cobaltstrike | f04ca7432ff855f6b75d656768dae224ea6d296a324fa2c17c8d910957519ad6

Resubmissions

07-12-2024 15:57

241207-td291swpgv 10

07-12-2024 15:48

241207-s8qn2a1qdr 10

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
07-12-2024 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

29cb4b576474b0847e4c80640eaa007f
SHA1

5dde5c288c2bf00bcfa661ebe9df0ff3d4658dca
SHA256

f04ca7432ff855f6b75d656768dae224ea6d296a324fa2c17c8d910957519ad6
SHA512

fc90bc0f4f714f14038ef576378d1c05502a150c896c995d486b663847177bc4b2975ed4cfa940738603307ac1c7ceb2f0e2986892bf1a82a4e60ca20153dbb2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fe-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001923e-8.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925d-16.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-23.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a071-38.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07a-42.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-46.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a487-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a494-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a489-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a467-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bdd-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a355-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a303-50.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001939c-34.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001938a-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019377-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019242-15.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral1/memory/2320-0-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fe-3.dat	xmrig
behavioral1/files/0x000700000001923e-8.dat	xmrig
behavioral1/files/0x000700000001925d-16.dat	xmrig
behavioral1/files/0x000600000001932a-23.dat	xmrig
behavioral1/files/0x000500000001a071-38.dat	xmrig
behavioral1/files/0x000500000001a07a-42.dat	xmrig
behavioral1/files/0x000500000001a09a-46.dat	xmrig
behavioral1/files/0x000500000001a41a-58.dat	xmrig
behavioral1/files/0x000500000001a487-86.dat	xmrig
behavioral1/files/0x000500000001a4b5-127.dat	xmrig
behavioral1/files/0x000500000001a4b7-128.dat	xmrig
behavioral1/memory/2172-508-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2276-469-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/1612-474-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b9-131.dat	xmrig
behavioral1/files/0x000500000001a4b3-122.dat	xmrig
behavioral1/files/0x000500000001a4af-114.dat	xmrig
behavioral1/files/0x000500000001a4b1-119.dat	xmrig
behavioral1/files/0x000500000001a4ad-111.dat	xmrig
behavioral1/files/0x000500000001a4ab-106.dat	xmrig
behavioral1/files/0x000500000001a4a5-102.dat	xmrig
behavioral1/files/0x000500000001a495-98.dat	xmrig
behavioral1/files/0x000500000001a494-95.dat	xmrig
behavioral1/files/0x000500000001a489-90.dat	xmrig
behavioral1/files/0x000500000001a467-82.dat	xmrig
behavioral1/files/0x000500000001a42d-78.dat	xmrig
behavioral1/files/0x000500000001a423-74.dat	xmrig
behavioral1/files/0x000500000001a41f-70.dat	xmrig
behavioral1/files/0x0008000000018bdd-67.dat	xmrig
behavioral1/files/0x000500000001a41c-63.dat	xmrig
behavioral1/files/0x000500000001a355-54.dat	xmrig
behavioral1/files/0x000500000001a303-50.dat	xmrig
behavioral1/files/0x000800000001939c-34.dat	xmrig
behavioral1/files/0x000600000001938a-31.dat	xmrig
behavioral1/files/0x0006000000019377-26.dat	xmrig
behavioral1/files/0x0007000000019242-15.dat	xmrig
behavioral1/memory/2408-3776-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/1704-3803-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1612-4003-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2320-4058-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/1664-4000-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/3008-3999-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/540-3981-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2176-3802-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2392-3800-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2300-3799-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2868-3794-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1176-3783-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2724-3771-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2172-3765-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2276	gSJxtVL.exe
1612	BYuMeRu.exe
2172	JIkeYej.exe
1664	PJNenHF.exe
2300	vkLVPqG.exe
2176	WkMUELO.exe
1176	gkvPJpt.exe
2392	ktmlyPq.exe
2868	KBioYhz.exe
1704	gqyEUPP.exe
2408	NyuQrrf.exe
3008	AMUDbGV.exe
540	fwmhemP.exe
2724	UunpvkL.exe
2188	xGTJdwc.exe
2600	AavpnyR.exe
2744	cWScgLU.exe
2632	SIRHtuL.exe
2592	HVOEHOs.exe
2652	AlHhqGp.exe
2112	wRCFDlT.exe
624	eHqhlrN.exe
1952	QXlXiHX.exe
1932	YjlVsuT.exe
824	rESDMnR.exe
296	yRlyKQq.exe
1672	povSYuP.exe
2316	tXWDBpc.exe
1444	etOuJsc.exe
1048	XbVCzGf.exe
1288	iizVrPw.exe
2888	daeOEwc.exe
816	OglCGJE.exe
2880	VFSrSHM.exe
1248	iavpVdA.exe
2780	qtaGjcq.exe
2968	GgEJpPt.exe
2956	OYsvCLD.exe
2988	dOIsQCY.exe
2992	vXXhYqn.exe
2876	LNklyFv.exe
744	wnWcJYg.exe
448	rHFzayN.exe
2204	ZhaWcZc.exe
1708	hqaIHDC.exe
1660	BMZkfes.exe
840	MIYEGzc.exe
1592	GaqJRTH.exe
1464	YopBmxu.exe
348	mMrNsMg.exe
1316	HOqbKqW.exe
1232	qupUYQe.exe
1116	kXbcssb.exe
1512	GNDabtv.exe
2208	MXfmcQy.exe
1852	qtYnASC.exe
1536	HBfpquC.exe
2548	uHjqWdi.exe
832	vaDtOtv.exe
1268	yxHBNlk.exe
2012	vOzfuna.exe
1076	CMfaZGM.exe
2452	sHSIrUV.exe
2104	tPmXKry.exe

