cobaltstrike | 0448939f66d7dbf5c6ed7ae27049623cae8ded1172ba2c1382efcfa3f0971d06

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

dc3958322836c61461821b783c09794a
SHA1

a1a98cfab70e07f96f35144b5b2678bfccf220a4
SHA256

0448939f66d7dbf5c6ed7ae27049623cae8ded1172ba2c1382efcfa3f0971d06
SHA512

29d4cddcdb868dc27f491bddac9481465a2aa70cdb9d1b7fb21e0aa953e5a42ca389ce1b5bc4eb71380f41b3137448892546e8bb97a12256d56621ff7b3f2fc8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU9:T+q56utgpPF8u/79

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\VUNvUVe.exe	cobalt_reflective_dll
C:\Windows\system\BMDKXEL.exe	cobalt_reflective_dll
C:\Windows\system\yxYIKnv.exe	cobalt_reflective_dll
C:\Windows\system\MuNHLKR.exe	cobalt_reflective_dll
C:\Windows\system\SxFhXyw.exe	cobalt_reflective_dll
C:\Windows\system\mkQflxa.exe	cobalt_reflective_dll
C:\Windows\system\PMlbjRC.exe	cobalt_reflective_dll
C:\Windows\system\xjUFqeP.exe	cobalt_reflective_dll
C:\Windows\system\KgpRWCi.exe	cobalt_reflective_dll
C:\Windows\system\XccjuEy.exe	cobalt_reflective_dll
C:\Windows\system\HAusNMD.exe	cobalt_reflective_dll
C:\Windows\system\DehuZAm.exe	cobalt_reflective_dll
C:\Windows\system\utrpdjZ.exe	cobalt_reflective_dll
C:\Windows\system\IAjyqxi.exe	cobalt_reflective_dll
C:\Windows\system\yfYSLfC.exe	cobalt_reflective_dll
\Windows\system\eokJolO.exe	cobalt_reflective_dll
\Windows\system\oECqXCb.exe	cobalt_reflective_dll
C:\Windows\system\LVsSmKT.exe	cobalt_reflective_dll
C:\Windows\system\foFIdAH.exe	cobalt_reflective_dll
\Windows\system\ScPbXIB.exe	cobalt_reflective_dll
C:\Windows\system\tTKUIJl.exe	cobalt_reflective_dll
\Windows\system\tItXEtF.exe	cobalt_reflective_dll
C:\Windows\system\KMnzrEr.exe	cobalt_reflective_dll
\Windows\system\ZowTLpO.exe	cobalt_reflective_dll
C:\Windows\system\kIRyBFs.exe	cobalt_reflective_dll
C:\Windows\system\bfZsdzd.exe	cobalt_reflective_dll
C:\Windows\system\BOpjYKw.exe	cobalt_reflective_dll
\Windows\system\bEAoipO.exe	cobalt_reflective_dll
C:\Windows\system\wMSZSIp.exe	cobalt_reflective_dll
C:\Windows\system\pEdORNm.exe	cobalt_reflective_dll
C:\Windows\system\WFWktzf.exe	cobalt_reflective_dll
C:\Windows\system\vXyVlDy.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1528-0-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
\Windows\system\VUNvUVe.exe	xmrig
C:\Windows\system\BMDKXEL.exe	xmrig
C:\Windows\system\yxYIKnv.exe	xmrig
C:\Windows\system\MuNHLKR.exe	xmrig
behavioral1/memory/2364-36-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2712-11-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
C:\Windows\system\SxFhXyw.exe	xmrig
behavioral1/memory/3020-60-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2264-69-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2860-85-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2648-94-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2820-93-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
C:\Windows\system\mkQflxa.exe	xmrig
behavioral1/memory/2740-84-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
C:\Windows\system\PMlbjRC.exe	xmrig
behavioral1/memory/2808-78-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2364-77-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
C:\Windows\system\xjUFqeP.exe	xmrig
behavioral1/memory/1528-74-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/memory/1200-73-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2116-106-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/1528-105-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
C:\Windows\system\KgpRWCi.exe	xmrig
C:\Windows\system\XccjuEy.exe	xmrig
behavioral1/memory/1528-111-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2264-108-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1528-101-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/3020-100-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/1688-68-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
C:\Windows\system\HAusNMD.exe	xmrig
behavioral1/memory/1528-113-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/memory/2988-64-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1484-59-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
C:\Windows\system\DehuZAm.exe	xmrig
behavioral1/memory/2808-114-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2820-53-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2740-45-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
C:\Windows\system\utrpdjZ.exe	xmrig
behavioral1/memory/2712-41-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1528-35-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1200-33-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1688-31-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
C:\Windows\system\IAjyqxi.exe	xmrig
behavioral1/memory/2988-29-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
C:\Windows\system\yfYSLfC.exe	xmrig
behavioral1/memory/2860-115-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/1484-26-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
\Windows\system\eokJolO.exe	xmrig
\Windows\system\oECqXCb.exe	xmrig
C:\Windows\system\LVsSmKT.exe	xmrig
C:\Windows\system\foFIdAH.exe	xmrig
behavioral1/memory/2648-145-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
\Windows\system\ScPbXIB.exe	xmrig
C:\Windows\system\tTKUIJl.exe	xmrig
\Windows\system\tItXEtF.exe	xmrig
C:\Windows\system\KMnzrEr.exe	xmrig
\Windows\system\ZowTLpO.exe	xmrig
C:\Windows\system\kIRyBFs.exe	xmrig
C:\Windows\system\bfZsdzd.exe	xmrig
C:\Windows\system\BOpjYKw.exe	xmrig
behavioral1/memory/1528-223-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
\Windows\system\bEAoipO.exe	xmrig
C:\Windows\system\wMSZSIp.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

VUNvUVe.exeBMDKXEL.exeyfYSLfC.exeIAjyqxi.exeyxYIKnv.exeMuNHLKR.exeutrpdjZ.exeSxFhXyw.exeDehuZAm.exeHAusNMD.exexjUFqeP.exePMlbjRC.exemkQflxa.exeKgpRWCi.exeXccjuEy.exeeokJolO.exetTKUIJl.exefoFIdAH.exeLVsSmKT.exeoECqXCb.exeScPbXIB.exetItXEtF.exeKMnzrEr.exevXyVlDy.exewMSZSIp.exeZowTLpO.exeWFWktzf.exekIRyBFs.exebfZsdzd.exebEAoipO.exeBOpjYKw.exepEdORNm.exeQpOMFiD.exeWApBVAr.exeVDJGocC.exeCFaCRoI.exehgcowrP.exeYHVlOUl.exelhjftuI.exeScpFlOo.exepMGXqGd.exePpeapSc.exeMKsdWak.exerlxFNfC.exeukVHXNc.exejBXRNni.exeszSWQGd.exeTegQZWx.exeUGVEsFI.exeRjzvGyH.exeAnSxBAN.execsWGjhQ.exehnyRjtp.exexCjdAlO.execEgSFhX.exeRfVSimU.exerrCQTrl.exeZecqgFX.exeaZZbWYd.exeKMQdGtx.exezbszyzz.exeRLxzWYD.exeUHESgOL.exefdWuuCV.exe

