cobaltstrike | 263674fb80af1b5eb7cc6633230a11d14f2fb0e869ca2be8525bd09395bab86e

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

747c6c9466fa129fa0f4e28a650b988c
SHA1

9664b648f36326a0684ba625f68e1d1c83784ac5
SHA256

263674fb80af1b5eb7cc6633230a11d14f2fb0e869ca2be8525bd09395bab86e
SHA512

6c1418c03be38c59c4be131cdc0062bff1532523136f866564617e287f31a0e491eef58960a887e176feadff11f27d8c4127cbacff02080cd85296c402201227
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0025000000016ff2-5.dat	cobalt_reflective_dll
behavioral1/files/0x001200000001705d-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017415-17.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017234-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017444-34.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174d5-40.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001754e-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e46-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018dea-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e9f-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018eba-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f8e-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f9a-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f84-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f80-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f94-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f88-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f6e-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f2c-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f40-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f08-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ef7-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ed5-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018eb2-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ea1-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e96-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018dcf-93.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017553-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e65-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e25-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ddd-73.dat	cobalt_reflective_dll
behavioral1/files/0x00020000000178b0-62.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2656-0-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0025000000016ff2-5.dat	xmrig
behavioral1/files/0x001200000001705d-8.dat	xmrig
behavioral1/files/0x0006000000017415-17.dat	xmrig
behavioral1/files/0x0008000000017234-10.dat	xmrig
behavioral1/memory/2572-30-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2796-37-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0006000000017444-34.dat	xmrig
behavioral1/files/0x00060000000174d5-40.dat	xmrig
behavioral1/memory/1336-86-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000700000001754e-51.dat	xmrig
behavioral1/files/0x0005000000018e46-97.dat	xmrig
behavioral1/files/0x0005000000018dea-95.dat	xmrig
behavioral1/files/0x0005000000018e9f-117.dat	xmrig
behavioral1/files/0x0005000000018eba-131.dat	xmrig
behavioral1/files/0x0005000000018f8e-177.dat	xmrig
behavioral1/files/0x0005000000018f9a-193.dat	xmrig
behavioral1/memory/2448-302-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2132-471-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1336-449-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2656-447-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1480-352-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/3004-237-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2544-204-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0005000000018f84-179.dat	xmrig
behavioral1/files/0x0005000000018f80-170.dat	xmrig
behavioral1/files/0x0005000000018f94-186.dat	xmrig
behavioral1/files/0x0005000000018f88-175.dat	xmrig
behavioral1/files/0x0005000000018f6e-163.dat	xmrig
behavioral1/files/0x0005000000018f2c-153.dat	xmrig
behavioral1/files/0x0005000000018f40-157.dat	xmrig
behavioral1/files/0x0005000000018f08-148.dat	xmrig
behavioral1/files/0x0005000000018ef7-143.dat	xmrig
behavioral1/files/0x0005000000018ed5-138.dat	xmrig
behavioral1/files/0x0005000000018eb2-128.dat	xmrig
behavioral1/files/0x0005000000018ea1-123.dat	xmrig
behavioral1/memory/2820-120-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018e96-112.dat	xmrig
behavioral1/files/0x0005000000018dcf-93.dat	xmrig
behavioral1/memory/2132-105-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2448-67-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/3004-57-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2656-56-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0007000000017553-55.dat	xmrig
behavioral1/memory/2544-54-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2144-104-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1372-103-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2796-101-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0005000000018e65-100.dat	xmrig
behavioral1/memory/2656-84-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1480-83-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018e25-82.dat	xmrig
behavioral1/memory/2720-81-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0005000000018ddd-73.dat	xmrig
behavioral1/files/0x00020000000178b0-62.dat	xmrig
behavioral1/memory/2820-42-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2656-28-0x0000000002570000-0x00000000028C4000-memory.dmp	xmrig
behavioral1/memory/1460-27-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2748-24-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2720-22-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2656-20-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1460-1470-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2748-1474-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2796-1472-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1460	JCaMLcj.exe
2720	ltClqJp.exe
2748	eVGpRgf.exe
2572	uDkQIIE.exe
2796	zkycCxs.exe
2820	IdHlHLc.exe
2544	KLWwxOc.exe
3004	AQYIaOQ.exe
2448	SbWJyAo.exe
1480	ZQtmkmM.exe
1336	BjDtYdI.exe
1372	qxOwmoU.exe
2144	XAcaQLg.exe
2132	XuyyqNc.exe
568	sKnHnhD.exe
3020	XKRfbTT.exe
548	GWJeAsi.exe
3016	SMBwTQP.exe
2160	QWSruig.exe
1456	rbZvaYX.exe
320	hKbYDjj.exe
1908	dBcXxKm.exe
2252	GZpdory.exe
2064	mAuhVpZ.exe
2316	IQntvFc.exe
3056	cdVOJup.exe
1724	dPGmVnA.exe
340	NGmmWfn.exe
1696	ThmIxaB.exe
2244	OHhQiip.exe
1360	fLOrExv.exe
816	XNxmsdT.exe
824	mwGpFYm.exe
1044	yesZOlK.exe
1520	xaALWcZ.exe
2888	sEZiplK.exe
1992	mqrgwal.exe
736	cxPjpBF.exe
2408	rrEhpAa.exe
1916	fAQHmGX.exe
2224	wnbGxTw.exe
852	pStmzUz.exe
1964	OonQpMx.exe
2648	RaDTLKf.exe
2680	TZPHblJ.exe
2860	iYGPwIF.exe
1112	hmKmEVG.exe
2100	QYGWLuE.exe
1136	JudGOBT.exe
1540	nAmUJrO.exe
1596	YwyzKbL.exe
2092	tdPYwie.exe
2620	aGTPzOF.exe
1796	LwPWHPp.exe
2088	sUJdupb.exe
2212	uQNAygA.exe
2692	ObrcFkt.exe
1180	NkPOcSe.exe
1604	jYRDfOr.exe
2616	hBooraC.exe
2496	NaaHpns.exe
1632	laNeHpA.exe
2116	vebMlaH.exe
2508	DfezeOv.exe

