cobaltstrike | 9a4b4f16de4cc1aac40e1fbb14bd780da0ddc2bec77ba501c073275d6faff271

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

55bfb112456e03fb1d782ea3bfa771c6
SHA1

8483bfb195200b418bdca91742570c2800e96756
SHA256

9a4b4f16de4cc1aac40e1fbb14bd780da0ddc2bec77ba501c073275d6faff271
SHA512

f963ee6fddbb96cadb771189d384c33c88ed1e176bd2120521935a555be300b874664a6422998b9c80fe0882b98f8950d91b2cba3c651aec0283aa26897371b3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUt:T+q56utgpPF8u/7t

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca2-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd3-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cfe-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0b-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d13-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1b-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d24-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-45.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-50.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-100.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-95.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-75.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-70.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-60.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/2440-0-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/files/0x0008000000016ca2-8.dat	xmrig
behavioral1/files/0x0007000000016cd3-12.dat	xmrig
behavioral1/files/0x0008000000016cfe-20.dat	xmrig
behavioral1/files/0x0007000000016d0b-26.dat	xmrig
behavioral1/files/0x0007000000016d13-30.dat	xmrig
behavioral1/files/0x0007000000016d1b-36.dat	xmrig
behavioral1/files/0x0007000000016d24-41.dat	xmrig
behavioral1/files/0x0008000000016d36-45.dat	xmrig
behavioral1/files/0x000600000001747b-50.dat	xmrig
behavioral1/files/0x000600000001748f-55.dat	xmrig
behavioral1/files/0x0005000000018690-80.dat	xmrig
behavioral1/files/0x000500000001879b-85.dat	xmrig
behavioral1/files/0x00060000000190cd-90.dat	xmrig
behavioral1/files/0x00050000000191f7-105.dat	xmrig
behavioral1/files/0x000500000001926b-128.dat	xmrig
behavioral1/files/0x00050000000193be-160.dat	xmrig
behavioral1/files/0x0005000000019389-154.dat	xmrig
behavioral1/files/0x0005000000019382-150.dat	xmrig
behavioral1/files/0x0005000000019273-136.dat	xmrig
behavioral1/files/0x0005000000019277-142.dat	xmrig
behavioral1/files/0x0005000000019271-134.dat	xmrig
behavioral1/files/0x0005000000019234-120.dat	xmrig
behavioral1/files/0x0005000000019218-110.dat	xmrig
behavioral1/files/0x000500000001924c-125.dat	xmrig
behavioral1/files/0x0005000000019229-115.dat	xmrig
behavioral1/files/0x00050000000191f3-100.dat	xmrig
behavioral1/files/0x00060000000190d6-95.dat	xmrig
behavioral1/files/0x0009000000018678-75.dat	xmrig
behavioral1/files/0x001500000001866d-70.dat	xmrig
behavioral1/files/0x000600000001752f-65.dat	xmrig
behavioral1/files/0x00060000000174ac-60.dat	xmrig
behavioral1/memory/2652-1808-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2776-1799-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2820-1835-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2836-1837-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2568-1839-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2816-1842-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2440-1845-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2596-1844-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2556-1846-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2620-2162-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/332-3642-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2816-3645-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2820-3653-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2776-3652-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2596-3651-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2568-3650-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/1476-3649-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2620-3648-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/1628-3647-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2556-3646-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2440-3654-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2440-3658-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2836-3644-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2652-3643-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2732-3641-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2592-3640-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2732	tsMBtMk.exe
2776	GmAgWVa.exe
2652	slQlAis.exe
2820	dwGCVYB.exe
2836	UwlrmaO.exe
2568	LUIAyLL.exe
2816	PWxnNHf.exe
2596	VWLmehL.exe
2556	zQToKmi.exe
2620	QpckeuH.exe
2592	PUWtRgG.exe
1628	hOIHAOU.exe
332	QVZtSDg.exe
1476	WudRhaE.exe
3012	okgEQsb.exe
3068	nlwvZYA.exe
2212	HPVgyvx.exe
2640	VYnQoFM.exe
2528	XEaASvX.exe
808	FctUCea.exe
2604	vwQyImr.exe
2888	BTKGfwy.exe
2448	ZTuLMzn.exe
624	ESPIMXl.exe
348	nqQyvvo.exe
2364	JXJGekd.exe
2320	CiXMOGi.exe
2512	mgZsjlZ.exe
2224	MbywQUJ.exe
844	thpSIYw.exe
668	nEfVNmf.exe
1464	VNYaSYm.exe
1828	BXbqcAV.exe
748	IpqnqFO.exe
1592	SEjcfdA.exe
1896	UXtvWfl.exe
1928	uvHwrBM.exe
1676	FKdlfOb.exe
1492	BMqSaAC.exe
2180	xMLGDSg.exe
1520	PQSxVzH.exe
2488	emhQmWP.exe
2380	vJGHerg.exe
1688	DeYVMGg.exe
888	SHyxErK.exe
1980	JGFcAwI.exe
2328	NBzVOtn.exe
2136	nSxLKOg.exe
356	TawRnua.exe
2268	QjUFbJq.exe
2256	gcKuMwq.exe
2100	hUpZZam.exe
2068	uhZNWQX.exe
872	rBnnFjm.exe
2472	gAEcjTa.exe
2036	KtCuroZ.exe
1588	ezWXxdK.exe
1584	oTmmDOb.exe
2772	yIfSVsA.exe
2824	FoEivxn.exe
2932	WpaSbNS.exe
2580	wxVTNQA.exe
2584	QVupYDz.exe
3044	RwxeVsw.exe

