cobaltstrike | 2900a171ae8027cdb52f73a43d75a45ea64cbfde0fcc197471f85e5373626525

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a317fb3ec647a2d6f4dead69e68806f7
SHA1

1c9fcd14a3c4603ffe85a0ec2643c73d9ca12557
SHA256

2900a171ae8027cdb52f73a43d75a45ea64cbfde0fcc197471f85e5373626525
SHA512

bd5f80a9342b770e9ebdbc6c3310a5cd799560ec78c7e0f1f07eb8c0edf38ccd2e68b31bf5a4c527a652a8952718b398208cb086cd23cb8386eb738b4de13cf7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\kzlPGFg.exe	cobalt_reflective_dll
\Windows\system\rpXEWWb.exe	cobalt_reflective_dll
C:\Windows\system\nHAOerw.exe	cobalt_reflective_dll
\Windows\system\KfgszCE.exe	cobalt_reflective_dll
C:\Windows\system\XOUPMWc.exe	cobalt_reflective_dll
C:\Windows\system\SNqEjDs.exe	cobalt_reflective_dll
C:\Windows\system\Nsgsucd.exe	cobalt_reflective_dll
C:\Windows\system\yTEsxXk.exe	cobalt_reflective_dll
\Windows\system\EtVpzSG.exe	cobalt_reflective_dll
C:\Windows\system\DnafEhz.exe	cobalt_reflective_dll
C:\Windows\system\KwPnbTI.exe	cobalt_reflective_dll
C:\Windows\system\jwBtHUw.exe	cobalt_reflective_dll
C:\Windows\system\HfHlden.exe	cobalt_reflective_dll
C:\Windows\system\BjqqytG.exe	cobalt_reflective_dll
C:\Windows\system\UIaepxv.exe	cobalt_reflective_dll
\Windows\system\LlTHeQt.exe	cobalt_reflective_dll
C:\Windows\system\ujyZaFQ.exe	cobalt_reflective_dll
C:\Windows\system\zRWDZHr.exe	cobalt_reflective_dll
C:\Windows\system\ZcIreFu.exe	cobalt_reflective_dll
C:\Windows\system\bLEjyyJ.exe	cobalt_reflective_dll
C:\Windows\system\KFlggDy.exe	cobalt_reflective_dll
\Windows\system\LncUEHI.exe	cobalt_reflective_dll
\Windows\system\CYbEpsq.exe	cobalt_reflective_dll
C:\Windows\system\OoMauJg.exe	cobalt_reflective_dll
C:\Windows\system\QRKqsUQ.exe	cobalt_reflective_dll
C:\Windows\system\vdYpeMg.exe	cobalt_reflective_dll
C:\Windows\system\bZcNYoy.exe	cobalt_reflective_dll
C:\Windows\system\TsmMGIy.exe	cobalt_reflective_dll
C:\Windows\system\fThrtAd.exe	cobalt_reflective_dll
C:\Windows\system\qTXJfeW.exe	cobalt_reflective_dll
C:\Windows\system\wOdVBpI.exe	cobalt_reflective_dll
C:\Windows\system\PXFnDgq.exe	cobalt_reflective_dll
C:\Windows\system\SlMuUYL.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/3044-0-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
C:\Windows\system\kzlPGFg.exe	xmrig
\Windows\system\rpXEWWb.exe	xmrig
behavioral1/memory/2076-16-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2904-14-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
C:\Windows\system\nHAOerw.exe	xmrig
behavioral1/memory/2896-36-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/3044-50-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
\Windows\system\KfgszCE.exe	xmrig
behavioral1/memory/2820-53-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/3044-52-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2908-42-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
C:\Windows\system\XOUPMWc.exe	xmrig
C:\Windows\system\SNqEjDs.exe	xmrig
behavioral1/memory/2720-29-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
C:\Windows\system\Nsgsucd.exe	xmrig
C:\Windows\system\yTEsxXk.exe	xmrig
behavioral1/memory/3044-27-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2884-26-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/3044-11-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/memory/2720-54-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2896-55-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2908-56-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
\Windows\system\EtVpzSG.exe	xmrig
behavioral1/memory/2732-68-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2612-67-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
C:\Windows\system\DnafEhz.exe	xmrig
behavioral1/memory/1612-74-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/3044-59-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1476-82-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
C:\Windows\system\KwPnbTI.exe	xmrig
C:\Windows\system\jwBtHUw.exe	xmrig
C:\Windows\system\HfHlden.exe	xmrig
behavioral1/memory/2952-94-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
C:\Windows\system\BjqqytG.exe	xmrig
C:\Windows\system\UIaepxv.exe	xmrig
\Windows\system\LlTHeQt.exe	xmrig
C:\Windows\system\ujyZaFQ.exe	xmrig
C:\Windows\system\zRWDZHr.exe	xmrig
C:\Windows\system\ZcIreFu.exe	xmrig
C:\Windows\system\bLEjyyJ.exe	xmrig
C:\Windows\system\KFlggDy.exe	xmrig
behavioral1/memory/1048-452-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2952-355-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
\Windows\system\LncUEHI.exe	xmrig
\Windows\system\CYbEpsq.exe	xmrig
C:\Windows\system\OoMauJg.exe	xmrig
behavioral1/memory/1612-162-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
C:\Windows\system\QRKqsUQ.exe	xmrig
C:\Windows\system\vdYpeMg.exe	xmrig
C:\Windows\system\bZcNYoy.exe	xmrig
C:\Windows\system\TsmMGIy.exe	xmrig
C:\Windows\system\fThrtAd.exe	xmrig
C:\Windows\system\qTXJfeW.exe	xmrig
C:\Windows\system\wOdVBpI.exe	xmrig
C:\Windows\system\PXFnDgq.exe	xmrig
behavioral1/memory/1048-107-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
C:\Windows\system\SlMuUYL.exe	xmrig
behavioral1/memory/1064-89-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2820-883-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2908-882-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2720-881-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2896-880-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2076-879-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

kzlPGFg.exerpXEWWb.exenHAOerw.exeyTEsxXk.exeNsgsucd.exeXOUPMWc.exeSNqEjDs.exeKfgszCE.exeEtVpzSG.exeDnafEhz.exeKwPnbTI.exejwBtHUw.exeHfHlden.exeBjqqytG.exeSlMuUYL.exePXFnDgq.exeUIaepxv.exewOdVBpI.exeqTXJfeW.exeLlTHeQt.exeujyZaFQ.exefThrtAd.exezRWDZHr.exeZcIreFu.exeTsmMGIy.exebZcNYoy.exebLEjyyJ.exevdYpeMg.exeQRKqsUQ.exeKFlggDy.exeOoMauJg.exeCYbEpsq.exeLncUEHI.exefaKyUUq.exeJCAHyHw.exeRTIMnXE.exeCrWSGFc.exeNDHGGME.exevmXFixX.exeFqiGUYu.exeaOtmkmJ.exewsVWelG.exeDpGjGRs.exeZeHtlWY.exeAXFrjzi.exeKFNAEyc.exeEtDstMO.exeGpUPHEZ.exeVitOGvW.exeJJUyATk.exeTpFrAuz.exeLLwLTvH.exenLetrlC.exeJlnOUNS.exeinCwxAs.exeylCesmt.exedZSblJh.exeunjtTbK.exeeuVARKu.exerTQXCxz.exexkKfSkw.exeQZXZWSv.exeMqafPfS.exeTeZEhxp.exe

