cobaltstrike | 107e8dee9742783fa33cd2958369811467f60811208975876447c21f12eb92fa

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

066b89266d1f1f86856bb270e88930bd
SHA1

6ea807788cbce2be99255399a9b542de7f8fda5b
SHA256

107e8dee9742783fa33cd2958369811467f60811208975876447c21f12eb92fa
SHA512

09e3f3a5f2f7cb9777190e339404cb5d081153c286873c017bdfae4cb225d1aa7e0ebb114be1030d3c887f6fa93f2022ddd56a9bc44f958d5a3de4584c05d9db
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015689-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156a8-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cb9-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce4-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ccf-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cfd-50.dat	cobalt_reflective_dll
behavioral1/files/0x003800000001506e-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0a-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015f4e-71.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000160da-87.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001660e-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016890-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c89-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cab-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-180.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-201.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015fa6-78.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-196.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-185.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-191.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-175.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-170.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d22-165.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf0-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca0-150.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b86-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016689-130.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164de-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016399-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000162e4-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016141-99.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2984-1-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0008000000012117-3.dat	xmrig
behavioral1/memory/2724-8-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0008000000015689-10.dat	xmrig
behavioral1/memory/2876-15-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x00080000000156a8-12.dat	xmrig
behavioral1/files/0x0007000000015cb9-23.dat	xmrig
behavioral1/memory/2684-21-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ce4-39.dat	xmrig
behavioral1/memory/2724-42-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2932-37-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2984-36-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ccf-35.dat	xmrig
behavioral1/memory/2752-44-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2696-29-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2876-46-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cfd-50.dat	xmrig
behavioral1/files/0x003800000001506e-55.dat	xmrig
behavioral1/memory/2696-60-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2188-61-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2684-54-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/1976-53-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d0a-62.dat	xmrig
behavioral1/memory/640-67-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2932-66-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015f4e-71.dat	xmrig
behavioral1/memory/376-77-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2752-74-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x00060000000160da-87.dat	xmrig
behavioral1/memory/332-92-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/640-105-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2940-109-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x000600000001660e-125.dat	xmrig
behavioral1/files/0x0006000000016890-135.dat	xmrig
behavioral1/files/0x0006000000016c89-145.dat	xmrig
behavioral1/files/0x0006000000016cab-155.dat	xmrig
behavioral1/files/0x0006000000016d6f-180.dat	xmrig
behavioral1/files/0x0006000000016de9-201.dat	xmrig
behavioral1/files/0x0006000000015fa6-78.dat	xmrig
behavioral1/memory/2940-982-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2848-801-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/332-595-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2984-524-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2144-397-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dd9-196.dat	xmrig
behavioral1/files/0x0006000000016d73-185.dat	xmrig
behavioral1/files/0x0006000000016dd5-191.dat	xmrig
behavioral1/memory/376-189-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d68-175.dat	xmrig
behavioral1/files/0x0006000000016d4c-170.dat	xmrig
behavioral1/files/0x0006000000016d22-165.dat	xmrig
behavioral1/files/0x0006000000016cf0-160.dat	xmrig
behavioral1/files/0x0006000000016ca0-150.dat	xmrig
behavioral1/files/0x0006000000016b86-140.dat	xmrig
behavioral1/files/0x0006000000016689-130.dat	xmrig
behavioral1/files/0x00060000000164de-120.dat	xmrig
behavioral1/files/0x0006000000016399-115.dat	xmrig
behavioral1/memory/2984-113-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2848-101-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x00060000000162e4-108.dat	xmrig
behavioral1/memory/2984-106-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0006000000016141-99.dat	xmrig
behavioral1/memory/2188-96-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2144-85-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2724	lMporhT.exe
2876	gkXQxSA.exe
2684	ApbjVrC.exe
2696	DQZPfef.exe
2932	fmpzsWy.exe
2752	XBMYrgw.exe
1976	AkyRaYy.exe
2188	UrnzZpu.exe
640	moLXUjM.exe
376	XWXZiCt.exe
2144	DIgCBaR.exe
332	ZGgshxY.exe
2848	bbbHUTO.exe
2940	iLzGKWi.exe
2332	MwUwODB.exe
2936	RyUWNgM.exe
2096	tqrXQAX.exe
1612	rjjSLdY.exe
1548	dKZZdHu.exe
1152	SQHPJsF.exe
1496	uXbgKRT.exe
936	JMEltIj.exe
1792	kRNKwZU.exe
2108	CtxTDlZ.exe
1860	YsUYazC.exe
2448	GvVuVmT.exe
2468	YYLjHat.exe
1760	vEKwUCn.exe
624	VAhTONp.exe
2276	YtlwTMH.exe
2520	ikayMCe.exe
1340	YTAJuKv.exe
828	ErrmzKz.exe
1584	bGHBVBD.exe
1668	XxdLMZM.exe
1372	NxjrxDs.exe
2476	rsfcjqI.exe
1124	XVBxAqM.exe
684	peqxyBv.exe
2360	Sfaldcy.exe
532	VqcDyha.exe
2376	EqUuMJy.exe
1876	MpsBRpf.exe
2524	vzKJtwA.exe
1420	lBAiZoF.exe
300	cGgQjUh.exe
548	UDsMeLZ.exe
1744	PMnxUxp.exe
1508	uQxbeXF.exe
1408	Hohadhr.exe
1972	kRxezTx.exe
2380	vUhvewk.exe
1596	hCQwUOv.exe
1604	PfsYgcJ.exe
2836	uvLFAsh.exe
2176	TaRoqGh.exe
2616	CEssKud.exe
2844	GrItOJl.exe
2604	EvZUqKM.exe
2584	vaMmnyF.exe
2864	dQMNOis.exe
1692	mcglNBy.exe
3008	kuSwWjX.exe
1412	eipHBAt.exe

