cobaltstrike | f2ff594071971e6166a33fb89da7c1a857400b15389bbeffac84c31d77793f8b

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

95d63367894c26c1091f5e9b83913a0d
SHA1

0f5eb9442522b3552c7e015cf7ea354dc7f76b6d
SHA256

f2ff594071971e6166a33fb89da7c1a857400b15389bbeffac84c31d77793f8b
SHA512

f39221ce95161b288b5c69aeed8559e626ba772ec5d5d110785e62b3d2ca81deef61071e1703faa6737111ca88516cddb12fb493dc84dbdbe3551bf5fd41ec4d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000014b4f-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018c34-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018c44-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018f65-22.dat	cobalt_reflective_dll
behavioral1/files/0x0018000000018676-30.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191d2-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964a-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c6c-198.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0f-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0d-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a72-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964b-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c2-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019642-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-80.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191f6-66.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190e1-50.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001904c-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1668-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000c000000014b4f-3.dat	xmrig
behavioral1/memory/1668-6-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018c34-9.dat	xmrig
behavioral1/memory/2256-14-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018c44-11.dat	xmrig
behavioral1/memory/1668-12-0x0000000002310000-0x0000000002664000-memory.dmp	xmrig
behavioral1/memory/2920-21-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0007000000018f65-22.dat	xmrig
behavioral1/memory/2076-26-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/1668-23-0x0000000002310000-0x0000000002664000-memory.dmp	xmrig
behavioral1/memory/1732-41-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x0018000000018676-30.dat	xmrig
behavioral1/memory/2744-36-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000191d2-54.dat	xmrig
behavioral1/memory/2688-60-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019433-70.dat	xmrig
behavioral1/memory/2304-75-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2552-68-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2180-82-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1848-89-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1196-106-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000500000001946a-113.dat	xmrig
behavioral1/files/0x0005000000019513-148.dat	xmrig
behavioral1/files/0x000500000001964a-169.dat	xmrig
behavioral1/memory/1848-616-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1196-950-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1988-798-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2180-420-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2304-245-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c6c-198.dat	xmrig
behavioral1/files/0x0005000000019b0f-193.dat	xmrig
behavioral1/files/0x0005000000019b0d-189.dat	xmrig
behavioral1/files/0x0005000000019a72-183.dat	xmrig
behavioral1/files/0x000500000001964b-173.dat	xmrig
behavioral1/files/0x00050000000197c2-178.dat	xmrig
behavioral1/files/0x0005000000019642-163.dat	xmrig
behavioral1/files/0x0005000000019640-159.dat	xmrig
behavioral1/files/0x000500000001953e-153.dat	xmrig
behavioral1/files/0x000500000001950e-143.dat	xmrig
behavioral1/files/0x00050000000194df-138.dat	xmrig
behavioral1/files/0x00050000000194d7-133.dat	xmrig
behavioral1/files/0x0005000000019485-128.dat	xmrig
behavioral1/files/0x000500000001947d-123.dat	xmrig
behavioral1/files/0x0005000000019479-118.dat	xmrig
behavioral1/memory/1988-97-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2688-96-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001945b-95.dat	xmrig
behavioral1/memory/2552-105-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0005000000019465-104.dat	xmrig
behavioral1/memory/2712-88-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0005000000019450-87.dat	xmrig
behavioral1/memory/2676-81-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0005000000019446-80.dat	xmrig
behavioral1/memory/2076-67-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00070000000191f6-66.dat	xmrig
behavioral1/memory/2744-74-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2712-52-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2256-51-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x00070000000190e1-50.dat	xmrig
behavioral1/memory/2920-59-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/1668-35-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2676-42-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x000700000001904c-40.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1732	hYArBPt.exe
2256	dMfMpXT.exe
2920	TcETyAf.exe
2076	OaSTAxM.exe
2744	roOpCRe.exe
2676	DjAMVxL.exe
2712	TvhBkKC.exe
2688	gRctQUp.exe
2552	rdtdegW.exe
2304	XOCPtcC.exe
2180	dHHmIUr.exe
1848	jAiENzn.exe
1988	oXAOkPe.exe
1196	pzVDjQO.exe
736	sIOsNYN.exe
2364	cPJrvlU.exe
1260	iDrfTcv.exe
316	jZPLgwS.exe
1020	pNvdcQd.exe
2776	HssCSZW.exe
2608	HnafRXM.exe
3008	NkbfTWu.exe
2144	xVuSzZB.exe
2216	AtQHLwS.exe
2128	fEPIvdj.exe
1656	VWucMqu.exe
668	XZoPYXW.exe
2652	CFzpLcn.exe
1296	OycfwFY.exe
2504	UCTAOuV.exe
2388	Bvgerzy.exe
328	gMroxVO.exe
1692	EvEYgkW.exe
1712	tJRdCRn.exe
3004	RFbZoNE.exe
576	EyUvLJB.exe
1208	KGpbGNL.exe
1476	CecSuNn.exe
1868	bJoBjen.exe
300	KCeBFlF.exe
3048	YgFprtw.exe
1936	NqSteLj.exe
236	BQRHhLf.exe
2376	rRWPdPH.exe
2412	lrShrAm.exe
3040	vZXDDGt.exe
1240	wgPhAZx.exe
584	xevWQhD.exe
2992	hVilbQa.exe
1880	IIrjSBy.exe
1356	AONafoX.exe
1500	XhuUGKu.exe
2628	oXwnrWG.exe
2336	McECMgY.exe
2748	oUvbFNS.exe
2816	OCkhkwK.exe
2792	claEpXc.exe
276	zwAmJzM.exe
2620	PLJpqva.exe
556	uMLogOJ.exe
1040	QWwBUxj.exe
1256	JtQegYl.exe
1140	YLdFaoQ.exe
1016	yddVcYy.exe

