cobaltstrike | 947751bf163e40cd278b847484455b4a3a8105180ea59d99ba811412b00ae95e

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b98da8f684efcc1a5edaeff101e889e7
SHA1

a3de6efda427595671b158fa32a812f0997e52e6
SHA256

947751bf163e40cd278b847484455b4a3a8105180ea59d99ba811412b00ae95e
SHA512

7334b532ac796525d1a5bce00160c98c5fd69ff5f37c19e528c1dd23fa0ed8999d6c816b7ee03a4f0fa8bd81ce4f90a736ad9f92d1991e9a32abeb447ecdbef2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012254-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016276-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001650a-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000167ea-19.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-137.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015fba-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-54.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc1-49.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c36-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016a49-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1668-0-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x000d000000012254-3.dat	xmrig
behavioral1/files/0x0008000000016276-11.dat	xmrig
behavioral1/files/0x000800000001650a-15.dat	xmrig
behavioral1/files/0x00070000000167ea-19.dat	xmrig
behavioral1/memory/2356-14-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1668-40-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-59.dat	xmrig
behavioral1/files/0x000500000001938b-69.dat	xmrig
behavioral1/files/0x0005000000019399-74.dat	xmrig
behavioral1/files/0x00050000000193c8-89.dat	xmrig
behavioral1/files/0x00050000000193b7-79.dat	xmrig
behavioral1/files/0x00050000000193c1-82.dat	xmrig
behavioral1/files/0x00050000000193ec-119.dat	xmrig
behavioral1/files/0x000500000001960a-167.dat	xmrig
behavioral1/files/0x000500000001960d-178.dat	xmrig
behavioral1/memory/2104-239-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1572-638-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x000500000001960e-182.dat	xmrig
behavioral1/files/0x0005000000019610-188.dat	xmrig
behavioral1/files/0x000500000001960c-173.dat	xmrig
behavioral1/files/0x00050000000195d9-162.dat	xmrig
behavioral1/files/0x00050000000194f3-152.dat	xmrig
behavioral1/files/0x0005000000019537-157.dat	xmrig
behavioral1/files/0x0005000000019441-142.dat	xmrig
behavioral1/files/0x00050000000194bd-147.dat	xmrig
behavioral1/files/0x000500000001941a-132.dat	xmrig
behavioral1/files/0x0005000000019436-137.dat	xmrig
behavioral1/files/0x0009000000015fba-122.dat	xmrig
behavioral1/memory/1668-115-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2632-113-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1668-112-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2568-111-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2668-109-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2524-107-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1668-106-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2880-105-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2672-103-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1668-102-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/2564-101-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1668-100-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/2708-99-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019417-127.dat	xmrig
behavioral1/memory/2828-98-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d4-94.dat	xmrig
behavioral1/files/0x0005000000019280-64.dat	xmrig
behavioral1/files/0x0005000000019263-54.dat	xmrig
behavioral1/files/0x0008000000016dc1-49.dat	xmrig
behavioral1/files/0x0008000000016c53-44.dat	xmrig
behavioral1/files/0x0007000000016c36-39.dat	xmrig
behavioral1/memory/1572-35-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016a49-34.dat	xmrig
behavioral1/memory/600-33-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1668-32-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2864-31-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2104-12-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2864-3443-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2828-3488-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2672-3474-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2708-3472-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2668-3471-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2564-3485-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/600-3469-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2632-3477-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2104	IgWLneI.exe
2356	vVRsAfE.exe
2864	lpjASpO.exe
600	qsCdFph.exe
1572	xvWKXEH.exe
2828	jppWQmO.exe
2708	etqQSJn.exe
2564	EdicAcz.exe
2672	cSAltyZ.exe
2880	aLxMlNc.exe
2524	oZCBvji.exe
2668	fQVASIM.exe
2568	SWMsPZL.exe
2632	KUmlyzb.exe
3008	fzSQCtv.exe
3020	OklEkfe.exe
1472	oaGkxqk.exe
1456	LEDAwwi.exe
2852	TbpeMau.exe
756	jyIAGUH.exe
2916	lGVpQoO.exe
2212	eXFmeOd.exe
2192	oIJwlXg.exe
2408	iiSHRhQ.exe
2232	UcATiGt.exe
1996	RqYojzK.exe
1124	yKjtRmw.exe
1108	mpgeXcv.exe
2540	lOkrNOW.exe
1944	BJikizp.exe
2484	DdpyuKT.exe
696	pDoqLes.exe
2744	heMHmqI.exe
1928	LsNeNma.exe
908	AaqAngb.exe
1216	qooaphW.exe
108	ebSjEHn.exe
1492	klTQWOb.exe
1708	woJSJHv.exe
1564	TFoSXtK.exe
1052	IBcwsMh.exe
2056	afBqVAT.exe
2448	HjRxalc.exe
2220	Yrzdvnn.exe
1560	ZYwFxtv.exe
2072	HpcVEIK.exe
316	xVFrbzo.exe
2188	ApEoQlx.exe
1632	GQILeSe.exe
1956	SwBmyEp.exe
1520	ZqftxFR.exe
2088	ZyeyIRG.exe
3064	apbiPtB.exe
2324	Hvwapzr.exe
2648	ZAihpzT.exe
2696	IYtOMtY.exe
2688	tBSDTUK.exe
2932	LqhWoHv.exe
2592	lDkQIwv.exe
2720	cuEcSLg.exe
1780	yZJZART.exe
2444	YqrexVa.exe
2068	lDZbBxB.exe
1524	upBThpm.exe