Loads dropped DLL 64 IoCs

pid	Process
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2984-1-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0008000000012117-3.dat	upx
behavioral1/memory/2724-8-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0008000000015689-10.dat	upx
behavioral1/memory/2876-15-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x00080000000156a8-12.dat	upx
behavioral1/files/0x0007000000015cb9-23.dat	upx
behavioral1/memory/2684-21-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0007000000015ce4-39.dat	upx
behavioral1/memory/2724-42-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2932-37-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2984-36-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0007000000015ccf-35.dat	upx
behavioral1/memory/2752-44-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2696-29-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2876-46-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x0008000000015cfd-50.dat	upx
behavioral1/files/0x003800000001506e-55.dat	upx
behavioral1/memory/2696-60-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2188-61-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2684-54-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/1976-53-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x0008000000015d0a-62.dat	upx
behavioral1/memory/640-67-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2932-66-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0006000000015f4e-71.dat	upx
behavioral1/memory/376-77-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2752-74-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x00060000000160da-87.dat	upx
behavioral1/memory/332-92-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/640-105-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2940-109-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x000600000001660e-125.dat	upx
behavioral1/files/0x0006000000016890-135.dat	upx
behavioral1/files/0x0006000000016c89-145.dat	upx
behavioral1/files/0x0006000000016cab-155.dat	upx
behavioral1/files/0x0006000000016d6f-180.dat	upx
behavioral1/files/0x0006000000016de9-201.dat	upx
behavioral1/files/0x0006000000015fa6-78.dat	upx
behavioral1/memory/2940-982-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2848-801-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/332-595-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2144-397-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0006000000016dd9-196.dat	upx
behavioral1/files/0x0006000000016d73-185.dat	upx
behavioral1/files/0x0006000000016dd5-191.dat	upx
behavioral1/memory/376-189-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0006000000016d68-175.dat	upx
behavioral1/files/0x0006000000016d4c-170.dat	upx
behavioral1/files/0x0006000000016d22-165.dat	upx
behavioral1/files/0x0006000000016cf0-160.dat	upx
behavioral1/files/0x0006000000016ca0-150.dat	upx
behavioral1/files/0x0006000000016b86-140.dat	upx
behavioral1/files/0x0006000000016689-130.dat	upx
behavioral1/files/0x00060000000164de-120.dat	upx
behavioral1/files/0x0006000000016399-115.dat	upx
behavioral1/memory/2848-101-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x00060000000162e4-108.dat	upx
behavioral1/files/0x0006000000016141-99.dat	upx
behavioral1/memory/2188-96-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2144-85-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2724-3556-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2876-3553-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2696-3576-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cQdurQu.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXWAqpu.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myoPSng.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MALgbIO.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoapxlP.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlIPqqc.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezsrCry.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTGhNpR.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySeSJHO.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIbEzaN.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTNiaDh.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVMrGvm.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITmHJNy.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYMXUib.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEdMvhE.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFETwmn.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJlaeTj.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDeEmZl.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTwyWaE.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGipNEs.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMNEQMF.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZznWsA.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMyQoma.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTenuze.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTTGXPE.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmvHzUe.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lzdqzne.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAsWdZT.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTNfhil.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTgplqf.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eltzDzs.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXXmjXq.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAgdtEY.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiqHZDk.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bnkwUwc.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysmZGtK.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrppViK.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oauirFu.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUcpkyq.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpsmwQy.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzVsoLq.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcQHtxZ.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxkadBr.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMRYEEG.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKKcQIN.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdrDKGy.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRcHlvR.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtpuKUn.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTduPvh.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJxlmjg.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTFfeim.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRNKwZU.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VahWPTQ.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpAqxVi.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQfyMmZ.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECXpKfv.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwkyIOp.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNbmjFO.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnoxcDq.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POUlvaD.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MRPGvTc.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkcugoJ.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLmtPcg.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNqvPrs.exe	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2724	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2984 wrote to memory of 2724	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2984 wrote to memory of 2724	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2984 wrote to memory of 2876	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2984 wrote to memory of 2876	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2984 wrote to memory of 2876	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2984 wrote to memory of 2684	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2984 wrote to memory of 2684	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2984 wrote to memory of 2684	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2984 wrote to memory of 2696	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2984 wrote to memory of 2696	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2984 wrote to memory of 2696	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2984 wrote to memory of 2932	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2984 wrote to memory of 2932	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2984 wrote to memory of 2932	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2984 wrote to memory of 2752	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2984 wrote to memory of 2752	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2984 wrote to memory of 2752	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2984 wrote to memory of 1976	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2984 wrote to memory of 1976	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2984 wrote to memory of 1976	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2984 wrote to memory of 2188	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2984 wrote to memory of 2188	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2984 wrote to memory of 2188	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2984 wrote to memory of 640	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2984 wrote to memory of 640	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2984 wrote to memory of 640	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2984 wrote to memory of 376	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2984 wrote to memory of 376	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2984 wrote to memory of 376	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2984 wrote to memory of 2144	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2984 wrote to memory of 2144	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2984 wrote to memory of 2144	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2984 wrote to memory of 332	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2984 wrote to memory of 332	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2984 wrote to memory of 332	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2984 wrote to memory of 2848	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2984 wrote to memory of 2848	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2984 wrote to memory of 2848	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2984 wrote to memory of 2940	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2984 wrote to memory of 2940	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2984 wrote to memory of 2940	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2984 wrote to memory of 2332	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2984 wrote to memory of 2332	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2984 wrote to memory of 2332	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2984 wrote to memory of 2936	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2984 wrote to memory of 2936	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2984 wrote to memory of 2936	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2984 wrote to memory of 2096	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2984 wrote to memory of 2096	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2984 wrote to memory of 2096	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2984 wrote to memory of 1612	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2984 wrote to memory of 1612	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2984 wrote to memory of 1612	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2984 wrote to memory of 1548	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2984 wrote to memory of 1548	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2984 wrote to memory of 1548	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2984 wrote to memory of 1152	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2984 wrote to memory of 1152	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2984 wrote to memory of 1152	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2984 wrote to memory of 1496	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2984 wrote to memory of 1496	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2984 wrote to memory of 1496	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2984 wrote to memory of 936	2984	2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_066b89266d1f1f86856bb270e88930bd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\System\lMporhT.exe
  C:\Windows\System\lMporhT.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\gkXQxSA.exe
  C:\Windows\System\gkXQxSA.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\ApbjVrC.exe
  C:\Windows\System\ApbjVrC.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\DQZPfef.exe
  C:\Windows\System\DQZPfef.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\fmpzsWy.exe
  C:\Windows\System\fmpzsWy.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\XBMYrgw.exe
  C:\Windows\System\XBMYrgw.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\AkyRaYy.exe
  C:\Windows\System\AkyRaYy.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\UrnzZpu.exe
  C:\Windows\System\UrnzZpu.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\moLXUjM.exe
  C:\Windows\System\moLXUjM.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\XWXZiCt.exe
  C:\Windows\System\XWXZiCt.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\DIgCBaR.exe
  C:\Windows\System\DIgCBaR.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\ZGgshxY.exe
  C:\Windows\System\ZGgshxY.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\bbbHUTO.exe
  C:\Windows\System\bbbHUTO.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\iLzGKWi.exe
  C:\Windows\System\iLzGKWi.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\MwUwODB.exe
  C:\Windows\System\MwUwODB.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\RyUWNgM.exe
  C:\Windows\System\RyUWNgM.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\tqrXQAX.exe
  C:\Windows\System\tqrXQAX.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\rjjSLdY.exe
  C:\Windows\System\rjjSLdY.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\dKZZdHu.exe
  C:\Windows\System\dKZZdHu.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\SQHPJsF.exe
  C:\Windows\System\SQHPJsF.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\uXbgKRT.exe
  C:\Windows\System\uXbgKRT.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\JMEltIj.exe
  C:\Windows\System\JMEltIj.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\kRNKwZU.exe
  C:\Windows\System\kRNKwZU.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\CtxTDlZ.exe
  C:\Windows\System\CtxTDlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\YsUYazC.exe
  C:\Windows\System\YsUYazC.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\GvVuVmT.exe
  C:\Windows\System\GvVuVmT.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\YYLjHat.exe
  C:\Windows\System\YYLjHat.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\vEKwUCn.exe
  C:\Windows\System\vEKwUCn.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\VAhTONp.exe
  C:\Windows\System\VAhTONp.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\YtlwTMH.exe
  C:\Windows\System\YtlwTMH.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\ikayMCe.exe
  C:\Windows\System\ikayMCe.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\YTAJuKv.exe
  C:\Windows\System\YTAJuKv.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\ErrmzKz.exe
  C:\Windows\System\ErrmzKz.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\bGHBVBD.exe