Loads dropped DLL 64 IoCs

pid	Process
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-0-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x00070000000120fe-3.dat	upx
behavioral1/files/0x000700000001923e-8.dat	upx
behavioral1/files/0x000700000001925d-16.dat	upx
behavioral1/files/0x000600000001932a-23.dat	upx
behavioral1/files/0x000500000001a071-38.dat	upx
behavioral1/files/0x000500000001a07a-42.dat	upx
behavioral1/files/0x000500000001a09a-46.dat	upx
behavioral1/files/0x000500000001a41a-58.dat	upx
behavioral1/files/0x000500000001a487-86.dat	upx
behavioral1/files/0x000500000001a4b5-127.dat	upx
behavioral1/files/0x000500000001a4b7-128.dat	upx
behavioral1/memory/2172-508-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2276-469-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/1612-474-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x000500000001a4b9-131.dat	upx
behavioral1/files/0x000500000001a4b3-122.dat	upx
behavioral1/files/0x000500000001a4af-114.dat	upx
behavioral1/files/0x000500000001a4b1-119.dat	upx
behavioral1/files/0x000500000001a4ad-111.dat	upx
behavioral1/files/0x000500000001a4ab-106.dat	upx
behavioral1/files/0x000500000001a4a5-102.dat	upx
behavioral1/files/0x000500000001a495-98.dat	upx
behavioral1/files/0x000500000001a494-95.dat	upx
behavioral1/files/0x000500000001a489-90.dat	upx
behavioral1/files/0x000500000001a467-82.dat	upx
behavioral1/files/0x000500000001a42d-78.dat	upx
behavioral1/files/0x000500000001a423-74.dat	upx
behavioral1/files/0x000500000001a41f-70.dat	upx
behavioral1/files/0x0008000000018bdd-67.dat	upx
behavioral1/files/0x000500000001a41c-63.dat	upx
behavioral1/files/0x000500000001a355-54.dat	upx
behavioral1/files/0x000500000001a303-50.dat	upx
behavioral1/files/0x000800000001939c-34.dat	upx
behavioral1/files/0x000600000001938a-31.dat	upx
behavioral1/files/0x0006000000019377-26.dat	upx
behavioral1/files/0x0007000000019242-15.dat	upx
behavioral1/memory/2408-3776-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/1704-3803-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/1612-4003-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2320-4058-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/1664-4000-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/3008-3999-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/540-3981-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2176-3802-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2392-3800-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2300-3799-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2868-3794-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/1176-3783-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2724-3771-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2172-3765-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GzuiqDm.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRNrArD.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmodyUn.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFqXPPG.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzuuhKn.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKEZzGB.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijFfgko.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPatpdm.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIDaUAr.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXTfmqf.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEgGXhh.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avMxnzn.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWORZqv.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qupUYQe.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjUZUhH.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfAUlXV.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYHiBrz.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZONitAp.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUienNc.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wANumDR.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDwtuOR.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrmFXOO.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeGIuQN.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOzfuna.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FljCsmx.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STlfoSF.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lokhSCV.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MEirCfl.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEGvVQS.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JydidZP.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgCJHxc.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhvhsCp.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcqVKwq.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODLcrAC.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jrjxnvv.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMRGjNR.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGckQWq.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbAGZhN.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGXFVoR.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYPvfec.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWScgLU.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsVDCta.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QixSowR.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kunlXEa.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfxnueD.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecXIJmM.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKaIYIs.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sovaJsY.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcLKJoe.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQFqnqb.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUXouaE.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvXjVaQ.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcKoBkX.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foZxAhq.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBeXpOY.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqzQLuq.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpCcRNf.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrGZIeS.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSZaToT.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnfVfjV.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHlAGsO.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLMinid.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFkmNqT.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OujTvsb.exe	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2276	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2320 wrote to memory of 2276	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2320 wrote to memory of 2276	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2320 wrote to memory of 1612	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2320 wrote to memory of 1612	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2320 wrote to memory of 1612	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2320 wrote to memory of 2172	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2320 wrote to memory of 2172	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2320 wrote to memory of 2172	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2320 wrote to memory of 1664	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2320 wrote to memory of 1664	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2320 wrote to memory of 1664	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2320 wrote to memory of 2300	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2320 wrote to memory of 2300	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2320 wrote to memory of 2300	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2320 wrote to memory of 2176	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2320 wrote to memory of 2176	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2320 wrote to memory of 2176	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2320 wrote to memory of 1176	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2320 wrote to memory of 1176	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2320 wrote to memory of 1176	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2320 wrote to memory of 2392	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2320 wrote to memory of 2392	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2320 wrote to memory of 2392	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2320 wrote to memory of 2868	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2320 wrote to memory of 2868	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2320 wrote to memory of 2868	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2320 wrote to memory of 1704	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2320 wrote to memory of 1704	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2320 wrote to memory of 1704	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2320 wrote to memory of 2408	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2320 wrote to memory of 2408	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2320 wrote to memory of 2408	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2320 wrote to memory of 3008	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2320 wrote to memory of 3008	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2320 wrote to memory of 3008	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2320 wrote to memory of 540	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2320 wrote to memory of 540	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2320 wrote to memory of 540	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2320 wrote to memory of 2724	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2320 wrote to memory of 2724	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2320 wrote to memory of 2724	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2320 wrote to memory of 2188	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2320 wrote to memory of 2188	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2320 wrote to memory of 2188	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2320 wrote to memory of 2600	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2320 wrote to memory of 2600	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2320 wrote to memory of 2600	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2320 wrote to memory of 2744	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2320 wrote to memory of 2744	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2320 wrote to memory of 2744	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2320 wrote to memory of 2632	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2320 wrote to memory of 2632	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2320 wrote to memory of 2632	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2320 wrote to memory of 2592	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2320 wrote to memory of 2592	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2320 wrote to memory of 2592	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2320 wrote to memory of 2652	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2320 wrote to memory of 2652	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2320 wrote to memory of 2652	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2320 wrote to memory of 2112	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2320 wrote to memory of 2112	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2320 wrote to memory of 2112	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2320 wrote to memory of 624	2320	2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-07_29cb4b576474b0847e4c80640eaa007f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\System\gSJxtVL.exe
  C:\Windows\System\gSJxtVL.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\BYuMeRu.exe
  C:\Windows\System\BYuMeRu.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\JIkeYej.exe
  C:\Windows\System\JIkeYej.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\PJNenHF.exe
  C:\Windows\System\PJNenHF.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\vkLVPqG.exe
  C:\Windows\System\vkLVPqG.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\WkMUELO.exe
  C:\Windows\System\WkMUELO.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\gkvPJpt.exe
  C:\Windows\System\gkvPJpt.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\ktmlyPq.exe
  C:\Windows\System\ktmlyPq.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\KBioYhz.exe
  C:\Windows\System\KBioYhz.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\gqyEUPP.exe
  C:\Windows\System\gqyEUPP.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\NyuQrrf.exe
  C:\Windows\System\NyuQrrf.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\AMUDbGV.exe
  C:\Windows\System\AMUDbGV.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\fwmhemP.exe
  C:\Windows\System\fwmhemP.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\UunpvkL.exe
  C:\Windows\System\UunpvkL.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\xGTJdwc.exe
  C:\Windows\System\xGTJdwc.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\AavpnyR.exe
  C:\Windows\System\AavpnyR.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\cWScgLU.exe
  C:\Windows\System\cWScgLU.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\SIRHtuL.exe
  C:\Windows\System\SIRHtuL.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\HVOEHOs.exe
  C:\Windows\System\HVOEHOs.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\AlHhqGp.exe
  C:\Windows\System\AlHhqGp.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\wRCFDlT.exe
  C:\Windows\System\wRCFDlT.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\eHqhlrN.exe
  C:\Windows\System\eHqhlrN.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\QXlXiHX.exe
  C:\Windows\System\QXlXiHX.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\YjlVsuT.exe
  C:\Windows\System\YjlVsuT.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\rESDMnR.exe
  C:\Windows\System\rESDMnR.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\yRlyKQq.exe
  C:\Windows\System\yRlyKQq.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\povSYuP.exe
  C:\Windows\System\povSYuP.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\tXWDBpc.exe
  C:\Windows\System\tXWDBpc.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\etOuJsc.exe
  C:\Windows\System\etOuJsc.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\XbVCzGf.exe
  C:\Windows\System\XbVCzGf.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\iizVrPw.exe
  C:\Windows\System\iizVrPw.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\OglCGJE.exe
  C:\Windows\System\OglCGJE.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\daeOEwc.exe
  C:\Windows\System\daeOEwc.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\iavpVdA.exe
  C:\Windows\System\iavpVdA.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\VFSrSHM.exe
  C:\Windows\System\VFSrSHM.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\dOIsQCY.exe
  C:\Windows\System\dOIsQCY.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\qtaGjcq.exe
  C:\Windows\System\qtaGjcq.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\vXXhYqn.exe
  C:\Windows\System\vXXhYqn.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\GgEJpPt.exe
  C:\Windows\System\GgEJpPt.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\LNklyFv.exe
  C:\Windows\System\LNklyFv.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\OYsvCLD.exe
