cobaltstrike | 634011f188249d6c717e53ff5f37494b2f2e8b832c5b3785697ceec810acb2a1

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

38a3cdc1d1a2b86b2bb6e18c3d919713
SHA1

1056e310b26805cc9dbb405d9af385dc8f7ec7f0
SHA256

634011f188249d6c717e53ff5f37494b2f2e8b832c5b3785697ceec810acb2a1
SHA512

78d82c6e7b28bf35342b43d58badb8c1db2df3152ce9464c2b25600fcab8f639122ea890a250e4162bd904ca3f0bd306f33e0ad2159873bd20f48f9aa5fc8051
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016858-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016652-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b17-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016bfc-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c76-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016311-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c81-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-201.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-121.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-3.dat	xmrig
behavioral1/memory/2528-8-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0008000000016858-12.dat	xmrig
behavioral1/files/0x0007000000016652-9.dat	xmrig
behavioral1/memory/1664-21-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2432-19-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x0007000000016b17-22.dat	xmrig
behavioral1/memory/2320-28-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2720-37-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2380-34-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016bfc-33.dat	xmrig
behavioral1/files/0x0007000000016c76-41.dat	xmrig
behavioral1/memory/2528-42-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2860-45-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0009000000016311-46.dat	xmrig
behavioral1/memory/2896-51-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1664-53-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c81-54.dat	xmrig
behavioral1/files/0x0005000000019384-60.dat	xmrig
behavioral1/memory/2380-58-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2728-68-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2380-65-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2320-63-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2400-61-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2636-74-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2860-73-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a2-72.dat	xmrig
behavioral1/memory/2380-70-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193af-77.dat	xmrig
behavioral1/memory/2292-91-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f8-99.dat	xmrig
behavioral1/memory/1756-101-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2380-98-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2400-96-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c9-90.dat	xmrig
behavioral1/memory/3060-88-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2380-87-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2896-86-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x00050000000193fa-103.dat	xmrig
behavioral1/memory/1308-110-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2380-109-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2728-108-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2636-113-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019408-116.dat	xmrig
behavioral1/memory/2380-114-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a7-126.dat	xmrig
behavioral1/files/0x00050000000194d4-136.dat	xmrig
behavioral1/files/0x00050000000194da-141.dat	xmrig
behavioral1/files/0x0005000000019503-171.dat	xmrig
behavioral1/files/0x000500000001961b-196.dat	xmrig
behavioral1/memory/1756-658-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2380-574-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2292-387-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-201.dat	xmrig
behavioral1/files/0x0005000000019589-191.dat	xmrig
behavioral1/files/0x000500000001953a-181.dat	xmrig
behavioral1/files/0x000500000001957c-185.dat	xmrig
behavioral1/files/0x0005000000019515-176.dat	xmrig
behavioral1/files/0x0005000000019501-167.dat	xmrig
behavioral1/files/0x00050000000194f6-161.dat	xmrig
behavioral1/files/0x00050000000194ea-152.dat	xmrig
behavioral1/files/0x00050000000194f2-155.dat	xmrig
behavioral1/files/0x00050000000194e2-146.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2528	rBdJXbY.exe
2432	aDoaPFU.exe
1664	hNvbCCH.exe
2320	xWcsuhr.exe
2720	HjMRJaV.exe
2860	qwcWXNa.exe
2896	WfdUEWu.exe
2400	CMPrXlm.exe
2728	RgbwOnF.exe
2636	ujOZBui.exe
3060	pbNjtdv.exe
2292	TDuPNQZ.exe
1756	UvnYnqe.exe
1308	SRxyOXF.exe
1656	flWNulA.exe
1908	gzdXMOF.exe
836	gxiWPhe.exe
1092	HsHbywL.exe
1696	tbaKBNn.exe
1588	dTntbdi.exe
2000	FbgYOHf.exe
2796	okrjfic.exe
2880	zDXfkiG.exe
2472	mdfrEXY.exe
2140	CQIsTHW.exe
2960	wjjRcYx.exe
2996	zxlJjMr.exe
1824	naOupev.exe
2988	eLGrsMt.exe
952	gmuTIqo.exe
1368	YwCyfZS.exe
1676	UHUUwyn.exe
548	IwKntvz.exe
624	fihCiUq.exe
344	iqlcqMn.exe
2228	KvQntpo.exe
604	zhehDVu.exe
1088	HPzjuLP.exe
1528	eAxxSoL.exe
1340	XeIwLEU.exe
1704	pCUvVhL.exe
2168	wWCFSjQ.exe
2764	ZaIySFE.exe
2096	sclTJAD.exe
572	rJYdlqL.exe
1432	pZzhNwc.exe
884	QHndPby.exe
2028	vrRrhiK.exe
2392	wIpXjng.exe
1904	zbzGLHq.exe
1580	TmbxOqv.exe
2284	KuOxMmr.exe
3020	mRswJBc.exe
3024	zMrogfQ.exe
3052	hIUSQKH.exe
2068	NbckUrd.exe
2768	rwpvSAF.exe
2876	ztJqIyB.exe
2836	gIZgyFW.exe
2204	dVJSOet.exe
2704	LcqPHhq.exe
2628	vRmlWNv.exe
2964	jzgmyuO.exe
2872	UpvJQmN.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-3.dat	upx
behavioral1/memory/2528-8-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0008000000016858-12.dat	upx
behavioral1/files/0x0007000000016652-9.dat	upx
behavioral1/memory/1664-21-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2432-19-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x0007000000016b17-22.dat	upx
behavioral1/memory/2320-28-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2720-37-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2380-34-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0007000000016bfc-33.dat	upx
behavioral1/files/0x0007000000016c76-41.dat	upx
behavioral1/memory/2528-42-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2860-45-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0009000000016311-46.dat	upx
behavioral1/memory/2896-51-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/1664-53-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0007000000016c81-54.dat	upx
behavioral1/files/0x0005000000019384-60.dat	upx
behavioral1/memory/2728-68-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2320-63-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2400-61-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2636-74-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2860-73-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x00050000000193a2-72.dat	upx
behavioral1/files/0x00050000000193af-77.dat	upx
behavioral1/memory/2292-91-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x00050000000193f8-99.dat	upx
behavioral1/memory/1756-101-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2400-96-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x00050000000193c9-90.dat	upx
behavioral1/memory/3060-88-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2896-86-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x00050000000193fa-103.dat	upx
behavioral1/memory/1308-110-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2728-108-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2636-113-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0005000000019408-116.dat	upx
behavioral1/files/0x00050000000194a7-126.dat	upx
behavioral1/files/0x00050000000194d4-136.dat	upx
behavioral1/files/0x00050000000194da-141.dat	upx
behavioral1/files/0x0005000000019503-171.dat	upx
behavioral1/files/0x000500000001961b-196.dat	upx
behavioral1/memory/1756-658-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2292-387-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000500000001961f-201.dat	upx
behavioral1/files/0x0005000000019589-191.dat	upx
behavioral1/files/0x000500000001953a-181.dat	upx
behavioral1/files/0x000500000001957c-185.dat	upx
behavioral1/files/0x0005000000019515-176.dat	upx
behavioral1/files/0x0005000000019501-167.dat	upx
behavioral1/files/0x00050000000194f6-161.dat	upx
behavioral1/files/0x00050000000194ea-152.dat	upx
behavioral1/files/0x00050000000194f2-155.dat	upx
behavioral1/files/0x00050000000194e2-146.dat	upx
behavioral1/files/0x00050000000194b4-131.dat	upx
behavioral1/files/0x0005000000019494-121.dat	upx
behavioral1/memory/1664-3374-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2432-3373-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2528-3378-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2320-3386-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2720-3407-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2860-3443-0x000000013FD00000-0x0000000140054000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nAYsKDh.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjZYezP.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwxfIRF.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjptMgV.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HexIdst.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvQntpo.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlVjySu.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tSNSqrE.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DnqyQPT.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcfDvmf.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBKedJb.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqnuPcS.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPDKHhN.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtxsHGt.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyqPbqj.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGMnqfd.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoeUVHQ.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUURZLG.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYVwjdH.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIjLbRs.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaeKHOE.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtPpcgZ.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAcdmAU.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrpjZFt.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXJoPCj.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SidDvfF.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVoEvza.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MsOuXlO.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJTZism.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baKzAaW.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSWxKfx.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVZFsGt.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuKWdjC.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccYGBCp.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbTpEns.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyHLvlu.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmECjBM.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtiVuwD.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLZTDUZ.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgxYNbm.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCsusjA.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceUQKGz.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvoqNzW.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXgLeqe.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCRDWWR.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGhTjGs.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfWYiAD.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCSBpkl.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYcEJtg.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSUsGaN.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCFsbaZ.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCkkCNM.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZaqsML.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLSxqwW.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPOeuWb.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvIWqAi.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiJjFrl.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMbDkfu.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNVOYch.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJHVQaB.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlFOrqM.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfPtnRD.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjvYlbe.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxGThMA.exe	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2528	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2528	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2528	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 1664	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 1664	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 1664	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2432	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2432	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2432	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2320	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2320	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2320	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2720	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2720	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2720	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2860	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2860	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2860	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2896	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2896	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2896	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2400	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2400	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2400	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2728	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2728	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2728	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2636	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2636	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2636	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 3060	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 3060	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 3060	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2292	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 2292	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 2292	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1756	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1756	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1756	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1308	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1308	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1308	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1656	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 1656	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 1656	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 1908	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 1908	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 1908	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 836	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 836	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 836	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1092	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1092	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1092	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1696	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1696	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1696	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1588	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1588	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1588	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 2000	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2380 wrote to memory of 2000	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2380 wrote to memory of 2000	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2380 wrote to memory of 2796	2380	2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_38a3cdc1d1a2b86b2bb6e18c3d919713_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\System\rBdJXbY.exe
  C:\Windows\System\rBdJXbY.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\hNvbCCH.exe
  C:\Windows\System\hNvbCCH.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\aDoaPFU.exe
  C:\Windows\System\aDoaPFU.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\xWcsuhr.exe
  C:\Windows\System\xWcsuhr.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\HjMRJaV.exe
  C:\Windows\System\HjMRJaV.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\qwcWXNa.exe
  C:\Windows\System\qwcWXNa.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\WfdUEWu.exe
  C:\Windows\System\WfdUEWu.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\CMPrXlm.exe
  C:\Windows\System\CMPrXlm.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\RgbwOnF.exe
  C:\Windows\System\RgbwOnF.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\ujOZBui.exe
  C:\Windows\System\ujOZBui.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\pbNjtdv.exe
  C:\Windows\System\pbNjtdv.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\TDuPNQZ.exe
  C:\Windows\System\TDuPNQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\UvnYnqe.exe
  C:\Windows\System\UvnYnqe.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\SRxyOXF.exe
  C:\Windows\System\SRxyOXF.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\flWNulA.exe
  C:\Windows\System\flWNulA.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\gzdXMOF.exe
  C:\Windows\System\gzdXMOF.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\gxiWPhe.exe
  C:\Windows\System\gxiWPhe.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\HsHbywL.exe
  C:\Windows\System\HsHbywL.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\tbaKBNn.exe
  C:\Windows\System\tbaKBNn.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\dTntbdi.exe
  C:\Windows\System\dTntbdi.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\FbgYOHf.exe
  C:\Windows\System\FbgYOHf.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\okrjfic.exe
  C:\Windows\System\okrjfic.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\zDXfkiG.exe
  C:\Windows\System\zDXfkiG.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\mdfrEXY.exe
  C:\Windows\System\mdfrEXY.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\CQIsTHW.exe
  C:\Windows\System\CQIsTHW.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\wjjRcYx.exe
  C:\Windows\System\wjjRcYx.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\zxlJjMr.exe
  C:\Windows\System\zxlJjMr.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\naOupev.exe
  C:\Windows\System\naOupev.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\eLGrsMt.exe
  C:\Windows\System\eLGrsMt.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\gmuTIqo.exe
  C:\Windows\System\gmuTIqo.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\YwCyfZS.exe
  C:\Windows\System\YwCyfZS.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\UHUUwyn.exe
  C:\Windows\System\UHUUwyn.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\IwKntvz.exe
  C:\Windows\System\IwKntvz.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\fihCiUq.exe
  C:\Windows\System\fihCiUq.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\iqlcqMn.exe
  C:\Windows\System\iqlcqMn.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\KvQntpo.exe
  C:\Windows\System\KvQntpo.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\zhehDVu.exe
  C:\Windows\System\zhehDVu.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\HPzjuLP.exe
  C:\Windows\System\HPzjuLP.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\eAxxSoL.exe
  C:\Windows\System\eAxxSoL.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\XeIwLEU.exe
  C:\Windows\System\XeIwLEU.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\pCUvVhL.exe
  C:\Windows\System\pCUvVhL.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\wWCFSjQ.exe
  C:\Windows\System\wWCFSjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\ZaIySFE.exe
  C:\Windows\System\ZaIySFE.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\sclTJAD.exe
  C:\Windows\System\sclTJAD.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\rJYdlqL.exe
  C:\Windows\System\rJYdlqL.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\pZzhNwc.exe
  C:\Windows\System\pZzhNwc.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\QHndPby.exe
  C:\Windows\System\QHndPby.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\vrRrhiK.exe
  C:\Windows\System\vrRrhiK.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\wIpXjng.exe
  C:\Windows\System\wIpXjng.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\zbzGLHq.exe
  C:\Windows\System\zbzGLHq.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\TmbxOqv.exe
  C:\Windows\System\TmbxOqv.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\KuOxMmr.exe
  C:\Windows\System\KuOxMmr.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\mRswJBc.exe
  C:\Windows\System\mRswJBc.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\zMrogfQ.exe
  C:\Windows\System\zMrogfQ.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\hIUSQKH.exe
  C:\Windows\System\hIUSQKH.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\NbckUrd.exe
  C:\Windows\System\NbckUrd.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\rwpvSAF.exe
  C:\Windows\System\rwpvSAF.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\ztJqIyB.exe
  C:\Windows\System\ztJqIyB.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\gIZgyFW.exe
  C:\Windows\System\gIZgyFW.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\dVJSOet.exe
  C:\Windows\System\dVJSOet.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\LcqPHhq.exe
  C:\Windows\System\LcqPHhq.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\vRmlWNv.exe
  C:\Windows\System\vRmlWNv.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\jzgmyuO.exe
  C:\Windows\System\jzgmyuO.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\QfexdNH.exe
  C:\Windows\System\QfexdNH.exe
  2⤵
  PID:2772
- C:\Windows\System\UpvJQmN.exe
  C:\Windows\System\UpvJQmN.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ueGyiRW.exe
  C:\Windows\System\ueGyiRW.exe
  2⤵
  PID:2852
- C:\Windows\System\ppSnYLn.exe
  C:\Windows\System\ppSnYLn.exe
  2⤵
  PID:1484
- C:\Windows\System\WiMiEJm.exe
  C:\Windows\System\WiMiEJm.exe
  2⤵
  PID:2680
- C:\Windows\System\xMdPUrL.exe
  C:\Windows\System\xMdPUrL.exe
  2⤵
  PID:2736
- C:\Windows\System\SFJspAf.exe
  C:\Windows\System\SFJspAf.exe
  2⤵
  PID:1152
- C:\Windows\System\HQbOAUj.exe
  C:\Windows\System\HQbOAUj.exe
  2⤵
  PID:1868
- C:\Windows\System\KaLALgZ.exe
  C:\Windows\System\KaLALgZ.exe
  2⤵
  PID:848
- C:\Windows\System\cwCriDU.exe
  C:\Windows\System\cwCriDU.exe
  2⤵
  PID:2052
- C:\Windows\System\AopfmgX.exe
  C:\Windows\System\AopfmgX.exe
  2⤵
  PID:1604
- C:\Windows\System\RnEpwTF.exe
  C:\Windows\System\RnEpwTF.exe
  2⤵
  PID:472
- C:\Windows\System\ujqRZWN.exe
  C:\Windows\System\ujqRZWN.exe
  2⤵
  PID:2920
- C:\Windows\System\TSsqiah.exe
  C:\Windows\System\TSsqiah.exe
  2⤵
  PID:2464
- C:\Windows\System\wEdGFWf.exe
  C:\Windows\System\wEdGFWf.exe
  2⤵
  PID:2420
- C:\Windows\System\IOeDCys.exe
  C:\Windows\System\IOeDCys.exe
  2⤵
  PID:2944
- C:\Windows\System\sWUTSnE.exe
  C:\Windows\System\sWUTSnE.exe
  2⤵
  PID:2712
- C:\Windows\System\MFRiBPn.exe
  C:\Windows\System\MFRiBPn.exe
  2⤵
  PID:1956
- C:\Windows\System\FoBoFnE.exe
  C:\Windows\System\FoBoFnE.exe
  2⤵
  PID:1864
- C:\Windows\System\jzxecmi.exe
  C:\Windows\System\jzxecmi.exe
  2⤵
  PID:2224
- C:\Windows\System\KZaqsML.exe
  C:\Windows\System\KZaqsML.exe
  2⤵
  PID:1324
- C:\Windows\System\wvcuQbK.exe
  C:\Windows\System\wvcuQbK.exe
  2⤵
  PID:932
- C:\Windows\System\LhtSbix.exe
  C:\Windows\System\LhtSbix.exe
  2⤵
  PID:1792
- C:\Windows\System\blfuSGP.exe
  C:\Windows\System\blfuSGP.exe
  2⤵
  PID:816
- C:\Windows\System\PwvtUnI.exe
  C:\Windows\System\PwvtUnI.exe
  2⤵
  PID:2388
- C:\Windows\System\dIIEBzp.exe
  C:\Windows\System\dIIEBzp.exe
  2⤵
  PID:1228
- C:\Windows\System\NuYiCUe.exe
  C:\Windows\System\NuYiCUe.exe
  2⤵
  PID:2128
- C:\Windows\System\WmlFCML.exe
  C:\Windows\System\WmlFCML.exe
  2⤵
  PID:1492
- C:\Windows\System\iPQWLiT.exe
  C:\Windows\System\iPQWLiT.exe
  2⤵
  PID:2056
- C:\Windows\System\imDSbdD.exe
  C:\Windows\System\imDSbdD.exe
  2⤵
  PID:2364
- C:\Windows\System\DxEduCn.exe
  C:\Windows\System\DxEduCn.exe
  2⤵
  PID:2428
- C:\Windows\System\wRmJBTR.exe
  C:\Windows\System\wRmJBTR.exe
  2⤵
  PID:1212
- C:\Windows\System\gdRVlLz.exe
  C:\Windows\System\gdRVlLz.exe
  2⤵
  PID:2280
- C:\Windows\System\NucWbwJ.exe
  C:\Windows\System\NucWbwJ.exe
  2⤵
  PID:2968
- C:\Windows\System\YZRGneH.exe
  C:\Windows\System\YZRGneH.exe
  2⤵
  PID:1244
- C:\Windows\System\xzEWlNc.exe
  C:\Windows\System\xzEWlNc.exe
  2⤵
  PID:2244
- C:\Windows\System\vYgonUw.exe
  C:\Windows\System\vYgonUw.exe
  2⤵
  PID:2776
- C:\Windows\System\POuhyLA.exe
  C:\Windows\System\POuhyLA.exe
  2⤵
  PID:2856
- C:\Windows\System\PBElcpG.exe
  C:\Windows\System\PBElcpG.exe
  2⤵
  PID:2632
- C:\Windows\System\EpQdEfj.exe
  C:\Windows\System\EpQdEfj.exe
  2⤵
  PID:2888
- C:\Windows\System\vLRiAqt.exe
  C:\Windows\System\vLRiAqt.exe
  2⤵
  PID:1076
- C:\Windows\System\WJlcbRB.exe
  C:\Windows\System\WJlcbRB.exe
  2⤵
  PID:2784
- C:\Windows\System\WDNKnut.exe
  C:\Windows\System\WDNKnut.exe
  2⤵
  PID:1780
- C:\Windows\System\dXuroEh.exe
  C:\Windows\System\dXuroEh.exe
  2⤵
  PID:1616
- C:\Windows\System\NjmHYju.exe
  C:\Windows\System\NjmHYju.exe
  2⤵
  PID:1636
- C:\Windows\System\zVbkuil.exe
  C:\Windows\System\zVbkuil.exe
  2⤵
  PID:1812
- C:\Windows\System\RGtffAh.exe
  C:\Windows\System\RGtffAh.exe
  2⤵
  PID:2296
- C:\Windows\System\lWDPgTH.exe
  C:\Windows\System\lWDPgTH.exe
  2⤵
  PID:2676
- C:\Windows\System\ymvynlV.exe
  C:\Windows\System\ymvynlV.exe
  2⤵
  PID:2580
- C:\Windows\System\HuIfSIy.exe
  C:\Windows\System\HuIfSIy.exe
  2⤵
  PID:1536
- C:\Windows\System\dyurIBN.exe
  C:\Windows\System\dyurIBN.exe
  2⤵
  PID:2084
- C:\Windows\System\KlzOryE.exe
  C:\Windows\System\KlzOryE.exe
  2⤵
  PID:2584
- C:\Windows\System\qlweCaM.exe
  C:\Windows\System\qlweCaM.exe
  2⤵
  PID:1632
- C:\Windows\System\uWXZePn.exe
  C:\Windows\System\uWXZePn.exe
  2⤵
  PID:2232
- C:\Windows\System\WmxeQBS.exe
  C:\Windows\System\WmxeQBS.exe
  2⤵
  PID:1740
- C:\Windows\System\DxGMZWj.exe
  C:\Windows\System\DxGMZWj.exe
  2⤵
  PID:1684
- C:\Windows\System\eYgjhiI.exe
  C:\Windows\System\eYgjhiI.exe
  2⤵
  PID:1928
- C:\Windows\System\QfPtnRD.exe
  C:\Windows\System\QfPtnRD.exe
  2⤵
  PID:1668
- C:\Windows\System\PkERZHy.exe
  C:\Windows\System\PkERZHy.exe
  2⤵
  PID:2324
- C:\Windows\System\FOsYOmP.exe
  C:\Windows\System\FOsYOmP.exe
  2⤵
  PID:2532
- C:\Windows\System\pFpgOKt.exe
  C:\Windows\System\pFpgOKt.exe
  2⤵
  PID:2404
- C:\Windows\System\LloDoSe.exe
  C:\Windows\System\LloDoSe.exe
  2⤵
  PID:2412
- C:\Windows\System\fbCsmCI.exe
  C:\Windows\System\fbCsmCI.exe
  2⤵
  PID:372
- C:\Windows\System\bpddUin.exe
  C:\Windows\System\bpddUin.exe
  2⤵
  PID:2980
- C:\Windows\System\DtiVuwD.exe
  C:\Windows\System\DtiVuwD.exe
  2⤵
  PID:1624
- C:\Windows\System\HlJkblE.exe
  C:\Windows\System\HlJkblE.exe
  2⤵
  PID:2612
- C:\Windows\System\rzGakjx.exe
  C:\Windows\System\rzGakjx.exe
  2⤵
  PID:1320
- C:\Windows\System\RkaZJje.exe
  C:\Windows\System\RkaZJje.exe
  2⤵
  PID:1052
- C:\Windows\System\pdEfvSs.exe
  C:\Windows\System\pdEfvSs.exe
  2⤵
  PID:2300
- C:\Windows\System\sCRDWWR.exe
  C:\Windows\System\sCRDWWR.exe
  2⤵
  PID:2220
- C:\Windows\System\mozusQT.exe
  C:\Windows\System\mozusQT.exe
  2⤵
  PID:1716
- C:\Windows\System\OflLtnB.exe
  C:\Windows\System\OflLtnB.exe
  2⤵
  PID:2484