  C:\Windows\System\bGHBVBD.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\XxdLMZM.exe
  C:\Windows\System\XxdLMZM.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\NxjrxDs.exe
  C:\Windows\System\NxjrxDs.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\rsfcjqI.exe
  C:\Windows\System\rsfcjqI.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\XVBxAqM.exe
  C:\Windows\System\XVBxAqM.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\peqxyBv.exe
  C:\Windows\System\peqxyBv.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\Sfaldcy.exe
  C:\Windows\System\Sfaldcy.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\VqcDyha.exe
  C:\Windows\System\VqcDyha.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\EqUuMJy.exe
  C:\Windows\System\EqUuMJy.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\MpsBRpf.exe
  C:\Windows\System\MpsBRpf.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\vzKJtwA.exe
  C:\Windows\System\vzKJtwA.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\lBAiZoF.exe
  C:\Windows\System\lBAiZoF.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\cGgQjUh.exe
  C:\Windows\System\cGgQjUh.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\UDsMeLZ.exe
  C:\Windows\System\UDsMeLZ.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\PMnxUxp.exe
  C:\Windows\System\PMnxUxp.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\uQxbeXF.exe
  C:\Windows\System\uQxbeXF.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\Hohadhr.exe
  C:\Windows\System\Hohadhr.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\kRxezTx.exe
  C:\Windows\System\kRxezTx.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\vUhvewk.exe
  C:\Windows\System\vUhvewk.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\hCQwUOv.exe
  C:\Windows\System\hCQwUOv.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\PfsYgcJ.exe
  C:\Windows\System\PfsYgcJ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\uvLFAsh.exe
  C:\Windows\System\uvLFAsh.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\TaRoqGh.exe
  C:\Windows\System\TaRoqGh.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\CEssKud.exe
  C:\Windows\System\CEssKud.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\GrItOJl.exe
  C:\Windows\System\GrItOJl.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\EvZUqKM.exe
  C:\Windows\System\EvZUqKM.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\vaMmnyF.exe
  C:\Windows\System\vaMmnyF.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\dQMNOis.exe
  C:\Windows\System\dQMNOis.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\mcglNBy.exe
  C:\Windows\System\mcglNBy.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\kuSwWjX.exe
  C:\Windows\System\kuSwWjX.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\eipHBAt.exe
  C:\Windows\System\eipHBAt.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\TBKpPUX.exe
  C:\Windows\System\TBKpPUX.exe
  2⤵
  PID:320
- C:\Windows\System\GyfhaLL.exe
  C:\Windows\System\GyfhaLL.exe
  2⤵
  PID:2916
- C:\Windows\System\IuaLwzf.exe
  C:\Windows\System\IuaLwzf.exe
  2⤵
  PID:2948
- C:\Windows\System\MRMdsim.exe
  C:\Windows\System\MRMdsim.exe
  2⤵
  PID:2100
- C:\Windows\System\GuMwyFi.exe
  C:\Windows\System\GuMwyFi.exe
  2⤵
  PID:492
- C:\Windows\System\sVqsKxp.exe
  C:\Windows\System\sVqsKxp.exe
  2⤵
  PID:1820
- C:\Windows\System\CpxxdhC.exe
  C:\Windows\System\CpxxdhC.exe
  2⤵
  PID:1308
- C:\Windows\System\IJGFhEg.exe
  C:\Windows\System\IJGFhEg.exe
  2⤵
  PID:1868
- C:\Windows\System\ugWduBc.exe
  C:\Windows\System\ugWduBc.exe
  2⤵
  PID:2180
- C:\Windows\System\mLnfxFd.exe
  C:\Windows\System\mLnfxFd.exe
  2⤵
  PID:1780
- C:\Windows\System\GHUffPF.exe
  C:\Windows\System\GHUffPF.exe
  2⤵
  PID:1344
- C:\Windows\System\ZJiSZbo.exe
  C:\Windows\System\ZJiSZbo.exe
  2⤵
  PID:292
- C:\Windows\System\UkxMUgU.exe
  C:\Windows\System\UkxMUgU.exe
  2⤵
  PID:2004
- C:\Windows\System\rdRZKtV.exe
  C:\Windows\System\rdRZKtV.exe
  2⤵
  PID:1636
- C:\Windows\System\yvifIVO.exe
  C:\Windows\System\yvifIVO.exe
  2⤵
  PID:1908
- C:\Windows\System\vwOQqPE.exe
  C:\Windows\System\vwOQqPE.exe
  2⤵
  PID:1204
- C:\Windows\System\FSVOCGN.exe
  C:\Windows\System\FSVOCGN.exe
  2⤵
  PID:1180
- C:\Windows\System\mYIzPHt.exe
  C:\Windows\System\mYIzPHt.exe
  2⤵
  PID:740
- C:\Windows\System\NbnQkev.exe
  C:\Windows\System\NbnQkev.exe
  2⤵
  PID:3044
- C:\Windows\System\iqVBTwG.exe
  C:\Windows\System\iqVBTwG.exe
  2⤵
  PID:2320
- C:\Windows\System\CoSshtg.exe
  C:\Windows\System\CoSshtg.exe
  2⤵
  PID:1804
- C:\Windows\System\DMSqGAJ.exe
  C:\Windows\System\DMSqGAJ.exe
  2⤵
  PID:972
- C:\Windows\System\JXBlVKe.exe
  C:\Windows\System\JXBlVKe.exe
  2⤵
  PID:2340
- C:\Windows\System\FlpNqWZ.exe
  C:\Windows\System\FlpNqWZ.exe
  2⤵
  PID:2056
- C:\Windows\System\fhsZXts.exe
  C:\Windows\System\fhsZXts.exe
  2⤵
  PID:1512
- C:\Windows\System\ZDWOzCS.exe
  C:\Windows\System\ZDWOzCS.exe
  2⤵
  PID:1592
- C:\Windows\System\WblqUSJ.exe
  C:\Windows\System\WblqUSJ.exe
  2⤵
  PID:1712
- C:\Windows\System\ZQWxrYx.exe
  C:\Windows\System\ZQWxrYx.exe
  2⤵
  PID:1708
- C:\Windows\System\sLRstKZ.exe
  C:\Windows\System\sLRstKZ.exe
  2⤵
  PID:2704
- C:\Windows\System\sxMCaPc.exe
  C:\Windows\System\sxMCaPc.exe
  2⤵
  PID:2832
- C:\Windows\System\ZnJPcKR.exe
  C:\Windows\System\ZnJPcKR.exe
  2⤵
  PID:2576
- C:\Windows\System\PSqOQhr.exe
  C:\Windows\System\PSqOQhr.exe
  2⤵
  PID:1968
- C:\Windows\System\zJIFlog.exe
  C:\Windows\System\zJIFlog.exe
  2⤵
  PID:2720
- C:\Windows\System\miDUBJY.exe
  C:\Windows\System\miDUBJY.exe
  2⤵
  PID:2612
- C:\Windows\System\NxkadBr.exe
  C:\Windows\System\NxkadBr.exe
  2⤵
  PID:2920
- C:\Windows\System\rzurcWb.exe
  C:\Windows\System\rzurcWb.exe
  2⤵
  PID:2904
- C:\Windows\System\CIUSJDs.exe
  C:\Windows\System\CIUSJDs.exe
  2⤵
  PID:1096
- C:\Windows\System\xbufByx.exe
  C:\Windows\System\xbufByx.exe
  2⤵
  PID:3012
- C:\Windows\System\ennJQmt.exe
  C:\Windows\System\ennJQmt.exe
  2⤵
  PID:2560
- C:\Windows\System\ZTNSQDC.exe
  C:\Windows\System\ZTNSQDC.exe
  2⤵
  PID:3016
- C:\Windows\System\kiQtAkj.exe
  C:\Windows\System\kiQtAkj.exe
  2⤵
  PID:840
- C:\Windows\System\fDWVQWK.exe
  C:\Windows\System\fDWVQWK.exe
  2⤵
  PID:1092
- C:\Windows\System\PymEMlX.exe
  C:\Windows\System\PymEMlX.exe
  2⤵
  PID:1552
- C:\Windows\System\aaxntLy.exe
  C:\Windows\System\aaxntLy.exe
  2⤵
  PID:2412
- C:\Windows\System\YlnaYXI.exe
  C:\Windows\System\YlnaYXI.exe
  2⤵
  PID:3064
- C:\Windows\System\MALgbIO.exe
  C:\Windows\System\MALgbIO.exe
  2⤵
  PID:2484
- C:\Windows\System\uoONmPi.exe
  C:\Windows\System\uoONmPi.exe
  2⤵
  PID:2796
- C:\Windows\System\ZTHfDSM.exe
  C:\Windows\System\ZTHfDSM.exe
  2⤵
  PID:872
- C:\Windows\System\nyqEerr.exe
  C:\Windows\System\nyqEerr.exe
  2⤵
  PID:1572
- C:\Windows\System\VfShTOJ.exe
  C:\Windows\System\VfShTOJ.exe
  2⤵
  PID:2672
- C:\Windows\System\dtHHJqI.exe
  C:\Windows\System\dtHHJqI.exe
  2⤵
  PID:2620
- C:\Windows\System\oFHulnm.exe
  C:\Windows\System\oFHulnm.exe
  2⤵
  PID:2288
- C:\Windows\System\ZQhIYnK.exe
  C:\Windows\System\ZQhIYnK.exe
  2⤵
  PID:2068
- C:\Windows\System\OVKIruf.exe
  C:\Windows\System\OVKIruf.exe
  2⤵
  PID:2728
- C:\Windows\System\KEgEtVp.exe
  C:\Windows\System\KEgEtVp.exe
  2⤵
  PID:2732
- C:\Windows\System\zpeSfaC.exe
  C:\Windows\System\zpeSfaC.exe
  2⤵
  PID:2092
- C:\Windows\System\fMOdXwp.exe
  C:\Windows\System\fMOdXwp.exe
  2⤵
  PID:1356
- C:\Windows\System\AMEGRfn.exe
  C:\Windows\System\AMEGRfn.exe
  2⤵
  PID:1488
- C:\Windows\System\aeVcRjb.exe
  C:\Windows\System\aeVcRjb.exe
  2⤵
  PID:2352
- C:\Windows\System\ZCNuKUN.exe
  C:\Windows\System\ZCNuKUN.exe
  2⤵
  PID:344
- C:\Windows\System\KucBXPp.exe
  C:\Windows\System\KucBXPp.exe
  2⤵
  PID:1352
- C:\Windows\System\pXYHDxp.exe
  C:\Windows\System\pXYHDxp.exe
  2⤵
  PID:2472
- C:\Windows\System\EWsfseu.exe
  C:\Windows\System\EWsfseu.exe
  2⤵
  PID:1040
- C:\Windows\System\kjWAsoR.exe
  C:\Windows\System\kjWAsoR.exe
  2⤵
  PID:3052
- C:\Windows\System\sEuyzNw.exe
  C:\Windows\System\sEuyzNw.exe
  2⤵
  PID:2852
- C:\Windows\System\cpLjdDJ.exe
  C:\Windows\System\cpLjdDJ.exe
  2⤵
  PID:2792
- C:\Windows\System\PoOJgvI.exe
  C:\Windows\System\PoOJgvI.exe
  2⤵
  PID:1904
- C:\Windows\System\HdKaFbZ.exe
  C:\Windows\System\HdKaFbZ.exe
  2⤵
  PID:2076
- C:\Windows\System\FrPiFMh.exe
  C:\Windows\System\FrPiFMh.exe
  2⤵
  PID:2236
- C:\Windows\System\LwmjRcK.exe
  C:\Windows\System\LwmjRcK.exe
  2⤵
  PID:2972
- C:\Windows\System\mejlLHX.exe
  C:\Windows\System\mejlLHX.exe
  2⤵
  PID:1324
- C:\Windows\System\oVyxijN.exe
  C:\Windows\System\oVyxijN.exe
  2⤵
  PID:2388
- C:\Windows\System\LwbuXVg.exe
  C:\Windows\System\LwbuXVg.exe
  2⤵
  PID:892
- C:\Windows\System\OdKwdDM.exe
  C:\Windows\System\OdKwdDM.exe
  2⤵
  PID:1828
- C:\Windows\System\UgsLLVJ.exe
  C:\Windows\System\UgsLLVJ.exe
  2⤵
  PID:1716
- C:\Windows\System\GoXAdeE.exe
  C:\Windows\System\GoXAdeE.exe
  2⤵
  PID:1624
- C:\Windows\System\dqhDObY.exe
  C:\Windows\System\dqhDObY.exe
  2⤵
  PID:3076
- C:\Windows\System\rTtIVmZ.exe
  C:\Windows\System\rTtIVmZ.exe
  2⤵
  PID:3100
- C:\Windows\System\dJnaiwE.exe
  C:\Windows\System\dJnaiwE.exe
  2⤵
  PID:3120
- C:\Windows\System\UEdfBSO.exe
  C:\Windows\System\UEdfBSO.exe
  2⤵
  PID:3136
- C:\Windows\System\HWBJsYT.exe
  C:\Windows\System\HWBJsYT.exe
  2⤵
  PID:3156
- C:\Windows\System\ORKyIsE.exe
  C:\Windows\System\ORKyIsE.exe
  2⤵
  PID:3176
- C:\Windows\System\IeJsNMX.exe
  C:\Windows\System\IeJsNMX.exe
  2⤵
  PID:3196
- C:\Windows\System\MEumTBk.exe
  C:\Windows\System\MEumTBk.exe
  2⤵
  PID:3216
- C:\Windows\System\afOKqjD.exe
  C:\Windows\System\afOKqjD.exe
  2⤵
  PID:3236
- C:\Windows\System\jDHIvBf.exe
  C:\Windows\System\jDHIvBf.exe
  2⤵
  PID:3252
- C:\Windows\System\sFUAGbl.exe
  C:\Windows\System\sFUAGbl.exe
  2⤵
  PID:3280
- C:\Windows\System\XPKCKBA.exe
  C:\Windows\System\XPKCKBA.exe
  2⤵
  PID:3300
- C:\Windows\System\fhmpnTW.exe
  C:\Windows\System\fhmpnTW.exe
  2⤵
  PID:3320
- C:\Windows\System\jocQPiw.exe
  C:\Windows\System\jocQPiw.exe
  2⤵
  PID:3340
- C:\Windows\System\ErLrMRL.exe
  C:\Windows\System\ErLrMRL.exe
  2⤵
  PID:3360
- C:\Windows\System\RsoqyGz.exe
  C:\Windows\System\RsoqyGz.exe
  2⤵
  PID:3380
- C:\Windows\System\uIZsFqX.exe
  C:\Windows\System\uIZsFqX.exe
  2⤵
  PID:3400
- C:\Windows\System\RTuphrW.exe
  C:\Windows\System\RTuphrW.exe
  2⤵
  PID:3416
- C:\Windows\System\ClKcsXf.exe
  C:\Windows\System\ClKcsXf.exe
  2⤵
  PID:3436
- C:\Windows\System\lXVVBvK.exe
  C:\Windows\System\lXVVBvK.exe
  2⤵
  PID:3460
- C:\Windows\System\wCbILnx.exe
  C:\Windows\System\wCbILnx.exe
  2⤵
  PID:3480
- C:\Windows\System\iAEZKBm.exe
  C:\Windows\System\iAEZKBm.exe
  2⤵
  PID:3500
- C:\Windows\System\ulEfdId.exe
  C:\Windows\System\ulEfdId.exe
  2⤵
  PID:3528
- C:\Windows\System\TFrrHJK.exe
  C:\Windows\System\TFrrHJK.exe
  2⤵
  PID:3544
- C:\Windows\System\EualyPZ.exe
  C:\Windows\System\EualyPZ.exe
  2⤵
  PID:3568
- C:\Windows\System\hoJwCLT.exe
  C:\Windows\System\hoJwCLT.exe
  2⤵
  PID:3588
- C:\Windows\System\FydaSFI.exe
  C:\Windows\System\FydaSFI.exe
  2⤵
  PID:3608
- C:\Windows\System\bppRohE.exe
  C:\Windows\System\bppRohE.exe
  2⤵
  PID:3624
- C:\Windows\System\YNuidsC.exe
  C:\Windows\System\YNuidsC.exe
  2⤵
  PID:3644
- C:\Windows\System\KVwLlhh.exe
  C:\Windows\System\KVwLlhh.exe
  2⤵
  PID:3664
- C:\Windows\System\pjZptTe.exe
  C:\Windows\System\pjZptTe.exe
  2⤵
  PID:3684
- C:\Windows\System\iBHwhiw.exe
  C:\Windows\System\iBHwhiw.exe
  2⤵
  PID:3704
- C:\Windows\System\jGKbNSe.exe
  C:\Windows\System\jGKbNSe.exe
  2⤵
  PID:3724
- C:\Windows\System\WGMDeeg.exe
  C:\Windows\System\WGMDeeg.exe
  2⤵
  PID:3740
- C:\Windows\System\DLumdss.exe
  C:\Windows\System\DLumdss.exe
  2⤵
  PID:3760
- C:\Windows\System\WfwAmOx.exe
  C:\Windows\System\WfwAmOx.exe
  2⤵
  PID:3788
- C:\Windows\System\aLCFuFd.exe
  C:\Windows\System\aLCFuFd.exe
  2⤵
  PID:3808
- C:\Windows\System\OKsjrfS.exe
  C:\Windows\System\OKsjrfS.exe
  2⤵
  PID:3828
- C:\Windows\System\aCCzRgt.exe
  C:\Windows\System\aCCzRgt.exe
  2⤵
  PID:3848
- C:\Windows\System\bQfyMmZ.exe
  C:\Windows\System\bQfyMmZ.exe
  2⤵
  PID:3864
- C:\Windows\System\MPzHGvp.exe
  C:\Windows\System\MPzHGvp.exe
  2⤵
  PID:3884
- C:\Windows\System\DByvmiu.exe
  C:\Windows\System\DByvmiu.exe
  2⤵
  PID:3904
- C:\Windows\System\vtxPqHq.exe
  C:\Windows\System\vtxPqHq.exe
  2⤵
  PID:3924
- C:\Windows\System\PdPdKtO.exe
  C:\Windows\System\PdPdKtO.exe
  2⤵
  PID:3944
- C:\Windows\System\CoFSjfO.exe
  C:\Windows\System\CoFSjfO.exe
  2⤵
  PID:3964
- C:\Windows\System\eVoAuMI.exe
  C:\Windows\System\eVoAuMI.exe
  2⤵
  PID:3984
- C:\Windows\System\HHOrtHE.exe
  C:\Windows\System\HHOrtHE.exe
  2⤵
  PID:4004
- C:\Windows\System\DqQjljZ.exe
  C:\Windows\System\DqQjljZ.exe
  2⤵
  PID:4028
- C:\Windows\System\KZJkaHI.exe
  C:\Windows\System\KZJkaHI.exe
  2⤵
  PID:4048
- C:\Windows\System\pdreqZN.exe
  C:\Windows\System\pdreqZN.exe
  2⤵
  PID:4064
- C:\Windows\System\xqoCFOF.exe
  C:\Windows\System\xqoCFOF.exe
  2⤵
  PID:4080
- C:\Windows\System\aobFOob.exe
  C:\Windows\System\aobFOob.exe
  2⤵
  PID:2888
- C:\Windows\System\Nrcrbae.exe
  C:\Windows\System\Nrcrbae.exe
  2⤵
  PID:2444
- C:\Windows\System\VRMfxmt.exe
  C:\Windows\System\VRMfxmt.exe
  2⤵
  PID:948
- C:\Windows\System\ysmZGtK.exe
  C:\Windows\System\ysmZGtK.exe
  2⤵
  PID:2808
- C:\Windows\System\nILEBFg.exe
  C:\Windows\System\nILEBFg.exe
  2⤵
  PID:3144
- C:\Windows\System\zlbTaiO.exe
  C:\Windows\System\zlbTaiO.exe
  2⤵
  PID:1896
- C:\Windows\System\HKYzcwQ.exe
  C:\Windows\System\HKYzcwQ.exe
  2⤵
  PID:3188
- C:\Windows\System\cxHGlzM.exe
  C:\Windows\System\cxHGlzM.exe
  2⤵
  PID:3224
- C:\Windows\System\EJbPSRN.exe
  C:\Windows\System\EJbPSRN.exe
  2⤵
  PID:3228
- C:\Windows\System\nGCkVZx.exe
  C:\Windows\System\nGCkVZx.exe
  2⤵
  PID:3272
- C:\Windows\System\gMbabou.exe
  C:\Windows\System\gMbabou.exe
  2⤵
  PID:3288
- C:\Windows\System\TStZIdP.exe
  C:\Windows\System\TStZIdP.exe
  2⤵
  PID:3296
- C:\Windows\System\euOBNrI.exe
  C:\Windows\System\euOBNrI.exe
  2⤵
  PID:3352
- C:\Windows\System\NKYgJRU.exe
  C:\Windows\System\NKYgJRU.exe
  2⤵
  PID:3392
- C:\Windows\System\fwUkZwx.exe
  C:\Windows\System\fwUkZwx.exe
  2⤵
  PID:3444
- C:\Windows\System\GKStcAG.exe
  C:\Windows\System\GKStcAG.exe
  2⤵
  PID:3456
- C:\Windows\System\NMwNGfW.exe
  C:\Windows\System\NMwNGfW.exe
  2⤵
  PID:3496
- C:\Windows\System\KscsyMp.exe
  C:\Windows\System\KscsyMp.exe
  2⤵
  PID:1680
- C:\Windows\System\FHAnOom.exe
  C:\Windows\System\FHAnOom.exe
  2⤵
  PID:3596
- C:\Windows\System\TyFnDdq.exe
  C:\Windows\System\TyFnDdq.exe
  2⤵
  PID:3640
- C:\Windows\System\cAhsobL.exe
  C:\Windows\System\cAhsobL.exe
  2⤵
  PID:3672
- C:\Windows\System\xyKesVp.exe
  C:\Windows\System\xyKesVp.exe
  2⤵
  PID:3716
- C:\Windows\System\VVqWIvW.exe
  C:\Windows\System\VVqWIvW.exe
  2⤵
  PID:3660
- C:\Windows\System\MZesTJw.exe
  C:\Windows\System\MZesTJw.exe
  2⤵
  PID:3796
- C:\Windows\System\ElQAzAd.exe
  C:\Windows\System\ElQAzAd.exe
  2⤵
  PID:3772
- C:\Windows\System\NcHuwzR.exe
  C:\Windows\System\NcHuwzR.exe
  2⤵
  PID:3780
- C:\Windows\System\NPbkFdl.exe
  C:\Windows\System\NPbkFdl.exe
  2⤵
  PID:3844
- C:\Windows\System\FYSGkTb.exe
  C:\Windows\System\FYSGkTb.exe
  2⤵
  PID:2540
- C:\Windows\System\LTNfhil.exe
  C:\Windows\System\LTNfhil.exe
  2⤵
  PID:3920
- C:\Windows\System\NGCZrVQ.exe
  C:\Windows\System\NGCZrVQ.exe
  2⤵
  PID:3896
- C:\Windows\System\RBHzPAQ.exe
  C:\Windows\System\RBHzPAQ.exe
  2⤵
  PID:2052
- C:\Windows\System\ZuupUhn.exe
  C:\Windows\System\ZuupUhn.exe
  2⤵
  PID:3936
- C:\Windows\System\fdIqzAP.exe
  C:\Windows\System\fdIqzAP.exe
  2⤵
  PID:3972
- C:\Windows\System\XKFLsXf.exe
  C:\Windows\System\XKFLsXf.exe
  2⤵
  PID:4072
- C:\Windows\System\hbZhJvI.exe
  C:\Windows\System\hbZhJvI.exe
  2⤵
  PID:4020
- C:\Windows\System\vognBmd.exe
  C:\Windows\System\vognBmd.exe
  2⤵
  PID:4056
- C:\Windows\System\MRXuRNi.exe
  C:\Windows\System\MRXuRNi.exe