  C:\Windows\System\OYsvCLD.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\wnWcJYg.exe
  C:\Windows\System\wnWcJYg.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\rHFzayN.exe
  C:\Windows\System\rHFzayN.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\ZhaWcZc.exe
  C:\Windows\System\ZhaWcZc.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\hqaIHDC.exe
  C:\Windows\System\hqaIHDC.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\BMZkfes.exe
  C:\Windows\System\BMZkfes.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\MIYEGzc.exe
  C:\Windows\System\MIYEGzc.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\GaqJRTH.exe
  C:\Windows\System\GaqJRTH.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\YopBmxu.exe
  C:\Windows\System\YopBmxu.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\mMrNsMg.exe
  C:\Windows\System\mMrNsMg.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\HOqbKqW.exe
  C:\Windows\System\HOqbKqW.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\qupUYQe.exe
  C:\Windows\System\qupUYQe.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\kXbcssb.exe
  C:\Windows\System\kXbcssb.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\GNDabtv.exe
  C:\Windows\System\GNDabtv.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\MXfmcQy.exe
  C:\Windows\System\MXfmcQy.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\qtYnASC.exe
  C:\Windows\System\qtYnASC.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\HBfpquC.exe
  C:\Windows\System\HBfpquC.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\uHjqWdi.exe
  C:\Windows\System\uHjqWdi.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\vaDtOtv.exe
  C:\Windows\System\vaDtOtv.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\yxHBNlk.exe
  C:\Windows\System\yxHBNlk.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\vOzfuna.exe
  C:\Windows\System\vOzfuna.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\CMfaZGM.exe
  C:\Windows\System\CMfaZGM.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\sHSIrUV.exe
  C:\Windows\System\sHSIrUV.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\tPmXKry.exe
  C:\Windows\System\tPmXKry.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\qZgciZM.exe
  C:\Windows\System\qZgciZM.exe
  2⤵
  PID:1468
- C:\Windows\System\jyDZsGS.exe
  C:\Windows\System\jyDZsGS.exe
  2⤵
  PID:2448
- C:\Windows\System\DHITIdt.exe
  C:\Windows\System\DHITIdt.exe
  2⤵
  PID:880
- C:\Windows\System\bilLtLR.exe
  C:\Windows\System\bilLtLR.exe
  2⤵
  PID:2468
- C:\Windows\System\PpqbSIn.exe
  C:\Windows\System\PpqbSIn.exe
  2⤵
  PID:2388
- C:\Windows\System\vBLPnfD.exe
  C:\Windows\System\vBLPnfD.exe
  2⤵
  PID:1668
- C:\Windows\System\meSEgye.exe
  C:\Windows\System\meSEgye.exe
  2⤵
  PID:1688
- C:\Windows\System\nMaQJaR.exe
  C:\Windows\System\nMaQJaR.exe
  2⤵
  PID:1948
- C:\Windows\System\jDyCAxD.exe
  C:\Windows\System\jDyCAxD.exe
  2⤵
  PID:2324
- C:\Windows\System\FaeNaKM.exe
  C:\Windows\System\FaeNaKM.exe
  2⤵
  PID:2256
- C:\Windows\System\rJmhrkY.exe
  C:\Windows\System\rJmhrkY.exe
  2⤵
  PID:2164
- C:\Windows\System\IoNGCJt.exe
  C:\Windows\System\IoNGCJt.exe
  2⤵
  PID:2412
- C:\Windows\System\HeliEYV.exe
  C:\Windows\System\HeliEYV.exe
  2⤵
  PID:1644
- C:\Windows\System\zWGuYGV.exe
  C:\Windows\System\zWGuYGV.exe
  2⤵
  PID:2768
- C:\Windows\System\wjIDxmd.exe
  C:\Windows\System\wjIDxmd.exe
  2⤵
  PID:3024
- C:\Windows\System\hSZeoqw.exe
  C:\Windows\System\hSZeoqw.exe
  2⤵
  PID:2612
- C:\Windows\System\lokhSCV.exe
  C:\Windows\System\lokhSCV.exe
  2⤵
  PID:2932
- C:\Windows\System\Aglxpob.exe
  C:\Windows\System\Aglxpob.exe
  2⤵
  PID:2588
- C:\Windows\System\LKzIuUE.exe
  C:\Windows\System\LKzIuUE.exe
  2⤵
  PID:2140
- C:\Windows\System\FsMnjPn.exe
  C:\Windows\System\FsMnjPn.exe
  2⤵
  PID:2472
- C:\Windows\System\rvUglEr.exe
  C:\Windows\System\rvUglEr.exe
  2⤵
  PID:548
- C:\Windows\System\jBIavye.exe
  C:\Windows\System\jBIavye.exe
  2⤵
  PID:1276
- C:\Windows\System\jjckSbN.exe
  C:\Windows\System\jjckSbN.exe
  2⤵
  PID:1752
- C:\Windows\System\zRFyULJ.exe
  C:\Windows\System\zRFyULJ.exe
  2⤵
  PID:1620
- C:\Windows\System\gEiYanx.exe
  C:\Windows\System\gEiYanx.exe
  2⤵
  PID:2676
- C:\Windows\System\sRJtOZg.exe
  C:\Windows\System\sRJtOZg.exe
  2⤵
  PID:2776
- C:\Windows\System\VaDpGlY.exe
  C:\Windows\System\VaDpGlY.exe
  2⤵
  PID:1144
- C:\Windows\System\msnmRgQ.exe
  C:\Windows\System\msnmRgQ.exe
  2⤵
  PID:1712
- C:\Windows\System\JOcpIMy.exe
  C:\Windows\System\JOcpIMy.exe
  2⤵
  PID:2944
- C:\Windows\System\vcLKJoe.exe
  C:\Windows\System\vcLKJoe.exe
  2⤵
  PID:408
- C:\Windows\System\xnfVfjV.exe
  C:\Windows\System\xnfVfjV.exe
  2⤵
  PID:2220
- C:\Windows\System\OmtDsJi.exe
  C:\Windows\System\OmtDsJi.exe
  2⤵
  PID:1924
- C:\Windows\System\RzZwYIC.exe
  C:\Windows\System\RzZwYIC.exe
  2⤵
  PID:1864
- C:\Windows\System\bQFqnqb.exe
  C:\Windows\System\bQFqnqb.exe
  2⤵
  PID:2760
- C:\Windows\System\tMAsFPl.exe
  C:\Windows\System\tMAsFPl.exe
  2⤵
  PID:892
- C:\Windows\System\XtoApGZ.exe
  C:\Windows\System\XtoApGZ.exe
  2⤵
  PID:1516
- C:\Windows\System\enFbjoP.exe
  C:\Windows\System\enFbjoP.exe
  2⤵
  PID:2560
- C:\Windows\System\OyyileV.exe
  C:\Windows\System\OyyileV.exe
  2⤵
  PID:2212
- C:\Windows\System\IPlnNxt.exe
  C:\Windows\System\IPlnNxt.exe
  2⤵
  PID:828
- C:\Windows\System\BQFFpqQ.exe
  C:\Windows\System\BQFFpqQ.exe
  2⤵
  PID:3032
- C:\Windows\System\vjiOHZC.exe
  C:\Windows\System\vjiOHZC.exe
  2⤵
  PID:1348
- C:\Windows\System\uJZjIxt.exe
  C:\Windows\System\uJZjIxt.exe
  2⤵
  PID:1740
- C:\Windows\System\dHMGYVO.exe
  C:\Windows\System\dHMGYVO.exe
  2⤵
  PID:2396
- C:\Windows\System\RtCXbqf.exe
  C:\Windows\System\RtCXbqf.exe
  2⤵
  PID:1684
- C:\Windows\System\roehcyb.exe
  C:\Windows\System\roehcyb.exe
  2⤵
  PID:3060
- C:\Windows\System\EQBakhK.exe
  C:\Windows\System\EQBakhK.exe
  2⤵
  PID:2280
- C:\Windows\System\QzVlBFf.exe
  C:\Windows\System\QzVlBFf.exe
  2⤵
  PID:2228
- C:\Windows\System\QYjMsGy.exe
  C:\Windows\System\QYjMsGy.exe
  2⤵
  PID:2840
- C:\Windows\System\cCflLIg.exe
  C:\Windows\System\cCflLIg.exe
  2⤵
  PID:2716
- C:\Windows\System\fYgbjmH.exe
  C:\Windows\System\fYgbjmH.exe
  2⤵
  PID:2628
- C:\Windows\System\NpZToEs.exe
  C:\Windows\System\NpZToEs.exe
  2⤵
  PID:1652
- C:\Windows\System\JgCJHxc.exe
  C:\Windows\System\JgCJHxc.exe
  2⤵
  PID:800
- C:\Windows\System\cjUZUhH.exe
  C:\Windows\System\cjUZUhH.exe
  2⤵
  PID:844
- C:\Windows\System\tZhSBYp.exe
  C:\Windows\System\tZhSBYp.exe
  2⤵
  PID:2984
- C:\Windows\System\iUsQMFz.exe
  C:\Windows\System\iUsQMFz.exe
  2⤵
  PID:2920
- C:\Windows\System\IidEfIH.exe
  C:\Windows\System\IidEfIH.exe
  2⤵
  PID:2020
- C:\Windows\System\gthwBUl.exe
  C:\Windows\System\gthwBUl.exe
  2⤵
  PID:2940
- C:\Windows\System\RpmQspt.exe
  C:\Windows\System\RpmQspt.exe
  2⤵
  PID:1944
- C:\Windows\System\LmbWWrB.exe
  C:\Windows\System\LmbWWrB.exe
  2⤵
  PID:2068
- C:\Windows\System\KrehWWY.exe
  C:\Windows\System\KrehWWY.exe
  2⤵
  PID:468
- C:\Windows\System\BLqZxwP.exe
  C:\Windows\System\BLqZxwP.exe
  2⤵
  PID:2072
- C:\Windows\System\dWAfbeO.exe
  C:\Windows\System\dWAfbeO.exe
  2⤵
  PID:536
- C:\Windows\System\hDeMGgf.exe
  C:\Windows\System\hDeMGgf.exe
  2⤵
  PID:3080
- C:\Windows\System\GaqONOA.exe
  C:\Windows\System\GaqONOA.exe
  2⤵
  PID:3096
- C:\Windows\System\QsMZZBr.exe
  C:\Windows\System\QsMZZBr.exe
  2⤵
  PID:3112
- C:\Windows\System\DrKWqfP.exe
  C:\Windows\System\DrKWqfP.exe
  2⤵
  PID:3128
- C:\Windows\System\meSUPFg.exe
  C:\Windows\System\meSUPFg.exe
  2⤵
  PID:3144
- C:\Windows\System\KMhOxXz.exe
  C:\Windows\System\KMhOxXz.exe
  2⤵
  PID:3160
- C:\Windows\System\IiQWznB.exe
  C:\Windows\System\IiQWznB.exe
  2⤵
  PID:3176
- C:\Windows\System\IHrbzKi.exe
  C:\Windows\System\IHrbzKi.exe
  2⤵
  PID:3192
- C:\Windows\System\fupDYxS.exe
  C:\Windows\System\fupDYxS.exe
  2⤵
  PID:3208
- C:\Windows\System\DnJcrPo.exe
  C:\Windows\System\DnJcrPo.exe
  2⤵
  PID:3224
- C:\Windows\System\DfKOeQl.exe
  C:\Windows\System\DfKOeQl.exe
  2⤵
  PID:3240
- C:\Windows\System\reILfyy.exe
  C:\Windows\System\reILfyy.exe
  2⤵
  PID:3256
- C:\Windows\System\rCdaPBN.exe
  C:\Windows\System\rCdaPBN.exe
  2⤵
  PID:3272
- C:\Windows\System\PRfobjM.exe
  C:\Windows\System\PRfobjM.exe
  2⤵
  PID:3288
- C:\Windows\System\MUGoFQw.exe
  C:\Windows\System\MUGoFQw.exe
  2⤵
  PID:3304
- C:\Windows\System\ZHlAGsO.exe
  C:\Windows\System\ZHlAGsO.exe
  2⤵
  PID:3320
- C:\Windows\System\uwObKrt.exe
  C:\Windows\System\uwObKrt.exe
  2⤵
  PID:3336
- C:\Windows\System\gBeHNjo.exe
  C:\Windows\System\gBeHNjo.exe
  2⤵
  PID:3352
- C:\Windows\System\LUDJBpA.exe
  C:\Windows\System\LUDJBpA.exe
  2⤵
  PID:3368
- C:\Windows\System\kkwfACp.exe
  C:\Windows\System\kkwfACp.exe
  2⤵
  PID:3384
- C:\Windows\System\RBwUTLJ.exe
  C:\Windows\System\RBwUTLJ.exe
  2⤵
  PID:3400
- C:\Windows\System\mIZqRDH.exe
  C:\Windows\System\mIZqRDH.exe
  2⤵
  PID:3416
- C:\Windows\System\cllXnzw.exe
  C:\Windows\System\cllXnzw.exe
  2⤵
  PID:3432
- C:\Windows\System\wDzBItZ.exe
  C:\Windows\System\wDzBItZ.exe
  2⤵
  PID:3448
- C:\Windows\System\GczXHyl.exe
  C:\Windows\System\GczXHyl.exe
  2⤵
  PID:3464
- C:\Windows\System\IWLuTVI.exe
  C:\Windows\System\IWLuTVI.exe
  2⤵
  PID:3480
- C:\Windows\System\iQaIBZP.exe
  C:\Windows\System\iQaIBZP.exe
  2⤵
  PID:3496
- C:\Windows\System\sRIlNYz.exe
  C:\Windows\System\sRIlNYz.exe
  2⤵
  PID:3512
- C:\Windows\System\eoasrRr.exe
  C:\Windows\System\eoasrRr.exe
  2⤵
  PID:3528
- C:\Windows\System\GidbHSM.exe
  C:\Windows\System\GidbHSM.exe
  2⤵
  PID:3544
- C:\Windows\System\PvVsnap.exe
  C:\Windows\System\PvVsnap.exe
  2⤵
  PID:3560
- C:\Windows\System\WGSkwlz.exe
  C:\Windows\System\WGSkwlz.exe
  2⤵
  PID:3576
- C:\Windows\System\DFXQULl.exe
  C:\Windows\System\DFXQULl.exe
  2⤵
  PID:3592
- C:\Windows\System\kWdZNyY.exe
  C:\Windows\System\kWdZNyY.exe
  2⤵
  PID:3608
- C:\Windows\System\hFxsScH.exe
  C:\Windows\System\hFxsScH.exe
  2⤵
  PID:3624
- C:\Windows\System\yAmnBIu.exe
  C:\Windows\System\yAmnBIu.exe
  2⤵
  PID:3640
- C:\Windows\System\rSLxATC.exe
  C:\Windows\System\rSLxATC.exe
  2⤵
  PID:3656
- C:\Windows\System\EFsSkqt.exe
  C:\Windows\System\EFsSkqt.exe
  2⤵
  PID:3672
- C:\Windows\System\MdOwDOd.exe
  C:\Windows\System\MdOwDOd.exe
  2⤵
  PID:3688
- C:\Windows\System\wfWSoBi.exe
  C:\Windows\System\wfWSoBi.exe
  2⤵
  PID:3704
- C:\Windows\System\xXuAySg.exe
  C:\Windows\System\xXuAySg.exe
  2⤵
  PID:3720
- C:\Windows\System\kKBBXLh.exe
  C:\Windows\System\kKBBXLh.exe
  2⤵
  PID:3736
- C:\Windows\System\PvcUBNz.exe
  C:\Windows\System\PvcUBNz.exe
  2⤵
  PID:3752
- C:\Windows\System\VuGLDXn.exe
  C:\Windows\System\VuGLDXn.exe
  2⤵
  PID:3768
- C:\Windows\System\CaedlBr.exe
  C:\Windows\System\CaedlBr.exe
  2⤵
  PID:3784
- C:\Windows\System\cPSuYOt.exe
  C:\Windows\System\cPSuYOt.exe
  2⤵
  PID:3800
- C:\Windows\System\TWkvOvI.exe
  C:\Windows\System\TWkvOvI.exe
  2⤵
  PID:3816
- C:\Windows\System\uyvpLZO.exe
  C:\Windows\System\uyvpLZO.exe
  2⤵
  PID:3832
- C:\Windows\System\oHKdpBI.exe
  C:\Windows\System\oHKdpBI.exe
  2⤵
  PID:3848
- C:\Windows\System\AkvIrRF.exe
  C:\Windows\System\AkvIrRF.exe
  2⤵
  PID:3864
- C:\Windows\System\nIGkByw.exe
  C:\Windows\System\nIGkByw.exe
  2⤵
  PID:3880
- C:\Windows\System\mvJSSxT.exe
  C:\Windows\System\mvJSSxT.exe
  2⤵
  PID:3896
- C:\Windows\System\OpXHlsY.exe
  C:\Windows\System\OpXHlsY.exe
  2⤵
  PID:3912
- C:\Windows\System\sqQIcZe.exe
  C:\Windows\System\sqQIcZe.exe
  2⤵
  PID:3928
- C:\Windows\System\VLMinid.exe
  C:\Windows\System\VLMinid.exe
  2⤵
  PID:3944
- C:\Windows\System\HyVcUBp.exe
  C:\Windows\System\HyVcUBp.exe
  2⤵
  PID:3960
- C:\Windows\System\BJNIrCG.exe
  C:\Windows\System\BJNIrCG.exe
  2⤵
  PID:3976
- C:\Windows\System\PrsBOep.exe
  C:\Windows\System\PrsBOep.exe
  2⤵
  PID:3992
- C:\Windows\System\ZiMplsT.exe
  C:\Windows\System\ZiMplsT.exe
  2⤵
  PID:4008
- C:\Windows\System\uaAJdOs.exe
  C:\Windows\System\uaAJdOs.exe
  2⤵
  PID:4024
- C:\Windows\System\NoGbNdQ.exe
  C:\Windows\System\NoGbNdQ.exe
  2⤵
  PID:4040
- C:\Windows\System\OOHDMRb.exe
  C:\Windows\System\OOHDMRb.exe
  2⤵
  PID:4056
- C:\Windows\System\pHsEfup.exe
  C:\Windows\System\pHsEfup.exe
  2⤵
  PID:4072
- C:\Windows\System\AsaqwpP.exe
  C:\Windows\System\AsaqwpP.exe
  2⤵
  PID:4088
- C:\Windows\System\ZHHeCzt.exe
  C:\Windows\System\ZHHeCzt.exe
  2⤵
  PID:2052
- C:\Windows\System\pMdqjZL.exe
  C:\Windows\System\pMdqjZL.exe
  2⤵
  PID:2872
- C:\Windows\System\pxxRKwd.exe
  C:\Windows\System\pxxRKwd.exe
  2⤵
  PID:2856
- C:\Windows\System\cvwwQmV.exe
  C:\Windows\System\cvwwQmV.exe
  2⤵
  PID:1972
- C:\Windows\System\PoLupev.exe
  C:\Windows\System\PoLupev.exe
  2⤵
  PID:2664
- C:\Windows\System\RXRHPOY.exe
  C:\Windows\System\RXRHPOY.exe
  2⤵
  PID:1172
- C:\Windows\System\bZxRNbf.exe
  C:\Windows\System\bZxRNbf.exe
  2⤵
  PID:1236
- C:\Windows\System\UqDyxpQ.exe
  C:\Windows\System\UqDyxpQ.exe
  2⤵
  PID:1472
- C:\Windows\System\ZXlBiII.exe
  C:\Windows\System\ZXlBiII.exe
  2⤵
  PID:1520
- C:\Windows\System\NsGQxBr.exe
  C:\Windows\System\NsGQxBr.exe
  2⤵
  PID:3092
- C:\Windows\System\rLKMJmx.exe
  C:\Windows\System\rLKMJmx.exe
  2⤵
  PID:3140
- C:\Windows\System\YpEYMrt.exe
  C:\Windows\System\YpEYMrt.exe
  2⤵
  PID:3536
- C:\Windows\System\MWejqgT.exe
  C:\Windows\System\MWejqgT.exe
  2⤵
  PID:3572
- C:\Windows\System\KrikJBx.exe
  C:\Windows\System\KrikJBx.exe
  2⤵
  PID:3616
- C:\Windows\System\udVCKhr.exe
  C:\Windows\System\udVCKhr.exe
  2⤵
  PID:3664
- C:\Windows\System\DdkJBwa.exe
  C:\Windows\System\DdkJBwa.exe
  2⤵
  PID:3700
- C:\Windows\System\kLUSZnw.exe
  C:\Windows\System\kLUSZnw.exe
  2⤵
  PID:3712
- C:\Windows\System\UrxJmsI.exe
  C:\Windows\System\UrxJmsI.exe
  2⤵
  PID:3760
- C:\Windows\System\YFWXqeZ.exe
  C:\Windows\System\YFWXqeZ.exe
  2⤵
  PID:3776
- C:\Windows\System\qeeOueK.exe
  C:\Windows\System\qeeOueK.exe
  2⤵
  PID:3828
- C:\Windows\System\wcKoBkX.exe
  C:\Windows\System\wcKoBkX.exe
  2⤵
  PID:3844
- C:\Windows\System\DSrUhTi.exe
  C:\Windows\System\DSrUhTi.exe
  2⤵
  PID:3892
- C:\Windows\System\rXEigLF.exe
  C:\Windows\System\rXEigLF.exe
  2⤵
  PID:3956
- C:\Windows\System\sSWOuWD.exe
  C:\Windows\System\sSWOuWD.exe
  2⤵
  PID:4020
- C:\Windows\System\EGXQXZI.exe
  C:\Windows\System\EGXQXZI.exe
  2⤵
  PID:4084
- C:\Windows\System\uqUraMI.exe
  C:\Windows\System\uqUraMI.exe
  2⤵
  PID:3904
- C:\Windows\System\TabSqfQ.exe
  C:\Windows\System\TabSqfQ.exe
  2⤵
  PID:3940
- C:\Windows\System\uoxYrrz.exe
  C:\Windows\System\uoxYrrz.exe
  2⤵
  PID:4032
- C:\Windows\System\EcELcKu.exe
  C:\Windows\System\EcELcKu.exe
  2⤵
  PID:4064
- C:\Windows\System\OuYCSjJ.exe
  C:\Windows\System\OuYCSjJ.exe
  2⤵
  PID:2708
- C:\Windows\System\mrMLBwJ.exe
  C:\Windows\System\mrMLBwJ.exe
  2⤵
  PID:1240
- C:\Windows\System\xtmctps.exe
  C:\Windows\System\xtmctps.exe
  2⤵
  PID:3076
- C:\Windows\System\RAUpkNr.exe
  C:\Windows\System\RAUpkNr.exe
  2⤵
  PID:3204
- C:\Windows\System\gavaBcn.exe
  C:\Windows\System\gavaBcn.exe
  2⤵
  PID:3236
- C:\Windows\System\EACzFuO.exe
  C:\Windows\System\EACzFuO.exe
  2⤵
  PID:3268
- C:\Windows\System\mzZkbzy.exe
  C:\Windows\System\mzZkbzy.exe
  2⤵
  PID:3300
- C:\Windows\System\nnuOmVM.exe
  C:\Windows\System\nnuOmVM.exe
  2⤵
  PID:3360
- C:\Windows\System\cjJahoT.exe
  C:\Windows\System\cjJahoT.exe
  2⤵
  PID:3428
- C:\Windows\System\UKWhKko.exe
  C:\Windows\System\UKWhKko.exe
  2⤵
  PID:3460
- C:\Windows\System\GMDbBPJ.exe
  C:\Windows\System\GMDbBPJ.exe
  2⤵
  PID:3508
- C:\Windows\System\aZcOtTZ.exe
  C:\Windows\System\aZcOtTZ.exe
  2⤵
  PID:1736
- C:\Windows\System\xSntUdr.exe
  C:\Windows\System\xSntUdr.exe
  2⤵
  PID:3136
- C:\Windows\System\fkXPidb.exe
  C:\Windows\System\fkXPidb.exe
  2⤵
  PID:3556
- C:\Windows\System\GzuiqDm.exe
  C:\Windows\System\GzuiqDm.exe
  2⤵
  PID:3668