pid	process
2712	VUNvUVe.exe
1484	BMDKXEL.exe
2988	yfYSLfC.exe
1688	IAjyqxi.exe
1200	yxYIKnv.exe
2364	MuNHLKR.exe
2740	utrpdjZ.exe
2820	SxFhXyw.exe
3020	DehuZAm.exe
2264	HAusNMD.exe
2808	xjUFqeP.exe
2860	PMlbjRC.exe
2648	mkQflxa.exe
2116	KgpRWCi.exe
2324	XccjuEy.exe
2020	eokJolO.exe
2952	tTKUIJl.exe
2948	foFIdAH.exe
1776	LVsSmKT.exe
1316	oECqXCb.exe
860	ScPbXIB.exe
2336	tItXEtF.exe
2488	KMnzrEr.exe
1124	vXyVlDy.exe
2224	wMSZSIp.exe
1632	ZowTLpO.exe
1652	WFWktzf.exe
320	kIRyBFs.exe
2248	bfZsdzd.exe
1520	bEAoipO.exe
580	BOpjYKw.exe
748	pEdORNm.exe
2184	QpOMFiD.exe
2516	WApBVAr.exe
1772	VDJGocC.exe
1364	CFaCRoI.exe
3032	hgcowrP.exe
2492	YHVlOUl.exe
876	lhjftuI.exe
2212	ScpFlOo.exe
1768	pMGXqGd.exe
1032	PpeapSc.exe
2440	MKsdWak.exe
3016	rlxFNfC.exe
1980	ukVHXNc.exe
2052	jBXRNni.exe
2592	szSWQGd.exe
2288	TegQZWx.exe
1560	UGVEsFI.exe
1664	RjzvGyH.exe
2480	AnSxBAN.exe
1564	csWGjhQ.exe
2560	hnyRjtp.exe
2848	xCjdAlO.exe
1084	cEgSFhX.exe
2104	RfVSimU.exe
3004	rrCQTrl.exe
568	ZecqgFX.exe
2076	aZZbWYd.exe
2484	KMQdGtx.exe
2372	zbszyzz.exe
1620	RLxzWYD.exe
2476	UHESgOL.exe
1608	fdWuuCV.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1528-0-0x000000013F610000-0x000000013F964000-memory.dmp	upx
\Windows\system\VUNvUVe.exe	upx
C:\Windows\system\BMDKXEL.exe	upx
C:\Windows\system\yxYIKnv.exe	upx
C:\Windows\system\MuNHLKR.exe	upx
behavioral1/memory/2364-36-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2712-11-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
C:\Windows\system\SxFhXyw.exe	upx
behavioral1/memory/3020-60-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2264-69-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2860-85-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2648-94-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2820-93-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
C:\Windows\system\mkQflxa.exe	upx
behavioral1/memory/2740-84-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
C:\Windows\system\PMlbjRC.exe	upx
behavioral1/memory/2808-78-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2364-77-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
C:\Windows\system\xjUFqeP.exe	upx
behavioral1/memory/1200-73-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2116-106-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
C:\Windows\system\KgpRWCi.exe	upx
C:\Windows\system\XccjuEy.exe	upx
behavioral1/memory/2264-108-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/3020-100-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/1688-68-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
C:\Windows\system\HAusNMD.exe	upx
behavioral1/memory/2988-64-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/1484-59-0x000000013F430000-0x000000013F784000-memory.dmp	upx
C:\Windows\system\DehuZAm.exe	upx
behavioral1/memory/2808-114-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2820-53-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2740-45-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
C:\Windows\system\utrpdjZ.exe	upx
behavioral1/memory/2712-41-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1528-35-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1200-33-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1688-31-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
C:\Windows\system\IAjyqxi.exe	upx
behavioral1/memory/2988-29-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
C:\Windows\system\yfYSLfC.exe	upx
behavioral1/memory/2860-115-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/1484-26-0x000000013F430000-0x000000013F784000-memory.dmp	upx
\Windows\system\eokJolO.exe	upx
\Windows\system\oECqXCb.exe	upx
C:\Windows\system\LVsSmKT.exe	upx
C:\Windows\system\foFIdAH.exe	upx
behavioral1/memory/2648-145-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
\Windows\system\ScPbXIB.exe	upx
C:\Windows\system\tTKUIJl.exe	upx
\Windows\system\tItXEtF.exe	upx
C:\Windows\system\KMnzrEr.exe	upx
\Windows\system\ZowTLpO.exe	upx
C:\Windows\system\kIRyBFs.exe	upx
C:\Windows\system\bfZsdzd.exe	upx
C:\Windows\system\BOpjYKw.exe	upx
\Windows\system\bEAoipO.exe	upx
C:\Windows\system\wMSZSIp.exe	upx
C:\Windows\system\pEdORNm.exe	upx
behavioral1/memory/2116-244-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2988-3197-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2740-3200-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2364-3202-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2712-3201-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\oKgZOFk.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzkFgtC.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwphZpG.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxejwMO.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttDHOYV.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjMvoJo.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoafhWT.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOLSXAx.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTVBFMA.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdsJQyp.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRVpJFe.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eEncegt.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUXawrU.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuPhwKE.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DASDreK.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVtVPkV.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqrnEmN.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTIoaMZ.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyAFKiO.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTotzWl.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRYErwG.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cklTHSG.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGeTAeZ.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLYyTRS.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\prtrGSb.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHsPXDs.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqKfmQe.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDuSCbY.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npPTxJx.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JatTiGL.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIUbZJs.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbYRRLM.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSPPaNb.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPAEyYE.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpqGImW.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJwqEJl.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MuNHLKR.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FABbyIb.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDqzmuh.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbbtxHh.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRFlHie.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltyiHAt.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJJcGau.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdVjuPc.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmlBByf.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucLqJwU.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MuIRKUB.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSKGeSi.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\werBanX.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAitfRo.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPvQLlL.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqqgarV.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNWZxOl.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdJhGUa.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZrEDZo.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKyUHom.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzgvDFn.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkkSGKs.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFsxrnl.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmLnnYF.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSCkhiK.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyqcOyW.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBsGkCW.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYiYkFk.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1528 wrote to memory of 2712	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	VUNvUVe.exe
PID 1528 wrote to memory of 2712	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	VUNvUVe.exe
PID 1528 wrote to memory of 2712	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	VUNvUVe.exe
PID 1528 wrote to memory of 1484	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	BMDKXEL.exe
PID 1528 wrote to memory of 1484	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	BMDKXEL.exe
PID 1528 wrote to memory of 1484	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	BMDKXEL.exe
PID 1528 wrote to memory of 1200	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	yxYIKnv.exe
PID 1528 wrote to memory of 1200	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	yxYIKnv.exe
PID 1528 wrote to memory of 1200	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	yxYIKnv.exe
PID 1528 wrote to memory of 2988	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	yfYSLfC.exe
PID 1528 wrote to memory of 2988	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	yfYSLfC.exe
PID 1528 wrote to memory of 2988	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	yfYSLfC.exe
PID 1528 wrote to memory of 2364	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	MuNHLKR.exe
PID 1528 wrote to memory of 2364	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	MuNHLKR.exe
PID 1528 wrote to memory of 2364	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	MuNHLKR.exe
PID 1528 wrote to memory of 1688	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	IAjyqxi.exe
PID 1528 wrote to memory of 1688	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	IAjyqxi.exe
PID 1528 wrote to memory of 1688	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	IAjyqxi.exe
PID 1528 wrote to memory of 2740	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	utrpdjZ.exe
PID 1528 wrote to memory of 2740	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	utrpdjZ.exe
PID 1528 wrote to memory of 2740	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	utrpdjZ.exe
PID 1528 wrote to memory of 2820	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	SxFhXyw.exe
PID 1528 wrote to memory of 2820	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	SxFhXyw.exe
PID 1528 wrote to memory of 2820	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	SxFhXyw.exe
PID 1528 wrote to memory of 3020	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	DehuZAm.exe
PID 1528 wrote to memory of 3020	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	DehuZAm.exe
PID 1528 wrote to memory of 3020	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	DehuZAm.exe
PID 1528 wrote to memory of 2264	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	HAusNMD.exe
PID 1528 wrote to memory of 2264	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	HAusNMD.exe
PID 1528 wrote to memory of 2264	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	HAusNMD.exe
PID 1528 wrote to memory of 2808	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	xjUFqeP.exe
PID 1528 wrote to memory of 2808	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	xjUFqeP.exe
PID 1528 wrote to memory of 2808	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	xjUFqeP.exe
PID 1528 wrote to memory of 2860	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	PMlbjRC.exe
PID 1528 wrote to memory of 2860	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	PMlbjRC.exe
PID 1528 wrote to memory of 2860	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	PMlbjRC.exe
PID 1528 wrote to memory of 2648	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	mkQflxa.exe
PID 1528 wrote to memory of 2648	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	mkQflxa.exe
PID 1528 wrote to memory of 2648	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	mkQflxa.exe
PID 1528 wrote to memory of 2116	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	KgpRWCi.exe
PID 1528 wrote to memory of 2116	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	KgpRWCi.exe
PID 1528 wrote to memory of 2116	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	KgpRWCi.exe
PID 1528 wrote to memory of 2324	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	XccjuEy.exe
PID 1528 wrote to memory of 2324	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	XccjuEy.exe
PID 1528 wrote to memory of 2324	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	XccjuEy.exe
PID 1528 wrote to memory of 2020	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	eokJolO.exe
PID 1528 wrote to memory of 2020	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	eokJolO.exe
PID 1528 wrote to memory of 2020	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	eokJolO.exe
PID 1528 wrote to memory of 2952	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	tTKUIJl.exe
PID 1528 wrote to memory of 2952	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	tTKUIJl.exe
PID 1528 wrote to memory of 2952	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	tTKUIJl.exe
PID 1528 wrote to memory of 2948	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	foFIdAH.exe
PID 1528 wrote to memory of 2948	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	foFIdAH.exe
PID 1528 wrote to memory of 2948	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	foFIdAH.exe
PID 1528 wrote to memory of 1316	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	oECqXCb.exe
PID 1528 wrote to memory of 1316	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	oECqXCb.exe
PID 1528 wrote to memory of 1316	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	oECqXCb.exe
PID 1528 wrote to memory of 1776	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	LVsSmKT.exe
PID 1528 wrote to memory of 1776	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	LVsSmKT.exe
PID 1528 wrote to memory of 1776	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	LVsSmKT.exe
PID 1528 wrote to memory of 860	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ScPbXIB.exe
PID 1528 wrote to memory of 860	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ScPbXIB.exe
PID 1528 wrote to memory of 860	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ScPbXIB.exe
PID 1528 wrote to memory of 2336	1528	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	tItXEtF.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\System\VUNvUVe.exe
  C:\Windows\System\VUNvUVe.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\BMDKXEL.exe
  C:\Windows\System\BMDKXEL.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\yxYIKnv.exe
  C:\Windows\System\yxYIKnv.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\yfYSLfC.exe
  C:\Windows\System\yfYSLfC.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\MuNHLKR.exe
  C:\Windows\System\MuNHLKR.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\IAjyqxi.exe
  C:\Windows\System\IAjyqxi.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\utrpdjZ.exe
  C:\Windows\System\utrpdjZ.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\SxFhXyw.exe
  C:\Windows\System\SxFhXyw.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\DehuZAm.exe
  C:\Windows\System\DehuZAm.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\HAusNMD.exe
  C:\Windows\System\HAusNMD.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\xjUFqeP.exe
  C:\Windows\System\xjUFqeP.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\PMlbjRC.exe
  C:\Windows\System\PMlbjRC.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\mkQflxa.exe
  C:\Windows\System\mkQflxa.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\KgpRWCi.exe
  C:\Windows\System\KgpRWCi.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\XccjuEy.exe
  C:\Windows\System\XccjuEy.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\eokJolO.exe
  C:\Windows\System\eokJolO.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\tTKUIJl.exe
