cobaltstrike | e690c29787a1bb277b992dcc9f75a7ff50fa8f2adf9b5add3942d075c736063e

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

42a9d73d7805fecfbdc21e0ca4ab7db1
SHA1

0903af8b26d383972adcc5f6fbf7ca0afb177053
SHA256

e690c29787a1bb277b992dcc9f75a7ff50fa8f2adf9b5add3942d075c736063e
SHA512

8a5b044be9f04de642073017d50fda9d314cd19cd472271e33ac4059cab216ba5946ec84cb59f029599178c8dc023da2685756083f8471e0ffdc564dd1cf8a4a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUV:T+q56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\LytFdeR.exe	cobalt_reflective_dll
C:\Windows\system\pfxSqCS.exe	cobalt_reflective_dll
\Windows\system\LuRwwWu.exe	cobalt_reflective_dll
C:\Windows\system\qAveCPQ.exe	cobalt_reflective_dll
C:\Windows\system\YQrLyzS.exe	cobalt_reflective_dll
C:\Windows\system\ejjTrLH.exe	cobalt_reflective_dll
C:\Windows\system\kOXNGfG.exe	cobalt_reflective_dll
C:\Windows\system\LsnoKWY.exe	cobalt_reflective_dll
C:\Windows\system\hpgeFQd.exe	cobalt_reflective_dll
C:\Windows\system\ShVzZCI.exe	cobalt_reflective_dll
C:\Windows\system\PPnCPOE.exe	cobalt_reflective_dll
\Windows\system\PtbaCVc.exe	cobalt_reflective_dll
C:\Windows\system\SSHYlBl.exe	cobalt_reflective_dll
C:\Windows\system\yJGVJDy.exe	cobalt_reflective_dll
C:\Windows\system\BqaWurj.exe	cobalt_reflective_dll
C:\Windows\system\qIHkNnk.exe	cobalt_reflective_dll
C:\Windows\system\zmavTmM.exe	cobalt_reflective_dll
C:\Windows\system\YdkFriU.exe	cobalt_reflective_dll
C:\Windows\system\NnOWZvh.exe	cobalt_reflective_dll
C:\Windows\system\vGDQLFM.exe	cobalt_reflective_dll
C:\Windows\system\pzMLtJz.exe	cobalt_reflective_dll
C:\Windows\system\sjjpQNM.exe	cobalt_reflective_dll
C:\Windows\system\anRoYLy.exe	cobalt_reflective_dll
C:\Windows\system\HlgEJno.exe	cobalt_reflective_dll
C:\Windows\system\TuedGgJ.exe	cobalt_reflective_dll
C:\Windows\system\rjZuInC.exe	cobalt_reflective_dll
C:\Windows\system\PfoyqAt.exe	cobalt_reflective_dll
\Windows\system\NFIwmhd.exe	cobalt_reflective_dll
C:\Windows\system\EXqnMjw.exe	cobalt_reflective_dll
C:\Windows\system\WfGOwxt.exe	cobalt_reflective_dll
C:\Windows\system\mQfGtxA.exe	cobalt_reflective_dll
C:\Windows\system\ivofviu.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1680-0-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
C:\Windows\system\LytFdeR.exe	xmrig
C:\Windows\system\pfxSqCS.exe	xmrig
\Windows\system\LuRwwWu.exe	xmrig
C:\Windows\system\qAveCPQ.exe	xmrig
C:\Windows\system\YQrLyzS.exe	xmrig
C:\Windows\system\ejjTrLH.exe	xmrig
C:\Windows\system\kOXNGfG.exe	xmrig
C:\Windows\system\LsnoKWY.exe	xmrig
C:\Windows\system\hpgeFQd.exe	xmrig
C:\Windows\system\ShVzZCI.exe	xmrig
C:\Windows\system\PPnCPOE.exe	xmrig
\Windows\system\PtbaCVc.exe	xmrig
C:\Windows\system\SSHYlBl.exe	xmrig
C:\Windows\system\yJGVJDy.exe	xmrig
C:\Windows\system\BqaWurj.exe	xmrig
C:\Windows\system\qIHkNnk.exe	xmrig
behavioral1/memory/1280-1212-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
C:\Windows\system\zmavTmM.exe	xmrig
C:\Windows\system\YdkFriU.exe	xmrig
C:\Windows\system\NnOWZvh.exe	xmrig
C:\Windows\system\vGDQLFM.exe	xmrig
C:\Windows\system\pzMLtJz.exe	xmrig
C:\Windows\system\sjjpQNM.exe	xmrig
C:\Windows\system\anRoYLy.exe	xmrig
C:\Windows\system\HlgEJno.exe	xmrig
C:\Windows\system\TuedGgJ.exe	xmrig
behavioral1/memory/2552-1369-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
C:\Windows\system\rjZuInC.exe	xmrig
C:\Windows\system\PfoyqAt.exe	xmrig
\Windows\system\NFIwmhd.exe	xmrig
C:\Windows\system\EXqnMjw.exe	xmrig
C:\Windows\system\WfGOwxt.exe	xmrig
C:\Windows\system\mQfGtxA.exe	xmrig
C:\Windows\system\ivofviu.exe	xmrig
behavioral1/memory/1712-1476-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2808-1513-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2712-1558-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2748-1643-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2824-1645-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2892-1647-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1680-1650-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2768-1649-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2848-1654-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2640-1915-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/1680-1921-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2732-1953-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2836-1954-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/1708-1955-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1680-2443-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/1280-2646-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/1712-3785-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2712-3784-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2768-3787-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2836-3786-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2824-3812-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/1708-3788-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2892-3863-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2732-3864-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2640-3866-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2552-3865-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1280-3862-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2748-3867-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2848-3870-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

LytFdeR.exepfxSqCS.exeLuRwwWu.exeqAveCPQ.exeYQrLyzS.exeejjTrLH.exeivofviu.exekOXNGfG.exeLsnoKWY.exehpgeFQd.exemQfGtxA.exeWfGOwxt.exeEXqnMjw.exeNFIwmhd.exerjZuInC.exeShVzZCI.exePfoyqAt.exePPnCPOE.exeTuedGgJ.exeHlgEJno.exeanRoYLy.exePtbaCVc.exesjjpQNM.exepzMLtJz.exeSSHYlBl.exevGDQLFM.exeyJGVJDy.exeBqaWurj.exeNnOWZvh.exeYdkFriU.exezmavTmM.exeqIHkNnk.exeMmNkbFa.exerlLxQwr.exeWvtKFXh.exefGmmxwV.exeGlrgJZV.exegjGaTom.exemGBnpPv.exetJJNAXl.exeYJidRlK.execzbJIys.exeHaRUTie.exeICCgIpR.exejQnOTOb.exeayvUIdc.exeJKQZgDX.exeBzTQFJF.exewAklTuq.exejPOQKFn.exeBMKupFv.exeWHBjbAr.exeFWiQuSe.exeEDlASBj.exelPsGtMj.exeizoHHwL.exegaIbOgM.exeCeogTIo.exeRjpDpdZ.exeFgbIpfK.exeMaFTFJW.exeLtgITxM.exePmWOTLh.exeGWxUNZM.exe