pid	process
2904	kzlPGFg.exe
2076	rpXEWWb.exe
2884	nHAOerw.exe
2720	yTEsxXk.exe
2896	Nsgsucd.exe
2908	XOUPMWc.exe
2820	SNqEjDs.exe
2612	KfgszCE.exe
2732	EtVpzSG.exe
1612	DnafEhz.exe
1476	KwPnbTI.exe
1064	jwBtHUw.exe
2952	HfHlden.exe
1048	BjqqytG.exe
1788	SlMuUYL.exe
1696	PXFnDgq.exe
1160	UIaepxv.exe
2700	wOdVBpI.exe
636	qTXJfeW.exe
2864	LlTHeQt.exe
1116	ujyZaFQ.exe
1428	fThrtAd.exe
692	zRWDZHr.exe
2428	ZcIreFu.exe
672	TsmMGIy.exe
2224	bZcNYoy.exe
2128	bLEjyyJ.exe
2256	vdYpeMg.exe
1164	QRKqsUQ.exe
856	KFlggDy.exe
1644	OoMauJg.exe
1020	CYbEpsq.exe
980	LncUEHI.exe
1032	faKyUUq.exe
1980	JCAHyHw.exe
1748	RTIMnXE.exe
976	CrWSGFc.exe
1616	NDHGGME.exe
2156	vmXFixX.exe
876	FqiGUYu.exe
2460	aOtmkmJ.exe
1356	wsVWelG.exe
1772	DpGjGRs.exe
296	ZeHtlWY.exe
2152	AXFrjzi.exe
332	KFNAEyc.exe
2220	EtDstMO.exe
1556	GpUPHEZ.exe
2580	VitOGvW.exe
1128	JJUyATk.exe
2088	TpFrAuz.exe
1716	LLwLTvH.exe
2392	nLetrlC.exe
2984	JlnOUNS.exe
1548	inCwxAs.exe
1236	ylCesmt.exe
1604	dZSblJh.exe
1668	unjtTbK.exe
2620	euVARKu.exe
2972	rTQXCxz.exe
2808	xkKfSkw.exe
2828	QZXZWSv.exe
2500	MqafPfS.exe
2756	TeZEhxp.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3044-0-0x000000013F520000-0x000000013F874000-memory.dmp	upx
C:\Windows\system\kzlPGFg.exe	upx
\Windows\system\rpXEWWb.exe	upx
behavioral1/memory/2076-16-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2904-14-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
C:\Windows\system\nHAOerw.exe	upx
behavioral1/memory/2896-36-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/3044-50-0x000000013F520000-0x000000013F874000-memory.dmp	upx
\Windows\system\KfgszCE.exe	upx
behavioral1/memory/2820-53-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2908-42-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
C:\Windows\system\XOUPMWc.exe	upx
C:\Windows\system\SNqEjDs.exe	upx
behavioral1/memory/2720-29-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
C:\Windows\system\Nsgsucd.exe	upx
C:\Windows\system\yTEsxXk.exe	upx
behavioral1/memory/2884-26-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2720-54-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2896-55-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2908-56-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
\Windows\system\EtVpzSG.exe	upx
behavioral1/memory/2732-68-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2612-67-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
C:\Windows\system\DnafEhz.exe	upx
behavioral1/memory/1612-74-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1476-82-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
C:\Windows\system\KwPnbTI.exe	upx
C:\Windows\system\jwBtHUw.exe	upx
C:\Windows\system\HfHlden.exe	upx
behavioral1/memory/2952-94-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
C:\Windows\system\BjqqytG.exe	upx
C:\Windows\system\UIaepxv.exe	upx
\Windows\system\LlTHeQt.exe	upx
C:\Windows\system\ujyZaFQ.exe	upx
C:\Windows\system\zRWDZHr.exe	upx
C:\Windows\system\ZcIreFu.exe	upx
C:\Windows\system\bLEjyyJ.exe	upx
C:\Windows\system\KFlggDy.exe	upx
behavioral1/memory/1048-452-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2952-355-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
\Windows\system\LncUEHI.exe	upx
\Windows\system\CYbEpsq.exe	upx
C:\Windows\system\OoMauJg.exe	upx
behavioral1/memory/1612-162-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
C:\Windows\system\QRKqsUQ.exe	upx
C:\Windows\system\vdYpeMg.exe	upx
C:\Windows\system\bZcNYoy.exe	upx
C:\Windows\system\TsmMGIy.exe	upx
C:\Windows\system\fThrtAd.exe	upx
C:\Windows\system\qTXJfeW.exe	upx
C:\Windows\system\wOdVBpI.exe	upx
C:\Windows\system\PXFnDgq.exe	upx
behavioral1/memory/1048-107-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
C:\Windows\system\SlMuUYL.exe	upx
behavioral1/memory/1064-89-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2820-883-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2908-882-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2720-881-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2896-880-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2076-879-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2884-878-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2904-877-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2732-1240-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2612-1239-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\FFLlXOc.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMwJTHM.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGimqFH.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQqvKmk.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhXAJyN.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZehbaa.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLqBvNu.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKrYeQT.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIVcSkt.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nuWVmhT.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elabHlS.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAYuNqn.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYaKjSk.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHOwowq.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTmxTAZ.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpTWCMV.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKHdBtW.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUmJKPw.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRcibvU.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmgQqjU.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRmcnFk.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfCjpMJ.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiiDSmK.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKbmybq.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STQmyEf.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\brqNorG.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ponJEYE.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZXZWSv.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaZZIET.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSDYLEh.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfatMUC.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBUeCcA.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUqVycf.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jalnZKw.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTEsxXk.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyBJyDC.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNGbfAi.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZgNUJJ.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OldxONN.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjpTPVN.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKnIzwH.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOKSHvv.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaSBAfR.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POKkjcp.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYqlfNh.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdNgrlY.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPbmKaW.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEDZebt.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdslvNu.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guPVinb.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBOxeCM.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znhIAYj.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtstPFU.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvLuhvm.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtbSPKd.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiYHmea.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSnntut.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwtdiJD.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXvKwmX.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjVKKFS.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaEwPJg.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVZKFmC.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCskBTY.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGRnifG.exe	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 3044 wrote to memory of 2904	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	kzlPGFg.exe
PID 3044 wrote to memory of 2904	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	kzlPGFg.exe
PID 3044 wrote to memory of 2904	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	kzlPGFg.exe
PID 3044 wrote to memory of 2076	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	rpXEWWb.exe
PID 3044 wrote to memory of 2076	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	rpXEWWb.exe
PID 3044 wrote to memory of 2076	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	rpXEWWb.exe
PID 3044 wrote to memory of 2884	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	nHAOerw.exe
PID 3044 wrote to memory of 2884	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	nHAOerw.exe
PID 3044 wrote to memory of 2884	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	nHAOerw.exe
PID 3044 wrote to memory of 2720	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	yTEsxXk.exe
PID 3044 wrote to memory of 2720	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	yTEsxXk.exe
PID 3044 wrote to memory of 2720	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	yTEsxXk.exe
PID 3044 wrote to memory of 2896	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	Nsgsucd.exe
PID 3044 wrote to memory of 2896	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	Nsgsucd.exe
PID 3044 wrote to memory of 2896	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	Nsgsucd.exe
PID 3044 wrote to memory of 2908	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	XOUPMWc.exe
PID 3044 wrote to memory of 2908	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	XOUPMWc.exe
PID 3044 wrote to memory of 2908	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	XOUPMWc.exe
PID 3044 wrote to memory of 2820	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	SNqEjDs.exe
PID 3044 wrote to memory of 2820	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	SNqEjDs.exe
PID 3044 wrote to memory of 2820	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	SNqEjDs.exe
PID 3044 wrote to memory of 2612	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	KfgszCE.exe
PID 3044 wrote to memory of 2612	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	KfgszCE.exe
PID 3044 wrote to memory of 2612	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	KfgszCE.exe
PID 3044 wrote to memory of 2732	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	EtVpzSG.exe
PID 3044 wrote to memory of 2732	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	EtVpzSG.exe
PID 3044 wrote to memory of 2732	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	EtVpzSG.exe
PID 3044 wrote to memory of 1612	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	DnafEhz.exe
PID 3044 wrote to memory of 1612	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	DnafEhz.exe
PID 3044 wrote to memory of 1612	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	DnafEhz.exe
PID 3044 wrote to memory of 1476	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	KwPnbTI.exe
PID 3044 wrote to memory of 1476	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	KwPnbTI.exe
PID 3044 wrote to memory of 1476	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	KwPnbTI.exe
PID 3044 wrote to memory of 1064	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	jwBtHUw.exe
PID 3044 wrote to memory of 1064	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	jwBtHUw.exe
PID 3044 wrote to memory of 1064	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	jwBtHUw.exe
PID 3044 wrote to memory of 2952	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	HfHlden.exe
PID 3044 wrote to memory of 2952	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	HfHlden.exe
PID 3044 wrote to memory of 2952	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	HfHlden.exe
PID 3044 wrote to memory of 1788	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	SlMuUYL.exe
PID 3044 wrote to memory of 1788	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	SlMuUYL.exe
PID 3044 wrote to memory of 1788	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	SlMuUYL.exe
PID 3044 wrote to memory of 1048	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	BjqqytG.exe
PID 3044 wrote to memory of 1048	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	BjqqytG.exe
PID 3044 wrote to memory of 1048	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	BjqqytG.exe
PID 3044 wrote to memory of 1696	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	PXFnDgq.exe
PID 3044 wrote to memory of 1696	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	PXFnDgq.exe
PID 3044 wrote to memory of 1696	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	PXFnDgq.exe
PID 3044 wrote to memory of 1160	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	UIaepxv.exe
PID 3044 wrote to memory of 1160	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	UIaepxv.exe
PID 3044 wrote to memory of 1160	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	UIaepxv.exe
PID 3044 wrote to memory of 2700	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	wOdVBpI.exe
PID 3044 wrote to memory of 2700	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	wOdVBpI.exe
PID 3044 wrote to memory of 2700	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	wOdVBpI.exe
PID 3044 wrote to memory of 636	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	qTXJfeW.exe
PID 3044 wrote to memory of 636	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	qTXJfeW.exe
PID 3044 wrote to memory of 636	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	qTXJfeW.exe
PID 3044 wrote to memory of 2864	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	LlTHeQt.exe
PID 3044 wrote to memory of 2864	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	LlTHeQt.exe
PID 3044 wrote to memory of 2864	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	LlTHeQt.exe
PID 3044 wrote to memory of 1116	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	ujyZaFQ.exe
PID 3044 wrote to memory of 1116	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	ujyZaFQ.exe
PID 3044 wrote to memory of 1116	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	ujyZaFQ.exe
PID 3044 wrote to memory of 1428	3044	2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe	fThrtAd.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_a317fb3ec647a2d6f4dead69e68806f7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\System\kzlPGFg.exe
  C:\Windows\System\kzlPGFg.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\rpXEWWb.exe
  C:\Windows\System\rpXEWWb.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\nHAOerw.exe
  C:\Windows\System\nHAOerw.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\yTEsxXk.exe
  C:\Windows\System\yTEsxXk.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\Nsgsucd.exe
  C:\Windows\System\Nsgsucd.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\XOUPMWc.exe
  C:\Windows\System\XOUPMWc.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\SNqEjDs.exe
  C:\Windows\System\SNqEjDs.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\KfgszCE.exe
  C:\Windows\System\KfgszCE.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\EtVpzSG.exe
  C:\Windows\System\EtVpzSG.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\DnafEhz.exe
  C:\Windows\System\DnafEhz.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\KwPnbTI.exe
  C:\Windows\System\KwPnbTI.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\jwBtHUw.exe
  C:\Windows\System\jwBtHUw.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\HfHlden.exe
  C:\Windows\System\HfHlden.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\SlMuUYL.exe
  C:\Windows\System\SlMuUYL.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\BjqqytG.exe
  C:\Windows\System\BjqqytG.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\PXFnDgq.exe
  C:\Windows\System\PXFnDgq.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\UIaepxv.exe