Loads dropped DLL 64 IoCs

pid	Process
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1668-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000c000000014b4f-3.dat	upx
behavioral1/memory/1668-6-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x0008000000018c34-9.dat	upx
behavioral1/memory/2256-14-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0008000000018c44-11.dat	upx
behavioral1/memory/2920-21-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0007000000018f65-22.dat	upx
behavioral1/memory/2076-26-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/1732-41-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x0018000000018676-30.dat	upx
behavioral1/memory/2744-36-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x00070000000191d2-54.dat	upx
behavioral1/memory/2688-60-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x0005000000019433-70.dat	upx
behavioral1/memory/2304-75-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2552-68-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2180-82-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1848-89-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1196-106-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000500000001946a-113.dat	upx
behavioral1/files/0x0005000000019513-148.dat	upx
behavioral1/files/0x000500000001964a-169.dat	upx
behavioral1/memory/1848-616-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1196-950-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/1988-798-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2180-420-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2304-245-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0005000000019c6c-198.dat	upx
behavioral1/files/0x0005000000019b0f-193.dat	upx
behavioral1/files/0x0005000000019b0d-189.dat	upx
behavioral1/files/0x0005000000019a72-183.dat	upx
behavioral1/files/0x000500000001964b-173.dat	upx
behavioral1/files/0x00050000000197c2-178.dat	upx
behavioral1/files/0x0005000000019642-163.dat	upx
behavioral1/files/0x0005000000019640-159.dat	upx
behavioral1/files/0x000500000001953e-153.dat	upx
behavioral1/files/0x000500000001950e-143.dat	upx
behavioral1/files/0x00050000000194df-138.dat	upx
behavioral1/files/0x00050000000194d7-133.dat	upx
behavioral1/files/0x0005000000019485-128.dat	upx
behavioral1/files/0x000500000001947d-123.dat	upx
behavioral1/files/0x0005000000019479-118.dat	upx
behavioral1/memory/1988-97-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2688-96-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x000500000001945b-95.dat	upx
behavioral1/memory/2552-105-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x0005000000019465-104.dat	upx
behavioral1/memory/2712-88-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0005000000019450-87.dat	upx
behavioral1/memory/2676-81-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0005000000019446-80.dat	upx
behavioral1/memory/2076-67-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00070000000191f6-66.dat	upx
behavioral1/memory/2744-74-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2712-52-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2256-51-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x00070000000190e1-50.dat	upx
behavioral1/memory/2920-59-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/1668-35-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2676-42-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x000700000001904c-40.dat	upx
behavioral1/memory/1732-3493-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2256-3496-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QWeAykT.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VykInOE.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZuANKIg.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdIkOrO.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MelYliT.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFQQkIB.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPQTPkd.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlMTeJf.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQkqkRS.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIqDzHo.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojgxNXP.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjQGhOf.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eomhTzc.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQxVJck.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OODvMnO.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGrlWQU.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjXlmMr.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcQWDXl.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQFbbQa.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKMTkmb.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAUSkqf.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msDHnZs.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJeNVRj.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLKLavf.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfxalBX.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWCaWPn.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaKDXbS.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqIcOaQ.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOXvuMa.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXeaFaX.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJHKzvM.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZOTCXP.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhKyxqP.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyWGSIx.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGoiOiS.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbRwzDs.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIEJfBR.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpxixdR.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGXICPY.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xaldskk.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHMOZgj.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTkKiHa.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBhytEb.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bryTIYc.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMMbvjd.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrySuUk.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PavJyHo.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYAWUuI.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWTpHsL.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJxGQgj.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fiYEMwN.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YivixCv.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRiSkAw.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRwZgqG.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywyBbku.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFzpLcn.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvEouds.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHIUUFj.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvqpPYM.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOybcrs.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJNVeQL.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsWOGNJ.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkLPeDu.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stAwONl.exe	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1732	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1668 wrote to memory of 1732	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1668 wrote to memory of 1732	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1668 wrote to memory of 2256	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1668 wrote to memory of 2256	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1668 wrote to memory of 2256	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1668 wrote to memory of 2920	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1668 wrote to memory of 2920	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1668 wrote to memory of 2920	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1668 wrote to memory of 2076	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1668 wrote to memory of 2076	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1668 wrote to memory of 2076	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1668 wrote to memory of 2744	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1668 wrote to memory of 2744	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1668 wrote to memory of 2744	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1668 wrote to memory of 2676	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1668 wrote to memory of 2676	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1668 wrote to memory of 2676	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1668 wrote to memory of 2712	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1668 wrote to memory of 2712	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1668 wrote to memory of 2712	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1668 wrote to memory of 2688	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1668 wrote to memory of 2688	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1668 wrote to memory of 2688	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1668 wrote to memory of 2552	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1668 wrote to memory of 2552	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1668 wrote to memory of 2552	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1668 wrote to memory of 2304	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1668 wrote to memory of 2304	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1668 wrote to memory of 2304	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1668 wrote to memory of 2180	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1668 wrote to memory of 2180	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1668 wrote to memory of 2180	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1668 wrote to memory of 1848	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1668 wrote to memory of 1848	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1668 wrote to memory of 1848	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1668 wrote to memory of 1988	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1668 wrote to memory of 1988	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1668 wrote to memory of 1988	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1668 wrote to memory of 1196	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1668 wrote to memory of 1196	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1668 wrote to memory of 1196	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1668 wrote to memory of 736	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1668 wrote to memory of 736	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1668 wrote to memory of 736	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1668 wrote to memory of 2364	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1668 wrote to memory of 2364	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1668 wrote to memory of 2364	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1668 wrote to memory of 1260	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1668 wrote to memory of 1260	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1668 wrote to memory of 1260	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1668 wrote to memory of 316	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1668 wrote to memory of 316	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1668 wrote to memory of 316	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1668 wrote to memory of 1020	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1668 wrote to memory of 1020	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1668 wrote to memory of 1020	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1668 wrote to memory of 2776	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1668 wrote to memory of 2776	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1668 wrote to memory of 2776	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1668 wrote to memory of 2608	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1668 wrote to memory of 2608	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1668 wrote to memory of 2608	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1668 wrote to memory of 3008	1668	2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_95d63367894c26c1091f5e9b83913a0d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\System\hYArBPt.exe
  C:\Windows\System\hYArBPt.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\dMfMpXT.exe
  C:\Windows\System\dMfMpXT.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\TcETyAf.exe
  C:\Windows\System\TcETyAf.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\OaSTAxM.exe
  C:\Windows\System\OaSTAxM.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\roOpCRe.exe
  C:\Windows\System\roOpCRe.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\DjAMVxL.exe
  C:\Windows\System\DjAMVxL.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\TvhBkKC.exe
  C:\Windows\System\TvhBkKC.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\gRctQUp.exe
  C:\Windows\System\gRctQUp.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\rdtdegW.exe
  C:\Windows\System\rdtdegW.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\XOCPtcC.exe
  C:\Windows\System\XOCPtcC.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\dHHmIUr.exe
  C:\Windows\System\dHHmIUr.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\jAiENzn.exe
  C:\Windows\System\jAiENzn.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\oXAOkPe.exe
  C:\Windows\System\oXAOkPe.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\pzVDjQO.exe
  C:\Windows\System\pzVDjQO.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\sIOsNYN.exe
  C:\Windows\System\sIOsNYN.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\cPJrvlU.exe
  C:\Windows\System\cPJrvlU.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\iDrfTcv.exe
  C:\Windows\System\iDrfTcv.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\jZPLgwS.exe
  C:\Windows\System\jZPLgwS.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\pNvdcQd.exe
  C:\Windows\System\pNvdcQd.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\HssCSZW.exe
  C:\Windows\System\HssCSZW.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\HnafRXM.exe
  C:\Windows\System\HnafRXM.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\NkbfTWu.exe
  C:\Windows\System\NkbfTWu.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\xVuSzZB.exe
  C:\Windows\System\xVuSzZB.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\AtQHLwS.exe
  C:\Windows\System\AtQHLwS.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\fEPIvdj.exe
  C:\Windows\System\fEPIvdj.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\VWucMqu.exe
  C:\Windows\System\VWucMqu.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\XZoPYXW.exe
  C:\Windows\System\XZoPYXW.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\CFzpLcn.exe
  C:\Windows\System\CFzpLcn.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\OycfwFY.exe
  C:\Windows\System\OycfwFY.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\UCTAOuV.exe
  C:\Windows\System\UCTAOuV.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\Bvgerzy.exe
  C:\Windows\System\Bvgerzy.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\gMroxVO.exe
  C:\Windows\System\gMroxVO.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\EvEYgkW.exe
  C:\Windows\System\EvEYgkW.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\tJRdCRn.exe
