe
  C:\Windows\System\DYxMmoG.exe
  2⤵
  PID:4932
- C:\Windows\System\VtnxwFi.exe
  C:\Windows\System\VtnxwFi.exe
  2⤵
  PID:4952
- C:\Windows\System\pTdybRx.exe
  C:\Windows\System\pTdybRx.exe
  2⤵
  PID:4972
- C:\Windows\System\dwCzswF.exe
  C:\Windows\System\dwCzswF.exe
  2⤵
  PID:4992
- C:\Windows\System\iKqeCWm.exe
  C:\Windows\System\iKqeCWm.exe
  2⤵
  PID:5012
- C:\Windows\System\gSeadsm.exe
  C:\Windows\System\gSeadsm.exe
  2⤵
  PID:5032
- C:\Windows\System\okDbfyv.exe
  C:\Windows\System\okDbfyv.exe
  2⤵
  PID:5052
- C:\Windows\System\yPUsqUv.exe
  C:\Windows\System\yPUsqUv.exe
  2⤵
  PID:5072
- C:\Windows\System\FTkhShr.exe
  C:\Windows\System\FTkhShr.exe
  2⤵
  PID:5092
- C:\Windows\System\BpqaGBv.exe
  C:\Windows\System\BpqaGBv.exe
  2⤵
  PID:5112
- C:\Windows\System\jONLghG.exe
  C:\Windows\System\jONLghG.exe
  2⤵
  PID:3088
- C:\Windows\System\WwJQFfd.exe
  C:\Windows\System\WwJQFfd.exe
  2⤵
  PID:3352
- C:\Windows\System\jufYnXo.exe
  C:\Windows\System\jufYnXo.exe
  2⤵
  PID:3592
- C:\Windows\System\barrLQZ.exe
  C:\Windows\System\barrLQZ.exe
  2⤵
  PID:3628
- C:\Windows\System\FfVhsOX.exe
  C:\Windows\System\FfVhsOX.exe
  2⤵
  PID:3672
- C:\Windows\System\TKLaaDK.exe
  C:\Windows\System\TKLaaDK.exe
  2⤵
  PID:3624
- C:\Windows\System\MqtLObR.exe
  C:\Windows\System\MqtLObR.exe
  2⤵
  PID:3868
- C:\Windows\System\Acdmsky.exe
  C:\Windows\System\Acdmsky.exe
  2⤵
  PID:4064
- C:\Windows\System\PTxBytx.exe
  C:\Windows\System\PTxBytx.exe
  2⤵
  PID:960
- C:\Windows\System\GrWciYE.exe
  C:\Windows\System\GrWciYE.exe
  2⤵
  PID:4136
- C:\Windows\System\wTaMOMV.exe
  C:\Windows\System\wTaMOMV.exe
  2⤵
  PID:4140
- C:\Windows\System\JxmZCaM.exe
  C:\Windows\System\JxmZCaM.exe
  2⤵
  PID:4184
- C:\Windows\System\voHmJWb.exe
  C:\Windows\System\voHmJWb.exe
  2⤵
  PID:4216
- C:\Windows\System\JSdYjir.exe
  C:\Windows\System\JSdYjir.exe
  2⤵
  PID:4264
- C:\Windows\System\LGEqhYc.exe
  C:\Windows\System\LGEqhYc.exe
  2⤵
  PID:4304
- C:\Windows\System\zMpobUd.exe
  C:\Windows\System\zMpobUd.exe
  2⤵
  PID:4336
- C:\Windows\System\rEKuiES.exe
  C:\Windows\System\rEKuiES.exe
  2⤵
  PID:4360
- C:\Windows\System\SdUMVxK.exe
  C:\Windows\System\SdUMVxK.exe
  2⤵
  PID:4404
- C:\Windows\System\kKZcTBF.exe
  C:\Windows\System\kKZcTBF.exe
  2⤵
  PID:4444
- C:\Windows\System\WKOQLlG.exe
  C:\Windows\System\WKOQLlG.exe
  2⤵
  PID:4484
- C:\Windows\System\HGThLrB.exe
  C:\Windows\System\HGThLrB.exe
  2⤵
  PID:4516
- C:\Windows\System\rPkiVkt.exe
  C:\Windows\System\rPkiVkt.exe
  2⤵
  PID:4500
- C:\Windows\System\iSfhpzt.exe
  C:\Windows\System\iSfhpzt.exe
  2⤵
  PID:4544
- C:\Windows\System\OXwOSpK.exe
  C:\Windows\System\OXwOSpK.exe
  2⤵
  PID:4596
- C:\Windows\System\QnywbNx.exe
  C:\Windows\System\QnywbNx.exe
  2⤵
  PID:4604
- C:\Windows\System\InYIuDv.exe
  C:\Windows\System\InYIuDv.exe
  2⤵
  PID:4640
- C:\Windows\System\oHSfXqJ.exe
  C:\Windows\System\oHSfXqJ.exe
  2⤵
  PID:4684
- C:\Windows\System\BGkQrRb.exe
  C:\Windows\System\BGkQrRb.exe
  2⤵
  PID:4700
- C:\Windows\System\qpbCxaE.exe
  C:\Windows\System\qpbCxaE.exe
  2⤵
  PID:4764
- C:\Windows\System\XMzGAbM.exe
  C:\Windows\System\XMzGAbM.exe
  2⤵
  PID:4796
- C:\Windows\System\eNwJCxK.exe
  C:\Windows\System\eNwJCxK.exe
  2⤵
  PID:4800
- C:\Windows\System\MFqlyuB.exe
  C:\Windows\System\MFqlyuB.exe
  2⤵
  PID:4824
- C:\Windows\System\NuArVVA.exe
  C:\Windows\System\NuArVVA.exe
  2⤵
  PID:4864
- C:\Windows\System\tKxVajj.exe
  C:\Windows\System\tKxVajj.exe
  2⤵
  PID:4900
- C:\Windows\System\TcKVosR.exe
  C:\Windows\System\TcKVosR.exe
  2⤵
  PID:4960
- C:\Windows\System\PjGPTGP.exe
  C:\Windows\System\PjGPTGP.exe
  2⤵
  PID:5000
- C:\Windows\System\FWJUDZx.exe
  C:\Windows\System\FWJUDZx.exe
  2⤵
  PID:5004
- C:\Windows\System\BaECnow.exe
  C:\Windows\System\BaECnow.exe
  2⤵
  PID:5024
- C:\Windows\System\OkzobIN.exe
  C:\Windows\System\OkzobIN.exe
  2⤵
  PID:5088
- C:\Windows\System\rFHIQRw.exe
  C:\Windows\System\rFHIQRw.exe
  2⤵
  PID:3124
- C:\Windows\System\zxCrOFN.exe
  C:\Windows\System\zxCrOFN.exe
  2⤵
  PID:2936
- C:\Windows\System\LlbBgNH.exe
  C:\Windows\System\LlbBgNH.exe
  2⤵
  PID:3404
- C:\Windows\System\gfqvIWy.exe
  C:\Windows\System\gfqvIWy.exe
  2⤵
  PID:2536
- C:\Windows\System\tdYDGFd.exe
  C:\Windows\System\tdYDGFd.exe
  2⤵
  PID:3708
- C:\Windows\System\SKmOzlj.exe
  C:\Windows\System\SKmOzlj.exe
  2⤵
  PID:4116
- C:\Windows\System\abHNEww.exe
  C:\Windows\System\abHNEww.exe
  2⤵
  PID:4100
- C:\Windows\System\hlDraDx.exe
  C:\Windows\System\hlDraDx.exe
  2⤵
  PID:4236
- C:\Windows\System\yiNpgNI.exe
  C:\Windows\System\yiNpgNI.exe
  2⤵
  PID:4284
- C:\Windows\System\bRXOUra.exe
  C:\Windows\System\bRXOUra.exe
  2⤵
  PID:4280
- C:\Windows\System\XhtpzKp.exe
  C:\Windows\System\XhtpzKp.exe
  2⤵
  PID:4416
- C:\Windows\System\qfUqxvv.exe
  C:\Windows\System\qfUqxvv.exe
  2⤵
  PID:4384
- C:\Windows\System\IlNAegN.exe
  C:\Windows\System\IlNAegN.exe
  2⤵
  PID:4476
- C:\Windows\System\XSwfqeB.exe
  C:\Windows\System\XSwfqeB.exe
  2⤵
  PID:4536
- C:\Windows\System\plQORta.exe
  C:\Windows\System\plQORta.exe
  2⤵
  PID:4496
- C:\Windows\System\wstAEjz.exe
  C:\Windows\System\wstAEjz.exe
  2⤵
  PID:4580
- C:\Windows\System\YroqEvk.exe
  C:\Windows\System\YroqEvk.exe
  2⤵
  PID:4676
- C:\Windows\System\AVtlmsW.exe
  C:\Windows\System\AVtlmsW.exe
  2⤵
  PID:4724
- C:\Windows\System\OHKnkNR.exe
  C:\Windows\System\OHKnkNR.exe
  2⤵
  PID:4760
- C:\Windows\System\yEUebTJ.exe
  C:\Windows\System\yEUebTJ.exe
  2⤵
  PID:4884
- C:\Windows\System\kMvvOYa.exe
  C:\Windows\System\kMvvOYa.exe
  2⤵
  PID:4880
- C:\Windows\System\kaeuqeH.exe
  C:\Windows\System\kaeuqeH.exe
  2⤵
  PID:4920
- C:\Windows\System\nUnUfqo.exe
  C:\Windows\System\nUnUfqo.exe
  2⤵
  PID:5068
- C:\Windows\System\NdWJUYQ.exe
  C:\Windows\System\NdWJUYQ.exe
  2⤵
  PID:5060
- C:\Windows\System\IPbIPFa.exe
  C:\Windows\System\IPbIPFa.exe
  2⤵
  PID:3132
- C:\Windows\System\STuiohl.exe
  C:\Windows\System\STuiohl.exe
  2⤵
  PID:3908
- C:\Windows\System\YAVoScL.exe
  C:\Windows\System\YAVoScL.exe
  2⤵
  PID:3744
- C:\Windows\System\IxPdUHD.exe
  C:\Windows\System\IxPdUHD.exe
  2⤵
  PID:340
- C:\Windows\System\xpiXxfg.exe
  C:\Windows\System\xpiXxfg.exe
  2⤵
  PID:4256
- C:\Windows\System\cwbcOHj.exe
  C:\Windows\System\cwbcOHj.exe
  2⤵
  PID:4244
- C:\Windows\System\ONxNNdz.exe
  C:\Windows\System\ONxNNdz.exe
  2⤵
  PID:4320
- C:\Windows\System\EVSKyxe.exe
  C:\Windows\System\EVSKyxe.exe
  2⤵
  PID:4520
- C:\Windows\System\OdDzUBO.exe
  C:\Windows\System\OdDzUBO.exe
  2⤵
  PID:4464
- C:\Windows\System\CxLekFG.exe
  C:\Windows\System\CxLekFG.exe
  2⤵
  PID:4616
- C:\Windows\System\keGVVNf.exe
  C:\Windows\System\keGVVNf.exe
  2⤵
  PID:4856
- C:\Windows\System\pHzbOGV.exe
  C:\Windows\System\pHzbOGV.exe
  2⤵
  PID:4904
- C:\Windows\System\IVZlUBj.exe
  C:\Windows\System\IVZlUBj.exe
  2⤵
  PID:4964
- C:\Windows\System\vyWSLas.exe
  C:\Windows\System\vyWSLas.exe
  2⤵
  PID:5108
- C:\Windows\System\kacBpfy.exe
  C:\Windows\System\kacBpfy.exe
  2⤵
  PID:3504
- C:\Windows\System\UztWhaZ.exe
  C:\Windows\System\UztWhaZ.exe
  2⤵
  PID:4144
- C:\Windows\System\RGUbawX.exe
  C:\Windows\System\RGUbawX.exe
  2⤵
  PID:5140
- C:\Windows\System\lFYqzxN.exe
  C:\Windows\System\lFYqzxN.exe
  2⤵
  PID:5160
- C:\Windows\System\cwrQkFt.exe
  C:\Windows\System\cwrQkFt.exe
  2⤵
  PID:5192
- C:\Windows\System\XHdJYUp.exe
  C:\Windows\System\XHdJYUp.exe
  2⤵
  PID:5212
- C:\Windows\System\YsIZADq.exe
  C:\Windows\System\YsIZADq.exe
  2⤵
  PID:5232
- C:\Windows\System\ucLcbWM.exe
  C:\Windows\System\ucLcbWM.exe
  2⤵
  PID:5252
- C:\Windows\System\LLKcjEs.exe
  C:\Windows\System\LLKcjEs.exe
  2⤵
  PID:5272
- C:\Windows\System\PUYhtNQ.exe
  C:\Windows\System\PUYhtNQ.exe
  2⤵
  PID:5292
- C:\Windows\System\vVrNxbP.exe
  C:\Windows\System\vVrNxbP.exe
  2⤵
  PID:5312
- C:\Windows\System\hMkVdYM.exe
  C:\Windows\System\hMkVdYM.exe
  2⤵
  PID:5328
- C:\Windows\System\ebphbsW.exe
  C:\Windows\System\ebphbsW.exe
  2⤵
  PID:5352
- C:\Windows\System\gXMPtNd.exe
  C:\Windows\System\gXMPtNd.exe
  2⤵
  PID:5372
- C:\Windows\System\pCnBNcE.exe
  C:\Windows\System\pCnBNcE.exe
  2⤵
  PID:5392
- C:\Windows\System\wguIUkk.exe
  C:\Windows\System\wguIUkk.exe
  2⤵
  PID:5408
- C:\Windows\System\KtMMDaM.exe
  C:\Windows\System\KtMMDaM.exe
  2⤵
  PID:5432
- C:\Windows\System\srxcXJC.exe
  C:\Windows\System\srxcXJC.exe
  2⤵
  PID:5448
- C:\Windows\System\OEEnhoJ.exe
  C:\Windows\System\OEEnhoJ.exe
  2⤵
  PID:5472
- C:\Windows\System\fgiulPA.exe
  C:\Windows\System\fgiulPA.exe
  2⤵
  PID:5492
- C:\Windows\System\FWJgNtF.exe
  C:\Windows\System\FWJgNtF.exe
  2⤵
  PID:5516
- C:\Windows\System\emQQkjO.exe
  C:\Windows\System\emQQkjO.exe
  2⤵
  PID:5536
- C:\Windows\System\wWMzFWx.exe
  C:\Windows\System\wWMzFWx.exe
  2⤵
  PID:5564
- C:\Windows\System\AJstHAa.exe
  C:\Windows\System\AJstHAa.exe
  2⤵
  PID:5584
- C:\Windows\System\dPqpyFK.exe
  C:\Windows\System\dPqpyFK.exe
  2⤵
  PID:5604
- C:\Windows\System\GRRMhxE.exe
  C:\Windows\System\GRRMhxE.exe
  2⤵
  PID:5624
- C:\Windows\System\PlDbyOY.exe
  C:\Windows\System\PlDbyOY.exe
  2⤵
  PID:5644
- C:\Windows\System\kauKfNl.exe
  C:\Windows\System\kauKfNl.exe
  2⤵
  PID:5664
- C:\Windows\System\CSgXWin.exe
  C:\Windows\System\CSgXWin.exe
  2⤵
  PID:5684
- C:\Windows\System\cRbWMLL.exe
  C:\Windows\System\cRbWMLL.exe
  2⤵
  PID:5704
- C:\Windows\System\UwsEWDL.exe
  C:\Windows\System\UwsEWDL.exe
  2⤵
  PID:5724
- C:\Windows\System\MgbhZyg.exe
  C:\Windows\System\MgbhZyg.exe
  2⤵
  PID:5744
- C:\Windows\System\vHofkla.exe
  C:\Windows\System\vHofkla.exe
  2⤵
  PID:5764
- C:\Windows\System\ImPutGj.exe
