cobaltstrike | 04e71bc9821e5828ce2471a566d7ff563b254d9c3730b7c9d079b594adbc0f23

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a46127c76ea7c1d18262169d35ce219e
SHA1

478589501d2b9d72603f38f83d2583070d12b22b
SHA256

04e71bc9821e5828ce2471a566d7ff563b254d9c3730b7c9d079b594adbc0f23
SHA512

c7776b470392a258f227aa3b50c7fad1e1861980f51c7201604d95b5d62ff3cecd2f8787afd98cc2307dac814ae94077d8cfe6978c496d4e4269986688e3083b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b3c-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014bef-22.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014ba6-15.dat	cobalt_reflective_dll
behavioral1/files/0x002e000000014733-38.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000152aa-52.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d0e-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d2a-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d89-123.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001604c-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016875-179.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c88-199.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c80-194.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c66-189.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b47-184.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016650-174.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000165c7-169.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164b1-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016332-159.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001628b-154.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001610d-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015f7b-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015f25-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015ec4-128.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d81-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d79-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d59-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d41-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d18-77.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cfc-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014f83-48.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014f35-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2076-0-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x0008000000014b3c-12.dat	xmrig
behavioral1/memory/2748-14-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000014bef-22.dat	xmrig
behavioral1/files/0x0008000000014ba6-15.dat	xmrig
behavioral1/memory/2904-21-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2076-19-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2320-29-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2632-13-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x002e000000014733-38.dat	xmrig
behavioral1/memory/2856-41-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000152aa-52.dat	xmrig
behavioral1/memory/2904-57-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0006000000015d0e-67.dat	xmrig
behavioral1/memory/296-72-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0006000000015d2a-86.dat	xmrig
behavioral1/memory/848-79-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015d89-123.dat	xmrig
behavioral1/files/0x000600000001604c-143.dat	xmrig
behavioral1/files/0x0006000000016875-179.dat	xmrig
behavioral1/memory/1728-777-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2868-583-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/604-413-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2076-336-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/848-279-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c88-199.dat	xmrig
behavioral1/files/0x0006000000016c80-194.dat	xmrig
behavioral1/files/0x0006000000016c66-189.dat	xmrig
behavioral1/files/0x0006000000016b47-184.dat	xmrig
behavioral1/files/0x0006000000016650-174.dat	xmrig
behavioral1/files/0x00060000000165c7-169.dat	xmrig
behavioral1/files/0x00060000000164b1-164.dat	xmrig
behavioral1/files/0x0006000000016332-159.dat	xmrig
behavioral1/files/0x000600000001628b-154.dat	xmrig
behavioral1/memory/296-151-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000600000001610d-148.dat	xmrig
behavioral1/files/0x0006000000015f7b-138.dat	xmrig
behavioral1/files/0x0006000000015f25-133.dat	xmrig
behavioral1/files/0x0006000000015ec4-128.dat	xmrig
behavioral1/files/0x0006000000015d81-118.dat	xmrig
behavioral1/files/0x0006000000015d79-113.dat	xmrig
behavioral1/memory/2868-97-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/1728-106-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/3028-105-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0006000000015d59-104.dat	xmrig
behavioral1/memory/2572-96-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015d41-95.dat	xmrig
behavioral1/memory/604-88-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2720-87-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2076-84-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2076-83-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2856-78-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015d18-77.dat	xmrig
behavioral1/memory/2556-71-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/3028-64-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cfc-63.dat	xmrig
behavioral1/memory/2572-58-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2720-50-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2748-49-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014f83-48.dat	xmrig
behavioral1/memory/2556-36-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2076-35-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0007000000014f35-34.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2632	GptCPHt.exe
2748	xRIsWLr.exe
2904	zOsCrTo.exe
2320	jNPdCFs.exe
2556	QmGLEfU.exe
2856	QItwEYs.exe
2720	vHAVNbW.exe
2572	EHtVmPc.exe
3028	PsjUeVs.exe
296	RtTIDdN.exe
848	QKgmPHM.exe
604	nvHJtyG.exe
2868	HQwMxcz.exe
1728	UIxSRMW.exe
1944	mGACeKb.exe
1692	fqIFsTd.exe
2016	HOJyyPi.exe
2416	fcOvjsH.exe
3000	PfGZAaz.exe
1904	tdQrwxI.exe
900	NckWFui.exe
1836	KlLmPyY.exe
2336	gyKrFGb.exe
2364	samMyoI.exe
1988	cdhRjia.exe
2104	hdrnKgv.exe
2500	JxXaCoZ.exe
2324	AXHAMQj.exe
1496	HRWZDaV.exe
1160	qZMOfyH.exe
1184	RsgGuFx.exe
1084	MkKmXBQ.exe
1816	wqoqIJl.exe
1256	ctXLajE.exe
1680	BoieAzy.exe
2064	qXKMtxK.exe
1268	bXtZpKo.exe
1444	dRXftIa.exe
3044	ihtJyqd.exe
1724	zdVVSAM.exe
1980	bvvdKSP.exe
944	qAqIdfC.exe
2216	fVmIgfB.exe
1456	xODRRcP.exe
2168	PlPTjuW.exe
2088	geWhTuC.exe
2900	NQMtQZP.exe
2608	QzsJmlK.exe
2888	MygIExx.exe
2424	KxeyjRc.exe
1608	EZReyZa.exe
832	TjfomyT.exe
300	PMhcHeu.exe
1516	ilFGiVT.exe
1512	hXlwOeJ.exe
2760	oghQOtx.exe
2672	HBpJhJi.exe
2724	wHriNqE.exe
2636	KHdvvcX.exe
2532	uQjEWgA.exe
880	NWJZIxE.exe
2780	YfjnVYQ.exe
1220	LxLxBtB.exe
1244	jNzGdgL.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x0008000000014b3c-12.dat	upx
behavioral1/memory/2748-14-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x0008000000014bef-22.dat	upx
behavioral1/files/0x0008000000014ba6-15.dat	upx
behavioral1/memory/2904-21-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2320-29-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2632-13-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x002e000000014733-38.dat	upx
behavioral1/memory/2856-41-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x00070000000152aa-52.dat	upx
behavioral1/memory/2904-57-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0006000000015d0e-67.dat	upx
behavioral1/memory/296-72-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0006000000015d2a-86.dat	upx
behavioral1/memory/848-79-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0006000000015d89-123.dat	upx
behavioral1/files/0x000600000001604c-143.dat	upx
behavioral1/files/0x0006000000016875-179.dat	upx
behavioral1/memory/1728-777-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2868-583-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/604-413-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/848-279-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0006000000016c88-199.dat	upx
behavioral1/files/0x0006000000016c80-194.dat	upx
behavioral1/files/0x0006000000016c66-189.dat	upx
behavioral1/files/0x0006000000016b47-184.dat	upx
behavioral1/files/0x0006000000016650-174.dat	upx
behavioral1/files/0x00060000000165c7-169.dat	upx
behavioral1/files/0x00060000000164b1-164.dat	upx
behavioral1/files/0x0006000000016332-159.dat	upx
behavioral1/files/0x000600000001628b-154.dat	upx
behavioral1/memory/296-151-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000600000001610d-148.dat	upx
behavioral1/files/0x0006000000015f7b-138.dat	upx
behavioral1/files/0x0006000000015f25-133.dat	upx
behavioral1/files/0x0006000000015ec4-128.dat	upx
behavioral1/files/0x0006000000015d81-118.dat	upx
behavioral1/files/0x0006000000015d79-113.dat	upx
behavioral1/memory/2868-97-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/1728-106-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/3028-105-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0006000000015d59-104.dat	upx
behavioral1/memory/2572-96-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0006000000015d41-95.dat	upx
behavioral1/memory/604-88-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2720-87-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2856-78-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x0006000000015d18-77.dat	upx
behavioral1/memory/2556-71-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/3028-64-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0007000000015cfc-63.dat	upx
behavioral1/memory/2572-58-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2720-50-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2748-49-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x0007000000014f83-48.dat	upx
behavioral1/memory/2556-36-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2076-35-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0007000000014f35-34.dat	upx
behavioral1/memory/2320-3396-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2748-3394-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2632-3401-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2904-3404-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dgNzYkg.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRzTOjA.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jefbUqF.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpXHsMX.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uifrUnV.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqUgNMr.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMMljFo.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgaNmEE.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RaJCZVq.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjbnguL.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPmjsYt.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HENWSXJ.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVtYDzP.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gimGzVW.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlihFew.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\anvxUiU.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxEGCqO.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXrBWJD.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLQWYIm.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deebumG.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzZMAGg.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvEGobw.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNuEbVC.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWkHExi.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvSkHWW.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILdLIRe.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvwsPFh.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfLVUXu.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUakEIk.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGWpbbf.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCVKtdU.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIuQAPv.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVHFiDj.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALDcMoS.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPtRBqY.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGwpFoN.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjIutBj.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbDZjNw.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwYdqsz.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWEhMQr.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGUWtvk.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maDHDHT.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDOImvw.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiJzUzb.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOLZihn.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYsRRHR.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOAfhgo.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEeFNYR.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbGXKUO.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMmBZFc.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktldXko.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxTvJcf.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxeARLB.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNBeska.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyToeAA.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNdofEg.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdNitsf.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtlJwta.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAqciJQ.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\daPDkzu.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zygiqlK.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuLSBEt.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJWoRMO.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLpkGDX.exe	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2632	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2076 wrote to memory of 2632	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2076 wrote to memory of 2632	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2076 wrote to memory of 2748	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2076 wrote to memory of 2748	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2076 wrote to memory of 2748	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2076 wrote to memory of 2904	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2076 wrote to memory of 2904	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2076 wrote to memory of 2904	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2076 wrote to memory of 2320	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 2320	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 2320	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 2556	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2556	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2556	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2856	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2856	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2856	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2720	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2720	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2720	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2572	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2572	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2572	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 3028	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 3028	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 3028	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 296	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 296	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 296	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 848	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 848	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 848	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 604	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 604	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 604	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2868	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2868	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2868	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 1728	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 1728	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 1728	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 1944	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 1944	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 1944	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 1692	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 1692	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 1692	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 2016	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 2016	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 2016	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 2416	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 2416	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 2416	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 3000	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 3000	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 3000	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 1904	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 1904	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 1904	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 900	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 900	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 900	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 1836	2076	2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_a46127c76ea7c1d18262169d35ce219e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\System\GptCPHt.exe
  C:\Windows\System\GptCPHt.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\xRIsWLr.exe
  C:\Windows\System\xRIsWLr.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\zOsCrTo.exe
  C:\Windows\System\zOsCrTo.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\jNPdCFs.exe
  C:\Windows\System\jNPdCFs.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\QmGLEfU.exe
  C:\Windows\System\QmGLEfU.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\QItwEYs.exe
  C:\Windows\System\QItwEYs.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\vHAVNbW.exe
  C:\Windows\System\vHAVNbW.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\EHtVmPc.exe
  C:\Windows\System\EHtVmPc.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\PsjUeVs.exe
  C:\Windows\System\PsjUeVs.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\RtTIDdN.exe
  C:\Windows\System\RtTIDdN.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\QKgmPHM.exe
  C:\Windows\System\QKgmPHM.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\nvHJtyG.exe
  C:\Windows\System\nvHJtyG.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\HQwMxcz.exe
  C:\Windows\System\HQwMxcz.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\UIxSRMW.exe
  C:\Windows\System\UIxSRMW.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\mGACeKb.exe
  C:\Windows\System\mGACeKb.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\fqIFsTd.exe
  C:\Windows\System\fqIFsTd.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\HOJyyPi.exe
  C:\Windows\System\HOJyyPi.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\fcOvjsH.exe
  C:\Windows\System\fcOvjsH.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\PfGZAaz.exe
  C:\Windows\System\PfGZAaz.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\tdQrwxI.exe
  C:\Windows\System\tdQrwxI.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\NckWFui.exe
  C:\Windows\System\NckWFui.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\KlLmPyY.exe
  C:\Windows\System\KlLmPyY.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\gyKrFGb.exe
  C:\Windows\System\gyKrFGb.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\samMyoI.exe
  C:\Windows\System\samMyoI.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\cdhRjia.exe
  C:\Windows\System\cdhRjia.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\hdrnKgv.exe
  C:\Windows\System\hdrnKgv.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\JxXaCoZ.exe
  C:\Windows\System\JxXaCoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\AXHAMQj.exe
  C:\Windows\System\AXHAMQj.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\HRWZDaV.exe
  C:\Windows\System\HRWZDaV.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\qZMOfyH.exe
  C:\Windows\System\qZMOfyH.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\RsgGuFx.exe
  C:\Windows\System\RsgGuFx.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\MkKmXBQ.exe
  C:\Windows\System\MkKmXBQ.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\wqoqIJl.exe
  C:\Windows\System\wqoqIJl.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\ctXLajE.exe
  C:\Windows\System\ctXLajE.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\BoieAzy.exe
  C:\Windows\System\BoieAzy.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\qXKMtxK.exe
  C:\Windows\System\qXKMtxK.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\bXtZpKo.exe
  C:\Windows\System\bXtZpKo.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\dRXftIa.exe
  C:\Windows\System\dRXftIa.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\ihtJyqd.exe
  C:\Windows\System\ihtJyqd.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\zdVVSAM.exe
  C:\Windows\System\zdVVSAM.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\bvvdKSP.exe
  C:\Windows\System\bvvdKSP.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\qAqIdfC.exe
  C:\Windows\System\qAqIdfC.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\fVmIgfB.exe
  C:\Windows\System\fVmIgfB.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\xODRRcP.exe
  C:\Windows\System\xODRRcP.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\PlPTjuW.exe
  C:\Windows\System\PlPTjuW.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\geWhTuC.exe
  C:\Windows\System\geWhTuC.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\NQMtQZP.exe
  C:\Windows\System\NQMtQZP.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\QzsJmlK.exe
  C:\Windows\System\QzsJmlK.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\MygIExx.exe
  C:\Windows\System\MygIExx.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\KxeyjRc.exe
  C:\Windows\System\KxeyjRc.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\EZReyZa.exe
  C:\Windows\System\EZReyZa.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\TjfomyT.exe
  C:\Windows\System\TjfomyT.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\PMhcHeu.exe
  C:\Windows\System\PMhcHeu.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\ilFGiVT.exe
  C:\Windows\System\ilFGiVT.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\hXlwOeJ.exe
  C:\Windows\System\hXlwOeJ.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\oghQOtx.exe
  C:\Windows\System\oghQOtx.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\HBpJhJi.exe
  C:\Windows\System\HBpJhJi.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\wHriNqE.exe
  C:\Windows\System\wHriNqE.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\KHdvvcX.exe
  C:\Windows\System\KHdvvcX.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\uQjEWgA.exe
  C:\Windows\System\uQjEWgA.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\NWJZIxE.exe
  C:\Windows\System\NWJZIxE.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\YfjnVYQ.exe
  C:\Windows\System\YfjnVYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\LxLxBtB.exe
  C:\Windows\System\LxLxBtB.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\jNzGdgL.exe
  C:\Windows\System\jNzGdgL.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\JqDyxMF.exe
  C:\Windows\System\JqDyxMF.exe
  2⤵
  PID:1644
- C:\Windows\System\GzsWSym.exe
  C:\Windows\System\GzsWSym.exe
  2⤵
  PID:1928
- C:\Windows\System\nLJEaPh.exe
  C:\Windows\System\nLJEaPh.exe
  2⤵
  PID:1856
- C:\Windows\System\XJRSAiN.exe
  C:\Windows\System\XJRSAiN.exe
  2⤵
  PID:1820
- C:\Windows\System\JDtAdkj.exe
  C:\Windows\System\JDtAdkj.exe
  2⤵
  PID:1544
- C:\Windows\System\doOxesS.exe
  C:\Windows\System\doOxesS.exe
  2⤵
  PID:2120
- C:\Windows\System\UVNjtcI.exe
  C:\Windows\System\UVNjtcI.exe
  2⤵
  PID:2920
- C:\Windows\System\XCfgxmp.exe
  C:\Windows\System\XCfgxmp.exe
  2⤵
  PID:992
- C:\Windows\System\HBIOrlY.exe
  C:\Windows\System\HBIOrlY.exe
  2⤵
  PID:2172
- C:\Windows\System\URHnUtc.exe
  C:\Windows\System\URHnUtc.exe
  2⤵
  PID:740
- C:\Windows\System\JEjLpbu.exe
  C:\Windows\System\JEjLpbu.exe
  2⤵
  PID:2372
- C:\Windows\System\psyfoSE.exe
  C:\Windows\System\psyfoSE.exe
  2⤵
  PID:972
- C:\Windows\System\EDjcQcK.exe
  C:\Windows\System\EDjcQcK.exe
  2⤵
  PID:1672
- C:\Windows\System\wQpkRyT.exe
  C:\Windows\System\wQpkRyT.exe
  2⤵
  PID:1576
- C:\Windows\System\KnWIDEC.exe
  C:\Windows\System\KnWIDEC.exe
  2⤵
  PID:1488
- C:\Windows\System\VaCbMfC.exe
  C:\Windows\System\VaCbMfC.exe
  2⤵
  PID:916
- C:\Windows\System\SmUCVyE.exe
  C:\Windows\System\SmUCVyE.exe
  2⤵
  PID:1192
- C:\Windows\System\AgtspsE.exe
  C:\Windows\System\AgtspsE.exe
  2⤵
  PID:1660
- C:\Windows\System\ebbnSJY.exe
  C:\Windows\System\ebbnSJY.exe
  2⤵
  PID:2448
- C:\Windows\System\zaRadGJ.exe
  C:\Windows\System\zaRadGJ.exe
  2⤵
  PID:2444
- C:\Windows\System\KOksvHS.exe
  C:\Windows\System\KOksvHS.exe
  2⤵
  PID:2108
- C:\Windows\System\QduizPI.exe
  C:\Windows\System\QduizPI.exe
  2⤵
  PID:3012
- C:\Windows\System\uAxKTHk.exe
  C:\Windows\System\uAxKTHk.exe
  2⤵
  PID:3048
- C:\Windows\System\LwGmKDL.exe
  C:\Windows\System\LwGmKDL.exe
  2⤵
  PID:2160
- C:\Windows\System\dTpsidB.exe
  C:\Windows\System\dTpsidB.exe
  2⤵
  PID:2628
- C:\Windows\System\WgipGGB.exe
  C:\Windows\System\WgipGGB.exe
  2⤵
  PID:2348
- C:\Windows\System\vewLqBf.exe
  C:\Windows\System\vewLqBf.exe
  2⤵
  PID:2992
- C:\Windows\System\DVZfUzg.exe
  C:\Windows\System\DVZfUzg.exe
  2⤵
  PID:2744
- C:\Windows\System\YeDzDKr.exe
  C:\Windows\System\YeDzDKr.exe
  2⤵
  PID:1864
- C:\Windows\System\VKSBlGi.exe
  C:\Windows\System\VKSBlGi.exe
  2⤵
  PID:328
- C:\Windows\System\pxLkQZS.exe
  C:\Windows\System\pxLkQZS.exe
  2⤵
  PID:1884
- C:\Windows\System\spdOmNe.exe
  C:\Windows\System\spdOmNe.exe
  2⤵
  PID:1828
- C:\Windows\System\ZAaoyoP.exe
  C:\Windows\System\ZAaoyoP.exe
  2⤵
  PID:2040
- C:\Windows\System\LtSLaWh.exe
  C:\Windows\System\LtSLaWh.exe
  2⤵
  PID:2220
- C:\Windows\System\NGZavjl.exe
  C:\Windows\System\NGZavjl.exe
  2⤵
  PID:2356
- C:\Windows\System\EMVfSdV.exe
  C:\Windows\System\EMVfSdV.exe
  2⤵
  PID:2000
- C:\Windows\System\dUEacNv.exe
  C:\Windows\System\dUEacNv.exe
  2⤵
  PID:2276
- C:\Windows\System\keRBPJu.exe
  C:\Windows\System\keRBPJu.exe
  2⤵
  PID:1720
- C:\Windows\System\oyRjXDH.exe
  C:\Windows\System\oyRjXDH.exe
  2⤵
  PID:1520
- C:\Windows\System\puZLtKs.exe
  C:\Windows\System\puZLtKs.exe
  2⤵
  PID:2432
- C:\Windows\System\TcDvZaj.exe
  C:\Windows\System\TcDvZaj.exe
  2⤵
  PID:2248
- C:\Windows\System\fdiEBEB.exe
  C:\Windows\System\fdiEBEB.exe
  2⤵
  PID:2204
- C:\Windows\System\pMwmsAo.exe
  C:\Windows\System\pMwmsAo.exe
  2⤵
  PID:2148
- C:\Windows\System\nWBrBPC.exe
  C:\Windows\System\nWBrBPC.exe
  2⤵
  PID:2784
- C:\Windows\System\ryYGGVj.exe
  C:\Windows\System\ryYGGVj.exe
  2⤵
  PID:2568
- C:\Windows\System\tGIbhEm.exe
  C:\Windows\System\tGIbhEm.exe
  2⤵
  PID:2800
- C:\Windows\System\fLHAsaY.exe
  C:\Windows\System\fLHAsaY.exe
  2⤵
  PID:3080
- C:\Windows\System\KDmHcCo.exe
  C:\Windows\System\KDmHcCo.exe
  2⤵
  PID:3100
- C:\Windows\System\xvTpnuB.exe
  C:\Windows\System\xvTpnuB.exe
  2⤵
  PID:3120
- C:\Windows\System\LGyJUUb.exe
  C:\Windows\System\LGyJUUb.exe
  2⤵
  PID:3140
- C:\Windows\System\iYoecnm.exe
  C:\Windows\System\iYoecnm.exe
  2⤵
  PID:3160
- C:\Windows\System\QWSwmpy.exe
  C:\Windows\System\QWSwmpy.exe
  2⤵
  PID:3180
- C:\Windows\System\VqdCLMT.exe
  C:\Windows\System\VqdCLMT.exe
  2⤵
  PID:3200
- C:\Windows\System\mtUwJtw.exe
  C:\Windows\System\mtUwJtw.exe
  2⤵
  PID:3220
- C:\Windows\System\DdjXYyp.exe
  C:\Windows\System\DdjXYyp.exe
  2⤵
  PID:3240
- C:\Windows\System\vwYdqsz.exe
  C:\Windows\System\vwYdqsz.exe
  2⤵
  PID:3260
- C:\Windows\System\wbcbWoA.exe
  C:\Windows\System\wbcbWoA.exe
  2⤵
  PID:3280
- C:\Windows\System\DyykWcC.exe
  C:\Windows\System\DyykWcC.exe