  2⤵
  PID:2896
- C:\Windows\System\yZgbTvq.exe
  C:\Windows\System\yZgbTvq.exe
  2⤵
  PID:3132
- C:\Windows\System\mrHeKqB.exe
  C:\Windows\System\mrHeKqB.exe
  2⤵
  PID:2908
- C:\Windows\System\ixbewhP.exe
  C:\Windows\System\ixbewhP.exe
  2⤵
  PID:3112
- C:\Windows\System\sUmKKTB.exe
  C:\Windows\System\sUmKKTB.exe
  2⤵
  PID:3192
- C:\Windows\System\LfrMqBN.exe
  C:\Windows\System\LfrMqBN.exe
  2⤵
  PID:2200
- C:\Windows\System\lBzWooy.exe
  C:\Windows\System\lBzWooy.exe
  2⤵
  PID:3212
- C:\Windows\System\fFkjjJn.exe
  C:\Windows\System\fFkjjJn.exe
  2⤵
  PID:3468
- C:\Windows\System\AKDSlnD.exe
  C:\Windows\System\AKDSlnD.exe
  2⤵
  PID:3428
- C:\Windows\System\dwXIXca.exe
  C:\Windows\System\dwXIXca.exe
  2⤵
  PID:3600
- C:\Windows\System\amkeVgT.exe
  C:\Windows\System\amkeVgT.exe
  2⤵
  PID:3632
- C:\Windows\System\AeUjlPP.exe
  C:\Windows\System\AeUjlPP.exe
  2⤵
  PID:3580
- C:\Windows\System\HUmLQhd.exe
  C:\Windows\System\HUmLQhd.exe
  2⤵
  PID:3620
- C:\Windows\System\arwWhDI.exe
  C:\Windows\System\arwWhDI.exe
  2⤵
  PID:3652
- C:\Windows\System\bbKbZad.exe
  C:\Windows\System\bbKbZad.exe
  2⤵
  PID:3768
- C:\Windows\System\TNWQqMJ.exe
  C:\Windows\System\TNWQqMJ.exe
  2⤵
  PID:3840
- C:\Windows\System\fCByOPQ.exe
  C:\Windows\System\fCByOPQ.exe
  2⤵
  PID:3912
- C:\Windows\System\jjCRhfe.exe
  C:\Windows\System\jjCRhfe.exe
  2⤵
  PID:3952
- C:\Windows\System\qNQDwzt.exe
  C:\Windows\System\qNQDwzt.exe
  2⤵
  PID:4044
- C:\Windows\System\mRwCuqz.exe
  C:\Windows\System\mRwCuqz.exe
  2⤵
  PID:4024
- C:\Windows\System\nvxzGrI.exe
  C:\Windows\System\nvxzGrI.exe
  2⤵
  PID:2812
- C:\Windows\System\DawTfnf.exe
  C:\Windows\System\DawTfnf.exe
  2⤵
  PID:3088
- C:\Windows\System\DAxasdk.exe
  C:\Windows\System\DAxasdk.exe
  2⤵
  PID:3248
- C:\Windows\System\wIEXyHg.exe
  C:\Windows\System\wIEXyHg.exe
  2⤵
  PID:3312
- C:\Windows\System\MAfEzTm.exe
  C:\Windows\System\MAfEzTm.exe
  2⤵
  PID:3184
- C:\Windows\System\uqeJLFK.exe
  C:\Windows\System\uqeJLFK.exe
  2⤵
  PID:3356
- C:\Windows\System\rDNUoLi.exe
  C:\Windows\System\rDNUoLi.exe
  2⤵
  PID:3472
- C:\Windows\System\VwvxzTR.exe
  C:\Windows\System\VwvxzTR.exe
  2⤵
  PID:2960
- C:\Windows\System\EDxXcjH.exe
  C:\Windows\System\EDxXcjH.exe
  2⤵
  PID:3536
- C:\Windows\System\BhlIexA.exe
  C:\Windows\System\BhlIexA.exe
  2⤵
  PID:3752
- C:\Windows\System\deGuXoY.exe
  C:\Windows\System\deGuXoY.exe
  2⤵
  PID:3736
- C:\Windows\System\RYrsifA.exe
  C:\Windows\System\RYrsifA.exe
  2⤵
  PID:3932
- C:\Windows\System\ZyGidgx.exe
  C:\Windows\System\ZyGidgx.exe
  2⤵
  PID:3856
- C:\Windows\System\toMBBXx.exe
  C:\Windows\System\toMBBXx.exe
  2⤵
  PID:1796
- C:\Windows\System\FrujqhD.exe
  C:\Windows\System\FrujqhD.exe
  2⤵
  PID:2648
- C:\Windows\System\HExaGDl.exe
  C:\Windows\System\HExaGDl.exe
  2⤵
  PID:1208
- C:\Windows\System\vGEHeGH.exe
  C:\Windows\System\vGEHeGH.exe
  2⤵
  PID:2228
- C:\Windows\System\kvJGyzO.exe
  C:\Windows\System\kvJGyzO.exe
  2⤵
  PID:4092
- C:\Windows\System\DMEPfZr.exe
  C:\Windows\System\DMEPfZr.exe
  2⤵
  PID:1576
- C:\Windows\System\MJqRjcj.exe
  C:\Windows\System\MJqRjcj.exe
  2⤵
  PID:3980
- C:\Windows\System\KEgEZgF.exe
  C:\Windows\System\KEgEZgF.exe
  2⤵
  PID:3204
- C:\Windows\System\BnNnqPt.exe
  C:\Windows\System\BnNnqPt.exe
  2⤵
  PID:1988
- C:\Windows\System\uItbbqq.exe
  C:\Windows\System\uItbbqq.exe
  2⤵
  PID:3488
- C:\Windows\System\laEAthR.exe
  C:\Windows\System\laEAthR.exe
  2⤵
  PID:3860
- C:\Windows\System\WiQtoUC.exe
  C:\Windows\System\WiQtoUC.exe
  2⤵
  PID:3892
- C:\Windows\System\buanHFB.exe
  C:\Windows\System\buanHFB.exe
  2⤵
  PID:3564
- C:\Windows\System\HvjGWjb.exe
  C:\Windows\System\HvjGWjb.exe
  2⤵
  PID:3000
- C:\Windows\System\CbxEvmH.exe
  C:\Windows\System\CbxEvmH.exe
  2⤵
  PID:1560
- C:\Windows\System\NkfqIyD.exe
  C:\Windows\System\NkfqIyD.exe
  2⤵
  PID:3820
- C:\Windows\System\TfvgwpV.exe
  C:\Windows\System\TfvgwpV.exe
  2⤵
  PID:3696
- C:\Windows\System\gGkzYyu.exe
  C:\Windows\System\gGkzYyu.exe
  2⤵
  PID:1748
- C:\Windows\System\JkmLzlk.exe
  C:\Windows\System\JkmLzlk.exe
  2⤵
  PID:2924
- C:\Windows\System\aRGZzOp.exe
  C:\Windows\System\aRGZzOp.exe
  2⤵
  PID:3276
- C:\Windows\System\kmnHngF.exe
  C:\Windows\System\kmnHngF.exe
  2⤵
  PID:3756
- C:\Windows\System\quyOgzI.exe
  C:\Windows\System\quyOgzI.exe
  2⤵
  PID:4112
- C:\Windows\System\xnusjoT.exe
  C:\Windows\System\xnusjoT.exe
  2⤵
  PID:4132
- C:\Windows\System\WxBkvqh.exe
  C:\Windows\System\WxBkvqh.exe
  2⤵
  PID:4148
- C:\Windows\System\TRcpKbn.exe
  C:\Windows\System\TRcpKbn.exe
  2⤵
  PID:4180
- C:\Windows\System\uKlOdOP.exe
  C:\Windows\System\uKlOdOP.exe
  2⤵
  PID:4200
- C:\Windows\System\ZOoSTND.exe
  C:\Windows\System\ZOoSTND.exe
  2⤵
  PID:4220
- C:\Windows\System\oMAubdj.exe
  C:\Windows\System\oMAubdj.exe
  2⤵
  PID:4244
- C:\Windows\System\vqNaxJx.exe
  C:\Windows\System\vqNaxJx.exe
  2⤵
  PID:4264
- C:\Windows\System\XbDPexo.exe
  C:\Windows\System\XbDPexo.exe
  2⤵
  PID:4280
- C:\Windows\System\LnFowzA.exe
  C:\Windows\System\LnFowzA.exe
  2⤵
  PID:4308
- C:\Windows\System\ahFSbfz.exe
  C:\Windows\System\ahFSbfz.exe
  2⤵
  PID:4328
- C:\Windows\System\bgHvHZN.exe
  C:\Windows\System\bgHvHZN.exe
  2⤵
  PID:4348
- C:\Windows\System\peoUatk.exe
  C:\Windows\System\peoUatk.exe
  2⤵
  PID:4364
- C:\Windows\System\MUDqJtv.exe
  C:\Windows\System\MUDqJtv.exe
  2⤵
  PID:4388
- C:\Windows\System\hkLCCwg.exe
  C:\Windows\System\hkLCCwg.exe
  2⤵
  PID:4408
- C:\Windows\System\LcPOjjJ.exe
  C:\Windows\System\LcPOjjJ.exe
  2⤵
  PID:4428
- C:\Windows\System\LCuMtiZ.exe
  C:\Windows\System\LCuMtiZ.exe
  2⤵
  PID:4444
- C:\Windows\System\hFIwjKD.exe
  C:\Windows\System\hFIwjKD.exe
  2⤵
  PID:4464
- C:\Windows\System\kDTJMxa.exe
  C:\Windows\System\kDTJMxa.exe
  2⤵
  PID:4492
- C:\Windows\System\zffGfJR.exe
  C:\Windows\System\zffGfJR.exe
  2⤵
  PID:4508
- C:\Windows\System\fyHSoDy.exe
  C:\Windows\System\fyHSoDy.exe
  2⤵
  PID:4528
- C:\Windows\System\YAJIEnG.exe
  C:\Windows\System\YAJIEnG.exe
  2⤵
  PID:4544
- C:\Windows\System\fHMjfgg.exe
  C:\Windows\System\fHMjfgg.exe
  2⤵
  PID:4564
- C:\Windows\System\MymzUfU.exe
  C:\Windows\System\MymzUfU.exe
  2⤵
  PID:4592
- C:\Windows\System\vKJNEZn.exe
  C:\Windows\System\vKJNEZn.exe
  2⤵
  PID:4608
- C:\Windows\System\PwGUhUY.exe
  C:\Windows\System\PwGUhUY.exe
  2⤵
  PID:4628
- C:\Windows\System\FHmpUND.exe
  C:\Windows\System\FHmpUND.exe
  2⤵
  PID:4644
- C:\Windows\System\BYBYZNe.exe
  C:\Windows\System\BYBYZNe.exe
  2⤵
  PID:4664
- C:\Windows\System\GQlXmRJ.exe
  C:\Windows\System\GQlXmRJ.exe
  2⤵
  PID:4684
- C:\Windows\System\KAiuSCd.exe
  C:\Windows\System\KAiuSCd.exe
  2⤵
  PID:4712
- C:\Windows\System\iFDzkFy.exe
  C:\Windows\System\iFDzkFy.exe
  2⤵
  PID:4728
- C:\Windows\System\dsFMvxl.exe
  C:\Windows\System\dsFMvxl.exe
  2⤵
  PID:4748
- C:\Windows\System\QQGpcNb.exe
  C:\Windows\System\QQGpcNb.exe
  2⤵
  PID:4764
- C:\Windows\System\BzKJqeL.exe
  C:\Windows\System\BzKJqeL.exe
  2⤵
  PID:4780
- C:\Windows\System\mCLRpIc.exe
  C:\Windows\System\mCLRpIc.exe
  2⤵
  PID:4804
- C:\Windows\System\OvYTNLD.exe
  C:\Windows\System\OvYTNLD.exe
  2⤵
  PID:4832
- C:\Windows\System\zTJDVZL.exe
  C:\Windows\System\zTJDVZL.exe
  2⤵
  PID:4848
- C:\Windows\System\SaFMzJB.exe
  C:\Windows\System\SaFMzJB.exe
  2⤵
  PID:4864
- C:\Windows\System\RabfRhf.exe
  C:\Windows\System\RabfRhf.exe
  2⤵
  PID:4884
- C:\Windows\System\KmlZVVf.exe
  C:\Windows\System\KmlZVVf.exe
  2⤵
  PID:4900
- C:\Windows\System\GgIzKiN.exe
  C:\Windows\System\GgIzKiN.exe
  2⤵
  PID:4932
- C:\Windows\System\nqIwjsY.exe
  C:\Windows\System\nqIwjsY.exe
  2⤵
  PID:4956
- C:\Windows\System\ozkAJsq.exe
  C:\Windows\System\ozkAJsq.exe
  2⤵
  PID:4972
- C:\Windows\System\GtdqZPA.exe
  C:\Windows\System\GtdqZPA.exe
  2⤵
  PID:4988
- C:\Windows\System\NENrIrW.exe
  C:\Windows\System\NENrIrW.exe
  2⤵
  PID:5012
- C:\Windows\System\spzHbYb.exe
  C:\Windows\System\spzHbYb.exe
  2⤵
  PID:5028
- C:\Windows\System\GRpyRjY.exe
  C:\Windows\System\GRpyRjY.exe
  2⤵
  PID:5052
- C:\Windows\System\jQBcCmk.exe
  C:\Windows\System\jQBcCmk.exe
  2⤵
  PID:5076
- C:\Windows\System\dylZxEe.exe
  C:\Windows\System\dylZxEe.exe
  2⤵
  PID:5092
- C:\Windows\System\Cxdywmj.exe
  C:\Windows\System\Cxdywmj.exe
  2⤵
  PID:5108
- C:\Windows\System\hIUSMbn.exe
  C:\Windows\System\hIUSMbn.exe
  2⤵
  PID:2196
- C:\Windows\System\JgGYFIO.exe
  C:\Windows\System\JgGYFIO.exe
  2⤵
  PID:4124
- C:\Windows\System\SzFjWyA.exe
  C:\Windows\System\SzFjWyA.exe
  2⤵
  PID:3712
- C:\Windows\System\xaAfxsp.exe
  C:\Windows\System\xaAfxsp.exe
  2⤵
  PID:1728
- C:\Windows\System\eBRDYcI.exe
  C:\Windows\System\eBRDYcI.exe
  2⤵
  PID:2776
- C:\Windows\System\GuLGUwp.exe
  C:\Windows\System\GuLGUwp.exe
  2⤵
  PID:4164
- C:\Windows\System\qcGnwVm.exe
  C:\Windows\System\qcGnwVm.exe
  2⤵
  PID:4212
- C:\Windows\System\wRtTRpn.exe
  C:\Windows\System\wRtTRpn.exe
  2⤵
  PID:2884
- C:\Windows\System\YvYsrnb.exe
  C:\Windows\System\YvYsrnb.exe
  2⤵
  PID:4240
- C:\Windows\System\VMwgZRY.exe
  C:\Windows\System\VMwgZRY.exe
  2⤵
  PID:1844
- C:\Windows\System\eiARPyO.exe
  C:\Windows\System\eiARPyO.exe
  2⤵
  PID:2168
- C:\Windows\System\xfhKHOs.exe
  C:\Windows\System\xfhKHOs.exe
  2⤵
  PID:4372
- C:\Windows\System\eytobrj.exe
  C:\Windows\System\eytobrj.exe
  2⤵
  PID:4376
- C:\Windows\System\RgWAbuJ.exe
  C:\Windows\System\RgWAbuJ.exe
  2⤵
  PID:4416
- C:\Windows\System\fXaypNl.exe
  C:\Windows\System\fXaypNl.exe
  2⤵
  PID:4460
- C:\Windows\System\SiOPvEw.exe
  C:\Windows\System\SiOPvEw.exe
  2⤵
  PID:4400
- C:\Windows\System\jqblVoA.exe
  C:\Windows\System\jqblVoA.exe
  2⤵
  PID:4476
- C:\Windows\System\kNqXzhu.exe
  C:\Windows\System\kNqXzhu.exe
  2⤵
  PID:4488
- C:\Windows\System\UijEaVn.exe
  C:\Windows\System\UijEaVn.exe
  2⤵
  PID:4540
- C:\Windows\System\vhmntKc.exe
  C:\Windows\System\vhmntKc.exe
  2⤵
  PID:4580
- C:\Windows\System\uFVTcVy.exe
  C:\Windows\System\uFVTcVy.exe
  2⤵
  PID:3524
- C:\Windows\System\xIxtaTw.exe
  C:\Windows\System\xIxtaTw.exe
  2⤵
  PID:4604
- C:\Windows\System\RAxagWj.exe
  C:\Windows\System\RAxagWj.exe
  2⤵
  PID:4660
- C:\Windows\System\TnHsEkJ.exe
  C:\Windows\System\TnHsEkJ.exe
  2⤵
  PID:4708
- C:\Windows\System\iYaGEGs.exe
  C:\Windows\System\iYaGEGs.exe
  2⤵
  PID:2396
- C:\Windows\System\VpyssHG.exe
  C:\Windows\System\VpyssHG.exe
  2⤵
  PID:4740
- C:\Windows\System\tYzCqWQ.exe
  C:\Windows\System\tYzCqWQ.exe
  2⤵
  PID:1764
- C:\Windows\System\slFHGPT.exe
  C:\Windows\System\slFHGPT.exe
  2⤵
  PID:4820
- C:\Windows\System\ShNDXvf.exe
  C:\Windows\System\ShNDXvf.exe
  2⤵
  PID:4788
- C:\Windows\System\kElEnfF.exe
  C:\Windows\System\kElEnfF.exe
  2⤵
  PID:4856
- C:\Windows\System\xMOLHjo.exe
  C:\Windows\System\xMOLHjo.exe
  2⤵
  PID:340
- C:\Windows\System\WCQHJKy.exe
  C:\Windows\System\WCQHJKy.exe
  2⤵
  PID:4916
- C:\Windows\System\NzMrLlS.exe
  C:\Windows\System\NzMrLlS.exe
  2⤵
  PID:4940
- C:\Windows\System\UbtSMaX.exe
  C:\Windows\System\UbtSMaX.exe
  2⤵
  PID:2244
- C:\Windows\System\GJcSCca.exe
  C:\Windows\System\GJcSCca.exe
  2⤵
  PID:5024
- C:\Windows\System\NFpaykG.exe
  C:\Windows\System\NFpaykG.exe
  2⤵
  PID:5000
- C:\Windows\System\XybuwFR.exe
  C:\Windows\System\XybuwFR.exe
  2⤵
  PID:5036
- C:\Windows\System\ropYuMQ.exe
  C:\Windows\System\ropYuMQ.exe
  2⤵
  PID:2328
- C:\Windows\System\vltOsSz.exe
  C:\Windows\System\vltOsSz.exe
  2⤵
  PID:5068
- C:\Windows\System\rVXmtAZ.exe
  C:\Windows\System\rVXmtAZ.exe
  2⤵
  PID:4120
- C:\Windows\System\pQaRSUo.exe
  C:\Windows\System\pQaRSUo.exe
  2⤵
  PID:352
- C:\Windows\System\zDVlYWQ.exe
  C:\Windows\System\zDVlYWQ.exe
  2⤵
  PID:4140
- C:\Windows\System\seBPoPS.exe
  C:\Windows\System\seBPoPS.exe
  2⤵
  PID:4192
- C:\Windows\System\kumBqTs.exe
  C:\Windows\System\kumBqTs.exe
  2⤵
  PID:4256
- C:\Windows\System\UwXZcxd.exe
  C:\Windows\System\UwXZcxd.exe
  2⤵
  PID:4292
- C:\Windows\System\VBxxSkI.exe
  C:\Windows\System\VBxxSkI.exe
  2⤵
  PID:4344
- C:\Windows\System\FtkmmsE.exe
  C:\Windows\System\FtkmmsE.exe
  2⤵
  PID:4356
- C:\Windows\System\RzIufnM.exe
  C:\Windows\System\RzIufnM.exe
  2⤵
  PID:4480
- C:\Windows\System\BqzPPPm.exe
  C:\Windows\System\BqzPPPm.exe
  2⤵
  PID:4380
- C:\Windows\System\VCCEJMn.exe
  C:\Windows\System\VCCEJMn.exe
  2⤵
  PID:4576
- C:\Windows\System\geAmPRx.exe
  C:\Windows\System\geAmPRx.exe
  2⤵
  PID:4440
- C:\Windows\System\EKqMwoG.exe
  C:\Windows\System\EKqMwoG.exe
  2⤵
  PID:4560
- C:\Windows\System\OTKKTvB.exe
  C:\Windows\System\OTKKTvB.exe
  2⤵
  PID:2564
- C:\Windows\System\xasfoSu.exe
  C:\Windows\System\xasfoSu.exe
  2⤵
  PID:1532
- C:\Windows\System\eErOjap.exe
  C:\Windows\System\eErOjap.exe
  2⤵
  PID:4680
- C:\Windows\System\FtSDWEr.exe
  C:\Windows\System\FtSDWEr.exe
  2⤵
  PID:4704
- C:\Windows\System\xndSVVL.exe
  C:\Windows\System\xndSVVL.exe
  2⤵
  PID:2800
- C:\Windows\System\PCvdbGN.exe
  C:\Windows\System\PCvdbGN.exe
  2⤵
  PID:4828
- C:\Windows\System\mYAXdiK.exe
  C:\Windows\System\mYAXdiK.exe
  2⤵
  PID:3056
- C:\Windows\System\TejPsPq.exe
  C:\Windows\System\TejPsPq.exe
  2⤵
  PID:4908
- C:\Windows\System\hNwuVCk.exe
  C:\Windows\System\hNwuVCk.exe
  2⤵
  PID:4968
- C:\Windows\System\HINaiyn.exe
  C:\Windows\System\HINaiyn.exe
  2⤵
  PID:4996
- C:\Windows\System\bgbGrfH.exe
  C:\Windows\System\bgbGrfH.exe
  2⤵
  PID:5004
- C:\Windows\System\HOXHqUI.exe
  C:\Windows\System\HOXHqUI.exe
  2⤵
  PID:3412
- C:\Windows\System\JkzICDp.exe
  C:\Windows\System\JkzICDp.exe
  2⤵
  PID:2768
- C:\Windows\System\kXgYZXN.exe
  C:\Windows\System\kXgYZXN.exe
  2⤵
  PID:3824
- C:\Windows\System\cGQTYsK.exe
  C:\Windows\System\cGQTYsK.exe
  2⤵
  PID:3476
- C:\Windows\System\fAnDeLp.exe
  C:\Windows\System\fAnDeLp.exe
  2⤵
  PID:4168
- C:\Windows\System\OxyPaLA.exe
  C:\Windows\System\OxyPaLA.exe
  2⤵
  PID:4228
- C:\Windows\System\iqOFMLZ.exe
  C:\Windows\System\iqOFMLZ.exe
  2⤵
  PID:4276
- C:\Windows\System\AZyCciE.exe
  C:\Windows\System\AZyCciE.exe
  2⤵
  PID:4340
- C:\Windows\System\uIuggkR.exe
  C:\Windows\System\uIuggkR.exe
  2⤵
  PID:4572
- C:\Windows\System\gNLGbxf.exe
  C:\Windows\System\gNLGbxf.exe
  2⤵
  PID:4524
- C:\Windows\System\jXqvpgS.exe
  C:\Windows\System\jXqvpgS.exe
  2⤵
  PID:4624
- C:\Windows\System\QSgHrkL.exe
  C:\Windows\System\QSgHrkL.exe
  2⤵
  PID:4616
- C:\Windows\System\mIzmbXB.exe
  C:\Windows\System\mIzmbXB.exe
  2⤵
  PID:4696
- C:\Windows\System\XwQtafg.exe
  C:\Windows\System\XwQtafg.exe
  2⤵
  PID:4796
- C:\Windows\System\McPVaNK.exe
  C:\Windows\System\McPVaNK.exe
  2⤵
  PID:4880
- C:\Windows\System\DQOMrRe.exe
  C:\Windows\System\DQOMrRe.exe
  2⤵
  PID:4736
- C:\Windows\System\GPzVFLJ.exe
  C:\Windows\System\GPzVFLJ.exe
  2⤵
  PID:4948
- C:\Windows\System\tCbCyHN.exe
  C:\Windows\System\tCbCyHN.exe
  2⤵
  PID:4912
- C:\Windows\System\JiRPqZG.exe
  C:\Windows\System\JiRPqZG.exe
  2⤵
  PID:5060
- C:\Windows\System\YZfPLRP.exe
  C:\Windows\System\YZfPLRP.exe
  2⤵
  PID:2628
- C:\Windows\System\evpxjbZ.exe
  C:\Windows\System\evpxjbZ.exe
  2⤵
  PID:348
- C:\Windows\System\qimjrHX.exe
  C:\Windows\System\qimjrHX.exe
  2⤵
  PID:5100
- C:\Windows\System\dOGVmns.exe
  C:\Windows\System\dOGVmns.exe
  2⤵
  PID:4396
- C:\Windows\System\fKZUICg.exe
  C:\Windows\System\fKZUICg.exe
  2⤵
  PID:4420
- C:\Windows\System\zURFOjh.exe
  C:\Windows\System\zURFOjh.exe
  2⤵
  PID:4260
- C:\Windows\System\cuaCKOG.exe
  C:\Windows\System\cuaCKOG.exe
  2⤵
  PID:4860
- C:\Windows\System\hLrwiIz.exe
  C:\Windows\System\hLrwiIz.exe
  2⤵
  PID:4672
- C:\Windows\System\DOZIxEQ.exe
  C:\Windows\System\DOZIxEQ.exe
  2⤵
  PID:4724
- C:\Windows\System\BdbMeLl.exe
  C:\Windows\System\BdbMeLl.exe
  2⤵
  PID:4556
- C:\Windows\System\mwYbSKP.exe
  C:\Windows\System\mwYbSKP.exe
  2⤵
  PID:2976
- C:\Windows\System\fvKSfvy.exe
  C:\Windows\System\fvKSfvy.exe
  2⤵
  PID:4984
- C:\Windows\System\iTORjnh.exe
  C:\Windows\System\iTORjnh.exe
  2⤵
  PID:5048
- C:\Windows\System\XLZEkdv.exe
  C:\Windows\System\XLZEkdv.exe