Loads dropped DLL 64 IoCs

pid	Process
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2656-0-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0025000000016ff2-5.dat	upx
behavioral1/files/0x001200000001705d-8.dat	upx
behavioral1/files/0x0006000000017415-17.dat	upx
behavioral1/files/0x0008000000017234-10.dat	upx
behavioral1/memory/2572-30-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2796-37-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0006000000017444-34.dat	upx
behavioral1/files/0x00060000000174d5-40.dat	upx
behavioral1/memory/1336-86-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000700000001754e-51.dat	upx
behavioral1/files/0x0005000000018e46-97.dat	upx
behavioral1/files/0x0005000000018dea-95.dat	upx
behavioral1/files/0x0005000000018e9f-117.dat	upx
behavioral1/files/0x0005000000018eba-131.dat	upx
behavioral1/files/0x0005000000018f8e-177.dat	upx
behavioral1/files/0x0005000000018f9a-193.dat	upx
behavioral1/memory/2448-302-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2132-471-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/1336-449-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/1480-352-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/3004-237-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2544-204-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0005000000018f84-179.dat	upx
behavioral1/files/0x0005000000018f80-170.dat	upx
behavioral1/files/0x0005000000018f94-186.dat	upx
behavioral1/files/0x0005000000018f88-175.dat	upx
behavioral1/files/0x0005000000018f6e-163.dat	upx
behavioral1/files/0x0005000000018f2c-153.dat	upx
behavioral1/files/0x0005000000018f40-157.dat	upx
behavioral1/files/0x0005000000018f08-148.dat	upx
behavioral1/files/0x0005000000018ef7-143.dat	upx
behavioral1/files/0x0005000000018ed5-138.dat	upx
behavioral1/files/0x0005000000018eb2-128.dat	upx
behavioral1/files/0x0005000000018ea1-123.dat	upx
behavioral1/memory/2820-120-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x0005000000018e96-112.dat	upx
behavioral1/files/0x0005000000018dcf-93.dat	upx
behavioral1/memory/2132-105-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2448-67-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/3004-57-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2656-56-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0007000000017553-55.dat	upx
behavioral1/memory/2544-54-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2144-104-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/1372-103-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2796-101-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0005000000018e65-100.dat	upx
behavioral1/memory/1480-83-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0005000000018e25-82.dat	upx
behavioral1/memory/2720-81-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0005000000018ddd-73.dat	upx
behavioral1/files/0x00020000000178b0-62.dat	upx
behavioral1/memory/2820-42-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1460-27-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2748-24-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2720-22-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/1460-1470-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2748-1474-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2796-1472-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2572-1496-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2720-1539-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2820-1540-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/3004-1563-0x000000013FE30000-0x0000000140184000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zkycCxs.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjfQdnl.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siThOSp.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJFIGtn.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvBRUeQ.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvgNXAl.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olrbRQY.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ouPVDId.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkkmWbG.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZEyTOV.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZCqpKu.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmThgxa.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfDMeyG.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhIWzho.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAyZkxO.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGdUlMG.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnOxJSz.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKdCfPO.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxSduin.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhFtxRk.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHPGjqF.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgqXRiz.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYVqXTI.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOvmcWA.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGQVpPZ.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpVrFzh.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhIJQST.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eChgoCf.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnhVQCA.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEAprKo.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNdnuvc.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgSCVoa.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTvxBPP.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlgHucx.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EiCIgLX.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkqwnvw.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wttPeWV.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELBHrXc.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzDPVZU.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aEiQkHa.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEPxePO.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZhoEyV.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbPPbtD.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJuuJrm.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWSmzDC.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhtfOZZ.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvuEunz.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wakMSUr.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Axqaqak.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIjnoJw.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoyfHYb.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pETPKjF.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjEoZLh.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbpbAKP.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVtSvJu.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMzRaIh.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgwnwYu.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcagFGV.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbMNXiW.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhesbIj.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HByhpIn.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zojnMEq.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZbzJjA.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVWGyJi.exe	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 1460	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 1460	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 1460	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 2720	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2720	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2720	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2748	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2748	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2748	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2572	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2572	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2572	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2796	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2796	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2796	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2820	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2820	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2820	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2544	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 2544	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 2544	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 3004	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 3004	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 3004	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2448	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2448	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2448	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 1372	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 1372	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 1372	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 1480	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 1480	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 1480	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 2144	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 2144	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 2144	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 1336	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 1336	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 1336	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2132	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 2132	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 2132	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 568	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 568	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 568	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 3020	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 3020	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 3020	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 548	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 548	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 548	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 3016	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 3016	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 3016	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 2160	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 2160	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 2160	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 1456	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 1456	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 1456	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 320	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 320	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 320	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 1908	2656	2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_747c6c9466fa129fa0f4e28a650b988c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\System\JCaMLcj.exe
  C:\Windows\System\JCaMLcj.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\ltClqJp.exe
  C:\Windows\System\ltClqJp.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\eVGpRgf.exe
  C:\Windows\System\eVGpRgf.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\uDkQIIE.exe
  C:\Windows\System\uDkQIIE.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\zkycCxs.exe
  C:\Windows\System\zkycCxs.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\IdHlHLc.exe
  C:\Windows\System\IdHlHLc.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\KLWwxOc.exe
  C:\Windows\System\KLWwxOc.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\AQYIaOQ.exe
  C:\Windows\System\AQYIaOQ.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\SbWJyAo.exe
  C:\Windows\System\SbWJyAo.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\qxOwmoU.exe
  C:\Windows\System\qxOwmoU.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\ZQtmkmM.exe
  C:\Windows\System\ZQtmkmM.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\XAcaQLg.exe
  C:\Windows\System\XAcaQLg.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\BjDtYdI.exe
  C:\Windows\System\BjDtYdI.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\XuyyqNc.exe
  C:\Windows\System\XuyyqNc.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\sKnHnhD.exe
  C:\Windows\System\sKnHnhD.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\XKRfbTT.exe
  C:\Windows\System\XKRfbTT.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\GWJeAsi.exe
  C:\Windows\System\GWJeAsi.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\SMBwTQP.exe
  C:\Windows\System\SMBwTQP.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\QWSruig.exe
  C:\Windows\System\QWSruig.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\rbZvaYX.exe
  C:\Windows\System\rbZvaYX.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\hKbYDjj.exe
  C:\Windows\System\hKbYDjj.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\dBcXxKm.exe
  C:\Windows\System\dBcXxKm.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\GZpdory.exe
  C:\Windows\System\GZpdory.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\mAuhVpZ.exe
  C:\Windows\System\mAuhVpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\IQntvFc.exe
  C:\Windows\System\IQntvFc.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\cdVOJup.exe
  C:\Windows\System\cdVOJup.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\dPGmVnA.exe
  C:\Windows\System\dPGmVnA.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ThmIxaB.exe
  C:\Windows\System\ThmIxaB.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\NGmmWfn.exe
  C:\Windows\System\NGmmWfn.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\OHhQiip.exe
  C:\Windows\System\OHhQiip.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\fLOrExv.exe
  C:\Windows\System\fLOrExv.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\XNxmsdT.exe
  C:\Windows\System\XNxmsdT.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\mwGpFYm.exe
  C:\Windows\System\mwGpFYm.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\sEZiplK.exe
  C:\Windows\System\sEZiplK.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\yesZOlK.exe
  C:\Windows\System\yesZOlK.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\OonQpMx.exe
  C:\Windows\System\OonQpMx.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\xaALWcZ.exe
  C:\Windows\System\xaALWcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\RaDTLKf.exe
  C:\Windows\System\RaDTLKf.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\mqrgwal.exe
  C:\Windows\System\mqrgwal.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\TZPHblJ.exe
  C:\Windows\System\TZPHblJ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\cxPjpBF.exe
  C:\Windows\System\cxPjpBF.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\iYGPwIF.exe
  C:\Windows\System\iYGPwIF.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\rrEhpAa.exe
  C:\Windows\System\rrEhpAa.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\hmKmEVG.exe
  C:\Windows\System\hmKmEVG.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\fAQHmGX.exe
  C:\Windows\System\fAQHmGX.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\QYGWLuE.exe
  C:\Windows\System\QYGWLuE.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\wnbGxTw.exe