  2⤵
  PID:3300
- C:\Windows\System\lQeVlny.exe
  C:\Windows\System\lQeVlny.exe
  2⤵
  PID:3320
- C:\Windows\System\lZveLvW.exe
  C:\Windows\System\lZveLvW.exe
  2⤵
  PID:3340
- C:\Windows\System\ZBbFMpV.exe
  C:\Windows\System\ZBbFMpV.exe
  2⤵
  PID:3360
- C:\Windows\System\XDgMgRo.exe
  C:\Windows\System\XDgMgRo.exe
  2⤵
  PID:3380
- C:\Windows\System\dbwxKTE.exe
  C:\Windows\System\dbwxKTE.exe
  2⤵
  PID:3400
- C:\Windows\System\ZOuynxa.exe
  C:\Windows\System\ZOuynxa.exe
  2⤵
  PID:3420
- C:\Windows\System\EAmByhB.exe
  C:\Windows\System\EAmByhB.exe
  2⤵
  PID:3444
- C:\Windows\System\FUcdmUW.exe
  C:\Windows\System\FUcdmUW.exe
  2⤵
  PID:3464
- C:\Windows\System\qrmSVug.exe
  C:\Windows\System\qrmSVug.exe
  2⤵
  PID:3484
- C:\Windows\System\wfNylkW.exe
  C:\Windows\System\wfNylkW.exe
  2⤵
  PID:3508
- C:\Windows\System\xJfdnIj.exe
  C:\Windows\System\xJfdnIj.exe
  2⤵
  PID:3528
- C:\Windows\System\GWEhMQr.exe
  C:\Windows\System\GWEhMQr.exe
  2⤵
  PID:3544
- C:\Windows\System\tZnITqC.exe
  C:\Windows\System\tZnITqC.exe
  2⤵
  PID:3568
- C:\Windows\System\gyWdYvn.exe
  C:\Windows\System\gyWdYvn.exe
  2⤵
  PID:3588
- C:\Windows\System\DhrLEpg.exe
  C:\Windows\System\DhrLEpg.exe
  2⤵
  PID:3608
- C:\Windows\System\LmjjKjY.exe
  C:\Windows\System\LmjjKjY.exe
  2⤵
  PID:3628
- C:\Windows\System\YjhCDZW.exe
  C:\Windows\System\YjhCDZW.exe
  2⤵
  PID:3648
- C:\Windows\System\UPzIRBD.exe
  C:\Windows\System\UPzIRBD.exe
  2⤵
  PID:3668
- C:\Windows\System\zBKJUSm.exe
  C:\Windows\System\zBKJUSm.exe
  2⤵
  PID:3688
- C:\Windows\System\uPVtRYj.exe
  C:\Windows\System\uPVtRYj.exe
  2⤵
  PID:3708
- C:\Windows\System\CjKpmPp.exe
  C:\Windows\System\CjKpmPp.exe
  2⤵
  PID:3728
- C:\Windows\System\UqcicOg.exe
  C:\Windows\System\UqcicOg.exe
  2⤵
  PID:3748
- C:\Windows\System\ZgdxHdl.exe
  C:\Windows\System\ZgdxHdl.exe
  2⤵
  PID:3768
- C:\Windows\System\EYbxyOv.exe
  C:\Windows\System\EYbxyOv.exe
  2⤵
  PID:3784
- C:\Windows\System\boohAef.exe
  C:\Windows\System\boohAef.exe
  2⤵
  PID:3808
- C:\Windows\System\yGFQsQK.exe
  C:\Windows\System\yGFQsQK.exe
  2⤵
  PID:3828
- C:\Windows\System\BpLWgmL.exe
  C:\Windows\System\BpLWgmL.exe
  2⤵
  PID:3848
- C:\Windows\System\yPOiAVD.exe
  C:\Windows\System\yPOiAVD.exe
  2⤵
  PID:3868
- C:\Windows\System\hFesncw.exe
  C:\Windows\System\hFesncw.exe
  2⤵
  PID:3888
- C:\Windows\System\VpylvQZ.exe
  C:\Windows\System\VpylvQZ.exe
  2⤵
  PID:3908
- C:\Windows\System\SMGtkLg.exe
  C:\Windows\System\SMGtkLg.exe
  2⤵
  PID:3928
- C:\Windows\System\uohoKNQ.exe
  C:\Windows\System\uohoKNQ.exe
  2⤵
  PID:3944
- C:\Windows\System\cIdVmlj.exe
  C:\Windows\System\cIdVmlj.exe
  2⤵
  PID:3968
- C:\Windows\System\IYQlLuh.exe
  C:\Windows\System\IYQlLuh.exe
  2⤵
  PID:3988
- C:\Windows\System\IybjoNC.exe
  C:\Windows\System\IybjoNC.exe
  2⤵
  PID:4008
- C:\Windows\System\HRRmSHR.exe
  C:\Windows\System\HRRmSHR.exe
  2⤵
  PID:4028
- C:\Windows\System\Vgpscif.exe
  C:\Windows\System\Vgpscif.exe
  2⤵
  PID:4052
- C:\Windows\System\oCrKPXW.exe
  C:\Windows\System\oCrKPXW.exe
  2⤵
  PID:4072
- C:\Windows\System\mLGZyDc.exe
  C:\Windows\System\mLGZyDc.exe
  2⤵
  PID:4092
- C:\Windows\System\OVAMjiU.exe
  C:\Windows\System\OVAMjiU.exe
  2⤵
  PID:1940
- C:\Windows\System\XNwDHsX.exe
  C:\Windows\System\XNwDHsX.exe
  2⤵
  PID:2380
- C:\Windows\System\rHGkewM.exe
  C:\Windows\System\rHGkewM.exe
  2⤵
  PID:2808
- C:\Windows\System\ORqEQpk.exe
  C:\Windows\System\ORqEQpk.exe
  2⤵
  PID:2312
- C:\Windows\System\ANcXAwR.exe
  C:\Windows\System\ANcXAwR.exe
  2⤵
  PID:948
- C:\Windows\System\VVCUyBA.exe
  C:\Windows\System\VVCUyBA.exe
  2⤵
  PID:2484
- C:\Windows\System\RQROtGa.exe
  C:\Windows\System\RQROtGa.exe
  2⤵
  PID:1224
- C:\Windows\System\XvUPHxe.exe
  C:\Windows\System\XvUPHxe.exe
  2⤵
  PID:748
- C:\Windows\System\XBaslKu.exe
  C:\Windows\System\XBaslKu.exe
  2⤵
  PID:2728
- C:\Windows\System\mLBudkd.exe
  C:\Windows\System\mLBudkd.exe
  2⤵
  PID:824
- C:\Windows\System\CUkEgnE.exe
  C:\Windows\System\CUkEgnE.exe
  2⤵
  PID:3076
- C:\Windows\System\WWQRuqb.exe
  C:\Windows\System\WWQRuqb.exe
  2⤵
  PID:3112
- C:\Windows\System\nEkLpCe.exe
  C:\Windows\System\nEkLpCe.exe
  2⤵
  PID:3136
- C:\Windows\System\iUXjuah.exe
  C:\Windows\System\iUXjuah.exe
  2⤵
  PID:3196
- C:\Windows\System\rfLfiuX.exe
  C:\Windows\System\rfLfiuX.exe
  2⤵
  PID:3208
- C:\Windows\System\zepxEjt.exe
  C:\Windows\System\zepxEjt.exe
  2⤵
  PID:3232
- C:\Windows\System\GsKQael.exe
  C:\Windows\System\GsKQael.exe
  2⤵
  PID:3252
- C:\Windows\System\KXnMDfk.exe
  C:\Windows\System\KXnMDfk.exe
  2⤵
  PID:3312
- C:\Windows\System\FuWUYJp.exe
  C:\Windows\System\FuWUYJp.exe
  2⤵
  PID:3356
- C:\Windows\System\mRQVLwd.exe
  C:\Windows\System\mRQVLwd.exe
  2⤵
  PID:3388
- C:\Windows\System\GMRxmRm.exe
  C:\Windows\System\GMRxmRm.exe
  2⤵
  PID:3408
- C:\Windows\System\CAypOfV.exe
  C:\Windows\System\CAypOfV.exe
  2⤵
  PID:3412
- C:\Windows\System\AYKSTUX.exe
  C:\Windows\System\AYKSTUX.exe
  2⤵
  PID:3456
- C:\Windows\System\KuzdlrP.exe
  C:\Windows\System\KuzdlrP.exe
  2⤵
  PID:3496
- C:\Windows\System\gGogpkT.exe
  C:\Windows\System\gGogpkT.exe
  2⤵
  PID:3564
- C:\Windows\System\vyuQgQi.exe
  C:\Windows\System\vyuQgQi.exe
  2⤵
  PID:3604
- C:\Windows\System\KnJkAyT.exe
  C:\Windows\System\KnJkAyT.exe
  2⤵
  PID:3636
- C:\Windows\System\lXWvtaS.exe
  C:\Windows\System\lXWvtaS.exe
  2⤵
  PID:3676
- C:\Windows\System\KBKyfeD.exe
  C:\Windows\System\KBKyfeD.exe
  2⤵
  PID:3660
- C:\Windows\System\gHarZyj.exe
  C:\Windows\System\gHarZyj.exe
  2⤵
  PID:3700
- C:\Windows\System\yDofGsi.exe
  C:\Windows\System\yDofGsi.exe
  2⤵
  PID:3796
- C:\Windows\System\YtrXael.exe
  C:\Windows\System\YtrXael.exe
  2⤵
  PID:3736
- C:\Windows\System\XeMdXQc.exe
  C:\Windows\System\XeMdXQc.exe
  2⤵
  PID:3836
- C:\Windows\System\XweKtaM.exe
  C:\Windows\System\XweKtaM.exe
  2⤵
  PID:3820
- C:\Windows\System\tjOmwNX.exe
  C:\Windows\System\tjOmwNX.exe
  2⤵
  PID:3924
- C:\Windows\System\nupAtJR.exe
  C:\Windows\System\nupAtJR.exe
  2⤵
  PID:3860
- C:\Windows\System\RvxEPQQ.exe
  C:\Windows\System\RvxEPQQ.exe
  2⤵
  PID:3936
- C:\Windows\System\EDjRgAn.exe
  C:\Windows\System\EDjRgAn.exe
  2⤵
  PID:4004
- C:\Windows\System\UKIzcaE.exe
  C:\Windows\System\UKIzcaE.exe
  2⤵
  PID:3984
- C:\Windows\System\IEfTvcD.exe
  C:\Windows\System\IEfTvcD.exe
  2⤵
  PID:4020
- C:\Windows\System\QHDchfq.exe
  C:\Windows\System\QHDchfq.exe
  2⤵
  PID:4080
- C:\Windows\System\qCKOCNE.exe
  C:\Windows\System\qCKOCNE.exe
  2⤵
  PID:1888
- C:\Windows\System\nUVtNVZ.exe
  C:\Windows\System\nUVtNVZ.exe
  2⤵
  PID:1536
- C:\Windows\System\JgcLMel.exe
  C:\Windows\System\JgcLMel.exe
  2⤵
  PID:1712
- C:\Windows\System\EwMFLmj.exe
  C:\Windows\System\EwMFLmj.exe
  2⤵
  PID:1984
- C:\Windows\System\Xxrqgpc.exe
  C:\Windows\System\Xxrqgpc.exe
  2⤵
  PID:696
- C:\Windows\System\rmdCpaA.exe
  C:\Windows\System\rmdCpaA.exe
  2⤵
  PID:1508
- C:\Windows\System\RMznXQX.exe
  C:\Windows\System\RMznXQX.exe
  2⤵
  PID:1844
- C:\Windows\System\yYkDpej.exe
  C:\Windows\System\yYkDpej.exe
  2⤵
  PID:3148
- C:\Windows\System\HVQpzZQ.exe
  C:\Windows\System\HVQpzZQ.exe
  2⤵
  PID:3168
- C:\Windows\System\FnVhihz.exe
  C:\Windows\System\FnVhihz.exe
  2⤵
  PID:3228
- C:\Windows\System\vzinTLa.exe
  C:\Windows\System\vzinTLa.exe
  2⤵
  PID:3316
- C:\Windows\System\sHXBZLz.exe
  C:\Windows\System\sHXBZLz.exe
  2⤵
  PID:3348
- C:\Windows\System\EAghpBU.exe
  C:\Windows\System\EAghpBU.exe
  2⤵
  PID:3436
- C:\Windows\System\uneNAEz.exe
  C:\Windows\System\uneNAEz.exe
  2⤵
  PID:3460
- C:\Windows\System\sLAaFyS.exe
  C:\Windows\System\sLAaFyS.exe
  2⤵
  PID:3520
- C:\Windows\System\dQcgjWS.exe
  C:\Windows\System\dQcgjWS.exe
  2⤵
  PID:3540
- C:\Windows\System\LyWwzzI.exe
  C:\Windows\System\LyWwzzI.exe
  2⤵
  PID:3640
- C:\Windows\System\oioThwG.exe
  C:\Windows\System\oioThwG.exe
  2⤵
  PID:3664
- C:\Windows\System\jDjnZVO.exe
  C:\Windows\System\jDjnZVO.exe
  2⤵
  PID:3792
- C:\Windows\System\nHOviAM.exe
  C:\Windows\System\nHOviAM.exe
  2⤵
  PID:3740
- C:\Windows\System\uxXsKmM.exe
  C:\Windows\System\uxXsKmM.exe
  2⤵
  PID:3884
- C:\Windows\System\aDBTEDr.exe
  C:\Windows\System\aDBTEDr.exe
  2⤵
  PID:3864
- C:\Windows\System\RRMoVKS.exe
  C:\Windows\System\RRMoVKS.exe
  2⤵
  PID:3956
- C:\Windows\System\rVBbkdh.exe
  C:\Windows\System\rVBbkdh.exe
  2⤵
  PID:4024
- C:\Windows\System\HgKJHoa.exe
  C:\Windows\System\HgKJHoa.exe
  2⤵
  PID:4068
- C:\Windows\System\ysUptgL.exe
  C:\Windows\System\ysUptgL.exe
  2⤵
  PID:684
- C:\Windows\System\KvYwxoa.exe
  C:\Windows\System\KvYwxoa.exe
  2⤵
  PID:1676
- C:\Windows\System\RrZAnmk.exe
  C:\Windows\System\RrZAnmk.exe
  2⤵
  PID:652
- C:\Windows\System\oXpUFvh.exe
  C:\Windows\System\oXpUFvh.exe
  2⤵
  PID:2564
- C:\Windows\System\dGNueUR.exe
  C:\Windows\System\dGNueUR.exe
  2⤵
  PID:3092
- C:\Windows\System\pAzmPZZ.exe
  C:\Windows\System\pAzmPZZ.exe
  2⤵
  PID:3256
- C:\Windows\System\tahaKTA.exe
  C:\Windows\System\tahaKTA.exe
  2⤵
  PID:3440
- C:\Windows\System\lWrCmxD.exe
  C:\Windows\System\lWrCmxD.exe
  2⤵
  PID:3396
- C:\Windows\System\OwpMxHl.exe
  C:\Windows\System\OwpMxHl.exe
  2⤵
  PID:3504
- C:\Windows\System\rTESeqc.exe
  C:\Windows\System\rTESeqc.exe
  2⤵
  PID:3536
- C:\Windows\System\mkByQgq.exe
  C:\Windows\System\mkByQgq.exe
  2⤵
  PID:3724
- C:\Windows\System\FeaNwnu.exe
  C:\Windows\System\FeaNwnu.exe
  2⤵
  PID:3704
- C:\Windows\System\fDgMmMD.exe
  C:\Windows\System\fDgMmMD.exe
  2⤵
  PID:2528
- C:\Windows\System\VrsxQIc.exe
  C:\Windows\System\VrsxQIc.exe
  2⤵
  PID:3880
- C:\Windows\System\YWKJtRM.exe
  C:\Windows\System\YWKJtRM.exe
  2⤵
  PID:4064
- C:\Windows\System\quBSKFz.exe
  C:\Windows\System\quBSKFz.exe
  2⤵
  PID:1868
- C:\Windows\System\SdvPSNE.exe
  C:\Windows\System\SdvPSNE.exe
  2⤵
  PID:3116
- C:\Windows\System\xgaqUCJ.exe
  C:\Windows\System\xgaqUCJ.exe
  2⤵
  PID:1684
- C:\Windows\System\LNvCKJC.exe
  C:\Windows\System\LNvCKJC.exe
  2⤵
  PID:4100
- C:\Windows\System\GCIOWAN.exe
  C:\Windows\System\GCIOWAN.exe
  2⤵
  PID:4120
- C:\Windows\System\QsfJVHZ.exe
  C:\Windows\System\QsfJVHZ.exe
  2⤵
  PID:4140
- C:\Windows\System\EcRRrKw.exe
  C:\Windows\System\EcRRrKw.exe
  2⤵
  PID:4160
- C:\Windows\System\kKHJoTt.exe
  C:\Windows\System\kKHJoTt.exe
  2⤵
  PID:4180
- C:\Windows\System\QkrbjGA.exe
  C:\Windows\System\QkrbjGA.exe
  2⤵
  PID:4200
- C:\Windows\System\nYxxGNH.exe
  C:\Windows\System\nYxxGNH.exe
  2⤵
  PID:4220
- C:\Windows\System\iGzKvGm.exe
  C:\Windows\System\iGzKvGm.exe
  2⤵
  PID:4240
- C:\Windows\System\JmKibTZ.exe
  C:\Windows\System\JmKibTZ.exe
  2⤵
  PID:4260
- C:\Windows\System\IuBwjcS.exe
  C:\Windows\System\IuBwjcS.exe
  2⤵
  PID:4280
- C:\Windows\System\ZICJxFQ.exe
  C:\Windows\System\ZICJxFQ.exe
  2⤵
  PID:4300
- C:\Windows\System\NfRhBrE.exe
  C:\Windows\System\NfRhBrE.exe
  2⤵
  PID:4324
- C:\Windows\System\DscGVuv.exe
  C:\Windows\System\DscGVuv.exe
  2⤵
  PID:4344
- C:\Windows\System\rRyquBW.exe
  C:\Windows\System\rRyquBW.exe
  2⤵
  PID:4364
- C:\Windows\System\LhBgKDf.exe
  C:\Windows\System\LhBgKDf.exe
  2⤵
  PID:4384
- C:\Windows\System\swKsMdQ.exe
  C:\Windows\System\swKsMdQ.exe
  2⤵
  PID:4404
- C:\Windows\System\kJiqSIp.exe
  C:\Windows\System\kJiqSIp.exe
  2⤵
  PID:4424
- C:\Windows\System\qkpEsuk.exe
  C:\Windows\System\qkpEsuk.exe
  2⤵
  PID:4444
- C:\Windows\System\nextFDq.exe
  C:\Windows\System\nextFDq.exe
  2⤵
  PID:4464
- C:\Windows\System\RIZOgQG.exe
  C:\Windows\System\RIZOgQG.exe
  2⤵
  PID:4484
- C:\Windows\System\LvOKIdV.exe
  C:\Windows\System\LvOKIdV.exe
  2⤵
  PID:4504
- C:\Windows\System\bFrLhnX.exe
  C:\Windows\System\bFrLhnX.exe
  2⤵
  PID:4524
- C:\Windows\System\fLtJDdi.exe
  C:\Windows\System\fLtJDdi.exe
  2⤵
  PID:4544
- C:\Windows\System\RXFaIsM.exe
  C:\Windows\System\RXFaIsM.exe
  2⤵
  PID:4564
- C:\Windows\System\XDEoLAL.exe
  C:\Windows\System\XDEoLAL.exe
  2⤵
  PID:4584
- C:\Windows\System\xsehJgS.exe
  C:\Windows\System\xsehJgS.exe
  2⤵
  PID:4604
- C:\Windows\System\oqKsTRZ.exe
  C:\Windows\System\oqKsTRZ.exe
  2⤵
  PID:4624
- C:\Windows\System\mGTkyTo.exe
  C:\Windows\System\mGTkyTo.exe
  2⤵
  PID:4644
- C:\Windows\System\HkOvEVN.exe
  C:\Windows\System\HkOvEVN.exe
  2⤵
  PID:4664
- C:\Windows\System\mxUijPu.exe
  C:\Windows\System\mxUijPu.exe
  2⤵
  PID:4684
- C:\Windows\System\BnEtfXT.exe
  C:\Windows\System\BnEtfXT.exe
  2⤵
  PID:4704
- C:\Windows\System\rikkGaT.exe
  C:\Windows\System\rikkGaT.exe
  2⤵
  PID:4724
- C:\Windows\System\PFiTUeB.exe
  C:\Windows\System\PFiTUeB.exe
  2⤵
  PID:4744
- C:\Windows\System\EkEaqyk.exe
  C:\Windows\System\EkEaqyk.exe
  2⤵
  PID:4764
- C:\Windows\System\pVeCiCs.exe
  C:\Windows\System\pVeCiCs.exe
  2⤵
  PID:4784
- C:\Windows\System\Xjdystr.exe
  C:\Windows\System\Xjdystr.exe
  2⤵
  PID:4804
- C:\Windows\System\KQOaMqU.exe
  C:\Windows\System\KQOaMqU.exe
  2⤵
  PID:4824
- C:\Windows\System\ihKFcHH.exe
  C:\Windows\System\ihKFcHH.exe
  2⤵
  PID:4848
- C:\Windows\System\hlPnJHD.exe
  C:\Windows\System\hlPnJHD.exe
  2⤵
  PID:4868
- C:\Windows\System\cEbVDQk.exe
  C:\Windows\System\cEbVDQk.exe
  2⤵
  PID:4888
- C:\Windows\System\zfVfElP.exe
  C:\Windows\System\zfVfElP.exe
  2⤵
  PID:4908
- C:\Windows\System\UUUDsHg.exe
  C:\Windows\System\UUUDsHg.exe
  2⤵
  PID:4928
- C:\Windows\System\PZXmKdm.exe
  C:\Windows\System\PZXmKdm.exe
  2⤵
  PID:4948
- C:\Windows\System\QxrHHFm.exe
  C:\Windows\System\QxrHHFm.exe
  2⤵
  PID:4968
- C:\Windows\System\DlbviGX.exe
  C:\Windows\System\DlbviGX.exe
  2⤵
  PID:4988
- C:\Windows\System\XjIdgev.exe
  C:\Windows\System\XjIdgev.exe
  2⤵
  PID:5008
- C:\Windows\System\eIUyqwV.exe
  C:\Windows\System\eIUyqwV.exe
  2⤵
  PID:5028
- C:\Windows\System\cJBAaxm.exe
  C:\Windows\System\cJBAaxm.exe
  2⤵
  PID:5048
- C:\Windows\System\WqUgNMr.exe
  C:\Windows\System\WqUgNMr.exe
  2⤵
  PID:5068
- C:\Windows\System\PmVnNJK.exe
  C:\Windows\System\PmVnNJK.exe
  2⤵
  PID:5088
- C:\Windows\System\aAUIPoi.exe
  C:\Windows\System\aAUIPoi.exe
  2⤵
  PID:5108
- C:\Windows\System\GzgxKJM.exe
  C:\Windows\System\GzgxKJM.exe
  2⤵
  PID:3368
- C:\Windows\System\WjwkrvV.exe
  C:\Windows\System\WjwkrvV.exe
  2⤵
  PID:3552
- C:\Windows\System\LxocTwc.exe
  C:\Windows\System\LxocTwc.exe
  2⤵
  PID:2896
- C:\Windows\System\DnsPdfr.exe
  C:\Windows\System\DnsPdfr.exe
  2⤵
  PID:3720
- C:\Windows\System\rcYkbvi.exe
  C:\Windows\System\rcYkbvi.exe
  2⤵
  PID:3900
- C:\Windows\System\BqchyeR.exe
  C:\Windows\System\BqchyeR.exe
  2⤵
  PID:2060