  C:\Windows\System\UIaepxv.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\wOdVBpI.exe
  C:\Windows\System\wOdVBpI.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\qTXJfeW.exe
  C:\Windows\System\qTXJfeW.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\LlTHeQt.exe
  C:\Windows\System\LlTHeQt.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\ujyZaFQ.exe
  C:\Windows\System\ujyZaFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\fThrtAd.exe
  C:\Windows\System\fThrtAd.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\zRWDZHr.exe
  C:\Windows\System\zRWDZHr.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ZcIreFu.exe
  C:\Windows\System\ZcIreFu.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\TsmMGIy.exe
  C:\Windows\System\TsmMGIy.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\bZcNYoy.exe
  C:\Windows\System\bZcNYoy.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\bLEjyyJ.exe
  C:\Windows\System\bLEjyyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\vdYpeMg.exe
  C:\Windows\System\vdYpeMg.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\QRKqsUQ.exe
  C:\Windows\System\QRKqsUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\KFlggDy.exe
  C:\Windows\System\KFlggDy.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\OoMauJg.exe
  C:\Windows\System\OoMauJg.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\LncUEHI.exe
  C:\Windows\System\LncUEHI.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\CYbEpsq.exe
  C:\Windows\System\CYbEpsq.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\faKyUUq.exe
  C:\Windows\System\faKyUUq.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\JCAHyHw.exe
  C:\Windows\System\JCAHyHw.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\RTIMnXE.exe
  C:\Windows\System\RTIMnXE.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\CrWSGFc.exe
  C:\Windows\System\CrWSGFc.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\NDHGGME.exe
  C:\Windows\System\NDHGGME.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\vmXFixX.exe
  C:\Windows\System\vmXFixX.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\FqiGUYu.exe
  C:\Windows\System\FqiGUYu.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\aOtmkmJ.exe
  C:\Windows\System\aOtmkmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\wsVWelG.exe
  C:\Windows\System\wsVWelG.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\DpGjGRs.exe
  C:\Windows\System\DpGjGRs.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\ZeHtlWY.exe
  C:\Windows\System\ZeHtlWY.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\AXFrjzi.exe
  C:\Windows\System\AXFrjzi.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\KFNAEyc.exe
  C:\Windows\System\KFNAEyc.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\EtDstMO.exe
  C:\Windows\System\EtDstMO.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\GpUPHEZ.exe
  C:\Windows\System\GpUPHEZ.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\VitOGvW.exe
  C:\Windows\System\VitOGvW.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\JJUyATk.exe
  C:\Windows\System\JJUyATk.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\TpFrAuz.exe
  C:\Windows\System\TpFrAuz.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\LLwLTvH.exe
  C:\Windows\System\LLwLTvH.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\nLetrlC.exe
  C:\Windows\System\nLetrlC.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\JlnOUNS.exe
  C:\Windows\System\JlnOUNS.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\inCwxAs.exe
  C:\Windows\System\inCwxAs.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ylCesmt.exe
  C:\Windows\System\ylCesmt.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\dZSblJh.exe
  C:\Windows\System\dZSblJh.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\unjtTbK.exe
  C:\Windows\System\unjtTbK.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\euVARKu.exe
  C:\Windows\System\euVARKu.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\VzqKJvt.exe
  C:\Windows\System\VzqKJvt.exe
  2⤵
  PID:2636
- C:\Windows\System\rTQXCxz.exe
  C:\Windows\System\rTQXCxz.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\cKxqVIm.exe
  C:\Windows\System\cKxqVIm.exe
  2⤵
  PID:2124
- C:\Windows\System\xkKfSkw.exe
  C:\Windows\System\xkKfSkw.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\SnsTqCA.exe
  C:\Windows\System\SnsTqCA.exe
  2⤵
  PID:2628
- C:\Windows\System\QZXZWSv.exe
  C:\Windows\System\QZXZWSv.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\jYaKjSk.exe
  C:\Windows\System\jYaKjSk.exe
  2⤵
  PID:3060
- C:\Windows\System\MqafPfS.exe
  C:\Windows\System\MqafPfS.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\tiCvaEa.exe
  C:\Windows\System\tiCvaEa.exe
  2⤵
  PID:2596
- C:\Windows\System\TeZEhxp.exe
  C:\Windows\System\TeZEhxp.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\kruNEZm.exe
  C:\Windows\System\kruNEZm.exe
  2⤵
  PID:2920
- C:\Windows\System\ghSwifq.exe
  C:\Windows\System\ghSwifq.exe
  2⤵
  PID:2516
- C:\Windows\System\QoMfBgw.exe
  C:\Windows\System\QoMfBgw.exe
  2⤵
  PID:2872
- C:\Windows\System\xrsoSZy.exe
  C:\Windows\System\xrsoSZy.exe
  2⤵
  PID:1500
- C:\Windows\System\GwqMHzt.exe
  C:\Windows\System\GwqMHzt.exe
  2⤵
  PID:584
- C:\Windows\System\konEENB.exe
  C:\Windows\System\konEENB.exe
  2⤵
  PID:3004
- C:\Windows\System\JWksJep.exe
  C:\Windows\System\JWksJep.exe
  2⤵
  PID:2440
- C:\Windows\System\uFZzKMI.exe
  C:\Windows\System\uFZzKMI.exe
  2⤵
  PID:2160
- C:\Windows\System\Uixfanh.exe
  C:\Windows\System\Uixfanh.exe
  2⤵
  PID:2372
- C:\Windows\System\CxwYWEa.exe
  C:\Windows\System\CxwYWEa.exe
  2⤵
  PID:700
- C:\Windows\System\EPhuCmH.exe
  C:\Windows\System\EPhuCmH.exe
  2⤵
  PID:2376
- C:\Windows\System\NejFWZB.exe
  C:\Windows\System\NejFWZB.exe
  2⤵
  PID:880
- C:\Windows\System\msLiVns.exe
  C:\Windows\System\msLiVns.exe
  2⤵
  PID:2112
- C:\Windows\System\OrWgkpV.exe
  C:\Windows\System\OrWgkpV.exe
  2⤵
  PID:948
- C:\Windows\System\hjhxqWV.exe
  C:\Windows\System\hjhxqWV.exe
  2⤵
  PID:2488
- C:\Windows\System\BaFURzW.exe
  C:\Windows\System\BaFURzW.exe
  2⤵
  PID:3000
- C:\Windows\System\BQNGmHS.exe
  C:\Windows\System\BQNGmHS.exe
  2⤵
  PID:2176
- C:\Windows\System\rWRlDMQ.exe
  C:\Windows\System\rWRlDMQ.exe
  2⤵
  PID:1812
- C:\Windows\System\NNHxzcW.exe
  C:\Windows\System\NNHxzcW.exe
  2⤵
  PID:1576
- C:\Windows\System\mXHskaV.exe
  C:\Windows\System\mXHskaV.exe
  2⤵
  PID:2348
- C:\Windows\System\JCPfaWU.exe
  C:\Windows\System\JCPfaWU.exe
  2⤵
  PID:1040
- C:\Windows\System\bHggWHq.exe
  C:\Windows\System\bHggWHq.exe
  2⤵
  PID:1504
- C:\Windows\System\PJLViKY.exe
  C:\Windows\System\PJLViKY.exe
  2⤵
  PID:1688
- C:\Windows\System\YKPgzYH.exe
  C:\Windows\System\YKPgzYH.exe
  2⤵
  PID:2980
- C:\Windows\System\dmlKhHY.exe
  C:\Windows\System\dmlKhHY.exe
  2⤵
  PID:2464
- C:\Windows\System\AaZZIET.exe
  C:\Windows\System\AaZZIET.exe
  2⤵
  PID:2668
- C:\Windows\System\xReSYVn.exe
  C:\Windows\System\xReSYVn.exe
  2⤵
  PID:2824
- C:\Windows\System\CNEWKRd.exe
  C:\Windows\System\CNEWKRd.exe
  2⤵
  PID:2760
- C:\Windows\System\IdNgrlY.exe
  C:\Windows\System\IdNgrlY.exe
  2⤵
  PID:2452
- C:\Windows\System\fYSuOwT.exe
  C:\Windows\System\fYSuOwT.exe
  2⤵
  PID:2308
- C:\Windows\System\oVwGlor.exe
  C:\Windows\System\oVwGlor.exe
  2⤵
  PID:2660
- C:\Windows\System\IrdwohX.exe
  C:\Windows\System\IrdwohX.exe
  2⤵
  PID:2944
- C:\Windows\System\CHnEHEf.exe
  C:\Windows\System\CHnEHEf.exe
  2⤵
  PID:2116
- C:\Windows\System\LaEeMfS.exe
  C:\Windows\System\LaEeMfS.exe
  2⤵
  PID:2096
- C:\Windows\System\xbKFxjv.exe
  C:\Windows\System\xbKFxjv.exe
  2⤵
  PID:1372
- C:\Windows\System\hAkGLyu.exe
  C:\Windows\System\hAkGLyu.exe
  2⤵
  PID:1036
- C:\Windows\System\DyCxZbX.exe
  C:\Windows\System\DyCxZbX.exe
  2⤵
  PID:2536
- C:\Windows\System\UvICbKb.exe
  C:\Windows\System\UvICbKb.exe
  2⤵
  PID:2744
- C:\Windows\System\BNzZWGi.exe
  C:\Windows\System\BNzZWGi.exe
  2⤵
  PID:2772
- C:\Windows\System\AofeqSb.exe
  C:\Windows\System\AofeqSb.exe
  2⤵
  PID:2876
- C:\Windows\System\GHzaaUk.exe
  C:\Windows\System\GHzaaUk.exe
  2⤵
  PID:1252
- C:\Windows\System\laMKiYq.exe
  C:\Windows\System\laMKiYq.exe
  2⤵
  PID:3024
- C:\Windows\System\TkdNvJI.exe
  C:\Windows\System\TkdNvJI.exe
  2⤵
  PID:1336
- C:\Windows\System\yrUZJHE.exe
  C:\Windows\System\yrUZJHE.exe
  2⤵
  PID:2040
- C:\Windows\System\IXmDdlZ.exe
  C:\Windows\System\IXmDdlZ.exe
  2⤵
  PID:2324
- C:\Windows\System\EtACMHU.exe
  C:\Windows\System\EtACMHU.exe
  2⤵
  PID:2184
- C:\Windows\System\FgZYcdO.exe
  C:\Windows\System\FgZYcdO.exe
  2⤵
  PID:1552
- C:\Windows\System\BRHOrei.exe
  C:\Windows\System\BRHOrei.exe
  2⤵
  PID:2396
- C:\Windows\System\gCeUnUn.exe
  C:\Windows\System\gCeUnUn.exe
  2⤵
  PID:2836
- C:\Windows\System\ElzbaqL.exe
  C:\Windows\System\ElzbaqL.exe
  2⤵
  PID:548
- C:\Windows\System\LedlyCm.exe
  C:\Windows\System\LedlyCm.exe
  2⤵
  PID:1600
- C:\Windows\System\CJBNylS.exe
  C:\Windows\System\CJBNylS.exe
  2⤵
  PID:1424
- C:\Windows\System\kyAxKrr.exe
  C:\Windows\System\kyAxKrr.exe
  2⤵
  PID:612
- C:\Windows\System\afHHVBq.exe
  C:\Windows\System\afHHVBq.exe
  2⤵
  PID:868
- C:\Windows\System\rvJohHr.exe
  C:\Windows\System\rvJohHr.exe
  2⤵
  PID:2296
- C:\Windows\System\AsxlUFA.exe
  C:\Windows\System\AsxlUFA.exe
  2⤵
  PID:1528
- C:\Windows\System\eNSGtKm.exe
  C:\Windows\System\eNSGtKm.exe
  2⤵
  PID:2208
- C:\Windows\System\ANNaCKf.exe
  C:\Windows\System\ANNaCKf.exe
  2⤵
  PID:1636
- C:\Windows\System\TUITWjO.exe
  C:\Windows\System\TUITWjO.exe
  2⤵
  PID:2480
- C:\Windows\System\YQCegLt.exe
  C:\Windows\System\YQCegLt.exe
  2⤵
  PID:1924
- C:\Windows\System\uEhwpgu.exe
  C:\Windows\System\uEhwpgu.exe
  2⤵
  PID:1452
- C:\Windows\System\HZYSFdi.exe
  C:\Windows\System\HZYSFdi.exe
  2⤵
  PID:2624
- C:\Windows\System\gfxhhhx.exe
  C:\Windows\System\gfxhhhx.exe
  2⤵
  PID:2768
- C:\Windows\System\MIieAci.exe
  C:\Windows\System\MIieAci.exe
  2⤵
  PID:1992
- C:\Windows\System\pySiPBZ.exe
  C:\Windows\System\pySiPBZ.exe
  2⤵
  PID:2352
- C:\Windows\System\uCQHvAX.exe
  C:\Windows\System\uCQHvAX.exe
  2⤵
  PID:2640
- C:\Windows\System\gugbzke.exe
  C:\Windows\System\gugbzke.exe
  2⤵
  PID:904
- C:\Windows\System\Xartgzw.exe
  C:\Windows\System\Xartgzw.exe
  2⤵
  PID:2740
- C:\Windows\System\EwVmWAk.exe
  C:\Windows\System\EwVmWAk.exe
  2⤵
  PID:2664
- C:\Windows\System\wzuaqBz.exe
  C:\Windows\System\wzuaqBz.exe
  2⤵
  PID:2688
- C:\Windows\System\PzxVisU.exe
  C:\Windows\System\PzxVisU.exe
  2⤵
  PID:2456
- C:\Windows\System\fubWkIG.exe
  C:\Windows\System\fubWkIG.exe
  2⤵
  PID:2676
- C:\Windows\System\pQbTEHy.exe
  C:\Windows\System\pQbTEHy.exe
  2⤵
  PID:3088
- C:\Windows\System\PUMJdMJ.exe
  C:\Windows\System\PUMJdMJ.exe
  2⤵
  PID:3104
- C:\Windows\System\vMFymSJ.exe
  C:\Windows\System\vMFymSJ.exe
  2⤵
  PID:3120
- C:\Windows\System\SiZPaNT.exe
  C:\Windows\System\SiZPaNT.exe
  2⤵
  PID:3136
- C:\Windows\System\eXFoRKe.exe
  C:\Windows\System\eXFoRKe.exe
  2⤵
  PID:3152
- C:\Windows\System\hbtZbPz.exe
  C:\Windows\System\hbtZbPz.exe
  2⤵
  PID:3168
- C:\Windows\System\ryxVhMY.exe
  C:\Windows\System\ryxVhMY.exe
  2⤵
  PID:3184
- C:\Windows\System\SiYHmea.exe
  C:\Windows\System\SiYHmea.exe
  2⤵
  PID:3200
- C:\Windows\System\MEXALhY.exe
  C:\Windows\System\MEXALhY.exe
  2⤵
  PID:3216
- C:\Windows\System\fNfyzwF.exe
  C:\Windows\System\fNfyzwF.exe
  2⤵
  PID:3232
- C:\Windows\System\POCPnxA.exe
  C:\Windows\System\POCPnxA.exe
  2⤵
  PID:3248
- C:\Windows\System\NBOQwZU.exe
  C:\Windows\System\NBOQwZU.exe
  2⤵
  PID:3264
- C:\Windows\System\iHSJRJY.exe
  C:\Windows\System\iHSJRJY.exe
  2⤵
  PID:3280
- C:\Windows\System\OKIuOxJ.exe
  C:\Windows\System\OKIuOxJ.exe
  2⤵
  PID:3296
- C:\Windows\System\oLDIuPA.exe
  C:\Windows\System\oLDIuPA.exe
  2⤵
  PID:3312
- C:\Windows\System\nuYaDpN.exe
  C:\Windows\System\nuYaDpN.exe
  2⤵
  PID:3328
- C:\Windows\System\BqnMBzR.exe
  C:\Windows\System\BqnMBzR.exe
  2⤵
  PID:3348
- C:\Windows\System\vmPrEHZ.exe
  C:\Windows\System\vmPrEHZ.exe
  2⤵
  PID:3364
- C:\Windows\System\twzZtNX.exe
  C:\Windows\System\twzZtNX.exe
  2⤵
  PID:3380
- C:\Windows\System\jfSDGDj.exe
  C:\Windows\System\jfSDGDj.exe
  2⤵
  PID:3396
- C:\Windows\System\YtMnLQH.exe
  C:\Windows\System\YtMnLQH.exe
  2⤵
  PID:3412
- C:\Windows\System\UDUxOPY.exe
  C:\Windows\System\UDUxOPY.exe
  2⤵
  PID:3428
- C:\Windows\System\MduoOpx.exe
  C:\Windows\System\MduoOpx.exe
  2⤵
  PID:3444
- C:\Windows\System\UyIMArD.exe
  C:\Windows\System\UyIMArD.exe
  2⤵
  PID:3460
- C:\Windows\System\kZqkvkp.exe
  C:\Windows\System\kZqkvkp.exe
  2⤵
  PID:3476
- C:\Windows\System\oNPfNpl.exe
  C:\Windows\System\oNPfNpl.exe
  2⤵
  PID:3492
- C:\Windows\System\OBShtfq.exe
  C:\Windows\System\OBShtfq.exe
  2⤵
  PID:3508
- C:\Windows\System\xphRgbO.exe
  C:\Windows\System\xphRgbO.exe
  2⤵
  PID:3524
- C:\Windows\System\ARnyBnt.exe
  C:\Windows\System\ARnyBnt.exe
  2⤵
  PID:3540
- C:\Windows\System\gFZyFRs.exe
  C:\Windows\System\gFZyFRs.exe
  2⤵
  PID:3556
- C:\Windows\System\JvUwSas.exe
  C:\Windows\System\JvUwSas.exe
  2⤵
  PID:3572
- C:\Windows\System\iORVWnS.exe
  C:\Windows\System\iORVWnS.exe
  2⤵
  PID:3588
- C:\Windows\System\OiakPGj.exe
  C:\Windows\System\OiakPGj.exe
  2⤵
  PID:3604
- C:\Windows\System\jgXnjkx.exe
  C:\Windows\System\jgXnjkx.exe
  2⤵
  PID:3620
- C:\Windows\System\KmjcPAd.exe
  C:\Windows\System\KmjcPAd.exe
  2⤵
  PID:3636
- C:\Windows\System\UmxiiAR.exe
  C:\Windows\System\UmxiiAR.exe
  2⤵
  PID:3656
- C:\Windows\System\GmclvCQ.exe
  C:\Windows\System\GmclvCQ.exe
  2⤵
  PID:3672
- C:\Windows\System\RpWnVlm.exe
  C:\Windows\System\RpWnVlm.exe
  2⤵
  PID:3688
- C:\Windows\System\kakwxrp.exe
  C:\Windows\System\kakwxrp.exe
  2⤵
  PID:3704
- C:\Windows\System\GbcgvAx.exe
  C:\Windows\System\GbcgvAx.exe
  2⤵
  PID:3720
- C:\Windows\System\OcrlpDw.exe
  C:\Windows\System\OcrlpDw.exe
  2⤵
  PID:3736
- C:\Windows\System\fldRVtO.exe
  C:\Windows\System\fldRVtO.exe
  2⤵
  PID:3752
- C:\Windows\System\HbYslkk.exe
  C:\Windows\System\HbYslkk.exe
  2⤵
  PID:3768
- C:\Windows\System\IDYJiiK.exe
  C:\Windows\System\IDYJiiK.exe
  2⤵
  PID:3784
- C:\Windows\System\UBFGZil.exe
  C:\Windows\System\UBFGZil.exe
  2⤵
  PID:3800
- C:\Windows\System\spYASLX.exe
  C:\Windows\System\spYASLX.exe
  2⤵
  PID:3816
- C:\Windows\System\WGKlErx.exe
  C:\Windows\System\WGKlErx.exe
  2⤵
  PID:3832
- C:\Windows\System\owivJIq.exe
  C:\Windows\System\owivJIq.exe
  2⤵
  PID:3848
- C:\Windows\System\gmNdpQR.exe
  C:\Windows\System\gmNdpQR.exe
  2⤵
  PID:3864
- C:\Windows\System\XwGHIhN.exe
  C:\Windows\System\XwGHIhN.exe
  2⤵
  PID:3880
- C:\Windows\System\LVPMUDy.exe
  C:\Windows\System\LVPMUDy.exe
  2⤵
  PID:3896
- C:\Windows\System\hasvxtj.exe
  C:\Windows\System\hasvxtj.exe
  2⤵
  PID:3912
- C:\Windows\System\DvwYPJf.exe
  C:\Windows\System\DvwYPJf.exe
  2⤵
  PID:3928
- C:\Windows\System\dYeiAlI.exe
  C:\Windows\System\dYeiAlI.exe
  2⤵
  PID:3944
- C:\Windows\System\kyCWLCX.exe
  C:\Windows\System\kyCWLCX.exe
  2⤵
  PID:3960
- C:\Windows\System\wqncMdZ.exe
  C:\Windows\System\wqncMdZ.exe
  2⤵
  PID:3976
- C:\Windows\System\XkLaIpX.exe
  C:\Windows\System\XkLaIpX.exe
  2⤵
  PID:3996
- C:\Windows\System\JiDGrYo.exe
  C:\Windows\System\JiDGrYo.exe
  2⤵
  PID:4012
- C:\Windows\System\LUMHjKq.exe
  C:\Windows\System\LUMHjKq.exe
  2⤵
  PID:4028
- C:\Windows\System\RwUelaj.exe
  C:\Windows\System\RwUelaj.exe
  2⤵
  PID:4044
- C:\Windows\System\xVsVOnJ.exe
  C:\Windows\System\xVsVOnJ.exe
  2⤵
  PID:4060
- C:\Windows\System\znthIoP.exe
  C:\Windows\System\znthIoP.exe
  2⤵
  PID:4076
- C:\Windows\System\idzKNGQ.exe
  C:\Windows\System\idzKNGQ.exe
  2⤵
  PID:4092
- C:\Windows\System\usQXKGx.exe
  C:\Windows\System\usQXKGx.exe
  2⤵
  PID:2748
- C:\Windows\System\oIjevsH.exe
  C:\Windows\System\oIjevsH.exe
  2⤵
  PID:1536
- C:\Windows\System\WidWfUo.exe
  C:\Windows\System\WidWfUo.exe
  2⤵
  PID:2468
- C:\Windows\System\hoQcmjA.exe
  C:\Windows\System\hoQcmjA.exe
  2⤵
  PID:1944
- C:\Windows\System\sQtMZKo.exe
  C:\Windows\System\sQtMZKo.exe
  2⤵
  PID:1796
- C:\Windows\System\phjrlUC.exe
  C:\Windows\System\phjrlUC.exe
  2⤵
  PID:3080
- C:\Windows\System\nPbmKaW.exe
  C:\Windows\System\nPbmKaW.exe
  2⤵
  PID:3112
- C:\Windows\System\vjaNDCG.exe