  C:\Windows\System\ImPutGj.exe
  2⤵
  PID:5784
- C:\Windows\System\PWMzDMD.exe
  C:\Windows\System\PWMzDMD.exe
  2⤵
  PID:5804
- C:\Windows\System\NntyNim.exe
  C:\Windows\System\NntyNim.exe
  2⤵
  PID:5824
- C:\Windows\System\sUzPmDI.exe
  C:\Windows\System\sUzPmDI.exe
  2⤵
  PID:5844
- C:\Windows\System\LfTRlyD.exe
  C:\Windows\System\LfTRlyD.exe
  2⤵
  PID:5864
- C:\Windows\System\uXKQaAA.exe
  C:\Windows\System\uXKQaAA.exe
  2⤵
  PID:5884
- C:\Windows\System\KgJjAkH.exe
  C:\Windows\System\KgJjAkH.exe
  2⤵
  PID:5904
- C:\Windows\System\xbtrTEu.exe
  C:\Windows\System\xbtrTEu.exe
  2⤵
  PID:5924
- C:\Windows\System\CpDRCMQ.exe
  C:\Windows\System\CpDRCMQ.exe
  2⤵
  PID:5944
- C:\Windows\System\zwiDBhQ.exe
  C:\Windows\System\zwiDBhQ.exe
  2⤵
  PID:5964
- C:\Windows\System\WBNjwns.exe
  C:\Windows\System\WBNjwns.exe
  2⤵
  PID:5984
- C:\Windows\System\gNRZHkC.exe
  C:\Windows\System\gNRZHkC.exe
  2⤵
  PID:6004
- C:\Windows\System\dVDldMq.exe
  C:\Windows\System\dVDldMq.exe
  2⤵
  PID:6024
- C:\Windows\System\deTyhey.exe
  C:\Windows\System\deTyhey.exe
  2⤵
  PID:6044
- C:\Windows\System\lesvNpr.exe
  C:\Windows\System\lesvNpr.exe
  2⤵
  PID:6064
- C:\Windows\System\QBixVVz.exe
  C:\Windows\System\QBixVVz.exe
  2⤵
  PID:6084
- C:\Windows\System\jXqiYBk.exe
  C:\Windows\System\jXqiYBk.exe
  2⤵
  PID:6104
- C:\Windows\System\tIsieKX.exe
  C:\Windows\System\tIsieKX.exe
  2⤵
  PID:6124
- C:\Windows\System\oDTYQLe.exe
  C:\Windows\System\oDTYQLe.exe
  2⤵
  PID:4196
- C:\Windows\System\XgYZxTl.exe
  C:\Windows\System\XgYZxTl.exe
  2⤵
  PID:4364
- C:\Windows\System\IOAyufz.exe
  C:\Windows\System\IOAyufz.exe
  2⤵
  PID:792
- C:\Windows\System\dtLxSce.exe
  C:\Windows\System\dtLxSce.exe
  2⤵
  PID:4804
- C:\Windows\System\JFkxjGL.exe
  C:\Windows\System\JFkxjGL.exe
  2⤵
  PID:4844
- C:\Windows\System\BjsoowL.exe
  C:\Windows\System\BjsoowL.exe
  2⤵
  PID:4916
- C:\Windows\System\FsyGiVX.exe
  C:\Windows\System\FsyGiVX.exe
  2⤵
  PID:5080
- C:\Windows\System\GYAHifB.exe
  C:\Windows\System\GYAHifB.exe
  2⤵
  PID:3224
- C:\Windows\System\AmZLrVx.exe
  C:\Windows\System\AmZLrVx.exe
  2⤵
  PID:5156
- C:\Windows\System\cNUMBdJ.exe
  C:\Windows\System\cNUMBdJ.exe
  2⤵
  PID:5228
- C:\Windows\System\RdIFvyk.exe
  C:\Windows\System\RdIFvyk.exe
  2⤵
  PID:5200
- C:\Windows\System\RyGLeyf.exe
  C:\Windows\System\RyGLeyf.exe
  2⤵
  PID:5248
- C:\Windows\System\lFqLFFJ.exe
  C:\Windows\System\lFqLFFJ.exe
  2⤵
  PID:5284
- C:\Windows\System\CFDFfRv.exe
  C:\Windows\System\CFDFfRv.exe
  2⤵
  PID:5340
- C:\Windows\System\pFkkJrz.exe
  C:\Windows\System\pFkkJrz.exe
  2⤵
  PID:5324
- C:\Windows\System\xiStuhU.exe
  C:\Windows\System\xiStuhU.exe
  2⤵
  PID:5424
- C:\Windows\System\CoPCwWZ.exe
  C:\Windows\System\CoPCwWZ.exe
  2⤵
  PID:5456
- C:\Windows\System\vDsiqMY.exe
  C:\Windows\System\vDsiqMY.exe
  2⤵
  PID:5444
- C:\Windows\System\ZPeBXPE.exe
  C:\Windows\System\ZPeBXPE.exe
  2⤵
  PID:5504
- C:\Windows\System\gnvAwJZ.exe
  C:\Windows\System\gnvAwJZ.exe
  2⤵
  PID:5528
- C:\Windows\System\dMlcOMk.exe
  C:\Windows\System\dMlcOMk.exe
  2⤵
  PID:5592
- C:\Windows\System\SHfpylF.exe
  C:\Windows\System\SHfpylF.exe
  2⤵
  PID:5640
- C:\Windows\System\mDjHEhm.exe
  C:\Windows\System\mDjHEhm.exe
  2⤵
  PID:5652
- C:\Windows\System\stLHgKm.exe
  C:\Windows\System\stLHgKm.exe
  2⤵
  PID:5676
- C:\Windows\System\UvWdhMy.exe
  C:\Windows\System\UvWdhMy.exe
  2⤵
  PID:5716
- C:\Windows\System\VVJLsbJ.exe
  C:\Windows\System\VVJLsbJ.exe
  2⤵
  PID:5760
- C:\Windows\System\ulnabwP.exe
  C:\Windows\System\ulnabwP.exe
  2⤵
  PID:5792
- C:\Windows\System\fLMxyqW.exe
  C:\Windows\System\fLMxyqW.exe
  2⤵
  PID:5812
- C:\Windows\System\wYbsiAM.exe
  C:\Windows\System\wYbsiAM.exe
  2⤵
  PID:5836
- C:\Windows\System\gsVTwFZ.exe
  C:\Windows\System\gsVTwFZ.exe
  2⤵
  PID:5880
- C:\Windows\System\wOlMDAH.exe
  C:\Windows\System\wOlMDAH.exe
  2⤵
  PID:5892
- C:\Windows\System\feNAMvb.exe
  C:\Windows\System\feNAMvb.exe
  2⤵
  PID:5916
- C:\Windows\System\JZDtWHy.exe
  C:\Windows\System\JZDtWHy.exe
  2⤵
  PID:5952
- C:\Windows\System\TvnsYJz.exe
  C:\Windows\System\TvnsYJz.exe
  2⤵
  PID:6000
- C:\Windows\System\EDHXYMi.exe
  C:\Windows\System\EDHXYMi.exe
  2⤵
  PID:6012
- C:\Windows\System\pGcPeVs.exe
  C:\Windows\System\pGcPeVs.exe
  2⤵
  PID:6016
- C:\Windows\System\tYCambw.exe
  C:\Windows\System\tYCambw.exe
  2⤵
  PID:6080
- C:\Windows\System\XKpfuiS.exe
  C:\Windows\System\XKpfuiS.exe
  2⤵
  PID:6112
- C:\Windows\System\oSNZGUf.exe
  C:\Windows\System\oSNZGUf.exe
  2⤵
  PID:2676
- C:\Windows\System\RPetiwd.exe
  C:\Windows\System\RPetiwd.exe
  2⤵
  PID:4704
- C:\Windows\System\rqWQhSE.exe
  C:\Windows\System\rqWQhSE.exe
  2⤵
  PID:6100
- C:\Windows\System\uzDuOpc.exe
  C:\Windows\System\uzDuOpc.exe
  2⤵
  PID:4200
- C:\Windows\System\oMdIuMb.exe
  C:\Windows\System\oMdIuMb.exe
  2⤵
  PID:1800
- C:\Windows\System\RDuPlMl.exe
  C:\Windows\System\RDuPlMl.exe
  2⤵
  PID:4420
- C:\Windows\System\kfzxOCK.exe
  C:\Windows\System\kfzxOCK.exe
  2⤵
  PID:5136
- C:\Windows\System\rhCpBki.exe
  C:\Windows\System\rhCpBki.exe
  2⤵
  PID:5172
- C:\Windows\System\gsRXsJR.exe
  C:\Windows\System\gsRXsJR.exe
  2⤵
  PID:5260
- C:\Windows\System\HbyJIvB.exe
  C:\Windows\System\HbyJIvB.exe
  2⤵
  PID:5280
- C:\Windows\System\RsEOwCj.exe
  C:\Windows\System\RsEOwCj.exe
  2⤵
  PID:5368
- C:\Windows\System\OAHMMEf.exe
  C:\Windows\System\OAHMMEf.exe
  2⤵
  PID:5384
- C:\Windows\System\LaqLaBJ.exe
  C:\Windows\System\LaqLaBJ.exe
  2⤵
  PID:5524
- C:\Windows\System\saIVGaE.exe
  C:\Windows\System\saIVGaE.exe
  2⤵
  PID:5484
- C:\Windows\System\uBwAwRp.exe
  C:\Windows\System\uBwAwRp.exe
  2⤵
  PID:1248
- C:\Windows\System\oPfdLHE.exe
  C:\Windows\System\oPfdLHE.exe
  2⤵
  PID:2152
- C:\Windows\System\BfbHDUM.exe
  C:\Windows\System\BfbHDUM.exe
  2⤵
  PID:5612
- C:\Windows\System\dPHHjMG.exe
  C:\Windows\System\dPHHjMG.exe
  2⤵
  PID:5636
- C:\Windows\System\wIFKSXF.exe
  C:\Windows\System\wIFKSXF.exe
  2⤵
  PID:1092
- C:\Windows\System\HpyUWLz.exe
  C:\Windows\System\HpyUWLz.exe
  2⤵
  PID:5712
- C:\Windows\System\DpBFTKN.exe
  C:\Windows\System\DpBFTKN.exe
  2⤵
  PID:2600
- C:\Windows\System\rhhOQMl.exe
  C:\Windows\System\rhhOQMl.exe
  2⤵
  PID:5816
- C:\Windows\System\LSEBLHv.exe
  C:\Windows\System\LSEBLHv.exe
  2⤵
  PID:5840
- C:\Windows\System\zPFlUNk.exe
  C:\Windows\System\zPFlUNk.exe
  2⤵
  PID:5956
- C:\Windows\System\FnFZsNt.exe
  C:\Windows\System\FnFZsNt.exe
  2⤵
  PID:5940
- C:\Windows\System\ijenWIy.exe
  C:\Windows\System\ijenWIy.exe
  2⤵
  PID:2960
- C:\Windows\System\KBFjWUd.exe
  C:\Windows\System\KBFjWUd.exe
  2⤵
  PID:6052
- C:\Windows\System\INlEEsz.exe
  C:\Windows\System\INlEEsz.exe
  2⤵
  PID:1688
- C:\Windows\System\sqhaGPi.exe
  C:\Windows\System\sqhaGPi.exe
  2⤵
  PID:1524
- C:\Windows\System\pJylvdh.exe
  C:\Windows\System\pJylvdh.exe
  2⤵
  PID:6132
- C:\Windows\System\KzysLvj.exe
  C:\Windows\System\KzysLvj.exe
  2⤵
  PID:6136
- C:\Windows\System\KnGStbs.exe
  C:\Windows\System\KnGStbs.exe
  2⤵
  PID:5132
- C:\Windows\System\fXLMtfM.exe
  C:\Windows\System\fXLMtfM.exe
  2⤵
  PID:3228
- C:\Windows\System\eeaUgJZ.exe
  C:\Windows\System\eeaUgJZ.exe
  2⤵
  PID:5148
- C:\Windows\System\ReEXEam.exe
  C:\Windows\System\ReEXEam.exe
  2⤵
  PID:5308
- C:\Windows\System\EgcJTQQ.exe
  C:\Windows\System\EgcJTQQ.exe
  2⤵
  PID:5344
- C:\Windows\System\gKqLNik.exe
  C:\Windows\System\gKqLNik.exe
  2⤵
  PID:5404
- C:\Windows\System\KfBPKCb.exe
  C:\Windows\System\KfBPKCb.exe
  2⤵
  PID:1500
- C:\Windows\System\fUNOlCq.exe
  C:\Windows\System\fUNOlCq.exe
  2⤵
  PID:5420
- C:\Windows\System\gvHRjcf.exe
  C:\Windows\System\gvHRjcf.exe
  2⤵
  PID:5552
- C:\Windows\System\AEVjLzZ.exe
  C:\Windows\System\AEVjLzZ.exe
  2⤵
  PID:796
- C:\Windows\System\YZULALP.exe
  C:\Windows\System\YZULALP.exe
  2⤵
  PID:2660
- C:\Windows\System\SypBngE.exe
  C:\Windows\System\SypBngE.exe
  2⤵
  PID:5756
- C:\Windows\System\ATflbmb.exe
  C:\Windows\System\ATflbmb.exe
  2⤵
  PID:5860
- C:\Windows\System\rarqarp.exe
  C:\Windows\System\rarqarp.exe
  2⤵
  PID:5920
- C:\Windows\System\lGJkXlh.exe
  C:\Windows\System\lGJkXlh.exe
  2⤵
  PID:5996
- C:\Windows\System\aIJqYoY.exe
  C:\Windows\System\aIJqYoY.exe
  2⤵
  PID:5980
- C:\Windows\System\dlAeOCI.exe
  C:\Windows\System\dlAeOCI.exe
  2⤵
  PID:5932
- C:\Windows\System\FHwKjQZ.exe
  C:\Windows\System\FHwKjQZ.exe
  2⤵
  PID:6092
- C:\Windows\System\MDnCNtg.exe
  C:\Windows\System\MDnCNtg.exe
  2⤵
  PID:2216
- C:\Windows\System\XyYhawG.exe
  C:\Windows\System\XyYhawG.exe
  2⤵
  PID:5336
- C:\Windows\System\ZzbbkEc.exe
  C:\Windows\System\ZzbbkEc.exe
  2⤵
  PID:5532
- C:\Windows\System\YplFyZP.exe
  C:\Windows\System\YplFyZP.exe
  2⤵
  PID:5800
- C:\Windows\System\ZliejXo.exe
  C:\Windows\System\ZliejXo.exe
  2⤵
  PID:2616
- C:\Windows\System\UgGVLSo.exe
  C:\Windows\System\UgGVLSo.exe
  2⤵
  PID:5244
- C:\Windows\System\tyrsydN.exe
  C:\Windows\System\tyrsydN.exe
  2⤵
  PID:1532
- C:\Windows\System\ZKumWxP.exe
  C:\Windows\System\ZKumWxP.exe
  2⤵
  PID:5320
- C:\Windows\System\PDmNNvD.exe
  C:\Windows\System\PDmNNvD.exe
  2⤵
  PID:5656
- C:\Windows\System\GtwPMXq.exe
  C:\Windows\System\GtwPMXq.exe
  2⤵
  PID:5896
- C:\Windows\System\KYLCXsy.exe
  C:\Windows\System\KYLCXsy.exe
  2⤵
  PID:676
- C:\Windows\System\xSypaRP.exe
  C:\Windows\System\xSypaRP.exe
  2⤵
  PID:1152
- C:\Windows\System\YimaWze.exe
  C:\Windows\System\YimaWze.exe
  2⤵
  PID:5872
- C:\Windows\System\jVZOUzW.exe
  C:\Windows\System\jVZOUzW.exe
  2⤵
  PID:5992
- C:\Windows\System\kLHlAYs.exe
  C:\Windows\System\kLHlAYs.exe
  2⤵
  PID:5976
- C:\Windows\System\LMkgWGC.exe
