cobaltstrike | 8f404058935429afb384eb6748e75efe54442847242406f1e2904cd1e4873a1d

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

a1bddb617542b0a5f78e8a7651a808e9
SHA1

558f573dba47120797a06e08a04b4ea404f1ee4b
SHA256

8f404058935429afb384eb6748e75efe54442847242406f1e2904cd1e4873a1d
SHA512

6ea98755102ecad0bc704c018618e2e0c280c882e60a4e1e96eb60d7b88f62d2e120cdb8b44dfbeb9e7ff65eace8bb4fd8c2b2c74ecdd56830f6a234e45e38e6
SSDEEP

98304:IapSdlWdfE0pZPD56utgpPFotBER/mQ32lUe:32Y56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739a-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173aa-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173fb-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017409-46.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc8-43.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001747b-54.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-116.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1796-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/1796-6-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x000800000001739a-8.dat	xmrig
behavioral1/memory/2280-14-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x00080000000173aa-10.dat	xmrig
behavioral1/files/0x00070000000173fb-21.dat	xmrig
behavioral1/memory/1972-27-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1796-22-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2656-20-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2232-32-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0007000000017403-31.dat	xmrig
behavioral1/memory/1796-29-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/1796-35-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2056-37-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2280-39-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2772-45-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0007000000017409-46.dat	xmrig
behavioral1/memory/2656-51-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2580-52-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dc8-43.dat	xmrig
behavioral1/files/0x000900000001747b-54.dat	xmrig
behavioral1/memory/1972-59-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x000800000001748f-62.dat	xmrig
behavioral1/memory/2348-67-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019271-73.dat	xmrig
behavioral1/memory/2584-79-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2232-61-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2740-89-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2836-88-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019273-87.dat	xmrig
behavioral1/memory/2796-86-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x000500000001926b-84.dat	xmrig
behavioral1/memory/1796-83-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2580-81-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2772-74-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019277-91.dat	xmrig
behavioral1/memory/2348-94-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019382-97.dat	xmrig
behavioral1/files/0x0005000000019389-106.dat	xmrig
behavioral1/files/0x00050000000193be-111.dat	xmrig
behavioral1/files/0x00050000000193cc-120.dat	xmrig
behavioral1/files/0x0005000000019401-138.dat	xmrig
behavioral1/files/0x000500000001942f-147.dat	xmrig
behavioral1/files/0x00050000000194d8-162.dat	xmrig
behavioral1/files/0x000500000001961b-176.dat	xmrig
behavioral1/files/0x0005000000019620-193.dat	xmrig
behavioral1/files/0x000500000001961d-183.dat	xmrig
behavioral1/files/0x000500000001961f-187.dat	xmrig
behavioral1/files/0x00050000000195e4-172.dat	xmrig
behavioral1/files/0x0005000000019539-167.dat	xmrig
behavioral1/files/0x000500000001947e-157.dat	xmrig
behavioral1/files/0x0005000000019441-152.dat	xmrig
behavioral1/files/0x0005000000019403-142.dat	xmrig
behavioral1/files/0x00050000000193df-132.dat	xmrig
behavioral1/files/0x00050000000193d9-127.dat	xmrig
behavioral1/files/0x00050000000193c4-116.dat	xmrig
behavioral1/memory/1060-734-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/1720-749-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2584-1208-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2796-1617-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2740-1779-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1796-2415-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2056-3321-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2056	ReNIBeo.exe
2280	zizuKfM.exe
2656	oXfWZck.exe
1972	XNIntFN.exe
2232	DClBrQp.exe
2772	YBorWwG.exe
2580	GKMryOf.exe
2836	AyvmIJj.exe
2348	pFojLkr.exe
2584	UvgYuBW.exe
2796	RAoGyzT.exe
2740	ffPIxju.exe
1060	AXygbNA.exe
1720	RcYhYQn.exe
2316	ilSMfRR.exe
1240	FAjVbvF.exe
1912	HAUulVj.exe
2028	kzZYpPG.exe
336	GblCewc.exe
1780	SBZyczR.exe
1800	tkOgRti.exe
2920	JrmFTpB.exe
2828	qHNlNsq.exe
2612	rUlmLRZ.exe
2240	JoBYgyA.exe
1600	zYUehbg.exe
2144	NgvdChX.exe
1848	ZRpJnGY.exe
404	hMMnlCu.exe
1632	wlRnFNh.exe
2160	DjUzexT.exe
1348	eXCfOPv.exe
1356	HkmmDNn.exe
1684	OlFmTMe.exe
964	JxIDQVq.exe
1940	bXCxsbT.exe
836	YppIUIS.exe
848	JvWodPI.exe
888	rmftvFp.exe
1360	NemmiNT.exe
2788	hGvaTHC.exe
2376	vXNTgdo.exe
1660	XRhsgpQ.exe
2148	MfwaCZV.exe
2352	wmIDKpM.exe
564	jSIOVVg.exe
544	rBgiBuB.exe
1744	AFHRGDq.exe
880	jHNmraG.exe
2260	ewCJjay.exe
984	pDmsKbd.exe
1700	GdMcIvk.exe
1976	RitKqoV.exe
2480	MrwFqhC.exe
2476	mXYgGXs.exe
1692	DSQXems.exe
2940	iizbSLm.exe
2196	PdncHfv.exe
2712	KwFmsQS.exe
2092	iqtyJSZ.exe
2192	tNiTxUc.exe
2152	dXipnxS.exe
2608	CAbEfDi.exe
2636	EXtJyjH.exe