pid	process
1708	LytFdeR.exe
1280	pfxSqCS.exe
2552	LuRwwWu.exe
1712	qAveCPQ.exe
2808	YQrLyzS.exe
2712	ejjTrLH.exe
2748	ivofviu.exe
2824	kOXNGfG.exe
2892	LsnoKWY.exe
2768	hpgeFQd.exe
2848	mQfGtxA.exe
2640	WfGOwxt.exe
2732	EXqnMjw.exe
2836	NFIwmhd.exe
2792	rjZuInC.exe
2696	ShVzZCI.exe
2656	PfoyqAt.exe
1332	PPnCPOE.exe
1520	TuedGgJ.exe
2868	HlgEJno.exe
2432	anRoYLy.exe
900	PtbaCVc.exe
2924	sjjpQNM.exe
768	pzMLtJz.exe
2136	SSHYlBl.exe
2500	vGDQLFM.exe
2112	yJGVJDy.exe
2284	BqaWurj.exe
2172	NnOWZvh.exe
2464	YdkFriU.exe
316	zmavTmM.exe
2036	qIHkNnk.exe
816	MmNkbFa.exe
2952	rlLxQwr.exe
1152	WvtKFXh.exe
676	fGmmxwV.exe
1088	GlrgJZV.exe
2448	gjGaTom.exe
2376	mGBnpPv.exe
1768	tJJNAXl.exe
1356	YJidRlK.exe
548	czbJIys.exe
2316	HaRUTie.exe
1828	ICCgIpR.exe
1492	jQnOTOb.exe
2144	ayvUIdc.exe
2212	JKQZgDX.exe
2072	BzTQFJF.exe
2328	wAklTuq.exe
1916	jPOQKFn.exe
472	BMKupFv.exe
1740	WHBjbAr.exe
1728	FWiQuSe.exe
1588	EDlASBj.exe
1532	lPsGtMj.exe
2908	izoHHwL.exe
884	gaIbOgM.exe
2772	CeogTIo.exe
2252	RjpDpdZ.exe
1592	FgbIpfK.exe
1672	MaFTFJW.exe
2900	LtgITxM.exe
2620	PmWOTLh.exe
2456	GWxUNZM.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1680-0-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
C:\Windows\system\LytFdeR.exe	upx
C:\Windows\system\pfxSqCS.exe	upx
\Windows\system\LuRwwWu.exe	upx
C:\Windows\system\qAveCPQ.exe	upx
C:\Windows\system\YQrLyzS.exe	upx
C:\Windows\system\ejjTrLH.exe	upx
C:\Windows\system\kOXNGfG.exe	upx
C:\Windows\system\LsnoKWY.exe	upx
C:\Windows\system\hpgeFQd.exe	upx
C:\Windows\system\ShVzZCI.exe	upx
C:\Windows\system\PPnCPOE.exe	upx
\Windows\system\PtbaCVc.exe	upx
C:\Windows\system\SSHYlBl.exe	upx
C:\Windows\system\yJGVJDy.exe	upx
C:\Windows\system\BqaWurj.exe	upx
C:\Windows\system\qIHkNnk.exe	upx
behavioral1/memory/1280-1212-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
C:\Windows\system\zmavTmM.exe	upx
C:\Windows\system\YdkFriU.exe	upx
C:\Windows\system\NnOWZvh.exe	upx
C:\Windows\system\vGDQLFM.exe	upx
C:\Windows\system\pzMLtJz.exe	upx
C:\Windows\system\sjjpQNM.exe	upx
C:\Windows\system\anRoYLy.exe	upx
C:\Windows\system\HlgEJno.exe	upx
C:\Windows\system\TuedGgJ.exe	upx
behavioral1/memory/2552-1369-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
C:\Windows\system\rjZuInC.exe	upx
C:\Windows\system\PfoyqAt.exe	upx
\Windows\system\NFIwmhd.exe	upx
C:\Windows\system\EXqnMjw.exe	upx
C:\Windows\system\WfGOwxt.exe	upx
C:\Windows\system\mQfGtxA.exe	upx
C:\Windows\system\ivofviu.exe	upx
behavioral1/memory/1712-1476-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2808-1513-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2712-1558-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2748-1643-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2824-1645-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2892-1647-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2768-1649-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2848-1654-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2640-1915-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2732-1953-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2836-1954-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/1708-1955-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1680-2443-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/1280-2646-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/1712-3785-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2712-3784-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2768-3787-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2836-3786-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2824-3812-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/1708-3788-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2892-3863-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2732-3864-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2640-3866-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2552-3865-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/1280-3862-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2748-3867-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2848-3870-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2808-3868-0x000000013F530000-0x000000013F884000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\fxptSWa.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJZkfhI.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYvhguc.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgwXjIu.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXGUXDZ.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiZyGYb.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMXpUdS.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRgqfeC.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLehYui.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zarTKVj.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gevdQev.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reDuOFD.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYeFeRW.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htjEgzL.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiawSHk.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoPgygv.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssxocXz.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETOKETP.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXKAJfj.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkkQNRc.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWPHDDF.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwwtdTD.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MclRaVJ.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGRwylV.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ouDhFlN.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbVlpVz.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOolCCe.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGATjDg.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCCiDRR.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPUxgkD.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJLgkTK.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBuMKGl.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDsXZXw.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkSNEoF.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbvnZVo.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGDQLFM.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPOQKFn.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBiUitl.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyeqTkI.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnWdOBx.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZTWyvD.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUjXPXf.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QesClKd.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VamUlDK.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMJKjzT.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uskJfdz.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZfIPIX.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXkJGzt.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRrWNzS.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjFeACg.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUpQJzX.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFEcaNU.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXhkFeC.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMZfpIe.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKwOLEU.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxzIuuB.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBbRvVK.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwlfVJY.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDkJbvE.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIZbZkK.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vhnxnjk.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjTKMix.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGbCBNU.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAiQCwy.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1680 wrote to memory of 1708	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	LytFdeR.exe
PID 1680 wrote to memory of 1708	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	LytFdeR.exe
PID 1680 wrote to memory of 1708	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	LytFdeR.exe
PID 1680 wrote to memory of 1280	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	pfxSqCS.exe
PID 1680 wrote to memory of 1280	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	pfxSqCS.exe
PID 1680 wrote to memory of 1280	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	pfxSqCS.exe
PID 1680 wrote to memory of 2552	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	LuRwwWu.exe
PID 1680 wrote to memory of 2552	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	LuRwwWu.exe
PID 1680 wrote to memory of 2552	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	LuRwwWu.exe
PID 1680 wrote to memory of 1712	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	qAveCPQ.exe
PID 1680 wrote to memory of 1712	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	qAveCPQ.exe
PID 1680 wrote to memory of 1712	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	qAveCPQ.exe
PID 1680 wrote to memory of 2808	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	YQrLyzS.exe
PID 1680 wrote to memory of 2808	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	YQrLyzS.exe
PID 1680 wrote to memory of 2808	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	YQrLyzS.exe
PID 1680 wrote to memory of 2712	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	ejjTrLH.exe
PID 1680 wrote to memory of 2712	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	ejjTrLH.exe
PID 1680 wrote to memory of 2712	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	ejjTrLH.exe
PID 1680 wrote to memory of 2748	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	ivofviu.exe
PID 1680 wrote to memory of 2748	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	ivofviu.exe
PID 1680 wrote to memory of 2748	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	ivofviu.exe
PID 1680 wrote to memory of 2824	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	kOXNGfG.exe
PID 1680 wrote to memory of 2824	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	kOXNGfG.exe
PID 1680 wrote to memory of 2824	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	kOXNGfG.exe
PID 1680 wrote to memory of 2892	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	LsnoKWY.exe
PID 1680 wrote to memory of 2892	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	LsnoKWY.exe
PID 1680 wrote to memory of 2892	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	LsnoKWY.exe
PID 1680 wrote to memory of 2768	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hpgeFQd.exe
PID 1680 wrote to memory of 2768	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hpgeFQd.exe
PID 1680 wrote to memory of 2768	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hpgeFQd.exe
PID 1680 wrote to memory of 2848	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	mQfGtxA.exe
PID 1680 wrote to memory of 2848	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	mQfGtxA.exe
PID 1680 wrote to memory of 2848	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	mQfGtxA.exe
PID 1680 wrote to memory of 2836	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	NFIwmhd.exe
PID 1680 wrote to memory of 2836	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	NFIwmhd.exe
PID 1680 wrote to memory of 2836	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	NFIwmhd.exe
PID 1680 wrote to memory of 2640	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	WfGOwxt.exe
PID 1680 wrote to memory of 2640	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	WfGOwxt.exe
PID 1680 wrote to memory of 2640	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	WfGOwxt.exe
PID 1680 wrote to memory of 2792	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	rjZuInC.exe
PID 1680 wrote to memory of 2792	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	rjZuInC.exe
PID 1680 wrote to memory of 2792	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	rjZuInC.exe
PID 1680 wrote to memory of 2732	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	EXqnMjw.exe
PID 1680 wrote to memory of 2732	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	EXqnMjw.exe
PID 1680 wrote to memory of 2732	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	EXqnMjw.exe
PID 1680 wrote to memory of 2696	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	ShVzZCI.exe
PID 1680 wrote to memory of 2696	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	ShVzZCI.exe
PID 1680 wrote to memory of 2696	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	ShVzZCI.exe
PID 1680 wrote to memory of 2656	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	PfoyqAt.exe
PID 1680 wrote to memory of 2656	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	PfoyqAt.exe
PID 1680 wrote to memory of 2656	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	PfoyqAt.exe
PID 1680 wrote to memory of 1332	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	PPnCPOE.exe
PID 1680 wrote to memory of 1332	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	PPnCPOE.exe
PID 1680 wrote to memory of 1332	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	PPnCPOE.exe
PID 1680 wrote to memory of 1520	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	TuedGgJ.exe
PID 1680 wrote to memory of 1520	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	TuedGgJ.exe
PID 1680 wrote to memory of 1520	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	TuedGgJ.exe
PID 1680 wrote to memory of 900	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	PtbaCVc.exe
PID 1680 wrote to memory of 900	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	PtbaCVc.exe
PID 1680 wrote to memory of 900	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	PtbaCVc.exe
PID 1680 wrote to memory of 2868	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	HlgEJno.exe
PID 1680 wrote to memory of 2868	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	HlgEJno.exe
PID 1680 wrote to memory of 2868	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	HlgEJno.exe
PID 1680 wrote to memory of 2924	1680	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	sjjpQNM.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\System\LytFdeR.exe
  C:\Windows\System\LytFdeR.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\pfxSqCS.exe
  C:\Windows\System\pfxSqCS.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\LuRwwWu.exe
  C:\Windows\System\LuRwwWu.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\qAveCPQ.exe
  C:\Windows\System\qAveCPQ.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\YQrLyzS.exe
  C:\Windows\System\YQrLyzS.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\ejjTrLH.exe
  C:\Windows\System\ejjTrLH.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ivofviu.exe
  C:\Windows\System\ivofviu.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\kOXNGfG.exe
  C:\Windows\System\kOXNGfG.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\LsnoKWY.exe
  C:\Windows\System\LsnoKWY.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\hpgeFQd.exe
  C:\Windows\System\hpgeFQd.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\mQfGtxA.exe
  C:\Windows\System\mQfGtxA.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\NFIwmhd.exe
  C:\Windows\System\NFIwmhd.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\WfGOwxt.exe
  C:\Windows\System\WfGOwxt.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\rjZuInC.exe
  C:\Windows\System\rjZuInC.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\EXqnMjw.exe
  C:\Windows\System\EXqnMjw.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ShVzZCI.exe
  C:\Windows\System\ShVzZCI.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\PfoyqAt.exe
  C:\Windows\System\PfoyqAt.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\PPnCPOE.exe
  C:\Windows\System\PPnCPOE.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\TuedGgJ.exe
