cobaltstrike | 314ad03d9f5941ce8f43ea599f2929c1344624f50ec2f56c4072067c4f5873df

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

10959176800da8d1f1e66fcbb8146e84
SHA1

5abf759554076c05dabda3d1b7ffecf356bf0f76
SHA256

314ad03d9f5941ce8f43ea599f2929c1344624f50ec2f56c4072067c4f5873df
SHA512

ccc5ad42d6c444c54b9660a9efe64e9720fcc614fd515feec5cf1f8444afd610b51df4c409607f180556dad836e7b57d3ec05407ef95c30e8628fd04094da7cb
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU8:eOl56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001225b-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-5.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e74-28.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001739c-37.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001739a-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f9c-23.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-44.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-151.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173e4-51.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-184.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1928-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225b-3.dat	xmrig
behavioral1/files/0x0008000000016d9f-5.dat	xmrig
behavioral1/memory/1928-6-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2332-22-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2508-27-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0007000000016e74-28.dat	xmrig
behavioral1/memory/2200-36-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000700000001739c-37.dat	xmrig
behavioral1/files/0x000700000001739a-35.dat	xmrig
behavioral1/memory/768-32-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/1928-24-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016f9c-23.dat	xmrig
behavioral1/memory/2968-21-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1928-40-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d3f-44.dat	xmrig
behavioral1/memory/2868-52-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f7-63.dat	xmrig
behavioral1/memory/768-67-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019229-73.dat	xmrig
behavioral1/memory/1928-83-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2688-88-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f3-87.dat	xmrig
behavioral1/memory/2172-91-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2748-72-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-77.dat	xmrig
behavioral1/memory/2204-94-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019218-69.dat	xmrig
behavioral1/memory/2280-84-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2200-82-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000500000001924c-80.dat	xmrig
behavioral1/memory/1928-68-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2864-64-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2932-60-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019271-103.dat	xmrig
behavioral1/files/0x0005000000019277-122.dat	xmrig
behavioral1/files/0x0005000000019389-121.dat	xmrig
behavioral1/files/0x00050000000193c4-131.dat	xmrig
behavioral1/files/0x0005000000019273-135.dat	xmrig
behavioral1/files/0x00050000000193d9-143.dat	xmrig
behavioral1/files/0x0005000000019382-116.dat	xmrig
behavioral1/files/0x00050000000193df-146.dat	xmrig
behavioral1/files/0x00050000000193cc-136.dat	xmrig
behavioral1/files/0x00050000000193be-125.dat	xmrig
behavioral1/memory/1156-112-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x000500000001926b-109.dat	xmrig
behavioral1/memory/1928-158-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/1928-157-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019401-151.dat	xmrig
behavioral1/memory/1928-101-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173e4-51.dat	xmrig
behavioral1/memory/2280-161-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001942f-171.dat	xmrig
behavioral1/files/0x0005000000019403-169.dat	xmrig
behavioral1/memory/2688-174-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d8-187.dat	xmrig
behavioral1/memory/2172-189-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2204-289-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019539-196.dat	xmrig
behavioral1/files/0x0005000000019441-179.dat	xmrig
behavioral1/files/0x000500000001947e-184.dat	xmrig
behavioral1/memory/1156-412-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2968-3256-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2508-3261-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2968	oIvaJzY.exe
2332	mTdRvnh.exe
2508	zuCGHgp.exe
768	TPmxMQk.exe
2200	XpHybih.exe
2868	ohdpFSo.exe
2932	czDBIUi.exe
2864	VfLrxTk.exe
2748	zhvOcMv.exe
2280	uEfIgMe.exe
2688	ctTEfbg.exe
2172	ucGBbDP.exe
2204	rlQtNJq.exe
1156	DwTQLzn.exe
1680	bRElnKM.exe
2324	pYmChPZ.exe
2468	afArSBp.exe
1940	KMzHWDP.exe
288	LcDTDFh.exe
1936	aJgfQyQ.exe
2548	mitSiwH.exe
2812	TbrUhPq.exe
1976	WekXrLR.exe
2940	QryPeRJ.exe
2220	HjkNydT.exe
2132	KSNcPLv.exe
444	yCetIPD.exe
1736	xuELkCs.exe
836	glODJuw.exe
1300	sWHpnLt.exe
1716	GlqJsyq.exe
1712	qArImHW.exe
1048	jvjyfsC.exe
624	tgkILel.exe
1792	FCWiqBj.exe
1772	FZHnNjm.exe
760	GOphOaE.exe
352	mrtyvlE.exe
2088	FSeJLtA.exe
2976	OtAjANt.exe
2924	zaNcbeA.exe
2160	QHwkUGZ.exe
1948	DFWHBIP.exe
2424	JdoKNML.exe
3048	UcYuHaS.exe
884	XWFZJKS.exe
1728	XQYQPAp.exe
2140	HJnSzhq.exe
1192	ZcZQYwz.exe
1540	WHoPpMo.exe
1688	wnwOebX.exe
744	olTRgDb.exe
2092	QJLBGZF.exe
2724	QOxstpX.exe
2708	ncfMAaX.exe
2684	ZiyxjVa.exe
2988	KNOoZVj.exe
2836	FBZgCLB.exe
2740	VoKiSWq.exe
2680	JYQWgHl.exe
108	tEipjDV.exe
2564	PrlwhRi.exe
2860	twUUNtU.exe
2380	fmuYYTw.exe