  C:\Windows\System\LMkgWGC.exe
  2⤵
  PID:6172
- C:\Windows\System\ixubruB.exe
  C:\Windows\System\ixubruB.exe
  2⤵
  PID:6188
- C:\Windows\System\ypKuADw.exe
  C:\Windows\System\ypKuADw.exe
  2⤵
  PID:6204
- C:\Windows\System\LNMcCrt.exe
  C:\Windows\System\LNMcCrt.exe
  2⤵
  PID:6228
- C:\Windows\System\ePCOhvs.exe
  C:\Windows\System\ePCOhvs.exe
  2⤵
  PID:6244
- C:\Windows\System\TvTvrff.exe
  C:\Windows\System\TvTvrff.exe
  2⤵
  PID:6268
- C:\Windows\System\VTNyGsj.exe
  C:\Windows\System\VTNyGsj.exe
  2⤵
  PID:6288
- C:\Windows\System\quXnrDd.exe
  C:\Windows\System\quXnrDd.exe
  2⤵
  PID:6308
- C:\Windows\System\ZLpZOae.exe
  C:\Windows\System\ZLpZOae.exe
  2⤵
  PID:6328
- C:\Windows\System\WwtzmvZ.exe
  C:\Windows\System\WwtzmvZ.exe
  2⤵
  PID:6344
- C:\Windows\System\FXmBPSH.exe
  C:\Windows\System\FXmBPSH.exe
  2⤵
  PID:6360
- C:\Windows\System\ZwpaFmT.exe
  C:\Windows\System\ZwpaFmT.exe
  2⤵
  PID:6376
- C:\Windows\System\NwsZEdh.exe
  C:\Windows\System\NwsZEdh.exe
  2⤵
  PID:6392
- C:\Windows\System\jWdshco.exe
  C:\Windows\System\jWdshco.exe
  2⤵
  PID:6436
- C:\Windows\System\kQmjsRP.exe
  C:\Windows\System\kQmjsRP.exe
  2⤵
  PID:6452
- C:\Windows\System\OHwiXrE.exe
  C:\Windows\System\OHwiXrE.exe
  2⤵
  PID:6468
- C:\Windows\System\JZZDXuW.exe
  C:\Windows\System\JZZDXuW.exe
  2⤵
  PID:6484
- C:\Windows\System\DVJPaoa.exe
  C:\Windows\System\DVJPaoa.exe
  2⤵
  PID:6504
- C:\Windows\System\UdivVIQ.exe
  C:\Windows\System\UdivVIQ.exe
  2⤵
  PID:6528
- C:\Windows\System\AJlgPXA.exe
  C:\Windows\System\AJlgPXA.exe
  2⤵
  PID:6548
- C:\Windows\System\BnEvXAy.exe
  C:\Windows\System\BnEvXAy.exe
  2⤵
  PID:6564
- C:\Windows\System\CBxISPZ.exe
  C:\Windows\System\CBxISPZ.exe
  2⤵
  PID:6580
- C:\Windows\System\fvftPDP.exe
  C:\Windows\System\fvftPDP.exe
  2⤵
  PID:6600
- C:\Windows\System\yZNNhFa.exe
  C:\Windows\System\yZNNhFa.exe
  2⤵
  PID:6616
- C:\Windows\System\JPleCPm.exe
  C:\Windows\System\JPleCPm.exe
  2⤵
  PID:6632
- C:\Windows\System\iBLgHaz.exe
  C:\Windows\System\iBLgHaz.exe
  2⤵
  PID:6652
- C:\Windows\System\iqWRsbz.exe
  C:\Windows\System\iqWRsbz.exe
  2⤵
  PID:6668
- C:\Windows\System\tTsVJdK.exe
  C:\Windows\System\tTsVJdK.exe
  2⤵
  PID:6692
- C:\Windows\System\XIajqxi.exe
  C:\Windows\System\XIajqxi.exe
  2⤵
  PID:6716
- C:\Windows\System\fGciuMc.exe
  C:\Windows\System\fGciuMc.exe
  2⤵
  PID:6732
- C:\Windows\System\ZJDEDHv.exe
  C:\Windows\System\ZJDEDHv.exe
  2⤵
  PID:6748
- C:\Windows\System\TKRIHrL.exe
  C:\Windows\System\TKRIHrL.exe
  2⤵
  PID:6764
- C:\Windows\System\HkXgikx.exe
  C:\Windows\System\HkXgikx.exe
  2⤵
  PID:6780
- C:\Windows\System\tbQYMMg.exe
  C:\Windows\System\tbQYMMg.exe
  2⤵
  PID:6796
- C:\Windows\System\VQOWNMd.exe
  C:\Windows\System\VQOWNMd.exe
  2⤵
  PID:6812
- C:\Windows\System\qxDDUCr.exe
  C:\Windows\System\qxDDUCr.exe
  2⤵
  PID:6828
- C:\Windows\System\COHFRKH.exe
  C:\Windows\System\COHFRKH.exe
  2⤵
  PID:6844
- C:\Windows\System\hZjEikL.exe
  C:\Windows\System\hZjEikL.exe
  2⤵
  PID:6860
- C:\Windows\System\ScKmtxw.exe
  C:\Windows\System\ScKmtxw.exe
  2⤵
  PID:6936
- C:\Windows\System\MvGMXIk.exe
  C:\Windows\System\MvGMXIk.exe
  2⤵
  PID:6952
- C:\Windows\System\AzMQolC.exe
  C:\Windows\System\AzMQolC.exe
  2⤵
  PID:6968
- C:\Windows\System\XTLlCJb.exe
  C:\Windows\System\XTLlCJb.exe
  2⤵
  PID:6988
- C:\Windows\System\yrIAvrJ.exe
  C:\Windows\System\yrIAvrJ.exe
  2⤵
  PID:7008
- C:\Windows\System\JkdKYeC.exe
  C:\Windows\System\JkdKYeC.exe
  2⤵
  PID:7032
- C:\Windows\System\TzzSjjp.exe
  C:\Windows\System\TzzSjjp.exe
  2⤵
  PID:7048
- C:\Windows\System\fiFOyXd.exe
  C:\Windows\System\fiFOyXd.exe
  2⤵
  PID:7064
- C:\Windows\System\sFrulbg.exe
  C:\Windows\System\sFrulbg.exe
  2⤵
  PID:7080
- C:\Windows\System\ytqLbJl.exe
  C:\Windows\System\ytqLbJl.exe
  2⤵
  PID:7104
- C:\Windows\System\usrzAOx.exe
  C:\Windows\System\usrzAOx.exe
  2⤵
  PID:7120
- C:\Windows\System\mVvQfJH.exe
  C:\Windows\System\mVvQfJH.exe
  2⤵
  PID:7136
- C:\Windows\System\FmOYQhz.exe
  C:\Windows\System\FmOYQhz.exe
  2⤵
  PID:7152
- C:\Windows\System\qdjsfYr.exe
  C:\Windows\System\qdjsfYr.exe
  2⤵
  PID:5220
- C:\Windows\System\xNssHll.exe
  C:\Windows\System\xNssHll.exe
  2⤵
  PID:3000
- C:\Windows\System\BvHtiae.exe
  C:\Windows\System\BvHtiae.exe
  2⤵
  PID:5460
- C:\Windows\System\GGvPkYp.exe
  C:\Windows\System\GGvPkYp.exe
  2⤵
  PID:5732
- C:\Windows\System\ODgmFBv.exe
  C:\Windows\System\ODgmFBv.exe
  2⤵
  PID:2116
- C:\Windows\System\TieNoJk.exe
  C:\Windows\System\TieNoJk.exe
  2⤵
  PID:6156
- C:\Windows\System\GKomSLW.exe
  C:\Windows\System\GKomSLW.exe
  2⤵
  PID:6116
- C:\Windows\System\qHOgvoE.exe
  C:\Windows\System\qHOgvoE.exe
  2⤵
  PID:6216
- C:\Windows\System\FiJxQWU.exe
  C:\Windows\System\FiJxQWU.exe
  2⤵
  PID:6196
- C:\Windows\System\VcNHxSL.exe
  C:\Windows\System\VcNHxSL.exe
  2⤵
  PID:6264
- C:\Windows\System\FfvaFrh.exe
  C:\Windows\System\FfvaFrh.exe
  2⤵
  PID:6316
- C:\Windows\System\PyXDhjw.exe
  C:\Windows\System\PyXDhjw.exe
  2⤵
  PID:6384
- C:\Windows\System\EYCbyud.exe
  C:\Windows\System\EYCbyud.exe
  2⤵
  PID:6368
- C:\Windows\System\znRElqV.exe
  C:\Windows\System\znRElqV.exe
  2⤵
  PID:6404
- C:\Windows\System\LRqtZKP.exe
  C:\Windows\System\LRqtZKP.exe
  2⤵
  PID:6444
- C:\Windows\System\PKDjkNS.exe
  C:\Windows\System\PKDjkNS.exe
  2⤵
  PID:6520
- C:\Windows\System\BkQmdcO.exe
  C:\Windows\System\BkQmdcO.exe
  2⤵
  PID:6644
- C:\Windows\System\EjcEFpE.exe
  C:\Windows\System\EjcEFpE.exe
  2⤵
  PID:6684
- C:\Windows\System\aXtSMNd.exe
  C:\Windows\System\aXtSMNd.exe
  2⤵
  PID:6588
- C:\Windows\System\DTwpVlw.exe
  C:\Windows\System\DTwpVlw.exe
  2⤵
  PID:6788
- C:\Windows\System\ARkJHeh.exe
  C:\Windows\System\ARkJHeh.exe
  2⤵
  PID:6856
- C:\Windows\System\cjTVHVE.exe
  C:\Windows\System\cjTVHVE.exe
  2⤵
  PID:6804
- C:\Windows\System\gLbFtkn.exe
  C:\Windows\System\gLbFtkn.exe
  2⤵
  PID:6880
- C:\Windows\System\glZrUPx.exe
  C:\Windows\System\glZrUPx.exe
  2⤵
  PID:6920
- C:\Windows\System\pxumxUy.exe
  C:\Windows\System\pxumxUy.exe
  2⤵
  PID:6704
- C:\Windows\System\nBTPzWv.exe
  C:\Windows\System\nBTPzWv.exe
  2⤵
  PID:6744
- C:\Windows\System\vKQZGEo.exe
  C:\Windows\System\vKQZGEo.exe
  2⤵
  PID:6840
- C:\Windows\System\afpXXXl.exe
  C:\Windows\System\afpXXXl.exe
  2⤵
  PID:6900
- C:\Windows\System\rxmqRHW.exe
  C:\Windows\System\rxmqRHW.exe
  2⤵
  PID:6924
- C:\Windows\System\ijxNKPz.exe
  C:\Windows\System\ijxNKPz.exe
  2⤵
  PID:7056
- C:\Windows\System\bezbLAt.exe
  C:\Windows\System\bezbLAt.exe
  2⤵
  PID:6996
- C:\Windows\System\HBCJJFV.exe
  C:\Windows\System\HBCJJFV.exe
  2⤵
  PID:7128
- C:\Windows\System\tKyvcrt.exe
  C:\Windows\System\tKyvcrt.exe
  2⤵
  PID:4356
- C:\Windows\System\ebGutXV.exe
  C:\Windows\System\ebGutXV.exe
  2⤵
  PID:6960
- C:\Windows\System\eavgPCa.exe
  C:\Windows\System\eavgPCa.exe
  2⤵
  PID:6180
- C:\Windows\System\HEbnHxs.exe
  C:\Windows\System\HEbnHxs.exe
  2⤵
  PID:3648
- C:\Windows\System\YJMkGiY.exe
  C:\Windows\System\YJMkGiY.exe
  2⤵
  PID:2312
- C:\Windows\System\RTEMYBz.exe
  C:\Windows\System\RTEMYBz.exe
  2⤵
  PID:6236
- C:\Windows\System\xaZAOob.exe
  C:\Windows\System\xaZAOob.exe
  2⤵
  PID:6408
- C:\Windows\System\SisyUCO.exe
  C:\Windows\System\SisyUCO.exe
  2⤵
  PID:6492
- C:\Windows\System\DBFrGsM.exe
  C:\Windows\System\DBFrGsM.exe
  2⤵
  PID:7116
- C:\Windows\System\oKLKcWx.exe
  C:\Windows\System\oKLKcWx.exe
  2⤵
  PID:7044
- C:\Windows\System\SbXJVhH.exe
  C:\Windows\System\SbXJVhH.exe
  2⤵
  PID:6352
- C:\Windows\System\JFiSNaH.exe
  C:\Windows\System\JFiSNaH.exe
  2⤵
  PID:6424
- C:\Windows\System\rwDiCkZ.exe
  C:\Windows\System\rwDiCkZ.exe
  2⤵
  PID:6516
- C:\Windows\System\bRtdPAu.exe
  C:\Windows\System\bRtdPAu.exe
  2⤵
  PID:6576
- C:\Windows\System\XGqbUvR.exe
  C:\Windows\System\XGqbUvR.exe
  2⤵
  PID:6524
- C:\Windows\System\sQQysyr.exe
  C:\Windows\System\sQQysyr.exe
  2⤵
  PID:6556
- C:\Windows\System\tegylmu.exe
  C:\Windows\System\tegylmu.exe
  2⤵
  PID:6700
- C:\Windows\System\UEpWBsA.exe
  C:\Windows\System\UEpWBsA.exe
  2⤵
  PID:6836
- C:\Windows\System\wICDZRT.exe
  C:\Windows\System\wICDZRT.exe
  2⤵
  PID:6596
- C:\Windows\System\vQBUUcl.exe
  C:\Windows\System\vQBUUcl.exe
  2⤵
  PID:6740
- C:\Windows\System\khlMJPA.exe
  C:\Windows\System\khlMJPA.exe
  2⤵
  PID:7020
- C:\Windows\System\JDSfdSU.exe
  C:\Windows\System\JDSfdSU.exe
  2⤵
  PID:6884
- C:\Windows\System\xnWWGoy.exe
  C:\Windows\System\xnWWGoy.exe
  2⤵
  PID:7092
- C:\Windows\System\QKqrMik.exe
  C:\Windows\System\QKqrMik.exe
  2⤵
  PID:5936
- C:\Windows\System\sJdJMwW.exe
  C:\Windows\System\sJdJMwW.exe
  2⤵
  PID:6296
- C:\Windows\System\jjENtdm.exe
  C:\Windows\System\jjENtdm.exe
  2⤵
  PID:7040
- C:\Windows\System\eWTxbxJ.exe
  C:\Windows\System\eWTxbxJ.exe
  2⤵
  PID:7096
- C:\Windows\System\buffxsB.exe
  C:\Windows\System\buffxsB.exe
  2⤵
  PID:6464
- C:\Windows\System\vxEYNPQ.exe
  C:\Windows\System\vxEYNPQ.exe
  2⤵
  PID:6400
- C:\Windows\System\EdwCBPU.exe
  C:\Windows\System\EdwCBPU.exe
  2⤵
  PID:5720
- C:\Windows\System\QEjdGSA.exe
  C:\Windows\System\QEjdGSA.exe
  2⤵
  PID:6932
- C:\Windows\System\qONkvfr.exe
  C:\Windows\System\qONkvfr.exe
  2⤵
  PID:6756
- C:\Windows\System\wUlXeXy.exe
  C:\Windows\System\wUlXeXy.exe
  2⤵
  PID:6628
- C:\Windows\System\aizKdfC.exe
  C:\Windows\System\aizKdfC.exe
  2⤵
  PID:6896
- C:\Windows\System\ueyJdAk.exe
  C:\Windows\System\ueyJdAk.exe
  2⤵
  PID:6060
- C:\Windows\System\JLaAzUp.exe
  C:\Windows\System\JLaAzUp.exe
  2⤵
  PID:6324
- C:\Windows\System\ZaZzdvT.exe
  C:\Windows\System\ZaZzdvT.exe
  2⤵
  PID:7160
- C:\Windows\System\yLYCKjV.exe
