cobaltstrike | 038d64dc795fb639e07dc1f572b6c4269f50fd74d179ea4f48c6d9948e9a7787

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2f066d2f860166f21922d82797d1ef9a
SHA1

93b6ec53037117b42f6ae394dab8eccb6d7a360b
SHA256

038d64dc795fb639e07dc1f572b6c4269f50fd74d179ea4f48c6d9948e9a7787
SHA512

e8aeccd0701ed7fe48799a1e8022f6d06afeb9cb276f9cd248e1868f70d9f3eefff8bc33515151f12ea8562375a89b988bd6e25d0307d231be6cdd637c2cd1a4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\JANotVz.exe	cobalt_reflective_dll
C:\Windows\system\xOpPHvb.exe	cobalt_reflective_dll
\Windows\system\nAChilO.exe	cobalt_reflective_dll
\Windows\system\pnTWYSE.exe	cobalt_reflective_dll
\Windows\system\JNqzgyE.exe	cobalt_reflective_dll
\Windows\system\tXymagm.exe	cobalt_reflective_dll
C:\Windows\system\IvcPNDp.exe	cobalt_reflective_dll
\Windows\system\VvPjtGR.exe	cobalt_reflective_dll
\Windows\system\uQfvZIr.exe	cobalt_reflective_dll
C:\Windows\system\KlmDWBQ.exe	cobalt_reflective_dll
C:\Windows\system\PuJwyBp.exe	cobalt_reflective_dll
C:\Windows\system\wrCeasx.exe	cobalt_reflective_dll
C:\Windows\system\LZcxXaR.exe	cobalt_reflective_dll
C:\Windows\system\aqlYiMv.exe	cobalt_reflective_dll
\Windows\system\lognrTd.exe	cobalt_reflective_dll
C:\Windows\system\vpMBnFT.exe	cobalt_reflective_dll
C:\Windows\system\DrhCtuG.exe	cobalt_reflective_dll
C:\Windows\system\umTMulZ.exe	cobalt_reflective_dll
C:\Windows\system\eyhmDKZ.exe	cobalt_reflective_dll
C:\Windows\system\OLhcSiA.exe	cobalt_reflective_dll
C:\Windows\system\SeCiRNr.exe	cobalt_reflective_dll
C:\Windows\system\OMeewEN.exe	cobalt_reflective_dll
C:\Windows\system\ZGlJUbx.exe	cobalt_reflective_dll
C:\Windows\system\BnOPlJY.exe	cobalt_reflective_dll
C:\Windows\system\sFBBGCA.exe	cobalt_reflective_dll
C:\Windows\system\IlwhWBn.exe	cobalt_reflective_dll
C:\Windows\system\HdJcmYP.exe	cobalt_reflective_dll
C:\Windows\system\KKDTGKW.exe	cobalt_reflective_dll
C:\Windows\system\LuVAnLL.exe	cobalt_reflective_dll
C:\Windows\system\MWdnGYu.exe	cobalt_reflective_dll
C:\Windows\system\oXJvWhu.exe	cobalt_reflective_dll
C:\Windows\system\bbUhOFK.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2084-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
\Windows\system\JANotVz.exe	xmrig
C:\Windows\system\xOpPHvb.exe	xmrig
\Windows\system\nAChilO.exe	xmrig
\Windows\system\pnTWYSE.exe	xmrig
behavioral1/memory/2668-28-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
\Windows\system\JNqzgyE.exe	xmrig
behavioral1/memory/2764-33-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2960-17-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2864-25-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2288-15-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2084-9-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
\Windows\system\tXymagm.exe	xmrig
behavioral1/memory/2680-40-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
C:\Windows\system\IvcPNDp.exe	xmrig
behavioral1/memory/2084-45-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2084-48-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2808-49-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
\Windows\system\VvPjtGR.exe	xmrig
behavioral1/memory/2760-56-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2864-54-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
\Windows\system\uQfvZIr.exe	xmrig
behavioral1/memory/2764-69-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2572-71-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2748-63-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
C:\Windows\system\KlmDWBQ.exe	xmrig
behavioral1/memory/2084-82-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2536-85-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
C:\Windows\system\PuJwyBp.exe	xmrig
behavioral1/memory/1388-101-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
C:\Windows\system\wrCeasx.exe	xmrig
C:\Windows\system\LZcxXaR.exe	xmrig
C:\Windows\system\aqlYiMv.exe	xmrig
\Windows\system\lognrTd.exe	xmrig
behavioral1/memory/2572-228-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/1388-914-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/1020-721-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2536-578-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2696-384-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
C:\Windows\system\vpMBnFT.exe	xmrig
C:\Windows\system\DrhCtuG.exe	xmrig
C:\Windows\system\umTMulZ.exe	xmrig
C:\Windows\system\eyhmDKZ.exe	xmrig
C:\Windows\system\OLhcSiA.exe	xmrig
C:\Windows\system\SeCiRNr.exe	xmrig
C:\Windows\system\OMeewEN.exe	xmrig
C:\Windows\system\ZGlJUbx.exe	xmrig
C:\Windows\system\BnOPlJY.exe	xmrig
C:\Windows\system\sFBBGCA.exe	xmrig
C:\Windows\system\IlwhWBn.exe	xmrig
C:\Windows\system\HdJcmYP.exe	xmrig
C:\Windows\system\KKDTGKW.exe	xmrig
C:\Windows\system\LuVAnLL.exe	xmrig
behavioral1/memory/1020-93-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2760-92-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
C:\Windows\system\MWdnGYu.exe	xmrig
behavioral1/memory/2748-100-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
C:\Windows\system\oXJvWhu.exe	xmrig
behavioral1/memory/2696-78-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2680-77-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
C:\Windows\system\bbUhOFK.exe	xmrig
behavioral1/memory/2668-58-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2668-3251-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2960-3252-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

JANotVz.exexOpPHvb.exenAChilO.exepnTWYSE.exeJNqzgyE.exetXymagm.exeIvcPNDp.exeVvPjtGR.exeKlmDWBQ.exeuQfvZIr.exebbUhOFK.exePuJwyBp.exeMWdnGYu.exeoXJvWhu.exeKKDTGKW.exeLuVAnLL.exeHdJcmYP.exewrCeasx.exesFBBGCA.exeIlwhWBn.exeZGlJUbx.exeBnOPlJY.exeOMeewEN.exeLZcxXaR.exeSeCiRNr.exeaqlYiMv.exeumTMulZ.exeOLhcSiA.exelognrTd.exeeyhmDKZ.exevpMBnFT.exeDrhCtuG.exeeTngVbt.exeAozjDKh.exetAnYizv.exeOSmQEqF.exeugXMFon.exesRYUcwO.exeQLxwcmA.exeUHWkEfB.exeNOiuIKk.exeiuyyget.exebDCsZsi.exeDccOlWY.exeefsKCHj.exeEgYtVif.exeDqLWFmx.exeSsNUKFh.exexUEwuEb.exeeTJARUj.exeqLestOV.exeSgBFnwA.exeVgbYgzc.exeAsqJrji.exermBtrTL.exelvZDsDO.exeUDBChMf.exeoiqnqSj.exewRyYHNX.exepmQGDFA.exeHvmaWqj.exerOiiCUN.exeQJuwKkh.exekAMArVa.exe