- C:\Windows\System\nZZnGmc.exe
  C:\Windows\System\nZZnGmc.exe
  2⤵
  PID:1224
- C:\Windows\System\faVuOjx.exe
  C:\Windows\System\faVuOjx.exe
  2⤵
  PID:1552
- C:\Windows\System\kOHinhF.exe
  C:\Windows\System\kOHinhF.exe
  2⤵
  PID:2136
- C:\Windows\System\DkNUSQi.exe
  C:\Windows\System\DkNUSQi.exe
  2⤵
  PID:2804
- C:\Windows\System\wlWEmJA.exe
  C:\Windows\System\wlWEmJA.exe
  2⤵
  PID:1140
- C:\Windows\System\XhMFFhN.exe
  C:\Windows\System\XhMFFhN.exe
  2⤵
  PID:2660
- C:\Windows\System\VBypeGj.exe
  C:\Windows\System\VBypeGj.exe
  2⤵
  PID:1592
- C:\Windows\System\FiymroG.exe
  C:\Windows\System\FiymroG.exe
  2⤵
  PID:2208
- C:\Windows\System\oetpcfU.exe
  C:\Windows\System\oetpcfU.exe
  2⤵
  PID:2924
- C:\Windows\System\aUhehjF.exe
  C:\Windows\System\aUhehjF.exe
  2⤵
  PID:696
- C:\Windows\System\PNsBARB.exe
  C:\Windows\System\PNsBARB.exe
  2⤵
  PID:1912
- C:\Windows\System\uwisyhO.exe
  C:\Windows\System\uwisyhO.exe
  2⤵
  PID:2316
- C:\Windows\System\TlVjySu.exe
  C:\Windows\System\TlVjySu.exe
  2⤵
  PID:2496
- C:\Windows\System\HkeKZPW.exe
  C:\Windows\System\HkeKZPW.exe
  2⤵
  PID:2520
- C:\Windows\System\JArAjis.exe
  C:\Windows\System\JArAjis.exe
  2⤵
  PID:2252
- C:\Windows\System\CdWCVmr.exe
  C:\Windows\System\CdWCVmr.exe
  2⤵
  PID:2664
- C:\Windows\System\lDEiiJR.exe
  C:\Windows\System\lDEiiJR.exe
  2⤵
  PID:2596
- C:\Windows\System\wXxdoJO.exe
  C:\Windows\System\wXxdoJO.exe
  2⤵
  PID:2624
- C:\Windows\System\DxWInGX.exe
  C:\Windows\System\DxWInGX.exe
  2⤵
  PID:1848
- C:\Windows\System\aZqrJas.exe
  C:\Windows\System\aZqrJas.exe
  2⤵
  PID:2076
- C:\Windows\System\cmyTaqK.exe
  C:\Windows\System\cmyTaqK.exe
  2⤵
  PID:3080
- C:\Windows\System\XxGThMA.exe
  C:\Windows\System\XxGThMA.exe
  2⤵
  PID:3096
- C:\Windows\System\cXzrFPL.exe
  C:\Windows\System\cXzrFPL.exe
  2⤵
  PID:3116
- C:\Windows\System\YNQZTJf.exe
  C:\Windows\System\YNQZTJf.exe
  2⤵
  PID:3140
- C:\Windows\System\Zrxvajf.exe
  C:\Windows\System\Zrxvajf.exe
  2⤵
  PID:3160
- C:\Windows\System\Uyvtmtm.exe
  C:\Windows\System\Uyvtmtm.exe
  2⤵
  PID:3176
- C:\Windows\System\yoefAjE.exe
  C:\Windows\System\yoefAjE.exe
  2⤵
  PID:3204
- C:\Windows\System\twlFnBW.exe
  C:\Windows\System\twlFnBW.exe
  2⤵
  PID:3224
- C:\Windows\System\GwwKLnW.exe
  C:\Windows\System\GwwKLnW.exe
  2⤵
  PID:3244
- C:\Windows\System\JQNbsUG.exe
  C:\Windows\System\JQNbsUG.exe
  2⤵
  PID:3264
- C:\Windows\System\CCiaALP.exe
  C:\Windows\System\CCiaALP.exe
  2⤵
  PID:3284
- C:\Windows\System\FrwYImN.exe
  C:\Windows\System\FrwYImN.exe
  2⤵
  PID:3304
- C:\Windows\System\wNdiYvy.exe
  C:\Windows\System\wNdiYvy.exe
  2⤵
  PID:3324
- C:\Windows\System\TqRJvFI.exe
  C:\Windows\System\TqRJvFI.exe
  2⤵
  PID:3340
- C:\Windows\System\wxSoLIv.exe
  C:\Windows\System\wxSoLIv.exe
  2⤵
  PID:3364
- C:\Windows\System\RUqdBCf.exe
  C:\Windows\System\RUqdBCf.exe
  2⤵
  PID:3384
- C:\Windows\System\UNgfnOr.exe
  C:\Windows\System\UNgfnOr.exe
  2⤵
  PID:3404
- C:\Windows\System\zHogWgS.exe
  C:\Windows\System\zHogWgS.exe
  2⤵
  PID:3420
- C:\Windows\System\UDUQWos.exe
  C:\Windows\System\UDUQWos.exe
  2⤵
  PID:3444
- C:\Windows\System\dnfeuXO.exe
  C:\Windows\System\dnfeuXO.exe
  2⤵
  PID:3464
- C:\Windows\System\JejyJas.exe
  C:\Windows\System\JejyJas.exe
  2⤵
  PID:3484
- C:\Windows\System\teMzeOW.exe
  C:\Windows\System\teMzeOW.exe
  2⤵
  PID:3500
- C:\Windows\System\cerGIjs.exe
  C:\Windows\System\cerGIjs.exe
  2⤵
  PID:3524
- C:\Windows\System\JQCBjVS.exe
  C:\Windows\System\JQCBjVS.exe
  2⤵
  PID:3540
- C:\Windows\System\yOkSdYE.exe
  C:\Windows\System\yOkSdYE.exe
  2⤵
  PID:3560
- C:\Windows\System\IfpUzrS.exe
  C:\Windows\System\IfpUzrS.exe
  2⤵
  PID:3584
- C:\Windows\System\YuUghAa.exe
  C:\Windows\System\YuUghAa.exe
  2⤵
  PID:3604
- C:\Windows\System\MNsczXW.exe
  C:\Windows\System\MNsczXW.exe
  2⤵
  PID:3620
- C:\Windows\System\FVLQJHU.exe
  C:\Windows\System\FVLQJHU.exe
  2⤵
  PID:3648
- C:\Windows\System\kxawgOf.exe
  C:\Windows\System\kxawgOf.exe
  2⤵
  PID:3664
- C:\Windows\System\jniyaLr.exe
  C:\Windows\System\jniyaLr.exe
  2⤵
  PID:3684
- C:\Windows\System\wIcAoiP.exe
  C:\Windows\System\wIcAoiP.exe
  2⤵
  PID:3704
- C:\Windows\System\RPgmAne.exe
  C:\Windows\System\RPgmAne.exe
  2⤵
  PID:3724
- C:\Windows\System\dCkFXJN.exe
  C:\Windows\System\dCkFXJN.exe
  2⤵
  PID:3744
- C:\Windows\System\qMLMvvQ.exe
  C:\Windows\System\qMLMvvQ.exe
  2⤵
  PID:3764
- C:\Windows\System\GSqcjPa.exe
  C:\Windows\System\GSqcjPa.exe
  2⤵
  PID:3788
- C:\Windows\System\OolyXdc.exe
  C:\Windows\System\OolyXdc.exe
  2⤵
  PID:3808
- C:\Windows\System\KXwjysS.exe
  C:\Windows\System\KXwjysS.exe
  2⤵
  PID:3828
- C:\Windows\System\OQdcGDE.exe
  C:\Windows\System\OQdcGDE.exe
  2⤵
  PID:3848
- C:\Windows\System\afUxJem.exe
  C:\Windows\System\afUxJem.exe
  2⤵
  PID:3864
- C:\Windows\System\cyAorbT.exe
  C:\Windows\System\cyAorbT.exe
  2⤵
  PID:3884
- C:\Windows\System\ggDoIcs.exe
  C:\Windows\System\ggDoIcs.exe
  2⤵
  PID:3908
- C:\Windows\System\IuAnkdB.exe
  C:\Windows\System\IuAnkdB.exe
  2⤵
  PID:3932
- C:\Windows\System\dZjHvje.exe
  C:\Windows\System\dZjHvje.exe
  2⤵
  PID:3948
- C:\Windows\System\EdFMTer.exe
  C:\Windows\System\EdFMTer.exe
  2⤵
  PID:3968
- C:\Windows\System\hKPQgnE.exe
  C:\Windows\System\hKPQgnE.exe
  2⤵
  PID:3992
- C:\Windows\System\RdrQCkv.exe
  C:\Windows\System\RdrQCkv.exe
  2⤵
  PID:4012
- C:\Windows\System\mWEeXgg.exe
  C:\Windows\System\mWEeXgg.exe
  2⤵
  PID:4028
- C:\Windows\System\WjuVctE.exe
  C:\Windows\System\WjuVctE.exe
  2⤵
  PID:4052
- C:\Windows\System\kEOWrfk.exe
  C:\Windows\System\kEOWrfk.exe
  2⤵
  PID:4068
- C:\Windows\System\SsDtvWd.exe
  C:\Windows\System\SsDtvWd.exe
  2⤵
  PID:4088
- C:\Windows\System\ZRiYKDb.exe
  C:\Windows\System\ZRiYKDb.exe
  2⤵
  PID:764
- C:\Windows\System\uuZdJGX.exe
  C:\Windows\System\uuZdJGX.exe
  2⤵
  PID:2500
- C:\Windows\System\gOIqaDK.exe
  C:\Windows\System\gOIqaDK.exe
  2⤵
  PID:392
- C:\Windows\System\PTzFJSu.exe
  C:\Windows\System\PTzFJSu.exe
  2⤵
  PID:3108
- C:\Windows\System\nieEICl.exe
  C:\Windows\System\nieEICl.exe
  2⤵
  PID:3092
- C:\Windows\System\qgoXtKH.exe
  C:\Windows\System\qgoXtKH.exe
  2⤵
  PID:3132
- C:\Windows\System\TBTTlEN.exe
  C:\Windows\System\TBTTlEN.exe
  2⤵
  PID:3168
- C:\Windows\System\mWeOBPV.exe
  C:\Windows\System\mWeOBPV.exe
  2⤵
  PID:3212
- C:\Windows\System\NwKoOHc.exe
  C:\Windows\System\NwKoOHc.exe
  2⤵
  PID:3276
- C:\Windows\System\pbwcwxL.exe
  C:\Windows\System\pbwcwxL.exe
  2⤵
  PID:3312
- C:\Windows\System\OgKBEqC.exe
  C:\Windows\System\OgKBEqC.exe
  2⤵
  PID:3300
- C:\Windows\System\PcXcPrE.exe
  C:\Windows\System\PcXcPrE.exe
  2⤵
  PID:3336
- C:\Windows\System\TUSXGrF.exe
  C:\Windows\System\TUSXGrF.exe
  2⤵
  PID:3396
- C:\Windows\System\hwUmaTf.exe
  C:\Windows\System\hwUmaTf.exe
  2⤵
  PID:3436
- C:\Windows\System\NZnBmbK.exe
  C:\Windows\System\NZnBmbK.exe
  2⤵
  PID:3416
- C:\Windows\System\MnectBS.exe
  C:\Windows\System\MnectBS.exe
  2⤵
  PID:3460
- C:\Windows\System\HTNoXUH.exe
  C:\Windows\System\HTNoXUH.exe
  2⤵
  PID:3512
- C:\Windows\System\zTbHdxQ.exe
  C:\Windows\System\zTbHdxQ.exe
  2⤵
  PID:3556
- C:\Windows\System\OqdwyXU.exe
  C:\Windows\System\OqdwyXU.exe
  2⤵
  PID:3596
- C:\Windows\System\yESmPDF.exe
  C:\Windows\System\yESmPDF.exe
  2⤵
  PID:3632
- C:\Windows\System\nKxCNrn.exe
  C:\Windows\System\nKxCNrn.exe
  2⤵
  PID:3612
- C:\Windows\System\cKgzjmK.exe
  C:\Windows\System\cKgzjmK.exe
  2⤵
  PID:3712
- C:\Windows\System\bvKfhjV.exe
  C:\Windows\System\bvKfhjV.exe
  2⤵
  PID:3692
- C:\Windows\System\ktTzJeB.exe
  C:\Windows\System\ktTzJeB.exe
  2⤵
  PID:3740
- C:\Windows\System\adsatGZ.exe
  C:\Windows\System\adsatGZ.exe
  2⤵
  PID:3804
- C:\Windows\System\nfmgXiv.exe
  C:\Windows\System\nfmgXiv.exe
  2⤵
  PID:3836
- C:\Windows\System\meaNDSO.exe
  C:\Windows\System\meaNDSO.exe
  2⤵
  PID:3880
- C:\Windows\System\UcNhSVd.exe
  C:\Windows\System\UcNhSVd.exe
  2⤵
  PID:3916
- C:\Windows\System\WaYBuvp.exe
  C:\Windows\System\WaYBuvp.exe
  2⤵
  PID:3920
- C:\Windows\System\baKzAaW.exe
  C:\Windows\System\baKzAaW.exe
  2⤵
  PID:3960
- C:\Windows\System\RRrZedQ.exe
  C:\Windows\System\RRrZedQ.exe
  2⤵
  PID:3944
- C:\Windows\System\rKHWmYl.exe
  C:\Windows\System\rKHWmYl.exe
  2⤵
  PID:4044
- C:\Windows\System\ZwnHZco.exe
  C:\Windows\System\ZwnHZco.exe
  2⤵
  PID:4024
- C:\Windows\System\pGelhuU.exe
  C:\Windows\System\pGelhuU.exe
  2⤵
  PID:4064
- C:\Windows\System\uFDXgcD.exe
  C:\Windows\System\uFDXgcD.exe
  2⤵
  PID:296
- C:\Windows\System\NOWGfTA.exe
  C:\Windows\System\NOWGfTA.exe
  2⤵
  PID:376
- C:\Windows\System\asDxyWD.exe
  C:\Windows\System\asDxyWD.exe
  2⤵
  PID:1084
- C:\Windows\System\aavCMiS.exe
  C:\Windows\System\aavCMiS.exe
  2⤵
  PID:2832
- C:\Windows\System\fMoYzeG.exe
  C:\Windows\System\fMoYzeG.exe
  2⤵
  PID:3188
- C:\Windows\System\VpWSLbI.exe
  C:\Windows\System\VpWSLbI.exe
  2⤵
  PID:3272
- C:\Windows\System\YnCJOsi.exe
  C:\Windows\System\YnCJOsi.exe
  2⤵
  PID:3332
- C:\Windows\System\FwIDoPn.exe
  C:\Windows\System\FwIDoPn.exe
  2⤵
  PID:3292
- C:\Windows\System\YlpZrwm.exe
  C:\Windows\System\YlpZrwm.exe
  2⤵
  PID:3480
- C:\Windows\System\ZjVleRQ.exe
  C:\Windows\System\ZjVleRQ.exe
  2⤵
  PID:3400
- C:\Windows\System\ErPjBZY.exe
  C:\Windows\System\ErPjBZY.exe
  2⤵
  PID:3492
- C:\Windows\System\MdkYKom.exe
  C:\Windows\System\MdkYKom.exe
  2⤵
  PID:3508
- C:\Windows\System\ccXgKGR.exe
  C:\Windows\System\ccXgKGR.exe
  2⤵
  PID:3600
- C:\Windows\System\kQovyFy.exe
  C:\Windows\System\kQovyFy.exe
  2⤵
  PID:3580
- C:\Windows\System\FGzzQob.exe
  C:\Windows\System\FGzzQob.exe
  2⤵
  PID:3752
- C:\Windows\System\ffeASgA.exe
  C:\Windows\System\ffeASgA.exe
  2⤵
  PID:1072
- C:\Windows\System\IbvlXBJ.exe
  C:\Windows\System\IbvlXBJ.exe
  2⤵
  PID:3076
- C:\Windows\System\KrpkrGL.exe
  C:\Windows\System\KrpkrGL.exe
  2⤵
  PID:2684
- C:\Windows\System\ETwzEYx.exe
  C:\Windows\System\ETwzEYx.exe
  2⤵
  PID:2336
- C:\Windows\System\eCshwBY.exe
  C:\Windows\System\eCshwBY.exe
  2⤵
  PID:3892
- C:\Windows\System\qvjKsZS.exe
  C:\Windows\System\qvjKsZS.exe
  2⤵
  PID:3820
- C:\Windows\System\mPeTWCh.exe
  C:\Windows\System\mPeTWCh.exe
  2⤵
  PID:3964
- C:\Windows\System\LChAicZ.exe
  C:\Windows\System\LChAicZ.exe
  2⤵
  PID:3840
- C:\Windows\System\cRnCgUW.exe
  C:\Windows\System\cRnCgUW.exe
  2⤵
  PID:4008
- C:\Windows\System\apaeQgk.exe
  C:\Windows\System\apaeQgk.exe
  2⤵
  PID:4060
- C:\Windows\System\zkizlWl.exe
  C:\Windows\System\zkizlWl.exe
  2⤵
  PID:4076
- C:\Windows\System\GJCofqG.exe
  C:\Windows\System\GJCofqG.exe
  2⤵
  PID:3988
- C:\Windows\System\OWWXDFi.exe
  C:\Windows\System\OWWXDFi.exe
  2⤵
  PID:3232
- C:\Windows\System\eEiJjHk.exe
  C:\Windows\System\eEiJjHk.exe
  2⤵
  PID:2124
- C:\Windows\System\OKsrKLd.exe
  C:\Windows\System\OKsrKLd.exe
  2⤵
  PID:1720
- C:\Windows\System\sbzBaWl.exe
  C:\Windows\System\sbzBaWl.exe
  2⤵
  PID:1804
- C:\Windows\System\dKyiFHv.exe
  C:\Windows\System\dKyiFHv.exe
  2⤵
  PID:672
- C:\Windows\System\wiAqkfh.exe
  C:\Windows\System\wiAqkfh.exe
  2⤵
  PID:688
- C:\Windows\System\YSHpmlQ.exe
  C:\Windows\System\YSHpmlQ.exe
  2⤵
  PID:2308
- C:\Windows\System\kIMVxLx.exe
  C:\Windows\System\kIMVxLx.exe
  2⤵
  PID:3348
- C:\Windows\System\JZXSCGS.exe
  C:\Windows\System\JZXSCGS.exe
  2⤵
  PID:3412
- C:\Windows\System\JnROUNU.exe
  C:\Windows\System\JnROUNU.exe
  2⤵
  PID:3636
- C:\Windows\System\HeRYzEc.exe
  C:\Windows\System\HeRYzEc.exe
  2⤵
  PID:3576
- C:\Windows\System\fuKCfpU.exe
  C:\Windows\System\fuKCfpU.exe
  2⤵
  PID:3680
- C:\Windows\System\tbKDcBg.exe
  C:\Windows\System\tbKDcBg.exe
  2⤵
  PID:3716
- C:\Windows\System\LMrJlNT.exe
  C:\Windows\System\LMrJlNT.exe
  2⤵
  PID:3816
- C:\Windows\System\DZGlaaJ.exe
  C:\Windows\System\DZGlaaJ.exe
  2⤵
  PID:3036
- C:\Windows\System\tTwYLHq.exe
  C:\Windows\System\tTwYLHq.exe
  2⤵
  PID:3136
- C:\Windows\System\hVGWMFO.exe
  C:\Windows\System\hVGWMFO.exe
  2⤵
  PID:4036
- C:\Windows\System\hJfpHsD.exe
  C:\Windows\System\hJfpHsD.exe
  2⤵
  PID:3252
- C:\Windows\System\QGNMmnb.exe
  C:\Windows\System\QGNMmnb.exe
  2⤵
  PID:3104
- C:\Windows\System\poqKkjp.exe
  C:\Windows\System\poqKkjp.exe
  2⤵
  PID:1768
- C:\Windows\System\KWLhYKY.exe
  C:\Windows\System\KWLhYKY.exe
  2⤵
  PID:2800
- C:\Windows\System\ggYjAit.exe
  C:\Windows\System\ggYjAit.exe
  2⤵
  PID:3900
- C:\Windows\System\CFHCiZa.exe
  C:\Windows\System\CFHCiZa.exe
  2⤵
  PID:4020
- C:\Windows\System\yYqhZcN.exe
  C:\Windows\System\yYqhZcN.exe
  2⤵
  PID:3628
- C:\Windows\System\eTALFTp.exe
  C:\Windows\System\eTALFTp.exe
  2⤵
  PID:3056
- C:\Windows\System\beZhZVL.exe
  C:\Windows\System\beZhZVL.exe
  2⤵
  PID:3236
- C:\Windows\System\drZEfVq.exe
  C:\Windows\System\drZEfVq.exe
  2⤵
  PID:1316
- C:\Windows\System\xdAUHPP.exe
  C:\Windows\System\xdAUHPP.exe
  2⤵
  PID:3428
- C:\Windows\System\KBivuoh.exe
  C:\Windows\System\KBivuoh.exe
  2⤵
  PID:3784
- C:\Windows\System\FoDMlHe.exe
  C:\Windows\System\FoDMlHe.exe
  2⤵
  PID:3736
- C:\Windows\System\csiGswH.exe
  C:\Windows\System\csiGswH.exe
  2⤵
  PID:4040
- C:\Windows\System\tpUrqLj.exe
  C:\Windows\System\tpUrqLj.exe
  2⤵
  PID:4204
- C:\Windows\System\mJwWpvQ.exe
  C:\Windows\System\mJwWpvQ.exe
  2⤵
  PID:4220
- C:\Windows\System\zDApgBF.exe
  C:\Windows\System\zDApgBF.exe
  2⤵
  PID:4240
- C:\Windows\System\IrySQOh.exe
  C:\Windows\System\IrySQOh.exe
  2⤵
  PID:4256
- C:\Windows\System\LWwFhKs.exe
  C:\Windows\System\LWwFhKs.exe
  2⤵
  PID:4272
- C:\Windows\System\TzCRddT.exe
  C:\Windows\System\TzCRddT.exe
  2⤵
  PID:4288
- C:\Windows\System\qXLmafw.exe
  C:\Windows\System\qXLmafw.exe
  2⤵
  PID:4304
- C:\Windows\System\SWgMGWL.exe
  C:\Windows\System\SWgMGWL.exe
  2⤵
  PID:4320
- C:\Windows\System\URWgotF.exe
  C:\Windows\System\URWgotF.exe
  2⤵
  PID:4336
- C:\Windows\System\wZWZFEi.exe
  C:\Windows\System\wZWZFEi.exe
  2⤵
  PID:4360
- C:\Windows\System\vjuCiIp.exe
  C:\Windows\System\vjuCiIp.exe
  2⤵
  PID:4376
- C:\Windows\System\JXNDGal.exe
  C:\Windows\System\JXNDGal.exe
  2⤵
  PID:4408
- C:\Windows\System\wEspOKN.exe
  C:\Windows\System\wEspOKN.exe
  2⤵
  PID:4444
- C:\Windows\System\imPkzia.exe
  C:\Windows\System\imPkzia.exe
  2⤵
  PID:4460
- C:\Windows\System\mZQrfzy.exe
  C:\Windows\System\mZQrfzy.exe
  2⤵