Loads dropped DLL 64 IoCs

pid	Process
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1796-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/1796-6-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x000800000001739a-8.dat	upx
behavioral1/memory/2280-14-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x00080000000173aa-10.dat	upx
behavioral1/files/0x00070000000173fb-21.dat	upx
behavioral1/memory/1972-27-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2656-20-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2232-32-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0007000000017403-31.dat	upx
behavioral1/memory/1796-35-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2056-37-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2280-39-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2772-45-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0007000000017409-46.dat	upx
behavioral1/memory/2656-51-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2580-52-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0009000000016dc8-43.dat	upx
behavioral1/files/0x000900000001747b-54.dat	upx
behavioral1/memory/1972-59-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x000800000001748f-62.dat	upx
behavioral1/memory/2348-67-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0005000000019271-73.dat	upx
behavioral1/memory/2584-79-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2232-61-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2740-89-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2836-88-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0005000000019273-87.dat	upx
behavioral1/memory/2796-86-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x000500000001926b-84.dat	upx
behavioral1/memory/2580-81-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2772-74-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0005000000019277-91.dat	upx
behavioral1/memory/2348-94-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0005000000019382-97.dat	upx
behavioral1/files/0x0005000000019389-106.dat	upx
behavioral1/files/0x00050000000193be-111.dat	upx
behavioral1/files/0x00050000000193cc-120.dat	upx
behavioral1/files/0x0005000000019401-138.dat	upx
behavioral1/files/0x000500000001942f-147.dat	upx
behavioral1/files/0x00050000000194d8-162.dat	upx
behavioral1/files/0x000500000001961b-176.dat	upx
behavioral1/files/0x0005000000019620-193.dat	upx
behavioral1/files/0x000500000001961d-183.dat	upx
behavioral1/files/0x000500000001961f-187.dat	upx
behavioral1/files/0x00050000000195e4-172.dat	upx
behavioral1/files/0x0005000000019539-167.dat	upx
behavioral1/files/0x000500000001947e-157.dat	upx
behavioral1/files/0x0005000000019441-152.dat	upx
behavioral1/files/0x0005000000019403-142.dat	upx
behavioral1/files/0x00050000000193df-132.dat	upx
behavioral1/files/0x00050000000193d9-127.dat	upx
behavioral1/files/0x00050000000193c4-116.dat	upx
behavioral1/memory/1060-734-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1720-749-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2584-1208-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2796-1617-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2740-1779-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2056-3321-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2280-3322-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2656-3366-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/1972-3365-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2232-3375-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\khYbBAF.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXygbNA.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEpfYhT.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QElXtdq.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnmIgUf.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjnlGUI.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUQosLr.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbAMsJO.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUYMlYR.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqtyJSZ.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZTLywo.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZoJnfF.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKuzlfD.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJdFlqO.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnAgqoF.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAUulVj.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExEfOjR.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVJjxRo.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oeHXBIz.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMPVmqt.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNljSUk.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTcGjnw.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMhDKmO.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpstPBI.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIZrRdS.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buEUCMX.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShXIKZX.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbXJftH.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAYGmBZ.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRhsgpQ.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNFbfFW.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxhTAEa.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJEvkri.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UXvUZdI.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLcPPFw.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmfJvVU.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McGAEmo.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmYDYFM.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTDGiRR.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksHBxEQ.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Shmlagl.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpQIpEK.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJRDAif.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyeBRjB.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffPIxju.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVuODBL.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxaIGXp.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUYDSXV.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMMnlCu.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLMEuMc.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcGzFIb.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiWyhze.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aEzqduJ.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdMcIvk.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsuxXHm.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEhRUeU.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwJTHii.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJeUQow.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaPfMNj.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNiTxUc.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RetJSfB.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udifnLn.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIXuQDW.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIWVhXC.exe	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 2056	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1796 wrote to memory of 2056	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1796 wrote to memory of 2056	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1796 wrote to memory of 2280	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1796 wrote to memory of 2280	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1796 wrote to memory of 2280	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1796 wrote to memory of 2656	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1796 wrote to memory of 2656	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1796 wrote to memory of 2656	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1796 wrote to memory of 1972	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1796 wrote to memory of 1972	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1796 wrote to memory of 1972	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1796 wrote to memory of 2232	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1796 wrote to memory of 2232	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1796 wrote to memory of 2232	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1796 wrote to memory of 2772	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1796 wrote to memory of 2772	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1796 wrote to memory of 2772	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1796 wrote to memory of 2580	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1796 wrote to memory of 2580	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1796 wrote to memory of 2580	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1796 wrote to memory of 2836	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1796 wrote to memory of 2836	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1796 wrote to memory of 2836	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1796 wrote to memory of 2348	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1796 wrote to memory of 2348	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1796 wrote to memory of 2348	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1796 wrote to memory of 2796	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1796 wrote to memory of 2796	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1796 wrote to memory of 2796	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1796 wrote to memory of 2584	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1796 wrote to memory of 2584	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1796 wrote to memory of 2584	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1796 wrote to memory of 2740	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1796 wrote to memory of 2740	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1796 wrote to memory of 2740	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1796 wrote to memory of 1060	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1796 wrote to memory of 1060	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1796 wrote to memory of 1060	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1796 wrote to memory of 1720	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1796 wrote to memory of 1720	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1796 wrote to memory of 1720	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1796 wrote to memory of 2316	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1796 wrote to memory of 2316	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1796 wrote to memory of 2316	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1796 wrote to memory of 1240	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1796 wrote to memory of 1240	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1796 wrote to memory of 1240	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1796 wrote to memory of 1912	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1796 wrote to memory of 1912	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1796 wrote to memory of 1912	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1796 wrote to memory of 2028	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1796 wrote to memory of 2028	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1796 wrote to memory of 2028	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1796 wrote to memory of 336	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1796 wrote to memory of 336	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1796 wrote to memory of 336	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1796 wrote to memory of 1780	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1796 wrote to memory of 1780	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1796 wrote to memory of 1780	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1796 wrote to memory of 1800	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1796 wrote to memory of 1800	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1796 wrote to memory of 1800	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1796 wrote to memory of 2920	1796	2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_a1bddb617542b0a5f78e8a7651a808e9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Windows\System\ReNIBeo.exe
  C:\Windows\System\ReNIBeo.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\zizuKfM.exe
  C:\Windows\System\zizuKfM.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\oXfWZck.exe
  C:\Windows\System\oXfWZck.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\XNIntFN.exe
  C:\Windows\System\XNIntFN.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\DClBrQp.exe
  C:\Windows\System\DClBrQp.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\YBorWwG.exe
  C:\Windows\System\YBorWwG.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\GKMryOf.exe
  C:\Windows\System\GKMryOf.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\AyvmIJj.exe
  C:\Windows\System\AyvmIJj.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\pFojLkr.exe
  C:\Windows\System\pFojLkr.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\RAoGyzT.exe
  C:\Windows\System\RAoGyzT.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\UvgYuBW.exe
  C:\Windows\System\UvgYuBW.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ffPIxju.exe
  C:\Windows\System\ffPIxju.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\AXygbNA.exe
  C:\Windows\System\AXygbNA.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\RcYhYQn.exe
  C:\Windows\System\RcYhYQn.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\ilSMfRR.exe
  C:\Windows\System\ilSMfRR.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\FAjVbvF.exe
  C:\Windows\System\FAjVbvF.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\HAUulVj.exe
  C:\Windows\System\HAUulVj.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\kzZYpPG.exe
  C:\Windows\System\kzZYpPG.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\GblCewc.exe
  C:\Windows\System\GblCewc.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\SBZyczR.exe
  C:\Windows\System\SBZyczR.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\tkOgRti.exe
  C:\Windows\System\tkOgRti.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\JrmFTpB.exe
  C:\Windows\System\JrmFTpB.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\qHNlNsq.exe
  C:\Windows\System\qHNlNsq.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\rUlmLRZ.exe
  C:\Windows\System\rUlmLRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\JoBYgyA.exe
  C:\Windows\System\JoBYgyA.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\zYUehbg.exe
  C:\Windows\System\zYUehbg.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\NgvdChX.exe
  C:\Windows\System\NgvdChX.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\ZRpJnGY.exe
  C:\Windows\System\ZRpJnGY.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\hMMnlCu.exe
  C:\Windows\System\hMMnlCu.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\wlRnFNh.exe
  C:\Windows\System\wlRnFNh.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\DjUzexT.exe
  C:\Windows\System\DjUzexT.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\eXCfOPv.exe
  C:\Windows\System\eXCfOPv.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\HkmmDNn.exe
  C:\Windows\System\HkmmDNn.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\OlFmTMe.exe
  C:\Windows\System\OlFmTMe.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\JxIDQVq.exe
