cobaltstrike | 8d2162a4476fe9457928a10d64e37b9df82d95afdd392bfdf25fb0ab60646a6a

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

32a55c3a744523563e3dd5eb09405a9a
SHA1

ad1e2e83685d3d332cdbc11187560490af242011
SHA256

8d2162a4476fe9457928a10d64e37b9df82d95afdd392bfdf25fb0ab60646a6a
SHA512

5b76d1440d73cf4678793c8d4277c0bcde5fe71e0dede5e284c56d6e4df497039edaf8ca0f4e7dff4187ced2192f71950d524f7546f8c10331f0abd15e006229
SSDEEP

98304:MLCNtIimedfE0pZXJ56utgpPFotBER/mQ32lUO:aEIiH56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160da-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016689-38.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016399-31.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162e4-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016890-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b86-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-91.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-173.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-168.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-158.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-153.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-128.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-113.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f38-108.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-87.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-82.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-81.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-67.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-62.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016141-18.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2532-0-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-3.dat	xmrig
behavioral1/memory/1192-9-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x00080000000160da-13.dat	xmrig
behavioral1/memory/2532-34-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016689-38.dat	xmrig
behavioral1/memory/2736-42-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2744-35-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2928-32-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0008000000016399-31.dat	xmrig
behavioral1/memory/2060-30-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2704-28-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000162e4-25.dat	xmrig
behavioral1/files/0x0007000000016890-46.dat	xmrig
behavioral1/memory/2332-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016b86-56.dat	xmrig
behavioral1/memory/2768-88-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2532-96-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/memory/2592-98-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2124-99-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1688-97-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2704-95-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2708-93-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x0006000000017570-91.dat	xmrig
behavioral1/memory/2532-90-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f7-104.dat	xmrig
behavioral1/files/0x0005000000018697-116.dat	xmrig
behavioral1/files/0x0005000000019274-188.dat	xmrig
behavioral1/files/0x0005000000019261-183.dat	xmrig
behavioral1/files/0x000500000001924f-178.dat	xmrig
behavioral1/files/0x0005000000019237-173.dat	xmrig
behavioral1/files/0x0006000000019056-163.dat	xmrig
behavioral1/files/0x0005000000019203-168.dat	xmrig
behavioral1/files/0x0006000000018fdf-158.dat	xmrig
behavioral1/files/0x0006000000018d83-153.dat	xmrig
behavioral1/files/0x0006000000018be7-143.dat	xmrig
behavioral1/files/0x0006000000018d7b-148.dat	xmrig
behavioral1/files/0x000500000001871c-133.dat	xmrig
behavioral1/files/0x0005000000018745-138.dat	xmrig
behavioral1/files/0x0005000000018706-123.dat	xmrig
behavioral1/files/0x000500000001870c-128.dat	xmrig
behavioral1/files/0x000d000000018683-113.dat	xmrig
behavioral1/files/0x0008000000015f38-108.dat	xmrig
behavioral1/files/0x00060000000174b4-87.dat	xmrig
behavioral1/memory/1784-84-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-82.dat	xmrig
behavioral1/files/0x00060000000174f8-81.dat	xmrig
behavioral1/files/0x000600000001707f-67.dat	xmrig
behavioral1/memory/1192-65-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c89-62.dat	xmrig
behavioral1/memory/2784-80-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2532-51-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0008000000016141-18.dat	xmrig
behavioral1/memory/1192-3838-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2060-3840-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2704-3841-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2928-3842-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2736-3845-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2744-3846-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2332-3850-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2708-3861-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2784-3858-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2124-3867-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1688-3877-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1192	YtCwrnd.exe
2060	MgFWjWH.exe
2928	UhFyRGZ.exe
2704	MAqrvPj.exe
2744	kjKcBNV.exe
2736	ctHZETf.exe
2332	IYTFqGD.exe
2784	rgatMIq.exe
1784	XfIvqzm.exe
2708	RoKolPE.exe
1688	VfSUatK.exe
2768	HhzBxda.exe
2592	iaEPSeo.exe
2124	PPQcePL.exe
2912	PtiFZrH.exe
2364	gDCNwvE.exe
2888	grAhNFh.exe
2000	ffSsFlv.exe
1224	uOHoAUw.exe
1964	ErQmWFN.exe
1836	jchkjFA.exe
1352	uJiPOaA.exe
2276	CFzzLnu.exe
2692	OkDFeSZ.exe
928	xydwwen.exe
692	QAQhJSD.exe
2892	ltAPbVA.exe
1720	FYAAWlC.exe
2232	IZpduZZ.exe
880	hORmhZO.exe
1792	YFJPzVd.exe
1740	fJlzENM.exe
1196	VgAUZfv.exe
1380	ipDUxPV.exe
844	GYAKddr.exe
1812	ERMNIMP.exe
2972	bRbmBKs.exe
1340	lvNGivZ.exe
1760	SarCOuz.exe
580	pjbWFPa.exe
1576	MGPKkpC.exe
752	lALIrGA.exe
2460	QRApZBp.exe
2268	xXoqPOv.exe
2936	JNUYxYh.exe
2552	YpuoKeN.exe
2828	HRdwTfO.exe
2016	POQFhKo.exe
2020	RTeWyZy.exe
1944	AMSvxwx.exe
1052	gtpDUjC.exe
352	IzgXUiU.exe
872	ZKAxEND.exe
2468	YEFOjCj.exe
2680	VmUEGxE.exe
1568	KHuUWHb.exe
2188	EzENbos.exe
2536	aLQnMCU.exe
2792	gbloaJT.exe
2440	zmZRdlr.exe
2632	MacLHDd.exe
2760	muxBdjc.exe
2660	cKowrJm.exe
3052	wiVKirT.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2532-0-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-3.dat	upx
behavioral1/memory/1192-9-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x00080000000160da-13.dat	upx
behavioral1/files/0x0007000000016689-38.dat	upx
behavioral1/memory/2736-42-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2744-35-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2928-32-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0008000000016399-31.dat	upx
behavioral1/memory/2060-30-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2704-28-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x00070000000162e4-25.dat	upx
behavioral1/files/0x0007000000016890-46.dat	upx
behavioral1/memory/2332-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0008000000016b86-56.dat	upx
behavioral1/memory/2768-88-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2592-98-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2124-99-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1688-97-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2704-95-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2708-93-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x0006000000017570-91.dat	upx
behavioral1/files/0x00060000000175f7-104.dat	upx
behavioral1/files/0x0005000000018697-116.dat	upx
behavioral1/files/0x0005000000019274-188.dat	upx
behavioral1/files/0x0005000000019261-183.dat	upx
behavioral1/files/0x000500000001924f-178.dat	upx
behavioral1/files/0x0005000000019237-173.dat	upx
behavioral1/files/0x0006000000019056-163.dat	upx
behavioral1/files/0x0005000000019203-168.dat	upx
behavioral1/files/0x0006000000018fdf-158.dat	upx
behavioral1/files/0x0006000000018d83-153.dat	upx
behavioral1/files/0x0006000000018be7-143.dat	upx
behavioral1/files/0x0006000000018d7b-148.dat	upx
behavioral1/files/0x000500000001871c-133.dat	upx
behavioral1/files/0x0005000000018745-138.dat	upx
behavioral1/files/0x0005000000018706-123.dat	upx
behavioral1/files/0x000500000001870c-128.dat	upx
behavioral1/files/0x000d000000018683-113.dat	upx
behavioral1/files/0x0008000000015f38-108.dat	upx
behavioral1/files/0x00060000000174b4-87.dat	upx
behavioral1/memory/1784-84-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-82.dat	upx
behavioral1/files/0x00060000000174f8-81.dat	upx
behavioral1/files/0x000600000001707f-67.dat	upx
behavioral1/memory/1192-65-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0008000000016c89-62.dat	upx
behavioral1/memory/2784-80-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2532-51-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0008000000016141-18.dat	upx
behavioral1/memory/1192-3838-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2060-3840-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2704-3841-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2928-3842-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2736-3845-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2744-3846-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2332-3850-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2708-3861-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2784-3858-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2124-3867-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1688-3877-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2768-3865-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2592-3874-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1784-3889-0x000000013FD30000-0x0000000140084000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vaadrVq.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERMNIMP.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIaSMOY.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCJimuN.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJVzpgZ.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPDRLSg.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CttXAyv.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPzyaQE.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaNkcxw.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPIrfLh.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GblHeVb.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgaQgpt.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYXPJCg.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsEWEdR.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJXlEfg.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBXZpgD.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjzwIuu.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuHHrLM.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoRMBMO.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKoJoFA.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMFzFTp.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDorxbC.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcWmGBO.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwzOjPz.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmRkDdC.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYyvbfS.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEXZTbD.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESOlLQK.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhagvJH.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxPfvWy.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVFpxmY.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvGZfBr.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzdEMEJ.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmAMnWb.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyUfAnD.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZktCQt.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQmXwuj.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWFqMvG.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yszviPW.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMsgmVR.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDjOXDk.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGEZRpL.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWVZrYh.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaPoHqS.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYkDCbd.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWnsFzB.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQCLXLc.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbsQBPI.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUXVDmj.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqCLeMD.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQqVOPC.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiyEPkl.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApIQAUF.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGsbHAL.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiTYyNf.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyFBwHb.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSSvfcE.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lzljzfl.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDYpDyB.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwACNpA.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXhcvPO.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQFPQbl.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKowrJm.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoqHWle.exe	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1192	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 1192	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 1192	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2060	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2060	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2060	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2928	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2928	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2928	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2704	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2704	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2704	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2744	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2744	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2744	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2736	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2736	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2736	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2332	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2332	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2332	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2784	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2784	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2784	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 1784	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 1784	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 1784	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2708	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2708	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2708	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2592	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2592	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2592	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 1688	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 1688	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 1688	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2124	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2124	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2124	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2768	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 2768	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 2768	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 2912	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 2912	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 2912	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 2364	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 2364	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 2364	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 2888	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2888	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2888	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2000	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2000	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2000	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 1224	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 1224	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 1224	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 1964	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 1964	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 1964	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 1836	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 1836	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 1836	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 1352	2532	2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_32a55c3a744523563e3dd5eb09405a9a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\System\YtCwrnd.exe
  C:\Windows\System\YtCwrnd.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\MgFWjWH.exe
  C:\Windows\System\MgFWjWH.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\UhFyRGZ.exe
  C:\Windows\System\UhFyRGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\MAqrvPj.exe
  C:\Windows\System\MAqrvPj.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\kjKcBNV.exe
  C:\Windows\System\kjKcBNV.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\ctHZETf.exe
  C:\Windows\System\ctHZETf.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\IYTFqGD.exe
  C:\Windows\System\IYTFqGD.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\rgatMIq.exe
  C:\Windows\System\rgatMIq.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\XfIvqzm.exe
  C:\Windows\System\XfIvqzm.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\RoKolPE.exe
  C:\Windows\System\RoKolPE.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\iaEPSeo.exe
  C:\Windows\System\iaEPSeo.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\VfSUatK.exe
  C:\Windows\System\VfSUatK.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\PPQcePL.exe
  C:\Windows\System\PPQcePL.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\HhzBxda.exe
  C:\Windows\System\HhzBxda.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\PtiFZrH.exe
  C:\Windows\System\PtiFZrH.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\gDCNwvE.exe
  C:\Windows\System\gDCNwvE.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\grAhNFh.exe
  C:\Windows\System\grAhNFh.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ffSsFlv.exe
  C:\Windows\System\ffSsFlv.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\uOHoAUw.exe
  C:\Windows\System\uOHoAUw.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\ErQmWFN.exe
  C:\Windows\System\ErQmWFN.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\jchkjFA.exe
  C:\Windows\System\jchkjFA.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\uJiPOaA.exe
  C:\Windows\System\uJiPOaA.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\CFzzLnu.exe
  C:\Windows\System\CFzzLnu.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\OkDFeSZ.exe
  C:\Windows\System\OkDFeSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\xydwwen.exe
  C:\Windows\System\xydwwen.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\QAQhJSD.exe
  C:\Windows\System\QAQhJSD.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ltAPbVA.exe
  C:\Windows\System\ltAPbVA.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\FYAAWlC.exe
  C:\Windows\System\FYAAWlC.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\IZpduZZ.exe
  C:\Windows\System\IZpduZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\hORmhZO.exe
  C:\Windows\System\hORmhZO.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\YFJPzVd.exe
  C:\Windows\System\YFJPzVd.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\fJlzENM.exe
  C:\Windows\System\fJlzENM.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\VgAUZfv.exe
  C:\Windows\System\VgAUZfv.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\ipDUxPV.exe
  C:\Windows\System\ipDUxPV.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\GYAKddr.exe
  C:\Windows\System\GYAKddr.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\ERMNIMP.exe
  C:\Windows\System\ERMNIMP.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\bRbmBKs.exe
  C:\Windows\System\bRbmBKs.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\lvNGivZ.exe
  C:\Windows\System\lvNGivZ.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\SarCOuz.exe
  C:\Windows\System\SarCOuz.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\pjbWFPa.exe
  C:\Windows\System\pjbWFPa.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\MGPKkpC.exe
  C:\Windows\System\MGPKkpC.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\lALIrGA.exe
  C:\Windows\System\lALIrGA.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\QRApZBp.exe
  C:\Windows\System\QRApZBp.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\xXoqPOv.exe
  C:\Windows\System\xXoqPOv.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\JNUYxYh.exe
  C:\Windows\System\JNUYxYh.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\YpuoKeN.exe
  C:\Windows\System\YpuoKeN.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\HRdwTfO.exe
  C:\Windows\System\HRdwTfO.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\POQFhKo.exe
  C:\Windows\System\POQFhKo.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\RTeWyZy.exe
  C:\Windows\System\RTeWyZy.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\AMSvxwx.exe
  C:\Windows\System\AMSvxwx.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\gtpDUjC.exe
  C:\Windows\System\gtpDUjC.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\IzgXUiU.exe
  C:\Windows\System\IzgXUiU.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\ZKAxEND.exe
  C:\Windows\System\ZKAxEND.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\YEFOjCj.exe
  C:\Windows\System\YEFOjCj.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\VmUEGxE.exe
  C:\Windows\System\VmUEGxE.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\KHuUWHb.exe
  C:\Windows\System\KHuUWHb.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\EzENbos.exe
  C:\Windows\System\EzENbos.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\aLQnMCU.exe
  C:\Windows\System\aLQnMCU.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\gbloaJT.exe
  C:\Windows\System\gbloaJT.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\zmZRdlr.exe
  C:\Windows\System\zmZRdlr.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\MacLHDd.exe
  C:\Windows\System\MacLHDd.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\muxBdjc.exe
  C:\Windows\System\muxBdjc.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\cKowrJm.exe
  C:\Windows\System\cKowrJm.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\wiVKirT.exe
  C:\Windows\System\wiVKirT.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\XikHTay.exe
  C:\Windows\System\XikHTay.exe
  2⤵
  PID:1980
- C:\Windows\System\ejfmoFg.exe
  C:\Windows\System\ejfmoFg.exe
  2⤵
  PID:2696
- C:\Windows\System\jSBkHVB.exe
  C:\Windows\System\jSBkHVB.exe
  2⤵
  PID:2664
- C:\Windows\System\AqsQYYD.exe
  C:\Windows\System\AqsQYYD.exe
  2⤵
  PID:1992
- C:\Windows\System\gVVzIyS.exe
  C:\Windows\System\gVVzIyS.exe
  2⤵
  PID:2916
- C:\Windows\System\jwfQHMj.exe
  C:\Windows\System\jwfQHMj.exe
  2⤵
  PID:2192
- C:\Windows\System\MRgyExn.exe
  C:\Windows\System\MRgyExn.exe
  2⤵
  PID:2284
- C:\Windows\System\IDXWXVr.exe
  C:\Windows\System\IDXWXVr.exe
  2⤵
  PID:476
- C:\Windows\System\eGeDOMl.exe
  C:\Windows\System\eGeDOMl.exe
  2⤵
  PID:2924
- C:\Windows\System\KstZQin.exe
  C:\Windows\System\KstZQin.exe
  2⤵
  PID:576
- C:\Windows\System\AaFQXCl.exe
  C:\Windows\System\AaFQXCl.exe
  2⤵
  PID:680
- C:\Windows\System\kiTYyNf.exe
  C:\Windows\System\kiTYyNf.exe
  2⤵
  PID:2464
- C:\Windows\System\ZHGxmsx.exe
  C:\Windows\System\ZHGxmsx.exe
  2⤵
  PID:2684
- C:\Windows\System\utRxvjW.exe
  C:\Windows\System\utRxvjW.exe
  2⤵
  PID:1856
- C:\Windows\System\yPUuBtZ.exe
  C:\Windows\System\yPUuBtZ.exe
  2⤵
  PID:2956
- C:\Windows\System\dPIrfLh.exe
  C:\Windows\System\dPIrfLh.exe
  2⤵
  PID:1528
- C:\Windows\System\YMKJkCh.exe
  C:\Windows\System\YMKJkCh.exe
  2⤵
  PID:2376
- C:\Windows\System\lblOAth.exe
  C:\Windows\System\lblOAth.exe
  2⤵
  PID:940
- C:\Windows\System\Wmbybry.exe
  C:\Windows\System\Wmbybry.exe
  2⤵
  PID:2296
- C:\Windows\System\PrzeCkl.exe
  C:\Windows\System\PrzeCkl.exe
  2⤵
  PID:1768
- C:\Windows\System\KpZEAWy.exe
  C:\Windows\System\KpZEAWy.exe
  2⤵
  PID:2520
- C:\Windows\System\PMtXxse.exe
  C:\Windows\System\PMtXxse.exe
  2⤵
  PID:2528
- C:\Windows\System\tfQKSIo.exe
  C:\Windows\System\tfQKSIo.exe
  2⤵
  PID:348
- C:\Windows\System\OdiLooO.exe
  C:\Windows\System\OdiLooO.exe
  2⤵
  PID:3064
- C:\Windows\System\nCoGQsN.exe
  C:\Windows\System\nCoGQsN.exe
  2⤵
  PID:1908
- C:\Windows\System\iyFBwHb.exe
  C:\Windows\System\iyFBwHb.exe
  2⤵
  PID:3008
- C:\Windows\System\QXHHjru.exe
  C:\Windows\System\QXHHjru.exe
  2⤵
  PID:1572
- C:\Windows\System\joRCjOG.exe
  C:\Windows\System\joRCjOG.exe
  2⤵
  PID:2128
- C:\Windows\System\iZpsFLv.exe
  C:\Windows\System\iZpsFLv.exe
  2⤵
  PID:2724
- C:\Windows\System\nkXwzwJ.exe
  C:\Windows\System\nkXwzwJ.exe
  2⤵
  PID:2624
- C:\Windows\System\UHGhzYh.exe
  C:\Windows\System\UHGhzYh.exe
  2⤵
  PID:2164
- C:\Windows\System\ItdKJdA.exe
  C:\Windows\System\ItdKJdA.exe
  2⤵
  PID:1388
- C:\Windows\System\hLrXPlH.exe
  C:\Windows\System\hLrXPlH.exe
  2⤵
  PID:288
- C:\Windows\System\RYHhwXJ.exe
  C:\Windows\System\RYHhwXJ.exe
  2⤵
  PID:2144
- C:\Windows\System\eZHWuRC.exe
  C:\Windows\System\eZHWuRC.exe
  2⤵
  PID:1744
- C:\Windows\System\dZerfEl.exe
  C:\Windows\System\dZerfEl.exe
  2⤵
  PID:540
- C:\Windows\System\SoSNQun.exe
  C:\Windows\System\SoSNQun.exe
  2⤵
  PID:1300
- C:\Windows\System\GgSCfon.exe
  C:\Windows\System\GgSCfon.exe
  2⤵
  PID:1948
- C:\Windows\System\ZHPVInS.exe
  C:\Windows\System\ZHPVInS.exe
  2⤵
  PID:1136
- C:\Windows\System\nmRkDdC.exe
  C:\Windows\System\nmRkDdC.exe
  2⤵
  PID:656
- C:\Windows\System\uKUyDPx.exe
  C:\Windows\System\uKUyDPx.exe
  2⤵
  PID:1540
- C:\Windows\System\fdWtnjw.exe
  C:\Windows\System\fdWtnjw.exe
  2⤵
  PID:740
- C:\Windows\System\iepSqLb.exe
  C:\Windows\System\iepSqLb.exe
  2⤵
  PID:2900
- C:\Windows\System\junlDvv.exe
  C:\Windows\System\junlDvv.exe
  2⤵
  PID:2172
- C:\Windows\System\RwobJdq.exe
  C:\Windows\System\RwobJdq.exe
  2⤵
  PID:344
- C:\Windows\System\yuPjfoR.exe
  C:\Windows\System\yuPjfoR.exe
  2⤵
  PID:1556
- C:\Windows\System\WOgthxi.exe
  C:\Windows\System\WOgthxi.exe
  2⤵
  PID:2008
- C:\Windows\System\AkvCQhh.exe
  C:\Windows\System\AkvCQhh.exe
  2⤵
  PID:2740
- C:\Windows\System\GGtHvIw.exe
  C:\Windows\System\GGtHvIw.exe
  2⤵
  PID:2604
- C:\Windows\System\vAQbmtm.exe
  C:\Windows\System\vAQbmtm.exe
  2⤵
  PID:2904
- C:\Windows\System\mcYTBZX.exe
  C:\Windows\System\mcYTBZX.exe
  2⤵
  PID:1844
- C:\Windows\System\cZgXZty.exe
  C:\Windows\System\cZgXZty.exe
  2⤵
  PID:1940
- C:\Windows\System\DxvtxxF.exe
  C:\Windows\System\DxvtxxF.exe
  2⤵
  PID:2516
- C:\Windows\System\ZpBrLcg.exe
  C:\Windows\System\ZpBrLcg.exe
  2⤵
  PID:1140
- C:\Windows\System\uhYaJne.exe
  C:\Windows\System\uhYaJne.exe
  2⤵
  PID:3076
- C:\Windows\System\YmHwiGE.exe
  C:\Windows\System\YmHwiGE.exe
  2⤵
  PID:3100
- C:\Windows\System\ZYyvbfS.exe
  C:\Windows\System\ZYyvbfS.exe
  2⤵
  PID:3120
- C:\Windows\System\IuqPbWx.exe
  C:\Windows\System\IuqPbWx.exe
  2⤵
  PID:3140
- C:\Windows\System\HSoovlu.exe
  C:\Windows\System\HSoovlu.exe
  2⤵
  PID:3160
- C:\Windows\System\wSBdGAT.exe
  C:\Windows\System\wSBdGAT.exe
  2⤵
  PID:3180
- C:\Windows\System\ciasFxT.exe
  C:\Windows\System\ciasFxT.exe
  2⤵
  PID:3200
- C:\Windows\System\uMHmTXf.exe
  C:\Windows\System\uMHmTXf.exe
  2⤵
  PID:3220
- C:\Windows\System\JrvudjA.exe
  C:\Windows\System\JrvudjA.exe
  2⤵
  PID:3240
- C:\Windows\System\krsBrSn.exe
  C:\Windows\System\krsBrSn.exe
  2⤵
  PID:3260