pid	process
2288	JANotVz.exe
2960	xOpPHvb.exe
2864	nAChilO.exe
2668	pnTWYSE.exe
2764	JNqzgyE.exe
2680	tXymagm.exe
2808	IvcPNDp.exe
2760	VvPjtGR.exe
2748	KlmDWBQ.exe
2572	uQfvZIr.exe
2696	bbUhOFK.exe
2536	PuJwyBp.exe
1020	MWdnGYu.exe
1388	oXJvWhu.exe
1348	KKDTGKW.exe
1708	LuVAnLL.exe
1888	HdJcmYP.exe
1216	wrCeasx.exe
1728	sFBBGCA.exe
1884	IlwhWBn.exe
2876	ZGlJUbx.exe
2812	BnOPlJY.exe
1684	OMeewEN.exe
2196	LZcxXaR.exe
2388	SeCiRNr.exe
484	aqlYiMv.exe
964	umTMulZ.exe
1828	OLhcSiA.exe
1696	lognrTd.exe
696	eyhmDKZ.exe
1012	vpMBnFT.exe
2804	DrhCtuG.exe
1336	eTngVbt.exe
1524	AozjDKh.exe
1552	tAnYizv.exe
2556	OSmQEqF.exe
1208	ugXMFon.exe
1468	sRYUcwO.exe
1932	QLxwcmA.exe
1680	UHWkEfB.exe
920	NOiuIKk.exe
936	iuyyget.exe
2256	bDCsZsi.exe
2236	DccOlWY.exe
2088	efsKCHj.exe
3020	EgYtVif.exe
2332	DqLWFmx.exe
3064	SsNUKFh.exe
1860	xUEwuEb.exe
808	eTJARUj.exe
2888	qLestOV.exe
2340	SgBFnwA.exe
2284	VgbYgzc.exe
1516	AsqJrji.exe
1628	rmBtrTL.exe
2948	lvZDsDO.exe
2716	UDBChMf.exe
2728	oiqnqSj.exe
2436	wRyYHNX.exe
2600	pmQGDFA.exe
1488	HvmaWqj.exe
2608	rOiiCUN.exe
2824	QJuwKkh.exe
2628	kAMArVa.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2084-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
\Windows\system\JANotVz.exe	upx
C:\Windows\system\xOpPHvb.exe	upx
\Windows\system\nAChilO.exe	upx
\Windows\system\pnTWYSE.exe	upx
behavioral1/memory/2668-28-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
\Windows\system\JNqzgyE.exe	upx
behavioral1/memory/2764-33-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2960-17-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2864-25-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2288-15-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2084-9-0x000000013F600000-0x000000013F954000-memory.dmp	upx
\Windows\system\tXymagm.exe	upx
behavioral1/memory/2680-40-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
C:\Windows\system\IvcPNDp.exe	upx
behavioral1/memory/2084-45-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2808-49-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
\Windows\system\VvPjtGR.exe	upx
behavioral1/memory/2760-56-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2864-54-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
\Windows\system\uQfvZIr.exe	upx
behavioral1/memory/2764-69-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2572-71-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2748-63-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
C:\Windows\system\KlmDWBQ.exe	upx
behavioral1/memory/2536-85-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
C:\Windows\system\PuJwyBp.exe	upx
behavioral1/memory/1388-101-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
C:\Windows\system\wrCeasx.exe	upx
C:\Windows\system\LZcxXaR.exe	upx
C:\Windows\system\aqlYiMv.exe	upx
\Windows\system\lognrTd.exe	upx
behavioral1/memory/2572-228-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/1388-914-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/1020-721-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2536-578-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2696-384-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
C:\Windows\system\vpMBnFT.exe	upx
C:\Windows\system\DrhCtuG.exe	upx
C:\Windows\system\umTMulZ.exe	upx
C:\Windows\system\eyhmDKZ.exe	upx
C:\Windows\system\OLhcSiA.exe	upx
C:\Windows\system\SeCiRNr.exe	upx
C:\Windows\system\OMeewEN.exe	upx
C:\Windows\system\ZGlJUbx.exe	upx
C:\Windows\system\BnOPlJY.exe	upx
C:\Windows\system\sFBBGCA.exe	upx
C:\Windows\system\IlwhWBn.exe	upx
C:\Windows\system\HdJcmYP.exe	upx
C:\Windows\system\KKDTGKW.exe	upx
C:\Windows\system\LuVAnLL.exe	upx
behavioral1/memory/1020-93-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2760-92-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
C:\Windows\system\MWdnGYu.exe	upx
behavioral1/memory/2748-100-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
C:\Windows\system\oXJvWhu.exe	upx
behavioral1/memory/2696-78-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2680-77-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
C:\Windows\system\bbUhOFK.exe	upx
behavioral1/memory/2668-58-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2668-3251-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2960-3252-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2864-3273-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2764-3310-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\GTcXVSx.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXZovpJ.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kalyfqX.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEZnbKJ.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdWYsdM.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjjAxii.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMsOFNN.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyLhdzB.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKfjCgm.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMDcRjK.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrBOZNK.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcOCARO.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwcVSNT.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEmIfCY.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlbspdH.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGZULbN.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFOjALZ.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrYNqzA.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNYlTgV.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsltuuI.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtPskVp.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxdRsKW.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfwGSUY.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbcOzGk.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnarmXi.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRCPmvT.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\honzrWu.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAdFtTT.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFWnLZg.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBYeOGZ.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMOHgVz.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcdyFNU.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdoGjtk.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptjVyfl.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCEkHKk.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InqWaZB.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhFwSuE.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDZkZbm.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sccdRZL.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCKvaXv.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjBEnEl.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyQAPDG.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHnKrqO.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmgPtFm.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNIUPsM.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTqjRxx.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqWjxAW.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnROnlq.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATQYnFr.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbMStiD.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxVNpPC.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDhxnAU.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEoqMIs.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBaaIHG.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOFRReK.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEoxGze.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfqwXHM.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCVhQMp.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPdvwEl.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvYQUcJ.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLIfNgG.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPhAmdQ.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOYVyUA.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOUzBGR.exe	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2084 wrote to memory of 2288	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	JANotVz.exe
PID 2084 wrote to memory of 2288	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	JANotVz.exe
PID 2084 wrote to memory of 2288	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	JANotVz.exe
PID 2084 wrote to memory of 2960	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	xOpPHvb.exe
PID 2084 wrote to memory of 2960	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	xOpPHvb.exe
PID 2084 wrote to memory of 2960	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	xOpPHvb.exe
PID 2084 wrote to memory of 2864	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	nAChilO.exe
PID 2084 wrote to memory of 2864	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	nAChilO.exe
PID 2084 wrote to memory of 2864	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	nAChilO.exe
PID 2084 wrote to memory of 2668	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	pnTWYSE.exe
PID 2084 wrote to memory of 2668	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	pnTWYSE.exe
PID 2084 wrote to memory of 2668	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	pnTWYSE.exe
PID 2084 wrote to memory of 2764	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	JNqzgyE.exe
PID 2084 wrote to memory of 2764	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	JNqzgyE.exe
PID 2084 wrote to memory of 2764	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	JNqzgyE.exe
PID 2084 wrote to memory of 2680	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	tXymagm.exe
PID 2084 wrote to memory of 2680	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	tXymagm.exe
PID 2084 wrote to memory of 2680	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	tXymagm.exe
PID 2084 wrote to memory of 2808	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	IvcPNDp.exe
PID 2084 wrote to memory of 2808	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	IvcPNDp.exe
PID 2084 wrote to memory of 2808	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	IvcPNDp.exe
PID 2084 wrote to memory of 2760	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	VvPjtGR.exe
PID 2084 wrote to memory of 2760	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	VvPjtGR.exe
PID 2084 wrote to memory of 2760	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	VvPjtGR.exe
PID 2084 wrote to memory of 2748	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	KlmDWBQ.exe
PID 2084 wrote to memory of 2748	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	KlmDWBQ.exe
PID 2084 wrote to memory of 2748	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	KlmDWBQ.exe
PID 2084 wrote to memory of 2572	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	uQfvZIr.exe
PID 2084 wrote to memory of 2572	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	uQfvZIr.exe
PID 2084 wrote to memory of 2572	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	uQfvZIr.exe
PID 2084 wrote to memory of 2696	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	bbUhOFK.exe
PID 2084 wrote to memory of 2696	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	bbUhOFK.exe
PID 2084 wrote to memory of 2696	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	bbUhOFK.exe
PID 2084 wrote to memory of 2536	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	PuJwyBp.exe
PID 2084 wrote to memory of 2536	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	PuJwyBp.exe
PID 2084 wrote to memory of 2536	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	PuJwyBp.exe
PID 2084 wrote to memory of 1020	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	MWdnGYu.exe
PID 2084 wrote to memory of 1020	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	MWdnGYu.exe
PID 2084 wrote to memory of 1020	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	MWdnGYu.exe
PID 2084 wrote to memory of 1388	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	oXJvWhu.exe
PID 2084 wrote to memory of 1388	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	oXJvWhu.exe
PID 2084 wrote to memory of 1388	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	oXJvWhu.exe
PID 2084 wrote to memory of 1348	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	KKDTGKW.exe
PID 2084 wrote to memory of 1348	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	KKDTGKW.exe
PID 2084 wrote to memory of 1348	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	KKDTGKW.exe
PID 2084 wrote to memory of 1708	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	LuVAnLL.exe
PID 2084 wrote to memory of 1708	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	LuVAnLL.exe
PID 2084 wrote to memory of 1708	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	LuVAnLL.exe
PID 2084 wrote to memory of 1888	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	HdJcmYP.exe
PID 2084 wrote to memory of 1888	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	HdJcmYP.exe
PID 2084 wrote to memory of 1888	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	HdJcmYP.exe
PID 2084 wrote to memory of 1216	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	wrCeasx.exe
PID 2084 wrote to memory of 1216	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	wrCeasx.exe
PID 2084 wrote to memory of 1216	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	wrCeasx.exe
PID 2084 wrote to memory of 1728	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	sFBBGCA.exe
PID 2084 wrote to memory of 1728	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	sFBBGCA.exe
PID 2084 wrote to memory of 1728	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	sFBBGCA.exe
PID 2084 wrote to memory of 1884	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	IlwhWBn.exe
PID 2084 wrote to memory of 1884	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	IlwhWBn.exe
PID 2084 wrote to memory of 1884	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	IlwhWBn.exe
PID 2084 wrote to memory of 2876	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	ZGlJUbx.exe
PID 2084 wrote to memory of 2876	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	ZGlJUbx.exe
PID 2084 wrote to memory of 2876	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	ZGlJUbx.exe
PID 2084 wrote to memory of 2812	2084	2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe	BnOPlJY.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-26_2f066d2f860166f21922d82797d1ef9a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\System\JANotVz.exe
  C:\Windows\System\JANotVz.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\xOpPHvb.exe
  C:\Windows\System\xOpPHvb.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\nAChilO.exe
  C:\Windows\System\nAChilO.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\pnTWYSE.exe
  C:\Windows\System\pnTWYSE.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\JNqzgyE.exe
  C:\Windows\System\JNqzgyE.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\tXymagm.exe
  C:\Windows\System\tXymagm.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\IvcPNDp.exe
  C:\Windows\System\IvcPNDp.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\VvPjtGR.exe
  C:\Windows\System\VvPjtGR.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\KlmDWBQ.exe
  C:\Windows\System\KlmDWBQ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\uQfvZIr.exe
  C:\Windows\System\uQfvZIr.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\bbUhOFK.exe
  C:\Windows\System\bbUhOFK.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\PuJwyBp.exe
  C:\Windows\System\PuJwyBp.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\MWdnGYu.exe
  C:\Windows\System\MWdnGYu.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\oXJvWhu.exe
  C:\Windows\System\oXJvWhu.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\KKDTGKW.exe
  C:\Windows\System\KKDTGKW.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\LuVAnLL.exe
  C:\Windows\System\LuVAnLL.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\HdJcmYP.exe