- C:\Windows\System\sIjkWzF.exe
  C:\Windows\System\sIjkWzF.exe
  2⤵
  PID:3716
- C:\Windows\System\DmvfDpy.exe
  C:\Windows\System\DmvfDpy.exe
  2⤵
  PID:3808
- C:\Windows\System\sWxlHYi.exe
  C:\Windows\System\sWxlHYi.exe
  2⤵
  PID:3748
- C:\Windows\System\jodvsnB.exe
  C:\Windows\System\jodvsnB.exe
  2⤵
  PID:4016
- C:\Windows\System\ooFeiwl.exe
  C:\Windows\System\ooFeiwl.exe
  2⤵
  PID:3924
- C:\Windows\System\hoGLJFa.exe
  C:\Windows\System\hoGLJFa.exe
  2⤵
  PID:3876
- C:\Windows\System\qsiFdHT.exe
  C:\Windows\System\qsiFdHT.exe
  2⤵
  PID:4000
- C:\Windows\System\DhAEAKD.exe
  C:\Windows\System\DhAEAKD.exe
  2⤵
  PID:4036
- C:\Windows\System\sjPECxL.exe
  C:\Windows\System\sjPECxL.exe
  2⤵
  PID:3232
- C:\Windows\System\nKidLYe.exe
  C:\Windows\System\nKidLYe.exe
  2⤵
  PID:3296
- C:\Windows\System\VFrDiJq.exe
  C:\Windows\System\VFrDiJq.exe
  2⤵
  PID:3200
- C:\Windows\System\ZwAsJmA.exe
  C:\Windows\System\ZwAsJmA.exe
  2⤵
  PID:3364
- C:\Windows\System\jIUaTyp.exe
  C:\Windows\System\jIUaTyp.exe
  2⤵
  PID:3424
- C:\Windows\System\wTfSBib.exe
  C:\Windows\System\wTfSBib.exe
  2⤵
  PID:3332
- C:\Windows\System\aJTEavM.exe
  C:\Windows\System\aJTEavM.exe
  2⤵
  PID:3348
- C:\Windows\System\oiRvpYE.exe
  C:\Windows\System\oiRvpYE.exe
  2⤵
  PID:3476
- C:\Windows\System\UOzJwhD.exe
  C:\Windows\System\UOzJwhD.exe
  2⤵
  PID:3684
- C:\Windows\System\GSYMVAo.exe
  C:\Windows\System\GSYMVAo.exe
  2⤵
  PID:4052
- C:\Windows\System\HmxbFYz.exe
  C:\Windows\System\HmxbFYz.exe
  2⤵
  PID:3696
- C:\Windows\System\LwIfNvy.exe
  C:\Windows\System\LwIfNvy.exe
  2⤵
  PID:604
- C:\Windows\System\cRcucpo.exe
  C:\Windows\System\cRcucpo.exe
  2⤵
  PID:4108
- C:\Windows\System\GZqaOye.exe
  C:\Windows\System\GZqaOye.exe
  2⤵
  PID:4128
- C:\Windows\System\qDGScqO.exe
  C:\Windows\System\qDGScqO.exe
  2⤵
  PID:4148
- C:\Windows\System\XNBVphT.exe
  C:\Windows\System\XNBVphT.exe
  2⤵
  PID:4168
- C:\Windows\System\CdrvTYP.exe
  C:\Windows\System\CdrvTYP.exe
  2⤵
  PID:4188
- C:\Windows\System\nDfregE.exe
  C:\Windows\System\nDfregE.exe
  2⤵
  PID:4208
- C:\Windows\System\IfoICtO.exe
  C:\Windows\System\IfoICtO.exe
  2⤵
  PID:4228
- C:\Windows\System\UGAqEvd.exe
  C:\Windows\System\UGAqEvd.exe
  2⤵
  PID:4248
- C:\Windows\System\ltJkqGF.exe
  C:\Windows\System\ltJkqGF.exe
  2⤵
  PID:4268
- C:\Windows\System\NJeIyII.exe
  C:\Windows\System\NJeIyII.exe
  2⤵
  PID:4316
- C:\Windows\System\adIRTDU.exe
  C:\Windows\System\adIRTDU.exe
  2⤵
  PID:4368
- C:\Windows\System\BXoeklI.exe
  C:\Windows\System\BXoeklI.exe
  2⤵
  PID:4384
- C:\Windows\System\rChIZwt.exe
  C:\Windows\System\rChIZwt.exe
  2⤵
  PID:4400
- C:\Windows\System\RvNSIxx.exe
  C:\Windows\System\RvNSIxx.exe
  2⤵
  PID:4500
- C:\Windows\System\yNPEbns.exe
  C:\Windows\System\yNPEbns.exe
  2⤵
  PID:4604
- C:\Windows\System\sMsgLUk.exe
  C:\Windows\System\sMsgLUk.exe
  2⤵
  PID:4640
- C:\Windows\System\RjWSNmq.exe
  C:\Windows\System\RjWSNmq.exe
  2⤵
  PID:5096
- C:\Windows\System\eIvninw.exe
  C:\Windows\System\eIvninw.exe
  2⤵
  PID:3856
- C:\Windows\System\pvDXNrG.exe
  C:\Windows\System\pvDXNrG.exe
  2⤵
  PID:4004
- C:\Windows\System\poqUEzt.exe
  C:\Windows\System\poqUEzt.exe
  2⤵
  PID:3172
- C:\Windows\System\FBcxOVB.exe
  C:\Windows\System\FBcxOVB.exe
  2⤵
  PID:3412
- C:\Windows\System\XEZgain.exe
  C:\Windows\System\XEZgain.exe
  2⤵
  PID:3472
- C:\Windows\System\fjiRNJD.exe
  C:\Windows\System\fjiRNJD.exe
  2⤵
  PID:4120
- C:\Windows\System\HneBOKj.exe
  C:\Windows\System\HneBOKj.exe
  2⤵
  PID:4144
- C:\Windows\System\dqnnQTh.exe
  C:\Windows\System\dqnnQTh.exe
  2⤵
  PID:4236
- C:\Windows\System\GNYcocx.exe
  C:\Windows\System\GNYcocx.exe
  2⤵
  PID:4280
- C:\Windows\System\DZMSxUw.exe
  C:\Windows\System\DZMSxUw.exe
  2⤵
  PID:4220
- C:\Windows\System\xyxoavz.exe
  C:\Windows\System\xyxoavz.exe
  2⤵
  PID:4288
- C:\Windows\System\ZDFLhld.exe
  C:\Windows\System\ZDFLhld.exe
  2⤵
  PID:4312
- C:\Windows\System\ODLcrAC.exe
  C:\Windows\System\ODLcrAC.exe
  2⤵
  PID:4408
- C:\Windows\System\auiBiDF.exe
  C:\Windows\System\auiBiDF.exe
  2⤵
  PID:4364
- C:\Windows\System\jdnjYpL.exe
  C:\Windows\System\jdnjYpL.exe
  2⤵
  PID:4432
- C:\Windows\System\ClSNYTk.exe
  C:\Windows\System\ClSNYTk.exe
  2⤵
  PID:4456
- C:\Windows\System\mBfchHP.exe
  C:\Windows\System\mBfchHP.exe
  2⤵
  PID:4476
- C:\Windows\System\jBPzavk.exe
  C:\Windows\System\jBPzavk.exe
  2⤵
  PID:4492
- C:\Windows\System\rKDSIEz.exe
  C:\Windows\System\rKDSIEz.exe
  2⤵
  PID:4516
- C:\Windows\System\YsrYQDG.exe
  C:\Windows\System\YsrYQDG.exe
  2⤵
  PID:4540
- C:\Windows\System\tKTJjdM.exe
  C:\Windows\System\tKTJjdM.exe
  2⤵
  PID:4560
- C:\Windows\System\aaAiFwn.exe
  C:\Windows\System\aaAiFwn.exe
  2⤵
  PID:4576
- C:\Windows\System\YHQzjQP.exe
  C:\Windows\System\YHQzjQP.exe
  2⤵
  PID:4596
- C:\Windows\System\PgLzlaG.exe
  C:\Windows\System\PgLzlaG.exe
  2⤵
  PID:4632
- C:\Windows\System\vLklGdS.exe
  C:\Windows\System\vLklGdS.exe
  2⤵
  PID:4656
- C:\Windows\System\uunJsLy.exe
  C:\Windows\System\uunJsLy.exe
  2⤵
  PID:4672
- C:\Windows\System\tiBSMkx.exe
  C:\Windows\System\tiBSMkx.exe
  2⤵
  PID:4696
- C:\Windows\System\ENmbvdw.exe
  C:\Windows\System\ENmbvdw.exe
  2⤵
  PID:4716
- C:\Windows\System\luoqMfF.exe
  C:\Windows\System\luoqMfF.exe
  2⤵
  PID:4736
- C:\Windows\System\jWYTPbE.exe
  C:\Windows\System\jWYTPbE.exe
  2⤵
  PID:4752
- C:\Windows\System\VcDzuIn.exe
  C:\Windows\System\VcDzuIn.exe
  2⤵
  PID:4780
- C:\Windows\System\rjUiWvL.exe
  C:\Windows\System\rjUiWvL.exe
  2⤵
  PID:4796
- C:\Windows\System\gfXnPHf.exe
  C:\Windows\System\gfXnPHf.exe
  2⤵
  PID:4816
- C:\Windows\System\RoPsKXN.exe
  C:\Windows\System\RoPsKXN.exe
  2⤵
  PID:4836
- C:\Windows\System\tbqnGrg.exe
  C:\Windows\System\tbqnGrg.exe
  2⤵
  PID:4856
- C:\Windows\System\EIpsbnY.exe
  C:\Windows\System\EIpsbnY.exe
  2⤵
  PID:4876
- C:\Windows\System\BPhwnfx.exe
  C:\Windows\System\BPhwnfx.exe
  2⤵
  PID:4896
- C:\Windows\System\lTIcFtN.exe
  C:\Windows\System\lTIcFtN.exe
  2⤵
  PID:4916
- C:\Windows\System\ObFmYKe.exe
  C:\Windows\System\ObFmYKe.exe
  2⤵
  PID:4932
- C:\Windows\System\sgieNat.exe
  C:\Windows\System\sgieNat.exe
  2⤵
  PID:4968
- C:\Windows\System\jyLrHfq.exe
  C:\Windows\System\jyLrHfq.exe
  2⤵
  PID:4952
- C:\Windows\System\CsblWdL.exe
  C:\Windows\System\CsblWdL.exe
  2⤵
  PID:4984
- C:\Windows\System\gCUpVKV.exe
  C:\Windows\System\gCUpVKV.exe
  2⤵
  PID:5000
- C:\Windows\System\STGaLeH.exe
  C:\Windows\System\STGaLeH.exe
  2⤵
  PID:5020
- C:\Windows\System\RTeqbyU.exe
  C:\Windows\System\RTeqbyU.exe
  2⤵
  PID:5036
- C:\Windows\System\PBQGWYN.exe
  C:\Windows\System\PBQGWYN.exe
  2⤵
  PID:5060
- C:\Windows\System\ZpPqBcZ.exe
  C:\Windows\System\ZpPqBcZ.exe
  2⤵
  PID:5076
- C:\Windows\System\PIqEszf.exe
  C:\Windows\System\PIqEszf.exe
  2⤵
  PID:3264
- C:\Windows\System\wSqabcS.exe
  C:\Windows\System\wSqabcS.exe
  2⤵
  PID:3652
- C:\Windows\System\ySHqQfF.exe
  C:\Windows\System\ySHqQfF.exe
  2⤵
  PID:300
- C:\Windows\System\rcYrqmm.exe
  C:\Windows\System\rcYrqmm.exe
  2⤵
  PID:4116
- C:\Windows\System\ethhpLo.exe
  C:\Windows\System\ethhpLo.exe
  2⤵
  PID:4080
- C:\Windows\System\VYRULhH.exe
  C:\Windows\System\VYRULhH.exe
  2⤵
  PID:4196
- C:\Windows\System\qVOAXTZ.exe
  C:\Windows\System\qVOAXTZ.exe
  2⤵
  PID:4256
- C:\Windows\System\LQKtNDY.exe
  C:\Windows\System\LQKtNDY.exe
  2⤵
  PID:4376
- C:\Windows\System\OYaibrs.exe
  C:\Windows\System\OYaibrs.exe
  2⤵
  PID:4176
- C:\Windows\System\eskAzwl.exe
  C:\Windows\System\eskAzwl.exe
  2⤵
  PID:4336
- C:\Windows\System\iEaHtHy.exe
  C:\Windows\System\iEaHtHy.exe
  2⤵
  PID:4424
- C:\Windows\System\lENIUMv.exe
  C:\Windows\System\lENIUMv.exe
  2⤵
  PID:4428
- C:\Windows\System\XpsiXas.exe
  C:\Windows\System\XpsiXas.exe
  2⤵
  PID:4472
- C:\Windows\System\jPlOKVn.exe
  C:\Windows\System\jPlOKVn.exe
  2⤵
  PID:4412
- C:\Windows\System\gdsSMfk.exe
  C:\Windows\System\gdsSMfk.exe
  2⤵
  PID:4556
- C:\Windows\System\BIBwpTV.exe
  C:\Windows\System\BIBwpTV.exe
  2⤵
  PID:4628
- C:\Windows\System\aUpxLEq.exe
  C:\Windows\System\aUpxLEq.exe
  2⤵
  PID:4688
- C:\Windows\System\uAzFSrK.exe
  C:\Windows\System\uAzFSrK.exe
  2⤵
  PID:4728
- C:\Windows\System\VDrJxDE.exe
  C:\Windows\System\VDrJxDE.exe
  2⤵
  PID:4808
- C:\Windows\System\CFVLaBs.exe
  C:\Windows\System\CFVLaBs.exe
  2⤵
  PID:4488
- C:\Windows\System\YmohqjM.exe
  C:\Windows\System\YmohqjM.exe
  2⤵
  PID:4568
- C:\Windows\System\jnAumjf.exe
  C:\Windows\System\jnAumjf.exe
  2⤵
  PID:4624
- C:\Windows\System\UyOcmzK.exe
  C:\Windows\System\UyOcmzK.exe
  2⤵
  PID:4668
- C:\Windows\System\DMXHPuy.exe
  C:\Windows\System\DMXHPuy.exe
  2⤵
  PID:4960
- C:\Windows\System\vGcYGwR.exe
  C:\Windows\System\vGcYGwR.exe
  2⤵
  PID:5068
- C:\Windows\System\MYqSqqG.exe
  C:\Windows\System\MYqSqqG.exe
  2⤵
  PID:4788
- C:\Windows\System\PhCMJsb.exe
  C:\Windows\System\PhCMJsb.exe
  2⤵
  PID:4824
- C:\Windows\System\GPQcoVE.exe
  C:\Windows\System\GPQcoVE.exe
  2⤵
  PID:4904
- C:\Windows\System\vWwWVwp.exe
  C:\Windows\System\vWwWVwp.exe
  2⤵
  PID:3280
- C:\Windows\System\xtbHWjh.exe
  C:\Windows\System\xtbHWjh.exe
  2⤵
  PID:5056
- C:\Windows\System\EcSZUMq.exe
  C:\Windows\System\EcSZUMq.exe
  2⤵
  PID:4976
- C:\Windows\System\dPsbQIY.exe
  C:\Windows\System\dPsbQIY.exe
  2⤵
  PID:5012
- C:\Windows\System\beJWnkA.exe
  C:\Windows\System\beJWnkA.exe
  2⤵
  PID:3728
- C:\Windows\System\dneidvw.exe
  C:\Windows\System\dneidvw.exe
  2⤵
  PID:3988
- C:\Windows\System\ZONitAp.exe
  C:\Windows\System\ZONitAp.exe
  2⤵
  PID:4104
- C:\Windows\System\XnUjElg.exe
  C:\Windows\System\XnUjElg.exe
  2⤵
  PID:3588
- C:\Windows\System\PUeWizF.exe
  C:\Windows\System\PUeWizF.exe
  2⤵
  PID:4332
- C:\Windows\System\BlhZmuQ.exe
  C:\Windows\System\BlhZmuQ.exe
  2⤵
  PID:4348
- C:\Windows\System\pxJsLBW.exe
  C:\Windows\System\pxJsLBW.exe
  2⤵
  PID:4396
- C:\Windows\System\JzWRikE.exe
  C:\Windows\System\JzWRikE.exe
  2⤵
  PID:4464
- C:\Windows\System\PjaOrNc.exe
  C:\Windows\System\PjaOrNc.exe
  2⤵
  PID:4724
- C:\Windows\System\LKEZzGB.exe
  C:\Windows\System\LKEZzGB.exe
  2⤵
  PID:4684
- C:\Windows\System\deHgPhb.exe
  C:\Windows\System\deHgPhb.exe
  2⤵
  PID:4768
- C:\Windows\System\xNmmqKO.exe
  C:\Windows\System\xNmmqKO.exe
  2⤵
  PID:4572
- C:\Windows\System\tRQDrBX.exe
  C:\Windows\System\tRQDrBX.exe
  2⤵
  PID:4536
- C:\Windows\System\DXaLOQj.exe
  C:\Windows\System\DXaLOQj.exe
  2⤵
  PID:4664
- C:\Windows\System\MhXhELE.exe
  C:\Windows\System\MhXhELE.exe
  2⤵
  PID:4748
- C:\Windows\System\ygmNJZL.exe
  C:\Windows\System\ygmNJZL.exe
  2⤵
  PID:5108
- C:\Windows\System\qfrkOtJ.exe
  C:\Windows\System\qfrkOtJ.exe
  2⤵
  PID:5048
- C:\Windows\System\QdzvJJU.exe
  C:\Windows\System\QdzvJJU.exe
  2⤵
  PID:5052
- C:\Windows\System\fSUhNbt.exe
  C:\Windows\System\fSUhNbt.exe
  2⤵
  PID:5112
- C:\Windows\System\gLaJkOp.exe
  C:\Windows\System\gLaJkOp.exe
  2⤵
  PID:5140
- C:\Windows\System\ZYnZIuR.exe
  C:\Windows\System\ZYnZIuR.exe
  2⤵
  PID:5156
- C:\Windows\System\LhEthMS.exe
  C:\Windows\System\LhEthMS.exe
  2⤵
  PID:5176
- C:\Windows\System\wwYFUTs.exe
  C:\Windows\System\wwYFUTs.exe
  2⤵
  PID:5192
- C:\Windows\System\ofunIZG.exe
  C:\Windows\System\ofunIZG.exe
  2⤵
  PID:5212
- C:\Windows\System\ZpKlUMh.exe
  C:\Windows\System\ZpKlUMh.exe
  2⤵
  PID:5232
- C:\Windows\System\AIfgVFx.exe
  C:\Windows\System\AIfgVFx.exe
  2⤵
  PID:5248
- C:\Windows\System\qtnEjHJ.exe
  C:\Windows\System\qtnEjHJ.exe
  2⤵
  PID:5272
- C:\Windows\System\agCKhDG.exe
  C:\Windows\System\agCKhDG.exe
  2⤵
  PID:5292
- C:\Windows\System\AfFXxsc.exe
  C:\Windows\System\AfFXxsc.exe
  2⤵
  PID:5316
- C:\Windows\System\oywPuXS.exe
  C:\Windows\System\oywPuXS.exe
  2⤵
  PID:5336
- C:\Windows\System\oSllXll.exe
  C:\Windows\System\oSllXll.exe
  2⤵
  PID:5352
- C:\Windows\System\bfisagt.exe
  C:\Windows\System\bfisagt.exe
  2⤵
  PID:5376
- C:\Windows\System\mshZlno.exe
  C:\Windows\System\mshZlno.exe
  2⤵
  PID:5400
- C:\Windows\System\UaYihTX.exe
  C:\Windows\System\UaYihTX.exe
  2⤵
  PID:5420
- C:\Windows\System\yiCrJPb.exe
  C:\Windows\System\yiCrJPb.exe
  2⤵
  PID:5436
- C:\Windows\System\BdmczEl.exe
  C:\Windows\System\BdmczEl.exe
  2⤵
  PID:5460
- C:\Windows\System\EQeuWEV.exe
  C:\Windows\System\EQeuWEV.exe
  2⤵
  PID:5476
- C:\Windows\System\fOvMhNM.exe
  C:\Windows\System\fOvMhNM.exe
  2⤵
  PID:5500
- C:\Windows\System\uuGfHmq.exe
  C:\Windows\System\uuGfHmq.exe
  2⤵
  PID:5516
- C:\Windows\System\aKUyXnW.exe
  C:\Windows\System\aKUyXnW.exe
  2⤵
  PID:5536
- C:\Windows\System\SRPGenS.exe
  C:\Windows\System\SRPGenS.exe
  2⤵
  PID:5556
- C:\Windows\System\xjJgMqC.exe
  C:\Windows\System\xjJgMqC.exe
  2⤵
  PID:5576
- C:\Windows\System\UEIwmKn.exe
  C:\Windows\System\UEIwmKn.exe
  2⤵
  PID:5596
- C:\Windows\System\eZGiIoE.exe
  C:\Windows\System\eZGiIoE.exe
  2⤵
  PID:5620
- C:\Windows\System\erdfpME.exe
  C:\Windows\System\erdfpME.exe
  2⤵
  PID:5636
- C:\Windows\System\JZRgYQw.exe
  C:\Windows\System\JZRgYQw.exe
  2⤵
  PID:5656
- C:\Windows\System\nzsYEze.exe
  C:\Windows\System\nzsYEze.exe
  2⤵
  PID:5680
- C:\Windows\System\GxrPaRo.exe
  C:\Windows\System\GxrPaRo.exe
  2⤵
  PID:5700
- C:\Windows\System\vOxuTxk.exe
  C:\Windows\System\vOxuTxk.exe
  2⤵
  PID:5716
- C:\Windows\System\jYOHtJT.exe
  C:\Windows\System\jYOHtJT.exe
  2⤵
  PID:5736
- C:\Windows\System\NLhBLGy.exe
  C:\Windows\System\NLhBLGy.exe
  2⤵
  PID:5760
- C:\Windows\System\ApTiPNg.exe
  C:\Windows\System\ApTiPNg.exe
  2⤵
  PID:5780
- C:\Windows\System\gWOGbfw.exe
  C:\Windows\System\gWOGbfw.exe
  2⤵
  PID:5804
- C:\Windows\System\LoULrgO.exe
  C:\Windows\System\LoULrgO.exe
  2⤵
  PID:5824
- C:\Windows\System\Uhtnuvx.exe
  C:\Windows\System\Uhtnuvx.exe
  2⤵
  PID:5844
- C:\Windows\System\hzwyGoH.exe
  C:\Windows\System\hzwyGoH.exe
  2⤵
  PID:5864
- C:\Windows\System\wciEjbI.exe
  C:\Windows\System\wciEjbI.exe
  2⤵
  PID:5884
- C:\Windows\System\LtnrUNU.exe
  C:\Windows\System\LtnrUNU.exe
  2⤵
  PID:5904
- C:\Windows\System\rLFsTHE.exe
  C:\Windows\System\rLFsTHE.exe
  2⤵
  PID:5920
- C:\Windows\System\obNkxcC.exe
  C:\Windows\System\obNkxcC.exe
  2⤵
  PID:5944
- C:\Windows\System\CPlixJS.exe
  C:\Windows\System\CPlixJS.exe
  2⤵
  PID:5964
- C:\Windows\System\AkgpuyP.exe
  C:\Windows\System\AkgpuyP.exe
  2⤵
  PID:5984
- C:\Windows\System\MhJUhRo.exe
  C:\Windows\System\MhJUhRo.exe
  2⤵
  PID:6004
- C:\Windows\System\TmdNWFM.exe
  C:\Windows\System\TmdNWFM.exe
  2⤵
  PID:6020
- C:\Windows\System\oRYRTca.exe
  C:\Windows\System\oRYRTca.exe
  2⤵
  PID:6044
- C:\Windows\System\mpAwsZB.exe
  C:\Windows\System\mpAwsZB.exe
  2⤵
  PID:6060
- C:\Windows\System\XZUSVsM.exe
  C:\Windows\System\XZUSVsM.exe
  2⤵
  PID:6084
- C:\Windows\System\cMzJxQG.exe
  C:\Windows\System\cMzJxQG.exe
  2⤵
  PID:6104
- C:\Windows\System\QasbvQl.exe
  C:\Windows\System\QasbvQl.exe
  2⤵
  PID:6120
- C:\Windows\System\wKkAHyO.exe
  C:\Windows\System\wKkAHyO.exe
  2⤵
  PID:4980
- C:\Windows\System\qTJtKrz.exe
  C:\Windows\System\qTJtKrz.exe
  2⤵
  PID:3392
- C:\Windows\System\eYUxwsj.exe
  C:\Windows\System\eYUxwsj.exe
  2⤵
  PID:4328
- C:\Windows\System\LsiPzuG.exe
  C:\Windows\System\LsiPzuG.exe
  2⤵
  PID:4436
- C:\Windows\System\xcTxLoF.exe
  C:\Windows\System\xcTxLoF.exe
  2⤵
  PID:4548
- C:\Windows\System\YOoahim.exe
  C:\Windows\System\YOoahim.exe
  2⤵
  PID:4356
- C:\Windows\System\LHyWTxi.exe
  C:\Windows\System\LHyWTxi.exe
  2⤵
  PID:4700
- C:\Windows\System\QZIurGT.exe
  C:\Windows\System\QZIurGT.exe
  2⤵
  PID:4852
- C:\Windows\System\JZheJkr.exe
  C:\Windows\System\JZheJkr.exe
  2⤵
  PID:4832
- C:\Windows\System\aTDrTLf.exe
  C:\Windows\System\aTDrTLf.exe
  2⤵
  PID:4532
- C:\Windows\System\OeqpXIO.exe
  C:\Windows\System\OeqpXIO.exe
  2⤵
  PID:5132
- C:\Windows\System\FLPIBap.exe
  C:\Windows\System\FLPIBap.exe
  2⤵
  PID:4944
- C:\Windows\System\fGZTaxr.exe