  C:\Windows\System\tTKUIJl.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\foFIdAH.exe
  C:\Windows\System\foFIdAH.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\oECqXCb.exe
  C:\Windows\System\oECqXCb.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\LVsSmKT.exe
  C:\Windows\System\LVsSmKT.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\ScPbXIB.exe
  C:\Windows\System\ScPbXIB.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\tItXEtF.exe
  C:\Windows\System\tItXEtF.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\KMnzrEr.exe
  C:\Windows\System\KMnzrEr.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\vXyVlDy.exe
  C:\Windows\System\vXyVlDy.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\kIRyBFs.exe
  C:\Windows\System\kIRyBFs.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\wMSZSIp.exe
  C:\Windows\System\wMSZSIp.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\bfZsdzd.exe
  C:\Windows\System\bfZsdzd.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ZowTLpO.exe
  C:\Windows\System\ZowTLpO.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\bEAoipO.exe
  C:\Windows\System\bEAoipO.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\WFWktzf.exe
  C:\Windows\System\WFWktzf.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\BOpjYKw.exe
  C:\Windows\System\BOpjYKw.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\pEdORNm.exe
  C:\Windows\System\pEdORNm.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\QpOMFiD.exe
  C:\Windows\System\QpOMFiD.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\WApBVAr.exe
  C:\Windows\System\WApBVAr.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\VDJGocC.exe
  C:\Windows\System\VDJGocC.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\CFaCRoI.exe
  C:\Windows\System\CFaCRoI.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\hgcowrP.exe
  C:\Windows\System\hgcowrP.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\YHVlOUl.exe
  C:\Windows\System\YHVlOUl.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\lhjftuI.exe
  C:\Windows\System\lhjftuI.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\ScpFlOo.exe
  C:\Windows\System\ScpFlOo.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\pMGXqGd.exe
  C:\Windows\System\pMGXqGd.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\PpeapSc.exe
  C:\Windows\System\PpeapSc.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\MKsdWak.exe
  C:\Windows\System\MKsdWak.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\rlxFNfC.exe
  C:\Windows\System\rlxFNfC.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\jBXRNni.exe
  C:\Windows\System\jBXRNni.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\ukVHXNc.exe
  C:\Windows\System\ukVHXNc.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\szSWQGd.exe
  C:\Windows\System\szSWQGd.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\TegQZWx.exe
  C:\Windows\System\TegQZWx.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\AnSxBAN.exe
  C:\Windows\System\AnSxBAN.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\UGVEsFI.exe
  C:\Windows\System\UGVEsFI.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\csWGjhQ.exe
  C:\Windows\System\csWGjhQ.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\RjzvGyH.exe
  C:\Windows\System\RjzvGyH.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\hnyRjtp.exe
  C:\Windows\System\hnyRjtp.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\xCjdAlO.exe
  C:\Windows\System\xCjdAlO.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\RfVSimU.exe
  C:\Windows\System\RfVSimU.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\cEgSFhX.exe
  C:\Windows\System\cEgSFhX.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\rrCQTrl.exe
  C:\Windows\System\rrCQTrl.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\ZecqgFX.exe
  C:\Windows\System\ZecqgFX.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\zbszyzz.exe
  C:\Windows\System\zbszyzz.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\aZZbWYd.exe
  C:\Windows\System\aZZbWYd.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\RLxzWYD.exe
  C:\Windows\System\RLxzWYD.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\KMQdGtx.exe
  C:\Windows\System\KMQdGtx.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\fdWuuCV.exe
  C:\Windows\System\fdWuuCV.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\UHESgOL.exe
  C:\Windows\System\UHESgOL.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\wQHGYTG.exe
  C:\Windows\System\wQHGYTG.exe
  2⤵
  PID:2788
- C:\Windows\System\VJVeavt.exe
  C:\Windows\System\VJVeavt.exe
  2⤵
  PID:2804
- C:\Windows\System\GhbHBMj.exe
  C:\Windows\System\GhbHBMj.exe
  2⤵
  PID:1272
- C:\Windows\System\JatTiGL.exe
  C:\Windows\System\JatTiGL.exe
  2⤵
  PID:2120
- C:\Windows\System\rBYccNO.exe
  C:\Windows\System\rBYccNO.exe
  2⤵
  PID:1432
- C:\Windows\System\xssRUjJ.exe
  C:\Windows\System\xssRUjJ.exe
  2⤵
  PID:2924
- C:\Windows\System\JLuhedd.exe
  C:\Windows\System\JLuhedd.exe
  2⤵
  PID:664
- C:\Windows\System\KesuUQQ.exe
  C:\Windows\System\KesuUQQ.exe
  2⤵
  PID:1160
- C:\Windows\System\aKgECty.exe
  C:\Windows\System\aKgECty.exe
  2⤵
  PID:2420
- C:\Windows\System\aIUbZJs.exe
  C:\Windows\System\aIUbZJs.exe
  2⤵
  PID:948
- C:\Windows\System\LNUjHAH.exe
  C:\Windows\System\LNUjHAH.exe
  2⤵
  PID:2920
- C:\Windows\System\filKMqY.exe
  C:\Windows\System\filKMqY.exe
  2⤵
  PID:2452
- C:\Windows\System\qAvyLMW.exe
  C:\Windows\System\qAvyLMW.exe
  2⤵
  PID:2728
- C:\Windows\System\ubSlvys.exe
  C:\Windows\System\ubSlvys.exe
  2⤵
  PID:1552
- C:\Windows\System\hoKEtyI.exe
  C:\Windows\System\hoKEtyI.exe
  2⤵
  PID:928
- C:\Windows\System\fdWbunP.exe
  C:\Windows\System\fdWbunP.exe
  2⤵
  PID:680
- C:\Windows\System\zfCoQhs.exe
  C:\Windows\System\zfCoQhs.exe
  2⤵
  PID:2904
- C:\Windows\System\afpIgXl.exe
  C:\Windows\System\afpIgXl.exe
  2⤵
  PID:1548
- C:\Windows\System\VQyfvht.exe
  C:\Windows\System\VQyfvht.exe
  2⤵
  PID:2856
- C:\Windows\System\nJJTWVA.exe
  C:\Windows\System\nJJTWVA.exe
  2⤵
  PID:1712
- C:\Windows\System\EcLjfiF.exe
  C:\Windows\System\EcLjfiF.exe
  2⤵
  PID:1704
- C:\Windows\System\VckHJNH.exe
  C:\Windows\System\VckHJNH.exe
  2⤵
  PID:1516
- C:\Windows\System\izZqoBD.exe
  C:\Windows\System\izZqoBD.exe
  2⤵
  PID:1968
- C:\Windows\System\AWPirNl.exe
  C:\Windows\System\AWPirNl.exe
  2⤵
  PID:2148
- C:\Windows\System\LEbSqxf.exe
  C:\Windows\System\LEbSqxf.exe
  2⤵
  PID:2628
- C:\Windows\System\obnZnpm.exe
  C:\Windows\System\obnZnpm.exe
  2⤵
  PID:1940
- C:\Windows\System\ComHDuN.exe
  C:\Windows\System\ComHDuN.exe
  2⤵
  PID:3008
- C:\Windows\System\FKLUURs.exe
  C:\Windows\System\FKLUURs.exe
  2⤵
  PID:2708
- C:\Windows\System\PJCbrhB.exe
  C:\Windows\System\PJCbrhB.exe
  2⤵
  PID:2496
- C:\Windows\System\qMbizal.exe
  C:\Windows\System\qMbizal.exe
  2⤵
  PID:2536
- C:\Windows\System\qKFOirA.exe
  C:\Windows\System\qKFOirA.exe
  2⤵
  PID:328
- C:\Windows\System\UmYjyJW.exe
  C:\Windows\System\UmYjyJW.exe
  2⤵
  PID:2456
- C:\Windows\System\eaCsqpa.exe
  C:\Windows\System\eaCsqpa.exe
  2⤵
  PID:2564
- C:\Windows\System\WzaCadt.exe
  C:\Windows\System\WzaCadt.exe
  2⤵
  PID:1048
- C:\Windows\System\GIAyIvb.exe
  C:\Windows\System\GIAyIvb.exe
  2⤵
  PID:1248
- C:\Windows\System\tNxkxVI.exe
  C:\Windows\System\tNxkxVI.exe
  2⤵
  PID:2776
- C:\Windows\System\nKINNSG.exe
  C:\Windows\System\nKINNSG.exe
  2⤵
  PID:2868
- C:\Windows\System\pUktQnw.exe
  C:\Windows\System\pUktQnw.exe
  2⤵
  PID:2880
- C:\Windows\System\WHOHsMC.exe
  C:\Windows\System\WHOHsMC.exe
  2⤵
  PID:2036
- C:\Windows\System\TLOUZTY.exe
  C:\Windows\System\TLOUZTY.exe
  2⤵
  PID:1336
- C:\Windows\System\CTNzmKO.exe
  C:\Windows\System\CTNzmKO.exe
  2⤵
  PID:2756
- C:\Windows\System\VsZRZnb.exe
  C:\Windows\System\VsZRZnb.exe
  2⤵
  PID:2656
- C:\Windows\System\trmfulr.exe
  C:\Windows\System\trmfulr.exe
  2⤵
  PID:2752
- C:\Windows\System\ZBlHFkC.exe
  C:\Windows\System\ZBlHFkC.exe
  2⤵
  PID:3064
- C:\Windows\System\kHhasVb.exe
  C:\Windows\System\kHhasVb.exe
  2⤵
  PID:2676
- C:\Windows\System\MVeqHID.exe
  C:\Windows\System\MVeqHID.exe
  2⤵
  PID:2080
- C:\Windows\System\JkOggie.exe
  C:\Windows\System\JkOggie.exe
  2⤵
  PID:2096
- C:\Windows\System\KLjvjwR.exe
  C:\Windows\System\KLjvjwR.exe
  2⤵
  PID:2892
- C:\Windows\System\STJbzBD.exe
  C:\Windows\System\STJbzBD.exe
  2⤵
  PID:332
- C:\Windows\System\ofNxZid.exe
  C:\Windows\System\ofNxZid.exe
  2⤵
  PID:2972
- C:\Windows\System\vVVJxSS.exe
  C:\Windows\System\vVVJxSS.exe
  2⤵
  PID:2300
- C:\Windows\System\xAzRDak.exe
  C:\Windows\System\xAzRDak.exe
  2⤵
  PID:1672
- C:\Windows\System\eCfxuoT.exe
  C:\Windows\System\eCfxuoT.exe
  2⤵
  PID:1856
- C:\Windows\System\tWITqXD.exe
  C:\Windows\System\tWITqXD.exe
  2⤵
  PID:1700
- C:\Windows\System\iZzQibV.exe
  C:\Windows\System\iZzQibV.exe
  2⤵
  PID:2664
- C:\Windows\System\JlQxlly.exe
  C:\Windows\System\JlQxlly.exe
  2⤵
  PID:584
- C:\Windows\System\katsjGu.exe
  C:\Windows\System\katsjGu.exe
  2⤵
  PID:564
- C:\Windows\System\IkbfUrS.exe
  C:\Windows\System\IkbfUrS.exe
  2⤵
  PID:2464
- C:\Windows\System\RjmWXGy.exe
  C:\Windows\System\RjmWXGy.exe
  2⤵
  PID:1568
- C:\Windows\System\EqAbOXM.exe
  C:\Windows\System\EqAbOXM.exe
  2⤵
  PID:2660
- C:\Windows\System\RqmcNjX.exe
  C:\Windows\System\RqmcNjX.exe
  2⤵
  PID:2744
- C:\Windows\System\YFFvWPR.exe
  C:\Windows\System\YFFvWPR.exe
  2⤵
  PID:988
- C:\Windows\System\fhdKxhl.exe
  C:\Windows\System\fhdKxhl.exe
  2⤵
  PID:2624
- C:\Windows\System\WBxTpDN.exe
  C:\Windows\System\WBxTpDN.exe
  2⤵
  PID:2344
- C:\Windows\System\balLHYA.exe
  C:\Windows\System\balLHYA.exe
  2⤵
  PID:1464
- C:\Windows\System\OuhlZCA.exe
  C:\Windows\System\OuhlZCA.exe
  2⤵
  PID:1736
- C:\Windows\System\wcNBXqs.exe
  C:\Windows\System\wcNBXqs.exe
  2⤵
  PID:2668
- C:\Windows\System\TmPaacG.exe
  C:\Windows\System\TmPaacG.exe
  2⤵
  PID:2736
- C:\Windows\System\IrlwUur.exe
  C:\Windows\System\IrlwUur.exe
  2⤵
  PID:2836
- C:\Windows\System\OqVeTor.exe
  C:\Windows\System\OqVeTor.exe
  2⤵
  PID:2724
- C:\Windows\System\ATBoUjX.exe
  C:\Windows\System\ATBoUjX.exe
  2⤵
  PID:2940
- C:\Windows\System\pewnqLc.exe
  C:\Windows\System\pewnqLc.exe
  2⤵
  PID:2864
- C:\Windows\System\oDtgdJB.exe
  C:\Windows\System\oDtgdJB.exe
  2⤵
  PID:2460
- C:\Windows\System\wbwvASl.exe
  C:\Windows\System\wbwvASl.exe
  2⤵
  PID:1936
- C:\Windows\System\TqEVrfg.exe
  C:\Windows\System\TqEVrfg.exe
  2⤵
  PID:1572
- C:\Windows\System\cVyPPCV.exe
  C:\Windows\System\cVyPPCV.exe
  2⤵
  PID:2764
- C:\Windows\System\YCphEtu.exe
  C:\Windows\System\YCphEtu.exe
  2⤵
  PID:2792
- C:\Windows\System\WHooSgR.exe
  C:\Windows\System\WHooSgR.exe
  2⤵
  PID:1436
- C:\Windows\System\mVaPuoR.exe
  C:\Windows\System\mVaPuoR.exe
  2⤵
  PID:984
- C:\Windows\System\taaecVG.exe
  C:\Windows\System\taaecVG.exe
  2⤵
  PID:2760
- C:\Windows\System\sLSXKQR.exe
  C:\Windows\System\sLSXKQR.exe
  2⤵
  PID:2072
- C:\Windows\System\KFYknnq.exe
  C:\Windows\System\KFYknnq.exe
  2⤵
  PID:2748
- C:\Windows\System\puxIMBn.exe
  C:\Windows\System\puxIMBn.exe
  2⤵
  PID:2196
- C:\Windows\System\eLbVUrQ.exe
  C:\Windows\System\eLbVUrQ.exe
  2⤵
  PID:2784
- C:\Windows\System\LaiHuyQ.exe
  C:\Windows\System\LaiHuyQ.exe
  2⤵
  PID:1720
- C:\Windows\System\JlvtEUc.exe
  C:\Windows\System\JlvtEUc.exe
  2⤵
  PID:1044
- C:\Windows\System\AHLQrel.exe
  C:\Windows\System\AHLQrel.exe
  2⤵
  PID:2284
- C:\Windows\System\hcqLVJx.exe
  C:\Windows\System\hcqLVJx.exe
  2⤵
  PID:2588
- C:\Windows\System\elHZdfW.exe
  C:\Windows\System\elHZdfW.exe
  2⤵
  PID:3084
- C:\Windows\System\iBDWnIv.exe
  C:\Windows\System\iBDWnIv.exe
  2⤵
  PID:3100
- C:\Windows\System\uYFSgTm.exe
  C:\Windows\System\uYFSgTm.exe
  2⤵
  PID:3116
- C:\Windows\System\xNbEzsk.exe
  C:\Windows\System\xNbEzsk.exe
  2⤵
  PID:3132
- C:\Windows\System\kiGSgax.exe
  C:\Windows\System\kiGSgax.exe
  2⤵
  PID:3152
- C:\Windows\System\eskzKjR.exe
  C:\Windows\System\eskzKjR.exe
  2⤵
  PID:3196
- C:\Windows\System\KeXWfzY.exe
  C:\Windows\System\KeXWfzY.exe
  2⤵
  PID:3216
- C:\Windows\System\lTGxHDy.exe
  C:\Windows\System\lTGxHDy.exe
  2⤵
  PID:3232
- C:\Windows\System\VgWHGIA.exe
  C:\Windows\System\VgWHGIA.exe
  2⤵
  PID:3248
- C:\Windows\System\clZoqXA.exe
  C:\Windows\System\clZoqXA.exe
  2⤵
  PID:3268
- C:\Windows\System\hoRrITk.exe
  C:\Windows\System\hoRrITk.exe
  2⤵
  PID:3396
- C:\Windows\System\HdVIOFC.exe
  C:\Windows\System\HdVIOFC.exe
  2⤵
  PID:3464
- C:\Windows\System\HPDqpnu.exe
  C:\Windows\System\HPDqpnu.exe
  2⤵
  PID:3492
- C:\Windows\System\VarPJSF.exe
  C:\Windows\System\VarPJSF.exe
  2⤵
  PID:3508
- C:\Windows\System\rRVpJFe.exe
  C:\Windows\System\rRVpJFe.exe
  2⤵
  PID:3524
- C:\Windows\System\nQqLokR.exe
  C:\Windows\System\nQqLokR.exe
  2⤵
  PID:3540
- C:\Windows\System\OSOGPuP.exe
  C:\Windows\System\OSOGPuP.exe
  2⤵
  PID:3556
- C:\Windows\System\inycYtq.exe
  C:\Windows\System\inycYtq.exe
  2⤵
  PID:3572
- C:\Windows\System\fQrhnIK.exe
  C:\Windows\System\fQrhnIK.exe
  2⤵
  PID:3588
- C:\Windows\System\byyTuoA.exe
  C:\Windows\System\byyTuoA.exe
  2⤵
  PID:3604
- C:\Windows\System\PTCbPQo.exe
  C:\Windows\System\PTCbPQo.exe
  2⤵
  PID:3632
- C:\Windows\System\iMIHouC.exe
  C:\Windows\System\iMIHouC.exe
  2⤵
  PID:3648
- C:\Windows\System\GSYtZxG.exe
  C:\Windows\System\GSYtZxG.exe
  2⤵
  PID:3700
- C:\Windows\System\zfExJvq.exe
  C:\Windows\System\zfExJvq.exe
  2⤵
  PID:3716
- C:\Windows\System\HMzHtqc.exe
  C:\Windows\System\HMzHtqc.exe
  2⤵
  PID:3732
- C:\Windows\System\VPbDFok.exe
  C:\Windows\System\VPbDFok.exe
  2⤵
  PID:3748
- C:\Windows\System\DyzoPVM.exe
  C:\Windows\System\DyzoPVM.exe
  2⤵
  PID:3764
- C:\Windows\System\UaHVJeT.exe
  C:\Windows\System\UaHVJeT.exe
  2⤵
  PID:3784
- C:\Windows\System\oEnFNwV.exe
  C:\Windows\System\oEnFNwV.exe
  2⤵
  PID:3812
- C:\Windows\System\MvZGWjz.exe
  C:\Windows\System\MvZGWjz.exe
  2⤵
  PID:3832
- C:\Windows\System\aQalriw.exe
  C:\Windows\System\aQalriw.exe
  2⤵
  PID:3860
- C:\Windows\System\QMvNsTO.exe
  C:\Windows\System\QMvNsTO.exe
  2⤵
  PID:3876
- C:\Windows\System\YOBhlou.exe
  C:\Windows\System\YOBhlou.exe
  2⤵
  PID:3900
- C:\Windows\System\FOgHAbt.exe
  C:\Windows\System\FOgHAbt.exe
  2⤵
  PID:3916
- C:\Windows\System\kqiFFkB.exe
  C:\Windows\System\kqiFFkB.exe
  2⤵
  PID:3940
- C:\Windows\System\mAlOECy.exe
  C:\Windows\System\mAlOECy.exe
  2⤵
  PID:3956
- C:\Windows\System\zQyZAWH.exe
  C:\Windows\System\zQyZAWH.exe
  2⤵
  PID:3976
- C:\Windows\System\xIyzwYf.exe
  C:\Windows\System\xIyzwYf.exe
  2⤵
  PID:4004
- C:\Windows\System\TqRsiSA.exe
  C:\Windows\System\TqRsiSA.exe
  2⤵
  PID:4020
- C:\Windows\System\JOQteZM.exe
  C:\Windows\System\JOQteZM.exe
  2⤵
  PID:4044
- C:\Windows\System\FIgjLJy.exe
  C:\Windows\System\FIgjLJy.exe
  2⤵
  PID:4064
- C:\Windows\System\QCHNPvr.exe
  C:\Windows\System\QCHNPvr.exe
  2⤵
  PID:4084
- C:\Windows\System\YOqYRUm.exe
  C:\Windows\System\YOqYRUm.exe
  2⤵
  PID:2840
- C:\Windows\System\pvhnwqs.exe
  C:\Windows\System\pvhnwqs.exe
  2⤵
  PID:2136
- C:\Windows\System\PcNBjvi.exe
  C:\Windows\System\PcNBjvi.exe
  2⤵
  PID:3080
- C:\Windows\System\eYKZcVQ.exe
  C:\Windows\System\eYKZcVQ.exe
  2⤵
  PID:1824
- C:\Windows\System\GwRNMvs.exe
  C:\Windows\System\GwRNMvs.exe
  2⤵
  PID:3124
- C:\Windows\System\xFsxrnl.exe
  C:\Windows\System\xFsxrnl.exe
  2⤵
  PID:356
- C:\Windows\System\DYJOhEH.exe
  C:\Windows\System\DYJOhEH.exe
  2⤵
  PID:2404
- C:\Windows\System\XhzOvtv.exe
  C:\Windows\System\XhzOvtv.exe
  2⤵
  PID:3292
- C:\Windows\System\JOqjoIJ.exe
  C:\Windows\System\JOqjoIJ.exe
  2⤵
  PID:3316
- C:\Windows\System\TxfvDtI.exe
  C:\Windows\System\TxfvDtI.exe
  2⤵
  PID:3332
- C:\Windows\System\TcVopfP.exe
  C:\Windows\System\TcVopfP.exe
  2⤵
  PID:3356
- C:\Windows\System\pYSMqWJ.exe
  C:\Windows\System\pYSMqWJ.exe
  2⤵
  PID:3372
- C:\Windows\System\XbZVVto.exe
  C:\Windows\System\XbZVVto.exe
  2⤵
  PID:3388
- C:\Windows\System\BFxBRtJ.exe
  C:\Windows\System\BFxBRtJ.exe
  2⤵
  PID:3472
- C:\Windows\System\NFEotqR.exe
  C:\Windows\System\NFEotqR.exe
  2⤵
  PID:3488
- C:\Windows\System\gHNrZIJ.exe
  C:\Windows\System\gHNrZIJ.exe
  2⤵
  PID:3580
- C:\Windows\System\mIeVfeu.exe
  C:\Windows\System\mIeVfeu.exe
  2⤵
  PID:3628
- C:\Windows\System\JZJWbYu.exe