  C:\Windows\System\wnbGxTw.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\JudGOBT.exe
  C:\Windows\System\JudGOBT.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\pStmzUz.exe
  C:\Windows\System\pStmzUz.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\nAmUJrO.exe
  C:\Windows\System\nAmUJrO.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\YwyzKbL.exe
  C:\Windows\System\YwyzKbL.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\jYRDfOr.exe
  C:\Windows\System\jYRDfOr.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\tdPYwie.exe
  C:\Windows\System\tdPYwie.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\hBooraC.exe
  C:\Windows\System\hBooraC.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\aGTPzOF.exe
  C:\Windows\System\aGTPzOF.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\NaaHpns.exe
  C:\Windows\System\NaaHpns.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\LwPWHPp.exe
  C:\Windows\System\LwPWHPp.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\laNeHpA.exe
  C:\Windows\System\laNeHpA.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\sUJdupb.exe
  C:\Windows\System\sUJdupb.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\vebMlaH.exe
  C:\Windows\System\vebMlaH.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\uQNAygA.exe
  C:\Windows\System\uQNAygA.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\DfezeOv.exe
  C:\Windows\System\DfezeOv.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\ObrcFkt.exe
  C:\Windows\System\ObrcFkt.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ogOWfnB.exe
  C:\Windows\System\ogOWfnB.exe
  2⤵
  PID:1048
- C:\Windows\System\NkPOcSe.exe
  C:\Windows\System\NkPOcSe.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\MygOtkx.exe
  C:\Windows\System\MygOtkx.exe
  2⤵
  PID:2080
- C:\Windows\System\kpLKUBz.exe
  C:\Windows\System\kpLKUBz.exe
  2⤵
  PID:1680
- C:\Windows\System\RwzaEjf.exe
  C:\Windows\System\RwzaEjf.exe
  2⤵
  PID:1516
- C:\Windows\System\gFlQhFk.exe
  C:\Windows\System\gFlQhFk.exe
  2⤵
  PID:796
- C:\Windows\System\xWQUkki.exe
  C:\Windows\System\xWQUkki.exe
  2⤵
  PID:1780
- C:\Windows\System\hTpuQre.exe
  C:\Windows\System\hTpuQre.exe
  2⤵
  PID:2916
- C:\Windows\System\vPfwAuq.exe
  C:\Windows\System\vPfwAuq.exe
  2⤵
  PID:1948
- C:\Windows\System\CBvRSFb.exe
  C:\Windows\System\CBvRSFb.exe
  2⤵
  PID:2124
- C:\Windows\System\NAjYofq.exe
  C:\Windows\System\NAjYofq.exe
  2⤵
  PID:2192
- C:\Windows\System\iglbdxR.exe
  C:\Windows\System\iglbdxR.exe
  2⤵
  PID:2032
- C:\Windows\System\lCVoMGv.exe
  C:\Windows\System\lCVoMGv.exe
  2⤵
  PID:1616
- C:\Windows\System\jvBRUeQ.exe
  C:\Windows\System\jvBRUeQ.exe
  2⤵
  PID:2444
- C:\Windows\System\KOVnmrd.exe
  C:\Windows\System\KOVnmrd.exe
  2⤵
  PID:1492
- C:\Windows\System\ppbmLOG.exe
  C:\Windows\System\ppbmLOG.exe
  2⤵
  PID:1528
- C:\Windows\System\bHuOlXL.exe
  C:\Windows\System\bHuOlXL.exe
  2⤵
  PID:2300
- C:\Windows\System\WblbfBW.exe
  C:\Windows\System\WblbfBW.exe
  2⤵
  PID:2052
- C:\Windows\System\zhQuYmv.exe
  C:\Windows\System\zhQuYmv.exe
  2⤵
  PID:668
- C:\Windows\System\vbtyIBl.exe
  C:\Windows\System\vbtyIBl.exe
  2⤵
  PID:872
- C:\Windows\System\wVgEMMV.exe
  C:\Windows\System\wVgEMMV.exe
  2⤵
  PID:2584
- C:\Windows\System\EdLETGl.exe
  C:\Windows\System\EdLETGl.exe
  2⤵
  PID:2308
- C:\Windows\System\iJgzVro.exe
  C:\Windows\System\iJgzVro.exe
  2⤵
  PID:324
- C:\Windows\System\DGntbNF.exe
  C:\Windows\System\DGntbNF.exe
  2⤵
  PID:2972
- C:\Windows\System\FSmylUq.exe
  C:\Windows\System\FSmylUq.exe
  2⤵
  PID:2380
- C:\Windows\System\lyfmLWh.exe
  C:\Windows\System\lyfmLWh.exe
  2⤵
  PID:908
- C:\Windows\System\yhJBlWA.exe
  C:\Windows\System\yhJBlWA.exe
  2⤵
  PID:1708
- C:\Windows\System\RoppxDx.exe
  C:\Windows\System\RoppxDx.exe
  2⤵
  PID:2716
- C:\Windows\System\DfOsMGS.exe
  C:\Windows\System\DfOsMGS.exe
  2⤵
  PID:2560
- C:\Windows\System\qCqHoZO.exe
  C:\Windows\System\qCqHoZO.exe
  2⤵
  PID:2996
- C:\Windows\System\TjnnmIk.exe
  C:\Windows\System\TjnnmIk.exe
  2⤵
  PID:1280
- C:\Windows\System\odViHuQ.exe
  C:\Windows\System\odViHuQ.exe
  2⤵
  PID:1476
- C:\Windows\System\JBOleAC.exe
  C:\Windows\System\JBOleAC.exe
  2⤵
  PID:1464
- C:\Windows\System\YaKGAfF.exe
  C:\Windows\System\YaKGAfF.exe
  2⤵
  PID:2788
- C:\Windows\System\WSizSxD.exe
  C:\Windows\System\WSizSxD.exe
  2⤵
  PID:1196
- C:\Windows\System\oztOGIe.exe
  C:\Windows\System\oztOGIe.exe
  2⤵
  PID:1996
- C:\Windows\System\opQdygd.exe
  C:\Windows\System\opQdygd.exe
  2⤵
  PID:2552
- C:\Windows\System\zJKlEUd.exe
  C:\Windows\System\zJKlEUd.exe
  2⤵
  PID:2384
- C:\Windows\System\YMahYwA.exe
  C:\Windows\System\YMahYwA.exe
  2⤵
  PID:976
- C:\Windows\System\ahrGpax.exe
  C:\Windows\System\ahrGpax.exe
  2⤵
  PID:1308
- C:\Windows\System\jxGMuTf.exe
  C:\Windows\System\jxGMuTf.exe
  2⤵
  PID:2232
- C:\Windows\System\VdpkGdW.exe
  C:\Windows\System\VdpkGdW.exe
  2⤵
  PID:2264
- C:\Windows\System\efuCpLn.exe
  C:\Windows\System\efuCpLn.exe
  2⤵
  PID:1076
- C:\Windows\System\JCOURjV.exe
  C:\Windows\System\JCOURjV.exe
  2⤵
  PID:2220
- C:\Windows\System\QzIdtXX.exe
  C:\Windows\System\QzIdtXX.exe
  2⤵
  PID:1376
- C:\Windows\System\xcGLHFQ.exe
  C:\Windows\System\xcGLHFQ.exe
  2⤵
  PID:2320
- C:\Windows\System\kvGIUDD.exe
  C:\Windows\System\kvGIUDD.exe
  2⤵
  PID:840
- C:\Windows\System\UCqPJmT.exe
  C:\Windows\System\UCqPJmT.exe
  2⤵
  PID:3076
- C:\Windows\System\LbsjiZX.exe
  C:\Windows\System\LbsjiZX.exe
  2⤵
  PID:3100
- C:\Windows\System\AYYemHL.exe
  C:\Windows\System\AYYemHL.exe
  2⤵
  PID:3156
- C:\Windows\System\cGYaenc.exe
  C:\Windows\System\cGYaenc.exe
  2⤵
  PID:3172
- C:\Windows\System\rDeiZAV.exe
  C:\Windows\System\rDeiZAV.exe
  2⤵
  PID:3188
- C:\Windows\System\javaZUx.exe
  C:\Windows\System\javaZUx.exe
  2⤵
  PID:3204
- C:\Windows\System\ZUcubyY.exe
  C:\Windows\System\ZUcubyY.exe
  2⤵
  PID:3220
- C:\Windows\System\sRHvnwF.exe
  C:\Windows\System\sRHvnwF.exe
  2⤵
  PID:3236
- C:\Windows\System\kZyXbzG.exe
  C:\Windows\System\kZyXbzG.exe
  2⤵
  PID:3252
- C:\Windows\System\eWjVZdK.exe
  C:\Windows\System\eWjVZdK.exe
  2⤵
  PID:3268
- C:\Windows\System\JNUdvfA.exe
  C:\Windows\System\JNUdvfA.exe
  2⤵
  PID:3284
- C:\Windows\System\kRrKKFa.exe
  C:\Windows\System\kRrKKFa.exe
  2⤵
  PID:3300
- C:\Windows\System\SMxSUdj.exe
  C:\Windows\System\SMxSUdj.exe
  2⤵
  PID:3316
- C:\Windows\System\jLVVSNO.exe
  C:\Windows\System\jLVVSNO.exe
  2⤵
  PID:3332
- C:\Windows\System\CQolYUp.exe
  C:\Windows\System\CQolYUp.exe
  2⤵
  PID:3348
- C:\Windows\System\cltSPkM.exe
  C:\Windows\System\cltSPkM.exe
  2⤵
  PID:3364
- C:\Windows\System\uNoaDLi.exe
  C:\Windows\System\uNoaDLi.exe
  2⤵
  PID:3380
- C:\Windows\System\rDBzkyj.exe
  C:\Windows\System\rDBzkyj.exe
  2⤵
  PID:3396
- C:\Windows\System\TjPVbbt.exe
  C:\Windows\System\TjPVbbt.exe
  2⤵
  PID:3412
- C:\Windows\System\GlpnyaE.exe
  C:\Windows\System\GlpnyaE.exe
  2⤵
  PID:3436
- C:\Windows\System\SkcaNuA.exe
  C:\Windows\System\SkcaNuA.exe
  2⤵
  PID:3464
- C:\Windows\System\lZPiAAq.exe
  C:\Windows\System\lZPiAAq.exe
  2⤵
  PID:3480
- C:\Windows\System\UIRgGCL.exe
  C:\Windows\System\UIRgGCL.exe
  2⤵
  PID:3496
- C:\Windows\System\qrLRFTT.exe
  C:\Windows\System\qrLRFTT.exe
  2⤵
  PID:3512
- C:\Windows\System\pEuBDTb.exe
  C:\Windows\System\pEuBDTb.exe
  2⤵
  PID:3528
- C:\Windows\System\egaNTJZ.exe
  C:\Windows\System\egaNTJZ.exe
  2⤵
  PID:3544
- C:\Windows\System\nlSDscH.exe
  C:\Windows\System\nlSDscH.exe
  2⤵
  PID:3560
- C:\Windows\System\yyNsTTe.exe
  C:\Windows\System\yyNsTTe.exe
  2⤵
  PID:3576
- C:\Windows\System\uqCAUcH.exe
  C:\Windows\System\uqCAUcH.exe
  2⤵
  PID:3592
- C:\Windows\System\JpkFXre.exe
  C:\Windows\System\JpkFXre.exe
  2⤵
  PID:3848
- C:\Windows\System\tVbJyIH.exe
  C:\Windows\System\tVbJyIH.exe
  2⤵
  PID:3872
- C:\Windows\System\SremNUC.exe
  C:\Windows\System\SremNUC.exe
  2⤵
  PID:3888
- C:\Windows\System\MQZiDXy.exe
  C:\Windows\System\MQZiDXy.exe
  2⤵
  PID:3908
- C:\Windows\System\GCTpcfu.exe
  C:\Windows\System\GCTpcfu.exe
  2⤵
  PID:3928
- C:\Windows\System\IRjXdNm.exe
  C:\Windows\System\IRjXdNm.exe
  2⤵
  PID:3948
- C:\Windows\System\gUiYahx.exe
  C:\Windows\System\gUiYahx.exe
  2⤵
  PID:3964
- C:\Windows\System\FopNcII.exe
  C:\Windows\System\FopNcII.exe
  2⤵
  PID:3988
- C:\Windows\System\jjtGRHf.exe
  C:\Windows\System\jjtGRHf.exe
  2⤵
  PID:4008
- C:\Windows\System\ZSyYoeO.exe
  C:\Windows\System\ZSyYoeO.exe
  2⤵
  PID:4028
- C:\Windows\System\PqdkRyD.exe
  C:\Windows\System\PqdkRyD.exe
  2⤵
  PID:4044
- C:\Windows\System\xfAiJpk.exe
  C:\Windows\System\xfAiJpk.exe
  2⤵
  PID:4060
- C:\Windows\System\ioTXhgp.exe
  C:\Windows\System\ioTXhgp.exe
  2⤵
  PID:4076
- C:\Windows\System\jKGWxau.exe
  C:\Windows\System\jKGWxau.exe
  2⤵
  PID:1560
- C:\Windows\System\fLpjLPJ.exe
  C:\Windows\System\fLpjLPJ.exe
  2⤵
  PID:1828
- C:\Windows\System\tjfQdnl.exe
  C:\Windows\System\tjfQdnl.exe
  2⤵
  PID:1688
- C:\Windows\System\IqViqAP.exe
  C:\Windows\System\IqViqAP.exe
  2⤵
  PID:1124
- C:\Windows\System\rrFwLvU.exe
  C:\Windows\System\rrFwLvU.exe
  2⤵
  PID:752
- C:\Windows\System\EojTcCf.exe
  C:\Windows\System\EojTcCf.exe
  2⤵
  PID:3092
- C:\Windows\System\nLBaRSw.exe
  C:\Windows\System\nLBaRSw.exe
  2⤵
  PID:3164
- C:\Windows\System\OjPYpHH.exe
  C:\Windows\System\OjPYpHH.exe
  2⤵
  PID:3228
- C:\Windows\System\MhBbvpA.exe
  C:\Windows\System\MhBbvpA.exe
  2⤵
  PID:3292
- C:\Windows\System\snQPnXn.exe
  C:\Windows\System\snQPnXn.exe
  2⤵
  PID:2016
- C:\Windows\System\RvCpTrl.exe
  C:\Windows\System\RvCpTrl.exe
  2⤵
  PID:2724
- C:\Windows\System\GqMrxLw.exe
  C:\Windows\System\GqMrxLw.exe
  2⤵
  PID:1944
- C:\Windows\System\ZQHXfxm.exe
  C:\Windows\System\ZQHXfxm.exe
  2⤵
  PID:3388
- C:\Windows\System\rNsRAdu.exe
  C:\Windows\System\rNsRAdu.exe
  2⤵
  PID:3120
- C:\Windows\System\TpRDdVM.exe
  C:\Windows\System\TpRDdVM.exe
  2⤵
  PID:3132
- C:\Windows\System\dwNfuhM.exe
  C:\Windows\System\dwNfuhM.exe
  2⤵
  PID:3148
- C:\Windows\System\mThvijA.exe
  C:\Windows\System\mThvijA.exe
  2⤵
  PID:1776
- C:\Windows\System\YoCcXve.exe
  C:\Windows\System\YoCcXve.exe
  2⤵
  PID:1496
- C:\Windows\System\rcNymLH.exe
  C:\Windows\System\rcNymLH.exe
  2⤵
  PID:2296
- C:\Windows\System\kcYOdok.exe
  C:\Windows\System\kcYOdok.exe
  2⤵
  PID:3476
- C:\Windows\System\CoUDZug.exe
  C:\Windows\System\CoUDZug.exe
  2⤵
  PID:3536
- C:\Windows\System\dCAAoEK.exe
  C:\Windows\System\dCAAoEK.exe
  2⤵
  PID:3572
- C:\Windows\System\xCDnQEf.exe
  C:\Windows\System\xCDnQEf.exe
  2⤵
  PID:3492
- C:\Windows\System\UZXfYKY.exe
  C:\Windows\System\UZXfYKY.exe
  2⤵
  PID:3608
- C:\Windows\System\kqGJfgH.exe
  C:\Windows\System\kqGJfgH.exe
  2⤵
  PID:3636
- C:\Windows\System\sSnYlhT.exe
  C:\Windows\System\sSnYlhT.exe
  2⤵
  PID:3652
- C:\Windows\System\kNmNJdh.exe
  C:\Windows\System\kNmNJdh.exe
  2⤵
  PID:3672
- C:\Windows\System\sMTDFco.exe
  C:\Windows\System\sMTDFco.exe
  2⤵
  PID:3688
- C:\Windows\System\cVSYeCI.exe
  C:\Windows\System\cVSYeCI.exe
  2⤵
  PID:3712
- C:\Windows\System\MenzuIH.exe
  C:\Windows\System\MenzuIH.exe
  2⤵
  PID:3744
- C:\Windows\System\aQwFDbE.exe
  C:\Windows\System\aQwFDbE.exe
  2⤵
  PID:3764
- C:\Windows\System\EEPxePO.exe
  C:\Windows\System\EEPxePO.exe
  2⤵
  PID:3772
- C:\Windows\System\kPMdHev.exe
  C:\Windows\System\kPMdHev.exe
  2⤵
  PID:3788
- C:\Windows\System\DvRqfyi.exe
  C:\Windows\System\DvRqfyi.exe
  2⤵
  PID:3804
- C:\Windows\System\PiCKwBl.exe
  C:\Windows\System\PiCKwBl.exe
  2⤵
  PID:3820
- C:\Windows\System\NUofiWJ.exe
  C:\Windows\System\NUofiWJ.exe
  2⤵
  PID:3836
- C:\Windows\System\WXolbos.exe
  C:\Windows\System\WXolbos.exe
  2⤵
  PID:3604
- C:\Windows\System\uhWPnhN.exe
  C:\Windows\System\uhWPnhN.exe
  2⤵
  PID:3924
- C:\Windows\System\jgwSRsX.exe
  C:\Windows\System\jgwSRsX.exe
  2⤵
  PID:3960
- C:\Windows\System\ipwTeCE.exe
  C:\Windows\System\ipwTeCE.exe
  2⤵
  PID:4036
- C:\Windows\System\ROVdZyw.exe
  C:\Windows\System\ROVdZyw.exe
  2⤵
  PID:2828
- C:\Windows\System\nPrcMuZ.exe
  C:\Windows\System\nPrcMuZ.exe
  2⤵
  PID:2072
- C:\Windows\System\WZZFObo.exe
  C:\Windows\System\WZZFObo.exe
  2⤵
  PID:2528
- C:\Windows\System\faiUYYO.exe
  C:\Windows\System\faiUYYO.exe
  2⤵
  PID:2840
- C:\Windows\System\TFNIorf.exe
  C:\Windows\System\TFNIorf.exe
  2⤵
  PID:360
- C:\Windows\System\EKEUxtJ.exe
  C:\Windows\System\EKEUxtJ.exe
  2⤵
  PID:3324
- C:\Windows\System\zOdmAZV.exe
  C:\Windows\System\zOdmAZV.exe
  2⤵
  PID:1972
- C:\Windows\System\gYCkfKb.exe
  C:\Windows\System\gYCkfKb.exe
  2⤵
  PID:3984
- C:\Windows\System\ixLLCCy.exe
  C:\Windows\System\ixLLCCy.exe
  2⤵
  PID:4024
- C:\Windows\System\WenQvjF.exe
  C:\Windows\System\WenQvjF.exe
  2⤵
  PID:4052
- C:\Windows\System\FvLEjwY.exe
  C:\Windows\System\FvLEjwY.exe
  2⤵
  PID:4092
- C:\Windows\System\REViQXN.exe
  C:\Windows\System\REViQXN.exe
  2⤵
  PID:1368
- C:\Windows\System\ZKmAgrr.exe
  C:\Windows\System\ZKmAgrr.exe
  2⤵
  PID:3124
- C:\Windows\System\kwtePHz.exe
  C:\Windows\System\kwtePHz.exe
  2⤵
  PID:1748
- C:\Windows\System\XwlUFuy.exe
  C:\Windows\System\XwlUFuy.exe
  2⤵
  PID:2360
- C:\Windows\System\JgwnwYu.exe
  C:\Windows\System\JgwnwYu.exe
  2⤵
  PID:3424
- C:\Windows\System\aAMkWcu.exe
  C:\Windows\System\aAMkWcu.exe
  2⤵
  PID:3520
- C:\Windows\System\AhxVexe.exe
  C:\Windows\System\AhxVexe.exe
  2⤵
  PID:3588
- C:\Windows\System\XeBjtjS.exe
  C:\Windows\System\XeBjtjS.exe
  2⤵
  PID:3408
- C:\Windows\System\CucSRpO.exe
  C:\Windows\System\CucSRpO.exe
  2⤵
  PID:1040
- C:\Windows\System\yDWoWKJ.exe
  C:\Windows\System\yDWoWKJ.exe
  2⤵
  PID:2596
- C:\Windows\System\yvJfzvq.exe
  C:\Windows\System\yvJfzvq.exe
  2⤵
  PID:2944
- C:\Windows\System\XhuoDcY.exe
  C:\Windows\System\XhuoDcY.exe
  2⤵
  PID:2536
- C:\Windows\System\frrUPRi.exe
  C:\Windows\System\frrUPRi.exe
  2⤵
  PID:3196
- C:\Windows\System\PWCPiIc.exe
  C:\Windows\System\PWCPiIc.exe
  2⤵
  PID:3140
- C:\Windows\System\vkZIGMQ.exe
  C:\Windows\System\vkZIGMQ.exe
  2⤵
  PID:2896
- C:\Windows\System\oZmavsa.exe
  C:\Windows\System\oZmavsa.exe
  2⤵
  PID:3344
- C:\Windows\System\qCKVkcw.exe
  C:\Windows\System\qCKVkcw.exe
  2⤵
  PID:3600
- C:\Windows\System\uYIAfCE.exe
  C:\Windows\System\uYIAfCE.exe
  2⤵
  PID:3668
- C:\Windows\System\XmqJaiC.exe
  C:\Windows\System\XmqJaiC.exe
  2⤵
  PID:3276
- C:\Windows\System\fbYRjhF.exe
  C:\Windows\System\fbYRjhF.exe
  2⤵
  PID:3180
- C:\Windows\System\GkkmWbG.exe
  C:\Windows\System\GkkmWbG.exe
  2⤵
  PID:3720
- C:\Windows\System\dpCzJBz.exe
  C:\Windows\System\dpCzJBz.exe
  2⤵
  PID:3760
- C:\Windows\System\sSCYycV.exe
  C:\Windows\System\sSCYycV.exe
  2⤵
  PID:3784
- C:\Windows\System\piHFZni.exe
  C:\Windows\System\piHFZni.exe
  2⤵
  PID:2760
- C:\Windows\System\uoOgEUE.exe
  C:\Windows\System\uoOgEUE.exe
  2⤵
  PID:2456
- C:\Windows\System\dRVQnvx.exe
  C:\Windows\System\dRVQnvx.exe
  2⤵
  PID:1424
- C:\Windows\System\wsYKkIg.exe
  C:\Windows\System\wsYKkIg.exe
  2⤵
  PID:3356
- C:\Windows\System\lZZhMTY.exe
  C:\Windows\System\lZZhMTY.exe
  2⤵
  PID:3460
- C:\Windows\System\ytMLvUO.exe
  C:\Windows\System\ytMLvUO.exe
  2⤵
  PID:3108
- C:\Windows\System\ZpvnxUN.exe
  C:\Windows\System\ZpvnxUN.exe
  2⤵
  PID:3768
- C:\Windows\System\OUyNaob.exe
  C:\Windows\System\OUyNaob.exe
  2⤵
  PID:3756
- C:\Windows\System\QZclwLb.exe
  C:\Windows\System\QZclwLb.exe
  2⤵
  PID:3916
- C:\Windows\System\FaeJsoC.exe
  C:\Windows\System\FaeJsoC.exe
  2⤵
  PID:4004
- C:\Windows\System\GOfmUrZ.exe
  C:\Windows\System\GOfmUrZ.exe
  2⤵
  PID:3904
- C:\Windows\System\nughISR.exe
  C:\Windows\System\nughISR.exe
  2⤵
  PID:3128
- C:\Windows\System\LOmPWIv.exe
  C:\Windows\System\LOmPWIv.exe
  2⤵
  PID:1980
- C:\Windows\System\AvyYLjs.exe