- C:\Windows\System\UndMhQV.exe
  C:\Windows\System\UndMhQV.exe
  2⤵
  PID:3280
- C:\Windows\System\jpFFeRL.exe
  C:\Windows\System\jpFFeRL.exe
  2⤵
  PID:3300
- C:\Windows\System\JGNODVK.exe
  C:\Windows\System\JGNODVK.exe
  2⤵
  PID:3320
- C:\Windows\System\NInutgI.exe
  C:\Windows\System\NInutgI.exe
  2⤵
  PID:3340
- C:\Windows\System\rVPWZAq.exe
  C:\Windows\System\rVPWZAq.exe
  2⤵
  PID:3360
- C:\Windows\System\kHIsRgv.exe
  C:\Windows\System\kHIsRgv.exe
  2⤵
  PID:3380
- C:\Windows\System\ujLMWvm.exe
  C:\Windows\System\ujLMWvm.exe
  2⤵
  PID:3404
- C:\Windows\System\zqjiefu.exe
  C:\Windows\System\zqjiefu.exe
  2⤵
  PID:3420
- C:\Windows\System\zeatgXs.exe
  C:\Windows\System\zeatgXs.exe
  2⤵
  PID:3444
- C:\Windows\System\bfwqhNU.exe
  C:\Windows\System\bfwqhNU.exe
  2⤵
  PID:3464
- C:\Windows\System\JRJFdfU.exe
  C:\Windows\System\JRJFdfU.exe
  2⤵
  PID:3484
- C:\Windows\System\VhSxSnH.exe
  C:\Windows\System\VhSxSnH.exe
  2⤵
  PID:3504
- C:\Windows\System\LtAyguG.exe
  C:\Windows\System\LtAyguG.exe
  2⤵
  PID:3524
- C:\Windows\System\jfdKjGq.exe
  C:\Windows\System\jfdKjGq.exe
  2⤵
  PID:3544
- C:\Windows\System\yqcbBOD.exe
  C:\Windows\System\yqcbBOD.exe
  2⤵
  PID:3564
- C:\Windows\System\mqvEQbP.exe
  C:\Windows\System\mqvEQbP.exe
  2⤵
  PID:3584
- C:\Windows\System\OZiXDgq.exe
  C:\Windows\System\OZiXDgq.exe
  2⤵
  PID:3604
- C:\Windows\System\emirwLk.exe
  C:\Windows\System\emirwLk.exe
  2⤵
  PID:3624
- C:\Windows\System\GBrbPiS.exe
  C:\Windows\System\GBrbPiS.exe
  2⤵
  PID:3644
- C:\Windows\System\fARMEXO.exe
  C:\Windows\System\fARMEXO.exe
  2⤵
  PID:3664
- C:\Windows\System\wysEBAd.exe
  C:\Windows\System\wysEBAd.exe
  2⤵
  PID:3684
- C:\Windows\System\BnedPho.exe
  C:\Windows\System\BnedPho.exe
  2⤵
  PID:3704
- C:\Windows\System\RyUfAnD.exe
  C:\Windows\System\RyUfAnD.exe
  2⤵
  PID:3724
- C:\Windows\System\OIsVCPN.exe
  C:\Windows\System\OIsVCPN.exe
  2⤵
  PID:3744
- C:\Windows\System\uslTHZf.exe
  C:\Windows\System\uslTHZf.exe
  2⤵
  PID:3764
- C:\Windows\System\MyzJYEm.exe
  C:\Windows\System\MyzJYEm.exe
  2⤵
  PID:3784
- C:\Windows\System\yHXblxP.exe
  C:\Windows\System\yHXblxP.exe
  2⤵
  PID:3804
- C:\Windows\System\ukYOQqt.exe
  C:\Windows\System\ukYOQqt.exe
  2⤵
  PID:3820
- C:\Windows\System\HQxrgWk.exe
  C:\Windows\System\HQxrgWk.exe
  2⤵
  PID:3844
- C:\Windows\System\pKEboOV.exe
  C:\Windows\System\pKEboOV.exe
  2⤵
  PID:3864
- C:\Windows\System\SOywaZp.exe
  C:\Windows\System\SOywaZp.exe
  2⤵
  PID:3884
- C:\Windows\System\vAAsaZp.exe
  C:\Windows\System\vAAsaZp.exe
  2⤵
  PID:3904
- C:\Windows\System\mqNJnDn.exe
  C:\Windows\System\mqNJnDn.exe
  2⤵
  PID:3924
- C:\Windows\System\Ytjqlso.exe
  C:\Windows\System\Ytjqlso.exe
  2⤵
  PID:3944
- C:\Windows\System\mENqodC.exe
  C:\Windows\System\mENqodC.exe
  2⤵
  PID:3964
- C:\Windows\System\WGvmBnn.exe
  C:\Windows\System\WGvmBnn.exe
  2⤵
  PID:3984
- C:\Windows\System\xuNjpZI.exe
  C:\Windows\System\xuNjpZI.exe
  2⤵
  PID:4004
- C:\Windows\System\DFxPKnp.exe
  C:\Windows\System\DFxPKnp.exe
  2⤵
  PID:4020
- C:\Windows\System\tOImOKO.exe
  C:\Windows\System\tOImOKO.exe
  2⤵
  PID:4044
- C:\Windows\System\EHQuZbj.exe
  C:\Windows\System\EHQuZbj.exe
  2⤵
  PID:4068
- C:\Windows\System\tmDCtEI.exe
  C:\Windows\System\tmDCtEI.exe
  2⤵
  PID:4088
- C:\Windows\System\fKhORhO.exe
  C:\Windows\System\fKhORhO.exe
  2⤵
  PID:1372
- C:\Windows\System\vuJblGn.exe
  C:\Windows\System\vuJblGn.exe
  2⤵
  PID:1104
- C:\Windows\System\vFlVzjA.exe
  C:\Windows\System\vFlVzjA.exe
  2⤵
  PID:2492
- C:\Windows\System\cGQmVPB.exe
  C:\Windows\System\cGQmVPB.exe
  2⤵
  PID:1728
- C:\Windows\System\tbeqrhp.exe
  C:\Windows\System\tbeqrhp.exe
  2⤵
  PID:1732
- C:\Windows\System\vzhwVJz.exe
  C:\Windows\System\vzhwVJz.exe
  2⤵
  PID:2732
- C:\Windows\System\UQiHVrt.exe
  C:\Windows\System\UQiHVrt.exe
  2⤵
  PID:2628
- C:\Windows\System\kVXSLCa.exe
  C:\Windows\System\kVXSLCa.exe
  2⤵
  PID:1432
- C:\Windows\System\ulGGNXN.exe
  C:\Windows\System\ulGGNXN.exe
  2⤵
  PID:2084
- C:\Windows\System\bSCSfki.exe
  C:\Windows\System\bSCSfki.exe
  2⤵
  PID:3088
- C:\Windows\System\xIaSMOY.exe
  C:\Windows\System\xIaSMOY.exe
  2⤵
  PID:3112
- C:\Windows\System\pjbVXJZ.exe
  C:\Windows\System\pjbVXJZ.exe
  2⤵
  PID:3152
- C:\Windows\System\kSfGrvU.exe
  C:\Windows\System\kSfGrvU.exe
  2⤵
  PID:3168
- C:\Windows\System\NYLxHcN.exe
  C:\Windows\System\NYLxHcN.exe
  2⤵
  PID:3216
- C:\Windows\System\ZdjbDBK.exe
  C:\Windows\System\ZdjbDBK.exe
  2⤵
  PID:3248
- C:\Windows\System\ilJeiJI.exe
  C:\Windows\System\ilJeiJI.exe
  2⤵
  PID:3272
- C:\Windows\System\tIUHECh.exe
  C:\Windows\System\tIUHECh.exe
  2⤵
  PID:3296
- C:\Windows\System\wsoXViE.exe
  C:\Windows\System\wsoXViE.exe
  2⤵
  PID:3332
- C:\Windows\System\yyncGRK.exe
  C:\Windows\System\yyncGRK.exe
  2⤵
  PID:3368
- C:\Windows\System\HwThLsP.exe
  C:\Windows\System\HwThLsP.exe
  2⤵
  PID:3428
- C:\Windows\System\vjzwIuu.exe
  C:\Windows\System\vjzwIuu.exe
  2⤵
  PID:3452
- C:\Windows\System\zIMCBzq.exe
  C:\Windows\System\zIMCBzq.exe
  2⤵
  PID:3476
- C:\Windows\System\YLcGWYy.exe
  C:\Windows\System\YLcGWYy.exe
  2⤵
  PID:3512
- C:\Windows\System\JxAezhn.exe
  C:\Windows\System\JxAezhn.exe
  2⤵
  PID:3540
- C:\Windows\System\ohrchqQ.exe
  C:\Windows\System\ohrchqQ.exe
  2⤵
  PID:3596
- C:\Windows\System\ipiPbxR.exe
  C:\Windows\System\ipiPbxR.exe
  2⤵
  PID:3612
- C:\Windows\System\XjRKBKo.exe
  C:\Windows\System\XjRKBKo.exe
  2⤵
  PID:3652
- C:\Windows\System\NxKVSak.exe
  C:\Windows\System\NxKVSak.exe
  2⤵
  PID:3676
- C:\Windows\System\mTgiKCw.exe
  C:\Windows\System\mTgiKCw.exe
  2⤵
  PID:3696
- C:\Windows\System\wykQHne.exe
  C:\Windows\System\wykQHne.exe
  2⤵
  PID:3756
- C:\Windows\System\SDEJYBb.exe
  C:\Windows\System\SDEJYBb.exe
  2⤵
  PID:3800
- C:\Windows\System\VbMdyFX.exe
  C:\Windows\System\VbMdyFX.exe
  2⤵
  PID:3780
- C:\Windows\System\HlbzblU.exe
  C:\Windows\System\HlbzblU.exe
  2⤵
  PID:3872
- C:\Windows\System\CGeBMIR.exe
  C:\Windows\System\CGeBMIR.exe
  2⤵
  PID:3916
- C:\Windows\System\DoSElYY.exe
  C:\Windows\System\DoSElYY.exe
  2⤵
  PID:3900
- C:\Windows\System\nSSvfcE.exe
  C:\Windows\System\nSSvfcE.exe
  2⤵
  PID:4000
- C:\Windows\System\oQzkjhq.exe
  C:\Windows\System\oQzkjhq.exe
  2⤵
  PID:3940
- C:\Windows\System\HZfDHZd.exe
  C:\Windows\System\HZfDHZd.exe
  2⤵
  PID:4040
- C:\Windows\System\GXycpgD.exe
  C:\Windows\System\GXycpgD.exe
  2⤵
  PID:4060
- C:\Windows\System\drcvwKW.exe
  C:\Windows\System\drcvwKW.exe
  2⤵
  PID:4056
- C:\Windows\System\uzeYFBq.exe
  C:\Windows\System\uzeYFBq.exe
  2⤵
  PID:944
- C:\Windows\System\ZqoYsxw.exe
  C:\Windows\System\ZqoYsxw.exe
  2⤵
  PID:2260
- C:\Windows\System\JRYveIi.exe
  C:\Windows\System\JRYveIi.exe
  2⤵
  PID:2396
- C:\Windows\System\JkkPoya.exe
  C:\Windows\System\JkkPoya.exe
  2⤵
  PID:3020
- C:\Windows\System\wTtVnIL.exe
  C:\Windows\System\wTtVnIL.exe
  2⤵
  PID:2824
- C:\Windows\System\emZxKlN.exe
  C:\Windows\System\emZxKlN.exe
  2⤵
  PID:768
- C:\Windows\System\IBHCRey.exe
  C:\Windows\System\IBHCRey.exe
  2⤵
  PID:3108
- C:\Windows\System\ylUhuRR.exe
  C:\Windows\System\ylUhuRR.exe
  2⤵
  PID:3192
- C:\Windows\System\pxptpuP.exe
  C:\Windows\System\pxptpuP.exe
  2⤵
  PID:3276
- C:\Windows\System\fyzCnZx.exe
  C:\Windows\System\fyzCnZx.exe
  2⤵
  PID:3312
- C:\Windows\System\yRKrgxd.exe
  C:\Windows\System\yRKrgxd.exe
  2⤵
  PID:3372
- C:\Windows\System\LhhVmxv.exe
  C:\Windows\System\LhhVmxv.exe
  2⤵
  PID:3396
- C:\Windows\System\dNnsxuk.exe
  C:\Windows\System\dNnsxuk.exe
  2⤵
  PID:2748
- C:\Windows\System\cpYNgBB.exe
  C:\Windows\System\cpYNgBB.exe
  2⤵
  PID:3532
- C:\Windows\System\OtUthbN.exe
  C:\Windows\System\OtUthbN.exe
  2⤵
  PID:3600
- C:\Windows\System\obRQPrz.exe
  C:\Windows\System\obRQPrz.exe
  2⤵
  PID:3556
- C:\Windows\System\GRAjWRU.exe
  C:\Windows\System\GRAjWRU.exe
  2⤵
  PID:3640
- C:\Windows\System\tiXFoeI.exe
  C:\Windows\System\tiXFoeI.exe
  2⤵
  PID:3712
- C:\Windows\System\tUamXVe.exe
  C:\Windows\System\tUamXVe.exe
  2⤵
  PID:3736
- C:\Windows\System\vOXqPWO.exe
  C:\Windows\System\vOXqPWO.exe
  2⤵
  PID:3852
- C:\Windows\System\dXiSxBI.exe
  C:\Windows\System\dXiSxBI.exe
  2⤵
  PID:3876
- C:\Windows\System\fYoVCkh.exe
  C:\Windows\System\fYoVCkh.exe
  2⤵
  PID:3892
- C:\Windows\System\dgPfdBn.exe
  C:\Windows\System\dgPfdBn.exe
  2⤵
  PID:4028
- C:\Windows\System\SEoZKnj.exe
  C:\Windows\System\SEoZKnj.exe
  2⤵
  PID:3932
- C:\Windows\System\bkIevji.exe
  C:\Windows\System\bkIevji.exe
  2⤵
  PID:4064
- C:\Windows\System\rFuDUdV.exe
  C:\Windows\System\rFuDUdV.exe
  2⤵
  PID:1656
- C:\Windows\System\LNBnpFR.exe
  C:\Windows\System\LNBnpFR.exe
  2⤵
  PID:2884
- C:\Windows\System\WOUlOZG.exe
  C:\Windows\System\WOUlOZG.exe
  2⤵
  PID:448
- C:\Windows\System\kVsIflx.exe
  C:\Windows\System\kVsIflx.exe
  2⤵
  PID:2644
- C:\Windows\System\UwVIhbz.exe
  C:\Windows\System\UwVIhbz.exe
  2⤵
  PID:3116
- C:\Windows\System\AHBIHDG.exe
  C:\Windows\System\AHBIHDG.exe
  2⤵
  PID:3196
- C:\Windows\System\QaqKWTo.exe
  C:\Windows\System\QaqKWTo.exe
  2⤵
  PID:3352
- C:\Windows\System\YqZoBFR.exe
  C:\Windows\System\YqZoBFR.exe
  2⤵
  PID:2752
- C:\Windows\System\UDgpPsT.exe
  C:\Windows\System\UDgpPsT.exe
  2⤵
  PID:3660
- C:\Windows\System\jIzSfHr.exe
  C:\Windows\System\jIzSfHr.exe
  2⤵
  PID:3496
- C:\Windows\System\uPzUDtD.exe
  C:\Windows\System\uPzUDtD.exe
  2⤵
  PID:3836
- C:\Windows\System\DNgKJOV.exe
  C:\Windows\System\DNgKJOV.exe
  2⤵
  PID:3632
- C:\Windows\System\kcjDIrX.exe
  C:\Windows\System\kcjDIrX.exe
  2⤵
  PID:3716
- C:\Windows\System\ylseFEa.exe
  C:\Windows\System\ylseFEa.exe
  2⤵
  PID:4016
- C:\Windows\System\hEDXUqS.exe
  C:\Windows\System\hEDXUqS.exe
  2⤵
  PID:4012
- C:\Windows\System\CNuGmif.exe
  C:\Windows\System\CNuGmif.exe
  2⤵
  PID:2140
- C:\Windows\System\dcUakYf.exe
  C:\Windows\System\dcUakYf.exe
  2⤵
  PID:4084
- C:\Windows\System\Vnoctpu.exe
  C:\Windows\System\Vnoctpu.exe
  2⤵
  PID:3156
- C:\Windows\System\xJeZHAJ.exe
  C:\Windows\System\xJeZHAJ.exe
  2⤵
  PID:3392
- C:\Windows\System\hmJMkol.exe
  C:\Windows\System\hmJMkol.exe
  2⤵
  PID:3236
- C:\Windows\System\KSjUNjZ.exe
  C:\Windows\System\KSjUNjZ.exe
  2⤵
  PID:3732
- C:\Windows\System\yxcMlgP.exe
  C:\Windows\System\yxcMlgP.exe
  2⤵
  PID:3752
- C:\Windows\System\EPoSkEd.exe
  C:\Windows\System\EPoSkEd.exe
  2⤵
  PID:3840
- C:\Windows\System\vgZPlnz.exe
  C:\Windows\System\vgZPlnz.exe
  2⤵
  PID:4052
- C:\Windows\System\GaiABuv.exe
  C:\Windows\System\GaiABuv.exe
  2⤵
  PID:1508
- C:\Windows\System\Lzljzfl.exe
  C:\Windows\System\Lzljzfl.exe
  2⤵
  PID:2596
- C:\Windows\System\nfFnpBU.exe
  C:\Windows\System\nfFnpBU.exe
  2⤵
  PID:592
- C:\Windows\System\NLWGOHI.exe
  C:\Windows\System\NLWGOHI.exe
  2⤵
  PID:3172
- C:\Windows\System\sxHNzSd.exe
  C:\Windows\System\sxHNzSd.exe
  2⤵
  PID:3592
- C:\Windows\System\QeZgeMx.exe
  C:\Windows\System\QeZgeMx.exe
  2⤵
  PID:1584
- C:\Windows\System\wQsGSNm.exe
  C:\Windows\System\wQsGSNm.exe
  2⤵
  PID:4112
- C:\Windows\System\eJOXByt.exe
  C:\Windows\System\eJOXByt.exe
  2⤵
  PID:4136
- C:\Windows\System\pCPVsSU.exe
  C:\Windows\System\pCPVsSU.exe
  2⤵
  PID:4156
- C:\Windows\System\aYNJrwx.exe
  C:\Windows\System\aYNJrwx.exe
  2⤵
  PID:4176
- C:\Windows\System\DSMTjag.exe
  C:\Windows\System\DSMTjag.exe
  2⤵
  PID:4196
- C:\Windows\System\qvYVWGG.exe
  C:\Windows\System\qvYVWGG.exe
  2⤵
  PID:4212
- C:\Windows\System\ZRbQcDs.exe
  C:\Windows\System\ZRbQcDs.exe
  2⤵
  PID:4236
- C:\Windows\System\RDdFMiq.exe
  C:\Windows\System\RDdFMiq.exe
  2⤵
  PID:4256
- C:\Windows\System\tyIUhqC.exe
  C:\Windows\System\tyIUhqC.exe
  2⤵
  PID:4276
- C:\Windows\System\meysHHy.exe
  C:\Windows\System\meysHHy.exe
  2⤵
  PID:4304
- C:\Windows\System\MOgBONk.exe
  C:\Windows\System\MOgBONk.exe
  2⤵
  PID:4328
- C:\Windows\System\bPicazH.exe
  C:\Windows\System\bPicazH.exe
  2⤵
  PID:4348
- C:\Windows\System\eqwyIlR.exe
  C:\Windows\System\eqwyIlR.exe
  2⤵
  PID:4368
- C:\Windows\System\BEbyXpJ.exe
  C:\Windows\System\BEbyXpJ.exe
  2⤵
  PID:4384
- C:\Windows\System\wqRlCOQ.exe
  C:\Windows\System\wqRlCOQ.exe
  2⤵
  PID:4408
- C:\Windows\System\qZaLaWq.exe
  C:\Windows\System\qZaLaWq.exe
  2⤵
  PID:4424
- C:\Windows\System\vcAtzHD.exe
  C:\Windows\System\vcAtzHD.exe
  2⤵
  PID:4444
- C:\Windows\System\ZfrYHFV.exe
  C:\Windows\System\ZfrYHFV.exe
  2⤵
  PID:4468
- C:\Windows\System\LHHNSFq.exe
  C:\Windows\System\LHHNSFq.exe
  2⤵
  PID:4488
- C:\Windows\System\gCJimuN.exe
  C:\Windows\System\gCJimuN.exe
  2⤵
  PID:4504
- C:\Windows\System\nxdkslY.exe
  C:\Windows\System\nxdkslY.exe
  2⤵
  PID:4524
- C:\Windows\System\RBoLkgn.exe
  C:\Windows\System\RBoLkgn.exe
  2⤵
  PID:4544
- C:\Windows\System\bpETVMV.exe
  C:\Windows\System\bpETVMV.exe
  2⤵
  PID:4564
- C:\Windows\System\whBahgD.exe
  C:\Windows\System\whBahgD.exe
  2⤵
  PID:4580
- C:\Windows\System\sjnINKs.exe
  C:\Windows\System\sjnINKs.exe
  2⤵
  PID:4608
- C:\Windows\System\nPsXhyW.exe
  C:\Windows\System\nPsXhyW.exe
  2⤵
  PID:4624
- C:\Windows\System\jjGAgnB.exe
  C:\Windows\System\jjGAgnB.exe
  2⤵
  PID:4644
- C:\Windows\System\ZavBjJF.exe
  C:\Windows\System\ZavBjJF.exe
  2⤵
  PID:4664
- C:\Windows\System\QWmrOjv.exe
  C:\Windows\System\QWmrOjv.exe
  2⤵
  PID:4688
- C:\Windows\System\dqZTnpu.exe
  C:\Windows\System\dqZTnpu.exe
  2⤵
  PID:4708
- C:\Windows\System\JYqZVQF.exe
  C:\Windows\System\JYqZVQF.exe
  2⤵
  PID:4728
- C:\Windows\System\UyxoCYl.exe
  C:\Windows\System\UyxoCYl.exe
  2⤵
  PID:4744
- C:\Windows\System\sFcBGVy.exe
  C:\Windows\System\sFcBGVy.exe
  2⤵
  PID:4764
- C:\Windows\System\ZqnSeag.exe
  C:\Windows\System\ZqnSeag.exe
  2⤵
  PID:4788
- C:\Windows\System\eaDjhOl.exe
  C:\Windows\System\eaDjhOl.exe
  2⤵
  PID:4808
- C:\Windows\System\NyriPeR.exe
  C:\Windows\System\NyriPeR.exe
  2⤵
  PID:4824
- C:\Windows\System\TxELZkG.exe
  C:\Windows\System\TxELZkG.exe
  2⤵
  PID:4848
- C:\Windows\System\BIbftPu.exe
  C:\Windows\System\BIbftPu.exe
  2⤵
  PID:4868
- C:\Windows\System\TjOSktj.exe
  C:\Windows\System\TjOSktj.exe
  2⤵
  PID:4888
- C:\Windows\System\HVQQGTy.exe
  C:\Windows\System\HVQQGTy.exe
  2⤵
  PID:4908
- C:\Windows\System\gTAMpmX.exe
  C:\Windows\System\gTAMpmX.exe
  2⤵
  PID:4928
- C:\Windows\System\kpDHlcs.exe
  C:\Windows\System\kpDHlcs.exe
  2⤵
  PID:4944
- C:\Windows\System\UWvEoBC.exe
  C:\Windows\System\UWvEoBC.exe
  2⤵
  PID:4964
- C:\Windows\System\GoZoiim.exe