  C:\Windows\System\TuedGgJ.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\PtbaCVc.exe
  C:\Windows\System\PtbaCVc.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\HlgEJno.exe
  C:\Windows\System\HlgEJno.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\sjjpQNM.exe
  C:\Windows\System\sjjpQNM.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\anRoYLy.exe
  C:\Windows\System\anRoYLy.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\pzMLtJz.exe
  C:\Windows\System\pzMLtJz.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\SSHYlBl.exe
  C:\Windows\System\SSHYlBl.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\vGDQLFM.exe
  C:\Windows\System\vGDQLFM.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\yJGVJDy.exe
  C:\Windows\System\yJGVJDy.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\BqaWurj.exe
  C:\Windows\System\BqaWurj.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\NnOWZvh.exe
  C:\Windows\System\NnOWZvh.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\YdkFriU.exe
  C:\Windows\System\YdkFriU.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\zmavTmM.exe
  C:\Windows\System\zmavTmM.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\qIHkNnk.exe
  C:\Windows\System\qIHkNnk.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\MmNkbFa.exe
  C:\Windows\System\MmNkbFa.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\rlLxQwr.exe
  C:\Windows\System\rlLxQwr.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\WvtKFXh.exe
  C:\Windows\System\WvtKFXh.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\fGmmxwV.exe
  C:\Windows\System\fGmmxwV.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\GlrgJZV.exe
  C:\Windows\System\GlrgJZV.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\gjGaTom.exe
  C:\Windows\System\gjGaTom.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\tJJNAXl.exe
  C:\Windows\System\tJJNAXl.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\mGBnpPv.exe
  C:\Windows\System\mGBnpPv.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\YJidRlK.exe
  C:\Windows\System\YJidRlK.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\czbJIys.exe
  C:\Windows\System\czbJIys.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\ayvUIdc.exe
  C:\Windows\System\ayvUIdc.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\HaRUTie.exe
  C:\Windows\System\HaRUTie.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\JKQZgDX.exe
  C:\Windows\System\JKQZgDX.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\ICCgIpR.exe
  C:\Windows\System\ICCgIpR.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\BzTQFJF.exe
  C:\Windows\System\BzTQFJF.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\jQnOTOb.exe
  C:\Windows\System\jQnOTOb.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\wAklTuq.exe
  C:\Windows\System\wAklTuq.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\jPOQKFn.exe
  C:\Windows\System\jPOQKFn.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\izoHHwL.exe
  C:\Windows\System\izoHHwL.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\BMKupFv.exe
  C:\Windows\System\BMKupFv.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\gaIbOgM.exe
  C:\Windows\System\gaIbOgM.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\WHBjbAr.exe
  C:\Windows\System\WHBjbAr.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\RjpDpdZ.exe
  C:\Windows\System\RjpDpdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\FWiQuSe.exe
  C:\Windows\System\FWiQuSe.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\FgbIpfK.exe
  C:\Windows\System\FgbIpfK.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\EDlASBj.exe
  C:\Windows\System\EDlASBj.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\MaFTFJW.exe
  C:\Windows\System\MaFTFJW.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\lPsGtMj.exe
  C:\Windows\System\lPsGtMj.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\LtgITxM.exe
  C:\Windows\System\LtgITxM.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\CeogTIo.exe
  C:\Windows\System\CeogTIo.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\PmWOTLh.exe
  C:\Windows\System\PmWOTLh.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\GWxUNZM.exe
  C:\Windows\System\GWxUNZM.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\potnTmR.exe
  C:\Windows\System\potnTmR.exe
  2⤵
  PID:2484
- C:\Windows\System\QtznLcV.exe
  C:\Windows\System\QtznLcV.exe
  2⤵
  PID:1792
- C:\Windows\System\gyznEQE.exe
  C:\Windows\System\gyznEQE.exe
  2⤵
  PID:2660
- C:\Windows\System\dddJXKg.exe
  C:\Windows\System\dddJXKg.exe
  2⤵
  PID:3052
- C:\Windows\System\LDXVpuP.exe
  C:\Windows\System\LDXVpuP.exe
  2⤵
  PID:1880
- C:\Windows\System\fxptSWa.exe
  C:\Windows\System\fxptSWa.exe
  2⤵
  PID:636
- C:\Windows\System\TnvQolT.exe
  C:\Windows\System\TnvQolT.exe
  2⤵
  PID:820
- C:\Windows\System\xyeaYMX.exe
  C:\Windows\System\xyeaYMX.exe
  2⤵
  PID:1964
- C:\Windows\System\iUAZgfT.exe
  C:\Windows\System\iUAZgfT.exe
  2⤵
  PID:2436
- C:\Windows\System\PsgNCNJ.exe
  C:\Windows\System\PsgNCNJ.exe
  2⤵
  PID:2492
- C:\Windows\System\uGUBfbz.exe
  C:\Windows\System\uGUBfbz.exe
  2⤵
  PID:2168
- C:\Windows\System\MDvrDZI.exe
  C:\Windows\System\MDvrDZI.exe
  2⤵
  PID:2960
- C:\Windows\System\zjAYtnx.exe
  C:\Windows\System\zjAYtnx.exe
  2⤵
  PID:2268
- C:\Windows\System\DWfyBxf.exe
  C:\Windows\System\DWfyBxf.exe
  2⤵
  PID:1328
- C:\Windows\System\oupVLwq.exe
  C:\Windows\System\oupVLwq.exe
  2⤵
  PID:1820
- C:\Windows\System\YNsSHtD.exe
  C:\Windows\System\YNsSHtD.exe
  2⤵
  PID:2140
- C:\Windows\System\IJkkZYL.exe
  C:\Windows\System\IJkkZYL.exe
  2⤵
  PID:1720
- C:\Windows\System\FkjQywx.exe
  C:\Windows\System\FkjQywx.exe
  2⤵
  PID:2672
- C:\Windows\System\aQpuLUT.exe
  C:\Windows\System\aQpuLUT.exe
  2⤵
  PID:876
- C:\Windows\System\uXHASYx.exe
  C:\Windows\System\uXHASYx.exe
  2⤵
  PID:2116
- C:\Windows\System\FOqyVkt.exe
  C:\Windows\System\FOqyVkt.exe
  2⤵
  PID:908
- C:\Windows\System\TosHCPN.exe
  C:\Windows\System\TosHCPN.exe
  2⤵
  PID:920
- C:\Windows\System\yWNmTOe.exe
  C:\Windows\System\yWNmTOe.exe
  2⤵
  PID:2580
- C:\Windows\System\pvGElpB.exe
  C:\Windows\System\pvGElpB.exe
  2⤵
  PID:1624
- C:\Windows\System\sTeWUCU.exe
  C:\Windows\System\sTeWUCU.exe
  2⤵
  PID:324
- C:\Windows\System\TAstDPt.exe
  C:\Windows\System\TAstDPt.exe
  2⤵
  PID:2360
- C:\Windows\System\fzruTOT.exe
  C:\Windows\System\fzruTOT.exe
  2⤵
  PID:1900
- C:\Windows\System\rvWyEMV.exe
  C:\Windows\System\rvWyEMV.exe
  2⤵
  PID:1692
- C:\Windows\System\CKmoYEu.exe
  C:\Windows\System\CKmoYEu.exe
  2⤵
  PID:2976
- C:\Windows\System\jUPNRYp.exe
  C:\Windows\System\jUPNRYp.exe
  2⤵
  PID:2644
- C:\Windows\System\YIpoOSI.exe
  C:\Windows\System\YIpoOSI.exe
  2⤵
  PID:1452
- C:\Windows\System\buUrpVq.exe
  C:\Windows\System\buUrpVq.exe
  2⤵
  PID:1564
- C:\Windows\System\EAHInVd.exe
  C:\Windows\System\EAHInVd.exe
  2⤵
  PID:2260
- C:\Windows\System\wPUxgkD.exe
  C:\Windows\System\wPUxgkD.exe
  2⤵
  PID:1884
- C:\Windows\System\BsvQoHY.exe
  C:\Windows\System\BsvQoHY.exe
  2⤵
  PID:2812
- C:\Windows\System\fDvjRCF.exe
  C:\Windows\System\fDvjRCF.exe
  2⤵
  PID:1836
- C:\Windows\System\quMjlDg.exe
  C:\Windows\System\quMjlDg.exe
  2⤵
  PID:2600
- C:\Windows\System\XoeuQnQ.exe
  C:\Windows\System\XoeuQnQ.exe
  2⤵
  PID:2096
- C:\Windows\System\hdUNmkT.exe
  C:\Windows\System\hdUNmkT.exe
  2⤵
  PID:560
- C:\Windows\System\lfbPOWk.exe
  C:\Windows\System\lfbPOWk.exe
  2⤵
  PID:2148
- C:\Windows\System\fPfdUoW.exe
  C:\Windows\System\fPfdUoW.exe
  2⤵
  PID:1528
- C:\Windows\System\vsMqyzu.exe
  C:\Windows\System\vsMqyzu.exe
  2⤵
  PID:1968
- C:\Windows\System\vfhIcPt.exe
  C:\Windows\System\vfhIcPt.exe
  2⤵
  PID:2428
- C:\Windows\System\lYEYYNa.exe
  C:\Windows\System\lYEYYNa.exe
  2⤵
  PID:784
- C:\Windows\System\YiNlvyv.exe
  C:\Windows\System\YiNlvyv.exe
  2⤵
  PID:1336
- C:\Windows\System\YigTGZn.exe
  C:\Windows\System\YigTGZn.exe
  2⤵
  PID:896
- C:\Windows\System\uqwbXOS.exe
  C:\Windows\System\uqwbXOS.exe
  2⤵
  PID:2092
- C:\Windows\System\pKwOLEU.exe
  C:\Windows\System\pKwOLEU.exe
  2⤵
  PID:1932
- C:\Windows\System\mNatwaD.exe
  C:\Windows\System\mNatwaD.exe
  2⤵
  PID:2624
- C:\Windows\System\lFpcyBc.exe
  C:\Windows\System\lFpcyBc.exe
  2⤵
  PID:2200
- C:\Windows\System\kdWvndN.exe
  C:\Windows\System\kdWvndN.exe
  2⤵
  PID:1508
- C:\Windows\System\Jakyzgf.exe
  C:\Windows\System\Jakyzgf.exe
  2⤵
  PID:608
- C:\Windows\System\KxTFoIr.exe
  C:\Windows\System\KxTFoIr.exe
  2⤵
  PID:2568
- C:\Windows\System\CHMzMLz.exe
  C:\Windows\System\CHMzMLz.exe
  2⤵
  PID:2272
- C:\Windows\System\QTBhcyC.exe
  C:\Windows\System\QTBhcyC.exe
  2⤵
  PID:1656
- C:\Windows\System\tOrsWYh.exe
  C:\Windows\System\tOrsWYh.exe
  2⤵
  PID:2472
- C:\Windows\System\TumyNyS.exe
  C:\Windows\System\TumyNyS.exe
  2⤵
  PID:2084
- C:\Windows\System\ETOKETP.exe
  C:\Windows\System\ETOKETP.exe
  2⤵
  PID:1676
- C:\Windows\System\SzbRVvA.exe
  C:\Windows\System\SzbRVvA.exe
  2⤵
  PID:3096
- C:\Windows\System\GRgqfeC.exe
  C:\Windows\System\GRgqfeC.exe
  2⤵
  PID:3124
- C:\Windows\System\fkoNlEe.exe
  C:\Windows\System\fkoNlEe.exe
  2⤵
  PID:3140
- C:\Windows\System\Bmrgqxt.exe
  C:\Windows\System\Bmrgqxt.exe
  2⤵
  PID:3160
- C:\Windows\System\iDTphPI.exe
  C:\Windows\System\iDTphPI.exe
  2⤵
  PID:3180
- C:\Windows\System\nnssWCo.exe
  C:\Windows\System\nnssWCo.exe
  2⤵
  PID:3204
- C:\Windows\System\vGtBvTD.exe
  C:\Windows\System\vGtBvTD.exe
  2⤵
  PID:3220
- C:\Windows\System\QvGijWJ.exe
  C:\Windows\System\QvGijWJ.exe
  2⤵
  PID:3248
- C:\Windows\System\GIMEHUv.exe
  C:\Windows\System\GIMEHUv.exe
  2⤵
  PID:3268
- C:\Windows\System\OuPYZpr.exe
  C:\Windows\System\OuPYZpr.exe
  2⤵
  PID:3284
- C:\Windows\System\GrVkTLN.exe
  C:\Windows\System\GrVkTLN.exe
  2⤵
  PID:3304
- C:\Windows\System\IqmSxCX.exe
  C:\Windows\System\IqmSxCX.exe
  2⤵
  PID:3320
- C:\Windows\System\HwrxXUS.exe
  C:\Windows\System\HwrxXUS.exe
  2⤵
  PID:3340
- C:\Windows\System\iHroxoo.exe
  C:\Windows\System\iHroxoo.exe
  2⤵
  PID:3356
- C:\Windows\System\RwqKrQz.exe
  C:\Windows\System\RwqKrQz.exe
  2⤵
  PID:3380
- C:\Windows\System\DHXnBVw.exe
  C:\Windows\System\DHXnBVw.exe
  2⤵
  PID:3400
- C:\Windows\System\zpzyJgW.exe
  C:\Windows\System\zpzyJgW.exe
  2⤵
  PID:3420
- C:\Windows\System\CrfvYGp.exe
  C:\Windows\System\CrfvYGp.exe
  2⤵
  PID:3440
- C:\Windows\System\xzcfsTh.exe
  C:\Windows\System\xzcfsTh.exe
  2⤵
  PID:3456
- C:\Windows\System\boNlDMS.exe
  C:\Windows\System\boNlDMS.exe
  2⤵
  PID:3476
- C:\Windows\System\rAUmTFe.exe
  C:\Windows\System\rAUmTFe.exe
  2⤵
  PID:3500
- C:\Windows\System\jOWHpOK.exe
  C:\Windows\System\jOWHpOK.exe
  2⤵
  PID:3524
- C:\Windows\System\fVBqUoj.exe
  C:\Windows\System\fVBqUoj.exe
  2⤵
  PID:3540
- C:\Windows\System\JemHJZF.exe
  C:\Windows\System\JemHJZF.exe
  2⤵
  PID:3556
- C:\Windows\System\yGfJfyZ.exe
  C:\Windows\System\yGfJfyZ.exe
  2⤵
  PID:3572
- C:\Windows\System\jELhGNQ.exe
  C:\Windows\System\jELhGNQ.exe
  2⤵
  PID:3592
- C:\Windows\System\oXadxcL.exe
  C:\Windows\System\oXadxcL.exe
  2⤵
  PID:3608
- C:\Windows\System\VvZICOB.exe
  C:\Windows\System\VvZICOB.exe
  2⤵
  PID:3624
- C:\Windows\System\xLBcGNF.exe
  C:\Windows\System\xLBcGNF.exe
  2⤵
  PID:3644
- C:\Windows\System\TTRzIBM.exe
  C:\Windows\System\TTRzIBM.exe
  2⤵
  PID:3672
- C:\Windows\System\luZjUkY.exe
  C:\Windows\System\luZjUkY.exe
  2⤵
  PID:3692
- C:\Windows\System\gcKougT.exe
  C:\Windows\System\gcKougT.exe
  2⤵
  PID:3708
- C:\Windows\System\BWJcxbL.exe
  C:\Windows\System\BWJcxbL.exe
  2⤵
  PID:3728
- C:\Windows\System\DOKafpS.exe
  C:\Windows\System\DOKafpS.exe
  2⤵
  PID:3752
- C:\Windows\System\dRJTOsX.exe
  C:\Windows\System\dRJTOsX.exe
  2⤵
  PID:3768
- C:\Windows\System\itSJdvv.exe
  C:\Windows\System\itSJdvv.exe
  2⤵
  PID:3804
- C:\Windows\System\RsgmrXH.exe
  C:\Windows\System\RsgmrXH.exe
  2⤵
  PID:3824
- C:\Windows\System\hIXPQNp.exe
  C:\Windows\System\hIXPQNp.exe
  2⤵
  PID:3844
- C:\Windows\System\fNCYBGK.exe
  C:\Windows\System\fNCYBGK.exe
  2⤵
  PID:3860
- C:\Windows\System\eCnOIyy.exe
  C:\Windows\System\eCnOIyy.exe
  2⤵
  PID:3876
- C:\Windows\System\JWqDPsj.exe
  C:\Windows\System\JWqDPsj.exe
  2⤵
  PID:3900
- C:\Windows\System\iXPEVJa.exe
  C:\Windows\System\iXPEVJa.exe
  2⤵
  PID:3920
- C:\Windows\System\aITHJbw.exe
  C:\Windows\System\aITHJbw.exe
  2⤵
  PID:3936
- C:\Windows\System\RUJVaTg.exe
  C:\Windows\System\RUJVaTg.exe
  2⤵
  PID:3952
- C:\Windows\System\JAXOZRz.exe
  C:\Windows\System\JAXOZRz.exe
  2⤵
  PID:3968
- C:\Windows\System\NcDkfOt.exe
  C:\Windows\System\NcDkfOt.exe
  2⤵
  PID:3984
- C:\Windows\System\UkeObDw.exe
  C:\Windows\System\UkeObDw.exe
  2⤵
  PID:4004
- C:\Windows\System\ztYELqY.exe
  C:\Windows\System\ztYELqY.exe
  2⤵
  PID:4032
- C:\Windows\System\BBpmjuF.exe
  C:\Windows\System\BBpmjuF.exe
  2⤵
  PID:4052
- C:\Windows\System\KSXbTMc.exe
  C:\Windows\System\KSXbTMc.exe
  2⤵
  PID:4072
- C:\Windows\System\tDEHbLL.exe
  C:\Windows\System\tDEHbLL.exe
  2⤵
  PID:2876
- C:\Windows\System\URCGRyj.exe
  C:\Windows\System\URCGRyj.exe
  2⤵
  PID:2632
- C:\Windows\System\ODpauwF.exe
  C:\Windows\System\ODpauwF.exe
  2⤵
  PID:340
- C:\Windows\System\hBiUitl.exe
  C:\Windows\System\hBiUitl.exe
  2⤵
  PID:1684
- C:\Windows\System\vwQUySD.exe
  C:\Windows\System\vwQUySD.exe
  2⤵
  PID:2064
- C:\Windows\System\PfWWgvN.exe
  C:\Windows\System\PfWWgvN.exe
  2⤵
  PID:2160
- C:\Windows\System\STToXoL.exe
  C:\Windows\System\STToXoL.exe
  2⤵
  PID:3092
- C:\Windows\System\oaiEClt.exe
  C:\Windows\System\oaiEClt.exe
  2⤵
  PID:2516
- C:\Windows\System\adUdJjX.exe
  C:\Windows\System\adUdJjX.exe
  2⤵
  PID:3104
- C:\Windows\System\imYyGqO.exe
  C:\Windows\System\imYyGqO.exe
  2⤵
  PID:3136
- C:\Windows\System\rWyPlom.exe
  C:\Windows\System\rWyPlom.exe
  2⤵
  PID:3172
- C:\Windows\System\tqxihkT.exe
  C:\Windows\System\tqxihkT.exe
  2⤵
  PID:3216
- C:\Windows\System\bHFvKqP.exe
  C:\Windows\System\bHFvKqP.exe
  2⤵
  PID:3296
- C:\Windows\System\Vlqdgmz.exe
  C:\Windows\System\Vlqdgmz.exe
  2⤵
  PID:3240
- C:\Windows\System\htjEgzL.exe
  C:\Windows\System\htjEgzL.exe
  2⤵
  PID:3368
- C:\Windows\System\WCtyDuk.exe
  C:\Windows\System\WCtyDuk.exe
  2⤵
  PID:3448
- C:\Windows\System\IDpLbtf.exe
  C:\Windows\System\IDpLbtf.exe
  2⤵
  PID:3492
- C:\Windows\System\fxzIuuB.exe
  C:\Windows\System\fxzIuuB.exe
  2⤵
  PID:3568
- C:\Windows\System\hLwBEIm.exe
  C:\Windows\System\hLwBEIm.exe
  2⤵
  PID:3316
- C:\Windows\System\yQoBzRp.exe
  C:\Windows\System\yQoBzRp.exe
  2⤵
  PID:3632
- C:\Windows\System\gaBeXof.exe
  C:\Windows\System\gaBeXof.exe
  2⤵
  PID:3684
- C:\Windows\System\gDcyOqI.exe
  C:\Windows\System\gDcyOqI.exe
  2⤵
  PID:3432
- C:\Windows\System\sirmBne.exe
  C:\Windows\System\sirmBne.exe
  2⤵
  PID:3716
- C:\Windows\System\XhNbRso.exe
  C:\Windows\System\XhNbRso.exe
  2⤵
  PID:3520
- C:\Windows\System\PLehYui.exe
  C:\Windows\System\PLehYui.exe
  2⤵
  PID:3816
- C:\Windows\System\fdLXFuK.exe
  C:\Windows\System\fdLXFuK.exe
  2⤵
  PID:3852
- C:\Windows\System\rleZCgb.exe
  C:\Windows\System\rleZCgb.exe
  2⤵
  PID:3892
- C:\Windows\System\VlmIIap.exe
  C:\Windows\System\VlmIIap.exe
  2⤵
  PID:3992
- C:\Windows\System\GupCIaq.exe
  C:\Windows\System\GupCIaq.exe
  2⤵
  PID:3704
- C:\Windows\System\ryECDzw.exe
  C:\Windows\System\ryECDzw.exe
  2⤵
  PID:3740
- C:\Windows\System\RdIcuLA.exe
  C:\Windows\System\RdIcuLA.exe
  2⤵
  PID:3652
- C:\Windows\System\vZSabbg.exe
  C:\Windows\System\vZSabbg.exe
  2⤵
  PID:4080
- C:\Windows\System\YMSfjyN.exe
  C:\Windows\System\YMSfjyN.exe
  2⤵
  PID:1308
- C:\Windows\System\SFfkKIz.exe
  C:\Windows\System\SFfkKIz.exe
  2⤵
  PID:3780
- C:\Windows\System\FVHbZTQ.exe
  C:\Windows\System\FVHbZTQ.exe
  2⤵
  PID:2504
- C:\Windows\System\TrlVRrd.exe
  C:\Windows\System\TrlVRrd.exe
  2⤵
  PID:3836
- C:\Windows\System\mUBnFwW.exe
  C:\Windows\System\mUBnFwW.exe
  2⤵
  PID:3908
- C:\Windows\System\uAqfjFO.exe
  C:\Windows\System\uAqfjFO.exe
  2⤵
  PID:3980
- C:\Windows\System\HpeZSjz.exe
  C:\Windows\System\HpeZSjz.exe
  2⤵
  PID:4024
- C:\Windows\System\ccbBcpp.exe
  C:\Windows\System\ccbBcpp.exe
  2⤵
  PID:4068
- C:\Windows\System\QWIJsuc.exe
  C:\Windows\System\QWIJsuc.exe
  2⤵
  PID:3264
