cobaltstrike | 8245993db82dc1c501686bd6bebfa79e7d5a15289124750882c4d051a85bc748

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

35acd960b17fd51a228ecaeb1c1ca9ed
SHA1

c3f052b26d99b2cd7606d49db509b306bc66d16c
SHA256

8245993db82dc1c501686bd6bebfa79e7d5a15289124750882c4d051a85bc748
SHA512

f373d52148124dda9cd8ece0405fb5bebb2336e260623dc2fcebe0c5857e3472c3852f6f56ca60f0725ef37483233b044ab1877aba64b071b2ae45dca694766e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\uCLYFGZ.exe	cobalt_reflective_dll
\Windows\system\MRftwiC.exe	cobalt_reflective_dll
C:\Windows\system\wcSKBUG.exe	cobalt_reflective_dll
C:\Windows\system\DSvFrxE.exe	cobalt_reflective_dll
C:\Windows\system\MTpCtWI.exe	cobalt_reflective_dll
C:\Windows\system\HXBVSIx.exe	cobalt_reflective_dll
C:\Windows\system\tRaDRUa.exe	cobalt_reflective_dll
C:\Windows\system\GxlvKlN.exe	cobalt_reflective_dll
C:\Windows\system\KyLByMm.exe	cobalt_reflective_dll
C:\Windows\system\VyMdAHa.exe	cobalt_reflective_dll
C:\Windows\system\OlFJIhe.exe	cobalt_reflective_dll
C:\Windows\system\kbrRIir.exe	cobalt_reflective_dll
C:\Windows\system\xhWZJEZ.exe	cobalt_reflective_dll
C:\Windows\system\OlvMWNZ.exe	cobalt_reflective_dll
C:\Windows\system\NzkEQex.exe	cobalt_reflective_dll
C:\Windows\system\LMFtABJ.exe	cobalt_reflective_dll
C:\Windows\system\AaVVuyL.exe	cobalt_reflective_dll
C:\Windows\system\cyqPmzp.exe	cobalt_reflective_dll
C:\Windows\system\bTprlpi.exe	cobalt_reflective_dll
C:\Windows\system\VErvmZv.exe	cobalt_reflective_dll
C:\Windows\system\syZEPiR.exe	cobalt_reflective_dll
C:\Windows\system\QDvjYYO.exe	cobalt_reflective_dll
C:\Windows\system\UUoPegL.exe	cobalt_reflective_dll
C:\Windows\system\uVbbrmn.exe	cobalt_reflective_dll
C:\Windows\system\CdLkRkb.exe	cobalt_reflective_dll
C:\Windows\system\SFIUBwP.exe	cobalt_reflective_dll
C:\Windows\system\eClbiEc.exe	cobalt_reflective_dll
C:\Windows\system\rdIRpEz.exe	cobalt_reflective_dll
C:\Windows\system\sKVfUXE.exe	cobalt_reflective_dll
C:\Windows\system\YBMHITM.exe	cobalt_reflective_dll
C:\Windows\system\wCwvCqA.exe	cobalt_reflective_dll
C:\Windows\system\myJerFJ.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1736-0-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
\Windows\system\uCLYFGZ.exe	xmrig
behavioral1/memory/1236-9-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
\Windows\system\MRftwiC.exe	xmrig
behavioral1/memory/2420-16-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
C:\Windows\system\wcSKBUG.exe	xmrig
behavioral1/memory/2024-22-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
C:\Windows\system\DSvFrxE.exe	xmrig
behavioral1/memory/2144-28-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
C:\Windows\system\MTpCtWI.exe	xmrig
behavioral1/memory/2152-44-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/3048-35-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1736-34-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
C:\Windows\system\HXBVSIx.exe	xmrig
behavioral1/memory/2920-60-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2252-53-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2248-76-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/1692-92-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2884-108-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
C:\Windows\system\tRaDRUa.exe	xmrig
C:\Windows\system\GxlvKlN.exe	xmrig
C:\Windows\system\KyLByMm.exe	xmrig
behavioral1/memory/1248-404-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2908-426-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2420-1433-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2144-1435-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2920-1438-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/1944-1441-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2908-1444-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/1248-1443-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/1692-1442-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2248-1440-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2884-1439-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2252-1437-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2152-1436-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/3048-1434-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1236-1445-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/1692-306-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/1944-212-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
C:\Windows\system\VyMdAHa.exe	xmrig
C:\Windows\system\OlFJIhe.exe	xmrig
C:\Windows\system\kbrRIir.exe	xmrig
C:\Windows\system\xhWZJEZ.exe	xmrig
C:\Windows\system\OlvMWNZ.exe	xmrig
C:\Windows\system\NzkEQex.exe	xmrig
C:\Windows\system\LMFtABJ.exe	xmrig
C:\Windows\system\AaVVuyL.exe	xmrig
C:\Windows\system\cyqPmzp.exe	xmrig
behavioral1/memory/2248-149-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
C:\Windows\system\bTprlpi.exe	xmrig
C:\Windows\system\VErvmZv.exe	xmrig
C:\Windows\system\syZEPiR.exe	xmrig
C:\Windows\system\QDvjYYO.exe	xmrig
C:\Windows\system\UUoPegL.exe	xmrig
C:\Windows\system\uVbbrmn.exe	xmrig
behavioral1/memory/2908-109-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
C:\Windows\system\CdLkRkb.exe	xmrig
behavioral1/memory/1248-100-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2920-99-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
C:\Windows\system\SFIUBwP.exe	xmrig
behavioral1/memory/2252-91-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
C:\Windows\system\eClbiEc.exe	xmrig
behavioral1/memory/1944-83-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2152-82-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

uCLYFGZ.exeMRftwiC.exewcSKBUG.exeDSvFrxE.exemyJerFJ.exeMTpCtWI.exewCwvCqA.exeHXBVSIx.exeYBMHITM.exesKVfUXE.exerdIRpEz.exeeClbiEc.exeSFIUBwP.exeCdLkRkb.exeuVbbrmn.exeUUoPegL.exeQDvjYYO.exesyZEPiR.exeVErvmZv.exetRaDRUa.exebTprlpi.exeGxlvKlN.execyqPmzp.exeKyLByMm.exeAaVVuyL.exeLMFtABJ.exeNzkEQex.exeOlvMWNZ.exexhWZJEZ.exekbrRIir.exeVyMdAHa.exeOlFJIhe.exedRLkOed.exeMeJdHOJ.exebXahfFY.exeUHkjhWe.exeJCftqRF.exeiXBfJBP.exevvxsXFI.exeyQWCATL.exeHpKUzsz.exeSlaVuTb.exeGqjgoNW.exeFxsENKp.exeQWfGMsG.exeiBarXfU.exeDKNrkRz.exelMtpDbz.exeBPAAXFP.exeXQsTFnH.exeraJqYlq.exeLwtDeHh.exeIVWaLEy.exeVijdBRV.exeFYpzPCD.exeYgRVgIl.exeqBHDhJR.exeOtAzrHi.exepqmOydC.exesRrOJxI.exeSsxSPxE.exeWqzzUAQ.exefpHVwIX.exeVbZLwfh.exe