  C:\Windows\System\HdJcmYP.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\wrCeasx.exe
  C:\Windows\System\wrCeasx.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\sFBBGCA.exe
  C:\Windows\System\sFBBGCA.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\IlwhWBn.exe
  C:\Windows\System\IlwhWBn.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\ZGlJUbx.exe
  C:\Windows\System\ZGlJUbx.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\BnOPlJY.exe
  C:\Windows\System\BnOPlJY.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\OMeewEN.exe
  C:\Windows\System\OMeewEN.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\LZcxXaR.exe
  C:\Windows\System\LZcxXaR.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\SeCiRNr.exe
  C:\Windows\System\SeCiRNr.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\aqlYiMv.exe
  C:\Windows\System\aqlYiMv.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\umTMulZ.exe
  C:\Windows\System\umTMulZ.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\OLhcSiA.exe
  C:\Windows\System\OLhcSiA.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\lognrTd.exe
  C:\Windows\System\lognrTd.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\eyhmDKZ.exe
  C:\Windows\System\eyhmDKZ.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\vpMBnFT.exe
  C:\Windows\System\vpMBnFT.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\DrhCtuG.exe
  C:\Windows\System\DrhCtuG.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\eTngVbt.exe
  C:\Windows\System\eTngVbt.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\AozjDKh.exe
  C:\Windows\System\AozjDKh.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\tAnYizv.exe
  C:\Windows\System\tAnYizv.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\OSmQEqF.exe
  C:\Windows\System\OSmQEqF.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\ugXMFon.exe
  C:\Windows\System\ugXMFon.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\sRYUcwO.exe
  C:\Windows\System\sRYUcwO.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\QLxwcmA.exe
  C:\Windows\System\QLxwcmA.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\UHWkEfB.exe
  C:\Windows\System\UHWkEfB.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\NOiuIKk.exe
  C:\Windows\System\NOiuIKk.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\iuyyget.exe
  C:\Windows\System\iuyyget.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\bDCsZsi.exe
  C:\Windows\System\bDCsZsi.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\DccOlWY.exe
  C:\Windows\System\DccOlWY.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\efsKCHj.exe
  C:\Windows\System\efsKCHj.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\EgYtVif.exe
  C:\Windows\System\EgYtVif.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\DqLWFmx.exe
  C:\Windows\System\DqLWFmx.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\SsNUKFh.exe
  C:\Windows\System\SsNUKFh.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\xUEwuEb.exe
  C:\Windows\System\xUEwuEb.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\eTJARUj.exe
  C:\Windows\System\eTJARUj.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\qLestOV.exe
  C:\Windows\System\qLestOV.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\SgBFnwA.exe
  C:\Windows\System\SgBFnwA.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\VgbYgzc.exe
  C:\Windows\System\VgbYgzc.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\AsqJrji.exe
  C:\Windows\System\AsqJrji.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\rmBtrTL.exe
  C:\Windows\System\rmBtrTL.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\lvZDsDO.exe
  C:\Windows\System\lvZDsDO.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\UDBChMf.exe
  C:\Windows\System\UDBChMf.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\oiqnqSj.exe
  C:\Windows\System\oiqnqSj.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\wRyYHNX.exe
  C:\Windows\System\wRyYHNX.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\pmQGDFA.exe
  C:\Windows\System\pmQGDFA.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\HvmaWqj.exe
  C:\Windows\System\HvmaWqj.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\rOiiCUN.exe
  C:\Windows\System\rOiiCUN.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\QJuwKkh.exe
  C:\Windows\System\QJuwKkh.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\kAMArVa.exe
  C:\Windows\System\kAMArVa.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\BawmhRA.exe
  C:\Windows\System\BawmhRA.exe
  2⤵
  PID:1712
- C:\Windows\System\DXWidTL.exe
  C:\Windows\System\DXWidTL.exe
  2⤵
  PID:1152
- C:\Windows\System\DwnAMvj.exe
  C:\Windows\System\DwnAMvj.exe
  2⤵
  PID:2400
- C:\Windows\System\wwUMczt.exe
  C:\Windows\System\wwUMczt.exe
  2⤵
  PID:1624
- C:\Windows\System\yTkOQmW.exe
  C:\Windows\System\yTkOQmW.exe
  2⤵
  PID:1044
- C:\Windows\System\orCCOZf.exe
  C:\Windows\System\orCCOZf.exe
  2⤵
  PID:840
- C:\Windows\System\xOohWEg.exe
  C:\Windows\System\xOohWEg.exe
  2⤵
  PID:1420
- C:\Windows\System\YhuKzit.exe
  C:\Windows\System\YhuKzit.exe
  2⤵
  PID:2240
- C:\Windows\System\rYVkrlq.exe
  C:\Windows\System\rYVkrlq.exe
  2⤵
  PID:292
- C:\Windows\System\vpJvqWB.exe
  C:\Windows\System\vpJvqWB.exe
  2⤵
  PID:408
- C:\Windows\System\SUSpOjh.exe
  C:\Windows\System\SUSpOjh.exe
  2⤵
  PID:1092
- C:\Windows\System\XSqUeCb.exe
  C:\Windows\System\XSqUeCb.exe
  2⤵
  PID:1540
- C:\Windows\System\EYOKJjR.exe
  C:\Windows\System\EYOKJjR.exe
  2⤵
  PID:280
- C:\Windows\System\vTgixMP.exe
  C:\Windows\System\vTgixMP.exe
  2⤵
  PID:968
- C:\Windows\System\TQBUGlQ.exe
  C:\Windows\System\TQBUGlQ.exe
  2⤵
  PID:908
- C:\Windows\System\NfNflML.exe
  C:\Windows\System\NfNflML.exe
  2⤵
  PID:2272
- C:\Windows\System\OwQrQKv.exe
  C:\Windows\System\OwQrQKv.exe
  2⤵
  PID:1224
- C:\Windows\System\yGhlzDm.exe
  C:\Windows\System\yGhlzDm.exe
  2⤵
  PID:2424
- C:\Windows\System\iYzUdBU.exe
  C:\Windows\System\iYzUdBU.exe
  2⤵
  PID:1596
- C:\Windows\System\LpHkttx.exe
  C:\Windows\System\LpHkttx.exe
  2⤵
  PID:2348
- C:\Windows\System\GdoGjtk.exe
  C:\Windows\System\GdoGjtk.exe
  2⤵
  PID:1676
- C:\Windows\System\qTLRGko.exe
  C:\Windows\System\qTLRGko.exe
  2⤵
  PID:2776
- C:\Windows\System\vNAsLsw.exe
  C:\Windows\System\vNAsLsw.exe
  2⤵
  PID:2404
- C:\Windows\System\LNdjQQD.exe
  C:\Windows\System\LNdjQQD.exe
  2⤵
  PID:2492
- C:\Windows\System\eADDobp.exe
  C:\Windows\System\eADDobp.exe
  2⤵
  PID:1996
- C:\Windows\System\RlULzpr.exe
  C:\Windows\System\RlULzpr.exe
  2⤵
  PID:3048
- C:\Windows\System\vFRQneO.exe
  C:\Windows\System\vFRQneO.exe
  2⤵
  PID:2380
- C:\Windows\System\RpLXAOy.exe
  C:\Windows\System\RpLXAOy.exe
  2⤵
  PID:2508
- C:\Windows\System\SooWNEi.exe
  C:\Windows\System\SooWNEi.exe
  2⤵
  PID:2700
- C:\Windows\System\lQGEEEe.exe
  C:\Windows\System\lQGEEEe.exe
  2⤵
  PID:2784
- C:\Windows\System\hJngcfs.exe
  C:\Windows\System\hJngcfs.exe
  2⤵
  PID:2740
- C:\Windows\System\UNgbusK.exe
  C:\Windows\System\UNgbusK.exe
  2⤵
  PID:2584
- C:\Windows\System\JZpMBkV.exe
  C:\Windows\System\JZpMBkV.exe
  2⤵
  PID:2416
- C:\Windows\System\NOwiFxa.exe
  C:\Windows\System\NOwiFxa.exe
  2⤵
  PID:2704
- C:\Windows\System\wFpakgA.exe
  C:\Windows\System\wFpakgA.exe
  2⤵
  PID:1820
- C:\Windows\System\vDaCcQj.exe
  C:\Windows\System\vDaCcQj.exe
  2⤵
  PID:2968
- C:\Windows\System\tGaMdNR.exe
  C:\Windows\System\tGaMdNR.exe
  2⤵
  PID:1692
- C:\Windows\System\dVYKEnb.exe
  C:\Windows\System\dVYKEnb.exe
  2⤵
  PID:1544
- C:\Windows\System\ScCvjTV.exe
  C:\Windows\System\ScCvjTV.exe
  2⤵
  PID:2756
- C:\Windows\System\zOFHuBi.exe
  C:\Windows\System\zOFHuBi.exe
  2⤵
  PID:1732
- C:\Windows\System\XwKoLFA.exe
  C:\Windows\System\XwKoLFA.exe
  2⤵
  PID:2440
- C:\Windows\System\hWODfAj.exe
  C:\Windows\System\hWODfAj.exe
  2⤵
  PID:3056
- C:\Windows\System\YTiCgzL.exe
  C:\Windows\System\YTiCgzL.exe
  2⤵
  PID:2664
- C:\Windows\System\bKyqWbI.exe
  C:\Windows\System\bKyqWbI.exe
  2⤵
  PID:1400
- C:\Windows\System\pahJJxM.exe
  C:\Windows\System\pahJJxM.exe
  2⤵
  PID:2428
- C:\Windows\System\EHBdCdm.exe
  C:\Windows\System\EHBdCdm.exe
  2⤵
  PID:112
- C:\Windows\System\SFdFJHP.exe
  C:\Windows\System\SFdFJHP.exe
  2⤵
  PID:1508
- C:\Windows\System\VEARAyA.exe
  C:\Windows\System\VEARAyA.exe
  2⤵
  PID:680
- C:\Windows\System\yLmSvrv.exe
  C:\Windows\System\yLmSvrv.exe
  2⤵
  PID:1976
- C:\Windows\System\gDBVuUR.exe
  C:\Windows\System\gDBVuUR.exe
  2⤵
  PID:2848
- C:\Windows\System\gUQDonm.exe
  C:\Windows\System\gUQDonm.exe
  2⤵
  PID:352
- C:\Windows\System\AUniBqG.exe
  C:\Windows\System\AUniBqG.exe
  2⤵
  PID:2500
- C:\Windows\System\rrwCpxK.exe
  C:\Windows\System\rrwCpxK.exe
  2⤵
  PID:1916
- C:\Windows\System\MliOjvi.exe
  C:\Windows\System\MliOjvi.exe
  2⤵
  PID:2868
- C:\Windows\System\BRnksvs.exe
  C:\Windows\System\BRnksvs.exe
  2⤵
  PID:2688
- C:\Windows\System\RUKZyPl.exe
  C:\Windows\System\RUKZyPl.exe
  2⤵
  PID:804
- C:\Windows\System\JzPHBOo.exe
  C:\Windows\System\JzPHBOo.exe
  2⤵
  PID:1448
- C:\Windows\System\ZsCUigr.exe
  C:\Windows\System\ZsCUigr.exe
  2⤵
  PID:1776
- C:\Windows\System\WLGGmij.exe
  C:\Windows\System\WLGGmij.exe
  2⤵
  PID:860
- C:\Windows\System\oenPShk.exe
  C:\Windows\System\oenPShk.exe
  2⤵
  PID:836
- C:\Windows\System\XQecYpB.exe
  C:\Windows\System\XQecYpB.exe
  2⤵
  PID:548
- C:\Windows\System\KeUZpds.exe
  C:\Windows\System\KeUZpds.exe
  2⤵
  PID:2996
- C:\Windows\System\pIwKOyi.exe
  C:\Windows\System\pIwKOyi.exe
  2⤵
  PID:2956
- C:\Windows\System\HdZrvjq.exe
  C:\Windows\System\HdZrvjq.exe
  2⤵
  PID:3088
- C:\Windows\System\msdAFYl.exe
  C:\Windows\System\msdAFYl.exe
  2⤵
  PID:3108
- C:\Windows\System\rKrVQIx.exe
  C:\Windows\System\rKrVQIx.exe
  2⤵
  PID:3128
- C:\Windows\System\deNmyvS.exe
  C:\Windows\System\deNmyvS.exe
  2⤵
  PID:3152
- C:\Windows\System\EqfUsee.exe
  C:\Windows\System\EqfUsee.exe
  2⤵
  PID:3172
- C:\Windows\System\XcNEqvP.exe
  C:\Windows\System\XcNEqvP.exe
  2⤵
  PID:3192
- C:\Windows\System\ofBcihk.exe
  C:\Windows\System\ofBcihk.exe
  2⤵
  PID:3208
- C:\Windows\System\bBCFXNz.exe
  C:\Windows\System\bBCFXNz.exe
  2⤵
  PID:3228
- C:\Windows\System\zpkFSfL.exe
  C:\Windows\System\zpkFSfL.exe
  2⤵
  PID:3248
- C:\Windows\System\pATnXTZ.exe
  C:\Windows\System\pATnXTZ.exe
  2⤵
  PID:3268
- C:\Windows\System\EwbmQZl.exe
  C:\Windows\System\EwbmQZl.exe
  2⤵
  PID:3288
- C:\Windows\System\dPElDKe.exe
  C:\Windows\System\dPElDKe.exe
  2⤵
  PID:3312
- C:\Windows\System\fqQVVbu.exe
  C:\Windows\System\fqQVVbu.exe
  2⤵
  PID:3332
- C:\Windows\System\zBjpgbX.exe
  C:\Windows\System\zBjpgbX.exe
  2⤵
  PID:3352
- C:\Windows\System\nUeaImo.exe
  C:\Windows\System\nUeaImo.exe
  2⤵
  PID:3368
- C:\Windows\System\cbZalfC.exe
  C:\Windows\System\cbZalfC.exe
  2⤵
  PID:3388
- C:\Windows\System\JPuRVCi.exe
  C:\Windows\System\JPuRVCi.exe
  2⤵
  PID:3408
- C:\Windows\System\SwyVgWL.exe
  C:\Windows\System\SwyVgWL.exe
  2⤵
  PID:3428
- C:\Windows\System\UXhCaRe.exe
  C:\Windows\System\UXhCaRe.exe
  2⤵
  PID:3448
- C:\Windows\System\wyCPkYf.exe
  C:\Windows\System\wyCPkYf.exe
  2⤵
  PID:3472
- C:\Windows\System\rdtYLoX.exe
  C:\Windows\System\rdtYLoX.exe
  2⤵
  PID:3488
- C:\Windows\System\yqPujUm.exe
  C:\Windows\System\yqPujUm.exe
  2⤵
  PID:3512
- C:\Windows\System\thDNGZA.exe
  C:\Windows\System\thDNGZA.exe
  2⤵
  PID:3528
- C:\Windows\System\ADYziwv.exe
  C:\Windows\System\ADYziwv.exe
  2⤵
  PID:3548
- C:\Windows\System\vPaxuvL.exe
  C:\Windows\System\vPaxuvL.exe
  2⤵
  PID:3568
- C:\Windows\System\gWthJUn.exe
  C:\Windows\System\gWthJUn.exe
  2⤵
  PID:3596
- C:\Windows\System\wbqmWSS.exe
  C:\Windows\System\wbqmWSS.exe
  2⤵
  PID:3612
- C:\Windows\System\LjjzUoC.exe
  C:\Windows\System\LjjzUoC.exe
  2⤵
  PID:3636
- C:\Windows\System\BAEctSh.exe
  C:\Windows\System\BAEctSh.exe
  2⤵
  PID:3656
- C:\Windows\System\qrkvgCG.exe
  C:\Windows\System\qrkvgCG.exe
  2⤵
  PID:3676
- C:\Windows\System\crprxZg.exe
  C:\Windows\System\crprxZg.exe
  2⤵
  PID:3692
- C:\Windows\System\hFIIMGa.exe
  C:\Windows\System\hFIIMGa.exe
  2⤵
  PID:3720
- C:\Windows\System\VRTMJXl.exe
  C:\Windows\System\VRTMJXl.exe
  2⤵
  PID:3736
- C:\Windows\System\NcZmRku.exe
  C:\Windows\System\NcZmRku.exe
  2⤵
  PID:3756
- C:\Windows\System\tnlVNMM.exe
  C:\Windows\System\tnlVNMM.exe
  2⤵
  PID:3780
- C:\Windows\System\OJWoLiA.exe
  C:\Windows\System\OJWoLiA.exe
  2⤵
  PID:3800
- C:\Windows\System\uZIoTNI.exe
  C:\Windows\System\uZIoTNI.exe
  2⤵
  PID:3820
- C:\Windows\System\DqFkFaB.exe
  C:\Windows\System\DqFkFaB.exe
  2⤵
  PID:3840
- C:\Windows\System\wKeeHHs.exe
  C:\Windows\System\wKeeHHs.exe
  2⤵
  PID:3860
- C:\Windows\System\ddVkyzC.exe
  C:\Windows\System\ddVkyzC.exe
  2⤵
  PID:3880
- C:\Windows\System\ekzSiki.exe
  C:\Windows\System\ekzSiki.exe
  2⤵
  PID:3896
- C:\Windows\System\VmEYwiQ.exe
  C:\Windows\System\VmEYwiQ.exe
  2⤵
  PID:3916
- C:\Windows\System\McTQQHa.exe
  C:\Windows\System\McTQQHa.exe
  2⤵
  PID:3936
- C:\Windows\System\AuHUMKX.exe
  C:\Windows\System\AuHUMKX.exe
  2⤵
  PID:3956
- C:\Windows\System\QBdxrPQ.exe
  C:\Windows\System\QBdxrPQ.exe
  2⤵
  PID:3976
- C:\Windows\System\MdbYKuf.exe
  C:\Windows\System\MdbYKuf.exe
  2⤵
  PID:3996
- C:\Windows\System\ZScCaKR.exe
  C:\Windows\System\ZScCaKR.exe
  2⤵
  PID:4016
- C:\Windows\System\xwIyrqe.exe
  C:\Windows\System\xwIyrqe.exe
  2⤵
  PID:4036
- C:\Windows\System\TvvhCMt.exe
  C:\Windows\System\TvvhCMt.exe
  2⤵
  PID:4056
- C:\Windows\System\szfGowz.exe
  C:\Windows\System\szfGowz.exe
  2⤵
  PID:4076
- C:\Windows\System\JVtzFdN.exe
  C:\Windows\System\JVtzFdN.exe
  2⤵
  PID:2612
- C:\Windows\System\JfrSJFS.exe
  C:\Windows\System\JfrSJFS.exe
  2⤵
  PID:2548
- C:\Windows\System\CFcurit.exe
  C:\Windows\System\CFcurit.exe
  2⤵
  PID:1036
- C:\Windows\System\lMWsgkb.exe
  C:\Windows\System\lMWsgkb.exe
  2⤵
  PID:2560
- C:\Windows\System\NHgQXpe.exe
  C:\Windows\System\NHgQXpe.exe
  2⤵
  PID:1352
- C:\Windows\System\PNIgMql.exe
  C:\Windows\System\PNIgMql.exe
  2⤵
  PID:316
- C:\Windows\System\FfEjdox.exe
  C:\Windows\System\FfEjdox.exe
  2⤵
  PID:1892
- C:\Windows\System\PTTKtSI.exe
  C:\Windows\System\PTTKtSI.exe
  2⤵
  PID:872
- C:\Windows\System\NVGpvld.exe
  C:\Windows\System\NVGpvld.exe
  2⤵
  PID:3136
- C:\Windows\System\sJLAmsq.exe
  C:\Windows\System\sJLAmsq.exe
  2⤵
  PID:3084
- C:\Windows\System\wHVAYgI.exe
  C:\Windows\System\wHVAYgI.exe
  2⤵
  PID:3180
- C:\Windows\System\vsGCABJ.exe
  C:\Windows\System\vsGCABJ.exe
  2⤵
  PID:3220
- C:\Windows\System\DnRGXpk.exe
  C:\Windows\System\DnRGXpk.exe
  2⤵
  PID:3168
- C:\Windows\System\jhfBpPn.exe
  C:\Windows\System\jhfBpPn.exe
  2⤵
  PID:3304
- C:\Windows\System\FgSdMOs.exe
  C:\Windows\System\FgSdMOs.exe
  2⤵
  PID:2352
- C:\Windows\System\tTVZoVa.exe
  C:\Windows\System\tTVZoVa.exe
  2⤵
  PID:3376
- C:\Windows\System\nkIbEZg.exe
  C:\Windows\System\nkIbEZg.exe
  2⤵
  PID:3320
- C:\Windows\System\TjuQiGf.exe
  C:\Windows\System\TjuQiGf.exe
  2⤵
  PID:3364
- C:\Windows\System\lANuSYY.exe
  C:\Windows\System\lANuSYY.exe
  2⤵
  PID:3464
- C:\Windows\System\WMjuRxe.exe
  C:\Windows\System\WMjuRxe.exe
  2⤵
  PID:3404
- C:\Windows\System\ycOTQDR.exe
  C:\Windows\System\ycOTQDR.exe
  2⤵
  PID:3500
- C:\Windows\System\jZHjPAO.exe
  C:\Windows\System\jZHjPAO.exe
  2⤵
  PID:3480
- C:\Windows\System\OwivGYn.exe
  C:\Windows\System\OwivGYn.exe
  2⤵
  PID:3576
- C:\Windows\System\cgqPyQn.exe
  C:\Windows\System\cgqPyQn.exe
  2⤵
  PID:3584
- C:\Windows\System\kmhtckc.exe
  C:\Windows\System\kmhtckc.exe
  2⤵
  PID:3620
- C:\Windows\System\uZSgCNM.exe
  C:\Windows\System\uZSgCNM.exe
  2⤵
  PID:3608
- C:\Windows\System\lThckuM.exe
  C:\Windows\System\lThckuM.exe
  2⤵
  PID:3700
- C:\Windows\System\VVskxrD.exe
  C:\Windows\System\VVskxrD.exe
  2⤵
  PID:3712
- C:\Windows\System\gJScZbu.exe
  C:\Windows\System\gJScZbu.exe
  2⤵
  PID:3768
- C:\Windows\System\WDkBrkR.exe
  C:\Windows\System\WDkBrkR.exe
  2⤵
  PID:3792
- C:\Windows\System\txPMOte.exe
  C:\Windows\System\txPMOte.exe
  2⤵
  PID:3772
- C:\Windows\System\yMWMART.exe
  C:\Windows\System\yMWMART.exe
  2⤵
  PID:3812
- C:\Windows\System\IrBoZBn.exe
  C:\Windows\System\IrBoZBn.exe
  2⤵
  PID:3904
- C:\Windows\System\oLANJIj.exe
  C:\Windows\System\oLANJIj.exe
  2⤵
  PID:3888