- C:\Windows\System\GlHFLdG.exe
  C:\Windows\System\GlHFLdG.exe
  2⤵
  PID:2204
- C:\Windows\System\jDSNftB.exe
  C:\Windows\System\jDSNftB.exe
  2⤵
  PID:3112
- C:\Windows\System\SjnHbeS.exe
  C:\Windows\System\SjnHbeS.exe
  2⤵
  PID:2648
- C:\Windows\System\xEAMqWn.exe
  C:\Windows\System\xEAMqWn.exe
  2⤵
  PID:3080
- C:\Windows\System\RLCZcPV.exe
  C:\Windows\System\RLCZcPV.exe
  2⤵
  PID:3332
- C:\Windows\System\BiawSHk.exe
  C:\Windows\System\BiawSHk.exe
  2⤵
  PID:3496
- C:\Windows\System\blDufed.exe
  C:\Windows\System\blDufed.exe
  2⤵
  PID:3228
- C:\Windows\System\ExZAkqB.exe
  C:\Windows\System\ExZAkqB.exe
  2⤵
  PID:3412
- C:\Windows\System\EZBxRHr.exe
  C:\Windows\System\EZBxRHr.exe
  2⤵
  PID:3640
- C:\Windows\System\hvbqNYn.exe
  C:\Windows\System\hvbqNYn.exe
  2⤵
  PID:3472
- C:\Windows\System\BIlhCUQ.exe
  C:\Windows\System\BIlhCUQ.exe
  2⤵
  PID:3820
- C:\Windows\System\pocfsIV.exe
  C:\Windows\System\pocfsIV.exe
  2⤵
  PID:3600
- C:\Windows\System\mNnxrAS.exe
  C:\Windows\System\mNnxrAS.exe
  2⤵
  PID:3516
- C:\Windows\System\rskcVNC.exe
  C:\Windows\System\rskcVNC.exe
  2⤵
  PID:3664
- C:\Windows\System\ZBbRvVK.exe
  C:\Windows\System\ZBbRvVK.exe
  2⤵
  PID:3660
- C:\Windows\System\vCVtriA.exe
  C:\Windows\System\vCVtriA.exe
  2⤵
  PID:3964
- C:\Windows\System\eHVsNLm.exe
  C:\Windows\System\eHVsNLm.exe
  2⤵
  PID:4084
- C:\Windows\System\YWXSxoJ.exe
  C:\Windows\System\YWXSxoJ.exe
  2⤵
  PID:3116
- C:\Windows\System\OWNGyqz.exe
  C:\Windows\System\OWNGyqz.exe
  2⤵
  PID:3616
- C:\Windows\System\RrcCQEY.exe
  C:\Windows\System\RrcCQEY.exe
  2⤵
  PID:4012
- C:\Windows\System\UfWQqcy.exe
  C:\Windows\System\UfWQqcy.exe
  2⤵
  PID:3200
- C:\Windows\System\kvklqdy.exe
  C:\Windows\System\kvklqdy.exe
  2⤵
  PID:1032
- C:\Windows\System\HaziCsJ.exe
  C:\Windows\System\HaziCsJ.exe
  2⤵
  PID:3488
- C:\Windows\System\vEhvZPc.exe
  C:\Windows\System\vEhvZPc.exe
  2⤵
  PID:3680
- C:\Windows\System\abAxxMx.exe
  C:\Windows\System\abAxxMx.exe
  2⤵
  PID:3916
- C:\Windows\System\OaiNCzO.exe
  C:\Windows\System\OaiNCzO.exe
  2⤵
  PID:528
- C:\Windows\System\tlnbIkO.exe
  C:\Windows\System\tlnbIkO.exe
  2⤵
  PID:3108
- C:\Windows\System\XaPLlfQ.exe
  C:\Windows\System\XaPLlfQ.exe
  2⤵
  PID:3212
- C:\Windows\System\DVNliUh.exe
  C:\Windows\System\DVNliUh.exe
  2⤵
  PID:3536
- C:\Windows\System\ynJDqOp.exe
  C:\Windows\System\ynJDqOp.exe
  2⤵
  PID:3776
- C:\Windows\System\WNRrWCN.exe
  C:\Windows\System\WNRrWCN.exe
  2⤵
  PID:4104
- C:\Windows\System\jNjKVAX.exe
  C:\Windows\System\jNjKVAX.exe
  2⤵
  PID:4128
- C:\Windows\System\ZXHtFly.exe
  C:\Windows\System\ZXHtFly.exe
  2⤵
  PID:4144
- C:\Windows\System\VrGsCWT.exe
  C:\Windows\System\VrGsCWT.exe
  2⤵
  PID:4160
- C:\Windows\System\bniJHDl.exe
  C:\Windows\System\bniJHDl.exe
  2⤵
  PID:4176
- C:\Windows\System\fSJIEqH.exe
  C:\Windows\System\fSJIEqH.exe
  2⤵
  PID:4200
- C:\Windows\System\ALDvgtX.exe
  C:\Windows\System\ALDvgtX.exe
  2⤵
  PID:4224
- C:\Windows\System\VDZJqma.exe
  C:\Windows\System\VDZJqma.exe
  2⤵
  PID:4240
- C:\Windows\System\eShGXOk.exe
  C:\Windows\System\eShGXOk.exe
  2⤵
  PID:4268
- C:\Windows\System\OwVTssB.exe
  C:\Windows\System\OwVTssB.exe
  2⤵
  PID:4292
- C:\Windows\System\guSozYL.exe
  C:\Windows\System\guSozYL.exe
  2⤵
  PID:4316
- C:\Windows\System\KVpzFiK.exe
  C:\Windows\System\KVpzFiK.exe
  2⤵
  PID:4336
- C:\Windows\System\SRyXDsC.exe
  C:\Windows\System\SRyXDsC.exe
  2⤵
  PID:4352
- C:\Windows\System\cRWvcmp.exe
  C:\Windows\System\cRWvcmp.exe
  2⤵
  PID:4376
- C:\Windows\System\iDAbxcU.exe
  C:\Windows\System\iDAbxcU.exe
  2⤵
  PID:4392
- C:\Windows\System\kUIJDNF.exe
  C:\Windows\System\kUIJDNF.exe
  2⤵
  PID:4412
- C:\Windows\System\zHsBJpu.exe
  C:\Windows\System\zHsBJpu.exe
  2⤵
  PID:4432
- C:\Windows\System\lTMUMUQ.exe
  C:\Windows\System\lTMUMUQ.exe
  2⤵
  PID:4448
- C:\Windows\System\hrpgHPb.exe
  C:\Windows\System\hrpgHPb.exe
  2⤵
  PID:4468
- C:\Windows\System\pcOZTwr.exe
  C:\Windows\System\pcOZTwr.exe
  2⤵
  PID:4496
- C:\Windows\System\xrkCriS.exe
  C:\Windows\System\xrkCriS.exe
  2⤵
  PID:4512
- C:\Windows\System\DLPxlIg.exe
  C:\Windows\System\DLPxlIg.exe
  2⤵
  PID:4536
- C:\Windows\System\NGzvBgc.exe
  C:\Windows\System\NGzvBgc.exe
  2⤵
  PID:4552
- C:\Windows\System\YtgsDJD.exe
  C:\Windows\System\YtgsDJD.exe
  2⤵
  PID:4572
- C:\Windows\System\bnGkPBm.exe
  C:\Windows\System\bnGkPBm.exe
  2⤵
  PID:4592
- C:\Windows\System\QaiCknG.exe
  C:\Windows\System\QaiCknG.exe
  2⤵
  PID:4612
- C:\Windows\System\IcBerQO.exe
  C:\Windows\System\IcBerQO.exe
  2⤵
  PID:4632
- C:\Windows\System\CAKoYOg.exe
  C:\Windows\System\CAKoYOg.exe
  2⤵
  PID:4656
- C:\Windows\System\cxzdhNs.exe
  C:\Windows\System\cxzdhNs.exe
  2⤵
  PID:4676
- C:\Windows\System\QNCwjOS.exe
  C:\Windows\System\QNCwjOS.exe
  2⤵
  PID:4696
- C:\Windows\System\YnYlYfX.exe
  C:\Windows\System\YnYlYfX.exe
  2⤵
  PID:4716
- C:\Windows\System\ahMTNzp.exe
  C:\Windows\System\ahMTNzp.exe
  2⤵
  PID:4732
- C:\Windows\System\raUCeHt.exe
  C:\Windows\System\raUCeHt.exe
  2⤵
  PID:4756
- C:\Windows\System\JQcYVXa.exe
  C:\Windows\System\JQcYVXa.exe
  2⤵
  PID:4780
- C:\Windows\System\OCtuhpe.exe
  C:\Windows\System\OCtuhpe.exe
  2⤵
  PID:4800
- C:\Windows\System\ciOaRWA.exe
  C:\Windows\System\ciOaRWA.exe
  2⤵
  PID:4820
- C:\Windows\System\qEnFtzw.exe
  C:\Windows\System\qEnFtzw.exe
  2⤵
  PID:4840
- C:\Windows\System\VEnhssD.exe
  C:\Windows\System\VEnhssD.exe
  2⤵
  PID:4860
- C:\Windows\System\Rwxrltr.exe
  C:\Windows\System\Rwxrltr.exe
  2⤵
  PID:4876
- C:\Windows\System\VTNmWud.exe
  C:\Windows\System\VTNmWud.exe
  2⤵
  PID:4896
- C:\Windows\System\OeYSUAt.exe
  C:\Windows\System\OeYSUAt.exe
  2⤵
  PID:4920
- C:\Windows\System\tiYboPW.exe
  C:\Windows\System\tiYboPW.exe
  2⤵
  PID:4936
- C:\Windows\System\NYJsrTS.exe
  C:\Windows\System\NYJsrTS.exe
  2⤵
  PID:4956
- C:\Windows\System\gJarwau.exe
  C:\Windows\System\gJarwau.exe
  2⤵
  PID:4972
- C:\Windows\System\VckAsZU.exe
  C:\Windows\System\VckAsZU.exe
  2⤵
  PID:4996
- C:\Windows\System\TiDGMHu.exe
  C:\Windows\System\TiDGMHu.exe
  2⤵
  PID:5016
- C:\Windows\System\uOKRxjO.exe
  C:\Windows\System\uOKRxjO.exe
  2⤵
  PID:5032
- C:\Windows\System\NnoeyQh.exe
  C:\Windows\System\NnoeyQh.exe
  2⤵
  PID:5056
- C:\Windows\System\eSQZSys.exe
  C:\Windows\System\eSQZSys.exe
  2⤵
  PID:5080
- C:\Windows\System\SBIBxoL.exe
  C:\Windows\System\SBIBxoL.exe
  2⤵
  PID:5100
- C:\Windows\System\GMwjZhG.exe
  C:\Windows\System\GMwjZhG.exe
  2⤵
  PID:5116
- C:\Windows\System\KiqyzqR.exe
  C:\Windows\System\KiqyzqR.exe
  2⤵
  PID:1652
- C:\Windows\System\xMeTNIA.exe
  C:\Windows\System\xMeTNIA.exe
  2⤵
  PID:3552
- C:\Windows\System\mpeFaUW.exe
  C:\Windows\System\mpeFaUW.exe
  2⤵
  PID:3580
- C:\Windows\System\WVimFow.exe
  C:\Windows\System\WVimFow.exe
  2⤵
  PID:3292
- C:\Windows\System\YNEGsOv.exe
  C:\Windows\System\YNEGsOv.exe
  2⤵
  PID:2852
- C:\Windows\System\uoPgygv.exe
  C:\Windows\System\uoPgygv.exe
  2⤵
  PID:3152
- C:\Windows\System\uSgoyKA.exe
  C:\Windows\System\uSgoyKA.exe
  2⤵
  PID:1260
- C:\Windows\System\gLXzWLV.exe
  C:\Windows\System\gLXzWLV.exe
  2⤵
  PID:3396
- C:\Windows\System\VdnUHKt.exe
  C:\Windows\System\VdnUHKt.exe
  2⤵
  PID:3428
- C:\Windows\System\HdyUhur.exe
  C:\Windows\System\HdyUhur.exe
  2⤵
  PID:4156
- C:\Windows\System\vLqiVsg.exe
  C:\Windows\System\vLqiVsg.exe
  2⤵
  PID:4192
- C:\Windows\System\jhjiejG.exe
  C:\Windows\System\jhjiejG.exe
  2⤵
  PID:4236
- C:\Windows\System\PHqAQHH.exe
  C:\Windows\System\PHqAQHH.exe
  2⤵
  PID:3724
- C:\Windows\System\fTPpAYw.exe
  C:\Windows\System\fTPpAYw.exe
  2⤵
  PID:4168
- C:\Windows\System\wrkxltb.exe
  C:\Windows\System\wrkxltb.exe
  2⤵
  PID:4256
- C:\Windows\System\bHrXWFx.exe
  C:\Windows\System\bHrXWFx.exe
  2⤵
  PID:4332
- C:\Windows\System\VrHIZVT.exe
  C:\Windows\System\VrHIZVT.exe
  2⤵
  PID:4308
- C:\Windows\System\xgVRoJw.exe
  C:\Windows\System\xgVRoJw.exe
  2⤵
  PID:4372
- C:\Windows\System\GYwonrQ.exe
  C:\Windows\System\GYwonrQ.exe
  2⤵
  PID:4440
- C:\Windows\System\fSbRbqz.exe
  C:\Windows\System\fSbRbqz.exe
  2⤵
  PID:4428
- C:\Windows\System\aSNLogZ.exe
  C:\Windows\System\aSNLogZ.exe
  2⤵
  PID:4484
- C:\Windows\System\YoiJBaa.exe
  C:\Windows\System\YoiJBaa.exe
  2⤵
  PID:4488
- C:\Windows\System\BFOQcza.exe
  C:\Windows\System\BFOQcza.exe
  2⤵
  PID:4528
- C:\Windows\System\lqZPZbi.exe
  C:\Windows\System\lqZPZbi.exe
  2⤵
  PID:4560
- C:\Windows\System\GGDCKsU.exe
  C:\Windows\System\GGDCKsU.exe
  2⤵
  PID:4608
- C:\Windows\System\zsGXaMQ.exe
  C:\Windows\System\zsGXaMQ.exe
  2⤵
  PID:4644
- C:\Windows\System\XmvQnRN.exe
  C:\Windows\System\XmvQnRN.exe
  2⤵
  PID:4624
- C:\Windows\System\dDmzShI.exe
  C:\Windows\System\dDmzShI.exe
  2⤵
  PID:4252
- C:\Windows\System\dzPzoqo.exe
  C:\Windows\System\dzPzoqo.exe
  2⤵
  PID:4704
- C:\Windows\System\KzKrvpf.exe
  C:\Windows\System\KzKrvpf.exe
  2⤵
  PID:4772
- C:\Windows\System\QdxNHdi.exe
  C:\Windows\System\QdxNHdi.exe
  2⤵
  PID:4816
- C:\Windows\System\PffQqYm.exe
  C:\Windows\System\PffQqYm.exe
  2⤵
  PID:4852
- C:\Windows\System\jplhpxU.exe
  C:\Windows\System\jplhpxU.exe
  2⤵
  PID:4788
- C:\Windows\System\qBDVNSs.exe
  C:\Windows\System\qBDVNSs.exe
  2⤵
  PID:4836
- C:\Windows\System\eyFtczb.exe
  C:\Windows\System\eyFtczb.exe
  2⤵
  PID:5012
- C:\Windows\System\IvwlxUh.exe
  C:\Windows\System\IvwlxUh.exe
  2⤵
  PID:4904
- C:\Windows\System\pqRKuhm.exe
  C:\Windows\System\pqRKuhm.exe
  2⤵
  PID:4948
- C:\Windows\System\GnuiIMx.exe
  C:\Windows\System\GnuiIMx.exe
  2⤵
  PID:5052
- C:\Windows\System\iwwtdTD.exe
  C:\Windows\System\iwwtdTD.exe
  2⤵
  PID:5096
- C:\Windows\System\CBYoIpT.exe
  C:\Windows\System\CBYoIpT.exe
  2⤵
  PID:404
- C:\Windows\System\ypmETZK.exe
  C:\Windows\System\ypmETZK.exe
  2⤵
  PID:5024
- C:\Windows\System\WUjXPXf.exe
  C:\Windows\System\WUjXPXf.exe
  2⤵
  PID:5068
- C:\Windows\System\wtKNJUZ.exe
  C:\Windows\System\wtKNJUZ.exe
  2⤵
  PID:5112
- C:\Windows\System\EnFNgAM.exe
  C:\Windows\System\EnFNgAM.exe
  2⤵
  PID:4112
- C:\Windows\System\BNnfGBf.exe
  C:\Windows\System\BNnfGBf.exe
  2⤵
  PID:3416
- C:\Windows\System\GLkJWFa.exe
  C:\Windows\System\GLkJWFa.exe
  2⤵
  PID:4092
- C:\Windows\System\EMiHOWM.exe
  C:\Windows\System\EMiHOWM.exe
  2⤵
  PID:4196
- C:\Windows\System\GJGWsqE.exe
  C:\Windows\System\GJGWsqE.exe
  2⤵
  PID:4000
- C:\Windows\System\UXHugHJ.exe
  C:\Windows\System\UXHugHJ.exe
  2⤵
  PID:3348
- C:\Windows\System\Yadtiuv.exe
  C:\Windows\System\Yadtiuv.exe
  2⤵
  PID:3464
- C:\Windows\System\vjXFQTC.exe
  C:\Windows\System\vjXFQTC.exe
  2⤵
  PID:4300
- C:\Windows\System\tdtrZVx.exe
  C:\Windows\System\tdtrZVx.exe
  2⤵
  PID:4136
- C:\Windows\System\nMiJNvu.exe
  C:\Windows\System\nMiJNvu.exe
  2⤵
  PID:2372
- C:\Windows\System\EVRZGvo.exe
  C:\Windows\System\EVRZGvo.exe
  2⤵
  PID:4524
- C:\Windows\System\DHsnkjM.exe
  C:\Windows\System\DHsnkjM.exe
  2⤵
  PID:4600
- C:\Windows\System\hNITygX.exe
  C:\Windows\System\hNITygX.exe
  2⤵
  PID:4424
- C:\Windows\System\yVWbAQX.exe
  C:\Windows\System\yVWbAQX.exe
  2⤵
  PID:4620
- C:\Windows\System\bxRdgNL.exe
  C:\Windows\System\bxRdgNL.exe
  2⤵
  PID:4724
- C:\Windows\System\ArBgdWZ.exe
  C:\Windows\System\ArBgdWZ.exe
  2⤵
  PID:4492
- C:\Windows\System\QSoYSyO.exe
  C:\Windows\System\QSoYSyO.exe
  2⤵
  PID:4888
- C:\Windows\System\ZKuOTSs.exe
  C:\Windows\System\ZKuOTSs.exe
  2⤵
  PID:4912
- C:\Windows\System\LGUVOjU.exe
  C:\Windows\System\LGUVOjU.exe
  2⤵
  PID:4916
- C:\Windows\System\JVaKqMz.exe
  C:\Windows\System\JVaKqMz.exe
  2⤵
  PID:4744
- C:\Windows\System\RAIByug.exe
  C:\Windows\System\RAIByug.exe
  2⤵
  PID:3668
- C:\Windows\System\rhetluU.exe
  C:\Windows\System\rhetluU.exe
  2⤵
  PID:4832
- C:\Windows\System\ILQJSsK.exe
  C:\Windows\System\ILQJSsK.exe
  2⤵
  PID:5108
- C:\Windows\System\lycgJeG.exe
  C:\Windows\System\lycgJeG.exe
  2⤵
  PID:3148
- C:\Windows\System\qsQZwYS.exe
  C:\Windows\System\qsQZwYS.exe
  2⤵
  PID:4120
- C:\Windows\System\FZvdpeU.exe
  C:\Windows\System\FZvdpeU.exe
  2⤵
  PID:3796
- C:\Windows\System\tSeWIVE.exe
  C:\Windows\System\tSeWIVE.exe
  2⤵
  PID:440
- C:\Windows\System\KsmimHh.exe
  C:\Windows\System\KsmimHh.exe
  2⤵
  PID:2408
- C:\Windows\System\peFBces.exe
  C:\Windows\System\peFBces.exe
  2⤵
  PID:4768
- C:\Windows\System\TqlClxf.exe
  C:\Windows\System\TqlClxf.exe
  2⤵
  PID:4968
- C:\Windows\System\ievyVPs.exe
  C:\Windows\System\ievyVPs.exe
  2⤵
  PID:3960
- C:\Windows\System\FGsUPvC.exe
  C:\Windows\System\FGsUPvC.exe
  2⤵
  PID:5064
- C:\Windows\System\NtzdiVD.exe
  C:\Windows\System\NtzdiVD.exe
  2⤵
  PID:3064
- C:\Windows\System\NrQnhfu.exe
  C:\Windows\System\NrQnhfu.exe
  2⤵
  PID:4980
- C:\Windows\System\gnyzmOw.exe
  C:\Windows\System\gnyzmOw.exe
  2⤵
  PID:4400
- C:\Windows\System\Pwnubzv.exe
  C:\Windows\System\Pwnubzv.exe
  2⤵
  PID:4728
- C:\Windows\System\MunhDCO.exe
  C:\Windows\System\MunhDCO.exe
  2⤵
  PID:4508
- C:\Windows\System\tWIZkkp.exe
  C:\Windows\System\tWIZkkp.exe
  2⤵
  PID:4668
- C:\Windows\System\VeaEBhC.exe
  C:\Windows\System\VeaEBhC.exe
  2⤵
  PID:4664
- C:\Windows\System\EUXsDRg.exe
  C:\Windows\System\EUXsDRg.exe
  2⤵
  PID:2384
- C:\Windows\System\ElMityD.exe
  C:\Windows\System\ElMityD.exe
  2⤵
  PID:2820
- C:\Windows\System\JRrfBxk.exe
  C:\Windows\System\JRrfBxk.exe
  2⤵
  PID:4796
- C:\Windows\System\eJLgkTK.exe
  C:\Windows\System\eJLgkTK.exe
  2⤵
  PID:3812
- C:\Windows\System\hOGgvMg.exe
  C:\Windows\System\hOGgvMg.exe
  2⤵
  PID:4404
- C:\Windows\System\ZFJpNSY.exe
  C:\Windows\System\ZFJpNSY.exe
  2⤵
  PID:2980
- C:\Windows\System\SeIMtHw.exe
  C:\Windows\System\SeIMtHw.exe
  2⤵
  PID:4964
- C:\Windows\System\JjBhQoB.exe
  C:\Windows\System\JjBhQoB.exe
  2⤵
  PID:1752
- C:\Windows\System\pCbQnFj.exe
  C:\Windows\System\pCbQnFj.exe
  2⤵
  PID:300
- C:\Windows\System\hEGALxE.exe
  C:\Windows\System\hEGALxE.exe
  2⤵
  PID:2928
- C:\Windows\System\wbcVEhM.exe
  C:\Windows\System\wbcVEhM.exe
  2⤵
  PID:4988
- C:\Windows\System\UOdldvK.exe
  C:\Windows\System\UOdldvK.exe
  2⤵
  PID:2684
- C:\Windows\System\picPtpA.exe
  C:\Windows\System\picPtpA.exe
  2⤵
  PID:5044
- C:\Windows\System\IbhkpeE.exe
  C:\Windows\System\IbhkpeE.exe
  2⤵
  PID:3604
- C:\Windows\System\oaZgcDo.exe
  C:\Windows\System\oaZgcDo.exe
  2⤵
  PID:2420
- C:\Windows\System\IFNerUi.exe
  C:\Windows\System\IFNerUi.exe
  2⤵
  PID:4420
- C:\Windows\System\lkQgXfA.exe
  C:\Windows\System\lkQgXfA.exe
  2⤵
  PID:2052
- C:\Windows\System\gZzNRnJ.exe
  C:\Windows\System\gZzNRnJ.exe
  2⤵
  PID:5076
- C:\Windows\System\XcZpAIF.exe
  C:\Windows\System\XcZpAIF.exe
  2⤵
  PID:4640
- C:\Windows\System\wpdMmLD.exe
  C:\Windows\System\wpdMmLD.exe
  2⤵
  PID:4992
- C:\Windows\System\piwHZhD.exe
  C:\Windows\System\piwHZhD.exe
  2⤵
  PID:4208
- C:\Windows\System\KuLqTmr.exe
  C:\Windows\System\KuLqTmr.exe
  2⤵
  PID:2548
- C:\Windows\System\OuxQEFX.exe
  C:\Windows\System\OuxQEFX.exe
  2⤵
  PID:1320
- C:\Windows\System\WvVClLT.exe
  C:\Windows\System\WvVClLT.exe
  2⤵
  PID:4892
- C:\Windows\System\EkrRdaW.exe
  C:\Windows\System\EkrRdaW.exe
  2⤵
  PID:5132
- C:\Windows\System\sfICUAN.exe
  C:\Windows\System\sfICUAN.exe
  2⤵
  PID:5148
- C:\Windows\System\iilsLpy.exe
  C:\Windows\System\iilsLpy.exe
  2⤵
  PID:5168
- C:\Windows\System\oHBxnPK.exe
  C:\Windows\System\oHBxnPK.exe
  2⤵
  PID:5184
- C:\Windows\System\XorFfgK.exe
  C:\Windows\System\XorFfgK.exe
  2⤵
  PID:5200
- C:\Windows\System\AjgKcnU.exe
  C:\Windows\System\AjgKcnU.exe
  2⤵
  PID:5304
- C:\Windows\System\cjwvNRw.exe
  C:\Windows\System\cjwvNRw.exe
  2⤵
  PID:5320
- C:\Windows\System\eVdmaDC.exe
  C:\Windows\System\eVdmaDC.exe
  2⤵
  PID:5340
- C:\Windows\System\tNixNLv.exe
  C:\Windows\System\tNixNLv.exe
  2⤵
  PID:5364
- C:\Windows\System\SiIABAc.exe
  C:\Windows\System\SiIABAc.exe
  2⤵
  PID:5384
- C:\Windows\System\yiypfTD.exe
  C:\Windows\System\yiypfTD.exe
  2⤵
  PID:5404
- C:\Windows\System\dLpPiXq.exe
  C:\Windows\System\dLpPiXq.exe
  2⤵
  PID:5420
- C:\Windows\System\dZPBjti.exe
  C:\Windows\System\dZPBjti.exe
  2⤵
  PID:5440
- C:\Windows\System\QFYyiiS.exe
  C:\Windows\System\QFYyiiS.exe
  2⤵
  PID:5456
- C:\Windows\System\zIZbZkK.exe
  C:\Windows\System\zIZbZkK.exe
  2⤵
  PID:5472
- C:\Windows\System\GyBMwYi.exe
  C:\Windows\System\GyBMwYi.exe
  2⤵
  PID:5488
