cobaltstrike | 10f738a7039316754cbb4158adfd5684b27f213ad751c439eb1e96380ea9d63e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/09/2024, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0774edb434b24a378e4f55757a557589
SHA1

a44fc0a258944792fca17213217b9f6a7b62176e
SHA256

10f738a7039316754cbb4158adfd5684b27f213ad751c439eb1e96380ea9d63e
SHA512

34e23a6bdd959703efc79a6367d5f628ee80aa949fd2706e4be991eaf335eb4b93c933b91b065f8d3d890e1cad0b7fb5a9608793a91241df388014491b072f35
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU9:T+q56utgpPF8u/79

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000173e4-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173fb-26.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739c-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-33.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-128.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc8-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-55.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001747b-50.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017409-38.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000013b4c-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2308-0-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x00070000000173e4-16.dat	xmrig
behavioral1/files/0x00070000000173fb-26.dat	xmrig
behavioral1/memory/2664-29-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1780-25-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2532-20-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2456-19-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x000800000001739c-7.dat	xmrig
behavioral1/files/0x0007000000017403-33.dat	xmrig
behavioral1/files/0x0005000000019234-45.dat	xmrig
behavioral1/files/0x000500000001924c-60.dat	xmrig
behavioral1/memory/2308-65-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2308-67-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x0005000000019273-72.dat	xmrig
behavioral1/files/0x0005000000019382-91.dat	xmrig
behavioral1/files/0x00050000000193cc-104.dat	xmrig
behavioral1/files/0x00050000000193df-117.dat	xmrig
behavioral1/files/0x00050000000193d9-135.dat	xmrig
behavioral1/files/0x0005000000019401-124.dat	xmrig
behavioral1/files/0x00050000000193c4-128.dat	xmrig
behavioral1/files/0x0009000000016dc8-148.dat	xmrig
behavioral1/files/0x0005000000019277-115.dat	xmrig
behavioral1/memory/2676-99-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001942f-144.dat	xmrig
behavioral1/memory/2308-150-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019389-87.dat	xmrig
behavioral1/memory/2308-79-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019403-133.dat	xmrig
behavioral1/memory/2576-111-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2308-106-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/1248-105-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x00050000000193be-103.dat	xmrig
behavioral1/memory/2896-71-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0005000000019271-68.dat	xmrig
behavioral1/memory/2456-82-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2580-74-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-153.dat	xmrig
behavioral1/files/0x00050000000195e4-170.dat	xmrig
behavioral1/files/0x000500000001961d-183.dat	xmrig
behavioral1/files/0x000500000001961f-187.dat	xmrig
behavioral1/files/0x000500000001961b-177.dat	xmrig
behavioral1/files/0x00050000000194d8-163.dat	xmrig
behavioral1/files/0x000500000001947e-162.dat	xmrig
behavioral1/files/0x0005000000019539-167.dat	xmrig
behavioral1/memory/2720-66-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2716-62-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2308-57-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x000500000001926b-55.dat	xmrig
behavioral1/files/0x000800000001747b-50.dat	xmrig
behavioral1/memory/2900-49-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0009000000017409-38.dat	xmrig
behavioral1/memory/2808-35-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x000e000000013b4c-6.dat	xmrig
behavioral1/memory/2456-3971-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2664-3967-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2532-3977-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2900-3984-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/1780-3991-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2720-3990-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2716-3999-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/1248-4002-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2808-4005-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2896-4006-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2576-4015-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2532	qxvkfhp.exe
2456	fiYcynq.exe
1780	JQGCFza.exe
2664	jstWpnT.exe
2808	pZzKOjT.exe
2900	CMvkiVf.exe
2716	gkAdMIu.exe
2896	ssjxrUo.exe
2580	hYYtnOa.exe
2720	PDkrhuo.exe
2676	xGchCGg.exe
2576	udBaQJZ.exe
1248	sdrzWXf.exe
1792	MadDwiH.exe
2084	CupOSFe.exe
2820	ZzGBxle.exe
768	wVbkPKj.exe
484	nmNJurw.exe
2040	riScQSV.exe
2112	lHdYJDe.exe
1056	gEIJLNO.exe
1740	cVhErVQ.exe
1936	aKHWzjU.exe
2732	xUlsCHu.exe
2132	UfVUNYp.exe
1396	bjMfWwe.exe
1596	SjnmZNF.exe
2656	RsODJik.exe
1044	xWgWKUQ.exe
1312	Ehbeagv.exe
1068	Jotuxiu.exe
1720	gJMJyfq.exe
1716	srVrBCC.exe
836	XgMecCE.exe
1488	LWgzzEB.exe
1320	gFJVdBX.exe
2256	yipwyhG.exe
1524	HdBHbuu.exe
1840	QvKtYPp.exe
2332	LCcaWLN.exe
2004	MWppUIV.exe
3008	SmyDsQk.exe
2380	vztXtEk.exe
3016	FnLsdlX.exe
2936	epYnqCM.exe
620	ZBXkjfT.exe
2412	KnkYlRM.exe
2996	vhtOSRz.exe
884	iydNnSe.exe
2076	gnpkvjP.exe
1216	tGfDRaN.exe
1592	qaOmOcM.exe
1676	hySsqjd.exe
2376	PnDoMCl.exe
1288	ikFBGMi.exe
2908	bGbTMxG.exe
2736	mANTKlC.exe
2360	LVlgWNE.exe
2556	rISXAsG.exe
2620	xtJoUcG.exe
2616	UnOFeHB.exe
1072	btEAwgj.exe
1292	hotPSji.exe
2180	YgWdvfU.exe