  C:\Windows\System\fGZTaxr.exe
  2⤵
  PID:5148
- C:\Windows\System\BFqUmZI.exe
  C:\Windows\System\BFqUmZI.exe
  2⤵
  PID:5152
- C:\Windows\System\KrZstqT.exe
  C:\Windows\System\KrZstqT.exe
  2⤵
  PID:5280
- C:\Windows\System\UEmeUSj.exe
  C:\Windows\System\UEmeUSj.exe
  2⤵
  PID:5228
- C:\Windows\System\EQsoFpq.exe
  C:\Windows\System\EQsoFpq.exe
  2⤵
  PID:5268
- C:\Windows\System\QgiXeRr.exe
  C:\Windows\System\QgiXeRr.exe
  2⤵
  PID:5304
- C:\Windows\System\AwrxBzp.exe
  C:\Windows\System\AwrxBzp.exe
  2⤵
  PID:5332
- C:\Windows\System\anOVtmr.exe
  C:\Windows\System\anOVtmr.exe
  2⤵
  PID:5372
- C:\Windows\System\yJpBuMZ.exe
  C:\Windows\System\yJpBuMZ.exe
  2⤵
  PID:5392
- C:\Windows\System\yrshtYF.exe
  C:\Windows\System\yrshtYF.exe
  2⤵
  PID:5444
- C:\Windows\System\tGiUBYw.exe
  C:\Windows\System\tGiUBYw.exe
  2⤵
  PID:5432
- C:\Windows\System\NWmFnvx.exe
  C:\Windows\System\NWmFnvx.exe
  2⤵
  PID:5468
- C:\Windows\System\TdfSLjH.exe
  C:\Windows\System\TdfSLjH.exe
  2⤵
  PID:5512
- C:\Windows\System\mXKIocY.exe
  C:\Windows\System\mXKIocY.exe
  2⤵
  PID:5568
- C:\Windows\System\AWGsJbR.exe
  C:\Windows\System\AWGsJbR.exe
  2⤵
  PID:5604
- C:\Windows\System\BVkvErT.exe
  C:\Windows\System\BVkvErT.exe
  2⤵
  PID:5628
- C:\Windows\System\icaOWzd.exe
  C:\Windows\System\icaOWzd.exe
  2⤵
  PID:5688
- C:\Windows\System\azMDUio.exe
  C:\Windows\System\azMDUio.exe
  2⤵
  PID:5676
- C:\Windows\System\hlHqLje.exe
  C:\Windows\System\hlHqLje.exe
  2⤵
  PID:5708
- C:\Windows\System\HeqYnFv.exe
  C:\Windows\System\HeqYnFv.exe
  2⤵
  PID:5752
- C:\Windows\System\IODelIn.exe
  C:\Windows\System\IODelIn.exe
  2⤵
  PID:5812
- C:\Windows\System\EyVmrzW.exe
  C:\Windows\System\EyVmrzW.exe
  2⤵
  PID:5860
- C:\Windows\System\BGPhkGK.exe
  C:\Windows\System\BGPhkGK.exe
  2⤵
  PID:5856
- C:\Windows\System\dqlkOqz.exe
  C:\Windows\System\dqlkOqz.exe
  2⤵
  PID:5880
- C:\Windows\System\aRNFUcF.exe
  C:\Windows\System\aRNFUcF.exe
  2⤵
  PID:5936
- C:\Windows\System\DBTrYFe.exe
  C:\Windows\System\DBTrYFe.exe
  2⤵
  PID:5952
- C:\Windows\System\ZUxILed.exe
  C:\Windows\System\ZUxILed.exe
  2⤵
  PID:5960
- C:\Windows\System\ekshLvQ.exe
  C:\Windows\System\ekshLvQ.exe
  2⤵
  PID:6028
- C:\Windows\System\XgKgRGg.exe
  C:\Windows\System\XgKgRGg.exe
  2⤵
  PID:6100
- C:\Windows\System\YYqezsI.exe
  C:\Windows\System\YYqezsI.exe
  2⤵
  PID:6132
- C:\Windows\System\GUpFAKS.exe
  C:\Windows\System\GUpFAKS.exe
  2⤵
  PID:6112
- C:\Windows\System\nKOBUGS.exe
  C:\Windows\System\nKOBUGS.exe
  2⤵
  PID:1744
- C:\Windows\System\OSMxgni.exe
  C:\Windows\System\OSMxgni.exe
  2⤵
  PID:4484
- C:\Windows\System\hozHWwm.exe
  C:\Windows\System\hozHWwm.exe
  2⤵
  PID:4444
- C:\Windows\System\gYzkllM.exe
  C:\Windows\System\gYzkllM.exe
  2⤵
  PID:4420
- C:\Windows\System\udnLXow.exe
  C:\Windows\System\udnLXow.exe
  2⤵
  PID:4308
- C:\Windows\System\OKFJRoz.exe
  C:\Windows\System\OKFJRoz.exe
  2⤵
  PID:4908
- C:\Windows\System\devneoB.exe
  C:\Windows\System\devneoB.exe
  2⤵
  PID:5208
- C:\Windows\System\IvuYOib.exe
  C:\Windows\System\IvuYOib.exe
  2⤵
  PID:4996
- C:\Windows\System\QTcRAWx.exe
  C:\Windows\System\QTcRAWx.exe
  2⤵
  PID:5256
- C:\Windows\System\MmOIlIG.exe
  C:\Windows\System\MmOIlIG.exe
  2⤵
  PID:5300
- C:\Windows\System\yVdXCNw.exe
  C:\Windows\System\yVdXCNw.exe
  2⤵
  PID:5288
- C:\Windows\System\kihEPPw.exe
  C:\Windows\System\kihEPPw.exe
  2⤵
  PID:5416
- C:\Windows\System\wcmNdWQ.exe
  C:\Windows\System\wcmNdWQ.exe
  2⤵
  PID:1856
- C:\Windows\System\KohRcEn.exe
  C:\Windows\System\KohRcEn.exe
  2⤵
  PID:5488
- C:\Windows\System\KJXfBcy.exe
  C:\Windows\System\KJXfBcy.exe
  2⤵
  PID:5552
- C:\Windows\System\slMyOKL.exe
  C:\Windows\System\slMyOKL.exe
  2⤵
  PID:5592
- C:\Windows\System\oMnTBzv.exe
  C:\Windows\System\oMnTBzv.exe
  2⤵
  PID:5652
- C:\Windows\System\kFtyDjb.exe
  C:\Windows\System\kFtyDjb.exe
  2⤵
  PID:5692
- C:\Windows\System\UhHVLbK.exe
  C:\Windows\System\UhHVLbK.exe
  2⤵
  PID:5776
- C:\Windows\System\yspfVDc.exe
  C:\Windows\System\yspfVDc.exe
  2⤵
  PID:5832
- C:\Windows\System\ygBZsmJ.exe
  C:\Windows\System\ygBZsmJ.exe
  2⤵
  PID:2536
- C:\Windows\System\LETlWtf.exe
  C:\Windows\System\LETlWtf.exe
  2⤵
  PID:5932
- C:\Windows\System\UxDXvGc.exe
  C:\Windows\System\UxDXvGc.exe
  2⤵
  PID:5916
- C:\Windows\System\WCPDLeB.exe
  C:\Windows\System\WCPDLeB.exe
  2⤵
  PID:1600
- C:\Windows\System\KuGGYru.exe
  C:\Windows\System\KuGGYru.exe
  2⤵
  PID:6092
- C:\Windows\System\IGwCrrt.exe
  C:\Windows\System\IGwCrrt.exe
  2⤵
  PID:6072
- C:\Windows\System\OEyWPaR.exe
  C:\Windows\System\OEyWPaR.exe
  2⤵
  PID:4240
- C:\Windows\System\jUwqEdA.exe
  C:\Windows\System\jUwqEdA.exe
  2⤵
  PID:4888
- C:\Windows\System\VjriqAc.exe
  C:\Windows\System\VjriqAc.exe
  2⤵
  PID:4848
- C:\Windows\System\DlQfnMe.exe
  C:\Windows\System\DlQfnMe.exe
  2⤵
  PID:5800
- C:\Windows\System\ikjFfew.exe
  C:\Windows\System\ikjFfew.exe
  2⤵
  PID:4868
- C:\Windows\System\yVzXSXb.exe
  C:\Windows\System\yVzXSXb.exe
  2⤵
  PID:5240
- C:\Windows\System\LFkmNqT.exe
  C:\Windows\System\LFkmNqT.exe
  2⤵
  PID:5448
- C:\Windows\System\mqzQLuq.exe
  C:\Windows\System\mqzQLuq.exe
  2⤵
  PID:5412
- C:\Windows\System\aVkasjZ.exe
  C:\Windows\System\aVkasjZ.exe
  2⤵
  PID:5572
- C:\Windows\System\BZiraHq.exe
  C:\Windows\System\BZiraHq.exe
  2⤵
  PID:5696
- C:\Windows\System\RrpvDkB.exe
  C:\Windows\System\RrpvDkB.exe
  2⤵
  PID:5648
- C:\Windows\System\xctFSQx.exe
  C:\Windows\System\xctFSQx.exe
  2⤵
  PID:5768
- C:\Windows\System\SnvMfMj.exe
  C:\Windows\System\SnvMfMj.exe
  2⤵
  PID:5900
- C:\Windows\System\NXKqBdD.exe
  C:\Windows\System\NXKqBdD.exe
  2⤵
  PID:6152
- C:\Windows\System\jSioQKM.exe
  C:\Windows\System\jSioQKM.exe
  2⤵
  PID:6172
- C:\Windows\System\ylebrkS.exe
  C:\Windows\System\ylebrkS.exe
  2⤵
  PID:6192
- C:\Windows\System\huqpKcY.exe
  C:\Windows\System\huqpKcY.exe
  2⤵
  PID:6208
- C:\Windows\System\iPhDIua.exe
  C:\Windows\System\iPhDIua.exe
  2⤵
  PID:6232
- C:\Windows\System\jRNrArD.exe
  C:\Windows\System\jRNrArD.exe
  2⤵
  PID:6248
- C:\Windows\System\BSaHWfj.exe
  C:\Windows\System\BSaHWfj.exe
  2⤵
  PID:6268
- C:\Windows\System\SLFIJfN.exe
  C:\Windows\System\SLFIJfN.exe
  2⤵
  PID:6284
- C:\Windows\System\pDPNtGf.exe
  C:\Windows\System\pDPNtGf.exe
  2⤵
  PID:6304
- C:\Windows\System\zPEYlKN.exe
  C:\Windows\System\zPEYlKN.exe
  2⤵
  PID:6324
- C:\Windows\System\pKdmrUT.exe
  C:\Windows\System\pKdmrUT.exe
  2⤵
  PID:6344
- C:\Windows\System\KCUZllv.exe
  C:\Windows\System\KCUZllv.exe
  2⤵
  PID:6360
- C:\Windows\System\bYSorMa.exe
  C:\Windows\System\bYSorMa.exe
  2⤵
  PID:6388
- C:\Windows\System\QEwOsYa.exe
  C:\Windows\System\QEwOsYa.exe
  2⤵
  PID:6412
- C:\Windows\System\JCCirzN.exe
  C:\Windows\System\JCCirzN.exe
  2⤵
  PID:6432
- C:\Windows\System\Thfurhs.exe
  C:\Windows\System\Thfurhs.exe
  2⤵
  PID:6452
- C:\Windows\System\vaCbhUu.exe
  C:\Windows\System\vaCbhUu.exe
  2⤵
  PID:6476
- C:\Windows\System\txMEoFa.exe
  C:\Windows\System\txMEoFa.exe
  2⤵
  PID:6492
- C:\Windows\System\cGDlQPr.exe
  C:\Windows\System\cGDlQPr.exe
  2⤵
  PID:6512
- C:\Windows\System\lnzwzuI.exe
  C:\Windows\System\lnzwzuI.exe
  2⤵
  PID:6528
- C:\Windows\System\BDrCOpy.exe
  C:\Windows\System\BDrCOpy.exe
  2⤵
  PID:6552
- C:\Windows\System\DgjqgwR.exe
  C:\Windows\System\DgjqgwR.exe
  2⤵
  PID:6568
- C:\Windows\System\YIkXnPO.exe
  C:\Windows\System\YIkXnPO.exe
  2⤵
  PID:6584
- C:\Windows\System\HdOtjnb.exe
  C:\Windows\System\HdOtjnb.exe
  2⤵
  PID:6600
- C:\Windows\System\WjMMsSz.exe
  C:\Windows\System\WjMMsSz.exe
  2⤵
  PID:6624
- C:\Windows\System\nqnCHhZ.exe
  C:\Windows\System\nqnCHhZ.exe
  2⤵
  PID:6644
- C:\Windows\System\rYVzHaF.exe
  C:\Windows\System\rYVzHaF.exe
  2⤵
  PID:6668
- C:\Windows\System\ErhgjlB.exe
  C:\Windows\System\ErhgjlB.exe
  2⤵
  PID:6692
- C:\Windows\System\uOyLNvB.exe
  C:\Windows\System\uOyLNvB.exe
  2⤵
  PID:6716
- C:\Windows\System\tUXouaE.exe
  C:\Windows\System\tUXouaE.exe
  2⤵
  PID:6736
- C:\Windows\System\NNuxlIX.exe
  C:\Windows\System\NNuxlIX.exe
  2⤵
  PID:6752
- C:\Windows\System\jHTPGqy.exe
  C:\Windows\System\jHTPGqy.exe
  2⤵
  PID:6772
- C:\Windows\System\aExYZHS.exe
  C:\Windows\System\aExYZHS.exe
  2⤵
  PID:6792
- C:\Windows\System\FSnpgRZ.exe
  C:\Windows\System\FSnpgRZ.exe
  2⤵
  PID:6812
- C:\Windows\System\nSgaixp.exe
  C:\Windows\System\nSgaixp.exe
  2⤵
  PID:6828
- C:\Windows\System\VRZbjvK.exe
  C:\Windows\System\VRZbjvK.exe
  2⤵
  PID:6848
- C:\Windows\System\WcTcvkD.exe
  C:\Windows\System\WcTcvkD.exe
  2⤵
  PID:6876
- C:\Windows\System\foZxAhq.exe
  C:\Windows\System\foZxAhq.exe
  2⤵
  PID:6892
- C:\Windows\System\sZLrEoy.exe
  C:\Windows\System\sZLrEoy.exe
  2⤵
  PID:6912
- C:\Windows\System\hsXiagx.exe
  C:\Windows\System\hsXiagx.exe
  2⤵
  PID:6932
- C:\Windows\System\ZmfVjOc.exe
  C:\Windows\System\ZmfVjOc.exe
  2⤵
  PID:6956
- C:\Windows\System\MhbPMGT.exe
  C:\Windows\System\MhbPMGT.exe
  2⤵
  PID:6976
- C:\Windows\System\coElCPN.exe
  C:\Windows\System\coElCPN.exe
  2⤵
  PID:6992
- C:\Windows\System\COPCeFG.exe
  C:\Windows\System\COPCeFG.exe
  2⤵
  PID:7016
- C:\Windows\System\OflBEAz.exe
  C:\Windows\System\OflBEAz.exe
  2⤵
  PID:7036
- C:\Windows\System\KpRXAJm.exe
  C:\Windows\System\KpRXAJm.exe
  2⤵
  PID:7052
- C:\Windows\System\WHAcjjv.exe
  C:\Windows\System\WHAcjjv.exe
  2⤵
  PID:7072
- C:\Windows\System\kBsEFeu.exe
  C:\Windows\System\kBsEFeu.exe
  2⤵
  PID:7088
- C:\Windows\System\vazzPox.exe
  C:\Windows\System\vazzPox.exe
  2⤵
  PID:7108
- C:\Windows\System\plrLPHc.exe
  C:\Windows\System\plrLPHc.exe
  2⤵
  PID:7124
- C:\Windows\System\dGPKzzT.exe
  C:\Windows\System\dGPKzzT.exe
  2⤵
  PID:7144
- C:\Windows\System\ELgocVO.exe
  C:\Windows\System\ELgocVO.exe
  2⤵
  PID:5972
- C:\Windows\System\kgFORKx.exe
  C:\Windows\System\kgFORKx.exe
  2⤵
  PID:6000
- C:\Windows\System\nFoCFvR.exe
  C:\Windows\System\nFoCFvR.exe
  2⤵
  PID:4592
- C:\Windows\System\MtInubk.exe
  C:\Windows\System\MtInubk.exe
  2⤵
  PID:4216
- C:\Windows\System\foVgWhh.exe
  C:\Windows\System\foVgWhh.exe
  2⤵
  PID:5324
- C:\Windows\System\imQvOdj.exe
  C:\Windows\System\imQvOdj.exe
  2⤵
  PID:3604
- C:\Windows\System\dUWaXpQ.exe
  C:\Windows\System\dUWaXpQ.exe
  2⤵
  PID:5168
- C:\Windows\System\MZqEvMJ.exe
  C:\Windows\System\MZqEvMJ.exe
  2⤵
  PID:5524
- C:\Windows\System\TKTdMMN.exe
  C:\Windows\System\TKTdMMN.exe
  2⤵
  PID:5820
- C:\Windows\System\hDGKWRt.exe
  C:\Windows\System\hDGKWRt.exe
  2⤵
  PID:5396
- C:\Windows\System\XoacLad.exe
  C:\Windows\System\XoacLad.exe
  2⤵
  PID:5956
- C:\Windows\System\iWuNlva.exe
  C:\Windows\System\iWuNlva.exe
  2⤵
  PID:6216
- C:\Windows\System\hKemJZc.exe
  C:\Windows\System\hKemJZc.exe
  2⤵
  PID:6256
- C:\Windows\System\FSpJmJX.exe
  C:\Windows\System\FSpJmJX.exe
  2⤵
  PID:6300
- C:\Windows\System\nXUVgyX.exe
  C:\Windows\System\nXUVgyX.exe
  2⤵
  PID:6340
- C:\Windows\System\jVxxMyj.exe
  C:\Windows\System\jVxxMyj.exe
  2⤵
  PID:5616
- C:\Windows\System\MmIizvC.exe
  C:\Windows\System\MmIizvC.exe
  2⤵
  PID:5896
- C:\Windows\System\kPLheWl.exe
  C:\Windows\System\kPLheWl.exe
  2⤵
  PID:6168
- C:\Windows\System\riUgRlV.exe
  C:\Windows\System\riUgRlV.exe
  2⤵
  PID:6244
- C:\Windows\System\fYamqFB.exe
  C:\Windows\System\fYamqFB.exe
  2⤵
  PID:6460
- C:\Windows\System\kaTTBDG.exe
  C:\Windows\System\kaTTBDG.exe
  2⤵
  PID:6500
- C:\Windows\System\OIkBfEb.exe
  C:\Windows\System\OIkBfEb.exe
  2⤵
  PID:6540
- C:\Windows\System\JOpfvIa.exe
  C:\Windows\System\JOpfvIa.exe
  2⤵
  PID:6320
- C:\Windows\System\ufQCXqp.exe
  C:\Windows\System\ufQCXqp.exe
  2⤵
  PID:6276
- C:\Windows\System\JZklrfg.exe
  C:\Windows\System\JZklrfg.exe
  2⤵
  PID:6400
- C:\Windows\System\VHUmmpY.exe
  C:\Windows\System\VHUmmpY.exe
  2⤵
  PID:6440
- C:\Windows\System\LMxUIkN.exe
  C:\Windows\System\LMxUIkN.exe
  2⤵
  PID:6484
- C:\Windows\System\GMTwWcm.exe
  C:\Windows\System\GMTwWcm.exe
  2⤵
  PID:6620
- C:\Windows\System\MTjiuUe.exe
  C:\Windows\System\MTjiuUe.exe
  2⤵
  PID:6652
- C:\Windows\System\xICulav.exe
  C:\Windows\System\xICulav.exe
  2⤵
  PID:6592
- C:\Windows\System\kcUrMGA.exe
  C:\Windows\System\kcUrMGA.exe
  2⤵
  PID:6640
- C:\Windows\System\IWoOYcP.exe
  C:\Windows\System\IWoOYcP.exe
  2⤵
  PID:6680
- C:\Windows\System\zWsDZzE.exe
  C:\Windows\System\zWsDZzE.exe
  2⤵
  PID:6712
- C:\Windows\System\LsTsFcx.exe
  C:\Windows\System\LsTsFcx.exe
  2⤵
  PID:6744
- C:\Windows\System\yvwsdpf.exe
  C:\Windows\System\yvwsdpf.exe
  2⤵
  PID:6372
- C:\Windows\System\hNSrrXz.exe
  C:\Windows\System\hNSrrXz.exe
  2⤵
  PID:6824
- C:\Windows\System\nluXpXy.exe
  C:\Windows\System\nluXpXy.exe
  2⤵
  PID:6872
- C:\Windows\System\eMbtdau.exe
  C:\Windows\System\eMbtdau.exe
  2⤵
  PID:6732
- C:\Windows\System\ropeAEs.exe
  C:\Windows\System\ropeAEs.exe
  2⤵
  PID:6800
- C:\Windows\System\NRAKdPZ.exe
  C:\Windows\System\NRAKdPZ.exe
  2⤵
  PID:6844
- C:\Windows\System\bXFWWme.exe
  C:\Windows\System\bXFWWme.exe
  2⤵
  PID:6940
- C:\Windows\System\mgQilhe.exe
  C:\Windows\System\mgQilhe.exe
  2⤵
  PID:6984
- C:\Windows\System\OFWFZJy.exe
  C:\Windows\System\OFWFZJy.exe
  2⤵
  PID:6920
- C:\Windows\System\IsjIzuh.exe
  C:\Windows\System\IsjIzuh.exe
  2⤵
  PID:6968
- C:\Windows\System\sLKiVdT.exe
  C:\Windows\System\sLKiVdT.exe
  2⤵
  PID:7032
- C:\Windows\System\YCQhUvI.exe
  C:\Windows\System\YCQhUvI.exe
  2⤵
  PID:7068
- C:\Windows\System\gvXjVaQ.exe
  C:\Windows\System\gvXjVaQ.exe
  2⤵
  PID:3184
- C:\Windows\System\zpdruPV.exe
  C:\Windows\System\zpdruPV.exe
  2⤵
  PID:3456
- C:\Windows\System\wthmenX.exe
  C:\Windows\System\wthmenX.exe
  2⤵
  PID:7012
- C:\Windows\System\VqAVgyS.exe
  C:\Windows\System\VqAVgyS.exe
  2⤵
  PID:7120
- C:\Windows\System\vPSlPVg.exe
  C:\Windows\System\vPSlPVg.exe
  2⤵
  PID:7080
- C:\Windows\System\qnpjdAQ.exe
  C:\Windows\System\qnpjdAQ.exe
  2⤵
  PID:7160
- C:\Windows\System\NjmGddA.exe
  C:\Windows\System\NjmGddA.exe
  2⤵
  PID:5940
- C:\Windows\System\tEymaiY.exe
  C:\Windows\System\tEymaiY.exe
  2⤵
  PID:6136
- C:\Windows\System\AfAUlXV.exe
  C:\Windows\System\AfAUlXV.exe
  2⤵
  PID:5308
- C:\Windows\System\ijFfgko.exe
  C:\Windows\System\ijFfgko.exe
  2⤵
  PID:4844
- C:\Windows\System\yMTdLyF.exe
  C:\Windows\System\yMTdLyF.exe
  2⤵
  PID:5496
- C:\Windows\System\QhdzbGT.exe
  C:\Windows\System\QhdzbGT.exe
  2⤵
  PID:5508
- C:\Windows\System\rJzBIqg.exe
  C:\Windows\System\rJzBIqg.exe
  2⤵
  PID:3056
- C:\Windows\System\psQZBgd.exe
  C:\Windows\System\psQZBgd.exe
  2⤵
  PID:6264
- C:\Windows\System\apESekg.exe
  C:\Windows\System\apESekg.exe
  2⤵
  PID:5724
- C:\Windows\System\muLmatE.exe
  C:\Windows\System\muLmatE.exe
  2⤵
  PID:5116
- C:\Windows\System\UexuniK.exe
  C:\Windows\System\UexuniK.exe
  2⤵
  PID:6428
- C:\Windows\System\YOqvHME.exe
  C:\Windows\System\YOqvHME.exe
  2⤵
  PID:2424
- C:\Windows\System\JPzAega.exe
  C:\Windows\System\JPzAega.exe
  2⤵
  PID:6536
- C:\Windows\System\ObdrWcw.exe
  C:\Windows\System\ObdrWcw.exe
  2⤵
  PID:6280
- C:\Windows\System\vaFWwvH.exe
  C:\Windows\System\vaFWwvH.exe
  2⤵
  PID:6396
- C:\Windows\System\ETFNOsM.exe
  C:\Windows\System\ETFNOsM.exe
  2⤵
  PID:6608
- C:\Windows\System\Hbhadxu.exe
  C:\Windows\System\Hbhadxu.exe
  2⤵
  PID:6564
- C:\Windows\System\ZzRqoqu.exe
  C:\Windows\System\ZzRqoqu.exe
  2⤵
  PID:6524
- C:\Windows\System\ClMNSLQ.exe
  C:\Windows\System\ClMNSLQ.exe
  2⤵
  PID:6700
- C:\Windows\System\zbxcAPJ.exe
  C:\Windows\System\zbxcAPJ.exe
  2⤵
  PID:6784
- C:\Windows\System\QsDrlIY.exe
  C:\Windows\System\QsDrlIY.exe
  2⤵
  PID:6864
- C:\Windows\System\TYhpCIl.exe
  C:\Windows\System\TYhpCIl.exe
  2⤵
  PID:6808
- C:\Windows\System\ztuJSyY.exe
  C:\Windows\System\ztuJSyY.exe
  2⤵
  PID:6908
- C:\Windows\System\GkIDmZm.exe
  C:\Windows\System\GkIDmZm.exe
  2⤵
  PID:3012
- C:\Windows\System\mDhgGLi.exe
  C:\Windows\System\mDhgGLi.exe
  2⤵
  PID:6888