  C:\Windows\System\AvyYLjs.exe
  2⤵
  PID:3372
- C:\Windows\System\OdZlgMn.exe
  C:\Windows\System\OdZlgMn.exe
  2⤵
  PID:3644
- C:\Windows\System\IhhhdLh.exe
  C:\Windows\System\IhhhdLh.exe
  2⤵
  PID:808
- C:\Windows\System\tJWbnHX.exe
  C:\Windows\System\tJWbnHX.exe
  2⤵
  PID:3184
- C:\Windows\System\KDFeoXq.exe
  C:\Windows\System\KDFeoXq.exe
  2⤵
  PID:2256
- C:\Windows\System\zwTNnjy.exe
  C:\Windows\System\zwTNnjy.exe
  2⤵
  PID:4072
- C:\Windows\System\lQGpMba.exe
  C:\Windows\System\lQGpMba.exe
  2⤵
  PID:3684
- C:\Windows\System\NhDwJJJ.exe
  C:\Windows\System\NhDwJJJ.exe
  2⤵
  PID:3568
- C:\Windows\System\YJXOkGN.exe
  C:\Windows\System\YJXOkGN.exe
  2⤵
  PID:3736
- C:\Windows\System\MFZPScf.exe
  C:\Windows\System\MFZPScf.exe
  2⤵
  PID:3860
- C:\Windows\System\UQXtIwM.exe
  C:\Windows\System\UQXtIwM.exe
  2⤵
  PID:2368
- C:\Windows\System\vIvuwrS.exe
  C:\Windows\System\vIvuwrS.exe
  2⤵
  PID:4112
- C:\Windows\System\ruCjpuR.exe
  C:\Windows\System\ruCjpuR.exe
  2⤵
  PID:4132
- C:\Windows\System\hNDxkhV.exe
  C:\Windows\System\hNDxkhV.exe
  2⤵
  PID:4148
- C:\Windows\System\CVWGyJi.exe
  C:\Windows\System\CVWGyJi.exe
  2⤵
  PID:4168
- C:\Windows\System\BXWfycg.exe
  C:\Windows\System\BXWfycg.exe
  2⤵
  PID:4188
- C:\Windows\System\sxDQRWq.exe
  C:\Windows\System\sxDQRWq.exe
  2⤵
  PID:4220
- C:\Windows\System\sWRkfwn.exe
  C:\Windows\System\sWRkfwn.exe
  2⤵
  PID:4236
- C:\Windows\System\vkBoLuw.exe
  C:\Windows\System\vkBoLuw.exe
  2⤵
  PID:4252
- C:\Windows\System\GdCAJGS.exe
  C:\Windows\System\GdCAJGS.exe
  2⤵
  PID:4268
- C:\Windows\System\pETPKjF.exe
  C:\Windows\System\pETPKjF.exe
  2⤵
  PID:4288
- C:\Windows\System\NOETixK.exe
  C:\Windows\System\NOETixK.exe
  2⤵
  PID:4312
- C:\Windows\System\UwzEIln.exe
  C:\Windows\System\UwzEIln.exe
  2⤵
  PID:4328
- C:\Windows\System\yRWNhmu.exe
  C:\Windows\System\yRWNhmu.exe
  2⤵
  PID:4344
- C:\Windows\System\dLlUpzb.exe
  C:\Windows\System\dLlUpzb.exe
  2⤵
  PID:4360
- C:\Windows\System\tVWUOmt.exe
  C:\Windows\System\tVWUOmt.exe
  2⤵
  PID:4376
- C:\Windows\System\SxlbVQJ.exe
  C:\Windows\System\SxlbVQJ.exe
  2⤵
  PID:4404
- C:\Windows\System\HvbYUxT.exe
  C:\Windows\System\HvbYUxT.exe
  2⤵
  PID:4420
- C:\Windows\System\PcgWlSh.exe
  C:\Windows\System\PcgWlSh.exe
  2⤵
  PID:4440
- C:\Windows\System\phojUaK.exe
  C:\Windows\System\phojUaK.exe
  2⤵
  PID:4456
- C:\Windows\System\ODCsUNM.exe
  C:\Windows\System\ODCsUNM.exe
  2⤵
  PID:4476
- C:\Windows\System\UlrsTHC.exe
  C:\Windows\System\UlrsTHC.exe
  2⤵
  PID:4492
- C:\Windows\System\aRxpCaJ.exe
  C:\Windows\System\aRxpCaJ.exe
  2⤵
  PID:4508
- C:\Windows\System\ujOTOZL.exe
  C:\Windows\System\ujOTOZL.exe
  2⤵
  PID:4524
- C:\Windows\System\HGAmOFw.exe
  C:\Windows\System\HGAmOFw.exe
  2⤵
  PID:4564
- C:\Windows\System\TQZRTkx.exe
  C:\Windows\System\TQZRTkx.exe
  2⤵
  PID:4580
- C:\Windows\System\DdOPAZN.exe
  C:\Windows\System\DdOPAZN.exe
  2⤵
  PID:4600
- C:\Windows\System\SRKHNDe.exe
  C:\Windows\System\SRKHNDe.exe
  2⤵
  PID:4620
- C:\Windows\System\uxeMhvh.exe
  C:\Windows\System\uxeMhvh.exe
  2⤵
  PID:4636
- C:\Windows\System\PUDEDCQ.exe
  C:\Windows\System\PUDEDCQ.exe
  2⤵
  PID:4652
- C:\Windows\System\GKbUyTy.exe
  C:\Windows\System\GKbUyTy.exe
  2⤵
  PID:4668
- C:\Windows\System\QONObRB.exe
  C:\Windows\System\QONObRB.exe
  2⤵
  PID:4684
- C:\Windows\System\OQNhNCF.exe
  C:\Windows\System\OQNhNCF.exe
  2⤵
  PID:4700
- C:\Windows\System\uqNMOmV.exe
  C:\Windows\System\uqNMOmV.exe
  2⤵
  PID:4716
- C:\Windows\System\RyJOtMG.exe
  C:\Windows\System\RyJOtMG.exe
  2⤵
  PID:4732
- C:\Windows\System\MvsQsGS.exe
  C:\Windows\System\MvsQsGS.exe
  2⤵
  PID:4748
- C:\Windows\System\fYnJfRF.exe
  C:\Windows\System\fYnJfRF.exe
  2⤵
  PID:4764
- C:\Windows\System\kyldPWa.exe
  C:\Windows\System\kyldPWa.exe
  2⤵
  PID:4780
- C:\Windows\System\eLRArcv.exe
  C:\Windows\System\eLRArcv.exe
  2⤵
  PID:4836
- C:\Windows\System\XmRwuET.exe
  C:\Windows\System\XmRwuET.exe
  2⤵
  PID:4852
- C:\Windows\System\owMoNTF.exe
  C:\Windows\System\owMoNTF.exe
  2⤵
  PID:4868
- C:\Windows\System\QjEoZLh.exe
  C:\Windows\System\QjEoZLh.exe
  2⤵
  PID:4884
- C:\Windows\System\fDtlaAn.exe
  C:\Windows\System\fDtlaAn.exe
  2⤵
  PID:4908
- C:\Windows\System\xkrtNRz.exe
  C:\Windows\System\xkrtNRz.exe
  2⤵
  PID:4924
- C:\Windows\System\bbbBSWq.exe
  C:\Windows\System\bbbBSWq.exe
  2⤵
  PID:4944
- C:\Windows\System\stAEyPk.exe
  C:\Windows\System\stAEyPk.exe
  2⤵
  PID:4960
- C:\Windows\System\vxgGVMr.exe
  C:\Windows\System\vxgGVMr.exe
  2⤵
  PID:4976
- C:\Windows\System\tgribsn.exe
  C:\Windows\System\tgribsn.exe
  2⤵
  PID:4996
- C:\Windows\System\PuKGOhL.exe
  C:\Windows\System\PuKGOhL.exe
  2⤵
  PID:5016
- C:\Windows\System\vkmqbQB.exe
  C:\Windows\System\vkmqbQB.exe
  2⤵
  PID:5032
- C:\Windows\System\jkLhPyT.exe
  C:\Windows\System\jkLhPyT.exe
  2⤵
  PID:5048
- C:\Windows\System\KvlwYcx.exe
  C:\Windows\System\KvlwYcx.exe
  2⤵
  PID:5068
- C:\Windows\System\uKaYTok.exe
  C:\Windows\System\uKaYTok.exe
  2⤵
  PID:5084
- C:\Windows\System\ebQaffj.exe
  C:\Windows\System\ebQaffj.exe
  2⤵
  PID:3740
- C:\Windows\System\XDRMSti.exe
  C:\Windows\System\XDRMSti.exe
  2⤵
  PID:2628
- C:\Windows\System\wBvywTY.exe
  C:\Windows\System\wBvywTY.exe
  2⤵
  PID:2772
- C:\Windows\System\rDMaSxw.exe
  C:\Windows\System\rDMaSxw.exe
  2⤵
  PID:2624
- C:\Windows\System\hoqlBak.exe
  C:\Windows\System\hoqlBak.exe
  2⤵
  PID:3748
- C:\Windows\System\lrWWbgl.exe
  C:\Windows\System\lrWWbgl.exe
  2⤵
  PID:2920
- C:\Windows\System\AKJqUsC.exe
  C:\Windows\System\AKJqUsC.exe
  2⤵
  PID:4164
- C:\Windows\System\sSCwqkN.exe
  C:\Windows\System\sSCwqkN.exe
  2⤵
  PID:1348
- C:\Windows\System\aaFpzuv.exe
  C:\Windows\System\aaFpzuv.exe
  2⤵
  PID:4244
- C:\Windows\System\fZEyTOV.exe
  C:\Windows\System\fZEyTOV.exe
  2⤵
  PID:4100
- C:\Windows\System\RIJfcMn.exe
  C:\Windows\System\RIJfcMn.exe
  2⤵
  PID:4264
- C:\Windows\System\JLRMmzY.exe
  C:\Windows\System\JLRMmzY.exe
  2⤵
  PID:4396
- C:\Windows\System\bPYiOdA.exe
  C:\Windows\System\bPYiOdA.exe
  2⤵
  PID:4432
- C:\Windows\System\btKtnxw.exe
  C:\Windows\System\btKtnxw.exe
  2⤵
  PID:4464
- C:\Windows\System\jZLZFnM.exe
  C:\Windows\System\jZLZFnM.exe
  2⤵
  PID:1672
- C:\Windows\System\iVEipzo.exe
  C:\Windows\System\iVEipzo.exe
  2⤵
  PID:4544
- C:\Windows\System\hsqqSGZ.exe
  C:\Windows\System\hsqqSGZ.exe
  2⤵
  PID:4560
- C:\Windows\System\gcmfNra.exe
  C:\Windows\System\gcmfNra.exe
  2⤵
  PID:3864
- C:\Windows\System\hDrYAUy.exe
  C:\Windows\System\hDrYAUy.exe
  2⤵
  PID:4592
- C:\Windows\System\fvTTAXZ.exe
  C:\Windows\System\fvTTAXZ.exe
  2⤵
  PID:4228
- C:\Windows\System\wHbfNwW.exe
  C:\Windows\System\wHbfNwW.exe
  2⤵
  PID:4628
- C:\Windows\System\lfGnXUd.exe
  C:\Windows\System\lfGnXUd.exe
  2⤵
  PID:4692
- C:\Windows\System\GYYuyEm.exe
  C:\Windows\System\GYYuyEm.exe
  2⤵
  PID:4340
- C:\Windows\System\hYwGqwZ.exe
  C:\Windows\System\hYwGqwZ.exe
  2⤵
  PID:1804
- C:\Windows\System\xAyhEWw.exe
  C:\Windows\System\xAyhEWw.exe
  2⤵
  PID:4788
- C:\Windows\System\toEjfRR.exe
  C:\Windows\System\toEjfRR.exe
  2⤵
  PID:4804
- C:\Windows\System\NGzDapp.exe
  C:\Windows\System\NGzDapp.exe
  2⤵
  PID:4824
- C:\Windows\System\obrWAuQ.exe
  C:\Windows\System\obrWAuQ.exe
  2⤵
  PID:4712
- C:\Windows\System\MiYoRqM.exe
  C:\Windows\System\MiYoRqM.exe
  2⤵
  PID:4452
- C:\Windows\System\OZKbljA.exe
  C:\Windows\System\OZKbljA.exe
  2⤵
  PID:4936
- C:\Windows\System\cLjmliX.exe
  C:\Windows\System\cLjmliX.exe
  2⤵
  PID:2640
- C:\Windows\System\qVNMoqu.exe
  C:\Windows\System\qVNMoqu.exe
  2⤵
  PID:5044
- C:\Windows\System\eycZIHa.exe
  C:\Windows\System\eycZIHa.exe
  2⤵
  PID:4676
- C:\Windows\System\nRWrQMy.exe
  C:\Windows\System\nRWrQMy.exe
  2⤵
  PID:4740
- C:\Windows\System\LzjnKtb.exe
  C:\Windows\System\LzjnKtb.exe
  2⤵
  PID:4612
- C:\Windows\System\WwPDQeh.exe
  C:\Windows\System\WwPDQeh.exe
  2⤵
  PID:4776
- C:\Windows\System\mMevShH.exe
  C:\Windows\System\mMevShH.exe
  2⤵
  PID:4876
- C:\Windows\System\ttlDeYf.exe
  C:\Windows\System\ttlDeYf.exe
  2⤵
  PID:4952
- C:\Windows\System\tXmaxFq.exe
  C:\Windows\System\tXmaxFq.exe
  2⤵
  PID:4992
- C:\Windows\System\fYKGiqs.exe
  C:\Windows\System\fYKGiqs.exe
  2⤵
  PID:5060
- C:\Windows\System\oTqyGuM.exe
  C:\Windows\System\oTqyGuM.exe
  2⤵
  PID:3780
- C:\Windows\System\dTUUVZf.exe
  C:\Windows\System\dTUUVZf.exe
  2⤵
  PID:3404
- C:\Windows\System\xISKKpH.exe
  C:\Windows\System\xISKKpH.exe
  2⤵
  PID:2492
- C:\Windows\System\hXlKeRs.exe
  C:\Windows\System\hXlKeRs.exe
  2⤵
  PID:1228
- C:\Windows\System\PhwVKwz.exe
  C:\Windows\System\PhwVKwz.exe
  2⤵
  PID:2136
- C:\Windows\System\lHGlRSX.exe
  C:\Windows\System\lHGlRSX.exe
  2⤵
  PID:2428
- C:\Windows\System\ukcMimL.exe
  C:\Windows\System\ukcMimL.exe
  2⤵
  PID:1580
- C:\Windows\System\XzZSHOF.exe
  C:\Windows\System\XzZSHOF.exe
  2⤵
  PID:3976
- C:\Windows\System\KDkqjuT.exe
  C:\Windows\System\KDkqjuT.exe
  2⤵
  PID:4120
- C:\Windows\System\cpeaiZr.exe
  C:\Windows\System\cpeaiZr.exe
  2⤵
  PID:2600
- C:\Windows\System\OHLnHeq.exe
  C:\Windows\System\OHLnHeq.exe
  2⤵
  PID:2604
- C:\Windows\System\fVOvSqE.exe
  C:\Windows\System\fVOvSqE.exe
  2⤵
  PID:3216
- C:\Windows\System\yzeTdda.exe
  C:\Windows\System\yzeTdda.exe
  2⤵
  PID:4284
- C:\Windows\System\hSblDLT.exe
  C:\Windows\System\hSblDLT.exe
  2⤵
  PID:4384
- C:\Windows\System\QyZqTkz.exe
  C:\Windows\System\QyZqTkz.exe
  2⤵
  PID:4144
- C:\Windows\System\SDrGoGA.exe
  C:\Windows\System\SDrGoGA.exe
  2⤵
  PID:4552
- C:\Windows\System\xvgZjmj.exe
  C:\Windows\System\xvgZjmj.exe
  2⤵
  PID:4540
- C:\Windows\System\ysDBgoO.exe
  C:\Windows\System\ysDBgoO.exe
  2⤵
  PID:4596
- C:\Windows\System\iDthIao.exe
  C:\Windows\System\iDthIao.exe
  2⤵
  PID:4392
- C:\Windows\System\UEefHvZ.exe
  C:\Windows\System\UEefHvZ.exe
  2⤵
  PID:1728
- C:\Windows\System\GCRIbqF.exe
  C:\Windows\System\GCRIbqF.exe
  2⤵
  PID:4664
- C:\Windows\System\fjRfxad.exe
  C:\Windows\System\fjRfxad.exe
  2⤵
  PID:4556
- C:\Windows\System\IKojCLr.exe
  C:\Windows\System\IKojCLr.exe
  2⤵
  PID:4708
- C:\Windows\System\eznsxgM.exe
  C:\Windows\System\eznsxgM.exe
  2⤵
  PID:4904
- C:\Windows\System\ORHukIz.exe
  C:\Windows\System\ORHukIz.exe
  2⤵
  PID:5008
- C:\Windows\System\VyAvHLq.exe
  C:\Windows\System\VyAvHLq.exe
  2⤵
  PID:4756
- C:\Windows\System\XNnhbQM.exe
  C:\Windows\System\XNnhbQM.exe
  2⤵
  PID:4816
- C:\Windows\System\EbLyMBC.exe
  C:\Windows\System\EbLyMBC.exe
  2⤵
  PID:4304
- C:\Windows\System\kNLHFxq.exe
  C:\Windows\System\kNLHFxq.exe
  2⤵
  PID:4916
- C:\Windows\System\WzUUJVs.exe
  C:\Windows\System\WzUUJVs.exe
  2⤵
  PID:5056
- C:\Windows\System\FHPGjqF.exe
  C:\Windows\System\FHPGjqF.exe
  2⤵
  PID:3612
- C:\Windows\System\zhplKRZ.exe
  C:\Windows\System\zhplKRZ.exe
  2⤵
  PID:3444
- C:\Windows\System\HXhDkxV.exe
  C:\Windows\System\HXhDkxV.exe
  2⤵
  PID:3880
- C:\Windows\System\pXUOESg.exe
  C:\Windows\System\pXUOESg.exe
  2⤵
  PID:4248
- C:\Windows\System\YQTwFDq.exe
  C:\Windows\System\YQTwFDq.exe
  2⤵
  PID:4428
- C:\Windows\System\xcnLqKu.exe
  C:\Windows\System\xcnLqKu.exe
  2⤵
  PID:2060
- C:\Windows\System\GOxxITh.exe
  C:\Windows\System\GOxxITh.exe
  2⤵
  PID:4724
- C:\Windows\System\UcYxNSI.exe
  C:\Windows\System\UcYxNSI.exe
  2⤵
  PID:4808
- C:\Windows\System\JInsQlF.exe
  C:\Windows\System\JInsQlF.exe
  2⤵
  PID:2744
- C:\Windows\System\fGIoqrl.exe
  C:\Windows\System\fGIoqrl.exe
  2⤵
  PID:4516
- C:\Windows\System\pYsSRbm.exe
  C:\Windows\System\pYsSRbm.exe
  2⤵
  PID:2388
- C:\Windows\System\QhtfOZZ.exe
  C:\Windows\System\QhtfOZZ.exe
  2⤵
  PID:5064
- C:\Windows\System\LkYdcDm.exe
  C:\Windows\System\LkYdcDm.exe
  2⤵
  PID:2636
- C:\Windows\System\BhpTtYc.exe
  C:\Windows\System\BhpTtYc.exe
  2⤵
  PID:5124
- C:\Windows\System\yYkeiss.exe
  C:\Windows\System\yYkeiss.exe
  2⤵
  PID:5140
- C:\Windows\System\lTvKIIx.exe
  C:\Windows\System\lTvKIIx.exe
  2⤵
  PID:5156
- C:\Windows\System\KGcogfd.exe
  C:\Windows\System\KGcogfd.exe
  2⤵
  PID:5172
- C:\Windows\System\uoXBnuA.exe
  C:\Windows\System\uoXBnuA.exe
  2⤵
  PID:5208
- C:\Windows\System\SrjHXoi.exe
  C:\Windows\System\SrjHXoi.exe
  2⤵
  PID:5288
- C:\Windows\System\gQcVrMV.exe
  C:\Windows\System\gQcVrMV.exe
  2⤵
  PID:5304
- C:\Windows\System\rcagFGV.exe
  C:\Windows\System\rcagFGV.exe
  2⤵
  PID:5336
- C:\Windows\System\KMOdfsp.exe
  C:\Windows\System\KMOdfsp.exe
  2⤵
  PID:5352
- C:\Windows\System\ZrijMLL.exe
  C:\Windows\System\ZrijMLL.exe
  2⤵
  PID:5376
- C:\Windows\System\KOJilPw.exe
  C:\Windows\System\KOJilPw.exe
  2⤵
  PID:5392
- C:\Windows\System\yvdYHqB.exe
  C:\Windows\System\yvdYHqB.exe
  2⤵
  PID:5408
- C:\Windows\System\GJDxoZD.exe
  C:\Windows\System\GJDxoZD.exe
  2⤵
  PID:5428
- C:\Windows\System\cgCYkGC.exe
  C:\Windows\System\cgCYkGC.exe
  2⤵
  PID:5448
- C:\Windows\System\PHncovB.exe
  C:\Windows\System\PHncovB.exe
  2⤵
  PID:5464
- C:\Windows\System\VHSdMgQ.exe
  C:\Windows\System\VHSdMgQ.exe
  2⤵
  PID:5496
- C:\Windows\System\fqmDCso.exe
  C:\Windows\System\fqmDCso.exe
  2⤵
  PID:5512
- C:\Windows\System\xTyJrya.exe
  C:\Windows\System\xTyJrya.exe
  2⤵
  PID:5528
- C:\Windows\System\IWTvjGK.exe
  C:\Windows\System\IWTvjGK.exe
  2⤵
  PID:5544
- C:\Windows\System\LHSwPzb.exe
  C:\Windows\System\LHSwPzb.exe
  2⤵
  PID:5580
- C:\Windows\System\xvoiWcj.exe
  C:\Windows\System\xvoiWcj.exe
  2⤵
  PID:5600
- C:\Windows\System\bfbNxZM.exe
  C:\Windows\System\bfbNxZM.exe
  2⤵
  PID:5620
- C:\Windows\System\jOBfqzr.exe
  C:\Windows\System\jOBfqzr.exe
  2⤵
  PID:5636
- C:\Windows\System\ANsoxDJ.exe
  C:\Windows\System\ANsoxDJ.exe
  2⤵
  PID:5652
- C:\Windows\System\OARbsVa.exe
  C:\Windows\System\OARbsVa.exe
  2⤵
  PID:5680
- C:\Windows\System\nXPmXrK.exe
  C:\Windows\System\nXPmXrK.exe
  2⤵
  PID:5696
- C:\Windows\System\ykVpgah.exe
  C:\Windows\System\ykVpgah.exe
  2⤵
  PID:5712
- C:\Windows\System\LgnXpKJ.exe
  C:\Windows\System\LgnXpKJ.exe
  2⤵
  PID:5728
- C:\Windows\System\pTeVeak.exe
  C:\Windows\System\pTeVeak.exe
  2⤵
  PID:5748
- C:\Windows\System\FcBOlUJ.exe
  C:\Windows\System\FcBOlUJ.exe
  2⤵
  PID:5780
- C:\Windows\System\eKQvWLQ.exe
  C:\Windows\System\eKQvWLQ.exe
  2⤵
  PID:5796
- C:\Windows\System\fMejquK.exe
  C:\Windows\System\fMejquK.exe
  2⤵
  PID:5812
- C:\Windows\System\FUICQas.exe
  C:\Windows\System\FUICQas.exe
  2⤵
  PID:5828
- C:\Windows\System\klPRTWN.exe
  C:\Windows\System\klPRTWN.exe
  2⤵
  PID:5848
- C:\Windows\System\diMKvIr.exe
  C:\Windows\System\diMKvIr.exe
  2⤵
  PID:5880
- C:\Windows\System\BvvejIV.exe
  C:\Windows\System\BvvejIV.exe
  2⤵
  PID:5896
- C:\Windows\System\GPpwVxv.exe
  C:\Windows\System\GPpwVxv.exe
  2⤵
  PID:5916
- C:\Windows\System\elzwQfX.exe
  C:\Windows\System\elzwQfX.exe
  2⤵
  PID:5932
- C:\Windows\System\JJrvUVb.exe
  C:\Windows\System\JJrvUVb.exe
  2⤵
  PID:5948
- C:\Windows\System\gjGDxXe.exe
  C:\Windows\System\gjGDxXe.exe
  2⤵
  PID:5972
- C:\Windows\System\nbWnBxl.exe
  C:\Windows\System\nbWnBxl.exe
  2⤵
  PID:5988
- C:\Windows\System\ISNhBIH.exe
  C:\Windows\System\ISNhBIH.exe
  2⤵
  PID:6004
- C:\Windows\System\cniTRma.exe
  C:\Windows\System\cniTRma.exe
  2⤵
  PID:6028
- C:\Windows\System\mgnVsBj.exe
  C:\Windows\System\mgnVsBj.exe
  2⤵
  PID:6048
- C:\Windows\System\DVRLJGv.exe
  C:\Windows\System\DVRLJGv.exe
  2⤵
  PID:6064
- C:\Windows\System\QrJbbsH.exe
  C:\Windows\System\QrJbbsH.exe
  2⤵
  PID:6088
- C:\Windows\System\PjYOeOM.exe
  C:\Windows\System\PjYOeOM.exe
  2⤵
  PID:6104
- C:\Windows\System\wiRONMJ.exe
  C:\Windows\System\wiRONMJ.exe
  2⤵
  PID:6120
- C:\Windows\System\VSeSbAK.exe
  C:\Windows\System\VSeSbAK.exe
  2⤵
  PID:6140
- C:\Windows\System\ylzsOxX.exe
  C:\Windows\System\ylzsOxX.exe
  2⤵
  PID:3632
- C:\Windows\System\zQtQmbT.exe