  C:\Windows\System\JZJWbYu.exe
  2⤵
  PID:3412
- C:\Windows\System\cEIjYrt.exe
  C:\Windows\System\cEIjYrt.exe
  2⤵
  PID:3444
- C:\Windows\System\IPXdQiv.exe
  C:\Windows\System\IPXdQiv.exe
  2⤵
  PID:3224
- C:\Windows\System\vIuPDBC.exe
  C:\Windows\System\vIuPDBC.exe
  2⤵
  PID:3672
- C:\Windows\System\ptcxilN.exe
  C:\Windows\System\ptcxilN.exe
  2⤵
  PID:3688
- C:\Windows\System\sDHRypD.exe
  C:\Windows\System\sDHRypD.exe
  2⤵
  PID:3568
- C:\Windows\System\KmlqjYp.exe
  C:\Windows\System\KmlqjYp.exe
  2⤵
  PID:3408
- C:\Windows\System\UCjlRgU.exe
  C:\Windows\System\UCjlRgU.exe
  2⤵
  PID:3724
- C:\Windows\System\tWgBYer.exe
  C:\Windows\System\tWgBYer.exe
  2⤵
  PID:3740
- C:\Windows\System\LWtlFAF.exe
  C:\Windows\System\LWtlFAF.exe
  2⤵
  PID:3776
- C:\Windows\System\mxFazAx.exe
  C:\Windows\System\mxFazAx.exe
  2⤵
  PID:3804
- C:\Windows\System\OEwdUai.exe
  C:\Windows\System\OEwdUai.exe
  2⤵
  PID:3840
- C:\Windows\System\nYzrTyr.exe
  C:\Windows\System\nYzrTyr.exe
  2⤵
  PID:3852
- C:\Windows\System\GLETaOZ.exe
  C:\Windows\System\GLETaOZ.exe
  2⤵
  PID:3868
- C:\Windows\System\bPvumyg.exe
  C:\Windows\System\bPvumyg.exe
  2⤵
  PID:3936
- C:\Windows\System\VMlcwte.exe
  C:\Windows\System\VMlcwte.exe
  2⤵
  PID:3968
- C:\Windows\System\lTiaJrP.exe
  C:\Windows\System\lTiaJrP.exe
  2⤵
  PID:4000
- C:\Windows\System\YkQLURb.exe
  C:\Windows\System\YkQLURb.exe
  2⤵
  PID:4036
- C:\Windows\System\ZNLPCMd.exe
  C:\Windows\System\ZNLPCMd.exe
  2⤵
  PID:4080
- C:\Windows\System\PoZVEdQ.exe
  C:\Windows\System\PoZVEdQ.exe
  2⤵
  PID:992
- C:\Windows\System\ThRjDfy.exe
  C:\Windows\System\ThRjDfy.exe
  2⤵
  PID:2320
- C:\Windows\System\KmLnnYF.exe
  C:\Windows\System\KmLnnYF.exe
  2⤵
  PID:1800
- C:\Windows\System\ERqgKQC.exe
  C:\Windows\System\ERqgKQC.exe
  2⤵
  PID:2008
- C:\Windows\System\MAyvKBe.exe
  C:\Windows\System\MAyvKBe.exe
  2⤵
  PID:2828
- C:\Windows\System\xNURpzB.exe
  C:\Windows\System\xNURpzB.exe
  2⤵
  PID:3276
- C:\Windows\System\DfKUawR.exe
  C:\Windows\System\DfKUawR.exe
  2⤵
  PID:3304
- C:\Windows\System\DvvGQkv.exe
  C:\Windows\System\DvvGQkv.exe
  2⤵
  PID:3256
- C:\Windows\System\bBSnpYN.exe
  C:\Windows\System\bBSnpYN.exe
  2⤵
  PID:3344
- C:\Windows\System\KKcwyXD.exe
  C:\Windows\System\KKcwyXD.exe
  2⤵
  PID:3484
- C:\Windows\System\DCvNRtv.exe
  C:\Windows\System\DCvNRtv.exe
  2⤵
  PID:3624
- C:\Windows\System\guHJBIT.exe
  C:\Windows\System\guHJBIT.exe
  2⤵
  PID:3452
- C:\Windows\System\pJcfNxc.exe
  C:\Windows\System\pJcfNxc.exe
  2⤵
  PID:3428
- C:\Windows\System\fJnmyEl.exe
  C:\Windows\System\fJnmyEl.exe
  2⤵
  PID:3456
- C:\Windows\System\YRiRTNI.exe
  C:\Windows\System\YRiRTNI.exe
  2⤵
  PID:3676
- C:\Windows\System\fqPXfvq.exe
  C:\Windows\System\fqPXfvq.exe
  2⤵
  PID:3536
- C:\Windows\System\PPBzrRe.exe
  C:\Windows\System\PPBzrRe.exe
  2⤵
  PID:3564
- C:\Windows\System\grQwfib.exe
  C:\Windows\System\grQwfib.exe
  2⤵
  PID:3708
- C:\Windows\System\EKtJRSg.exe
  C:\Windows\System\EKtJRSg.exe
  2⤵
  PID:3660
- C:\Windows\System\TKrYIvW.exe
  C:\Windows\System\TKrYIvW.exe
  2⤵
  PID:3908
- C:\Windows\System\UVuxZyZ.exe
  C:\Windows\System\UVuxZyZ.exe
  2⤵
  PID:3844
- C:\Windows\System\PPGynYS.exe
  C:\Windows\System\PPGynYS.exe
  2⤵
  PID:3872
- C:\Windows\System\rSQGLLY.exe
  C:\Windows\System\rSQGLLY.exe
  2⤵
  PID:4072
- C:\Windows\System\foUwUYX.exe
  C:\Windows\System\foUwUYX.exe
  2⤵
  PID:4012
- C:\Windows\System\qIdvhmx.exe
  C:\Windows\System\qIdvhmx.exe
  2⤵
  PID:2060
- C:\Windows\System\atSbmdL.exe
  C:\Windows\System\atSbmdL.exe
  2⤵
  PID:3312
- C:\Windows\System\GEoIoMm.exe
  C:\Windows\System\GEoIoMm.exe
  2⤵
  PID:3324
- C:\Windows\System\Aksphlf.exe
  C:\Windows\System\Aksphlf.exe
  2⤵
  PID:2532
- C:\Windows\System\ljxzOlg.exe
  C:\Windows\System\ljxzOlg.exe
  2⤵
  PID:1476
- C:\Windows\System\DJrmwiE.exe
  C:\Windows\System\DJrmwiE.exe
  2⤵
  PID:2424
- C:\Windows\System\ToHibGV.exe
  C:\Windows\System\ToHibGV.exe
  2⤵
  PID:3616
- C:\Windows\System\uEIlTsb.exe
  C:\Windows\System\uEIlTsb.exe
  2⤵
  PID:3692
- C:\Windows\System\lKaMKLk.exe
  C:\Windows\System\lKaMKLk.exe
  2⤵
  PID:3884
- C:\Windows\System\qAGSUoX.exe
  C:\Windows\System\qAGSUoX.exe
  2⤵
  PID:3848
- C:\Windows\System\kzvGYur.exe
  C:\Windows\System\kzvGYur.exe
  2⤵
  PID:3744
- C:\Windows\System\oiAWmkp.exe
  C:\Windows\System\oiAWmkp.exe
  2⤵
  PID:4040
- C:\Windows\System\cpPRjZk.exe
  C:\Windows\System\cpPRjZk.exe
  2⤵
  PID:2392
- C:\Windows\System\HeVcgAi.exe
  C:\Windows\System\HeVcgAi.exe
  2⤵
  PID:3520
- C:\Windows\System\FOEnqFl.exe
  C:\Windows\System\FOEnqFl.exe
  2⤵
  PID:3384
- C:\Windows\System\sqZmwXL.exe
  C:\Windows\System\sqZmwXL.exe
  2⤵
  PID:3552
- C:\Windows\System\HSCkhiK.exe
  C:\Windows\System\HSCkhiK.exe
  2⤵
  PID:3504
- C:\Windows\System\TUHcuhY.exe
  C:\Windows\System\TUHcuhY.exe
  2⤵
  PID:3796
- C:\Windows\System\agtPyfQ.exe
  C:\Windows\System\agtPyfQ.exe
  2⤵
  PID:3888
- C:\Windows\System\ADJvzeQ.exe
  C:\Windows\System\ADJvzeQ.exe
  2⤵
  PID:1792
- C:\Windows\System\wtCWjEh.exe
  C:\Windows\System\wtCWjEh.exe
  2⤵
  PID:1904
- C:\Windows\System\olodlQL.exe
  C:\Windows\System\olodlQL.exe
  2⤵
  PID:3404
- C:\Windows\System\fxwnToW.exe
  C:\Windows\System\fxwnToW.exe
  2⤵
  PID:3264
- C:\Windows\System\LmHUePh.exe
  C:\Windows\System\LmHUePh.exe
  2⤵
  PID:4100
- C:\Windows\System\hiKBZzd.exe
  C:\Windows\System\hiKBZzd.exe
  2⤵
  PID:4116
- C:\Windows\System\quBKaLK.exe
  C:\Windows\System\quBKaLK.exe
  2⤵
  PID:4132
- C:\Windows\System\hPbAZSf.exe
  C:\Windows\System\hPbAZSf.exe
  2⤵
  PID:4148
- C:\Windows\System\vCOPfRj.exe
  C:\Windows\System\vCOPfRj.exe
  2⤵
  PID:4164
- C:\Windows\System\YgTgCry.exe
  C:\Windows\System\YgTgCry.exe
  2⤵
  PID:4180
- C:\Windows\System\wPFhSnt.exe
  C:\Windows\System\wPFhSnt.exe
  2⤵
  PID:4208
- C:\Windows\System\gdHpaXi.exe
  C:\Windows\System\gdHpaXi.exe
  2⤵
  PID:4236
- C:\Windows\System\NAbPqcf.exe
  C:\Windows\System\NAbPqcf.exe
  2⤵
  PID:4252
- C:\Windows\System\NmjWoQm.exe
  C:\Windows\System\NmjWoQm.exe
  2⤵
  PID:4268
- C:\Windows\System\Tbmxrut.exe
  C:\Windows\System\Tbmxrut.exe
  2⤵
  PID:4296
- C:\Windows\System\ALmahbo.exe
  C:\Windows\System\ALmahbo.exe
  2⤵
  PID:4312
- C:\Windows\System\MfoMWjg.exe
  C:\Windows\System\MfoMWjg.exe
  2⤵
  PID:4328
- C:\Windows\System\zLLlTzh.exe
  C:\Windows\System\zLLlTzh.exe
  2⤵
  PID:4344
- C:\Windows\System\jGvKBRT.exe
  C:\Windows\System\jGvKBRT.exe
  2⤵
  PID:4360
- C:\Windows\System\fTcMTQg.exe
  C:\Windows\System\fTcMTQg.exe
  2⤵
  PID:4380
- C:\Windows\System\ZJHViNL.exe
  C:\Windows\System\ZJHViNL.exe
  2⤵
  PID:4396
- C:\Windows\System\TZynZsF.exe
  C:\Windows\System\TZynZsF.exe
  2⤵
  PID:4412
- C:\Windows\System\qJqzOfU.exe
  C:\Windows\System\qJqzOfU.exe
  2⤵
  PID:4428
- C:\Windows\System\uAZfsqf.exe
  C:\Windows\System\uAZfsqf.exe
  2⤵
  PID:4444
- C:\Windows\System\HiQYNNL.exe
  C:\Windows\System\HiQYNNL.exe
  2⤵
  PID:4460
- C:\Windows\System\dqMlWzS.exe
  C:\Windows\System\dqMlWzS.exe
  2⤵
  PID:4476
- C:\Windows\System\WNjCJlk.exe
  C:\Windows\System\WNjCJlk.exe
  2⤵
  PID:4492
- C:\Windows\System\xRsZwKz.exe
  C:\Windows\System\xRsZwKz.exe
  2⤵
  PID:4512
- C:\Windows\System\cIakZFC.exe
  C:\Windows\System\cIakZFC.exe
  2⤵
  PID:4528
- C:\Windows\System\fNYISii.exe
  C:\Windows\System\fNYISii.exe
  2⤵
  PID:4544
- C:\Windows\System\nkXfvMV.exe
  C:\Windows\System\nkXfvMV.exe
  2⤵
  PID:4564
- C:\Windows\System\oSfFjot.exe
  C:\Windows\System\oSfFjot.exe
  2⤵
  PID:4580
- C:\Windows\System\QIKTtRG.exe
  C:\Windows\System\QIKTtRG.exe
  2⤵
  PID:4596
- C:\Windows\System\ozHWuRD.exe
  C:\Windows\System\ozHWuRD.exe
  2⤵
  PID:4612
- C:\Windows\System\VlweMqV.exe
  C:\Windows\System\VlweMqV.exe
  2⤵
  PID:4628
- C:\Windows\System\JmMRqgf.exe
  C:\Windows\System\JmMRqgf.exe
  2⤵
  PID:4648
- C:\Windows\System\yKGTimj.exe
  C:\Windows\System\yKGTimj.exe
  2⤵
  PID:4664
- C:\Windows\System\KwlAfff.exe
  C:\Windows\System\KwlAfff.exe
  2⤵
  PID:4680
- C:\Windows\System\mpsURyM.exe
  C:\Windows\System\mpsURyM.exe
  2⤵
  PID:4696
- C:\Windows\System\AwyzKaZ.exe
  C:\Windows\System\AwyzKaZ.exe
  2⤵
  PID:4712
- C:\Windows\System\zKCAXZK.exe
  C:\Windows\System\zKCAXZK.exe
  2⤵
  PID:4728
- C:\Windows\System\zyrYuNK.exe
  C:\Windows\System\zyrYuNK.exe
  2⤵
  PID:4744
- C:\Windows\System\NvTRowB.exe
  C:\Windows\System\NvTRowB.exe
  2⤵
  PID:4760
- C:\Windows\System\BuFYFNd.exe
  C:\Windows\System\BuFYFNd.exe
  2⤵
  PID:4776
- C:\Windows\System\AJnxxMb.exe
  C:\Windows\System\AJnxxMb.exe
  2⤵
  PID:4792
- C:\Windows\System\JfeuxaB.exe
  C:\Windows\System\JfeuxaB.exe
  2⤵
  PID:4812
- C:\Windows\System\tgWtRdr.exe
  C:\Windows\System\tgWtRdr.exe
  2⤵
  PID:4828
- C:\Windows\System\zhMIYro.exe
  C:\Windows\System\zhMIYro.exe
  2⤵
  PID:4844
- C:\Windows\System\OukVyYU.exe
  C:\Windows\System\OukVyYU.exe
  2⤵
  PID:4860
- C:\Windows\System\gHTiHGT.exe
  C:\Windows\System\gHTiHGT.exe
  2⤵
  PID:4876
- C:\Windows\System\sBXzNCT.exe
  C:\Windows\System\sBXzNCT.exe
  2⤵
  PID:4892
- C:\Windows\System\lvMUGJQ.exe
  C:\Windows\System\lvMUGJQ.exe
  2⤵
  PID:4908
- C:\Windows\System\qtbdHLB.exe
  C:\Windows\System\qtbdHLB.exe
  2⤵
  PID:4924
- C:\Windows\System\KdfltFD.exe
  C:\Windows\System\KdfltFD.exe
  2⤵
  PID:4940
- C:\Windows\System\uOqwUvV.exe
  C:\Windows\System\uOqwUvV.exe
  2⤵
  PID:4956
- C:\Windows\System\SoRYDfF.exe
  C:\Windows\System\SoRYDfF.exe
  2⤵
  PID:4972
- C:\Windows\System\inIWklg.exe
  C:\Windows\System\inIWklg.exe
  2⤵
  PID:4988
- C:\Windows\System\pneczAG.exe
  C:\Windows\System\pneczAG.exe
  2⤵
  PID:5004
- C:\Windows\System\uoYrsyO.exe
  C:\Windows\System\uoYrsyO.exe
  2⤵
  PID:5044
- C:\Windows\System\neCfaBr.exe
  C:\Windows\System\neCfaBr.exe
  2⤵
  PID:5064
- C:\Windows\System\fhBjgcM.exe
  C:\Windows\System\fhBjgcM.exe
  2⤵
  PID:5088
- C:\Windows\System\LvvuDxe.exe
  C:\Windows\System\LvvuDxe.exe
  2⤵
  PID:5116
- C:\Windows\System\yezrfvM.exe
  C:\Windows\System\yezrfvM.exe
  2⤵
  PID:1164
- C:\Windows\System\yIIxJAJ.exe
  C:\Windows\System\yIIxJAJ.exe
  2⤵
  PID:3988
- C:\Windows\System\FjMvoJo.exe
  C:\Windows\System\FjMvoJo.exe
  2⤵
  PID:4172
- C:\Windows\System\EFYvakt.exe
  C:\Windows\System\EFYvakt.exe
  2⤵
  PID:4356
- C:\Windows\System\ylcWXnL.exe
  C:\Windows\System\ylcWXnL.exe
  2⤵
  PID:4424
- C:\Windows\System\TlWHIzw.exe
  C:\Windows\System\TlWHIzw.exe
  2⤵
  PID:3140
- C:\Windows\System\BGEsOXt.exe
  C:\Windows\System\BGEsOXt.exe
  2⤵
  PID:1708
- C:\Windows\System\btOEdlT.exe
  C:\Windows\System\btOEdlT.exe
  2⤵
  PID:4484
- C:\Windows\System\FZIczds.exe
  C:\Windows\System\FZIczds.exe
  2⤵
  PID:4224
- C:\Windows\System\PDVhlid.exe
  C:\Windows\System\PDVhlid.exe
  2⤵
  PID:4228
- C:\Windows\System\NWeQanf.exe
  C:\Windows\System\NWeQanf.exe
  2⤵
  PID:4304
- C:\Windows\System\xqqgarV.exe
  C:\Windows\System\xqqgarV.exe
  2⤵
  PID:4372
- C:\Windows\System\nCTLVYd.exe
  C:\Windows\System\nCTLVYd.exe
  2⤵
  PID:4468
- C:\Windows\System\ObHkifs.exe
  C:\Windows\System\ObHkifs.exe
  2⤵
  PID:4504
- C:\Windows\System\jfyyqjP.exe
  C:\Windows\System\jfyyqjP.exe
  2⤵
  PID:4556
- C:\Windows\System\wqaJNRZ.exe
  C:\Windows\System\wqaJNRZ.exe
  2⤵
  PID:4588
- C:\Windows\System\RmgnqDP.exe
  C:\Windows\System\RmgnqDP.exe
  2⤵
  PID:4572
- C:\Windows\System\JcwbFXm.exe
  C:\Windows\System\JcwbFXm.exe
  2⤵
  PID:4608
- C:\Windows\System\XiLOhoF.exe
  C:\Windows\System\XiLOhoF.exe
  2⤵
  PID:4640
- C:\Windows\System\rYwjqDc.exe
  C:\Windows\System\rYwjqDc.exe
  2⤵
  PID:4644
- C:\Windows\System\wiAJnOh.exe
  C:\Windows\System\wiAJnOh.exe
  2⤵
  PID:4752
- C:\Windows\System\QyOJSsm.exe
  C:\Windows\System\QyOJSsm.exe
  2⤵
  PID:4740
- C:\Windows\System\UjcVDNM.exe
  C:\Windows\System\UjcVDNM.exe
  2⤵
  PID:4768
- C:\Windows\System\PfoPziJ.exe
  C:\Windows\System\PfoPziJ.exe
  2⤵
  PID:4836
- C:\Windows\System\elOmokP.exe
  C:\Windows\System\elOmokP.exe
  2⤵
  PID:4824
- C:\Windows\System\pvncevf.exe
  C:\Windows\System\pvncevf.exe
  2⤵
  PID:4884
- C:\Windows\System\waiInmY.exe
  C:\Windows\System\waiInmY.exe
  2⤵
  PID:4948
- C:\Windows\System\NEBEZGH.exe
  C:\Windows\System\NEBEZGH.exe
  2⤵
  PID:4900
- C:\Windows\System\vtOkrau.exe
  C:\Windows\System\vtOkrau.exe
  2⤵
  PID:5012
- C:\Windows\System\YPJbWUe.exe
  C:\Windows\System\YPJbWUe.exe
  2⤵
  PID:4968
- C:\Windows\System\lieQDEg.exe
  C:\Windows\System\lieQDEg.exe
  2⤵
  PID:5024
- C:\Windows\System\vKsmkvG.exe
  C:\Windows\System\vKsmkvG.exe
  2⤵
  PID:5040
- C:\Windows\System\dlFefuz.exe
  C:\Windows\System\dlFefuz.exe
  2⤵
  PID:5072
- C:\Windows\System\cawzXed.exe
  C:\Windows\System\cawzXed.exe
  2⤵
  PID:5084
- C:\Windows\System\SlYBQSS.exe
  C:\Windows\System\SlYBQSS.exe
  2⤵
  PID:5108
- C:\Windows\System\hlBtnTM.exe
  C:\Windows\System\hlBtnTM.exe
  2⤵
  PID:3188
- C:\Windows\System\bqmUvLg.exe
  C:\Windows\System\bqmUvLg.exe
  2⤵
  PID:4188
- C:\Windows\System\MNgRTnf.exe
  C:\Windows\System\MNgRTnf.exe
  2⤵
  PID:4108
- C:\Windows\System\sOpovUD.exe
  C:\Windows\System\sOpovUD.exe
  2⤵
  PID:4192
- C:\Windows\System\qCaOisH.exe
  C:\Windows\System\qCaOisH.exe
  2⤵
  PID:4200
- C:\Windows\System\eiuADYC.exe
  C:\Windows\System\eiuADYC.exe
  2⤵
  PID:4248
- C:\Windows\System\DLzSFaR.exe
  C:\Windows\System\DLzSFaR.exe
  2⤵
  PID:4288
- C:\Windows\System\lxmdOnY.exe
  C:\Windows\System\lxmdOnY.exe
  2⤵
  PID:4324
- C:\Windows\System\engjepz.exe
  C:\Windows\System\engjepz.exe
  2⤵
  PID:3800
- C:\Windows\System\JUpOaUv.exe
  C:\Windows\System\JUpOaUv.exe
  2⤵
  PID:1028
- C:\Windows\System\reRhjzb.exe
  C:\Windows\System\reRhjzb.exe
  2⤵
  PID:4260
- C:\Windows\System\MjKDgWQ.exe
  C:\Windows\System\MjKDgWQ.exe
  2⤵
  PID:4524
- C:\Windows\System\EznWvon.exe
  C:\Windows\System\EznWvon.exe
  2⤵
  PID:4536
- C:\Windows\System\uTafFvw.exe
  C:\Windows\System\uTafFvw.exe
  2⤵
  PID:4592
- C:\Windows\System\EOVKFda.exe
  C:\Windows\System\EOVKFda.exe
  2⤵
  PID:4636
- C:\Windows\System\WnnprIx.exe
  C:\Windows\System\WnnprIx.exe
  2⤵
  PID:4724
- C:\Windows\System\sGTSwUP.exe
  C:\Windows\System\sGTSwUP.exe
  2⤵
  PID:4788
- C:\Windows\System\lNHPcMB.exe
  C:\Windows\System\lNHPcMB.exe
  2⤵
  PID:4820
- C:\Windows\System\gpUVYet.exe
  C:\Windows\System\gpUVYet.exe
  2⤵
  PID:5020
- C:\Windows\System\BrLeRNF.exe
  C:\Windows\System\BrLeRNF.exe
  2⤵
  PID:5100
- C:\Windows\System\wNBgKXs.exe
  C:\Windows\System\wNBgKXs.exe
  2⤵
  PID:2244
- C:\Windows\System\LOFWUyk.exe
  C:\Windows\System\LOFWUyk.exe
  2⤵
  PID:4176
- C:\Windows\System\zZkdVwP.exe
  C:\Windows\System\zZkdVwP.exe
  2⤵
  PID:4352
- C:\Windows\System\izuZSjI.exe
  C:\Windows\System\izuZSjI.exe
  2⤵
  PID:4420
- C:\Windows\System\rVoexfK.exe
  C:\Windows\System\rVoexfK.exe
  2⤵
  PID:4408
- C:\Windows\System\NcPZUGm.exe
  C:\Windows\System\NcPZUGm.exe
  2⤵
  PID:5036
- C:\Windows\System\QFSaNvi.exe
  C:\Windows\System\QFSaNvi.exe
  2⤵
  PID:4920
- C:\Windows\System\VCBeSrv.exe
  C:\Windows\System\VCBeSrv.exe
  2⤵
  PID:4936
- C:\Windows\System\LBgRWLR.exe
  C:\Windows\System\LBgRWLR.exe
  2⤵
  PID:4128
- C:\Windows\System\LjiOPmN.exe
  C:\Windows\System\LjiOPmN.exe
  2⤵
  PID:4872
- C:\Windows\System\mNLEBXB.exe
  C:\Windows\System\mNLEBXB.exe
  2⤵
  PID:4964
- C:\Windows\System\IyNXtZF.exe
  C:\Windows\System\IyNXtZF.exe
  2⤵
  PID:4404
- C:\Windows\System\mctkUEG.exe
  C:\Windows\System\mctkUEG.exe
  2⤵
  PID:4472
- C:\Windows\System\MvcBcaF.exe
  C:\Windows\System\MvcBcaF.exe
  2⤵
  PID:1540
- C:\Windows\System\BYszirq.exe
  C:\Windows\System\BYszirq.exe
  2⤵
  PID:324
- C:\Windows\System\zrpnPPA.exe
  C:\Windows\System\zrpnPPA.exe
  2⤵
  PID:4488
- C:\Windows\System\karSWVs.exe
  C:\Windows\System\karSWVs.exe
  2⤵
  PID:4692
- C:\Windows\System\xcGCvZy.exe
  C:\Windows\System\xcGCvZy.exe
  2⤵
  PID:5056
- C:\Windows\System\Ixasnxy.exe
  C:\Windows\System\Ixasnxy.exe
  2⤵
  PID:4284
- C:\Windows\System\aQYFIya.exe
  C:\Windows\System\aQYFIya.exe
  2⤵
  PID:1964
- C:\Windows\System\YGgzWch.exe
  C:\Windows\System\YGgzWch.exe
  2⤵
  PID:4980
- C:\Windows\System\ShyHXfQ.exe
  C:\Windows\System\ShyHXfQ.exe
  2⤵
  PID:3460
- C:\Windows\System\uEqQdBm.exe
  C:\Windows\System\uEqQdBm.exe
  2⤵
  PID:4456
- C:\Windows\System\uABbIFq.exe
  C:\Windows\System\uABbIFq.exe
  2⤵
  PID:4220
- C:\Windows\System\CzaLcpD.exe