pid	process
1236	uCLYFGZ.exe
2420	MRftwiC.exe
2024	wcSKBUG.exe
2144	DSvFrxE.exe
3048	myJerFJ.exe
2152	MTpCtWI.exe
2252	wCwvCqA.exe
2920	HXBVSIx.exe
2884	YBMHITM.exe
2248	sKVfUXE.exe
1944	rdIRpEz.exe
1692	eClbiEc.exe
1248	SFIUBwP.exe
2908	CdLkRkb.exe
1436	uVbbrmn.exe
2792	UUoPegL.exe
2460	QDvjYYO.exe
1352	syZEPiR.exe
2088	VErvmZv.exe
2600	tRaDRUa.exe
1400	bTprlpi.exe
1016	GxlvKlN.exe
2216	cyqPmzp.exe
2060	KyLByMm.exe
2124	AaVVuyL.exe
2412	LMFtABJ.exe
1644	NzkEQex.exe
2328	OlvMWNZ.exe
1716	xhWZJEZ.exe
820	kbrRIir.exe
2776	VyMdAHa.exe
1420	OlFJIhe.exe
1572	dRLkOed.exe
1996	MeJdHOJ.exe
2552	bXahfFY.exe
2300	UHkjhWe.exe
1712	JCftqRF.exe
1064	iXBfJBP.exe
1204	vvxsXFI.exe
2704	yQWCATL.exe
2104	HpKUzsz.exe
1768	SlaVuTb.exe
2752	GqjgoNW.exe
1820	FxsENKp.exe
2096	QWfGMsG.exe
1928	iBarXfU.exe
1816	DKNrkRz.exe
2392	lMtpDbz.exe
2288	BPAAXFP.exe
2648	XQsTFnH.exe
2364	raJqYlq.exe
1128	LwtDeHh.exe
2008	IVWaLEy.exe
2836	VijdBRV.exe
2816	FYpzPCD.exe
2864	YgRVgIl.exe
2536	qBHDhJR.exe
2984	OtAzrHi.exe
2868	pqmOydC.exe
1224	sRrOJxI.exe
2740	SsxSPxE.exe
1408	WqzzUAQ.exe
1152	fpHVwIX.exe
2348	VbZLwfh.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1736-0-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
\Windows\system\uCLYFGZ.exe	upx
behavioral1/memory/1236-9-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
\Windows\system\MRftwiC.exe	upx
behavioral1/memory/2420-16-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
C:\Windows\system\wcSKBUG.exe	upx
behavioral1/memory/2024-22-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
C:\Windows\system\DSvFrxE.exe	upx
behavioral1/memory/2144-28-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
C:\Windows\system\MTpCtWI.exe	upx
behavioral1/memory/2152-44-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/3048-35-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/1736-34-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
C:\Windows\system\HXBVSIx.exe	upx
behavioral1/memory/2920-60-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2252-53-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2248-76-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/1692-92-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2884-108-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
C:\Windows\system\tRaDRUa.exe	upx
C:\Windows\system\GxlvKlN.exe	upx
C:\Windows\system\KyLByMm.exe	upx
behavioral1/memory/1248-404-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2908-426-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2420-1433-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2144-1435-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2920-1438-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/1944-1441-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2908-1444-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/1248-1443-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/1692-1442-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2248-1440-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2884-1439-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2252-1437-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2152-1436-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/3048-1434-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/1236-1445-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/1692-306-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/1944-212-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
C:\Windows\system\VyMdAHa.exe	upx
C:\Windows\system\OlFJIhe.exe	upx
C:\Windows\system\kbrRIir.exe	upx
C:\Windows\system\xhWZJEZ.exe	upx
C:\Windows\system\OlvMWNZ.exe	upx
C:\Windows\system\NzkEQex.exe	upx
C:\Windows\system\LMFtABJ.exe	upx
C:\Windows\system\AaVVuyL.exe	upx
C:\Windows\system\cyqPmzp.exe	upx
behavioral1/memory/2248-149-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
C:\Windows\system\bTprlpi.exe	upx
C:\Windows\system\VErvmZv.exe	upx
C:\Windows\system\syZEPiR.exe	upx
C:\Windows\system\QDvjYYO.exe	upx
C:\Windows\system\UUoPegL.exe	upx
C:\Windows\system\uVbbrmn.exe	upx
behavioral1/memory/2908-109-0x000000013F220000-0x000000013F574000-memory.dmp	upx
C:\Windows\system\CdLkRkb.exe	upx
behavioral1/memory/1248-100-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2920-99-0x000000013F100000-0x000000013F454000-memory.dmp	upx
C:\Windows\system\SFIUBwP.exe	upx
behavioral1/memory/2252-91-0x000000013F240000-0x000000013F594000-memory.dmp	upx
C:\Windows\system\eClbiEc.exe	upx
behavioral1/memory/1944-83-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2152-82-0x000000013F340000-0x000000013F694000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\cOaNMTL.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EaBaYvl.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaKvvzp.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzmQNWc.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CewEzAG.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grxCSuR.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuIsjOa.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyiRdff.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFdOSDJ.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heCZPFN.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHwDkay.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQHfppB.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxlvKlN.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdXBmkv.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSPbfoi.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjEYQRS.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwFRXOR.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDwqdOg.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXoAZOR.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRbARih.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyosxub.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTJRhcQ.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkEvJBS.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zedtdWk.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILMPFVI.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvqpJwd.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INmmaQo.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXRWpwd.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LivHzab.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQMsJaO.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpEPDKs.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJfqwni.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqheHsZ.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuGSgTN.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hulhiIN.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udYKPwy.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNKGfyL.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRuCtSB.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgpYXVy.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEvYtUO.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqPAsAY.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbACOxZ.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWguqVs.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbKOljP.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMtsETT.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNKXUaW.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRLkOed.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYWFRyi.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJiQmpO.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMKeuMo.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfJARou.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylSvkJq.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOVCJnP.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LiGQlLS.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCduufk.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYNtrsO.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGaUJTo.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGHMaqH.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnrKCgM.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKdgypP.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLtLqZn.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKbnagn.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sekiSRz.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUZvlOd.exe	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1736 wrote to memory of 1236	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	uCLYFGZ.exe
PID 1736 wrote to memory of 1236	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	uCLYFGZ.exe
PID 1736 wrote to memory of 1236	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	uCLYFGZ.exe
PID 1736 wrote to memory of 2420	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	MRftwiC.exe
PID 1736 wrote to memory of 2420	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	MRftwiC.exe
PID 1736 wrote to memory of 2420	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	MRftwiC.exe
PID 1736 wrote to memory of 2024	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	wcSKBUG.exe
PID 1736 wrote to memory of 2024	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	wcSKBUG.exe
PID 1736 wrote to memory of 2024	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	wcSKBUG.exe
PID 1736 wrote to memory of 2144	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	DSvFrxE.exe
PID 1736 wrote to memory of 2144	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	DSvFrxE.exe
PID 1736 wrote to memory of 2144	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	DSvFrxE.exe
PID 1736 wrote to memory of 3048	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	myJerFJ.exe
PID 1736 wrote to memory of 3048	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	myJerFJ.exe
PID 1736 wrote to memory of 3048	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	myJerFJ.exe
PID 1736 wrote to memory of 2152	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	MTpCtWI.exe
PID 1736 wrote to memory of 2152	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	MTpCtWI.exe
PID 1736 wrote to memory of 2152	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	MTpCtWI.exe
PID 1736 wrote to memory of 2252	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	wCwvCqA.exe
PID 1736 wrote to memory of 2252	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	wCwvCqA.exe
PID 1736 wrote to memory of 2252	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	wCwvCqA.exe
PID 1736 wrote to memory of 2920	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	HXBVSIx.exe
PID 1736 wrote to memory of 2920	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	HXBVSIx.exe
PID 1736 wrote to memory of 2920	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	HXBVSIx.exe
PID 1736 wrote to memory of 2884	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	YBMHITM.exe
PID 1736 wrote to memory of 2884	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	YBMHITM.exe
PID 1736 wrote to memory of 2884	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	YBMHITM.exe
PID 1736 wrote to memory of 2248	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	sKVfUXE.exe
PID 1736 wrote to memory of 2248	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	sKVfUXE.exe
PID 1736 wrote to memory of 2248	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	sKVfUXE.exe
PID 1736 wrote to memory of 1944	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	rdIRpEz.exe
PID 1736 wrote to memory of 1944	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	rdIRpEz.exe
PID 1736 wrote to memory of 1944	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	rdIRpEz.exe
PID 1736 wrote to memory of 1692	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	eClbiEc.exe
PID 1736 wrote to memory of 1692	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	eClbiEc.exe
PID 1736 wrote to memory of 1692	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	eClbiEc.exe
PID 1736 wrote to memory of 1248	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	SFIUBwP.exe
PID 1736 wrote to memory of 1248	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	SFIUBwP.exe
PID 1736 wrote to memory of 1248	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	SFIUBwP.exe
PID 1736 wrote to memory of 2908	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	CdLkRkb.exe
PID 1736 wrote to memory of 2908	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	CdLkRkb.exe
PID 1736 wrote to memory of 2908	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	CdLkRkb.exe
PID 1736 wrote to memory of 1436	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	uVbbrmn.exe
PID 1736 wrote to memory of 1436	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	uVbbrmn.exe
PID 1736 wrote to memory of 1436	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	uVbbrmn.exe
PID 1736 wrote to memory of 2792	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	UUoPegL.exe
PID 1736 wrote to memory of 2792	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	UUoPegL.exe
PID 1736 wrote to memory of 2792	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	UUoPegL.exe
PID 1736 wrote to memory of 2460	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	QDvjYYO.exe
PID 1736 wrote to memory of 2460	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	QDvjYYO.exe
PID 1736 wrote to memory of 2460	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	QDvjYYO.exe
PID 1736 wrote to memory of 1352	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	syZEPiR.exe
PID 1736 wrote to memory of 1352	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	syZEPiR.exe
PID 1736 wrote to memory of 1352	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	syZEPiR.exe
PID 1736 wrote to memory of 2088	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	VErvmZv.exe
PID 1736 wrote to memory of 2088	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	VErvmZv.exe
PID 1736 wrote to memory of 2088	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	VErvmZv.exe
PID 1736 wrote to memory of 2600	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	tRaDRUa.exe
PID 1736 wrote to memory of 2600	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	tRaDRUa.exe
PID 1736 wrote to memory of 2600	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	tRaDRUa.exe
PID 1736 wrote to memory of 1400	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	bTprlpi.exe
PID 1736 wrote to memory of 1400	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	bTprlpi.exe
PID 1736 wrote to memory of 1400	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	bTprlpi.exe
PID 1736 wrote to memory of 1016	1736	2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe	GxlvKlN.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_35acd960b17fd51a228ecaeb1c1ca9ed_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\System\uCLYFGZ.exe
  C:\Windows\System\uCLYFGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\MRftwiC.exe
  C:\Windows\System\MRftwiC.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\wcSKBUG.exe
  C:\Windows\System\wcSKBUG.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\DSvFrxE.exe
  C:\Windows\System\DSvFrxE.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\myJerFJ.exe
  C:\Windows\System\myJerFJ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\MTpCtWI.exe
  C:\Windows\System\MTpCtWI.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\wCwvCqA.exe
  C:\Windows\System\wCwvCqA.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\HXBVSIx.exe
  C:\Windows\System\HXBVSIx.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\YBMHITM.exe
  C:\Windows\System\YBMHITM.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\sKVfUXE.exe
  C:\Windows\System\sKVfUXE.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\rdIRpEz.exe
  C:\Windows\System\rdIRpEz.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\eClbiEc.exe
  C:\Windows\System\eClbiEc.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\SFIUBwP.exe
  C:\Windows\System\SFIUBwP.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\CdLkRkb.exe
  C:\Windows\System\CdLkRkb.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\uVbbrmn.exe