- C:\Windows\System\ljOOrcO.exe
  C:\Windows\System\ljOOrcO.exe
  2⤵
  PID:3188
- C:\Windows\System\pENqmLi.exe
  C:\Windows\System\pENqmLi.exe
  2⤵
  PID:3212
- C:\Windows\System\MeEoepC.exe
  C:\Windows\System\MeEoepC.exe
  2⤵
  PID:4128
- C:\Windows\System\IoFnAnp.exe
  C:\Windows\System\IoFnAnp.exe
  2⤵
  PID:4152
- C:\Windows\System\jUOVKqB.exe
  C:\Windows\System\jUOVKqB.exe
  2⤵
  PID:4196
- C:\Windows\System\leWpmwu.exe
  C:\Windows\System\leWpmwu.exe
  2⤵
  PID:4228
- C:\Windows\System\vSMQxjj.exe
  C:\Windows\System\vSMQxjj.exe
  2⤵
  PID:4252
- C:\Windows\System\sFHmABL.exe
  C:\Windows\System\sFHmABL.exe
  2⤵
  PID:4316
- C:\Windows\System\eeCagNl.exe
  C:\Windows\System\eeCagNl.exe
  2⤵
  PID:2576
- C:\Windows\System\OURcnUU.exe
  C:\Windows\System\OURcnUU.exe
  2⤵
  PID:4336
- C:\Windows\System\LQUEMZW.exe
  C:\Windows\System\LQUEMZW.exe
  2⤵
  PID:4392
- C:\Windows\System\SOoDbPQ.exe
  C:\Windows\System\SOoDbPQ.exe
  2⤵
  PID:4416
- C:\Windows\System\oXnsTnk.exe
  C:\Windows\System\oXnsTnk.exe
  2⤵
  PID:4452
- C:\Windows\System\QialIIE.exe
  C:\Windows\System\QialIIE.exe
  2⤵
  PID:4476
- C:\Windows\System\jdNitsf.exe
  C:\Windows\System\jdNitsf.exe
  2⤵
  PID:4496
- C:\Windows\System\Cljdnwo.exe
  C:\Windows\System\Cljdnwo.exe
  2⤵
  PID:4560
- C:\Windows\System\QCnBEPY.exe
  C:\Windows\System\QCnBEPY.exe
  2⤵
  PID:4576
- C:\Windows\System\zFDUGsU.exe
  C:\Windows\System\zFDUGsU.exe
  2⤵
  PID:4612
- C:\Windows\System\iUFZegq.exe
  C:\Windows\System\iUFZegq.exe
  2⤵
  PID:2544
- C:\Windows\System\KrXJsWA.exe
  C:\Windows\System\KrXJsWA.exe
  2⤵
  PID:4656
- C:\Windows\System\yeakfWl.exe
  C:\Windows\System\yeakfWl.exe
  2⤵
  PID:2816
- C:\Windows\System\RRaGCtP.exe
  C:\Windows\System\RRaGCtP.exe
  2⤵
  PID:2596
- C:\Windows\System\HGfJUDJ.exe
  C:\Windows\System\HGfJUDJ.exe
  2⤵
  PID:4760
- C:\Windows\System\TaWsTNy.exe
  C:\Windows\System\TaWsTNy.exe
  2⤵
  PID:4792
- C:\Windows\System\iawHuoo.exe
  C:\Windows\System\iawHuoo.exe
  2⤵
  PID:4820
- C:\Windows\System\wGOVHGZ.exe
  C:\Windows\System\wGOVHGZ.exe
  2⤵
  PID:3060
- C:\Windows\System\naAogUI.exe
  C:\Windows\System\naAogUI.exe
  2⤵
  PID:4880
- C:\Windows\System\ZgVlURW.exe
  C:\Windows\System\ZgVlURW.exe
  2⤵
  PID:4900
- C:\Windows\System\eVwlxkE.exe
  C:\Windows\System\eVwlxkE.exe
  2⤵
  PID:4944
- C:\Windows\System\woanwlr.exe
  C:\Windows\System\woanwlr.exe
  2⤵
  PID:4984
- C:\Windows\System\cWXjKxS.exe
  C:\Windows\System\cWXjKxS.exe
  2⤵
  PID:5024
- C:\Windows\System\aZKmGKG.exe
  C:\Windows\System\aZKmGKG.exe
  2⤵
  PID:5056
- C:\Windows\System\byLDUbI.exe
  C:\Windows\System\byLDUbI.exe
  2⤵
  PID:5060
- C:\Windows\System\EPGOteM.exe
  C:\Windows\System\EPGOteM.exe
  2⤵
  PID:3376
- C:\Windows\System\LfgcgrY.exe
  C:\Windows\System\LfgcgrY.exe
  2⤵
  PID:3332
- C:\Windows\System\XYbDjqU.exe
  C:\Windows\System\XYbDjqU.exe
  2⤵
  PID:3760
- C:\Windows\System\PeQQfiq.exe
  C:\Windows\System\PeQQfiq.exe
  2⤵
  PID:2004
- C:\Windows\System\ShUpWVL.exe
  C:\Windows\System\ShUpWVL.exe
  2⤵
  PID:1892
- C:\Windows\System\fNiamIN.exe
  C:\Windows\System\fNiamIN.exe
  2⤵
  PID:4108
- C:\Windows\System\zBjpack.exe
  C:\Windows\System\zBjpack.exe
  2⤵
  PID:4156
- C:\Windows\System\dnqJmrz.exe
  C:\Windows\System\dnqJmrz.exe
  2⤵
  PID:4176
- C:\Windows\System\DoBIVdm.exe
  C:\Windows\System\DoBIVdm.exe
  2⤵
  PID:4212
- C:\Windows\System\GWvYmEx.exe
  C:\Windows\System\GWvYmEx.exe
  2⤵
  PID:4308
- C:\Windows\System\mIPwGcd.exe
  C:\Windows\System\mIPwGcd.exe
  2⤵
  PID:4292
- C:\Windows\System\STZCHZf.exe
  C:\Windows\System\STZCHZf.exe
  2⤵
  PID:2988
- C:\Windows\System\vbffUHf.exe
  C:\Windows\System\vbffUHf.exe
  2⤵
  PID:4420
- C:\Windows\System\UVKTWlg.exe
  C:\Windows\System\UVKTWlg.exe
  2⤵
  PID:4480
- C:\Windows\System\vkJZZKd.exe
  C:\Windows\System\vkJZZKd.exe
  2⤵
  PID:4516
- C:\Windows\System\eOuivwI.exe
  C:\Windows\System\eOuivwI.exe
  2⤵
  PID:4552
- C:\Windows\System\eesGMWC.exe
  C:\Windows\System\eesGMWC.exe
  2⤵
  PID:4616
- C:\Windows\System\LmQVAZr.exe
  C:\Windows\System\LmQVAZr.exe
  2⤵
  PID:4660
- C:\Windows\System\xJfMhOr.exe
  C:\Windows\System\xJfMhOr.exe
  2⤵
  PID:4736
- C:\Windows\System\Eatleet.exe
  C:\Windows\System\Eatleet.exe
  2⤵
  PID:4772
- C:\Windows\System\LVhNCMH.exe
  C:\Windows\System\LVhNCMH.exe
  2⤵
  PID:2592
- C:\Windows\System\hOieYEc.exe
  C:\Windows\System\hOieYEc.exe
  2⤵
  PID:4836
- C:\Windows\System\AQsTVed.exe
  C:\Windows\System\AQsTVed.exe
  2⤵
  PID:4904
- C:\Windows\System\bATBlrG.exe
  C:\Windows\System\bATBlrG.exe
  2⤵
  PID:5016
- C:\Windows\System\viLSteE.exe
  C:\Windows\System\viLSteE.exe
  2⤵
  PID:5020
- C:\Windows\System\VFmOvZC.exe
  C:\Windows\System\VFmOvZC.exe
  2⤵
  PID:5084
- C:\Windows\System\iMjMloq.exe
  C:\Windows\System\iMjMloq.exe
  2⤵
  PID:5116
- C:\Windows\System\DoQnCeZ.exe
  C:\Windows\System\DoQnCeZ.exe
  2⤵
  PID:2884
- C:\Windows\System\oPgGLvY.exe
  C:\Windows\System\oPgGLvY.exe
  2⤵
  PID:4636
- C:\Windows\System\pdPTFqf.exe
  C:\Windows\System\pdPTFqf.exe
  2⤵
  PID:2836
- C:\Windows\System\oHRLnko.exe
  C:\Windows\System\oHRLnko.exe
  2⤵
  PID:4112
- C:\Windows\System\KKvmGdW.exe
  C:\Windows\System\KKvmGdW.exe
  2⤵
  PID:4276
- C:\Windows\System\WEtlCdy.exe
  C:\Windows\System\WEtlCdy.exe
  2⤵
  PID:2224
- C:\Windows\System\YsrVnPx.exe
  C:\Windows\System\YsrVnPx.exe
  2⤵
  PID:4360
- C:\Windows\System\QjbnguL.exe
  C:\Windows\System\QjbnguL.exe
  2⤵
  PID:3976
- C:\Windows\System\gUImXsD.exe
  C:\Windows\System\gUImXsD.exe
  2⤵
  PID:1388
- C:\Windows\System\MVHuwUL.exe
  C:\Windows\System\MVHuwUL.exe
  2⤵
  PID:4512
- C:\Windows\System\DNmuDJS.exe
  C:\Windows\System\DNmuDJS.exe
  2⤵
  PID:4632
- C:\Windows\System\zqBQVeT.exe
  C:\Windows\System\zqBQVeT.exe
  2⤵
  PID:4712
- C:\Windows\System\jgblhaA.exe
  C:\Windows\System\jgblhaA.exe
  2⤵
  PID:4812
- C:\Windows\System\nclZivx.exe
  C:\Windows\System\nclZivx.exe
  2⤵
  PID:4884
- C:\Windows\System\jepvbEP.exe
  C:\Windows\System\jepvbEP.exe
  2⤵
  PID:5004
- C:\Windows\System\MuGaUCe.exe
  C:\Windows\System\MuGaUCe.exe
  2⤵
  PID:4960
- C:\Windows\System\qViivvZ.exe
  C:\Windows\System\qViivvZ.exe
  2⤵
  PID:5076
- C:\Windows\System\Gzdcorc.exe
  C:\Windows\System\Gzdcorc.exe
  2⤵
  PID:2964
- C:\Windows\System\WkqXkUZ.exe
  C:\Windows\System\WkqXkUZ.exe
  2⤵
  PID:4840
- C:\Windows\System\vyWcRJm.exe
  C:\Windows\System\vyWcRJm.exe
  2⤵
  PID:444
- C:\Windows\System\sIeJPuV.exe
  C:\Windows\System\sIeJPuV.exe
  2⤵
  PID:4172
- C:\Windows\System\YPtcGeF.exe
  C:\Windows\System\YPtcGeF.exe
  2⤵
  PID:4148
- C:\Windows\System\MHLpNOR.exe
  C:\Windows\System\MHLpNOR.exe
  2⤵
  PID:4208
- C:\Windows\System\oBNszAL.exe
  C:\Windows\System\oBNszAL.exe
  2⤵
  PID:264
- C:\Windows\System\jHVzdRe.exe
  C:\Windows\System\jHVzdRe.exe
  2⤵
  PID:4500
- C:\Windows\System\oronyjf.exe
  C:\Windows\System\oronyjf.exe
  2⤵
  PID:4796
- C:\Windows\System\qjsbkHM.exe
  C:\Windows\System\qjsbkHM.exe
  2⤵
  PID:2972
- C:\Windows\System\QhLYfJS.exe
  C:\Windows\System\QhLYfJS.exe
  2⤵
  PID:4864
- C:\Windows\System\WzVtjKc.exe
  C:\Windows\System\WzVtjKc.exe
  2⤵
  PID:1880
- C:\Windows\System\sSnfRwH.exe
  C:\Windows\System\sSnfRwH.exe
  2⤵
  PID:5104
- C:\Windows\System\OPpFHwO.exe
  C:\Windows\System\OPpFHwO.exe
  2⤵
  PID:3840
- C:\Windows\System\aVHBAnl.exe
  C:\Windows\System\aVHBAnl.exe
  2⤵
  PID:4376
- C:\Windows\System\zwosOCr.exe
  C:\Windows\System\zwosOCr.exe
  2⤵
  PID:4556
- C:\Windows\System\JIeZgSo.exe
  C:\Windows\System\JIeZgSo.exe
  2⤵
  PID:4572
- C:\Windows\System\WtAUMXh.exe
  C:\Windows\System\WtAUMXh.exe
  2⤵
  PID:5080
- C:\Windows\System\CIpHIIF.exe
  C:\Windows\System\CIpHIIF.exe
  2⤵
  PID:4916
- C:\Windows\System\GKxRmGe.exe
  C:\Windows\System\GKxRmGe.exe
  2⤵
  PID:2668
- C:\Windows\System\WbSCYFB.exe
  C:\Windows\System\WbSCYFB.exe
  2⤵
  PID:1664
- C:\Windows\System\VtTcoaA.exe
  C:\Windows\System\VtTcoaA.exe
  2⤵
  PID:5100
- C:\Windows\System\mgblzZh.exe
  C:\Windows\System\mgblzZh.exe
  2⤵
  PID:4716
- C:\Windows\System\jYrzAww.exe
  C:\Windows\System\jYrzAww.exe
  2⤵
  PID:4596
- C:\Windows\System\fFBfUrH.exe
  C:\Windows\System\fFBfUrH.exe
  2⤵
  PID:5128
- C:\Windows\System\xUAhyDx.exe
  C:\Windows\System\xUAhyDx.exe
  2⤵
  PID:5148
- C:\Windows\System\Lzdhyvi.exe
  C:\Windows\System\Lzdhyvi.exe
  2⤵
  PID:5168
- C:\Windows\System\KoBEtgO.exe
  C:\Windows\System\KoBEtgO.exe
  2⤵
  PID:5188
- C:\Windows\System\XOfQsLZ.exe
  C:\Windows\System\XOfQsLZ.exe
  2⤵
  PID:5208
- C:\Windows\System\CruyibB.exe
  C:\Windows\System\CruyibB.exe
  2⤵
  PID:5228
- C:\Windows\System\wMVAELH.exe
  C:\Windows\System\wMVAELH.exe
  2⤵
  PID:5248
- C:\Windows\System\uttRVNZ.exe
  C:\Windows\System\uttRVNZ.exe
  2⤵
  PID:5268
- C:\Windows\System\ujQxVWa.exe
  C:\Windows\System\ujQxVWa.exe
  2⤵
  PID:5288
- C:\Windows\System\yHZrRoi.exe
  C:\Windows\System\yHZrRoi.exe
  2⤵
  PID:5308
- C:\Windows\System\IUjQYnS.exe
  C:\Windows\System\IUjQYnS.exe
  2⤵
  PID:5328
- C:\Windows\System\ZqaXaNw.exe
  C:\Windows\System\ZqaXaNw.exe
  2⤵
  PID:5348
- C:\Windows\System\crRPDoJ.exe
  C:\Windows\System\crRPDoJ.exe
  2⤵
  PID:5368
- C:\Windows\System\vLOPnMX.exe
  C:\Windows\System\vLOPnMX.exe
  2⤵
  PID:5388
- C:\Windows\System\iGUWtvk.exe
  C:\Windows\System\iGUWtvk.exe
  2⤵
  PID:5408
- C:\Windows\System\JhuWsUV.exe
  C:\Windows\System\JhuWsUV.exe
  2⤵
  PID:5428
- C:\Windows\System\lwcfNUE.exe
  C:\Windows\System\lwcfNUE.exe
  2⤵
  PID:5448
- C:\Windows\System\ZAHwbhE.exe
  C:\Windows\System\ZAHwbhE.exe
  2⤵
  PID:5468
- C:\Windows\System\igypYRH.exe
  C:\Windows\System\igypYRH.exe
  2⤵
  PID:5488
- C:\Windows\System\DbbLvNG.exe
  C:\Windows\System\DbbLvNG.exe
  2⤵
  PID:5508
- C:\Windows\System\eFyObHk.exe
  C:\Windows\System\eFyObHk.exe
  2⤵
  PID:5528
- C:\Windows\System\cgeXzik.exe
  C:\Windows\System\cgeXzik.exe
  2⤵
  PID:5548
- C:\Windows\System\YhpdwvW.exe
  C:\Windows\System\YhpdwvW.exe
  2⤵
  PID:5568
- C:\Windows\System\WogGdqd.exe
  C:\Windows\System\WogGdqd.exe
  2⤵
  PID:5588
- C:\Windows\System\xiyTUwE.exe
  C:\Windows\System\xiyTUwE.exe
  2⤵
  PID:5608
- C:\Windows\System\HCuXLEA.exe
  C:\Windows\System\HCuXLEA.exe
  2⤵
  PID:5628
- C:\Windows\System\NdnzGSD.exe
  C:\Windows\System\NdnzGSD.exe
  2⤵
  PID:5652
- C:\Windows\System\jfOxbCF.exe
  C:\Windows\System\jfOxbCF.exe
  2⤵
  PID:5672
- C:\Windows\System\eNdVfpD.exe
  C:\Windows\System\eNdVfpD.exe
  2⤵
  PID:5692
- C:\Windows\System\UvaeXoz.exe
  C:\Windows\System\UvaeXoz.exe
  2⤵
  PID:5712
- C:\Windows\System\hZavFgf.exe
  C:\Windows\System\hZavFgf.exe
  2⤵
  PID:5732
- C:\Windows\System\jDJIYNM.exe
  C:\Windows\System\jDJIYNM.exe
  2⤵
  PID:5752
- C:\Windows\System\XmOONUZ.exe
  C:\Windows\System\XmOONUZ.exe
  2⤵
  PID:5772
- C:\Windows\System\mUsCOiX.exe
  C:\Windows\System\mUsCOiX.exe
  2⤵
  PID:5792
- C:\Windows\System\NJUelSb.exe
  C:\Windows\System\NJUelSb.exe
  2⤵
  PID:5812
- C:\Windows\System\lchXlQK.exe
  C:\Windows\System\lchXlQK.exe
  2⤵
  PID:5832
- C:\Windows\System\PIabesT.exe
  C:\Windows\System\PIabesT.exe
  2⤵
  PID:5852
- C:\Windows\System\ruHcNXQ.exe
  C:\Windows\System\ruHcNXQ.exe
  2⤵
  PID:5872
- C:\Windows\System\TufWJfF.exe
  C:\Windows\System\TufWJfF.exe
  2⤵
  PID:5892
- C:\Windows\System\qXRRZAQ.exe
  C:\Windows\System\qXRRZAQ.exe
  2⤵
  PID:5912
- C:\Windows\System\tCtafLX.exe
  C:\Windows\System\tCtafLX.exe
  2⤵
  PID:5932
- C:\Windows\System\koXGcOO.exe
  C:\Windows\System\koXGcOO.exe
  2⤵
  PID:5952
- C:\Windows\System\cRvVGyv.exe
  C:\Windows\System\cRvVGyv.exe
  2⤵
  PID:5972
- C:\Windows\System\KZWwBNP.exe
  C:\Windows\System\KZWwBNP.exe
  2⤵
  PID:5992
- C:\Windows\System\nwlVQVk.exe
  C:\Windows\System\nwlVQVk.exe
  2⤵
  PID:6012
- C:\Windows\System\OkyXoba.exe
  C:\Windows\System\OkyXoba.exe
  2⤵
  PID:6032
- C:\Windows\System\cjcBXlr.exe
  C:\Windows\System\cjcBXlr.exe
  2⤵
  PID:6048
- C:\Windows\System\zYATnjd.exe
  C:\Windows\System\zYATnjd.exe
  2⤵
  PID:6072
- C:\Windows\System\kAwivpG.exe
  C:\Windows\System\kAwivpG.exe
  2⤵
  PID:6092
- C:\Windows\System\SRhKhdw.exe
  C:\Windows\System\SRhKhdw.exe
  2⤵
  PID:6112
- C:\Windows\System\oWdYtGS.exe
  C:\Windows\System\oWdYtGS.exe
  2⤵
  PID:6132
- C:\Windows\System\uBEmmUf.exe
  C:\Windows\System\uBEmmUf.exe
  2⤵
  PID:4312
- C:\Windows\System\aynVXzm.exe
  C:\Windows\System\aynVXzm.exe
  2⤵
  PID:4436
- C:\Windows\System\ZhAFIVg.exe
  C:\Windows\System\ZhAFIVg.exe
  2⤵
  PID:5136
- C:\Windows\System\SmFzRkF.exe
  C:\Windows\System\SmFzRkF.exe
  2⤵
  PID:5140
- C:\Windows\System\wsgFbrD.exe
  C:\Windows\System\wsgFbrD.exe
  2⤵
  PID:5160
- C:\Windows\System\zlyCvqo.exe
  C:\Windows\System\zlyCvqo.exe
  2⤵
  PID:5220
- C:\Windows\System\blFHCUS.exe
  C:\Windows\System\blFHCUS.exe
  2⤵
  PID:5244
- C:\Windows\System\XFGnQer.exe
  C:\Windows\System\XFGnQer.exe
  2⤵
  PID:5296
- C:\Windows\System\dJlpWFT.exe
  C:\Windows\System\dJlpWFT.exe
  2⤵
  PID:5280
- C:\Windows\System\vwSKkWL.exe
  C:\Windows\System\vwSKkWL.exe
  2⤵
  PID:5316
- C:\Windows\System\oGAGHSg.exe
  C:\Windows\System\oGAGHSg.exe
  2⤵
  PID:5384
- C:\Windows\System\zxfcMxY.exe
  C:\Windows\System\zxfcMxY.exe
  2⤵
  PID:5396
- C:\Windows\System\lJFAycj.exe
  C:\Windows\System\lJFAycj.exe
  2⤵
  PID:5424
- C:\Windows\System\ZbFxAxW.exe
  C:\Windows\System\ZbFxAxW.exe
  2⤵
  PID:5460
- C:\Windows\System\lLhKPRb.exe
  C:\Windows\System\lLhKPRb.exe
  2⤵
  PID:5504
- C:\Windows\System\EQFgFhL.exe
  C:\Windows\System\EQFgFhL.exe
  2⤵
  PID:5536
- C:\Windows\System\fMOCqdd.exe
  C:\Windows\System\fMOCqdd.exe
  2⤵
  PID:5556
- C:\Windows\System\qwmwgDf.exe
  C:\Windows\System\qwmwgDf.exe
  2⤵
  PID:5580
- C:\Windows\System\iCPUJnW.exe
  C:\Windows\System\iCPUJnW.exe
  2⤵
  PID:5604
- C:\Windows\System\lsVscpL.exe
  C:\Windows\System\lsVscpL.exe
  2⤵
  PID:5648
- C:\Windows\System\gkgkprp.exe
  C:\Windows\System\gkgkprp.exe
  2⤵
  PID:5700
- C:\Windows\System\hVkDtpm.exe
  C:\Windows\System\hVkDtpm.exe
  2⤵
  PID:5740
- C:\Windows\System\bAfEgpt.exe
  C:\Windows\System\bAfEgpt.exe
  2⤵
  PID:5744
- C:\Windows\System\iGKJGVY.exe
  C:\Windows\System\iGKJGVY.exe
  2⤵
  PID:5764
- C:\Windows\System\RfTbnyP.exe
  C:\Windows\System\RfTbnyP.exe
  2⤵
  PID:5808
- C:\Windows\System\NNVhDpo.exe
  C:\Windows\System\NNVhDpo.exe
  2⤵
  PID:5868
- C:\Windows\System\kVunsYz.exe
  C:\Windows\System\kVunsYz.exe
  2⤵
  PID:5888
- C:\Windows\System\eOcxpWf.exe
  C:\Windows\System\eOcxpWf.exe
  2⤵
  PID:5920
- C:\Windows\System\YozlGEz.exe
  C:\Windows\System\YozlGEz.exe