  C:\Windows\System\tJRdCRn.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\RFbZoNE.exe
  C:\Windows\System\RFbZoNE.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\EyUvLJB.exe
  C:\Windows\System\EyUvLJB.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\KGpbGNL.exe
  C:\Windows\System\KGpbGNL.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\CecSuNn.exe
  C:\Windows\System\CecSuNn.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\bJoBjen.exe
  C:\Windows\System\bJoBjen.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\KCeBFlF.exe
  C:\Windows\System\KCeBFlF.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\YgFprtw.exe
  C:\Windows\System\YgFprtw.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\NqSteLj.exe
  C:\Windows\System\NqSteLj.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\BQRHhLf.exe
  C:\Windows\System\BQRHhLf.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\rRWPdPH.exe
  C:\Windows\System\rRWPdPH.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\lrShrAm.exe
  C:\Windows\System\lrShrAm.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\vZXDDGt.exe
  C:\Windows\System\vZXDDGt.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\wgPhAZx.exe
  C:\Windows\System\wgPhAZx.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\xevWQhD.exe
  C:\Windows\System\xevWQhD.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\hVilbQa.exe
  C:\Windows\System\hVilbQa.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\IIrjSBy.exe
  C:\Windows\System\IIrjSBy.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\AONafoX.exe
  C:\Windows\System\AONafoX.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\XhuUGKu.exe
  C:\Windows\System\XhuUGKu.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\oXwnrWG.exe
  C:\Windows\System\oXwnrWG.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\McECMgY.exe
  C:\Windows\System\McECMgY.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\oUvbFNS.exe
  C:\Windows\System\oUvbFNS.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\OCkhkwK.exe
  C:\Windows\System\OCkhkwK.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\claEpXc.exe
  C:\Windows\System\claEpXc.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\zwAmJzM.exe
  C:\Windows\System\zwAmJzM.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\PLJpqva.exe
  C:\Windows\System\PLJpqva.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\uMLogOJ.exe
  C:\Windows\System\uMLogOJ.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\QWwBUxj.exe
  C:\Windows\System\QWwBUxj.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\JtQegYl.exe
  C:\Windows\System\JtQegYl.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\YLdFaoQ.exe
  C:\Windows\System\YLdFaoQ.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\yddVcYy.exe
  C:\Windows\System\yddVcYy.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\szzACcY.exe
  C:\Windows\System\szzACcY.exe
  2⤵
  PID:1636
- C:\Windows\System\jdgJJtV.exe
  C:\Windows\System\jdgJJtV.exe
  2⤵
  PID:2856
- C:\Windows\System\FRDUfhb.exe
  C:\Windows\System\FRDUfhb.exe
  2⤵
  PID:2644
- C:\Windows\System\YbWLrIK.exe
  C:\Windows\System\YbWLrIK.exe
  2⤵
  PID:448
- C:\Windows\System\OqvKrQw.exe
  C:\Windows\System\OqvKrQw.exe
  2⤵
  PID:1632
- C:\Windows\System\zzFfUsM.exe
  C:\Windows\System\zzFfUsM.exe
  2⤵
  PID:2840
- C:\Windows\System\PDdbHxn.exe
  C:\Windows\System\PDdbHxn.exe
  2⤵
  PID:3032
- C:\Windows\System\cVWAJrA.exe
  C:\Windows\System\cVWAJrA.exe
  2⤵
  PID:840
- C:\Windows\System\StRJHGI.exe
  C:\Windows\System\StRJHGI.exe
  2⤵
  PID:2436
- C:\Windows\System\OWXdVdS.exe
  C:\Windows\System\OWXdVdS.exe
  2⤵
  PID:960
- C:\Windows\System\oPYtTPP.exe
  C:\Windows\System\oPYtTPP.exe
  2⤵
  PID:1584
- C:\Windows\System\TJpndWm.exe
  C:\Windows\System\TJpndWm.exe
  2⤵
  PID:1440
- C:\Windows\System\UvhKVne.exe
  C:\Windows\System\UvhKVne.exe
  2⤵
  PID:1292
- C:\Windows\System\svnQled.exe
  C:\Windows\System\svnQled.exe
  2⤵
  PID:2408
- C:\Windows\System\qXCAyFM.exe
  C:\Windows\System\qXCAyFM.exe
  2⤵
  PID:2252
- C:\Windows\System\wcnRsZw.exe
  C:\Windows\System\wcnRsZw.exe
  2⤵
  PID:996
- C:\Windows\System\UkXMvCr.exe
  C:\Windows\System\UkXMvCr.exe
  2⤵
  PID:1672
- C:\Windows\System\UOWDnuK.exe
  C:\Windows\System\UOWDnuK.exe
  2⤵
  PID:2984
- C:\Windows\System\zZuraRV.exe
  C:\Windows\System\zZuraRV.exe
  2⤵
  PID:3000
- C:\Windows\System\JljANsE.exe
  C:\Windows\System\JljANsE.exe
  2⤵
  PID:2092
- C:\Windows\System\gAgKvQz.exe
  C:\Windows\System\gAgKvQz.exe
  2⤵
  PID:2708
- C:\Windows\System\vyWGoRt.exe
  C:\Windows\System\vyWGoRt.exe
  2⤵
  PID:2584
- C:\Windows\System\kpxixdR.exe
  C:\Windows\System\kpxixdR.exe
  2⤵
  PID:2296
- C:\Windows\System\OOVIzjr.exe
  C:\Windows\System\OOVIzjr.exe
  2⤵
  PID:2568
- C:\Windows\System\ZHxqnwo.exe
  C:\Windows\System\ZHxqnwo.exe
  2⤵
  PID:1904
- C:\Windows\System\bhteYkt.exe
  C:\Windows\System\bhteYkt.exe
  2⤵
  PID:1540
- C:\Windows\System\FjTiXXp.exe
  C:\Windows\System\FjTiXXp.exe
  2⤵
  PID:2616
- C:\Windows\System\pBQGCZV.exe
  C:\Windows\System\pBQGCZV.exe
  2⤵
  PID:2120
- C:\Windows\System\FwbrQde.exe
  C:\Windows\System\FwbrQde.exe
  2⤵
  PID:2904
- C:\Windows\System\BZAnPqA.exe
  C:\Windows\System\BZAnPqA.exe
  2⤵
  PID:1976
- C:\Windows\System\VFBHGFH.exe
  C:\Windows\System\VFBHGFH.exe
  2⤵
  PID:964
- C:\Windows\System\NVWbUkj.exe
  C:\Windows\System\NVWbUkj.exe
  2⤵
  PID:980
- C:\Windows\System\twXXAoS.exe
  C:\Windows\System\twXXAoS.exe
  2⤵
  PID:1444
- C:\Windows\System\GAQCycQ.exe
  C:\Windows\System\GAQCycQ.exe
  2⤵
  PID:884
- C:\Windows\System\pFwKleH.exe
  C:\Windows\System\pFwKleH.exe
  2⤵
  PID:1652
- C:\Windows\System\lRMyYss.exe
  C:\Windows\System\lRMyYss.exe
  2⤵
  PID:880
- C:\Windows\System\vpSFcXp.exe
  C:\Windows\System\vpSFcXp.exe
  2⤵
  PID:2188
- C:\Windows\System\gRezgfF.exe
  C:\Windows\System\gRezgfF.exe
  2⤵
  PID:1696
- C:\Windows\System\XubITTw.exe
  C:\Windows\System\XubITTw.exe
  2⤵
  PID:1496
- C:\Windows\System\ZNyLyBi.exe
  C:\Windows\System\ZNyLyBi.exe
  2⤵
  PID:2596
- C:\Windows\System\DIPyZbS.exe
  C:\Windows\System\DIPyZbS.exe
  2⤵
  PID:1948
- C:\Windows\System\YMKQQfY.exe
  C:\Windows\System\YMKQQfY.exe
  2⤵
  PID:1888
- C:\Windows\System\kWhkmFz.exe
  C:\Windows\System\kWhkmFz.exe
  2⤵
  PID:2848
- C:\Windows\System\iyjTKgp.exe
  C:\Windows\System\iyjTKgp.exe
  2⤵
  PID:2228
- C:\Windows\System\onVRQNY.exe
  C:\Windows\System\onVRQNY.exe
  2⤵
  PID:2160
- C:\Windows\System\quAKqyk.exe
  C:\Windows\System\quAKqyk.exe
  2⤵
  PID:836
- C:\Windows\System\TmTEkCK.exe
  C:\Windows\System\TmTEkCK.exe
  2⤵
  PID:1116
- C:\Windows\System\JUhankr.exe
  C:\Windows\System\JUhankr.exe
  2⤵
  PID:2088
- C:\Windows\System\AJeNVRj.exe
  C:\Windows\System\AJeNVRj.exe
  2⤵
  PID:1360
- C:\Windows\System\ctzrRbh.exe
  C:\Windows\System\ctzrRbh.exe
  2⤵
  PID:2072
- C:\Windows\System\ByCJZHS.exe
  C:\Windows\System\ByCJZHS.exe
  2⤵
  PID:352
- C:\Windows\System\rcqpQAI.exe
  C:\Windows\System\rcqpQAI.exe
  2⤵
  PID:3084
- C:\Windows\System\ualAbOZ.exe
  C:\Windows\System\ualAbOZ.exe
  2⤵
  PID:3104
- C:\Windows\System\QcjsgQk.exe
  C:\Windows\System\QcjsgQk.exe
  2⤵
  PID:3124
- C:\Windows\System\qgAYwnK.exe
  C:\Windows\System\qgAYwnK.exe
  2⤵
  PID:3144
- C:\Windows\System\Uqmuosp.exe
  C:\Windows\System\Uqmuosp.exe
  2⤵
  PID:3164
- C:\Windows\System\KxLDKQY.exe
  C:\Windows\System\KxLDKQY.exe
  2⤵
  PID:3184
- C:\Windows\System\CYXWYjv.exe
  C:\Windows\System\CYXWYjv.exe
  2⤵
  PID:3204
- C:\Windows\System\SLLSzdO.exe
  C:\Windows\System\SLLSzdO.exe
  2⤵
  PID:3224
- C:\Windows\System\BRCJwxm.exe
  C:\Windows\System\BRCJwxm.exe
  2⤵
  PID:3244
- C:\Windows\System\dHkUkis.exe
  C:\Windows\System\dHkUkis.exe
  2⤵
  PID:3264
- C:\Windows\System\GJbyKau.exe
  C:\Windows\System\GJbyKau.exe
  2⤵
  PID:3284
- C:\Windows\System\mQaFMOK.exe
  C:\Windows\System\mQaFMOK.exe
  2⤵
  PID:3304
- C:\Windows\System\Qsbzhpg.exe
  C:\Windows\System\Qsbzhpg.exe
  2⤵
  PID:3324
- C:\Windows\System\zXmioBZ.exe
  C:\Windows\System\zXmioBZ.exe
  2⤵
  PID:3344
- C:\Windows\System\PAkNFRI.exe
  C:\Windows\System\PAkNFRI.exe
  2⤵
  PID:3360
- C:\Windows\System\jtKakKc.exe
  C:\Windows\System\jtKakKc.exe
  2⤵
  PID:3384
- C:\Windows\System\ClmlfLf.exe
  C:\Windows\System\ClmlfLf.exe
  2⤵
  PID:3404
- C:\Windows\System\jXbaXIe.exe
  C:\Windows\System\jXbaXIe.exe
  2⤵
  PID:3424
- C:\Windows\System\uoojRKH.exe
  C:\Windows\System\uoojRKH.exe
  2⤵
  PID:3444
- C:\Windows\System\GtXYUfc.exe
  C:\Windows\System\GtXYUfc.exe
  2⤵
  PID:3464
- C:\Windows\System\yEILmow.exe
  C:\Windows\System\yEILmow.exe
  2⤵
  PID:3484
- C:\Windows\System\tZWItSp.exe
  C:\Windows\System\tZWItSp.exe
  2⤵
  PID:3504
- C:\Windows\System\GymLKgL.exe
  C:\Windows\System\GymLKgL.exe
  2⤵
  PID:3524
- C:\Windows\System\oDvXpEP.exe
  C:\Windows\System\oDvXpEP.exe
  2⤵
  PID:3544
- C:\Windows\System\inglrBE.exe
  C:\Windows\System\inglrBE.exe
  2⤵
  PID:3560
- C:\Windows\System\RqhbypH.exe
  C:\Windows\System\RqhbypH.exe
  2⤵
  PID:3584
- C:\Windows\System\OzBoFbI.exe
  C:\Windows\System\OzBoFbI.exe
  2⤵
  PID:3604
- C:\Windows\System\bAbHpta.exe
  C:\Windows\System\bAbHpta.exe
  2⤵
  PID:3624
- C:\Windows\System\RZkmZvR.exe
  C:\Windows\System\RZkmZvR.exe
  2⤵
  PID:3644
- C:\Windows\System\MyffAHq.exe
  C:\Windows\System\MyffAHq.exe
  2⤵
  PID:3664
- C:\Windows\System\riDKSRL.exe
  C:\Windows\System\riDKSRL.exe
  2⤵
  PID:3684
- C:\Windows\System\CMEqIFf.exe
  C:\Windows\System\CMEqIFf.exe
  2⤵
  PID:3704
- C:\Windows\System\jjnMOGo.exe
  C:\Windows\System\jjnMOGo.exe
  2⤵
  PID:3724
- C:\Windows\System\fZwoJDW.exe
  C:\Windows\System\fZwoJDW.exe
  2⤵
  PID:3744
- C:\Windows\System\QGWLTwC.exe
  C:\Windows\System\QGWLTwC.exe
  2⤵
  PID:3764
- C:\Windows\System\qKpItVI.exe
  C:\Windows\System\qKpItVI.exe
  2⤵
  PID:3784
- C:\Windows\System\CZQmzDt.exe
  C:\Windows\System\CZQmzDt.exe
  2⤵
  PID:3804
- C:\Windows\System\jzcqljY.exe
  C:\Windows\System\jzcqljY.exe
  2⤵
  PID:3824
- C:\Windows\System\qqDvAnt.exe
  C:\Windows\System\qqDvAnt.exe
  2⤵
  PID:3844
- C:\Windows\System\BslsKgJ.exe
  C:\Windows\System\BslsKgJ.exe
  2⤵
  PID:3864
- C:\Windows\System\feehnCJ.exe
  C:\Windows\System\feehnCJ.exe
  2⤵
  PID:3884
- C:\Windows\System\JMEuPXN.exe
  C:\Windows\System\JMEuPXN.exe
  2⤵
  PID:3904
- C:\Windows\System\GNhYmsQ.exe
  C:\Windows\System\GNhYmsQ.exe
  2⤵
  PID:3924
- C:\Windows\System\oszSHei.exe
  C:\Windows\System\oszSHei.exe
  2⤵
  PID:3944
- C:\Windows\System\rNHnCER.exe
  C:\Windows\System\rNHnCER.exe
  2⤵
  PID:3964
- C:\Windows\System\OmytGYZ.exe
  C:\Windows\System\OmytGYZ.exe
  2⤵
  PID:3984
- C:\Windows\System\FLtGGYp.exe
  C:\Windows\System\FLtGGYp.exe
  2⤵
  PID:4004
- C:\Windows\System\PtEghhf.exe
  C:\Windows\System\PtEghhf.exe
  2⤵
  PID:4024
- C:\Windows\System\kxZXnPq.exe
  C:\Windows\System\kxZXnPq.exe
  2⤵
  PID:4044
- C:\Windows\System\VvVwyOX.exe
  C:\Windows\System\VvVwyOX.exe
  2⤵
  PID:4064
- C:\Windows\System\JMlmfou.exe
  C:\Windows\System\JMlmfou.exe
  2⤵
  PID:4084
- C:\Windows\System\aJeiRKn.exe
  C:\Windows\System\aJeiRKn.exe
  2⤵
  PID:1704
- C:\Windows\System\FYhaTTc.exe
  C:\Windows\System\FYhaTTc.exe
  2⤵
  PID:1096
- C:\Windows\System\Rtaqsii.exe
  C:\Windows\System\Rtaqsii.exe
  2⤵
  PID:2916
- C:\Windows\System\ZBAcCZA.exe
  C:\Windows\System\ZBAcCZA.exe
  2⤵
  PID:1764
- C:\Windows\System\xzwoqQw.exe
  C:\Windows\System\xzwoqQw.exe
  2⤵
  PID:336
- C:\Windows\System\dFQpgYm.exe
  C:\Windows\System\dFQpgYm.exe
  2⤵
  PID:2548
- C:\Windows\System\IWqmBsa.exe
  C:\Windows\System\IWqmBsa.exe
  2⤵
  PID:3100
- C:\Windows\System\wfhOqFJ.exe
  C:\Windows\System\wfhOqFJ.exe
  2⤵
  PID:3140
- C:\Windows\System\uNwySeF.exe
  C:\Windows\System\uNwySeF.exe
  2⤵
  PID:3172
- C:\Windows\System\bmwetxs.exe
  C:\Windows\System\bmwetxs.exe
  2⤵
  PID:3192
- C:\Windows\System\LViXVeo.exe
  C:\Windows\System\LViXVeo.exe
  2⤵
  PID:3196
- C:\Windows\System\ZNWOAKI.exe
  C:\Windows\System\ZNWOAKI.exe
  2⤵
  PID:3240
- C:\Windows\System\HwxAOfi.exe
  C:\Windows\System\HwxAOfi.exe
  2⤵
  PID:3296
- C:\Windows\System\LIuhLNO.exe
  C:\Windows\System\LIuhLNO.exe
  2⤵
  PID:3320
- C:\Windows\System\OYhsrDN.exe
  C:\Windows\System\OYhsrDN.exe
  2⤵
  PID:3372
- C:\Windows\System\virEZOL.exe
  C:\Windows\System\virEZOL.exe
  2⤵
  PID:3412
- C:\Windows\System\NKCwlUk.exe
  C:\Windows\System\NKCwlUk.exe
  2⤵
  PID:3416
- C:\Windows\System\eVqYEIB.exe
  C:\Windows\System\eVqYEIB.exe
  2⤵
  PID:3440
- C:\Windows\System\bdQghwn.exe
  C:\Windows\System\bdQghwn.exe
  2⤵
  PID:3496
- C:\Windows\System\ySkeSNn.exe
  C:\Windows\System\ySkeSNn.exe
  2⤵
  PID:3536
- C:\Windows\System\CGlCTxS.exe
  C:\Windows\System\CGlCTxS.exe
  2⤵
  PID:3572
- C:\Windows\System\bKmZKfF.exe
  C:\Windows\System\bKmZKfF.exe
  2⤵
  PID:3592
- C:\Windows\System\krbkPgF.exe
  C:\Windows\System\krbkPgF.exe
  2⤵
  PID:3596
- C:\Windows\System\PJiQqCe.exe
  C:\Windows\System\PJiQqCe.exe
  2⤵
  PID:3636
- C:\Windows\System\DpULoqL.exe
  C:\Windows\System\DpULoqL.exe
  2⤵
  PID:3696
- C:\Windows\System\fRDkVvy.exe
  C:\Windows\System\fRDkVvy.exe
  2⤵
  PID:3732
- C:\Windows\System\qjubtsJ.exe
  C:\Windows\System\qjubtsJ.exe
  2⤵
  PID:3772
- C:\Windows\System\BqOyBxz.exe
  C:\Windows\System\BqOyBxz.exe
  2⤵
  PID:3792
- C:\Windows\System\QpSQVdK.exe
  C:\Windows\System\QpSQVdK.exe
  2⤵
  PID:3796
- C:\Windows\System\Evvpcay.exe
  C:\Windows\System\Evvpcay.exe
  2⤵
  PID:3840
- C:\Windows\System\aHuTrlQ.exe
  C:\Windows\System\aHuTrlQ.exe
  2⤵
  PID:3872
- C:\Windows\System\ZevRjHN.exe
  C:\Windows\System\ZevRjHN.exe
  2⤵
  PID:3936
- C:\Windows\System\msxyGkT.exe
  C:\Windows\System\msxyGkT.exe
  2⤵
  PID:3960
- C:\Windows\System\xRwGDuY.exe
  C:\Windows\System\xRwGDuY.exe
  2⤵
  PID:3992
- C:\Windows\System\rjPRaqV.exe
  C:\Windows\System\rjPRaqV.exe
  2⤵
  PID:4032
- C:\Windows\System\rUEJNdg.exe
  C:\Windows\System\rUEJNdg.exe
  2⤵
  PID:4060
- C:\Windows\System\uGxCwaI.exe
  C:\Windows\System\uGxCwaI.exe
  2⤵
  PID:2580
- C:\Windows\System\gbYcOao.exe
  C:\Windows\System\gbYcOao.exe
  2⤵
  PID:2200
- C:\Windows\System\VFoTepc.exe
  C:\Windows\System\VFoTepc.exe
  2⤵
  PID:904
- C:\Windows\System\oZBBSTI.exe
  C:\Windows\System\oZBBSTI.exe
  2⤵
  PID:1504
- C:\Windows\System\cBAHeUH.exe
  C:\Windows\System\cBAHeUH.exe
  2⤵
  PID:3076
- C:\Windows\System\voToZya.exe
  C:\Windows\System\voToZya.exe
  2⤵
  PID:3136
- C:\Windows\System\xxYhmLI.exe
  C:\Windows\System\xxYhmLI.exe
  2⤵
  PID:3200
- C:\Windows\System\XxbyBth.exe
  C:\Windows\System\XxbyBth.exe
  2⤵
  PID:3260
- C:\Windows\System\LupBNlk.exe
  C:\Windows\System\LupBNlk.exe
  2⤵
  PID:3340
- C:\Windows\System\tuzzgjj.exe
  C:\Windows\System\tuzzgjj.exe
  2⤵
  PID:3356
- C:\Windows\System\HFwPLCe.exe
  C:\Windows\System\HFwPLCe.exe
  2⤵
  PID:3380
- C:\Windows\System\ZqSODCm.exe
  C:\Windows\System\ZqSODCm.exe
  2⤵
  PID:3500
- C:\Windows\System\xcBAnQK.exe
  C:\Windows\System\xcBAnQK.exe
  2⤵
  PID:3516
- C:\Windows\System\AkKkbAT.exe
  C:\Windows\System\AkKkbAT.exe
  2⤵
  PID:3616
- C:\Windows\System\EgfxRkW.exe
  C:\Windows\System\EgfxRkW.exe
  2⤵
  PID:3692
- C:\Windows\System\LCEFMMS.exe
  C:\Windows\System\LCEFMMS.exe
  2⤵
  PID:3716
- C:\Windows\System\yVSbYqd.exe
  C:\Windows\System\yVSbYqd.exe
  2⤵
  PID:3736
- C:\Windows\System\kBIyydc.exe
  C:\Windows\System\kBIyydc.exe
  2⤵
  PID:3760
- C:\Windows\System\PThKTJc.exe
  C:\Windows\System\PThKTJc.exe
  2⤵
  PID:3860
- C:\Windows\System\Piafmmc.exe
  C:\Windows\System\Piafmmc.exe
  2⤵
  PID:3940
- C:\Windows\System\XkyweCA.exe
  C:\Windows\System\XkyweCA.exe
  2⤵
  PID:3996
- C:\Windows\System\zQDPZEM.exe
  C:\Windows\System\zQDPZEM.exe
  2⤵
  PID:4072
- C:\Windows\System\iCWFpjW.exe
  C:\Windows\System\iCWFpjW.exe
  2⤵
  PID:4052
- C:\Windows\System\qlMTeJf.exe
  C:\Windows\System\qlMTeJf.exe
  2⤵
  PID:3056
- C:\Windows\System\qsOWCAX.exe
  C:\Windows\System\qsOWCAX.exe
  2⤵
  PID:1716
- C:\Windows\System\wbuSPwO.exe
  C:\Windows\System\wbuSPwO.exe