Loads dropped DLL 64 IoCs

pid	Process
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2440-0-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/files/0x0008000000016ca2-8.dat	upx
behavioral1/files/0x0007000000016cd3-12.dat	upx
behavioral1/files/0x0008000000016cfe-20.dat	upx
behavioral1/files/0x0007000000016d0b-26.dat	upx
behavioral1/files/0x0007000000016d13-30.dat	upx
behavioral1/files/0x0007000000016d1b-36.dat	upx
behavioral1/files/0x0007000000016d24-41.dat	upx
behavioral1/files/0x0008000000016d36-45.dat	upx
behavioral1/files/0x000600000001747b-50.dat	upx
behavioral1/files/0x000600000001748f-55.dat	upx
behavioral1/files/0x0005000000018690-80.dat	upx
behavioral1/files/0x000500000001879b-85.dat	upx
behavioral1/files/0x00060000000190cd-90.dat	upx
behavioral1/files/0x00050000000191f7-105.dat	upx
behavioral1/files/0x000500000001926b-128.dat	upx
behavioral1/files/0x00050000000193be-160.dat	upx
behavioral1/files/0x0005000000019389-154.dat	upx
behavioral1/files/0x0005000000019382-150.dat	upx
behavioral1/files/0x0005000000019273-136.dat	upx
behavioral1/files/0x0005000000019277-142.dat	upx
behavioral1/files/0x0005000000019271-134.dat	upx
behavioral1/files/0x0005000000019234-120.dat	upx
behavioral1/files/0x0005000000019218-110.dat	upx
behavioral1/files/0x000500000001924c-125.dat	upx
behavioral1/files/0x0005000000019229-115.dat	upx
behavioral1/files/0x00050000000191f3-100.dat	upx
behavioral1/files/0x00060000000190d6-95.dat	upx
behavioral1/files/0x0009000000018678-75.dat	upx
behavioral1/files/0x001500000001866d-70.dat	upx
behavioral1/files/0x000600000001752f-65.dat	upx
behavioral1/files/0x00060000000174ac-60.dat	upx
behavioral1/memory/2652-1808-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2776-1799-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2820-1835-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2836-1837-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2568-1839-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2816-1842-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2596-1844-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2556-1846-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2620-2162-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/332-3642-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2816-3645-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2820-3653-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2776-3652-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2596-3651-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2568-3650-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/1476-3649-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2620-3648-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/1628-3647-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2556-3646-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2440-3658-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2836-3644-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2652-3643-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2732-3641-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2592-3640-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fNMaTat.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WglejJX.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDNsqvi.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vzzcjln.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiHvZHn.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhrnqOz.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JshpJUh.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGtxANa.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqkqSyB.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtlwOmb.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeLjdDz.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEBPVqd.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQDXHSR.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBSkKKp.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQxvPFP.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqLKmwc.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcPInSR.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agfwTut.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjwCpwl.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLduthl.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMLGDSg.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyKfOhG.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emhQmWP.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMylRWx.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqiZpRA.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFfAleP.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFCAFTD.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwrmSJJ.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEHTaaV.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvfXdvK.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXhEvrH.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbgRufO.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCFjElV.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfjeIJh.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezLBeVe.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBgYZsZ.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frfbSWF.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlkbRHV.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLwRaTr.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqqPJUv.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVUrWQF.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUAKqJg.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsUdSJe.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAMVOgE.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVERQTh.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnYJMVx.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqqDhAe.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOISrFl.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHZoXUB.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulnQAEb.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUgHGgH.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MriZOwE.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHAOgcm.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaDYKYT.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXPTHKD.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srGswUW.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKaQMVm.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcPUSCN.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbmbfVd.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbJynhF.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Znbkcir.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEylRyT.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFlyXKO.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPCwtyZ.exe	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2732	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2440 wrote to memory of 2732	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2440 wrote to memory of 2732	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2440 wrote to memory of 2776	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2440 wrote to memory of 2776	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2440 wrote to memory of 2776	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2440 wrote to memory of 2652	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2440 wrote to memory of 2652	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2440 wrote to memory of 2652	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2440 wrote to memory of 2820	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2440 wrote to memory of 2820	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2440 wrote to memory of 2820	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2440 wrote to memory of 2836	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2440 wrote to memory of 2836	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2440 wrote to memory of 2836	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2440 wrote to memory of 2568	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2440 wrote to memory of 2568	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2440 wrote to memory of 2568	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2440 wrote to memory of 2816	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2440 wrote to memory of 2816	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2440 wrote to memory of 2816	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2440 wrote to memory of 2596	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2440 wrote to memory of 2596	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2440 wrote to memory of 2596	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2440 wrote to memory of 2556	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2440 wrote to memory of 2556	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2440 wrote to memory of 2556	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2440 wrote to memory of 2620	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2440 wrote to memory of 2620	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2440 wrote to memory of 2620	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2440 wrote to memory of 2592	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2440 wrote to memory of 2592	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2440 wrote to memory of 2592	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2440 wrote to memory of 1628	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2440 wrote to memory of 1628	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2440 wrote to memory of 1628	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2440 wrote to memory of 332	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2440 wrote to memory of 332	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2440 wrote to memory of 332	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2440 wrote to memory of 1476	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2440 wrote to memory of 1476	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2440 wrote to memory of 1476	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2440 wrote to memory of 3012	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2440 wrote to memory of 3012	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2440 wrote to memory of 3012	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2440 wrote to memory of 3068	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2440 wrote to memory of 3068	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2440 wrote to memory of 3068	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2440 wrote to memory of 2212	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2440 wrote to memory of 2212	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2440 wrote to memory of 2212	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2440 wrote to memory of 2640	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2440 wrote to memory of 2640	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2440 wrote to memory of 2640	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2440 wrote to memory of 2528	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2440 wrote to memory of 2528	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2440 wrote to memory of 2528	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2440 wrote to memory of 808	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2440 wrote to memory of 808	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2440 wrote to memory of 808	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2440 wrote to memory of 2604	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2440 wrote to memory of 2604	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2440 wrote to memory of 2604	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2440 wrote to memory of 2888	2440	2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_55bfb112456e03fb1d782ea3bfa771c6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\System\tsMBtMk.exe
  C:\Windows\System\tsMBtMk.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\GmAgWVa.exe
  C:\Windows\System\GmAgWVa.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\slQlAis.exe
  C:\Windows\System\slQlAis.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\dwGCVYB.exe
  C:\Windows\System\dwGCVYB.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\UwlrmaO.exe
  C:\Windows\System\UwlrmaO.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\LUIAyLL.exe
  C:\Windows\System\LUIAyLL.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\PWxnNHf.exe
  C:\Windows\System\PWxnNHf.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\VWLmehL.exe
  C:\Windows\System\VWLmehL.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\zQToKmi.exe
  C:\Windows\System\zQToKmi.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\QpckeuH.exe
  C:\Windows\System\QpckeuH.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\PUWtRgG.exe
  C:\Windows\System\PUWtRgG.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\hOIHAOU.exe
  C:\Windows\System\hOIHAOU.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\QVZtSDg.exe
  C:\Windows\System\QVZtSDg.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\WudRhaE.exe
  C:\Windows\System\WudRhaE.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\okgEQsb.exe
  C:\Windows\System\okgEQsb.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\nlwvZYA.exe
  C:\Windows\System\nlwvZYA.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\HPVgyvx.exe
  C:\Windows\System\HPVgyvx.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\VYnQoFM.exe
  C:\Windows\System\VYnQoFM.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\XEaASvX.exe
  C:\Windows\System\XEaASvX.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\FctUCea.exe
  C:\Windows\System\FctUCea.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\vwQyImr.exe
  C:\Windows\System\vwQyImr.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\BTKGfwy.exe
  C:\Windows\System\BTKGfwy.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ZTuLMzn.exe
  C:\Windows\System\ZTuLMzn.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\ESPIMXl.exe
  C:\Windows\System\ESPIMXl.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\nqQyvvo.exe
  C:\Windows\System\nqQyvvo.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\CiXMOGi.exe
  C:\Windows\System\CiXMOGi.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\JXJGekd.exe
  C:\Windows\System\JXJGekd.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\MbywQUJ.exe
  C:\Windows\System\MbywQUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\mgZsjlZ.exe
  C:\Windows\System\mgZsjlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\thpSIYw.exe
  C:\Windows\System\thpSIYw.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\nEfVNmf.exe
  C:\Windows\System\nEfVNmf.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\VNYaSYm.exe
  C:\Windows\System\VNYaSYm.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\BXbqcAV.exe
  C:\Windows\System\BXbqcAV.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\IpqnqFO.exe
  C:\Windows\System\IpqnqFO.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\SEjcfdA.exe
  C:\Windows\System\SEjcfdA.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\UXtvWfl.exe
  C:\Windows\System\UXtvWfl.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\uvHwrBM.exe
  C:\Windows\System\uvHwrBM.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\FKdlfOb.exe