  C:\Windows\System\GoZoiim.exe
  2⤵
  PID:4984
- C:\Windows\System\yuHHrLM.exe
  C:\Windows\System\yuHHrLM.exe
  2⤵
  PID:5008
- C:\Windows\System\gkigfHV.exe
  C:\Windows\System\gkigfHV.exe
  2⤵
  PID:5028
- C:\Windows\System\pNaVsFi.exe
  C:\Windows\System\pNaVsFi.exe
  2⤵
  PID:5048
- C:\Windows\System\lRhhkxR.exe
  C:\Windows\System\lRhhkxR.exe
  2⤵
  PID:5064
- C:\Windows\System\xWHaROg.exe
  C:\Windows\System\xWHaROg.exe
  2⤵
  PID:5084
- C:\Windows\System\dMpZUfz.exe
  C:\Windows\System\dMpZUfz.exe
  2⤵
  PID:5104
- C:\Windows\System\prAJACx.exe
  C:\Windows\System\prAJACx.exe
  2⤵
  PID:3416
- C:\Windows\System\sJCeroG.exe
  C:\Windows\System\sJCeroG.exe
  2⤵
  PID:3832
- C:\Windows\System\WwwpAQJ.exe
  C:\Windows\System\WwwpAQJ.exe
  2⤵
  PID:2848
- C:\Windows\System\pWVZrYh.exe
  C:\Windows\System\pWVZrYh.exe
  2⤵
  PID:3580
- C:\Windows\System\akMnkZH.exe
  C:\Windows\System\akMnkZH.exe
  2⤵
  PID:4100
- C:\Windows\System\PfNppMm.exe
  C:\Windows\System\PfNppMm.exe
  2⤵
  PID:4152
- C:\Windows\System\cbzjVCg.exe
  C:\Windows\System\cbzjVCg.exe
  2⤵
  PID:3792
- C:\Windows\System\yyMJytN.exe
  C:\Windows\System\yyMJytN.exe
  2⤵
  PID:4164
- C:\Windows\System\yqnUgwj.exe
  C:\Windows\System\yqnUgwj.exe
  2⤵
  PID:1636
- C:\Windows\System\bATLVLR.exe
  C:\Windows\System\bATLVLR.exe
  2⤵
  PID:4268
- C:\Windows\System\obsoAhi.exe
  C:\Windows\System\obsoAhi.exe
  2⤵
  PID:1468
- C:\Windows\System\BEyfCfR.exe
  C:\Windows\System\BEyfCfR.exe
  2⤵
  PID:4248
- C:\Windows\System\VZktCQt.exe
  C:\Windows\System\VZktCQt.exe
  2⤵
  PID:4324
- C:\Windows\System\BcFTNHf.exe
  C:\Windows\System\BcFTNHf.exe
  2⤵
  PID:3032
- C:\Windows\System\AyjdmIl.exe
  C:\Windows\System\AyjdmIl.exe
  2⤵
  PID:4392
- C:\Windows\System\gkNXiPQ.exe
  C:\Windows\System\gkNXiPQ.exe
  2⤵
  PID:4404
- C:\Windows\System\UFgJmgt.exe
  C:\Windows\System\UFgJmgt.exe
  2⤵
  PID:4476
- C:\Windows\System\rNjvYOu.exe
  C:\Windows\System\rNjvYOu.exe
  2⤵
  PID:4452
- C:\Windows\System\GQmXwuj.exe
  C:\Windows\System\GQmXwuj.exe
  2⤵
  PID:4464
- C:\Windows\System\uOCmUOb.exe
  C:\Windows\System\uOCmUOb.exe
  2⤵
  PID:4496
- C:\Windows\System\QOuOtgS.exe
  C:\Windows\System\QOuOtgS.exe
  2⤵
  PID:4576
- C:\Windows\System\MOoRTAu.exe
  C:\Windows\System\MOoRTAu.exe
  2⤵
  PID:4604
- C:\Windows\System\OBTzRcr.exe
  C:\Windows\System\OBTzRcr.exe
  2⤵
  PID:4672
- C:\Windows\System\AtLYTeQ.exe
  C:\Windows\System\AtLYTeQ.exe
  2⤵
  PID:4680
- C:\Windows\System\xERulqO.exe
  C:\Windows\System\xERulqO.exe
  2⤵
  PID:4724
- C:\Windows\System\rSlGeuz.exe
  C:\Windows\System\rSlGeuz.exe
  2⤵
  PID:4756
- C:\Windows\System\VugJlJf.exe
  C:\Windows\System\VugJlJf.exe
  2⤵
  PID:4804
- C:\Windows\System\ehStWmM.exe
  C:\Windows\System\ehStWmM.exe
  2⤵
  PID:4740
- C:\Windows\System\PnOTSxj.exe
  C:\Windows\System\PnOTSxj.exe
  2⤵
  PID:4836
- C:\Windows\System\rkxozzs.exe
  C:\Windows\System\rkxozzs.exe
  2⤵
  PID:4876
- C:\Windows\System\SHQqErB.exe
  C:\Windows\System\SHQqErB.exe
  2⤵
  PID:4916
- C:\Windows\System\AjeOeNa.exe
  C:\Windows\System\AjeOeNa.exe
  2⤵
  PID:4860
- C:\Windows\System\bEvgPRU.exe
  C:\Windows\System\bEvgPRU.exe
  2⤵
  PID:4992
- C:\Windows\System\KsnTICJ.exe
  C:\Windows\System\KsnTICJ.exe
  2⤵
  PID:4940
- C:\Windows\System\JkVJLJz.exe
  C:\Windows\System\JkVJLJz.exe
  2⤵
  PID:5044
- C:\Windows\System\jxPfvWy.exe
  C:\Windows\System\jxPfvWy.exe
  2⤵
  PID:5076
- C:\Windows\System\ImiLdRu.exe
  C:\Windows\System\ImiLdRu.exe
  2⤵
  PID:5060
- C:\Windows\System\xTJzeDr.exe
  C:\Windows\System\xTJzeDr.exe
  2⤵
  PID:3292
- C:\Windows\System\UJfHvXc.exe
  C:\Windows\System\UJfHvXc.exe
  2⤵
  PID:3812
- C:\Windows\System\bEgvNZD.exe
  C:\Windows\System\bEgvNZD.exe
  2⤵
  PID:3084
- C:\Windows\System\cCxGaps.exe
  C:\Windows\System\cCxGaps.exe
  2⤵
  PID:2812
- C:\Windows\System\WlGpnkf.exe
  C:\Windows\System\WlGpnkf.exe
  2⤵
  PID:3252
- C:\Windows\System\JPBBPFO.exe
  C:\Windows\System\JPBBPFO.exe
  2⤵
  PID:4208
- C:\Windows\System\qGihPgR.exe
  C:\Windows\System\qGihPgR.exe
  2⤵
  PID:4316
- C:\Windows\System\hMLnoTB.exe
  C:\Windows\System\hMLnoTB.exe
  2⤵
  PID:1472
- C:\Windows\System\TskFwId.exe
  C:\Windows\System\TskFwId.exe
  2⤵
  PID:4252
- C:\Windows\System\uoqHWle.exe
  C:\Windows\System\uoqHWle.exe
  2⤵
  PID:4344
- C:\Windows\System\nKaSTSd.exe
  C:\Windows\System\nKaSTSd.exe
  2⤵
  PID:4376
- C:\Windows\System\MiAznev.exe
  C:\Windows\System\MiAznev.exe
  2⤵
  PID:4480
- C:\Windows\System\AHbnvVC.exe
  C:\Windows\System\AHbnvVC.exe
  2⤵
  PID:4516
- C:\Windows\System\jSJQYkr.exe
  C:\Windows\System\jSJQYkr.exe
  2⤵
  PID:4592
- C:\Windows\System\PzRQjQK.exe
  C:\Windows\System\PzRQjQK.exe
  2⤵
  PID:4532
- C:\Windows\System\zSaVPxo.exe
  C:\Windows\System\zSaVPxo.exe
  2⤵
  PID:2860
- C:\Windows\System\lljAnnv.exe
  C:\Windows\System\lljAnnv.exe
  2⤵
  PID:3400
- C:\Windows\System\mYvUiAd.exe
  C:\Windows\System\mYvUiAd.exe
  2⤵
  PID:4796
- C:\Windows\System\gmSwznd.exe
  C:\Windows\System\gmSwznd.exe
  2⤵
  PID:4780
- C:\Windows\System\HUeayWP.exe
  C:\Windows\System\HUeayWP.exe
  2⤵
  PID:4736
- C:\Windows\System\ONeXzjE.exe
  C:\Windows\System\ONeXzjE.exe
  2⤵
  PID:2540
- C:\Windows\System\VHrNFdj.exe
  C:\Windows\System\VHrNFdj.exe
  2⤵
  PID:4900
- C:\Windows\System\OrzgTGm.exe
  C:\Windows\System\OrzgTGm.exe
  2⤵
  PID:4920
- C:\Windows\System\rWaKslJ.exe
  C:\Windows\System\rWaKslJ.exe
  2⤵
  PID:4036
- C:\Windows\System\HPCkAWi.exe
  C:\Windows\System\HPCkAWi.exe
  2⤵
  PID:5056
- C:\Windows\System\OKVyhgu.exe
  C:\Windows\System\OKVyhgu.exe
  2⤵
  PID:3976
- C:\Windows\System\gajEshV.exe
  C:\Windows\System\gajEshV.exe
  2⤵
  PID:5100
- C:\Windows\System\EFoIpdV.exe
  C:\Windows\System\EFoIpdV.exe
  2⤵
  PID:3860
- C:\Windows\System\ifbBtpG.exe
  C:\Windows\System\ifbBtpG.exe
  2⤵
  PID:4184
- C:\Windows\System\iOiUGhr.exe
  C:\Windows\System\iOiUGhr.exe
  2⤵
  PID:4144
- C:\Windows\System\hGzkNOk.exe
  C:\Windows\System\hGzkNOk.exe
  2⤵
  PID:4436
- C:\Windows\System\TvPAWxC.exe
  C:\Windows\System\TvPAWxC.exe
  2⤵
  PID:4416
- C:\Windows\System\MSdVjZP.exe
  C:\Windows\System\MSdVjZP.exe
  2⤵
  PID:4356
- C:\Windows\System\gWFqMvG.exe
  C:\Windows\System\gWFqMvG.exe
  2⤵
  PID:4556
- C:\Windows\System\wCSyEMw.exe
  C:\Windows\System\wCSyEMw.exe
  2⤵
  PID:2652
- C:\Windows\System\FlssMmI.exe
  C:\Windows\System\FlssMmI.exe
  2⤵
  PID:3036
- C:\Windows\System\sVIjLly.exe
  C:\Windows\System\sVIjLly.exe
  2⤵
  PID:2712
- C:\Windows\System\zGPVlpW.exe
  C:\Windows\System\zGPVlpW.exe
  2⤵
  PID:4600
- C:\Windows\System\WOICwNS.exe
  C:\Windows\System\WOICwNS.exe
  2⤵
  PID:4684
- C:\Windows\System\bZLJsQt.exe
  C:\Windows\System\bZLJsQt.exe
  2⤵
  PID:4772
- C:\Windows\System\NZjxmva.exe
  C:\Windows\System\NZjxmva.exe
  2⤵
  PID:4980
- C:\Windows\System\OpYitaQ.exe
  C:\Windows\System\OpYitaQ.exe
  2⤵
  PID:4856
- C:\Windows\System\WhlyLRa.exe
  C:\Windows\System\WhlyLRa.exe
  2⤵
  PID:4976
- C:\Windows\System\qqJgkXU.exe
  C:\Windows\System\qqJgkXU.exe
  2⤵
  PID:2640
- C:\Windows\System\cOObEbT.exe
  C:\Windows\System\cOObEbT.exe
  2⤵
  PID:2356
- C:\Windows\System\UwYSKGA.exe
  C:\Windows\System\UwYSKGA.exe
  2⤵
  PID:2196
- C:\Windows\System\KVDSlcX.exe
  C:\Windows\System\KVDSlcX.exe
  2⤵
  PID:1072
- C:\Windows\System\MrPjBDV.exe
  C:\Windows\System\MrPjBDV.exe
  2⤵
  PID:4420
- C:\Windows\System\NkAsEXB.exe
  C:\Windows\System\NkAsEXB.exe
  2⤵
  PID:2868
- C:\Windows\System\AhYgQyP.exe
  C:\Windows\System\AhYgQyP.exe
  2⤵
  PID:2476
- C:\Windows\System\OGbIrKo.exe
  C:\Windows\System\OGbIrKo.exe
  2⤵
  PID:4588
- C:\Windows\System\pqqytbO.exe
  C:\Windows\System\pqqytbO.exe
  2⤵
  PID:1708
- C:\Windows\System\YdfvZPQ.exe
  C:\Windows\System\YdfvZPQ.exe
  2⤵
  PID:2852
- C:\Windows\System\IhUDLZb.exe
  C:\Windows\System\IhUDLZb.exe
  2⤵
  PID:4956
- C:\Windows\System\dPoxVAz.exe
  C:\Windows\System\dPoxVAz.exe
  2⤵
  PID:5072
- C:\Windows\System\nJqSJjl.exe
  C:\Windows\System\nJqSJjl.exe
  2⤵
  PID:5092
- C:\Windows\System\nCgIKEH.exe
  C:\Windows\System\nCgIKEH.exe
  2⤵
  PID:1236
- C:\Windows\System\lzlRzbM.exe
  C:\Windows\System\lzlRzbM.exe
  2⤵
  PID:4936
- C:\Windows\System\WeotPlW.exe
  C:\Windows\System\WeotPlW.exe
  2⤵
  PID:4340
- C:\Windows\System\NOfKleN.exe
  C:\Windows\System\NOfKleN.exe
  2⤵
  PID:4636
- C:\Windows\System\yuXNlVp.exe
  C:\Windows\System\yuXNlVp.exe
  2⤵
  PID:2472
- C:\Windows\System\LWOLsKc.exe
  C:\Windows\System\LWOLsKc.exe
  2⤵
  PID:2688
- C:\Windows\System\imkBVOG.exe
  C:\Windows\System\imkBVOG.exe
  2⤵
  PID:5080
- C:\Windows\System\CEyVFJH.exe
  C:\Windows\System\CEyVFJH.exe
  2⤵
  PID:1244
- C:\Windows\System\JktIUmG.exe
  C:\Windows\System\JktIUmG.exe
  2⤵
  PID:4220
- C:\Windows\System\JrVOYLp.exe
  C:\Windows\System\JrVOYLp.exe
  2⤵
  PID:3288
- C:\Windows\System\jsBzNwN.exe
  C:\Windows\System\jsBzNwN.exe
  2⤵
  PID:4620
- C:\Windows\System\gUUAgTB.exe
  C:\Windows\System\gUUAgTB.exe
  2⤵
  PID:2220
- C:\Windows\System\scLyJKm.exe
  C:\Windows\System\scLyJKm.exe
  2⤵
  PID:4952
- C:\Windows\System\ccEigfA.exe
  C:\Windows\System\ccEigfA.exe
  2⤵
  PID:1772
- C:\Windows\System\zupRHNQ.exe
  C:\Windows\System\zupRHNQ.exe
  2⤵
  PID:2920
- C:\Windows\System\FJVzpgZ.exe
  C:\Windows\System\FJVzpgZ.exe
  2⤵
  PID:2700
- C:\Windows\System\dUMNjMY.exe
  C:\Windows\System\dUMNjMY.exe
  2⤵
  PID:2600
- C:\Windows\System\Kmxiscx.exe
  C:\Windows\System\Kmxiscx.exe
  2⤵
  PID:5132
- C:\Windows\System\cVFpxmY.exe
  C:\Windows\System\cVFpxmY.exe
  2⤵
  PID:5152
- C:\Windows\System\tchiOoA.exe
  C:\Windows\System\tchiOoA.exe
  2⤵
  PID:5168
- C:\Windows\System\DIylXDD.exe
  C:\Windows\System\DIylXDD.exe
  2⤵
  PID:5184
- C:\Windows\System\nqdlZQj.exe
  C:\Windows\System\nqdlZQj.exe
  2⤵
  PID:5200
- C:\Windows\System\zLZCvEv.exe
  C:\Windows\System\zLZCvEv.exe
  2⤵
  PID:5216
- C:\Windows\System\YRcqcnB.exe
  C:\Windows\System\YRcqcnB.exe
  2⤵
  PID:5232
- C:\Windows\System\lvGTsgj.exe
  C:\Windows\System\lvGTsgj.exe
  2⤵
  PID:5248
- C:\Windows\System\lflFzVU.exe
  C:\Windows\System\lflFzVU.exe
  2⤵
  PID:5264
- C:\Windows\System\vvESjPN.exe
  C:\Windows\System\vvESjPN.exe
  2⤵
  PID:5292
- C:\Windows\System\JNxQAzL.exe
  C:\Windows\System\JNxQAzL.exe
  2⤵
  PID:5308
- C:\Windows\System\bbdYDMP.exe
  C:\Windows\System\bbdYDMP.exe
  2⤵
  PID:5324
- C:\Windows\System\LnnjvHP.exe
  C:\Windows\System\LnnjvHP.exe
  2⤵
  PID:5372
- C:\Windows\System\pgiFXov.exe
  C:\Windows\System\pgiFXov.exe
  2⤵
  PID:5396
- C:\Windows\System\yApsilE.exe
  C:\Windows\System\yApsilE.exe
  2⤵
  PID:5424
- C:\Windows\System\xQLKxvh.exe
  C:\Windows\System\xQLKxvh.exe
  2⤵
  PID:5440
- C:\Windows\System\ImOXYUl.exe
  C:\Windows\System\ImOXYUl.exe
  2⤵
  PID:5456
- C:\Windows\System\KyxSxoN.exe
  C:\Windows\System\KyxSxoN.exe
  2⤵
  PID:5472
- C:\Windows\System\qdQKvZD.exe
  C:\Windows\System\qdQKvZD.exe
  2⤵
  PID:5488
- C:\Windows\System\wGCSFJW.exe
  C:\Windows\System\wGCSFJW.exe
  2⤵
  PID:5504
- C:\Windows\System\RTJYJiz.exe
  C:\Windows\System\RTJYJiz.exe
  2⤵
  PID:5524
- C:\Windows\System\GrvJOYU.exe
  C:\Windows\System\GrvJOYU.exe
  2⤵
  PID:5544
- C:\Windows\System\NPYaLdp.exe
  C:\Windows\System\NPYaLdp.exe
  2⤵
  PID:5564
- C:\Windows\System\kNlKOmH.exe
  C:\Windows\System\kNlKOmH.exe
  2⤵
  PID:5588
- C:\Windows\System\jLAbuid.exe
  C:\Windows\System\jLAbuid.exe
  2⤵
  PID:5624
- C:\Windows\System\kpZcsLi.exe
  C:\Windows\System\kpZcsLi.exe
  2⤵
  PID:5640
- C:\Windows\System\SWREClg.exe
  C:\Windows\System\SWREClg.exe
  2⤵
  PID:5668
- C:\Windows\System\DuamrmH.exe
  C:\Windows\System\DuamrmH.exe
  2⤵
  PID:5684
- C:\Windows\System\uIqmbJY.exe
  C:\Windows\System\uIqmbJY.exe
  2⤵
  PID:5700
- C:\Windows\System\BJQbuqj.exe
  C:\Windows\System\BJQbuqj.exe
  2⤵
  PID:5724
- C:\Windows\System\miosNjR.exe
  C:\Windows\System\miosNjR.exe
  2⤵
  PID:5748
- C:\Windows\System\dRkLzUf.exe
  C:\Windows\System\dRkLzUf.exe
  2⤵
  PID:5768
- C:\Windows\System\IcKATXU.exe
  C:\Windows\System\IcKATXU.exe
  2⤵
  PID:5784
- C:\Windows\System\SdIxFEa.exe
  C:\Windows\System\SdIxFEa.exe
  2⤵
  PID:5800
- C:\Windows\System\XtCjAPK.exe
  C:\Windows\System\XtCjAPK.exe
  2⤵
  PID:5816
- C:\Windows\System\eRbYQWU.exe
  C:\Windows\System\eRbYQWU.exe
  2⤵
  PID:5832
- C:\Windows\System\tQTxFuK.exe
  C:\Windows\System\tQTxFuK.exe
  2⤵
  PID:5868
- C:\Windows\System\oyibRZo.exe
  C:\Windows\System\oyibRZo.exe
  2⤵
  PID:5888
- C:\Windows\System\ixBAEtk.exe
  C:\Windows\System\ixBAEtk.exe
  2⤵
  PID:5912
- C:\Windows\System\yszviPW.exe
  C:\Windows\System\yszviPW.exe
  2⤵
  PID:5928
- C:\Windows\System\HerGWSI.exe
  C:\Windows\System\HerGWSI.exe
  2⤵
  PID:5944
- C:\Windows\System\KJwLhSO.exe
  C:\Windows\System\KJwLhSO.exe
  2⤵
  PID:5960
- C:\Windows\System\ROfprZF.exe
  C:\Windows\System\ROfprZF.exe
  2⤵
  PID:5976
- C:\Windows\System\GZzwvCN.exe
  C:\Windows\System\GZzwvCN.exe
  2⤵
  PID:5992
- C:\Windows\System\ZGAhCSR.exe
  C:\Windows\System\ZGAhCSR.exe
  2⤵
  PID:6012
- C:\Windows\System\IyMTaaC.exe
  C:\Windows\System\IyMTaaC.exe
  2⤵
  PID:6032
- C:\Windows\System\tHobDHB.exe
  C:\Windows\System\tHobDHB.exe
  2⤵
  PID:6048
- C:\Windows\System\CGTkWax.exe
  C:\Windows\System\CGTkWax.exe
  2⤵
  PID:6072
- C:\Windows\System\azEZCtm.exe
  C:\Windows\System\azEZCtm.exe
  2⤵
  PID:6104
- C:\Windows\System\vwzDouf.exe
  C:\Windows\System\vwzDouf.exe
  2⤵
  PID:6120
- C:\Windows\System\vcjQIws.exe
  C:\Windows\System\vcjQIws.exe
  2⤵
  PID:1920
- C:\Windows\System\HiNVNyR.exe
  C:\Windows\System\HiNVNyR.exe
  2⤵
  PID:5128
- C:\Windows\System\ICSohkQ.exe
  C:\Windows\System\ICSohkQ.exe
  2⤵
  PID:5144
- C:\Windows\System\WjXYqgS.exe
  C:\Windows\System\WjXYqgS.exe
  2⤵
  PID:5212
- C:\Windows\System\pGxUYcj.exe
  C:\Windows\System\pGxUYcj.exe
  2⤵
  PID:5192
- C:\Windows\System\MwyYzaC.exe
  C:\Windows\System\MwyYzaC.exe
  2⤵
  PID:5280
- C:\Windows\System\sOpEkda.exe
  C:\Windows\System\sOpEkda.exe
  2⤵
  PID:5300
- C:\Windows\System\pemqjby.exe
  C:\Windows\System\pemqjby.exe
  2⤵
  PID:5344
- C:\Windows\System\nInxMnU.exe
  C:\Windows\System\nInxMnU.exe
  2⤵
  PID:5320
- C:\Windows\System\nATeTuJ.exe
  C:\Windows\System\nATeTuJ.exe
  2⤵
  PID:5388
- C:\Windows\System\ODUfSqj.exe
  C:\Windows\System\ODUfSqj.exe
  2⤵
  PID:5408
- C:\Windows\System\iLmOPmn.exe
  C:\Windows\System\iLmOPmn.exe
  2⤵
  PID:5484
- C:\Windows\System\LOFwSEF.exe