Loads dropped DLL 64 IoCs

pid	Process
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1928-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x000c00000001225b-3.dat	upx
behavioral1/files/0x0008000000016d9f-5.dat	upx
behavioral1/memory/1928-6-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2332-22-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2508-27-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0007000000016e74-28.dat	upx
behavioral1/memory/2200-36-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000700000001739c-37.dat	upx
behavioral1/files/0x000700000001739a-35.dat	upx
behavioral1/memory/768-32-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0007000000016f9c-23.dat	upx
behavioral1/memory/2968-21-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/1928-40-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-44.dat	upx
behavioral1/memory/2868-52-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x00050000000191f7-63.dat	upx
behavioral1/memory/768-67-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0005000000019229-73.dat	upx
behavioral1/memory/2688-88-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x00050000000191f3-87.dat	upx
behavioral1/memory/2172-91-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2748-72-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0005000000019234-77.dat	upx
behavioral1/memory/2204-94-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0005000000019218-69.dat	upx
behavioral1/memory/2280-84-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2200-82-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000500000001924c-80.dat	upx
behavioral1/memory/2864-64-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2932-60-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0005000000019271-103.dat	upx
behavioral1/files/0x0005000000019277-122.dat	upx
behavioral1/files/0x0005000000019389-121.dat	upx
behavioral1/files/0x00050000000193c4-131.dat	upx
behavioral1/files/0x0005000000019273-135.dat	upx
behavioral1/files/0x00050000000193d9-143.dat	upx
behavioral1/files/0x0005000000019382-116.dat	upx
behavioral1/files/0x00050000000193df-146.dat	upx
behavioral1/files/0x00050000000193cc-136.dat	upx
behavioral1/files/0x00050000000193be-125.dat	upx
behavioral1/memory/1156-112-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x000500000001926b-109.dat	upx
behavioral1/files/0x0005000000019401-151.dat	upx
behavioral1/files/0x00080000000173e4-51.dat	upx
behavioral1/memory/2280-161-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x000500000001942f-171.dat	upx
behavioral1/files/0x0005000000019403-169.dat	upx
behavioral1/memory/2688-174-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x00050000000194d8-187.dat	upx
behavioral1/memory/2172-189-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2204-289-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0005000000019539-196.dat	upx
behavioral1/files/0x0005000000019441-179.dat	upx
behavioral1/files/0x000500000001947e-184.dat	upx
behavioral1/memory/1156-412-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2968-3256-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2508-3261-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2332-3291-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/768-3332-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2200-3337-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2868-3533-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2932-3532-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2864-3547-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lokbjCG.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnkCKQF.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpqRyzv.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOSMwjz.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRvuoQS.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIStDSH.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntvGxSA.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkNTmAf.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akXysXd.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBzrkEB.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVipHlp.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMATAgp.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCkleWZ.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmibPrk.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJgfQyQ.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abpYYwA.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfiKnta.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVUotfJ.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvbQIzL.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIfNNPZ.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzRhiqT.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIoAowD.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GymBNya.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sToWXpp.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZVyPQRA.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSeJLtA.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOdNLnR.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmZYmxM.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhgloAi.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxexAtE.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpROErR.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLKzjSS.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKidKuL.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MaOdDGh.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISaFxeT.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aExnJSU.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWFZJKS.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUddhni.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoxIeVm.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucGBbDP.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhxuDhI.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAldslF.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdQMvHP.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWNPgeo.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpdRcMW.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyNKwNv.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJLBGZF.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdYUiyO.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNCILid.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBWGLKr.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PysVSPA.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJpFaUr.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrjtnUa.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVCGmSm.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcPtqSW.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUovfXE.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYCMZuo.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMaxMsv.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rezFdkj.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkCtbiC.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjVfYRW.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTKvqqR.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CruyHfW.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHYsnTi.exe	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2332	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 2332	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 2332	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 2968	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 2968	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 2968	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 768	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 768	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 768	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 2508	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2508	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2508	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2200	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2200	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2200	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2868	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2868	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2868	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2864	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2864	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2864	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2932	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2932	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2932	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2688	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2688	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2688	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2748	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2748	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2748	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2172	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2172	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2172	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2280	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 2280	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 2280	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 2204	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 2204	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 2204	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 1156	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 1156	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 1156	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 1680	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1680	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1680	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 2324	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 2324	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 2324	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1936	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 1936	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 1936	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 2468	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 2468	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 2468	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 2548	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 2548	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 2548	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 1940	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 1940	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 1940	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 1976	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 1976	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 1976	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 288	1928	2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-15_10959176800da8d1f1e66fcbb8146e84_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\System\mTdRvnh.exe
  C:\Windows\System\mTdRvnh.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\oIvaJzY.exe
  C:\Windows\System\oIvaJzY.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\TPmxMQk.exe
  C:\Windows\System\TPmxMQk.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\zuCGHgp.exe
  C:\Windows\System\zuCGHgp.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\XpHybih.exe
  C:\Windows\System\XpHybih.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\ohdpFSo.exe
  C:\Windows\System\ohdpFSo.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\VfLrxTk.exe
  C:\Windows\System\VfLrxTk.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\czDBIUi.exe
  C:\Windows\System\czDBIUi.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ctTEfbg.exe
  C:\Windows\System\ctTEfbg.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\zhvOcMv.exe
  C:\Windows\System\zhvOcMv.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\ucGBbDP.exe
  C:\Windows\System\ucGBbDP.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\uEfIgMe.exe
  C:\Windows\System\uEfIgMe.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\rlQtNJq.exe
  C:\Windows\System\rlQtNJq.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\DwTQLzn.exe
  C:\Windows\System\DwTQLzn.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\bRElnKM.exe
  C:\Windows\System\bRElnKM.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\pYmChPZ.exe
  C:\Windows\System\pYmChPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\aJgfQyQ.exe
  C:\Windows\System\aJgfQyQ.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\afArSBp.exe
  C:\Windows\System\afArSBp.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\mitSiwH.exe
  C:\Windows\System\mitSiwH.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\KMzHWDP.exe
  C:\Windows\System\KMzHWDP.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\WekXrLR.exe
  C:\Windows\System\WekXrLR.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\LcDTDFh.exe
  C:\Windows\System\LcDTDFh.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\QryPeRJ.exe
  C:\Windows\System\QryPeRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\TbrUhPq.exe
  C:\Windows\System\TbrUhPq.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\HjkNydT.exe
  C:\Windows\System\HjkNydT.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\KSNcPLv.exe
  C:\Windows\System\KSNcPLv.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\yCetIPD.exe
  C:\Windows\System\yCetIPD.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\xuELkCs.exe
  C:\Windows\System\xuELkCs.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\glODJuw.exe
  C:\Windows\System\glODJuw.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\sWHpnLt.exe
  C:\Windows\System\sWHpnLt.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\GlqJsyq.exe
  C:\Windows\System\GlqJsyq.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\qArImHW.exe
  C:\Windows\System\qArImHW.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\jvjyfsC.exe
  C:\Windows\System\jvjyfsC.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\tgkILel.exe
  C:\Windows\System\tgkILel.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\FCWiqBj.exe
  C:\Windows\System\FCWiqBj.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\FZHnNjm.exe
  C:\Windows\System\FZHnNjm.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\GOphOaE.exe
  C:\Windows\System\GOphOaE.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\mrtyvlE.exe
  C:\Windows\System\mrtyvlE.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\FSeJLtA.exe
  C:\Windows\System\FSeJLtA.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\OtAjANt.exe
  C:\Windows\System\OtAjANt.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\zaNcbeA.exe
  C:\Windows\System\zaNcbeA.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\QHwkUGZ.exe
  C:\Windows\System\QHwkUGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\DFWHBIP.exe
  C:\Windows\System\DFWHBIP.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\JdoKNML.exe
  C:\Windows\System\JdoKNML.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\UcYuHaS.exe
  C:\Windows\System\UcYuHaS.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\XWFZJKS.exe
  C:\Windows\System\XWFZJKS.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\XQYQPAp.exe
  C:\Windows\System\XQYQPAp.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\HJnSzhq.exe