  C:\Windows\System\vjaNDCG.exe
  2⤵
  PID:3148
- C:\Windows\System\LCjPTkj.exe
  C:\Windows\System\LCjPTkj.exe
  2⤵
  PID:3128
- C:\Windows\System\vWaRmMh.exe
  C:\Windows\System\vWaRmMh.exe
  2⤵
  PID:3212
- C:\Windows\System\oqZSFdC.exe
  C:\Windows\System\oqZSFdC.exe
  2⤵
  PID:3196
- C:\Windows\System\gPYrZQX.exe
  C:\Windows\System\gPYrZQX.exe
  2⤵
  PID:3272
- C:\Windows\System\aQbKLQC.exe
  C:\Windows\System\aQbKLQC.exe
  2⤵
  PID:3256
- C:\Windows\System\CIdUNWd.exe
  C:\Windows\System\CIdUNWd.exe
  2⤵
  PID:3292
- C:\Windows\System\HuXJAKJ.exe
  C:\Windows\System\HuXJAKJ.exe
  2⤵
  PID:3324
- C:\Windows\System\tuMHbpI.exe
  C:\Windows\System\tuMHbpI.exe
  2⤵
  PID:3372
- C:\Windows\System\ULgprxA.exe
  C:\Windows\System\ULgprxA.exe
  2⤵
  PID:3404
- C:\Windows\System\qwjdUTK.exe
  C:\Windows\System\qwjdUTK.exe
  2⤵
  PID:3436
- C:\Windows\System\XZjAQJz.exe
  C:\Windows\System\XZjAQJz.exe
  2⤵
  PID:3468
- C:\Windows\System\onYJHIR.exe
  C:\Windows\System\onYJHIR.exe
  2⤵
  PID:3500
- C:\Windows\System\AYbLQIF.exe
  C:\Windows\System\AYbLQIF.exe
  2⤵
  PID:3516
- C:\Windows\System\TEKHMed.exe
  C:\Windows\System\TEKHMed.exe
  2⤵
  PID:3564
- C:\Windows\System\bGlFjce.exe
  C:\Windows\System\bGlFjce.exe
  2⤵
  PID:3552
- C:\Windows\System\ZWORhWi.exe
  C:\Windows\System\ZWORhWi.exe
  2⤵
  PID:3628
- C:\Windows\System\reDVgvA.exe
  C:\Windows\System\reDVgvA.exe
  2⤵
  PID:3664
- C:\Windows\System\yaGwSYT.exe
  C:\Windows\System\yaGwSYT.exe
  2⤵
  PID:3700
- C:\Windows\System\BmnbEIA.exe
  C:\Windows\System\BmnbEIA.exe
  2⤵
  PID:3712
- C:\Windows\System\HPlqjOf.exe
  C:\Windows\System\HPlqjOf.exe
  2⤵
  PID:3764
- C:\Windows\System\GMfjAsy.exe
  C:\Windows\System\GMfjAsy.exe
  2⤵
  PID:3776
- C:\Windows\System\EkgIOtA.exe
  C:\Windows\System\EkgIOtA.exe
  2⤵
  PID:3828
- C:\Windows\System\SKOgLej.exe
  C:\Windows\System\SKOgLej.exe
  2⤵
  PID:3856
- C:\Windows\System\jGvzYmV.exe
  C:\Windows\System\jGvzYmV.exe
  2⤵
  PID:3876
- C:\Windows\System\bgSqiej.exe
  C:\Windows\System\bgSqiej.exe
  2⤵
  PID:3952
- C:\Windows\System\nwTxGcC.exe
  C:\Windows\System\nwTxGcC.exe
  2⤵
  PID:3984
- C:\Windows\System\ilHfWYY.exe
  C:\Windows\System\ilHfWYY.exe
  2⤵
  PID:3972
- C:\Windows\System\jdYAYJL.exe
  C:\Windows\System\jdYAYJL.exe
  2⤵
  PID:4020
- C:\Windows\System\HrYrycS.exe
  C:\Windows\System\HrYrycS.exe
  2⤵
  PID:1268
- C:\Windows\System\OldxONN.exe
  C:\Windows\System\OldxONN.exe
  2⤵
  PID:4068
- C:\Windows\System\Hhxtieu.exe
  C:\Windows\System\Hhxtieu.exe
  2⤵
  PID:1660
- C:\Windows\System\USQwghM.exe
  C:\Windows\System\USQwghM.exe
  2⤵
  PID:3992
- C:\Windows\System\RZovchB.exe
  C:\Windows\System\RZovchB.exe
  2⤵
  PID:628
- C:\Windows\System\OSJSFeh.exe
  C:\Windows\System\OSJSFeh.exe
  2⤵
  PID:2508
- C:\Windows\System\PTYrTIJ.exe
  C:\Windows\System\PTYrTIJ.exe
  2⤵
  PID:1844
- C:\Windows\System\ZUuJJZA.exe
  C:\Windows\System\ZUuJJZA.exe
  2⤵
  PID:2956
- C:\Windows\System\rLKFRfT.exe
  C:\Windows\System\rLKFRfT.exe
  2⤵
  PID:3224
- C:\Windows\System\nQSIgmC.exe
  C:\Windows\System\nQSIgmC.exe
  2⤵
  PID:2656
- C:\Windows\System\tvVNknS.exe
  C:\Windows\System\tvVNknS.exe
  2⤵
  PID:3344
- C:\Windows\System\pPNxhXq.exe
  C:\Windows\System\pPNxhXq.exe
  2⤵
  PID:2080
- C:\Windows\System\XBKvodm.exe
  C:\Windows\System\XBKvodm.exe
  2⤵
  PID:3388
- C:\Windows\System\TJZkiOM.exe
  C:\Windows\System\TJZkiOM.exe
  2⤵
  PID:3456
- C:\Windows\System\nVdEggv.exe
  C:\Windows\System\nVdEggv.exe
  2⤵
  PID:3504
- C:\Windows\System\BGKjGgW.exe
  C:\Windows\System\BGKjGgW.exe
  2⤵
  PID:2644
- C:\Windows\System\LarWxKV.exe
  C:\Windows\System\LarWxKV.exe
  2⤵
  PID:3596
- C:\Windows\System\bneJWjJ.exe
  C:\Windows\System\bneJWjJ.exe
  2⤵
  PID:3616
- C:\Windows\System\eHvnjUf.exe
  C:\Windows\System\eHvnjUf.exe
  2⤵
  PID:3644
- C:\Windows\System\BfcbcUM.exe
  C:\Windows\System\BfcbcUM.exe
  2⤵
  PID:3748
- C:\Windows\System\mQIngpJ.exe
  C:\Windows\System\mQIngpJ.exe
  2⤵
  PID:3812
- C:\Windows\System\ivWxoxk.exe
  C:\Windows\System\ivWxoxk.exe
  2⤵
  PID:3920
- C:\Windows\System\EsITJtA.exe
  C:\Windows\System\EsITJtA.exe
  2⤵
  PID:3956
- C:\Windows\System\BWfxiSI.exe
  C:\Windows\System\BWfxiSI.exe
  2⤵
  PID:836
- C:\Windows\System\MAftAJx.exe
  C:\Windows\System\MAftAJx.exe
  2⤵
  PID:4040
- C:\Windows\System\JuOJbMT.exe
  C:\Windows\System\JuOJbMT.exe
  2⤵
  PID:1044
- C:\Windows\System\RDUYXUU.exe
  C:\Windows\System\RDUYXUU.exe
  2⤵
  PID:2860
- C:\Windows\System\KePyHEP.exe
  C:\Windows\System\KePyHEP.exe
  2⤵
  PID:2052
- C:\Windows\System\ESNAsPf.exe
  C:\Windows\System\ESNAsPf.exe
  2⤵
  PID:3244
- C:\Windows\System\jrhgGME.exe
  C:\Windows\System\jrhgGME.exe
  2⤵
  PID:3228
- C:\Windows\System\gmopLQv.exe
  C:\Windows\System\gmopLQv.exe
  2⤵
  PID:1484
- C:\Windows\System\uhrTsMa.exe
  C:\Windows\System\uhrTsMa.exe
  2⤵
  PID:3520
- C:\Windows\System\jUGAyrR.exe
  C:\Windows\System\jUGAyrR.exe
  2⤵
  PID:3612
- C:\Windows\System\aMIzaEk.exe
  C:\Windows\System\aMIzaEk.exe
  2⤵
  PID:3716
- C:\Windows\System\fPyYZUz.exe
  C:\Windows\System\fPyYZUz.exe
  2⤵
  PID:3888
- C:\Windows\System\TrZULxd.exe
  C:\Windows\System\TrZULxd.exe
  2⤵
  PID:3988
- C:\Windows\System\NeFJYwW.exe
  C:\Windows\System\NeFJYwW.exe
  2⤵
  PID:4072
- C:\Windows\System\bOMVvzx.exe
  C:\Windows\System\bOMVvzx.exe
  2⤵
  PID:4112
- C:\Windows\System\KZehbaa.exe
  C:\Windows\System\KZehbaa.exe
  2⤵
  PID:4128
- C:\Windows\System\fQKVnaE.exe
  C:\Windows\System\fQKVnaE.exe
  2⤵
  PID:4144
- C:\Windows\System\flFQdyM.exe
  C:\Windows\System\flFQdyM.exe
  2⤵
  PID:4160
- C:\Windows\System\wFTlNKY.exe
  C:\Windows\System\wFTlNKY.exe
  2⤵
  PID:4176
- C:\Windows\System\MyCtuVG.exe
  C:\Windows\System\MyCtuVG.exe
  2⤵
  PID:4192
- C:\Windows\System\fpocckD.exe
  C:\Windows\System\fpocckD.exe
  2⤵
  PID:4212
- C:\Windows\System\occmgPN.exe
  C:\Windows\System\occmgPN.exe
  2⤵
  PID:4228
- C:\Windows\System\vEghpnP.exe
  C:\Windows\System\vEghpnP.exe
  2⤵
  PID:4244
- C:\Windows\System\PFIgRwA.exe
  C:\Windows\System\PFIgRwA.exe
  2⤵
  PID:4260
- C:\Windows\System\yStuhMR.exe
  C:\Windows\System\yStuhMR.exe
  2⤵
  PID:4276
- C:\Windows\System\OHEydKj.exe
  C:\Windows\System\OHEydKj.exe
  2⤵
  PID:4468
- C:\Windows\System\oUIFNJn.exe
  C:\Windows\System\oUIFNJn.exe
  2⤵
  PID:4488
- C:\Windows\System\laWLZIb.exe
  C:\Windows\System\laWLZIb.exe
  2⤵
  PID:4504
- C:\Windows\System\WrbwLAI.exe
  C:\Windows\System\WrbwLAI.exe
  2⤵
  PID:4520
- C:\Windows\System\IKVTVqb.exe
  C:\Windows\System\IKVTVqb.exe
  2⤵
  PID:4536
- C:\Windows\System\txDXzQc.exe
  C:\Windows\System\txDXzQc.exe
  2⤵
  PID:4552
- C:\Windows\System\TFdieTa.exe
  C:\Windows\System\TFdieTa.exe
  2⤵
  PID:4568
- C:\Windows\System\upAZpcl.exe
  C:\Windows\System\upAZpcl.exe
  2⤵
  PID:4584
- C:\Windows\System\fkWQuRy.exe
  C:\Windows\System\fkWQuRy.exe
  2⤵
  PID:4600
- C:\Windows\System\fnIWPxx.exe
  C:\Windows\System\fnIWPxx.exe
  2⤵
  PID:4616
- C:\Windows\System\DcPiyWf.exe
  C:\Windows\System\DcPiyWf.exe
  2⤵
  PID:4636
- C:\Windows\System\pgwMxKq.exe
  C:\Windows\System\pgwMxKq.exe
  2⤵
  PID:4652
- C:\Windows\System\LSDYLEh.exe
  C:\Windows\System\LSDYLEh.exe
  2⤵
  PID:4668
- C:\Windows\System\EzqFYOF.exe
  C:\Windows\System\EzqFYOF.exe
  2⤵
  PID:4684
- C:\Windows\System\VYVuvIa.exe
  C:\Windows\System\VYVuvIa.exe
  2⤵
  PID:4700
- C:\Windows\System\XQBdJYk.exe
  C:\Windows\System\XQBdJYk.exe
  2⤵
  PID:4716
- C:\Windows\System\yToHNFP.exe
  C:\Windows\System\yToHNFP.exe
  2⤵
  PID:4732
- C:\Windows\System\BcaSWCP.exe
  C:\Windows\System\BcaSWCP.exe
  2⤵
  PID:4748
- C:\Windows\System\RhSMghQ.exe
  C:\Windows\System\RhSMghQ.exe
  2⤵
  PID:4928
- C:\Windows\System\kdJmOUy.exe
  C:\Windows\System\kdJmOUy.exe
  2⤵
  PID:4944
- C:\Windows\System\vTInuES.exe
  C:\Windows\System\vTInuES.exe
  2⤵
  PID:4968
- C:\Windows\System\eVJpEpp.exe
  C:\Windows\System\eVJpEpp.exe
  2⤵
  PID:4984
- C:\Windows\System\PAePUmb.exe
  C:\Windows\System\PAePUmb.exe
  2⤵
  PID:5000
- C:\Windows\System\OJMvpQm.exe
  C:\Windows\System\OJMvpQm.exe
  2⤵
  PID:5016
- C:\Windows\System\OqlZWvC.exe
  C:\Windows\System\OqlZWvC.exe
  2⤵
  PID:5032
- C:\Windows\System\dHOjltb.exe
  C:\Windows\System\dHOjltb.exe
  2⤵
  PID:5052
- C:\Windows\System\QBtsSVi.exe
  C:\Windows\System\QBtsSVi.exe
  2⤵
  PID:5068
- C:\Windows\System\ReVdVTX.exe
  C:\Windows\System\ReVdVTX.exe
  2⤵
  PID:5084
- C:\Windows\System\kCiQHYI.exe
  C:\Windows\System\kCiQHYI.exe
  2⤵
  PID:5100
- C:\Windows\System\OSLOXNP.exe
  C:\Windows\System\OSLOXNP.exe
  2⤵
  PID:5116
- C:\Windows\System\bhJYfPc.exe
  C:\Windows\System\bhJYfPc.exe
  2⤵
  PID:3340
- C:\Windows\System\Gzxegcp.exe
  C:\Windows\System\Gzxegcp.exe
  2⤵
  PID:3728
- C:\Windows\System\VAbRvor.exe
  C:\Windows\System\VAbRvor.exe
  2⤵
  PID:4004
- C:\Windows\System\dHwzuIw.exe
  C:\Windows\System\dHwzuIw.exe
  2⤵
  PID:4480
- C:\Windows\System\pmQdPQA.exe
  C:\Windows\System\pmQdPQA.exe
  2⤵
  PID:4580
- C:\Windows\System\jGYGDVV.exe
  C:\Windows\System\jGYGDVV.exe
  2⤵
  PID:4648
- C:\Windows\System\TmMglWz.exe
  C:\Windows\System\TmMglWz.exe
  2⤵
  PID:1656
- C:\Windows\System\pNOYWRi.exe
  C:\Windows\System\pNOYWRi.exe
  2⤵
  PID:4740
- C:\Windows\System\ZcrbbuU.exe
  C:\Windows\System\ZcrbbuU.exe
  2⤵
  PID:2936
- C:\Windows\System\eRygTgj.exe
  C:\Windows\System\eRygTgj.exe
  2⤵
  PID:4220
- C:\Windows\System\rWEESgP.exe
  C:\Windows\System\rWEESgP.exe
  2⤵
  PID:4256
- C:\Windows\System\nnozJXr.exe
  C:\Windows\System\nnozJXr.exe
  2⤵
  PID:4300
- C:\Windows\System\NbXOqvT.exe
  C:\Windows\System\NbXOqvT.exe
  2⤵
  PID:4316
- C:\Windows\System\OAVBfKq.exe
  C:\Windows\System\OAVBfKq.exe
  2⤵
  PID:4332
- C:\Windows\System\dwmuoFO.exe
  C:\Windows\System\dwmuoFO.exe
  2⤵
  PID:4348
- C:\Windows\System\qcxqjgl.exe
  C:\Windows\System\qcxqjgl.exe
  2⤵
  PID:4364
- C:\Windows\System\MIVcSkt.exe
  C:\Windows\System\MIVcSkt.exe
  2⤵
  PID:4376
- C:\Windows\System\yexblmZ.exe
  C:\Windows\System\yexblmZ.exe
  2⤵
  PID:4396
- C:\Windows\System\urFkKfZ.exe
  C:\Windows\System\urFkKfZ.exe
  2⤵
  PID:4420
- C:\Windows\System\TflMgzD.exe
  C:\Windows\System\TflMgzD.exe
  2⤵
  PID:4436
- C:\Windows\System\KsnPNQx.exe
  C:\Windows\System\KsnPNQx.exe
  2⤵
  PID:4456
- C:\Windows\System\nJVKuDn.exe
  C:\Windows\System\nJVKuDn.exe
  2⤵
  PID:4756
- C:\Windows\System\nuXkSOa.exe
  C:\Windows\System\nuXkSOa.exe
  2⤵
  PID:4772
- C:\Windows\System\fJCAnSl.exe
  C:\Windows\System\fJCAnSl.exe
  2⤵
  PID:4788
- C:\Windows\System\IDAXnqe.exe
  C:\Windows\System\IDAXnqe.exe
  2⤵
  PID:780
- C:\Windows\System\JtAfVSS.exe
  C:\Windows\System\JtAfVSS.exe
  2⤵
  PID:2788
- C:\Windows\System\JBhMeVu.exe
  C:\Windows\System\JBhMeVu.exe
  2⤵
  PID:4728
- C:\Windows\System\pGtWJfU.exe
  C:\Windows\System\pGtWJfU.exe
  2⤵
  PID:4664
- C:\Windows\System\OiMeoOa.exe
  C:\Windows\System\OiMeoOa.exe
  2⤵
  PID:4596
- C:\Windows\System\VxZRjeO.exe
  C:\Windows\System\VxZRjeO.exe
  2⤵
  PID:4532
- C:\Windows\System\vZYfiDX.exe
  C:\Windows\System\vZYfiDX.exe
  2⤵
  PID:1288
- C:\Windows\System\NrPpczM.exe
  C:\Windows\System\NrPpczM.exe
  2⤵
  PID:2588
- C:\Windows\System\ncXDikN.exe
  C:\Windows\System\ncXDikN.exe
  2⤵
  PID:588
- C:\Windows\System\qpacsjO.exe
  C:\Windows\System\qpacsjO.exe
  2⤵
  PID:1908
- C:\Windows\System\IkQEFQo.exe
  C:\Windows\System\IkQEFQo.exe
  2⤵
  PID:2120
- C:\Windows\System\MwCHjPA.exe
  C:\Windows\System\MwCHjPA.exe
  2⤵
  PID:4820
- C:\Windows\System\xxrqTtg.exe
  C:\Windows\System\xxrqTtg.exe
  2⤵
  PID:4864
- C:\Windows\System\QBqvcxx.exe
  C:\Windows\System\QBqvcxx.exe
  2⤵
  PID:1720
- C:\Windows\System\EjPyyes.exe
  C:\Windows\System\EjPyyes.exe
  2⤵
  PID:2496
- C:\Windows\System\dxCofcN.exe
  C:\Windows\System\dxCofcN.exe
  2⤵
  PID:2000
- C:\Windows\System\pCFAzqs.exe
  C:\Windows\System\pCFAzqs.exe
  2⤵
  PID:4844
- C:\Windows\System\AknsQLx.exe
  C:\Windows\System\AknsQLx.exe
  2⤵
  PID:4868
- C:\Windows\System\lMcNQyi.exe
  C:\Windows\System\lMcNQyi.exe
  2⤵
  PID:4908
- C:\Windows\System\cLAWBDk.exe
  C:\Windows\System\cLAWBDk.exe
  2⤵
  PID:4916
- C:\Windows\System\CCvCWnI.exe
  C:\Windows\System\CCvCWnI.exe
  2⤵
  PID:3068
- C:\Windows\System\zruBdfD.exe
  C:\Windows\System\zruBdfD.exe
  2⤵
  PID:4936
- C:\Windows\System\BsfTtXd.exe
  C:\Windows\System\BsfTtXd.exe
  2⤵
  PID:4996
- C:\Windows\System\utCgkhL.exe
  C:\Windows\System\utCgkhL.exe
  2⤵
  PID:5012
- C:\Windows\System\hFcEbMk.exe
  C:\Windows\System\hFcEbMk.exe
  2⤵
  PID:5044
- C:\Windows\System\SHdMDhV.exe
  C:\Windows\System\SHdMDhV.exe
  2⤵
  PID:5076
- C:\Windows\System\VoWWiWL.exe
  C:\Windows\System\VoWWiWL.exe
  2⤵
  PID:3968
- C:\Windows\System\fjjjOpb.exe
  C:\Windows\System\fjjjOpb.exe
  2⤵
  PID:3192
- C:\Windows\System\xSgwGWj.exe
  C:\Windows\System\xSgwGWj.exe
  2⤵
  PID:2812
- C:\Windows\System\ZekcWqQ.exe
  C:\Windows\System\ZekcWqQ.exe
  2⤵
  PID:3600
- C:\Windows\System\YlYslZK.exe
  C:\Windows\System\YlYslZK.exe
  2⤵
  PID:4088
- C:\Windows\System\HODwtwl.exe
  C:\Windows\System\HODwtwl.exe
  2⤵
  PID:4120
- C:\Windows\System\LqlrjVY.exe
  C:\Windows\System\LqlrjVY.exe
  2⤵
  PID:4172
- C:\Windows\System\tHWKOoJ.exe
  C:\Windows\System\tHWKOoJ.exe
  2⤵
  PID:4240
- C:\Windows\System\SuWvOMK.exe
  C:\Windows\System\SuWvOMK.exe
  2⤵
  PID:4124
- C:\Windows\System\xiiDSmK.exe
  C:\Windows\System\xiiDSmK.exe
  2⤵
  PID:4188
- C:\Windows\System\WbCEcpx.exe
  C:\Windows\System\WbCEcpx.exe
  2⤵
  PID:4516
- C:\Windows\System\WMPXXwv.exe
  C:\Windows\System\WMPXXwv.exe
  2⤵
  PID:2008
- C:\Windows\System\gfNjbJf.exe
  C:\Windows\System\gfNjbJf.exe
  2⤵
  PID:4612
- C:\Windows\System\eFzCafZ.exe
  C:\Windows\System\eFzCafZ.exe
  2⤵
  PID:1588
- C:\Windows\System\oSnntut.exe
  C:\Windows\System\oSnntut.exe
  2⤵
  PID:4308
- C:\Windows\System\WIDTQqt.exe
  C:\Windows\System\WIDTQqt.exe
  2⤵
  PID:4292
- C:\Windows\System\MQlPQaE.exe
  C:\Windows\System\MQlPQaE.exe
  2⤵
  PID:4380
- C:\Windows\System\TPSCmnq.exe
  C:\Windows\System\TPSCmnq.exe
  2⤵
  PID:4392
- C:\Windows\System\GyMxEfP.exe
  C:\Windows\System\GyMxEfP.exe
  2⤵
  PID:968
- C:\Windows\System\JviIdDW.exe
  C:\Windows\System\JviIdDW.exe
  2⤵
  PID:924
- C:\Windows\System\ukrdnyf.exe
  C:\Windows\System\ukrdnyf.exe
  2⤵
  PID:4764
- C:\Windows\System\tdwVDlL.exe
  C:\Windows\System\tdwVDlL.exe
  2⤵
  PID:1852
- C:\Windows\System\xCHnHfI.exe
  C:\Windows\System\xCHnHfI.exe
  2⤵
  PID:4624
- C:\Windows\System\VvYQIoj.exe
  C:\Windows\System\VvYQIoj.exe
  2⤵
  PID:4632
- C:\Windows\System\zGyCnjw.exe
  C:\Windows\System\zGyCnjw.exe
  2⤵
  PID:4848
- C:\Windows\System\sJahLkJ.exe
  C:\Windows\System\sJahLkJ.exe
  2⤵
  PID:4808
- C:\Windows\System\MDFgyzD.exe
  C:\Windows\System\MDFgyzD.exe
  2⤵
  PID:4560
- C:\Windows\System\fpsrmAN.exe
  C:\Windows\System\fpsrmAN.exe
  2⤵
  PID:1168
- C:\Windows\System\NquGcmS.exe
  C:\Windows\System\NquGcmS.exe
  2⤵
  PID:2232
- C:\Windows\System\yLpPLth.exe
  C:\Windows\System\yLpPLth.exe
  2⤵
  PID:4888
- C:\Windows\System\AsztLoH.exe
  C:\Windows\System\AsztLoH.exe
  2⤵
  PID:4892
- C:\Windows\System\UHIgQqN.exe
  C:\Windows\System\UHIgQqN.exe
  2⤵
  PID:4956
- C:\Windows\System\mHmvtEV.exe
  C:\Windows\System\mHmvtEV.exe
  2⤵
  PID:3012
- C:\Windows\System\CWVTbvf.exe
  C:\Windows\System\CWVTbvf.exe
  2⤵
  PID:5028
- C:\Windows\System\DAJMyrF.exe
  C:\Windows\System\DAJMyrF.exe
  2⤵
  PID:4952
- C:\Windows\System\VMLYISx.exe
  C:\Windows\System\VMLYISx.exe
  2⤵
  PID:1704
- C:\Windows\System\rvUAJSI.exe
  C:\Windows\System\rvUAJSI.exe
  2⤵
  PID:5112
- C:\Windows\System\IZHKCBl.exe
  C:\Windows\System\IZHKCBl.exe
  2⤵
  PID:4108
- C:\Windows\System\vaAsNja.exe
  C:\Windows\System\vaAsNja.exe
  2⤵
  PID:4140
- C:\Windows\System\SSlyQUa.exe
  C:\Windows\System\SSlyQUa.exe
  2⤵
  PID:2964
- C:\Windows\System\zWrYlZn.exe
  C:\Windows\System\zWrYlZn.exe
  2⤵
  PID:1724
- C:\Windows\System\MjbhCHi.exe
  C:\Windows\System\MjbhCHi.exe
  2⤵
  PID:4184
- C:\Windows\System\MaeRzpX.exe
  C:\Windows\System\MaeRzpX.exe
  2⤵
  PID:4404
- C:\Windows\System\MDXVZIs.exe
  C:\Windows\System\MDXVZIs.exe
  2⤵
  PID:4208
- C:\Windows\System\oGLSQZD.exe
  C:\Windows\System\oGLSQZD.exe
  2⤵
  PID:4288
- C:\Windows\System\TvLLPAg.exe
  C:\Windows\System\TvLLPAg.exe
  2⤵
  PID:928
- C:\Windows\System\Nowuhfu.exe
  C:\Windows\System\Nowuhfu.exe