  C:\Windows\System\uVbbrmn.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\UUoPegL.exe
  C:\Windows\System\UUoPegL.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\QDvjYYO.exe
  C:\Windows\System\QDvjYYO.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\syZEPiR.exe
  C:\Windows\System\syZEPiR.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\VErvmZv.exe
  C:\Windows\System\VErvmZv.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\tRaDRUa.exe
  C:\Windows\System\tRaDRUa.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\bTprlpi.exe
  C:\Windows\System\bTprlpi.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\GxlvKlN.exe
  C:\Windows\System\GxlvKlN.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\cyqPmzp.exe
  C:\Windows\System\cyqPmzp.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\KyLByMm.exe
  C:\Windows\System\KyLByMm.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\AaVVuyL.exe
  C:\Windows\System\AaVVuyL.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\LMFtABJ.exe
  C:\Windows\System\LMFtABJ.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\NzkEQex.exe
  C:\Windows\System\NzkEQex.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\OlvMWNZ.exe
  C:\Windows\System\OlvMWNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\xhWZJEZ.exe
  C:\Windows\System\xhWZJEZ.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\kbrRIir.exe
  C:\Windows\System\kbrRIir.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\VyMdAHa.exe
  C:\Windows\System\VyMdAHa.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\OlFJIhe.exe
  C:\Windows\System\OlFJIhe.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\dRLkOed.exe
  C:\Windows\System\dRLkOed.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\MeJdHOJ.exe
  C:\Windows\System\MeJdHOJ.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\bXahfFY.exe
  C:\Windows\System\bXahfFY.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\UHkjhWe.exe
  C:\Windows\System\UHkjhWe.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\JCftqRF.exe
  C:\Windows\System\JCftqRF.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\iXBfJBP.exe
  C:\Windows\System\iXBfJBP.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\vvxsXFI.exe
  C:\Windows\System\vvxsXFI.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\yQWCATL.exe
  C:\Windows\System\yQWCATL.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\HpKUzsz.exe
  C:\Windows\System\HpKUzsz.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\SlaVuTb.exe
  C:\Windows\System\SlaVuTb.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\GqjgoNW.exe
  C:\Windows\System\GqjgoNW.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\FxsENKp.exe
  C:\Windows\System\FxsENKp.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\QWfGMsG.exe
  C:\Windows\System\QWfGMsG.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\iBarXfU.exe
  C:\Windows\System\iBarXfU.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\DKNrkRz.exe
  C:\Windows\System\DKNrkRz.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\lMtpDbz.exe
  C:\Windows\System\lMtpDbz.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\BPAAXFP.exe
  C:\Windows\System\BPAAXFP.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\XQsTFnH.exe
  C:\Windows\System\XQsTFnH.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\raJqYlq.exe
  C:\Windows\System\raJqYlq.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\LwtDeHh.exe
  C:\Windows\System\LwtDeHh.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\IVWaLEy.exe
  C:\Windows\System\IVWaLEy.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\VijdBRV.exe
  C:\Windows\System\VijdBRV.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\FYpzPCD.exe
  C:\Windows\System\FYpzPCD.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\YgRVgIl.exe
  C:\Windows\System\YgRVgIl.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\qBHDhJR.exe
  C:\Windows\System\qBHDhJR.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\OtAzrHi.exe
  C:\Windows\System\OtAzrHi.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\pqmOydC.exe
  C:\Windows\System\pqmOydC.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\sRrOJxI.exe
  C:\Windows\System\sRrOJxI.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\SsxSPxE.exe
  C:\Windows\System\SsxSPxE.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\WqzzUAQ.exe
  C:\Windows\System\WqzzUAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\fpHVwIX.exe
  C:\Windows\System\fpHVwIX.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\VbZLwfh.exe
  C:\Windows\System\VbZLwfh.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\YbOLAto.exe
  C:\Windows\System\YbOLAto.exe
  2⤵
  PID:556
- C:\Windows\System\xzhAGZk.exe
  C:\Windows\System\xzhAGZk.exe
  2⤵
  PID:2656
- C:\Windows\System\nSxQhWb.exe
  C:\Windows\System\nSxQhWb.exe
  2⤵
  PID:2428
- C:\Windows\System\nDoogid.exe
  C:\Windows\System\nDoogid.exe
  2⤵
  PID:2064
- C:\Windows\System\tQhlcwx.exe
  C:\Windows\System\tQhlcwx.exe
  2⤵
  PID:756
- C:\Windows\System\OqheHsZ.exe
  C:\Windows\System\OqheHsZ.exe
  2⤵
  PID:1700
- C:\Windows\System\NrtiFby.exe
  C:\Windows\System\NrtiFby.exe
  2⤵
  PID:1600
- C:\Windows\System\lCvUVwI.exe
  C:\Windows\System\lCvUVwI.exe
  2⤵
  PID:2544
- C:\Windows\System\GmAFELR.exe
  C:\Windows\System\GmAFELR.exe
  2⤵
  PID:2520
- C:\Windows\System\TlZCcDf.exe
  C:\Windows\System\TlZCcDf.exe
  2⤵
  PID:1708
- C:\Windows\System\yhkFPFo.exe
  C:\Windows\System\yhkFPFo.exe
  2⤵
  PID:2780
- C:\Windows\System\pFPyAva.exe
  C:\Windows\System\pFPyAva.exe
  2⤵
  PID:2388
- C:\Windows\System\sUDXrMC.exe
  C:\Windows\System\sUDXrMC.exe
  2⤵
  PID:2628
- C:\Windows\System\GpgdfyE.exe
  C:\Windows\System\GpgdfyE.exe
  2⤵
  PID:2632
- C:\Windows\System\IxELxeo.exe
  C:\Windows\System\IxELxeo.exe
  2⤵
  PID:1528
- C:\Windows\System\hsUelIx.exe
  C:\Windows\System\hsUelIx.exe
  2⤵
  PID:2372
- C:\Windows\System\qcKZhYw.exe
  C:\Windows\System\qcKZhYw.exe
  2⤵
  PID:1704
- C:\Windows\System\ggSbuOs.exe
  C:\Windows\System\ggSbuOs.exe
  2⤵
  PID:2936
- C:\Windows\System\EdvuRGL.exe
  C:\Windows\System\EdvuRGL.exe
  2⤵
  PID:2956
- C:\Windows\System\rvxnTLI.exe
  C:\Windows\System\rvxnTLI.exe
  2⤵
  PID:2924
- C:\Windows\System\nUrsqUK.exe
  C:\Windows\System\nUrsqUK.exe
  2⤵
  PID:1444
- C:\Windows\System\gkGnTvd.exe
  C:\Windows\System\gkGnTvd.exe
  2⤵
  PID:3004
- C:\Windows\System\FclXhdb.exe
  C:\Windows\System\FclXhdb.exe
  2⤵
  PID:2276
- C:\Windows\System\PZEAepL.exe
  C:\Windows\System\PZEAepL.exe
  2⤵
  PID:2344
- C:\Windows\System\mhGvljv.exe
  C:\Windows\System\mhGvljv.exe
  2⤵
  PID:2352
- C:\Windows\System\BEMKaXq.exe
  C:\Windows\System\BEMKaXq.exe
  2⤵
  PID:1548
- C:\Windows\System\AhjEUBg.exe
  C:\Windows\System\AhjEUBg.exe
  2⤵
  PID:1424
- C:\Windows\System\PRXoIlj.exe
  C:\Windows\System\PRXoIlj.exe
  2⤵
  PID:1992
- C:\Windows\System\GRMAodJ.exe
  C:\Windows\System\GRMAodJ.exe
  2⤵
  PID:2732
- C:\Windows\System\OLtLqZn.exe
  C:\Windows\System\OLtLqZn.exe
  2⤵
  PID:1080
- C:\Windows\System\IeeHlPS.exe
  C:\Windows\System\IeeHlPS.exe
  2⤵
  PID:1004
- C:\Windows\System\gQXjLVE.exe
  C:\Windows\System\gQXjLVE.exe
  2⤵
  PID:1088
- C:\Windows\System\tDgsXsQ.exe
  C:\Windows\System\tDgsXsQ.exe
  2⤵
  PID:2056
- C:\Windows\System\czjKlZr.exe
  C:\Windows\System\czjKlZr.exe
  2⤵
  PID:1524
- C:\Windows\System\hQtUfbO.exe
  C:\Windows\System\hQtUfbO.exe
  2⤵
  PID:2624
- C:\Windows\System\qCLDSJz.exe
  C:\Windows\System\qCLDSJz.exe
  2⤵
  PID:2184
- C:\Windows\System\pkkeqWk.exe
  C:\Windows\System\pkkeqWk.exe
  2⤵
  PID:1612
- C:\Windows\System\upkozKk.exe
  C:\Windows\System\upkozKk.exe
  2⤵
  PID:2940
- C:\Windows\System\sQDdEXw.exe
  C:\Windows\System\sQDdEXw.exe
  2⤵
  PID:1056
- C:\Windows\System\XeIXIrs.exe
  C:\Windows\System\XeIXIrs.exe
  2⤵
  PID:1500
- C:\Windows\System\FrzortZ.exe
  C:\Windows\System\FrzortZ.exe
  2⤵
  PID:2280
- C:\Windows\System\pBOgMJI.exe
  C:\Windows\System\pBOgMJI.exe
  2⤵
  PID:1680
- C:\Windows\System\SHNPswh.exe
  C:\Windows\System\SHNPswh.exe
  2⤵
  PID:2440
- C:\Windows\System\EEjVcOx.exe
  C:\Windows\System\EEjVcOx.exe
  2⤵
  PID:932
- C:\Windows\System\aQynCsh.exe
  C:\Windows\System\aQynCsh.exe
  2⤵
  PID:1592
- C:\Windows\System\TQvXuiS.exe
  C:\Windows\System\TQvXuiS.exe
  2⤵
  PID:1808
- C:\Windows\System\rkJvxYU.exe
  C:\Windows\System\rkJvxYU.exe
  2⤵
  PID:2944
- C:\Windows\System\XkLHYSv.exe
  C:\Windows\System\XkLHYSv.exe
  2⤵
  PID:1780
- C:\Windows\System\hZFLbcl.exe
  C:\Windows\System\hZFLbcl.exe
  2⤵
  PID:3080
- C:\Windows\System\BZkrQzr.exe
  C:\Windows\System\BZkrQzr.exe
  2⤵
  PID:3100
- C:\Windows\System\dFFXriT.exe
  C:\Windows\System\dFFXriT.exe
  2⤵
  PID:3120
- C:\Windows\System\UcKYPFz.exe
  C:\Windows\System\UcKYPFz.exe
  2⤵
  PID:3140
- C:\Windows\System\tPyPyRY.exe
  C:\Windows\System\tPyPyRY.exe
  2⤵
  PID:3160
- C:\Windows\System\dMelpfY.exe
  C:\Windows\System\dMelpfY.exe
  2⤵
  PID:3180
- C:\Windows\System\yVoheVu.exe
  C:\Windows\System\yVoheVu.exe
  2⤵
  PID:3204
- C:\Windows\System\omGVAxK.exe
  C:\Windows\System\omGVAxK.exe
  2⤵
  PID:3224
- C:\Windows\System\tXlDRbf.exe
  C:\Windows\System\tXlDRbf.exe
  2⤵
  PID:3244
- C:\Windows\System\heRuIjJ.exe
  C:\Windows\System\heRuIjJ.exe
  2⤵
  PID:3264
- C:\Windows\System\toviTec.exe
  C:\Windows\System\toviTec.exe
  2⤵
  PID:3284
- C:\Windows\System\VNbYkiU.exe
  C:\Windows\System\VNbYkiU.exe
  2⤵
  PID:3308
- C:\Windows\System\WWTbevt.exe
  C:\Windows\System\WWTbevt.exe
  2⤵
  PID:3328
- C:\Windows\System\keyTrZn.exe
  C:\Windows\System\keyTrZn.exe
  2⤵
  PID:3348
- C:\Windows\System\HeLUAjv.exe
  C:\Windows\System\HeLUAjv.exe
  2⤵
  PID:3368
- C:\Windows\System\UzmEdue.exe
  C:\Windows\System\UzmEdue.exe
  2⤵
  PID:3388
- C:\Windows\System\mvVHYaL.exe
  C:\Windows\System\mvVHYaL.exe
  2⤵
  PID:3408
- C:\Windows\System\pmHGosH.exe
  C:\Windows\System\pmHGosH.exe
  2⤵
  PID:3428
- C:\Windows\System\wlPsNQF.exe
  C:\Windows\System\wlPsNQF.exe
  2⤵
  PID:3448
- C:\Windows\System\cwyYYUq.exe
  C:\Windows\System\cwyYYUq.exe
  2⤵
  PID:3468
- C:\Windows\System\iXkCqaa.exe
  C:\Windows\System\iXkCqaa.exe
  2⤵
  PID:3492
- C:\Windows\System\gijzYso.exe
  C:\Windows\System\gijzYso.exe
  2⤵
  PID:3520
- C:\Windows\System\JozSPpv.exe
  C:\Windows\System\JozSPpv.exe
  2⤵
  PID:3544
- C:\Windows\System\pfECcTB.exe
  C:\Windows\System\pfECcTB.exe
  2⤵
  PID:3568
- C:\Windows\System\DbdHuUE.exe
  C:\Windows\System\DbdHuUE.exe
  2⤵
  PID:3588
- C:\Windows\System\vlfZNHq.exe
  C:\Windows\System\vlfZNHq.exe
  2⤵
  PID:3608
- C:\Windows\System\MfmXxCm.exe
  C:\Windows\System\MfmXxCm.exe
  2⤵
  PID:3628
- C:\Windows\System\BIeWgMQ.exe
  C:\Windows\System\BIeWgMQ.exe
  2⤵
  PID:3652
- C:\Windows\System\lIKVlZF.exe
  C:\Windows\System\lIKVlZF.exe
  2⤵
  PID:3672
- C:\Windows\System\DcDAEiY.exe
  C:\Windows\System\DcDAEiY.exe
  2⤵
  PID:3692
- C:\Windows\System\vYWLdnw.exe
  C:\Windows\System\vYWLdnw.exe
  2⤵
  PID:3712
- C:\Windows\System\MJkEwwz.exe
  C:\Windows\System\MJkEwwz.exe
  2⤵
  PID:3732
- C:\Windows\System\MYKgMBm.exe
  C:\Windows\System\MYKgMBm.exe
  2⤵
  PID:3752
- C:\Windows\System\OQOIVmg.exe
  C:\Windows\System\OQOIVmg.exe
  2⤵
  PID:3772
- C:\Windows\System\WzCQYzJ.exe
  C:\Windows\System\WzCQYzJ.exe
  2⤵
  PID:3792
- C:\Windows\System\ZONoHMu.exe
  C:\Windows\System\ZONoHMu.exe
  2⤵
  PID:3812
- C:\Windows\System\WWzQTjr.exe
  C:\Windows\System\WWzQTjr.exe
  2⤵
  PID:3832
- C:\Windows\System\iYkbOPb.exe
  C:\Windows\System\iYkbOPb.exe
  2⤵
  PID:3856
- C:\Windows\System\TCwyypA.exe
  C:\Windows\System\TCwyypA.exe
  2⤵
  PID:3876
- C:\Windows\System\OzBhSNZ.exe
  C:\Windows\System\OzBhSNZ.exe
  2⤵
  PID:3892
- C:\Windows\System\pPhtOKH.exe
  C:\Windows\System\pPhtOKH.exe
  2⤵
  PID:3920
- C:\Windows\System\hSuJYNP.exe
  C:\Windows\System\hSuJYNP.exe
  2⤵
  PID:3940
- C:\Windows\System\doKHMst.exe
  C:\Windows\System\doKHMst.exe
  2⤵
  PID:3960
- C:\Windows\System\zYPcXkk.exe
  C:\Windows\System\zYPcXkk.exe
  2⤵
  PID:3980
- C:\Windows\System\xGeeLiy.exe
  C:\Windows\System\xGeeLiy.exe
  2⤵
  PID:4000
- C:\Windows\System\QjdtGjH.exe
  C:\Windows\System\QjdtGjH.exe
  2⤵
  PID:4020
- C:\Windows\System\qxIPApR.exe
  C:\Windows\System\qxIPApR.exe
  2⤵
  PID:4040
- C:\Windows\System\sFZjWhr.exe
  C:\Windows\System\sFZjWhr.exe
  2⤵
  PID:4060
- C:\Windows\System\JWSULvv.exe
  C:\Windows\System\JWSULvv.exe
  2⤵
  PID:4080
- C:\Windows\System\bpAFLEr.exe
  C:\Windows\System\bpAFLEr.exe
  2⤵
  PID:1532
- C:\Windows\System\FyiWDJh.exe
  C:\Windows\System\FyiWDJh.exe
  2⤵
  PID:276
- C:\Windows\System\IwgvoGn.exe
  C:\Windows\System\IwgvoGn.exe
  2⤵
  PID:1748
- C:\Windows\System\fgRrNWH.exe
  C:\Windows\System\fgRrNWH.exe
  2⤵
  PID:2572
- C:\Windows\System\mOQxqNX.exe
  C:\Windows\System\mOQxqNX.exe
  2⤵
  PID:1620
- C:\Windows\System\tluTaKL.exe
  C:\Windows\System\tluTaKL.exe
  2⤵
  PID:2788
- C:\Windows\System\PNtBzSt.exe
  C:\Windows\System\PNtBzSt.exe
  2⤵
  PID:3112
- C:\Windows\System\uXJticS.exe
  C:\Windows\System\uXJticS.exe
  2⤵
  PID:3156
- C:\Windows\System\TSGJvnK.exe
  C:\Windows\System\TSGJvnK.exe
  2⤵
  PID:3176
- C:\Windows\System\xxFIAqS.exe
  C:\Windows\System\xxFIAqS.exe
  2⤵
  PID:3240
- C:\Windows\System\USXfpAE.exe
  C:\Windows\System\USXfpAE.exe
  2⤵
  PID:3220
- C:\Windows\System\SIgywdy.exe
  C:\Windows\System\SIgywdy.exe
  2⤵
  PID:3260
- C:\Windows\System\AHGgYPo.exe
  C:\Windows\System\AHGgYPo.exe
  2⤵
  PID:3320
- C:\Windows\System\XRtjZck.exe
  C:\Windows\System\XRtjZck.exe
  2⤵
  PID:3336
- C:\Windows\System\HWpcRIB.exe
  C:\Windows\System\HWpcRIB.exe
  2⤵
  PID:3360
- C:\Windows\System\pvLqFTG.exe
  C:\Windows\System\pvLqFTG.exe
  2⤵
  PID:3404
- C:\Windows\System\ykUGcTw.exe
  C:\Windows\System\ykUGcTw.exe
  2⤵
  PID:3420
- C:\Windows\System\KuPmWzJ.exe
  C:\Windows\System\KuPmWzJ.exe
  2⤵
  PID:3464
- C:\Windows\System\EwdRvcc.exe
  C:\Windows\System\EwdRvcc.exe
  2⤵
  PID:3504
- C:\Windows\System\JaQShFU.exe
  C:\Windows\System\JaQShFU.exe
  2⤵
  PID:3536
- C:\Windows\System\ZFjxTyC.exe
  C:\Windows\System\ZFjxTyC.exe
  2⤵
  PID:3616
- C:\Windows\System\wHYHgJB.exe
  C:\Windows\System\wHYHgJB.exe
  2⤵
  PID:3600
- C:\Windows\System\haJPIVV.exe
  C:\Windows\System\haJPIVV.exe
  2⤵
  PID:3644
- C:\Windows\System\YcsITfs.exe
  C:\Windows\System\YcsITfs.exe
  2⤵
  PID:3700
- C:\Windows\System\mMYRcrN.exe
  C:\Windows\System\mMYRcrN.exe
  2⤵
  PID:3740
- C:\Windows\System\HIzgRvD.exe
  C:\Windows\System\HIzgRvD.exe
  2⤵
  PID:3744
- C:\Windows\System\CYgCBRz.exe
  C:\Windows\System\CYgCBRz.exe
  2⤵
  PID:3764
- C:\Windows\System\AywOugS.exe
  C:\Windows\System\AywOugS.exe
  2⤵
  PID:3808
- C:\Windows\System\WGaUJTo.exe
  C:\Windows\System\WGaUJTo.exe
  2⤵
  PID:3844
- C:\Windows\System\cPQzKvl.exe
  C:\Windows\System\cPQzKvl.exe
  2⤵
  PID:3908
- C:\Windows\System\hVpfyEz.exe
  C:\Windows\System\hVpfyEz.exe
  2⤵
  PID:3928
- C:\Windows\System\gHOUDwk.exe
  C:\Windows\System\gHOUDwk.exe
  2⤵
  PID:3952
- C:\Windows\System\yLDKLzn.exe
  C:\Windows\System\yLDKLzn.exe
  2⤵
  PID:3972
- C:\Windows\System\XisSRux.exe
  C:\Windows\System\XisSRux.exe
  2⤵
  PID:4008
- C:\Windows\System\MIdEOkm.exe
  C:\Windows\System\MIdEOkm.exe
  2⤵
  PID:4068
- C:\Windows\System\xkPlLZI.exe
  C:\Windows\System\xkPlLZI.exe
  2⤵
  PID:2208
- C:\Windows\System\GNtNuuk.exe
  C:\Windows\System\GNtNuuk.exe
  2⤵
  PID:1760
- C:\Windows\System\OwKqOej.exe
  C:\Windows\System\OwKqOej.exe
  2⤵
  PID:2912
- C:\Windows\System\EVZmoKr.exe
  C:\Windows\System\EVZmoKr.exe
  2⤵
  PID:2132
- C:\Windows\System\VEkKhzr.exe
  C:\Windows\System\VEkKhzr.exe
  2⤵
  PID:3108
- C:\Windows\System\FnkaKzn.exe
  C:\Windows\System\FnkaKzn.exe
  2⤵
  PID:3116
- C:\Windows\System\vuIsjOa.exe
  C:\Windows\System\vuIsjOa.exe
  2⤵
  PID:3200
- C:\Windows\System\RTSCLeU.exe
  C:\Windows\System\RTSCLeU.exe
  2⤵
  PID:3252
- C:\Windows\System\cOsmrYq.exe
  C:\Windows\System\cOsmrYq.exe
  2⤵
  PID:3256
- C:\Windows\System\AHqHzEf.exe
  C:\Windows\System\AHqHzEf.exe
  2⤵
  PID:3396
- C:\Windows\System\RjKLEWT.exe
  C:\Windows\System\RjKLEWT.exe
  2⤵
  PID:3436
- C:\Windows\System\lsgMTYX.exe
  C:\Windows\System\lsgMTYX.exe
  2⤵
  PID:3508
- C:\Windows\System\LkuQRbq.exe
  C:\Windows\System\LkuQRbq.exe
  2⤵
  PID:3540
- C:\Windows\System\ipxcIOa.exe