  PID:4476
- C:\Windows\System\kQvpZSd.exe
  C:\Windows\System\kQvpZSd.exe
  2⤵
  PID:4516
- C:\Windows\System\ofonVGZ.exe
  C:\Windows\System\ofonVGZ.exe
  2⤵
  PID:4532
- C:\Windows\System\SkoRaGY.exe
  C:\Windows\System\SkoRaGY.exe
  2⤵
  PID:4548
- C:\Windows\System\gnThweF.exe
  C:\Windows\System\gnThweF.exe
  2⤵
  PID:4564
- C:\Windows\System\BeFBpPO.exe
  C:\Windows\System\BeFBpPO.exe
  2⤵
  PID:4580
- C:\Windows\System\KZxJRCK.exe
  C:\Windows\System\KZxJRCK.exe
  2⤵
  PID:4596
- C:\Windows\System\lQlNEHx.exe
  C:\Windows\System\lQlNEHx.exe
  2⤵
  PID:4612
- C:\Windows\System\ZXZkdij.exe
  C:\Windows\System\ZXZkdij.exe
  2⤵
  PID:4632
- C:\Windows\System\GSMRjju.exe
  C:\Windows\System\GSMRjju.exe
  2⤵
  PID:4648
- C:\Windows\System\TcCLOEt.exe
  C:\Windows\System\TcCLOEt.exe
  2⤵
  PID:4676
- C:\Windows\System\LEMBSsE.exe
  C:\Windows\System\LEMBSsE.exe
  2⤵
  PID:4708
- C:\Windows\System\ILNrMwh.exe
  C:\Windows\System\ILNrMwh.exe
  2⤵
  PID:4728
- C:\Windows\System\XuUUcIj.exe
  C:\Windows\System\XuUUcIj.exe
  2⤵
  PID:4744
- C:\Windows\System\kGvMPZe.exe
  C:\Windows\System\kGvMPZe.exe
  2⤵
  PID:4764
- C:\Windows\System\gyQOoaG.exe
  C:\Windows\System\gyQOoaG.exe
  2⤵
  PID:4804
- C:\Windows\System\nvxTomk.exe
  C:\Windows\System\nvxTomk.exe
  2⤵
  PID:4820
- C:\Windows\System\zourKGf.exe
  C:\Windows\System\zourKGf.exe
  2⤵
  PID:4840
- C:\Windows\System\XARhujY.exe
  C:\Windows\System\XARhujY.exe
  2⤵
  PID:4856
- C:\Windows\System\eduIryb.exe
  C:\Windows\System\eduIryb.exe
  2⤵
  PID:4872
- C:\Windows\System\tdgJPOE.exe
  C:\Windows\System\tdgJPOE.exe
  2⤵
  PID:4888
- C:\Windows\System\hXtOWNk.exe
  C:\Windows\System\hXtOWNk.exe
  2⤵
  PID:4904
- C:\Windows\System\STnSPyu.exe
  C:\Windows\System\STnSPyu.exe
  2⤵
  PID:4920
- C:\Windows\System\NYyNUvS.exe
  C:\Windows\System\NYyNUvS.exe
  2⤵
  PID:4940
- C:\Windows\System\QxQFXki.exe
  C:\Windows\System\QxQFXki.exe
  2⤵
  PID:4964
- C:\Windows\System\jFVYybJ.exe
  C:\Windows\System\jFVYybJ.exe
  2⤵
  PID:4980
- C:\Windows\System\nvAoNJd.exe
  C:\Windows\System\nvAoNJd.exe
  2⤵
  PID:4996
- C:\Windows\System\vpnuHHj.exe
  C:\Windows\System\vpnuHHj.exe
  2⤵
  PID:5012
- C:\Windows\System\jGWbfMc.exe
  C:\Windows\System\jGWbfMc.exe
  2⤵
  PID:5032
- C:\Windows\System\axblziC.exe
  C:\Windows\System\axblziC.exe
  2⤵
  PID:5052
- C:\Windows\System\jmHQOrF.exe
  C:\Windows\System\jmHQOrF.exe
  2⤵
  PID:5068
- C:\Windows\System\mdiUEjZ.exe
  C:\Windows\System\mdiUEjZ.exe
  2⤵
  PID:5088
- C:\Windows\System\fTMMkMH.exe
  C:\Windows\System\fTMMkMH.exe
  2⤵
  PID:5104
- C:\Windows\System\wFKwhIS.exe
  C:\Windows\System\wFKwhIS.exe
  2⤵
  PID:3256
- C:\Windows\System\pcnzfuz.exe
  C:\Windows\System\pcnzfuz.exe
  2⤵
  PID:2372
- C:\Windows\System\pQIFCDz.exe
  C:\Windows\System\pQIFCDz.exe
  2⤵
  PID:2936
- C:\Windows\System\lyEnTLZ.exe
  C:\Windows\System\lyEnTLZ.exe
  2⤵
  PID:4116
- C:\Windows\System\qwEZcyK.exe
  C:\Windows\System\qwEZcyK.exe
  2⤵
  PID:4132
- C:\Windows\System\VQoEaLR.exe
  C:\Windows\System\VQoEaLR.exe
  2⤵
  PID:4144
- C:\Windows\System\WLtcSyZ.exe
  C:\Windows\System\WLtcSyZ.exe
  2⤵
  PID:3824
- C:\Windows\System\wYXlWFn.exe
  C:\Windows\System\wYXlWFn.exe
  2⤵
  PID:4160
- C:\Windows\System\TKbgvJU.exe
  C:\Windows\System\TKbgvJU.exe
  2⤵
  PID:4152
- C:\Windows\System\NfVtlXn.exe
  C:\Windows\System\NfVtlXn.exe
  2⤵
  PID:4180
- C:\Windows\System\mHJMgUR.exe
  C:\Windows\System\mHJMgUR.exe
  2⤵
  PID:4200
- C:\Windows\System\MmacBqO.exe
  C:\Windows\System\MmacBqO.exe
  2⤵
  PID:4252
- C:\Windows\System\mAGcyZF.exe
  C:\Windows\System\mAGcyZF.exe
  2⤵
  PID:4280
- C:\Windows\System\oEkyutz.exe
  C:\Windows\System\oEkyutz.exe
  2⤵
  PID:4348
- C:\Windows\System\nFvrHZm.exe
  C:\Windows\System\nFvrHZm.exe
  2⤵
  PID:4356
- C:\Windows\System\Pqwjwpk.exe
  C:\Windows\System\Pqwjwpk.exe
  2⤵
  PID:4264
- C:\Windows\System\OsVOFKl.exe
  C:\Windows\System\OsVOFKl.exe
  2⤵
  PID:4440
- C:\Windows\System\JUvKQtt.exe
  C:\Windows\System\JUvKQtt.exe
  2⤵
  PID:4416
- C:\Windows\System\fzKxwoz.exe
  C:\Windows\System\fzKxwoz.exe
  2⤵
  PID:4488
- C:\Windows\System\PyvmZfn.exe
  C:\Windows\System\PyvmZfn.exe
  2⤵
  PID:4528
- C:\Windows\System\InFfukC.exe
  C:\Windows\System\InFfukC.exe
  2⤵
  PID:4576
- C:\Windows\System\lwUCKIZ.exe
  C:\Windows\System\lwUCKIZ.exe
  2⤵
  PID:4644
- C:\Windows\System\xJtWUOL.exe
  C:\Windows\System\xJtWUOL.exe
  2⤵
  PID:4672
- C:\Windows\System\GTPJSaW.exe
  C:\Windows\System\GTPJSaW.exe
  2⤵
  PID:4692
- C:\Windows\System\FknHrba.exe
  C:\Windows\System\FknHrba.exe
  2⤵
  PID:4740
- C:\Windows\System\XuqXunX.exe
  C:\Windows\System\XuqXunX.exe
  2⤵
  PID:4720
- C:\Windows\System\pKKEAfA.exe
  C:\Windows\System\pKKEAfA.exe
  2⤵
  PID:4752
- C:\Windows\System\AudlsMt.exe
  C:\Windows\System\AudlsMt.exe
  2⤵
  PID:4928
- C:\Windows\System\UvoNnHH.exe
  C:\Windows\System\UvoNnHH.exe
  2⤵
  PID:5040
- C:\Windows\System\anyFDZG.exe
  C:\Windows\System\anyFDZG.exe
  2⤵
  PID:5112
- C:\Windows\System\wCAeEPK.exe
  C:\Windows\System\wCAeEPK.exe
  2⤵
  PID:4816
- C:\Windows\System\cmHAQWB.exe
  C:\Windows\System\cmHAQWB.exe
  2⤵
  PID:5064
- C:\Windows\System\spHDDFC.exe
  C:\Windows\System\spHDDFC.exe
  2⤵
  PID:4988
- C:\Windows\System\yIXQFuq.exe
  C:\Windows\System\yIXQFuq.exe
  2⤵
  PID:4912
- C:\Windows\System\nfVebMt.exe
  C:\Windows\System\nfVebMt.exe
  2⤵
  PID:4004
- C:\Windows\System\hmmritd.exe
  C:\Windows\System\hmmritd.exe
  2⤵
  PID:3800
- C:\Windows\System\dXivSno.exe
  C:\Windows\System\dXivSno.exe
  2⤵
  PID:4080
- C:\Windows\System\reKfIwH.exe
  C:\Windows\System\reKfIwH.exe
  2⤵
  PID:4128
- C:\Windows\System\voizSQp.exe
  C:\Windows\System\voizSQp.exe
  2⤵
  PID:4196
- C:\Windows\System\xYkiYTy.exe
  C:\Windows\System\xYkiYTy.exe
  2⤵
  PID:4332
- C:\Windows\System\ANtYufW.exe
  C:\Windows\System\ANtYufW.exe
  2⤵
  PID:4500
- C:\Windows\System\YpPgjTt.exe
  C:\Windows\System\YpPgjTt.exe
  2⤵
  PID:4108
- C:\Windows\System\DttBuvS.exe
  C:\Windows\System\DttBuvS.exe
  2⤵
  PID:4456
- C:\Windows\System\vTtIPOH.exe
  C:\Windows\System\vTtIPOH.exe
  2⤵
  PID:4508
- C:\Windows\System\PEhkMuj.exe
  C:\Windows\System\PEhkMuj.exe
  2⤵
  PID:4704
- C:\Windows\System\IYZfwXa.exe
  C:\Windows\System\IYZfwXa.exe
  2⤵
  PID:4156
- C:\Windows\System\ZAHzHWh.exe
  C:\Windows\System\ZAHzHWh.exe
  2⤵
  PID:4248
- C:\Windows\System\uoMEJhp.exe
  C:\Windows\System\uoMEJhp.exe
  2⤵
  PID:4236
- C:\Windows\System\jAwabOS.exe
  C:\Windows\System\jAwabOS.exe
  2⤵
  PID:4544
- C:\Windows\System\pbCPZee.exe
  C:\Windows\System\pbCPZee.exe
  2⤵
  PID:4640
- C:\Windows\System\xmKxMsi.exe
  C:\Windows\System\xmKxMsi.exe
  2⤵
  PID:4792
- C:\Windows\System\dicXCjc.exe
  C:\Windows\System\dicXCjc.exe
  2⤵
  PID:4684
- C:\Windows\System\nLCEnDI.exe
  C:\Windows\System\nLCEnDI.exe
  2⤵
  PID:4972
- C:\Windows\System\IZDvdbR.exe
  C:\Windows\System\IZDvdbR.exe
  2⤵
  PID:5084
- C:\Windows\System\uWvFnuG.exe
  C:\Windows\System\uWvFnuG.exe
  2⤵
  PID:5028
- C:\Windows\System\zqIwTGW.exe
  C:\Windows\System\zqIwTGW.exe
  2⤵
  PID:4992
- C:\Windows\System\CUZgdkX.exe
  C:\Windows\System\CUZgdkX.exe
  2⤵
  PID:840
- C:\Windows\System\OeuJcnw.exe
  C:\Windows\System\OeuJcnw.exe
  2⤵
  PID:3376
- C:\Windows\System\QgKZaUK.exe
  C:\Windows\System\QgKZaUK.exe
  2⤵
  PID:4104
- C:\Windows\System\zlglcVE.exe
  C:\Windows\System\zlglcVE.exe
  2⤵
  PID:3860
- C:\Windows\System\lmKSUFC.exe
  C:\Windows\System\lmKSUFC.exe
  2⤵
  PID:4624
- C:\Windows\System\XMLKuCF.exe
  C:\Windows\System\XMLKuCF.exe
  2⤵
  PID:4700
- C:\Windows\System\hGorngT.exe
  C:\Windows\System\hGorngT.exe
  2⤵
  PID:4232
- C:\Windows\System\esJrgHZ.exe
  C:\Windows\System\esJrgHZ.exe
  2⤵
  PID:4344
- C:\Windows\System\HLppmRD.exe
  C:\Windows\System\HLppmRD.exe
  2⤵
  PID:4472
- C:\Windows\System\lgNTCjM.exe
  C:\Windows\System\lgNTCjM.exe
  2⤵
  PID:5004
- C:\Windows\System\YqmTaiO.exe
  C:\Windows\System\YqmTaiO.exe
  2⤵
  PID:4936
- C:\Windows\System\foUqllv.exe
  C:\Windows\System\foUqllv.exe
  2⤵
  PID:4956
- C:\Windows\System\cwDZYBj.exe
  C:\Windows\System\cwDZYBj.exe
  2⤵
  PID:4716
- C:\Windows\System\iexmeMU.exe
  C:\Windows\System\iexmeMU.exe
  2⤵
  PID:3356
- C:\Windows\System\YMZtzQu.exe
  C:\Windows\System\YMZtzQu.exe
  2⤵
  PID:4492
- C:\Windows\System\gLyuWdY.exe
  C:\Windows\System\gLyuWdY.exe
  2⤵
  PID:4400
- C:\Windows\System\aopAANx.exe
  C:\Windows\System\aopAANx.exe
  2⤵
  PID:4504
- C:\Windows\System\qrXHUOs.exe
  C:\Windows\System\qrXHUOs.exe
  2⤵
  PID:4800
- C:\Windows\System\eZFHsVc.exe
  C:\Windows\System\eZFHsVc.exe
  2⤵
  PID:4952
- C:\Windows\System\aSmsLpF.exe
  C:\Windows\System\aSmsLpF.exe
  2⤵
  PID:4436
- C:\Windows\System\djIsOSr.exe
  C:\Windows\System\djIsOSr.exe
  2⤵
  PID:4788
- C:\Windows\System\VNBYqTO.exe
  C:\Windows\System\VNBYqTO.exe
  2⤵
  PID:1748
- C:\Windows\System\VAzCAwA.exe
  C:\Windows\System\VAzCAwA.exe
  2⤵
  PID:4164
- C:\Windows\System\ktqKEQV.exe
  C:\Windows\System\ktqKEQV.exe
  2⤵
  PID:4316
- C:\Windows\System\FcrXVac.exe
  C:\Windows\System\FcrXVac.exe
  2⤵
  PID:5132
- C:\Windows\System\pAfXSqf.exe
  C:\Windows\System\pAfXSqf.exe
  2⤵
  PID:5148
- C:\Windows\System\vfRfsmh.exe
  C:\Windows\System\vfRfsmh.exe
  2⤵
  PID:5168
- C:\Windows\System\guUVKgZ.exe
  C:\Windows\System\guUVKgZ.exe
  2⤵
  PID:5188
- C:\Windows\System\YqIHCOy.exe
  C:\Windows\System\YqIHCOy.exe
  2⤵
  PID:5204
- C:\Windows\System\qgteZjt.exe
  C:\Windows\System\qgteZjt.exe
  2⤵
  PID:5220
- C:\Windows\System\FfJpJSH.exe
  C:\Windows\System\FfJpJSH.exe
  2⤵
  PID:5240
- C:\Windows\System\MajYvrW.exe
  C:\Windows\System\MajYvrW.exe
  2⤵
  PID:5256
- C:\Windows\System\Zycwsri.exe
  C:\Windows\System\Zycwsri.exe
  2⤵
  PID:5284
- C:\Windows\System\bcmtWwl.exe
  C:\Windows\System\bcmtWwl.exe
  2⤵
  PID:5304
- C:\Windows\System\SaBfvjk.exe
  C:\Windows\System\SaBfvjk.exe
  2⤵
  PID:5320
- C:\Windows\System\XxPfpvp.exe
  C:\Windows\System\XxPfpvp.exe
  2⤵
  PID:5372
- C:\Windows\System\mundosQ.exe
  C:\Windows\System\mundosQ.exe
  2⤵
  PID:5388
- C:\Windows\System\XNBYaEs.exe
  C:\Windows\System\XNBYaEs.exe
  2⤵
  PID:5404
- C:\Windows\System\TKrFRLl.exe
  C:\Windows\System\TKrFRLl.exe
  2⤵
  PID:5424
- C:\Windows\System\AbGJKmy.exe
  C:\Windows\System\AbGJKmy.exe
  2⤵
  PID:5440
- C:\Windows\System\dzdesPc.exe
  C:\Windows\System\dzdesPc.exe
  2⤵
  PID:5472
- C:\Windows\System\RRwcMcv.exe
  C:\Windows\System\RRwcMcv.exe
  2⤵
  PID:5488
- C:\Windows\System\jAJqeXD.exe
  C:\Windows\System\jAJqeXD.exe
  2⤵
  PID:5504
- C:\Windows\System\LinziPB.exe
  C:\Windows\System\LinziPB.exe
  2⤵
  PID:5520
- C:\Windows\System\smXtAqw.exe
  C:\Windows\System\smXtAqw.exe
  2⤵
  PID:5544
- C:\Windows\System\ahwFgvT.exe
  C:\Windows\System\ahwFgvT.exe
  2⤵
  PID:5564
- C:\Windows\System\oCmamXm.exe
  C:\Windows\System\oCmamXm.exe
  2⤵
  PID:5580
- C:\Windows\System\dlvDoOk.exe
  C:\Windows\System\dlvDoOk.exe
  2⤵
  PID:5596
- C:\Windows\System\IZAYMuW.exe
  C:\Windows\System\IZAYMuW.exe
  2⤵
  PID:5612
- C:\Windows\System\dLZTDUZ.exe
  C:\Windows\System\dLZTDUZ.exe
  2⤵
  PID:5628
- C:\Windows\System\XhKViHl.exe
  C:\Windows\System\XhKViHl.exe
  2⤵
  PID:5644
- C:\Windows\System\cHHgNzS.exe
  C:\Windows\System\cHHgNzS.exe
  2⤵
  PID:5660
- C:\Windows\System\mYjfpJl.exe
  C:\Windows\System\mYjfpJl.exe
  2⤵
  PID:5684
- C:\Windows\System\bYQXTNz.exe
  C:\Windows\System\bYQXTNz.exe
  2⤵
  PID:5732
- C:\Windows\System\DKwuicZ.exe
  C:\Windows\System\DKwuicZ.exe
  2⤵
  PID:5748
- C:\Windows\System\gLYZAUU.exe
  C:\Windows\System\gLYZAUU.exe
  2⤵
  PID:5768
- C:\Windows\System\YtJZnrg.exe
  C:\Windows\System\YtJZnrg.exe
  2⤵
  PID:5788
- C:\Windows\System\xsKTSIs.exe
  C:\Windows\System\xsKTSIs.exe
  2⤵
  PID:5812
- C:\Windows\System\PyCtzWy.exe
  C:\Windows\System\PyCtzWy.exe
  2⤵
  PID:5836
- C:\Windows\System\nxbmksQ.exe
  C:\Windows\System\nxbmksQ.exe
  2⤵
  PID:5852
- C:\Windows\System\kdjiZGf.exe
  C:\Windows\System\kdjiZGf.exe
  2⤵
  PID:5868
- C:\Windows\System\ILMQgsW.exe
  C:\Windows\System\ILMQgsW.exe
  2⤵
  PID:5888
- C:\Windows\System\horfwDS.exe
  C:\Windows\System\horfwDS.exe
  2⤵
  PID:5904
- C:\Windows\System\ROMWVsH.exe
  C:\Windows\System\ROMWVsH.exe
  2⤵
  PID:5924
- C:\Windows\System\StMmXHE.exe
  C:\Windows\System\StMmXHE.exe
  2⤵
  PID:5960
- C:\Windows\System\LKaTSrw.exe
  C:\Windows\System\LKaTSrw.exe
  2⤵
  PID:5976
- C:\Windows\System\stqDiyD.exe
  C:\Windows\System\stqDiyD.exe
  2⤵
  PID:5992
- C:\Windows\System\MNdNdlL.exe
  C:\Windows\System\MNdNdlL.exe
  2⤵
  PID:6008
- C:\Windows\System\jOtSSsv.exe
  C:\Windows\System\jOtSSsv.exe
  2⤵
  PID:6024
- C:\Windows\System\OWvHLqv.exe
  C:\Windows\System\OWvHLqv.exe
  2⤵
  PID:6044
- C:\Windows\System\tpBQxfI.exe
  C:\Windows\System\tpBQxfI.exe
  2⤵
  PID:6060
- C:\Windows\System\QHmiYLE.exe
  C:\Windows\System\QHmiYLE.exe
  2⤵
  PID:6076
- C:\Windows\System\zlmbrsV.exe
  C:\Windows\System\zlmbrsV.exe
  2⤵
  PID:6096
- C:\Windows\System\TeOVJrR.exe
  C:\Windows\System\TeOVJrR.exe
  2⤵
  PID:6120
- C:\Windows\System\dalWHln.exe
  C:\Windows\System\dalWHln.exe
  2⤵
  PID:6136
- C:\Windows\System\eWarHWJ.exe
  C:\Windows\System\eWarHWJ.exe
  2⤵
  PID:2928
- C:\Windows\System\RiCJENS.exe
  C:\Windows\System\RiCJENS.exe
  2⤵
  PID:5156
- C:\Windows\System\FPnrmtY.exe
  C:\Windows\System\FPnrmtY.exe
  2⤵
  PID:4864
- C:\Windows\System\qywbbNn.exe
  C:\Windows\System\qywbbNn.exe
  2⤵
  PID:4428
- C:\Windows\System\DBBYOVH.exe
  C:\Windows\System\DBBYOVH.exe
  2⤵
  PID:4656
- C:\Windows\System\hmNpcGD.exe
  C:\Windows\System\hmNpcGD.exe
  2⤵
  PID:4148
- C:\Windows\System\IjuHyqL.exe
  C:\Windows\System\IjuHyqL.exe
  2⤵
  PID:5316
- C:\Windows\System\BmuDxzV.exe
  C:\Windows\System\BmuDxzV.exe
  2⤵
  PID:5252
- C:\Windows\System\FPDPVjv.exe
  C:\Windows\System\FPDPVjv.exe
  2⤵
  PID:5448
- C:\Windows\System\ghynQQC.exe
  C:\Windows\System\ghynQQC.exe
  2⤵
  PID:5456
- C:\Windows\System\yBJVnFu.exe
  C:\Windows\System\yBJVnFu.exe
  2⤵
  PID:5332
- C:\Windows\System\QVZFsGt.exe
  C:\Windows\System\QVZFsGt.exe
  2⤵
  PID:5352
- C:\Windows\System\kszVNXr.exe
  C:\Windows\System\kszVNXr.exe
  2⤵
  PID:5368
- C:\Windows\System\piiiFly.exe
  C:\Windows\System\piiiFly.exe
  2⤵
  PID:5464
- C:\Windows\System\vRWGTxN.exe
  C:\Windows\System\vRWGTxN.exe