- C:\Windows\System\xPhahSu.exe
  C:\Windows\System\xPhahSu.exe
  2⤵
  PID:3988
- C:\Windows\System\BfvyQfJ.exe
  C:\Windows\System\BfvyQfJ.exe
  2⤵
  PID:4024
- C:\Windows\System\lXMTNxU.exe
  C:\Windows\System\lXMTNxU.exe
  2⤵
  PID:4028
- C:\Windows\System\XtNgrdy.exe
  C:\Windows\System\XtNgrdy.exe
  2⤵
  PID:4008
- C:\Windows\System\uobqOyM.exe
  C:\Windows\System\uobqOyM.exe
  2⤵
  PID:2656
- C:\Windows\System\WEaZDnC.exe
  C:\Windows\System\WEaZDnC.exe
  2⤵
  PID:4092
- C:\Windows\System\lTExWpL.exe
  C:\Windows\System\lTExWpL.exe
  2⤵
  PID:1428
- C:\Windows\System\GIRbzmr.exe
  C:\Windows\System\GIRbzmr.exe
  2⤵
  PID:1108
- C:\Windows\System\RbeTpfD.exe
  C:\Windows\System\RbeTpfD.exe
  2⤵
  PID:2692
- C:\Windows\System\VsAlwUz.exe
  C:\Windows\System\VsAlwUz.exe
  2⤵
  PID:2660
- C:\Windows\System\pPytAFB.exe
  C:\Windows\System\pPytAFB.exe
  2⤵
  PID:3000
- C:\Windows\System\apDOupv.exe
  C:\Windows\System\apDOupv.exe
  2⤵
  PID:3224
- C:\Windows\System\UIeAkOW.exe
  C:\Windows\System\UIeAkOW.exe
  2⤵
  PID:3260
- C:\Windows\System\KzopESH.exe
  C:\Windows\System\KzopESH.exe
  2⤵
  PID:3300
- C:\Windows\System\ZGebhHp.exe
  C:\Windows\System\ZGebhHp.exe
  2⤵
  PID:3344
- C:\Windows\System\ATAtHsi.exe
  C:\Windows\System\ATAtHsi.exe
  2⤵
  PID:3360
- C:\Windows\System\ZrhFhIO.exe
  C:\Windows\System\ZrhFhIO.exe
  2⤵
  PID:1536
- C:\Windows\System\kBxImpP.exe
  C:\Windows\System\kBxImpP.exe
  2⤵
  PID:3456
- C:\Windows\System\APlgZXR.exe
  C:\Windows\System\APlgZXR.exe
  2⤵
  PID:3444
- C:\Windows\System\xcOyjNz.exe
  C:\Windows\System\xcOyjNz.exe
  2⤵
  PID:2796
- C:\Windows\System\TUBcujX.exe
  C:\Windows\System\TUBcujX.exe
  2⤵
  PID:3604
- C:\Windows\System\toIxBbh.exe
  C:\Windows\System\toIxBbh.exe
  2⤵
  PID:3684
- C:\Windows\System\hFjIafT.exe
  C:\Windows\System\hFjIafT.exe
  2⤵
  PID:3644
- C:\Windows\System\DrnJVBN.exe
  C:\Windows\System\DrnJVBN.exe
  2⤵
  PID:3788
- C:\Windows\System\OQfxPBl.exe
  C:\Windows\System\OQfxPBl.exe
  2⤵
  PID:3876
- C:\Windows\System\yasiDts.exe
  C:\Windows\System\yasiDts.exe
  2⤵
  PID:1836
- C:\Windows\System\XlNFtiR.exe
  C:\Windows\System\XlNFtiR.exe
  2⤵
  PID:3952
- C:\Windows\System\mQpwNYM.exe
  C:\Windows\System\mQpwNYM.exe
  2⤵
  PID:3592
- C:\Windows\System\oAnVGng.exe
  C:\Windows\System\oAnVGng.exe
  2⤵
  PID:3968
- C:\Windows\System\MjyUjQT.exe
  C:\Windows\System\MjyUjQT.exe
  2⤵
  PID:1200
- C:\Windows\System\paFABjf.exe
  C:\Windows\System\paFABjf.exe
  2⤵
  PID:1304
- C:\Windows\System\ltSlyLX.exe
  C:\Windows\System\ltSlyLX.exe
  2⤵
  PID:1896
- C:\Windows\System\WGPjMJP.exe
  C:\Windows\System\WGPjMJP.exe
  2⤵
  PID:2580
- C:\Windows\System\WTbeHLh.exe
  C:\Windows\System\WTbeHLh.exe
  2⤵
  PID:3296
- C:\Windows\System\YBJUKqO.exe
  C:\Windows\System\YBJUKqO.exe
  2⤵
  PID:1176
- C:\Windows\System\WKPOXLG.exe
  C:\Windows\System\WKPOXLG.exe
  2⤵
  PID:3256
- C:\Windows\System\fpFINuc.exe
  C:\Windows\System\fpFINuc.exe
  2⤵
  PID:3424
- C:\Windows\System\iclLHkM.exe
  C:\Windows\System\iclLHkM.exe
  2⤵
  PID:3236
- C:\Windows\System\sxHWCAB.exe
  C:\Windows\System\sxHWCAB.exe
  2⤵
  PID:3520
- C:\Windows\System\ptzlPrG.exe
  C:\Windows\System\ptzlPrG.exe
  2⤵
  PID:3484
- C:\Windows\System\locgyph.exe
  C:\Windows\System\locgyph.exe
  2⤵
  PID:3848
- C:\Windows\System\VjqPUqs.exe
  C:\Windows\System\VjqPUqs.exe
  2⤵
  PID:3436
- C:\Windows\System\oBLwcQv.exe
  C:\Windows\System\oBLwcQv.exe
  2⤵
  PID:3808
- C:\Windows\System\eudhvDR.exe
  C:\Windows\System\eudhvDR.exe
  2⤵
  PID:3928
- C:\Windows\System\OqXPyGb.exe
  C:\Windows\System\OqXPyGb.exe
  2⤵
  PID:3852
- C:\Windows\System\IjmjLlz.exe
  C:\Windows\System\IjmjLlz.exe
  2⤵
  PID:4072
- C:\Windows\System\GxVNpPC.exe
  C:\Windows\System\GxVNpPC.exe
  2⤵
  PID:2624
- C:\Windows\System\UfwNqDa.exe
  C:\Windows\System\UfwNqDa.exe
  2⤵
  PID:3100
- C:\Windows\System\HmoFgNa.exe
  C:\Windows\System\HmoFgNa.exe
  2⤵
  PID:2788
- C:\Windows\System\lykHtcn.exe
  C:\Windows\System\lykHtcn.exe
  2⤵
  PID:3204
- C:\Windows\System\kSVbycD.exe
  C:\Windows\System\kSVbycD.exe
  2⤵
  PID:3536
- C:\Windows\System\AClaOON.exe
  C:\Windows\System\AClaOON.exe
  2⤵
  PID:3348
- C:\Windows\System\PWVRTtJ.exe
  C:\Windows\System\PWVRTtJ.exe
  2⤵
  PID:3668
- C:\Windows\System\lZbNNXB.exe
  C:\Windows\System\lZbNNXB.exe
  2⤵
  PID:3748
- C:\Windows\System\DmoXMos.exe
  C:\Windows\System\DmoXMos.exe
  2⤵
  PID:4068
- C:\Windows\System\fCpTZhZ.exe
  C:\Windows\System\fCpTZhZ.exe
  2⤵
  PID:3868
- C:\Windows\System\jUQVZgm.exe
  C:\Windows\System\jUQVZgm.exe
  2⤵
  PID:4108
- C:\Windows\System\CHmGzIR.exe
  C:\Windows\System\CHmGzIR.exe
  2⤵
  PID:4132
- C:\Windows\System\vjgkSSv.exe
  C:\Windows\System\vjgkSSv.exe
  2⤵
  PID:4152
- C:\Windows\System\CfEGUzv.exe
  C:\Windows\System\CfEGUzv.exe
  2⤵
  PID:4176
- C:\Windows\System\MyhVFoc.exe
  C:\Windows\System\MyhVFoc.exe
  2⤵
  PID:4196
- C:\Windows\System\oJcYLun.exe
  C:\Windows\System\oJcYLun.exe
  2⤵
  PID:4216
- C:\Windows\System\kFOJplC.exe
  C:\Windows\System\kFOJplC.exe
  2⤵
  PID:4236
- C:\Windows\System\IqzQbJu.exe
  C:\Windows\System\IqzQbJu.exe
  2⤵
  PID:4256
- C:\Windows\System\zwveZCF.exe
  C:\Windows\System\zwveZCF.exe
  2⤵
  PID:4272
- C:\Windows\System\MGDxGGv.exe
  C:\Windows\System\MGDxGGv.exe
  2⤵
  PID:4292
- C:\Windows\System\aqniUrV.exe
  C:\Windows\System\aqniUrV.exe
  2⤵
  PID:4312
- C:\Windows\System\vkVCUCx.exe
  C:\Windows\System\vkVCUCx.exe
  2⤵
  PID:4332
- C:\Windows\System\kzxTCmg.exe
  C:\Windows\System\kzxTCmg.exe
  2⤵
  PID:4356
- C:\Windows\System\GjRKjJg.exe
  C:\Windows\System\GjRKjJg.exe
  2⤵
  PID:4376
- C:\Windows\System\eeWjPYi.exe
  C:\Windows\System\eeWjPYi.exe
  2⤵
  PID:4396
- C:\Windows\System\ADcmbdj.exe
  C:\Windows\System\ADcmbdj.exe
  2⤵
  PID:4416
- C:\Windows\System\HOKbYQB.exe
  C:\Windows\System\HOKbYQB.exe
  2⤵
  PID:4432
- C:\Windows\System\DQZqhHL.exe
  C:\Windows\System\DQZqhHL.exe
  2⤵
  PID:4456
- C:\Windows\System\XDuMyir.exe
  C:\Windows\System\XDuMyir.exe
  2⤵
  PID:4476
- C:\Windows\System\bOYygeh.exe
  C:\Windows\System\bOYygeh.exe
  2⤵
  PID:4496
- C:\Windows\System\fhVPMDF.exe
  C:\Windows\System\fhVPMDF.exe
  2⤵
  PID:4512
- C:\Windows\System\EfAiWHx.exe
  C:\Windows\System\EfAiWHx.exe
  2⤵
  PID:4532
- C:\Windows\System\nRLdHXU.exe
  C:\Windows\System\nRLdHXU.exe
  2⤵
  PID:4556
- C:\Windows\System\kYGqELm.exe
  C:\Windows\System\kYGqELm.exe
  2⤵
  PID:4576
- C:\Windows\System\uqfLieQ.exe
  C:\Windows\System\uqfLieQ.exe
  2⤵
  PID:4600
- C:\Windows\System\FHFPpjf.exe
  C:\Windows\System\FHFPpjf.exe
  2⤵
  PID:4620
- C:\Windows\System\ipTMCBO.exe
  C:\Windows\System\ipTMCBO.exe
  2⤵
  PID:4636
- C:\Windows\System\azWuPqk.exe
  C:\Windows\System\azWuPqk.exe
  2⤵
  PID:4656
- C:\Windows\System\cTkmMXa.exe
  C:\Windows\System\cTkmMXa.exe
  2⤵
  PID:4676
- C:\Windows\System\CEbgBld.exe
  C:\Windows\System\CEbgBld.exe
  2⤵
  PID:4696
- C:\Windows\System\ypXsxzv.exe
  C:\Windows\System\ypXsxzv.exe
  2⤵
  PID:4712
- C:\Windows\System\xzYirRV.exe
  C:\Windows\System\xzYirRV.exe
  2⤵
  PID:4732
- C:\Windows\System\FkTKuit.exe
  C:\Windows\System\FkTKuit.exe
  2⤵
  PID:4756
- C:\Windows\System\riektgf.exe
  C:\Windows\System\riektgf.exe
  2⤵
  PID:4784
- C:\Windows\System\GRIpUol.exe
  C:\Windows\System\GRIpUol.exe
  2⤵
  PID:4800
- C:\Windows\System\AopclBj.exe
  C:\Windows\System\AopclBj.exe
  2⤵
  PID:4824
- C:\Windows\System\xYeBfaK.exe
  C:\Windows\System\xYeBfaK.exe
  2⤵
  PID:4840
- C:\Windows\System\coXbajo.exe
  C:\Windows\System\coXbajo.exe
  2⤵
  PID:4864
- C:\Windows\System\cOOdOtg.exe
  C:\Windows\System\cOOdOtg.exe
  2⤵
  PID:4880
- C:\Windows\System\ZGAXYCf.exe
  C:\Windows\System\ZGAXYCf.exe
  2⤵
  PID:4904
- C:\Windows\System\nhkpsKm.exe
  C:\Windows\System\nhkpsKm.exe
  2⤵
  PID:4924
- C:\Windows\System\WKhvkvm.exe
  C:\Windows\System\WKhvkvm.exe
  2⤵
  PID:4944
- C:\Windows\System\HQzOcez.exe
  C:\Windows\System\HQzOcez.exe
  2⤵
  PID:4964
- C:\Windows\System\jXYptmw.exe
  C:\Windows\System\jXYptmw.exe
  2⤵
  PID:4984
- C:\Windows\System\tWfBCkt.exe
  C:\Windows\System\tWfBCkt.exe
  2⤵
  PID:5000
- C:\Windows\System\WWJVJuh.exe
  C:\Windows\System\WWJVJuh.exe
  2⤵
  PID:5024
- C:\Windows\System\LPfqlLj.exe
  C:\Windows\System\LPfqlLj.exe
  2⤵
  PID:5044
- C:\Windows\System\dbQxqyl.exe
  C:\Windows\System\dbQxqyl.exe
  2⤵
  PID:5064
- C:\Windows\System\MCpZSkh.exe
  C:\Windows\System\MCpZSkh.exe
  2⤵
  PID:5084
- C:\Windows\System\bkHoqTA.exe
  C:\Windows\System\bkHoqTA.exe
  2⤵
  PID:5104
- C:\Windows\System\eDUYMFL.exe
  C:\Windows\System\eDUYMFL.exe
  2⤵
  PID:3116
- C:\Windows\System\WXBIVtr.exe
  C:\Windows\System\WXBIVtr.exe
  2⤵
  PID:1104
- C:\Windows\System\HvklRrh.exe
  C:\Windows\System\HvklRrh.exe
  2⤵
  PID:3648
- C:\Windows\System\trSbEfU.exe
  C:\Windows\System\trSbEfU.exe
  2⤵
  PID:1880
- C:\Windows\System\QhaXvZu.exe
  C:\Windows\System\QhaXvZu.exe
  2⤵
  PID:2060
- C:\Windows\System\wlSeskz.exe
  C:\Windows\System\wlSeskz.exe
  2⤵
  PID:3992
- C:\Windows\System\LuGqZIY.exe
  C:\Windows\System\LuGqZIY.exe
  2⤵
  PID:3652
- C:\Windows\System\jPiEanG.exe
  C:\Windows\System\jPiEanG.exe
  2⤵
  PID:4128
- C:\Windows\System\soWCWXE.exe
  C:\Windows\System\soWCWXE.exe
  2⤵
  PID:4164
- C:\Windows\System\BzazACx.exe
  C:\Windows\System\BzazACx.exe
  2⤵
  PID:4204
- C:\Windows\System\bezLyYe.exe
  C:\Windows\System\bezLyYe.exe
  2⤵
  PID:4244
- C:\Windows\System\erfhiRY.exe
  C:\Windows\System\erfhiRY.exe
  2⤵
  PID:4224
- C:\Windows\System\dpipeMT.exe
  C:\Windows\System\dpipeMT.exe
  2⤵
  PID:4284
- C:\Windows\System\mBYeOGZ.exe
  C:\Windows\System\mBYeOGZ.exe
  2⤵
  PID:4324
- C:\Windows\System\PmxodgZ.exe
  C:\Windows\System\PmxodgZ.exe
  2⤵
  PID:4368
- C:\Windows\System\DQbAmNp.exe
  C:\Windows\System\DQbAmNp.exe
  2⤵
  PID:4308
- C:\Windows\System\rVYlOYt.exe
  C:\Windows\System\rVYlOYt.exe
  2⤵
  PID:4392
- C:\Windows\System\qfjFMtW.exe
  C:\Windows\System\qfjFMtW.exe
  2⤵
  PID:4448
- C:\Windows\System\GFOjALZ.exe
  C:\Windows\System\GFOjALZ.exe
  2⤵
  PID:4488
- C:\Windows\System\TSICeCE.exe
  C:\Windows\System\TSICeCE.exe
  2⤵
  PID:4472
- C:\Windows\System\nGGFjtE.exe
  C:\Windows\System\nGGFjtE.exe
  2⤵
  PID:4568
- C:\Windows\System\rweRyGK.exe
  C:\Windows\System\rweRyGK.exe
  2⤵
  PID:4644
- C:\Windows\System\vjvjgNk.exe
  C:\Windows\System\vjvjgNk.exe
  2⤵
  PID:4584
- C:\Windows\System\ezKEBru.exe
  C:\Windows\System\ezKEBru.exe
  2⤵
  PID:4692
- C:\Windows\System\khJOhMJ.exe
  C:\Windows\System\khJOhMJ.exe
  2⤵
  PID:4632
- C:\Windows\System\AXIfkhd.exe
  C:\Windows\System\AXIfkhd.exe
  2⤵
  PID:4664
- C:\Windows\System\ZtnQQja.exe
  C:\Windows\System\ZtnQQja.exe
  2⤵
  PID:4776
- C:\Windows\System\LTLpuar.exe
  C:\Windows\System\LTLpuar.exe
  2⤵
  PID:4808
- C:\Windows\System\CYlBVvb.exe
  C:\Windows\System\CYlBVvb.exe
  2⤵
  PID:4852
- C:\Windows\System\ipzkElk.exe
  C:\Windows\System\ipzkElk.exe
  2⤵
  PID:4836
- C:\Windows\System\GDJJOHo.exe
  C:\Windows\System\GDJJOHo.exe
  2⤵
  PID:4876
- C:\Windows\System\FLFHnDU.exe
  C:\Windows\System\FLFHnDU.exe
  2⤵
  PID:4920
- C:\Windows\System\WXoQIvE.exe
  C:\Windows\System\WXoQIvE.exe
  2⤵
  PID:4952
- C:\Windows\System\yQfbFdv.exe
  C:\Windows\System\yQfbFdv.exe
  2⤵
  PID:5008
- C:\Windows\System\lxdDSrS.exe
  C:\Windows\System\lxdDSrS.exe
  2⤵
  PID:4996
- C:\Windows\System\jgrpGzy.exe
  C:\Windows\System\jgrpGzy.exe
  2⤵
  PID:5036
- C:\Windows\System\hFYjiwd.exe
  C:\Windows\System\hFYjiwd.exe
  2⤵
  PID:5076
- C:\Windows\System\MnILKKo.exe
  C:\Windows\System\MnILKKo.exe
  2⤵
  PID:3984
- C:\Windows\System\EycXTzS.exe
  C:\Windows\System\EycXTzS.exe
  2⤵
  PID:2976
- C:\Windows\System\IDxeZvd.exe
  C:\Windows\System\IDxeZvd.exe
  2⤵
  PID:2592
- C:\Windows\System\krMZCmk.exe
  C:\Windows\System\krMZCmk.exe
  2⤵
  PID:1924
- C:\Windows\System\dissfum.exe
  C:\Windows\System\dissfum.exe
  2⤵
  PID:4120
- C:\Windows\System\stnMDQA.exe
  C:\Windows\System\stnMDQA.exe
  2⤵
  PID:4172
- C:\Windows\System\RYkcgjG.exe
  C:\Windows\System\RYkcgjG.exe
  2⤵
  PID:4104
- C:\Windows\System\JPgESfc.exe
  C:\Windows\System\JPgESfc.exe
  2⤵
  PID:3504
- C:\Windows\System\SmYGSiH.exe
  C:\Windows\System\SmYGSiH.exe
  2⤵
  PID:4328
- C:\Windows\System\hUhFMGe.exe
  C:\Windows\System\hUhFMGe.exe
  2⤵
  PID:4340
- C:\Windows\System\XkPGRow.exe
  C:\Windows\System\XkPGRow.exe
  2⤵
  PID:4440
- C:\Windows\System\GaVntiQ.exe
  C:\Windows\System\GaVntiQ.exe
  2⤵
  PID:4384
- C:\Windows\System\UJilBIW.exe
  C:\Windows\System\UJilBIW.exe
  2⤵
  PID:4424
- C:\Windows\System\wftYoGF.exe
  C:\Windows\System\wftYoGF.exe
  2⤵
  PID:4508
- C:\Windows\System\GuuYPkg.exe
  C:\Windows\System\GuuYPkg.exe
  2⤵
  PID:4596
- C:\Windows\System\DJSpkgC.exe
  C:\Windows\System\DJSpkgC.exe
  2⤵
  PID:4740
- C:\Windows\System\PBjocKo.exe
  C:\Windows\System\PBjocKo.exe
  2⤵
  PID:4748
- C:\Windows\System\iDjhPDx.exe
  C:\Windows\System\iDjhPDx.exe
  2⤵
  PID:4772
- C:\Windows\System\yqzQaUQ.exe
  C:\Windows\System\yqzQaUQ.exe
  2⤵
  PID:4832
- C:\Windows\System\EosCBwX.exe
  C:\Windows\System\EosCBwX.exe
  2⤵
  PID:4892
- C:\Windows\System\cVzanxJ.exe
  C:\Windows\System\cVzanxJ.exe
  2⤵
  PID:4956
- C:\Windows\System\ahcFULI.exe
  C:\Windows\System\ahcFULI.exe
  2⤵
  PID:5020
- C:\Windows\System\wMDdqKh.exe
  C:\Windows\System\wMDdqKh.exe
  2⤵
  PID:5056
- C:\Windows\System\IgUNSjf.exe
  C:\Windows\System\IgUNSjf.exe
  2⤵
  PID:5072
- C:\Windows\System\clsuJyF.exe
  C:\Windows\System\clsuJyF.exe
  2⤵
  PID:3060
- C:\Windows\System\vNljCDO.exe
  C:\Windows\System\vNljCDO.exe
  2⤵
  PID:4116
- C:\Windows\System\sccdRZL.exe
  C:\Windows\System\sccdRZL.exe
  2⤵
  PID:3076
- C:\Windows\System\CyKpjdT.exe
  C:\Windows\System\CyKpjdT.exe
  2⤵
  PID:1016
- C:\Windows\System\IhLotOw.exe
  C:\Windows\System\IhLotOw.exe
  2⤵
  PID:4552
- C:\Windows\System\CPmqZEi.exe
  C:\Windows\System\CPmqZEi.exe
  2⤵
  PID:4412
- C:\Windows\System\vwbQZMm.exe
  C:\Windows\System\vwbQZMm.exe
  2⤵
  PID:4452
- C:\Windows\System\xPckPss.exe
  C:\Windows\System\xPckPss.exe
  2⤵
  PID:4528
- C:\Windows\System\cOgiTie.exe
  C:\Windows\System\cOgiTie.exe
  2⤵
  PID:4548
- C:\Windows\System\LOFRReK.exe
  C:\Windows\System\LOFRReK.exe
  2⤵
  PID:4848
- C:\Windows\System\wqcxobH.exe
  C:\Windows\System\wqcxobH.exe
  2⤵
  PID:4768
- C:\Windows\System\lTdtaVu.exe
  C:\Windows\System\lTdtaVu.exe
  2⤵
  PID:888
- C:\Windows\System\QFMFdNc.exe
  C:\Windows\System\QFMFdNc.exe
  2⤵
  PID:5040
- C:\Windows\System\TNeIhXR.exe
  C:\Windows\System\TNeIhXR.exe
  2⤵
  PID:4936
- C:\Windows\System\RlRODKX.exe
  C:\Windows\System\RlRODKX.exe
  2⤵
  PID:5080
- C:\Windows\System\zXBeFRv.exe
  C:\Windows\System\zXBeFRv.exe
  2⤵
  PID:1940
- C:\Windows\System\pLeoQzq.exe
  C:\Windows\System\pLeoQzq.exe
  2⤵
  PID:4264
- C:\Windows\System\sdEARPg.exe
  C:\Windows\System\sdEARPg.exe
  2⤵
  PID:4612
- C:\Windows\System\iUttmQH.exe
  C:\Windows\System\iUttmQH.exe
  2⤵
  PID:4572
- C:\Windows\System\UsacFJH.exe
  C:\Windows\System\UsacFJH.exe
  2⤵
  PID:3124
- C:\Windows\System\kxzxDad.exe
  C:\Windows\System\kxzxDad.exe
  2⤵
  PID:4688
- C:\Windows\System\zbMMgYo.exe
  C:\Windows\System\zbMMgYo.exe
  2⤵
  PID:5052
- C:\Windows\System\DcimblU.exe
  C:\Windows\System\DcimblU.exe
  2⤵
  PID:4912
- C:\Windows\System\RWiCmTj.exe
  C:\Windows\System\RWiCmTj.exe
  2⤵
  PID:5136
- C:\Windows\System\ZARDqoh.exe
  C:\Windows\System\ZARDqoh.exe
  2⤵
  PID:5156
- C:\Windows\System\AGxafTD.exe
  C:\Windows\System\AGxafTD.exe
  2⤵
  PID:5176
- C:\Windows\System\aDKnWUs.exe
  C:\Windows\System\aDKnWUs.exe
  2⤵
  PID:5196
- C:\Windows\System\nhFhiYy.exe
  C:\Windows\System\nhFhiYy.exe
  2⤵
  PID:5212
- C:\Windows\System\KzEEPeM.exe
  C:\Windows\System\KzEEPeM.exe
  2⤵
  PID:5236
- C:\Windows\System\KREYvwL.exe
  C:\Windows\System\KREYvwL.exe
  2⤵
  PID:5252
- C:\Windows\System\xPKiktB.exe
  C:\Windows\System\xPKiktB.exe
  2⤵
  PID:5276
- C:\Windows\System\dkwSsbq.exe
  C:\Windows\System\dkwSsbq.exe
  2⤵
  PID:5292
- C:\Windows\System\bexOGhc.exe
  C:\Windows\System\bexOGhc.exe
  2⤵
  PID:5316
- C:\Windows\System\zEiAXoP.exe
  C:\Windows\System\zEiAXoP.exe
  2⤵
  PID:5332
- C:\Windows\System\FwaDfnQ.exe
  C:\Windows\System\FwaDfnQ.exe
  2⤵
  PID:5356
- C:\Windows\System\SsnbtOW.exe
  C:\Windows\System\SsnbtOW.exe
  2⤵
  PID:5376
- C:\Windows\System\KmEihXY.exe