- C:\Windows\System\gbAGZhN.exe
  C:\Windows\System\gbAGZhN.exe
  2⤵
  PID:7064
- C:\Windows\System\CYBzOBF.exe
  C:\Windows\System\CYBzOBF.exe
  2⤵
  PID:7100
- C:\Windows\System\WvHOMUJ.exe
  C:\Windows\System\WvHOMUJ.exe
  2⤵
  PID:7104
- C:\Windows\System\SbTSLVm.exe
  C:\Windows\System\SbTSLVm.exe
  2⤵
  PID:6052
- C:\Windows\System\xqnXpGx.exe
  C:\Windows\System\xqnXpGx.exe
  2⤵
  PID:4508
- C:\Windows\System\sbAiqbc.exe
  C:\Windows\System\sbAiqbc.exe
  2⤵
  PID:5344
- C:\Windows\System\JvPfMGK.exe
  C:\Windows\System\JvPfMGK.exe
  2⤵
  PID:1552
- C:\Windows\System\koHDkRU.exe
  C:\Windows\System\koHDkRU.exe
  2⤵
  PID:5188
- C:\Windows\System\rXyLTIn.exe
  C:\Windows\System\rXyLTIn.exe
  2⤵
  PID:6184
- C:\Windows\System\eXOQHZi.exe
  C:\Windows\System\eXOQHZi.exe
  2⤵
  PID:5632
- C:\Windows\System\gQtfzxl.exe
  C:\Windows\System\gQtfzxl.exe
  2⤵
  PID:6380
- C:\Windows\System\zudXPHN.exe
  C:\Windows\System\zudXPHN.exe
  2⤵
  PID:6356
- C:\Windows\System\mpEYpsK.exe
  C:\Windows\System\mpEYpsK.exe
  2⤵
  PID:6384
- C:\Windows\System\vEQjQsN.exe
  C:\Windows\System\vEQjQsN.exe
  2⤵
  PID:6580
- C:\Windows\System\yHowrtK.exe
  C:\Windows\System\yHowrtK.exe
  2⤵
  PID:2844
- C:\Windows\System\OAeSxPI.exe
  C:\Windows\System\OAeSxPI.exe
  2⤵
  PID:6708
- C:\Windows\System\GPXHWGU.exe
  C:\Windows\System\GPXHWGU.exe
  2⤵
  PID:2604
- C:\Windows\System\iNwTxvp.exe
  C:\Windows\System\iNwTxvp.exe
  2⤵
  PID:6944
- C:\Windows\System\duQCnOD.exe
  C:\Windows\System\duQCnOD.exe
  2⤵
  PID:6928
- C:\Windows\System\AvVsnPH.exe
  C:\Windows\System\AvVsnPH.exe
  2⤵
  PID:2576
- C:\Windows\System\KNSDLxv.exe
  C:\Windows\System\KNSDLxv.exe
  2⤵
  PID:936
- C:\Windows\System\XNLWasN.exe
  C:\Windows\System\XNLWasN.exe
  2⤵
  PID:3124
- C:\Windows\System\VfZqIeb.exe
  C:\Windows\System\VfZqIeb.exe
  2⤵
  PID:3016
- C:\Windows\System\ZIgScAK.exe
  C:\Windows\System\ZIgScAK.exe
  2⤵
  PID:2528
- C:\Windows\System\xSrdUYo.exe
  C:\Windows\System\xSrdUYo.exe
  2⤵
  PID:4712
- C:\Windows\System\STvDKGd.exe
  C:\Windows\System\STvDKGd.exe
  2⤵
  PID:5588
- C:\Windows\System\hlZAblh.exe
  C:\Windows\System\hlZAblh.exe
  2⤵
  PID:6228
- C:\Windows\System\WsVDCta.exe
  C:\Windows\System\WsVDCta.exe
  2⤵
  PID:6508
- C:\Windows\System\rwsqpRN.exe
  C:\Windows\System\rwsqpRN.exe
  2⤵
  PID:2520
- C:\Windows\System\llvOwdw.exe
  C:\Windows\System\llvOwdw.exe
  2⤵
  PID:6520
- C:\Windows\System\yqBJirv.exe
  C:\Windows\System\yqBJirv.exe
  2⤵
  PID:6632
- C:\Windows\System\VaHCTpE.exe
  C:\Windows\System\VaHCTpE.exe
  2⤵
  PID:1336
- C:\Windows\System\pZopWSQ.exe
  C:\Windows\System\pZopWSQ.exe
  2⤵
  PID:1616
- C:\Windows\System\gejXkWl.exe
  C:\Windows\System\gejXkWl.exe
  2⤵
  PID:6820
- C:\Windows\System\JDwtuOR.exe
  C:\Windows\System\JDwtuOR.exe
  2⤵
  PID:7024
- C:\Windows\System\OHufGTf.exe
  C:\Windows\System\OHufGTf.exe
  2⤵
  PID:7008
- C:\Windows\System\eCYdMVy.exe
  C:\Windows\System\eCYdMVy.exe
  2⤵
  PID:7044
- C:\Windows\System\hhWBuWE.exe
  C:\Windows\System\hhWBuWE.exe
  2⤵
  PID:6472
- C:\Windows\System\jjoRYjo.exe
  C:\Windows\System\jjoRYjo.exe
  2⤵
  PID:6656
- C:\Windows\System\kdESFzh.exe
  C:\Windows\System\kdESFzh.exe
  2⤵
  PID:2680
- C:\Windows\System\KHGBmwH.exe
  C:\Windows\System\KHGBmwH.exe
  2⤵
  PID:6840
- C:\Windows\System\faSEcsC.exe
  C:\Windows\System\faSEcsC.exe
  2⤵
  PID:2512
- C:\Windows\System\dVqWmSH.exe
  C:\Windows\System\dVqWmSH.exe
  2⤵
  PID:2640
- C:\Windows\System\bfxnueD.exe
  C:\Windows\System\bfxnueD.exe
  2⤵
  PID:2488
- C:\Windows\System\QeKRmJY.exe
  C:\Windows\System\QeKRmJY.exe
  2⤵
  PID:6148
- C:\Windows\System\iZEskPm.exe
  C:\Windows\System\iZEskPm.exe
  2⤵
  PID:1868
- C:\Windows\System\LJeQRQy.exe
  C:\Windows\System\LJeQRQy.exe
  2⤵
  PID:1760
- C:\Windows\System\dIiISin.exe
  C:\Windows\System\dIiISin.exe
  2⤵
  PID:6560
- C:\Windows\System\inUaVpG.exe
  C:\Windows\System\inUaVpG.exe
  2⤵
  PID:316
- C:\Windows\System\iHTMlUS.exe
  C:\Windows\System\iHTMlUS.exe
  2⤵
  PID:2000
- C:\Windows\System\AROgaiT.exe
  C:\Windows\System\AROgaiT.exe
  2⤵
  PID:7180
- C:\Windows\System\PUeKeBo.exe
  C:\Windows\System\PUeKeBo.exe
  2⤵
  PID:7224
- C:\Windows\System\TCXvGMP.exe
  C:\Windows\System\TCXvGMP.exe
  2⤵
  PID:7240
- C:\Windows\System\hRLqHIh.exe
  C:\Windows\System\hRLqHIh.exe
  2⤵
  PID:7256
- C:\Windows\System\gpCcRNf.exe
  C:\Windows\System\gpCcRNf.exe
  2⤵
  PID:7272
- C:\Windows\System\vathnmF.exe
  C:\Windows\System\vathnmF.exe
  2⤵
  PID:7288
- C:\Windows\System\wdsewCr.exe
  C:\Windows\System\wdsewCr.exe
  2⤵
  PID:7308
- C:\Windows\System\vqShzIf.exe
  C:\Windows\System\vqShzIf.exe
  2⤵
  PID:7324
- C:\Windows\System\khaxHHm.exe
  C:\Windows\System\khaxHHm.exe
  2⤵
  PID:7340
- C:\Windows\System\NsjfBXl.exe
  C:\Windows\System\NsjfBXl.exe
  2⤵
  PID:7356
- C:\Windows\System\XIrQaYx.exe
  C:\Windows\System\XIrQaYx.exe
  2⤵
  PID:7372
- C:\Windows\System\wxwignJ.exe
  C:\Windows\System\wxwignJ.exe
  2⤵
  PID:7388
- C:\Windows\System\iQTeYyA.exe
  C:\Windows\System\iQTeYyA.exe
  2⤵
  PID:7404
- C:\Windows\System\toKqmZo.exe
  C:\Windows\System\toKqmZo.exe
  2⤵
  PID:7420
- C:\Windows\System\QpMNtcD.exe
  C:\Windows\System\QpMNtcD.exe
  2⤵
  PID:7436
- C:\Windows\System\BbQgdPR.exe
  C:\Windows\System\BbQgdPR.exe
  2⤵
  PID:7452
- C:\Windows\System\jdDUQgo.exe
  C:\Windows\System\jdDUQgo.exe
  2⤵
  PID:7468
- C:\Windows\System\AxLskOV.exe
  C:\Windows\System\AxLskOV.exe
  2⤵
  PID:7484
- C:\Windows\System\uoKWyIV.exe
  C:\Windows\System\uoKWyIV.exe
  2⤵
  PID:7500
- C:\Windows\System\zuckmzc.exe
  C:\Windows\System\zuckmzc.exe
  2⤵
  PID:7516
- C:\Windows\System\qjZaoHu.exe
  C:\Windows\System\qjZaoHu.exe
  2⤵
  PID:7532
- C:\Windows\System\tdqvLUu.exe
  C:\Windows\System\tdqvLUu.exe
  2⤵
  PID:7548
- C:\Windows\System\iSIjsAp.exe
  C:\Windows\System\iSIjsAp.exe
  2⤵
  PID:7564
- C:\Windows\System\XIUjkVQ.exe
  C:\Windows\System\XIUjkVQ.exe
  2⤵
  PID:7580
- C:\Windows\System\kPovzuo.exe
  C:\Windows\System\kPovzuo.exe
  2⤵
  PID:7596
- C:\Windows\System\Nfyslbw.exe
  C:\Windows\System\Nfyslbw.exe
  2⤵
  PID:7612
- C:\Windows\System\waHvwvg.exe
  C:\Windows\System\waHvwvg.exe
  2⤵
  PID:7628
- C:\Windows\System\BrmFXOO.exe
  C:\Windows\System\BrmFXOO.exe
  2⤵
  PID:7648
- C:\Windows\System\yuqiGZc.exe
  C:\Windows\System\yuqiGZc.exe
  2⤵
  PID:7664
- C:\Windows\System\CADyTNv.exe
  C:\Windows\System\CADyTNv.exe
  2⤵
  PID:7680
- C:\Windows\System\ovQLQNP.exe
  C:\Windows\System\ovQLQNP.exe
  2⤵
  PID:7696
- C:\Windows\System\MzotYfE.exe
  C:\Windows\System\MzotYfE.exe
  2⤵
  PID:7712
- C:\Windows\System\QMOTGpg.exe
  C:\Windows\System\QMOTGpg.exe
  2⤵
  PID:7728
- C:\Windows\System\JAPPouM.exe
  C:\Windows\System\JAPPouM.exe
  2⤵
  PID:7744
- C:\Windows\System\kxExVPT.exe
  C:\Windows\System\kxExVPT.exe
  2⤵
  PID:7760
- C:\Windows\System\VnJciww.exe
  C:\Windows\System\VnJciww.exe
  2⤵
  PID:7776
- C:\Windows\System\pKNzfJt.exe
  C:\Windows\System\pKNzfJt.exe
  2⤵
  PID:7792
- C:\Windows\System\pJsNSKO.exe
  C:\Windows\System\pJsNSKO.exe
  2⤵
  PID:7808
- C:\Windows\System\wBECduV.exe
  C:\Windows\System\wBECduV.exe
  2⤵
  PID:7824
- C:\Windows\System\FyKvGDR.exe
  C:\Windows\System\FyKvGDR.exe
  2⤵
  PID:7840
- C:\Windows\System\acmfZHH.exe
  C:\Windows\System\acmfZHH.exe
  2⤵
  PID:7856
- C:\Windows\System\QixSowR.exe
  C:\Windows\System\QixSowR.exe
  2⤵
  PID:7872
- C:\Windows\System\xkyBxOH.exe
  C:\Windows\System\xkyBxOH.exe
  2⤵
  PID:7888
- C:\Windows\System\dFqEzya.exe
  C:\Windows\System\dFqEzya.exe
  2⤵
  PID:7904
- C:\Windows\System\gAwYTkG.exe
  C:\Windows\System\gAwYTkG.exe
  2⤵
  PID:7920
- C:\Windows\System\FoLmevr.exe
  C:\Windows\System\FoLmevr.exe
  2⤵
  PID:7936
- C:\Windows\System\GtNEpxC.exe
  C:\Windows\System\GtNEpxC.exe
  2⤵
  PID:7952
- C:\Windows\System\zRoxwCF.exe
  C:\Windows\System\zRoxwCF.exe
  2⤵
  PID:7968
- C:\Windows\System\sMWfWeC.exe
  C:\Windows\System\sMWfWeC.exe
  2⤵
  PID:7984
- C:\Windows\System\AWodMOZ.exe
  C:\Windows\System\AWodMOZ.exe
  2⤵
  PID:8000
- C:\Windows\System\FqiykCb.exe
  C:\Windows\System\FqiykCb.exe
  2⤵
  PID:8016
- C:\Windows\System\huphgMQ.exe
  C:\Windows\System\huphgMQ.exe
  2⤵
  PID:8032
- C:\Windows\System\MrkaYGb.exe
  C:\Windows\System\MrkaYGb.exe
  2⤵
  PID:8048
- C:\Windows\System\TholEGB.exe
  C:\Windows\System\TholEGB.exe
  2⤵
  PID:8064
- C:\Windows\System\dHnKEBQ.exe
  C:\Windows\System\dHnKEBQ.exe
  2⤵
  PID:8080
- C:\Windows\System\WmYXMnZ.exe
  C:\Windows\System\WmYXMnZ.exe
  2⤵
  PID:8096
- C:\Windows\System\mqVIzRc.exe
  C:\Windows\System\mqVIzRc.exe
  2⤵
  PID:8112
- C:\Windows\System\DDyeKKz.exe
  C:\Windows\System\DDyeKKz.exe
  2⤵
  PID:8128
- C:\Windows\System\pTHcNpB.exe
  C:\Windows\System\pTHcNpB.exe
  2⤵
  PID:8144
- C:\Windows\System\TnbOvul.exe
  C:\Windows\System\TnbOvul.exe
  2⤵
  PID:8160
- C:\Windows\System\Efseijp.exe
  C:\Windows\System\Efseijp.exe
  2⤵
  PID:8176
- C:\Windows\System\WGvuLya.exe
  C:\Windows\System\WGvuLya.exe
  2⤵
  PID:7132
- C:\Windows\System\xqOhLoS.exe
  C:\Windows\System\xqOhLoS.exe
  2⤵
  PID:2748
- C:\Windows\System\keiAJyY.exe
  C:\Windows\System\keiAJyY.exe
  2⤵
  PID:1028
- C:\Windows\System\GrGZIeS.exe
  C:\Windows\System\GrGZIeS.exe
  2⤵
  PID:2924
- C:\Windows\System\XyWjTlZ.exe
  C:\Windows\System\XyWjTlZ.exe
  2⤵
  PID:7236
- C:\Windows\System\xvUIlkX.exe
  C:\Windows\System\xvUIlkX.exe
  2⤵
  PID:7188
- C:\Windows\System\IYpqRTg.exe
  C:\Windows\System\IYpqRTg.exe
  2⤵
  PID:7204
- C:\Windows\System\kNAmYth.exe
  C:\Windows\System\kNAmYth.exe
  2⤵
  PID:7220
- C:\Windows\System\SXacZdz.exe
  C:\Windows\System\SXacZdz.exe
  2⤵
  PID:7280
- C:\Windows\System\PlLpGBT.exe
  C:\Windows\System\PlLpGBT.exe
  2⤵
  PID:7296
- C:\Windows\System\wwGwqJc.exe
  C:\Windows\System\wwGwqJc.exe
  2⤵
  PID:7348
- C:\Windows\System\mmBiLhj.exe
  C:\Windows\System\mmBiLhj.exe
  2⤵
  PID:7384
- C:\Windows\System\hMExdhZ.exe
  C:\Windows\System\hMExdhZ.exe
  2⤵
  PID:7444
- C:\Windows\System\lzHMWaO.exe
  C:\Windows\System\lzHMWaO.exe
  2⤵
  PID:7508
- C:\Windows\System\DMhXzYJ.exe
  C:\Windows\System\DMhXzYJ.exe
  2⤵
  PID:7572
- C:\Windows\System\OtikUqZ.exe
  C:\Windows\System\OtikUqZ.exe
  2⤵
  PID:7636
- C:\Windows\System\JPFkiRC.exe
  C:\Windows\System\JPFkiRC.exe
  2⤵
  PID:7704
- C:\Windows\System\enVOvVz.exe
  C:\Windows\System\enVOvVz.exe
  2⤵
  PID:7364
- C:\Windows\System\ATjEzko.exe
  C:\Windows\System\ATjEzko.exe
  2⤵
  PID:7688
- C:\Windows\System\JmfqUdv.exe
  C:\Windows\System\JmfqUdv.exe
  2⤵
  PID:7460
- C:\Windows\System\mlfoPKu.exe
  C:\Windows\System\mlfoPKu.exe
  2⤵
  PID:7524
- C:\Windows\System\KpQwIvi.exe
  C:\Windows\System\KpQwIvi.exe
  2⤵
  PID:7588
- C:\Windows\System\jpmbKzo.exe
  C:\Windows\System\jpmbKzo.exe
  2⤵
  PID:7692
- C:\Windows\System\bQrItvc.exe
  C:\Windows\System\bQrItvc.exe
  2⤵
  PID:7740
- C:\Windows\System\ERfyCAl.exe
  C:\Windows\System\ERfyCAl.exe
  2⤵
  PID:7800
- C:\Windows\System\uLfpfHx.exe
  C:\Windows\System\uLfpfHx.exe
  2⤵
  PID:7864
- C:\Windows\System\QPOQvQJ.exe
  C:\Windows\System\QPOQvQJ.exe
  2⤵
  PID:7932
- C:\Windows\System\mhzEmQx.exe
  C:\Windows\System\mhzEmQx.exe
  2⤵
  PID:7996
- C:\Windows\System\fmEWMGl.exe
  C:\Windows\System\fmEWMGl.exe
  2⤵
  PID:8056
- C:\Windows\System\UVpliUM.exe
  C:\Windows\System\UVpliUM.exe
  2⤵
  PID:8156
- C:\Windows\System\QVDHLyL.exe
  C:\Windows\System\QVDHLyL.exe
  2⤵
  PID:8188
- C:\Windows\System\eksTSMt.exe
  C:\Windows\System\eksTSMt.exe
  2⤵
  PID:7176
- C:\Windows\System\oYHiBrz.exe
  C:\Windows\System\oYHiBrz.exe
  2⤵
  PID:7976
- C:\Windows\System\ckaNRcc.exe
  C:\Windows\System\ckaNRcc.exe
  2⤵
  PID:7784
- C:\Windows\System\eyWmoym.exe
  C:\Windows\System\eyWmoym.exe
  2⤵
  PID:7852
- C:\Windows\System\VirUNpp.exe
  C:\Windows\System\VirUNpp.exe
  2⤵
  PID:7944
- C:\Windows\System\WHBtqcx.exe
  C:\Windows\System\WHBtqcx.exe
  2⤵
  PID:8044
- C:\Windows\System\iIIYmuP.exe
  C:\Windows\System\iIIYmuP.exe
  2⤵
  PID:8108
- C:\Windows\System\lHOHadX.exe
  C:\Windows\System\lHOHadX.exe
  2⤵
  PID:2692
- C:\Windows\System\Zndukuu.exe
  C:\Windows\System\Zndukuu.exe
  2⤵
  PID:6544
- C:\Windows\System\unLrYhs.exe
  C:\Windows\System\unLrYhs.exe
  2⤵
  PID:7412
- C:\Windows\System\OBNyzbY.exe
  C:\Windows\System\OBNyzbY.exe
  2⤵
  PID:6884
- C:\Windows\System\srSAAjH.exe
  C:\Windows\System\srSAAjH.exe
  2⤵
  PID:7428
- C:\Windows\System\CeEeyLk.exe
  C:\Windows\System\CeEeyLk.exe
  2⤵
  PID:7492
- C:\Windows\System\WhuvwaC.exe
  C:\Windows\System\WhuvwaC.exe
  2⤵
  PID:7848
- C:\Windows\System\aOUkUoP.exe
  C:\Windows\System\aOUkUoP.exe
  2⤵
  PID:7380
- C:\Windows\System\PQFJtFy.exe
  C:\Windows\System\PQFJtFy.exe
  2⤵
  PID:7624
- C:\Windows\System\dncNOAN.exe
  C:\Windows\System\dncNOAN.exe
  2⤵
  PID:7656
- C:\Windows\System\udanAZK.exe
  C:\Windows\System\udanAZK.exe
  2⤵
  PID:7432
- C:\Windows\System\vrKImqY.exe
  C:\Windows\System\vrKImqY.exe
  2⤵
  PID:7724
- C:\Windows\System\WhZVOVn.exe
  C:\Windows\System\WhZVOVn.exe
  2⤵
  PID:8120
- C:\Windows\System\RlidmAj.exe
  C:\Windows\System\RlidmAj.exe
  2⤵
  PID:7756
- C:\Windows\System\KivuMjG.exe
  C:\Windows\System\KivuMjG.exe
  2⤵
  PID:7196
- C:\Windows\System\JJjOTDs.exe
  C:\Windows\System\JJjOTDs.exe
  2⤵
  PID:8012
- C:\Windows\System\STbppQQ.exe
  C:\Windows\System\STbppQQ.exe
  2⤵
  PID:7316
- C:\Windows\System\JJMQqvI.exe
  C:\Windows\System\JJMQqvI.exe
  2⤵
  PID:1392
- C:\Windows\System\VlTRPfH.exe
  C:\Windows\System\VlTRPfH.exe
  2⤵
  PID:8092
- C:\Windows\System\RFYVoaI.exe
  C:\Windows\System\RFYVoaI.exe
  2⤵
  PID:7912
- C:\Windows\System\kXTfmqf.exe
  C:\Windows\System\kXTfmqf.exe
  2⤵
  PID:7544
- C:\Windows\System\gCaPwpY.exe
  C:\Windows\System\gCaPwpY.exe
  2⤵
  PID:7480
- C:\Windows\System\rcxsAMm.exe
  C:\Windows\System\rcxsAMm.exe
  2⤵
  PID:8028
- C:\Windows\System\raqCvra.exe
  C:\Windows\System\raqCvra.exe
  2⤵
  PID:8172
- C:\Windows\System\dQFluCY.exe
  C:\Windows\System\dQFluCY.exe
  2⤵
  PID:8076
- C:\Windows\System\OHPlhCb.exe
  C:\Windows\System\OHPlhCb.exe
  2⤵
  PID:7640
- C:\Windows\System\wfSZDja.exe
  C:\Windows\System\wfSZDja.exe
  2⤵
  PID:7816
- C:\Windows\System\fSwWCCR.exe
  C:\Windows\System\fSwWCCR.exe
  2⤵
  PID:7400
- C:\Windows\System\uReRaGF.exe
  C:\Windows\System\uReRaGF.exe
  2⤵
  PID:8204
- C:\Windows\System\tMoazWe.exe
  C:\Windows\System\tMoazWe.exe
  2⤵
  PID:8220
- C:\Windows\System\QhzRuJI.exe
  C:\Windows\System\QhzRuJI.exe
  2⤵
  PID:8236
- C:\Windows\System\YssZlSf.exe
  C:\Windows\System\YssZlSf.exe
  2⤵
  PID:8252
- C:\Windows\System\pHNuSXQ.exe
  C:\Windows\System\pHNuSXQ.exe
  2⤵
  PID:8272
- C:\Windows\System\UKrimsR.exe
  C:\Windows\System\UKrimsR.exe
  2⤵
  PID:8288
- C:\Windows\System\BwjDzJv.exe
  C:\Windows\System\BwjDzJv.exe
  2⤵
  PID:8304
- C:\Windows\System\NdmaFjl.exe
  C:\Windows\System\NdmaFjl.exe
  2⤵
  PID:8320
- C:\Windows\System\AoWsqoL.exe
  C:\Windows\System\AoWsqoL.exe
  2⤵
  PID:8336
- C:\Windows\System\OZfCird.exe
  C:\Windows\System\OZfCird.exe
  2⤵
  PID:8352
- C:\Windows\System\QqFlces.exe
  C:\Windows\System\QqFlces.exe
  2⤵
  PID:8368
- C:\Windows\System\UJBPhAI.exe
  C:\Windows\System\UJBPhAI.exe
  2⤵
  PID:8384
- C:\Windows\System\UjlJUfX.exe
  C:\Windows\System\UjlJUfX.exe
  2⤵
  PID:8400
- C:\Windows\System\traIRpZ.exe
  C:\Windows\System\traIRpZ.exe
  2⤵
  PID:8416
- C:\Windows\System\HePCOim.exe
  C:\Windows\System\HePCOim.exe
  2⤵
  PID:8432
- C:\Windows\System\FEutmqp.exe
  C:\Windows\System\FEutmqp.exe
  2⤵
  PID:8448
- C:\Windows\System\HsTJhoO.exe
  C:\Windows\System\HsTJhoO.exe
  2⤵
  PID:8464
- C:\Windows\System\ZdMUrbP.exe
  C:\Windows\System\ZdMUrbP.exe
  2⤵
  PID:8480
- C:\Windows\System\XRMGfGT.exe
  C:\Windows\System\XRMGfGT.exe
  2⤵
  PID:8496
- C:\Windows\System\LOAbdfY.exe
  C:\Windows\System\LOAbdfY.exe
  2⤵
  PID:8512
- C:\Windows\System\ezrpmtB.exe