  2⤵
  PID:3160
- C:\Windows\System\IRXjMue.exe
  C:\Windows\System\IRXjMue.exe
  2⤵
  PID:3256
- C:\Windows\System\qJAIstu.exe
  C:\Windows\System\qJAIstu.exe
  2⤵
  PID:3332
- C:\Windows\System\ZUGWohS.exe
  C:\Windows\System\ZUGWohS.exe
  2⤵
  PID:3472
- C:\Windows\System\LVOtThL.exe
  C:\Windows\System\LVOtThL.exe
  2⤵
  PID:3456
- C:\Windows\System\XvWomjF.exe
  C:\Windows\System\XvWomjF.exe
  2⤵
  PID:3652
- C:\Windows\System\wROwUUm.exe
  C:\Windows\System\wROwUUm.exe
  2⤵
  PID:3660
- C:\Windows\System\wPhlCJh.exe
  C:\Windows\System\wPhlCJh.exe
  2⤵
  PID:3816
- C:\Windows\System\YFLSsgq.exe
  C:\Windows\System\YFLSsgq.exe
  2⤵
  PID:4108
- C:\Windows\System\CciDRUK.exe
  C:\Windows\System\CciDRUK.exe
  2⤵
  PID:4132
- C:\Windows\System\dOOdgCt.exe
  C:\Windows\System\dOOdgCt.exe
  2⤵
  PID:4152
- C:\Windows\System\BNyudpL.exe
  C:\Windows\System\BNyudpL.exe
  2⤵
  PID:4172
- C:\Windows\System\OjDxXCi.exe
  C:\Windows\System\OjDxXCi.exe
  2⤵
  PID:4192
- C:\Windows\System\VjcwHCP.exe
  C:\Windows\System\VjcwHCP.exe
  2⤵
  PID:4212
- C:\Windows\System\svreGfY.exe
  C:\Windows\System\svreGfY.exe
  2⤵
  PID:4232
- C:\Windows\System\OODvMnO.exe
  C:\Windows\System\OODvMnO.exe
  2⤵
  PID:4252
- C:\Windows\System\GqaaYWO.exe
  C:\Windows\System\GqaaYWO.exe
  2⤵
  PID:4272
- C:\Windows\System\rKUZeZJ.exe
  C:\Windows\System\rKUZeZJ.exe
  2⤵
  PID:4292
- C:\Windows\System\eZfSVvg.exe
  C:\Windows\System\eZfSVvg.exe
  2⤵
  PID:4312
- C:\Windows\System\CFFhYBx.exe
  C:\Windows\System\CFFhYBx.exe
  2⤵
  PID:4332
- C:\Windows\System\THuSTCy.exe
  C:\Windows\System\THuSTCy.exe
  2⤵
  PID:4352
- C:\Windows\System\IrlzuLF.exe
  C:\Windows\System\IrlzuLF.exe
  2⤵
  PID:4372
- C:\Windows\System\YIsungc.exe
  C:\Windows\System\YIsungc.exe
  2⤵
  PID:4388
- C:\Windows\System\gNtbzeG.exe
  C:\Windows\System\gNtbzeG.exe
  2⤵
  PID:4412
- C:\Windows\System\QtDLNAw.exe
  C:\Windows\System\QtDLNAw.exe
  2⤵
  PID:4432
- C:\Windows\System\AmtQqjK.exe
  C:\Windows\System\AmtQqjK.exe
  2⤵
  PID:4452
- C:\Windows\System\vXOIPOR.exe
  C:\Windows\System\vXOIPOR.exe
  2⤵
  PID:4472
- C:\Windows\System\fcDAmiH.exe
  C:\Windows\System\fcDAmiH.exe
  2⤵
  PID:4492
- C:\Windows\System\YyyChbZ.exe
  C:\Windows\System\YyyChbZ.exe
  2⤵
  PID:4512
- C:\Windows\System\QVjKzvM.exe
  C:\Windows\System\QVjKzvM.exe
  2⤵
  PID:4532
- C:\Windows\System\ggjvgHX.exe
  C:\Windows\System\ggjvgHX.exe
  2⤵
  PID:4552
- C:\Windows\System\abiuRNo.exe
  C:\Windows\System\abiuRNo.exe
  2⤵
  PID:4572
- C:\Windows\System\ZrVHoLX.exe
  C:\Windows\System\ZrVHoLX.exe
  2⤵
  PID:4592
- C:\Windows\System\jGXICPY.exe
  C:\Windows\System\jGXICPY.exe
  2⤵
  PID:4612
- C:\Windows\System\ANOaKri.exe
  C:\Windows\System\ANOaKri.exe
  2⤵
  PID:4636
- C:\Windows\System\EoHfWxk.exe
  C:\Windows\System\EoHfWxk.exe
  2⤵
  PID:4656
- C:\Windows\System\KeLtDhx.exe
  C:\Windows\System\KeLtDhx.exe
  2⤵
  PID:4676
- C:\Windows\System\hKZgMhL.exe
  C:\Windows\System\hKZgMhL.exe
  2⤵
  PID:4696
- C:\Windows\System\jKpzFWC.exe
  C:\Windows\System\jKpzFWC.exe
  2⤵
  PID:4716
- C:\Windows\System\usRxOdS.exe
  C:\Windows\System\usRxOdS.exe
  2⤵
  PID:4736
- C:\Windows\System\nXNCTjj.exe
  C:\Windows\System\nXNCTjj.exe
  2⤵
  PID:4756
- C:\Windows\System\FvZAKlx.exe
  C:\Windows\System\FvZAKlx.exe
  2⤵
  PID:4776
- C:\Windows\System\tphVAyk.exe
  C:\Windows\System\tphVAyk.exe
  2⤵
  PID:4796
- C:\Windows\System\VoCCQHG.exe
  C:\Windows\System\VoCCQHG.exe
  2⤵
  PID:4816
- C:\Windows\System\QfladpE.exe
  C:\Windows\System\QfladpE.exe
  2⤵
  PID:4836
- C:\Windows\System\VtGIPSg.exe
  C:\Windows\System\VtGIPSg.exe
  2⤵
  PID:4856
- C:\Windows\System\hPWejyL.exe
  C:\Windows\System\hPWejyL.exe
  2⤵
  PID:4876
- C:\Windows\System\FDsgSGv.exe
  C:\Windows\System\FDsgSGv.exe
  2⤵
  PID:4896
- C:\Windows\System\SiwLIvE.exe
  C:\Windows\System\SiwLIvE.exe
  2⤵
  PID:4916
- C:\Windows\System\xwNqEfT.exe
  C:\Windows\System\xwNqEfT.exe
  2⤵
  PID:4936
- C:\Windows\System\WATfSzt.exe
  C:\Windows\System\WATfSzt.exe
  2⤵
  PID:4956
- C:\Windows\System\GbKWXmi.exe
  C:\Windows\System\GbKWXmi.exe
  2⤵
  PID:4976
- C:\Windows\System\jpOmaaO.exe
  C:\Windows\System\jpOmaaO.exe
  2⤵
  PID:4996
- C:\Windows\System\VuXtqYj.exe
  C:\Windows\System\VuXtqYj.exe
  2⤵
  PID:5016
- C:\Windows\System\WpbrnBH.exe
  C:\Windows\System\WpbrnBH.exe
  2⤵
  PID:5040
- C:\Windows\System\xVJWaNe.exe
  C:\Windows\System\xVJWaNe.exe
  2⤵
  PID:5060
- C:\Windows\System\KsTVGIN.exe
  C:\Windows\System\KsTVGIN.exe
  2⤵
  PID:5080
- C:\Windows\System\GKbaOBY.exe
  C:\Windows\System\GKbaOBY.exe
  2⤵
  PID:5100
- C:\Windows\System\zRQYAwu.exe
  C:\Windows\System\zRQYAwu.exe
  2⤵
  PID:3776
- C:\Windows\System\NFZbzNt.exe
  C:\Windows\System\NFZbzNt.exe
  2⤵
  PID:3912
- C:\Windows\System\FLKLavf.exe
  C:\Windows\System\FLKLavf.exe
  2⤵
  PID:4092
- C:\Windows\System\yiDzCay.exe
  C:\Windows\System\yiDzCay.exe
  2⤵
  PID:1664
- C:\Windows\System\kazoJrV.exe
  C:\Windows\System\kazoJrV.exe
  2⤵
  PID:2808
- C:\Windows\System\zCLEytT.exe
  C:\Windows\System\zCLEytT.exe
  2⤵
  PID:3220
- C:\Windows\System\ndMvuxR.exe
  C:\Windows\System\ndMvuxR.exe
  2⤵
  PID:3376
- C:\Windows\System\WinSFCW.exe
  C:\Windows\System\WinSFCW.exe
  2⤵
  PID:3620
- C:\Windows\System\LzsAeFg.exe
  C:\Windows\System\LzsAeFg.exe
  2⤵
  PID:3680
- C:\Windows\System\YwbXFrz.exe
  C:\Windows\System\YwbXFrz.exe
  2⤵
  PID:3892
- C:\Windows\System\nhWhbAq.exe
  C:\Windows\System\nhWhbAq.exe
  2⤵
  PID:4140
- C:\Windows\System\hHKEoXL.exe
  C:\Windows\System\hHKEoXL.exe
  2⤵
  PID:4164
- C:\Windows\System\YMpcJTk.exe
  C:\Windows\System\YMpcJTk.exe
  2⤵
  PID:4204
- C:\Windows\System\ILdiKST.exe
  C:\Windows\System\ILdiKST.exe
  2⤵
  PID:4224
- C:\Windows\System\aRikyaY.exe
  C:\Windows\System\aRikyaY.exe
  2⤵
  PID:4288
- C:\Windows\System\KVJzhcu.exe
  C:\Windows\System\KVJzhcu.exe
  2⤵
  PID:4320
- C:\Windows\System\DaoFXbE.exe
  C:\Windows\System\DaoFXbE.exe
  2⤵
  PID:4340
- C:\Windows\System\znMUObs.exe
  C:\Windows\System\znMUObs.exe
  2⤵
  PID:4344
- C:\Windows\System\MvYFVUh.exe
  C:\Windows\System\MvYFVUh.exe
  2⤵
  PID:4408
- C:\Windows\System\XuqumlU.exe
  C:\Windows\System\XuqumlU.exe
  2⤵
  PID:4444
- C:\Windows\System\dFXCMhQ.exe
  C:\Windows\System\dFXCMhQ.exe
  2⤵
  PID:4480
- C:\Windows\System\YGPOZZL.exe
  C:\Windows\System\YGPOZZL.exe
  2⤵
  PID:2240
- C:\Windows\System\FhwqDRl.exe
  C:\Windows\System\FhwqDRl.exe
  2⤵
  PID:4504
- C:\Windows\System\VWhnVYq.exe
  C:\Windows\System\VWhnVYq.exe
  2⤵
  PID:4560
- C:\Windows\System\QZAyuQI.exe
  C:\Windows\System\QZAyuQI.exe
  2⤵
  PID:4584
- C:\Windows\System\ENQosUd.exe
  C:\Windows\System\ENQosUd.exe
  2⤵
  PID:4620
- C:\Windows\System\pcDVetf.exe
  C:\Windows\System\pcDVetf.exe
  2⤵
  PID:4652
- C:\Windows\System\ZhkRYhx.exe
  C:\Windows\System\ZhkRYhx.exe
  2⤵
  PID:4688
- C:\Windows\System\cNKSsUh.exe
  C:\Windows\System\cNKSsUh.exe
  2⤵
  PID:4712
- C:\Windows\System\MWnsDLb.exe
  C:\Windows\System\MWnsDLb.exe
  2⤵
  PID:4768
- C:\Windows\System\RyUjmlw.exe
  C:\Windows\System\RyUjmlw.exe
  2⤵
  PID:4812
- C:\Windows\System\zsVsRfs.exe
  C:\Windows\System\zsVsRfs.exe
  2⤵
  PID:4852
- C:\Windows\System\ciqyaYD.exe
  C:\Windows\System\ciqyaYD.exe
  2⤵
  PID:4884
- C:\Windows\System\MrnqtMF.exe
  C:\Windows\System\MrnqtMF.exe
  2⤵
  PID:4872
- C:\Windows\System\XmEIVUB.exe
  C:\Windows\System\XmEIVUB.exe
  2⤵
  PID:4908
- C:\Windows\System\KAYTqgp.exe
  C:\Windows\System\KAYTqgp.exe
  2⤵
  PID:4952
- C:\Windows\System\VMTfLiE.exe
  C:\Windows\System\VMTfLiE.exe
  2⤵
  PID:4984
- C:\Windows\System\Nwsphvz.exe
  C:\Windows\System\Nwsphvz.exe
  2⤵
  PID:5056
- C:\Windows\System\WIgTVfs.exe
  C:\Windows\System\WIgTVfs.exe
  2⤵
  PID:5068
- C:\Windows\System\dUDapPk.exe
  C:\Windows\System\dUDapPk.exe
  2⤵
  PID:5072
- C:\Windows\System\jGjpUuq.exe
  C:\Windows\System\jGjpUuq.exe
  2⤵
  PID:5116
- C:\Windows\System\DNeWsQw.exe
  C:\Windows\System\DNeWsQw.exe
  2⤵
  PID:3916
- C:\Windows\System\kiAgPVK.exe
  C:\Windows\System\kiAgPVK.exe
  2⤵
  PID:3976
- C:\Windows\System\jOEtjqM.exe
  C:\Windows\System\jOEtjqM.exe
  2⤵
  PID:816
- C:\Windows\System\oLItoQQ.exe
  C:\Windows\System\oLItoQQ.exe
  2⤵
  PID:3276
- C:\Windows\System\ndUwjRs.exe
  C:\Windows\System\ndUwjRs.exe
  2⤵
  PID:3476
- C:\Windows\System\BAahpjU.exe
  C:\Windows\System\BAahpjU.exe
  2⤵
  PID:3752
- C:\Windows\System\IsBxqSY.exe
  C:\Windows\System\IsBxqSY.exe
  2⤵
  PID:4228
- C:\Windows\System\itJWZJe.exe
  C:\Windows\System\itJWZJe.exe
  2⤵
  PID:4200
- C:\Windows\System\JcgTLIw.exe
  C:\Windows\System\JcgTLIw.exe
  2⤵
  PID:4264
- C:\Windows\System\WIBQAOn.exe
  C:\Windows\System\WIBQAOn.exe
  2⤵
  PID:4348
- C:\Windows\System\FqQyZRf.exe
  C:\Windows\System\FqQyZRf.exe
  2⤵
  PID:4384
- C:\Windows\System\cxnOhYB.exe
  C:\Windows\System\cxnOhYB.exe
  2⤵
  PID:4396
- C:\Windows\System\yDGMvFq.exe
  C:\Windows\System\yDGMvFq.exe
  2⤵
  PID:4424
- C:\Windows\System\zHGWduQ.exe
  C:\Windows\System\zHGWduQ.exe
  2⤵
  PID:4544
- C:\Windows\System\kWuqZhU.exe
  C:\Windows\System\kWuqZhU.exe
  2⤵
  PID:1544
- C:\Windows\System\iWIKhjG.exe
  C:\Windows\System\iWIKhjG.exe
  2⤵
  PID:4672
- C:\Windows\System\AsnLgHx.exe
  C:\Windows\System\AsnLgHx.exe
  2⤵
  PID:4648
- C:\Windows\System\UKZlBte.exe
  C:\Windows\System\UKZlBte.exe
  2⤵
  PID:4728
- C:\Windows\System\RxULZoa.exe
  C:\Windows\System\RxULZoa.exe
  2⤵
  PID:4844
- C:\Windows\System\agRWisU.exe
  C:\Windows\System\agRWisU.exe
  2⤵
  PID:4864
- C:\Windows\System\OIHhLdv.exe
  C:\Windows\System\OIHhLdv.exe
  2⤵
  PID:4932
- C:\Windows\System\bJSWwmF.exe
  C:\Windows\System\bJSWwmF.exe
  2⤵
  PID:4928
- C:\Windows\System\TQpucFs.exe
  C:\Windows\System\TQpucFs.exe
  2⤵
  PID:5008
- C:\Windows\System\jQHPcAb.exe
  C:\Windows\System\jQHPcAb.exe
  2⤵
  PID:5096
- C:\Windows\System\vTAoRYd.exe
  C:\Windows\System\vTAoRYd.exe
  2⤵
  PID:3900
- C:\Windows\System\kYLnYWD.exe
  C:\Windows\System\kYLnYWD.exe
  2⤵
  PID:3092
- C:\Windows\System\SstnwzR.exe
  C:\Windows\System\SstnwzR.exe
  2⤵
  PID:4016
- C:\Windows\System\QWPprrQ.exe
  C:\Windows\System\QWPprrQ.exe
  2⤵
  PID:3568
- C:\Windows\System\JzevtfV.exe
  C:\Windows\System\JzevtfV.exe
  2⤵
  PID:4124
- C:\Windows\System\NpvOSJz.exe
  C:\Windows\System\NpvOSJz.exe
  2⤵
  PID:4268
- C:\Windows\System\dVeiuxG.exe
  C:\Windows\System\dVeiuxG.exe
  2⤵
  PID:4260
- C:\Windows\System\HOJdTYs.exe
  C:\Windows\System\HOJdTYs.exe
  2⤵
  PID:4484
- C:\Windows\System\uyxfbEO.exe
  C:\Windows\System\uyxfbEO.exe
  2⤵
  PID:5128
- C:\Windows\System\EZVELFl.exe
  C:\Windows\System\EZVELFl.exe
  2⤵
  PID:5148
- C:\Windows\System\iLnKdPz.exe
  C:\Windows\System\iLnKdPz.exe
  2⤵
  PID:5168
- C:\Windows\System\eaEduob.exe
  C:\Windows\System\eaEduob.exe
  2⤵
  PID:5188
- C:\Windows\System\yyrbhpS.exe
  C:\Windows\System\yyrbhpS.exe
  2⤵
  PID:5208
- C:\Windows\System\cvpRVgJ.exe
  C:\Windows\System\cvpRVgJ.exe
  2⤵
  PID:5228
- C:\Windows\System\TOSwpab.exe
  C:\Windows\System\TOSwpab.exe
  2⤵
  PID:5248
- C:\Windows\System\sbXMdrB.exe
  C:\Windows\System\sbXMdrB.exe
  2⤵
  PID:5268
- C:\Windows\System\RdHsoMD.exe
  C:\Windows\System\RdHsoMD.exe
  2⤵
  PID:5288
- C:\Windows\System\eKIJGkw.exe
  C:\Windows\System\eKIJGkw.exe
  2⤵
  PID:5308
- C:\Windows\System\VqBjXXN.exe
  C:\Windows\System\VqBjXXN.exe
  2⤵
  PID:5328
- C:\Windows\System\PuKGxwq.exe
  C:\Windows\System\PuKGxwq.exe
  2⤵
  PID:5348
- C:\Windows\System\XiOhhAg.exe
  C:\Windows\System\XiOhhAg.exe
  2⤵
  PID:5368
- C:\Windows\System\vZGsDQW.exe
  C:\Windows\System\vZGsDQW.exe
  2⤵
  PID:5388
- C:\Windows\System\KKIIodT.exe
  C:\Windows\System\KKIIodT.exe
  2⤵
  PID:5408
- C:\Windows\System\inyQIgG.exe
  C:\Windows\System\inyQIgG.exe
  2⤵
  PID:5428
- C:\Windows\System\ldPeefX.exe
  C:\Windows\System\ldPeefX.exe
  2⤵
  PID:5448
- C:\Windows\System\xgorxhN.exe
  C:\Windows\System\xgorxhN.exe
  2⤵
  PID:5468
- C:\Windows\System\lhLdfig.exe
  C:\Windows\System\lhLdfig.exe
  2⤵
  PID:5488
- C:\Windows\System\lGbWFxj.exe
  C:\Windows\System\lGbWFxj.exe
  2⤵
  PID:5508
- C:\Windows\System\pWIFOah.exe
  C:\Windows\System\pWIFOah.exe
  2⤵
  PID:5528
- C:\Windows\System\WHFyNIc.exe
  C:\Windows\System\WHFyNIc.exe
  2⤵
  PID:5548
- C:\Windows\System\qVMUUoP.exe
  C:\Windows\System\qVMUUoP.exe
  2⤵
  PID:5568
- C:\Windows\System\bGjLXWH.exe
  C:\Windows\System\bGjLXWH.exe
  2⤵
  PID:5588
- C:\Windows\System\oYHzqeJ.exe
  C:\Windows\System\oYHzqeJ.exe
  2⤵
  PID:5608
- C:\Windows\System\DlZSEBF.exe
  C:\Windows\System\DlZSEBF.exe
  2⤵
  PID:5628
- C:\Windows\System\DtOazVR.exe
  C:\Windows\System\DtOazVR.exe
  2⤵
  PID:5648
- C:\Windows\System\IEJYBGp.exe
  C:\Windows\System\IEJYBGp.exe
  2⤵
  PID:5668
- C:\Windows\System\bpljghT.exe
  C:\Windows\System\bpljghT.exe
  2⤵
  PID:5688
- C:\Windows\System\OWDlIfv.exe
  C:\Windows\System\OWDlIfv.exe
  2⤵
  PID:5708
- C:\Windows\System\tBZzgPE.exe
  C:\Windows\System\tBZzgPE.exe
  2⤵
  PID:5728
- C:\Windows\System\dvUBTVQ.exe
  C:\Windows\System\dvUBTVQ.exe
  2⤵
  PID:5748
- C:\Windows\System\BbuXPnb.exe
  C:\Windows\System\BbuXPnb.exe
  2⤵
  PID:5768
- C:\Windows\System\oZcUmqQ.exe
  C:\Windows\System\oZcUmqQ.exe
  2⤵
  PID:5788
- C:\Windows\System\ELvsITX.exe
  C:\Windows\System\ELvsITX.exe
  2⤵
  PID:5808
- C:\Windows\System\CruzGwH.exe
  C:\Windows\System\CruzGwH.exe
  2⤵
  PID:5832
- C:\Windows\System\yFmfkeb.exe
  C:\Windows\System\yFmfkeb.exe
  2⤵
  PID:5852
- C:\Windows\System\rLozxPk.exe
  C:\Windows\System\rLozxPk.exe
  2⤵
  PID:5872
- C:\Windows\System\coPWVdj.exe
  C:\Windows\System\coPWVdj.exe
  2⤵
  PID:5892
- C:\Windows\System\jSnKrff.exe
  C:\Windows\System\jSnKrff.exe
  2⤵
  PID:5912
- C:\Windows\System\VhrmJJM.exe
  C:\Windows\System\VhrmJJM.exe
  2⤵
  PID:5932
- C:\Windows\System\ZpsWHMf.exe
  C:\Windows\System\ZpsWHMf.exe
  2⤵
  PID:5952
- C:\Windows\System\cVXlMDR.exe
  C:\Windows\System\cVXlMDR.exe
  2⤵
  PID:5972
- C:\Windows\System\VRjmqPV.exe
  C:\Windows\System\VRjmqPV.exe
  2⤵
  PID:5992
- C:\Windows\System\DzOnPgG.exe
  C:\Windows\System\DzOnPgG.exe
  2⤵
  PID:6012
- C:\Windows\System\zKsfEcn.exe
  C:\Windows\System\zKsfEcn.exe
  2⤵
  PID:6032
- C:\Windows\System\urVRWgh.exe
  C:\Windows\System\urVRWgh.exe
  2⤵
  PID:6052
- C:\Windows\System\mKuAHCW.exe
  C:\Windows\System\mKuAHCW.exe
  2⤵
  PID:6072
- C:\Windows\System\BpxhHEj.exe
  C:\Windows\System\BpxhHEj.exe
  2⤵
  PID:6092
- C:\Windows\System\PyzrXqq.exe
  C:\Windows\System\PyzrXqq.exe
  2⤵
  PID:6112
- C:\Windows\System\ZRZESDd.exe
  C:\Windows\System\ZRZESDd.exe
  2⤵
  PID:6132
- C:\Windows\System\sCZYVMi.exe
  C:\Windows\System\sCZYVMi.exe
  2⤵
  PID:4460
- C:\Windows\System\QSzkcvt.exe
  C:\Windows\System\QSzkcvt.exe
  2⤵
  PID:4520
- C:\Windows\System\DLCtQLw.exe
  C:\Windows\System\DLCtQLw.exe
  2⤵
  PID:4588
- C:\Windows\System\RENyfTZ.exe
  C:\Windows\System\RENyfTZ.exe
  2⤵
  PID:4732
- C:\Windows\System\TJitmDa.exe
  C:\Windows\System\TJitmDa.exe
  2⤵
  PID:4784
- C:\Windows\System\FXpIkBX.exe
  C:\Windows\System\FXpIkBX.exe
  2⤵
  PID:4788
- C:\Windows\System\RVCPFyY.exe
  C:\Windows\System\RVCPFyY.exe
  2⤵
  PID:4964
- C:\Windows\System\JzbNgvS.exe
  C:\Windows\System\JzbNgvS.exe
  2⤵
  PID:5036
- C:\Windows\System\FWzKGMb.exe
  C:\Windows\System\FWzKGMb.exe
  2⤵
  PID:3152
- C:\Windows\System\CXMFkxn.exe
  C:\Windows\System\CXMFkxn.exe
  2⤵
  PID:3400
- C:\Windows\System\YdeEDwD.exe
  C:\Windows\System\YdeEDwD.exe
  2⤵
  PID:4144
- C:\Windows\System\dwkVqAj.exe
  C:\Windows\System\dwkVqAj.exe
  2⤵
  PID:4104
- C:\Windows\System\HyKNUyI.exe
  C:\Windows\System\HyKNUyI.exe
  2⤵
  PID:4440
- C:\Windows\System\UZPqHAE.exe
  C:\Windows\System\UZPqHAE.exe
  2⤵
  PID:2704
- C:\Windows\System\XYavmDm.exe
  C:\Windows\System\XYavmDm.exe
  2⤵
  PID:5164
- C:\Windows\System\jBkCjBe.exe
  C:\Windows\System\jBkCjBe.exe
  2⤵
  PID:5196
- C:\Windows\System\hAhpCOG.exe
  C:\Windows\System\hAhpCOG.exe
  2⤵
  PID:5236
- C:\Windows\System\WzxMQgJ.exe
  C:\Windows\System\WzxMQgJ.exe