Loads dropped DLL 64 IoCs

pid	Process
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2308-0-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x00070000000173e4-16.dat	upx
behavioral1/files/0x00070000000173fb-26.dat	upx
behavioral1/memory/2664-29-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/1780-25-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2532-20-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2456-19-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x000800000001739c-7.dat	upx
behavioral1/files/0x0007000000017403-33.dat	upx
behavioral1/files/0x0005000000019234-45.dat	upx
behavioral1/files/0x000500000001924c-60.dat	upx
behavioral1/files/0x0005000000019273-72.dat	upx
behavioral1/files/0x0005000000019382-91.dat	upx
behavioral1/files/0x00050000000193cc-104.dat	upx
behavioral1/files/0x00050000000193df-117.dat	upx
behavioral1/files/0x00050000000193d9-135.dat	upx
behavioral1/files/0x0005000000019401-124.dat	upx
behavioral1/files/0x00050000000193c4-128.dat	upx
behavioral1/files/0x0009000000016dc8-148.dat	upx
behavioral1/files/0x0005000000019277-115.dat	upx
behavioral1/memory/2676-99-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000500000001942f-144.dat	upx
behavioral1/memory/2308-150-0x0000000002480000-0x00000000027D4000-memory.dmp	upx
behavioral1/files/0x0005000000019389-87.dat	upx
behavioral1/memory/2308-79-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0005000000019403-133.dat	upx
behavioral1/memory/2576-111-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1248-105-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x00050000000193be-103.dat	upx
behavioral1/memory/2896-71-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0005000000019271-68.dat	upx
behavioral1/memory/2456-82-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2580-74-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0005000000019441-153.dat	upx
behavioral1/files/0x00050000000195e4-170.dat	upx
behavioral1/files/0x000500000001961d-183.dat	upx
behavioral1/files/0x000500000001961f-187.dat	upx
behavioral1/files/0x000500000001961b-177.dat	upx
behavioral1/files/0x00050000000194d8-163.dat	upx
behavioral1/files/0x000500000001947e-162.dat	upx
behavioral1/files/0x0005000000019539-167.dat	upx
behavioral1/memory/2720-66-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2716-62-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x000500000001926b-55.dat	upx
behavioral1/files/0x000800000001747b-50.dat	upx
behavioral1/memory/2900-49-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0009000000017409-38.dat	upx
behavioral1/memory/2808-35-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x000e000000013b4c-6.dat	upx
behavioral1/memory/2456-3971-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2664-3967-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2532-3977-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2900-3984-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/1780-3991-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2720-3990-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2716-3999-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/1248-4002-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2808-4005-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2896-4006-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2576-4015-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2580-4027-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nJtemOF.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbeYIHU.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFCBWFv.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnFvkXg.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHDozwL.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWfbrWH.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxDJSdO.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVlbYuv.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiLslbr.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMhxBWW.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEXfdMo.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpEiesB.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvugwdb.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIbunRu.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRwLRrG.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSNuYUl.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYSixGp.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhkotRS.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxJOyKR.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbwqAFJ.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImUPIBe.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXlatHi.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWMhRWk.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNQvdAM.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rONnAPY.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxZvzNH.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVvsyXX.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdDrPCA.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtLlZWu.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNqWOvp.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmCvEuS.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXdFFZU.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsqJnRf.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSVIxIy.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NiceKHl.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHqAfhr.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbtKaub.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYggSpS.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WAFlsAj.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lifVblA.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJDuTHK.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKLawdn.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxONair.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueGkyjh.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OahqzFC.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsQgDMu.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHfuYXo.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxiMxcY.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQthots.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuueHAP.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmDrWuA.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXlBqwh.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuEvDdj.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlGlRCD.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jstWpnT.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfVUNYp.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUkeqHU.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\snkKmaD.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMGMBiN.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRCfoqF.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZCfTqa.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMiakEk.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruIkMKY.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLCQEqh.exe	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2532	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2532	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2532	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2456	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2456	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2456	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 1780	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 1780	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 1780	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 2664	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2664	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2664	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2808	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2808	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2808	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2900	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2900	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2900	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2896	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2896	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2896	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2716	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2716	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2716	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2580	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2580	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2580	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2720	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2720	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2720	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2576	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 2576	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 2576	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 2676	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 2676	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 2676	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 2820	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 2820	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 2820	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 1248	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 1248	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 1248	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 484	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 484	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 484	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 1792	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 1792	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 1792	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 2040	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 2040	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 2040	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 2084	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 2084	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 2084	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 1056	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1056	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1056	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 768	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 768	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 768	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 1740	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 1740	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 1740	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 2112	2308	2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_0774edb434b24a378e4f55757a557589_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\System\qxvkfhp.exe
  C:\Windows\System\qxvkfhp.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\fiYcynq.exe
  C:\Windows\System\fiYcynq.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\JQGCFza.exe
  C:\Windows\System\JQGCFza.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\jstWpnT.exe
  C:\Windows\System\jstWpnT.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\pZzKOjT.exe
  C:\Windows\System\pZzKOjT.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\CMvkiVf.exe
  C:\Windows\System\CMvkiVf.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ssjxrUo.exe
  C:\Windows\System\ssjxrUo.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\gkAdMIu.exe
  C:\Windows\System\gkAdMIu.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\hYYtnOa.exe
  C:\Windows\System\hYYtnOa.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\PDkrhuo.exe
  C:\Windows\System\PDkrhuo.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\udBaQJZ.exe
  C:\Windows\System\udBaQJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\xGchCGg.exe
  C:\Windows\System\xGchCGg.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ZzGBxle.exe
  C:\Windows\System\ZzGBxle.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\sdrzWXf.exe
  C:\Windows\System\sdrzWXf.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\nmNJurw.exe
  C:\Windows\System\nmNJurw.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\MadDwiH.exe
  C:\Windows\System\MadDwiH.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\riScQSV.exe
  C:\Windows\System\riScQSV.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\CupOSFe.exe
  C:\Windows\System\CupOSFe.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\gEIJLNO.exe
  C:\Windows\System\gEIJLNO.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\wVbkPKj.exe
  C:\Windows\System\wVbkPKj.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\cVhErVQ.exe
  C:\Windows\System\cVhErVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\lHdYJDe.exe
  C:\Windows\System\lHdYJDe.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\xUlsCHu.exe
  C:\Windows\System\xUlsCHu.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\aKHWzjU.exe
  C:\Windows\System\aKHWzjU.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\UfVUNYp.exe
  C:\Windows\System\UfVUNYp.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\bjMfWwe.exe
  C:\Windows\System\bjMfWwe.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\SjnmZNF.exe
  C:\Windows\System\SjnmZNF.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\RsODJik.exe
  C:\Windows\System\RsODJik.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\xWgWKUQ.exe
  C:\Windows\System\xWgWKUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\Ehbeagv.exe
  C:\Windows\System\Ehbeagv.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\Jotuxiu.exe
  C:\Windows\System\Jotuxiu.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\gJMJyfq.exe
  C:\Windows\System\gJMJyfq.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\srVrBCC.exe
  C:\Windows\System\srVrBCC.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\XgMecCE.exe
  C:\Windows\System\XgMecCE.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\LWgzzEB.exe
  C:\Windows\System\LWgzzEB.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\gFJVdBX.exe
  C:\Windows\System\gFJVdBX.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\yipwyhG.exe
  C:\Windows\System\yipwyhG.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\HdBHbuu.exe
  C:\Windows\System\HdBHbuu.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\QvKtYPp.exe
  C:\Windows\System\QvKtYPp.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\LCcaWLN.exe
  C:\Windows\System\LCcaWLN.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\MWppUIV.exe
  C:\Windows\System\MWppUIV.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\SmyDsQk.exe
  C:\Windows\System\SmyDsQk.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\vztXtEk.exe
  C:\Windows\System\vztXtEk.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\FnLsdlX.exe
  C:\Windows\System\FnLsdlX.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\epYnqCM.exe
  C:\Windows\System\epYnqCM.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\ZBXkjfT.exe
  C:\Windows\System\ZBXkjfT.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\KnkYlRM.exe
  C:\Windows\System\KnkYlRM.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\vhtOSRz.exe
  C:\Windows\System\vhtOSRz.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\iydNnSe.exe