  C:\Windows\System\ezrpmtB.exe
  2⤵
  PID:8532
- C:\Windows\System\biFXUew.exe
  C:\Windows\System\biFXUew.exe
  2⤵
  PID:8548
- C:\Windows\System\gRcKxQR.exe
  C:\Windows\System\gRcKxQR.exe
  2⤵
  PID:8564
- C:\Windows\System\lNLqzho.exe
  C:\Windows\System\lNLqzho.exe
  2⤵
  PID:8580
- C:\Windows\System\MzhLgCc.exe
  C:\Windows\System\MzhLgCc.exe
  2⤵
  PID:8604
- C:\Windows\System\RToZVai.exe
  C:\Windows\System\RToZVai.exe
  2⤵
  PID:8620
- C:\Windows\System\ViTTNom.exe
  C:\Windows\System\ViTTNom.exe
  2⤵
  PID:8636
- C:\Windows\System\GxlfQeg.exe
  C:\Windows\System\GxlfQeg.exe
  2⤵
  PID:8652
- C:\Windows\System\yiOWNik.exe
  C:\Windows\System\yiOWNik.exe
  2⤵
  PID:8896
- C:\Windows\System\xivtcaU.exe
  C:\Windows\System\xivtcaU.exe
  2⤵
  PID:8924
- C:\Windows\System\fqKeDmY.exe
  C:\Windows\System\fqKeDmY.exe
  2⤵
  PID:8940
- C:\Windows\System\hPxFbWt.exe
  C:\Windows\System\hPxFbWt.exe
  2⤵
  PID:8956
- C:\Windows\System\kunlXEa.exe
  C:\Windows\System\kunlXEa.exe
  2⤵
  PID:8972
- C:\Windows\System\HCCFHOb.exe
  C:\Windows\System\HCCFHOb.exe
  2⤵
  PID:8988
- C:\Windows\System\mrsomBT.exe
  C:\Windows\System\mrsomBT.exe
  2⤵
  PID:9004
- C:\Windows\System\TanrcjA.exe
  C:\Windows\System\TanrcjA.exe
  2⤵
  PID:9020
- C:\Windows\System\PHpFFTr.exe
  C:\Windows\System\PHpFFTr.exe
  2⤵
  PID:9036
- C:\Windows\System\MEirCfl.exe
  C:\Windows\System\MEirCfl.exe
  2⤵
  PID:9052
- C:\Windows\System\tzJqFxl.exe
  C:\Windows\System\tzJqFxl.exe
  2⤵
  PID:9068
- C:\Windows\System\EeHkvXO.exe
  C:\Windows\System\EeHkvXO.exe
  2⤵
  PID:9084
- C:\Windows\System\ipqAneM.exe
  C:\Windows\System\ipqAneM.exe
  2⤵
  PID:9104
- C:\Windows\System\KXCwTIb.exe
  C:\Windows\System\KXCwTIb.exe
  2⤵
  PID:9120
- C:\Windows\System\LVEyZKy.exe
  C:\Windows\System\LVEyZKy.exe
  2⤵
  PID:9140
- C:\Windows\System\vYIkXvr.exe
  C:\Windows\System\vYIkXvr.exe
  2⤵
  PID:9156
- C:\Windows\System\zqKXKcK.exe
  C:\Windows\System\zqKXKcK.exe
  2⤵
  PID:9172
- C:\Windows\System\ikYAuXy.exe
  C:\Windows\System\ikYAuXy.exe
  2⤵
  PID:9188
- C:\Windows\System\lSovhhS.exe
  C:\Windows\System\lSovhhS.exe
  2⤵
  PID:9204
- C:\Windows\System\PNTyQvg.exe
  C:\Windows\System\PNTyQvg.exe
  2⤵
  PID:8196
- C:\Windows\System\kzbftSp.exe
  C:\Windows\System\kzbftSp.exe
  2⤵
  PID:7556
- C:\Windows\System\EUpPBuy.exe
  C:\Windows\System\EUpPBuy.exe
  2⤵
  PID:8228
- C:\Windows\System\fPeeZkN.exe
  C:\Windows\System\fPeeZkN.exe
  2⤵
  PID:8300
- C:\Windows\System\bXzDmOO.exe
  C:\Windows\System\bXzDmOO.exe
  2⤵
  PID:8360
- C:\Windows\System\JmLKjgN.exe
  C:\Windows\System\JmLKjgN.exe
  2⤵
  PID:8328
- C:\Windows\System\VQttyTY.exe
  C:\Windows\System\VQttyTY.exe
  2⤵
  PID:8488
- C:\Windows\System\YIpNRgF.exe
  C:\Windows\System\YIpNRgF.exe
  2⤵
  PID:8528
- C:\Windows\System\IrqTZBH.exe
  C:\Windows\System\IrqTZBH.exe
  2⤵
  PID:8596
- C:\Windows\System\yNqVyMI.exe
  C:\Windows\System\yNqVyMI.exe
  2⤵
  PID:8632
- C:\Windows\System\sZGyxzC.exe
  C:\Windows\System\sZGyxzC.exe
  2⤵
  PID:8212
- C:\Windows\System\qHgvUCg.exe
  C:\Windows\System\qHgvUCg.exe
  2⤵
  PID:8168
- C:\Windows\System\sVbxoZU.exe
  C:\Windows\System\sVbxoZU.exe
  2⤵
  PID:7832
- C:\Windows\System\ZBeXpOY.exe
  C:\Windows\System\ZBeXpOY.exe
  2⤵
  PID:8216
- C:\Windows\System\DoCXqzg.exe
  C:\Windows\System\DoCXqzg.exe
  2⤵
  PID:8316
- C:\Windows\System\wrMrGhf.exe
  C:\Windows\System\wrMrGhf.exe
  2⤵
  PID:8380
- C:\Windows\System\Jrjxnvv.exe
  C:\Windows\System\Jrjxnvv.exe
  2⤵
  PID:8444
- C:\Windows\System\PKihdOV.exe
  C:\Windows\System\PKihdOV.exe
  2⤵
  PID:8508
- C:\Windows\System\GodjFEq.exe
  C:\Windows\System\GodjFEq.exe
  2⤵
  PID:8612
- C:\Windows\System\kBsumYy.exe
  C:\Windows\System\kBsumYy.exe
  2⤵
  PID:8684
- C:\Windows\System\iUienNc.exe
  C:\Windows\System\iUienNc.exe
  2⤵
  PID:8720
- C:\Windows\System\nwwfjjp.exe
  C:\Windows\System\nwwfjjp.exe
  2⤵
  PID:8736
- C:\Windows\System\PMyMpvX.exe
  C:\Windows\System\PMyMpvX.exe
  2⤵
  PID:8756
- C:\Windows\System\HUWWoxT.exe
  C:\Windows\System\HUWWoxT.exe
  2⤵
  PID:8772
- C:\Windows\System\zPatpdm.exe
  C:\Windows\System\zPatpdm.exe
  2⤵
  PID:8788
- C:\Windows\System\oQWPkHu.exe
  C:\Windows\System\oQWPkHu.exe
  2⤵
  PID:8816
- C:\Windows\System\DUMDMXQ.exe
  C:\Windows\System\DUMDMXQ.exe
  2⤵
  PID:8856
- C:\Windows\System\TlTrgbh.exe
  C:\Windows\System\TlTrgbh.exe
  2⤵
  PID:8876
- C:\Windows\System\ATzfvsH.exe
  C:\Windows\System\ATzfvsH.exe
  2⤵
  PID:8892
- C:\Windows\System\LUrvarJ.exe
  C:\Windows\System\LUrvarJ.exe
  2⤵
  PID:8708
- C:\Windows\System\EiaacMf.exe
  C:\Windows\System\EiaacMf.exe
  2⤵
  PID:8692
- C:\Windows\System\LoExiBC.exe
  C:\Windows\System\LoExiBC.exe
  2⤵
  PID:8808
- C:\Windows\System\zFQTbnj.exe
  C:\Windows\System\zFQTbnj.exe
  2⤵
  PID:9032
- C:\Windows\System\dqrIWTz.exe
  C:\Windows\System\dqrIWTz.exe
  2⤵
  PID:9000
- C:\Windows\System\yAxKSOH.exe
  C:\Windows\System\yAxKSOH.exe
  2⤵
  PID:8916
- C:\Windows\System\IDZKVUV.exe
  C:\Windows\System\IDZKVUV.exe
  2⤵
  PID:9164
- C:\Windows\System\NdvSCcK.exe
  C:\Windows\System\NdvSCcK.exe
  2⤵
  PID:8904
- C:\Windows\System\hEGvVQS.exe
  C:\Windows\System\hEGvVQS.exe
  2⤵
  PID:9012
- C:\Windows\System\vOBxcoI.exe
  C:\Windows\System\vOBxcoI.exe
  2⤵
  PID:9044
- C:\Windows\System\GTWjrrt.exe
  C:\Windows\System\GTWjrrt.exe
  2⤵
  PID:9116
- C:\Windows\System\wkHcVyG.exe
  C:\Windows\System\wkHcVyG.exe
  2⤵
  PID:9184
- C:\Windows\System\gARorEa.exe
  C:\Windows\System\gARorEa.exe
  2⤵
  PID:7736
- C:\Windows\System\WDjCMKY.exe
  C:\Windows\System\WDjCMKY.exe
  2⤵
  PID:8456
- C:\Windows\System\mHCljth.exe
  C:\Windows\System\mHCljth.exe
  2⤵
  PID:8312
- C:\Windows\System\JzAmVRw.exe
  C:\Windows\System\JzAmVRw.exe
  2⤵
  PID:8348
- C:\Windows\System\kOoREzD.exe
  C:\Windows\System\kOoREzD.exe
  2⤵
  PID:8332
- C:\Windows\System\XZfyTzG.exe
  C:\Windows\System\XZfyTzG.exe
  2⤵
  PID:8592
- C:\Windows\System\kIkXwPN.exe
  C:\Windows\System\kIkXwPN.exe
  2⤵
  PID:8280
- C:\Windows\System\dOIrGzr.exe
  C:\Windows\System\dOIrGzr.exe
  2⤵
  PID:8412
- C:\Windows\System\doyqyRV.exe
  C:\Windows\System\doyqyRV.exe
  2⤵
  PID:8576
- C:\Windows\System\PGsbogW.exe
  C:\Windows\System\PGsbogW.exe
  2⤵
  PID:8728
- C:\Windows\System\iggSnpV.exe
  C:\Windows\System\iggSnpV.exe
  2⤵
  PID:8716
- C:\Windows\System\pAtmscR.exe
  C:\Windows\System\pAtmscR.exe
  2⤵
  PID:8784
- C:\Windows\System\SyLbQLE.exe
  C:\Windows\System\SyLbQLE.exe
  2⤵
  PID:8812
- C:\Windows\System\vPDSiXX.exe
  C:\Windows\System\vPDSiXX.exe
  2⤵
  PID:8840
- C:\Windows\System\layWqeA.exe
  C:\Windows\System\layWqeA.exe
  2⤵
  PID:8868
- C:\Windows\System\WwNgwKa.exe
  C:\Windows\System\WwNgwKa.exe
  2⤵
  PID:8888
- C:\Windows\System\sJzOPYY.exe
  C:\Windows\System\sJzOPYY.exe
  2⤵
  PID:8920
- C:\Windows\System\pgejjHx.exe
  C:\Windows\System\pgejjHx.exe
  2⤵
  PID:8996
- C:\Windows\System\cWPjcid.exe
  C:\Windows\System\cWPjcid.exe
  2⤵
  PID:9200
- C:\Windows\System\PlyYBfY.exe
  C:\Windows\System\PlyYBfY.exe
  2⤵
  PID:9064
- C:\Windows\System\gPtJDFW.exe
  C:\Windows\System\gPtJDFW.exe
  2⤵
  PID:8664
- C:\Windows\System\PFhRAUx.exe
  C:\Windows\System\PFhRAUx.exe
  2⤵
  PID:9152
- C:\Windows\System\BRILXiy.exe
  C:\Windows\System\BRILXiy.exe
  2⤵
  PID:9112
- C:\Windows\System\nVizYeG.exe
  C:\Windows\System\nVizYeG.exe
  2⤵
  PID:8628
- C:\Windows\System\ulqcvvA.exe
  C:\Windows\System\ulqcvvA.exe
  2⤵
  PID:7608
- C:\Windows\System\kbbCXmQ.exe
  C:\Windows\System\kbbCXmQ.exe
  2⤵
  PID:7264
- C:\Windows\System\vRujMdT.exe
  C:\Windows\System\vRujMdT.exe
  2⤵
  PID:8544
- C:\Windows\System\uYRoJZg.exe
  C:\Windows\System\uYRoJZg.exe
  2⤵
  PID:988
- C:\Windows\System\WFhakmz.exe
  C:\Windows\System\WFhakmz.exe
  2⤵
  PID:8764
- C:\Windows\System\dUTIDrr.exe
  C:\Windows\System\dUTIDrr.exe
  2⤵
  PID:8848
- C:\Windows\System\xuhWnTf.exe
  C:\Windows\System\xuhWnTf.exe
  2⤵
  PID:8752
- C:\Windows\System\CHFiYoo.exe
  C:\Windows\System\CHFiYoo.exe
  2⤵
  PID:8836
- C:\Windows\System\AhaprFz.exe
  C:\Windows\System\AhaprFz.exe
  2⤵
  PID:9092
- C:\Windows\System\yfZBRdc.exe
  C:\Windows\System\yfZBRdc.exe
  2⤵
  PID:9080
- C:\Windows\System\tDLdhbc.exe
  C:\Windows\System\tDLdhbc.exe
  2⤵
  PID:9212
- C:\Windows\System\FaYoeFz.exe
  C:\Windows\System\FaYoeFz.exe
  2⤵
  PID:7336
- C:\Windows\System\fxNijAR.exe
  C:\Windows\System\fxNijAR.exe
  2⤵
  PID:8936
- C:\Windows\System\fCefcsH.exe
  C:\Windows\System\fCefcsH.exe
  2⤵
  PID:8396
- C:\Windows\System\CmtlFwR.exe
  C:\Windows\System\CmtlFwR.exe
  2⤵
  PID:8376
- C:\Windows\System\bRnyhcX.exe
  C:\Windows\System\bRnyhcX.exe
  2⤵
  PID:8780
- C:\Windows\System\cULrmxf.exe
  C:\Windows\System\cULrmxf.exe
  2⤵
  PID:9132
- C:\Windows\System\VwcAqXD.exe
  C:\Windows\System\VwcAqXD.exe
  2⤵
  PID:7960
- C:\Windows\System\kPyFhmL.exe
  C:\Windows\System\kPyFhmL.exe
  2⤵
  PID:9228
- C:\Windows\System\xzPzita.exe
  C:\Windows\System\xzPzita.exe
  2⤵
  PID:9244
- C:\Windows\System\vkpHspi.exe
  C:\Windows\System\vkpHspi.exe
  2⤵
  PID:9260
- C:\Windows\System\GsCRGch.exe
  C:\Windows\System\GsCRGch.exe
  2⤵
  PID:9276
- C:\Windows\System\mvoRlLA.exe
  C:\Windows\System\mvoRlLA.exe
  2⤵
  PID:9292
- C:\Windows\System\JirCIBS.exe
  C:\Windows\System\JirCIBS.exe
  2⤵
  PID:9308
- C:\Windows\System\kuDwgBH.exe
  C:\Windows\System\kuDwgBH.exe
  2⤵
  PID:9324
- C:\Windows\System\eGopDoD.exe
  C:\Windows\System\eGopDoD.exe
  2⤵
  PID:9340
- C:\Windows\System\WlazdGN.exe
  C:\Windows\System\WlazdGN.exe
  2⤵
  PID:9360
- C:\Windows\System\TLzqpdC.exe
  C:\Windows\System\TLzqpdC.exe
  2⤵
  PID:9376
- C:\Windows\System\LpcBPNQ.exe
  C:\Windows\System\LpcBPNQ.exe
  2⤵
  PID:9392
- C:\Windows\System\uavLZdw.exe
  C:\Windows\System\uavLZdw.exe
  2⤵
  PID:9408
- C:\Windows\System\YZHrhIq.exe
  C:\Windows\System\YZHrhIq.exe
  2⤵
  PID:9424
- C:\Windows\System\NTDCyiS.exe
  C:\Windows\System\NTDCyiS.exe
  2⤵
  PID:9440
- C:\Windows\System\zVAqgie.exe
  C:\Windows\System\zVAqgie.exe
  2⤵
  PID:9456
- C:\Windows\System\pLAxEiw.exe
  C:\Windows\System\pLAxEiw.exe
  2⤵
  PID:9472
- C:\Windows\System\dWzcxqP.exe
  C:\Windows\System\dWzcxqP.exe
  2⤵
  PID:9488
- C:\Windows\System\eIhtSOR.exe
  C:\Windows\System\eIhtSOR.exe
  2⤵
  PID:9504
- C:\Windows\System\jokKoUU.exe
  C:\Windows\System\jokKoUU.exe
  2⤵
  PID:9520
- C:\Windows\System\rKUFHRu.exe
  C:\Windows\System\rKUFHRu.exe
  2⤵
  PID:9536
- C:\Windows\System\hlMPNKO.exe
  C:\Windows\System\hlMPNKO.exe
  2⤵
  PID:9552
- C:\Windows\System\GUAtNHD.exe
  C:\Windows\System\GUAtNHD.exe
  2⤵
  PID:9568
- C:\Windows\System\LOloSkT.exe
  C:\Windows\System\LOloSkT.exe
  2⤵
  PID:9584
- C:\Windows\System\dfxrGjO.exe
  C:\Windows\System\dfxrGjO.exe
  2⤵
  PID:9600
- C:\Windows\System\DFKKjqG.exe
  C:\Windows\System\DFKKjqG.exe
  2⤵
  PID:9616
- C:\Windows\System\VAulOJZ.exe
  C:\Windows\System\VAulOJZ.exe
  2⤵
  PID:9632
- C:\Windows\System\NBFLCyC.exe
  C:\Windows\System\NBFLCyC.exe
  2⤵
  PID:9648
- C:\Windows\System\utbRYfD.exe
  C:\Windows\System\utbRYfD.exe
  2⤵
  PID:9664
- C:\Windows\System\rREndsT.exe
  C:\Windows\System\rREndsT.exe
  2⤵
  PID:9680
- C:\Windows\System\ADoXvDJ.exe
  C:\Windows\System\ADoXvDJ.exe
  2⤵
  PID:9696
- C:\Windows\System\RChtwdv.exe
  C:\Windows\System\RChtwdv.exe
  2⤵
  PID:9712
- C:\Windows\System\EhFYysJ.exe
  C:\Windows\System\EhFYysJ.exe
  2⤵
  PID:9728
- C:\Windows\System\FewyKZx.exe
  C:\Windows\System\FewyKZx.exe
  2⤵
  PID:9744
- C:\Windows\System\BsZJliP.exe
  C:\Windows\System\BsZJliP.exe
  2⤵
  PID:9760
- C:\Windows\System\jUUWLnB.exe
  C:\Windows\System\jUUWLnB.exe
  2⤵
  PID:9776
- C:\Windows\System\aDpYwis.exe
  C:\Windows\System\aDpYwis.exe
  2⤵
  PID:9792
- C:\Windows\System\PJhBndf.exe
  C:\Windows\System\PJhBndf.exe
  2⤵
  PID:9808
- C:\Windows\System\oEMusoC.exe
  C:\Windows\System\oEMusoC.exe
  2⤵
  PID:9824
- C:\Windows\System\tdICOte.exe
  C:\Windows\System\tdICOte.exe
  2⤵
  PID:9840
- C:\Windows\System\tjNjLKF.exe
  C:\Windows\System\tjNjLKF.exe
  2⤵
  PID:9856
- C:\Windows\System\ZJOfkCK.exe
  C:\Windows\System\ZJOfkCK.exe
  2⤵
  PID:9872
- C:\Windows\System\odYnXtt.exe
  C:\Windows\System\odYnXtt.exe
  2⤵
  PID:9888
- C:\Windows\System\HzYyYzX.exe
  C:\Windows\System\HzYyYzX.exe
  2⤵
  PID:9904
- C:\Windows\System\vQWcDqs.exe
  C:\Windows\System\vQWcDqs.exe
  2⤵
  PID:9920
- C:\Windows\System\bsKMAXj.exe
  C:\Windows\System\bsKMAXj.exe
  2⤵
  PID:9936
- C:\Windows\System\POxtyNv.exe
  C:\Windows\System\POxtyNv.exe
  2⤵
  PID:9952
- C:\Windows\System\oNlOtTL.exe
  C:\Windows\System\oNlOtTL.exe
  2⤵
  PID:9968
- C:\Windows\System\ecXIJmM.exe
  C:\Windows\System\ecXIJmM.exe
  2⤵
  PID:9984
- C:\Windows\System\UVKKgIA.exe
  C:\Windows\System\UVKKgIA.exe
  2⤵
  PID:10000
- C:\Windows\System\AgKtrOn.exe
  C:\Windows\System\AgKtrOn.exe
  2⤵
  PID:10016
- C:\Windows\System\QCWDwMC.exe
  C:\Windows\System\QCWDwMC.exe
  2⤵
  PID:10032
- C:\Windows\System\ptZMKWw.exe
  C:\Windows\System\ptZMKWw.exe
  2⤵
  PID:10048
- C:\Windows\System\XIXWwne.exe
  C:\Windows\System\XIXWwne.exe
  2⤵
  PID:10064
- C:\Windows\System\dwkogSr.exe
  C:\Windows\System\dwkogSr.exe
  2⤵
  PID:10080
- C:\Windows\System\lqvEGdV.exe
  C:\Windows\System\lqvEGdV.exe
  2⤵
  PID:10096
- C:\Windows\System\aQTQVRj.exe
  C:\Windows\System\aQTQVRj.exe
  2⤵
  PID:10112
- C:\Windows\System\wnPBEaf.exe
  C:\Windows\System\wnPBEaf.exe
  2⤵
  PID:10128
- C:\Windows\System\RzmCDxX.exe
  C:\Windows\System\RzmCDxX.exe
  2⤵
  PID:10144
- C:\Windows\System\yknxFjK.exe
  C:\Windows\System\yknxFjK.exe
  2⤵
  PID:10160
- C:\Windows\System\fpykYoZ.exe
  C:\Windows\System\fpykYoZ.exe
  2⤵
  PID:10176
- C:\Windows\System\JkEoQEP.exe
  C:\Windows\System\JkEoQEP.exe
  2⤵
  PID:10192
- C:\Windows\System\RUzZFjq.exe
  C:\Windows\System\RUzZFjq.exe
  2⤵
  PID:10208
- C:\Windows\System\tfgDUys.exe
  C:\Windows\System\tfgDUys.exe
  2⤵
  PID:10224
- C:\Windows\System\RWiCDfA.exe
  C:\Windows\System\RWiCDfA.exe
  2⤵
  PID:9220
- C:\Windows\System\DWJiofy.exe
  C:\Windows\System\DWJiofy.exe
  2⤵
  PID:9284
- C:\Windows\System\dhOIYuw.exe
  C:\Windows\System\dhOIYuw.exe
  2⤵
  PID:8912
- C:\Windows\System\RABcBAb.exe
  C:\Windows\System\RABcBAb.exe
  2⤵
  PID:9388
- C:\Windows\System\MQGbAYV.exe
  C:\Windows\System\MQGbAYV.exe
  2⤵
  PID:9480
- C:\Windows\System\LhctxSd.exe
  C:\Windows\System\LhctxSd.exe
  2⤵
  PID:8476
- C:\Windows\System\aWZhYdF.exe
  C:\Windows\System\aWZhYdF.exe
  2⤵
  PID:9268
- C:\Windows\System\TNBLNKC.exe
  C:\Windows\System\TNBLNKC.exe
  2⤵
  PID:9236
- C:\Windows\System\LjWqohb.exe
  C:\Windows\System\LjWqohb.exe
  2⤵
  PID:9304
- C:\Windows\System\JydidZP.exe
  C:\Windows\System\JydidZP.exe
  2⤵
  PID:9400
- C:\Windows\System\HXJafvd.exe
  C:\Windows\System\HXJafvd.exe
  2⤵
  PID:9468
- C:\Windows\System\kgEawzf.exe
  C:\Windows\System\kgEawzf.exe
  2⤵
  PID:9484
- C:\Windows\System\cjVpHqI.exe
  C:\Windows\System\cjVpHqI.exe
  2⤵
  PID:9548
- C:\Windows\System\fNtabQv.exe
  C:\Windows\System\fNtabQv.exe
  2⤵
  PID:9640
- C:\Windows\System\KeGIuQN.exe
  C:\Windows\System\KeGIuQN.exe
  2⤵
  PID:9676
- C:\Windows\System\MduNnMD.exe
  C:\Windows\System\MduNnMD.exe
  2⤵
  PID:9740
- C:\Windows\System\WoxbKXi.exe
  C:\Windows\System\WoxbKXi.exe
  2⤵
  PID:9832
- C:\Windows\System\dSuhOPL.exe
  C:\Windows\System\dSuhOPL.exe
  2⤵
  PID:9560
- C:\Windows\System\ImRkuBw.exe
  C:\Windows\System\ImRkuBw.exe
  2⤵
  PID:9900
- C:\Windows\System\KPlFWeD.exe
  C:\Windows\System\KPlFWeD.exe
  2⤵
  PID:9592
- C:\Windows\System\iIVPqdj.exe
  C:\Windows\System\iIVPqdj.exe
  2⤵
  PID:10028
- C:\Windows\System\XKcrKuY.exe
  C:\Windows\System\XKcrKuY.exe
  2⤵
  PID:9624
- C:\Windows\System\FRaceue.exe
  C:\Windows\System\FRaceue.exe
  2⤵
  PID:10120
- C:\Windows\System\GJiKoIC.exe
  C:\Windows\System\GJiKoIC.exe
  2⤵
  PID:10184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AMUDbGV.exe