  C:\Windows\System\LOFwSEF.exe
  2⤵
  PID:5436
- C:\Windows\System\yPfEzFc.exe
  C:\Windows\System\yPfEzFc.exe
  2⤵
  PID:2496
- C:\Windows\System\zuHjmuJ.exe
  C:\Windows\System\zuHjmuJ.exe
  2⤵
  PID:5536
- C:\Windows\System\kiVQwno.exe
  C:\Windows\System\kiVQwno.exe
  2⤵
  PID:5580
- C:\Windows\System\alKlqSG.exe
  C:\Windows\System\alKlqSG.exe
  2⤵
  PID:5620
- C:\Windows\System\RfKyCQh.exe
  C:\Windows\System\RfKyCQh.exe
  2⤵
  PID:5652
- C:\Windows\System\dtuWbNR.exe
  C:\Windows\System\dtuWbNR.exe
  2⤵
  PID:5680
- C:\Windows\System\HMWyjCb.exe
  C:\Windows\System\HMWyjCb.exe
  2⤵
  PID:5716
- C:\Windows\System\CZEJohm.exe
  C:\Windows\System\CZEJohm.exe
  2⤵
  PID:5736
- C:\Windows\System\VVamjCR.exe
  C:\Windows\System\VVamjCR.exe
  2⤵
  PID:2200
- C:\Windows\System\ZiBwjAr.exe
  C:\Windows\System\ZiBwjAr.exe
  2⤵
  PID:5824
- C:\Windows\System\qKDHfkG.exe
  C:\Windows\System\qKDHfkG.exe
  2⤵
  PID:5780
- C:\Windows\System\CgoixaI.exe
  C:\Windows\System\CgoixaI.exe
  2⤵
  PID:5864
- C:\Windows\System\eNSPrCq.exe
  C:\Windows\System\eNSPrCq.exe
  2⤵
  PID:5900
- C:\Windows\System\YaPoHqS.exe
  C:\Windows\System\YaPoHqS.exe
  2⤵
  PID:5940
- C:\Windows\System\eBGIudA.exe
  C:\Windows\System\eBGIudA.exe
  2⤵
  PID:6004
- C:\Windows\System\yrGbkWP.exe
  C:\Windows\System\yrGbkWP.exe
  2⤵
  PID:6080
- C:\Windows\System\SDcnMJF.exe
  C:\Windows\System\SDcnMJF.exe
  2⤵
  PID:5988
- C:\Windows\System\jLczyIU.exe
  C:\Windows\System\jLczyIU.exe
  2⤵
  PID:6096
- C:\Windows\System\CNkAvPf.exe
  C:\Windows\System\CNkAvPf.exe
  2⤵
  PID:6056
- C:\Windows\System\vIErnxP.exe
  C:\Windows\System\vIErnxP.exe
  2⤵
  PID:6084
- C:\Windows\System\rlLlNDq.exe
  C:\Windows\System\rlLlNDq.exe
  2⤵
  PID:6140
- C:\Windows\System\UmbWZIu.exe
  C:\Windows\System\UmbWZIu.exe
  2⤵
  PID:1488
- C:\Windows\System\BJtPbAE.exe
  C:\Windows\System\BJtPbAE.exe
  2⤵
  PID:5288
- C:\Windows\System\oLMqvbj.exe
  C:\Windows\System\oLMqvbj.exe
  2⤵
  PID:5276
- C:\Windows\System\zGaSWgo.exe
  C:\Windows\System\zGaSWgo.exe
  2⤵
  PID:5340
- C:\Windows\System\GoBZcQI.exe
  C:\Windows\System\GoBZcQI.exe
  2⤵
  PID:5364
- C:\Windows\System\QHARsvS.exe
  C:\Windows\System\QHARsvS.exe
  2⤵
  PID:4292
- C:\Windows\System\fiCAcEa.exe
  C:\Windows\System\fiCAcEa.exe
  2⤵
  PID:1692
- C:\Windows\System\PhqCmVA.exe
  C:\Windows\System\PhqCmVA.exe
  2⤵
  PID:5560
- C:\Windows\System\coNzWvN.exe
  C:\Windows\System\coNzWvN.exe
  2⤵
  PID:5468
- C:\Windows\System\gwPFOxI.exe
  C:\Windows\System\gwPFOxI.exe
  2⤵
  PID:5648
- C:\Windows\System\nQsYdoV.exe
  C:\Windows\System\nQsYdoV.exe
  2⤵
  PID:5708
- C:\Windows\System\jLxpGZz.exe
  C:\Windows\System\jLxpGZz.exe
  2⤵
  PID:2012
- C:\Windows\System\AQbYkVb.exe
  C:\Windows\System\AQbYkVb.exe
  2⤵
  PID:5732
- C:\Windows\System\SswEozA.exe
  C:\Windows\System\SswEozA.exe
  2⤵
  PID:5760
- C:\Windows\System\DAfCVHh.exe
  C:\Windows\System\DAfCVHh.exe
  2⤵
  PID:5876
- C:\Windows\System\SzzfOEt.exe
  C:\Windows\System\SzzfOEt.exe
  2⤵
  PID:5956
- C:\Windows\System\tuBUSfX.exe
  C:\Windows\System\tuBUSfX.exe
  2⤵
  PID:5936
- C:\Windows\System\XWvWgMN.exe
  C:\Windows\System\XWvWgMN.exe
  2⤵
  PID:2880
- C:\Windows\System\FrasCyq.exe
  C:\Windows\System\FrasCyq.exe
  2⤵
  PID:5004
- C:\Windows\System\hqbuxDZ.exe
  C:\Windows\System\hqbuxDZ.exe
  2⤵
  PID:6044
- C:\Windows\System\gLflkkR.exe
  C:\Windows\System\gLflkkR.exe
  2⤵
  PID:6092
- C:\Windows\System\OElugoT.exe
  C:\Windows\System\OElugoT.exe
  2⤵
  PID:5332
- C:\Windows\System\PUUJlQN.exe
  C:\Windows\System\PUUJlQN.exe
  2⤵
  PID:5384
- C:\Windows\System\JqZMEUe.exe
  C:\Windows\System\JqZMEUe.exe
  2⤵
  PID:5404
- C:\Windows\System\CyhaakM.exe
  C:\Windows\System\CyhaakM.exe
  2⤵
  PID:5600
- C:\Windows\System\xdurCyp.exe
  C:\Windows\System\xdurCyp.exe
  2⤵
  PID:5448
- C:\Windows\System\fGkJkik.exe
  C:\Windows\System\fGkJkik.exe
  2⤵
  PID:5756
- C:\Windows\System\ExeQDtt.exe
  C:\Windows\System\ExeQDtt.exe
  2⤵
  PID:5696
- C:\Windows\System\AMtMMBl.exe
  C:\Windows\System\AMtMMBl.exe
  2⤵
  PID:5840
- C:\Windows\System\YglwHja.exe
  C:\Windows\System\YglwHja.exe
  2⤵
  PID:6132
- C:\Windows\System\sETtkvZ.exe
  C:\Windows\System\sETtkvZ.exe
  2⤵
  PID:4560
- C:\Windows\System\ZRVephp.exe
  C:\Windows\System\ZRVephp.exe
  2⤵
  PID:5416
- C:\Windows\System\EcvoYWt.exe
  C:\Windows\System\EcvoYWt.exe
  2⤵
  PID:4660
- C:\Windows\System\zBBauBu.exe
  C:\Windows\System\zBBauBu.exe
  2⤵
  PID:5532
- C:\Windows\System\QIFpNdY.exe
  C:\Windows\System\QIFpNdY.exe
  2⤵
  PID:5208
- C:\Windows\System\bGOTsmJ.exe
  C:\Windows\System\bGOTsmJ.exe
  2⤵
  PID:6068
- C:\Windows\System\cVIDbDL.exe
  C:\Windows\System\cVIDbDL.exe
  2⤵
  PID:5432
- C:\Windows\System\vPDhODN.exe
  C:\Windows\System\vPDhODN.exe
  2⤵
  PID:5972
- C:\Windows\System\SryTROF.exe
  C:\Windows\System\SryTROF.exe
  2⤵
  PID:6116
- C:\Windows\System\rdIHsps.exe
  C:\Windows\System\rdIHsps.exe
  2⤵
  PID:5516
- C:\Windows\System\IdbnaWF.exe
  C:\Windows\System\IdbnaWF.exe
  2⤵
  PID:5664
- C:\Windows\System\yIKRZIW.exe
  C:\Windows\System\yIKRZIW.exe
  2⤵
  PID:5856
- C:\Windows\System\CYkDCbd.exe
  C:\Windows\System\CYkDCbd.exe
  2⤵
  PID:5228
- C:\Windows\System\qQCcITL.exe
  C:\Windows\System\qQCcITL.exe
  2⤵
  PID:5576
- C:\Windows\System\hSnizic.exe
  C:\Windows\System\hSnizic.exe
  2⤵
  PID:5848
- C:\Windows\System\vSdywhH.exe
  C:\Windows\System\vSdywhH.exe
  2⤵
  PID:5880
- C:\Windows\System\ZVUjHUD.exe
  C:\Windows\System\ZVUjHUD.exe
  2⤵
  PID:5256
- C:\Windows\System\veFwITK.exe
  C:\Windows\System\veFwITK.exe
  2⤵
  PID:6168
- C:\Windows\System\vCmXqWR.exe
  C:\Windows\System\vCmXqWR.exe
  2⤵
  PID:6184
- C:\Windows\System\slSLKLs.exe
  C:\Windows\System\slSLKLs.exe
  2⤵
  PID:6200
- C:\Windows\System\NuSpwEO.exe
  C:\Windows\System\NuSpwEO.exe
  2⤵
  PID:6216
- C:\Windows\System\JFikCJF.exe
  C:\Windows\System\JFikCJF.exe
  2⤵
  PID:6240
- C:\Windows\System\yBTxiKq.exe
  C:\Windows\System\yBTxiKq.exe
  2⤵
  PID:6260
- C:\Windows\System\PbyAchB.exe
  C:\Windows\System\PbyAchB.exe
  2⤵
  PID:6280
- C:\Windows\System\CqzXits.exe
  C:\Windows\System\CqzXits.exe
  2⤵
  PID:6300
- C:\Windows\System\hYFnOwJ.exe
  C:\Windows\System\hYFnOwJ.exe
  2⤵
  PID:6320
- C:\Windows\System\QbsOUev.exe
  C:\Windows\System\QbsOUev.exe
  2⤵
  PID:6340
- C:\Windows\System\XqFMcVB.exe
  C:\Windows\System\XqFMcVB.exe
  2⤵
  PID:6356
- C:\Windows\System\naRxMfG.exe
  C:\Windows\System\naRxMfG.exe
  2⤵
  PID:6372
- C:\Windows\System\tRuZXMx.exe
  C:\Windows\System\tRuZXMx.exe
  2⤵
  PID:6396
- C:\Windows\System\MwRoIaW.exe
  C:\Windows\System\MwRoIaW.exe
  2⤵
  PID:6416
- C:\Windows\System\iPDRLSg.exe
  C:\Windows\System\iPDRLSg.exe
  2⤵
  PID:6432
- C:\Windows\System\sxYdnOp.exe
  C:\Windows\System\sxYdnOp.exe
  2⤵
  PID:6448
- C:\Windows\System\MWeZQUz.exe
  C:\Windows\System\MWeZQUz.exe
  2⤵
  PID:6464
- C:\Windows\System\ZQqVOPC.exe
  C:\Windows\System\ZQqVOPC.exe
  2⤵
  PID:6496
- C:\Windows\System\lzavDGQ.exe
  C:\Windows\System\lzavDGQ.exe
  2⤵
  PID:6516
- C:\Windows\System\ZkxYSHy.exe
  C:\Windows\System\ZkxYSHy.exe
  2⤵
  PID:6532
- C:\Windows\System\tBitWPw.exe
  C:\Windows\System\tBitWPw.exe
  2⤵
  PID:6552
- C:\Windows\System\OJhVApD.exe
  C:\Windows\System\OJhVApD.exe
  2⤵
  PID:6568
- C:\Windows\System\wHXlawM.exe
  C:\Windows\System\wHXlawM.exe
  2⤵
  PID:6600
- C:\Windows\System\XYrPrMr.exe
  C:\Windows\System\XYrPrMr.exe
  2⤵
  PID:6616
- C:\Windows\System\EUNANHZ.exe
  C:\Windows\System\EUNANHZ.exe
  2⤵
  PID:6632
- C:\Windows\System\GblHeVb.exe
  C:\Windows\System\GblHeVb.exe
  2⤵
  PID:6648
- C:\Windows\System\dHHVinB.exe
  C:\Windows\System\dHHVinB.exe
  2⤵
  PID:6664
- C:\Windows\System\AqVSNhR.exe
  C:\Windows\System\AqVSNhR.exe
  2⤵
  PID:6688
- C:\Windows\System\BryyyjU.exe
  C:\Windows\System\BryyyjU.exe
  2⤵
  PID:6724
- C:\Windows\System\wgGNRDf.exe
  C:\Windows\System\wgGNRDf.exe
  2⤵
  PID:6740
- C:\Windows\System\tdQyNnk.exe
  C:\Windows\System\tdQyNnk.exe
  2⤵
  PID:6756
- C:\Windows\System\yddYeIf.exe
  C:\Windows\System\yddYeIf.exe
  2⤵
  PID:6776
- C:\Windows\System\XagYQlj.exe
  C:\Windows\System\XagYQlj.exe
  2⤵
  PID:6792
- C:\Windows\System\wSwGTda.exe
  C:\Windows\System\wSwGTda.exe
  2⤵
  PID:6808
- C:\Windows\System\HYWazLi.exe
  C:\Windows\System\HYWazLi.exe
  2⤵
  PID:6832
- C:\Windows\System\EyiNfJN.exe
  C:\Windows\System\EyiNfJN.exe
  2⤵
  PID:6852
- C:\Windows\System\UESpysG.exe
  C:\Windows\System\UESpysG.exe
  2⤵
  PID:6868
- C:\Windows\System\BNCboxy.exe
  C:\Windows\System\BNCboxy.exe
  2⤵
  PID:6884
- C:\Windows\System\ZgaQgpt.exe
  C:\Windows\System\ZgaQgpt.exe
  2⤵
  PID:6900
- C:\Windows\System\BtZIdfw.exe
  C:\Windows\System\BtZIdfw.exe
  2⤵
  PID:6916
- C:\Windows\System\ljhRchz.exe
  C:\Windows\System\ljhRchz.exe
  2⤵
  PID:6936
- C:\Windows\System\CttXAyv.exe
  C:\Windows\System\CttXAyv.exe
  2⤵
  PID:6956
- C:\Windows\System\nVGIyNY.exe
  C:\Windows\System\nVGIyNY.exe
  2⤵
  PID:6976
- C:\Windows\System\PKCJUwf.exe
  C:\Windows\System\PKCJUwf.exe
  2⤵
  PID:7036
- C:\Windows\System\uSGbFsj.exe
  C:\Windows\System\uSGbFsj.exe
  2⤵
  PID:7056
- C:\Windows\System\LWJbdRg.exe
  C:\Windows\System\LWJbdRg.exe
  2⤵
  PID:7072
- C:\Windows\System\HXsZbRM.exe
  C:\Windows\System\HXsZbRM.exe
  2⤵
  PID:7092
- C:\Windows\System\YbgmZOF.exe
  C:\Windows\System\YbgmZOF.exe
  2⤵
  PID:7112
- C:\Windows\System\ECnxrUW.exe
  C:\Windows\System\ECnxrUW.exe
  2⤵
  PID:7128
- C:\Windows\System\HFsIEFl.exe
  C:\Windows\System\HFsIEFl.exe
  2⤵
  PID:7144
- C:\Windows\System\NMYotpi.exe
  C:\Windows\System\NMYotpi.exe
  2⤵
  PID:7160
- C:\Windows\System\SMsgmVR.exe
  C:\Windows\System\SMsgmVR.exe
  2⤵
  PID:6088
- C:\Windows\System\oLjrtbB.exe
  C:\Windows\System\oLjrtbB.exe
  2⤵
  PID:6160
- C:\Windows\System\dZwYdSc.exe
  C:\Windows\System\dZwYdSc.exe
  2⤵
  PID:6152
- C:\Windows\System\TSEzbgS.exe
  C:\Windows\System\TSEzbgS.exe
  2⤵
  PID:6232
- C:\Windows\System\zVVTfDg.exe
  C:\Windows\System\zVVTfDg.exe
  2⤵
  PID:6208
- C:\Windows\System\EqYlsur.exe
  C:\Windows\System\EqYlsur.exe
  2⤵
  PID:6252
- C:\Windows\System\lFbLPic.exe
  C:\Windows\System\lFbLPic.exe
  2⤵
  PID:6248
- C:\Windows\System\kanSaGl.exe
  C:\Windows\System\kanSaGl.exe
  2⤵
  PID:6428
- C:\Windows\System\ynhkpRN.exe
  C:\Windows\System\ynhkpRN.exe
  2⤵
  PID:6508
- C:\Windows\System\FEaLfJX.exe
  C:\Windows\System\FEaLfJX.exe
  2⤵
  PID:6472
- C:\Windows\System\EDheWpA.exe
  C:\Windows\System\EDheWpA.exe
  2⤵
  PID:6488
- C:\Windows\System\OcIwZPg.exe
  C:\Windows\System\OcIwZPg.exe
  2⤵
  PID:6540
- C:\Windows\System\wHtlakd.exe
  C:\Windows\System\wHtlakd.exe
  2⤵
  PID:6588
- C:\Windows\System\iVFXppI.exe
  C:\Windows\System\iVFXppI.exe
  2⤵
  PID:6524
- C:\Windows\System\oafrKAn.exe
  C:\Windows\System\oafrKAn.exe
  2⤵
  PID:6656
- C:\Windows\System\HnRGQDB.exe
  C:\Windows\System\HnRGQDB.exe
  2⤵
  PID:6700
- C:\Windows\System\WUGzTXo.exe
  C:\Windows\System\WUGzTXo.exe
  2⤵
  PID:6676
- C:\Windows\System\nzFTnsD.exe
  C:\Windows\System\nzFTnsD.exe
  2⤵
  PID:6708
- C:\Windows\System\wlbncyp.exe
  C:\Windows\System\wlbncyp.exe
  2⤵
  PID:6748
- C:\Windows\System\bbZcjTz.exe
  C:\Windows\System\bbZcjTz.exe
  2⤵
  PID:6752
- C:\Windows\System\Jyqbokm.exe
  C:\Windows\System\Jyqbokm.exe
  2⤵
  PID:6816
- C:\Windows\System\yXuFjEN.exe
  C:\Windows\System\yXuFjEN.exe
  2⤵
  PID:6964
- C:\Windows\System\UbEWiTu.exe
  C:\Windows\System\UbEWiTu.exe
  2⤵
  PID:6736
- C:\Windows\System\dUjXFny.exe
  C:\Windows\System\dUjXFny.exe
  2⤵
  PID:6848
- C:\Windows\System\JlGMYGy.exe
  C:\Windows\System\JlGMYGy.exe
  2⤵
  PID:6996
- C:\Windows\System\AGfKQgi.exe
  C:\Windows\System\AGfKQgi.exe
  2⤵
  PID:6948
- C:\Windows\System\BiHelmB.exe
  C:\Windows\System\BiHelmB.exe
  2⤵
  PID:7016
- C:\Windows\System\BjBCPzG.exe
  C:\Windows\System\BjBCPzG.exe
  2⤵
  PID:7032
- C:\Windows\System\XtBmFPl.exe
  C:\Windows\System\XtBmFPl.exe
  2⤵
  PID:7080
- C:\Windows\System\xyXfacL.exe
  C:\Windows\System\xyXfacL.exe
  2⤵
  PID:7120
- C:\Windows\System\Gdpftel.exe
  C:\Windows\System\Gdpftel.exe
  2⤵
  PID:7156
- C:\Windows\System\SCxVNLU.exe
  C:\Windows\System\SCxVNLU.exe
  2⤵
  PID:7136
- C:\Windows\System\Dydbtad.exe
  C:\Windows\System\Dydbtad.exe
  2⤵
  PID:6388
- C:\Windows\System\KfjoJOF.exe
  C:\Windows\System\KfjoJOF.exe
  2⤵
  PID:6148
- C:\Windows\System\XcqDksu.exe
  C:\Windows\System\XcqDksu.exe
  2⤵
  PID:6440
- C:\Windows\System\WOSKtRs.exe
  C:\Windows\System\WOSKtRs.exe
  2⤵
  PID:6316
- C:\Windows\System\SGYVMFh.exe
  C:\Windows\System\SGYVMFh.exe
  2⤵
  PID:6288
- C:\Windows\System\OvKDqIX.exe
  C:\Windows\System\OvKDqIX.exe
  2⤵
  PID:6408
- C:\Windows\System\qRkLbjY.exe
  C:\Windows\System\qRkLbjY.exe
  2⤵
  PID:6560
- C:\Windows\System\nIKLREe.exe
  C:\Windows\System\nIKLREe.exe
  2⤵
  PID:6480
- C:\Windows\System\rhVFLPR.exe
  C:\Windows\System\rhVFLPR.exe
  2⤵
  PID:6696
- C:\Windows\System\CPUPPqI.exe
  C:\Windows\System\CPUPPqI.exe
  2⤵
  PID:6704
- C:\Windows\System\yKPscfn.exe
  C:\Windows\System\yKPscfn.exe
  2⤵
  PID:6732
- C:\Windows\System\XpLYvcC.exe
  C:\Windows\System\XpLYvcC.exe
  2⤵
  PID:6892
- C:\Windows\System\khCSNSD.exe
  C:\Windows\System\khCSNSD.exe
  2⤵
  PID:6928
- C:\Windows\System\pmkSUQU.exe
  C:\Windows\System\pmkSUQU.exe
  2⤵
  PID:6804
- C:\Windows\System\DFbwmwU.exe
  C:\Windows\System\DFbwmwU.exe
  2⤵
  PID:6912
- C:\Windows\System\QGTYkLb.exe
  C:\Windows\System\QGTYkLb.exe
  2⤵
  PID:7084
- C:\Windows\System\FenYTPt.exe
  C:\Windows\System\FenYTPt.exe
  2⤵
  PID:6424
- C:\Windows\System\SPGvDpN.exe
  C:\Windows\System\SPGvDpN.exe
  2⤵
  PID:7012
- C:\Windows\System\QTASUJT.exe
  C:\Windows\System\QTASUJT.exe
  2⤵
  PID:6308
- C:\Windows\System\bcDeVjy.exe
  C:\Windows\System\bcDeVjy.exe
  2⤵
  PID:6412
- C:\Windows\System\KhaSeHN.exe
  C:\Windows\System\KhaSeHN.exe
  2⤵
  PID:6312
- C:\Windows\System\OsfYMUV.exe
  C:\Windows\System\OsfYMUV.exe
  2⤵
  PID:6576
- C:\Windows\System\pKuASlb.exe
  C:\Windows\System\pKuASlb.exe
  2⤵
  PID:6456
- C:\Windows\System\ClsDJaL.exe
  C:\Windows\System\ClsDJaL.exe
  2⤵
  PID:6860
- C:\Windows\System\cSyTgwO.exe
  C:\Windows\System\cSyTgwO.exe
  2⤵
  PID:6624
- C:\Windows\System\iqKmYTA.exe
  C:\Windows\System\iqKmYTA.exe
  2⤵
  PID:6156
- C:\Windows\System\PUXpeiW.exe
  C:\Windows\System\PUXpeiW.exe
  2⤵
  PID:6672
- C:\Windows\System\GlHagYH.exe
  C:\Windows\System\GlHagYH.exe