  2⤵
  PID:5264
- C:\Windows\System\ZuugKMI.exe
  C:\Windows\System\ZuugKMI.exe
  2⤵
  PID:5296
- C:\Windows\System\qFmOMZc.exe
  C:\Windows\System\qFmOMZc.exe
  2⤵
  PID:5320
- C:\Windows\System\ElzRHfJ.exe
  C:\Windows\System\ElzRHfJ.exe
  2⤵
  PID:5340
- C:\Windows\System\zhWecMt.exe
  C:\Windows\System\zhWecMt.exe
  2⤵
  PID:5396
- C:\Windows\System\fFaSPcc.exe
  C:\Windows\System\fFaSPcc.exe
  2⤵
  PID:5436
- C:\Windows\System\WbcRJEo.exe
  C:\Windows\System\WbcRJEo.exe
  2⤵
  PID:5456
- C:\Windows\System\bmXejPL.exe
  C:\Windows\System\bmXejPL.exe
  2⤵
  PID:5460
- C:\Windows\System\fhoJdwj.exe
  C:\Windows\System\fhoJdwj.exe
  2⤵
  PID:5500
- C:\Windows\System\VScbVCe.exe
  C:\Windows\System\VScbVCe.exe
  2⤵
  PID:5544
- C:\Windows\System\gFrdCKq.exe
  C:\Windows\System\gFrdCKq.exe
  2⤵
  PID:5596
- C:\Windows\System\IpAhpOn.exe
  C:\Windows\System\IpAhpOn.exe
  2⤵
  PID:5600
- C:\Windows\System\iYwFRlo.exe
  C:\Windows\System\iYwFRlo.exe
  2⤵
  PID:5620
- C:\Windows\System\aYnRHGc.exe
  C:\Windows\System\aYnRHGc.exe
  2⤵
  PID:5660
- C:\Windows\System\ZWyapmJ.exe
  C:\Windows\System\ZWyapmJ.exe
  2⤵
  PID:2572
- C:\Windows\System\kVHvJcW.exe
  C:\Windows\System\kVHvJcW.exe
  2⤵
  PID:5720
- C:\Windows\System\ImAPdyc.exe
  C:\Windows\System\ImAPdyc.exe
  2⤵
  PID:5764
- C:\Windows\System\ytUSZeG.exe
  C:\Windows\System\ytUSZeG.exe
  2⤵
  PID:5780
- C:\Windows\System\oNhkqyP.exe
  C:\Windows\System\oNhkqyP.exe
  2⤵
  PID:5824
- C:\Windows\System\rYtFRbB.exe
  C:\Windows\System\rYtFRbB.exe
  2⤵
  PID:5868
- C:\Windows\System\faHRsnp.exe
  C:\Windows\System\faHRsnp.exe
  2⤵
  PID:5900
- C:\Windows\System\hnEYbwK.exe
  C:\Windows\System\hnEYbwK.exe
  2⤵
  PID:5924
- C:\Windows\System\cKMjaFY.exe
  C:\Windows\System\cKMjaFY.exe
  2⤵
  PID:5968
- C:\Windows\System\sfOSMvz.exe
  C:\Windows\System\sfOSMvz.exe
  2⤵
  PID:5984
- C:\Windows\System\yBstzAP.exe
  C:\Windows\System\yBstzAP.exe
  2⤵
  PID:6028
- C:\Windows\System\yuWiMNs.exe
  C:\Windows\System\yuWiMNs.exe
  2⤵
  PID:6044
- C:\Windows\System\emaUGVO.exe
  C:\Windows\System\emaUGVO.exe
  2⤵
  PID:6080
- C:\Windows\System\ueJggXZ.exe
  C:\Windows\System\ueJggXZ.exe
  2⤵
  PID:6108
- C:\Windows\System\bzXaAsl.exe
  C:\Windows\System\bzXaAsl.exe
  2⤵
  PID:6140
- C:\Windows\System\SonHlgf.exe
  C:\Windows\System\SonHlgf.exe
  2⤵
  PID:4528
- C:\Windows\System\lxGxnQR.exe
  C:\Windows\System\lxGxnQR.exe
  2⤵
  PID:4772
- C:\Windows\System\CqyqNwT.exe
  C:\Windows\System\CqyqNwT.exe
  2⤵
  PID:4748
- C:\Windows\System\StTiBQb.exe
  C:\Windows\System\StTiBQb.exe
  2⤵
  PID:4968
- C:\Windows\System\gCCDPZr.exe
  C:\Windows\System\gCCDPZr.exe
  2⤵
  PID:2064
- C:\Windows\System\mHorQEe.exe
  C:\Windows\System\mHorQEe.exe
  2⤵
  PID:4076
- C:\Windows\System\zdIkOrO.exe
  C:\Windows\System\zdIkOrO.exe
  2⤵
  PID:4208
- C:\Windows\System\IUjfTtj.exe
  C:\Windows\System\IUjfTtj.exe
  2⤵
  PID:2736
- C:\Windows\System\KNGoKLD.exe
  C:\Windows\System\KNGoKLD.exe
  2⤵
  PID:5180
- C:\Windows\System\zUjvKHx.exe
  C:\Windows\System\zUjvKHx.exe
  2⤵
  PID:1920
- C:\Windows\System\MhJqvEV.exe
  C:\Windows\System\MhJqvEV.exe
  2⤵
  PID:5216
- C:\Windows\System\TttPrpG.exe
  C:\Windows\System\TttPrpG.exe
  2⤵
  PID:5260
- C:\Windows\System\XhXCBqY.exe
  C:\Windows\System\XhXCBqY.exe
  2⤵
  PID:5364
- C:\Windows\System\EHbkSAM.exe
  C:\Windows\System\EHbkSAM.exe
  2⤵
  PID:5384
- C:\Windows\System\RzhvGhQ.exe
  C:\Windows\System\RzhvGhQ.exe
  2⤵
  PID:5440
- C:\Windows\System\xswyLfb.exe
  C:\Windows\System\xswyLfb.exe
  2⤵
  PID:5464
- C:\Windows\System\PJPipnn.exe
  C:\Windows\System\PJPipnn.exe
  2⤵
  PID:5520
- C:\Windows\System\tXzDoRt.exe
  C:\Windows\System\tXzDoRt.exe
  2⤵
  PID:5584
- C:\Windows\System\DLouvpx.exe
  C:\Windows\System\DLouvpx.exe
  2⤵
  PID:5636
- C:\Windows\System\UDaopZA.exe
  C:\Windows\System\UDaopZA.exe
  2⤵
  PID:5656
- C:\Windows\System\nmjDtTN.exe
  C:\Windows\System\nmjDtTN.exe
  2⤵
  PID:5736
- C:\Windows\System\akIilqj.exe
  C:\Windows\System\akIilqj.exe
  2⤵
  PID:5776
- C:\Windows\System\KfiYVKU.exe
  C:\Windows\System\KfiYVKU.exe
  2⤵
  PID:5840
- C:\Windows\System\ijymqGk.exe
  C:\Windows\System\ijymqGk.exe
  2⤵
  PID:5844
- C:\Windows\System\YMBXSPZ.exe
  C:\Windows\System\YMBXSPZ.exe
  2⤵
  PID:5948
- C:\Windows\System\kHiFynu.exe
  C:\Windows\System\kHiFynu.exe
  2⤵
  PID:6004
- C:\Windows\System\soNDnZA.exe
  C:\Windows\System\soNDnZA.exe
  2⤵
  PID:1752
- C:\Windows\System\nWtwXNF.exe
  C:\Windows\System\nWtwXNF.exe
  2⤵
  PID:2624
- C:\Windows\System\tPWPqmK.exe
  C:\Windows\System\tPWPqmK.exe
  2⤵
  PID:6100
- C:\Windows\System\nmMsOMB.exe
  C:\Windows\System\nmMsOMB.exe
  2⤵
  PID:4608
- C:\Windows\System\iPcHwTa.exe
  C:\Windows\System\iPcHwTa.exe
  2⤵
  PID:4888
- C:\Windows\System\ddWSBrR.exe
  C:\Windows\System\ddWSBrR.exe
  2⤵
  PID:5052
- C:\Windows\System\AeGPdCH.exe
  C:\Windows\System\AeGPdCH.exe
  2⤵
  PID:2684
- C:\Windows\System\EEeoOLf.exe
  C:\Windows\System\EEeoOLf.exe
  2⤵
  PID:5124
- C:\Windows\System\iMhJqFG.exe
  C:\Windows\System\iMhJqFG.exe
  2⤵
  PID:5176
- C:\Windows\System\bYAiXtx.exe
  C:\Windows\System\bYAiXtx.exe
  2⤵
  PID:5240
- C:\Windows\System\aTqtVsi.exe
  C:\Windows\System\aTqtVsi.exe
  2⤵
  PID:5380
- C:\Windows\System\LIMnPia.exe
  C:\Windows\System\LIMnPia.exe
  2⤵
  PID:5444
- C:\Windows\System\oEjYQtQ.exe
  C:\Windows\System\oEjYQtQ.exe
  2⤵
  PID:5504
- C:\Windows\System\IWSeKvR.exe
  C:\Windows\System\IWSeKvR.exe
  2⤵
  PID:5536
- C:\Windows\System\FCIWMik.exe
  C:\Windows\System\FCIWMik.exe
  2⤵
  PID:5664
- C:\Windows\System\bRkmpQt.exe
  C:\Windows\System\bRkmpQt.exe
  2⤵
  PID:5716
- C:\Windows\System\oBzqjlS.exe
  C:\Windows\System\oBzqjlS.exe
  2⤵
  PID:1924
- C:\Windows\System\ljMQJWJ.exe
  C:\Windows\System\ljMQJWJ.exe
  2⤵
  PID:5928
- C:\Windows\System\zErtxjo.exe
  C:\Windows\System\zErtxjo.exe
  2⤵
  PID:5988
- C:\Windows\System\fSYLopo.exe
  C:\Windows\System\fSYLopo.exe
  2⤵
  PID:6000
- C:\Windows\System\RQnvagL.exe
  C:\Windows\System\RQnvagL.exe
  2⤵
  PID:4604
- C:\Windows\System\WvhLTWP.exe
  C:\Windows\System\WvhLTWP.exe
  2⤵
  PID:4580
- C:\Windows\System\hCQARYL.exe
  C:\Windows\System\hCQARYL.exe
  2⤵
  PID:6152
- C:\Windows\System\QgnyIKd.exe
  C:\Windows\System\QgnyIKd.exe
  2⤵
  PID:6172
- C:\Windows\System\cTRztfh.exe
  C:\Windows\System\cTRztfh.exe
  2⤵
  PID:6192
- C:\Windows\System\FRecXkr.exe
  C:\Windows\System\FRecXkr.exe
  2⤵
  PID:6212
- C:\Windows\System\WlTgbQq.exe
  C:\Windows\System\WlTgbQq.exe
  2⤵
  PID:6232
- C:\Windows\System\jtREvGr.exe
  C:\Windows\System\jtREvGr.exe
  2⤵
  PID:6252
- C:\Windows\System\aeXetHy.exe
  C:\Windows\System\aeXetHy.exe
  2⤵
  PID:6272
- C:\Windows\System\OZAWQcj.exe
  C:\Windows\System\OZAWQcj.exe
  2⤵
  PID:6292
- C:\Windows\System\QImrJQY.exe
  C:\Windows\System\QImrJQY.exe
  2⤵
  PID:6312
- C:\Windows\System\tNrTncl.exe
  C:\Windows\System\tNrTncl.exe
  2⤵
  PID:6332
- C:\Windows\System\qxhrtOV.exe
  C:\Windows\System\qxhrtOV.exe
  2⤵
  PID:6352
- C:\Windows\System\aAucCpY.exe
  C:\Windows\System\aAucCpY.exe
  2⤵
  PID:6372
- C:\Windows\System\iuDcqDd.exe
  C:\Windows\System\iuDcqDd.exe
  2⤵
  PID:6392
- C:\Windows\System\BOyKwYo.exe
  C:\Windows\System\BOyKwYo.exe
  2⤵
  PID:6412
- C:\Windows\System\PavJyHo.exe
  C:\Windows\System\PavJyHo.exe
  2⤵
  PID:6432
- C:\Windows\System\wXkkvBZ.exe
  C:\Windows\System\wXkkvBZ.exe
  2⤵
  PID:6452
- C:\Windows\System\JVYfszK.exe
  C:\Windows\System\JVYfszK.exe
  2⤵
  PID:6472
- C:\Windows\System\pxTgMHq.exe
  C:\Windows\System\pxTgMHq.exe
  2⤵
  PID:6492
- C:\Windows\System\cIVEjyk.exe
  C:\Windows\System\cIVEjyk.exe
  2⤵
  PID:6512
- C:\Windows\System\MfealET.exe
  C:\Windows\System\MfealET.exe
  2⤵
  PID:6532
- C:\Windows\System\lTqZqWY.exe
  C:\Windows\System\lTqZqWY.exe
  2⤵
  PID:6552
- C:\Windows\System\phsFfZe.exe
  C:\Windows\System\phsFfZe.exe
  2⤵
  PID:6572
- C:\Windows\System\TtLwgHM.exe
  C:\Windows\System\TtLwgHM.exe
  2⤵
  PID:6592
- C:\Windows\System\LPwbEcR.exe
  C:\Windows\System\LPwbEcR.exe
  2⤵
  PID:6612
- C:\Windows\System\VkPPVwP.exe
  C:\Windows\System\VkPPVwP.exe
  2⤵
  PID:6632
- C:\Windows\System\lVzvsTo.exe
  C:\Windows\System\lVzvsTo.exe
  2⤵
  PID:6652
- C:\Windows\System\oMGGshC.exe
  C:\Windows\System\oMGGshC.exe
  2⤵
  PID:6672
- C:\Windows\System\snXaXjb.exe
  C:\Windows\System\snXaXjb.exe
  2⤵
  PID:6692
- C:\Windows\System\LKqXvOY.exe
  C:\Windows\System\LKqXvOY.exe
  2⤵
  PID:6712
- C:\Windows\System\NOXUmpD.exe
  C:\Windows\System\NOXUmpD.exe
  2⤵
  PID:6732
- C:\Windows\System\cxUpeOF.exe
  C:\Windows\System\cxUpeOF.exe
  2⤵
  PID:6756
- C:\Windows\System\yUnNVuZ.exe
  C:\Windows\System\yUnNVuZ.exe
  2⤵
  PID:6776
- C:\Windows\System\pXSUKyc.exe
  C:\Windows\System\pXSUKyc.exe
  2⤵
  PID:6796
- C:\Windows\System\IGVwECJ.exe
  C:\Windows\System\IGVwECJ.exe
  2⤵
  PID:6816
- C:\Windows\System\NXKNJzZ.exe
  C:\Windows\System\NXKNJzZ.exe
  2⤵
  PID:6836
- C:\Windows\System\tvQzRNP.exe
  C:\Windows\System\tvQzRNP.exe
  2⤵
  PID:6856
- C:\Windows\System\TigjQiN.exe
  C:\Windows\System\TigjQiN.exe
  2⤵
  PID:6876
- C:\Windows\System\nbxOKKF.exe
  C:\Windows\System\nbxOKKF.exe
  2⤵
  PID:6896
- C:\Windows\System\JmTipbF.exe
  C:\Windows\System\JmTipbF.exe
  2⤵
  PID:6916
- C:\Windows\System\rhfuctT.exe
  C:\Windows\System\rhfuctT.exe
  2⤵
  PID:6936
- C:\Windows\System\kHyXmGn.exe
  C:\Windows\System\kHyXmGn.exe
  2⤵
  PID:6956
- C:\Windows\System\DctzJOU.exe
  C:\Windows\System\DctzJOU.exe
  2⤵
  PID:6976
- C:\Windows\System\JSuFBAw.exe
  C:\Windows\System\JSuFBAw.exe
  2⤵
  PID:6996
- C:\Windows\System\ThcKmvk.exe
  C:\Windows\System\ThcKmvk.exe
  2⤵
  PID:7016
- C:\Windows\System\fCvVXgI.exe
  C:\Windows\System\fCvVXgI.exe
  2⤵
  PID:7036
- C:\Windows\System\fkvcOpn.exe
  C:\Windows\System\fkvcOpn.exe
  2⤵
  PID:7056
- C:\Windows\System\pZGbtXX.exe
  C:\Windows\System\pZGbtXX.exe
  2⤵
  PID:7076
- C:\Windows\System\XyNwpGM.exe
  C:\Windows\System\XyNwpGM.exe
  2⤵
  PID:7096
- C:\Windows\System\CLleXtR.exe
  C:\Windows\System\CLleXtR.exe
  2⤵
  PID:7116
- C:\Windows\System\ooFBfkX.exe
  C:\Windows\System\ooFBfkX.exe
  2⤵
  PID:7136
- C:\Windows\System\kAXSOmH.exe
  C:\Windows\System\kAXSOmH.exe
  2⤵
  PID:7156
- C:\Windows\System\KYvXRfF.exe
  C:\Windows\System\KYvXRfF.exe
  2⤵
  PID:4148
- C:\Windows\System\foYApHa.exe
  C:\Windows\System\foYApHa.exe
  2⤵
  PID:5284
- C:\Windows\System\lOZgJDY.exe
  C:\Windows\System\lOZgJDY.exe
  2⤵
  PID:5300
- C:\Windows\System\wogFiud.exe
  C:\Windows\System\wogFiud.exe
  2⤵
  PID:3016
- C:\Windows\System\hQDNlaI.exe
  C:\Windows\System\hQDNlaI.exe
  2⤵
  PID:5496
- C:\Windows\System\cPDOMhB.exe
  C:\Windows\System\cPDOMhB.exe
  2⤵
  PID:5696
- C:\Windows\System\nBYpHUN.exe
  C:\Windows\System\nBYpHUN.exe
  2⤵
  PID:5884
- C:\Windows\System\TIdKEvZ.exe
  C:\Windows\System\TIdKEvZ.exe
  2⤵
  PID:2612
- C:\Windows\System\BgzsksJ.exe
  C:\Windows\System\BgzsksJ.exe
  2⤵
  PID:6124
- C:\Windows\System\dLDqSfq.exe
  C:\Windows\System\dLDqSfq.exe
  2⤵
  PID:4792
- C:\Windows\System\EfjoyQk.exe
  C:\Windows\System\EfjoyQk.exe
  2⤵
  PID:6160
- C:\Windows\System\OZfselF.exe
  C:\Windows\System\OZfselF.exe
  2⤵
  PID:6184
- C:\Windows\System\zvOnJKl.exe
  C:\Windows\System\zvOnJKl.exe
  2⤵
  PID:2220
- C:\Windows\System\iABTqPP.exe
  C:\Windows\System\iABTqPP.exe
  2⤵
  PID:6244
- C:\Windows\System\fjzQoBw.exe
  C:\Windows\System\fjzQoBw.exe
  2⤵
  PID:6264
- C:\Windows\System\GpOENsp.exe
  C:\Windows\System\GpOENsp.exe
  2⤵
  PID:6320
- C:\Windows\System\PGrJeOO.exe
  C:\Windows\System\PGrJeOO.exe
  2⤵
  PID:6360
- C:\Windows\System\GhypzxG.exe
  C:\Windows\System\GhypzxG.exe
  2⤵
  PID:6388
- C:\Windows\System\bvsJJqX.exe
  C:\Windows\System\bvsJJqX.exe
  2⤵
  PID:6420
- C:\Windows\System\QCeoOOG.exe
  C:\Windows\System\QCeoOOG.exe
  2⤵
  PID:6444
- C:\Windows\System\ZNaVanU.exe
  C:\Windows\System\ZNaVanU.exe
  2⤵
  PID:6488
- C:\Windows\System\JxqpTZW.exe
  C:\Windows\System\JxqpTZW.exe
  2⤵
  PID:6520
- C:\Windows\System\VEPYprR.exe
  C:\Windows\System\VEPYprR.exe
  2⤵
  PID:6548
- C:\Windows\System\lazcjJB.exe
  C:\Windows\System\lazcjJB.exe
  2⤵
  PID:6588
- C:\Windows\System\kOyDsOG.exe
  C:\Windows\System\kOyDsOG.exe
  2⤵
  PID:6640
- C:\Windows\System\JUkNtwz.exe
  C:\Windows\System\JUkNtwz.exe
  2⤵
  PID:6660
- C:\Windows\System\NQoTpky.exe
  C:\Windows\System\NQoTpky.exe
  2⤵
  PID:6684
- C:\Windows\System\cbSleTu.exe
  C:\Windows\System\cbSleTu.exe
  2⤵
  PID:6728
- C:\Windows\System\hVlPfFw.exe
  C:\Windows\System\hVlPfFw.exe
  2⤵
  PID:6772
- C:\Windows\System\GiUWKAC.exe
  C:\Windows\System\GiUWKAC.exe
  2⤵
  PID:6804
- C:\Windows\System\xZcGCVG.exe
  C:\Windows\System\xZcGCVG.exe
  2⤵
  PID:6832
- C:\Windows\System\DdWvIRQ.exe
  C:\Windows\System\DdWvIRQ.exe
  2⤵
  PID:6884
- C:\Windows\System\ABDdRgw.exe
  C:\Windows\System\ABDdRgw.exe
  2⤵
  PID:6888
- C:\Windows\System\RtFhvPY.exe
  C:\Windows\System\RtFhvPY.exe
  2⤵
  PID:6932
- C:\Windows\System\iOmGJDP.exe
  C:\Windows\System\iOmGJDP.exe
  2⤵
  PID:6952
- C:\Windows\System\nZWieCk.exe
  C:\Windows\System\nZWieCk.exe
  2⤵
  PID:6992
- C:\Windows\System\iYNMaqZ.exe
  C:\Windows\System\iYNMaqZ.exe
  2⤵
  PID:7044
- C:\Windows\System\ueClPdV.exe
  C:\Windows\System\ueClPdV.exe
  2⤵
  PID:7064
- C:\Windows\System\oDsJhCN.exe
  C:\Windows\System\oDsJhCN.exe
  2⤵
  PID:7088
- C:\Windows\System\CmKXAEv.exe
  C:\Windows\System\CmKXAEv.exe
  2⤵
  PID:7132
- C:\Windows\System\OYLWOGB.exe
  C:\Windows\System\OYLWOGB.exe
  2⤵
  PID:7152
- C:\Windows\System\qkSqzmu.exe
  C:\Windows\System\qkSqzmu.exe
  2⤵
  PID:5144
- C:\Windows\System\nNqkxnH.exe
  C:\Windows\System\nNqkxnH.exe
  2⤵
  PID:5424
- C:\Windows\System\nUMAlHZ.exe
  C:\Windows\System\nUMAlHZ.exe
  2⤵
  PID:2872
- C:\Windows\System\JRPawLr.exe
  C:\Windows\System\JRPawLr.exe
  2⤵
  PID:5848
- C:\Windows\System\ItQPQWm.exe
  C:\Windows\System\ItQPQWm.exe
  2⤵
  PID:5920
- C:\Windows\System\PNhzNKH.exe
  C:\Windows\System\PNhzNKH.exe
  2⤵
  PID:4764
- C:\Windows\System\zyuwGCx.exe
  C:\Windows\System\zyuwGCx.exe
  2⤵
  PID:6164
- C:\Windows\System\gfkHlKP.exe
  C:\Windows\System\gfkHlKP.exe
  2⤵
  PID:6224
- C:\Windows\System\Pfuksck.exe
  C:\Windows\System\Pfuksck.exe
  2⤵
  PID:6268
- C:\Windows\System\jVZPrDI.exe
  C:\Windows\System\jVZPrDI.exe
  2⤵
  PID:6348
- C:\Windows\System\ICMCPEI.exe
  C:\Windows\System\ICMCPEI.exe
  2⤵
  PID:6380
- C:\Windows\System\AXVgJEZ.exe
  C:\Windows\System\AXVgJEZ.exe
  2⤵
  PID:2124
- C:\Windows\System\GBqoyCN.exe
  C:\Windows\System\GBqoyCN.exe
  2⤵
  PID:6464
- C:\Windows\System\xGdcufZ.exe
  C:\Windows\System\xGdcufZ.exe
  2⤵
  PID:6540
- C:\Windows\System\jvhyKIq.exe
  C:\Windows\System\jvhyKIq.exe
  2⤵
  PID:6608
- C:\Windows\System\Eqqxcxg.exe
  C:\Windows\System\Eqqxcxg.exe
  2⤵
  PID:6688
- C:\Windows\System\ougEpwQ.exe
  C:\Windows\System\ougEpwQ.exe
  2⤵
  PID:6704
- C:\Windows\System\IIZkpMu.exe
  C:\Windows\System\IIZkpMu.exe
  2⤵
  PID:6768
- C:\Windows\System\IBOGQni.exe
  C:\Windows\System\IBOGQni.exe
  2⤵
  PID:6788
- C:\Windows\System\XURpSbW.exe
  C:\Windows\System\XURpSbW.exe
  2⤵
  PID:6892
- C:\Windows\System\CvmihnT.exe
  C:\Windows\System\CvmihnT.exe
  2⤵
  PID:6912
- C:\Windows\System\EZUfmAS.exe
  C:\Windows\System\EZUfmAS.exe
  2⤵
  PID:6988
- C:\Windows\System\xPorlzY.exe
  C:\Windows\System\xPorlzY.exe
  2⤵
  PID:7072
- C:\Windows\System\OwoxDGX.exe
  C:\Windows\System\OwoxDGX.exe
  2⤵
  PID:7124
- C:\Windows\System\jCiRTNu.exe
  C:\Windows\System\jCiRTNu.exe
  2⤵
  PID:7164
- C:\Windows\System\pLBqHVn.exe
  C:\Windows\System\pLBqHVn.exe
  2⤵
  PID:2044
- C:\Windows\System\DdFwNbd.exe
  C:\Windows\System\DdFwNbd.exe
  2⤵
  PID:5344
- C:\Windows\System\SzwtGsp.exe
  C:\Windows\System\SzwtGsp.exe
  2⤵
  PID:5980
- C:\Windows\System\WHqnUdS.exe
  C:\Windows\System\WHqnUdS.exe
  2⤵
  PID:6180
- C:\Windows\System\ftxKqqY.exe
  C:\Windows\System\ftxKqqY.exe
  2⤵
  PID:6288
- C:\Windows\System\cVyDAeo.exe
  C:\Windows\System\cVyDAeo.exe
  2⤵