Loads dropped DLL 64 IoCs

pid	Process
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1668-0-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x000d000000012254-3.dat	upx
behavioral1/files/0x0008000000016276-11.dat	upx
behavioral1/files/0x000800000001650a-15.dat	upx
behavioral1/files/0x00070000000167ea-19.dat	upx
behavioral1/memory/2356-14-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0005000000019278-59.dat	upx
behavioral1/files/0x000500000001938b-69.dat	upx
behavioral1/files/0x0005000000019399-74.dat	upx
behavioral1/files/0x00050000000193c8-89.dat	upx
behavioral1/files/0x00050000000193b7-79.dat	upx
behavioral1/files/0x00050000000193c1-82.dat	upx
behavioral1/files/0x00050000000193ec-119.dat	upx
behavioral1/files/0x000500000001960a-167.dat	upx
behavioral1/files/0x000500000001960d-178.dat	upx
behavioral1/memory/2104-239-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1572-638-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x000500000001960e-182.dat	upx
behavioral1/files/0x0005000000019610-188.dat	upx
behavioral1/files/0x000500000001960c-173.dat	upx
behavioral1/files/0x00050000000195d9-162.dat	upx
behavioral1/files/0x00050000000194f3-152.dat	upx
behavioral1/files/0x0005000000019537-157.dat	upx
behavioral1/files/0x0005000000019441-142.dat	upx
behavioral1/files/0x00050000000194bd-147.dat	upx
behavioral1/files/0x000500000001941a-132.dat	upx
behavioral1/files/0x0005000000019436-137.dat	upx
behavioral1/files/0x0009000000015fba-122.dat	upx
behavioral1/memory/1668-115-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2632-113-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2568-111-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2668-109-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2524-107-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2880-105-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2672-103-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2564-101-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2708-99-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0005000000019417-127.dat	upx
behavioral1/memory/2828-98-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x00050000000193d4-94.dat	upx
behavioral1/files/0x0005000000019280-64.dat	upx
behavioral1/files/0x0005000000019263-54.dat	upx
behavioral1/files/0x0008000000016dc1-49.dat	upx
behavioral1/files/0x0008000000016c53-44.dat	upx
behavioral1/files/0x0007000000016c36-39.dat	upx
behavioral1/memory/1572-35-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0007000000016a49-34.dat	upx
behavioral1/memory/600-33-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2864-31-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2104-12-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2864-3443-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2828-3488-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2672-3474-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2708-3472-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2668-3471-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2564-3485-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/600-3469-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2632-3477-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2880-3504-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2568-3503-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2524-3476-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1572-3525-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2104-3454-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2356-3434-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WBaQpUI.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNJgzPO.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBbpSqW.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzMkWRO.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxncYyp.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdYcatH.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJwXVyK.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDjgzYI.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avsSZIR.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xjeiaep.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzoQbJT.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPByRlK.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZstWsf.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcpdmvF.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzOgPPV.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsYqhNN.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TssqICM.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfBMgjH.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuNyaMV.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCzQzgq.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkLELAc.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHbQjjb.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhcovCC.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYOnDFr.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kunlzlg.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkoCDeq.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBNdNWN.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPDaECy.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGkMFES.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHUbvHl.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utJNBAW.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trszmzZ.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOwkOSb.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwDssLY.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkvYetP.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzjOvfH.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmIcjvS.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHflunj.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQIrcTK.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGYSWob.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLMPzMi.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGFVlPZ.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nuwUoWi.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTurmyz.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVPoqbx.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYUPnJZ.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkNiYaD.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdfiqGA.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wErxezw.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwcEznl.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmUJkGK.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDhSgyn.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySaGEOu.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NrzDyFW.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haTWCwn.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHichza.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAihpzT.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWUPvMT.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDVjyWR.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCGWWUS.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNXkeWQ.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqOrBNS.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwuOUKM.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQrgtnE.exe	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2104	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1668 wrote to memory of 2104	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1668 wrote to memory of 2104	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1668 wrote to memory of 2356	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1668 wrote to memory of 2356	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1668 wrote to memory of 2356	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1668 wrote to memory of 600	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1668 wrote to memory of 600	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1668 wrote to memory of 600	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1668 wrote to memory of 2864	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1668 wrote to memory of 2864	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1668 wrote to memory of 2864	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1668 wrote to memory of 1572	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1668 wrote to memory of 1572	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1668 wrote to memory of 1572	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1668 wrote to memory of 2828	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1668 wrote to memory of 2828	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1668 wrote to memory of 2828	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1668 wrote to memory of 2708	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1668 wrote to memory of 2708	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1668 wrote to memory of 2708	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1668 wrote to memory of 2564	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1668 wrote to memory of 2564	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1668 wrote to memory of 2564	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1668 wrote to memory of 2672	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1668 wrote to memory of 2672	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1668 wrote to memory of 2672	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1668 wrote to memory of 2880	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1668 wrote to memory of 2880	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1668 wrote to memory of 2880	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1668 wrote to memory of 2524	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1668 wrote to memory of 2524	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1668 wrote to memory of 2524	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1668 wrote to memory of 2668	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1668 wrote to memory of 2668	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1668 wrote to memory of 2668	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1668 wrote to memory of 2568	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1668 wrote to memory of 2568	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1668 wrote to memory of 2568	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1668 wrote to memory of 2632	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1668 wrote to memory of 2632	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1668 wrote to memory of 2632	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1668 wrote to memory of 3008	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1668 wrote to memory of 3008	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1668 wrote to memory of 3008	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1668 wrote to memory of 3020	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1668 wrote to memory of 3020	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1668 wrote to memory of 3020	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1668 wrote to memory of 1472	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1668 wrote to memory of 1472	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1668 wrote to memory of 1472	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1668 wrote to memory of 1456	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1668 wrote to memory of 1456	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1668 wrote to memory of 1456	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1668 wrote to memory of 2852	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1668 wrote to memory of 2852	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1668 wrote to memory of 2852	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1668 wrote to memory of 756	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1668 wrote to memory of 756	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1668 wrote to memory of 756	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1668 wrote to memory of 2916	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1668 wrote to memory of 2916	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1668 wrote to memory of 2916	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1668 wrote to memory of 2212	1668	2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_b98da8f684efcc1a5edaeff101e889e7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\System\IgWLneI.exe
  C:\Windows\System\IgWLneI.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\vVRsAfE.exe
  C:\Windows\System\vVRsAfE.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\qsCdFph.exe
  C:\Windows\System\qsCdFph.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\lpjASpO.exe
  C:\Windows\System\lpjASpO.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\xvWKXEH.exe
  C:\Windows\System\xvWKXEH.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\jppWQmO.exe
  C:\Windows\System\jppWQmO.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\etqQSJn.exe
  C:\Windows\System\etqQSJn.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\EdicAcz.exe
  C:\Windows\System\EdicAcz.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\cSAltyZ.exe
  C:\Windows\System\cSAltyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\aLxMlNc.exe
  C:\Windows\System\aLxMlNc.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\oZCBvji.exe
  C:\Windows\System\oZCBvji.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\fQVASIM.exe
  C:\Windows\System\fQVASIM.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\SWMsPZL.exe
  C:\Windows\System\SWMsPZL.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\KUmlyzb.exe
  C:\Windows\System\KUmlyzb.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\fzSQCtv.exe
  C:\Windows\System\fzSQCtv.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\OklEkfe.exe
  C:\Windows\System\OklEkfe.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\oaGkxqk.exe
  C:\Windows\System\oaGkxqk.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\LEDAwwi.exe
  C:\Windows\System\LEDAwwi.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\TbpeMau.exe
  C:\Windows\System\TbpeMau.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\jyIAGUH.exe
  C:\Windows\System\jyIAGUH.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\lGVpQoO.exe
  C:\Windows\System\lGVpQoO.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\eXFmeOd.exe
  C:\Windows\System\eXFmeOd.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\oIJwlXg.exe
  C:\Windows\System\oIJwlXg.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\iiSHRhQ.exe
  C:\Windows\System\iiSHRhQ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\UcATiGt.exe
  C:\Windows\System\UcATiGt.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\RqYojzK.exe
  C:\Windows\System\RqYojzK.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\yKjtRmw.exe
  C:\Windows\System\yKjtRmw.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\mpgeXcv.exe
  C:\Windows\System\mpgeXcv.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\lOkrNOW.exe
  C:\Windows\System\lOkrNOW.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\BJikizp.exe
  C:\Windows\System\BJikizp.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\DdpyuKT.exe
  C:\Windows\System\DdpyuKT.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\pDoqLes.exe
  C:\Windows\System\pDoqLes.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\heMHmqI.exe
  C:\Windows\System\heMHmqI.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\LsNeNma.exe