  2⤵
  PID:6840
- C:\Windows\System\DwcrTGC.exe
  C:\Windows\System\DwcrTGC.exe
  2⤵
  PID:7124
- C:\Windows\System\kfLCxVv.exe
  C:\Windows\System\kfLCxVv.exe
  2⤵
  PID:6984
- C:\Windows\System\dRxgBFq.exe
  C:\Windows\System\dRxgBFq.exe
  2⤵
  PID:6460
- C:\Windows\System\tLClXQi.exe
  C:\Windows\System\tLClXQi.exe
  2⤵
  PID:6820
- C:\Windows\System\kPpQOnz.exe
  C:\Windows\System\kPpQOnz.exe
  2⤵
  PID:6352
- C:\Windows\System\xLUKEkI.exe
  C:\Windows\System\xLUKEkI.exe
  2⤵
  PID:6932
- C:\Windows\System\KCDemxt.exe
  C:\Windows\System\KCDemxt.exe
  2⤵
  PID:6772
- C:\Windows\System\HwVxEqN.exe
  C:\Windows\System\HwVxEqN.exe
  2⤵
  PID:6924
- C:\Windows\System\UKowGIB.exe
  C:\Windows\System\UKowGIB.exe
  2⤵
  PID:6800
- C:\Windows\System\DImhfqn.exe
  C:\Windows\System\DImhfqn.exe
  2⤵
  PID:1544
- C:\Windows\System\NYyCNzK.exe
  C:\Windows\System\NYyCNzK.exe
  2⤵
  PID:7212
- C:\Windows\System\WZXkXmQ.exe
  C:\Windows\System\WZXkXmQ.exe
  2⤵
  PID:7232
- C:\Windows\System\renOTFS.exe
  C:\Windows\System\renOTFS.exe
  2⤵
  PID:7248
- C:\Windows\System\PzBieEq.exe
  C:\Windows\System\PzBieEq.exe
  2⤵
  PID:7268
- C:\Windows\System\dwtcliU.exe
  C:\Windows\System\dwtcliU.exe
  2⤵
  PID:7288
- C:\Windows\System\vSQOrSo.exe
  C:\Windows\System\vSQOrSo.exe
  2⤵
  PID:7308
- C:\Windows\System\yIPXNXS.exe
  C:\Windows\System\yIPXNXS.exe
  2⤵
  PID:7324
- C:\Windows\System\GKEwGmR.exe
  C:\Windows\System\GKEwGmR.exe
  2⤵
  PID:7340
- C:\Windows\System\wVgTfbj.exe
  C:\Windows\System\wVgTfbj.exe
  2⤵
  PID:7368
- C:\Windows\System\rBNTRNW.exe
  C:\Windows\System\rBNTRNW.exe
  2⤵
  PID:7384
- C:\Windows\System\reMvYEp.exe
  C:\Windows\System\reMvYEp.exe
  2⤵
  PID:7404
- C:\Windows\System\cgdFhsI.exe
  C:\Windows\System\cgdFhsI.exe
  2⤵
  PID:7424
- C:\Windows\System\rulvxqs.exe
  C:\Windows\System\rulvxqs.exe
  2⤵
  PID:7440
- C:\Windows\System\PqwISyG.exe
  C:\Windows\System\PqwISyG.exe
  2⤵
  PID:7476
- C:\Windows\System\kNNkrQy.exe
  C:\Windows\System\kNNkrQy.exe
  2⤵
  PID:7492
- C:\Windows\System\gHVFMDU.exe
  C:\Windows\System\gHVFMDU.exe
  2⤵
  PID:7508
- C:\Windows\System\SOpfNgw.exe
  C:\Windows\System\SOpfNgw.exe
  2⤵
  PID:7524
- C:\Windows\System\VbOKBTv.exe
  C:\Windows\System\VbOKBTv.exe
  2⤵
  PID:7540
- C:\Windows\System\oiyEPkl.exe
  C:\Windows\System\oiyEPkl.exe
  2⤵
  PID:7564
- C:\Windows\System\fNNOywx.exe
  C:\Windows\System\fNNOywx.exe
  2⤵
  PID:7596
- C:\Windows\System\khgnQFM.exe
  C:\Windows\System\khgnQFM.exe
  2⤵
  PID:7612
- C:\Windows\System\EmUzFkD.exe
  C:\Windows\System\EmUzFkD.exe
  2⤵
  PID:7628
- C:\Windows\System\iMeaIlT.exe
  C:\Windows\System\iMeaIlT.exe
  2⤵
  PID:7644
- C:\Windows\System\sADKjmw.exe
  C:\Windows\System\sADKjmw.exe
  2⤵
  PID:7672
- C:\Windows\System\pQUcIGx.exe
  C:\Windows\System\pQUcIGx.exe
  2⤵
  PID:7692
- C:\Windows\System\omlYjTI.exe
  C:\Windows\System\omlYjTI.exe
  2⤵
  PID:7716
- C:\Windows\System\ZkbwLQp.exe
  C:\Windows\System\ZkbwLQp.exe
  2⤵
  PID:7732
- C:\Windows\System\uUQrwal.exe
  C:\Windows\System\uUQrwal.exe
  2⤵
  PID:7748
- C:\Windows\System\irKWXKx.exe
  C:\Windows\System\irKWXKx.exe
  2⤵
  PID:7768
- C:\Windows\System\HHRplnK.exe
  C:\Windows\System\HHRplnK.exe
  2⤵
  PID:7784
- C:\Windows\System\BplvGnt.exe
  C:\Windows\System\BplvGnt.exe
  2⤵
  PID:7800
- C:\Windows\System\doRUPAo.exe
  C:\Windows\System\doRUPAo.exe
  2⤵
  PID:7816
- C:\Windows\System\ZZQGezL.exe
  C:\Windows\System\ZZQGezL.exe
  2⤵
  PID:7836
- C:\Windows\System\NNPqXbz.exe
  C:\Windows\System\NNPqXbz.exe
  2⤵
  PID:7852
- C:\Windows\System\WlfmJpe.exe
  C:\Windows\System\WlfmJpe.exe
  2⤵
  PID:7872
- C:\Windows\System\itWrpxC.exe
  C:\Windows\System\itWrpxC.exe
  2⤵
  PID:7888
- C:\Windows\System\FPnNbmT.exe
  C:\Windows\System\FPnNbmT.exe
  2⤵
  PID:7904
- C:\Windows\System\AXnmZJi.exe
  C:\Windows\System\AXnmZJi.exe
  2⤵
  PID:7920
- C:\Windows\System\SfkPuUh.exe
  C:\Windows\System\SfkPuUh.exe
  2⤵
  PID:7936
- C:\Windows\System\IbKecCe.exe
  C:\Windows\System\IbKecCe.exe
  2⤵
  PID:7952
- C:\Windows\System\gnySOnL.exe
  C:\Windows\System\gnySOnL.exe
  2⤵
  PID:7984
- C:\Windows\System\StyIpTU.exe
  C:\Windows\System\StyIpTU.exe
  2⤵
  PID:8008
- C:\Windows\System\vyasGHU.exe
  C:\Windows\System\vyasGHU.exe
  2⤵
  PID:8028
- C:\Windows\System\XmOkWnH.exe
  C:\Windows\System\XmOkWnH.exe
  2⤵
  PID:8080
- C:\Windows\System\oSTmuwU.exe
  C:\Windows\System\oSTmuwU.exe
  2⤵
  PID:8096
- C:\Windows\System\AKwcPaN.exe
  C:\Windows\System\AKwcPaN.exe
  2⤵
  PID:8112
- C:\Windows\System\enMkwUA.exe
  C:\Windows\System\enMkwUA.exe
  2⤵
  PID:8136
- C:\Windows\System\YzwgaGu.exe
  C:\Windows\System\YzwgaGu.exe
  2⤵
  PID:8156
- C:\Windows\System\TmqkiIV.exe
  C:\Windows\System\TmqkiIV.exe
  2⤵
  PID:8172
- C:\Windows\System\WKEwLeD.exe
  C:\Windows\System\WKEwLeD.exe
  2⤵
  PID:8188
- C:\Windows\System\WKBWWvC.exe
  C:\Windows\System\WKBWWvC.exe
  2⤵
  PID:6272
- C:\Windows\System\OoRMBMO.exe
  C:\Windows\System\OoRMBMO.exe
  2⤵
  PID:6392
- C:\Windows\System\EPfopzR.exe
  C:\Windows\System\EPfopzR.exe
  2⤵
  PID:6628
- C:\Windows\System\jtKbirx.exe
  C:\Windows\System\jtKbirx.exe
  2⤵
  PID:7068
- C:\Windows\System\RoJrWCt.exe
  C:\Windows\System\RoJrWCt.exe
  2⤵
  PID:6404
- C:\Windows\System\xJaohcz.exe
  C:\Windows\System\xJaohcz.exe
  2⤵
  PID:7224
- C:\Windows\System\vAyAnBK.exe
  C:\Windows\System\vAyAnBK.exe
  2⤵
  PID:7264
- C:\Windows\System\ZrerRtm.exe
  C:\Windows\System\ZrerRtm.exe
  2⤵
  PID:7332
- C:\Windows\System\TMomtEQ.exe
  C:\Windows\System\TMomtEQ.exe
  2⤵
  PID:7416
- C:\Windows\System\RxxQUHp.exe
  C:\Windows\System\RxxQUHp.exe
  2⤵
  PID:7284
- C:\Windows\System\KDkWLGa.exe
  C:\Windows\System\KDkWLGa.exe
  2⤵
  PID:7356
- C:\Windows\System\KFuvKMy.exe
  C:\Windows\System\KFuvKMy.exe
  2⤵
  PID:7392
- C:\Windows\System\EJwkCSl.exe
  C:\Windows\System\EJwkCSl.exe
  2⤵
  PID:7456
- C:\Windows\System\HGSPBZi.exe
  C:\Windows\System\HGSPBZi.exe
  2⤵
  PID:7472
- C:\Windows\System\QZeVQlS.exe
  C:\Windows\System\QZeVQlS.exe
  2⤵
  PID:7488
- C:\Windows\System\lEFwGNk.exe
  C:\Windows\System\lEFwGNk.exe
  2⤵
  PID:7516
- C:\Windows\System\hiQphLO.exe
  C:\Windows\System\hiQphLO.exe
  2⤵
  PID:7592
- C:\Windows\System\FMNMvsb.exe
  C:\Windows\System\FMNMvsb.exe
  2⤵
  PID:7640
- C:\Windows\System\iKIXcrg.exe
  C:\Windows\System\iKIXcrg.exe
  2⤵
  PID:7664
- C:\Windows\System\kZMkytV.exe
  C:\Windows\System\kZMkytV.exe
  2⤵
  PID:7700
- C:\Windows\System\XcNAeIx.exe
  C:\Windows\System\XcNAeIx.exe
  2⤵
  PID:7724
- C:\Windows\System\AqJPpZj.exe
  C:\Windows\System\AqJPpZj.exe
  2⤵
  PID:7808
- C:\Windows\System\nyNeWKa.exe
  C:\Windows\System\nyNeWKa.exe
  2⤵
  PID:7764
- C:\Windows\System\bIzydyI.exe
  C:\Windows\System\bIzydyI.exe
  2⤵
  PID:7828
- C:\Windows\System\OAxcNsm.exe
  C:\Windows\System\OAxcNsm.exe
  2⤵
  PID:7880
- C:\Windows\System\JwNuAoG.exe
  C:\Windows\System\JwNuAoG.exe
  2⤵
  PID:7944
- C:\Windows\System\PzVgJHz.exe
  C:\Windows\System\PzVgJHz.exe
  2⤵
  PID:7996
- C:\Windows\System\SzfXzZc.exe
  C:\Windows\System\SzfXzZc.exe
  2⤵
  PID:7960
- C:\Windows\System\RjRYURo.exe
  C:\Windows\System\RjRYURo.exe
  2⤵
  PID:7968
- C:\Windows\System\TYPmEIQ.exe
  C:\Windows\System\TYPmEIQ.exe
  2⤵
  PID:8020
- C:\Windows\System\kDCbdCn.exe
  C:\Windows\System\kDCbdCn.exe
  2⤵
  PID:8056
- C:\Windows\System\mWnsFzB.exe
  C:\Windows\System\mWnsFzB.exe
  2⤵
  PID:8076
- C:\Windows\System\BrHCpol.exe
  C:\Windows\System\BrHCpol.exe
  2⤵
  PID:8124
- C:\Windows\System\gLvSpgD.exe
  C:\Windows\System\gLvSpgD.exe
  2⤵
  PID:6368
- C:\Windows\System\QEXZTbD.exe
  C:\Windows\System\QEXZTbD.exe
  2⤵
  PID:6896
- C:\Windows\System\dnDTrRC.exe
  C:\Windows\System\dnDTrRC.exe
  2⤵
  PID:7188
- C:\Windows\System\Exeqccc.exe
  C:\Windows\System\Exeqccc.exe
  2⤵
  PID:7208
- C:\Windows\System\QusjvHF.exe
  C:\Windows\System\QusjvHF.exe
  2⤵
  PID:7300
- C:\Windows\System\saLWtLs.exe
  C:\Windows\System\saLWtLs.exe
  2⤵
  PID:7396
- C:\Windows\System\fKoJoFA.exe
  C:\Windows\System\fKoJoFA.exe
  2⤵
  PID:7320
- C:\Windows\System\xrLDPgA.exe
  C:\Windows\System\xrLDPgA.exe
  2⤵
  PID:7436
- C:\Windows\System\ZwdpoHH.exe
  C:\Windows\System\ZwdpoHH.exe
  2⤵
  PID:7276
- C:\Windows\System\uSILZKk.exe
  C:\Windows\System\uSILZKk.exe
  2⤵
  PID:7572
- C:\Windows\System\MTAdWhm.exe
  C:\Windows\System\MTAdWhm.exe
  2⤵
  PID:7608
- C:\Windows\System\KQjFsxE.exe
  C:\Windows\System\KQjFsxE.exe
  2⤵
  PID:7580
- C:\Windows\System\BQuCjyK.exe
  C:\Windows\System\BQuCjyK.exe
  2⤵
  PID:7624
- C:\Windows\System\ocQhhCD.exe
  C:\Windows\System\ocQhhCD.exe
  2⤵
  PID:7704
- C:\Windows\System\ZOqrwpZ.exe
  C:\Windows\System\ZOqrwpZ.exe
  2⤵
  PID:6504
- C:\Windows\System\vJrUatf.exe
  C:\Windows\System\vJrUatf.exe
  2⤵
  PID:7912
- C:\Windows\System\INTnolS.exe
  C:\Windows\System\INTnolS.exe
  2⤵
  PID:7932
- C:\Windows\System\JeQrMQn.exe
  C:\Windows\System\JeQrMQn.exe
  2⤵
  PID:8072
- C:\Windows\System\AYXPJCg.exe
  C:\Windows\System\AYXPJCg.exe
  2⤵
  PID:8168
- C:\Windows\System\uUOcfHV.exe
  C:\Windows\System\uUOcfHV.exe
  2⤵
  PID:7864
- C:\Windows\System\sQCLXLc.exe
  C:\Windows\System\sQCLXLc.exe
  2⤵
  PID:8052
- C:\Windows\System\hAVnTqs.exe
  C:\Windows\System\hAVnTqs.exe
  2⤵
  PID:8108
- C:\Windows\System\GoAlJRl.exe
  C:\Windows\System\GoAlJRl.exe
  2⤵
  PID:7296
- C:\Windows\System\PnkCpuP.exe
  C:\Windows\System\PnkCpuP.exe
  2⤵
  PID:7260
- C:\Windows\System\bzGOxqK.exe
  C:\Windows\System\bzGOxqK.exe
  2⤵
  PID:7560
- C:\Windows\System\BikpstK.exe
  C:\Windows\System\BikpstK.exe
  2⤵
  PID:7780
- C:\Windows\System\UHyGySh.exe
  C:\Windows\System\UHyGySh.exe
  2⤵
  PID:1084
- C:\Windows\System\pABKvRV.exe
  C:\Windows\System\pABKvRV.exe
  2⤵
  PID:7452
- C:\Windows\System\UeWiALM.exe
  C:\Windows\System\UeWiALM.exe
  2⤵
  PID:7280
- C:\Windows\System\pJbkngZ.exe
  C:\Windows\System\pJbkngZ.exe
  2⤵
  PID:7848
- C:\Windows\System\rwbGLRu.exe
  C:\Windows\System\rwbGLRu.exe
  2⤵
  PID:8048
- C:\Windows\System\RoxvMtu.exe
  C:\Windows\System\RoxvMtu.exe
  2⤵
  PID:8152
- C:\Windows\System\YqhKaNr.exe
  C:\Windows\System\YqhKaNr.exe
  2⤵
  PID:7684
- C:\Windows\System\XDYpDyB.exe
  C:\Windows\System\XDYpDyB.exe
  2⤵
  PID:7760
- C:\Windows\System\wMFzFTp.exe
  C:\Windows\System\wMFzFTp.exe
  2⤵
  PID:8104
- C:\Windows\System\aiGvzrf.exe
  C:\Windows\System\aiGvzrf.exe
  2⤵
  PID:7620
- C:\Windows\System\PLCIBHU.exe
  C:\Windows\System\PLCIBHU.exe
  2⤵
  PID:7196
- C:\Windows\System\vpbPius.exe
  C:\Windows\System\vpbPius.exe
  2⤵
  PID:7776
- C:\Windows\System\jzwKxFi.exe
  C:\Windows\System\jzwKxFi.exe
  2⤵
  PID:8044
- C:\Windows\System\QlRtcgZ.exe
  C:\Windows\System\QlRtcgZ.exe
  2⤵
  PID:7980
- C:\Windows\System\sCmCJdQ.exe
  C:\Windows\System\sCmCJdQ.exe
  2⤵
  PID:8040
- C:\Windows\System\qtnEWqU.exe
  C:\Windows\System\qtnEWqU.exe
  2⤵
  PID:6548
- C:\Windows\System\MdMYSaG.exe
  C:\Windows\System\MdMYSaG.exe
  2⤵
  PID:7108
- C:\Windows\System\rCXoMcK.exe
  C:\Windows\System\rCXoMcK.exe
  2⤵
  PID:7668
- C:\Windows\System\jOouDGu.exe
  C:\Windows\System\jOouDGu.exe
  2⤵
  PID:7756
- C:\Windows\System\KmaIknI.exe
  C:\Windows\System\KmaIknI.exe
  2⤵
  PID:1612
- C:\Windows\System\yURedij.exe
  C:\Windows\System\yURedij.exe
  2⤵
  PID:6972
- C:\Windows\System\AWvPVBr.exe
  C:\Windows\System\AWvPVBr.exe
  2⤵
  PID:8004
- C:\Windows\System\NQxGdoO.exe
  C:\Windows\System\NQxGdoO.exe
  2⤵
  PID:8208
- C:\Windows\System\JtEAJdE.exe
  C:\Windows\System\JtEAJdE.exe
  2⤵
  PID:8232
- C:\Windows\System\joxxLRk.exe
  C:\Windows\System\joxxLRk.exe
  2⤵
  PID:8248
- C:\Windows\System\zSjJQVS.exe
  C:\Windows\System\zSjJQVS.exe
  2⤵
  PID:8264
- C:\Windows\System\rIoTjjR.exe
  C:\Windows\System\rIoTjjR.exe
  2⤵
  PID:8288
- C:\Windows\System\lhSZdCq.exe
  C:\Windows\System\lhSZdCq.exe
  2⤵
  PID:8308
- C:\Windows\System\BsEWEdR.exe
  C:\Windows\System\BsEWEdR.exe
  2⤵
  PID:8324
- C:\Windows\System\GAHvJqr.exe
  C:\Windows\System\GAHvJqr.exe
  2⤵
  PID:8340
- C:\Windows\System\dvVvMRf.exe
  C:\Windows\System\dvVvMRf.exe
  2⤵
  PID:8368
- C:\Windows\System\ZFUjsEH.exe
  C:\Windows\System\ZFUjsEH.exe
  2⤵
  PID:8384
- C:\Windows\System\ULfTlJI.exe
  C:\Windows\System\ULfTlJI.exe
  2⤵
  PID:8408
- C:\Windows\System\OnhXunM.exe
  C:\Windows\System\OnhXunM.exe
  2⤵
  PID:8432
- C:\Windows\System\XxCNocv.exe
  C:\Windows\System\XxCNocv.exe
  2⤵
  PID:8452
- C:\Windows\System\NvDnvAs.exe
  C:\Windows\System\NvDnvAs.exe
  2⤵
  PID:8468
- C:\Windows\System\vWbjLhX.exe
  C:\Windows\System\vWbjLhX.exe
  2⤵
  PID:8488
- C:\Windows\System\SNDiaDY.exe
  C:\Windows\System\SNDiaDY.exe
  2⤵
  PID:8508
- C:\Windows\System\gopuxyS.exe
  C:\Windows\System\gopuxyS.exe
  2⤵
  PID:8532
- C:\Windows\System\ZIEklIW.exe
  C:\Windows\System\ZIEklIW.exe
  2⤵
  PID:8556
- C:\Windows\System\RLXLLPf.exe
  C:\Windows\System\RLXLLPf.exe
  2⤵
  PID:8576
- C:\Windows\System\UJjydPn.exe
  C:\Windows\System\UJjydPn.exe
  2⤵
  PID:8600
- C:\Windows\System\tYgGeDG.exe
  C:\Windows\System\tYgGeDG.exe
  2⤵
  PID:8616
- C:\Windows\System\KuujDUB.exe
  C:\Windows\System\KuujDUB.exe
  2⤵
  PID:8636
- C:\Windows\System\nzNfAmU.exe
  C:\Windows\System\nzNfAmU.exe
  2⤵
  PID:8652
- C:\Windows\System\iCBbjHQ.exe
  C:\Windows\System\iCBbjHQ.exe
  2⤵
  PID:8680
- C:\Windows\System\YauvukP.exe
  C:\Windows\System\YauvukP.exe
  2⤵
  PID:8696
- C:\Windows\System\yWAJKRk.exe
  C:\Windows\System\yWAJKRk.exe
  2⤵
  PID:8724
- C:\Windows\System\nyQUcYF.exe
  C:\Windows\System\nyQUcYF.exe
  2⤵
  PID:8744
- C:\Windows\System\jVJLgXM.exe
  C:\Windows\System\jVJLgXM.exe
  2⤵
  PID:8760
- C:\Windows\System\SCVrqiH.exe
  C:\Windows\System\SCVrqiH.exe
  2⤵
  PID:8776
- C:\Windows\System\ZmwAufu.exe
  C:\Windows\System\ZmwAufu.exe
  2⤵
  PID:8792
- C:\Windows\System\HkDVBSj.exe
  C:\Windows\System\HkDVBSj.exe
  2⤵
  PID:8812
- C:\Windows\System\FyhFiLP.exe
  C:\Windows\System\FyhFiLP.exe
  2⤵
  PID:8844
- C:\Windows\System\TkJvgxU.exe
  C:\Windows\System\TkJvgxU.exe
  2⤵
  PID:8864
- C:\Windows\System\mxMDdor.exe
  C:\Windows\System\mxMDdor.exe
  2⤵
  PID:8880
- C:\Windows\System\HQQAStR.exe
  C:\Windows\System\HQQAStR.exe
  2⤵
  PID:8896
- C:\Windows\System\SvPFxyf.exe
  C:\Windows\System\SvPFxyf.exe
  2⤵
  PID:8912
- C:\Windows\System\RmwSxui.exe
  C:\Windows\System\RmwSxui.exe
  2⤵
  PID:8928
- C:\Windows\System\tbsQBPI.exe
  C:\Windows\System\tbsQBPI.exe
  2⤵