  C:\Windows\System\zQtQmbT.exe
  2⤵
  PID:4296
- C:\Windows\System\gDhTjZF.exe
  C:\Windows\System\gDhTjZF.exe
  2⤵
  PID:5148
- C:\Windows\System\QJigSPA.exe
  C:\Windows\System\QJigSPA.exe
  2⤵
  PID:5196
- C:\Windows\System\SxzPszv.exe
  C:\Windows\System\SxzPszv.exe
  2⤵
  PID:2156
- C:\Windows\System\foBlBLI.exe
  C:\Windows\System\foBlBLI.exe
  2⤵
  PID:4308
- C:\Windows\System\rgvemMK.exe
  C:\Windows\System\rgvemMK.exe
  2⤵
  PID:4820
- C:\Windows\System\gVKtqNL.exe
  C:\Windows\System\gVKtqNL.exe
  2⤵
  PID:2324
- C:\Windows\System\LLmkEvQ.exe
  C:\Windows\System\LLmkEvQ.exe
  2⤵
  PID:4068
- C:\Windows\System\JAkKFuv.exe
  C:\Windows\System\JAkKFuv.exe
  2⤵
  PID:4324
- C:\Windows\System\ZGmTAEx.exe
  C:\Windows\System\ZGmTAEx.exe
  2⤵
  PID:2752
- C:\Windows\System\CoiIrHD.exe
  C:\Windows\System\CoiIrHD.exe
  2⤵
  PID:2120
- C:\Windows\System\jqshnPf.exe
  C:\Windows\System\jqshnPf.exe
  2⤵
  PID:2476
- C:\Windows\System\IlhCxzR.exe
  C:\Windows\System\IlhCxzR.exe
  2⤵
  PID:5076
- C:\Windows\System\yLiQSlS.exe
  C:\Windows\System\yLiQSlS.exe
  2⤵
  PID:4488
- C:\Windows\System\HVLKrmq.exe
  C:\Windows\System\HVLKrmq.exe
  2⤵
  PID:4276
- C:\Windows\System\bQaIgAw.exe
  C:\Windows\System\bQaIgAw.exe
  2⤵
  PID:5168
- C:\Windows\System\DLOeESB.exe
  C:\Windows\System\DLOeESB.exe
  2⤵
  PID:5200
- C:\Windows\System\GioOWrG.exe
  C:\Windows\System\GioOWrG.exe
  2⤵
  PID:1096
- C:\Windows\System\tERKsPG.exe
  C:\Windows\System\tERKsPG.exe
  2⤵
  PID:904
- C:\Windows\System\QzjbxpE.exe
  C:\Windows\System\QzjbxpE.exe
  2⤵
  PID:5228
- C:\Windows\System\GbgfsnP.exe
  C:\Windows\System\GbgfsnP.exe
  2⤵
  PID:2364
- C:\Windows\System\OGkWrjZ.exe
  C:\Windows\System\OGkWrjZ.exe
  2⤵
  PID:5244
- C:\Windows\System\PTYTsjk.exe
  C:\Windows\System\PTYTsjk.exe
  2⤵
  PID:5260
- C:\Windows\System\kHfKAOQ.exe
  C:\Windows\System\kHfKAOQ.exe
  2⤵
  PID:2028
- C:\Windows\System\rIzenyc.exe
  C:\Windows\System\rIzenyc.exe
  2⤵
  PID:1800
- C:\Windows\System\LXIaiMm.exe
  C:\Windows\System\LXIaiMm.exe
  2⤵
  PID:5324
- C:\Windows\System\kVawqLp.exe
  C:\Windows\System\kVawqLp.exe
  2⤵
  PID:1656
- C:\Windows\System\YLrUvTO.exe
  C:\Windows\System\YLrUvTO.exe
  2⤵
  PID:876
- C:\Windows\System\WjRpdaO.exe
  C:\Windows\System\WjRpdaO.exe
  2⤵
  PID:956
- C:\Windows\System\clrdCdw.exe
  C:\Windows\System\clrdCdw.exe
  2⤵
  PID:1920
- C:\Windows\System\rGVDqul.exe
  C:\Windows\System\rGVDqul.exe
  2⤵
  PID:1896
- C:\Windows\System\nkqikBA.exe
  C:\Windows\System\nkqikBA.exe
  2⤵
  PID:5472
- C:\Windows\System\ormeUGh.exe
  C:\Windows\System\ormeUGh.exe
  2⤵
  PID:5484
- C:\Windows\System\AGCyheW.exe
  C:\Windows\System\AGCyheW.exe
  2⤵
  PID:5312
- C:\Windows\System\MToTVgL.exe
  C:\Windows\System\MToTVgL.exe
  2⤵
  PID:5560
- C:\Windows\System\WPyCbOE.exe
  C:\Windows\System\WPyCbOE.exe
  2⤵
  PID:5420
- C:\Windows\System\YdhKwvU.exe
  C:\Windows\System\YdhKwvU.exe
  2⤵
  PID:5536
- C:\Windows\System\EgFfPcn.exe
  C:\Windows\System\EgFfPcn.exe
  2⤵
  PID:5588
- C:\Windows\System\nDSLfVp.exe
  C:\Windows\System\nDSLfVp.exe
  2⤵
  PID:5644
- C:\Windows\System\PLCrKjU.exe
  C:\Windows\System\PLCrKjU.exe
  2⤵
  PID:5660
- C:\Windows\System\pWifWGr.exe
  C:\Windows\System\pWifWGr.exe
  2⤵
  PID:5672
- C:\Windows\System\nzfVhoF.exe
  C:\Windows\System\nzfVhoF.exe
  2⤵
  PID:5692
- C:\Windows\System\IHhJBFQ.exe
  C:\Windows\System\IHhJBFQ.exe
  2⤵
  PID:5764
- C:\Windows\System\RmkTzhW.exe
  C:\Windows\System\RmkTzhW.exe
  2⤵
  PID:5740
- C:\Windows\System\WlVwHGk.exe
  C:\Windows\System\WlVwHGk.exe
  2⤵
  PID:5736
- C:\Windows\System\obIJllt.exe
  C:\Windows\System\obIJllt.exe
  2⤵
  PID:5804
- C:\Windows\System\DiCVnKe.exe
  C:\Windows\System\DiCVnKe.exe
  2⤵
  PID:5844
- C:\Windows\System\QmlDBta.exe
  C:\Windows\System\QmlDBta.exe
  2⤵
  PID:5892
- C:\Windows\System\VWWROET.exe
  C:\Windows\System\VWWROET.exe
  2⤵
  PID:5960
- C:\Windows\System\qrtiYgl.exe
  C:\Windows\System\qrtiYgl.exe
  2⤵
  PID:5968
- C:\Windows\System\kUCohLx.exe
  C:\Windows\System\kUCohLx.exe
  2⤵
  PID:6036
- C:\Windows\System\tvXAbXT.exe
  C:\Windows\System\tvXAbXT.exe
  2⤵
  PID:6076
- C:\Windows\System\zVHpFST.exe
  C:\Windows\System\zVHpFST.exe
  2⤵
  PID:5860
- C:\Windows\System\jYkVFmA.exe
  C:\Windows\System\jYkVFmA.exe
  2⤵
  PID:5980
- C:\Windows\System\tmTPxJT.exe
  C:\Windows\System\tmTPxJT.exe
  2⤵
  PID:5188
- C:\Windows\System\plINXaL.exe
  C:\Windows\System\plINXaL.exe
  2⤵
  PID:4196
- C:\Windows\System\RjBYNTo.exe
  C:\Windows\System\RjBYNTo.exe
  2⤵
  PID:4648
- C:\Windows\System\iYKmgxR.exe
  C:\Windows\System\iYKmgxR.exe
  2⤵
  PID:6024
- C:\Windows\System\lHyeugP.exe
  C:\Windows\System\lHyeugP.exe
  2⤵
  PID:6096
- C:\Windows\System\yWlrmXj.exe
  C:\Windows\System\yWlrmXj.exe
  2⤵
  PID:6136
- C:\Windows\System\frHVdOs.exe
  C:\Windows\System\frHVdOs.exe
  2⤵
  PID:4104
- C:\Windows\System\GXloHvq.exe
  C:\Windows\System\GXloHvq.exe
  2⤵
  PID:5192
- C:\Windows\System\hXiOPxE.exe
  C:\Windows\System\hXiOPxE.exe
  2⤵
  PID:5012
- C:\Windows\System\vEEJsyq.exe
  C:\Windows\System\vEEJsyq.exe
  2⤵
  PID:5576
- C:\Windows\System\Oewtupa.exe
  C:\Windows\System\Oewtupa.exe
  2⤵
  PID:5724
- C:\Windows\System\XhYOMkg.exe
  C:\Windows\System\XhYOMkg.exe
  2⤵
  PID:5776
- C:\Windows\System\WdxEYFb.exe
  C:\Windows\System\WdxEYFb.exe
  2⤵
  PID:5616
- C:\Windows\System\GsklosB.exe
  C:\Windows\System\GsklosB.exe
  2⤵
  PID:5632
- C:\Windows\System\IkmYkVn.exe
  C:\Windows\System\IkmYkVn.exe
  2⤵
  PID:5704
- C:\Windows\System\YttzhxK.exe
  C:\Windows\System\YttzhxK.exe
  2⤵
  PID:5956
- C:\Windows\System\ikQTIOl.exe
  C:\Windows\System\ikQTIOl.exe
  2⤵
  PID:6000
- C:\Windows\System\IzPDBzc.exe
  C:\Windows\System\IzPDBzc.exe
  2⤵
  PID:6112
- C:\Windows\System\sUysdFL.exe
  C:\Windows\System\sUysdFL.exe
  2⤵
  PID:4576
- C:\Windows\System\wGeCVUC.exe
  C:\Windows\System\wGeCVUC.exe
  2⤵
  PID:5028
- C:\Windows\System\dbyRvRc.exe
  C:\Windows\System\dbyRvRc.exe
  2⤵
  PID:4984
- C:\Windows\System\KUKkNmd.exe
  C:\Windows\System\KUKkNmd.exe
  2⤵
  PID:4900
- C:\Windows\System\GoQAQSw.exe
  C:\Windows\System\GoQAQSw.exe
  2⤵
  PID:6020
- C:\Windows\System\ytjBtxh.exe
  C:\Windows\System\ytjBtxh.exe
  2⤵
  PID:5164
- C:\Windows\System\EwRkrtd.exe
  C:\Windows\System\EwRkrtd.exe
  2⤵
  PID:4844
- C:\Windows\System\PmPuDpW.exe
  C:\Windows\System\PmPuDpW.exe
  2⤵
  PID:4300
- C:\Windows\System\qwLvqXp.exe
  C:\Windows\System\qwLvqXp.exe
  2⤵
  PID:3832
- C:\Windows\System\MFtMBDV.exe
  C:\Windows\System\MFtMBDV.exe
  2⤵
  PID:2352
- C:\Windows\System\tOsdTSU.exe
  C:\Windows\System\tOsdTSU.exe
  2⤵
  PID:5220
- C:\Windows\System\kkNcWky.exe
  C:\Windows\System\kkNcWky.exe
  2⤵
  PID:5224
- C:\Windows\System\QAMtNyH.exe
  C:\Windows\System\QAMtNyH.exe
  2⤵
  PID:5272
- C:\Windows\System\NVHaZxV.exe
  C:\Windows\System\NVHaZxV.exe
  2⤵
  PID:5248
- C:\Windows\System\XcTNuSV.exe
  C:\Windows\System\XcTNuSV.exe
  2⤵
  PID:1420
- C:\Windows\System\fxcsyJI.exe
  C:\Windows\System\fxcsyJI.exe
  2⤵
  PID:2312
- C:\Windows\System\GHTwEnw.exe
  C:\Windows\System\GHTwEnw.exe
  2⤵
  PID:5444
- C:\Windows\System\TMznaZR.exe
  C:\Windows\System\TMznaZR.exe
  2⤵
  PID:4968
- C:\Windows\System\HFwdkUG.exe
  C:\Windows\System\HFwdkUG.exe
  2⤵
  PID:5792
- C:\Windows\System\piCPZQz.exe
  C:\Windows\System\piCPZQz.exe
  2⤵
  PID:5708
- C:\Windows\System\kGLWaKa.exe
  C:\Windows\System\kGLWaKa.exe
  2⤵
  PID:5720
- C:\Windows\System\MSmibdV.exe
  C:\Windows\System\MSmibdV.exe
  2⤵
  PID:2068
- C:\Windows\System\blsfvtI.exe
  C:\Windows\System\blsfvtI.exe
  2⤵
  PID:5996
- C:\Windows\System\sEvGuMs.exe
  C:\Windows\System\sEvGuMs.exe
  2⤵
  PID:4892
- C:\Windows\System\NhIWzho.exe
  C:\Windows\System\NhIWzho.exe
  2⤵
  PID:4760
- C:\Windows\System\xnyYhKU.exe
  C:\Windows\System\xnyYhKU.exe
  2⤵
  PID:560
- C:\Windows\System\xHmKwyO.exe
  C:\Windows\System\xHmKwyO.exe
  2⤵
  PID:6132
- C:\Windows\System\vIoljKU.exe
  C:\Windows\System\vIoljKU.exe
  2⤵
  PID:3096
- C:\Windows\System\dBWtIqM.exe
  C:\Windows\System\dBWtIqM.exe
  2⤵
  PID:4180
- C:\Windows\System\xTQJobl.exe
  C:\Windows\System\xTQJobl.exe
  2⤵
  PID:5268
- C:\Windows\System\XeOHcxX.exe
  C:\Windows\System\XeOHcxX.exe
  2⤵
  PID:5368
- C:\Windows\System\xqavVbQ.exe
  C:\Windows\System\xqavVbQ.exe
  2⤵
  PID:5332
- C:\Windows\System\IFFOHbl.exe
  C:\Windows\System\IFFOHbl.exe
  2⤵
  PID:5572
- C:\Windows\System\eZXQjSU.exe
  C:\Windows\System\eZXQjSU.exe
  2⤵
  PID:5404
- C:\Windows\System\VwqDyuE.exe
  C:\Windows\System\VwqDyuE.exe
  2⤵
  PID:5388
- C:\Windows\System\qUxxsBj.exe
  C:\Windows\System\qUxxsBj.exe
  2⤵
  PID:4336
- C:\Windows\System\avfABpy.exe
  C:\Windows\System\avfABpy.exe
  2⤵
  PID:5820
- C:\Windows\System\myrpeDd.exe
  C:\Windows\System\myrpeDd.exe
  2⤵
  PID:5824
- C:\Windows\System\PacALbX.exe
  C:\Windows\System\PacALbX.exe
  2⤵
  PID:5872
- C:\Windows\System\MCGkxUR.exe
  C:\Windows\System\MCGkxUR.exe
  2⤵
  PID:5540
- C:\Windows\System\GnyZIuP.exe
  C:\Windows\System\GnyZIuP.exe
  2⤵
  PID:4184
- C:\Windows\System\fVnpitn.exe
  C:\Windows\System\fVnpitn.exe
  2⤵
  PID:2104
- C:\Windows\System\SuNpIHQ.exe
  C:\Windows\System\SuNpIHQ.exe
  2⤵
  PID:948
- C:\Windows\System\ZDWqCeM.exe
  C:\Windows\System\ZDWqCeM.exe
  2⤵
  PID:3012
- C:\Windows\System\wMDvYEk.exe
  C:\Windows\System\wMDvYEk.exe
  2⤵
  PID:5456
- C:\Windows\System\ItlyvUO.exe
  C:\Windows\System\ItlyvUO.exe
  2⤵
  PID:5180
- C:\Windows\System\XznPtgv.exe
  C:\Windows\System\XznPtgv.exe
  2⤵
  PID:5524
- C:\Windows\System\SzfizuR.exe
  C:\Windows\System\SzfizuR.exe
  2⤵
  PID:4896
- C:\Windows\System\sUSHoky.exe
  C:\Windows\System\sUSHoky.exe
  2⤵
  PID:3508
- C:\Windows\System\SzpwFNB.exe
  C:\Windows\System\SzpwFNB.exe
  2⤵
  PID:5888
- C:\Windows\System\VakwxAz.exe
  C:\Windows\System\VakwxAz.exe
  2⤵
  PID:6072
- C:\Windows\System\mOOswZk.exe
  C:\Windows\System\mOOswZk.exe
  2⤵
  PID:5240
- C:\Windows\System\HODjxiz.exe
  C:\Windows\System\HODjxiz.exe
  2⤵
  PID:3448
- C:\Windows\System\gGnBbcu.exe
  C:\Windows\System\gGnBbcu.exe
  2⤵
  PID:6152
- C:\Windows\System\szJdRqc.exe
  C:\Windows\System\szJdRqc.exe
  2⤵
  PID:6168
- C:\Windows\System\EFQmnzP.exe
  C:\Windows\System\EFQmnzP.exe
  2⤵
  PID:6184
- C:\Windows\System\aQMsBVN.exe
  C:\Windows\System\aQMsBVN.exe
  2⤵
  PID:6200
- C:\Windows\System\hpiyeIY.exe
  C:\Windows\System\hpiyeIY.exe
  2⤵
  PID:6216
- C:\Windows\System\pKeqGZz.exe
  C:\Windows\System\pKeqGZz.exe
  2⤵
  PID:6232
- C:\Windows\System\DPacuQD.exe
  C:\Windows\System\DPacuQD.exe
  2⤵
  PID:6248
- C:\Windows\System\zaHaAjM.exe
  C:\Windows\System\zaHaAjM.exe
  2⤵
  PID:6264
- C:\Windows\System\tepJEPu.exe
  C:\Windows\System\tepJEPu.exe
  2⤵
  PID:6280
- C:\Windows\System\gJjxDXK.exe
  C:\Windows\System\gJjxDXK.exe
  2⤵
  PID:6296
- C:\Windows\System\ElZxTvD.exe
  C:\Windows\System\ElZxTvD.exe
  2⤵
  PID:6312
- C:\Windows\System\BVrAQqr.exe
  C:\Windows\System\BVrAQqr.exe
  2⤵
  PID:6328
- C:\Windows\System\nZaoLgC.exe
  C:\Windows\System\nZaoLgC.exe
  2⤵
  PID:6344
- C:\Windows\System\OeIAmha.exe
  C:\Windows\System\OeIAmha.exe
  2⤵
  PID:6360
- C:\Windows\System\eTOitaW.exe
  C:\Windows\System\eTOitaW.exe
  2⤵
  PID:6376
- C:\Windows\System\HBMDhil.exe
  C:\Windows\System\HBMDhil.exe
  2⤵
  PID:6392
- C:\Windows\System\fIhMuIp.exe
  C:\Windows\System\fIhMuIp.exe
  2⤵
  PID:6408
- C:\Windows\System\UerbQQX.exe
  C:\Windows\System\UerbQQX.exe
  2⤵
  PID:6424
- C:\Windows\System\SbpbAKP.exe
  C:\Windows\System\SbpbAKP.exe
  2⤵
  PID:6440
- C:\Windows\System\CdbWsXt.exe
  C:\Windows\System\CdbWsXt.exe
  2⤵
  PID:6456
- C:\Windows\System\myxxGMW.exe
  C:\Windows\System\myxxGMW.exe
  2⤵
  PID:6472
- C:\Windows\System\vEuROfP.exe
  C:\Windows\System\vEuROfP.exe
  2⤵
  PID:6488
- C:\Windows\System\cGVruCo.exe
  C:\Windows\System\cGVruCo.exe
  2⤵
  PID:6504
- C:\Windows\System\IUQHRnS.exe
  C:\Windows\System\IUQHRnS.exe
  2⤵
  PID:6520
- C:\Windows\System\KpVrFzh.exe
  C:\Windows\System\KpVrFzh.exe
  2⤵
  PID:6540
- C:\Windows\System\OhJShDg.exe
  C:\Windows\System\OhJShDg.exe
  2⤵
  PID:6556
- C:\Windows\System\Fiqaotp.exe
  C:\Windows\System\Fiqaotp.exe
  2⤵
  PID:6572
- C:\Windows\System\RKdERvw.exe
  C:\Windows\System\RKdERvw.exe
  2⤵
  PID:6588
- C:\Windows\System\PZvYAQr.exe
  C:\Windows\System\PZvYAQr.exe
  2⤵
  PID:6604
- C:\Windows\System\jnrfZfc.exe
  C:\Windows\System\jnrfZfc.exe
  2⤵
  PID:6620
- C:\Windows\System\ISDyOur.exe
  C:\Windows\System\ISDyOur.exe
  2⤵
  PID:6636
- C:\Windows\System\FAwSZvz.exe
  C:\Windows\System\FAwSZvz.exe
  2⤵
  PID:6652
- C:\Windows\System\GNXNzoO.exe
  C:\Windows\System\GNXNzoO.exe
  2⤵
  PID:6668
- C:\Windows\System\eiwqdoV.exe
  C:\Windows\System\eiwqdoV.exe
  2⤵
  PID:6684
- C:\Windows\System\EKkbGXm.exe
  C:\Windows\System\EKkbGXm.exe
  2⤵
  PID:6700
- C:\Windows\System\zDknOOg.exe
  C:\Windows\System\zDknOOg.exe
  2⤵
  PID:6716
- C:\Windows\System\QrzVRWo.exe
  C:\Windows\System\QrzVRWo.exe
  2⤵
  PID:6732
- C:\Windows\System\OIeLdsm.exe
  C:\Windows\System\OIeLdsm.exe
  2⤵
  PID:6748
- C:\Windows\System\oGHRbls.exe
  C:\Windows\System\oGHRbls.exe
  2⤵
  PID:6764
- C:\Windows\System\gZHUMbq.exe
  C:\Windows\System\gZHUMbq.exe
  2⤵
  PID:6780
- C:\Windows\System\oPqrQhb.exe
  C:\Windows\System\oPqrQhb.exe
  2⤵
  PID:6796
- C:\Windows\System\ZzreFmG.exe
  C:\Windows\System\ZzreFmG.exe
  2⤵
  PID:6812
- C:\Windows\System\rEFfmQu.exe
  C:\Windows\System\rEFfmQu.exe
  2⤵
  PID:6828
- C:\Windows\System\RwnLPwH.exe
  C:\Windows\System\RwnLPwH.exe
  2⤵
  PID:6844
- C:\Windows\System\UBUSNMN.exe
  C:\Windows\System\UBUSNMN.exe
  2⤵
  PID:6860
- C:\Windows\System\aVqfHiA.exe
  C:\Windows\System\aVqfHiA.exe
  2⤵
  PID:6876
- C:\Windows\System\xbdJgvV.exe
  C:\Windows\System\xbdJgvV.exe
  2⤵
  PID:6892
- C:\Windows\System\NkhwENW.exe
  C:\Windows\System\NkhwENW.exe
  2⤵
  PID:6908
- C:\Windows\System\uhJuvLJ.exe
  C:\Windows\System\uhJuvLJ.exe
  2⤵
  PID:6924
- C:\Windows\System\mVnuFxK.exe
  C:\Windows\System\mVnuFxK.exe
  2⤵
  PID:6940
- C:\Windows\System\TAoSCjj.exe
  C:\Windows\System\TAoSCjj.exe
  2⤵
  PID:6956
- C:\Windows\System\pVtfqXk.exe
  C:\Windows\System\pVtfqXk.exe
  2⤵
  PID:6972
- C:\Windows\System\mlSlNCb.exe
  C:\Windows\System\mlSlNCb.exe
  2⤵
  PID:6988
- C:\Windows\System\WExsaCK.exe
  C:\Windows\System\WExsaCK.exe
  2⤵
  PID:7004
- C:\Windows\System\xmTaHMA.exe
  C:\Windows\System\xmTaHMA.exe
  2⤵
  PID:7020
- C:\Windows\System\IVbsDHI.exe
  C:\Windows\System\IVbsDHI.exe
  2⤵
  PID:7036
- C:\Windows\System\ZTsIZFx.exe
  C:\Windows\System\ZTsIZFx.exe
  2⤵
  PID:7052
- C:\Windows\System\HWkGfVF.exe
  C:\Windows\System\HWkGfVF.exe
  2⤵
  PID:7068
- C:\Windows\System\ZLvSAOi.exe
  C:\Windows\System\ZLvSAOi.exe
  2⤵
  PID:7084
- C:\Windows\System\QNpbiLQ.exe
  C:\Windows\System\QNpbiLQ.exe
  2⤵
  PID:7100
- C:\Windows\System\FNERbKP.exe
  C:\Windows\System\FNERbKP.exe
  2⤵
  PID:7116
- C:\Windows\System\mmtHfGX.exe
  C:\Windows\System\mmtHfGX.exe
  2⤵
  PID:7132
- C:\Windows\System\jOyiQch.exe
  C:\Windows\System\jOyiQch.exe
  2⤵
  PID:7152
- C:\Windows\System\OTbhjHL.exe
  C:\Windows\System\OTbhjHL.exe
  2⤵
  PID:5300
- C:\Windows\System\EoLiHUz.exe
  C:\Windows\System\EoLiHUz.exe
  2⤵
  PID:6208
- C:\Windows\System\jWVAXYu.exe
  C:\Windows\System\jWVAXYu.exe
  2⤵
  PID:6272
- C:\Windows\System\jVtSvJu.exe
  C:\Windows\System\jVtSvJu.exe
  2⤵
  PID:6224
- C:\Windows\System\STQMjMU.exe
  C:\Windows\System\STQMjMU.exe
  2⤵
  PID:4772
- C:\Windows\System\SBQpyhv.exe
  C:\Windows\System\SBQpyhv.exe
  2⤵
  PID:6308
- C:\Windows\System\xrSNffb.exe
  C:\Windows\System\xrSNffb.exe
  2⤵
  PID:5372
- C:\Windows\System\FTDtzmW.exe
  C:\Windows\System\FTDtzmW.exe
  2⤵
  PID:6324
- C:\Windows\System\qLcpxCz.exe
  C:\Windows\System\qLcpxCz.exe