  C:\Windows\System\HJnSzhq.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\ZcZQYwz.exe
  C:\Windows\System\ZcZQYwz.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\WHoPpMo.exe
  C:\Windows\System\WHoPpMo.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\wnwOebX.exe
  C:\Windows\System\wnwOebX.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\olTRgDb.exe
  C:\Windows\System\olTRgDb.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\QJLBGZF.exe
  C:\Windows\System\QJLBGZF.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\QOxstpX.exe
  C:\Windows\System\QOxstpX.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ncfMAaX.exe
  C:\Windows\System\ncfMAaX.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\ZiyxjVa.exe
  C:\Windows\System\ZiyxjVa.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\KNOoZVj.exe
  C:\Windows\System\KNOoZVj.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\FBZgCLB.exe
  C:\Windows\System\FBZgCLB.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\VoKiSWq.exe
  C:\Windows\System\VoKiSWq.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\tEipjDV.exe
  C:\Windows\System\tEipjDV.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\JYQWgHl.exe
  C:\Windows\System\JYQWgHl.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\PrlwhRi.exe
  C:\Windows\System\PrlwhRi.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\twUUNtU.exe
  C:\Windows\System\twUUNtU.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\fmuYYTw.exe
  C:\Windows\System\fmuYYTw.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\WckgLUr.exe
  C:\Windows\System\WckgLUr.exe
  2⤵
  PID:2024
- C:\Windows\System\xvbQIzL.exe
  C:\Windows\System\xvbQIzL.exe
  2⤵
  PID:2004
- C:\Windows\System\HITczVU.exe
  C:\Windows\System\HITczVU.exe
  2⤵
  PID:2928
- C:\Windows\System\OvDGfjw.exe
  C:\Windows\System\OvDGfjw.exe
  2⤵
  PID:316
- C:\Windows\System\IgGcXIm.exe
  C:\Windows\System\IgGcXIm.exe
  2⤵
  PID:464
- C:\Windows\System\rHezhzg.exe
  C:\Windows\System\rHezhzg.exe
  2⤵
  PID:2800
- C:\Windows\System\itZbElP.exe
  C:\Windows\System\itZbElP.exe
  2⤵
  PID:2268
- C:\Windows\System\mwMhugm.exe
  C:\Windows\System\mwMhugm.exe
  2⤵
  PID:2544
- C:\Windows\System\JCNhSAV.exe
  C:\Windows\System\JCNhSAV.exe
  2⤵
  PID:2640
- C:\Windows\System\ukWELhc.exe
  C:\Windows\System\ukWELhc.exe
  2⤵
  PID:1060
- C:\Windows\System\gXteRyl.exe
  C:\Windows\System\gXteRyl.exe
  2⤵
  PID:1684
- C:\Windows\System\lbiYyhP.exe
  C:\Windows\System\lbiYyhP.exe
  2⤵
  PID:2764
- C:\Windows\System\pGEjrRU.exe
  C:\Windows\System\pGEjrRU.exe
  2⤵
  PID:1288
- C:\Windows\System\ySeDZka.exe
  C:\Windows\System\ySeDZka.exe
  2⤵
  PID:2044
- C:\Windows\System\TiMtiqs.exe
  C:\Windows\System\TiMtiqs.exe
  2⤵
  PID:1660
- C:\Windows\System\fJLxsLw.exe
  C:\Windows\System\fJLxsLw.exe
  2⤵
  PID:1904
- C:\Windows\System\lkKAyuY.exe
  C:\Windows\System\lkKAyuY.exe
  2⤵
  PID:1632
- C:\Windows\System\ocSLJdF.exe
  C:\Windows\System\ocSLJdF.exe
  2⤵
  PID:1804
- C:\Windows\System\YQGejTh.exe
  C:\Windows\System\YQGejTh.exe
  2⤵
  PID:1276
- C:\Windows\System\yZFHxft.exe
  C:\Windows\System\yZFHxft.exe
  2⤵
  PID:1744
- C:\Windows\System\ofMGyoS.exe
  C:\Windows\System\ofMGyoS.exe
  2⤵
  PID:1592
- C:\Windows\System\BFjAdBj.exe
  C:\Windows\System\BFjAdBj.exe
  2⤵
  PID:2296
- C:\Windows\System\lRQjoPD.exe
  C:\Windows\System\lRQjoPD.exe
  2⤵
  PID:1520
- C:\Windows\System\CruyHfW.exe
  C:\Windows\System\CruyHfW.exe
  2⤵
  PID:1868
- C:\Windows\System\rDSwnCH.exe
  C:\Windows\System\rDSwnCH.exe
  2⤵
  PID:1508
- C:\Windows\System\UCmZfxN.exe
  C:\Windows\System\UCmZfxN.exe
  2⤵
  PID:2460
- C:\Windows\System\OSEZnYS.exe
  C:\Windows\System\OSEZnYS.exe
  2⤵
  PID:1072
- C:\Windows\System\RUIqUbU.exe
  C:\Windows\System\RUIqUbU.exe
  2⤵
  PID:3020
- C:\Windows\System\YEkoXdz.exe
  C:\Windows\System\YEkoXdz.exe
  2⤵
  PID:2420
- C:\Windows\System\PYPXLQb.exe
  C:\Windows\System\PYPXLQb.exe
  2⤵
  PID:3044
- C:\Windows\System\yZMoNKI.exe
  C:\Windows\System\yZMoNKI.exe
  2⤵
  PID:1764
- C:\Windows\System\kvMpQeU.exe
  C:\Windows\System\kvMpQeU.exe
  2⤵
  PID:740
- C:\Windows\System\KfzjMOu.exe
  C:\Windows\System\KfzjMOu.exe
  2⤵
  PID:1676
- C:\Windows\System\TjSVkHj.exe
  C:\Windows\System\TjSVkHj.exe
  2⤵
  PID:2472
- C:\Windows\System\VcdkXFx.exe
  C:\Windows\System\VcdkXFx.exe
  2⤵
  PID:2504
- C:\Windows\System\AGsyOvS.exe
  C:\Windows\System\AGsyOvS.exe
  2⤵
  PID:2012
- C:\Windows\System\aoHvuUe.exe
  C:\Windows\System\aoHvuUe.exe
  2⤵
  PID:2252
- C:\Windows\System\htKqETC.exe
  C:\Windows\System\htKqETC.exe
  2⤵
  PID:2804
- C:\Windows\System\pKuKVWn.exe
  C:\Windows\System\pKuKVWn.exe
  2⤵
  PID:532
- C:\Windows\System\EfOeUjP.exe
  C:\Windows\System\EfOeUjP.exe
  2⤵
  PID:2600
- C:\Windows\System\moxcyuA.exe
  C:\Windows\System\moxcyuA.exe
  2⤵
  PID:3068
- C:\Windows\System\GReeWbf.exe
  C:\Windows\System\GReeWbf.exe
  2⤵
  PID:3052
- C:\Windows\System\rXcVTTx.exe
  C:\Windows\System\rXcVTTx.exe
  2⤵
  PID:1916
- C:\Windows\System\vGKZCfn.exe
  C:\Windows\System\vGKZCfn.exe
  2⤵
  PID:2000
- C:\Windows\System\ztePzPW.exe
  C:\Windows\System\ztePzPW.exe
  2⤵
  PID:2408
- C:\Windows\System\UlbEyZA.exe
  C:\Windows\System\UlbEyZA.exe
  2⤵
  PID:1856
- C:\Windows\System\UEMKcsb.exe
  C:\Windows\System\UEMKcsb.exe
  2⤵
  PID:1720
- C:\Windows\System\QAMbmNi.exe
  C:\Windows\System\QAMbmNi.exe
  2⤵
  PID:2956
- C:\Windows\System\cczPzZd.exe
  C:\Windows\System\cczPzZd.exe
  2⤵
  PID:2648
- C:\Windows\System\hqzDCKG.exe
  C:\Windows\System\hqzDCKG.exe
  2⤵
  PID:1696
- C:\Windows\System\kuXBFQU.exe
  C:\Windows\System\kuXBFQU.exe
  2⤵
  PID:1236
- C:\Windows\System\cqGAgwr.exe
  C:\Windows\System\cqGAgwr.exe
  2⤵
  PID:2616
- C:\Windows\System\dJSxSaL.exe
  C:\Windows\System\dJSxSaL.exe
  2⤵
  PID:2844
- C:\Windows\System\WHSDIqn.exe
  C:\Windows\System\WHSDIqn.exe
  2⤵
  PID:1848
- C:\Windows\System\OcsMxfp.exe
  C:\Windows\System\OcsMxfp.exe
  2⤵
  PID:1068
- C:\Windows\System\VDmWbXd.exe
  C:\Windows\System\VDmWbXd.exe
  2⤵
  PID:736
- C:\Windows\System\tLvgNtu.exe
  C:\Windows\System\tLvgNtu.exe
  2⤵
  PID:1640
- C:\Windows\System\ODmnaFM.exe
  C:\Windows\System\ODmnaFM.exe
  2⤵
  PID:2156
- C:\Windows\System\QrHPtqC.exe
  C:\Windows\System\QrHPtqC.exe
  2⤵
  PID:2432
- C:\Windows\System\zUQYuDo.exe
  C:\Windows\System\zUQYuDo.exe
  2⤵
  PID:1468
- C:\Windows\System\pRvuoQS.exe
  C:\Windows\System\pRvuoQS.exe
  2⤵
  PID:2244
- C:\Windows\System\ESzTYAL.exe
  C:\Windows\System\ESzTYAL.exe
  2⤵
  PID:1808
- C:\Windows\System\BXXBfBk.exe
  C:\Windows\System\BXXBfBk.exe
  2⤵
  PID:308
- C:\Windows\System\AhzeiGD.exe
  C:\Windows\System\AhzeiGD.exe
  2⤵
  PID:2340
- C:\Windows\System\xIMnmCh.exe
  C:\Windows\System\xIMnmCh.exe
  2⤵
  PID:2236
- C:\Windows\System\RrWUTHv.exe
  C:\Windows\System\RrWUTHv.exe
  2⤵
  PID:1932
- C:\Windows\System\IzzyCHt.exe
  C:\Windows\System\IzzyCHt.exe
  2⤵
  PID:2736
- C:\Windows\System\ZDoDdcS.exe
  C:\Windows\System\ZDoDdcS.exe
  2⤵
  PID:1628
- C:\Windows\System\jpoIjeV.exe
  C:\Windows\System\jpoIjeV.exe
  2⤵
  PID:1516
- C:\Windows\System\Bptqzmg.exe
  C:\Windows\System\Bptqzmg.exe
  2⤵
  PID:2676
- C:\Windows\System\wHQFxgO.exe
  C:\Windows\System\wHQFxgO.exe
  2⤵
  PID:2832
- C:\Windows\System\NHsCYbi.exe
  C:\Windows\System\NHsCYbi.exe
  2⤵
  PID:2912
- C:\Windows\System\ymoCfPF.exe
  C:\Windows\System\ymoCfPF.exe
  2⤵
  PID:1968
- C:\Windows\System\IYEoepK.exe
  C:\Windows\System\IYEoepK.exe
  2⤵
  PID:2248
- C:\Windows\System\HAYpYqX.exe
  C:\Windows\System\HAYpYqX.exe
  2⤵
  PID:800
- C:\Windows\System\htTXJHn.exe
  C:\Windows\System\htTXJHn.exe
  2⤵
  PID:2880
- C:\Windows\System\Jfocygj.exe
  C:\Windows\System\Jfocygj.exe
  2⤵
  PID:2396
- C:\Windows\System\FnLvBiL.exe
  C:\Windows\System\FnLvBiL.exe
  2⤵
  PID:1616
- C:\Windows\System\wuwKETQ.exe
  C:\Windows\System\wuwKETQ.exe
  2⤵
  PID:3024
- C:\Windows\System\WPrbsPk.exe
  C:\Windows\System\WPrbsPk.exe
  2⤵
  PID:2288
- C:\Windows\System\PfxBSMw.exe
  C:\Windows\System\PfxBSMw.exe
  2⤵
  PID:2524
- C:\Windows\System\hwTyMIR.exe
  C:\Windows\System\hwTyMIR.exe
  2⤵
  PID:2392
- C:\Windows\System\hMCIAWt.exe
  C:\Windows\System\hMCIAWt.exe
  2⤵
  PID:1472
- C:\Windows\System\aXvEKlv.exe
  C:\Windows\System\aXvEKlv.exe
  2⤵
  PID:1040
- C:\Windows\System\MDzvllU.exe
  C:\Windows\System\MDzvllU.exe
  2⤵
  PID:2260
- C:\Windows\System\SJpltPh.exe
  C:\Windows\System\SJpltPh.exe
  2⤵
  PID:2664
- C:\Windows\System\bWcHzjU.exe
  C:\Windows\System\bWcHzjU.exe
  2⤵
  PID:2116
- C:\Windows\System\ApQbpyv.exe
  C:\Windows\System\ApQbpyv.exe
  2⤵
  PID:2760
- C:\Windows\System\gsqkDiK.exe
  C:\Windows\System\gsqkDiK.exe
  2⤵
  PID:2824
- C:\Windows\System\Unnlzvp.exe
  C:\Windows\System\Unnlzvp.exe
  2⤵
  PID:1964
- C:\Windows\System\IfVIzwy.exe
  C:\Windows\System\IfVIzwy.exe
  2⤵
  PID:904
- C:\Windows\System\AXgFeCK.exe
  C:\Windows\System\AXgFeCK.exe
  2⤵
  PID:2828
- C:\Windows\System\NFFPyUW.exe
  C:\Windows\System\NFFPyUW.exe
  2⤵
  PID:2196
- C:\Windows\System\ChoytOD.exe
  C:\Windows\System\ChoytOD.exe
  2⤵
  PID:976
- C:\Windows\System\GPMHhjd.exe
  C:\Windows\System\GPMHhjd.exe
  2⤵
  PID:2756
- C:\Windows\System\EsVsbZM.exe
  C:\Windows\System\EsVsbZM.exe
  2⤵
  PID:2788
- C:\Windows\System\mLnIMBh.exe
  C:\Windows\System\mLnIMBh.exe
  2⤵
  PID:2776
- C:\Windows\System\zkbYVZy.exe
  C:\Windows\System\zkbYVZy.exe
  2⤵
  PID:2372
- C:\Windows\System\bIfNNPZ.exe
  C:\Windows\System\bIfNNPZ.exe
  2⤵
  PID:2816
- C:\Windows\System\vTfZUoa.exe
  C:\Windows\System\vTfZUoa.exe
  2⤵
  PID:1376
- C:\Windows\System\ETRdCGW.exe
  C:\Windows\System\ETRdCGW.exe
  2⤵
  PID:2604
- C:\Windows\System\wCtIfnH.exe
  C:\Windows\System\wCtIfnH.exe
  2⤵
  PID:1924
- C:\Windows\System\EpMzBkt.exe
  C:\Windows\System\EpMzBkt.exe
  2⤵
  PID:1588
- C:\Windows\System\lywfEgz.exe
  C:\Windows\System\lywfEgz.exe
  2⤵
  PID:3000
- C:\Windows\System\VDzKKsY.exe
  C:\Windows\System\VDzKKsY.exe
  2⤵
  PID:1692
- C:\Windows\System\nYvkyzV.exe
  C:\Windows\System\nYvkyzV.exe
  2⤵
  PID:3084
- C:\Windows\System\iCGuSKY.exe
  C:\Windows\System\iCGuSKY.exe
  2⤵
  PID:3100
- C:\Windows\System\gKhmNdK.exe
  C:\Windows\System\gKhmNdK.exe
  2⤵
  PID:3116
- C:\Windows\System\cMOLDMQ.exe
  C:\Windows\System\cMOLDMQ.exe
  2⤵
  PID:3132
- C:\Windows\System\lYmdROB.exe
  C:\Windows\System\lYmdROB.exe
  2⤵
  PID:3148
- C:\Windows\System\BMxiuzY.exe
  C:\Windows\System\BMxiuzY.exe
  2⤵
  PID:3164
- C:\Windows\System\rezFdkj.exe
  C:\Windows\System\rezFdkj.exe
  2⤵
  PID:3188
- C:\Windows\System\unnPMjK.exe
  C:\Windows\System\unnPMjK.exe
  2⤵
  PID:3244
- C:\Windows\System\XayhnoJ.exe
  C:\Windows\System\XayhnoJ.exe
  2⤵
  PID:3260
- C:\Windows\System\NvsTYha.exe
  C:\Windows\System\NvsTYha.exe
  2⤵
  PID:3308
- C:\Windows\System\YkVHCPa.exe
  C:\Windows\System\YkVHCPa.exe
  2⤵
  PID:3324
- C:\Windows\System\UrxMljp.exe
  C:\Windows\System\UrxMljp.exe
  2⤵
  PID:3348
- C:\Windows\System\HsULhVu.exe
  C:\Windows\System\HsULhVu.exe
  2⤵
  PID:3372
- C:\Windows\System\CkCtbiC.exe
  C:\Windows\System\CkCtbiC.exe
  2⤵
  PID:3388
- C:\Windows\System\TSaaXMQ.exe
  C:\Windows\System\TSaaXMQ.exe
  2⤵
  PID:3408
- C:\Windows\System\MFpFsLt.exe
  C:\Windows\System\MFpFsLt.exe
  2⤵
  PID:3428
- C:\Windows\System\SbrUOeE.exe
  C:\Windows\System\SbrUOeE.exe
  2⤵
  PID:3444
- C:\Windows\System\hvQgpOm.exe
  C:\Windows\System\hvQgpOm.exe
  2⤵
  PID:3464
- C:\Windows\System\BocUoRy.exe
  C:\Windows\System\BocUoRy.exe
  2⤵
  PID:3480
- C:\Windows\System\ovCohRM.exe
  C:\Windows\System\ovCohRM.exe
  2⤵
  PID:3496
- C:\Windows\System\dweueST.exe
  C:\Windows\System\dweueST.exe
  2⤵
  PID:3516
- C:\Windows\System\ZqkqjzS.exe
  C:\Windows\System\ZqkqjzS.exe
  2⤵
  PID:3532
- C:\Windows\System\XIDqxRn.exe
  C:\Windows\System\XIDqxRn.exe
  2⤵
  PID:3552
- C:\Windows\System\lokbjCG.exe
  C:\Windows\System\lokbjCG.exe
  2⤵
  PID:3568
- C:\Windows\System\aowWeqk.exe
  C:\Windows\System\aowWeqk.exe
  2⤵
  PID:3600
- C:\Windows\System\vjPKmzQ.exe
  C:\Windows\System\vjPKmzQ.exe
  2⤵
  PID:3616
- C:\Windows\System\IYvEcCq.exe
  C:\Windows\System\IYvEcCq.exe
  2⤵
  PID:3632
- C:\Windows\System\pHxbbQN.exe
  C:\Windows\System\pHxbbQN.exe
  2⤵
  PID:3648
- C:\Windows\System\sSgOEqb.exe
  C:\Windows\System\sSgOEqb.exe
  2⤵
  PID:3668
- C:\Windows\System\elViQtw.exe
  C:\Windows\System\elViQtw.exe
  2⤵
  PID:3704
- C:\Windows\System\bznziqw.exe
  C:\Windows\System\bznziqw.exe
  2⤵
  PID:3728
- C:\Windows\System\KeNgWfp.exe
  C:\Windows\System\KeNgWfp.exe
  2⤵
  PID:3752
- C:\Windows\System\UjdfNFV.exe
  C:\Windows\System\UjdfNFV.exe
  2⤵
  PID:3768
- C:\Windows\System\kKZfqhj.exe
  C:\Windows\System\kKZfqhj.exe
  2⤵
  PID:3784
- C:\Windows\System\tPssnjS.exe
  C:\Windows\System\tPssnjS.exe
  2⤵
  PID:3800
- C:\Windows\System\IvyjoHo.exe
  C:\Windows\System\IvyjoHo.exe
  2⤵
  PID:3820
- C:\Windows\System\cfkgDNg.exe
  C:\Windows\System\cfkgDNg.exe
  2⤵
  PID:3840
- C:\Windows\System\dxyAQLC.exe
  C:\Windows\System\dxyAQLC.exe
  2⤵
  PID:3856
- C:\Windows\System\cbaPrix.exe
  C:\Windows\System\cbaPrix.exe
  2⤵
  PID:3876
- C:\Windows\System\WyBvlbC.exe
  C:\Windows\System\WyBvlbC.exe
  2⤵
  PID:3904
- C:\Windows\System\UFrjjAb.exe
  C:\Windows\System\UFrjjAb.exe
  2⤵
  PID:3924
- C:\Windows\System\IKlpNJt.exe
  C:\Windows\System\IKlpNJt.exe
  2⤵
  PID:3940
- C:\Windows\System\ugHRxtX.exe
  C:\Windows\System\ugHRxtX.exe
  2⤵
  PID:3956
- C:\Windows\System\intsZJj.exe
  C:\Windows\System\intsZJj.exe
  2⤵
  PID:3972
- C:\Windows\System\YOznbnC.exe
  C:\Windows\System\YOznbnC.exe
  2⤵
  PID:3988
- C:\Windows\System\IYQkZgJ.exe
  C:\Windows\System\IYQkZgJ.exe
  2⤵
  PID:4012
- C:\Windows\System\zlcWjCd.exe
  C:\Windows\System\zlcWjCd.exe
  2⤵
  PID:4028
- C:\Windows\System\VACtRCc.exe
  C:\Windows\System\VACtRCc.exe
  2⤵
  PID:4044
- C:\Windows\System\ydmjDkt.exe
  C:\Windows\System\ydmjDkt.exe
  2⤵
  PID:4060
- C:\Windows\System\saZKWID.exe
  C:\Windows\System\saZKWID.exe
  2⤵
  PID:4076
- C:\Windows\System\kUqpPXM.exe
  C:\Windows\System\kUqpPXM.exe
  2⤵
  PID:3040
- C:\Windows\System\xUddhni.exe
  C:\Windows\System\xUddhni.exe
  2⤵
  PID:2580
- C:\Windows\System\dVCGmSm.exe
  C:\Windows\System\dVCGmSm.exe
  2⤵
  PID:3112
- C:\Windows\System\CipzKyd.exe
  C:\Windows\System\CipzKyd.exe
  2⤵
  PID:2008
- C:\Windows\System\CKRKxLM.exe
  C:\Windows\System\CKRKxLM.exe
  2⤵
  PID:3124
- C:\Windows\System\FDsKSGf.exe
  C:\Windows\System\FDsKSGf.exe
  2⤵
  PID:1880
- C:\Windows\System\RnDyjGK.exe
  C:\Windows\System\RnDyjGK.exe
  2⤵
  PID:3200
- C:\Windows\System\MtTNWiC.exe
  C:\Windows\System\MtTNWiC.exe
  2⤵
  PID:3224
- C:\Windows\System\aXKwFzc.exe
  C:\Windows\System\aXKwFzc.exe
  2⤵
  PID:3268
- C:\Windows\System\hMeNHsK.exe
  C:\Windows\System\hMeNHsK.exe
  2⤵
  PID:3288
- C:\Windows\System\iAdiFkM.exe
  C:\Windows\System\iAdiFkM.exe
  2⤵
  PID:3304
- C:\Windows\System\MVjZHfj.exe
  C:\Windows\System\MVjZHfj.exe
  2⤵
  PID:3332
- C:\Windows\System\oXMDcFn.exe
  C:\Windows\System\oXMDcFn.exe
  2⤵
  PID:3336
- C:\Windows\System\rJKIgPH.exe
  C:\Windows\System\rJKIgPH.exe
  2⤵
  PID:3380
- C:\Windows\System\KVUotfJ.exe
  C:\Windows\System\KVUotfJ.exe
  2⤵
  PID:3400
- C:\Windows\System\GjLZRNs.exe
  C:\Windows\System\GjLZRNs.exe
  2⤵
  PID:3436
- C:\Windows\System\qaBjpYx.exe
  C:\Windows\System\qaBjpYx.exe
  2⤵
  PID:3488
- C:\Windows\System\skSacND.exe
  C:\Windows\System\skSacND.exe
  2⤵
  PID:3560
- C:\Windows\System\SKWNWoF.exe
  C:\Windows\System\SKWNWoF.exe
  2⤵
  PID:3508
- C:\Windows\System\irDhrvg.exe
  C:\Windows\System\irDhrvg.exe
  2⤵
  PID:3592
- C:\Windows\System\vAKbpMY.exe
  C:\Windows\System\vAKbpMY.exe
  2⤵
  PID:3576