  2⤵
  PID:4496
- C:\Windows\System\dQGHnYt.exe
  C:\Windows\System\dQGHnYt.exe
  2⤵
  PID:4464
- C:\Windows\System\jzZafmJ.exe
  C:\Windows\System\jzZafmJ.exe
  2⤵
  PID:4692
- C:\Windows\System\agTDeTK.exe
  C:\Windows\System\agTDeTK.exe
  2⤵
  PID:4824
- C:\Windows\System\wUrquNo.exe
  C:\Windows\System\wUrquNo.exe
  2⤵
  PID:5096
- C:\Windows\System\yhTNvzF.exe
  C:\Windows\System\yhTNvzF.exe
  2⤵
  PID:4840
- C:\Windows\System\LrgGsdr.exe
  C:\Windows\System\LrgGsdr.exe
  2⤵
  PID:4912
- C:\Windows\System\tMPFdse.exe
  C:\Windows\System\tMPFdse.exe
  2⤵
  PID:4980
- C:\Windows\System\VRWhqxl.exe
  C:\Windows\System\VRWhqxl.exe
  2⤵
  PID:4104
- C:\Windows\System\gqFRHAa.exe
  C:\Windows\System\gqFRHAa.exe
  2⤵
  PID:4328
- C:\Windows\System\bBTZjzx.exe
  C:\Windows\System\bBTZjzx.exe
  2⤵
  PID:4340
- C:\Windows\System\xSTbDDh.exe
  C:\Windows\System\xSTbDDh.exe
  2⤵
  PID:4236
- C:\Windows\System\xpDLibA.exe
  C:\Windows\System\xpDLibA.exe
  2⤵
  PID:4360
- C:\Windows\System\KRaoDHL.exe
  C:\Windows\System\KRaoDHL.exe
  2⤵
  PID:4500
- C:\Windows\System\RKzDDxC.exe
  C:\Windows\System\RKzDDxC.exe
  2⤵
  PID:2356
- C:\Windows\System\cVQqjjN.exe
  C:\Windows\System\cVQqjjN.exe
  2⤵
  PID:4896
- C:\Windows\System\pEJZOkK.exe
  C:\Windows\System\pEJZOkK.exe
  2⤵
  PID:4876
- C:\Windows\System\wSFfyAt.exe
  C:\Windows\System\wSFfyAt.exe
  2⤵
  PID:5064
- C:\Windows\System\uAtdOKn.exe
  C:\Windows\System\uAtdOKn.exe
  2⤵
  PID:3472
- C:\Windows\System\vCnaOjQ.exe
  C:\Windows\System\vCnaOjQ.exe
  2⤵
  PID:768
- C:\Windows\System\QCdlZxY.exe
  C:\Windows\System\QCdlZxY.exe
  2⤵
  PID:5128
- C:\Windows\System\KJRtdJx.exe
  C:\Windows\System\KJRtdJx.exe
  2⤵
  PID:5144
- C:\Windows\System\PMDbEAm.exe
  C:\Windows\System\PMDbEAm.exe
  2⤵
  PID:5160
- C:\Windows\System\QtKKlPB.exe
  C:\Windows\System\QtKKlPB.exe
  2⤵
  PID:5176
- C:\Windows\System\xfNqFIC.exe
  C:\Windows\System\xfNqFIC.exe
  2⤵
  PID:5192
- C:\Windows\System\LoPysjS.exe
  C:\Windows\System\LoPysjS.exe
  2⤵
  PID:5208
- C:\Windows\System\vBgkoip.exe
  C:\Windows\System\vBgkoip.exe
  2⤵
  PID:5224
- C:\Windows\System\jxRkfAr.exe
  C:\Windows\System\jxRkfAr.exe
  2⤵
  PID:5240
- C:\Windows\System\jFSZwPQ.exe
  C:\Windows\System\jFSZwPQ.exe
  2⤵
  PID:5256
- C:\Windows\System\LTOcoAs.exe
  C:\Windows\System\LTOcoAs.exe
  2⤵
  PID:5272
- C:\Windows\System\aYIWjkg.exe
  C:\Windows\System\aYIWjkg.exe
  2⤵
  PID:5288
- C:\Windows\System\XHQOHOD.exe
  C:\Windows\System\XHQOHOD.exe
  2⤵
  PID:5304
- C:\Windows\System\GWWVVRl.exe
  C:\Windows\System\GWWVVRl.exe
  2⤵
  PID:5320
- C:\Windows\System\khFRfVr.exe
  C:\Windows\System\khFRfVr.exe
  2⤵
  PID:5336
- C:\Windows\System\rqFAnfd.exe
  C:\Windows\System\rqFAnfd.exe
  2⤵
  PID:5352
- C:\Windows\System\mbzSLLp.exe
  C:\Windows\System\mbzSLLp.exe
  2⤵
  PID:5368
- C:\Windows\System\LNMltgz.exe
  C:\Windows\System\LNMltgz.exe
  2⤵
  PID:5384
- C:\Windows\System\LPBmeZi.exe
  C:\Windows\System\LPBmeZi.exe
  2⤵
  PID:5400
- C:\Windows\System\wjOcJXs.exe
  C:\Windows\System\wjOcJXs.exe
  2⤵
  PID:5416
- C:\Windows\System\iLsmjVP.exe
  C:\Windows\System\iLsmjVP.exe
  2⤵
  PID:5764
- C:\Windows\System\vCRFFAT.exe
  C:\Windows\System\vCRFFAT.exe
  2⤵
  PID:5784
- C:\Windows\System\OJGGSfK.exe
  C:\Windows\System\OJGGSfK.exe
  2⤵
  PID:5824
- C:\Windows\System\kYifqaB.exe
  C:\Windows\System\kYifqaB.exe
  2⤵
  PID:5856
- C:\Windows\System\HWDlRMo.exe
  C:\Windows\System\HWDlRMo.exe
  2⤵
  PID:5884
- C:\Windows\System\dDjbCOe.exe
  C:\Windows\System\dDjbCOe.exe
  2⤵
  PID:5908
- C:\Windows\System\JgwkYrj.exe
  C:\Windows\System\JgwkYrj.exe
  2⤵
  PID:5932
- C:\Windows\System\XMSyQBt.exe
  C:\Windows\System\XMSyQBt.exe
  2⤵
  PID:6064
- C:\Windows\System\HYIONBR.exe
  C:\Windows\System\HYIONBR.exe
  2⤵
  PID:6080
- C:\Windows\System\FqvqfIk.exe
  C:\Windows\System\FqvqfIk.exe
  2⤵
  PID:6096
- C:\Windows\System\VFZebog.exe
  C:\Windows\System\VFZebog.exe
  2⤵
  PID:6112
- C:\Windows\System\LyYUqNJ.exe
  C:\Windows\System\LyYUqNJ.exe
  2⤵
  PID:6128
- C:\Windows\System\rlpyGJO.exe
  C:\Windows\System\rlpyGJO.exe
  2⤵
  PID:2104
- C:\Windows\System\vBZiPvX.exe
  C:\Windows\System\vBZiPvX.exe
  2⤵
  PID:4272
- C:\Windows\System\WijMEZW.exe
  C:\Windows\System\WijMEZW.exe
  2⤵
  PID:5380
- C:\Windows\System\aDmJJQw.exe
  C:\Windows\System\aDmJJQw.exe
  2⤵
  PID:5296
- C:\Windows\System\WjpTPVN.exe
  C:\Windows\System\WjpTPVN.exe
  2⤵
  PID:5548
- C:\Windows\System\fcNVmoR.exe
  C:\Windows\System\fcNVmoR.exe
  2⤵
  PID:5584
- C:\Windows\System\pQCzwXw.exe
  C:\Windows\System\pQCzwXw.exe
  2⤵
  PID:5604
- C:\Windows\System\GGCPLEM.exe
  C:\Windows\System\GGCPLEM.exe
  2⤵
  PID:5620
- C:\Windows\System\eJMVUli.exe
  C:\Windows\System\eJMVUli.exe
  2⤵
  PID:5636
- C:\Windows\System\sbMgLfN.exe
  C:\Windows\System\sbMgLfN.exe
  2⤵
  PID:5652
- C:\Windows\System\AQzUpDG.exe
  C:\Windows\System\AQzUpDG.exe
  2⤵
  PID:5668
- C:\Windows\System\YniqmZR.exe
  C:\Windows\System\YniqmZR.exe
  2⤵
  PID:5684
- C:\Windows\System\uRFQAUD.exe
  C:\Windows\System\uRFQAUD.exe
  2⤵
  PID:5704
- C:\Windows\System\nbGDXSH.exe
  C:\Windows\System\nbGDXSH.exe
  2⤵
  PID:5720
- C:\Windows\System\Kzhoofe.exe
  C:\Windows\System\Kzhoofe.exe
  2⤵
  PID:5736
- C:\Windows\System\XhXqMHK.exe
  C:\Windows\System\XhXqMHK.exe
  2⤵
  PID:5836
- C:\Windows\System\rcoYBJe.exe
  C:\Windows\System\rcoYBJe.exe
  2⤵
  PID:6032
- C:\Windows\System\CMnDejR.exe
  C:\Windows\System\CMnDejR.exe
  2⤵
  PID:5852
- C:\Windows\System\VkxbpsF.exe
  C:\Windows\System\VkxbpsF.exe
  2⤵
  PID:5952
- C:\Windows\System\lEhLPin.exe
  C:\Windows\System\lEhLPin.exe
  2⤵
  PID:5972
- C:\Windows\System\ydKKCQO.exe
  C:\Windows\System\ydKKCQO.exe
  2⤵
  PID:5988
- C:\Windows\System\AeRZswO.exe
  C:\Windows\System\AeRZswO.exe
  2⤵
  PID:6008
- C:\Windows\System\ztbjXIh.exe
  C:\Windows\System\ztbjXIh.exe
  2⤵
  PID:6024
- C:\Windows\System\WETbSUs.exe
  C:\Windows\System\WETbSUs.exe
  2⤵
  PID:6044
- C:\Windows\System\fpmFSyP.exe
  C:\Windows\System\fpmFSyP.exe
  2⤵
  PID:6060
- C:\Windows\System\VPrlPdR.exe
  C:\Windows\System\VPrlPdR.exe
  2⤵
  PID:5428
- C:\Windows\System\aFPjQTL.exe
  C:\Windows\System\aFPjQTL.exe
  2⤵
  PID:5796
- C:\Windows\System\dozcSRR.exe
  C:\Windows\System\dozcSRR.exe
  2⤵
  PID:5812
- C:\Windows\System\jTjvpiX.exe
  C:\Windows\System\jTjvpiX.exe
  2⤵
  PID:5924
- C:\Windows\System\OOgJvpH.exe
  C:\Windows\System\OOgJvpH.exe
  2⤵
  PID:5780
- C:\Windows\System\giZcyuq.exe
  C:\Windows\System\giZcyuq.exe
  2⤵
  PID:5872
- C:\Windows\System\iCeusUm.exe
  C:\Windows\System\iCeusUm.exe
  2⤵
  PID:5928
- C:\Windows\System\ulvKMOf.exe
  C:\Windows\System\ulvKMOf.exe
  2⤵
  PID:6136
- C:\Windows\System\BvifdLu.exe
  C:\Windows\System\BvifdLu.exe
  2⤵
  PID:4372
- C:\Windows\System\RactGgW.exe
  C:\Windows\System\RactGgW.exe
  2⤵
  PID:4680
- C:\Windows\System\xOaOcyB.exe
  C:\Windows\System\xOaOcyB.exe
  2⤵
  PID:5140
- C:\Windows\System\CbjLovA.exe
  C:\Windows\System\CbjLovA.exe
  2⤵
  PID:5216
- C:\Windows\System\KqvotED.exe
  C:\Windows\System\KqvotED.exe
  2⤵
  PID:5252
- C:\Windows\System\oasDyQl.exe
  C:\Windows\System\oasDyQl.exe
  2⤵
  PID:5312
- C:\Windows\System\cygJJXU.exe
  C:\Windows\System\cygJJXU.exe
  2⤵
  PID:5232
- C:\Windows\System\xxonplq.exe
  C:\Windows\System\xxonplq.exe
  2⤵
  PID:5412
- C:\Windows\System\qvpXcgm.exe
  C:\Windows\System\qvpXcgm.exe
  2⤵
  PID:5396
- C:\Windows\System\BFfRwpb.exe
  C:\Windows\System\BFfRwpb.exe
  2⤵
  PID:5452
- C:\Windows\System\TWbzgBa.exe
  C:\Windows\System\TWbzgBa.exe
  2⤵
  PID:5472
- C:\Windows\System\wKvZwEc.exe
  C:\Windows\System\wKvZwEc.exe
  2⤵
  PID:5488
- C:\Windows\System\MociUpa.exe
  C:\Windows\System\MociUpa.exe
  2⤵
  PID:5504
- C:\Windows\System\EWjAsLP.exe
  C:\Windows\System\EWjAsLP.exe
  2⤵
  PID:5520
- C:\Windows\System\zibIhuB.exe
  C:\Windows\System\zibIhuB.exe
  2⤵
  PID:5544
- C:\Windows\System\tsnTEap.exe
  C:\Windows\System\tsnTEap.exe
  2⤵
  PID:5568
- C:\Windows\System\axoTDKl.exe
  C:\Windows\System\axoTDKl.exe
  2⤵
  PID:5536
- C:\Windows\System\PQCXhma.exe
  C:\Windows\System\PQCXhma.exe
  2⤵
  PID:5616
- C:\Windows\System\JFRkcDL.exe
  C:\Windows\System\JFRkcDL.exe
  2⤵
  PID:5528
- C:\Windows\System\HjBdmWj.exe
  C:\Windows\System\HjBdmWj.exe
  2⤵
  PID:5676
- C:\Windows\System\hgJzmFy.exe
  C:\Windows\System\hgJzmFy.exe
  2⤵
  PID:5632
- C:\Windows\System\LskIwTF.exe
  C:\Windows\System\LskIwTF.exe
  2⤵
  PID:5728
- C:\Windows\System\VovQPpt.exe
  C:\Windows\System\VovQPpt.exe
  2⤵
  PID:5732
- C:\Windows\System\hQQFFxF.exe
  C:\Windows\System\hQQFFxF.exe
  2⤵
  PID:5716
- C:\Windows\System\NMgboTd.exe
  C:\Windows\System\NMgboTd.exe
  2⤵
  PID:5840
- C:\Windows\System\XVrxotc.exe
  C:\Windows\System\XVrxotc.exe
  2⤵
  PID:6000
- C:\Windows\System\sOuYJyx.exe
  C:\Windows\System\sOuYJyx.exe
  2⤵
  PID:6016
- C:\Windows\System\FjwdeeM.exe
  C:\Windows\System\FjwdeeM.exe
  2⤵
  PID:6056
- C:\Windows\System\Omdamte.exe
  C:\Windows\System\Omdamte.exe
  2⤵
  PID:4780
- C:\Windows\System\AaTduFo.exe
  C:\Windows\System\AaTduFo.exe
  2⤵
  PID:5916
- C:\Windows\System\QjIhKac.exe
  C:\Windows\System\QjIhKac.exe
  2⤵
  PID:5760
- C:\Windows\System\fFhvlWJ.exe
  C:\Windows\System\fFhvlWJ.exe
  2⤵
  PID:5880
- C:\Windows\System\GViJNJu.exe
  C:\Windows\System\GViJNJu.exe
  2⤵
  PID:5864
- C:\Windows\System\FqIIjTL.exe
  C:\Windows\System\FqIIjTL.exe
  2⤵
  PID:5344
- C:\Windows\System\zkunxtp.exe
  C:\Windows\System\zkunxtp.exe
  2⤵
  PID:5280
- C:\Windows\System\cwBUzoY.exe
  C:\Windows\System\cwBUzoY.exe
  2⤵
  PID:5360
- C:\Windows\System\PwIESCA.exe
  C:\Windows\System\PwIESCA.exe
  2⤵
  PID:5332
- C:\Windows\System\PxPlliP.exe
  C:\Windows\System\PxPlliP.exe
  2⤵
  PID:5204
- C:\Windows\System\dgnlXns.exe
  C:\Windows\System\dgnlXns.exe
  2⤵
  PID:5512
- C:\Windows\System\zatmvtD.exe
  C:\Windows\System\zatmvtD.exe
  2⤵
  PID:5492
- C:\Windows\System\XzNxHOi.exe
  C:\Windows\System\XzNxHOi.exe
  2⤵
  PID:5564
- C:\Windows\System\MaFCopg.exe
  C:\Windows\System\MaFCopg.exe
  2⤵
  PID:5648
- C:\Windows\System\WQMnisQ.exe
  C:\Windows\System\WQMnisQ.exe
  2⤵
  PID:5600
- C:\Windows\System\aiRpXBm.exe
  C:\Windows\System\aiRpXBm.exe
  2⤵
  PID:5772
- C:\Windows\System\RkGozej.exe
  C:\Windows\System\RkGozej.exe
  2⤵
  PID:5776
- C:\Windows\System\mehpooA.exe
  C:\Windows\System\mehpooA.exe
  2⤵
  PID:6004
- C:\Windows\System\wIIaAaC.exe
  C:\Windows\System\wIIaAaC.exe
  2⤵
  PID:5984
- C:\Windows\System\rNhlpFX.exe
  C:\Windows\System\rNhlpFX.exe
  2⤵
  PID:6124
- C:\Windows\System\qQCdiHQ.exe
  C:\Windows\System\qQCdiHQ.exe
  2⤵
  PID:6108
- C:\Windows\System\FgkbqiZ.exe
  C:\Windows\System\FgkbqiZ.exe
  2⤵
  PID:5960
- C:\Windows\System\NgaCmRx.exe
  C:\Windows\System\NgaCmRx.exe
  2⤵
  PID:5376
- C:\Windows\System\DcaxeVW.exe
  C:\Windows\System\DcaxeVW.exe
  2⤵
  PID:5448
- C:\Windows\System\VRtwYzT.exe
  C:\Windows\System\VRtwYzT.exe
  2⤵
  PID:5664
- C:\Windows\System\BrpWwRS.exe
  C:\Windows\System\BrpWwRS.exe
  2⤵
  PID:5644
- C:\Windows\System\GRiNjxC.exe
  C:\Windows\System\GRiNjxC.exe
  2⤵
  PID:5944
- C:\Windows\System\xRJZKKn.exe
  C:\Windows\System\xRJZKKn.exe
  2⤵
  PID:5348
- C:\Windows\System\xdigMlX.exe
  C:\Windows\System\xdigMlX.exe
  2⤵
  PID:5692
- C:\Windows\System\fTvlkED.exe
  C:\Windows\System\fTvlkED.exe
  2⤵
  PID:5500
- C:\Windows\System\jKbmybq.exe
  C:\Windows\System\jKbmybq.exe
  2⤵
  PID:1544
- C:\Windows\System\LTwAtdQ.exe
  C:\Windows\System\LTwAtdQ.exe
  2⤵
  PID:5892
- C:\Windows\System\UtstPFU.exe
  C:\Windows\System\UtstPFU.exe
  2⤵
  PID:5152
- C:\Windows\System\eJQCquh.exe
  C:\Windows\System\eJQCquh.exe
  2⤵
  PID:2252
- C:\Windows\System\oipGyRm.exe
  C:\Windows\System\oipGyRm.exe
  2⤵
  PID:5896
- C:\Windows\System\XcSEGMg.exe
  C:\Windows\System\XcSEGMg.exe
  2⤵
  PID:5756
- C:\Windows\System\lImyJyP.exe
  C:\Windows\System\lImyJyP.exe
  2⤵
  PID:6092
- C:\Windows\System\DZUMLbL.exe
  C:\Windows\System\DZUMLbL.exe
  2⤵
  PID:1524
- C:\Windows\System\CVZHoBt.exe
  C:\Windows\System\CVZHoBt.exe
  2⤵
  PID:6152
- C:\Windows\System\VvVnpyr.exe
  C:\Windows\System\VvVnpyr.exe
  2⤵
  PID:6168
- C:\Windows\System\FjfBcDj.exe
  C:\Windows\System\FjfBcDj.exe
  2⤵
  PID:6184
- C:\Windows\System\nbcNhHR.exe
  C:\Windows\System\nbcNhHR.exe
  2⤵
  PID:6200
- C:\Windows\System\CdSQRku.exe
  C:\Windows\System\CdSQRku.exe
  2⤵
  PID:6232
- C:\Windows\System\tQTScZu.exe
  C:\Windows\System\tQTScZu.exe
  2⤵
  PID:6252
- C:\Windows\System\YOcGBmR.exe
  C:\Windows\System\YOcGBmR.exe
  2⤵
  PID:6268
- C:\Windows\System\gwtdiJD.exe
  C:\Windows\System\gwtdiJD.exe
  2⤵
  PID:6304
- C:\Windows\System\HnpYeBm.exe
  C:\Windows\System\HnpYeBm.exe
  2⤵
  PID:6320
- C:\Windows\System\uYrcrDR.exe
  C:\Windows\System\uYrcrDR.exe
  2⤵
  PID:6336
- C:\Windows\System\XXSKqgt.exe
  C:\Windows\System\XXSKqgt.exe
  2⤵
  PID:6352
- C:\Windows\System\sEMcVEs.exe
  C:\Windows\System\sEMcVEs.exe
  2⤵
  PID:6368
- C:\Windows\System\gxePSMp.exe
  C:\Windows\System\gxePSMp.exe
  2⤵
  PID:6384
- C:\Windows\System\OIcCPQb.exe
  C:\Windows\System\OIcCPQb.exe
  2⤵
  PID:6400
- C:\Windows\System\XEDZebt.exe
  C:\Windows\System\XEDZebt.exe
  2⤵
  PID:6416
- C:\Windows\System\zQcDvkG.exe
  C:\Windows\System\zQcDvkG.exe
  2⤵
  PID:6432
- C:\Windows\System\sYoFUdQ.exe
  C:\Windows\System\sYoFUdQ.exe
  2⤵
  PID:6452
- C:\Windows\System\oFYoLiH.exe
  C:\Windows\System\oFYoLiH.exe
  2⤵
  PID:6468
- C:\Windows\System\UFOwqqt.exe
  C:\Windows\System\UFOwqqt.exe
  2⤵
  PID:6484
- C:\Windows\System\enNUHWT.exe
  C:\Windows\System\enNUHWT.exe
  2⤵
  PID:6500
- C:\Windows\System\TXmHglW.exe
  C:\Windows\System\TXmHglW.exe
  2⤵
  PID:6516
- C:\Windows\System\mBlrBVM.exe
  C:\Windows\System\mBlrBVM.exe
  2⤵
  PID:6532
- C:\Windows\System\QkxVpKr.exe
  C:\Windows\System\QkxVpKr.exe
  2⤵
  PID:6548
- C:\Windows\System\KUnMLQW.exe
  C:\Windows\System\KUnMLQW.exe
  2⤵
  PID:6564
- C:\Windows\System\TtdnLVS.exe
  C:\Windows\System\TtdnLVS.exe
  2⤵
  PID:6580
- C:\Windows\System\bECrNTj.exe
  C:\Windows\System\bECrNTj.exe
  2⤵
  PID:6596
- C:\Windows\System\MdslvNu.exe
  C:\Windows\System\MdslvNu.exe
  2⤵
  PID:6612
- C:\Windows\System\SHIarox.exe
  C:\Windows\System\SHIarox.exe
  2⤵
  PID:6628
- C:\Windows\System\yWtVwbb.exe
  C:\Windows\System\yWtVwbb.exe
  2⤵
  PID:6644
- C:\Windows\System\uAodakP.exe
  C:\Windows\System\uAodakP.exe
  2⤵
  PID:6660
- C:\Windows\System\vSqpcWr.exe
  C:\Windows\System\vSqpcWr.exe
  2⤵
  PID:6676
- C:\Windows\System\YJvqFeb.exe
  C:\Windows\System\YJvqFeb.exe
  2⤵
  PID:6692
- C:\Windows\System\fNHaZPE.exe
  C:\Windows\System\fNHaZPE.exe
  2⤵
  PID:6708
- C:\Windows\System\HfqkiYi.exe
  C:\Windows\System\HfqkiYi.exe
  2⤵
  PID:6724
- C:\Windows\System\AyxDQDO.exe
  C:\Windows\System\AyxDQDO.exe
  2⤵
  PID:6740
- C:\Windows\System\QLvXKSw.exe
  C:\Windows\System\QLvXKSw.exe
  2⤵
  PID:6756
- C:\Windows\System\BYxuOrE.exe
  C:\Windows\System\BYxuOrE.exe
  2⤵
  PID:6772
- C:\Windows\System\ecZIqHO.exe
  C:\Windows\System\ecZIqHO.exe
  2⤵
  PID:6788
- C:\Windows\System\gcanYMn.exe
  C:\Windows\System\gcanYMn.exe
  2⤵
  PID:6804
- C:\Windows\System\xjkkCcd.exe
  C:\Windows\System\xjkkCcd.exe
  2⤵
  PID:6820
- C:\Windows\System\bqmtGYt.exe
  C:\Windows\System\bqmtGYt.exe
  2⤵
  PID:6836
- C:\Windows\System\axOpKGF.exe
  C:\Windows\System\axOpKGF.exe
  2⤵
  PID:6852
- C:\Windows\System\sXAoWdu.exe
  C:\Windows\System\sXAoWdu.exe
  2⤵
  PID:6868
- C:\Windows\System\NmgQqjU.exe
  C:\Windows\System\NmgQqjU.exe
  2⤵
  PID:6884
- C:\Windows\System\hRaBGgi.exe
  C:\Windows\System\hRaBGgi.exe
  2⤵
  PID:6900
- C:\Windows\System\VdVNxru.exe
  C:\Windows\System\VdVNxru.exe
  2⤵
  PID:6916
- C:\Windows\System\hXVwTNY.exe
  C:\Windows\System\hXVwTNY.exe
  2⤵
  PID:6932
- C:\Windows\System\pHuyZAh.exe
  C:\Windows\System\pHuyZAh.exe
  2⤵
  PID:6948
- C:\Windows\System\fBShKug.exe
  C:\Windows\System\fBShKug.exe
  2⤵
  PID:6964
- C:\Windows\System\aeHfsiK.exe
  C:\Windows\System\aeHfsiK.exe
  2⤵
  PID:6984
- C:\Windows\System\OjjHPDr.exe
  C:\Windows\System\OjjHPDr.exe
  2⤵
  PID:7000
- C:\Windows\System\lOOmJZo.exe
  C:\Windows\System\lOOmJZo.exe
  2⤵
  PID:7016
- C:\Windows\System\eRFCCLQ.exe
  C:\Windows\System\eRFCCLQ.exe
  2⤵
  PID:7032
- C:\Windows\System\wRrhKVU.exe
  C:\Windows\System\wRrhKVU.exe