  C:\Windows\System\KmEihXY.exe
  2⤵
  PID:5396
- C:\Windows\System\qQUaZFp.exe
  C:\Windows\System\qQUaZFp.exe
  2⤵
  PID:5416
- C:\Windows\System\olgJTqA.exe
  C:\Windows\System\olgJTqA.exe
  2⤵
  PID:5436
- C:\Windows\System\mpaMiSg.exe
  C:\Windows\System\mpaMiSg.exe
  2⤵
  PID:5456
- C:\Windows\System\zFaneiZ.exe
  C:\Windows\System\zFaneiZ.exe
  2⤵
  PID:5476
- C:\Windows\System\DWigCyA.exe
  C:\Windows\System\DWigCyA.exe
  2⤵
  PID:5496
- C:\Windows\System\nOdRVrB.exe
  C:\Windows\System\nOdRVrB.exe
  2⤵
  PID:5516
- C:\Windows\System\gSSzKhi.exe
  C:\Windows\System\gSSzKhi.exe
  2⤵
  PID:5540
- C:\Windows\System\IHDjywX.exe
  C:\Windows\System\IHDjywX.exe
  2⤵
  PID:5560
- C:\Windows\System\PJpZTBE.exe
  C:\Windows\System\PJpZTBE.exe
  2⤵
  PID:5580
- C:\Windows\System\wcOeKKe.exe
  C:\Windows\System\wcOeKKe.exe
  2⤵
  PID:5600
- C:\Windows\System\kAREDws.exe
  C:\Windows\System\kAREDws.exe
  2⤵
  PID:5620
- C:\Windows\System\TThaXbQ.exe
  C:\Windows\System\TThaXbQ.exe
  2⤵
  PID:5640
- C:\Windows\System\XROidMv.exe
  C:\Windows\System\XROidMv.exe
  2⤵
  PID:5660
- C:\Windows\System\qtFXKIH.exe
  C:\Windows\System\qtFXKIH.exe
  2⤵
  PID:5680
- C:\Windows\System\bIofZiw.exe
  C:\Windows\System\bIofZiw.exe
  2⤵
  PID:5700
- C:\Windows\System\omaVUSY.exe
  C:\Windows\System\omaVUSY.exe
  2⤵
  PID:5720
- C:\Windows\System\nMVDvDH.exe
  C:\Windows\System\nMVDvDH.exe
  2⤵
  PID:5740
- C:\Windows\System\cNojgkI.exe
  C:\Windows\System\cNojgkI.exe
  2⤵
  PID:5760
- C:\Windows\System\Aqiacon.exe
  C:\Windows\System\Aqiacon.exe
  2⤵
  PID:5780
- C:\Windows\System\BTORVyY.exe
  C:\Windows\System\BTORVyY.exe
  2⤵
  PID:5800
- C:\Windows\System\NDonlhE.exe
  C:\Windows\System\NDonlhE.exe
  2⤵
  PID:5820
- C:\Windows\System\IyZcNpV.exe
  C:\Windows\System\IyZcNpV.exe
  2⤵
  PID:5840
- C:\Windows\System\BYbPhhU.exe
  C:\Windows\System\BYbPhhU.exe
  2⤵
  PID:5860
- C:\Windows\System\nbFNDeL.exe
  C:\Windows\System\nbFNDeL.exe
  2⤵
  PID:5880
- C:\Windows\System\JjytkOa.exe
  C:\Windows\System\JjytkOa.exe
  2⤵
  PID:5904
- C:\Windows\System\OKfjCgm.exe
  C:\Windows\System\OKfjCgm.exe
  2⤵
  PID:5924
- C:\Windows\System\FwpkTbl.exe
  C:\Windows\System\FwpkTbl.exe
  2⤵
  PID:5944
- C:\Windows\System\qppueDA.exe
  C:\Windows\System\qppueDA.exe
  2⤵
  PID:5964
- C:\Windows\System\MsLLVzv.exe
  C:\Windows\System\MsLLVzv.exe
  2⤵
  PID:5984
- C:\Windows\System\gLABxYA.exe
  C:\Windows\System\gLABxYA.exe
  2⤵
  PID:6004
- C:\Windows\System\WOvIpTr.exe
  C:\Windows\System\WOvIpTr.exe
  2⤵
  PID:6024
- C:\Windows\System\esQNdFC.exe
  C:\Windows\System\esQNdFC.exe
  2⤵
  PID:6044
- C:\Windows\System\ZYHCKys.exe
  C:\Windows\System\ZYHCKys.exe
  2⤵
  PID:6064
- C:\Windows\System\mynPowD.exe
  C:\Windows\System\mynPowD.exe
  2⤵
  PID:6084
- C:\Windows\System\KfBdrsN.exe
  C:\Windows\System\KfBdrsN.exe
  2⤵
  PID:6104
- C:\Windows\System\ORKabYf.exe
  C:\Windows\System\ORKabYf.exe
  2⤵
  PID:6124
- C:\Windows\System\BajBkLI.exe
  C:\Windows\System\BajBkLI.exe
  2⤵
  PID:2640
- C:\Windows\System\sNadgbz.exe
  C:\Windows\System\sNadgbz.exe
  2⤵
  PID:3588
- C:\Windows\System\XWmfxxX.exe
  C:\Windows\System\XWmfxxX.exe
  2⤵
  PID:4372
- C:\Windows\System\kcxNRnI.exe
  C:\Windows\System\kcxNRnI.exe
  2⤵
  PID:4724
- C:\Windows\System\xbhhOCZ.exe
  C:\Windows\System\xbhhOCZ.exe
  2⤵
  PID:4464
- C:\Windows\System\NshhTJh.exe
  C:\Windows\System\NshhTJh.exe
  2⤵
  PID:4896
- C:\Windows\System\fnkAtWy.exe
  C:\Windows\System\fnkAtWy.exe
  2⤵
  PID:4648
- C:\Windows\System\fLReTkF.exe
  C:\Windows\System\fLReTkF.exe
  2⤵
  PID:5184
- C:\Windows\System\OZtJDYf.exe
  C:\Windows\System\OZtJDYf.exe
  2⤵
  PID:5172
- C:\Windows\System\BCbuPaE.exe
  C:\Windows\System\BCbuPaE.exe
  2⤵
  PID:1560
- C:\Windows\System\lkHYHUB.exe
  C:\Windows\System\lkHYHUB.exe
  2⤵
  PID:5304
- C:\Windows\System\nuSbapM.exe
  C:\Windows\System\nuSbapM.exe
  2⤵
  PID:5308
- C:\Windows\System\cglQisA.exe
  C:\Windows\System\cglQisA.exe
  2⤵
  PID:5352
- C:\Windows\System\tPvTLWV.exe
  C:\Windows\System\tPvTLWV.exe
  2⤵
  PID:5348
- C:\Windows\System\GMnJqZV.exe
  C:\Windows\System\GMnJqZV.exe
  2⤵
  PID:5384
- C:\Windows\System\inEUEPy.exe
  C:\Windows\System\inEUEPy.exe
  2⤵
  PID:5388
- C:\Windows\System\eSxrhLS.exe
  C:\Windows\System\eSxrhLS.exe
  2⤵
  PID:5432
- C:\Windows\System\umKxoVg.exe
  C:\Windows\System\umKxoVg.exe
  2⤵
  PID:5408
- C:\Windows\System\DdbkSma.exe
  C:\Windows\System\DdbkSma.exe
  2⤵
  PID:2924
- C:\Windows\System\uwKsZXY.exe
  C:\Windows\System\uwKsZXY.exe
  2⤵
  PID:5508
- C:\Windows\System\xdqYnld.exe
  C:\Windows\System\xdqYnld.exe
  2⤵
  PID:5552
- C:\Windows\System\MMrcqDU.exe
  C:\Windows\System\MMrcqDU.exe
  2⤵
  PID:2576
- C:\Windows\System\XHbfgUz.exe
  C:\Windows\System\XHbfgUz.exe
  2⤵
  PID:5572
- C:\Windows\System\ypYEhiO.exe
  C:\Windows\System\ypYEhiO.exe
  2⤵
  PID:5612
- C:\Windows\System\wJlxUsy.exe
  C:\Windows\System\wJlxUsy.exe
  2⤵
  PID:5668
- C:\Windows\System\NgbjbEO.exe
  C:\Windows\System\NgbjbEO.exe
  2⤵
  PID:5716
- C:\Windows\System\XOVXJsA.exe
  C:\Windows\System\XOVXJsA.exe
  2⤵
  PID:5748
- C:\Windows\System\DSDaUAK.exe
  C:\Windows\System\DSDaUAK.exe
  2⤵
  PID:5788
- C:\Windows\System\ehgsAru.exe
  C:\Windows\System\ehgsAru.exe
  2⤵
  PID:5776
- C:\Windows\System\VXaDOHV.exe
  C:\Windows\System\VXaDOHV.exe
  2⤵
  PID:5832
- C:\Windows\System\tHvxHQe.exe
  C:\Windows\System\tHvxHQe.exe
  2⤵
  PID:5876
- C:\Windows\System\Vysnqfr.exe
  C:\Windows\System\Vysnqfr.exe
  2⤵
  PID:5916
- C:\Windows\System\jHPHJgu.exe
  C:\Windows\System\jHPHJgu.exe
  2⤵
  PID:5956
- C:\Windows\System\oHJfTEQ.exe
  C:\Windows\System\oHJfTEQ.exe
  2⤵
  PID:6000
- C:\Windows\System\sKCUgfn.exe
  C:\Windows\System\sKCUgfn.exe
  2⤵
  PID:668
- C:\Windows\System\VcBowBR.exe
  C:\Windows\System\VcBowBR.exe
  2⤵
  PID:6016
- C:\Windows\System\hQsVdjm.exe
  C:\Windows\System\hQsVdjm.exe
  2⤵
  PID:6060
- C:\Windows\System\wFrmAhb.exe
  C:\Windows\System\wFrmAhb.exe
  2⤵
  PID:6112
- C:\Windows\System\eHObeqC.exe
  C:\Windows\System\eHObeqC.exe
  2⤵
  PID:3716
- C:\Windows\System\WrqykBu.exe
  C:\Windows\System\WrqykBu.exe
  2⤵
  PID:6132
- C:\Windows\System\ljQBRlQ.exe
  C:\Windows\System\ljQBRlQ.exe
  2⤵
  PID:4972
- C:\Windows\System\EYXsPll.exe
  C:\Windows\System\EYXsPll.exe
  2⤵
  PID:4188
- C:\Windows\System\mquEdcA.exe
  C:\Windows\System\mquEdcA.exe
  2⤵
  PID:2224
- C:\Windows\System\dJoSSrj.exe
  C:\Windows\System\dJoSSrj.exe
  2⤵
  PID:1668
- C:\Windows\System\hoZVHID.exe
  C:\Windows\System\hoZVHID.exe
  2⤵
  PID:2220
- C:\Windows\System\kcXTUPV.exe
  C:\Windows\System\kcXTUPV.exe
  2⤵
  PID:4744
- C:\Windows\System\hhzZkgm.exe
  C:\Windows\System\hhzZkgm.exe
  2⤵
  PID:2604
- C:\Windows\System\dTeKbHO.exe
  C:\Windows\System\dTeKbHO.exe
  2⤵
  PID:5232
- C:\Windows\System\CHYennn.exe
  C:\Windows\System\CHYennn.exe
  2⤵
  PID:2988
- C:\Windows\System\xkTUJjM.exe
  C:\Windows\System\xkTUJjM.exe
  2⤵
  PID:2456
- C:\Windows\System\MNcqMNh.exe
  C:\Windows\System\MNcqMNh.exe
  2⤵
  PID:844
- C:\Windows\System\veUJrtB.exe
  C:\Windows\System\veUJrtB.exe
  2⤵
  PID:5424
- C:\Windows\System\EXkZUqp.exe
  C:\Windows\System\EXkZUqp.exe
  2⤵
  PID:5504
- C:\Windows\System\aiOGVVv.exe
  C:\Windows\System\aiOGVVv.exe
  2⤵
  PID:5284
- C:\Windows\System\pulHqot.exe
  C:\Windows\System\pulHqot.exe
  2⤵
  PID:5368
- C:\Windows\System\bjCFkod.exe
  C:\Windows\System\bjCFkod.exe
  2⤵
  PID:5556
- C:\Windows\System\qgjpbzI.exe
  C:\Windows\System\qgjpbzI.exe
  2⤵
  PID:5672
- C:\Windows\System\zEBtejv.exe
  C:\Windows\System\zEBtejv.exe
  2⤵
  PID:5728
- C:\Windows\System\EWiRTJH.exe
  C:\Windows\System\EWiRTJH.exe
  2⤵
  PID:2320
- C:\Windows\System\evOdQww.exe
  C:\Windows\System\evOdQww.exe
  2⤵
  PID:5708
- C:\Windows\System\apNvYUA.exe
  C:\Windows\System\apNvYUA.exe
  2⤵
  PID:5652
- C:\Windows\System\OwtsDON.exe
  C:\Windows\System\OwtsDON.exe
  2⤵
  PID:5952
- C:\Windows\System\ljjqBFT.exe
  C:\Windows\System\ljjqBFT.exe
  2⤵
  PID:5792
- C:\Windows\System\PAImUPD.exe
  C:\Windows\System\PAImUPD.exe
  2⤵
  PID:5836
- C:\Windows\System\HDjjqKu.exe
  C:\Windows\System\HDjjqKu.exe
  2⤵
  PID:2892
- C:\Windows\System\fFcFcIY.exe
  C:\Windows\System\fFcFcIY.exe
  2⤵
  PID:6080
- C:\Windows\System\OaGmHFl.exe
  C:\Windows\System\OaGmHFl.exe
  2⤵
  PID:6116
- C:\Windows\System\pLQrRrw.exe
  C:\Windows\System\pLQrRrw.exe
  2⤵
  PID:6032
- C:\Windows\System\TzgKIXs.exe
  C:\Windows\System\TzgKIXs.exe
  2⤵
  PID:6096
- C:\Windows\System\KUTSGnI.exe
  C:\Windows\System\KUTSGnI.exe
  2⤵
  PID:1824
- C:\Windows\System\GOrUuZH.exe
  C:\Windows\System\GOrUuZH.exe
  2⤵
  PID:1928
- C:\Windows\System\EzsbXfn.exe
  C:\Windows\System\EzsbXfn.exe
  2⤵
  PID:3052
- C:\Windows\System\dVdElBe.exe
  C:\Windows\System\dVdElBe.exe
  2⤵
  PID:1648
- C:\Windows\System\vTxLKyq.exe
  C:\Windows\System\vTxLKyq.exe
  2⤵
  PID:5312
- C:\Windows\System\YwByIWz.exe
  C:\Windows\System\YwByIWz.exe
  2⤵
  PID:2168
- C:\Windows\System\btDbPXL.exe
  C:\Windows\System\btDbPXL.exe
  2⤵
  PID:5264
- C:\Windows\System\vPPpceH.exe
  C:\Windows\System\vPPpceH.exe
  2⤵
  PID:5596
- C:\Windows\System\LGxKjud.exe
  C:\Windows\System\LGxKjud.exe
  2⤵
  PID:4796
- C:\Windows\System\uVvtfLN.exe
  C:\Windows\System\uVvtfLN.exe
  2⤵
  PID:5532
- C:\Windows\System\yZrBqWp.exe
  C:\Windows\System\yZrBqWp.exe
  2⤵
  PID:5932
- C:\Windows\System\xmwpyOx.exe
  C:\Windows\System\xmwpyOx.exe
  2⤵
  PID:5404
- C:\Windows\System\toTjGDW.exe
  C:\Windows\System\toTjGDW.exe
  2⤵
  PID:4124
- C:\Windows\System\BqHuMvj.exe
  C:\Windows\System\BqHuMvj.exe
  2⤵
  PID:5692
- C:\Windows\System\WpvlWWY.exe
  C:\Windows\System\WpvlWWY.exe
  2⤵
  PID:5808
- C:\Windows\System\cegwssl.exe
  C:\Windows\System\cegwssl.exe
  2⤵
  PID:992
- C:\Windows\System\IWngLrz.exe
  C:\Windows\System\IWngLrz.exe
  2⤵
  PID:6092
- C:\Windows\System\phdAldz.exe
  C:\Windows\System\phdAldz.exe
  2⤵
  PID:4820
- C:\Windows\System\FTnplEG.exe
  C:\Windows\System\FTnplEG.exe
  2⤵
  PID:5192
- C:\Windows\System\SLKIHrZ.exe
  C:\Windows\System\SLKIHrZ.exe
  2⤵
  PID:5448
- C:\Windows\System\zmgPtFm.exe
  C:\Windows\System\zmgPtFm.exe
  2⤵
  PID:5468
- C:\Windows\System\lppQIFC.exe
  C:\Windows\System\lppQIFC.exe
  2⤵
  PID:5372
- C:\Windows\System\eZxgPoR.exe
  C:\Windows\System\eZxgPoR.exe
  2⤵
  PID:4148
- C:\Windows\System\hFgOVFi.exe
  C:\Windows\System\hFgOVFi.exe
  2⤵
  PID:5888
- C:\Windows\System\oVoCAyb.exe
  C:\Windows\System\oVoCAyb.exe
  2⤵
  PID:4352
- C:\Windows\System\QPxJBGR.exe
  C:\Windows\System\QPxJBGR.exe
  2⤵
  PID:6156
- C:\Windows\System\iuifMAo.exe
  C:\Windows\System\iuifMAo.exe
  2⤵
  PID:6176
- C:\Windows\System\ZkqguAQ.exe
  C:\Windows\System\ZkqguAQ.exe
  2⤵
  PID:6192
- C:\Windows\System\pvVpaZU.exe
  C:\Windows\System\pvVpaZU.exe
  2⤵
  PID:6208
- C:\Windows\System\iyJWaDt.exe
  C:\Windows\System\iyJWaDt.exe
  2⤵
  PID:6232
- C:\Windows\System\qVlThRD.exe
  C:\Windows\System\qVlThRD.exe
  2⤵
  PID:6248
- C:\Windows\System\HZTWXFq.exe
  C:\Windows\System\HZTWXFq.exe
  2⤵
  PID:6264
- C:\Windows\System\GTigEOM.exe
  C:\Windows\System\GTigEOM.exe
  2⤵
  PID:6280
- C:\Windows\System\zyDJtdG.exe
  C:\Windows\System\zyDJtdG.exe
  2⤵
  PID:6296
- C:\Windows\System\NeXxbcL.exe
  C:\Windows\System\NeXxbcL.exe
  2⤵
  PID:6332
- C:\Windows\System\tNAFIsB.exe
  C:\Windows\System\tNAFIsB.exe
  2⤵
  PID:6392
- C:\Windows\System\qSpwqLE.exe
  C:\Windows\System\qSpwqLE.exe
  2⤵
  PID:6408
- C:\Windows\System\VclLAdM.exe
  C:\Windows\System\VclLAdM.exe
  2⤵
  PID:6424
- C:\Windows\System\gTIYnKX.exe
  C:\Windows\System\gTIYnKX.exe
  2⤵
  PID:6444
- C:\Windows\System\GTcXVSx.exe
  C:\Windows\System\GTcXVSx.exe
  2⤵
  PID:6468
- C:\Windows\System\tPVprUm.exe
  C:\Windows\System\tPVprUm.exe
  2⤵
  PID:6484
- C:\Windows\System\VAcVutH.exe
  C:\Windows\System\VAcVutH.exe
  2⤵
  PID:6508
- C:\Windows\System\NypTusO.exe
  C:\Windows\System\NypTusO.exe
  2⤵
  PID:6528
- C:\Windows\System\HUxzbDj.exe
  C:\Windows\System\HUxzbDj.exe
  2⤵
  PID:6544
- C:\Windows\System\KRNUjqh.exe
  C:\Windows\System\KRNUjqh.exe
  2⤵
  PID:6560
- C:\Windows\System\cKHuXva.exe
  C:\Windows\System\cKHuXva.exe
  2⤵
  PID:6584
- C:\Windows\System\YeuzqHq.exe
  C:\Windows\System\YeuzqHq.exe
  2⤵
  PID:6600
- C:\Windows\System\fqOQeHq.exe
  C:\Windows\System\fqOQeHq.exe
  2⤵
  PID:6616
- C:\Windows\System\fmqjfRY.exe
  C:\Windows\System\fmqjfRY.exe
  2⤵
  PID:6636
- C:\Windows\System\TDqqumE.exe
  C:\Windows\System\TDqqumE.exe
  2⤵
  PID:6652
- C:\Windows\System\UYLgGKM.exe
  C:\Windows\System\UYLgGKM.exe
  2⤵
  PID:6672
- C:\Windows\System\poNRQxV.exe
  C:\Windows\System\poNRQxV.exe
  2⤵
  PID:6692
- C:\Windows\System\JYOEoDQ.exe
  C:\Windows\System\JYOEoDQ.exe
  2⤵
  PID:6708
- C:\Windows\System\DzHTvoT.exe
  C:\Windows\System\DzHTvoT.exe
  2⤵
  PID:6732
- C:\Windows\System\XDDNGcX.exe
  C:\Windows\System\XDDNGcX.exe
  2⤵
  PID:6752
- C:\Windows\System\HMbnwvr.exe
  C:\Windows\System\HMbnwvr.exe
  2⤵
  PID:6768
- C:\Windows\System\zPRyNTL.exe
  C:\Windows\System\zPRyNTL.exe
  2⤵
  PID:6812
- C:\Windows\System\XJhiAmI.exe
  C:\Windows\System\XJhiAmI.exe
  2⤵
  PID:6828
- C:\Windows\System\YIDauzl.exe
  C:\Windows\System\YIDauzl.exe
  2⤵
  PID:6848
- C:\Windows\System\PJVuvPk.exe
  C:\Windows\System\PJVuvPk.exe
  2⤵
  PID:6864
- C:\Windows\System\OJbBuKo.exe
  C:\Windows\System\OJbBuKo.exe
  2⤵
  PID:6880
- C:\Windows\System\PXLrZLf.exe
  C:\Windows\System\PXLrZLf.exe
  2⤵
  PID:6896
- C:\Windows\System\TbNKTCM.exe
  C:\Windows\System\TbNKTCM.exe
  2⤵
  PID:6916
- C:\Windows\System\wibCyfR.exe
  C:\Windows\System\wibCyfR.exe
  2⤵
  PID:6932
- C:\Windows\System\IgPoMjj.exe
  C:\Windows\System\IgPoMjj.exe
  2⤵
  PID:6948
- C:\Windows\System\JvKpAja.exe
  C:\Windows\System\JvKpAja.exe
  2⤵
  PID:6964
- C:\Windows\System\BgfYgiO.exe
  C:\Windows\System\BgfYgiO.exe
  2⤵
  PID:6980
- C:\Windows\System\JlGNejl.exe
  C:\Windows\System\JlGNejl.exe
  2⤵
  PID:6996
- C:\Windows\System\QzffVqn.exe
  C:\Windows\System\QzffVqn.exe
  2⤵
  PID:7016
- C:\Windows\System\VhSiNuF.exe
  C:\Windows\System\VhSiNuF.exe
  2⤵
  PID:7052
- C:\Windows\System\AsiYMTC.exe
  C:\Windows\System\AsiYMTC.exe
  2⤵
  PID:7072
- C:\Windows\System\alJxsgw.exe
  C:\Windows\System\alJxsgw.exe
  2⤵
  PID:7088
- C:\Windows\System\rCaHtNe.exe
  C:\Windows\System\rCaHtNe.exe
  2⤵
  PID:7104
- C:\Windows\System\xloIVOH.exe
  C:\Windows\System\xloIVOH.exe
  2⤵
  PID:7120
- C:\Windows\System\WmLFiCi.exe
  C:\Windows\System\WmLFiCi.exe
  2⤵
  PID:7136
- C:\Windows\System\xrYNqzA.exe
  C:\Windows\System\xrYNqzA.exe
  2⤵
  PID:7152
- C:\Windows\System\rIDkGuq.exe
  C:\Windows\System\rIDkGuq.exe
  2⤵
  PID:1040
- C:\Windows\System\PsltuuI.exe
  C:\Windows\System\PsltuuI.exe
  2⤵
  PID:5940
- C:\Windows\System\jDpMuDY.exe
  C:\Windows\System\jDpMuDY.exe
  2⤵
  PID:6148
- C:\Windows\System\pTKDaHM.exe
  C:\Windows\System\pTKDaHM.exe
  2⤵
  PID:6216
- C:\Windows\System\aMgGGfy.exe
  C:\Windows\System\aMgGGfy.exe
  2⤵
  PID:6260
- C:\Windows\System\hlAswzk.exe
  C:\Windows\System\hlAswzk.exe
  2⤵
  PID:5412
- C:\Windows\System\TTfmzuo.exe
  C:\Windows\System\TTfmzuo.exe
  2⤵
  PID:6376
- C:\Windows\System\aaBYipg.exe
  C:\Windows\System\aaBYipg.exe
  2⤵
  PID:2092
- C:\Windows\System\tUJCsfA.exe
  C:\Windows\System\tUJCsfA.exe
  2⤵
  PID:3764
- C:\Windows\System\tMbviEZ.exe
  C:\Windows\System\tMbviEZ.exe
  2⤵
  PID:6200
- C:\Windows\System\RhYkkKn.exe
  C:\Windows\System\RhYkkKn.exe
  2⤵
  PID:6304
- C:\Windows\System\LbXwfdb.exe
  C:\Windows\System\LbXwfdb.exe
  2⤵
  PID:5868
- C:\Windows\System\YELHNgV.exe
  C:\Windows\System\YELHNgV.exe
  2⤵
  PID:6320
- C:\Windows\System\iWrZFGz.exe
  C:\Windows\System\iWrZFGz.exe
  2⤵
  PID:6420
- C:\Windows\System\GAVWDem.exe
  C:\Windows\System\GAVWDem.exe
  2⤵
  PID:6432
- C:\Windows\System\HavmLHm.exe
  C:\Windows\System\HavmLHm.exe
  2⤵
  PID:6400
- C:\Windows\System\NCJennz.exe
  C:\Windows\System\NCJennz.exe
  2⤵
  PID:6504
- C:\Windows\System\dbFNDuL.exe
  C:\Windows\System\dbFNDuL.exe
  2⤵
  PID:6568
- C:\Windows\System\VnzrFXB.exe
  C:\Windows\System\VnzrFXB.exe
  2⤵
  PID:6572
- C:\Windows\System\jRaSqsA.exe
  C:\Windows\System\jRaSqsA.exe
  2⤵
  PID:6516
- C:\Windows\System\VCIicSx.exe
  C:\Windows\System\VCIicSx.exe
  2⤵
  PID:6688
- C:\Windows\System\oaYXSsU.exe