- C:\Windows\System\RJvPkwC.exe
  C:\Windows\System\RJvPkwC.exe
  2⤵
  PID:3644
- C:\Windows\System\XIjuJVd.exe
  C:\Windows\System\XIjuJVd.exe
  2⤵
  PID:3656
- C:\Windows\System\lGxDDBJ.exe
  C:\Windows\System\lGxDDBJ.exe
  2⤵
  PID:3740
- C:\Windows\System\opSvnjk.exe
  C:\Windows\System\opSvnjk.exe
  2⤵
  PID:3776
- C:\Windows\System\pHfWMTd.exe
  C:\Windows\System\pHfWMTd.exe
  2⤵
  PID:3816
- C:\Windows\System\JkPLUZo.exe
  C:\Windows\System\JkPLUZo.exe
  2⤵
  PID:3892
- C:\Windows\System\SvNeYaC.exe
  C:\Windows\System\SvNeYaC.exe
  2⤵
  PID:3888
- C:\Windows\System\fKYQrdp.exe
  C:\Windows\System\fKYQrdp.exe
  2⤵
  PID:3792
- C:\Windows\System\fXImpvv.exe
  C:\Windows\System\fXImpvv.exe
  2⤵
  PID:3836
- C:\Windows\System\XpOHGzh.exe
  C:\Windows\System\XpOHGzh.exe
  2⤵
  PID:3916
- C:\Windows\System\IQULkyE.exe
  C:\Windows\System\IQULkyE.exe
  2⤵
  PID:4040
- C:\Windows\System\fgwoXQo.exe
  C:\Windows\System\fgwoXQo.exe
  2⤵
  PID:3144
- C:\Windows\System\pKEGFlP.exe
  C:\Windows\System\pKEGFlP.exe
  2⤵
  PID:3920
- C:\Windows\System\uPvWREK.exe
  C:\Windows\System\uPvWREK.exe
  2⤵
  PID:3980
- C:\Windows\System\ZYNIpDY.exe
  C:\Windows\System\ZYNIpDY.exe
  2⤵
  PID:4056
- C:\Windows\System\lCTVjHw.exe
  C:\Windows\System\lCTVjHw.exe
  2⤵
  PID:3108
- C:\Windows\System\QsiPKEa.exe
  C:\Windows\System\QsiPKEa.exe
  2⤵
  PID:944
- C:\Windows\System\dsWsCBj.exe
  C:\Windows\System\dsWsCBj.exe
  2⤵
  PID:3184
- C:\Windows\System\JRxFRQL.exe
  C:\Windows\System\JRxFRQL.exe
  2⤵
  PID:3212
- C:\Windows\System\zoPyuea.exe
  C:\Windows\System\zoPyuea.exe
  2⤵
  PID:3284
- C:\Windows\System\EzeIAlJ.exe
  C:\Windows\System\EzeIAlJ.exe
  2⤵
  PID:3300
- C:\Windows\System\HnkCKQF.exe
  C:\Windows\System\HnkCKQF.exe
  2⤵
  PID:3364
- C:\Windows\System\DOmpefd.exe
  C:\Windows\System\DOmpefd.exe
  2⤵
  PID:3424
- C:\Windows\System\DIJiwxn.exe
  C:\Windows\System\DIJiwxn.exe
  2⤵
  PID:3588
- C:\Windows\System\PWGOcNv.exe
  C:\Windows\System\PWGOcNv.exe
  2⤵
  PID:3512
- C:\Windows\System\qXhYYBZ.exe
  C:\Windows\System\qXhYYBZ.exe
  2⤵
  PID:3456
- C:\Windows\System\Iiaoxfo.exe
  C:\Windows\System\Iiaoxfo.exe
  2⤵
  PID:3688
- C:\Windows\System\lBzxvVQ.exe
  C:\Windows\System\lBzxvVQ.exe
  2⤵
  PID:3580
- C:\Windows\System\sQglnxF.exe
  C:\Windows\System\sQglnxF.exe
  2⤵
  PID:3712
- C:\Windows\System\DMjtbvb.exe
  C:\Windows\System\DMjtbvb.exe
  2⤵
  PID:3812
- C:\Windows\System\KFpyZoI.exe
  C:\Windows\System\KFpyZoI.exe
  2⤵
  PID:600
- C:\Windows\System\gJoJChP.exe
  C:\Windows\System\gJoJChP.exe
  2⤵
  PID:3912
- C:\Windows\System\QdWiZkg.exe
  C:\Windows\System\QdWiZkg.exe
  2⤵
  PID:1960
- C:\Windows\System\hwWrjHB.exe
  C:\Windows\System\hwWrjHB.exe
  2⤵
  PID:3872
- C:\Windows\System\VKLRDfr.exe
  C:\Windows\System\VKLRDfr.exe
  2⤵
  PID:2592
- C:\Windows\System\aFdTfWD.exe
  C:\Windows\System\aFdTfWD.exe
  2⤵
  PID:3936
- C:\Windows\System\SWSfIxL.exe
  C:\Windows\System\SWSfIxL.exe
  2⤵
  PID:2320
- C:\Windows\System\GibCPct.exe
  C:\Windows\System\GibCPct.exe
  2⤵
  PID:1708
- C:\Windows\System\iVGmBrN.exe
  C:\Windows\System\iVGmBrN.exe
  2⤵
  PID:1884
- C:\Windows\System\ISYoucU.exe
  C:\Windows\System\ISYoucU.exe
  2⤵
  PID:3440
- C:\Windows\System\mXAjFpZ.exe
  C:\Windows\System\mXAjFpZ.exe
  2⤵
  PID:3640
- C:\Windows\System\TRVAfIv.exe
  C:\Windows\System\TRVAfIv.exe
  2⤵
  PID:3404
- C:\Windows\System\aSMCujp.exe
  C:\Windows\System\aSMCujp.exe
  2⤵
  PID:3356
- C:\Windows\System\cuVZdpF.exe
  C:\Windows\System\cuVZdpF.exe
  2⤵
  PID:3628
- C:\Windows\System\XhxuDhI.exe
  C:\Windows\System\XhxuDhI.exe
  2⤵
  PID:3828
- C:\Windows\System\kNByYQx.exe
  C:\Windows\System\kNByYQx.exe
  2⤵
  PID:4008
- C:\Windows\System\eIjDpOQ.exe
  C:\Windows\System\eIjDpOQ.exe
  2⤵
  PID:3076
- C:\Windows\System\LqECXBN.exe
  C:\Windows\System\LqECXBN.exe
  2⤵
  PID:4024
- C:\Windows\System\VSrhOgZ.exe
  C:\Windows\System\VSrhOgZ.exe
  2⤵
  PID:3952
- C:\Windows\System\qPBbgzb.exe
  C:\Windows\System\qPBbgzb.exe
  2⤵
  PID:3368
- C:\Windows\System\egrfzgg.exe
  C:\Windows\System\egrfzgg.exe
  2⤵
  PID:3476
- C:\Windows\System\GGaEUYm.exe
  C:\Windows\System\GGaEUYm.exe
  2⤵
  PID:1152
- C:\Windows\System\XzSELhf.exe
  C:\Windows\System\XzSELhf.exe
  2⤵
  PID:3280
- C:\Windows\System\tgiokKX.exe
  C:\Windows\System\tgiokKX.exe
  2⤵
  PID:3736
- C:\Windows\System\coXcMJL.exe
  C:\Windows\System\coXcMJL.exe
  2⤵
  PID:3948
- C:\Windows\System\dywxVec.exe
  C:\Windows\System\dywxVec.exe
  2⤵
  PID:3524
- C:\Windows\System\yGiOtQZ.exe
  C:\Windows\System\yGiOtQZ.exe
  2⤵
  PID:4112
- C:\Windows\System\vEbncDK.exe
  C:\Windows\System\vEbncDK.exe
  2⤵
  PID:4136
- C:\Windows\System\ROQzbLK.exe
  C:\Windows\System\ROQzbLK.exe
  2⤵
  PID:4152
- C:\Windows\System\QFGkMMD.exe
  C:\Windows\System\QFGkMMD.exe
  2⤵
  PID:4168
- C:\Windows\System\pyJbltC.exe
  C:\Windows\System\pyJbltC.exe
  2⤵
  PID:4184
- C:\Windows\System\PIPDFcE.exe
  C:\Windows\System\PIPDFcE.exe
  2⤵
  PID:4200
- C:\Windows\System\rqiqmlz.exe
  C:\Windows\System\rqiqmlz.exe
  2⤵
  PID:4220
- C:\Windows\System\qRwLcaH.exe
  C:\Windows\System\qRwLcaH.exe
  2⤵
  PID:4236
- C:\Windows\System\UMZARxN.exe
  C:\Windows\System\UMZARxN.exe
  2⤵
  PID:4260
- C:\Windows\System\VQcBqhX.exe
  C:\Windows\System\VQcBqhX.exe
  2⤵
  PID:4276
- C:\Windows\System\vmZmvpa.exe
  C:\Windows\System\vmZmvpa.exe
  2⤵
  PID:4344
- C:\Windows\System\hZYfppl.exe
  C:\Windows\System\hZYfppl.exe
  2⤵
  PID:4368
- C:\Windows\System\oErKMfp.exe
  C:\Windows\System\oErKMfp.exe
  2⤵
  PID:4392
- C:\Windows\System\vkHDlHa.exe
  C:\Windows\System\vkHDlHa.exe
  2⤵
  PID:4408
- C:\Windows\System\uGCMPQN.exe
  C:\Windows\System\uGCMPQN.exe
  2⤵
  PID:4424
- C:\Windows\System\aghlXKK.exe
  C:\Windows\System\aghlXKK.exe
  2⤵
  PID:4440
- C:\Windows\System\uANcwwA.exe
  C:\Windows\System\uANcwwA.exe
  2⤵
  PID:4456
- C:\Windows\System\CgUKrLz.exe
  C:\Windows\System\CgUKrLz.exe
  2⤵
  PID:4480
- C:\Windows\System\hrnMshW.exe
  C:\Windows\System\hrnMshW.exe
  2⤵
  PID:4496
- C:\Windows\System\tLWIZtg.exe
  C:\Windows\System\tLWIZtg.exe
  2⤵
  PID:4512
- C:\Windows\System\kzRhiqT.exe
  C:\Windows\System\kzRhiqT.exe
  2⤵
  PID:4528
- C:\Windows\System\fZUzvJM.exe
  C:\Windows\System\fZUzvJM.exe
  2⤵
  PID:4544
- C:\Windows\System\ZCovGcN.exe
  C:\Windows\System\ZCovGcN.exe
  2⤵
  PID:4560
- C:\Windows\System\kFZfqJe.exe
  C:\Windows\System\kFZfqJe.exe
  2⤵
  PID:4584
- C:\Windows\System\sragLLl.exe
  C:\Windows\System\sragLLl.exe
  2⤵
  PID:4628
- C:\Windows\System\DVqQesC.exe
  C:\Windows\System\DVqQesC.exe
  2⤵
  PID:4652
- C:\Windows\System\IlfDFkM.exe
  C:\Windows\System\IlfDFkM.exe
  2⤵
  PID:4668
- C:\Windows\System\CjgYaYe.exe
  C:\Windows\System\CjgYaYe.exe
  2⤵
  PID:4688
- C:\Windows\System\uFhUEqb.exe
  C:\Windows\System\uFhUEqb.exe
  2⤵
  PID:4704
- C:\Windows\System\qgqzTzu.exe
  C:\Windows\System\qgqzTzu.exe
  2⤵
  PID:4724
- C:\Windows\System\dqEgNXV.exe
  C:\Windows\System\dqEgNXV.exe
  2⤵
  PID:4740
- C:\Windows\System\NkqkmMf.exe
  C:\Windows\System\NkqkmMf.exe
  2⤵
  PID:4756
- C:\Windows\System\cRlpsxF.exe
  C:\Windows\System\cRlpsxF.exe
  2⤵
  PID:4772
- C:\Windows\System\OIoAowD.exe
  C:\Windows\System\OIoAowD.exe
  2⤵
  PID:4788
- C:\Windows\System\hMlTEpi.exe
  C:\Windows\System\hMlTEpi.exe
  2⤵
  PID:4812
- C:\Windows\System\NqnTpBd.exe
  C:\Windows\System\NqnTpBd.exe
  2⤵
  PID:4828
- C:\Windows\System\jWkiufn.exe
  C:\Windows\System\jWkiufn.exe
  2⤵
  PID:4844
- C:\Windows\System\KLTPlyy.exe
  C:\Windows\System\KLTPlyy.exe
  2⤵
  PID:4860
- C:\Windows\System\XEwNlCJ.exe
  C:\Windows\System\XEwNlCJ.exe
  2⤵
  PID:4904
- C:\Windows\System\WkNTmAf.exe
  C:\Windows\System\WkNTmAf.exe
  2⤵
  PID:4924
- C:\Windows\System\rTRVwLd.exe
  C:\Windows\System\rTRVwLd.exe
  2⤵
  PID:4956
- C:\Windows\System\QYUKzFR.exe
  C:\Windows\System\QYUKzFR.exe
  2⤵
  PID:4972
- C:\Windows\System\MjVfYRW.exe
  C:\Windows\System\MjVfYRW.exe
  2⤵
  PID:4988
- C:\Windows\System\HBraeRy.exe
  C:\Windows\System\HBraeRy.exe
  2⤵
  PID:5004
- C:\Windows\System\AaKNAFo.exe
  C:\Windows\System\AaKNAFo.exe
  2⤵
  PID:5024
- C:\Windows\System\sRwZtbg.exe
  C:\Windows\System\sRwZtbg.exe
  2⤵
  PID:5040
- C:\Windows\System\chdMfQc.exe
  C:\Windows\System\chdMfQc.exe
  2⤵
  PID:5056
- C:\Windows\System\AxbAgfc.exe
  C:\Windows\System\AxbAgfc.exe
  2⤵
  PID:5072
- C:\Windows\System\DrbtzJu.exe
  C:\Windows\System\DrbtzJu.exe
  2⤵
  PID:5096
- C:\Windows\System\dPPkkgS.exe
  C:\Windows\System\dPPkkgS.exe
  2⤵
  PID:5112
- C:\Windows\System\GkDBmiw.exe
  C:\Windows\System\GkDBmiw.exe
  2⤵
  PID:3504
- C:\Windows\System\EDOiGVV.exe
  C:\Windows\System\EDOiGVV.exe
  2⤵
  PID:4244
- C:\Windows\System\cTzFKLX.exe
  C:\Windows\System\cTzFKLX.exe
  2⤵
  PID:4284
- C:\Windows\System\rRpzZnS.exe
  C:\Windows\System\rRpzZnS.exe
  2⤵
  PID:3240
- C:\Windows\System\qGaYPkX.exe
  C:\Windows\System\qGaYPkX.exe
  2⤵
  PID:4296
- C:\Windows\System\RcCRSvg.exe
  C:\Windows\System\RcCRSvg.exe
  2⤵
  PID:4316
- C:\Windows\System\BJvJIYN.exe
  C:\Windows\System\BJvJIYN.exe
  2⤵
  PID:4332
- C:\Windows\System\wdwWSIZ.exe
  C:\Windows\System\wdwWSIZ.exe
  2⤵
  PID:3624
- C:\Windows\System\rMXYFuv.exe
  C:\Windows\System\rMXYFuv.exe
  2⤵
  PID:4380
- C:\Windows\System\FeEBtaG.exe
  C:\Windows\System\FeEBtaG.exe
  2⤵
  PID:4124
- C:\Windows\System\IctJMdO.exe
  C:\Windows\System\IctJMdO.exe
  2⤵
  PID:4192
- C:\Windows\System\sdYUiyO.exe
  C:\Windows\System\sdYUiyO.exe
  2⤵
  PID:4272
- C:\Windows\System\cicvOAX.exe
  C:\Windows\System\cicvOAX.exe
  2⤵
  PID:4356
- C:\Windows\System\MuzKFiD.exe
  C:\Windows\System\MuzKFiD.exe
  2⤵
  PID:3832
- C:\Windows\System\ZbnCsSO.exe
  C:\Windows\System\ZbnCsSO.exe
  2⤵
  PID:3968
- C:\Windows\System\iAWUsGI.exe
  C:\Windows\System\iAWUsGI.exe
  2⤵
  PID:4452
- C:\Windows\System\aGDAydw.exe
  C:\Windows\System\aGDAydw.exe
  2⤵
  PID:4556
- C:\Windows\System\fYByRSY.exe
  C:\Windows\System\fYByRSY.exe
  2⤵
  PID:4436
- C:\Windows\System\RdcveFD.exe
  C:\Windows\System\RdcveFD.exe
  2⤵
  PID:4476
- C:\Windows\System\MmyJGqW.exe
  C:\Windows\System\MmyJGqW.exe
  2⤵
  PID:4540
- C:\Windows\System\gNXHjwJ.exe
  C:\Windows\System\gNXHjwJ.exe
  2⤵
  PID:4404
- C:\Windows\System\fPRJsVz.exe
  C:\Windows\System\fPRJsVz.exe
  2⤵
  PID:4624
- C:\Windows\System\TZISxhb.exe
  C:\Windows\System\TZISxhb.exe
  2⤵
  PID:4640
- C:\Windows\System\VFoncaB.exe
  C:\Windows\System\VFoncaB.exe
  2⤵
  PID:4720
- C:\Windows\System\kgAIOJn.exe
  C:\Windows\System\kgAIOJn.exe
  2⤵
  PID:4736
- C:\Windows\System\Flismxu.exe
  C:\Windows\System\Flismxu.exe
  2⤵
  PID:4796
- C:\Windows\System\RHzBLjn.exe
  C:\Windows\System\RHzBLjn.exe
  2⤵
  PID:4836
- C:\Windows\System\xHpVYHm.exe
  C:\Windows\System\xHpVYHm.exe
  2⤵
  PID:4888
- C:\Windows\System\eoDyofY.exe
  C:\Windows\System\eoDyofY.exe
  2⤵
  PID:4932
- C:\Windows\System\fwOZcqN.exe
  C:\Windows\System\fwOZcqN.exe
  2⤵
  PID:4916
- C:\Windows\System\xGeqKjA.exe
  C:\Windows\System\xGeqKjA.exe
  2⤵
  PID:4952
- C:\Windows\System\EMSzvXy.exe
  C:\Windows\System\EMSzvXy.exe
  2⤵
  PID:5016
- C:\Windows\System\oQttYsu.exe
  C:\Windows\System\oQttYsu.exe
  2⤵
  PID:5088
- C:\Windows\System\fGpOAEA.exe
  C:\Windows\System\fGpOAEA.exe
  2⤵
  PID:4964
- C:\Windows\System\RCsIvtU.exe
  C:\Windows\System\RCsIvtU.exe
  2⤵
  PID:4252
- C:\Windows\System\guDIHDp.exe
  C:\Windows\System\guDIHDp.exe
  2⤵
  PID:4320
- C:\Windows\System\akXysXd.exe
  C:\Windows\System\akXysXd.exe
  2⤵
  PID:4384
- C:\Windows\System\uZbbcip.exe
  C:\Windows\System\uZbbcip.exe
  2⤵
  PID:3452
- C:\Windows\System\YOmimgT.exe
  C:\Windows\System\YOmimgT.exe
  2⤵
  PID:4212
- C:\Windows\System\iTGCBOj.exe
  C:\Windows\System\iTGCBOj.exe
  2⤵
  PID:4352
- C:\Windows\System\WCbvMfh.exe
  C:\Windows\System\WCbvMfh.exe
  2⤵
  PID:3664
- C:\Windows\System\uqWrkjY.exe
  C:\Windows\System\uqWrkjY.exe
  2⤵
  PID:4492
- C:\Windows\System\ikYixCL.exe
  C:\Windows\System\ikYixCL.exe
  2⤵
  PID:4636
- C:\Windows\System\RUMBKoP.exe
  C:\Windows\System\RUMBKoP.exe
  2⤵
  PID:4340
- C:\Windows\System\ovcbrVk.exe
  C:\Windows\System\ovcbrVk.exe
  2⤵
  PID:4228
- C:\Windows\System\RBWodmU.exe
  C:\Windows\System\RBWodmU.exe
  2⤵
  PID:3808
- C:\Windows\System\KEQtlKa.exe
  C:\Windows\System\KEQtlKa.exe
  2⤵
  PID:4604
- C:\Windows\System\YjqHPrJ.exe
  C:\Windows\System\YjqHPrJ.exe
  2⤵
  PID:4684
- C:\Windows\System\ZTYtbLZ.exe
  C:\Windows\System\ZTYtbLZ.exe
  2⤵
  PID:4780
- C:\Windows\System\RzcCRmK.exe
  C:\Windows\System\RzcCRmK.exe
  2⤵
  PID:4696
- C:\Windows\System\gaQlJVf.exe
  C:\Windows\System\gaQlJVf.exe
  2⤵
  PID:4868
- C:\Windows\System\aXQNRSs.exe
  C:\Windows\System\aXQNRSs.exe
  2⤵
  PID:4944
- C:\Windows\System\tqxonTo.exe
  C:\Windows\System\tqxonTo.exe
  2⤵
  PID:4984
- C:\Windows\System\KtajaqX.exe
  C:\Windows\System\KtajaqX.exe
  2⤵
  PID:4940
- C:\Windows\System\uoExInp.exe
  C:\Windows\System\uoExInp.exe
  2⤵
  PID:4884
- C:\Windows\System\xWCfyje.exe
  C:\Windows\System\xWCfyje.exe
  2⤵
  PID:5068
- C:\Windows\System\qJpsmCe.exe
  C:\Windows\System\qJpsmCe.exe
  2⤵
  PID:3220
- C:\Windows\System\PxexAtE.exe
  C:\Windows\System\PxexAtE.exe
  2⤵
  PID:3700
- C:\Windows\System\YoOFfsD.exe
  C:\Windows\System\YoOFfsD.exe
  2⤵
  PID:4576
- C:\Windows\System\SQKUGTD.exe
  C:\Windows\System\SQKUGTD.exe
  2⤵
  PID:4308
- C:\Windows\System\mSdrneq.exe
  C:\Windows\System\mSdrneq.exe
  2⤵
  PID:4312
- C:\Windows\System\itOrSte.exe
  C:\Windows\System\itOrSte.exe
  2⤵
  PID:4716
- C:\Windows\System\wNCILid.exe
  C:\Windows\System\wNCILid.exe
  2⤵
  PID:4616
- C:\Windows\System\WzkCsYm.exe
  C:\Windows\System\WzkCsYm.exe
  2⤵
  PID:4804
- C:\Windows\System\QkpHaJU.exe
  C:\Windows\System\QkpHaJU.exe
  2⤵
  PID:5084
- C:\Windows\System\ZYvbsWQ.exe
  C:\Windows\System\ZYvbsWQ.exe
  2⤵
  PID:5080
- C:\Windows\System\quNXBFa.exe
  C:\Windows\System\quNXBFa.exe
  2⤵
  PID:1536
- C:\Windows\System\ewCVEYP.exe
  C:\Windows\System\ewCVEYP.exe
  2⤵
  PID:4536
- C:\Windows\System\TrbqeYk.exe
  C:\Windows\System\TrbqeYk.exe
  2⤵
  PID:4876
- C:\Windows\System\uAQuRIk.exe
  C:\Windows\System\uAQuRIk.exe
  2⤵
  PID:4896
- C:\Windows\System\lkPFdqp.exe
  C:\Windows\System\lkPFdqp.exe
  2⤵
  PID:4824
- C:\Windows\System\tUtswUA.exe
  C:\Windows\System\tUtswUA.exe
  2⤵
  PID:3864
- C:\Windows\System\qaJoDnj.exe
  C:\Windows\System\qaJoDnj.exe
  2⤵
  PID:5156
- C:\Windows\System\hRPPoiy.exe
  C:\Windows\System\hRPPoiy.exe
  2⤵
  PID:5172
- C:\Windows\System\nGPVxum.exe
  C:\Windows\System\nGPVxum.exe
  2⤵
  PID:5188
- C:\Windows\System\TNfnuIg.exe
  C:\Windows\System\TNfnuIg.exe
  2⤵
  PID:5204
- C:\Windows\System\gkqzjwB.exe
  C:\Windows\System\gkqzjwB.exe
  2⤵
  PID:5220
- C:\Windows\System\Foheqmf.exe
  C:\Windows\System\Foheqmf.exe
  2⤵
  PID:5240
- C:\Windows\System\tkdmceb.exe
  C:\Windows\System\tkdmceb.exe
  2⤵
  PID:5268
- C:\Windows\System\jikQnZX.exe
  C:\Windows\System\jikQnZX.exe
  2⤵
  PID:5288
- C:\Windows\System\IAdPhbE.exe
  C:\Windows\System\IAdPhbE.exe
  2⤵
  PID:5304
- C:\Windows\System\BPBRZSE.exe
  C:\Windows\System\BPBRZSE.exe
  2⤵
  PID:5320
- C:\Windows\System\nyZhHoR.exe
  C:\Windows\System\nyZhHoR.exe
  2⤵
  PID:5364
- C:\Windows\System\OzBYqRM.exe
  C:\Windows\System\OzBYqRM.exe
  2⤵
  PID:5380
- C:\Windows\System\hnwpyBO.exe
  C:\Windows\System\hnwpyBO.exe
  2⤵
  PID:5396
- C:\Windows\System\LzRrkLo.exe
  C:\Windows\System\LzRrkLo.exe
  2⤵
  PID:5412
- C:\Windows\System\qzwgniV.exe
  C:\Windows\System\qzwgniV.exe
  2⤵
  PID:5432
- C:\Windows\System\PoTriCF.exe
  C:\Windows\System\PoTriCF.exe
  2⤵
  PID:5448
- C:\Windows\System\azuYqIq.exe
  C:\Windows\System\azuYqIq.exe
  2⤵
  PID:5464
- C:\Windows\System\BxCtZGB.exe
  C:\Windows\System\BxCtZGB.exe
  2⤵
  PID:5480