  2⤵
  PID:944
- C:\Windows\System\QqFBBZb.exe
  C:\Windows\System\QqFBBZb.exe
  2⤵
  PID:5084
- C:\Windows\System\FBzJTJr.exe
  C:\Windows\System\FBzJTJr.exe
  2⤵
  PID:3028
- C:\Windows\System\XnAKAWW.exe
  C:\Windows\System\XnAKAWW.exe
  2⤵
  PID:4896
- C:\Windows\System\ENHrseq.exe
  C:\Windows\System\ENHrseq.exe
  2⤵
  PID:4232
- C:\Windows\System\nPSfKFZ.exe
  C:\Windows\System\nPSfKFZ.exe
  2⤵
  PID:3116
- C:\Windows\System\UNAaBiR.exe
  C:\Windows\System\UNAaBiR.exe
  2⤵
  PID:5128
- C:\Windows\System\PJtkOnC.exe
  C:\Windows\System\PJtkOnC.exe
  2⤵
  PID:5144
- C:\Windows\System\HecbTSQ.exe
  C:\Windows\System\HecbTSQ.exe
  2⤵
  PID:5160
- C:\Windows\System\yMdufER.exe
  C:\Windows\System\yMdufER.exe
  2⤵
  PID:5180
- C:\Windows\System\lWBVofl.exe
  C:\Windows\System\lWBVofl.exe
  2⤵
  PID:5196
- C:\Windows\System\HvcLJQz.exe
  C:\Windows\System\HvcLJQz.exe
  2⤵
  PID:5212
- C:\Windows\System\YzVpRSY.exe
  C:\Windows\System\YzVpRSY.exe
  2⤵
  PID:5228
- C:\Windows\System\DdadVpA.exe
  C:\Windows\System\DdadVpA.exe
  2⤵
  PID:5244
- C:\Windows\System\eNnyNTn.exe
  C:\Windows\System\eNnyNTn.exe
  2⤵
  PID:5260
- C:\Windows\System\GYLJNiT.exe
  C:\Windows\System\GYLJNiT.exe
  2⤵
  PID:5276
- C:\Windows\System\VETUhMQ.exe
  C:\Windows\System\VETUhMQ.exe
  2⤵
  PID:5292
- C:\Windows\System\qexkAyZ.exe
  C:\Windows\System\qexkAyZ.exe
  2⤵
  PID:5308
- C:\Windows\System\UyZDGcR.exe
  C:\Windows\System\UyZDGcR.exe
  2⤵
  PID:5324
- C:\Windows\System\LhBpjKo.exe
  C:\Windows\System\LhBpjKo.exe
  2⤵
  PID:5340
- C:\Windows\System\lCdfkcg.exe
  C:\Windows\System\lCdfkcg.exe
  2⤵
  PID:5356
- C:\Windows\System\uZWWLPl.exe
  C:\Windows\System\uZWWLPl.exe
  2⤵
  PID:5372
- C:\Windows\System\ytRUagu.exe
  C:\Windows\System\ytRUagu.exe
  2⤵
  PID:5388
- C:\Windows\System\BxGzWeE.exe
  C:\Windows\System\BxGzWeE.exe
  2⤵
  PID:5404
- C:\Windows\System\eltzDzs.exe
  C:\Windows\System\eltzDzs.exe
  2⤵
  PID:5424
- C:\Windows\System\czEIgER.exe
  C:\Windows\System\czEIgER.exe
  2⤵
  PID:5440
- C:\Windows\System\cBBquQE.exe
  C:\Windows\System\cBBquQE.exe
  2⤵
  PID:5456
- C:\Windows\System\lHFnmKC.exe
  C:\Windows\System\lHFnmKC.exe
  2⤵
  PID:5472
- C:\Windows\System\badccTC.exe
  C:\Windows\System\badccTC.exe
  2⤵
  PID:5488
- C:\Windows\System\TqDpjEq.exe
  C:\Windows\System\TqDpjEq.exe
  2⤵
  PID:5504
- C:\Windows\System\JyvEaTW.exe
  C:\Windows\System\JyvEaTW.exe
  2⤵
  PID:5520
- C:\Windows\System\YEKRsUw.exe
  C:\Windows\System\YEKRsUw.exe
  2⤵
  PID:5536
- C:\Windows\System\EZvxKNZ.exe
  C:\Windows\System\EZvxKNZ.exe
  2⤵
  PID:5552
- C:\Windows\System\KKxOAPc.exe
  C:\Windows\System\KKxOAPc.exe
  2⤵
  PID:5568
- C:\Windows\System\bLKNTam.exe
  C:\Windows\System\bLKNTam.exe
  2⤵
  PID:5584
- C:\Windows\System\bDNTSeQ.exe
  C:\Windows\System\bDNTSeQ.exe
  2⤵
  PID:5600
- C:\Windows\System\HSNimsm.exe
  C:\Windows\System\HSNimsm.exe
  2⤵
  PID:5616
- C:\Windows\System\pPABxpf.exe
  C:\Windows\System\pPABxpf.exe
  2⤵
  PID:5632
- C:\Windows\System\ElnxgTa.exe
  C:\Windows\System\ElnxgTa.exe
  2⤵
  PID:5648
- C:\Windows\System\pQzIxuM.exe
  C:\Windows\System\pQzIxuM.exe
  2⤵
  PID:5664
- C:\Windows\System\bIArROm.exe
  C:\Windows\System\bIArROm.exe
  2⤵
  PID:5680
- C:\Windows\System\XTIcynV.exe
  C:\Windows\System\XTIcynV.exe
  2⤵
  PID:5696
- C:\Windows\System\VrtvBia.exe
  C:\Windows\System\VrtvBia.exe
  2⤵
  PID:5712
- C:\Windows\System\xcdyaiB.exe
  C:\Windows\System\xcdyaiB.exe
  2⤵
  PID:5728
- C:\Windows\System\wtbyGCX.exe
  C:\Windows\System\wtbyGCX.exe
  2⤵
  PID:5744
- C:\Windows\System\fnQwuGc.exe
  C:\Windows\System\fnQwuGc.exe
  2⤵
  PID:5760
- C:\Windows\System\kYHiluD.exe
  C:\Windows\System\kYHiluD.exe
  2⤵
  PID:5780
- C:\Windows\System\Iznpnpd.exe
  C:\Windows\System\Iznpnpd.exe
  2⤵
  PID:5796
- C:\Windows\System\hMJNAiI.exe
  C:\Windows\System\hMJNAiI.exe
  2⤵
  PID:5812
- C:\Windows\System\JefsAoe.exe
  C:\Windows\System\JefsAoe.exe
  2⤵
  PID:5828
- C:\Windows\System\KkUdSdS.exe
  C:\Windows\System\KkUdSdS.exe
  2⤵
  PID:5844
- C:\Windows\System\KDaiYvI.exe
  C:\Windows\System\KDaiYvI.exe
  2⤵
  PID:5860
- C:\Windows\System\vYAatqX.exe
  C:\Windows\System\vYAatqX.exe
  2⤵
  PID:5876
- C:\Windows\System\rFUMLRr.exe
  C:\Windows\System\rFUMLRr.exe
  2⤵
  PID:5896
- C:\Windows\System\yPjwefU.exe
  C:\Windows\System\yPjwefU.exe
  2⤵
  PID:5916
- C:\Windows\System\JtooVBU.exe
  C:\Windows\System\JtooVBU.exe
  2⤵
  PID:5932
- C:\Windows\System\WTIhlac.exe
  C:\Windows\System\WTIhlac.exe
  2⤵
  PID:5948
- C:\Windows\System\MDlmqrM.exe
  C:\Windows\System\MDlmqrM.exe
  2⤵
  PID:5964
- C:\Windows\System\KDbGyXe.exe
  C:\Windows\System\KDbGyXe.exe
  2⤵
  PID:5980
- C:\Windows\System\XCtegux.exe
  C:\Windows\System\XCtegux.exe
  2⤵
  PID:5996
- C:\Windows\System\gBboGrW.exe
  C:\Windows\System\gBboGrW.exe
  2⤵
  PID:6012
- C:\Windows\System\uHPQzEL.exe
  C:\Windows\System\uHPQzEL.exe
  2⤵
  PID:6028
- C:\Windows\System\odpFnNs.exe
  C:\Windows\System\odpFnNs.exe
  2⤵
  PID:6044
- C:\Windows\System\XXTxgvY.exe
  C:\Windows\System\XXTxgvY.exe
  2⤵
  PID:6060
- C:\Windows\System\wizANrb.exe
  C:\Windows\System\wizANrb.exe
  2⤵
  PID:6076
- C:\Windows\System\QgoMHOc.exe
  C:\Windows\System\QgoMHOc.exe
  2⤵
  PID:6092
- C:\Windows\System\KPVZgHK.exe
  C:\Windows\System\KPVZgHK.exe
  2⤵
  PID:6108
- C:\Windows\System\xISiWUk.exe
  C:\Windows\System\xISiWUk.exe
  2⤵
  PID:6124
- C:\Windows\System\ZsgFCxH.exe
  C:\Windows\System\ZsgFCxH.exe
  2⤵
  PID:6140
- C:\Windows\System\mxOrSFn.exe
  C:\Windows\System\mxOrSFn.exe
  2⤵
  PID:4196
- C:\Windows\System\beRnmNG.exe
  C:\Windows\System\beRnmNG.exe
  2⤵
  PID:2404
- C:\Windows\System\uDidefc.exe
  C:\Windows\System\uDidefc.exe
  2⤵
  PID:5156
- C:\Windows\System\OVqJvHf.exe
  C:\Windows\System\OVqJvHf.exe
  2⤵
  PID:1776
- C:\Windows\System\tWWykWS.exe
  C:\Windows\System\tWWykWS.exe
  2⤵
  PID:5140
- C:\Windows\System\LSOqpqw.exe
  C:\Windows\System\LSOqpqw.exe
  2⤵
  PID:5192
- C:\Windows\System\AXhDOBR.exe
  C:\Windows\System\AXhDOBR.exe
  2⤵
  PID:5224
- C:\Windows\System\eLaBcFc.exe
  C:\Windows\System\eLaBcFc.exe
  2⤵
  PID:5240
- C:\Windows\System\ZnHHcgh.exe
  C:\Windows\System\ZnHHcgh.exe
  2⤵
  PID:5304
- C:\Windows\System\uYhrsMj.exe
  C:\Windows\System\uYhrsMj.exe
  2⤵
  PID:5320
- C:\Windows\System\GTenuze.exe
  C:\Windows\System\GTenuze.exe
  2⤵
  PID:2552
- C:\Windows\System\keDBtEi.exe
  C:\Windows\System\keDBtEi.exe
  2⤵
  PID:5332
- C:\Windows\System\BpZOBfc.exe
  C:\Windows\System\BpZOBfc.exe
  2⤵
  PID:5452
- C:\Windows\System\nLpYloV.exe
  C:\Windows\System\nLpYloV.exe
  2⤵
  PID:5516
- C:\Windows\System\AbCsIkj.exe
  C:\Windows\System\AbCsIkj.exe
  2⤵
  PID:5580
- C:\Windows\System\axaXMBO.exe
  C:\Windows\System\axaXMBO.exe
  2⤵
  PID:5364
- C:\Windows\System\TYupUug.exe
  C:\Windows\System\TYupUug.exe
  2⤵
  PID:5436
- C:\Windows\System\QnESHEC.exe
  C:\Windows\System\QnESHEC.exe
  2⤵
  PID:5564
- C:\Windows\System\leDOmpZ.exe
  C:\Windows\System\leDOmpZ.exe
  2⤵
  PID:5708
- C:\Windows\System\nyIiRhI.exe
  C:\Windows\System\nyIiRhI.exe
  2⤵
  PID:5692
- C:\Windows\System\IJpaOXY.exe
  C:\Windows\System\IJpaOXY.exe
  2⤵
  PID:5656
- C:\Windows\System\QNFVjaH.exe
  C:\Windows\System\QNFVjaH.exe
  2⤵
  PID:5532
- C:\Windows\System\BExjLUX.exe
  C:\Windows\System\BExjLUX.exe
  2⤵
  PID:5724
- C:\Windows\System\lhqVUHm.exe
  C:\Windows\System\lhqVUHm.exe
  2⤵
  PID:5768
- C:\Windows\System\dISimuu.exe
  C:\Windows\System\dISimuu.exe
  2⤵
  PID:5808
- C:\Windows\System\kYczStu.exe
  C:\Windows\System\kYczStu.exe
  2⤵
  PID:5788
- C:\Windows\System\ZIaeWVf.exe
  C:\Windows\System\ZIaeWVf.exe
  2⤵
  PID:5824
- C:\Windows\System\EMrlcsE.exe
  C:\Windows\System\EMrlcsE.exe
  2⤵
  PID:5904
- C:\Windows\System\qwNlWRw.exe
  C:\Windows\System\qwNlWRw.exe
  2⤵
  PID:5924
- C:\Windows\System\tVRNOUL.exe
  C:\Windows\System\tVRNOUL.exe
  2⤵
  PID:5960
- C:\Windows\System\AYtrnxY.exe
  C:\Windows\System\AYtrnxY.exe
  2⤵
  PID:6004
- C:\Windows\System\QHpetpf.exe
  C:\Windows\System\QHpetpf.exe
  2⤵
  PID:6036
- C:\Windows\System\YRadBOp.exe
  C:\Windows\System\YRadBOp.exe
  2⤵
  PID:6024
- C:\Windows\System\sbwQcxA.exe
  C:\Windows\System\sbwQcxA.exe
  2⤵
  PID:6100
- C:\Windows\System\acYjnOv.exe
  C:\Windows\System\acYjnOv.exe
  2⤵
  PID:6132
- C:\Windows\System\cluoYvq.exe
  C:\Windows\System\cluoYvq.exe
  2⤵
  PID:4288
- C:\Windows\System\GjxHoHq.exe
  C:\Windows\System\GjxHoHq.exe
  2⤵
  PID:824
- C:\Windows\System\GgMSMDx.exe
  C:\Windows\System\GgMSMDx.exe
  2⤵
  PID:5208
- C:\Windows\System\KamEIeP.exe
  C:\Windows\System\KamEIeP.exe
  2⤵
  PID:5172
- C:\Windows\System\YhiGJOd.exe
  C:\Windows\System\YhiGJOd.exe
  2⤵
  PID:5288
- C:\Windows\System\LPNhARf.exe
  C:\Windows\System\LPNhARf.exe
  2⤵
  PID:5484
- C:\Windows\System\OeBcTDR.exe
  C:\Windows\System\OeBcTDR.exe
  2⤵
  PID:5448
- C:\Windows\System\IXFsxvy.exe
  C:\Windows\System\IXFsxvy.exe
  2⤵
  PID:5548
- C:\Windows\System\FTHKlvq.exe
  C:\Windows\System\FTHKlvq.exe
  2⤵
  PID:5432
- C:\Windows\System\fIxJoFs.exe
  C:\Windows\System\fIxJoFs.exe
  2⤵
  PID:5396
- C:\Windows\System\WIcFAgw.exe
  C:\Windows\System\WIcFAgw.exe
  2⤵
  PID:5560
- C:\Windows\System\RUcpkyq.exe
  C:\Windows\System\RUcpkyq.exe
  2⤵
  PID:5720
- C:\Windows\System\WBoIDCm.exe
  C:\Windows\System\WBoIDCm.exe
  2⤵
  PID:5840
- C:\Windows\System\XobsdGt.exe
  C:\Windows\System\XobsdGt.exe
  2⤵
  PID:5972
- C:\Windows\System\FuSwCZZ.exe
  C:\Windows\System\FuSwCZZ.exe
  2⤵
  PID:5804
- C:\Windows\System\SltiwsP.exe
  C:\Windows\System\SltiwsP.exe
  2⤵
  PID:5944
- C:\Windows\System\lDgbKwN.exe
  C:\Windows\System\lDgbKwN.exe
  2⤵
  PID:6056
- C:\Windows\System\JfmDLNs.exe
  C:\Windows\System\JfmDLNs.exe
  2⤵
  PID:6068
- C:\Windows\System\CTdrACb.exe
  C:\Windows\System\CTdrACb.exe
  2⤵
  PID:4216
- C:\Windows\System\oSkJbGu.exe
  C:\Windows\System\oSkJbGu.exe
  2⤵
  PID:5136
- C:\Windows\System\BYZlOUN.exe
  C:\Windows\System\BYZlOUN.exe
  2⤵
  PID:4100
- C:\Windows\System\SjXEtxZ.exe
  C:\Windows\System\SjXEtxZ.exe
  2⤵
  PID:2952
- C:\Windows\System\uXLbqfy.exe
  C:\Windows\System\uXLbqfy.exe
  2⤵
  PID:5704
- C:\Windows\System\ocdofhz.exe
  C:\Windows\System\ocdofhz.exe
  2⤵
  PID:5956
- C:\Windows\System\QeydLZp.exe
  C:\Windows\System\QeydLZp.exe
  2⤵
  PID:6008
- C:\Windows\System\qpdqVFO.exe
  C:\Windows\System\qpdqVFO.exe
  2⤵
  PID:5820
- C:\Windows\System\mbRYepw.exe
  C:\Windows\System\mbRYepw.exe
  2⤵
  PID:6104
- C:\Windows\System\lUTODQN.exe
  C:\Windows\System\lUTODQN.exe
  2⤵
  PID:6020
- C:\Windows\System\jeAKstZ.exe
  C:\Windows\System\jeAKstZ.exe
  2⤵
  PID:4876
- C:\Windows\System\NArkvgk.exe
  C:\Windows\System\NArkvgk.exe
  2⤵
  PID:5416
- C:\Windows\System\jNcNcNA.exe
  C:\Windows\System\jNcNcNA.exe
  2⤵
  PID:5872
- C:\Windows\System\RRsfoWE.exe
  C:\Windows\System\RRsfoWE.exe
  2⤵
  PID:5672
- C:\Windows\System\NBdRIoE.exe
  C:\Windows\System\NBdRIoE.exe
  2⤵
  PID:6088
- C:\Windows\System\mIqCsQN.exe
  C:\Windows\System\mIqCsQN.exe
  2⤵
  PID:6152
- C:\Windows\System\Tkvqtdj.exe
  C:\Windows\System\Tkvqtdj.exe
  2⤵
  PID:6168
- C:\Windows\System\HygUuzc.exe
  C:\Windows\System\HygUuzc.exe
  2⤵
  PID:6184
- C:\Windows\System\FbHpnqk.exe
  C:\Windows\System\FbHpnqk.exe
  2⤵
  PID:6200
- C:\Windows\System\qtwHhid.exe
  C:\Windows\System\qtwHhid.exe
  2⤵
  PID:6216
- C:\Windows\System\umgtaaT.exe
  C:\Windows\System\umgtaaT.exe
  2⤵
  PID:6232
- C:\Windows\System\ZQuLsvS.exe
  C:\Windows\System\ZQuLsvS.exe
  2⤵
  PID:6248
- C:\Windows\System\vCIkHvv.exe
  C:\Windows\System\vCIkHvv.exe
  2⤵
  PID:6264
- C:\Windows\System\ObZnaps.exe
  C:\Windows\System\ObZnaps.exe
  2⤵
  PID:6280
- C:\Windows\System\RhKEmGs.exe
  C:\Windows\System\RhKEmGs.exe
  2⤵
  PID:6296
- C:\Windows\System\WwILMDz.exe
  C:\Windows\System\WwILMDz.exe
  2⤵
  PID:6312
- C:\Windows\System\ijuKrcx.exe
  C:\Windows\System\ijuKrcx.exe
  2⤵
  PID:6328
- C:\Windows\System\mAbKDdi.exe
  C:\Windows\System\mAbKDdi.exe
  2⤵
  PID:6344
- C:\Windows\System\PpqTZcA.exe
  C:\Windows\System\PpqTZcA.exe
  2⤵
  PID:6364
- C:\Windows\System\UZnHIOt.exe
  C:\Windows\System\UZnHIOt.exe
  2⤵
  PID:6380
- C:\Windows\System\UYMXUib.exe
  C:\Windows\System\UYMXUib.exe
  2⤵
  PID:6396
- C:\Windows\System\OXucNcb.exe
  C:\Windows\System\OXucNcb.exe
  2⤵
  PID:6412
- C:\Windows\System\UWgneuD.exe
  C:\Windows\System\UWgneuD.exe
  2⤵
  PID:6428
- C:\Windows\System\TNLLbux.exe
  C:\Windows\System\TNLLbux.exe
  2⤵
  PID:6444
- C:\Windows\System\YcaCApj.exe
  C:\Windows\System\YcaCApj.exe
  2⤵
  PID:6460
- C:\Windows\System\CLCQDHu.exe
  C:\Windows\System\CLCQDHu.exe
  2⤵
  PID:6480
- C:\Windows\System\ttzhhkv.exe
  C:\Windows\System\ttzhhkv.exe
  2⤵
  PID:6496
- C:\Windows\System\FqihyxU.exe
  C:\Windows\System\FqihyxU.exe
  2⤵
  PID:6512
- C:\Windows\System\URYTrfG.exe
  C:\Windows\System\URYTrfG.exe
  2⤵
  PID:6528
- C:\Windows\System\zFUMsMs.exe
  C:\Windows\System\zFUMsMs.exe
  2⤵
  PID:6556
- C:\Windows\System\zbczMOS.exe
  C:\Windows\System\zbczMOS.exe
  2⤵
  PID:6572
- C:\Windows\System\vfnHUSc.exe
  C:\Windows\System\vfnHUSc.exe
  2⤵
  PID:6588
- C:\Windows\System\HesCBEJ.exe
  C:\Windows\System\HesCBEJ.exe
  2⤵
  PID:6604
- C:\Windows\System\TgBnQuK.exe
  C:\Windows\System\TgBnQuK.exe
  2⤵
  PID:6620
- C:\Windows\System\pAfIjAy.exe
  C:\Windows\System\pAfIjAy.exe
  2⤵
  PID:6636
- C:\Windows\System\baCVkYh.exe
  C:\Windows\System\baCVkYh.exe
  2⤵
  PID:6652
- C:\Windows\System\FYVMEjE.exe
  C:\Windows\System\FYVMEjE.exe
  2⤵
  PID:6676
- C:\Windows\System\QTohSsV.exe
  C:\Windows\System\QTohSsV.exe
  2⤵
  PID:6692
- C:\Windows\System\ryIbUUu.exe
  C:\Windows\System\ryIbUUu.exe
  2⤵
  PID:6708
- C:\Windows\System\Cvdqyfe.exe
  C:\Windows\System\Cvdqyfe.exe
  2⤵
  PID:6724
- C:\Windows\System\OkAOTkY.exe
  C:\Windows\System\OkAOTkY.exe
  2⤵
  PID:6740
- C:\Windows\System\GFDtveI.exe
  C:\Windows\System\GFDtveI.exe
  2⤵
  PID:6756
- C:\Windows\System\CUKlNyc.exe
  C:\Windows\System\CUKlNyc.exe
  2⤵
  PID:6772
- C:\Windows\System\jwzkUBi.exe
  C:\Windows\System\jwzkUBi.exe
  2⤵
  PID:6788
- C:\Windows\System\ELuWsUW.exe
  C:\Windows\System\ELuWsUW.exe
  2⤵
  PID:6808
- C:\Windows\System\KetLprK.exe
  C:\Windows\System\KetLprK.exe
  2⤵
  PID:6824
- C:\Windows\System\KldAvSQ.exe
  C:\Windows\System\KldAvSQ.exe
  2⤵
  PID:6840
- C:\Windows\System\SZMUspI.exe
  C:\Windows\System\SZMUspI.exe
  2⤵
  PID:6856
- C:\Windows\System\StAqkLN.exe
  C:\Windows\System\StAqkLN.exe
  2⤵
  PID:6872
- C:\Windows\System\idOOBuC.exe
  C:\Windows\System\idOOBuC.exe
  2⤵
  PID:6888
- C:\Windows\System\ipfoRMn.exe
  C:\Windows\System\ipfoRMn.exe
  2⤵
  PID:6904
- C:\Windows\System\uXWbpRE.exe
  C:\Windows\System\uXWbpRE.exe
  2⤵
  PID:6920
- C:\Windows\System\UvAPgwZ.exe
  C:\Windows\System\UvAPgwZ.exe
  2⤵
  PID:6936
- C:\Windows\System\cqFPjcz.exe
  C:\Windows\System\cqFPjcz.exe
  2⤵
  PID:6952
- C:\Windows\System\JJTNYlL.exe
  C:\Windows\System\JJTNYlL.exe
  2⤵
  PID:6968
- C:\Windows\System\rsObtgE.exe
  C:\Windows\System\rsObtgE.exe
  2⤵
  PID:6984
- C:\Windows\System\flSudfM.exe
  C:\Windows\System\flSudfM.exe
  2⤵
  PID:7000
- C:\Windows\System\xlIesyZ.exe
  C:\Windows\System\xlIesyZ.exe
  2⤵
  PID:7016
- C:\Windows\System\uwYZZzR.exe
  C:\Windows\System\uwYZZzR.exe
  2⤵
  PID:7032
- C:\Windows\System\desoQuT.exe
  C:\Windows\System\desoQuT.exe
  2⤵
  PID:7048
- C:\Windows\System\kfVoXRK.exe
  C:\Windows\System\kfVoXRK.exe
  2⤵
  PID:7064
- C:\Windows\System\eWyxawt.exe
  C:\Windows\System\eWyxawt.exe
  2⤵
  PID:7080
- C:\Windows\System\uYoVSuI.exe
  C:\Windows\System\uYoVSuI.exe
  2⤵
  PID:7096
- C:\Windows\System\GbXOUpE.exe
  C:\Windows\System\GbXOUpE.exe
  2⤵
  PID:7112
- C:\Windows\System\CnKsFaI.exe
  C:\Windows\System\CnKsFaI.exe
  2⤵
  PID:7128
- C:\Windows\System\zIhbnOo.exe
  C:\Windows\System\zIhbnOo.exe
  2⤵
  PID:7144
- C:\Windows\System\xQXbBuP.exe
  C:\Windows\System\xQXbBuP.exe
  2⤵
  PID:7164
- C:\Windows\System\gFewfYz.exe
  C:\Windows\System\gFewfYz.exe
  2⤵