  C:\Windows\System\JxIDQVq.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\bXCxsbT.exe
  C:\Windows\System\bXCxsbT.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\YppIUIS.exe
  C:\Windows\System\YppIUIS.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\JvWodPI.exe
  C:\Windows\System\JvWodPI.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\rmftvFp.exe
  C:\Windows\System\rmftvFp.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\NemmiNT.exe
  C:\Windows\System\NemmiNT.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\hGvaTHC.exe
  C:\Windows\System\hGvaTHC.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\vXNTgdo.exe
  C:\Windows\System\vXNTgdo.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\XRhsgpQ.exe
  C:\Windows\System\XRhsgpQ.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\MfwaCZV.exe
  C:\Windows\System\MfwaCZV.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\wmIDKpM.exe
  C:\Windows\System\wmIDKpM.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\jSIOVVg.exe
  C:\Windows\System\jSIOVVg.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\rBgiBuB.exe
  C:\Windows\System\rBgiBuB.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\AFHRGDq.exe
  C:\Windows\System\AFHRGDq.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\jHNmraG.exe
  C:\Windows\System\jHNmraG.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\ewCJjay.exe
  C:\Windows\System\ewCJjay.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\pDmsKbd.exe
  C:\Windows\System\pDmsKbd.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\GdMcIvk.exe
  C:\Windows\System\GdMcIvk.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\RitKqoV.exe
  C:\Windows\System\RitKqoV.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\MrwFqhC.exe
  C:\Windows\System\MrwFqhC.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\mXYgGXs.exe
  C:\Windows\System\mXYgGXs.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\DSQXems.exe
  C:\Windows\System\DSQXems.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\iizbSLm.exe
  C:\Windows\System\iizbSLm.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\PdncHfv.exe
  C:\Windows\System\PdncHfv.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\KwFmsQS.exe
  C:\Windows\System\KwFmsQS.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\iqtyJSZ.exe
  C:\Windows\System\iqtyJSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\tNiTxUc.exe
  C:\Windows\System\tNiTxUc.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\dXipnxS.exe
  C:\Windows\System\dXipnxS.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\CAbEfDi.exe
  C:\Windows\System\CAbEfDi.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\EXtJyjH.exe
  C:\Windows\System\EXtJyjH.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\zyIuVfb.exe
  C:\Windows\System\zyIuVfb.exe
  2⤵
  PID:2576
- C:\Windows\System\lTORrqL.exe
  C:\Windows\System\lTORrqL.exe
  2⤵
  PID:2784
- C:\Windows\System\rfEvZNu.exe
  C:\Windows\System\rfEvZNu.exe
  2⤵
  PID:2604
- C:\Windows\System\pUqCXJx.exe
  C:\Windows\System\pUqCXJx.exe
  2⤵
  PID:2832
- C:\Windows\System\XvoNavd.exe
  C:\Windows\System\XvoNavd.exe
  2⤵
  PID:576
- C:\Windows\System\zBFAFmq.exe
  C:\Windows\System\zBFAFmq.exe
  2⤵
  PID:2804
- C:\Windows\System\ZgKNkmn.exe
  C:\Windows\System\ZgKNkmn.exe
  2⤵
  PID:2164
- C:\Windows\System\wkXjFQs.exe
  C:\Windows\System\wkXjFQs.exe
  2⤵
  PID:1296
- C:\Windows\System\ETwddLL.exe
  C:\Windows\System\ETwddLL.exe
  2⤵
  PID:988
- C:\Windows\System\ePbLWUt.exe
  C:\Windows\System\ePbLWUt.exe
  2⤵
  PID:1988
- C:\Windows\System\dqFRMss.exe
  C:\Windows\System\dqFRMss.exe
  2⤵
  PID:1696
- C:\Windows\System\iRdGNaH.exe
  C:\Windows\System\iRdGNaH.exe
  2⤵
  PID:2036
- C:\Windows\System\FJUEsSW.exe
  C:\Windows\System\FJUEsSW.exe
  2⤵
  PID:1608
- C:\Windows\System\ocSOEGi.exe
  C:\Windows\System\ocSOEGi.exe
  2⤵
  PID:1668
- C:\Windows\System\DCOkFtn.exe
  C:\Windows\System\DCOkFtn.exe
  2⤵
  PID:2892
- C:\Windows\System\AHpUhmX.exe
  C:\Windows\System\AHpUhmX.exe
  2⤵
  PID:3036
- C:\Windows\System\DYiTTMr.exe
  C:\Windows\System\DYiTTMr.exe
  2⤵
  PID:1344
- C:\Windows\System\rqdLirw.exe
  C:\Windows\System\rqdLirw.exe
  2⤵
  PID:1504
- C:\Windows\System\RadQvYs.exe
  C:\Windows\System\RadQvYs.exe
  2⤵
  PID:1136
- C:\Windows\System\VCkWZOR.exe
  C:\Windows\System\VCkWZOR.exe
  2⤵
  PID:2540
- C:\Windows\System\ioVICIM.exe
  C:\Windows\System\ioVICIM.exe
  2⤵
  PID:1520
- C:\Windows\System\LEqmLry.exe
  C:\Windows\System\LEqmLry.exe
  2⤵
  PID:2544
- C:\Windows\System\RTendmM.exe
  C:\Windows\System\RTendmM.exe
  2⤵
  PID:700
- C:\Windows\System\vwTPzUS.exe
  C:\Windows\System\vwTPzUS.exe
  2⤵
  PID:2156
- C:\Windows\System\rydPcTm.exe
  C:\Windows\System\rydPcTm.exe
  2⤵
  PID:1776
- C:\Windows\System\lxNQiiH.exe
  C:\Windows\System\lxNQiiH.exe
  2⤵
  PID:1032
- C:\Windows\System\UhRLNTt.exe
  C:\Windows\System\UhRLNTt.exe
  2⤵
  PID:788
- C:\Windows\System\XwAzxzv.exe
  C:\Windows\System\XwAzxzv.exe
  2⤵
  PID:1636
- C:\Windows\System\HvzodoX.exe
  C:\Windows\System\HvzodoX.exe
  2⤵
  PID:2396
- C:\Windows\System\vPLtPkX.exe
  C:\Windows\System\vPLtPkX.exe
  2⤵
  PID:884
- C:\Windows\System\zsorlpK.exe
  C:\Windows\System\zsorlpK.exe
  2⤵
  PID:2236
- C:\Windows\System\VictHbM.exe
  C:\Windows\System\VictHbM.exe
  2⤵
  PID:1564
- C:\Windows\System\QEwwjmf.exe
  C:\Windows\System\QEwwjmf.exe
  2⤵
  PID:1804
- C:\Windows\System\RKUmdAW.exe
  C:\Windows\System\RKUmdAW.exe
  2⤵
  PID:2500
- C:\Windows\System\BRpGMaS.exe
  C:\Windows\System\BRpGMaS.exe
  2⤵
  PID:2200
- C:\Windows\System\YlMKyDM.exe
  C:\Windows\System\YlMKyDM.exe
  2⤵
  PID:2812
- C:\Windows\System\SLLdepB.exe
  C:\Windows\System\SLLdepB.exe
  2⤵
  PID:2676
- C:\Windows\System\jrSXcYh.exe
  C:\Windows\System\jrSXcYh.exe
  2⤵
  PID:2496
- C:\Windows\System\npCPPDo.exe
  C:\Windows\System\npCPPDo.exe
  2⤵
  PID:2736
- C:\Windows\System\AAbVsMm.exe
  C:\Windows\System\AAbVsMm.exe
  2⤵
  PID:2572
- C:\Windows\System\pUFjQkQ.exe
  C:\Windows\System\pUFjQkQ.exe
  2⤵
  PID:2288
- C:\Windows\System\iUDUUMa.exe
  C:\Windows\System\iUDUUMa.exe
  2⤵
  PID:2844
- C:\Windows\System\yeYZqnF.exe
  C:\Windows\System\yeYZqnF.exe
  2⤵
  PID:2776
- C:\Windows\System\IhsDrlg.exe
  C:\Windows\System\IhsDrlg.exe
  2⤵
  PID:2644
- C:\Windows\System\WsHpkfn.exe
  C:\Windows\System\WsHpkfn.exe
  2⤵
  PID:1500
- C:\Windows\System\vHLuboy.exe
  C:\Windows\System\vHLuboy.exe
  2⤵
  PID:1992
- C:\Windows\System\cxccMJk.exe
  C:\Windows\System\cxccMJk.exe
  2⤵
  PID:1956
- C:\Windows\System\hqMYwBI.exe
  C:\Windows\System\hqMYwBI.exe
  2⤵
  PID:3028
- C:\Windows\System\vLPhMgL.exe
  C:\Windows\System\vLPhMgL.exe
  2⤵
  PID:1036
- C:\Windows\System\eqeaFrW.exe
  C:\Windows\System\eqeaFrW.exe
  2⤵
  PID:2760
- C:\Windows\System\zyzZgoP.exe
  C:\Windows\System\zyzZgoP.exe
  2⤵
  PID:2876
- C:\Windows\System\DlXahCs.exe
  C:\Windows\System\DlXahCs.exe
  2⤵
  PID:1084
- C:\Windows\System\UAvOiOX.exe
  C:\Windows\System\UAvOiOX.exe
  2⤵
  PID:764
- C:\Windows\System\dnMziiM.exe
  C:\Windows\System\dnMziiM.exe
  2⤵
  PID:2536
- C:\Windows\System\WXbmJDZ.exe
  C:\Windows\System\WXbmJDZ.exe
  2⤵
  PID:2432
- C:\Windows\System\QpmnITP.exe
  C:\Windows\System\QpmnITP.exe
  2⤵
  PID:2176
- C:\Windows\System\GmkRZNm.exe
  C:\Windows\System\GmkRZNm.exe
  2⤵
  PID:2336
- C:\Windows\System\nrfSTsV.exe
  C:\Windows\System\nrfSTsV.exe
  2⤵
  PID:2268
- C:\Windows\System\PyHcmJE.exe
  C:\Windows\System\PyHcmJE.exe
  2⤵
  PID:1592
- C:\Windows\System\CadvVsi.exe
  C:\Windows\System\CadvVsi.exe
  2⤵
  PID:2512
- C:\Windows\System\ccalKrH.exe
  C:\Windows\System\ccalKrH.exe
  2⤵
  PID:1624
- C:\Windows\System\RqkybOj.exe
  C:\Windows\System\RqkybOj.exe
  2⤵
  PID:2688
- C:\Windows\System\qsuxXHm.exe
  C:\Windows\System\qsuxXHm.exe
  2⤵
  PID:3048
- C:\Windows\System\mQSoFJr.exe
  C:\Windows\System\mQSoFJr.exe
  2⤵
  PID:2600
- C:\Windows\System\zFSuStb.exe
  C:\Windows\System\zFSuStb.exe
  2⤵
  PID:2628
- C:\Windows\System\UtNPavY.exe
  C:\Windows\System\UtNPavY.exe
  2⤵
  PID:2324
- C:\Windows\System\DjacGvQ.exe
  C:\Windows\System\DjacGvQ.exe
  2⤵
  PID:2096
- C:\Windows\System\pdrkBYP.exe
  C:\Windows\System\pdrkBYP.exe
  2⤵
  PID:2220
- C:\Windows\System\gXJTHLU.exe
  C:\Windows\System\gXJTHLU.exe
  2⤵
  PID:796
- C:\Windows\System\McGAEmo.exe
  C:\Windows\System\McGAEmo.exe
  2⤵
  PID:912
- C:\Windows\System\aQCGGaU.exe
  C:\Windows\System\aQCGGaU.exe
  2⤵
  PID:1716
- C:\Windows\System\raJMkrt.exe
  C:\Windows\System\raJMkrt.exe
  2⤵
  PID:2404
- C:\Windows\System\VGQaEiT.exe
  C:\Windows\System\VGQaEiT.exe
  2⤵
  PID:1756
- C:\Windows\System\nOPFZCm.exe
  C:\Windows\System\nOPFZCm.exe
  2⤵
  PID:2052
- C:\Windows\System\zkOSRhk.exe
  C:\Windows\System\zkOSRhk.exe
  2⤵
  PID:2108
- C:\Windows\System\bMPmpAc.exe
  C:\Windows\System\bMPmpAc.exe
  2⤵
  PID:1596
- C:\Windows\System\jrrVapH.exe
  C:\Windows\System\jrrVapH.exe
  2⤵
  PID:2084
- C:\Windows\System\NHmSsTP.exe
  C:\Windows\System\NHmSsTP.exe
  2⤵
  PID:2700
- C:\Windows\System\TBGskoX.exe
  C:\Windows\System\TBGskoX.exe
  2⤵
  PID:2872
- C:\Windows\System\YqIEJuA.exe
  C:\Windows\System\YqIEJuA.exe
  2⤵
  PID:840
- C:\Windows\System\iHjzsPc.exe
  C:\Windows\System\iHjzsPc.exe
  2⤵
  PID:1944
- C:\Windows\System\jIOCMlp.exe
  C:\Windows\System\jIOCMlp.exe
  2⤵
  PID:1964
- C:\Windows\System\wYSLiuT.exe
  C:\Windows\System\wYSLiuT.exe
  2⤵
  PID:1532
- C:\Windows\System\CxqyuIG.exe
  C:\Windows\System\CxqyuIG.exe
  2⤵
  PID:2936
- C:\Windows\System\XEyYChG.exe
  C:\Windows\System\XEyYChG.exe
  2⤵
  PID:2244
- C:\Windows\System\yDGuvsx.exe
  C:\Windows\System\yDGuvsx.exe
  2⤵
  PID:2616
- C:\Windows\System\RgOpxUD.exe
  C:\Windows\System\RgOpxUD.exe
  2⤵
  PID:2596
- C:\Windows\System\gXlBeBC.exe
  C:\Windows\System\gXlBeBC.exe
  2⤵
  PID:648
- C:\Windows\System\kfggRTp.exe
  C:\Windows\System\kfggRTp.exe
  2⤵
  PID:772
- C:\Windows\System\FhgrpiN.exe
  C:\Windows\System\FhgrpiN.exe
  2⤵
  PID:3080
- C:\Windows\System\wRNtyrb.exe
  C:\Windows\System\wRNtyrb.exe
  2⤵
  PID:3100
- C:\Windows\System\vMhDKmO.exe
  C:\Windows\System\vMhDKmO.exe
  2⤵
  PID:3120
- C:\Windows\System\CqQAHcE.exe
  C:\Windows\System\CqQAHcE.exe
  2⤵
  PID:3140
- C:\Windows\System\rrblpzK.exe
  C:\Windows\System\rrblpzK.exe
  2⤵
  PID:3160
- C:\Windows\System\GUeagBT.exe
  C:\Windows\System\GUeagBT.exe
  2⤵
  PID:3180
- C:\Windows\System\VBwopUY.exe
  C:\Windows\System\VBwopUY.exe
  2⤵
  PID:3200
- C:\Windows\System\oRKKEMj.exe
  C:\Windows\System\oRKKEMj.exe
  2⤵
  PID:3224
- C:\Windows\System\kLAItxS.exe
  C:\Windows\System\kLAItxS.exe
  2⤵
  PID:3244
- C:\Windows\System\VwjRDJZ.exe
  C:\Windows\System\VwjRDJZ.exe
  2⤵
  PID:3264
- C:\Windows\System\kUBVEae.exe
  C:\Windows\System\kUBVEae.exe
  2⤵
  PID:3284
- C:\Windows\System\BNyvFFQ.exe
  C:\Windows\System\BNyvFFQ.exe
  2⤵
  PID:3304
- C:\Windows\System\HgGovBj.exe
  C:\Windows\System\HgGovBj.exe
  2⤵
  PID:3324
- C:\Windows\System\xCAzkQs.exe
  C:\Windows\System\xCAzkQs.exe
  2⤵
  PID:3344
- C:\Windows\System\IyRNAFk.exe
  C:\Windows\System\IyRNAFk.exe
  2⤵
  PID:3364
- C:\Windows\System\rcGzFIb.exe
  C:\Windows\System\rcGzFIb.exe
  2⤵
  PID:3384
- C:\Windows\System\hMZeJRT.exe
  C:\Windows\System\hMZeJRT.exe
  2⤵
  PID:3404
- C:\Windows\System\uCUChni.exe
  C:\Windows\System\uCUChni.exe
  2⤵
  PID:3424
- C:\Windows\System\ixvmNJY.exe
  C:\Windows\System\ixvmNJY.exe
  2⤵
  PID:3444
- C:\Windows\System\QlTIHaK.exe
  C:\Windows\System\QlTIHaK.exe
  2⤵
  PID:3464
- C:\Windows\System\RetJSfB.exe
  C:\Windows\System\RetJSfB.exe
  2⤵
  PID:3484
- C:\Windows\System\aLMEuMc.exe
  C:\Windows\System\aLMEuMc.exe
  2⤵
  PID:3504
- C:\Windows\System\PCiQbVN.exe
  C:\Windows\System\PCiQbVN.exe
  2⤵
  PID:3524
- C:\Windows\System\pEzGmbo.exe
  C:\Windows\System\pEzGmbo.exe
  2⤵
  PID:3544
- C:\Windows\System\GgIzYWR.exe
  C:\Windows\System\GgIzYWR.exe
  2⤵
  PID:3564
- C:\Windows\System\KgIHoCs.exe
  C:\Windows\System\KgIHoCs.exe
  2⤵
  PID:3584
- C:\Windows\System\HHYLqYq.exe
  C:\Windows\System\HHYLqYq.exe
  2⤵
  PID:3604
- C:\Windows\System\jCeTIeg.exe
  C:\Windows\System\jCeTIeg.exe
  2⤵
  PID:3624
- C:\Windows\System\DErBKML.exe
  C:\Windows\System\DErBKML.exe
  2⤵
  PID:3644
- C:\Windows\System\jBNjfGb.exe
  C:\Windows\System\jBNjfGb.exe
  2⤵
  PID:3664
- C:\Windows\System\tMdWfVM.exe
  C:\Windows\System\tMdWfVM.exe
  2⤵
  PID:3684
- C:\Windows\System\XDZloUf.exe
  C:\Windows\System\XDZloUf.exe
  2⤵
  PID:3704
- C:\Windows\System\NScBlMP.exe
  C:\Windows\System\NScBlMP.exe
  2⤵
  PID:3724
- C:\Windows\System\hcRrWvJ.exe
  C:\Windows\System\hcRrWvJ.exe
  2⤵
  PID:3744
- C:\Windows\System\TXIfVyQ.exe
  C:\Windows\System\TXIfVyQ.exe
  2⤵
  PID:3764
- C:\Windows\System\yyPolIS.exe
  C:\Windows\System\yyPolIS.exe
  2⤵
  PID:3784
- C:\Windows\System\SGWmPzM.exe
  C:\Windows\System\SGWmPzM.exe
  2⤵
  PID:3804
- C:\Windows\System\basqKDw.exe
  C:\Windows\System\basqKDw.exe
  2⤵
  PID:3824
- C:\Windows\System\TtIznZH.exe
  C:\Windows\System\TtIznZH.exe
  2⤵
  PID:3844
- C:\Windows\System\mAvFaKk.exe
  C:\Windows\System\mAvFaKk.exe
  2⤵
  PID:3864
- C:\Windows\System\HCuvPxd.exe
  C:\Windows\System\HCuvPxd.exe
  2⤵
  PID:3884
- C:\Windows\System\DaFGyjV.exe
  C:\Windows\System\DaFGyjV.exe
  2⤵
  PID:3900
- C:\Windows\System\cHcYbbt.exe
  C:\Windows\System\cHcYbbt.exe
  2⤵
  PID:3920
- C:\Windows\System\tOSBRNu.exe
  C:\Windows\System\tOSBRNu.exe
  2⤵
  PID:3940
- C:\Windows\System\PshvjTq.exe
  C:\Windows\System\PshvjTq.exe
  2⤵
  PID:3968
- C:\Windows\System\dCqlsBa.exe
  C:\Windows\System\dCqlsBa.exe
  2⤵
  PID:3988
- C:\Windows\System\fUDStps.exe
  C:\Windows\System\fUDStps.exe
  2⤵
  PID:4008
- C:\Windows\System\cWKtfAw.exe
  C:\Windows\System\cWKtfAw.exe
  2⤵
  PID:4028
- C:\Windows\System\AcwLVJH.exe
  C:\Windows\System\AcwLVJH.exe
  2⤵
  PID:4048
- C:\Windows\System\kSpUPkk.exe
  C:\Windows\System\kSpUPkk.exe
  2⤵
  PID:4068
- C:\Windows\System\mtcMdSz.exe
  C:\Windows\System\mtcMdSz.exe
  2⤵
  PID:4088
- C:\Windows\System\kMnCXhf.exe
  C:\Windows\System\kMnCXhf.exe
  2⤵
  PID:3060
- C:\Windows\System\QvWswnZ.exe
  C:\Windows\System\QvWswnZ.exe
  2⤵
  PID:624
- C:\Windows\System\pqBiKyv.exe
  C:\Windows\System\pqBiKyv.exe
  2⤵
  PID:2332
- C:\Windows\System\fcRYshx.exe
  C:\Windows\System\fcRYshx.exe
  2⤵
  PID:3076
- C:\Windows\System\rLfVptb.exe
  C:\Windows\System\rLfVptb.exe
  2⤵
  PID:3116
- C:\Windows\System\jyYFRpW.exe
  C:\Windows\System\jyYFRpW.exe
  2⤵
  PID:3092
- C:\Windows\System\mWBjnRG.exe
  C:\Windows\System\mWBjnRG.exe
  2⤵
  PID:3196
- C:\Windows\System\ouXkEGc.exe
  C:\Windows\System\ouXkEGc.exe
  2⤵
  PID:3168
- C:\Windows\System\cMgJPQf.exe
  C:\Windows\System\cMgJPQf.exe
  2⤵
  PID:3216
- C:\Windows\System\wLEwjqo.exe
  C:\Windows\System\wLEwjqo.exe
  2⤵
  PID:3320
- C:\Windows\System\LzyZOVs.exe
  C:\Windows\System\LzyZOVs.exe
  2⤵
  PID:3356
- C:\Windows\System\BpJHrIZ.exe
  C:\Windows\System\BpJHrIZ.exe
  2⤵
  PID:3372
- C:\Windows\System\PlygOrg.exe
  C:\Windows\System\PlygOrg.exe
  2⤵
  PID:3400
- C:\Windows\System\EZbeSoD.exe
  C:\Windows\System\EZbeSoD.exe
  2⤵
  PID:3420
- C:\Windows\System\jFrkJcH.exe
  C:\Windows\System\jFrkJcH.exe
  2⤵
  PID:3480
- C:\Windows\System\JjGnkyH.exe
  C:\Windows\System\JjGnkyH.exe
  2⤵
  PID:3520
- C:\Windows\System\JAlOIis.exe
  C:\Windows\System\JAlOIis.exe
  2⤵
  PID:3560
- C:\Windows\System\aciYAhS.exe
  C:\Windows\System\aciYAhS.exe
  2⤵
  PID:3572
- C:\Windows\System\mVsIohx.exe
  C:\Windows\System\mVsIohx.exe
  2⤵
  PID:3580
- C:\Windows\System\lDEUaqb.exe
  C:\Windows\System\lDEUaqb.exe
  2⤵
  PID:3640
- C:\Windows\System\VLbScpx.exe
  C:\Windows\System\VLbScpx.exe
  2⤵
  PID:3652
- C:\Windows\System\uIRRTMk.exe
  C:\Windows\System\uIRRTMk.exe
  2⤵
  PID:3656
- C:\Windows\System\hnjBDiT.exe
  C:\Windows\System\hnjBDiT.exe
  2⤵
  PID:3720
- C:\Windows\System\hFxzyZl.exe
  C:\Windows\System\hFxzyZl.exe
  2⤵
  PID:3732