  2⤵
  PID:7048
- C:\Windows\System\LgpkzHQ.exe
  C:\Windows\System\LgpkzHQ.exe
  2⤵
  PID:7064
- C:\Windows\System\gIHuihG.exe
  C:\Windows\System\gIHuihG.exe
  2⤵
  PID:7080
- C:\Windows\System\ctyiCXQ.exe
  C:\Windows\System\ctyiCXQ.exe
  2⤵
  PID:7096
- C:\Windows\System\QxrDkEF.exe
  C:\Windows\System\QxrDkEF.exe
  2⤵
  PID:7112
- C:\Windows\System\CiKvKyx.exe
  C:\Windows\System\CiKvKyx.exe
  2⤵
  PID:7128
- C:\Windows\System\MRTxSjB.exe
  C:\Windows\System\MRTxSjB.exe
  2⤵
  PID:7144
- C:\Windows\System\OkVadSQ.exe
  C:\Windows\System\OkVadSQ.exe
  2⤵
  PID:7160
- C:\Windows\System\LMxGkwy.exe
  C:\Windows\System\LMxGkwy.exe
  2⤵
  PID:6040
- C:\Windows\System\TkyfuAk.exe
  C:\Windows\System\TkyfuAk.exe
  2⤵
  PID:6148
- C:\Windows\System\jiyKtuH.exe
  C:\Windows\System\jiyKtuH.exe
  2⤵
  PID:4904
- C:\Windows\System\JjXRVLD.exe
  C:\Windows\System\JjXRVLD.exe
  2⤵
  PID:5480
- C:\Windows\System\AESaZOi.exe
  C:\Windows\System\AESaZOi.exe
  2⤵
  PID:6208
- C:\Windows\System\UWtleOY.exe
  C:\Windows\System\UWtleOY.exe
  2⤵
  PID:5168
- C:\Windows\System\VpQEoRe.exe
  C:\Windows\System\VpQEoRe.exe
  2⤵
  PID:6228
- C:\Windows\System\YylPLOY.exe
  C:\Windows\System\YylPLOY.exe
  2⤵
  PID:6240
- C:\Windows\System\XwNfICI.exe
  C:\Windows\System\XwNfICI.exe
  2⤵
  PID:6316
- C:\Windows\System\hUPTiHd.exe
  C:\Windows\System\hUPTiHd.exe
  2⤵
  PID:6280
- C:\Windows\System\vyicXuS.exe
  C:\Windows\System\vyicXuS.exe
  2⤵
  PID:6296
- C:\Windows\System\dxDHQKc.exe
  C:\Windows\System\dxDHQKc.exe
  2⤵
  PID:6220
- C:\Windows\System\Vghtoqa.exe
  C:\Windows\System\Vghtoqa.exe
  2⤵
  PID:6392
- C:\Windows\System\OCvliwx.exe
  C:\Windows\System\OCvliwx.exe
  2⤵
  PID:6476
- C:\Windows\System\mdcBvKu.exe
  C:\Windows\System\mdcBvKu.exe
  2⤵
  PID:6460
- C:\Windows\System\paniKqN.exe
  C:\Windows\System\paniKqN.exe
  2⤵
  PID:6496
- C:\Windows\System\pUMllHf.exe
  C:\Windows\System\pUMllHf.exe
  2⤵
  PID:6572
- C:\Windows\System\DoGZxLe.exe
  C:\Windows\System\DoGZxLe.exe
  2⤵
  PID:6524
- C:\Windows\System\TCZubyZ.exe
  C:\Windows\System\TCZubyZ.exe
  2⤵
  PID:6592
- C:\Windows\System\mvOXAxa.exe
  C:\Windows\System\mvOXAxa.exe
  2⤵
  PID:6624
- C:\Windows\System\PusyWfP.exe
  C:\Windows\System\PusyWfP.exe
  2⤵
  PID:6704
- C:\Windows\System\PPdEYYb.exe
  C:\Windows\System\PPdEYYb.exe
  2⤵
  PID:6768
- C:\Windows\System\HOCYWua.exe
  C:\Windows\System\HOCYWua.exe
  2⤵
  PID:6684
- C:\Windows\System\agrKHIO.exe
  C:\Windows\System\agrKHIO.exe
  2⤵
  PID:6720
- C:\Windows\System\xzFeRvQ.exe
  C:\Windows\System\xzFeRvQ.exe
  2⤵
  PID:6812
- C:\Windows\System\VxFQcfe.exe
  C:\Windows\System\VxFQcfe.exe
  2⤵
  PID:6832
- C:\Windows\System\hRYfVDb.exe
  C:\Windows\System\hRYfVDb.exe
  2⤵
  PID:6896
- C:\Windows\System\ZnELGCJ.exe
  C:\Windows\System\ZnELGCJ.exe
  2⤵
  PID:6960
- C:\Windows\System\uHOwowq.exe
  C:\Windows\System\uHOwowq.exe
  2⤵
  PID:6880
- C:\Windows\System\fdsLDyT.exe
  C:\Windows\System\fdsLDyT.exe
  2⤵
  PID:6992
- C:\Windows\System\TZIDEwQ.exe
  C:\Windows\System\TZIDEwQ.exe
  2⤵
  PID:6976
- C:\Windows\System\ofMkpVZ.exe
  C:\Windows\System\ofMkpVZ.exe
  2⤵
  PID:6444
- C:\Windows\System\TATMmNW.exe
  C:\Windows\System\TATMmNW.exe
  2⤵
  PID:7088
- C:\Windows\System\jHmKrkm.exe
  C:\Windows\System\jHmKrkm.exe
  2⤵
  PID:7072
- C:\Windows\System\EhUspVH.exe
  C:\Windows\System\EhUspVH.exe
  2⤵
  PID:7104
- C:\Windows\System\hlrrTAd.exe
  C:\Windows\System\hlrrTAd.exe
  2⤵
  PID:6104
- C:\Windows\System\LIteHct.exe
  C:\Windows\System\LIteHct.exe
  2⤵
  PID:5948
- C:\Windows\System\ZKbFpdg.exe
  C:\Windows\System\ZKbFpdg.exe
  2⤵
  PID:6192
- C:\Windows\System\bZHHIoH.exe
  C:\Windows\System\bZHHIoH.exe
  2⤵
  PID:6196
- C:\Windows\System\GuJqsqo.exe
  C:\Windows\System\GuJqsqo.exe
  2⤵
  PID:6360
- C:\Windows\System\MWqXakj.exe
  C:\Windows\System\MWqXakj.exe
  2⤵
  PID:6448
- C:\Windows\System\sECOWrz.exe
  C:\Windows\System\sECOWrz.exe
  2⤵
  PID:6576
- C:\Windows\System\XCVgabW.exe
  C:\Windows\System\XCVgabW.exe
  2⤵
  PID:6248
- C:\Windows\System\HrUhezQ.exe
  C:\Windows\System\HrUhezQ.exe
  2⤵
  PID:6380
- C:\Windows\System\HatwiXQ.exe
  C:\Windows\System\HatwiXQ.exe
  2⤵
  PID:6636
- C:\Windows\System\MYrHUtu.exe
  C:\Windows\System\MYrHUtu.exe
  2⤵
  PID:6544
- C:\Windows\System\CCCcMsy.exe
  C:\Windows\System\CCCcMsy.exe
  2⤵
  PID:6800
- C:\Windows\System\qVBjSyR.exe
  C:\Windows\System\qVBjSyR.exe
  2⤵
  PID:6700
- C:\Windows\System\uyBJyDC.exe
  C:\Windows\System\uyBJyDC.exe
  2⤵
  PID:6784
- C:\Windows\System\XPggohS.exe
  C:\Windows\System\XPggohS.exe
  2⤵
  PID:6940
- C:\Windows\System\uUdNTzs.exe
  C:\Windows\System\uUdNTzs.exe
  2⤵
  PID:6892
- C:\Windows\System\EKiiuZt.exe
  C:\Windows\System\EKiiuZt.exe
  2⤵
  PID:7060
- C:\Windows\System\stDtxWZ.exe
  C:\Windows\System\stDtxWZ.exe
  2⤵
  PID:6972
- C:\Windows\System\DLTEdOL.exe
  C:\Windows\System\DLTEdOL.exe
  2⤵
  PID:7152
- C:\Windows\System\gdSHjzk.exe
  C:\Windows\System\gdSHjzk.exe
  2⤵
  PID:6276
- C:\Windows\System\frLWJoG.exe
  C:\Windows\System\frLWJoG.exe
  2⤵
  PID:6364
- C:\Windows\System\jYhrTqr.exe
  C:\Windows\System\jYhrTqr.exe
  2⤵
  PID:6264
- C:\Windows\System\DTTZpnC.exe
  C:\Windows\System\DTTZpnC.exe
  2⤵
  PID:3032
- C:\Windows\System\mKeDbiI.exe
  C:\Windows\System\mKeDbiI.exe
  2⤵
  PID:6764
- C:\Windows\System\DEIufVA.exe
  C:\Windows\System\DEIufVA.exe
  2⤵
  PID:3036
- C:\Windows\System\BaHGpzt.exe
  C:\Windows\System\BaHGpzt.exe
  2⤵
  PID:6956
- C:\Windows\System\diSxrWR.exe
  C:\Windows\System\diSxrWR.exe
  2⤵
  PID:6224
- C:\Windows\System\YoJFzXz.exe
  C:\Windows\System\YoJFzXz.exe
  2⤵
  PID:7040
- C:\Windows\System\FgndsHb.exe
  C:\Windows\System\FgndsHb.exe
  2⤵
  PID:6180
- C:\Windows\System\abolklu.exe
  C:\Windows\System\abolklu.exe
  2⤵
  PID:6508
- C:\Windows\System\JFmpUAs.exe
  C:\Windows\System\JFmpUAs.exe
  2⤵
  PID:1712
- C:\Windows\System\HhNgzRf.exe
  C:\Windows\System\HhNgzRf.exe
  2⤵
  PID:6928
- C:\Windows\System\nKJsWLS.exe
  C:\Windows\System\nKJsWLS.exe
  2⤵
  PID:2380
- C:\Windows\System\wUDIwaY.exe
  C:\Windows\System\wUDIwaY.exe
  2⤵
  PID:1972
- C:\Windows\System\ILYxqGw.exe
  C:\Windows\System\ILYxqGw.exe
  2⤵
  PID:6844
- C:\Windows\System\BLEtQAS.exe
  C:\Windows\System\BLEtQAS.exe
  2⤵
  PID:6288
- C:\Windows\System\TVexAvx.exe
  C:\Windows\System\TVexAvx.exe
  2⤵
  PID:6980
- C:\Windows\System\cEjxEpD.exe
  C:\Windows\System\cEjxEpD.exe
  2⤵
  PID:6672
- C:\Windows\System\wLJcEVY.exe
  C:\Windows\System\wLJcEVY.exe
  2⤵
  PID:2100
- C:\Windows\System\fWfWibU.exe
  C:\Windows\System\fWfWibU.exe
  2⤵
  PID:1700
- C:\Windows\System\aGljPOA.exe
  C:\Windows\System\aGljPOA.exe
  2⤵
  PID:2316
- C:\Windows\System\sWFNopO.exe
  C:\Windows\System\sWFNopO.exe
  2⤵
  PID:6556
- C:\Windows\System\uKBcRkE.exe
  C:\Windows\System\uKBcRkE.exe
  2⤵
  PID:6292
- C:\Windows\System\CPRQpWP.exe
  C:\Windows\System\CPRQpWP.exe
  2⤵
  PID:7184
- C:\Windows\System\jMNXAAQ.exe
  C:\Windows\System\jMNXAAQ.exe
  2⤵
  PID:7200
- C:\Windows\System\sNLilQU.exe
  C:\Windows\System\sNLilQU.exe
  2⤵
  PID:7216
- C:\Windows\System\isAWwQM.exe
  C:\Windows\System\isAWwQM.exe
  2⤵
  PID:7232
- C:\Windows\System\kRmcnFk.exe
  C:\Windows\System\kRmcnFk.exe
  2⤵
  PID:7252
- C:\Windows\System\aWUSccB.exe
  C:\Windows\System\aWUSccB.exe
  2⤵
  PID:7268
- C:\Windows\System\ygLvoMW.exe
  C:\Windows\System\ygLvoMW.exe
  2⤵
  PID:7292
- C:\Windows\System\HYZnJJl.exe
  C:\Windows\System\HYZnJJl.exe
  2⤵
  PID:7308
- C:\Windows\System\TxDKrpL.exe
  C:\Windows\System\TxDKrpL.exe
  2⤵
  PID:7324
- C:\Windows\System\ZapzIgd.exe
  C:\Windows\System\ZapzIgd.exe
  2⤵
  PID:7340
- C:\Windows\System\rJZGPWO.exe
  C:\Windows\System\rJZGPWO.exe
  2⤵
  PID:7360
- C:\Windows\System\dlqnTOf.exe
  C:\Windows\System\dlqnTOf.exe
  2⤵
  PID:7388
- C:\Windows\System\RRAlxqP.exe
  C:\Windows\System\RRAlxqP.exe
  2⤵
  PID:7408
- C:\Windows\System\umOstNq.exe
  C:\Windows\System\umOstNq.exe
  2⤵
  PID:7424
- C:\Windows\System\dVvQItY.exe
  C:\Windows\System\dVvQItY.exe
  2⤵
  PID:7440
- C:\Windows\System\egbVKPb.exe
  C:\Windows\System\egbVKPb.exe
  2⤵
  PID:7456
- C:\Windows\System\aHtuhft.exe
  C:\Windows\System\aHtuhft.exe
  2⤵
  PID:7472
- C:\Windows\System\QuNrRiM.exe
  C:\Windows\System\QuNrRiM.exe
  2⤵
  PID:7488
- C:\Windows\System\fPFDoET.exe
  C:\Windows\System\fPFDoET.exe
  2⤵
  PID:7504
- C:\Windows\System\RcNIjVG.exe
  C:\Windows\System\RcNIjVG.exe
  2⤵
  PID:7520
- C:\Windows\System\ETedkVD.exe
  C:\Windows\System\ETedkVD.exe
  2⤵
  PID:7536
- C:\Windows\System\LWyQIrP.exe
  C:\Windows\System\LWyQIrP.exe
  2⤵
  PID:7552
- C:\Windows\System\TvtIrnv.exe
  C:\Windows\System\TvtIrnv.exe
  2⤵
  PID:7568
- C:\Windows\System\IkHGleq.exe
  C:\Windows\System\IkHGleq.exe
  2⤵
  PID:7584
- C:\Windows\System\lLLgCsz.exe
  C:\Windows\System\lLLgCsz.exe
  2⤵
  PID:7600
- C:\Windows\System\QXvKwmX.exe
  C:\Windows\System\QXvKwmX.exe
  2⤵
  PID:7616
- C:\Windows\System\FoFESqB.exe
  C:\Windows\System\FoFESqB.exe
  2⤵
  PID:7632
- C:\Windows\System\yRPWkVQ.exe
  C:\Windows\System\yRPWkVQ.exe
  2⤵
  PID:7648
- C:\Windows\System\RfUQduC.exe
  C:\Windows\System\RfUQduC.exe
  2⤵
  PID:7664
- C:\Windows\System\dVdVEkw.exe
  C:\Windows\System\dVdVEkw.exe
  2⤵
  PID:7680
- C:\Windows\System\UlJyOkC.exe
  C:\Windows\System\UlJyOkC.exe
  2⤵
  PID:7700
- C:\Windows\System\BzUNcVI.exe
  C:\Windows\System\BzUNcVI.exe
  2⤵
  PID:7720
- C:\Windows\System\yNMpzkl.exe
  C:\Windows\System\yNMpzkl.exe
  2⤵
  PID:7740
- C:\Windows\System\YbGoOxo.exe
  C:\Windows\System\YbGoOxo.exe
  2⤵
  PID:7760
- C:\Windows\System\CuoiQWl.exe
  C:\Windows\System\CuoiQWl.exe
  2⤵
  PID:7776
- C:\Windows\System\XnDKqTt.exe
  C:\Windows\System\XnDKqTt.exe
  2⤵
  PID:7792
- C:\Windows\System\nnBfPVy.exe
  C:\Windows\System\nnBfPVy.exe
  2⤵
  PID:7812
- C:\Windows\System\UTasPOT.exe
  C:\Windows\System\UTasPOT.exe
  2⤵
  PID:7828
- C:\Windows\System\YvklsTQ.exe
  C:\Windows\System\YvklsTQ.exe
  2⤵
  PID:7844
- C:\Windows\System\KoMVVuD.exe
  C:\Windows\System\KoMVVuD.exe
  2⤵
  PID:7860
- C:\Windows\System\hEDZxnC.exe
  C:\Windows\System\hEDZxnC.exe
  2⤵
  PID:7876
- C:\Windows\System\hCKhSSz.exe
  C:\Windows\System\hCKhSSz.exe
  2⤵
  PID:7896
- C:\Windows\System\coPhIxY.exe
  C:\Windows\System\coPhIxY.exe
  2⤵
  PID:7912
- C:\Windows\System\KlBbJRN.exe
  C:\Windows\System\KlBbJRN.exe
  2⤵
  PID:7928
- C:\Windows\System\saqCLTT.exe
  C:\Windows\System\saqCLTT.exe
  2⤵
  PID:7944
- C:\Windows\System\teOIkti.exe
  C:\Windows\System\teOIkti.exe
  2⤵
  PID:7960
- C:\Windows\System\CQBoxuV.exe
  C:\Windows\System\CQBoxuV.exe
  2⤵
  PID:7976
- C:\Windows\System\VMXGrfV.exe
  C:\Windows\System\VMXGrfV.exe
  2⤵
  PID:7992
- C:\Windows\System\GwPuZBy.exe
  C:\Windows\System\GwPuZBy.exe
  2⤵
  PID:8008
- C:\Windows\System\wqbDddB.exe
  C:\Windows\System\wqbDddB.exe
  2⤵
  PID:8044
- C:\Windows\System\DnaaLpU.exe
  C:\Windows\System\DnaaLpU.exe
  2⤵
  PID:8060
- C:\Windows\System\MaJvuRp.exe
  C:\Windows\System\MaJvuRp.exe
  2⤵
  PID:8080
- C:\Windows\System\YHyUjsb.exe
  C:\Windows\System\YHyUjsb.exe
  2⤵
  PID:8096
- C:\Windows\System\kBfQVcH.exe
  C:\Windows\System\kBfQVcH.exe
  2⤵
  PID:8112
- C:\Windows\System\QibmJZy.exe
  C:\Windows\System\QibmJZy.exe
  2⤵
  PID:8132
- C:\Windows\System\UugvdRn.exe
  C:\Windows\System\UugvdRn.exe
  2⤵
  PID:8152
- C:\Windows\System\JtjGNBP.exe
  C:\Windows\System\JtjGNBP.exe
  2⤵
  PID:8172
- C:\Windows\System\vaZqoRO.exe
  C:\Windows\System\vaZqoRO.exe
  2⤵
  PID:7192
- C:\Windows\System\AUgUQPc.exe
  C:\Windows\System\AUgUQPc.exe
  2⤵
  PID:7180
- C:\Windows\System\SePPeqY.exe
  C:\Windows\System\SePPeqY.exe
  2⤵
  PID:7264
- C:\Windows\System\MwDbcYD.exe
  C:\Windows\System\MwDbcYD.exe
  2⤵
  PID:7336
- C:\Windows\System\SYWAngo.exe
  C:\Windows\System\SYWAngo.exe
  2⤵
  PID:7280
- C:\Windows\System\saWZfce.exe
  C:\Windows\System\saWZfce.exe
  2⤵
  PID:7372
- C:\Windows\System\TUcOzoT.exe
  C:\Windows\System\TUcOzoT.exe
  2⤵
  PID:7316
- C:\Windows\System\SpFPQtl.exe
  C:\Windows\System\SpFPQtl.exe
  2⤵
  PID:7356
- C:\Windows\System\GtZosTX.exe
  C:\Windows\System\GtZosTX.exe
  2⤵
  PID:7452
- C:\Windows\System\hOHYBQL.exe
  C:\Windows\System\hOHYBQL.exe
  2⤵
  PID:7396
- C:\Windows\System\EInohvl.exe
  C:\Windows\System\EInohvl.exe
  2⤵
  PID:7436
- C:\Windows\System\qzuRQrT.exe
  C:\Windows\System\qzuRQrT.exe
  2⤵
  PID:7512
- C:\Windows\System\uBVjOQv.exe
  C:\Windows\System\uBVjOQv.exe
  2⤵
  PID:7576
- C:\Windows\System\Jhmzdhs.exe
  C:\Windows\System\Jhmzdhs.exe
  2⤵
  PID:7528
- C:\Windows\System\nvLuhvm.exe
  C:\Windows\System\nvLuhvm.exe
  2⤵
  PID:7592
- C:\Windows\System\asXNjOp.exe
  C:\Windows\System\asXNjOp.exe
  2⤵
  PID:7640
- C:\Windows\System\hjNgtck.exe
  C:\Windows\System\hjNgtck.exe
  2⤵
  PID:7660
- C:\Windows\System\XfMowwp.exe
  C:\Windows\System\XfMowwp.exe
  2⤵
  PID:7712
- C:\Windows\System\POKkjcp.exe
  C:\Windows\System\POKkjcp.exe
  2⤵
  PID:7752
- C:\Windows\System\OitWwhf.exe
  C:\Windows\System\OitWwhf.exe
  2⤵
  PID:7820
- C:\Windows\System\pNYuxeE.exe
  C:\Windows\System\pNYuxeE.exe
  2⤵
  PID:7856
- C:\Windows\System\BUdYQCy.exe
  C:\Windows\System\BUdYQCy.exe
  2⤵
  PID:7924
- C:\Windows\System\ihfFLgC.exe
  C:\Windows\System\ihfFLgC.exe
  2⤵
  PID:7988
- C:\Windows\System\gdJinQL.exe
  C:\Windows\System\gdJinQL.exe
  2⤵
  PID:7732
- C:\Windows\System\LUIoTMt.exe
  C:\Windows\System\LUIoTMt.exe
  2⤵
  PID:7800
- C:\Windows\System\qDrZORZ.exe
  C:\Windows\System\qDrZORZ.exe
  2⤵
  PID:7840
- C:\Windows\System\yhlrIkQ.exe
  C:\Windows\System\yhlrIkQ.exe
  2⤵
  PID:7380
- C:\Windows\System\hQmFBUj.exe
  C:\Windows\System\hQmFBUj.exe
  2⤵
  PID:7936
- C:\Windows\System\KDmLTQj.exe
  C:\Windows\System\KDmLTQj.exe
  2⤵
  PID:8000
- C:\Windows\System\sMTpePg.exe
  C:\Windows\System\sMTpePg.exe
  2⤵
  PID:8088
- C:\Windows\System\uxkanoH.exe
  C:\Windows\System\uxkanoH.exe
  2⤵
  PID:8036
- C:\Windows\System\ZZyrVbd.exe
  C:\Windows\System\ZZyrVbd.exe
  2⤵
  PID:8108
- C:\Windows\System\ytWsPym.exe
  C:\Windows\System\ytWsPym.exe
  2⤵
  PID:8124
- C:\Windows\System\cCNdHPB.exe
  C:\Windows\System\cCNdHPB.exe
  2⤵
  PID:8188
- C:\Windows\System\QyyjLxr.exe
  C:\Windows\System\QyyjLxr.exe
  2⤵
  PID:7260
- C:\Windows\System\kOcmmNa.exe
  C:\Windows\System\kOcmmNa.exe
  2⤵
  PID:8168
- C:\Windows\System\yjWbZDq.exe
  C:\Windows\System\yjWbZDq.exe
  2⤵
  PID:7384
- C:\Windows\System\SiPHAdg.exe
  C:\Windows\System\SiPHAdg.exe
  2⤵
  PID:7284
- C:\Windows\System\qQeyjZT.exe
  C:\Windows\System\qQeyjZT.exe
  2⤵
  PID:7420
- C:\Windows\System\VdOfSNq.exe
  C:\Windows\System\VdOfSNq.exe
  2⤵
  PID:7352
- C:\Windows\System\DvdAAHv.exe
  C:\Windows\System\DvdAAHv.exe
  2⤵
  PID:7500
- C:\Windows\System\sXXYmis.exe
  C:\Windows\System\sXXYmis.exe
  2⤵
  PID:7560
- C:\Windows\System\dEskdAP.exe
  C:\Windows\System\dEskdAP.exe
  2⤵
  PID:7748
- C:\Windows\System\VMcTmbV.exe
  C:\Windows\System\VMcTmbV.exe
  2⤵
  PID:7628
- C:\Windows\System\fIFTdOQ.exe
  C:\Windows\System\fIFTdOQ.exe
  2⤵
  PID:7788
- C:\Windows\System\gaqhDQG.exe
  C:\Windows\System\gaqhDQG.exe
  2⤵
  PID:7824
- C:\Windows\System\oYnRoFe.exe
  C:\Windows\System\oYnRoFe.exe
  2⤵
  PID:7768
- C:\Windows\System\xDjtVlJ.exe
  C:\Windows\System\xDjtVlJ.exe
  2⤵
  PID:8032
- C:\Windows\System\DgHoBwI.exe
  C:\Windows\System\DgHoBwI.exe
  2⤵
  PID:8212
- C:\Windows\System\wtUxPqe.exe
  C:\Windows\System\wtUxPqe.exe
  2⤵
  PID:8228
- C:\Windows\System\AEfHNeq.exe
  C:\Windows\System\AEfHNeq.exe
  2⤵
  PID:8248
- C:\Windows\System\vVIENoV.exe
  C:\Windows\System\vVIENoV.exe
  2⤵
  PID:8268
- C:\Windows\System\pBgnGYJ.exe
  C:\Windows\System\pBgnGYJ.exe
  2⤵
  PID:8288
- C:\Windows\System\RNMhcZp.exe
  C:\Windows\System\RNMhcZp.exe
  2⤵
  PID:8304
- C:\Windows\System\lIuadgU.exe
  C:\Windows\System\lIuadgU.exe
  2⤵
  PID:8332
- C:\Windows\System\LQdAsFo.exe
  C:\Windows\System\LQdAsFo.exe
  2⤵
  PID:8348
- C:\Windows\System\YnYLQiW.exe
  C:\Windows\System\YnYLQiW.exe
  2⤵
  PID:8372
- C:\Windows\System\LPwYQXb.exe
  C:\Windows\System\LPwYQXb.exe
  2⤵
  PID:8392
- C:\Windows\System\XEUnxRD.exe
  C:\Windows\System\XEUnxRD.exe
  2⤵
  PID:8408
- C:\Windows\System\NPtwOEm.exe
  C:\Windows\System\NPtwOEm.exe
  2⤵
  PID:8424
- C:\Windows\System\nEElLgy.exe
  C:\Windows\System\nEElLgy.exe
  2⤵