- C:\Windows\System\sUeDTCm.exe
  C:\Windows\System\sUeDTCm.exe
  2⤵
  PID:5516
- C:\Windows\System\PCbDVES.exe
  C:\Windows\System\PCbDVES.exe
  2⤵
  PID:5536
- C:\Windows\System\KqpJDEt.exe
  C:\Windows\System\KqpJDEt.exe
  2⤵
  PID:5552
- C:\Windows\System\ZlCLUyt.exe
  C:\Windows\System\ZlCLUyt.exe
  2⤵
  PID:5580
- C:\Windows\System\kOwRFvn.exe
  C:\Windows\System\kOwRFvn.exe
  2⤵
  PID:5600
- C:\Windows\System\ozKKEXX.exe
  C:\Windows\System\ozKKEXX.exe
  2⤵
  PID:5620
- C:\Windows\System\GTuTcSf.exe
  C:\Windows\System\GTuTcSf.exe
  2⤵
  PID:5636
- C:\Windows\System\JtYkOUb.exe
  C:\Windows\System\JtYkOUb.exe
  2⤵
  PID:5656
- C:\Windows\System\FnkRQdC.exe
  C:\Windows\System\FnkRQdC.exe
  2⤵
  PID:5672
- C:\Windows\System\OPHiNbB.exe
  C:\Windows\System\OPHiNbB.exe
  2⤵
  PID:5688
- C:\Windows\System\etcKhvU.exe
  C:\Windows\System\etcKhvU.exe
  2⤵
  PID:5704
- C:\Windows\System\mrgKbzF.exe
  C:\Windows\System\mrgKbzF.exe
  2⤵
  PID:5724
- C:\Windows\System\UwXlTWU.exe
  C:\Windows\System\UwXlTWU.exe
  2⤵
  PID:5744
- C:\Windows\System\cIJIBMV.exe
  C:\Windows\System\cIJIBMV.exe
  2⤵
  PID:5760
- C:\Windows\System\qRHugaA.exe
  C:\Windows\System\qRHugaA.exe
  2⤵
  PID:5776
- C:\Windows\System\FZNDFnl.exe
  C:\Windows\System\FZNDFnl.exe
  2⤵
  PID:5832
- C:\Windows\System\LBuwGDL.exe
  C:\Windows\System\LBuwGDL.exe
  2⤵
  PID:5852
- C:\Windows\System\kkwHfHe.exe
  C:\Windows\System\kkwHfHe.exe
  2⤵
  PID:5868
- C:\Windows\System\GLJMOpP.exe
  C:\Windows\System\GLJMOpP.exe
  2⤵
  PID:5888
- C:\Windows\System\MEWHbsW.exe
  C:\Windows\System\MEWHbsW.exe
  2⤵
  PID:5904
- C:\Windows\System\DbpRpZm.exe
  C:\Windows\System\DbpRpZm.exe
  2⤵
  PID:5932
- C:\Windows\System\AEAQLyF.exe
  C:\Windows\System\AEAQLyF.exe
  2⤵
  PID:5948
- C:\Windows\System\nQmtehx.exe
  C:\Windows\System\nQmtehx.exe
  2⤵
  PID:5964
- C:\Windows\System\ufCZUcp.exe
  C:\Windows\System\ufCZUcp.exe
  2⤵
  PID:5984
- C:\Windows\System\ugzrgaj.exe
  C:\Windows\System\ugzrgaj.exe
  2⤵
  PID:6000
- C:\Windows\System\dCSMQIx.exe
  C:\Windows\System\dCSMQIx.exe
  2⤵
  PID:6016
- C:\Windows\System\aostYcz.exe
  C:\Windows\System\aostYcz.exe
  2⤵
  PID:6048
- C:\Windows\System\toqJWgN.exe
  C:\Windows\System\toqJWgN.exe
  2⤵
  PID:6068
- C:\Windows\System\RltKzdg.exe
  C:\Windows\System\RltKzdg.exe
  2⤵
  PID:6084
- C:\Windows\System\MmijmdI.exe
  C:\Windows\System\MmijmdI.exe
  2⤵
  PID:6104
- C:\Windows\System\lCZgATv.exe
  C:\Windows\System\lCZgATv.exe
  2⤵
  PID:6120
- C:\Windows\System\AFvhAvR.exe
  C:\Windows\System\AFvhAvR.exe
  2⤵
  PID:6136
- C:\Windows\System\OHYsnTi.exe
  C:\Windows\System\OHYsnTi.exe
  2⤵
  PID:5064
- C:\Windows\System\MfhtYhM.exe
  C:\Windows\System\MfhtYhM.exe
  2⤵
  PID:4180
- C:\Windows\System\FdqSNSX.exe
  C:\Windows\System\FdqSNSX.exe
  2⤵
  PID:4808
- C:\Windows\System\xHzRtKY.exe
  C:\Windows\System\xHzRtKY.exe
  2⤵
  PID:4612
- C:\Windows\System\JsYbyaU.exe
  C:\Windows\System\JsYbyaU.exe
  2⤵
  PID:5108
- C:\Windows\System\dIwDFIf.exe
  C:\Windows\System\dIwDFIf.exe
  2⤵
  PID:4680
- C:\Windows\System\JVlbCLu.exe
  C:\Windows\System\JVlbCLu.exe
  2⤵
  PID:5140
- C:\Windows\System\pkBiBxX.exe
  C:\Windows\System\pkBiBxX.exe
  2⤵
  PID:5128
- C:\Windows\System\mcRbQKX.exe
  C:\Windows\System\mcRbQKX.exe
  2⤵
  PID:4472
- C:\Windows\System\qvhTFvL.exe
  C:\Windows\System\qvhTFvL.exe
  2⤵
  PID:5164
- C:\Windows\System\TYUQIJR.exe
  C:\Windows\System\TYUQIJR.exe
  2⤵
  PID:5228
- C:\Windows\System\RxMzUFh.exe
  C:\Windows\System\RxMzUFh.exe
  2⤵
  PID:5312
- C:\Windows\System\tWNtfBY.exe
  C:\Windows\System\tWNtfBY.exe
  2⤵
  PID:5300
- C:\Windows\System\olxNCfU.exe
  C:\Windows\System\olxNCfU.exe
  2⤵
  PID:5348
- C:\Windows\System\bqOiEYN.exe
  C:\Windows\System\bqOiEYN.exe
  2⤵
  PID:5388
- C:\Windows\System\oHilWzB.exe
  C:\Windows\System\oHilWzB.exe
  2⤵
  PID:5408
- C:\Windows\System\MecrFtG.exe
  C:\Windows\System\MecrFtG.exe
  2⤵
  PID:5456
- C:\Windows\System\LBzIUsl.exe
  C:\Windows\System\LBzIUsl.exe
  2⤵
  PID:5504
- C:\Windows\System\MStUuOr.exe
  C:\Windows\System\MStUuOr.exe
  2⤵
  PID:5440
- C:\Windows\System\AYuwqCj.exe
  C:\Windows\System\AYuwqCj.exe
  2⤵
  PID:5560
- C:\Windows\System\YYAeDEa.exe
  C:\Windows\System\YYAeDEa.exe
  2⤵
  PID:5596
- C:\Windows\System\bVBHDXj.exe
  C:\Windows\System\bVBHDXj.exe
  2⤵
  PID:5644
- C:\Windows\System\ZwPRYUt.exe
  C:\Windows\System\ZwPRYUt.exe
  2⤵
  PID:5680
- C:\Windows\System\vplcyQr.exe
  C:\Windows\System\vplcyQr.exe
  2⤵
  PID:5720
- C:\Windows\System\bpROErR.exe
  C:\Windows\System\bpROErR.exe
  2⤵
  PID:5668
- C:\Windows\System\bkWjraN.exe
  C:\Windows\System\bkWjraN.exe
  2⤵
  PID:5736
- C:\Windows\System\XpfXYUj.exe
  C:\Windows\System\XpfXYUj.exe
  2⤵
  PID:5800
- C:\Windows\System\swYuolq.exe
  C:\Windows\System\swYuolq.exe
  2⤵
  PID:5816
- C:\Windows\System\lUJbLgl.exe
  C:\Windows\System\lUJbLgl.exe
  2⤵
  PID:5788
- C:\Windows\System\ogBrwNh.exe
  C:\Windows\System\ogBrwNh.exe
  2⤵
  PID:5860
- C:\Windows\System\rcXHezd.exe
  C:\Windows\System\rcXHezd.exe
  2⤵
  PID:5928
- C:\Windows\System\KtMEOtA.exe
  C:\Windows\System\KtMEOtA.exe
  2⤵
  PID:5972
- C:\Windows\System\KCgrDpi.exe
  C:\Windows\System\KCgrDpi.exe
  2⤵
  PID:5980
- C:\Windows\System\ZFjKZXp.exe
  C:\Windows\System\ZFjKZXp.exe
  2⤵
  PID:6044
- C:\Windows\System\WUltdHu.exe
  C:\Windows\System\WUltdHu.exe
  2⤵
  PID:6076
- C:\Windows\System\eMdoFqm.exe
  C:\Windows\System\eMdoFqm.exe
  2⤵
  PID:6112
- C:\Windows\System\kvcReip.exe
  C:\Windows\System\kvcReip.exe
  2⤵
  PID:6100
- C:\Windows\System\immJQmA.exe
  C:\Windows\System\immJQmA.exe
  2⤵
  PID:3724
- C:\Windows\System\xbCRElF.exe
  C:\Windows\System\xbCRElF.exe
  2⤵
  PID:5136
- C:\Windows\System\UfxmWyA.exe
  C:\Windows\System\UfxmWyA.exe
  2⤵
  PID:5248
- C:\Windows\System\apudJMi.exe
  C:\Windows\System\apudJMi.exe
  2⤵
  PID:4120
- C:\Windows\System\LEUolkt.exe
  C:\Windows\System\LEUolkt.exe
  2⤵
  PID:4580
- C:\Windows\System\TOuDghD.exe
  C:\Windows\System\TOuDghD.exe
  2⤵
  PID:4304
- C:\Windows\System\cTcUisH.exe
  C:\Windows\System\cTcUisH.exe
  2⤵
  PID:5236
- C:\Windows\System\QWmkrew.exe
  C:\Windows\System\QWmkrew.exe
  2⤵
  PID:5296
- C:\Windows\System\YtmrBOA.exe
  C:\Windows\System\YtmrBOA.exe
  2⤵
  PID:5424
- C:\Windows\System\oqScMNU.exe
  C:\Windows\System\oqScMNU.exe
  2⤵
  PID:5376
- C:\Windows\System\NLKzjSS.exe
  C:\Windows\System\NLKzjSS.exe
  2⤵
  PID:5344
- C:\Windows\System\DMLUHmI.exe
  C:\Windows\System\DMLUHmI.exe
  2⤵
  PID:5548
- C:\Windows\System\HjxyyrF.exe
  C:\Windows\System\HjxyyrF.exe
  2⤵
  PID:5532
- C:\Windows\System\EGrpAOI.exe
  C:\Windows\System\EGrpAOI.exe
  2⤵
  PID:5564
- C:\Windows\System\swVdqNK.exe
  C:\Windows\System\swVdqNK.exe
  2⤵
  PID:5652
- C:\Windows\System\wBPSPip.exe
  C:\Windows\System\wBPSPip.exe
  2⤵
  PID:5796
- C:\Windows\System\TKgAHIi.exe
  C:\Windows\System\TKgAHIi.exe
  2⤵
  PID:5608
- C:\Windows\System\jaXlBez.exe
  C:\Windows\System\jaXlBez.exe
  2⤵
  PID:5896
- C:\Windows\System\mvpUkhY.exe
  C:\Windows\System\mvpUkhY.exe
  2⤵
  PID:5712
- C:\Windows\System\DwZrvrl.exe
  C:\Windows\System\DwZrvrl.exe
  2⤵
  PID:5844
- C:\Windows\System\VBpQwQi.exe
  C:\Windows\System\VBpQwQi.exe
  2⤵
  PID:5924
- C:\Windows\System\IuvFaQd.exe
  C:\Windows\System\IuvFaQd.exe
  2⤵
  PID:5996
- C:\Windows\System\BMMKOOQ.exe
  C:\Windows\System\BMMKOOQ.exe
  2⤵
  PID:6012
- C:\Windows\System\oCmjUEq.exe
  C:\Windows\System\oCmjUEq.exe
  2⤵
  PID:5036
- C:\Windows\System\SnSGemA.exe
  C:\Windows\System\SnSGemA.exe
  2⤵
  PID:6064
- C:\Windows\System\nfYGOkx.exe
  C:\Windows\System\nfYGOkx.exe
  2⤵
  PID:4052
- C:\Windows\System\hwUeiTi.exe
  C:\Windows\System\hwUeiTi.exe
  2⤵
  PID:5200
- C:\Windows\System\HIStDSH.exe
  C:\Windows\System\HIStDSH.exe
  2⤵
  PID:5196
- C:\Windows\System\bCtuFBs.exe
  C:\Windows\System\bCtuFBs.exe
  2⤵
  PID:5492
- C:\Windows\System\PtsWOrH.exe
  C:\Windows\System\PtsWOrH.exe
  2⤵
  PID:5812
- C:\Windows\System\DvfpwwY.exe
  C:\Windows\System\DvfpwwY.exe
  2⤵
  PID:6096
- C:\Windows\System\TiePOPC.exe
  C:\Windows\System\TiePOPC.exe
  2⤵
  PID:5152
- C:\Windows\System\eTEnmfV.exe
  C:\Windows\System\eTEnmfV.exe
  2⤵
  PID:4400
- C:\Windows\System\vstCytx.exe
  C:\Windows\System\vstCytx.exe
  2⤵
  PID:6036
- C:\Windows\System\tMttceo.exe
  C:\Windows\System\tMttceo.exe
  2⤵
  PID:6060
- C:\Windows\System\hSRKvDV.exe
  C:\Windows\System\hSRKvDV.exe
  2⤵
  PID:5700
- C:\Windows\System\COIaoTS.exe
  C:\Windows\System\COIaoTS.exe
  2⤵
  PID:5824
- C:\Windows\System\wBzrkEB.exe
  C:\Windows\System\wBzrkEB.exe
  2⤵
  PID:5328
- C:\Windows\System\qXIhDxb.exe
  C:\Windows\System\qXIhDxb.exe
  2⤵
  PID:5372
- C:\Windows\System\xgkfTCy.exe
  C:\Windows\System\xgkfTCy.exe
  2⤵
  PID:5900
- C:\Windows\System\VcpQcPC.exe
  C:\Windows\System\VcpQcPC.exe
  2⤵
  PID:5880
- C:\Windows\System\mvDXGBz.exe
  C:\Windows\System\mvDXGBz.exe
  2⤵
  PID:3764
- C:\Windows\System\MRXfJGv.exe
  C:\Windows\System\MRXfJGv.exe
  2⤵
  PID:5920
- C:\Windows\System\vnZwSdk.exe
  C:\Windows\System\vnZwSdk.exe
  2⤵
  PID:5260
- C:\Windows\System\CAldslF.exe
  C:\Windows\System\CAldslF.exe
  2⤵
  PID:5732
- C:\Windows\System\FvqRCmI.exe
  C:\Windows\System\FvqRCmI.exe
  2⤵
  PID:5496
- C:\Windows\System\qVipHlp.exe
  C:\Windows\System\qVipHlp.exe
  2⤵
  PID:5756
- C:\Windows\System\woBHEXN.exe
  C:\Windows\System\woBHEXN.exe
  2⤵
  PID:5184
- C:\Windows\System\AmhALdV.exe
  C:\Windows\System\AmhALdV.exe
  2⤵
  PID:5768
- C:\Windows\System\ERUVDVv.exe
  C:\Windows\System\ERUVDVv.exe
  2⤵
  PID:5336
- C:\Windows\System\afPctrJ.exe
  C:\Windows\System\afPctrJ.exe
  2⤵
  PID:5912
- C:\Windows\System\NpJWNuF.exe
  C:\Windows\System\NpJWNuF.exe
  2⤵
  PID:5960
- C:\Windows\System\BxkbPhQ.exe
  C:\Windows\System\BxkbPhQ.exe
  2⤵
  PID:6056
- C:\Windows\System\VznWvYv.exe
  C:\Windows\System\VznWvYv.exe
  2⤵
  PID:5992
- C:\Windows\System\sjTlgym.exe
  C:\Windows\System\sjTlgym.exe
  2⤵
  PID:6148
- C:\Windows\System\IZQOttl.exe
  C:\Windows\System\IZQOttl.exe
  2⤵
  PID:6164
- C:\Windows\System\WeiYWNL.exe
  C:\Windows\System\WeiYWNL.exe
  2⤵
  PID:6180
- C:\Windows\System\BvzZiKa.exe
  C:\Windows\System\BvzZiKa.exe
  2⤵
  PID:6204
- C:\Windows\System\PkGXtxa.exe
  C:\Windows\System\PkGXtxa.exe
  2⤵
  PID:6224
- C:\Windows\System\dhJyzHU.exe
  C:\Windows\System\dhJyzHU.exe
  2⤵
  PID:6240
- C:\Windows\System\AzzZDrq.exe
  C:\Windows\System\AzzZDrq.exe
  2⤵
  PID:6260
- C:\Windows\System\bFuVQPa.exe
  C:\Windows\System\bFuVQPa.exe
  2⤵
  PID:6292
- C:\Windows\System\ZsjEqpI.exe
  C:\Windows\System\ZsjEqpI.exe
  2⤵
  PID:6308
- C:\Windows\System\byBRCVy.exe
  C:\Windows\System\byBRCVy.exe
  2⤵
  PID:6324
- C:\Windows\System\ukxmFFH.exe
  C:\Windows\System\ukxmFFH.exe
  2⤵
  PID:6340
- C:\Windows\System\nMyBkuY.exe
  C:\Windows\System\nMyBkuY.exe
  2⤵
  PID:6356
- C:\Windows\System\ORcpMtx.exe
  C:\Windows\System\ORcpMtx.exe
  2⤵
  PID:6400
- C:\Windows\System\qRPPbOm.exe
  C:\Windows\System\qRPPbOm.exe
  2⤵
  PID:6420
- C:\Windows\System\dlaLTLL.exe
  C:\Windows\System\dlaLTLL.exe
  2⤵
  PID:6444
- C:\Windows\System\HChUBZY.exe
  C:\Windows\System\HChUBZY.exe
  2⤵
  PID:6460
- C:\Windows\System\YJXsdUd.exe
  C:\Windows\System\YJXsdUd.exe
  2⤵
  PID:6480
- C:\Windows\System\AIRjdco.exe
  C:\Windows\System\AIRjdco.exe
  2⤵
  PID:6496
- C:\Windows\System\CxPCVzo.exe
  C:\Windows\System\CxPCVzo.exe
  2⤵
  PID:6524
- C:\Windows\System\EIgocQp.exe
  C:\Windows\System\EIgocQp.exe
  2⤵
  PID:6540
- C:\Windows\System\hFfMweB.exe
  C:\Windows\System\hFfMweB.exe
  2⤵
  PID:6556
- C:\Windows\System\uQjusqf.exe
  C:\Windows\System\uQjusqf.exe
  2⤵
  PID:6580
- C:\Windows\System\PjjJrJe.exe
  C:\Windows\System\PjjJrJe.exe
  2⤵
  PID:6596
- C:\Windows\System\Ctaugsx.exe
  C:\Windows\System\Ctaugsx.exe
  2⤵
  PID:6612
- C:\Windows\System\GymBNya.exe
  C:\Windows\System\GymBNya.exe
  2⤵
  PID:6628
- C:\Windows\System\qbSbjwj.exe
  C:\Windows\System\qbSbjwj.exe
  2⤵
  PID:6644
- C:\Windows\System\nikSPCk.exe
  C:\Windows\System\nikSPCk.exe
  2⤵
  PID:6668
- C:\Windows\System\puMiwqt.exe
  C:\Windows\System\puMiwqt.exe
  2⤵
  PID:6696
- C:\Windows\System\LDmxzva.exe
  C:\Windows\System\LDmxzva.exe
  2⤵
  PID:6716
- C:\Windows\System\bVKOeQA.exe
  C:\Windows\System\bVKOeQA.exe
  2⤵
  PID:6732
- C:\Windows\System\MvOoDdp.exe
  C:\Windows\System\MvOoDdp.exe
  2⤵
  PID:6748
- C:\Windows\System\RHDTShX.exe
  C:\Windows\System\RHDTShX.exe
  2⤵
  PID:6764
- C:\Windows\System\oGymSLA.exe
  C:\Windows\System\oGymSLA.exe
  2⤵
  PID:6780
- C:\Windows\System\YfVFsJj.exe
  C:\Windows\System\YfVFsJj.exe
  2⤵
  PID:6820
- C:\Windows\System\lqtvSww.exe
  C:\Windows\System\lqtvSww.exe
  2⤵
  PID:6844
- C:\Windows\System\GvWfARw.exe
  C:\Windows\System\GvWfARw.exe
  2⤵
  PID:6864
- C:\Windows\System\Rzzfqkh.exe
  C:\Windows\System\Rzzfqkh.exe
  2⤵
  PID:6884
- C:\Windows\System\OaTRHsh.exe
  C:\Windows\System\OaTRHsh.exe
  2⤵
  PID:6904
- C:\Windows\System\lAyLrmo.exe
  C:\Windows\System\lAyLrmo.exe
  2⤵
  PID:6924
- C:\Windows\System\FgHfYeC.exe
  C:\Windows\System\FgHfYeC.exe
  2⤵
  PID:6944
- C:\Windows\System\jEfUjhc.exe
  C:\Windows\System\jEfUjhc.exe
  2⤵
  PID:6960
- C:\Windows\System\AMVEJZn.exe
  C:\Windows\System\AMVEJZn.exe
  2⤵
  PID:6976
- C:\Windows\System\lvChTyA.exe
  C:\Windows\System\lvChTyA.exe
  2⤵
  PID:6996
- C:\Windows\System\MwwTurI.exe
  C:\Windows\System\MwwTurI.exe
  2⤵
  PID:7028
- C:\Windows\System\iYiQRQZ.exe
  C:\Windows\System\iYiQRQZ.exe
  2⤵
  PID:7044
- C:\Windows\System\pXssPDB.exe
  C:\Windows\System\pXssPDB.exe
  2⤵
  PID:7060
- C:\Windows\System\tcNpdBo.exe
  C:\Windows\System\tcNpdBo.exe
  2⤵
  PID:7080
- C:\Windows\System\pRmeGYo.exe
  C:\Windows\System\pRmeGYo.exe
  2⤵
  PID:7096
- C:\Windows\System\ZTWvuFK.exe
  C:\Windows\System\ZTWvuFK.exe
  2⤵
  PID:7112
- C:\Windows\System\CVlhesT.exe
  C:\Windows\System\CVlhesT.exe
  2⤵
  PID:7132
- C:\Windows\System\AIjCuKJ.exe
  C:\Windows\System\AIjCuKJ.exe
  2⤵
  PID:7148
- C:\Windows\System\DCjHIhP.exe
  C:\Windows\System\DCjHIhP.exe
  2⤵
  PID:6188
- C:\Windows\System\MfdfDXc.exe
  C:\Windows\System\MfdfDXc.exe
  2⤵
  PID:4520
- C:\Windows\System\gGkkzkf.exe
  C:\Windows\System\gGkkzkf.exe
  2⤵
  PID:6276
- C:\Windows\System\ejYTCIo.exe
  C:\Windows\System\ejYTCIo.exe
  2⤵
  PID:6316
- C:\Windows\System\dsjzVQo.exe
  C:\Windows\System\dsjzVQo.exe
  2⤵
  PID:6176
- C:\Windows\System\abpYYwA.exe
  C:\Windows\System\abpYYwA.exe
  2⤵
  PID:6416
- C:\Windows\System\PMaxMsv.exe
  C:\Windows\System\PMaxMsv.exe
  2⤵
  PID:6216
- C:\Windows\System\YdQMvHP.exe
  C:\Windows\System\YdQMvHP.exe
  2⤵
  PID:6336
- C:\Windows\System\WEvkzWS.exe
  C:\Windows\System\WEvkzWS.exe
  2⤵
  PID:6428
- C:\Windows\System\gcKVTom.exe
  C:\Windows\System\gcKVTom.exe
  2⤵
  PID:6380
- C:\Windows\System\xbsMKYi.exe
  C:\Windows\System\xbsMKYi.exe
  2⤵
  PID:6432
- C:\Windows\System\bRrPZxP.exe
  C:\Windows\System\bRrPZxP.exe
  2⤵
  PID:6492
- C:\Windows\System\yoQyxCN.exe
  C:\Windows\System\yoQyxCN.exe
  2⤵
  PID:6572
- C:\Windows\System\xcsSwTC.exe
  C:\Windows\System\xcsSwTC.exe
  2⤵
  PID:6640
- C:\Windows\System\HVzCdno.exe
  C:\Windows\System\HVzCdno.exe
  2⤵
  PID:6592
- C:\Windows\System\namlcTm.exe
  C:\Windows\System\namlcTm.exe
  2⤵
  PID:6664
- C:\Windows\System\anXZKcY.exe
  C:\Windows\System\anXZKcY.exe
  2⤵
  PID:6788
- C:\Windows\System\gfRyaMT.exe
  C:\Windows\System\gfRyaMT.exe
  2⤵
  PID:6808
- C:\Windows\System\bTOfbxq.exe
  C:\Windows\System\bTOfbxq.exe
  2⤵
  PID:6512
- C:\Windows\System\ONBFqWM.exe
  C:\Windows\System\ONBFqWM.exe
  2⤵
  PID:6624
- C:\Windows\System\LycaShB.exe
  C:\Windows\System\LycaShB.exe
  2⤵
  PID:6740
- C:\Windows\System\qXsCzzk.exe
  C:\Windows\System\qXsCzzk.exe
  2⤵
  PID:6852