  C:\Windows\System\FKdlfOb.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\BMqSaAC.exe
  C:\Windows\System\BMqSaAC.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\xMLGDSg.exe
  C:\Windows\System\xMLGDSg.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\PQSxVzH.exe
  C:\Windows\System\PQSxVzH.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\emhQmWP.exe
  C:\Windows\System\emhQmWP.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\vJGHerg.exe
  C:\Windows\System\vJGHerg.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\DeYVMGg.exe
  C:\Windows\System\DeYVMGg.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\SHyxErK.exe
  C:\Windows\System\SHyxErK.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\JGFcAwI.exe
  C:\Windows\System\JGFcAwI.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\NBzVOtn.exe
  C:\Windows\System\NBzVOtn.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\nSxLKOg.exe
  C:\Windows\System\nSxLKOg.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\TawRnua.exe
  C:\Windows\System\TawRnua.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\QjUFbJq.exe
  C:\Windows\System\QjUFbJq.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\gcKuMwq.exe
  C:\Windows\System\gcKuMwq.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\hUpZZam.exe
  C:\Windows\System\hUpZZam.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\uhZNWQX.exe
  C:\Windows\System\uhZNWQX.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\rBnnFjm.exe
  C:\Windows\System\rBnnFjm.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\gAEcjTa.exe
  C:\Windows\System\gAEcjTa.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\KtCuroZ.exe
  C:\Windows\System\KtCuroZ.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ezWXxdK.exe
  C:\Windows\System\ezWXxdK.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\oTmmDOb.exe
  C:\Windows\System\oTmmDOb.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\yIfSVsA.exe
  C:\Windows\System\yIfSVsA.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\FoEivxn.exe
  C:\Windows\System\FoEivxn.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\WpaSbNS.exe
  C:\Windows\System\WpaSbNS.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\wxVTNQA.exe
  C:\Windows\System\wxVTNQA.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\QVupYDz.exe
  C:\Windows\System\QVupYDz.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\RwxeVsw.exe
  C:\Windows\System\RwxeVsw.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\FXkHXhT.exe
  C:\Windows\System\FXkHXhT.exe
  2⤵
  PID:2804
- C:\Windows\System\KJfmUWj.exe
  C:\Windows\System\KJfmUWj.exe
  2⤵
  PID:568
- C:\Windows\System\wpWYXri.exe
  C:\Windows\System\wpWYXri.exe
  2⤵
  PID:3064
- C:\Windows\System\bzhzLno.exe
  C:\Windows\System\bzhzLno.exe
  2⤵
  PID:2264
- C:\Windows\System\yvAoBuX.exe
  C:\Windows\System\yvAoBuX.exe
  2⤵
  PID:2896
- C:\Windows\System\FASXnfY.exe
  C:\Windows\System\FASXnfY.exe
  2⤵
  PID:2792
- C:\Windows\System\rCrExOA.exe
  C:\Windows\System\rCrExOA.exe
  2⤵
  PID:1620
- C:\Windows\System\PSxFfTl.exe
  C:\Windows\System\PSxFfTl.exe
  2⤵
  PID:1112
- C:\Windows\System\WrAnonl.exe
  C:\Windows\System\WrAnonl.exe
  2⤵
  PID:2848
- C:\Windows\System\gYnyqMz.exe
  C:\Windows\System\gYnyqMz.exe
  2⤵
  PID:1916
- C:\Windows\System\DGcBdjT.exe
  C:\Windows\System\DGcBdjT.exe
  2⤵
  PID:2164
- C:\Windows\System\VeXbKSW.exe
  C:\Windows\System\VeXbKSW.exe
  2⤵
  PID:1292
- C:\Windows\System\JRrCEUb.exe
  C:\Windows\System\JRrCEUb.exe
  2⤵
  PID:2132
- C:\Windows\System\mxjIIYI.exe
  C:\Windows\System\mxjIIYI.exe
  2⤵
  PID:1556
- C:\Windows\System\VVpkuRt.exe
  C:\Windows\System\VVpkuRt.exe
  2⤵
  PID:448
- C:\Windows\System\HdMVVuv.exe
  C:\Windows\System\HdMVVuv.exe
  2⤵
  PID:2952
- C:\Windows\System\xQTApyU.exe
  C:\Windows\System\xQTApyU.exe
  2⤵
  PID:824
- C:\Windows\System\tlfUyhp.exe
  C:\Windows\System\tlfUyhp.exe
  2⤵
  PID:744
- C:\Windows\System\zFkvXkC.exe
  C:\Windows\System\zFkvXkC.exe
  2⤵
  PID:1848
- C:\Windows\System\bnQrTSn.exe
  C:\Windows\System\bnQrTSn.exe
  2⤵
  PID:1308
- C:\Windows\System\RVHPIIS.exe
  C:\Windows\System\RVHPIIS.exe
  2⤵
  PID:1236
- C:\Windows\System\FFvxgKc.exe
  C:\Windows\System\FFvxgKc.exe
  2⤵
  PID:2344
- C:\Windows\System\oioRiZh.exe
  C:\Windows\System\oioRiZh.exe
  2⤵
  PID:1740
- C:\Windows\System\rJiRYfv.exe
  C:\Windows\System\rJiRYfv.exe
  2⤵
  PID:1696
- C:\Windows\System\YLYzGDs.exe
  C:\Windows\System\YLYzGDs.exe
  2⤵
  PID:1240
- C:\Windows\System\HYAQuni.exe
  C:\Windows\System\HYAQuni.exe
  2⤵
  PID:1728
- C:\Windows\System\HcFsqSi.exe
  C:\Windows\System\HcFsqSi.exe
  2⤵
  PID:2300
- C:\Windows\System\oqxNDMB.exe
  C:\Windows\System\oqxNDMB.exe
  2⤵
  PID:1576
- C:\Windows\System\wWUqowj.exe
  C:\Windows\System\wWUqowj.exe
  2⤵
  PID:2668
- C:\Windows\System\AjqzdFf.exe
  C:\Windows\System\AjqzdFf.exe
  2⤵
  PID:2616
- C:\Windows\System\NneBruz.exe
  C:\Windows\System\NneBruz.exe
  2⤵
  PID:1988
- C:\Windows\System\QHUFQwz.exe
  C:\Windows\System\QHUFQwz.exe
  2⤵
  PID:2712
- C:\Windows\System\XfaZpLA.exe
  C:\Windows\System\XfaZpLA.exe
  2⤵
  PID:2028
- C:\Windows\System\rjAllRP.exe
  C:\Windows\System\rjAllRP.exe
  2⤵
  PID:2128
- C:\Windows\System\aklEmSC.exe
  C:\Windows\System\aklEmSC.exe
  2⤵
  PID:2992
- C:\Windows\System\gUTDvwX.exe
  C:\Windows\System\gUTDvwX.exe
  2⤵
  PID:3004
- C:\Windows\System\BzsInzb.exe
  C:\Windows\System\BzsInzb.exe
  2⤵
  PID:2144
- C:\Windows\System\BAlQvFA.exe
  C:\Windows\System\BAlQvFA.exe
  2⤵
  PID:2644
- C:\Windows\System\ZrkULcs.exe
  C:\Windows\System\ZrkULcs.exe
  2⤵
  PID:2868
- C:\Windows\System\ecpXYYr.exe
  C:\Windows\System\ecpXYYr.exe
  2⤵
  PID:1244
- C:\Windows\System\WbUTYBg.exe
  C:\Windows\System\WbUTYBg.exe
  2⤵
  PID:1716
- C:\Windows\System\HlRZoEe.exe
  C:\Windows\System\HlRZoEe.exe
  2⤵
  PID:2316
- C:\Windows\System\ZghCwLX.exe
  C:\Windows\System\ZghCwLX.exe
  2⤵
  PID:1948
- C:\Windows\System\Iigfqvr.exe
  C:\Windows\System\Iigfqvr.exe
  2⤵
  PID:1532
- C:\Windows\System\PNHDmvd.exe
  C:\Windows\System\PNHDmvd.exe
  2⤵
  PID:604
- C:\Windows\System\ApkNRbu.exe
  C:\Windows\System\ApkNRbu.exe
  2⤵
  PID:2284
- C:\Windows\System\fAjFzcp.exe
  C:\Windows\System\fAjFzcp.exe
  2⤵
  PID:2976
- C:\Windows\System\DzDRIZK.exe
  C:\Windows\System\DzDRIZK.exe
  2⤵
  PID:1580
- C:\Windows\System\LQFZcox.exe
  C:\Windows\System\LQFZcox.exe
  2⤵
  PID:2708
- C:\Windows\System\XDPNxdL.exe
  C:\Windows\System\XDPNxdL.exe
  2⤵
  PID:2996
- C:\Windows\System\yAzqZRK.exe
  C:\Windows\System\yAzqZRK.exe
  2⤵
  PID:2744
- C:\Windows\System\NFbYZIu.exe
  C:\Windows\System\NFbYZIu.exe
  2⤵
  PID:2436
- C:\Windows\System\xqSmlPA.exe
  C:\Windows\System\xqSmlPA.exe
  2⤵
  PID:2000
- C:\Windows\System\RFCKxIA.exe
  C:\Windows\System\RFCKxIA.exe
  2⤵
  PID:3080
- C:\Windows\System\jKqUhiK.exe
  C:\Windows\System\jKqUhiK.exe
  2⤵
  PID:3104
- C:\Windows\System\feRMAVb.exe
  C:\Windows\System\feRMAVb.exe
  2⤵
  PID:3124
- C:\Windows\System\XEHTaaV.exe
  C:\Windows\System\XEHTaaV.exe
  2⤵
  PID:3140
- C:\Windows\System\OSEtCVr.exe
  C:\Windows\System\OSEtCVr.exe
  2⤵
  PID:3164
- C:\Windows\System\MnMIXsz.exe
  C:\Windows\System\MnMIXsz.exe
  2⤵
  PID:3180
- C:\Windows\System\lKbKrRk.exe
  C:\Windows\System\lKbKrRk.exe
  2⤵
  PID:3200
- C:\Windows\System\XCAmwgg.exe
  C:\Windows\System\XCAmwgg.exe
  2⤵
  PID:3220
- C:\Windows\System\zOfaTrQ.exe
  C:\Windows\System\zOfaTrQ.exe
  2⤵
  PID:3240
- C:\Windows\System\wiQSmRK.exe
  C:\Windows\System\wiQSmRK.exe
  2⤵
  PID:3260
- C:\Windows\System\VSughBQ.exe
  C:\Windows\System\VSughBQ.exe
  2⤵
  PID:3284
- C:\Windows\System\NVtqrzs.exe
  C:\Windows\System\NVtqrzs.exe
  2⤵
  PID:3304
- C:\Windows\System\LaFCvqh.exe
  C:\Windows\System\LaFCvqh.exe
  2⤵
  PID:3320
- C:\Windows\System\DsoZTPB.exe
  C:\Windows\System\DsoZTPB.exe
  2⤵
  PID:3340
- C:\Windows\System\aupoznp.exe
  C:\Windows\System\aupoznp.exe
  2⤵
  PID:3364
- C:\Windows\System\fjLnPlF.exe
  C:\Windows\System\fjLnPlF.exe
  2⤵
  PID:3380
- C:\Windows\System\PIWhaEI.exe
  C:\Windows\System\PIWhaEI.exe
  2⤵
  PID:3404
- C:\Windows\System\fxSULun.exe
  C:\Windows\System\fxSULun.exe
  2⤵
  PID:3424
- C:\Windows\System\zRKvlNo.exe
  C:\Windows\System\zRKvlNo.exe
  2⤵
  PID:3440
- C:\Windows\System\YBmDAFX.exe
  C:\Windows\System\YBmDAFX.exe
  2⤵
  PID:3460
- C:\Windows\System\OZVROco.exe
  C:\Windows\System\OZVROco.exe
  2⤵
  PID:3484
- C:\Windows\System\NadMRVF.exe
  C:\Windows\System\NadMRVF.exe
  2⤵
  PID:3504
- C:\Windows\System\SlYiicv.exe
  C:\Windows\System\SlYiicv.exe
  2⤵
  PID:3524
- C:\Windows\System\QmAxqQy.exe
  C:\Windows\System\QmAxqQy.exe
  2⤵
  PID:3540
- C:\Windows\System\RDXvKEk.exe
  C:\Windows\System\RDXvKEk.exe
  2⤵
  PID:3564
- C:\Windows\System\VqHESnf.exe
  C:\Windows\System\VqHESnf.exe
  2⤵
  PID:3584
- C:\Windows\System\QrKnBPf.exe
  C:\Windows\System\QrKnBPf.exe
  2⤵
  PID:3604
- C:\Windows\System\PcnAxWj.exe
  C:\Windows\System\PcnAxWj.exe
  2⤵
  PID:3624
- C:\Windows\System\DMFdYFu.exe
  C:\Windows\System\DMFdYFu.exe
  2⤵
  PID:3640
- C:\Windows\System\gfUkHOr.exe
  C:\Windows\System\gfUkHOr.exe
  2⤵
  PID:3656
- C:\Windows\System\yVlkxrL.exe
  C:\Windows\System\yVlkxrL.exe
  2⤵
  PID:3676
- C:\Windows\System\BjFLsSi.exe
  C:\Windows\System\BjFLsSi.exe
  2⤵
  PID:3700
- C:\Windows\System\AnYJMVx.exe
  C:\Windows\System\AnYJMVx.exe
  2⤵
  PID:3720
- C:\Windows\System\HwKAhRP.exe
  C:\Windows\System\HwKAhRP.exe
  2⤵
  PID:3744
- C:\Windows\System\HBgYZsZ.exe
  C:\Windows\System\HBgYZsZ.exe
  2⤵
  PID:3764
- C:\Windows\System\ucaGgFs.exe
  C:\Windows\System\ucaGgFs.exe
  2⤵
  PID:3780
- C:\Windows\System\TUDOqMM.exe
  C:\Windows\System\TUDOqMM.exe
  2⤵
  PID:3800
- C:\Windows\System\OYcyaoo.exe
  C:\Windows\System\OYcyaoo.exe
  2⤵
  PID:3816
- C:\Windows\System\fpMPURg.exe
  C:\Windows\System\fpMPURg.exe
  2⤵
  PID:3836
- C:\Windows\System\UqqDhAe.exe
  C:\Windows\System\UqqDhAe.exe
  2⤵
  PID:3852
- C:\Windows\System\ihNEsFg.exe
  C:\Windows\System\ihNEsFg.exe
  2⤵
  PID:3872
- C:\Windows\System\MBfbEiR.exe
  C:\Windows\System\MBfbEiR.exe
  2⤵
  PID:3888
- C:\Windows\System\BmKrDzu.exe
  C:\Windows\System\BmKrDzu.exe
  2⤵
  PID:3908
- C:\Windows\System\JwyssId.exe
  C:\Windows\System\JwyssId.exe
  2⤵
  PID:3924
- C:\Windows\System\PeNTkmu.exe
  C:\Windows\System\PeNTkmu.exe
  2⤵
  PID:3944
- C:\Windows\System\UZvftma.exe
  C:\Windows\System\UZvftma.exe
  2⤵
  PID:3964
- C:\Windows\System\gEZRDYY.exe
  C:\Windows\System\gEZRDYY.exe
  2⤵
  PID:3988
- C:\Windows\System\HQcmohz.exe
  C:\Windows\System\HQcmohz.exe
  2⤵
  PID:4024
- C:\Windows\System\xOcnpcw.exe
  C:\Windows\System\xOcnpcw.exe
  2⤵
  PID:4040
- C:\Windows\System\teMwKFF.exe
  C:\Windows\System\teMwKFF.exe
  2⤵
  PID:4060
- C:\Windows\System\dpamlZC.exe
  C:\Windows\System\dpamlZC.exe
  2⤵
  PID:4076
- C:\Windows\System\lJPVdIT.exe
  C:\Windows\System\lJPVdIT.exe
  2⤵
  PID:2376
- C:\Windows\System\dvVwbva.exe
  C:\Windows\System\dvVwbva.exe
  2⤵
  PID:2612
- C:\Windows\System\YVApPHI.exe
  C:\Windows\System\YVApPHI.exe
  2⤵
  PID:2864
- C:\Windows\System\MNRhzWy.exe
  C:\Windows\System\MNRhzWy.exe
  2⤵
  PID:2444
- C:\Windows\System\ZpscQLC.exe
  C:\Windows\System\ZpscQLC.exe
  2⤵
  PID:1332
- C:\Windows\System\wIQzIwn.exe
  C:\Windows\System\wIQzIwn.exe
  2⤵
  PID:1732
- C:\Windows\System\eDfdqqy.exe
  C:\Windows\System\eDfdqqy.exe
  2⤵
  PID:1648
- C:\Windows\System\ZBXWqYk.exe
  C:\Windows\System\ZBXWqYk.exe
  2⤵
  PID:1172
- C:\Windows\System\THvhkcf.exe
  C:\Windows\System\THvhkcf.exe
  2⤵
  PID:1944
- C:\Windows\System\thJcXsx.exe
  C:\Windows\System\thJcXsx.exe
  2⤵
  PID:3060
- C:\Windows\System\XGPZdGD.exe
  C:\Windows\System\XGPZdGD.exe
  2⤵
  PID:3048
- C:\Windows\System\VluljEe.exe
  C:\Windows\System\VluljEe.exe
  2⤵
  PID:3100
- C:\Windows\System\mRyaTnj.exe
  C:\Windows\System\mRyaTnj.exe
  2⤵
  PID:3136
- C:\Windows\System\bYaPHio.exe
  C:\Windows\System\bYaPHio.exe
  2⤵
  PID:3236
- C:\Windows\System\BYZumKh.exe
  C:\Windows\System\BYZumKh.exe
  2⤵
  PID:3208
- C:\Windows\System\meGBEJa.exe
  C:\Windows\System\meGBEJa.exe
  2⤵
  PID:3216
- C:\Windows\System\VNVwwQi.exe
  C:\Windows\System\VNVwwQi.exe
  2⤵
  PID:3316
- C:\Windows\System\iDNnkgX.exe
  C:\Windows\System\iDNnkgX.exe
  2⤵
  PID:3360
- C:\Windows\System\hXlpJAg.exe
  C:\Windows\System\hXlpJAg.exe
  2⤵
  PID:3396
- C:\Windows\System\YdUWGAV.exe
  C:\Windows\System\YdUWGAV.exe
  2⤵
  PID:3328
- C:\Windows\System\KtdwNfU.exe
  C:\Windows\System\KtdwNfU.exe
  2⤵
  PID:3376
- C:\Windows\System\CEryoDX.exe
  C:\Windows\System\CEryoDX.exe
  2⤵
  PID:3468
- C:\Windows\System\lSTMSVI.exe
  C:\Windows\System\lSTMSVI.exe
  2⤵
  PID:3520
- C:\Windows\System\XOKaFKp.exe
  C:\Windows\System\XOKaFKp.exe
  2⤵
  PID:3560
- C:\Windows\System\NbIadnB.exe
  C:\Windows\System\NbIadnB.exe
  2⤵
  PID:3500
- C:\Windows\System\fkdJXLM.exe
  C:\Windows\System\fkdJXLM.exe
  2⤵
  PID:3636
- C:\Windows\System\wIVmaDx.exe
  C:\Windows\System\wIVmaDx.exe
  2⤵
  PID:3712
- C:\Windows\System\QkfuiSi.exe
  C:\Windows\System\QkfuiSi.exe
  2⤵
  PID:3616
- C:\Windows\System\BmwVZpf.exe
  C:\Windows\System\BmwVZpf.exe
  2⤵
  PID:3752
- C:\Windows\System\NcDJDys.exe
  C:\Windows\System\NcDJDys.exe
  2⤵
  PID:3788
- C:\Windows\System\vriuDAG.exe
  C:\Windows\System\vriuDAG.exe
  2⤵
  PID:3728
- C:\Windows\System\hcPUSCN.exe
  C:\Windows\System\hcPUSCN.exe
  2⤵
  PID:3736
- C:\Windows\System\nThQupI.exe
  C:\Windows\System\nThQupI.exe
  2⤵
  PID:3864
- C:\Windows\System\xjeQedT.exe
  C:\Windows\System\xjeQedT.exe
  2⤵
  PID:3896
- C:\Windows\System\FsSxRXF.exe
  C:\Windows\System\FsSxRXF.exe
  2⤵
  PID:3936
- C:\Windows\System\nhqLrgg.exe
  C:\Windows\System\nhqLrgg.exe
  2⤵
  PID:3996
- C:\Windows\System\BVULMov.exe
  C:\Windows\System\BVULMov.exe
  2⤵
  PID:3920
- C:\Windows\System\ZGTvqKC.exe
  C:\Windows\System\ZGTvqKC.exe
  2⤵
  PID:4008
- C:\Windows\System\WfmdgjA.exe
  C:\Windows\System\WfmdgjA.exe
  2⤵
  PID:4004
- C:\Windows\System\viEOeoo.exe
  C:\Windows\System\viEOeoo.exe
  2⤵
  PID:920
- C:\Windows\System\xcDwkwB.exe
  C:\Windows\System\xcDwkwB.exe
  2⤵
  PID:4092
- C:\Windows\System\rhvamoQ.exe
  C:\Windows\System\rhvamoQ.exe
  2⤵
  PID:2856
- C:\Windows\System\fsQkrjg.exe
  C:\Windows\System\fsQkrjg.exe
  2⤵
  PID:1596
- C:\Windows\System\kfasmFz.exe
  C:\Windows\System\kfasmFz.exe
  2⤵
  PID:2356
- C:\Windows\System\vGzKJLH.exe
  C:\Windows\System\vGzKJLH.exe
  2⤵
  PID:3096
- C:\Windows\System\wJnSRSB.exe
  C:\Windows\System\wJnSRSB.exe
  2⤵
  PID:3092
- C:\Windows\System\mFWAjSr.exe
  C:\Windows\System\mFWAjSr.exe
  2⤵
  PID:684
- C:\Windows\System\RABfNYV.exe
  C:\Windows\System\RABfNYV.exe
  2⤵
  PID:3192
- C:\Windows\System\cFkJQkb.exe
  C:\Windows\System\cFkJQkb.exe
  2⤵
  PID:3276
- C:\Windows\System\gKODvov.exe
  C:\Windows\System\gKODvov.exe
  2⤵
  PID:3248
- C:\Windows\System\EwSqPew.exe
  C:\Windows\System\EwSqPew.exe
  2⤵
  PID:3392
- C:\Windows\System\XzNmUZu.exe
  C:\Windows\System\XzNmUZu.exe
  2⤵
  PID:3548
- C:\Windows\System\VHKHaTa.exe
  C:\Windows\System\VHKHaTa.exe
  2⤵
  PID:3300
- C:\Windows\System\lqleiWA.exe
  C:\Windows\System\lqleiWA.exe
  2⤵
  PID:3632
- C:\Windows\System\XEIhPxP.exe
  C:\Windows\System\XEIhPxP.exe
  2⤵
  PID:3372
- C:\Windows\System\oygYFSh.exe
  C:\Windows\System\oygYFSh.exe
  2⤵
  PID:3496
- C:\Windows\System\nnPsxzS.exe
  C:\Windows\System\nnPsxzS.exe
  2⤵
  PID:3760
- C:\Windows\System\qLSDHBp.exe
  C:\Windows\System\qLSDHBp.exe
  2⤵
  PID:3776
- C:\Windows\System\IYzNBSH.exe
  C:\Windows\System\IYzNBSH.exe
  2⤵
  PID:3980
- C:\Windows\System\NkxPsdM.exe
  C:\Windows\System\NkxPsdM.exe
  2⤵
  PID:3716
- C:\Windows\System\bAnQIih.exe
  C:\Windows\System\bAnQIih.exe
  2⤵
  PID:3792
- C:\Windows\System\hLjrZCL.exe
  C:\Windows\System\hLjrZCL.exe
  2⤵
  PID:3868
- C:\Windows\System\BtxTjES.exe
  C:\Windows\System\BtxTjES.exe
  2⤵
  PID:3880
- C:\Windows\System\qHyszSj.exe