  C:\Windows\System\oaYXSsU.exe
  2⤵
  PID:6724
- C:\Windows\System\LvQYyzK.exe
  C:\Windows\System\LvQYyzK.exe
  2⤵
  PID:6660
- C:\Windows\System\GszabWu.exe
  C:\Windows\System\GszabWu.exe
  2⤵
  PID:6760
- C:\Windows\System\OvfgOhe.exe
  C:\Windows\System\OvfgOhe.exe
  2⤵
  PID:6784
- C:\Windows\System\mnTXKJl.exe
  C:\Windows\System\mnTXKJl.exe
  2⤵
  PID:6856
- C:\Windows\System\EnuMDLC.exe
  C:\Windows\System\EnuMDLC.exe
  2⤵
  PID:6924
- C:\Windows\System\GQwdjMx.exe
  C:\Windows\System\GQwdjMx.exe
  2⤵
  PID:6992
- C:\Windows\System\nAAUdUr.exe
  C:\Windows\System\nAAUdUr.exe
  2⤵
  PID:6972
- C:\Windows\System\YAdnoTm.exe
  C:\Windows\System\YAdnoTm.exe
  2⤵
  PID:6844
- C:\Windows\System\wogfeOA.exe
  C:\Windows\System\wogfeOA.exe
  2⤵
  PID:6876
- C:\Windows\System\WFlaDOO.exe
  C:\Windows\System\WFlaDOO.exe
  2⤵
  PID:7048
- C:\Windows\System\icEbRZc.exe
  C:\Windows\System\icEbRZc.exe
  2⤵
  PID:7116
- C:\Windows\System\pQwAIQX.exe
  C:\Windows\System\pQwAIQX.exe
  2⤵
  PID:764
- C:\Windows\System\ieFbwYM.exe
  C:\Windows\System\ieFbwYM.exe
  2⤵
  PID:1832
- C:\Windows\System\AQUPdEa.exe
  C:\Windows\System\AQUPdEa.exe
  2⤵
  PID:6188
- C:\Windows\System\NCVhQMp.exe
  C:\Windows\System\NCVhQMp.exe
  2⤵
  PID:6292
- C:\Windows\System\VGoEbEg.exe
  C:\Windows\System\VGoEbEg.exe
  2⤵
  PID:6256
- C:\Windows\System\fEBPaMG.exe
  C:\Windows\System\fEBPaMG.exe
  2⤵
  PID:7164
- C:\Windows\System\JtJOAGq.exe
  C:\Windows\System\JtJOAGq.exe
  2⤵
  PID:5972
- C:\Windows\System\DqfPIvP.exe
  C:\Windows\System\DqfPIvP.exe
  2⤵
  PID:6324
- C:\Windows\System\XEevXrH.exe
  C:\Windows\System\XEevXrH.exe
  2⤵
  PID:6312
- C:\Windows\System\FsFsHoF.exe
  C:\Windows\System\FsFsHoF.exe
  2⤵
  PID:6440
- C:\Windows\System\PCFqEDn.exe
  C:\Windows\System\PCFqEDn.exe
  2⤵
  PID:6540
- C:\Windows\System\CqkiOmZ.exe
  C:\Windows\System\CqkiOmZ.exe
  2⤵
  PID:6556
- C:\Windows\System\dtjOATG.exe
  C:\Windows\System\dtjOATG.exe
  2⤵
  PID:6740
- C:\Windows\System\kQdxCvg.exe
  C:\Windows\System\kQdxCvg.exe
  2⤵
  PID:6592
- C:\Windows\System\AcVLnIz.exe
  C:\Windows\System\AcVLnIz.exe
  2⤵
  PID:6580
- C:\Windows\System\jXFUBgd.exe
  C:\Windows\System\jXFUBgd.exe
  2⤵
  PID:6316
- C:\Windows\System\QYrNNHx.exe
  C:\Windows\System\QYrNNHx.exe
  2⤵
  PID:6792
- C:\Windows\System\TLoPNzI.exe
  C:\Windows\System\TLoPNzI.exe
  2⤵
  PID:6808
- C:\Windows\System\UvaKmRd.exe
  C:\Windows\System\UvaKmRd.exe
  2⤵
  PID:6960
- C:\Windows\System\jRVAZur.exe
  C:\Windows\System\jRVAZur.exe
  2⤵
  PID:6840
- C:\Windows\System\bnlNPbf.exe
  C:\Windows\System\bnlNPbf.exe
  2⤵
  PID:6944
- C:\Windows\System\whjpaBk.exe
  C:\Windows\System\whjpaBk.exe
  2⤵
  PID:7036
- C:\Windows\System\HziwGFs.exe
  C:\Windows\System\HziwGFs.exe
  2⤵
  PID:7060
- C:\Windows\System\slpHuey.exe
  C:\Windows\System\slpHuey.exe
  2⤵
  PID:7112
- C:\Windows\System\CHMTghH.exe
  C:\Windows\System\CHMTghH.exe
  2⤵
  PID:2172
- C:\Windows\System\iEwLAyO.exe
  C:\Windows\System\iEwLAyO.exe
  2⤵
  PID:6184
- C:\Windows\System\PlfMtvj.exe
  C:\Windows\System\PlfMtvj.exe
  2⤵
  PID:5364
- C:\Windows\System\jrJBjGn.exe
  C:\Windows\System\jrJBjGn.exe
  2⤵
  PID:6356
- C:\Windows\System\AbpDkSj.exe
  C:\Windows\System\AbpDkSj.exe
  2⤵
  PID:6480
- C:\Windows\System\UZGJeeF.exe
  C:\Windows\System\UZGJeeF.exe
  2⤵
  PID:6368
- C:\Windows\System\uxXGFXQ.exe
  C:\Windows\System\uxXGFXQ.exe
  2⤵
  PID:6244
- C:\Windows\System\FOPGLxA.exe
  C:\Windows\System\FOPGLxA.exe
  2⤵
  PID:6520
- C:\Windows\System\bvVeQMl.exe
  C:\Windows\System\bvVeQMl.exe
  2⤵
  PID:6272
- C:\Windows\System\qGKEOrY.exe
  C:\Windows\System\qGKEOrY.exe
  2⤵
  PID:6240
- C:\Windows\System\SCFFdOx.exe
  C:\Windows\System\SCFFdOx.exe
  2⤵
  PID:7004
- C:\Windows\System\AjoFxIF.exe
  C:\Windows\System\AjoFxIF.exe
  2⤵
  PID:5144
- C:\Windows\System\JwkckWA.exe
  C:\Windows\System\JwkckWA.exe
  2⤵
  PID:6172
- C:\Windows\System\IeqXdMN.exe
  C:\Windows\System\IeqXdMN.exe
  2⤵
  PID:7024
- C:\Windows\System\XGeqsNL.exe
  C:\Windows\System\XGeqsNL.exe
  2⤵
  PID:5328
- C:\Windows\System\SXalQWM.exe
  C:\Windows\System\SXalQWM.exe
  2⤵
  PID:6700
- C:\Windows\System\hMIsThP.exe
  C:\Windows\System\hMIsThP.exe
  2⤵
  PID:6648
- C:\Windows\System\OKyFtSZ.exe
  C:\Windows\System\OKyFtSZ.exe
  2⤵
  PID:6416
- C:\Windows\System\FdTmfRL.exe
  C:\Windows\System\FdTmfRL.exe
  2⤵
  PID:6824
- C:\Windows\System\pkomudT.exe
  C:\Windows\System\pkomudT.exe
  2⤵
  PID:6776
- C:\Windows\System\osdZJeu.exe
  C:\Windows\System\osdZJeu.exe
  2⤵
  PID:5768
- C:\Windows\System\dkzRLlP.exe
  C:\Windows\System\dkzRLlP.exe
  2⤵
  PID:1944
- C:\Windows\System\DdiCHtB.exe
  C:\Windows\System\DdiCHtB.exe
  2⤵
  PID:7160
- C:\Windows\System\kLGzgRE.exe
  C:\Windows\System\kLGzgRE.exe
  2⤵
  PID:6384
- C:\Windows\System\VRILLcd.exe
  C:\Windows\System\VRILLcd.exe
  2⤵
  PID:6492
- C:\Windows\System\ZigMUbr.exe
  C:\Windows\System\ZigMUbr.exe
  2⤵
  PID:6168
- C:\Windows\System\LsGCjcI.exe
  C:\Windows\System\LsGCjcI.exe
  2⤵
  PID:6804
- C:\Windows\System\UpHfPwj.exe
  C:\Windows\System\UpHfPwj.exe
  2⤵
  PID:7184
- C:\Windows\System\jmlpokg.exe
  C:\Windows\System\jmlpokg.exe
  2⤵
  PID:7208
- C:\Windows\System\wOarLXC.exe
  C:\Windows\System\wOarLXC.exe
  2⤵
  PID:7224
- C:\Windows\System\cEoycTz.exe
  C:\Windows\System\cEoycTz.exe
  2⤵
  PID:7240
- C:\Windows\System\efJAsEC.exe
  C:\Windows\System\efJAsEC.exe
  2⤵
  PID:7256
- C:\Windows\System\QvfybXt.exe
  C:\Windows\System\QvfybXt.exe
  2⤵
  PID:7276
- C:\Windows\System\MDOyfMh.exe
  C:\Windows\System\MDOyfMh.exe
  2⤵
  PID:7296
- C:\Windows\System\BkQeXcr.exe
  C:\Windows\System\BkQeXcr.exe
  2⤵
  PID:7316
- C:\Windows\System\KMylbzY.exe
  C:\Windows\System\KMylbzY.exe
  2⤵
  PID:7336
- C:\Windows\System\ucKCApn.exe
  C:\Windows\System\ucKCApn.exe
  2⤵
  PID:7352
- C:\Windows\System\qcUvLdZ.exe
  C:\Windows\System\qcUvLdZ.exe
  2⤵
  PID:7368
- C:\Windows\System\CXreBjy.exe
  C:\Windows\System\CXreBjy.exe
  2⤵
  PID:7384
- C:\Windows\System\IeWqtMa.exe
  C:\Windows\System\IeWqtMa.exe
  2⤵
  PID:7400
- C:\Windows\System\oDfXpHA.exe
  C:\Windows\System\oDfXpHA.exe
  2⤵
  PID:7416
- C:\Windows\System\tPrAdAH.exe
  C:\Windows\System\tPrAdAH.exe
  2⤵
  PID:7444
- C:\Windows\System\MtfGwuY.exe
  C:\Windows\System\MtfGwuY.exe
  2⤵
  PID:7460
- C:\Windows\System\AridhpL.exe
  C:\Windows\System\AridhpL.exe
  2⤵
  PID:7524
- C:\Windows\System\bZNmljP.exe
  C:\Windows\System\bZNmljP.exe
  2⤵
  PID:7540
- C:\Windows\System\SGyucrN.exe
  C:\Windows\System\SGyucrN.exe
  2⤵
  PID:7560
- C:\Windows\System\GvnYMJX.exe
  C:\Windows\System\GvnYMJX.exe
  2⤵
  PID:7576
- C:\Windows\System\jTtOMow.exe
  C:\Windows\System\jTtOMow.exe
  2⤵
  PID:7596
- C:\Windows\System\wOYVyUA.exe
  C:\Windows\System\wOYVyUA.exe
  2⤵
  PID:7616
- C:\Windows\System\YJWoHWb.exe
  C:\Windows\System\YJWoHWb.exe
  2⤵
  PID:7632
- C:\Windows\System\irrGWfi.exe
  C:\Windows\System\irrGWfi.exe
  2⤵
  PID:7652
- C:\Windows\System\BCMruNb.exe
  C:\Windows\System\BCMruNb.exe
  2⤵
  PID:7672
- C:\Windows\System\uAltZlz.exe
  C:\Windows\System\uAltZlz.exe
  2⤵
  PID:7704
- C:\Windows\System\eSsvawS.exe
  C:\Windows\System\eSsvawS.exe
  2⤵
  PID:7720
- C:\Windows\System\jrzWXPd.exe
  C:\Windows\System\jrzWXPd.exe
  2⤵
  PID:7736
- C:\Windows\System\wXrPNjd.exe
  C:\Windows\System\wXrPNjd.exe
  2⤵
  PID:7752
- C:\Windows\System\LWNFYqH.exe
  C:\Windows\System\LWNFYqH.exe
  2⤵
  PID:7768
- C:\Windows\System\XsuSufI.exe
  C:\Windows\System\XsuSufI.exe
  2⤵
  PID:7788
- C:\Windows\System\XTVpsLG.exe
  C:\Windows\System\XTVpsLG.exe
  2⤵
  PID:7804
- C:\Windows\System\gethFwG.exe
  C:\Windows\System\gethFwG.exe
  2⤵
  PID:7820
- C:\Windows\System\UmwhMvO.exe
  C:\Windows\System\UmwhMvO.exe
  2⤵
  PID:7840
- C:\Windows\System\bIORWdg.exe
  C:\Windows\System\bIORWdg.exe
  2⤵
  PID:7860
- C:\Windows\System\VQAshhz.exe
  C:\Windows\System\VQAshhz.exe
  2⤵
  PID:7900
- C:\Windows\System\MxrDIbT.exe
  C:\Windows\System\MxrDIbT.exe
  2⤵
  PID:7920
- C:\Windows\System\EJxOHHe.exe
  C:\Windows\System\EJxOHHe.exe
  2⤵
  PID:7936
- C:\Windows\System\ycrsXsR.exe
  C:\Windows\System\ycrsXsR.exe
  2⤵
  PID:7956
- C:\Windows\System\cEZnbKJ.exe
  C:\Windows\System\cEZnbKJ.exe
  2⤵
  PID:7976
- C:\Windows\System\REZNgOI.exe
  C:\Windows\System\REZNgOI.exe
  2⤵
  PID:7996
- C:\Windows\System\poKJkGG.exe
  C:\Windows\System\poKJkGG.exe
  2⤵
  PID:8020
- C:\Windows\System\qGicAnP.exe
  C:\Windows\System\qGicAnP.exe
  2⤵
  PID:8040
- C:\Windows\System\RbQmnKj.exe
  C:\Windows\System\RbQmnKj.exe
  2⤵
  PID:8064
- C:\Windows\System\dEgGuVF.exe
  C:\Windows\System\dEgGuVF.exe
  2⤵
  PID:8080
- C:\Windows\System\IyvUMta.exe
  C:\Windows\System\IyvUMta.exe
  2⤵
  PID:8100
- C:\Windows\System\ephygWI.exe
  C:\Windows\System\ephygWI.exe
  2⤵
  PID:8116
- C:\Windows\System\eQbMKDT.exe
  C:\Windows\System\eQbMKDT.exe
  2⤵
  PID:8132
- C:\Windows\System\QvWuTdx.exe
  C:\Windows\System\QvWuTdx.exe
  2⤵
  PID:8152
- C:\Windows\System\nZPwspm.exe
  C:\Windows\System\nZPwspm.exe
  2⤵
  PID:8168
- C:\Windows\System\BYVDtkP.exe
  C:\Windows\System\BYVDtkP.exe
  2⤵
  PID:6500
- C:\Windows\System\EGhhQDu.exe
  C:\Windows\System\EGhhQDu.exe
  2⤵
  PID:7196
- C:\Windows\System\qyrDJyP.exe
  C:\Windows\System\qyrDJyP.exe
  2⤵
  PID:7204
- C:\Windows\System\bguWEmu.exe
  C:\Windows\System\bguWEmu.exe
  2⤵
  PID:7308
- C:\Windows\System\nAiUxmw.exe
  C:\Windows\System\nAiUxmw.exe
  2⤵
  PID:7348
- C:\Windows\System\CoQXXht.exe
  C:\Windows\System\CoQXXht.exe
  2⤵
  PID:7412
- C:\Windows\System\DhPmmtR.exe
  C:\Windows\System\DhPmmtR.exe
  2⤵
  PID:7176
- C:\Windows\System\INzAjSM.exe
  C:\Windows\System\INzAjSM.exe
  2⤵
  PID:7332
- C:\Windows\System\IrqHswq.exe
  C:\Windows\System\IrqHswq.exe
  2⤵
  PID:7220
- C:\Windows\System\YdwPixg.exe
  C:\Windows\System\YdwPixg.exe
  2⤵
  PID:7392
- C:\Windows\System\WbqYCdD.exe
  C:\Windows\System\WbqYCdD.exe
  2⤵
  PID:7292
- C:\Windows\System\KXhdaxw.exe
  C:\Windows\System\KXhdaxw.exe
  2⤵
  PID:7436
- C:\Windows\System\qpKUODZ.exe
  C:\Windows\System\qpKUODZ.exe
  2⤵
  PID:7476
- C:\Windows\System\KVBNRZa.exe
  C:\Windows\System\KVBNRZa.exe
  2⤵
  PID:7536
- C:\Windows\System\tMkRElY.exe
  C:\Windows\System\tMkRElY.exe
  2⤵
  PID:7556
- C:\Windows\System\KUaXPge.exe
  C:\Windows\System\KUaXPge.exe
  2⤵
  PID:7612
- C:\Windows\System\EtjdNkR.exe
  C:\Windows\System\EtjdNkR.exe
  2⤵
  PID:7588
- C:\Windows\System\vYTztCA.exe
  C:\Windows\System\vYTztCA.exe
  2⤵
  PID:7668
- C:\Windows\System\lNUwmQg.exe
  C:\Windows\System\lNUwmQg.exe
  2⤵
  PID:7684
- C:\Windows\System\vcMdzUe.exe
  C:\Windows\System\vcMdzUe.exe
  2⤵
  PID:7776
- C:\Windows\System\KcZFlHZ.exe
  C:\Windows\System\KcZFlHZ.exe
  2⤵
  PID:7712
- C:\Windows\System\QWBbTXE.exe
  C:\Windows\System\QWBbTXE.exe
  2⤵
  PID:7848
- C:\Windows\System\nyaAHYZ.exe
  C:\Windows\System\nyaAHYZ.exe
  2⤵
  PID:7764
- C:\Windows\System\fuXQlbX.exe
  C:\Windows\System\fuXQlbX.exe
  2⤵
  PID:6372
- C:\Windows\System\DfUmGcj.exe
  C:\Windows\System\DfUmGcj.exe
  2⤵
  PID:7868
- C:\Windows\System\jJHMnnB.exe
  C:\Windows\System\jJHMnnB.exe
  2⤵
  PID:7884
- C:\Windows\System\unhlWBV.exe
  C:\Windows\System\unhlWBV.exe
  2⤵
  PID:7932
- C:\Windows\System\vGtNtxp.exe
  C:\Windows\System\vGtNtxp.exe
  2⤵
  PID:7944
- C:\Windows\System\hILHFSt.exe
  C:\Windows\System\hILHFSt.exe
  2⤵
  PID:8012
- C:\Windows\System\QoxMtss.exe
  C:\Windows\System\QoxMtss.exe
  2⤵
  PID:8060
- C:\Windows\System\kZVLxQE.exe
  C:\Windows\System\kZVLxQE.exe
  2⤵
  PID:8140
- C:\Windows\System\HReXtDQ.exe
  C:\Windows\System\HReXtDQ.exe
  2⤵
  PID:8184
- C:\Windows\System\YTTwGvb.exe
  C:\Windows\System\YTTwGvb.exe
  2⤵
  PID:8164
- C:\Windows\System\ZRwlezZ.exe
  C:\Windows\System\ZRwlezZ.exe
  2⤵
  PID:8124
- C:\Windows\System\nvWMKuI.exe
  C:\Windows\System\nvWMKuI.exe
  2⤵
  PID:6904
- C:\Windows\System\SNXgMDY.exe
  C:\Windows\System\SNXgMDY.exe
  2⤵
  PID:7452
- C:\Windows\System\EfFKayu.exe
  C:\Windows\System\EfFKayu.exe
  2⤵
  PID:7344
- C:\Windows\System\AetpRML.exe
  C:\Windows\System\AetpRML.exe
  2⤵
  PID:7364
- C:\Windows\System\qLCydtB.exe
  C:\Windows\System\qLCydtB.exe
  2⤵
  PID:7216
- C:\Windows\System\KarYXEW.exe
  C:\Windows\System\KarYXEW.exe
  2⤵
  PID:7520
- C:\Windows\System\AWamwFe.exe
  C:\Windows\System\AWamwFe.exe
  2⤵
  PID:7508
- C:\Windows\System\abcWtUk.exe
  C:\Windows\System\abcWtUk.exe
  2⤵
  PID:7492
- C:\Windows\System\kzGOSeP.exe
  C:\Windows\System\kzGOSeP.exe
  2⤵
  PID:7688
- C:\Windows\System\WEJfDEq.exe
  C:\Windows\System\WEJfDEq.exe
  2⤵
  PID:7664
- C:\Windows\System\heZGaKg.exe
  C:\Windows\System\heZGaKg.exe
  2⤵
  PID:7744
- C:\Windows\System\mCxoWOZ.exe
  C:\Windows\System\mCxoWOZ.exe
  2⤵
  PID:7760
- C:\Windows\System\JMMEcoB.exe
  C:\Windows\System\JMMEcoB.exe
  2⤵
  PID:7800
- C:\Windows\System\QXTcaYk.exe
  C:\Windows\System\QXTcaYk.exe
  2⤵
  PID:7972
- C:\Windows\System\ERFBeya.exe
  C:\Windows\System\ERFBeya.exe
  2⤵
  PID:7896
- C:\Windows\System\tLYuPkj.exe
  C:\Windows\System\tLYuPkj.exe
  2⤵
  PID:8016
- C:\Windows\System\mRmarxK.exe
  C:\Windows\System\mRmarxK.exe
  2⤵
  PID:8028
- C:\Windows\System\UYETEDo.exe
  C:\Windows\System\UYETEDo.exe
  2⤵
  PID:8112
- C:\Windows\System\ylMutMN.exe
  C:\Windows\System\ylMutMN.exe
  2⤵
  PID:7192
- C:\Windows\System\wOfmGKM.exe
  C:\Windows\System\wOfmGKM.exe
  2⤵
  PID:7272
- C:\Windows\System\gCwvUMN.exe
  C:\Windows\System\gCwvUMN.exe
  2⤵
  PID:7408
- C:\Windows\System\GLTbSzO.exe
  C:\Windows\System\GLTbSzO.exe
  2⤵
  PID:7252
- C:\Windows\System\rKaITda.exe
  C:\Windows\System\rKaITda.exe
  2⤵
  PID:7432
- C:\Windows\System\MSXmVnv.exe
  C:\Windows\System\MSXmVnv.exe
  2⤵
  PID:7512
- C:\Windows\System\NcNfVqH.exe
  C:\Windows\System\NcNfVqH.exe
  2⤵
  PID:7644
- C:\Windows\System\yNIUPsM.exe
  C:\Windows\System\yNIUPsM.exe
  2⤵
  PID:7716
- C:\Windows\System\vZmyOrp.exe
  C:\Windows\System\vZmyOrp.exe
  2⤵
  PID:7696
- C:\Windows\System\xwtWnfo.exe
  C:\Windows\System\xwtWnfo.exe
  2⤵
  PID:7892
- C:\Windows\System\tjmkIEU.exe
  C:\Windows\System\tjmkIEU.exe
  2⤵
  PID:7828
- C:\Windows\System\ZhWLaNC.exe
  C:\Windows\System\ZhWLaNC.exe
  2⤵
  PID:8052
- C:\Windows\System\EwVbiMc.exe
  C:\Windows\System\EwVbiMc.exe
  2⤵
  PID:8048
- C:\Windows\System\LuXrtNm.exe
  C:\Windows\System\LuXrtNm.exe
  2⤵
  PID:8096
- C:\Windows\System\NXtpPyz.exe
  C:\Windows\System\NXtpPyz.exe
  2⤵
  PID:7172
- C:\Windows\System\ulLWTtQ.exe
  C:\Windows\System\ulLWTtQ.exe
  2⤵
  PID:7288
- C:\Windows\System\KWoZDUy.exe
  C:\Windows\System\KWoZDUy.exe
  2⤵
  PID:7380
- C:\Windows\System\RnIXcOJ.exe
  C:\Windows\System\RnIXcOJ.exe
  2⤵
  PID:7572
- C:\Windows\System\GWNQIvz.exe
  C:\Windows\System\GWNQIvz.exe
  2⤵
  PID:7880
- C:\Windows\System\PglLSPs.exe
  C:\Windows\System\PglLSPs.exe
  2⤵
  PID:8092
- C:\Windows\System\VZlyagf.exe
  C:\Windows\System\VZlyagf.exe
  2⤵
  PID:7284
- C:\Windows\System\lNzaQIu.exe
  C:\Windows\System\lNzaQIu.exe
  2⤵
  PID:7552
- C:\Windows\System\ceXwOwg.exe
  C:\Windows\System\ceXwOwg.exe
  2⤵
  PID:7472
- C:\Windows\System\sSYKEkq.exe
  C:\Windows\System\sSYKEkq.exe
  2⤵
  PID:7532
- C:\Windows\System\YFGRglU.exe
  C:\Windows\System\YFGRglU.exe
  2⤵
  PID:8056
- C:\Windows\System\bxxYXKn.exe
  C:\Windows\System\bxxYXKn.exe
  2⤵
  PID:7648
- C:\Windows\System\rBkhltC.exe
  C:\Windows\System\rBkhltC.exe
  2⤵
  PID:7628
- C:\Windows\System\PNUsXJz.exe
  C:\Windows\System\PNUsXJz.exe
  2⤵
  PID:7660
- C:\Windows\System\LalzIZu.exe
  C:\Windows\System\LalzIZu.exe
  2⤵
  PID:7992
- C:\Windows\System\zVABJQe.exe
  C:\Windows\System\zVABJQe.exe
  2⤵
  PID:8148
- C:\Windows\System\nVaLpQI.exe
  C:\Windows\System\nVaLpQI.exe
  2⤵
  PID:8008
- C:\Windows\System\vZkPCEC.exe
  C:\Windows\System\vZkPCEC.exe
  2⤵
  PID:8224
- C:\Windows\System\BRdqjYA.exe
  C:\Windows\System\BRdqjYA.exe
  2⤵
  PID:8240
- C:\Windows\System\JTlIFgi.exe
  C:\Windows\System\JTlIFgi.exe
  2⤵
  PID:8260
- C:\Windows\System\MkQkLza.exe
  C:\Windows\System\MkQkLza.exe
  2⤵
  PID:8276
- C:\Windows\System\XXMCfHo.exe
  C:\Windows\System\XXMCfHo.exe
  2⤵
  PID:8296
- C:\Windows\System\slcpZwU.exe
  C:\Windows\System\slcpZwU.exe
  2⤵
  PID:8312
- C:\Windows\System\tMVQYdd.exe
  C:\Windows\System\tMVQYdd.exe
  2⤵
  PID:8328
- C:\Windows\System\TKQXLGL.exe
  C:\Windows\System\TKQXLGL.exe