  PID:5976
- C:\Windows\System\zisMXTL.exe
  C:\Windows\System\zisMXTL.exe
  2⤵
  PID:5644
- C:\Windows\System\UhILMMk.exe
  C:\Windows\System\UhILMMk.exe
  2⤵
  PID:6176
- C:\Windows\System\YLiMyXr.exe
  C:\Windows\System\YLiMyXr.exe
  2⤵
  PID:5380
- C:\Windows\System\TMXguqr.exe
  C:\Windows\System\TMXguqr.exe
  2⤵
  PID:6240
- C:\Windows\System\pVFdVkZ.exe
  C:\Windows\System\pVFdVkZ.exe
  2⤵
  PID:6260
- C:\Windows\System\blqCrvn.exe
  C:\Windows\System\blqCrvn.exe
  2⤵
  PID:6308
- C:\Windows\System\BkPGMOw.exe
  C:\Windows\System\BkPGMOw.exe
  2⤵
  PID:6324
- C:\Windows\System\VRLpwSu.exe
  C:\Windows\System\VRLpwSu.exe
  2⤵
  PID:6360
- C:\Windows\System\SalRDOb.exe
  C:\Windows\System\SalRDOb.exe
  2⤵
  PID:6488
- C:\Windows\System\EUDNWoh.exe
  C:\Windows\System\EUDNWoh.exe
  2⤵
  PID:6472
- C:\Windows\System\WoHtUEu.exe
  C:\Windows\System\WoHtUEu.exe
  2⤵
  PID:6536
- C:\Windows\System\yYSGgkc.exe
  C:\Windows\System\yYSGgkc.exe
  2⤵
  PID:6552
- C:\Windows\System\nRtuOcN.exe
  C:\Windows\System\nRtuOcN.exe
  2⤵
  PID:6628
- C:\Windows\System\GeExkni.exe
  C:\Windows\System\GeExkni.exe
  2⤵
  PID:6580
- C:\Windows\System\htjhSmq.exe
  C:\Windows\System\htjhSmq.exe
  2⤵
  PID:6644
- C:\Windows\System\ypxSbnY.exe
  C:\Windows\System\ypxSbnY.exe
  2⤵
  PID:6700
- C:\Windows\System\BgECmfM.exe
  C:\Windows\System\BgECmfM.exe
  2⤵
  PID:6732
- C:\Windows\System\WIZDeyv.exe
  C:\Windows\System\WIZDeyv.exe
  2⤵
  PID:6764
- C:\Windows\System\HsNCWqX.exe
  C:\Windows\System\HsNCWqX.exe
  2⤵
  PID:6796
- C:\Windows\System\XmsMDWj.exe
  C:\Windows\System\XmsMDWj.exe
  2⤵
  PID:6816
- C:\Windows\System\BZxXjMw.exe
  C:\Windows\System\BZxXjMw.exe
  2⤵
  PID:6848
- C:\Windows\System\jbDJBPo.exe
  C:\Windows\System\jbDJBPo.exe
  2⤵
  PID:6884
- C:\Windows\System\cdVgDxU.exe
  C:\Windows\System\cdVgDxU.exe
  2⤵
  PID:6948
- C:\Windows\System\yZfDQMk.exe
  C:\Windows\System\yZfDQMk.exe
  2⤵
  PID:7012
- C:\Windows\System\wKlsMNe.exe
  C:\Windows\System\wKlsMNe.exe
  2⤵
  PID:6900
- C:\Windows\System\lpGaZxl.exe
  C:\Windows\System\lpGaZxl.exe
  2⤵
  PID:6996
- C:\Windows\System\JuhbiCT.exe
  C:\Windows\System\JuhbiCT.exe
  2⤵
  PID:7060
- C:\Windows\System\HmcLhPR.exe
  C:\Windows\System\HmcLhPR.exe
  2⤵
  PID:7124
- C:\Windows\System\ExeiHUY.exe
  C:\Windows\System\ExeiHUY.exe
  2⤵
  PID:6164
- C:\Windows\System\dBNoEKd.exe
  C:\Windows\System\dBNoEKd.exe
  2⤵
  PID:6148
- C:\Windows\System\rpoIygZ.exe
  C:\Windows\System\rpoIygZ.exe
  2⤵
  PID:7108
- C:\Windows\System\jAsdtOh.exe
  C:\Windows\System\jAsdtOh.exe
  2⤵
  PID:5940
- C:\Windows\System\dbxlKex.exe
  C:\Windows\System\dbxlKex.exe
  2⤵
  PID:6228
- C:\Windows\System\rtCgMiA.exe
  C:\Windows\System\rtCgMiA.exe
  2⤵
  PID:6292
- C:\Windows\System\rGcyGDO.exe
  C:\Windows\System\rGcyGDO.exe
  2⤵
  PID:6388
- C:\Windows\System\vDeVgJS.exe
  C:\Windows\System\vDeVgJS.exe
  2⤵
  PID:6424
- C:\Windows\System\OWYexOI.exe
  C:\Windows\System\OWYexOI.exe
  2⤵
  PID:6456
- C:\Windows\System\djdykDH.exe
  C:\Windows\System\djdykDH.exe
  2⤵
  PID:6436
- C:\Windows\System\fFizLWz.exe
  C:\Windows\System\fFizLWz.exe
  2⤵
  PID:6508
- C:\Windows\System\eKeblaB.exe
  C:\Windows\System\eKeblaB.exe
  2⤵
  PID:6664
- C:\Windows\System\WMNEQMF.exe
  C:\Windows\System\WMNEQMF.exe
  2⤵
  PID:6504
- C:\Windows\System\PHdlFzF.exe
  C:\Windows\System\PHdlFzF.exe
  2⤵
  PID:6684
- C:\Windows\System\qGuYdbj.exe
  C:\Windows\System\qGuYdbj.exe
  2⤵
  PID:6768
- C:\Windows\System\lxCkDCL.exe
  C:\Windows\System\lxCkDCL.exe
  2⤵
  PID:6716
- C:\Windows\System\oPGMNNJ.exe
  C:\Windows\System\oPGMNNJ.exe
  2⤵
  PID:6868
- C:\Windows\System\pbWqLqu.exe
  C:\Windows\System\pbWqLqu.exe
  2⤵
  PID:5124
- C:\Windows\System\YsrMcMl.exe
  C:\Windows\System\YsrMcMl.exe
  2⤵
  PID:7008
- C:\Windows\System\bZQxTdw.exe
  C:\Windows\System\bZQxTdw.exe
  2⤵
  PID:7056
- C:\Windows\System\GNRxZUg.exe
  C:\Windows\System\GNRxZUg.exe
  2⤵
  PID:7104
- C:\Windows\System\UlwkTJM.exe
  C:\Windows\System\UlwkTJM.exe
  2⤵
  PID:7092
- C:\Windows\System\pLSFZym.exe
  C:\Windows\System\pLSFZym.exe
  2⤵
  PID:7140
- C:\Windows\System\ECGyCKT.exe
  C:\Windows\System\ECGyCKT.exe
  2⤵
  PID:6392
- C:\Windows\System\vyKzUew.exe
  C:\Windows\System\vyKzUew.exe
  2⤵
  PID:5496
- C:\Windows\System\IglWOBB.exe
  C:\Windows\System\IglWOBB.exe
  2⤵
  PID:5176
- C:\Windows\System\ELrEYUE.exe
  C:\Windows\System\ELrEYUE.exe
  2⤵
  PID:6616
- C:\Windows\System\FWvmSzf.exe
  C:\Windows\System\FWvmSzf.exe
  2⤵
  PID:7044
- C:\Windows\System\vCAyBxe.exe
  C:\Windows\System\vCAyBxe.exe
  2⤵
  PID:7072
- C:\Windows\System\DlBsvhM.exe
  C:\Windows\System\DlBsvhM.exe
  2⤵
  PID:6960
- C:\Windows\System\JqNgoiv.exe
  C:\Windows\System\JqNgoiv.exe
  2⤵
  PID:6932
- C:\Windows\System\pZSGkXr.exe
  C:\Windows\System\pZSGkXr.exe
  2⤵
  PID:6836
- C:\Windows\System\kArmxBb.exe
  C:\Windows\System\kArmxBb.exe
  2⤵
  PID:6376
- C:\Windows\System\lBjBHPH.exe
  C:\Windows\System\lBjBHPH.exe
  2⤵
  PID:6720
- C:\Windows\System\EOLleEu.exe
  C:\Windows\System\EOLleEu.exe
  2⤵
  PID:6832
- C:\Windows\System\myJvESl.exe
  C:\Windows\System\myJvESl.exe
  2⤵
  PID:7176
- C:\Windows\System\KUccYGa.exe
  C:\Windows\System\KUccYGa.exe
  2⤵
  PID:7192
- C:\Windows\System\sGxXjMj.exe
  C:\Windows\System\sGxXjMj.exe
  2⤵
  PID:7208
- C:\Windows\System\sHQwIYD.exe
  C:\Windows\System\sHQwIYD.exe
  2⤵
  PID:7224
- C:\Windows\System\NiMFOzv.exe
  C:\Windows\System\NiMFOzv.exe
  2⤵
  PID:7240
- C:\Windows\System\YPDZzbb.exe
  C:\Windows\System\YPDZzbb.exe
  2⤵
  PID:7256
- C:\Windows\System\ciQeWzE.exe
  C:\Windows\System\ciQeWzE.exe
  2⤵
  PID:7272
- C:\Windows\System\ZMfEtOe.exe
  C:\Windows\System\ZMfEtOe.exe
  2⤵
  PID:7288
- C:\Windows\System\MoQsSRU.exe
  C:\Windows\System\MoQsSRU.exe
  2⤵
  PID:7304
- C:\Windows\System\EYjQQbN.exe
  C:\Windows\System\EYjQQbN.exe
  2⤵
  PID:7320
- C:\Windows\System\sdrTeIe.exe
  C:\Windows\System\sdrTeIe.exe
  2⤵
  PID:7336
- C:\Windows\System\sQoBckX.exe
  C:\Windows\System\sQoBckX.exe
  2⤵
  PID:7352
- C:\Windows\System\DvGpjVp.exe
  C:\Windows\System\DvGpjVp.exe
  2⤵
  PID:7368
- C:\Windows\System\aBLWAgV.exe
  C:\Windows\System\aBLWAgV.exe
  2⤵
  PID:7384
- C:\Windows\System\BcXaCHC.exe
  C:\Windows\System\BcXaCHC.exe
  2⤵
  PID:7404
- C:\Windows\System\sZznWsA.exe
  C:\Windows\System\sZznWsA.exe
  2⤵
  PID:7840
- C:\Windows\System\wDPsFrR.exe
  C:\Windows\System\wDPsFrR.exe
  2⤵
  PID:7856
- C:\Windows\System\NABfBqw.exe
  C:\Windows\System\NABfBqw.exe
  2⤵
  PID:7872
- C:\Windows\System\TcSuEdI.exe
  C:\Windows\System\TcSuEdI.exe
  2⤵
  PID:7888
- C:\Windows\System\ynerURB.exe
  C:\Windows\System\ynerURB.exe
  2⤵
  PID:7904
- C:\Windows\System\plURvXu.exe
  C:\Windows\System\plURvXu.exe
  2⤵
  PID:7920
- C:\Windows\System\wZmseAi.exe
  C:\Windows\System\wZmseAi.exe
  2⤵
  PID:7936
- C:\Windows\System\MkdwuJE.exe
  C:\Windows\System\MkdwuJE.exe
  2⤵
  PID:7952
- C:\Windows\System\RhOLWSu.exe
  C:\Windows\System\RhOLWSu.exe
  2⤵
  PID:7968
- C:\Windows\System\VlEajjf.exe
  C:\Windows\System\VlEajjf.exe
  2⤵
  PID:7984
- C:\Windows\System\vlbHGjh.exe
  C:\Windows\System\vlbHGjh.exe
  2⤵
  PID:8000
- C:\Windows\System\hwiBZuS.exe
  C:\Windows\System\hwiBZuS.exe
  2⤵
  PID:8016
- C:\Windows\System\OntFDlv.exe
  C:\Windows\System\OntFDlv.exe
  2⤵
  PID:8036
- C:\Windows\System\hwcLtiO.exe
  C:\Windows\System\hwcLtiO.exe
  2⤵
  PID:8052
- C:\Windows\System\yDeeGZD.exe
  C:\Windows\System\yDeeGZD.exe
  2⤵
  PID:8068
- C:\Windows\System\nDhWaNe.exe
  C:\Windows\System\nDhWaNe.exe
  2⤵
  PID:8084
- C:\Windows\System\gQEostR.exe
  C:\Windows\System\gQEostR.exe
  2⤵
  PID:8100
- C:\Windows\System\DfEbdzI.exe
  C:\Windows\System\DfEbdzI.exe
  2⤵
  PID:8116
- C:\Windows\System\NgtFlIx.exe
  C:\Windows\System\NgtFlIx.exe
  2⤵
  PID:8132
- C:\Windows\System\DveiWBo.exe
  C:\Windows\System\DveiWBo.exe
  2⤵
  PID:8148
- C:\Windows\System\nuOjJSx.exe
  C:\Windows\System\nuOjJSx.exe
  2⤵
  PID:8164
- C:\Windows\System\OWXoqEG.exe
  C:\Windows\System\OWXoqEG.exe
  2⤵
  PID:8180
- C:\Windows\System\DrbmHZc.exe
  C:\Windows\System\DrbmHZc.exe
  2⤵
  PID:6804
- C:\Windows\System\IHfiuPJ.exe
  C:\Windows\System\IHfiuPJ.exe
  2⤵
  PID:6600
- C:\Windows\System\atUtgWH.exe
  C:\Windows\System\atUtgWH.exe
  2⤵
  PID:7172
- C:\Windows\System\hWdMnGv.exe
  C:\Windows\System\hWdMnGv.exe
  2⤵
  PID:7268
- C:\Windows\System\omFpOfr.exe
  C:\Windows\System\omFpOfr.exe
  2⤵
  PID:7332
- C:\Windows\System\COubYDZ.exe
  C:\Windows\System\COubYDZ.exe
  2⤵
  PID:7364
- C:\Windows\System\BZwfrjN.exe
  C:\Windows\System\BZwfrjN.exe
  2⤵
  PID:7316
- C:\Windows\System\BjoPrgC.exe
  C:\Windows\System\BjoPrgC.exe
  2⤵
  PID:7412
- C:\Windows\System\oNbORFd.exe
  C:\Windows\System\oNbORFd.exe
  2⤵
  PID:7284
- C:\Windows\System\YauoKgp.exe
  C:\Windows\System\YauoKgp.exe
  2⤵
  PID:7216
- C:\Windows\System\QNmUiKw.exe
  C:\Windows\System\QNmUiKw.exe
  2⤵
  PID:7424
- C:\Windows\System\jRKaHJH.exe
  C:\Windows\System\jRKaHJH.exe
  2⤵
  PID:7444
- C:\Windows\System\sIWpioB.exe
  C:\Windows\System\sIWpioB.exe
  2⤵
  PID:7460
- C:\Windows\System\SOZlaGN.exe
  C:\Windows\System\SOZlaGN.exe
  2⤵
  PID:7476
- C:\Windows\System\gTdIbWc.exe
  C:\Windows\System\gTdIbWc.exe
  2⤵
  PID:7492
- C:\Windows\System\GbFIQZS.exe
  C:\Windows\System\GbFIQZS.exe
  2⤵
  PID:7508
- C:\Windows\System\sqoFjjM.exe
  C:\Windows\System\sqoFjjM.exe
  2⤵
  PID:7524
- C:\Windows\System\XUPEtYD.exe
  C:\Windows\System\XUPEtYD.exe
  2⤵
  PID:7540
- C:\Windows\System\reFHSit.exe
  C:\Windows\System\reFHSit.exe
  2⤵
  PID:7560
- C:\Windows\System\sfePOXB.exe
  C:\Windows\System\sfePOXB.exe
  2⤵
  PID:7576
- C:\Windows\System\uFougnw.exe
  C:\Windows\System\uFougnw.exe
  2⤵
  PID:7588
- C:\Windows\System\yQGLovA.exe
  C:\Windows\System\yQGLovA.exe
  2⤵
  PID:7608
- C:\Windows\System\cZCxTVM.exe
  C:\Windows\System\cZCxTVM.exe
  2⤵
  PID:7624
- C:\Windows\System\iHPrYby.exe
  C:\Windows\System\iHPrYby.exe
  2⤵
  PID:7644
- C:\Windows\System\bMiQqBe.exe
  C:\Windows\System\bMiQqBe.exe
  2⤵
  PID:7660
- C:\Windows\System\LHJBezI.exe
  C:\Windows\System\LHJBezI.exe
  2⤵
  PID:7676
- C:\Windows\System\eTvXWwK.exe
  C:\Windows\System\eTvXWwK.exe
  2⤵
  PID:7692
- C:\Windows\System\MEoMyuF.exe
  C:\Windows\System\MEoMyuF.exe
  2⤵
  PID:7708
- C:\Windows\System\PMBzCED.exe
  C:\Windows\System\PMBzCED.exe
  2⤵
  PID:7736
- C:\Windows\System\thUkXij.exe
  C:\Windows\System\thUkXij.exe
  2⤵
  PID:7756
- C:\Windows\System\UMUeMUt.exe
  C:\Windows\System\UMUeMUt.exe
  2⤵
  PID:7772
- C:\Windows\System\BunBdtj.exe
  C:\Windows\System\BunBdtj.exe
  2⤵
  PID:7788
- C:\Windows\System\jgbhZHC.exe
  C:\Windows\System\jgbhZHC.exe
  2⤵
  PID:7808
- C:\Windows\System\xtrxEeQ.exe
  C:\Windows\System\xtrxEeQ.exe
  2⤵
  PID:7824
- C:\Windows\System\usDSaXA.exe
  C:\Windows\System\usDSaXA.exe
  2⤵
  PID:7724
- C:\Windows\System\yQqnFSl.exe
  C:\Windows\System\yQqnFSl.exe
  2⤵
  PID:7752
- C:\Windows\System\OehiaAW.exe
  C:\Windows\System\OehiaAW.exe
  2⤵
  PID:2516
- C:\Windows\System\tgmJdlA.exe
  C:\Windows\System\tgmJdlA.exe
  2⤵
  PID:7916
- C:\Windows\System\ZRTauka.exe
  C:\Windows\System\ZRTauka.exe
  2⤵
  PID:7944
- C:\Windows\System\DJMFakj.exe
  C:\Windows\System\DJMFakj.exe
  2⤵
  PID:8008
- C:\Windows\System\KYvWDSC.exe
  C:\Windows\System\KYvWDSC.exe
  2⤵
  PID:7960
- C:\Windows\System\PUhJSDj.exe
  C:\Windows\System\PUhJSDj.exe
  2⤵
  PID:8028
- C:\Windows\System\EwZljgf.exe
  C:\Windows\System\EwZljgf.exe
  2⤵
  PID:8064
- C:\Windows\System\KtRrjrt.exe
  C:\Windows\System\KtRrjrt.exe
  2⤵
  PID:8076
- C:\Windows\System\Qqfnlpf.exe
  C:\Windows\System\Qqfnlpf.exe
  2⤵
  PID:8128
- C:\Windows\System\eLngtZV.exe
  C:\Windows\System\eLngtZV.exe
  2⤵
  PID:6800
- C:\Windows\System\BPzvbWq.exe
  C:\Windows\System\BPzvbWq.exe
  2⤵
  PID:6244
- C:\Windows\System\gDmxWle.exe
  C:\Windows\System\gDmxWle.exe
  2⤵
  PID:7348
- C:\Windows\System\wZCtsaF.exe
  C:\Windows\System\wZCtsaF.exe
  2⤵
  PID:8144
- C:\Windows\System\QPDqnAg.exe
  C:\Windows\System\QPDqnAg.exe
  2⤵
  PID:7328
- C:\Windows\System\jzZZYlE.exe
  C:\Windows\System\jzZZYlE.exe
  2⤵
  PID:7220
- C:\Windows\System\pmmkvMB.exe
  C:\Windows\System\pmmkvMB.exe
  2⤵
  PID:7472
- C:\Windows\System\ipZoqLz.exe
  C:\Windows\System\ipZoqLz.exe
  2⤵
  PID:7536
- C:\Windows\System\bWVQusE.exe
  C:\Windows\System\bWVQusE.exe
  2⤵
  PID:7520
- C:\Windows\System\DNHZpgi.exe
  C:\Windows\System\DNHZpgi.exe
  2⤵
  PID:7484
- C:\Windows\System\QJSkZuQ.exe
  C:\Windows\System\QJSkZuQ.exe
  2⤵
  PID:7556
- C:\Windows\System\qFFCozj.exe
  C:\Windows\System\qFFCozj.exe
  2⤵
  PID:7596
- C:\Windows\System\FOafRWD.exe
  C:\Windows\System\FOafRWD.exe
  2⤵
  PID:7668
- C:\Windows\System\yDHcCjJ.exe
  C:\Windows\System\yDHcCjJ.exe
  2⤵
  PID:7744
- C:\Windows\System\LgrXCHV.exe
  C:\Windows\System\LgrXCHV.exe
  2⤵
  PID:7640
- C:\Windows\System\wamDCaz.exe
  C:\Windows\System\wamDCaz.exe
  2⤵
  PID:7684
- C:\Windows\System\pgdBDmY.exe
  C:\Windows\System\pgdBDmY.exe
  2⤵
  PID:7764
- C:\Windows\System\jMzuqjW.exe
  C:\Windows\System\jMzuqjW.exe
  2⤵
  PID:7820
- C:\Windows\System\WwSuLtC.exe
  C:\Windows\System\WwSuLtC.exe
  2⤵
  PID:7720
- C:\Windows\System\FUwTIGZ.exe
  C:\Windows\System\FUwTIGZ.exe
  2⤵
  PID:7912
- C:\Windows\System\eAyIjNa.exe
  C:\Windows\System\eAyIjNa.exe
  2⤵
  PID:7980
- C:\Windows\System\GgtrNco.exe
  C:\Windows\System\GgtrNco.exe
  2⤵
  PID:7996
- C:\Windows\System\DyhvHBr.exe
  C:\Windows\System\DyhvHBr.exe
  2⤵
  PID:8160
- C:\Windows\System\ixGfhdD.exe
  C:\Windows\System\ixGfhdD.exe
  2⤵
  PID:8112
- C:\Windows\System\SZzxMpl.exe
  C:\Windows\System\SZzxMpl.exe
  2⤵
  PID:7264
- C:\Windows\System\EVvHkHi.exe
  C:\Windows\System\EVvHkHi.exe
  2⤵
  PID:8176
- C:\Windows\System\HNkLVLC.exe
  C:\Windows\System\HNkLVLC.exe
  2⤵
  PID:7468
- C:\Windows\System\NGTIpNy.exe
  C:\Windows\System\NGTIpNy.exe
  2⤵
  PID:7568
- C:\Windows\System\LyLYSJB.exe
  C:\Windows\System\LyLYSJB.exe
  2⤵
  PID:7600
- C:\Windows\System\JdAUMQb.exe
  C:\Windows\System\JdAUMQb.exe
  2⤵
  PID:7532
- C:\Windows\System\KKZUZQc.exe
  C:\Windows\System\KKZUZQc.exe
  2⤵
  PID:7552
- C:\Windows\System\NUIfCix.exe
  C:\Windows\System\NUIfCix.exe
  2⤵
  PID:7704
- C:\Windows\System\ejoVtNa.exe
  C:\Windows\System\ejoVtNa.exe
  2⤵
  PID:7868
- C:\Windows\System\CwJpciY.exe
  C:\Windows\System\CwJpciY.exe
  2⤵
  PID:7852
- C:\Windows\System\GLHDdWO.exe
  C:\Windows\System\GLHDdWO.exe
  2⤵
  PID:8048
- C:\Windows\System\bBBShpd.exe
  C:\Windows\System\bBBShpd.exe
  2⤵
  PID:8124
- C:\Windows\System\tphtdtH.exe
  C:\Windows\System\tphtdtH.exe
  2⤵
  PID:7400
- C:\Windows\System\UgZyIal.exe
  C:\Windows\System\UgZyIal.exe
  2⤵
  PID:7620
- C:\Windows\System\jAXhLSe.exe
  C:\Windows\System\jAXhLSe.exe
  2⤵
  PID:6896
- C:\Windows\System\ZeNgtxF.exe
  C:\Windows\System\ZeNgtxF.exe
  2⤵
  PID:7784
- C:\Windows\System\TyyyoyA.exe
  C:\Windows\System\TyyyoyA.exe
  2⤵
  PID:7932
- C:\Windows\System\XtUUoLx.exe
  C:\Windows\System\XtUUoLx.exe
  2⤵
  PID:8140
- C:\Windows\System\QHenkTC.exe
  C:\Windows\System\QHenkTC.exe
  2⤵
  PID:7780
- C:\Windows\System\frsmpdP.exe
  C:\Windows\System\frsmpdP.exe
  2⤵
  PID:7928
- C:\Windows\System\kHMSGGf.exe
  C:\Windows\System\kHMSGGf.exe
  2⤵
  PID:8060
- C:\Windows\System\wzJBCBn.exe
  C:\Windows\System\wzJBCBn.exe
  2⤵
  PID:8196
- C:\Windows\System\VbNLaig.exe
  C:\Windows\System\VbNLaig.exe
  2⤵
  PID:8212
- C:\Windows\System\tAKAeBK.exe
  C:\Windows\System\tAKAeBK.exe
  2⤵
  PID:8228
- C:\Windows\System\ErvFypg.exe
  C:\Windows\System\ErvFypg.exe
  2⤵
  PID:8244
- C:\Windows\System\MeAemva.exe
  C:\Windows\System\MeAemva.exe
  2⤵
  PID:8260
- C:\Windows\System\CGlSQcs.exe
  C:\Windows\System\CGlSQcs.exe
  2⤵
  PID:8276
- C:\Windows\System\xsGquMR.exe
  C:\Windows\System\xsGquMR.exe
  2⤵
  PID:8292
- C:\Windows\System\VUqePJm.exe
  C:\Windows\System\VUqePJm.exe
  2⤵
  PID:8308
- C:\Windows\System\yzFwfOT.exe
  C:\Windows\System\yzFwfOT.exe
  2⤵
  PID:8324