  C:\Windows\System\qHyszSj.exe
  2⤵
  PID:2104
- C:\Windows\System\IOKMYAu.exe
  C:\Windows\System\IOKMYAu.exe
  2⤵
  PID:2272
- C:\Windows\System\qujNlRP.exe
  C:\Windows\System\qujNlRP.exe
  2⤵
  PID:4016
- C:\Windows\System\JrSFRnC.exe
  C:\Windows\System\JrSFRnC.exe
  2⤵
  PID:1768
- C:\Windows\System\BIPMSbo.exe
  C:\Windows\System\BIPMSbo.exe
  2⤵
  PID:1460
- C:\Windows\System\tKYwSjL.exe
  C:\Windows\System\tKYwSjL.exe
  2⤵
  PID:3120
- C:\Windows\System\AydZtKP.exe
  C:\Windows\System\AydZtKP.exe
  2⤵
  PID:3432
- C:\Windows\System\VdJSbMz.exe
  C:\Windows\System\VdJSbMz.exe
  2⤵
  PID:2672
- C:\Windows\System\axLlgrY.exe
  C:\Windows\System\axLlgrY.exe
  2⤵
  PID:3348
- C:\Windows\System\Dwemyhg.exe
  C:\Windows\System\Dwemyhg.exe
  2⤵
  PID:3688
- C:\Windows\System\MUSSurc.exe
  C:\Windows\System\MUSSurc.exe
  2⤵
  PID:3312
- C:\Windows\System\txCyuLm.exe
  C:\Windows\System\txCyuLm.exe
  2⤵
  PID:3832
- C:\Windows\System\uESOrCN.exe
  C:\Windows\System\uESOrCN.exe
  2⤵
  PID:4108
- C:\Windows\System\JeIsOiy.exe
  C:\Windows\System\JeIsOiy.exe
  2⤵
  PID:4124
- C:\Windows\System\JIYEIuA.exe
  C:\Windows\System\JIYEIuA.exe
  2⤵
  PID:4148
- C:\Windows\System\kxVTdIH.exe
  C:\Windows\System\kxVTdIH.exe
  2⤵
  PID:4168
- C:\Windows\System\cPftxdC.exe
  C:\Windows\System\cPftxdC.exe
  2⤵
  PID:4184
- C:\Windows\System\rxgJJov.exe
  C:\Windows\System\rxgJJov.exe
  2⤵
  PID:4204
- C:\Windows\System\wJiPmyY.exe
  C:\Windows\System\wJiPmyY.exe
  2⤵
  PID:4228
- C:\Windows\System\sYRgTfX.exe
  C:\Windows\System\sYRgTfX.exe
  2⤵
  PID:4248
- C:\Windows\System\YLpHOoo.exe
  C:\Windows\System\YLpHOoo.exe
  2⤵
  PID:4264
- C:\Windows\System\nNWVfqY.exe
  C:\Windows\System\nNWVfqY.exe
  2⤵
  PID:4284
- C:\Windows\System\YlPOaJV.exe
  C:\Windows\System\YlPOaJV.exe
  2⤵
  PID:4308
- C:\Windows\System\uqLmHKF.exe
  C:\Windows\System\uqLmHKF.exe
  2⤵
  PID:4324
- C:\Windows\System\LvFZOWL.exe
  C:\Windows\System\LvFZOWL.exe
  2⤵
  PID:4348
- C:\Windows\System\OxLOloS.exe
  C:\Windows\System\OxLOloS.exe
  2⤵
  PID:4368
- C:\Windows\System\tQaOmqR.exe
  C:\Windows\System\tQaOmqR.exe
  2⤵
  PID:4388
- C:\Windows\System\HFRVyDz.exe
  C:\Windows\System\HFRVyDz.exe
  2⤵
  PID:4408
- C:\Windows\System\zZVEmOe.exe
  C:\Windows\System\zZVEmOe.exe
  2⤵
  PID:4428
- C:\Windows\System\OGFKcIn.exe
  C:\Windows\System\OGFKcIn.exe
  2⤵
  PID:4448
- C:\Windows\System\bLwRaTr.exe
  C:\Windows\System\bLwRaTr.exe
  2⤵
  PID:4468
- C:\Windows\System\rmwQJcE.exe
  C:\Windows\System\rmwQJcE.exe
  2⤵
  PID:4488
- C:\Windows\System\dmOHkjm.exe
  C:\Windows\System\dmOHkjm.exe
  2⤵
  PID:4508
- C:\Windows\System\icqVjCJ.exe
  C:\Windows\System\icqVjCJ.exe
  2⤵
  PID:4524
- C:\Windows\System\HfCJXMH.exe
  C:\Windows\System\HfCJXMH.exe
  2⤵
  PID:4544
- C:\Windows\System\gDFFuAB.exe
  C:\Windows\System\gDFFuAB.exe
  2⤵
  PID:4564
- C:\Windows\System\sMYEzRP.exe
  C:\Windows\System\sMYEzRP.exe
  2⤵
  PID:4584
- C:\Windows\System\QljACQR.exe
  C:\Windows\System\QljACQR.exe
  2⤵
  PID:4604
- C:\Windows\System\NYtkABw.exe
  C:\Windows\System\NYtkABw.exe
  2⤵
  PID:4624
- C:\Windows\System\fzXiUFs.exe
  C:\Windows\System\fzXiUFs.exe
  2⤵
  PID:4648
- C:\Windows\System\NjZpmYv.exe
  C:\Windows\System\NjZpmYv.exe
  2⤵
  PID:4668
- C:\Windows\System\YUNWdwa.exe
  C:\Windows\System\YUNWdwa.exe
  2⤵
  PID:4688
- C:\Windows\System\KHkRdmc.exe
  C:\Windows\System\KHkRdmc.exe
  2⤵
  PID:4704
- C:\Windows\System\FemvAHb.exe
  C:\Windows\System\FemvAHb.exe
  2⤵
  PID:4728
- C:\Windows\System\rNtelSd.exe
  C:\Windows\System\rNtelSd.exe
  2⤵
  PID:4748
- C:\Windows\System\wAzDJAN.exe
  C:\Windows\System\wAzDJAN.exe
  2⤵
  PID:4764
- C:\Windows\System\FKTndZF.exe
  C:\Windows\System\FKTndZF.exe
  2⤵
  PID:4784
- C:\Windows\System\Vzzcjln.exe
  C:\Windows\System\Vzzcjln.exe
  2⤵
  PID:4800
- C:\Windows\System\mvpUqLZ.exe
  C:\Windows\System\mvpUqLZ.exe
  2⤵
  PID:4816
- C:\Windows\System\StwIBFJ.exe
  C:\Windows\System\StwIBFJ.exe
  2⤵
  PID:4840
- C:\Windows\System\PtcXjAz.exe
  C:\Windows\System\PtcXjAz.exe
  2⤵
  PID:4864
- C:\Windows\System\YjQJvPZ.exe
  C:\Windows\System\YjQJvPZ.exe
  2⤵
  PID:4884
- C:\Windows\System\PZTVlxD.exe
  C:\Windows\System\PZTVlxD.exe
  2⤵
  PID:4900
- C:\Windows\System\BqPGPxj.exe
  C:\Windows\System\BqPGPxj.exe
  2⤵
  PID:4920
- C:\Windows\System\MriZOwE.exe
  C:\Windows\System\MriZOwE.exe
  2⤵
  PID:4944
- C:\Windows\System\mmfDkcg.exe
  C:\Windows\System\mmfDkcg.exe
  2⤵
  PID:4964
- C:\Windows\System\JENXjsm.exe
  C:\Windows\System\JENXjsm.exe
  2⤵
  PID:4980
- C:\Windows\System\hvRcFTV.exe
  C:\Windows\System\hvRcFTV.exe
  2⤵
  PID:5000
- C:\Windows\System\DSVSTVa.exe
  C:\Windows\System\DSVSTVa.exe
  2⤵
  PID:5016
- C:\Windows\System\WMylRWx.exe
  C:\Windows\System\WMylRWx.exe
  2⤵
  PID:5036
- C:\Windows\System\mQWlkcv.exe
  C:\Windows\System\mQWlkcv.exe
  2⤵
  PID:5060
- C:\Windows\System\gENAZib.exe
  C:\Windows\System\gENAZib.exe
  2⤵
  PID:5080
- C:\Windows\System\NMPDDVW.exe
  C:\Windows\System\NMPDDVW.exe
  2⤵
  PID:5112
- C:\Windows\System\tHLsasd.exe
  C:\Windows\System\tHLsasd.exe
  2⤵
  PID:3580
- C:\Windows\System\djlBlfV.exe
  C:\Windows\System\djlBlfV.exe
  2⤵
  PID:4068
- C:\Windows\System\bTzkOXI.exe
  C:\Windows\System\bTzkOXI.exe
  2⤵
  PID:2456
- C:\Windows\System\dSdaELR.exe
  C:\Windows\System\dSdaELR.exe
  2⤵
  PID:3884
- C:\Windows\System\dXjRjih.exe
  C:\Windows\System\dXjRjih.exe
  2⤵
  PID:4032
- C:\Windows\System\GbmbfVd.exe
  C:\Windows\System\GbmbfVd.exe
  2⤵
  PID:3232
- C:\Windows\System\zqWycqh.exe
  C:\Windows\System\zqWycqh.exe
  2⤵
  PID:2736
- C:\Windows\System\kULfMCS.exe
  C:\Windows\System\kULfMCS.exe
  2⤵
  PID:288
- C:\Windows\System\QDEUjhi.exe
  C:\Windows\System\QDEUjhi.exe
  2⤵
  PID:3256
- C:\Windows\System\dbJynhF.exe
  C:\Windows\System\dbJynhF.exe
  2⤵
  PID:3828
- C:\Windows\System\PeLLeLt.exe
  C:\Windows\System\PeLLeLt.exe
  2⤵
  PID:4100
- C:\Windows\System\JxTDMJM.exe
  C:\Windows\System\JxTDMJM.exe
  2⤵
  PID:4116
- C:\Windows\System\OScSSfR.exe
  C:\Windows\System\OScSSfR.exe
  2⤵
  PID:4156
- C:\Windows\System\DYnAJln.exe
  C:\Windows\System\DYnAJln.exe
  2⤵
  PID:4224
- C:\Windows\System\DUuIcYj.exe
  C:\Windows\System\DUuIcYj.exe
  2⤵
  PID:4200
- C:\Windows\System\XrilPLL.exe
  C:\Windows\System\XrilPLL.exe
  2⤵
  PID:4300
- C:\Windows\System\wSKeOEQ.exe
  C:\Windows\System\wSKeOEQ.exe
  2⤵
  PID:4244
- C:\Windows\System\EhXvFgD.exe
  C:\Windows\System\EhXvFgD.exe
  2⤵
  PID:4340
- C:\Windows\System\ddcbcWe.exe
  C:\Windows\System\ddcbcWe.exe
  2⤵
  PID:4376
- C:\Windows\System\lthOBPD.exe
  C:\Windows\System\lthOBPD.exe
  2⤵
  PID:4364
- C:\Windows\System\tkfeGWS.exe
  C:\Windows\System\tkfeGWS.exe
  2⤵
  PID:4456
- C:\Windows\System\cgMchdL.exe
  C:\Windows\System\cgMchdL.exe
  2⤵
  PID:4400
- C:\Windows\System\RGtlAQi.exe
  C:\Windows\System\RGtlAQi.exe
  2⤵
  PID:4460
- C:\Windows\System\TdJnbsq.exe
  C:\Windows\System\TdJnbsq.exe
  2⤵
  PID:4480
- C:\Windows\System\TuIpDRK.exe
  C:\Windows\System\TuIpDRK.exe
  2⤵
  PID:4572
- C:\Windows\System\pSgYWja.exe
  C:\Windows\System\pSgYWja.exe
  2⤵
  PID:4612
- C:\Windows\System\CKwiUfh.exe
  C:\Windows\System\CKwiUfh.exe
  2⤵
  PID:4596
- C:\Windows\System\BBBiJOi.exe
  C:\Windows\System\BBBiJOi.exe
  2⤵
  PID:4744
- C:\Windows\System\AkUGxye.exe
  C:\Windows\System\AkUGxye.exe
  2⤵
  PID:4772
- C:\Windows\System\KHMXBrp.exe
  C:\Windows\System\KHMXBrp.exe
  2⤵
  PID:4680
- C:\Windows\System\pDBpTaE.exe
  C:\Windows\System\pDBpTaE.exe
  2⤵
  PID:4724
- C:\Windows\System\lmjSPVl.exe
  C:\Windows\System\lmjSPVl.exe
  2⤵
  PID:4848
- C:\Windows\System\XYuTaBZ.exe
  C:\Windows\System\XYuTaBZ.exe
  2⤵
  PID:4896
- C:\Windows\System\nlJJBzZ.exe
  C:\Windows\System\nlJJBzZ.exe
  2⤵
  PID:4828
- C:\Windows\System\iZznBZY.exe
  C:\Windows\System\iZznBZY.exe
  2⤵
  PID:4880
- C:\Windows\System\HEhwEkc.exe
  C:\Windows\System\HEhwEkc.exe
  2⤵
  PID:4872
- C:\Windows\System\YrIsWVH.exe
  C:\Windows\System\YrIsWVH.exe
  2⤵
  PID:5012
- C:\Windows\System\ZCEaGMO.exe
  C:\Windows\System\ZCEaGMO.exe
  2⤵
  PID:4956
- C:\Windows\System\ijpAZfY.exe
  C:\Windows\System\ijpAZfY.exe
  2⤵
  PID:5096
- C:\Windows\System\hZEFRyR.exe
  C:\Windows\System\hZEFRyR.exe
  2⤵
  PID:3956
- C:\Windows\System\oiwUTUL.exe
  C:\Windows\System\oiwUTUL.exe
  2⤵
  PID:2304
- C:\Windows\System\xhamfUS.exe
  C:\Windows\System\xhamfUS.exe
  2⤵
  PID:3356
- C:\Windows\System\WTMjgGu.exe
  C:\Windows\System\WTMjgGu.exe
  2⤵
  PID:3512
- C:\Windows\System\CDkTPQV.exe
  C:\Windows\System\CDkTPQV.exe
  2⤵
  PID:5068
- C:\Windows\System\MlAsFfH.exe
  C:\Windows\System\MlAsFfH.exe
  2⤵
  PID:4988
- C:\Windows\System\aupsiMv.exe
  C:\Windows\System\aupsiMv.exe
  2⤵
  PID:4212
- C:\Windows\System\aXffSMw.exe
  C:\Windows\System\aXffSMw.exe
  2⤵
  PID:4292
- C:\Windows\System\VjNpmFw.exe
  C:\Windows\System\VjNpmFw.exe
  2⤵
  PID:4360
- C:\Windows\System\MXlVlyZ.exe
  C:\Windows\System\MXlVlyZ.exe
  2⤵
  PID:3160
- C:\Windows\System\BpoXTDL.exe
  C:\Windows\System\BpoXTDL.exe
  2⤵
  PID:3952
- C:\Windows\System\cdtsxfu.exe
  C:\Windows\System\cdtsxfu.exe
  2⤵
  PID:4504
- C:\Windows\System\FKNlYXo.exe
  C:\Windows\System\FKNlYXo.exe
  2⤵
  PID:4576
- C:\Windows\System\aHAOgcm.exe
  C:\Windows\System\aHAOgcm.exe
  2⤵
  PID:4440
- C:\Windows\System\rOrpJQE.exe
  C:\Windows\System\rOrpJQE.exe
  2⤵
  PID:4540
- C:\Windows\System\baqHNzV.exe
  C:\Windows\System\baqHNzV.exe
  2⤵
  PID:4420
- C:\Windows\System\rAIkvhX.exe
  C:\Windows\System\rAIkvhX.exe
  2⤵
  PID:4296
- C:\Windows\System\ZraqDCT.exe
  C:\Windows\System\ZraqDCT.exe
  2⤵
  PID:4552
- C:\Windows\System\QIhIKyL.exe
  C:\Windows\System\QIhIKyL.exe
  2⤵
  PID:4700
- C:\Windows\System\wiYxSVk.exe
  C:\Windows\System\wiYxSVk.exe
  2⤵
  PID:4676
- C:\Windows\System\aKIPiYM.exe
  C:\Windows\System\aKIPiYM.exe
  2⤵
  PID:4644
- C:\Windows\System\yKNAMxI.exe
  C:\Windows\System\yKNAMxI.exe
  2⤵
  PID:4892
- C:\Windows\System\WHgJdki.exe
  C:\Windows\System\WHgJdki.exe
  2⤵
  PID:4908
- C:\Windows\System\YzfClHT.exe
  C:\Windows\System\YzfClHT.exe
  2⤵
  PID:5052
- C:\Windows\System\adtUTuL.exe
  C:\Windows\System\adtUTuL.exe
  2⤵
  PID:3812
- C:\Windows\System\BRCpUiL.exe
  C:\Windows\System\BRCpUiL.exe
  2⤵
  PID:5032
- C:\Windows\System\mZTsunY.exe
  C:\Windows\System\mZTsunY.exe
  2⤵
  PID:3596
- C:\Windows\System\iEZkVGB.exe
  C:\Windows\System\iEZkVGB.exe
  2⤵
  PID:4164
- C:\Windows\System\ioahOAh.exe
  C:\Windows\System\ioahOAh.exe
  2⤵
  PID:4356
- C:\Windows\System\zULDydt.exe
  C:\Windows\System\zULDydt.exe
  2⤵
  PID:4996
- C:\Windows\System\vBnzDVF.exe
  C:\Windows\System\vBnzDVF.exe
  2⤵
  PID:4500
- C:\Windows\System\gjAqzpZ.exe
  C:\Windows\System\gjAqzpZ.exe
  2⤵
  PID:4260
- C:\Windows\System\AtLrekx.exe
  C:\Windows\System\AtLrekx.exe
  2⤵
  PID:3156
- C:\Windows\System\HpYTQeR.exe
  C:\Windows\System\HpYTQeR.exe
  2⤵
  PID:4336
- C:\Windows\System\xiHvZHn.exe
  C:\Windows\System\xiHvZHn.exe
  2⤵
  PID:4600
- C:\Windows\System\IzcqkkQ.exe
  C:\Windows\System\IzcqkkQ.exe
  2⤵
  PID:4636
- C:\Windows\System\ZQymGTK.exe
  C:\Windows\System\ZQymGTK.exe
  2⤵
  PID:4192
- C:\Windows\System\wMhMrbp.exe
  C:\Windows\System\wMhMrbp.exe
  2⤵
  PID:4664
- C:\Windows\System\kfWetiU.exe
  C:\Windows\System\kfWetiU.exe
  2⤵
  PID:4776
- C:\Windows\System\ygsvnzZ.exe
  C:\Windows\System\ygsvnzZ.exe
  2⤵
  PID:4876
- C:\Windows\System\eJKsECe.exe
  C:\Windows\System\eJKsECe.exe
  2⤵
  PID:4836
- C:\Windows\System\fLFdNqo.exe
  C:\Windows\System\fLFdNqo.exe
  2⤵
  PID:4332
- C:\Windows\System\NuSkOfl.exe
  C:\Windows\System\NuSkOfl.exe
  2⤵
  PID:4136
- C:\Windows\System\kZqRhhZ.exe
  C:\Windows\System\kZqRhhZ.exe
  2⤵
  PID:5140
- C:\Windows\System\wbkAIVD.exe
  C:\Windows\System\wbkAIVD.exe
  2⤵
  PID:5156
- C:\Windows\System\AQpfYhq.exe
  C:\Windows\System\AQpfYhq.exe
  2⤵
  PID:5180
- C:\Windows\System\IykTelR.exe
  C:\Windows\System\IykTelR.exe
  2⤵
  PID:5196
- C:\Windows\System\DVcnOiZ.exe
  C:\Windows\System\DVcnOiZ.exe
  2⤵
  PID:5212
- C:\Windows\System\uuXpixW.exe
  C:\Windows\System\uuXpixW.exe
  2⤵
  PID:5232
- C:\Windows\System\ANyElNl.exe
  C:\Windows\System\ANyElNl.exe
  2⤵
  PID:5248
- C:\Windows\System\yfhxvWu.exe
  C:\Windows\System\yfhxvWu.exe
  2⤵
  PID:5264
- C:\Windows\System\PDJkYsv.exe
  C:\Windows\System\PDJkYsv.exe
  2⤵
  PID:5284
- C:\Windows\System\boDhJhV.exe
  C:\Windows\System\boDhJhV.exe
  2⤵
  PID:5300
- C:\Windows\System\ftqjRNB.exe
  C:\Windows\System\ftqjRNB.exe
  2⤵
  PID:5316
- C:\Windows\System\wQRbueL.exe
  C:\Windows\System\wQRbueL.exe
  2⤵
  PID:5332
- C:\Windows\System\mHgXlke.exe
  C:\Windows\System\mHgXlke.exe
  2⤵
  PID:5384
- C:\Windows\System\XAfvWUl.exe
  C:\Windows\System\XAfvWUl.exe
  2⤵
  PID:5412
- C:\Windows\System\nVyaAcN.exe
  C:\Windows\System\nVyaAcN.exe
  2⤵
  PID:5432
- C:\Windows\System\vpCmLro.exe
  C:\Windows\System\vpCmLro.exe
  2⤵
  PID:5448
- C:\Windows\System\xiySWGv.exe
  C:\Windows\System\xiySWGv.exe
  2⤵
  PID:5468
- C:\Windows\System\Zvomgvu.exe
  C:\Windows\System\Zvomgvu.exe
  2⤵
  PID:5484
- C:\Windows\System\XxapLmR.exe
  C:\Windows\System\XxapLmR.exe
  2⤵
  PID:5508
- C:\Windows\System\mghYGlz.exe
  C:\Windows\System\mghYGlz.exe
  2⤵
  PID:5532
- C:\Windows\System\ezfyDas.exe
  C:\Windows\System\ezfyDas.exe
  2⤵
  PID:5548
- C:\Windows\System\ZOISrFl.exe
  C:\Windows\System\ZOISrFl.exe
  2⤵
  PID:5568
- C:\Windows\System\debrPVZ.exe
  C:\Windows\System\debrPVZ.exe
  2⤵
  PID:5588
- C:\Windows\System\yFVhbIf.exe
  C:\Windows\System\yFVhbIf.exe
  2⤵
  PID:5608
- C:\Windows\System\VKwGVlN.exe
  C:\Windows\System\VKwGVlN.exe
  2⤵
  PID:5628
- C:\Windows\System\JhrnqOz.exe
  C:\Windows\System\JhrnqOz.exe
  2⤵
  PID:5652
- C:\Windows\System\anZUuzY.exe
  C:\Windows\System\anZUuzY.exe
  2⤵
  PID:5668
- C:\Windows\System\hLObOjE.exe
  C:\Windows\System\hLObOjE.exe
  2⤵
  PID:5688
- C:\Windows\System\fXtWfEJ.exe
  C:\Windows\System\fXtWfEJ.exe
  2⤵
  PID:5704
- C:\Windows\System\tHXEyrd.exe
  C:\Windows\System\tHXEyrd.exe
  2⤵
  PID:5728
- C:\Windows\System\csgqpwX.exe
  C:\Windows\System\csgqpwX.exe
  2⤵
  PID:5748
- C:\Windows\System\CMXpoqO.exe
  C:\Windows\System\CMXpoqO.exe
  2⤵
  PID:5764
- C:\Windows\System\nhTtgLi.exe
  C:\Windows\System\nhTtgLi.exe
  2⤵
  PID:5780
- C:\Windows\System\Rkpitzi.exe
  C:\Windows\System\Rkpitzi.exe
  2⤵
  PID:5804
- C:\Windows\System\nkseodB.exe
  C:\Windows\System\nkseodB.exe
  2⤵
  PID:5824
- C:\Windows\System\nDbinor.exe
  C:\Windows\System\nDbinor.exe
  2⤵
  PID:5840
- C:\Windows\System\nUAKqJg.exe
  C:\Windows\System\nUAKqJg.exe
  2⤵
  PID:5864
- C:\Windows\System\agfwTut.exe
  C:\Windows\System\agfwTut.exe
  2⤵
  PID:5884
- C:\Windows\System\gFjekxO.exe
  C:\Windows\System\gFjekxO.exe
  2⤵
  PID:5904
- C:\Windows\System\pawlkzy.exe
  C:\Windows\System\pawlkzy.exe
  2⤵
  PID:5924
- C:\Windows\System\udEnedq.exe
  C:\Windows\System\udEnedq.exe
  2⤵
  PID:5944
- C:\Windows\System\XMizaDM.exe
  C:\Windows\System\XMizaDM.exe
  2⤵
  PID:5968
- C:\Windows\System\sqeqAPB.exe
  C:\Windows\System\sqeqAPB.exe
  2⤵
  PID:5992
- C:\Windows\System\HCvJNOP.exe
  C:\Windows\System\HCvJNOP.exe
  2⤵
  PID:6012
- C:\Windows\System\DjDbWHD.exe
  C:\Windows\System\DjDbWHD.exe
  2⤵
  PID:6028
- C:\Windows\System\WNPCNsw.exe
  C:\Windows\System\WNPCNsw.exe
  2⤵
  PID:6052
- C:\Windows\System\BmmyUWF.exe
  C:\Windows\System\BmmyUWF.exe
  2⤵
  PID:6072
- C:\Windows\System\GFIacrM.exe
  C:\Windows\System\GFIacrM.exe
  2⤵
  PID:6092
- C:\Windows\System\KVVBrUp.exe
  C:\Windows\System\KVVBrUp.exe
  2⤵
  PID:6112
- C:\Windows\System\FUaihFB.exe
  C:\Windows\System\FUaihFB.exe
  2⤵
  PID:6136
- C:\Windows\System\qvfXdvK.exe
  C:\Windows\System\qvfXdvK.exe
  2⤵
  PID:1704
- C:\Windows\System\sfUcMic.exe
  C:\Windows\System\sfUcMic.exe
  2⤵
  PID:4404
- C:\Windows\System\rtRSCgN.exe
  C:\Windows\System\rtRSCgN.exe
  2⤵
  PID:4424
- C:\Windows\System\QeLjdDz.exe