- C:\Windows\System\knqpPaR.exe
  C:\Windows\System\knqpPaR.exe
  2⤵
  PID:3736
- C:\Windows\System\JzygORe.exe
  C:\Windows\System\JzygORe.exe
  2⤵
  PID:3772
- C:\Windows\System\lEhRUeU.exe
  C:\Windows\System\lEhRUeU.exe
  2⤵
  PID:3776
- C:\Windows\System\kfcJjTB.exe
  C:\Windows\System\kfcJjTB.exe
  2⤵
  PID:3836
- C:\Windows\System\sVGGplj.exe
  C:\Windows\System\sVGGplj.exe
  2⤵
  PID:3872
- C:\Windows\System\UYphNTP.exe
  C:\Windows\System\UYphNTP.exe
  2⤵
  PID:3916
- C:\Windows\System\xutZDNV.exe
  C:\Windows\System\xutZDNV.exe
  2⤵
  PID:3960
- C:\Windows\System\WzuEbtN.exe
  C:\Windows\System\WzuEbtN.exe
  2⤵
  PID:3976
- C:\Windows\System\lbIIVHz.exe
  C:\Windows\System\lbIIVHz.exe
  2⤵
  PID:4036
- C:\Windows\System\qPSLkxS.exe
  C:\Windows\System\qPSLkxS.exe
  2⤵
  PID:4020
- C:\Windows\System\ICeoJyx.exe
  C:\Windows\System\ICeoJyx.exe
  2⤵
  PID:4080
- C:\Windows\System\lWNhQmh.exe
  C:\Windows\System\lWNhQmh.exe
  2⤵
  PID:4060
- C:\Windows\System\pjXNLoL.exe
  C:\Windows\System\pjXNLoL.exe
  2⤵
  PID:2492
- C:\Windows\System\CeuxmGM.exe
  C:\Windows\System\CeuxmGM.exe
  2⤵
  PID:1528
- C:\Windows\System\RyrBmvw.exe
  C:\Windows\System\RyrBmvw.exe
  2⤵
  PID:3088
- C:\Windows\System\hjtaPWk.exe
  C:\Windows\System\hjtaPWk.exe
  2⤵
  PID:3188
- C:\Windows\System\uvDkRjR.exe
  C:\Windows\System\uvDkRjR.exe
  2⤵
  PID:3208
- C:\Windows\System\ojFcWFA.exe
  C:\Windows\System\ojFcWFA.exe
  2⤵
  PID:2168
- C:\Windows\System\rNWGFRC.exe
  C:\Windows\System\rNWGFRC.exe
  2⤵
  PID:2384
- C:\Windows\System\yCBfdsV.exe
  C:\Windows\System\yCBfdsV.exe
  2⤵
  PID:1640
- C:\Windows\System\jSplnGB.exe
  C:\Windows\System\jSplnGB.exe
  2⤵
  PID:1644
- C:\Windows\System\SkapdlM.exe
  C:\Windows\System\SkapdlM.exe
  2⤵
  PID:1080
- C:\Windows\System\mWNKIjJ.exe
  C:\Windows\System\mWNKIjJ.exe
  2⤵
  PID:3012
- C:\Windows\System\WyfKtDv.exe
  C:\Windows\System\WyfKtDv.exe
  2⤵
  PID:1664
- C:\Windows\System\tEOAXuL.exe
  C:\Windows\System\tEOAXuL.exe
  2⤵
  PID:3276
- C:\Windows\System\KYLoIzH.exe
  C:\Windows\System\KYLoIzH.exe
  2⤵
  PID:1236
- C:\Windows\System\behVGHu.exe
  C:\Windows\System\behVGHu.exe
  2⤵
  PID:1404
- C:\Windows\System\xtbTzHa.exe
  C:\Windows\System\xtbTzHa.exe
  2⤵
  PID:3256
- C:\Windows\System\GCoOzfy.exe
  C:\Windows\System\GCoOzfy.exe
  2⤵
  PID:572
- C:\Windows\System\uuwvmZd.exe
  C:\Windows\System\uuwvmZd.exe
  2⤵
  PID:3312
- C:\Windows\System\LdJwnlR.exe
  C:\Windows\System\LdJwnlR.exe
  2⤵
  PID:3512
- C:\Windows\System\sXTsSmJ.exe
  C:\Windows\System\sXTsSmJ.exe
  2⤵
  PID:3360
- C:\Windows\System\aKxPWNv.exe
  C:\Windows\System\aKxPWNv.exe
  2⤵
  PID:4084
- C:\Windows\System\glgBWrd.exe
  C:\Windows\System\glgBWrd.exe
  2⤵
  PID:3616
- C:\Windows\System\KNFbfFW.exe
  C:\Windows\System\KNFbfFW.exe
  2⤵
  PID:3472
- C:\Windows\System\LpbhFQm.exe
  C:\Windows\System\LpbhFQm.exe
  2⤵
  PID:3996
- C:\Windows\System\axgbtOH.exe
  C:\Windows\System\axgbtOH.exe
  2⤵
  PID:2640
- C:\Windows\System\RiaKszW.exe
  C:\Windows\System\RiaKszW.exe
  2⤵
  PID:3108
- C:\Windows\System\qEpfYhT.exe
  C:\Windows\System\qEpfYhT.exe
  2⤵
  PID:2916
- C:\Windows\System\fPEJZnG.exe
  C:\Windows\System\fPEJZnG.exe
  2⤵
  PID:3096
- C:\Windows\System\SltkOvW.exe
  C:\Windows\System\SltkOvW.exe
  2⤵
  PID:3964
- C:\Windows\System\GAJVlXI.exe
  C:\Windows\System\GAJVlXI.exe
  2⤵
  PID:688
- C:\Windows\System\xEHKlFJ.exe
  C:\Windows\System\xEHKlFJ.exe
  2⤵
  PID:2012
- C:\Windows\System\XKGVIpk.exe
  C:\Windows\System\XKGVIpk.exe
  2⤵
  PID:3292
- C:\Windows\System\ORWynSG.exe
  C:\Windows\System\ORWynSG.exe
  2⤵
  PID:2392
- C:\Windows\System\noLmsOC.exe
  C:\Windows\System\noLmsOC.exe
  2⤵
  PID:3412
- C:\Windows\System\xwAEGWY.exe
  C:\Windows\System\xwAEGWY.exe
  2⤵
  PID:3632
- C:\Windows\System\RJntdXv.exe
  C:\Windows\System\RJntdXv.exe
  2⤵
  PID:3672
- C:\Windows\System\VXrfigW.exe
  C:\Windows\System\VXrfigW.exe
  2⤵
  PID:3756
- C:\Windows\System\EtRVsWR.exe
  C:\Windows\System\EtRVsWR.exe
  2⤵
  PID:3352
- C:\Windows\System\MckEemR.exe
  C:\Windows\System\MckEemR.exe
  2⤵
  PID:4040
- C:\Windows\System\qTKeyJb.exe
  C:\Windows\System\qTKeyJb.exe
  2⤵
  PID:3780
- C:\Windows\System\ExEfOjR.exe
  C:\Windows\System\ExEfOjR.exe
  2⤵
  PID:3600
- C:\Windows\System\nRoCGsj.exe
  C:\Windows\System\nRoCGsj.exe
  2⤵
  PID:4076
- C:\Windows\System\LEVMaPv.exe
  C:\Windows\System\LEVMaPv.exe
  2⤵
  PID:3376
- C:\Windows\System\COisbVt.exe
  C:\Windows\System\COisbVt.exe
  2⤵
  PID:1276
- C:\Windows\System\naAkWlP.exe
  C:\Windows\System\naAkWlP.exe
  2⤵
  PID:756
- C:\Windows\System\bvJaarr.exe
  C:\Windows\System\bvJaarr.exe
  2⤵
  PID:308
- C:\Windows\System\JfsEIwY.exe
  C:\Windows\System\JfsEIwY.exe
  2⤵
  PID:1760
- C:\Windows\System\JFCIBLm.exe
  C:\Windows\System\JFCIBLm.exe
  2⤵
  PID:3336
- C:\Windows\System\UXvUZdI.exe
  C:\Windows\System\UXvUZdI.exe
  2⤵
  PID:3860
- C:\Windows\System\hgfonxF.exe
  C:\Windows\System\hgfonxF.exe
  2⤵
  PID:3532
- C:\Windows\System\tuzqmEB.exe
  C:\Windows\System\tuzqmEB.exe
  2⤵
  PID:1784
- C:\Windows\System\lQcLFbN.exe
  C:\Windows\System\lQcLFbN.exe
  2⤵
  PID:3812
- C:\Windows\System\fszEfMS.exe
  C:\Windows\System\fszEfMS.exe
  2⤵
  PID:4000
- C:\Windows\System\FHAXORG.exe
  C:\Windows\System\FHAXORG.exe
  2⤵
  PID:3552
- C:\Windows\System\vMWLpSi.exe
  C:\Windows\System\vMWLpSi.exe
  2⤵
  PID:4140
- C:\Windows\System\YVoCLHN.exe
  C:\Windows\System\YVoCLHN.exe
  2⤵
  PID:4160
- C:\Windows\System\OUNvucI.exe
  C:\Windows\System\OUNvucI.exe
  2⤵
  PID:4184
- C:\Windows\System\bABoPHO.exe
  C:\Windows\System\bABoPHO.exe
  2⤵
  PID:4200
- C:\Windows\System\tpYcnYU.exe
  C:\Windows\System\tpYcnYU.exe
  2⤵
  PID:4216
- C:\Windows\System\UOcEpkf.exe
  C:\Windows\System\UOcEpkf.exe
  2⤵
  PID:4232
- C:\Windows\System\jbOQROs.exe
  C:\Windows\System\jbOQROs.exe
  2⤵
  PID:4248
- C:\Windows\System\Ueefjfn.exe
  C:\Windows\System\Ueefjfn.exe
  2⤵
  PID:4272
- C:\Windows\System\fDXpMtT.exe
  C:\Windows\System\fDXpMtT.exe
  2⤵
  PID:4312
- C:\Windows\System\HCZeABg.exe
  C:\Windows\System\HCZeABg.exe
  2⤵
  PID:4328
- C:\Windows\System\GYVYtuv.exe
  C:\Windows\System\GYVYtuv.exe
  2⤵
  PID:4344
- C:\Windows\System\KbykGEB.exe
  C:\Windows\System\KbykGEB.exe
  2⤵
  PID:4360
- C:\Windows\System\EsnEmYg.exe
  C:\Windows\System\EsnEmYg.exe
  2⤵
  PID:4380
- C:\Windows\System\NAtcxrE.exe
  C:\Windows\System\NAtcxrE.exe
  2⤵
  PID:4396
- C:\Windows\System\FgUCHCA.exe
  C:\Windows\System\FgUCHCA.exe
  2⤵
  PID:4412
- C:\Windows\System\ToCvPmt.exe
  C:\Windows\System\ToCvPmt.exe
  2⤵
  PID:4428
- C:\Windows\System\UDOUgwu.exe
  C:\Windows\System\UDOUgwu.exe
  2⤵
  PID:4468
- C:\Windows\System\zUrciKp.exe
  C:\Windows\System\zUrciKp.exe
  2⤵
  PID:4492
- C:\Windows\System\dyDDtMA.exe
  C:\Windows\System\dyDDtMA.exe
  2⤵
  PID:4508
- C:\Windows\System\zFpCoPI.exe
  C:\Windows\System\zFpCoPI.exe
  2⤵
  PID:4524
- C:\Windows\System\EHOmYdt.exe
  C:\Windows\System\EHOmYdt.exe
  2⤵
  PID:4540
- C:\Windows\System\YXMXNgw.exe
  C:\Windows\System\YXMXNgw.exe
  2⤵
  PID:4560
- C:\Windows\System\QKVFyuE.exe
  C:\Windows\System\QKVFyuE.exe
  2⤵
  PID:4576
- C:\Windows\System\EYndkva.exe
  C:\Windows\System\EYndkva.exe
  2⤵
  PID:4592
- C:\Windows\System\gIFaiaR.exe
  C:\Windows\System\gIFaiaR.exe
  2⤵
  PID:4608
- C:\Windows\System\blwHNSY.exe
  C:\Windows\System\blwHNSY.exe
  2⤵
  PID:4624
- C:\Windows\System\MlrOHzF.exe
  C:\Windows\System\MlrOHzF.exe
  2⤵
  PID:4672
- C:\Windows\System\dCvETGY.exe
  C:\Windows\System\dCvETGY.exe
  2⤵
  PID:4688
- C:\Windows\System\vDmXXAY.exe
  C:\Windows\System\vDmXXAY.exe
  2⤵
  PID:4708
- C:\Windows\System\TZiJEkS.exe
  C:\Windows\System\TZiJEkS.exe
  2⤵
  PID:4728
- C:\Windows\System\rtoytrD.exe
  C:\Windows\System\rtoytrD.exe
  2⤵
  PID:4748
- C:\Windows\System\MRyNNCy.exe
  C:\Windows\System\MRyNNCy.exe
  2⤵
  PID:4768
- C:\Windows\System\lObEWHm.exe
  C:\Windows\System\lObEWHm.exe
  2⤵
  PID:4784
- C:\Windows\System\UCUwqIc.exe
  C:\Windows\System\UCUwqIc.exe
  2⤵
  PID:4808
- C:\Windows\System\dpkPgMP.exe
  C:\Windows\System\dpkPgMP.exe
  2⤵
  PID:4824
- C:\Windows\System\LLiKdqN.exe
  C:\Windows\System\LLiKdqN.exe
  2⤵
  PID:4840
- C:\Windows\System\QZiaXXS.exe
  C:\Windows\System\QZiaXXS.exe
  2⤵
  PID:4856
- C:\Windows\System\KHktNQD.exe
  C:\Windows\System\KHktNQD.exe
  2⤵
  PID:4876
- C:\Windows\System\ImIPnWw.exe
  C:\Windows\System\ImIPnWw.exe
  2⤵
  PID:4892
- C:\Windows\System\xnjBprM.exe
  C:\Windows\System\xnjBprM.exe
  2⤵
  PID:4916
- C:\Windows\System\AsUJcec.exe
  C:\Windows\System\AsUJcec.exe
  2⤵
  PID:4932
- C:\Windows\System\rExbLSP.exe
  C:\Windows\System\rExbLSP.exe
  2⤵
  PID:4956
- C:\Windows\System\fYtytkX.exe
  C:\Windows\System\fYtytkX.exe
  2⤵
  PID:4976
- C:\Windows\System\rBHTRtF.exe
  C:\Windows\System\rBHTRtF.exe
  2⤵
  PID:4992
- C:\Windows\System\QpstPBI.exe
  C:\Windows\System\QpstPBI.exe
  2⤵
  PID:5016
- C:\Windows\System\plCcScf.exe
  C:\Windows\System\plCcScf.exe
  2⤵
  PID:5052
- C:\Windows\System\CyXpAKh.exe
  C:\Windows\System\CyXpAKh.exe
  2⤵
  PID:5068
- C:\Windows\System\aRGFMvL.exe
  C:\Windows\System\aRGFMvL.exe
  2⤵
  PID:5084
- C:\Windows\System\bCCFTTQ.exe
  C:\Windows\System\bCCFTTQ.exe
  2⤵
  PID:5100
- C:\Windows\System\MpIZrDh.exe
  C:\Windows\System\MpIZrDh.exe
  2⤵
  PID:3712
- C:\Windows\System\XyUIDbb.exe
  C:\Windows\System\XyUIDbb.exe
  2⤵
  PID:2900
- C:\Windows\System\uwJTHii.exe
  C:\Windows\System\uwJTHii.exe
  2⤵
  PID:3252
- C:\Windows\System\zbgZega.exe
  C:\Windows\System\zbgZega.exe
  2⤵
  PID:3556
- C:\Windows\System\ZMRZZMA.exe
  C:\Windows\System\ZMRZZMA.exe
  2⤵
  PID:1816
- C:\Windows\System\KPcabyB.exe
  C:\Windows\System\KPcabyB.exe
  2⤵
  PID:2880
- C:\Windows\System\msLihpd.exe
  C:\Windows\System\msLihpd.exe
  2⤵
  PID:4104
- C:\Windows\System\qrkzIvw.exe
  C:\Windows\System\qrkzIvw.exe
  2⤵
  PID:4120
- C:\Windows\System\pPVpHFz.exe
  C:\Windows\System\pPVpHFz.exe
  2⤵
  PID:4136
- C:\Windows\System\alCOmVL.exe
  C:\Windows\System\alCOmVL.exe
  2⤵
  PID:4192
- C:\Windows\System\VkHLKDG.exe
  C:\Windows\System\VkHLKDG.exe
  2⤵
  PID:4176
- C:\Windows\System\lINzHUJ.exe
  C:\Windows\System\lINzHUJ.exe
  2⤵
  PID:4280
- C:\Windows\System\uVuODBL.exe
  C:\Windows\System\uVuODBL.exe
  2⤵
  PID:4256
- C:\Windows\System\HIZrRdS.exe
  C:\Windows\System\HIZrRdS.exe
  2⤵
  PID:4208
- C:\Windows\System\YZFpdML.exe
  C:\Windows\System\YZFpdML.exe
  2⤵
  PID:4292
- C:\Windows\System\vGVzhDh.exe
  C:\Windows\System\vGVzhDh.exe
  2⤵
  PID:4356
- C:\Windows\System\JNljSUk.exe
  C:\Windows\System\JNljSUk.exe
  2⤵
  PID:4340
- C:\Windows\System\LFTrHgq.exe
  C:\Windows\System\LFTrHgq.exe
  2⤵
  PID:4436
- C:\Windows\System\jjTUnBs.exe
  C:\Windows\System\jjTUnBs.exe
  2⤵
  PID:4456
- C:\Windows\System\hEUzklx.exe
  C:\Windows\System\hEUzklx.exe
  2⤵
  PID:4520
- C:\Windows\System\wLQnYPq.exe
  C:\Windows\System\wLQnYPq.exe
  2⤵
  PID:4584
- C:\Windows\System\dcVVPGo.exe
  C:\Windows\System\dcVVPGo.exe
  2⤵
  PID:4572
- C:\Windows\System\sWWOtBe.exe
  C:\Windows\System\sWWOtBe.exe
  2⤵
  PID:4636
- C:\Windows\System\kCcirSP.exe
  C:\Windows\System\kCcirSP.exe
  2⤵
  PID:4532
- C:\Windows\System\RmukaVG.exe
  C:\Windows\System\RmukaVG.exe
  2⤵
  PID:4648
- C:\Windows\System\jObMPTE.exe
  C:\Windows\System\jObMPTE.exe
  2⤵
  PID:4660
- C:\Windows\System\ucfTQkt.exe
  C:\Windows\System\ucfTQkt.exe
  2⤵
  PID:4720
- C:\Windows\System\HVkDJAC.exe
  C:\Windows\System\HVkDJAC.exe
  2⤵
  PID:4744
- C:\Windows\System\PDsZaUo.exe
  C:\Windows\System\PDsZaUo.exe
  2⤵
  PID:4800
- C:\Windows\System\cpnlInC.exe
  C:\Windows\System\cpnlInC.exe
  2⤵
  PID:4796
- C:\Windows\System\gfqQLmP.exe
  C:\Windows\System\gfqQLmP.exe
  2⤵
  PID:4872
- C:\Windows\System\oKZlzXv.exe
  C:\Windows\System\oKZlzXv.exe
  2⤵
  PID:4940
- C:\Windows\System\ImlWIgY.exe
  C:\Windows\System\ImlWIgY.exe
  2⤵
  PID:4984
- C:\Windows\System\NcxTVdp.exe
  C:\Windows\System\NcxTVdp.exe
  2⤵
  PID:4888
- C:\Windows\System\VepPgTL.exe
  C:\Windows\System\VepPgTL.exe
  2⤵
  PID:5012
- C:\Windows\System\qQcvTUb.exe
  C:\Windows\System\qQcvTUb.exe
  2⤵
  PID:5044
- C:\Windows\System\oxJyphp.exe
  C:\Windows\System\oxJyphp.exe
  2⤵
  PID:5080
- C:\Windows\System\jHqNogr.exe
  C:\Windows\System\jHqNogr.exe
  2⤵
  PID:3596
- C:\Windows\System\YmbZZSj.exe
  C:\Windows\System\YmbZZSj.exe
  2⤵
  PID:3908
- C:\Windows\System\ojxGqsO.exe
  C:\Windows\System\ojxGqsO.exe
  2⤵
  PID:1932
- C:\Windows\System\toVghzZ.exe
  C:\Windows\System\toVghzZ.exe
  2⤵
  PID:3852
- C:\Windows\System\dVuYYru.exe
  C:\Windows\System\dVuYYru.exe
  2⤵
  PID:3796
- C:\Windows\System\kKnJjNz.exe
  C:\Windows\System\kKnJjNz.exe
  2⤵
  PID:4132
- C:\Windows\System\HRtGplm.exe
  C:\Windows\System\HRtGplm.exe
  2⤵
  PID:4228
- C:\Windows\System\ngcuzOc.exe
  C:\Windows\System\ngcuzOc.exe
  2⤵
  PID:4336
- C:\Windows\System\tzhuaqC.exe
  C:\Windows\System\tzhuaqC.exe
  2⤵
  PID:4452
- C:\Windows\System\RxvXpGw.exe
  C:\Windows\System\RxvXpGw.exe
  2⤵
  PID:4440
- C:\Windows\System\GcIHMaj.exe
  C:\Windows\System\GcIHMaj.exe
  2⤵
  PID:4352
- C:\Windows\System\oTlYKPR.exe
  C:\Windows\System\oTlYKPR.exe
  2⤵
  PID:4244
- C:\Windows\System\fKAyPhz.exe
  C:\Windows\System\fKAyPhz.exe
  2⤵
  PID:4556
- C:\Windows\System\UYSawKv.exe
  C:\Windows\System\UYSawKv.exe
  2⤵
  PID:4644
- C:\Windows\System\JeAqYfn.exe
  C:\Windows\System\JeAqYfn.exe
  2⤵
  PID:4780
- C:\Windows\System\jxafZQR.exe
  C:\Windows\System\jxafZQR.exe
  2⤵
  PID:4656
- C:\Windows\System\qSzeaje.exe
  C:\Windows\System\qSzeaje.exe
  2⤵
  PID:4740
- C:\Windows\System\vAYHifF.exe
  C:\Windows\System\vAYHifF.exe
  2⤵
  PID:4944
- C:\Windows\System\QZsTrEE.exe
  C:\Windows\System\QZsTrEE.exe
  2⤵
  PID:5008
- C:\Windows\System\fFQNMxB.exe
  C:\Windows\System\fFQNMxB.exe
  2⤵
  PID:4820
- C:\Windows\System\SRmYjJs.exe
  C:\Windows\System\SRmYjJs.exe
  2⤵
  PID:4852
- C:\Windows\System\fxMsYJv.exe
  C:\Windows\System\fxMsYJv.exe
  2⤵
  PID:5024
- C:\Windows\System\vOyyzlM.exe
  C:\Windows\System\vOyyzlM.exe
  2⤵
  PID:5076
- C:\Windows\System\yGhOkBY.exe
  C:\Windows\System\yGhOkBY.exe
  2⤵
  PID:3936
- C:\Windows\System\fEokrFr.exe
  C:\Windows\System\fEokrFr.exe
  2⤵
  PID:760
- C:\Windows\System\yCqjEzS.exe
  C:\Windows\System\yCqjEzS.exe
  2⤵
  PID:4112
- C:\Windows\System\EOTZgnk.exe
  C:\Windows\System\EOTZgnk.exe
  2⤵
  PID:3452
- C:\Windows\System\JbDVTih.exe
  C:\Windows\System\JbDVTih.exe
  2⤵
  PID:4172
- C:\Windows\System\kBUcdKa.exe
  C:\Windows\System\kBUcdKa.exe
  2⤵
  PID:4376
- C:\Windows\System\Krssrkx.exe
  C:\Windows\System\Krssrkx.exe
  2⤵
  PID:4308
- C:\Windows\System\nGpyfic.exe
  C:\Windows\System\nGpyfic.exe
  2⤵
  PID:4864
- C:\Windows\System\NLTcTHo.exe
  C:\Windows\System\NLTcTHo.exe
  2⤵
  PID:4568
- C:\Windows\System\mBpixwe.exe
  C:\Windows\System\mBpixwe.exe
  2⤵
  PID:4948
- C:\Windows\System\DqEloax.exe
  C:\Windows\System\DqEloax.exe
  2⤵
  PID:4884
- C:\Windows\System\UhXYMdp.exe
  C:\Windows\System\UhXYMdp.exe
  2⤵
  PID:4904
- C:\Windows\System\NctSeYs.exe
  C:\Windows\System\NctSeYs.exe
  2⤵
  PID:4128
- C:\Windows\System\epoubVg.exe
  C:\Windows\System\epoubVg.exe
  2⤵
  PID:4392
- C:\Windows\System\oMvGijW.exe
  C:\Windows\System\oMvGijW.exe
  2⤵
  PID:4756
- C:\Windows\System\dCQtqeZ.exe
  C:\Windows\System\dCQtqeZ.exe
  2⤵
  PID:4928
- C:\Windows\System\OXvwmnB.exe
  C:\Windows\System\OXvwmnB.exe
  2⤵
  PID:4240
- C:\Windows\System\CptzRyc.exe
  C:\Windows\System\CptzRyc.exe
  2⤵
  PID:4516
- C:\Windows\System\IFKxwrV.exe
  C:\Windows\System\IFKxwrV.exe
  2⤵
  PID:4684
- C:\Windows\System\KdAJWnh.exe
  C:\Windows\System\KdAJWnh.exe
  2⤵
  PID:4868
- C:\Windows\System\ZGkCzfm.exe
  C:\Windows\System\ZGkCzfm.exe
  2⤵
  PID:4912
- C:\Windows\System\hsIRdLC.exe
  C:\Windows\System\hsIRdLC.exe
  2⤵
  PID:4500
- C:\Windows\System\mWSkphi.exe
  C:\Windows\System\mWSkphi.exe
  2⤵
  PID:3840
- C:\Windows\System\ViEPwwC.exe
  C:\Windows\System\ViEPwwC.exe
  2⤵
  PID:4100