  C:\Windows\System\LsNeNma.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\AaqAngb.exe
  C:\Windows\System\AaqAngb.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\qooaphW.exe
  C:\Windows\System\qooaphW.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\ebSjEHn.exe
  C:\Windows\System\ebSjEHn.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\klTQWOb.exe
  C:\Windows\System\klTQWOb.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\woJSJHv.exe
  C:\Windows\System\woJSJHv.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\TFoSXtK.exe
  C:\Windows\System\TFoSXtK.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\IBcwsMh.exe
  C:\Windows\System\IBcwsMh.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\afBqVAT.exe
  C:\Windows\System\afBqVAT.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\HjRxalc.exe
  C:\Windows\System\HjRxalc.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\Yrzdvnn.exe
  C:\Windows\System\Yrzdvnn.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\ZYwFxtv.exe
  C:\Windows\System\ZYwFxtv.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\HpcVEIK.exe
  C:\Windows\System\HpcVEIK.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\xVFrbzo.exe
  C:\Windows\System\xVFrbzo.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\ApEoQlx.exe
  C:\Windows\System\ApEoQlx.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\SwBmyEp.exe
  C:\Windows\System\SwBmyEp.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\GQILeSe.exe
  C:\Windows\System\GQILeSe.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ZyeyIRG.exe
  C:\Windows\System\ZyeyIRG.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ZqftxFR.exe
  C:\Windows\System\ZqftxFR.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\apbiPtB.exe
  C:\Windows\System\apbiPtB.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\Hvwapzr.exe
  C:\Windows\System\Hvwapzr.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\ZAihpzT.exe
  C:\Windows\System\ZAihpzT.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\IYtOMtY.exe
  C:\Windows\System\IYtOMtY.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\tBSDTUK.exe
  C:\Windows\System\tBSDTUK.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\LqhWoHv.exe
  C:\Windows\System\LqhWoHv.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\lDkQIwv.exe
  C:\Windows\System\lDkQIwv.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\cuEcSLg.exe
  C:\Windows\System\cuEcSLg.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\yZJZART.exe
  C:\Windows\System\yZJZART.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\YqrexVa.exe
  C:\Windows\System\YqrexVa.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\lDZbBxB.exe
  C:\Windows\System\lDZbBxB.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\upBThpm.exe
  C:\Windows\System\upBThpm.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\wJSMXmf.exe
  C:\Windows\System\wJSMXmf.exe
  2⤵
  PID:352
- C:\Windows\System\pGMnxzs.exe
  C:\Windows\System\pGMnxzs.exe
  2⤵
  PID:1232
- C:\Windows\System\cikdnRI.exe
  C:\Windows\System\cikdnRI.exe
  2⤵
  PID:2856
- C:\Windows\System\AsvQikt.exe
  C:\Windows\System\AsvQikt.exe
  2⤵
  PID:2432
- C:\Windows\System\QwUuyLN.exe
  C:\Windows\System\QwUuyLN.exe
  2⤵
  PID:1268
- C:\Windows\System\aCcLxtq.exe
  C:\Windows\System\aCcLxtq.exe
  2⤵
  PID:408
- C:\Windows\System\WOlQJco.exe
  C:\Windows\System\WOlQJco.exe
  2⤵
  PID:856
- C:\Windows\System\CXPtGWq.exe
  C:\Windows\System\CXPtGWq.exe
  2⤵
  PID:1840
- C:\Windows\System\WlswyaA.exe
  C:\Windows\System\WlswyaA.exe
  2⤵
  PID:1924
- C:\Windows\System\wURhUOV.exe
  C:\Windows\System\wURhUOV.exe
  2⤵
  PID:940
- C:\Windows\System\wKLrJLA.exe
  C:\Windows\System\wKLrJLA.exe
  2⤵
  PID:788
- C:\Windows\System\eGjCUtN.exe
  C:\Windows\System\eGjCUtN.exe
  2⤵
  PID:596
- C:\Windows\System\BpPlxjK.exe
  C:\Windows\System\BpPlxjK.exe
  2⤵
  PID:1724
- C:\Windows\System\qERTFFD.exe
  C:\Windows\System\qERTFFD.exe
  2⤵
  PID:532
- C:\Windows\System\eNEMPGW.exe
  C:\Windows\System\eNEMPGW.exe
  2⤵
  PID:1720
- C:\Windows\System\EzGEHEt.exe
  C:\Windows\System\EzGEHEt.exe
  2⤵
  PID:1684
- C:\Windows\System\WAlTIeD.exe
  C:\Windows\System\WAlTIeD.exe
  2⤵
  PID:2256
- C:\Windows\System\MZOnovH.exe
  C:\Windows\System\MZOnovH.exe
  2⤵
  PID:2940
- C:\Windows\System\unhoDbH.exe
  C:\Windows\System\unhoDbH.exe
  2⤵
  PID:752
- C:\Windows\System\eFxQvkf.exe
  C:\Windows\System\eFxQvkf.exe
  2⤵
  PID:2332
- C:\Windows\System\plhMWwg.exe
  C:\Windows\System\plhMWwg.exe
  2⤵
  PID:2440
- C:\Windows\System\PCMIMVd.exe
  C:\Windows\System\PCMIMVd.exe
  2⤵
  PID:1372
- C:\Windows\System\XoALsvm.exe
  C:\Windows\System\XoALsvm.exe
  2⤵
  PID:2844
- C:\Windows\System\TwzIGKn.exe
  C:\Windows\System\TwzIGKn.exe
  2⤵
  PID:2580
- C:\Windows\System\lWJmabS.exe
  C:\Windows\System\lWJmabS.exe
  2⤵
  PID:2936
- C:\Windows\System\DEMerYx.exe
  C:\Windows\System\DEMerYx.exe
  2⤵
  PID:2728
- C:\Windows\System\KoxgGur.exe
  C:\Windows\System\KoxgGur.exe
  2⤵
  PID:3016
- C:\Windows\System\zlLrtCd.exe
  C:\Windows\System\zlLrtCd.exe
  2⤵
  PID:2748
- C:\Windows\System\rxDTyXp.exe
  C:\Windows\System\rxDTyXp.exe
  2⤵
  PID:2404
- C:\Windows\System\QbRZpWO.exe
  C:\Windows\System\QbRZpWO.exe
  2⤵
  PID:1892
- C:\Windows\System\dhOwpHS.exe
  C:\Windows\System\dhOwpHS.exe
  2⤵
  PID:1600
- C:\Windows\System\MtzStwK.exe
  C:\Windows\System\MtzStwK.exe
  2⤵
  PID:1408
- C:\Windows\System\HcdeuYh.exe
  C:\Windows\System\HcdeuYh.exe
  2⤵
  PID:1248
- C:\Windows\System\ZzhwOdm.exe
  C:\Windows\System\ZzhwOdm.exe
  2⤵
  PID:380
- C:\Windows\System\ytCmNzt.exe
  C:\Windows\System\ytCmNzt.exe
  2⤵
  PID:1616
- C:\Windows\System\HUQspdK.exe
  C:\Windows\System\HUQspdK.exe
  2⤵
  PID:1588
- C:\Windows\System\yTgzenp.exe
  C:\Windows\System\yTgzenp.exe
  2⤵
  PID:1760
- C:\Windows\System\qEEKJnl.exe
  C:\Windows\System\qEEKJnl.exe
  2⤵
  PID:772
- C:\Windows\System\UUTiRPz.exe
  C:\Windows\System\UUTiRPz.exe
  2⤵
  PID:2112
- C:\Windows\System\ZtLhtGP.exe
  C:\Windows\System\ZtLhtGP.exe
  2⤵
  PID:2680
- C:\Windows\System\OnbXmEg.exe
  C:\Windows\System\OnbXmEg.exe
  2⤵
  PID:2840
- C:\Windows\System\dkJwnSh.exe
  C:\Windows\System\dkJwnSh.exe
  2⤵
  PID:3012
- C:\Windows\System\tbyLBOy.exe
  C:\Windows\System\tbyLBOy.exe
  2⤵
  PID:1636
- C:\Windows\System\bsMTORI.exe
  C:\Windows\System\bsMTORI.exe
  2⤵
  PID:1300
- C:\Windows\System\XsRULvt.exe
  C:\Windows\System\XsRULvt.exe
  2⤵
  PID:2992
- C:\Windows\System\TkuvpGt.exe
  C:\Windows\System\TkuvpGt.exe
  2⤵
  PID:2912
- C:\Windows\System\LsbBTSp.exe
  C:\Windows\System\LsbBTSp.exe
  2⤵
  PID:2360
- C:\Windows\System\fIEdaGx.exe
  C:\Windows\System\fIEdaGx.exe
  2⤵
  PID:1008
- C:\Windows\System\CXpOsRy.exe
  C:\Windows\System\CXpOsRy.exe
  2⤵
  PID:1156
- C:\Windows\System\uHNxCba.exe
  C:\Windows\System\uHNxCba.exe
  2⤵
  PID:2740
- C:\Windows\System\zgJnLIy.exe
  C:\Windows\System\zgJnLIy.exe
  2⤵
  PID:1548
- C:\Windows\System\fageNUX.exe
  C:\Windows\System\fageNUX.exe
  2⤵
  PID:1424
- C:\Windows\System\QFnqreT.exe
  C:\Windows\System\QFnqreT.exe
  2⤵
  PID:3044
- C:\Windows\System\uEkWjcp.exe
  C:\Windows\System\uEkWjcp.exe
  2⤵
  PID:2628
- C:\Windows\System\QOBDVsQ.exe
  C:\Windows\System\QOBDVsQ.exe
  2⤵
  PID:1512
- C:\Windows\System\cnrmxJq.exe
  C:\Windows\System\cnrmxJq.exe
  2⤵
  PID:2320
- C:\Windows\System\aOVcxgf.exe
  C:\Windows\System\aOVcxgf.exe
  2⤵
  PID:2920
- C:\Windows\System\vwhVOdq.exe
  C:\Windows\System\vwhVOdq.exe
  2⤵
  PID:3084
- C:\Windows\System\WIuYIRX.exe
  C:\Windows\System\WIuYIRX.exe
  2⤵
  PID:3104
- C:\Windows\System\lNdZhGy.exe
  C:\Windows\System\lNdZhGy.exe
  2⤵
  PID:3124
- C:\Windows\System\XKVsdhd.exe
  C:\Windows\System\XKVsdhd.exe
  2⤵
  PID:3144
- C:\Windows\System\MXVbeYz.exe
  C:\Windows\System\MXVbeYz.exe
  2⤵
  PID:3164
- C:\Windows\System\pfeLoMa.exe
  C:\Windows\System\pfeLoMa.exe
  2⤵
  PID:3184
- C:\Windows\System\bXcDBQx.exe
  C:\Windows\System\bXcDBQx.exe
  2⤵
  PID:3200
- C:\Windows\System\gwHEOGK.exe
  C:\Windows\System\gwHEOGK.exe
  2⤵
  PID:3220
- C:\Windows\System\mfuneJa.exe
  C:\Windows\System\mfuneJa.exe
  2⤵
  PID:3244
- C:\Windows\System\tXfrFyF.exe
  C:\Windows\System\tXfrFyF.exe
  2⤵
  PID:3264
- C:\Windows\System\fdgQlOv.exe
  C:\Windows\System\fdgQlOv.exe
  2⤵
  PID:3284
- C:\Windows\System\ZgFCSoc.exe
  C:\Windows\System\ZgFCSoc.exe
  2⤵
  PID:3304
- C:\Windows\System\eriubMO.exe
  C:\Windows\System\eriubMO.exe
  2⤵
  PID:3324
- C:\Windows\System\KFyTnHg.exe
  C:\Windows\System\KFyTnHg.exe
  2⤵
  PID:3344
- C:\Windows\System\LksLYSu.exe
  C:\Windows\System\LksLYSu.exe
  2⤵
  PID:3364
- C:\Windows\System\YHKflmE.exe
  C:\Windows\System\YHKflmE.exe
  2⤵
  PID:3384
- C:\Windows\System\xIobABo.exe
  C:\Windows\System\xIobABo.exe
  2⤵
  PID:3400
- C:\Windows\System\anjlPiX.exe
  C:\Windows\System\anjlPiX.exe
  2⤵
  PID:3420
- C:\Windows\System\QhykcLN.exe
  C:\Windows\System\QhykcLN.exe
  2⤵
  PID:3444
- C:\Windows\System\HrtCsgT.exe
  C:\Windows\System\HrtCsgT.exe
  2⤵
  PID:3464
- C:\Windows\System\eZagfjD.exe
  C:\Windows\System\eZagfjD.exe
  2⤵
  PID:3480
- C:\Windows\System\zxzcjHR.exe
  C:\Windows\System\zxzcjHR.exe
  2⤵
  PID:3500
- C:\Windows\System\oajevTO.exe
  C:\Windows\System\oajevTO.exe
  2⤵
  PID:3516
- C:\Windows\System\lxuUlCm.exe
  C:\Windows\System\lxuUlCm.exe
  2⤵
  PID:3544
- C:\Windows\System\HqEXJsu.exe
  C:\Windows\System\HqEXJsu.exe
  2⤵
  PID:3560
- C:\Windows\System\geFIqdn.exe
  C:\Windows\System\geFIqdn.exe
  2⤵
  PID:3580
- C:\Windows\System\eWUPvMT.exe
  C:\Windows\System\eWUPvMT.exe
  2⤵
  PID:3600
- C:\Windows\System\QEZcEHW.exe
  C:\Windows\System\QEZcEHW.exe
  2⤵
  PID:3620
- C:\Windows\System\lwRuWUB.exe
  C:\Windows\System\lwRuWUB.exe
  2⤵
  PID:3640
- C:\Windows\System\fSRtpUX.exe
  C:\Windows\System\fSRtpUX.exe
  2⤵
  PID:3660
- C:\Windows\System\mGTPTtI.exe
  C:\Windows\System\mGTPTtI.exe
  2⤵
  PID:3676
- C:\Windows\System\DmnXoUK.exe
  C:\Windows\System\DmnXoUK.exe
  2⤵
  PID:3696
- C:\Windows\System\TaYmLvi.exe
  C:\Windows\System\TaYmLvi.exe
  2⤵
  PID:3716
- C:\Windows\System\YhXowfw.exe
  C:\Windows\System\YhXowfw.exe
  2⤵
  PID:3736
- C:\Windows\System\dzyURlm.exe
  C:\Windows\System\dzyURlm.exe
  2⤵
  PID:3752
- C:\Windows\System\jwRtwWj.exe
  C:\Windows\System\jwRtwWj.exe
  2⤵
  PID:3772
- C:\Windows\System\czSVDdm.exe
  C:\Windows\System\czSVDdm.exe
  2⤵
  PID:3792
- C:\Windows\System\LylmEZV.exe
  C:\Windows\System\LylmEZV.exe
  2⤵
  PID:3812
- C:\Windows\System\aPHrnpe.exe
  C:\Windows\System\aPHrnpe.exe
  2⤵
  PID:3832
- C:\Windows\System\CcQbkqS.exe
  C:\Windows\System\CcQbkqS.exe
  2⤵
  PID:3856
- C:\Windows\System\tmyGYva.exe
  C:\Windows\System\tmyGYva.exe
  2⤵
  PID:3872
- C:\Windows\System\ikaawAZ.exe
  C:\Windows\System\ikaawAZ.exe
  2⤵
  PID:3904
- C:\Windows\System\wfiVzmK.exe
  C:\Windows\System\wfiVzmK.exe
  2⤵
  PID:3924
- C:\Windows\System\Rzxosli.exe
  C:\Windows\System\Rzxosli.exe
  2⤵
  PID:3944
- C:\Windows\System\ctyLLkf.exe
  C:\Windows\System\ctyLLkf.exe
  2⤵
  PID:3960
- C:\Windows\System\heiYYuX.exe
  C:\Windows\System\heiYYuX.exe
  2⤵
  PID:3980
- C:\Windows\System\VptanaH.exe
  C:\Windows\System\VptanaH.exe
  2⤵
  PID:4004
- C:\Windows\System\kcUJeDf.exe
  C:\Windows\System\kcUJeDf.exe
  2⤵
  PID:4024
- C:\Windows\System\fBUCFrR.exe
  C:\Windows\System\fBUCFrR.exe
  2⤵
  PID:4040
- C:\Windows\System\JsKuCqC.exe
  C:\Windows\System\JsKuCqC.exe
  2⤵
  PID:4064
- C:\Windows\System\KeGMsbI.exe
  C:\Windows\System\KeGMsbI.exe
  2⤵
  PID:4084
- C:\Windows\System\kJZvCCh.exe
  C:\Windows\System\kJZvCCh.exe
  2⤵
  PID:2260
- C:\Windows\System\EQmfwsB.exe
  C:\Windows\System\EQmfwsB.exe
  2⤵
  PID:2884
- C:\Windows\System\mwLuWSa.exe
  C:\Windows\System\mwLuWSa.exe
  2⤵
  PID:572
- C:\Windows\System\IrNHsmz.exe
  C:\Windows\System\IrNHsmz.exe
  2⤵
  PID:1228
- C:\Windows\System\fpTZFDf.exe
  C:\Windows\System\fpTZFDf.exe
  2⤵
  PID:1568
- C:\Windows\System\dalDbQv.exe
  C:\Windows\System\dalDbQv.exe
  2⤵
  PID:2272
- C:\Windows\System\cdfiqGA.exe
  C:\Windows\System\cdfiqGA.exe
  2⤵
  PID:3140
- C:\Windows\System\EUUTEOp.exe
  C:\Windows\System\EUUTEOp.exe
  2⤵
  PID:3112
- C:\Windows\System\IMLaPeq.exe
  C:\Windows\System\IMLaPeq.exe
  2⤵
  PID:3216
- C:\Windows\System\fWSNYdH.exe
  C:\Windows\System\fWSNYdH.exe
  2⤵
  PID:3260
- C:\Windows\System\EXswYUN.exe
  C:\Windows\System\EXswYUN.exe
  2⤵
  PID:3232
- C:\Windows\System\qjlfbvF.exe
  C:\Windows\System\qjlfbvF.exe
  2⤵
  PID:3300
- C:\Windows\System\EVvVVdv.exe
  C:\Windows\System\EVvVVdv.exe
  2⤵
  PID:3276
- C:\Windows\System\EqBtFRf.exe
  C:\Windows\System\EqBtFRf.exe
  2⤵
  PID:3312
- C:\Windows\System\Vqrgwcd.exe
  C:\Windows\System\Vqrgwcd.exe
  2⤵
  PID:3352
- C:\Windows\System\DWvtTMT.exe
  C:\Windows\System\DWvtTMT.exe
  2⤵
  PID:3356
- C:\Windows\System\zSGcPju.exe
  C:\Windows\System\zSGcPju.exe
  2⤵
  PID:3532
- C:\Windows\System\cXZiIHf.exe
  C:\Windows\System\cXZiIHf.exe
  2⤵
  PID:3428
- C:\Windows\System\uShquof.exe
  C:\Windows\System\uShquof.exe
  2⤵
  PID:3436
- C:\Windows\System\yhPByay.exe
  C:\Windows\System\yhPByay.exe
  2⤵
  PID:3608
- C:\Windows\System\VJunwGY.exe
  C:\Windows\System\VJunwGY.exe
  2⤵
  PID:3652
- C:\Windows\System\JAgwluO.exe
  C:\Windows\System\JAgwluO.exe
  2⤵
  PID:3472
- C:\Windows\System\lZJNEHA.exe
  C:\Windows\System\lZJNEHA.exe
  2⤵
  PID:3760
- C:\Windows\System\fdfKDhJ.exe
  C:\Windows\System\fdfKDhJ.exe
  2⤵
  PID:2736
- C:\Windows\System\NVmEnTh.exe
  C:\Windows\System\NVmEnTh.exe
  2⤵
  PID:3764
- C:\Windows\System\WxFtRra.exe
  C:\Windows\System\WxFtRra.exe
  2⤵
  PID:3672
- C:\Windows\System\YDEdvLw.exe
  C:\Windows\System\YDEdvLw.exe
  2⤵
  PID:3848
- C:\Windows\System\iKMrXBM.exe
  C:\Windows\System\iKMrXBM.exe
  2⤵
  PID:3748
- C:\Windows\System\neukeFr.exe
  C:\Windows\System\neukeFr.exe
  2⤵
  PID:3784
- C:\Windows\System\dlDaZLZ.exe
  C:\Windows\System\dlDaZLZ.exe
  2⤵
  PID:3888
- C:\Windows\System\kzDFuqA.exe
  C:\Windows\System\kzDFuqA.exe
  2⤵
  PID:3932
- C:\Windows\System\EPrMoNZ.exe
  C:\Windows\System\EPrMoNZ.exe
  2⤵
  PID:3976
- C:\Windows\System\jybAniC.exe
  C:\Windows\System\jybAniC.exe
  2⤵
  PID:3972
- C:\Windows\System\cxtoEtG.exe
  C:\Windows\System\cxtoEtG.exe
  2⤵
  PID:3956
- C:\Windows\System\AfnLVdj.exe
  C:\Windows\System\AfnLVdj.exe
  2⤵
  PID:4052
- C:\Windows\System\jtXZMEg.exe
  C:\Windows\System\jtXZMEg.exe
  2⤵
  PID:4092
- C:\Windows\System\owchBOI.exe
  C:\Windows\System\owchBOI.exe
  2⤵
  PID:4076
- C:\Windows\System\irWJane.exe
  C:\Windows\System\irWJane.exe
  2⤵
  PID:344
- C:\Windows\System\gOBtiKI.exe
  C:\Windows\System\gOBtiKI.exe
  2⤵
  PID:3132
- C:\Windows\System\eZcWVtv.exe
  C:\Windows\System\eZcWVtv.exe
  2⤵
  PID:2080
- C:\Windows\System\icRdGzP.exe
  C:\Windows\System\icRdGzP.exe
  2⤵
  PID:272
- C:\Windows\System\ATnSGwV.exe
  C:\Windows\System\ATnSGwV.exe
  2⤵
  PID:3116
- C:\Windows\System\nKDhNEH.exe
  C:\Windows\System\nKDhNEH.exe
  2⤵
  PID:3336
- C:\Windows\System\UUvDlCq.exe
  C:\Windows\System\UUvDlCq.exe
  2⤵
  PID:3412
- C:\Windows\System\pQbfypK.exe
  C:\Windows\System\pQbfypK.exe
  2⤵
  PID:3496
- C:\Windows\System\qYkGcgE.exe
  C:\Windows\System\qYkGcgE.exe
  2⤵
  PID:3272
- C:\Windows\System\RTklXHG.exe
  C:\Windows\System\RTklXHG.exe
  2⤵
  PID:3656
- C:\Windows\System\MrcDgcX.exe
  C:\Windows\System\MrcDgcX.exe
  2⤵
  PID:3732
- C:\Windows\System\GKzgXPa.exe
  C:\Windows\System\GKzgXPa.exe
  2⤵
  PID:3592
- C:\Windows\System\MFdYHAC.exe
  C:\Windows\System\MFdYHAC.exe
  2⤵
  PID:3692
- C:\Windows\System\iOdWdOv.exe
  C:\Windows\System\iOdWdOv.exe
  2⤵
  PID:3724
- C:\Windows\System\adCxqTY.exe
  C:\Windows\System\adCxqTY.exe
  2⤵
  PID:3896
- C:\Windows\System\aOUMpse.exe
  C:\Windows\System\aOUMpse.exe
  2⤵
  PID:3704
- C:\Windows\System\wJiKnnZ.exe
  C:\Windows\System\wJiKnnZ.exe
  2⤵
  PID:3712
- C:\Windows\System\xIOAbbO.exe
  C:\Windows\System\xIOAbbO.exe
  2⤵
  PID:3824
- C:\Windows\System\PLWRIja.exe