- C:\Windows\System\fSPuwHb.exe
  C:\Windows\System\fSPuwHb.exe
  2⤵
  PID:6840
- C:\Windows\System\gfTVawT.exe
  C:\Windows\System\gfTVawT.exe
  2⤵
  PID:6876
- C:\Windows\System\OwFkZYR.exe
  C:\Windows\System\OwFkZYR.exe
  2⤵
  PID:6912
- C:\Windows\System\RWbxcCC.exe
  C:\Windows\System\RWbxcCC.exe
  2⤵
  PID:6940
- C:\Windows\System\MiUkYlg.exe
  C:\Windows\System\MiUkYlg.exe
  2⤵
  PID:6968
- C:\Windows\System\nxZznwp.exe
  C:\Windows\System\nxZznwp.exe
  2⤵
  PID:6992
- C:\Windows\System\ACOKwqt.exe
  C:\Windows\System\ACOKwqt.exe
  2⤵
  PID:7124
- C:\Windows\System\iMxHdEd.exe
  C:\Windows\System\iMxHdEd.exe
  2⤵
  PID:7164
- C:\Windows\System\JJSToXD.exe
  C:\Windows\System\JJSToXD.exe
  2⤵
  PID:6232
- C:\Windows\System\qacjend.exe
  C:\Windows\System\qacjend.exe
  2⤵
  PID:7068
- C:\Windows\System\aPSjYCD.exe
  C:\Windows\System\aPSjYCD.exe
  2⤵
  PID:6192
- C:\Windows\System\hPeeSrY.exe
  C:\Windows\System\hPeeSrY.exe
  2⤵
  PID:5216
- C:\Windows\System\SCWHRxO.exe
  C:\Windows\System\SCWHRxO.exe
  2⤵
  PID:6352
- C:\Windows\System\yhqNaRX.exe
  C:\Windows\System\yhqNaRX.exe
  2⤵
  PID:6364
- C:\Windows\System\xkiQOVU.exe
  C:\Windows\System\xkiQOVU.exe
  2⤵
  PID:6532
- C:\Windows\System\jZXwsfI.exe
  C:\Windows\System\jZXwsfI.exe
  2⤵
  PID:6552
- C:\Windows\System\QsyhuUU.exe
  C:\Windows\System\QsyhuUU.exe
  2⤵
  PID:6252
- C:\Windows\System\eIfsvgP.exe
  C:\Windows\System\eIfsvgP.exe
  2⤵
  PID:6568
- C:\Windows\System\FoTDzfZ.exe
  C:\Windows\System\FoTDzfZ.exe
  2⤵
  PID:6304
- C:\Windows\System\zWTebqS.exe
  C:\Windows\System\zWTebqS.exe
  2⤵
  PID:6440
- C:\Windows\System\QcmEKgU.exe
  C:\Windows\System\QcmEKgU.exe
  2⤵
  PID:6756
- C:\Windows\System\IlrNocT.exe
  C:\Windows\System\IlrNocT.exe
  2⤵
  PID:6508
- C:\Windows\System\XIVFRoj.exe
  C:\Windows\System\XIVFRoj.exe
  2⤵
  PID:6804
- C:\Windows\System\MunlWoR.exe
  C:\Windows\System\MunlWoR.exe
  2⤵
  PID:6772
- C:\Windows\System\HHxXRwb.exe
  C:\Windows\System\HHxXRwb.exe
  2⤵
  PID:6880
- C:\Windows\System\XXTDrEp.exe
  C:\Windows\System\XXTDrEp.exe
  2⤵
  PID:7024
- C:\Windows\System\sIXqWRZ.exe
  C:\Windows\System\sIXqWRZ.exe
  2⤵
  PID:6932
- C:\Windows\System\CaHQEnv.exe
  C:\Windows\System\CaHQEnv.exe
  2⤵
  PID:6156
- C:\Windows\System\CrDcPSj.exe
  C:\Windows\System\CrDcPSj.exe
  2⤵
  PID:7076
- C:\Windows\System\gSZlYBG.exe
  C:\Windows\System\gSZlYBG.exe
  2⤵
  PID:6284
- C:\Windows\System\AvrIhjZ.exe
  C:\Windows\System\AvrIhjZ.exe
  2⤵
  PID:6300
- C:\Windows\System\aXVJmlS.exe
  C:\Windows\System\aXVJmlS.exe
  2⤵
  PID:6384
- C:\Windows\System\SdRxWhL.exe
  C:\Windows\System\SdRxWhL.exe
  2⤵
  PID:7140
- C:\Windows\System\iRsmwIo.exe
  C:\Windows\System\iRsmwIo.exe
  2⤵
  PID:6248
- C:\Windows\System\HabLvkd.exe
  C:\Windows\System\HabLvkd.exe
  2⤵
  PID:6660
- C:\Windows\System\bPfYscU.exe
  C:\Windows\System\bPfYscU.exe
  2⤵
  PID:6504
- C:\Windows\System\cZqEGjx.exe
  C:\Windows\System\cZqEGjx.exe
  2⤵
  PID:6792
- C:\Windows\System\hmrBpIJ.exe
  C:\Windows\System\hmrBpIJ.exe
  2⤵
  PID:6956
- C:\Windows\System\NFPOCyu.exe
  C:\Windows\System\NFPOCyu.exe
  2⤵
  PID:7052
- C:\Windows\System\aVMXVFm.exe
  C:\Windows\System\aVMXVFm.exe
  2⤵
  PID:6392
- C:\Windows\System\OimjPIL.exe
  C:\Windows\System\OimjPIL.exe
  2⤵
  PID:7104
- C:\Windows\System\xWtOkIE.exe
  C:\Windows\System\xWtOkIE.exe
  2⤵
  PID:6456
- C:\Windows\System\uTZtLBH.exe
  C:\Windows\System\uTZtLBH.exe
  2⤵
  PID:6636
- C:\Windows\System\AtNnqaV.exe
  C:\Windows\System\AtNnqaV.exe
  2⤵
  PID:6988
- C:\Windows\System\nnvDZLg.exe
  C:\Windows\System\nnvDZLg.exe
  2⤵
  PID:7020
- C:\Windows\System\FmbNHUL.exe
  C:\Windows\System\FmbNHUL.exe
  2⤵
  PID:6760
- C:\Windows\System\WJKdDTo.exe
  C:\Windows\System\WJKdDTo.exe
  2⤵
  PID:6488
- C:\Windows\System\XgwXxWJ.exe
  C:\Windows\System\XgwXxWJ.exe
  2⤵
  PID:6800
- C:\Windows\System\XLpHJTP.exe
  C:\Windows\System\XLpHJTP.exe
  2⤵
  PID:6952
- C:\Windows\System\ZBnGTwr.exe
  C:\Windows\System\ZBnGTwr.exe
  2⤵
  PID:7176
- C:\Windows\System\BZaSuSe.exe
  C:\Windows\System\BZaSuSe.exe
  2⤵
  PID:7216
- C:\Windows\System\TBWGLKr.exe
  C:\Windows\System\TBWGLKr.exe
  2⤵
  PID:7232
- C:\Windows\System\njONIGF.exe
  C:\Windows\System\njONIGF.exe
  2⤵
  PID:7248
- C:\Windows\System\hhjtcfZ.exe
  C:\Windows\System\hhjtcfZ.exe
  2⤵
  PID:7264
- C:\Windows\System\AJymceL.exe
  C:\Windows\System\AJymceL.exe
  2⤵
  PID:7280
- C:\Windows\System\hyxCwoU.exe
  C:\Windows\System\hyxCwoU.exe
  2⤵
  PID:7300
- C:\Windows\System\PtIzTSG.exe
  C:\Windows\System\PtIzTSG.exe
  2⤵
  PID:7328
- C:\Windows\System\pIGQyWa.exe
  C:\Windows\System\pIGQyWa.exe
  2⤵
  PID:7360
- C:\Windows\System\xdlHCur.exe
  C:\Windows\System\xdlHCur.exe
  2⤵
  PID:7384
- C:\Windows\System\llCeBbr.exe
  C:\Windows\System\llCeBbr.exe
  2⤵
  PID:7420
- C:\Windows\System\HahfETh.exe
  C:\Windows\System\HahfETh.exe
  2⤵
  PID:7448
- C:\Windows\System\deIFEZs.exe
  C:\Windows\System\deIFEZs.exe
  2⤵
  PID:7468
- C:\Windows\System\EGaEZUv.exe
  C:\Windows\System\EGaEZUv.exe
  2⤵
  PID:7484
- C:\Windows\System\ZOQDESY.exe
  C:\Windows\System\ZOQDESY.exe
  2⤵
  PID:7504
- C:\Windows\System\LNigQGq.exe
  C:\Windows\System\LNigQGq.exe
  2⤵
  PID:7528
- C:\Windows\System\wQgnXao.exe
  C:\Windows\System\wQgnXao.exe
  2⤵
  PID:7544
- C:\Windows\System\EdaJZNC.exe
  C:\Windows\System\EdaJZNC.exe
  2⤵
  PID:7560
- C:\Windows\System\gbDJqJV.exe
  C:\Windows\System\gbDJqJV.exe
  2⤵
  PID:7580
- C:\Windows\System\rlrAuqL.exe
  C:\Windows\System\rlrAuqL.exe
  2⤵
  PID:7600
- C:\Windows\System\ZVaIKye.exe
  C:\Windows\System\ZVaIKye.exe
  2⤵
  PID:7616
- C:\Windows\System\ByrIRRg.exe
  C:\Windows\System\ByrIRRg.exe
  2⤵
  PID:7640
- C:\Windows\System\GkfgMIa.exe
  C:\Windows\System\GkfgMIa.exe
  2⤵
  PID:7656
- C:\Windows\System\VGUgGMo.exe
  C:\Windows\System\VGUgGMo.exe
  2⤵
  PID:7676
- C:\Windows\System\IRjLawP.exe
  C:\Windows\System\IRjLawP.exe
  2⤵
  PID:7696
- C:\Windows\System\vpeQUEP.exe
  C:\Windows\System\vpeQUEP.exe
  2⤵
  PID:7732
- C:\Windows\System\NYuEPuC.exe
  C:\Windows\System\NYuEPuC.exe
  2⤵
  PID:7748
- C:\Windows\System\YRUDGXX.exe
  C:\Windows\System\YRUDGXX.exe
  2⤵
  PID:7764
- C:\Windows\System\eYzeIWv.exe
  C:\Windows\System\eYzeIWv.exe
  2⤵
  PID:7780
- C:\Windows\System\MiLXaGn.exe
  C:\Windows\System\MiLXaGn.exe
  2⤵
  PID:7800
- C:\Windows\System\GbvBHvb.exe
  C:\Windows\System\GbvBHvb.exe
  2⤵
  PID:7816
- C:\Windows\System\plTUulZ.exe
  C:\Windows\System\plTUulZ.exe
  2⤵
  PID:7836
- C:\Windows\System\qzoPHJf.exe
  C:\Windows\System\qzoPHJf.exe
  2⤵
  PID:7856
- C:\Windows\System\wnqmDTl.exe
  C:\Windows\System\wnqmDTl.exe
  2⤵
  PID:7872
- C:\Windows\System\UNaLCbS.exe
  C:\Windows\System\UNaLCbS.exe
  2⤵
  PID:7888
- C:\Windows\System\TUKUNYJ.exe
  C:\Windows\System\TUKUNYJ.exe
  2⤵
  PID:7932
- C:\Windows\System\IjeublB.exe
  C:\Windows\System\IjeublB.exe
  2⤵
  PID:7948
- C:\Windows\System\FpPHyUy.exe
  C:\Windows\System\FpPHyUy.exe
  2⤵
  PID:7964
- C:\Windows\System\DHguiIT.exe
  C:\Windows\System\DHguiIT.exe
  2⤵
  PID:7980
- C:\Windows\System\fznSsMT.exe
  C:\Windows\System\fznSsMT.exe
  2⤵
  PID:8004
- C:\Windows\System\npExDJU.exe
  C:\Windows\System\npExDJU.exe
  2⤵
  PID:8020
- C:\Windows\System\gvrAokW.exe
  C:\Windows\System\gvrAokW.exe
  2⤵
  PID:8036
- C:\Windows\System\YMATAgp.exe
  C:\Windows\System\YMATAgp.exe
  2⤵
  PID:8060
- C:\Windows\System\VMWNkcA.exe
  C:\Windows\System\VMWNkcA.exe
  2⤵
  PID:8076
- C:\Windows\System\SPEkHGc.exe
  C:\Windows\System\SPEkHGc.exe
  2⤵
  PID:8092
- C:\Windows\System\jpRSLJS.exe
  C:\Windows\System\jpRSLJS.exe
  2⤵
  PID:8128
- C:\Windows\System\uULqxFl.exe
  C:\Windows\System\uULqxFl.exe
  2⤵
  PID:8148
- C:\Windows\System\oGDPtTS.exe
  C:\Windows\System\oGDPtTS.exe
  2⤵
  PID:8164
- C:\Windows\System\NgANxmi.exe
  C:\Windows\System\NgANxmi.exe
  2⤵
  PID:8188
- C:\Windows\System\TuwyjBj.exe
  C:\Windows\System\TuwyjBj.exe
  2⤵
  PID:7012
- C:\Windows\System\UKidKuL.exe
  C:\Windows\System\UKidKuL.exe
  2⤵
  PID:7040
- C:\Windows\System\dhDvOLy.exe
  C:\Windows\System\dhDvOLy.exe
  2⤵
  PID:6984
- C:\Windows\System\dwmeSZu.exe
  C:\Windows\System\dwmeSZu.exe
  2⤵
  PID:7192
- C:\Windows\System\WJtjYCH.exe
  C:\Windows\System\WJtjYCH.exe
  2⤵
  PID:7200
- C:\Windows\System\dBZutMc.exe
  C:\Windows\System\dBZutMc.exe
  2⤵
  PID:7240
- C:\Windows\System\fXcmCCO.exe
  C:\Windows\System\fXcmCCO.exe
  2⤵
  PID:7308
- C:\Windows\System\MaOdDGh.exe
  C:\Windows\System\MaOdDGh.exe
  2⤵
  PID:7292
- C:\Windows\System\oFHRVFd.exe
  C:\Windows\System\oFHRVFd.exe
  2⤵
  PID:7352
- C:\Windows\System\QWNPgeo.exe
  C:\Windows\System\QWNPgeo.exe
  2⤵
  PID:7428
- C:\Windows\System\JVdoyhd.exe
  C:\Windows\System\JVdoyhd.exe
  2⤵
  PID:7444
- C:\Windows\System\pAwIpSI.exe
  C:\Windows\System\pAwIpSI.exe
  2⤵
  PID:7492
- C:\Windows\System\TlSFqXS.exe
  C:\Windows\System\TlSFqXS.exe
  2⤵
  PID:7496
- C:\Windows\System\LaNvyAa.exe
  C:\Windows\System\LaNvyAa.exe
  2⤵
  PID:7556
- C:\Windows\System\fOZaMLz.exe
  C:\Windows\System\fOZaMLz.exe
  2⤵
  PID:7628
- C:\Windows\System\JvYTvNI.exe
  C:\Windows\System\JvYTvNI.exe
  2⤵
  PID:7668
- C:\Windows\System\GvJSytT.exe
  C:\Windows\System\GvJSytT.exe
  2⤵
  PID:7576
- C:\Windows\System\OiHkdem.exe
  C:\Windows\System\OiHkdem.exe
  2⤵
  PID:7688
- C:\Windows\System\kMHViAN.exe
  C:\Windows\System\kMHViAN.exe
  2⤵
  PID:7728
- C:\Windows\System\DAICOCS.exe
  C:\Windows\System\DAICOCS.exe
  2⤵
  PID:7760
- C:\Windows\System\CZxHiTU.exe
  C:\Windows\System\CZxHiTU.exe
  2⤵
  PID:7824
- C:\Windows\System\TCAwIQG.exe
  C:\Windows\System\TCAwIQG.exe
  2⤵
  PID:7896
- C:\Windows\System\WpCsQHj.exe
  C:\Windows\System\WpCsQHj.exe
  2⤵
  PID:7916
- C:\Windows\System\OCtmBon.exe
  C:\Windows\System\OCtmBon.exe
  2⤵
  PID:7772
- C:\Windows\System\yVrRrTv.exe
  C:\Windows\System\yVrRrTv.exe
  2⤵
  PID:7852
- C:\Windows\System\uHzLqhW.exe
  C:\Windows\System\uHzLqhW.exe
  2⤵
  PID:7900
- C:\Windows\System\RqAmksK.exe
  C:\Windows\System\RqAmksK.exe
  2⤵
  PID:7996
- C:\Windows\System\wLcisDT.exe
  C:\Windows\System\wLcisDT.exe
  2⤵
  PID:8016
- C:\Windows\System\xmrijZU.exe
  C:\Windows\System\xmrijZU.exe
  2⤵
  PID:8052
- C:\Windows\System\rsLyxku.exe
  C:\Windows\System\rsLyxku.exe
  2⤵
  PID:8084
- C:\Windows\System\eQuyZmx.exe
  C:\Windows\System\eQuyZmx.exe
  2⤵
  PID:8104
- C:\Windows\System\mOIYpEq.exe
  C:\Windows\System\mOIYpEq.exe
  2⤵
  PID:8120
- C:\Windows\System\cTPteRt.exe
  C:\Windows\System\cTPteRt.exe
  2⤵
  PID:6680
- C:\Windows\System\HYlinGX.exe
  C:\Windows\System\HYlinGX.exe
  2⤵
  PID:6160
- C:\Windows\System\dlyyXEj.exe
  C:\Windows\System\dlyyXEj.exe
  2⤵
  PID:7196
- C:\Windows\System\HcPtqSW.exe
  C:\Windows\System\HcPtqSW.exe
  2⤵
  PID:7208
- C:\Windows\System\CRdHoWv.exe
  C:\Windows\System\CRdHoWv.exe
  2⤵
  PID:7224
- C:\Windows\System\cvrwfjc.exe
  C:\Windows\System\cvrwfjc.exe
  2⤵
  PID:7324
- C:\Windows\System\GiDeKyN.exe
  C:\Windows\System\GiDeKyN.exe
  2⤵
  PID:7380
- C:\Windows\System\dVBVSkf.exe
  C:\Windows\System\dVBVSkf.exe
  2⤵
  PID:7396
- C:\Windows\System\pUpYdRv.exe
  C:\Windows\System\pUpYdRv.exe
  2⤵
  PID:7460
- C:\Windows\System\NleXOLH.exe
  C:\Windows\System\NleXOLH.exe
  2⤵
  PID:7464
- C:\Windows\System\ZelxIxN.exe
  C:\Windows\System\ZelxIxN.exe
  2⤵
  PID:7568
- C:\Windows\System\CyQHHhO.exe
  C:\Windows\System\CyQHHhO.exe
  2⤵
  PID:7664
- C:\Windows\System\flVeFul.exe
  C:\Windows\System\flVeFul.exe
  2⤵
  PID:7712
- C:\Windows\System\vpqRyzv.exe
  C:\Windows\System\vpqRyzv.exe
  2⤵
  PID:7808
- C:\Windows\System\nmOPYgw.exe
  C:\Windows\System\nmOPYgw.exe
  2⤵
  PID:7864
- C:\Windows\System\hcWmrFh.exe
  C:\Windows\System\hcWmrFh.exe
  2⤵
  PID:7880
- C:\Windows\System\IkPrPKT.exe
  C:\Windows\System\IkPrPKT.exe
  2⤵
  PID:7928
- C:\Windows\System\ZsKxbGq.exe
  C:\Windows\System\ZsKxbGq.exe
  2⤵
  PID:8048
- C:\Windows\System\pCsnlPY.exe
  C:\Windows\System\pCsnlPY.exe
  2⤵
  PID:8100
- C:\Windows\System\wQiRIbS.exe
  C:\Windows\System\wQiRIbS.exe
  2⤵
  PID:8032
- C:\Windows\System\HRnaBmh.exe
  C:\Windows\System\HRnaBmh.exe
  2⤵
  PID:8156
- C:\Windows\System\cxPFLoq.exe
  C:\Windows\System\cxPFLoq.exe
  2⤵
  PID:8176
- C:\Windows\System\WilmGyS.exe
  C:\Windows\System\WilmGyS.exe
  2⤵
  PID:8184
- C:\Windows\System\ApEOQIA.exe
  C:\Windows\System\ApEOQIA.exe
  2⤵
  PID:6588
- C:\Windows\System\CLOhebB.exe
  C:\Windows\System\CLOhebB.exe
  2⤵
  PID:7184
- C:\Windows\System\RmCyTCm.exe
  C:\Windows\System\RmCyTCm.exe
  2⤵
  PID:7340
- C:\Windows\System\eAkdYpp.exe
  C:\Windows\System\eAkdYpp.exe
  2⤵
  PID:7312
- C:\Windows\System\hEFkkwV.exe
  C:\Windows\System\hEFkkwV.exe
  2⤵
  PID:7592
- C:\Windows\System\CDcJotv.exe
  C:\Windows\System\CDcJotv.exe
  2⤵
  PID:7368
- C:\Windows\System\UugMoFO.exe
  C:\Windows\System\UugMoFO.exe
  2⤵
  PID:7704
- C:\Windows\System\KLyFqPc.exe
  C:\Windows\System\KLyFqPc.exe
  2⤵
  PID:7792
- C:\Windows\System\ruQnOgY.exe
  C:\Windows\System\ruQnOgY.exe
  2⤵
  PID:7960
- C:\Windows\System\WnczoGO.exe
  C:\Windows\System\WnczoGO.exe
  2⤵
  PID:8056
- C:\Windows\System\ZsuiJhp.exe
  C:\Windows\System\ZsuiJhp.exe
  2⤵
  PID:6476
- C:\Windows\System\sCkleWZ.exe
  C:\Windows\System\sCkleWZ.exe
  2⤵
  PID:7436
- C:\Windows\System\lpavKAB.exe
  C:\Windows\System\lpavKAB.exe
  2⤵
  PID:7908
- C:\Windows\System\UwsQZAo.exe
  C:\Windows\System\UwsQZAo.exe
  2⤵
  PID:7612
- C:\Windows\System\bqJjYrK.exe
  C:\Windows\System\bqJjYrK.exe
  2⤵
  PID:7684
- C:\Windows\System\sToWXpp.exe
  C:\Windows\System\sToWXpp.exe
  2⤵
  PID:7944
- C:\Windows\System\CvmfRYn.exe
  C:\Windows\System\CvmfRYn.exe
  2⤵
  PID:7920
- C:\Windows\System\zFodrUY.exe
  C:\Windows\System\zFodrUY.exe
  2⤵
  PID:8116
- C:\Windows\System\UOSMwjz.exe
  C:\Windows\System\UOSMwjz.exe
  2⤵
  PID:7476
- C:\Windows\System\UxCrgjT.exe
  C:\Windows\System\UxCrgjT.exe
  2⤵
  PID:7924
- C:\Windows\System\JSmgOyl.exe
  C:\Windows\System\JSmgOyl.exe
  2⤵
  PID:8200
- C:\Windows\System\vhfAbOU.exe
  C:\Windows\System\vhfAbOU.exe
  2⤵
  PID:8228
- C:\Windows\System\RterDSk.exe
  C:\Windows\System\RterDSk.exe
  2⤵
  PID:8244
- C:\Windows\System\PlCiiEa.exe
  C:\Windows\System\PlCiiEa.exe
  2⤵
  PID:8260
- C:\Windows\System\DvFHruq.exe
  C:\Windows\System\DvFHruq.exe
  2⤵
  PID:8300
- C:\Windows\System\uTWVRpB.exe
  C:\Windows\System\uTWVRpB.exe
  2⤵
  PID:8316
- C:\Windows\System\VXuXlDZ.exe
  C:\Windows\System\VXuXlDZ.exe
  2⤵
  PID:8332
- C:\Windows\System\WjvzndW.exe
  C:\Windows\System\WjvzndW.exe
  2⤵
  PID:8348
- C:\Windows\System\RDLFXwP.exe
  C:\Windows\System\RDLFXwP.exe
  2⤵
  PID:8364
- C:\Windows\System\UddlCmI.exe
  C:\Windows\System\UddlCmI.exe
  2⤵
  PID:8380
- C:\Windows\System\PALdVge.exe
  C:\Windows\System\PALdVge.exe
  2⤵
  PID:8396
- C:\Windows\System\KQkmGaj.exe
  C:\Windows\System\KQkmGaj.exe
  2⤵
  PID:8412
- C:\Windows\System\tzOeHum.exe
  C:\Windows\System\tzOeHum.exe
  2⤵
  PID:8432
- C:\Windows\System\leIdfks.exe
  C:\Windows\System\leIdfks.exe
  2⤵
  PID:8484
- C:\Windows\System\DQCwmkU.exe
  C:\Windows\System\DQCwmkU.exe
  2⤵
  PID:8500
- C:\Windows\System\ZVyPQRA.exe
  C:\Windows\System\ZVyPQRA.exe
  2⤵
  PID:8520
- C:\Windows\System\bMacjGF.exe
  C:\Windows\System\bMacjGF.exe
  2⤵
  PID:8540
- C:\Windows\System\GKElLsc.exe
  C:\Windows\System\GKElLsc.exe
  2⤵
  PID:8556
- C:\Windows\System\GDyEmth.exe
  C:\Windows\System\GDyEmth.exe
  2⤵
  PID:8576
- C:\Windows\System\eKztWwz.exe
  C:\Windows\System\eKztWwz.exe
  2⤵
  PID:8604
- C:\Windows\System\fCMnSpB.exe
  C:\Windows\System\fCMnSpB.exe
  2⤵
  PID:8620
- C:\Windows\System\yLfzeec.exe
  C:\Windows\System\yLfzeec.exe
  2⤵
  PID:8636
- C:\Windows\System\qwnkpQB.exe
  C:\Windows\System\qwnkpQB.exe
  2⤵
  PID:8652