  C:\Windows\System\QeLjdDz.exe
  2⤵
  PID:5072
- C:\Windows\System\myxdMeX.exe
  C:\Windows\System\myxdMeX.exe
  2⤵
  PID:4912
- C:\Windows\System\AvYmsIC.exe
  C:\Windows\System\AvYmsIC.exe
  2⤵
  PID:4256
- C:\Windows\System\Znbkcir.exe
  C:\Windows\System\Znbkcir.exe
  2⤵
  PID:4176
- C:\Windows\System\DohXRpc.exe
  C:\Windows\System\DohXRpc.exe
  2⤵
  PID:5152
- C:\Windows\System\pAWGYTD.exe
  C:\Windows\System\pAWGYTD.exe
  2⤵
  PID:4796
- C:\Windows\System\sSBRIYB.exe
  C:\Windows\System\sSBRIYB.exe
  2⤵
  PID:4712
- C:\Windows\System\cBodWUs.exe
  C:\Windows\System\cBodWUs.exe
  2⤵
  PID:5136
- C:\Windows\System\gnPGOnL.exe
  C:\Windows\System\gnPGOnL.exe
  2⤵
  PID:5296
- C:\Windows\System\uDIBWtL.exe
  C:\Windows\System\uDIBWtL.exe
  2⤵
  PID:5280
- C:\Windows\System\trrzrKF.exe
  C:\Windows\System\trrzrKF.exe
  2⤵
  PID:5348
- C:\Windows\System\CAIEgmf.exe
  C:\Windows\System\CAIEgmf.exe
  2⤵
  PID:5396
- C:\Windows\System\Eqiwvxj.exe
  C:\Windows\System\Eqiwvxj.exe
  2⤵
  PID:5172
- C:\Windows\System\CLCWXrc.exe
  C:\Windows\System\CLCWXrc.exe
  2⤵
  PID:5376
- C:\Windows\System\AWJWxtK.exe
  C:\Windows\System\AWJWxtK.exe
  2⤵
  PID:5404
- C:\Windows\System\aaeQzcU.exe
  C:\Windows\System\aaeQzcU.exe
  2⤵
  PID:5516
- C:\Windows\System\munbnIa.exe
  C:\Windows\System\munbnIa.exe
  2⤵
  PID:5420
- C:\Windows\System\ZYmUyff.exe
  C:\Windows\System\ZYmUyff.exe
  2⤵
  PID:5564
- C:\Windows\System\IRuUbWz.exe
  C:\Windows\System\IRuUbWz.exe
  2⤵
  PID:5492
- C:\Windows\System\fscSvad.exe
  C:\Windows\System\fscSvad.exe
  2⤵
  PID:5604
- C:\Windows\System\zdcCkLV.exe
  C:\Windows\System\zdcCkLV.exe
  2⤵
  PID:5676
- C:\Windows\System\ZgnpVou.exe
  C:\Windows\System\ZgnpVou.exe
  2⤵
  PID:5544
- C:\Windows\System\HoLHhno.exe
  C:\Windows\System\HoLHhno.exe
  2⤵
  PID:5724
- C:\Windows\System\pfmYwuh.exe
  C:\Windows\System\pfmYwuh.exe
  2⤵
  PID:5576
- C:\Windows\System\OzEVIhy.exe
  C:\Windows\System\OzEVIhy.exe
  2⤵
  PID:5760
- C:\Windows\System\APTOlII.exe
  C:\Windows\System\APTOlII.exe
  2⤵
  PID:5700
- C:\Windows\System\uEfVVKB.exe
  C:\Windows\System\uEfVVKB.exe
  2⤵
  PID:5744
- C:\Windows\System\UmSBdYY.exe
  C:\Windows\System\UmSBdYY.exe
  2⤵
  PID:5776
- C:\Windows\System\GEBPVqd.exe
  C:\Windows\System\GEBPVqd.exe
  2⤵
  PID:5920
- C:\Windows\System\IFSxHqZ.exe
  C:\Windows\System\IFSxHqZ.exe
  2⤵
  PID:5852
- C:\Windows\System\PmzjsTw.exe
  C:\Windows\System\PmzjsTw.exe
  2⤵
  PID:5964
- C:\Windows\System\TMUSuYN.exe
  C:\Windows\System\TMUSuYN.exe
  2⤵
  PID:5940
- C:\Windows\System\dDtJrpl.exe
  C:\Windows\System\dDtJrpl.exe
  2⤵
  PID:6044
- C:\Windows\System\WxHySLi.exe
  C:\Windows\System\WxHySLi.exe
  2⤵
  PID:5984
- C:\Windows\System\aXzgIrc.exe
  C:\Windows\System\aXzgIrc.exe
  2⤵
  PID:6020
- C:\Windows\System\bwFVUuD.exe
  C:\Windows\System\bwFVUuD.exe
  2⤵
  PID:6128
- C:\Windows\System\ykpSwYe.exe
  C:\Windows\System\ykpSwYe.exe
  2⤵
  PID:4536
- C:\Windows\System\GlxKfnu.exe
  C:\Windows\System\GlxKfnu.exe
  2⤵
  PID:6108
- C:\Windows\System\ojISzAs.exe
  C:\Windows\System\ojISzAs.exe
  2⤵
  PID:4240
- C:\Windows\System\ayzTcsK.exe
  C:\Windows\System\ayzTcsK.exe
  2⤵
  PID:4220
- C:\Windows\System\KriTIbW.exe
  C:\Windows\System\KriTIbW.exe
  2⤵
  PID:5008
- C:\Windows\System\XoghPsI.exe
  C:\Windows\System\XoghPsI.exe
  2⤵
  PID:4824
- C:\Windows\System\osQOFIG.exe
  C:\Windows\System\osQOFIG.exe
  2⤵
  PID:5228
- C:\Windows\System\JMyXIBy.exe
  C:\Windows\System\JMyXIBy.exe
  2⤵
  PID:3456
- C:\Windows\System\WsheqxO.exe
  C:\Windows\System\WsheqxO.exe
  2⤵
  PID:5132
- C:\Windows\System\BsKIlhe.exe
  C:\Windows\System\BsKIlhe.exe
  2⤵
  PID:2948
- C:\Windows\System\YEcLfhG.exe
  C:\Windows\System\YEcLfhG.exe
  2⤵
  PID:5364
- C:\Windows\System\eMRUgiJ.exe
  C:\Windows\System\eMRUgiJ.exe
  2⤵
  PID:2648
- C:\Windows\System\RbrppWC.exe
  C:\Windows\System\RbrppWC.exe
  2⤵
  PID:2936
- C:\Windows\System\PBZLHaI.exe
  C:\Windows\System\PBZLHaI.exe
  2⤵
  PID:5636
- C:\Windows\System\NNiLPRC.exe
  C:\Windows\System\NNiLPRC.exe
  2⤵
  PID:5476
- C:\Windows\System\hTOlcaj.exe
  C:\Windows\System\hTOlcaj.exe
  2⤵
  PID:5712
- C:\Windows\System\zjvSdhg.exe
  C:\Windows\System\zjvSdhg.exe
  2⤵
  PID:5428
- C:\Windows\System\pXHakSS.exe
  C:\Windows\System\pXHakSS.exe
  2⤵
  PID:5836
- C:\Windows\System\MsUlXuk.exe
  C:\Windows\System\MsUlXuk.exe
  2⤵
  PID:5816
- C:\Windows\System\bQDXHSR.exe
  C:\Windows\System\bQDXHSR.exe
  2⤵
  PID:5900
- C:\Windows\System\KNjQiUz.exe
  C:\Windows\System\KNjQiUz.exe
  2⤵
  PID:5800
- C:\Windows\System\OzMNhTG.exe
  C:\Windows\System\OzMNhTG.exe
  2⤵
  PID:6004
- C:\Windows\System\XSMLSea.exe
  C:\Windows\System\XSMLSea.exe
  2⤵
  PID:6124
- C:\Windows\System\htNDbbs.exe
  C:\Windows\System\htNDbbs.exe
  2⤵
  PID:2084
- C:\Windows\System\raNeYyn.exe
  C:\Windows\System\raNeYyn.exe
  2⤵
  PID:5952
- C:\Windows\System\MAZirVR.exe
  C:\Windows\System\MAZirVR.exe
  2⤵
  PID:5148
- C:\Windows\System\ClnWXVD.exe
  C:\Windows\System\ClnWXVD.exe
  2⤵
  PID:5976
- C:\Windows\System\LNSHEuz.exe
  C:\Windows\System\LNSHEuz.exe
  2⤵
  PID:6120
- C:\Windows\System\EbFYOUL.exe
  C:\Windows\System\EbFYOUL.exe
  2⤵
  PID:2184
- C:\Windows\System\BiHdOvU.exe
  C:\Windows\System\BiHdOvU.exe
  2⤵
  PID:4952
- C:\Windows\System\dOgTrta.exe
  C:\Windows\System\dOgTrta.exe
  2⤵
  PID:4048
- C:\Windows\System\BYnMyNx.exe
  C:\Windows\System\BYnMyNx.exe
  2⤵
  PID:5500
- C:\Windows\System\nCDHEmM.exe
  C:\Windows\System\nCDHEmM.exe
  2⤵
  PID:5276
- C:\Windows\System\EORtdCy.exe
  C:\Windows\System\EORtdCy.exe
  2⤵
  PID:5540
- C:\Windows\System\uUWBsIY.exe
  C:\Windows\System\uUWBsIY.exe
  2⤵
  PID:5792
- C:\Windows\System\EEvSNOA.exe
  C:\Windows\System\EEvSNOA.exe
  2⤵
  PID:6024
- C:\Windows\System\fpxCbVf.exe
  C:\Windows\System\fpxCbVf.exe
  2⤵
  PID:5664
- C:\Windows\System\KXVVxpS.exe
  C:\Windows\System\KXVVxpS.exe
  2⤵
  PID:5584
- C:\Windows\System\jLZGIcu.exe
  C:\Windows\System\jLZGIcu.exe
  2⤵
  PID:5848
- C:\Windows\System\MzMwylU.exe
  C:\Windows\System\MzMwylU.exe
  2⤵
  PID:3052
- C:\Windows\System\frfbSWF.exe
  C:\Windows\System\frfbSWF.exe
  2⤵
  PID:4852
- C:\Windows\System\BHTcudW.exe
  C:\Windows\System\BHTcudW.exe
  2⤵
  PID:5024
- C:\Windows\System\djjJyQO.exe
  C:\Windows\System\djjJyQO.exe
  2⤵
  PID:5260
- C:\Windows\System\nFfwxVZ.exe
  C:\Windows\System\nFfwxVZ.exe
  2⤵
  PID:6088
- C:\Windows\System\hZQKOkU.exe
  C:\Windows\System\hZQKOkU.exe
  2⤵
  PID:476
- C:\Windows\System\WLqVASx.exe
  C:\Windows\System\WLqVASx.exe
  2⤵
  PID:5344
- C:\Windows\System\IRFqQFK.exe
  C:\Windows\System\IRFqQFK.exe
  2⤵
  PID:5444
- C:\Windows\System\UMwUAOV.exe
  C:\Windows\System\UMwUAOV.exe
  2⤵
  PID:5244
- C:\Windows\System\irZuEpV.exe
  C:\Windows\System\irZuEpV.exe
  2⤵
  PID:5164
- C:\Windows\System\IUbrhiw.exe
  C:\Windows\System\IUbrhiw.exe
  2⤵
  PID:5880
- C:\Windows\System\ylGoSiM.exe
  C:\Windows\System\ylGoSiM.exe
  2⤵
  PID:6148
- C:\Windows\System\HqzjfrO.exe
  C:\Windows\System\HqzjfrO.exe
  2⤵
  PID:6168
- C:\Windows\System\MkDMDQV.exe
  C:\Windows\System\MkDMDQV.exe
  2⤵
  PID:6184
- C:\Windows\System\cPNGUqW.exe
  C:\Windows\System\cPNGUqW.exe
  2⤵
  PID:6204
- C:\Windows\System\SXPTHKD.exe
  C:\Windows\System\SXPTHKD.exe
  2⤵
  PID:6224
- C:\Windows\System\EGndtAt.exe
  C:\Windows\System\EGndtAt.exe
  2⤵
  PID:6240
- C:\Windows\System\IKefaEJ.exe
  C:\Windows\System\IKefaEJ.exe
  2⤵
  PID:6260
- C:\Windows\System\jfagUuG.exe
  C:\Windows\System\jfagUuG.exe
  2⤵
  PID:6280
- C:\Windows\System\oEzvxDw.exe
  C:\Windows\System\oEzvxDw.exe
  2⤵
  PID:6312
- C:\Windows\System\XbrVteL.exe
  C:\Windows\System\XbrVteL.exe
  2⤵
  PID:6332
- C:\Windows\System\SoHYCir.exe
  C:\Windows\System\SoHYCir.exe
  2⤵
  PID:6352
- C:\Windows\System\DrceTTn.exe
  C:\Windows\System\DrceTTn.exe
  2⤵
  PID:6368
- C:\Windows\System\kyVolaT.exe
  C:\Windows\System\kyVolaT.exe
  2⤵
  PID:6388
- C:\Windows\System\CCLBGYw.exe
  C:\Windows\System\CCLBGYw.exe
  2⤵
  PID:6408
- C:\Windows\System\FQGIHpC.exe
  C:\Windows\System\FQGIHpC.exe
  2⤵
  PID:6424
- C:\Windows\System\IacbEyC.exe
  C:\Windows\System\IacbEyC.exe
  2⤵
  PID:6444
- C:\Windows\System\bfPyLLH.exe
  C:\Windows\System\bfPyLLH.exe
  2⤵
  PID:6460
- C:\Windows\System\TlkbRHV.exe
  C:\Windows\System\TlkbRHV.exe
  2⤵
  PID:6480
- C:\Windows\System\yXvrAYa.exe
  C:\Windows\System\yXvrAYa.exe
  2⤵
  PID:6504
- C:\Windows\System\vcZTPFQ.exe
  C:\Windows\System\vcZTPFQ.exe
  2⤵
  PID:6524
- C:\Windows\System\aDliuOj.exe
  C:\Windows\System\aDliuOj.exe
  2⤵
  PID:6552
- C:\Windows\System\ADKVyoE.exe
  C:\Windows\System\ADKVyoE.exe
  2⤵
  PID:6568
- C:\Windows\System\KCfgrEm.exe
  C:\Windows\System\KCfgrEm.exe
  2⤵
  PID:6588
- C:\Windows\System\iZcKOlP.exe
  C:\Windows\System\iZcKOlP.exe
  2⤵
  PID:6608
- C:\Windows\System\gYjBNxT.exe
  C:\Windows\System\gYjBNxT.exe
  2⤵
  PID:6632
- C:\Windows\System\axmBenq.exe
  C:\Windows\System\axmBenq.exe
  2⤵
  PID:6648
- C:\Windows\System\NnJqlfa.exe
  C:\Windows\System\NnJqlfa.exe
  2⤵
  PID:6672
- C:\Windows\System\uKhwIwS.exe
  C:\Windows\System\uKhwIwS.exe
  2⤵
  PID:6688
- C:\Windows\System\HtbleJH.exe
  C:\Windows\System\HtbleJH.exe
  2⤵
  PID:6712
- C:\Windows\System\slwQwZn.exe
  C:\Windows\System\slwQwZn.exe
  2⤵
  PID:6732
- C:\Windows\System\QcDPxfF.exe
  C:\Windows\System\QcDPxfF.exe
  2⤵
  PID:6752
- C:\Windows\System\fGXpRkt.exe
  C:\Windows\System\fGXpRkt.exe
  2⤵
  PID:6768
- C:\Windows\System\KSdeDjk.exe
  C:\Windows\System\KSdeDjk.exe
  2⤵
  PID:6792
- C:\Windows\System\VclKMhQ.exe
  C:\Windows\System\VclKMhQ.exe
  2⤵
  PID:6808
- C:\Windows\System\jJkntVS.exe
  C:\Windows\System\jJkntVS.exe
  2⤵
  PID:6832
- C:\Windows\System\LUObJGq.exe
  C:\Windows\System\LUObJGq.exe
  2⤵
  PID:6848
- C:\Windows\System\LsseJho.exe
  C:\Windows\System\LsseJho.exe
  2⤵
  PID:6872
- C:\Windows\System\RUWZVwK.exe
  C:\Windows\System\RUWZVwK.exe
  2⤵
  PID:6888
- C:\Windows\System\WBLpziO.exe
  C:\Windows\System\WBLpziO.exe
  2⤵
  PID:6912
- C:\Windows\System\cWXsiDQ.exe
  C:\Windows\System\cWXsiDQ.exe
  2⤵
  PID:6932
- C:\Windows\System\fCPIhGo.exe
  C:\Windows\System\fCPIhGo.exe
  2⤵
  PID:6952
- C:\Windows\System\erBknke.exe
  C:\Windows\System\erBknke.exe
  2⤵
  PID:6972
- C:\Windows\System\RbIVuXD.exe
  C:\Windows\System\RbIVuXD.exe
  2⤵
  PID:6992
- C:\Windows\System\YjXZamM.exe
  C:\Windows\System\YjXZamM.exe
  2⤵
  PID:7012
- C:\Windows\System\YmHrWuf.exe
  C:\Windows\System\YmHrWuf.exe
  2⤵
  PID:7032
- C:\Windows\System\SHrknCC.exe
  C:\Windows\System\SHrknCC.exe
  2⤵
  PID:7052
- C:\Windows\System\FGHmLXk.exe
  C:\Windows\System\FGHmLXk.exe
  2⤵
  PID:7072
- C:\Windows\System\BVMcDxC.exe
  C:\Windows\System\BVMcDxC.exe
  2⤵
  PID:7096
- C:\Windows\System\jSQdDOX.exe
  C:\Windows\System\jSQdDOX.exe
  2⤵
  PID:7112
- C:\Windows\System\mJCRYfV.exe
  C:\Windows\System\mJCRYfV.exe
  2⤵
  PID:7132
- C:\Windows\System\BrQWLpH.exe
  C:\Windows\System\BrQWLpH.exe
  2⤵
  PID:7152
- C:\Windows\System\lXzWSkA.exe
  C:\Windows\System\lXzWSkA.exe
  2⤵
  PID:2092
- C:\Windows\System\HoReZyj.exe
  C:\Windows\System\HoReZyj.exe
  2⤵
  PID:5520
- C:\Windows\System\HiQgRxA.exe
  C:\Windows\System\HiQgRxA.exe
  2⤵
  PID:5616
- C:\Windows\System\odXpBSQ.exe
  C:\Windows\System\odXpBSQ.exe
  2⤵
  PID:5400
- C:\Windows\System\LZqddfy.exe
  C:\Windows\System\LZqddfy.exe
  2⤵
  PID:2384
- C:\Windows\System\JruNJQJ.exe
  C:\Windows\System\JruNJQJ.exe
  2⤵
  PID:4632
- C:\Windows\System\HZPqfeT.exe
  C:\Windows\System\HZPqfeT.exe
  2⤵
  PID:3416
- C:\Windows\System\MgKZjGO.exe
  C:\Windows\System\MgKZjGO.exe
  2⤵
  PID:6180
- C:\Windows\System\HtEWYAG.exe
  C:\Windows\System\HtEWYAG.exe
  2⤵
  PID:6216
- C:\Windows\System\HKsnFvi.exe
  C:\Windows\System\HKsnFvi.exe
  2⤵
  PID:2880
- C:\Windows\System\xIdnroB.exe
  C:\Windows\System\xIdnroB.exe
  2⤵
  PID:5660
- C:\Windows\System\uPVsMbv.exe
  C:\Windows\System\uPVsMbv.exe
  2⤵
  PID:6256
- C:\Windows\System\yBvLqPY.exe
  C:\Windows\System\yBvLqPY.exe
  2⤵
  PID:6200
- C:\Windows\System\CEylRyT.exe
  C:\Windows\System\CEylRyT.exe
  2⤵
  PID:6296
- C:\Windows\System\WaDYKYT.exe
  C:\Windows\System\WaDYKYT.exe
  2⤵
  PID:6292
- C:\Windows\System\rqqPJUv.exe
  C:\Windows\System\rqqPJUv.exe
  2⤵
  PID:1032
- C:\Windows\System\NkgAhGw.exe
  C:\Windows\System\NkgAhGw.exe
  2⤵
  PID:6236
- C:\Windows\System\lRyHOUq.exe
  C:\Windows\System\lRyHOUq.exe
  2⤵
  PID:6156
- C:\Windows\System\sNRmYCh.exe
  C:\Windows\System\sNRmYCh.exe
  2⤵
  PID:6420
- C:\Windows\System\haqtbSK.exe
  C:\Windows\System\haqtbSK.exe
  2⤵
  PID:6320
- C:\Windows\System\kqiZpRA.exe
  C:\Windows\System\kqiZpRA.exe
  2⤵
  PID:6468
- C:\Windows\System\uRffwBH.exe
  C:\Windows\System\uRffwBH.exe
  2⤵
  PID:6512
- C:\Windows\System\ZoGjMoC.exe
  C:\Windows\System\ZoGjMoC.exe
  2⤵
  PID:6548
- C:\Windows\System\SQinLiR.exe
  C:\Windows\System\SQinLiR.exe
  2⤵
  PID:2156
- C:\Windows\System\VBWTypi.exe
  C:\Windows\System\VBWTypi.exe
  2⤵
  PID:2236
- C:\Windows\System\NrOAyBz.exe
  C:\Windows\System\NrOAyBz.exe
  2⤵
  PID:6660
- C:\Windows\System\xUvNlsZ.exe
  C:\Windows\System\xUvNlsZ.exe
  2⤵
  PID:6788
- C:\Windows\System\mDXsKin.exe
  C:\Windows\System\mDXsKin.exe
  2⤵
  PID:6728
- C:\Windows\System\YsqvJYC.exe
  C:\Windows\System\YsqvJYC.exe
  2⤵
  PID:6816
- C:\Windows\System\mTDfUMV.exe
  C:\Windows\System\mTDfUMV.exe
  2⤵
  PID:6840
- C:\Windows\System\iPAhWSl.exe
  C:\Windows\System\iPAhWSl.exe
  2⤵
  PID:6860
- C:\Windows\System\ruhLDbx.exe
  C:\Windows\System\ruhLDbx.exe
  2⤵
  PID:6884
- C:\Windows\System\iXfXyMU.exe
  C:\Windows\System\iXfXyMU.exe
  2⤵
  PID:6920
- C:\Windows\System\BTBMDwe.exe
  C:\Windows\System\BTBMDwe.exe
  2⤵
  PID:6988
- C:\Windows\System\OBXfnZu.exe
  C:\Windows\System\OBXfnZu.exe
  2⤵
  PID:7020
- C:\Windows\System\AdVpQWo.exe
  C:\Windows\System\AdVpQWo.exe
  2⤵
  PID:7000
- C:\Windows\System\MvlWboB.exe
  C:\Windows\System\MvlWboB.exe
  2⤵
  PID:7060
- C:\Windows\System\sEjvBeM.exe
  C:\Windows\System\sEjvBeM.exe
  2⤵
  PID:7108
- C:\Windows\System\NoaFkMV.exe
  C:\Windows\System\NoaFkMV.exe
  2⤵
  PID:7084
- C:\Windows\System\MOvQMqd.exe
  C:\Windows\System\MOvQMqd.exe
  2⤵
  PID:7144
- C:\Windows\System\SqxVMQm.exe
  C:\Windows\System\SqxVMQm.exe
  2⤵
  PID:7120
- C:\Windows\System\mgwFZWt.exe
  C:\Windows\System\mgwFZWt.exe
  2⤵
  PID:2600
- C:\Windows\System\XzYvCxT.exe
  C:\Windows\System\XzYvCxT.exe
  2⤵
  PID:5176
- C:\Windows\System\QnuXhNo.exe
  C:\Windows\System\QnuXhNo.exe
  2⤵
  PID:2676
- C:\Windows\System\oCOelJZ.exe
  C:\Windows\System\oCOelJZ.exe
  2⤵
  PID:6348
- C:\Windows\System\DAMUSKr.exe
  C:\Windows\System\DAMUSKr.exe
  2⤵
  PID:6272
- C:\Windows\System\eNHzyss.exe
  C:\Windows\System\eNHzyss.exe
  2⤵
  PID:7128
- C:\Windows\System\woSDdBU.exe
  C:\Windows\System\woSDdBU.exe
  2⤵
  PID:6212
- C:\Windows\System\rEWTnWJ.exe
  C:\Windows\System\rEWTnWJ.exe
  2⤵
  PID:2260
- C:\Windows\System\txqLjMM.exe
  C:\Windows\System\txqLjMM.exe
  2⤵
  PID:2800
- C:\Windows\System\YQRYJSE.exe
  C:\Windows\System\YQRYJSE.exe
  2⤵
  PID:5596
- C:\Windows\System\gFlyXKO.exe
  C:\Windows\System\gFlyXKO.exe
  2⤵
  PID:6304
- C:\Windows\System\jKDtRUp.exe
  C:\Windows\System\jKDtRUp.exe
  2⤵
  PID:6380
- C:\Windows\System\ZjwCpwl.exe
  C:\Windows\System\ZjwCpwl.exe
  2⤵
  PID:2788
- C:\Windows\System\TuzjyWu.exe
  C:\Windows\System\TuzjyWu.exe
  2⤵
  PID:6500
- C:\Windows\System\lPrbMrS.exe
  C:\Windows\System\lPrbMrS.exe
  2⤵
  PID:6536
- C:\Windows\System\gvbWsLz.exe
  C:\Windows\System\gvbWsLz.exe
  2⤵
  PID:2632
- C:\Windows\System\uDtaJqu.exe
  C:\Windows\System\uDtaJqu.exe
  2⤵
  PID:6560
- C:\Windows\System\vnxslpi.exe
  C:\Windows\System\vnxslpi.exe
  2⤵
  PID:6432
- C:\Windows\System\lTjkWwG.exe
  C:\Windows\System\lTjkWwG.exe
  2⤵
  PID:2332
- C:\Windows\System\xeadAkD.exe
  C:\Windows\System\xeadAkD.exe
  2⤵
  PID:1084
- C:\Windows\System\UTKaQdR.exe
  C:\Windows\System\UTKaQdR.exe