  PID:6408
- C:\Windows\System\qtZIfrB.exe
  C:\Windows\System\qtZIfrB.exe
  2⤵
  PID:6448
- C:\Windows\System\GXYIESR.exe
  C:\Windows\System\GXYIESR.exe
  2⤵
  PID:6480
- C:\Windows\System\vvqKnBQ.exe
  C:\Windows\System\vvqKnBQ.exe
  2⤵
  PID:6580
- C:\Windows\System\LvzjfOW.exe
  C:\Windows\System\LvzjfOW.exe
  2⤵
  PID:6720
- C:\Windows\System\iFshuBq.exe
  C:\Windows\System\iFshuBq.exe
  2⤵
  PID:6848
- C:\Windows\System\QJwJbzr.exe
  C:\Windows\System\QJwJbzr.exe
  2⤵
  PID:6852
- C:\Windows\System\qoNAPCp.exe
  C:\Windows\System\qoNAPCp.exe
  2⤵
  PID:6964
- C:\Windows\System\thyIopJ.exe
  C:\Windows\System\thyIopJ.exe
  2⤵
  PID:7048
- C:\Windows\System\DvnHPNT.exe
  C:\Windows\System\DvnHPNT.exe
  2⤵
  PID:5220
- C:\Windows\System\VDPYUFg.exe
  C:\Windows\System\VDPYUFg.exe
  2⤵
  PID:5740
- C:\Windows\System\yBZVish.exe
  C:\Windows\System\yBZVish.exe
  2⤵
  PID:2760
- C:\Windows\System\TSuNpVd.exe
  C:\Windows\System\TSuNpVd.exe
  2⤵
  PID:6148
- C:\Windows\System\HzteNxL.exe
  C:\Windows\System\HzteNxL.exe
  2⤵
  PID:6344
- C:\Windows\System\QENURUk.exe
  C:\Windows\System\QENURUk.exe
  2⤵
  PID:6508
- C:\Windows\System\JRzspgf.exe
  C:\Windows\System\JRzspgf.exe
  2⤵
  PID:6664
- C:\Windows\System\CDseUik.exe
  C:\Windows\System\CDseUik.exe
  2⤵
  PID:7188
- C:\Windows\System\IPWSuJI.exe
  C:\Windows\System\IPWSuJI.exe
  2⤵
  PID:7208
- C:\Windows\System\QeNkTQZ.exe
  C:\Windows\System\QeNkTQZ.exe
  2⤵
  PID:7228
- C:\Windows\System\MKtdXhZ.exe
  C:\Windows\System\MKtdXhZ.exe
  2⤵
  PID:7248
- C:\Windows\System\VhlWHeX.exe
  C:\Windows\System\VhlWHeX.exe
  2⤵
  PID:7268
- C:\Windows\System\mYkJtot.exe
  C:\Windows\System\mYkJtot.exe
  2⤵
  PID:7288
- C:\Windows\System\BxHKARv.exe
  C:\Windows\System\BxHKARv.exe
  2⤵
  PID:7308
- C:\Windows\System\tnllNro.exe
  C:\Windows\System\tnllNro.exe
  2⤵
  PID:7328
- C:\Windows\System\wZniFdi.exe
  C:\Windows\System\wZniFdi.exe
  2⤵
  PID:7348
- C:\Windows\System\hhsBhyV.exe
  C:\Windows\System\hhsBhyV.exe
  2⤵
  PID:7368
- C:\Windows\System\NUmQKuH.exe
  C:\Windows\System\NUmQKuH.exe
  2⤵
  PID:7388
- C:\Windows\System\BfvsnKB.exe
  C:\Windows\System\BfvsnKB.exe
  2⤵
  PID:7408
- C:\Windows\System\uXWbHcs.exe
  C:\Windows\System\uXWbHcs.exe
  2⤵
  PID:7428
- C:\Windows\System\wtOEmfU.exe
  C:\Windows\System\wtOEmfU.exe
  2⤵
  PID:7448
- C:\Windows\System\MofkIky.exe
  C:\Windows\System\MofkIky.exe
  2⤵
  PID:7468
- C:\Windows\System\JiZhzYh.exe
  C:\Windows\System\JiZhzYh.exe
  2⤵
  PID:7488
- C:\Windows\System\RPNzIAB.exe
  C:\Windows\System\RPNzIAB.exe
  2⤵
  PID:7508
- C:\Windows\System\aXeaFaX.exe
  C:\Windows\System\aXeaFaX.exe
  2⤵
  PID:7528
- C:\Windows\System\JKXTBhD.exe
  C:\Windows\System\JKXTBhD.exe
  2⤵
  PID:7548
- C:\Windows\System\WTXoUHj.exe
  C:\Windows\System\WTXoUHj.exe
  2⤵
  PID:7568
- C:\Windows\System\CxlKtqP.exe
  C:\Windows\System\CxlKtqP.exe
  2⤵
  PID:7592
- C:\Windows\System\xjXlmMr.exe
  C:\Windows\System\xjXlmMr.exe
  2⤵
  PID:7612
- C:\Windows\System\dlAGBTV.exe
  C:\Windows\System\dlAGBTV.exe
  2⤵
  PID:7632
- C:\Windows\System\VWUAAhD.exe
  C:\Windows\System\VWUAAhD.exe
  2⤵
  PID:7652
- C:\Windows\System\MMtSHCe.exe
  C:\Windows\System\MMtSHCe.exe
  2⤵
  PID:7672
- C:\Windows\System\dZzGskU.exe
  C:\Windows\System\dZzGskU.exe
  2⤵
  PID:7692
- C:\Windows\System\uJhcyiR.exe
  C:\Windows\System\uJhcyiR.exe
  2⤵
  PID:7712
- C:\Windows\System\gPszkBs.exe
  C:\Windows\System\gPszkBs.exe
  2⤵
  PID:7732
- C:\Windows\System\afaMHIC.exe
  C:\Windows\System\afaMHIC.exe
  2⤵
  PID:7752
- C:\Windows\System\MXYonqh.exe
  C:\Windows\System\MXYonqh.exe
  2⤵
  PID:7772
- C:\Windows\System\GeIJJnc.exe
  C:\Windows\System\GeIJJnc.exe
  2⤵
  PID:7792
- C:\Windows\System\WhOroMd.exe
  C:\Windows\System\WhOroMd.exe
  2⤵
  PID:7812
- C:\Windows\System\TKrIjFU.exe
  C:\Windows\System\TKrIjFU.exe
  2⤵
  PID:7832
- C:\Windows\System\eXmgKkN.exe
  C:\Windows\System\eXmgKkN.exe
  2⤵
  PID:7852
- C:\Windows\System\NvGiZML.exe
  C:\Windows\System\NvGiZML.exe
  2⤵
  PID:7872
- C:\Windows\System\jjVcgkR.exe
  C:\Windows\System\jjVcgkR.exe
  2⤵
  PID:7892
- C:\Windows\System\SutykhU.exe
  C:\Windows\System\SutykhU.exe
  2⤵
  PID:7912
- C:\Windows\System\YbGLIcz.exe
  C:\Windows\System\YbGLIcz.exe
  2⤵
  PID:7932
- C:\Windows\System\TuWmrBO.exe
  C:\Windows\System\TuWmrBO.exe
  2⤵
  PID:7952
- C:\Windows\System\THoIjTH.exe
  C:\Windows\System\THoIjTH.exe
  2⤵
  PID:7972
- C:\Windows\System\HpHHEGW.exe
  C:\Windows\System\HpHHEGW.exe
  2⤵
  PID:7992
- C:\Windows\System\MiPmwXU.exe
  C:\Windows\System\MiPmwXU.exe
  2⤵
  PID:8012
- C:\Windows\System\TqBRiuU.exe
  C:\Windows\System\TqBRiuU.exe
  2⤵
  PID:8032
- C:\Windows\System\vbnvBZb.exe
  C:\Windows\System\vbnvBZb.exe
  2⤵
  PID:8052
- C:\Windows\System\CUnKfeA.exe
  C:\Windows\System\CUnKfeA.exe
  2⤵
  PID:8072
- C:\Windows\System\uXioVEy.exe
  C:\Windows\System\uXioVEy.exe
  2⤵
  PID:8092
- C:\Windows\System\oZGMouF.exe
  C:\Windows\System\oZGMouF.exe
  2⤵
  PID:8112
- C:\Windows\System\DTLdHAF.exe
  C:\Windows\System\DTLdHAF.exe
  2⤵
  PID:8132
- C:\Windows\System\GaiTUGc.exe
  C:\Windows\System\GaiTUGc.exe
  2⤵
  PID:8152
- C:\Windows\System\SklgOkd.exe
  C:\Windows\System\SklgOkd.exe
  2⤵
  PID:8172
- C:\Windows\System\SBBUpho.exe
  C:\Windows\System\SBBUpho.exe
  2⤵
  PID:6740
- C:\Windows\System\ofbkEDo.exe
  C:\Windows\System\ofbkEDo.exe
  2⤵
  PID:6792
- C:\Windows\System\LiAkihq.exe
  C:\Windows\System\LiAkihq.exe
  2⤵
  PID:6908
- C:\Windows\System\eLfBcAF.exe
  C:\Windows\System\eLfBcAF.exe
  2⤵
  PID:7052
- C:\Windows\System\kJRccJY.exe
  C:\Windows\System\kJRccJY.exe
  2⤵
  PID:4824
- C:\Windows\System\xBnWzfx.exe
  C:\Windows\System\xBnWzfx.exe
  2⤵
  PID:6208
- C:\Windows\System\jJUlbgy.exe
  C:\Windows\System\jJUlbgy.exe
  2⤵
  PID:6300
- C:\Windows\System\xTpppuc.exe
  C:\Windows\System\xTpppuc.exe
  2⤵
  PID:2656
- C:\Windows\System\MicJPwc.exe
  C:\Windows\System\MicJPwc.exe
  2⤵
  PID:7204
- C:\Windows\System\ueFymLj.exe
  C:\Windows\System\ueFymLj.exe
  2⤵
  PID:7220
- C:\Windows\System\xsuEiGy.exe
  C:\Windows\System\xsuEiGy.exe
  2⤵
  PID:7264
- C:\Windows\System\hNMJenV.exe
  C:\Windows\System\hNMJenV.exe
  2⤵
  PID:7296
- C:\Windows\System\MHCyOHY.exe
  C:\Windows\System\MHCyOHY.exe
  2⤵
  PID:7344
- C:\Windows\System\JvQVOAc.exe
  C:\Windows\System\JvQVOAc.exe
  2⤵
  PID:7376
- C:\Windows\System\BuvPsvp.exe
  C:\Windows\System\BuvPsvp.exe
  2⤵
  PID:7400
- C:\Windows\System\yDUVvVr.exe
  C:\Windows\System\yDUVvVr.exe
  2⤵
  PID:7444
- C:\Windows\System\bOHkBjx.exe
  C:\Windows\System\bOHkBjx.exe
  2⤵
  PID:7476
- C:\Windows\System\YXFfTLB.exe
  C:\Windows\System\YXFfTLB.exe
  2⤵
  PID:7504
- C:\Windows\System\JghNSsi.exe
  C:\Windows\System\JghNSsi.exe
  2⤵
  PID:7520
- C:\Windows\System\ybbMIqx.exe
  C:\Windows\System\ybbMIqx.exe
  2⤵
  PID:7564
- C:\Windows\System\tcsWGoo.exe
  C:\Windows\System\tcsWGoo.exe
  2⤵
  PID:7600
- C:\Windows\System\EugLHXw.exe
  C:\Windows\System\EugLHXw.exe
  2⤵
  PID:7628
- C:\Windows\System\bVmYqeE.exe
  C:\Windows\System\bVmYqeE.exe
  2⤵
  PID:7660
- C:\Windows\System\cNnpApT.exe
  C:\Windows\System\cNnpApT.exe
  2⤵
  PID:2764
- C:\Windows\System\xAbcixU.exe
  C:\Windows\System\xAbcixU.exe
  2⤵
  PID:7728
- C:\Windows\System\BPvlQCP.exe
  C:\Windows\System\BPvlQCP.exe
  2⤵
  PID:7768
- C:\Windows\System\VmeRdpB.exe
  C:\Windows\System\VmeRdpB.exe
  2⤵
  PID:7800
- C:\Windows\System\ykMBbHm.exe
  C:\Windows\System\ykMBbHm.exe
  2⤵
  PID:7804
- C:\Windows\System\kkXqSDJ.exe
  C:\Windows\System\kkXqSDJ.exe
  2⤵
  PID:7828
- C:\Windows\System\nKzXvqQ.exe
  C:\Windows\System\nKzXvqQ.exe
  2⤵
  PID:7864
- C:\Windows\System\KfRQTdb.exe
  C:\Windows\System\KfRQTdb.exe
  2⤵
  PID:7920
- C:\Windows\System\saXaXvC.exe
  C:\Windows\System\saXaXvC.exe
  2⤵
  PID:7924
- C:\Windows\System\PXEPUPD.exe
  C:\Windows\System\PXEPUPD.exe
  2⤵
  PID:7968
- C:\Windows\System\XXnonbg.exe
  C:\Windows\System\XXnonbg.exe
  2⤵
  PID:8000
- C:\Windows\System\QqeiCVw.exe
  C:\Windows\System\QqeiCVw.exe
  2⤵
  PID:8048
- C:\Windows\System\wWoaBkN.exe
  C:\Windows\System\wWoaBkN.exe
  2⤵
  PID:8060
- C:\Windows\System\IpTpBZs.exe
  C:\Windows\System\IpTpBZs.exe
  2⤵
  PID:8088
- C:\Windows\System\MkJjhMX.exe
  C:\Windows\System\MkJjhMX.exe
  2⤵
  PID:8108
- C:\Windows\System\qVrlQHX.exe
  C:\Windows\System\qVrlQHX.exe
  2⤵
  PID:8144
- C:\Windows\System\bLZSozx.exe
  C:\Windows\System\bLZSozx.exe
  2⤵
  PID:8164
- C:\Windows\System\gBoCayd.exe
  C:\Windows\System\gBoCayd.exe
  2⤵
  PID:8184
- C:\Windows\System\vHxcYZY.exe
  C:\Windows\System\vHxcYZY.exe
  2⤵
  PID:7108
- C:\Windows\System\DpRgFzG.exe
  C:\Windows\System\DpRgFzG.exe
  2⤵
  PID:2560
- C:\Windows\System\wcQWDXl.exe
  C:\Windows\System\wcQWDXl.exe
  2⤵
  PID:7112
- C:\Windows\System\TudFtVc.exe
  C:\Windows\System\TudFtVc.exe
  2⤵
  PID:4692
- C:\Windows\System\AmjPNYs.exe
  C:\Windows\System\AmjPNYs.exe
  2⤵
  PID:7184
- C:\Windows\System\sFMFXsX.exe
  C:\Windows\System\sFMFXsX.exe
  2⤵
  PID:7240
- C:\Windows\System\yvVzTlS.exe
  C:\Windows\System\yvVzTlS.exe
  2⤵
  PID:7324
- C:\Windows\System\xmhKjms.exe
  C:\Windows\System\xmhKjms.exe
  2⤵
  PID:2592
- C:\Windows\System\ASEAbdJ.exe
  C:\Windows\System\ASEAbdJ.exe
  2⤵
  PID:7384
- C:\Windows\System\crqdyPY.exe
  C:\Windows\System\crqdyPY.exe
  2⤵
  PID:7420
- C:\Windows\System\gcHEkXS.exe
  C:\Windows\System\gcHEkXS.exe
  2⤵
  PID:7460
- C:\Windows\System\OktSlkB.exe
  C:\Windows\System\OktSlkB.exe
  2⤵
  PID:7524
- C:\Windows\System\mGJDFRr.exe
  C:\Windows\System\mGJDFRr.exe
  2⤵
  PID:7580
- C:\Windows\System\qOqgvlR.exe
  C:\Windows\System\qOqgvlR.exe
  2⤵
  PID:7664
- C:\Windows\System\oTBEdoH.exe
  C:\Windows\System\oTBEdoH.exe
  2⤵
  PID:7680
- C:\Windows\System\bDAGHDw.exe
  C:\Windows\System\bDAGHDw.exe
  2⤵
  PID:7724
- C:\Windows\System\WqYlyGk.exe
  C:\Windows\System\WqYlyGk.exe
  2⤵
  PID:2888
- C:\Windows\System\VnmJGth.exe
  C:\Windows\System\VnmJGth.exe
  2⤵
  PID:4684
- C:\Windows\System\lARRdkF.exe
  C:\Windows\System\lARRdkF.exe
  2⤵
  PID:7848
- C:\Windows\System\tbCMLUr.exe
  C:\Windows\System\tbCMLUr.exe
  2⤵
  PID:1236
- C:\Windows\System\SRqPqtZ.exe
  C:\Windows\System\SRqPqtZ.exe
  2⤵
  PID:7904
- C:\Windows\System\SqwMnQh.exe
  C:\Windows\System\SqwMnQh.exe
  2⤵
  PID:7928
- C:\Windows\System\OXkEsyu.exe
  C:\Windows\System\OXkEsyu.exe
  2⤵
  PID:7948
- C:\Windows\System\LPmvjiV.exe
  C:\Windows\System\LPmvjiV.exe
  2⤵
  PID:8024
- C:\Windows\System\OduKcCR.exe
  C:\Windows\System\OduKcCR.exe
  2⤵
  PID:8008
- C:\Windows\System\DqqfKPw.exe
  C:\Windows\System\DqqfKPw.exe
  2⤵
  PID:1536
- C:\Windows\System\YrqowRv.exe
  C:\Windows\System\YrqowRv.exe
  2⤵
  PID:2348
- C:\Windows\System\ZMFDcLK.exe
  C:\Windows\System\ZMFDcLK.exe
  2⤵
  PID:8068
- C:\Windows\System\bYqnEvA.exe
  C:\Windows\System\bYqnEvA.exe
  2⤵
  PID:1612
- C:\Windows\System\iQNCagY.exe
  C:\Windows\System\iQNCagY.exe
  2⤵
  PID:8124
- C:\Windows\System\EvybOvx.exe
  C:\Windows\System\EvybOvx.exe
  2⤵
  PID:6680
- C:\Windows\System\nqtUPWP.exe
  C:\Windows\System\nqtUPWP.exe
  2⤵
  PID:7008
- C:\Windows\System\TeMjyzN.exe
  C:\Windows\System\TeMjyzN.exe
  2⤵
  PID:6944
- C:\Windows\System\irblobW.exe
  C:\Windows\System\irblobW.exe
  2⤵
  PID:6544
- C:\Windows\System\nJsGRXF.exe
  C:\Windows\System\nJsGRXF.exe
  2⤵
  PID:7216
- C:\Windows\System\yNvxvTc.exe
  C:\Windows\System\yNvxvTc.exe
  2⤵
  PID:2440
- C:\Windows\System\YWmtJME.exe
  C:\Windows\System\YWmtJME.exe
  2⤵
  PID:7320
- C:\Windows\System\pVVdUOu.exe
  C:\Windows\System\pVVdUOu.exe
  2⤵
  PID:7640
- C:\Windows\System\VqswwOm.exe
  C:\Windows\System\VqswwOm.exe
  2⤵
  PID:7648
- C:\Windows\System\hLKMeJg.exe
  C:\Windows\System\hLKMeJg.exe
  2⤵
  PID:1928
- C:\Windows\System\FDrZwrF.exe
  C:\Windows\System\FDrZwrF.exe
  2⤵
  PID:768
- C:\Windows\System\RMaTvVs.exe
  C:\Windows\System\RMaTvVs.exe
  2⤵
  PID:7784
- C:\Windows\System\WACWprA.exe
  C:\Windows\System\WACWprA.exe
  2⤵
  PID:2532
- C:\Windows\System\XmMCjku.exe
  C:\Windows\System\XmMCjku.exe
  2⤵
  PID:7984
- C:\Windows\System\LBbvhbn.exe
  C:\Windows\System\LBbvhbn.exe
  2⤵
  PID:1512
- C:\Windows\System\rsXTjcj.exe
  C:\Windows\System\rsXTjcj.exe
  2⤵
  PID:1952
- C:\Windows\System\cAIFnBK.exe
  C:\Windows\System\cAIFnBK.exe
  2⤵
  PID:6628
- C:\Windows\System\ZWYjAHI.exe
  C:\Windows\System\ZWYjAHI.exe
  2⤵
  PID:6824
- C:\Windows\System\rlxbBbl.exe
  C:\Windows\System\rlxbBbl.exe
  2⤵
  PID:7236
- C:\Windows\System\nHLSZeG.exe
  C:\Windows\System\nHLSZeG.exe
  2⤵
  PID:2032
- C:\Windows\System\EcnBaPm.exe
  C:\Windows\System\EcnBaPm.exe
  2⤵
  PID:7356
- C:\Windows\System\hoWVnMc.exe
  C:\Windows\System\hoWVnMc.exe
  2⤵
  PID:7360
- C:\Windows\System\QAKcoKF.exe
  C:\Windows\System\QAKcoKF.exe
  2⤵
  PID:2720
- C:\Windows\System\NORFyzW.exe
  C:\Windows\System\NORFyzW.exe
  2⤵
  PID:2356
- C:\Windows\System\ABvaNZS.exe
  C:\Windows\System\ABvaNZS.exe
  2⤵
  PID:7576
- C:\Windows\System\BQuQpIG.exe
  C:\Windows\System\BQuQpIG.exe
  2⤵
  PID:1620
- C:\Windows\System\WzaUhJx.exe
  C:\Windows\System\WzaUhJx.exe
  2⤵
  PID:2864
- C:\Windows\System\JdLopHD.exe
  C:\Windows\System\JdLopHD.exe
  2⤵
  PID:7888
- C:\Windows\System\HCuilXz.exe
  C:\Windows\System\HCuilXz.exe
  2⤵
  PID:7840
- C:\Windows\System\sDsMlcg.exe
  C:\Windows\System\sDsMlcg.exe
  2⤵
  PID:2400
- C:\Windows\System\pkCpfhI.exe
  C:\Windows\System\pkCpfhI.exe
  2⤵
  PID:8128
- C:\Windows\System\qCnEcCp.exe
  C:\Windows\System\qCnEcCp.exe
  2⤵
  PID:7744
- C:\Windows\System\PfJqeDL.exe
  C:\Windows\System\PfJqeDL.exe
  2⤵
  PID:6248
- C:\Windows\System\bFEOziD.exe
  C:\Windows\System\bFEOziD.exe
  2⤵
  PID:7540
- C:\Windows\System\zXZpAdp.exe
  C:\Windows\System\zXZpAdp.exe
  2⤵
  PID:1532
- C:\Windows\System\VBoWMhV.exe
  C:\Windows\System\VBoWMhV.exe
  2⤵
  PID:7260
- C:\Windows\System\jjUmsrG.exe
  C:\Windows\System\jjUmsrG.exe
  2⤵
  PID:8020
- C:\Windows\System\tKkmLMc.exe
  C:\Windows\System\tKkmLMc.exe
  2⤵
  PID:8064
- C:\Windows\System\RHNCuAY.exe
  C:\Windows\System\RHNCuAY.exe
  2⤵
  PID:7860
- C:\Windows\System\srrvPfy.exe
  C:\Windows\System\srrvPfy.exe
  2⤵
  PID:2036
- C:\Windows\System\gWveEKr.exe
  C:\Windows\System\gWveEKr.exe
  2⤵
  PID:2636
- C:\Windows\System\ZFYAKsc.exe
  C:\Windows\System\ZFYAKsc.exe
  2⤵
  PID:1872
- C:\Windows\System\OclABSy.exe
  C:\Windows\System\OclABSy.exe
  2⤵
  PID:7404
- C:\Windows\System\aGrlWQU.exe
  C:\Windows\System\aGrlWQU.exe
  2⤵
  PID:1528
- C:\Windows\System\XJdfWiQ.exe
  C:\Windows\System\XJdfWiQ.exe
  2⤵
  PID:7988
- C:\Windows\System\XqSmuld.exe
  C:\Windows\System\XqSmuld.exe
  2⤵
  PID:5024
- C:\Windows\System\hDioFqR.exe
  C:\Windows\System\hDioFqR.exe
  2⤵
  PID:8140
- C:\Windows\System\nKqWxqA.exe
  C:\Windows\System\nKqWxqA.exe
  2⤵
  PID:812
- C:\Windows\System\JsiCGeq.exe
  C:\Windows\System\JsiCGeq.exe
  2⤵
  PID:7336
- C:\Windows\System\KdACOyf.exe
  C:\Windows\System\KdACOyf.exe
  2⤵
  PID:7688
- C:\Windows\System\CQjbfXl.exe
  C:\Windows\System\CQjbfXl.exe
  2⤵
  PID:8196
- C:\Windows\System\bMhvOHl.exe
  C:\Windows\System\bMhvOHl.exe
  2⤵
  PID:8220
- C:\Windows\System\RfgHHfW.exe
  C:\Windows\System\RfgHHfW.exe
  2⤵
  PID:8240
- C:\Windows\System\btUJdTv.exe
  C:\Windows\System\btUJdTv.exe
  2⤵
  PID:8256
- C:\Windows\System\NNVqmZk.exe
  C:\Windows\System\NNVqmZk.exe
  2⤵
  PID:8272
- C:\Windows\System\npVdCzD.exe
  C:\Windows\System\npVdCzD.exe
  2⤵
  PID:8288
- C:\Windows\System\sQVIWdk.exe
  C:\Windows\System\sQVIWdk.exe
  2⤵
  PID:8304
- C:\Windows\System\jTNPyTV.exe
  C:\Windows\System\jTNPyTV.exe
  2⤵
  PID:8324
- C:\Windows\System\BiMoBjL.exe
  C:\Windows\System\BiMoBjL.exe
  2⤵
  PID:8344
- C:\Windows\System\iLIoklp.exe
  C:\Windows\System\iLIoklp.exe
  2⤵
  PID:8364
- C:\Windows\System\HgWwFWg.exe
  C:\Windows\System\HgWwFWg.exe
  2⤵
  PID:8384
- C:\Windows\System\UiIrMHk.exe
  C:\Windows\System\UiIrMHk.exe
  2⤵
  PID:8428
- C:\Windows\System\sENJTyJ.exe
  C:\Windows\System\sENJTyJ.exe
  2⤵
  PID:8448