Filesize
6.0MB

MD5
d3175102d92ccb0335ee93420889185e

SHA1
4443f83e04b34b1ee0d121ad5a65f350be1d7b99

SHA256
9f36129b231f1a37ec653a77e473e78e27561ba1ba6b5c5bc830889a8b29099b

SHA512
3365e39cce8d03a5435a78224a9c38a874c2618c33596db3e1a8a16216241b04811329bddf474acc3c094db3f920a797d77349fc5c3d2a929f37a709983f83cd

Download Submit
C:\Windows\system\AavpnyR.exe

Filesize
6.0MB

MD5
01399ed8f0be02d24c5edf566802b002

SHA1
f1c69c9744329d8df47a124af0570a8d297f2155

SHA256
339f890dd2c6866b56c7e05a6bd2d884bec98687cbe46f4b99891a06f542ca98

SHA512
352b48895e14602df0a5eb018ea5b0e79219f2fdbbe0f1ec3f7ad6dbb627e39b32981374f7fc983a6b891945d5c0040868add524ebb256bc8105efa6e216b539

Download Submit
C:\Windows\system\AlHhqGp.exe

Filesize
6.0MB

MD5
8d260fd4920c31ee2a804b9cd27a5572

SHA1
3dcd4ee5148f1e8ef09d3475af491be9708a08f3

SHA256
6ec77db6296d54325b6df2b9c807f632e3651f25b194c6c323f1a94b16ad9f05

SHA512
b736420c2079f29139081bfd5016bc8f82ee6de7528bd09180eb526b1e371ec25ff315114b4b8964404b899da95bb546bfffd7ce614a12781fbf2838428f6ec5

Download Submit
C:\Windows\system\HVOEHOs.exe

Filesize
6.0MB

MD5
a4358147a768209493e0f66c015fa3d9

SHA1
cfc959cd8a1ae6f4b4556b9b109e318d79780917

SHA256
d84cbd901ba8ddc204ab6b060d9f1e845261a9be19b6552b78d1a8c92f98b01b

SHA512
816bbea1f04e6c4b82da9384a4aba3be05b47e116e44e9eb8df54f0327f23efbc054316a15bc14aa5d2f9f995175c152ed265894afcd052766d4b991626d79fb

Download Submit
C:\Windows\system\JIkeYej.exe

Filesize
6.0MB

MD5
6f7d22a3f3f48a58aa6bd4d06c668d4f

SHA1
29403f3180fc3108f44fd5f5a318ec7dd1f007fc

SHA256
e00e0bce889311f79f47ec473540518880def9a84f2f251d1f6f9d09a794269a

SHA512
f201e4cd9d27835b2551c9461e2916f6dec13a737bb263a8c31d74161810723991d5a8f2e9fdfa4a2005c48c53161e4c00439b71de2fd68d9ab818f3fb79c99c

Download Submit
C:\Windows\system\KBioYhz.exe

Filesize
6.0MB

MD5
89c43d82ad66d182168c4297ecef0b4e

SHA1
0dcefc1db1a77c421612af3bd41fefbc9315ca66

SHA256
e2f05fef4f963e81f1606ad49b102fc4a52b3881b80d8031d0b1c9a38bf7978d

SHA512
b9bdbfa86017d1d5dea9aacb02e4ec00da1048fcf442fe42c745368037042f05be0c2a3cc80a068ddcceee263fb95d4265bc141797d2509136c07323efdd0ed0

Download Submit
C:\Windows\system\NyuQrrf.exe

Filesize
6.0MB

MD5
a051a6cb964bd73ced0100a3bbeb4f61

SHA1
73dc7f726a47dc7dcf28fda934d16e5a18c180c8

SHA256
34f61a7dcf0cb1edbe475e587981285c10dece0fe6c9896c99e865032493de63

SHA512
46317ef6862fb21525e49dedb47ce50ba9a4b6ac03b2376f699a733accf53b27ef0210b9c215367fecc3a0dab7805c88ea87bd8c5c37ff9ae18769ad5bdf7cb8

Download Submit
C:\Windows\system\QXlXiHX.exe

Filesize
6.0MB

MD5
8ece0440ca8b6265fd1af602952a64bb

SHA1
cd6bca4c2e5ab744c32ca99681f9830dede1dd02

SHA256
e451d8c350d7471f68dab012099c54b7b274d6edc1dac69cf194a2eb791ad3f5

SHA512
e2f3357a40d7d4929b77809903442ec7b7633bc0768f0170dafbd93f9c091af5117b9d725a1fe0b1b01748ed809270c3445604ee312e2d018b93544eb83643ac

Download Submit
C:\Windows\system\SIRHtuL.exe

Filesize
6.0MB

MD5
8e3f7dd67a0409dca7ac8656616047f4

SHA1
ff0c5815c7b7868ce8474f63b47f6fa5261049d8

SHA256
d4e92ec9c30e6afae9758fb8cbff188a380606b5d2d8144fa6b3d4fba3786a08

SHA512
7481299deb0506eeaac5db0275239314ba04b44091a06feb42429ed3343742392427dec94712d135de218ce67d1ed0e2ccd25a16da6bd92bb2cdccbed3472eb7

Download Submit
C:\Windows\system\UunpvkL.exe

Filesize
6.0MB

MD5
e65d575651b62da4074cb76d1cf79288

SHA1
8a5cafee841342fe45ab24149d30b0581127b8ac

SHA256
935fef8aa44693eeac9091f44a34b6dc61fbcc88c59fdb9d29e7d79032087f32

SHA512
bc91740419dc32b4fc2b68c531f62b1ad0a0ed1c1314703f7adda11b3d3e70057ed79dc27ba4e7eee21916add26d4b8758b55b8a153b0d1b598b451f72d70543

Download Submit
C:\Windows\system\WkMUELO.exe

Filesize
6.0MB

MD5
6f642537a28316691163dd3510a96a15

SHA1
7ad141384e365d3c8b642a360352117491a26a8e

SHA256
8c4b7b34478e8cb3d38c582047c6018cfc34ca3fcf1162b54d804906c31784fc

SHA512
4232bf9e72d0351ac843f8e1b0169d4cb603c2420331645e312765c70e3eaf65a4d5c3f535c069f7f9cf5a35cf84c7dfa5507d2d771c212e8aaf0aa55b6e8cf5

Download Submit
C:\Windows\system\XbVCzGf.exe

Filesize
6.0MB

MD5
09662f7bb34c0ce3bef4e3967daee799

SHA1
ded7eeb9192ea1aba72f1063721807d54333c82a

SHA256
abb1f21adb183de984c7f1fa63eb982d6310a48683ee8739c976b372850ecece

SHA512
73cc5ad0acb9af4c29b025d49299a788f2b1c1658863deb291e0492d95b149577f324229dd3bd318118eed534e9250f447ee0555d9b9d51ea2d731ed29e0f621

Download Submit
C:\Windows\system\YjlVsuT.exe

Filesize
6.0MB

MD5
4e42d1dbb46cf68791a9bf370cc86e52

SHA1
3e44b44bd28660172f28cf461f772dcc9cd05680

SHA256
282e9abe7d96da103a290c6e2a68f1cccbbd4bfb369bc59e78da60441cc891e8

SHA512
d01924108fb5404dc9740f4c64bc4452c791b1eaa9c6af442edb27a17e2520b4ac090f001248dcaff937e3901b810b77a949f432a5db127ce62845030ed7c005

Download Submit
C:\Windows\system\cWScgLU.exe

Filesize
6.0MB

MD5
b6ce905cc7c9891493c7a5a5c21b6a51

SHA1
1620e9d70777c662d02d1b428085b57048a40f37

SHA256
ddc3a653e9683ffa8a77c799b8f1a57db73c2046d3ddeaf26855a95779972f71

SHA512
bccbd9d2b29f6a09b35467a175f687798ce96deafe6a4e42f95d3b0352fe438d7a3aaae5c10d3f141e7668e2993eac87bf1a8a5598222f1269fe7dc70715a992

Download Submit
C:\Windows\system\eHqhlrN.exe

Filesize
6.0MB

MD5
aeb9482184e13e3f14cb2aa87562961b

SHA1
85f6139301e9530f81aa129cfd721d3e0af3eaa2

SHA256
46f17e761dc9dfd2277e5c265c44b6314db82c6d4a75243b160b4c4dccd1e4ba

SHA512
d0806c4a3e19e67f8f621b3ae78fcfa0d91000fecb0aa19d1aa5a514c9f19cbde77214961d8f55d314a6af46736b72fc0e287a3bebc6c463d60f5c337330bfd3

Download Submit
C:\Windows\system\etOuJsc.exe

Filesize
6.0MB

MD5
e36a1820e44f22a64d38629424c9b4ea

SHA1
5834b3b88e1264951c68961b5f5861898adb3aa4

SHA256
6bfc6c392c0c249651a08b3037dbe6411b17fd66ffe04328c8307fab733fdb0e

SHA512
009ed84ef5beb79fd21a5c86963d432c1992c014527918331478dff8be35f125bd560b7eaea11d511b30bc2cb3a2466148d360404eebecf47e72f963cf93eeff

Download Submit
C:\Windows\system\fwmhemP.exe

Filesize
6.0MB

MD5
9034759cc40ef1016ead7ea07ee607bb

SHA1
7a068294eda235f10d9c8c39a98b5da8c35e4181

SHA256
66b71f45e970f8adaeeb51b5a67b869d105dc9cf7be0c485c508a90a4ea74416

SHA512
8efea3050ee7a76d9ce473efb20caa3a79d188929df6bf3a6acff548c9774fc2fc881364788b61a714e3a1c3444488fe2f955d3531dd7d6e853bd3ce75c04779

Download Submit
C:\Windows\system\gkvPJpt.exe

Filesize
6.0MB

MD5
54531fe45b9e2116928768e0658126ec

SHA1
91b318c44f75c20cee786a252b9df1d113624690

SHA256
edabb2da61e2f9f64301bec6b37a8a54da5573f042674befcfdb53d36baa79c7

SHA512
b54cf1c48ece649b99ced993a381ca4e337ae2c02e862f643857ecef9f10ac588e5413a6a23bc0b6eeda89e6bd3581caf9d8058a7446aafd1196704b6a86b112

Download Submit
C:\Windows\system\gqyEUPP.exe

Filesize
6.0MB

MD5
f5e72b362ddf893c2cca8828494a9460

SHA1
b021b784e4c88530c96283096eee80db31b4f83f

SHA256
c27c9857cf62ad00801483de3c3967f8e7e8b37944d87a4d37adf72393679c1b

SHA512
ba790430ea4d389993e007c827bbb43b51a9c17af4370346301b2064a351bb9e46e21c72731ad315a0b02451939aceb2f85100f6c164cad8b8fdcbcf2548067f

Download Submit
C:\Windows\system\iizVrPw.exe

Filesize
6.0MB

MD5
f339fb948381fb9175a936da54d950e7

SHA1
84d8c40d27a637a129824e7e176b41f2582142f2

SHA256
5951b7b4161e3a97be9439d0a28df3aa16d424de3f1aff284fb3fbfe29f02cf1

SHA512
969e6918ff8e35b318439dd19b75b5a6800a9008b0dbed6f992e1dfe33d13644975bd58ebd85fec3f35c00b460da33b711c344cd6fbb43166972ee3ee9677613

Download Submit
C:\Windows\system\ktmlyPq.exe

Filesize
6.0MB

MD5
be0de5cfc0076c1a9248a432777cf48e

SHA1
5086ddd0b1c876c16b722df0344e772f7313951a

SHA256
ccd86f2419a9032ef4e61d341c60cda08704cdd041a803f83ea7e8cdca671d45

SHA512
45edf6beda40158d999ea586f7a2ab0866c06e97765e67d9b3c40e951a3f8924021cd66cc81fe153435335542c1a7ade333ac368517ef90f860d4c50b6a49ae3

Download Submit
C:\Windows\system\povSYuP.exe

Filesize
6.0MB

MD5
6c7ecfda1b1be43fcbf93393c8eb557c

SHA1
4652cec36ba8e3833c65ff3721f80a44d0e69f7b

SHA256
587a46da473557e3755d710c384e967879512a23829d1b1921678ed19c8bf61f

SHA512
813592d3a1d17452aac3898c85009e7e29302fdd76aaba4388f12aeaf026d4525427ed5c19d79ab7af942782226bf9dfa65315a470ec18698205ba4259b935d2

Download Submit
C:\Windows\system\rESDMnR.exe

Filesize
6.0MB

MD5
a5cf4d1c4156d019d8b726d2419b0a88

SHA1
9ca343e6cd92003026698129cc9271f888304c5f

SHA256
84ab8e707b1284f2d916770f4f7677f3b1bb36618ab1104528cb37ea9362b91a

SHA512
5e7439ebad9906c2d3ffcf45d31ce884708cc43c688c4a5f3a9e86b4274f273eabac7058ed920084f9f898fa837bb8504b796a26b30114176f5a6f24f6df1067

Download Submit
C:\Windows\system\tXWDBpc.exe

Filesize
6.0MB

MD5
2bc86e517317ce889784027b2e916d91

SHA1
e98ab88a4352617a3c7123b0045077ec90c2c35c

SHA256
af7f5766c6ea1575e9a7a65fb38e8c7e8ad2ecdffcd2441e0bce5286c11813d9

SHA512
714859b2147b66206a442d4949ac184f5cb54cb1b8406ad7efe343338398765097e571da82f0fc3fbf02de19df8af53ab806fb23ecdc97d9cd619f1290f92fc6

Download Submit
C:\Windows\system\vkLVPqG.exe

Filesize
6.0MB

MD5
d07aa8e15bc9ef044b54abe653966938

SHA1
02fb77cdbddd33c1bc0d66619e16c90ae9981f2d

SHA256
92288579825df3660196d5fa5bf8d781fb4464bb8c5b141176e161f937a3c9c5

SHA512
8841b8abeba9725a1df64f562123011ad5e90fbb1016a990a9057c735c7db4e9f0d4cae580c1af2c494c2bdb1b3869fa18142a3ad78ac07aa3558eccfd1de62d

Download Submit
C:\Windows\system\wRCFDlT.exe

Filesize
6.0MB

MD5
d0ff827a8b145a450c88162d35051a7b

SHA1
75e67d12d8857c0b14181e02c51d8732a645a183

SHA256
70c73c616a947f89878ce3560dda555503da62c9c2ad5d067dbd9decf07826d7

SHA512
d5b3ef9301ea85b8b5768b6ac9b9f424b41952624df01277385ebfb174267c86766104047bddbf01b5cd14afe67322c166235d3f8a322f8188a3a156d200fa1a

Download Submit
C:\Windows\system\xGTJdwc.exe

Filesize
6.0MB

MD5
17a63ed31d7f18ca1300d1c59e618761

SHA1
648b65a76d716fd6ef9332d069f7a69e5e759637

SHA256
9502e066f5b1646ba29e969e8401375e8c7cfc8aec84b9f8e177fdfe99cc0689

SHA512
5d6272c6313f772cf9714c2ea493f976f430cb385f59c01707b886936306e0e92ee1950ebeff66db4653ec00e8dbc33912bf6131a6926faaa60112fb7f09a610

Download Submit
C:\Windows\system\yRlyKQq.exe

Filesize
6.0MB

MD5
5d698ca2d0617c314fd629e7de951c95

SHA1
d1e1084a15456fa0acfaa22b876aaccf9365aea3

SHA256
31f15e9dce22819f01d90e6bbb0d7804d5568fdc4bbcd16768c15477568d9c8f

SHA512
d83806b8d26a9c091e9bd8d9aa9e2af3b4e18f7376a227d2b8d360887d57c3f76fd16b387f17096eaed280882b0f42a44b5f285d3bf23413e722f293c34c8190

Download Submit
\Windows\system\BYuMeRu.exe

Filesize
6.0MB

MD5
1a89936cd49cb81370b96548684377b6

SHA1
5d1946316540f20fce6284ca509e0c302715f02a

SHA256
164af517a908a47eedaf1d49c381f134f5cf2e4d501d60b2a65f0141eb04acf7

SHA512
36c4a8ee89d90275be3c05013a7821842696677fa26e4128f7e6b7ac3b55c9e150e9ea8b0d6dc946e591e338937cf4c444fcc068758bf97745cb2fc4815c9cc9

Download Submit
\Windows\system\OglCGJE.exe

Filesize
6.0MB

MD5
8f76cbb6ecb6f4d34263afcb4a26fc60

SHA1
7d1d8667e35072add60cd32f4eaddbda9e8cbff7

SHA256
7fc35132a1740d85780ac5b658b465c78dca4aea27ec9854be734b09eb302189

SHA512
e719115a7b71f0d4618ca5fb6060ecde7ea676bd5e3f536e858abecc97c47849f63d396a81f1556e6e5d3254445e7831a00b482b1c26bbd2c8d38545fa109142

Download Submit
\Windows\system\PJNenHF.exe

Filesize
6.0MB

MD5
71655bc33cab9f2aa5eb28b050e85f0c

SHA1
6c952eeedfd520b57fc3fe06203a38e36a328548

SHA256
ddc2ed9338a769059461d8ade62b3c25bdb50eac09221bd21149f7ec9ed5ea22

SHA512
da426f91c223e87bc32249ad0692c0daeca9b661f18fe1e8b15c9a1dd200a3a01141cb8b100ef1c05f9e1cf2545a2795556794576e64762eec98dd8b2b2f465c

Download Submit
\Windows\system\daeOEwc.exe

Filesize
6.0MB

MD5
7730689299efc314e66165c16fc0f2c4

SHA1
22e33024f06af4b3773ce1e85831c14da577efb1

SHA256
8ed6a8b8bd383cc4cfdc7b7da4f877fefd49048859c5dc8e69ed67a0457b452c

SHA512
3b90bb44e608332212410c8a5632583e8e7d61bf3be958217ec709fafdfa8348beef0c6b614213b078d24af7f7c3e39e9185051ae68bf966faf00e9f7754b6d1

Download Submit
\Windows\system\gSJxtVL.exe

Filesize
6.0MB

MD5
8adcdf0d04610dbbe02b20a64ed0145a

SHA1
5e6fe4fe899fd984c31e4c68d0f9072f82cb77ad

SHA256
9c484a01e1c6f549ced588194d65b02eb1cad947762d7b0233e61866139670aa

SHA512
6cb835ace5af2d38124e1506554660c11b27745280722df125f9839d274135f71fbd0c1e0841034a28cfb064239089c9139825e2ea608822b99040f7c94b0a21

Download Submit
memory/540-3981-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1176-3783-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1612-474-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1612-4003-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1664-4000-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1704-3803-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2172-3765-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-508-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3802-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-469-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-3799-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2320-491-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2320-4058-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2320-1957-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2320-0-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3800-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3776-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3771-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3794-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3999-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download