  2⤵
  PID:6404
- C:\Windows\System\QgPYNxX.exe
  C:\Windows\System\QgPYNxX.exe
  2⤵
  PID:6384
- C:\Windows\System\AaOWbkU.exe
  C:\Windows\System\AaOWbkU.exe
  2⤵
  PID:6448
- C:\Windows\System\kqavecY.exe
  C:\Windows\System\kqavecY.exe
  2⤵
  PID:6452
- C:\Windows\System\yjtiWmH.exe
  C:\Windows\System\yjtiWmH.exe
  2⤵
  PID:6528
- C:\Windows\System\NuHhKFE.exe
  C:\Windows\System\NuHhKFE.exe
  2⤵
  PID:6516
- C:\Windows\System\UqUUQMI.exe
  C:\Windows\System\UqUUQMI.exe
  2⤵
  PID:6600
- C:\Windows\System\jONVlig.exe
  C:\Windows\System\jONVlig.exe
  2⤵
  PID:6692
- C:\Windows\System\EFUJTiU.exe
  C:\Windows\System\EFUJTiU.exe
  2⤵
  PID:6696
- C:\Windows\System\pIqcilJ.exe
  C:\Windows\System\pIqcilJ.exe
  2⤵
  PID:6548
- C:\Windows\System\zXulWUL.exe
  C:\Windows\System\zXulWUL.exe
  2⤵
  PID:6676
- C:\Windows\System\JzXQxgJ.exe
  C:\Windows\System\JzXQxgJ.exe
  2⤵
  PID:6788
- C:\Windows\System\bbIXpOy.exe
  C:\Windows\System\bbIXpOy.exe
  2⤵
  PID:6852
- C:\Windows\System\jetmrOK.exe
  C:\Windows\System\jetmrOK.exe
  2⤵
  PID:6708
- C:\Windows\System\BCKfgjO.exe
  C:\Windows\System\BCKfgjO.exe
  2⤵
  PID:6772
- C:\Windows\System\hILrhnj.exe
  C:\Windows\System\hILrhnj.exe
  2⤵
  PID:6840
- C:\Windows\System\YSEgJgm.exe
  C:\Windows\System\YSEgJgm.exe
  2⤵
  PID:6916
- C:\Windows\System\RFZisDN.exe
  C:\Windows\System\RFZisDN.exe
  2⤵
  PID:6980
- C:\Windows\System\gDgvCvZ.exe
  C:\Windows\System\gDgvCvZ.exe
  2⤵
  PID:6984
- C:\Windows\System\KabUbFh.exe
  C:\Windows\System\KabUbFh.exe
  2⤵
  PID:7080
- C:\Windows\System\OyBVVxg.exe
  C:\Windows\System\OyBVVxg.exe
  2⤵
  PID:6176
- C:\Windows\System\BsORmDq.exe
  C:\Windows\System\BsORmDq.exe
  2⤵
  PID:5568
- C:\Windows\System\cQRzkNK.exe
  C:\Windows\System\cQRzkNK.exe
  2⤵
  PID:6968
- C:\Windows\System\nuSgvDg.exe
  C:\Windows\System\nuSgvDg.exe
  2⤵
  PID:7028
- C:\Windows\System\dlOSBMT.exe
  C:\Windows\System\dlOSBMT.exe
  2⤵
  PID:7092
- C:\Windows\System\YAHlKxL.exe
  C:\Windows\System\YAHlKxL.exe
  2⤵
  PID:7160
- C:\Windows\System\YKLhUYw.exe
  C:\Windows\System\YKLhUYw.exe
  2⤵
  PID:6192
- C:\Windows\System\DglXvrq.exe
  C:\Windows\System\DglXvrq.exe
  2⤵
  PID:6288
- C:\Windows\System\TfSWMir.exe
  C:\Windows\System\TfSWMir.exe
  2⤵
  PID:6352
- C:\Windows\System\bSDmvby.exe
  C:\Windows\System\bSDmvby.exe
  2⤵
  PID:6292
- C:\Windows\System\RWhZBja.exe
  C:\Windows\System\RWhZBja.exe
  2⤵
  PID:6416
- C:\Windows\System\DsZrqWd.exe
  C:\Windows\System\DsZrqWd.exe
  2⤵
  PID:6480
- C:\Windows\System\OrESVsu.exe
  C:\Windows\System\OrESVsu.exe
  2⤵
  PID:6664
- C:\Windows\System\PPZsHSl.exe
  C:\Windows\System\PPZsHSl.exe
  2⤵
  PID:6884
- C:\Windows\System\nCIxQwA.exe
  C:\Windows\System\nCIxQwA.exe
  2⤵
  PID:6808
- C:\Windows\System\vspznpy.exe
  C:\Windows\System\vspznpy.exe
  2⤵
  PID:7048
- C:\Windows\System\rgiSzfJ.exe
  C:\Windows\System\rgiSzfJ.exe
  2⤵
  PID:7124
- C:\Windows\System\ZoAnNrM.exe
  C:\Windows\System\ZoAnNrM.exe
  2⤵
  PID:6612
- C:\Windows\System\NnTsaoY.exe
  C:\Windows\System\NnTsaoY.exe
  2⤵
  PID:6824
- C:\Windows\System\cXavfMX.exe
  C:\Windows\System\cXavfMX.exe
  2⤵
  PID:6900
- C:\Windows\System\nTfYMlg.exe
  C:\Windows\System\nTfYMlg.exe
  2⤵
  PID:7148
- C:\Windows\System\zipxzGd.exe
  C:\Windows\System\zipxzGd.exe
  2⤵
  PID:7064
- C:\Windows\System\JTBnrfD.exe
  C:\Windows\System\JTBnrfD.exe
  2⤵
  PID:6160
- C:\Windows\System\dRmqQQL.exe
  C:\Windows\System\dRmqQQL.exe
  2⤵
  PID:6244
- C:\Windows\System\JThrmns.exe
  C:\Windows\System\JThrmns.exe
  2⤵
  PID:6400
- C:\Windows\System\INUvRMC.exe
  C:\Windows\System\INUvRMC.exe
  2⤵
  PID:6756
- C:\Windows\System\zvgNXAl.exe
  C:\Windows\System\zvgNXAl.exe
  2⤵
  PID:6888
- C:\Windows\System\nLqrYkN.exe
  C:\Windows\System\nLqrYkN.exe
  2⤵
  PID:6584
- C:\Windows\System\vUXZgmB.exe
  C:\Windows\System\vUXZgmB.exe
  2⤵
  PID:7060
- C:\Windows\System\ISBsyhD.exe
  C:\Windows\System\ISBsyhD.exe
  2⤵
  PID:6212
- C:\Windows\System\HERdWWZ.exe
  C:\Windows\System\HERdWWZ.exe
  2⤵
  PID:7112
- C:\Windows\System\siThOSp.exe
  C:\Windows\System\siThOSp.exe
  2⤵
  PID:6372
- C:\Windows\System\VAyZkxO.exe
  C:\Windows\System\VAyZkxO.exe
  2⤵
  PID:6660
- C:\Windows\System\XNPxSzM.exe
  C:\Windows\System\XNPxSzM.exe
  2⤵
  PID:6820
- C:\Windows\System\ryIAdDL.exe
  C:\Windows\System\ryIAdDL.exe
  2⤵
  PID:6512
- C:\Windows\System\RXEmYLR.exe
  C:\Windows\System\RXEmYLR.exe
  2⤵
  PID:7184
- C:\Windows\System\onLnFFu.exe
  C:\Windows\System\onLnFFu.exe
  2⤵
  PID:7200
- C:\Windows\System\pEFZBXl.exe
  C:\Windows\System\pEFZBXl.exe
  2⤵
  PID:7216
- C:\Windows\System\EncHTmD.exe
  C:\Windows\System\EncHTmD.exe
  2⤵
  PID:7232
- C:\Windows\System\SXCpJTf.exe
  C:\Windows\System\SXCpJTf.exe
  2⤵
  PID:7248
- C:\Windows\System\xuhuFVw.exe
  C:\Windows\System\xuhuFVw.exe
  2⤵
  PID:7268
- C:\Windows\System\uzvgOOY.exe
  C:\Windows\System\uzvgOOY.exe
  2⤵
  PID:7284
- C:\Windows\System\OdTrDEr.exe
  C:\Windows\System\OdTrDEr.exe
  2⤵
  PID:7300
- C:\Windows\System\ZctgIeA.exe
  C:\Windows\System\ZctgIeA.exe
  2⤵
  PID:7316
- C:\Windows\System\kCVLPJc.exe
  C:\Windows\System\kCVLPJc.exe
  2⤵
  PID:7336
- C:\Windows\System\AHoeGxn.exe
  C:\Windows\System\AHoeGxn.exe
  2⤵
  PID:7352
- C:\Windows\System\sEdXUzt.exe
  C:\Windows\System\sEdXUzt.exe
  2⤵
  PID:7368
- C:\Windows\System\OOIsGeM.exe
  C:\Windows\System\OOIsGeM.exe
  2⤵
  PID:7384
- C:\Windows\System\IxaiHon.exe
  C:\Windows\System\IxaiHon.exe
  2⤵
  PID:7400
- C:\Windows\System\BWjDvDY.exe
  C:\Windows\System\BWjDvDY.exe
  2⤵
  PID:7416
- C:\Windows\System\nyLmxKm.exe
  C:\Windows\System\nyLmxKm.exe
  2⤵
  PID:7448
- C:\Windows\System\ByplQUe.exe
  C:\Windows\System\ByplQUe.exe
  2⤵
  PID:7464
- C:\Windows\System\cHoSBbp.exe
  C:\Windows\System\cHoSBbp.exe
  2⤵
  PID:7484
- C:\Windows\System\IVBVupp.exe
  C:\Windows\System\IVBVupp.exe
  2⤵
  PID:7500
- C:\Windows\System\JlNeFVN.exe
  C:\Windows\System\JlNeFVN.exe
  2⤵
  PID:7516
- C:\Windows\System\etlBsXq.exe
  C:\Windows\System\etlBsXq.exe
  2⤵
  PID:7532
- C:\Windows\System\KioGhHa.exe
  C:\Windows\System\KioGhHa.exe
  2⤵
  PID:7548
- C:\Windows\System\DdSbuJj.exe
  C:\Windows\System\DdSbuJj.exe
  2⤵
  PID:7564
- C:\Windows\System\QpMGxOd.exe
  C:\Windows\System\QpMGxOd.exe
  2⤵
  PID:7584
- C:\Windows\System\UjHRgaV.exe
  C:\Windows\System\UjHRgaV.exe
  2⤵
  PID:7600
- C:\Windows\System\frItuZd.exe
  C:\Windows\System\frItuZd.exe
  2⤵
  PID:7616
- C:\Windows\System\IqnHbam.exe
  C:\Windows\System\IqnHbam.exe
  2⤵
  PID:7632
- C:\Windows\System\llboDZZ.exe
  C:\Windows\System\llboDZZ.exe
  2⤵
  PID:7648
- C:\Windows\System\ucRJUya.exe
  C:\Windows\System\ucRJUya.exe
  2⤵
  PID:7664
- C:\Windows\System\LazEnSc.exe
  C:\Windows\System\LazEnSc.exe
  2⤵
  PID:7680
- C:\Windows\System\HOJhuLQ.exe
  C:\Windows\System\HOJhuLQ.exe
  2⤵
  PID:7708
- C:\Windows\System\fzBRThA.exe
  C:\Windows\System\fzBRThA.exe
  2⤵
  PID:7724
- C:\Windows\System\XUDnqrN.exe
  C:\Windows\System\XUDnqrN.exe
  2⤵
  PID:7744
- C:\Windows\System\FEAprKo.exe
  C:\Windows\System\FEAprKo.exe
  2⤵
  PID:7760
- C:\Windows\System\wcAjIJI.exe
  C:\Windows\System\wcAjIJI.exe
  2⤵
  PID:7780
- C:\Windows\System\VdDLkZa.exe
  C:\Windows\System\VdDLkZa.exe
  2⤵
  PID:7796
- C:\Windows\System\FkiilMM.exe
  C:\Windows\System\FkiilMM.exe
  2⤵
  PID:7816
- C:\Windows\System\fCLrhRX.exe
  C:\Windows\System\fCLrhRX.exe
  2⤵
  PID:7832
- C:\Windows\System\kjgSeVK.exe
  C:\Windows\System\kjgSeVK.exe
  2⤵
  PID:7848
- C:\Windows\System\EUdpdet.exe
  C:\Windows\System\EUdpdet.exe
  2⤵
  PID:7868
- C:\Windows\System\LjoGFSF.exe
  C:\Windows\System\LjoGFSF.exe
  2⤵
  PID:7884
- C:\Windows\System\gwePImh.exe
  C:\Windows\System\gwePImh.exe
  2⤵
  PID:7900
- C:\Windows\System\ToDaCJo.exe
  C:\Windows\System\ToDaCJo.exe
  2⤵
  PID:7916
- C:\Windows\System\YMJMbDs.exe
  C:\Windows\System\YMJMbDs.exe
  2⤵
  PID:7932
- C:\Windows\System\XbwKKvw.exe
  C:\Windows\System\XbwKKvw.exe
  2⤵
  PID:7948
- C:\Windows\System\KJsGVBz.exe
  C:\Windows\System\KJsGVBz.exe
  2⤵
  PID:7964
- C:\Windows\System\VtMwuLV.exe
  C:\Windows\System\VtMwuLV.exe
  2⤵
  PID:7980
- C:\Windows\System\USrLlmw.exe
  C:\Windows\System\USrLlmw.exe
  2⤵
  PID:7996
- C:\Windows\System\hrKqmbI.exe
  C:\Windows\System\hrKqmbI.exe
  2⤵
  PID:8012
- C:\Windows\System\RpVzKyc.exe
  C:\Windows\System\RpVzKyc.exe
  2⤵
  PID:8028
- C:\Windows\System\xavpGjB.exe
  C:\Windows\System\xavpGjB.exe
  2⤵
  PID:8048
- C:\Windows\System\nbMNXiW.exe
  C:\Windows\System\nbMNXiW.exe
  2⤵
  PID:8064
- C:\Windows\System\icADXRE.exe
  C:\Windows\System\icADXRE.exe
  2⤵
  PID:8084
- C:\Windows\System\CKIsuxV.exe
  C:\Windows\System\CKIsuxV.exe
  2⤵
  PID:8100
- C:\Windows\System\ybTWWTy.exe
  C:\Windows\System\ybTWWTy.exe
  2⤵
  PID:8116
- C:\Windows\System\dSlTQAs.exe
  C:\Windows\System\dSlTQAs.exe
  2⤵
  PID:8132
- C:\Windows\System\LwQGEut.exe
  C:\Windows\System\LwQGEut.exe
  2⤵
  PID:8148
- C:\Windows\System\aLfSmip.exe
  C:\Windows\System\aLfSmip.exe
  2⤵
  PID:8164
- C:\Windows\System\QBgGznl.exe
  C:\Windows\System\QBgGznl.exe
  2⤵
  PID:8180
- C:\Windows\System\uxasSYY.exe
  C:\Windows\System\uxasSYY.exe
  2⤵
  PID:6552
- C:\Windows\System\BUKwhIa.exe
  C:\Windows\System\BUKwhIa.exe
  2⤵
  PID:7192
- C:\Windows\System\UuNFYtF.exe
  C:\Windows\System\UuNFYtF.exe
  2⤵
  PID:7224
- C:\Windows\System\MkzFypu.exe
  C:\Windows\System\MkzFypu.exe
  2⤵
  PID:6464
- C:\Windows\System\GzpONTD.exe
  C:\Windows\System\GzpONTD.exe
  2⤵
  PID:7260
- C:\Windows\System\MMZAMYu.exe
  C:\Windows\System\MMZAMYu.exe
  2⤵
  PID:7212
- C:\Windows\System\ldHQtzX.exe
  C:\Windows\System\ldHQtzX.exe
  2⤵
  PID:7244
- C:\Windows\System\LcminsG.exe
  C:\Windows\System\LcminsG.exe
  2⤵
  PID:7348
- C:\Windows\System\JHgNcRp.exe
  C:\Windows\System\JHgNcRp.exe
  2⤵
  PID:7360
- C:\Windows\System\oknhDeK.exe
  C:\Windows\System\oknhDeK.exe
  2⤵
  PID:7380
- C:\Windows\System\QacWRVP.exe
  C:\Windows\System\QacWRVP.exe
  2⤵
  PID:7432
- C:\Windows\System\NvKewoD.exe
  C:\Windows\System\NvKewoD.exe
  2⤵
  PID:7456
- C:\Windows\System\ocvhXoq.exe
  C:\Windows\System\ocvhXoq.exe
  2⤵
  PID:7508
- C:\Windows\System\BVucEyr.exe
  C:\Windows\System\BVucEyr.exe
  2⤵
  PID:7528
- C:\Windows\System\RQmQmtP.exe
  C:\Windows\System\RQmQmtP.exe
  2⤵
  PID:7592
- C:\Windows\System\RmaUWkj.exe
  C:\Windows\System\RmaUWkj.exe
  2⤵
  PID:7660
- C:\Windows\System\OeIjutY.exe
  C:\Windows\System\OeIjutY.exe
  2⤵
  PID:7608
- C:\Windows\System\XQyJEcV.exe
  C:\Windows\System\XQyJEcV.exe
  2⤵
  PID:7688
- C:\Windows\System\EoJvjlE.exe
  C:\Windows\System\EoJvjlE.exe
  2⤵
  PID:7732
- C:\Windows\System\VdgAgpK.exe
  C:\Windows\System\VdgAgpK.exe
  2⤵
  PID:7716
- C:\Windows\System\LfbGOTU.exe
  C:\Windows\System\LfbGOTU.exe
  2⤵
  PID:7756
- C:\Windows\System\MbALpdf.exe
  C:\Windows\System\MbALpdf.exe
  2⤵
  PID:7808
- C:\Windows\System\CUwLqgx.exe
  C:\Windows\System\CUwLqgx.exe
  2⤵
  PID:7880
- C:\Windows\System\xOuNYcu.exe
  C:\Windows\System\xOuNYcu.exe
  2⤵
  PID:7972
- C:\Windows\System\abjTNSN.exe
  C:\Windows\System\abjTNSN.exe
  2⤵
  PID:7792
- C:\Windows\System\rSTdkuR.exe
  C:\Windows\System\rSTdkuR.exe
  2⤵
  PID:7864
- C:\Windows\System\hpualmn.exe
  C:\Windows\System\hpualmn.exe
  2⤵
  PID:7892
- C:\Windows\System\qyvbGXH.exe
  C:\Windows\System\qyvbGXH.exe
  2⤵
  PID:7960
- C:\Windows\System\JtkcxcD.exe
  C:\Windows\System\JtkcxcD.exe
  2⤵
  PID:8004
- C:\Windows\System\oGJJtgo.exe
  C:\Windows\System\oGJJtgo.exe
  2⤵
  PID:8060
- C:\Windows\System\ZPJJYcK.exe
  C:\Windows\System\ZPJJYcK.exe
  2⤵
  PID:8092
- C:\Windows\System\oTDdNjq.exe
  C:\Windows\System\oTDdNjq.exe
  2⤵
  PID:8172
- C:\Windows\System\idasNnS.exe
  C:\Windows\System\idasNnS.exe
  2⤵
  PID:5296
- C:\Windows\System\plXqZfO.exe
  C:\Windows\System\plXqZfO.exe
  2⤵
  PID:7344
- C:\Windows\System\KvPFJWQ.exe
  C:\Windows\System\KvPFJWQ.exe
  2⤵
  PID:8160
- C:\Windows\System\LuBVfvP.exe
  C:\Windows\System\LuBVfvP.exe
  2⤵
  PID:7256
- C:\Windows\System\GWfMikv.exe
  C:\Windows\System\GWfMikv.exe
  2⤵
  PID:7396
- C:\Windows\System\xNmDNiO.exe
  C:\Windows\System\xNmDNiO.exe
  2⤵
  PID:7496
- C:\Windows\System\POKUxtc.exe
  C:\Windows\System\POKUxtc.exe
  2⤵
  PID:7644
- C:\Windows\System\gUwzKrp.exe
  C:\Windows\System\gUwzKrp.exe
  2⤵
  PID:7772
- C:\Windows\System\pqrRmaZ.exe
  C:\Windows\System\pqrRmaZ.exe
  2⤵
  PID:7700
- C:\Windows\System\eqLRsJx.exe
  C:\Windows\System\eqLRsJx.exe
  2⤵
  PID:7828
- C:\Windows\System\pjpeByi.exe
  C:\Windows\System\pjpeByi.exe
  2⤵
  PID:7924
- C:\Windows\System\xvZaCbk.exe
  C:\Windows\System\xvZaCbk.exe
  2⤵
  PID:7560
- C:\Windows\System\lDonIre.exe
  C:\Windows\System\lDonIre.exe
  2⤵
  PID:8024
- C:\Windows\System\IPCHCFa.exe
  C:\Windows\System\IPCHCFa.exe
  2⤵
  PID:8056
- C:\Windows\System\FrfhUEZ.exe
  C:\Windows\System\FrfhUEZ.exe
  2⤵
  PID:7296
- C:\Windows\System\RWeRvju.exe
  C:\Windows\System\RWeRvju.exe
  2⤵
  PID:7044
- C:\Windows\System\NtiqcGW.exe
  C:\Windows\System\NtiqcGW.exe
  2⤵
  PID:7444
- C:\Windows\System\igMBOGN.exe
  C:\Windows\System\igMBOGN.exe
  2⤵
  PID:7768
- C:\Windows\System\SCEMTVK.exe
  C:\Windows\System\SCEMTVK.exe
  2⤵
  PID:7844
- C:\Windows\System\ZFlRAsc.exe
  C:\Windows\System\ZFlRAsc.exe
  2⤵
  PID:8044
- C:\Windows\System\RJsgjBc.exe
  C:\Windows\System\RJsgjBc.exe
  2⤵
  PID:1812
- C:\Windows\System\zIUYDOS.exe
  C:\Windows\System\zIUYDOS.exe
  2⤵
  PID:7956
- C:\Windows\System\dtrikQn.exe
  C:\Windows\System\dtrikQn.exe
  2⤵
  PID:7992
- C:\Windows\System\MMrjgXW.exe
  C:\Windows\System\MMrjgXW.exe
  2⤵
  PID:7176
- C:\Windows\System\cubKHNP.exe
  C:\Windows\System\cubKHNP.exe
  2⤵
  PID:7460
- C:\Windows\System\emenUOo.exe
  C:\Windows\System\emenUOo.exe
  2⤵
  PID:7476
- C:\Windows\System\sihfhyJ.exe
  C:\Windows\System\sihfhyJ.exe
  2⤵
  PID:7572
- C:\Windows\System\eDCkRmt.exe
  C:\Windows\System\eDCkRmt.exe
  2⤵
  PID:8208
- C:\Windows\System\kKQvPjH.exe
  C:\Windows\System\kKQvPjH.exe
  2⤵
  PID:8224
- C:\Windows\System\byXSLAK.exe
  C:\Windows\System\byXSLAK.exe
  2⤵
  PID:8240
- C:\Windows\System\jgYmZfn.exe
  C:\Windows\System\jgYmZfn.exe
  2⤵
  PID:8256
- C:\Windows\System\pVNdiTs.exe
  C:\Windows\System\pVNdiTs.exe
  2⤵
  PID:8272
- C:\Windows\System\gtzWHGI.exe
  C:\Windows\System\gtzWHGI.exe
  2⤵
  PID:8288
- C:\Windows\System\mASTptI.exe
  C:\Windows\System\mASTptI.exe
  2⤵
  PID:8304
- C:\Windows\System\PGeHPwX.exe
  C:\Windows\System\PGeHPwX.exe
  2⤵
  PID:8320
- C:\Windows\System\kaDNLQb.exe
  C:\Windows\System\kaDNLQb.exe
  2⤵
  PID:8336
- C:\Windows\System\ygMOlZf.exe
  C:\Windows\System\ygMOlZf.exe
  2⤵
  PID:8352
- C:\Windows\System\caTEucv.exe
  C:\Windows\System\caTEucv.exe
  2⤵
  PID:8368
- C:\Windows\System\VCzNKyl.exe
  C:\Windows\System\VCzNKyl.exe
  2⤵
  PID:8384
- C:\Windows\System\TUhBUTb.exe
  C:\Windows\System\TUhBUTb.exe
  2⤵
  PID:8400
- C:\Windows\System\AdEfWZi.exe
  C:\Windows\System\AdEfWZi.exe
  2⤵
  PID:8416
- C:\Windows\System\RYMILKg.exe
  C:\Windows\System\RYMILKg.exe
  2⤵
  PID:8444
- C:\Windows\System\kzVXpsv.exe
  C:\Windows\System\kzVXpsv.exe
  2⤵
  PID:8460
- C:\Windows\System\gHZIKKw.exe
  C:\Windows\System\gHZIKKw.exe
  2⤵
  PID:8476
- C:\Windows\System\gHAGhHH.exe
  C:\Windows\System\gHAGhHH.exe
  2⤵
  PID:8492
- C:\Windows\System\fztOnQm.exe
  C:\Windows\System\fztOnQm.exe
  2⤵
  PID:8512
- C:\Windows\System\aRspCWZ.exe
  C:\Windows\System\aRspCWZ.exe
  2⤵
  PID:8528
- C:\Windows\System\DSnVFBk.exe
  C:\Windows\System\DSnVFBk.exe
  2⤵
  PID:8544
- C:\Windows\System\cGXfRJB.exe
  C:\Windows\System\cGXfRJB.exe
  2⤵
  PID:8560
- C:\Windows\System\YZwSaPU.exe
  C:\Windows\System\YZwSaPU.exe
  2⤵
  PID:8576
- C:\Windows\System\lTGmipU.exe
  C:\Windows\System\lTGmipU.exe
  2⤵