  2⤵
  PID:5480
- C:\Windows\System\XiLutlZ.exe
  C:\Windows\System\XiLutlZ.exe
  2⤵
  PID:5572
- C:\Windows\System\yKwhZXz.exe
  C:\Windows\System\yKwhZXz.exe
  2⤵
  PID:5672
- C:\Windows\System\znzOWOo.exe
  C:\Windows\System\znzOWOo.exe
  2⤵
  PID:5700
- C:\Windows\System\KyeTxKn.exe
  C:\Windows\System\KyeTxKn.exe
  2⤵
  PID:5744
- C:\Windows\System\yCIiORT.exe
  C:\Windows\System\yCIiORT.exe
  2⤵
  PID:5728
- C:\Windows\System\aEbqxLc.exe
  C:\Windows\System\aEbqxLc.exe
  2⤵
  PID:5776
- C:\Windows\System\ikAPDuG.exe
  C:\Windows\System\ikAPDuG.exe
  2⤵
  PID:5652
- C:\Windows\System\JqfriMj.exe
  C:\Windows\System\JqfriMj.exe
  2⤵
  PID:5860
- C:\Windows\System\htVtTbH.exe
  C:\Windows\System\htVtTbH.exe
  2⤵
  PID:5796
- C:\Windows\System\ahDBJFs.exe
  C:\Windows\System\ahDBJFs.exe
  2⤵
  PID:5900
- C:\Windows\System\nHSRTZP.exe
  C:\Windows\System\nHSRTZP.exe
  2⤵
  PID:5760
- C:\Windows\System\YqPPVAa.exe
  C:\Windows\System\YqPPVAa.exe
  2⤵
  PID:5948
- C:\Windows\System\zHRXsWJ.exe
  C:\Windows\System\zHRXsWJ.exe
  2⤵
  PID:5952
- C:\Windows\System\AOCtKjZ.exe
  C:\Windows\System\AOCtKjZ.exe
  2⤵
  PID:6016
- C:\Windows\System\klhvooN.exe
  C:\Windows\System\klhvooN.exe
  2⤵
  PID:6084
- C:\Windows\System\erPJmFB.exe
  C:\Windows\System\erPJmFB.exe
  2⤵
  PID:6128
- C:\Windows\System\CkReNHr.exe
  C:\Windows\System\CkReNHr.exe
  2⤵
  PID:6104
- C:\Windows\System\uDSlhvJ.exe
  C:\Windows\System\uDSlhvJ.exe
  2⤵
  PID:5228
- C:\Windows\System\PccvfXC.exe
  C:\Windows\System\PccvfXC.exe
  2⤵
  PID:6032
- C:\Windows\System\NjeatrU.exe
  C:\Windows\System\NjeatrU.exe
  2⤵
  PID:5264
- C:\Windows\System\NYHoSlv.exe
  C:\Windows\System\NYHoSlv.exe
  2⤵
  PID:5280
- C:\Windows\System\ncyEhcs.exe
  C:\Windows\System\ncyEhcs.exe
  2⤵
  PID:5180
- C:\Windows\System\wOVCCTh.exe
  C:\Windows\System\wOVCCTh.exe
  2⤵
  PID:5212
- C:\Windows\System\sSiPzgl.exe
  C:\Windows\System\sSiPzgl.exe
  2⤵
  PID:5420
- C:\Windows\System\JvessDD.exe
  C:\Windows\System\JvessDD.exe
  2⤵
  PID:5516
- C:\Windows\System\ORAROmV.exe
  C:\Windows\System\ORAROmV.exe
  2⤵
  PID:5636
- C:\Windows\System\cgamjBN.exe
  C:\Windows\System\cgamjBN.exe
  2⤵
  PID:5020
- C:\Windows\System\uoyKjsX.exe
  C:\Windows\System\uoyKjsX.exe
  2⤵
  PID:5532
- C:\Windows\System\TtmHzSN.exe
  C:\Windows\System\TtmHzSN.exe
  2⤵
  PID:5360
- C:\Windows\System\CEXFDzO.exe
  C:\Windows\System\CEXFDzO.exe
  2⤵
  PID:5692
- C:\Windows\System\rXXPqIP.exe
  C:\Windows\System\rXXPqIP.exe
  2⤵
  PID:5604
- C:\Windows\System\NNgkPRz.exe
  C:\Windows\System\NNgkPRz.exe
  2⤵
  PID:5756
- C:\Windows\System\okDxytl.exe
  C:\Windows\System\okDxytl.exe
  2⤵
  PID:5820
- C:\Windows\System\hfnsCSE.exe
  C:\Windows\System\hfnsCSE.exe
  2⤵
  PID:5832
- C:\Windows\System\ciQDdpA.exe
  C:\Windows\System\ciQDdpA.exe
  2⤵
  PID:5916
- C:\Windows\System\QqVAMyx.exe
  C:\Windows\System\QqVAMyx.exe
  2⤵
  PID:5932
- C:\Windows\System\UDRrZrC.exe
  C:\Windows\System\UDRrZrC.exe
  2⤵
  PID:5988
- C:\Windows\System\fhYYPni.exe
  C:\Windows\System\fhYYPni.exe
  2⤵
  PID:6004
- C:\Windows\System\MOplMZy.exe
  C:\Windows\System\MOplMZy.exe
  2⤵
  PID:5248
- C:\Windows\System\NXgnDud.exe
  C:\Windows\System\NXgnDud.exe
  2⤵
  PID:5968
- C:\Windows\System\bVilHZD.exe
  C:\Windows\System\bVilHZD.exe
  2⤵
  PID:5416
- C:\Windows\System\SGErJQb.exe
  C:\Windows\System\SGErJQb.exe
  2⤵
  PID:5268
- C:\Windows\System\QpAWCkf.exe
  C:\Windows\System\QpAWCkf.exe
  2⤵
  PID:5364
- C:\Windows\System\BmUQZur.exe
  C:\Windows\System\BmUQZur.exe
  2⤵
  PID:5300
- C:\Windows\System\iAjmOxq.exe
  C:\Windows\System\iAjmOxq.exe
  2⤵
  PID:5676
- C:\Windows\System\JmMUOoq.exe
  C:\Windows\System\JmMUOoq.exe
  2⤵
  PID:5592
- C:\Windows\System\QEmPPGm.exe
  C:\Windows\System\QEmPPGm.exe
  2⤵
  PID:5620
- C:\Windows\System\qkwBGpi.exe
  C:\Windows\System\qkwBGpi.exe
  2⤵
  PID:5884
- C:\Windows\System\ShrEIdj.exe
  C:\Windows\System\ShrEIdj.exe
  2⤵
  PID:6056
- C:\Windows\System\GJmhoKz.exe
  C:\Windows\System\GJmhoKz.exe
  2⤵
  PID:5216
- C:\Windows\System\tQyoaOI.exe
  C:\Windows\System\tQyoaOI.exe
  2⤵
  PID:5972
- C:\Windows\System\zfpcYDr.exe
  C:\Windows\System\zfpcYDr.exe
  2⤵
  PID:5500
- C:\Windows\System\WckXfYA.exe
  C:\Windows\System\WckXfYA.exe
  2⤵
  PID:6040
- C:\Windows\System\RaotIDI.exe
  C:\Windows\System\RaotIDI.exe
  2⤵
  PID:5328
- C:\Windows\System\qRzMDft.exe
  C:\Windows\System\qRzMDft.exe
  2⤵
  PID:5312
- C:\Windows\System\UEMEjiB.exe
  C:\Windows\System\UEMEjiB.exe
  2⤵
  PID:5624
- C:\Windows\System\XiLevaA.exe
  C:\Windows\System\XiLevaA.exe
  2⤵
  PID:5808
- C:\Windows\System\dpGHFIy.exe
  C:\Windows\System\dpGHFIy.exe
  2⤵
  PID:1688
- C:\Windows\System\BdtWquf.exe
  C:\Windows\System\BdtWquf.exe
  2⤵
  PID:6000
- C:\Windows\System\qcSBCRh.exe
  C:\Windows\System\qcSBCRh.exe
  2⤵
  PID:5380
- C:\Windows\System\sGNXrPr.exe
  C:\Windows\System\sGNXrPr.exe
  2⤵
  PID:5716
- C:\Windows\System\jBQrbXE.exe
  C:\Windows\System\jBQrbXE.exe
  2⤵
  PID:5272
- C:\Windows\System\KskiLHR.exe
  C:\Windows\System\KskiLHR.exe
  2⤵
  PID:5276
- C:\Windows\System\DufuELc.exe
  C:\Windows\System\DufuELc.exe
  2⤵
  PID:4756
- C:\Windows\System\RoSvHEj.exe
  C:\Windows\System\RoSvHEj.exe
  2⤵
  PID:5588
- C:\Windows\System\tbRfMBS.exe
  C:\Windows\System\tbRfMBS.exe
  2⤵
  PID:5196
- C:\Windows\System\cHHtwRw.exe
  C:\Windows\System\cHHtwRw.exe
  2⤵
  PID:5496
- C:\Windows\System\JLGTRzf.exe
  C:\Windows\System\JLGTRzf.exe
  2⤵
  PID:6156
- C:\Windows\System\MRFBmOr.exe
  C:\Windows\System\MRFBmOr.exe
  2⤵
  PID:6176
- C:\Windows\System\ngLkwtt.exe
  C:\Windows\System\ngLkwtt.exe
  2⤵
  PID:6200
- C:\Windows\System\ccmriLG.exe
  C:\Windows\System\ccmriLG.exe
  2⤵
  PID:6216
- C:\Windows\System\PlSohCl.exe
  C:\Windows\System\PlSohCl.exe
  2⤵
  PID:6244
- C:\Windows\System\oStnFwn.exe
  C:\Windows\System\oStnFwn.exe
  2⤵
  PID:6264
- C:\Windows\System\niBuhRM.exe
  C:\Windows\System\niBuhRM.exe
  2⤵
  PID:6284
- C:\Windows\System\wEpNHbk.exe
  C:\Windows\System\wEpNHbk.exe
  2⤵
  PID:6300
- C:\Windows\System\UdSiGIF.exe
  C:\Windows\System\UdSiGIF.exe
  2⤵
  PID:6316
- C:\Windows\System\MIUmfrZ.exe
  C:\Windows\System\MIUmfrZ.exe
  2⤵
  PID:6348
- C:\Windows\System\LflZaIC.exe
  C:\Windows\System\LflZaIC.exe
  2⤵
  PID:6364
- C:\Windows\System\DUwisnn.exe
  C:\Windows\System\DUwisnn.exe
  2⤵
  PID:6380
- C:\Windows\System\fJoLaBa.exe
  C:\Windows\System\fJoLaBa.exe
  2⤵
  PID:6396
- C:\Windows\System\xuKWdjC.exe
  C:\Windows\System\xuKWdjC.exe
  2⤵
  PID:6412
- C:\Windows\System\jAfMMiB.exe
  C:\Windows\System\jAfMMiB.exe
  2⤵
  PID:6428
- C:\Windows\System\QdCAXsj.exe
  C:\Windows\System\QdCAXsj.exe
  2⤵
  PID:6460
- C:\Windows\System\TYUzTjA.exe
  C:\Windows\System\TYUzTjA.exe
  2⤵
  PID:6476
- C:\Windows\System\XynyhaQ.exe
  C:\Windows\System\XynyhaQ.exe
  2⤵
  PID:6492
- C:\Windows\System\diypvMC.exe
  C:\Windows\System\diypvMC.exe
  2⤵
  PID:6528
- C:\Windows\System\ljAOaPR.exe
  C:\Windows\System\ljAOaPR.exe
  2⤵
  PID:6548
- C:\Windows\System\kFdNZbt.exe
  C:\Windows\System\kFdNZbt.exe
  2⤵
  PID:6564
- C:\Windows\System\ecLnXcj.exe
  C:\Windows\System\ecLnXcj.exe
  2⤵
  PID:6580
- C:\Windows\System\wfmgGEY.exe
  C:\Windows\System\wfmgGEY.exe
  2⤵
  PID:6596
- C:\Windows\System\NZQNOBI.exe
  C:\Windows\System\NZQNOBI.exe
  2⤵
  PID:6612
- C:\Windows\System\vmhkMwE.exe
  C:\Windows\System\vmhkMwE.exe
  2⤵
  PID:6636
- C:\Windows\System\IdAJEqM.exe
  C:\Windows\System\IdAJEqM.exe
  2⤵
  PID:6652
- C:\Windows\System\jtPpcgZ.exe
  C:\Windows\System\jtPpcgZ.exe
  2⤵
  PID:6668
- C:\Windows\System\HBEOUuJ.exe
  C:\Windows\System\HBEOUuJ.exe
  2⤵
  PID:6688
- C:\Windows\System\HaEfusx.exe
  C:\Windows\System\HaEfusx.exe
  2⤵
  PID:6708
- C:\Windows\System\stgtnhi.exe
  C:\Windows\System\stgtnhi.exe
  2⤵
  PID:6740
- C:\Windows\System\BqCyaYo.exe
  C:\Windows\System\BqCyaYo.exe
  2⤵
  PID:6756
- C:\Windows\System\QdKERGn.exe
  C:\Windows\System\QdKERGn.exe
  2⤵
  PID:6772
- C:\Windows\System\yJaPpYu.exe
  C:\Windows\System\yJaPpYu.exe
  2⤵
  PID:6792
- C:\Windows\System\BfFwshS.exe
  C:\Windows\System\BfFwshS.exe
  2⤵
  PID:6812
- C:\Windows\System\rrcOTHo.exe
  C:\Windows\System\rrcOTHo.exe
  2⤵
  PID:6836
- C:\Windows\System\ivwnoKU.exe
  C:\Windows\System\ivwnoKU.exe
  2⤵
  PID:6852
- C:\Windows\System\EJQMzbF.exe
  C:\Windows\System\EJQMzbF.exe
  2⤵
  PID:6892
- C:\Windows\System\JMmfpgs.exe
  C:\Windows\System\JMmfpgs.exe
  2⤵
  PID:6908
- C:\Windows\System\BDRGMun.exe
  C:\Windows\System\BDRGMun.exe
  2⤵
  PID:6924
- C:\Windows\System\szomCwx.exe
  C:\Windows\System\szomCwx.exe
  2⤵
  PID:6948
- C:\Windows\System\yslAETu.exe
  C:\Windows\System\yslAETu.exe
  2⤵
  PID:6964
- C:\Windows\System\zfoqHhE.exe
  C:\Windows\System\zfoqHhE.exe
  2⤵
  PID:6984
- C:\Windows\System\SjtaByD.exe
  C:\Windows\System\SjtaByD.exe
  2⤵
  PID:7000
- C:\Windows\System\KLLICro.exe
  C:\Windows\System\KLLICro.exe
  2⤵
  PID:7016
- C:\Windows\System\ansqzOg.exe
  C:\Windows\System\ansqzOg.exe
  2⤵
  PID:7032
- C:\Windows\System\OfyFbqI.exe
  C:\Windows\System\OfyFbqI.exe
  2⤵
  PID:7052
- C:\Windows\System\TogtMMK.exe
  C:\Windows\System\TogtMMK.exe
  2⤵
  PID:7088
- C:\Windows\System\gEFDETL.exe
  C:\Windows\System\gEFDETL.exe
  2⤵
  PID:7104
- C:\Windows\System\sBLVSqv.exe
  C:\Windows\System\sBLVSqv.exe
  2⤵
  PID:7124
- C:\Windows\System\bjTJBLl.exe
  C:\Windows\System\bjTJBLl.exe
  2⤵
  PID:7152
- C:\Windows\System\aVfVLYb.exe
  C:\Windows\System\aVfVLYb.exe
  2⤵
  PID:5896
- C:\Windows\System\sZEoxGj.exe
  C:\Windows\System\sZEoxGj.exe
  2⤵
  PID:6112
- C:\Windows\System\gVELfIz.exe
  C:\Windows\System\gVELfIz.exe
  2⤵
  PID:6152
- C:\Windows\System\gYktDGR.exe
  C:\Windows\System\gYktDGR.exe
  2⤵
  PID:6148
- C:\Windows\System\bPUsprR.exe
  C:\Windows\System\bPUsprR.exe
  2⤵
  PID:6224
- C:\Windows\System\GcrRCET.exe
  C:\Windows\System\GcrRCET.exe
  2⤵
  PID:6292
- C:\Windows\System\hVDWNtC.exe
  C:\Windows\System\hVDWNtC.exe
  2⤵
  PID:6280
- C:\Windows\System\ZUneBuJ.exe
  C:\Windows\System\ZUneBuJ.exe
  2⤵
  PID:6308
- C:\Windows\System\lsqViMq.exe
  C:\Windows\System\lsqViMq.exe
  2⤵
  PID:6376
- C:\Windows\System\JqgQdXw.exe
  C:\Windows\System\JqgQdXw.exe
  2⤵
  PID:6440
- C:\Windows\System\zEqzrwu.exe
  C:\Windows\System\zEqzrwu.exe
  2⤵
  PID:6420
- C:\Windows\System\DkIxyMz.exe
  C:\Windows\System\DkIxyMz.exe
  2⤵
  PID:6468
- C:\Windows\System\BtReCqE.exe
  C:\Windows\System\BtReCqE.exe
  2⤵
  PID:6488
- C:\Windows\System\dGCwHGe.exe
  C:\Windows\System\dGCwHGe.exe
  2⤵
  PID:6516
- C:\Windows\System\TDTKTjO.exe
  C:\Windows\System\TDTKTjO.exe
  2⤵
  PID:6540
- C:\Windows\System\DBBlGRX.exe
  C:\Windows\System\DBBlGRX.exe
  2⤵
  PID:6648
- C:\Windows\System\XWvxgaA.exe
  C:\Windows\System\XWvxgaA.exe
  2⤵
  PID:6716
- C:\Windows\System\vwSxAbS.exe
  C:\Windows\System\vwSxAbS.exe
  2⤵
  PID:6724
- C:\Windows\System\vhbKTvT.exe
  C:\Windows\System\vhbKTvT.exe
  2⤵
  PID:6800
- C:\Windows\System\quBlfui.exe
  C:\Windows\System\quBlfui.exe
  2⤵
  PID:6704
- C:\Windows\System\QcJIrQF.exe
  C:\Windows\System\QcJIrQF.exe
  2⤵
  PID:6748
- C:\Windows\System\bGsBjKL.exe
  C:\Windows\System\bGsBjKL.exe
  2⤵
  PID:6828
- C:\Windows\System\bXMoUNO.exe
  C:\Windows\System\bXMoUNO.exe
  2⤵
  PID:6904
- C:\Windows\System\byWmVnN.exe
  C:\Windows\System\byWmVnN.exe
  2⤵
  PID:6864
- C:\Windows\System\JwZBwmR.exe
  C:\Windows\System\JwZBwmR.exe
  2⤵
  PID:6980
- C:\Windows\System\QcgSeZR.exe
  C:\Windows\System\QcgSeZR.exe
  2⤵
  PID:7044
- C:\Windows\System\OoMPXHM.exe
  C:\Windows\System\OoMPXHM.exe
  2⤵
  PID:6872
- C:\Windows\System\GPrFbgO.exe
  C:\Windows\System\GPrFbgO.exe
  2⤵
  PID:6916
- C:\Windows\System\EGWFajx.exe
  C:\Windows\System\EGWFajx.exe
  2⤵
  PID:7068
- C:\Windows\System\xUfttZl.exe
  C:\Windows\System\xUfttZl.exe
  2⤵
  PID:7072
- C:\Windows\System\osyDCAK.exe
  C:\Windows\System\osyDCAK.exe
  2⤵
  PID:6088
- C:\Windows\System\SeEzbei.exe
  C:\Windows\System\SeEzbei.exe
  2⤵
  PID:7140
- C:\Windows\System\FCdFnYa.exe
  C:\Windows\System\FCdFnYa.exe
  2⤵
  PID:7120
- C:\Windows\System\caKjeJJ.exe
  C:\Windows\System\caKjeJJ.exe
  2⤵
  PID:6184
- C:\Windows\System\YlyhTke.exe
  C:\Windows\System\YlyhTke.exe
  2⤵
  PID:6328
- C:\Windows\System\TzIufmF.exe
  C:\Windows\System\TzIufmF.exe
  2⤵
  PID:6208
- C:\Windows\System\gBrMigb.exe
  C:\Windows\System\gBrMigb.exe
  2⤵
  PID:6444
- C:\Windows\System\Vaegymg.exe
  C:\Windows\System\Vaegymg.exe
  2⤵
  PID:6500
- C:\Windows\System\QiUWCgU.exe
  C:\Windows\System\QiUWCgU.exe
  2⤵
  PID:6356
- C:\Windows\System\FRXpPso.exe
  C:\Windows\System\FRXpPso.exe
  2⤵
  PID:6512
- C:\Windows\System\PQatqBb.exe
  C:\Windows\System\PQatqBb.exe
  2⤵
  PID:6560
- C:\Windows\System\EUbfKwM.exe
  C:\Windows\System\EUbfKwM.exe
  2⤵
  PID:6524
- C:\Windows\System\CwSftKE.exe
  C:\Windows\System\CwSftKE.exe
  2⤵
  PID:6620
- C:\Windows\System\rlAkNhK.exe
  C:\Windows\System\rlAkNhK.exe
  2⤵
  PID:6764
- C:\Windows\System\WWyrBUp.exe
  C:\Windows\System\WWyrBUp.exe
  2⤵
  PID:6940
- C:\Windows\System\izfpTWg.exe
  C:\Windows\System\izfpTWg.exe
  2⤵
  PID:6844
- C:\Windows\System\QeXbUnx.exe
  C:\Windows\System\QeXbUnx.exe
  2⤵
  PID:6784
- C:\Windows\System\zkHvPqq.exe
  C:\Windows\System\zkHvPqq.exe
  2⤵
  PID:7064
- C:\Windows\System\yvhXUDQ.exe
  C:\Windows\System\yvhXUDQ.exe
  2⤵
  PID:7112
- C:\Windows\System\eNktIlG.exe
  C:\Windows\System\eNktIlG.exe
  2⤵
  PID:7084
- C:\Windows\System\YXHnHLh.exe
  C:\Windows\System\YXHnHLh.exe
  2⤵
  PID:6960
- C:\Windows\System\zpqFkwE.exe
  C:\Windows\System\zpqFkwE.exe
  2⤵
  PID:6172
- C:\Windows\System\txJnyaQ.exe
  C:\Windows\System\txJnyaQ.exe
  2⤵
  PID:5696
- C:\Windows\System\zvbinBh.exe
  C:\Windows\System\zvbinBh.exe
  2⤵
  PID:6256
- C:\Windows\System\OGZEBce.exe
  C:\Windows\System\OGZEBce.exe
  2⤵
  PID:6272
- C:\Windows\System\jAfTqgm.exe
  C:\Windows\System\jAfTqgm.exe
  2⤵
  PID:6576
- C:\Windows\System\uCTHVUR.exe
  C:\Windows\System\uCTHVUR.exe
  2⤵
  PID:6556
- C:\Windows\System\FPqIUuy.exe
  C:\Windows\System\FPqIUuy.exe
  2⤵
  PID:6736
- C:\Windows\System\XuHlSmS.exe
  C:\Windows\System\XuHlSmS.exe
  2⤵
  PID:6684
- C:\Windows\System\VLVyXTQ.exe
  C:\Windows\System\VLVyXTQ.exe
  2⤵
  PID:6824
- C:\Windows\System\pUAHcoY.exe