  C:\Windows\System\ipxcIOa.exe
  2⤵
  PID:3604
- C:\Windows\System\FmkFzck.exe
  C:\Windows\System\FmkFzck.exe
  2⤵
  PID:3620
- C:\Windows\System\YAqqWCP.exe
  C:\Windows\System\YAqqWCP.exe
  2⤵
  PID:3688
- C:\Windows\System\reTHtdW.exe
  C:\Windows\System\reTHtdW.exe
  2⤵
  PID:3768
- C:\Windows\System\RnvsDZR.exe
  C:\Windows\System\RnvsDZR.exe
  2⤵
  PID:3800
- C:\Windows\System\ZfBzVKA.exe
  C:\Windows\System\ZfBzVKA.exe
  2⤵
  PID:3852
- C:\Windows\System\HlwojZF.exe
  C:\Windows\System\HlwojZF.exe
  2⤵
  PID:3932
- C:\Windows\System\EYxAFXi.exe
  C:\Windows\System\EYxAFXi.exe
  2⤵
  PID:4104
- C:\Windows\System\vRHmDbm.exe
  C:\Windows\System\vRHmDbm.exe
  2⤵
  PID:4120
- C:\Windows\System\YxwRcWa.exe
  C:\Windows\System\YxwRcWa.exe
  2⤵
  PID:4144
- C:\Windows\System\kYtMRbE.exe
  C:\Windows\System\kYtMRbE.exe
  2⤵
  PID:4164
- C:\Windows\System\LcevCfd.exe
  C:\Windows\System\LcevCfd.exe
  2⤵
  PID:4184
- C:\Windows\System\OmeMkOa.exe
  C:\Windows\System\OmeMkOa.exe
  2⤵
  PID:4204
- C:\Windows\System\pEMqJpX.exe
  C:\Windows\System\pEMqJpX.exe
  2⤵
  PID:4224
- C:\Windows\System\jreRqtf.exe
  C:\Windows\System\jreRqtf.exe
  2⤵
  PID:4244
- C:\Windows\System\mTJRhcQ.exe
  C:\Windows\System\mTJRhcQ.exe
  2⤵
  PID:4264
- C:\Windows\System\TZACKuk.exe
  C:\Windows\System\TZACKuk.exe
  2⤵
  PID:4288
- C:\Windows\System\DivarDN.exe
  C:\Windows\System\DivarDN.exe
  2⤵
  PID:4308
- C:\Windows\System\XixYNZW.exe
  C:\Windows\System\XixYNZW.exe
  2⤵
  PID:4328
- C:\Windows\System\ImpGsuw.exe
  C:\Windows\System\ImpGsuw.exe
  2⤵
  PID:4348
- C:\Windows\System\KzKzgBO.exe
  C:\Windows\System\KzKzgBO.exe
  2⤵
  PID:4368
- C:\Windows\System\JFOCDHA.exe
  C:\Windows\System\JFOCDHA.exe
  2⤵
  PID:4388
- C:\Windows\System\kmNjSxA.exe
  C:\Windows\System\kmNjSxA.exe
  2⤵
  PID:4408
- C:\Windows\System\gwoyjsn.exe
  C:\Windows\System\gwoyjsn.exe
  2⤵
  PID:4428
- C:\Windows\System\utdmBMJ.exe
  C:\Windows\System\utdmBMJ.exe
  2⤵
  PID:4448
- C:\Windows\System\maslYds.exe
  C:\Windows\System\maslYds.exe
  2⤵
  PID:4468
- C:\Windows\System\nZkCBjO.exe
  C:\Windows\System\nZkCBjO.exe
  2⤵
  PID:4488
- C:\Windows\System\LRSsCEf.exe
  C:\Windows\System\LRSsCEf.exe
  2⤵
  PID:4508
- C:\Windows\System\FuqxIFF.exe
  C:\Windows\System\FuqxIFF.exe
  2⤵
  PID:4528
- C:\Windows\System\EGHMaqH.exe
  C:\Windows\System\EGHMaqH.exe
  2⤵
  PID:4548
- C:\Windows\System\JWRHWCH.exe
  C:\Windows\System\JWRHWCH.exe
  2⤵
  PID:4568
- C:\Windows\System\dBbihdW.exe
  C:\Windows\System\dBbihdW.exe
  2⤵
  PID:4588
- C:\Windows\System\NMPzzWu.exe
  C:\Windows\System\NMPzzWu.exe
  2⤵
  PID:4608
- C:\Windows\System\coxMSXM.exe
  C:\Windows\System\coxMSXM.exe
  2⤵
  PID:4628
- C:\Windows\System\pwRrkxl.exe
  C:\Windows\System\pwRrkxl.exe
  2⤵
  PID:4648
- C:\Windows\System\TfynhNB.exe
  C:\Windows\System\TfynhNB.exe
  2⤵
  PID:4672
- C:\Windows\System\ZFMyLGc.exe
  C:\Windows\System\ZFMyLGc.exe
  2⤵
  PID:4692
- C:\Windows\System\SkqeUYC.exe
  C:\Windows\System\SkqeUYC.exe
  2⤵
  PID:4712
- C:\Windows\System\tgwspVN.exe
  C:\Windows\System\tgwspVN.exe
  2⤵
  PID:4732
- C:\Windows\System\fCYVwFc.exe
  C:\Windows\System\fCYVwFc.exe
  2⤵
  PID:4752
- C:\Windows\System\xgHaZuj.exe
  C:\Windows\System\xgHaZuj.exe
  2⤵
  PID:4772
- C:\Windows\System\UaHpkHP.exe
  C:\Windows\System\UaHpkHP.exe
  2⤵
  PID:4792
- C:\Windows\System\erOZEWs.exe
  C:\Windows\System\erOZEWs.exe
  2⤵
  PID:4812
- C:\Windows\System\ZkwolYZ.exe
  C:\Windows\System\ZkwolYZ.exe
  2⤵
  PID:4832
- C:\Windows\System\QBjNwfx.exe
  C:\Windows\System\QBjNwfx.exe
  2⤵
  PID:4848
- C:\Windows\System\woqYyqH.exe
  C:\Windows\System\woqYyqH.exe
  2⤵
  PID:4872
- C:\Windows\System\lAYZcFe.exe
  C:\Windows\System\lAYZcFe.exe
  2⤵
  PID:4888
- C:\Windows\System\yjQVcgJ.exe
  C:\Windows\System\yjQVcgJ.exe
  2⤵
  PID:4912
- C:\Windows\System\mqqxRlc.exe
  C:\Windows\System\mqqxRlc.exe
  2⤵
  PID:4932
- C:\Windows\System\hxkUGfR.exe
  C:\Windows\System\hxkUGfR.exe
  2⤵
  PID:4952
- C:\Windows\System\JwZKulZ.exe
  C:\Windows\System\JwZKulZ.exe
  2⤵
  PID:4972
- C:\Windows\System\eyosxub.exe
  C:\Windows\System\eyosxub.exe
  2⤵
  PID:4992
- C:\Windows\System\VjNnvVi.exe
  C:\Windows\System\VjNnvVi.exe
  2⤵
  PID:5012
- C:\Windows\System\fMHHIzu.exe
  C:\Windows\System\fMHHIzu.exe
  2⤵
  PID:5032
- C:\Windows\System\UNwwvBi.exe
  C:\Windows\System\UNwwvBi.exe
  2⤵
  PID:5056
- C:\Windows\System\fQYhLgl.exe
  C:\Windows\System\fQYhLgl.exe
  2⤵
  PID:5076
- C:\Windows\System\KXVtieY.exe
  C:\Windows\System\KXVtieY.exe
  2⤵
  PID:5096
- C:\Windows\System\pUZHBiu.exe
  C:\Windows\System\pUZHBiu.exe
  2⤵
  PID:5116
- C:\Windows\System\QpEPDKs.exe
  C:\Windows\System\QpEPDKs.exe
  2⤵
  PID:3976
- C:\Windows\System\xCNdBUc.exe
  C:\Windows\System\xCNdBUc.exe
  2⤵
  PID:4048
- C:\Windows\System\ttzSnzV.exe
  C:\Windows\System\ttzSnzV.exe
  2⤵
  PID:536
- C:\Windows\System\UGClMHW.exe
  C:\Windows\System\UGClMHW.exe
  2⤵
  PID:1020
- C:\Windows\System\kQWDngg.exe
  C:\Windows\System\kQWDngg.exe
  2⤵
  PID:1948
- C:\Windows\System\NfJARou.exe
  C:\Windows\System\NfJARou.exe
  2⤵
  PID:3212
- C:\Windows\System\wwsjMFc.exe
  C:\Windows\System\wwsjMFc.exe
  2⤵
  PID:3532
- C:\Windows\System\zjdkLAL.exe
  C:\Windows\System\zjdkLAL.exe
  2⤵
  PID:3384
- C:\Windows\System\qWBsaiq.exe
  C:\Windows\System\qWBsaiq.exe
  2⤵
  PID:3488
- C:\Windows\System\xEjEWGd.exe
  C:\Windows\System\xEjEWGd.exe
  2⤵
  PID:3660
- C:\Windows\System\jVrxvpm.exe
  C:\Windows\System\jVrxvpm.exe
  2⤵
  PID:3784
- C:\Windows\System\jEHkuVf.exe
  C:\Windows\System\jEHkuVf.exe
  2⤵
  PID:3552
- C:\Windows\System\OaCHvBR.exe
  C:\Windows\System\OaCHvBR.exe
  2⤵
  PID:3828
- C:\Windows\System\zlmErJD.exe
  C:\Windows\System\zlmErJD.exe
  2⤵
  PID:3956
- C:\Windows\System\zOQHKwu.exe
  C:\Windows\System\zOQHKwu.exe
  2⤵
  PID:4112
- C:\Windows\System\lYMxIwx.exe
  C:\Windows\System\lYMxIwx.exe
  2⤵
  PID:4180
- C:\Windows\System\NbcNJZE.exe
  C:\Windows\System\NbcNJZE.exe
  2⤵
  PID:4192
- C:\Windows\System\aESWaLc.exe
  C:\Windows\System\aESWaLc.exe
  2⤵
  PID:4196
- C:\Windows\System\cSnAICE.exe
  C:\Windows\System\cSnAICE.exe
  2⤵
  PID:4240
- C:\Windows\System\jPoTMGJ.exe
  C:\Windows\System\jPoTMGJ.exe
  2⤵
  PID:4272
- C:\Windows\System\nfmnRFc.exe
  C:\Windows\System\nfmnRFc.exe
  2⤵
  PID:4344
- C:\Windows\System\GtOXlvU.exe
  C:\Windows\System\GtOXlvU.exe
  2⤵
  PID:4376
- C:\Windows\System\yivjYwh.exe
  C:\Windows\System\yivjYwh.exe
  2⤵
  PID:4360
- C:\Windows\System\zkbEUEK.exe
  C:\Windows\System\zkbEUEK.exe
  2⤵
  PID:4416
- C:\Windows\System\lQsVIFd.exe
  C:\Windows\System\lQsVIFd.exe
  2⤵
  PID:4436
- C:\Windows\System\WhIDcWO.exe
  C:\Windows\System\WhIDcWO.exe
  2⤵
  PID:4496
- C:\Windows\System\GPoJcnr.exe
  C:\Windows\System\GPoJcnr.exe
  2⤵
  PID:4516
- C:\Windows\System\WRTplex.exe
  C:\Windows\System\WRTplex.exe
  2⤵
  PID:4668
- C:\Windows\System\AtIvGMr.exe
  C:\Windows\System\AtIvGMr.exe
  2⤵
  PID:4580
- C:\Windows\System\zAgcCJr.exe
  C:\Windows\System\zAgcCJr.exe
  2⤵
  PID:4600
- C:\Windows\System\khkkwtl.exe
  C:\Windows\System\khkkwtl.exe
  2⤵
  PID:4664
- C:\Windows\System\Ngbnpar.exe
  C:\Windows\System\Ngbnpar.exe
  2⤵
  PID:4680
- C:\Windows\System\nCqVqAz.exe
  C:\Windows\System\nCqVqAz.exe
  2⤵
  PID:4688
- C:\Windows\System\jDyJEnq.exe
  C:\Windows\System\jDyJEnq.exe
  2⤵
  PID:4744
- C:\Windows\System\mgYPCFA.exe
  C:\Windows\System\mgYPCFA.exe
  2⤵
  PID:4764
- C:\Windows\System\NXSWClF.exe
  C:\Windows\System\NXSWClF.exe
  2⤵
  PID:4808
- C:\Windows\System\ZvFxsnv.exe
  C:\Windows\System\ZvFxsnv.exe
  2⤵
  PID:4856
- C:\Windows\System\OGzvMcd.exe
  C:\Windows\System\OGzvMcd.exe
  2⤵
  PID:4840
- C:\Windows\System\vKdvzBt.exe
  C:\Windows\System\vKdvzBt.exe
  2⤵
  PID:4900
- C:\Windows\System\hsegpfJ.exe
  C:\Windows\System\hsegpfJ.exe
  2⤵
  PID:4948
- C:\Windows\System\ZIuqcsk.exe
  C:\Windows\System\ZIuqcsk.exe
  2⤵
  PID:4960
- C:\Windows\System\XxyzBxX.exe
  C:\Windows\System\XxyzBxX.exe
  2⤵
  PID:4984
- C:\Windows\System\yibkeZw.exe
  C:\Windows\System\yibkeZw.exe
  2⤵
  PID:5004
- C:\Windows\System\PtANvIL.exe
  C:\Windows\System\PtANvIL.exe
  2⤵
  PID:5044
- C:\Windows\System\LLucqxe.exe
  C:\Windows\System\LLucqxe.exe
  2⤵
  PID:5112
- C:\Windows\System\CzKruMP.exe
  C:\Windows\System\CzKruMP.exe
  2⤵
  PID:4072
- C:\Windows\System\aeVZuFl.exe
  C:\Windows\System\aeVZuFl.exe
  2⤵
  PID:4012
- C:\Windows\System\ymRwezQ.exe
  C:\Windows\System\ymRwezQ.exe
  2⤵
  PID:3092
- C:\Windows\System\PWGVNYV.exe
  C:\Windows\System\PWGVNYV.exe
  2⤵
  PID:3188
- C:\Windows\System\TzEsQhV.exe
  C:\Windows\System\TzEsQhV.exe
  2⤵
  PID:928
- C:\Windows\System\WYeXRwo.exe
  C:\Windows\System\WYeXRwo.exe
  2⤵
  PID:3456
- C:\Windows\System\dRmoINk.exe
  C:\Windows\System\dRmoINk.exe
  2⤵
  PID:3580
- C:\Windows\System\OsdatvS.exe
  C:\Windows\System\OsdatvS.exe
  2⤵
  PID:3824
- C:\Windows\System\NarHHFl.exe
  C:\Windows\System\NarHHFl.exe
  2⤵
  PID:3868
- C:\Windows\System\LOJvMiT.exe
  C:\Windows\System\LOJvMiT.exe
  2⤵
  PID:2324
- C:\Windows\System\MVEgOkX.exe
  C:\Windows\System\MVEgOkX.exe
  2⤵
  PID:4216
- C:\Windows\System\lLSfMoT.exe
  C:\Windows\System\lLSfMoT.exe
  2⤵
  PID:4260
- C:\Windows\System\yShBOQf.exe
  C:\Windows\System\yShBOQf.exe
  2⤵
  PID:4296
- C:\Windows\System\vRuaaln.exe
  C:\Windows\System\vRuaaln.exe
  2⤵
  PID:4300
- C:\Windows\System\gfZAbrR.exe
  C:\Windows\System\gfZAbrR.exe
  2⤵
  PID:4396
- C:\Windows\System\HLDyzIi.exe
  C:\Windows\System\HLDyzIi.exe
  2⤵
  PID:4420
- C:\Windows\System\uAQRDPf.exe
  C:\Windows\System\uAQRDPf.exe
  2⤵
  PID:4524
- C:\Windows\System\lAdvPVn.exe
  C:\Windows\System\lAdvPVn.exe
  2⤵
  PID:4520
- C:\Windows\System\FKJpbyg.exe
  C:\Windows\System\FKJpbyg.exe
  2⤵
  PID:4604
- C:\Windows\System\wuCVGcP.exe
  C:\Windows\System\wuCVGcP.exe
  2⤵
  PID:4656
- C:\Windows\System\cwtPQro.exe
  C:\Windows\System\cwtPQro.exe
  2⤵
  PID:4740
- C:\Windows\System\WDpimDX.exe
  C:\Windows\System\WDpimDX.exe
  2⤵
  PID:4768
- C:\Windows\System\CYEnDlj.exe
  C:\Windows\System\CYEnDlj.exe
  2⤵
  PID:4868
- C:\Windows\System\dqfEKjW.exe
  C:\Windows\System\dqfEKjW.exe
  2⤵
  PID:4864
- C:\Windows\System\rysBGmx.exe
  C:\Windows\System\rysBGmx.exe
  2⤵
  PID:4940
- C:\Windows\System\VJNwcrU.exe
  C:\Windows\System\VJNwcrU.exe
  2⤵
  PID:4924
- C:\Windows\System\TuuVmcI.exe
  C:\Windows\System\TuuVmcI.exe
  2⤵
  PID:5008
- C:\Windows\System\lLwLRIZ.exe
  C:\Windows\System\lLwLRIZ.exe
  2⤵
  PID:5104
- C:\Windows\System\OvhzMwy.exe
  C:\Windows\System\OvhzMwy.exe
  2⤵
  PID:4032
- C:\Windows\System\lHcXsay.exe
  C:\Windows\System\lHcXsay.exe
  2⤵
  PID:3848
- C:\Windows\System\lRuCtSB.exe
  C:\Windows\System\lRuCtSB.exe
  2⤵
  PID:3096
- C:\Windows\System\bksgYIf.exe
  C:\Windows\System\bksgYIf.exe
  2⤵
  PID:2840
- C:\Windows\System\rikAiFk.exe
  C:\Windows\System\rikAiFk.exe
  2⤵
  PID:3724
- C:\Windows\System\hZDOxNX.exe
  C:\Windows\System\hZDOxNX.exe
  2⤵
  PID:3728
- C:\Windows\System\ZUQvcex.exe
  C:\Windows\System\ZUQvcex.exe
  2⤵
  PID:4136
- C:\Windows\System\qtsfbcm.exe
  C:\Windows\System\qtsfbcm.exe
  2⤵
  PID:4160
- C:\Windows\System\IalnxbY.exe
  C:\Windows\System\IalnxbY.exe
  2⤵
  PID:4276
- C:\Windows\System\KAvELgJ.exe
  C:\Windows\System\KAvELgJ.exe
  2⤵
  PID:4364
- C:\Windows\System\aNygBZV.exe
  C:\Windows\System\aNygBZV.exe
  2⤵
  PID:4480
- C:\Windows\System\SUJrsoX.exe
  C:\Windows\System\SUJrsoX.exe
  2⤵
  PID:4584
- C:\Windows\System\OavpLLI.exe
  C:\Windows\System\OavpLLI.exe
  2⤵
  PID:4720
- C:\Windows\System\HJBeTdA.exe
  C:\Windows\System\HJBeTdA.exe
  2⤵
  PID:4708
- C:\Windows\System\qPWqREM.exe
  C:\Windows\System\qPWqREM.exe
  2⤵
  PID:5132
- C:\Windows\System\cRMXSzD.exe
  C:\Windows\System\cRMXSzD.exe
  2⤵
  PID:5148
- C:\Windows\System\jCOIkRY.exe
  C:\Windows\System\jCOIkRY.exe
  2⤵
  PID:5172
- C:\Windows\System\PHjNWbY.exe
  C:\Windows\System\PHjNWbY.exe
  2⤵
  PID:5192
- C:\Windows\System\nMxpeyN.exe
  C:\Windows\System\nMxpeyN.exe
  2⤵
  PID:5216
- C:\Windows\System\xOyRGqE.exe
  C:\Windows\System\xOyRGqE.exe
  2⤵
  PID:5236
- C:\Windows\System\VsFazAN.exe
  C:\Windows\System\VsFazAN.exe
  2⤵
  PID:5256
- C:\Windows\System\kbNmDKO.exe
  C:\Windows\System\kbNmDKO.exe
  2⤵
  PID:5276
- C:\Windows\System\WTZhpAj.exe
  C:\Windows\System\WTZhpAj.exe
  2⤵
  PID:5296
- C:\Windows\System\HUBluSr.exe
  C:\Windows\System\HUBluSr.exe
  2⤵
  PID:5316
- C:\Windows\System\NDGMDaO.exe
  C:\Windows\System\NDGMDaO.exe
  2⤵
  PID:5336
- C:\Windows\System\veKxumn.exe
  C:\Windows\System\veKxumn.exe
  2⤵
  PID:5356
- C:\Windows\System\traIMLm.exe
  C:\Windows\System\traIMLm.exe
  2⤵
  PID:5376
- C:\Windows\System\rykehQj.exe
  C:\Windows\System\rykehQj.exe
  2⤵
  PID:5396
- C:\Windows\System\afRYsJQ.exe
  C:\Windows\System\afRYsJQ.exe
  2⤵
  PID:5416
- C:\Windows\System\itJirvx.exe
  C:\Windows\System\itJirvx.exe
  2⤵
  PID:5436
- C:\Windows\System\UtFHpLm.exe
  C:\Windows\System\UtFHpLm.exe
  2⤵
  PID:5456
- C:\Windows\System\ivQtesu.exe
  C:\Windows\System\ivQtesu.exe
  2⤵
  PID:5472
- C:\Windows\System\deaOAEa.exe
  C:\Windows\System\deaOAEa.exe
  2⤵
  PID:5496
- C:\Windows\System\iWvqaFc.exe
  C:\Windows\System\iWvqaFc.exe
  2⤵
  PID:5516
- C:\Windows\System\GdExDBL.exe
  C:\Windows\System\GdExDBL.exe
  2⤵
  PID:5536
- C:\Windows\System\AYHmmQI.exe
  C:\Windows\System\AYHmmQI.exe
  2⤵
  PID:5556
- C:\Windows\System\prgOzYe.exe
  C:\Windows\System\prgOzYe.exe
  2⤵
  PID:5576
- C:\Windows\System\NWeLzop.exe
  C:\Windows\System\NWeLzop.exe
  2⤵
  PID:5600
- C:\Windows\System\yLiaQCn.exe
  C:\Windows\System\yLiaQCn.exe
  2⤵
  PID:5620
- C:\Windows\System\ssWJsMl.exe
  C:\Windows\System\ssWJsMl.exe
  2⤵
  PID:5636
- C:\Windows\System\wziHEMK.exe
  C:\Windows\System\wziHEMK.exe
  2⤵
  PID:5660
- C:\Windows\System\knlCljv.exe
  C:\Windows\System\knlCljv.exe
  2⤵
  PID:5680
- C:\Windows\System\CZSCsnk.exe
  C:\Windows\System\CZSCsnk.exe
  2⤵
  PID:5700
- C:\Windows\System\ePeVvXr.exe
  C:\Windows\System\ePeVvXr.exe
  2⤵
  PID:5720
- C:\Windows\System\XlHpIgx.exe
  C:\Windows\System\XlHpIgx.exe
  2⤵
  PID:5740
- C:\Windows\System\XcPnGkW.exe
  C:\Windows\System\XcPnGkW.exe
  2⤵
  PID:5760
- C:\Windows\System\ZTyGbhK.exe
  C:\Windows\System\ZTyGbhK.exe
  2⤵
  PID:5780
- C:\Windows\System\ayxKcpk.exe
  C:\Windows\System\ayxKcpk.exe
  2⤵
  PID:5800
- C:\Windows\System\oUUUMNJ.exe
  C:\Windows\System\oUUUMNJ.exe
  2⤵
  PID:5820
- C:\Windows\System\KrUNvIL.exe
  C:\Windows\System\KrUNvIL.exe
  2⤵
  PID:5840
- C:\Windows\System\trnTVEv.exe
  C:\Windows\System\trnTVEv.exe
  2⤵
  PID:5860
- C:\Windows\System\HyNRbqo.exe
  C:\Windows\System\HyNRbqo.exe
  2⤵
  PID:5880
- C:\Windows\System\MbKOljP.exe
  C:\Windows\System\MbKOljP.exe
  2⤵
  PID:5900
- C:\Windows\System\ivMMkcP.exe
  C:\Windows\System\ivMMkcP.exe
  2⤵
  PID:5920
- C:\Windows\System\TvNaKBO.exe
  C:\Windows\System\TvNaKBO.exe
  2⤵
  PID:5940
- C:\Windows\System\IjeXiPA.exe
  C:\Windows\System\IjeXiPA.exe
  2⤵
  PID:5960
- C:\Windows\System\hzhkCmk.exe
  C:\Windows\System\hzhkCmk.exe
  2⤵
  PID:5984
- C:\Windows\System\cswrjqT.exe
  C:\Windows\System\cswrjqT.exe
  2⤵
  PID:6004
- C:\Windows\System\JqWhwBU.exe
  C:\Windows\System\JqWhwBU.exe
  2⤵
  PID:6024
- C:\Windows\System\EeQweeu.exe
  C:\Windows\System\EeQweeu.exe
  2⤵
  PID:6040
- C:\Windows\System\SxwHOxj.exe
  C:\Windows\System\SxwHOxj.exe
  2⤵
  PID:6064
- C:\Windows\System\zLeAnlB.exe
  C:\Windows\System\zLeAnlB.exe
  2⤵
  PID:6084
- C:\Windows\System\JCNlanv.exe
  C:\Windows\System\JCNlanv.exe
  2⤵
  PID:6104
- C:\Windows\System\MQpjePn.exe
  C:\Windows\System\MQpjePn.exe
  2⤵
  PID:6120
- C:\Windows\System\aMqNWpv.exe
  C:\Windows\System\aMqNWpv.exe
  2⤵
  PID:4788
- C:\Windows\System\AJuGcxN.exe
  C:\Windows\System\AJuGcxN.exe
  2⤵
  PID:4828
- C:\Windows\System\nJuUDxH.exe
  C:\Windows\System\nJuUDxH.exe
  2⤵
  PID:4884
- C:\Windows\System\OjkbVjB.exe
  C:\Windows\System\OjkbVjB.exe
  2⤵
  PID:4988
- C:\Windows\System\yfjtwOs.exe
  C:\Windows\System\yfjtwOs.exe
  2⤵
  PID:5068
- C:\Windows\System\ylSvkJq.exe
  C:\Windows\System\ylSvkJq.exe
  2⤵
  PID:2828
- C:\Windows\System\auHdRLi.exe
  C:\Windows\System\auHdRLi.exe
  2⤵
  PID:4928
- C:\Windows\System\fjttQcI.exe
  C:\Windows\System\fjttQcI.exe
  2⤵
  PID:3064
- C:\Windows\System\XmfYZXq.exe
  C:\Windows\System\XmfYZXq.exe
  2⤵
  PID:4212