  PID:8592
- C:\Windows\System\sykYDoO.exe
  C:\Windows\System\sykYDoO.exe
  2⤵
  PID:8608
- C:\Windows\System\lgqXRiz.exe
  C:\Windows\System\lgqXRiz.exe
  2⤵
  PID:8624
- C:\Windows\System\FgZjiNp.exe
  C:\Windows\System\FgZjiNp.exe
  2⤵
  PID:8640
- C:\Windows\System\wgssXmu.exe
  C:\Windows\System\wgssXmu.exe
  2⤵
  PID:8656
- C:\Windows\System\WENOilO.exe
  C:\Windows\System\WENOilO.exe
  2⤵
  PID:8672
- C:\Windows\System\LneMeML.exe
  C:\Windows\System\LneMeML.exe
  2⤵
  PID:8704
- C:\Windows\System\athFYKa.exe
  C:\Windows\System\athFYKa.exe
  2⤵
  PID:8732
- C:\Windows\System\CtyUzhI.exe
  C:\Windows\System\CtyUzhI.exe
  2⤵
  PID:9144
- C:\Windows\System\Qmwfnvc.exe
  C:\Windows\System\Qmwfnvc.exe
  2⤵
  PID:7472
- C:\Windows\System\nWyWEsH.exe
  C:\Windows\System\nWyWEsH.exe
  2⤵
  PID:8232
- C:\Windows\System\gaViyZf.exe
  C:\Windows\System\gaViyZf.exe
  2⤵
  PID:7672
- C:\Windows\System\KdllcXt.exe
  C:\Windows\System\KdllcXt.exe
  2⤵
  PID:8220
- C:\Windows\System\ythtKjT.exe
  C:\Windows\System\ythtKjT.exe
  2⤵
  PID:8096
- C:\Windows\System\FIBANFS.exe
  C:\Windows\System\FIBANFS.exe
  2⤵
  PID:8664
- C:\Windows\System\cwVjoyc.exe
  C:\Windows\System\cwVjoyc.exe
  2⤵
  PID:1652
- C:\Windows\System\aJCjqwR.exe
  C:\Windows\System\aJCjqwR.exe
  2⤵
  PID:8744
- C:\Windows\System\jNktsMp.exe
  C:\Windows\System\jNktsMp.exe
  2⤵
  PID:8764
- C:\Windows\System\nyIIXet.exe
  C:\Windows\System\nyIIXet.exe
  2⤵
  PID:8784
- C:\Windows\System\cYIFfTD.exe
  C:\Windows\System\cYIFfTD.exe
  2⤵
  PID:8800
- C:\Windows\System\tKRPMAi.exe
  C:\Windows\System\tKRPMAi.exe
  2⤵
  PID:8816
- C:\Windows\System\exFsOov.exe
  C:\Windows\System\exFsOov.exe
  2⤵
  PID:8836
- C:\Windows\System\oefrcEf.exe
  C:\Windows\System\oefrcEf.exe
  2⤵
  PID:8852
- C:\Windows\System\XTAMsjP.exe
  C:\Windows\System\XTAMsjP.exe
  2⤵
  PID:8864
- C:\Windows\System\sMJasOS.exe
  C:\Windows\System\sMJasOS.exe
  2⤵
  PID:8876
- C:\Windows\System\NumCMWU.exe
  C:\Windows\System\NumCMWU.exe
  2⤵
  PID:8892
- C:\Windows\System\TfdqOLa.exe
  C:\Windows\System\TfdqOLa.exe
  2⤵
  PID:8908
- C:\Windows\System\GzKKqSr.exe
  C:\Windows\System\GzKKqSr.exe
  2⤵
  PID:8928
- C:\Windows\System\gZRZNfX.exe
  C:\Windows\System\gZRZNfX.exe
  2⤵
  PID:8944
- C:\Windows\System\sUYfMcx.exe
  C:\Windows\System\sUYfMcx.exe
  2⤵
  PID:8960
- C:\Windows\System\wFrUaay.exe
  C:\Windows\System\wFrUaay.exe
  2⤵
  PID:8976
- C:\Windows\System\cVkXPBb.exe
  C:\Windows\System\cVkXPBb.exe
  2⤵
  PID:8992
- C:\Windows\System\bIuYwQg.exe
  C:\Windows\System\bIuYwQg.exe
  2⤵
  PID:9008
- C:\Windows\System\wMCyTNl.exe
  C:\Windows\System\wMCyTNl.exe
  2⤵
  PID:9024
- C:\Windows\System\nRcygsd.exe
  C:\Windows\System\nRcygsd.exe
  2⤵
  PID:9040
- C:\Windows\System\SiUSIiI.exe
  C:\Windows\System\SiUSIiI.exe
  2⤵
  PID:9056
- C:\Windows\System\gMRRAyn.exe
  C:\Windows\System\gMRRAyn.exe
  2⤵
  PID:9072
- C:\Windows\System\oGhTZem.exe
  C:\Windows\System\oGhTZem.exe
  2⤵
  PID:9088
- C:\Windows\System\YPSmtNi.exe
  C:\Windows\System\YPSmtNi.exe
  2⤵
  PID:9104
- C:\Windows\System\RPwTNwm.exe
  C:\Windows\System\RPwTNwm.exe
  2⤵
  PID:9120
- C:\Windows\System\vKETnmG.exe
  C:\Windows\System\vKETnmG.exe
  2⤵
  PID:9136
- C:\Windows\System\OCdpcWO.exe
  C:\Windows\System\OCdpcWO.exe
  2⤵
  PID:2276
- C:\Windows\System\UXadysa.exe
  C:\Windows\System\UXadysa.exe
  2⤵
  PID:2164
- C:\Windows\System\wQwAdXn.exe
  C:\Windows\System\wQwAdXn.exe
  2⤵
  PID:9168
- C:\Windows\System\QTYWZwL.exe
  C:\Windows\System\QTYWZwL.exe
  2⤵
  PID:9184
- C:\Windows\System\fhIJQST.exe
  C:\Windows\System\fhIJQST.exe
  2⤵
  PID:9204
- C:\Windows\System\xTsUdtL.exe
  C:\Windows\System\xTsUdtL.exe
  2⤵
  PID:8204
- C:\Windows\System\uniJaEh.exe
  C:\Windows\System\uniJaEh.exe
  2⤵
  PID:8264
- C:\Windows\System\MuCNiue.exe
  C:\Windows\System\MuCNiue.exe
  2⤵
  PID:7328
- C:\Windows\System\cGWYSfd.exe
  C:\Windows\System\cGWYSfd.exe
  2⤵
  PID:7752
- C:\Windows\System\vqSPIzc.exe
  C:\Windows\System\vqSPIzc.exe
  2⤵
  PID:1808
- C:\Windows\System\tlMNLfU.exe
  C:\Windows\System\tlMNLfU.exe
  2⤵
  PID:8440
- C:\Windows\System\oOPqUGm.exe
  C:\Windows\System\oOPqUGm.exe
  2⤵
  PID:8468
- C:\Windows\System\TaNZsyt.exe
  C:\Windows\System\TaNZsyt.exe
  2⤵
  PID:8484
- C:\Windows\System\XnEYVto.exe
  C:\Windows\System\XnEYVto.exe
  2⤵
  PID:2288
- C:\Windows\System\ZnueouT.exe
  C:\Windows\System\ZnueouT.exe
  2⤵
  PID:8648
- C:\Windows\System\BkNaLxb.exe
  C:\Windows\System\BkNaLxb.exe
  2⤵
  PID:8456
- C:\Windows\System\hgUVSdz.exe
  C:\Windows\System\hgUVSdz.exe
  2⤵
  PID:9152
- C:\Windows\System\kvkoaUH.exe
  C:\Windows\System\kvkoaUH.exe
  2⤵
  PID:8796
- C:\Windows\System\hKSeZMZ.exe
  C:\Windows\System\hKSeZMZ.exe
  2⤵
  PID:7196
- C:\Windows\System\tYVqXTI.exe
  C:\Windows\System\tYVqXTI.exe
  2⤵
  PID:8396
- C:\Windows\System\PLiPnxR.exe
  C:\Windows\System\PLiPnxR.exe
  2⤵
  PID:8316
- C:\Windows\System\NtqneRR.exe
  C:\Windows\System\NtqneRR.exe
  2⤵
  PID:8216
- C:\Windows\System\UsSeWDu.exe
  C:\Windows\System\UsSeWDu.exe
  2⤵
  PID:8280
- C:\Windows\System\uoJqIjp.exe
  C:\Windows\System\uoJqIjp.exe
  2⤵
  PID:8348
- C:\Windows\System\vuNNCDV.exe
  C:\Windows\System\vuNNCDV.exe
  2⤵
  PID:8380
- C:\Windows\System\jHfisXN.exe
  C:\Windows\System\jHfisXN.exe
  2⤵
  PID:8504
- C:\Windows\System\aKENTHE.exe
  C:\Windows\System\aKENTHE.exe
  2⤵
  PID:8572
- C:\Windows\System\dOxZNBa.exe
  C:\Windows\System\dOxZNBa.exe
  2⤵
  PID:8632
- C:\Windows\System\FOnYTVe.exe
  C:\Windows\System\FOnYTVe.exe
  2⤵
  PID:8684
- C:\Windows\System\eChgoCf.exe
  C:\Windows\System\eChgoCf.exe
  2⤵
  PID:8712
- C:\Windows\System\hXbsqOx.exe
  C:\Windows\System\hXbsqOx.exe
  2⤵
  PID:8772
- C:\Windows\System\HRcnZVg.exe
  C:\Windows\System\HRcnZVg.exe
  2⤵
  PID:2980
- C:\Windows\System\hQpnhbA.exe
  C:\Windows\System\hQpnhbA.exe
  2⤵
  PID:8824
- C:\Windows\System\JjTXqTG.exe
  C:\Windows\System\JjTXqTG.exe
  2⤵
  PID:8888
- C:\Windows\System\eroxCMO.exe
  C:\Windows\System\eroxCMO.exe
  2⤵
  PID:8952
- C:\Windows\System\CCOVpGa.exe
  C:\Windows\System\CCOVpGa.exe
  2⤵
  PID:8872
- C:\Windows\System\oktqiKQ.exe
  C:\Windows\System\oktqiKQ.exe
  2⤵
  PID:8940
- C:\Windows\System\gRZkKNI.exe
  C:\Windows\System\gRZkKNI.exe
  2⤵
  PID:9020
- C:\Windows\System\xzvbkQM.exe
  C:\Windows\System\xzvbkQM.exe
  2⤵
  PID:9080
- C:\Windows\System\HzuXHFB.exe
  C:\Windows\System\HzuXHFB.exe
  2⤵
  PID:8716
- C:\Windows\System\yfYEzNZ.exe
  C:\Windows\System\yfYEzNZ.exe
  2⤵
  PID:9004
- C:\Windows\System\USWPjCI.exe
  C:\Windows\System\USWPjCI.exe
  2⤵
  PID:9068
- C:\Windows\System\ArXNrPE.exe
  C:\Windows\System\ArXNrPE.exe
  2⤵
  PID:9132
- C:\Windows\System\WRzhRgy.exe
  C:\Windows\System\WRzhRgy.exe
  2⤵
  PID:9180
- C:\Windows\System\paNLeAs.exe
  C:\Windows\System\paNLeAs.exe
  2⤵
  PID:9196
- C:\Windows\System\SobAQXr.exe
  C:\Windows\System\SobAQXr.exe
  2⤵
  PID:8268
- C:\Windows\System\OPpCRqc.exe
  C:\Windows\System\OPpCRqc.exe
  2⤵
  PID:8300
- C:\Windows\System\kNYIqtO.exe
  C:\Windows\System\kNYIqtO.exe
  2⤵
  PID:7376
- C:\Windows\System\MXDGiJS.exe
  C:\Windows\System\MXDGiJS.exe
  2⤵
  PID:8520
- C:\Windows\System\OjgfjlO.exe
  C:\Windows\System\OjgfjlO.exe
  2⤵
  PID:8652
- C:\Windows\System\pkACuWs.exe
  C:\Windows\System\pkACuWs.exe
  2⤵
  PID:8680
- C:\Windows\System\TueKajs.exe
  C:\Windows\System\TueKajs.exe
  2⤵
  PID:7408
- C:\Windows\System\EPQuwbI.exe
  C:\Windows\System\EPQuwbI.exe
  2⤵
  PID:8248
- C:\Windows\System\nDktFmZ.exe
  C:\Windows\System\nDktFmZ.exe
  2⤵
  PID:8312
- C:\Windows\System\qDpGNhk.exe
  C:\Windows\System\qDpGNhk.exe
  2⤵
  PID:8536
- C:\Windows\System\iWuVkOf.exe
  C:\Windows\System\iWuVkOf.exe
  2⤵
  PID:8452
- C:\Windows\System\dpiucac.exe
  C:\Windows\System\dpiucac.exe
  2⤵
  PID:8488
- C:\Windows\System\aiCBEFl.exe
  C:\Windows\System\aiCBEFl.exe
  2⤵
  PID:8884
- C:\Windows\System\yQmuzur.exe
  C:\Windows\System\yQmuzur.exe
  2⤵
  PID:8700
- C:\Windows\System\HecnlBG.exe
  C:\Windows\System\HecnlBG.exe
  2⤵
  PID:8844
- C:\Windows\System\dhStevL.exe
  C:\Windows\System\dhStevL.exe
  2⤵
  PID:8956
- C:\Windows\System\TXZOQSX.exe
  C:\Windows\System\TXZOQSX.exe
  2⤵
  PID:9048
- C:\Windows\System\fGzWETS.exe
  C:\Windows\System\fGzWETS.exe
  2⤵
  PID:2868
- C:\Windows\System\jvxuIwX.exe
  C:\Windows\System\jvxuIwX.exe
  2⤵
  PID:9160
- C:\Windows\System\lgUjNrU.exe
  C:\Windows\System\lgUjNrU.exe
  2⤵
  PID:8584
- C:\Windows\System\OcNcsIN.exe
  C:\Windows\System\OcNcsIN.exe
  2⤵
  PID:8140
- C:\Windows\System\zvQgXGg.exe
  C:\Windows\System\zvQgXGg.exe
  2⤵
  PID:9176
- C:\Windows\System\ASNBaVl.exe
  C:\Windows\System\ASNBaVl.exe
  2⤵
  PID:8428
- C:\Windows\System\mSpMqcm.exe
  C:\Windows\System\mSpMqcm.exe
  2⤵
  PID:8144
- C:\Windows\System\JHCtQIE.exe
  C:\Windows\System\JHCtQIE.exe
  2⤵
  PID:8376
- C:\Windows\System\xwGvFPp.exe
  C:\Windows\System\xwGvFPp.exe
  2⤵
  PID:2520
- C:\Windows\System\FOvmcWA.exe
  C:\Windows\System\FOvmcWA.exe
  2⤵
  PID:8392
- C:\Windows\System\iFKHBHy.exe
  C:\Windows\System\iFKHBHy.exe
  2⤵
  PID:8600
- C:\Windows\System\GxZziGo.exe
  C:\Windows\System\GxZziGo.exe
  2⤵
  PID:8920
- C:\Windows\System\zMmzIUW.exe
  C:\Windows\System\zMmzIUW.exe
  2⤵
  PID:8840
- C:\Windows\System\qMYibKa.exe
  C:\Windows\System\qMYibKa.exe
  2⤵
  PID:9192
- C:\Windows\System\FPkTDrO.exe
  C:\Windows\System\FPkTDrO.exe
  2⤵
  PID:9128
- C:\Windows\System\BKAqVmB.exe
  C:\Windows\System\BKAqVmB.exe
  2⤵
  PID:8328
- C:\Windows\System\UkrMVLt.exe
  C:\Windows\System\UkrMVLt.exe
  2⤵
  PID:936
- C:\Windows\System\wSzjNdD.exe
  C:\Windows\System\wSzjNdD.exe
  2⤵
  PID:8508
- C:\Windows\System\ahDfbBJ.exe
  C:\Windows\System\ahDfbBJ.exe
  2⤵
  PID:8808
- C:\Windows\System\yvSzvAT.exe
  C:\Windows\System\yvSzvAT.exe
  2⤵
  PID:3036
- C:\Windows\System\xNdnuvc.exe
  C:\Windows\System\xNdnuvc.exe
  2⤵
  PID:2524
- C:\Windows\System\gKXGWxO.exe
  C:\Windows\System\gKXGWxO.exe
  2⤵
  PID:8364
- C:\Windows\System\fAzXlLK.exe
  C:\Windows\System\fAzXlLK.exe
  2⤵
  PID:8752
- C:\Windows\System\NyWOsiG.exe
  C:\Windows\System\NyWOsiG.exe
  2⤵
  PID:8588
- C:\Windows\System\SqcuaLK.exe
  C:\Windows\System\SqcuaLK.exe
  2⤵
  PID:9228
- C:\Windows\System\pceUiMG.exe
  C:\Windows\System\pceUiMG.exe
  2⤵
  PID:9244
- C:\Windows\System\IoeVrfV.exe
  C:\Windows\System\IoeVrfV.exe
  2⤵
  PID:9260
- C:\Windows\System\beGbKUA.exe
  C:\Windows\System\beGbKUA.exe
  2⤵
  PID:9276
- C:\Windows\System\BgBMOke.exe
  C:\Windows\System\BgBMOke.exe
  2⤵
  PID:9292
- C:\Windows\System\FfdxsAz.exe
  C:\Windows\System\FfdxsAz.exe
  2⤵
  PID:9312
- C:\Windows\System\dhesbIj.exe
  C:\Windows\System\dhesbIj.exe
  2⤵
  PID:9332
- C:\Windows\System\RzBcQRK.exe
  C:\Windows\System\RzBcQRK.exe
  2⤵
  PID:9348
- C:\Windows\System\PEmbSDK.exe
  C:\Windows\System\PEmbSDK.exe
  2⤵
  PID:9364
- C:\Windows\System\yuYAllJ.exe
  C:\Windows\System\yuYAllJ.exe
  2⤵
  PID:9384
- C:\Windows\System\uyuGsIC.exe
  C:\Windows\System\uyuGsIC.exe
  2⤵
  PID:9404
- C:\Windows\System\FgllLAN.exe
  C:\Windows\System\FgllLAN.exe
  2⤵
  PID:9420
- C:\Windows\System\dgNmxGd.exe
  C:\Windows\System\dgNmxGd.exe
  2⤵
  PID:9436
- C:\Windows\System\NCyIqCR.exe
  C:\Windows\System\NCyIqCR.exe
  2⤵
  PID:9452
- C:\Windows\System\sjkdZjI.exe
  C:\Windows\System\sjkdZjI.exe
  2⤵
  PID:9468
- C:\Windows\System\OZUPwMo.exe
  C:\Windows\System\OZUPwMo.exe
  2⤵
  PID:9484
- C:\Windows\System\yPNXVkf.exe
  C:\Windows\System\yPNXVkf.exe
  2⤵
  PID:9500
- C:\Windows\System\pGpEyhi.exe
  C:\Windows\System\pGpEyhi.exe
  2⤵
  PID:9520
- C:\Windows\System\ILoXLAD.exe
  C:\Windows\System\ILoXLAD.exe
  2⤵
  PID:9560
- C:\Windows\System\HDHDfxi.exe
  C:\Windows\System\HDHDfxi.exe
  2⤵
  PID:9580
- C:\Windows\System\NORnzhh.exe
  C:\Windows\System\NORnzhh.exe
  2⤵
  PID:9600
- C:\Windows\System\CjajnEQ.exe
  C:\Windows\System\CjajnEQ.exe
  2⤵
  PID:9616
- C:\Windows\System\FdjwpOy.exe
  C:\Windows\System\FdjwpOy.exe
  2⤵
  PID:9632
- C:\Windows\System\QtflViZ.exe
  C:\Windows\System\QtflViZ.exe
  2⤵
  PID:9648
- C:\Windows\System\RRjcgFi.exe
  C:\Windows\System\RRjcgFi.exe
  2⤵
  PID:9664
- C:\Windows\System\FoVHgiG.exe
  C:\Windows\System\FoVHgiG.exe
  2⤵
  PID:9684
- C:\Windows\System\vTMJyND.exe
  C:\Windows\System\vTMJyND.exe
  2⤵
  PID:9704
- C:\Windows\System\bYZVPym.exe
  C:\Windows\System\bYZVPym.exe
  2⤵
  PID:9720
- C:\Windows\System\BdIsIcl.exe
  C:\Windows\System\BdIsIcl.exe
  2⤵
  PID:9736
- C:\Windows\System\ONEaKvL.exe
  C:\Windows\System\ONEaKvL.exe
  2⤵
  PID:9756
- C:\Windows\System\dnSuGxL.exe
  C:\Windows\System\dnSuGxL.exe
  2⤵
  PID:9772
- C:\Windows\System\gvGyxDp.exe
  C:\Windows\System\gvGyxDp.exe
  2⤵
  PID:9788
- C:\Windows\System\SlVjdez.exe
  C:\Windows\System\SlVjdez.exe
  2⤵
  PID:9804
- C:\Windows\System\ZWYwPmq.exe
  C:\Windows\System\ZWYwPmq.exe
  2⤵
  PID:9820
- C:\Windows\System\aRnJNFi.exe
  C:\Windows\System\aRnJNFi.exe
  2⤵
  PID:9840
- C:\Windows\System\KnafMwK.exe
  C:\Windows\System\KnafMwK.exe
  2⤵
  PID:9856
- C:\Windows\System\baKQCAN.exe
  C:\Windows\System\baKQCAN.exe
  2⤵
  PID:9872
- C:\Windows\System\hOedvhm.exe
  C:\Windows\System\hOedvhm.exe
  2⤵
  PID:9888
- C:\Windows\System\UAkclbH.exe
  C:\Windows\System\UAkclbH.exe
  2⤵
  PID:9904
- C:\Windows\System\FmYGQbX.exe
  C:\Windows\System\FmYGQbX.exe
  2⤵
  PID:9920
- C:\Windows\System\hIpNYaB.exe
  C:\Windows\System\hIpNYaB.exe
  2⤵
  PID:9936
- C:\Windows\System\QQwRYVo.exe
  C:\Windows\System\QQwRYVo.exe
  2⤵
  PID:9952
- C:\Windows\System\HBjArop.exe
  C:\Windows\System\HBjArop.exe
  2⤵
  PID:9968
- C:\Windows\System\MmPVVrF.exe
  C:\Windows\System\MmPVVrF.exe
  2⤵
  PID:9984
- C:\Windows\System\yPSRHfx.exe
  C:\Windows\System\yPSRHfx.exe
  2⤵
  PID:10000
- C:\Windows\System\efiMlod.exe
  C:\Windows\System\efiMlod.exe
  2⤵
  PID:10016
- C:\Windows\System\mYxgGFA.exe
  C:\Windows\System\mYxgGFA.exe
  2⤵
  PID:10032
- C:\Windows\System\tnjipZH.exe
  C:\Windows\System\tnjipZH.exe
  2⤵
  PID:10048
- C:\Windows\System\nILpFPu.exe
  C:\Windows\System\nILpFPu.exe
  2⤵
  PID:10064
- C:\Windows\System\sAPQNNb.exe
  C:\Windows\System\sAPQNNb.exe
  2⤵
  PID:10080
- C:\Windows\System\ojyGCfR.exe
  C:\Windows\System\ojyGCfR.exe
  2⤵
  PID:10096
- C:\Windows\System\JYHzvIp.exe
  C:\Windows\System\JYHzvIp.exe
  2⤵
  PID:10112
- C:\Windows\System\HUXQDnv.exe
  C:\Windows\System\HUXQDnv.exe
  2⤵
  PID:10128
- C:\Windows\System\YZAhXaj.exe
  C:\Windows\System\YZAhXaj.exe
  2⤵
  PID:10144
- C:\Windows\System\LWxayqU.exe
  C:\Windows\System\LWxayqU.exe
  2⤵
  PID:10160
- C:\Windows\System\SpEWvzA.exe
  C:\Windows\System\SpEWvzA.exe
  2⤵
  PID:10176
- C:\Windows\System\OzNKwNV.exe
  C:\Windows\System\OzNKwNV.exe
  2⤵
  PID:10192
- C:\Windows\System\zxeNyTj.exe
  C:\Windows\System\zxeNyTj.exe
  2⤵
  PID:10208
- C:\Windows\System\OoaThRE.exe
  C:\Windows\System\OoaThRE.exe
  2⤵
  PID:10224
- C:\Windows\System\xtKBrKI.exe
  C:\Windows\System\xtKBrKI.exe
  2⤵
  PID:9220
- C:\Windows\System\uwGGKFn.exe
  C:\Windows\System\uwGGKFn.exe
  2⤵
  PID:9052
- C:\Windows\System\FjZSCQm.exe
  C:\Windows\System\FjZSCQm.exe
  2⤵
  PID:9268
- C:\Windows\System\pmmQVYb.exe
  C:\Windows\System\pmmQVYb.exe
  2⤵
  PID:9252
- C:\Windows\System\EGNVmXq.exe
  C:\Windows\System\EGNVmXq.exe
  2⤵
  PID:7276
- C:\Windows\System\MHuakkn.exe
  C:\Windows\System\MHuakkn.exe
  2⤵
  PID:9320
- C:\Windows\System\FKJwnwW.exe
  C:\Windows\System\FKJwnwW.exe
  2⤵
  PID:9356
- C:\Windows\System\IiHAVck.exe
  C:\Windows\System\IiHAVck.exe
  2⤵
  PID:9396
- C:\Windows\System\vBrhyzv.exe
  C:\Windows\System\vBrhyzv.exe
  2⤵
  PID:9380
- C:\Windows\System\hbpwofs.exe
  C:\Windows\System\hbpwofs.exe
  2⤵
  PID:9444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AQYIaOQ.exe