  C:\Windows\System\PLWRIja.exe
  2⤵
  PID:3996
- C:\Windows\System\yUdvTRk.exe
  C:\Windows\System\yUdvTRk.exe
  2⤵
  PID:3988
- C:\Windows\System\ipyXcBQ.exe
  C:\Windows\System\ipyXcBQ.exe
  2⤵
  PID:4072
- C:\Windows\System\ajnSyuz.exe
  C:\Windows\System\ajnSyuz.exe
  2⤵
  PID:1540
- C:\Windows\System\zlzIbXX.exe
  C:\Windows\System\zlzIbXX.exe
  2⤵
  PID:3176
- C:\Windows\System\EieGBfe.exe
  C:\Windows\System\EieGBfe.exe
  2⤵
  PID:692
- C:\Windows\System\wWaKgKm.exe
  C:\Windows\System\wWaKgKm.exe
  2⤵
  PID:3488
- C:\Windows\System\nNCnLjM.exe
  C:\Windows\System\nNCnLjM.exe
  2⤵
  PID:3380
- C:\Windows\System\hvGZcpA.exe
  C:\Windows\System\hvGZcpA.exe
  2⤵
  PID:3688
- C:\Windows\System\QqdcSYu.exe
  C:\Windows\System\QqdcSYu.exe
  2⤵
  PID:3708
- C:\Windows\System\evTXaKg.exe
  C:\Windows\System\evTXaKg.exe
  2⤵
  PID:3396
- C:\Windows\System\FvYCwxq.exe
  C:\Windows\System\FvYCwxq.exe
  2⤵
  PID:3920
- C:\Windows\System\ICJLTAm.exe
  C:\Windows\System\ICJLTAm.exe
  2⤵
  PID:3936
- C:\Windows\System\RxmIRGf.exe
  C:\Windows\System\RxmIRGf.exe
  2⤵
  PID:3864
- C:\Windows\System\mVFPpqC.exe
  C:\Windows\System\mVFPpqC.exe
  2⤵
  PID:4032
- C:\Windows\System\sfZNPlc.exe
  C:\Windows\System\sfZNPlc.exe
  2⤵
  PID:3180
- C:\Windows\System\LcpfWFe.exe
  C:\Windows\System\LcpfWFe.exe
  2⤵
  PID:3552
- C:\Windows\System\XQLcAfE.exe
  C:\Windows\System\XQLcAfE.exe
  2⤵
  PID:3632
- C:\Windows\System\UrtTfrs.exe
  C:\Windows\System\UrtTfrs.exe
  2⤵
  PID:4048
- C:\Windows\System\AmGAdtx.exe
  C:\Windows\System\AmGAdtx.exe
  2⤵
  PID:3840
- C:\Windows\System\vLLGebP.exe
  C:\Windows\System\vLLGebP.exe
  2⤵
  PID:3252
- C:\Windows\System\SWhBjiP.exe
  C:\Windows\System\SWhBjiP.exe
  2⤵
  PID:3416
- C:\Windows\System\BIBxIAa.exe
  C:\Windows\System\BIBxIAa.exe
  2⤵
  PID:3968
- C:\Windows\System\LsIKxtg.exe
  C:\Windows\System\LsIKxtg.exe
  2⤵
  PID:4104
- C:\Windows\System\KFbEHXM.exe
  C:\Windows\System\KFbEHXM.exe
  2⤵
  PID:4124
- C:\Windows\System\CbVdufr.exe
  C:\Windows\System\CbVdufr.exe
  2⤵
  PID:4144
- C:\Windows\System\NgnJOfP.exe
  C:\Windows\System\NgnJOfP.exe
  2⤵
  PID:4160
- C:\Windows\System\HyCYKvP.exe
  C:\Windows\System\HyCYKvP.exe
  2⤵
  PID:4180
- C:\Windows\System\sjScHVN.exe
  C:\Windows\System\sjScHVN.exe
  2⤵
  PID:4200
- C:\Windows\System\XQLVMKK.exe
  C:\Windows\System\XQLVMKK.exe
  2⤵
  PID:4228
- C:\Windows\System\vZauLFH.exe
  C:\Windows\System\vZauLFH.exe
  2⤵
  PID:4248
- C:\Windows\System\jeiRIhA.exe
  C:\Windows\System\jeiRIhA.exe
  2⤵
  PID:4268
- C:\Windows\System\kmIcjvS.exe
  C:\Windows\System\kmIcjvS.exe
  2⤵
  PID:4296
- C:\Windows\System\EJmYEIE.exe
  C:\Windows\System\EJmYEIE.exe
  2⤵
  PID:4316
- C:\Windows\System\EpJPZCJ.exe
  C:\Windows\System\EpJPZCJ.exe
  2⤵
  PID:4336
- C:\Windows\System\pmnmSLH.exe
  C:\Windows\System\pmnmSLH.exe
  2⤵
  PID:4356
- C:\Windows\System\MIjHGZI.exe
  C:\Windows\System\MIjHGZI.exe
  2⤵
  PID:4376
- C:\Windows\System\PAXpixi.exe
  C:\Windows\System\PAXpixi.exe
  2⤵
  PID:4396
- C:\Windows\System\nuOOmLn.exe
  C:\Windows\System\nuOOmLn.exe
  2⤵
  PID:4412
- C:\Windows\System\HEPGdJv.exe
  C:\Windows\System\HEPGdJv.exe
  2⤵
  PID:4432
- C:\Windows\System\EKqkmTl.exe
  C:\Windows\System\EKqkmTl.exe
  2⤵
  PID:4456
- C:\Windows\System\TddAznq.exe
  C:\Windows\System\TddAznq.exe
  2⤵
  PID:4476
- C:\Windows\System\GPlEvTZ.exe
  C:\Windows\System\GPlEvTZ.exe
  2⤵
  PID:4492
- C:\Windows\System\xraEKiC.exe
  C:\Windows\System\xraEKiC.exe
  2⤵
  PID:4512
- C:\Windows\System\wErxezw.exe
  C:\Windows\System\wErxezw.exe
  2⤵
  PID:4532
- C:\Windows\System\sAVNMOS.exe
  C:\Windows\System\sAVNMOS.exe
  2⤵
  PID:4552
- C:\Windows\System\yMQDsUT.exe
  C:\Windows\System\yMQDsUT.exe
  2⤵
  PID:4572
- C:\Windows\System\bZRHnYC.exe
  C:\Windows\System\bZRHnYC.exe
  2⤵
  PID:4596
- C:\Windows\System\zmCrqSu.exe
  C:\Windows\System\zmCrqSu.exe
  2⤵
  PID:4616
- C:\Windows\System\WMscqOt.exe
  C:\Windows\System\WMscqOt.exe
  2⤵
  PID:4636
- C:\Windows\System\zNPaNjs.exe
  C:\Windows\System\zNPaNjs.exe
  2⤵
  PID:4656
- C:\Windows\System\EIQFUNc.exe
  C:\Windows\System\EIQFUNc.exe
  2⤵
  PID:4676
- C:\Windows\System\IBWEgpm.exe
  C:\Windows\System\IBWEgpm.exe
  2⤵
  PID:4696
- C:\Windows\System\wopnhuJ.exe
  C:\Windows\System\wopnhuJ.exe
  2⤵
  PID:4716
- C:\Windows\System\wqjnhUD.exe
  C:\Windows\System\wqjnhUD.exe
  2⤵
  PID:4732
- C:\Windows\System\BpBLLmW.exe
  C:\Windows\System\BpBLLmW.exe
  2⤵
  PID:4756
- C:\Windows\System\bFCehvY.exe
  C:\Windows\System\bFCehvY.exe
  2⤵
  PID:4772
- C:\Windows\System\sZFPKOK.exe
  C:\Windows\System\sZFPKOK.exe
  2⤵
  PID:4792
- C:\Windows\System\daxWyvK.exe
  C:\Windows\System\daxWyvK.exe
  2⤵
  PID:4812
- C:\Windows\System\ODGqtTt.exe
  C:\Windows\System\ODGqtTt.exe
  2⤵
  PID:4832
- C:\Windows\System\VDRhaog.exe
  C:\Windows\System\VDRhaog.exe
  2⤵
  PID:4848
- C:\Windows\System\ySNXUTB.exe
  C:\Windows\System\ySNXUTB.exe
  2⤵
  PID:4868
- C:\Windows\System\JkVKWEJ.exe
  C:\Windows\System\JkVKWEJ.exe
  2⤵
  PID:4884
- C:\Windows\System\jYmWaUF.exe
  C:\Windows\System\jYmWaUF.exe
  2⤵
  PID:4904
- C:\Windows\System\KCnEkrl.exe
  C:\Windows\System\KCnEkrl.exe
  2⤵
  PID:4920
- C:\Windows\System\ClaPygH.exe
  C:\Windows\System\ClaPygH.exe
  2⤵
  PID:4956
- C:\Windows\System\uCPzXnN.exe
  C:\Windows\System\uCPzXnN.exe
  2⤵
  PID:4972
- C:\Windows\System\otBzuOq.exe
  C:\Windows\System\otBzuOq.exe
  2⤵
  PID:4988
- C:\Windows\System\kJoQXzq.exe
  C:\Windows\System\kJoQXzq.exe
  2⤵
  PID:5004
- C:\Windows\System\QTXqXjp.exe
  C:\Windows\System\QTXqXjp.exe
  2⤵
  PID:5020
- C:\Windows\System\UThezLd.exe
  C:\Windows\System\UThezLd.exe
  2⤵
  PID:5036
- C:\Windows\System\omyowHD.exe
  C:\Windows\System\omyowHD.exe
  2⤵
  PID:5052
- C:\Windows\System\KVTUTTr.exe
  C:\Windows\System\KVTUTTr.exe
  2⤵
  PID:5068
- C:\Windows\System\HzcmqIh.exe
  C:\Windows\System\HzcmqIh.exe
  2⤵
  PID:5084
- C:\Windows\System\woWKGlb.exe
  C:\Windows\System\woWKGlb.exe
  2⤵
  PID:5100
- C:\Windows\System\QNntgwy.exe
  C:\Windows\System\QNntgwy.exe
  2⤵
  PID:5116
- C:\Windows\System\zCIoHlz.exe
  C:\Windows\System\zCIoHlz.exe
  2⤵
  PID:3916
- C:\Windows\System\nanZvgm.exe
  C:\Windows\System\nanZvgm.exe
  2⤵
  PID:3648
- C:\Windows\System\CpsMMyW.exe
  C:\Windows\System\CpsMMyW.exe
  2⤵
  PID:3868
- C:\Windows\System\eRuWQbJ.exe
  C:\Windows\System\eRuWQbJ.exe
  2⤵
  PID:4140
- C:\Windows\System\SiIaeEH.exe
  C:\Windows\System\SiIaeEH.exe
  2⤵
  PID:4112
- C:\Windows\System\IUiHqfX.exe
  C:\Windows\System\IUiHqfX.exe
  2⤵
  PID:4208
- C:\Windows\System\tqOMZQN.exe
  C:\Windows\System\tqOMZQN.exe
  2⤵
  PID:4220
- C:\Windows\System\CPdktum.exe
  C:\Windows\System\CPdktum.exe
  2⤵
  PID:4196
- C:\Windows\System\vbINFBB.exe
  C:\Windows\System\vbINFBB.exe
  2⤵
  PID:4256
- C:\Windows\System\FWWYMfW.exe
  C:\Windows\System\FWWYMfW.exe
  2⤵
  PID:4276
- C:\Windows\System\MqojEUb.exe
  C:\Windows\System\MqojEUb.exe
  2⤵
  PID:4292
- C:\Windows\System\EGBZjpx.exe
  C:\Windows\System\EGBZjpx.exe
  2⤵
  PID:4348
- C:\Windows\System\WfByaCQ.exe
  C:\Windows\System\WfByaCQ.exe
  2⤵
  PID:4420
- C:\Windows\System\LUljtFX.exe
  C:\Windows\System\LUljtFX.exe
  2⤵
  PID:4332
- C:\Windows\System\WTurmyz.exe
  C:\Windows\System\WTurmyz.exe
  2⤵
  PID:4464
- C:\Windows\System\hVtRxnH.exe
  C:\Windows\System\hVtRxnH.exe
  2⤵
  PID:1832
- C:\Windows\System\AlVUZPl.exe
  C:\Windows\System\AlVUZPl.exe
  2⤵
  PID:400
- C:\Windows\System\SBOnSWI.exe
  C:\Windows\System\SBOnSWI.exe
  2⤵
  PID:320
- C:\Windows\System\UqjSXGC.exe
  C:\Windows\System\UqjSXGC.exe
  2⤵
  PID:1672
- C:\Windows\System\sYECMxZ.exe
  C:\Windows\System\sYECMxZ.exe
  2⤵
  PID:4440
- C:\Windows\System\deiVCCr.exe
  C:\Windows\System\deiVCCr.exe
  2⤵
  PID:4584
- C:\Windows\System\ZKDwOIV.exe
  C:\Windows\System\ZKDwOIV.exe
  2⤵
  PID:4528
- C:\Windows\System\lAnYDqI.exe
  C:\Windows\System\lAnYDqI.exe
  2⤵
  PID:4520
- C:\Windows\System\PgFnnzm.exe
  C:\Windows\System\PgFnnzm.exe
  2⤵
  PID:2768
- C:\Windows\System\YWedjsF.exe
  C:\Windows\System\YWedjsF.exe
  2⤵
  PID:4644
- C:\Windows\System\voiNhVg.exe
  C:\Windows\System\voiNhVg.exe
  2⤵
  PID:2612
- C:\Windows\System\UXsDMJX.exe
  C:\Windows\System\UXsDMJX.exe
  2⤵
  PID:3004
- C:\Windows\System\mxTxxaH.exe
  C:\Windows\System\mxTxxaH.exe
  2⤵
  PID:4740
- C:\Windows\System\kgaLGho.exe
  C:\Windows\System\kgaLGho.exe
  2⤵
  PID:484
- C:\Windows\System\MkmAMyw.exe
  C:\Windows\System\MkmAMyw.exe
  2⤵
  PID:1212
- C:\Windows\System\IDaWdeY.exe
  C:\Windows\System\IDaWdeY.exe
  2⤵
  PID:4820
- C:\Windows\System\TFVhGQz.exe
  C:\Windows\System\TFVhGQz.exe
  2⤵
  PID:4856
- C:\Windows\System\YPSOgNq.exe
  C:\Windows\System\YPSOgNq.exe
  2⤵
  PID:4896
- C:\Windows\System\BryEhHM.exe
  C:\Windows\System\BryEhHM.exe
  2⤵
  PID:4840
- C:\Windows\System\yWZzHcL.exe
  C:\Windows\System\yWZzHcL.exe
  2⤵
  PID:4916
- C:\Windows\System\xNsWMVu.exe
  C:\Windows\System\xNsWMVu.exe
  2⤵
  PID:2900
- C:\Windows\System\AlusabN.exe
  C:\Windows\System\AlusabN.exe
  2⤵
  PID:2164
- C:\Windows\System\pzLHNfh.exe
  C:\Windows\System\pzLHNfh.exe
  2⤵
  PID:2400
- C:\Windows\System\jhtBizT.exe
  C:\Windows\System\jhtBizT.exe
  2⤵
  PID:3156
- C:\Windows\System\RIhYdmz.exe
  C:\Windows\System\RIhYdmz.exe
  2⤵
  PID:2836
- C:\Windows\System\YgOmoSA.exe
  C:\Windows\System\YgOmoSA.exe
  2⤵
  PID:2684
- C:\Windows\System\XbESwXV.exe
  C:\Windows\System\XbESwXV.exe
  2⤵
  PID:2820
- C:\Windows\System\pkyCLNN.exe
  C:\Windows\System\pkyCLNN.exe
  2⤵
  PID:1596
- C:\Windows\System\DLpXnCQ.exe
  C:\Windows\System\DLpXnCQ.exe
  2⤵
  PID:2644
- C:\Windows\System\HtvYpSM.exe
  C:\Windows\System\HtvYpSM.exe
  2⤵
  PID:2312
- C:\Windows\System\RIeENQB.exe
  C:\Windows\System\RIeENQB.exe
  2⤵
  PID:1412
- C:\Windows\System\DILnnbm.exe
  C:\Windows\System\DILnnbm.exe
  2⤵
  PID:1796
- C:\Windows\System\yrVlTZb.exe
  C:\Windows\System\yrVlTZb.exe
  2⤵
  PID:4936
- C:\Windows\System\DtvxavN.exe
  C:\Windows\System\DtvxavN.exe
  2⤵
  PID:4952
- C:\Windows\System\SJgOuBh.exe
  C:\Windows\System\SJgOuBh.exe
  2⤵
  PID:5012
- C:\Windows\System\BQsgGcv.exe
  C:\Windows\System\BQsgGcv.exe
  2⤵
  PID:5076
- C:\Windows\System\bTZNrTd.exe
  C:\Windows\System\bTZNrTd.exe
  2⤵
  PID:5112
- C:\Windows\System\hXejqgk.exe
  C:\Windows\System\hXejqgk.exe
  2⤵
  PID:3236
- C:\Windows\System\pqdPScA.exe
  C:\Windows\System\pqdPScA.exe
  2⤵
  PID:5028
- C:\Windows\System\iimBpUO.exe
  C:\Windows\System\iimBpUO.exe
  2⤵
  PID:2788
- C:\Windows\System\PWejRdR.exe
  C:\Windows\System\PWejRdR.exe
  2⤵
  PID:4120
- C:\Windows\System\ANFcjNu.exe
  C:\Windows\System\ANFcjNu.exe
  2⤵
  PID:4224
- C:\Windows\System\oqYibjr.exe
  C:\Windows\System\oqYibjr.exe
  2⤵
  PID:4168
- C:\Windows\System\aYPYgxy.exe
  C:\Windows\System\aYPYgxy.exe
  2⤵
  PID:3572
- C:\Windows\System\gTRreBA.exe
  C:\Windows\System\gTRreBA.exe
  2⤵
  PID:3240
- C:\Windows\System\fqOrBNS.exe
  C:\Windows\System\fqOrBNS.exe
  2⤵
  PID:4240
- C:\Windows\System\IYjKrOK.exe
  C:\Windows\System\IYjKrOK.exe
  2⤵
  PID:4352
- C:\Windows\System\PDmUhrF.exe
  C:\Windows\System\PDmUhrF.exe
  2⤵
  PID:4468
- C:\Windows\System\JEwEPol.exe
  C:\Windows\System\JEwEPol.exe
  2⤵
  PID:1364
- C:\Windows\System\slIJgzB.exe
  C:\Windows\System\slIJgzB.exe
  2⤵
  PID:4368
- C:\Windows\System\ySaGEOu.exe
  C:\Windows\System\ySaGEOu.exe
  2⤵
  PID:4372
- C:\Windows\System\hMDbXld.exe
  C:\Windows\System\hMDbXld.exe
  2⤵
  PID:1676
- C:\Windows\System\fGXjRbM.exe
  C:\Windows\System\fGXjRbM.exe
  2⤵
  PID:2948
- C:\Windows\System\CrAQBDQ.exe
  C:\Windows\System\CrAQBDQ.exe
  2⤵
  PID:4484
- C:\Windows\System\BTxnolD.exe
  C:\Windows\System\BTxnolD.exe
  2⤵
  PID:4488
- C:\Windows\System\vrUYOOJ.exe
  C:\Windows\System\vrUYOOJ.exe
  2⤵
  PID:4664
- C:\Windows\System\THFzrGl.exe
  C:\Windows\System\THFzrGl.exe
  2⤵
  PID:4648
- C:\Windows\System\iPByRlK.exe
  C:\Windows\System\iPByRlK.exe
  2⤵
  PID:4752
- C:\Windows\System\lLsbgcN.exe
  C:\Windows\System\lLsbgcN.exe
  2⤵
  PID:4892
- C:\Windows\System\qMvyYzt.exe
  C:\Windows\System\qMvyYzt.exe
  2⤵
  PID:1880
- C:\Windows\System\MEBRdSf.exe
  C:\Windows\System\MEBRdSf.exe
  2⤵
  PID:4808
- C:\Windows\System\iOsvjWY.exe
  C:\Windows\System\iOsvjWY.exe
  2⤵
  PID:2804
- C:\Windows\System\eaEnlSA.exe
  C:\Windows\System\eaEnlSA.exe
  2⤵
  PID:2180
- C:\Windows\System\ghvcpty.exe
  C:\Windows\System\ghvcpty.exe
  2⤵
  PID:4948
- C:\Windows\System\UqZRHGK.exe
  C:\Windows\System\UqZRHGK.exe
  2⤵
  PID:2124
- C:\Windows\System\zgfdYnv.exe
  C:\Windows\System\zgfdYnv.exe
  2⤵
  PID:4932
- C:\Windows\System\JNWvwrt.exe
  C:\Windows\System\JNWvwrt.exe
  2⤵
  PID:2528
- C:\Windows\System\owwSzlj.exe
  C:\Windows\System\owwSzlj.exe
  2⤵
  PID:1528
- C:\Windows\System\UeQQYbR.exe
  C:\Windows\System\UeQQYbR.exe
  2⤵
  PID:5108
- C:\Windows\System\rAKtolE.exe
  C:\Windows\System\rAKtolE.exe
  2⤵
  PID:5000
- C:\Windows\System\dLKhIZn.exe
  C:\Windows\System\dLKhIZn.exe
  2⤵
  PID:2780
- C:\Windows\System\UsTsxOi.exe
  C:\Windows\System\UsTsxOi.exe
  2⤵
  PID:4392
- C:\Windows\System\GEQuECt.exe
  C:\Windows\System\GEQuECt.exe
  2⤵
  PID:4708
- C:\Windows\System\QMFwwJQ.exe
  C:\Windows\System\QMFwwJQ.exe
  2⤵
  PID:4744
- C:\Windows\System\MyqgDiC.exe
  C:\Windows\System\MyqgDiC.exe
  2⤵
  PID:2888
- C:\Windows\System\HJtJedR.exe
  C:\Windows\System\HJtJedR.exe
  2⤵
  PID:4912
- C:\Windows\System\HSSgBdZ.exe
  C:\Windows\System\HSSgBdZ.exe
  2⤵
  PID:1256
- C:\Windows\System\xUwpxPT.exe
  C:\Windows\System\xUwpxPT.exe
  2⤵
  PID:2532
- C:\Windows\System\ZPrGdDf.exe
  C:\Windows\System\ZPrGdDf.exe
  2⤵
  PID:4964
- C:\Windows\System\rVFcxgy.exe
  C:\Windows\System\rVFcxgy.exe
  2⤵
  PID:3076
- C:\Windows\System\OxfZceZ.exe
  C:\Windows\System\OxfZceZ.exe
  2⤵
  PID:1436
- C:\Windows\System\TbZYeYJ.exe
  C:\Windows\System\TbZYeYJ.exe
  2⤵
  PID:2284
- C:\Windows\System\yIKytbl.exe
  C:\Windows\System\yIKytbl.exe
  2⤵
  PID:4152
- C:\Windows\System\crasWdM.exe
  C:\Windows\System\crasWdM.exe
  2⤵
  PID:4244
- C:\Windows\System\ZJLuyQw.exe
  C:\Windows\System\ZJLuyQw.exe
  2⤵
  PID:4324
- C:\Windows\System\qnPYQcg.exe
  C:\Windows\System\qnPYQcg.exe
  2⤵
  PID:4580
- C:\Windows\System\zzuQiOK.exe
  C:\Windows\System\zzuQiOK.exe
  2⤵
  PID:4592
- C:\Windows\System\XjMWqyF.exe
  C:\Windows\System\XjMWqyF.exe
  2⤵
  PID:4624
- C:\Windows\System\bjtnxTX.exe
  C:\Windows\System\bjtnxTX.exe
  2⤵
  PID:4860
- C:\Windows\System\JOkZEqT.exe
  C:\Windows\System\JOkZEqT.exe
  2⤵
  PID:4632
- C:\Windows\System\zrZfBQX.exe
  C:\Windows\System\zrZfBQX.exe
  2⤵
  PID:2268
- C:\Windows\System\omtBqxA.exe
  C:\Windows\System\omtBqxA.exe
  2⤵
  PID:2004
- C:\Windows\System\TNJDHUP.exe
  C:\Windows\System\TNJDHUP.exe
  2⤵
  PID:780
- C:\Windows\System\DkJFopg.exe
  C:\Windows\System\DkJFopg.exe
  2⤵
  PID:5092
- C:\Windows\System\AwPSyzY.exe
  C:\Windows\System\AwPSyzY.exe
  2⤵
  PID:3208
- C:\Windows\System\tpDszmJ.exe
  C:\Windows\System\tpDszmJ.exe
  2⤵
  PID:2808
- C:\Windows\System\jdeqkbE.exe
  C:\Windows\System\jdeqkbE.exe
  2⤵
  PID:2812
- C:\Windows\System\LgBSfcn.exe
  C:\Windows\System\LgBSfcn.exe
  2⤵
  PID:5156
- C:\Windows\System\oBdQHQs.exe
  C:\Windows\System\oBdQHQs.exe
  2⤵
  PID:5180
- C:\Windows\System\kzLPHKu.exe
  C:\Windows\System\kzLPHKu.exe
  2⤵
  PID:5196
- C:\Windows\System\mfvSYFD.exe
  C:\Windows\System\mfvSYFD.exe
  2⤵
  PID:5212
- C:\Windows\System\FCrEjBy.exe
  C:\Windows\System\FCrEjBy.exe
  2⤵
  PID:5232
- C:\Windows\System\GjVNrPf.exe
  C:\Windows\System\GjVNrPf.exe
  2⤵
  PID:5252
- C:\Windows\System\afnnumW.exe
  C:\Windows\System\afnnumW.exe
  2⤵
  PID:5268
- C:\Windows\System\aRnunBn.exe
  C:\Windows\System\aRnunBn.exe
  2⤵
  PID:5284
- C:\Windows\System\PhGdoFH.exe
  C:\Windows\System\PhGdoFH.exe
  2⤵
  PID:5300
- C:\Windows\System\BDYIFYl.exe
  C:\Windows\System\BDYIFYl.exe
  2⤵
  PID:5324
- C:\Windows\System\zFEbAPQ.exe
  C:\Windows\System\zFEbAPQ.exe
  2⤵
  PID:5340
- C:\Windows\System\HMgbVpX.exe
  C:\Windows\System\HMgbVpX.exe