- C:\Windows\System\SuETYBi.exe
  C:\Windows\System\SuETYBi.exe
  2⤵
  PID:8472
- C:\Windows\System\cNWYmKv.exe
  C:\Windows\System\cNWYmKv.exe
  2⤵
  PID:8488
- C:\Windows\System\RnPhNvt.exe
  C:\Windows\System\RnPhNvt.exe
  2⤵
  PID:8508
- C:\Windows\System\OVZrics.exe
  C:\Windows\System\OVZrics.exe
  2⤵
  PID:8524
- C:\Windows\System\zDscwGQ.exe
  C:\Windows\System\zDscwGQ.exe
  2⤵
  PID:8552
- C:\Windows\System\cqcOBPU.exe
  C:\Windows\System\cqcOBPU.exe
  2⤵
  PID:8572
- C:\Windows\System\pKekUpc.exe
  C:\Windows\System\pKekUpc.exe
  2⤵
  PID:8588
- C:\Windows\System\bacjpDG.exe
  C:\Windows\System\bacjpDG.exe
  2⤵
  PID:8612
- C:\Windows\System\PadjUeX.exe
  C:\Windows\System\PadjUeX.exe
  2⤵
  PID:8628
- C:\Windows\System\lRbbdgy.exe
  C:\Windows\System\lRbbdgy.exe
  2⤵
  PID:8644
- C:\Windows\System\ntWZUrl.exe
  C:\Windows\System\ntWZUrl.exe
  2⤵
  PID:8660
- C:\Windows\System\YPsDcDS.exe
  C:\Windows\System\YPsDcDS.exe
  2⤵
  PID:8676
- C:\Windows\System\IlPHJqE.exe
  C:\Windows\System\IlPHJqE.exe
  2⤵
  PID:8692
- C:\Windows\System\tmuWMEJ.exe
  C:\Windows\System\tmuWMEJ.exe
  2⤵
  PID:8708
- C:\Windows\System\jXSeQdI.exe
  C:\Windows\System\jXSeQdI.exe
  2⤵
  PID:8724
- C:\Windows\System\FueNiWR.exe
  C:\Windows\System\FueNiWR.exe
  2⤵
  PID:8740
- C:\Windows\System\xlPzjPL.exe
  C:\Windows\System\xlPzjPL.exe
  2⤵
  PID:8756
- C:\Windows\System\WOgZNqp.exe
  C:\Windows\System\WOgZNqp.exe
  2⤵
  PID:8772
- C:\Windows\System\MkffAsq.exe
  C:\Windows\System\MkffAsq.exe
  2⤵
  PID:8792
- C:\Windows\System\LPalqqh.exe
  C:\Windows\System\LPalqqh.exe
  2⤵
  PID:8808
- C:\Windows\System\NcdtSxB.exe
  C:\Windows\System\NcdtSxB.exe
  2⤵
  PID:8824
- C:\Windows\System\dJnbfBh.exe
  C:\Windows\System\dJnbfBh.exe
  2⤵
  PID:8844
- C:\Windows\System\EGgoXaU.exe
  C:\Windows\System\EGgoXaU.exe
  2⤵
  PID:8864
- C:\Windows\System\FCFWDiB.exe
  C:\Windows\System\FCFWDiB.exe
  2⤵
  PID:8888
- C:\Windows\System\dpzyBCe.exe
  C:\Windows\System\dpzyBCe.exe
  2⤵
  PID:8916
- C:\Windows\System\FKeCnpe.exe
  C:\Windows\System\FKeCnpe.exe
  2⤵
  PID:8932
- C:\Windows\System\HCRYjwn.exe
  C:\Windows\System\HCRYjwn.exe
  2⤵
  PID:9000
- C:\Windows\System\zCcgTUb.exe
  C:\Windows\System\zCcgTUb.exe
  2⤵
  PID:9020
- C:\Windows\System\nsGRSkx.exe
  C:\Windows\System\nsGRSkx.exe
  2⤵
  PID:9036
- C:\Windows\System\NXIbPln.exe
  C:\Windows\System\NXIbPln.exe
  2⤵
  PID:9056
- C:\Windows\System\WRQDVUx.exe
  C:\Windows\System\WRQDVUx.exe
  2⤵
  PID:9072
- C:\Windows\System\PgjcHWp.exe
  C:\Windows\System\PgjcHWp.exe
  2⤵
  PID:9092
- C:\Windows\System\vtucgqb.exe
  C:\Windows\System\vtucgqb.exe
  2⤵
  PID:9124
- C:\Windows\System\UDEiJgG.exe
  C:\Windows\System\UDEiJgG.exe
  2⤵
  PID:9140
- C:\Windows\System\ZvEouds.exe
  C:\Windows\System\ZvEouds.exe
  2⤵
  PID:9156
- C:\Windows\System\RtACgbn.exe
  C:\Windows\System\RtACgbn.exe
  2⤵
  PID:9172
- C:\Windows\System\eVbyRiP.exe
  C:\Windows\System\eVbyRiP.exe
  2⤵
  PID:9188
- C:\Windows\System\WiMtfHP.exe
  C:\Windows\System\WiMtfHP.exe
  2⤵
  PID:9212
- C:\Windows\System\WEmjSkx.exe
  C:\Windows\System\WEmjSkx.exe
  2⤵
  PID:8212
- C:\Windows\System\hCnDuyg.exe
  C:\Windows\System\hCnDuyg.exe
  2⤵
  PID:8248
- C:\Windows\System\olNFLsm.exe
  C:\Windows\System\olNFLsm.exe
  2⤵
  PID:8296
- C:\Windows\System\IQkqkRS.exe
  C:\Windows\System\IQkqkRS.exe
  2⤵
  PID:8336
- C:\Windows\System\VagJrhD.exe
  C:\Windows\System\VagJrhD.exe
  2⤵
  PID:8316
- C:\Windows\System\yAhQjaT.exe
  C:\Windows\System\yAhQjaT.exe
  2⤵
  PID:8404
- C:\Windows\System\vGQkjQp.exe
  C:\Windows\System\vGQkjQp.exe
  2⤵
  PID:8424
- C:\Windows\System\rUfcSEt.exe
  C:\Windows\System\rUfcSEt.exe
  2⤵
  PID:8456
- C:\Windows\System\RmNzyKK.exe
  C:\Windows\System\RmNzyKK.exe
  2⤵
  PID:8500
- C:\Windows\System\nAEbivX.exe
  C:\Windows\System\nAEbivX.exe
  2⤵
  PID:8540
- C:\Windows\System\SyWXnoP.exe
  C:\Windows\System\SyWXnoP.exe
  2⤵
  PID:8560
- C:\Windows\System\kEeguCl.exe
  C:\Windows\System\kEeguCl.exe
  2⤵
  PID:8596
- C:\Windows\System\JIVnOJF.exe
  C:\Windows\System\JIVnOJF.exe
  2⤵
  PID:8608
- C:\Windows\System\Raypbum.exe
  C:\Windows\System\Raypbum.exe
  2⤵
  PID:8624
- C:\Windows\System\pyBXUgb.exe
  C:\Windows\System\pyBXUgb.exe
  2⤵
  PID:8688
- C:\Windows\System\IyIUiJG.exe
  C:\Windows\System\IyIUiJG.exe
  2⤵
  PID:8748
- C:\Windows\System\fJxGQgj.exe
  C:\Windows\System\fJxGQgj.exe
  2⤵
  PID:8804
- C:\Windows\System\fiYEMwN.exe
  C:\Windows\System\fiYEMwN.exe
  2⤵
  PID:8872
- C:\Windows\System\Hfwugih.exe
  C:\Windows\System\Hfwugih.exe
  2⤵
  PID:8884
- C:\Windows\System\gFdZkZn.exe
  C:\Windows\System\gFdZkZn.exe
  2⤵
  PID:8924
- C:\Windows\System\mQfakGz.exe
  C:\Windows\System\mQfakGz.exe
  2⤵
  PID:8904
- C:\Windows\System\HjNuIkW.exe
  C:\Windows\System\HjNuIkW.exe
  2⤵
  PID:8944
- C:\Windows\System\itCjYqE.exe
  C:\Windows\System\itCjYqE.exe
  2⤵
  PID:8972
- C:\Windows\System\RWPjcWD.exe
  C:\Windows\System\RWPjcWD.exe
  2⤵
  PID:9008
- C:\Windows\System\tkxyMIP.exe
  C:\Windows\System\tkxyMIP.exe
  2⤵
  PID:9032
- C:\Windows\System\NkJWIAt.exe
  C:\Windows\System\NkJWIAt.exe
  2⤵
  PID:9084
- C:\Windows\System\ofmFWXN.exe
  C:\Windows\System\ofmFWXN.exe
  2⤵
  PID:9108
- C:\Windows\System\TOAHGGW.exe
  C:\Windows\System\TOAHGGW.exe
  2⤵
  PID:9136
- C:\Windows\System\KlewVLV.exe
  C:\Windows\System\KlewVLV.exe
  2⤵
  PID:9180
- C:\Windows\System\XnlIFaM.exe
  C:\Windows\System\XnlIFaM.exe
  2⤵
  PID:9184
- C:\Windows\System\EEayuZN.exe
  C:\Windows\System\EEayuZN.exe
  2⤵
  PID:8232
- C:\Windows\System\pHNHLay.exe
  C:\Windows\System\pHNHLay.exe
  2⤵
  PID:8216
- C:\Windows\System\bOTXIAy.exe
  C:\Windows\System\bOTXIAy.exe
  2⤵
  PID:8396
- C:\Windows\System\BPbLIVL.exe
  C:\Windows\System\BPbLIVL.exe
  2⤵
  PID:8412
- C:\Windows\System\jbpFITa.exe
  C:\Windows\System\jbpFITa.exe
  2⤵
  PID:8468
- C:\Windows\System\omVyacH.exe
  C:\Windows\System\omVyacH.exe
  2⤵
  PID:8520
- C:\Windows\System\IAeELDd.exe
  C:\Windows\System\IAeELDd.exe
  2⤵
  PID:8640
- C:\Windows\System\txzuHJw.exe
  C:\Windows\System\txzuHJw.exe
  2⤵
  PID:8700
- C:\Windows\System\bwFhlBb.exe
  C:\Windows\System\bwFhlBb.exe
  2⤵
  PID:8604
- C:\Windows\System\wunYgDJ.exe
  C:\Windows\System\wunYgDJ.exe
  2⤵
  PID:8716
- C:\Windows\System\wjLzovX.exe
  C:\Windows\System\wjLzovX.exe
  2⤵
  PID:8752
- C:\Windows\System\XReFEoW.exe
  C:\Windows\System\XReFEoW.exe
  2⤵
  PID:8800
- C:\Windows\System\laKamwf.exe
  C:\Windows\System\laKamwf.exe
  2⤵
  PID:8816
- C:\Windows\System\CITFjsF.exe
  C:\Windows\System\CITFjsF.exe
  2⤵
  PID:8908
- C:\Windows\System\SwqShgb.exe
  C:\Windows\System\SwqShgb.exe
  2⤵
  PID:8896
- C:\Windows\System\UEeXfZt.exe
  C:\Windows\System\UEeXfZt.exe
  2⤵
  PID:8980
- C:\Windows\System\DKXtBIP.exe
  C:\Windows\System\DKXtBIP.exe
  2⤵
  PID:9052
- C:\Windows\System\uHTLNzS.exe
  C:\Windows\System\uHTLNzS.exe
  2⤵
  PID:9120
- C:\Windows\System\QswvzNQ.exe
  C:\Windows\System\QswvzNQ.exe
  2⤵
  PID:9204
- C:\Windows\System\JBRDEsk.exe
  C:\Windows\System\JBRDEsk.exe
  2⤵
  PID:8280
- C:\Windows\System\Pikbcvj.exe
  C:\Windows\System\Pikbcvj.exe
  2⤵
  PID:8360
- C:\Windows\System\TSTzMlj.exe
  C:\Windows\System\TSTzMlj.exe
  2⤵
  PID:8400
- C:\Windows\System\EdgKDDG.exe
  C:\Windows\System\EdgKDDG.exe
  2⤵
  PID:1508
- C:\Windows\System\hEcAIny.exe
  C:\Windows\System\hEcAIny.exe
  2⤵
  PID:8580
- C:\Windows\System\XJZnFNy.exe
  C:\Windows\System\XJZnFNy.exe
  2⤵
  PID:8788
- C:\Windows\System\zuvbbHF.exe
  C:\Windows\System\zuvbbHF.exe
  2⤵
  PID:8656
- C:\Windows\System\lyrfUaO.exe
  C:\Windows\System\lyrfUaO.exe
  2⤵
  PID:8204
- C:\Windows\System\kxqmRys.exe
  C:\Windows\System\kxqmRys.exe
  2⤵
  PID:8860
- C:\Windows\System\eEvnYmP.exe
  C:\Windows\System\eEvnYmP.exe
  2⤵
  PID:9168
- C:\Windows\System\ASBSbnB.exe
  C:\Windows\System\ASBSbnB.exe
  2⤵
  PID:8852
- C:\Windows\System\eOhRbrc.exe
  C:\Windows\System\eOhRbrc.exe
  2⤵
  PID:8516
- C:\Windows\System\gnNjvKB.exe
  C:\Windows\System\gnNjvKB.exe
  2⤵
  PID:8548
- C:\Windows\System\qfUwzTX.exe
  C:\Windows\System\qfUwzTX.exe
  2⤵
  PID:8900
- C:\Windows\System\pKulwxq.exe
  C:\Windows\System\pKulwxq.exe
  2⤵
  PID:8732
- C:\Windows\System\oGrgoVy.exe
  C:\Windows\System\oGrgoVy.exe
  2⤵
  PID:9132
- C:\Windows\System\eCyHXDu.exe
  C:\Windows\System\eCyHXDu.exe
  2⤵
  PID:9152
- C:\Windows\System\DBJTqVe.exe
  C:\Windows\System\DBJTqVe.exe
  2⤵
  PID:8764
- C:\Windows\System\FVjhVNR.exe
  C:\Windows\System\FVjhVNR.exe
  2⤵
  PID:8976
- C:\Windows\System\McAbBtY.exe
  C:\Windows\System\McAbBtY.exe
  2⤵
  PID:8320
- C:\Windows\System\sAkcoSB.exe
  C:\Windows\System\sAkcoSB.exe
  2⤵
  PID:9080
- C:\Windows\System\MjCxubK.exe
  C:\Windows\System\MjCxubK.exe
  2⤵
  PID:8720
- C:\Windows\System\OMyfnlw.exe
  C:\Windows\System\OMyfnlw.exe
  2⤵
  PID:8264
- C:\Windows\System\VyszvZv.exe
  C:\Windows\System\VyszvZv.exe
  2⤵
  PID:8964
- C:\Windows\System\JXOQpaS.exe
  C:\Windows\System\JXOQpaS.exe
  2⤵
  PID:8600
- C:\Windows\System\uoUExTM.exe
  C:\Windows\System\uoUExTM.exe
  2⤵
  PID:9028
- C:\Windows\System\hmAymTe.exe
  C:\Windows\System\hmAymTe.exe
  2⤵
  PID:9116
- C:\Windows\System\XACXMCl.exe
  C:\Windows\System\XACXMCl.exe
  2⤵
  PID:9236
- C:\Windows\System\tWejIvA.exe
  C:\Windows\System\tWejIvA.exe
  2⤵
  PID:9256
- C:\Windows\System\HlSlYAQ.exe
  C:\Windows\System\HlSlYAQ.exe
  2⤵
  PID:9276
- C:\Windows\System\CzQobzF.exe
  C:\Windows\System\CzQobzF.exe
  2⤵
  PID:9292
- C:\Windows\System\AMIQCpw.exe
  C:\Windows\System\AMIQCpw.exe
  2⤵
  PID:9312
- C:\Windows\System\yUgbHid.exe
  C:\Windows\System\yUgbHid.exe
  2⤵
  PID:9328
- C:\Windows\System\HIqDzHo.exe
  C:\Windows\System\HIqDzHo.exe
  2⤵
  PID:9352
- C:\Windows\System\KpsxlmW.exe
  C:\Windows\System\KpsxlmW.exe
  2⤵
  PID:9368
- C:\Windows\System\RuDrjlw.exe
  C:\Windows\System\RuDrjlw.exe
  2⤵
  PID:9384
- C:\Windows\System\yHIJISZ.exe
  C:\Windows\System\yHIJISZ.exe
  2⤵
  PID:9404
- C:\Windows\System\QMGIphq.exe
  C:\Windows\System\QMGIphq.exe
  2⤵
  PID:9440
- C:\Windows\System\blAHAZZ.exe
  C:\Windows\System\blAHAZZ.exe
  2⤵
  PID:9460
- C:\Windows\System\bYZFzOX.exe
  C:\Windows\System\bYZFzOX.exe
  2⤵
  PID:9476
- C:\Windows\System\GmaUyeL.exe
  C:\Windows\System\GmaUyeL.exe
  2⤵
  PID:9492
- C:\Windows\System\sTPCzDN.exe
  C:\Windows\System\sTPCzDN.exe
  2⤵
  PID:9508
- C:\Windows\System\XbUxGPa.exe
  C:\Windows\System\XbUxGPa.exe
  2⤵
  PID:9536
- C:\Windows\System\cZhaqDc.exe
  C:\Windows\System\cZhaqDc.exe
  2⤵
  PID:9552
- C:\Windows\System\JlfSNep.exe
  C:\Windows\System\JlfSNep.exe
  2⤵
  PID:9568
- C:\Windows\System\wOVNNDh.exe
  C:\Windows\System\wOVNNDh.exe
  2⤵
  PID:9588
- C:\Windows\System\yKarXwn.exe
  C:\Windows\System\yKarXwn.exe
  2⤵
  PID:9604
- C:\Windows\System\BxrGIcY.exe
  C:\Windows\System\BxrGIcY.exe
  2⤵
  PID:9620
- C:\Windows\System\jNKxzuK.exe
  C:\Windows\System\jNKxzuK.exe
  2⤵
  PID:9636
- C:\Windows\System\cPqnfyQ.exe
  C:\Windows\System\cPqnfyQ.exe
  2⤵
  PID:9652
- C:\Windows\System\QftaSYc.exe
  C:\Windows\System\QftaSYc.exe
  2⤵
  PID:9668
- C:\Windows\System\BgOVxXQ.exe
  C:\Windows\System\BgOVxXQ.exe
  2⤵
  PID:9684
- C:\Windows\System\rGxozIC.exe
  C:\Windows\System\rGxozIC.exe
  2⤵
  PID:9740
- C:\Windows\System\mkotXUx.exe
  C:\Windows\System\mkotXUx.exe
  2⤵
  PID:9760
- C:\Windows\System\vuxQqiz.exe
  C:\Windows\System\vuxQqiz.exe
  2⤵
  PID:9784
- C:\Windows\System\CujzZfX.exe
  C:\Windows\System\CujzZfX.exe
  2⤵
  PID:9800
- C:\Windows\System\lsnnUZl.exe
  C:\Windows\System\lsnnUZl.exe
  2⤵
  PID:9816
- C:\Windows\System\CmnRulf.exe
  C:\Windows\System\CmnRulf.exe
  2⤵
  PID:9832
- C:\Windows\System\jowFpTK.exe
  C:\Windows\System\jowFpTK.exe
  2⤵
  PID:9848
- C:\Windows\System\VIJjnkP.exe
  C:\Windows\System\VIJjnkP.exe
  2⤵
  PID:9864
- C:\Windows\System\fYcBmOB.exe
  C:\Windows\System\fYcBmOB.exe
  2⤵
  PID:9888
- C:\Windows\System\YqqwiKr.exe
  C:\Windows\System\YqqwiKr.exe
  2⤵
  PID:9908
- C:\Windows\System\uychhwO.exe
  C:\Windows\System\uychhwO.exe
  2⤵
  PID:9928
- C:\Windows\System\HNDzbhl.exe
  C:\Windows\System\HNDzbhl.exe
  2⤵
  PID:9944
- C:\Windows\System\NqSpCaB.exe
  C:\Windows\System\NqSpCaB.exe
  2⤵
  PID:9964
- C:\Windows\System\TzTkOoE.exe
  C:\Windows\System\TzTkOoE.exe
  2⤵
  PID:10000
- C:\Windows\System\ASnfNfs.exe
  C:\Windows\System\ASnfNfs.exe
  2⤵
  PID:10020
- C:\Windows\System\dqIKJFc.exe
  C:\Windows\System\dqIKJFc.exe
  2⤵
  PID:10036
- C:\Windows\System\xuGNGgm.exe
  C:\Windows\System\xuGNGgm.exe
  2⤵
  PID:10060
- C:\Windows\System\gzRXNEu.exe
  C:\Windows\System\gzRXNEu.exe
  2⤵
  PID:10076
- C:\Windows\System\dCLEszS.exe
  C:\Windows\System\dCLEszS.exe
  2⤵
  PID:10096
- C:\Windows\System\OmAOnEQ.exe
  C:\Windows\System\OmAOnEQ.exe
  2⤵
  PID:10112
- C:\Windows\System\EQtOIhi.exe
  C:\Windows\System\EQtOIhi.exe
  2⤵
  PID:10136
- C:\Windows\System\aCLmLkz.exe
  C:\Windows\System\aCLmLkz.exe
  2⤵
  PID:10160
- C:\Windows\System\gZVyInM.exe
  C:\Windows\System\gZVyInM.exe
  2⤵
  PID:10180
- C:\Windows\System\baffxAm.exe
  C:\Windows\System\baffxAm.exe
  2⤵
  PID:10200
- C:\Windows\System\GYMcyqH.exe
  C:\Windows\System\GYMcyqH.exe
  2⤵
  PID:10220
- C:\Windows\System\LCBlzmy.exe
  C:\Windows\System\LCBlzmy.exe
  2⤵
  PID:9012
- C:\Windows\System\jYkoOTY.exe
  C:\Windows\System\jYkoOTY.exe
  2⤵
  PID:9248
- C:\Windows\System\HGTuqUx.exe
  C:\Windows\System\HGTuqUx.exe
  2⤵
  PID:9324
- C:\Windows\System\GHewZIT.exe
  C:\Windows\System\GHewZIT.exe
  2⤵
  PID:9268
- C:\Windows\System\jAolhsc.exe
  C:\Windows\System\jAolhsc.exe
  2⤵
  PID:9340
- C:\Windows\System\ghQVxCc.exe
  C:\Windows\System\ghQVxCc.exe
  2⤵
  PID:9376
- C:\Windows\System\PSljRgQ.exe
  C:\Windows\System\PSljRgQ.exe
  2⤵
  PID:9420
- C:\Windows\System\HrFJZbM.exe
  C:\Windows\System\HrFJZbM.exe
  2⤵
  PID:9456
- C:\Windows\System\AxNYKZp.exe
  C:\Windows\System\AxNYKZp.exe
  2⤵
  PID:9472
- C:\Windows\System\IluYamC.exe
  C:\Windows\System\IluYamC.exe
  2⤵
  PID:9524
- C:\Windows\System\XdVcSdh.exe
  C:\Windows\System\XdVcSdh.exe
  2⤵
  PID:9544
- C:\Windows\System\THlDVVp.exe
  C:\Windows\System\THlDVVp.exe
  2⤵
  PID:9584
- C:\Windows\System\YqoeWfR.exe
  C:\Windows\System\YqoeWfR.exe
  2⤵
  PID:9700
- C:\Windows\System\nwBdxRS.exe
  C:\Windows\System\nwBdxRS.exe
  2⤵
  PID:9660
- C:\Windows\System\WFMhXrg.exe
  C:\Windows\System\WFMhXrg.exe
  2⤵
  PID:9664
- C:\Windows\System\GGeZHUH.exe
  C:\Windows\System\GGeZHUH.exe
  2⤵
  PID:9676
- C:\Windows\System\oFzViID.exe
  C:\Windows\System\oFzViID.exe
  2⤵
  PID:9748
- C:\Windows\System\RZdBOzK.exe
  C:\Windows\System\RZdBOzK.exe
  2⤵
  PID:9808
- C:\Windows\System\LPfZHUp.exe
  C:\Windows\System\LPfZHUp.exe
  2⤵
  PID:9876
- C:\Windows\System\vPpxkQE.exe
  C:\Windows\System\vPpxkQE.exe
  2⤵
  PID:9916
- C:\Windows\System\GcnMQVH.exe
  C:\Windows\System\GcnMQVH.exe
  2⤵
  PID:9824
- C:\Windows\System\NEpGtEZ.exe
  C:\Windows\System\NEpGtEZ.exe
  2⤵
  PID:9860
- C:\Windows\System\oJHKzvM.exe
  C:\Windows\System\oJHKzvM.exe
  2⤵
  PID:9960
- C:\Windows\System\SiOTXOZ.exe
  C:\Windows\System\SiOTXOZ.exe
  2⤵
  PID:10048
- C:\Windows\System\PFCgsED.exe
  C:\Windows\System\PFCgsED.exe
  2⤵
  PID:10084
- C:\Windows\System\INOWibl.exe
  C:\Windows\System\INOWibl.exe
  2⤵
  PID:9976
- C:\Windows\System\PoAleNb.exe
  C:\Windows\System\PoAleNb.exe
  2⤵
  PID:10072
- C:\Windows\System\TtfxeuM.exe
  C:\Windows\System\TtfxeuM.exe
  2⤵
  PID:10028
- C:\Windows\System\tLOUUTB.exe
  C:\Windows\System\tLOUUTB.exe
  2⤵
  PID:10168
- C:\Windows\System\YnIHali.exe
  C:\Windows\System\YnIHali.exe
  2⤵
  PID:10188
- C:\Windows\System\JFlJROS.exe
  C:\Windows\System\JFlJROS.exe
  2⤵
  PID:9736
- C:\Windows\System\dxoDPuW.exe
  C:\Windows\System\dxoDPuW.exe
  2⤵
  PID:10232
- C:\Windows\System\tikPaYn.exe
  C:\Windows\System\tikPaYn.exe
  2⤵
  PID:9232
- C:\Windows\System\iWFRElG.exe
  C:\Windows\System\iWFRElG.exe
  2⤵
  PID:9336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AtQHLwS.exe