  C:\Windows\System\yLYCKjV.exe
  2⤵
  PID:6496
- C:\Windows\System\xYamxQS.exe
  C:\Windows\System\xYamxQS.exe
  2⤵
  PID:6712
- C:\Windows\System\ZcEGYZZ.exe
  C:\Windows\System\ZcEGYZZ.exe
  2⤵
  PID:6640
- C:\Windows\System\SoleMmm.exe
  C:\Windows\System\SoleMmm.exe
  2⤵
  PID:6984
- C:\Windows\System\MdYUtNx.exe
  C:\Windows\System\MdYUtNx.exe
  2⤵
  PID:6152
- C:\Windows\System\GdBUrus.exe
  C:\Windows\System\GdBUrus.exe
  2⤵
  PID:6612
- C:\Windows\System\zTXSRdz.exe
  C:\Windows\System\zTXSRdz.exe
  2⤵
  PID:5572
- C:\Windows\System\grZsGdY.exe
  C:\Windows\System\grZsGdY.exe
  2⤵
  PID:6904
- C:\Windows\System\EyvCItY.exe
  C:\Windows\System\EyvCItY.exe
  2⤵
  PID:6420
- C:\Windows\System\HLOTkVD.exe
  C:\Windows\System\HLOTkVD.exe
  2⤵
  PID:6572
- C:\Windows\System\IizxdYv.exe
  C:\Windows\System\IizxdYv.exe
  2⤵
  PID:6512
- C:\Windows\System\pjKPjzA.exe
  C:\Windows\System\pjKPjzA.exe
  2⤵
  PID:6964
- C:\Windows\System\NHChSFK.exe
  C:\Windows\System\NHChSFK.exe
  2⤵
  PID:6728
- C:\Windows\System\KYqZkdD.exe
  C:\Windows\System\KYqZkdD.exe
  2⤵
  PID:6688
- C:\Windows\System\ykaCkVu.exe
  C:\Windows\System\ykaCkVu.exe
  2⤵
  PID:6476
- C:\Windows\System\pPCebHo.exe
  C:\Windows\System\pPCebHo.exe
  2⤵
  PID:6852
- C:\Windows\System\TzUGzru.exe
  C:\Windows\System\TzUGzru.exe
  2⤵
  PID:7172
- C:\Windows\System\dkyGBlL.exe
  C:\Windows\System\dkyGBlL.exe
  2⤵
  PID:7196
- C:\Windows\System\yKMGtMp.exe
  C:\Windows\System\yKMGtMp.exe
  2⤵
  PID:7216
- C:\Windows\System\KfdgcYt.exe
  C:\Windows\System\KfdgcYt.exe
  2⤵
  PID:7240
- C:\Windows\System\BISMMjg.exe
  C:\Windows\System\BISMMjg.exe
  2⤵
  PID:7260
- C:\Windows\System\pbdbHKI.exe
  C:\Windows\System\pbdbHKI.exe
  2⤵
  PID:7280
- C:\Windows\System\yHWqtbP.exe
  C:\Windows\System\yHWqtbP.exe
  2⤵
  PID:7304
- C:\Windows\System\PVQvsgS.exe
  C:\Windows\System\PVQvsgS.exe
  2⤵
  PID:7320
- C:\Windows\System\onzpYPM.exe
  C:\Windows\System\onzpYPM.exe
  2⤵
  PID:7344
- C:\Windows\System\upVuslB.exe
  C:\Windows\System\upVuslB.exe
  2⤵
  PID:7360
- C:\Windows\System\SIPKHDY.exe
  C:\Windows\System\SIPKHDY.exe
  2⤵
  PID:7388
- C:\Windows\System\QvtnopG.exe
  C:\Windows\System\QvtnopG.exe
  2⤵
  PID:7408
- C:\Windows\System\xOhsfbv.exe
  C:\Windows\System\xOhsfbv.exe
  2⤵
  PID:7424
- C:\Windows\System\YTbprLS.exe
  C:\Windows\System\YTbprLS.exe
  2⤵
  PID:7448
- C:\Windows\System\sGxyOzM.exe
  C:\Windows\System\sGxyOzM.exe
  2⤵
  PID:7464
- C:\Windows\System\RToLpXb.exe
  C:\Windows\System\RToLpXb.exe
  2⤵
  PID:7484
- C:\Windows\System\ThRsJsU.exe
  C:\Windows\System\ThRsJsU.exe
  2⤵
  PID:7504
- C:\Windows\System\XpbolMc.exe
  C:\Windows\System\XpbolMc.exe
  2⤵
  PID:7520
- C:\Windows\System\poabtdU.exe
  C:\Windows\System\poabtdU.exe
  2⤵
  PID:7540
- C:\Windows\System\ngArKuz.exe
  C:\Windows\System\ngArKuz.exe
  2⤵
  PID:7556
- C:\Windows\System\FNoRCVG.exe
  C:\Windows\System\FNoRCVG.exe
  2⤵
  PID:7572
- C:\Windows\System\dhpCbVq.exe
  C:\Windows\System\dhpCbVq.exe
  2⤵
  PID:7592
- C:\Windows\System\lZTKDPP.exe
  C:\Windows\System\lZTKDPP.exe
  2⤵
  PID:7608
- C:\Windows\System\qEuLKpR.exe
  C:\Windows\System\qEuLKpR.exe
  2⤵
  PID:7624
- C:\Windows\System\RCpgrmP.exe
  C:\Windows\System\RCpgrmP.exe
  2⤵
  PID:7640
- C:\Windows\System\RsAviUQ.exe
  C:\Windows\System\RsAviUQ.exe
  2⤵
  PID:7660
- C:\Windows\System\zgfQIVm.exe
  C:\Windows\System\zgfQIVm.exe
  2⤵
  PID:7680
- C:\Windows\System\FLiUwdu.exe
  C:\Windows\System\FLiUwdu.exe
  2⤵
  PID:7700
- C:\Windows\System\sZLLLaz.exe
  C:\Windows\System\sZLLLaz.exe
  2⤵
  PID:7720
- C:\Windows\System\VnUwbxk.exe
  C:\Windows\System\VnUwbxk.exe
  2⤵
  PID:7736
- C:\Windows\System\heOrpFP.exe
  C:\Windows\System\heOrpFP.exe
  2⤵
  PID:7752
- C:\Windows\System\jDBOsse.exe
  C:\Windows\System\jDBOsse.exe
  2⤵
  PID:7768
- C:\Windows\System\vzJvFFe.exe
  C:\Windows\System\vzJvFFe.exe
  2⤵
  PID:7792
- C:\Windows\System\uORLKTv.exe
  C:\Windows\System\uORLKTv.exe
  2⤵
  PID:7824
- C:\Windows\System\qQBdrOl.exe
  C:\Windows\System\qQBdrOl.exe
  2⤵
  PID:7844
- C:\Windows\System\wHuNWeh.exe
  C:\Windows\System\wHuNWeh.exe
  2⤵
  PID:7880
- C:\Windows\System\hlxIoCJ.exe
  C:\Windows\System\hlxIoCJ.exe
  2⤵
  PID:7904
- C:\Windows\System\eHnWYYd.exe
  C:\Windows\System\eHnWYYd.exe
  2⤵
  PID:7920
- C:\Windows\System\XAaidgZ.exe
  C:\Windows\System\XAaidgZ.exe
  2⤵
  PID:7940
- C:\Windows\System\vXdcFPR.exe
  C:\Windows\System\vXdcFPR.exe
  2⤵
  PID:7956
- C:\Windows\System\jWTWxOf.exe
  C:\Windows\System\jWTWxOf.exe
  2⤵
  PID:7972
- C:\Windows\System\FDPKibU.exe
  C:\Windows\System\FDPKibU.exe
  2⤵
  PID:8004
- C:\Windows\System\ywnGLld.exe
  C:\Windows\System\ywnGLld.exe
  2⤵
  PID:8020
- C:\Windows\System\LsREzMF.exe
  C:\Windows\System\LsREzMF.exe
  2⤵
  PID:8036
- C:\Windows\System\dDpcbJU.exe
  C:\Windows\System\dDpcbJU.exe
  2⤵
  PID:8052
- C:\Windows\System\Uxcfesa.exe
  C:\Windows\System\Uxcfesa.exe
  2⤵
  PID:8080
- C:\Windows\System\FSoiyau.exe
  C:\Windows\System\FSoiyau.exe
  2⤵
  PID:8100
- C:\Windows\System\zEXMicm.exe
  C:\Windows\System\zEXMicm.exe
  2⤵
  PID:8116
- C:\Windows\System\jkAFKUX.exe
  C:\Windows\System\jkAFKUX.exe
  2⤵
  PID:8132
- C:\Windows\System\HlEaZaN.exe
  C:\Windows\System\HlEaZaN.exe
  2⤵
  PID:8148
- C:\Windows\System\QQFvlzH.exe
  C:\Windows\System\QQFvlzH.exe
  2⤵
  PID:8164
- C:\Windows\System\BfPZwFN.exe
  C:\Windows\System\BfPZwFN.exe
  2⤵
  PID:8180
- C:\Windows\System\jEvxOzB.exe
  C:\Windows\System\jEvxOzB.exe
  2⤵
  PID:7180
- C:\Windows\System\QDODAjz.exe
  C:\Windows\System\QDODAjz.exe
  2⤵
  PID:7224
- C:\Windows\System\UJpuEWV.exe
  C:\Windows\System\UJpuEWV.exe
  2⤵
  PID:7236
- C:\Windows\System\vIPBqZU.exe
  C:\Windows\System\vIPBqZU.exe
  2⤵
  PID:6340
- C:\Windows\System\mOsmlfE.exe
  C:\Windows\System\mOsmlfE.exe
  2⤵
  PID:7272
- C:\Windows\System\FkuwNWt.exe
  C:\Windows\System\FkuwNWt.exe
  2⤵
  PID:7300
- C:\Windows\System\chgFEnF.exe
  C:\Windows\System\chgFEnF.exe
  2⤵
  PID:7328
- C:\Windows\System\RTJJYed.exe
  C:\Windows\System\RTJJYed.exe
  2⤵
  PID:7356
- C:\Windows\System\tRwKkRm.exe
  C:\Windows\System\tRwKkRm.exe
  2⤵
  PID:7380
- C:\Windows\System\MqEXQYd.exe
  C:\Windows\System\MqEXQYd.exe
  2⤵
  PID:7404
- C:\Windows\System\vZygFvH.exe
  C:\Windows\System\vZygFvH.exe
  2⤵
  PID:7436
- C:\Windows\System\RYzGdEx.exe
  C:\Windows\System\RYzGdEx.exe
  2⤵
  PID:7472
- C:\Windows\System\IvuZSIZ.exe
  C:\Windows\System\IvuZSIZ.exe
  2⤵
  PID:7512
- C:\Windows\System\aAdPSHx.exe
  C:\Windows\System\aAdPSHx.exe
  2⤵
  PID:7548
- C:\Windows\System\rVCYkOr.exe
  C:\Windows\System\rVCYkOr.exe
  2⤵
  PID:7672
- C:\Windows\System\BVtLCmp.exe
  C:\Windows\System\BVtLCmp.exe
  2⤵
  PID:7588
- C:\Windows\System\pyKFBpa.exe
  C:\Windows\System\pyKFBpa.exe
  2⤵
  PID:7652
- C:\Windows\System\YUtTIvM.exe
  C:\Windows\System\YUtTIvM.exe
  2⤵
  PID:7696
- C:\Windows\System\fDiZeDK.exe
  C:\Windows\System\fDiZeDK.exe
  2⤵
  PID:7532
- C:\Windows\System\fERDMSU.exe
  C:\Windows\System\fERDMSU.exe
  2⤵
  PID:7776
- C:\Windows\System\MzIeWSl.exe
  C:\Windows\System\MzIeWSl.exe
  2⤵
  PID:7604
- C:\Windows\System\BDPNvbY.exe
  C:\Windows\System\BDPNvbY.exe
  2⤵
  PID:7780
- C:\Windows\System\wVHyiFd.exe
  C:\Windows\System\wVHyiFd.exe
  2⤵
  PID:7800
- C:\Windows\System\kSyIfqM.exe
  C:\Windows\System\kSyIfqM.exe
  2⤵
  PID:7832
- C:\Windows\System\IIUOWHW.exe
  C:\Windows\System\IIUOWHW.exe
  2⤵
  PID:7820
- C:\Windows\System\ONJjODC.exe
  C:\Windows\System\ONJjODC.exe
  2⤵
  PID:7864
- C:\Windows\System\rdijFLx.exe
  C:\Windows\System\rdijFLx.exe
  2⤵
  PID:7948
- C:\Windows\System\hZjlZNk.exe
  C:\Windows\System\hZjlZNk.exe
  2⤵
  PID:7896
- C:\Windows\System\WyMiNnJ.exe
  C:\Windows\System\WyMiNnJ.exe
  2⤵
  PID:6540
- C:\Windows\System\sDhMqwU.exe
  C:\Windows\System\sDhMqwU.exe
  2⤵
  PID:8028
- C:\Windows\System\DFPcTGr.exe
  C:\Windows\System\DFPcTGr.exe
  2⤵
  PID:8060
- C:\Windows\System\MzRkxOB.exe
  C:\Windows\System\MzRkxOB.exe
  2⤵
  PID:8012
- C:\Windows\System\xshYWcp.exe
  C:\Windows\System\xshYWcp.exe
  2⤵
  PID:8144
- C:\Windows\System\WHtswQR.exe
  C:\Windows\System\WHtswQR.exe
  2⤵
  PID:8016
- C:\Windows\System\DNaHkvM.exe
  C:\Windows\System\DNaHkvM.exe
  2⤵
  PID:8088
- C:\Windows\System\RjNvPnf.exe
  C:\Windows\System\RjNvPnf.exe
  2⤵
  PID:8124
- C:\Windows\System\wMrsCrh.exe
  C:\Windows\System\wMrsCrh.exe
  2⤵
  PID:7016
- C:\Windows\System\tMmWlgN.exe
  C:\Windows\System\tMmWlgN.exe
  2⤵
  PID:7208
- C:\Windows\System\IOhztpg.exe
  C:\Windows\System\IOhztpg.exe
  2⤵
  PID:7332
- C:\Windows\System\aKnHbGx.exe
  C:\Windows\System\aKnHbGx.exe
  2⤵
  PID:7276
- C:\Windows\System\ocJERIo.exe
  C:\Windows\System\ocJERIo.exe
  2⤵
  PID:7420
- C:\Windows\System\PbgqMno.exe
  C:\Windows\System\PbgqMno.exe
  2⤵
  PID:1580
- C:\Windows\System\kXxleAQ.exe
  C:\Windows\System\kXxleAQ.exe
  2⤵
  PID:7500
- C:\Windows\System\oXVlcdZ.exe
  C:\Windows\System\oXVlcdZ.exe
  2⤵
  PID:7692
- C:\Windows\System\ewvJDbJ.exe
  C:\Windows\System\ewvJDbJ.exe
  2⤵
  PID:7764
- C:\Windows\System\qLQAILj.exe
  C:\Windows\System\qLQAILj.exe
  2⤵
  PID:7564
- C:\Windows\System\CJIueyY.exe
  C:\Windows\System\CJIueyY.exe
  2⤵
  PID:7632
- C:\Windows\System\haGXEWh.exe
  C:\Windows\System\haGXEWh.exe
  2⤵
  PID:7836
- C:\Windows\System\jKHHAZr.exe
  C:\Windows\System\jKHHAZr.exe
  2⤵
  PID:7872
- C:\Windows\System\jFdhnfd.exe
  C:\Windows\System\jFdhnfd.exe
  2⤵
  PID:7888
- C:\Windows\System\QHKPwLp.exe
  C:\Windows\System\QHKPwLp.exe
  2⤵
  PID:8072
- C:\Windows\System\OnTrlzs.exe
  C:\Windows\System\OnTrlzs.exe
  2⤵
  PID:7912