- C:\Windows\System\kRQXOTM.exe
  C:\Windows\System\kRQXOTM.exe
  2⤵
  PID:8340
- C:\Windows\System\syMZvrK.exe
  C:\Windows\System\syMZvrK.exe
  2⤵
  PID:8356
- C:\Windows\System\YnIjMfL.exe
  C:\Windows\System\YnIjMfL.exe
  2⤵
  PID:8372
- C:\Windows\System\ukiKBPQ.exe
  C:\Windows\System\ukiKBPQ.exe
  2⤵
  PID:8388
- C:\Windows\System\LHyARrp.exe
  C:\Windows\System\LHyARrp.exe
  2⤵
  PID:8404
- C:\Windows\System\cPWDkxD.exe
  C:\Windows\System\cPWDkxD.exe
  2⤵
  PID:8420
- C:\Windows\System\OtZGzun.exe
  C:\Windows\System\OtZGzun.exe
  2⤵
  PID:8436
- C:\Windows\System\SZWrKFX.exe
  C:\Windows\System\SZWrKFX.exe
  2⤵
  PID:8452
- C:\Windows\System\nkZRElI.exe
  C:\Windows\System\nkZRElI.exe
  2⤵
  PID:8468
- C:\Windows\System\MUhMMjc.exe
  C:\Windows\System\MUhMMjc.exe
  2⤵
  PID:8484
- C:\Windows\System\uVJzCer.exe
  C:\Windows\System\uVJzCer.exe
  2⤵
  PID:8500
- C:\Windows\System\fVdZZwR.exe
  C:\Windows\System\fVdZZwR.exe
  2⤵
  PID:8516
- C:\Windows\System\gFzqdsq.exe
  C:\Windows\System\gFzqdsq.exe
  2⤵
  PID:8532
- C:\Windows\System\GcIjisw.exe
  C:\Windows\System\GcIjisw.exe
  2⤵
  PID:8548
- C:\Windows\System\ImSJjFZ.exe
  C:\Windows\System\ImSJjFZ.exe
  2⤵
  PID:8564
- C:\Windows\System\OtXglhH.exe
  C:\Windows\System\OtXglhH.exe
  2⤵
  PID:8580
- C:\Windows\System\IJsUqwB.exe
  C:\Windows\System\IJsUqwB.exe
  2⤵
  PID:8596
- C:\Windows\System\UuFKMiX.exe
  C:\Windows\System\UuFKMiX.exe
  2⤵
  PID:8612
- C:\Windows\System\uvSUmQT.exe
  C:\Windows\System\uvSUmQT.exe
  2⤵
  PID:8628
- C:\Windows\System\gPZfMmA.exe
  C:\Windows\System\gPZfMmA.exe
  2⤵
  PID:8644
- C:\Windows\System\ZRjlMnO.exe
  C:\Windows\System\ZRjlMnO.exe
  2⤵
  PID:8660
- C:\Windows\System\XZuGaHY.exe
  C:\Windows\System\XZuGaHY.exe
  2⤵
  PID:8684
- C:\Windows\System\muEiGTu.exe
  C:\Windows\System\muEiGTu.exe
  2⤵
  PID:8700
- C:\Windows\System\FIYogim.exe
  C:\Windows\System\FIYogim.exe
  2⤵
  PID:8716
- C:\Windows\System\uakhNqJ.exe
  C:\Windows\System\uakhNqJ.exe
  2⤵
  PID:8732
- C:\Windows\System\oZYbFmQ.exe
  C:\Windows\System\oZYbFmQ.exe
  2⤵
  PID:8748
- C:\Windows\System\tseITnB.exe
  C:\Windows\System\tseITnB.exe
  2⤵
  PID:8768
- C:\Windows\System\yqSPssa.exe
  C:\Windows\System\yqSPssa.exe
  2⤵
  PID:8784
- C:\Windows\System\tpXJUmU.exe
  C:\Windows\System\tpXJUmU.exe
  2⤵
  PID:8800
- C:\Windows\System\CjkLpEe.exe
  C:\Windows\System\CjkLpEe.exe
  2⤵
  PID:8816
- C:\Windows\System\UCqkRvS.exe
  C:\Windows\System\UCqkRvS.exe
  2⤵
  PID:8832
- C:\Windows\System\oTIFVXF.exe
  C:\Windows\System\oTIFVXF.exe
  2⤵
  PID:8848
- C:\Windows\System\ZgCFdvu.exe
  C:\Windows\System\ZgCFdvu.exe
  2⤵
  PID:8864
- C:\Windows\System\jqkwOmG.exe
  C:\Windows\System\jqkwOmG.exe
  2⤵
  PID:8880
- C:\Windows\System\AwSrucS.exe
  C:\Windows\System\AwSrucS.exe
  2⤵
  PID:8896
- C:\Windows\System\qyGKyVR.exe
  C:\Windows\System\qyGKyVR.exe
  2⤵
  PID:8912
- C:\Windows\System\TKeakcH.exe
  C:\Windows\System\TKeakcH.exe
  2⤵
  PID:8928
- C:\Windows\System\IWtipPA.exe
  C:\Windows\System\IWtipPA.exe
  2⤵
  PID:8944
- C:\Windows\System\xnFvVWZ.exe
  C:\Windows\System\xnFvVWZ.exe
  2⤵
  PID:8960
- C:\Windows\System\wtEISjr.exe
  C:\Windows\System\wtEISjr.exe
  2⤵
  PID:8980
- C:\Windows\System\NAdpcSY.exe
  C:\Windows\System\NAdpcSY.exe
  2⤵
  PID:8996
- C:\Windows\System\PGLYTnH.exe
  C:\Windows\System\PGLYTnH.exe
  2⤵
  PID:9012
- C:\Windows\System\XXmqYUQ.exe
  C:\Windows\System\XXmqYUQ.exe
  2⤵
  PID:9028
- C:\Windows\System\gOBoege.exe
  C:\Windows\System\gOBoege.exe
  2⤵
  PID:9044
- C:\Windows\System\TaTqlMm.exe
  C:\Windows\System\TaTqlMm.exe
  2⤵
  PID:9064
- C:\Windows\System\kINgTIK.exe
  C:\Windows\System\kINgTIK.exe
  2⤵
  PID:9080
- C:\Windows\System\rrsvEyS.exe
  C:\Windows\System\rrsvEyS.exe
  2⤵
  PID:9096
- C:\Windows\System\KVNVVWv.exe
  C:\Windows\System\KVNVVWv.exe
  2⤵
  PID:9112
- C:\Windows\System\SbzafIt.exe
  C:\Windows\System\SbzafIt.exe
  2⤵
  PID:9132
- C:\Windows\System\HfzkPCY.exe
  C:\Windows\System\HfzkPCY.exe
  2⤵
  PID:9148
- C:\Windows\System\lXdFciZ.exe
  C:\Windows\System\lXdFciZ.exe
  2⤵
  PID:9176
- C:\Windows\System\NPuqWMr.exe
  C:\Windows\System\NPuqWMr.exe
  2⤵
  PID:9192
- C:\Windows\System\czQMbBb.exe
  C:\Windows\System\czQMbBb.exe
  2⤵
  PID:9212
- C:\Windows\System\lYJdJDn.exe
  C:\Windows\System\lYJdJDn.exe
  2⤵
  PID:7884
- C:\Windows\System\dvsWABq.exe
  C:\Windows\System\dvsWABq.exe
  2⤵
  PID:8268
- C:\Windows\System\pSavxGc.exe
  C:\Windows\System\pSavxGc.exe
  2⤵
  PID:8300
- C:\Windows\System\SLVJXEx.exe
  C:\Windows\System\SLVJXEx.exe
  2⤵
  PID:8284
- C:\Windows\System\SSYLDpo.exe
  C:\Windows\System\SSYLDpo.exe
  2⤵
  PID:8332
- C:\Windows\System\thzyUFV.exe
  C:\Windows\System\thzyUFV.exe
  2⤵
  PID:8364
- C:\Windows\System\HRBZZaN.exe
  C:\Windows\System\HRBZZaN.exe
  2⤵
  PID:8400
- C:\Windows\System\dxuLmzC.exe
  C:\Windows\System\dxuLmzC.exe
  2⤵
  PID:8432
- C:\Windows\System\knDyLOY.exe
  C:\Windows\System\knDyLOY.exe
  2⤵
  PID:8464
- C:\Windows\System\EUOhIWT.exe
  C:\Windows\System\EUOhIWT.exe
  2⤵
  PID:8508
- C:\Windows\System\CpGezRz.exe
  C:\Windows\System\CpGezRz.exe
  2⤵
  PID:8476
- C:\Windows\System\yHPltbC.exe
  C:\Windows\System\yHPltbC.exe
  2⤵
  PID:8588
- C:\Windows\System\hDwXgGk.exe
  C:\Windows\System\hDwXgGk.exe
  2⤵
  PID:8572
- C:\Windows\System\dEhprfG.exe
  C:\Windows\System\dEhprfG.exe
  2⤵
  PID:8624
- C:\Windows\System\esZwmBo.exe
  C:\Windows\System\esZwmBo.exe
  2⤵
  PID:8656
- C:\Windows\System\WPmQLwE.exe
  C:\Windows\System\WPmQLwE.exe
  2⤵
  PID:7380
- C:\Windows\System\UNXbqlp.exe
  C:\Windows\System\UNXbqlp.exe
  2⤵
  PID:8796
- C:\Windows\System\kOpSOpi.exe
  C:\Windows\System\kOpSOpi.exe
  2⤵
  PID:8856
- C:\Windows\System\CbJimbf.exe
  C:\Windows\System\CbJimbf.exe
  2⤵
  PID:8988
- C:\Windows\System\UxxRyGp.exe
  C:\Windows\System\UxxRyGp.exe
  2⤵
  PID:9072
- C:\Windows\System\KckXjrg.exe
  C:\Windows\System\KckXjrg.exe
  2⤵
  PID:9172
- C:\Windows\System\UXLGica.exe
  C:\Windows\System\UXLGica.exe
  2⤵
  PID:9188
- C:\Windows\System\JDoJvYT.exe
  C:\Windows\System\JDoJvYT.exe
  2⤵
  PID:8320
- C:\Windows\System\XOezvkH.exe
  C:\Windows\System\XOezvkH.exe
  2⤵
  PID:8872
- C:\Windows\System\VJpRcUU.exe
  C:\Windows\System\VJpRcUU.exe
  2⤵
  PID:8460
- C:\Windows\System\YPtHMhO.exe
  C:\Windows\System\YPtHMhO.exe
  2⤵
  PID:8204
- C:\Windows\System\TdrbWeb.exe
  C:\Windows\System\TdrbWeb.exe
  2⤵
  PID:8412
- C:\Windows\System\jcMJucD.exe
  C:\Windows\System\jcMJucD.exe
  2⤵
  PID:8712
- C:\Windows\System\GBoLTRe.exe
  C:\Windows\System\GBoLTRe.exe
  2⤵
  PID:8744
- C:\Windows\System\rsyfhlG.exe
  C:\Windows\System\rsyfhlG.exe
  2⤵
  PID:8876
- C:\Windows\System\QvEUNKU.exe
  C:\Windows\System\QvEUNKU.exe
  2⤵
  PID:8576
- C:\Windows\System\EBzdUBF.exe
  C:\Windows\System\EBzdUBF.exe
  2⤵
  PID:9204
- C:\Windows\System\mRCizfp.exe
  C:\Windows\System\mRCizfp.exe
  2⤵
  PID:8384
- C:\Windows\System\fPOPwff.exe
  C:\Windows\System\fPOPwff.exe
  2⤵
  PID:8396
- C:\Windows\System\jpZdCOI.exe
  C:\Windows\System\jpZdCOI.exe
  2⤵
  PID:9108
- C:\Windows\System\hQpuBQk.exe
  C:\Windows\System\hQpuBQk.exe
  2⤵
  PID:9052
- C:\Windows\System\aNGxFer.exe
  C:\Windows\System\aNGxFer.exe
  2⤵
  PID:8976
- C:\Windows\System\zPezsej.exe
  C:\Windows\System\zPezsej.exe
  2⤵
  PID:8952
- C:\Windows\System\ZOpPJsR.exe
  C:\Windows\System\ZOpPJsR.exe
  2⤵
  PID:8724
- C:\Windows\System\kubsUIG.exe
  C:\Windows\System\kubsUIG.exe
  2⤵
  PID:8288
- C:\Windows\System\AqfkyCc.exe
  C:\Windows\System\AqfkyCc.exe
  2⤵
  PID:9164
- C:\Windows\System\BZrSQFI.exe
  C:\Windows\System\BZrSQFI.exe
  2⤵
  PID:8860
- C:\Windows\System\gcarZcr.exe
  C:\Windows\System\gcarZcr.exe
  2⤵
  PID:8740
- C:\Windows\System\PjPgAdX.exe
  C:\Windows\System\PjPgAdX.exe
  2⤵
  PID:9168
- C:\Windows\System\oXaWpGz.exe
  C:\Windows\System\oXaWpGz.exe
  2⤵
  PID:9076
- C:\Windows\System\zVsaNcb.exe
  C:\Windows\System\zVsaNcb.exe
  2⤵
  PID:9036
- C:\Windows\System\EQWTZTa.exe
  C:\Windows\System\EQWTZTa.exe
  2⤵
  PID:8968
- C:\Windows\System\kaQGidk.exe
  C:\Windows\System\kaQGidk.exe
  2⤵
  PID:8608
- C:\Windows\System\wCtZQhS.exe
  C:\Windows\System\wCtZQhS.exe
  2⤵
  PID:8496
- C:\Windows\System\yKzDhuT.exe
  C:\Windows\System\yKzDhuT.exe
  2⤵
  PID:8904
- C:\Windows\System\ZLmtPcg.exe
  C:\Windows\System\ZLmtPcg.exe
  2⤵
  PID:8560
- C:\Windows\System\MLZkdnW.exe
  C:\Windows\System\MLZkdnW.exe
  2⤵
  PID:8940
- C:\Windows\System\HAqnZkk.exe
  C:\Windows\System\HAqnZkk.exe
  2⤵
  PID:9008
- C:\Windows\System\mNPbqVf.exe
  C:\Windows\System\mNPbqVf.exe
  2⤵
  PID:8728
- C:\Windows\System\uBKtZmb.exe
  C:\Windows\System\uBKtZmb.exe
  2⤵
  PID:9124
- C:\Windows\System\CEeduOr.exe
  C:\Windows\System\CEeduOr.exe
  2⤵
  PID:8220
- C:\Windows\System\WdLpQQV.exe
  C:\Windows\System\WdLpQQV.exe
  2⤵
  PID:8888
- C:\Windows\System\IyYMvSk.exe
  C:\Windows\System\IyYMvSk.exe
  2⤵
  PID:9060
- C:\Windows\System\qlagCkF.exe
  C:\Windows\System\qlagCkF.exe
  2⤵
  PID:9232
- C:\Windows\System\NzZlTlj.exe
  C:\Windows\System\NzZlTlj.exe
  2⤵
  PID:9252
- C:\Windows\System\VuJyLqv.exe
  C:\Windows\System\VuJyLqv.exe
  2⤵
  PID:9268
- C:\Windows\System\lTSpTwD.exe
  C:\Windows\System\lTSpTwD.exe
  2⤵
  PID:9284
- C:\Windows\System\TVtdeVJ.exe
  C:\Windows\System\TVtdeVJ.exe
  2⤵
  PID:9304
- C:\Windows\System\qGRdyfR.exe
  C:\Windows\System\qGRdyfR.exe
  2⤵
  PID:9324
- C:\Windows\System\JZQjQKR.exe
  C:\Windows\System\JZQjQKR.exe
  2⤵
  PID:9340
- C:\Windows\System\yxdgLGO.exe
  C:\Windows\System\yxdgLGO.exe
  2⤵
  PID:9360
- C:\Windows\System\ndxqVtC.exe
  C:\Windows\System\ndxqVtC.exe
  2⤵
  PID:9380
- C:\Windows\System\nRzADSp.exe
  C:\Windows\System\nRzADSp.exe
  2⤵
  PID:9408
- C:\Windows\System\qAmkWoh.exe
  C:\Windows\System\qAmkWoh.exe
  2⤵
  PID:9432
- C:\Windows\System\fizHien.exe
  C:\Windows\System\fizHien.exe
  2⤵
  PID:9448
- C:\Windows\System\BeCZqbP.exe
  C:\Windows\System\BeCZqbP.exe
  2⤵
  PID:9464
- C:\Windows\System\izaQUdg.exe
  C:\Windows\System\izaQUdg.exe
  2⤵
  PID:9488
- C:\Windows\System\NlbTHtZ.exe
  C:\Windows\System\NlbTHtZ.exe
  2⤵
  PID:9504
- C:\Windows\System\IqPyybG.exe
  C:\Windows\System\IqPyybG.exe
  2⤵
  PID:9524
- C:\Windows\System\heZsnyn.exe
  C:\Windows\System\heZsnyn.exe
  2⤵
  PID:9552
- C:\Windows\System\reDhpST.exe
  C:\Windows\System\reDhpST.exe
  2⤵
  PID:9572
- C:\Windows\System\WtIWwgF.exe
  C:\Windows\System\WtIWwgF.exe
  2⤵
  PID:9588
- C:\Windows\System\DhQUhrq.exe
  C:\Windows\System\DhQUhrq.exe
  2⤵
  PID:9604
- C:\Windows\System\CQlUwSL.exe
  C:\Windows\System\CQlUwSL.exe
  2⤵
  PID:9620
- C:\Windows\System\aHoYFSM.exe
  C:\Windows\System\aHoYFSM.exe
  2⤵
  PID:9644
- C:\Windows\System\FVXfbzI.exe
  C:\Windows\System\FVXfbzI.exe
  2⤵
  PID:9668
- C:\Windows\System\ZNxjLaQ.exe
  C:\Windows\System\ZNxjLaQ.exe
  2⤵
  PID:9692
- C:\Windows\System\grfYJqk.exe
  C:\Windows\System\grfYJqk.exe
  2⤵
  PID:9724
- C:\Windows\System\pixPprk.exe
  C:\Windows\System\pixPprk.exe
  2⤵
  PID:9740
- C:\Windows\System\NVIxJni.exe
  C:\Windows\System\NVIxJni.exe
  2⤵
  PID:9764
- C:\Windows\System\ULPeeER.exe
  C:\Windows\System\ULPeeER.exe
  2⤵
  PID:9780
- C:\Windows\System\HvIDcrU.exe
  C:\Windows\System\HvIDcrU.exe
  2⤵
  PID:9796
- C:\Windows\System\fhogVqQ.exe
  C:\Windows\System\fhogVqQ.exe
  2⤵
  PID:9812
- C:\Windows\System\XOUuZss.exe
  C:\Windows\System\XOUuZss.exe
  2⤵
  PID:9828
- C:\Windows\System\LpRejdt.exe
  C:\Windows\System\LpRejdt.exe
  2⤵
  PID:9844
- C:\Windows\System\GJqDLsP.exe
  C:\Windows\System\GJqDLsP.exe
  2⤵
  PID:9872
- C:\Windows\System\NVAJnrx.exe
  C:\Windows\System\NVAJnrx.exe
  2⤵
  PID:9888
- C:\Windows\System\oUBnIXn.exe
  C:\Windows\System\oUBnIXn.exe
  2⤵
  PID:9904
- C:\Windows\System\GrdyhDe.exe
  C:\Windows\System\GrdyhDe.exe
  2⤵
  PID:9920
- C:\Windows\System\skvyAeG.exe
  C:\Windows\System\skvyAeG.exe
  2⤵
  PID:9936
- C:\Windows\System\EPpGiUR.exe
  C:\Windows\System\EPpGiUR.exe
  2⤵
  PID:9956
- C:\Windows\System\DjlbgFz.exe
  C:\Windows\System\DjlbgFz.exe
  2⤵
  PID:9980
- C:\Windows\System\nVVmEyn.exe
  C:\Windows\System\nVVmEyn.exe
  2⤵
  PID:9996
- C:\Windows\System\hFPBzQC.exe
  C:\Windows\System\hFPBzQC.exe
  2⤵
  PID:10016
- C:\Windows\System\oIbEzaN.exe
  C:\Windows\System\oIbEzaN.exe
  2⤵
  PID:10032
- C:\Windows\System\dmptTNR.exe
  C:\Windows\System\dmptTNR.exe
  2⤵
  PID:10048
- C:\Windows\System\mJxiQCV.exe
  C:\Windows\System\mJxiQCV.exe
  2⤵
  PID:10076
- C:\Windows\System\UzsoSfe.exe
  C:\Windows\System\UzsoSfe.exe
  2⤵
  PID:10092
- C:\Windows\System\htuwgAA.exe
  C:\Windows\System\htuwgAA.exe
  2⤵
  PID:10108
- C:\Windows\System\PQIJWuj.exe
  C:\Windows\System\PQIJWuj.exe
  2⤵
  PID:10128
- C:\Windows\System\HxEKBdp.exe
  C:\Windows\System\HxEKBdp.exe
  2⤵
  PID:10148
- C:\Windows\System\lJXxVJG.exe
  C:\Windows\System\lJXxVJG.exe
  2⤵
  PID:10172
- C:\Windows\System\IqphtNf.exe
  C:\Windows\System\IqphtNf.exe
  2⤵
  PID:10188
- C:\Windows\System\NeYXlyc.exe
  C:\Windows\System\NeYXlyc.exe
  2⤵
  PID:10204
- C:\Windows\System\kFgAXJe.exe
  C:\Windows\System\kFgAXJe.exe
  2⤵
  PID:10224
- C:\Windows\System\CMvGfTH.exe
  C:\Windows\System\CMvGfTH.exe
  2⤵
  PID:8824
- C:\Windows\System\rhXuHEC.exe
  C:\Windows\System\rhXuHEC.exe
  2⤵
  PID:9248
- C:\Windows\System\ScRXLhZ.exe
  C:\Windows\System\ScRXLhZ.exe
  2⤵
  PID:9348
- C:\Windows\System\QhCqStI.exe
  C:\Windows\System\QhCqStI.exe
  2⤵
  PID:9292
- C:\Windows\System\zlwxgqF.exe
  C:\Windows\System\zlwxgqF.exe
  2⤵
  PID:9260
- C:\Windows\System\zLiJTjH.exe
  C:\Windows\System\zLiJTjH.exe
  2⤵
  PID:9224
- C:\Windows\System\IkiHmTc.exe
  C:\Windows\System\IkiHmTc.exe
  2⤵
  PID:9376
- C:\Windows\System\mrzVcbD.exe
  C:\Windows\System\mrzVcbD.exe
  2⤵
  PID:9500
- C:\Windows\System\YNAkHrz.exe
  C:\Windows\System\YNAkHrz.exe
  2⤵
  PID:9540
- C:\Windows\System\zFHFRml.exe
  C:\Windows\System\zFHFRml.exe
  2⤵
  PID:9420
- C:\Windows\System\CWwbVNX.exe
  C:\Windows\System\CWwbVNX.exe
  2⤵
  PID:9596
- C:\Windows\System\BvIqVdB.exe
  C:\Windows\System\BvIqVdB.exe
  2⤵
  PID:9628
- C:\Windows\System\YBXrLqX.exe
  C:\Windows\System\YBXrLqX.exe
  2⤵
  PID:9680
- C:\Windows\System\jIPmapY.exe
  C:\Windows\System\jIPmapY.exe
  2⤵
  PID:9660
- C:\Windows\System\fKMmBWf.exe
  C:\Windows\System\fKMmBWf.exe
  2⤵
  PID:9716
- C:\Windows\System\umOkqOt.exe
  C:\Windows\System\umOkqOt.exe
  2⤵
  PID:9752
- C:\Windows\System\xxdbQMt.exe
  C:\Windows\System\xxdbQMt.exe
  2⤵
  PID:9804
- C:\Windows\System\FotGdvn.exe
  C:\Windows\System\FotGdvn.exe
  2⤵
  PID:9912
- C:\Windows\System\vCCGnyH.exe
  C:\Windows\System\vCCGnyH.exe
  2⤵
  PID:9952
- C:\Windows\System\CIGRgXy.exe
  C:\Windows\System\CIGRgXy.exe
  2⤵
  PID:10060
- C:\Windows\System\aaPIAVs.exe
  C:\Windows\System\aaPIAVs.exe
  2⤵
  PID:10100
- C:\Windows\System\jDhGQzA.exe
  C:\Windows\System\jDhGQzA.exe
  2⤵
  PID:10140
- C:\Windows\System\eUpjLvo.exe
  C:\Windows\System\eUpjLvo.exe
  2⤵
  PID:9976
- C:\Windows\System\nRRocUa.exe
  C:\Windows\System\nRRocUa.exe
  2⤵
  PID:9564
- C:\Windows\System\QHckJIr.exe
  C:\Windows\System\QHckJIr.exe
  2⤵
  PID:10044
- C:\Windows\System\MYAeKbD.exe
  C:\Windows\System\MYAeKbD.exe
  2⤵
  PID:9824
- C:\Windows\System\XWdETGG.exe
  C:\Windows\System\XWdETGG.exe
  2⤵
  PID:10088
- C:\Windows\System\bJxlmjg.exe
  C:\Windows\System\bJxlmjg.exe
  2⤵
  PID:9868
- C:\Windows\System\lKwKbgn.exe
  C:\Windows\System\lKwKbgn.exe
  2⤵
  PID:9144
- C:\Windows\System\cLngXEO.exe
  C:\Windows\System\cLngXEO.exe
  2⤵
  PID:9312
- C:\Windows\System\moxsxRE.exe
  C:\Windows\System\moxsxRE.exe
  2⤵
  PID:10168
- C:\Windows\System\rFhKzRy.exe
  C:\Windows\System\rFhKzRy.exe
  2⤵
  PID:9392
- C:\Windows\System\dWqqQHB.exe
  C:\Windows\System\dWqqQHB.exe
  2⤵
  PID:9336
- C:\Windows\System\XOFAWxQ.exe
  C:\Windows\System\XOFAWxQ.exe
  2⤵
  PID:9544
- C:\Windows\System\UhiIUJz.exe
  C:\Windows\System\UhiIUJz.exe
  2⤵
  PID:8240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AkyRaYy.exe