- C:\Windows\System\rNkBShL.exe
  C:\Windows\System\rNkBShL.exe
  2⤵
  PID:4484
- C:\Windows\System\LgKeAMP.exe
  C:\Windows\System\LgKeAMP.exe
  2⤵
  PID:4792
- C:\Windows\System\LzlcsiN.exe
  C:\Windows\System\LzlcsiN.exe
  2⤵
  PID:4152
- C:\Windows\System\jeQdmwn.exe
  C:\Windows\System\jeQdmwn.exe
  2⤵
  PID:5032
- C:\Windows\System\vBoLJjQ.exe
  C:\Windows\System\vBoLJjQ.exe
  2⤵
  PID:4848
- C:\Windows\System\hKkEJIr.exe
  C:\Windows\System\hKkEJIr.exe
  2⤵
  PID:2044
- C:\Windows\System\DRUrIxR.exe
  C:\Windows\System\DRUrIxR.exe
  2⤵
  PID:5132
- C:\Windows\System\iSKnRhT.exe
  C:\Windows\System\iSKnRhT.exe
  2⤵
  PID:5148
- C:\Windows\System\APmcMwS.exe
  C:\Windows\System\APmcMwS.exe
  2⤵
  PID:5164
- C:\Windows\System\HpeovBg.exe
  C:\Windows\System\HpeovBg.exe
  2⤵
  PID:5184
- C:\Windows\System\zTBgUOb.exe
  C:\Windows\System\zTBgUOb.exe
  2⤵
  PID:5208
- C:\Windows\System\GOwUKxV.exe
  C:\Windows\System\GOwUKxV.exe
  2⤵
  PID:5252
- C:\Windows\System\WrNYMVe.exe
  C:\Windows\System\WrNYMVe.exe
  2⤵
  PID:5272
- C:\Windows\System\LoPKYyv.exe
  C:\Windows\System\LoPKYyv.exe
  2⤵
  PID:5288
- C:\Windows\System\OLeYnxF.exe
  C:\Windows\System\OLeYnxF.exe
  2⤵
  PID:5308
- C:\Windows\System\AZDQPNl.exe
  C:\Windows\System\AZDQPNl.exe
  2⤵
  PID:5324
- C:\Windows\System\mxBBqBc.exe
  C:\Windows\System\mxBBqBc.exe
  2⤵
  PID:5344
- C:\Windows\System\KIHrXba.exe
  C:\Windows\System\KIHrXba.exe
  2⤵
  PID:5360
- C:\Windows\System\KlxrthN.exe
  C:\Windows\System\KlxrthN.exe
  2⤵
  PID:5376
- C:\Windows\System\enfROKQ.exe
  C:\Windows\System\enfROKQ.exe
  2⤵
  PID:5392
- C:\Windows\System\fLQqghh.exe
  C:\Windows\System\fLQqghh.exe
  2⤵
  PID:5420
- C:\Windows\System\QYUahzD.exe
  C:\Windows\System\QYUahzD.exe
  2⤵
  PID:5440
- C:\Windows\System\IiUTEaA.exe
  C:\Windows\System\IiUTEaA.exe
  2⤵
  PID:5456
- C:\Windows\System\LXQqpDz.exe
  C:\Windows\System\LXQqpDz.exe
  2⤵
  PID:5472
- C:\Windows\System\aZAwRsv.exe
  C:\Windows\System\aZAwRsv.exe
  2⤵
  PID:5488
- C:\Windows\System\edLWivR.exe
  C:\Windows\System\edLWivR.exe
  2⤵
  PID:5532
- C:\Windows\System\lgXVUgP.exe
  C:\Windows\System\lgXVUgP.exe
  2⤵
  PID:5548
- C:\Windows\System\iFspfIi.exe
  C:\Windows\System\iFspfIi.exe
  2⤵
  PID:5564
- C:\Windows\System\EzMlkKZ.exe
  C:\Windows\System\EzMlkKZ.exe
  2⤵
  PID:5580
- C:\Windows\System\nFbQHSt.exe
  C:\Windows\System\nFbQHSt.exe
  2⤵
  PID:5596
- C:\Windows\System\WtkPpUo.exe
  C:\Windows\System\WtkPpUo.exe
  2⤵
  PID:5612
- C:\Windows\System\niQvvor.exe
  C:\Windows\System\niQvvor.exe
  2⤵
  PID:5628
- C:\Windows\System\qMPQWJA.exe
  C:\Windows\System\qMPQWJA.exe
  2⤵
  PID:5652
- C:\Windows\System\IiMNjWK.exe
  C:\Windows\System\IiMNjWK.exe
  2⤵
  PID:5676
- C:\Windows\System\mvAYbGf.exe
  C:\Windows\System\mvAYbGf.exe
  2⤵
  PID:5696
- C:\Windows\System\qknYidd.exe
  C:\Windows\System\qknYidd.exe
  2⤵
  PID:5712
- C:\Windows\System\YCRIPSW.exe
  C:\Windows\System\YCRIPSW.exe
  2⤵
  PID:5728
- C:\Windows\System\HcetJZX.exe
  C:\Windows\System\HcetJZX.exe
  2⤵
  PID:5756
- C:\Windows\System\EuvKNwU.exe
  C:\Windows\System\EuvKNwU.exe
  2⤵
  PID:5784
- C:\Windows\System\rDZBQDT.exe
  C:\Windows\System\rDZBQDT.exe
  2⤵
  PID:5804
- C:\Windows\System\RmKTWCu.exe
  C:\Windows\System\RmKTWCu.exe
  2⤵
  PID:5820
- C:\Windows\System\FiCglvl.exe
  C:\Windows\System\FiCglvl.exe
  2⤵
  PID:5860
- C:\Windows\System\YlMgtri.exe
  C:\Windows\System\YlMgtri.exe
  2⤵
  PID:5876
- C:\Windows\System\zrHncvR.exe
  C:\Windows\System\zrHncvR.exe
  2⤵
  PID:5896
- C:\Windows\System\mgzWoot.exe
  C:\Windows\System\mgzWoot.exe
  2⤵
  PID:5916
- C:\Windows\System\vuCGGpC.exe
  C:\Windows\System\vuCGGpC.exe
  2⤵
  PID:5932
- C:\Windows\System\aaciApH.exe
  C:\Windows\System\aaciApH.exe
  2⤵
  PID:5964
- C:\Windows\System\fwOLPqZ.exe
  C:\Windows\System\fwOLPqZ.exe
  2⤵
  PID:5980
- C:\Windows\System\MYNNKJN.exe
  C:\Windows\System\MYNNKJN.exe
  2⤵
  PID:5996
- C:\Windows\System\FdIeGYP.exe
  C:\Windows\System\FdIeGYP.exe
  2⤵
  PID:6012
- C:\Windows\System\GGcTqvF.exe
  C:\Windows\System\GGcTqvF.exe
  2⤵
  PID:6028
- C:\Windows\System\GVhgsPj.exe
  C:\Windows\System\GVhgsPj.exe
  2⤵
  PID:6044
- C:\Windows\System\FFCYrGE.exe
  C:\Windows\System\FFCYrGE.exe
  2⤵
  PID:6060
- C:\Windows\System\MiZYUJH.exe
  C:\Windows\System\MiZYUJH.exe
  2⤵
  PID:6076
- C:\Windows\System\bXBHVZh.exe
  C:\Windows\System\bXBHVZh.exe
  2⤵
  PID:6104
- C:\Windows\System\pLcPPFw.exe
  C:\Windows\System\pLcPPFw.exe
  2⤵
  PID:6140
- C:\Windows\System\snzMBcN.exe
  C:\Windows\System\snzMBcN.exe
  2⤵
  PID:5004
- C:\Windows\System\NppMoaq.exe
  C:\Windows\System\NppMoaq.exe
  2⤵
  PID:5160
- C:\Windows\System\jCtzAuM.exe
  C:\Windows\System\jCtzAuM.exe
  2⤵
  PID:5204
- C:\Windows\System\uuuCjbO.exe
  C:\Windows\System\uuuCjbO.exe
  2⤵
  PID:5172
- C:\Windows\System\qqvFaEc.exe
  C:\Windows\System\qqvFaEc.exe
  2⤵
  PID:5228
- C:\Windows\System\SsRbKdS.exe
  C:\Windows\System\SsRbKdS.exe
  2⤵
  PID:5220
- C:\Windows\System\OoKhpuG.exe
  C:\Windows\System\OoKhpuG.exe
  2⤵
  PID:5280
- C:\Windows\System\xBWwTMq.exe
  C:\Windows\System\xBWwTMq.exe
  2⤵
  PID:5332
- C:\Windows\System\HGzpVzo.exe
  C:\Windows\System\HGzpVzo.exe
  2⤵
  PID:5372
- C:\Windows\System\KYzUigN.exe
  C:\Windows\System\KYzUigN.exe
  2⤵
  PID:5400
- C:\Windows\System\syuIzzm.exe
  C:\Windows\System\syuIzzm.exe
  2⤵
  PID:5388
- C:\Windows\System\BALLplt.exe
  C:\Windows\System\BALLplt.exe
  2⤵
  PID:5432
- C:\Windows\System\ZTcGjnw.exe
  C:\Windows\System\ZTcGjnw.exe
  2⤵
  PID:5496
- C:\Windows\System\dbUGHcC.exe
  C:\Windows\System\dbUGHcC.exe
  2⤵
  PID:5560
- C:\Windows\System\fZTLywo.exe
  C:\Windows\System\fZTLywo.exe
  2⤵
  PID:5540
- C:\Windows\System\NqagMHk.exe
  C:\Windows\System\NqagMHk.exe
  2⤵
  PID:5608
- C:\Windows\System\SNPauNR.exe
  C:\Windows\System\SNPauNR.exe
  2⤵
  PID:5648
- C:\Windows\System\jBDYvVp.exe
  C:\Windows\System\jBDYvVp.exe
  2⤵
  PID:5720
- C:\Windows\System\Bswmkig.exe
  C:\Windows\System\Bswmkig.exe
  2⤵
  PID:5672
- C:\Windows\System\OFtCsiR.exe
  C:\Windows\System\OFtCsiR.exe
  2⤵
  PID:5592
- C:\Windows\System\zwmHDLv.exe
  C:\Windows\System\zwmHDLv.exe
  2⤵
  PID:5624
- C:\Windows\System\ACbEzKt.exe
  C:\Windows\System\ACbEzKt.exe
  2⤵
  PID:5736
- C:\Windows\System\ozZbLMK.exe
  C:\Windows\System\ozZbLMK.exe
  2⤵
  PID:5800
- C:\Windows\System\uhvOCch.exe
  C:\Windows\System\uhvOCch.exe
  2⤵
  PID:5840
- C:\Windows\System\aHrWalQ.exe
  C:\Windows\System\aHrWalQ.exe
  2⤵
  PID:5868
- C:\Windows\System\hBKxJAs.exe
  C:\Windows\System\hBKxJAs.exe
  2⤵
  PID:5872
- C:\Windows\System\SlzkSMI.exe
  C:\Windows\System\SlzkSMI.exe
  2⤵
  PID:5928
- C:\Windows\System\mmBiaMb.exe
  C:\Windows\System\mmBiaMb.exe
  2⤵
  PID:5960
- C:\Windows\System\SZMYYhE.exe
  C:\Windows\System\SZMYYhE.exe
  2⤵
  PID:6024
- C:\Windows\System\ZrpZiai.exe
  C:\Windows\System\ZrpZiai.exe
  2⤵
  PID:6100
- C:\Windows\System\DFSWcot.exe
  C:\Windows\System\DFSWcot.exe
  2⤵
  PID:6008
- C:\Windows\System\ncFjHTv.exe
  C:\Windows\System\ncFjHTv.exe
  2⤵
  PID:6136
- C:\Windows\System\jvwiUBX.exe
  C:\Windows\System\jvwiUBX.exe
  2⤵
  PID:5196
- C:\Windows\System\sLjMHVq.exe
  C:\Windows\System\sLjMHVq.exe
  2⤵
  PID:5216
- C:\Windows\System\DIWpYbv.exe
  C:\Windows\System\DIWpYbv.exe
  2⤵
  PID:5236
- C:\Windows\System\vuQSKNa.exe
  C:\Windows\System\vuQSKNa.exe
  2⤵
  PID:5264
- C:\Windows\System\dutqIoo.exe
  C:\Windows\System\dutqIoo.exe
  2⤵
  PID:5408
- C:\Windows\System\dihdeWE.exe
  C:\Windows\System\dihdeWE.exe
  2⤵
  PID:5468
- C:\Windows\System\jJeUQow.exe
  C:\Windows\System\jJeUQow.exe
  2⤵
  PID:5300
- C:\Windows\System\GeoYoHb.exe
  C:\Windows\System\GeoYoHb.exe
  2⤵
  PID:5416
- C:\Windows\System\oZEMqwI.exe
  C:\Windows\System\oZEMqwI.exe
  2⤵
  PID:5524
- C:\Windows\System\PZGmvmG.exe
  C:\Windows\System\PZGmvmG.exe
  2⤵
  PID:4156
- C:\Windows\System\YPnAQhm.exe
  C:\Windows\System\YPnAQhm.exe
  2⤵
  PID:5664
- C:\Windows\System\jlOvhSb.exe
  C:\Windows\System\jlOvhSb.exe
  2⤵
  PID:5792
- C:\Windows\System\oebQYpy.exe
  C:\Windows\System\oebQYpy.exe
  2⤵
  PID:5940
- C:\Windows\System\vUqcPlz.exe
  C:\Windows\System\vUqcPlz.exe
  2⤵
  PID:5780
- C:\Windows\System\UuuNYbQ.exe
  C:\Windows\System\UuuNYbQ.exe
  2⤵
  PID:5816
- C:\Windows\System\CnVYwaJ.exe
  C:\Windows\System\CnVYwaJ.exe
  2⤵
  PID:5956
- C:\Windows\System\nevGQOe.exe
  C:\Windows\System\nevGQOe.exe
  2⤵
  PID:5976
- C:\Windows\System\CYewBNt.exe
  C:\Windows\System\CYewBNt.exe
  2⤵
  PID:6112
- C:\Windows\System\EZmQmek.exe
  C:\Windows\System\EZmQmek.exe
  2⤵
  PID:6096
- C:\Windows\System\cKqMxHv.exe
  C:\Windows\System\cKqMxHv.exe
  2⤵
  PID:5384
- C:\Windows\System\AYxjQHc.exe
  C:\Windows\System\AYxjQHc.exe
  2⤵
  PID:5156
- C:\Windows\System\NccfbvA.exe
  C:\Windows\System\NccfbvA.exe
  2⤵
  PID:5516
- C:\Windows\System\xIVhsPo.exe
  C:\Windows\System\xIVhsPo.exe
  2⤵
  PID:5528
- C:\Windows\System\nitSgLu.exe
  C:\Windows\System\nitSgLu.exe
  2⤵
  PID:5512
- C:\Windows\System\dGtyESk.exe
  C:\Windows\System\dGtyESk.exe
  2⤵
  PID:5644
- C:\Windows\System\USXaNmS.exe
  C:\Windows\System\USXaNmS.exe
  2⤵
  PID:5572
- C:\Windows\System\vLjLxcD.exe
  C:\Windows\System\vLjLxcD.exe
  2⤵
  PID:5836
- C:\Windows\System\ZaPfMNj.exe
  C:\Windows\System\ZaPfMNj.exe
  2⤵
  PID:6020
- C:\Windows\System\BRIrLZL.exe
  C:\Windows\System\BRIrLZL.exe
  2⤵
  PID:6092
- C:\Windows\System\rseBFUu.exe
  C:\Windows\System\rseBFUu.exe
  2⤵
  PID:5748
- C:\Windows\System\buEUCMX.exe
  C:\Windows\System\buEUCMX.exe
  2⤵
  PID:6128
- C:\Windows\System\OJVWuiW.exe
  C:\Windows\System\OJVWuiW.exe
  2⤵
  PID:5320
- C:\Windows\System\EAfvApK.exe
  C:\Windows\System\EAfvApK.exe
  2⤵
  PID:4724
- C:\Windows\System\dITNgvg.exe
  C:\Windows\System\dITNgvg.exe
  2⤵
  PID:5484
- C:\Windows\System\cFkFYsB.exe
  C:\Windows\System\cFkFYsB.exe
  2⤵
  PID:5852
- C:\Windows\System\FFKyQmZ.exe
  C:\Windows\System\FFKyQmZ.exe
  2⤵
  PID:6084
- C:\Windows\System\aJMsjuA.exe
  C:\Windows\System\aJMsjuA.exe
  2⤵
  PID:5812
- C:\Windows\System\BtcCXok.exe
  C:\Windows\System\BtcCXok.exe
  2⤵
  PID:5924
- C:\Windows\System\GSwHbMq.exe
  C:\Windows\System\GSwHbMq.exe
  2⤵
  PID:6180
- C:\Windows\System\BmpJDWZ.exe
  C:\Windows\System\BmpJDWZ.exe
  2⤵
  PID:6196
- C:\Windows\System\SPaYXxb.exe
  C:\Windows\System\SPaYXxb.exe
  2⤵
  PID:6212
- C:\Windows\System\knWnadm.exe
  C:\Windows\System\knWnadm.exe
  2⤵
  PID:6232
- C:\Windows\System\bLfruHU.exe
  C:\Windows\System\bLfruHU.exe
  2⤵
  PID:6248
- C:\Windows\System\dnZrUtf.exe
  C:\Windows\System\dnZrUtf.exe
  2⤵
  PID:6288
- C:\Windows\System\cWAOLIs.exe
  C:\Windows\System\cWAOLIs.exe
  2⤵
  PID:6304
- C:\Windows\System\UWoXlUi.exe
  C:\Windows\System\UWoXlUi.exe
  2⤵
  PID:6324
- C:\Windows\System\EdEMShJ.exe
  C:\Windows\System\EdEMShJ.exe
  2⤵
  PID:6340
- C:\Windows\System\BCKxxUY.exe
  C:\Windows\System\BCKxxUY.exe
  2⤵
  PID:6364
- C:\Windows\System\XBnSUYF.exe
  C:\Windows\System\XBnSUYF.exe
  2⤵
  PID:6384
- C:\Windows\System\vAZoeDV.exe
  C:\Windows\System\vAZoeDV.exe
  2⤵
  PID:6400
- C:\Windows\System\wItjFtW.exe
  C:\Windows\System\wItjFtW.exe
  2⤵
  PID:6416
- C:\Windows\System\YxGygUe.exe
  C:\Windows\System\YxGygUe.exe
  2⤵
  PID:6432
- C:\Windows\System\RdsffLH.exe
  C:\Windows\System\RdsffLH.exe
  2⤵
  PID:6468
- C:\Windows\System\KxaIGXp.exe
  C:\Windows\System\KxaIGXp.exe
  2⤵
  PID:6484
- C:\Windows\System\CbIZWpb.exe
  C:\Windows\System\CbIZWpb.exe
  2⤵
  PID:6500
- C:\Windows\System\IAsNjAR.exe
  C:\Windows\System\IAsNjAR.exe
  2⤵
  PID:6516
- C:\Windows\System\keNtvlF.exe
  C:\Windows\System\keNtvlF.exe
  2⤵
  PID:6532
- C:\Windows\System\pNakFGd.exe
  C:\Windows\System\pNakFGd.exe
  2⤵
  PID:6548
- C:\Windows\System\lDrMvPx.exe
  C:\Windows\System\lDrMvPx.exe
  2⤵
  PID:6564
- C:\Windows\System\pJOvyaz.exe
  C:\Windows\System\pJOvyaz.exe
  2⤵
  PID:6584
- C:\Windows\System\UEQbjDv.exe
  C:\Windows\System\UEQbjDv.exe
  2⤵
  PID:6604
- C:\Windows\System\sZdsvBO.exe
  C:\Windows\System\sZdsvBO.exe
  2⤵
  PID:6624
- C:\Windows\System\DjKJGUU.exe
  C:\Windows\System\DjKJGUU.exe
  2⤵
  PID:6644
- C:\Windows\System\sVelPlP.exe
  C:\Windows\System\sVelPlP.exe
  2⤵
  PID:6668
- C:\Windows\System\eYHqzps.exe
  C:\Windows\System\eYHqzps.exe
  2⤵
  PID:6684
- C:\Windows\System\RtbNrxz.exe
  C:\Windows\System\RtbNrxz.exe
  2⤵
  PID:6700
- C:\Windows\System\DmYDYFM.exe
  C:\Windows\System\DmYDYFM.exe
  2⤵
  PID:6716
- C:\Windows\System\vGytRiT.exe
  C:\Windows\System\vGytRiT.exe
  2⤵
  PID:6768
- C:\Windows\System\eGqIeHe.exe
  C:\Windows\System\eGqIeHe.exe
  2⤵
  PID:6784
- C:\Windows\System\BNmUdio.exe
  C:\Windows\System\BNmUdio.exe
  2⤵
  PID:6804
- C:\Windows\System\RdCqiGb.exe
  C:\Windows\System\RdCqiGb.exe
  2⤵
  PID:6820
- C:\Windows\System\QSiVTMF.exe
  C:\Windows\System\QSiVTMF.exe
  2⤵
  PID:6840
- C:\Windows\System\scACXwl.exe
  C:\Windows\System\scACXwl.exe
  2⤵
  PID:6860
- C:\Windows\System\lACPAQt.exe
  C:\Windows\System\lACPAQt.exe
  2⤵
  PID:6880
- C:\Windows\System\gkaWZLH.exe
  C:\Windows\System\gkaWZLH.exe
  2⤵
  PID:6896
- C:\Windows\System\WvUwpeG.exe
  C:\Windows\System\WvUwpeG.exe
  2⤵
  PID:6912
- C:\Windows\System\weSITpl.exe
  C:\Windows\System\weSITpl.exe
  2⤵
  PID:6932
- C:\Windows\System\wOpyBJM.exe
  C:\Windows\System\wOpyBJM.exe
  2⤵
  PID:6948
- C:\Windows\System\RxLktFs.exe
  C:\Windows\System\RxLktFs.exe
  2⤵
  PID:6968
- C:\Windows\System\mLyfeHH.exe
  C:\Windows\System\mLyfeHH.exe
  2⤵
  PID:6984
- C:\Windows\System\ShXIKZX.exe
  C:\Windows\System\ShXIKZX.exe
  2⤵
  PID:7000
- C:\Windows\System\YVGVHac.exe
  C:\Windows\System\YVGVHac.exe
  2⤵
  PID:7040
- C:\Windows\System\vMouuFm.exe
  C:\Windows\System\vMouuFm.exe
  2⤵
  PID:7060
- C:\Windows\System\vjIYryC.exe
  C:\Windows\System\vjIYryC.exe
  2⤵
  PID:7084
- C:\Windows\System\ehTtdzq.exe
  C:\Windows\System\ehTtdzq.exe
  2⤵
  PID:7100
- C:\Windows\System\QElXtdq.exe
  C:\Windows\System\QElXtdq.exe
  2⤵
  PID:7116
- C:\Windows\System\JObYybE.exe
  C:\Windows\System\JObYybE.exe
  2⤵
  PID:7140
- C:\Windows\System\DgJkwqF.exe
  C:\Windows\System\DgJkwqF.exe
  2⤵
  PID:7160
- C:\Windows\System\FKsRnkb.exe
  C:\Windows\System\FKsRnkb.exe
  2⤵
  PID:5508
- C:\Windows\System\cuDbWhF.exe
  C:\Windows\System\cuDbWhF.exe
  2⤵
  PID:5180
- C:\Windows\System\jGBqsQW.exe
  C:\Windows\System\jGBqsQW.exe
  2⤵
  PID:6068
- C:\Windows\System\eZjhJaP.exe
  C:\Windows\System\eZjhJaP.exe
  2⤵
  PID:6072
- C:\Windows\System\GNcqIFt.exe
  C:\Windows\System\GNcqIFt.exe
  2⤵
  PID:5688
- C:\Windows\System\uZNdaWK.exe
  C:\Windows\System\uZNdaWK.exe
  2⤵
  PID:6160
- C:\Windows\System\HZwBVJk.exe
  C:\Windows\System\HZwBVJk.exe
  2⤵
  PID:6188
- C:\Windows\System\yFLyDsf.exe
  C:\Windows\System\yFLyDsf.exe
  2⤵
  PID:6264
- C:\Windows\System\qPaYXOL.exe
  C:\Windows\System\qPaYXOL.exe
  2⤵
  PID:6204
- C:\Windows\System\loOjPig.exe
  C:\Windows\System\loOjPig.exe
  2⤵
  PID:6280
- C:\Windows\System\zKCIcSL.exe
  C:\Windows\System\zKCIcSL.exe
  2⤵
  PID:6312
- C:\Windows\System\mBedptw.exe
  C:\Windows\System\mBedptw.exe
  2⤵
  PID:6372
- C:\Windows\System\rkCEeeA.exe
  C:\Windows\System\rkCEeeA.exe
  2⤵
  PID:6348
- C:\Windows\System\WVvZFGe.exe
  C:\Windows\System\WVvZFGe.exe
  2⤵
  PID:6392
- C:\Windows\System\WkaxIgZ.exe
  C:\Windows\System\WkaxIgZ.exe
  2⤵
  PID:6440
- C:\Windows\System\SkZUNJz.exe
  C:\Windows\System\SkZUNJz.exe
  2⤵
  PID:6396
- C:\Windows\System\aXLCGiP.exe
  C:\Windows\System\aXLCGiP.exe
  2⤵
  PID:6224
- C:\Windows\System\HiWyhze.exe
  C:\Windows\System\HiWyhze.exe
  2⤵
  PID:6480
- C:\Windows\System\EWvYdPD.exe
  C:\Windows\System\EWvYdPD.exe
  2⤵
  PID:6664
- C:\Windows\System\iBSGQNr.exe
  C:\Windows\System\iBSGQNr.exe
  2⤵
  PID:6736
- C:\Windows\System\aEOuWfb.exe
  C:\Windows\System\aEOuWfb.exe
  2⤵
  PID:6708
- C:\Windows\System\orOGvgY.exe
  C:\Windows\System\orOGvgY.exe
  2⤵
  PID:6760
- C:\Windows\System\YAFOlbW.exe
  C:\Windows\System\YAFOlbW.exe
  2⤵
  PID:6780