  2⤵
  PID:8348
- C:\Windows\System\gqAUcOH.exe
  C:\Windows\System\gqAUcOH.exe
  2⤵
  PID:8364
- C:\Windows\System\XnxHAaD.exe
  C:\Windows\System\XnxHAaD.exe
  2⤵
  PID:8380
- C:\Windows\System\yVsisAO.exe
  C:\Windows\System\yVsisAO.exe
  2⤵
  PID:8396
- C:\Windows\System\OkOuXXG.exe
  C:\Windows\System\OkOuXXG.exe
  2⤵
  PID:8412
- C:\Windows\System\qxEUtnD.exe
  C:\Windows\System\qxEUtnD.exe
  2⤵
  PID:8428
- C:\Windows\System\JPdBlDm.exe
  C:\Windows\System\JPdBlDm.exe
  2⤵
  PID:8456
- C:\Windows\System\woKncAi.exe
  C:\Windows\System\woKncAi.exe
  2⤵
  PID:8508
- C:\Windows\System\llAmUUl.exe
  C:\Windows\System\llAmUUl.exe
  2⤵
  PID:8528
- C:\Windows\System\KwxlBql.exe
  C:\Windows\System\KwxlBql.exe
  2⤵
  PID:8544
- C:\Windows\System\pdCdgOl.exe
  C:\Windows\System\pdCdgOl.exe
  2⤵
  PID:8564
- C:\Windows\System\tjwXphW.exe
  C:\Windows\System\tjwXphW.exe
  2⤵
  PID:8580
- C:\Windows\System\TgPvwdr.exe
  C:\Windows\System\TgPvwdr.exe
  2⤵
  PID:8600
- C:\Windows\System\FqJzOIL.exe
  C:\Windows\System\FqJzOIL.exe
  2⤵
  PID:8628
- C:\Windows\System\CJRfnsg.exe
  C:\Windows\System\CJRfnsg.exe
  2⤵
  PID:8644
- C:\Windows\System\eDuYTRD.exe
  C:\Windows\System\eDuYTRD.exe
  2⤵
  PID:8660
- C:\Windows\System\WZRggTH.exe
  C:\Windows\System\WZRggTH.exe
  2⤵
  PID:8680
- C:\Windows\System\nIbaNUM.exe
  C:\Windows\System\nIbaNUM.exe
  2⤵
  PID:8700
- C:\Windows\System\wovcpjp.exe
  C:\Windows\System\wovcpjp.exe
  2⤵
  PID:8720
- C:\Windows\System\vfwvFdz.exe
  C:\Windows\System\vfwvFdz.exe
  2⤵
  PID:8736
- C:\Windows\System\ErotXfh.exe
  C:\Windows\System\ErotXfh.exe
  2⤵
  PID:8760
- C:\Windows\System\XjLrQhf.exe
  C:\Windows\System\XjLrQhf.exe
  2⤵
  PID:8776
- C:\Windows\System\hKZlwwW.exe
  C:\Windows\System\hKZlwwW.exe
  2⤵
  PID:8792
- C:\Windows\System\CWCNFVm.exe
  C:\Windows\System\CWCNFVm.exe
  2⤵
  PID:8828
- C:\Windows\System\fjQZPUD.exe
  C:\Windows\System\fjQZPUD.exe
  2⤵
  PID:8852
- C:\Windows\System\dnxZpmb.exe
  C:\Windows\System\dnxZpmb.exe
  2⤵
  PID:8872
- C:\Windows\System\MfEGeXM.exe
  C:\Windows\System\MfEGeXM.exe
  2⤵
  PID:8888
- C:\Windows\System\TyCtXPa.exe
  C:\Windows\System\TyCtXPa.exe
  2⤵
  PID:8912
- C:\Windows\System\wMmybdj.exe
  C:\Windows\System\wMmybdj.exe
  2⤵
  PID:8928
- C:\Windows\System\SpJdoRJ.exe
  C:\Windows\System\SpJdoRJ.exe
  2⤵
  PID:8944
- C:\Windows\System\yxqyHrc.exe
  C:\Windows\System\yxqyHrc.exe
  2⤵
  PID:8960
- C:\Windows\System\BhIVpPb.exe
  C:\Windows\System\BhIVpPb.exe
  2⤵
  PID:8976
- C:\Windows\System\vaebpbM.exe
  C:\Windows\System\vaebpbM.exe
  2⤵
  PID:8996
- C:\Windows\System\haeamyh.exe
  C:\Windows\System\haeamyh.exe
  2⤵
  PID:9016
- C:\Windows\System\BtxXTfh.exe
  C:\Windows\System\BtxXTfh.exe
  2⤵
  PID:9036
- C:\Windows\System\jLMXOZb.exe
  C:\Windows\System\jLMXOZb.exe
  2⤵
  PID:9060
- C:\Windows\System\rggwlxk.exe
  C:\Windows\System\rggwlxk.exe
  2⤵
  PID:9080
- C:\Windows\System\iYmyFds.exe
  C:\Windows\System\iYmyFds.exe
  2⤵
  PID:9100
- C:\Windows\System\THkrwMK.exe
  C:\Windows\System\THkrwMK.exe
  2⤵
  PID:9144
- C:\Windows\System\fYOVwda.exe
  C:\Windows\System\fYOVwda.exe
  2⤵
  PID:9160
- C:\Windows\System\vizXOOS.exe
  C:\Windows\System\vizXOOS.exe
  2⤵
  PID:9180
- C:\Windows\System\OvFAKqn.exe
  C:\Windows\System\OvFAKqn.exe
  2⤵
  PID:9196
- C:\Windows\System\uBgvJAh.exe
  C:\Windows\System\uBgvJAh.exe
  2⤵
  PID:9212
- C:\Windows\System\Eccozcj.exe
  C:\Windows\System\Eccozcj.exe
  2⤵
  PID:8216
- C:\Windows\System\GjJrmTF.exe
  C:\Windows\System\GjJrmTF.exe
  2⤵
  PID:8252
- C:\Windows\System\iajhCdi.exe
  C:\Windows\System\iajhCdi.exe
  2⤵
  PID:8272
- C:\Windows\System\GKkHGAq.exe
  C:\Windows\System\GKkHGAq.exe
  2⤵
  PID:8360
- C:\Windows\System\gNdDimJ.exe
  C:\Windows\System\gNdDimJ.exe
  2⤵
  PID:8336
- C:\Windows\System\ATQYnFr.exe
  C:\Windows\System\ATQYnFr.exe
  2⤵
  PID:8372
- C:\Windows\System\zFlwFls.exe
  C:\Windows\System\zFlwFls.exe
  2⤵
  PID:8436
- C:\Windows\System\rOhjEiG.exe
  C:\Windows\System\rOhjEiG.exe
  2⤵
  PID:8464
- C:\Windows\System\MQcKTXp.exe
  C:\Windows\System\MQcKTXp.exe
  2⤵
  PID:7784
- C:\Windows\System\DSuDRrz.exe
  C:\Windows\System\DSuDRrz.exe
  2⤵
  PID:8504
- C:\Windows\System\ooFptnR.exe
  C:\Windows\System\ooFptnR.exe
  2⤵
  PID:8536
- C:\Windows\System\xJmQFHC.exe
  C:\Windows\System\xJmQFHC.exe
  2⤵
  PID:8576
- C:\Windows\System\lurFYRE.exe
  C:\Windows\System\lurFYRE.exe
  2⤵
  PID:8624
- C:\Windows\System\EdVJqpK.exe
  C:\Windows\System\EdVJqpK.exe
  2⤵
  PID:8652
- C:\Windows\System\sHvyZSv.exe
  C:\Windows\System\sHvyZSv.exe
  2⤵
  PID:8692
- C:\Windows\System\VjQNHBc.exe
  C:\Windows\System\VjQNHBc.exe
  2⤵
  PID:8672
- C:\Windows\System\GvFEkBn.exe
  C:\Windows\System\GvFEkBn.exe
  2⤵
  PID:8772
- C:\Windows\System\vHQqBif.exe
  C:\Windows\System\vHQqBif.exe
  2⤵
  PID:8640
- C:\Windows\System\GKJIWjw.exe
  C:\Windows\System\GKJIWjw.exe
  2⤵
  PID:8744
- C:\Windows\System\TloUOdT.exe
  C:\Windows\System\TloUOdT.exe
  2⤵
  PID:8748
- C:\Windows\System\QAhFsTl.exe
  C:\Windows\System\QAhFsTl.exe
  2⤵
  PID:8488
- C:\Windows\System\wIOxWbq.exe
  C:\Windows\System\wIOxWbq.exe
  2⤵
  PID:8840
- C:\Windows\System\djSsyBs.exe
  C:\Windows\System\djSsyBs.exe
  2⤵
  PID:8884
- C:\Windows\System\tZxNfyK.exe
  C:\Windows\System\tZxNfyK.exe
  2⤵
  PID:8908
- C:\Windows\System\wBKPbbC.exe
  C:\Windows\System\wBKPbbC.exe
  2⤵
  PID:8968
- C:\Windows\System\UnZXxUb.exe
  C:\Windows\System\UnZXxUb.exe
  2⤵
  PID:9044
- C:\Windows\System\ZDhxnAU.exe
  C:\Windows\System\ZDhxnAU.exe
  2⤵
  PID:8952
- C:\Windows\System\FRXfSoc.exe
  C:\Windows\System\FRXfSoc.exe
  2⤵
  PID:8992
- C:\Windows\System\JYjOszs.exe
  C:\Windows\System\JYjOszs.exe
  2⤵
  PID:9088
- C:\Windows\System\HSpwsPV.exe
  C:\Windows\System\HSpwsPV.exe
  2⤵
  PID:9068
- C:\Windows\System\KYUzlfu.exe
  C:\Windows\System\KYUzlfu.exe
  2⤵
  PID:9076
- C:\Windows\System\oZpuKQD.exe
  C:\Windows\System\oZpuKQD.exe
  2⤵
  PID:9156
- C:\Windows\System\eMiJCnb.exe
  C:\Windows\System\eMiJCnb.exe
  2⤵
  PID:8200
- C:\Windows\System\uWuBFvS.exe
  C:\Windows\System\uWuBFvS.exe
  2⤵
  PID:8420
- C:\Windows\System\PtXGvgG.exe
  C:\Windows\System\PtXGvgG.exe
  2⤵
  PID:8612
- C:\Windows\System\WvsdbKx.exe
  C:\Windows\System\WvsdbKx.exe
  2⤵
  PID:8452
- C:\Windows\System\scHDkbW.exe
  C:\Windows\System\scHDkbW.exe
  2⤵
  PID:8496
- C:\Windows\System\kJsibTS.exe
  C:\Windows\System\kJsibTS.exe
  2⤵
  PID:8636
- C:\Windows\System\VLnvVPr.exe
  C:\Windows\System\VLnvVPr.exe
  2⤵
  PID:8676
- C:\Windows\System\DPyLnnF.exe
  C:\Windows\System\DPyLnnF.exe
  2⤵
  PID:8756
- C:\Windows\System\Qbolmlm.exe
  C:\Windows\System\Qbolmlm.exe
  2⤵
  PID:8848
- C:\Windows\System\MinHNJF.exe
  C:\Windows\System\MinHNJF.exe
  2⤵
  PID:8904
- C:\Windows\System\puDhQnx.exe
  C:\Windows\System\puDhQnx.exe
  2⤵
  PID:8812
- C:\Windows\System\ldlsXqF.exe
  C:\Windows\System\ldlsXqF.exe
  2⤵
  PID:9048
- C:\Windows\System\wKumlFO.exe
  C:\Windows\System\wKumlFO.exe
  2⤵
  PID:9012
- C:\Windows\System\YbXfkDW.exe
  C:\Windows\System\YbXfkDW.exe
  2⤵
  PID:9192
- C:\Windows\System\aXhRRUG.exe
  C:\Windows\System\aXhRRUG.exe
  2⤵
  PID:9136
- C:\Windows\System\fhavqdU.exe
  C:\Windows\System\fhavqdU.exe
  2⤵
  PID:9168
- C:\Windows\System\NVEPQEp.exe
  C:\Windows\System\NVEPQEp.exe
  2⤵
  PID:8284
- C:\Windows\System\ZkBGNNU.exe
  C:\Windows\System\ZkBGNNU.exe
  2⤵
  PID:8320
- C:\Windows\System\lqeqsLx.exe
  C:\Windows\System\lqeqsLx.exe
  2⤵
  PID:8356
- C:\Windows\System\Jnmpcyg.exe
  C:\Windows\System\Jnmpcyg.exe
  2⤵
  PID:8896
- C:\Windows\System\DFrQVdz.exe
  C:\Windows\System\DFrQVdz.exe
  2⤵
  PID:8560
- C:\Windows\System\NniaTdr.exe
  C:\Windows\System\NniaTdr.exe
  2⤵
  PID:8616
- C:\Windows\System\tfnZLHD.exe
  C:\Windows\System\tfnZLHD.exe
  2⤵
  PID:8804
- C:\Windows\System\wuyiTeW.exe
  C:\Windows\System\wuyiTeW.exe
  2⤵
  PID:9116
- C:\Windows\System\ptjVyfl.exe
  C:\Windows\System\ptjVyfl.exe
  2⤵
  PID:8816
- C:\Windows\System\adMmgyQ.exe
  C:\Windows\System\adMmgyQ.exe
  2⤵
  PID:9092
- C:\Windows\System\qBWxhCM.exe
  C:\Windows\System\qBWxhCM.exe
  2⤵
  PID:8232
- C:\Windows\System\EdMuLWr.exe
  C:\Windows\System\EdMuLWr.exe
  2⤵
  PID:8248
- C:\Windows\System\BGUCinx.exe
  C:\Windows\System\BGUCinx.exe
  2⤵
  PID:8472
- C:\Windows\System\ZFcYjfn.exe
  C:\Windows\System\ZFcYjfn.exe
  2⤵
  PID:8444
- C:\Windows\System\bZyPTGu.exe
  C:\Windows\System\bZyPTGu.exe
  2⤵
  PID:8956
- C:\Windows\System\HseHKco.exe
  C:\Windows\System\HseHKco.exe
  2⤵
  PID:8988
- C:\Windows\System\yvNcrjD.exe
  C:\Windows\System\yvNcrjD.exe
  2⤵
  PID:8768
- C:\Windows\System\odaMbfU.exe
  C:\Windows\System\odaMbfU.exe
  2⤵
  PID:9028
- C:\Windows\System\QeGQPce.exe
  C:\Windows\System\QeGQPce.exe
  2⤵
  PID:9152
- C:\Windows\System\uBTZGBM.exe
  C:\Windows\System\uBTZGBM.exe
  2⤵
  PID:8288
- C:\Windows\System\UrFBKKs.exe
  C:\Windows\System\UrFBKKs.exe
  2⤵
  PID:8480
- C:\Windows\System\wzlosaM.exe
  C:\Windows\System\wzlosaM.exe
  2⤵
  PID:8556
- C:\Windows\System\IdMoKCT.exe
  C:\Windows\System\IdMoKCT.exe
  2⤵
  PID:8920
- C:\Windows\System\wfSwAVJ.exe
  C:\Windows\System\wfSwAVJ.exe
  2⤵
  PID:8344
- C:\Windows\System\MJMsYmC.exe
  C:\Windows\System\MJMsYmC.exe
  2⤵
  PID:9260
- C:\Windows\System\TXpylUJ.exe
  C:\Windows\System\TXpylUJ.exe
  2⤵
  PID:9276
- C:\Windows\System\UWHNzly.exe
  C:\Windows\System\UWHNzly.exe
  2⤵
  PID:9296
- C:\Windows\System\XwcVSNT.exe
  C:\Windows\System\XwcVSNT.exe
  2⤵
  PID:9316
- C:\Windows\System\LVQnmcN.exe
  C:\Windows\System\LVQnmcN.exe
  2⤵
  PID:9332
- C:\Windows\System\gHfvoKW.exe
  C:\Windows\System\gHfvoKW.exe
  2⤵
  PID:9348
- C:\Windows\System\nRjGSjI.exe
  C:\Windows\System\nRjGSjI.exe
  2⤵
  PID:9364
- C:\Windows\System\TWlNfQY.exe
  C:\Windows\System\TWlNfQY.exe
  2⤵
  PID:9400
- C:\Windows\System\BxukguS.exe
  C:\Windows\System\BxukguS.exe
  2⤵
  PID:9416
- C:\Windows\System\HWvOfjV.exe
  C:\Windows\System\HWvOfjV.exe
  2⤵
  PID:9436
- C:\Windows\System\FcrRabZ.exe
  C:\Windows\System\FcrRabZ.exe
  2⤵
  PID:9460
- C:\Windows\System\GEwuPqH.exe
  C:\Windows\System\GEwuPqH.exe
  2⤵
  PID:9476
- C:\Windows\System\MRPMXyF.exe
  C:\Windows\System\MRPMXyF.exe
  2⤵
  PID:9492
- C:\Windows\System\fEBLyJs.exe
  C:\Windows\System\fEBLyJs.exe
  2⤵
  PID:9512
- C:\Windows\System\QkGKLvu.exe
  C:\Windows\System\QkGKLvu.exe
  2⤵
  PID:9532
- C:\Windows\System\dZTVoUR.exe
  C:\Windows\System\dZTVoUR.exe
  2⤵
  PID:9556
- C:\Windows\System\hoFUbMs.exe
  C:\Windows\System\hoFUbMs.exe
  2⤵
  PID:9572
- C:\Windows\System\IHipSTt.exe
  C:\Windows\System\IHipSTt.exe
  2⤵
  PID:9592
- C:\Windows\System\mvrFRRn.exe
  C:\Windows\System\mvrFRRn.exe
  2⤵
  PID:9612
- C:\Windows\System\waNwvRU.exe
  C:\Windows\System\waNwvRU.exe
  2⤵
  PID:9628
- C:\Windows\System\ngmkUBa.exe
  C:\Windows\System\ngmkUBa.exe
  2⤵
  PID:9644
- C:\Windows\System\QeDFZbj.exe
  C:\Windows\System\QeDFZbj.exe
  2⤵
  PID:9664
- C:\Windows\System\YJqXAaT.exe
  C:\Windows\System\YJqXAaT.exe
  2⤵
  PID:9680
- C:\Windows\System\fQDtjYy.exe
  C:\Windows\System\fQDtjYy.exe
  2⤵
  PID:9704
- C:\Windows\System\ZvhTEWK.exe
  C:\Windows\System\ZvhTEWK.exe
  2⤵
  PID:9724
- C:\Windows\System\uVbpePk.exe
  C:\Windows\System\uVbpePk.exe
  2⤵
  PID:9748
- C:\Windows\System\AHOYQJL.exe
  C:\Windows\System\AHOYQJL.exe
  2⤵
  PID:9776
- C:\Windows\System\tYXqIWX.exe
  C:\Windows\System\tYXqIWX.exe
  2⤵
  PID:9804
- C:\Windows\System\SZylIxZ.exe
  C:\Windows\System\SZylIxZ.exe
  2⤵
  PID:9824
- C:\Windows\System\qIXHvtO.exe
  C:\Windows\System\qIXHvtO.exe
  2⤵
  PID:9840
- C:\Windows\System\okdWdNR.exe
  C:\Windows\System\okdWdNR.exe
  2⤵
  PID:9856
- C:\Windows\System\ILwgsaO.exe
  C:\Windows\System\ILwgsaO.exe
  2⤵
  PID:9872
- C:\Windows\System\HOsDLlw.exe
  C:\Windows\System\HOsDLlw.exe
  2⤵
  PID:9892
- C:\Windows\System\BiIvVNg.exe
  C:\Windows\System\BiIvVNg.exe
  2⤵
  PID:9912
- C:\Windows\System\XTqjRxx.exe
  C:\Windows\System\XTqjRxx.exe
  2⤵
  PID:9928
- C:\Windows\System\EGdzjAR.exe
  C:\Windows\System\EGdzjAR.exe
  2⤵
  PID:9944
- C:\Windows\System\nCcZJbG.exe
  C:\Windows\System\nCcZJbG.exe
  2⤵
  PID:9972
- C:\Windows\System\wjypeeL.exe
  C:\Windows\System\wjypeeL.exe
  2⤵
  PID:9988
- C:\Windows\System\RISWEIV.exe
  C:\Windows\System\RISWEIV.exe
  2⤵
  PID:10004
- C:\Windows\System\KURuidc.exe
  C:\Windows\System\KURuidc.exe
  2⤵
  PID:10024
- C:\Windows\System\SvbQTez.exe
  C:\Windows\System\SvbQTez.exe
  2⤵
  PID:10064
- C:\Windows\System\jjmBjnS.exe
  C:\Windows\System\jjmBjnS.exe
  2⤵
  PID:10084
- C:\Windows\System\rBMfRuk.exe
  C:\Windows\System\rBMfRuk.exe
  2⤵
  PID:10100
- C:\Windows\System\oTKfbaO.exe
  C:\Windows\System\oTKfbaO.exe
  2⤵
  PID:10120
- C:\Windows\System\umIKcKj.exe
  C:\Windows\System\umIKcKj.exe
  2⤵
  PID:10140
- C:\Windows\System\ufoKZEk.exe
  C:\Windows\System\ufoKZEk.exe
  2⤵
  PID:10156
- C:\Windows\System\iECygaZ.exe
  C:\Windows\System\iECygaZ.exe
  2⤵
  PID:10172
- C:\Windows\System\gEdSaja.exe
  C:\Windows\System\gEdSaja.exe
  2⤵
  PID:10192
- C:\Windows\System\JxyRjWc.exe
  C:\Windows\System\JxyRjWc.exe
  2⤵
  PID:10212
- C:\Windows\System\KvvxzFX.exe
  C:\Windows\System\KvvxzFX.exe
  2⤵
  PID:8236
- C:\Windows\System\JFlrLkW.exe
  C:\Windows\System\JFlrLkW.exe
  2⤵
  PID:8788
- C:\Windows\System\lRcVfzW.exe
  C:\Windows\System\lRcVfzW.exe
  2⤵
  PID:8688
- C:\Windows\System\XgocbMV.exe
  C:\Windows\System\XgocbMV.exe
  2⤵
  PID:9236
- C:\Windows\System\tFiJolu.exe
  C:\Windows\System\tFiJolu.exe
  2⤵
  PID:9252
- C:\Windows\System\xkNQgpZ.exe
  C:\Windows\System\xkNQgpZ.exe
  2⤵
  PID:9312
- C:\Windows\System\lYDUbhP.exe
  C:\Windows\System\lYDUbhP.exe
  2⤵
  PID:9344
- C:\Windows\System\nOdLrel.exe
  C:\Windows\System\nOdLrel.exe
  2⤵
  PID:9376
- C:\Windows\System\mISzoBG.exe
  C:\Windows\System\mISzoBG.exe
  2⤵
  PID:9412
- C:\Windows\System\ZNsVBnB.exe
  C:\Windows\System\ZNsVBnB.exe
  2⤵
  PID:9444
- C:\Windows\System\wDSSwnD.exe
  C:\Windows\System\wDSSwnD.exe
  2⤵
  PID:9472
- C:\Windows\System\igiVadf.exe
  C:\Windows\System\igiVadf.exe
  2⤵
  PID:9504
- C:\Windows\System\qRirXsf.exe
  C:\Windows\System\qRirXsf.exe
  2⤵
  PID:9540
- C:\Windows\System\JiWNVNm.exe
  C:\Windows\System\JiWNVNm.exe
  2⤵
  PID:9580
- C:\Windows\System\dpxirHg.exe
  C:\Windows\System\dpxirHg.exe
  2⤵
  PID:9608
- C:\Windows\System\MZUWfkN.exe
  C:\Windows\System\MZUWfkN.exe
  2⤵
  PID:9672
- C:\Windows\System\wRDqrgn.exe
  C:\Windows\System\wRDqrgn.exe
  2⤵
  PID:9624
- C:\Windows\System\zadBaAZ.exe
  C:\Windows\System\zadBaAZ.exe
  2⤵
  PID:9696
- C:\Windows\System\vwCSlIG.exe
  C:\Windows\System\vwCSlIG.exe
  2⤵
  PID:9756
- C:\Windows\System\PrfnbCL.exe
  C:\Windows\System\PrfnbCL.exe
  2⤵
  PID:9784
- C:\Windows\System\vLqJHsV.exe
  C:\Windows\System\vLqJHsV.exe
  2⤵
  PID:9812
- C:\Windows\System\CstJDnt.exe
  C:\Windows\System\CstJDnt.exe
  2⤵
  PID:9880
- C:\Windows\System\ZpAjSpU.exe
  C:\Windows\System\ZpAjSpU.exe
  2⤵
  PID:9888
- C:\Windows\System\oqWjxAW.exe
  C:\Windows\System\oqWjxAW.exe
  2⤵
  PID:9964
- C:\Windows\System\rCbHUmH.exe
  C:\Windows\System\rCbHUmH.exe
  2⤵
  PID:10000
- C:\Windows\System\yBAhcZN.exe
  C:\Windows\System\yBAhcZN.exe
  2⤵
  PID:9864
- C:\Windows\System\LpsQWUW.exe
  C:\Windows\System\LpsQWUW.exe
  2⤵
  PID:9904
- C:\Windows\System\CavwaNl.exe
  C:\Windows\System\CavwaNl.exe
  2⤵
  PID:10040
- C:\Windows\System\NAdEkUo.exe
  C:\Windows\System\NAdEkUo.exe
  2⤵
  PID:10056
- C:\Windows\System\YyMOLUk.exe
  C:\Windows\System\YyMOLUk.exe
  2⤵
  PID:10076
- C:\Windows\System\utEiZEb.exe
  C:\Windows\System\utEiZEb.exe
  2⤵
  PID:10112
- C:\Windows\System\hSIhpxA.exe
  C:\Windows\System\hSIhpxA.exe
  2⤵
  PID:10220
- C:\Windows\System\QvmNWFv.exe
  C:\Windows\System\QvmNWFv.exe
  2⤵
  PID:10168
- C:\Windows\System\zOBFdbh.exe
  C:\Windows\System\zOBFdbh.exe
  2⤵
  PID:10224
- C:\Windows\System\KGjEKUi.exe
  C:\Windows\System\KGjEKUi.exe
  2⤵
  PID:9072
- C:\Windows\System\CFyeniQ.exe
  C:\Windows\System\CFyeniQ.exe
  2⤵
  PID:9232
- C:\Windows\System\gstuzjH.exe
  C:\Windows\System\gstuzjH.exe
  2⤵
  PID:9328
- C:\Windows\System\bueNDMo.exe
  C:\Windows\System\bueNDMo.exe
  2⤵
  PID:9244
- C:\Windows\System\UZWRavN.exe
  C:\Windows\System\UZWRavN.exe
  2⤵
  PID:9248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BnOPlJY.exe