  2⤵
  PID:5380
- C:\Windows\System\MVPoqbx.exe
  C:\Windows\System\MVPoqbx.exe
  2⤵
  PID:5400
- C:\Windows\System\QhCKRSA.exe
  C:\Windows\System\QhCKRSA.exe
  2⤵
  PID:5416
- C:\Windows\System\eAYmjBL.exe
  C:\Windows\System\eAYmjBL.exe
  2⤵
  PID:5432
- C:\Windows\System\CZOSNIB.exe
  C:\Windows\System\CZOSNIB.exe
  2⤵
  PID:5448
- C:\Windows\System\wIiYhXN.exe
  C:\Windows\System\wIiYhXN.exe
  2⤵
  PID:5472
- C:\Windows\System\pxOpzNV.exe
  C:\Windows\System\pxOpzNV.exe
  2⤵
  PID:5488
- C:\Windows\System\qQuqitE.exe
  C:\Windows\System\qQuqitE.exe
  2⤵
  PID:5504
- C:\Windows\System\zcnavRJ.exe
  C:\Windows\System\zcnavRJ.exe
  2⤵
  PID:5520
- C:\Windows\System\mdPyyWJ.exe
  C:\Windows\System\mdPyyWJ.exe
  2⤵
  PID:5540
- C:\Windows\System\LvPZjVC.exe
  C:\Windows\System\LvPZjVC.exe
  2⤵
  PID:5564
- C:\Windows\System\GKwABYp.exe
  C:\Windows\System\GKwABYp.exe
  2⤵
  PID:5600
- C:\Windows\System\KAUsBAN.exe
  C:\Windows\System\KAUsBAN.exe
  2⤵
  PID:5624
- C:\Windows\System\bUentIw.exe
  C:\Windows\System\bUentIw.exe
  2⤵
  PID:5640
- C:\Windows\System\JfQwKmw.exe
  C:\Windows\System\JfQwKmw.exe
  2⤵
  PID:5656
- C:\Windows\System\yKdfhbV.exe
  C:\Windows\System\yKdfhbV.exe
  2⤵
  PID:5672
- C:\Windows\System\milGgxX.exe
  C:\Windows\System\milGgxX.exe
  2⤵
  PID:5688
- C:\Windows\System\OzNQjdc.exe
  C:\Windows\System\OzNQjdc.exe
  2⤵
  PID:5704
- C:\Windows\System\FTiTuAX.exe
  C:\Windows\System\FTiTuAX.exe
  2⤵
  PID:5720
- C:\Windows\System\XdBkyNt.exe
  C:\Windows\System\XdBkyNt.exe
  2⤵
  PID:5736
- C:\Windows\System\zsaVbCt.exe
  C:\Windows\System\zsaVbCt.exe
  2⤵
  PID:5752
- C:\Windows\System\NSNjflS.exe
  C:\Windows\System\NSNjflS.exe
  2⤵
  PID:5768
- C:\Windows\System\YqXOIXW.exe
  C:\Windows\System\YqXOIXW.exe
  2⤵
  PID:5812
- C:\Windows\System\RSNkAqh.exe
  C:\Windows\System\RSNkAqh.exe
  2⤵
  PID:5836
- C:\Windows\System\ukNnSQu.exe
  C:\Windows\System\ukNnSQu.exe
  2⤵
  PID:5852
- C:\Windows\System\FsTIEcM.exe
  C:\Windows\System\FsTIEcM.exe
  2⤵
  PID:5884
- C:\Windows\System\oAukHtW.exe
  C:\Windows\System\oAukHtW.exe
  2⤵
  PID:5900
- C:\Windows\System\qftjJyE.exe
  C:\Windows\System\qftjJyE.exe
  2⤵
  PID:5916
- C:\Windows\System\SKoFOnj.exe
  C:\Windows\System\SKoFOnj.exe
  2⤵
  PID:5932
- C:\Windows\System\JjcQhMs.exe
  C:\Windows\System\JjcQhMs.exe
  2⤵
  PID:5952
- C:\Windows\System\JigGDaX.exe
  C:\Windows\System\JigGDaX.exe
  2⤵
  PID:5972
- C:\Windows\System\dejZOzw.exe
  C:\Windows\System\dejZOzw.exe
  2⤵
  PID:5988
- C:\Windows\System\nAEoGuY.exe
  C:\Windows\System\nAEoGuY.exe
  2⤵
  PID:6004
- C:\Windows\System\XWPPrpF.exe
  C:\Windows\System\XWPPrpF.exe
  2⤵
  PID:6020
- C:\Windows\System\wPcJXqA.exe
  C:\Windows\System\wPcJXqA.exe
  2⤵
  PID:6036
- C:\Windows\System\jpqVMbI.exe
  C:\Windows\System\jpqVMbI.exe
  2⤵
  PID:6052
- C:\Windows\System\VYOBFfO.exe
  C:\Windows\System\VYOBFfO.exe
  2⤵
  PID:6068
- C:\Windows\System\YWckOyO.exe
  C:\Windows\System\YWckOyO.exe
  2⤵
  PID:6092
- C:\Windows\System\kznYQEZ.exe
  C:\Windows\System\kznYQEZ.exe
  2⤵
  PID:6116
- C:\Windows\System\EhzFSRS.exe
  C:\Windows\System\EhzFSRS.exe
  2⤵
  PID:6136
- C:\Windows\System\YBxDhpX.exe
  C:\Windows\System\YBxDhpX.exe
  2⤵
  PID:4788
- C:\Windows\System\deujVFq.exe
  C:\Windows\System\deujVFq.exe
  2⤵
  PID:2704
- C:\Windows\System\fgYODvh.exe
  C:\Windows\System\fgYODvh.exe
  2⤵
  PID:4504
- C:\Windows\System\YUtLcCn.exe
  C:\Windows\System\YUtLcCn.exe
  2⤵
  PID:2244
- C:\Windows\System\ObWcfwO.exe
  C:\Windows\System\ObWcfwO.exe
  2⤵
  PID:5136
- C:\Windows\System\KcrdknU.exe
  C:\Windows\System\KcrdknU.exe
  2⤵
  PID:5124
- C:\Windows\System\gygQpFa.exe
  C:\Windows\System\gygQpFa.exe
  2⤵
  PID:3636
- C:\Windows\System\hlneZOo.exe
  C:\Windows\System\hlneZOo.exe
  2⤵
  PID:5280
- C:\Windows\System\DAEtpVA.exe
  C:\Windows\System\DAEtpVA.exe
  2⤵
  PID:5320
- C:\Windows\System\wAtltpb.exe
  C:\Windows\System\wAtltpb.exe
  2⤵
  PID:5296
- C:\Windows\System\WzDyzFW.exe
  C:\Windows\System\WzDyzFW.exe
  2⤵
  PID:5376
- C:\Windows\System\wAkMCuv.exe
  C:\Windows\System\wAkMCuv.exe
  2⤵
  PID:5224
- C:\Windows\System\kZZXnhx.exe
  C:\Windows\System\kZZXnhx.exe
  2⤵
  PID:5412
- C:\Windows\System\aSDFUnA.exe
  C:\Windows\System\aSDFUnA.exe
  2⤵
  PID:5480
- C:\Windows\System\CIUJOei.exe
  C:\Windows\System\CIUJOei.exe
  2⤵
  PID:5548
- C:\Windows\System\djyfoHH.exe
  C:\Windows\System\djyfoHH.exe
  2⤵
  PID:5424
- C:\Windows\System\rHKDuoL.exe
  C:\Windows\System\rHKDuoL.exe
  2⤵
  PID:5532
- C:\Windows\System\iDRZWeB.exe
  C:\Windows\System\iDRZWeB.exe
  2⤵
  PID:5556
- C:\Windows\System\uswkkbU.exe
  C:\Windows\System\uswkkbU.exe
  2⤵
  PID:5592
- C:\Windows\System\oHNQpEO.exe
  C:\Windows\System\oHNQpEO.exe
  2⤵
  PID:5616
- C:\Windows\System\yWTcbqJ.exe
  C:\Windows\System\yWTcbqJ.exe
  2⤵
  PID:5652
- C:\Windows\System\gNWkKTv.exe
  C:\Windows\System\gNWkKTv.exe
  2⤵
  PID:5716
- C:\Windows\System\DGsObEq.exe
  C:\Windows\System\DGsObEq.exe
  2⤵
  PID:5784
- C:\Windows\System\SblfmCg.exe
  C:\Windows\System\SblfmCg.exe
  2⤵
  PID:5792
- C:\Windows\System\kBCQhDL.exe
  C:\Windows\System\kBCQhDL.exe
  2⤵
  PID:5808
- C:\Windows\System\amdxpun.exe
  C:\Windows\System\amdxpun.exe
  2⤵
  PID:5844
- C:\Windows\System\CzIHPEI.exe
  C:\Windows\System\CzIHPEI.exe
  2⤵
  PID:5960
- C:\Windows\System\SLgankF.exe
  C:\Windows\System\SLgankF.exe
  2⤵
  PID:5828
- C:\Windows\System\UVaOdIP.exe
  C:\Windows\System\UVaOdIP.exe
  2⤵
  PID:5864
- C:\Windows\System\LAFMeGD.exe
  C:\Windows\System\LAFMeGD.exe
  2⤵
  PID:6000
- C:\Windows\System\lZwIpff.exe
  C:\Windows\System\lZwIpff.exe
  2⤵
  PID:6108
- C:\Windows\System\mTMCTAC.exe
  C:\Windows\System\mTMCTAC.exe
  2⤵
  PID:5980
- C:\Windows\System\NnQKCVr.exe
  C:\Windows\System\NnQKCVr.exe
  2⤵
  PID:5080
- C:\Windows\System\XSeKadJ.exe
  C:\Windows\System\XSeKadJ.exe
  2⤵
  PID:6088
- C:\Windows\System\NwBHCId.exe
  C:\Windows\System\NwBHCId.exe
  2⤵
  PID:6048
- C:\Windows\System\JPOKvuh.exe
  C:\Windows\System\JPOKvuh.exe
  2⤵
  PID:6080
- C:\Windows\System\BsrpINI.exe
  C:\Windows\System\BsrpINI.exe
  2⤵
  PID:5908
- C:\Windows\System\OYumCYI.exe
  C:\Windows\System\OYumCYI.exe
  2⤵
  PID:6044
- C:\Windows\System\aNJgzPO.exe
  C:\Windows\System\aNJgzPO.exe
  2⤵
  PID:4508
- C:\Windows\System\hpTUCqu.exe
  C:\Windows\System\hpTUCqu.exe
  2⤵
  PID:4548
- C:\Windows\System\TxcYQPV.exe
  C:\Windows\System\TxcYQPV.exe
  2⤵
  PID:5244
- C:\Windows\System\kHYLGkz.exe
  C:\Windows\System\kHYLGkz.exe
  2⤵
  PID:5352
- C:\Windows\System\KMZFXhr.exe
  C:\Windows\System\KMZFXhr.exe
  2⤵
  PID:5364
- C:\Windows\System\eapzChQ.exe
  C:\Windows\System\eapzChQ.exe
  2⤵
  PID:5408
- C:\Windows\System\HiCDiGU.exe
  C:\Windows\System\HiCDiGU.exe
  2⤵
  PID:5220
- C:\Windows\System\FhGePpL.exe
  C:\Windows\System\FhGePpL.exe
  2⤵
  PID:5648
- C:\Windows\System\wKbVGQW.exe
  C:\Windows\System\wKbVGQW.exe
  2⤵
  PID:5804
- C:\Windows\System\OfNShNp.exe
  C:\Windows\System\OfNShNp.exe
  2⤵
  PID:5500
- C:\Windows\System\iuZTIyk.exe
  C:\Windows\System\iuZTIyk.exe
  2⤵
  PID:5444
- C:\Windows\System\YuWmLLc.exe
  C:\Windows\System\YuWmLLc.exe
  2⤵
  PID:5700
- C:\Windows\System\pJxXyyL.exe
  C:\Windows\System\pJxXyyL.exe
  2⤵
  PID:5696
- C:\Windows\System\uIoJHhq.exe
  C:\Windows\System\uIoJHhq.exe
  2⤵
  PID:5684
- C:\Windows\System\qOHOsDB.exe
  C:\Windows\System\qOHOsDB.exe
  2⤵
  PID:5468
- C:\Windows\System\SxidXxm.exe
  C:\Windows\System\SxidXxm.exe
  2⤵
  PID:6032
- C:\Windows\System\jQksVyE.exe
  C:\Windows\System\jQksVyE.exe
  2⤵
  PID:6104
- C:\Windows\System\CLsJVjt.exe
  C:\Windows\System\CLsJVjt.exe
  2⤵
  PID:5996
- C:\Windows\System\NNDWUZB.exe
  C:\Windows\System\NNDWUZB.exe
  2⤵
  PID:6016
- C:\Windows\System\yecTjcP.exe
  C:\Windows\System\yecTjcP.exe
  2⤵
  PID:4944
- C:\Windows\System\aWUxljH.exe
  C:\Windows\System\aWUxljH.exe
  2⤵
  PID:5060
- C:\Windows\System\rPJZRZp.exe
  C:\Windows\System\rPJZRZp.exe
  2⤵
  PID:5208
- C:\Windows\System\xwvnJVG.exe
  C:\Windows\System\xwvnJVG.exe
  2⤵
  PID:5360
- C:\Windows\System\QCOYadx.exe
  C:\Windows\System\QCOYadx.exe
  2⤵
  PID:5368
- C:\Windows\System\iNaEBQG.exe
  C:\Windows\System\iNaEBQG.exe
  2⤵
  PID:5776
- C:\Windows\System\jvXQjqP.exe
  C:\Windows\System\jvXQjqP.exe
  2⤵
  PID:5428
- C:\Windows\System\BtbWEoc.exe
  C:\Windows\System\BtbWEoc.exe
  2⤵
  PID:5560
- C:\Windows\System\sUrBMSw.exe
  C:\Windows\System\sUrBMSw.exe
  2⤵
  PID:5824
- C:\Windows\System\GkKoFaS.exe
  C:\Windows\System\GkKoFaS.exe
  2⤵
  PID:5168
- C:\Windows\System\SqbcCqt.exe
  C:\Windows\System\SqbcCqt.exe
  2⤵
  PID:5964
- C:\Windows\System\NywQEtN.exe
  C:\Windows\System\NywQEtN.exe
  2⤵
  PID:6128
- C:\Windows\System\BzBrqzD.exe
  C:\Windows\System\BzBrqzD.exe
  2⤵
  PID:5264
- C:\Windows\System\VvIoTbo.exe
  C:\Windows\System\VvIoTbo.exe
  2⤵
  PID:5584
- C:\Windows\System\arhcpOi.exe
  C:\Windows\System\arhcpOi.exe
  2⤵
  PID:5876
- C:\Windows\System\taUYfsa.exe
  C:\Windows\System\taUYfsa.exe
  2⤵
  PID:5276
- C:\Windows\System\SbrkVom.exe
  C:\Windows\System\SbrkVom.exe
  2⤵
  PID:5152
- C:\Windows\System\SfLycVJ.exe
  C:\Windows\System\SfLycVJ.exe
  2⤵
  PID:5928
- C:\Windows\System\UFjuDRa.exe
  C:\Windows\System\UFjuDRa.exe
  2⤵
  PID:2908
- C:\Windows\System\ObFMtbC.exe
  C:\Windows\System\ObFMtbC.exe
  2⤵
  PID:5664
- C:\Windows\System\glQBukO.exe
  C:\Windows\System\glQBukO.exe
  2⤵
  PID:6196
- C:\Windows\System\AdESEJJ.exe
  C:\Windows\System\AdESEJJ.exe
  2⤵
  PID:6212
- C:\Windows\System\NrsBJJu.exe
  C:\Windows\System\NrsBJJu.exe
  2⤵
  PID:6228
- C:\Windows\System\DIjmMyF.exe
  C:\Windows\System\DIjmMyF.exe
  2⤵
  PID:6248
- C:\Windows\System\cihVssG.exe
  C:\Windows\System\cihVssG.exe
  2⤵
  PID:6268
- C:\Windows\System\oBbpSqW.exe
  C:\Windows\System\oBbpSqW.exe
  2⤵
  PID:6284
- C:\Windows\System\addIrGt.exe
  C:\Windows\System\addIrGt.exe
  2⤵
  PID:6300
- C:\Windows\System\qpYBhWb.exe
  C:\Windows\System\qpYBhWb.exe
  2⤵
  PID:6316
- C:\Windows\System\PKqIFvE.exe
  C:\Windows\System\PKqIFvE.exe
  2⤵
  PID:6340
- C:\Windows\System\JgDLrFn.exe
  C:\Windows\System\JgDLrFn.exe
  2⤵
  PID:6356
- C:\Windows\System\AkKgkTp.exe
  C:\Windows\System\AkKgkTp.exe
  2⤵
  PID:6372
- C:\Windows\System\jnpuJfV.exe
  C:\Windows\System\jnpuJfV.exe
  2⤵
  PID:6388
- C:\Windows\System\dihBeMp.exe
  C:\Windows\System\dihBeMp.exe
  2⤵
  PID:6404
- C:\Windows\System\vMCKNAJ.exe
  C:\Windows\System\vMCKNAJ.exe
  2⤵
  PID:6428
- C:\Windows\System\TtJCKvG.exe
  C:\Windows\System\TtJCKvG.exe
  2⤵
  PID:6480
- C:\Windows\System\eqYSoMS.exe
  C:\Windows\System\eqYSoMS.exe
  2⤵
  PID:6496
- C:\Windows\System\YsvhMzO.exe
  C:\Windows\System\YsvhMzO.exe
  2⤵
  PID:6516
- C:\Windows\System\KfkiVSx.exe
  C:\Windows\System\KfkiVSx.exe
  2⤵
  PID:6532
- C:\Windows\System\VnyAHdp.exe
  C:\Windows\System\VnyAHdp.exe
  2⤵
  PID:6548
- C:\Windows\System\iBcHFHb.exe
  C:\Windows\System\iBcHFHb.exe
  2⤵
  PID:6568
- C:\Windows\System\VlXGpUQ.exe
  C:\Windows\System\VlXGpUQ.exe
  2⤵
  PID:6596
- C:\Windows\System\pkXyWwD.exe
  C:\Windows\System\pkXyWwD.exe
  2⤵
  PID:6612
- C:\Windows\System\NDFocwV.exe
  C:\Windows\System\NDFocwV.exe
  2⤵
  PID:6628
- C:\Windows\System\cRplLme.exe
  C:\Windows\System\cRplLme.exe
  2⤵
  PID:6648
- C:\Windows\System\NwayDDh.exe
  C:\Windows\System\NwayDDh.exe
  2⤵
  PID:6668
- C:\Windows\System\AYwwPRU.exe
  C:\Windows\System\AYwwPRU.exe
  2⤵
  PID:6684
- C:\Windows\System\fLtWlbB.exe
  C:\Windows\System\fLtWlbB.exe
  2⤵
  PID:6700
- C:\Windows\System\KfvUITQ.exe
  C:\Windows\System\KfvUITQ.exe
  2⤵
  PID:6716
- C:\Windows\System\KVgCPkG.exe
  C:\Windows\System\KVgCPkG.exe
  2⤵
  PID:6736
- C:\Windows\System\OKyMRwV.exe
  C:\Windows\System\OKyMRwV.exe
  2⤵
  PID:6760
- C:\Windows\System\KWXlscG.exe
  C:\Windows\System\KWXlscG.exe
  2⤵
  PID:6776
- C:\Windows\System\PhrtHqa.exe
  C:\Windows\System\PhrtHqa.exe
  2⤵
  PID:6792
- C:\Windows\System\wAXmzXy.exe
  C:\Windows\System\wAXmzXy.exe
  2⤵
  PID:6808
- C:\Windows\System\lEzzAlm.exe
  C:\Windows\System\lEzzAlm.exe
  2⤵
  PID:6824
- C:\Windows\System\VBZWveG.exe
  C:\Windows\System\VBZWveG.exe
  2⤵
  PID:6840
- C:\Windows\System\uclcmDc.exe
  C:\Windows\System\uclcmDc.exe
  2⤵
  PID:6856
- C:\Windows\System\YjvcYLw.exe
  C:\Windows\System\YjvcYLw.exe
  2⤵
  PID:6872
- C:\Windows\System\sTzkria.exe
  C:\Windows\System\sTzkria.exe
  2⤵
  PID:6940
- C:\Windows\System\CjQbgqv.exe
  C:\Windows\System\CjQbgqv.exe
  2⤵
  PID:6956
- C:\Windows\System\PIXHYbC.exe
  C:\Windows\System\PIXHYbC.exe
  2⤵
  PID:6972
- C:\Windows\System\BIUfCxy.exe
  C:\Windows\System\BIUfCxy.exe
  2⤵
  PID:6988
- C:\Windows\System\eRhADXN.exe
  C:\Windows\System\eRhADXN.exe
  2⤵
  PID:7012
- C:\Windows\System\xNMLSRb.exe
  C:\Windows\System\xNMLSRb.exe
  2⤵
  PID:7032
- C:\Windows\System\mnxpjKM.exe
  C:\Windows\System\mnxpjKM.exe
  2⤵
  PID:7056
- C:\Windows\System\NQrXmaR.exe
  C:\Windows\System\NQrXmaR.exe
  2⤵
  PID:7072
- C:\Windows\System\qScyYPn.exe
  C:\Windows\System\qScyYPn.exe
  2⤵
  PID:7088
- C:\Windows\System\ckRMGAm.exe
  C:\Windows\System\ckRMGAm.exe
  2⤵
  PID:7104
- C:\Windows\System\aTNUDDK.exe
  C:\Windows\System\aTNUDDK.exe
  2⤵
  PID:7120
- C:\Windows\System\beMqiXB.exe
  C:\Windows\System\beMqiXB.exe
  2⤵
  PID:7136
- C:\Windows\System\ZYKLRtC.exe
  C:\Windows\System\ZYKLRtC.exe
  2⤵
  PID:6124
- C:\Windows\System\FtvAsSg.exe
  C:\Windows\System\FtvAsSg.exe
  2⤵
  PID:5204
- C:\Windows\System\iVJVzav.exe
  C:\Windows\System\iVJVzav.exe
  2⤵
  PID:5820
- C:\Windows\System\wwhaCTl.exe
  C:\Windows\System\wwhaCTl.exe
  2⤵
  PID:5764
- C:\Windows\System\nggFnEs.exe
  C:\Windows\System\nggFnEs.exe
  2⤵
  PID:5140
- C:\Windows\System\MmbXZmW.exe
  C:\Windows\System\MmbXZmW.exe
  2⤵
  PID:6164
- C:\Windows\System\xXlIgDH.exe
  C:\Windows\System\xXlIgDH.exe
  2⤵
  PID:6192
- C:\Windows\System\eFqZQFb.exe
  C:\Windows\System\eFqZQFb.exe
  2⤵
  PID:6236
- C:\Windows\System\LmKnUsC.exe
  C:\Windows\System\LmKnUsC.exe
  2⤵
  PID:6132
- C:\Windows\System\xyfjqsq.exe
  C:\Windows\System\xyfjqsq.exe
  2⤵
  PID:6224
- C:\Windows\System\eoyMZwG.exe
  C:\Windows\System\eoyMZwG.exe
  2⤵
  PID:6312
- C:\Windows\System\scqqQIF.exe
  C:\Windows\System\scqqQIF.exe
  2⤵
  PID:6416
- C:\Windows\System\FqjTODa.exe
  C:\Windows\System\FqjTODa.exe
  2⤵
  PID:6256
- C:\Windows\System\soEArBI.exe
  C:\Windows\System\soEArBI.exe
  2⤵
  PID:6296
- C:\Windows\System\NrzDyFW.exe
  C:\Windows\System\NrzDyFW.exe
  2⤵
  PID:6336
- C:\Windows\System\gQxStzJ.exe
  C:\Windows\System\gQxStzJ.exe
  2⤵
  PID:6468
- C:\Windows\System\AICFJIr.exe
  C:\Windows\System\AICFJIr.exe
  2⤵
  PID:6492
- C:\Windows\System\zPJjMRi.exe
  C:\Windows\System\zPJjMRi.exe
  2⤵
  PID:6504
- C:\Windows\System\aMFiTiA.exe
  C:\Windows\System\aMFiTiA.exe
  2⤵
  PID:6564
- C:\Windows\System\GDbcBtU.exe
  C:\Windows\System\GDbcBtU.exe
  2⤵
  PID:6636
- C:\Windows\System\VeleUzF.exe
  C:\Windows\System\VeleUzF.exe
  2⤵
  PID:6676
- C:\Windows\System\ktyjvgY.exe
  C:\Windows\System\ktyjvgY.exe
  2⤵
  PID:6744
- C:\Windows\System\XertDGU.exe
  C:\Windows\System\XertDGU.exe
  2⤵
  PID:6584
- C:\Windows\System\ubaMAFK.exe
  C:\Windows\System\ubaMAFK.exe
  2⤵
  PID:6888
- C:\Windows\System\ZTPvpNj.exe
  C:\Windows\System\ZTPvpNj.exe
  2⤵
  PID:6904
- C:\Windows\System\JqDmPSl.exe
  C:\Windows\System\JqDmPSl.exe
  2⤵
  PID:6660
- C:\Windows\System\KkmJyyB.exe
  C:\Windows\System\KkmJyyB.exe
  2⤵
  PID:6728
- C:\Windows\System\UTOUDzP.exe
  C:\Windows\System\UTOUDzP.exe
  2⤵
  PID:6908
- C:\Windows\System\PCsWJjp.exe
  C:\Windows\System\PCsWJjp.exe
  2⤵
  PID:6768
- C:\Windows\System\IYccMib.exe
  C:\Windows\System\IYccMib.exe
  2⤵
  PID:6920
- C:\Windows\System\hOjxpUY.exe
  C:\Windows\System\hOjxpUY.exe
  2⤵
  PID:6936
- C:\Windows\System\YIFHPCD.exe
  C:\Windows\System\YIFHPCD.exe
  2⤵
  PID:7000
- C:\Windows\System\HEJfZNb.exe
  C:\Windows\System\HEJfZNb.exe
  2⤵
  PID:6952
- C:\Windows\System\avsSZIR.exe
  C:\Windows\System\avsSZIR.exe