  C:\Windows\System\CzaLcpD.exe
  2⤵
  PID:4784
- C:\Windows\System\UPElxte.exe
  C:\Windows\System\UPElxte.exe
  2⤵
  PID:5080
- C:\Windows\System\azTSHHj.exe
  C:\Windows\System\azTSHHj.exe
  2⤵
  PID:5124
- C:\Windows\System\TlgoUXr.exe
  C:\Windows\System\TlgoUXr.exe
  2⤵
  PID:5140
- C:\Windows\System\AZEgtIY.exe
  C:\Windows\System\AZEgtIY.exe
  2⤵
  PID:5160
- C:\Windows\System\ZHjNTTS.exe
  C:\Windows\System\ZHjNTTS.exe
  2⤵
  PID:5180
- C:\Windows\System\CQDTUmM.exe
  C:\Windows\System\CQDTUmM.exe
  2⤵
  PID:5200
- C:\Windows\System\LtWXilc.exe
  C:\Windows\System\LtWXilc.exe
  2⤵
  PID:5232
- C:\Windows\System\ytKtSAD.exe
  C:\Windows\System\ytKtSAD.exe
  2⤵
  PID:5248
- C:\Windows\System\ADoCyqW.exe
  C:\Windows\System\ADoCyqW.exe
  2⤵
  PID:5264
- C:\Windows\System\gKSrKnt.exe
  C:\Windows\System\gKSrKnt.exe
  2⤵
  PID:5280
- C:\Windows\System\flyTxdq.exe
  C:\Windows\System\flyTxdq.exe
  2⤵
  PID:5296
- C:\Windows\System\aRUmMnl.exe
  C:\Windows\System\aRUmMnl.exe
  2⤵
  PID:5312
- C:\Windows\System\jbhBLmO.exe
  C:\Windows\System\jbhBLmO.exe
  2⤵
  PID:5328
- C:\Windows\System\KMdtMQB.exe
  C:\Windows\System\KMdtMQB.exe
  2⤵
  PID:5344
- C:\Windows\System\BlTpbzt.exe
  C:\Windows\System\BlTpbzt.exe
  2⤵
  PID:5380
- C:\Windows\System\aAUPMfQ.exe
  C:\Windows\System\aAUPMfQ.exe
  2⤵
  PID:5396
- C:\Windows\System\QiRJrGK.exe
  C:\Windows\System\QiRJrGK.exe
  2⤵
  PID:5412
- C:\Windows\System\vgJkkrR.exe
  C:\Windows\System\vgJkkrR.exe
  2⤵
  PID:5428
- C:\Windows\System\aNtzHVf.exe
  C:\Windows\System\aNtzHVf.exe
  2⤵
  PID:5444
- C:\Windows\System\nCNsfTV.exe
  C:\Windows\System\nCNsfTV.exe
  2⤵
  PID:5460
- C:\Windows\System\dklEgvy.exe
  C:\Windows\System\dklEgvy.exe
  2⤵
  PID:5492
- C:\Windows\System\pkStwcE.exe
  C:\Windows\System\pkStwcE.exe
  2⤵
  PID:5516
- C:\Windows\System\agtgZVh.exe
  C:\Windows\System\agtgZVh.exe
  2⤵
  PID:5544
- C:\Windows\System\ttDHOYV.exe
  C:\Windows\System\ttDHOYV.exe
  2⤵
  PID:5568
- C:\Windows\System\LuUIFqE.exe
  C:\Windows\System\LuUIFqE.exe
  2⤵
  PID:5584
- C:\Windows\System\KjOcSlH.exe
  C:\Windows\System\KjOcSlH.exe
  2⤵
  PID:5600
- C:\Windows\System\MDqaFrq.exe
  C:\Windows\System\MDqaFrq.exe
  2⤵
  PID:5616
- C:\Windows\System\gLTDZbl.exe
  C:\Windows\System\gLTDZbl.exe
  2⤵
  PID:5632
- C:\Windows\System\iiIZTgb.exe
  C:\Windows\System\iiIZTgb.exe
  2⤵
  PID:5648
- C:\Windows\System\UxbbNjp.exe
  C:\Windows\System\UxbbNjp.exe
  2⤵
  PID:5668
- C:\Windows\System\YGxLloB.exe
  C:\Windows\System\YGxLloB.exe
  2⤵
  PID:5712
- C:\Windows\System\OtdoHKZ.exe
  C:\Windows\System\OtdoHKZ.exe
  2⤵
  PID:5732
- C:\Windows\System\wcjpkul.exe
  C:\Windows\System\wcjpkul.exe
  2⤵
  PID:5748
- C:\Windows\System\lpXODOF.exe
  C:\Windows\System\lpXODOF.exe
  2⤵
  PID:5764
- C:\Windows\System\LvYpUdT.exe
  C:\Windows\System\LvYpUdT.exe
  2⤵
  PID:5780
- C:\Windows\System\KpyhQTv.exe
  C:\Windows\System\KpyhQTv.exe
  2⤵
  PID:5796
- C:\Windows\System\WvLtpCp.exe
  C:\Windows\System\WvLtpCp.exe
  2⤵
  PID:5812
- C:\Windows\System\RiLGnct.exe
  C:\Windows\System\RiLGnct.exe
  2⤵
  PID:5828
- C:\Windows\System\kGPZxxI.exe
  C:\Windows\System\kGPZxxI.exe
  2⤵
  PID:5856
- C:\Windows\System\lXTdgcz.exe
  C:\Windows\System\lXTdgcz.exe
  2⤵
  PID:5896
- C:\Windows\System\JCzoMHw.exe
  C:\Windows\System\JCzoMHw.exe
  2⤵
  PID:5924
- C:\Windows\System\YTLDYzH.exe
  C:\Windows\System\YTLDYzH.exe
  2⤵
  PID:5940
- C:\Windows\System\LNDpHCY.exe
  C:\Windows\System\LNDpHCY.exe
  2⤵
  PID:5956
- C:\Windows\System\juNdQIm.exe
  C:\Windows\System\juNdQIm.exe
  2⤵
  PID:5972
- C:\Windows\System\bIvgDCs.exe
  C:\Windows\System\bIvgDCs.exe
  2⤵
  PID:5992
- C:\Windows\System\KotuxBy.exe
  C:\Windows\System\KotuxBy.exe
  2⤵
  PID:6008
- C:\Windows\System\Hbafthu.exe
  C:\Windows\System\Hbafthu.exe
  2⤵
  PID:6024
- C:\Windows\System\CXqTvxP.exe
  C:\Windows\System\CXqTvxP.exe
  2⤵
  PID:6044
- C:\Windows\System\pHjFjGj.exe
  C:\Windows\System\pHjFjGj.exe
  2⤵
  PID:6064
- C:\Windows\System\pziKryk.exe
  C:\Windows\System\pziKryk.exe
  2⤵
  PID:6084
- C:\Windows\System\RQwgSPS.exe
  C:\Windows\System\RQwgSPS.exe
  2⤵
  PID:6104
- C:\Windows\System\FeFGXuQ.exe
  C:\Windows\System\FeFGXuQ.exe
  2⤵
  PID:6124
- C:\Windows\System\yixyODm.exe
  C:\Windows\System\yixyODm.exe
  2⤵
  PID:6140
- C:\Windows\System\AqwgTRp.exe
  C:\Windows\System\AqwgTRp.exe
  2⤵
  PID:2468
- C:\Windows\System\ZtocKVu.exe
  C:\Windows\System\ZtocKVu.exe
  2⤵
  PID:5212
- C:\Windows\System\RUtCNNY.exe
  C:\Windows\System\RUtCNNY.exe
  2⤵
  PID:5224
- C:\Windows\System\bxXMmuN.exe
  C:\Windows\System\bxXMmuN.exe
  2⤵
  PID:5288
- C:\Windows\System\AXVZqgG.exe
  C:\Windows\System\AXVZqgG.exe
  2⤵
  PID:5352
- C:\Windows\System\wGRufmP.exe
  C:\Windows\System\wGRufmP.exe
  2⤵
  PID:5368
- C:\Windows\System\kpMLFWV.exe
  C:\Windows\System\kpMLFWV.exe
  2⤵
  PID:5408
- C:\Windows\System\EWtVqqZ.exe
  C:\Windows\System\EWtVqqZ.exe
  2⤵
  PID:5480
- C:\Windows\System\PcAflXh.exe
  C:\Windows\System\PcAflXh.exe
  2⤵
  PID:5112
- C:\Windows\System\LmOSjqI.exe
  C:\Windows\System\LmOSjqI.exe
  2⤵
  PID:5528
- C:\Windows\System\EdKWAkE.exe
  C:\Windows\System\EdKWAkE.exe
  2⤵
  PID:4984
- C:\Windows\System\NMHPYUm.exe
  C:\Windows\System\NMHPYUm.exe
  2⤵
  PID:5156
- C:\Windows\System\CGLTqhS.exe
  C:\Windows\System\CGLTqhS.exe
  2⤵
  PID:5272
- C:\Windows\System\pbtiXjl.exe
  C:\Windows\System\pbtiXjl.exe
  2⤵
  PID:5452
- C:\Windows\System\jpOxTKE.exe
  C:\Windows\System\jpOxTKE.exe
  2⤵
  PID:5508
- C:\Windows\System\VdacdiK.exe
  C:\Windows\System\VdacdiK.exe
  2⤵
  PID:5388
- C:\Windows\System\KdTwugo.exe
  C:\Windows\System\KdTwugo.exe
  2⤵
  PID:5676
- C:\Windows\System\yNcbaLi.exe
  C:\Windows\System\yNcbaLi.exe
  2⤵
  PID:5700
- C:\Windows\System\hFAlMQs.exe
  C:\Windows\System\hFAlMQs.exe
  2⤵
  PID:5744
- C:\Windows\System\bUiSHNG.exe
  C:\Windows\System\bUiSHNG.exe
  2⤵
  PID:5836
- C:\Windows\System\WTeFgCD.exe
  C:\Windows\System\WTeFgCD.exe
  2⤵
  PID:5656
- C:\Windows\System\ncMQasF.exe
  C:\Windows\System\ncMQasF.exe
  2⤵
  PID:5848
- C:\Windows\System\piOFWks.exe
  C:\Windows\System\piOFWks.exe
  2⤵
  PID:5724
- C:\Windows\System\PGKDcqB.exe
  C:\Windows\System\PGKDcqB.exe
  2⤵
  PID:5788
- C:\Windows\System\UADuppN.exe
  C:\Windows\System\UADuppN.exe
  2⤵
  PID:5728
- C:\Windows\System\FpINRVp.exe
  C:\Windows\System\FpINRVp.exe
  2⤵
  PID:5904
- C:\Windows\System\hXUGiWl.exe
  C:\Windows\System\hXUGiWl.exe
  2⤵
  PID:5908
- C:\Windows\System\ChcdrKy.exe
  C:\Windows\System\ChcdrKy.exe
  2⤵
  PID:5980
- C:\Windows\System\ynHSXPC.exe
  C:\Windows\System\ynHSXPC.exe
  2⤵
  PID:6016
- C:\Windows\System\XtsVeBo.exe
  C:\Windows\System\XtsVeBo.exe
  2⤵
  PID:6060
- C:\Windows\System\QuQMzzi.exe
  C:\Windows\System\QuQMzzi.exe
  2⤵
  PID:6100
- C:\Windows\System\qoIGTSK.exe
  C:\Windows\System\qoIGTSK.exe
  2⤵
  PID:5168
- C:\Windows\System\fmUuNOZ.exe
  C:\Windows\System\fmUuNOZ.exe
  2⤵
  PID:5176
- C:\Windows\System\XDCedRu.exe
  C:\Windows\System\XDCedRu.exe
  2⤵
  PID:6004
- C:\Windows\System\gJBmIfN.exe
  C:\Windows\System\gJBmIfN.exe
  2⤵
  PID:5360
- C:\Windows\System\RlXwulL.exe
  C:\Windows\System\RlXwulL.exe
  2⤵
  PID:5468
- C:\Windows\System\AoUtgSU.exe
  C:\Windows\System\AoUtgSU.exe
  2⤵
  PID:5476
- C:\Windows\System\RsgLzIJ.exe
  C:\Windows\System\RsgLzIJ.exe
  2⤵
  PID:4660
- C:\Windows\System\DKsDpOo.exe
  C:\Windows\System\DKsDpOo.exe
  2⤵
  PID:6040
- C:\Windows\System\eZrPYSm.exe
  C:\Windows\System\eZrPYSm.exe
  2⤵
  PID:6120
- C:\Windows\System\eWQpWAU.exe
  C:\Windows\System\eWQpWAU.exe
  2⤵
  PID:5968
- C:\Windows\System\YfuNDds.exe
  C:\Windows\System\YfuNDds.exe
  2⤵
  PID:3824
- C:\Windows\System\UjEcwrU.exe
  C:\Windows\System\UjEcwrU.exe
  2⤵
  PID:5148
- C:\Windows\System\Lkczedr.exe
  C:\Windows\System\Lkczedr.exe
  2⤵
  PID:6072
- C:\Windows\System\dyZgrOo.exe
  C:\Windows\System\dyZgrOo.exe
  2⤵
  PID:5540
- C:\Windows\System\qPYeBXG.exe
  C:\Windows\System\qPYeBXG.exe
  2⤵
  PID:5376
- C:\Windows\System\KbslYgE.exe
  C:\Windows\System\KbslYgE.exe
  2⤵
  PID:5320
- C:\Windows\System\qiRAvfg.exe
  C:\Windows\System\qiRAvfg.exe
  2⤵
  PID:5556
- C:\Windows\System\EbIYcbf.exe
  C:\Windows\System\EbIYcbf.exe
  2⤵
  PID:5608
- C:\Windows\System\aavyGta.exe
  C:\Windows\System\aavyGta.exe
  2⤵
  PID:5692
- C:\Windows\System\exCNhAy.exe
  C:\Windows\System\exCNhAy.exe
  2⤵
  PID:5640
- C:\Windows\System\JhcWLxE.exe
  C:\Windows\System\JhcWLxE.exe
  2⤵
  PID:5772
- C:\Windows\System\UHnEYCV.exe
  C:\Windows\System\UHnEYCV.exe
  2⤵
  PID:5644
- C:\Windows\System\nPjKYiZ.exe
  C:\Windows\System\nPjKYiZ.exe
  2⤵
  PID:5948
- C:\Windows\System\wtYkuKO.exe
  C:\Windows\System\wtYkuKO.exe
  2⤵
  PID:5708
- C:\Windows\System\hKYiHpM.exe
  C:\Windows\System\hKYiHpM.exe
  2⤵
  PID:5136
- C:\Windows\System\pBfGAgu.exe
  C:\Windows\System\pBfGAgu.exe
  2⤵
  PID:5440
- C:\Windows\System\tqotRDi.exe
  C:\Windows\System\tqotRDi.exe
  2⤵
  PID:6112
- C:\Windows\System\prtrGSb.exe
  C:\Windows\System\prtrGSb.exe
  2⤵
  PID:5964
- C:\Windows\System\tGrsKrt.exe
  C:\Windows\System\tGrsKrt.exe
  2⤵
  PID:5628
- C:\Windows\System\IHPhvUt.exe
  C:\Windows\System\IHPhvUt.exe
  2⤵
  PID:5240
- C:\Windows\System\bZjgKBf.exe
  C:\Windows\System\bZjgKBf.exe
  2⤵
  PID:5552
- C:\Windows\System\eIHDQdq.exe
  C:\Windows\System\eIHDQdq.exe
  2⤵
  PID:5404
- C:\Windows\System\DKeZBkG.exe
  C:\Windows\System\DKeZBkG.exe
  2⤵
  PID:772
- C:\Windows\System\NbmAsbx.exe
  C:\Windows\System\NbmAsbx.exe
  2⤵
  PID:5876
- C:\Windows\System\uVjvfve.exe
  C:\Windows\System\uVjvfve.exe
  2⤵
  PID:5720
- C:\Windows\System\GqfEuMu.exe
  C:\Windows\System\GqfEuMu.exe
  2⤵
  PID:5532
- C:\Windows\System\mWCCVAE.exe
  C:\Windows\System\mWCCVAE.exe
  2⤵
  PID:5688
- C:\Windows\System\JzoADlY.exe
  C:\Windows\System\JzoADlY.exe
  2⤵
  PID:5864
- C:\Windows\System\PecTNEo.exe
  C:\Windows\System\PecTNEo.exe
  2⤵
  PID:5504
- C:\Windows\System\OYPDMRu.exe
  C:\Windows\System\OYPDMRu.exe
  2⤵
  PID:6136
- C:\Windows\System\WwMyuAV.exe
  C:\Windows\System\WwMyuAV.exe
  2⤵
  PID:5624
- C:\Windows\System\ycEHAPM.exe
  C:\Windows\System\ycEHAPM.exe
  2⤵
  PID:5260
- C:\Windows\System\FRyMUHw.exe
  C:\Windows\System\FRyMUHw.exe
  2⤵
  PID:5612
- C:\Windows\System\ykLzCDD.exe
  C:\Windows\System\ykLzCDD.exe
  2⤵
  PID:6056
- C:\Windows\System\PYtheBy.exe
  C:\Windows\System\PYtheBy.exe
  2⤵
  PID:6156
- C:\Windows\System\OfwSXLs.exe
  C:\Windows\System\OfwSXLs.exe
  2⤵
  PID:6172
- C:\Windows\System\xbYRRLM.exe
  C:\Windows\System\xbYRRLM.exe
  2⤵
  PID:6188
- C:\Windows\System\npPTxJx.exe
  C:\Windows\System\npPTxJx.exe
  2⤵
  PID:6204
- C:\Windows\System\pYNlEkg.exe
  C:\Windows\System\pYNlEkg.exe
  2⤵
  PID:6220
- C:\Windows\System\PNJKcgH.exe
  C:\Windows\System\PNJKcgH.exe
  2⤵
  PID:6236
- C:\Windows\System\IWXOkAb.exe
  C:\Windows\System\IWXOkAb.exe
  2⤵
  PID:6252
- C:\Windows\System\vqMQnUw.exe
  C:\Windows\System\vqMQnUw.exe
  2⤵
  PID:6268
- C:\Windows\System\wVlOgZn.exe
  C:\Windows\System\wVlOgZn.exe
  2⤵
  PID:6284
- C:\Windows\System\IladAIi.exe
  C:\Windows\System\IladAIi.exe
  2⤵
  PID:6300
- C:\Windows\System\NtRMblI.exe
  C:\Windows\System\NtRMblI.exe
  2⤵
  PID:6316
- C:\Windows\System\RZXMYTy.exe
  C:\Windows\System\RZXMYTy.exe
  2⤵
  PID:6332
- C:\Windows\System\zfOUDov.exe
  C:\Windows\System\zfOUDov.exe
  2⤵
  PID:6348
- C:\Windows\System\VLssGPO.exe
  C:\Windows\System\VLssGPO.exe
  2⤵
  PID:6364
- C:\Windows\System\MqKPpPH.exe
  C:\Windows\System\MqKPpPH.exe
  2⤵
  PID:6380
- C:\Windows\System\EYRftsV.exe
  C:\Windows\System\EYRftsV.exe
  2⤵
  PID:6396
- C:\Windows\System\loJAyUH.exe
  C:\Windows\System\loJAyUH.exe
  2⤵
  PID:6412
- C:\Windows\System\BHufjDj.exe
  C:\Windows\System\BHufjDj.exe
  2⤵
  PID:6428
- C:\Windows\System\iHtoMyO.exe
  C:\Windows\System\iHtoMyO.exe
  2⤵
  PID:6448
- C:\Windows\System\qtObvsV.exe
  C:\Windows\System\qtObvsV.exe
  2⤵
  PID:6464
- C:\Windows\System\zUDzMkl.exe
  C:\Windows\System\zUDzMkl.exe
  2⤵
  PID:6480
- C:\Windows\System\DyIXGYb.exe
  C:\Windows\System\DyIXGYb.exe
  2⤵
  PID:6496
- C:\Windows\System\pTTSygK.exe
  C:\Windows\System\pTTSygK.exe
  2⤵
  PID:6512
- C:\Windows\System\ibLPHmY.exe
  C:\Windows\System\ibLPHmY.exe
  2⤵
  PID:6528
- C:\Windows\System\qIGMbeD.exe
  C:\Windows\System\qIGMbeD.exe
  2⤵
  PID:6544
- C:\Windows\System\azYLcTA.exe
  C:\Windows\System\azYLcTA.exe
  2⤵
  PID:6560
- C:\Windows\System\TsVBFOY.exe
  C:\Windows\System\TsVBFOY.exe
  2⤵
  PID:6576
- C:\Windows\System\koMnEtj.exe
  C:\Windows\System\koMnEtj.exe
  2⤵
  PID:6592
- C:\Windows\System\NyEKkLb.exe
  C:\Windows\System\NyEKkLb.exe
  2⤵
  PID:6608
- C:\Windows\System\GHsPXDs.exe
  C:\Windows\System\GHsPXDs.exe
  2⤵
  PID:6624
- C:\Windows\System\TsDeTdy.exe
  C:\Windows\System\TsDeTdy.exe
  2⤵
  PID:6640
- C:\Windows\System\eLPnfnT.exe
  C:\Windows\System\eLPnfnT.exe
  2⤵
  PID:6656
- C:\Windows\System\pIHGUyG.exe
  C:\Windows\System\pIHGUyG.exe
  2⤵
  PID:6672
- C:\Windows\System\BvQMdFh.exe
  C:\Windows\System\BvQMdFh.exe
  2⤵
  PID:6688
- C:\Windows\System\idKClTh.exe
  C:\Windows\System\idKClTh.exe
  2⤵
  PID:6704
- C:\Windows\System\HvcwIuR.exe
  C:\Windows\System\HvcwIuR.exe
  2⤵
  PID:6720
- C:\Windows\System\OSLqjLu.exe
  C:\Windows\System\OSLqjLu.exe
  2⤵
  PID:6736
- C:\Windows\System\krviyXp.exe
  C:\Windows\System\krviyXp.exe
  2⤵
  PID:6752
- C:\Windows\System\IgZadgC.exe
  C:\Windows\System\IgZadgC.exe
  2⤵
  PID:6768
- C:\Windows\System\SdKuanb.exe
  C:\Windows\System\SdKuanb.exe
  2⤵
  PID:6784
- C:\Windows\System\bnLAijV.exe
  C:\Windows\System\bnLAijV.exe
  2⤵
  PID:6804
- C:\Windows\System\wrQPiwq.exe
  C:\Windows\System\wrQPiwq.exe
  2⤵
  PID:6820
- C:\Windows\System\TgWepYa.exe
  C:\Windows\System\TgWepYa.exe
  2⤵
  PID:6836
- C:\Windows\System\YYaioZM.exe
  C:\Windows\System\YYaioZM.exe
  2⤵
  PID:6852
- C:\Windows\System\iplmRXb.exe
  C:\Windows\System\iplmRXb.exe
  2⤵
  PID:6868
- C:\Windows\System\ziHOvtP.exe
  C:\Windows\System\ziHOvtP.exe
  2⤵
  PID:6884
- C:\Windows\System\GuqbLAO.exe
  C:\Windows\System\GuqbLAO.exe
  2⤵
  PID:6900
- C:\Windows\System\bcxNChm.exe
  C:\Windows\System\bcxNChm.exe
  2⤵
  PID:6916
- C:\Windows\System\nomQhtf.exe
  C:\Windows\System\nomQhtf.exe
  2⤵
  PID:6932
- C:\Windows\System\fvQnQBJ.exe
  C:\Windows\System\fvQnQBJ.exe
  2⤵
  PID:6948
- C:\Windows\System\mxsZCVG.exe
  C:\Windows\System\mxsZCVG.exe
  2⤵
  PID:6964
- C:\Windows\System\NMMRyhk.exe
  C:\Windows\System\NMMRyhk.exe
  2⤵
  PID:6980
- C:\Windows\System\kvMDmYs.exe
  C:\Windows\System\kvMDmYs.exe
  2⤵
  PID:6996
- C:\Windows\System\QoIJEyd.exe
  C:\Windows\System\QoIJEyd.exe
  2⤵
  PID:7012
- C:\Windows\System\PmiolQp.exe
  C:\Windows\System\PmiolQp.exe
  2⤵
  PID:7028
- C:\Windows\System\uWuQIqO.exe
  C:\Windows\System\uWuQIqO.exe
  2⤵
  PID:7044
- C:\Windows\System\sWcUAnw.exe
  C:\Windows\System\sWcUAnw.exe
  2⤵
  PID:7060
- C:\Windows\System\IoExKKF.exe
  C:\Windows\System\IoExKKF.exe
  2⤵
  PID:7076
- C:\Windows\System\pKaAqba.exe
  C:\Windows\System\pKaAqba.exe
  2⤵
  PID:7092
- C:\Windows\System\OGwnzar.exe
  C:\Windows\System\OGwnzar.exe
  2⤵
  PID:7108
- C:\Windows\System\sHJgAYM.exe
  C:\Windows\System\sHJgAYM.exe
  2⤵
  PID:7124
- C:\Windows\System\jCznisQ.exe
  C:\Windows\System\jCznisQ.exe
  2⤵
  PID:7140
- C:\Windows\System\uNbArGT.exe
  C:\Windows\System\uNbArGT.exe
  2⤵
  PID:7156
- C:\Windows\System\kYFfeQg.exe
  C:\Windows\System\kYFfeQg.exe
  2⤵
  PID:5820
- C:\Windows\System\kjJgYKD.exe
  C:\Windows\System\kjJgYKD.exe
  2⤵
  PID:6180
- C:\Windows\System\RdVjuPc.exe
  C:\Windows\System\RdVjuPc.exe
  2⤵
  PID:6244
- C:\Windows\System\izqnjBs.exe
  C:\Windows\System\izqnjBs.exe
  2⤵
  PID:5872
- C:\Windows\System\NfvJGZf.exe
  C:\Windows\System\NfvJGZf.exe
  2⤵
  PID:6312
- C:\Windows\System\hdBEUex.exe
  C:\Windows\System\hdBEUex.exe
  2⤵
  PID:6080
- C:\Windows\System\KUurhxo.exe
  C:\Windows\System\KUurhxo.exe
  2⤵
  PID:5740
- C:\Windows\System\aonPkhb.exe
  C:\Windows\System\aonPkhb.exe
  2⤵
  PID:5308
- C:\Windows\System\ttYZTXm.exe
  C:\Windows\System\ttYZTXm.exe
  2⤵
  PID:6260
- C:\Windows\System\fFMHJLc.exe
  C:\Windows\System\fFMHJLc.exe
  2⤵
  PID:6296
- C:\Windows\System\SdTSlhF.exe
  C:\Windows\System\SdTSlhF.exe
  2⤵
  PID:6200
- C:\Windows\System\tmFwjTM.exe
  C:\Windows\System\tmFwjTM.exe