Filesize
6.0MB

MD5
f736ebf643a115fbd3cb3b12f81249fb

SHA1
0f9b566e8a34331a2566ab04dc59debc563e166d

SHA256
ec75da2a5d321b28f3d51250bd7ad1531c53b304642ff544784fb04fcd7a9cfc

SHA512
1f4edb2ab00671b7df70a54bb6c33ca1f37e442b7a3162558a56417e898f9e86d486d6463e5313b0cfa112251cfd88943b6b7be44e1ac447c445845c336e2425

Download Submit
C:\Windows\system\DrhCtuG.exe

Filesize
6.0MB

MD5
0ea620c1c3086343ead9d47adaf81f47

SHA1
aa5b521f4e4a034e11b7ee9590df86d78b37144d

SHA256
6e8943f842cdf4031744c468627430f815cac31dfab4d19894bfb8b119a2cf32

SHA512
1d6cb1cdc118eda44cd776812746e27638698b375e2c8726cb824125a764ec989088cb90e26a672190696de18c86083aa20c576014615db681b9bfde12659db5

Download Submit
C:\Windows\system\FfqwXHM.exe

Filesize
8B

MD5
a5ce0e1cd1d3917f12b2586698d6dcc3

SHA1
2f4215182cfc776d7694eb4ff7274612b0593eeb

SHA256
48b3f31c2ddcc55f74d70a7833a2b09f6b374689bbf4cb6de601d6a621a2abbc

SHA512
f349489705218d3925cc06581c9fd70709fc5a0bb4f86496e55ebbbc637c745339459701ffd3b7a8c11bbfdd4f5b738df89620bf4327ebc87ea6731f85a01281

Download Submit
C:\Windows\system\HdJcmYP.exe

Filesize
6.0MB

MD5
6628f5fff8d64ed63e95c343ab92cd19

SHA1
88e31d0cebf91d0267eff0400ae7d4995b8cc7d6

SHA256
cafb07c05cb48918a6260daf96c974a233499e2df506b625f4ba0ace058cc6b0

SHA512
a4477182440465431957b043daccf5fb2b6f2c507ecde166446744e0f79236abf30da7f90c25547a9529f8304f65e917f06aba492985d5939450be5228f99429

Download Submit
C:\Windows\system\IlwhWBn.exe

Filesize
6.0MB

MD5
faf167423e4fd2209fa803730afb8960

SHA1
fb349b221e1281def0c4e7a1e016185e4582fbf2

SHA256
43b0493f4f5aff88e5f2863e8278301933f4633fd89c0aeb6a1f0a7e61bd75f9

SHA512
6b0aeffbdeefafe61f110e62a2c4a89ac505e890c57ce36230f4d8d7c52bc0c92d71f486453b3dd1ad58635cb339460d3949ae8d62fd5634adce7caeb9659244

Download Submit
C:\Windows\system\IvcPNDp.exe

Filesize
6.0MB

MD5
43afeeccc879f59e0f129d5334fcc5cc

SHA1
17819512c50feabe0a2e4e809f2ecf1ef892eeac

SHA256
44d10e472f371e4d1fc4aed18a674f370f5abe65f1523ddaac488da9e3c500bd

SHA512
65fad78666f276b7f2594236574f8a57c5e1a27a94a1a18fb9a28f2d3862081009f934e6f3188bbb7220ff926082965cf3e840444830110e65ca1a70fc2d6da9

Download Submit
C:\Windows\system\KKDTGKW.exe

Filesize
6.0MB

MD5
be6d3b323c35d0d529e110c89158ef6d

SHA1
4057b2587fbac551f99079840ff4b2a3dd94a060

SHA256
53dee076a749b3751c84c0de3c0d157a3e6355f3bc6dab163fd4cf7251a87472

SHA512
344a4e179365da044694a9c4fbb827bed911228bad18c07d09ef7137523ebc5b8bfffd58e003dc130bc4c298046bd1128fede6d7b5a2049d73abd18f8c679325

Download Submit
C:\Windows\system\KlmDWBQ.exe

Filesize
6.0MB

MD5
c77a0fd910b1f1ede1038f01603ec999

SHA1
3893ae7e09a24ee3d65170257308368529551a2a

SHA256
54e439ee0ea576e90e8a3517d82e8abfeb031f7918d65b77373239aa9375d904

SHA512
ecf1b79e1a8e3abf7426f1fcdf34437d7092492efaf928f932ddbd45a68370937448604fb757e935e32c099c4160531cbb52fc77425a3e17b6893e41809671f2

Download Submit
C:\Windows\system\LZcxXaR.exe

Filesize
6.0MB

MD5
768e62a266032418d6cffb6dc75df230

SHA1
64652cc5f0f56070418969379d4acae5db7a56b4

SHA256
80d3e2b67eb4ef758f786e4333dfe2dcab9be0256bd6fd2abef3583e4b47a1aa

SHA512
bb3c2c5354076585f64de60c8b9a9ff8a307e57dd3ffc1bdf77c0db4d22c73acbc114afe13848356a947196e6cf8c3d536800796b5b22b4e7e994de4703f1643

Download Submit
C:\Windows\system\LuVAnLL.exe

Filesize
6.0MB

MD5
3de0b06eba113af090c2e6d04a66f90f

SHA1
375e27948dc6cd01949408de59226f23adf23398

SHA256
302619a8f71d33554a20e7d1d8a47029f6d7e6ea643c4205fed8d7344e717a0c

SHA512
878bed4ccfdd5fce9c886022f4180993f52251c9c0b8c1bcbedfd04a41fe4de0faf5345c4c82c0ef36ce78a5d43c5d4456b14bc66690460b8fe56891c00ffd96

Download Submit
C:\Windows\system\MWdnGYu.exe

Filesize
6.0MB

MD5
f996d6ef64fc605f710bf661fbc182c6

SHA1
b4c46f5bef72dc38437b63844c4cdffbe04d2386

SHA256
94107afb56fead40c6558a3b4925c74308113dd427810c93492470e89fa13e65

SHA512
c85823125e1c1b1e9d1787d0d32554e29221a7809157b76cc5fea348dbd4699a185ea337588a3c64676f313cc06d68c42c4d75f9062f45032ac4f420850c9538

Download Submit
C:\Windows\system\OLhcSiA.exe

Filesize
6.0MB

MD5
d32c198f97b62c20aaa7ded629ce8d6d

SHA1
a21dfd984d4ff0cd8e848f68a95695c2451275bd

SHA256
37becac41f11ca448837110b871c44c135aae3950cb5080e3129e37a08e23f9a

SHA512
fd8e861fcf7c3326e82192fbbb0888d8642e901adfeee7f5f04b29796a646986196b076892de3d54573df052a8610fb0d14cfd4f67baa977f9ddb9f50fd9604a

Download Submit
C:\Windows\system\OMeewEN.exe

Filesize
6.0MB

MD5
81e04260c8fce73b05c3542e80d5ef86

SHA1
fb998084c7b3c60cd68b2584d8d32c14df9d520b

SHA256
bd7efd1ce5ac95ed09907e3c7fb90caac8924782f2cb5b45372c108043282505

SHA512
7fe053db19abc87c81cadf83847592cb75bf4bf591830d547744167967ddc25ef7437253c693bbe179e28f7eff8826976e8dd665ed9f85eb260ab78ea3a08f29

Download Submit
C:\Windows\system\PuJwyBp.exe

Filesize
6.0MB

MD5
c3ec39e653f06ab48fdfb4e39e610f99

SHA1
d29ee73db989276dc33b77bf58346d7912d01cd3

SHA256
08f9fa0fcfb873488af7ee10ef73941fcbd94c04a7026e2f5233f5436eeae671

SHA512
bef487e0569722e1491f3b467b4ff63e10162d9e4fbbc7f505f4ccc0bf09e07fc38e08d7dbeabf9580f4bba3c00e51b7669eec9c2a90c95b9de5cb29b3effedb

Download Submit
C:\Windows\system\SeCiRNr.exe

Filesize
6.0MB

MD5
a2619fb2d70aa46cc1eb02099b5afbda

SHA1
887826d34b4d81ab50731fee5359dcf62431e045

SHA256
a5829ef6f1e8855c9b6e25a1ef2a8f95d541f1fe9474191eac24f5bf176c2e21

SHA512
83ef28c5fe052f65d8d6e92557377a3ec9b4319be07a0171a14ea198b8a56d283ce4f842a1c59af596c695b396ff1143841a183e5430c976391bf5a321772c53

Download Submit
C:\Windows\system\ZGlJUbx.exe

Filesize
6.0MB

MD5
c6dcfa1b2388a3887c2dc9c924e1dca1

SHA1
b17c285ad2b1eae12e798d67dbeec3ff33eadb97

SHA256
46aa439a92cc3e07d6e17467bd68c8aa6c43b77f39ad0875c824455c73c7d13a

SHA512
53939b206ba3df5e78120e0fa7c77b1c3152c2ba0f6234f0642ee9e8e37d85cf657b5bb8e66f5f676c6ab579f59fae1b87ab7f5973da5db68aa92d49d3fb9ca4

Download Submit
C:\Windows\system\aqlYiMv.exe

Filesize
6.0MB

MD5
4abad8d0fe27f309506aa7a228516fe8

SHA1
6d143c35fc8f665c038369d88d2a3f03b9ccce3d

SHA256
f15f00c61003c70869d615ffcc89349554cd0d0df63908ae28322c921d286d5c

SHA512
65764a75131276a12c257df269c1fe3a7e51a5a03f89761daf775a7e82e15360289f49ce4b8283dd7413760f75147a754bc63a6d99224cbd9cc0d453d6c5c710

Download Submit
C:\Windows\system\bbUhOFK.exe

Filesize
6.0MB

MD5
9c64550ae9f41f6be3ccd63a53b27eee

SHA1
8ac0b2dd859f6692be53bd648677f55cb0ae8fdc

SHA256
952b3bea5ae360072ca5ab45e8f2ed68bd4975ce4d7ef823ecbdebfa7f2b1ada

SHA512
96fb48ac7aa0cfbd807a54bd8c583c65d9616dc5978f1dc91e9948fe7d0401f8c5076f59a084a13db06c1924d147b3e4b18f0a10b7140e01eea05d4bce272460

Download Submit
C:\Windows\system\eyhmDKZ.exe

Filesize
6.0MB

MD5
762b845f52484f7b273f2eb84b1c3c4c

SHA1
fb3e9fc76670622d11c7d1adfb06ef3d18ea66c4

SHA256
89a91de8cc73a79dc84a3c94c0f53691cb14addd0e25d811345cf6174c3ec13f

SHA512
1890f05bb3a16427bd72cb250b554e4a79a1de80f7331bc0b433e13efb934f4eb16a0c61e25cce781ba37755bf932f1b845bcfe6ccfa1070997d75fb9006eff5

Download Submit
C:\Windows\system\oXJvWhu.exe

Filesize
6.0MB

MD5
aef594d811f00356d53ff71b58015c27

SHA1
9058881691608eb3298017a456fe5ce0148f17be

SHA256
195a7978f8dfdd4223bf82a94b41e592074e68089c8971ba53a9d1069587dc88

SHA512
422bd0a6b8a8f993df1a54bd8111fdf197b9dc7f6f17a300445cb1f19c9469f556bc6115014fa028ccb84257d67affb7896aa42988ea32471f75d67a828e6bc8

Download Submit
C:\Windows\system\sFBBGCA.exe

Filesize
6.0MB

MD5
9a9c71b460f1ea5cfd2d3de108989101

SHA1
f0fdc33b9403d20e05628c991c7a8c4d6028b627

SHA256
9567435ffef43a0a80592745fe7c684ed20664d60ee6bfd9a75b92fa09df0116

SHA512
d6b5e440f1940729c8bd44dd4e2679ab02c49a62a0bbfbef154231a9b2bdddc6307af7111a0f396f93ea06a6a6b4cfa07d73e25ce0788390322788d070eb8da6

Download Submit
C:\Windows\system\umTMulZ.exe

Filesize
6.0MB

MD5
d125aa1e9d09953ac3965c4185237c65

SHA1
6a0d08526e48659ed2a72bc037f88c5af347e788

SHA256
616ba7a39dffe9820432af234c6f4a82f74470ca53ae0a62ebe70058b4154101

SHA512
93135a63cf5e9257b8d33e82d894ec28f645aa07bbcfa6241b884047f11d86f1bbb52274ca795e7059f7af3c76b901df0b72869a007abb4c5e757ec23777c8de

Download Submit
C:\Windows\system\vpMBnFT.exe

Filesize
6.0MB

MD5
7972ca522e2c6cf05632e688f2c2b4a1

SHA1
fd8e67a6a32553bf8f62838ad1fcce9ad6ec70c0

SHA256
fc823f10d51b0501faedb0ed8938a1d8ca3e0a6855414bce0f71243bddf28ddd

SHA512
7f10e4fdd03c46addc1aa3813de0589861896d76f0fd12a59cf5aee26d5414a4028c003742ff89c379dde7e83685908efa48a124e5371791b4e96ebc9e77e104

Download Submit
C:\Windows\system\wrCeasx.exe

Filesize
6.0MB

MD5
e5e42029abcd3ae92d7c806ae23ea1f4

SHA1
f38557ee7ea3bc05789d049d2d93b4dda5aee30a

SHA256
3a7722c5fc15abce1c458ef5d38c34671e45aacd2ce5c16d5d999ddf228ea089

SHA512
57748fa1584be5573fda3c74e7a06ba64872fe77890eb98fb830aa4f524e238f81cf6edff91f1d1fbce0e78ff648b90b250fc281c58d4edf49537f90492a740c

Download Submit
C:\Windows\system\xOpPHvb.exe

Filesize
6.0MB

MD5
617bc3d2a303b13079cf0e5a92d2f391

SHA1
449e38a6a20f273e44a623f8f2784a09ed327ee6

SHA256
89733b183769b6f49b2456d5b615173d392b382a0b1d2f498e3597d893689ddf

SHA512
00d1dc8db0c33aae098ba381cc39f5e0396372fe9af4de6da31701b9ce6fe6e492a87bbf02491e792d44d8b9c5989fae8522d3e577ca7fbe1cde0a84a35ac8c6

Download Submit
\Windows\system\JANotVz.exe

Filesize
6.0MB

MD5
d9c24d88a3c1aaf79e70c864abddd5d5

SHA1
d7ede7d3a37b8d8affd8eb0fb7e74db68be147e7

SHA256
e5b99be752b5c94fc43699ce13d289a8911e34e926904f82d22e1b56a374c301

SHA512
4725fb3c5868fabe01359f62f575562a6b842a549aefaf99e06abd73c95620a97352fa1b552c62d0b73eb4899c855fd43481ebc81ad4a455c842b59e824ca383

Download Submit
\Windows\system\JNqzgyE.exe

Filesize
6.0MB

MD5
4308ba7342069a5dcc8ecc2aa26bec42

SHA1
030aa17cd7b3e3bb23a3e7ff0f02134d61b29b8e

SHA256
577e24a475cbf517e9d666337ba61e8ac0309cdbdd802e29d4343c8327381260

SHA512
88b891625bd24a540d4ef197214468abe897bc5dbab4fcca9063dc0d10be1a82c15b7097b8a6ff95ad17f9de0de0a7785b32d45d805090ad647b22dfb858447e

Download Submit
\Windows\system\VvPjtGR.exe

Filesize
6.0MB

MD5
6cf66e5a264cbaba96a0a65e3c0bd512

SHA1
6ced883e038bf75c25b7aca38a15bff7ecd3d4b4

SHA256
d3e24518de279f8764141abb87df2d169ec7e12fe572eea849d7834d03efb195

SHA512
ca5e965f0e25e36e53e880cbfd30d54f0b9244b84b89938ebb29798d59d1248b24ec5f60710464338db07d8f890f28c7189d7d280f2690ed3fe4f26b74100476

Download Submit
\Windows\system\lognrTd.exe

Filesize
6.0MB

MD5
4a5c18a31f8703b5c1327c47e23072ff

SHA1
42578bc36cc57f1e2ed226f8768c39db1654b514

SHA256
ff456fb2df7948489e7024c243cda00d6b10913a33e58d2a91c411fcc348a680

SHA512
eba8400528737fbcf46db7c88c7eafad55b4a35b020a86adfbe179f5715d5530ee4f9b3dc3aa9f1f70cdc5570d2372ef36ce539a52056af01ea3318f8e61b9f9

Download Submit
\Windows\system\nAChilO.exe

Filesize
6.0MB

MD5
5b4b95b5d98b27bfa92fa9261f55faa0

SHA1
7fc8e069e4c93c5db5a3ad8dd428140c5b2d79b0

SHA256
0c355d27c3c4a851c9d337346938d6e42c56bc557bf8bfd196e25bc303b8f3e7

SHA512
25b14960ade39390b1e67d0fee57fe793ac4ac679e5ccc2cdd482907cdaeb9207dc5b40bff4fdabdbb9ac5be596e6e99096b276b25ac2bf35f9991308abc31e5

Download Submit
\Windows\system\pnTWYSE.exe

Filesize
6.0MB

MD5
e8af75dd8dc3f314dddc7d6aac0ee2fb

SHA1
0a9bff9b256fe182388f476619a0efe9f16d067d

SHA256
73d8a423f79a0d796573dc3ec58790f27e5f219f673baee2e417a2c411cb760a

SHA512
c1b3203365cb1228c452aebfcd803cc738db6ec1e577f0fa1b152b5d0dddb3739394fe7b0eaa80ce587c61f39dcecbf46f30444542ec2c4972d8ba6e1bdeef61

Download Submit
\Windows\system\tXymagm.exe

Filesize
6.0MB

MD5
87dd6d83649bb685a19a3ce3cccd8da2

SHA1
a4a6b78822c082f46b41bd5ef36479d40efdcda7

SHA256
dd4f6a0dc7dc9bba0f5f67d7894e1afa365cf736d5a73ee4b20bcf632ea5adf5

SHA512
8db54d766df3eed860c33a106180ace82699edc3589264935a2accce259a9c8b6e942cbe4ed1ab702a6eeaece74a46454e1a2996dc537895d11431021fbec87f

Download Submit
\Windows\system\uQfvZIr.exe

Filesize
6.0MB

MD5
51fad14540b7485a7f316ce50c8f9835

SHA1
c634d67a65a133edf441e0819e1ba0e443875350

SHA256
85e3ec05855c6f1bdb69644f0f88fcc339ae7d0c7841a7d6204f7e729db7225f

SHA512
bf24918bb9e9a24e976efc9e6e2937e9def44aca0e9a5194462e5cb3fd5183a634c70472595ef5f2dd42be5d6f40a1718535571c06d1393cf4e34a120d2b99ed

Download Submit
memory/1020-721-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1020-3491-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1020-93-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1388-914-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-101-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-3499-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-89-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2084-97-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1004-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2084-668-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2084-59-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-73-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2084-489-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2084-0-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2084-300-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2084-29-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-82-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-13-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2084-105-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2084-818-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2084-65-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2084-106-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2084-9-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2084-48-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-45-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2288-15-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2288-3340-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2536-578-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3490-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2536-85-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-228-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3489-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-71-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-28-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3251-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-58-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-77-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-40-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3309-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-78-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2696-384-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3477-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2748-100-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-63-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3459-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-92-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-56-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3359-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-69-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3310-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-33-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3325-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-49-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3273-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-25-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-54-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3252-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-17-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download