  2⤵
  PID:7112
- C:\Windows\System\NHPNiEg.exe
  C:\Windows\System\NHPNiEg.exe
  2⤵
  PID:7144
- C:\Windows\System\rpysjXA.exe
  C:\Windows\System\rpysjXA.exe
  2⤵
  PID:7164
- C:\Windows\System\EsQjXma.exe
  C:\Windows\System\EsQjXma.exe
  2⤵
  PID:7064
- C:\Windows\System\mgalvag.exe
  C:\Windows\System\mgalvag.exe
  2⤵
  PID:5396
- C:\Windows\System\AdcBgrM.exe
  C:\Windows\System\AdcBgrM.exe
  2⤵
  PID:6184
- C:\Windows\System\qRODmgo.exe
  C:\Windows\System\qRODmgo.exe
  2⤵
  PID:4172
- C:\Windows\System\myNPtal.exe
  C:\Windows\System\myNPtal.exe
  2⤵
  PID:6308
- C:\Windows\System\fiaiwaN.exe
  C:\Windows\System\fiaiwaN.exe
  2⤵
  PID:6400
- C:\Windows\System\sSyERhp.exe
  C:\Windows\System\sSyERhp.exe
  2⤵
  PID:5728
- C:\Windows\System\MlOcXPg.exe
  C:\Windows\System\MlOcXPg.exe
  2⤵
  PID:6276
- C:\Windows\System\cIMIAxY.exe
  C:\Windows\System\cIMIAxY.exe
  2⤵
  PID:6292
- C:\Windows\System\igKTeYo.exe
  C:\Windows\System\igKTeYo.exe
  2⤵
  PID:6488
- C:\Windows\System\AiRWbiY.exe
  C:\Windows\System\AiRWbiY.exe
  2⤵
  PID:1516
- C:\Windows\System\hzgcUIL.exe
  C:\Windows\System\hzgcUIL.exe
  2⤵
  PID:6464
- C:\Windows\System\XgywXie.exe
  C:\Windows\System\XgywXie.exe
  2⤵
  PID:6540
- C:\Windows\System\fDVjyWR.exe
  C:\Windows\System\fDVjyWR.exe
  2⤵
  PID:6712
- C:\Windows\System\cjMnNey.exe
  C:\Windows\System\cjMnNey.exe
  2⤵
  PID:6848
- C:\Windows\System\hpxIkeL.exe
  C:\Windows\System\hpxIkeL.exe
  2⤵
  PID:6696
- C:\Windows\System\fAxGDQj.exe
  C:\Windows\System\fAxGDQj.exe
  2⤵
  PID:6948
- C:\Windows\System\rkvjIGQ.exe
  C:\Windows\System\rkvjIGQ.exe
  2⤵
  PID:6656
- C:\Windows\System\QgITWwQ.exe
  C:\Windows\System\QgITWwQ.exe
  2⤵
  PID:6832
- C:\Windows\System\iuNrhaz.exe
  C:\Windows\System\iuNrhaz.exe
  2⤵
  PID:6880
- C:\Windows\System\ljAMLwi.exe
  C:\Windows\System\ljAMLwi.exe
  2⤵
  PID:7132
- C:\Windows\System\bHpOviD.exe
  C:\Windows\System\bHpOviD.exe
  2⤵
  PID:7044
- C:\Windows\System\WYKoypk.exe
  C:\Windows\System\WYKoypk.exe
  2⤵
  PID:7156
- C:\Windows\System\IRjJkpO.exe
  C:\Windows\System\IRjJkpO.exe
  2⤵
  PID:6280
- C:\Windows\System\dRXdIwh.exe
  C:\Windows\System\dRXdIwh.exe
  2⤵
  PID:5788
- C:\Windows\System\aOjCRLX.exe
  C:\Windows\System\aOjCRLX.exe
  2⤵
  PID:6244
- C:\Windows\System\nkxVrSG.exe
  C:\Windows\System\nkxVrSG.exe
  2⤵
  PID:6208
- C:\Windows\System\cmyFUXy.exe
  C:\Windows\System\cmyFUXy.exe
  2⤵
  PID:6332
- C:\Windows\System\deIGEyl.exe
  C:\Windows\System\deIGEyl.exe
  2⤵
  PID:6576
- C:\Windows\System\GDmaKAw.exe
  C:\Windows\System\GDmaKAw.exe
  2⤵
  PID:6756
- C:\Windows\System\IiCWYpf.exe
  C:\Windows\System\IiCWYpf.exe
  2⤵
  PID:6604
- C:\Windows\System\JKEivRL.exe
  C:\Windows\System\JKEivRL.exe
  2⤵
  PID:6896
- C:\Windows\System\XxtaWng.exe
  C:\Windows\System\XxtaWng.exe
  2⤵
  PID:6800
- C:\Windows\System\fltJUub.exe
  C:\Windows\System\fltJUub.exe
  2⤵
  PID:7020
- C:\Windows\System\mxnXWMB.exe
  C:\Windows\System\mxnXWMB.exe
  2⤵
  PID:4288
- C:\Windows\System\LIMNidM.exe
  C:\Windows\System\LIMNidM.exe
  2⤵
  PID:5312
- C:\Windows\System\BHRegSf.exe
  C:\Windows\System\BHRegSf.exe
  2⤵
  PID:7008
- C:\Windows\System\uFYfXwX.exe
  C:\Windows\System\uFYfXwX.exe
  2⤵
  PID:6412
- C:\Windows\System\xzVdMTw.exe
  C:\Windows\System\xzVdMTw.exe
  2⤵
  PID:6204
- C:\Windows\System\jHOIpLj.exe
  C:\Windows\System\jHOIpLj.exe
  2⤵
  PID:6816
- C:\Windows\System\amKatjY.exe
  C:\Windows\System\amKatjY.exe
  2⤵
  PID:6560
- C:\Windows\System\BpOZZVh.exe
  C:\Windows\System\BpOZZVh.exe
  2⤵
  PID:6804
- C:\Windows\System\ciaZuzt.exe
  C:\Windows\System\ciaZuzt.exe
  2⤵
  PID:5712
- C:\Windows\System\HPdoNxq.exe
  C:\Windows\System\HPdoNxq.exe
  2⤵
  PID:6448
- C:\Windows\System\npVnEjo.exe
  C:\Windows\System\npVnEjo.exe
  2⤵
  PID:7100
- C:\Windows\System\NXnrvwM.exe
  C:\Windows\System\NXnrvwM.exe
  2⤵
  PID:1460
- C:\Windows\System\DgSDWIA.exe
  C:\Windows\System\DgSDWIA.exe
  2⤵
  PID:6456
- C:\Windows\System\sHGWQSB.exe
  C:\Windows\System\sHGWQSB.exe
  2⤵
  PID:6996
- C:\Windows\System\NoboYGz.exe
  C:\Windows\System\NoboYGz.exe
  2⤵
  PID:7116
- C:\Windows\System\XPppCCj.exe
  C:\Windows\System\XPppCCj.exe
  2⤵
  PID:6396
- C:\Windows\System\tqvNnTd.exe
  C:\Windows\System\tqvNnTd.exe
  2⤵
  PID:6836
- C:\Windows\System\mjRCjai.exe
  C:\Windows\System\mjRCjai.exe
  2⤵
  PID:7188
- C:\Windows\System\sltOHyI.exe
  C:\Windows\System\sltOHyI.exe
  2⤵
  PID:7204
- C:\Windows\System\EoPiGwF.exe
  C:\Windows\System\EoPiGwF.exe
  2⤵
  PID:7220
- C:\Windows\System\Xaoinyy.exe
  C:\Windows\System\Xaoinyy.exe
  2⤵
  PID:7236
- C:\Windows\System\EmheueA.exe
  C:\Windows\System\EmheueA.exe
  2⤵
  PID:7252
- C:\Windows\System\hsZjBHN.exe
  C:\Windows\System\hsZjBHN.exe
  2⤵
  PID:7268
- C:\Windows\System\KiVOApD.exe
  C:\Windows\System\KiVOApD.exe
  2⤵
  PID:7284
- C:\Windows\System\wUsPJsx.exe
  C:\Windows\System\wUsPJsx.exe
  2⤵
  PID:7324
- C:\Windows\System\CcuXXHK.exe
  C:\Windows\System\CcuXXHK.exe
  2⤵
  PID:7340
- C:\Windows\System\pKLAqIN.exe
  C:\Windows\System\pKLAqIN.exe
  2⤵
  PID:7400
- C:\Windows\System\CXVKbto.exe
  C:\Windows\System\CXVKbto.exe
  2⤵
  PID:7416
- C:\Windows\System\rSScCCf.exe
  C:\Windows\System\rSScCCf.exe
  2⤵
  PID:7432
- C:\Windows\System\GsvSnDq.exe
  C:\Windows\System\GsvSnDq.exe
  2⤵
  PID:7448
- C:\Windows\System\dddlMXT.exe
  C:\Windows\System\dddlMXT.exe
  2⤵
  PID:7476
- C:\Windows\System\nkkYRwi.exe
  C:\Windows\System\nkkYRwi.exe
  2⤵
  PID:7492
- C:\Windows\System\pXFTPha.exe
  C:\Windows\System\pXFTPha.exe
  2⤵
  PID:7508
- C:\Windows\System\BmRVZTc.exe
  C:\Windows\System\BmRVZTc.exe
  2⤵
  PID:7532
- C:\Windows\System\xmTJygy.exe
  C:\Windows\System\xmTJygy.exe
  2⤵
  PID:7548
- C:\Windows\System\ONjubnQ.exe
  C:\Windows\System\ONjubnQ.exe
  2⤵
  PID:7568
- C:\Windows\System\ohgibBL.exe
  C:\Windows\System\ohgibBL.exe
  2⤵
  PID:7588
- C:\Windows\System\PXihyTO.exe
  C:\Windows\System\PXihyTO.exe
  2⤵
  PID:7604
- C:\Windows\System\BRZtrEB.exe
  C:\Windows\System\BRZtrEB.exe
  2⤵
  PID:7620
- C:\Windows\System\zoHjdUN.exe
  C:\Windows\System\zoHjdUN.exe
  2⤵
  PID:7648
- C:\Windows\System\WpBtGDu.exe
  C:\Windows\System\WpBtGDu.exe
  2⤵
  PID:7664
- C:\Windows\System\NyoyuKR.exe
  C:\Windows\System\NyoyuKR.exe
  2⤵
  PID:7680
- C:\Windows\System\tKmgWPd.exe
  C:\Windows\System\tKmgWPd.exe
  2⤵
  PID:7700
- C:\Windows\System\cZMNRvG.exe
  C:\Windows\System\cZMNRvG.exe
  2⤵
  PID:7728
- C:\Windows\System\hdXGVXm.exe
  C:\Windows\System\hdXGVXm.exe
  2⤵
  PID:7760
- C:\Windows\System\WpdwjiO.exe
  C:\Windows\System\WpdwjiO.exe
  2⤵
  PID:7776
- C:\Windows\System\kGDtpIl.exe
  C:\Windows\System\kGDtpIl.exe
  2⤵
  PID:7792
- C:\Windows\System\cPfHmax.exe
  C:\Windows\System\cPfHmax.exe
  2⤵
  PID:7812
- C:\Windows\System\afLGIMY.exe
  C:\Windows\System\afLGIMY.exe
  2⤵
  PID:7828
- C:\Windows\System\yxGrtNm.exe
  C:\Windows\System\yxGrtNm.exe
  2⤵
  PID:7844
- C:\Windows\System\VQtedQi.exe
  C:\Windows\System\VQtedQi.exe
  2⤵
  PID:7864
- C:\Windows\System\bZkmMFt.exe
  C:\Windows\System\bZkmMFt.exe
  2⤵
  PID:7888
- C:\Windows\System\MqvdhLa.exe
  C:\Windows\System\MqvdhLa.exe
  2⤵
  PID:7904
- C:\Windows\System\VntrkUP.exe
  C:\Windows\System\VntrkUP.exe
  2⤵
  PID:7920
- C:\Windows\System\GJKUwoZ.exe
  C:\Windows\System\GJKUwoZ.exe
  2⤵
  PID:7960
- C:\Windows\System\gXeQSSX.exe
  C:\Windows\System\gXeQSSX.exe
  2⤵
  PID:7976
- C:\Windows\System\JbfVjou.exe
  C:\Windows\System\JbfVjou.exe
  2⤵
  PID:7992
- C:\Windows\System\gmPJpNe.exe
  C:\Windows\System\gmPJpNe.exe
  2⤵
  PID:8008
- C:\Windows\System\FhvAJnN.exe
  C:\Windows\System\FhvAJnN.exe
  2⤵
  PID:8024
- C:\Windows\System\hRxoAtZ.exe
  C:\Windows\System\hRxoAtZ.exe
  2⤵
  PID:8040
- C:\Windows\System\WmLMtrR.exe
  C:\Windows\System\WmLMtrR.exe
  2⤵
  PID:8060
- C:\Windows\System\WaKliyX.exe
  C:\Windows\System\WaKliyX.exe
  2⤵
  PID:8076
- C:\Windows\System\idywmVy.exe
  C:\Windows\System\idywmVy.exe
  2⤵
  PID:8100
- C:\Windows\System\HOsfhbj.exe
  C:\Windows\System\HOsfhbj.exe
  2⤵
  PID:8140
- C:\Windows\System\fuKRPKD.exe
  C:\Windows\System\fuKRPKD.exe
  2⤵
  PID:8156
- C:\Windows\System\NTtltrQ.exe
  C:\Windows\System\NTtltrQ.exe
  2⤵
  PID:8172
- C:\Windows\System\ImeTWIk.exe
  C:\Windows\System\ImeTWIk.exe
  2⤵
  PID:8188
- C:\Windows\System\icBkYmG.exe
  C:\Windows\System\icBkYmG.exe
  2⤵
  PID:7184
- C:\Windows\System\XWPfYIv.exe
  C:\Windows\System\XWPfYIv.exe
  2⤵
  PID:7244
- C:\Windows\System\GYxQdDV.exe
  C:\Windows\System\GYxQdDV.exe
  2⤵
  PID:6472
- C:\Windows\System\byhSlFY.exe
  C:\Windows\System\byhSlFY.exe
  2⤵
  PID:6820
- C:\Windows\System\aguVqBC.exe
  C:\Windows\System\aguVqBC.exe
  2⤵
  PID:6984
- C:\Windows\System\kCTDclB.exe
  C:\Windows\System\kCTDclB.exe
  2⤵
  PID:5924
- C:\Windows\System\BOdvlkd.exe
  C:\Windows\System\BOdvlkd.exe
  2⤵
  PID:7348
- C:\Windows\System\cEaZSiF.exe
  C:\Windows\System\cEaZSiF.exe
  2⤵
  PID:7376
- C:\Windows\System\wXUTmBX.exe
  C:\Windows\System\wXUTmBX.exe
  2⤵
  PID:7352
- C:\Windows\System\rlPdyEr.exe
  C:\Windows\System\rlPdyEr.exe
  2⤵
  PID:7424
- C:\Windows\System\ogrXWEt.exe
  C:\Windows\System\ogrXWEt.exe
  2⤵
  PID:7500
- C:\Windows\System\rGNYnna.exe
  C:\Windows\System\rGNYnna.exe
  2⤵
  PID:7488
- C:\Windows\System\PXCisNe.exe
  C:\Windows\System\PXCisNe.exe
  2⤵
  PID:7540
- C:\Windows\System\rbhXJzq.exe
  C:\Windows\System\rbhXJzq.exe
  2⤵
  PID:7520
- C:\Windows\System\CgINYRo.exe
  C:\Windows\System\CgINYRo.exe
  2⤵
  PID:7600
- C:\Windows\System\ARYwijE.exe
  C:\Windows\System\ARYwijE.exe
  2⤵
  PID:7660
- C:\Windows\System\aKqeWYc.exe
  C:\Windows\System\aKqeWYc.exe
  2⤵
  PID:7640
- C:\Windows\System\SMhHBZY.exe
  C:\Windows\System\SMhHBZY.exe
  2⤵
  PID:7708
- C:\Windows\System\VkWkTUh.exe
  C:\Windows\System\VkWkTUh.exe
  2⤵
  PID:7756
- C:\Windows\System\qquthiw.exe
  C:\Windows\System\qquthiw.exe
  2⤵
  PID:7740
- C:\Windows\System\lmHnfMr.exe
  C:\Windows\System\lmHnfMr.exe
  2⤵
  PID:7852
- C:\Windows\System\AYCVUFr.exe
  C:\Windows\System\AYCVUFr.exe
  2⤵
  PID:7808
- C:\Windows\System\QQTjPqW.exe
  C:\Windows\System\QQTjPqW.exe
  2⤵
  PID:7932
- C:\Windows\System\AfEHzjG.exe
  C:\Windows\System\AfEHzjG.exe
  2⤵
  PID:7804
- C:\Windows\System\MgGXuEf.exe
  C:\Windows\System\MgGXuEf.exe
  2⤵
  PID:7940
- C:\Windows\System\YsptjTU.exe
  C:\Windows\System\YsptjTU.exe
  2⤵
  PID:7984
- C:\Windows\System\VBxfxnh.exe
  C:\Windows\System\VBxfxnh.exe
  2⤵
  PID:8068
- C:\Windows\System\VFuouuN.exe
  C:\Windows\System\VFuouuN.exe
  2⤵
  PID:8020
- C:\Windows\System\NKpIZex.exe
  C:\Windows\System\NKpIZex.exe
  2⤵
  PID:8056
- C:\Windows\System\zrfYWzM.exe
  C:\Windows\System\zrfYWzM.exe
  2⤵
  PID:8108
- C:\Windows\System\DLXtssz.exe
  C:\Windows\System\DLXtssz.exe
  2⤵
  PID:8136
- C:\Windows\System\IBLmiSb.exe
  C:\Windows\System\IBLmiSb.exe
  2⤵
  PID:8088
- C:\Windows\System\DgccDuI.exe
  C:\Windows\System\DgccDuI.exe
  2⤵
  PID:8184
- C:\Windows\System\gLKxNfv.exe
  C:\Windows\System\gLKxNfv.exe
  2⤵
  PID:7216
- C:\Windows\System\nTLxrLk.exe
  C:\Windows\System\nTLxrLk.exe
  2⤵
  PID:7368
- C:\Windows\System\sLOXfdk.exe
  C:\Windows\System\sLOXfdk.exe
  2⤵
  PID:7412
- C:\Windows\System\NzCLIsO.exe
  C:\Windows\System\NzCLIsO.exe
  2⤵
  PID:7460
- C:\Windows\System\ojbZzPL.exe
  C:\Windows\System\ojbZzPL.exe
  2⤵
  PID:7580
- C:\Windows\System\YBMWwfs.exe
  C:\Windows\System\YBMWwfs.exe
  2⤵
  PID:7308
- C:\Windows\System\cyszbIk.exe
  C:\Windows\System\cyszbIk.exe
  2⤵
  PID:7264
- C:\Windows\System\nzPctXs.exe
  C:\Windows\System\nzPctXs.exe
  2⤵
  PID:7312
- C:\Windows\System\sciLCGn.exe
  C:\Windows\System\sciLCGn.exe
  2⤵
  PID:7736
- C:\Windows\System\XkzPQRk.exe
  C:\Windows\System\XkzPQRk.exe
  2⤵
  PID:7744
- C:\Windows\System\jzdJHXx.exe
  C:\Windows\System\jzdJHXx.exe
  2⤵
  PID:7772
- C:\Windows\System\XogyoWV.exe
  C:\Windows\System\XogyoWV.exe
  2⤵
  PID:7784
- C:\Windows\System\NXoQgJF.exe
  C:\Windows\System\NXoQgJF.exe
  2⤵
  PID:7752
- C:\Windows\System\BwPtWTX.exe
  C:\Windows\System\BwPtWTX.exe
  2⤵
  PID:7916
- C:\Windows\System\eDrcGZd.exe
  C:\Windows\System\eDrcGZd.exe
  2⤵
  PID:7952
- C:\Windows\System\TrgTvFg.exe
  C:\Windows\System\TrgTvFg.exe
  2⤵
  PID:8004
- C:\Windows\System\NkcTWrp.exe
  C:\Windows\System\NkcTWrp.exe
  2⤵
  PID:8096
- C:\Windows\System\WslgDvM.exe
  C:\Windows\System\WslgDvM.exe
  2⤵
  PID:8052
- C:\Windows\System\zltZtya.exe
  C:\Windows\System\zltZtya.exe
  2⤵
  PID:8164
- C:\Windows\System\fynkaBv.exe
  C:\Windows\System\fynkaBv.exe
  2⤵
  PID:6440
- C:\Windows\System\HkKQZCp.exe
  C:\Windows\System\HkKQZCp.exe
  2⤵
  PID:7380
- C:\Windows\System\yisqQdL.exe
  C:\Windows\System\yisqQdL.exe
  2⤵
  PID:6932
- C:\Windows\System\GHVhNIk.exe
  C:\Windows\System\GHVhNIk.exe
  2⤵
  PID:7280
- C:\Windows\System\zXQMXfk.exe
  C:\Windows\System\zXQMXfk.exe
  2⤵
  PID:7596
- C:\Windows\System\NfbPWuc.exe
  C:\Windows\System\NfbPWuc.exe
  2⤵
  PID:7300
- C:\Windows\System\kUhEYAc.exe
  C:\Windows\System\kUhEYAc.exe
  2⤵
  PID:7636
- C:\Windows\System\nmiTqVx.exe
  C:\Windows\System\nmiTqVx.exe
  2⤵
  PID:7788
- C:\Windows\System\PAZbFvz.exe
  C:\Windows\System\PAZbFvz.exe
  2⤵
  PID:8000
- C:\Windows\System\FtviXgA.exe
  C:\Windows\System\FtviXgA.exe
  2⤵
  PID:7936
- C:\Windows\System\zqZnJvx.exe
  C:\Windows\System\zqZnJvx.exe
  2⤵
  PID:7200
- C:\Windows\System\kTJQbac.exe
  C:\Windows\System\kTJQbac.exe
  2⤵
  PID:7956
- C:\Windows\System\tDFTrOf.exe
  C:\Windows\System\tDFTrOf.exe
  2⤵
  PID:7440
- C:\Windows\System\LBtThoc.exe
  C:\Windows\System\LBtThoc.exe
  2⤵
  PID:7564
- C:\Windows\System\SfBMgjH.exe
  C:\Windows\System\SfBMgjH.exe
  2⤵
  PID:7316
- C:\Windows\System\dWkCdZa.exe
  C:\Windows\System\dWkCdZa.exe
  2⤵
  PID:7456
- C:\Windows\System\kxzBKGP.exe
  C:\Windows\System\kxzBKGP.exe
  2⤵
  PID:7716
- C:\Windows\System\ZBiDYcY.exe
  C:\Windows\System\ZBiDYcY.exe
  2⤵
  PID:7928
- C:\Windows\System\hNJXpeG.exe
  C:\Windows\System\hNJXpeG.exe
  2⤵
  PID:8048
- C:\Windows\System\ldkGOhe.exe
  C:\Windows\System\ldkGOhe.exe
  2⤵
  PID:7616
- C:\Windows\System\TvURfbY.exe
  C:\Windows\System\TvURfbY.exe
  2⤵
  PID:7428
- C:\Windows\System\OKjgjia.exe
  C:\Windows\System\OKjgjia.exe
  2⤵
  PID:8036
- C:\Windows\System\oUtrjGp.exe
  C:\Windows\System\oUtrjGp.exe
  2⤵
  PID:7528
- C:\Windows\System\ELyRMrq.exe
  C:\Windows\System\ELyRMrq.exe
  2⤵
  PID:8180
- C:\Windows\System\zSlGsHg.exe
  C:\Windows\System\zSlGsHg.exe
  2⤵
  PID:7276
- C:\Windows\System\aTBVTEW.exe
  C:\Windows\System\aTBVTEW.exe
  2⤵
  PID:8148
- C:\Windows\System\ghWyBxr.exe
  C:\Windows\System\ghWyBxr.exe
  2⤵
  PID:8204
- C:\Windows\System\hKRaloX.exe
  C:\Windows\System\hKRaloX.exe
  2⤵
  PID:8248
- C:\Windows\System\SoisiGQ.exe
  C:\Windows\System\SoisiGQ.exe
  2⤵
  PID:8264
- C:\Windows\System\seBmbFZ.exe
  C:\Windows\System\seBmbFZ.exe
  2⤵
  PID:8280
- C:\Windows\System\mwcEznl.exe
  C:\Windows\System\mwcEznl.exe
  2⤵
  PID:8296
- C:\Windows\System\JUXczPs.exe
  C:\Windows\System\JUXczPs.exe
  2⤵
  PID:8320
- C:\Windows\System\kEHzkXn.exe
  C:\Windows\System\kEHzkXn.exe
  2⤵
  PID:8340
- C:\Windows\System\xKyVpFU.exe
  C:\Windows\System\xKyVpFU.exe
  2⤵
  PID:8404
- C:\Windows\System\zQwVAnQ.exe
  C:\Windows\System\zQwVAnQ.exe
  2⤵
  PID:8428
- C:\Windows\System\nWitOTy.exe
  C:\Windows\System\nWitOTy.exe
  2⤵
  PID:8444
- C:\Windows\System\xwTpNZh.exe
  C:\Windows\System\xwTpNZh.exe
  2⤵
  PID:8468
- C:\Windows\System\frTqRpy.exe
  C:\Windows\System\frTqRpy.exe
  2⤵
  PID:8484
- C:\Windows\System\BFZLaiH.exe
  C:\Windows\System\BFZLaiH.exe
  2⤵
  PID:8504
- C:\Windows\System\saGIZmN.exe
  C:\Windows\System\saGIZmN.exe
  2⤵
  PID:8520
- C:\Windows\System\EWiicdb.exe
  C:\Windows\System\EWiicdb.exe
  2⤵
  PID:8544
- C:\Windows\System\xFvxfcp.exe
  C:\Windows\System\xFvxfcp.exe
  2⤵
  PID:8560
- C:\Windows\System\gAehgza.exe
  C:\Windows\System\gAehgza.exe
  2⤵
  PID:8588
- C:\Windows\System\chQqMAs.exe
  C:\Windows\System\chQqMAs.exe
  2⤵