  2⤵
  PID:6340
- C:\Windows\System\HTqPGuW.exe
  C:\Windows\System\HTqPGuW.exe
  2⤵
  PID:6388
- C:\Windows\System\DUYfwek.exe
  C:\Windows\System\DUYfwek.exe
  2⤵
  PID:6356
- C:\Windows\System\zGgiWiH.exe
  C:\Windows\System\zGgiWiH.exe
  2⤵
  PID:6436
- C:\Windows\System\fQYvKHn.exe
  C:\Windows\System\fQYvKHn.exe
  2⤵
  PID:6376
- C:\Windows\System\CdDiOKr.exe
  C:\Windows\System\CdDiOKr.exe
  2⤵
  PID:6460
- C:\Windows\System\VKVcVzU.exe
  C:\Windows\System\VKVcVzU.exe
  2⤵
  PID:6568
- C:\Windows\System\oUxGRBC.exe
  C:\Windows\System\oUxGRBC.exe
  2⤵
  PID:6524
- C:\Windows\System\bpWGCBt.exe
  C:\Windows\System\bpWGCBt.exe
  2⤵
  PID:6604
- C:\Windows\System\FjWTCnU.exe
  C:\Windows\System\FjWTCnU.exe
  2⤵
  PID:6616
- C:\Windows\System\AicpqyC.exe
  C:\Windows\System\AicpqyC.exe
  2⤵
  PID:6620
- C:\Windows\System\UqKfmQe.exe
  C:\Windows\System\UqKfmQe.exe
  2⤵
  PID:6684
- C:\Windows\System\lscMVnk.exe
  C:\Windows\System\lscMVnk.exe
  2⤵
  PID:6732
- C:\Windows\System\wtimMXu.exe
  C:\Windows\System\wtimMXu.exe
  2⤵
  PID:6792
- C:\Windows\System\wNHAMEL.exe
  C:\Windows\System\wNHAMEL.exe
  2⤵
  PID:6860
- C:\Windows\System\wGsXtsC.exe
  C:\Windows\System\wGsXtsC.exe
  2⤵
  PID:6816
- C:\Windows\System\jAcuSVs.exe
  C:\Windows\System\jAcuSVs.exe
  2⤵
  PID:6896
- C:\Windows\System\atrjKyq.exe
  C:\Windows\System\atrjKyq.exe
  2⤵
  PID:6960
- C:\Windows\System\tbAcVkr.exe
  C:\Windows\System\tbAcVkr.exe
  2⤵
  PID:7024
- C:\Windows\System\skaVTag.exe
  C:\Windows\System\skaVTag.exe
  2⤵
  PID:7052
- C:\Windows\System\aPAxIkW.exe
  C:\Windows\System\aPAxIkW.exe
  2⤵
  PID:7116
- C:\Windows\System\fUHQHqg.exe
  C:\Windows\System\fUHQHqg.exe
  2⤵
  PID:6152
- C:\Windows\System\wOoEKBN.exe
  C:\Windows\System\wOoEKBN.exe
  2⤵
  PID:7104
- C:\Windows\System\cNrDhvR.exe
  C:\Windows\System\cNrDhvR.exe
  2⤵
  PID:7100
- C:\Windows\System\QrzrMbd.exe
  C:\Windows\System\QrzrMbd.exe
  2⤵
  PID:6168
- C:\Windows\System\WXvMjYD.exe
  C:\Windows\System\WXvMjYD.exe
  2⤵
  PID:5808
- C:\Windows\System\uTVWEuO.exe
  C:\Windows\System\uTVWEuO.exe
  2⤵
  PID:6212
- C:\Windows\System\KdVfDYQ.exe
  C:\Windows\System\KdVfDYQ.exe
  2⤵
  PID:6308
- C:\Windows\System\SGjMNrp.exe
  C:\Windows\System\SGjMNrp.exe
  2⤵
  PID:6424
- C:\Windows\System\mSKGeSi.exe
  C:\Windows\System\mSKGeSi.exe
  2⤵
  PID:1468
- C:\Windows\System\bJBioXT.exe
  C:\Windows\System\bJBioXT.exe
  2⤵
  PID:5984
- C:\Windows\System\vBJQulC.exe
  C:\Windows\System\vBJQulC.exe
  2⤵
  PID:6476
- C:\Windows\System\CBPeJKR.exe
  C:\Windows\System\CBPeJKR.exe
  2⤵
  PID:6264
- C:\Windows\System\kOyZFZy.exe
  C:\Windows\System\kOyZFZy.exe
  2⤵
  PID:6520
- C:\Windows\System\gRXgkpx.exe
  C:\Windows\System\gRXgkpx.exe
  2⤵
  PID:2252
- C:\Windows\System\lqGOljN.exe
  C:\Windows\System\lqGOljN.exe
  2⤵
  PID:6760
- C:\Windows\System\zSpGTYE.exe
  C:\Windows\System\zSpGTYE.exe
  2⤵
  PID:6800
- C:\Windows\System\tONFskU.exe
  C:\Windows\System\tONFskU.exe
  2⤵
  PID:6744
- C:\Windows\System\bqnbUVT.exe
  C:\Windows\System\bqnbUVT.exe
  2⤵
  PID:6848
- C:\Windows\System\dFdfzNL.exe
  C:\Windows\System\dFdfzNL.exe
  2⤵
  PID:7084
- C:\Windows\System\EwzteKh.exe
  C:\Windows\System\EwzteKh.exe
  2⤵
  PID:6912
- C:\Windows\System\JUUXLSn.exe
  C:\Windows\System\JUUXLSn.exe
  2⤵
  PID:7068
- C:\Windows\System\sdruBed.exe
  C:\Windows\System\sdruBed.exe
  2⤵
  PID:5420
- C:\Windows\System\kXUGkni.exe
  C:\Windows\System\kXUGkni.exe
  2⤵
  PID:944
- C:\Windows\System\gDynBQH.exe
  C:\Windows\System\gDynBQH.exe
  2⤵
  PID:6944
- C:\Windows\System\SPpOoLd.exe
  C:\Windows\System\SPpOoLd.exe
  2⤵
  PID:5220
- C:\Windows\System\KRgDKDF.exe
  C:\Windows\System\KRgDKDF.exe
  2⤵
  PID:6324
- C:\Windows\System\oKgZOFk.exe
  C:\Windows\System\oKgZOFk.exe
  2⤵
  PID:6540
- C:\Windows\System\HJPOYyA.exe
  C:\Windows\System\HJPOYyA.exe
  2⤵
  PID:6488
- C:\Windows\System\HqJzVTN.exe
  C:\Windows\System\HqJzVTN.exe
  2⤵
  PID:6776
- C:\Windows\System\dfWBAlt.exe
  C:\Windows\System\dfWBAlt.exe
  2⤵
  PID:7088
- C:\Windows\System\RUAbMKZ.exe
  C:\Windows\System\RUAbMKZ.exe
  2⤵
  PID:6164
- C:\Windows\System\bGNRrBN.exe
  C:\Windows\System\bGNRrBN.exe
  2⤵
  PID:5172
- C:\Windows\System\dGzJrVB.exe
  C:\Windows\System\dGzJrVB.exe
  2⤵
  PID:7176
- C:\Windows\System\tpwLORA.exe
  C:\Windows\System\tpwLORA.exe
  2⤵
  PID:7192
- C:\Windows\System\JQebCzP.exe
  C:\Windows\System\JQebCzP.exe
  2⤵
  PID:7208
- C:\Windows\System\JzyOshs.exe
  C:\Windows\System\JzyOshs.exe
  2⤵
  PID:7224
- C:\Windows\System\hUVyLTe.exe
  C:\Windows\System\hUVyLTe.exe
  2⤵
  PID:7240
- C:\Windows\System\QKSJDLE.exe
  C:\Windows\System\QKSJDLE.exe
  2⤵
  PID:7256
- C:\Windows\System\LSFtaKN.exe
  C:\Windows\System\LSFtaKN.exe
  2⤵
  PID:7272
- C:\Windows\System\TbrNdxx.exe
  C:\Windows\System\TbrNdxx.exe
  2⤵
  PID:7288
- C:\Windows\System\rMMfGAj.exe
  C:\Windows\System\rMMfGAj.exe
  2⤵
  PID:7304
- C:\Windows\System\DrpTtJi.exe
  C:\Windows\System\DrpTtJi.exe
  2⤵
  PID:7320
- C:\Windows\System\cBtejCa.exe
  C:\Windows\System\cBtejCa.exe
  2⤵
  PID:7336
- C:\Windows\System\GZDQXqI.exe
  C:\Windows\System\GZDQXqI.exe
  2⤵
  PID:7352
- C:\Windows\System\PdsOXXS.exe
  C:\Windows\System\PdsOXXS.exe
  2⤵
  PID:7368
- C:\Windows\System\SWKEyHv.exe
  C:\Windows\System\SWKEyHv.exe
  2⤵
  PID:7384
- C:\Windows\System\aPWUqKx.exe
  C:\Windows\System\aPWUqKx.exe
  2⤵
  PID:7400
- C:\Windows\System\asnScqH.exe
  C:\Windows\System\asnScqH.exe
  2⤵
  PID:7416
- C:\Windows\System\sgCvpiE.exe
  C:\Windows\System\sgCvpiE.exe
  2⤵
  PID:7436
- C:\Windows\System\njYrPnh.exe
  C:\Windows\System\njYrPnh.exe
  2⤵
  PID:7452
- C:\Windows\System\OGBTtjs.exe
  C:\Windows\System\OGBTtjs.exe
  2⤵
  PID:7468
- C:\Windows\System\RKhlHkQ.exe
  C:\Windows\System\RKhlHkQ.exe
  2⤵
  PID:7484
- C:\Windows\System\GcNLFCb.exe
  C:\Windows\System\GcNLFCb.exe
  2⤵
  PID:7500
- C:\Windows\System\IRRCFOK.exe
  C:\Windows\System\IRRCFOK.exe
  2⤵
  PID:7516
- C:\Windows\System\feoAqBx.exe
  C:\Windows\System\feoAqBx.exe
  2⤵
  PID:7532
- C:\Windows\System\CvLluoZ.exe
  C:\Windows\System\CvLluoZ.exe
  2⤵
  PID:7548
- C:\Windows\System\mVCLzAz.exe
  C:\Windows\System\mVCLzAz.exe
  2⤵
  PID:7564
- C:\Windows\System\fuHBAzM.exe
  C:\Windows\System\fuHBAzM.exe
  2⤵
  PID:7628
- C:\Windows\System\ljNSIbD.exe
  C:\Windows\System\ljNSIbD.exe
  2⤵
  PID:7652
- C:\Windows\System\heynfSF.exe
  C:\Windows\System\heynfSF.exe
  2⤵
  PID:7668
- C:\Windows\System\yJZbgAX.exe
  C:\Windows\System\yJZbgAX.exe
  2⤵
  PID:7684
- C:\Windows\System\IypLnDO.exe
  C:\Windows\System\IypLnDO.exe
  2⤵
  PID:7700
- C:\Windows\System\LjKjLHt.exe
  C:\Windows\System\LjKjLHt.exe
  2⤵
  PID:7716
- C:\Windows\System\lCThPSp.exe
  C:\Windows\System\lCThPSp.exe
  2⤵
  PID:7732
- C:\Windows\System\QeQPdBb.exe
  C:\Windows\System\QeQPdBb.exe
  2⤵
  PID:7748
- C:\Windows\System\EwJzMUl.exe
  C:\Windows\System\EwJzMUl.exe
  2⤵
  PID:7764
- C:\Windows\System\HBfnqMv.exe
  C:\Windows\System\HBfnqMv.exe
  2⤵
  PID:7780
- C:\Windows\System\crGoodJ.exe
  C:\Windows\System\crGoodJ.exe
  2⤵
  PID:7796
- C:\Windows\System\KSBoaoq.exe
  C:\Windows\System\KSBoaoq.exe
  2⤵
  PID:7812
- C:\Windows\System\pNgYTYx.exe
  C:\Windows\System\pNgYTYx.exe
  2⤵
  PID:7876
- C:\Windows\System\KvGxkbb.exe
  C:\Windows\System\KvGxkbb.exe
  2⤵
  PID:7892
- C:\Windows\System\PedcfUb.exe
  C:\Windows\System\PedcfUb.exe
  2⤵
  PID:7908
- C:\Windows\System\NTnEzHQ.exe
  C:\Windows\System\NTnEzHQ.exe
  2⤵
  PID:7924
- C:\Windows\System\EdBljNN.exe
  C:\Windows\System\EdBljNN.exe
  2⤵
  PID:7944
- C:\Windows\System\HYXbAFV.exe
  C:\Windows\System\HYXbAFV.exe
  2⤵
  PID:7960
- C:\Windows\System\CoafhWT.exe
  C:\Windows\System\CoafhWT.exe
  2⤵
  PID:7976
- C:\Windows\System\vrZZanc.exe
  C:\Windows\System\vrZZanc.exe
  2⤵
  PID:7992
- C:\Windows\System\saBYVtJ.exe
  C:\Windows\System\saBYVtJ.exe
  2⤵
  PID:8008
- C:\Windows\System\SxvKjtD.exe
  C:\Windows\System\SxvKjtD.exe
  2⤵
  PID:8024
- C:\Windows\System\cIMrFHM.exe
  C:\Windows\System\cIMrFHM.exe
  2⤵
  PID:8040
- C:\Windows\System\fCZUbjQ.exe
  C:\Windows\System\fCZUbjQ.exe
  2⤵
  PID:8056
- C:\Windows\System\MSPPaNb.exe
  C:\Windows\System\MSPPaNb.exe
  2⤵
  PID:8072
- C:\Windows\System\vInBvoE.exe
  C:\Windows\System\vInBvoE.exe
  2⤵
  PID:8088
- C:\Windows\System\njKmVAw.exe
  C:\Windows\System\njKmVAw.exe
  2⤵
  PID:8104
- C:\Windows\System\zTaUMsv.exe
  C:\Windows\System\zTaUMsv.exe
  2⤵
  PID:8120
- C:\Windows\System\INeIOsg.exe
  C:\Windows\System\INeIOsg.exe
  2⤵
  PID:8136
- C:\Windows\System\mOabQUf.exe
  C:\Windows\System\mOabQUf.exe
  2⤵
  PID:8152
- C:\Windows\System\EafVHvP.exe
  C:\Windows\System\EafVHvP.exe
  2⤵
  PID:8168
- C:\Windows\System\BptuFjD.exe
  C:\Windows\System\BptuFjD.exe
  2⤵
  PID:8184
- C:\Windows\System\jfDpkNa.exe
  C:\Windows\System\jfDpkNa.exe
  2⤵
  PID:5932
- C:\Windows\System\XBZqowi.exe
  C:\Windows\System\XBZqowi.exe
  2⤵
  PID:7132
- C:\Windows\System\wvyvdXj.exe
  C:\Windows\System\wvyvdXj.exe
  2⤵
  PID:7216
- C:\Windows\System\ySHnbGg.exe
  C:\Windows\System\ySHnbGg.exe
  2⤵
  PID:6652
- C:\Windows\System\RAbzGIN.exe
  C:\Windows\System\RAbzGIN.exe
  2⤵
  PID:7204
- C:\Windows\System\pNUImhW.exe
  C:\Windows\System\pNUImhW.exe
  2⤵
  PID:6876
- C:\Windows\System\DsEBpLp.exe
  C:\Windows\System\DsEBpLp.exe
  2⤵
  PID:5256
- C:\Windows\System\tAWJmdb.exe
  C:\Windows\System\tAWJmdb.exe
  2⤵
  PID:6956
- C:\Windows\System\pDaNXdS.exe
  C:\Windows\System\pDaNXdS.exe
  2⤵
  PID:7004
- C:\Windows\System\TIZMceN.exe
  C:\Windows\System\TIZMceN.exe
  2⤵
  PID:7284
- C:\Windows\System\ZpRJuVk.exe
  C:\Windows\System\ZpRJuVk.exe
  2⤵
  PID:7300
- C:\Windows\System\mFWUgpF.exe
  C:\Windows\System\mFWUgpF.exe
  2⤵
  PID:7348
- C:\Windows\System\vxDYyiW.exe
  C:\Windows\System\vxDYyiW.exe
  2⤵
  PID:7428
- C:\Windows\System\FAAzLZm.exe
  C:\Windows\System\FAAzLZm.exe
  2⤵
  PID:7492
- C:\Windows\System\ZrIWowK.exe
  C:\Windows\System\ZrIWowK.exe
  2⤵
  PID:7448
- C:\Windows\System\UcJQNxD.exe
  C:\Windows\System\UcJQNxD.exe
  2⤵
  PID:7512
- C:\Windows\System\JZVINhw.exe
  C:\Windows\System\JZVINhw.exe
  2⤵
  PID:7460
- C:\Windows\System\JqzEMNK.exe
  C:\Windows\System\JqzEMNK.exe
  2⤵
  PID:7424
- C:\Windows\System\JMoNbWB.exe
  C:\Windows\System\JMoNbWB.exe
  2⤵
  PID:7572
- C:\Windows\System\YiApwND.exe
  C:\Windows\System\YiApwND.exe
  2⤵
  PID:7588
- C:\Windows\System\EuFIGLM.exe
  C:\Windows\System\EuFIGLM.exe
  2⤵
  PID:7604
- C:\Windows\System\kkWjqIb.exe
  C:\Windows\System\kkWjqIb.exe
  2⤵
  PID:7624
- C:\Windows\System\gcDKtRo.exe
  C:\Windows\System\gcDKtRo.exe
  2⤵
  PID:7692
- C:\Windows\System\OopvJiA.exe
  C:\Windows\System\OopvJiA.exe
  2⤵
  PID:7724
- C:\Windows\System\XvFDdsL.exe
  C:\Windows\System\XvFDdsL.exe
  2⤵
  PID:7708
- C:\Windows\System\AONuyoU.exe
  C:\Windows\System\AONuyoU.exe
  2⤵
  PID:7644
- C:\Windows\System\BGiMoxU.exe
  C:\Windows\System\BGiMoxU.exe
  2⤵
  PID:7808
- C:\Windows\System\twSzQzf.exe
  C:\Windows\System\twSzQzf.exe
  2⤵
  PID:7792
- C:\Windows\System\IRGNjah.exe
  C:\Windows\System\IRGNjah.exe
  2⤵
  PID:7836
- C:\Windows\System\IYzVJoh.exe
  C:\Windows\System\IYzVJoh.exe
  2⤵
  PID:7852
- C:\Windows\System\qCuHgxk.exe
  C:\Windows\System\qCuHgxk.exe
  2⤵
  PID:7868
- C:\Windows\System\rdLHnwG.exe
  C:\Windows\System\rdLHnwG.exe
  2⤵
  PID:7900
- C:\Windows\System\pphtkGK.exe
  C:\Windows\System\pphtkGK.exe
  2⤵
  PID:7904
- C:\Windows\System\CZieZBK.exe
  C:\Windows\System\CZieZBK.exe
  2⤵
  PID:7968
- C:\Windows\System\MQnlYfS.exe
  C:\Windows\System\MQnlYfS.exe
  2⤵
  PID:7984
- C:\Windows\System\wFRfCcg.exe
  C:\Windows\System\wFRfCcg.exe
  2⤵
  PID:7988
- C:\Windows\System\mmDlEqT.exe
  C:\Windows\System\mmDlEqT.exe
  2⤵
  PID:8020
- C:\Windows\System\zFWJPQz.exe
  C:\Windows\System\zFWJPQz.exe
  2⤵
  PID:8100
- C:\Windows\System\HzpEILy.exe
  C:\Windows\System\HzpEILy.exe
  2⤵
  PID:8052
- C:\Windows\System\AhdbtqJ.exe
  C:\Windows\System\AhdbtqJ.exe
  2⤵
  PID:8116
- C:\Windows\System\aJUWhsp.exe
  C:\Windows\System\aJUWhsp.exe
  2⤵
  PID:6712
- C:\Windows\System\CJQqUho.exe
  C:\Windows\System\CJQqUho.exe
  2⤵
  PID:6812
- C:\Windows\System\VfhNega.exe
  C:\Windows\System\VfhNega.exe
  2⤵
  PID:6764
- C:\Windows\System\VkVUhtZ.exe
  C:\Windows\System\VkVUhtZ.exe
  2⤵
  PID:6036
- C:\Windows\System\UUkxYGK.exe
  C:\Windows\System\UUkxYGK.exe
  2⤵
  PID:5936
- C:\Windows\System\XkuPAGL.exe
  C:\Windows\System\XkuPAGL.exe
  2⤵
  PID:7152
- C:\Windows\System\UHkRXsv.exe
  C:\Windows\System\UHkRXsv.exe
  2⤵
  PID:7380
- C:\Windows\System\QSwsVYt.exe
  C:\Windows\System\QSwsVYt.exe
  2⤵
  PID:7344
- C:\Windows\System\OFAPQrX.exe
  C:\Windows\System\OFAPQrX.exe
  2⤵
  PID:7364
- C:\Windows\System\CERMnsS.exe
  C:\Windows\System\CERMnsS.exe
  2⤵
  PID:7508
- C:\Windows\System\sGpXNbj.exe
  C:\Windows\System\sGpXNbj.exe
  2⤵
  PID:7584
- C:\Windows\System\bkLkbJD.exe
  C:\Windows\System\bkLkbJD.exe
  2⤵
  PID:7660
- C:\Windows\System\RsYnYQo.exe
  C:\Windows\System\RsYnYQo.exe
  2⤵
  PID:7676
- C:\Windows\System\gvvaoVm.exe
  C:\Windows\System\gvvaoVm.exe
  2⤵
  PID:7640
- C:\Windows\System\kcInEZT.exe
  C:\Windows\System\kcInEZT.exe
  2⤵
  PID:7788
- C:\Windows\System\QyvgoIr.exe
  C:\Windows\System\QyvgoIr.exe
  2⤵
  PID:7956
- C:\Windows\System\eqZTQfH.exe
  C:\Windows\System\eqZTQfH.exe
  2⤵
  PID:7920
- C:\Windows\System\skaxpGY.exe
  C:\Windows\System\skaxpGY.exe
  2⤵
  PID:8080
- C:\Windows\System\kQSjwjo.exe
  C:\Windows\System\kQSjwjo.exe
  2⤵
  PID:7888
- C:\Windows\System\vZHKkIw.exe
  C:\Windows\System\vZHKkIw.exe
  2⤵
  PID:8180
- C:\Windows\System\UdKocCW.exe
  C:\Windows\System\UdKocCW.exe
  2⤵
  PID:8000
- C:\Windows\System\esTwHDl.exe
  C:\Windows\System\esTwHDl.exe
  2⤵
  PID:8132
- C:\Windows\System\AugwitV.exe
  C:\Windows\System\AugwitV.exe
  2⤵
  PID:7940
- C:\Windows\System\IpmBsmU.exe
  C:\Windows\System\IpmBsmU.exe
  2⤵
  PID:7560
- C:\Windows\System\lQhMybU.exe
  C:\Windows\System\lQhMybU.exe
  2⤵
  PID:8128
- C:\Windows\System\CRvGUWP.exe
  C:\Windows\System\CRvGUWP.exe
  2⤵
  PID:6636
- C:\Windows\System\ucQJNhu.exe
  C:\Windows\System\ucQJNhu.exe
  2⤵
  PID:8196
- C:\Windows\System\mldbVyf.exe
  C:\Windows\System\mldbVyf.exe
  2⤵
  PID:8212
- C:\Windows\System\aXakFqE.exe
  C:\Windows\System\aXakFqE.exe
  2⤵
  PID:8228
- C:\Windows\System\mxTkYxU.exe
  C:\Windows\System\mxTkYxU.exe
  2⤵
  PID:8244
- C:\Windows\System\fszLxks.exe
  C:\Windows\System\fszLxks.exe
  2⤵
  PID:8260
- C:\Windows\System\iYFPCYV.exe
  C:\Windows\System\iYFPCYV.exe
  2⤵
  PID:8276
- C:\Windows\System\SviYEql.exe
  C:\Windows\System\SviYEql.exe
  2⤵
  PID:8292
- C:\Windows\System\OFwsDsJ.exe
  C:\Windows\System\OFwsDsJ.exe
  2⤵
  PID:8308
- C:\Windows\System\LyqcOyW.exe
  C:\Windows\System\LyqcOyW.exe
  2⤵
  PID:8324
- C:\Windows\System\tQpyQRE.exe
  C:\Windows\System\tQpyQRE.exe
  2⤵
  PID:8340
- C:\Windows\System\WBaCodj.exe
  C:\Windows\System\WBaCodj.exe
  2⤵
  PID:8356
- C:\Windows\System\pEEdrNh.exe
  C:\Windows\System\pEEdrNh.exe
  2⤵
  PID:8372
- C:\Windows\System\lsiNoaF.exe
  C:\Windows\System\lsiNoaF.exe
  2⤵
  PID:8388
- C:\Windows\System\BmTfTex.exe
  C:\Windows\System\BmTfTex.exe
  2⤵
  PID:8404
- C:\Windows\System\cGHQZuX.exe
  C:\Windows\System\cGHQZuX.exe
  2⤵
  PID:8420
- C:\Windows\System\VNKpCko.exe
  C:\Windows\System\VNKpCko.exe
  2⤵
  PID:8436
- C:\Windows\System\eqgWLXL.exe
  C:\Windows\System\eqgWLXL.exe
  2⤵
  PID:8452
- C:\Windows\System\fZfxgEd.exe
  C:\Windows\System\fZfxgEd.exe
  2⤵
  PID:8468
- C:\Windows\System\eTotzWl.exe
  C:\Windows\System\eTotzWl.exe
  2⤵
  PID:8484
- C:\Windows\System\LYqVNqe.exe
  C:\Windows\System\LYqVNqe.exe
  2⤵
  PID:8500
- C:\Windows\System\GmrprWJ.exe
  C:\Windows\System\GmrprWJ.exe
  2⤵
  PID:8516
- C:\Windows\System\vhYkbca.exe
  C:\Windows\System\vhYkbca.exe
  2⤵
  PID:8532
- C:\Windows\System\JqZXzCi.exe
  C:\Windows\System\JqZXzCi.exe
  2⤵
  PID:8548
- C:\Windows\System\xOWrBff.exe
  C:\Windows\System\xOWrBff.exe
  2⤵
  PID:8564
- C:\Windows\System\mNajYSl.exe
  C:\Windows\System\mNajYSl.exe
  2⤵
  PID:8580
- C:\Windows\System\hAnLKBU.exe
  C:\Windows\System\hAnLKBU.exe
  2⤵
  PID:8596
- C:\Windows\System\DWptOQH.exe
  C:\Windows\System\DWptOQH.exe
  2⤵
  PID:8612
- C:\Windows\System\TRCWIPB.exe
  C:\Windows\System\TRCWIPB.exe
  2⤵