- C:\Windows\System\KEInBtw.exe
  C:\Windows\System\KEInBtw.exe
  2⤵
  PID:8668
- C:\Windows\System\BjqCJnV.exe
  C:\Windows\System\BjqCJnV.exe
  2⤵
  PID:8704
- C:\Windows\System\fcBTKIB.exe
  C:\Windows\System\fcBTKIB.exe
  2⤵
  PID:8720
- C:\Windows\System\pnDvrSn.exe
  C:\Windows\System\pnDvrSn.exe
  2⤵
  PID:8744
- C:\Windows\System\XKjAYTR.exe
  C:\Windows\System\XKjAYTR.exe
  2⤵
  PID:8760
- C:\Windows\System\HTXevMz.exe
  C:\Windows\System\HTXevMz.exe
  2⤵
  PID:8788
- C:\Windows\System\SQsfFyh.exe
  C:\Windows\System\SQsfFyh.exe
  2⤵
  PID:8804
- C:\Windows\System\yaArHKr.exe
  C:\Windows\System\yaArHKr.exe
  2⤵
  PID:8824
- C:\Windows\System\vhCSZLw.exe
  C:\Windows\System\vhCSZLw.exe
  2⤵
  PID:8840
- C:\Windows\System\KzCRxpk.exe
  C:\Windows\System\KzCRxpk.exe
  2⤵
  PID:8856
- C:\Windows\System\xehGRnO.exe
  C:\Windows\System\xehGRnO.exe
  2⤵
  PID:8876
- C:\Windows\System\SWFceik.exe
  C:\Windows\System\SWFceik.exe
  2⤵
  PID:8908
- C:\Windows\System\NSlTZlr.exe
  C:\Windows\System\NSlTZlr.exe
  2⤵
  PID:8928
- C:\Windows\System\iGmzvuH.exe
  C:\Windows\System\iGmzvuH.exe
  2⤵
  PID:8944
- C:\Windows\System\nTAoWFy.exe
  C:\Windows\System\nTAoWFy.exe
  2⤵
  PID:8960
- C:\Windows\System\WuLgCKk.exe
  C:\Windows\System\WuLgCKk.exe
  2⤵
  PID:8976
- C:\Windows\System\ISaFxeT.exe
  C:\Windows\System\ISaFxeT.exe
  2⤵
  PID:9004
- C:\Windows\System\EBDvDPm.exe
  C:\Windows\System\EBDvDPm.exe
  2⤵
  PID:9020
- C:\Windows\System\FhwmyCj.exe
  C:\Windows\System\FhwmyCj.exe
  2⤵
  PID:9036
- C:\Windows\System\juJgLQX.exe
  C:\Windows\System\juJgLQX.exe
  2⤵
  PID:9052
- C:\Windows\System\GNwyFaH.exe
  C:\Windows\System\GNwyFaH.exe
  2⤵
  PID:9080
- C:\Windows\System\ceTVUsJ.exe
  C:\Windows\System\ceTVUsJ.exe
  2⤵
  PID:9104
- C:\Windows\System\mZsgBSB.exe
  C:\Windows\System\mZsgBSB.exe
  2⤵
  PID:9132
- C:\Windows\System\KbWiLum.exe
  C:\Windows\System\KbWiLum.exe
  2⤵
  PID:9148
- C:\Windows\System\ZJtIhWv.exe
  C:\Windows\System\ZJtIhWv.exe
  2⤵
  PID:9164
- C:\Windows\System\MwzALUp.exe
  C:\Windows\System\MwzALUp.exe
  2⤵
  PID:9180
- C:\Windows\System\VgPkTqj.exe
  C:\Windows\System\VgPkTqj.exe
  2⤵
  PID:9196
- C:\Windows\System\NyAmncT.exe
  C:\Windows\System\NyAmncT.exe
  2⤵
  PID:8208
- C:\Windows\System\sTNUpwe.exe
  C:\Windows\System\sTNUpwe.exe
  2⤵
  PID:7756
- C:\Windows\System\GFLQwBg.exe
  C:\Windows\System\GFLQwBg.exe
  2⤵
  PID:8172
- C:\Windows\System\sWQrpSa.exe
  C:\Windows\System\sWQrpSa.exe
  2⤵
  PID:8160
- C:\Windows\System\OSnonKa.exe
  C:\Windows\System\OSnonKa.exe
  2⤵
  PID:8144
- C:\Windows\System\NhLdddh.exe
  C:\Windows\System\NhLdddh.exe
  2⤵
  PID:8276
- C:\Windows\System\OefVXUk.exe
  C:\Windows\System\OefVXUk.exe
  2⤵
  PID:8296
- C:\Windows\System\NnEijHH.exe
  C:\Windows\System\NnEijHH.exe
  2⤵
  PID:8404
- C:\Windows\System\KtMTIqW.exe
  C:\Windows\System\KtMTIqW.exe
  2⤵
  PID:8428
- C:\Windows\System\oHljuGa.exe
  C:\Windows\System\oHljuGa.exe
  2⤵
  PID:8452
- C:\Windows\System\xiFXcyK.exe
  C:\Windows\System\xiFXcyK.exe
  2⤵
  PID:8424
- C:\Windows\System\dOpnWTY.exe
  C:\Windows\System\dOpnWTY.exe
  2⤵
  PID:8468
- C:\Windows\System\tLBeWDQ.exe
  C:\Windows\System\tLBeWDQ.exe
  2⤵
  PID:8496
- C:\Windows\System\iKaiNRP.exe
  C:\Windows\System\iKaiNRP.exe
  2⤵
  PID:8548
- C:\Windows\System\tXBMlPV.exe
  C:\Windows\System\tXBMlPV.exe
  2⤵
  PID:8592
- C:\Windows\System\BYdRruI.exe
  C:\Windows\System\BYdRruI.exe
  2⤵
  PID:8616
- C:\Windows\System\tvyJpHM.exe
  C:\Windows\System\tvyJpHM.exe
  2⤵
  PID:8648
- C:\Windows\System\fjgGesd.exe
  C:\Windows\System\fjgGesd.exe
  2⤵
  PID:8684
- C:\Windows\System\jwgFwaN.exe
  C:\Windows\System\jwgFwaN.exe
  2⤵
  PID:8712
- C:\Windows\System\YMubNQp.exe
  C:\Windows\System\YMubNQp.exe
  2⤵
  PID:8736
- C:\Windows\System\snZOTDL.exe
  C:\Windows\System\snZOTDL.exe
  2⤵
  PID:8768
- C:\Windows\System\rDOcdmY.exe
  C:\Windows\System\rDOcdmY.exe
  2⤵
  PID:8796
- C:\Windows\System\nyuIBKS.exe
  C:\Windows\System\nyuIBKS.exe
  2⤵
  PID:8820
- C:\Windows\System\TNPLcyE.exe
  C:\Windows\System\TNPLcyE.exe
  2⤵
  PID:8884
- C:\Windows\System\dLZBugz.exe
  C:\Windows\System\dLZBugz.exe
  2⤵
  PID:8900
- C:\Windows\System\qXoJTie.exe
  C:\Windows\System\qXoJTie.exe
  2⤵
  PID:8952
- C:\Windows\System\mBbJWrt.exe
  C:\Windows\System\mBbJWrt.exe
  2⤵
  PID:8988
- C:\Windows\System\eRgcQlD.exe
  C:\Windows\System\eRgcQlD.exe
  2⤵
  PID:9000
- C:\Windows\System\deamTNq.exe
  C:\Windows\System\deamTNq.exe
  2⤵
  PID:9032
- C:\Windows\System\DxCHJuT.exe
  C:\Windows\System\DxCHJuT.exe
  2⤵
  PID:9076
- C:\Windows\System\KsoXHST.exe
  C:\Windows\System\KsoXHST.exe
  2⤵
  PID:9088
- C:\Windows\System\viCxpMb.exe
  C:\Windows\System\viCxpMb.exe
  2⤵
  PID:9124
- C:\Windows\System\kPTdQTo.exe
  C:\Windows\System\kPTdQTo.exe
  2⤵
  PID:9120
- C:\Windows\System\PIVAwYA.exe
  C:\Windows\System\PIVAwYA.exe
  2⤵
  PID:6212
- C:\Windows\System\RECtXWp.exe
  C:\Windows\System\RECtXWp.exe
  2⤵
  PID:9204
- C:\Windows\System\btGpPeh.exe
  C:\Windows\System\btGpPeh.exe
  2⤵
  PID:8272
- C:\Windows\System\JUfaCDZ.exe
  C:\Windows\System\JUfaCDZ.exe
  2⤵
  PID:8292
- C:\Windows\System\YndnHOi.exe
  C:\Windows\System\YndnHOi.exe
  2⤵
  PID:8340
- C:\Windows\System\PxmECuP.exe
  C:\Windows\System\PxmECuP.exe
  2⤵
  PID:8388
- C:\Windows\System\wzSbBgW.exe
  C:\Windows\System\wzSbBgW.exe
  2⤵
  PID:8360
- C:\Windows\System\UoVwvIj.exe
  C:\Windows\System\UoVwvIj.exe
  2⤵
  PID:8528
- C:\Windows\System\YuczUwk.exe
  C:\Windows\System\YuczUwk.exe
  2⤵
  PID:8552
- C:\Windows\System\snHKEPB.exe
  C:\Windows\System\snHKEPB.exe
  2⤵
  PID:9096
- C:\Windows\System\Zvqgavj.exe
  C:\Windows\System\Zvqgavj.exe
  2⤵
  PID:8600
- C:\Windows\System\iawDGuS.exe
  C:\Windows\System\iawDGuS.exe
  2⤵
  PID:8732
- C:\Windows\System\AZJSDpY.exe
  C:\Windows\System\AZJSDpY.exe
  2⤵
  PID:8836
- C:\Windows\System\mpWslnq.exe
  C:\Windows\System\mpWslnq.exe
  2⤵
  PID:8916
- C:\Windows\System\pDuDoGe.exe
  C:\Windows\System\pDuDoGe.exe
  2⤵
  PID:8752
- C:\Windows\System\fwWVZhu.exe
  C:\Windows\System\fwWVZhu.exe
  2⤵
  PID:8692
- C:\Windows\System\oGGUcXA.exe
  C:\Windows\System\oGGUcXA.exe
  2⤵
  PID:8940
- C:\Windows\System\qihfAmv.exe
  C:\Windows\System\qihfAmv.exe
  2⤵
  PID:9064
- C:\Windows\System\MPYaeIC.exe
  C:\Windows\System\MPYaeIC.exe
  2⤵
  PID:9116
- C:\Windows\System\PYJEnoB.exe
  C:\Windows\System\PYJEnoB.exe
  2⤵
  PID:7516
- C:\Windows\System\OPPttds.exe
  C:\Windows\System\OPPttds.exe
  2⤵
  PID:9176
- C:\Windows\System\FtNXsts.exe
  C:\Windows\System\FtNXsts.exe
  2⤵
  PID:8568
- C:\Windows\System\ocejJTI.exe
  C:\Windows\System\ocejJTI.exe
  2⤵
  PID:8284
- C:\Windows\System\owfIkvo.exe
  C:\Windows\System\owfIkvo.exe
  2⤵
  PID:8516
- C:\Windows\System\yUtPDfo.exe
  C:\Windows\System\yUtPDfo.exe
  2⤵
  PID:8740
- C:\Windows\System\jpioRvH.exe
  C:\Windows\System\jpioRvH.exe
  2⤵
  PID:8460
- C:\Windows\System\ERSOkFO.exe
  C:\Windows\System\ERSOkFO.exe
  2⤵
  PID:8984
- C:\Windows\System\cMGWuUF.exe
  C:\Windows\System\cMGWuUF.exe
  2⤵
  PID:8700
- C:\Windows\System\foudCey.exe
  C:\Windows\System\foudCey.exe
  2⤵
  PID:8344
- C:\Windows\System\npittxc.exe
  C:\Windows\System\npittxc.exe
  2⤵
  PID:8660
- C:\Windows\System\oGgngaa.exe
  C:\Windows\System\oGgngaa.exe
  2⤵
  PID:8992
- C:\Windows\System\kLrKDDR.exe
  C:\Windows\System\kLrKDDR.exe
  2⤵
  PID:8216
- C:\Windows\System\KjKoOSS.exe
  C:\Windows\System\KjKoOSS.exe
  2⤵
  PID:9212
- C:\Windows\System\MtNXZeR.exe
  C:\Windows\System\MtNXZeR.exe
  2⤵
  PID:8268
- C:\Windows\System\HHaNClM.exe
  C:\Windows\System\HHaNClM.exe
  2⤵
  PID:8476
- C:\Windows\System\jIKvWQm.exe
  C:\Windows\System\jIKvWQm.exe
  2⤵
  PID:8728
- C:\Windows\System\RSWQpYp.exe
  C:\Windows\System\RSWQpYp.exe
  2⤵
  PID:9028
- C:\Windows\System\mKSMbSy.exe
  C:\Windows\System\mKSMbSy.exe
  2⤵
  PID:8512
- C:\Windows\System\mttFMHO.exe
  C:\Windows\System\mttFMHO.exe
  2⤵
  PID:9156
- C:\Windows\System\slCCzUL.exe
  C:\Windows\System\slCCzUL.exe
  2⤵
  PID:8140
- C:\Windows\System\pHacjxL.exe
  C:\Windows\System\pHacjxL.exe
  2⤵
  PID:8612
- C:\Windows\System\viParrb.exe
  C:\Windows\System\viParrb.exe
  2⤵
  PID:8448
- C:\Windows\System\VRwfBVe.exe
  C:\Windows\System\VRwfBVe.exe
  2⤵
  PID:8492
- C:\Windows\System\ZzBxWXZ.exe
  C:\Windows\System\ZzBxWXZ.exe
  2⤵
  PID:8236
- C:\Windows\System\SRBrfSw.exe
  C:\Windows\System\SRBrfSw.exe
  2⤵
  PID:8444
- C:\Windows\System\BkRNxyw.exe
  C:\Windows\System\BkRNxyw.exe
  2⤵
  PID:8564
- C:\Windows\System\avgiITA.exe
  C:\Windows\System\avgiITA.exe
  2⤵
  PID:7524
- C:\Windows\System\vRlpSUx.exe
  C:\Windows\System\vRlpSUx.exe
  2⤵
  PID:8968
- C:\Windows\System\nNLXLFS.exe
  C:\Windows\System\nNLXLFS.exe
  2⤵
  PID:8240
- C:\Windows\System\RTniEex.exe
  C:\Windows\System\RTniEex.exe
  2⤵
  PID:9092
- C:\Windows\System\nTdDpuu.exe
  C:\Windows\System\nTdDpuu.exe
  2⤵
  PID:9236
- C:\Windows\System\MaiOHIo.exe
  C:\Windows\System\MaiOHIo.exe
  2⤵
  PID:9256
- C:\Windows\System\eRMIzXr.exe
  C:\Windows\System\eRMIzXr.exe
  2⤵
  PID:9272
- C:\Windows\System\ZkDINvl.exe
  C:\Windows\System\ZkDINvl.exe
  2⤵
  PID:9288
- C:\Windows\System\RUtScoG.exe
  C:\Windows\System\RUtScoG.exe
  2⤵
  PID:9312
- C:\Windows\System\JIqfijR.exe
  C:\Windows\System\JIqfijR.exe
  2⤵
  PID:9332
- C:\Windows\System\mFBAiwZ.exe
  C:\Windows\System\mFBAiwZ.exe
  2⤵
  PID:9348
- C:\Windows\System\ZZrqxod.exe
  C:\Windows\System\ZZrqxod.exe
  2⤵
  PID:9368
- C:\Windows\System\ZRLhghy.exe
  C:\Windows\System\ZRLhghy.exe
  2⤵
  PID:9384
- C:\Windows\System\yzLpfjm.exe
  C:\Windows\System\yzLpfjm.exe
  2⤵
  PID:9412
- C:\Windows\System\sOOCmKL.exe
  C:\Windows\System\sOOCmKL.exe
  2⤵
  PID:9432
- C:\Windows\System\lsYGVRU.exe
  C:\Windows\System\lsYGVRU.exe
  2⤵
  PID:9456
- C:\Windows\System\sZGRpOK.exe
  C:\Windows\System\sZGRpOK.exe
  2⤵
  PID:9472
- C:\Windows\System\UWUoRvJ.exe
  C:\Windows\System\UWUoRvJ.exe
  2⤵
  PID:9496
- C:\Windows\System\TyJooeg.exe
  C:\Windows\System\TyJooeg.exe
  2⤵
  PID:9516
- C:\Windows\System\OXoutrX.exe
  C:\Windows\System\OXoutrX.exe
  2⤵
  PID:9532
- C:\Windows\System\FAoRItj.exe
  C:\Windows\System\FAoRItj.exe
  2⤵
  PID:9552
- C:\Windows\System\AHwJowN.exe
  C:\Windows\System\AHwJowN.exe
  2⤵
  PID:9568
- C:\Windows\System\sNNtBOa.exe
  C:\Windows\System\sNNtBOa.exe
  2⤵
  PID:9588
- C:\Windows\System\KcfDVPY.exe
  C:\Windows\System\KcfDVPY.exe
  2⤵
  PID:9612
- C:\Windows\System\utscjBa.exe
  C:\Windows\System\utscjBa.exe
  2⤵
  PID:9628
- C:\Windows\System\kMHgqeV.exe
  C:\Windows\System\kMHgqeV.exe
  2⤵
  PID:9644
- C:\Windows\System\ZBHuzgD.exe
  C:\Windows\System\ZBHuzgD.exe
  2⤵
  PID:9660
- C:\Windows\System\nIvUNmA.exe
  C:\Windows\System\nIvUNmA.exe
  2⤵
  PID:9676
- C:\Windows\System\pLHcTrj.exe
  C:\Windows\System\pLHcTrj.exe
  2⤵
  PID:9692
- C:\Windows\System\DNoUngh.exe
  C:\Windows\System\DNoUngh.exe
  2⤵
  PID:9712
- C:\Windows\System\HfQcZSh.exe
  C:\Windows\System\HfQcZSh.exe
  2⤵
  PID:9736
- C:\Windows\System\OCPnzvi.exe
  C:\Windows\System\OCPnzvi.exe
  2⤵
  PID:9752
- C:\Windows\System\EgngIum.exe
  C:\Windows\System\EgngIum.exe
  2⤵
  PID:9768
- C:\Windows\System\irXNpcd.exe
  C:\Windows\System\irXNpcd.exe
  2⤵
  PID:9804
- C:\Windows\System\CGUptLV.exe
  C:\Windows\System\CGUptLV.exe
  2⤵
  PID:9820
- C:\Windows\System\XIPVYZf.exe
  C:\Windows\System\XIPVYZf.exe
  2⤵
  PID:9836
- C:\Windows\System\nhPYyvv.exe
  C:\Windows\System\nhPYyvv.exe
  2⤵
  PID:9864
- C:\Windows\System\pJkoWci.exe
  C:\Windows\System\pJkoWci.exe
  2⤵
  PID:9880
- C:\Windows\System\eKroNPt.exe
  C:\Windows\System\eKroNPt.exe
  2⤵
  PID:9900
- C:\Windows\System\ZpIzUcf.exe
  C:\Windows\System\ZpIzUcf.exe
  2⤵
  PID:9920
- C:\Windows\System\GghcuiH.exe
  C:\Windows\System\GghcuiH.exe
  2⤵
  PID:9944
- C:\Windows\System\bDLwZCX.exe
  C:\Windows\System\bDLwZCX.exe
  2⤵
  PID:9968
- C:\Windows\System\eeWIrWg.exe
  C:\Windows\System\eeWIrWg.exe
  2⤵
  PID:10000
- C:\Windows\System\HGjNmqS.exe
  C:\Windows\System\HGjNmqS.exe
  2⤵
  PID:10016
- C:\Windows\System\ZGPDKHQ.exe
  C:\Windows\System\ZGPDKHQ.exe
  2⤵
  PID:10032
- C:\Windows\System\ltIXXXb.exe
  C:\Windows\System\ltIXXXb.exe
  2⤵
  PID:10052
- C:\Windows\System\ygddSSj.exe
  C:\Windows\System\ygddSSj.exe
  2⤵
  PID:10068
- C:\Windows\System\ncaWoky.exe
  C:\Windows\System\ncaWoky.exe
  2⤵
  PID:10084
- C:\Windows\System\LyyAMiA.exe
  C:\Windows\System\LyyAMiA.exe
  2⤵
  PID:10104
- C:\Windows\System\gWagCeV.exe
  C:\Windows\System\gWagCeV.exe
  2⤵
  PID:10120
- C:\Windows\System\ZOcISui.exe
  C:\Windows\System\ZOcISui.exe
  2⤵
  PID:10136
- C:\Windows\System\cDSxvSX.exe
  C:\Windows\System\cDSxvSX.exe
  2⤵
  PID:10172
- C:\Windows\System\ABsSnZC.exe
  C:\Windows\System\ABsSnZC.exe
  2⤵
  PID:10188
- C:\Windows\System\ByZSIYB.exe
  C:\Windows\System\ByZSIYB.exe
  2⤵
  PID:10212
- C:\Windows\System\WsrhZqz.exe
  C:\Windows\System\WsrhZqz.exe
  2⤵
  PID:10228
- C:\Windows\System\SuFPROS.exe
  C:\Windows\System\SuFPROS.exe
  2⤵
  PID:8212
- C:\Windows\System\YbkwLJP.exe
  C:\Windows\System\YbkwLJP.exe
  2⤵
  PID:9252
- C:\Windows\System\sLUPfGx.exe
  C:\Windows\System\sLUPfGx.exe
  2⤵
  PID:9268
- C:\Windows\System\iyRlDBT.exe
  C:\Windows\System\iyRlDBT.exe
  2⤵
  PID:9308
- C:\Windows\System\PEQzqLU.exe
  C:\Windows\System\PEQzqLU.exe
  2⤵
  PID:9344
- C:\Windows\System\nmibPrk.exe
  C:\Windows\System\nmibPrk.exe
  2⤵
  PID:9380
- C:\Windows\System\mWhEZmp.exe
  C:\Windows\System\mWhEZmp.exe
  2⤵
  PID:9428
- C:\Windows\System\MOfahba.exe
  C:\Windows\System\MOfahba.exe
  2⤵
  PID:9444
- C:\Windows\System\ZZbOMWm.exe
  C:\Windows\System\ZZbOMWm.exe
  2⤵
  PID:9492
- C:\Windows\System\vSALMzH.exe
  C:\Windows\System\vSALMzH.exe
  2⤵
  PID:9540
- C:\Windows\System\kGfZslG.exe
  C:\Windows\System\kGfZslG.exe
  2⤵
  PID:9564
- C:\Windows\System\MKHhPQy.exe
  C:\Windows\System\MKHhPQy.exe
  2⤵
  PID:9576
- C:\Windows\System\icFiBxO.exe
  C:\Windows\System\icFiBxO.exe
  2⤵
  PID:9636
- C:\Windows\System\dkQeRxP.exe
  C:\Windows\System\dkQeRxP.exe
  2⤵
  PID:9668
- C:\Windows\System\ntvGxSA.exe
  C:\Windows\System\ntvGxSA.exe
  2⤵
  PID:9792
- C:\Windows\System\vRSOpbf.exe
  C:\Windows\System\vRSOpbf.exe
  2⤵
  PID:9744
- C:\Windows\System\oOkgoJK.exe
  C:\Windows\System\oOkgoJK.exe
  2⤵
  PID:9832
- C:\Windows\System\EbVNiQg.exe
  C:\Windows\System\EbVNiQg.exe
  2⤵
  PID:9724
- C:\Windows\System\ryyADaU.exe
  C:\Windows\System\ryyADaU.exe
  2⤵
  PID:9812
- C:\Windows\System\KvMMTQb.exe
  C:\Windows\System\KvMMTQb.exe
  2⤵
  PID:9844
- C:\Windows\System\LfaTkpL.exe
  C:\Windows\System\LfaTkpL.exe
  2⤵
  PID:9860
- C:\Windows\System\fkhVthD.exe
  C:\Windows\System\fkhVthD.exe
  2⤵
  PID:9932
- C:\Windows\System\IXBUtzy.exe
  C:\Windows\System\IXBUtzy.exe
  2⤵
  PID:9976
- C:\Windows\System\WdBnvOA.exe
  C:\Windows\System\WdBnvOA.exe
  2⤵
  PID:9956
- C:\Windows\System\cYExutb.exe
  C:\Windows\System\cYExutb.exe
  2⤵
  PID:10092
- C:\Windows\System\dLqNkOQ.exe
  C:\Windows\System\dLqNkOQ.exe
  2⤵
  PID:10132
- C:\Windows\System\aNkabgP.exe
  C:\Windows\System\aNkabgP.exe
  2⤵
  PID:10116
- C:\Windows\System\ffNRrpX.exe
  C:\Windows\System\ffNRrpX.exe
  2⤵
  PID:9320
- C:\Windows\System\BQxtrvF.exe
  C:\Windows\System\BQxtrvF.exe
  2⤵
  PID:10012
- C:\Windows\System\pGujlEG.exe
  C:\Windows\System\pGujlEG.exe
  2⤵
  PID:10044
- C:\Windows\System\kfGVxzc.exe
  C:\Windows\System\kfGVxzc.exe
  2⤵
  PID:10112
- C:\Windows\System\rIEeDuy.exe
  C:\Windows\System\rIEeDuy.exe
  2⤵
  PID:10196
- C:\Windows\System\YNlDqRx.exe
  C:\Windows\System\YNlDqRx.exe
  2⤵
  PID:9280
- C:\Windows\System\XHXyTsR.exe
  C:\Windows\System\XHXyTsR.exe
  2⤵
  PID:10208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\LcDTDFh.exe