Filesize
6.0MB

MD5
4cb333fb0a41cc748c433f3dbe3df17c

SHA1
95d7053698a78baf2b28e667155059218668eff5

SHA256
0f1dafdb2a2b54ae5f7aecdc3b3705928db061d4d7b4dc8bad57c95666bcbc4d

SHA512
9b22fec78bde804073ef7924268b4ca1abdefd1afd82a6e1eb84e76e716057b7d69c6694649c2427c54810b2e2a947bd1dd12c4a35e0e522cdcbfc75be5bd94d

Download Submit
C:\Windows\system\BjDtYdI.exe

Filesize
6.0MB

MD5
e784140d4af205a3bea31cad9165feb6

SHA1
bcbd4d09fde87a3b9736e88d301d8cbb9164769f

SHA256
3a3d6c5cac97a267c1a31e6f1096285c68ee8e6472e337960cdb7a3ff6f58c5b

SHA512
6f9f17bc00e58a0169ef4ed358041c5c985841627322d42f6df8f32c12d1ccd38b11f28ed9a11b9647ef2fa1f8daab52333f01e8556c82e2da3f9cd3acae42ca

Download Submit
C:\Windows\system\GWJeAsi.exe

Filesize
6.0MB

MD5
b59162c5dde1b2570b75fc12be1b565e

SHA1
966aca71e13258e980622841af77440b9dda5ac4

SHA256
87e1cc56e921a020815c1fb9ba39f24adb5b5737e5783d2c3bf7ff32bd5e73b3

SHA512
e3343987d34bcf9f24b85bb58ea51eada73b73e9fb37972118a46a7cf660d606de11c51d634b6ccc801bdfaca77e414ee430c7277e5c56e01343e3b72068502e

Download Submit
C:\Windows\system\GZpdory.exe

Filesize
6.0MB

MD5
eb6bdac64870b9587a03844a02284943

SHA1
299d1963ad997e3a04c2e3f86497125b02e4d876

SHA256
a8840c90a3f57a7f193389c18098eb1666a49dd45cefa87d19d7a6162e3280d6

SHA512
6da4b961baab17747f42644a0c0294d982d88ba81f60383e3b1d51986b8310979deecc02f8f057a7ffc005b578a2d32f191d7fc7c617ccc75c70815ad0e3426c

Download Submit
C:\Windows\system\IQntvFc.exe

Filesize
6.0MB

MD5
d2133ab153b6c68faca7b4351290923e

SHA1
e0b2efda86f7470ad62702de2d5277af45a08779

SHA256
1f22fea6585715b366e04938c127e2ea09246460da2b03ab5fd298d690abddf4

SHA512
f24a059ebe7b9cb4d83c80d453ee038db31e22c5289d1880317eabe29e8c9132a59070d3f0a3c095754aaca472e71584f58500625212e16902a4fcc43a4f99ee

Download Submit
C:\Windows\system\IdHlHLc.exe

Filesize
6.0MB

MD5
264abae4df7397f70ef8a09647199d25

SHA1
c3c7cb27dafc081b799e8222c35134a3980fbad6

SHA256
342189468ef8c8840e72ed79bd0d09a3446087b8459cb9e83af44d66627585f4

SHA512
34bd413f39898a97567de21659cddb70eeb859582b8d8caf6019c8a0adb829e08ad7cb33bc38a67ebb42f9bd1a330e480ea3225a3281b1aa2774af873eba036e

Download Submit
C:\Windows\system\JCaMLcj.exe

Filesize
6.0MB

MD5
853852f134cf7c047b9958ee330869fb

SHA1
e99b130a9f90bcd78677d2cdc1bc7faaf316dc6c

SHA256
594519a9e49adb6fa03cd2bec0f36407425263b7ec2e448aff609ff682a22566

SHA512
f427e1a69ef3fab79769a94ea6352f3caf9a81e0325d379fde368256f4c6d4f679981d0b02ef5f7b43fe42d2c8c8bb56cf945d568fc1e9379e42f3f07f5405fa

Download Submit
C:\Windows\system\KLWwxOc.exe

Filesize
6.0MB

MD5
3c1ae0992e5dbb795a3ce918b580869c

SHA1
9a773d76978dca8a2140eee0b10ca86bb871a0e5

SHA256
9965a2216a77ab1743e4aa04a9832d5d3f242e84ad8f31b4dd7bdcb436ad6661

SHA512
43788622123443ec2ee22548307113e9fa037879d271a3ce3f318c0e1a08fa55b0ca7dbdb76ae4763831d306d9f4865b21fb756c4527ce9b9bb92f26e577f7cb

Download Submit
C:\Windows\system\NGmmWfn.exe

Filesize
6.0MB

MD5
5c1266c5a4dc58d022178ff6bc4878ea

SHA1
5e144a469e01cf7a96d158a7573cdfe7a99a7bb4

SHA256
ce8a92e2aaffda4bc25bd026c51ad310f7fcae66e708c32d62bbf4952756d23e

SHA512
dbf9deb19d6933cb3be06e70e9d6da59ba184855f32b92a083c49cfb19593e6c9ea1fb11ac8d9c2325f9c068a11003e2e80ac4bc9988fa567fb828d920f4321a

Download Submit
C:\Windows\system\QWSruig.exe

Filesize
6.0MB

MD5
ac3c243534e331057abf1ea055c20bd4

SHA1
790810ee663c296d55bfbd8c9bd987fcd6806ae8

SHA256
359655b2845df93cec603ab3520b9c43d90cd0e072c0cb88765a6ff514460629

SHA512
e13877e024d14fa281a5660fed5c6a2f4e86fb102942dfed0851513bd44d9c969ef2cedc1257bbb411cb2272a775894d0840193cef02145ef5d67b1f61bd868f

Download Submit
C:\Windows\system\SMBwTQP.exe

Filesize
6.0MB

MD5
7c8b060e2dd5fd7a6d396dfbe0ab9512

SHA1
8d1cc45e7d6a757c7cdbbfa1c5d4adbea0641b72

SHA256
08275db4dc74f5056d326669f85f29c3a2ada84905f03a55884a83544bc428b3

SHA512
5565a64b4bc9cc2feab10229d1bcc6166b03f8d505cc3c7f6210bf380faf2c30cac18a1a7dd63e958a59e6626f4135eceafbb1ea0b98b2c79b49194f55b33272

Download Submit
C:\Windows\system\SbWJyAo.exe

Filesize
6.0MB

MD5
1bc5cd8900a7e531a5adc7e8a68bdd3e

SHA1
9239a998c2dc83f3d1cb3002281173a251ee2d8d

SHA256
eae860e5d25d39c67a9df7fb62f840bf3f6877e52803512356630af978cbaed9

SHA512
5dbaad6d99f4904522944137538db919a34f0ffac1d805ebf62cbe4bcc2cb13809894676a11f04f5bdeee11ae0749f9e6d9c0ae41914d3cee092741fca8bb878

Download Submit
C:\Windows\system\ThmIxaB.exe

Filesize
6.0MB

MD5
bb74ddb8dffa55227d68eb396b6cd39e

SHA1
a3937ef911cac7cf09859c8b60bc9c0c3639ab22

SHA256
51c54c1c566986c5a9cb2c804fa889b1db27562b17d1c5a422873ce978f9205d

SHA512
03915f33b6982d8db4c0a28f1ec24ec96638bf0fb05b07e64620d6cb2c64801151662b4728183ca2047e4e9ac754af51c8204788fa06f6e6c97ae138ee78642c

Download Submit
C:\Windows\system\XAcaQLg.exe

Filesize
6.0MB

MD5
0ea476a32a2ab3189850a12791d9ad77

SHA1
bcc61aea3721a97fd4b8bc75891fc26c0eaa2df6

SHA256
c57cba0253d30afd82dc4e1b41ae2d763cd61837ced93140cd9919de599ead46

SHA512
1e65266d7d447dea9a3c0b3ca0851e08b69e039a32c878efa15121ac73d6768c9f90fb0011ad943472af30ebc595746f5868c70be391b07a97ab74d9b680d4d0

Download Submit
C:\Windows\system\XKRfbTT.exe

Filesize
6.0MB

MD5
7cfda480885b0b225fc0f96f965fe5e9

SHA1
60befa82b2b2762b910af02e60fe938c5e440da1

SHA256
d24083e852d86507951b250470121b7a0a157da2e731fb6897b0766156e6c22d

SHA512
193af02aff1555050129de1d2b5c563d97aaa701065a5c826e7d19e4898397549a7761dd123181d03d53461c28e3eec4a0ad8dfa51be56a5543c8f2ec6893647

Download Submit
C:\Windows\system\XNxmsdT.exe

Filesize
6.0MB

MD5
85c266cfc04b9d7149782e861b923cc8

SHA1
b873330f7e0aad4a5530c46bc303346b2319a398

SHA256
b094a95f4f4c274095b553a67cda1efbceae8859275f6b698b63eab40a66310b

SHA512
b4648c90570572ca61b3df41af07c9c5751a5217d3981a16a04a3b81d80f6626d4fedaebdfb0f4c78de25e26cc1764c817823d38dc93b3ff722a53b2bd2ca499

Download Submit
C:\Windows\system\XuyyqNc.exe

Filesize
6.0MB

MD5
a28f9d797f3d72b5ba3045b4b34964b3

SHA1
c70b22b7f445c20bfc76169a9f6db241c7758720

SHA256
ac23a1f5b342bd73329db9b333c5f7fbcfc2f7d53637ce46a431d1b905b18d48

SHA512
50cc161bbbeda25928822ea7e06489f84990e35243fa4a364581b68257ae5820b5e960a2281053e494b66fa321827a7159026ae78f820cc41e8cc72905de1243

Download Submit
C:\Windows\system\ZQtmkmM.exe

Filesize
6.0MB

MD5
1bdd7eec1f408814d711f656ab754d78

SHA1
f9de58a9f24840d42221a6d87615bf98a4910b5e

SHA256
d68855a951ee6115837758547ab7b321fe7e664264bf6005c1490266b208f32c

SHA512
e844ca339477b1e6d2fa7deb5eef8caf07b1cd4fc309f3e5c980d30ea2a26c5a631f2ce529f6e4a33a45f4eda8ee1ae691fd122adc87ff4ac4c669ee60a43268

Download Submit
C:\Windows\system\cdVOJup.exe

Filesize
6.0MB

MD5
adabab0931885aa844767b601b99f884

SHA1
811d55ffc2e28b70b35d48dbe22ff31a36f00d86

SHA256
b1f346728e3051453b226934819b0823ff1cea5910d44309b9609e23fbe43b2e

SHA512
d94179496f2c01ba2bec523812e25eff0743b5eeec6b73c6a35f0c9369017a95a8d2e62dcd5abd1669d625b039149e0618e0922adfa82db8717ef12356a4512f

Download Submit
C:\Windows\system\dBcXxKm.exe

Filesize
6.0MB

MD5
7f6ddbee2aa289acebc1a072ed15bf43

SHA1
6c7cd37a96197470ebbdc1760067ecb95c32d418

SHA256
e339f4faf95e1a3e1cfb7406ac3d376dfeac4bb91e5f726dee550ed862b6609a

SHA512
0ac04cc13259474004cdfe032a905e2c91c0fb97bcf826f382aa28005c602f5aa9d6ea1a7b9168cd1c7e88813046e29a7a94cdcc2dce9e989b93e27baa3788ca

Download Submit
C:\Windows\system\dPGmVnA.exe

Filesize
6.0MB

MD5
79a5bb90891a4404bceade1524a4cddc

SHA1
0fa85b7d9ebfe63f09acfb58842704cdbadf2989

SHA256
510e8431a399e8adacd14d67caa5df91b2a2408ed8583a825526146d46256fc3

SHA512
c07d483b613f74abae93a6702b721986721a8f83b019d5defe7137d9d1c9c91b7037c2c9f31d68233dfa552a29e3f0cbf377e3bf3974dae34974bb3502ae60e2

Download Submit
C:\Windows\system\eVGpRgf.exe

Filesize
6.0MB

MD5
d66c172f2e5d12b7b1e00d7958302357

SHA1
b6da81024a5fc2eff595b471f9b8d1a0497447a6

SHA256
0c1261c1864d9c8a7278469be685df61fc45a526cfd1bf91bede44e751e7c95f

SHA512
5a51ee69269017eb99e8e32c4840c4289054963e8f04a92f9c47ba109406edb916c82ba76ec109eb1a95aae0652ad71dd58576c321773757169fe9273cf8280f

Download Submit
C:\Windows\system\fLOrExv.exe

Filesize
6.0MB

MD5
30aea3e0b40d9e9215291aebb4aa0c83

SHA1
b702d03821c4b961144d78133419fd82fdfde4dc

SHA256
5555a417df2c846f6ff79c41e946de856f4beffe2ac36c314c7372eb47115cfd

SHA512
077455c540f8b5027b932c9d71994a97a3a2c15f356f9aced5f17e8b46c8880cc74af520f0a2829242a50083da35ab68183819f83079c3bce0bbecee9c1dd0fe

Download Submit
C:\Windows\system\hKbYDjj.exe

Filesize
6.0MB

MD5
63f1ab965a5da50f4756ff45f40a787c

SHA1
cb1de63526b7f2ffa954fc248f621168a81adb77

SHA256
5950e33b50d120af67636eb231e21d8a9b16fabbe206f7e2dd5ac8bc730aeece

SHA512
b068645b604a5bc924408c14c434172507b216c1783a01b2c59468bc52ea0e9ccbbadb1e01e9a313b5da5538e350eb64399f611871ce3509b7284bedf44ec11c

Download Submit
C:\Windows\system\mAuhVpZ.exe

Filesize
6.0MB

MD5
9341fcacbf29f56821b8b96be4666a05

SHA1
2d2c86d2ee26d7119cd1764e90bd387a0143fb55

SHA256
e71dacd73121f22c18f0ad834f104d82714df4794ac28139facfc117c515ad63

SHA512
1b690f2f7bba95d54ce6e36ce7b5c721de3a6434fcca92a1680b3cb9735c91d2d7e2b2e61989a5cc2487e407f15ddd9ec24eb2c6aa83b3da1fc7a5e5c3e4fe78

Download Submit
C:\Windows\system\qxOwmoU.exe

Filesize
6.0MB

MD5
3fb52bc559256f71c7c8f7255de64383

SHA1
7b58bd11abac2f511b4f30964816e7c7ecc6a9a2

SHA256
a8aa57027c2037818777b6dca269d03038a9d80a760593518effbe60b87955d6

SHA512
9a3cf1d44b98d57150016fa157a23372794b5ed7635f05ec0c5bc883defc7606baf3ecb2111f9cf60280a7ba30e811f8c5cdce4f1a71f5e9528249dc2ce53090

Download Submit
C:\Windows\system\sKnHnhD.exe

Filesize
6.0MB

MD5
576079511f3a928345da59a69738d63c

SHA1
ed161d1a96fc328b1a1f60241d7de2d089c121d8

SHA256
e0381c6e381750237a8c3c19202ec6369b4a7efc5d0edd91d8d45103a621b8fd

SHA512
5734763dea62fb88b61cc2ef599fca87bd1dfde0fc5eff2d9b0228b6cd412beed9a9befe7fba70f84a4f8941ba165e5271dd3c9c8c9692794bd5b81930888467

Download Submit
C:\Windows\system\zkycCxs.exe

Filesize
6.0MB

MD5
bd0ef2c84c52c9c4c1e2d3db7375a3de

SHA1
681aa4a4a4d24043da6d07586fba07f93d51a037

SHA256
152a5543db1ee97fce8e681cffd8b8701bc98a442d3644a15fbfd5ecd85f70a5

SHA512
43273a7f8170654c087541a3b1f146bb9a2357c4e33c38d4ed61fab2b54396ccbd44a3642c59a7bbbfa2d93effac0e47ecda17a2e9745717f86454e41bbb4f02

Download Submit
\Windows\system\OHhQiip.exe

Filesize
6.0MB

MD5
5a6c651da503399fcc27e989f656b960

SHA1
b056796b7ff134650888748ca3888151b54116d9

SHA256
69a13d72f2371fc4ac491103aafc7794b41508c97f60ba2eefdb57df2ff64e5f

SHA512
3986f20d4a278ff0e2c49f86027cd729567da270788a536d836d6d5771df5d6b96b342a8faf7cac571f3688dcb3f35c6ea2d85c3e87ed5a8ebb5aed9147de492

Download Submit
\Windows\system\ltClqJp.exe

Filesize
6.0MB

MD5
1000656a648117be971c39c483d7bee5

SHA1
1065497195b9768a0de8eb898b499457302e13bd

SHA256
81d3f9d43e2f021aa680707eab8663905d9dff5b5d748b8c822d94f0079619d0

SHA512
289771aa30e32b581f3843a73b762ba3e50c90529c36d7ea579d11a8f582f9517ed8f9848af5fcfd6992e4835059a079ac7eef6c3cf5e474daa44bc528991de9

Download Submit
\Windows\system\rbZvaYX.exe

Filesize
6.0MB

MD5
038f973a285d803210b931ea45ccefc6

SHA1
a3ec89b8f012a092f5a80842c140a8aeac30cbea

SHA256
fcd8f8c0ec6d59dcb48cd86c5e5fb7608d2fee7a1132e9c6f0798c14eeefe78e

SHA512
04c37616ef43c6c82c3e71fcda621c7d7337a29743397e3303ce4f1023d1b37fdbcd54f927b79fb29f68e0dfbf44e5c7141ad8ad1a1df0a9528086053e65ee49

Download Submit
\Windows\system\uDkQIIE.exe

Filesize
6.0MB

MD5
50790916dd2574cb8b1f848d92a6648a

SHA1
2e02305b7c8e9e17b21700f8276a29dc87663523

SHA256
2649e2f629b81e63884a04bfb0b7fd0da67466d27700831a7a3258fad88fd4af

SHA512
fce8c9daf80726c6250240c8fbae5f1318288ec7e9aad185cc9e487a1b3a85f0bff37e60d46f56f8a578435e0171aaa00b45ab14e671410bc47998497a6c9752

Download Submit
memory/1336-86-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1336-449-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1336-1570-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1372-103-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1372-1572-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1460-27-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-1470-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-83-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-1571-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-352-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-471-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2132-105-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1585-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2144-1573-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2144-104-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2448-302-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2448-67-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1554-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2544-1547-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2544-204-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2544-54-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2572-30-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1496-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-470-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2656-106-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-102-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2656-53-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2656-85-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-84-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2656-56-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2656-35-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2656-472-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-76-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-72-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-63-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2656-448-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-303-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-41-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-28-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-0-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2656-26-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-52-0x0000000002570000-0x00000000028C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-23-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-447-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2656-20-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-22-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2720-81-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1539-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2748-24-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1474-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1472-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2796-37-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2796-101-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1540-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-42-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-120-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1563-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3004-237-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3004-57-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download