- C:\Windows\System\BCzTUNr.exe
  C:\Windows\System\BCzTUNr.exe
  2⤵
  PID:6852
- C:\Windows\System\GCXiuIm.exe
  C:\Windows\System\GCXiuIm.exe
  2⤵
  PID:6888
- C:\Windows\System\WDUVIOU.exe
  C:\Windows\System\WDUVIOU.exe
  2⤵
  PID:6832
- C:\Windows\System\tteuewN.exe
  C:\Windows\System\tteuewN.exe
  2⤵
  PID:6996
- C:\Windows\System\YymqHJr.exe
  C:\Windows\System\YymqHJr.exe
  2⤵
  PID:7092
- C:\Windows\System\TlXLmkD.exe
  C:\Windows\System\TlXLmkD.exe
  2⤵
  PID:7128
- C:\Windows\System\DhFnabe.exe
  C:\Windows\System\DhFnabe.exe
  2⤵
  PID:6908
- C:\Windows\System\IbtBDcC.exe
  C:\Windows\System\IbtBDcC.exe
  2⤵
  PID:6976
- C:\Windows\System\bofMtug.exe
  C:\Windows\System\bofMtug.exe
  2⤵
  PID:7080
- C:\Windows\System\gnmIgUf.exe
  C:\Windows\System\gnmIgUf.exe
  2⤵
  PID:6132
- C:\Windows\System\clbAbCN.exe
  C:\Windows\System\clbAbCN.exe
  2⤵
  PID:6168
- C:\Windows\System\NvTKpxe.exe
  C:\Windows\System\NvTKpxe.exe
  2⤵
  PID:7068
- C:\Windows\System\JzednbU.exe
  C:\Windows\System\JzednbU.exe
  2⤵
  PID:7020
- C:\Windows\System\LCCrcWo.exe
  C:\Windows\System\LCCrcWo.exe
  2⤵
  PID:6276
- C:\Windows\System\dIAZNcD.exe
  C:\Windows\System\dIAZNcD.exe
  2⤵
  PID:6316
- C:\Windows\System\KSKxyOj.exe
  C:\Windows\System\KSKxyOj.exe
  2⤵
  PID:6464
- C:\Windows\System\lmVXCom.exe
  C:\Windows\System\lmVXCom.exe
  2⤵
  PID:6156
- C:\Windows\System\YtSRumr.exe
  C:\Windows\System\YtSRumr.exe
  2⤵
  PID:7112
- C:\Windows\System\XuoLMen.exe
  C:\Windows\System\XuoLMen.exe
  2⤵
  PID:6596
- C:\Windows\System\JligErm.exe
  C:\Windows\System\JligErm.exe
  2⤵
  PID:5556
- C:\Windows\System\RPQaQbt.exe
  C:\Windows\System\RPQaQbt.exe
  2⤵
  PID:6508
- C:\Windows\System\KNcSqoL.exe
  C:\Windows\System\KNcSqoL.exe
  2⤵
  PID:6724
- C:\Windows\System\TpbpVuG.exe
  C:\Windows\System\TpbpVuG.exe
  2⤵
  PID:6572
- C:\Windows\System\rwXFBpG.exe
  C:\Windows\System\rwXFBpG.exe
  2⤵
  PID:6476
- C:\Windows\System\uREAJCH.exe
  C:\Windows\System\uREAJCH.exe
  2⤵
  PID:6796
- C:\Windows\System\twLXozX.exe
  C:\Windows\System\twLXozX.exe
  2⤵
  PID:7132
- C:\Windows\System\kTCUIzf.exe
  C:\Windows\System\kTCUIzf.exe
  2⤵
  PID:6848
- C:\Windows\System\ykfXmFc.exe
  C:\Windows\System\ykfXmFc.exe
  2⤵
  PID:7052
- C:\Windows\System\HTktYyT.exe
  C:\Windows\System\HTktYyT.exe
  2⤵
  PID:6876
- C:\Windows\System\RCTVgbk.exe
  C:\Windows\System\RCTVgbk.exe
  2⤵
  PID:7012
- C:\Windows\System\QOfHrdy.exe
  C:\Windows\System\QOfHrdy.exe
  2⤵
  PID:7028
- C:\Windows\System\qtVElwa.exe
  C:\Windows\System\qtVElwa.exe
  2⤵
  PID:5604
- C:\Windows\System\RmovqOv.exe
  C:\Windows\System\RmovqOv.exe
  2⤵
  PID:7016
- C:\Windows\System\UtKkcIs.exe
  C:\Windows\System\UtKkcIs.exe
  2⤵
  PID:6228
- C:\Windows\System\mukizED.exe
  C:\Windows\System\mukizED.exe
  2⤵
  PID:6336
- C:\Windows\System\oPMXHch.exe
  C:\Windows\System\oPMXHch.exe
  2⤵
  PID:6632
- C:\Windows\System\AmeXUcC.exe
  C:\Windows\System\AmeXUcC.exe
  2⤵
  PID:6620
- C:\Windows\System\wVHMhJv.exe
  C:\Windows\System\wVHMhJv.exe
  2⤵
  PID:6944
- C:\Windows\System\GVVFWzS.exe
  C:\Windows\System\GVVFWzS.exe
  2⤵
  PID:6924
- C:\Windows\System\FfyAWUT.exe
  C:\Windows\System\FfyAWUT.exe
  2⤵
  PID:6816
- C:\Windows\System\shWcqPI.exe
  C:\Windows\System\shWcqPI.exe
  2⤵
  PID:6640
- C:\Windows\System\iojGSFA.exe
  C:\Windows\System\iojGSFA.exe
  2⤵
  PID:6872
- C:\Windows\System\rJdFlqO.exe
  C:\Windows\System\rJdFlqO.exe
  2⤵
  PID:7076
- C:\Windows\System\AzeXgYV.exe
  C:\Windows\System\AzeXgYV.exe
  2⤵
  PID:6636
- C:\Windows\System\VxXdxfN.exe
  C:\Windows\System\VxXdxfN.exe
  2⤵
  PID:6424
- C:\Windows\System\uJEucTy.exe
  C:\Windows\System\uJEucTy.exe
  2⤵
  PID:6856
- C:\Windows\System\WbwjnxM.exe
  C:\Windows\System\WbwjnxM.exe
  2⤵
  PID:6576
- C:\Windows\System\ifxLSDs.exe
  C:\Windows\System\ifxLSDs.exe
  2⤵
  PID:6776
- C:\Windows\System\rKTefwf.exe
  C:\Windows\System\rKTefwf.exe
  2⤵
  PID:7056
- C:\Windows\System\bLXUeGK.exe
  C:\Windows\System\bLXUeGK.exe
  2⤵
  PID:5948
- C:\Windows\System\JCyafyP.exe
  C:\Windows\System\JCyafyP.exe
  2⤵
  PID:6172
- C:\Windows\System\YoTvkkm.exe
  C:\Windows\System\YoTvkkm.exe
  2⤵
  PID:7036
- C:\Windows\System\hLiKzsB.exe
  C:\Windows\System\hLiKzsB.exe
  2⤵
  PID:6448
- C:\Windows\System\szBVrkP.exe
  C:\Windows\System\szBVrkP.exe
  2⤵
  PID:6592
- C:\Windows\System\qpxGaPi.exe
  C:\Windows\System\qpxGaPi.exe
  2⤵
  PID:6992
- C:\Windows\System\qpKsSuf.exe
  C:\Windows\System\qpKsSuf.exe
  2⤵
  PID:7180
- C:\Windows\System\WZjayyx.exe
  C:\Windows\System\WZjayyx.exe
  2⤵
  PID:7196
- C:\Windows\System\hUHSxjw.exe
  C:\Windows\System\hUHSxjw.exe
  2⤵
  PID:7212
- C:\Windows\System\dEWuysW.exe
  C:\Windows\System\dEWuysW.exe
  2⤵
  PID:7228
- C:\Windows\System\TyagMPX.exe
  C:\Windows\System\TyagMPX.exe
  2⤵
  PID:7244
- C:\Windows\System\qnikLtA.exe
  C:\Windows\System\qnikLtA.exe
  2⤵
  PID:7292
- C:\Windows\System\VlRPmMp.exe
  C:\Windows\System\VlRPmMp.exe
  2⤵
  PID:7308
- C:\Windows\System\viEsOjD.exe
  C:\Windows\System\viEsOjD.exe
  2⤵
  PID:7328
- C:\Windows\System\xDvINPm.exe
  C:\Windows\System\xDvINPm.exe
  2⤵
  PID:7356
- C:\Windows\System\ElOlxBl.exe
  C:\Windows\System\ElOlxBl.exe
  2⤵
  PID:7372
- C:\Windows\System\GJxzgLR.exe
  C:\Windows\System\GJxzgLR.exe
  2⤵
  PID:7388
- C:\Windows\System\uqFPTrW.exe
  C:\Windows\System\uqFPTrW.exe
  2⤵
  PID:7404
- C:\Windows\System\lfCELqV.exe
  C:\Windows\System\lfCELqV.exe
  2⤵
  PID:7420
- C:\Windows\System\rhFvahi.exe
  C:\Windows\System\rhFvahi.exe
  2⤵
  PID:7440
- C:\Windows\System\dcnoHnB.exe
  C:\Windows\System\dcnoHnB.exe
  2⤵
  PID:7460
- C:\Windows\System\mUGZqSY.exe
  C:\Windows\System\mUGZqSY.exe
  2⤵
  PID:7476
- C:\Windows\System\CWnlOAB.exe
  C:\Windows\System\CWnlOAB.exe
  2⤵
  PID:7492
- C:\Windows\System\djaMaZn.exe
  C:\Windows\System\djaMaZn.exe
  2⤵
  PID:7512
- C:\Windows\System\ehfkhSq.exe
  C:\Windows\System\ehfkhSq.exe
  2⤵
  PID:7528
- C:\Windows\System\UkZcIoI.exe
  C:\Windows\System\UkZcIoI.exe
  2⤵
  PID:7548
- C:\Windows\System\EFmWmCw.exe
  C:\Windows\System\EFmWmCw.exe
  2⤵
  PID:7564
- C:\Windows\System\nONrDUu.exe
  C:\Windows\System\nONrDUu.exe
  2⤵
  PID:7580
- C:\Windows\System\pLxfuPZ.exe
  C:\Windows\System\pLxfuPZ.exe
  2⤵
  PID:7596
- C:\Windows\System\wtyVeOJ.exe
  C:\Windows\System\wtyVeOJ.exe
  2⤵
  PID:7616
- C:\Windows\System\eUklgFJ.exe
  C:\Windows\System\eUklgFJ.exe
  2⤵
  PID:7632
- C:\Windows\System\ZOllGZX.exe
  C:\Windows\System\ZOllGZX.exe
  2⤵
  PID:7648
- C:\Windows\System\HZvexmu.exe
  C:\Windows\System\HZvexmu.exe
  2⤵
  PID:7668
- C:\Windows\System\BibmEWx.exe
  C:\Windows\System\BibmEWx.exe
  2⤵
  PID:7684
- C:\Windows\System\tyuokIp.exe
  C:\Windows\System\tyuokIp.exe
  2⤵
  PID:7700
- C:\Windows\System\hFcDkEw.exe
  C:\Windows\System\hFcDkEw.exe
  2⤵
  PID:7716
- C:\Windows\System\bMgVdmv.exe
  C:\Windows\System\bMgVdmv.exe
  2⤵
  PID:7744
- C:\Windows\System\PemFlZw.exe
  C:\Windows\System\PemFlZw.exe
  2⤵
  PID:7768
- C:\Windows\System\hzdwbFv.exe
  C:\Windows\System\hzdwbFv.exe
  2⤵
  PID:7788
- C:\Windows\System\tkgPEac.exe
  C:\Windows\System\tkgPEac.exe
  2⤵
  PID:7804
- C:\Windows\System\BGdDVJz.exe
  C:\Windows\System\BGdDVJz.exe
  2⤵
  PID:7820
- C:\Windows\System\zpTzKEc.exe
  C:\Windows\System\zpTzKEc.exe
  2⤵
  PID:7840
- C:\Windows\System\ixoOrCT.exe
  C:\Windows\System\ixoOrCT.exe
  2⤵
  PID:7912
- C:\Windows\System\yJQgYas.exe
  C:\Windows\System\yJQgYas.exe
  2⤵
  PID:7936
- C:\Windows\System\CdsGzGp.exe
  C:\Windows\System\CdsGzGp.exe
  2⤵
  PID:7960
- C:\Windows\System\ujYGmMi.exe
  C:\Windows\System\ujYGmMi.exe
  2⤵
  PID:7980
- C:\Windows\System\bPMFiEw.exe
  C:\Windows\System\bPMFiEw.exe
  2⤵
  PID:7996
- C:\Windows\System\hmbEAiH.exe
  C:\Windows\System\hmbEAiH.exe
  2⤵
  PID:8012
- C:\Windows\System\QrsPurn.exe
  C:\Windows\System\QrsPurn.exe
  2⤵
  PID:8040
- C:\Windows\System\EnDEiLZ.exe
  C:\Windows\System\EnDEiLZ.exe
  2⤵
  PID:8056
- C:\Windows\System\KdjzQWa.exe
  C:\Windows\System\KdjzQWa.exe
  2⤵
  PID:8072
- C:\Windows\System\oSeUlHI.exe
  C:\Windows\System\oSeUlHI.exe
  2⤵
  PID:8092
- C:\Windows\System\qMsLrdj.exe
  C:\Windows\System\qMsLrdj.exe
  2⤵
  PID:8120
- C:\Windows\System\OkQiQwW.exe
  C:\Windows\System\OkQiQwW.exe
  2⤵
  PID:8140
- C:\Windows\System\NImoQUp.exe
  C:\Windows\System\NImoQUp.exe
  2⤵
  PID:8156
- C:\Windows\System\kmAgSlB.exe
  C:\Windows\System\kmAgSlB.exe
  2⤵
  PID:8176
- C:\Windows\System\hPhWFBW.exe
  C:\Windows\System\hPhWFBW.exe
  2⤵
  PID:7172
- C:\Windows\System\DlAnDxn.exe
  C:\Windows\System\DlAnDxn.exe
  2⤵
  PID:7236
- C:\Windows\System\wpTLbgG.exe
  C:\Windows\System\wpTLbgG.exe
  2⤵
  PID:6612
- C:\Windows\System\zPhPGwA.exe
  C:\Windows\System\zPhPGwA.exe
  2⤵
  PID:7272
- C:\Windows\System\HkOLiHq.exe
  C:\Windows\System\HkOLiHq.exe
  2⤵
  PID:7188
- C:\Windows\System\wyiIVvy.exe
  C:\Windows\System\wyiIVvy.exe
  2⤵
  PID:7260
- C:\Windows\System\mtvitrM.exe
  C:\Windows\System\mtvitrM.exe
  2⤵
  PID:7300
- C:\Windows\System\oqfzACq.exe
  C:\Windows\System\oqfzACq.exe
  2⤵
  PID:7344
- C:\Windows\System\daoPdtb.exe
  C:\Windows\System\daoPdtb.exe
  2⤵
  PID:7380
- C:\Windows\System\NFHdGkC.exe
  C:\Windows\System\NFHdGkC.exe
  2⤵
  PID:7448
- C:\Windows\System\bgrUERx.exe
  C:\Windows\System\bgrUERx.exe
  2⤵
  PID:7520
- C:\Windows\System\iSgJoGK.exe
  C:\Windows\System\iSgJoGK.exe
  2⤵
  PID:7628
- C:\Windows\System\ZGxaDbl.exe
  C:\Windows\System\ZGxaDbl.exe
  2⤵
  PID:7692
- C:\Windows\System\fIeVAUz.exe
  C:\Windows\System\fIeVAUz.exe
  2⤵
  PID:7784
- C:\Windows\System\KCGQfqA.exe
  C:\Windows\System\KCGQfqA.exe
  2⤵
  PID:7812
- C:\Windows\System\nydVQZd.exe
  C:\Windows\System\nydVQZd.exe
  2⤵
  PID:7868
- C:\Windows\System\aiHJMXq.exe
  C:\Windows\System\aiHJMXq.exe
  2⤵
  PID:7884
- C:\Windows\System\wyEOVap.exe
  C:\Windows\System\wyEOVap.exe
  2⤵
  PID:7904
- C:\Windows\System\IUxXjHR.exe
  C:\Windows\System\IUxXjHR.exe
  2⤵
  PID:7428
- C:\Windows\System\AAmwzVu.exe
  C:\Windows\System\AAmwzVu.exe
  2⤵
  PID:7500
- C:\Windows\System\UChRwqi.exe
  C:\Windows\System\UChRwqi.exe
  2⤵
  PID:7576
- C:\Windows\System\QtAZYmn.exe
  C:\Windows\System\QtAZYmn.exe
  2⤵
  PID:7640
- C:\Windows\System\yunPAke.exe
  C:\Windows\System\yunPAke.exe
  2⤵
  PID:7712
- C:\Windows\System\MoqIgOK.exe
  C:\Windows\System\MoqIgOK.exe
  2⤵
  PID:7800
- C:\Windows\System\tanIWOE.exe
  C:\Windows\System\tanIWOE.exe
  2⤵
  PID:7920
- C:\Windows\System\WBytYxz.exe
  C:\Windows\System\WBytYxz.exe
  2⤵
  PID:7956
- C:\Windows\System\rrIVEEq.exe
  C:\Windows\System\rrIVEEq.exe
  2⤵
  PID:7988
- C:\Windows\System\LyLMBNi.exe
  C:\Windows\System\LyLMBNi.exe
  2⤵
  PID:8024
- C:\Windows\System\TkoOKQT.exe
  C:\Windows\System\TkoOKQT.exe
  2⤵
  PID:8036
- C:\Windows\System\PMHlhNM.exe
  C:\Windows\System\PMHlhNM.exe
  2⤵
  PID:8052
- C:\Windows\System\UhxKbin.exe
  C:\Windows\System\UhxKbin.exe
  2⤵
  PID:8112
- C:\Windows\System\EdTUmKA.exe
  C:\Windows\System\EdTUmKA.exe
  2⤵
  PID:8128
- C:\Windows\System\PRWgWxy.exe
  C:\Windows\System\PRWgWxy.exe
  2⤵
  PID:8132
- C:\Windows\System\orssywf.exe
  C:\Windows\System\orssywf.exe
  2⤵
  PID:7124
- C:\Windows\System\NYEenQg.exe
  C:\Windows\System\NYEenQg.exe
  2⤵
  PID:7108
- C:\Windows\System\MDPCMYq.exe
  C:\Windows\System\MDPCMYq.exe
  2⤵
  PID:7284
- C:\Windows\System\YIagvyd.exe
  C:\Windows\System\YIagvyd.exe
  2⤵
  PID:7220
- C:\Windows\System\pzffoAQ.exe
  C:\Windows\System\pzffoAQ.exe
  2⤵
  PID:7224
- C:\Windows\System\CVvSsqe.exe
  C:\Windows\System\CVvSsqe.exe
  2⤵
  PID:7488
- C:\Windows\System\CWCxNck.exe
  C:\Windows\System\CWCxNck.exe
  2⤵
  PID:7560
- C:\Windows\System\ViMXppf.exe
  C:\Windows\System\ViMXppf.exe
  2⤵
  PID:7728
- C:\Windows\System\zTuGmWc.exe
  C:\Windows\System\zTuGmWc.exe
  2⤵
  PID:7780
- C:\Windows\System\blCfoNq.exe
  C:\Windows\System\blCfoNq.exe
  2⤵
  PID:7856
- C:\Windows\System\HNECvIw.exe
  C:\Windows\System\HNECvIw.exe
  2⤵
  PID:7900
- C:\Windows\System\YGsBRGr.exe
  C:\Windows\System\YGsBRGr.exe
  2⤵
  PID:7468
- C:\Windows\System\dKwwRUM.exe
  C:\Windows\System\dKwwRUM.exe
  2⤵
  PID:7680
- C:\Windows\System\ASckiIU.exe
  C:\Windows\System\ASckiIU.exe
  2⤵
  PID:7796
- C:\Windows\System\kaZCinY.exe
  C:\Windows\System\kaZCinY.exe
  2⤵
  PID:7932
- C:\Windows\System\rVmZaAw.exe
  C:\Windows\System\rVmZaAw.exe
  2⤵
  PID:8028
- C:\Windows\System\pDiFyLk.exe
  C:\Windows\System\pDiFyLk.exe
  2⤵
  PID:8104
- C:\Windows\System\VbAoVAP.exe
  C:\Windows\System\VbAoVAP.exe
  2⤵
  PID:7952
- C:\Windows\System\nMXRodr.exe
  C:\Windows\System\nMXRodr.exe
  2⤵
  PID:6540
- C:\Windows\System\GEnwhTC.exe
  C:\Windows\System\GEnwhTC.exe
  2⤵
  PID:8048
- C:\Windows\System\WKIssae.exe
  C:\Windows\System\WKIssae.exe
  2⤵
  PID:8088
- C:\Windows\System\ICIimfU.exe
  C:\Windows\System\ICIimfU.exe
  2⤵
  PID:7352
- C:\Windows\System\JQveYQV.exe
  C:\Windows\System\JQveYQV.exe
  2⤵
  PID:7252
- C:\Windows\System\CWppUWD.exe
  C:\Windows\System\CWppUWD.exe
  2⤵
  PID:7660
- C:\Windows\System\KHDvKsp.exe
  C:\Windows\System\KHDvKsp.exe
  2⤵
  PID:7664
- C:\Windows\System\PMqVGgE.exe
  C:\Windows\System\PMqVGgE.exe
  2⤵
  PID:7776
- C:\Windows\System\KbSzrlm.exe
  C:\Windows\System\KbSzrlm.exe
  2⤵
  PID:7536
- C:\Windows\System\cvmbDWm.exe
  C:\Windows\System\cvmbDWm.exe
  2⤵
  PID:7756
- C:\Windows\System\IRzKidM.exe
  C:\Windows\System\IRzKidM.exe
  2⤵
  PID:7676
- C:\Windows\System\CtMJQwP.exe
  C:\Windows\System\CtMJQwP.exe
  2⤵
  PID:8068
- C:\Windows\System\NGDtMRy.exe
  C:\Windows\System\NGDtMRy.exe
  2⤵
  PID:8020
- C:\Windows\System\DwCRIRU.exe
  C:\Windows\System\DwCRIRU.exe
  2⤵
  PID:7948
- C:\Windows\System\bUneCdP.exe
  C:\Windows\System\bUneCdP.exe
  2⤵
  PID:7396
- C:\Windows\System\qFOOOrN.exe
  C:\Windows\System\qFOOOrN.exe
  2⤵
  PID:7592
- C:\Windows\System\CGjMnUA.exe
  C:\Windows\System\CGjMnUA.exe
  2⤵
  PID:7508
- C:\Windows\System\MndISAa.exe
  C:\Windows\System\MndISAa.exe
  2⤵
  PID:7760
- C:\Windows\System\AfDUXkW.exe
  C:\Windows\System\AfDUXkW.exe
  2⤵
  PID:7540
- C:\Windows\System\ySrZmxa.exe
  C:\Windows\System\ySrZmxa.exe
  2⤵
  PID:6960
- C:\Windows\System\BZFlcOl.exe
  C:\Windows\System\BZFlcOl.exe
  2⤵
  PID:8152
- C:\Windows\System\OZwxQZk.exe
  C:\Windows\System\OZwxQZk.exe
  2⤵
  PID:8100
- C:\Windows\System\NrFRvUz.exe
  C:\Windows\System\NrFRvUz.exe
  2⤵
  PID:7276
- C:\Windows\System\lBSsgyW.exe
  C:\Windows\System\lBSsgyW.exe
  2⤵
  PID:8004
- C:\Windows\System\VrRgqYp.exe
  C:\Windows\System\VrRgqYp.exe
  2⤵
  PID:7152
- C:\Windows\System\iYKYAUm.exe
  C:\Windows\System\iYKYAUm.exe
  2⤵
  PID:8208
- C:\Windows\System\KgCXilJ.exe
  C:\Windows\System\KgCXilJ.exe
  2⤵
  PID:8224
- C:\Windows\System\qfQgqDY.exe
  C:\Windows\System\qfQgqDY.exe
  2⤵
  PID:8240
- C:\Windows\System\XGFxxtF.exe
  C:\Windows\System\XGFxxtF.exe
  2⤵
  PID:8264
- C:\Windows\System\FDmOTXh.exe
  C:\Windows\System\FDmOTXh.exe
  2⤵
  PID:8292
- C:\Windows\System\HcUomFG.exe
  C:\Windows\System\HcUomFG.exe
  2⤵
  PID:8312
- C:\Windows\System\fnqYDaX.exe
  C:\Windows\System\fnqYDaX.exe
  2⤵
  PID:8328
- C:\Windows\System\xmsXDUu.exe
  C:\Windows\System\xmsXDUu.exe
  2⤵
  PID:8344
- C:\Windows\System\ebCLBxa.exe
  C:\Windows\System\ebCLBxa.exe
  2⤵
  PID:8360
- C:\Windows\System\HfwgncA.exe
  C:\Windows\System\HfwgncA.exe
  2⤵
  PID:8392
- C:\Windows\System\ncjfxro.exe
  C:\Windows\System\ncjfxro.exe
  2⤵
  PID:8412
- C:\Windows\System\EyXkdVG.exe
  C:\Windows\System\EyXkdVG.exe
  2⤵
  PID:8428
- C:\Windows\System\GgQvosZ.exe
  C:\Windows\System\GgQvosZ.exe
  2⤵
  PID:8444
- C:\Windows\System\TLtkMBf.exe
  C:\Windows\System\TLtkMBf.exe
  2⤵
  PID:8476
- C:\Windows\System\jJWdROs.exe
  C:\Windows\System\jJWdROs.exe
  2⤵
  PID:8496
- C:\Windows\System\GpwrlhH.exe
  C:\Windows\System\GpwrlhH.exe
  2⤵
  PID:8532
- C:\Windows\System\NbPUnKY.exe
  C:\Windows\System\NbPUnKY.exe
  2⤵
  PID:8552
- C:\Windows\System\mJbAVEY.exe
  C:\Windows\System\mJbAVEY.exe
  2⤵
  PID:8568