Filesize
6.0MB

MD5
b98716983163fd351a839b03cb8a6933

SHA1
201b5eb8085750261e1b6d34deda12c3addfd619

SHA256
f6363d551f49472daf730a6094fa0e127dae4d264bd00fb66be774e54658fd3b

SHA512
a683356e0157d2b94470a5f15cdeda1c3690a2c5b2d73e5684e34af1763bc890e617cdd526fc1298705ba71070088217d140ac7f2059f2e45c01a7f3164e19f8

Download Submit
C:\Windows\system\Bvgerzy.exe

Filesize
6.0MB

MD5
1fe230a2a5954674d36a06a357f52f95

SHA1
e7c0b38c6c358b9dd82aa98d9b8a9c7ac4777d92

SHA256
e4b47b154befb1fde48c3de3fa1695db933b03c36a559a5a24a4f46af8c46b28

SHA512
0052977ebd00dda2c1d52ebcf83aa2d4e9ddd816e7354922081e1e29d94706977219fd8c2c321f1983ab0cf40f7cd101f339c81f065911b4ac6298c80b4f38a8

Download Submit
C:\Windows\system\CFzpLcn.exe

Filesize
6.0MB

MD5
a9e6f37427da15e6060e12fb6f3d63fc

SHA1
43093828a05a89f5f32197577748786348432414

SHA256
5e06be823ebfee548e1cd8407cc82ad0e560af2ec0cab6056c1ca8aa0fdb8de8

SHA512
78c0eb0c966010e92f1c7d7539190b1ff9de1d2715662b8a39f40a092e6719f4042b9d42eb1e689dc7973beffc3b42348828c4f4bb5bdae1f5735e03d77539ed

Download Submit
C:\Windows\system\DjAMVxL.exe

Filesize
6.0MB

MD5
e5277a03c6b5e82b21318eca8c96a087

SHA1
31aa835f0f60ac0b2baa6cacc37cfd7964002609

SHA256
8e5568e84ffdd94d3a269ba1c4419ed954cae937ff927020609d0d9b7bec3c1e

SHA512
04a28bfed74e0800f7b48e3ea7b42274cb072eee598983a84c23e8905c330cc83acc5e78c9f5b3ac6bb6336e3e52f26a54bfcf3d2c441745b715168b8f39d3c9

Download Submit
C:\Windows\system\HnafRXM.exe

Filesize
6.0MB

MD5
1a1e5112f19664e3e54e124f05422142

SHA1
5a2a81989dd8aaa8da0ced20101d165a92752810

SHA256
e896c2f2a22365482b5ceccc6a6914e2c8b86c509ad0746d18321d7ca57ad122

SHA512
bf83287082fcd24ea22b6785454079e503d6e9b64c9fbffbeb16158494b31f101566682a2406b1d25981aefc3e268f5c4f6d9ec955656561656ea5cd87d2f05a

Download Submit
C:\Windows\system\HssCSZW.exe

Filesize
6.0MB

MD5
8f9977566ea9ad4f943970056e7065b3

SHA1
5c20cb52ac238ea748ad1070f3b485eae2676c4f

SHA256
6e268516a53d65e1480645b54d4060297fb83e11680876c5d2ba9606a380062a

SHA512
3960a9093861e73925eb10d19c8f0631f1df32cdb202c5f418aa928d0c3fab231d20016a84059774bd9275e074e58a8762432023f3ec0cf772c9ef885e1f494d

Download Submit
C:\Windows\system\NkbfTWu.exe

Filesize
6.0MB

MD5
87e9faedcb67d41b0368019b519a6cbc

SHA1
a139eaf2c9bc0720f1ec1ba170c1d0b7940768b3

SHA256
eda9e2568315527bb5561bf7dacab0ae7446883c46eabd07b8866460520637d3

SHA512
a24cd9b9873a8db2457794a8a44f6bcbb0fd38adec64eb3349f0fd67b2258c2a84f8d65f52addc01d9fd8d4cea4acc7807e8ced137ca924ed518e44d48308b97

Download Submit
C:\Windows\system\OycfwFY.exe

Filesize
6.0MB

MD5
d97f44abf39ce9d77c12f5e4f237e651

SHA1
27e526f20af5e00576d4753902bec4735b6127c4

SHA256
11826b75715c88a6a855abfa0a7309eceee434e8955127f11f6b2c9adc1937ce

SHA512
3f6ce01faea307ed2b54e2ae86289c147f7a5a73df55de00c48242fa8ac499a5f72175e98fc41a683b4573776308f2b267b357a11ea76361d13c2ff6bc2c3138

Download Submit
C:\Windows\system\TcETyAf.exe

Filesize
6.0MB

MD5
289db616fd73b63036b0d7b74be53906

SHA1
ba764c557e7d19499dfce6de9ccba7973ab0f0b2

SHA256
34aff2b682b942cc2ae5475a9faa3112b22a3e41391ac1f36f49140c994c3e0a

SHA512
fa33073dcef94ae0cc5edac2efdb949632b9c026f6362e98137da2dd08524a7aeba82efa4b480a9bd2e08fda32b681e73295deee81f333d18bad0ff094dc887a

Download Submit
C:\Windows\system\TvhBkKC.exe

Filesize
6.0MB

MD5
3ce3a823798042a13eae05b3f9ae365e

SHA1
3d31e352662ceac62b561f6a6f6902d773eabd34

SHA256
6f435ad72b095c612caf100144d83ea86de52b4672573dc91690fea3f7772d6c

SHA512
6e94f089fa063e8a9e5022a691cab9dcc4e930455e86dc598b28a3575632dca543f6a9f2748957aab48519e486415d1921ed58398f2504b8bd6893f87604fdaa

Download Submit
C:\Windows\system\UCTAOuV.exe

Filesize
6.0MB

MD5
e4010fc01fbd2b48231439630ba95d81

SHA1
8fa90ce4f8a2411ad5901392f3be867917a91010

SHA256
79711eabf7ee68fdfda83ccb058c25087d421c38d33010b75540dd1b280b35fc

SHA512
3adbc0206123d2c531a6e4d1c8ce9fb0bd22a1bcb65f645ddefedafcd975e2995389b5818af3f8f842d972003b89f4bc5719b284f3bdb43d050c5a9f55098d52

Download Submit
C:\Windows\system\VWucMqu.exe

Filesize
6.0MB

MD5
df53bff638b21fec5535e594ed70cb70

SHA1
dd0bd34465fd0e76c83c9415565cecfc98e94c05

SHA256
5346b018b92c1cf8ebec1e910b1e278c8feb9c697129164585bdda32b6a3043c

SHA512
f4eba0377df1dddf2b4aa49f8fd860bcda782c1adb94b9e06d710b047f3e413b9efa5b896277ed101806d941c8d1529232ad26cf5a2febca1d1e3a9920a4a0b0

Download Submit
C:\Windows\system\XZoPYXW.exe

Filesize
6.0MB

MD5
6fd1102d89c20194f0e56385fa521128

SHA1
e6a8778007aba95c948884d2682f84dcd7bb0080

SHA256
00fdbdb01ed5f3a75ef900a832c2e58f6a5925d31687985a4e137d8b671e60e8

SHA512
b63139cf2894b5420ccbaf01228d1a1d6e36f3e48c2a86f1a6201fd0e896c8e8530abac12587a4b1205337ddda0876dc6681882ed8f202e7e662ff3a9f952c38

Download Submit
C:\Windows\system\anwBEPt.exe

Filesize
8B

MD5
9dfc25d240707324078787beb2add1bc

SHA1
254888a92ba3d9dbeb53160e8ba2538241a4b115

SHA256
95986ad3b089aedb0b2b76089a66c13fb04fa75423c77431de10a8632f7435c3

SHA512
5a10f977bb5a41197bdab8e130625d6a4188190449cec3518bd2d4a453f686710cc974161a64073d1b474eca2dfa109b35f119193e4fe852e65eeefc6a8e5b0b

Download Submit
C:\Windows\system\cPJrvlU.exe

Filesize
6.0MB

MD5
494846d0fa33707f180f422c240cbcb3

SHA1
f124d91935a6cbe7007061a91c404fc074dcbd07

SHA256
75315c1f3725023f73316bdf43c80105730ea089246a5fa0b8d43a938c88b6e9

SHA512
7a9709b91dcad7a82d1f439f58b2e23c8474baabfbd5ec4db2d9ddc3e42e99acf429e28a77776ba7bc4b14aec9ed62f13b80782eb6ba1c0adad2af8df238e837

Download Submit
C:\Windows\system\dHHmIUr.exe

Filesize
6.0MB

MD5
e2bf642a02e16b67a7fbf46171be12cc

SHA1
86cad96e1dd09fd8359f0f2e4132cf56489f37d3

SHA256
b3272afbbd0da090b7774429d5ddfe3073a2734e9166ad407e7b59cd45b383b0

SHA512
1c00c7d85043a049707591564d66d4063500d2c11ef89c6616bfc6a0703cba89b4ca20400ebea95ceecc248c69b8ce16a10e65b8f138fe40088868f44c54f6cf

Download Submit
C:\Windows\system\fEPIvdj.exe

Filesize
6.0MB

MD5
f4eac86eeb6d9ab4fdf07ef74ac0dd05

SHA1
7c9bd81bf7885bec234b3090eb6ea07ba8f14fb7

SHA256
c7bf77261c18863bef1b7af7009afeb45f27988f0ed89dd8ccbf8d93f4ca7e03

SHA512
4171dfd972d4039f9aa6067e6ea4bdb627ec67dd6837f08f62fcb21f46797120586156513f1f0965618c679f9e74ec9a03995517fd26e86415f63b681c628fec

Download Submit
C:\Windows\system\gMroxVO.exe

Filesize
6.0MB

MD5
acc52f7a7172d775b3bc3c2553b01908

SHA1
10a4a62fb1771bf0d77bcfb8799f568bb32ad697

SHA256
4071399d392f4688d1e89be176a99cd51726d3d0367c0a47705f0a0456a2605f

SHA512
ddd30271bcd214109fdaafbf82dd803a1c686daad4205d185790c1e194663ec62a6fabd2949cfba5b70a0e4681021dba754f6eeb0f9e226a292b147db9d20d7f

Download Submit
C:\Windows\system\iDrfTcv.exe

Filesize
6.0MB

MD5
7c842a30d68017ab38fa59061574d3e3

SHA1
5de0e4a4f9dcc37488c7be2386a7c191ad9b667a

SHA256
3ea82ef4112085032b4af36fe0fa1ef7ca000b2f0fad6ae21be7d68fd6de405f

SHA512
7487022182c15ab6ea230ba2e4201028c4e1311764bbc86ff70b416d96778e76bc3f7b483c1bdd4498d182b25ce7a13c121ebc80551aed23de1d21f267cdc3ab

Download Submit
C:\Windows\system\jAiENzn.exe

Filesize
6.0MB

MD5
fdd01820113ce07a998a81a35307bc09

SHA1
f5ce7116fac9b4e2d8c4d67330f0adbab656f3e0

SHA256
9f7b0cefc06ef501f05922cdd3f48d39dd20d08854d55f52b3684ce27f7ced3b

SHA512
220617df4ab6b8ccf3e359600c4ebbf94b77d4cff3962e3d3142bb7e06d970a90dadb0111e0c3c9e542ab9b94cf5420b6eb5f3f8dca2180338f42402fb6ec57d

Download Submit
C:\Windows\system\jZPLgwS.exe

Filesize
6.0MB

MD5
949d0880da35f0b662c9a91e13a8f3fe

SHA1
5002f78fb1141c386805da217e0cdcddda84fedd

SHA256
a40cfcb4c7ec9a000ab850e56d975129b47600cb5770631cbd9f88f94621388f

SHA512
d84ed22c698118d86e051b6051c7d5c69cb65cca95c7442ae73e8c986d67e22be8943480321a4c6918fe74b888e1ce57e4fa1806d8342aa321fb6a5db382746c

Download Submit
C:\Windows\system\oXAOkPe.exe

Filesize
6.0MB

MD5
916db9a16ef745822660d06dc2c75087

SHA1
7a3cda4feb726b6d49759791ca433ce136aa8506

SHA256
1aaa17d61ecae76230958cc6d74039b79fbfbe2e3a3ff54a0c9d79d4aad1c2e7

SHA512
77561d4a252af4a15b47a49d39678fc74042b084e6271243316a0e9eb56bbe1b169ce13409faf4fb0716a4d75d68ed1fafe06c19bd29e86c97b58f5646facef3

Download Submit
C:\Windows\system\pNvdcQd.exe

Filesize
6.0MB

MD5
80a64ac3a6ed39cf23a75a7b198b771d

SHA1
41fc77d0ee785373defed41d5a31d9573a800dc3

SHA256
851cf802fb038d1ec9fe626126177c9bf27fcfc3742e503da92bba509e964382

SHA512
92a50b7c481d5925a2f7a5064bee24d82e56285a0d104aeb6f2c0a646d73d4f8fe61bcaa1c8d4222b3e713a95a032e2535ae49ce781f020edc23a2af2a4a205c

Download Submit
C:\Windows\system\pzVDjQO.exe

Filesize
6.0MB

MD5
f8378589f43c6c277836231bba30e507

SHA1
02a5e83c1a3a78cb1152c1a00a98bb91362bee13

SHA256
1b52613087ae2b8bf64a1d52ad8f4341aec6bbfd6d267c96e43b672d0f18dc01

SHA512
c19645005deaa580fdd8766504d26df555ccea588ec1279abc82bf46bd68247fa8b71272c206c3bfc75cb385a9899fb9291c6e61a60f8e11508e6d239473aeca

Download Submit
C:\Windows\system\rdtdegW.exe

Filesize
6.0MB

MD5
5ab619a835c0d0934c2029917d303f1d

SHA1
2db5412cb34df01de9c24926ead540ca9efef1a8

SHA256
d23e64e48026e02c38f4be48202ff83d495010ab651e7fb3baf9b8a42d16548b

SHA512
e1cb7e1d4524a27a9bb28aa27eb8ead7fdc09e80e06c910818b1a6e2cc3f9a0a236c9d6017fbb55eed809ad2b5e1fedd5744fe5e965c06aff3181d68c7f17c75

Download Submit
C:\Windows\system\sIOsNYN.exe

Filesize
6.0MB

MD5
b541729c1875794e42cf7f324fd7dbb3

SHA1
66c29069174ec72e50e7403c28a62378055a4cfa

SHA256
8e19108b3a9aad473baf3612bf25825f8dae134e62b41dc1258ac68d89c6f37e

SHA512
c7b329683691bd22867606e2fb96322a82a7b49e88a34f006df67ee95e9e6193adf015dd8bf91f82d9f7a7f625c0cc00fb55cce977782e0c4d3600f813390637

Download Submit
C:\Windows\system\xVuSzZB.exe

Filesize
6.0MB

MD5
0c5833048f3b712b767bae8b91f05633

SHA1
96fe32829dac835e24c72fed3c570d24ce260511

SHA256
36867ecd9a6aa32029fb17ad4787aa4b6c21650e6f5d2165954f0da891561533

SHA512
e6e5cb9921e1efb0f6a3fcbcee8632443df27a4efae4fad4cf95f8198a5403d3c48d6a924f8785788a332adf2d059d3c69661172daecfccea5758a1f2269c49a

Download Submit
\Windows\system\OaSTAxM.exe

Filesize
6.0MB

MD5
0ba470bcd07343a9b656b90d61513a84

SHA1
38993fe55157cb8c22ef02b37637db52558a45a2

SHA256
553b13797e70a8f6ee6063361073a8ea99658bc1957b6d71cc62accfb2be2357

SHA512
56a701b05bd35959b06a524b5320e74ff42d39e96fcefce1325a65394ec531fffde58c28717712341731c2365e4d34b8928db5d13e3532858ec8a8c18161086f

Download Submit
\Windows\system\XOCPtcC.exe

Filesize
6.0MB

MD5
f33d22530975319f8ee613dcc87a6d97

SHA1
01bea15740fe343d5c250ad8b487ce16115854b2

SHA256
71ec25dd72077f2b168a717a2b0cab566ce0f87d5a2818e0b00624f2e6afbbf7

SHA512
260091831be2cd57557b09b919851a1ce07a6c5cf63fa454a1fcfc42e7589cfc541c81384e1ef8b503d000bbc8c0ee4df6972b5d41da64cfb587a07f0b9be4c3

Download Submit
\Windows\system\dMfMpXT.exe

Filesize
6.0MB

MD5
53c6dfe5a346c8f15913719615b5c9d1

SHA1
dde9ba2a1c0fb922c79feb9a0e9171d2432c4a4d

SHA256
bdd9bc542b11cee8d3da3cd99f55fba1caab2ec6cd3c26d28a3fc2dddcf5c3ce

SHA512
376dc258d787f5254a7fbba415bb9f7f48f560f38c14dddc637021ec72c138be18f931892b0f499dfce0342d60bf1979e1dd9b60e6ffd24d417793d85f74a58b

Download Submit
\Windows\system\gRctQUp.exe

Filesize
6.0MB

MD5
b72d8648de4a7d805ee2e5f06744f7c0

SHA1
c22ed7ef4f86f558123902ecb5667ac64d4a10e8

SHA256
c565e9c252c57f368e3d7d3878ea33a1d9a516c5714f30145b39918b8cfd70a7

SHA512
c5a4f5043cd4d3fe40b741089c901f0bef82c4048e8392b5d665fc5a29a6ceba1463d649d522548d38b27380e177d6db4729137b53c97d1ae7223ee4fdd3468b

Download Submit
\Windows\system\hYArBPt.exe

Filesize
6.0MB

MD5
a0007d0e13042ab4bc9ee8b234802016

SHA1
b373d996b93e029df1b6d0bab1e7a1fc189ab513

SHA256
727dd3fd426935fbb7fd0f0394c6599cd91df4027b5bc97b2b19a10b8d757272

SHA512
a943e5224c330cc456a8de58c732a508b4ff084cce06dc4cb53cbbdbf47b0de7ff7b0d434d0f31f21d87b5b659aeccdd5619250e68ba0c5cdf5503fa7d59a0a9

Download Submit
\Windows\system\roOpCRe.exe

Filesize
6.0MB

MD5
ff97083f40789833db61160d12088f4b

SHA1
ee3a8b99baf5ac4f3b7e170bc21f6e3730da76ad

SHA256
cad8c02a16749865a6d580e762f78254fa143fc7e07096124f05954365324e13

SHA512
24c78f8d7577f3a8abf295c0f389f1f5b3f9c5275d289e8c05eee05b27bb88ca96c50f819ea7805fc266d80e003748b7e6ff395c91decb624953b9b13180eb48

Download Submit
memory/1196-950-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1196-106-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1196-3593-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1668-0-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1668-23-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1668-12-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1668-705-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1668-71-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1046-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1668-892-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1668-6-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-18-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1668-101-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1668-63-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1668-47-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1668-55-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-35-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1668-111-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1668-110-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-31-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-102-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1668-38-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-93-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1732-41-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-3493-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-89-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1848-616-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1848-3591-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1988-97-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3592-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1988-798-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2076-3545-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2076-67-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2076-26-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2180-3590-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-420-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-82-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-14-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-51-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-3496-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-245-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-75-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-3588-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-105-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2552-68-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3581-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2676-42-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2676-81-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3577-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3585-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-60-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-96-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-52-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3580-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2712-88-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2744-74-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3578-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-36-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3565-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2920-21-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2920-59-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download