  PID:8628
- C:\Windows\System\hHuQQFG.exe
  C:\Windows\System\hHuQQFG.exe
  2⤵
  PID:8644
- C:\Windows\System\MnUMxDw.exe
  C:\Windows\System\MnUMxDw.exe
  2⤵
  PID:8660
- C:\Windows\System\AcCCvsk.exe
  C:\Windows\System\AcCCvsk.exe
  2⤵
  PID:8680
- C:\Windows\System\PLkZXzo.exe
  C:\Windows\System\PLkZXzo.exe
  2⤵
  PID:8696
- C:\Windows\System\dEiPYmo.exe
  C:\Windows\System\dEiPYmo.exe
  2⤵
  PID:8712
- C:\Windows\System\bbLTXYN.exe
  C:\Windows\System\bbLTXYN.exe
  2⤵
  PID:8728
- C:\Windows\System\gzCZdob.exe
  C:\Windows\System\gzCZdob.exe
  2⤵
  PID:8744
- C:\Windows\System\yDUQmbB.exe
  C:\Windows\System\yDUQmbB.exe
  2⤵
  PID:8760
- C:\Windows\System\hlZJjgb.exe
  C:\Windows\System\hlZJjgb.exe
  2⤵
  PID:8776
- C:\Windows\System\VdPfeHG.exe
  C:\Windows\System\VdPfeHG.exe
  2⤵
  PID:8792
- C:\Windows\System\ettJNiu.exe
  C:\Windows\System\ettJNiu.exe
  2⤵
  PID:8808
- C:\Windows\System\svFvhYg.exe
  C:\Windows\System\svFvhYg.exe
  2⤵
  PID:8824
- C:\Windows\System\EKZedgk.exe
  C:\Windows\System\EKZedgk.exe
  2⤵
  PID:8840
- C:\Windows\System\ApQcbEZ.exe
  C:\Windows\System\ApQcbEZ.exe
  2⤵
  PID:8856
- C:\Windows\System\esUXKKG.exe
  C:\Windows\System\esUXKKG.exe
  2⤵
  PID:8872
- C:\Windows\System\KwoNQDk.exe
  C:\Windows\System\KwoNQDk.exe
  2⤵
  PID:8888
- C:\Windows\System\kFsyAEd.exe
  C:\Windows\System\kFsyAEd.exe
  2⤵
  PID:8908
- C:\Windows\System\HfWKCvN.exe
  C:\Windows\System\HfWKCvN.exe
  2⤵
  PID:8924
- C:\Windows\System\rXxOmun.exe
  C:\Windows\System\rXxOmun.exe
  2⤵
  PID:8940
- C:\Windows\System\QpMrYKp.exe
  C:\Windows\System\QpMrYKp.exe
  2⤵
  PID:8956
- C:\Windows\System\XIKIcEj.exe
  C:\Windows\System\XIKIcEj.exe
  2⤵
  PID:8972
- C:\Windows\System\hzgvDFn.exe
  C:\Windows\System\hzgvDFn.exe
  2⤵
  PID:8988
- C:\Windows\System\RPgPonS.exe
  C:\Windows\System\RPgPonS.exe
  2⤵
  PID:9004
- C:\Windows\System\oJeztiJ.exe
  C:\Windows\System\oJeztiJ.exe
  2⤵
  PID:9020
- C:\Windows\System\DAxwJOh.exe
  C:\Windows\System\DAxwJOh.exe
  2⤵
  PID:9036
- C:\Windows\System\JIJPXwB.exe
  C:\Windows\System\JIJPXwB.exe
  2⤵
  PID:9052
- C:\Windows\System\WILTiqV.exe
  C:\Windows\System\WILTiqV.exe
  2⤵
  PID:9068
- C:\Windows\System\lJWvVsu.exe
  C:\Windows\System\lJWvVsu.exe
  2⤵
  PID:9084
- C:\Windows\System\OdWwOPZ.exe
  C:\Windows\System\OdWwOPZ.exe
  2⤵
  PID:9100
- C:\Windows\System\wWaZgIF.exe
  C:\Windows\System\wWaZgIF.exe
  2⤵
  PID:9116
- C:\Windows\System\DPieYCz.exe
  C:\Windows\System\DPieYCz.exe
  2⤵
  PID:9132
- C:\Windows\System\PkbtuXI.exe
  C:\Windows\System\PkbtuXI.exe
  2⤵
  PID:9148
- C:\Windows\System\XUmGurL.exe
  C:\Windows\System\XUmGurL.exe
  2⤵
  PID:9164
- C:\Windows\System\PdnZFlb.exe
  C:\Windows\System\PdnZFlb.exe
  2⤵
  PID:9180
- C:\Windows\System\pZJjnnf.exe
  C:\Windows\System\pZJjnnf.exe
  2⤵
  PID:9196
- C:\Windows\System\YnlQRLK.exe
  C:\Windows\System\YnlQRLK.exe
  2⤵
  PID:9212
- C:\Windows\System\OwNDhYW.exe
  C:\Windows\System\OwNDhYW.exe
  2⤵
  PID:8224
- C:\Windows\System\MXVweaT.exe
  C:\Windows\System\MXVweaT.exe
  2⤵
  PID:7444
- C:\Windows\System\eOYryrB.exe
  C:\Windows\System\eOYryrB.exe
  2⤵
  PID:7744
- C:\Windows\System\ZkwMJGr.exe
  C:\Windows\System\ZkwMJGr.exe
  2⤵
  PID:7848
- C:\Windows\System\fwffaoi.exe
  C:\Windows\System\fwffaoi.exe
  2⤵
  PID:6556
- C:\Windows\System\dZOfVGh.exe
  C:\Windows\System\dZOfVGh.exe
  2⤵
  PID:8540
- C:\Windows\System\UvlTkEd.exe
  C:\Windows\System\UvlTkEd.exe
  2⤵
  PID:8284
- C:\Windows\System\wrDOAps.exe
  C:\Windows\System\wrDOAps.exe
  2⤵
  PID:8348
- C:\Windows\System\LnKnfZs.exe
  C:\Windows\System\LnKnfZs.exe
  2⤵
  PID:8412
- C:\Windows\System\WLANUKw.exe
  C:\Windows\System\WLANUKw.exe
  2⤵
  PID:8480
- C:\Windows\System\saUBHjy.exe
  C:\Windows\System\saUBHjy.exe
  2⤵
  PID:8572
- C:\Windows\System\rYIQLfk.exe
  C:\Windows\System\rYIQLfk.exe
  2⤵
  PID:8608
- C:\Windows\System\KTYevnD.exe
  C:\Windows\System\KTYevnD.exe
  2⤵
  PID:8668
- C:\Windows\System\mtGsehR.exe
  C:\Windows\System\mtGsehR.exe
  2⤵
  PID:8428
- C:\Windows\System\pXotUQj.exe
  C:\Windows\System\pXotUQj.exe
  2⤵
  PID:8492
- C:\Windows\System\qlFDByh.exe
  C:\Windows\System\qlFDByh.exe
  2⤵
  PID:7220
- C:\Windows\System\IDqzmuh.exe
  C:\Windows\System\IDqzmuh.exe
  2⤵
  PID:8016
- C:\Windows\System\wIxwUoj.exe
  C:\Windows\System\wIxwUoj.exe
  2⤵
  PID:8096
- C:\Windows\System\IBocXUo.exe
  C:\Windows\System\IBocXUo.exe
  2⤵
  PID:6780
- C:\Windows\System\biQEYGu.exe
  C:\Windows\System\biQEYGu.exe
  2⤵
  PID:8208
- C:\Windows\System\URgRGvc.exe
  C:\Windows\System\URgRGvc.exe
  2⤵
  PID:8272
- C:\Windows\System\EzZoHqP.exe
  C:\Windows\System\EzZoHqP.exe
  2⤵
  PID:8300
- C:\Windows\System\EZHjVBC.exe
  C:\Windows\System\EZHjVBC.exe
  2⤵
  PID:8528
- C:\Windows\System\CIQORiE.exe
  C:\Windows\System\CIQORiE.exe
  2⤵
  PID:8708
- C:\Windows\System\WHtaJxm.exe
  C:\Windows\System\WHtaJxm.exe
  2⤵
  PID:8736
- C:\Windows\System\XqVXsAC.exe
  C:\Windows\System\XqVXsAC.exe
  2⤵
  PID:8756
- C:\Windows\System\aMXQmWn.exe
  C:\Windows\System\aMXQmWn.exe
  2⤵
  PID:8804
- C:\Windows\System\XWzUjQe.exe
  C:\Windows\System\XWzUjQe.exe
  2⤵
  PID:8816
- C:\Windows\System\BJeiBDP.exe
  C:\Windows\System\BJeiBDP.exe
  2⤵
  PID:8852
- C:\Windows\System\VuVIolQ.exe
  C:\Windows\System\VuVIolQ.exe
  2⤵
  PID:8900
- C:\Windows\System\EepzmaP.exe
  C:\Windows\System\EepzmaP.exe
  2⤵
  PID:8916
- C:\Windows\System\LnOmnjd.exe
  C:\Windows\System\LnOmnjd.exe
  2⤵
  PID:8968
- C:\Windows\System\QcYBUJa.exe
  C:\Windows\System\QcYBUJa.exe
  2⤵
  PID:9012
- C:\Windows\System\IZdoMVQ.exe
  C:\Windows\System\IZdoMVQ.exe
  2⤵
  PID:9016
- C:\Windows\System\uBpblxK.exe
  C:\Windows\System\uBpblxK.exe
  2⤵
  PID:9076
- C:\Windows\System\qvRqpzA.exe
  C:\Windows\System\qvRqpzA.exe
  2⤵
  PID:9108
- C:\Windows\System\mIpVSrt.exe
  C:\Windows\System\mIpVSrt.exe
  2⤵
  PID:9140
- C:\Windows\System\gHFEVua.exe
  C:\Windows\System\gHFEVua.exe
  2⤵
  PID:7872
- C:\Windows\System\soZUmUo.exe
  C:\Windows\System\soZUmUo.exe
  2⤵
  PID:8460
- C:\Windows\System\munReHm.exe
  C:\Windows\System\munReHm.exe
  2⤵
  PID:8676
- C:\Windows\System\wkVTrhe.exe
  C:\Windows\System\wkVTrhe.exe
  2⤵
  PID:8672
- C:\Windows\System\qCZIcvW.exe
  C:\Windows\System\qCZIcvW.exe
  2⤵
  PID:8304
- C:\Windows\System\AmRUGex.exe
  C:\Windows\System\AmRUGex.exe
  2⤵
  PID:8556
- C:\Windows\System\OkNQblJ.exe
  C:\Windows\System\OkNQblJ.exe
  2⤵
  PID:8720
- C:\Windows\System\ZcNgTLv.exe
  C:\Windows\System\ZcNgTLv.exe
  2⤵
  PID:8752
- C:\Windows\System\GcBWMGb.exe
  C:\Windows\System\GcBWMGb.exe
  2⤵
  PID:8880
- C:\Windows\System\UZOhLLH.exe
  C:\Windows\System\UZOhLLH.exe
  2⤵
  PID:8836
- C:\Windows\System\CMIQywI.exe
  C:\Windows\System\CMIQywI.exe
  2⤵
  PID:8952
- C:\Windows\System\IIFJXHL.exe
  C:\Windows\System\IIFJXHL.exe
  2⤵
  PID:9032
- C:\Windows\System\MBjrLKv.exe
  C:\Windows\System\MBjrLKv.exe
  2⤵
  PID:9112
- C:\Windows\System\VTEdGhS.exe
  C:\Windows\System\VTEdGhS.exe
  2⤵
  PID:9192
- C:\Windows\System\RFXDmMB.exe
  C:\Windows\System\RFXDmMB.exe
  2⤵
  PID:9204
- C:\Windows\System\ftOUveS.exe
  C:\Windows\System\ftOUveS.exe
  2⤵
  PID:8252
- C:\Windows\System\iansvUR.exe
  C:\Windows\System\iansvUR.exe
  2⤵
  PID:4604
- C:\Windows\System\UKiffmG.exe
  C:\Windows\System\UKiffmG.exe
  2⤵
  PID:8320
- C:\Windows\System\avukuAj.exe
  C:\Windows\System\avukuAj.exe
  2⤵
  PID:7172
- C:\Windows\System\ihQRsQb.exe
  C:\Windows\System\ihQRsQb.exe
  2⤵
  PID:8036
- C:\Windows\System\PGUHciD.exe
  C:\Windows\System\PGUHciD.exe
  2⤵
  PID:8400
- C:\Windows\System\WCgSlRu.exe
  C:\Windows\System\WCgSlRu.exe
  2⤵
  PID:8332
- C:\Windows\System\qQBeMkI.exe
  C:\Windows\System\qQBeMkI.exe
  2⤵
  PID:8740
- C:\Windows\System\mGlhJXT.exe
  C:\Windows\System\mGlhJXT.exe
  2⤵
  PID:8864
- C:\Windows\System\RXdMLuw.exe
  C:\Windows\System\RXdMLuw.exe
  2⤵
  PID:8784
- C:\Windows\System\GAwWAki.exe
  C:\Windows\System\GAwWAki.exe
  2⤵
  PID:9064
- C:\Windows\System\CBgLEPI.exe
  C:\Windows\System\CBgLEPI.exe
  2⤵
  PID:9060
- C:\Windows\System\TIUNdVb.exe
  C:\Windows\System\TIUNdVb.exe
  2⤵
  PID:7296
- C:\Windows\System\QJDArwg.exe
  C:\Windows\System\QJDArwg.exe
  2⤵
  PID:9128
- C:\Windows\System\hnwMoEd.exe
  C:\Windows\System\hnwMoEd.exe
  2⤵
  PID:7332
- C:\Windows\System\aaEtFhe.exe
  C:\Windows\System\aaEtFhe.exe
  2⤵
  PID:8512
- C:\Windows\System\qynFtLK.exe
  C:\Windows\System\qynFtLK.exe
  2⤵
  PID:8396
- C:\Windows\System\ZrmlMrs.exe
  C:\Windows\System\ZrmlMrs.exe
  2⤵
  PID:8068
- C:\Windows\System\ptCSlXF.exe
  C:\Windows\System\ptCSlXF.exe
  2⤵
  PID:8936
- C:\Windows\System\OLzSrCZ.exe
  C:\Windows\System\OLzSrCZ.exe
  2⤵
  PID:8256
- C:\Windows\System\gOViDIy.exe
  C:\Windows\System\gOViDIy.exe
  2⤵
  PID:1000
- C:\Windows\System\cBsTkcN.exe
  C:\Windows\System\cBsTkcN.exe
  2⤵
  PID:8948
- C:\Windows\System\qIcTIZY.exe
  C:\Windows\System\qIcTIZY.exe
  2⤵
  PID:7936
- C:\Windows\System\CfaOSBL.exe
  C:\Windows\System\CfaOSBL.exe
  2⤵
  PID:9092
- C:\Windows\System\OOTiOfo.exe
  C:\Windows\System\OOTiOfo.exe
  2⤵
  PID:8800
- C:\Windows\System\qoZAHLB.exe
  C:\Windows\System\qoZAHLB.exe
  2⤵
  PID:8164
- C:\Windows\System\IufavnX.exe
  C:\Windows\System\IufavnX.exe
  2⤵
  PID:8316
- C:\Windows\System\xCxjaHJ.exe
  C:\Windows\System\xCxjaHJ.exe
  2⤵
  PID:8640
- C:\Windows\System\IvXkEdc.exe
  C:\Windows\System\IvXkEdc.exe
  2⤵
  PID:9228
- C:\Windows\System\KeJgQtF.exe
  C:\Windows\System\KeJgQtF.exe
  2⤵
  PID:9244
- C:\Windows\System\mApyTNR.exe
  C:\Windows\System\mApyTNR.exe
  2⤵
  PID:9264
- C:\Windows\System\dIkyTum.exe
  C:\Windows\System\dIkyTum.exe
  2⤵
  PID:9284
- C:\Windows\System\NdugXHu.exe
  C:\Windows\System\NdugXHu.exe
  2⤵
  PID:9300
- C:\Windows\System\oSpygfy.exe
  C:\Windows\System\oSpygfy.exe
  2⤵
  PID:9316
- C:\Windows\System\oisPKGq.exe
  C:\Windows\System\oisPKGq.exe
  2⤵
  PID:9332
- C:\Windows\System\DSOcDxl.exe
  C:\Windows\System\DSOcDxl.exe
  2⤵
  PID:9348
- C:\Windows\System\ednhNpg.exe
  C:\Windows\System\ednhNpg.exe
  2⤵
  PID:9364
- C:\Windows\System\fIbIhIA.exe
  C:\Windows\System\fIbIhIA.exe
  2⤵
  PID:9384
- C:\Windows\System\REveoLJ.exe
  C:\Windows\System\REveoLJ.exe
  2⤵
  PID:9400
- C:\Windows\System\oVPdpdY.exe
  C:\Windows\System\oVPdpdY.exe
  2⤵
  PID:9416
- C:\Windows\System\bEzXAhG.exe
  C:\Windows\System\bEzXAhG.exe
  2⤵
  PID:9432
- C:\Windows\System\ZyDGhaP.exe
  C:\Windows\System\ZyDGhaP.exe
  2⤵
  PID:9448
- C:\Windows\System\KXozFVS.exe
  C:\Windows\System\KXozFVS.exe
  2⤵
  PID:9464
- C:\Windows\System\qhiRpfY.exe
  C:\Windows\System\qhiRpfY.exe
  2⤵
  PID:9480
- C:\Windows\System\UTwbIGV.exe
  C:\Windows\System\UTwbIGV.exe
  2⤵
  PID:9496
- C:\Windows\System\zSJJdwb.exe
  C:\Windows\System\zSJJdwb.exe
  2⤵
  PID:9512
- C:\Windows\System\YsZXqRb.exe
  C:\Windows\System\YsZXqRb.exe
  2⤵
  PID:9528
- C:\Windows\System\LPcpbsg.exe
  C:\Windows\System\LPcpbsg.exe
  2⤵
  PID:9544
- C:\Windows\System\zluGIyX.exe
  C:\Windows\System\zluGIyX.exe
  2⤵
  PID:9560
- C:\Windows\System\EFEPmxs.exe
  C:\Windows\System\EFEPmxs.exe
  2⤵
  PID:9576
- C:\Windows\System\fWYjxQu.exe
  C:\Windows\System\fWYjxQu.exe
  2⤵
  PID:9592
- C:\Windows\System\LqtSedX.exe
  C:\Windows\System\LqtSedX.exe
  2⤵
  PID:9608
- C:\Windows\System\qFLUFTJ.exe
  C:\Windows\System\qFLUFTJ.exe
  2⤵
  PID:9632
- C:\Windows\System\ZpJhCXb.exe
  C:\Windows\System\ZpJhCXb.exe
  2⤵
  PID:9652
- C:\Windows\System\CwvKIgK.exe
  C:\Windows\System\CwvKIgK.exe
  2⤵
  PID:9668
- C:\Windows\System\UOYWnkn.exe
  C:\Windows\System\UOYWnkn.exe
  2⤵
  PID:9700
- C:\Windows\System\gcacEkT.exe
  C:\Windows\System\gcacEkT.exe
  2⤵
  PID:9744
- C:\Windows\System\IqxpzYP.exe
  C:\Windows\System\IqxpzYP.exe
  2⤵
  PID:9760
- C:\Windows\System\YelwrIP.exe
  C:\Windows\System\YelwrIP.exe
  2⤵
  PID:9780
- C:\Windows\System\szkoSwx.exe
  C:\Windows\System\szkoSwx.exe
  2⤵
  PID:9804
- C:\Windows\System\jcXGSDR.exe
  C:\Windows\System\jcXGSDR.exe
  2⤵
  PID:9820
- C:\Windows\System\NDkWXjh.exe
  C:\Windows\System\NDkWXjh.exe
  2⤵
  PID:9840
- C:\Windows\System\YtpqSyB.exe
  C:\Windows\System\YtpqSyB.exe
  2⤵
  PID:9856
- C:\Windows\System\IsDMHUO.exe
  C:\Windows\System\IsDMHUO.exe
  2⤵
  PID:9872
- C:\Windows\System\eIEarqR.exe
  C:\Windows\System\eIEarqR.exe
  2⤵
  PID:9892
- C:\Windows\System\CWLitKU.exe
  C:\Windows\System\CWLitKU.exe
  2⤵
  PID:9912
- C:\Windows\System\wvZbofd.exe
  C:\Windows\System\wvZbofd.exe
  2⤵
  PID:9928
- C:\Windows\System\XCGixkm.exe
  C:\Windows\System\XCGixkm.exe
  2⤵
  PID:9944
- C:\Windows\System\DsheanJ.exe
  C:\Windows\System\DsheanJ.exe
  2⤵
  PID:9964
- C:\Windows\System\jttdPQx.exe
  C:\Windows\System\jttdPQx.exe
  2⤵
  PID:10152
- C:\Windows\System\EyZgcMY.exe
  C:\Windows\System\EyZgcMY.exe
  2⤵
  PID:9476
- C:\Windows\System\GguYqmf.exe
  C:\Windows\System\GguYqmf.exe
  2⤵
  PID:9520
- C:\Windows\System\JBEnZzO.exe
  C:\Windows\System\JBEnZzO.exe
  2⤵
  PID:10208
- C:\Windows\System\bZUdHLJ.exe
  C:\Windows\System\bZUdHLJ.exe
  2⤵
  PID:10224
- C:\Windows\System\xnRhFKh.exe
  C:\Windows\System\xnRhFKh.exe
  2⤵
  PID:9220
- C:\Windows\System\whbhgPl.exe
  C:\Windows\System\whbhgPl.exe
  2⤵
  PID:8896
- C:\Windows\System\WiSTgyF.exe
  C:\Windows\System\WiSTgyF.exe
  2⤵
  PID:10092
- C:\Windows\System\VJNRjfB.exe
  C:\Windows\System\VJNRjfB.exe
  2⤵
  PID:10144
- C:\Windows\System\thEPgMI.exe
  C:\Windows\System\thEPgMI.exe
  2⤵
  PID:9492
- C:\Windows\System\BXfKaQC.exe
  C:\Windows\System\BXfKaQC.exe
  2⤵
  PID:9584
- C:\Windows\System\tdEKhFF.exe
  C:\Windows\System\tdEKhFF.exe
  2⤵
  PID:9696
- C:\Windows\System\MuIRKUB.exe
  C:\Windows\System\MuIRKUB.exe
  2⤵
  PID:9888
- C:\Windows\System\rDeqMHV.exe
  C:\Windows\System\rDeqMHV.exe
  2⤵
  PID:10028
- C:\Windows\System\PngcjVG.exe
  C:\Windows\System\PngcjVG.exe
  2⤵
  PID:10204
- C:\Windows\System\PVvxKpa.exe
  C:\Windows\System\PVvxKpa.exe
  2⤵
  PID:10036
- C:\Windows\System\gaMhzLr.exe
  C:\Windows\System\gaMhzLr.exe
  2⤵
  PID:9908
- C:\Windows\System\vLXmWNF.exe
  C:\Windows\System\vLXmWNF.exe
  2⤵
  PID:9956
- C:\Windows\System\XBbAdof.exe
  C:\Windows\System\XBbAdof.exe
  2⤵
  PID:9996
- C:\Windows\System\VzSLETz.exe
  C:\Windows\System\VzSLETz.exe
  2⤵
  PID:10008
- C:\Windows\System\OZYJtdj.exe
  C:\Windows\System\OZYJtdj.exe
  2⤵
  PID:10172
- C:\Windows\System\AItDFHA.exe
  C:\Windows\System\AItDFHA.exe
  2⤵
  PID:10236
- C:\Windows\System\BYWCZrL.exe
  C:\Windows\System\BYWCZrL.exe
  2⤵
  PID:10176
- C:\Windows\System\VbWhbmc.exe
  C:\Windows\System\VbWhbmc.exe
  2⤵
  PID:10096
- C:\Windows\System\igIzwIV.exe
  C:\Windows\System\igIzwIV.exe
  2⤵
  PID:9252
- C:\Windows\System\LIqymaZ.exe
  C:\Windows\System\LIqymaZ.exe
  2⤵
  PID:10032
- C:\Windows\System\FVsdtMb.exe
  C:\Windows\System\FVsdtMb.exe
  2⤵
  PID:9324
- C:\Windows\System\OyAFKiO.exe
  C:\Windows\System\OyAFKiO.exe
  2⤵
  PID:10088
- C:\Windows\System\QOLSXAx.exe
  C:\Windows\System\QOLSXAx.exe
  2⤵
  PID:10072
- C:\Windows\System\LPwTqrb.exe
  C:\Windows\System\LPwTqrb.exe
  2⤵
  PID:9276
- C:\Windows\System\zCBDfez.exe
  C:\Windows\System\zCBDfez.exe
  2⤵
  PID:9628
- C:\Windows\System\BhbBQSq.exe
  C:\Windows\System\BhbBQSq.exe
  2⤵
  PID:9600
- C:\Windows\System\IJngKye.exe
  C:\Windows\System\IJngKye.exe
  2⤵
  PID:9552
- C:\Windows\System\YUvtQDG.exe
  C:\Windows\System\YUvtQDG.exe
  2⤵
  PID:10116
- C:\Windows\System\LExHDgC.exe
  C:\Windows\System\LExHDgC.exe
  2⤵
  PID:9428
- C:\Windows\System\SgIuRfk.exe
  C:\Windows\System\SgIuRfk.exe
  2⤵
  PID:9640
- C:\Windows\System\IACSISF.exe
  C:\Windows\System\IACSISF.exe
  2⤵
  PID:9728
- C:\Windows\System\yIRxjqT.exe
  C:\Windows\System\yIRxjqT.exe
  2⤵
  PID:9684
- C:\Windows\System\yLRaAuC.exe
  C:\Windows\System\yLRaAuC.exe
  2⤵
  PID:9776
- C:\Windows\System\KpMNLoZ.exe
  C:\Windows\System\KpMNLoZ.exe
  2⤵
  PID:9788
- C:\Windows\System\DCXNRLS.exe
  C:\Windows\System\DCXNRLS.exe
  2⤵
  PID:9904
- C:\Windows\System\BZFpxgX.exe
  C:\Windows\System\BZFpxgX.exe
  2⤵
  PID:9868
- C:\Windows\System\SeuApCo.exe
  C:\Windows\System\SeuApCo.exe
  2⤵
  PID:9960
- C:\Windows\System\wubVzMT.exe
  C:\Windows\System\wubVzMT.exe
  2⤵
  PID:9984
- C:\Windows\System\flUwEzJ.exe
  C:\Windows\System\flUwEzJ.exe
  2⤵
  PID:10020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BMDKXEL.exe