  C:\Windows\System\iydNnSe.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\gnpkvjP.exe
  C:\Windows\System\gnpkvjP.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\tGfDRaN.exe
  C:\Windows\System\tGfDRaN.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\qaOmOcM.exe
  C:\Windows\System\qaOmOcM.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\hySsqjd.exe
  C:\Windows\System\hySsqjd.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\PnDoMCl.exe
  C:\Windows\System\PnDoMCl.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\ikFBGMi.exe
  C:\Windows\System\ikFBGMi.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\bGbTMxG.exe
  C:\Windows\System\bGbTMxG.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\mANTKlC.exe
  C:\Windows\System\mANTKlC.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\LVlgWNE.exe
  C:\Windows\System\LVlgWNE.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\rISXAsG.exe
  C:\Windows\System\rISXAsG.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\xtJoUcG.exe
  C:\Windows\System\xtJoUcG.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\UnOFeHB.exe
  C:\Windows\System\UnOFeHB.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\btEAwgj.exe
  C:\Windows\System\btEAwgj.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\hotPSji.exe
  C:\Windows\System\hotPSji.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\YgWdvfU.exe
  C:\Windows\System\YgWdvfU.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\BmDrWuA.exe
  C:\Windows\System\BmDrWuA.exe
  2⤵
  PID:1188
- C:\Windows\System\PgJeRsg.exe
  C:\Windows\System\PgJeRsg.exe
  2⤵
  PID:2864
- C:\Windows\System\VKSlEMU.exe
  C:\Windows\System\VKSlEMU.exe
  2⤵
  PID:2980
- C:\Windows\System\SEkuKuZ.exe
  C:\Windows\System\SEkuKuZ.exe
  2⤵
  PID:1756
- C:\Windows\System\lMiakEk.exe
  C:\Windows\System\lMiakEk.exe
  2⤵
  PID:948
- C:\Windows\System\vxdONdx.exe
  C:\Windows\System\vxdONdx.exe
  2⤵
  PID:1860
- C:\Windows\System\BWDAJEB.exe
  C:\Windows\System\BWDAJEB.exe
  2⤵
  PID:1620
- C:\Windows\System\MzLGOPU.exe
  C:\Windows\System\MzLGOPU.exe
  2⤵
  PID:1700
- C:\Windows\System\DbWcHhp.exe
  C:\Windows\System\DbWcHhp.exe
  2⤵
  PID:1732
- C:\Windows\System\XguiSBZ.exe
  C:\Windows\System\XguiSBZ.exe
  2⤵
  PID:896
- C:\Windows\System\HPNtFaS.exe
  C:\Windows\System\HPNtFaS.exe
  2⤵
  PID:1768
- C:\Windows\System\fWIWnNL.exe
  C:\Windows\System\fWIWnNL.exe
  2⤵
  PID:1772
- C:\Windows\System\cdgULFt.exe
  C:\Windows\System\cdgULFt.exe
  2⤵
  PID:1536
- C:\Windows\System\OPBDFtt.exe
  C:\Windows\System\OPBDFtt.exe
  2⤵
  PID:3004
- C:\Windows\System\OUsvKDn.exe
  C:\Windows\System\OUsvKDn.exe
  2⤵
  PID:980
- C:\Windows\System\HDezlQT.exe
  C:\Windows\System\HDezlQT.exe
  2⤵
  PID:2420
- C:\Windows\System\ZyJlcmZ.exe
  C:\Windows\System\ZyJlcmZ.exe
  2⤵
  PID:2168
- C:\Windows\System\grgiVew.exe
  C:\Windows\System\grgiVew.exe
  2⤵
  PID:2652
- C:\Windows\System\YHQxosy.exe
  C:\Windows\System\YHQxosy.exe
  2⤵
  PID:1980
- C:\Windows\System\kOQsQWV.exe
  C:\Windows\System\kOQsQWV.exe
  2⤵
  PID:2948
- C:\Windows\System\UOpzcZs.exe
  C:\Windows\System\UOpzcZs.exe
  2⤵
  PID:1580
- C:\Windows\System\Rztoxbq.exe
  C:\Windows\System\Rztoxbq.exe
  2⤵
  PID:1976
- C:\Windows\System\bChzHAx.exe
  C:\Windows\System\bChzHAx.exe
  2⤵
  PID:2680
- C:\Windows\System\YNjyNmL.exe
  C:\Windows\System\YNjyNmL.exe
  2⤵
  PID:2508
- C:\Windows\System\KOPyLvX.exe
  C:\Windows\System\KOPyLvX.exe
  2⤵
  PID:1480
- C:\Windows\System\GwNGYUY.exe
  C:\Windows\System\GwNGYUY.exe
  2⤵
  PID:2080
- C:\Windows\System\RVCgbzw.exe
  C:\Windows\System\RVCgbzw.exe
  2⤵
  PID:764
- C:\Windows\System\nMrfkuV.exe
  C:\Windows\System\nMrfkuV.exe
  2⤵
  PID:1728
- C:\Windows\System\RQQgYgX.exe
  C:\Windows\System\RQQgYgX.exe
  2⤵
  PID:1668
- C:\Windows\System\azViHSX.exe
  C:\Windows\System\azViHSX.exe
  2⤵
  PID:3044
- C:\Windows\System\HlLWveG.exe
  C:\Windows\System\HlLWveG.exe
  2⤵
  PID:808
- C:\Windows\System\DopKyYR.exe
  C:\Windows\System\DopKyYR.exe
  2⤵
  PID:664
- C:\Windows\System\nEqARfS.exe
  C:\Windows\System\nEqARfS.exe
  2⤵
  PID:952
- C:\Windows\System\bzvHpRz.exe
  C:\Windows\System\bzvHpRz.exe
  2⤵
  PID:2024
- C:\Windows\System\MAJRITG.exe
  C:\Windows\System\MAJRITG.exe
  2⤵
  PID:784
- C:\Windows\System\rxZvzNH.exe
  C:\Windows\System\rxZvzNH.exe
  2⤵
  PID:3012
- C:\Windows\System\UIYWsmv.exe
  C:\Windows\System\UIYWsmv.exe
  2⤵
  PID:1816
- C:\Windows\System\EWPKbbq.exe
  C:\Windows\System\EWPKbbq.exe
  2⤵
  PID:1664
- C:\Windows\System\MucgZqA.exe
  C:\Windows\System\MucgZqA.exe
  2⤵
  PID:1748
- C:\Windows\System\diUvmIC.exe
  C:\Windows\System\diUvmIC.exe
  2⤵
  PID:1560
- C:\Windows\System\tcFATlL.exe
  C:\Windows\System\tcFATlL.exe
  2⤵
  PID:2756
- C:\Windows\System\lZrcoLi.exe
  C:\Windows\System\lZrcoLi.exe
  2⤵
  PID:2564
- C:\Windows\System\ycsHyVm.exe
  C:\Windows\System\ycsHyVm.exe
  2⤵
  PID:1236
- C:\Windows\System\pZCVALZ.exe
  C:\Windows\System\pZCVALZ.exe
  2⤵
  PID:2804
- C:\Windows\System\qPYaHsi.exe
  C:\Windows\System\qPYaHsi.exe
  2⤵
  PID:628
- C:\Windows\System\iJHRMXY.exe
  C:\Windows\System\iJHRMXY.exe
  2⤵
  PID:2196
- C:\Windows\System\NhgIyeZ.exe
  C:\Windows\System\NhgIyeZ.exe
  2⤵
  PID:1424
- C:\Windows\System\NsBWAej.exe
  C:\Windows\System\NsBWAej.exe
  2⤵
  PID:2536
- C:\Windows\System\AGpMpbE.exe
  C:\Windows\System\AGpMpbE.exe
  2⤵
  PID:2172
- C:\Windows\System\aNOXcen.exe
  C:\Windows\System\aNOXcen.exe
  2⤵
  PID:2268
- C:\Windows\System\CRcSQPM.exe
  C:\Windows\System\CRcSQPM.exe
  2⤵
  PID:1208
- C:\Windows\System\KenQYFY.exe
  C:\Windows\System\KenQYFY.exe
  2⤵
  PID:996
- C:\Windows\System\hWdUTTm.exe
  C:\Windows\System\hWdUTTm.exe
  2⤵
  PID:2568
- C:\Windows\System\yCAOlXi.exe
  C:\Windows\System\yCAOlXi.exe
  2⤵
  PID:2844
- C:\Windows\System\uPEMRjh.exe
  C:\Windows\System\uPEMRjh.exe
  2⤵
  PID:1692
- C:\Windows\System\GBZLIGj.exe
  C:\Windows\System\GBZLIGj.exe
  2⤵
  PID:1652
- C:\Windows\System\DeJRbbI.exe
  C:\Windows\System\DeJRbbI.exe
  2⤵
  PID:1128
- C:\Windows\System\xtxEotr.exe
  C:\Windows\System\xtxEotr.exe
  2⤵
  PID:1048
- C:\Windows\System\hVcneGV.exe
  C:\Windows\System\hVcneGV.exe
  2⤵
  PID:868
- C:\Windows\System\xawRObn.exe
  C:\Windows\System\xawRObn.exe
  2⤵
  PID:1776
- C:\Windows\System\plYbilr.exe
  C:\Windows\System\plYbilr.exe
  2⤵
  PID:3084
- C:\Windows\System\nhQYcNX.exe
  C:\Windows\System\nhQYcNX.exe
  2⤵
  PID:3104
- C:\Windows\System\rIAhtQk.exe
  C:\Windows\System\rIAhtQk.exe
  2⤵
  PID:3124
- C:\Windows\System\ySzXszA.exe
  C:\Windows\System\ySzXszA.exe
  2⤵
  PID:3144
- C:\Windows\System\wMjfQEW.exe
  C:\Windows\System\wMjfQEW.exe
  2⤵
  PID:3164
- C:\Windows\System\lwKakMq.exe
  C:\Windows\System\lwKakMq.exe
  2⤵
  PID:3184
- C:\Windows\System\ABFLshb.exe
  C:\Windows\System\ABFLshb.exe
  2⤵
  PID:3204
- C:\Windows\System\iUAmpzD.exe
  C:\Windows\System\iUAmpzD.exe
  2⤵
  PID:3224
- C:\Windows\System\jBNqehq.exe
  C:\Windows\System\jBNqehq.exe
  2⤵
  PID:3244
- C:\Windows\System\vVvsyXX.exe
  C:\Windows\System\vVvsyXX.exe
  2⤵
  PID:3264
- C:\Windows\System\fDQIRKs.exe
  C:\Windows\System\fDQIRKs.exe
  2⤵
  PID:3284
- C:\Windows\System\zAdvUaA.exe
  C:\Windows\System\zAdvUaA.exe
  2⤵
  PID:3304
- C:\Windows\System\lboTlSo.exe
  C:\Windows\System\lboTlSo.exe
  2⤵
  PID:3324
- C:\Windows\System\lifVblA.exe
  C:\Windows\System\lifVblA.exe
  2⤵
  PID:3344
- C:\Windows\System\FaAiRbo.exe
  C:\Windows\System\FaAiRbo.exe
  2⤵
  PID:3364
- C:\Windows\System\hhxESWs.exe
  C:\Windows\System\hhxESWs.exe
  2⤵
  PID:3384
- C:\Windows\System\xUpaJxh.exe
  C:\Windows\System\xUpaJxh.exe
  2⤵
  PID:3404
- C:\Windows\System\ZhkotRS.exe
  C:\Windows\System\ZhkotRS.exe
  2⤵
  PID:3424
- C:\Windows\System\pSYYleB.exe
  C:\Windows\System\pSYYleB.exe
  2⤵
  PID:3444
- C:\Windows\System\ghyhjAE.exe
  C:\Windows\System\ghyhjAE.exe
  2⤵
  PID:3464
- C:\Windows\System\PWpXTwx.exe
  C:\Windows\System\PWpXTwx.exe
  2⤵
  PID:3484
- C:\Windows\System\HHfFUyT.exe
  C:\Windows\System\HHfFUyT.exe
  2⤵
  PID:3504
- C:\Windows\System\CgPLWOD.exe
  C:\Windows\System\CgPLWOD.exe
  2⤵
  PID:3524
- C:\Windows\System\FHWAyAK.exe
  C:\Windows\System\FHWAyAK.exe
  2⤵
  PID:3544
- C:\Windows\System\PVAMpph.exe
  C:\Windows\System\PVAMpph.exe
  2⤵
  PID:3564
- C:\Windows\System\gqfAwMB.exe
  C:\Windows\System\gqfAwMB.exe
  2⤵
  PID:3584
- C:\Windows\System\MDqiqur.exe
  C:\Windows\System\MDqiqur.exe
  2⤵
  PID:3604
- C:\Windows\System\JpLpLAy.exe
  C:\Windows\System\JpLpLAy.exe
  2⤵
  PID:3624
- C:\Windows\System\smVlbog.exe
  C:\Windows\System\smVlbog.exe
  2⤵
  PID:3644
- C:\Windows\System\XXNYmss.exe
  C:\Windows\System\XXNYmss.exe
  2⤵
  PID:3664
- C:\Windows\System\isoFoNX.exe
  C:\Windows\System\isoFoNX.exe
  2⤵
  PID:3684
- C:\Windows\System\drhkOzG.exe
  C:\Windows\System\drhkOzG.exe
  2⤵
  PID:3704
- C:\Windows\System\EHjpqcw.exe
  C:\Windows\System\EHjpqcw.exe
  2⤵
  PID:3724
- C:\Windows\System\VMhCaGz.exe
  C:\Windows\System\VMhCaGz.exe
  2⤵
  PID:3744
- C:\Windows\System\lVGOYAS.exe
  C:\Windows\System\lVGOYAS.exe
  2⤵
  PID:3764
- C:\Windows\System\dJmevvR.exe
  C:\Windows\System\dJmevvR.exe
  2⤵
  PID:3784
- C:\Windows\System\GpnyvPm.exe
  C:\Windows\System\GpnyvPm.exe
  2⤵
  PID:3804
- C:\Windows\System\ufxKrbN.exe
  C:\Windows\System\ufxKrbN.exe
  2⤵
  PID:3824
- C:\Windows\System\cMhOahD.exe
  C:\Windows\System\cMhOahD.exe
  2⤵
  PID:3844
- C:\Windows\System\ytCOXXr.exe
  C:\Windows\System\ytCOXXr.exe
  2⤵
  PID:3864
- C:\Windows\System\RUJDajW.exe
  C:\Windows\System\RUJDajW.exe
  2⤵
  PID:3884
- C:\Windows\System\gyazVak.exe
  C:\Windows\System\gyazVak.exe
  2⤵
  PID:3904
- C:\Windows\System\ABYpcjn.exe
  C:\Windows\System\ABYpcjn.exe
  2⤵
  PID:3924
- C:\Windows\System\RjcmXJc.exe
  C:\Windows\System\RjcmXJc.exe
  2⤵
  PID:3944
- C:\Windows\System\BxeQcdm.exe
  C:\Windows\System\BxeQcdm.exe
  2⤵
  PID:3964
- C:\Windows\System\bmkUhul.exe
  C:\Windows\System\bmkUhul.exe
  2⤵
  PID:3984
- C:\Windows\System\geDiPSN.exe
  C:\Windows\System\geDiPSN.exe
  2⤵
  PID:4004
- C:\Windows\System\GayvSyX.exe
  C:\Windows\System\GayvSyX.exe
  2⤵
  PID:4024
- C:\Windows\System\wsfwzKI.exe
  C:\Windows\System\wsfwzKI.exe
  2⤵
  PID:4044
- C:\Windows\System\vwoykOp.exe
  C:\Windows\System\vwoykOp.exe
  2⤵
  PID:4064
- C:\Windows\System\Mygkyhc.exe
  C:\Windows\System\Mygkyhc.exe
  2⤵
  PID:4084
- C:\Windows\System\NiceKHl.exe
  C:\Windows\System\NiceKHl.exe
  2⤵
  PID:2356
- C:\Windows\System\uWeUluN.exe
  C:\Windows\System\uWeUluN.exe
  2⤵
  PID:3036
- C:\Windows\System\PBaGxwg.exe
  C:\Windows\System\PBaGxwg.exe
  2⤵
  PID:2252
- C:\Windows\System\dXAAITT.exe
  C:\Windows\System\dXAAITT.exe
  2⤵
  PID:668
- C:\Windows\System\jPdrDYH.exe
  C:\Windows\System\jPdrDYH.exe
  2⤵
  PID:2724
- C:\Windows\System\SIMvDzg.exe
  C:\Windows\System\SIMvDzg.exe
  2⤵
  PID:3092
- C:\Windows\System\aVyFlGz.exe
  C:\Windows\System\aVyFlGz.exe
  2⤵
  PID:3116
- C:\Windows\System\qiPvXIb.exe
  C:\Windows\System\qiPvXIb.exe
  2⤵
  PID:3152
- C:\Windows\System\oOGRtSF.exe
  C:\Windows\System\oOGRtSF.exe
  2⤵
  PID:3176
- C:\Windows\System\LresjvI.exe
  C:\Windows\System\LresjvI.exe
  2⤵
  PID:3232
- C:\Windows\System\RSMwGNP.exe
  C:\Windows\System\RSMwGNP.exe
  2⤵
  PID:3252
- C:\Windows\System\xTpFffx.exe
  C:\Windows\System\xTpFffx.exe
  2⤵
  PID:3276
- C:\Windows\System\NHIqjSz.exe
  C:\Windows\System\NHIqjSz.exe
  2⤵
  PID:3296
- C:\Windows\System\FdhXWDK.exe
  C:\Windows\System\FdhXWDK.exe
  2⤵
  PID:3360
- C:\Windows\System\sMGEXwq.exe
  C:\Windows\System\sMGEXwq.exe
  2⤵
  PID:3372
- C:\Windows\System\dIsraSR.exe
  C:\Windows\System\dIsraSR.exe
  2⤵
  PID:3432
- C:\Windows\System\ruIkMKY.exe
  C:\Windows\System\ruIkMKY.exe
  2⤵
  PID:2552
- C:\Windows\System\XwCTHcj.exe
  C:\Windows\System\XwCTHcj.exe
  2⤵
  PID:3460
- C:\Windows\System\ltJJcYy.exe
  C:\Windows\System\ltJJcYy.exe
  2⤵
  PID:3512
- C:\Windows\System\IqHbPlT.exe
  C:\Windows\System\IqHbPlT.exe
  2⤵
  PID:3540
- C:\Windows\System\VDOzmtX.exe
  C:\Windows\System\VDOzmtX.exe
  2⤵
  PID:3556
- C:\Windows\System\fLCQEqh.exe
  C:\Windows\System\fLCQEqh.exe
  2⤵
  PID:3600
- C:\Windows\System\rxjHlTj.exe
  C:\Windows\System\rxjHlTj.exe
  2⤵
  PID:3640
- C:\Windows\System\hUNZXFX.exe
  C:\Windows\System\hUNZXFX.exe
  2⤵
  PID:3652
- C:\Windows\System\MeKKCwQ.exe
  C:\Windows\System\MeKKCwQ.exe
  2⤵
  PID:3712
- C:\Windows\System\IKDHFgd.exe
  C:\Windows\System\IKDHFgd.exe
  2⤵
  PID:3696
- C:\Windows\System\GeDmAfv.exe
  C:\Windows\System\GeDmAfv.exe
  2⤵
  PID:3760
- C:\Windows\System\yvCyWns.exe
  C:\Windows\System\yvCyWns.exe
  2⤵
  PID:3796
- C:\Windows\System\TYAODEd.exe
  C:\Windows\System\TYAODEd.exe
  2⤵
  PID:3820
- C:\Windows\System\QOyrnxn.exe
  C:\Windows\System\QOyrnxn.exe
  2⤵
  PID:3872
- C:\Windows\System\kOgOoWW.exe
  C:\Windows\System\kOgOoWW.exe
  2⤵
  PID:3856
- C:\Windows\System\kfNXWFC.exe
  C:\Windows\System\kfNXWFC.exe
  2⤵
  PID:3900
- C:\Windows\System\ftRZkdW.exe
  C:\Windows\System\ftRZkdW.exe
  2⤵
  PID:3960
- C:\Windows\System\pWnVUfw.exe
  C:\Windows\System\pWnVUfw.exe
  2⤵
  PID:3972
- C:\Windows\System\BPcijmr.exe
  C:\Windows\System\BPcijmr.exe
  2⤵
  PID:3996
- C:\Windows\System\uGVUTQd.exe
  C:\Windows\System\uGVUTQd.exe
  2⤵
  PID:4016
- C:\Windows\System\ZLttbwT.exe
  C:\Windows\System\ZLttbwT.exe
  2⤵
  PID:4056
- C:\Windows\System\jmiMOAf.exe
  C:\Windows\System\jmiMOAf.exe
  2⤵
  PID:2692
- C:\Windows\System\AhipgnT.exe
  C:\Windows\System\AhipgnT.exe
  2⤵
  PID:2156
- C:\Windows\System\OEEyyWE.exe
  C:\Windows\System\OEEyyWE.exe
  2⤵
  PID:1148
- C:\Windows\System\wKRLxXX.exe
  C:\Windows\System\wKRLxXX.exe
  2⤵
  PID:3032
- C:\Windows\System\LNZMSTA.exe
  C:\Windows\System\LNZMSTA.exe
  2⤵
  PID:2660
- C:\Windows\System\yvocwUh.exe
  C:\Windows\System\yvocwUh.exe
  2⤵
  PID:3196
- C:\Windows\System\JWZIaCw.exe
  C:\Windows\System\JWZIaCw.exe
  2⤵
  PID:3220
- C:\Windows\System\EmXdyRJ.exe
  C:\Windows\System\EmXdyRJ.exe
  2⤵
  PID:3260
- C:\Windows\System\cDxUYYV.exe
  C:\Windows\System\cDxUYYV.exe
  2⤵
  PID:3320
- C:\Windows\System\MVFnvMl.exe
  C:\Windows\System\MVFnvMl.exe
  2⤵
  PID:3396
- C:\Windows\System\LFPuaLF.exe
  C:\Windows\System\LFPuaLF.exe
  2⤵
  PID:1440
- C:\Windows\System\ckBwEzy.exe
  C:\Windows\System\ckBwEzy.exe
  2⤵
  PID:3516
- C:\Windows\System\SGSFYTs.exe
  C:\Windows\System\SGSFYTs.exe
  2⤵
  PID:2672
- C:\Windows\System\cBOsIgH.exe
  C:\Windows\System\cBOsIgH.exe
  2⤵
  PID:3580
- C:\Windows\System\ZyZejHO.exe
  C:\Windows\System\ZyZejHO.exe
  2⤵
  PID:3672
- C:\Windows\System\SEQpRyZ.exe
  C:\Windows\System\SEQpRyZ.exe
  2⤵
  PID:3656
- C:\Windows\System\ddymQjd.exe
  C:\Windows\System\ddymQjd.exe
  2⤵
  PID:3756
- C:\Windows\System\tuSMijm.exe
  C:\Windows\System\tuSMijm.exe
  2⤵
  PID:2880
- C:\Windows\System\jscCupJ.exe
  C:\Windows\System\jscCupJ.exe
  2⤵
  PID:3836
- C:\Windows\System\zSydzJH.exe
  C:\Windows\System\zSydzJH.exe
  2⤵
  PID:3860
- C:\Windows\System\OOktziv.exe
  C:\Windows\System\OOktziv.exe
  2⤵
  PID:3952
- C:\Windows\System\zpEiesB.exe
  C:\Windows\System\zpEiesB.exe
  2⤵
  PID:4000
- C:\Windows\System\DpRDbSB.exe
  C:\Windows\System\DpRDbSB.exe
  2⤵
  PID:4052
- C:\Windows\System\WDbxHDz.exe
  C:\Windows\System\WDbxHDz.exe
  2⤵
  PID:4060
- C:\Windows\System\QWyMrrs.exe
  C:\Windows\System\QWyMrrs.exe
  2⤵
  PID:2336
- C:\Windows\System\zLTMSaQ.exe
  C:\Windows\System\zLTMSaQ.exe
  2⤵
  PID:2052
- C:\Windows\System\XPSlciz.exe
  C:\Windows\System\XPSlciz.exe
  2⤵
  PID:3140
- C:\Windows\System\zFXsnrT.exe
  C:\Windows\System\zFXsnrT.exe
  2⤵
  PID:3256
- C:\Windows\System\hKQBryZ.exe
  C:\Windows\System\hKQBryZ.exe
  2⤵
  PID:3216
- C:\Windows\System\JqlSmRf.exe