- C:\Windows\System\UbXJLgG.exe
  C:\Windows\System\UbXJLgG.exe
  2⤵
  PID:4256
- C:\Windows\System\ZzFmtVU.exe
  C:\Windows\System\ZzFmtVU.exe
  2⤵
  PID:4456
- C:\Windows\System\zDvdMii.exe
  C:\Windows\System\zDvdMii.exe
  2⤵
  PID:4644
- C:\Windows\System\DOeozNH.exe
  C:\Windows\System\DOeozNH.exe
  2⤵
  PID:5212
- C:\Windows\System\RGKTaih.exe
  C:\Windows\System\RGKTaih.exe
  2⤵
  PID:4624
- C:\Windows\System\CXAyttM.exe
  C:\Windows\System\CXAyttM.exe
  2⤵
  PID:5140
- C:\Windows\System\zOVCJnP.exe
  C:\Windows\System\zOVCJnP.exe
  2⤵
  PID:5200
- C:\Windows\System\dgvKMco.exe
  C:\Windows\System\dgvKMco.exe
  2⤵
  PID:5244
- C:\Windows\System\IfYgmsg.exe
  C:\Windows\System\IfYgmsg.exe
  2⤵
  PID:5232
- C:\Windows\System\cbweVQA.exe
  C:\Windows\System\cbweVQA.exe
  2⤵
  PID:5288
- C:\Windows\System\BcbOmEm.exe
  C:\Windows\System\BcbOmEm.exe
  2⤵
  PID:5268
- C:\Windows\System\frMVahv.exe
  C:\Windows\System\frMVahv.exe
  2⤵
  PID:5344
- C:\Windows\System\iHxyiWd.exe
  C:\Windows\System\iHxyiWd.exe
  2⤵
  PID:5368
- C:\Windows\System\dRSBhFd.exe
  C:\Windows\System\dRSBhFd.exe
  2⤵
  PID:5412
- C:\Windows\System\YJdmsCP.exe
  C:\Windows\System\YJdmsCP.exe
  2⤵
  PID:5452
- C:\Windows\System\ChJOSNO.exe
  C:\Windows\System\ChJOSNO.exe
  2⤵
  PID:5484
- C:\Windows\System\grxIcli.exe
  C:\Windows\System\grxIcli.exe
  2⤵
  PID:5488
- C:\Windows\System\yTYjstC.exe
  C:\Windows\System\yTYjstC.exe
  2⤵
  PID:5532
- C:\Windows\System\PGupHEp.exe
  C:\Windows\System\PGupHEp.exe
  2⤵
  PID:5568
- C:\Windows\System\zEEOnTF.exe
  C:\Windows\System\zEEOnTF.exe
  2⤵
  PID:5596
- C:\Windows\System\XDOjGFn.exe
  C:\Windows\System\XDOjGFn.exe
  2⤵
  PID:5644
- C:\Windows\System\NpcJZaZ.exe
  C:\Windows\System\NpcJZaZ.exe
  2⤵
  PID:5628
- C:\Windows\System\rCbFtmM.exe
  C:\Windows\System\rCbFtmM.exe
  2⤵
  PID:5692
- C:\Windows\System\dohskWO.exe
  C:\Windows\System\dohskWO.exe
  2⤵
  PID:5736
- C:\Windows\System\vxLpRCr.exe
  C:\Windows\System\vxLpRCr.exe
  2⤵
  PID:5716
- C:\Windows\System\oNkaRkt.exe
  C:\Windows\System\oNkaRkt.exe
  2⤵
  PID:5908
- C:\Windows\System\qWLbbXT.exe
  C:\Windows\System\qWLbbXT.exe
  2⤵
  PID:5992
- C:\Windows\System\hQcJpjU.exe
  C:\Windows\System\hQcJpjU.exe
  2⤵
  PID:6060
- C:\Windows\System\bjSYYqG.exe
  C:\Windows\System\bjSYYqG.exe
  2⤵
  PID:6052
- C:\Windows\System\dlfzzly.exe
  C:\Windows\System\dlfzzly.exe
  2⤵
  PID:2136
- C:\Windows\System\uyMRGZd.exe
  C:\Windows\System\uyMRGZd.exe
  2⤵
  PID:6140
- C:\Windows\System\imwFEMk.exe
  C:\Windows\System\imwFEMk.exe
  2⤵
  PID:6112
- C:\Windows\System\HlORDfh.exe
  C:\Windows\System\HlORDfh.exe
  2⤵
  PID:2128
- C:\Windows\System\bUfETuH.exe
  C:\Windows\System\bUfETuH.exe
  2⤵
  PID:5052
- C:\Windows\System\AyufMQt.exe
  C:\Windows\System\AyufMQt.exe
  2⤵
  PID:2148
- C:\Windows\System\mDUwzhP.exe
  C:\Windows\System\mDUwzhP.exe
  2⤵
  PID:3884
- C:\Windows\System\JvkmBxL.exe
  C:\Windows\System\JvkmBxL.exe
  2⤵
  PID:3668
- C:\Windows\System\xjEYQRS.exe
  C:\Windows\System\xjEYQRS.exe
  2⤵
  PID:4232
- C:\Windows\System\PpktXkI.exe
  C:\Windows\System\PpktXkI.exe
  2⤵
  PID:4724
- C:\Windows\System\LLDCqtX.exe
  C:\Windows\System\LLDCqtX.exe
  2⤵
  PID:5124
- C:\Windows\System\QdXBmkv.exe
  C:\Windows\System\QdXBmkv.exe
  2⤵
  PID:4640
- C:\Windows\System\eaPetuf.exe
  C:\Windows\System\eaPetuf.exe
  2⤵
  PID:2540
- C:\Windows\System\aDycvLi.exe
  C:\Windows\System\aDycvLi.exe
  2⤵
  PID:5224
- C:\Windows\System\eXdEqMi.exe
  C:\Windows\System\eXdEqMi.exe
  2⤵
  PID:5328
- C:\Windows\System\BLCsFWg.exe
  C:\Windows\System\BLCsFWg.exe
  2⤵
  PID:3024
- C:\Windows\System\XhLNoYK.exe
  C:\Windows\System\XhLNoYK.exe
  2⤵
  PID:5392
- C:\Windows\System\NUjOZkh.exe
  C:\Windows\System\NUjOZkh.exe
  2⤵
  PID:5428
- C:\Windows\System\MXbnFYJ.exe
  C:\Windows\System\MXbnFYJ.exe
  2⤵
  PID:5468
- C:\Windows\System\lFcdruT.exe
  C:\Windows\System\lFcdruT.exe
  2⤵
  PID:5572
- C:\Windows\System\ckWQvPo.exe
  C:\Windows\System\ckWQvPo.exe
  2⤵
  PID:5528
- C:\Windows\System\BXznNMm.exe
  C:\Windows\System\BXznNMm.exe
  2⤵
  PID:1264
- C:\Windows\System\xnhdwCY.exe
  C:\Windows\System\xnhdwCY.exe
  2⤵
  PID:5688
- C:\Windows\System\vTlPnDr.exe
  C:\Windows\System\vTlPnDr.exe
  2⤵
  PID:5748
- C:\Windows\System\REcwCzm.exe
  C:\Windows\System\REcwCzm.exe
  2⤵
  PID:2200
- C:\Windows\System\TAbPtwI.exe
  C:\Windows\System\TAbPtwI.exe
  2⤵
  PID:1968
- C:\Windows\System\XTjasBi.exe
  C:\Windows\System\XTjasBi.exe
  2⤵
  PID:5828
- C:\Windows\System\XCeFFFg.exe
  C:\Windows\System\XCeFFFg.exe
  2⤵
  PID:5852
- C:\Windows\System\BJbnapL.exe
  C:\Windows\System\BJbnapL.exe
  2⤵
  PID:5868
- C:\Windows\System\whYdaaV.exe
  C:\Windows\System\whYdaaV.exe
  2⤵
  PID:2848
- C:\Windows\System\lnnTkhk.exe
  C:\Windows\System\lnnTkhk.exe
  2⤵
  PID:2988
- C:\Windows\System\ArgzPBV.exe
  C:\Windows\System\ArgzPBV.exe
  2⤵
  PID:2676
- C:\Windows\System\utFJVgg.exe
  C:\Windows\System\utFJVgg.exe
  2⤵
  PID:3036
- C:\Windows\System\wZjsSXw.exe
  C:\Windows\System\wZjsSXw.exe
  2⤵
  PID:2464
- C:\Windows\System\dXcOQep.exe
  C:\Windows\System\dXcOQep.exe
  2⤵
  PID:1964
- C:\Windows\System\rFoXSJZ.exe
  C:\Windows\System\rFoXSJZ.exe
  2⤵
  PID:2404
- C:\Windows\System\cJVESfb.exe
  C:\Windows\System\cJVESfb.exe
  2⤵
  PID:5836
- C:\Windows\System\mwdbABz.exe
  C:\Windows\System\mwdbABz.exe
  2⤵
  PID:5856
- C:\Windows\System\sXFLZZt.exe
  C:\Windows\System\sXFLZZt.exe
  2⤵
  PID:2964
- C:\Windows\System\bcrMxPm.exe
  C:\Windows\System\bcrMxPm.exe
  2⤵
  PID:2120
- C:\Windows\System\NGycOxU.exe
  C:\Windows\System\NGycOxU.exe
  2⤵
  PID:1952
- C:\Windows\System\eizGSsv.exe
  C:\Windows\System\eizGSsv.exe
  2⤵
  PID:2384
- C:\Windows\System\KUoAEeJ.exe
  C:\Windows\System\KUoAEeJ.exe
  2⤵
  PID:2548
- C:\Windows\System\cOaNMTL.exe
  C:\Windows\System\cOaNMTL.exe
  2⤵
  PID:452
- C:\Windows\System\euVjCvD.exe
  C:\Windows\System\euVjCvD.exe
  2⤵
  PID:1260
- C:\Windows\System\TfgOidR.exe
  C:\Windows\System\TfgOidR.exe
  2⤵
  PID:2028
- C:\Windows\System\uuDhMYg.exe
  C:\Windows\System\uuDhMYg.exe
  2⤵
  PID:3020
- C:\Windows\System\WsJtNyJ.exe
  C:\Windows\System\WsJtNyJ.exe
  2⤵
  PID:6116
- C:\Windows\System\CLOnOyX.exe
  C:\Windows\System\CLOnOyX.exe
  2⤵
  PID:3136
- C:\Windows\System\sSbDwEp.exe
  C:\Windows\System\sSbDwEp.exe
  2⤵
  PID:6132
- C:\Windows\System\UVnDgbk.exe
  C:\Windows\System\UVnDgbk.exe
  2⤵
  PID:4728
- C:\Windows\System\iQOUcCj.exe
  C:\Windows\System\iQOUcCj.exe
  2⤵
  PID:3948
- C:\Windows\System\TWyuqCy.exe
  C:\Windows\System\TWyuqCy.exe
  2⤵
  PID:3560
- C:\Windows\System\aczPFlY.exe
  C:\Windows\System\aczPFlY.exe
  2⤵
  PID:5160
- C:\Windows\System\gkwcYne.exe
  C:\Windows\System\gkwcYne.exe
  2⤵
  PID:5308
- C:\Windows\System\zlVHGLd.exe
  C:\Windows\System\zlVHGLd.exe
  2⤵
  PID:5312
- C:\Windows\System\ptmpZxh.exe
  C:\Windows\System\ptmpZxh.exe
  2⤵
  PID:5372
- C:\Windows\System\QYflvuh.exe
  C:\Windows\System\QYflvuh.exe
  2⤵
  PID:5444
- C:\Windows\System\HXDAklQ.exe
  C:\Windows\System\HXDAklQ.exe
  2⤵
  PID:2564
- C:\Windows\System\MIhRedB.exe
  C:\Windows\System\MIhRedB.exe
  2⤵
  PID:2360
- C:\Windows\System\SdSrepc.exe
  C:\Windows\System\SdSrepc.exe
  2⤵
  PID:5656
- C:\Windows\System\rKfKMVr.exe
  C:\Windows\System\rKfKMVr.exe
  2⤵
  PID:5772
- C:\Windows\System\MoFZKSA.exe
  C:\Windows\System\MoFZKSA.exe
  2⤵
  PID:2896
- C:\Windows\System\mhykZEA.exe
  C:\Windows\System\mhykZEA.exe
  2⤵
  PID:1652
- C:\Windows\System\mZPapHb.exe
  C:\Windows\System\mZPapHb.exe
  2⤵
  PID:2524
- C:\Windows\System\vYavBYj.exe
  C:\Windows\System\vYavBYj.exe
  2⤵
  PID:2164
- C:\Windows\System\byBNDbT.exe
  C:\Windows\System\byBNDbT.exe
  2⤵
  PID:1132
- C:\Windows\System\pLcxWtu.exe
  C:\Windows\System\pLcxWtu.exe
  2⤵
  PID:2996
- C:\Windows\System\cYWijHF.exe
  C:\Windows\System\cYWijHF.exe
  2⤵
  PID:5796
- C:\Windows\System\gApgaMU.exe
  C:\Windows\System\gApgaMU.exe
  2⤵
  PID:972
- C:\Windows\System\RdWcZAU.exe
  C:\Windows\System\RdWcZAU.exe
  2⤵
  PID:2824
- C:\Windows\System\RZQEEFd.exe
  C:\Windows\System\RZQEEFd.exe
  2⤵
  PID:6012
- C:\Windows\System\PQRcNxv.exe
  C:\Windows\System\PQRcNxv.exe
  2⤵
  PID:6092
- C:\Windows\System\UbpEPQE.exe
  C:\Windows\System\UbpEPQE.exe
  2⤵
  PID:2504
- C:\Windows\System\lstnkyL.exe
  C:\Windows\System\lstnkyL.exe
  2⤵
  PID:6020
- C:\Windows\System\nifOARy.exe
  C:\Windows\System\nifOARy.exe
  2⤵
  PID:6076
- C:\Windows\System\TwcFjWz.exe
  C:\Windows\System\TwcFjWz.exe
  2⤵
  PID:1840
- C:\Windows\System\nFeBrVG.exe
  C:\Windows\System\nFeBrVG.exe
  2⤵
  PID:4576
- C:\Windows\System\pBdicIF.exe
  C:\Windows\System\pBdicIF.exe
  2⤵
  PID:3340
- C:\Windows\System\mxzCTAK.exe
  C:\Windows\System\mxzCTAK.exe
  2⤵
  PID:2528
- C:\Windows\System\pYlnnqn.exe
  C:\Windows\System\pYlnnqn.exe
  2⤵
  PID:1516
- C:\Windows\System\dpZlWSK.exe
  C:\Windows\System\dpZlWSK.exe
  2⤵
  PID:4760
- C:\Windows\System\hSZRkeI.exe
  C:\Windows\System\hSZRkeI.exe
  2⤵
  PID:5364
- C:\Windows\System\XiFfkHC.exe
  C:\Windows\System\XiFfkHC.exe
  2⤵
  PID:5696
- C:\Windows\System\XtjEsCz.exe
  C:\Windows\System\XtjEsCz.exe
  2⤵
  PID:5292
- C:\Windows\System\tmCwxKk.exe
  C:\Windows\System\tmCwxKk.exe
  2⤵
  PID:5584
- C:\Windows\System\cZksgRA.exe
  C:\Windows\System\cZksgRA.exe
  2⤵
  PID:2516
- C:\Windows\System\elIkrFe.exe
  C:\Windows\System\elIkrFe.exe
  2⤵
  PID:3044
- C:\Windows\System\TMFuChi.exe
  C:\Windows\System\TMFuChi.exe
  2⤵
  PID:5812
- C:\Windows\System\eBuYCWB.exe
  C:\Windows\System\eBuYCWB.exe
  2⤵
  PID:1660
- C:\Windows\System\qTPmSFS.exe
  C:\Windows\System\qTPmSFS.exe
  2⤵
  PID:1784
- C:\Windows\System\KrKRhrJ.exe
  C:\Windows\System\KrKRhrJ.exe
  2⤵
  PID:560
- C:\Windows\System\nsRbAKf.exe
  C:\Windows\System\nsRbAKf.exe
  2⤵
  PID:964
- C:\Windows\System\jjLizAC.exe
  C:\Windows\System\jjLizAC.exe
  2⤵
  PID:2508
- C:\Windows\System\tShZxCS.exe
  C:\Windows\System\tShZxCS.exe
  2⤵
  PID:5048
- C:\Windows\System\xetyuJd.exe
  C:\Windows\System\xetyuJd.exe
  2⤵
  PID:3028
- C:\Windows\System\sKbnagn.exe
  C:\Windows\System\sKbnagn.exe
  2⤵
  PID:1684
- C:\Windows\System\eSKYrqA.exe
  C:\Windows\System\eSKYrqA.exe
  2⤵
  PID:2876
- C:\Windows\System\hKJsERU.exe
  C:\Windows\System\hKJsERU.exe
  2⤵
  PID:844
- C:\Windows\System\lTWdnwk.exe
  C:\Windows\System\lTWdnwk.exe
  2⤵
  PID:5616
- C:\Windows\System\rSqrmOp.exe
  C:\Windows\System\rSqrmOp.exe
  2⤵
  PID:764
- C:\Windows\System\juNXkSh.exe
  C:\Windows\System\juNXkSh.exe
  2⤵
  PID:1800
- C:\Windows\System\tniPWym.exe
  C:\Windows\System\tniPWym.exe
  2⤵
  PID:768
- C:\Windows\System\uUSOEPw.exe
  C:\Windows\System\uUSOEPw.exe
  2⤵
  PID:2664
- C:\Windows\System\eymdjga.exe
  C:\Windows\System\eymdjga.exe
  2⤵
  PID:4824
- C:\Windows\System\hrGNizG.exe
  C:\Windows\System\hrGNizG.exe
  2⤵
  PID:5976
- C:\Windows\System\pqPAsAY.exe
  C:\Windows\System\pqPAsAY.exe
  2⤵
  PID:5948
- C:\Windows\System\VxoOZPa.exe
  C:\Windows\System\VxoOZPa.exe
  2⤵
  PID:1672
- C:\Windows\System\HcSItok.exe
  C:\Windows\System\HcSItok.exe
  2⤵
  PID:5708
- C:\Windows\System\PswxGOl.exe
  C:\Windows\System\PswxGOl.exe
  2⤵
  PID:5448
- C:\Windows\System\YJAhHMY.exe
  C:\Windows\System\YJAhHMY.exe
  2⤵
  PID:2852
- C:\Windows\System\cXUGdWt.exe
  C:\Windows\System\cXUGdWt.exe
  2⤵
  PID:6048
- C:\Windows\System\FoZlPaf.exe
  C:\Windows\System\FoZlPaf.exe
  2⤵
  PID:4968
- C:\Windows\System\cKpFOjT.exe
  C:\Windows\System\cKpFOjT.exe
  2⤵
  PID:1316
- C:\Windows\System\EyEKPRc.exe
  C:\Windows\System\EyEKPRc.exe
  2⤵
  PID:6160
- C:\Windows\System\Qocdidv.exe
  C:\Windows\System\Qocdidv.exe
  2⤵
  PID:6176
- C:\Windows\System\AxhuiAM.exe
  C:\Windows\System\AxhuiAM.exe
  2⤵
  PID:6200
- C:\Windows\System\vUwIzgA.exe
  C:\Windows\System\vUwIzgA.exe
  2⤵
  PID:6216
- C:\Windows\System\YINInAK.exe
  C:\Windows\System\YINInAK.exe
  2⤵
  PID:6232
- C:\Windows\System\hSfJKoZ.exe
  C:\Windows\System\hSfJKoZ.exe
  2⤵
  PID:6252
- C:\Windows\System\aEgwdXq.exe
  C:\Windows\System\aEgwdXq.exe
  2⤵
  PID:6284
- C:\Windows\System\JiRXPTA.exe
  C:\Windows\System\JiRXPTA.exe
  2⤵
  PID:6304
- C:\Windows\System\AUtfpnS.exe
  C:\Windows\System\AUtfpnS.exe
  2⤵
  PID:6340
- C:\Windows\System\dXwVYOS.exe
  C:\Windows\System\dXwVYOS.exe
  2⤵
  PID:6356
- C:\Windows\System\QwFRtwF.exe
  C:\Windows\System\QwFRtwF.exe
  2⤵
  PID:6376
- C:\Windows\System\JAxYZDp.exe
  C:\Windows\System\JAxYZDp.exe
  2⤵
  PID:6392
- C:\Windows\System\ojnOZIY.exe
  C:\Windows\System\ojnOZIY.exe
  2⤵
  PID:6412
- C:\Windows\System\sekiSRz.exe
  C:\Windows\System\sekiSRz.exe
  2⤵
  PID:6428
- C:\Windows\System\FjqEIeB.exe
  C:\Windows\System\FjqEIeB.exe
  2⤵
  PID:6460
- C:\Windows\System\UhORrlA.exe
  C:\Windows\System\UhORrlA.exe
  2⤵
  PID:6484
- C:\Windows\System\eftsHqw.exe
  C:\Windows\System\eftsHqw.exe
  2⤵
  PID:6504
- C:\Windows\System\gEPmYpC.exe
  C:\Windows\System\gEPmYpC.exe
  2⤵
  PID:6520
- C:\Windows\System\lLSKCha.exe
  C:\Windows\System\lLSKCha.exe
  2⤵
  PID:6548
- C:\Windows\System\SzbnIsU.exe
  C:\Windows\System\SzbnIsU.exe
  2⤵
  PID:6564
- C:\Windows\System\sfVwcod.exe
  C:\Windows\System\sfVwcod.exe
  2⤵
  PID:6580
- C:\Windows\System\YDfIvSk.exe
  C:\Windows\System\YDfIvSk.exe
  2⤵
  PID:6600
- C:\Windows\System\rrtWWUN.exe
  C:\Windows\System\rrtWWUN.exe
  2⤵
  PID:6624
- C:\Windows\System\dVqVGBr.exe
  C:\Windows\System\dVqVGBr.exe
  2⤵
  PID:6644
- C:\Windows\System\JCqruGk.exe
  C:\Windows\System\JCqruGk.exe
  2⤵
  PID:6660
- C:\Windows\System\SLJkDxr.exe
  C:\Windows\System\SLJkDxr.exe
  2⤵
  PID:6680
- C:\Windows\System\pmWZAka.exe
  C:\Windows\System\pmWZAka.exe
  2⤵
  PID:6708
- C:\Windows\System\jVFRTaj.exe
  C:\Windows\System\jVFRTaj.exe
  2⤵
  PID:6724
- C:\Windows\System\gQbUxxG.exe
  C:\Windows\System\gQbUxxG.exe
  2⤵
  PID:6740
- C:\Windows\System\lBXjYVK.exe
  C:\Windows\System\lBXjYVK.exe
  2⤵
  PID:6756
- C:\Windows\System\COtkiNt.exe
  C:\Windows\System\COtkiNt.exe
  2⤵
  PID:6776
- C:\Windows\System\BtcdOOF.exe
  C:\Windows\System\BtcdOOF.exe
  2⤵
  PID:6808
- C:\Windows\System\tStuLUg.exe
  C:\Windows\System\tStuLUg.exe
  2⤵
  PID:6828
- C:\Windows\System\AbThHWI.exe
  C:\Windows\System\AbThHWI.exe
  2⤵
  PID:6844
- C:\Windows\System\fmVNnjJ.exe
  C:\Windows\System\fmVNnjJ.exe
  2⤵
  PID:6864
- C:\Windows\System\DnEctIK.exe
  C:\Windows\System\DnEctIK.exe
  2⤵
  PID:6884
- C:\Windows\System\GHYHSRb.exe
  C:\Windows\System\GHYHSRb.exe
  2⤵
  PID:6908
- C:\Windows\System\HkGgfaW.exe
  C:\Windows\System\HkGgfaW.exe
  2⤵
  PID:6924
- C:\Windows\System\INmmaQo.exe
  C:\Windows\System\INmmaQo.exe
  2⤵
  PID:6944
- C:\Windows\System\lcqRFmk.exe
  C:\Windows\System\lcqRFmk.exe
  2⤵
  PID:6960
- C:\Windows\System\QRFgYFD.exe
  C:\Windows\System\QRFgYFD.exe
  2⤵
  PID:6980
- C:\Windows\System\wgUZDHe.exe
  C:\Windows\System\wgUZDHe.exe
  2⤵
  PID:7008
- C:\Windows\System\qPRjEiJ.exe
  C:\Windows\System\qPRjEiJ.exe
  2⤵
  PID:7024
- C:\Windows\System\ZopNYuM.exe
  C:\Windows\System\ZopNYuM.exe
  2⤵
  PID:7044
- C:\Windows\System\VWTkqsj.exe
  C:\Windows\System\VWTkqsj.exe
  2⤵
  PID:7060
- C:\Windows\System\YkBHWob.exe
  C:\Windows\System\YkBHWob.exe
  2⤵
  PID:7084
- C:\Windows\System\MRbpHkM.exe
  C:\Windows\System\MRbpHkM.exe
  2⤵
  PID:7100
- C:\Windows\System\bnTUVMr.exe
  C:\Windows\System\bnTUVMr.exe
  2⤵
  PID:7120
- C:\Windows\System\jOsssMl.exe
  C:\Windows\System\jOsssMl.exe
  2⤵
  PID:7144
- C:\Windows\System\UEGkqtO.exe
  C:\Windows\System\UEGkqtO.exe
  2⤵
  PID:7160
- C:\Windows\System\uuRCwca.exe
  C:\Windows\System\uuRCwca.exe
  2⤵
  PID:2700
- C:\Windows\System\uCJZccn.exe
  C:\Windows\System\uCJZccn.exe
  2⤵
  PID:6152
- C:\Windows\System\KSogwxy.exe
  C:\Windows\System\KSogwxy.exe
  2⤵
  PID:6196
- C:\Windows\System\jmpkfPw.exe
  C:\Windows\System\jmpkfPw.exe
  2⤵
  PID:1060
- C:\Windows\System\RoaJMQd.exe
  C:\Windows\System\RoaJMQd.exe
  2⤵
  PID:4556
- C:\Windows\System\kuGSgTN.exe
  C:\Windows\System\kuGSgTN.exe
  2⤵
  PID:6268
- C:\Windows\System\epuLYyP.exe
  C:\Windows\System\epuLYyP.exe
  2⤵
  PID:5108
- C:\Windows\System\KLgvbNP.exe
  C:\Windows\System\KLgvbNP.exe
  2⤵
  PID:1492
- C:\Windows\System\pupDaXF.exe
  C:\Windows\System\pupDaXF.exe
  2⤵
  PID:6244
- C:\Windows\System\xPDuKTG.exe
  C:\Windows\System\xPDuKTG.exe
  2⤵
  PID:6312
- C:\Windows\System\jTOmdGP.exe
  C:\Windows\System\jTOmdGP.exe