  PID:8956
- C:\Windows\System\WcfUEmb.exe
  C:\Windows\System\WcfUEmb.exe
  2⤵
  PID:8988
- C:\Windows\System\fNvyKUf.exe
  C:\Windows\System\fNvyKUf.exe
  2⤵
  PID:9008
- C:\Windows\System\KDqzaNE.exe
  C:\Windows\System\KDqzaNE.exe
  2⤵
  PID:9028
- C:\Windows\System\LioYRQP.exe
  C:\Windows\System\LioYRQP.exe
  2⤵
  PID:9044
- C:\Windows\System\wezjTGc.exe
  C:\Windows\System\wezjTGc.exe
  2⤵
  PID:9060
- C:\Windows\System\UQfEfXk.exe
  C:\Windows\System\UQfEfXk.exe
  2⤵
  PID:9080
- C:\Windows\System\wJTigSZ.exe
  C:\Windows\System\wJTigSZ.exe
  2⤵
  PID:9096
- C:\Windows\System\FKAPVFE.exe
  C:\Windows\System\FKAPVFE.exe
  2⤵
  PID:9112
- C:\Windows\System\qOvuMOS.exe
  C:\Windows\System\qOvuMOS.exe
  2⤵
  PID:9136
- C:\Windows\System\NioSddJ.exe
  C:\Windows\System\NioSddJ.exe
  2⤵
  PID:9156
- C:\Windows\System\qqJkRix.exe
  C:\Windows\System\qqJkRix.exe
  2⤵
  PID:9188
- C:\Windows\System\unBLRYo.exe
  C:\Windows\System\unBLRYo.exe
  2⤵
  PID:9208
- C:\Windows\System\QxUXpLP.exe
  C:\Windows\System\QxUXpLP.exe
  2⤵
  PID:532
- C:\Windows\System\DorvBwr.exe
  C:\Windows\System\DorvBwr.exe
  2⤵
  PID:7656
- C:\Windows\System\DadtYPd.exe
  C:\Windows\System\DadtYPd.exe
  2⤵
  PID:8224
- C:\Windows\System\XpENmEo.exe
  C:\Windows\System\XpENmEo.exe
  2⤵
  PID:8276
- C:\Windows\System\WMswFHn.exe
  C:\Windows\System\WMswFHn.exe
  2⤵
  PID:8320
- C:\Windows\System\FPEWRSL.exe
  C:\Windows\System\FPEWRSL.exe
  2⤵
  PID:8256
- C:\Windows\System\ixzQLRh.exe
  C:\Windows\System\ixzQLRh.exe
  2⤵
  PID:8356
- C:\Windows\System\XLEHlkp.exe
  C:\Windows\System\XLEHlkp.exe
  2⤵
  PID:8396
- C:\Windows\System\BLdBLqf.exe
  C:\Windows\System\BLdBLqf.exe
  2⤵
  PID:8376
- C:\Windows\System\ZqzjuLi.exe
  C:\Windows\System\ZqzjuLi.exe
  2⤵
  PID:8440
- C:\Windows\System\FJMvfeK.exe
  C:\Windows\System\FJMvfeK.exe
  2⤵
  PID:8484
- C:\Windows\System\jgevJuQ.exe
  C:\Windows\System\jgevJuQ.exe
  2⤵
  PID:8524
- C:\Windows\System\YUXVDmj.exe
  C:\Windows\System\YUXVDmj.exe
  2⤵
  PID:2328
- C:\Windows\System\lPsuJUM.exe
  C:\Windows\System\lPsuJUM.exe
  2⤵
  PID:320
- C:\Windows\System\tDdfYVr.exe
  C:\Windows\System\tDdfYVr.exe
  2⤵
  PID:8584
- C:\Windows\System\BETvRbc.exe
  C:\Windows\System\BETvRbc.exe
  2⤵
  PID:8644
- C:\Windows\System\ShVlYCO.exe
  C:\Windows\System\ShVlYCO.exe
  2⤵
  PID:8648
- C:\Windows\System\KDMRrzS.exe
  C:\Windows\System\KDMRrzS.exe
  2⤵
  PID:8592
- C:\Windows\System\yuRlZUn.exe
  C:\Windows\System\yuRlZUn.exe
  2⤵
  PID:8712
- C:\Windows\System\TonEGDV.exe
  C:\Windows\System\TonEGDV.exe
  2⤵
  PID:8736
- C:\Windows\System\cUWXPDi.exe
  C:\Windows\System\cUWXPDi.exe
  2⤵
  PID:8784
- C:\Windows\System\mMkTsrl.exe
  C:\Windows\System\mMkTsrl.exe
  2⤵
  PID:8804
- C:\Windows\System\HUWgqfJ.exe
  C:\Windows\System\HUWgqfJ.exe
  2⤵
  PID:8832
- C:\Windows\System\rYForzq.exe
  C:\Windows\System\rYForzq.exe
  2⤵
  PID:8856
- C:\Windows\System\wyGCMZa.exe
  C:\Windows\System\wyGCMZa.exe
  2⤵
  PID:8888
- C:\Windows\System\miwnJlK.exe
  C:\Windows\System\miwnJlK.exe
  2⤵
  PID:8952
- C:\Windows\System\IXIVOHD.exe
  C:\Windows\System\IXIVOHD.exe
  2⤵
  PID:8968
- C:\Windows\System\tWQqZjc.exe
  C:\Windows\System\tWQqZjc.exe
  2⤵
  PID:8996
- C:\Windows\System\afsrFlE.exe
  C:\Windows\System\afsrFlE.exe
  2⤵
  PID:9036
- C:\Windows\System\tzgHHkM.exe
  C:\Windows\System\tzgHHkM.exe
  2⤵
  PID:9092
- C:\Windows\System\XPzyaQE.exe
  C:\Windows\System\XPzyaQE.exe
  2⤵
  PID:9124
- C:\Windows\System\rAXlOzu.exe
  C:\Windows\System\rAXlOzu.exe
  2⤵
  PID:9108
- C:\Windows\System\hGCGEWW.exe
  C:\Windows\System\hGCGEWW.exe
  2⤵
  PID:9164
- C:\Windows\System\AboWfLT.exe
  C:\Windows\System\AboWfLT.exe
  2⤵
  PID:9172
- C:\Windows\System\ngJqhFb.exe
  C:\Windows\System\ngJqhFb.exe
  2⤵
  PID:8196
- C:\Windows\System\ItlvNCl.exe
  C:\Windows\System\ItlvNCl.exe
  2⤵
  PID:8216
- C:\Windows\System\gMIzIqR.exe
  C:\Windows\System\gMIzIqR.exe
  2⤵
  PID:8284
- C:\Windows\System\UjFxKJz.exe
  C:\Windows\System\UjFxKJz.exe
  2⤵
  PID:8272
- C:\Windows\System\tPYBYNO.exe
  C:\Windows\System\tPYBYNO.exe
  2⤵
  PID:8460
- C:\Windows\System\QHOprvT.exe
  C:\Windows\System\QHOprvT.exe
  2⤵
  PID:8520
- C:\Windows\System\KTXXbcR.exe
  C:\Windows\System\KTXXbcR.exe
  2⤵
  PID:8428
- C:\Windows\System\qkCEemT.exe
  C:\Windows\System\qkCEemT.exe
  2⤵
  PID:8496
- C:\Windows\System\ZEaAcdB.exe
  C:\Windows\System\ZEaAcdB.exe
  2⤵
  PID:2316
- C:\Windows\System\GSgKEIk.exe
  C:\Windows\System\GSgKEIk.exe
  2⤵
  PID:8708
- C:\Windows\System\hvKtMNc.exe
  C:\Windows\System\hvKtMNc.exe
  2⤵
  PID:8772
- C:\Windows\System\AfpapQQ.exe
  C:\Windows\System\AfpapQQ.exe
  2⤵
  PID:8920
- C:\Windows\System\UiHKiuI.exe
  C:\Windows\System\UiHKiuI.exe
  2⤵
  PID:8840
- C:\Windows\System\YohUJeg.exe
  C:\Windows\System\YohUJeg.exe
  2⤵
  PID:8852
- C:\Windows\System\pnoExAX.exe
  C:\Windows\System\pnoExAX.exe
  2⤵
  PID:8948
- C:\Windows\System\hFKRtWn.exe
  C:\Windows\System\hFKRtWn.exe
  2⤵
  PID:8984
- C:\Windows\System\DAYrnQw.exe
  C:\Windows\System\DAYrnQw.exe
  2⤵
  PID:9132
- C:\Windows\System\ApIQAUF.exe
  C:\Windows\System\ApIQAUF.exe
  2⤵
  PID:9176
- C:\Windows\System\gNRsmVA.exe
  C:\Windows\System\gNRsmVA.exe
  2⤵
  PID:9144
- C:\Windows\System\knBTLYK.exe
  C:\Windows\System\knBTLYK.exe
  2⤵
  PID:8120
- C:\Windows\System\JBTjkNL.exe
  C:\Windows\System\JBTjkNL.exe
  2⤵
  PID:8148
- C:\Windows\System\anqilDl.exe
  C:\Windows\System\anqilDl.exe
  2⤵
  PID:8260
- C:\Windows\System\iwpzwfi.exe
  C:\Windows\System\iwpzwfi.exe
  2⤵
  PID:8540
- C:\Windows\System\lOFlhdt.exe
  C:\Windows\System\lOFlhdt.exe
  2⤵
  PID:8632
- C:\Windows\System\WyOvIUr.exe
  C:\Windows\System\WyOvIUr.exe
  2⤵
  PID:8628
- C:\Windows\System\lOxOIqR.exe
  C:\Windows\System\lOxOIqR.exe
  2⤵
  PID:8624
- C:\Windows\System\RBeXHWO.exe
  C:\Windows\System\RBeXHWO.exe
  2⤵
  PID:8752
- C:\Windows\System\CERqdId.exe
  C:\Windows\System\CERqdId.exe
  2⤵
  PID:8800
- C:\Windows\System\LMtpNFq.exe
  C:\Windows\System\LMtpNFq.exe
  2⤵
  PID:9020
- C:\Windows\System\zgDzGob.exe
  C:\Windows\System\zgDzGob.exe
  2⤵
  PID:9000
- C:\Windows\System\AJMKrsD.exe
  C:\Windows\System\AJMKrsD.exe
  2⤵
  PID:9088
- C:\Windows\System\GbAqfrJ.exe
  C:\Windows\System\GbAqfrJ.exe
  2⤵
  PID:9148
- C:\Windows\System\kOSBmHu.exe
  C:\Windows\System\kOSBmHu.exe
  2⤵
  PID:8448
- C:\Windows\System\pfxsMSS.exe
  C:\Windows\System\pfxsMSS.exe
  2⤵
  PID:2120
- C:\Windows\System\aKyDkwr.exe
  C:\Windows\System\aKyDkwr.exe
  2⤵
  PID:8612
- C:\Windows\System\YhJNuLc.exe
  C:\Windows\System\YhJNuLc.exe
  2⤵
  PID:8716
- C:\Windows\System\LLYWuFs.exe
  C:\Windows\System\LLYWuFs.exe
  2⤵
  PID:8820
- C:\Windows\System\qKXovBb.exe
  C:\Windows\System\qKXovBb.exe
  2⤵
  PID:8740
- C:\Windows\System\BfbmZWz.exe
  C:\Windows\System\BfbmZWz.exe
  2⤵
  PID:8092
- C:\Windows\System\mlvmayc.exe
  C:\Windows\System\mlvmayc.exe
  2⤵
  PID:8380
- C:\Windows\System\YSmuHtd.exe
  C:\Windows\System\YSmuHtd.exe
  2⤵
  PID:8568
- C:\Windows\System\vaadrVq.exe
  C:\Windows\System\vaadrVq.exe
  2⤵
  PID:8572
- C:\Windows\System\StHyMQf.exe
  C:\Windows\System\StHyMQf.exe
  2⤵
  PID:8964
- C:\Windows\System\ONMyLTB.exe
  C:\Windows\System\ONMyLTB.exe
  2⤵
  PID:8300
- C:\Windows\System\UclgQqf.exe
  C:\Windows\System\UclgQqf.exe
  2⤵
  PID:8504
- C:\Windows\System\KQQftPN.exe
  C:\Windows\System\KQQftPN.exe
  2⤵
  PID:9024
- C:\Windows\System\UBNZLfR.exe
  C:\Windows\System\UBNZLfR.exe
  2⤵
  PID:8392
- C:\Windows\System\xujOPBj.exe
  C:\Windows\System\xujOPBj.exe
  2⤵
  PID:8924
- C:\Windows\System\bRZNmPZ.exe
  C:\Windows\System\bRZNmPZ.exe
  2⤵
  PID:9200
- C:\Windows\System\jVhykQK.exe
  C:\Windows\System\jVhykQK.exe
  2⤵
  PID:9236
- C:\Windows\System\ZBvXdcM.exe
  C:\Windows\System\ZBvXdcM.exe
  2⤵
  PID:9256
- C:\Windows\System\IUHFTjD.exe
  C:\Windows\System\IUHFTjD.exe
  2⤵
  PID:9276
- C:\Windows\System\lXCwoJS.exe
  C:\Windows\System\lXCwoJS.exe
  2⤵
  PID:9292
- C:\Windows\System\TvzOUsy.exe
  C:\Windows\System\TvzOUsy.exe
  2⤵
  PID:9312
- C:\Windows\System\RLucgTe.exe
  C:\Windows\System\RLucgTe.exe
  2⤵
  PID:9332
- C:\Windows\System\hgYpoMa.exe
  C:\Windows\System\hgYpoMa.exe
  2⤵
  PID:9356
- C:\Windows\System\WGsbHAL.exe
  C:\Windows\System\WGsbHAL.exe
  2⤵
  PID:9376
- C:\Windows\System\wTdVRKO.exe
  C:\Windows\System\wTdVRKO.exe
  2⤵
  PID:9396
- C:\Windows\System\aEEiWlu.exe
  C:\Windows\System\aEEiWlu.exe
  2⤵
  PID:9416
- C:\Windows\System\xCICOoQ.exe
  C:\Windows\System\xCICOoQ.exe
  2⤵
  PID:9436
- C:\Windows\System\SlFpIaI.exe
  C:\Windows\System\SlFpIaI.exe
  2⤵
  PID:9460
- C:\Windows\System\qFsEPIJ.exe
  C:\Windows\System\qFsEPIJ.exe
  2⤵
  PID:9476
- C:\Windows\System\UPJGKib.exe
  C:\Windows\System\UPJGKib.exe
  2⤵
  PID:9500
- C:\Windows\System\UAdJesW.exe
  C:\Windows\System\UAdJesW.exe
  2⤵
  PID:9520
- C:\Windows\System\KgZQOSU.exe
  C:\Windows\System\KgZQOSU.exe
  2⤵
  PID:9536
- C:\Windows\System\YHtTqYC.exe
  C:\Windows\System\YHtTqYC.exe
  2⤵
  PID:9556
- C:\Windows\System\veGNWQR.exe
  C:\Windows\System\veGNWQR.exe
  2⤵
  PID:9572
- C:\Windows\System\sLQNANn.exe
  C:\Windows\System\sLQNANn.exe
  2⤵
  PID:9588
- C:\Windows\System\SaFyMQG.exe
  C:\Windows\System\SaFyMQG.exe
  2⤵
  PID:9612
- C:\Windows\System\vlrXGzH.exe
  C:\Windows\System\vlrXGzH.exe
  2⤵
  PID:9628
- C:\Windows\System\snftLAI.exe
  C:\Windows\System\snftLAI.exe
  2⤵
  PID:9652
- C:\Windows\System\JyYxYWU.exe
  C:\Windows\System\JyYxYWU.exe
  2⤵
  PID:9668
- C:\Windows\System\YTlANTH.exe
  C:\Windows\System\YTlANTH.exe
  2⤵
  PID:9684
- C:\Windows\System\CNQwDaz.exe
  C:\Windows\System\CNQwDaz.exe
  2⤵
  PID:9700
- C:\Windows\System\YuXvezi.exe
  C:\Windows\System\YuXvezi.exe
  2⤵
  PID:9716
- C:\Windows\System\MtIirkR.exe
  C:\Windows\System\MtIirkR.exe
  2⤵
  PID:9732
- C:\Windows\System\cHedEYr.exe
  C:\Windows\System\cHedEYr.exe
  2⤵
  PID:9752
- C:\Windows\System\opJDwsA.exe
  C:\Windows\System\opJDwsA.exe
  2⤵
  PID:9780
- C:\Windows\System\XMQcMjQ.exe
  C:\Windows\System\XMQcMjQ.exe
  2⤵
  PID:9800
- C:\Windows\System\TOExRvK.exe
  C:\Windows\System\TOExRvK.exe
  2⤵
  PID:9824
- C:\Windows\System\DjLZvIe.exe
  C:\Windows\System\DjLZvIe.exe
  2⤵
  PID:9868
- C:\Windows\System\yxzcAJx.exe
  C:\Windows\System\yxzcAJx.exe
  2⤵
  PID:9884
- C:\Windows\System\fexSzby.exe
  C:\Windows\System\fexSzby.exe
  2⤵
  PID:9904
- C:\Windows\System\nOpuzbu.exe
  C:\Windows\System\nOpuzbu.exe
  2⤵
  PID:9924
- C:\Windows\System\mqDTLmF.exe
  C:\Windows\System\mqDTLmF.exe
  2⤵
  PID:9944
- C:\Windows\System\CpVFora.exe
  C:\Windows\System\CpVFora.exe
  2⤵
  PID:9960
- C:\Windows\System\wxzYjMx.exe
  C:\Windows\System\wxzYjMx.exe
  2⤵
  PID:9980
- C:\Windows\System\yTzBHkN.exe
  C:\Windows\System\yTzBHkN.exe
  2⤵
  PID:10000
- C:\Windows\System\hLCWDhR.exe
  C:\Windows\System\hLCWDhR.exe
  2⤵
  PID:10020
- C:\Windows\System\bkDBYUk.exe
  C:\Windows\System\bkDBYUk.exe
  2⤵
  PID:10036
- C:\Windows\System\OlTelVu.exe
  C:\Windows\System\OlTelVu.exe
  2⤵
  PID:10064
- C:\Windows\System\RbUckqZ.exe
  C:\Windows\System\RbUckqZ.exe
  2⤵
  PID:10084
- C:\Windows\System\npZCJcF.exe
  C:\Windows\System\npZCJcF.exe
  2⤵
  PID:10100
- C:\Windows\System\MhvUhbX.exe
  C:\Windows\System\MhvUhbX.exe
  2⤵
  PID:10120
- C:\Windows\System\KgfJpmp.exe
  C:\Windows\System\KgfJpmp.exe
  2⤵
  PID:10136
- C:\Windows\System\hyBlTql.exe
  C:\Windows\System\hyBlTql.exe
  2⤵
  PID:10152
- C:\Windows\System\BKYtDBb.exe
  C:\Windows\System\BKYtDBb.exe
  2⤵
  PID:10168
- C:\Windows\System\TEPWGAX.exe
  C:\Windows\System\TEPWGAX.exe
  2⤵
  PID:10208
- C:\Windows\System\jVjTWkk.exe
  C:\Windows\System\jVjTWkk.exe
  2⤵
  PID:10224
- C:\Windows\System\okItlTq.exe
  C:\Windows\System\okItlTq.exe
  2⤵
  PID:9224
- C:\Windows\System\boWDiGm.exe
  C:\Windows\System\boWDiGm.exe
  2⤵
  PID:9244
- C:\Windows\System\dSMDQNN.exe
  C:\Windows\System\dSMDQNN.exe
  2⤵
  PID:9284
- C:\Windows\System\paBqQaZ.exe
  C:\Windows\System\paBqQaZ.exe
  2⤵
  PID:9308
- C:\Windows\System\TffYvOo.exe
  C:\Windows\System\TffYvOo.exe
  2⤵
  PID:9372
- C:\Windows\System\krDKGGh.exe
  C:\Windows\System\krDKGGh.exe
  2⤵
  PID:9352
- C:\Windows\System\ruqSHVK.exe
  C:\Windows\System\ruqSHVK.exe
  2⤵
  PID:9392
- C:\Windows\System\ebasYCX.exe
  C:\Windows\System\ebasYCX.exe
  2⤵
  PID:9424
- C:\Windows\System\FbFdxsC.exe
  C:\Windows\System\FbFdxsC.exe
  2⤵
  PID:9468
- C:\Windows\System\CbVNVIQ.exe
  C:\Windows\System\CbVNVIQ.exe
  2⤵
  PID:9508
- C:\Windows\System\YRGdzNR.exe
  C:\Windows\System\YRGdzNR.exe
  2⤵
  PID:9596
- C:\Windows\System\BvGZfBr.exe
  C:\Windows\System\BvGZfBr.exe
  2⤵
  PID:9636
- C:\Windows\System\OBVBAsf.exe
  C:\Windows\System\OBVBAsf.exe
  2⤵
  PID:9680
- C:\Windows\System\lUayixH.exe
  C:\Windows\System\lUayixH.exe
  2⤵
  PID:9748
- C:\Windows\System\nhSEKOQ.exe
  C:\Windows\System\nhSEKOQ.exe
  2⤵
  PID:9548
- C:\Windows\System\yvaoJzS.exe
  C:\Windows\System\yvaoJzS.exe
  2⤵
  PID:9796
- C:\Windows\System\jtUJMtN.exe
  C:\Windows\System\jtUJMtN.exe
  2⤵
  PID:9848
- C:\Windows\System\WGSUQwV.exe
  C:\Windows\System\WGSUQwV.exe
  2⤵
  PID:9812
- C:\Windows\System\EXMyVkq.exe
  C:\Windows\System\EXMyVkq.exe
  2⤵
  PID:9764
- C:\Windows\System\kzKeZUd.exe
  C:\Windows\System\kzKeZUd.exe
  2⤵
  PID:9768
- C:\Windows\System\zIwcJHp.exe
  C:\Windows\System\zIwcJHp.exe
  2⤵
  PID:9892
- C:\Windows\System\etOrwcn.exe
  C:\Windows\System\etOrwcn.exe
  2⤵
  PID:9912
- C:\Windows\System\eeWQKzC.exe
  C:\Windows\System\eeWQKzC.exe
  2⤵
  PID:9976
- C:\Windows\System\UiWhZyU.exe
  C:\Windows\System\UiWhZyU.exe
  2⤵
  PID:9956
- C:\Windows\System\GBCPVfU.exe
  C:\Windows\System\GBCPVfU.exe
  2⤵
  PID:9992
- C:\Windows\System\ApDDsla.exe
  C:\Windows\System\ApDDsla.exe
  2⤵
  PID:10028
- C:\Windows\System\mjMsyxt.exe
  C:\Windows\System\mjMsyxt.exe
  2⤵
  PID:10072
- C:\Windows\System\OnRYlKS.exe
  C:\Windows\System\OnRYlKS.exe
  2⤵
  PID:10096
- C:\Windows\System\ignjjVD.exe
  C:\Windows\System\ignjjVD.exe
  2⤵
  PID:10164
- C:\Windows\System\WcLkPRN.exe
  C:\Windows\System\WcLkPRN.exe
  2⤵
  PID:10176
- C:\Windows\System\HHgnTTp.exe
  C:\Windows\System\HHgnTTp.exe
  2⤵
  PID:10200
- C:\Windows\System\WJlIcRC.exe
  C:\Windows\System\WJlIcRC.exe
  2⤵
  PID:10216
- C:\Windows\System\stAedkr.exe
  C:\Windows\System\stAedkr.exe
  2⤵
  PID:9248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CFzzLnu.exe