- C:\Windows\System\rZdgcfn.exe
  C:\Windows\System\rZdgcfn.exe
  2⤵
  PID:7968
- C:\Windows\System\FUrbXhm.exe
  C:\Windows\System\FUrbXhm.exe
  2⤵
  PID:7400
- C:\Windows\System\awaVkgu.exe
  C:\Windows\System\awaVkgu.exe
  2⤵
  PID:8188
- C:\Windows\System\LoAKMsJ.exe
  C:\Windows\System\LoAKMsJ.exe
  2⤵
  PID:7368
- C:\Windows\System\bOsVfzp.exe
  C:\Windows\System\bOsVfzp.exe
  2⤵
  PID:7480
- C:\Windows\System\zZLervh.exe
  C:\Windows\System\zZLervh.exe
  2⤵
  PID:7748
- C:\Windows\System\CgwFHgb.exe
  C:\Windows\System\CgwFHgb.exe
  2⤵
  PID:7984
- C:\Windows\System\JxBUpHm.exe
  C:\Windows\System\JxBUpHm.exe
  2⤵
  PID:8048
- C:\Windows\System\sHeVWEs.exe
  C:\Windows\System\sHeVWEs.exe
  2⤵
  PID:7852
- C:\Windows\System\fYOuGoi.exe
  C:\Windows\System\fYOuGoi.exe
  2⤵
  PID:7988
- C:\Windows\System\pSPDgSc.exe
  C:\Windows\System\pSPDgSc.exe
  2⤵
  PID:8064
- C:\Windows\System\Avzxazw.exe
  C:\Windows\System\Avzxazw.exe
  2⤵
  PID:7268
- C:\Windows\System\sSWSxPz.exe
  C:\Windows\System\sSWSxPz.exe
  2⤵
  PID:7296
- C:\Windows\System\MGVIRAi.exe
  C:\Windows\System\MGVIRAi.exe
  2⤵
  PID:7292
- C:\Windows\System\nIRsaFk.exe
  C:\Windows\System\nIRsaFk.exe
  2⤵
  PID:7744
- C:\Windows\System\QAiiUJD.exe
  C:\Windows\System\QAiiUJD.exe
  2⤵
  PID:7996
- C:\Windows\System\SavvOPz.exe
  C:\Windows\System\SavvOPz.exe
  2⤵
  PID:8176
- C:\Windows\System\DsLkGTt.exe
  C:\Windows\System\DsLkGTt.exe
  2⤵
  PID:7432
- C:\Windows\System\jesejjW.exe
  C:\Windows\System\jesejjW.exe
  2⤵
  PID:8112
- C:\Windows\System\bDnNgGe.exe
  C:\Windows\System\bDnNgGe.exe
  2⤵
  PID:8096
- C:\Windows\System\pKmODGU.exe
  C:\Windows\System\pKmODGU.exe
  2⤵
  PID:8140
- C:\Windows\System\igRyXSI.exe
  C:\Windows\System\igRyXSI.exe
  2⤵
  PID:7256
- C:\Windows\System\osUkGAN.exe
  C:\Windows\System\osUkGAN.exe
  2⤵
  PID:7980
- C:\Windows\System\kfZXbBs.exe
  C:\Windows\System\kfZXbBs.exe
  2⤵
  PID:8204
- C:\Windows\System\RlbSwnD.exe
  C:\Windows\System\RlbSwnD.exe
  2⤵
  PID:8220
- C:\Windows\System\tPEnwxh.exe
  C:\Windows\System\tPEnwxh.exe
  2⤵
  PID:8236
- C:\Windows\System\LvhpApz.exe
  C:\Windows\System\LvhpApz.exe
  2⤵
  PID:8252
- C:\Windows\System\McUXoQt.exe
  C:\Windows\System\McUXoQt.exe
  2⤵
  PID:8268
- C:\Windows\System\UmlWcgv.exe
  C:\Windows\System\UmlWcgv.exe
  2⤵
  PID:8296
- C:\Windows\System\MmGEHjk.exe
  C:\Windows\System\MmGEHjk.exe
  2⤵
  PID:8324
- C:\Windows\System\wIkjalw.exe
  C:\Windows\System\wIkjalw.exe
  2⤵
  PID:8340
- C:\Windows\System\VmjKRZZ.exe
  C:\Windows\System\VmjKRZZ.exe
  2⤵
  PID:8376
- C:\Windows\System\IsDQefn.exe
  C:\Windows\System\IsDQefn.exe
  2⤵
  PID:8496
- C:\Windows\System\PTGMLlh.exe
  C:\Windows\System\PTGMLlh.exe
  2⤵
  PID:8516
- C:\Windows\System\hxceOkk.exe
  C:\Windows\System\hxceOkk.exe
  2⤵
  PID:8532
- C:\Windows\System\VAyPBhV.exe
  C:\Windows\System\VAyPBhV.exe
  2⤵
  PID:8552
- C:\Windows\System\OFjnbUI.exe
  C:\Windows\System\OFjnbUI.exe
  2⤵
  PID:8572
- C:\Windows\System\iHZANlr.exe
  C:\Windows\System\iHZANlr.exe
  2⤵
  PID:8592
- C:\Windows\System\zQRluhW.exe
  C:\Windows\System\zQRluhW.exe
  2⤵
  PID:8612
- C:\Windows\System\wdjIqok.exe
  C:\Windows\System\wdjIqok.exe
  2⤵
  PID:8628
- C:\Windows\System\qpxpgwq.exe
  C:\Windows\System\qpxpgwq.exe
  2⤵
  PID:8652
- C:\Windows\System\AjnvDEG.exe
  C:\Windows\System\AjnvDEG.exe
  2⤵
  PID:8668
- C:\Windows\System\YkZZrrJ.exe
  C:\Windows\System\YkZZrrJ.exe
  2⤵
  PID:8684
- C:\Windows\System\JPZjLhw.exe
  C:\Windows\System\JPZjLhw.exe
  2⤵
  PID:8700
- C:\Windows\System\ExifzUG.exe
  C:\Windows\System\ExifzUG.exe
  2⤵
  PID:8736
- C:\Windows\System\Vrbcgas.exe
  C:\Windows\System\Vrbcgas.exe
  2⤵
  PID:8752
- C:\Windows\System\nmXeYap.exe
  C:\Windows\System\nmXeYap.exe
  2⤵
  PID:8772
- C:\Windows\System\egwoNer.exe
  C:\Windows\System\egwoNer.exe
  2⤵
  PID:8788
- C:\Windows\System\kvPmBHj.exe
  C:\Windows\System\kvPmBHj.exe
  2⤵
  PID:8820
- C:\Windows\System\sXoUBqZ.exe
  C:\Windows\System\sXoUBqZ.exe
  2⤵
  PID:8840
- C:\Windows\System\ZigxfRw.exe
  C:\Windows\System\ZigxfRw.exe
  2⤵
  PID:8856
- C:\Windows\System\EEKPxSB.exe
  C:\Windows\System\EEKPxSB.exe
  2⤵
  PID:8880
- C:\Windows\System\TuzopTn.exe
  C:\Windows\System\TuzopTn.exe
  2⤵
  PID:8896
- C:\Windows\System\yIdOEgw.exe
  C:\Windows\System\yIdOEgw.exe
  2⤵
  PID:8912
- C:\Windows\System\wqSfKXi.exe
  C:\Windows\System\wqSfKXi.exe
  2⤵
  PID:8928
- C:\Windows\System\dJwXFDL.exe
  C:\Windows\System\dJwXFDL.exe
  2⤵
  PID:8952
- C:\Windows\System\OSqclIn.exe
  C:\Windows\System\OSqclIn.exe
  2⤵
  PID:8976
- C:\Windows\System\FfnQvMI.exe
  C:\Windows\System\FfnQvMI.exe
  2⤵
  PID:8992
- C:\Windows\System\SAvgKfp.exe
  C:\Windows\System\SAvgKfp.exe
  2⤵
  PID:9012
- C:\Windows\System\vhcrhAx.exe
  C:\Windows\System\vhcrhAx.exe
  2⤵
  PID:9040
- C:\Windows\System\MSAuxTm.exe
  C:\Windows\System\MSAuxTm.exe
  2⤵
  PID:9056
- C:\Windows\System\VHKFCIl.exe
  C:\Windows\System\VHKFCIl.exe
  2⤵
  PID:9072
- C:\Windows\System\zWRlRIW.exe
  C:\Windows\System\zWRlRIW.exe
  2⤵
  PID:9092
- C:\Windows\System\ECxTPPy.exe
  C:\Windows\System\ECxTPPy.exe
  2⤵
  PID:9108
- C:\Windows\System\EQZPesW.exe
  C:\Windows\System\EQZPesW.exe
  2⤵
  PID:9124
- C:\Windows\System\Fsznxrq.exe
  C:\Windows\System\Fsznxrq.exe
  2⤵
  PID:9160
- C:\Windows\System\UrhfCvg.exe
  C:\Windows\System\UrhfCvg.exe
  2⤵
  PID:9176
- C:\Windows\System\RRUCrzs.exe
  C:\Windows\System\RRUCrzs.exe
  2⤵
  PID:9192
- C:\Windows\System\twMiwnT.exe
  C:\Windows\System\twMiwnT.exe
  2⤵
  PID:9208
- C:\Windows\System\feIUXpD.exe
  C:\Windows\System\feIUXpD.exe
  2⤵
  PID:8228
- C:\Windows\System\BQtaknr.exe
  C:\Windows\System\BQtaknr.exe
  2⤵
  PID:8264
- C:\Windows\System\uQCswaR.exe
  C:\Windows\System\uQCswaR.exe
  2⤵
  PID:8216
- C:\Windows\System\fFinwOR.exe
  C:\Windows\System\fFinwOR.exe
  2⤵
  PID:8280
- C:\Windows\System\LmApwPc.exe
  C:\Windows\System\LmApwPc.exe
  2⤵
  PID:8352
- C:\Windows\System\KfCQIZf.exe
  C:\Windows\System\KfCQIZf.exe
  2⤵
  PID:8368
- C:\Windows\System\MDiXMXy.exe
  C:\Windows\System\MDiXMXy.exe
  2⤵
  PID:8396
- C:\Windows\System\BOJDkvv.exe
  C:\Windows\System\BOJDkvv.exe
  2⤵
  PID:8416
- C:\Windows\System\FFCPMum.exe
  C:\Windows\System\FFCPMum.exe
  2⤵
  PID:8440
- C:\Windows\System\fHPksLG.exe
  C:\Windows\System\fHPksLG.exe
  2⤵
  PID:8412
- C:\Windows\System\ZrpinWI.exe
  C:\Windows\System\ZrpinWI.exe
  2⤵
  PID:8476
- C:\Windows\System\OzBmauf.exe
  C:\Windows\System\OzBmauf.exe
  2⤵
  PID:8504
- C:\Windows\System\oOnZlxM.exe
  C:\Windows\System\oOnZlxM.exe
  2⤵
  PID:8540
- C:\Windows\System\CiFREPZ.exe
  C:\Windows\System\CiFREPZ.exe
  2⤵
  PID:8568
- C:\Windows\System\CdnGcig.exe
  C:\Windows\System\CdnGcig.exe
  2⤵
  PID:8620
- C:\Windows\System\XmsCfnU.exe
  C:\Windows\System\XmsCfnU.exe
  2⤵
  PID:8644
- C:\Windows\System\CfUiEiC.exe
  C:\Windows\System\CfUiEiC.exe
  2⤵
  PID:8692
- C:\Windows\System\zONCZEn.exe
  C:\Windows\System\zONCZEn.exe
  2⤵
  PID:8712
- C:\Windows\System\nJfWzPR.exe
  C:\Windows\System\nJfWzPR.exe
  2⤵
  PID:8732
- C:\Windows\System\oLtYqpR.exe
  C:\Windows\System\oLtYqpR.exe
  2⤵
  PID:8780
- C:\Windows\System\AlbfcIf.exe
  C:\Windows\System\AlbfcIf.exe
  2⤵
  PID:8808
- C:\Windows\System\fvtWZdu.exe
  C:\Windows\System\fvtWZdu.exe
  2⤵
  PID:8832
- C:\Windows\System\dQBCAzZ.exe
  C:\Windows\System\dQBCAzZ.exe
  2⤵
  PID:8868
- C:\Windows\System\XBImrTG.exe
  C:\Windows\System\XBImrTG.exe
  2⤵
  PID:8876
- C:\Windows\System\klpDJJE.exe
  C:\Windows\System\klpDJJE.exe
  2⤵
  PID:8920
- C:\Windows\System\HNrilhX.exe
  C:\Windows\System\HNrilhX.exe
  2⤵
  PID:8968
- C:\Windows\System\bTCVvkj.exe
  C:\Windows\System\bTCVvkj.exe
  2⤵
  PID:9008
- C:\Windows\System\GxTtqOl.exe
  C:\Windows\System\GxTtqOl.exe
  2⤵
  PID:9064
- C:\Windows\System\YOoaIog.exe
  C:\Windows\System\YOoaIog.exe
  2⤵
  PID:9088
- C:\Windows\System\BEtuyoJ.exe
  C:\Windows\System\BEtuyoJ.exe
  2⤵
  PID:9052
- C:\Windows\System\rkvcijz.exe
  C:\Windows\System\rkvcijz.exe
  2⤵
  PID:9148
- C:\Windows\System\zsqcIyo.exe
  C:\Windows\System\zsqcIyo.exe
  2⤵
  PID:9140
- C:\Windows\System\jaoWiWX.exe
  C:\Windows\System\jaoWiWX.exe
  2⤵
  PID:9168
- C:\Windows\System\kgqFquv.exe
  C:\Windows\System\kgqFquv.exe
  2⤵
  PID:7456
- C:\Windows\System\qPHJQrB.exe
  C:\Windows\System\qPHJQrB.exe
  2⤵
  PID:7204
- C:\Windows\System\TwwNKok.exe
  C:\Windows\System\TwwNKok.exe
  2⤵
  PID:8308
- C:\Windows\System\UTNOWZi.exe
  C:\Windows\System\UTNOWZi.exe
  2⤵
  PID:8372
- C:\Windows\System\kaYlvcl.exe
  C:\Windows\System\kaYlvcl.exe
  2⤵
  PID:8436
- C:\Windows\System\oICslKH.exe
  C:\Windows\System\oICslKH.exe
  2⤵
  PID:5512
- C:\Windows\System\DxsBFEV.exe
  C:\Windows\System\DxsBFEV.exe
  2⤵
  PID:8472
- C:\Windows\System\EazdDev.exe
  C:\Windows\System\EazdDev.exe
  2⤵
  PID:8480
- C:\Windows\System\zsWnTHN.exe
  C:\Windows\System\zsWnTHN.exe
  2⤵
  PID:8528
- C:\Windows\System\GVrwRxl.exe
  C:\Windows\System\GVrwRxl.exe
  2⤵
  PID:8600
- C:\Windows\System\ljZyKZk.exe
  C:\Windows\System\ljZyKZk.exe
  2⤵
  PID:8640
- C:\Windows\System\PBnKmge.exe
  C:\Windows\System\PBnKmge.exe
  2⤵
  PID:8728
- C:\Windows\System\FKHjyyG.exe
  C:\Windows\System\FKHjyyG.exe
  2⤵
  PID:8724
- C:\Windows\System\UsnpKpM.exe
  C:\Windows\System\UsnpKpM.exe
  2⤵
  PID:8708
- C:\Windows\System\hTpcKDQ.exe
  C:\Windows\System\hTpcKDQ.exe
  2⤵
  PID:8848
- C:\Windows\System\qlyHXQl.exe
  C:\Windows\System\qlyHXQl.exe
  2⤵
  PID:8836
- C:\Windows\System\NZVkmHE.exe
  C:\Windows\System\NZVkmHE.exe
  2⤵
  PID:8948
- C:\Windows\System\RikNIKb.exe
  C:\Windows\System\RikNIKb.exe
  2⤵
  PID:9032