  C:\Windows\System\JqlSmRf.exe
  2⤵
  PID:3376
- C:\Windows\System\eekwHPI.exe
  C:\Windows\System\eekwHPI.exe
  2⤵
  PID:3416
- C:\Windows\System\TvAylgZ.exe
  C:\Windows\System\TvAylgZ.exe
  2⤵
  PID:3476
- C:\Windows\System\OwGoVGe.exe
  C:\Windows\System\OwGoVGe.exe
  2⤵
  PID:2460
- C:\Windows\System\tMuknZe.exe
  C:\Windows\System\tMuknZe.exe
  2⤵
  PID:3700
- C:\Windows\System\mwcPHOI.exe
  C:\Windows\System\mwcPHOI.exe
  2⤵
  PID:3752
- C:\Windows\System\sRSyNKV.exe
  C:\Windows\System\sRSyNKV.exe
  2⤵
  PID:3812
- C:\Windows\System\oHFoFYQ.exe
  C:\Windows\System\oHFoFYQ.exe
  2⤵
  PID:3916
- C:\Windows\System\ndDlYkp.exe
  C:\Windows\System\ndDlYkp.exe
  2⤵
  PID:3980
- C:\Windows\System\PveiRtj.exe
  C:\Windows\System\PveiRtj.exe
  2⤵
  PID:2700
- C:\Windows\System\VUeHqUa.exe
  C:\Windows\System\VUeHqUa.exe
  2⤵
  PID:2624
- C:\Windows\System\OahqzFC.exe
  C:\Windows\System\OahqzFC.exe
  2⤵
  PID:2540
- C:\Windows\System\NHRBrFI.exe
  C:\Windows\System\NHRBrFI.exe
  2⤵
  PID:3340
- C:\Windows\System\vgdKWCu.exe
  C:\Windows\System\vgdKWCu.exe
  2⤵
  PID:3392
- C:\Windows\System\ZbrYtZC.exe
  C:\Windows\System\ZbrYtZC.exe
  2⤵
  PID:3612
- C:\Windows\System\yxdcBVf.exe
  C:\Windows\System\yxdcBVf.exe
  2⤵
  PID:2816
- C:\Windows\System\nkgmHAj.exe
  C:\Windows\System\nkgmHAj.exe
  2⤵
  PID:3792
- C:\Windows\System\PMYCrJM.exe
  C:\Windows\System\PMYCrJM.exe
  2⤵
  PID:3876
- C:\Windows\System\NGFwxRn.exe
  C:\Windows\System\NGFwxRn.exe
  2⤵
  PID:2684
- C:\Windows\System\FLHRiaV.exe
  C:\Windows\System\FLHRiaV.exe
  2⤵
  PID:2688
- C:\Windows\System\kkbmWgu.exe
  C:\Windows\System\kkbmWgu.exe
  2⤵
  PID:2648
- C:\Windows\System\fBZOMCo.exe
  C:\Windows\System\fBZOMCo.exe
  2⤵
  PID:572
- C:\Windows\System\EadrdqG.exe
  C:\Windows\System\EadrdqG.exe
  2⤵
  PID:2480
- C:\Windows\System\OsQgDMu.exe
  C:\Windows\System\OsQgDMu.exe
  2⤵
  PID:2796
- C:\Windows\System\FHWdNZw.exe
  C:\Windows\System\FHWdNZw.exe
  2⤵
  PID:1144
- C:\Windows\System\JFrMbnk.exe
  C:\Windows\System\JFrMbnk.exe
  2⤵
  PID:2824
- C:\Windows\System\VzntucZ.exe
  C:\Windows\System\VzntucZ.exe
  2⤵
  PID:2764
- C:\Windows\System\hBiuGsh.exe
  C:\Windows\System\hBiuGsh.exe
  2⤵
  PID:3492
- C:\Windows\System\qDdYdhN.exe
  C:\Windows\System\qDdYdhN.exe
  2⤵
  PID:2992
- C:\Windows\System\frIaJvn.exe
  C:\Windows\System\frIaJvn.exe
  2⤵
  PID:2392
- C:\Windows\System\RTLNuBd.exe
  C:\Windows\System\RTLNuBd.exe
  2⤵
  PID:3020
- C:\Windows\System\IBNoIAC.exe
  C:\Windows\System\IBNoIAC.exe
  2⤵
  PID:3620
- C:\Windows\System\VacyqiE.exe
  C:\Windows\System\VacyqiE.exe
  2⤵
  PID:2784
- C:\Windows\System\QSmItSU.exe
  C:\Windows\System\QSmItSU.exe
  2⤵
  PID:1784
- C:\Windows\System\aHxXOdm.exe
  C:\Windows\System\aHxXOdm.exe
  2⤵
  PID:2872
- C:\Windows\System\mJDuTHK.exe
  C:\Windows\System\mJDuTHK.exe
  2⤵
  PID:2612
- C:\Windows\System\brmHHQs.exe
  C:\Windows\System\brmHHQs.exe
  2⤵
  PID:2668
- C:\Windows\System\gAHfNTV.exe
  C:\Windows\System\gAHfNTV.exe
  2⤵
  PID:3172
- C:\Windows\System\suXLUkd.exe
  C:\Windows\System\suXLUkd.exe
  2⤵
  PID:3892
- C:\Windows\System\KDKYXLk.exe
  C:\Windows\System\KDKYXLk.exe
  2⤵
  PID:4072
- C:\Windows\System\IZCzKrP.exe
  C:\Windows\System\IZCzKrP.exe
  2⤵
  PID:2852
- C:\Windows\System\zclzcny.exe
  C:\Windows\System\zclzcny.exe
  2⤵
  PID:4012
- C:\Windows\System\SdDrPCA.exe
  C:\Windows\System\SdDrPCA.exe
  2⤵
  PID:2868
- C:\Windows\System\rmHyanA.exe
  C:\Windows\System\rmHyanA.exe
  2⤵
  PID:2104
- C:\Windows\System\PCuEajT.exe
  C:\Windows\System\PCuEajT.exe
  2⤵
  PID:1064
- C:\Windows\System\JJBcnML.exe
  C:\Windows\System\JJBcnML.exe
  2⤵
  PID:3632
- C:\Windows\System\ygINIqx.exe
  C:\Windows\System\ygINIqx.exe
  2⤵
  PID:1092
- C:\Windows\System\NuCEvdi.exe
  C:\Windows\System\NuCEvdi.exe
  2⤵
  PID:3976
- C:\Windows\System\vtLlZWu.exe
  C:\Windows\System\vtLlZWu.exe
  2⤵
  PID:2752
- C:\Windows\System\FxcchRZ.exe
  C:\Windows\System\FxcchRZ.exe
  2⤵
  PID:3576
- C:\Windows\System\BuDgOPW.exe
  C:\Windows\System\BuDgOPW.exe
  2⤵
  PID:4120
- C:\Windows\System\qkPYaDa.exe
  C:\Windows\System\qkPYaDa.exe
  2⤵
  PID:4140
- C:\Windows\System\VhzGspL.exe
  C:\Windows\System\VhzGspL.exe
  2⤵
  PID:4156
- C:\Windows\System\ISuHhdD.exe
  C:\Windows\System\ISuHhdD.exe
  2⤵
  PID:4172
- C:\Windows\System\jTwqUEX.exe
  C:\Windows\System\jTwqUEX.exe
  2⤵
  PID:4188
- C:\Windows\System\WKLawdn.exe
  C:\Windows\System\WKLawdn.exe
  2⤵
  PID:4212
- C:\Windows\System\YVvfDGX.exe
  C:\Windows\System\YVvfDGX.exe
  2⤵
  PID:4228
- C:\Windows\System\BfejsqC.exe
  C:\Windows\System\BfejsqC.exe
  2⤵
  PID:4248
- C:\Windows\System\aLNExWz.exe
  C:\Windows\System\aLNExWz.exe
  2⤵
  PID:4264
- C:\Windows\System\uGTuXEV.exe
  C:\Windows\System\uGTuXEV.exe
  2⤵
  PID:4280
- C:\Windows\System\kZvaSnb.exe
  C:\Windows\System\kZvaSnb.exe
  2⤵
  PID:4296
- C:\Windows\System\zgNeUop.exe
  C:\Windows\System\zgNeUop.exe
  2⤵
  PID:4328
- C:\Windows\System\LphYdrn.exe
  C:\Windows\System\LphYdrn.exe
  2⤵
  PID:4348
- C:\Windows\System\jpDGLrB.exe
  C:\Windows\System\jpDGLrB.exe
  2⤵
  PID:4372
- C:\Windows\System\iZrCkjK.exe
  C:\Windows\System\iZrCkjK.exe
  2⤵
  PID:4392
- C:\Windows\System\NrqPvuO.exe
  C:\Windows\System\NrqPvuO.exe
  2⤵
  PID:4408
- C:\Windows\System\ErpmVKO.exe
  C:\Windows\System\ErpmVKO.exe
  2⤵
  PID:4432
- C:\Windows\System\UNLgitm.exe
  C:\Windows\System\UNLgitm.exe
  2⤵
  PID:4452
- C:\Windows\System\hSeAHnt.exe
  C:\Windows\System\hSeAHnt.exe
  2⤵
  PID:4480
- C:\Windows\System\KTKAZjk.exe
  C:\Windows\System\KTKAZjk.exe
  2⤵
  PID:4500
- C:\Windows\System\NxJOyKR.exe
  C:\Windows\System\NxJOyKR.exe
  2⤵
  PID:4516
- C:\Windows\System\soIUAbP.exe
  C:\Windows\System\soIUAbP.exe
  2⤵
  PID:4536
- C:\Windows\System\DWNGqfn.exe
  C:\Windows\System\DWNGqfn.exe
  2⤵
  PID:4556
- C:\Windows\System\UxCenpB.exe
  C:\Windows\System\UxCenpB.exe
  2⤵
  PID:4572
- C:\Windows\System\SUkeqHU.exe
  C:\Windows\System\SUkeqHU.exe
  2⤵
  PID:4600
- C:\Windows\System\idwDLKr.exe
  C:\Windows\System\idwDLKr.exe
  2⤵
  PID:4624
- C:\Windows\System\iGNbSnS.exe
  C:\Windows\System\iGNbSnS.exe
  2⤵
  PID:4640
- C:\Windows\System\BXfSYQt.exe
  C:\Windows\System\BXfSYQt.exe
  2⤵
  PID:4656
- C:\Windows\System\mCZWiwF.exe
  C:\Windows\System\mCZWiwF.exe
  2⤵
  PID:4676
- C:\Windows\System\OtRyNoq.exe
  C:\Windows\System\OtRyNoq.exe
  2⤵
  PID:4692
- C:\Windows\System\XNqWOvp.exe
  C:\Windows\System\XNqWOvp.exe
  2⤵
  PID:4708
- C:\Windows\System\cQoQGoq.exe
  C:\Windows\System\cQoQGoq.exe
  2⤵
  PID:4724
- C:\Windows\System\AZxSWrC.exe
  C:\Windows\System\AZxSWrC.exe
  2⤵
  PID:4752
- C:\Windows\System\yJasoym.exe
  C:\Windows\System\yJasoym.exe
  2⤵
  PID:4776
- C:\Windows\System\tchuqTh.exe
  C:\Windows\System\tchuqTh.exe
  2⤵
  PID:4800
- C:\Windows\System\JllIfNx.exe
  C:\Windows\System\JllIfNx.exe
  2⤵
  PID:4816
- C:\Windows\System\lUNMUUd.exe
  C:\Windows\System\lUNMUUd.exe
  2⤵
  PID:4832
- C:\Windows\System\hfCSnJm.exe
  C:\Windows\System\hfCSnJm.exe
  2⤵
  PID:4852
- C:\Windows\System\deNzCfm.exe
  C:\Windows\System\deNzCfm.exe
  2⤵
  PID:4872
- C:\Windows\System\pZcGEfm.exe
  C:\Windows\System\pZcGEfm.exe
  2⤵
  PID:4888
- C:\Windows\System\oZkYfBY.exe
  C:\Windows\System\oZkYfBY.exe
  2⤵
  PID:4920
- C:\Windows\System\wZJUkXV.exe
  C:\Windows\System\wZJUkXV.exe
  2⤵
  PID:4944
- C:\Windows\System\tTLLAlf.exe
  C:\Windows\System\tTLLAlf.exe
  2⤵
  PID:4960
- C:\Windows\System\qonCCCC.exe
  C:\Windows\System\qonCCCC.exe
  2⤵
  PID:4980
- C:\Windows\System\kbwqAFJ.exe
  C:\Windows\System\kbwqAFJ.exe
  2⤵
  PID:4996
- C:\Windows\System\mMVINDH.exe
  C:\Windows\System\mMVINDH.exe
  2⤵
  PID:5024
- C:\Windows\System\WyEhyBq.exe
  C:\Windows\System\WyEhyBq.exe
  2⤵
  PID:5040
- C:\Windows\System\pfauuHt.exe
  C:\Windows\System\pfauuHt.exe
  2⤵
  PID:5056
- C:\Windows\System\KmKtGkZ.exe
  C:\Windows\System\KmKtGkZ.exe
  2⤵
  PID:5072
- C:\Windows\System\nVgbAKb.exe
  C:\Windows\System\nVgbAKb.exe
  2⤵
  PID:5096
- C:\Windows\System\DpTRgyN.exe
  C:\Windows\System\DpTRgyN.exe
  2⤵
  PID:5116
- C:\Windows\System\bIgQLaU.exe
  C:\Windows\System\bIgQLaU.exe
  2⤵
  PID:2012
- C:\Windows\System\riseHiw.exe
  C:\Windows\System\riseHiw.exe
  2⤵
  PID:2600
- C:\Windows\System\QxExSNL.exe
  C:\Windows\System\QxExSNL.exe
  2⤵
  PID:4116
- C:\Windows\System\nUjNkya.exe
  C:\Windows\System\nUjNkya.exe
  2⤵
  PID:4196
- C:\Windows\System\aBEkeTN.exe
  C:\Windows\System\aBEkeTN.exe
  2⤵
  PID:4200
- C:\Windows\System\sHwaDLG.exe
  C:\Windows\System\sHwaDLG.exe
  2⤵
  PID:4240
- C:\Windows\System\sSQfdiw.exe
  C:\Windows\System\sSQfdiw.exe
  2⤵
  PID:4304
- C:\Windows\System\yidukgw.exe
  C:\Windows\System\yidukgw.exe
  2⤵
  PID:4364
- C:\Windows\System\ckoSdCA.exe
  C:\Windows\System\ckoSdCA.exe
  2⤵
  PID:4400
- C:\Windows\System\qmaEJBE.exe
  C:\Windows\System\qmaEJBE.exe
  2⤵
  PID:4340
- C:\Windows\System\xKfwEhb.exe
  C:\Windows\System\xKfwEhb.exe
  2⤵
  PID:4444
- C:\Windows\System\wbmljnG.exe
  C:\Windows\System\wbmljnG.exe
  2⤵
  PID:4256
- C:\Windows\System\LeCZHeK.exe
  C:\Windows\System\LeCZHeK.exe
  2⤵
  PID:4388
- C:\Windows\System\BZYtQdL.exe
  C:\Windows\System\BZYtQdL.exe
  2⤵
  PID:4428
- C:\Windows\System\lwSxhys.exe
  C:\Windows\System\lwSxhys.exe
  2⤵
  PID:4492
- C:\Windows\System\egeMlNv.exe
  C:\Windows\System\egeMlNv.exe
  2⤵
  PID:4532
- C:\Windows\System\wgJSbCH.exe
  C:\Windows\System\wgJSbCH.exe
  2⤵
  PID:4476
- C:\Windows\System\NdMREYA.exe
  C:\Windows\System\NdMREYA.exe
  2⤵
  PID:4544
- C:\Windows\System\fqXAsti.exe
  C:\Windows\System\fqXAsti.exe
  2⤵
  PID:4588
- C:\Windows\System\YnhyRgt.exe
  C:\Windows\System\YnhyRgt.exe
  2⤵
  PID:4608
- C:\Windows\System\hReFtBU.exe
  C:\Windows\System\hReFtBU.exe
  2⤵
  PID:4636
- C:\Windows\System\PzsctuV.exe
  C:\Windows\System\PzsctuV.exe
  2⤵
  PID:4688
- C:\Windows\System\fjXwABo.exe
  C:\Windows\System\fjXwABo.exe
  2⤵
  PID:4740
- C:\Windows\System\uUPFYTs.exe
  C:\Windows\System\uUPFYTs.exe
  2⤵
  PID:4700
- C:\Windows\System\uQmpykO.exe
  C:\Windows\System\uQmpykO.exe
  2⤵
  PID:4792
- C:\Windows\System\CYhTXLc.exe
  C:\Windows\System\CYhTXLc.exe
  2⤵
  PID:4840
- C:\Windows\System\CQLYdjv.exe
  C:\Windows\System\CQLYdjv.exe
  2⤵
  PID:4848
- C:\Windows\System\JiAktMn.exe
  C:\Windows\System\JiAktMn.exe
  2⤵
  PID:4900
- C:\Windows\System\TlAVTVp.exe
  C:\Windows\System\TlAVTVp.exe
  2⤵
  PID:4916
- C:\Windows\System\havffqX.exe
  C:\Windows\System\havffqX.exe
  2⤵
  PID:4932
- C:\Windows\System\zkzOrnX.exe
  C:\Windows\System\zkzOrnX.exe
  2⤵
  PID:5004
- C:\Windows\System\lkERtCz.exe
  C:\Windows\System\lkERtCz.exe
  2⤵
  PID:5048
- C:\Windows\System\qgxyOof.exe
  C:\Windows\System\qgxyOof.exe
  2⤵
  PID:4992
- C:\Windows\System\FuLEvZf.exe
  C:\Windows\System\FuLEvZf.exe
  2⤵
  PID:4952
- C:\Windows\System\dQdZWgu.exe
  C:\Windows\System\dQdZWgu.exe
  2⤵
  PID:5112
- C:\Windows\System\OgtlEyH.exe
  C:\Windows\System\OgtlEyH.exe
  2⤵
  PID:5068
- C:\Windows\System\KscstiU.exe
  C:\Windows\System\KscstiU.exe
  2⤵
  PID:4108
- C:\Windows\System\OsEgpUK.exe
  C:\Windows\System\OsEgpUK.exe
  2⤵
  PID:4132
- C:\Windows\System\wmCvEuS.exe
  C:\Windows\System\wmCvEuS.exe
  2⤵
  PID:4208
- C:\Windows\System\PYiVGeq.exe
  C:\Windows\System\PYiVGeq.exe
  2⤵
  PID:4152
- C:\Windows\System\gmeyjvU.exe
  C:\Windows\System\gmeyjvU.exe
  2⤵
  PID:2744
- C:\Windows\System\dTnzTTV.exe
  C:\Windows\System\dTnzTTV.exe
  2⤵
  PID:4180
- C:\Windows\System\eViMDdI.exe
  C:\Windows\System\eViMDdI.exe
  2⤵
  PID:1600
- C:\Windows\System\uPHNaiI.exe
  C:\Windows\System\uPHNaiI.exe
  2⤵
  PID:3480
- C:\Windows\System\DGAcKTl.exe
  C:\Windows\System\DGAcKTl.exe
  2⤵
  PID:4552
- C:\Windows\System\ADNByCo.exe
  C:\Windows\System\ADNByCo.exe
  2⤵
  PID:4720
- C:\Windows\System\ocNWPds.exe
  C:\Windows\System\ocNWPds.exe
  2⤵
  PID:4772
- C:\Windows\System\yHgnUYu.exe
  C:\Windows\System\yHgnUYu.exe
  2⤵
  PID:4184
- C:\Windows\System\nwOXzRB.exe
  C:\Windows\System\nwOXzRB.exe
  2⤵
  PID:4684
- C:\Windows\System\EXrHKRd.exe
  C:\Windows\System\EXrHKRd.exe
  2⤵
  PID:4844
- C:\Windows\System\MhYAGAh.exe
  C:\Windows\System\MhYAGAh.exe
  2⤵
  PID:4976
- C:\Windows\System\ojWEnlo.exe
  C:\Windows\System\ojWEnlo.exe
  2⤵
  PID:5104
- C:\Windows\System\oLDBdiR.exe
  C:\Windows\System\oLDBdiR.exe
  2⤵
  PID:4104
- C:\Windows\System\KHekDRC.exe
  C:\Windows\System\KHekDRC.exe
  2⤵
  PID:4440
- C:\Windows\System\KzXZzGa.exe
  C:\Windows\System\KzXZzGa.exe
  2⤵
  PID:4760
- C:\Windows\System\VfHGxrw.exe
  C:\Windows\System\VfHGxrw.exe
  2⤵
  PID:4148
- C:\Windows\System\mwoeJGg.exe
  C:\Windows\System\mwoeJGg.exe
  2⤵
  PID:4308
- C:\Windows\System\ZsUjqge.exe
  C:\Windows\System\ZsUjqge.exe
  2⤵
  PID:4616
- C:\Windows\System\dvVIwXL.exe
  C:\Windows\System\dvVIwXL.exe
  2⤵
  PID:2596
- C:\Windows\System\errWNnV.exe
  C:\Windows\System\errWNnV.exe
  2⤵
  PID:5020
- C:\Windows\System\LHtrYwj.exe
  C:\Windows\System\LHtrYwj.exe
  2⤵
  PID:4448
- C:\Windows\System\vtooVJH.exe
  C:\Windows\System\vtooVJH.exe
  2⤵
  PID:4424
- C:\Windows\System\eePjmEc.exe
  C:\Windows\System\eePjmEc.exe
  2⤵
  PID:4596
- C:\Windows\System\fntDwzo.exe
  C:\Windows\System\fntDwzo.exe
  2⤵
  PID:5032
- C:\Windows\System\NANpSyr.exe
  C:\Windows\System\NANpSyr.exe
  2⤵
  PID:4472
- C:\Windows\System\ABoEhfQ.exe
  C:\Windows\System\ABoEhfQ.exe
  2⤵
  PID:3920
- C:\Windows\System\bTjirhY.exe
  C:\Windows\System\bTjirhY.exe
  2⤵
  PID:4956
- C:\Windows\System\QZUxaQK.exe
  C:\Windows\System\QZUxaQK.exe
  2⤵
  PID:4748
- C:\Windows\System\fHezMsR.exe
  C:\Windows\System\fHezMsR.exe
  2⤵
  PID:4128
- C:\Windows\System\DdSphfX.exe
  C:\Windows\System\DdSphfX.exe
  2⤵
  PID:4488
- C:\Windows\System\jzHmcQp.exe
  C:\Windows\System\jzHmcQp.exe
  2⤵
  PID:4528
- C:\Windows\System\RioZMeI.exe
  C:\Windows\System\RioZMeI.exe
  2⤵
  PID:2968
- C:\Windows\System\unYcuSx.exe
  C:\Windows\System\unYcuSx.exe
  2⤵
  PID:4164
- C:\Windows\System\UNrCijh.exe
  C:\Windows\System\UNrCijh.exe
  2⤵
  PID:4320
- C:\Windows\System\MZZNPLD.exe
  C:\Windows\System\MZZNPLD.exe
  2⤵
  PID:4316
- C:\Windows\System\sGoyYTQ.exe
  C:\Windows\System\sGoyYTQ.exe
  2⤵
  PID:4788
- C:\Windows\System\fgftVvo.exe
  C:\Windows\System\fgftVvo.exe
  2⤵
  PID:4828
- C:\Windows\System\dnpuwRy.exe
  C:\Windows\System\dnpuwRy.exe
  2⤵
  PID:5124
- C:\Windows\System\nmwMXaP.exe
  C:\Windows\System\nmwMXaP.exe
  2⤵
  PID:5144
- C:\Windows\System\XzBXrqC.exe
  C:\Windows\System\XzBXrqC.exe
  2⤵
  PID:5160
- C:\Windows\System\wSNEXBi.exe
  C:\Windows\System\wSNEXBi.exe
  2⤵
  PID:5176
- C:\Windows\System\mdIkFPz.exe
  C:\Windows\System\mdIkFPz.exe
  2⤵
  PID:5192
- C:\Windows\System\YuByFnZ.exe
  C:\Windows\System\YuByFnZ.exe
  2⤵
  PID:5208
- C:\Windows\System\yWyAmSw.exe
  C:\Windows\System\yWyAmSw.exe
  2⤵
  PID:5224
- C:\Windows\System\TGBiiEr.exe
  C:\Windows\System\TGBiiEr.exe
  2⤵
  PID:5300
- C:\Windows\System\vDdYMQj.exe
  C:\Windows\System\vDdYMQj.exe
  2⤵
  PID:5316
- C:\Windows\System\ZynUpaf.exe
  C:\Windows\System\ZynUpaf.exe
  2⤵
  PID:5336
- C:\Windows\System\XCJFgwV.exe
  C:\Windows\System\XCJFgwV.exe
  2⤵
  PID:5356
- C:\Windows\System\KDPrXVK.exe
  C:\Windows\System\KDPrXVK.exe
  2⤵
  PID:5372
- C:\Windows\System\KvVVxeh.exe
  C:\Windows\System\KvVVxeh.exe
  2⤵
  PID:5388
- C:\Windows\System\sCcHqIF.exe
  C:\Windows\System\sCcHqIF.exe
  2⤵
  PID:5404
- C:\Windows\System\KlYsrMN.exe
  C:\Windows\System\KlYsrMN.exe
  2⤵
  PID:5420
- C:\Windows\System\OJFlDcJ.exe
  C:\Windows\System\OJFlDcJ.exe
  2⤵
  PID:5440
- C:\Windows\System\ZNBgTQu.exe
  C:\Windows\System\ZNBgTQu.exe
  2⤵
  PID:5460
- C:\Windows\System\xkGzNhK.exe
  C:\Windows\System\xkGzNhK.exe
  2⤵
  PID:5476