  2⤵
  PID:6720
- C:\Windows\System\qzvjPks.exe
  C:\Windows\System\qzvjPks.exe
  2⤵
  PID:6856
- C:\Windows\System\IosPUHu.exe
  C:\Windows\System\IosPUHu.exe
  2⤵
  PID:6680
- C:\Windows\System\ZWaMWwo.exe
  C:\Windows\System\ZWaMWwo.exe
  2⤵
  PID:6744
- C:\Windows\System\eHoSfMS.exe
  C:\Windows\System\eHoSfMS.exe
  2⤵
  PID:6604
- C:\Windows\System\CgedLCP.exe
  C:\Windows\System\CgedLCP.exe
  2⤵
  PID:7024
- C:\Windows\System\nRulomd.exe
  C:\Windows\System\nRulomd.exe
  2⤵
  PID:7140
- C:\Windows\System\mAAoMQH.exe
  C:\Windows\System\mAAoMQH.exe
  2⤵
  PID:6784
- C:\Windows\System\uXSmauM.exe
  C:\Windows\System\uXSmauM.exe
  2⤵
  PID:2768
- C:\Windows\System\UryfFWr.exe
  C:\Windows\System\UryfFWr.exe
  2⤵
  PID:6104
- C:\Windows\System\MvNRSiX.exe
  C:\Windows\System\MvNRSiX.exe
  2⤵
  PID:2812
- C:\Windows\System\JbrALTy.exe
  C:\Windows\System\JbrALTy.exe
  2⤵
  PID:6456
- C:\Windows\System\kSWzeqO.exe
  C:\Windows\System\kSWzeqO.exe
  2⤵
  PID:6400
- C:\Windows\System\ivMjMXY.exe
  C:\Windows\System\ivMjMXY.exe
  2⤵
  PID:6532
- C:\Windows\System\dNniwtm.exe
  C:\Windows\System\dNniwtm.exe
  2⤵
  PID:6580
- C:\Windows\System\SBhGWlA.exe
  C:\Windows\System\SBhGWlA.exe
  2⤵
  PID:6968
- C:\Windows\System\BczTSDa.exe
  C:\Windows\System\BczTSDa.exe
  2⤵
  PID:5956
- C:\Windows\System\EwOZeRy.exe
  C:\Windows\System\EwOZeRy.exe
  2⤵
  PID:2504
- C:\Windows\System\mvDztWF.exe
  C:\Windows\System\mvDztWF.exe
  2⤵
  PID:6628
- C:\Windows\System\qsUBIzY.exe
  C:\Windows\System\qsUBIzY.exe
  2⤵
  PID:6384
- C:\Windows\System\akoaQbG.exe
  C:\Windows\System\akoaQbG.exe
  2⤵
  PID:6600
- C:\Windows\System\PAcniNI.exe
  C:\Windows\System\PAcniNI.exe
  2⤵
  PID:7064
- C:\Windows\System\zfgyZIt.exe
  C:\Windows\System\zfgyZIt.exe
  2⤵
  PID:6492
- C:\Windows\System\LDYkiwH.exe
  C:\Windows\System\LDYkiwH.exe
  2⤵
  PID:6928
- C:\Windows\System\nNFQUIV.exe
  C:\Windows\System\nNFQUIV.exe
  2⤵
  PID:2096
- C:\Windows\System\tigIXlP.exe
  C:\Windows\System\tigIXlP.exe
  2⤵
  PID:6828
- C:\Windows\System\rHPrOjJ.exe
  C:\Windows\System\rHPrOjJ.exe
  2⤵
  PID:236
- C:\Windows\System\uHZoXUB.exe
  C:\Windows\System\uHZoXUB.exe
  2⤵
  PID:6904
- C:\Windows\System\zGFaLbM.exe
  C:\Windows\System\zGFaLbM.exe
  2⤵
  PID:6404
- C:\Windows\System\QJXSXat.exe
  C:\Windows\System\QJXSXat.exe
  2⤵
  PID:2140
- C:\Windows\System\JbCzZaR.exe
  C:\Windows\System\JbCzZaR.exe
  2⤵
  PID:6440
- C:\Windows\System\KYsdLTQ.exe
  C:\Windows\System\KYsdLTQ.exe
  2⤵
  PID:6452
- C:\Windows\System\VnBEgiG.exe
  C:\Windows\System\VnBEgiG.exe
  2⤵
  PID:5876
- C:\Windows\System\LabWzca.exe
  C:\Windows\System\LabWzca.exe
  2⤵
  PID:5640
- C:\Windows\System\ANfUvTM.exe
  C:\Windows\System\ANfUvTM.exe
  2⤵
  PID:6748
- C:\Windows\System\eazDzBq.exe
  C:\Windows\System\eazDzBq.exe
  2⤵
  PID:6864
- C:\Windows\System\WgMkkBV.exe
  C:\Windows\System\WgMkkBV.exe
  2⤵
  PID:5088
- C:\Windows\System\tHibdMT.exe
  C:\Windows\System\tHibdMT.exe
  2⤵
  PID:1468
- C:\Windows\System\VSJElTH.exe
  C:\Windows\System\VSJElTH.exe
  2⤵
  PID:7188
- C:\Windows\System\tDhIMfZ.exe
  C:\Windows\System\tDhIMfZ.exe
  2⤵
  PID:7204
- C:\Windows\System\tIzKHIA.exe
  C:\Windows\System\tIzKHIA.exe
  2⤵
  PID:7220
- C:\Windows\System\RVUrWQF.exe
  C:\Windows\System\RVUrWQF.exe
  2⤵
  PID:7236
- C:\Windows\System\kYHaQGk.exe
  C:\Windows\System\kYHaQGk.exe
  2⤵
  PID:7252
- C:\Windows\System\xGCotuF.exe
  C:\Windows\System\xGCotuF.exe
  2⤵
  PID:7268
- C:\Windows\System\MkTsgKh.exe
  C:\Windows\System\MkTsgKh.exe
  2⤵
  PID:7284
- C:\Windows\System\GUJDOnp.exe
  C:\Windows\System\GUJDOnp.exe
  2⤵
  PID:7300
- C:\Windows\System\iYIVxyL.exe
  C:\Windows\System\iYIVxyL.exe
  2⤵
  PID:7316
- C:\Windows\System\vEMWZWZ.exe
  C:\Windows\System\vEMWZWZ.exe
  2⤵
  PID:7336
- C:\Windows\System\AJXSuKZ.exe
  C:\Windows\System\AJXSuKZ.exe
  2⤵
  PID:7352
- C:\Windows\System\crArTvp.exe
  C:\Windows\System\crArTvp.exe
  2⤵
  PID:7368
- C:\Windows\System\djpfspp.exe
  C:\Windows\System\djpfspp.exe
  2⤵
  PID:7384
- C:\Windows\System\cEjLHFT.exe
  C:\Windows\System\cEjLHFT.exe
  2⤵
  PID:7400
- C:\Windows\System\kzwMNuV.exe
  C:\Windows\System\kzwMNuV.exe
  2⤵
  PID:7416
- C:\Windows\System\UzBXPGs.exe
  C:\Windows\System\UzBXPGs.exe
  2⤵
  PID:7432
- C:\Windows\System\oUNbaZP.exe
  C:\Windows\System\oUNbaZP.exe
  2⤵
  PID:7448
- C:\Windows\System\bwTUhxP.exe
  C:\Windows\System\bwTUhxP.exe
  2⤵
  PID:7464
- C:\Windows\System\aDGFzMc.exe
  C:\Windows\System\aDGFzMc.exe
  2⤵
  PID:7480
- C:\Windows\System\DTFRpvj.exe
  C:\Windows\System\DTFRpvj.exe
  2⤵
  PID:7496
- C:\Windows\System\mqUtUZF.exe
  C:\Windows\System\mqUtUZF.exe
  2⤵
  PID:7512
- C:\Windows\System\kyNcAJh.exe
  C:\Windows\System\kyNcAJh.exe
  2⤵
  PID:7528
- C:\Windows\System\JLKIgCR.exe
  C:\Windows\System\JLKIgCR.exe
  2⤵
  PID:7544
- C:\Windows\System\MqkqSyB.exe
  C:\Windows\System\MqkqSyB.exe
  2⤵
  PID:7560
- C:\Windows\System\viDgRwd.exe
  C:\Windows\System\viDgRwd.exe
  2⤵
  PID:7576
- C:\Windows\System\qJfFNKB.exe
  C:\Windows\System\qJfFNKB.exe
  2⤵
  PID:7596
- C:\Windows\System\qBSkKKp.exe
  C:\Windows\System\qBSkKKp.exe
  2⤵
  PID:7612
- C:\Windows\System\ITIDrAX.exe
  C:\Windows\System\ITIDrAX.exe
  2⤵
  PID:7628
- C:\Windows\System\Hlikjur.exe
  C:\Windows\System\Hlikjur.exe
  2⤵
  PID:7644
- C:\Windows\System\JJuKoVY.exe
  C:\Windows\System\JJuKoVY.exe
  2⤵
  PID:7664
- C:\Windows\System\WLfsklK.exe
  C:\Windows\System\WLfsklK.exe
  2⤵
  PID:7680
- C:\Windows\System\ReRPjCF.exe
  C:\Windows\System\ReRPjCF.exe
  2⤵
  PID:7696
- C:\Windows\System\pzYHDpW.exe
  C:\Windows\System\pzYHDpW.exe
  2⤵
  PID:7712
- C:\Windows\System\gpyiPlB.exe
  C:\Windows\System\gpyiPlB.exe
  2⤵
  PID:7728
- C:\Windows\System\nOnPZNt.exe
  C:\Windows\System\nOnPZNt.exe
  2⤵
  PID:7744
- C:\Windows\System\kSIGvuz.exe
  C:\Windows\System\kSIGvuz.exe
  2⤵
  PID:7760
- C:\Windows\System\kNhOULb.exe
  C:\Windows\System\kNhOULb.exe
  2⤵
  PID:7776
- C:\Windows\System\XVjHoXx.exe
  C:\Windows\System\XVjHoXx.exe
  2⤵
  PID:7792
- C:\Windows\System\bGTZHPE.exe
  C:\Windows\System\bGTZHPE.exe
  2⤵
  PID:7808
- C:\Windows\System\bSjIHcO.exe
  C:\Windows\System\bSjIHcO.exe
  2⤵
  PID:7824
- C:\Windows\System\Gwthsir.exe
  C:\Windows\System\Gwthsir.exe
  2⤵
  PID:7840
- C:\Windows\System\LWnruqZ.exe
  C:\Windows\System\LWnruqZ.exe
  2⤵
  PID:7856
- C:\Windows\System\djxqNOM.exe
  C:\Windows\System\djxqNOM.exe
  2⤵
  PID:7872
- C:\Windows\System\wXJcJFS.exe
  C:\Windows\System\wXJcJFS.exe
  2⤵
  PID:7888
- C:\Windows\System\JfkwDWB.exe
  C:\Windows\System\JfkwDWB.exe
  2⤵
  PID:7908
- C:\Windows\System\XcSYBec.exe
  C:\Windows\System\XcSYBec.exe
  2⤵
  PID:7924
- C:\Windows\System\ptxgaFn.exe
  C:\Windows\System\ptxgaFn.exe
  2⤵
  PID:7940
- C:\Windows\System\zfUhZOy.exe
  C:\Windows\System\zfUhZOy.exe
  2⤵
  PID:7956
- C:\Windows\System\QvLNupU.exe
  C:\Windows\System\QvLNupU.exe
  2⤵
  PID:7972
- C:\Windows\System\dNdrMLL.exe
  C:\Windows\System\dNdrMLL.exe
  2⤵
  PID:7988
- C:\Windows\System\xuPWXhW.exe
  C:\Windows\System\xuPWXhW.exe
  2⤵
  PID:8004
- C:\Windows\System\HKJjWWp.exe
  C:\Windows\System\HKJjWWp.exe
  2⤵
  PID:8020
- C:\Windows\System\LTsoftl.exe
  C:\Windows\System\LTsoftl.exe
  2⤵
  PID:8036
- C:\Windows\System\cwtZyVT.exe
  C:\Windows\System\cwtZyVT.exe
  2⤵
  PID:8052
- C:\Windows\System\fmcnURe.exe
  C:\Windows\System\fmcnURe.exe
  2⤵
  PID:8068
- C:\Windows\System\rKBLOVL.exe
  C:\Windows\System\rKBLOVL.exe
  2⤵
  PID:8084
- C:\Windows\System\KMZEMuh.exe
  C:\Windows\System\KMZEMuh.exe
  2⤵
  PID:8100
- C:\Windows\System\jFoOEBm.exe
  C:\Windows\System\jFoOEBm.exe
  2⤵
  PID:8116
- C:\Windows\System\FJbOuJv.exe
  C:\Windows\System\FJbOuJv.exe
  2⤵
  PID:8132
- C:\Windows\System\KTpWBDU.exe
  C:\Windows\System\KTpWBDU.exe
  2⤵
  PID:8148
- C:\Windows\System\tnnGltd.exe
  C:\Windows\System\tnnGltd.exe
  2⤵
  PID:8164
- C:\Windows\System\KdPfNjr.exe
  C:\Windows\System\KdPfNjr.exe
  2⤵
  PID:8180
- C:\Windows\System\yXOAmyK.exe
  C:\Windows\System\yXOAmyK.exe
  2⤵
  PID:2200
- C:\Windows\System\kNJmOEL.exe
  C:\Windows\System\kNJmOEL.exe
  2⤵
  PID:6576
- C:\Windows\System\bdVaTsG.exe
  C:\Windows\System\bdVaTsG.exe
  2⤵
  PID:6664
- C:\Windows\System\EZUVFKd.exe
  C:\Windows\System\EZUVFKd.exe
  2⤵
  PID:6740
- C:\Windows\System\WzFaYkr.exe
  C:\Windows\System\WzFaYkr.exe
  2⤵
  PID:1544
- C:\Windows\System\srGswUW.exe
  C:\Windows\System\srGswUW.exe
  2⤵
  PID:264
- C:\Windows\System\cLwliYp.exe
  C:\Windows\System\cLwliYp.exe
  2⤵
  PID:7200
- C:\Windows\System\NBdTRNA.exe
  C:\Windows\System\NBdTRNA.exe
  2⤵
  PID:7248
- C:\Windows\System\oxqpQGB.exe
  C:\Windows\System\oxqpQGB.exe
  2⤵
  PID:7312
- C:\Windows\System\JVHgwPS.exe
  C:\Windows\System\JVHgwPS.exe
  2⤵
  PID:7380
- C:\Windows\System\FyWihnA.exe
  C:\Windows\System\FyWihnA.exe
  2⤵
  PID:7444
- C:\Windows\System\wseFerX.exe
  C:\Windows\System\wseFerX.exe
  2⤵
  PID:7508
- C:\Windows\System\OOIBgsC.exe
  C:\Windows\System\OOIBgsC.exe
  2⤵
  PID:7292
- C:\Windows\System\dPMdkdU.exe
  C:\Windows\System\dPMdkdU.exe
  2⤵
  PID:7488
- C:\Windows\System\GRxwBcd.exe
  C:\Windows\System\GRxwBcd.exe
  2⤵
  PID:7424
- C:\Windows\System\pTJgBMs.exe
  C:\Windows\System\pTJgBMs.exe
  2⤵
  PID:7460
- C:\Windows\System\uKBbIoG.exe
  C:\Windows\System\uKBbIoG.exe
  2⤵
  PID:7584
- C:\Windows\System\shlLXgE.exe
  C:\Windows\System\shlLXgE.exe
  2⤵
  PID:7568
- C:\Windows\System\JshpJUh.exe
  C:\Windows\System\JshpJUh.exe
  2⤵
  PID:7656
- C:\Windows\System\ZzCOYGS.exe
  C:\Windows\System\ZzCOYGS.exe
  2⤵
  PID:7724
- C:\Windows\System\YMJVnpz.exe
  C:\Windows\System\YMJVnpz.exe
  2⤵
  PID:7608
- C:\Windows\System\wSixVIZ.exe
  C:\Windows\System\wSixVIZ.exe
  2⤵
  PID:7708
- C:\Windows\System\jZLQysu.exe
  C:\Windows\System\jZLQysu.exe
  2⤵
  PID:7772
- C:\Windows\System\PSEeagq.exe
  C:\Windows\System\PSEeagq.exe
  2⤵
  PID:7832
- C:\Windows\System\CcrEHWS.exe
  C:\Windows\System\CcrEHWS.exe
  2⤵
  PID:7752
- C:\Windows\System\RlFEJET.exe
  C:\Windows\System\RlFEJET.exe
  2⤵
  PID:7816
- C:\Windows\System\DKpzUQp.exe
  C:\Windows\System\DKpzUQp.exe
  2⤵
  PID:7896
- C:\Windows\System\dtbHTvg.exe
  C:\Windows\System\dtbHTvg.exe
  2⤵
  PID:7884
- C:\Windows\System\XJIGPsF.exe
  C:\Windows\System\XJIGPsF.exe
  2⤵
  PID:7948
- C:\Windows\System\whUWGoA.exe
  C:\Windows\System\whUWGoA.exe
  2⤵
  PID:8012
- C:\Windows\System\aloGpjI.exe
  C:\Windows\System\aloGpjI.exe
  2⤵
  PID:7996
- C:\Windows\System\BnLRvEX.exe
  C:\Windows\System\BnLRvEX.exe
  2⤵
  PID:8000
- C:\Windows\System\tBQweqX.exe
  C:\Windows\System\tBQweqX.exe
  2⤵
  PID:8064
- C:\Windows\System\ILdhQXP.exe
  C:\Windows\System\ILdhQXP.exe
  2⤵
  PID:8076
- C:\Windows\System\oipFTkg.exe
  C:\Windows\System\oipFTkg.exe
  2⤵
  PID:8140
- C:\Windows\System\gQfCHJE.exe
  C:\Windows\System\gQfCHJE.exe
  2⤵
  PID:8188
- C:\Windows\System\nZaZfCO.exe
  C:\Windows\System\nZaZfCO.exe
  2⤵
  PID:2080
- C:\Windows\System\SPCwtyZ.exe
  C:\Windows\System\SPCwtyZ.exe
  2⤵
  PID:8176
- C:\Windows\System\DAjDLue.exe
  C:\Windows\System\DAjDLue.exe
  2⤵
  PID:7280
- C:\Windows\System\UecCuxb.exe
  C:\Windows\System\UecCuxb.exe
  2⤵
  PID:7232
- C:\Windows\System\wdUqRxz.exe
  C:\Windows\System\wdUqRxz.exe
  2⤵
  PID:7092
- C:\Windows\System\YdbJNXL.exe
  C:\Windows\System\YdbJNXL.exe
  2⤵
  PID:7216
- C:\Windows\System\thWUkTw.exe
  C:\Windows\System\thWUkTw.exe
  2⤵
  PID:7504
- C:\Windows\System\jkYDbnc.exe
  C:\Windows\System\jkYDbnc.exe
  2⤵
  PID:7328
- C:\Windows\System\AKhBrfk.exe
  C:\Windows\System\AKhBrfk.exe
  2⤵
  PID:7520
- C:\Windows\System\tUCulpb.exe
  C:\Windows\System\tUCulpb.exe
  2⤵
  PID:7540
- C:\Windows\System\gETJfnh.exe
  C:\Windows\System\gETJfnh.exe
  2⤵
  PID:7592
- C:\Windows\System\QbAjsjD.exe
  C:\Windows\System\QbAjsjD.exe
  2⤵
  PID:7676
- C:\Windows\System\qPqINXG.exe
  C:\Windows\System\qPqINXG.exe
  2⤵
  PID:7652
- C:\Windows\System\bxlvqUz.exe
  C:\Windows\System\bxlvqUz.exe
  2⤵
  PID:7836
- C:\Windows\System\rLEjMSx.exe
  C:\Windows\System\rLEjMSx.exe
  2⤵
  PID:7880
- C:\Windows\System\IVGcVRJ.exe
  C:\Windows\System\IVGcVRJ.exe
  2⤵
  PID:7852
- C:\Windows\System\PBPoUbD.exe
  C:\Windows\System\PBPoUbD.exe
  2⤵
  PID:7848
- C:\Windows\System\UruZpDv.exe
  C:\Windows\System\UruZpDv.exe
  2⤵
  PID:6708
- C:\Windows\System\UyPCeBc.exe
  C:\Windows\System\UyPCeBc.exe
  2⤵
  PID:8032
- C:\Windows\System\GuKcIPU.exe
  C:\Windows\System\GuKcIPU.exe
  2⤵
  PID:8044
- C:\Windows\System\SUyWhSl.exe
  C:\Windows\System\SUyWhSl.exe
  2⤵
  PID:7004
- C:\Windows\System\PHwCAil.exe
  C:\Windows\System\PHwCAil.exe
  2⤵
  PID:6908
- C:\Windows\System\SkTcoqB.exe
  C:\Windows\System\SkTcoqB.exe
  2⤵
  PID:7392
- C:\Windows\System\xAQOuSa.exe
  C:\Windows\System\xAQOuSa.exe
  2⤵
  PID:7348
- C:\Windows\System\owjYGTm.exe
  C:\Windows\System\owjYGTm.exe
  2⤵
  PID:7324
- C:\Windows\System\XZHEasX.exe
  C:\Windows\System\XZHEasX.exe
  2⤵
  PID:7720
- C:\Windows\System\WBogCVJ.exe
  C:\Windows\System\WBogCVJ.exe
  2⤵
  PID:7788
- C:\Windows\System\yfZsOzk.exe
  C:\Windows\System\yfZsOzk.exe
  2⤵
  PID:7556
- C:\Windows\System\rIHmnXr.exe
  C:\Windows\System\rIHmnXr.exe
  2⤵
  PID:7984
- C:\Windows\System\HOqbJCW.exe
  C:\Windows\System\HOqbJCW.exe
  2⤵
  PID:8112
- C:\Windows\System\bxQnAFP.exe
  C:\Windows\System\bxQnAFP.exe
  2⤵
  PID:6288
- C:\Windows\System\NFiRjsX.exe
  C:\Windows\System\NFiRjsX.exe
  2⤵
  PID:8156
- C:\Windows\System\XmQCueB.exe
  C:\Windows\System\XmQCueB.exe
  2⤵
  PID:7396
- C:\Windows\System\BjfHLfs.exe
  C:\Windows\System\BjfHLfs.exe
  2⤵
  PID:7740
- C:\Windows\System\nsOlbwy.exe
  C:\Windows\System\nsOlbwy.exe
  2⤵
  PID:7552
- C:\Windows\System\ZokinKO.exe
  C:\Windows\System\ZokinKO.exe
  2⤵
  PID:8128
- C:\Windows\System\KdoJHxH.exe
  C:\Windows\System\KdoJHxH.exe
  2⤵
  PID:8200
- C:\Windows\System\JdqtNIv.exe
  C:\Windows\System\JdqtNIv.exe
  2⤵
  PID:8216
- C:\Windows\System\PFCaiUa.exe
  C:\Windows\System\PFCaiUa.exe
  2⤵
  PID:8232
- C:\Windows\System\bKiqKkf.exe
  C:\Windows\System\bKiqKkf.exe
  2⤵
  PID:8248
- C:\Windows\System\LmiVBAm.exe
  C:\Windows\System\LmiVBAm.exe
  2⤵
  PID:8264
- C:\Windows\System\IRbGmSn.exe
  C:\Windows\System\IRbGmSn.exe
  2⤵
  PID:8280
- C:\Windows\System\HDmpMkQ.exe
  C:\Windows\System\HDmpMkQ.exe
  2⤵
  PID:8296
- C:\Windows\System\ujMliSs.exe
  C:\Windows\System\ujMliSs.exe
  2⤵
  PID:8312
- C:\Windows\System\mPdcmBZ.exe
  C:\Windows\System\mPdcmBZ.exe
  2⤵
  PID:8328
- C:\Windows\System\sXLAyDj.exe
  C:\Windows\System\sXLAyDj.exe
  2⤵
  PID:8344
- C:\Windows\System\ZhHDxbY.exe
  C:\Windows\System\ZhHDxbY.exe
  2⤵
  PID:8360
- C:\Windows\System\mkkuLWe.exe
  C:\Windows\System\mkkuLWe.exe
  2⤵
  PID:8376
- C:\Windows\System\mLduthl.exe
  C:\Windows\System\mLduthl.exe
  2⤵
  PID:8392
- C:\Windows\System\HaRUkgw.exe
  C:\Windows\System\HaRUkgw.exe
  2⤵
  PID:8408
- C:\Windows\System\EcqYqFa.exe
  C:\Windows\System\EcqYqFa.exe
  2⤵
  PID:8424
- C:\Windows\System\zYwMOyX.exe
  C:\Windows\System\zYwMOyX.exe
  2⤵
  PID:8440
- C:\Windows\System\mmqiXhY.exe
  C:\Windows\System\mmqiXhY.exe
  2⤵
  PID:8456
- C:\Windows\System\fLGaaDZ.exe
  C:\Windows\System\fLGaaDZ.exe
  2⤵
  PID:8472
- C:\Windows\System\OkSEzrq.exe
  C:\Windows\System\OkSEzrq.exe
  2⤵
  PID:8488
- C:\Windows\System\zmqkxxp.exe
  C:\Windows\System\zmqkxxp.exe
  2⤵
  PID:8504
- C:\Windows\System\FKqdvRR.exe
  C:\Windows\System\FKqdvRR.exe
  2⤵
  PID:8520
- C:\Windows\System\jcfUyUJ.exe
  C:\Windows\System\jcfUyUJ.exe
  2⤵
  PID:8536
- C:\Windows\System\hNMJpGI.exe
  C:\Windows\System\hNMJpGI.exe
  2⤵
  PID:8552
- C:\Windows\System\Jxalxtx.exe
  C:\Windows\System\Jxalxtx.exe
  2⤵
  PID:8568
- C:\Windows\System\lxxUjad.exe
  C:\Windows\System\lxxUjad.exe
  2⤵
  PID:8584
- C:\Windows\System\nAHwoub.exe
  C:\Windows\System\nAHwoub.exe
  2⤵
  PID:8600
- C:\Windows\System\NvKFCLs.exe
  C:\Windows\System\NvKFCLs.exe
  2⤵