Filesize
6.0MB

MD5
c3ef2d68948a7296072a4dd65651b8bd

SHA1
9c688e43674beff69f6fd3a44af02e6fb33769cc

SHA256
574170dd879a2a81d0b4726befc387ba9e396178ff398c810c63fd8daad0a364

SHA512
01868a45ddeb1f5553df44096525af88f5805eeede23c46d77fe9fc863f9c82ef6ee6935737831e3f5fa4ad1efd9a83625351bdca46766e7d55dfc0cefb42b0d

Download Submit
C:\Windows\system\ErQmWFN.exe

Filesize
6.0MB

MD5
5821674649c615e5a063f2e2de3ecc17

SHA1
a4d1819da1b10ea50bbcc1e2262a0560584df125

SHA256
2847d1bf3679016360fbf894bf2ead0ad874f3bd47c4f9e5082e4cebbfb62988

SHA512
bc0f0ff18a46a0287074bdd6184aa8a79df5e56c4b0038aadce7c329099ac4c4be5183777370b55f9c58d275fb987a4121f2270ef83ec427583ff5e80eaf51a5

Download Submit
C:\Windows\system\FYAAWlC.exe

Filesize
6.0MB

MD5
7cd5418f5132e87cda25ef6e92b2abc6

SHA1
dabd455d12f2e2274b269673bd584f592deb682f

SHA256
5867d5ee6fbb33d220a7867aede296d7856219ae3335d848016cf4c9e9531e68

SHA512
ed1c2d49f2b2d8e9a9309438c1c834523edb2fb30bfecbd7b0fc6d766802de8c20f47ef62bd9472cc5f083ec250e8dd27263f31e76107ee7405651f79fa40594

Download Submit
C:\Windows\system\HhzBxda.exe

Filesize
6.0MB

MD5
0ef1ed115ca928ab6b9908b836a53b68

SHA1
f4ec475b1f24dafac985c0c88d57f04d3883e62d

SHA256
bfa31a55ba33e374754bfb4b9bdf60c1a39fe8fab81419e0e68d55bc08befcd3

SHA512
aa988409bd78be9f9dc95db80f5330548e9c5e44abc339ac16339f7b13a5fa5464e658f645e45e4918592205edb527b274621ace991e35df9fc730d25fd51176

Download Submit
C:\Windows\system\IYTFqGD.exe

Filesize
6.0MB

MD5
eb610aca52a668edbaf1f331496a0ae1

SHA1
6381b5f63e03e4b89147a510a99188b0d89a8049

SHA256
3cf41a3a59fce37cee94f96307f0ac41c1b0e71d4b0117f2feec66786f58aa00

SHA512
7926b30168dd8d67184d9bae166643f0663f1d12731aa9a5b2bec31a1a1fd21cbc3089f0b5c4ee8146d07be8fcd78fa9dcbc235646bd0d7ab9c0146259fbacb9

Download Submit
C:\Windows\system\IZpduZZ.exe

Filesize
6.0MB

MD5
79675954cd930bd7607c57dc20452b31

SHA1
1e560a1acaf2101d42af41a1dfc1c9707d5e3e80

SHA256
958d923416158949b099daa11169d7f1506e15236bf2cb872f528447bbe8955b

SHA512
068f759c3415822edffe1590cb20bed072ea8d07ba917fe0eb88a579ddafdbd9ad51020b986cb1c666b2e64f1bcd4f1bd12cc5d9b938a2ceaba3f690c94e3eca

Download Submit
C:\Windows\system\MAqrvPj.exe

Filesize
6.0MB

MD5
d847379b559f98216875983f261bd701

SHA1
8602b0a8e14ee0ec97f736061678211184ecc231

SHA256
2fc97287f2c7839290dd236bb602e51168b6468631f2bf7aa38b91fe6455f892

SHA512
566754f392a70633c12d4fc4cd3f4a80188b18b707c8fcaf49db6a581daa06bf2036957e8ef77815cb7035bd759ffbb2c2f37e3217d53b32fc9d75b416815160

Download Submit
C:\Windows\system\MgFWjWH.exe

Filesize
6.0MB

MD5
178cb8a4fecfafcc63dfaec65abc997c

SHA1
aa72dff2473ef99602ad236f57348ad99624aea2

SHA256
399deb769dbff3013564e94f04c9fc63e8a73dc930384347519e248655bb0624

SHA512
567f88c5f43afb0aa271d286ed248ccd580d605baee63f6dbb539cea82d1bb42dc74e91fb5d7768394cc52390b3633f184cc14b8a5a89085eafb9c8eb2136d6a

Download Submit
C:\Windows\system\OkDFeSZ.exe

Filesize
6.0MB

MD5
4e648cad252491d1e43ee6e7090fa3be

SHA1
ebd952c51eeb3adf833776fc8de6fcb5d65530be

SHA256
cbf2fe44edbbbbc0b3a500c71af7502a292ad50201bd9f2862de61ca8b60e4a1

SHA512
e25489ca5d942f2982f1fb3095c9efae12a7b083295b06dd41312291f81054396c9e6d2c82ce8144676f7980ba1b268d5dae2f4f7a281a8b876ead1de530a775

Download Submit
C:\Windows\system\PPQcePL.exe

Filesize
6.0MB

MD5
66a185c0b44aaa6c95b627d9d1442eb0

SHA1
fe5f7de2c5d5c91fd3b843f960fe78eae1cfc1a3

SHA256
bc3cb31a25db0c50d2a9a7e02cfb8b194fad3b73639cffeb5a90b46a3a0d06cc

SHA512
a18063e47ccdf81d2519c9beb7291f9c6394fa408002ba845b00148538a1c9c1611d38a3704270d6d9c0bb5d4b0916b086dffc506e5b935620e7fbef0e8b9ba3

Download Submit
C:\Windows\system\PtiFZrH.exe

Filesize
6.0MB

MD5
b6e195908ef1958ecfe1133f1f4a46c3

SHA1
5d2d587fee118a3ebe473b26c8e0005a293a0f68

SHA256
930fbdae25c613239a330be6a88fae205ce04f6da20c36bb1e0c3cd0510c055a

SHA512
04e2211029192fb258e262542baf881be8025f054d7c0eac0c02bc18f47a63d7e6b893bc98ca88a1353bbb8f0a660ea773c91539d88602b51a7ae04cd899524a

Download Submit
C:\Windows\system\QAQhJSD.exe

Filesize
6.0MB

MD5
c3e81e2723b108a00b4c3391f620b8ca

SHA1
34e1cef8861d19ef4f3b8351dec0f17b87b5682c

SHA256
34b54fb0d7d4dcbe60718f3102fb4d3da2b121347d02aa70c2c73c4c9ace5d9d

SHA512
8957fb5185335e2201aee2eed3440d5ee04e7916488be49827547e5e3bf48e387ba48baa4ce5b85c5c16500f9afbe09cc2ded8e5344b0f74eebed2e4c72572d4

Download Submit
C:\Windows\system\RoKolPE.exe

Filesize
6.0MB

MD5
9a2ba9e0a0469d47d6dd064cab8b0099

SHA1
c3b2677b8a607a3eb3e28357bcd5bf9f60fdf6c8

SHA256
5793de19c00026ec366d27aa5a01aab35d4c9d1f9f1da41d0f6dccf96e318549

SHA512
9d720ad2ba6e226ac2f78c800a1d7292cdaebd6408f4fe59ab1871b8e75581963172c21f272ac41506ae169f586cac6fcfb5f6d21f2a289c370b78b54cfdb460

Download Submit
C:\Windows\system\UhFyRGZ.exe

Filesize
6.0MB

MD5
aac6f633c5f8a9087edb3ba5294d88ee

SHA1
b1dcc4585e4b407ee2cb74372362ba7478c8f6af

SHA256
85c57df677e645491ca0cfb68830ef6e7f10785e81db4ab1edc5051b875e0cb0

SHA512
05c8276848889203d2e32b65325c9187c58029ff35799a0997ad36aa28236a0298f79771f95367b4bab76ecd6a8e304748a5e31111f0ab39d695b067a194f194

Download Submit
C:\Windows\system\VfSUatK.exe

Filesize
6.0MB

MD5
d5adf7b99b265d7bdbc23042106f8c36

SHA1
222da0a4a9fbc0de08ba64b00c6e686dabc3f874

SHA256
52dae6a30f8cd93af0f5362290228f8d4dc36fc680e710b02c4459d4068fca74

SHA512
0ba664c6453edee8ce3087b67c00c72f36872e206f4c3e2844ab44eed3a9111878b340194f6f5fcdf65f0f034ec2012c2edb1427151fa18fa778f76648d345a6

Download Submit
C:\Windows\system\XfIvqzm.exe

Filesize
6.0MB

MD5
d501b4867ba0b4f680b3cab0369c2a8b

SHA1
dc2ed6102baf58668b861d75de38aad3e067a941

SHA256
c2579ce0a509d5edaeb63116178a7afb871cd4bd8f72ee9d6bfb4b584ec9ac39

SHA512
26d92800ff2b73d2c7b86d4666abfb9281d6880ce525f5203f3d6efeb08f4c8416d4681de51f36fe37b1fe5693027edf2abaea355b60d85ac89e5c0ce11d40eb

Download Submit
C:\Windows\system\YFJPzVd.exe

Filesize
6.0MB

MD5
752937660882380350bedde110b09942

SHA1
9f6e6c39ee458cba22cb32d1dac0f65795b8d3fa

SHA256
cdb9f4a846301087b11bc4f0b7d73bffdeea47f4f5161964c1a7eb49a70c60e6

SHA512
eec0aa5a71a3630547db60b1cb38b19fa33c6aaff78b887a10b0b3ca3d969b3e2a29997b70b418db1829ebb370cb10a504babe0326cf961e294df0cc3af0e4f2

Download Submit
C:\Windows\system\ctHZETf.exe

Filesize
6.0MB

MD5
e6d2425608d9623d66ddc9be2a3192be

SHA1
026e99b7ca5ca7059b0825eaac9a2f033d2e76ad

SHA256
a2750e06998c001358637c996141a13054cbb5c2caa1fa6b6ad3de475c55b335

SHA512
4771efbba31934480a9afc3d6f2ad700c1f4a9834dd6c37ebf485d194fc75eaaead92f08d7e31435741dbe181239c547584a172fffdb18b6ec6c180c9a120ba3

Download Submit
C:\Windows\system\fJlzENM.exe

Filesize
6.0MB

MD5
42f90c9b49cf68a3475d5a0bbb07a8ae

SHA1
9e86d814e7623b23c3960cfc1c4f5de87bf77c4b

SHA256
27d173a00d22f42a5877de749ae34e65d325f7bf31b206e8983574468dec220e

SHA512
b6b10f05d73d034baa1ca3310dd607d654e5b66814bc2da1bef10452e53d03ed5e2bb035489938b0b62c8c14e6f18732ad1161fd5ef4c96f39c50baafc0d05b8

Download Submit
C:\Windows\system\gDCNwvE.exe

Filesize
6.0MB

MD5
86b55e331ff5559bea9526ad2aefedd3

SHA1
0e5ff500a248a3c2bce8a02aa82e99e948bfb31f

SHA256
58dbbb7de4384635730883a2674e5927c93a179864154ccc797bfc97ea6e0553

SHA512
07a6898a6de5ea15ca2e3efdef7ab3cc11a6d146f85e238c565e417789cd915ea0e95d1820bdbe8481c002ef00f9410898b4876ea3fb862fa71ca55532feb300

Download Submit
C:\Windows\system\grAhNFh.exe

Filesize
6.0MB

MD5
8f1b6903e8d5fefe0060d036df65e49f

SHA1
1993078785139a2d27d122b775db502d123b7042

SHA256
87199dce224ad037e849cfd0b29d792e2c3712d00c0d9cf2f6feebe1add4125d

SHA512
567e65ec9df3b07e42d8a90957c90c432a865986baf95690d9f2e809bb2c5681a380510f25f4a67267fcd290b10049d7a1eaaff0a51f79e14f2f57004a787027

Download Submit
C:\Windows\system\hORmhZO.exe

Filesize
6.0MB

MD5
7bd6d63145479946636010d9bb0cade1

SHA1
a79a71d4d2bc7ceeca31a150ed6160f7666bba07

SHA256
9fe5637512324cf40357562ca80a01b94bc46ae2aecf54102002b57285883e1b

SHA512
6bc0f7f63f26f4b5a4a5a09e28eb60086b28ccf5a576675e2b7de6cfd1016bd971638c1ddf21bd1fd3880dac450eb56a21905fe10f5ad08ccaafc31977fb0f0e

Download Submit
C:\Windows\system\iaEPSeo.exe

Filesize
6.0MB

MD5
d432e52795e7a0726ebe48cd3ab97942

SHA1
2ba9bc79b100940e99a27607bac69f15aad63b7c

SHA256
08d17ed15009986baec4807d07a4a7b592ff62ba285d8d0eaa340e7d1d3ec8a7

SHA512
cf8235792b543ae06933fb603df0a67a0a43fbad98cf5bc1e4f25a9bb85770033306dfa9deec655a758dff14df244f480cd11a9194a41d01cd6c90c0f942b54f

Download Submit
C:\Windows\system\jchkjFA.exe

Filesize
6.0MB

MD5
ca7f476665606ee40027c9ca7b88b0f4

SHA1
5489659cd9ba369fdf8085f9d1de82bf785e3357

SHA256
a11921e80081044e17f2f5e36dd392c67c42dbb5535f917a2fc897e980b9659c

SHA512
1eac0f28e8f890625d67e6835e7b1b11f134218eeb6e26aa7f98a06b15564e1ba31fddd81bc1efb41a316a829d148d7a8c83e4cdbb8fccc9058bd2ae1dc362a0

Download Submit
C:\Windows\system\kjKcBNV.exe

Filesize
6.0MB

MD5
fccd490caa43d80e03e1cb8cef00168d

SHA1
57f473ee24f681c7cf257c504afb4804880bac4f

SHA256
52fef37c23f8c4807463b2d50659e2d355d2984a7d6afbf30ab42bb3270079fd

SHA512
ff6e78100c1aff319231c30cf4eb0ae42a7720f9897092ac9fa5e2c83a5c2c83072253ffd10edfadfc8b78293646f2b4afd63ca05e5da1f773bc3ce303f9ac71

Download Submit
C:\Windows\system\ltAPbVA.exe

Filesize
6.0MB

MD5
09b68780cc9b80ccf4829d53167689df

SHA1
78a26ad7e432ea43a261280efc5c273b8dbe0ddd

SHA256
e7d6d05506450645752e90d24d50a84b5445c8d128834e3658d19c0235ba2232

SHA512
da775eaab6eba2905c8a97551e1ccb8338ade042762bb6ce895b0760abe5da3cdfbfd96c24b5b1088b0b793385fd22a510e6f1d5fa4ae00c87a4faaeaa17e911

Download Submit
C:\Windows\system\rgatMIq.exe

Filesize
6.0MB

MD5
aa8c74ac21b95f7f59c12530043645d5

SHA1
059a05e523faa9a2d3f60ddb1ed1be2f06d2bf6b

SHA256
1567c8c24fd43303193ce339426a01e8c8fe5d767b85229efb8a3ef4f991c4c6

SHA512
58eb76d5715f22e3d5ed4914188f5056706e9875f94c99e6cdcb51602b7db6a4e0014fdf70116ff424b960300854a3b313c28e9c5691b7180651651e5ea4d9a5

Download Submit
C:\Windows\system\uJiPOaA.exe

Filesize
6.0MB

MD5
91307df8664a5c07cb446989d59a0a88

SHA1
efa9d6d2b74d49f5c2e1575efd58a5051061efac

SHA256
a9daea67e9cc1e30e6475ed590029b53b360372926598a934a3ec4bdeb9672e3

SHA512
0d5b4db1c2a6d973c877d789dcddb755dc1dac7717ced35024ec21634982b9f1aaca1543bd7f2451148961aa3b2d08fa20a271c82592ca61311234fc94b027ce

Download Submit
C:\Windows\system\uOHoAUw.exe

Filesize
6.0MB

MD5
c2645d7dd95605d381edee13ea8dcd6e

SHA1
d9c33cb94b52dad4fa45295992b0adfba18436d1

SHA256
9c22d4131a20a2778e1947d22c8a5c3a6df8e311c878bb313139c3a046e4c410

SHA512
26f8e685c245f3da951a0a33b2aa833156d46a58f1104c47519e7a7bca1f6e9897786646a02a794c7782a8995d47419a371d48eb9d7fa218518e60badae0cab4

Download Submit
C:\Windows\system\xydwwen.exe

Filesize
6.0MB

MD5
19ca1ecaee44cc4ee87ef18cc2d79163

SHA1
22b6a95e10587341cec200d4706dc840ab439bd1

SHA256
4cf283047b721b2a6b63724a24dc65e01248721229f4d3d611f993f424597bc7

SHA512
9f90604656bd62c94c56976ea61b3235496bf0a4abf84c34e19e9c87647a5596b5a16ecc3342c16937236846e682f0ed6a31df2808ec10fb89ae5bcff3d7772d

Download Submit
\Windows\system\YtCwrnd.exe

Filesize
6.0MB

MD5
3599d7697bf37a86ae0eed7792b2f00c

SHA1
6b49d9b879be683441bf3e34657ca357b1dc932c

SHA256
a1d0526cddef716ca2d270db27810fbd4141afa432ded794a5fcab6f1ce75445

SHA512
df999c5af672dd522cc2ad427d02ac3f7f3b2e4ecd6f05da3577da4c8874ab7f551859f0586562debd37837cd8bdb8888934f3546cc7b778c6ddafc93f99f68f

Download Submit
\Windows\system\ffSsFlv.exe

Filesize
6.0MB

MD5
475f805e37390be7d6b42c0eaa6a4896

SHA1
5ecbb78e8a6fa4b959e42d5b9134857f65180244

SHA256
852774f253b9c7b76245e505b14a26de9ff5fea781a04751f2383d32556cf61a

SHA512
1d22356ae0ee736066da8e97b448c372698223ce147ddd7b43780f307cb00a70102722ea54e7d6a950b6812039f3f957e5625a0492f93be90678a18a0c07eed8

Download Submit
memory/1192-65-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-3838-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-9-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-3877-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-97-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1784-3889-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1784-84-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3840-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2060-30-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2124-3867-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2124-99-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2332-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3850-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-96-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-59-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2532-915-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-916-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-702-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-496-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-917-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-591-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2532-101-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-41-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2532-86-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2532-90-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-16-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2532-34-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-75-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2532-0-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2532-6-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-51-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2532-94-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3874-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-98-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-95-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3841-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-28-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3861-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2708-93-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2736-42-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3845-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2744-35-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3846-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3865-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-88-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3858-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2784-80-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2928-32-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3842-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download