- C:\Windows\System\VqjOZDw.exe
  C:\Windows\System\VqjOZDw.exe
  2⤵
  PID:5492
- C:\Windows\System\DyhQAwp.exe
  C:\Windows\System\DyhQAwp.exe
  2⤵
  PID:5508
- C:\Windows\System\HuJpbcZ.exe
  C:\Windows\System\HuJpbcZ.exe
  2⤵
  PID:5524
- C:\Windows\System\KfOrezP.exe
  C:\Windows\System\KfOrezP.exe
  2⤵
  PID:5580
- C:\Windows\System\qQljDII.exe
  C:\Windows\System\qQljDII.exe
  2⤵
  PID:5600
- C:\Windows\System\bxmBXmB.exe
  C:\Windows\System\bxmBXmB.exe
  2⤵
  PID:5616
- C:\Windows\System\bkwYmmi.exe
  C:\Windows\System\bkwYmmi.exe
  2⤵
  PID:5632
- C:\Windows\System\EpPVBLd.exe
  C:\Windows\System\EpPVBLd.exe
  2⤵
  PID:5648
- C:\Windows\System\gigoVgC.exe
  C:\Windows\System\gigoVgC.exe
  2⤵
  PID:5664
- C:\Windows\System\mVnbNgW.exe
  C:\Windows\System\mVnbNgW.exe
  2⤵
  PID:5688
- C:\Windows\System\OlgHoFa.exe
  C:\Windows\System\OlgHoFa.exe
  2⤵
  PID:5704
- C:\Windows\System\RoBjPXa.exe
  C:\Windows\System\RoBjPXa.exe
  2⤵
  PID:5720
- C:\Windows\System\WjbWKIM.exe
  C:\Windows\System\WjbWKIM.exe
  2⤵
  PID:5736
- C:\Windows\System\gZGrqOe.exe
  C:\Windows\System\gZGrqOe.exe
  2⤵
  PID:5752
- C:\Windows\System\gdwoDKB.exe
  C:\Windows\System\gdwoDKB.exe
  2⤵
  PID:5772
- C:\Windows\System\tpDTRQg.exe
  C:\Windows\System\tpDTRQg.exe
  2⤵
  PID:5792
- C:\Windows\System\PRccnur.exe
  C:\Windows\System\PRccnur.exe
  2⤵
  PID:5808
- C:\Windows\System\ikcmybM.exe
  C:\Windows\System\ikcmybM.exe
  2⤵
  PID:5824
- C:\Windows\System\yLcMRyi.exe
  C:\Windows\System\yLcMRyi.exe
  2⤵
  PID:5876
- C:\Windows\System\nysWahz.exe
  C:\Windows\System\nysWahz.exe
  2⤵
  PID:5896
- C:\Windows\System\OJnXpCU.exe
  C:\Windows\System\OJnXpCU.exe
  2⤵
  PID:5916
- C:\Windows\System\xaCAalZ.exe
  C:\Windows\System\xaCAalZ.exe
  2⤵
  PID:5940
- C:\Windows\System\NANpsdo.exe
  C:\Windows\System\NANpsdo.exe
  2⤵
  PID:5956
- C:\Windows\System\FHoQqUz.exe
  C:\Windows\System\FHoQqUz.exe
  2⤵
  PID:5972
- C:\Windows\System\YHfuYXo.exe
  C:\Windows\System\YHfuYXo.exe
  2⤵
  PID:6004
- C:\Windows\System\GrmLXxS.exe
  C:\Windows\System\GrmLXxS.exe
  2⤵
  PID:6024
- C:\Windows\System\RawionB.exe
  C:\Windows\System\RawionB.exe
  2⤵
  PID:6040
- C:\Windows\System\kxDJSdO.exe
  C:\Windows\System\kxDJSdO.exe
  2⤵
  PID:6056
- C:\Windows\System\MCBahWi.exe
  C:\Windows\System\MCBahWi.exe
  2⤵
  PID:6072
- C:\Windows\System\ADTLSJJ.exe
  C:\Windows\System\ADTLSJJ.exe
  2⤵
  PID:6092
- C:\Windows\System\ksDLmbc.exe
  C:\Windows\System\ksDLmbc.exe
  2⤵
  PID:6108
- C:\Windows\System\LlKVHuv.exe
  C:\Windows\System\LlKVHuv.exe
  2⤵
  PID:6124
- C:\Windows\System\fxBTxob.exe
  C:\Windows\System\fxBTxob.exe
  2⤵
  PID:5012
- C:\Windows\System\zrQUrFZ.exe
  C:\Windows\System\zrQUrFZ.exe
  2⤵
  PID:1040
- C:\Windows\System\vVLMcQu.exe
  C:\Windows\System\vVLMcQu.exe
  2⤵
  PID:828
- C:\Windows\System\ClvYOKd.exe
  C:\Windows\System\ClvYOKd.exe
  2⤵
  PID:5184
- C:\Windows\System\UATElaz.exe
  C:\Windows\System\UATElaz.exe
  2⤵
  PID:4620
- C:\Windows\System\bbgtGjq.exe
  C:\Windows\System\bbgtGjq.exe
  2⤵
  PID:4632
- C:\Windows\System\GWhhJwL.exe
  C:\Windows\System\GWhhJwL.exe
  2⤵
  PID:5168
- C:\Windows\System\wieEmmz.exe
  C:\Windows\System\wieEmmz.exe
  2⤵
  PID:5204
- C:\Windows\System\UOtMyeb.exe
  C:\Windows\System\UOtMyeb.exe
  2⤵
  PID:5248
- C:\Windows\System\hFpzdsM.exe
  C:\Windows\System\hFpzdsM.exe
  2⤵
  PID:5276
- C:\Windows\System\ImUPIBe.exe
  C:\Windows\System\ImUPIBe.exe
  2⤵
  PID:5292
- C:\Windows\System\wgIyEiS.exe
  C:\Windows\System\wgIyEiS.exe
  2⤵
  PID:5332
- C:\Windows\System\RCGHacj.exe
  C:\Windows\System\RCGHacj.exe
  2⤵
  PID:5368
- C:\Windows\System\tQDjHLX.exe
  C:\Windows\System\tQDjHLX.exe
  2⤵
  PID:5380
- C:\Windows\System\BYUDvKF.exe
  C:\Windows\System\BYUDvKF.exe
  2⤵
  PID:5468
- C:\Windows\System\KCyiCcX.exe
  C:\Windows\System\KCyiCcX.exe
  2⤵
  PID:5540
- C:\Windows\System\EFeCAVB.exe
  C:\Windows\System\EFeCAVB.exe
  2⤵
  PID:5548
- C:\Windows\System\hfOYBOZ.exe
  C:\Windows\System\hfOYBOZ.exe
  2⤵
  PID:5564
- C:\Windows\System\pqDQGte.exe
  C:\Windows\System\pqDQGte.exe
  2⤵
  PID:5572
- C:\Windows\System\pNDxlnf.exe
  C:\Windows\System\pNDxlnf.exe
  2⤵
  PID:5448
- C:\Windows\System\CzqRruR.exe
  C:\Windows\System\CzqRruR.exe
  2⤵
  PID:5536
- C:\Windows\System\rIPaYrU.exe
  C:\Windows\System\rIPaYrU.exe
  2⤵
  PID:5596
- C:\Windows\System\gKeJFIY.exe
  C:\Windows\System\gKeJFIY.exe
  2⤵
  PID:5624
- C:\Windows\System\KbtKaub.exe
  C:\Windows\System\KbtKaub.exe
  2⤵
  PID:5744
- C:\Windows\System\QvwaaWl.exe
  C:\Windows\System\QvwaaWl.exe
  2⤵
  PID:5888
- C:\Windows\System\dHxfJQZ.exe
  C:\Windows\System\dHxfJQZ.exe
  2⤵
  PID:5760
- C:\Windows\System\JBQWnpo.exe
  C:\Windows\System\JBQWnpo.exe
  2⤵
  PID:5872
- C:\Windows\System\zsrqZSS.exe
  C:\Windows\System\zsrqZSS.exe
  2⤵
  PID:5840
- C:\Windows\System\VNQvdAM.exe
  C:\Windows\System\VNQvdAM.exe
  2⤵
  PID:5856
- C:\Windows\System\EeYEjvH.exe
  C:\Windows\System\EeYEjvH.exe
  2⤵
  PID:5952
- C:\Windows\System\aXlmZXE.exe
  C:\Windows\System\aXlmZXE.exe
  2⤵
  PID:5996
- C:\Windows\System\ymwbmrJ.exe
  C:\Windows\System\ymwbmrJ.exe
  2⤵
  PID:6020
- C:\Windows\System\NfHjniQ.exe
  C:\Windows\System\NfHjniQ.exe
  2⤵
  PID:6036
- C:\Windows\System\PXeqEVa.exe
  C:\Windows\System\PXeqEVa.exe
  2⤵
  PID:6080
- C:\Windows\System\InalAWd.exe
  C:\Windows\System\InalAWd.exe
  2⤵
  PID:6120
- C:\Windows\System\TDpFInX.exe
  C:\Windows\System\TDpFInX.exe
  2⤵
  PID:6104
- C:\Windows\System\hJYPxuZ.exe
  C:\Windows\System\hJYPxuZ.exe
  2⤵
  PID:3292
- C:\Windows\System\xofwOND.exe
  C:\Windows\System\xofwOND.exe
  2⤵
  PID:5256
- C:\Windows\System\fvScGeC.exe
  C:\Windows\System\fvScGeC.exe
  2⤵
  PID:5132
- C:\Windows\System\qZgLhfW.exe
  C:\Windows\System\qZgLhfW.exe
  2⤵
  PID:2884
- C:\Windows\System\ijTIOLN.exe
  C:\Windows\System\ijTIOLN.exe
  2⤵
  PID:5272
- C:\Windows\System\lThdRCz.exe
  C:\Windows\System\lThdRCz.exe
  2⤵
  PID:5400
- C:\Windows\System\JFrJBnl.exe
  C:\Windows\System\JFrJBnl.exe
  2⤵
  PID:5352
- C:\Windows\System\ZXlatHi.exe
  C:\Windows\System\ZXlatHi.exe
  2⤵
  PID:5560
- C:\Windows\System\xsyShWR.exe
  C:\Windows\System\xsyShWR.exe
  2⤵
  PID:5588
- C:\Windows\System\PKAUeQw.exe
  C:\Windows\System\PKAUeQw.exe
  2⤵
  PID:5516
- C:\Windows\System\AaTQTZO.exe
  C:\Windows\System\AaTQTZO.exe
  2⤵
  PID:5672
- C:\Windows\System\bQcqwrM.exe
  C:\Windows\System\bQcqwrM.exe
  2⤵
  PID:5716
- C:\Windows\System\EbqGpaT.exe
  C:\Windows\System\EbqGpaT.exe
  2⤵
  PID:5788
- C:\Windows\System\AXomnOm.exe
  C:\Windows\System\AXomnOm.exe
  2⤵
  PID:5800
- C:\Windows\System\yelMYWg.exe
  C:\Windows\System\yelMYWg.exe
  2⤵
  PID:5868
- C:\Windows\System\CPlWtEQ.exe
  C:\Windows\System\CPlWtEQ.exe
  2⤵
  PID:5908
- C:\Windows\System\BNfBOfG.exe
  C:\Windows\System\BNfBOfG.exe
  2⤵
  PID:5844
- C:\Windows\System\RTYZPHC.exe
  C:\Windows\System\RTYZPHC.exe
  2⤵
  PID:5936
- C:\Windows\System\UlJycYI.exe
  C:\Windows\System\UlJycYI.exe
  2⤵
  PID:5948
- C:\Windows\System\TBoOROu.exe
  C:\Windows\System\TBoOROu.exe
  2⤵
  PID:5296
- C:\Windows\System\TCFzSck.exe
  C:\Windows\System\TCFzSck.exe
  2⤵
  PID:6136
- C:\Windows\System\VexRCxb.exe
  C:\Windows\System\VexRCxb.exe
  2⤵
  PID:6048
- C:\Windows\System\rbesbGg.exe
  C:\Windows\System\rbesbGg.exe
  2⤵
  PID:5156
- C:\Windows\System\zzGvmQI.exe
  C:\Windows\System\zzGvmQI.exe
  2⤵
  PID:5140
- C:\Windows\System\ZXWZJwT.exe
  C:\Windows\System\ZXWZJwT.exe
  2⤵
  PID:5284
- C:\Windows\System\iaFxYFt.exe
  C:\Windows\System\iaFxYFt.exe
  2⤵
  PID:5436
- C:\Windows\System\dGovybU.exe
  C:\Windows\System\dGovybU.exe
  2⤵
  PID:5592
- C:\Windows\System\auIKJsf.exe
  C:\Windows\System\auIKJsf.exe
  2⤵
  PID:5456
- C:\Windows\System\rONnAPY.exe
  C:\Windows\System\rONnAPY.exe
  2⤵
  PID:5820
- C:\Windows\System\qqIfzRu.exe
  C:\Windows\System\qqIfzRu.exe
  2⤵
  PID:5852
- C:\Windows\System\VDFfrsM.exe
  C:\Windows\System\VDFfrsM.exe
  2⤵
  PID:5780
- C:\Windows\System\JuRyztV.exe
  C:\Windows\System\JuRyztV.exe
  2⤵
  PID:6012
- C:\Windows\System\GYWyjom.exe
  C:\Windows\System\GYWyjom.exe
  2⤵
  PID:5264
- C:\Windows\System\lAEmZjk.exe
  C:\Windows\System\lAEmZjk.exe
  2⤵
  PID:5696
- C:\Windows\System\YfqtMrK.exe
  C:\Windows\System\YfqtMrK.exe
  2⤵
  PID:4868
- C:\Windows\System\DbQBxka.exe
  C:\Windows\System\DbQBxka.exe
  2⤵
  PID:5832
- C:\Windows\System\AdfIdIW.exe
  C:\Windows\System\AdfIdIW.exe
  2⤵
  PID:6116
- C:\Windows\System\sjHnWLH.exe
  C:\Windows\System\sjHnWLH.exe
  2⤵
  PID:6152
- C:\Windows\System\qJzbBml.exe
  C:\Windows\System\qJzbBml.exe
  2⤵
  PID:6168
- C:\Windows\System\UHozfTI.exe
  C:\Windows\System\UHozfTI.exe
  2⤵
  PID:6184
- C:\Windows\System\NQfSAsP.exe
  C:\Windows\System\NQfSAsP.exe
  2⤵
  PID:6204
- C:\Windows\System\diyvZcT.exe
  C:\Windows\System\diyvZcT.exe
  2⤵
  PID:6224
- C:\Windows\System\ZqoecKP.exe
  C:\Windows\System\ZqoecKP.exe
  2⤵
  PID:6240
- C:\Windows\System\ULWvIjs.exe
  C:\Windows\System\ULWvIjs.exe
  2⤵
  PID:6256
- C:\Windows\System\ijgfnia.exe
  C:\Windows\System\ijgfnia.exe
  2⤵
  PID:6272
- C:\Windows\System\NgAoxcX.exe
  C:\Windows\System\NgAoxcX.exe
  2⤵
  PID:6292
- C:\Windows\System\Fmtczkz.exe
  C:\Windows\System\Fmtczkz.exe
  2⤵
  PID:6316
- C:\Windows\System\GIfYvoT.exe
  C:\Windows\System\GIfYvoT.exe
  2⤵
  PID:6332
- C:\Windows\System\pKpUpHH.exe
  C:\Windows\System\pKpUpHH.exe
  2⤵
  PID:6348
- C:\Windows\System\VMswxRW.exe
  C:\Windows\System\VMswxRW.exe
  2⤵
  PID:6364
- C:\Windows\System\NlJXXlI.exe
  C:\Windows\System\NlJXXlI.exe
  2⤵
  PID:6380
- C:\Windows\System\JhvDXZp.exe
  C:\Windows\System\JhvDXZp.exe
  2⤵
  PID:6400
- C:\Windows\System\KAdTjuY.exe
  C:\Windows\System\KAdTjuY.exe
  2⤵
  PID:6424
- C:\Windows\System\pmBXyxz.exe
  C:\Windows\System\pmBXyxz.exe
  2⤵
  PID:6444
- C:\Windows\System\ecitObN.exe
  C:\Windows\System\ecitObN.exe
  2⤵
  PID:6472
- C:\Windows\System\WqyuJuO.exe
  C:\Windows\System\WqyuJuO.exe
  2⤵
  PID:6492
- C:\Windows\System\DKqxaoQ.exe
  C:\Windows\System\DKqxaoQ.exe
  2⤵
  PID:6512
- C:\Windows\System\ndoZTRJ.exe
  C:\Windows\System\ndoZTRJ.exe
  2⤵
  PID:6528
- C:\Windows\System\sBawlHa.exe
  C:\Windows\System\sBawlHa.exe
  2⤵
  PID:6544
- C:\Windows\System\sWyBAwV.exe
  C:\Windows\System\sWyBAwV.exe
  2⤵
  PID:6560
- C:\Windows\System\RAUKciD.exe
  C:\Windows\System\RAUKciD.exe
  2⤵
  PID:6576
- C:\Windows\System\gYlaPcf.exe
  C:\Windows\System\gYlaPcf.exe
  2⤵
  PID:6592
- C:\Windows\System\mhdriFy.exe
  C:\Windows\System\mhdriFy.exe
  2⤵
  PID:6608
- C:\Windows\System\FxxjFgP.exe
  C:\Windows\System\FxxjFgP.exe
  2⤵
  PID:6624
- C:\Windows\System\GNbmoLA.exe
  C:\Windows\System\GNbmoLA.exe
  2⤵
  PID:6640
- C:\Windows\System\CQrOkUa.exe
  C:\Windows\System\CQrOkUa.exe
  2⤵
  PID:6656
- C:\Windows\System\cKlhvHF.exe
  C:\Windows\System\cKlhvHF.exe
  2⤵
  PID:6672
- C:\Windows\System\aKPHOyQ.exe
  C:\Windows\System\aKPHOyQ.exe
  2⤵
  PID:6688
- C:\Windows\System\nswQdLa.exe
  C:\Windows\System\nswQdLa.exe
  2⤵
  PID:6712
- C:\Windows\System\MNLDrir.exe
  C:\Windows\System\MNLDrir.exe
  2⤵
  PID:6736
- C:\Windows\System\zjyBnwU.exe
  C:\Windows\System\zjyBnwU.exe
  2⤵
  PID:6752
- C:\Windows\System\JdCGZFS.exe
  C:\Windows\System\JdCGZFS.exe
  2⤵
  PID:6772
- C:\Windows\System\ebYMBMH.exe
  C:\Windows\System\ebYMBMH.exe
  2⤵
  PID:6792
- C:\Windows\System\YxlAuSi.exe
  C:\Windows\System\YxlAuSi.exe
  2⤵
  PID:6808
- C:\Windows\System\ULPoFBx.exe
  C:\Windows\System\ULPoFBx.exe
  2⤵
  PID:6824
- C:\Windows\System\wQMQfVe.exe
  C:\Windows\System\wQMQfVe.exe
  2⤵
  PID:6840
- C:\Windows\System\NVwURsW.exe
  C:\Windows\System\NVwURsW.exe
  2⤵
  PID:6856
- C:\Windows\System\DJxmqTj.exe
  C:\Windows\System\DJxmqTj.exe
  2⤵
  PID:6872
- C:\Windows\System\kyMnXir.exe
  C:\Windows\System\kyMnXir.exe
  2⤵
  PID:6888
- C:\Windows\System\JcslesA.exe
  C:\Windows\System\JcslesA.exe
  2⤵
  PID:6904
- C:\Windows\System\SyaGUfc.exe
  C:\Windows\System\SyaGUfc.exe
  2⤵
  PID:6920
- C:\Windows\System\KmdZpNE.exe
  C:\Windows\System\KmdZpNE.exe
  2⤵
  PID:6940
- C:\Windows\System\zOKcWYg.exe
  C:\Windows\System\zOKcWYg.exe
  2⤵
  PID:6968
- C:\Windows\System\bsPzUDy.exe
  C:\Windows\System\bsPzUDy.exe
  2⤵
  PID:6984
- C:\Windows\System\bVUodPb.exe
  C:\Windows\System\bVUodPb.exe
  2⤵
  PID:7000
- C:\Windows\System\BVlbYuv.exe
  C:\Windows\System\BVlbYuv.exe
  2⤵
  PID:7016
- C:\Windows\System\XxoAJwR.exe
  C:\Windows\System\XxoAJwR.exe
  2⤵
  PID:7032
- C:\Windows\System\KcSZvlO.exe
  C:\Windows\System\KcSZvlO.exe
  2⤵
  PID:7048
- C:\Windows\System\PamSNhy.exe
  C:\Windows\System\PamSNhy.exe
  2⤵
  PID:7064
- C:\Windows\System\LyJqDVW.exe
  C:\Windows\System\LyJqDVW.exe
  2⤵
  PID:7080
- C:\Windows\System\OMFMjQn.exe
  C:\Windows\System\OMFMjQn.exe
  2⤵
  PID:7096
- C:\Windows\System\rtpenxE.exe
  C:\Windows\System\rtpenxE.exe
  2⤵
  PID:7112
- C:\Windows\System\jqPEGQh.exe
  C:\Windows\System\jqPEGQh.exe
  2⤵
  PID:7132
- C:\Windows\System\YoxeBaC.exe
  C:\Windows\System\YoxeBaC.exe
  2⤵
  PID:7148
- C:\Windows\System\AKGgHYU.exe
  C:\Windows\System\AKGgHYU.exe
  2⤵
  PID:5288
- C:\Windows\System\RSjVKFY.exe
  C:\Windows\System\RSjVKFY.exe
  2⤵
  PID:5608
- C:\Windows\System\yibmWlZ.exe
  C:\Windows\System\yibmWlZ.exe
  2⤵
  PID:5244
- C:\Windows\System\ZDAFjSj.exe
  C:\Windows\System\ZDAFjSj.exe
  2⤵
  PID:6304
- C:\Windows\System\rgHSgrJ.exe
  C:\Windows\System\rgHSgrJ.exe
  2⤵
  PID:6372
- C:\Windows\System\suZsYxf.exe
  C:\Windows\System\suZsYxf.exe
  2⤵
  PID:5432
- C:\Windows\System\DgegrrT.exe
  C:\Windows\System\DgegrrT.exe
  2⤵
  PID:6236
- C:\Windows\System\GxiMxcY.exe
  C:\Windows\System\GxiMxcY.exe
  2⤵
  PID:4568
- C:\Windows\System\TCBZqHd.exe
  C:\Windows\System\TCBZqHd.exe
  2⤵
  PID:5240
- C:\Windows\System\MRhSMhx.exe
  C:\Windows\System\MRhSMhx.exe
  2⤵
  PID:5152
- C:\Windows\System\vcXoiTP.exe
  C:\Windows\System\vcXoiTP.exe
  2⤵
  PID:6180
- C:\Windows\System\EKoXnfd.exe
  C:\Windows\System\EKoXnfd.exe
  2⤵
  PID:5968
- C:\Windows\System\BzNtPOo.exe
  C:\Windows\System\BzNtPOo.exe
  2⤵
  PID:6220
- C:\Windows\System\QymCfti.exe
  C:\Windows\System\QymCfti.exe
  2⤵
  PID:6284
- C:\Windows\System\TpzTQQH.exe
  C:\Windows\System\TpzTQQH.exe
  2⤵
  PID:6388
- C:\Windows\System\KITpXII.exe
  C:\Windows\System\KITpXII.exe
  2⤵
  PID:6432
- C:\Windows\System\Miyedyx.exe
  C:\Windows\System\Miyedyx.exe
  2⤵
  PID:6484
- C:\Windows\System\vLodbzv.exe
  C:\Windows\System\vLodbzv.exe
  2⤵
  PID:6524
- C:\Windows\System\lOoyTLF.exe
  C:\Windows\System\lOoyTLF.exe
  2⤵
  PID:6416
- C:\Windows\System\SdBhHHs.exe
  C:\Windows\System\SdBhHHs.exe
  2⤵
  PID:5680
- C:\Windows\System\eQEBwkz.exe
  C:\Windows\System\eQEBwkz.exe
  2⤵
  PID:6652
- C:\Windows\System\CFQjQxr.exe
  C:\Windows\System\CFQjQxr.exe
  2⤵
  PID:6504
- C:\Windows\System\fJmMdYr.exe
  C:\Windows\System\fJmMdYr.exe
  2⤵
  PID:6568
- C:\Windows\System\RwFDNsN.exe
  C:\Windows\System\RwFDNsN.exe
  2⤵
  PID:6680
- C:\Windows\System\lVsScpm.exe
  C:\Windows\System\lVsScpm.exe
  2⤵
  PID:6636
- C:\Windows\System\dDfzQQh.exe
  C:\Windows\System\dDfzQQh.exe
  2⤵
  PID:6704
- C:\Windows\System\GCcKBUZ.exe
  C:\Windows\System\GCcKBUZ.exe
  2⤵
  PID:6732
- C:\Windows\System\hKGyXGZ.exe
  C:\Windows\System\hKGyXGZ.exe
  2⤵
  PID:6768
- C:\Windows\System\lzZvUxf.exe
  C:\Windows\System\lzZvUxf.exe
  2⤵
  PID:6832
- C:\Windows\System\QXKumlH.exe
  C:\Windows\System\QXKumlH.exe
  2⤵
  PID:6896
- C:\Windows\System\GEORSXe.exe
  C:\Windows\System\GEORSXe.exe
  2⤵
  PID:6748
- C:\Windows\System\QwwxYAm.exe
  C:\Windows\System\QwwxYAm.exe
  2⤵
  PID:6936
- C:\Windows\System\SKkUfaF.exe
  C:\Windows\System\SKkUfaF.exe
  2⤵
  PID:6820
- C:\Windows\System\yguvnsO.exe
  C:\Windows\System\yguvnsO.exe