  PID:8616
- C:\Windows\System\agzFmdZ.exe
  C:\Windows\System\agzFmdZ.exe
  2⤵
  PID:8640
- C:\Windows\System\kghoDMW.exe
  C:\Windows\System\kghoDMW.exe
  2⤵
  PID:8656
- C:\Windows\System\iCqRIZH.exe
  C:\Windows\System\iCqRIZH.exe
  2⤵
  PID:8672
- C:\Windows\System\TdVxVeI.exe
  C:\Windows\System\TdVxVeI.exe
  2⤵
  PID:8688
- C:\Windows\System\erieflo.exe
  C:\Windows\System\erieflo.exe
  2⤵
  PID:8708
- C:\Windows\System\nFzBaCb.exe
  C:\Windows\System\nFzBaCb.exe
  2⤵
  PID:8724
- C:\Windows\System\azNCAHj.exe
  C:\Windows\System\azNCAHj.exe
  2⤵
  PID:8740
- C:\Windows\System\CHKFpLu.exe
  C:\Windows\System\CHKFpLu.exe
  2⤵
  PID:8756
- C:\Windows\System\ewcxgHk.exe
  C:\Windows\System\ewcxgHk.exe
  2⤵
  PID:8772
- C:\Windows\System\kAhBfWM.exe
  C:\Windows\System\kAhBfWM.exe
  2⤵
  PID:8788
- C:\Windows\System\ZfjeIJh.exe
  C:\Windows\System\ZfjeIJh.exe
  2⤵
  PID:8804
- C:\Windows\System\DnXuRGo.exe
  C:\Windows\System\DnXuRGo.exe
  2⤵
  PID:8820
- C:\Windows\System\NuMniNN.exe
  C:\Windows\System\NuMniNN.exe
  2⤵
  PID:8836
- C:\Windows\System\ZDNvgIp.exe
  C:\Windows\System\ZDNvgIp.exe
  2⤵
  PID:8852
- C:\Windows\System\zvkSeQg.exe
  C:\Windows\System\zvkSeQg.exe
  2⤵
  PID:8868
- C:\Windows\System\EqYgxPL.exe
  C:\Windows\System\EqYgxPL.exe
  2⤵
  PID:8884
- C:\Windows\System\OXhEvrH.exe
  C:\Windows\System\OXhEvrH.exe
  2⤵
  PID:8900
- C:\Windows\System\BRQrQva.exe
  C:\Windows\System\BRQrQva.exe
  2⤵
  PID:8916
- C:\Windows\System\iCdJlbL.exe
  C:\Windows\System\iCdJlbL.exe
  2⤵
  PID:8932
- C:\Windows\System\dcbcjPu.exe
  C:\Windows\System\dcbcjPu.exe
  2⤵
  PID:8948
- C:\Windows\System\cGVPfrM.exe
  C:\Windows\System\cGVPfrM.exe
  2⤵
  PID:8964
- C:\Windows\System\fvbwPjy.exe
  C:\Windows\System\fvbwPjy.exe
  2⤵
  PID:8980
- C:\Windows\System\CTshYIS.exe
  C:\Windows\System\CTshYIS.exe
  2⤵
  PID:8996
- C:\Windows\System\zEIfDZP.exe
  C:\Windows\System\zEIfDZP.exe
  2⤵
  PID:9012
- C:\Windows\System\OYiQIfH.exe
  C:\Windows\System\OYiQIfH.exe
  2⤵
  PID:9028
- C:\Windows\System\UKkXIap.exe
  C:\Windows\System\UKkXIap.exe
  2⤵
  PID:9044
- C:\Windows\System\ThLlIer.exe
  C:\Windows\System\ThLlIer.exe
  2⤵
  PID:9060
- C:\Windows\System\rrTbhah.exe
  C:\Windows\System\rrTbhah.exe
  2⤵
  PID:9076
- C:\Windows\System\KRACllM.exe
  C:\Windows\System\KRACllM.exe
  2⤵
  PID:9092
- C:\Windows\System\zOfWdfu.exe
  C:\Windows\System\zOfWdfu.exe
  2⤵
  PID:9108
- C:\Windows\System\HbYMGRM.exe
  C:\Windows\System\HbYMGRM.exe
  2⤵
  PID:9124
- C:\Windows\System\KTqKCeu.exe
  C:\Windows\System\KTqKCeu.exe
  2⤵
  PID:9140
- C:\Windows\System\AOsnMyq.exe
  C:\Windows\System\AOsnMyq.exe
  2⤵
  PID:9156
- C:\Windows\System\cQxvPFP.exe
  C:\Windows\System\cQxvPFP.exe
  2⤵
  PID:9172
- C:\Windows\System\wcLxFHP.exe
  C:\Windows\System\wcLxFHP.exe
  2⤵
  PID:9188
- C:\Windows\System\DaBRKNB.exe
  C:\Windows\System\DaBRKNB.exe
  2⤵
  PID:9204
- C:\Windows\System\pGJSPRD.exe
  C:\Windows\System\pGJSPRD.exe
  2⤵
  PID:7456
- C:\Windows\System\iydYGEF.exe
  C:\Windows\System\iydYGEF.exe
  2⤵
  PID:7692
- C:\Windows\System\UViXvbX.exe
  C:\Windows\System\UViXvbX.exe
  2⤵
  PID:7868
- C:\Windows\System\XSiEKsR.exe
  C:\Windows\System\XSiEKsR.exe
  2⤵
  PID:8240
- C:\Windows\System\cdhCnMT.exe
  C:\Windows\System\cdhCnMT.exe
  2⤵
  PID:8228
- C:\Windows\System\xGtxANa.exe
  C:\Windows\System\xGtxANa.exe
  2⤵
  PID:8340
- C:\Windows\System\VkSxMsk.exe
  C:\Windows\System\VkSxMsk.exe
  2⤵
  PID:8260
- C:\Windows\System\MtlwOmb.exe
  C:\Windows\System\MtlwOmb.exe
  2⤵
  PID:8320
- C:\Windows\System\LpEnYlg.exe
  C:\Windows\System\LpEnYlg.exe
  2⤵
  PID:8292
- C:\Windows\System\xuMtxfZ.exe
  C:\Windows\System\xuMtxfZ.exe
  2⤵
  PID:8436
- C:\Windows\System\RNOZugl.exe
  C:\Windows\System\RNOZugl.exe
  2⤵
  PID:8500
- C:\Windows\System\HhZKdeJ.exe
  C:\Windows\System\HhZKdeJ.exe
  2⤵
  PID:8448
- C:\Windows\System\VeZhfij.exe
  C:\Windows\System\VeZhfij.exe
  2⤵
  PID:8484
- C:\Windows\System\MrXDlVG.exe
  C:\Windows\System\MrXDlVG.exe
  2⤵
  PID:8548
- C:\Windows\System\dcAurUV.exe
  C:\Windows\System\dcAurUV.exe
  2⤵
  PID:8560
- C:\Windows\System\tSatAkC.exe
  C:\Windows\System\tSatAkC.exe
  2⤵
  PID:8624
- C:\Windows\System\PrlQJBu.exe
  C:\Windows\System\PrlQJBu.exe
  2⤵
  PID:8648
- C:\Windows\System\ordAOIv.exe
  C:\Windows\System\ordAOIv.exe
  2⤵
  PID:8696
- C:\Windows\System\sJgddNO.exe
  C:\Windows\System\sJgddNO.exe
  2⤵
  PID:8664
- C:\Windows\System\aofETuA.exe
  C:\Windows\System\aofETuA.exe
  2⤵
  PID:8732
- C:\Windows\System\fawPeyi.exe
  C:\Windows\System\fawPeyi.exe
  2⤵
  PID:8784
- C:\Windows\System\HeNoMCb.exe
  C:\Windows\System\HeNoMCb.exe
  2⤵
  PID:8812
- C:\Windows\System\DJdQGjo.exe
  C:\Windows\System\DJdQGjo.exe
  2⤵
  PID:8768
- C:\Windows\System\sMtsOaw.exe
  C:\Windows\System\sMtsOaw.exe
  2⤵
  PID:8860
- C:\Windows\System\iTVBRTP.exe
  C:\Windows\System\iTVBRTP.exe
  2⤵
  PID:8908
- C:\Windows\System\AmlyxGZ.exe
  C:\Windows\System\AmlyxGZ.exe
  2⤵
  PID:8928
- C:\Windows\System\GFtvSqL.exe
  C:\Windows\System\GFtvSqL.exe
  2⤵
  PID:8944
- C:\Windows\System\NuCjCBd.exe
  C:\Windows\System\NuCjCBd.exe
  2⤵
  PID:9008
- C:\Windows\System\rmyrexO.exe
  C:\Windows\System\rmyrexO.exe
  2⤵
  PID:9068
- C:\Windows\System\VuWfQFI.exe
  C:\Windows\System\VuWfQFI.exe
  2⤵
  PID:8992
- C:\Windows\System\QmKgWMf.exe
  C:\Windows\System\QmKgWMf.exe
  2⤵
  PID:9056
- C:\Windows\System\kGFUJwx.exe
  C:\Windows\System\kGFUJwx.exe
  2⤵
  PID:9116
- C:\Windows\System\MvujOGF.exe
  C:\Windows\System\MvujOGF.exe
  2⤵
  PID:9164
- C:\Windows\System\kLmPovZ.exe
  C:\Windows\System\kLmPovZ.exe
  2⤵
  PID:9200
- C:\Windows\System\DhYtqgH.exe
  C:\Windows\System\DhYtqgH.exe
  2⤵
  PID:9184
- C:\Windows\System\tfSslbi.exe
  C:\Windows\System\tfSslbi.exe
  2⤵
  PID:8224
- C:\Windows\System\uGHDxbI.exe
  C:\Windows\System\uGHDxbI.exe
  2⤵
  PID:8208
- C:\Windows\System\kuXWAKb.exe
  C:\Windows\System\kuXWAKb.exe
  2⤵
  PID:8352
- C:\Windows\System\sHLREAw.exe
  C:\Windows\System\sHLREAw.exe
  2⤵
  PID:8416
- C:\Windows\System\mbgRufO.exe
  C:\Windows\System\mbgRufO.exe
  2⤵
  PID:8532
- C:\Windows\System\SxtvZhS.exe
  C:\Windows\System\SxtvZhS.exe
  2⤵
  PID:8608
- C:\Windows\System\udIRjBu.exe
  C:\Windows\System\udIRjBu.exe
  2⤵
  PID:8356
- C:\Windows\System\sBreHGn.exe
  C:\Windows\System\sBreHGn.exe
  2⤵
  PID:8596
- C:\Windows\System\TSTzHLO.exe
  C:\Windows\System\TSTzHLO.exe
  2⤵
  PID:8684
- C:\Windows\System\OuEGkdz.exe
  C:\Windows\System\OuEGkdz.exe
  2⤵
  PID:8848
- C:\Windows\System\HUmStEZ.exe
  C:\Windows\System\HUmStEZ.exe
  2⤵
  PID:8912
- C:\Windows\System\DLsYofw.exe
  C:\Windows\System\DLsYofw.exe
  2⤵
  PID:9024
- C:\Windows\System\KOgnCzz.exe
  C:\Windows\System\KOgnCzz.exe
  2⤵
  PID:9152
- C:\Windows\System\iOkfJZL.exe
  C:\Windows\System\iOkfJZL.exe
  2⤵
  PID:8636
- C:\Windows\System\tgYtZsb.exe
  C:\Windows\System\tgYtZsb.exe
  2⤵
  PID:8828
- C:\Windows\System\ejpYXoy.exe
  C:\Windows\System\ejpYXoy.exe
  2⤵
  PID:8960
- C:\Windows\System\zfcQuwW.exe
  C:\Windows\System\zfcQuwW.exe
  2⤵
  PID:8716
- C:\Windows\System\BvAJtMt.exe
  C:\Windows\System\BvAJtMt.exe
  2⤵
  PID:8896
- C:\Windows\System\EYiPhuL.exe
  C:\Windows\System\EYiPhuL.exe
  2⤵
  PID:7184
- C:\Windows\System\oTvciHh.exe
  C:\Windows\System\oTvciHh.exe
  2⤵
  PID:8324
- C:\Windows\System\JpyvidM.exe
  C:\Windows\System\JpyvidM.exe
  2⤵
  PID:8628
- C:\Windows\System\POUZiQe.exe
  C:\Windows\System\POUZiQe.exe
  2⤵
  PID:8704
- C:\Windows\System\JCDafDq.exe
  C:\Windows\System\JCDafDq.exe
  2⤵
  PID:9072
- C:\Windows\System\mzuuNLR.exe
  C:\Windows\System\mzuuNLR.exe
  2⤵
  PID:8276
- C:\Windows\System\vOwUASB.exe
  C:\Windows\System\vOwUASB.exe
  2⤵
  PID:8800
- C:\Windows\System\agckWHm.exe
  C:\Windows\System\agckWHm.exe
  2⤵
  PID:8400
- C:\Windows\System\hqyFOmf.exe
  C:\Windows\System\hqyFOmf.exe
  2⤵
  PID:9132
- C:\Windows\System\hrXKYdn.exe
  C:\Windows\System\hrXKYdn.exe
  2⤵
  PID:8592
- C:\Windows\System\UjhaTEA.exe
  C:\Windows\System\UjhaTEA.exe
  2⤵
  PID:8196
- C:\Windows\System\BdbflFz.exe
  C:\Windows\System\BdbflFz.exe
  2⤵
  PID:9104
- C:\Windows\System\VwlxeCB.exe
  C:\Windows\System\VwlxeCB.exe
  2⤵
  PID:9220
- C:\Windows\System\wVreIfq.exe
  C:\Windows\System\wVreIfq.exe
  2⤵
  PID:9236
- C:\Windows\System\GFNdXgJ.exe
  C:\Windows\System\GFNdXgJ.exe
  2⤵
  PID:9252
- C:\Windows\System\zRUcUYY.exe
  C:\Windows\System\zRUcUYY.exe
  2⤵
  PID:9268
- C:\Windows\System\ziGGVUk.exe
  C:\Windows\System\ziGGVUk.exe
  2⤵
  PID:9284
- C:\Windows\System\URDwiBt.exe
  C:\Windows\System\URDwiBt.exe
  2⤵
  PID:9300
- C:\Windows\System\GCtmBpk.exe
  C:\Windows\System\GCtmBpk.exe
  2⤵
  PID:9316
- C:\Windows\System\VIFepZy.exe
  C:\Windows\System\VIFepZy.exe
  2⤵
  PID:9332
- C:\Windows\System\RzCbALf.exe
  C:\Windows\System\RzCbALf.exe
  2⤵
  PID:9348
- C:\Windows\System\ZzjbdyO.exe
  C:\Windows\System\ZzjbdyO.exe
  2⤵
  PID:9364
- C:\Windows\System\kpeJUsS.exe
  C:\Windows\System\kpeJUsS.exe
  2⤵
  PID:9380
- C:\Windows\System\xaOvDZJ.exe
  C:\Windows\System\xaOvDZJ.exe
  2⤵
  PID:9396
- C:\Windows\System\mupofwe.exe
  C:\Windows\System\mupofwe.exe
  2⤵
  PID:9412
- C:\Windows\System\RnCCzcu.exe
  C:\Windows\System\RnCCzcu.exe
  2⤵
  PID:9428
- C:\Windows\System\SQoGZgR.exe
  C:\Windows\System\SQoGZgR.exe
  2⤵
  PID:9444
- C:\Windows\System\jVzACJd.exe
  C:\Windows\System\jVzACJd.exe
  2⤵
  PID:9460
- C:\Windows\System\EdrMCuD.exe
  C:\Windows\System\EdrMCuD.exe
  2⤵
  PID:9476
- C:\Windows\System\uPgdagh.exe
  C:\Windows\System\uPgdagh.exe
  2⤵
  PID:9492
- C:\Windows\System\pFuziFQ.exe
  C:\Windows\System\pFuziFQ.exe
  2⤵
  PID:9508
- C:\Windows\System\MnSicmp.exe
  C:\Windows\System\MnSicmp.exe
  2⤵
  PID:9552
- C:\Windows\System\tdeAXmo.exe
  C:\Windows\System\tdeAXmo.exe
  2⤵
  PID:9636
- C:\Windows\System\ivyfJqA.exe
  C:\Windows\System\ivyfJqA.exe
  2⤵
  PID:9652
- C:\Windows\System\AAOoGHi.exe
  C:\Windows\System\AAOoGHi.exe
  2⤵
  PID:9968
- C:\Windows\System\SYmKnLf.exe
  C:\Windows\System\SYmKnLf.exe
  2⤵
  PID:9984
- C:\Windows\System\dloabOB.exe
  C:\Windows\System\dloabOB.exe
  2⤵
  PID:10000
- C:\Windows\System\uuQcjYe.exe
  C:\Windows\System\uuQcjYe.exe
  2⤵
  PID:10020
- C:\Windows\System\LSEMaDu.exe
  C:\Windows\System\LSEMaDu.exe
  2⤵
  PID:10036
- C:\Windows\System\FNwndsV.exe
  C:\Windows\System\FNwndsV.exe
  2⤵
  PID:10052
- C:\Windows\System\LQwvIbK.exe
  C:\Windows\System\LQwvIbK.exe
  2⤵
  PID:10072
- C:\Windows\System\YkNCdyE.exe
  C:\Windows\System\YkNCdyE.exe
  2⤵
  PID:10088
- C:\Windows\System\orGPrcW.exe
  C:\Windows\System\orGPrcW.exe
  2⤵
  PID:10104
- C:\Windows\System\jfSAzdA.exe
  C:\Windows\System\jfSAzdA.exe
  2⤵
  PID:10120
- C:\Windows\System\gObPKXD.exe
  C:\Windows\System\gObPKXD.exe
  2⤵
  PID:10136
- C:\Windows\System\leArxsZ.exe
  C:\Windows\System\leArxsZ.exe
  2⤵
  PID:10152
- C:\Windows\System\KpsnOaP.exe
  C:\Windows\System\KpsnOaP.exe
  2⤵
  PID:10168
- C:\Windows\System\wuhvmaW.exe
  C:\Windows\System\wuhvmaW.exe
  2⤵
  PID:10184
- C:\Windows\System\IjSzQEl.exe
  C:\Windows\System\IjSzQEl.exe
  2⤵
  PID:10200
- C:\Windows\System\spWyIis.exe
  C:\Windows\System\spWyIis.exe
  2⤵
  PID:10216
- C:\Windows\System\eiuIcdf.exe
  C:\Windows\System\eiuIcdf.exe
  2⤵
  PID:10232
- C:\Windows\System\EPiwHqa.exe
  C:\Windows\System\EPiwHqa.exe
  2⤵
  PID:8780
- C:\Windows\System\agWxaOk.exe
  C:\Windows\System\agWxaOk.exe
  2⤵
  PID:8816
- C:\Windows\System\ACsqPFC.exe
  C:\Windows\System\ACsqPFC.exe
  2⤵
  PID:9260
- C:\Windows\System\tnilJPW.exe
  C:\Windows\System\tnilJPW.exe
  2⤵
  PID:9244
- C:\Windows\System\Abenyeg.exe
  C:\Windows\System\Abenyeg.exe
  2⤵
  PID:9276
- C:\Windows\System\FfJOQYv.exe
  C:\Windows\System\FfJOQYv.exe
  2⤵
  PID:9360
- C:\Windows\System\SdVmAyW.exe
  C:\Windows\System\SdVmAyW.exe
  2⤵
  PID:9372
- C:\Windows\System\YQeGowj.exe
  C:\Windows\System\YQeGowj.exe
  2⤵
  PID:9436
- C:\Windows\System\kCFjElV.exe
  C:\Windows\System\kCFjElV.exe
  2⤵
  PID:9452
- C:\Windows\System\yHnESAu.exe
  C:\Windows\System\yHnESAu.exe
  2⤵
  PID:9500
- C:\Windows\System\VKXQPKG.exe
  C:\Windows\System\VKXQPKG.exe
  2⤵
  PID:9524
- C:\Windows\System\xzPgSmG.exe
  C:\Windows\System\xzPgSmG.exe
  2⤵
  PID:9548
- C:\Windows\System\SHRRDZk.exe
  C:\Windows\System\SHRRDZk.exe
  2⤵
  PID:9564
- C:\Windows\System\YGBjDoj.exe
  C:\Windows\System\YGBjDoj.exe
  2⤵
  PID:9576
- C:\Windows\System\EuOjkDj.exe
  C:\Windows\System\EuOjkDj.exe
  2⤵
  PID:9596
- C:\Windows\System\mSCvxZW.exe
  C:\Windows\System\mSCvxZW.exe
  2⤵
  PID:9612
- C:\Windows\System\HABUldM.exe
  C:\Windows\System\HABUldM.exe
  2⤵
  PID:9632
- C:\Windows\System\JINTJWz.exe
  C:\Windows\System\JINTJWz.exe
  2⤵
  PID:9660
- C:\Windows\System\Vgfoqpq.exe
  C:\Windows\System\Vgfoqpq.exe
  2⤵
  PID:9672
- C:\Windows\System\tLQtmdl.exe
  C:\Windows\System\tLQtmdl.exe
  2⤵
  PID:9692
- C:\Windows\System\pNMkAYT.exe
  C:\Windows\System\pNMkAYT.exe
  2⤵
  PID:9708
- C:\Windows\System\mwUnTlr.exe
  C:\Windows\System\mwUnTlr.exe
  2⤵
  PID:9724
- C:\Windows\System\oEhByAJ.exe
  C:\Windows\System\oEhByAJ.exe
  2⤵
  PID:9808
- C:\Windows\System\sQmnOAK.exe
  C:\Windows\System\sQmnOAK.exe
  2⤵
  PID:9864
- C:\Windows\System\VqSYxry.exe
  C:\Windows\System\VqSYxry.exe
  2⤵
  PID:9796
- C:\Windows\System\NsUdSJe.exe
  C:\Windows\System\NsUdSJe.exe
  2⤵
  PID:9820
- C:\Windows\System\vViZTJc.exe
  C:\Windows\System\vViZTJc.exe
  2⤵
  PID:9844
- C:\Windows\System\OSDpDbm.exe
  C:\Windows\System\OSDpDbm.exe
  2⤵
  PID:9860
- C:\Windows\System\ZrGFVPz.exe
  C:\Windows\System\ZrGFVPz.exe
  2⤵
  PID:9892
- C:\Windows\System\pGjIAhi.exe
  C:\Windows\System\pGjIAhi.exe
  2⤵
  PID:9912
- C:\Windows\System\uIAFohE.exe
  C:\Windows\System\uIAFohE.exe
  2⤵
  PID:9936
- C:\Windows\System\PPJiTCN.exe
  C:\Windows\System\PPJiTCN.exe
  2⤵
  PID:9956
- C:\Windows\System\uOkNkUw.exe
  C:\Windows\System\uOkNkUw.exe
  2⤵
  PID:10032
- C:\Windows\System\gxTlboh.exe
  C:\Windows\System\gxTlboh.exe
  2⤵
  PID:10028
- C:\Windows\System\NUsWuKq.exe
  C:\Windows\System\NUsWuKq.exe
  2⤵
  PID:10128
- C:\Windows\System\ikCuAdR.exe
  C:\Windows\System\ikCuAdR.exe
  2⤵
  PID:10212
- C:\Windows\System\gshvmws.exe
  C:\Windows\System\gshvmws.exe
  2⤵
  PID:10192
- C:\Windows\System\toZTEgK.exe
  C:\Windows\System\toZTEgK.exe
  2⤵
  PID:8432
- C:\Windows\System\ywYtXnh.exe
  C:\Windows\System\ywYtXnh.exe
  2⤵
  PID:10012
- C:\Windows\System\vKaXvCS.exe
  C:\Windows\System\vKaXvCS.exe
  2⤵
  PID:9232
- C:\Windows\System\ILewYjn.exe
  C:\Windows\System\ILewYjn.exe
  2⤵
  PID:9520
- C:\Windows\System\CUAKips.exe
  C:\Windows\System\CUAKips.exe
  2⤵
  PID:9408
- C:\Windows\System\kshtNEM.exe
  C:\Windows\System\kshtNEM.exe
  2⤵
  PID:9568
- C:\Windows\System\eABouTk.exe
  C:\Windows\System\eABouTk.exe
  2⤵
  PID:9688
- C:\Windows\System\ECOOvHc.exe
  C:\Windows\System\ECOOvHc.exe
  2⤵
  PID:9924
- C:\Windows\System\TZLFZPl.exe
  C:\Windows\System\TZLFZPl.exe
  2⤵
  PID:8468
- C:\Windows\System\rfGkhUR.exe
  C:\Windows\System\rfGkhUR.exe
  2⤵
  PID:9312
- C:\Windows\System\PyFYkDD.exe
  C:\Windows\System\PyFYkDD.exe
  2⤵
  PID:9608
- C:\Windows\System\ClDfglb.exe
  C:\Windows\System\ClDfglb.exe
  2⤵
  PID:988
- C:\Windows\System\wxCxtBH.exe
  C:\Windows\System\wxCxtBH.exe
  2⤵
  PID:9792
- C:\Windows\System\BNBYVvI.exe
  C:\Windows\System\BNBYVvI.exe
  2⤵
  PID:9832
- C:\Windows\System\fgqAeVV.exe
  C:\Windows\System\fgqAeVV.exe
  2⤵
  PID:9852
- C:\Windows\System\ZSpWZLA.exe
  C:\Windows\System\ZSpWZLA.exe
  2⤵
  PID:9952
- C:\Windows\System\glvMuac.exe
  C:\Windows\System\glvMuac.exe
  2⤵
  PID:9908
- C:\Windows\System\irrjEpK.exe
  C:\Windows\System\irrjEpK.exe
  2⤵
  PID:9344
- C:\Windows\System\YkgHTBt.exe
  C:\Windows\System\YkgHTBt.exe
  2⤵
  PID:9680
- C:\Windows\System\tTcJvez.exe
  C:\Windows\System\tTcJvez.exe
  2⤵
  PID:9948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BTKGfwy.exe