- C:\Windows\System\DGsOTmX.exe
  C:\Windows\System\DGsOTmX.exe
  2⤵
  PID:5508
- C:\Windows\System\usjbGPK.exe
  C:\Windows\System\usjbGPK.exe
  2⤵
  PID:5524
- C:\Windows\System\OiDYCSb.exe
  C:\Windows\System\OiDYCSb.exe
  2⤵
  PID:5540
- C:\Windows\System\noBwwdi.exe
  C:\Windows\System\noBwwdi.exe
  2⤵
  PID:5556
- C:\Windows\System\mdGZSzj.exe
  C:\Windows\System\mdGZSzj.exe
  2⤵
  PID:5572
- C:\Windows\System\frkCUtR.exe
  C:\Windows\System\frkCUtR.exe
  2⤵
  PID:5588
- C:\Windows\System\YvaUNao.exe
  C:\Windows\System\YvaUNao.exe
  2⤵
  PID:5604
- C:\Windows\System\pqZUzkn.exe
  C:\Windows\System\pqZUzkn.exe
  2⤵
  PID:5620
- C:\Windows\System\XBLXFAp.exe
  C:\Windows\System\XBLXFAp.exe
  2⤵
  PID:5636
- C:\Windows\System\HAcZZtV.exe
  C:\Windows\System\HAcZZtV.exe
  2⤵
  PID:5656
- C:\Windows\System\nEAVJZZ.exe
  C:\Windows\System\nEAVJZZ.exe
  2⤵
  PID:5672
- C:\Windows\System\zxKQOTu.exe
  C:\Windows\System\zxKQOTu.exe
  2⤵
  PID:5688
- C:\Windows\System\zPZHivO.exe
  C:\Windows\System\zPZHivO.exe
  2⤵
  PID:5704
- C:\Windows\System\lIACLpU.exe
  C:\Windows\System\lIACLpU.exe
  2⤵
  PID:5736
- C:\Windows\System\YZaDYeL.exe
  C:\Windows\System\YZaDYeL.exe
  2⤵
  PID:5756
- C:\Windows\System\mjSmUOy.exe
  C:\Windows\System\mjSmUOy.exe
  2⤵
  PID:5772
- C:\Windows\System\HwbSpGm.exe
  C:\Windows\System\HwbSpGm.exe
  2⤵
  PID:5788
- C:\Windows\System\MlAhJSg.exe
  C:\Windows\System\MlAhJSg.exe
  2⤵
  PID:5804
- C:\Windows\System\kllTVdE.exe
  C:\Windows\System\kllTVdE.exe
  2⤵
  PID:5820
- C:\Windows\System\vaZgSNP.exe
  C:\Windows\System\vaZgSNP.exe
  2⤵
  PID:5836
- C:\Windows\System\jztsNlr.exe
  C:\Windows\System\jztsNlr.exe
  2⤵
  PID:5852
- C:\Windows\System\MjTDmEl.exe
  C:\Windows\System\MjTDmEl.exe
  2⤵
  PID:5868
- C:\Windows\System\ULsYFph.exe
  C:\Windows\System\ULsYFph.exe
  2⤵
  PID:5884
- C:\Windows\System\uxxwUAl.exe
  C:\Windows\System\uxxwUAl.exe
  2⤵
  PID:5900
- C:\Windows\System\tLvMBvC.exe
  C:\Windows\System\tLvMBvC.exe
  2⤵
  PID:5916
- C:\Windows\System\iJoUmEn.exe
  C:\Windows\System\iJoUmEn.exe
  2⤵
  PID:5932
- C:\Windows\System\kRHYNsj.exe
  C:\Windows\System\kRHYNsj.exe
  2⤵
  PID:5952
- C:\Windows\System\qtszMNY.exe
  C:\Windows\System\qtszMNY.exe
  2⤵
  PID:5968
- C:\Windows\System\fEYQiHW.exe
  C:\Windows\System\fEYQiHW.exe
  2⤵
  PID:5984
- C:\Windows\System\HalkdSQ.exe
  C:\Windows\System\HalkdSQ.exe
  2⤵
  PID:6004
- C:\Windows\System\NgGtMWy.exe
  C:\Windows\System\NgGtMWy.exe
  2⤵
  PID:6024
- C:\Windows\System\kempdCr.exe
  C:\Windows\System\kempdCr.exe
  2⤵
  PID:6040
- C:\Windows\System\CAscolM.exe
  C:\Windows\System\CAscolM.exe
  2⤵
  PID:6056
- C:\Windows\System\zWBmGsU.exe
  C:\Windows\System\zWBmGsU.exe
  2⤵
  PID:6072
- C:\Windows\System\nPveWab.exe
  C:\Windows\System\nPveWab.exe
  2⤵
  PID:6088
- C:\Windows\System\mDYydNE.exe
  C:\Windows\System\mDYydNE.exe
  2⤵
  PID:6104
- C:\Windows\System\mllWvba.exe
  C:\Windows\System\mllWvba.exe
  2⤵
  PID:6120
- C:\Windows\System\kMPoadf.exe
  C:\Windows\System\kMPoadf.exe
  2⤵
  PID:6136
- C:\Windows\System\QAhbolR.exe
  C:\Windows\System\QAhbolR.exe
  2⤵
  PID:4044
- C:\Windows\System\TZQsboH.exe
  C:\Windows\System\TZQsboH.exe
  2⤵
  PID:4260
- C:\Windows\System\nVCuQgE.exe
  C:\Windows\System\nVCuQgE.exe
  2⤵
  PID:5128
- C:\Windows\System\dPsusIp.exe
  C:\Windows\System\dPsusIp.exe
  2⤵
  PID:5160
- C:\Windows\System\dizSuOM.exe
  C:\Windows\System\dizSuOM.exe
  2⤵
  PID:1140
- C:\Windows\System\uqdSNbu.exe
  C:\Windows\System\uqdSNbu.exe
  2⤵
  PID:5268
- C:\Windows\System\kqHWoPA.exe
  C:\Windows\System\kqHWoPA.exe
  2⤵
  PID:5280
- C:\Windows\System\adhfnUc.exe
  C:\Windows\System\adhfnUc.exe
  2⤵
  PID:5296
- C:\Windows\System\IxZYmqi.exe
  C:\Windows\System\IxZYmqi.exe
  2⤵
  PID:1616
- C:\Windows\System\mDpHSJi.exe
  C:\Windows\System\mDpHSJi.exe
  2⤵
  PID:5496
- C:\Windows\System\DhQdvtB.exe
  C:\Windows\System\DhQdvtB.exe
  2⤵
  PID:5532
- C:\Windows\System\moplWGm.exe
  C:\Windows\System\moplWGm.exe
  2⤵
  PID:5596
- C:\Windows\System\XspXPRA.exe
  C:\Windows\System\XspXPRA.exe
  2⤵
  PID:5664
- C:\Windows\System\tdFgNbI.exe
  C:\Windows\System\tdFgNbI.exe
  2⤵
  PID:5380
- C:\Windows\System\kpJkydk.exe
  C:\Windows\System\kpJkydk.exe
  2⤵
  PID:5696
- C:\Windows\System\GzWFJti.exe
  C:\Windows\System\GzWFJti.exe
  2⤵
  PID:5480
- C:\Windows\System\XiBqyvZ.exe
  C:\Windows\System\XiBqyvZ.exe
  2⤵
  PID:5520
- C:\Windows\System\lQjZdQE.exe
  C:\Windows\System\lQjZdQE.exe
  2⤵
  PID:1856
- C:\Windows\System\yRqBHcW.exe
  C:\Windows\System\yRqBHcW.exe
  2⤵
  PID:5912
- C:\Windows\System\sQFLrmi.exe
  C:\Windows\System\sQFLrmi.exe
  2⤵
  PID:5976
- C:\Windows\System\CIHUZNw.exe
  C:\Windows\System\CIHUZNw.exe
  2⤵
  PID:6020
- C:\Windows\System\RYaKqDV.exe
  C:\Windows\System\RYaKqDV.exe
  2⤵
  PID:6052
- C:\Windows\System\FIExcCw.exe
  C:\Windows\System\FIExcCw.exe
  2⤵
  PID:6068
- C:\Windows\System\ikwgPIH.exe
  C:\Windows\System\ikwgPIH.exe
  2⤵
  PID:5864
- C:\Windows\System\PuJGHnz.exe
  C:\Windows\System\PuJGHnz.exe
  2⤵
  PID:5960
- C:\Windows\System\VQTMiNy.exe
  C:\Windows\System\VQTMiNy.exe
  2⤵
  PID:6084
- C:\Windows\System\yUbwnKO.exe
  C:\Windows\System\yUbwnKO.exe
  2⤵
  PID:6116
- C:\Windows\System\aOUFdfS.exe
  C:\Windows\System\aOUFdfS.exe
  2⤵
  PID:5192
- C:\Windows\System\UfdnBRz.exe
  C:\Windows\System\UfdnBRz.exe
  2⤵
  PID:1924
- C:\Windows\System\VZqzSvO.exe
  C:\Windows\System\VZqzSvO.exe
  2⤵
  PID:4548
- C:\Windows\System\oOUOVYM.exe
  C:\Windows\System\oOUOVYM.exe
  2⤵
  PID:4712
- C:\Windows\System\FUcEgsz.exe
  C:\Windows\System\FUcEgsz.exe
  2⤵
  PID:5208
- C:\Windows\System\znirRmL.exe
  C:\Windows\System\znirRmL.exe
  2⤵
  PID:2544
- C:\Windows\System\XLUVnyF.exe
  C:\Windows\System\XLUVnyF.exe
  2⤵
  PID:5348
- C:\Windows\System\pPOZvqd.exe
  C:\Windows\System\pPOZvqd.exe
  2⤵
  PID:5356
- C:\Windows\System\sEHYNiz.exe
  C:\Windows\System\sEHYNiz.exe
  2⤵
  PID:5248
- C:\Windows\System\qhvOgCn.exe
  C:\Windows\System\qhvOgCn.exe
  2⤵
  PID:5264
- C:\Windows\System\QUDBSNj.exe
  C:\Windows\System\QUDBSNj.exe
  2⤵
  PID:2780
- C:\Windows\System\RXGtRpf.exe
  C:\Windows\System\RXGtRpf.exe
  2⤵
  PID:848
- C:\Windows\System\EEDTHWf.exe
  C:\Windows\System\EEDTHWf.exe
  2⤵
  PID:5464
- C:\Windows\System\YokhtWs.exe
  C:\Windows\System\YokhtWs.exe
  2⤵
  PID:5632
- C:\Windows\System\nZfIPIX.exe
  C:\Windows\System\nZfIPIX.exe
  2⤵
  PID:2968
- C:\Windows\System\bhiAJBE.exe
  C:\Windows\System\bhiAJBE.exe
  2⤵
  PID:5684
- C:\Windows\System\QbkDzqG.exe
  C:\Windows\System\QbkDzqG.exe
  2⤵
  PID:5720
- C:\Windows\System\AvsdUxz.exe
  C:\Windows\System\AvsdUxz.exe
  2⤵
  PID:5448
- C:\Windows\System\SYnpaZw.exe
  C:\Windows\System\SYnpaZw.exe
  2⤵
  PID:5812
- C:\Windows\System\xmIcmlb.exe
  C:\Windows\System\xmIcmlb.exe
  2⤵
  PID:5552
- C:\Windows\System\frTIJyG.exe
  C:\Windows\System\frTIJyG.exe
  2⤵
  PID:992
- C:\Windows\System\fDBEHJg.exe
  C:\Windows\System\fDBEHJg.exe
  2⤵
  PID:2760
- C:\Windows\System\QpnBDic.exe
  C:\Windows\System\QpnBDic.exe
  2⤵
  PID:6036
- C:\Windows\System\CwvXzii.exe
  C:\Windows\System\CwvXzii.exe
  2⤵
  PID:5732
- C:\Windows\System\xtqIOVI.exe
  C:\Windows\System\xtqIOVI.exe
  2⤵
  PID:5992
- C:\Windows\System\FyqwnKP.exe
  C:\Windows\System\FyqwnKP.exe
  2⤵
  PID:5896
- C:\Windows\System\aHBZdzc.exe
  C:\Windows\System\aHBZdzc.exe
  2⤵
  PID:6132
- C:\Windows\System\NzcfvhQ.exe
  C:\Windows\System\NzcfvhQ.exe
  2⤵
  PID:4984
- C:\Windows\System\NWhCnbm.exe
  C:\Windows\System\NWhCnbm.exe
  2⤵
  PID:4752
- C:\Windows\System\LRrWNzS.exe
  C:\Windows\System\LRrWNzS.exe
  2⤵
  PID:5144
- C:\Windows\System\dLQedmk.exe
  C:\Windows\System\dLQedmk.exe
  2⤵
  PID:2024
- C:\Windows\System\jlZXRhO.exe
  C:\Windows\System\jlZXRhO.exe
  2⤵
  PID:5360
- C:\Windows\System\RwlfVJY.exe
  C:\Windows\System\RwlfVJY.exe
  2⤵
  PID:5436
- C:\Windows\System\swBwVjD.exe
  C:\Windows\System\swBwVjD.exe
  2⤵
  PID:1436
- C:\Windows\System\aUHzGgD.exe
  C:\Windows\System\aUHzGgD.exe
  2⤵
  PID:2216
- C:\Windows\System\kUsUXoQ.exe
  C:\Windows\System\kUsUXoQ.exe
  2⤵
  PID:5372
- C:\Windows\System\XNRrwkh.exe
  C:\Windows\System\XNRrwkh.exe
  2⤵
  PID:5564
- C:\Windows\System\buRlZAF.exe
  C:\Windows\System\buRlZAF.exe
  2⤵
  PID:2520
- C:\Windows\System\ftSgOHV.exe
  C:\Windows\System\ftSgOHV.exe
  2⤵
  PID:5880
- C:\Windows\System\MclRaVJ.exe
  C:\Windows\System\MclRaVJ.exe
  2⤵
  PID:5584
- C:\Windows\System\rBUqCDO.exe
  C:\Windows\System\rBUqCDO.exe
  2⤵
  PID:5652
- C:\Windows\System\Vhnxnjk.exe
  C:\Windows\System\Vhnxnjk.exe
  2⤵
  PID:3060
- C:\Windows\System\CuafJAw.exe
  C:\Windows\System\CuafJAw.exe
  2⤵
  PID:1076
- C:\Windows\System\lqkrbud.exe
  C:\Windows\System\lqkrbud.exe
  2⤵
  PID:5780
- C:\Windows\System\wmscwPA.exe
  C:\Windows\System\wmscwPA.exe
  2⤵
  PID:5040
- C:\Windows\System\amZThby.exe
  C:\Windows\System\amZThby.exe
  2⤵
  PID:5628
- C:\Windows\System\gLIZWje.exe
  C:\Windows\System\gLIZWje.exe
  2⤵
  PID:6016
- C:\Windows\System\SxxQhZm.exe
  C:\Windows\System\SxxQhZm.exe
  2⤵
  PID:6100
- C:\Windows\System\IdDqgCL.exe
  C:\Windows\System\IdDqgCL.exe
  2⤵
  PID:6080
- C:\Windows\System\GqPoRfT.exe
  C:\Windows\System\GqPoRfT.exe
  2⤵
  PID:5860
- C:\Windows\System\ROafhHz.exe
  C:\Windows\System\ROafhHz.exe
  2⤵
  PID:6012
- C:\Windows\System\qqeNgxf.exe
  C:\Windows\System\qqeNgxf.exe
  2⤵
  PID:4584
- C:\Windows\System\fuIQLPe.exe
  C:\Windows\System\fuIQLPe.exe
  2⤵
  PID:5816
- C:\Windows\System\AnmqIut.exe
  C:\Windows\System\AnmqIut.exe
  2⤵
  PID:2788
- C:\Windows\System\aIIBXyj.exe
  C:\Windows\System\aIIBXyj.exe
  2⤵
  PID:5292
- C:\Windows\System\dYCMmRj.exe
  C:\Windows\System\dYCMmRj.exe
  2⤵
  PID:6152
- C:\Windows\System\kXwbRaB.exe
  C:\Windows\System\kXwbRaB.exe
  2⤵
  PID:6168
- C:\Windows\System\rzDgFmi.exe
  C:\Windows\System\rzDgFmi.exe
  2⤵
  PID:6184
- C:\Windows\System\loYEQjy.exe
  C:\Windows\System\loYEQjy.exe
  2⤵
  PID:6204
- C:\Windows\System\XPjuytW.exe
  C:\Windows\System\XPjuytW.exe
  2⤵
  PID:6220
- C:\Windows\System\ENwatDy.exe
  C:\Windows\System\ENwatDy.exe
  2⤵
  PID:6236
- C:\Windows\System\TOZpCgD.exe
  C:\Windows\System\TOZpCgD.exe
  2⤵
  PID:6256
- C:\Windows\System\umXqwRS.exe
  C:\Windows\System\umXqwRS.exe
  2⤵
  PID:6276
- C:\Windows\System\oxORLzw.exe
  C:\Windows\System\oxORLzw.exe
  2⤵
  PID:6296
- C:\Windows\System\bxwwrtb.exe
  C:\Windows\System\bxwwrtb.exe
  2⤵
  PID:6312
- C:\Windows\System\jgScyzr.exe
  C:\Windows\System\jgScyzr.exe
  2⤵
  PID:6328
- C:\Windows\System\zYrmpqp.exe
  C:\Windows\System\zYrmpqp.exe
  2⤵
  PID:6348
- C:\Windows\System\fjAEvEs.exe
  C:\Windows\System\fjAEvEs.exe
  2⤵
  PID:6364
- C:\Windows\System\NgwxgTY.exe
  C:\Windows\System\NgwxgTY.exe
  2⤵
  PID:6384
- C:\Windows\System\GeeZjzg.exe
  C:\Windows\System\GeeZjzg.exe
  2⤵
  PID:6400
- C:\Windows\System\hYAsuKX.exe
  C:\Windows\System\hYAsuKX.exe
  2⤵
  PID:6416
- C:\Windows\System\lEJbJKU.exe
  C:\Windows\System\lEJbJKU.exe
  2⤵
  PID:6432
- C:\Windows\System\btPQFxC.exe
  C:\Windows\System\btPQFxC.exe
  2⤵
  PID:6500
- C:\Windows\System\bKwOOFs.exe
  C:\Windows\System\bKwOOFs.exe
  2⤵
  PID:6516
- C:\Windows\System\wBHmDsC.exe
  C:\Windows\System\wBHmDsC.exe
  2⤵
  PID:6540
- C:\Windows\System\EXSAOuY.exe
  C:\Windows\System\EXSAOuY.exe
  2⤵
  PID:6556
- C:\Windows\System\SXKAJfj.exe
  C:\Windows\System\SXKAJfj.exe
  2⤵
  PID:6572
- C:\Windows\System\zBmOTcU.exe
  C:\Windows\System\zBmOTcU.exe
  2⤵
  PID:6588
- C:\Windows\System\VAzXtxZ.exe
  C:\Windows\System\VAzXtxZ.exe
  2⤵
  PID:6612
- C:\Windows\System\TkBJuhg.exe
  C:\Windows\System\TkBJuhg.exe
  2⤵
  PID:6632
- C:\Windows\System\CkGmYcP.exe
  C:\Windows\System\CkGmYcP.exe
  2⤵
  PID:6656
- C:\Windows\System\pNJMPdF.exe
  C:\Windows\System\pNJMPdF.exe
  2⤵
  PID:6676
- C:\Windows\System\wgyagJT.exe
  C:\Windows\System\wgyagJT.exe
  2⤵
  PID:6696
- C:\Windows\System\jBaWJov.exe
  C:\Windows\System\jBaWJov.exe
  2⤵
  PID:6716
- C:\Windows\System\BRzVuVd.exe
  C:\Windows\System\BRzVuVd.exe
  2⤵
  PID:6736
- C:\Windows\System\kVzrWLY.exe
  C:\Windows\System\kVzrWLY.exe
  2⤵
  PID:6764
- C:\Windows\System\TBCVNmP.exe
  C:\Windows\System\TBCVNmP.exe
  2⤵
  PID:6780
- C:\Windows\System\hdXGbxs.exe
  C:\Windows\System\hdXGbxs.exe
  2⤵
  PID:6796
- C:\Windows\System\xyiRRVx.exe
  C:\Windows\System\xyiRRVx.exe
  2⤵
  PID:6812
- C:\Windows\System\mLaEtyy.exe
  C:\Windows\System\mLaEtyy.exe
  2⤵
  PID:6840
- C:\Windows\System\xDiXPfr.exe
  C:\Windows\System\xDiXPfr.exe
  2⤵
  PID:6856
- C:\Windows\System\hTmfMSa.exe
  C:\Windows\System\hTmfMSa.exe
  2⤵
  PID:6872
- C:\Windows\System\aQJnKwq.exe
  C:\Windows\System\aQJnKwq.exe
  2⤵
  PID:6888
- C:\Windows\System\cVFDHDB.exe
  C:\Windows\System\cVFDHDB.exe
  2⤵
  PID:6904
- C:\Windows\System\avNMEGy.exe
  C:\Windows\System\avNMEGy.exe
  2⤵
  PID:6924
- C:\Windows\System\aBqeNTH.exe
  C:\Windows\System\aBqeNTH.exe
  2⤵
  PID:6948
- C:\Windows\System\BPkkXAJ.exe
  C:\Windows\System\BPkkXAJ.exe
  2⤵
  PID:6964
- C:\Windows\System\FmEMKmq.exe
  C:\Windows\System\FmEMKmq.exe
  2⤵
  PID:6980
- C:\Windows\System\eCyIADM.exe
  C:\Windows\System\eCyIADM.exe
  2⤵
  PID:6996
- C:\Windows\System\IQRyznH.exe
  C:\Windows\System\IQRyznH.exe
  2⤵
  PID:7016
- C:\Windows\System\pgXdcYc.exe
  C:\Windows\System\pgXdcYc.exe
  2⤵
  PID:7044
- C:\Windows\System\NCFXfEL.exe
  C:\Windows\System\NCFXfEL.exe
  2⤵
  PID:7064
- C:\Windows\System\pCGyNpj.exe
  C:\Windows\System\pCGyNpj.exe
  2⤵
  PID:7112
- C:\Windows\System\QesClKd.exe
  C:\Windows\System\QesClKd.exe
  2⤵
  PID:7132
- C:\Windows\System\jtlCLhq.exe
  C:\Windows\System\jtlCLhq.exe
  2⤵
  PID:7152
- C:\Windows\System\OYBFaWn.exe
  C:\Windows\System\OYBFaWn.exe
  2⤵
  PID:5352
- C:\Windows\System\SVmbHhc.exe
  C:\Windows\System\SVmbHhc.exe
  2⤵
  PID:5004
- C:\Windows\System\LaulcZO.exe
  C:\Windows\System\LaulcZO.exe
  2⤵
  PID:6096
- C:\Windows\System\GKHcGad.exe
  C:\Windows\System\GKHcGad.exe
  2⤵
  PID:2416
- C:\Windows\System\XbYulhh.exe
  C:\Windows\System\XbYulhh.exe
  2⤵
  PID:6180
- C:\Windows\System\jAoZOTS.exe
  C:\Windows\System\jAoZOTS.exe
  2⤵
  PID:6252
- C:\Windows\System\vPGvcZp.exe
  C:\Windows\System\vPGvcZp.exe
  2⤵
  PID:6324
- C:\Windows\System\QYxocud.exe
  C:\Windows\System\QYxocud.exe
  2⤵
  PID:6424
- C:\Windows\System\KNryvHq.exe
  C:\Windows\System\KNryvHq.exe
  2⤵
  PID:6232
- C:\Windows\System\VhbhNrZ.exe
  C:\Windows\System\VhbhNrZ.exe
  2⤵
  PID:5332
- C:\Windows\System\IgATaLl.exe
  C:\Windows\System\IgATaLl.exe
  2⤵
  PID:6440
- C:\Windows\System\DsjPnGM.exe
  C:\Windows\System\DsjPnGM.exe
  2⤵
  PID:5928
- C:\Windows\System\hjDBkCe.exe
  C:\Windows\System\hjDBkCe.exe
  2⤵
  PID:6472
- C:\Windows\System\kUWDkgW.exe
  C:\Windows\System\kUWDkgW.exe
  2⤵
  PID:6528
- C:\Windows\System\wOmLaTq.exe
  C:\Windows\System\wOmLaTq.exe
  2⤵
  PID:6160
- C:\Windows\System\dHJyipI.exe
  C:\Windows\System\dHJyipI.exe
  2⤵
  PID:6604
- C:\Windows\System\GTYiNar.exe
  C:\Windows\System\GTYiNar.exe
  2⤵
  PID:6268
- C:\Windows\System\HaNxida.exe
  C:\Windows\System\HaNxida.exe
  2⤵
  PID:6340
- C:\Windows\System\NrFxuXM.exe
  C:\Windows\System\NrFxuXM.exe
  2⤵
  PID:6724
- C:\Windows\System\AREnMWD.exe
  C:\Windows\System\AREnMWD.exe
  2⤵
  PID:6584
- C:\Windows\System\lJZkfhI.exe
  C:\Windows\System\lJZkfhI.exe
  2⤵
  PID:6668
- C:\Windows\System\ZutxRot.exe
  C:\Windows\System\ZutxRot.exe
  2⤵
  PID:6868
- C:\Windows\System\tUpqlAw.exe
  C:\Windows\System\tUpqlAw.exe
  2⤵
  PID:6804
- C:\Windows\System\lMZttuf.exe
  C:\Windows\System\lMZttuf.exe
  2⤵
  PID:6756
- C:\Windows\System\LuoXbHG.exe
  C:\Windows\System\LuoXbHG.exe
  2⤵
  PID:6524
- C:\Windows\System\lyUsCSZ.exe
  C:\Windows\System\lyUsCSZ.exe
  2⤵
  PID:6484
- C:\Windows\System\jRuMcDQ.exe
  C:\Windows\System\jRuMcDQ.exe
  2⤵
  PID:6832
- C:\Windows\System\dShJSXH.exe
  C:\Windows\System\dShJSXH.exe
  2⤵
  PID:6900
- C:\Windows\System\jriLytn.exe
  C:\Windows\System\jriLytn.exe
  2⤵
  PID:7004
- C:\Windows\System\thvtAhd.exe
  C:\Windows\System\thvtAhd.exe
  2⤵
  PID:6916
- C:\Windows\System\xPINVuE.exe
  C:\Windows\System\xPINVuE.exe
  2⤵
  PID:6960
- C:\Windows\System\bXOVTKw.exe
  C:\Windows\System\bXOVTKw.exe
  2⤵
  PID:7028
- C:\Windows\System\AArbAgy.exe
  C:\Windows\System\AArbAgy.exe