  PID:8608
- C:\Windows\System\QbATkzB.exe
  C:\Windows\System\QbATkzB.exe
  2⤵
  PID:8628
- C:\Windows\System\ZuPhwDN.exe
  C:\Windows\System\ZuPhwDN.exe
  2⤵
  PID:8648
- C:\Windows\System\ItiMvbN.exe
  C:\Windows\System\ItiMvbN.exe
  2⤵
  PID:8668
- C:\Windows\System\qdmvDRl.exe
  C:\Windows\System\qdmvDRl.exe
  2⤵
  PID:8696
- C:\Windows\System\HbqKVRj.exe
  C:\Windows\System\HbqKVRj.exe
  2⤵
  PID:8712
- C:\Windows\System\LHjPHMM.exe
  C:\Windows\System\LHjPHMM.exe
  2⤵
  PID:8732
- C:\Windows\System\ScYvraq.exe
  C:\Windows\System\ScYvraq.exe
  2⤵
  PID:8756
- C:\Windows\System\rlTxHNb.exe
  C:\Windows\System\rlTxHNb.exe
  2⤵
  PID:8772
- C:\Windows\System\oqhRGFU.exe
  C:\Windows\System\oqhRGFU.exe
  2⤵
  PID:8788
- C:\Windows\System\urgpbIi.exe
  C:\Windows\System\urgpbIi.exe
  2⤵
  PID:8804
- C:\Windows\System\ZdqcApy.exe
  C:\Windows\System\ZdqcApy.exe
  2⤵
  PID:8828
- C:\Windows\System\CZmKqbG.exe
  C:\Windows\System\CZmKqbG.exe
  2⤵
  PID:8848
- C:\Windows\System\hsfUTfZ.exe
  C:\Windows\System\hsfUTfZ.exe
  2⤵
  PID:8864
- C:\Windows\System\kuOmCSV.exe
  C:\Windows\System\kuOmCSV.exe
  2⤵
  PID:8880
- C:\Windows\System\PXLUrrp.exe
  C:\Windows\System\PXLUrrp.exe
  2⤵
  PID:8896
- C:\Windows\System\HkfdSCd.exe
  C:\Windows\System\HkfdSCd.exe
  2⤵
  PID:8924
- C:\Windows\System\YVnZdwd.exe
  C:\Windows\System\YVnZdwd.exe
  2⤵
  PID:8940
- C:\Windows\System\MyBHqAb.exe
  C:\Windows\System\MyBHqAb.exe
  2⤵
  PID:8964
- C:\Windows\System\bvCYUCA.exe
  C:\Windows\System\bvCYUCA.exe
  2⤵
  PID:8980
- C:\Windows\System\FVHCuaR.exe
  C:\Windows\System\FVHCuaR.exe
  2⤵
  PID:9028
- C:\Windows\System\LPOkZdb.exe
  C:\Windows\System\LPOkZdb.exe
  2⤵
  PID:9044
- C:\Windows\System\qXLppZr.exe
  C:\Windows\System\qXLppZr.exe
  2⤵
  PID:9068
- C:\Windows\System\nvMkznG.exe
  C:\Windows\System\nvMkznG.exe
  2⤵
  PID:9084
- C:\Windows\System\vXLFzSS.exe
  C:\Windows\System\vXLFzSS.exe
  2⤵
  PID:9100
- C:\Windows\System\fuiIbvU.exe
  C:\Windows\System\fuiIbvU.exe
  2⤵
  PID:9124
- C:\Windows\System\MAoPVEi.exe
  C:\Windows\System\MAoPVEi.exe
  2⤵
  PID:9152
- C:\Windows\System\eQZyhKQ.exe
  C:\Windows\System\eQZyhKQ.exe
  2⤵
  PID:9172
- C:\Windows\System\rbCoLni.exe
  C:\Windows\System\rbCoLni.exe
  2⤵
  PID:9192
- C:\Windows\System\QFgPbQr.exe
  C:\Windows\System\QFgPbQr.exe
  2⤵
  PID:9212
- C:\Windows\System\nvuSRtJ.exe
  C:\Windows\System\nvuSRtJ.exe
  2⤵
  PID:8196
- C:\Windows\System\bVJaJFz.exe
  C:\Windows\System\bVJaJFz.exe
  2⤵
  PID:7840
- C:\Windows\System\kKdTmMJ.exe
  C:\Windows\System\kKdTmMJ.exe
  2⤵
  PID:8232
- C:\Windows\System\bCBmOdl.exe
  C:\Windows\System\bCBmOdl.exe
  2⤵
  PID:8256
- C:\Windows\System\uAevSxr.exe
  C:\Windows\System\uAevSxr.exe
  2⤵
  PID:8308
- C:\Windows\System\zMqTVzM.exe
  C:\Windows\System\zMqTVzM.exe
  2⤵
  PID:8348
- C:\Windows\System\TmSAFAV.exe
  C:\Windows\System\TmSAFAV.exe
  2⤵
  PID:8356
- C:\Windows\System\vtKPcqA.exe
  C:\Windows\System\vtKPcqA.exe
  2⤵
  PID:8376
- C:\Windows\System\OVezADq.exe
  C:\Windows\System\OVezADq.exe
  2⤵
  PID:7628
- C:\Windows\System\fNUtyOg.exe
  C:\Windows\System\fNUtyOg.exe
  2⤵
  PID:8452
- C:\Windows\System\ztZZRcS.exe
  C:\Windows\System\ztZZRcS.exe
  2⤵
  PID:8476
- C:\Windows\System\IQhUjAj.exe
  C:\Windows\System\IQhUjAj.exe
  2⤵
  PID:8500
- C:\Windows\System\HSnRFOY.exe
  C:\Windows\System\HSnRFOY.exe
  2⤵
  PID:8536
- C:\Windows\System\wuNyaMV.exe
  C:\Windows\System\wuNyaMV.exe
  2⤵
  PID:8576
- C:\Windows\System\QZfjZkI.exe
  C:\Windows\System\QZfjZkI.exe
  2⤵
  PID:8584
- C:\Windows\System\MSZirSd.exe
  C:\Windows\System\MSZirSd.exe
  2⤵
  PID:8624
- C:\Windows\System\SBaSXFe.exe
  C:\Windows\System\SBaSXFe.exe
  2⤵
  PID:8664
- C:\Windows\System\tSwjGIg.exe
  C:\Windows\System\tSwjGIg.exe
  2⤵
  PID:8720
- C:\Windows\System\LmwWmFG.exe
  C:\Windows\System\LmwWmFG.exe
  2⤵
  PID:8764
- C:\Windows\System\dKUPYlq.exe
  C:\Windows\System\dKUPYlq.exe
  2⤵
  PID:8840
- C:\Windows\System\lEOCXoD.exe
  C:\Windows\System\lEOCXoD.exe
  2⤵
  PID:8876
- C:\Windows\System\MtQcqnB.exe
  C:\Windows\System\MtQcqnB.exe
  2⤵
  PID:8596
- C:\Windows\System\LWHIYqN.exe
  C:\Windows\System\LWHIYqN.exe
  2⤵
  PID:8816
- C:\Windows\System\UwoeMPG.exe
  C:\Windows\System\UwoeMPG.exe
  2⤵
  PID:8860
- C:\Windows\System\XbUxdWY.exe
  C:\Windows\System\XbUxdWY.exe
  2⤵
  PID:8972
- C:\Windows\System\GlkfNSc.exe
  C:\Windows\System\GlkfNSc.exe
  2⤵
  PID:9004
- C:\Windows\System\bzpDIaX.exe
  C:\Windows\System\bzpDIaX.exe
  2⤵
  PID:9040
- C:\Windows\System\VUXopNc.exe
  C:\Windows\System\VUXopNc.exe
  2⤵
  PID:9064
- C:\Windows\System\BWJJUOW.exe
  C:\Windows\System\BWJJUOW.exe
  2⤵
  PID:9120
- C:\Windows\System\muqvGmp.exe
  C:\Windows\System\muqvGmp.exe
  2⤵
  PID:9140
- C:\Windows\System\hfONIdv.exe
  C:\Windows\System\hfONIdv.exe
  2⤵
  PID:7724
- C:\Windows\System\zMGjBIQ.exe
  C:\Windows\System\zMGjBIQ.exe
  2⤵
  PID:8236
- C:\Windows\System\ACdkaON.exe
  C:\Windows\System\ACdkaON.exe
  2⤵
  PID:9204
- C:\Windows\System\otwfFBM.exe
  C:\Windows\System\otwfFBM.exe
  2⤵
  PID:8352
- C:\Windows\System\NrbdlGw.exe
  C:\Windows\System\NrbdlGw.exe
  2⤵
  PID:8272
- C:\Windows\System\OaUjhPE.exe
  C:\Windows\System\OaUjhPE.exe
  2⤵
  PID:8384
- C:\Windows\System\eaZaDVM.exe
  C:\Windows\System\eaZaDVM.exe
  2⤵
  PID:8392
- C:\Windows\System\RFCzFXS.exe
  C:\Windows\System\RFCzFXS.exe
  2⤵
  PID:8456
- C:\Windows\System\jzKrgGH.exe
  C:\Windows\System\jzKrgGH.exe
  2⤵
  PID:8528
- C:\Windows\System\mOEERFz.exe
  C:\Windows\System\mOEERFz.exe
  2⤵
  PID:8680
- C:\Windows\System\TdwIiwE.exe
  C:\Windows\System\TdwIiwE.exe
  2⤵
  PID:8496
- C:\Windows\System\CYbJbmQ.exe
  C:\Windows\System\CYbJbmQ.exe
  2⤵
  PID:8660
- C:\Windows\System\DVgWprR.exe
  C:\Windows\System\DVgWprR.exe
  2⤵
  PID:8704
- C:\Windows\System\tEHuPlS.exe
  C:\Windows\System\tEHuPlS.exe
  2⤵
  PID:8844
- C:\Windows\System\WZiscDK.exe
  C:\Windows\System\WZiscDK.exe
  2⤵
  PID:8908
- C:\Windows\System\EkvdWhY.exe
  C:\Windows\System\EkvdWhY.exe
  2⤵
  PID:8912
- C:\Windows\System\unuBlCB.exe
  C:\Windows\System\unuBlCB.exe
  2⤵
  PID:8988
- C:\Windows\System\NVYNRUg.exe
  C:\Windows\System\NVYNRUg.exe
  2⤵
  PID:9020
- C:\Windows\System\EDDmPDg.exe
  C:\Windows\System\EDDmPDg.exe
  2⤵
  PID:9016
- C:\Windows\System\vjrQdph.exe
  C:\Windows\System\vjrQdph.exe
  2⤵
  PID:9112
- C:\Windows\System\hnNNJks.exe
  C:\Windows\System\hnNNJks.exe
  2⤵
  PID:8220
- C:\Windows\System\hLOQxpL.exe
  C:\Windows\System\hLOQxpL.exe
  2⤵
  PID:8312
- C:\Windows\System\igJHEEZ.exe
  C:\Windows\System\igJHEEZ.exe
  2⤵
  PID:8132
- C:\Windows\System\FAYfEVE.exe
  C:\Windows\System\FAYfEVE.exe
  2⤵
  PID:8332
- C:\Windows\System\vxBFtMF.exe
  C:\Windows\System\vxBFtMF.exe
  2⤵
  PID:8412
- C:\Windows\System\jySmGQq.exe
  C:\Windows\System\jySmGQq.exe
  2⤵
  PID:8656
- C:\Windows\System\OdZPVce.exe
  C:\Windows\System\OdZPVce.exe
  2⤵
  PID:8684
- C:\Windows\System\jLkfjMW.exe
  C:\Windows\System\jLkfjMW.exe
  2⤵
  PID:8812
- C:\Windows\System\GVwIEvY.exe
  C:\Windows\System\GVwIEvY.exe
  2⤵
  PID:8960
- C:\Windows\System\qkoCDeq.exe
  C:\Windows\System\qkoCDeq.exe
  2⤵
  PID:8976
- C:\Windows\System\BhnATYw.exe
  C:\Windows\System\BhnATYw.exe
  2⤵
  PID:9000
- C:\Windows\System\BTwWwwP.exe
  C:\Windows\System\BTwWwwP.exe
  2⤵
  PID:9080
- C:\Windows\System\Rchykbo.exe
  C:\Windows\System\Rchykbo.exe
  2⤵
  PID:7800
- C:\Windows\System\RpwygEi.exe
  C:\Windows\System\RpwygEi.exe
  2⤵
  PID:9208
- C:\Windows\System\qabBuPe.exe
  C:\Windows\System\qabBuPe.exe
  2⤵
  PID:8512
- C:\Windows\System\ewZbuOY.exe
  C:\Windows\System\ewZbuOY.exe
  2⤵
  PID:8604
- C:\Windows\System\loLWkyM.exe
  C:\Windows\System\loLWkyM.exe
  2⤵
  PID:8780
- C:\Windows\System\vtBzyBh.exe
  C:\Windows\System\vtBzyBh.exe
  2⤵
  PID:8936
- C:\Windows\System\QDTtvoD.exe
  C:\Windows\System\QDTtvoD.exe
  2⤵
  PID:9132
- C:\Windows\System\UIRAVcZ.exe
  C:\Windows\System\UIRAVcZ.exe
  2⤵
  PID:8436
- C:\Windows\System\PCkbLIG.exe
  C:\Windows\System\PCkbLIG.exe
  2⤵
  PID:8636
- C:\Windows\System\SyPUxOo.exe
  C:\Windows\System\SyPUxOo.exe
  2⤵
  PID:8580
- C:\Windows\System\cQMmixF.exe
  C:\Windows\System\cQMmixF.exe
  2⤵
  PID:9180
- C:\Windows\System\pUbLMoj.exe
  C:\Windows\System\pUbLMoj.exe
  2⤵
  PID:9188
- C:\Windows\System\xCzQzgq.exe
  C:\Windows\System\xCzQzgq.exe
  2⤵
  PID:8396
- C:\Windows\System\PQUIdfb.exe
  C:\Windows\System\PQUIdfb.exe
  2⤵
  PID:8388
- C:\Windows\System\vbzunpX.exe
  C:\Windows\System\vbzunpX.exe
  2⤵
  PID:9220
- C:\Windows\System\xijhAaR.exe
  C:\Windows\System\xijhAaR.exe
  2⤵
  PID:9240
- C:\Windows\System\SbcJuAQ.exe
  C:\Windows\System\SbcJuAQ.exe
  2⤵
  PID:9268
- C:\Windows\System\KVKYBdm.exe
  C:\Windows\System\KVKYBdm.exe
  2⤵
  PID:9284
- C:\Windows\System\CBFipKd.exe
  C:\Windows\System\CBFipKd.exe
  2⤵
  PID:9304
- C:\Windows\System\MwuBMBT.exe
  C:\Windows\System\MwuBMBT.exe
  2⤵
  PID:9324
- C:\Windows\System\RoMCqut.exe
  C:\Windows\System\RoMCqut.exe
  2⤵
  PID:9340
- C:\Windows\System\nYnzVMZ.exe
  C:\Windows\System\nYnzVMZ.exe
  2⤵
  PID:9368
- C:\Windows\System\NKtvCdq.exe
  C:\Windows\System\NKtvCdq.exe
  2⤵
  PID:9384
- C:\Windows\System\nFeGDKd.exe
  C:\Windows\System\nFeGDKd.exe
  2⤵
  PID:9400
- C:\Windows\System\EoGVjPt.exe
  C:\Windows\System\EoGVjPt.exe
  2⤵
  PID:9416
- C:\Windows\System\gOjIfyt.exe
  C:\Windows\System\gOjIfyt.exe
  2⤵
  PID:9448
- C:\Windows\System\xlTvojw.exe
  C:\Windows\System\xlTvojw.exe
  2⤵
  PID:9468
- C:\Windows\System\vRsTjsN.exe
  C:\Windows\System\vRsTjsN.exe
  2⤵
  PID:9488
- C:\Windows\System\DqDUkSz.exe
  C:\Windows\System\DqDUkSz.exe
  2⤵
  PID:9512
- C:\Windows\System\rRGBKyp.exe
  C:\Windows\System\rRGBKyp.exe
  2⤵
  PID:9532
- C:\Windows\System\JNDRXJQ.exe
  C:\Windows\System\JNDRXJQ.exe
  2⤵
  PID:9548
- C:\Windows\System\fCVFpGC.exe
  C:\Windows\System\fCVFpGC.exe
  2⤵
  PID:9568
- C:\Windows\System\hMVLQXu.exe
  C:\Windows\System\hMVLQXu.exe
  2⤵
  PID:9584
- C:\Windows\System\jkvTiCV.exe
  C:\Windows\System\jkvTiCV.exe
  2⤵
  PID:9604
- C:\Windows\System\bocbwQu.exe
  C:\Windows\System\bocbwQu.exe
  2⤵
  PID:9628
- C:\Windows\System\qeZSGkT.exe
  C:\Windows\System\qeZSGkT.exe
  2⤵
  PID:9644
- C:\Windows\System\KAIjckH.exe
  C:\Windows\System\KAIjckH.exe
  2⤵
  PID:9660
- C:\Windows\System\AWHsXYN.exe
  C:\Windows\System\AWHsXYN.exe
  2⤵
  PID:9676
- C:\Windows\System\BVhsnyx.exe
  C:\Windows\System\BVhsnyx.exe
  2⤵
  PID:9692
- C:\Windows\System\eQIYKMH.exe
  C:\Windows\System\eQIYKMH.exe
  2⤵
  PID:9708
- C:\Windows\System\HqexSuy.exe
  C:\Windows\System\HqexSuy.exe
  2⤵
  PID:9724
- C:\Windows\System\OOPtbmv.exe
  C:\Windows\System\OOPtbmv.exe
  2⤵
  PID:9740
- C:\Windows\System\DcyMTJM.exe
  C:\Windows\System\DcyMTJM.exe
  2⤵
  PID:9760
- C:\Windows\System\cTqELJJ.exe
  C:\Windows\System\cTqELJJ.exe
  2⤵
  PID:9792
- C:\Windows\System\UAfvisn.exe
  C:\Windows\System\UAfvisn.exe
  2⤵
  PID:9828
- C:\Windows\System\UHdpxXV.exe
  C:\Windows\System\UHdpxXV.exe
  2⤵
  PID:9852
- C:\Windows\System\mkLELAc.exe
  C:\Windows\System\mkLELAc.exe
  2⤵
  PID:9876
- C:\Windows\System\gtpRvVV.exe
  C:\Windows\System\gtpRvVV.exe
  2⤵
  PID:9892
- C:\Windows\System\aZjYJKK.exe
  C:\Windows\System\aZjYJKK.exe
  2⤵
  PID:9908
- C:\Windows\System\oFrVaMH.exe
  C:\Windows\System\oFrVaMH.exe
  2⤵
  PID:9924
- C:\Windows\System\UOwCPII.exe
  C:\Windows\System\UOwCPII.exe
  2⤵
  PID:9944
- C:\Windows\System\qCahoFW.exe
  C:\Windows\System\qCahoFW.exe
  2⤵
  PID:9960
- C:\Windows\System\nskgitu.exe
  C:\Windows\System\nskgitu.exe
  2⤵
  PID:9976
- C:\Windows\System\YmMpNkL.exe
  C:\Windows\System\YmMpNkL.exe
  2⤵
  PID:9992
- C:\Windows\System\PGwwWaS.exe
  C:\Windows\System\PGwwWaS.exe
  2⤵
  PID:10012
- C:\Windows\System\EjpZjVI.exe
  C:\Windows\System\EjpZjVI.exe
  2⤵
  PID:10028
- C:\Windows\System\zarVPkn.exe
  C:\Windows\System\zarVPkn.exe
  2⤵
  PID:10044
- C:\Windows\System\YnoEiER.exe
  C:\Windows\System\YnoEiER.exe
  2⤵
  PID:10060
- C:\Windows\System\qsJTrPI.exe
  C:\Windows\System\qsJTrPI.exe
  2⤵
  PID:10080
- C:\Windows\System\xcgwTSQ.exe
  C:\Windows\System\xcgwTSQ.exe
  2⤵
  PID:10104
- C:\Windows\System\oNeWUlW.exe
  C:\Windows\System\oNeWUlW.exe
  2⤵
  PID:10140
- C:\Windows\System\wfCxEup.exe
  C:\Windows\System\wfCxEup.exe
  2⤵
  PID:10164
- C:\Windows\System\tSrDPep.exe
  C:\Windows\System\tSrDPep.exe
  2⤵
  PID:10184
- C:\Windows\System\VrgWlqW.exe
  C:\Windows\System\VrgWlqW.exe
  2⤵
  PID:10220
- C:\Windows\System\ytBMeNY.exe
  C:\Windows\System\ytBMeNY.exe
  2⤵
  PID:8168
- C:\Windows\System\fqGYzdt.exe
  C:\Windows\System\fqGYzdt.exe
  2⤵
  PID:9248
- C:\Windows\System\iYpLFKa.exe
  C:\Windows\System\iYpLFKa.exe
  2⤵
  PID:9056
- C:\Windows\System\TIcwsUp.exe
  C:\Windows\System\TIcwsUp.exe
  2⤵
  PID:9332
- C:\Windows\System\fMKIBds.exe
  C:\Windows\System\fMKIBds.exe
  2⤵
  PID:9228
- C:\Windows\System\JUkASgD.exe
  C:\Windows\System\JUkASgD.exe
  2⤵
  PID:9280
- C:\Windows\System\hKcLKyx.exe
  C:\Windows\System\hKcLKyx.exe
  2⤵
  PID:9364
- C:\Windows\System\ytqazMB.exe
  C:\Windows\System\ytqazMB.exe
  2⤵
  PID:9408
- C:\Windows\System\qGJcJrU.exe
  C:\Windows\System\qGJcJrU.exe
  2⤵
  PID:9436
- C:\Windows\System\CqdxlXv.exe
  C:\Windows\System\CqdxlXv.exe
  2⤵
  PID:9464
- C:\Windows\System\LlTUmou.exe
  C:\Windows\System\LlTUmou.exe
  2⤵
  PID:9496
- C:\Windows\System\tMuzXgF.exe
  C:\Windows\System\tMuzXgF.exe
  2⤵
  PID:9520
- C:\Windows\System\oWuWnYm.exe
  C:\Windows\System\oWuWnYm.exe
  2⤵
  PID:9556
- C:\Windows\System\GJoFXYx.exe
  C:\Windows\System\GJoFXYx.exe
  2⤵
  PID:9616
- C:\Windows\System\uoeZdRk.exe
  C:\Windows\System\uoeZdRk.exe
  2⤵
  PID:9592
- C:\Windows\System\bsKvMwM.exe
  C:\Windows\System\bsKvMwM.exe
  2⤵
  PID:9596
- C:\Windows\System\PxEClpO.exe
  C:\Windows\System\PxEClpO.exe
  2⤵
  PID:9736
- C:\Windows\System\UZdSlHX.exe
  C:\Windows\System\UZdSlHX.exe
  2⤵
  PID:9704
- C:\Windows\System\DzFRmfU.exe
  C:\Windows\System\DzFRmfU.exe
  2⤵
  PID:9812
- C:\Windows\System\mhjVDYf.exe
  C:\Windows\System\mhjVDYf.exe
  2⤵
  PID:9784
- C:\Windows\System\wVagQsH.exe
  C:\Windows\System\wVagQsH.exe
  2⤵
  PID:9840
- C:\Windows\System\LLBckMy.exe
  C:\Windows\System\LLBckMy.exe
  2⤵
  PID:9844
- C:\Windows\System\LVtlbQc.exe
  C:\Windows\System\LVtlbQc.exe
  2⤵
  PID:9904
- C:\Windows\System\KoFYfBs.exe
  C:\Windows\System\KoFYfBs.exe
  2⤵
  PID:9888
- C:\Windows\System\zWuYqCi.exe
  C:\Windows\System\zWuYqCi.exe
  2⤵
  PID:9952
- C:\Windows\System\BGMGUiI.exe
  C:\Windows\System\BGMGUiI.exe
  2⤵
  PID:9956
- C:\Windows\System\rSAlVsI.exe
  C:\Windows\System\rSAlVsI.exe
  2⤵
  PID:10056
- C:\Windows\System\OCQcuXn.exe
  C:\Windows\System\OCQcuXn.exe
  2⤵
  PID:10116
- C:\Windows\System\obKUrty.exe
  C:\Windows\System\obKUrty.exe
  2⤵
  PID:10132
- C:\Windows\System\QSmiHeX.exe
  C:\Windows\System\QSmiHeX.exe
  2⤵
  PID:10176
- C:\Windows\System\UUUaHaT.exe
  C:\Windows\System\UUUaHaT.exe
  2⤵
  PID:10160
- C:\Windows\System\BLKSqXP.exe
  C:\Windows\System\BLKSqXP.exe
  2⤵
  PID:10200
- C:\Windows\System\TFAyACb.exe
  C:\Windows\System\TFAyACb.exe
  2⤵
  PID:10228
- C:\Windows\System\nOZvpJW.exe
  C:\Windows\System\nOZvpJW.exe
  2⤵
  PID:9252
- C:\Windows\System\jlxNFTm.exe
  C:\Windows\System\jlxNFTm.exe
  2⤵
  PID:9376
- C:\Windows\System\mgPtoqY.exe
  C:\Windows\System\mgPtoqY.exe
  2⤵
  PID:9296
- C:\Windows\System\YDatyzy.exe
  C:\Windows\System\YDatyzy.exe
  2⤵
  PID:9424
- C:\Windows\System\QxGrScD.exe
  C:\Windows\System\QxGrScD.exe
  2⤵
  PID:9480
- C:\Windows\System\rEKTEZM.exe
  C:\Windows\System\rEKTEZM.exe
  2⤵
  PID:9528
- C:\Windows\System\dZstWsf.exe
  C:\Windows\System\dZstWsf.exe
  2⤵
  PID:9444
- C:\Windows\System\VQxkAEM.exe
  C:\Windows\System\VQxkAEM.exe
  2⤵
  PID:9620
- C:\Windows\System\aJxZAyi.exe
  C:\Windows\System\aJxZAyi.exe
  2⤵
  PID:9688
- C:\Windows\System\EHrknqk.exe
  C:\Windows\System\EHrknqk.exe
  2⤵
  PID:9804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BJikizp.exe