  PID:8440
- C:\Windows\System\xHsytdz.exe
  C:\Windows\System\xHsytdz.exe
  2⤵
  PID:8460
- C:\Windows\System\JLqBvNu.exe
  C:\Windows\System\JLqBvNu.exe
  2⤵
  PID:8484
- C:\Windows\System\KDqBqVK.exe
  C:\Windows\System\KDqBqVK.exe
  2⤵
  PID:8528
- C:\Windows\System\TuJmWzn.exe
  C:\Windows\System\TuJmWzn.exe
  2⤵
  PID:8544
- C:\Windows\System\jwCYmav.exe
  C:\Windows\System\jwCYmav.exe
  2⤵
  PID:8560
- C:\Windows\System\nRhHKBp.exe
  C:\Windows\System\nRhHKBp.exe
  2⤵
  PID:8576
- C:\Windows\System\VAAzNJp.exe
  C:\Windows\System\VAAzNJp.exe
  2⤵
  PID:8600
- C:\Windows\System\ciLyfYD.exe
  C:\Windows\System\ciLyfYD.exe
  2⤵
  PID:8616
- C:\Windows\System\wUNUwQC.exe
  C:\Windows\System\wUNUwQC.exe
  2⤵
  PID:8632
- C:\Windows\System\cECqbEd.exe
  C:\Windows\System\cECqbEd.exe
  2⤵
  PID:8648
- C:\Windows\System\LHAcklo.exe
  C:\Windows\System\LHAcklo.exe
  2⤵
  PID:8664
- C:\Windows\System\lsWksqR.exe
  C:\Windows\System\lsWksqR.exe
  2⤵
  PID:8680
- C:\Windows\System\kvJrpJQ.exe
  C:\Windows\System\kvJrpJQ.exe
  2⤵
  PID:8700
- C:\Windows\System\QZoDilv.exe
  C:\Windows\System\QZoDilv.exe
  2⤵
  PID:8716
- C:\Windows\System\tcXGFVZ.exe
  C:\Windows\System\tcXGFVZ.exe
  2⤵
  PID:8732
- C:\Windows\System\HcqUoPO.exe
  C:\Windows\System\HcqUoPO.exe
  2⤵
  PID:8748
- C:\Windows\System\yXAvlem.exe
  C:\Windows\System\yXAvlem.exe
  2⤵
  PID:8768
- C:\Windows\System\xgTbPNv.exe
  C:\Windows\System\xgTbPNv.exe
  2⤵
  PID:8784
- C:\Windows\System\nTbppCl.exe
  C:\Windows\System\nTbppCl.exe
  2⤵
  PID:8800
- C:\Windows\System\GKnIzwH.exe
  C:\Windows\System\GKnIzwH.exe
  2⤵
  PID:8820
- C:\Windows\System\CJTSTZy.exe
  C:\Windows\System\CJTSTZy.exe
  2⤵
  PID:8836
- C:\Windows\System\tHhOTzZ.exe
  C:\Windows\System\tHhOTzZ.exe
  2⤵
  PID:8852
- C:\Windows\System\nWrGBor.exe
  C:\Windows\System\nWrGBor.exe
  2⤵
  PID:8868
- C:\Windows\System\rweShGA.exe
  C:\Windows\System\rweShGA.exe
  2⤵
  PID:8884
- C:\Windows\System\BWeeGrr.exe
  C:\Windows\System\BWeeGrr.exe
  2⤵
  PID:8900
- C:\Windows\System\vMkRjtK.exe
  C:\Windows\System\vMkRjtK.exe
  2⤵
  PID:8916
- C:\Windows\System\EvsjSEX.exe
  C:\Windows\System\EvsjSEX.exe
  2⤵
  PID:8936
- C:\Windows\System\UvklERz.exe
  C:\Windows\System\UvklERz.exe
  2⤵
  PID:8952
- C:\Windows\System\TfxDFQN.exe
  C:\Windows\System\TfxDFQN.exe
  2⤵
  PID:8992
- C:\Windows\System\aGnwptL.exe
  C:\Windows\System\aGnwptL.exe
  2⤵
  PID:9068
- C:\Windows\System\jPXoRom.exe
  C:\Windows\System\jPXoRom.exe
  2⤵
  PID:9084
- C:\Windows\System\RRljCjk.exe
  C:\Windows\System\RRljCjk.exe
  2⤵
  PID:9100
- C:\Windows\System\VLvJXUe.exe
  C:\Windows\System\VLvJXUe.exe
  2⤵
  PID:9116
- C:\Windows\System\yXjFkGw.exe
  C:\Windows\System\yXjFkGw.exe
  2⤵
  PID:9136
- C:\Windows\System\cfUWhkk.exe
  C:\Windows\System\cfUWhkk.exe
  2⤵
  PID:9156
- C:\Windows\System\YlHKYKh.exe
  C:\Windows\System\YlHKYKh.exe
  2⤵
  PID:9172
- C:\Windows\System\NwEAFhy.exe
  C:\Windows\System\NwEAFhy.exe
  2⤵
  PID:9192
- C:\Windows\System\jHaWKTb.exe
  C:\Windows\System\jHaWKTb.exe
  2⤵
  PID:9208
- C:\Windows\System\vnqoCwe.exe
  C:\Windows\System\vnqoCwe.exe
  2⤵
  PID:8204
- C:\Windows\System\tRHJgct.exe
  C:\Windows\System\tRHJgct.exe
  2⤵
  PID:7904
- C:\Windows\System\txzPNjd.exe
  C:\Windows\System\txzPNjd.exe
  2⤵
  PID:6656
- C:\Windows\System\rQmesxd.exe
  C:\Windows\System\rQmesxd.exe
  2⤵
  PID:7908
- C:\Windows\System\iFUqCxk.exe
  C:\Windows\System\iFUqCxk.exe
  2⤵
  PID:8128
- C:\Windows\System\DVRbkaB.exe
  C:\Windows\System\DVRbkaB.exe
  2⤵
  PID:7248
- C:\Windows\System\hAucNlq.exe
  C:\Windows\System\hAucNlq.exe
  2⤵
  PID:7348
- C:\Windows\System\fgWoQaB.exe
  C:\Windows\System\fgWoQaB.exe
  2⤵
  PID:7496
- C:\Windows\System\QDXjYmn.exe
  C:\Windows\System\QDXjYmn.exe
  2⤵
  PID:7564
- C:\Windows\System\AZIzDPG.exe
  C:\Windows\System\AZIzDPG.exe
  2⤵
  PID:7784
- C:\Windows\System\AwfcDRx.exe
  C:\Windows\System\AwfcDRx.exe
  2⤵
  PID:7956
- C:\Windows\System\MuLwqpR.exe
  C:\Windows\System\MuLwqpR.exe
  2⤵
  PID:8240
- C:\Windows\System\UfHNAZq.exe
  C:\Windows\System\UfHNAZq.exe
  2⤵
  PID:8284
- C:\Windows\System\eoZtPuo.exe
  C:\Windows\System\eoZtPuo.exe
  2⤵
  PID:8296
- C:\Windows\System\mZhOtlO.exe
  C:\Windows\System\mZhOtlO.exe
  2⤵
  PID:8324
- C:\Windows\System\BHAXJIJ.exe
  C:\Windows\System\BHAXJIJ.exe
  2⤵
  PID:8368
- C:\Windows\System\meHuBxD.exe
  C:\Windows\System\meHuBxD.exe
  2⤵
  PID:8380
- C:\Windows\System\FkOLdIy.exe
  C:\Windows\System\FkOLdIy.exe
  2⤵
  PID:8436
- C:\Windows\System\Dcpxtko.exe
  C:\Windows\System\Dcpxtko.exe
  2⤵
  PID:8476
- C:\Windows\System\qeaRvuz.exe
  C:\Windows\System\qeaRvuz.exe
  2⤵
  PID:8536
- C:\Windows\System\bAecXbW.exe
  C:\Windows\System\bAecXbW.exe
  2⤵
  PID:8456
- C:\Windows\System\RhLArgL.exe
  C:\Windows\System\RhLArgL.exe
  2⤵
  PID:8568
- C:\Windows\System\pjWyZQA.exe
  C:\Windows\System\pjWyZQA.exe
  2⤵
  PID:8524
- C:\Windows\System\gdCogXX.exe
  C:\Windows\System\gdCogXX.exe
  2⤵
  PID:8612
- C:\Windows\System\XQVPjTx.exe
  C:\Windows\System\XQVPjTx.exe
  2⤵
  PID:8672
- C:\Windows\System\RAYbDyq.exe
  C:\Windows\System\RAYbDyq.exe
  2⤵
  PID:8596
- C:\Windows\System\rNaqTKE.exe
  C:\Windows\System\rNaqTKE.exe
  2⤵
  PID:8588
- C:\Windows\System\TryOHVB.exe
  C:\Windows\System\TryOHVB.exe
  2⤵
  PID:8280
- C:\Windows\System\XexZwjq.exe
  C:\Windows\System\XexZwjq.exe
  2⤵
  PID:8696
- C:\Windows\System\MsqxrNM.exe
  C:\Windows\System\MsqxrNM.exe
  2⤵
  PID:8760
- C:\Windows\System\oEehYwf.exe
  C:\Windows\System\oEehYwf.exe
  2⤵
  PID:8816
- C:\Windows\System\OoOwBew.exe
  C:\Windows\System\OoOwBew.exe
  2⤵
  PID:8880
- C:\Windows\System\XarapvK.exe
  C:\Windows\System\XarapvK.exe
  2⤵
  PID:8828
- C:\Windows\System\VAjBIKP.exe
  C:\Windows\System\VAjBIKP.exe
  2⤵
  PID:8796
- C:\Windows\System\VRaZEbd.exe
  C:\Windows\System\VRaZEbd.exe
  2⤵
  PID:8896
- C:\Windows\System\STQmyEf.exe
  C:\Windows\System\STQmyEf.exe
  2⤵
  PID:1016
- C:\Windows\System\QlcqEEF.exe
  C:\Windows\System\QlcqEEF.exe
  2⤵
  PID:9096
- C:\Windows\System\NdyGKsv.exe
  C:\Windows\System\NdyGKsv.exe
  2⤵
  PID:9108
- C:\Windows\System\GgAHSBy.exe
  C:\Windows\System\GgAHSBy.exe
  2⤵
  PID:9688
- C:\Windows\System\DNGbfAi.exe
  C:\Windows\System\DNGbfAi.exe
  2⤵
  PID:9704
- C:\Windows\System\YWtRwAW.exe
  C:\Windows\System\YWtRwAW.exe
  2⤵
  PID:9732
- C:\Windows\System\wjbLCHn.exe
  C:\Windows\System\wjbLCHn.exe
  2⤵
  PID:9748
- C:\Windows\System\bkbRjnM.exe
  C:\Windows\System\bkbRjnM.exe
  2⤵
  PID:9776
- C:\Windows\System\SzwMcDc.exe
  C:\Windows\System\SzwMcDc.exe
  2⤵
  PID:9792
- C:\Windows\System\QOKSHvv.exe
  C:\Windows\System\QOKSHvv.exe
  2⤵
  PID:9808
- C:\Windows\System\rfCjpMJ.exe
  C:\Windows\System\rfCjpMJ.exe
  2⤵
  PID:9832
- C:\Windows\System\crGpSXB.exe
  C:\Windows\System\crGpSXB.exe
  2⤵
  PID:9848
- C:\Windows\System\oRASkdn.exe
  C:\Windows\System\oRASkdn.exe
  2⤵
  PID:9868
- C:\Windows\System\dYDBpkP.exe
  C:\Windows\System\dYDBpkP.exe
  2⤵
  PID:9884
- C:\Windows\System\jvUiqLK.exe
  C:\Windows\System\jvUiqLK.exe
  2⤵
  PID:9924
- C:\Windows\System\vaEwPJg.exe
  C:\Windows\System\vaEwPJg.exe
  2⤵
  PID:9940
- C:\Windows\System\YxQTZCY.exe
  C:\Windows\System\YxQTZCY.exe
  2⤵
  PID:9956
- C:\Windows\System\UZvRVFp.exe
  C:\Windows\System\UZvRVFp.exe
  2⤵
  PID:9980
- C:\Windows\System\dxtIwXY.exe
  C:\Windows\System\dxtIwXY.exe
  2⤵
  PID:10008
- C:\Windows\System\LTOywyD.exe
  C:\Windows\System\LTOywyD.exe
  2⤵
  PID:10024
- C:\Windows\System\UkmJbUA.exe
  C:\Windows\System\UkmJbUA.exe
  2⤵
  PID:10040
- C:\Windows\System\NvePwTU.exe
  C:\Windows\System\NvePwTU.exe
  2⤵
  PID:10064
- C:\Windows\System\OKrYeQT.exe
  C:\Windows\System\OKrYeQT.exe
  2⤵
  PID:10096
- C:\Windows\System\zslRqEO.exe
  C:\Windows\System\zslRqEO.exe
  2⤵
  PID:10116
- C:\Windows\System\qYsvMkJ.exe
  C:\Windows\System\qYsvMkJ.exe
  2⤵
  PID:10132
- C:\Windows\System\OaHmtzO.exe
  C:\Windows\System\OaHmtzO.exe
  2⤵
  PID:10152
- C:\Windows\System\kIqfJaj.exe
  C:\Windows\System\kIqfJaj.exe
  2⤵
  PID:10168
- C:\Windows\System\yiGkjGG.exe
  C:\Windows\System\yiGkjGG.exe
  2⤵
  PID:10184
- C:\Windows\System\yYRtffl.exe
  C:\Windows\System\yYRtffl.exe
  2⤵
  PID:10200
- C:\Windows\System\rqKdNEx.exe
  C:\Windows\System\rqKdNEx.exe
  2⤵
  PID:10220
- C:\Windows\System\nLPNPzG.exe
  C:\Windows\System\nLPNPzG.exe
  2⤵
  PID:10236
- C:\Windows\System\kOsPkAe.exe
  C:\Windows\System\kOsPkAe.exe
  2⤵
  PID:8076
- C:\Windows\System\eCYWklT.exe
  C:\Windows\System\eCYWklT.exe
  2⤵
  PID:7836
- C:\Windows\System\CJNaqjY.exe
  C:\Windows\System\CJNaqjY.exe
  2⤵
  PID:7432
- C:\Windows\System\jFjCrJr.exe
  C:\Windows\System\jFjCrJr.exe
  2⤵
  PID:7244
- C:\Windows\System\kVscJGV.exe
  C:\Windows\System\kVscJGV.exe
  2⤵
  PID:7872
- C:\Windows\System\HknFsvK.exe
  C:\Windows\System\HknFsvK.exe
  2⤵
  PID:8276
- C:\Windows\System\wEpOcEA.exe
  C:\Windows\System\wEpOcEA.exe
  2⤵
  PID:8320
- C:\Windows\System\XGykeLV.exe
  C:\Windows\System\XGykeLV.exe
  2⤵
  PID:8432
- C:\Windows\System\NYQajTu.exe
  C:\Windows\System\NYQajTu.exe
  2⤵
  PID:8500
- C:\Windows\System\UKhCGxD.exe
  C:\Windows\System\UKhCGxD.exe
  2⤵
  PID:8608
- C:\Windows\System\meSHprF.exe
  C:\Windows\System\meSHprF.exe
  2⤵
  PID:8688
- C:\Windows\System\tThuMMt.exe
  C:\Windows\System\tThuMMt.exe
  2⤵
  PID:8944
- C:\Windows\System\vlaMpGb.exe
  C:\Windows\System\vlaMpGb.exe
  2⤵
  PID:8472
- C:\Windows\System\YThtrNB.exe
  C:\Windows\System\YThtrNB.exe
  2⤵
  PID:8496
- C:\Windows\System\vRcjdvg.exe
  C:\Windows\System\vRcjdvg.exe
  2⤵
  PID:8740
- C:\Windows\System\CnPkMHk.exe
  C:\Windows\System\CnPkMHk.exe
  2⤵
  PID:8692
- C:\Windows\System\DFAcBAr.exe
  C:\Windows\System\DFAcBAr.exe
  2⤵
  PID:8948
- C:\Windows\System\UudPCPy.exe
  C:\Windows\System\UudPCPy.exe
  2⤵
  PID:8972
- C:\Windows\System\KErBKcj.exe
  C:\Windows\System\KErBKcj.exe
  2⤵
  PID:9016
- C:\Windows\System\iiXzfCo.exe
  C:\Windows\System\iiXzfCo.exe
  2⤵
  PID:8988
- C:\Windows\System\yXXqnWu.exe
  C:\Windows\System\yXXqnWu.exe
  2⤵
  PID:9044
- C:\Windows\System\IuNiAgB.exe
  C:\Windows\System\IuNiAgB.exe
  2⤵
  PID:9064
- C:\Windows\System\VcPUHTo.exe
  C:\Windows\System\VcPUHTo.exe
  2⤵
  PID:9128
- C:\Windows\System\hTFPXbI.exe
  C:\Windows\System\hTFPXbI.exe
  2⤵
  PID:7728
- C:\Windows\System\VByJkmh.exe
  C:\Windows\System\VByJkmh.exe
  2⤵
  PID:9144
- C:\Windows\System\llkGStn.exe
  C:\Windows\System\llkGStn.exe
  2⤵
  PID:9224
- C:\Windows\System\uAjifjU.exe
  C:\Windows\System\uAjifjU.exe
  2⤵
  PID:9240
- C:\Windows\System\eryHano.exe
  C:\Windows\System\eryHano.exe
  2⤵
  PID:9256
- C:\Windows\System\slvDCIZ.exe
  C:\Windows\System\slvDCIZ.exe
  2⤵
  PID:9272
- C:\Windows\System\grnyGGF.exe
  C:\Windows\System\grnyGGF.exe
  2⤵
  PID:9288
- C:\Windows\System\NrPxvor.exe
  C:\Windows\System\NrPxvor.exe
  2⤵
  PID:9316
- C:\Windows\System\ImfdFeN.exe
  C:\Windows\System\ImfdFeN.exe
  2⤵
  PID:9332
- C:\Windows\System\TfoGnng.exe
  C:\Windows\System\TfoGnng.exe
  2⤵
  PID:9596
- C:\Windows\System\ZYZlvYN.exe
  C:\Windows\System\ZYZlvYN.exe
  2⤵
  PID:9364
- C:\Windows\System\zXXQJJo.exe
  C:\Windows\System\zXXQJJo.exe
  2⤵
  PID:9380
- C:\Windows\System\xQPcmHp.exe
  C:\Windows\System\xQPcmHp.exe
  2⤵
  PID:9400
- C:\Windows\System\zZSIkjy.exe
  C:\Windows\System\zZSIkjy.exe
  2⤵
  PID:9424
- C:\Windows\System\smvhGOg.exe
  C:\Windows\System\smvhGOg.exe
  2⤵
  PID:9440
- C:\Windows\System\MuScxjc.exe
  C:\Windows\System\MuScxjc.exe
  2⤵
  PID:9456
- C:\Windows\System\HzfHyeV.exe
  C:\Windows\System\HzfHyeV.exe
  2⤵
  PID:9480
- C:\Windows\System\czTvwsK.exe
  C:\Windows\System\czTvwsK.exe
  2⤵
  PID:9496
- C:\Windows\System\JovzbtY.exe
  C:\Windows\System\JovzbtY.exe
  2⤵
  PID:9512
- C:\Windows\System\yqtoWGe.exe
  C:\Windows\System\yqtoWGe.exe
  2⤵
  PID:9536
- C:\Windows\System\lSnFhAL.exe
  C:\Windows\System\lSnFhAL.exe
  2⤵
  PID:9552
- C:\Windows\System\sqIeirV.exe
  C:\Windows\System\sqIeirV.exe
  2⤵
  PID:9568
- C:\Windows\System\POjyOhW.exe
  C:\Windows\System\POjyOhW.exe
  2⤵
  PID:9584
- C:\Windows\System\XcNjkDG.exe
  C:\Windows\System\XcNjkDG.exe
  2⤵
  PID:9612
- C:\Windows\System\mSUsLjd.exe
  C:\Windows\System\mSUsLjd.exe
  2⤵
  PID:9628
- C:\Windows\System\dALZmSJ.exe
  C:\Windows\System\dALZmSJ.exe
  2⤵
  PID:9648
- C:\Windows\System\NQtZmzz.exe
  C:\Windows\System\NQtZmzz.exe
  2⤵
  PID:9664
- C:\Windows\System\ZHKgiEE.exe
  C:\Windows\System\ZHKgiEE.exe
  2⤵
  PID:9716
- C:\Windows\System\SJEzyph.exe
  C:\Windows\System\SJEzyph.exe
  2⤵
  PID:9728
- C:\Windows\System\dffnYhC.exe
  C:\Windows\System\dffnYhC.exe
  2⤵
  PID:9772
- C:\Windows\System\NhrEVaX.exe
  C:\Windows\System\NhrEVaX.exe
  2⤵
  PID:9744
- C:\Windows\System\oejopHL.exe
  C:\Windows\System\oejopHL.exe
  2⤵
  PID:9828
- C:\Windows\System\yDhuyPQ.exe
  C:\Windows\System\yDhuyPQ.exe
  2⤵
  PID:9844
- C:\Windows\System\ussrZUP.exe
  C:\Windows\System\ussrZUP.exe
  2⤵
  PID:9784
- C:\Windows\System\KWqdiOJ.exe
  C:\Windows\System\KWqdiOJ.exe
  2⤵
  PID:9904
- C:\Windows\System\qIxIGjs.exe
  C:\Windows\System\qIxIGjs.exe
  2⤵
  PID:9896
- C:\Windows\System\wduXLWh.exe
  C:\Windows\System\wduXLWh.exe
  2⤵
  PID:9964
- C:\Windows\System\dVchqlm.exe
  C:\Windows\System\dVchqlm.exe
  2⤵
  PID:10016
- C:\Windows\System\rtbSPKd.exe
  C:\Windows\System\rtbSPKd.exe
  2⤵
  PID:10056
- C:\Windows\System\YALZqjI.exe
  C:\Windows\System\YALZqjI.exe
  2⤵
  PID:10104
- C:\Windows\System\wJHiDUV.exe
  C:\Windows\System\wJHiDUV.exe
  2⤵
  PID:8144
- C:\Windows\System\UmTVOOD.exe
  C:\Windows\System\UmTVOOD.exe
  2⤵
  PID:10208
- C:\Windows\System\FFLlXOc.exe
  C:\Windows\System\FFLlXOc.exe
  2⤵
  PID:10148
- C:\Windows\System\giBkQLS.exe
  C:\Windows\System\giBkQLS.exe
  2⤵
  PID:8028
- C:\Windows\System\IjjThMl.exe
  C:\Windows\System\IjjThMl.exe
  2⤵
  PID:8420
- C:\Windows\System\fiuCRty.exe
  C:\Windows\System\fiuCRty.exe
  2⤵
  PID:8964
- C:\Windows\System\qRonpOE.exe
  C:\Windows\System\qRonpOE.exe
  2⤵
  PID:8644
- C:\Windows\System\gwUNbzd.exe
  C:\Windows\System\gwUNbzd.exe
  2⤵
  PID:8584
- C:\Windows\System\CMkyGVe.exe
  C:\Windows\System\CMkyGVe.exe
  2⤵
  PID:8660
- C:\Windows\System\nWQDpUc.exe
  C:\Windows\System\nWQDpUc.exe
  2⤵
  PID:8876
- C:\Windows\System\BZtrVRu.exe
  C:\Windows\System\BZtrVRu.exe
  2⤵
  PID:10232
- C:\Windows\System\exlSyEh.exe
  C:\Windows\System\exlSyEh.exe
  2⤵
  PID:7984
- C:\Windows\System\dXHVkuY.exe
  C:\Windows\System\dXHVkuY.exe
  2⤵
  PID:9168
- C:\Windows\System\LOCHVGP.exe
  C:\Windows\System\LOCHVGP.exe
  2⤵
  PID:8356
- C:\Windows\System\euystYU.exe
  C:\Windows\System\euystYU.exe
  2⤵
  PID:8468
- C:\Windows\System\jCaifMx.exe
  C:\Windows\System\jCaifMx.exe
  2⤵
  PID:8976
- C:\Windows\System\zScWEMU.exe
  C:\Windows\System\zScWEMU.exe
  2⤵
  PID:9004
- C:\Windows\System\TYtWIUW.exe
  C:\Windows\System\TYtWIUW.exe
  2⤵
  PID:9060
- C:\Windows\System\eIUVtQs.exe
  C:\Windows\System\eIUVtQs.exe
  2⤵
  PID:8148
- C:\Windows\System\vZsKXaR.exe
  C:\Windows\System\vZsKXaR.exe
  2⤵
  PID:2568
- C:\Windows\System\sVNprgB.exe
  C:\Windows\System\sVNprgB.exe
  2⤵
  PID:9220
- C:\Windows\System\uLMPJTe.exe
  C:\Windows\System\uLMPJTe.exe
  2⤵
  PID:9284
- C:\Windows\System\moaStmd.exe
  C:\Windows\System\moaStmd.exe
  2⤵
  PID:9324
- C:\Windows\System\kmeBJzi.exe
  C:\Windows\System\kmeBJzi.exe
  2⤵
  PID:9348
- C:\Windows\System\IrNQYZo.exe
  C:\Windows\System\IrNQYZo.exe
  2⤵
  PID:9360
- C:\Windows\System\ckEDwGB.exe
  C:\Windows\System\ckEDwGB.exe
  2⤵
  PID:9420
- C:\Windows\System\ggHBDxZ.exe
  C:\Windows\System\ggHBDxZ.exe
  2⤵
  PID:9452
- C:\Windows\System\fTxQShX.exe
  C:\Windows\System\fTxQShX.exe
  2⤵
  PID:9432
- C:\Windows\System\EtjVwOz.exe
  C:\Windows\System\EtjVwOz.exe
  2⤵
  PID:9528
- C:\Windows\System\GpjXJeR.exe
  C:\Windows\System\GpjXJeR.exe
  2⤵
  PID:9468
- C:\Windows\System\IfzVzLQ.exe
  C:\Windows\System\IfzVzLQ.exe
  2⤵
  PID:9048
- C:\Windows\System\chdGbug.exe
  C:\Windows\System\chdGbug.exe
  2⤵
  PID:9580
- C:\Windows\System\nsLDbtB.exe
  C:\Windows\System\nsLDbtB.exe
  2⤵
  PID:9600
- C:\Windows\System\pEUnEaj.exe
  C:\Windows\System\pEUnEaj.exe
  2⤵
  PID:9720
- C:\Windows\System\cSDnvhy.exe
  C:\Windows\System\cSDnvhy.exe
  2⤵
  PID:9816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BjqqytG.exe