  2⤵
  PID:6976
- C:\Windows\System\pdgzTlZ.exe
  C:\Windows\System\pdgzTlZ.exe
  2⤵
  PID:7040
- C:\Windows\System\ZhLPXDW.exe
  C:\Windows\System\ZhLPXDW.exe
  2⤵
  PID:7104
- C:\Windows\System\FohqWnW.exe
  C:\Windows\System\FohqWnW.exe
  2⤵
  PID:6956
- C:\Windows\System\daOVMNj.exe
  C:\Windows\System\daOVMNj.exe
  2⤵
  PID:7156
- C:\Windows\System\dtNhyBr.exe
  C:\Windows\System\dtNhyBr.exe
  2⤵
  PID:7028
- C:\Windows\System\bjjWUwu.exe
  C:\Windows\System\bjjWUwu.exe
  2⤵
  PID:7092
- C:\Windows\System\aeYRwJV.exe
  C:\Windows\System\aeYRwJV.exe
  2⤵
  PID:5348
- C:\Windows\System\REHLwoN.exe
  C:\Windows\System\REHLwoN.exe
  2⤵
  PID:6408
- C:\Windows\System\xkiBFNX.exe
  C:\Windows\System\xkiBFNX.exe
  2⤵
  PID:6412
- C:\Windows\System\IRdfHDe.exe
  C:\Windows\System\IRdfHDe.exe
  2⤵
  PID:6268
- C:\Windows\System\oIUqlvU.exe
  C:\Windows\System\oIUqlvU.exe
  2⤵
  PID:6312
- C:\Windows\System\LpgZJXV.exe
  C:\Windows\System\LpgZJXV.exe
  2⤵
  PID:6176
- C:\Windows\System\PuvMrfU.exe
  C:\Windows\System\PuvMrfU.exe
  2⤵
  PID:6164
- C:\Windows\System\egKQAGk.exe
  C:\Windows\System\egKQAGk.exe
  2⤵
  PID:6064
- C:\Windows\System\gHPpjCo.exe
  C:\Windows\System\gHPpjCo.exe
  2⤵
  PID:6328
- C:\Windows\System\JQHexJA.exe
  C:\Windows\System\JQHexJA.exe
  2⤵
  PID:5864
- C:\Windows\System\CKgRmvH.exe
  C:\Windows\System\CKgRmvH.exe
  2⤵
  PID:6620
- C:\Windows\System\JOFrOPL.exe
  C:\Windows\System\JOFrOPL.exe
  2⤵
  PID:6604
- C:\Windows\System\CDYSmRK.exe
  C:\Windows\System\CDYSmRK.exe
  2⤵
  PID:6452
- C:\Windows\System\xoyWjlE.exe
  C:\Windows\System\xoyWjlE.exe
  2⤵
  PID:6456
- C:\Windows\System\GIrOTMs.exe
  C:\Windows\System\GIrOTMs.exe
  2⤵
  PID:6440
- C:\Windows\System\BcGCkpO.exe
  C:\Windows\System\BcGCkpO.exe
  2⤵
  PID:6728
- C:\Windows\System\RsdrEOr.exe
  C:\Windows\System\RsdrEOr.exe
  2⤵
  PID:7072
- C:\Windows\System\BuEwjQO.exe
  C:\Windows\System\BuEwjQO.exe
  2⤵
  PID:6916
- C:\Windows\System\kuRGtDS.exe
  C:\Windows\System\kuRGtDS.exe
  2⤵
  PID:7012
- C:\Windows\System\OjptpIU.exe
  C:\Windows\System\OjptpIU.exe
  2⤵
  PID:6960
- C:\Windows\System\jyYhPnR.exe
  C:\Windows\System\jyYhPnR.exe
  2⤵
  PID:7024
- C:\Windows\System\vRFoRKu.exe
  C:\Windows\System\vRFoRKu.exe
  2⤵
  PID:6804
- C:\Windows\System\UKpNJHp.exe
  C:\Windows\System\UKpNJHp.exe
  2⤵
  PID:5984
- C:\Windows\System\zvrfUZF.exe
  C:\Windows\System\zvrfUZF.exe
  2⤵
  PID:6100
- C:\Windows\System\xjLIOQh.exe
  C:\Windows\System\xjLIOQh.exe
  2⤵
  PID:6160
- C:\Windows\System\grvtwfj.exe
  C:\Windows\System\grvtwfj.exe
  2⤵
  PID:6396
- C:\Windows\System\kGoFVGC.exe
  C:\Windows\System\kGoFVGC.exe
  2⤵
  PID:6248
- C:\Windows\System\fTDTeIM.exe
  C:\Windows\System\fTDTeIM.exe
  2⤵
  PID:6912
- C:\Windows\System\aESUOJu.exe
  C:\Windows\System\aESUOJu.exe
  2⤵
  PID:7008
- C:\Windows\System\giimQCE.exe
  C:\Windows\System\giimQCE.exe
  2⤵
  PID:7076
- C:\Windows\System\vSaJwkU.exe
  C:\Windows\System\vSaJwkU.exe
  2⤵
  PID:7128
- C:\Windows\System\SSrJmbV.exe
  C:\Windows\System\SSrJmbV.exe
  2⤵
  PID:6192
- C:\Windows\System\hoLRYUu.exe
  C:\Windows\System\hoLRYUu.exe
  2⤵
  PID:6996
- C:\Windows\System\sLYlARJ.exe
  C:\Windows\System\sLYlARJ.exe
  2⤵
  PID:6616
- C:\Windows\System\LuOdYOO.exe
  C:\Windows\System\LuOdYOO.exe
  2⤵
  PID:6536
- C:\Windows\System\kXqxtzn.exe
  C:\Windows\System\kXqxtzn.exe
  2⤵
  PID:6884
- C:\Windows\System\enTcIxw.exe
  C:\Windows\System\enTcIxw.exe
  2⤵
  PID:6584
- C:\Windows\System\GGNcqPF.exe
  C:\Windows\System\GGNcqPF.exe
  2⤵
  PID:6952
- C:\Windows\System\gyHhPcS.exe
  C:\Windows\System\gyHhPcS.exe
  2⤵
  PID:6816
- C:\Windows\System\fYnKslT.exe
  C:\Windows\System\fYnKslT.exe
  2⤵
  PID:2192
- C:\Windows\System\VRqTKDY.exe
  C:\Windows\System\VRqTKDY.exe
  2⤵
  PID:5732
- C:\Windows\System\VdWhJLO.exe
  C:\Windows\System\VdWhJLO.exe
  2⤵
  PID:7172
- C:\Windows\System\sUqLJbx.exe
  C:\Windows\System\sUqLJbx.exe
  2⤵
  PID:7188
- C:\Windows\System\wQthots.exe
  C:\Windows\System\wQthots.exe
  2⤵
  PID:7204
- C:\Windows\System\HKNgLst.exe
  C:\Windows\System\HKNgLst.exe
  2⤵
  PID:7232
- C:\Windows\System\xiAqpPv.exe
  C:\Windows\System\xiAqpPv.exe
  2⤵
  PID:7248
- C:\Windows\System\JVEvSjU.exe
  C:\Windows\System\JVEvSjU.exe
  2⤵
  PID:7264
- C:\Windows\System\ljPUVMV.exe
  C:\Windows\System\ljPUVMV.exe
  2⤵
  PID:7280
- C:\Windows\System\mrsPrbU.exe
  C:\Windows\System\mrsPrbU.exe
  2⤵
  PID:7300
- C:\Windows\System\UwBcJAv.exe
  C:\Windows\System\UwBcJAv.exe
  2⤵
  PID:7316
- C:\Windows\System\EadlXnX.exe
  C:\Windows\System\EadlXnX.exe
  2⤵
  PID:7332
- C:\Windows\System\RxvsIkZ.exe
  C:\Windows\System\RxvsIkZ.exe
  2⤵
  PID:7348
- C:\Windows\System\ORQHMNb.exe
  C:\Windows\System\ORQHMNb.exe
  2⤵
  PID:7364
- C:\Windows\System\fCmBYuK.exe
  C:\Windows\System\fCmBYuK.exe
  2⤵
  PID:7380
- C:\Windows\System\GIZUHfj.exe
  C:\Windows\System\GIZUHfj.exe
  2⤵
  PID:7396
- C:\Windows\System\FYxezqV.exe
  C:\Windows\System\FYxezqV.exe
  2⤵
  PID:7412
- C:\Windows\System\RPqHAUg.exe
  C:\Windows\System\RPqHAUg.exe
  2⤵
  PID:7428
- C:\Windows\System\bWYDwsz.exe
  C:\Windows\System\bWYDwsz.exe
  2⤵
  PID:7452
- C:\Windows\System\iYggSpS.exe
  C:\Windows\System\iYggSpS.exe
  2⤵
  PID:7468
- C:\Windows\System\yptaRGH.exe
  C:\Windows\System\yptaRGH.exe
  2⤵
  PID:7492
- C:\Windows\System\WyKgELs.exe
  C:\Windows\System\WyKgELs.exe
  2⤵
  PID:7516
- C:\Windows\System\hqEapQL.exe
  C:\Windows\System\hqEapQL.exe
  2⤵
  PID:7532
- C:\Windows\System\KlseVlM.exe
  C:\Windows\System\KlseVlM.exe
  2⤵
  PID:7556
- C:\Windows\System\CMghyAd.exe
  C:\Windows\System\CMghyAd.exe
  2⤵
  PID:7576
- C:\Windows\System\gDmDCKG.exe
  C:\Windows\System\gDmDCKG.exe
  2⤵
  PID:7600
- C:\Windows\System\hBnMclX.exe
  C:\Windows\System\hBnMclX.exe
  2⤵
  PID:7616
- C:\Windows\System\quypOyk.exe
  C:\Windows\System\quypOyk.exe
  2⤵
  PID:7632
- C:\Windows\System\RfUgXBD.exe
  C:\Windows\System\RfUgXBD.exe
  2⤵
  PID:7648
- C:\Windows\System\pcjPPml.exe
  C:\Windows\System\pcjPPml.exe
  2⤵
  PID:7664
- C:\Windows\System\MFugEQV.exe
  C:\Windows\System\MFugEQV.exe
  2⤵
  PID:7692
- C:\Windows\System\UbcDwAN.exe
  C:\Windows\System\UbcDwAN.exe
  2⤵
  PID:7708
- C:\Windows\System\dtBlTqb.exe
  C:\Windows\System\dtBlTqb.exe
  2⤵
  PID:7724
- C:\Windows\System\CvhBqxh.exe
  C:\Windows\System\CvhBqxh.exe
  2⤵
  PID:7744
- C:\Windows\System\gAjTSNS.exe
  C:\Windows\System\gAjTSNS.exe
  2⤵
  PID:7768
- C:\Windows\System\HaxrcPY.exe
  C:\Windows\System\HaxrcPY.exe
  2⤵
  PID:7788
- C:\Windows\System\jfMMUEz.exe
  C:\Windows\System\jfMMUEz.exe
  2⤵
  PID:7808
- C:\Windows\System\xrcSYQI.exe
  C:\Windows\System\xrcSYQI.exe
  2⤵
  PID:7824
- C:\Windows\System\tjXHuNi.exe
  C:\Windows\System\tjXHuNi.exe
  2⤵
  PID:7840
- C:\Windows\System\aCAljaJ.exe
  C:\Windows\System\aCAljaJ.exe
  2⤵
  PID:7856
- C:\Windows\System\teMKqGQ.exe
  C:\Windows\System\teMKqGQ.exe
  2⤵
  PID:7872
- C:\Windows\System\pZRtSIK.exe
  C:\Windows\System\pZRtSIK.exe
  2⤵
  PID:7888
- C:\Windows\System\oeCPCsW.exe
  C:\Windows\System\oeCPCsW.exe
  2⤵
  PID:7904
- C:\Windows\System\GDzgJUq.exe
  C:\Windows\System\GDzgJUq.exe
  2⤵
  PID:7920
- C:\Windows\System\XukXrUU.exe
  C:\Windows\System\XukXrUU.exe
  2⤵
  PID:7940
- C:\Windows\System\FfEfEYD.exe
  C:\Windows\System\FfEfEYD.exe
  2⤵
  PID:7956
- C:\Windows\System\wzMVTSJ.exe
  C:\Windows\System\wzMVTSJ.exe
  2⤵
  PID:7972
- C:\Windows\System\UCZPHLc.exe
  C:\Windows\System\UCZPHLc.exe
  2⤵
  PID:7988
- C:\Windows\System\msWQWOb.exe
  C:\Windows\System\msWQWOb.exe
  2⤵
  PID:8004
- C:\Windows\System\pannFLa.exe
  C:\Windows\System\pannFLa.exe
  2⤵
  PID:8020
- C:\Windows\System\sSvBDnY.exe
  C:\Windows\System\sSvBDnY.exe
  2⤵
  PID:8036
- C:\Windows\System\UPMnwHM.exe
  C:\Windows\System\UPMnwHM.exe
  2⤵
  PID:8052
- C:\Windows\System\XOJwhTy.exe
  C:\Windows\System\XOJwhTy.exe
  2⤵
  PID:8068
- C:\Windows\System\uAGmTRr.exe
  C:\Windows\System\uAGmTRr.exe
  2⤵
  PID:8084
- C:\Windows\System\REFunbv.exe
  C:\Windows\System\REFunbv.exe
  2⤵
  PID:8108
- C:\Windows\System\TcDvaPf.exe
  C:\Windows\System\TcDvaPf.exe
  2⤵
  PID:8128
- C:\Windows\System\dbkGKvN.exe
  C:\Windows\System\dbkGKvN.exe
  2⤵
  PID:8144
- C:\Windows\System\KXQFClF.exe
  C:\Windows\System\KXQFClF.exe
  2⤵
  PID:8180
- C:\Windows\System\NZbchjZ.exe
  C:\Windows\System\NZbchjZ.exe
  2⤵
  PID:6232
- C:\Windows\System\NpMUeZV.exe
  C:\Windows\System\NpMUeZV.exe
  2⤵
  PID:6600
- C:\Windows\System\XhWGoOn.exe
  C:\Windows\System\XhWGoOn.exe
  2⤵
  PID:6760
- C:\Windows\System\uHqAfhr.exe
  C:\Windows\System\uHqAfhr.exe
  2⤵
  PID:7212
- C:\Windows\System\iRDVVkK.exe
  C:\Windows\System\iRDVVkK.exe
  2⤵
  PID:7216
- C:\Windows\System\OykDVGF.exe
  C:\Windows\System\OykDVGF.exe
  2⤵
  PID:7244
- C:\Windows\System\IsJEGcL.exe
  C:\Windows\System\IsJEGcL.exe
  2⤵
  PID:7276
- C:\Windows\System\tJqCPkA.exe
  C:\Windows\System\tJqCPkA.exe
  2⤵
  PID:7344
- C:\Windows\System\ufFbtOc.exe
  C:\Windows\System\ufFbtOc.exe
  2⤵
  PID:7408
- C:\Windows\System\IwaWfbK.exe
  C:\Windows\System\IwaWfbK.exe
  2⤵
  PID:7448
- C:\Windows\System\RcHfSKp.exe
  C:\Windows\System\RcHfSKp.exe
  2⤵
  PID:7356
- C:\Windows\System\ccXvEqL.exe
  C:\Windows\System\ccXvEqL.exe
  2⤵
  PID:7420
- C:\Windows\System\SlHPWik.exe
  C:\Windows\System\SlHPWik.exe
  2⤵
  PID:7460
- C:\Windows\System\DNUtVcE.exe
  C:\Windows\System\DNUtVcE.exe
  2⤵
  PID:7488
- C:\Windows\System\CBGyUBV.exe
  C:\Windows\System\CBGyUBV.exe
  2⤵
  PID:7500
- C:\Windows\System\pTomKQY.exe
  C:\Windows\System\pTomKQY.exe
  2⤵
  PID:7540
- C:\Windows\System\kIkSkVM.exe
  C:\Windows\System\kIkSkVM.exe
  2⤵
  PID:7564
- C:\Windows\System\jZJHBVr.exe
  C:\Windows\System\jZJHBVr.exe
  2⤵
  PID:7612
- C:\Windows\System\gdnCcIH.exe
  C:\Windows\System\gdnCcIH.exe
  2⤵
  PID:7584
- C:\Windows\System\gagLHre.exe
  C:\Windows\System\gagLHre.exe
  2⤵
  PID:7628
- C:\Windows\System\DbdXmyZ.exe
  C:\Windows\System\DbdXmyZ.exe
  2⤵
  PID:7684
- C:\Windows\System\nISgSQM.exe
  C:\Windows\System\nISgSQM.exe
  2⤵
  PID:7716
- C:\Windows\System\KsPrghj.exe
  C:\Windows\System\KsPrghj.exe
  2⤵
  PID:7764
- C:\Windows\System\yTwFeJo.exe
  C:\Windows\System\yTwFeJo.exe
  2⤵
  PID:7736
- C:\Windows\System\FsMTybE.exe
  C:\Windows\System\FsMTybE.exe
  2⤵
  PID:7832
- C:\Windows\System\BcEehKs.exe
  C:\Windows\System\BcEehKs.exe
  2⤵
  PID:7868
- C:\Windows\System\FabsIIp.exe
  C:\Windows\System\FabsIIp.exe
  2⤵
  PID:7900
- C:\Windows\System\IQADQio.exe
  C:\Windows\System\IQADQio.exe
  2⤵
  PID:7932
- C:\Windows\System\cRheqjE.exe
  C:\Windows\System\cRheqjE.exe
  2⤵
  PID:7848
- C:\Windows\System\wFwMCiP.exe
  C:\Windows\System\wFwMCiP.exe
  2⤵
  PID:7912
- C:\Windows\System\xxPZiBK.exe
  C:\Windows\System\xxPZiBK.exe
  2⤵
  PID:7996
- C:\Windows\System\jRCfoqF.exe
  C:\Windows\System\jRCfoqF.exe
  2⤵
  PID:7984
- C:\Windows\System\mXjSjbQ.exe
  C:\Windows\System\mXjSjbQ.exe
  2⤵
  PID:8048
- C:\Windows\System\dGGYuDV.exe
  C:\Windows\System\dGGYuDV.exe
  2⤵
  PID:8060
- C:\Windows\System\pKOAIdp.exe
  C:\Windows\System\pKOAIdp.exe
  2⤵
  PID:8124
- C:\Windows\System\VIbijbO.exe
  C:\Windows\System\VIbijbO.exe
  2⤵
  PID:8164
- C:\Windows\System\rqMOkmm.exe
  C:\Windows\System\rqMOkmm.exe
  2⤵
  PID:6700
- C:\Windows\System\yMeQiOC.exe
  C:\Windows\System\yMeQiOC.exe
  2⤵
  PID:7312
- C:\Windows\System\UbZElou.exe
  C:\Windows\System\UbZElou.exe
  2⤵
  PID:7484
- C:\Windows\System\OnqTGUY.exe
  C:\Windows\System\OnqTGUY.exe
  2⤵
  PID:7608
- C:\Windows\System\MspVhmA.exe
  C:\Windows\System\MspVhmA.exe
  2⤵
  PID:5324
- C:\Windows\System\LZtDSWV.exe
  C:\Windows\System\LZtDSWV.exe
  2⤵
  PID:7224
- C:\Windows\System\vXKTKlF.exe
  C:\Windows\System\vXKTKlF.exe
  2⤵
  PID:7324
- C:\Windows\System\ceMNshN.exe
  C:\Windows\System\ceMNshN.exe
  2⤵
  PID:7548
- C:\Windows\System\bHwMdGW.exe
  C:\Windows\System\bHwMdGW.exe
  2⤵
  PID:7660
- C:\Windows\System\SkCEhil.exe
  C:\Windows\System\SkCEhil.exe
  2⤵
  PID:7720
- C:\Windows\System\GfoKell.exe
  C:\Windows\System\GfoKell.exe
  2⤵
  PID:7780
- C:\Windows\System\rscdldi.exe
  C:\Windows\System\rscdldi.exe
  2⤵
  PID:7704
- C:\Windows\System\rbNjOqF.exe
  C:\Windows\System\rbNjOqF.exe
  2⤵
  PID:8016
- C:\Windows\System\jXlBqwh.exe
  C:\Windows\System\jXlBqwh.exe
  2⤵
  PID:7880
- C:\Windows\System\yTaQiSM.exe
  C:\Windows\System\yTaQiSM.exe
  2⤵
  PID:7980
- C:\Windows\System\CstCYuH.exe
  C:\Windows\System\CstCYuH.exe
  2⤵
  PID:8092
- C:\Windows\System\YGfQRKS.exe
  C:\Windows\System\YGfQRKS.exe
  2⤵
  PID:8100
- C:\Windows\System\VyOpbdW.exe
  C:\Windows\System\VyOpbdW.exe
  2⤵
  PID:8116
- C:\Windows\System\ZKzpaUU.exe
  C:\Windows\System\ZKzpaUU.exe
  2⤵
  PID:7444
- C:\Windows\System\XWBIhqZ.exe
  C:\Windows\System\XWBIhqZ.exe
  2⤵
  PID:7624
- C:\Windows\System\rOJuhAA.exe
  C:\Windows\System\rOJuhAA.exe
  2⤵
  PID:7376
- C:\Windows\System\uWnjTjP.exe
  C:\Windows\System\uWnjTjP.exe
  2⤵
  PID:7184
- C:\Windows\System\VxSjHxE.exe
  C:\Windows\System\VxSjHxE.exe
  2⤵
  PID:6800
- C:\Windows\System\FDOZSGe.exe
  C:\Windows\System\FDOZSGe.exe
  2⤵
  PID:7528
- C:\Windows\System\Zzvxijn.exe
  C:\Windows\System\Zzvxijn.exe
  2⤵
  PID:7804
- C:\Windows\System\TiOSSby.exe
  C:\Windows\System\TiOSSby.exe
  2⤵
  PID:7884
- C:\Windows\System\cgLNLFE.exe
  C:\Windows\System\cgLNLFE.exe
  2⤵
  PID:8136
- C:\Windows\System\doISfBY.exe
  C:\Windows\System\doISfBY.exe
  2⤵
  PID:8188
- C:\Windows\System\hWMhRWk.exe
  C:\Windows\System\hWMhRWk.exe
  2⤵
  PID:8028
- C:\Windows\System\dqlFpHt.exe
  C:\Windows\System\dqlFpHt.exe
  2⤵
  PID:8044
- C:\Windows\System\UJWZHkT.exe
  C:\Windows\System\UJWZHkT.exe
  2⤵
  PID:7572
- C:\Windows\System\frGZADe.exe
  C:\Windows\System\frGZADe.exe
  2⤵
  PID:7200
- C:\Windows\System\YYUkkBI.exe
  C:\Windows\System\YYUkkBI.exe
  2⤵
  PID:7404
- C:\Windows\System\QLeCAtn.exe
  C:\Windows\System\QLeCAtn.exe
  2⤵
  PID:8204
- C:\Windows\System\NTXjrZJ.exe
  C:\Windows\System\NTXjrZJ.exe
  2⤵
  PID:8220
- C:\Windows\System\yqoQNtF.exe
  C:\Windows\System\yqoQNtF.exe
  2⤵
  PID:8240
- C:\Windows\System\YMhVndi.exe
  C:\Windows\System\YMhVndi.exe
  2⤵
  PID:8256
- C:\Windows\System\nlCoROR.exe
  C:\Windows\System\nlCoROR.exe
  2⤵
  PID:8272
- C:\Windows\System\QPRMUPn.exe
  C:\Windows\System\QPRMUPn.exe
  2⤵
  PID:8296
- C:\Windows\System\JRPDoyf.exe
  C:\Windows\System\JRPDoyf.exe
  2⤵
  PID:8312
- C:\Windows\System\NyJygse.exe
  C:\Windows\System\NyJygse.exe
  2⤵
  PID:8328
- C:\Windows\System\pdAZiXI.exe
  C:\Windows\System\pdAZiXI.exe
  2⤵
  PID:8344
- C:\Windows\System\ueOdhYA.exe
  C:\Windows\System\ueOdhYA.exe
  2⤵
  PID:8360
- C:\Windows\System\uRWzUlo.exe
  C:\Windows\System\uRWzUlo.exe
  2⤵
  PID:8376
- C:\Windows\System\XlooKbo.exe
  C:\Windows\System\XlooKbo.exe
  2⤵
  PID:8392
- C:\Windows\System\ltETfID.exe
  C:\Windows\System\ltETfID.exe
  2⤵
  PID:8408
- C:\Windows\System\ASHBJpS.exe
  C:\Windows\System\ASHBJpS.exe
  2⤵
  PID:8424
- C:\Windows\System\dOickSg.exe
  C:\Windows\System\dOickSg.exe
  2⤵
  PID:8440
- C:\Windows\System\GJXkgGW.exe
  C:\Windows\System\GJXkgGW.exe
  2⤵
  PID:8456
- C:\Windows\System\YTPRLqr.exe
  C:\Windows\System\YTPRLqr.exe
  2⤵
  PID:8568
- C:\Windows\System\DreNbTQ.exe
  C:\Windows\System\DreNbTQ.exe
  2⤵
  PID:8588
- C:\Windows\System\MEEiHhy.exe
  C:\Windows\System\MEEiHhy.exe
  2⤵
  PID:8612
- C:\Windows\System\LZsxvDc.exe
  C:\Windows\System\LZsxvDc.exe
  2⤵
  PID:8636
- C:\Windows\System\qZvYQKc.exe
  C:\Windows\System\qZvYQKc.exe
  2⤵
  PID:8656
- C:\Windows\System\qQLcbtY.exe
  C:\Windows\System\qQLcbtY.exe
  2⤵
  PID:8672
- C:\Windows\System\xScWJqb.exe
  C:\Windows\System\xScWJqb.exe
  2⤵
  PID:8688
- C:\Windows\System\hpRsQpS.exe