  C:\Windows\System\pUAHcoY.exe
  2⤵
  PID:6860
- C:\Windows\System\vGRpURF.exe
  C:\Windows\System\vGRpURF.exe
  2⤵
  PID:6880
- C:\Windows\System\lmVNade.exe
  C:\Windows\System\lmVNade.exe
  2⤵
  PID:6344
- C:\Windows\System\lzPcHfa.exe
  C:\Windows\System\lzPcHfa.exe
  2⤵
  PID:6628
- C:\Windows\System\aGrJHPA.exe
  C:\Windows\System\aGrJHPA.exe
  2⤵
  PID:4660
- C:\Windows\System\rxCaiIV.exe
  C:\Windows\System\rxCaiIV.exe
  2⤵
  PID:7028
- C:\Windows\System\lPqfelp.exe
  C:\Windows\System\lPqfelp.exe
  2⤵
  PID:6340
- C:\Windows\System\QVBHvOI.exe
  C:\Windows\System\QVBHvOI.exe
  2⤵
  PID:6276
- C:\Windows\System\JiITcZp.exe
  C:\Windows\System\JiITcZp.exe
  2⤵
  PID:7012
- C:\Windows\System\yqNPqsw.exe
  C:\Windows\System\yqNPqsw.exe
  2⤵
  PID:7176
- C:\Windows\System\XRTaSxY.exe
  C:\Windows\System\XRTaSxY.exe
  2⤵
  PID:7192
- C:\Windows\System\IqrjewD.exe
  C:\Windows\System\IqrjewD.exe
  2⤵
  PID:7208
- C:\Windows\System\vPkuXFj.exe
  C:\Windows\System\vPkuXFj.exe
  2⤵
  PID:7224
- C:\Windows\System\QpGLGaS.exe
  C:\Windows\System\QpGLGaS.exe
  2⤵
  PID:7268
- C:\Windows\System\AXDPpbp.exe
  C:\Windows\System\AXDPpbp.exe
  2⤵
  PID:7292
- C:\Windows\System\ozjWCgN.exe
  C:\Windows\System\ozjWCgN.exe
  2⤵
  PID:7308
- C:\Windows\System\TnnbHJq.exe
  C:\Windows\System\TnnbHJq.exe
  2⤵
  PID:7324
- C:\Windows\System\iTCzrHO.exe
  C:\Windows\System\iTCzrHO.exe
  2⤵
  PID:7356
- C:\Windows\System\BedtelG.exe
  C:\Windows\System\BedtelG.exe
  2⤵
  PID:7372
- C:\Windows\System\TmeDYcH.exe
  C:\Windows\System\TmeDYcH.exe
  2⤵
  PID:7388
- C:\Windows\System\ycMiBFs.exe
  C:\Windows\System\ycMiBFs.exe
  2⤵
  PID:7404
- C:\Windows\System\XsMMJJi.exe
  C:\Windows\System\XsMMJJi.exe
  2⤵
  PID:7420
- C:\Windows\System\cxrKUKi.exe
  C:\Windows\System\cxrKUKi.exe
  2⤵
  PID:7436
- C:\Windows\System\bRpKHEr.exe
  C:\Windows\System\bRpKHEr.exe
  2⤵
  PID:7476
- C:\Windows\System\HCTPNZF.exe
  C:\Windows\System\HCTPNZF.exe
  2⤵
  PID:7492
- C:\Windows\System\acsIVyM.exe
  C:\Windows\System\acsIVyM.exe
  2⤵
  PID:7516
- C:\Windows\System\ZYHePDJ.exe
  C:\Windows\System\ZYHePDJ.exe
  2⤵
  PID:7532
- C:\Windows\System\PQCkCKF.exe
  C:\Windows\System\PQCkCKF.exe
  2⤵
  PID:7552
- C:\Windows\System\fnsQCcq.exe
  C:\Windows\System\fnsQCcq.exe
  2⤵
  PID:7568
- C:\Windows\System\mtmYEaz.exe
  C:\Windows\System\mtmYEaz.exe
  2⤵
  PID:7584
- C:\Windows\System\dkxpmYS.exe
  C:\Windows\System\dkxpmYS.exe
  2⤵
  PID:7608
- C:\Windows\System\DuUQNON.exe
  C:\Windows\System\DuUQNON.exe
  2⤵
  PID:7632
- C:\Windows\System\HwPQfTa.exe
  C:\Windows\System\HwPQfTa.exe
  2⤵
  PID:7656
- C:\Windows\System\VexZvoa.exe
  C:\Windows\System\VexZvoa.exe
  2⤵
  PID:7672
- C:\Windows\System\UWoPOpq.exe
  C:\Windows\System\UWoPOpq.exe
  2⤵
  PID:7692
- C:\Windows\System\nGMZAov.exe
  C:\Windows\System\nGMZAov.exe
  2⤵
  PID:7708
- C:\Windows\System\xJVtzlt.exe
  C:\Windows\System\xJVtzlt.exe
  2⤵
  PID:7724
- C:\Windows\System\TYpudeJ.exe
  C:\Windows\System\TYpudeJ.exe
  2⤵
  PID:7740
- C:\Windows\System\TFVWQRK.exe
  C:\Windows\System\TFVWQRK.exe
  2⤵
  PID:7760
- C:\Windows\System\bldUANa.exe
  C:\Windows\System\bldUANa.exe
  2⤵
  PID:7796
- C:\Windows\System\KVeWYTW.exe
  C:\Windows\System\KVeWYTW.exe
  2⤵
  PID:7812
- C:\Windows\System\tZZafoH.exe
  C:\Windows\System\tZZafoH.exe
  2⤵
  PID:7828
- C:\Windows\System\cZGwFhC.exe
  C:\Windows\System\cZGwFhC.exe
  2⤵
  PID:7848
- C:\Windows\System\sZQDGVt.exe
  C:\Windows\System\sZQDGVt.exe
  2⤵
  PID:7864
- C:\Windows\System\yRugtyX.exe
  C:\Windows\System\yRugtyX.exe
  2⤵
  PID:7880
- C:\Windows\System\qbsJyEL.exe
  C:\Windows\System\qbsJyEL.exe
  2⤵
  PID:7900
- C:\Windows\System\yjiufbG.exe
  C:\Windows\System\yjiufbG.exe
  2⤵
  PID:7916
- C:\Windows\System\BvZnUFP.exe
  C:\Windows\System\BvZnUFP.exe
  2⤵
  PID:7940
- C:\Windows\System\sbZdgGB.exe
  C:\Windows\System\sbZdgGB.exe
  2⤵
  PID:7980
- C:\Windows\System\MjNZpgf.exe
  C:\Windows\System\MjNZpgf.exe
  2⤵
  PID:7996
- C:\Windows\System\RewSPHv.exe
  C:\Windows\System\RewSPHv.exe
  2⤵
  PID:8020
- C:\Windows\System\xdYcFeX.exe
  C:\Windows\System\xdYcFeX.exe
  2⤵
  PID:8036
- C:\Windows\System\pdVkJQm.exe
  C:\Windows\System\pdVkJQm.exe
  2⤵
  PID:8056
- C:\Windows\System\nQUqrTM.exe
  C:\Windows\System\nQUqrTM.exe
  2⤵
  PID:8072
- C:\Windows\System\lxEwdGG.exe
  C:\Windows\System\lxEwdGG.exe
  2⤵
  PID:8088
- C:\Windows\System\XleOUtG.exe
  C:\Windows\System\XleOUtG.exe
  2⤵
  PID:8104
- C:\Windows\System\fPOJDZg.exe
  C:\Windows\System\fPOJDZg.exe
  2⤵
  PID:8120
- C:\Windows\System\BFKlOzo.exe
  C:\Windows\System\BFKlOzo.exe
  2⤵
  PID:8136
- C:\Windows\System\CJucmiM.exe
  C:\Windows\System\CJucmiM.exe
  2⤵
  PID:8152
- C:\Windows\System\jpjmdSM.exe
  C:\Windows\System\jpjmdSM.exe
  2⤵
  PID:8168
- C:\Windows\System\gtxsHGt.exe
  C:\Windows\System\gtxsHGt.exe
  2⤵
  PID:8184
- C:\Windows\System\BgostkY.exe
  C:\Windows\System\BgostkY.exe
  2⤵
  PID:6644
- C:\Windows\System\tWzudkH.exe
  C:\Windows\System\tWzudkH.exe
  2⤵
  PID:7232
- C:\Windows\System\LasLlZO.exe
  C:\Windows\System\LasLlZO.exe
  2⤵
  PID:7116
- C:\Windows\System\oVnjycL.exe
  C:\Windows\System\oVnjycL.exe
  2⤵
  PID:7264
- C:\Windows\System\EUlolcl.exe
  C:\Windows\System\EUlolcl.exe
  2⤵
  PID:7132
- C:\Windows\System\tpPZXBv.exe
  C:\Windows\System\tpPZXBv.exe
  2⤵
  PID:7188
- C:\Windows\System\EvmlYjQ.exe
  C:\Windows\System\EvmlYjQ.exe
  2⤵
  PID:7216
- C:\Windows\System\GLaFoyo.exe
  C:\Windows\System\GLaFoyo.exe
  2⤵
  PID:7336
- C:\Windows\System\DSLWCsH.exe
  C:\Windows\System\DSLWCsH.exe
  2⤵
  PID:7320
- C:\Windows\System\YqiRYko.exe
  C:\Windows\System\YqiRYko.exe
  2⤵
  PID:7344
- C:\Windows\System\XYSRRfK.exe
  C:\Windows\System\XYSRRfK.exe
  2⤵
  PID:7352
- C:\Windows\System\BFmEiZc.exe
  C:\Windows\System\BFmEiZc.exe
  2⤵
  PID:7412
- C:\Windows\System\ZqoRAHo.exe
  C:\Windows\System\ZqoRAHo.exe
  2⤵
  PID:7504
- C:\Windows\System\BngRsON.exe
  C:\Windows\System\BngRsON.exe
  2⤵
  PID:7524
- C:\Windows\System\zlZtPgZ.exe
  C:\Windows\System\zlZtPgZ.exe
  2⤵
  PID:7580
- C:\Windows\System\zjNjYnK.exe
  C:\Windows\System\zjNjYnK.exe
  2⤵
  PID:7596
- C:\Windows\System\xBSwert.exe
  C:\Windows\System\xBSwert.exe
  2⤵
  PID:7620
- C:\Windows\System\ruGMHhI.exe
  C:\Windows\System\ruGMHhI.exe
  2⤵
  PID:7652
- C:\Windows\System\YYajUVW.exe
  C:\Windows\System\YYajUVW.exe
  2⤵
  PID:7680
- C:\Windows\System\dyHqzLx.exe
  C:\Windows\System\dyHqzLx.exe
  2⤵
  PID:7768
- C:\Windows\System\VnalNlo.exe
  C:\Windows\System\VnalNlo.exe
  2⤵
  PID:7756
- C:\Windows\System\RneMrfY.exe
  C:\Windows\System\RneMrfY.exe
  2⤵
  PID:7784
- C:\Windows\System\RPhySxU.exe
  C:\Windows\System\RPhySxU.exe
  2⤵
  PID:7888
- C:\Windows\System\YsBXgsf.exe
  C:\Windows\System\YsBXgsf.exe
  2⤵
  PID:7936
- C:\Windows\System\dpwpJGK.exe
  C:\Windows\System\dpwpJGK.exe
  2⤵
  PID:7912
- C:\Windows\System\yKNYgIA.exe
  C:\Windows\System\yKNYgIA.exe
  2⤵
  PID:7836
- C:\Windows\System\bSZvwHJ.exe
  C:\Windows\System\bSZvwHJ.exe
  2⤵
  PID:7804
- C:\Windows\System\bIIUytN.exe
  C:\Windows\System\bIIUytN.exe
  2⤵
  PID:7956
- C:\Windows\System\MYzLBuL.exe
  C:\Windows\System\MYzLBuL.exe
  2⤵
  PID:8012
- C:\Windows\System\iLCzbFD.exe
  C:\Windows\System\iLCzbFD.exe
  2⤵
  PID:8032
- C:\Windows\System\nAYsKDh.exe
  C:\Windows\System\nAYsKDh.exe
  2⤵
  PID:8064
- C:\Windows\System\joAnaXe.exe
  C:\Windows\System\joAnaXe.exe
  2⤵
  PID:8128
- C:\Windows\System\kFXEhlZ.exe
  C:\Windows\System\kFXEhlZ.exe
  2⤵
  PID:8176
- C:\Windows\System\GYNQQsP.exe
  C:\Windows\System\GYNQQsP.exe
  2⤵
  PID:6752
- C:\Windows\System\btZfhMG.exe
  C:\Windows\System\btZfhMG.exe
  2⤵
  PID:7148
- C:\Windows\System\fbrImiT.exe
  C:\Windows\System\fbrImiT.exe
  2⤵
  PID:7200
- C:\Windows\System\ofrFrbV.exe
  C:\Windows\System\ofrFrbV.exe
  2⤵
  PID:7244
- C:\Windows\System\DfCDoQY.exe
  C:\Windows\System\DfCDoQY.exe
  2⤵
  PID:7236
- C:\Windows\System\ZKeFBgg.exe
  C:\Windows\System\ZKeFBgg.exe
  2⤵
  PID:7396
- C:\Windows\System\ErApJuR.exe
  C:\Windows\System\ErApJuR.exe
  2⤵
  PID:7448
- C:\Windows\System\QLHezeq.exe
  C:\Windows\System\QLHezeq.exe
  2⤵
  PID:7280
- C:\Windows\System\CmWdkjH.exe
  C:\Windows\System\CmWdkjH.exe
  2⤵
  PID:7484
- C:\Windows\System\WyLSKAE.exe
  C:\Windows\System\WyLSKAE.exe
  2⤵
  PID:7364
- C:\Windows\System\MUHWGlK.exe
  C:\Windows\System\MUHWGlK.exe
  2⤵
  PID:7576
- C:\Windows\System\DKLESas.exe
  C:\Windows\System\DKLESas.exe
  2⤵
  PID:7564
- C:\Windows\System\STlRJGe.exe
  C:\Windows\System\STlRJGe.exe
  2⤵
  PID:7748
- C:\Windows\System\gfTiERR.exe
  C:\Windows\System\gfTiERR.exe
  2⤵
  PID:7716
- C:\Windows\System\YhyfNsF.exe
  C:\Windows\System\YhyfNsF.exe
  2⤵
  PID:7856
- C:\Windows\System\ZvPReva.exe
  C:\Windows\System\ZvPReva.exe
  2⤵
  PID:7948
- C:\Windows\System\HvkhcWR.exe
  C:\Windows\System\HvkhcWR.exe
  2⤵
  PID:7924
- C:\Windows\System\PISlonS.exe
  C:\Windows\System\PISlonS.exe
  2⤵
  PID:8048
- C:\Windows\System\jcuYmsO.exe
  C:\Windows\System\jcuYmsO.exe
  2⤵
  PID:7960
- C:\Windows\System\wTbpxOV.exe
  C:\Windows\System\wTbpxOV.exe
  2⤵
  PID:6992
- C:\Windows\System\hIZwUzC.exe
  C:\Windows\System\hIZwUzC.exe
  2⤵
  PID:8116
- C:\Windows\System\NGWmSsf.exe
  C:\Windows\System\NGWmSsf.exe
  2⤵
  PID:7256
- C:\Windows\System\DbuMMem.exe
  C:\Windows\System\DbuMMem.exe
  2⤵
  PID:6372
- C:\Windows\System\JUpPwPP.exe
  C:\Windows\System\JUpPwPP.exe
  2⤵
  PID:7184
- C:\Windows\System\UoWivbK.exe
  C:\Windows\System\UoWivbK.exe
  2⤵
  PID:7252
- C:\Windows\System\PLqOque.exe
  C:\Windows\System\PLqOque.exe
  2⤵
  PID:7460
- C:\Windows\System\ZuZZQig.exe
  C:\Windows\System\ZuZZQig.exe
  2⤵
  PID:6608
- C:\Windows\System\GTyPeFY.exe
  C:\Windows\System\GTyPeFY.exe
  2⤵
  PID:7704
- C:\Windows\System\YwHDldR.exe
  C:\Windows\System\YwHDldR.exe
  2⤵
  PID:7668
- C:\Windows\System\QOKjSrL.exe
  C:\Windows\System\QOKjSrL.exe
  2⤵
  PID:7592
- C:\Windows\System\iyzNlmM.exe
  C:\Windows\System\iyzNlmM.exe
  2⤵
  PID:7876
- C:\Windows\System\DZIHWQa.exe
  C:\Windows\System\DZIHWQa.exe
  2⤵
  PID:8028
- C:\Windows\System\USOwrJp.exe
  C:\Windows\System\USOwrJp.exe
  2⤵
  PID:7976
- C:\Windows\System\RTXDDHi.exe
  C:\Windows\System\RTXDDHi.exe
  2⤵
  PID:6820
- C:\Windows\System\wmDsUah.exe
  C:\Windows\System\wmDsUah.exe
  2⤵
  PID:8084
- C:\Windows\System\NjsNTvb.exe
  C:\Windows\System\NjsNTvb.exe
  2⤵
  PID:7220
- C:\Windows\System\wvBYBhq.exe
  C:\Windows\System\wvBYBhq.exe
  2⤵
  PID:7432
- C:\Windows\System\oAvQPRd.exe
  C:\Windows\System\oAvQPRd.exe
  2⤵
  PID:7736
- C:\Windows\System\wiSQqlF.exe
  C:\Windows\System\wiSQqlF.exe
  2⤵
  PID:6900
- C:\Windows\System\dQeXScd.exe
  C:\Windows\System\dQeXScd.exe
  2⤵
  PID:7640
- C:\Windows\System\gmhBKKj.exe
  C:\Windows\System\gmhBKKj.exe
  2⤵
  PID:8148
- C:\Windows\System\ayTPHQB.exe
  C:\Windows\System\ayTPHQB.exe
  2⤵
  PID:6868
- C:\Windows\System\yWGbnEv.exe
  C:\Windows\System\yWGbnEv.exe
  2⤵
  PID:7628
- C:\Windows\System\TFLWLwW.exe
  C:\Windows\System\TFLWLwW.exe
  2⤵
  PID:7384
- C:\Windows\System\FVicOYM.exe
  C:\Windows\System\FVicOYM.exe
  2⤵
  PID:8008
- C:\Windows\System\gJWFGvP.exe
  C:\Windows\System\gJWFGvP.exe
  2⤵
  PID:8160
- C:\Windows\System\vfHQLGr.exe
  C:\Windows\System\vfHQLGr.exe
  2⤵
  PID:7560
- C:\Windows\System\emovlHB.exe
  C:\Windows\System\emovlHB.exe
  2⤵
  PID:7472
- C:\Windows\System\ShPavOT.exe
  C:\Windows\System\ShPavOT.exe
  2⤵
  PID:8196
- C:\Windows\System\PRJvrbk.exe
  C:\Windows\System\PRJvrbk.exe
  2⤵
  PID:8212
- C:\Windows\System\NhBzjUw.exe
  C:\Windows\System\NhBzjUw.exe
  2⤵
  PID:8228
- C:\Windows\System\XiSiDTN.exe
  C:\Windows\System\XiSiDTN.exe
  2⤵
  PID:8248
- C:\Windows\System\RmHHsFZ.exe
  C:\Windows\System\RmHHsFZ.exe
  2⤵
  PID:8268
- C:\Windows\System\jdnbKtg.exe
  C:\Windows\System\jdnbKtg.exe
  2⤵
  PID:8308
- C:\Windows\System\RWJPbYA.exe
  C:\Windows\System\RWJPbYA.exe
  2⤵
  PID:8324
- C:\Windows\System\rnWgsmC.exe
  C:\Windows\System\rnWgsmC.exe
  2⤵
  PID:8340
- C:\Windows\System\gIVXbcL.exe
  C:\Windows\System\gIVXbcL.exe
  2⤵
  PID:8356
- C:\Windows\System\OdJYCae.exe
  C:\Windows\System\OdJYCae.exe
  2⤵
  PID:8380
- C:\Windows\System\wYSrWIG.exe
  C:\Windows\System\wYSrWIG.exe
  2⤵
  PID:8396
- C:\Windows\System\NGbdRqR.exe
  C:\Windows\System\NGbdRqR.exe
  2⤵
  PID:8420
- C:\Windows\System\GVtYosq.exe
  C:\Windows\System\GVtYosq.exe
  2⤵
  PID:8440
- C:\Windows\System\xUIRJyR.exe
  C:\Windows\System\xUIRJyR.exe
  2⤵
  PID:8472
- C:\Windows\System\iQQifTn.exe
  C:\Windows\System\iQQifTn.exe
  2⤵
  PID:8488
- C:\Windows\System\YrSRhDD.exe
  C:\Windows\System\YrSRhDD.exe
  2⤵
  PID:8508
- C:\Windows\System\UtDNJyJ.exe
  C:\Windows\System\UtDNJyJ.exe
  2⤵
  PID:8528
- C:\Windows\System\yNylCPN.exe
  C:\Windows\System\yNylCPN.exe
  2⤵
  PID:8556
- C:\Windows\System\YjYOijf.exe
  C:\Windows\System\YjYOijf.exe
  2⤵
  PID:8576
- C:\Windows\System\eiVNPyq.exe
  C:\Windows\System\eiVNPyq.exe
  2⤵
  PID:8596
- C:\Windows\System\KqkuKKg.exe
  C:\Windows\System\KqkuKKg.exe
  2⤵
  PID:8612
- C:\Windows\System\rHCeMEK.exe
  C:\Windows\System\rHCeMEK.exe
  2⤵
  PID:8628
- C:\Windows\System\CTsQAMo.exe
  C:\Windows\System\CTsQAMo.exe
  2⤵
  PID:8648
- C:\Windows\System\qLjooFi.exe
  C:\Windows\System\qLjooFi.exe
  2⤵
  PID:8668
- C:\Windows\System\mcKlHoL.exe
  C:\Windows\System\mcKlHoL.exe
  2⤵
  PID:8684
- C:\Windows\System\wFozBLt.exe
  C:\Windows\System\wFozBLt.exe
  2⤵
  PID:8720
- C:\Windows\System\PliDCVJ.exe
  C:\Windows\System\PliDCVJ.exe
  2⤵
  PID:8736
- C:\Windows\System\pjmBpFz.exe
  C:\Windows\System\pjmBpFz.exe
  2⤵
  PID:8760
- C:\Windows\System\dwlKDQQ.exe
  C:\Windows\System\dwlKDQQ.exe
  2⤵
  PID:8776
- C:\Windows\System\uBNfBHJ.exe
  C:\Windows\System\uBNfBHJ.exe
  2⤵
  PID:8796
- C:\Windows\System\dECdSbN.exe
  C:\Windows\System\dECdSbN.exe
  2⤵
  PID:8812
- C:\Windows\System\JUlbsgh.exe
  C:\Windows\System\JUlbsgh.exe
  2⤵
  PID:8836
- C:\Windows\System\JfQDkEM.exe
  C:\Windows\System\JfQDkEM.exe
  2⤵
  PID:8860
- C:\Windows\System\QvLrJVU.exe
  C:\Windows\System\QvLrJVU.exe
  2⤵
  PID:8876
- C:\Windows\System\vapZTQX.exe
  C:\Windows\System\vapZTQX.exe
  2⤵
  PID:8896
- C:\Windows\System\kYlReVg.exe
  C:\Windows\System\kYlReVg.exe
  2⤵
  PID:8912
- C:\Windows\System\QVvzeQE.exe