Filesize
6.0MB

MD5
ff4068fbbba49eff7b98fb487b877bf8

SHA1
d0772b5c1d4d4354c10707b2462647c332fbb520

SHA256
28f318cf8ac03669752bf75543e25f670c4fa83553db917c86fc84116680f97e

SHA512
e2fd1bf6e76d5641969c50cf7bc3687bf938cbc152d8ac8422025a770434f375335caa8d7c8f0d83377a12efe53c4f5d99bd77a62ee6e286faea6e0bcfacf72d

Download Submit
C:\Windows\system\DnafEhz.exe

Filesize
6.0MB

MD5
a4767108b481318b6f10f8e9a7352521

SHA1
ff2a489e7bbfb3fbfb09c3cb6a37ff9d598f4399

SHA256
3871d7126f62748eeb430469808f64cb320dab15ce734c2a707d08f8d6a9a273

SHA512
11f4b0952447d49351ef8aa0da0031e85096ae4516295773786fe3afbd9a4015a25da86fc2bacbefe4a7e9662b37edd134d7eaad018fdccf95807d66cfd6a273

Download Submit
C:\Windows\system\HfHlden.exe

Filesize
6.0MB

MD5
7f52934e40d8fb16e67e58703bb60f53

SHA1
9dc97cdc626fe46d21c68119b3ae65e1cb09b91c

SHA256
848ad679aeef4a1eda31eb93e223ae1d5bb66b3f133bb2e2d9d436f125f3c934

SHA512
206b2352699d47f469838c54fdeea3dd0ea55d12d97e272fd5302fa9354e885cd2c9283510e12a8913a197c9ad80a170cf2c3c911bbcca3c36f330c799b1feb8

Download Submit
C:\Windows\system\KFlggDy.exe

Filesize
6.0MB

MD5
8de006542082d1920034c2e8e97bc3f2

SHA1
39d23bf65a3ea31fc0c684d97c44341db484bb2e

SHA256
42193e738b2b3e981edc2e0d2532a89a28e8a2ec055474933ee0069f1db17cf5

SHA512
34cf260d5ae3e5c270bd4753194879a0085823f3de967d4dba3d13107ea0c8a89048131b1f6431a412a6e8f4850f97e3556dafe4180cec01d55d25c4bfef4b12

Download Submit
C:\Windows\system\KwPnbTI.exe

Filesize
6.0MB

MD5
39fa9bea52a1dd1b2202accead1306da

SHA1
5f1ce7259f5bbea4e73a450fe3c760dfbd6f39f8

SHA256
406e46c4a9afd93415c37ff6f2a108c9925ae03d7055a0adc8d9e19145bc8a8c

SHA512
a2b85953df36f4f94811b9f0817768e71bcc7540838f75d50375930cb9160f497eb689b2fdbcaf2c9b6aba92e02379b6c4bf280bbf1865f0a50d22296c012bf4

Download Submit
C:\Windows\system\Nsgsucd.exe

Filesize
6.0MB

MD5
b6df87ebf5fb05b45935da6dcd0258d5

SHA1
c83a2bdf75e160932885aeac06cc1c807c0ea311

SHA256
aacec0cb920075f6995259b1d350ef0c41a0fc985d6d3a234018fdba73eda363

SHA512
0e4962ff2bfffb1915731258c3ca295011bbd53d920ee2dc16836de4b8253257e19e8bb1d1ef9153129092b55b4d50aea2865850f75d2909774a38f0c720c005

Download Submit
C:\Windows\system\OoMauJg.exe

Filesize
6.0MB

MD5
a1d06f056f8097543264720646cf1c0b

SHA1
76917ad5874ec7deeb8e0c9942738b6dcea7a903

SHA256
b7dd39c3b5e63ec871c754b37e76007bf1549e31878069c56385232490835621

SHA512
3050fa54b9b5d792f1fe4d4ba77650ef1bc35226f05dc0ca37270c3d550eb29bf60745b74efeff5d3218d8456bf1eb307e5546cf00debd2376f5cdeeba1b4cdf

Download Submit
C:\Windows\system\PXFnDgq.exe

Filesize
6.0MB

MD5
f4d22e48153a40b45c87a9c131211d27

SHA1
7499c70cee47f804dd49b70b130d289bd95450b2

SHA256
34ca099b94fd3b6860afaa3dadfcc4d203c436008349fb706f0c1360f624eac8

SHA512
b39049bf37ddc0e4f6a4c836828a04f503197629624094841930063852abeaf82982506ab51bd3ab4325eee7a26a56df30eebf5403f5ba2ac7e484fd99b57adf

Download Submit
C:\Windows\system\QRKqsUQ.exe

Filesize
6.0MB

MD5
79114fd4a6c5e4cf2cb5058f3bee520b

SHA1
2d357fc24a3524a7ab2afe3298d2722ad8659ccf

SHA256
88d05e319cca3560b40069563b61d3ff877b49e702321fa9c41b81b44e2ea7bf

SHA512
d5ef98542f1cffa5452303e1ae8a26ed3ac0e71817b128cae28d6f95e8a60403ebba4b97b9f62e965ba8d81482905dd371e73233df1ab65d509d81a97a4d5caa

Download Submit
C:\Windows\system\SNqEjDs.exe

Filesize
6.0MB

MD5
88cfca6e3cc1e6b5c48ee6c21fbd7d11

SHA1
60e1de4e52641a1f0c639d04a40335eee7353e0f

SHA256
f7c33927ac62c274d47742b558e72a5bc2bd443293c17dd05077e21343e861ef

SHA512
bab804619023d231048d0c6f41e6491cc3dc861b8e6e71211429cf490901ebcce805501ccef67dd426fe286807cc46b23275fdee9a17b4a3d02a4d0c34eefc6f

Download Submit
C:\Windows\system\SlMuUYL.exe

Filesize
6.0MB

MD5
893433e54b6abd57ac5a7c988237a350

SHA1
d92da92c8d20ec3bbab9a878fc23768be562cb1b

SHA256
943606d1b48ef07534c550a5bb44cf22fe71aa00cffd850925991e538afa82b4

SHA512
aac54fccffbd359e684f372aad51eaeba283ddc2dcadbfda470ebf21d9787f3693dcbfd8aa462aa7868854bc49ddf009e0e5b8e5fdad7e29ef73042b61dfad4e

Download Submit
C:\Windows\system\TsmMGIy.exe

Filesize
6.0MB

MD5
e4c0bc5388a8dce92947952cf7c14502

SHA1
6214f082b81d99787cf611a3395e410dab130fc6

SHA256
5ec093fc87f30d24cccad328ca6a63407a728a9eff8d06b7e7d8b55e121884b6

SHA512
f48632ac9abb9bb25f4e05d186dfeebfafa999a58a4ec8ebcec88503dfa88f4817dfff17980277b073610e2cf17902ca2c1ca49222c311cd1cc61b108816d163

Download Submit
C:\Windows\system\UIaepxv.exe

Filesize
6.0MB

MD5
3bf947e36084297cfb553a72d66f10f4

SHA1
e06051792bcdae47f30f6cb08705eb52e4f6406c

SHA256
2908b7c744051e8e06fe5190561fed58ae2b11660af85a1548830d5fb34f62e5

SHA512
e1def52cbfd86f1a22aade4065fbcac1c3a40a106270f775dde09b0fd67c7c57746230967218d3304bec857206ab9f574e134b2c7ec4bd40cb3135d1a3da0d33

Download Submit
C:\Windows\system\XOUPMWc.exe

Filesize
6.0MB

MD5
1cba405ebe7c835a44f4f3b86d6eee71

SHA1
55ba32ceab393a25093b345062b57bcb08dc96b5

SHA256
3763ef67cbd186485dd69ed32628cd413947e570dbdba2e2e4bc09cadb9fbe6e

SHA512
390596cfa678b4f73e759dfbce547bc3fb18989090e021ef5d51413a5b6444005d2e3ea8fb4d7d06be84faaf72c8f516eb084a6e4d14252966438585c4f163ed

Download Submit
C:\Windows\system\ZcIreFu.exe

Filesize
6.0MB

MD5
825a8a88b0736800de78839998dad4c9

SHA1
129b931ac282d4581453172e847845598f63d29c

SHA256
21f2d5fb07c48141f5a028000e0ee3fb8a376dcc60a2bc5b6dece689742ce78e

SHA512
44a22874d35e7a63517efb57b78a34ee4df30b0635adde0dd97a8008614d0f7b9124a00eff6bcea4e2b0f4ea2a2c1760b0c6648c6d96751826ea75d98f3e5668

Download Submit
C:\Windows\system\bLEjyyJ.exe

Filesize
6.0MB

MD5
6f00824bed7891a968476f6fd862f6b6

SHA1
fcd1ff3ec32a830ac6711bc2483145dd02e5a4b4

SHA256
e8aacb342c5ba53599c0ef61b506ae14638cdabde7b53064a25f397a4838123b

SHA512
2fd717cf5e5f0da7c11c9d0aef0931dd3b8d0b2c4fc621cb2b0bbee004ac8ac494f0aa101176858f5c515442b52f73d94084571ea21f22c8665deac5c1cc49b2

Download Submit
C:\Windows\system\bZcNYoy.exe

Filesize
6.0MB

MD5
6adcd630590b8fce3b8ce54d232153ed

SHA1
38a4a750f458bb978c1a2370467afcb84da715d2

SHA256
bb34fb2b4ca39a1a21825b10d8724a3175ed061e6b4095f6d502cebd56e981b7

SHA512
c1fa34009ce4304d9cc96b6056db2b19ff5506d2c2687fb2c067b90a30256b0ad4bf322962e0b2badbd1643f674c5b8eb90cb54e1c4a0132799de28ca5a2a208

Download Submit
C:\Windows\system\fThrtAd.exe

Filesize
6.0MB

MD5
bb6fdbfae6313b2a1dc896c48d9fc4dd

SHA1
c1b17d62d1a745156ff6228a99796004dcb42516

SHA256
a08a85dfd97c9e26610f6dae56e598bc87c1ec01892b76c508dde17c7bd8a73f

SHA512
1fd8360927413effb2dc7df7f0c745072893e44dbaf9009cc04f7c2aa60090cdcad0cd7b58417a9e7794ddf1003796e6673152c71ae2962423b0df8e8ab26594

Download Submit
C:\Windows\system\jwBtHUw.exe

Filesize
6.0MB

MD5
046279ee018d58577dfc286d9f7d2341

SHA1
5ab41275925705f06e914aa8e1950064938d0036

SHA256
03ab2bbb37ba96ce9bd47e290fc75092229f03f3e86d3fd99cbe714c39dd89d0

SHA512
9d731a3a7a2a0e57159db03627a3c4cac45380ce78818595b3fa79a49b44e6c47fbd14c34b01e9cbf15d5300668a538f17dc4a786487188921b50e2cc5546e4f

Download Submit
C:\Windows\system\kzlPGFg.exe

Filesize
6.0MB

MD5
2d8aad279fd0578d92b14ba1dac52017

SHA1
783751b37143b133eec3b8b7c85bbf0f696303d4

SHA256
d8a947ce903cfb03f9194e17b6c535541665b2b613d9b3fa23f031de171f81d8

SHA512
cb8667fd340b8d093ba906ff4456cbdaa8e35607a52dfa29e390ba7b10a2d870d58256094c57cff79703b0c7a4b5303ac1abba122df080143c6ca318a0ee90f6

Download Submit
C:\Windows\system\nHAOerw.exe

Filesize
6.0MB

MD5
dd7e75fafe29f3e56e5c91fe0ca94601

SHA1
7d942aebeb5c0e26dc55740d7f8519a43e56d245

SHA256
9ca460171f079c65a8a55cd8a9b3731510ea2dfbe038f13c78d2918039668495

SHA512
a723229da380be0f7822cd02eba0ffff0b2661ff12875bf568a5b375bfd36407e4a4456a7412252a3f20c01476fbcfe1c8a603e6c971fcb46f5a82b102407a13

Download Submit
C:\Windows\system\qTXJfeW.exe

Filesize
6.0MB

MD5
97c1e1e69db17d5aa1c2d4273bddfd15

SHA1
69f8105a150160f5c7623f7bcaf1c2d6250da744

SHA256
9b4968bc91868a7fc5e3b12402f7a492e6f1097425d102d0161cb913d5b20363

SHA512
e07f0eb9986a6552d4103653ecae4d91759ca5c030965e00c82a95ecf063f5c2787e76ccab3daf675015bdf06928db7e906fc31e7efb2d56bfce5e6b495cbd75

Download Submit
C:\Windows\system\ujyZaFQ.exe

Filesize
6.0MB

MD5
b33567cbc974c04243347291d62f48b7

SHA1
0233129bcc6c47f83b0c3e36f5fe832cac0dbf07

SHA256
463638c069079a75a70386b233005080eb4cf55b8839d9bd53e9d24e9e65ca9a

SHA512
8dd1de79bb4f47f6d2f5cd64cf40efea18fd90efd749c35f6460eb34e3f60339052808551a85325d8135bbef03268d57d7e75c146b2e1b773983f604812ea9ef

Download Submit
C:\Windows\system\vdYpeMg.exe

Filesize
6.0MB

MD5
5f950fcfcd40a54b5e782a5f6f345a8f

SHA1
f379df15c13237c155cf4f2e008ee8a97f2a736b

SHA256
f48dece18c8af1d38c397a1cdf8c1d8637bfb4156e2da348a748bb643c4c44f6

SHA512
0a3fa749fba83671dd6e3c21819c64f5804b9d1a279661af0612b3254b05a7adf355e2d89c6d482f3a0e6d1f5187d0102b10fe506fd025fe467356ff49d6765c

Download Submit
C:\Windows\system\wOdVBpI.exe

Filesize
6.0MB

MD5
ff5e808a61a4b758dd3e730a2f06c86e

SHA1
451eca25ad4f1153b1953171f42b516b3fff03eb

SHA256
7c587c5980cfac6f838b33dd4049696c3684bd24f3dc8ee17b2d2c7b8b29aa48

SHA512
bdcd5e8dddda44b20034d97c8307a2d873e5b308aa04f8e96b3cf363fcf0bd53b5aa0077a03fee54a2ee8239efc9afd568d65771678484ed7e4765aaea298133

Download Submit
C:\Windows\system\yTEsxXk.exe

Filesize
6.0MB

MD5
ef7320b686af5131db89fcae861e0348

SHA1
fe447571a74219e5d35e5143b91f8dc86e63ae3a

SHA256
2aa8b2450d5621ce9bf82ef68dc0fd178af74a40c1091e88fd79d3a5a5a18c6f

SHA512
adb9b61df83102fadb50110229bfdd7cd78ba26c88bf7fe73e1b9965852b76ce73e37c17ebdf04b93093ed04ab64e2bf6bddb5c7b23bec44fbd80bad522943ca

Download Submit
C:\Windows\system\zRWDZHr.exe

Filesize
6.0MB

MD5
af43199d3c89cc2257c88197a2fc2685

SHA1
aa4031d1c73428c66ddac8260c85905b61ddc42d

SHA256
fabd924bccd1e9e7cb66955d593beb3c5decab93876380125955916d95dbdc62

SHA512
5d345e09ebf208f7e7d8dd4d23c5ebf566e6954c975ec90e6336aa0ca63342ca42331b166a258b5f831c7eb52e8f204daaea092236c483fb7837b50ac85a6138

Download Submit
\Windows\system\CYbEpsq.exe

Filesize
6.0MB

MD5
23f0528e22413f3a5f6e86f0c540fccb

SHA1
7a23a5984f717975974697ac57b2ea4fe383bf4f

SHA256
6745b11433906325d5207245ce5792ec9262666b4aaeff430977a227db0a8004

SHA512
80a4f339510d3c5d8a01b66e4b29043c3e0d7370c0cee1100617297f02aab046bc98bd1c57f8d63e97b2c50d0fa57fb04b28761b66b29eb2c7e7085613f859c7

Download Submit
\Windows\system\EtVpzSG.exe

Filesize
6.0MB

MD5
ae54d761c10cbe506baa8d53a05bed85

SHA1
a295ea0b76b174038c8cc5cf5fb76905111a1ed8

SHA256
b3ebf4997bdc4d8280798e483f130892ab5a8729fc603c24dce131cdf1472de0

SHA512
72a699d83f817b37d1b358deb1e4a3dd6c62ff0a598d36dc285e845ff96f1a6aa05e23e236d237b836fe6fdcb611e56be6cd079d5bd97dd306b8744da602a2f2

Download Submit
\Windows\system\KfgszCE.exe

Filesize
6.0MB

MD5
0f1c39902854ea4ecfb24b4180a17e91

SHA1
7652e4a970906c9947782a64aa8c6bb255e6988d

SHA256
a63e8b0234a6dab223d22dcc9601de5220c636a97294955c6aa1733bc7c4192d

SHA512
b6214448a614502cb347cba5a28a9912d5a25caeefb37609b1b319f24d7655770a86a88c896b809c25724ca96121f3825b75a1c565a204dcd8c2ccbc22ead529

Download Submit
\Windows\system\LlTHeQt.exe

Filesize
6.0MB

MD5
ff5500d65d2697d0b842c3eb9fee5131

SHA1
614d8841d92cb719128ff92a6435e9cfb43e1fd4

SHA256
42bd834310601e2c89056c8568e9ad4df194ae25960def9f0cc25229ba40bd3f

SHA512
d3b6692f34288c5fb2596587b032b2051c43986f7f106adffe1c44beba3ca67cf4b62f79931585adc56f64b2679045d3e5c8c0818b72b54e630dfb73eb7ed579

Download Submit
\Windows\system\LncUEHI.exe

Filesize
6.0MB

MD5
7673a8fa14bfd9570642c0ee958237c5

SHA1
5cb845f4974843e778af9893a7e002f21595d05b

SHA256
19e884eda9559e007162eb40daeef991ebac2506211c0f043878c9b93843ddf1

SHA512
5634d214bd6b553c775938012ee97ae13fc182d147f19490efa0ed15de2cef6ae7161760088f78f83913730b3003532a85a55f242d17b6337bb97747287faa08

Download Submit
\Windows\system\rpXEWWb.exe

Filesize
6.0MB

MD5
1f49fc8e9eca4a7e83f840fd9189d366

SHA1
100156b86c0b91a6262910cb7cda71968d59cfc6

SHA256
667794b1a156e55947aef86367d5e04aeef8384b9edc004bc0cae70bd97b5a79

SHA512
94196114aa297bcca039b0eeea89a1d9b71d6defb811f121768cb603daefc17d8afe29d0b3d17673c8b5f8697bec4dbe2482e62ff2d51554c7fc7403b638da24

Download Submit
memory/1048-452-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1048-107-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1654-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1064-89-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1064-1576-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1476-1247-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-82-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-74-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-162-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-1249-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-879-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2076-16-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2612-67-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1239-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2720-881-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-29-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-54-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1240-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2732-68-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2820-883-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2820-53-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2884-878-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2884-26-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2896-880-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-36-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-55-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-877-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2904-14-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2908-56-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2908-42-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2908-882-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2952-355-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2952-1653-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2952-94-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/3044-81-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/3044-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/3044-88-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/3044-106-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3044-0-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/3044-13-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3044-50-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/3044-451-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3044-52-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/3044-137-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/3044-41-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/3044-34-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-59-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/3044-72-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/3044-27-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-11-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/3044-25-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download