  C:\Windows\System\hpRsQpS.exe
  2⤵
  PID:8708
- C:\Windows\System\iUlnmix.exe
  C:\Windows\System\iUlnmix.exe
  2⤵
  PID:8724
- C:\Windows\System\JFuyVjH.exe
  C:\Windows\System\JFuyVjH.exe
  2⤵
  PID:8744
- C:\Windows\System\VpReFaN.exe
  C:\Windows\System\VpReFaN.exe
  2⤵
  PID:8772
- C:\Windows\System\GUopckM.exe
  C:\Windows\System\GUopckM.exe
  2⤵
  PID:8792
- C:\Windows\System\uQJZibs.exe
  C:\Windows\System\uQJZibs.exe
  2⤵
  PID:8816
- C:\Windows\System\HLjnAOp.exe
  C:\Windows\System\HLjnAOp.exe
  2⤵
  PID:8832
- C:\Windows\System\GQIdqZm.exe
  C:\Windows\System\GQIdqZm.exe
  2⤵
  PID:8848
- C:\Windows\System\dskCLyM.exe
  C:\Windows\System\dskCLyM.exe
  2⤵
  PID:8864
- C:\Windows\System\zoEVWqR.exe
  C:\Windows\System\zoEVWqR.exe
  2⤵
  PID:8880
- C:\Windows\System\zMzTAIP.exe
  C:\Windows\System\zMzTAIP.exe
  2⤵
  PID:8896
- C:\Windows\System\AeeBhrQ.exe
  C:\Windows\System\AeeBhrQ.exe
  2⤵
  PID:8912
- C:\Windows\System\YPMjukt.exe
  C:\Windows\System\YPMjukt.exe
  2⤵
  PID:8928
- C:\Windows\System\FdtmkpY.exe
  C:\Windows\System\FdtmkpY.exe
  2⤵
  PID:8944
- C:\Windows\System\sEwyEuk.exe
  C:\Windows\System\sEwyEuk.exe
  2⤵
  PID:8960
- C:\Windows\System\gtGinoV.exe
  C:\Windows\System\gtGinoV.exe
  2⤵
  PID:8980
- C:\Windows\System\rEobxOa.exe
  C:\Windows\System\rEobxOa.exe
  2⤵
  PID:8996
- C:\Windows\System\KlWIZvA.exe
  C:\Windows\System\KlWIZvA.exe
  2⤵
  PID:9012
- C:\Windows\System\yFkvsda.exe
  C:\Windows\System\yFkvsda.exe
  2⤵
  PID:9136
- C:\Windows\System\PNeMQGr.exe
  C:\Windows\System\PNeMQGr.exe
  2⤵
  PID:9164
- C:\Windows\System\bvugwdb.exe
  C:\Windows\System\bvugwdb.exe
  2⤵
  PID:9204
- C:\Windows\System\eAtdqYk.exe
  C:\Windows\System\eAtdqYk.exe
  2⤵
  PID:8216
- C:\Windows\System\cSDnBpa.exe
  C:\Windows\System\cSDnBpa.exe
  2⤵
  PID:7440
- C:\Windows\System\ApfJWmL.exe
  C:\Windows\System\ApfJWmL.exe
  2⤵
  PID:7936
- C:\Windows\System\WLgeTyb.exe
  C:\Windows\System\WLgeTyb.exe
  2⤵
  PID:7820
- C:\Windows\System\qVgQtgr.exe
  C:\Windows\System\qVgQtgr.exe
  2⤵
  PID:8200
- C:\Windows\System\cfsnVcF.exe
  C:\Windows\System\cfsnVcF.exe
  2⤵
  PID:8280
- C:\Windows\System\zMfUVIZ.exe
  C:\Windows\System\zMfUVIZ.exe
  2⤵
  PID:8292
- C:\Windows\System\bVIDFLo.exe
  C:\Windows\System\bVIDFLo.exe
  2⤵
  PID:8352
- C:\Windows\System\CiCGyfH.exe
  C:\Windows\System\CiCGyfH.exe
  2⤵
  PID:8416
- C:\Windows\System\hfetSGk.exe
  C:\Windows\System\hfetSGk.exe
  2⤵
  PID:8404
- C:\Windows\System\UvEJnpJ.exe
  C:\Windows\System\UvEJnpJ.exe
  2⤵
  PID:8340
- C:\Windows\System\vMxDurM.exe
  C:\Windows\System\vMxDurM.exe
  2⤵
  PID:8432
- C:\Windows\System\jXdFFZU.exe
  C:\Windows\System\jXdFFZU.exe
  2⤵
  PID:8464
- C:\Windows\System\zoDoXsy.exe
  C:\Windows\System\zoDoXsy.exe
  2⤵
  PID:8576
- C:\Windows\System\GPDvpIE.exe
  C:\Windows\System\GPDvpIE.exe
  2⤵
  PID:8624
- C:\Windows\System\CbOCTPF.exe
  C:\Windows\System\CbOCTPF.exe
  2⤵
  PID:8668
- C:\Windows\System\sMaWHlb.exe
  C:\Windows\System\sMaWHlb.exe
  2⤵
  PID:8488
- C:\Windows\System\WrFHxel.exe
  C:\Windows\System\WrFHxel.exe
  2⤵
  PID:8504
- C:\Windows\System\XebykGL.exe
  C:\Windows\System\XebykGL.exe
  2⤵
  PID:8520
- C:\Windows\System\MaIBjqS.exe
  C:\Windows\System\MaIBjqS.exe
  2⤵
  PID:8536
- C:\Windows\System\hPRxmyI.exe
  C:\Windows\System\hPRxmyI.exe
  2⤵
  PID:8552
- C:\Windows\System\CKLWNsO.exe
  C:\Windows\System\CKLWNsO.exe
  2⤵
  PID:8732
- C:\Windows\System\RKqxHRU.exe
  C:\Windows\System\RKqxHRU.exe
  2⤵
  PID:8604
- C:\Windows\System\yRWcbHC.exe
  C:\Windows\System\yRWcbHC.exe
  2⤵
  PID:8680
- C:\Windows\System\MkZMLYY.exe
  C:\Windows\System\MkZMLYY.exe
  2⤵
  PID:8760
- C:\Windows\System\pPaoWbu.exe
  C:\Windows\System\pPaoWbu.exe
  2⤵
  PID:8788
- C:\Windows\System\TiLslbr.exe
  C:\Windows\System\TiLslbr.exe
  2⤵
  PID:8800
- C:\Windows\System\ilHZlux.exe
  C:\Windows\System\ilHZlux.exe
  2⤵
  PID:8840
- C:\Windows\System\zkSFNvP.exe
  C:\Windows\System\zkSFNvP.exe
  2⤵
  PID:8860
- C:\Windows\System\qzvUlZW.exe
  C:\Windows\System\qzvUlZW.exe
  2⤵
  PID:8888
- C:\Windows\System\CAgvTWW.exe
  C:\Windows\System\CAgvTWW.exe
  2⤵
  PID:8952
- C:\Windows\System\HUVrVgs.exe
  C:\Windows\System\HUVrVgs.exe
  2⤵
  PID:9020
- C:\Windows\System\BLaCaKd.exe
  C:\Windows\System\BLaCaKd.exe
  2⤵
  PID:8940
- C:\Windows\System\KqdoKdG.exe
  C:\Windows\System\KqdoKdG.exe
  2⤵
  PID:9004
- C:\Windows\System\vLISeTZ.exe
  C:\Windows\System\vLISeTZ.exe
  2⤵
  PID:9036
- C:\Windows\System\bpEAiqg.exe
  C:\Windows\System\bpEAiqg.exe
  2⤵
  PID:9048
- C:\Windows\System\wOeXqDW.exe
  C:\Windows\System\wOeXqDW.exe
  2⤵
  PID:9064
- C:\Windows\System\UmGjMBA.exe
  C:\Windows\System\UmGjMBA.exe
  2⤵
  PID:9080
- C:\Windows\System\JfrlVuM.exe
  C:\Windows\System\JfrlVuM.exe
  2⤵
  PID:9096
- C:\Windows\System\lWmGyFj.exe
  C:\Windows\System\lWmGyFj.exe
  2⤵
  PID:9112
- C:\Windows\System\yEEgvtU.exe
  C:\Windows\System\yEEgvtU.exe
  2⤵
  PID:9128
- C:\Windows\System\uBHkifx.exe
  C:\Windows\System\uBHkifx.exe
  2⤵
  PID:9172
- C:\Windows\System\PLUKlUV.exe
  C:\Windows\System\PLUKlUV.exe
  2⤵
  PID:9176
- C:\Windows\System\kfgNxWC.exe
  C:\Windows\System\kfgNxWC.exe
  2⤵
  PID:9196
- C:\Windows\System\kPfSMuX.exe
  C:\Windows\System\kPfSMuX.exe
  2⤵
  PID:7480
- C:\Windows\System\YtObKPi.exe
  C:\Windows\System\YtObKPi.exe
  2⤵
  PID:7784
- C:\Windows\System\BngQfJO.exe
  C:\Windows\System\BngQfJO.exe
  2⤵
  PID:7968
- C:\Windows\System\PFeoPtz.exe
  C:\Windows\System\PFeoPtz.exe
  2⤵
  PID:8236
- C:\Windows\System\yPvgLvQ.exe
  C:\Windows\System\yPvgLvQ.exe
  2⤵
  PID:8264
- C:\Windows\System\DigYFCZ.exe
  C:\Windows\System\DigYFCZ.exe
  2⤵
  PID:8304
- C:\Windows\System\XjNBidN.exe
  C:\Windows\System\XjNBidN.exe
  2⤵
  PID:8480
- C:\Windows\System\EZIlCrn.exe
  C:\Windows\System\EZIlCrn.exe
  2⤵
  PID:8368
- C:\Windows\System\RMomNUE.exe
  C:\Windows\System\RMomNUE.exe
  2⤵
  PID:8632
- C:\Windows\System\aFBSapw.exe
  C:\Windows\System\aFBSapw.exe
  2⤵
  PID:8704
- C:\Windows\System\laRgptB.exe
  C:\Windows\System\laRgptB.exe
  2⤵
  PID:8528
- C:\Windows\System\jSYGygN.exe
  C:\Windows\System\jSYGygN.exe
  2⤵
  PID:8512
- C:\Windows\System\xGMIuwQ.exe
  C:\Windows\System\xGMIuwQ.exe
  2⤵
  PID:8548
- C:\Windows\System\snkKmaD.exe
  C:\Windows\System\snkKmaD.exe
  2⤵
  PID:8752
- C:\Windows\System\rgVLnMM.exe
  C:\Windows\System\rgVLnMM.exe
  2⤵
  PID:8716
- C:\Windows\System\uvHkUBI.exe
  C:\Windows\System\uvHkUBI.exe
  2⤵
  PID:8828
- C:\Windows\System\KeegPyn.exe
  C:\Windows\System\KeegPyn.exe
  2⤵
  PID:8920
- C:\Windows\System\DiaUQaV.exe
  C:\Windows\System\DiaUQaV.exe
  2⤵
  PID:7228
- C:\Windows\System\KHgxjmG.exe
  C:\Windows\System\KHgxjmG.exe
  2⤵
  PID:9008
- C:\Windows\System\DaMqRSY.exe
  C:\Windows\System\DaMqRSY.exe
  2⤵
  PID:9040
- C:\Windows\System\TydDXAg.exe
  C:\Windows\System\TydDXAg.exe
  2⤵
  PID:9108
- C:\Windows\System\jGfFAGw.exe
  C:\Windows\System\jGfFAGw.exe
  2⤵
  PID:9124
- C:\Windows\System\ulStuEa.exe
  C:\Windows\System\ulStuEa.exe
  2⤵
  PID:9092
- C:\Windows\System\uSNziZa.exe
  C:\Windows\System\uSNziZa.exe
  2⤵
  PID:6780
- C:\Windows\System\DUoIhNw.exe
  C:\Windows\System\DUoIhNw.exe
  2⤵
  PID:8448
- C:\Windows\System\QXniNGB.exe
  C:\Windows\System\QXniNGB.exe
  2⤵
  PID:8496
- C:\Windows\System\ZIYrEaz.exe
  C:\Windows\System\ZIYrEaz.exe
  2⤵
  PID:8784
- C:\Windows\System\XIgSHon.exe
  C:\Windows\System\XIgSHon.exe
  2⤵
  PID:8976
- C:\Windows\System\BErfeSo.exe
  C:\Windows\System\BErfeSo.exe
  2⤵
  PID:9160
- C:\Windows\System\QyyFafN.exe
  C:\Windows\System\QyyFafN.exe
  2⤵
  PID:8516
- C:\Windows\System\QhMZKyD.exe
  C:\Windows\System\QhMZKyD.exe
  2⤵
  PID:7864
- C:\Windows\System\fGGXOve.exe
  C:\Windows\System\fGGXOve.exe
  2⤵
  PID:8324
- C:\Windows\System\HwucWpV.exe
  C:\Windows\System\HwucWpV.exe
  2⤵
  PID:8620
- C:\Windows\System\XAMzNxf.exe
  C:\Windows\System\XAMzNxf.exe
  2⤵
  PID:8648
- C:\Windows\System\NYlObsO.exe
  C:\Windows\System\NYlObsO.exe
  2⤵
  PID:8924
- C:\Windows\System\KIRHXim.exe
  C:\Windows\System\KIRHXim.exe
  2⤵
  PID:9076
- C:\Windows\System\UgdlKvd.exe
  C:\Windows\System\UgdlKvd.exe
  2⤵
  PID:8472
- C:\Windows\System\PzzfUIc.exe
  C:\Windows\System\PzzfUIc.exe
  2⤵
  PID:8196
- C:\Windows\System\gtOwBPM.exe
  C:\Windows\System\gtOwBPM.exe
  2⤵
  PID:9104
- C:\Windows\System\bxQWjem.exe
  C:\Windows\System\bxQWjem.exe
  2⤵
  PID:8584
- C:\Windows\System\nzilVcQ.exe
  C:\Windows\System\nzilVcQ.exe
  2⤵
  PID:8468
- C:\Windows\System\rpUueYq.exe
  C:\Windows\System\rpUueYq.exe
  2⤵
  PID:8564
- C:\Windows\System\LjDUABD.exe
  C:\Windows\System\LjDUABD.exe
  2⤵
  PID:8988
- C:\Windows\System\QusLama.exe
  C:\Windows\System\QusLama.exe
  2⤵
  PID:9228
- C:\Windows\System\PkgjmTI.exe
  C:\Windows\System\PkgjmTI.exe
  2⤵
  PID:9244
- C:\Windows\System\IMuuIDv.exe
  C:\Windows\System\IMuuIDv.exe
  2⤵
  PID:9260
- C:\Windows\System\IHcCtyi.exe
  C:\Windows\System\IHcCtyi.exe
  2⤵
  PID:9276
- C:\Windows\System\ONXWzLm.exe
  C:\Windows\System\ONXWzLm.exe
  2⤵
  PID:9292
- C:\Windows\System\xDVueBZ.exe
  C:\Windows\System\xDVueBZ.exe
  2⤵
  PID:9308
- C:\Windows\System\Dchvykj.exe
  C:\Windows\System\Dchvykj.exe
  2⤵
  PID:9324
- C:\Windows\System\nJtemOF.exe
  C:\Windows\System\nJtemOF.exe
  2⤵
  PID:9340
- C:\Windows\System\egfLDOH.exe
  C:\Windows\System\egfLDOH.exe
  2⤵
  PID:9356
- C:\Windows\System\HyDYJHU.exe
  C:\Windows\System\HyDYJHU.exe
  2⤵
  PID:9372
- C:\Windows\System\TvrpvFA.exe
  C:\Windows\System\TvrpvFA.exe
  2⤵
  PID:9388
- C:\Windows\System\RTwgzpu.exe
  C:\Windows\System\RTwgzpu.exe
  2⤵
  PID:9404
- C:\Windows\System\aWwSZxf.exe
  C:\Windows\System\aWwSZxf.exe
  2⤵
  PID:9420
- C:\Windows\System\ltWpfEE.exe
  C:\Windows\System\ltWpfEE.exe
  2⤵
  PID:9436
- C:\Windows\System\WsHSbaf.exe
  C:\Windows\System\WsHSbaf.exe
  2⤵
  PID:9456
- C:\Windows\System\gLyHfWs.exe
  C:\Windows\System\gLyHfWs.exe
  2⤵
  PID:9472
- C:\Windows\System\rnMVPYi.exe
  C:\Windows\System\rnMVPYi.exe
  2⤵
  PID:9488
- C:\Windows\System\HdRfmNO.exe
  C:\Windows\System\HdRfmNO.exe
  2⤵
  PID:9504
- C:\Windows\System\HyylxsC.exe
  C:\Windows\System\HyylxsC.exe
  2⤵
  PID:9520
- C:\Windows\System\cDmWjnX.exe
  C:\Windows\System\cDmWjnX.exe
  2⤵
  PID:9536
- C:\Windows\System\ZGuhfcC.exe
  C:\Windows\System\ZGuhfcC.exe
  2⤵
  PID:9552
- C:\Windows\System\XuueHAP.exe
  C:\Windows\System\XuueHAP.exe
  2⤵
  PID:9568
- C:\Windows\System\sNglNNl.exe
  C:\Windows\System\sNglNNl.exe
  2⤵
  PID:9584
- C:\Windows\System\fSqBOoY.exe
  C:\Windows\System\fSqBOoY.exe
  2⤵
  PID:9600
- C:\Windows\System\gdasIBi.exe
  C:\Windows\System\gdasIBi.exe
  2⤵
  PID:9616
- C:\Windows\System\DkkLAup.exe
  C:\Windows\System\DkkLAup.exe
  2⤵
  PID:9632
- C:\Windows\System\FWXQqGq.exe
  C:\Windows\System\FWXQqGq.exe
  2⤵
  PID:9652
- C:\Windows\System\kuphlnL.exe
  C:\Windows\System\kuphlnL.exe
  2⤵
  PID:9668
- C:\Windows\System\qiTbyvk.exe
  C:\Windows\System\qiTbyvk.exe
  2⤵
  PID:9684
- C:\Windows\System\TDaBGDi.exe
  C:\Windows\System\TDaBGDi.exe
  2⤵
  PID:9700
- C:\Windows\System\RhwCqcM.exe
  C:\Windows\System\RhwCqcM.exe
  2⤵
  PID:9716
- C:\Windows\System\nILHZnT.exe
  C:\Windows\System\nILHZnT.exe
  2⤵
  PID:9732
- C:\Windows\System\LFhqfaE.exe
  C:\Windows\System\LFhqfaE.exe
  2⤵
  PID:9748
- C:\Windows\System\TSBtdGJ.exe
  C:\Windows\System\TSBtdGJ.exe
  2⤵
  PID:9764
- C:\Windows\System\aXEaYqQ.exe
  C:\Windows\System\aXEaYqQ.exe
  2⤵
  PID:9780
- C:\Windows\System\zzhEeWT.exe
  C:\Windows\System\zzhEeWT.exe
  2⤵
  PID:9796
- C:\Windows\System\WAFlsAj.exe
  C:\Windows\System\WAFlsAj.exe
  2⤵
  PID:9812
- C:\Windows\System\TXnFTDU.exe
  C:\Windows\System\TXnFTDU.exe
  2⤵
  PID:9828
- C:\Windows\System\vexCeOM.exe
  C:\Windows\System\vexCeOM.exe
  2⤵
  PID:9844
- C:\Windows\System\uecxSSh.exe
  C:\Windows\System\uecxSSh.exe
  2⤵
  PID:9860
- C:\Windows\System\OJzjjRs.exe
  C:\Windows\System\OJzjjRs.exe
  2⤵
  PID:9876
- C:\Windows\System\KLgoTXh.exe
  C:\Windows\System\KLgoTXh.exe
  2⤵
  PID:9892
- C:\Windows\System\JouRXgk.exe
  C:\Windows\System\JouRXgk.exe
  2⤵
  PID:9908
- C:\Windows\System\IYWGALY.exe
  C:\Windows\System\IYWGALY.exe
  2⤵
  PID:9924
- C:\Windows\System\gmgjIoF.exe
  C:\Windows\System\gmgjIoF.exe
  2⤵
  PID:9940
- C:\Windows\System\ISUtIQP.exe
  C:\Windows\System\ISUtIQP.exe
  2⤵
  PID:9960
- C:\Windows\System\jsqJnRf.exe
  C:\Windows\System\jsqJnRf.exe
  2⤵
  PID:9984
- C:\Windows\System\dtscwUd.exe
  C:\Windows\System\dtscwUd.exe
  2⤵
  PID:10000
- C:\Windows\System\DyWoDGx.exe
  C:\Windows\System\DyWoDGx.exe
  2⤵
  PID:10016
- C:\Windows\System\dkYbJZe.exe
  C:\Windows\System\dkYbJZe.exe
  2⤵
  PID:10032
- C:\Windows\System\QCYYNQI.exe
  C:\Windows\System\QCYYNQI.exe
  2⤵
  PID:10048
- C:\Windows\System\EAouvgw.exe
  C:\Windows\System\EAouvgw.exe
  2⤵
  PID:10064
- C:\Windows\System\FfOKJGV.exe
  C:\Windows\System\FfOKJGV.exe
  2⤵
  PID:10080
- C:\Windows\System\jlYIMat.exe
  C:\Windows\System\jlYIMat.exe
  2⤵
  PID:10096
- C:\Windows\System\TIKbJAI.exe
  C:\Windows\System\TIKbJAI.exe
  2⤵
  PID:10112
- C:\Windows\System\ueGkyjh.exe
  C:\Windows\System\ueGkyjh.exe
  2⤵
  PID:10128
- C:\Windows\System\jMhxBWW.exe
  C:\Windows\System\jMhxBWW.exe
  2⤵
  PID:10144
- C:\Windows\System\zyoaoQR.exe
  C:\Windows\System\zyoaoQR.exe
  2⤵
  PID:10160
- C:\Windows\System\jEAzLOs.exe
  C:\Windows\System\jEAzLOs.exe
  2⤵
  PID:10176
- C:\Windows\System\dwejtWT.exe
  C:\Windows\System\dwejtWT.exe
  2⤵
  PID:10192
- C:\Windows\System\kxONair.exe
  C:\Windows\System\kxONair.exe
  2⤵
  PID:10208
- C:\Windows\System\RustnIs.exe
  C:\Windows\System\RustnIs.exe
  2⤵
  PID:10224
- C:\Windows\System\VXKLRJW.exe
  C:\Windows\System\VXKLRJW.exe
  2⤵
  PID:8372
- C:\Windows\System\KxySqBI.exe
  C:\Windows\System\KxySqBI.exe
  2⤵
  PID:9224
- C:\Windows\System\KSIfeGQ.exe
  C:\Windows\System\KSIfeGQ.exe
  2⤵
  PID:9236
- C:\Windows\System\gSlpYZC.exe
  C:\Windows\System\gSlpYZC.exe
  2⤵
  PID:9284
- C:\Windows\System\VviaKjA.exe
  C:\Windows\System\VviaKjA.exe
  2⤵
  PID:9868
- C:\Windows\System\egfraHc.exe
  C:\Windows\System\egfraHc.exe
  2⤵
  PID:10168
- C:\Windows\System\vSbBRgX.exe
  C:\Windows\System\vSbBRgX.exe
  2⤵
  PID:10188
- C:\Windows\System\TlZfuRR.exe
  C:\Windows\System\TlZfuRR.exe
  2⤵
  PID:9304
- C:\Windows\System\MsdUVkn.exe
  C:\Windows\System\MsdUVkn.exe
  2⤵
  PID:9364
- C:\Windows\System\nvpXyCd.exe
  C:\Windows\System\nvpXyCd.exe
  2⤵
  PID:9400
- C:\Windows\System\yzCbCpg.exe
  C:\Windows\System\yzCbCpg.exe
  2⤵
  PID:9432
- C:\Windows\System\bbYMTMs.exe
  C:\Windows\System\bbYMTMs.exe
  2⤵
  PID:9480
- C:\Windows\System\xxMJEMm.exe
  C:\Windows\System\xxMJEMm.exe
  2⤵
  PID:9512
- C:\Windows\System\PKVaXZh.exe
  C:\Windows\System\PKVaXZh.exe
  2⤵
  PID:9596
- C:\Windows\System\jhjePoc.exe
  C:\Windows\System\jhjePoc.exe
  2⤵
  PID:9560
- C:\Windows\System\GXbIXsZ.exe
  C:\Windows\System\GXbIXsZ.exe
  2⤵
  PID:9608
- C:\Windows\System\vilylkW.exe
  C:\Windows\System\vilylkW.exe
  2⤵
  PID:9648
- C:\Windows\System\OtrnVFN.exe
  C:\Windows\System\OtrnVFN.exe
  2⤵
  PID:9712
- C:\Windows\System\VnooilP.exe
  C:\Windows\System\VnooilP.exe
  2⤵
  PID:9664
- C:\Windows\System\LkVQqbV.exe
  C:\Windows\System\LkVQqbV.exe
  2⤵
  PID:10156
- C:\Windows\System\XSEekgR.exe
  C:\Windows\System\XSEekgR.exe
  2⤵
  PID:10076
- C:\Windows\System\uztjEkg.exe
  C:\Windows\System\uztjEkg.exe
  2⤵
  PID:9808
- C:\Windows\System\obQrZhE.exe
  C:\Windows\System\obQrZhE.exe
  2⤵
  PID:9468
- C:\Windows\System\xduTJgb.exe
  C:\Windows\System\xduTJgb.exe
  2⤵
  PID:9252
- C:\Windows\System\sobziVb.exe
  C:\Windows\System\sobziVb.exe
  2⤵
  PID:9548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CMvkiVf.exe