  C:\Windows\System\QVvzeQE.exe
  2⤵
  PID:8928
- C:\Windows\System\OdntupA.exe
  C:\Windows\System\OdntupA.exe
  2⤵
  PID:8952
- C:\Windows\System\MTPAdsY.exe
  C:\Windows\System\MTPAdsY.exe
  2⤵
  PID:8984
- C:\Windows\System\MIMnliN.exe
  C:\Windows\System\MIMnliN.exe
  2⤵
  PID:9000
- C:\Windows\System\LAryYHD.exe
  C:\Windows\System\LAryYHD.exe
  2⤵
  PID:9020
- C:\Windows\System\CsmzIwU.exe
  C:\Windows\System\CsmzIwU.exe
  2⤵
  PID:9040
- C:\Windows\System\puDTTyx.exe
  C:\Windows\System\puDTTyx.exe
  2⤵
  PID:9056
- C:\Windows\System\TLSxqwW.exe
  C:\Windows\System\TLSxqwW.exe
  2⤵
  PID:9080
- C:\Windows\System\WVRaBAw.exe
  C:\Windows\System\WVRaBAw.exe
  2⤵
  PID:9096
- C:\Windows\System\XkcpPyp.exe
  C:\Windows\System\XkcpPyp.exe
  2⤵
  PID:9112
- C:\Windows\System\DxFpVus.exe
  C:\Windows\System\DxFpVus.exe
  2⤵
  PID:9136
- C:\Windows\System\NvGXhcQ.exe
  C:\Windows\System\NvGXhcQ.exe
  2⤵
  PID:9160
- C:\Windows\System\Bkrswkb.exe
  C:\Windows\System\Bkrswkb.exe
  2⤵
  PID:9180
- C:\Windows\System\tPOrOKY.exe
  C:\Windows\System\tPOrOKY.exe
  2⤵
  PID:9196
- C:\Windows\System\aUaawOI.exe
  C:\Windows\System\aUaawOI.exe
  2⤵
  PID:9212
- C:\Windows\System\MqYnWjT.exe
  C:\Windows\System\MqYnWjT.exe
  2⤵
  PID:8244
- C:\Windows\System\FQIYUrA.exe
  C:\Windows\System\FQIYUrA.exe
  2⤵
  PID:8276
- C:\Windows\System\CJuMmRf.exe
  C:\Windows\System\CJuMmRf.exe
  2⤵
  PID:8096
- C:\Windows\System\WveLayl.exe
  C:\Windows\System\WveLayl.exe
  2⤵
  PID:8220
- C:\Windows\System\TOCWYBc.exe
  C:\Windows\System\TOCWYBc.exe
  2⤵
  PID:8292
- C:\Windows\System\sSBmDHd.exe
  C:\Windows\System\sSBmDHd.exe
  2⤵
  PID:8332
- C:\Windows\System\wbxkXyL.exe
  C:\Windows\System\wbxkXyL.exe
  2⤵
  PID:8348
- C:\Windows\System\AWYzzmj.exe
  C:\Windows\System\AWYzzmj.exe
  2⤵
  PID:8388
- C:\Windows\System\ZjVXvly.exe
  C:\Windows\System\ZjVXvly.exe
  2⤵
  PID:8456
- C:\Windows\System\pMjfHLG.exe
  C:\Windows\System\pMjfHLG.exe
  2⤵
  PID:1004
- C:\Windows\System\CNJXVhS.exe
  C:\Windows\System\CNJXVhS.exe
  2⤵
  PID:8504
- C:\Windows\System\ORawHpq.exe
  C:\Windows\System\ORawHpq.exe
  2⤵
  PID:8524
- C:\Windows\System\ZzZMbag.exe
  C:\Windows\System\ZzZMbag.exe
  2⤵
  PID:8552
- C:\Windows\System\niHnvVG.exe
  C:\Windows\System\niHnvVG.exe
  2⤵
  PID:8592
- C:\Windows\System\xHJLuJl.exe
  C:\Windows\System\xHJLuJl.exe
  2⤵
  PID:8640
- C:\Windows\System\ySplZTb.exe
  C:\Windows\System\ySplZTb.exe
  2⤵
  PID:8692
- C:\Windows\System\YfewzyL.exe
  C:\Windows\System\YfewzyL.exe
  2⤵
  PID:8696
- C:\Windows\System\rdFdOpc.exe
  C:\Windows\System\rdFdOpc.exe
  2⤵
  PID:8732
- C:\Windows\System\HIWVWXZ.exe
  C:\Windows\System\HIWVWXZ.exe
  2⤵
  PID:8756
- C:\Windows\System\OrGnYEE.exe
  C:\Windows\System\OrGnYEE.exe
  2⤵
  PID:8792
- C:\Windows\System\XNuEPwr.exe
  C:\Windows\System\XNuEPwr.exe
  2⤵
  PID:8824
- C:\Windows\System\NKujioS.exe
  C:\Windows\System\NKujioS.exe
  2⤵
  PID:8852
- C:\Windows\System\dYmgdfq.exe
  C:\Windows\System\dYmgdfq.exe
  2⤵
  PID:8872
- C:\Windows\System\SsLsVxK.exe
  C:\Windows\System\SsLsVxK.exe
  2⤵
  PID:8940
- C:\Windows\System\lTPPqsg.exe
  C:\Windows\System\lTPPqsg.exe
  2⤵
  PID:8888
- C:\Windows\System\BZFxKUQ.exe
  C:\Windows\System\BZFxKUQ.exe
  2⤵
  PID:9032
- C:\Windows\System\okuAcxK.exe
  C:\Windows\System\okuAcxK.exe
  2⤵
  PID:9076
- C:\Windows\System\hPgsxDX.exe
  C:\Windows\System\hPgsxDX.exe
  2⤵
  PID:9108
- C:\Windows\System\BpjIYXF.exe
  C:\Windows\System\BpjIYXF.exe
  2⤵
  PID:9148
- C:\Windows\System\DynYmTT.exe
  C:\Windows\System\DynYmTT.exe
  2⤵
  PID:9188
- C:\Windows\System\UJfrQiy.exe
  C:\Windows\System\UJfrQiy.exe
  2⤵
  PID:8260
- C:\Windows\System\aLktMHQ.exe
  C:\Windows\System\aLktMHQ.exe
  2⤵
  PID:7500
- C:\Windows\System\jwDQRyB.exe
  C:\Windows\System\jwDQRyB.exe
  2⤵
  PID:8320
- C:\Windows\System\TQLlSWy.exe
  C:\Windows\System\TQLlSWy.exe
  2⤵
  PID:9208
- C:\Windows\System\TxsBHOA.exe
  C:\Windows\System\TxsBHOA.exe
  2⤵
  PID:9124
- C:\Windows\System\MKAvsfc.exe
  C:\Windows\System\MKAvsfc.exe
  2⤵
  PID:8376
- C:\Windows\System\toJsUSH.exe
  C:\Windows\System\toJsUSH.exe
  2⤵
  PID:8416
- C:\Windows\System\vyHrhgY.exe
  C:\Windows\System\vyHrhgY.exe
  2⤵
  PID:8436
- C:\Windows\System\FrtQewn.exe
  C:\Windows\System\FrtQewn.exe
  2⤵
  PID:8484
- C:\Windows\System\sizyaoF.exe
  C:\Windows\System\sizyaoF.exe
  2⤵
  PID:8520
- C:\Windows\System\OZtCuYI.exe
  C:\Windows\System\OZtCuYI.exe
  2⤵
  PID:8568
- C:\Windows\System\qHADFDV.exe
  C:\Windows\System\qHADFDV.exe
  2⤵
  PID:8660
- C:\Windows\System\sDdtRYG.exe
  C:\Windows\System\sDdtRYG.exe
  2⤵
  PID:8804
- C:\Windows\System\BqSrVzv.exe
  C:\Windows\System\BqSrVzv.exe
  2⤵
  PID:8828
- C:\Windows\System\rNMmWhw.exe
  C:\Windows\System\rNMmWhw.exe
  2⤵
  PID:8856
- C:\Windows\System\EnzeQQj.exe
  C:\Windows\System\EnzeQQj.exe
  2⤵
  PID:8700
- C:\Windows\System\MxNVTbA.exe
  C:\Windows\System\MxNVTbA.exe
  2⤵
  PID:8992
- C:\Windows\System\ZYTcryA.exe
  C:\Windows\System\ZYTcryA.exe
  2⤵
  PID:9028
- C:\Windows\System\DVjEoYu.exe
  C:\Windows\System\DVjEoYu.exe
  2⤵
  PID:9168
- C:\Windows\System\eZIIpKw.exe
  C:\Windows\System\eZIIpKw.exe
  2⤵
  PID:8316
- C:\Windows\System\JMxjhxc.exe
  C:\Windows\System\JMxjhxc.exe
  2⤵
  PID:9016
- C:\Windows\System\wVgAyGA.exe
  C:\Windows\System\wVgAyGA.exe
  2⤵
  PID:8112
- C:\Windows\System\UotoxII.exe
  C:\Windows\System\UotoxII.exe
  2⤵
  PID:9176
- C:\Windows\System\AlKnQOk.exe
  C:\Windows\System\AlKnQOk.exe
  2⤵
  PID:8404
- C:\Windows\System\wgrHMCA.exe
  C:\Windows\System\wgrHMCA.exe
  2⤵
  PID:8464
- C:\Windows\System\pijamJC.exe
  C:\Windows\System\pijamJC.exe
  2⤵
  PID:8428
- C:\Windows\System\rhOXYof.exe
  C:\Windows\System\rhOXYof.exe
  2⤵
  PID:8636
- C:\Windows\System\fpWNBAE.exe
  C:\Windows\System\fpWNBAE.exe
  2⤵
  PID:8708
- C:\Windows\System\KrTxvrP.exe
  C:\Windows\System\KrTxvrP.exe
  2⤵
  PID:8728
- C:\Windows\System\LnHtluP.exe
  C:\Windows\System\LnHtluP.exe
  2⤵
  PID:8884
- C:\Windows\System\JupIwxW.exe
  C:\Windows\System\JupIwxW.exe
  2⤵
  PID:8976
- C:\Windows\System\OVOxAid.exe
  C:\Windows\System\OVOxAid.exe
  2⤵
  PID:8236
- C:\Windows\System\JGhTjGs.exe
  C:\Windows\System\JGhTjGs.exe
  2⤵
  PID:9104
- C:\Windows\System\YLHGsRj.exe
  C:\Windows\System\YLHGsRj.exe
  2⤵
  PID:8304
- C:\Windows\System\TPpUzIB.exe
  C:\Windows\System\TPpUzIB.exe
  2⤵
  PID:7872
- C:\Windows\System\rLeqIkz.exe
  C:\Windows\System\rLeqIkz.exe
  2⤵
  PID:8432
- C:\Windows\System\UDQmwUt.exe
  C:\Windows\System\UDQmwUt.exe
  2⤵
  PID:8644
- C:\Windows\System\LfmmajL.exe
  C:\Windows\System\LfmmajL.exe
  2⤵
  PID:8768
- C:\Windows\System\HVtzORa.exe
  C:\Windows\System\HVtzORa.exe
  2⤵
  PID:8868
- C:\Windows\System\GOQhmWs.exe
  C:\Windows\System\GOQhmWs.exe
  2⤵
  PID:9052
- C:\Windows\System\AuGZwUv.exe
  C:\Windows\System\AuGZwUv.exe
  2⤵
  PID:8224
- C:\Windows\System\DkYhzWH.exe
  C:\Windows\System\DkYhzWH.exe
  2⤵
  PID:8480
- C:\Windows\System\FnkohHk.exe
  C:\Windows\System\FnkohHk.exe
  2⤵
  PID:8536
- C:\Windows\System\nbsOkyB.exe
  C:\Windows\System\nbsOkyB.exe
  2⤵
  PID:8924
- C:\Windows\System\kGNOzRQ.exe
  C:\Windows\System\kGNOzRQ.exe
  2⤵
  PID:8288
- C:\Windows\System\cCosURX.exe
  C:\Windows\System\cCosURX.exe
  2⤵
  PID:8608
- C:\Windows\System\pcbCtQz.exe
  C:\Windows\System\pcbCtQz.exe
  2⤵
  PID:9064
- C:\Windows\System\tjIAySd.exe
  C:\Windows\System\tjIAySd.exe
  2⤵
  PID:8624
- C:\Windows\System\HdcWrok.exe
  C:\Windows\System\HdcWrok.exe
  2⤵
  PID:9156
- C:\Windows\System\AGboLdS.exe
  C:\Windows\System\AGboLdS.exe
  2⤵
  PID:9068
- C:\Windows\System\JrCBfeo.exe
  C:\Windows\System\JrCBfeo.exe
  2⤵
  PID:7304
- C:\Windows\System\ZSumKEF.exe
  C:\Windows\System\ZSumKEF.exe
  2⤵
  PID:9244
- C:\Windows\System\QTEaRoG.exe
  C:\Windows\System\QTEaRoG.exe
  2⤵
  PID:9260
- C:\Windows\System\ZnPPWCF.exe
  C:\Windows\System\ZnPPWCF.exe
  2⤵
  PID:9284
- C:\Windows\System\gYNmYhL.exe
  C:\Windows\System\gYNmYhL.exe
  2⤵
  PID:9308
- C:\Windows\System\mFOSDWx.exe
  C:\Windows\System\mFOSDWx.exe
  2⤵
  PID:9324
- C:\Windows\System\KFuoFnD.exe
  C:\Windows\System\KFuoFnD.exe
  2⤵
  PID:9340
- C:\Windows\System\WQGuLlD.exe
  C:\Windows\System\WQGuLlD.exe
  2⤵
  PID:9360
- C:\Windows\System\wrPhNqK.exe
  C:\Windows\System\wrPhNqK.exe
  2⤵
  PID:9380
- C:\Windows\System\cAcdmAU.exe
  C:\Windows\System\cAcdmAU.exe
  2⤵
  PID:9400
- C:\Windows\System\ElyhVSa.exe
  C:\Windows\System\ElyhVSa.exe
  2⤵
  PID:9428
- C:\Windows\System\rZBlkMZ.exe
  C:\Windows\System\rZBlkMZ.exe
  2⤵
  PID:9444
- C:\Windows\System\cwacWaf.exe
  C:\Windows\System\cwacWaf.exe
  2⤵
  PID:9460
- C:\Windows\System\DVtQCeO.exe
  C:\Windows\System\DVtQCeO.exe
  2⤵
  PID:9476
- C:\Windows\System\NroYrKC.exe
  C:\Windows\System\NroYrKC.exe
  2⤵
  PID:9492
- C:\Windows\System\xMSSJxl.exe
  C:\Windows\System\xMSSJxl.exe
  2⤵
  PID:9516
- C:\Windows\System\kYBTUzm.exe
  C:\Windows\System\kYBTUzm.exe
  2⤵
  PID:9532
- C:\Windows\System\MNGwzae.exe
  C:\Windows\System\MNGwzae.exe
  2⤵
  PID:9552
- C:\Windows\System\cTgqUuW.exe
  C:\Windows\System\cTgqUuW.exe
  2⤵
  PID:9580
- C:\Windows\System\AXwFFyL.exe
  C:\Windows\System\AXwFFyL.exe
  2⤵
  PID:9604
- C:\Windows\System\dRRqTxn.exe
  C:\Windows\System\dRRqTxn.exe
  2⤵
  PID:9624
- C:\Windows\System\WRvHenp.exe
  C:\Windows\System\WRvHenp.exe
  2⤵
  PID:9644
- C:\Windows\System\ZYDtbxQ.exe
  C:\Windows\System\ZYDtbxQ.exe
  2⤵
  PID:9660
- C:\Windows\System\NczWhSJ.exe
  C:\Windows\System\NczWhSJ.exe
  2⤵
  PID:9676
- C:\Windows\System\mvQqIpb.exe
  C:\Windows\System\mvQqIpb.exe
  2⤵
  PID:9704
- C:\Windows\System\qQfPJOL.exe
  C:\Windows\System\qQfPJOL.exe
  2⤵
  PID:9728
- C:\Windows\System\TffdBYq.exe
  C:\Windows\System\TffdBYq.exe
  2⤵
  PID:9744
- C:\Windows\System\BeKxgbT.exe
  C:\Windows\System\BeKxgbT.exe
  2⤵
  PID:9760
- C:\Windows\System\VLKPvPk.exe
  C:\Windows\System\VLKPvPk.exe
  2⤵
  PID:9780
- C:\Windows\System\dxXSGHz.exe
  C:\Windows\System\dxXSGHz.exe
  2⤵
  PID:9796
- C:\Windows\System\WSuWSDB.exe
  C:\Windows\System\WSuWSDB.exe
  2⤵
  PID:9824
- C:\Windows\System\DLuRard.exe
  C:\Windows\System\DLuRard.exe
  2⤵
  PID:9848
- C:\Windows\System\KYxbDAW.exe
  C:\Windows\System\KYxbDAW.exe
  2⤵
  PID:9868
- C:\Windows\System\QHqKVYC.exe
  C:\Windows\System\QHqKVYC.exe
  2⤵
  PID:9884
- C:\Windows\System\sDGOITx.exe
  C:\Windows\System\sDGOITx.exe
  2⤵
  PID:9904
- C:\Windows\System\PChYQSi.exe
  C:\Windows\System\PChYQSi.exe
  2⤵
  PID:9920
- C:\Windows\System\GixXgom.exe
  C:\Windows\System\GixXgom.exe
  2⤵
  PID:9944
- C:\Windows\System\yqDuLPt.exe
  C:\Windows\System\yqDuLPt.exe
  2⤵
  PID:9960
- C:\Windows\System\RSIKpNC.exe
  C:\Windows\System\RSIKpNC.exe
  2⤵
  PID:9976
- C:\Windows\System\PXVDoyK.exe
  C:\Windows\System\PXVDoyK.exe
  2⤵
  PID:10008
- C:\Windows\System\JSStoAm.exe
  C:\Windows\System\JSStoAm.exe
  2⤵
  PID:10024
- C:\Windows\System\frrjnsr.exe
  C:\Windows\System\frrjnsr.exe
  2⤵
  PID:10044
- C:\Windows\System\zGEiGAm.exe
  C:\Windows\System\zGEiGAm.exe
  2⤵
  PID:10060
- C:\Windows\System\nQxVfLs.exe
  C:\Windows\System\nQxVfLs.exe
  2⤵
  PID:10076
- C:\Windows\System\aFkghiB.exe
  C:\Windows\System\aFkghiB.exe
  2⤵
  PID:10092
- C:\Windows\System\hETFnXE.exe
  C:\Windows\System\hETFnXE.exe
  2⤵
  PID:10112
- C:\Windows\System\LDZCtzj.exe
  C:\Windows\System\LDZCtzj.exe
  2⤵
  PID:10148
- C:\Windows\System\EyKIHTO.exe
  C:\Windows\System\EyKIHTO.exe
  2⤵
  PID:10164
- C:\Windows\System\FXdZcdN.exe
  C:\Windows\System\FXdZcdN.exe
  2⤵
  PID:10180
- C:\Windows\System\ndpJWTc.exe
  C:\Windows\System\ndpJWTc.exe
  2⤵
  PID:10204
- C:\Windows\System\oCLhiuT.exe
  C:\Windows\System\oCLhiuT.exe
  2⤵
  PID:10224
- C:\Windows\System\fGOAwAb.exe
  C:\Windows\System\fGOAwAb.exe
  2⤵
  PID:6804
- C:\Windows\System\rsPZHIN.exe
  C:\Windows\System\rsPZHIN.exe
  2⤵
  PID:9240
- C:\Windows\System\RskhZkL.exe
  C:\Windows\System\RskhZkL.exe
  2⤵
  PID:9256
- C:\Windows\System\EgEpqoQ.exe
  C:\Windows\System\EgEpqoQ.exe
  2⤵
  PID:9304
- C:\Windows\System\HqzUNFv.exe
  C:\Windows\System\HqzUNFv.exe
  2⤵
  PID:9336
- C:\Windows\System\JCjwXVR.exe
  C:\Windows\System\JCjwXVR.exe
  2⤵
  PID:9388
- C:\Windows\System\BUasCxX.exe
  C:\Windows\System\BUasCxX.exe
  2⤵
  PID:9392
- C:\Windows\System\IAEfzon.exe
  C:\Windows\System\IAEfzon.exe
  2⤵
  PID:9436
- C:\Windows\System\BhaHGFj.exe
  C:\Windows\System\BhaHGFj.exe
  2⤵
  PID:9488
- C:\Windows\System\KTodZof.exe
  C:\Windows\System\KTodZof.exe
  2⤵
  PID:9524
- C:\Windows\System\EQEoorI.exe
  C:\Windows\System\EQEoorI.exe
  2⤵
  PID:9504
- C:\Windows\System\bFfNRXp.exe
  C:\Windows\System\bFfNRXp.exe
  2⤵
  PID:9592
- C:\Windows\System\fAPhjFB.exe
  C:\Windows\System\fAPhjFB.exe
  2⤵
  PID:9620
- C:\Windows\System\ddiBVKv.exe
  C:\Windows\System\ddiBVKv.exe
  2⤵
  PID:9656
- C:\Windows\System\SZsbeNY.exe
  C:\Windows\System\SZsbeNY.exe
  2⤵
  PID:9712
- C:\Windows\System\lfwvzXb.exe
  C:\Windows\System\lfwvzXb.exe
  2⤵
  PID:9724
- C:\Windows\System\UaECNTw.exe
  C:\Windows\System\UaECNTw.exe
  2⤵
  PID:9756
- C:\Windows\System\OoeSdRw.exe
  C:\Windows\System\OoeSdRw.exe
  2⤵
  PID:9776
- C:\Windows\System\UoxiUGs.exe
  C:\Windows\System\UoxiUGs.exe
  2⤵
  PID:9812
- C:\Windows\System\rADzflG.exe
  C:\Windows\System\rADzflG.exe
  2⤵
  PID:9844
- C:\Windows\System\SdHyQjw.exe
  C:\Windows\System\SdHyQjw.exe
  2⤵
  PID:9876
- C:\Windows\System\iSXSkAu.exe
  C:\Windows\System\iSXSkAu.exe
  2⤵
  PID:9928
- C:\Windows\System\xOgxyxi.exe
  C:\Windows\System\xOgxyxi.exe
  2⤵
  PID:9968
- C:\Windows\System\iztPCZP.exe
  C:\Windows\System\iztPCZP.exe
  2⤵
  PID:9956
- C:\Windows\System\rNBnlNh.exe
  C:\Windows\System\rNBnlNh.exe
  2⤵
  PID:9996
- C:\Windows\System\fArOTAe.exe
  C:\Windows\System\fArOTAe.exe
  2⤵
  PID:10052
- C:\Windows\System\IvdSFkA.exe
  C:\Windows\System\IvdSFkA.exe
  2⤵
  PID:10068
- C:\Windows\System\VTidrnX.exe
  C:\Windows\System\VTidrnX.exe
  2⤵
  PID:10156
- C:\Windows\System\mhuVyee.exe
  C:\Windows\System\mhuVyee.exe
  2⤵
  PID:10140
- C:\Windows\System\vzQhUAB.exe
  C:\Windows\System\vzQhUAB.exe
  2⤵
  PID:10196
- C:\Windows\System\ccYGBCp.exe
  C:\Windows\System\ccYGBCp.exe
  2⤵
  PID:10216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CQIsTHW.exe