  2⤵
  PID:7080
- C:\Windows\System\QlTyprP.exe
  C:\Windows\System\QlTyprP.exe
  2⤵
  PID:7096
- C:\Windows\System\JIwJrOF.exe
  C:\Windows\System\JIwJrOF.exe
  2⤵
  PID:7140
- C:\Windows\System\QUVogsy.exe
  C:\Windows\System\QUVogsy.exe
  2⤵
  PID:6308
- C:\Windows\System\dooqtym.exe
  C:\Windows\System\dooqtym.exe
  2⤵
  PID:6480
- C:\Windows\System\xPgQpAD.exe
  C:\Windows\System\xPgQpAD.exe
  2⤵
  PID:6448
- C:\Windows\System\uuIyUWe.exe
  C:\Windows\System\uuIyUWe.exe
  2⤵
  PID:6748
- C:\Windows\System\kfSUokN.exe
  C:\Windows\System\kfSUokN.exe
  2⤵
  PID:5648
- C:\Windows\System\MgQxAGw.exe
  C:\Windows\System\MgQxAGw.exe
  2⤵
  PID:6912
- C:\Windows\System\pPuOLSU.exe
  C:\Windows\System\pPuOLSU.exe
  2⤵
  PID:7092
- C:\Windows\System\OVeFRhg.exe
  C:\Windows\System\OVeFRhg.exe
  2⤵
  PID:7060
- C:\Windows\System\DarxMsz.exe
  C:\Windows\System\DarxMsz.exe
  2⤵
  PID:6216
- C:\Windows\System\MrUSeFj.exe
  C:\Windows\System\MrUSeFj.exe
  2⤵
  PID:2280
- C:\Windows\System\kZcqyNW.exe
  C:\Windows\System\kZcqyNW.exe
  2⤵
  PID:7128
- C:\Windows\System\EbzlIhM.exe
  C:\Windows\System\EbzlIhM.exe
  2⤵
  PID:5244
- C:\Windows\System\KAoMIrN.exe
  C:\Windows\System\KAoMIrN.exe
  2⤵
  PID:2860
- C:\Windows\System\xFhnrBa.exe
  C:\Windows\System\xFhnrBa.exe
  2⤵
  PID:7076
- C:\Windows\System\fDEsCaD.exe
  C:\Windows\System\fDEsCaD.exe
  2⤵
  PID:6228
- C:\Windows\System\iHHEXZg.exe
  C:\Windows\System\iHHEXZg.exe
  2⤵
  PID:6460
- C:\Windows\System\KGRwylV.exe
  C:\Windows\System\KGRwylV.exe
  2⤵
  PID:6568
- C:\Windows\System\kfvwWFV.exe
  C:\Windows\System\kfvwWFV.exe
  2⤵
  PID:6776
- C:\Windows\System\NFgNzDo.exe
  C:\Windows\System\NFgNzDo.exe
  2⤵
  PID:6808
- C:\Windows\System\lQYBdwu.exe
  C:\Windows\System\lQYBdwu.exe
  2⤵
  PID:6976
- C:\Windows\System\FTIAQnh.exe
  C:\Windows\System\FTIAQnh.exe
  2⤵
  PID:7108
- C:\Windows\System\UkSJGzi.exe
  C:\Windows\System\UkSJGzi.exe
  2⤵
  PID:6452
- C:\Windows\System\osVYHrY.exe
  C:\Windows\System\osVYHrY.exe
  2⤵
  PID:6496
- C:\Windows\System\JoUbWdN.exe
  C:\Windows\System\JoUbWdN.exe
  2⤵
  PID:7148
- C:\Windows\System\miZkEdm.exe
  C:\Windows\System\miZkEdm.exe
  2⤵
  PID:5176
- C:\Windows\System\aRBZvsf.exe
  C:\Windows\System\aRBZvsf.exe
  2⤵
  PID:6772
- C:\Windows\System\foUtvmd.exe
  C:\Windows\System\foUtvmd.exe
  2⤵
  PID:7012
- C:\Windows\System\MeboJQb.exe
  C:\Windows\System\MeboJQb.exe
  2⤵
  PID:7024
- C:\Windows\System\zZhpTKP.exe
  C:\Windows\System\zZhpTKP.exe
  2⤵
  PID:6248
- C:\Windows\System\YJxfhnP.exe
  C:\Windows\System\YJxfhnP.exe
  2⤵
  PID:6128
- C:\Windows\System\VamUlDK.exe
  C:\Windows\System\VamUlDK.exe
  2⤵
  PID:6564
- C:\Windows\System\SYvhguc.exe
  C:\Windows\System\SYvhguc.exe
  2⤵
  PID:6360
- C:\Windows\System\jJSUleh.exe
  C:\Windows\System\jJSUleh.exe
  2⤵
  PID:6176
- C:\Windows\System\XBxcDfe.exe
  C:\Windows\System\XBxcDfe.exe
  2⤵
  PID:6792
- C:\Windows\System\HWjrYJB.exe
  C:\Windows\System\HWjrYJB.exe
  2⤵
  PID:7104
- C:\Windows\System\ncjKFbj.exe
  C:\Windows\System\ncjKFbj.exe
  2⤵
  PID:5428
- C:\Windows\System\VWMckAS.exe
  C:\Windows\System\VWMckAS.exe
  2⤵
  PID:6884
- C:\Windows\System\fAROgac.exe
  C:\Windows\System\fAROgac.exe
  2⤵
  PID:7036
- C:\Windows\System\jEVDSQF.exe
  C:\Windows\System\jEVDSQF.exe
  2⤵
  PID:6624
- C:\Windows\System\gCtjabL.exe
  C:\Windows\System\gCtjabL.exe
  2⤵
  PID:7164
- C:\Windows\System\eQJJHKo.exe
  C:\Windows\System\eQJJHKo.exe
  2⤵
  PID:7176
- C:\Windows\System\JZcfluu.exe
  C:\Windows\System\JZcfluu.exe
  2⤵
  PID:7196
- C:\Windows\System\nlfPxch.exe
  C:\Windows\System\nlfPxch.exe
  2⤵
  PID:7212
- C:\Windows\System\ySmFgVn.exe
  C:\Windows\System\ySmFgVn.exe
  2⤵
  PID:7232
- C:\Windows\System\arMxiLS.exe
  C:\Windows\System\arMxiLS.exe
  2⤵
  PID:7248
- C:\Windows\System\JLIBDUN.exe
  C:\Windows\System\JLIBDUN.exe
  2⤵
  PID:7268
- C:\Windows\System\huOTWTD.exe
  C:\Windows\System\huOTWTD.exe
  2⤵
  PID:7292
- C:\Windows\System\srYFZwy.exe
  C:\Windows\System\srYFZwy.exe
  2⤵
  PID:7356
- C:\Windows\System\grcoBub.exe
  C:\Windows\System\grcoBub.exe
  2⤵
  PID:7372
- C:\Windows\System\DrxqhuQ.exe
  C:\Windows\System\DrxqhuQ.exe
  2⤵
  PID:7388
- C:\Windows\System\YdNGFdZ.exe
  C:\Windows\System\YdNGFdZ.exe
  2⤵
  PID:7404
- C:\Windows\System\CxtDAbt.exe
  C:\Windows\System\CxtDAbt.exe
  2⤵
  PID:7428
- C:\Windows\System\MABDNaA.exe
  C:\Windows\System\MABDNaA.exe
  2⤵
  PID:7448
- C:\Windows\System\odFbjKy.exe
  C:\Windows\System\odFbjKy.exe
  2⤵
  PID:7464
- C:\Windows\System\BjFeACg.exe
  C:\Windows\System\BjFeACg.exe
  2⤵
  PID:7480
- C:\Windows\System\sQfJYkd.exe
  C:\Windows\System\sQfJYkd.exe
  2⤵
  PID:7496
- C:\Windows\System\UTppVYY.exe
  C:\Windows\System\UTppVYY.exe
  2⤵
  PID:7512
- C:\Windows\System\AXjASgQ.exe
  C:\Windows\System\AXjASgQ.exe
  2⤵
  PID:7528
- C:\Windows\System\TfpjJXL.exe
  C:\Windows\System\TfpjJXL.exe
  2⤵
  PID:7548
- C:\Windows\System\sJjmlyX.exe
  C:\Windows\System\sJjmlyX.exe
  2⤵
  PID:7564
- C:\Windows\System\sNKNdGb.exe
  C:\Windows\System\sNKNdGb.exe
  2⤵
  PID:7580
- C:\Windows\System\rycGkFb.exe
  C:\Windows\System\rycGkFb.exe
  2⤵
  PID:7600
- C:\Windows\System\KXYbEvu.exe
  C:\Windows\System\KXYbEvu.exe
  2⤵
  PID:7624
- C:\Windows\System\HREQTEC.exe
  C:\Windows\System\HREQTEC.exe
  2⤵
  PID:7640
- C:\Windows\System\kkEcDKH.exe
  C:\Windows\System\kkEcDKH.exe
  2⤵
  PID:7664
- C:\Windows\System\DOajFdK.exe
  C:\Windows\System\DOajFdK.exe
  2⤵
  PID:7680
- C:\Windows\System\tHcONqR.exe
  C:\Windows\System\tHcONqR.exe
  2⤵
  PID:7696
- C:\Windows\System\sekrHHb.exe
  C:\Windows\System\sekrHHb.exe
  2⤵
  PID:7712
- C:\Windows\System\XuVeUYi.exe
  C:\Windows\System\XuVeUYi.exe
  2⤵
  PID:7728
- C:\Windows\System\jUpQJzX.exe
  C:\Windows\System\jUpQJzX.exe
  2⤵
  PID:7744
- C:\Windows\System\ZMJKjzT.exe
  C:\Windows\System\ZMJKjzT.exe
  2⤵
  PID:7760
- C:\Windows\System\TiDqDls.exe
  C:\Windows\System\TiDqDls.exe
  2⤵
  PID:7776
- C:\Windows\System\HmwxwcS.exe
  C:\Windows\System\HmwxwcS.exe
  2⤵
  PID:7792
- C:\Windows\System\wmRsIzv.exe
  C:\Windows\System\wmRsIzv.exe
  2⤵
  PID:7808
- C:\Windows\System\pnnIOWF.exe
  C:\Windows\System\pnnIOWF.exe
  2⤵
  PID:7824
- C:\Windows\System\NhvnGub.exe
  C:\Windows\System\NhvnGub.exe
  2⤵
  PID:7848
- C:\Windows\System\RrEFBQW.exe
  C:\Windows\System\RrEFBQW.exe
  2⤵
  PID:7864
- C:\Windows\System\BwafbnF.exe
  C:\Windows\System\BwafbnF.exe
  2⤵
  PID:7880
- C:\Windows\System\QhBpzii.exe
  C:\Windows\System\QhBpzii.exe
  2⤵
  PID:7896
- C:\Windows\System\YvprqYv.exe
  C:\Windows\System\YvprqYv.exe
  2⤵
  PID:7912
- C:\Windows\System\ONNJvUZ.exe
  C:\Windows\System\ONNJvUZ.exe
  2⤵
  PID:7928
- C:\Windows\System\XgSAODw.exe
  C:\Windows\System\XgSAODw.exe
  2⤵
  PID:7944
- C:\Windows\System\FTWvlgq.exe
  C:\Windows\System\FTWvlgq.exe
  2⤵
  PID:7964
- C:\Windows\System\PJRESXL.exe
  C:\Windows\System\PJRESXL.exe
  2⤵
  PID:7988
- C:\Windows\System\bTbhQgi.exe
  C:\Windows\System\bTbhQgi.exe
  2⤵
  PID:8004
- C:\Windows\System\wHikJTK.exe
  C:\Windows\System\wHikJTK.exe
  2⤵
  PID:8020
- C:\Windows\System\qcIvQoZ.exe
  C:\Windows\System\qcIvQoZ.exe
  2⤵
  PID:8036
- C:\Windows\System\uZGpouw.exe
  C:\Windows\System\uZGpouw.exe
  2⤵
  PID:8052
- C:\Windows\System\fewupeK.exe
  C:\Windows\System\fewupeK.exe
  2⤵
  PID:8068
- C:\Windows\System\mCWmnJt.exe
  C:\Windows\System\mCWmnJt.exe
  2⤵
  PID:8092
- C:\Windows\System\HfoKLlA.exe
  C:\Windows\System\HfoKLlA.exe
  2⤵
  PID:8112
- C:\Windows\System\qxWNOfX.exe
  C:\Windows\System\qxWNOfX.exe
  2⤵
  PID:8132
- C:\Windows\System\pdTxuWU.exe
  C:\Windows\System\pdTxuWU.exe
  2⤵
  PID:8148
- C:\Windows\System\EtcjcET.exe
  C:\Windows\System\EtcjcET.exe
  2⤵
  PID:8164
- C:\Windows\System\jRPwFRy.exe
  C:\Windows\System\jRPwFRy.exe
  2⤵
  PID:8184
- C:\Windows\System\SNevoml.exe
  C:\Windows\System\SNevoml.exe
  2⤵
  PID:6848
- C:\Windows\System\HyWsWyT.exe
  C:\Windows\System\HyWsWyT.exe
  2⤵
  PID:6652
- C:\Windows\System\eLJuRja.exe
  C:\Windows\System\eLJuRja.exe
  2⤵
  PID:6488
- C:\Windows\System\QcsSJWd.exe
  C:\Windows\System\QcsSJWd.exe
  2⤵
  PID:6512
- C:\Windows\System\vAlceYW.exe
  C:\Windows\System\vAlceYW.exe
  2⤵
  PID:6992
- C:\Windows\System\vapefgw.exe
  C:\Windows\System\vapefgw.exe
  2⤵
  PID:5124
- C:\Windows\System\JgJLxMX.exe
  C:\Windows\System\JgJLxMX.exe
  2⤵
  PID:7228
- C:\Windows\System\xcWdZCQ.exe
  C:\Windows\System\xcWdZCQ.exe
  2⤵
  PID:7280
- C:\Windows\System\qpIlyXS.exe
  C:\Windows\System\qpIlyXS.exe
  2⤵
  PID:7316
- C:\Windows\System\cXYHFGv.exe
  C:\Windows\System\cXYHFGv.exe
  2⤵
  PID:7332
- C:\Windows\System\ZuqFjLD.exe
  C:\Windows\System\ZuqFjLD.exe
  2⤵
  PID:7368
- C:\Windows\System\XSxAUvh.exe
  C:\Windows\System\XSxAUvh.exe
  2⤵
  PID:7440
- C:\Windows\System\whyjaIb.exe
  C:\Windows\System\whyjaIb.exe
  2⤵
  PID:7508
- C:\Windows\System\BQVTdTV.exe
  C:\Windows\System\BQVTdTV.exe
  2⤵
  PID:7572
- C:\Windows\System\mgamxhX.exe
  C:\Windows\System\mgamxhX.exe
  2⤵
  PID:7612
- C:\Windows\System\RqsLrNb.exe
  C:\Windows\System\RqsLrNb.exe
  2⤵
  PID:7460
- C:\Windows\System\hAhbfIV.exe
  C:\Windows\System\hAhbfIV.exe
  2⤵
  PID:7588
- C:\Windows\System\rAkdXbg.exe
  C:\Windows\System\rAkdXbg.exe
  2⤵
  PID:7860
- C:\Windows\System\MTtIHht.exe
  C:\Windows\System\MTtIHht.exe
  2⤵
  PID:7704
- C:\Windows\System\ouDhFlN.exe
  C:\Windows\System\ouDhFlN.exe
  2⤵
  PID:7800
- C:\Windows\System\JCIHIBJ.exe
  C:\Windows\System\JCIHIBJ.exe
  2⤵
  PID:7836
- C:\Windows\System\ZgLvJAU.exe
  C:\Windows\System\ZgLvJAU.exe
  2⤵
  PID:7892
- C:\Windows\System\LYYFGjS.exe
  C:\Windows\System\LYYFGjS.exe
  2⤵
  PID:7952
- C:\Windows\System\sXGUXDZ.exe
  C:\Windows\System\sXGUXDZ.exe
  2⤵
  PID:7972
- C:\Windows\System\nwtkcAC.exe
  C:\Windows\System\nwtkcAC.exe
  2⤵
  PID:7996
- C:\Windows\System\GvqJRGv.exe
  C:\Windows\System\GvqJRGv.exe
  2⤵
  PID:8028
- C:\Windows\System\kOnmfrb.exe
  C:\Windows\System\kOnmfrb.exe
  2⤵
  PID:8108
- C:\Windows\System\VuYbVfS.exe
  C:\Windows\System\VuYbVfS.exe
  2⤵
  PID:8124
- C:\Windows\System\GdqvXzI.exe
  C:\Windows\System\GdqvXzI.exe
  2⤵
  PID:8144
- C:\Windows\System\iMFKqBG.exe
  C:\Windows\System\iMFKqBG.exe
  2⤵
  PID:7244
- C:\Windows\System\LJQCcIh.exe
  C:\Windows\System\LJQCcIh.exe
  2⤵
  PID:6628
- C:\Windows\System\LsAiAwb.exe
  C:\Windows\System\LsAiAwb.exe
  2⤵
  PID:6708
- C:\Windows\System\VYmhuuc.exe
  C:\Windows\System\VYmhuuc.exe
  2⤵
  PID:6828
- C:\Windows\System\MLzAYVO.exe
  C:\Windows\System\MLzAYVO.exe
  2⤵
  PID:7308
- C:\Windows\System\PDkaeEo.exe
  C:\Windows\System\PDkaeEo.exe
  2⤵
  PID:7264
- C:\Windows\System\rkmjgqz.exe
  C:\Windows\System\rkmjgqz.exe
  2⤵
  PID:7436
- C:\Windows\System\JBrvftt.exe
  C:\Windows\System\JBrvftt.exe
  2⤵
  PID:7544
- C:\Windows\System\cCNLCqE.exe
  C:\Windows\System\cCNLCqE.exe
  2⤵
  PID:7300
- C:\Windows\System\EMtcYmm.exe
  C:\Windows\System\EMtcYmm.exe
  2⤵
  PID:7352
- C:\Windows\System\ccQNwtg.exe
  C:\Windows\System\ccQNwtg.exe
  2⤵
  PID:7608
- C:\Windows\System\JwcowMp.exe
  C:\Windows\System\JwcowMp.exe
  2⤵
  PID:6392
- C:\Windows\System\nQglYhE.exe
  C:\Windows\System\nQglYhE.exe
  2⤵
  PID:7720
- C:\Windows\System\LFHGqrG.exe
  C:\Windows\System\LFHGqrG.exe
  2⤵
  PID:7784
- C:\Windows\System\PlNAlmY.exe
  C:\Windows\System\PlNAlmY.exe
  2⤵
  PID:7620
- C:\Windows\System\ONrBhPj.exe
  C:\Windows\System\ONrBhPj.exe
  2⤵
  PID:7420
- C:\Windows\System\YqHvyHL.exe
  C:\Windows\System\YqHvyHL.exe
  2⤵
  PID:7768
- C:\Windows\System\KLdNGjB.exe
  C:\Windows\System\KLdNGjB.exe
  2⤵
  PID:7456
- C:\Windows\System\MxTuUHD.exe
  C:\Windows\System\MxTuUHD.exe
  2⤵
  PID:7844
- C:\Windows\System\bFaUscp.exe
  C:\Windows\System\bFaUscp.exe
  2⤵
  PID:7984
- C:\Windows\System\QUlGJvs.exe
  C:\Windows\System\QUlGJvs.exe
  2⤵
  PID:7856
- C:\Windows\System\tfQQstE.exe
  C:\Windows\System\tfQQstE.exe
  2⤵
  PID:7740
- C:\Windows\System\eOdyFrE.exe
  C:\Windows\System\eOdyFrE.exe
  2⤵
  PID:7924
- C:\Windows\System\wMeeVCC.exe
  C:\Windows\System\wMeeVCC.exe
  2⤵
  PID:8128
- C:\Windows\System\eIIMsbz.exe
  C:\Windows\System\eIIMsbz.exe
  2⤵
  PID:7172
- C:\Windows\System\ZvARgCa.exe
  C:\Windows\System\ZvARgCa.exe
  2⤵
  PID:6712
- C:\Windows\System\LTTfNJd.exe
  C:\Windows\System\LTTfNJd.exe
  2⤵
  PID:7284
- C:\Windows\System\VbVlpVz.exe
  C:\Windows\System\VbVlpVz.exe
  2⤵
  PID:6664
- C:\Windows\System\yFCbMwE.exe
  C:\Windows\System\yFCbMwE.exe
  2⤵
  PID:7540
- C:\Windows\System\ueGHJit.exe
  C:\Windows\System\ueGHJit.exe
  2⤵
  PID:7340
- C:\Windows\System\gundbTm.exe
  C:\Windows\System\gundbTm.exe
  2⤵
  PID:7396
- C:\Windows\System\QrBqwzJ.exe
  C:\Windows\System\QrBqwzJ.exe
  2⤵
  PID:6412
- C:\Windows\System\gizDVYt.exe
  C:\Windows\System\gizDVYt.exe
  2⤵
  PID:7688
- C:\Windows\System\APUgVGu.exe
  C:\Windows\System\APUgVGu.exe
  2⤵
  PID:7788
- C:\Windows\System\gcrrmkt.exe
  C:\Windows\System\gcrrmkt.exe
  2⤵
  PID:7492
- C:\Windows\System\MwvqPYD.exe
  C:\Windows\System\MwvqPYD.exe
  2⤵
  PID:7908
- C:\Windows\System\uyxTjLw.exe
  C:\Windows\System\uyxTjLw.exe
  2⤵
  PID:7832
- C:\Windows\System\wTtIVGL.exe
  C:\Windows\System\wTtIVGL.exe
  2⤵
  PID:8060
- C:\Windows\System\WPObKGe.exe
  C:\Windows\System\WPObKGe.exe
  2⤵
  PID:7980
- C:\Windows\System\ueuOJfM.exe
  C:\Windows\System\ueuOJfM.exe
  2⤵
  PID:8048
- C:\Windows\System\GixhJca.exe
  C:\Windows\System\GixhJca.exe
  2⤵
  PID:8204
- C:\Windows\System\oRECEdL.exe
  C:\Windows\System\oRECEdL.exe
  2⤵
  PID:8220
- C:\Windows\System\icTuVoM.exe
  C:\Windows\System\icTuVoM.exe
  2⤵
  PID:8236
- C:\Windows\System\shxIFcx.exe
  C:\Windows\System\shxIFcx.exe
  2⤵
  PID:8252
- C:\Windows\System\htSIovA.exe
  C:\Windows\System\htSIovA.exe
  2⤵
  PID:8268
- C:\Windows\System\zarTKVj.exe
  C:\Windows\System\zarTKVj.exe
  2⤵
  PID:8284
- C:\Windows\System\gxOrbgU.exe
  C:\Windows\System\gxOrbgU.exe
  2⤵
  PID:8300
- C:\Windows\System\UaWBCIl.exe
  C:\Windows\System\UaWBCIl.exe
  2⤵
  PID:8316
- C:\Windows\System\FBRizmE.exe
  C:\Windows\System\FBRizmE.exe
  2⤵
  PID:8332
- C:\Windows\System\zJKAqwx.exe
  C:\Windows\System\zJKAqwx.exe
  2⤵
  PID:8352
- C:\Windows\System\FsSsFdp.exe
  C:\Windows\System\FsSsFdp.exe
  2⤵
  PID:8368
- C:\Windows\System\umhrFJf.exe
  C:\Windows\System\umhrFJf.exe
  2⤵
  PID:8384
- C:\Windows\System\BQZhVow.exe
  C:\Windows\System\BQZhVow.exe
  2⤵
  PID:8400
- C:\Windows\System\cVhenQp.exe
  C:\Windows\System\cVhenQp.exe
  2⤵
  PID:8416
- C:\Windows\System\OXfmbHq.exe
  C:\Windows\System\OXfmbHq.exe
  2⤵
  PID:8432
- C:\Windows\System\vZQTpVA.exe
  C:\Windows\System\vZQTpVA.exe
  2⤵
  PID:8448
- C:\Windows\System\aansANF.exe
  C:\Windows\System\aansANF.exe
  2⤵
  PID:8464
- C:\Windows\System\CoJMorG.exe
  C:\Windows\System\CoJMorG.exe
  2⤵
  PID:8480
- C:\Windows\System\btwpjds.exe
  C:\Windows\System\btwpjds.exe
  2⤵
  PID:8496
- C:\Windows\System\mjqJvnL.exe
  C:\Windows\System\mjqJvnL.exe
  2⤵
  PID:8516
- C:\Windows\System\fVmlyYk.exe
  C:\Windows\System\fVmlyYk.exe
  2⤵
  PID:8532
- C:\Windows\System\rbICZPA.exe
  C:\Windows\System\rbICZPA.exe
  2⤵
  PID:8548
- C:\Windows\System\wVJwpCU.exe
  C:\Windows\System\wVJwpCU.exe
  2⤵
  PID:8564
- C:\Windows\System\zAdgmhb.exe
  C:\Windows\System\zAdgmhb.exe
  2⤵
  PID:8580
- C:\Windows\System\CcecaPJ.exe
  C:\Windows\System\CcecaPJ.exe
  2⤵
  PID:8596
- C:\Windows\System\YFFoKCL.exe
  C:\Windows\System\YFFoKCL.exe
  2⤵
  PID:8612
- C:\Windows\System\ccVqGij.exe
  C:\Windows\System\ccVqGij.exe
  2⤵
  PID:8628
- C:\Windows\System\lKSjZdq.exe
  C:\Windows\System\lKSjZdq.exe
  2⤵
  PID:8644
- C:\Windows\System\WUPjKRz.exe
  C:\Windows\System\WUPjKRz.exe
  2⤵
  PID:8660
- C:\Windows\System\vmTOYEd.exe
  C:\Windows\System\vmTOYEd.exe
  2⤵
  PID:8676
- C:\Windows\System\iBuMKGl.exe
  C:\Windows\System\iBuMKGl.exe
  2⤵
  PID:8692
- C:\Windows\System\hLvGoIS.exe
  C:\Windows\System\hLvGoIS.exe
  2⤵
  PID:8708
- C:\Windows\System\uWcdAmy.exe
  C:\Windows\System\uWcdAmy.exe
  2⤵
  PID:8724
- C:\Windows\System\mVayXUB.exe
  C:\Windows\System\mVayXUB.exe
  2⤵
  PID:8740
- C:\Windows\System\iDsICgb.exe
  C:\Windows\System\iDsICgb.exe
  2⤵
  PID:8756
- C:\Windows\System\jeKIUpC.exe
  C:\Windows\System\jeKIUpC.exe
  2⤵
  PID:8772
- C:\Windows\System\qBVphKv.exe