Filesize
6.0MB

MD5
4dd815ef108bf81163b6ddab9b6346b9

SHA1
4ef15812ea8e002547093b7ada8117bc54cb2763

SHA256
cf4aa107f1b2f17f624174d788b353dc574d208b979368a03fd4176f70af2a6f

SHA512
4987fbc4e365a4a3f13128c234920112091eb778d7e5f43a6c8482d1260db877a6e4ba534050d16051bd5a119d80d753ad66b70ec731620a0d487886c25ce59b

Download Submit
C:\Windows\system\ESPIMXl.exe

Filesize
6.0MB

MD5
b97ed827494cf9590106572f951f44b6

SHA1
3dc376c91813b9dba36e6b1c53d2d2e37e96385a

SHA256
2470f53bfa09e894331f0bfe95621c13472e830e6136786042f8da954eed1a21

SHA512
624905e5d093ad1120d85475dad22040dd0727560b4354470b57deeeb22d6085d38360c982ae1db9682b74b45333afc6bb7d9770657b21530a45c7f48818e984

Download Submit
C:\Windows\system\FctUCea.exe

Filesize
6.0MB

MD5
2c1d8a4410150efa1c7cad124825dee9

SHA1
224217554c554beb7d3fc9332dc07a578174357f

SHA256
395a6432da73f0bbdeea5410189ce010af03242e185642bdaebae73c8ba04e10

SHA512
223cdb56d11a55d4f9559ea32f1565c0cbaa7938440928d53b517d5162fed419f20b5dd17a77d15bb3ce4dba72d050681f0bcc803ddc51d66451a0e3568ebf69

Download Submit
C:\Windows\system\HPVgyvx.exe

Filesize
6.0MB

MD5
c0e949775ee133f41c67bb8edc998901

SHA1
138867d51fb82dbf1294160aaafecf6ff374b2c5

SHA256
d2e6d2cb13db442de67fba6f8af03d421cd222b307cbd091bab3b365236e6414

SHA512
1acebb8930042ee7e9182dad78c1abf2bbc9d0b0b2c2e4a4a60c418823c3584dfba5fc60884e9dda623d7142a97e5591f8e9ffeb3e81479b49a7d49e2f0fb7ac

Download Submit
C:\Windows\system\JXJGekd.exe

Filesize
6.0MB

MD5
0e29f8aea6b5e1a01fedb2611d17c213

SHA1
9321b5e89916953d48cea3f236f5629b0725f1ab

SHA256
26941960a0f3769291db9cdd2d59d515276ff922a04ba6cfd3d5d7173432a387

SHA512
6bfb92ff98085256a55366e9d7de15609c96952c46b78bc2bf978440b2ecaa21b68a4fea7e87e79da752deae8d8f6451d88fddc9306f340c1b640beaa58a4958

Download Submit
C:\Windows\system\LUIAyLL.exe

Filesize
6.0MB

MD5
a5ce9c3ef8dc82f0b9496cb258582e33

SHA1
1508adab82c55d895249b87f9160873c77dadce9

SHA256
2376d38cae0ad18712c6229de89c0b50df3c428bb3a0c9e5cff2d2ed839aed01

SHA512
4eccd3277e95e3dedca8a50f2c851ec86b19ca0c527541e6bbf25c61822949d1aa4be29565dc30869d718b91f0b242cc7207839266518a8cb034e151d18fef0b

Download Submit
C:\Windows\system\PUWtRgG.exe

Filesize
6.0MB

MD5
9d0f58eeffe0f8690362580d0a54133a

SHA1
042f3edf08ca64c9a09a9c3608b74205cf213538

SHA256
17f3fc5d11f7a92cc6805328e9e7b16674d7a0a555e53a2fab392207472f9eee

SHA512
be0bca2a71ac62211820531a9173b0aed51e5ec6fbb6ecaf333b5dcfc8a9900c8e9074c412c6beae59088c5467653bbaae823313a10ccbe8e2255438173b824f

Download Submit
C:\Windows\system\PWxnNHf.exe

Filesize
6.0MB

MD5
7f7ae341da77530bd67ea7402bf1adfa

SHA1
600b753b0f69b267ec40aac5d6b8517336b784f6

SHA256
192e43fe3450e953fa4436e016f3756ec834c1fd31a9ceae809b29fbb4dbca33

SHA512
a30c6035806fa15e3534ebc74526daec8e4c8a6c668dfc3044a79d2f3f51d36f30a47feabc264778dfdaa38fd9b5448abfb231f32619e10a14e92bf03ed82f97

Download Submit
C:\Windows\system\QVZtSDg.exe

Filesize
6.0MB

MD5
1cb6ddcb4867b5e63b00e6534f787de4

SHA1
93efb23be9fa89317f1d237d745832c3791d382c

SHA256
6a38d5420831f218134be0261ace64159cd7760cf4be638a1d305c779d113ba6

SHA512
9bb38696b1561ed86a84052cf26a9427e306fb72a34f23fc39a6b645f8c95012d6941cdfa5691fb38129294c975cf6f7158c37795dce5fedfc8c58d9876e90b2

Download Submit
C:\Windows\system\QpckeuH.exe

Filesize
6.0MB

MD5
565cdb8d799a1c7825ffb564c69ff1a9

SHA1
701e0a5681188c3f087d8f80e6ad0d489924b097

SHA256
25a65ba2a9342fe6c2f6f853d892825a30dc58a720df587bf58b87a17c88db1c

SHA512
83fbd5decd046132782ea6d25d298fca2007d38f702f3a9e8d59aca5e3af0ec2d72ea21536581531af06e8b005906eb9c9516f618f8eaa259fa45a709d465ab0

Download Submit
C:\Windows\system\UwlrmaO.exe

Filesize
6.0MB

MD5
c6564bbb87469d8b5223274ff6fc7a0b

SHA1
0be9fd40ea07feb2958ea348b9eb3388186e4d2d

SHA256
630b63dab7d0fb7fdc66dadc2283995f959251fd148a1e93c79ccda722dd0c8d

SHA512
4d3b3e706946a1a2eb07947d8a9014777752d2aaa09efa9faffcf318406ac3f7cca88d68d680bab36b1c7b790c4288423e6976bd883322258c7488a151cd5007

Download Submit
C:\Windows\system\VNYaSYm.exe

Filesize
6.0MB

MD5
cb246402eef2b8ed78a65b22d8620fa3

SHA1
53c8d60af90b98609f7f491458a811ac0ebf98a9

SHA256
160ac3d8dc039e8101912cbfb3ca179a1ce699a6fbf5633570bbca27a49c35dd

SHA512
246f18c4b34e5bb783f2b9f9c1e6d3310c4fc293b170acbc42853a2f29b14b9d87652a7a37a6c41e22830c66700400c48a801c1f9e567dbcebab711a72f50e01

Download Submit
C:\Windows\system\VWLmehL.exe

Filesize
6.0MB

MD5
7a8119193c59259466116395069c88ee

SHA1
544852fa46a49197d337d8e3ef49bdbda54b6a77

SHA256
8cbe6ba05ecbbcf87d77f18f2465b5b81388764aecd893a1e1fc7ccbdcadcda4

SHA512
8629d116b79d2f685126f3c8ce9adffab2bd1d1169e8eca54eb7a2eb413e881e89cd102e0f2a5c802fb0176c26c67e036ce18d418b2b3c203336f4b5954bc9d4

Download Submit
C:\Windows\system\VYnQoFM.exe

Filesize
6.0MB

MD5
0e170c654129038d5caa0f94528b0b17

SHA1
10b65c21fac18f8ea4c3c8179a900425e55d8cd4

SHA256
197b90d5c1409d73cf2067d94d8c911bd5c5a62e490dac33ff8f55d973f4acd1

SHA512
bc7e0272d45fef6e7cf897be6210e1b9310b05a68991ddb6844654e5c4aec5f6b0222a2fd50d69bb064a730ee3953243baa2b795038ff3e4128940a45ac6d661

Download Submit
C:\Windows\system\WudRhaE.exe

Filesize
6.0MB

MD5
99350e9d9ae3f45fb23e3ee6dce66afe

SHA1
857eca19498c3d40e78968f21ddd3f5a472bc818

SHA256
214f917c9c57bcaf07525e86380b0af599f7864d30e2cbb260dbf7e4789c2761

SHA512
64c6bc5cb6dc7928df94f38b81bea91250c2ce55bcb697f9edb20e6447aeeecb56e576f1ae785fe921e9716fe958f1c3bb2633c52423683a1b94edc7bef7dc95

Download Submit
C:\Windows\system\XEaASvX.exe

Filesize
6.0MB

MD5
f230eea57e1b53abde18aa7346004312

SHA1
c05eb5d6216359746d83ba192ecdadcfa9eb33ce

SHA256
df20daaa0fe54ccd1fce1e89c0c7bcd012cceb3b696a960ad8f709af5fe1752b

SHA512
58bbe7a1b90f6828c3dd99ca555a52f1e4420f91f33a583da8724f3177f253e5504eb0865cfa4364b12d6e06b4c388ad9f9a44b96b3f3f9b14f1d09c725076d3

Download Submit
C:\Windows\system\ZTuLMzn.exe

Filesize
6.0MB

MD5
89108f66f4b823fa721dcb002000ed42

SHA1
975603741a7f2101d53b2a4c0207476ac7575785

SHA256
314a51f7f1ea71421055ef0a76022bde44435722ea1f98b1eb7b5697572c7722

SHA512
c2d24ab2721e8d33adbff2f57c81ffcb9b17f6182da1cd5eb9e6f92c2917711bdeffe315a8ec41ef0709e403cc5409a2c9b2d2fa4eea2b48a494bf8c82d01c8a

Download Submit
C:\Windows\system\dwGCVYB.exe

Filesize
6.0MB

MD5
cebe72a22ffc6fd34e43f572891e87fc

SHA1
ab103f9b4cc033f0498cb6bc1111325f33589ae4

SHA256
9dc2eec40bb40d04990d416e3be4747b411be4c83195706f1c2903b16d215105

SHA512
1f46bd2860ec3af7683220cc0f3d1b3c02ad0c70378b4518985eb8df28353beea0fac83989994e93a432e4e140dee036368ebefeb66b3f8838b7888ce63606ec

Download Submit
C:\Windows\system\hOIHAOU.exe

Filesize
6.0MB

MD5
f5190875b899f1626720406bf5e724c8

SHA1
2c280415e7fda321fdd0c858873d45c7caaa6c4a

SHA256
76147a530dd3124381ff1375d868991eb722a4bde6c45c61d07f07036f6cc422

SHA512
61511281482394c07fb6ba139f31894fc9e86d4c736829b1dc878dfbe5f3bb6916a200d6036db1f23262edc13ac546f351826f03a2b4926dbbe5a090d813349a

Download Submit
C:\Windows\system\mgZsjlZ.exe

Filesize
6.0MB

MD5
7429d06c0c11290ea45f6cd272dcd541

SHA1
251ff261f5539997e187a8fc3ce7a46ded268e4b

SHA256
13948dee2bbfc1f9eb105fa172ddbdf7ace24e2703d5f65222d0fde62c62cb78

SHA512
781e319698ba51593053492d046be5998c3f30e38b2270f399e9add20bb7d6671b5b491dc8c741af7611b3ddf7fce1686b092d7f6ab7e6d0826e7ff035f074e5

Download Submit
C:\Windows\system\nEfVNmf.exe

Filesize
6.0MB

MD5
9f55344ef5e644c3f24a20ac3cf8fbe3

SHA1
a56d3eec1a9973aa29941f4d64da3c83172b7800

SHA256
75efd7a16d8dbe40c6bc762be806f320f7105914112c36289ab1cdfc3becfcda

SHA512
621111fd23b4431bf3cb360832418d92af0307fa40a53c0c981c395b2144522b5ce01fe1e593b75bc4666df8f4058ea9d707b78a3d31ef2ea57b55b9997824df

Download Submit
C:\Windows\system\nlwvZYA.exe

Filesize
6.0MB

MD5
821e27a01f10c23e01b0ba74a399205a

SHA1
640e4bb1d2cbc1cee57aa0c53da1e589cc488940

SHA256
c61c0529bae6e81385fe439352a9c96668e87ceb071b2f22f1071600ad4a3516

SHA512
22e0956021e56201da720738abf3be4ed7c09858313c51b499fdcf2dc3ee3fdc08d533a5aaa5e7b5300fb13ab2b5c6f9a679aaba889274f380910f785b1cb59f

Download Submit
C:\Windows\system\nqQyvvo.exe

Filesize
6.0MB

MD5
b98c4bb2e2e973f14acf21a83c3c54aa

SHA1
0851b13c84f9a97080430844b39e16c49a4c421f

SHA256
bc64c14b5b1de36ba49e9b5c92e86cc99139dcfca9c2ed1a3905aa1a359defb5

SHA512
4c6e450c762210500240dbc9cfad9c8e98dffa59afc76c59ec179b57d5fb197e5a16a78b16f3d1df3a8cb16e15efa09a6916aa5d18876e9b97f3bf31d98a9218

Download Submit
C:\Windows\system\okgEQsb.exe

Filesize
6.0MB

MD5
c983c06f4aa39ab5bac0850f6f6e836b

SHA1
30250aab459c206a2e5aa56c9d05b9717bb2bcd3

SHA256
d20e93475f12ef24db73b0abd3dbedd267f9219fb565cc5f69971898b6e1fddc

SHA512
7fdae0596de6a120106ebd263a17342e867dad0e1d3b283b4bfb4db1e37879ccafa2a952a891f30428e5317b26cc59c8419de2e6e29a1248e4a7ac71b7655624

Download Submit
C:\Windows\system\thpSIYw.exe

Filesize
6.0MB

MD5
6de8ac7387d082bb50c9b78264deebae

SHA1
9f8144a49d251c9ef774299c23f7336cde367638

SHA256
0bdb1313b527857d2740186729ae01e22a8401ba81eae8be086f646a4de1d996

SHA512
df6df557afb934543c220f44d2bd613d10879303cbed6736d96cc8532f0e4fcd463b9568ce84cd8d912b5a2a2e837ff95b5a69a7843f1fa2c1cd4f7cc3a7bc8f

Download Submit
C:\Windows\system\vwQyImr.exe

Filesize
6.0MB

MD5
762e1f9b54a693efe1a27bb6361e0a70

SHA1
ce4789cd4a3a3a35bc3b4937d51f248a6bcbda99

SHA256
58a96f8e3af43cf02f9f021ef3b37621a7ecc2e15176a60d6d8a4aac637190a2

SHA512
b714a33b61368f8773b321e1e279b5abab60892ae0a9780b2c420ee54d26494dac46a77dad6ef2a0f9d1bdda5c559cff33befe64372ffce17c45cc8f272f387e

Download Submit
C:\Windows\system\zQToKmi.exe

Filesize
6.0MB

MD5
d2a5c4e64c4cf0706fe3651aad9aab31

SHA1
1c844f562ac3b62fb0f7640736e38622bd88da43

SHA256
83237c9b02df8ef98ef47ec496f45a3e79b18203348c571ef759a484df627980

SHA512
e52917bc1d1924a374a5a48cbf8048cc304bed8600b4b3ae4f6387fa7beb7470c082c56b31f1d04f2d3b66773253d3060abb620e510c3c1ce79be0b88772c2d5

Download Submit
\Windows\system\CiXMOGi.exe

Filesize
6.0MB

MD5
552b9934c375cf64e8192811d064999d

SHA1
a468f808adde4f43e622e5c644831ad2f4bfe6ed

SHA256
a386a01020ca6fc2e9cc267c2f81d14eac6bfd8e10bd96a2b9674a89d9c37318

SHA512
f0953667811a22bbcb808cdb965a4af0695af7fe6c2b1c086bdb5e5d8a4dfe7eb3c3d3820956ecef4de7364baef280095117c9ba5ff2169e3f3cf01ee54c2516

Download Submit
\Windows\system\GmAgWVa.exe

Filesize
6.0MB

MD5
c5a04ffa42cc3cd5e2ad8e2db4231e24

SHA1
ca137d1610bd67870b3648cf8e2149dc0dab73b3

SHA256
1f6b4c0a5afaccdb6452550274f96b29f4a2c1f78f3ea782e59fbebe482d5b76

SHA512
df5c931774d9f8fb0d26a63105c8861d4b5b48661392cc01bdb930f6ffbe872537ad86d8257aea40dd72255ce1d13b455e98f0e6d645a79e9d5012380454cee3

Download Submit
\Windows\system\MbywQUJ.exe

Filesize
6.0MB

MD5
164d22caf7dd3a4a68e2b1a71813cb9e

SHA1
467da4d4bad17000ce575bb5c777a69e3abb8e84

SHA256
95ee154ec7cd990ed34cd93e166f202a7f8ea2fdde0168408547d6fcea823b9b

SHA512
ba015b21db6bcdc1ef179e10855227cb318948a2f22b361a36289ba267fb7400c0d5a6e3f7c2c739a88056dd8f5ff6a0f754c0d5465b3bae25b46c3a94f67116

Download Submit
\Windows\system\slQlAis.exe

Filesize
6.0MB

MD5
a8f4bd3304482a057592ded70269a82e

SHA1
252ec91eefc248e52113775479f40d48188de135

SHA256
20bc3479e3c29e4a730bb56d55d570740cff9b97aafaeaf85170044b46fcfc58

SHA512
45b13bf8205b148a6b2f3a4998d99225f6d1f113f1f70df6f5a97aa3387d3ff112000a4db478b365b4f53b17c4bd87830c190cdbc4efe49cd1fd40b723af5706

Download Submit
\Windows\system\tsMBtMk.exe

Filesize
6.0MB

MD5
a9f8cbeb0df02a37ad14758cdfb143f0

SHA1
d5fff02759869a1a66e8313ff40d2a0989ce5856

SHA256
9e391a09b8bb43370674dcf7be59ce326e11fdb3329558b08a7894884cccc756

SHA512
4957a9e2ca038ba2f98e3864fb0dbf84eb2bf9e7c77d7bd42cf564bac581492a0662de1a75ae30d493a89deb344ea51b79a5f5d623032d2265734ee0ea26211e

Download Submit
memory/332-3642-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-3649-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1628-3647-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1845-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2440-3658-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1836-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2440-3654-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1838-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2440-0-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1804-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1840-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1843-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1809-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1847-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3646-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1846-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3650-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2568-1839-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3640-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1844-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3651-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2620-2162-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3648-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1808-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3643-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3641-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1799-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3652-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3645-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1842-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1835-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3653-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1837-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3644-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download