Filesize
6.0MB

MD5
5bfd2f49d2430f21352c0b36cc279ebf

SHA1
9420c393963177159c9c9c86ee57a58bfae29cce

SHA256
b116b755052f2dc921729ef1f1cf76551247c7fb019f704da6e1b81df713c81c

SHA512
7ae2eab616e85bc7d98c9c32921ae3d44b2b5ab3e9babe56004c00d0d51da770a2a4dd616ff264735a79a6d32b5103bc12d70447f4f3b5e4c62a1cd466d206da

Download Submit
C:\Windows\system\FbgYOHf.exe

Filesize
6.0MB

MD5
ef08763cc4947341a929ae0b80778f6b

SHA1
c435fc1e01c03e4ef71c4db780befce6d7e8c4f8

SHA256
b00a32f3a57afd9b8905e15f1fa244d52effe03d427f13b30e4e1ece71e3fc66

SHA512
e32864c5fbd7fcebaf935cfb502219277759c0a617514bf5918ec914cf0e7c447c81a62d59c7dee9067fd44b1e2670343c3d6ffd85eed9e0cf60b0c542e01092

Download Submit
C:\Windows\system\HjMRJaV.exe

Filesize
6.0MB

MD5
561798a039df0aaf7ff14cce69bef852

SHA1
268aa6a50ec4715f69ec47c7c7cb83380466bbc2

SHA256
d7fc78ea8ec09f46fc4dac80bfbf84566a44cb8b77177f1b0728b7e7a9fd0e9f

SHA512
07ec8f1abee340ff6a6d177187457f49b0479dfa19de58b6b4f7b2324200fb67d41c25cd8c9e0861f7dbc7037e282a3ffbd7c8d579e4cf81d79ba312ae106bdc

Download Submit
C:\Windows\system\HsHbywL.exe

Filesize
6.0MB

MD5
77a4c6177222405899a21f891fff07e5

SHA1
9a9368a95e6ed5b0da41a0da71033ed6fa67e225

SHA256
cae5e7f8cad531d6c3d4a6761b9243e13081a3f7b7967128a92b3327f588eaa3

SHA512
b4a1541da77abd7fa26e2003aa4dfac5861de2a1ff2b1ad02968a4a324b37efff870598c03aba472dffd87fd1bca0f0cb2a1e3b3a2b2e96eb769b5c2f6aaa06d

Download Submit
C:\Windows\system\TDuPNQZ.exe

Filesize
6.0MB

MD5
d7cf8c17b408cecb9a03a6d9d1512605

SHA1
65febe48f17ee2d399c62c6be87c802e2d95b73e

SHA256
02f7f20fec4c87d4b3051634122eba114000800d3452aa26d16245c3bb5172da

SHA512
2d0ea579337bc3efad705ff69fa7a467498abf080377a383a4b7ddcbf426827cdab647c6b9bd16c482b99d4355305600b4def66e4895501402661f33cb1145bd

Download Submit
C:\Windows\system\UHUUwyn.exe

Filesize
6.0MB

MD5
8f7ecd93cac8d2994daf5ec1e64c6657

SHA1
ab74b0e2ad07d392dc291fb1a495668842100cc6

SHA256
fe7b419930cca3878b3d89b2fb5a8eab7451300316c19e2fa9dc7dfa36a368ae

SHA512
4574250966bbdb24e34f7027fa371a5f197397f9aad7b1651ce20a6dde0285c3ffe3fb812a642f68719d822e2c7c2c73d9ec59f8f5887d116059a348fc5ca4c3

Download Submit
C:\Windows\system\UvnYnqe.exe

Filesize
6.0MB

MD5
98448fa7a4f11b48ae2f66e6fb87d66c

SHA1
e6edeb156ea26ae2ac55ea30d5e26f618d69fb0c

SHA256
f9669f5432e184753dc1523fdc84d57f8ca94e0621317cd2b633218082169c46

SHA512
0bf5816ed047991cd58d465b288ed5114881eb85aead84a234da1d83b7e9a52872564d4ee1ef5e177d340e25aef250b2ad2f441f50940545c09eaaee272da11f

Download Submit
C:\Windows\system\YwCyfZS.exe

Filesize
6.0MB

MD5
695f1e8c49547fa97cce7be8fde9cdc4

SHA1
7a4600c1daefc5a4603fb9b8622a63853fd56a7a

SHA256
25c8f43a3b246beb717b90ce0b01ff547a75aa5a7002c8e4c82a718e21b8baaa

SHA512
ab0e489f890e11f244238be847535c2144d54f582eda5307dd8e97cb3f63051aabada40ddda7df04fb122b1732de301b3f6dec28e7a48ecdecc5d2be10f00c21

Download Submit
C:\Windows\system\dTntbdi.exe

Filesize
6.0MB

MD5
42199ea198b73513343eb6859fb42467

SHA1
aae2b735e473c1b291cb287acf0e6ebdd0af5945

SHA256
680cb8ca920459cd93d033661e65c2fe66de7d7378100d56b9a6535958fc1cf4

SHA512
a12e66820ad92ad029d458020a01fc1a2039be5956c37d5e19c6ed1430091ed5a2589431ef8a43d790d9afd273e88e9cc25a4f5910ad561e72b505b8e33a30dc

Download Submit
C:\Windows\system\dlpDWPI.exe

Filesize
8B

MD5
b893de0ecf1bfe6567410bca94d7d104

SHA1
e9f602a57e590e57ec6b58f949ab31cf34730fe7

SHA256
887b6f7b89f1b98ba01d50d6a34b568d48b9042d86a48ccaf7a0bf3c144dc69c

SHA512
dd84059e66c68ee6189c01bb7a78cadfbfa477566b993557fbca9fa87fe97a3bbf42205fc15e018c153442ac33e0f883e7c99254823daf079b9378eb047c6355

Download Submit
C:\Windows\system\eLGrsMt.exe

Filesize
6.0MB

MD5
982e1e578e4ef41ef81b4a4cd5874556

SHA1
b086e3c812ec5dc92eb4c535dc98a722dbfa63af

SHA256
186fff52af946bf5fda3cb949395892cecae1311c08cb9bb7bc8de4d94c4f83a

SHA512
867d6db013bf42f5bead34e19279e6f2d6884f2a79d40079bdb53cc0133a5e46791f6879eb1116b15654f1578c00d91f12c1e5a6158f740ec987b061447fa1fe

Download Submit
C:\Windows\system\flWNulA.exe

Filesize
6.0MB

MD5
72dfdf2af789d1c3082717222ac8a3f1

SHA1
4829e4639bf23e30371231534d3d29c2caaaad15

SHA256
e8684203deb0c428a02b1994b461281d198d5c26be7a3e5add83530a86868b13

SHA512
b63ad140eed4b549e187e5868aa4d164411e15fd13baf018ce51444121eb32fd20a707bc085559c49f72e74ae351edfa4985a08fb93d640e41afe7db26de4413

Download Submit
C:\Windows\system\gmuTIqo.exe

Filesize
6.0MB

MD5
719e5d8577d8c96ac540dcc9c3a4a7aa

SHA1
ae86cb9fb15bff55c848c1216247114710d528c7

SHA256
4064f36bd42644061c1989e55592ffb5a7fd50cd976c605829b6592e486382a6

SHA512
7f972cc162d833c5f1c03e8a76d00d15043660bc7d60b8b051290030f09b019b0f589befc3c059cc79c9d7bb23f39ab88aad32052fd870cefd7258880132b99b

Download Submit
C:\Windows\system\gxiWPhe.exe

Filesize
6.0MB

MD5
e764d74c81e07a12612170d803ede2de

SHA1
4511aa331b5a1de213dbb48328b2325077f8efcd

SHA256
5d34e9509cf526c24282f6211dc50ff762cc624e7d058e45827632cb7c4607ad

SHA512
0cb9850b1f62c97bcd28d5de1a32be83675bb66f8d6eaf6885a7ba860173a63c9788407cf34017ab782bc3861742c401b5b269eafba6b19ab8164c3703dbb44c

Download Submit
C:\Windows\system\gzdXMOF.exe

Filesize
6.0MB

MD5
493cf0a7f16f17a30266d741fadbf883

SHA1
1c715cd62aa2f35fa28b018c9178ccbb5e423168

SHA256
5e72d9f304aa3fccd15a47856162447568af5a6a6dc85df8af980b1a2ec3e373

SHA512
51db1915996dd18ca69c3d3c878c33f35e99397a3517120c613a40aea846be200ca26d616052e8832e5a22d2547eabdc4f059e0bbefd5b759c287d521731e02f

Download Submit
C:\Windows\system\mdfrEXY.exe

Filesize
6.0MB

MD5
f14684f5b961c344f8fc2a85c1692380

SHA1
fada49a7f8f9f8085f4fdb6921476832eb31cc0c

SHA256
28773108b50f75d90f9da700dce5249a8978ad9ffe2b9e6c519afb0558aa3584

SHA512
ee0c751fa18741067b328374d3d381f443468441edda62019ace38d482b32826cb8aa99316d531814eba6d586c882465aa4e74830710ef69252d3f071fbc8997

Download Submit
C:\Windows\system\naOupev.exe

Filesize
6.0MB

MD5
4344bd1228bde3970f5f631ee1c7231d

SHA1
a45fc3af633d122ea46fea39db8d0411bea284e0

SHA256
d0949cf5ef7f399561bbfa58ea012f0c7f6913bbba58eb1810c189456048ac4a

SHA512
09e080ec986e4fee4050606037dabb02ae28ecd8ebb324890fed14790e80ca691d591990f78f3eaa614e9303fa08b2e61560528051d1ee42f533099cf1c61173

Download Submit
C:\Windows\system\okrjfic.exe

Filesize
6.0MB

MD5
deb0b161e051bc898986bf2b67db6910

SHA1
e7e06a3c339b5f32001467f6eeb141868ca47561

SHA256
5e7e37cd1f61fbaf069be5b63f14cc889b89fbbada74d8d15364f4179ff79730

SHA512
18e45a23aaed8eab7207e5954cf3ac0be0528bc6bdba1f850cbde185f7071dc256c97b88b08331fedc09082ef6ca9f3fa4735945fa51835d90c278dcc9010f83

Download Submit
C:\Windows\system\qwcWXNa.exe

Filesize
6.0MB

MD5
c9ce8083e91407ba39edbc65214c718e

SHA1
24ff203e64005dc690a6663aea0a63f03aae670f

SHA256
8ad9a0494d1c20d902fce21a97723863e191a681f1dad53306d58d5640d4faff

SHA512
3d0f63c9f9ad32c073b8911beb6072aad69be55484d335ac9caec6b4bb833ce0b63b8be54d6ed7a245eaa9e0553c24e5a3c4c6c94362faf90ae1c634f8101698

Download Submit
C:\Windows\system\tbaKBNn.exe

Filesize
6.0MB

MD5
ec7f6121a5c7c8ca237ef130fc5b779c

SHA1
752a55ad1ba242195662b512dc6c633e901b5ed9

SHA256
57fd421c02ca5b6416254f50c2cc9151bbe73a5a094534b15c4955415ede3e8b

SHA512
5a18c2adb07106258d5873d4088a5e8ff282f9e5eac7308c037127f031669e73aba544fe084dc32d2644da69e99a513aff2248e39d6eff53074735d2e154b22b

Download Submit
C:\Windows\system\ujOZBui.exe

Filesize
6.0MB

MD5
d48ecae68ffc92b3605778cf1129a688

SHA1
b4f51d268deed705a532e470f371caba5b2e5f9c

SHA256
77214cd782e475e9a1cf94443a23aacede835d740eba4cd170cc16258b1bc352

SHA512
66edfb8de05e75fcf159282873505649b1b91c78d4be97b6f988a77f821ed853fe674ed454d085c5981dc893bda671f2b0c5ba09620b75354616acd8feff293a

Download Submit
C:\Windows\system\wjjRcYx.exe

Filesize
6.0MB

MD5
d98e72c05f0bbfdda07361e9c93a69e4

SHA1
8a2a602e7c466001b6d56ea27fc2473540404680

SHA256
1775f8bd3afc97be5ce9777a58c733040735ac799b7403625d4cb1a5807fd78d

SHA512
841560f2ca9a6683656ee4bd3ed3c8273513942689e40377518d9616cf99835f22c08ce4dd396ec8b374c6bcea63ad3d633db5be28e08a1b5907af35fd46f30f

Download Submit
C:\Windows\system\zDXfkiG.exe

Filesize
6.0MB

MD5
8f66220a43bb747d5325627b18044d2c

SHA1
a005912d2206972476166681efe2841d4070e95d

SHA256
5f54cfb03a606f3f3b2d8d63291e12faf5effc114e35bdc0b110fbf40ca982b6

SHA512
74b99c68a5046be4a9ce6ac1ec697d1f0777d84de6892507691fd49b1429fd8d55a5e61d5f1997b5bba920ca3c93f2bb22db1132eec7d4708bda67e815ba4e90

Download Submit
C:\Windows\system\zxlJjMr.exe

Filesize
6.0MB

MD5
28e4ecc842079785a900453f2dc0703c

SHA1
6efa6a0f6ee63d132df440183c2c519ef70bfe60

SHA256
27afc761da51464564d835038db2b6a3109d496b7bb17f7368d05179b6c8b185

SHA512
cedda11c4e5d2cb84f0e9ab31e63835339dd4c30f4aefbd9fdb8be7a0e5cd2f44023d06357557b409d4345e1d5cd5126749ac874a7b7f4ea22407fc70b92cae4

Download Submit
\Windows\system\CMPrXlm.exe

Filesize
6.0MB

MD5
cbecb85f6c707947e44a4cf00aabc70e

SHA1
a33ace19984f46ef5d471d58bd06c13705bf106e

SHA256
685b9fa7a3f3320dab7295c331f55e061df7c33df4ec4a4254eb97332ff03b60

SHA512
e55245342d0ed63299c033d7a72b27e8958239929435d225add7299e99124099a10e91e1370a707061e46ef3aee3ebe5fba399650a9615d26df9ba924ebaebb0

Download Submit
\Windows\system\RgbwOnF.exe

Filesize
6.0MB

MD5
00051073338a4d2aab0f72c2ee09b8a1

SHA1
d841eb193973ad86e903158768b5c231603b4b77

SHA256
403efd5a72ed862bad263767e17e2263f8d34898c0b0ae2bc194b08060df3310

SHA512
6dda09371c11d3ac0c078c383bd0a77d58f38d0bf10a86f8fb7be216a7b71bd4065989ff6ae45eeadf0d171267768b0fa985796d67e6ea01b179dc93a189eab5

Download Submit
\Windows\system\SRxyOXF.exe

Filesize
6.0MB

MD5
62fb6d63f301833a07ed1e7faa518acf

SHA1
1e589d8517e44463778cfab6234f9d75fe9dd94c

SHA256
22b442148d8f49c916a9b7b72bec2cbe3eaf373e127561f4bfbebfccdfa58c3b

SHA512
750aada91084d9ba159847ff667bda4d1fc6b8ba08ba0acc3739d5d15c882572fdc7110ba77c12a4d8c8ce803a90f04999bcde33bd79b634d45504fe946cc31d

Download Submit
\Windows\system\WfdUEWu.exe

Filesize
6.0MB

MD5
4ebe6aa141a296b8ef44f4fc5e4b69cf

SHA1
c6bf5574068a03b983ea8fdc4afe0434e2a0c0c2

SHA256
3a709e136c341e3a3e1892f27d2721b66dd3685033da496c24c5cad007ed4842

SHA512
d266f094b1c944c625424b0b34c75bb24084c09d338b29cc7cd499582da116ab4d7d9a775244507de4c4f6a2101d932562e6748a1096f61c5035b3beb4a7d2a5

Download Submit
\Windows\system\aDoaPFU.exe

Filesize
6.0MB

MD5
0ed45a3fbca409547c5704e0d1f546ce

SHA1
09672625881a4cebc6797d3f74dd051c6d5e7c3b

SHA256
3c0469a6fd8089f98e6b3d212af836c10aed6c4e1dd9209b6680bf589af08146

SHA512
fbe9e60bf565c04131622bdc1d134b5feb7e0b6b08b37c0b0d6649f928e8048a16657ce4a0e4018d2be4991d6c8b5d8047e7287703896a2687d3133cf69f968f

Download Submit
\Windows\system\hNvbCCH.exe

Filesize
6.0MB

MD5
3730b681b69ed4c39d56515d3e651898

SHA1
a0e5ba57ad8cd5dd9be345446391f32ff54f570e

SHA256
f5fde4dbaceeb82d5a477da9aa1aa347898223b57772a0a75479ca3ce61552c4

SHA512
b417b5b13faea19d27e6d709eb7b9f9995910a6e853029569ff840993fc23f1eac8e289bec5e12b9b451c568b7bc92150e1134c79e7235ff73d7c8a74c322214

Download Submit
\Windows\system\pbNjtdv.exe

Filesize
6.0MB

MD5
6b756ad014bf5d8c232f23c3437bb108

SHA1
7dc34898f5bc3d5075ad9f0aea092f8be803bf14

SHA256
54ce3c4967bffbcc4705bf9dbdfcbf208d420db46e29fbfb0ee43c7e44812a58

SHA512
295ba40ab78895b4c863e712d32e7fc4e594ffb44dcfec86891f37eecb659f3a20ea1459298a814f9daaa765eb6aa0b0f72c237b0bf3dd329b1cf100057de850

Download Submit
\Windows\system\rBdJXbY.exe

Filesize
6.0MB

MD5
c2a99311418a93de68eda16dae46c2db

SHA1
f9aa513ba62432c604469bd4ce3f50117f631d37

SHA256
efd7689f79b13da1426844723170ee03f5bdb433e1bbdda1667fbb95ca0ed249

SHA512
a5a1814b2c3f98f237fac1b9b41e417c58f92f1f008470f223d7e747b2c8821e74b771e39987d5a0471fa678ee114376f4f629565af760ebc08f7809a89d6986

Download Submit
\Windows\system\xWcsuhr.exe

Filesize
6.0MB

MD5
ae2015d65292071e40a5dfdb9cecb7b6

SHA1
9f3027fa5de24e97488a820abe5dfb035a2e1666

SHA256
14b90c0bd7deb17742601e593194ec902db2ee3bdcaf029bf5b392d478580775

SHA512
58aece8ade6648a234614ca5a7f70c9f7041ce011c4756ba09b6babbe0f3a346882b09ef804ed99201820d841f103e1e98d3c6b9a5e0addc585b02bfdf5ed668

Download Submit
memory/1308-110-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1308-3913-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1664-53-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1664-3374-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1664-21-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1756-3856-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1756-101-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1756-658-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2292-3860-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2292-91-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2292-387-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2320-63-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3386-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2320-28-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2380-801-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-34-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2380-102-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2380-111-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-87-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2380-109-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-70-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-93-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-65-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2380-114-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2380-98-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2380-58-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-0-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2380-39-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1079-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2380-311-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2380-17-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2380-76-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-574-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2380-89-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2380-47-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-24-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2380-36-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2380-32-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3718-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-61-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-96-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3373-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2432-19-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2528-42-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2528-3378-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2528-8-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3857-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2636-74-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2636-113-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2720-37-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3407-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-68-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2728-108-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3724-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2860-73-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3443-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2860-45-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3553-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2896-86-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2896-51-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3842-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/3060-88-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download