  2⤵
  PID:5980
- C:\Windows\System\SyNpqYJ.exe
  C:\Windows\System\SyNpqYJ.exe
  2⤵
  PID:5984
- C:\Windows\System\HjTkuEV.exe
  C:\Windows\System\HjTkuEV.exe
  2⤵
  PID:6004
- C:\Windows\System\qmRmtUN.exe
  C:\Windows\System\qmRmtUN.exe
  2⤵
  PID:6068
- C:\Windows\System\QhsXowR.exe
  C:\Windows\System\QhsXowR.exe
  2⤵
  PID:6080
- C:\Windows\System\AbsfCdu.exe
  C:\Windows\System\AbsfCdu.exe
  2⤵
  PID:6084
- C:\Windows\System\jiDjeSB.exe
  C:\Windows\System\jiDjeSB.exe
  2⤵
  PID:6128
- C:\Windows\System\USnLjVj.exe
  C:\Windows\System\USnLjVj.exe
  2⤵
  PID:2792
- C:\Windows\System\AbsPQHe.exe
  C:\Windows\System\AbsPQHe.exe
  2⤵
  PID:5184
- C:\Windows\System\QyewQck.exe
  C:\Windows\System\QyewQck.exe
  2⤵
  PID:4044
- C:\Windows\System\GYswufw.exe
  C:\Windows\System\GYswufw.exe
  2⤵
  PID:5256
- C:\Windows\System\yVvnDwR.exe
  C:\Windows\System\yVvnDwR.exe
  2⤵
  PID:5276
- C:\Windows\System\lLDbvPo.exe
  C:\Windows\System\lLDbvPo.exe
  2⤵
  PID:5336
- C:\Windows\System\ItQGVnC.exe
  C:\Windows\System\ItQGVnC.exe
  2⤵
  PID:5364
- C:\Windows\System\FhMGlip.exe
  C:\Windows\System\FhMGlip.exe
  2⤵
  PID:5436
- C:\Windows\System\yTQMqoE.exe
  C:\Windows\System\yTQMqoE.exe
  2⤵
  PID:5496
- C:\Windows\System\RWhPCoS.exe
  C:\Windows\System\RWhPCoS.exe
  2⤵
  PID:5500
- C:\Windows\System\LlmxZhu.exe
  C:\Windows\System\LlmxZhu.exe
  2⤵
  PID:5584
- C:\Windows\System\gPlnpcJ.exe
  C:\Windows\System\gPlnpcJ.exe
  2⤵
  PID:5668
- C:\Windows\System\ZbxHzHj.exe
  C:\Windows\System\ZbxHzHj.exe
  2⤵
  PID:5684
- C:\Windows\System\nfFcPBx.exe
  C:\Windows\System\nfFcPBx.exe
  2⤵
  PID:5820
- C:\Windows\System\JVaSiLD.exe
  C:\Windows\System\JVaSiLD.exe
  2⤵
  PID:5784
- C:\Windows\System\TIHFpjw.exe
  C:\Windows\System\TIHFpjw.exe
  2⤵
  PID:5880
- C:\Windows\System\yWobCqN.exe
  C:\Windows\System\yWobCqN.exe
  2⤵
  PID:5900
- C:\Windows\System\SWoSqTo.exe
  C:\Windows\System\SWoSqTo.exe
  2⤵
  PID:6008
- C:\Windows\System\dsvkMWy.exe
  C:\Windows\System\dsvkMWy.exe
  2⤵
  PID:6000
- C:\Windows\System\MbbhwWD.exe
  C:\Windows\System\MbbhwWD.exe
  2⤵
  PID:2772
- C:\Windows\System\SKBiBAs.exe
  C:\Windows\System\SKBiBAs.exe
  2⤵
  PID:6108
- C:\Windows\System\DIwqtkA.exe
  C:\Windows\System\DIwqtkA.exe
  2⤵
  PID:5124
- C:\Windows\System\pGOIxLZ.exe
  C:\Windows\System\pGOIxLZ.exe
  2⤵
  PID:5216
- C:\Windows\System\FsDNNlc.exe
  C:\Windows\System\FsDNNlc.exe
  2⤵
  PID:5224
- C:\Windows\System\PqdfPTx.exe
  C:\Windows\System\PqdfPTx.exe
  2⤵
  PID:5264
- C:\Windows\System\ViSQmaa.exe
  C:\Windows\System\ViSQmaa.exe
  2⤵
  PID:5356
- C:\Windows\System\cHqdQfN.exe
  C:\Windows\System\cHqdQfN.exe
  2⤵
  PID:5520
- C:\Windows\System\eQFuuRS.exe
  C:\Windows\System\eQFuuRS.exe
  2⤵
  PID:5616
- C:\Windows\System\OlRfyuh.exe
  C:\Windows\System\OlRfyuh.exe
  2⤵
  PID:5596
- C:\Windows\System\veoukbL.exe
  C:\Windows\System\veoukbL.exe
  2⤵
  PID:5724
- C:\Windows\System\fTrMzNK.exe
  C:\Windows\System\fTrMzNK.exe
  2⤵
  PID:532
- C:\Windows\System\BWgdkBt.exe
  C:\Windows\System\BWgdkBt.exe
  2⤵
  PID:5760
- C:\Windows\System\MczqTOr.exe
  C:\Windows\System\MczqTOr.exe
  2⤵
  PID:6028
- C:\Windows\System\vvYOtyZ.exe
  C:\Windows\System\vvYOtyZ.exe
  2⤵
  PID:2656
- C:\Windows\System\WdlzAGM.exe
  C:\Windows\System\WdlzAGM.exe
  2⤵
  PID:2524
- C:\Windows\System\SwZOaDc.exe
  C:\Windows\System\SwZOaDc.exe
  2⤵
  PID:1952
- C:\Windows\System\AFFTjNl.exe
  C:\Windows\System\AFFTjNl.exe
  2⤵
  PID:5324
- C:\Windows\System\pVrhpss.exe
  C:\Windows\System\pVrhpss.exe
  2⤵
  PID:1380
- C:\Windows\System\iNtQQxT.exe
  C:\Windows\System\iNtQQxT.exe
  2⤵
  PID:5440
- C:\Windows\System\LFuMtBc.exe
  C:\Windows\System\LFuMtBc.exe
  2⤵
  PID:5728
- C:\Windows\System\mZrIykU.exe
  C:\Windows\System\mZrIykU.exe
  2⤵
  PID:5640
- C:\Windows\System\yGwlkGo.exe
  C:\Windows\System\yGwlkGo.exe
  2⤵
  PID:5844
- C:\Windows\System\rXCeHDg.exe
  C:\Windows\System\rXCeHDg.exe
  2⤵
  PID:5948
- C:\Windows\System\IKyXVda.exe
  C:\Windows\System\IKyXVda.exe
  2⤵
  PID:6064
- C:\Windows\System\mrnvnIF.exe
  C:\Windows\System\mrnvnIF.exe
  2⤵
  PID:4956
- C:\Windows\System\Shxndfr.exe
  C:\Windows\System\Shxndfr.exe
  2⤵
  PID:1476
- C:\Windows\System\kfsWESi.exe
  C:\Windows\System\kfsWESi.exe
  2⤵
  PID:336
- C:\Windows\System\vguQHiW.exe
  C:\Windows\System\vguQHiW.exe
  2⤵
  PID:5624
- C:\Windows\System\NQOSDpQ.exe
  C:\Windows\System\NQOSDpQ.exe
  2⤵
  PID:5544
- C:\Windows\System\oOGRpEy.exe
  C:\Windows\System\oOGRpEy.exe
  2⤵
  PID:664
- C:\Windows\System\NRoAcRp.exe
  C:\Windows\System\NRoAcRp.exe
  2⤵
  PID:5908
- C:\Windows\System\XxyqdMq.exe
  C:\Windows\System\XxyqdMq.exe
  2⤵
  PID:1760
- C:\Windows\System\dmbdDSR.exe
  C:\Windows\System\dmbdDSR.exe
  2⤵
  PID:3056
- C:\Windows\System\xzubnju.exe
  C:\Windows\System\xzubnju.exe
  2⤵
  PID:1960
- C:\Windows\System\QHqwjHC.exe
  C:\Windows\System\QHqwjHC.exe
  2⤵
  PID:6088
- C:\Windows\System\ChkKtva.exe
  C:\Windows\System\ChkKtva.exe
  2⤵
  PID:580
- C:\Windows\System\cnAhRkI.exe
  C:\Windows\System\cnAhRkI.exe
  2⤵
  PID:2440
- C:\Windows\System\OEjNqDW.exe
  C:\Windows\System\OEjNqDW.exe
  2⤵
  PID:5864
- C:\Windows\System\xSXVtYC.exe
  C:\Windows\System\xSXVtYC.exe
  2⤵
  PID:996
- C:\Windows\System\UNntRdX.exe
  C:\Windows\System\UNntRdX.exe
  2⤵
  PID:2192
- C:\Windows\System\deebumG.exe
  C:\Windows\System\deebumG.exe
  2⤵
  PID:6164
- C:\Windows\System\NVLbPGY.exe
  C:\Windows\System\NVLbPGY.exe
  2⤵
  PID:6196
- C:\Windows\System\YamFFKZ.exe
  C:\Windows\System\YamFFKZ.exe
  2⤵
  PID:6212
- C:\Windows\System\TCaCzqO.exe
  C:\Windows\System\TCaCzqO.exe
  2⤵
  PID:6228
- C:\Windows\System\EfQOfoO.exe
  C:\Windows\System\EfQOfoO.exe
  2⤵
  PID:6244
- C:\Windows\System\gzsacfd.exe
  C:\Windows\System\gzsacfd.exe
  2⤵
  PID:6264
- C:\Windows\System\WhDzSJM.exe
  C:\Windows\System\WhDzSJM.exe
  2⤵
  PID:6284
- C:\Windows\System\FxWeGpx.exe
  C:\Windows\System\FxWeGpx.exe
  2⤵
  PID:6300
- C:\Windows\System\rUlCovT.exe
  C:\Windows\System\rUlCovT.exe
  2⤵
  PID:6320
- C:\Windows\System\PMxstIv.exe
  C:\Windows\System\PMxstIv.exe
  2⤵
  PID:6336
- C:\Windows\System\tijIzcv.exe
  C:\Windows\System\tijIzcv.exe
  2⤵
  PID:6384
- C:\Windows\System\bJDWqwm.exe
  C:\Windows\System\bJDWqwm.exe
  2⤵
  PID:6400
- C:\Windows\System\lKifAqQ.exe
  C:\Windows\System\lKifAqQ.exe
  2⤵
  PID:6428
- C:\Windows\System\RppfMZZ.exe
  C:\Windows\System\RppfMZZ.exe
  2⤵
  PID:6448
- C:\Windows\System\kuUXjdW.exe
  C:\Windows\System\kuUXjdW.exe
  2⤵
  PID:6464
- C:\Windows\System\hDiaxFF.exe
  C:\Windows\System\hDiaxFF.exe
  2⤵
  PID:6480
- C:\Windows\System\ALDcMoS.exe
  C:\Windows\System\ALDcMoS.exe
  2⤵
  PID:6496
- C:\Windows\System\ZfGZYiH.exe
  C:\Windows\System\ZfGZYiH.exe
  2⤵
  PID:6512
- C:\Windows\System\uOCDyIB.exe
  C:\Windows\System\uOCDyIB.exe
  2⤵
  PID:6540
- C:\Windows\System\REsBQus.exe
  C:\Windows\System\REsBQus.exe
  2⤵
  PID:6572
- C:\Windows\System\nGgasfL.exe
  C:\Windows\System\nGgasfL.exe
  2⤵
  PID:6588
- C:\Windows\System\QxmTNNq.exe
  C:\Windows\System\QxmTNNq.exe
  2⤵
  PID:6604
- C:\Windows\System\hPDQgOh.exe
  C:\Windows\System\hPDQgOh.exe
  2⤵
  PID:6620
- C:\Windows\System\PnvGoMj.exe
  C:\Windows\System\PnvGoMj.exe
  2⤵
  PID:6636
- C:\Windows\System\xtpCnBx.exe
  C:\Windows\System\xtpCnBx.exe
  2⤵
  PID:6664
- C:\Windows\System\uJkHMnY.exe
  C:\Windows\System\uJkHMnY.exe
  2⤵
  PID:6684
- C:\Windows\System\moWsIrn.exe
  C:\Windows\System\moWsIrn.exe
  2⤵
  PID:6704
- C:\Windows\System\hNuasXh.exe
  C:\Windows\System\hNuasXh.exe
  2⤵
  PID:6720
- C:\Windows\System\hkfJIkd.exe
  C:\Windows\System\hkfJIkd.exe
  2⤵
  PID:6736
- C:\Windows\System\ivIGmbo.exe
  C:\Windows\System\ivIGmbo.exe
  2⤵
  PID:6756
- C:\Windows\System\FvFsveT.exe
  C:\Windows\System\FvFsveT.exe
  2⤵
  PID:6772
- C:\Windows\System\ESkgAwd.exe
  C:\Windows\System\ESkgAwd.exe
  2⤵
  PID:6788
- C:\Windows\System\oyvllHI.exe
  C:\Windows\System\oyvllHI.exe
  2⤵
  PID:6804
- C:\Windows\System\NhRWpVp.exe
  C:\Windows\System\NhRWpVp.exe
  2⤵
  PID:6824
- C:\Windows\System\nEzFWpQ.exe
  C:\Windows\System\nEzFWpQ.exe
  2⤵
  PID:6868
- C:\Windows\System\WpGzTOO.exe
  C:\Windows\System\WpGzTOO.exe
  2⤵
  PID:6888
- C:\Windows\System\olEVhXD.exe
  C:\Windows\System\olEVhXD.exe
  2⤵
  PID:6908
- C:\Windows\System\oDTZnbJ.exe
  C:\Windows\System\oDTZnbJ.exe
  2⤵
  PID:6924
- C:\Windows\System\JnRqfbU.exe
  C:\Windows\System\JnRqfbU.exe
  2⤵
  PID:6940
- C:\Windows\System\LAlzynw.exe
  C:\Windows\System\LAlzynw.exe
  2⤵
  PID:6956
- C:\Windows\System\yfhiVPH.exe
  C:\Windows\System\yfhiVPH.exe
  2⤵
  PID:6980
- C:\Windows\System\SPCsLbZ.exe
  C:\Windows\System\SPCsLbZ.exe
  2⤵
  PID:6996
- C:\Windows\System\VuAHQKJ.exe
  C:\Windows\System\VuAHQKJ.exe
  2⤵
  PID:7012
- C:\Windows\System\XqSAVBD.exe
  C:\Windows\System\XqSAVBD.exe
  2⤵
  PID:7028
- C:\Windows\System\liDJECe.exe
  C:\Windows\System\liDJECe.exe
  2⤵
  PID:7048
- C:\Windows\System\GUqUzCK.exe
  C:\Windows\System\GUqUzCK.exe
  2⤵
  PID:7068
- C:\Windows\System\OhkyVyj.exe
  C:\Windows\System\OhkyVyj.exe
  2⤵
  PID:7084
- C:\Windows\System\uRbKTin.exe
  C:\Windows\System\uRbKTin.exe
  2⤵
  PID:7128
- C:\Windows\System\EfGFDDq.exe
  C:\Windows\System\EfGFDDq.exe
  2⤵
  PID:7152
- C:\Windows\System\dgNzYkg.exe
  C:\Windows\System\dgNzYkg.exe
  2⤵
  PID:2692
- C:\Windows\System\kFVVRqu.exe
  C:\Windows\System\kFVVRqu.exe
  2⤵
  PID:6184
- C:\Windows\System\BLKbTiO.exe
  C:\Windows\System\BLKbTiO.exe
  2⤵
  PID:6220
- C:\Windows\System\HVidgoT.exe
  C:\Windows\System\HVidgoT.exe
  2⤵
  PID:6260
- C:\Windows\System\YFcvqGd.exe
  C:\Windows\System\YFcvqGd.exe
  2⤵
  PID:1840
- C:\Windows\System\NcDcpYD.exe
  C:\Windows\System\NcDcpYD.exe
  2⤵
  PID:5720
- C:\Windows\System\tnThuyI.exe
  C:\Windows\System\tnThuyI.exe
  2⤵
  PID:6272
- C:\Windows\System\whqsKwN.exe
  C:\Windows\System\whqsKwN.exe
  2⤵
  PID:2412
- C:\Windows\System\GJnGRJo.exe
  C:\Windows\System\GJnGRJo.exe
  2⤵
  PID:2924
- C:\Windows\System\mJxEUsV.exe
  C:\Windows\System\mJxEUsV.exe
  2⤵
  PID:6124
- C:\Windows\System\AzXJzjt.exe
  C:\Windows\System\AzXJzjt.exe
  2⤵
  PID:6396
- C:\Windows\System\xvPPPAv.exe
  C:\Windows\System\xvPPPAv.exe
  2⤵
  PID:6348
- C:\Windows\System\SzPhOXT.exe
  C:\Windows\System\SzPhOXT.exe
  2⤵
  PID:6236
- C:\Windows\System\MQbFosS.exe
  C:\Windows\System\MQbFosS.exe
  2⤵
  PID:6408
- C:\Windows\System\DDOLedn.exe
  C:\Windows\System\DDOLedn.exe
  2⤵
  PID:6436
- C:\Windows\System\KhJehNz.exe
  C:\Windows\System\KhJehNz.exe
  2⤵
  PID:6476
- C:\Windows\System\zvzaVNT.exe
  C:\Windows\System\zvzaVNT.exe
  2⤵
  PID:2124
- C:\Windows\System\rUvYWdi.exe
  C:\Windows\System\rUvYWdi.exe
  2⤵
  PID:6520
- C:\Windows\System\UbfwzXb.exe
  C:\Windows\System\UbfwzXb.exe
  2⤵
  PID:792
- C:\Windows\System\WZZLQei.exe
  C:\Windows\System\WZZLQei.exe
  2⤵
  PID:1604
- C:\Windows\System\rDnppRB.exe
  C:\Windows\System\rDnppRB.exe
  2⤵
  PID:6488
- C:\Windows\System\ySuGTVY.exe
  C:\Windows\System\ySuGTVY.exe
  2⤵
  PID:6556
- C:\Windows\System\qrAyidI.exe
  C:\Windows\System\qrAyidI.exe
  2⤵
  PID:6672
- C:\Windows\System\mdwxnOR.exe
  C:\Windows\System\mdwxnOR.exe
  2⤵
  PID:6676
- C:\Windows\System\anZBOBq.exe
  C:\Windows\System\anZBOBq.exe
  2⤵
  PID:6744
- C:\Windows\System\FnGYPiZ.exe
  C:\Windows\System\FnGYPiZ.exe
  2⤵
  PID:6784
- C:\Windows\System\ZvAIOiv.exe
  C:\Windows\System\ZvAIOiv.exe
  2⤵
  PID:6800
- C:\Windows\System\qljvejE.exe
  C:\Windows\System\qljvejE.exe
  2⤵
  PID:6696
- C:\Windows\System\AppwIoT.exe
  C:\Windows\System\AppwIoT.exe
  2⤵
  PID:6728
- C:\Windows\System\ZVDJUly.exe
  C:\Windows\System\ZVDJUly.exe
  2⤵
  PID:6796
- C:\Windows\System\wueZegb.exe
  C:\Windows\System\wueZegb.exe
  2⤵
  PID:6864
- C:\Windows\System\RAPfLxU.exe
  C:\Windows\System\RAPfLxU.exe
  2⤵
  PID:6860
- C:\Windows\System\BdhcUMc.exe
  C:\Windows\System\BdhcUMc.exe
  2⤵
  PID:6904
- C:\Windows\System\aGBQYbc.exe
  C:\Windows\System\aGBQYbc.exe
  2⤵
  PID:6964
- C:\Windows\System\XHowyCI.exe
  C:\Windows\System\XHowyCI.exe
  2⤵
  PID:7124
- C:\Windows\System\CDMpHmb.exe
  C:\Windows\System\CDMpHmb.exe
  2⤵
  PID:6936
- C:\Windows\System\oogyokW.exe
  C:\Windows\System\oogyokW.exe
  2⤵
  PID:7008
- C:\Windows\System\mwkAPNb.exe
  C:\Windows\System\mwkAPNb.exe
  2⤵
  PID:7080
- C:\Windows\System\VCPcehI.exe
  C:\Windows\System\VCPcehI.exe
  2⤵
  PID:7144
- C:\Windows\System\cSrhEbe.exe
  C:\Windows\System\cSrhEbe.exe
  2⤵
  PID:6192
- C:\Windows\System\poSbWrZ.exe
  C:\Windows\System\poSbWrZ.exe
  2⤵
  PID:5404
- C:\Windows\System\VqtAjVz.exe
  C:\Windows\System\VqtAjVz.exe
  2⤵
  PID:6256
- C:\Windows\System\hMmqSdu.exe
  C:\Windows\System\hMmqSdu.exe
  2⤵
  PID:6208
- C:\Windows\System\tzYZZHm.exe
  C:\Windows\System\tzYZZHm.exe
  2⤵
  PID:2240
- C:\Windows\System\yFaSGnT.exe
  C:\Windows\System\yFaSGnT.exe
  2⤵
  PID:6344
- C:\Windows\System\fiVJlox.exe
  C:\Windows\System\fiVJlox.exe
  2⤵
  PID:6360
- C:\Windows\System\FAkXXYe.exe
  C:\Windows\System\FAkXXYe.exe
  2⤵
  PID:1776
- C:\Windows\System\vhrSgQH.exe
  C:\Windows\System\vhrSgQH.exe
  2⤵
  PID:6584
- C:\Windows\System\QmJUYIA.exe
  C:\Windows\System\QmJUYIA.exe
  2⤵
  PID:6376
- C:\Windows\System\VAaDvTY.exe
  C:\Windows\System\VAaDvTY.exe
  2⤵
  PID:6560
- C:\Windows\System\vyGRESy.exe
  C:\Windows\System\vyGRESy.exe
  2⤵
  PID:6368
- C:\Windows\System\Ezpysyk.exe
  C:\Windows\System\Ezpysyk.exe
  2⤵
  PID:6472
- C:\Windows\System\wruhSui.exe
  C:\Windows\System\wruhSui.exe
  2⤵
  PID:1640
- C:\Windows\System\xnnwtkD.exe
  C:\Windows\System\xnnwtkD.exe
  2⤵
  PID:6692
- C:\Windows\System\QvQZuKp.exe
  C:\Windows\System\QvQZuKp.exe
  2⤵
  PID:6752
- C:\Windows\System\ZPTzxWY.exe
  C:\Windows\System\ZPTzxWY.exe
  2⤵
  PID:6840
- C:\Windows\System\jIzSTXV.exe
  C:\Windows\System\jIzSTXV.exe
  2⤵
  PID:7108
- C:\Windows\System\KPOLmOE.exe
  C:\Windows\System\KPOLmOE.exe
  2⤵
  PID:6768
- C:\Windows\System\stUMklt.exe
  C:\Windows\System\stUMklt.exe
  2⤵
  PID:7060
- C:\Windows\System\FzCHrJO.exe
  C:\Windows\System\FzCHrJO.exe
  2⤵
  PID:7120
- C:\Windows\System\MFLPmsS.exe
  C:\Windows\System\MFLPmsS.exe
  2⤵
  PID:2580
- C:\Windows\System\eqQlVoJ.exe
  C:\Windows\System\eqQlVoJ.exe
  2⤵
  PID:7056
- C:\Windows\System\ChfOiGd.exe
  C:\Windows\System\ChfOiGd.exe
  2⤵
  PID:1348
- C:\Windows\System\rOTGWqS.exe
  C:\Windows\System\rOTGWqS.exe
  2⤵
  PID:7136
- C:\Windows\System\pqHaRWa.exe
  C:\Windows\System\pqHaRWa.exe
  2⤵
  PID:7164