- C:\Windows\System\CfdfnCc.exe
  C:\Windows\System\CfdfnCc.exe
  2⤵
  PID:8584
- C:\Windows\System\zERFPtU.exe
  C:\Windows\System\zERFPtU.exe
  2⤵
  PID:8604
- C:\Windows\System\RXMmjjg.exe
  C:\Windows\System\RXMmjjg.exe
  2⤵
  PID:8620
- C:\Windows\System\IudebVw.exe
  C:\Windows\System\IudebVw.exe
  2⤵
  PID:8636
- C:\Windows\System\gtZINld.exe
  C:\Windows\System\gtZINld.exe
  2⤵
  PID:8664
- C:\Windows\System\vtINhsu.exe
  C:\Windows\System\vtINhsu.exe
  2⤵
  PID:8688
- C:\Windows\System\nJLuPmg.exe
  C:\Windows\System\nJLuPmg.exe
  2⤵
  PID:8704
- C:\Windows\System\RzocNlY.exe
  C:\Windows\System\RzocNlY.exe
  2⤵
  PID:8728
- C:\Windows\System\mHfUXoW.exe
  C:\Windows\System\mHfUXoW.exe
  2⤵
  PID:8744
- C:\Windows\System\HhQhGUw.exe
  C:\Windows\System\HhQhGUw.exe
  2⤵
  PID:8760
- C:\Windows\System\EQrJogJ.exe
  C:\Windows\System\EQrJogJ.exe
  2⤵
  PID:8780
- C:\Windows\System\lWbmWpB.exe
  C:\Windows\System\lWbmWpB.exe
  2⤵
  PID:8816
- C:\Windows\System\ERxEQyf.exe
  C:\Windows\System\ERxEQyf.exe
  2⤵
  PID:8836
- C:\Windows\System\TrfTXze.exe
  C:\Windows\System\TrfTXze.exe
  2⤵
  PID:8852
- C:\Windows\System\qoixcwt.exe
  C:\Windows\System\qoixcwt.exe
  2⤵
  PID:8872
- C:\Windows\System\CreiBPU.exe
  C:\Windows\System\CreiBPU.exe
  2⤵
  PID:8892
- C:\Windows\System\eVFpYTw.exe
  C:\Windows\System\eVFpYTw.exe
  2⤵
  PID:8908
- C:\Windows\System\qRrDeOv.exe
  C:\Windows\System\qRrDeOv.exe
  2⤵
  PID:8924
- C:\Windows\System\XKWqbOl.exe
  C:\Windows\System\XKWqbOl.exe
  2⤵
  PID:8940
- C:\Windows\System\wBGhIYz.exe
  C:\Windows\System\wBGhIYz.exe
  2⤵
  PID:8956
- C:\Windows\System\pjnlGUI.exe
  C:\Windows\System\pjnlGUI.exe
  2⤵
  PID:8980
- C:\Windows\System\eJxqvIT.exe
  C:\Windows\System\eJxqvIT.exe
  2⤵
  PID:9000
- C:\Windows\System\bHSrJZu.exe
  C:\Windows\System\bHSrJZu.exe
  2⤵
  PID:9020
- C:\Windows\System\gmfJvVU.exe
  C:\Windows\System\gmfJvVU.exe
  2⤵
  PID:9040
- C:\Windows\System\lYVQUKY.exe
  C:\Windows\System\lYVQUKY.exe
  2⤵
  PID:9064
- C:\Windows\System\JnVwSIf.exe
  C:\Windows\System\JnVwSIf.exe
  2⤵
  PID:9080
- C:\Windows\System\WzGhXcc.exe
  C:\Windows\System\WzGhXcc.exe
  2⤵
  PID:9120
- C:\Windows\System\sLAWFHx.exe
  C:\Windows\System\sLAWFHx.exe
  2⤵
  PID:9140
- C:\Windows\System\CsfVPiD.exe
  C:\Windows\System\CsfVPiD.exe
  2⤵
  PID:9156
- C:\Windows\System\RyJaESi.exe
  C:\Windows\System\RyJaESi.exe
  2⤵
  PID:9180
- C:\Windows\System\GqFLZuw.exe
  C:\Windows\System\GqFLZuw.exe
  2⤵
  PID:9196
- C:\Windows\System\ELokENr.exe
  C:\Windows\System\ELokENr.exe
  2⤵
  PID:8200
- C:\Windows\System\udifnLn.exe
  C:\Windows\System\udifnLn.exe
  2⤵
  PID:7860
- C:\Windows\System\KGQCBCO.exe
  C:\Windows\System\KGQCBCO.exe
  2⤵
  PID:8288
- C:\Windows\System\ruujPNM.exe
  C:\Windows\System\ruujPNM.exe
  2⤵
  PID:8356
- C:\Windows\System\bGYKQze.exe
  C:\Windows\System\bGYKQze.exe
  2⤵
  PID:7724
- C:\Windows\System\efVjGVM.exe
  C:\Windows\System\efVjGVM.exe
  2⤵
  PID:8108
- C:\Windows\System\MMkQzEJ.exe
  C:\Windows\System\MMkQzEJ.exe
  2⤵
  PID:8216
- C:\Windows\System\hCpSIPs.exe
  C:\Windows\System\hCpSIPs.exe
  2⤵
  PID:7368
- C:\Windows\System\juDuMyH.exe
  C:\Windows\System\juDuMyH.exe
  2⤵
  PID:8304
- C:\Windows\System\ubDFuQQ.exe
  C:\Windows\System\ubDFuQQ.exe
  2⤵
  PID:8384
- C:\Windows\System\ORUrimW.exe
  C:\Windows\System\ORUrimW.exe
  2⤵
  PID:8460
- C:\Windows\System\kbwBswq.exe
  C:\Windows\System\kbwBswq.exe
  2⤵
  PID:8484
- C:\Windows\System\RFFVaZU.exe
  C:\Windows\System\RFFVaZU.exe
  2⤵
  PID:8520
- C:\Windows\System\QIBmUCJ.exe
  C:\Windows\System\QIBmUCJ.exe
  2⤵
  PID:8548
- C:\Windows\System\CKapDCl.exe
  C:\Windows\System\CKapDCl.exe
  2⤵
  PID:8560
- C:\Windows\System\zCkDkKW.exe
  C:\Windows\System\zCkDkKW.exe
  2⤵
  PID:8648
- C:\Windows\System\YCFYoGB.exe
  C:\Windows\System\YCFYoGB.exe
  2⤵
  PID:8656
- C:\Windows\System\bDHFDyn.exe
  C:\Windows\System\bDHFDyn.exe
  2⤵
  PID:8696
- C:\Windows\System\giNygLs.exe
  C:\Windows\System\giNygLs.exe
  2⤵
  PID:8712
- C:\Windows\System\mdXvaLh.exe
  C:\Windows\System\mdXvaLh.exe
  2⤵
  PID:8768
- C:\Windows\System\yiMBViz.exe
  C:\Windows\System\yiMBViz.exe
  2⤵
  PID:8772
- C:\Windows\System\VQWsnEv.exe
  C:\Windows\System\VQWsnEv.exe
  2⤵
  PID:8800
- C:\Windows\System\DRyZmbS.exe
  C:\Windows\System\DRyZmbS.exe
  2⤵
  PID:8824
- C:\Windows\System\VQsegLh.exe
  C:\Windows\System\VQsegLh.exe
  2⤵
  PID:8864
- C:\Windows\System\YuruiDy.exe
  C:\Windows\System\YuruiDy.exe
  2⤵
  PID:8880
- C:\Windows\System\cCtXkAl.exe
  C:\Windows\System\cCtXkAl.exe
  2⤵
  PID:9008
- C:\Windows\System\MtdAcdB.exe
  C:\Windows\System\MtdAcdB.exe
  2⤵
  PID:9048
- C:\Windows\System\GkgwjKW.exe
  C:\Windows\System\GkgwjKW.exe
  2⤵
  PID:8952
- C:\Windows\System\zwsIVLf.exe
  C:\Windows\System\zwsIVLf.exe
  2⤵
  PID:8996
- C:\Windows\System\xZcTTDw.exe
  C:\Windows\System\xZcTTDw.exe
  2⤵
  PID:9060
- C:\Windows\System\jpQIpEK.exe
  C:\Windows\System\jpQIpEK.exe
  2⤵
  PID:9092
- C:\Windows\System\DOHmuOI.exe
  C:\Windows\System\DOHmuOI.exe
  2⤵
  PID:9108
- C:\Windows\System\zoqBNCq.exe
  C:\Windows\System\zoqBNCq.exe
  2⤵
  PID:9132
- C:\Windows\System\ZODdIHQ.exe
  C:\Windows\System\ZODdIHQ.exe
  2⤵
  PID:9168
- C:\Windows\System\ydgbOVA.exe
  C:\Windows\System\ydgbOVA.exe
  2⤵
  PID:9192
- C:\Windows\System\yyufcQG.exe
  C:\Windows\System\yyufcQG.exe
  2⤵
  PID:8236
- C:\Windows\System\kUWIZXJ.exe
  C:\Windows\System\kUWIZXJ.exe
  2⤵
  PID:8352
- C:\Windows\System\drKYGhO.exe
  C:\Windows\System\drKYGhO.exe
  2⤵
  PID:7708
- C:\Windows\System\LlNiSYU.exe
  C:\Windows\System\LlNiSYU.exe
  2⤵
  PID:8084
- C:\Windows\System\qtyoskm.exe
  C:\Windows\System\qtyoskm.exe
  2⤵
  PID:8372
- C:\Windows\System\DJArvqS.exe
  C:\Windows\System\DJArvqS.exe
  2⤵
  PID:8528
- C:\Windows\System\HXwiXgB.exe
  C:\Windows\System\HXwiXgB.exe
  2⤵
  PID:8616
- C:\Windows\System\cIktBWr.exe
  C:\Windows\System\cIktBWr.exe
  2⤵
  PID:8512
- C:\Windows\System\ahiHUzk.exe
  C:\Windows\System\ahiHUzk.exe
  2⤵
  PID:8592
- C:\Windows\System\QaFjUht.exe
  C:\Windows\System\QaFjUht.exe
  2⤵
  PID:8720
- C:\Windows\System\iLDzsWS.exe
  C:\Windows\System\iLDzsWS.exe
  2⤵
  PID:8740
- C:\Windows\System\OTVQrHs.exe
  C:\Windows\System\OTVQrHs.exe
  2⤵
  PID:8844
- C:\Windows\System\HBlSdzv.exe
  C:\Windows\System\HBlSdzv.exe
  2⤵
  PID:8756
- C:\Windows\System\JhviBBG.exe
  C:\Windows\System\JhviBBG.exe
  2⤵
  PID:8968
- C:\Windows\System\NfyWMNC.exe
  C:\Windows\System\NfyWMNC.exe
  2⤵
  PID:9096
- C:\Windows\System\hKrDAvq.exe
  C:\Windows\System\hKrDAvq.exe
  2⤵
  PID:9204
- C:\Windows\System\iFBdQTc.exe
  C:\Windows\System\iFBdQTc.exe
  2⤵
  PID:8948
- C:\Windows\System\rimNISG.exe
  C:\Windows\System\rimNISG.exe
  2⤵
  PID:8220
- C:\Windows\System\YhpgEBW.exe
  C:\Windows\System\YhpgEBW.exe
  2⤵
  PID:9016
- C:\Windows\System\vfqcrLY.exe
  C:\Windows\System\vfqcrLY.exe
  2⤵
  PID:9172
- C:\Windows\System\sNPuWCI.exe
  C:\Windows\System\sNPuWCI.exe
  2⤵
  PID:8320
- C:\Windows\System\woeomHu.exe
  C:\Windows\System\woeomHu.exe
  2⤵
  PID:8524
- C:\Windows\System\yuMzUgD.exe
  C:\Windows\System\yuMzUgD.exe
  2⤵
  PID:8564
- C:\Windows\System\FtHyndg.exe
  C:\Windows\System\FtHyndg.exe
  2⤵
  PID:8652
- C:\Windows\System\NCJIBmr.exe
  C:\Windows\System\NCJIBmr.exe
  2⤵
  PID:8680
- C:\Windows\System\XKOSNwg.exe
  C:\Windows\System\XKOSNwg.exe
  2⤵
  PID:8788
- C:\Windows\System\zTcZInz.exe
  C:\Windows\System\zTcZInz.exe
  2⤵
  PID:8976
- C:\Windows\System\PrqHmQD.exe
  C:\Windows\System\PrqHmQD.exe
  2⤵
  PID:9152
- C:\Windows\System\AZBNdyu.exe
  C:\Windows\System\AZBNdyu.exe
  2⤵
  PID:8932
- C:\Windows\System\ebFRWqL.exe
  C:\Windows\System\ebFRWqL.exe
  2⤵
  PID:8172
- C:\Windows\System\HVKNvrv.exe
  C:\Windows\System\HVKNvrv.exe
  2⤵
  PID:9076
- C:\Windows\System\viFgHqF.exe
  C:\Windows\System\viFgHqF.exe
  2⤵
  PID:8284
- C:\Windows\System\gjJXaVW.exe
  C:\Windows\System\gjJXaVW.exe
  2⤵
  PID:8456
- C:\Windows\System\TgaWPiE.exe
  C:\Windows\System\TgaWPiE.exe
  2⤵
  PID:8516
- C:\Windows\System\UyjHSIM.exe
  C:\Windows\System\UyjHSIM.exe
  2⤵
  PID:8792
- C:\Windows\System\USUncvD.exe
  C:\Windows\System\USUncvD.exe
  2⤵
  PID:8904
- C:\Windows\System\WMmwxcq.exe
  C:\Windows\System\WMmwxcq.exe
  2⤵
  PID:8260
- C:\Windows\System\kbOjaqp.exe
  C:\Windows\System\kbOjaqp.exe
  2⤵
  PID:8276
- C:\Windows\System\DIdCrpx.exe
  C:\Windows\System\DIdCrpx.exe
  2⤵
  PID:8440
- C:\Windows\System\rrUmSNb.exe
  C:\Windows\System\rrUmSNb.exe
  2⤵
  PID:8716
- C:\Windows\System\tuCDDDy.exe
  C:\Windows\System\tuCDDDy.exe
  2⤵
  PID:8812
- C:\Windows\System\SmNKrow.exe
  C:\Windows\System\SmNKrow.exe
  2⤵
  PID:9032
- C:\Windows\System\aJaXFGg.exe
  C:\Windows\System\aJaXFGg.exe
  2⤵
  PID:8992
- C:\Windows\System\NatQZHS.exe
  C:\Windows\System\NatQZHS.exe
  2⤵
  PID:8724
- C:\Windows\System\NzUGeSd.exe
  C:\Windows\System\NzUGeSd.exe
  2⤵
  PID:8336
- C:\Windows\System\YZcIGip.exe
  C:\Windows\System\YZcIGip.exe
  2⤵
  PID:8684
- C:\Windows\System\HXDvuKe.exe
  C:\Windows\System\HXDvuKe.exe
  2⤵
  PID:8504
- C:\Windows\System\hWfrdzh.exe
  C:\Windows\System\hWfrdzh.exe
  2⤵
  PID:8964
- C:\Windows\System\ysAtmaC.exe
  C:\Windows\System\ysAtmaC.exe
  2⤵
  PID:9232
- C:\Windows\System\tPBYCpL.exe
  C:\Windows\System\tPBYCpL.exe
  2⤵
  PID:9248
- C:\Windows\System\hHujaHb.exe
  C:\Windows\System\hHujaHb.exe
  2⤵
  PID:9268
- C:\Windows\System\jbXJftH.exe
  C:\Windows\System\jbXJftH.exe
  2⤵
  PID:9292
- C:\Windows\System\BQPOcys.exe
  C:\Windows\System\BQPOcys.exe
  2⤵
  PID:9308
- C:\Windows\System\PfNLEEx.exe
  C:\Windows\System\PfNLEEx.exe
  2⤵
  PID:9328
- C:\Windows\System\KrIwRWu.exe
  C:\Windows\System\KrIwRWu.exe
  2⤵
  PID:9352
- C:\Windows\System\FmExSjc.exe
  C:\Windows\System\FmExSjc.exe
  2⤵
  PID:9372
- C:\Windows\System\zirFWXd.exe
  C:\Windows\System\zirFWXd.exe
  2⤵
  PID:9388
- C:\Windows\System\zJxURSu.exe
  C:\Windows\System\zJxURSu.exe
  2⤵
  PID:9408
- C:\Windows\System\JKsvwcA.exe
  C:\Windows\System\JKsvwcA.exe
  2⤵
  PID:9424
- C:\Windows\System\OqsQloR.exe
  C:\Windows\System\OqsQloR.exe
  2⤵
  PID:9448
- C:\Windows\System\Ngfyzrr.exe
  C:\Windows\System\Ngfyzrr.exe
  2⤵
  PID:9464
- C:\Windows\System\WFENeYs.exe
  C:\Windows\System\WFENeYs.exe
  2⤵
  PID:9480
- C:\Windows\System\zfdoYKz.exe
  C:\Windows\System\zfdoYKz.exe
  2⤵
  PID:9504
- C:\Windows\System\lbImwrW.exe
  C:\Windows\System\lbImwrW.exe
  2⤵
  PID:9520
- C:\Windows\System\RPjiWKe.exe
  C:\Windows\System\RPjiWKe.exe
  2⤵
  PID:9536
- C:\Windows\System\UKVyGDx.exe
  C:\Windows\System\UKVyGDx.exe
  2⤵
  PID:9552
- C:\Windows\System\IndwcZJ.exe
  C:\Windows\System\IndwcZJ.exe
  2⤵
  PID:9572
- C:\Windows\System\eroqzDi.exe
  C:\Windows\System\eroqzDi.exe
  2⤵
  PID:9592
- C:\Windows\System\JJFKzDb.exe
  C:\Windows\System\JJFKzDb.exe
  2⤵
  PID:9612
- C:\Windows\System\GEGBlLY.exe
  C:\Windows\System\GEGBlLY.exe
  2⤵
  PID:9636
- C:\Windows\System\roOdWeb.exe
  C:\Windows\System\roOdWeb.exe
  2⤵
  PID:9668
- C:\Windows\System\aHkueFi.exe
  C:\Windows\System\aHkueFi.exe
  2⤵
  PID:9692
- C:\Windows\System\SfoSjSc.exe
  C:\Windows\System\SfoSjSc.exe
  2⤵
  PID:9712
- C:\Windows\System\ixMUkLo.exe
  C:\Windows\System\ixMUkLo.exe
  2⤵
  PID:9728
- C:\Windows\System\zOISBSa.exe
  C:\Windows\System\zOISBSa.exe
  2⤵
  PID:9748
- C:\Windows\System\ywGHqaU.exe
  C:\Windows\System\ywGHqaU.exe
  2⤵
  PID:9768
- C:\Windows\System\wbxvfoc.exe
  C:\Windows\System\wbxvfoc.exe
  2⤵
  PID:9792
- C:\Windows\System\RZbxxTp.exe
  C:\Windows\System\RZbxxTp.exe
  2⤵
  PID:9808
- C:\Windows\System\zIhsuEE.exe
  C:\Windows\System\zIhsuEE.exe
  2⤵
  PID:9824
- C:\Windows\System\UcTVUNX.exe
  C:\Windows\System\UcTVUNX.exe
  2⤵
  PID:9848
- C:\Windows\System\udEfCgc.exe
  C:\Windows\System\udEfCgc.exe
  2⤵
  PID:9872
- C:\Windows\System\PzwmiNj.exe
  C:\Windows\System\PzwmiNj.exe
  2⤵
  PID:9888
- C:\Windows\System\EJSyCJu.exe
  C:\Windows\System\EJSyCJu.exe
  2⤵
  PID:9908
- C:\Windows\System\fHjakVG.exe
  C:\Windows\System\fHjakVG.exe
  2⤵
  PID:9928
- C:\Windows\System\mXlumcC.exe
  C:\Windows\System\mXlumcC.exe
  2⤵
  PID:9944
- C:\Windows\System\mQbGtYW.exe
  C:\Windows\System\mQbGtYW.exe
  2⤵
  PID:9960
- C:\Windows\System\jTvmqPZ.exe
  C:\Windows\System\jTvmqPZ.exe
  2⤵
  PID:9984
- C:\Windows\System\yejOdIE.exe
  C:\Windows\System\yejOdIE.exe
  2⤵
  PID:10004
- C:\Windows\System\RaoeETa.exe
  C:\Windows\System\RaoeETa.exe
  2⤵
  PID:10020
- C:\Windows\System\dJRDAif.exe
  C:\Windows\System\dJRDAif.exe
  2⤵
  PID:10036
- C:\Windows\System\SyUPyIQ.exe
  C:\Windows\System\SyUPyIQ.exe
  2⤵
  PID:10068
- C:\Windows\System\DSbqowV.exe
  C:\Windows\System\DSbqowV.exe
  2⤵
  PID:10084
- C:\Windows\System\LDiOIEq.exe
  C:\Windows\System\LDiOIEq.exe
  2⤵
  PID:10108
- C:\Windows\System\axIMQRg.exe
  C:\Windows\System\axIMQRg.exe
  2⤵
  PID:10128
- C:\Windows\System\bNLweIW.exe
  C:\Windows\System\bNLweIW.exe
  2⤵
  PID:10152
- C:\Windows\System\cNwLECj.exe
  C:\Windows\System\cNwLECj.exe
  2⤵
  PID:10168
- C:\Windows\System\McvFOgw.exe
  C:\Windows\System\McvFOgw.exe
  2⤵
  PID:10192
- C:\Windows\System\nmKLhTK.exe
  C:\Windows\System\nmKLhTK.exe
  2⤵
  PID:10212
- C:\Windows\System\gfUWGSK.exe
  C:\Windows\System\gfUWGSK.exe
  2⤵
  PID:10228
- C:\Windows\System\WjjkqiK.exe
  C:\Windows\System\WjjkqiK.exe
  2⤵
  PID:9220
- C:\Windows\System\DRgXLqv.exe
  C:\Windows\System\DRgXLqv.exe
  2⤵
  PID:9280
- C:\Windows\System\ntYTIzw.exe
  C:\Windows\System\ntYTIzw.exe
  2⤵
  PID:9300
- C:\Windows\System\XUYzHIN.exe
  C:\Windows\System\XUYzHIN.exe
  2⤵
  PID:9336
- C:\Windows\System\AidacZn.exe
  C:\Windows\System\AidacZn.exe
  2⤵
  PID:9380
- C:\Windows\System\krHETxK.exe
  C:\Windows\System\krHETxK.exe
  2⤵
  PID:9396
- C:\Windows\System\WvbozJr.exe
  C:\Windows\System\WvbozJr.exe
  2⤵
  PID:9404
- C:\Windows\System\aLjPVCk.exe
  C:\Windows\System\aLjPVCk.exe
  2⤵
  PID:9444
- C:\Windows\System\HsoKzvN.exe
  C:\Windows\System\HsoKzvN.exe
  2⤵
  PID:9500
- C:\Windows\System\mwkmqMw.exe
  C:\Windows\System\mwkmqMw.exe
  2⤵
  PID:9568
- C:\Windows\System\BOFilFG.exe
  C:\Windows\System\BOFilFG.exe
  2⤵
  PID:9584
- C:\Windows\System\YbEJPwH.exe
  C:\Windows\System\YbEJPwH.exe
  2⤵
  PID:9476
- C:\Windows\System\CpmFowW.exe
  C:\Windows\System\CpmFowW.exe
  2⤵
  PID:9620
- C:\Windows\System\LlgLlhx.exe
  C:\Windows\System\LlgLlhx.exe
  2⤵
  PID:9548
- C:\Windows\System\gLMTpWK.exe
  C:\Windows\System\gLMTpWK.exe
  2⤵
  PID:9700
- C:\Windows\System\erloiAB.exe
  C:\Windows\System\erloiAB.exe
  2⤵
  PID:9724
- C:\Windows\System\SpzYbju.exe
  C:\Windows\System\SpzYbju.exe
  2⤵
  PID:9760
- C:\Windows\System\oDsqrbx.exe
  C:\Windows\System\oDsqrbx.exe
  2⤵
  PID:9788
- C:\Windows\System\UWeOXCh.exe
  C:\Windows\System\UWeOXCh.exe
  2⤵
  PID:9840
- C:\Windows\System\jxQpMyW.exe
  C:\Windows\System\jxQpMyW.exe
  2⤵
  PID:9868
- C:\Windows\System\BAIvRnF.exe
  C:\Windows\System\BAIvRnF.exe
  2⤵
  PID:9900
- C:\Windows\System\zdpUcpJ.exe
  C:\Windows\System\zdpUcpJ.exe
  2⤵
  PID:9972
- C:\Windows\System\MWfVnbv.exe
  C:\Windows\System\MWfVnbv.exe
  2⤵
  PID:9924
- C:\Windows\System\zJTLaFm.exe
  C:\Windows\System\zJTLaFm.exe
  2⤵
  PID:9992
- C:\Windows\System\jeKHhqF.exe
  C:\Windows\System\jeKHhqF.exe
  2⤵
  PID:9920
- C:\Windows\System\cCNWHiB.exe
  C:\Windows\System\cCNWHiB.exe
  2⤵
  PID:10092
- C:\Windows\System\rHlQKSg.exe
  C:\Windows\System\rHlQKSg.exe
  2⤵
  PID:10028
- C:\Windows\System\qlQbiKe.exe
  C:\Windows\System\qlQbiKe.exe
  2⤵
  PID:10144
- C:\Windows\System\kQNUDfs.exe
  C:\Windows\System\kQNUDfs.exe
  2⤵
  PID:10124
- C:\Windows\System\iSzUPrT.exe
  C:\Windows\System\iSzUPrT.exe
  2⤵
  PID:10180
- C:\Windows\System\UAJxpFU.exe
  C:\Windows\System\UAJxpFU.exe
  2⤵
  PID:9240
- C:\Windows\System\dBgiChO.exe
  C:\Windows\System\dBgiChO.exe
  2⤵
  PID:8644
- C:\Windows\System\nuPoEWu.exe
  C:\Windows\System\nuPoEWu.exe
  2⤵
  PID:9340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DClBrQp.exe