Filesize
6.0MB

MD5
c3e1943bdc22c229dfbb9abc0ebaf334

SHA1
a5cb82d83c40f482ac99b9140d7f83a770efe244

SHA256
9c0d14a46f95b351e12afd317efa4b0ca85b38773cdb600d3a988c86f17c2267

SHA512
32a1f6d198e18f406cb881d1af2e0b125e2f25d886b8f74021c206646f905e048de270246cc144d6b0a88682ba537c342e49dbfbfdf8d7c8154b18bf4da84511

Download Submit
C:\Windows\system\DdpyuKT.exe

Filesize
6.0MB

MD5
137534edada4d6d6bdec9592860f2da1

SHA1
df21989f675506445d018df07b146a66224f12f6

SHA256
8221a5cc877561abe2276eaed277f6ba726ad6ee9f4e03b72e493c15a86e247b

SHA512
d56ffb28ec392c9f3bc82889a99c5e68a214bfbaf342d001a074eb9d6ada0faa7c15afcac42935c17d37a16233e55df9c61ff1628056d6fd106913c0f0bb82b9

Download Submit
C:\Windows\system\EdicAcz.exe

Filesize
6.0MB

MD5
0f43478ed9f4a2a154a2712246916a8d

SHA1
967a4e4adef9e426c789b4c58d42f7ccac84c55a

SHA256
f248d4b8618b94889e51799a0c430f40409ff8f24966ba1f3040fc03e129a4b7

SHA512
11cd5624acdf9a1f277d036827c14712244cce740e7997e13d5c87e9d43380977a532983b5976e6bdb974d1daae46daa664522bbfe8f2fc52634e547401d18db

Download Submit
C:\Windows\system\KUmlyzb.exe

Filesize
6.0MB

MD5
47bcf6c9b1e384ebfd25ad708e3839fa

SHA1
dad58cf4742443eb7108b657f6f85b841f8228a9

SHA256
78d9989a9eb088b26f8562a5c50fc5ac45a27e8359c8aa684d0f833eee74c09a

SHA512
ea787e0bc77dbc0e1597044512a65247a0786e87b6378a15707dfa72729283199b6fa3fa355210cbef518deb05f3ca9d419d77686914874fd0557981e0a8e7b0

Download Submit
C:\Windows\system\LEDAwwi.exe

Filesize
6.0MB

MD5
7d034ba24f03de799ba0d0e215a4f0ce

SHA1
6b4c4ce5e6082920c0ace451286c7b2170709ffb

SHA256
54afddb4169b6932061a006bb67e6b96259299ca2345a11bb3fb4391f679803b

SHA512
f3fd67aa75e8b1c2db524ef6b264ea6d8357c03a8541d17896b55f1d658e31b3a8edf947912fee179271d29d2450ffcbd9fb07df14a5c59ab204d8e22f0722d8

Download Submit
C:\Windows\system\OklEkfe.exe

Filesize
6.0MB

MD5
c4b1692a8b0488e981184f4a00cf8d58

SHA1
120f64219152b6c913c56060fec6e0afbb04cb15

SHA256
76d7ae65ae0063b7202906eee9d28c980e3b1dd70e5770359348593d81eba2f0

SHA512
bd4b32974a0b1fb4c1afc87f604d761d9ed3043e3372d95de5194f04c35df722337e62d95a0d4d033a2ebb0b14bb51fb0203a9a7e05017bbcf51e7e647b88407

Download Submit
C:\Windows\system\RqYojzK.exe

Filesize
6.0MB

MD5
c5b51d592b5d6e5a6321965e95572cf8

SHA1
373bc54f1c02c81e75687abb1c7fc69288bae76d

SHA256
717362d61042d3e3fae8263d2a6ea5df9a003392aab1b7bfedc7de0bb2480d11

SHA512
6b6e8652c731b8cc5b23876573aeab2917ac871fb086d88dba07a03d6bc042179fd709abcd30450c0ad53b9a102924a388684deecb720fcfbec2dfb8f8437059

Download Submit
C:\Windows\system\SWMsPZL.exe

Filesize
6.0MB

MD5
5d36203d004bda7397ebc16256c855a3

SHA1
082b0002ba1332a9ec23eaba929fc6344354dd29

SHA256
5199e2ff25cf46212785708b9c08e5093884b9b8015d48abea977e47abb0e222

SHA512
4e5176486f7caf22789445de7f3f8a9b75fa35746493db5cdd2e438888bb3e921ad3569247e502b6364cc2b35b70fe0264f462bdf0cec1ed286c08075c88dd2f

Download Submit
C:\Windows\system\TbpeMau.exe

Filesize
6.0MB

MD5
676b9b72004f70b627e01216a23c72ad

SHA1
ad3540eb6c0d9a42c4ddc69d1d39066a7fb8d40c

SHA256
6080eb369a2197cfc69769133e6d294a68780b18fa697c69e85c0a3299407897

SHA512
c58ea4147bbc2776addbc6197b2114c361c9d0b14c666b61b8d23ba50ced08ae5273c3b96e9f54fbb9a3fe39759f0c7c4b70bba93d9ed4374b4efae9320df1d0

Download Submit
C:\Windows\system\UcATiGt.exe

Filesize
6.0MB

MD5
ffde0455d8b29c84c674ba84dcc4559d

SHA1
2285e49bc0ab67fd551bbb5c6e7f7df4401ffb54

SHA256
d1b066620a4d26ed5ab958331480343650cdb272359de4fe22a751c0c2b5623e

SHA512
1fea4ac0da3f3678319b4de6123e7cf5d2fb788badb5690cec75cfb2ce3c5008eaa705956ed5cce43fc451668c44d8a3af428b3e2bcee669cd8fa45cb4d931c4

Download Submit
C:\Windows\system\aLxMlNc.exe

Filesize
6.0MB

MD5
2b433d86cd9bc80196b89947fb8e31c3

SHA1
cf329246e3f202a437006552f00d711b0c5dbd1d

SHA256
a70b9adaf9793dc8fd9705ac505028079661c23148b36efb0f5f513c787b8846

SHA512
969cd1e9c6d77acd2a5d15c098686169403805bca0095723db1ca038152fc04fad4d4cb3d3c134975604caed34444ce113b851a7b01e4e12331909ff850541e8

Download Submit
C:\Windows\system\cSAltyZ.exe

Filesize
6.0MB

MD5
555992c11f79ca2e3f76d4a94f6e8349

SHA1
3e01aeb6ae324f41605c36139c6b118e87f89317

SHA256
107f51b2ad657a87288b3189042a71e40d8fba1b2f72aa46a2cee44cb2b91263

SHA512
38fa2bae589b0dd299936e09493e7d2aa6bf6461d923f7a9f770bd154dfdbc8f169c19bd4bde5b37c3de2e226106fd18913b7b0d663ef3716ca804acc2e8c42a

Download Submit
C:\Windows\system\eXFmeOd.exe

Filesize
6.0MB

MD5
e9fdc4a568301d2f28a6319dff2cb667

SHA1
140c614b6b26c954ef171477152a678bddbc7135

SHA256
dedb71dbf8f6c4b035d025ff7df7421176ce56615d7122e1766e9fc217dd0893

SHA512
c3a8ec1a57011ec53d03db055d2cfe6ac0cfc958961a650b8972a295ba2ca0fa40019197f2f134aadcc36eb2f9f9b3e351d653e9487e89b5d44fb52a7688aa4d

Download Submit
C:\Windows\system\etqQSJn.exe

Filesize
6.0MB

MD5
aed7b719137d7a9040e5183307b670ce

SHA1
cc6dba0545457f29603d051ba9cdeebfb879d182

SHA256
bdeaf8fae35f8ef71beb6f55c9848da2fe1a1873c30252d392a7426c349c031b

SHA512
97c228406407df6668b4c5f4c479b9bce3eebc85de4b1318540455561fb90175d225f37dadadff6aba555028a81c2034d52a422e4cf5973d356484c0f8586cc5

Download Submit
C:\Windows\system\fQVASIM.exe

Filesize
6.0MB

MD5
b1e60a0c0ae2714e9a60681de0bd35c4

SHA1
e054239f89d3dbf73abfdc3e018a6073fc4db984

SHA256
7e60e6cfab96c55e331c0c3c9f8b1f5f4eaa983623598fb415ab1c37c42bdd7b

SHA512
c070881b2371684cc1479959a945fd45c855cbb20c1ec2e82f933d1280e16845408f59f9c222097d21c0cade96e3f96307f62e4f62d51490a4f2003b92292590

Download Submit
C:\Windows\system\iiSHRhQ.exe

Filesize
6.0MB

MD5
0e21486dcd3a851c5ab54964a5c1174d

SHA1
7888c432f6187fb17bfd0c16d6ff86648e36097a

SHA256
f691fcd25e6ecef479879f0629c55aa4e8b87680937f37021d39a3721187f209

SHA512
a134011fcbf6e4d5dc4e3b2bd08cdc5d670d361a060612c6111e692ab8641eec77266a955762352dfa4d5f977973bef3c2de64b94283b72849fea1f23b5cc1a1

Download Submit
C:\Windows\system\jppWQmO.exe

Filesize
6.0MB

MD5
bf028c79c56ba8c854be532b0e72e3e6

SHA1
91b3fda198852fae761cce57361a991e71adbd8d

SHA256
194efd43cf642ec24afd9111e285cefb47f8ed0e6d28d98a24e6c15e95c8f652

SHA512
b376133e478e09451340b57556e1ea33390d30d9c35155f0fed1ffcb5147a207603f067bf327a4f7dab7888e88ecee0acd7b57abd10da76050fdf4a3adde0ef9

Download Submit
C:\Windows\system\jyIAGUH.exe

Filesize
6.0MB

MD5
21ef8f13958a2175588914875857390f

SHA1
256ac593dd3ab5c90f3c62b3b3a72bb200f4d084

SHA256
521a011458060d8348df81f55c945965b52fb33bd7f9a8c4cb53b5a2dd21c231

SHA512
5bd7ab3039a14373f7c0de5381c709fe77059c5acd9bf28912494dc86bcda00df775da6d0f2814e628be7e43ca70285ec9cdadb6aa2e29124ca24a56c53fbd2e

Download Submit
C:\Windows\system\lGVpQoO.exe

Filesize
6.0MB

MD5
dc06edf7de86c8355be6f62417db90f8

SHA1
e8662c5724b2d06038cdccf03ed57b5c48c76d43

SHA256
0b574312bb9574f811298d38b72d92edf8dc64af4b35f10dc2398705760331a0

SHA512
ba965a04183f9ad250707a84cbb0174ff181537f5b09766e4c1bbb4c8352f76d867924ebfcfe3cd79d536e1d03e17e718e9b1705ba0b519ede7ca48f5e2e19a4

Download Submit
C:\Windows\system\lOkrNOW.exe

Filesize
6.0MB

MD5
6f2fb9bd3ba2682f888a30a8ae57f58c

SHA1
54dde3be4bb87d765b47b7866e5ca4f18b6547ce

SHA256
bb2c0d2ce770011a446c982f88063679360f45812d4319eb4e8edcf39d3ecc5c

SHA512
7419c4e20d4840b2f0cdc958d1a3eb8c407ae31104230547ee7ebbf1f1fa64b8ebaf9cd5eacb33f416c482d01e49168a5c932fa278937cdde0ce3568a60a4910

Download Submit
C:\Windows\system\mpgeXcv.exe

Filesize
6.0MB

MD5
c3224418b147b5fc410ef745f873d407

SHA1
c73ef10c13b5d56d9da9a6db97a97063c582f93d

SHA256
65336a4e7caab4a3741e333a45998427eafd7f3bbf293c3a2ac705f7c51b9c88

SHA512
17a573a6010b5d6a6f18ba6f678e7dc9763934c03f2f85989797065e3f9848aa3ae0d845f24491625ddf4541848d93b9dfd9a24f4d11ec96d9d886d09422576d

Download Submit
C:\Windows\system\oIJwlXg.exe

Filesize
6.0MB

MD5
88cbc5b9ea5899277c4cf2edcea0a124

SHA1
a5c571a8e3508b62c284e2e11383596fd6ee8341

SHA256
330e227fbb240374a32cfb5b5b8db5a108e87e85cbcc1f908e878d783cef1d78

SHA512
f4487d72541091d2f5330a7424c6607aa99012ae4dbabbf9426f0a58186edbf24e6749919f5c1324890b5e268b0d43303b3431b03781a9debcdd2a62981c6ad1

Download Submit
C:\Windows\system\oZCBvji.exe

Filesize
6.0MB

MD5
363fe37c14405f5289beb642af157173

SHA1
7d747538fdc4974823c920db344ae8234cf1cc43

SHA256
28eef52c6507de3f801641f7604f7eae5821be5b361e1d066de4431d5fceb059

SHA512
6549f61d8c72e4e4b6ba81f746d054b49bee9719d122fef81f78de8c59539f786c63ef925d48dad91caf254c15b8e3c31e3e0a2ae774c9c8634112b5f9f6df68

Download Submit
C:\Windows\system\oaGkxqk.exe

Filesize
6.0MB

MD5
d7475cb3fe108191286236482fe74f2a

SHA1
5734f8aa6a02c63b2fdcfdf0d124c38c02e428be

SHA256
7ab41d21ebe7ccd4b81b13434ee87404fb2166b38ea710282b35ffaf1f9a21c2

SHA512
ad2e4eac2ee4816141d5e5734468759bc02a0bf377a0b9b44c778336e5e127c0b0622af05dc96cc94bccc49adada6cf9928acf60de9f41f81770cd9f5327078b

Download Submit
C:\Windows\system\pDoqLes.exe

Filesize
6.0MB

MD5
0d7701ebec268c6600c21da5c56fc377

SHA1
7bb761d1d9b6668d3a2062d78eb5187dd01bfa58

SHA256
24db09e691c19214f7ab5225a8e0c0bb4c254d909fdb37420a797a6adf3019c0

SHA512
7c2b692b751632e00ca969ab1381005fc63b780c742fd05caf101e52bb5f09d0263ad95f28da31f874e2b349f0aa7a4e5dabc45f90dd1e8ce4ff0ae4e32fe800

Download Submit
C:\Windows\system\vVRsAfE.exe

Filesize
6.0MB

MD5
314e8d97e13da20d273f39ce2db8e669

SHA1
e53f6bf39621fa5aebc8cb6b6222ad175bdae476

SHA256
fd0c0efd92dad3a3bce0fadc77cef588b7372b105242d0d7f9b3e69bb983caa9

SHA512
1533b9e5ed8a9c5bbf2465e8fe5d477c3ecb964fa17efa35d681bcf93ae40166259caa0cf742a4bb4063f08ecbd038ae3811b8e8d1527e52c928aff04af3095a

Download Submit
C:\Windows\system\xvWKXEH.exe

Filesize
6.0MB

MD5
2acc1ba10e2524368a256b51e5e2e23a

SHA1
2c6f1bf357bca4adb3499e6446b4b52b292e7bf7

SHA256
4efb2bc7a1e567294ab4185728b666c78774cd4178661855859264410e7f4e95

SHA512
01e9c59cd2c5ed825045743360fb6e1bc503fae11db42e3de0a65b7c44a3af92aae893ae1fb1136a327be1be99c5096938cda1c281911844569c70f62085d6b5

Download Submit
C:\Windows\system\yKjtRmw.exe

Filesize
6.0MB

MD5
98cffdddd3f473dec83a7778b10ad36a

SHA1
3f38f2151d3800ea9292c70a24dacc871a30b6b5

SHA256
03353f05bc31f70fe347e4d6d159371489858e86a46b86f380849e6075cdb5df

SHA512
fe0b8da45655d6c61bc4c2e3cd89eb246c9878ca6a46b4e9f8a4c48947a299dc6cc0f9324e528739306ef2c61cbc1537c77294f1b16b921fe977d1537481ca8b

Download Submit
\Windows\system\IgWLneI.exe

Filesize
6.0MB

MD5
0be95f95c4d0b1573681429c7f6bde1a

SHA1
262a5fc0b50e195ae9c7cb1ba86b8bd5ac94135a

SHA256
3bf51cdb465dc81bf83136389917513622384eda823a68d45230840c20bc297d

SHA512
6d64792fa3de9018496054fa3d740a727bade494d060c159d3dad3b9868a1157d3fa407a65dd39af1d7e5fceb5bf2dd393f761ea726524c5ac89f8b5984557de

Download Submit
\Windows\system\fzSQCtv.exe

Filesize
6.0MB

MD5
ce8b306209fb5f11fd103af3b4bcba9d

SHA1
23c44ffa87ccecba94d503b57372210c198d2d84

SHA256
a394e7d568c31b98a7cd30d5f04855ba1c9a7cbfb107b641e84891fd3e8c4d76

SHA512
cd180c69a5beeb5d40c565be54a77be4e8e4d1e85e1a2470ff18f35a3fdf2e5cbca4772e5a4e53df1246d62618f90085275a6fe3b32600c1ea28e1e467da9237

Download Submit
\Windows\system\lpjASpO.exe

Filesize
6.0MB

MD5
25e61d720b23aaf6451bcbcbcb7d7ed2

SHA1
e92c1c17cbfe95e94629361cfbe888dd06692960

SHA256
f1b7d53b8bb84180ea49a5606b60e2a516d24acaf1916352d11642d8992cf010

SHA512
d28f6afbb97b8555f2f264f524fd72a6d90e3bc82f4bef05160bc5514c14ee4c91031492eca5dbd52e334c7b7d3907a66bf632017084017b8f3e1ff94fd76105

Download Submit
\Windows\system\qsCdFph.exe

Filesize
6.0MB

MD5
c5ae769bfe0fa6be4f5a945755288e04

SHA1
b72aee836e895fbd392f5d29ed7c2bf2ec8bab7f

SHA256
2e755bbbdc9e8fb97f70ee802da353e267ab869be9e1da8b77294d4cf306acb4

SHA512
397482e7f34306976e7d3350b4b98023c9661b45feaa5b9ab0ecc4ced270417160557aa3665d3b7112128eed5622977e5e71fadea29bd2fba90be4eb0c6351f7

Download Submit
memory/600-3469-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/600-33-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1572-3525-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1572-638-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1572-35-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1668-872-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1668-40-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1668-108-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1668-18-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1668-106-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-30-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1668-104-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1668-32-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1668-102-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1668-22-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1668-100-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1668-110-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1668-0-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1668-115-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1668-112-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-114-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2104-239-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3454-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2104-12-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2356-3434-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2356-14-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3476-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-107-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3485-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2564-101-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2568-111-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3503-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3477-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-113-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3471-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2668-109-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3474-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2672-103-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3472-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-99-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3488-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2828-98-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3443-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2864-31-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2880-105-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3504-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download