- C:\Windows\System\zQSxrUc.exe
  C:\Windows\System\zQSxrUc.exe
  2⤵
  PID:1568
- C:\Windows\System\zEYaqSt.exe
  C:\Windows\System\zEYaqSt.exe
  2⤵
  PID:2036
- C:\Windows\System\cRCypAD.exe
  C:\Windows\System\cRCypAD.exe
  2⤵
  PID:6528
- C:\Windows\System\lMqSnPK.exe
  C:\Windows\System\lMqSnPK.exe
  2⤵
  PID:2152
- C:\Windows\System\iALnJIJ.exe
  C:\Windows\System\iALnJIJ.exe
  2⤵
  PID:6916
- C:\Windows\System\yBBpQxM.exe
  C:\Windows\System\yBBpQxM.exe
  2⤵
  PID:6764
- C:\Windows\System\PNKzcOW.exe
  C:\Windows\System\PNKzcOW.exe
  2⤵
  PID:6648
- C:\Windows\System\jNZrGGW.exe
  C:\Windows\System\jNZrGGW.exe
  2⤵
  PID:6832
- C:\Windows\System\CLRdOnx.exe
  C:\Windows\System\CLRdOnx.exe
  2⤵
  PID:7064
- C:\Windows\System\yQQCdvo.exe
  C:\Windows\System\yQQCdvo.exe
  2⤵
  PID:6844
- C:\Windows\System\RgupwhH.exe
  C:\Windows\System\RgupwhH.exe
  2⤵
  PID:6296
- C:\Windows\System\BfCLmGt.exe
  C:\Windows\System\BfCLmGt.exe
  2⤵
  PID:6332
- C:\Windows\System\gcwIdZS.exe
  C:\Windows\System\gcwIdZS.exe
  2⤵
  PID:2788
- C:\Windows\System\dqpGzmB.exe
  C:\Windows\System\dqpGzmB.exe
  2⤵
  PID:6632
- C:\Windows\System\rBVBKkn.exe
  C:\Windows\System\rBVBKkn.exe
  2⤵
  PID:6600
- C:\Windows\System\iHCgqDd.exe
  C:\Windows\System\iHCgqDd.exe
  2⤵
  PID:6876
- C:\Windows\System\cHksXqB.exe
  C:\Windows\System\cHksXqB.exe
  2⤵
  PID:6988
- C:\Windows\System\SkOGaIX.exe
  C:\Windows\System\SkOGaIX.exe
  2⤵
  PID:7100
- C:\Windows\System\arCslWE.exe
  C:\Windows\System\arCslWE.exe
  2⤵
  PID:1556
- C:\Windows\System\BfqZHxr.exe
  C:\Windows\System\BfqZHxr.exe
  2⤵
  PID:1924
- C:\Windows\System\ytPkjab.exe
  C:\Windows\System\ytPkjab.exe
  2⤵
  PID:1872
- C:\Windows\System\JFVirzg.exe
  C:\Windows\System\JFVirzg.exe
  2⤵
  PID:6508
- C:\Windows\System\oUIeQES.exe
  C:\Windows\System\oUIeQES.exe
  2⤵
  PID:6992
- C:\Windows\System\apDIWbg.exe
  C:\Windows\System\apDIWbg.exe
  2⤵
  PID:6900
- C:\Windows\System\nAUseSd.exe
  C:\Windows\System\nAUseSd.exe
  2⤵
  PID:6492
- C:\Windows\System\szmVMkn.exe
  C:\Windows\System\szmVMkn.exe
  2⤵
  PID:6932
- C:\Windows\System\GsoXpFv.exe
  C:\Windows\System\GsoXpFv.exe
  2⤵
  PID:1540
- C:\Windows\System\qZcKLZm.exe
  C:\Windows\System\qZcKLZm.exe
  2⤵
  PID:7160
- C:\Windows\System\rLUZYWW.exe
  C:\Windows\System\rLUZYWW.exe
  2⤵
  PID:6316
- C:\Windows\System\JVuJvtu.exe
  C:\Windows\System\JVuJvtu.exe
  2⤵
  PID:6380
- C:\Windows\System\iUBJhOT.exe
  C:\Windows\System\iUBJhOT.exe
  2⤵
  PID:7188
- C:\Windows\System\lOmzyyh.exe
  C:\Windows\System\lOmzyyh.exe
  2⤵
  PID:7208
- C:\Windows\System\EzcnGRF.exe
  C:\Windows\System\EzcnGRF.exe
  2⤵
  PID:7232
- C:\Windows\System\absGSFP.exe
  C:\Windows\System\absGSFP.exe
  2⤵
  PID:7256
- C:\Windows\System\BfouWYs.exe
  C:\Windows\System\BfouWYs.exe
  2⤵
  PID:7272
- C:\Windows\System\rzCdjeb.exe
  C:\Windows\System\rzCdjeb.exe
  2⤵
  PID:7288
- C:\Windows\System\TUzbEBp.exe
  C:\Windows\System\TUzbEBp.exe
  2⤵
  PID:7312
- C:\Windows\System\tCGSsbn.exe
  C:\Windows\System\tCGSsbn.exe
  2⤵
  PID:7336
- C:\Windows\System\guGzDli.exe
  C:\Windows\System\guGzDli.exe
  2⤵
  PID:7352
- C:\Windows\System\BNBnaCp.exe
  C:\Windows\System\BNBnaCp.exe
  2⤵
  PID:7368
- C:\Windows\System\vAIOrJM.exe
  C:\Windows\System\vAIOrJM.exe
  2⤵
  PID:7384
- C:\Windows\System\GSnRHbe.exe
  C:\Windows\System\GSnRHbe.exe
  2⤵
  PID:7404
- C:\Windows\System\YeVmogJ.exe
  C:\Windows\System\YeVmogJ.exe
  2⤵
  PID:7420
- C:\Windows\System\kSDCXpx.exe
  C:\Windows\System\kSDCXpx.exe
  2⤵
  PID:7436
- C:\Windows\System\lnEpVLr.exe
  C:\Windows\System\lnEpVLr.exe
  2⤵
  PID:7452
- C:\Windows\System\AnPiKjF.exe
  C:\Windows\System\AnPiKjF.exe
  2⤵
  PID:7468
- C:\Windows\System\uHIiAxh.exe
  C:\Windows\System\uHIiAxh.exe
  2⤵
  PID:7520
- C:\Windows\System\TpqayLe.exe
  C:\Windows\System\TpqayLe.exe
  2⤵
  PID:7536
- C:\Windows\System\OdBFsvZ.exe
  C:\Windows\System\OdBFsvZ.exe
  2⤵
  PID:7552
- C:\Windows\System\pNPSMPy.exe
  C:\Windows\System\pNPSMPy.exe
  2⤵
  PID:7568
- C:\Windows\System\eQFkbaP.exe
  C:\Windows\System\eQFkbaP.exe
  2⤵
  PID:7592
- C:\Windows\System\nvpWqnc.exe
  C:\Windows\System\nvpWqnc.exe
  2⤵
  PID:7608
- C:\Windows\System\KFOOGVW.exe
  C:\Windows\System\KFOOGVW.exe
  2⤵
  PID:7624
- C:\Windows\System\qrPgfUg.exe
  C:\Windows\System\qrPgfUg.exe
  2⤵
  PID:7640
- C:\Windows\System\QVLsQVZ.exe
  C:\Windows\System\QVLsQVZ.exe
  2⤵
  PID:7656
- C:\Windows\System\BzhvSqp.exe
  C:\Windows\System\BzhvSqp.exe
  2⤵
  PID:7672
- C:\Windows\System\ZUccITl.exe
  C:\Windows\System\ZUccITl.exe
  2⤵
  PID:7688
- C:\Windows\System\lyLnpdE.exe
  C:\Windows\System\lyLnpdE.exe
  2⤵
  PID:7704
- C:\Windows\System\RoZzqKP.exe
  C:\Windows\System\RoZzqKP.exe
  2⤵
  PID:7740
- C:\Windows\System\tPtQfkU.exe
  C:\Windows\System\tPtQfkU.exe
  2⤵
  PID:7756
- C:\Windows\System\ydKrEza.exe
  C:\Windows\System\ydKrEza.exe
  2⤵
  PID:7772
- C:\Windows\System\lwTXNVm.exe
  C:\Windows\System\lwTXNVm.exe
  2⤵
  PID:7788
- C:\Windows\System\vryKzhq.exe
  C:\Windows\System\vryKzhq.exe
  2⤵
  PID:7804
- C:\Windows\System\BuacQcz.exe
  C:\Windows\System\BuacQcz.exe
  2⤵
  PID:7828
- C:\Windows\System\xXDCFtg.exe
  C:\Windows\System\xXDCFtg.exe
  2⤵
  PID:7844
- C:\Windows\System\iwIbwpM.exe
  C:\Windows\System\iwIbwpM.exe
  2⤵
  PID:7860
- C:\Windows\System\oahTvym.exe
  C:\Windows\System\oahTvym.exe
  2⤵
  PID:7876
- C:\Windows\System\aLwytiw.exe
  C:\Windows\System\aLwytiw.exe
  2⤵
  PID:7892
- C:\Windows\System\wrZybcP.exe
  C:\Windows\System\wrZybcP.exe
  2⤵
  PID:7912
- C:\Windows\System\aKifavZ.exe
  C:\Windows\System\aKifavZ.exe
  2⤵
  PID:7932
- C:\Windows\System\ggAhIgx.exe
  C:\Windows\System\ggAhIgx.exe
  2⤵
  PID:8000
- C:\Windows\System\ObBsqYg.exe
  C:\Windows\System\ObBsqYg.exe
  2⤵
  PID:8024
- C:\Windows\System\BxAYMEn.exe
  C:\Windows\System\BxAYMEn.exe
  2⤵
  PID:8040
- C:\Windows\System\harDdrO.exe
  C:\Windows\System\harDdrO.exe
  2⤵
  PID:8060
- C:\Windows\System\vJRlftM.exe
  C:\Windows\System\vJRlftM.exe
  2⤵
  PID:8076
- C:\Windows\System\WPFjgjl.exe
  C:\Windows\System\WPFjgjl.exe
  2⤵
  PID:8092
- C:\Windows\System\NqkuIiZ.exe
  C:\Windows\System\NqkuIiZ.exe
  2⤵
  PID:8116
- C:\Windows\System\igEvIWt.exe
  C:\Windows\System\igEvIWt.exe
  2⤵
  PID:8136
- C:\Windows\System\EjfLWjT.exe
  C:\Windows\System\EjfLWjT.exe
  2⤵
  PID:8152
- C:\Windows\System\mpdBFmP.exe
  C:\Windows\System\mpdBFmP.exe
  2⤵
  PID:8172
- C:\Windows\System\VqJiYZZ.exe
  C:\Windows\System\VqJiYZZ.exe
  2⤵
  PID:6852
- C:\Windows\System\QOqSTRv.exe
  C:\Windows\System\QOqSTRv.exe
  2⤵
  PID:7180
- C:\Windows\System\awSPzos.exe
  C:\Windows\System\awSPzos.exe
  2⤵
  PID:7224
- C:\Windows\System\lXQzRUS.exe
  C:\Windows\System\lXQzRUS.exe
  2⤵
  PID:7244
- C:\Windows\System\jCZhlfa.exe
  C:\Windows\System\jCZhlfa.exe
  2⤵
  PID:1700
- C:\Windows\System\TuiMYjC.exe
  C:\Windows\System\TuiMYjC.exe
  2⤵
  PID:7300
- C:\Windows\System\kdLOVHf.exe
  C:\Windows\System\kdLOVHf.exe
  2⤵
  PID:7348
- C:\Windows\System\mtuXcYZ.exe
  C:\Windows\System\mtuXcYZ.exe
  2⤵
  PID:7416
- C:\Windows\System\spWOeVn.exe
  C:\Windows\System\spWOeVn.exe
  2⤵
  PID:7328
- C:\Windows\System\nZCeJqH.exe
  C:\Windows\System\nZCeJqH.exe
  2⤵
  PID:7480
- C:\Windows\System\FjwxNxH.exe
  C:\Windows\System\FjwxNxH.exe
  2⤵
  PID:7380
- C:\Windows\System\uFnBEhi.exe
  C:\Windows\System\uFnBEhi.exe
  2⤵
  PID:7512
- C:\Windows\System\qPqpKvF.exe
  C:\Windows\System\qPqpKvF.exe
  2⤵
  PID:7460
- C:\Windows\System\qlGbNIr.exe
  C:\Windows\System\qlGbNIr.exe
  2⤵
  PID:7576
- C:\Windows\System\AmQnODZ.exe
  C:\Windows\System\AmQnODZ.exe
  2⤵
  PID:7616
- C:\Windows\System\RBYJDQm.exe
  C:\Windows\System\RBYJDQm.exe
  2⤵
  PID:7732
- C:\Windows\System\ZMHCQxw.exe
  C:\Windows\System\ZMHCQxw.exe
  2⤵
  PID:7560
- C:\Windows\System\dmDLtlG.exe
  C:\Windows\System\dmDLtlG.exe
  2⤵
  PID:7836
- C:\Windows\System\iQrIOfX.exe
  C:\Windows\System\iQrIOfX.exe
  2⤵
  PID:7636
- C:\Windows\System\NOLKrCq.exe
  C:\Windows\System\NOLKrCq.exe
  2⤵
  PID:7668
- C:\Windows\System\ptoYIxP.exe
  C:\Windows\System\ptoYIxP.exe
  2⤵
  PID:7852
- C:\Windows\System\cKZOyUH.exe
  C:\Windows\System\cKZOyUH.exe
  2⤵
  PID:7784
- C:\Windows\System\NDiwRzN.exe
  C:\Windows\System\NDiwRzN.exe
  2⤵
  PID:7888
- C:\Windows\System\doBRpWk.exe
  C:\Windows\System\doBRpWk.exe
  2⤵
  PID:7928
- C:\Windows\System\byfRArL.exe
  C:\Windows\System\byfRArL.exe
  2⤵
  PID:7948
- C:\Windows\System\ouvMXtG.exe
  C:\Windows\System\ouvMXtG.exe
  2⤵
  PID:7980
- C:\Windows\System\etFdODZ.exe
  C:\Windows\System\etFdODZ.exe
  2⤵
  PID:7992
- C:\Windows\System\FAIUQFQ.exe
  C:\Windows\System\FAIUQFQ.exe
  2⤵
  PID:8020
- C:\Windows\System\YTopYqM.exe
  C:\Windows\System\YTopYqM.exe
  2⤵
  PID:8032
- C:\Windows\System\yZJvqjt.exe
  C:\Windows\System\yZJvqjt.exe
  2⤵
  PID:8088
- C:\Windows\System\SbOWUOX.exe
  C:\Windows\System\SbOWUOX.exe
  2⤵
  PID:8160
- C:\Windows\System\rygmGmc.exe
  C:\Windows\System\rygmGmc.exe
  2⤵
  PID:8148
- C:\Windows\System\FawlyBU.exe
  C:\Windows\System\FawlyBU.exe
  2⤵
  PID:8072
- C:\Windows\System\LOeqbAK.exe
  C:\Windows\System\LOeqbAK.exe
  2⤵
  PID:8100
- C:\Windows\System\CCNrLhf.exe
  C:\Windows\System\CCNrLhf.exe
  2⤵
  PID:7216
- C:\Windows\System\hXnUqXN.exe
  C:\Windows\System\hXnUqXN.exe
  2⤵
  PID:7268
- C:\Windows\System\LZfKGaF.exe
  C:\Windows\System\LZfKGaF.exe
  2⤵
  PID:7364
- C:\Windows\System\cfyRRzB.exe
  C:\Windows\System\cfyRRzB.exe
  2⤵
  PID:7304
- C:\Windows\System\gNQUysW.exe
  C:\Windows\System\gNQUysW.exe
  2⤵
  PID:7484
- C:\Windows\System\AzZMAGg.exe
  C:\Windows\System\AzZMAGg.exe
  2⤵
  PID:7684
- C:\Windows\System\zZyiKXz.exe
  C:\Windows\System\zZyiKXz.exe
  2⤵
  PID:7476
- C:\Windows\System\iVYBWZy.exe
  C:\Windows\System\iVYBWZy.exe
  2⤵
  PID:7584
- C:\Windows\System\XRrPGGe.exe
  C:\Windows\System\XRrPGGe.exe
  2⤵
  PID:7796
- C:\Windows\System\EVtazew.exe
  C:\Windows\System\EVtazew.exe
  2⤵
  PID:7664
- C:\Windows\System\jxhoqWw.exe
  C:\Windows\System\jxhoqWw.exe
  2⤵
  PID:7924
- C:\Windows\System\rEnVNpH.exe
  C:\Windows\System\rEnVNpH.exe
  2⤵
  PID:7972
- C:\Windows\System\jaCBjYm.exe
  C:\Windows\System\jaCBjYm.exe
  2⤵
  PID:7824
- C:\Windows\System\CoHaqKf.exe
  C:\Windows\System\CoHaqKf.exe
  2⤵
  PID:7944
- C:\Windows\System\hKLgcsN.exe
  C:\Windows\System\hKLgcsN.exe
  2⤵
  PID:8084
- C:\Windows\System\aaVoUJD.exe
  C:\Windows\System\aaVoUJD.exe
  2⤵
  PID:1240
- C:\Windows\System\iDotdfl.exe
  C:\Windows\System\iDotdfl.exe
  2⤵
  PID:8132
- C:\Windows\System\dWhQvWD.exe
  C:\Windows\System\dWhQvWD.exe
  2⤵
  PID:7200
- C:\Windows\System\isADhch.exe
  C:\Windows\System\isADhch.exe
  2⤵
  PID:8108
- C:\Windows\System\UYLpNrB.exe
  C:\Windows\System\UYLpNrB.exe
  2⤵
  PID:7400
- C:\Windows\System\NEENgel.exe
  C:\Windows\System\NEENgel.exe
  2⤵
  PID:7548
- C:\Windows\System\MUuhAxh.exe
  C:\Windows\System\MUuhAxh.exe
  2⤵
  PID:7652
- C:\Windows\System\rvCXWkb.exe
  C:\Windows\System\rvCXWkb.exe
  2⤵
  PID:7800
- C:\Windows\System\BHLHwzU.exe
  C:\Windows\System\BHLHwzU.exe
  2⤵
  PID:7720
- C:\Windows\System\oKfeegw.exe
  C:\Windows\System\oKfeegw.exe
  2⤵
  PID:7780
- C:\Windows\System\nXUvhKj.exe
  C:\Windows\System\nXUvhKj.exe
  2⤵
  PID:7632
- C:\Windows\System\qisPHuw.exe
  C:\Windows\System\qisPHuw.exe
  2⤵
  PID:7940
- C:\Windows\System\RvuMXAW.exe
  C:\Windows\System\RvuMXAW.exe
  2⤵
  PID:7820
- C:\Windows\System\Hcerxfn.exe
  C:\Windows\System\Hcerxfn.exe
  2⤵
  PID:8052
- C:\Windows\System\SZrdjpw.exe
  C:\Windows\System\SZrdjpw.exe
  2⤵
  PID:7996
- C:\Windows\System\nZdQuOP.exe
  C:\Windows\System\nZdQuOP.exe
  2⤵
  PID:7508
- C:\Windows\System\HiLePWb.exe
  C:\Windows\System\HiLePWb.exe
  2⤵
  PID:7984
- C:\Windows\System\QGuGdct.exe
  C:\Windows\System\QGuGdct.exe
  2⤵
  PID:7700
- C:\Windows\System\zvChfIQ.exe
  C:\Windows\System\zvChfIQ.exe
  2⤵
  PID:7716
- C:\Windows\System\MRpCeEY.exe
  C:\Windows\System\MRpCeEY.exe
  2⤵
  PID:7728
- C:\Windows\System\YobrqOe.exe
  C:\Windows\System\YobrqOe.exe
  2⤵
  PID:7412
- C:\Windows\System\gQTizen.exe
  C:\Windows\System\gQTizen.exe
  2⤵
  PID:7204
- C:\Windows\System\LLDRFWy.exe
  C:\Windows\System\LLDRFWy.exe
  2⤵
  PID:7968
- C:\Windows\System\vroNLuW.exe
  C:\Windows\System\vroNLuW.exe
  2⤵
  PID:7284
- C:\Windows\System\HFcmscz.exe
  C:\Windows\System\HFcmscz.exe
  2⤵
  PID:7884
- C:\Windows\System\DCEgdEE.exe
  C:\Windows\System\DCEgdEE.exe
  2⤵
  PID:7812
- C:\Windows\System\NYSGZyE.exe
  C:\Windows\System\NYSGZyE.exe
  2⤵
  PID:7492
- C:\Windows\System\NUnITIJ.exe
  C:\Windows\System\NUnITIJ.exe
  2⤵
  PID:8204
- C:\Windows\System\pNNqfam.exe
  C:\Windows\System\pNNqfam.exe
  2⤵
  PID:8228
- C:\Windows\System\eHNUasG.exe
  C:\Windows\System\eHNUasG.exe
  2⤵
  PID:8248
- C:\Windows\System\GqIqOGP.exe
  C:\Windows\System\GqIqOGP.exe
  2⤵
  PID:8280
- C:\Windows\System\UNZTsCU.exe
  C:\Windows\System\UNZTsCU.exe
  2⤵
  PID:8296
- C:\Windows\System\ZjPDuVk.exe
  C:\Windows\System\ZjPDuVk.exe
  2⤵
  PID:8316
- C:\Windows\System\FROTDJs.exe
  C:\Windows\System\FROTDJs.exe
  2⤵
  PID:8332
- C:\Windows\System\qRYMMUv.exe
  C:\Windows\System\qRYMMUv.exe
  2⤵
  PID:8348
- C:\Windows\System\rlWRyZw.exe
  C:\Windows\System\rlWRyZw.exe
  2⤵
  PID:8372
- C:\Windows\System\hiPEFPp.exe
  C:\Windows\System\hiPEFPp.exe
  2⤵
  PID:8400
- C:\Windows\System\ODZoFhR.exe
  C:\Windows\System\ODZoFhR.exe
  2⤵
  PID:8416
- C:\Windows\System\SWkzvKj.exe
  C:\Windows\System\SWkzvKj.exe
  2⤵
  PID:8432
- C:\Windows\System\WIqRFng.exe
  C:\Windows\System\WIqRFng.exe
  2⤵
  PID:8464
- C:\Windows\System\ufMhVDe.exe
  C:\Windows\System\ufMhVDe.exe
  2⤵
  PID:8492
- C:\Windows\System\KsJoCAL.exe
  C:\Windows\System\KsJoCAL.exe
  2⤵
  PID:8508
- C:\Windows\System\EyZvzvE.exe
  C:\Windows\System\EyZvzvE.exe
  2⤵
  PID:8524
- C:\Windows\System\rMVbpMp.exe
  C:\Windows\System\rMVbpMp.exe
  2⤵
  PID:8544
- C:\Windows\System\zATBnKb.exe
  C:\Windows\System\zATBnKb.exe
  2⤵
  PID:8564
- C:\Windows\System\TEHUqgI.exe
  C:\Windows\System\TEHUqgI.exe
  2⤵
  PID:8580
- C:\Windows\System\riteBZZ.exe
  C:\Windows\System\riteBZZ.exe
  2⤵
  PID:8596
- C:\Windows\System\bnOeYBp.exe
  C:\Windows\System\bnOeYBp.exe
  2⤵
  PID:8612
- C:\Windows\System\yJeZwZV.exe
  C:\Windows\System\yJeZwZV.exe
  2⤵
  PID:8628
- C:\Windows\System\xoFLIbJ.exe
  C:\Windows\System\xoFLIbJ.exe
  2⤵
  PID:8644
- C:\Windows\System\pvFHbUT.exe
  C:\Windows\System\pvFHbUT.exe
  2⤵
  PID:8660
- C:\Windows\System\UPaawXr.exe