Filesize
6.1MB

MD5
401eadfbcabf84c84abe57eadd9f1b26

SHA1
2e34e47dbef8fa18533e08da9a548b29dbd58f87

SHA256
b8f4e73c1de622d281da1c123133accdfff141aea1712c6511ba4d6ac7632bf5

SHA512
1a1bdd97e38c1e91bc2e64e1dbc39c925d28f5228a8651dcb38631a8a82928d07cf2771b67ba4d92a16ea456677e5ffcc5e52677e5447f56cb4a4af76748c9d5

Download Submit
C:\Windows\system\DjUzexT.exe

Filesize
6.1MB

MD5
6124850fe0759263a17d1281f45eb0b8

SHA1
a7720c942303aca0a354ab3c10130fad96a1a3b4

SHA256
903af6c9f16be83e90ee276b23ecf892ad36781145a29e23f3e00153ee263818

SHA512
3cace4db11b227f03a6a7f50b14cff6f16e8027d795946c59ba855ce22ecd998dcebdbcc928c7fd6d80ba57f6adfd8cece137334472bad4ed5a1709f84adb9d6

Download Submit
C:\Windows\system\FAjVbvF.exe

Filesize
6.1MB

MD5
a56b950c4f338bddf02ec78be77889b6

SHA1
656914e072a5081ed5214ce54e821932795d88d7

SHA256
80e8e933eb81455c0a0a93ade1a52313805b3b24d61ca3f916740f018d5b6de1

SHA512
746c382979d013fe4b28365f845df33e8604f372eff08265c39e4999ae587fdd667f3571a1882574126a3494726e3989fc224438c33a32d3568eb0f62b5f74a5

Download Submit
C:\Windows\system\GblCewc.exe

Filesize
6.1MB

MD5
972cc9a1ad70e593c3fbe7d0d094bd5a

SHA1
ce6cfb8ff6b054f78ae06a4b6dfd6c22b34e8c8b

SHA256
7b6a4235b4661a1fd5e3e79d58138245da3cd586ed93d13b61177224fa52af70

SHA512
b8dbea8bd5e5640aea36c4fbf52769e8db0cd741b72d38334c4d85e0b87719a01058fdaab1ad09d6f4e96ab5d700de4836a32d282f77b752110012d10a400f16

Download Submit
C:\Windows\system\HAUulVj.exe

Filesize
6.1MB

MD5
36b5eb543d8a04f8592ac2c35191e66d

SHA1
978ea8eeead6d274cba5a600db51bf002cccdcf7

SHA256
048f61876174d7e5b98a88d727068ac8b039e5da02447ddbe24115466956a55f

SHA512
6e1f2d86f414d1d942810991d6a52e6676ce541f2e1336940ca71099531808a9eda3a75536b7b9e7e76284d12341240bc7056547a596da7747603f14ab207dde

Download Submit
C:\Windows\system\JoBYgyA.exe

Filesize
6.1MB

MD5
3cc11d8ab09d8baaef09f0cb1e6f6add

SHA1
cd19b81151f5146294bd73065655a49ee04bc488

SHA256
bccb84b59651081b491ada31de82fcd650b072a9174b1f539ac4460c4c182131

SHA512
a9b7523377274b7a6d283f76b8b8777667ff25c0ce7a1de1e7e33fff3a894a343c332d875bf6d96527dde0785705c664c2582b76acb01d0414f8b3461b9d70b0

Download Submit
C:\Windows\system\JrmFTpB.exe

Filesize
6.1MB

MD5
b5413950fa2b4d72f3e03cbe8dc0b108

SHA1
b455afbe62187455daf333106ef3386da68875b3

SHA256
c708578ad743820b8f0ac26a3fd11a36610a4a1bd4949b06a9de145e00022b87

SHA512
455ba8ffcc72d763a242eaba2c8e9024a779f03948956c7dd094bb89c624f93c02e5f48b61da3f48caa987ed8f23dca530270fd478123c838436dc53e7b5b92c

Download Submit
C:\Windows\system\NgvdChX.exe

Filesize
6.1MB

MD5
cff51068d122b15fcc92a6ba1af7b46a

SHA1
ed42b8d47825a34933e18e2a83c1c416d0b01716

SHA256
95c6bfbb71c505e8181d6fd894dfe496c9a3c7579d7b7eb91c943038020252e9

SHA512
559f96857c8664eaa120e028333811ff04e0ad40eee331b3f9cbafd4bc5b1731755fab1e04b6065307014e22b7b98a6b2514115640425fe8d0d3e929577d52e7

Download Submit
C:\Windows\system\RAoGyzT.exe

Filesize
6.1MB

MD5
9958f9f70e5622b89ca16201c24edbba

SHA1
1ad56cbe35669518129e459611dfb84a9b2a38ff

SHA256
8a2c59c1a6912ca4795fdb239b6b61b4041a833d310848d6f489ce08169b8eef

SHA512
484eabbb5d6f3331304cfe790bf53771c6e43bbcfa7904aa26900e402fd573151c75ed21dd9ef8f632ab1c968e0e941d71f2ddb86163cd2921db880aa0817e82

Download Submit
C:\Windows\system\SBZyczR.exe

Filesize
6.1MB

MD5
737a674c89ec180806f84a89665e8871

SHA1
15760a155277b5e93444039cf1aa7cac62ed9ad1

SHA256
36419203e25026752a55a0f9fb718683333d3441adb12b202f0a9cca234470e6

SHA512
b3f6717adf6e4739485d3099ae0e83611adc128e89d1d071a4c8d6ababe6e0f36ff9b071b0d5838660479f83120402867cac39ff98112b44b0a0edf99a55482c

Download Submit
C:\Windows\system\YBorWwG.exe

Filesize
6.1MB

MD5
ebd4fc9132ff5e065fbf524e793c60da

SHA1
f632f4c0f171553e73fc650bd662ac368440f545

SHA256
40439c7f031fe1fc25ac55599c0fefcf5e10a1e3c3b5a867916eb36ef1f8554a

SHA512
73db3bc5f357fcb21847990c0ea65b0a008918ea536ff1226165cb8b52539e222251e2db725653ced1282535bef7ed057ac47b86186d1ae19f24754de418af70

Download Submit
C:\Windows\system\ZRpJnGY.exe

Filesize
6.1MB

MD5
42598b880bdcb1b27c4ee7d5560311ab

SHA1
89d75f14440c3734b1fc40a16c0e1d8968303cec

SHA256
b3006b92cb1ca38098abe3ae9b48ed1530b97a93f109f2a1490513e1dc09af9e

SHA512
af256ad368abf9d63e9eedd018070932e3deecfbd763320d6d5324cab1d8a7254cd25924777176707226b423733a9a88da058e9d93c766dff20ce0032c291d83

Download Submit
C:\Windows\system\eXCfOPv.exe

Filesize
6.1MB

MD5
30f094971e9e474d3e730f9e38436bc1

SHA1
9eb92ad7834c1a9ccc31cfb06133bb2b41aa2bea

SHA256
d79541eaa7ea051369ffac23736b19f50d432bd372ca079b7f1ead8c92d192db

SHA512
fe7419a77c88bd50b449d077ede01ced0871abc7b038fb682cce4bafd7e18cf6241e2d614327fc195741a015234bee629bbcd78bbd30721f0f78ac2646054b99

Download Submit
C:\Windows\system\ffPIxju.exe

Filesize
6.1MB

MD5
81b54a2390d2f737c0320b0610ecf639

SHA1
b26c3900e3286d0f656c3b8892a8d4930a2c5a8d

SHA256
23bffda3a43117f9e1d0c719a30fdd5062d64db01980cc26ea4464ddf514fc5d

SHA512
51068891dae228686ad5e3ae49a778c43840a36fd90e2d5ab8026a53fa0a5825640688700bc0211ffda9b1e804e917d45a1c5737a86208495d396b0669355f94

Download Submit
C:\Windows\system\hMMnlCu.exe

Filesize
6.1MB

MD5
051f06c102edb80de973d19a65d88ea1

SHA1
5eb38c658455893a9949fbe5971f859a934dda2b

SHA256
db1d40e03bf92eedf4a7481933b63f4fc17817d1900dbac146651dd1548e889e

SHA512
de4c3321eb5552fcf38f677ddfb15cadccc030c0adf9475d412b0e53b949da05f262fb789472fab0c4ad89163dce6b4a1f49e7460fd07323797841d85b72a1e3

Download Submit
C:\Windows\system\ilSMfRR.exe

Filesize
6.1MB

MD5
006474d148884ea3f1f4a2c54fac8172

SHA1
563d26b9a2946c250a573da620397c7ad6950f63

SHA256
07bbb4f8f15dc77f8c34570d3415e14ec67d0649e311e9216e1b79f78ef9066a

SHA512
01ec7668908b4d65c1a5389565ac7fbb239fce17a507674fdf8ee1d69bfe601c26f819f3c950e5018747a13983fe3fda7bfaff08b179e459853332651f983d3d

Download Submit
C:\Windows\system\oXfWZck.exe

Filesize
6.1MB

MD5
46097a38f02fe55ac84260417a1e24fd

SHA1
06bb90531d91cfb5605d31b5f3a3abf2cf6667ca

SHA256
3e44d3a5f597d8444cb53d5226b68e2989fe6409630f61e2f45afa21f0dbc9e1

SHA512
6cd6c325f16f289e018f04d4da2bc823911da1b3c3f8b927e810f028752ed6d8d503fb5b8dc990191da2246aec51b17a416111fde5c600316d634a2f8de61d6f

Download Submit
C:\Windows\system\qHNlNsq.exe

Filesize
6.1MB

MD5
a96db49e1c88243a155c0218b94f6c07

SHA1
4a280f64ffdc9bc6c4974698629998a560b6099d

SHA256
7de93fa77e9b53658ec6824c3876f406b3d6d7f6c425e644d454e4759bc7f8b1

SHA512
621edc709d154496b8cc2a68eef8536857128c4ceef4f525a957385e2fabdf0aa07e392106b5b10596f77efcfb2093a8d126dc13235fa6836d5e9fe66035da7b

Download Submit
C:\Windows\system\rUlmLRZ.exe

Filesize
6.1MB

MD5
03d9fac09dfca1252166f0fce45f9342

SHA1
28e9bd3455b2b2cd695d27a9c5309926903b086d

SHA256
5616e18eb2a22bcb5c178fedd8b39e48133d65d12e36c1d49c7541cc58bef48c

SHA512
966a2791249602102085b10e4320e8efd217998a1fefb88054a9273b76bcbe7b4e0d52d02e2e3425645fae3ead25d5380489d2cde5ea8135b99d5eb88bc4a47b

Download Submit
C:\Windows\system\tkOgRti.exe

Filesize
6.1MB

MD5
2acd27d4aae8026290f9e47faaa2b04d

SHA1
77a5616662e4d2cd620d27053ac0065441fafd4e

SHA256
de08aa23d1ba52b703365c01dc30b9cd4c01cc707e12da7ee35ee09c761abedf

SHA512
c3f4edb3d51d14cd4c7e83a956373fb1d04d09d862bb897805bf5a2a5ff9f3d1f7174e41cf163cb663479c46e99be1af373042eaa4e36e31fd20281055b225a5

Download Submit
C:\Windows\system\wlRnFNh.exe

Filesize
6.1MB

MD5
31ea9b63c45afb4bdbf4125faa8284d1

SHA1
1ad3cb4a4db37102864130ca4882b10c78f76112

SHA256
40e47f3c36b399d45f2f699264cb0f5ea0255406d080cd1e197d7e5164b9abc3

SHA512
f51a6d3841ebb730d37ad09d3633c1b597d66652b7385063d39477a7336e4bb7d6da71391c3b74e8ef2331d21ee37b01926c46b37d5a29cb208e92209d6fd81c

Download Submit
C:\Windows\system\zYUehbg.exe

Filesize
6.1MB

MD5
bc4d1251182e920301fd7c1c96d2cacb

SHA1
d315ec3c18558bda3252089f14844e1da48a8881

SHA256
5fd6b2f9064fa2a3174ddb7721b3cadd73a58a3285170bf585110b2fefa60962

SHA512
b88b73421511576199be64e92858486cd95b6ae75fcb10cc8f7c36a68f6fb223171c02ace6b7a030ffde60e99d15c89fc8ae709ae94dfc7a42f7fb696f50458e

Download Submit
\Windows\system\AXygbNA.exe

Filesize
6.1MB

MD5
02e224068cbcf7a13fbd50e4b7963c27

SHA1
b089f0416a035efd62d7fe6c2184ac6d43714ab6

SHA256
673a9e6001df086cb7c015042d7bb6997c8440e80a141d2a3a7fb98df0938523

SHA512
35228887fa0908b621e8a0c59670b39c057e2ac05a3b0b9b42dd4e41ba7cfab25b6e534d5059a57f8ebc4e5d891b70251a8e274b90a3762c44b766ddb23020e6

Download Submit
\Windows\system\AyvmIJj.exe

Filesize
6.1MB

MD5
c44edde787c38af5362c063dc59c365a

SHA1
5ae72efd5c40c32e80c89dda44a0f8de128863fa

SHA256
f5df706149a56f3bf5e8839e2620f1fb5f0e841768b54f138081e238c256745a

SHA512
1f0c18800cb23e36163d1a791224a6d99d00384132cfb654b6e724cc4f9d1687aa88547612b04edf54242e433f919af9af952170431543eeee4d473ea1c4acbb

Download Submit
\Windows\system\GKMryOf.exe

Filesize
6.1MB

MD5
69311263c2e981bca49d441bdbe0db44

SHA1
4b31b3dc83c9142f9fcd47c26b2b295d12738cb3

SHA256
68751dde352162755998895fa9b0a44f532727ab144b6342668a5da919af009e

SHA512
a00a5546233b7f9d131fad28d6d23dc6d253da7113960fc41f2e19f920554777901c539a4bc55aa1f0adef0407e7ca15033e7103783f6eaa375a7110bfd3d5a1

Download Submit
\Windows\system\RcYhYQn.exe

Filesize
6.1MB

MD5
2872c993d7978ea566475fc853e991ab

SHA1
e266ac492988bb7e380b3aaa795c6b04e73e33d2

SHA256
89f2381fa1ea25c7d142606d9743c2382350d124d0212d105861b3a9fe642bd0

SHA512
67dd9735f400ead540b10c97791d785676027919ac9093015d093dadf4a2404909a15dcb3a3b8ec802875f5938a2da96d26f976c031aec4c0e58fdacf9dcca0d

Download Submit
\Windows\system\ReNIBeo.exe

Filesize
6.1MB

MD5
ed67f58f34d98957d309d8478a3f4a02

SHA1
9b0d461da31427f7de0fae707a522e73955662aa

SHA256
83a72e70178e25bbd7d7b040b060265af15d9a5419ab314aebf972cb36ca8c6d

SHA512
c3de4fb774b7a1365c348429009808787845e52296c188d1f793120f6eb2b7b1bc5aa93cd8f4493fecdd0864eb458982d2b93223c6521fb9e383ca5aa5e61509

Download Submit
\Windows\system\UvgYuBW.exe

Filesize
6.1MB

MD5
8b182f5a4af55d3d36674ddacd199784

SHA1
ede58f3990d97d6abf50b83a973a13a0b6c61513

SHA256
80cd979a53db1b9f1d6a90029539f43b308ddbb5c938177a7a5dae8e549fbbef

SHA512
ce09b0683104523f57021200c44ba802b13ab4e5922792298f3b8537abc31d8076525cfebc4356274f8944d6c2603018b15839eab94000c3c1a6ef14e21bfd25

Download Submit
\Windows\system\XNIntFN.exe

Filesize
6.1MB

MD5
601d425f1de502ca0ee3063932658606

SHA1
e25ac62f382f768ce22396f97f1f80ed641f5ba0

SHA256
c7ec45d5a6d2b0382ddf44aea003157afbaf8768acf7491f21f0bf8abb5d3902

SHA512
42aa7ee60b9d0585edf73c0318224a8f3847923f84c8f63166c3909cb22c4c990dafa27bc577736d9b4f4e952522223a1f84ed4dce4be361686ed17df3c2d809

Download Submit
\Windows\system\kzZYpPG.exe

Filesize
6.1MB

MD5
2f7d61b36db4cd2de0833a195e4395b5

SHA1
b171b8357164783122e7250c0e9542981fbdd393

SHA256
511a610701c1fb34ada7cbc6cae6ce65c19025d88532610670bc163768661e97

SHA512
0f0c7fe40b3dbb694092a07f9da8af0989391195e398789b8e698951d26d5ed2d855fdbcc1e4b37f6f2d2885a15e421d72bb5731a38280e2e79ed3fde058aafc

Download Submit
\Windows\system\pFojLkr.exe

Filesize
6.1MB

MD5
23e0215af0364d452e5c0863b2a0358c

SHA1
a1d638bd8bcd2c4aab6b72eb56012607718a1dc7

SHA256
18e04ab05753eb1872729e60d27cabeed37e4bd2465af4ad6069b165da9231b8

SHA512
c0c76e82de86bc168acf230922d9c537ca64afdd6aea42cd5921097a160169c3683a0ff810c3b43a05d54678a56555d0958e860de8565fea03c529170f36e733

Download Submit
\Windows\system\zizuKfM.exe

Filesize
6.1MB

MD5
e3ab28b4e9104058fd7020a078b52de5

SHA1
920117eb813c210d02cfdda04bf4ed5b11e9e3e0

SHA256
1025b2d8ad6b702ebd0a99ae4730690a1b633064c5e967dfe9534dede6d2673f

SHA512
11b4ef694afa57c1329cd906e68ffe0b25aa195d4a295d781364b32234bba19421d883fd0a8a8df07ac4265e094e38574ffa8129623c69021aeeaa2ed865aa8f

Download Submit
memory/1060-734-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1720-749-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1720-4048-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1796-49-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2460-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1796-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1796-2415-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1796-85-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-78-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-83-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-1411-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-69-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-6-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-737-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1796-735-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1796-15-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1796-22-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-63-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-42-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-57-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-29-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1796-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1796-35-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3365-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1972-59-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1972-27-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2056-37-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-3321-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-61-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3375-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2232-32-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2280-39-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2280-3322-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2280-14-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2348-67-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2348-94-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2348-3841-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2580-81-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3679-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-52-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-79-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2584-1208-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2656-20-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2656-51-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3366-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4046-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2740-89-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1779-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3647-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2772-74-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2772-45-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1617-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4047-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2796-86-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2836-88-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3759-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download