- C:\Windows\System\MAYmWPu.exe
  C:\Windows\System\MAYmWPu.exe
  2⤵
  PID:9084
- C:\Windows\System\TmSgnZv.exe
  C:\Windows\System\TmSgnZv.exe
  2⤵
  PID:9144
- C:\Windows\System\NCeNEZt.exe
  C:\Windows\System\NCeNEZt.exe
  2⤵
  PID:8304
- C:\Windows\System\aFwIFJZ.exe
  C:\Windows\System\aFwIFJZ.exe
  2⤵
  PID:9156
- C:\Windows\System\cAGMvbQ.exe
  C:\Windows\System\cAGMvbQ.exe
  2⤵
  PID:9184
- C:\Windows\System\pOsXMcx.exe
  C:\Windows\System\pOsXMcx.exe
  2⤵
  PID:8364
- C:\Windows\System\eOSZGcv.exe
  C:\Windows\System\eOSZGcv.exe
  2⤵
  PID:8348
- C:\Windows\System\ZIEWBVt.exe
  C:\Windows\System\ZIEWBVt.exe
  2⤵
  PID:8664
- C:\Windows\System\OHKcjWa.exe
  C:\Windows\System\OHKcjWa.exe
  2⤵
  PID:8680
- C:\Windows\System\jCovBXk.exe
  C:\Windows\System\jCovBXk.exe
  2⤵
  PID:8988
- C:\Windows\System\idwRabc.exe
  C:\Windows\System\idwRabc.exe
  2⤵
  PID:8488
- C:\Windows\System\XzjkmUw.exe
  C:\Windows\System\XzjkmUw.exe
  2⤵
  PID:8608
- C:\Windows\System\yYXffvs.exe
  C:\Windows\System\yYXffvs.exe
  2⤵
  PID:8936
- C:\Windows\System\ZvMGWBC.exe
  C:\Windows\System\ZvMGWBC.exe
  2⤵
  PID:8316
- C:\Windows\System\oMhdcWh.exe
  C:\Windows\System\oMhdcWh.exe
  2⤵
  PID:8200
- C:\Windows\System\aOgQBdp.exe
  C:\Windows\System\aOgQBdp.exe
  2⤵
  PID:8452
- C:\Windows\System\rdQfSjj.exe
  C:\Windows\System\rdQfSjj.exe
  2⤵
  PID:8456
- C:\Windows\System\imiDsnV.exe
  C:\Windows\System\imiDsnV.exe
  2⤵
  PID:8508
- C:\Windows\System\piAkYhk.exe
  C:\Windows\System\piAkYhk.exe
  2⤵
  PID:8984
- C:\Windows\System\iwLTxuF.exe
  C:\Windows\System\iwLTxuF.exe
  2⤵
  PID:9104
- C:\Windows\System\JltLtAR.exe
  C:\Windows\System\JltLtAR.exe
  2⤵
  PID:9188
- C:\Windows\System\KCBvLsN.exe
  C:\Windows\System\KCBvLsN.exe
  2⤵
  PID:8388
- C:\Windows\System\nPQlZHN.exe
  C:\Windows\System\nPQlZHN.exe
  2⤵
  PID:8492
- C:\Windows\System\ZNdOvTv.exe
  C:\Windows\System\ZNdOvTv.exe
  2⤵
  PID:8588
- C:\Windows\System\YRgWxgL.exe
  C:\Windows\System\YRgWxgL.exe
  2⤵
  PID:8796
- C:\Windows\System\gnrxpHA.exe
  C:\Windows\System\gnrxpHA.exe
  2⤵
  PID:9028
- C:\Windows\System\XtuhKdC.exe
  C:\Windows\System\XtuhKdC.exe
  2⤵
  PID:8424
- C:\Windows\System\eKqNyDy.exe
  C:\Windows\System\eKqNyDy.exe
  2⤵
  PID:8584
- C:\Windows\System\MgSyFpH.exe
  C:\Windows\System\MgSyFpH.exe
  2⤵
  PID:8676
- C:\Windows\System\KCBQdhN.exe
  C:\Windows\System\KCBQdhN.exe
  2⤵
  PID:1004
- C:\Windows\System\SmThQux.exe
  C:\Windows\System\SmThQux.exe
  2⤵
  PID:8320
- C:\Windows\System\NtNKwOw.exe
  C:\Windows\System\NtNKwOw.exe
  2⤵
  PID:9232
- C:\Windows\System\gNGATeU.exe
  C:\Windows\System\gNGATeU.exe
  2⤵
  PID:9252
- C:\Windows\System\qFnHRgI.exe
  C:\Windows\System\qFnHRgI.exe
  2⤵
  PID:9268
- C:\Windows\System\dyIXThK.exe
  C:\Windows\System\dyIXThK.exe
  2⤵
  PID:9284
- C:\Windows\System\rgJSYqh.exe
  C:\Windows\System\rgJSYqh.exe
  2⤵
  PID:9300
- C:\Windows\System\gXEKQrG.exe
  C:\Windows\System\gXEKQrG.exe
  2⤵
  PID:9324
- C:\Windows\System\zoPwLCV.exe
  C:\Windows\System\zoPwLCV.exe
  2⤵
  PID:9364
- C:\Windows\System\cIVfwFK.exe
  C:\Windows\System\cIVfwFK.exe
  2⤵
  PID:9380
- C:\Windows\System\QioEaDM.exe
  C:\Windows\System\QioEaDM.exe
  2⤵
  PID:9396
- C:\Windows\System\hbejhYm.exe
  C:\Windows\System\hbejhYm.exe
  2⤵
  PID:9412
- C:\Windows\System\bYbUCjp.exe
  C:\Windows\System\bYbUCjp.exe
  2⤵
  PID:9428
- C:\Windows\System\oxGaxgR.exe
  C:\Windows\System\oxGaxgR.exe
  2⤵
  PID:9448
- C:\Windows\System\mrbKaXB.exe
  C:\Windows\System\mrbKaXB.exe
  2⤵
  PID:9464
- C:\Windows\System\EOxIDcO.exe
  C:\Windows\System\EOxIDcO.exe
  2⤵
  PID:9484
- C:\Windows\System\tmUhvCw.exe
  C:\Windows\System\tmUhvCw.exe
  2⤵
  PID:9528
- C:\Windows\System\GFVbqyg.exe
  C:\Windows\System\GFVbqyg.exe
  2⤵
  PID:9548
- C:\Windows\System\skfjHDd.exe
  C:\Windows\System\skfjHDd.exe
  2⤵
  PID:9564
- C:\Windows\System\VUCsYeZ.exe
  C:\Windows\System\VUCsYeZ.exe
  2⤵
  PID:9580
- C:\Windows\System\OobVaDk.exe
  C:\Windows\System\OobVaDk.exe
  2⤵
  PID:9608
- C:\Windows\System\rzKMQWf.exe
  C:\Windows\System\rzKMQWf.exe
  2⤵
  PID:9624
- C:\Windows\System\UROChiK.exe
  C:\Windows\System\UROChiK.exe
  2⤵
  PID:9640
- C:\Windows\System\QXtTYxz.exe
  C:\Windows\System\QXtTYxz.exe
  2⤵
  PID:9656
- C:\Windows\System\sTdMtcP.exe
  C:\Windows\System\sTdMtcP.exe
  2⤵
  PID:9676
- C:\Windows\System\EeQdRrO.exe
  C:\Windows\System\EeQdRrO.exe
  2⤵
  PID:9696
- C:\Windows\System\urGzxgh.exe
  C:\Windows\System\urGzxgh.exe
  2⤵
  PID:9712
- C:\Windows\System\LHVfDaK.exe
  C:\Windows\System\LHVfDaK.exe
  2⤵
  PID:9728
- C:\Windows\System\lhRsUea.exe
  C:\Windows\System\lhRsUea.exe
  2⤵
  PID:9748
- C:\Windows\System\cfycive.exe
  C:\Windows\System\cfycive.exe
  2⤵
  PID:9780
- C:\Windows\System\wsuJeyU.exe
  C:\Windows\System\wsuJeyU.exe
  2⤵
  PID:9796
- C:\Windows\System\aLvwoTk.exe
  C:\Windows\System\aLvwoTk.exe
  2⤵
  PID:9812
- C:\Windows\System\PvUyWqu.exe
  C:\Windows\System\PvUyWqu.exe
  2⤵
  PID:9828
- C:\Windows\System\XtnGcXu.exe
  C:\Windows\System\XtnGcXu.exe
  2⤵
  PID:9844
- C:\Windows\System\RCQqTtC.exe
  C:\Windows\System\RCQqTtC.exe
  2⤵
  PID:9864
- C:\Windows\System\SPIYXlk.exe
  C:\Windows\System\SPIYXlk.exe
  2⤵
  PID:9880
- C:\Windows\System\oQVfcXR.exe
  C:\Windows\System\oQVfcXR.exe
  2⤵
  PID:9896
- C:\Windows\System\rSZFHHW.exe
  C:\Windows\System\rSZFHHW.exe
  2⤵
  PID:9916
- C:\Windows\System\DtfXYph.exe
  C:\Windows\System\DtfXYph.exe
  2⤵
  PID:9932
- C:\Windows\System\fJjJXTg.exe
  C:\Windows\System\fJjJXTg.exe
  2⤵
  PID:9948
- C:\Windows\System\qutmteW.exe
  C:\Windows\System\qutmteW.exe
  2⤵
  PID:9976
- C:\Windows\System\nqxbCnI.exe
  C:\Windows\System\nqxbCnI.exe
  2⤵
  PID:10004
- C:\Windows\System\eQCYxPT.exe
  C:\Windows\System\eQCYxPT.exe
  2⤵
  PID:10044
- C:\Windows\System\yTOrPcO.exe
  C:\Windows\System\yTOrPcO.exe
  2⤵
  PID:10060
- C:\Windows\System\dXQnBeU.exe
  C:\Windows\System\dXQnBeU.exe
  2⤵
  PID:10084
- C:\Windows\System\uSPaaYz.exe
  C:\Windows\System\uSPaaYz.exe
  2⤵
  PID:10104
- C:\Windows\System\jhEfIso.exe
  C:\Windows\System\jhEfIso.exe
  2⤵
  PID:10128
- C:\Windows\System\hPWAWnv.exe
  C:\Windows\System\hPWAWnv.exe
  2⤵
  PID:10144
- C:\Windows\System\fdqnEEh.exe
  C:\Windows\System\fdqnEEh.exe
  2⤵
  PID:10168
- C:\Windows\System\dRXyHjq.exe
  C:\Windows\System\dRXyHjq.exe
  2⤵
  PID:10188
- C:\Windows\System\tyXfuOw.exe
  C:\Windows\System\tyXfuOw.exe
  2⤵
  PID:10212
- C:\Windows\System\ftlwPfM.exe
  C:\Windows\System\ftlwPfM.exe
  2⤵
  PID:10228
- C:\Windows\System\stNKszt.exe
  C:\Windows\System\stNKszt.exe
  2⤵
  PID:9260
- C:\Windows\System\YQSfSNT.exe
  C:\Windows\System\YQSfSNT.exe
  2⤵
  PID:9332
- C:\Windows\System\caRYtAE.exe
  C:\Windows\System\caRYtAE.exe
  2⤵
  PID:9352
- C:\Windows\System\MSQmHdK.exe
  C:\Windows\System\MSQmHdK.exe
  2⤵
  PID:9360
- C:\Windows\System\lyeZJEt.exe
  C:\Windows\System\lyeZJEt.exe
  2⤵
  PID:9248
- C:\Windows\System\NAagMTs.exe
  C:\Windows\System\NAagMTs.exe
  2⤵
  PID:9312
- C:\Windows\System\gRQZgdt.exe
  C:\Windows\System\gRQZgdt.exe
  2⤵
  PID:9456
- C:\Windows\System\OfhFHsT.exe
  C:\Windows\System\OfhFHsT.exe
  2⤵
  PID:9440
- C:\Windows\System\AfwsRKP.exe
  C:\Windows\System\AfwsRKP.exe
  2⤵
  PID:9444
- C:\Windows\System\faLAQSZ.exe
  C:\Windows\System\faLAQSZ.exe
  2⤵
  PID:9500
- C:\Windows\System\jNWKQss.exe
  C:\Windows\System\jNWKQss.exe
  2⤵
  PID:9536
- C:\Windows\System\pwRhDIj.exe
  C:\Windows\System\pwRhDIj.exe
  2⤵
  PID:9560
- C:\Windows\System\guBMRPQ.exe
  C:\Windows\System\guBMRPQ.exe
  2⤵
  PID:9600
- C:\Windows\System\vmQqGbr.exe
  C:\Windows\System\vmQqGbr.exe
  2⤵
  PID:9636
- C:\Windows\System\tgTlWlJ.exe
  C:\Windows\System\tgTlWlJ.exe
  2⤵
  PID:9684
- C:\Windows\System\lQBiitC.exe
  C:\Windows\System\lQBiitC.exe
  2⤵
  PID:9708
- C:\Windows\System\LfCqiIL.exe
  C:\Windows\System\LfCqiIL.exe
  2⤵
  PID:9756
- C:\Windows\System\bsHTrZZ.exe
  C:\Windows\System\bsHTrZZ.exe
  2⤵
  PID:9792
- C:\Windows\System\ekOzPvN.exe
  C:\Windows\System\ekOzPvN.exe
  2⤵
  PID:9852
- C:\Windows\System\lfUOusF.exe
  C:\Windows\System\lfUOusF.exe
  2⤵
  PID:9904
- C:\Windows\System\mozeDiF.exe
  C:\Windows\System\mozeDiF.exe
  2⤵
  PID:9908
- C:\Windows\System\BSZhFCt.exe
  C:\Windows\System\BSZhFCt.exe
  2⤵
  PID:9912
- C:\Windows\System\MMOCvnf.exe
  C:\Windows\System\MMOCvnf.exe
  2⤵
  PID:9984
- C:\Windows\System\VVfKfBg.exe
  C:\Windows\System\VVfKfBg.exe
  2⤵
  PID:9972
- C:\Windows\System\TYdVBoA.exe
  C:\Windows\System\TYdVBoA.exe
  2⤵
  PID:10024
- C:\Windows\System\adHFMdD.exe
  C:\Windows\System\adHFMdD.exe
  2⤵
  PID:10020
- C:\Windows\System\SkdWWza.exe
  C:\Windows\System\SkdWWza.exe
  2⤵
  PID:10072
- C:\Windows\System\veNRbnC.exe
  C:\Windows\System\veNRbnC.exe
  2⤵
  PID:10112
- C:\Windows\System\wePvjgp.exe
  C:\Windows\System\wePvjgp.exe
  2⤵
  PID:10124
- C:\Windows\System\NGeixJd.exe
  C:\Windows\System\NGeixJd.exe
  2⤵
  PID:10196
- C:\Windows\System\YUHozob.exe
  C:\Windows\System\YUHozob.exe
  2⤵
  PID:10200
- C:\Windows\System\ZolQATf.exe
  C:\Windows\System\ZolQATf.exe
  2⤵
  PID:10224
- C:\Windows\System\UBePzeM.exe
  C:\Windows\System\UBePzeM.exe
  2⤵
  PID:9348
- C:\Windows\System\ZmIQbtv.exe
  C:\Windows\System\ZmIQbtv.exe
  2⤵
  PID:9240
- C:\Windows\System\mDIyltp.exe
  C:\Windows\System\mDIyltp.exe
  2⤵
  PID:9276
- C:\Windows\System\FwPkQDa.exe
  C:\Windows\System\FwPkQDa.exe
  2⤵
  PID:9492
- C:\Windows\System\GwNtXmP.exe
  C:\Windows\System\GwNtXmP.exe
  2⤵
  PID:9476
- C:\Windows\System\blLMOKL.exe
  C:\Windows\System\blLMOKL.exe
  2⤵
  PID:9408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ENxamBu.exe