Filesize
6.1MB

MD5
d6c76cb70e9ae43932efc055ee1698a1

SHA1
ba3b4d39e5ebb86511990b0c63f834d7ad44d588

SHA256
c9f22c2202ba6cba03a5df64f25365ebb6b7d64e3b716bcf1287b1f03f9b3e9c

SHA512
a7fdeac44b46381f04f93a2e59328844eb6377649870277e642c7e5b12bea5bca74ae71591f9e40d4ca2c93987ee4265f7f084dd65ff48ce511c2ef367f25ee0

Download Submit
C:\Windows\system\TPmxMQk.exe

Filesize
6.1MB

MD5
61e7d8d677a4b609108e3030b1a6a691

SHA1
51c3c1bb2f7d2205e91f60921192d5c8292ddb2f

SHA256
6340b06c6fde742eb01c04ea38507f58fc0bc9e0957473e2882e8ec11adf41d3

SHA512
88abcd81cc7f8de0303f9c68ca288ff4c129b7e435437865c546de5b313202fba570c9e0076faeeb58139c1c8842cdb7061f370ef78da247d680948809e04675

Download Submit
C:\Windows\system\TbrUhPq.exe

Filesize
6.1MB

MD5
f7e7726192c304da8c8ca14d273cccfd

SHA1
667819ec3d63f7e7b3cc8eac6a65051d6e261536

SHA256
17e469688cf92fe35a7a6de9948d89e13f9e672612aa930f25581e3f5ced1d5a

SHA512
657b62b56468055844b0414a32a9b6889a05a4bfb2eb97f83138e27fa97a4eeee1a5f5c466d9ed830d31869a409377d90ed2a52381e14311100cb798b44f4a97

Download Submit
C:\Windows\system\XpHybih.exe

Filesize
6.1MB

MD5
9468d2f348095a79f1204ceec77f29d6

SHA1
b73d9aacc357617921ce910cc75755ceb7b84f17

SHA256
e45273e853294ba18a2f7d2d570903bc133c546cb4bf2f8e803114b6d13d5d7d

SHA512
249a9cfec6953dff9743dd8a1268e145f0cfb8deb4929299296c4172178a5a081253af5ce88a79ca526a7a557cf1771c386e475c43957bdad34a68ca860b54fc

Download Submit
C:\Windows\system\aJgfQyQ.exe

Filesize
6.1MB

MD5
c1518edd83df918c9a13918bee428a11

SHA1
0fce4645b3e62420834618e29961a7e7e3ca25d2

SHA256
d938b152608dd021382264f7cb4d84735111dc7d2ec460158696f7794a1fbb18

SHA512
874fe97654714ec0186fc6939d8704161a7bcbd84523925e8d72c70107ceb3b06373e9972d99cadf5c0dadb32739fba1277b67c71c405bd5c363a76e97437634

Download Submit
C:\Windows\system\afArSBp.exe

Filesize
6.1MB

MD5
27001f9505c6e5b5518a012281360ad5

SHA1
c41b0e12458638720bc2215c9c9c83d86bb14eb9

SHA256
9710fd7cb98d06d664e91680f812ca682098c828d1a2f6c8b4c4564a0cb5181d

SHA512
df99bfb0ff536ab561babef614c6dde59be07b8d6bb45b3d054e1e87a0cf965ea9c5136b4caf2f08935bcb672d678040114b004ed554a1d4288f51e7df614675

Download Submit
C:\Windows\system\bRElnKM.exe

Filesize
6.1MB

MD5
50e50c8403311189dad14c2a2df982ab

SHA1
41bed335e4fe70b03a94983e593a988ac19301fe

SHA256
213bd03508314e8f6fc665fd1547a483e46b2093fb66af3272b75a7d7eb7aaa5

SHA512
c764a3c67b3e889e6fdea22c26f6d13d514fe84abae6abd821ceceb34a2e0a3a6d88f31816ddac252e558270a3611d72e13b03e57b922d685b8630434e9346a5

Download Submit
C:\Windows\system\ctTEfbg.exe

Filesize
6.1MB

MD5
5fd32e37cd9fc78032665de05a4bb5c0

SHA1
871426a32fd0608ffe3ae652c6d93f9dc9cd243c

SHA256
9261acc7b15f959f439b5d81d93e989e3097499ae638302a5cd4f859f75d7b99

SHA512
fcf5672f16e71a090087e5e1bdf7cae6c5c86bbc62981a98e7825a702b6cc4c29b4e2e81cca50cc28d677636af097db5d8194f6638391ddc16acbf7d8c5a14c3

Download Submit
C:\Windows\system\czDBIUi.exe

Filesize
6.1MB

MD5
a061157a822a74771b50308b8e7c705d

SHA1
0f389ac7d91f00b6f3f57c530f67a8a7edfe7e10

SHA256
90602692a20f3df0e3ddc4a760009e62d9087369284d4c623e148a10384bb960

SHA512
e3d3162555acd72faccbd477dd7447912cc66965a3d08f3b74bd1bded6b2a5308ecbb7c803584417136d910ecc7639701f8945b6e9edb9d61147645799259c72

Download Submit
C:\Windows\system\glODJuw.exe

Filesize
6.1MB

MD5
bdbb27a19209afeebff23f211fc19a32

SHA1
b0241c7271b1d94b971aa579f7213189c932a1d2

SHA256
1dac1979d0a0ec8a1d41f2f706b133e2aa6fa54608da1b09a592cc710986036b

SHA512
d4967c2f37675ede350e060e11bc09265f2a238ec788748c53b86fd43dcfd677c24aa63451db938c3c31ee7f8fe8a2076099067ecdd9b262ac9d97606d8b8a1e

Download Submit
C:\Windows\system\oIvaJzY.exe

Filesize
6.1MB

MD5
cfd3c35aa0f08435554f263e59c58f32

SHA1
f494110ba23d052cf23d7ec7cd7d929f689a4239

SHA256
c8d9eb9e3b8bd0f3035365bc45e6d0adbe753fc74ce9adf5571ccddd2a2ad29b

SHA512
e859178ededf19a8534afc35d11ee23f2f0c31a20ead6b189349efdc3ba712f6e4f3f5edb0583dc6b72bfc8077809e6a9d403359b298496bb50fdd64e1f03703

Download Submit
C:\Windows\system\qArImHW.exe

Filesize
6.1MB

MD5
7d0db5c18c33da2c1b16a0ce2da0d29e

SHA1
d3ab19e9967824cca1f882dd0500c369cb608ba9

SHA256
0e81d54a369b65fb3ad65db007d035c3a62751886b6ef9ac4867a55d07b260ae

SHA512
72219ac8bdc4e6681d1a611feb42c00b38e59875a30ee5e4e0c14bceb5c2aed12d195c4757ab7cede5d063e9f1034c59fdb134ce488816cdd7e034f127691276

Download Submit
C:\Windows\system\sWHpnLt.exe

Filesize
6.1MB

MD5
93481bb1808e5a5a96747fa81f9d0ed0

SHA1
9540f2acaab390e00f9602ff019efdb68f7f0c7e

SHA256
89dc03c7451b22becdf940ce1dcb880892e4806abda6e01abb913a7d54de3c54

SHA512
fdc7785883441dac25a74d40494dd0e64c4f86613de0da10ed6dd7ea8fbe1f4ffbfe26f1f3c913dfb4e5ae77daf68e61c75bd8de8b5c516e9d0fd0a127b047fc

Download Submit
C:\Windows\system\yCetIPD.exe

Filesize
6.1MB

MD5
5823200eaaa85a7c52c90c0330a2138d

SHA1
da9450f0165012492ce0a6ee70cc5d3b09061d38

SHA256
ff7fe4371513d981c26761f36a39c3c09e7c84439710b8b74a11f73524494ddc

SHA512
6ef82b00b8932508a56f541fd4ed49255b348b3ef6dd21c3e189bbb6608cafba60d8463e01aab9b4ccede774d7883b53015aebd69f64836556ac9514ff3e3895

Download Submit
C:\Windows\system\zhvOcMv.exe

Filesize
6.1MB

MD5
bb2ad43b1d324cc4e7c97b51017cfd9c

SHA1
b71148fadf30cdacfc57866751bc499537fdbf56

SHA256
b1c41f93cb05eac1b4c006ed0dfd6234b580d90d7e7f5825ee97f57f6ff893d5

SHA512
743bca9c63af59ae57993446e20492534a09ab5fccc3a9688444ba82690d451c4d3cad265310fca3898336eca0cdebfd6319a982a2a10496efb35ae68f62dcc9

Download Submit
C:\Windows\system\zuCGHgp.exe

Filesize
6.1MB

MD5
de112af75f053d0f3ab61defdb52c3e4

SHA1
bf15ad04e6999ed614f892c079e53c8c31b36158

SHA256
b51552495a10e97b5af87319299982fce8111a2f4dbffdd89b88db444b1f58a5

SHA512
a0e0ac660932cf5fcb7c754565195ccc4e4da95a40e393c75c2651606bec001bc120345c5e1bebb773291461ddcc5f09f41869e07eb09c120791a77c219fb7f9

Download Submit
\Windows\system\DwTQLzn.exe

Filesize
6.1MB

MD5
f0a9447a4a31ca9ec62d7cb2522f5d98

SHA1
95cb425a98c29e0f0633765c32896372e265ec2c

SHA256
43a11cdc18d7af8cda5b5eb381a3711f3243db53db0bfe2c4262c58fcc631c53

SHA512
8fa748324de6511f789e331150fb488167b714b6629f34a734ca7497c9dea5854e8031f43b1ba8e309b8bdab8279c065084447b5e0de18fd281af758939edc57

Download Submit
\Windows\system\GlqJsyq.exe

Filesize
6.1MB

MD5
4a8683e189b854622358f7566be31903

SHA1
0f35e592e75c59a454d8bf705aeef9e467589645

SHA256
0751562e6700ac9050321c025721b2239102294af31d3e16b9a895196b3592d1

SHA512
ca57242a03acffc467f6adf106e92de2d96032a0e5f0e8a1f7f82aacf7f07d586c1a3586eab8efc3e50268a91eca1e11c2d0eaa3b8ace896400f507c17b80777

Download Submit
\Windows\system\HjkNydT.exe

Filesize
6.1MB

MD5
b2e5cd465909a92f4bbef1921cf11882

SHA1
5fba854ddcc6a41500696405ff11bdd102765e81

SHA256
f36527f63ae227caf3a5159059a13b6e5c625391204d028e9ad07585131e7537

SHA512
2afe3a89a692ae3339c9b24a3b5915da08fb5959b5ee274cad2ac229088ccfb9c700c318c1f32a9682f596bb433669141e9f3f7d21154772ff0d32821b7482a1

Download Submit
\Windows\system\KMzHWDP.exe

Filesize
6.1MB

MD5
6db462a24cce75f739cd94f0776fa5b9

SHA1
596d866e7ca9c66303a87fa5025e0dcfe13f1dc2

SHA256
33fc291912920bf40845bb9c2d3e1dae24e1bd2e190cf960010e3a6192ea8996

SHA512
07bc2a5a355e009ad3515403a6090723647995240d1817ff061985d172d5cf2ab39a2e10a249d4dc6588a81895337012158b6d169e7e3350f8f6514eb7d7eb86

Download Submit
\Windows\system\KSNcPLv.exe

Filesize
6.1MB

MD5
7d7654cae5809619073962a39fb22401

SHA1
dcdb0fd4208d6ee8deb8a6ded0b14df12a0c0204

SHA256
54754b025d8252a121359ddc165e0e961b7b6f7a2ffa9411a28db260c8e61f96

SHA512
0883d44b1b01340ad068be7121de42fb59b0c3352692bf32627647eb87fc4c59f00f4400121ad9334d2f7701374d91be047ce6b8cfb1b1382c4e5f15581aaffd

Download Submit
\Windows\system\QryPeRJ.exe

Filesize
6.1MB

MD5
e0655d8f88c6c097755a133ac922c3e1

SHA1
4dcf257ad91e7973411dfa12885e1b7d43792733

SHA256
f93d777f45e087d3556e6254c9cacd3510f41317357a3ab8c07ca5036060872d

SHA512
66ceb57ccea333ed52b535d470d36f29524d44859e952191c2bdd0903b2b375883335afc1dc235b56d9d9f81caf82abd6c3d5c72501966c4c57065cd4c3f2d49

Download Submit
\Windows\system\VfLrxTk.exe

Filesize
6.1MB

MD5
bb095c0d4dd9e2679006f8f96affa68f

SHA1
c9c0f42c16d3fd137b30ef3c5ca2edc240025494

SHA256
a9920a8a9f39e85b143f96dc279b0c92fd7ae934f0288bf4ee915a4fadf14b95

SHA512
cfe64f744572be20468a8130d988b45ba1f24ab95c93f4a9226a81cb385e498b7cca9cdf92f951392cdc0a4c84b884af4296b863d807c75737dbbfc5de12da99

Download Submit
\Windows\system\WekXrLR.exe

Filesize
6.1MB

MD5
3f5f5fbdd028dbbf573be83a12512cb1

SHA1
a2815cfa61c18ddef31b6f556ee624613f81e05f

SHA256
0bc7f697269fe5693f22b59243384b37bbfd7ecc72e5b084e6cd870e3482f0e0

SHA512
da63d7076e37944e7cbac0c918a8ab8551518d548e7e835146517db335493a9ea7ff3671451f6c9ae40d11509e580cd92ba91e096e6438ad66d9301bbfce2413

Download Submit
\Windows\system\mTdRvnh.exe

Filesize
6.1MB

MD5
bcb05eb598d350926aec356d16be37ed

SHA1
9ccd68e9dc8a3c73cca033c04ca82f11a81c2d3b

SHA256
46c9d3b22b5d49d552ff49e92dbe86befec864f06a614fd1f3c6ab2c12a18ba6

SHA512
c452db1e7dfb0cb880e7fd3b0388861aa56cd110987cd52a5aad56b2e893fcc7be6434f808432ef7e560ea126b34dc431136357d0683206c5b109795309acb4e

Download Submit
\Windows\system\mitSiwH.exe

Filesize
6.1MB

MD5
f239e32a0f36b4161b51a1596da2bb96

SHA1
ce5b96f11b49868074dd678133fdf68c30743ed0

SHA256
e173774d86287e9ec14c93914ade576b8ab1ba8e12eb6a7d9458b08934f31ab0

SHA512
76e6b732bf276180a4bd280ed57cc72bbcf96e8022c37197e1e7e161e29597669383d51dae5039ab0adf43d5c66eef0ad8b1307d1707051cfa6b045565c699d8

Download Submit
\Windows\system\ohdpFSo.exe

Filesize
6.1MB

MD5
87e48fcbfca2689d40d88826a645af35

SHA1
3b6b211349a7f6821bba39e5919d115fe61282db

SHA256
4a0030e1c4b3c1c6035bae098bf366b4a556fdf1bf44bcbdae1e33f8d8832363

SHA512
ff24ca7fbdce1c955cd28721a8a449a5850d4abdf51395cf8b1e0c746c40e3d9e899525d8fd6589928b4a219d400260ab7a32b40a6c3b94f0eb2dbc5bbbeeb28

Download Submit
\Windows\system\pYmChPZ.exe

Filesize
6.1MB

MD5
9ac3b59d6a4dc56f2d9f5a2727030f95

SHA1
b09390226703fb2a4d3c40f1afb84ba3ac76dba1

SHA256
ddf7f2154620c602c60624a6dcfea2060ff866635f22cc77e9aa98d7dd7965f1

SHA512
ae2d688639fec3d497f13157629d370443ecef7a7e828377acc01562715173e0eb29421b6c7bbd8ed096725c0eba4d3e0d2922ff5a93bcc9eb19c098a7b119e5

Download Submit
\Windows\system\rlQtNJq.exe

Filesize
6.1MB

MD5
d34cdfcfac172ee6c42f131b3b528f31

SHA1
70b7c2dde15c39094b7b301546ccbbb95c305144

SHA256
0197866dab65d02dbfdf1ef5c19a34a18843eb7fc5e2aeaafe1739361f6792da

SHA512
eb992e700da80288c75fad03d7a06eae1de493c847af63523f68f8ab38b4f7287d1a81306b424d5231be2a270be88bb80f33de1d1ee8cacf463db8a9208c78ba

Download Submit
\Windows\system\uEfIgMe.exe

Filesize
6.1MB

MD5
9a142bc2d8a7cfcedb0b936c10c735b2

SHA1
d99882665e614f71c3a195ef717295ac37f27470

SHA256
5461d19fc42b32aaedb6d79ccd0f072b959534b34ec71d7eeeb7eb9d490aa643

SHA512
3164287d0f7f559bbf1cfca2f1da41cb16cb58137abb32c32497c60a8d46802d759dfc25855bd9688e32931540f7fd249c0a0f1d53654da49cffd2619f6a85f4

Download Submit
\Windows\system\ucGBbDP.exe

Filesize
6.1MB

MD5
01543ab2664fbe91e664a87815dd9288

SHA1
d79fa970a4b3aaa06b765d40a708142df1c29e7c

SHA256
5601c99c1b04a65063b52b34191c7cdc74703497684980281b9ceb64b9cdf9f2

SHA512
309df7d8e305fa7b8cb5a3ca059530130caf0e0862c9acc747c1b2be7500a2c55e7a6ca01f27d7e6b6757bd00ef450d3a5814b10bc840f4d66987033e1c95f26

Download Submit
\Windows\system\xuELkCs.exe

Filesize
6.1MB

MD5
172fee05e6ef63ff2d50d7522fcc0fd3

SHA1
87897021b7ea406e2fadf4e6e0b6b661480f683a

SHA256
db9dc28567a6fa6cb0653cbbb081aa0bcfe39276f177cca33690f1ee5e39dd21

SHA512
a432f7a2387326aaf94beccdd070fe5ad7ac3e22d2e32bfaf2419d764f2041874754f4e4732895fb34777fc12ca10a5659db96b3739d92dedc43f1ebabc264d9

Download Submit
memory/768-3332-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/768-32-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/768-67-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-3629-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1156-412-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1156-112-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1928-38-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1928-160-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1928-6-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1928-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-83-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-68-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-74-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-26-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-40-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-66-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-24-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-13-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-85-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1928-101-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-34-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1928-158-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-157-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-159-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-189-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-91-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-3567-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-82-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2200-36-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3337-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2204-94-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3568-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-289-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-3566-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-84-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-161-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-22-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3291-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2508-27-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2508-3261-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2688-174-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3565-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-88-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-72-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3552-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2864-64-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3547-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3533-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2868-52-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3532-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-60-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3256-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-21-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download