  2⤵
  PID:6328
- C:\Windows\System\YItukRL.exe
  C:\Windows\System\YItukRL.exe
  2⤵
  PID:6348
- C:\Windows\System\vyDEcef.exe
  C:\Windows\System\vyDEcef.exe
  2⤵
  PID:6368
- C:\Windows\System\teBbGgI.exe
  C:\Windows\System\teBbGgI.exe
  2⤵
  PID:6440
- C:\Windows\System\TtIoOqQ.exe
  C:\Windows\System\TtIoOqQ.exe
  2⤵
  PID:6448
- C:\Windows\System\ltnavhP.exe
  C:\Windows\System\ltnavhP.exe
  2⤵
  PID:6468
- C:\Windows\System\CsuHoDe.exe
  C:\Windows\System\CsuHoDe.exe
  2⤵
  PID:6496
- C:\Windows\System\xdbHNwB.exe
  C:\Windows\System\xdbHNwB.exe
  2⤵
  PID:6516
- C:\Windows\System\STXTYkF.exe
  C:\Windows\System\STXTYkF.exe
  2⤵
  PID:6540
- C:\Windows\System\tYxrTFd.exe
  C:\Windows\System\tYxrTFd.exe
  2⤵
  PID:6588
- C:\Windows\System\lUghVKk.exe
  C:\Windows\System\lUghVKk.exe
  2⤵
  PID:6596
- C:\Windows\System\WQIMKir.exe
  C:\Windows\System\WQIMKir.exe
  2⤵
  PID:6632
- C:\Windows\System\iHNklUa.exe
  C:\Windows\System\iHNklUa.exe
  2⤵
  PID:6640
- C:\Windows\System\KtlWRFi.exe
  C:\Windows\System\KtlWRFi.exe
  2⤵
  PID:6704
- C:\Windows\System\jjtgpER.exe
  C:\Windows\System\jjtgpER.exe
  2⤵
  PID:6736
- C:\Windows\System\CHXdvxb.exe
  C:\Windows\System\CHXdvxb.exe
  2⤵
  PID:6792
- C:\Windows\System\wCaDCvX.exe
  C:\Windows\System\wCaDCvX.exe
  2⤵
  PID:6804
- C:\Windows\System\UQmikOP.exe
  C:\Windows\System\UQmikOP.exe
  2⤵
  PID:6788
- C:\Windows\System\mboBTAI.exe
  C:\Windows\System\mboBTAI.exe
  2⤵
  PID:6852
- C:\Windows\System\mqLDDbt.exe
  C:\Windows\System\mqLDDbt.exe
  2⤵
  PID:6880
- C:\Windows\System\nCIJDop.exe
  C:\Windows\System\nCIJDop.exe
  2⤵
  PID:6900
- C:\Windows\System\vBXfIby.exe
  C:\Windows\System\vBXfIby.exe
  2⤵
  PID:6936
- C:\Windows\System\aJDODtv.exe
  C:\Windows\System\aJDODtv.exe
  2⤵
  PID:6956
- C:\Windows\System\OQwtSDS.exe
  C:\Windows\System\OQwtSDS.exe
  2⤵
  PID:6996
- C:\Windows\System\DouBKlE.exe
  C:\Windows\System\DouBKlE.exe
  2⤵
  PID:7020
- C:\Windows\System\wYxuflU.exe
  C:\Windows\System\wYxuflU.exe
  2⤵
  PID:7076
- C:\Windows\System\RDkDLLI.exe
  C:\Windows\System\RDkDLLI.exe
  2⤵
  PID:7040
- C:\Windows\System\jKhaPoM.exe
  C:\Windows\System\jKhaPoM.exe
  2⤵
  PID:7112
- C:\Windows\System\buaZplC.exe
  C:\Windows\System\buaZplC.exe
  2⤵
  PID:7128
- C:\Windows\System\JbnmtJQ.exe
  C:\Windows\System\JbnmtJQ.exe
  2⤵
  PID:5808
- C:\Windows\System\aMKeuMo.exe
  C:\Windows\System\aMKeuMo.exe
  2⤵
  PID:6228
- C:\Windows\System\gLgTnqg.exe
  C:\Windows\System\gLgTnqg.exe
  2⤵
  PID:6192
- C:\Windows\System\fadsLjH.exe
  C:\Windows\System\fadsLjH.exe
  2⤵
  PID:6240
- C:\Windows\System\SGDmley.exe
  C:\Windows\System\SGDmley.exe
  2⤵
  PID:6372
- C:\Windows\System\MFFPtOA.exe
  C:\Windows\System\MFFPtOA.exe
  2⤵
  PID:6300
- C:\Windows\System\CBsObsD.exe
  C:\Windows\System\CBsObsD.exe
  2⤵
  PID:6408
- C:\Windows\System\fLhJuBA.exe
  C:\Windows\System\fLhJuBA.exe
  2⤵
  PID:6476
- C:\Windows\System\ivWlpHN.exe
  C:\Windows\System\ivWlpHN.exe
  2⤵
  PID:6480
- C:\Windows\System\umAyNFq.exe
  C:\Windows\System\umAyNFq.exe
  2⤵
  PID:6576
- C:\Windows\System\KdJedVi.exe
  C:\Windows\System\KdJedVi.exe
  2⤵
  PID:6652
- C:\Windows\System\icAgKzG.exe
  C:\Windows\System\icAgKzG.exe
  2⤵
  PID:6696
- C:\Windows\System\uFzyQKf.exe
  C:\Windows\System\uFzyQKf.exe
  2⤵
  PID:6688
- C:\Windows\System\yMORCea.exe
  C:\Windows\System\yMORCea.exe
  2⤵
  PID:6716
- C:\Windows\System\VwfveAL.exe
  C:\Windows\System\VwfveAL.exe
  2⤵
  PID:1880
- C:\Windows\System\HNLoCVp.exe
  C:\Windows\System\HNLoCVp.exe
  2⤵
  PID:6824
- C:\Windows\System\gYTLbUm.exe
  C:\Windows\System\gYTLbUm.exe
  2⤵
  PID:2592
- C:\Windows\System\ACxQGWT.exe
  C:\Windows\System\ACxQGWT.exe
  2⤵
  PID:6836
- C:\Windows\System\diGMVPz.exe
  C:\Windows\System\diGMVPz.exe
  2⤵
  PID:6896
- C:\Windows\System\NhvXosc.exe
  C:\Windows\System\NhvXosc.exe
  2⤵
  PID:6968
- C:\Windows\System\ZekPZvu.exe
  C:\Windows\System\ZekPZvu.exe
  2⤵
  PID:6976
- C:\Windows\System\KFTogUl.exe
  C:\Windows\System\KFTogUl.exe
  2⤵
  PID:7056
- C:\Windows\System\dUohODC.exe
  C:\Windows\System\dUohODC.exe
  2⤵
  PID:6972
- C:\Windows\System\LQvTEWn.exe
  C:\Windows\System\LQvTEWn.exe
  2⤵
  PID:7140
- C:\Windows\System\jlXnrHm.exe
  C:\Windows\System\jlXnrHm.exe
  2⤵
  PID:6264
- C:\Windows\System\aLofTmO.exe
  C:\Windows\System\aLofTmO.exe
  2⤵
  PID:624
- C:\Windows\System\zoAKwBn.exe
  C:\Windows\System\zoAKwBn.exe
  2⤵
  PID:6188
- C:\Windows\System\DZPxVdx.exe
  C:\Windows\System\DZPxVdx.exe
  2⤵
  PID:6320
- C:\Windows\System\KtjgqrU.exe
  C:\Windows\System\KtjgqrU.exe
  2⤵
  PID:6456
- C:\Windows\System\WvQEdHF.exe
  C:\Windows\System\WvQEdHF.exe
  2⤵
  PID:6560
- C:\Windows\System\wyADzZK.exe
  C:\Windows\System\wyADzZK.exe
  2⤵
  PID:6592
- C:\Windows\System\JmzUMvg.exe
  C:\Windows\System\JmzUMvg.exe
  2⤵
  PID:6800
- C:\Windows\System\vVpmkto.exe
  C:\Windows\System\vVpmkto.exe
  2⤵
  PID:6860
- C:\Windows\System\WABaOvQ.exe
  C:\Windows\System\WABaOvQ.exe
  2⤵
  PID:7080
- C:\Windows\System\CwcRPvV.exe
  C:\Windows\System\CwcRPvV.exe
  2⤵
  PID:5996
- C:\Windows\System\OdxkQpC.exe
  C:\Windows\System\OdxkQpC.exe
  2⤵
  PID:6352
- C:\Windows\System\jGutQsW.exe
  C:\Windows\System\jGutQsW.exe
  2⤵
  PID:6212
- C:\Windows\System\eaIfdiZ.exe
  C:\Windows\System\eaIfdiZ.exe
  2⤵
  PID:6620
- C:\Windows\System\VdyKYeI.exe
  C:\Windows\System\VdyKYeI.exe
  2⤵
  PID:6820
- C:\Windows\System\khEIGnB.exe
  C:\Windows\System\khEIGnB.exe
  2⤵
  PID:1980
- C:\Windows\System\jJbXpGJ.exe
  C:\Windows\System\jJbXpGJ.exe
  2⤵
  PID:2100
- C:\Windows\System\XCUcxNb.exe
  C:\Windows\System\XCUcxNb.exe
  2⤵
  PID:952
- C:\Windows\System\yAWFnzk.exe
  C:\Windows\System\yAWFnzk.exe
  2⤵
  PID:7156
- C:\Windows\System\HSXUnNX.exe
  C:\Windows\System\HSXUnNX.exe
  2⤵
  PID:6536
- C:\Windows\System\GjZKnWr.exe
  C:\Windows\System\GjZKnWr.exe
  2⤵
  PID:6184
- C:\Windows\System\XVPdNDr.exe
  C:\Windows\System\XVPdNDr.exe
  2⤵
  PID:6952
- C:\Windows\System\QhrfKnu.exe
  C:\Windows\System\QhrfKnu.exe
  2⤵
  PID:7132
- C:\Windows\System\bjIoxWa.exe
  C:\Windows\System\bjIoxWa.exe
  2⤵
  PID:4404
- C:\Windows\System\zESbtZN.exe
  C:\Windows\System\zESbtZN.exe
  2⤵
  PID:6768
- C:\Windows\System\ipKDUlE.exe
  C:\Windows\System\ipKDUlE.exe
  2⤵
  PID:6612
- C:\Windows\System\NoIxUiH.exe
  C:\Windows\System\NoIxUiH.exe
  2⤵
  PID:7176
- C:\Windows\System\jNSBuIp.exe
  C:\Windows\System\jNSBuIp.exe
  2⤵
  PID:7196
- C:\Windows\System\mvzCCTM.exe
  C:\Windows\System\mvzCCTM.exe
  2⤵
  PID:7216
- C:\Windows\System\tsZAeRY.exe
  C:\Windows\System\tsZAeRY.exe
  2⤵
  PID:7232
- C:\Windows\System\EaBaYvl.exe
  C:\Windows\System\EaBaYvl.exe
  2⤵
  PID:7248
- C:\Windows\System\jHyNImU.exe
  C:\Windows\System\jHyNImU.exe
  2⤵
  PID:7264
- C:\Windows\System\uWkpuuY.exe
  C:\Windows\System\uWkpuuY.exe
  2⤵
  PID:7284
- C:\Windows\System\QXBGmbO.exe
  C:\Windows\System\QXBGmbO.exe
  2⤵
  PID:7300
- C:\Windows\System\JiERMWw.exe
  C:\Windows\System\JiERMWw.exe
  2⤵
  PID:7324
- C:\Windows\System\GNkfukz.exe
  C:\Windows\System\GNkfukz.exe
  2⤵
  PID:7340
- C:\Windows\System\CSWwKVZ.exe
  C:\Windows\System\CSWwKVZ.exe
  2⤵
  PID:7356
- C:\Windows\System\dGmvYKh.exe
  C:\Windows\System\dGmvYKh.exe
  2⤵
  PID:7376
- C:\Windows\System\YgNLSlB.exe
  C:\Windows\System\YgNLSlB.exe
  2⤵
  PID:7392
- C:\Windows\System\swxpnYR.exe
  C:\Windows\System\swxpnYR.exe
  2⤵
  PID:7408
- C:\Windows\System\sDHYUgo.exe
  C:\Windows\System\sDHYUgo.exe
  2⤵
  PID:7648
- C:\Windows\System\sNafelB.exe
  C:\Windows\System\sNafelB.exe
  2⤵
  PID:7672
- C:\Windows\System\LmxYwOb.exe
  C:\Windows\System\LmxYwOb.exe
  2⤵
  PID:7700
- C:\Windows\System\BMtsETT.exe
  C:\Windows\System\BMtsETT.exe
  2⤵
  PID:7716
- C:\Windows\System\itpwnDQ.exe
  C:\Windows\System\itpwnDQ.exe
  2⤵
  PID:7736
- C:\Windows\System\pZgFcod.exe
  C:\Windows\System\pZgFcod.exe
  2⤵
  PID:7760
- C:\Windows\System\vIyLabN.exe
  C:\Windows\System\vIyLabN.exe
  2⤵
  PID:7776
- C:\Windows\System\amAXpeC.exe
  C:\Windows\System\amAXpeC.exe
  2⤵
  PID:7792
- C:\Windows\System\YSHRxqB.exe
  C:\Windows\System\YSHRxqB.exe
  2⤵
  PID:7820
- C:\Windows\System\xqAToNr.exe
  C:\Windows\System\xqAToNr.exe
  2⤵
  PID:7836
- C:\Windows\System\QNZvxWT.exe
  C:\Windows\System\QNZvxWT.exe
  2⤵
  PID:7856
- C:\Windows\System\hZWsIfr.exe
  C:\Windows\System\hZWsIfr.exe
  2⤵
  PID:7880
- C:\Windows\System\XnvbQDC.exe
  C:\Windows\System\XnvbQDC.exe
  2⤵
  PID:7896
- C:\Windows\System\PYFCerK.exe
  C:\Windows\System\PYFCerK.exe
  2⤵
  PID:7916
- C:\Windows\System\kztyhXg.exe
  C:\Windows\System\kztyhXg.exe
  2⤵
  PID:7952
- C:\Windows\System\BiQcJkJ.exe
  C:\Windows\System\BiQcJkJ.exe
  2⤵
  PID:7968
- C:\Windows\System\rIbAVPA.exe
  C:\Windows\System\rIbAVPA.exe
  2⤵
  PID:7984
- C:\Windows\System\Hsrpudk.exe
  C:\Windows\System\Hsrpudk.exe
  2⤵
  PID:8012
- C:\Windows\System\iKfgfkf.exe
  C:\Windows\System\iKfgfkf.exe
  2⤵
  PID:8028
- C:\Windows\System\xDQHguY.exe
  C:\Windows\System\xDQHguY.exe
  2⤵
  PID:8044
- C:\Windows\System\gjuGZeG.exe
  C:\Windows\System\gjuGZeG.exe
  2⤵
  PID:8060
- C:\Windows\System\KjxvVzI.exe
  C:\Windows\System\KjxvVzI.exe
  2⤵
  PID:8076
- C:\Windows\System\SQDLZwv.exe
  C:\Windows\System\SQDLZwv.exe
  2⤵
  PID:8096
- C:\Windows\System\NMcsVUP.exe
  C:\Windows\System\NMcsVUP.exe
  2⤵
  PID:8136
- C:\Windows\System\qtsDGXm.exe
  C:\Windows\System\qtsDGXm.exe
  2⤵
  PID:8152
- C:\Windows\System\xbhMprZ.exe
  C:\Windows\System\xbhMprZ.exe
  2⤵
  PID:8168
- C:\Windows\System\vDCqoGZ.exe
  C:\Windows\System\vDCqoGZ.exe
  2⤵
  PID:8184
- C:\Windows\System\EEvbAbf.exe
  C:\Windows\System\EEvbAbf.exe
  2⤵
  PID:7184
- C:\Windows\System\YuQXCSq.exe
  C:\Windows\System\YuQXCSq.exe
  2⤵
  PID:7192
- C:\Windows\System\FAWxXRm.exe
  C:\Windows\System\FAWxXRm.exe
  2⤵
  PID:7228
- C:\Windows\System\TxelttO.exe
  C:\Windows\System\TxelttO.exe
  2⤵
  PID:7280
- C:\Windows\System\jBcYZoh.exe
  C:\Windows\System\jBcYZoh.exe
  2⤵
  PID:7308
- C:\Windows\System\orUhGmD.exe
  C:\Windows\System\orUhGmD.exe
  2⤵
  PID:7352
- C:\Windows\System\MNGaTlX.exe
  C:\Windows\System\MNGaTlX.exe
  2⤵
  PID:7424
- C:\Windows\System\camkPbA.exe
  C:\Windows\System\camkPbA.exe
  2⤵
  PID:7436
- C:\Windows\System\NuxmWSD.exe
  C:\Windows\System\NuxmWSD.exe
  2⤵
  PID:7456
- C:\Windows\System\LWKuXKq.exe
  C:\Windows\System\LWKuXKq.exe
  2⤵
  PID:7472
- C:\Windows\System\oDRQidY.exe
  C:\Windows\System\oDRQidY.exe
  2⤵
  PID:7492
- C:\Windows\System\SZMeNOD.exe
  C:\Windows\System\SZMeNOD.exe
  2⤵
  PID:7532
- C:\Windows\System\rXqTdwo.exe
  C:\Windows\System\rXqTdwo.exe
  2⤵
  PID:7552
- C:\Windows\System\FIYhGFn.exe
  C:\Windows\System\FIYhGFn.exe
  2⤵
  PID:7564
- C:\Windows\System\RAyOzjS.exe
  C:\Windows\System\RAyOzjS.exe
  2⤵
  PID:7580
- C:\Windows\System\FVHNxaf.exe
  C:\Windows\System\FVHNxaf.exe
  2⤵
  PID:7600
- C:\Windows\System\IFXVBbM.exe
  C:\Windows\System\IFXVBbM.exe
  2⤵
  PID:7612
- C:\Windows\System\LNFBzCy.exe
  C:\Windows\System\LNFBzCy.exe
  2⤵
  PID:1512
- C:\Windows\System\vtuYdxb.exe
  C:\Windows\System\vtuYdxb.exe
  2⤵
  PID:7668
- C:\Windows\System\ZGkGslX.exe
  C:\Windows\System\ZGkGslX.exe
  2⤵
  PID:7688
- C:\Windows\System\iBbrinY.exe
  C:\Windows\System\iBbrinY.exe
  2⤵
  PID:7684
- C:\Windows\System\sFkSWCX.exe
  C:\Windows\System\sFkSWCX.exe
  2⤵
  PID:7712
- C:\Windows\System\AXMrtln.exe
  C:\Windows\System\AXMrtln.exe
  2⤵
  PID:7748
- C:\Windows\System\iTLPGrY.exe
  C:\Windows\System\iTLPGrY.exe
  2⤵
  PID:7800
- C:\Windows\System\IvYHLqL.exe
  C:\Windows\System\IvYHLqL.exe
  2⤵
  PID:7812
- C:\Windows\System\KFKofzi.exe
  C:\Windows\System\KFKofzi.exe
  2⤵
  PID:7852
- C:\Windows\System\SnJudOd.exe
  C:\Windows\System\SnJudOd.exe
  2⤵
  PID:7932
- C:\Windows\System\ZKFuops.exe
  C:\Windows\System\ZKFuops.exe
  2⤵
  PID:7892
- C:\Windows\System\wtrAAHs.exe
  C:\Windows\System\wtrAAHs.exe
  2⤵
  PID:7980
- C:\Windows\System\ZjnDPuK.exe
  C:\Windows\System\ZjnDPuK.exe
  2⤵
  PID:8008
- C:\Windows\System\JNkLXmp.exe
  C:\Windows\System\JNkLXmp.exe
  2⤵
  PID:8088
- C:\Windows\System\ZKkoHxg.exe
  C:\Windows\System\ZKkoHxg.exe
  2⤵
  PID:8104
- C:\Windows\System\heCZPFN.exe
  C:\Windows\System\heCZPFN.exe
  2⤵
  PID:8128
- C:\Windows\System\XKjYdAT.exe
  C:\Windows\System\XKjYdAT.exe
  2⤵
  PID:7152
- C:\Windows\System\LhgtJkT.exe
  C:\Windows\System\LhgtJkT.exe
  2⤵
  PID:8180
- C:\Windows\System\SQiBbUN.exe
  C:\Windows\System\SQiBbUN.exe
  2⤵
  PID:1520
- C:\Windows\System\usYpKTV.exe
  C:\Windows\System\usYpKTV.exe
  2⤵
  PID:7296
- C:\Windows\System\MqcLCow.exe
  C:\Windows\System\MqcLCow.exe
  2⤵
  PID:7316
- C:\Windows\System\yyUlpsS.exe
  C:\Windows\System\yyUlpsS.exe
  2⤵
  PID:7260
- C:\Windows\System\NjuQwWM.exe
  C:\Windows\System\NjuQwWM.exe
  2⤵
  PID:7400
- C:\Windows\System\ZpxIftm.exe
  C:\Windows\System\ZpxIftm.exe
  2⤵
  PID:7444
- C:\Windows\System\YyToxXa.exe
  C:\Windows\System\YyToxXa.exe
  2⤵
  PID:7504
- C:\Windows\System\cvORjpu.exe
  C:\Windows\System\cvORjpu.exe
  2⤵
  PID:7544
- C:\Windows\System\IPUxggJ.exe
  C:\Windows\System\IPUxggJ.exe
  2⤵
  PID:7592
- C:\Windows\System\QHWnkGB.exe
  C:\Windows\System\QHWnkGB.exe
  2⤵
  PID:7576
- C:\Windows\System\WWRhyqI.exe
  C:\Windows\System\WWRhyqI.exe
  2⤵
  PID:7588
- C:\Windows\System\ZeCKCTu.exe
  C:\Windows\System\ZeCKCTu.exe
  2⤵
  PID:7660
- C:\Windows\System\kqwPyOd.exe
  C:\Windows\System\kqwPyOd.exe
  2⤵
  PID:7744
- C:\Windows\System\cNxGlsw.exe
  C:\Windows\System\cNxGlsw.exe
  2⤵
  PID:7816
- C:\Windows\System\CXmDRbJ.exe
  C:\Windows\System\CXmDRbJ.exe
  2⤵
  PID:7384
- C:\Windows\System\KDPuaEv.exe
  C:\Windows\System\KDPuaEv.exe
  2⤵
  PID:7828
- C:\Windows\System\EOwNLIh.exe
  C:\Windows\System\EOwNLIh.exe
  2⤵
  PID:7936
- C:\Windows\System\lRZWUGt.exe
  C:\Windows\System\lRZWUGt.exe
  2⤵
  PID:7960
- C:\Windows\System\OPsLaTG.exe
  C:\Windows\System\OPsLaTG.exe
  2⤵
  PID:8040
- C:\Windows\System\iyKMEJI.exe
  C:\Windows\System\iyKMEJI.exe
  2⤵
  PID:8092
- C:\Windows\System\XvqDIBh.exe
  C:\Windows\System\XvqDIBh.exe
  2⤵
  PID:8164
- C:\Windows\System\FJiQmpO.exe
  C:\Windows\System\FJiQmpO.exe
  2⤵
  PID:8148
- C:\Windows\System\NFADVcf.exe
  C:\Windows\System\NFADVcf.exe
  2⤵
  PID:7500
- C:\Windows\System\QXPcemz.exe
  C:\Windows\System\QXPcemz.exe
  2⤵
  PID:7244
- C:\Windows\System\EQbBKaf.exe
  C:\Windows\System\EQbBKaf.exe
  2⤵
  PID:7372
- C:\Windows\System\KNpIFtj.exe
  C:\Windows\System\KNpIFtj.exe
  2⤵
  PID:7480
- C:\Windows\System\NmXMwoe.exe
  C:\Windows\System\NmXMwoe.exe
  2⤵
  PID:7636
- C:\Windows\System\FmiZGVL.exe
  C:\Windows\System\FmiZGVL.exe
  2⤵
  PID:7732
- C:\Windows\System\EEjYQSj.exe
  C:\Windows\System\EEjYQSj.exe
  2⤵
  PID:7848
- C:\Windows\System\ZGlRhnl.exe
  C:\Windows\System\ZGlRhnl.exe
  2⤵
  PID:7656
- C:\Windows\System\UgIQRNJ.exe
  C:\Windows\System\UgIQRNJ.exe
  2⤵
  PID:7844
- C:\Windows\System\vGjQUno.exe
  C:\Windows\System\vGjQUno.exe
  2⤵
  PID:8020
- C:\Windows\System\vjugtCq.exe
  C:\Windows\System\vjugtCq.exe
  2⤵
  PID:7188
- C:\Windows\System\apkHiZk.exe
  C:\Windows\System\apkHiZk.exe
  2⤵
  PID:7728
- C:\Windows\System\OpvQnRG.exe
  C:\Windows\System\OpvQnRG.exe
  2⤵
  PID:8120
- C:\Windows\System\KGACvNR.exe
  C:\Windows\System\KGACvNR.exe
  2⤵
  PID:7524
- C:\Windows\System\JiqFsDx.exe
  C:\Windows\System\JiqFsDx.exe
  2⤵
  PID:7460
- C:\Windows\System\UDulOpQ.exe
  C:\Windows\System\UDulOpQ.exe
  2⤵
  PID:7016
- C:\Windows\System\SvySLUU.exe
  C:\Windows\System\SvySLUU.exe
  2⤵
  PID:7756
- C:\Windows\System\UCQYzYQ.exe
  C:\Windows\System\UCQYzYQ.exe
  2⤵
  PID:8072
- C:\Windows\System\HXPOHQl.exe
  C:\Windows\System\HXPOHQl.exe
  2⤵
  PID:7224
- C:\Windows\System\TfsNUAD.exe
  C:\Windows\System\TfsNUAD.exe
  2⤵
  PID:8036
- C:\Windows\System\briARGA.exe
  C:\Windows\System\briARGA.exe
  2⤵
  PID:7540
- C:\Windows\System\GRGFYod.exe
  C:\Windows\System\GRGFYod.exe
  2⤵
  PID:7484
- C:\Windows\System\SXQUcgQ.exe
  C:\Windows\System\SXQUcgQ.exe
  2⤵
  PID:7420
- C:\Windows\System\JTVjkLQ.exe
  C:\Windows\System\JTVjkLQ.exe
  2⤵
  PID:7364
- C:\Windows\System\RXIqACf.exe
  C:\Windows\System\RXIqACf.exe
  2⤵
  PID:7520
- C:\Windows\System\tKApaOF.exe
  C:\Windows\System\tKApaOF.exe
  2⤵
  PID:7696
- C:\Windows\System\fuuRhAz.exe
  C:\Windows\System\fuuRhAz.exe
  2⤵
  PID:8196
- C:\Windows\System\fxxEOfT.exe