  C:\Windows\System\qBVphKv.exe
  2⤵
  PID:8792
- C:\Windows\System\dCggWWv.exe
  C:\Windows\System\dCggWWv.exe
  2⤵
  PID:8808
- C:\Windows\System\HbdKTZs.exe
  C:\Windows\System\HbdKTZs.exe
  2⤵
  PID:8832
- C:\Windows\System\uojyZhG.exe
  C:\Windows\System\uojyZhG.exe
  2⤵
  PID:8864
- C:\Windows\System\RhXfCat.exe
  C:\Windows\System\RhXfCat.exe
  2⤵
  PID:8892
- C:\Windows\System\NzWMJSN.exe
  C:\Windows\System\NzWMJSN.exe
  2⤵
  PID:8960
- C:\Windows\System\ERtGXhK.exe
  C:\Windows\System\ERtGXhK.exe
  2⤵
  PID:9024
- C:\Windows\System\rDsXZXw.exe
  C:\Windows\System\rDsXZXw.exe
  2⤵
  PID:9060
- C:\Windows\System\BZaSMeg.exe
  C:\Windows\System\BZaSMeg.exe
  2⤵
  PID:9120
- C:\Windows\System\jFqbCcD.exe
  C:\Windows\System\jFqbCcD.exe
  2⤵
  PID:9200
- C:\Windows\System\sJubRpO.exe
  C:\Windows\System\sJubRpO.exe
  2⤵
  PID:7304
- C:\Windows\System\IXIXAeL.exe
  C:\Windows\System\IXIXAeL.exe
  2⤵
  PID:7708
- C:\Windows\System\qhbYGNs.exe
  C:\Windows\System\qhbYGNs.exe
  2⤵
  PID:8196
- C:\Windows\System\DrAjuIr.exe
  C:\Windows\System\DrAjuIr.exe
  2⤵
  PID:8292
- C:\Windows\System\bsHyHLf.exe
  C:\Windows\System\bsHyHLf.exe
  2⤵
  PID:8360
- C:\Windows\System\lJTiRDp.exe
  C:\Windows\System\lJTiRDp.exe
  2⤵
  PID:8456
- C:\Windows\System\xHdJMuJ.exe
  C:\Windows\System\xHdJMuJ.exe
  2⤵
  PID:8460
- C:\Windows\System\QdTIIsA.exe
  C:\Windows\System\QdTIIsA.exe
  2⤵
  PID:7940
- C:\Windows\System\qxntKbE.exe
  C:\Windows\System\qxntKbE.exe
  2⤵
  PID:7188
- C:\Windows\System\FwtGUTp.exe
  C:\Windows\System\FwtGUTp.exe
  2⤵
  PID:8212
- C:\Windows\System\UARCKtC.exe
  C:\Windows\System\UARCKtC.exe
  2⤵
  PID:8308
- C:\Windows\System\NNPydkW.exe
  C:\Windows\System\NNPydkW.exe
  2⤵
  PID:8140
- C:\Windows\System\kIASgkx.exe
  C:\Windows\System\kIASgkx.exe
  2⤵
  PID:7424
- C:\Windows\System\mreXdhY.exe
  C:\Windows\System\mreXdhY.exe
  2⤵
  PID:8248
- C:\Windows\System\wBgmqRC.exe
  C:\Windows\System\wBgmqRC.exe
  2⤵
  PID:8348
- C:\Windows\System\JexdVDK.exe
  C:\Windows\System\JexdVDK.exe
  2⤵
  PID:8412
- C:\Windows\System\SqbWuBi.exe
  C:\Windows\System\SqbWuBi.exe
  2⤵
  PID:8504
- C:\Windows\System\cTscBlj.exe
  C:\Windows\System\cTscBlj.exe
  2⤵
  PID:8556
- C:\Windows\System\PeWeDhY.exe
  C:\Windows\System\PeWeDhY.exe
  2⤵
  PID:8592
- C:\Windows\System\BaRHHAe.exe
  C:\Windows\System\BaRHHAe.exe
  2⤵
  PID:8576
- C:\Windows\System\NiNjRna.exe
  C:\Windows\System\NiNjRna.exe
  2⤵
  PID:7088
- C:\Windows\System\DmhlfJU.exe
  C:\Windows\System\DmhlfJU.exe
  2⤵
  PID:8700
- C:\Windows\System\SxVGglS.exe
  C:\Windows\System\SxVGglS.exe
  2⤵
  PID:8784
- C:\Windows\System\osRxqXN.exe
  C:\Windows\System\osRxqXN.exe
  2⤵
  PID:8840
- C:\Windows\System\CAlcFow.exe
  C:\Windows\System\CAlcFow.exe
  2⤵
  PID:8872
- C:\Windows\System\QyeqTkI.exe
  C:\Windows\System\QyeqTkI.exe
  2⤵
  PID:8900
- C:\Windows\System\jPmvpHo.exe
  C:\Windows\System\jPmvpHo.exe
  2⤵
  PID:8916
- C:\Windows\System\Gkwcybn.exe
  C:\Windows\System\Gkwcybn.exe
  2⤵
  PID:8932
- C:\Windows\System\oIvoQAN.exe
  C:\Windows\System\oIvoQAN.exe
  2⤵
  PID:8948
- C:\Windows\System\dEHwZie.exe
  C:\Windows\System\dEHwZie.exe
  2⤵
  PID:8980
- C:\Windows\System\WGtVpGa.exe
  C:\Windows\System\WGtVpGa.exe
  2⤵
  PID:9032
- C:\Windows\System\DzCnUPD.exe
  C:\Windows\System\DzCnUPD.exe
  2⤵
  PID:9000
- C:\Windows\System\UEKoEQe.exe
  C:\Windows\System\UEKoEQe.exe
  2⤵
  PID:9020
- C:\Windows\System\BejmbxM.exe
  C:\Windows\System\BejmbxM.exe
  2⤵
  PID:9036
- C:\Windows\System\RrNjKEe.exe
  C:\Windows\System\RrNjKEe.exe
  2⤵
  PID:9084
- C:\Windows\System\vIAhpmD.exe
  C:\Windows\System\vIAhpmD.exe
  2⤵
  PID:9104
- C:\Windows\System\glZKQHt.exe
  C:\Windows\System\glZKQHt.exe
  2⤵
  PID:9148
- C:\Windows\System\zAJzgsj.exe
  C:\Windows\System\zAJzgsj.exe
  2⤵
  PID:9152
- C:\Windows\System\PGfwADf.exe
  C:\Windows\System\PGfwADf.exe
  2⤵
  PID:9164
- C:\Windows\System\xfojVHo.exe
  C:\Windows\System\xfojVHo.exe
  2⤵
  PID:9116
- C:\Windows\System\xRZDAUz.exe
  C:\Windows\System\xRZDAUz.exe
  2⤵
  PID:9196
- C:\Windows\System\kOlMGUx.exe
  C:\Windows\System\kOlMGUx.exe
  2⤵
  PID:7328
- C:\Windows\System\WYtMVDp.exe
  C:\Windows\System\WYtMVDp.exe
  2⤵
  PID:7556
- C:\Windows\System\WZxPwTN.exe
  C:\Windows\System\WZxPwTN.exe
  2⤵
  PID:8260
- C:\Windows\System\gmGRAss.exe
  C:\Windows\System\gmGRAss.exe
  2⤵
  PID:8424
- C:\Windows\System\CiAnynX.exe
  C:\Windows\System\CiAnynX.exe
  2⤵
  PID:8528
- C:\Windows\System\ooSyNtH.exe
  C:\Windows\System\ooSyNtH.exe
  2⤵
  PID:8340
- C:\Windows\System\ikZZUBr.exe
  C:\Windows\System\ikZZUBr.exe
  2⤵
  PID:8084
- C:\Windows\System\aLsoEfM.exe
  C:\Windows\System\aLsoEfM.exe
  2⤵
  PID:8588
- C:\Windows\System\dfGWjrN.exe
  C:\Windows\System\dfGWjrN.exe
  2⤵
  PID:8732
- C:\Windows\System\RvIsxxo.exe
  C:\Windows\System\RvIsxxo.exe
  2⤵
  PID:8768
- C:\Windows\System\tHupdMs.exe
  C:\Windows\System\tHupdMs.exe
  2⤵
  PID:7632
- C:\Windows\System\LQDPGvN.exe
  C:\Windows\System\LQDPGvN.exe
  2⤵
  PID:8508
- C:\Windows\System\HteysND.exe
  C:\Windows\System\HteysND.exe
  2⤵
  PID:8716
- C:\Windows\System\sReAoMB.exe
  C:\Windows\System\sReAoMB.exe
  2⤵
  PID:9040
- C:\Windows\System\KhCxefy.exe
  C:\Windows\System\KhCxefy.exe
  2⤵
  PID:9096
- C:\Windows\System\gevdQev.exe
  C:\Windows\System\gevdQev.exe
  2⤵
  PID:9012
- C:\Windows\System\dJgPuYz.exe
  C:\Windows\System\dJgPuYz.exe
  2⤵
  PID:8704
- C:\Windows\System\jWCBAqu.exe
  C:\Windows\System\jWCBAqu.exe
  2⤵
  PID:9212
- C:\Windows\System\QfZBXzF.exe
  C:\Windows\System\QfZBXzF.exe
  2⤵
  PID:9160
- C:\Windows\System\irumPHb.exe
  C:\Windows\System\irumPHb.exe
  2⤵
  PID:9184
- C:\Windows\System\cxpHVdm.exe
  C:\Windows\System\cxpHVdm.exe
  2⤵
  PID:7348
- C:\Windows\System\GQORlGz.exe
  C:\Windows\System\GQORlGz.exe
  2⤵
  PID:8544
- C:\Windows\System\jGVKiks.exe
  C:\Windows\System\jGVKiks.exe
  2⤵
  PID:9048
- C:\Windows\System\zlmeohp.exe
  C:\Windows\System\zlmeohp.exe
  2⤵
  PID:9092
- C:\Windows\System\rIuQxiC.exe
  C:\Windows\System\rIuQxiC.exe
  2⤵
  PID:8804
- C:\Windows\System\zLwqguN.exe
  C:\Windows\System\zLwqguN.exe
  2⤵
  PID:8860
- C:\Windows\System\CoWrrAj.exe
  C:\Windows\System\CoWrrAj.exe
  2⤵
  PID:8908
- C:\Windows\System\GIesnxb.exe
  C:\Windows\System\GIesnxb.exe
  2⤵
  PID:9056
- C:\Windows\System\PQfiArg.exe
  C:\Windows\System\PQfiArg.exe
  2⤵
  PID:7560
- C:\Windows\System\uTEuxdL.exe
  C:\Windows\System\uTEuxdL.exe
  2⤵
  PID:8016
- C:\Windows\System\OmQMQTs.exe
  C:\Windows\System\OmQMQTs.exe
  2⤵
  PID:8492
- C:\Windows\System\FqGKdOb.exe
  C:\Windows\System\FqGKdOb.exe
  2⤵
  PID:8044
- C:\Windows\System\MPMOMPz.exe
  C:\Windows\System\MPMOMPz.exe
  2⤵
  PID:8652
- C:\Windows\System\FztPbYY.exe
  C:\Windows\System\FztPbYY.exe
  2⤵
  PID:8848
- C:\Windows\System\UznXlki.exe
  C:\Windows\System\UznXlki.exe
  2⤵
  PID:8968
- C:\Windows\System\DohVngw.exe
  C:\Windows\System\DohVngw.exe
  2⤵
  PID:9044
- C:\Windows\System\evIlKRC.exe
  C:\Windows\System\evIlKRC.exe
  2⤵
  PID:9140
- C:\Windows\System\mCkFtsi.exe
  C:\Windows\System\mCkFtsi.exe
  2⤵
  PID:9232
- C:\Windows\System\ZjeSXQE.exe
  C:\Windows\System\ZjeSXQE.exe
  2⤵
  PID:9252
- C:\Windows\System\qSOqIue.exe
  C:\Windows\System\qSOqIue.exe
  2⤵
  PID:9268
- C:\Windows\System\NnWdOBx.exe
  C:\Windows\System\NnWdOBx.exe
  2⤵
  PID:9288
- C:\Windows\System\IsSYnmi.exe
  C:\Windows\System\IsSYnmi.exe
  2⤵
  PID:9308
- C:\Windows\System\SUDVcJB.exe
  C:\Windows\System\SUDVcJB.exe
  2⤵
  PID:9324
- C:\Windows\System\EqzQvTb.exe
  C:\Windows\System\EqzQvTb.exe
  2⤵
  PID:9464
- C:\Windows\System\AvezUAv.exe
  C:\Windows\System\AvezUAv.exe
  2⤵
  PID:9496
- C:\Windows\System\pIMalvz.exe
  C:\Windows\System\pIMalvz.exe
  2⤵
  PID:9512
- C:\Windows\System\xNvSDux.exe
  C:\Windows\System\xNvSDux.exe
  2⤵
  PID:9528
- C:\Windows\System\FDWaWDL.exe
  C:\Windows\System\FDWaWDL.exe
  2⤵
  PID:9544
- C:\Windows\System\OtznIxK.exe
  C:\Windows\System\OtznIxK.exe
  2⤵
  PID:9560
- C:\Windows\System\ZdulRDP.exe
  C:\Windows\System\ZdulRDP.exe
  2⤵
  PID:9580
- C:\Windows\System\OWYWqfZ.exe
  C:\Windows\System\OWYWqfZ.exe
  2⤵
  PID:9596
- C:\Windows\System\CHREVtj.exe
  C:\Windows\System\CHREVtj.exe
  2⤵
  PID:9612
- C:\Windows\System\ZvTDhNF.exe
  C:\Windows\System\ZvTDhNF.exe
  2⤵
  PID:9628
- C:\Windows\System\SXmMmsy.exe
  C:\Windows\System\SXmMmsy.exe
  2⤵
  PID:9648
- C:\Windows\System\dbKMOfb.exe
  C:\Windows\System\dbKMOfb.exe
  2⤵
  PID:9664
- C:\Windows\System\ATjPlMS.exe
  C:\Windows\System\ATjPlMS.exe
  2⤵
  PID:9680
- C:\Windows\System\qjXZaWK.exe
  C:\Windows\System\qjXZaWK.exe
  2⤵
  PID:9696
- C:\Windows\System\oeJcDLn.exe
  C:\Windows\System\oeJcDLn.exe
  2⤵
  PID:9712
- C:\Windows\System\xJlMCgn.exe
  C:\Windows\System\xJlMCgn.exe
  2⤵
  PID:9728
- C:\Windows\System\RMzKaKI.exe
  C:\Windows\System\RMzKaKI.exe
  2⤵
  PID:9744
- C:\Windows\System\BteXlAh.exe
  C:\Windows\System\BteXlAh.exe
  2⤵
  PID:9760
- C:\Windows\System\bREmUiw.exe
  C:\Windows\System\bREmUiw.exe
  2⤵
  PID:9776
- C:\Windows\System\vOxjJYB.exe
  C:\Windows\System\vOxjJYB.exe
  2⤵
  PID:9792
- C:\Windows\System\KKGTxQN.exe
  C:\Windows\System\KKGTxQN.exe
  2⤵
  PID:9808
- C:\Windows\System\PyMUvjk.exe
  C:\Windows\System\PyMUvjk.exe
  2⤵
  PID:9848
- C:\Windows\System\shvOjdA.exe
  C:\Windows\System\shvOjdA.exe
  2⤵
  PID:9864
- C:\Windows\System\JqHwBvn.exe
  C:\Windows\System\JqHwBvn.exe
  2⤵
  PID:9880
- C:\Windows\System\fPDLwuE.exe
  C:\Windows\System\fPDLwuE.exe
  2⤵
  PID:9904
- C:\Windows\System\oWBAHsl.exe
  C:\Windows\System\oWBAHsl.exe
  2⤵
  PID:9944
- C:\Windows\System\djWEiVw.exe
  C:\Windows\System\djWEiVw.exe
  2⤵
  PID:9960
- C:\Windows\System\wVkwwWg.exe
  C:\Windows\System\wVkwwWg.exe
  2⤵
  PID:9976
- C:\Windows\System\nFApEYm.exe
  C:\Windows\System\nFApEYm.exe
  2⤵
  PID:9992
- C:\Windows\System\biKpOTZ.exe
  C:\Windows\System\biKpOTZ.exe
  2⤵
  PID:10008
- C:\Windows\System\dIbNVPe.exe
  C:\Windows\System\dIbNVPe.exe
  2⤵
  PID:10024
- C:\Windows\System\thEurXw.exe
  C:\Windows\System\thEurXw.exe
  2⤵
  PID:10040
- C:\Windows\System\QgLhezd.exe
  C:\Windows\System\QgLhezd.exe
  2⤵
  PID:10060
- C:\Windows\System\UogpfjA.exe
  C:\Windows\System\UogpfjA.exe
  2⤵
  PID:10084
- C:\Windows\System\NjTKMix.exe
  C:\Windows\System\NjTKMix.exe
  2⤵
  PID:10100
- C:\Windows\System\SfkWEAT.exe
  C:\Windows\System\SfkWEAT.exe
  2⤵
  PID:10116
- C:\Windows\System\qyTuRGj.exe
  C:\Windows\System\qyTuRGj.exe
  2⤵
  PID:10132
- C:\Windows\System\DFsERXu.exe
  C:\Windows\System\DFsERXu.exe
  2⤵
  PID:10148
- C:\Windows\System\qSTguyH.exe
  C:\Windows\System\qSTguyH.exe
  2⤵
  PID:10164
- C:\Windows\System\wgWcTbJ.exe
  C:\Windows\System\wgWcTbJ.exe
  2⤵
  PID:10180
- C:\Windows\System\cTEZnyq.exe
  C:\Windows\System\cTEZnyq.exe
  2⤵
  PID:10196
- C:\Windows\System\LooxxKl.exe
  C:\Windows\System\LooxxKl.exe
  2⤵
  PID:10212
- C:\Windows\System\ePXFObc.exe
  C:\Windows\System\ePXFObc.exe
  2⤵
  PID:10232
- C:\Windows\System\LtjBalk.exe
  C:\Windows\System\LtjBalk.exe
  2⤵
  PID:8944
- C:\Windows\System\PCEjfoz.exe
  C:\Windows\System\PCEjfoz.exe
  2⤵
  PID:8972
- C:\Windows\System\JDkJbvE.exe
  C:\Windows\System\JDkJbvE.exe
  2⤵
  PID:8076
- C:\Windows\System\lyYiAmK.exe
  C:\Windows\System\lyYiAmK.exe
  2⤵
  PID:9208
- C:\Windows\System\TFiFGWL.exe
  C:\Windows\System\TFiFGWL.exe
  2⤵
  PID:8408
- C:\Windows\System\FXibEoh.exe
  C:\Windows\System\FXibEoh.exe
  2⤵
  PID:9260
- C:\Windows\System\psdqDWs.exe
  C:\Windows\System\psdqDWs.exe
  2⤵
  PID:7724
- C:\Windows\System\reDuOFD.exe
  C:\Windows\System\reDuOFD.exe
  2⤵
  PID:9080
- C:\Windows\System\LWFsVWf.exe
  C:\Windows\System\LWFsVWf.exe
  2⤵
  PID:9176
- C:\Windows\System\ZrqWiLa.exe
  C:\Windows\System\ZrqWiLa.exe
  2⤵
  PID:9180
- C:\Windows\System\rUMmWRM.exe
  C:\Windows\System\rUMmWRM.exe
  2⤵
  PID:8996
- C:\Windows\System\nqnFPiR.exe
  C:\Windows\System\nqnFPiR.exe
  2⤵
  PID:9276
- C:\Windows\System\QSSNvfD.exe
  C:\Windows\System\QSSNvfD.exe
  2⤵
  PID:9320
- C:\Windows\System\mCSAzxU.exe
  C:\Windows\System\mCSAzxU.exe
  2⤵
  PID:9332
- C:\Windows\System\aHzaOrc.exe
  C:\Windows\System\aHzaOrc.exe
  2⤵
  PID:9356
- C:\Windows\System\CuofOXZ.exe
  C:\Windows\System\CuofOXZ.exe
  2⤵
  PID:9372
- C:\Windows\System\RXXWOhE.exe
  C:\Windows\System\RXXWOhE.exe
  2⤵
  PID:9420
- C:\Windows\System\czEcyVb.exe
  C:\Windows\System\czEcyVb.exe
  2⤵
  PID:9440
- C:\Windows\System\VdgOYhJ.exe
  C:\Windows\System\VdgOYhJ.exe
  2⤵
  PID:9392
- C:\Windows\System\DFEcaNU.exe
  C:\Windows\System\DFEcaNU.exe
  2⤵
  PID:9428
- C:\Windows\System\RuUptSp.exe
  C:\Windows\System\RuUptSp.exe
  2⤵
  PID:9472
- C:\Windows\System\OuwIuXm.exe
  C:\Windows\System\OuwIuXm.exe
  2⤵
  PID:9524
- C:\Windows\System\xotnIie.exe
  C:\Windows\System\xotnIie.exe
  2⤵
  PID:9592
- C:\Windows\System\EuHDzyq.exe
  C:\Windows\System\EuHDzyq.exe
  2⤵
  PID:9540
- C:\Windows\System\sEtqpdf.exe
  C:\Windows\System\sEtqpdf.exe
  2⤵
  PID:9576
- C:\Windows\System\enmmOIz.exe
  C:\Windows\System\enmmOIz.exe
  2⤵
  PID:9656
- C:\Windows\System\oyEPHGS.exe
  C:\Windows\System\oyEPHGS.exe
  2⤵
  PID:9688
- C:\Windows\System\ctYBFKi.exe
  C:\Windows\System\ctYBFKi.exe
  2⤵
  PID:9720
- C:\Windows\System\TKXBUPv.exe
  C:\Windows\System\TKXBUPv.exe
  2⤵
  PID:8668
- C:\Windows\System\QBnDOiX.exe
  C:\Windows\System\QBnDOiX.exe
  2⤵
  PID:9768
- C:\Windows\System\mmJEgLQ.exe
  C:\Windows\System\mmJEgLQ.exe
  2⤵
  PID:9816
- C:\Windows\System\xbbLUfk.exe
  C:\Windows\System\xbbLUfk.exe
  2⤵
  PID:9380
- C:\Windows\System\mlbUGYp.exe
  C:\Windows\System\mlbUGYp.exe
  2⤵
  PID:9644
- C:\Windows\System\NmJopGP.exe
  C:\Windows\System\NmJopGP.exe
  2⤵
  PID:9480
- C:\Windows\System\uprwanj.exe
  C:\Windows\System\uprwanj.exe
  2⤵
  PID:9448
- C:\Windows\System\pFgTzPt.exe
  C:\Windows\System\pFgTzPt.exe
  2⤵
  PID:9840
- C:\Windows\System\sTJtNUY.exe
  C:\Windows\System\sTJtNUY.exe
  2⤵
  PID:9876
- C:\Windows\System\hqpadxN.exe
  C:\Windows\System\hqpadxN.exe
  2⤵
  PID:9896
- C:\Windows\System\cXhkFeC.exe
  C:\Windows\System\cXhkFeC.exe
  2⤵
  PID:9924
- C:\Windows\System\RANVciM.exe
  C:\Windows\System\RANVciM.exe
  2⤵
  PID:9968
- C:\Windows\System\bvCejhd.exe
  C:\Windows\System\bvCejhd.exe
  2⤵
  PID:10000
- C:\Windows\System\NLiqCbc.exe
  C:\Windows\System\NLiqCbc.exe
  2⤵
  PID:9984
- C:\Windows\System\lJYLZWu.exe
  C:\Windows\System\lJYLZWu.exe
  2⤵
  PID:10048
- C:\Windows\System\imiVtTr.exe
  C:\Windows\System\imiVtTr.exe
  2⤵
  PID:10096
- C:\Windows\System\ZcuDSFt.exe
  C:\Windows\System\ZcuDSFt.exe
  2⤵
  PID:10160
- C:\Windows\System\RukahRe.exe
  C:\Windows\System\RukahRe.exe
  2⤵
  PID:10224
- C:\Windows\System\wSrbqET.exe
  C:\Windows\System\wSrbqET.exe
  2⤵
  PID:8012
- C:\Windows\System\lYaOjfs.exe
  C:\Windows\System\lYaOjfs.exe
  2⤵
  PID:10072
- C:\Windows\System\FwmaiYX.exe
  C:\Windows\System\FwmaiYX.exe
  2⤵
  PID:9192
- C:\Windows\System\dcCsHLx.exe
  C:\Windows\System\dcCsHLx.exe
  2⤵
  PID:8656
- C:\Windows\System\BfKXPDc.exe
  C:\Windows\System\BfKXPDc.exe
  2⤵
  PID:8640
- C:\Windows\System\KfAAIHo.exe
  C:\Windows\System\KfAAIHo.exe
  2⤵
  PID:10076
- C:\Windows\System\uskJfdz.exe
  C:\Windows\System\uskJfdz.exe
  2⤵
  PID:10144
- C:\Windows\System\AvXLUQO.exe
  C:\Windows\System\AvXLUQO.exe
  2⤵
  PID:8392
- C:\Windows\System\CAdekAB.exe
  C:\Windows\System\CAdekAB.exe
  2⤵
  PID:9244
- C:\Windows\System\ZwsoEun.exe
  C:\Windows\System\ZwsoEun.exe
  2⤵
  PID:9300
- C:\Windows\System\tkebzyC.exe
  C:\Windows\System\tkebzyC.exe
  2⤵
  PID:9368
- C:\Windows\System\VGKFhFj.exe
  C:\Windows\System\VGKFhFj.exe
  2⤵
  PID:9520
- C:\Windows\System\ssxocXz.exe
  C:\Windows\System\ssxocXz.exe
  2⤵
  PID:9692
- C:\Windows\System\NkSNEoF.exe
  C:\Windows\System\NkSNEoF.exe
  2⤵
  PID:9488
- C:\Windows\System\COGMjKW.exe
  C:\Windows\System\COGMjKW.exe
  2⤵
  PID:9756
- C:\Windows\System\NiadVln.exe
  C:\Windows\System\NiadVln.exe
  2⤵
  PID:9824
- C:\Windows\System\OopoXZA.exe
  C:\Windows\System\OopoXZA.exe
  2⤵
  PID:9936
- C:\Windows\System\JAYoJJL.exe
  C:\Windows\System\JAYoJJL.exe
  2⤵
  PID:9412
- C:\Windows\System\KDGTISJ.exe
  C:\Windows\System\KDGTISJ.exe
  2⤵
  PID:10056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BqaWurj.exe