  C:\Windows\System\UPaawXr.exe
  2⤵
  PID:8676
- C:\Windows\System\gnEOrcU.exe
  C:\Windows\System\gnEOrcU.exe
  2⤵
  PID:8692
- C:\Windows\System\krPbOPC.exe
  C:\Windows\System\krPbOPC.exe
  2⤵
  PID:8708
- C:\Windows\System\Tqbrwan.exe
  C:\Windows\System\Tqbrwan.exe
  2⤵
  PID:8724
- C:\Windows\System\ESXWOVf.exe
  C:\Windows\System\ESXWOVf.exe
  2⤵
  PID:8740
- C:\Windows\System\ZmGvcyj.exe
  C:\Windows\System\ZmGvcyj.exe
  2⤵
  PID:8756
- C:\Windows\System\kmZhDoy.exe
  C:\Windows\System\kmZhDoy.exe
  2⤵
  PID:8772
- C:\Windows\System\zjKZdfw.exe
  C:\Windows\System\zjKZdfw.exe
  2⤵
  PID:8788
- C:\Windows\System\BQedmcs.exe
  C:\Windows\System\BQedmcs.exe
  2⤵
  PID:8804
- C:\Windows\System\bYqZGfL.exe
  C:\Windows\System\bYqZGfL.exe
  2⤵
  PID:8820
- C:\Windows\System\nwXXioJ.exe
  C:\Windows\System\nwXXioJ.exe
  2⤵
  PID:8836
- C:\Windows\System\zvyizEI.exe
  C:\Windows\System\zvyizEI.exe
  2⤵
  PID:8852
- C:\Windows\System\wxkjghE.exe
  C:\Windows\System\wxkjghE.exe
  2⤵
  PID:8868
- C:\Windows\System\OKQcflx.exe
  C:\Windows\System\OKQcflx.exe
  2⤵
  PID:8884
- C:\Windows\System\TArNwyT.exe
  C:\Windows\System\TArNwyT.exe
  2⤵
  PID:8900
- C:\Windows\System\TRZeqZl.exe
  C:\Windows\System\TRZeqZl.exe
  2⤵
  PID:8916
- C:\Windows\System\xixMwkG.exe
  C:\Windows\System\xixMwkG.exe
  2⤵
  PID:8932
- C:\Windows\System\RWvlcwt.exe
  C:\Windows\System\RWvlcwt.exe
  2⤵
  PID:8948
- C:\Windows\System\iHVtpYU.exe
  C:\Windows\System\iHVtpYU.exe
  2⤵
  PID:8968
- C:\Windows\System\EutMxXq.exe
  C:\Windows\System\EutMxXq.exe
  2⤵
  PID:8996
- C:\Windows\System\sihYehV.exe
  C:\Windows\System\sihYehV.exe
  2⤵
  PID:9012
- C:\Windows\System\uyhalYF.exe
  C:\Windows\System\uyhalYF.exe
  2⤵
  PID:9028
- C:\Windows\System\zXFsCsc.exe
  C:\Windows\System\zXFsCsc.exe
  2⤵
  PID:9044
- C:\Windows\System\xLvcwDv.exe
  C:\Windows\System\xLvcwDv.exe
  2⤵
  PID:9060
- C:\Windows\System\DULjgLv.exe
  C:\Windows\System\DULjgLv.exe
  2⤵
  PID:9076
- C:\Windows\System\HSYzCXF.exe
  C:\Windows\System\HSYzCXF.exe
  2⤵
  PID:9208
- C:\Windows\System\WXcLeyS.exe
  C:\Windows\System\WXcLeyS.exe
  2⤵
  PID:8196
- C:\Windows\System\qsCBzQm.exe
  C:\Windows\System\qsCBzQm.exe
  2⤵
  PID:8240
- C:\Windows\System\twNYZWO.exe
  C:\Windows\System\twNYZWO.exe
  2⤵
  PID:8268
- C:\Windows\System\SsXEdje.exe
  C:\Windows\System\SsXEdje.exe
  2⤵
  PID:8304
- C:\Windows\System\wYSToyQ.exe
  C:\Windows\System\wYSToyQ.exe
  2⤵
  PID:8368
- C:\Windows\System\xvzpXrW.exe
  C:\Windows\System\xvzpXrW.exe
  2⤵
  PID:8396
- C:\Windows\System\aPuhhZG.exe
  C:\Windows\System\aPuhhZG.exe
  2⤵
  PID:8412
- C:\Windows\System\UXvjBSb.exe
  C:\Windows\System\UXvjBSb.exe
  2⤵
  PID:8448
- C:\Windows\System\hNEpJij.exe
  C:\Windows\System\hNEpJij.exe
  2⤵
  PID:8484
- C:\Windows\System\UrautAT.exe
  C:\Windows\System\UrautAT.exe
  2⤵
  PID:8516
- C:\Windows\System\lQNVplz.exe
  C:\Windows\System\lQNVplz.exe
  2⤵
  PID:8572
- C:\Windows\System\wofgSaD.exe
  C:\Windows\System\wofgSaD.exe
  2⤵
  PID:8608
- C:\Windows\System\bxEpahI.exe
  C:\Windows\System\bxEpahI.exe
  2⤵
  PID:8552
- C:\Windows\System\uhsjWOo.exe
  C:\Windows\System\uhsjWOo.exe
  2⤵
  PID:8656
- C:\Windows\System\JMNavMT.exe
  C:\Windows\System\JMNavMT.exe
  2⤵
  PID:8720
- C:\Windows\System\OhgqaZO.exe
  C:\Windows\System\OhgqaZO.exe
  2⤵
  PID:8944
- C:\Windows\System\GtoPgmb.exe
  C:\Windows\System\GtoPgmb.exe
  2⤵
  PID:8988
- C:\Windows\System\cltKRgH.exe
  C:\Windows\System\cltKRgH.exe
  2⤵
  PID:8928
- C:\Windows\System\vGDxICC.exe
  C:\Windows\System\vGDxICC.exe
  2⤵
  PID:9008
- C:\Windows\System\NaVzGxq.exe
  C:\Windows\System\NaVzGxq.exe
  2⤵
  PID:9072
- C:\Windows\System\DGczkhq.exe
  C:\Windows\System\DGczkhq.exe
  2⤵
  PID:9096
- C:\Windows\System\polfekR.exe
  C:\Windows\System\polfekR.exe
  2⤵
  PID:9116
- C:\Windows\System\zPOeflZ.exe
  C:\Windows\System\zPOeflZ.exe
  2⤵
  PID:9144
- C:\Windows\System\yeFyFUt.exe
  C:\Windows\System\yeFyFUt.exe
  2⤵
  PID:9164
- C:\Windows\System\oFNQMLX.exe
  C:\Windows\System\oFNQMLX.exe
  2⤵
  PID:9180
- C:\Windows\System\EFjkzyC.exe
  C:\Windows\System\EFjkzyC.exe
  2⤵
  PID:9200
- C:\Windows\System\cvUjOJe.exe
  C:\Windows\System\cvUjOJe.exe
  2⤵
  PID:8212
- C:\Windows\System\NrWWBCd.exe
  C:\Windows\System\NrWWBCd.exe
  2⤵
  PID:8276
- C:\Windows\System\RcJoSPr.exe
  C:\Windows\System\RcJoSPr.exe
  2⤵
  PID:8380
- C:\Windows\System\mYJzJnq.exe
  C:\Windows\System\mYJzJnq.exe
  2⤵
  PID:8260
- C:\Windows\System\vbRpJXa.exe
  C:\Windows\System\vbRpJXa.exe
  2⤵
  PID:8428
- C:\Windows\System\GfZgYfH.exe
  C:\Windows\System\GfZgYfH.exe
  2⤵
  PID:8536
- C:\Windows\System\EUZyWhl.exe
  C:\Windows\System\EUZyWhl.exe
  2⤵
  PID:8504
- C:\Windows\System\QLfhbcO.exe
  C:\Windows\System\QLfhbcO.exe
  2⤵
  PID:8688
- C:\Windows\System\MEMQzUf.exe
  C:\Windows\System\MEMQzUf.exe
  2⤵
  PID:8588
- C:\Windows\System\GXAroKY.exe
  C:\Windows\System\GXAroKY.exe
  2⤵
  PID:8784
- C:\Windows\System\PeVlWuR.exe
  C:\Windows\System\PeVlWuR.exe
  2⤵
  PID:8768
- C:\Windows\System\ILCrZkr.exe
  C:\Windows\System\ILCrZkr.exe
  2⤵
  PID:8984
- C:\Windows\System\rEeFNYR.exe
  C:\Windows\System\rEeFNYR.exe
  2⤵
  PID:9084
- C:\Windows\System\PHmNegU.exe
  C:\Windows\System\PHmNegU.exe
  2⤵
  PID:9036
- C:\Windows\System\VTXiUyG.exe
  C:\Windows\System\VTXiUyG.exe
  2⤵
  PID:9132
- C:\Windows\System\PfeCbau.exe
  C:\Windows\System\PfeCbau.exe
  2⤵
  PID:9172
- C:\Windows\System\DQoCltF.exe
  C:\Windows\System\DQoCltF.exe
  2⤵
  PID:8356
- C:\Windows\System\cyeLaWR.exe
  C:\Windows\System\cyeLaWR.exe
  2⤵
  PID:8472
- C:\Windows\System\rDuUUfx.exe
  C:\Windows\System\rDuUUfx.exe
  2⤵
  PID:8216
- C:\Windows\System\PROFWqL.exe
  C:\Windows\System\PROFWqL.exe
  2⤵
  PID:8384
- C:\Windows\System\HtFsBnJ.exe
  C:\Windows\System\HtFsBnJ.exe
  2⤵
  PID:8748
- C:\Windows\System\SoMJHso.exe
  C:\Windows\System\SoMJHso.exe
  2⤵
  PID:8456
- C:\Windows\System\NLDNjDU.exe
  C:\Windows\System\NLDNjDU.exe
  2⤵
  PID:8924
- C:\Windows\System\RKWCnOI.exe
  C:\Windows\System\RKWCnOI.exe
  2⤵
  PID:8964
- C:\Windows\System\pgLsIrB.exe
  C:\Windows\System\pgLsIrB.exe
  2⤵
  PID:9128
- C:\Windows\System\LggrsGT.exe
  C:\Windows\System\LggrsGT.exe
  2⤵
  PID:8224
- C:\Windows\System\WNZRzum.exe
  C:\Windows\System\WNZRzum.exe
  2⤵
  PID:984
- C:\Windows\System\bNyOCbk.exe
  C:\Windows\System\bNyOCbk.exe
  2⤵
  PID:8272
- C:\Windows\System\YHcnbpm.exe
  C:\Windows\System\YHcnbpm.exe
  2⤵
  PID:8736
- C:\Windows\System\cpfqwoE.exe
  C:\Windows\System\cpfqwoE.exe
  2⤵
  PID:8764
- C:\Windows\System\MMccySz.exe
  C:\Windows\System\MMccySz.exe
  2⤵
  PID:9104
- C:\Windows\System\kbCmxBf.exe
  C:\Windows\System\kbCmxBf.exe
  2⤵
  PID:9160
- C:\Windows\System\HUXSWIU.exe
  C:\Windows\System\HUXSWIU.exe
  2⤵
  PID:7496
- C:\Windows\System\jDowRoS.exe
  C:\Windows\System\jDowRoS.exe
  2⤵
  PID:8732
- C:\Windows\System\RRabyer.exe
  C:\Windows\System\RRabyer.exe
  2⤵
  PID:9020
- C:\Windows\System\vDVzDiQ.exe
  C:\Windows\System\vDVzDiQ.exe
  2⤵
  PID:9124
- C:\Windows\System\qdnmfsC.exe
  C:\Windows\System\qdnmfsC.exe
  2⤵
  PID:8256
- C:\Windows\System\zZaatBx.exe
  C:\Windows\System\zZaatBx.exe
  2⤵
  PID:9228
- C:\Windows\System\hoOjiyF.exe
  C:\Windows\System\hoOjiyF.exe
  2⤵
  PID:9244
- C:\Windows\System\cVHHOgu.exe
  C:\Windows\System\cVHHOgu.exe
  2⤵
  PID:9260
- C:\Windows\System\JglMcXP.exe
  C:\Windows\System\JglMcXP.exe
  2⤵
  PID:9276
- C:\Windows\System\WVLijEp.exe
  C:\Windows\System\WVLijEp.exe
  2⤵
  PID:9300
- C:\Windows\System\zClFgCo.exe
  C:\Windows\System\zClFgCo.exe
  2⤵
  PID:9316
- C:\Windows\System\hMpOXjX.exe
  C:\Windows\System\hMpOXjX.exe
  2⤵
  PID:9344
- C:\Windows\System\NClbXDP.exe
  C:\Windows\System\NClbXDP.exe
  2⤵
  PID:9360
- C:\Windows\System\OdLoMVq.exe
  C:\Windows\System\OdLoMVq.exe
  2⤵
  PID:9384
- C:\Windows\System\uVUuZFL.exe
  C:\Windows\System\uVUuZFL.exe
  2⤵
  PID:9404
- C:\Windows\System\alWaHKw.exe
  C:\Windows\System\alWaHKw.exe
  2⤵
  PID:9420
- C:\Windows\System\mqCOXSm.exe
  C:\Windows\System\mqCOXSm.exe
  2⤵
  PID:9440
- C:\Windows\System\hIQCLxC.exe
  C:\Windows\System\hIQCLxC.exe
  2⤵
  PID:9456
- C:\Windows\System\hssWcUJ.exe
  C:\Windows\System\hssWcUJ.exe
  2⤵
  PID:9476
- C:\Windows\System\qRmSdnJ.exe
  C:\Windows\System\qRmSdnJ.exe
  2⤵
  PID:9500
- C:\Windows\System\SGonJuR.exe
  C:\Windows\System\SGonJuR.exe
  2⤵
  PID:9520
- C:\Windows\System\SRzTOjA.exe
  C:\Windows\System\SRzTOjA.exe
  2⤵
  PID:9536
- C:\Windows\System\ZhgmArY.exe
  C:\Windows\System\ZhgmArY.exe
  2⤵
  PID:9552
- C:\Windows\System\bCohZee.exe
  C:\Windows\System\bCohZee.exe
  2⤵
  PID:9576
- C:\Windows\System\zMQMYIR.exe
  C:\Windows\System\zMQMYIR.exe
  2⤵
  PID:9612
- C:\Windows\System\CHopBOI.exe
  C:\Windows\System\CHopBOI.exe
  2⤵
  PID:9632
- C:\Windows\System\UnCcWvm.exe
  C:\Windows\System\UnCcWvm.exe
  2⤵
  PID:9648
- C:\Windows\System\qEFPMuN.exe
  C:\Windows\System\qEFPMuN.exe
  2⤵
  PID:9664
- C:\Windows\System\yPPJXqS.exe
  C:\Windows\System\yPPJXqS.exe
  2⤵
  PID:9684
- C:\Windows\System\QGvFaHO.exe
  C:\Windows\System\QGvFaHO.exe
  2⤵
  PID:9712
- C:\Windows\System\HNrOyxW.exe
  C:\Windows\System\HNrOyxW.exe
  2⤵
  PID:9728
- C:\Windows\System\ajtnSWo.exe
  C:\Windows\System\ajtnSWo.exe
  2⤵
  PID:9744
- C:\Windows\System\oatZFSm.exe
  C:\Windows\System\oatZFSm.exe
  2⤵
  PID:9760
- C:\Windows\System\oRDONwY.exe
  C:\Windows\System\oRDONwY.exe
  2⤵
  PID:9776
- C:\Windows\System\yTkSDNk.exe
  C:\Windows\System\yTkSDNk.exe
  2⤵
  PID:9796
- C:\Windows\System\rCZwlZi.exe
  C:\Windows\System\rCZwlZi.exe
  2⤵
  PID:9812
- C:\Windows\System\YtKSQqm.exe
  C:\Windows\System\YtKSQqm.exe
  2⤵
  PID:9828
- C:\Windows\System\AuPESmU.exe
  C:\Windows\System\AuPESmU.exe
  2⤵
  PID:9848
- C:\Windows\System\WqMiKnW.exe
  C:\Windows\System\WqMiKnW.exe
  2⤵
  PID:9888
- C:\Windows\System\OjmrwnD.exe
  C:\Windows\System\OjmrwnD.exe
  2⤵
  PID:9912
- C:\Windows\System\PGxITcn.exe
  C:\Windows\System\PGxITcn.exe
  2⤵
  PID:9928
- C:\Windows\System\CuMRGsn.exe
  C:\Windows\System\CuMRGsn.exe
  2⤵
  PID:9944
- C:\Windows\System\kAsLwTO.exe
  C:\Windows\System\kAsLwTO.exe
  2⤵
  PID:9960
- C:\Windows\System\hoDtDWo.exe
  C:\Windows\System\hoDtDWo.exe
  2⤵
  PID:9976
- C:\Windows\System\amkfwBa.exe
  C:\Windows\System\amkfwBa.exe
  2⤵
  PID:9992
- C:\Windows\System\YHggyVt.exe
  C:\Windows\System\YHggyVt.exe
  2⤵
  PID:10008
- C:\Windows\System\LahPmKF.exe
  C:\Windows\System\LahPmKF.exe
  2⤵
  PID:10036
- C:\Windows\System\bfjPNmc.exe
  C:\Windows\System\bfjPNmc.exe
  2⤵
  PID:10072
- C:\Windows\System\FRZMufp.exe
  C:\Windows\System\FRZMufp.exe
  2⤵
  PID:10088
- C:\Windows\System\MHgrKDR.exe
  C:\Windows\System\MHgrKDR.exe
  2⤵
  PID:10104
- C:\Windows\System\hBAAWlA.exe
  C:\Windows\System\hBAAWlA.exe
  2⤵
  PID:10124
- C:\Windows\System\rDeepWP.exe
  C:\Windows\System\rDeepWP.exe
  2⤵
  PID:10140
- C:\Windows\System\iYBrzLN.exe
  C:\Windows\System\iYBrzLN.exe
  2⤵
  PID:10164
- C:\Windows\System\DMDaVaq.exe
  C:\Windows\System\DMDaVaq.exe
  2⤵
  PID:10188
- C:\Windows\System\fgclHHH.exe
  C:\Windows\System\fgclHHH.exe
  2⤵
  PID:10212
- C:\Windows\System\wqsVxwT.exe
  C:\Windows\System\wqsVxwT.exe
  2⤵
  PID:10228
- C:\Windows\System\tYPhVZf.exe
  C:\Windows\System\tYPhVZf.exe
  2⤵
  PID:8560
- C:\Windows\System\sIbRIOt.exe
  C:\Windows\System\sIbRIOt.exe
  2⤵
  PID:9220
- C:\Windows\System\derbwVr.exe
  C:\Windows\System\derbwVr.exe
  2⤵
  PID:9240
- C:\Windows\System\SEeCTyp.exe
  C:\Windows\System\SEeCTyp.exe
  2⤵
  PID:9288
- C:\Windows\System\pWMqEJL.exe
  C:\Windows\System\pWMqEJL.exe
  2⤵
  PID:9332
- C:\Windows\System\GjOEZnY.exe
  C:\Windows\System\GjOEZnY.exe
  2⤵
  PID:9352
- C:\Windows\System\HfAalQt.exe
  C:\Windows\System\HfAalQt.exe
  2⤵
  PID:9380
- C:\Windows\System\cpIsDfj.exe
  C:\Windows\System\cpIsDfj.exe
  2⤵
  PID:9412
- C:\Windows\System\kLMdXSl.exe
  C:\Windows\System\kLMdXSl.exe
  2⤵
  PID:9452
- C:\Windows\System\FCtCYVf.exe
  C:\Windows\System\FCtCYVf.exe
  2⤵
  PID:9496
- C:\Windows\System\maDHDHT.exe
  C:\Windows\System\maDHDHT.exe
  2⤵
  PID:9464
- C:\Windows\System\XnWWrXe.exe
  C:\Windows\System\XnWWrXe.exe
  2⤵
  PID:9516
- C:\Windows\System\VPtRBqY.exe
  C:\Windows\System\VPtRBqY.exe
  2⤵
  PID:9560
- C:\Windows\System\CczTFer.exe
  C:\Windows\System\CczTFer.exe
  2⤵
  PID:9588
- C:\Windows\System\xXbFlVI.exe
  C:\Windows\System\xXbFlVI.exe
  2⤵
  PID:8864
- C:\Windows\System\yDJRkLD.exe
  C:\Windows\System\yDJRkLD.exe
  2⤵
  PID:9640
- C:\Windows\System\UHwWgXq.exe
  C:\Windows\System\UHwWgXq.exe
  2⤵
  PID:9692
- C:\Windows\System\zIGXqlv.exe
  C:\Windows\System\zIGXqlv.exe
  2⤵
  PID:9696
- C:\Windows\System\RcEMwpG.exe
  C:\Windows\System\RcEMwpG.exe
  2⤵
  PID:9720
- C:\Windows\System\scNALKp.exe
  C:\Windows\System\scNALKp.exe
  2⤵
  PID:9772
- C:\Windows\System\csuBQIh.exe
  C:\Windows\System\csuBQIh.exe
  2⤵
  PID:9868
- C:\Windows\System\ibyCklS.exe
  C:\Windows\System\ibyCklS.exe
  2⤵
  PID:9876
- C:\Windows\System\QqUHkMe.exe
  C:\Windows\System\QqUHkMe.exe
  2⤵
  PID:9908
- C:\Windows\System\JpPtckQ.exe
  C:\Windows\System\JpPtckQ.exe
  2⤵
  PID:9936
- C:\Windows\System\RLmsyVq.exe
  C:\Windows\System\RLmsyVq.exe
  2⤵
  PID:9956
- C:\Windows\System\HfODWHY.exe
  C:\Windows\System\HfODWHY.exe
  2⤵
  PID:9984
- C:\Windows\System\HcnoqNL.exe
  C:\Windows\System\HcnoqNL.exe
  2⤵
  PID:10080
- C:\Windows\System\VRUGcPE.exe
  C:\Windows\System\VRUGcPE.exe
  2⤵
  PID:10064
- C:\Windows\System\TuJburL.exe
  C:\Windows\System\TuJburL.exe
  2⤵
  PID:10116
- C:\Windows\System\hhVxCSj.exe
  C:\Windows\System\hhVxCSj.exe
  2⤵
  PID:10148
- C:\Windows\System\OkeBkBB.exe
  C:\Windows\System\OkeBkBB.exe
  2⤵
  PID:10180
- C:\Windows\System\SpZEJJS.exe
  C:\Windows\System\SpZEJJS.exe
  2⤵
  PID:10224
- C:\Windows\System\bRSABYn.exe
  C:\Windows\System\bRSABYn.exe
  2⤵
  PID:8960
- C:\Windows\System\oOBLuyN.exe
  C:\Windows\System\oOBLuyN.exe
  2⤵
  PID:9340
- C:\Windows\System\gJUGQvU.exe
  C:\Windows\System\gJUGQvU.exe
  2⤵
  PID:9488
- C:\Windows\System\TXUsviL.exe
  C:\Windows\System\TXUsviL.exe
  2⤵
  PID:9512
- C:\Windows\System\fxufBaK.exe
  C:\Windows\System\fxufBaK.exe
  2⤵
  PID:9628
- C:\Windows\System\GHsuXkd.exe
  C:\Windows\System\GHsuXkd.exe
  2⤵
  PID:9236
- C:\Windows\System\WTeMqYs.exe
  C:\Windows\System\WTeMqYs.exe
  2⤵
  PID:9660
- C:\Windows\System\BrMGrOC.exe
  C:\Windows\System\BrMGrOC.exe
  2⤵
  PID:9752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AXHAMQj.exe