Filesize
6.0MB

MD5
a6efc25adb9b9fb8d75fcd51bb806f3f

SHA1
df8bc7578fac2cc293c543b20120778f2733926a

SHA256
f6cae0786cc6955a77dd8ef0f1fe3da315e8330c21308d4be5e8d9a8391929f3

SHA512
7e3f3431c041ec5c693fe89fbdfca25470df1fc25cfc56418f173e8edec8c1a08f0b8c98547bb3d1152ccc39918583fcdf6a2f1468f7a2a75bf9e21ea7721225

Download Submit
C:\Windows\system\ETuPbLZ.exe

Filesize
6.0MB

MD5
8add5f560ea6d3b9e0af371f3a9b3e7c

SHA1
065a5abce2dd66d1215ef76055246d14b7d1de99

SHA256
95271eb27538f3de846c252e3a4026f67e1e18a31fdcbcf0a8abc5bd5faa5d86

SHA512
3de7c7ad7aae474f2c316bb871b8c156b8c7006e28be4604bfecd849e2560d800afcc3c4bc9f174a74990fd77448e466c7bc9e4e19eab55ccfe0d7a3ee3c4eba

Download Submit
C:\Windows\system\GJgrWQA.exe

Filesize
6.0MB

MD5
a76767a0d835f26fafd449880d7141ac

SHA1
24ed564267c61906089b89959d0fdee63b6c2ea4

SHA256
b6b229302ddaacb285dfe003ff5441f7ede8e57a600492d781fca5f16075db29

SHA512
472f91be3cdd5f841fde254cfac8fb88d6bacc5ef15be5c01bd19f80826b11c1b78164c2f3d06c4a0872e4803c974d09473d980872dea6c6175c69739a2761ee

Download Submit
C:\Windows\system\TAdrpXI.exe

Filesize
6.0MB

MD5
cb85b0a109d451b0434b4fe5f51c5d4b

SHA1
dac4c5a92bb76bc7ee656267e74c7517a17ee4b5

SHA256
c491682fbeb67e6cb18f83284086d839b3805bacab6b00487c766c7917484e4e

SHA512
df7c3d901b258529a8fc1bfbb731e82fd2add98dc2e92613fe03f3f6b38aab6e3998db284d6839c226800a1d7ff3e5b85ae1e449c0c08ae7ec075434d26e461c

Download Submit
C:\Windows\system\UDgUhLQ.exe

Filesize
6.0MB

MD5
05d0e0c60b7f28492575fb412fcde517

SHA1
faf8f818bb52b8385b1d6cb8a7764a30d22ae3a5

SHA256
6a55b5745f9a49d4b7729976ff8c4434519b5c019453a638e9493ff6c521d4e4

SHA512
00dbd145472893357e479d441b0daec54ecd0a8b760cd5b81ef27c59841b6fb36bbb49ca3ee370b7383244083eebfbc765f8a959b9ac9801e5a112ed533d77a4

Download Submit
C:\Windows\system\XbouBnk.exe

Filesize
6.0MB

MD5
12831667c64f79839c78d50a9b19163f

SHA1
ae2c20bc3ca911de4002e036250312de57ba7371

SHA256
58a8bab67aa05858cc7f646f6c9cf69c4f5ca70987d435e604d00e24d872cdf6

SHA512
8baf1ebcde6216bcfc3b17879da77e9ddbf5cfb1ac1e7e16c0b5d7871016167a1d35fcaea689ba443082fb5e552677f3b0b33a9644a23a9778a3ea760aed7dd9

Download Submit
C:\Windows\system\Xsoqkwv.exe

Filesize
6.0MB

MD5
1ee8de1ec7d0cb2c852ca6b40333e665

SHA1
3836763e5c5f64c716bd925868b132bafbbbcb32

SHA256
4bfb032487186da9de29af791e8c3a55cae432fecc674523c62e29d15037f78a

SHA512
06ac390512a469f1d6d27c56c9d74d24426bec4943ce0560e5f8426446acc54e65a977f4041e713f654710bc3ed4e975da0c83218128684a5c0e648d9de828f7

Download Submit
C:\Windows\system\aOKlRHz.exe

Filesize
6.0MB

MD5
257192d9ce7eca2c062609649de3904d

SHA1
ab35c2557daf067ea8d993b487d3af720aa3dc9b

SHA256
cd73bc12984f4100f3623d52eecda3862d6f621424d6080d162a55be793a034a

SHA512
3598208dd6ce29e51af776865f7b3753b2e007276171fbac2714d4a5a4de9709b3ff676b5094963ec265d864ad43462f745d1960971ac0368ae5edda3a95834f