  C:\Windows\System\fxxEOfT.exe
  2⤵
  PID:8220
- C:\Windows\System\NXoAZOR.exe
  C:\Windows\System\NXoAZOR.exe
  2⤵
  PID:8240
- C:\Windows\System\XRzzACp.exe
  C:\Windows\System\XRzzACp.exe
  2⤵
  PID:8264
- C:\Windows\System\hHezTTW.exe
  C:\Windows\System\hHezTTW.exe
  2⤵
  PID:8288
- C:\Windows\System\YBKSCuD.exe
  C:\Windows\System\YBKSCuD.exe
  2⤵
  PID:8304
- C:\Windows\System\EfVIdXy.exe
  C:\Windows\System\EfVIdXy.exe
  2⤵
  PID:8324
- C:\Windows\System\BnoCcXX.exe
  C:\Windows\System\BnoCcXX.exe
  2⤵
  PID:8352
- C:\Windows\System\rapLWEW.exe
  C:\Windows\System\rapLWEW.exe
  2⤵
  PID:8368
- C:\Windows\System\HuvBwFN.exe
  C:\Windows\System\HuvBwFN.exe
  2⤵
  PID:8384
- C:\Windows\System\AzuShNu.exe
  C:\Windows\System\AzuShNu.exe
  2⤵
  PID:8404
- C:\Windows\System\XbIRiLD.exe
  C:\Windows\System\XbIRiLD.exe
  2⤵
  PID:8424
- C:\Windows\System\sMSSlnp.exe
  C:\Windows\System\sMSSlnp.exe
  2⤵
  PID:8440
- C:\Windows\System\ZiiUncm.exe
  C:\Windows\System\ZiiUncm.exe
  2⤵
  PID:8456
- C:\Windows\System\ubTjlTz.exe
  C:\Windows\System\ubTjlTz.exe
  2⤵
  PID:8472
- C:\Windows\System\snsOHSx.exe
  C:\Windows\System\snsOHSx.exe
  2⤵
  PID:8488
- C:\Windows\System\nxdkKcQ.exe
  C:\Windows\System\nxdkKcQ.exe
  2⤵
  PID:8504
- C:\Windows\System\zhlPQlK.exe
  C:\Windows\System\zhlPQlK.exe
  2⤵
  PID:8520
- C:\Windows\System\jGqvuue.exe
  C:\Windows\System\jGqvuue.exe
  2⤵
  PID:8576
- C:\Windows\System\MDGUSst.exe
  C:\Windows\System\MDGUSst.exe
  2⤵
  PID:8596
- C:\Windows\System\YKNGdiF.exe
  C:\Windows\System\YKNGdiF.exe
  2⤵
  PID:8656
- C:\Windows\System\wWrVIFQ.exe
  C:\Windows\System\wWrVIFQ.exe
  2⤵
  PID:8680
- C:\Windows\System\bcbAbXG.exe
  C:\Windows\System\bcbAbXG.exe
  2⤵
  PID:8696
- C:\Windows\System\ZDDwSRJ.exe
  C:\Windows\System\ZDDwSRJ.exe
  2⤵
  PID:8716
- C:\Windows\System\pGUQHbd.exe
  C:\Windows\System\pGUQHbd.exe
  2⤵
  PID:8732
- C:\Windows\System\cGzmcKR.exe
  C:\Windows\System\cGzmcKR.exe
  2⤵
  PID:8748
- C:\Windows\System\VRPmyLX.exe
  C:\Windows\System\VRPmyLX.exe
  2⤵
  PID:8776
- C:\Windows\System\dRUkxuN.exe
  C:\Windows\System\dRUkxuN.exe
  2⤵
  PID:8816
- C:\Windows\System\KFjRqCE.exe
  C:\Windows\System\KFjRqCE.exe
  2⤵
  PID:8836
- C:\Windows\System\EuKwjrs.exe
  C:\Windows\System\EuKwjrs.exe
  2⤵
  PID:8852
- C:\Windows\System\DBdJZGO.exe
  C:\Windows\System\DBdJZGO.exe
  2⤵
  PID:8868
- C:\Windows\System\DqAFDlV.exe
  C:\Windows\System\DqAFDlV.exe
  2⤵
  PID:8888
- C:\Windows\System\fwFRXOR.exe
  C:\Windows\System\fwFRXOR.exe
  2⤵
  PID:8908
- C:\Windows\System\fBESmJb.exe
  C:\Windows\System\fBESmJb.exe
  2⤵
  PID:8932
- C:\Windows\System\CjaKEuL.exe
  C:\Windows\System\CjaKEuL.exe
  2⤵
  PID:8964
- C:\Windows\System\VAVyUzM.exe
  C:\Windows\System\VAVyUzM.exe
  2⤵
  PID:8980
- C:\Windows\System\ZOBVeRL.exe
  C:\Windows\System\ZOBVeRL.exe
  2⤵
  PID:9000
- C:\Windows\System\FjNhfKM.exe
  C:\Windows\System\FjNhfKM.exe
  2⤵
  PID:9020
- C:\Windows\System\woYzFaF.exe
  C:\Windows\System\woYzFaF.exe
  2⤵
  PID:9036
- C:\Windows\System\hcocchE.exe
  C:\Windows\System\hcocchE.exe
  2⤵
  PID:9052
- C:\Windows\System\WwoIRKP.exe
  C:\Windows\System\WwoIRKP.exe
  2⤵
  PID:9072
- C:\Windows\System\cMdjiys.exe
  C:\Windows\System\cMdjiys.exe
  2⤵
  PID:9104
- C:\Windows\System\AlfFPjg.exe
  C:\Windows\System\AlfFPjg.exe
  2⤵
  PID:9124
- C:\Windows\System\dyFHoVY.exe
  C:\Windows\System\dyFHoVY.exe
  2⤵
  PID:9140
- C:\Windows\System\AmftJiS.exe
  C:\Windows\System\AmftJiS.exe
  2⤵
  PID:9160
- C:\Windows\System\HYTNIsJ.exe
  C:\Windows\System\HYTNIsJ.exe
  2⤵
  PID:9196
- C:\Windows\System\lJfYxcJ.exe
  C:\Windows\System\lJfYxcJ.exe
  2⤵
  PID:9212
- C:\Windows\System\qmffGBv.exe
  C:\Windows\System\qmffGBv.exe
  2⤵
  PID:8212
- C:\Windows\System\ntfzohw.exe
  C:\Windows\System\ntfzohw.exe
  2⤵
  PID:8260
- C:\Windows\System\QLTouBQ.exe
  C:\Windows\System\QLTouBQ.exe
  2⤵
  PID:8252
- C:\Windows\System\bODwKiI.exe
  C:\Windows\System\bODwKiI.exe
  2⤵
  PID:7928
- C:\Windows\System\MqbbBmq.exe
  C:\Windows\System\MqbbBmq.exe
  2⤵
  PID:6772
- C:\Windows\System\PDhUsKT.exe
  C:\Windows\System\PDhUsKT.exe
  2⤵
  PID:8276
- C:\Windows\System\LYkJAxk.exe
  C:\Windows\System\LYkJAxk.exe
  2⤵
  PID:8312
- C:\Windows\System\vikpXSS.exe
  C:\Windows\System\vikpXSS.exe
  2⤵
  PID:8396
- C:\Windows\System\qPnGwuR.exe
  C:\Windows\System\qPnGwuR.exe
  2⤵
  PID:8500
- C:\Windows\System\gePjoAi.exe
  C:\Windows\System\gePjoAi.exe
  2⤵
  PID:8452
- C:\Windows\System\rAIBkUA.exe
  C:\Windows\System\rAIBkUA.exe
  2⤵
  PID:8436
- C:\Windows\System\Sqhwyxk.exe
  C:\Windows\System\Sqhwyxk.exe
  2⤵
  PID:8548
- C:\Windows\System\cagkziE.exe
  C:\Windows\System\cagkziE.exe
  2⤵
  PID:8560
- C:\Windows\System\lPAaayN.exe
  C:\Windows\System\lPAaayN.exe
  2⤵
  PID:8588
- C:\Windows\System\Thwdexb.exe
  C:\Windows\System\Thwdexb.exe
  2⤵
  PID:8644
- C:\Windows\System\REeFRFQ.exe
  C:\Windows\System\REeFRFQ.exe
  2⤵
  PID:8724
- C:\Windows\System\JoRtGmv.exe
  C:\Windows\System\JoRtGmv.exe
  2⤵
  PID:8704
- C:\Windows\System\RvlaEia.exe
  C:\Windows\System\RvlaEia.exe
  2⤵
  PID:8784
- C:\Windows\System\yKSArrP.exe
  C:\Windows\System\yKSArrP.exe
  2⤵
  PID:8800
- C:\Windows\System\DjBIvHy.exe
  C:\Windows\System\DjBIvHy.exe
  2⤵
  PID:8832
- C:\Windows\System\qeUcycp.exe
  C:\Windows\System\qeUcycp.exe
  2⤵
  PID:8896
- C:\Windows\System\KREiZrl.exe
  C:\Windows\System\KREiZrl.exe
  2⤵
  PID:8876
- C:\Windows\System\UPemIwf.exe
  C:\Windows\System\UPemIwf.exe
  2⤵
  PID:8928
- C:\Windows\System\RAAvvzn.exe
  C:\Windows\System\RAAvvzn.exe
  2⤵
  PID:8940
- C:\Windows\System\jZPRwbj.exe
  C:\Windows\System\jZPRwbj.exe
  2⤵
  PID:8948
- C:\Windows\System\BhiYjhf.exe
  C:\Windows\System\BhiYjhf.exe
  2⤵
  PID:9064
- C:\Windows\System\hDvRNpf.exe
  C:\Windows\System\hDvRNpf.exe
  2⤵
  PID:9044
- C:\Windows\System\zevGCQq.exe
  C:\Windows\System\zevGCQq.exe
  2⤵
  PID:9100
- C:\Windows\System\hIhXziA.exe
  C:\Windows\System\hIhXziA.exe
  2⤵
  PID:9116
- C:\Windows\System\ljoOsZP.exe
  C:\Windows\System\ljoOsZP.exe
  2⤵
  PID:9152
- C:\Windows\System\MqXfiQG.exe
  C:\Windows\System\MqXfiQG.exe
  2⤵
  PID:9180
- C:\Windows\System\XadYNNP.exe
  C:\Windows\System\XadYNNP.exe
  2⤵
  PID:8204
- C:\Windows\System\miAWxEt.exe
  C:\Windows\System\miAWxEt.exe
  2⤵
  PID:8248
- C:\Windows\System\FZYQHiW.exe
  C:\Windows\System\FZYQHiW.exe
  2⤵
  PID:8284
- C:\Windows\System\tLCvTYN.exe
  C:\Windows\System\tLCvTYN.exe
  2⤵
  PID:8296
- C:\Windows\System\rwpcMRD.exe
  C:\Windows\System\rwpcMRD.exe
  2⤵
  PID:8392
- C:\Windows\System\ObafAGg.exe
  C:\Windows\System\ObafAGg.exe
  2⤵
  PID:8448
- C:\Windows\System\SCMDOxr.exe
  C:\Windows\System\SCMDOxr.exe
  2⤵
  PID:8544
- C:\Windows\System\fuCjbSC.exe
  C:\Windows\System\fuCjbSC.exe
  2⤵
  PID:8568
- C:\Windows\System\pAXphCv.exe
  C:\Windows\System\pAXphCv.exe
  2⤵
  PID:8604
- C:\Windows\System\cNnyZuV.exe
  C:\Windows\System\cNnyZuV.exe
  2⤵
  PID:8668
- C:\Windows\System\uUJntzE.exe
  C:\Windows\System\uUJntzE.exe
  2⤵
  PID:8760
- C:\Windows\System\OSrEEqz.exe
  C:\Windows\System\OSrEEqz.exe
  2⤵
  PID:8804
- C:\Windows\System\HzjQEHQ.exe
  C:\Windows\System\HzjQEHQ.exe
  2⤵
  PID:8844
- C:\Windows\System\xkAsPfS.exe
  C:\Windows\System\xkAsPfS.exe
  2⤵
  PID:8996
- C:\Windows\System\jeImHmI.exe
  C:\Windows\System\jeImHmI.exe
  2⤵
  PID:9080
- C:\Windows\System\TFvqkAb.exe
  C:\Windows\System\TFvqkAb.exe
  2⤵
  PID:9192
- C:\Windows\System\LgyaeKc.exe
  C:\Windows\System\LgyaeKc.exe
  2⤵
  PID:8332
- C:\Windows\System\WcZCkWs.exe
  C:\Windows\System\WcZCkWs.exe
  2⤵
  PID:8880
- C:\Windows\System\PGTmobw.exe
  C:\Windows\System\PGTmobw.exe
  2⤵
  PID:8960
- C:\Windows\System\fjuiJfR.exe
  C:\Windows\System\fjuiJfR.exe
  2⤵
  PID:8860
- C:\Windows\System\ddFFttg.exe
  C:\Windows\System\ddFFttg.exe
  2⤵
  PID:9092
- C:\Windows\System\QtbSWqi.exe
  C:\Windows\System\QtbSWqi.exe
  2⤵
  PID:8272
- C:\Windows\System\NfiCkhf.exe
  C:\Windows\System\NfiCkhf.exe
  2⤵
  PID:8360
- C:\Windows\System\FZtXWVl.exe
  C:\Windows\System\FZtXWVl.exe
  2⤵
  PID:7608
- C:\Windows\System\hKYtJLE.exe
  C:\Windows\System\hKYtJLE.exe
  2⤵
  PID:8572
- C:\Windows\System\rLYGhna.exe
  C:\Windows\System\rLYGhna.exe
  2⤵
  PID:8664
- C:\Windows\System\cjijfgF.exe
  C:\Windows\System\cjijfgF.exe
  2⤵
  PID:8672
- C:\Windows\System\dIksCLn.exe
  C:\Windows\System\dIksCLn.exe
  2⤵
  PID:8772
- C:\Windows\System\QdJPxkF.exe
  C:\Windows\System\QdJPxkF.exe
  2⤵
  PID:8944
- C:\Windows\System\EERWgWV.exe
  C:\Windows\System\EERWgWV.exe
  2⤵
  PID:9204
- C:\Windows\System\yiKNNKz.exe
  C:\Windows\System\yiKNNKz.exe
  2⤵
  PID:8796
- C:\Windows\System\cCzcJTp.exe
  C:\Windows\System\cCzcJTp.exe
  2⤵
  PID:9008
- C:\Windows\System\JCdeVeW.exe
  C:\Windows\System\JCdeVeW.exe
  2⤵
  PID:8208
- C:\Windows\System\AYOInGn.exe
  C:\Windows\System\AYOInGn.exe
  2⤵
  PID:9168
- C:\Windows\System\PHwDkay.exe
  C:\Windows\System\PHwDkay.exe
  2⤵
  PID:8464
- C:\Windows\System\bSVADxR.exe
  C:\Windows\System\bSVADxR.exe
  2⤵
  PID:8744
- C:\Windows\System\xGJBXAl.exe
  C:\Windows\System\xGJBXAl.exe
  2⤵
  PID:8824
- C:\Windows\System\iqbMNkK.exe
  C:\Windows\System\iqbMNkK.exe
  2⤵
  PID:8988
- C:\Windows\System\gGXrpNq.exe
  C:\Windows\System\gGXrpNq.exe
  2⤵
  PID:8340
- C:\Windows\System\TUstcDy.exe
  C:\Windows\System\TUstcDy.exe
  2⤵
  PID:8432
- C:\Windows\System\mLRePwR.exe
  C:\Windows\System\mLRePwR.exe
  2⤵
  PID:8768
- C:\Windows\System\mVJDWsf.exe
  C:\Windows\System\mVJDWsf.exe
  2⤵
  PID:9172
- C:\Windows\System\xYUJblP.exe
  C:\Windows\System\xYUJblP.exe
  2⤵
  PID:9220
- C:\Windows\System\IfEsncG.exe
  C:\Windows\System\IfEsncG.exe
  2⤵
  PID:9236
- C:\Windows\System\Qoecxxf.exe
  C:\Windows\System\Qoecxxf.exe
  2⤵
  PID:9256
- C:\Windows\System\GraksmN.exe
  C:\Windows\System\GraksmN.exe
  2⤵
  PID:9272
- C:\Windows\System\DlbyVPA.exe
  C:\Windows\System\DlbyVPA.exe
  2⤵
  PID:9288
- C:\Windows\System\RnnUhke.exe
  C:\Windows\System\RnnUhke.exe
  2⤵
  PID:9304
- C:\Windows\System\EWbfhIa.exe
  C:\Windows\System\EWbfhIa.exe
  2⤵
  PID:9320
- C:\Windows\System\bwFIbrf.exe
  C:\Windows\System\bwFIbrf.exe
  2⤵
  PID:9340
- C:\Windows\System\zuBfJBB.exe
  C:\Windows\System\zuBfJBB.exe
  2⤵
  PID:9360
- C:\Windows\System\rRmnQPF.exe
  C:\Windows\System\rRmnQPF.exe
  2⤵
  PID:9376
- C:\Windows\System\hIDPupJ.exe
  C:\Windows\System\hIDPupJ.exe
  2⤵
  PID:9400
- C:\Windows\System\eXRWpwd.exe
  C:\Windows\System\eXRWpwd.exe
  2⤵
  PID:9416
- C:\Windows\System\NwSIfvx.exe
  C:\Windows\System\NwSIfvx.exe
  2⤵
  PID:9436
- C:\Windows\System\gIraErR.exe
  C:\Windows\System\gIraErR.exe
  2⤵
  PID:9460
- C:\Windows\System\zedtdWk.exe
  C:\Windows\System\zedtdWk.exe
  2⤵
  PID:9480
- C:\Windows\System\vhMrbrz.exe
  C:\Windows\System\vhMrbrz.exe
  2⤵
  PID:9500
- C:\Windows\System\gsZeprD.exe
  C:\Windows\System\gsZeprD.exe
  2⤵
  PID:9528
- C:\Windows\System\layIyOi.exe
  C:\Windows\System\layIyOi.exe
  2⤵
  PID:9548
- C:\Windows\System\adVWkyZ.exe
  C:\Windows\System\adVWkyZ.exe
  2⤵
  PID:9564
- C:\Windows\System\HEsibeI.exe
  C:\Windows\System\HEsibeI.exe
  2⤵
  PID:9580
- C:\Windows\System\LoFRSCa.exe
  C:\Windows\System\LoFRSCa.exe
  2⤵
  PID:9600
- C:\Windows\System\IVpfGqF.exe
  C:\Windows\System\IVpfGqF.exe
  2⤵
  PID:9620
- C:\Windows\System\yKvAxvt.exe
  C:\Windows\System\yKvAxvt.exe
  2⤵
  PID:9640
- C:\Windows\System\LGToGRi.exe
  C:\Windows\System\LGToGRi.exe
  2⤵
  PID:9664
- C:\Windows\System\TpEcmNk.exe
  C:\Windows\System\TpEcmNk.exe
  2⤵
  PID:9680
- C:\Windows\System\mTaWyhQ.exe
  C:\Windows\System\mTaWyhQ.exe
  2⤵
  PID:9704
- C:\Windows\System\qHxtguQ.exe
  C:\Windows\System\qHxtguQ.exe
  2⤵
  PID:9724
- C:\Windows\System\UvnjNeJ.exe
  C:\Windows\System\UvnjNeJ.exe
  2⤵
  PID:9740
- C:\Windows\System\KkaHrvT.exe
  C:\Windows\System\KkaHrvT.exe
  2⤵
  PID:9764
- C:\Windows\System\LayZwYS.exe
  C:\Windows\System\LayZwYS.exe
  2⤵
  PID:9780
- C:\Windows\System\RaaeXyJ.exe
  C:\Windows\System\RaaeXyJ.exe
  2⤵
  PID:9796
- C:\Windows\System\RcrShNZ.exe
  C:\Windows\System\RcrShNZ.exe
  2⤵
  PID:9816
- C:\Windows\System\PervFRq.exe
  C:\Windows\System\PervFRq.exe
  2⤵
  PID:9832
- C:\Windows\System\DXvsnNJ.exe
  C:\Windows\System\DXvsnNJ.exe
  2⤵
  PID:9852
- C:\Windows\System\FZkHRgR.exe
  C:\Windows\System\FZkHRgR.exe
  2⤵
  PID:9868
- C:\Windows\System\ZjVwnGj.exe
  C:\Windows\System\ZjVwnGj.exe
  2⤵
  PID:9900
- C:\Windows\System\xANWUSS.exe
  C:\Windows\System\xANWUSS.exe
  2⤵
  PID:9924
- C:\Windows\System\bdtOzCV.exe
  C:\Windows\System\bdtOzCV.exe
  2⤵
  PID:9940
- C:\Windows\System\wxjKTwP.exe
  C:\Windows\System\wxjKTwP.exe
  2⤵
  PID:9956
- C:\Windows\System\fDwqdOg.exe
  C:\Windows\System\fDwqdOg.exe
  2⤵
  PID:9972
- C:\Windows\System\DUdvEwS.exe
  C:\Windows\System\DUdvEwS.exe
  2⤵
  PID:9992
- C:\Windows\System\SrYzowp.exe
  C:\Windows\System\SrYzowp.exe
  2⤵
  PID:10008
- C:\Windows\System\lYmmoXT.exe
  C:\Windows\System\lYmmoXT.exe
  2⤵
  PID:10060
- C:\Windows\System\rBZuLTc.exe
  C:\Windows\System\rBZuLTc.exe
  2⤵
  PID:10080
- C:\Windows\System\TFjdqZo.exe
  C:\Windows\System\TFjdqZo.exe
  2⤵
  PID:10104
- C:\Windows\System\aaySSxq.exe
  C:\Windows\System\aaySSxq.exe
  2⤵
  PID:10120
- C:\Windows\System\tpbHNwE.exe
  C:\Windows\System\tpbHNwE.exe
  2⤵
  PID:10144
- C:\Windows\System\EHTjLpd.exe
  C:\Windows\System\EHTjLpd.exe
  2⤵
  PID:10160
- C:\Windows\System\bKZneDf.exe
  C:\Windows\System\bKZneDf.exe
  2⤵
  PID:9352
- C:\Windows\System\YSjkPXz.exe
  C:\Windows\System\YSjkPXz.exe
  2⤵
  PID:9332
- C:\Windows\System\vUXKkSm.exe
  C:\Windows\System\vUXKkSm.exe
  2⤵
  PID:9384
- C:\Windows\System\MfKpvxZ.exe
  C:\Windows\System\MfKpvxZ.exe
  2⤵
  PID:9424
- C:\Windows\System\OcJvKxw.exe
  C:\Windows\System\OcJvKxw.exe
  2⤵
  PID:9448
- C:\Windows\System\GrfJkks.exe
  C:\Windows\System\GrfJkks.exe
  2⤵
  PID:9488
- C:\Windows\System\fuDwlwM.exe
  C:\Windows\System\fuDwlwM.exe
  2⤵
  PID:9496
- C:\Windows\System\LflDpbp.exe
  C:\Windows\System\LflDpbp.exe
  2⤵
  PID:9536
- C:\Windows\System\Ppobmsn.exe
  C:\Windows\System\Ppobmsn.exe
  2⤵
  PID:9592
- C:\Windows\System\ZzPqIsz.exe
  C:\Windows\System\ZzPqIsz.exe
  2⤵
  PID:9632
- C:\Windows\System\zLsnvch.exe
  C:\Windows\System\zLsnvch.exe
  2⤵
  PID:9672
- C:\Windows\System\YeRybxN.exe
  C:\Windows\System\YeRybxN.exe
  2⤵
  PID:9696
- C:\Windows\System\LzxjOje.exe
  C:\Windows\System\LzxjOje.exe
  2⤵
  PID:8468
- C:\Windows\System\CkoNnWw.exe
  C:\Windows\System\CkoNnWw.exe
  2⤵
  PID:9756
- C:\Windows\System\nJCqvkS.exe
  C:\Windows\System\nJCqvkS.exe
  2⤵
  PID:9792
- C:\Windows\System\YFiTPWT.exe
  C:\Windows\System\YFiTPWT.exe
  2⤵
  PID:9860
- C:\Windows\System\qGnXsLq.exe
  C:\Windows\System\qGnXsLq.exe
  2⤵
  PID:9908
- C:\Windows\System\jLHuTnl.exe
  C:\Windows\System\jLHuTnl.exe
  2⤵
  PID:9876
- C:\Windows\System\XePNmnN.exe
  C:\Windows\System\XePNmnN.exe
  2⤵
  PID:9984
- C:\Windows\System\IQRpXTZ.exe
  C:\Windows\System\IQRpXTZ.exe
  2⤵
  PID:9880
- C:\Windows\System\ugxtDtc.exe
  C:\Windows\System\ugxtDtc.exe
  2⤵
  PID:9968
- C:\Windows\System\eoUPzJj.exe
  C:\Windows\System\eoUPzJj.exe
  2⤵
  PID:10028
- C:\Windows\System\IyjUyvW.exe
  C:\Windows\System\IyjUyvW.exe
  2⤵
  PID:10048
- C:\Windows\System\TmEhMfQ.exe
  C:\Windows\System\TmEhMfQ.exe
  2⤵
  PID:10092
- C:\Windows\System\FCzEIlj.exe
  C:\Windows\System\FCzEIlj.exe
  2⤵
  PID:10132
- C:\Windows\System\zBJkdWL.exe
  C:\Windows\System\zBJkdWL.exe
  2⤵
  PID:10168
- C:\Windows\System\GIOoUOA.exe
  C:\Windows\System\GIOoUOA.exe
  2⤵
  PID:10188
- C:\Windows\System\JoUQneg.exe
  C:\Windows\System\JoUQneg.exe
  2⤵
  PID:10200
- C:\Windows\System\TputVvb.exe
  C:\Windows\System\TputVvb.exe
  2⤵
  PID:10220
- C:\Windows\System\pNhbWEL.exe
  C:\Windows\System\pNhbWEL.exe
  2⤵
  PID:9244
- C:\Windows\System\guVeXlL.exe
  C:\Windows\System\guVeXlL.exe
  2⤵
  PID:8344
- C:\Windows\System\wSlDrXl.exe
  C:\Windows\System\wSlDrXl.exe
  2⤵
  PID:8808
- C:\Windows\System\KXhQuXq.exe
  C:\Windows\System\KXhQuXq.exe
  2⤵
  PID:9312
- C:\Windows\System\TDHFuSG.exe
  C:\Windows\System\TDHFuSG.exe
  2⤵
  PID:9300
- C:\Windows\System\CcEzhFv.exe
  C:\Windows\System\CcEzhFv.exe
  2⤵
  PID:9408
- C:\Windows\System\FhvaIcL.exe
  C:\Windows\System\FhvaIcL.exe
  2⤵
  PID:9432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AaVVuyL.exe