Filesize
6.0MB

MD5
2f3199b4051bddc062215c6af1c11e35

SHA1
a9938f5daf33ba1ee9d3cb72af7aabdeb68ad15e

SHA256
48d469feb834062a0a25ea3036ca7e4e0ea6a2dae1620565e1634a28c754d8f3

SHA512
73b0a240092cbc7736d8354b4e09847086dc80021490a16bda011bef435f43f5e9579c6f2a8ceee31729301c5c996d8b0c4539bd6c0306fba71986a2409d47d6

Download Submit
C:\Windows\system\GptCPHt.exe

Filesize
6.0MB

MD5
40eb1cc477f10684f2708d5cc1134172

SHA1
a19f76f24ebeeacb46aa7be103bd7fbd4b47c175

SHA256
69d2d07d2193ce293204d11221967aecaa12ffe15148887167ba43e207549386

SHA512
1316c688cfd84e30846c496571bdd06fffd9325135096e1c5de6e2bf521e980fe19121aae9541ae2f0b8a0e4337030c5f2352590efcc6b8997d978c7fa7a8a54

Download Submit
C:\Windows\system\HOJyyPi.exe

Filesize
6.0MB

MD5
49d7a0031ad923eef9b8cf3278f108cf

SHA1
5be98a284ebdefd28724ea24fa0f3110c1feb997

SHA256
f0c7c0284d6e0ed5cc08f7b8e54da639a40a1e3fba4634a7dac8584e9e6501a8

SHA512
3285ed81ec3d0282da8bd853c5106debe17563cf181d3ac116c89439d7a4bd0539f831395a67948c50495aa18e77706d692edc6ae335d0cc193436349dc136c5

Download Submit
C:\Windows\system\HQwMxcz.exe

Filesize
6.0MB

MD5
5859bf071da92a43ff21082746bbf442

SHA1
c037ad45ec9ca0323cd5ac94aa34835750a79db5

SHA256
0e4094a6c49cf8747820854f406a2fa6094f94c46c0bc07bdfcdc4916204fb79

SHA512
d79a2fa1650c1efbb393ce324729a48eb7afc627a7f87a45fae50746d1841984239317f11449140cd55115e78d21da5b0dbb05e221f01b957ee2107a54ecb31a

Download Submit
C:\Windows\system\HRWZDaV.exe

Filesize
6.0MB

MD5
861330cfab29543104ada6f9ee3b4cee

SHA1
d094036f7ac874ee91f6be0c3aee80b9643d0572

SHA256
d077fca4a6595828cccaae392dc202a419563c6aab15fdd5bd10702c889540c0

SHA512
ee94e6b6ec4cf00462b1499f2815ce0dd391259655b618f4ff7dd7ef07d937e150c434619b7b668c152fbfc8aeab2d4eb534f05bad17410ce621b0b9eaa357cf

Download Submit
C:\Windows\system\JxXaCoZ.exe

Filesize
6.0MB

MD5
dc0a513b2ce162b7c3b8e3482f74ddae

SHA1
3de5227d1251c175595f934842fdd361988a3fcd

SHA256
0163e4d10e10ad86a838a49b4824c07216f7396acb98d97d61fedae1f5272e49

SHA512
0d04b1de21793075c0c23f25b8e483a1ef59d7a6611202d13cd72a8904f10bb82f32defaaab9e59779ed54a0a80fab1e6f033c9d1e61a0fd7ac8c0f83aa4bc1d

Download Submit
C:\Windows\system\KlLmPyY.exe

Filesize
6.0MB

MD5
5c4cb33ac4d1118da68ee3a7c03d4a28

SHA1
0eae5d1a5081cc1af3fe672b9ec532340d4a8571

SHA256
833a352be1489d00559f75e4519ac01b2e2a6989528c2bf874430f3acb70736f

SHA512
99db022ecaf468935b5d85f7ce5a779dead7e9a2833d7ec6bc133d2ff01aaa6f7c1010fe9165f6fbafb994d40a64bbc5fee696521da1b551878752bdc149967c

Download Submit
C:\Windows\system\MkKmXBQ.exe

Filesize
6.0MB

MD5
c76073bb91f320cb5e5fd677581656e7

SHA1
5907c457ea35c7a83d32583b56279733de0f9b27

SHA256
7e2e4cefa9a9260dc212b979c73e375684b01dd6154cae4b415525331e64a675

SHA512
5d72cd2cada832b4be5c4032a9557d37fb4f4eb566a494de109f3ecd23a6eb8a959096169de4c3830c38305f1db237f193cd64ae9df1a90cc1a19222a1e3d1a8

Download Submit
C:\Windows\system\NckWFui.exe

Filesize
6.0MB

MD5
5506cd4c43bd035e7a6df216c104b1b2

SHA1
f0b6c09f31740f48bbc7b77d0e7f05736057621e

SHA256
fe30c7416ce0d3175d7ba896a82f598361ac76fb7b192f735aa182e7e0114c4c

SHA512
ad04120ea3c4f8502ae3647fa9f56ea8844ebaa81036df14cc954fd9380cd82446c056f60cc85375925f4dc2aadeca432dea22a67d8c2a1035ec74b4ccfedfd4

Download Submit
C:\Windows\system\ONgrVOV.exe

Filesize
8B

MD5
f0f56e1c0f795208bdd1916c9591e3a7

SHA1
8761e3e30149fd390d8b55fced29a33f7a3f00e0

SHA256
433cd8cda95228cbb1dd1180887eee2fa177cba1631ab1728b33c6d501044ec6

SHA512
214b2a22d8049e9aa15f34f8e718b27d1156ba04d487c42d09c6cc17f5f180b65b0f2428ecfd37e6b6afb57d80a2d513254a10ff5e49d64a33787a20f5424634

Download Submit
C:\Windows\system\PfGZAaz.exe

Filesize
6.0MB

MD5
bad01c0ca6f73fbd1489557cdf65ce53

SHA1
b74d26946ffad7fe9364d4d90bd2ae3f32a26054

SHA256
211bec1f65afc54a34a11dc50b780283f7fb6a707fad9e89c8341643e5a1c665

SHA512
73a8164e39431ade5122ae012e82060db9b6cc91cc6d25ead7b863dca53a8f7843dee51d84cc54ff0599271c7cb466c233b4c3e368b7c0562f28edf8078f21d1

Download Submit
C:\Windows\system\PsjUeVs.exe

Filesize
6.0MB

MD5
947699f7f541f9a7ddec5e9ca48e45ae

SHA1
4a10ead0c98343b3210fe5d768bad260ce0130de

SHA256
323c6edd975d46762bcb4623c69e5f56d097c1e8c95efae5a88558ecc1ddddd2

SHA512
e121850a3ee7e042cf720850a6bf8c404c95d1f0801f81109b020f145fc31a7415484db669230cd3d323ed130c8d57af752d3aff8dd8daadf81f4b20fa29e434

Download Submit
C:\Windows\system\QKgmPHM.exe

Filesize
6.0MB

MD5
d9090abbc1f580b7131cae234180c7b1

SHA1
f919328f5579930331026370014113793729f975

SHA256
4453058721a5f39c4ead11b366703eac4f38536d614a650f9090da5f528ec594

SHA512
242c73048e7a4dab38afaf0eeb6940191a04018d6f8348bc21f1fc61557753bf5e3584e932883d7b3b8bbf202f57e230d43b75d8c7f1138d2282479e38eccd1a

Download Submit
C:\Windows\system\QmGLEfU.exe

Filesize
6.0MB

MD5
58aa673b3e0e04089f28f5fe0a5bffc3

SHA1
5df4e4f57f07f821ab4950269b111390e91f0ad3

SHA256
1dcbd8d656b2660596d4ea4c493b95cbbf9b99c33c8d09d8da4970753e930634

SHA512
d7909bff9d7e0b3b5228b6ef92677801781638b21f284bedb2f8a1e5b2d2341e899256cc77cd4e2b9b6b03d0296e9ad57fb4e0c954b4cd17f771b8ede21d0bc9

Download Submit
C:\Windows\system\RsgGuFx.exe

Filesize
6.0MB

MD5
3a6ee17e07cf22f2883a2e28b13c274f

SHA1
7c16cd05e9772fc46969929215da09802f156ce4

SHA256
9bee240a9cb1a577d93bc4e9caba9dcb47d119db7027189f824b8c774d9e3597

SHA512
b79c64a311af8192036f33ef5768244367802847369823ce69e6636edfae678933b52999f548a407da0694342c5dae4d5c1fb71ea4c7f3556aeaa9af6b074337

Download Submit
C:\Windows\system\UIxSRMW.exe

Filesize
6.0MB

MD5
39d388b51b16874dd69404e6f0e89c5b

SHA1
3262bbdca7e8b571d1dca3f36b8acc73cab1704e

SHA256
82e170aa8b15fbc48e724a311b0e391f40a2e781ff858a6fe83e439ebe29b966

SHA512
714342eb0eefa4c0bb960a4cdda827b90051633bf123bb09c412f59db035c314f6812abb27847c41dd72550386fb560b3f512dbbb230c35e2d0d7cedc19c7405

Download Submit
C:\Windows\system\cdhRjia.exe

Filesize
6.0MB

MD5
af9f22d22567e167516c484bc4e4afe4

SHA1
1233ec3f9bd0d4f5c9212444a9630892cf2bcb87

SHA256
4b623bd896c72b95d877560e363830d67547ae5a0cc21ec625f8fe47168031fe

SHA512
c4d01af12778392cd91d561a1da7db7e837e1c9c564be492b9adcbd05b2be5a570d4fb5dfdbd032927147fec7d3ca09ce1902b696b6e40cdced809bc5a975ee7

Download Submit
C:\Windows\system\fcOvjsH.exe

Filesize
6.0MB

MD5
16f6720556d71f1014d69d4c1619b407

SHA1
0adbcc32d39abc217dabbd517e66cb29f4c29fc2

SHA256
871f9248b11f36e985daaaf63a870db648ac4f65fc0d32d120f5ca6e894ab8d9

SHA512
a6c90aed958d0b98d0ff1844642442ced3618fa813ed4e0ce82667041f85021cf42b7f08da72e648ebb836883777d2fc2b3660f3586f56ac646f648fff6ff267

Download Submit
C:\Windows\system\fqIFsTd.exe

Filesize
6.0MB

MD5
a6bfc5d3b96a7c6cd9a57d1c365603fd

SHA1
77fb8b66934016fa0bd5f8219fcdb133c29e6f6d

SHA256
59ecb14d8fc6b39d41f29349eba2d1b9715777d0ee290fd7c043ff2cbe6d6dc9

SHA512
78ba2c9298d6c0d594699002910b6b71289cc502f217fe50128a3296276aced1aeefb1cd50c1a4515f30b4ca3114726507d47f30ab4f00633cf9c7e2eb8fb9d4

Download Submit
C:\Windows\system\gyKrFGb.exe

Filesize
6.0MB

MD5
fca640aa162e90f83368d5c338db8937

SHA1
33a08a64d9ff22058f63400389854b099ef9afab

SHA256
71585b2e2152a1ca5b565e7a159072e222711982235ec60568e32f8d3dfc6454

SHA512
c88cb214c1b28064e7263f0c4b69f1159f5703afb396d4b6285e0d26740bb69e7416f56cfa39ef381f15ee34d638cf432ffa465022a6a555bc31c003d311d3b0

Download Submit
C:\Windows\system\hdrnKgv.exe

Filesize
6.0MB

MD5
139592db21ac48d77fd2f8db4b9a626a

SHA1
a821d9652029f0473af3de6b847e0b7c2e8b2a49

SHA256
e43024cb2ad0113792e5d5cb8c47a6e869de6a55edcb9d61eb75e162a899a46d

SHA512
5d9b7a179615224dea2d3cf8b4becead909076387332b356ea1c4878ebbc2338b457890471a1304ba30bf6ce2a85a6253b1c5dd8124c046863196274a992c355

Download Submit
C:\Windows\system\mGACeKb.exe

Filesize
6.0MB

MD5
54b355fa52eac9c2a479861696c964d1

SHA1
595ffe4718a1fe912dd70e725cb2f001d593e3f6

SHA256
f85678e431c14f2c6fd47683a3cf0dc0b70a07429117d325020e306f78631513

SHA512
c2b4891db2fa32310f8ff612b062bd7f0647ec7d26b78826563e5fbd81af0b52b81547a003cf1584a7033d16523485b3045c17b6ffb76782f03619e24519dfc8

Download Submit
C:\Windows\system\nvHJtyG.exe

Filesize
6.0MB

MD5
03952de4d175c71dd336feeedef3660e

SHA1
739b858f95fdbfa44e65e214b12339b04e07c021

SHA256
27cf7b52ac81a7a277c83d606fc9d8c5b157f3138ddfdb36f252b33975c8345e

SHA512
b4d72636950a46354a22f5b7ada94286b8396c9fab216a3f4bacc51aa4a111c9a01237659c495f77b59f61a0283c6b7235356511903b6aa40d0fa7269112ca35

Download Submit
C:\Windows\system\qZMOfyH.exe

Filesize
6.0MB

MD5
fc9d517fd62b3555d672bf12c97f3f31

SHA1
b276224a1fec76a53da84a0951bc76406247e832

SHA256
b200ba063de9d82800e59bcd94283e9e0deb58fd432a7aecddc40c799110f9dd

SHA512
c2eb6f80e0cc1686b23ed350a8e3d9b7dd8f58f500f7d4c7845d17bc083b7f912c7322590c4798507e472dd99c19f41c5e332070aa8a9b60887e937a559b3e88

Download Submit
C:\Windows\system\samMyoI.exe

Filesize
6.0MB

MD5
43395fef643582741484b2da164a38a6

SHA1
c20d150197b1e2c2d2bd8a23fd507cf5c221f04b

SHA256
ec7a0937443fc8713f7d6bdfeab0f4537d061aff4befba338d13a657149dd205

SHA512
f01825e22513dfa475f1d6027198c6e38c38f1652071a1984ef377c36a983cbe193cd63455d523a099997b7ecb2aabdcf52a4d4b97953a9e1773ef340b4c748d

Download Submit
C:\Windows\system\tdQrwxI.exe

Filesize
6.0MB

MD5
a27e81e817ae408d84fe21da9bb616a2

SHA1
1445956d1307625db999449307c1e18fd7e1c5dc

SHA256
1e18a548366108a0151478791a053438fd908465d8df2aee38cf91efcf670f0f

SHA512
e5d96d7a7d258577dc45dde7ef9ca58e41f2c03d9d9186dc5761cbcd969f11cfc600e05e2a0f309848d21f33beeaf9e03fc91f8a82e690760c696ad5d273c016

Download Submit
C:\Windows\system\vHAVNbW.exe

Filesize
6.0MB

MD5
63a53b10c295a6886fb8e800a49853fd

SHA1
abe06352374e1d23b92c699965100d34b8116a10

SHA256
46019a4fd3640068e8f0d1867e203612e60990767e9c15ec52c997112f63c38e

SHA512
2399f384595503d515915f5187ee57ba91417411bf17427cb2133a0db170ce227c0a7b90e53275536458731231149b331765addeca56afd14176dd776ea10b13

Download Submit
C:\Windows\system\xRIsWLr.exe

Filesize
6.0MB

MD5
fe9bc494ce379d0dea0983fce6630890

SHA1
cbc4b233b4c26a589ef3eb402704eb39d9be70bb

SHA256
80ac5006408ee99cbbf4f92cf7fdea1193b0c5ad2c6104989d958b67287d1835

SHA512
495842c8e7cf4edb98022371d28ddb25a4ea0d933c1804f5904a996b50b0c75bc81bb02c00964e4955aa3abcf3a42fbaa093f65c73962ed67444147a1268c956

Download Submit
\Windows\system\EHtVmPc.exe

Filesize
6.0MB

MD5
6f469c191db489b06c38ad068ac59ed1

SHA1
8d592fa2ec162dc266c347ab1418173c070707b0

SHA256
9df12bc7f1d0b345cc2df02aa3ca5014950d9c8f7e3a9e93233f901b53129304

SHA512
3a7da75169cc9e4b763d903fba32b0d213ab3feb0f04a4cef37260a5209c2b5b10a53706a097217aae71f0cdef04ed527bc17907ba9a9006ad14c85fa96076e2

Download Submit
\Windows\system\QItwEYs.exe

Filesize
6.0MB

MD5
74f20215169a3802aec91c38574c5fca

SHA1
af39f0559eccade61d324846d6e10c6f32755268

SHA256
85a64d2ed2e5b94997aec7bf12dd3453ec244ca2272e92953bae3de7169b139e

SHA512
b0086232a708a3b087fd6d4813205d8d7bec5ea3eb290a2370ea3ecb41f7c6268f6c0871ec0515150b27f3fd89226ac63992ec24607c52b41597c61860b8488a

Download Submit
\Windows\system\RtTIDdN.exe

Filesize
6.0MB

MD5
b88a6bd0e07bdc3e7c9f4ab29635cc5e

SHA1
41895093be6b816be53d1da854c7662aca96ae50

SHA256
0c8a584f1d497b91f5bd4781046d90bc4732d24d28aae73b726dfddd06de6503

SHA512
9c41c567b11548cd92c7c8230e75525835564e0a15e7d070981c688c4e8ef15061fe9dae4d8c72b6909d17981d1a55c8416aa26d26f84b0368c4aae730bfe336

Download Submit
\Windows\system\jNPdCFs.exe

Filesize
6.0MB

MD5
b019a872ba53475f26b60f08276fbcf9

SHA1
3f4279415fa29ea4d288fca115472cf69ccfb04b

SHA256
1d35e6cc9559b0762711e7b7810bb95d3c5a76079773e55ef1aadf9c07863f05

SHA512
ad55470476e69a84816fd9fe3950c841e33dab71fe93f516952d13ad3878d4a34cf5395a59681d8d3e806ba72dd7c1bba7a223d7613e9d5d78ba0211b6889826

Download Submit
\Windows\system\zOsCrTo.exe

Filesize
6.0MB

MD5
4d90b3ae6283b76adab6a07db06dccb5

SHA1
0b843a44ed7ca621e06d51322d4d326e522ff927

SHA256
2329e5a371536fa5cbdf72738794a23787758a3ff24bc3d43219e448e4611360

SHA512
a874be015b3a846a78dd933feac9190298d4e4f0fb9a51462aa4cc788a173d3a25202459478da134563abed20100ba99a16830d727bd0a7f0828936dc346bd63

Download Submit
memory/296-3457-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/296-151-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/296-72-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/604-413-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/604-3482-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/604-88-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-279-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/848-3504-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/848-79-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3501-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1728-106-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1728-777-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2076-111-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2076-61-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2076-490-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2076-0-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2076-110-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2076-672-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2076-19-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2076-880-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2076-102-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2076-101-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2076-31-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-24-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2076-93-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2076-92-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-35-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2076-53-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-84-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-83-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-45-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-336-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-8-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2076-68-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2320-29-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3396-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2556-71-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3463-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-36-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-58-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3448-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-96-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-13-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3401-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2720-87-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-50-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3473-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-14-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3394-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-49-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3432-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-78-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-41-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-97-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3510-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2868-583-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3404-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2904-21-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2904-57-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/3028-64-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3028-105-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3509-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download