Filesize
6.0MB

MD5
65ee86485b76846144119425c97d5aaf

SHA1
a98decde895565a14b1be68eb0a685495e69e42e

SHA256
71667ec7d944a49642bd172c30fe98d46e800877e4f59e29cfef76fa8c765512

SHA512
89af21b036bed5fd71856551d175a9f1971c01a5e674647c579bb2e7b8c4041f84e868d0bf939f1ef7ff66e6399aff6f98f81dc1bb1cd0d0e01bfeb2c04d604d

Download Submit
C:\Windows\system\ApbjVrC.exe

Filesize
6.0MB

MD5
c5f7f9e60a08238af7f8a2aaff2fa873

SHA1
5d25af647ae6cc9b85d96e401fcc5fd55b6e2270

SHA256
c9bed45f7cc8a84b2fe4b52255ae0c9e7686677f5894d31b352835d646e55a7c

SHA512
61d5e292b0c391c3599e9a9d6d29e97b915ba6a970d550942881a1b3c41dd3518b20979423d71a5b7de04cc21891fd73f063611e070f201aa6699638821b3f42

Download Submit
C:\Windows\system\CtxTDlZ.exe

Filesize
6.0MB

MD5
cce87ed9b4ee7abd7ff13ffb22360b39

SHA1
3fe4a9fb113598460b272edad0115359361655e2

SHA256
b559e4f547c78bdc0a4b96e781590304112479b620c8368e71c3542550c73b1a

SHA512
c5ebca03c667a405320b8298951f9003ac98ea8116059ee7f745d1fc1e7936375d5d7c5e0e352f605269b1101862be4c419a6bded3d0996cd1cc1bd167f55472

Download Submit
C:\Windows\system\GvVuVmT.exe

Filesize
6.0MB

MD5
232872c91f8482b953f7cc1407d04579

SHA1
22abc0b0ba7d2a4ce671359e50c2cc2c80ec9e85

SHA256
436dac6943473996277763a38164874abf9dbcca32ec2a0fc56650f62eaa4171

SHA512
35a0a9b95095f573e7931c79ebc3b7926e0b32d8806636083c7666e01620f56a5d543eb3cbb15374716364c352a748b9447e68bb31a8abc9f3119f0e1ca0e4cb

Download Submit
C:\Windows\system\JMEltIj.exe

Filesize
6.0MB

MD5
1dd639a488a182a90cb76fc5e3c0c506

SHA1
b011e07efaf8a93b34099492ef65c296128fd65d

SHA256
7478b2c9f6091a048e8d0e441cd9a242192630ef40a5ec144996d2b9775420a5

SHA512
312a5a0d83837e54479f7b3b39064380b1075401cb3650765d37955dbba105271f13029abbc2612bb9f77fe49c7b8203fcf42a0a3ae868fd3a400b863a879082

Download Submit
C:\Windows\system\MwUwODB.exe

Filesize
6.0MB

MD5
8122e9bce5695fef543e5f1ad66dc1a8

SHA1
126c428eb349292b534c8994d42cdf761d94877c

SHA256
78835d02e232d9d2ef42cfcda697eefa59c9aff5b7d43018052ac7d0a9b888fd

SHA512
f8211c9f557c69ea83c9b0a7000691efffc0451742e314223c41407c9bae509fee5882aece4d446cc8dc46123cf4334b653daa57042f149b77fc6971face57e9

Download Submit
C:\Windows\system\RyUWNgM.exe

Filesize
6.0MB

MD5
f0aa2c91466af828a3a767edfcd22ded

SHA1
8a0717cfa09282944f250c2a3c04b1b13c14e581

SHA256
2422809a1989676327d2404f9da46da6c9efa739bfe9f460789103d8f1e4aea7

SHA512
8e1502ebcfa407faee6ae516559452049b11e9b4b180eff962baaa8352b565815b5065029ae6ba2bb3d0f2406200c0bde7bcb4a7ad02b51ef12bcffc12ae1125

Download Submit
C:\Windows\system\SQHPJsF.exe

Filesize
6.0MB

MD5
aaa6469a05354f7fa3770dd043febf4f

SHA1
8fb3c2bf1b5043a44eb5dde62b12285813a4fe8e

SHA256
b68ccbeb2b7a6d067b3c02bc5f546da8f0ed6d909469de6321dbdcd64e16d82d

SHA512
6626e2df1dad2a0077f6aa989ae1ae0efcf41b913940ac313cba7e4482f4a7a6c2b1c2dba46860ad0d63a49a7075f09afec6c4510637d84101dfd55f23762530

Download Submit
C:\Windows\system\VAhTONp.exe

Filesize
6.0MB

MD5
df8a9cf53de2249866b35470e77e4e9a

SHA1
ee8e82b7abf28b22f3e34b71ebbfd33696214790

SHA256
eb296b964432703b2148afbc93fc9afd8499bd9127b355ab91d520eedca169da

SHA512
92db850ff284cd1b1e5b1e0b9216bbdfec7829cfd7b1f5c2ba9a16e066d6c4fbcc94d2ccbd3baafc8a323e362d8caa83f7904874c10cdcce297f4db67612692e

Download Submit
C:\Windows\system\YTAJuKv.exe

Filesize
6.0MB

MD5
aafda7db2445c222d3264205627310d7

SHA1
d84aebb10381e63699d4c741852456b6be38c6a1

SHA256
f991bc5bd7bd6b97c1cf6c10d4298c7da63e3c713224f5dd7be0dceca8cbb34d

SHA512
b7e0c0db514b94e57d0b15001079874e985b0de1cca8b79100d2b8c119092882bc7bac1919b6b1147ece7f467224a6461434199d439d9971b460836951374fff

Download Submit
C:\Windows\system\YYLjHat.exe

Filesize
6.0MB

MD5
1b3b510e46a592a697b5fe9594aced4b

SHA1
f521c328256087cf248844593709f7fb18a7a403

SHA256
0b37a18f688878493f9fd6db5f8a54e3bb262801995f47d60a354287a604f255

SHA512
c190743a0b6e939f4b2439f31a19c034b65c4a3e73eda07ed4b3fd4abca41cc8f41b13f0f99c582a66e2a423b36098f6b560ce2c0eecf3ed65ba789bb4eb7e09

Download Submit
C:\Windows\system\YsUYazC.exe

Filesize
6.0MB

MD5
e97fd9c45fc285d066b037d476f90772

SHA1
536fb562595714ddd70618ce95e9993d56581a3c

SHA256
c2ee2418473ec1d5d37d308f2e3e807defca8c4bab50f24b843fe8f51b4c3227

SHA512
d905f2c428399536b359e0a6160291468437393f6161e6e1a058dfbbdcfd6ce0da8a30341197ec062b739524e6818e0ba3571c74122183114ca5321f62492c2c

Download Submit
C:\Windows\system\YtlwTMH.exe

Filesize
6.0MB

MD5
7d7ddd29e0f4d28107f4688270ecc0df

SHA1
ebea79063df36df9e45da3699ba598b3f7d10b3f

SHA256
0938d69685aefa0b7b8aeeaedae51de7e884e51632f8abb26645369cdefe4b0d

SHA512
acf86343eba05d00fd3b50772bfa94806e029f14b82b0056a4c85dd76db1456b76b26b7415a92e27e83d4f93a0a50a1a93ede25b0786430835a83bdb0921c046

Download Submit
C:\Windows\system\bbbHUTO.exe

Filesize
6.0MB

MD5
1b18f18491474c2c4a5647da39a12e92

SHA1
3c0ee6c6a60e8588368095b8bcfe24c91a933363

SHA256
79604b5b71ab27e4e7dcbd97b98fd6c215cb06703c55cfb7329291fbeab294ee

SHA512
2204a31f18ad38ea4d9ce69be2ba98058d5ad6f6ef5b602e82e6844fb1123bb28ceef44ff8028fd934ff48392452ed72afc8d17235121cfe34412db6bb34d015

Download Submit
C:\Windows\system\bgDabPb.exe

Filesize
8B

MD5
af3e6d5d786d198173d8a4b22def905b

SHA1
46b4ac4095e3466def721a987623201116345e83

SHA256
5131b10eb8cdfab56e5645333a189a674c40adeacb7843cbf417c4c83d6e2914

SHA512
4dc98858500dd019a7c19d48fa53b362960c243e71ac891f202a9a73024ac7ed9ec3210cc8a19a3e72c99a2e68563b814fd72f911bdd1d675b802819a6046a7e

Download Submit
C:\Windows\system\dKZZdHu.exe

Filesize
6.0MB

MD5
ed1dc6638e0578b5f3e995070db3052f

SHA1
7fbe136380d0a41f83283b101d22996fa2cd5e8b

SHA256
582cbe131f09a43adb006b1c746abe1e185806331fff89cf259ee76f3098f3aa

SHA512
882b405fc1343dbf0205428c399a8f37e1c4ee4503800089ea4f803b40e4f22e930345ed3544eebcde17f75d02deba49ad2bea2eebb8f6d5986d47f5ad85da71

Download Submit
C:\Windows\system\fmpzsWy.exe

Filesize
6.0MB

MD5
0cf888e1ea890295f03f8f7e5ead6dc5

SHA1
e788d7c601b88de5a34e8360c7038e0705cab6ab

SHA256
f5d0652b858947df009df36bb7c6651cdaab359fdd28e066540cd1550f6f590a

SHA512
b3598d4154667219e3b7f9cc84c25a9f170c692872ad15ffb08c8218869554e7f474fdbf966d2b2e4e272eaea9ded41240fd77b26782e8734fd4ca810a131c18

Download Submit
C:\Windows\system\iLzGKWi.exe

Filesize
6.0MB

MD5
7c1bc9fe8fd14f3e7a64f53ecec6d8fb

SHA1
4c7e61b92d2f60a442fa3f9b3e2d56f824e83afd

SHA256
d4ae5b69adaa64bdde56dbd6fb9aa6a516377df80316be0d3542befcee700e57

SHA512
05e314740faae8b1db3e7e5bbebb7e33310bc3c7ea66660cabe6071d44f6d2320599eb0e3527ce6eea1b9cb35edc41f9e95267de7ac0bd285cfae4cb23b9780e

Download Submit
C:\Windows\system\ikayMCe.exe

Filesize
6.0MB

MD5
a28e159812671a514b804500d84b15e6

SHA1
c9f7515e1ea76a71339dcb9194dba1b39b66f4da

SHA256
c8c67b6f44c536192a80b1aa1e51cddd5c33a73fa51e2084e10fa67bd27efef7

SHA512
f09707ee2711df91e88b316537bc1c4752a14a2bfd9eb0449828c588d81401166dc4ae607dc6bad8162784d8104a4fdb7ad3c164a622e626659effa24dfe0630

Download Submit
C:\Windows\system\kRNKwZU.exe

Filesize
6.0MB

MD5
f3e694c44a9133c9d46eedc6d3b4ee52

SHA1
12dc249e220ae0699800c4f8bb989672b08f6b7b

SHA256
b4ebb9ddcac35f86c30bfc0ebd3f6e3d775f3d3465471b7ca4184cbb7e65f47d

SHA512
6b5042b2be9144157da4fa9c0810de2732ed0b7237bc7884cf8e124f039b57ba60c57a16266e65c1b96feaec17eb693374c3c405f8633840bfa9923e494a6d4f

Download Submit
C:\Windows\system\rjjSLdY.exe

Filesize
6.0MB

MD5
3d4caaa69419e6bf4472c1a7cbd79da1

SHA1
1777c227a1149f6047233b37e69dfd7cd9d341ed

SHA256
7ee8c2b6f4617949b77755b12877c85d19889ce530393bdbebe68a4af704a16b

SHA512
5782bae584d90267568928fd74376cc62e6dfdca770745d6f37cef25f64e2367bedcb14a1e3449e20972240f7324a141ecd45e290b9977df72259d7321316593

Download Submit
C:\Windows\system\tqrXQAX.exe

Filesize
6.0MB

MD5
355223221651ffaa5ec54291be7c8d8f

SHA1
621d6f36e69c0deed4a42518667be0ec601d0cd1

SHA256
46fe0c428fa0cce134c694236ca5e7bc16b9b1213552c5845f7ca32016c18649

SHA512
41104d8d2c3f3b1abe78dc5398f6e3d0c286d213d3061e98e0bf2dd45d2e441dfd80bac214b67bfed08cbb8e5e26b93c0f76e3f31a36d3856ef8dba26055bbd1

Download Submit
C:\Windows\system\uXbgKRT.exe

Filesize
6.0MB

MD5
058f8c779cb741fbc23b6668960ffa03

SHA1
0ea9f901549fdce555e21c0a5bf777c9ad92353f

SHA256
3cc7b98f2f81849b38bcf9dc246f4905439c1aaa08fb47780ab4efa2977d4bd9

SHA512
8e79f58eb0b663db3fbd5dcec8f8d85e004aba8a5add9e05567e744b08376921a876539a84f52cf9e35bce20bad0f8a4876ec51d3cc519dd2bbad3059087c004

Download Submit
C:\Windows\system\vEKwUCn.exe

Filesize
6.0MB

MD5
d27841567ff6cc96f9ea5198575c999e

SHA1
b2b7a37f4b903c7c2f28993a7fc78c674eec5017

SHA256
c9c78ff84e1d3064012a245c6a44f7a8b451a461a1cd150388a24ad6d142b33c

SHA512
3d99dc12b82423fec19a51178a9052fe7b613b8bf8a1432fdffa22813c38edbec13236a81852f033c82b2a0e8c30731e013de41713856ffe8ba2cc0ed093c592

Download Submit
\Windows\system\DIgCBaR.exe

Filesize
6.0MB

MD5
9ef68d0baec024736b647e2aa18a5ce8

SHA1
b1a7888250ebdf2721890dc76afa9e456d661a93

SHA256
57030a33a4c22db4e050b4779ec058b894d82b0838c6a8d85b7a50fd06778c92

SHA512
66b3b4e543fe8a0fe79316a13dbbf6241ebc69b6167ed6b839fb73c761a8a2f2b4b20ee4e16c2233f42ed2c38cdaa2e4e6fd2fe63f47840a09eed1b04a19f264

Download Submit
\Windows\system\DQZPfef.exe

Filesize
6.0MB

MD5
4c36d05a0ea595c686d0f198062d7433

SHA1
5e01e514e3d48a75398fe2866b0a80f4f8bf975c

SHA256
2ace33b127f1f2698c1b2fbe1c40e87ec1b89219966c2f3e5c6a754cab3edc4b

SHA512
48ca75e8ee12bf71214b1e306fb4bf7b7aa396cff568a93af49eb9fd31e7b7c2144cc989dff83126e0e1b55a089ba966032c3b632153e583aa51f23a6661e781

Download Submit
\Windows\system\UrnzZpu.exe

Filesize
6.0MB

MD5
fef90c5cd1703d57fe1bbe79742abad4

SHA1
91967a952c70f4d0ef14fd60e714340872a5b165

SHA256
4cb67ce83139f6a1d0975d38893663ce2176c7fe037c6f7ff76f48cf83f0f320

SHA512
3ba8f00f358faeba046fe722b0791ebe0c57e2f7f0e4ccc824a31b117d8b82857a595ff379c1129bf4aed995175327341086babce309005775562f8e637f8a7a

Download Submit
\Windows\system\XBMYrgw.exe

Filesize
6.0MB

MD5
53c2faee6981b97e96e43b5ff6437bf0

SHA1
6cca998cb3606e0b2fa62cb5691890a9a79e7855

SHA256
fd38f106dd350950560b7d76d931cf7a5fce4758b6a08e093cc01423e036fc7e

SHA512
810953794df78f2ec31ec29c74c4a138e3d5d02aa1e3da60e3e0eccecfe7fc1957a861967ff9a043a53af1828a852644885ddf3173305df9ee4b1dff3d58d726

Download Submit
\Windows\system\XWXZiCt.exe

Filesize
6.0MB

MD5
22d506c30cdcc58e175a42b6a4ecd9e8

SHA1
8333b4f9a7a0f52c9c3b7f14479ad64c947f1dec

SHA256
9336cca2ce441069556ce9edbd939334b387417412673eb8a95879160520578e

SHA512
6ed9b806b5b9ba17162197ea7ea430e1e0271ddf617e3b15ee195fa88b94f6e4b5d23ebcdab81f498a60b1577fb8b2d8c3724da594a31e58e238a5caa56fd33a

Download Submit
\Windows\system\ZGgshxY.exe

Filesize
6.0MB

MD5
dfe734bbf17125c35fe54cda98749d9d

SHA1
af8016817cb11ed4dceef9d5c9ecc66ae6b3449f

SHA256
4814ab7e836a839f3ca566bd8cff3716188a64b243270553cd39e59d24ad36ad

SHA512
4577f131cc8f4cab45610ae59aed20495452f145c3b0f63e45f381356c1555243864f4dad450b5a733a619ebb786d65a8ee4975c73752a21423cb8269ab73999

Download Submit
\Windows\system\gkXQxSA.exe

Filesize
6.0MB

MD5
132fe133fac43310f866d4a3102aaa64

SHA1
826c7bb86b89a2b58925c0777d0e51ab190d6a1b

SHA256
d0364e4cc2f3c21378634a262f6758328406c54e4a69b68fd2a03e2304f1fe14

SHA512
530b512ce842b7337635db5320ade0e15c924066d1792392696bf280c70be3355834b09fc5097da3ac6b91ca84bdee42c27c6c79e0900de260e59712c90daf5e

Download Submit
\Windows\system\lMporhT.exe

Filesize
6.0MB

MD5
5dcb611a07f8dac358f788fd09824187

SHA1
8ac3c0eac4d785f947597c6311393b76994f730c

SHA256
143f916994fcb0efdba6f359df14fd8e5e6fa97764212a32d73aaf653e2dd49a

SHA512
33f14802a8e922985b775bbb0160e8bc260d2fa22e1a95f53b08d37b88237a8f11b7e2feaf055187b742678f21e1f481b1fc5298c19e6f2f1d65fb5631f3d2f7

Download Submit
\Windows\system\moLXUjM.exe

Filesize
6.0MB

MD5
bc35aa41fe3ef73b31cdaf847150a10a

SHA1
257bbc04e8d6ec248ce76d1b1da2fd5d44d76994

SHA256
11af8a6bdb7e6d25ea9aa9fa9248c1c74ae0fac6fa788de5c56d5236cb0410d9

SHA512
e63db145dd4676732fadd68d9bf9ccda2e544b3a4c2377c3ffe6bef42b13fafb6a4c9ebd28b80260a35e40068cb46d230c1eb259f765f86178158fde063a9876

Download Submit
memory/332-92-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/332-595-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/332-3874-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/376-77-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/376-3861-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/376-189-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/640-3811-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/640-67-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/640-105-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/1976-53-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-3799-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-397-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2144-3891-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2144-85-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2188-61-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2188-3843-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2188-96-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2684-21-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3593-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2684-54-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2696-60-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-29-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3576-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-42-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3556-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2724-8-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2752-74-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3603-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2752-44-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2848-101-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2848-801-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3907-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2876-15-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3553-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-46-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3586-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-66-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-37-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3901-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2940-982-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2940-109-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2984-58-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2984-106-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2984-31-0x0000000002560000-0x00000000028B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-88-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2984-36-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2984-82-0x0000000002560000-0x00000000028B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-79-0x0000000002560000-0x00000000028B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-113-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2984-64-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2984-524-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2984-97-0x0000000002560000-0x00000000028B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-75-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2984-91-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2984-18-0x0000000002560000-0x00000000028B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-13-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-52-0x0000000002560000-0x00000000028B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-100-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2984-6-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2984-24-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-697-0x0000000002560000-0x00000000028B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download