Filesize
6.0MB

MD5
ef271eac5d01ac5eef0d922b81fafcdd

SHA1
0267411dd381947cebd8a8c72a88ad95b22453dd

SHA256
8c226c370eba645b7d6c79bbdd67a11353bf3948a95906a3bdfd33f6d1eac2c4

SHA512
19bf2d4071d8f694fb9cdaa9ac1ec81a7c234794b716043324c4de2820f362041ba64744898abb423a3f330b8021b7d5f9f4ff28cb47498ae592c26b17b116c2

Download Submit
C:\Windows\system\CdLkRkb.exe

Filesize
6.0MB

MD5
6d0b04220fc41d9c151dd01e84c3b2a3

SHA1
5b6fed538a998889f60a76ba704c077c8b29a99a

SHA256
74dddd67eefb533087593c543590fdc4361f85549833468c8acd521c37925ded

SHA512
6f2f46085e12c773d3b4a11722128e4ff21916995565e5c4acd8cb19cd2b20167c14c66d5b1fdcea5bf8d87f652f7b38f61b53f233720aa4cab9b198b08303f0

Download Submit
C:\Windows\system\DSvFrxE.exe

Filesize
6.0MB

MD5
c47021d8d390bcfb9ab8fb6e27a4069f

SHA1
e58e08f0b7916a4d6841f63ae137526ce46070ef

SHA256
b47e3bb65e23dbe6e7a1a9d76acb104418039e01cd89523a1c5d4f697813e8ea

SHA512
3448754949d2c9af37c2d5a526317617a8d96e54ad57d0e2058d124846ccdfd4dc7eb2ec4ef53fcd8ef5c127db6110ff7287329d5a805538bdbf8b54defa49a3

Download Submit
C:\Windows\system\GxlvKlN.exe

Filesize
6.0MB

MD5
0a666f515ca42d1243b77fb09ef2b0be

SHA1
e6091ed5f70c54a3fcc7a347a3a80b058671b235

SHA256
7ded4317c0ff795fc79def974bff41b0520108a33aca14c53607d8c99eacd814

SHA512
24e291a49eaef70b47b0f16068cd46a2eb15a24a42d132acf22ad51652bd675433903670435ebf1efe9a2c266eab458d41ec482d1159adde6323dd5bac8fdb6a

Download Submit
C:\Windows\system\HXBVSIx.exe

Filesize
6.0MB

MD5
d34a978f346a01d492141f5bffd84a7f

SHA1
ae299c458e959f24787f0347be9c106adb52dcee

SHA256
0601c3a3b4ac7aa7aec8d7fa0e268713a2009dbdbcd58523ff1fc19220764e20

SHA512
e3a5369d21d93ae408da5d064f6ee974d1e54c26e4c0923f2ac47bccef74c32fa9f2a504a30fd13240828550769afc6e42974fd47a9acdd8637e25689d8ce861

Download Submit
C:\Windows\system\KyLByMm.exe

Filesize
6.0MB

MD5
2b04d7602cecc9e4fd296c4423ec3342

SHA1
418d1a974f509a36b3eb4711e7a5b92c54e62dde

SHA256
e7f1c30725f8b56aea018b55158b3933f5d20c04143880c85ef9a622e541ac81

SHA512
647cbb75dd672a9778dbfb0c65ce905d7ece4a50f01b1b9337cd5ef137f1b315659a5614ff69ae96b12df8251ad86e0e7071a59629ac390527edbf4a6dbe82ed

Download Submit
C:\Windows\system\LMFtABJ.exe

Filesize
6.0MB

MD5
7b17466f8c700bc695f28581aa215b96

SHA1
15b711fbfffff9d638cf5c5facb4c6341ce219b3

SHA256
8d0b17535d58e6b878ea7b1742158d16cea74f75b5cc55e8dc7cb251d8dd2bb9

SHA512
f2e47ac352ac7724b093cb65a407ba3e7e1b3f72e23f469118677ab3a3c8668b039efe9cc7d82986c5f9690283ea7d684ef898143af12f79c52713a65ee2654f

Download Submit
C:\Windows\system\MTpCtWI.exe

Filesize
6.0MB

MD5
fd902b113e0494f296c9b18ea683dd88

SHA1
13407514c09c1d1a71583a22a522c65adf488a41

SHA256
cfbbd6040abd9a864c5c1092983ade18e0017f7ba39d5f952b3e072ce22f26bb

SHA512
11b2e66ad4cc31e016a0244382979df11f58d8d5f28dbe78e6683e4a9da860aaa7ce4bdd984de7c5b30c7436625bd2324107c9482d59da4a6200500aba0b6476

Download Submit
C:\Windows\system\NzkEQex.exe

Filesize
6.0MB

MD5
e1373d4a6f5f6d6bb0ba08c4c3d1cb7b

SHA1
d2f6b1684e6c87d28b782fdec3f80a8022ae2dd8

SHA256
64bf077dfaeeae114e8f9336e80c5d56fa5afa23b1f76f659abd9baaa48b16f9

SHA512
68471cf0a2005277c434f4c6801c7e56ecfa20483a118526e062cdd224fb0b8af5a634458a2ddaced93725575a37731122f90e61d36094ab47ec2ba34a6c089e

Download Submit
C:\Windows\system\OlFJIhe.exe

Filesize
6.0MB

MD5
abf5b9813ac2b39b53eead5d18d7db43

SHA1
7c07093cd75a234443c55e37a4e96b2e27888db4

SHA256
bdcd362ed324f27c0c586fcebf7823e88f87846510165077239e87f5dca2f2b3

SHA512
afd2f5d6b0f21c0fd36c66bfce4c01552d0cc3a4fda9c6595d5bd0b6aacf6de3ef8f6be71c849a3000badff5f82531f34d4436523d2b8485136bca3a810e1442

Download Submit
C:\Windows\system\OlvMWNZ.exe

Filesize
6.0MB

MD5
38a6198bf75346f5541ddc095b1994ac

SHA1
2b513b142655f2994c0b5ea9b2c1d73d002d823e

SHA256
72c3b1828576f1154d7dc423d97cdd8adc4297713f6b5a40e9c52a468ce74c84

SHA512
355f41bf2628b13dc23ee4da36ed66a126a9313d40a7dbefb16fa315f49d22dbd6cab1c5c57c6a5f9e1210502298687ef1d8255d60eea1c3348303212b3d2019

Download Submit
C:\Windows\system\QDvjYYO.exe

Filesize
6.0MB

MD5
83f3925f1957f08fc5792b47adb52f45

SHA1
601997901e2f1e1ca0b04d570efed3c198bb004c

SHA256
1da33b3615a15bc689febc6a8b6bc19e322eb17bb7a5db8791b1573123626e62

SHA512
d3ab4b103ba7f87bdb112ecb700b652097849dd03757df57c2a9aad3476c9db41f480a8a0368a58c0350894f3afc8531bfc05e25dd7308df5e0c2bb27507d755

Download Submit
C:\Windows\system\SFIUBwP.exe

Filesize
6.0MB

MD5
6e471635ac24915c31209bacbb6f11ac

SHA1
5b032befc85627158aa58fe984882fcdb624b331

SHA256
09a24593d2f3677c1ae4e1f8c2f8290a7f2732565e7b2c35c8e82849837e6eff

SHA512
7aa50294384d01d52f7e72dc0115e7d935cb6c53f35d9cbeae62c02e036c2392d7cde93a83488da4237cabde76e8eac42a2b21dc341a70c8116da95981e719f8

Download Submit
C:\Windows\system\UUoPegL.exe

Filesize
6.0MB

MD5
50822213915c1391f342d9844779c398

SHA1
34a6823351ff2ede08d172434bf7caae9bdd2adf

SHA256
ff9f5add688ce96bc52bff2383473a0bac045f1c174790679f0df1213d4f9584

SHA512
e207dca03661ea97e36f21ae9f3f139a1db224db024a3e8364d346750e4103d3359bfbc649da5076835776916a2cae5f459e0dfb20d7c0d48856884d4576dd3e

Download Submit
C:\Windows\system\VErvmZv.exe

Filesize
6.0MB

MD5
7846e34bf4944643bc50215308f5e211

SHA1
f2f5982cc2f3a02f4fa81cab22ea966f53eae828

SHA256
a8bb603941d1399aead769a3158ed93febf37c45218ab0ecc129f21b83dd8516

SHA512
a54dc1c6c242f90fe3860acedada3c91b0431bfcb20e27fa166c548fd89af3d8edc52fb43125ef253f7642e1b02b16886d5aded7eeb05d26afa80734000a50df

Download Submit
C:\Windows\system\VyMdAHa.exe

Filesize
6.0MB

MD5
270bccf4e649864f6d0df7ae728965fd

SHA1
ffab0b7c02c7bbe3ff7c4078871cb5acc08f19ac

SHA256
5605c1c82017ba13856cf575e878bae56d8996a328f958afd18783859cf8273f

SHA512
d589f552c7e69ec23e8248f9666b834f1d5352c13d984d04b8ec7fd859fbb3fc7585daa8fb00e8bd45c46b423ed7088862f6b8bdff97d6947aa6e86734fec724

Download Submit
C:\Windows\system\YBMHITM.exe

Filesize
6.0MB

MD5
e56e4208051779a157cd76366ab46004

SHA1
46e66f074510a1708b6ab5b1e23e364a3c8d8e48

SHA256
015dca583634d4f02235a2e328a5968da450ee7ee987d20c25e3c2d1f0b8321b

SHA512
0779cd66bc04cc598769f2fc6ce3415e844de0aba40e59febcb4ebbbf89dc83cf7f4390bbf46ce994a89ab6a957c9eba66d57116969f516ede5c99e140f24941

Download Submit
C:\Windows\system\bTprlpi.exe

Filesize
6.0MB

MD5
7f7674c3be25b73f321824c218263086

SHA1
8815b58655993ccab612b1384ea7c04ad141810a

SHA256
82e4e955d47676d2e96b69c9bb4866acf3465ed2bb7cbb0a01acf2bdddf95c05

SHA512
de8d2a7009781904ff99ffd294f13f565716a9955787dcd09a992ab582722f6bf5dbd94beda2f502843d76cf2a80645c96ac3ca2f0886973a179c6771f31fb29

Download Submit
C:\Windows\system\cyqPmzp.exe

Filesize
6.0MB

MD5
57f821278069bbbbd5bb516d6b61e002

SHA1
3fcff5ddf7ec5177ee60246bdd7728cfe80aaff4

SHA256
061385d22b4a276639b9f4dad9a13a9046e142073b9b20abde1375de380321c8

SHA512
c9e906adf7cddfcaad78f3fdef4f62194001400e2c5e4ed1f2af6ed842ab78b9a9e1749a1adb70e016c819a580477e98a23a94f5d5f81e9284842d120308bdf5

Download Submit
C:\Windows\system\eClbiEc.exe

Filesize
6.0MB

MD5
71062aba93a924bfc44c52adeef3000e

SHA1
e5452d933ba41f3d5feb5e988902f1bcd68e789b

SHA256
8f66cc5b52f1030628d1fb809b2332879d8e986b7adc4b96ef10e1b552144c80

SHA512
50df5ebf55f925ef17a0c7bf0e072e09180cdc45eb1bbec02ed4ff410b19579c661e855c8c978552fef30661bf308ba4edf1020977fab7da2244b6d970a53466

Download Submit
C:\Windows\system\kbrRIir.exe

Filesize
6.0MB

MD5
5a2c9473265c74a7550e58f1af4bd5c5

SHA1
4f4deff998d80a1efbbb00934784ee6550a18e2c

SHA256
2588a18f7fd159370485343bc063d4634484d18f8ca04034825987f5e4f49ace

SHA512
0bf77d3198f6e99dd993013723078094f4de950fa93f446acdea25f10b1104375bbed301b661204c109bff41755c76f530400b22387266a08ad895fd1869b03d

Download Submit
C:\Windows\system\myJerFJ.exe

Filesize
6.0MB

MD5
5255330abffc92ed5b81429f46f71632

SHA1
af0a080c0a544d646514aa6c299c0d81171f4f70

SHA256
54cf10b1dda7279544d9673af76605718158092ce8e2dc5c19886006bc4ee514

SHA512
b4631e3548b08584a10895227881a00df77c3e2a18b133f95f228701c7c7e7dcfa3171843125718e0f03e819708df6a8cabea0a8c75ec58947dbb80660eca103

Download Submit
C:\Windows\system\rdIRpEz.exe

Filesize
6.0MB

MD5
2ce3bb7a531b684803980d530ea0d200

SHA1
c27d9130b077dd6aedb87e74b341a109149de16a

SHA256
84606b2366458f93eb8ffc3601a9747ce27937c14b06d6e06d36757529947ea2

SHA512
aa67bdbf1f2ac9fd5d7d05e3f58e621933e8ebc5e4a9382e813b9f679155a485a8ced1c6314a27b258db14c474cd18692c6f482e6aad01edb46c5d11ec115371

Download Submit
C:\Windows\system\sKVfUXE.exe

Filesize
6.0MB

MD5
54b869b24b916ff0c6720083c1782b0c

SHA1
9eeb68f74877afa5b3a6224c9850b82cc45c1174

SHA256
649edf16d0e454f4805a33e95c8403085962d96e39d0be8c23fda5c39198456d

SHA512
47845ef3ee4848ea877552b4dd12a7ca3a0c755214533387ba4b2679ad8a5bbe89c57fff05b55ca011b7cc394eba0feb6d7e65bc80f494c1e173602ae7849a96

Download Submit
C:\Windows\system\syZEPiR.exe

Filesize
6.0MB

MD5
ae75c8e6f2950bcb5270113c7c4cf366

SHA1
46e30311c4f48ff61b0b5d78d346bd3e42c10799

SHA256
566c258b1b2640d2554ed8cf89c150d84943078318cdc68835dc0f9d8da6e236

SHA512
ebb77dbdc94e21f25612afe5d8331a06f787393f7dc15169c7dc888e27151dc958ed42249a1b7ad437a77be4c89975681a454904e7dd4c6d1ec488f5e21af8ed

Download Submit
C:\Windows\system\tRaDRUa.exe

Filesize
6.0MB

MD5
c96dac8a3bfeb1a17b207d7aa6c6fa96

SHA1
fc8b67781bc624d8556b21fd650462ce758b4452

SHA256
d320cdf07e315c4d1af409b5843f2d0a188dbd28e4c9d4b7a9c5a04a84385332

SHA512
4deee0d2a21665d0189c44344c66f67b8bb2a3a2c9427398044af314ea8330485be00db51d2d5c326a37d90514a8bbc0f526b2204bec48c355c5ca23169ecb7f

Download Submit
C:\Windows\system\uVbbrmn.exe

Filesize
6.0MB

MD5
2fa5db500821f49409f32198e500fe0c

SHA1
5a9b69863250f4c0bff6edf8353212754d445a8a

SHA256
8734baaa47606607609a11b12fae59fa00f4e33d2490880a0f657a15943cb8dd

SHA512
14eb251552fe4ee986d3558213b387d03dc38c223ffbef26b2bd1789c1175f8bf023e10efe2de970dbebd33f839f7d457e53136db6192686dd45a0961c69a988

Download Submit
C:\Windows\system\wCwvCqA.exe

Filesize
6.0MB

MD5
333fd65836684ce9ac3a666214b528d4

SHA1
fa93d64791973323f7b3e332a9bc187e9fc09a3d

SHA256
84487bd6f3ea280e126f9d8a21f5cd2d350c0ef289ad93b42a166fbea5c53c3f

SHA512
1762d22343cac417c33752372aa7a1cb9bdf017d2a51444e1750a376fcf8e1562ad39e19c597a1334c8822c7e7aa152400e4dce009f5c6adb8ceef8fb751e59c

Download Submit
C:\Windows\system\wcSKBUG.exe

Filesize
6.0MB

MD5
a3a5d0c15b29b398c15e98109b3c4bf7

SHA1
e5e419c55737584d1cbf097bbd045f3973c3d819

SHA256
7f9ddeb8ff8f863571c41c113baaa6feacbd3f453883365443313224ae102968

SHA512
775e77bd33e91cfcd65151b3a3785e4edaf358c340b5bb58b5dd0f1d2bb42cd5dd5439822331a7d62c5ce4d58c9b527918c65073b40c3b749b06161dc3acd40e

Download Submit
C:\Windows\system\xhWZJEZ.exe

Filesize
6.0MB

MD5
5039c7f10f956fc4daf255ed80ba708f

SHA1
e7349bd116513f1cae0ab9c05f218e825a79847e

SHA256
18c46c8641dc0234532d7879eb646e98a5b691aa30fa7009c7d29277486d2bff

SHA512
54f101563d9a664edddc54570b301ba5eb99b875793a8c1fe9ff40924677b7ce7ec7610e571ffd71d771bed881de18d4ff0596393a8002a3577ab6788270d823

Download Submit
\Windows\system\MRftwiC.exe

Filesize
6.0MB

MD5
4d2b08ddb538274604e59f34d754df0f

SHA1
1a33d23e1805d4ecf87444825c6635038fc56692

SHA256
21f9e266c8b4af088bb8ed12bfa515a0f2c1ca9c6158bcea8c2d16a528173e4d

SHA512
397f6acd7de7357d0d1675c7bc4c1a2e3f998a96dc66c0d4867e5f11d8bacdef98fdbfe0344224a57a71b7a4e7ad5633a997cf5caa3e873d31d5a0c82049814b

Download Submit
\Windows\system\uCLYFGZ.exe

Filesize
6.0MB

MD5
2fdfdd58dc7ad5c7220f782cca565870

SHA1
35061d19c647c5d8f070126cc4bca1fc52713ee0

SHA256
ca2a01bd12a50bf64626173d1a161b764a97777540c98bb7a0e1030a3c83b91d

SHA512
8490c13c3472563e4eb030f61a3e1d18f9f8d3c8600c2be69e485156888f9f466c67386efca1a5982d046dfa0cf7b2f753f31e6192a7344c502edaae132a7ec1

Download Submit
memory/1236-9-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-1445-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-43-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-100-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1248-404-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1248-1443-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1692-1442-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-92-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-306-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-87-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1736-72-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1736-39-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1736-361-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1736-40-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1736-254-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-30-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1736-34-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1736-56-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1736-0-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1736-48-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-64-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1736-180-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1736-24-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1736-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1736-21-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-425-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1736-88-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-427-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1736-13-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-96-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1736-104-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1736-105-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1736-6-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1736-114-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1736-113-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1944-83-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1944-1441-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1944-212-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2024-1635-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-22-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-59-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-1435-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2144-67-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2144-28-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2152-1436-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2152-82-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2152-44-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2248-149-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-76-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1440-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-91-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2252-1437-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2252-53-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2420-16-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-52-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1433-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1439-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2884-68-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2884-108-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2908-109-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1444-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2908-426-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2920-60-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2920-99-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1438-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/3048-35-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-75-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1434-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download