Filesize
6.0MB

MD5
075c345282a8f801b5be3f9f12a4b20a

SHA1
c6a9f685affd4516c63597e0c5f0418751d1d3bb

SHA256
64558875dda39a235e9c9cb5bd1dfe3cfa197556b09c9fae03acb93a6e61f2a7

SHA512
7b274b3fbaf0c538909a574691fde915b446a920e7c5034637d51f51c3e2a977489b3dd27d896925c41f922d7730825405043effaba82e5309498ff3e8459cc6

Download Submit
C:\Windows\system\BOpjYKw.exe

Filesize
6.0MB

MD5
dbb58b5921eb96db73e1dad62cff6453

SHA1
074b02ebf6a6a97ceae2315e4d50d7d64ee40133

SHA256
2c76816394b364631e27f5c0b1b6b4b9dc44bf56bfc2df831e6930444930c8d6

SHA512
133254d6b901a21054f1e9a784f3c92bb01617d8fe8c57ee7bc4886bd659039d784ebb0dcb77731a8586f0d6f76a1a2177d4c5396f1108270b9db0273f0a6634

Download Submit
C:\Windows\system\DehuZAm.exe

Filesize
6.0MB

MD5
74c6a0b8b35cb941018395f6d81690da

SHA1
e5f3bffc7f0e3e62fa6afa72b9f412d574e4dc67

SHA256
1288aa5baa02ce9d6e16403d59d7e7aa9687932a2e49fe0567163fef3d43ce14

SHA512
cca8e89c30508a5eb35c1b2d2cb699013a654c5754287def12927f4677e6fecffb251f55d5b3a63f70a22edb0b032157c28b668ab02342dc18ce4a2a648d547f

Download Submit
C:\Windows\system\HAusNMD.exe

Filesize
6.0MB

MD5
fc784ab11de5d140e35313355fe88947

SHA1
d944f0565299f260645ffccbb0086ff3e32a7a84

SHA256
3ea676fb8eb2398b5093aaebf6aa86d38b5b46493ea468b2f4c4dec4e5478f7f

SHA512
c5eb2c944fe203ec83fa79761c635f761cdebd6a14e16e0c0caf268b43155314159a0183061e9caf03a4f5538621bf752ca3a52e6db6bcbd46e89b7451d16c88

Download Submit
C:\Windows\system\IAjyqxi.exe

Filesize
6.0MB

MD5
55c7c76dae6c940a93aa0005edf7ded4

SHA1
042dc94a5302f86c13677b931ff2e346cf88f1fe

SHA256
e2ca76c6cb9be4ad89dff1b700829d0450a86763d117d07406dac912625f173d

SHA512
6aeaa7cf92f35b4d339d0964e990b6414dc4351cd5526c285976ee1f03c673ca24e7fa2193d495aed35c9ef7f0c11e6f3e20869d3a88464070706f1a76cf0daf

Download Submit
C:\Windows\system\KMnzrEr.exe

Filesize
6.0MB

MD5
6899df58682459d33913592c8f0e81b1

SHA1
c0b6bac080adc294a9f0246fee3e40ab7bb63520

SHA256
5e71148919a31f9ed7fef216a03383cb73cfae688b65727bdd95d7001c27b436

SHA512
8b90e786a09cf26a01abb79d7c61811820e0eb90a4c1439b3517170a36e2b7d101454955ad2d6ce48403f1acf11539456e6cd98276e6b2fe9baebd6ec6176013

Download Submit
C:\Windows\system\KgpRWCi.exe

Filesize
6.0MB

MD5
c996c4073438b08b0604c6ed3987d9a2

SHA1
0c6b4802e1a6aad2f687a4a9cdde4a8f834382fc

SHA256
28fadd101e3fb8b5dc6b7d04423dcd1a8f1e884c750b2cf7078600c5a4dea80b

SHA512
8cefb92b8ec59626e5fc384d4836179bc765b66235aac517e6a8bda0abcefc7972b909534af770f49899c54e0af9b2325fb205abde75ec0483c7e1af7d877ce2

Download Submit
C:\Windows\system\LVsSmKT.exe

Filesize
6.0MB

MD5
23af067bd76cbdf2dedad1d44b74d589

SHA1
2952ae10e4c8b5d907ca1734ea35858c14c9ae35

SHA256
4bb5c6a44e0324ab2d6134c9204f6ed9bba4683c13d5f74bf9d9fa74b5b4b56c

SHA512
e5003dd54805f73fe576b9ee2c533a3d0081b55fbd77188dacf988ef0acf9c6d1dcfc4f77a004929b4d4646e639cfae0632e6c923468b3075aafabce895f9d1f

Download Submit
C:\Windows\system\MuNHLKR.exe

Filesize
6.0MB

MD5
bea7b4107fc85e7a4b47b3ee08683b8f

SHA1
7fa71480340a3e2d0db9d4df5458227c1f68494d

SHA256
5a806b0ffa284026cd0567a2a8683a88befde291ae8bde1a607ea2ba39d84be5

SHA512
954b4f62c4b8f411bf89da5cb6d388c1089003ef8fd14f5858a89a6aa8d1b4f36ab7a5707c7d3dded5920f358533bb673a8b62f434a29ea6e7dccc9345749e78

Download Submit
C:\Windows\system\PMlbjRC.exe

Filesize
6.0MB

MD5
49ce74e46b69788b570a20ed20752ac1

SHA1
be610a40028d29d9fbadf562e3d099061c0be8b5

SHA256
e9afc38804c7e87a919a461068679618a8cec86e526bb7e1b3815824c0f24cca

SHA512
616a17d75832f221fd2b180b50ec33d6d4ce661c86f7a8e0fb50cb7112be41d247afd3088227974c1b37de9ed613b45c296d8e249dbcade216e5c370a813eb5d

Download Submit
C:\Windows\system\SxFhXyw.exe

Filesize
6.0MB

MD5
66dbe0701287626a8dc683863de50f92

SHA1
c739a4c0e64f3c7cdcb0b9f190afb5afca59b2f5

SHA256
2b1a5026e5566b197d716f3f182616bca680c8f741f7c297dd040d9c361cc5e9

SHA512
cb647c49df88e51fd0d38945e9e9f806f7cae0104542c201f242ca3dacdaa02ed81d51000ab38f0e3b513171a84d6037d59176a053c739219e17a79165146e16

Download Submit
C:\Windows\system\WFWktzf.exe

Filesize
6.0MB

MD5
d4ecbd56af459bf5f6f461d0cf81e4cc

SHA1
7c5d79e428a2d2fb3675c6478eccc8cccb274701

SHA256
dcca4ee9e6c8a980f7d03c9f9acd18703e302963f3c7b4e7a041fbe402223b49

SHA512
950d81cd4f0693e271315a6c6e1d4c38cc014b0f37732a9b63e8e3f7d5a518bf8e5e1b574f614e13383f43f26144a29180192c7650dbc47da14c7df63c951184

Download Submit
C:\Windows\system\XccjuEy.exe

Filesize
6.0MB

MD5
6c4c395b7692c737f2f8473403c8dae9

SHA1
b87378a70012bf426255db77ba46624805622be2

SHA256
4d09af1667b8d8cd48d44a8b358c9ce2fbb0edd547c7dc99be60dc1134f1580c

SHA512
a9f754afa0d8ab6d9438d312af774002621f41b8cb1dccce1cc20be11b240be1401448978d3a8948f6eb13ac312011ed6b6c4f8a19ff61a9d38d98b8c44f57ef

Download Submit
C:\Windows\system\bfZsdzd.exe

Filesize
6.0MB

MD5
1b76c9d4c0eca942dd801333896067f3

SHA1
e1f07d8432a5863101508e9524c1f59961d45709

SHA256
df934c40fcbdb1b066c0c2654c2af8ebe289f9c65cc3a99fb61059b71ae95b45

SHA512
6e1e4cd4b698f8daf616f63be11bfee57e4260eb84abcd7f026cb1e8267802bd20f870c4cf2b20ad573e042e29f6ea57b35ac655ae3779973e3b05f8e490c61e

Download Submit
C:\Windows\system\foFIdAH.exe

Filesize
6.0MB

MD5
86d1098937fae23bcdad352befc42b50

SHA1
3f1426def5b9562ae056498436348b882a019ed1

SHA256
6b9201c598a183b5b09e72c2b9e1f9cc9074235500e179cf154648c5f7298d9d

SHA512
4ea0a4bee0c7ed19df5a5d9b69d4a8f49612f71af1e19e924b55d985e27718bd0e3f280f0fd648fd573f8ec377a2bd26931ebc72678b8fc630ea34c20a8ee12e

Download Submit
C:\Windows\system\kIRyBFs.exe

Filesize
6.0MB

MD5
977972af0228eb8e644281b657af23bc

SHA1
54966563a496eec6898c3c8de4bfddf1cb013f32

SHA256
17b5d49fe3ca9e92390616d77c3d2e47b3de1a16e8c09a5e574a320c294fed09

SHA512
abd3b3810645fc1bcdc4c2cc9d3974b46ec55e52e9c4b71d46c5becb30ec8b2f69a391b69c90efb59167aff02b7f1426d2109cb3f2c3b584be027eb34f5cc812

Download Submit
C:\Windows\system\mkQflxa.exe

Filesize
6.0MB

MD5
4adf2ff05dd9b8bb6c3e95a622288c61

SHA1
38f4a1eae04a0373c2bbc166c1e970441d94e998

SHA256
a09ab1209857252b3cd31497365fe519d8ab7054d59c60a711d52a5116526af6

SHA512
7d5144f03486882d0b73edb5d67611befbbcca075be461b4650054ccb2f19fd4de23c467505dd8870bd35119858e0a284c92f72e0afa4b1ba5ad714cf6066a70

Download Submit
C:\Windows\system\pEdORNm.exe

Filesize
6.0MB

MD5
947fad98c017dc1a32c4a50b5b81072d

SHA1
76480f404e657946197f757677f57d025e4612a9

SHA256
ab59470e08476dd3ba6a21382c6cc6a51a7581a6b2570231f88b4e153afe5315

SHA512
cbb7f2c102be01ec00780c5c3ed72e165d0fde43f2516cffa97d3a2318930572c7fa534d23a7b991c170349e4b78fcaa1d656016f5972ebcaf9831d8ec145876

Download Submit
C:\Windows\system\tTKUIJl.exe

Filesize
6.0MB

MD5
25f9456b389463cb00f88cde93ba338d

SHA1
c4dddc870c4044c6f20724c846c22dedcc7f872e

SHA256
7a885aeb9d80eb8b6c0f76e18aaa3ae258f1cfe25dc9326848f29928c1cb1106

SHA512
1e641230081ad8b20acf5bfce33fd43d982965d15102380e0ab9ab605694dea8faa7c94ed83ff22683e3da88e92ca77dab77a687fd2005d06f439f2559e63b5d

Download Submit
C:\Windows\system\utrpdjZ.exe

Filesize
6.0MB

MD5
d5e57a0025f99b4961829e5138c331a6

SHA1
88360ed595239aa7bc019c240ba795f4a5fa0bdd

SHA256
d192e8813226007289c0d41b07df6ac7efa92d1f613bb14c29f226477e8abac3

SHA512
30803dc9a727cf341c87e2fc9e7633d4688ee3653306d4d2001d0d632378d9a38977edf232223ef6192840ecfa3c4ad9a08aef31758946be63b8b6932b786760

Download Submit
C:\Windows\system\vXyVlDy.exe

Filesize
6.0MB

MD5
0dda65cd1d68ee32cf683fcb85ae5178

SHA1
02569c2775360920d4cdd3bad6d452d63e5802c3

SHA256
85ca560e67d01e66f826f4387d85058615d01f7dbdee5e235fa8c203e60a3823

SHA512
31c579dff5572b3deab701836b0c93e24960ae29d427cce0e994e55f08434a95e00607a48ba3b96126c71ab2a7e3c2eb399fdecc67ff5b73943d6f3cd3fbe38b

Download Submit
C:\Windows\system\wMSZSIp.exe

Filesize
6.0MB

MD5
23adf8db407fb1e15b9267923ebff46f

SHA1
4146e175aec28617a4a821ec20e8b9d75be29c06

SHA256
057387e75947a38e73952cb4663ec058240eb1d996ccac6d50c8325a361cc852

SHA512
fe93d6ca9ec3ad099b29377ee403f94910612350b3a32bd9e2689b8db9a9ae19ad198bf63f5a67bdf193433ad05341eb0fa647e755de2568c73170cfe21d8767

Download Submit
C:\Windows\system\xjUFqeP.exe

Filesize
6.0MB

MD5
b4554ef7da7a377c81518e876b83a56d

SHA1
9f6eb8f79dbac5e73c0d6d758530d580829a2efc

SHA256
6e854667c62c5529a34f2633a869155cc22c1e325da2cda8a3dddc11d2ee6912

SHA512
1c09b4aab96f7e803bb1985ddae54e6c36b007a5953ad840eeb4b4c4077c1b90bb7c28b30b09e6e1732dc33f19cfc7af24952cd965348760e3ad7396cbe97b45

Download Submit
C:\Windows\system\yfYSLfC.exe

Filesize
6.0MB

MD5
5df3cef955daafad4cdcbf4d45aafbc8

SHA1
ac19fb6385eb829964a8f72d27afdfc7f3966d87

SHA256
a9eb2f7d557ba0b7aa2244196bec36ffca653261689e572d429c24738c4f6225

SHA512
cb0d0293e623dc5f71868cde1807044561e233099d7913f76bd8d42ad766911e0ba2495388a3dec7b05b057627bbf44186a2397a50a8a7205ab5844dd5ee0a6e

Download Submit
C:\Windows\system\yxYIKnv.exe

Filesize
6.0MB

MD5
e9da9075399f5d56d6101ced3051b4bf

SHA1
98b2e231c05c78548ec999c714188f5b17177f80

SHA256
7464536f5e729e09265ea05a589972b72f50acfd5ebe8e855dc106cd3e726b01

SHA512
a33092310fc1659d728a87d37833ae1632c61c385058dd96cc344abb3e2e6609258b3b735face6c9d8625b6fd669c760ba012941e32be9cdb852430c04228f00

Download Submit
\Windows\system\ScPbXIB.exe

Filesize
6.0MB

MD5
44208f870cf54a8ea9339974dec7403f

SHA1
c1e0cc1a2021261e502745933bf30645a388ada9

SHA256
8e3a33c8e3131d9d6526386fcfe8e1a78417a8abe532f881b6b7dea2a2487cf3

SHA512
62da1eb825086589e042c5d1d8c2b63f962c8efe681aedae55487e33cb288dd7e789fb00f7058aaa36356577eb3182db219bb2f73b7d0a88a0af2785c1f79502

Download Submit
\Windows\system\VUNvUVe.exe

Filesize
6.0MB

MD5
a901b5917dec38ace119afcee68e8105

SHA1
7a52a27980d1beebcc8a8c52d3225a44aa99e1eb

SHA256
72565db009718fb037798e79548d32ee4234f2067ce77c45343c62add85a84c8

SHA512
9abf5d3d4a52033b9ead84a977c8ceabe304cb921e887a96bae24c2686149d94d35a3cba594b7499abf9e30d599a7d425cb238f4d93d2377620e66c63746e875

Download Submit
\Windows\system\ZowTLpO.exe

Filesize
6.0MB

MD5
3835bc431ab7c5a6f7feb53af7f484e6

SHA1
a177ae39f87409ce3caea11a54d283698673b6b6

SHA256
626bee01d0611cf8435fa9b9460027b7916ae34e4662a27af129808ae4dcfc99

SHA512
84cac386fecde9917508566c942af58d231cf8bba11b0ca9500d5c6b90810b5a032998d8bc65b033c2fb47c6d81823b75a6d0206150428d9b4e188501e5ca024

Download Submit
\Windows\system\bEAoipO.exe

Filesize
6.0MB

MD5
a799077278be4eb2f4c874ed98b68fe8

SHA1
9dff2b4c07dc6be27c55f5a311e37f4c2307cc9c

SHA256
18b1eb4d0273f588abc798e96d0fbfb33f8c97308fb166ab565e6eaf1b29ae5a

SHA512
c7a0938eeb9bd72d776d7610c8b59ca17d8606df623cc8d814886eca623ea58808f27dd4dcaa6f49962055d259fe1f9cdadd67c68d71e504de93a66ff078db21

Download Submit
\Windows\system\eokJolO.exe

Filesize
6.0MB

MD5
34e4c998b25cfdcbcb00169b48f561e2

SHA1
8b329ca743b0324d3b53295cce9d3d95b1f33aee

SHA256
d445e42ce1deb5daf2b35d87460cedd3a13b4c70eef22fc2713dc21fe0eb320e

SHA512
49dd637d0ee1f639e73e2d9df84e9d0a2c1bac7624f31e48636b302e48dfbe2f3f5240e76d197c95bd8316d74d9fe9df58b1b2bdeab5b8bf12d8a2180e38b3c9

Download Submit
\Windows\system\oECqXCb.exe

Filesize
6.0MB

MD5
8cecbf1839be8f81349a06c3b9953a34

SHA1
36691164071c200d9422e8fca27e5cb162c0dcdd

SHA256
00c08c59b00741be6fafb74a327e70c9d14c74bd8aadb889ce9faee2b061c4ef

SHA512
ea295912c11af51b045ba81fd06d117ec96caff01e1213540e76e7c7c11bd116afd8de67f189bc142afb6badee27ba40bada83c2d5907180fad5d607713a9408

Download Submit
\Windows\system\tItXEtF.exe

Filesize
6.0MB

MD5
9ba0ed8db33bead20f41256620714195

SHA1
ff6ec5620de8608fd8196d78625b7595533fa9b4

SHA256
8ad00a7478fa8684d67cfb821dfd6eba5cab6ec56b7d65d2c8686fc304ebf39b

SHA512
2ae201d702b45e691eb3fb22fc59b6469ae7ba9830f2ae5725a29f440d072e26c5a90381e8c31cf4493fc527e73af4a874f3cb24250db7ade78ba0c0dc550e47

Download Submit
memory/1200-73-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1200-33-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1200-3227-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1484-59-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1484-26-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1484-3198-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1528-74-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1528-223-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1528-56-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-90-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1528-49-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-89-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-98-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-65-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1528-35-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1528-113-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1528-337-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-111-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-101-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1528-105-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1528-0-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1528-116-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-23-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1528-14-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1688-3199-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1688-68-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1688-31-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2116-3708-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2116-106-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2116-244-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2264-108-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3219-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-69-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3202-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2364-77-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2364-36-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2648-145-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-94-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3226-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3201-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-41-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-11-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-84-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2740-45-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3200-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2808-114-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-78-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3224-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-53-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3207-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-93-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-85-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3222-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2860-115-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2988-29-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3197-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2988-64-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/3020-60-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-3218-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-100-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download