Download Submit
C:\Windows\system\cWntXvC.exe

Filesize
6.0MB

MD5
ed56bcf2bb140e50e629313c84db6c67

SHA1
5d5f541f2235020838491484aa7b145bc0d34e7c

SHA256
f5516c244571d0e19adbc546585cc926ec6d62beb1aa3a0b36bde5ea1e3c54f4

SHA512
9bf2fc204c58c6c99d8edbe59055dc9a9615a8240337c062d15d1a8e66e67499e20000054acfa46f486caa5cf1ef98737e7d243c559f4ba86b1753e9f9614e06

Download Submit
C:\Windows\system\eUYjEGG.exe

Filesize
6.0MB

MD5
b3b3249905269582d7cb8859ed8c533c

SHA1
d5256d81b85c048988cc1174d6a6069c45b0635e

SHA256
01506985cb86a5ad0946241baf9cc1e4c8d0280d5a348f95458f201ba060bf11

SHA512
008828dfd88c2085bc0539ec771969836c88dd1d2d7e7256f381dcff1f95b9f49eda483d061fcbb11b1b48bb7b4ef7ec61156f204122b49a7ea355da4873ac78

Download Submit
C:\Windows\system\giLDzsw.exe

Filesize
6.0MB

MD5
8d0ee09151c0b74bc231a9c4fb20c787

SHA1
3c12ab01b6c33feda724e246e2a05d6a7819f4d4

SHA256
2c74b0dae3ce792771a1c6e1116fd5498dcfd9b9ce5cca98fe48d0598412f3f7

SHA512
b6d396032e1c0eedba82c08d13514dfc0957eaeb6d46c398738d5d3500291ab4ca7f6c9f99aaab7d609ab792aa18800fb1a0813af2144e5fc6bedb2b09351bec

Download Submit
C:\Windows\system\gkKwvLg.exe

Filesize
6.0MB

MD5
80495fb55a9e9d897f3c33dd636e338c

SHA1
e989e53a0a97a7c60ccc623cb9459fcd1bbc137d

SHA256
a63e36e6cf972ad8e491958f08fc8a517c6309323bd2aed9b57631f83d5f554c

SHA512
39f2163c95e497d840d27a7f69d6324725faa13f04cc763e24326487883172b9986797d66d31d086ba42f93fabc8cb923e26941baf3afd9d6ce7f376f9397f79

Download Submit
C:\Windows\system\hsXWBkN.exe

Filesize
6.0MB

MD5
55aa24b290159c5bf27ed14948f674a5

SHA1
0f9530571f3d74cf5bba2230c713b74a9cdf63eb

SHA256
18669840238424da3d5e0295f8e3eec346f9602600766bda8eb46cbfa26a98d4

SHA512
25265d8efabe658914007f9f64f08d968f27f7bb8ef58b97a67afda43cfb41f50678f1aa406f4d416f8c3997c03184829f3455904a39efe03a03da6ef8573efd

Download Submit
C:\Windows\system\iLNkbDU.exe

Filesize
6.0MB

MD5
4ff1d8f2b6aac1145642371e0a83663b

SHA1
60f4dfb1cd4beed633501776a5f6254b5cdd52ed

SHA256
4c303168b03573999e9348c6a5bbd04b7ab5e3cdb2b4af70ac49d2b5bb85e776

SHA512
e89bacb549e645c6cc1293adbc27df0bb208ffa39ef92a3f8afb0f5aa876324d08a35e88c4f755750c717046c9a1261620ad330a2432126915c8a3d2ecbdcb4a

Download Submit
C:\Windows\system\lNfeMVI.exe

Filesize
6.0MB

MD5
9a3263e6ef9d2c4e7f9d683920cc1ff5

SHA1
57a313e61bbff17dc7861123c4c86700d6211d91

SHA256
349b63bc5ee2989511a6e199919031119532124b57766a8c13b38744d3a5a87c

SHA512
d41aaf07df8b7077402aa73d0f8750941fb61ecda5017bcdf16ed854bb8ac6ee2fe8e50974fbbc7214e90342e263a43d8a2e9d1961cbc6614562b7cf3b7b26f9

Download Submit
C:\Windows\system\oUpzhID.exe

Filesize
6.0MB

MD5
e89612c359f89e39d3035e1715d7fa67

SHA1
b54060629a724583f796ca31a6cca1b5197f0dbb

SHA256
c48ec915f5039d384f77ef6c0c252d8adb50caef8710811ee81fb0b5204a2922

SHA512
7c50f05dba92699eac2641b5063224b0f0ceb6f08aebdb2356b39f0ccaf89391cb4aec505b19bcedcf7bd074cfa289f6e96bc775d477ed28a70065175c9b00ef

Download Submit
C:\Windows\system\ofwXmTK.exe

Filesize
6.0MB

MD5
d6ecd43d8d39271c039580f6bf84a868

SHA1
59087d9250c375c9bb04e63fd3163a30374b37fa

SHA256
024c4f0af47632dd0aa2e5692d8374ef521dfc720da950dc6140890dd3d398e8

SHA512
1ba65c42e77998e3e69872760ba28cda3729dbd04cf1471020db3372bbe64af886894cfbd06f8afeabdd32d0a14fbbc3ba0884c687c84dbbf30b1390f422f93a

Download Submit
C:\Windows\system\sIvbxkU.exe

Filesize
6.0MB

MD5
3a6948bd44f7d4499984cb4dcd6a7f39

SHA1
5181b90bf91fae3377f3015554b311b8c533d231

SHA256
796fb08ff59646bbb8a17b29c72db4be516810196476426b076f77c0900138c5

SHA512
a207ec2d6cbfff470c3a0075894095c6109f49c7dfd78a6845a6c644293afee3250bf42628c16c349c32b36720bf6a05107176d38d3b53b6aa7d54d6299fc1b9

Download Submit
C:\Windows\system\tABlAyG.exe

Filesize
6.0MB

MD5
488ec480bdef0f43c6f360df080f2502

SHA1
eaea2b9d1716e154cbe695bf3cbedc5e4d9e89b7

SHA256
f149e45d91fa5154b9960f5a37790d0f34f26e5997abc78c896e4fc2361c7316

SHA512
e91fcfd607e260815b20a7b8aae9347e13fd6ccedef8fbac91fd810ee29bb913ab5b67b50ce038d6a84d5e167c9eb12e4a75828205ef7f448396aa396c6c9965

Download Submit
C:\Windows\system\vEYsgUZ.exe

Filesize
6.0MB

MD5
bb0623268bfe4bde88456fd945f96718

SHA1
99184ef3f9665cbcef313611084dc0f2aefec759

SHA256
938cb1118bf6cceb3c1b5e058743606041e2c47e4edc1c71cd5376f9c73dc669

SHA512
3cd50c551a946e27b7024aee758754ee283b20a85f60989fbb331ead031d8cd5083d6f9588e04311a91858fc3879e8561d42ce56cccdf66e195a17ab56468106

Download Submit
C:\Windows\system\vJujGEv.exe

Filesize
6.0MB

MD5
5cc66438169b3bca2f6eb14e684f9042

SHA1
a0588721060cf0e129b3b1aa6381163d60cdccfe

SHA256
7002a5751f43178a34acad5e0d1e849321a8ac00a4b8c763c42ecca9ea8d0fe8

SHA512
5e15fd8c857d4454e11480ed77d8af654fac9fa25c1eca9a206abc5d60ec70db0d1b63145a2ba1925fe0e58ae90cf0f51f0531bb34ea9a6718309af4130b0c33

Download Submit
C:\Windows\system\wKICmkc.exe

Filesize
6.0MB

MD5
d179829c9830c3095d10f7a5b515e925

SHA1
e26944f2bf23e4eeb83e8d312bdcf8462bd2b452

SHA256
477ea715ed1a0893c333b0d286ef2a26f04910e005864319193ed7c2bf9f481a

SHA512
286677319157a4b91bb6b9400e8832f512cb55ca36e573e0e90d6f13bdd79c4d13a6ebb1f6eade2af35cc4b9671297e35ab46cd3c49e75099b4b89884af7b2cb

Download Submit
C:\Windows\system\ytAVgAe.exe

Filesize
6.0MB

MD5
02f20cc385848d16057d23b091d23e04

SHA1
f7eecf15ca5807bf61d6e15425f510f430e61427

SHA256
bf12f55198f6705b0e891409eeeb920052c856ca966821effee703571a47baf8

SHA512
f4ba5274df28fb4b6e2057f63181da928256370cd5a9af0ec37249410631a36022e364ad2fc116f1c9737c17b94b5bf0877224a79509ee8f01e6007c32282a4d

Download Submit
\Windows\system\NYnaLVs.exe

Filesize
6.0MB

MD5
1f1ad6f48aaa1421a92d405801a4b3fa

SHA1
c541cb7fb56594d252a7fb60f856528d0d7f2ce7

SHA256
bcf90c677f1a7ae3dd788e57976713ad3f7c9e3ce5bc1c00ca75c3b3b59bf4a3

SHA512
fea6596fc33694f4036eb017e259f2a3c8e4ed9c5e5863a1ebc6119713a5794dc697cb376f0ffcb719b7b5d82bae900cc9eb1bd10caf087f112fbcbe860fa0e0

Download Submit
\Windows\system\Quufncg.exe

Filesize
6.0MB

MD5
1f90078740bcfa102ce803c24e04cb07

SHA1
76f5bbec098958b404261fa1a96c4478f1c44a23

SHA256
ec8f2b28a23d60e681ba5d40a47aeb63c23c5dae3f7dc39aea9f1452a1ad2a0b

SHA512
db761a68805946c904167921acaa2f01496df7b08fea33fce756e82eb1924606d87275dbc57eac9dca60024360817c46c5689c2d898cefe466bc30b438bcb895

Download Submit
\Windows\system\WekFdKm.exe

Filesize
6.0MB

MD5
7dba0350aca940f385e424396a0cbb01

SHA1
64ffb9a8b259afea2fcb765fb060e0cca9b359aa

SHA256
9f433f9f213b616fe1b34e228c217f6ad0e5a06809aea2f5c5be1c471b8f20bf

SHA512
a633cb7cb8f55864ea99d3c3f88e5dea2200ebb1b0456160dc2490b6734f6a969b05149b01527f280c16deafaa83004405d9e5285af06639cc715e2292f13923

Download Submit
\Windows\system\gqINNCU.exe

Filesize
6.0MB

MD5
3e24ef361e5ebcf51eda1f028e4fe6a0

SHA1
9fb9fc3e9e6c5d3e84a2eb7c8eff28f32080a38d

SHA256
a6f2f5e21b93c1eb6afbb432e2c9dbb74e7986dc1620efa5382901c881fa9215

SHA512
896bd247974ea348e03447a6e20346122e920aa665538e7f1d36afc49639a47ba9cc4787d898c7e7091cef161107bf7b3c72fb134a542e1a7b5985d07fc059b8

Download Submit
\Windows\system\jBDXKAA.exe

Filesize
6.0MB

MD5
44d89b98add313a5fc744cc42c1de65d

SHA1
4fa24360fcb0eb5e1999f61d0d66b14bc1395bd4

SHA256
6dcc9047fe5a4edb5c20a44a56826873397e5002e387fe2c7d1f8364293e8714

SHA512
5b5bf8c3d8acabcaae981bf4cbdf76a7185094c0f0d389b5c1243bb750dae8290000cda2cbe80a840a744709a5fcdfe4f248df05da8ca7098bd5e1bde65623e8

Download Submit
\Windows\system\kWTtbUx.exe

Filesize
6.0MB

MD5
d2c1db18eb25ce9cd177cc2babd7710a

SHA1
9dc2d59ad7e22de10c4f25f2139369144a596e54

SHA256
a9b2142de839c96b201ebdbd0a38985858c610c3ef45efcea82743ec89178e16

SHA512
92478295c85ff16676c8139740234ac7472740572cc03f041b43322185f3c562da0e3df168f9e273e0e65bea646c737308e15d9449d6654f12611d59c8432e42

Download Submit
\Windows\system\mkgNvrJ.exe

Filesize
6.0MB

MD5
d6e94714ff709d86cf0cf896b142e9ac

SHA1
5a2701bf224faeb177fb17e4417ca9379beb0175

SHA256
fc3b82311985d0c1701f881764ab1ebf9fdaae3cf1886a9f4edc82ca87bdfc61

SHA512
b63dc3c3de3e5989b2cdf1a5bb9afae3867dcc38b7ab2057accbc7642d2336acb6685ea19d974dfcd407ea9ebc868b62a06fcd995455a65949f9d1ad674712bc

Download Submit
\Windows\system\tKxdFMB.exe

Filesize
6.0MB

MD5
3b9a7bbf3ed17f4d8aa3ac65aed3be4d

SHA1
276a2e4362da1da18c54e7da61cdd7c6d5dc9ffd

SHA256
1d27f055b58fd3e9903fa177f9431915ae7e83dc57bf9cce5de69e0a75524e2d

SHA512
52098cf43414349fc486955656849075bf9815925397464a067dc04822b1fb76d1aafa5621a469376730ff62429e2d586639803510c8fa4a4d95edafeec328c1

Download Submit
\Windows\system\zALRJhz.exe

Filesize
6.0MB

MD5
edee91e1a2064a38e78a7bd1c9bfb0e8

SHA1
56e4376d08097e812a6a764de2b9113407ab5b7f

SHA256
57bb83e22541dd20f1b116b9214a3b695e3c78bebd02133bfe28405369749e1b

SHA512
20d36d58b06f2db9d4867d1e78b7a377c49bc28668ea146ff57116e414023ae87e8a24016710716330fbe2530e331defc2adf922f7b294a27809e3cdfaf43b37

Download Submit
memory/1964-42-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1964-3960-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1984-143-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1117-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1444-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1283-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-132-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-146-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1984-152-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-15-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-37-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-93-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1984-35-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-85-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1984-44-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-29-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-138-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-0-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-151-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-150-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-144-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2108-123-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2324-51-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-3849-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-14-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4059-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-128-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-71-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-23-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3957-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3963-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2720-49-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2720-814-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4060-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2728-149-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3939-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2816-41-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2904-89-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2904-4058-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/3040-3884-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/3040-10-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/3040-48-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3930-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-148-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-31-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download