Filesize
6.0MB

MD5
732c9c021ac5cd08489596379995f5ee

SHA1
72cc37e14a7c908a2003efd808e2b497bec78f27

SHA256
0bb59e76b41cc592fbe04f6c7bd2cda7f9030356ea515ef1fbddc2a5905594c5

SHA512
2c6e10979ed3c5c32beab5c3790711f7c14693cae134ad318e4f95f1da6eaaa7d712f15e4cf2fcc3b74009b227842165f9d22e248216d59a00a73c4d2e0af4eb

Download Submit
C:\Windows\system\EXqnMjw.exe

Filesize
6.0MB

MD5
0978c9e147fddd997a8cc703488b5208

SHA1
205c181c8c69c24fdd9cb5e18ab7425fbd5e549d

SHA256
f0c3459f8759572b580b19585f46eb60fd312cc8e02ef36c1d12e4f9bede6589

SHA512
c43c81a2e67747af8db52957059195734f70f3b7c022a0026ac0305db2e984bc0a67a10f0e9f102eec213d96971eed32d37f51afd499f7e2a8dc6c97c98f17c1

Download Submit
C:\Windows\system\HlgEJno.exe

Filesize
6.0MB

MD5
e76a0474a447ac18b806a251854c0ce3

SHA1
3a3db3b318f4840af24dc4d7e15c5f13734cd09f

SHA256
9e26cb70b80ab954ccf45dd96c235aa477910322c278108d38dd47e9bd854142

SHA512
b463a002f7eff493d96fbce6b6070ca9925ae9a24179bbca593ffb565ab58893012848f742a351120763a541aae51a11479bc3cfda001e3ab35e4ee1116810cf

Download Submit
C:\Windows\system\LsnoKWY.exe

Filesize
6.0MB

MD5
d7b4fa0ebd6d5f7be4b4811094dded55

SHA1
c5c1f495611318a8eec1f3a65bfd65f5a905faa7

SHA256
df828b50a6135c3ca47e1a6608d9d15f8e571a16a845bf57df4b69c971869910

SHA512
4f80afd6cc6cffbba6dd5c3673f046cb3c4fbc300ef4e18954af4b19eaa9857690f35893c6bcfc77b92cee58f8926cca85a9570687a52f408780f2f5693d7701

Download Submit
C:\Windows\system\LytFdeR.exe

Filesize
6.0MB

MD5
67b7a37cbd57e5416a96b81aed282f95

SHA1
a1145969228dbedb6d6463b272bc0f17c8580e2c

SHA256
8bfe565d4c86886e4576281d94eebea9dbc3247a7a3c9cdc6960ffc90bed1a5d

SHA512
dbeb313c1f9e078f4fbb850e6f92b39ec3480a99fd2ea3f3cf2a72001c1743dce20303419ececa15daf33319d70822d132a0e9c363d0a9d94b39f33df9b3331a

Download Submit
C:\Windows\system\NnOWZvh.exe

Filesize
6.0MB

MD5
b4700856bf995f5f1a4dc576c2628c09

SHA1
ed44c00641c484ef937759808a217e86ef6ae466

SHA256
cbc301dc12d6af07ba78c78bfaebd2762d99ce66208487015078a20d178f74bd

SHA512
bb896caa86e5f3edbd51c23525812c0a2d2de8e18794734dda31190909cb9abdb5113798e19c5142b37bef62f779965319a37504beaa9607dc5091655ce80aac

Download Submit
C:\Windows\system\PPnCPOE.exe

Filesize
6.0MB

MD5
2b4ec1ff5089c2b4a7f23f33d04897ac

SHA1
c5e488196d58ed9c5b1b97af09c9c2b7a20c1d43

SHA256
74ae22f07d975d85926f3e3058e69c7dcfaf9a4cd68b09470b89f8d7b370354e

SHA512
fc1932d6056755b580b5efc9d007b84a4d7baeb96c2fdb1b388e15791bea728dd18b0f3b41b5c4641cbefc6cc8ace73b0d5b2987ec33e82fd3a43230d7089050

Download Submit
C:\Windows\system\PfoyqAt.exe

Filesize
6.0MB

MD5
2a46cbc8b879eb3abacb641ad675a9a5

SHA1
6b08aff69588217a1d8500f351f027a57cb07d87

SHA256
2c58b868d8f06f0a4bafe083b99abc988e460de9cbe8f123129e902826717865

SHA512
891ec00a04e15c6b4be53e308344e29c68f8d2dd2b1ba5792d0abcf576f2b4e50f8a034e594f20ecf96aa6259b6945c63936c6a5afaf22830fb299568f0defb1

Download Submit
C:\Windows\system\SSHYlBl.exe

Filesize
6.0MB

MD5
93260c1196dd4c5429d945e7b5caffb8

SHA1
6165861d88664f4e13d03b78319ac7639e6b40be

SHA256
ca18efaac9fa9abe8599921bec2ec4b3e18f2e836bc4c561e153992cea670acb

SHA512
8c08229dda5619044f5fef1a2b101df7867b32d5868b5a32bfab94d440c8d847f60197f69664b4fe92cd22d3f1eb899ba3cd41815a0b9c4c9297482a70a941e0

Download Submit
C:\Windows\system\ShVzZCI.exe

Filesize
6.0MB

MD5
1cd9378907fa6760d798222df41f54ac

SHA1
d2b48137f09a2f9538013936b5fc644641e20799

SHA256
36391da94b1b8c455e7c5918540d2f57e67e48c745e4b83144ec119f260d6941

SHA512
c2efa431fca1eecee39b403483eeea228800613f5e585249df0d16d2191979dc3bfdc5f14f74dcda6b4fc1fe802eb02bcfe7bfb8c650c4a208bdb6c338262e75

Download Submit
C:\Windows\system\TuedGgJ.exe

Filesize
6.0MB

MD5
b04a8c51d4cfe2baa26ab3cb73e7fe85

SHA1
b25e18d0ebd1a42c8df8b129b6adba8ca0aa346c

SHA256
936ad48829c0b05cf5c807d9ce3ab00e2a480f2f64a0485f6e29215a64bb8278

SHA512
666299aa19f61eb1ad0a1c3600254e5fdab7187e6e664e6cd7bc631a29006c0447498d627a2dc60dcaa5e69b4c14f2760db07596bbce86d7cdbffd9298f543a8

Download Submit
C:\Windows\system\WfGOwxt.exe

Filesize
6.0MB

MD5
41f5e15f12baf0c0a2047c89007a1ecb

SHA1
3026da77f76e65a7d5aa2c747462c3c3d84038e0

SHA256
2e47b26c75542e16c83a85609c8f555c3d771d04c06b417233a4bf32da884aa3

SHA512
bcc7ff344b14500c37fd64e348c697ae5dbb7c09b42db09e783f7051da077c23dc8c82405c2646986dcad41e9c932e6ab05ae03b55dcd6a716cc546e600d8854

Download Submit
C:\Windows\system\YQrLyzS.exe

Filesize
6.0MB

MD5
a35d56c5dadfea197e59b940c92caa6e

SHA1
8eb3c659b00102affc9360c52fe9a7d0d94bedf1

SHA256
6c193986ee07fecec4bf059d8b5ee52002d4f8fc3d0c3b00d46b5f2f66602883

SHA512
0a0ad40a338cea6705d9252a0e5c677c2c4a990c6be90bca9298fe61a2f80445eed92dd18804fa7e82d0b6fa7adebcf036fbb8b00767e766ab0dbb1bb24bcc4b

Download Submit
C:\Windows\system\YdkFriU.exe

Filesize
6.0MB

MD5
481d8543619f248236fce6624f0dc90b

SHA1
126611acb5b30afd615ec0e0ccec3583e556a33c

SHA256
6b5303fb33a5722ecd1805008efd8c4d9e1a41483e32ccca461db0e5b4c9211c

SHA512
8c43062a5e90f58b7e0b7427f923ee53fb05d849b88d27945de19dae106952fca06e649f96501876f9d29364d77cd83b2e9147fbbf23e62627f65019af201692

Download Submit
C:\Windows\system\anRoYLy.exe

Filesize
6.0MB

MD5
c30455504f16be7362798322db7b3f03

SHA1
f107d5a1cd5d5931aea46d5cba4fee138137d109

SHA256
a1367f78cc0f368324e7f2eb2d4a6378cf53e1e51b8c8d01c13858213d4c8722

SHA512
d14060b6132171cfd03b56456d1e4700fd282726ddeba6a45a1e141495460e446a642cdf5230d67a89e5560ba557ec8bb7602a8866f679e86142cf4d3b3762dd

Download Submit
C:\Windows\system\ejjTrLH.exe

Filesize
6.0MB

MD5
bd4a16a856774fd498eea38254508143

SHA1
6e2817abd4932222591113896454fcd8206c4e99

SHA256
d66b30b5e613f7c81dfb6ff15efeb80c08bbd5873b2923cfc6afc85ee1fdb64d

SHA512
5b0d72d324ed87b5f867e49c8c3838542118ac0f0095e9b486076772d751beca5c4b363029f482e6d737d88883279b62d20645008d872f53a0cf42c41157812c

Download Submit
C:\Windows\system\hpgeFQd.exe

Filesize
6.0MB

MD5
610a2da8b66947b451b10dcc64fcead2

SHA1
76f38a397523dcd6e3e26e39291252eb13ca8346

SHA256
a4ad737ee3420674b94e1abfb173efe090d33ca78137a95521f45443506009ba

SHA512
8a99277b2243c4433bdd8c2fa34b236aac70f6a1984a7f01ce8fd5a90f40a50b155bfa6e4c05594804e37777cc0b99b301a61aa3583c5d90c2d3120b9225ff16

Download Submit
C:\Windows\system\ivofviu.exe

Filesize
6.0MB

MD5
4d5d5427fd0ef30c481e79cfc84c3ce9

SHA1
b90e4be8ff129c4d0fa22ae54369dac6b220ed63

SHA256
4e48fa84643aa869913e845ff40b9c8df2d32343d1bb23866fb588db29342620

SHA512
883fb6d6f5fa349949925230d166bdeebf9f5dd35e2931159ff36aed8aa82c8c012f4ec8bb369dee122e717a10c84b3a06259a076a29d5d3b244cd725685b0e9

Download Submit
C:\Windows\system\kOXNGfG.exe

Filesize
6.0MB

MD5
b857f3b858770b061ae7e88743682923

SHA1
5fa336d2a98851dc71084a47a694e3ec9dcdb07e

SHA256
7d995e8dbc195e3802c2cc560164442a1038e8ee51194d4c8473580403c1b831

SHA512
4100b372bb0c1383d17be2f255f3763a730ad93f0f09137c1783d7d479eda7ea08d80343d36c807b1df7333deea891c0eb80fd56517dbc6df37655baf5ecd3de

Download Submit
C:\Windows\system\mQfGtxA.exe

Filesize
6.0MB

MD5
e39061e5549befc03f335eed9ee8e2bb

SHA1
5a36777a827ef6f8bcf3a073dd036dd78e4de6b8

SHA256
948c568f35474646dfe7c3025f0f3c973d3d04e7b860f401566fc934bac0022d

SHA512
31da0328e2f24f5bf21f10e18978da2068d2a0043767260cda8269361d6e5949766061fc0413c4d7ce6ac6ccb1ec464835466ffa3138f36bc1434a6720c7541a

Download Submit
C:\Windows\system\pfxSqCS.exe

Filesize
6.0MB

MD5
5158323b0cc91c103686d60a1f6c8331

SHA1
2c7797a735169fe15813dd7823b74a4705f15897

SHA256
bdb4408c1aeb3769629774da1b9339dfcbf64ee86bd2189494af00d4098020a8

SHA512
28a3e84096df001bd3d0edfb84b854ca3d70905ab8797384ee87f4b7d56d64a75f70e10ebf6e6eb94c644b9cad9cc6e153ee4f08085b3f140bdb00b55bb11ce2

Download Submit
C:\Windows\system\pzMLtJz.exe

Filesize
6.0MB

MD5
852fa39f0e72cf5c4ea571c447f90d2a

SHA1
c523451a2d2778efcc721038b5c5e794173cf10e

SHA256
7409a433343937402381309e363dbfcb4f4c968e7d8b7d0eaaa8215b2f8386b0

SHA512
e98871c129cc3843c8868b350f56f8a4f2592b509de9ff39ade7981a6462ad14c5d101ca03ad48117903f99d2b45d956f865d97a14808c7cd0e4a44178a2215b

Download Submit
C:\Windows\system\qAveCPQ.exe

Filesize
6.0MB

MD5
64725baa6e4f4a22b9ac26b22e429ff5

SHA1
25b8040f44bd61f581e4552618b2f4cd08b6c6e5

SHA256
a4bf177bbbedc91c2fb76228d0a58579f73ff8212f4348310ffccd88a0774dff

SHA512
f5b07dee8b31705105fd4bacea50903c4dd18d140953a27034d9a08e96f5858ba6f2f7e9b840c9814802aa882afb03ee21c99e6b9e06ec8b16ad13365f95cfa2

Download Submit
C:\Windows\system\qIHkNnk.exe

Filesize
6.0MB

MD5
e801911718efef61d746ed184b16fa47

SHA1
d863bc04d42fb8b23ce34602ae3ac15bd51db70c

SHA256
5fd156f8f7de61fe38ee1ee918ab0e07426200f2b6747174fbc7073754609bb6

SHA512
1cdd72bbd9d16454a9ba6cb49ff324ff37a4713fb5396f5782ca16cd6e94b28c8e89cdb431b7cce292233e16597962dfabe851c194805a34267f899455c99a6c

Download Submit
C:\Windows\system\rjZuInC.exe

Filesize
6.0MB

MD5
840cbb28a6e522a54d75b10b11a100ce

SHA1
e9cb9a6cebf9390a09d2d6116d2b3004972a87e5

SHA256
179f616ba6bd4829d4fdf413ce2e2d3225399aaef18094e2a10ac571b42891f0

SHA512
2c178a9f42c9a0908cf1f881340878d5a5ae8fcad6917cd746557818000d4939de1949b4c12b3eccea92805cbf8fba4995e6e714b639b3814db80f31bd5f9d7b

Download Submit
C:\Windows\system\sjjpQNM.exe

Filesize
6.0MB

MD5
a80516f2f8a896d500e6d33d18573ca0

SHA1
55164bc913543f354c32c417a9886d190fff5ef6

SHA256
77dddd50ec27ca578eba0d5cff8bc04ad96a5a2f5fc14a7c552aba21b46b3373

SHA512
b5f069198a36c5478097c2c083ae9689296d205b60e8c192072eb926ad27bacfbb990eaa94d79ac1c2b0d90d4c8ee782c4480846c40b1476ac953fa61557999f

Download Submit
C:\Windows\system\vGDQLFM.exe

Filesize
6.0MB

MD5
e11066b274b3e584ff1c7f908012fb11

SHA1
51813a38ffb089b9c4d58b60907c71c10bdc5c7e

SHA256
8b42dd6a94cc8283f50a3de4a6919afc603415c126e9dc7ba4cabbb95f2966ce

SHA512
7610e697aea3017356c65b03b22684373bffd263dca7355b9ccd0e635a7bc61b614a8d286c73db7fe77b141a3dd7a4546f539abddffb2e2ce8df3155e854419e

Download Submit
C:\Windows\system\yJGVJDy.exe

Filesize
6.0MB

MD5
c15c9df295342a4d35aef6aabaaa364f

SHA1
7d90566ecd590a5ef2fb2640fd29225bfe58fc0f

SHA256
ccd30a19b765e2f30ace55193b38ed929ff12489e0a118c708feb9242595d9b3

SHA512
03b200ac76937c164eb73c4c8b8342216e3f5b62b4fb852ca98b6e7e63e700d14149e48c1346225458ecbbb6ac911f2fbb383ea38e617ad5db00f7acd9a136b3

Download Submit
C:\Windows\system\zmavTmM.exe

Filesize
6.0MB

MD5
13ce7bf0ddcfbe2d8957ad9145efe83e

SHA1
3941796f15238f1f5df8cbcf3f10d701875ab0d7

SHA256
06e4c16ceca82983433ce46ce30ea22a13909b560349b26f3909bd6ea2e61efa

SHA512
75158cd22b3a0ef72d102639c86396f7d9b7febed9d49ca24fff911d5b3703f862b3663aca10d66ed6e56dfe5dcc51c1c9e989660166d49dfc0cc2acf2b06e1c

Download Submit
\Windows\system\LuRwwWu.exe

Filesize
6.0MB

MD5
79721bd8eabf366aa87d1bb2c6faf81b

SHA1
a8de8a7d06913667b79d8ac775849816c38fb404

SHA256
737c01c04e0cc04c4918928f163182cf936e9e738e1b27631a2805604d1bde57

SHA512
db4e3df792e62d67e17a6a9e8cce0cbcd71d9c6f1e2b8c1ddea699fb37e8e899d5679144c83a06854a28f4354a51ceb7ec6ab2cb364faafe5f3da5e816f2c6ef

Download Submit
\Windows\system\NFIwmhd.exe

Filesize
6.0MB

MD5
2d50e3829399b6107cc2cbb36e255d16

SHA1
d8f5d61131bb0a34581453dc5e10185ed87f5347

SHA256
609e8944e61a2f254a8a4f3ff7ae7e7aa988c6bb865154757dcb00e364ba5d1d

SHA512
ef63f50d37d6b0092065f323c194ced2e6d3b65ea534ef1b8e4b5d6c26d6b7bdc66d65d3a2d1b7398a2a459b753e855e6e862f644cd7bbea0c582c5c9ca3af00

Download Submit
\Windows\system\PtbaCVc.exe

Filesize
6.0MB

MD5
43e2e84bd274bb575c936387d71dd851

SHA1
7c5756acde4bf9172752563ad87f7e350c0d64e8

SHA256
d53c1febf22f0253aac565169d92b9228d6e8c85504b06d13d253995125287a7

SHA512
69065d7e91be3ecc3f124e724073b97c0fba5258c6942d86daba53ac83fe1e752b40f1fc675c268c3adb4748082b039713d5bfeef2ceba6341f5d880eb3eba68

Download Submit
memory/1280-2646-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1280-1212-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1280-3862-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1648-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2898-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1477-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1680-1514-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1376-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1576-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2899-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1644-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2846-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2853-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1646-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-0-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2847-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1650-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2848-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2849-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1655-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1656-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2850-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1921-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1919-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2854-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2856-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2830-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1957-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1956-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2443-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2640-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2831-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2755-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2807-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1955-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1708-3788-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1476-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1712-3785-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1369-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3865-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1915-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3866-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2712-1558-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3784-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1953-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3864-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1643-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3867-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1649-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3787-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1513-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3868-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3812-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1645-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3786-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1954-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1654-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3870-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3863-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1647-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download