Filesize
6.0MB

MD5
7f59ed7c3c402165f509b44e67ffad60

SHA1
b878c25979e3a301eafa986d80dfc2bf9a750f07

SHA256
4f1090eb29dea3bb278105d83f7bb3dc6d0f1168ad7c60e2dbec4846fe77de13

SHA512
115d6489cc04f2782b4c6a543440d1b90995cf01ded50f39cd233422fd583dc95bb48c0fd2b1a2fef58bb098ea1163a3c0461f4756ffe331374928f397191de3

Download Submit
C:\Windows\system\CupOSFe.exe

Filesize
6.0MB

MD5
9c630fc1972e03fe00cefbe11afe2ba4

SHA1
17d5746cdd8e7370a122db16ad2c3d7ac0d76ce6

SHA256
56cb5c63c0e6f9973e3e9dbd26879c7a4c6cfaf33ffb2869c3a524c95b9524c7

SHA512
7ee186c66141647df5e91b625792c786f64240c967f8f6d79570ea67727a060fe5cde904d71ea8ddeb72d7582db5c0bdd13480c3543420dfb493482f33b14a64

Download Submit
C:\Windows\system\Ehbeagv.exe

Filesize
6.0MB

MD5
a57e4751bba3107814f1e91fd0072751

SHA1
3610fad480f824f016d70a66f405cf614ab96065

SHA256
2357243c4d892cfc57eb82c90451cb6366ccb3a6b80bce4f03b5d91f238df89c

SHA512
cf393e9ee36ffcabfe592c92714a34689cf575342278495d37337817ef48aba8ac23f40f7711a98446630ddde0c24b495bdf0f6ed98f369915edd5d5d2fd5dff

Download Submit
C:\Windows\system\JQGCFza.exe

Filesize
6.0MB

MD5
6afd708bad39445b3267095c767d038d

SHA1
6ecfb75a4534dd54255544110c54aeda2c3de980

SHA256
b84f52372b378b26a1a4db06e1863f55838431346327cb7d14e72496283f6c1a

SHA512
c9ecc07d0e805862a4c01535ece2f001c2940be2af809d99a8553a8b990918154326740312137619fe9a894f5e9c90145f7aeb7d1d759f6f928ee5b8e1fbcd88

Download Submit
C:\Windows\system\Jotuxiu.exe

Filesize
6.0MB

MD5
d626dcf2f5a7881d334165bc629aa03e

SHA1
390e370d83271ac1a15dcc45af77d07c1e0fdf96

SHA256
217e94ca9a18aeb22258389f7d11d4b45840abe9795406d9f0253ba2ed73ef26

SHA512
e519648e82451439b4a206379b6a32ce6f0d4ac1833d3847a4984614e6014a991eb77900ebc095fd7a2c884558fc6cffc1a5d1844c55cd3d1ae45592d116dd6f

Download Submit
C:\Windows\system\MadDwiH.exe

Filesize
6.0MB

MD5
d5b14683121186aa9d6e2c0de1fb11ce

SHA1
0ee6688be417fac09e7321e71275c3505814b355

SHA256
20c6b3da3bbd1357b5c96626b0dc34f166e2ac164d0d76a453fd0fb31a6b4a2a

SHA512
6fc7429452d579757a6229ec8fdf3ff880c74888dff49eefcb907638a3d4c340a3e174287c123288368883eb5086cd79b87bc732d471d11c9e53ea3a0e1c0cbc

Download Submit
C:\Windows\system\RsODJik.exe

Filesize
6.0MB

MD5
7d39bbde695cd2b7f110dfe78f20ee5d

SHA1
7ced586388a4fca7a4e6cdeee5068affea281515

SHA256
3f070ba51c21583121a65a4092255abd3f7d047aba99f2c5889077cbda305c4d

SHA512
d7148fc625bdbd4ad143480ca3d4a7261f0316f9d953374c8c05a112e8e9afef0d67507e67c6494781b7167f7c1e2fbe3fb4caad12e0972e2556706e6d5ff9d9

Download Submit
C:\Windows\system\SjnmZNF.exe

Filesize
6.0MB

MD5
9edb05e54b292153be907e256621b167

SHA1
264af3be09d34be80f25c061f902eb44b086b662

SHA256
28dbea613caf1c0166b4246f115f219602354692f8b074808aaa7fb3ce577894

SHA512
d30770d2ce3fc2f8e25fab920e57995bc8f4de8157e7b2ad4da70a180f596d355abf4d2f39b3f9398653e8bcc1d969fd6c580923dd9b315244014455f8b95058

Download Submit
C:\Windows\system\UfVUNYp.exe

Filesize
6.0MB

MD5
eb2599d9845cc48e3ce3ca178289feb0

SHA1
22f4558c90fd35f62feab5b8a319aed19ea3cd23

SHA256
ffa00bd47b54cd5c3d85a9f62220878dfcb1253399e769173c8142e5ebeeddab

SHA512
eeb101db5d8707de11fd923ee1f63e6507993e1608247d4764137cc39d0d9847fdc7b895433a26ab1bce2bba4a24be0f73e7f0bd7522eeb35b33ae50765d3219

Download Submit
C:\Windows\system\ZzGBxle.exe

Filesize
6.0MB

MD5
313f295cc95148a4c1758972f66c1640

SHA1
9bde477ab1e34adce4a5efce86007605953d4367

SHA256
28bb04e794d98355441bf8a725225cd389db9552cd5e8374f7af0d48a7979294

SHA512
295e949d140a47c3db06d576e52fc6fc25c53f5c713442752c8f69587429936f113c50f4a5b4e4da5a47d276b63a04974efcb2dee39bd98afd164a17281761cb

Download Submit
C:\Windows\system\aKHWzjU.exe

Filesize
6.0MB

MD5
a214871bf3161fbf109ccf05d7c7dedb

SHA1
02841d8d4ba60547e89ea73db22f629c65e8c80a

SHA256
80663d9a0f2f35bcc7f9a714e46cb1700bb0bd6726531667cefdc221043719e6

SHA512
72ed270c01e6a77040ee85d01efe985b8917ae93e03a9b4c3c9229f85e2a2b8be846bd8caae85847ed574798b8667ab730087bf6f3e63fcc8ad889de30a480e7

Download Submit
C:\Windows\system\bjMfWwe.exe

Filesize
6.0MB

MD5
f8cbc865336a8e1c65d23edf8a86094a

SHA1
495796b28c6a4fd1275d8f7deafa784be1303f03

SHA256
0a89da54d2d7bc9e12bae37919fd9277fc2b9481ca9ee35bf3bb1de8f99e7e2f

SHA512
55f11b19bb5e8f8046b54366d4670d4d067324aa8fc7a41edde034b2f1e5df4af781ae9e28c6d77f6dd3eb5a3e69a21c9d01bdd9dfaa4ae8714a86b3c42f14b8

Download Submit
C:\Windows\system\gEIJLNO.exe

Filesize
6.0MB

MD5
883f4f193467c88fbdeeb5b5388637fe

SHA1
83e3926faf4d3eaad4140930b1b321e499888bdd

SHA256
b2d9f8895f8e6eb68000feac4127030310ad1fe963ecf25edf0672f4bcae8ff8

SHA512
60ca01a0170be81db2d042645a5e9f92fda86cb7ba4755ec53f1f6533e145f054ff0ae9d21e589ca343ab62cf41e4b250fd16a7f5b9f532e1c1fba2854d8a465

Download Submit
C:\Windows\system\gJMJyfq.exe

Filesize
6.0MB

MD5
5eceec1ec14d4abbecee9b288b863e40

SHA1
6792aa4a00db64da5e73b706be6a8f2f83535a65

SHA256
55fa8b15b3c7f24f9371c1fc18bfe2d2df229232b5232009db626d19f21c71e8

SHA512
4905d807d853c313d43068bb035899b16264558a804c3e88d4039628ae2f6659fa87853d9184578b89a8be417aeba860a33815e2a81f1ba8f71a8d04ea8f4170

Download Submit
C:\Windows\system\hYYtnOa.exe

Filesize
6.0MB

MD5
601c78ce137570b35954306f08942963

SHA1
1ec96bb0c4d0efeeed2b67cb8eb590c47cccf960

SHA256
027f4464bd02759ef908fdc10d97999625f26a31a6cabc9e549196d8281224ab

SHA512
fa7c3350aa6f36053dd86ba9f61a29b71b825912b442f1b2c64ed0391db821bbb5d050eb01d7d285ce1fca05890a201ba28545cb8b8734ead7d60d508a2ca677

Download Submit
C:\Windows\system\jstWpnT.exe

Filesize
6.0MB

MD5
d8d7dfa10696f1f141d7ed767c839893

SHA1
7b3d3e94f3d49ade4646ad862409d885c0a2e26e

SHA256
5db00cf61011e8ce029d3b0d8b86469bd732dc3e667fc9b3fbc6c22b8df328ef

SHA512
b8d10c9fd771b83c836875f0586bc7e5a4e50744fa45090263b211f7b4e6aaf5f456ae7adc3a4a9b4e926e29269ac3c7cb6e8099fff3607d6238d89e551a4253

Download Submit
C:\Windows\system\lHdYJDe.exe

Filesize
6.0MB

MD5
687d9dd52324623ef82677e675a4f0dd

SHA1
54fe5f7979c2e955c060c8d53dbecb43d29587f5

SHA256
ac99f91b0c1a489aeedaa92bdf3c731764bf75cc4aa3cb2201488aa4cea8d427

SHA512
277ad654d42f2959309e2a675dff256f9add2ad4e19a8d6acf96f1c4cce8b2a199fadcc1c7186cd614ff8ee5a832f1d3834e55b3e796b6013aa394a4c5260782

Download Submit
C:\Windows\system\pZzKOjT.exe

Filesize
6.0MB

MD5
232127f656504c5d2f5af85f35ef9513

SHA1
f8aafe2784d0e820a36d333bdb57c0b0a0c26079

SHA256
b7870fd2cf88c44f43a1b95249af16c17c3a4e2ec6bf36f6d971960f4ba3a637

SHA512
b56650012183ccf468b5349aaf1c51c023149f2671c61b45b054328c3305e6c0d9a9d231ecc8d9f556d54795c86fa0ebce673afa3f3af2fa9d23374291d1f67c

Download Submit
C:\Windows\system\qxvkfhp.exe

Filesize
6.0MB

MD5
8cc6c3b475338f965b7ed7ab984d9be4

SHA1
29243209ae9ddb004118768d103bcf687cf5569c

SHA256
cb2c71e7eb4ba97a4444100236fd9a0cc3afa19856e4068ab9fa2907fac957bf

SHA512
55febe495d52c2c0f1c377ae316924612c906f1ff20f7450face4a98f44720f2d7a17bb0e408705ff45d5ba9a9062f18cbfa3d363782c1322c19f8fe0abee379

Download Submit
C:\Windows\system\riScQSV.exe

Filesize
6.0MB

MD5
b81231c79d002eed1ba2bd56f1c2e601

SHA1
a33a13d0bdcf7293e13c6af4cf019b1efade063d

SHA256
c85cff38168189896704ac80b490cdae377876f9381322892669dc916f641188

SHA512
efac209178a2b48d8af7a8c455df3ada778c5f6bdf68472a64240e300dcbc013211a2b5856a18736f3fec959e3f2e1ebbde8060cdd1e4d9461a36eb307c7b66a

Download Submit
C:\Windows\system\sdrzWXf.exe

Filesize
6.0MB

MD5
c91edc35f153c184a16e29b8b41c7564

SHA1
95a8eb672db69c285a609859c74e7c1ab1ebe741

SHA256
2973a06eb46d3d820ab8b67f5b426d325906e428a22301076945f70431bf8a60

SHA512
4b94964037659f0b74009982c2603989304e5f3591f2069c5299c4409afd8d565cfed4db112d9163313c5bbc40b4c33acdb0502f3d04e3f40ef933c6a0853232

Download Submit
C:\Windows\system\ssjxrUo.exe

Filesize
6.0MB

MD5
c844539c64235cdb040f44a6d5b59e9d

SHA1
8ea775945e53ff83f4b28991ccc48618ae4a8f7a

SHA256
04b9b9389ef8262e53d0b0fc9a1bc3ddd1ccdb4e6332517df825daba6ed6824b

SHA512
3d3c05619f7540d71f76847da5da78c33553ba020fcc84985efbe81850c582a3b5a35cd0ec5ee738a9f70333f1e036a696ee7324aa1873941b622c572668680b

Download Submit
C:\Windows\system\xUlsCHu.exe

Filesize
6.0MB

MD5
4724d4f6b7e9f0ecda0474b40c5ef23a

SHA1
f18666c901d2193b4d490c95b256044dff429b65

SHA256
f965bd62ea7d2dcf733a19064c6ef481d864b18d5ceb32d23ee52c5ca185e212

SHA512
97f53edf4b6633b4058b1de2d6d873ac1996990b1efe9f6c2fb4af365e6ed63921e4b059356c45330f6b4ad38965a318f9a907be4b3c72fbbeea271ccc228139

Download Submit
\Windows\system\PDkrhuo.exe

Filesize
6.0MB

MD5
69a83ef8561e8dadebda40eefcb4eac6

SHA1
babc0e71a9bee1f26af1611922480359d56cd23f

SHA256
d9a23456e99baaebf7f1ca460622c9a2b66fb0149e0b7baa0b07dea762883676

SHA512
ee62ebae8cbc20c663f0f46300bee933fea0e2a5e999454d38a1231bdb02dcbb509dc46b59f332853981565c489579400c9e872ffc7922b874d1d967a99a821f

Download Submit
\Windows\system\cVhErVQ.exe

Filesize
6.0MB

MD5
aef8b1549c17c073f66f16a17ca0367a

SHA1
c6cd9c9c8824cc601e98a9a675c7cb46b5389c1f

SHA256
5c16c5511404a3648264ed9ef0efe48fd7f38343770d2436c150ed0e3ce35eb4

SHA512
44637976263eb05b60a4b835b68a620bd47d40959af34f00837ed1ce9c9db7d70288f82341c4ec834b5430723d3c33fc7c636c2c74b7dcacde31eb194befe5cb

Download Submit
\Windows\system\fiYcynq.exe

Filesize
6.0MB

MD5
9840e17a0be9f88315f20f8455d1e760

SHA1
73db99f0ebb060ed8950b4402ec90c5c67aa1f07

SHA256
2711d2f42a482c3518ce46451788a2d02cb19505ef8cb0394b21d6444c3863fe

SHA512
d04091875c914bd804503a1b8a6be916bec8ddc2f6e5412446095ec180e8f4c990ce79f6ab6239fb6fb6949dee68422153448c617f1842dcd1801f746bf8d5c4

Download Submit
\Windows\system\gkAdMIu.exe

Filesize
6.0MB

MD5
4283e69ca6e2b3668514b4535a019878

SHA1
4032353f2c413d4e27e419f896c441a96bc7b415

SHA256
bb45fb43a9f569a6b2d24e1db221e51a3fc981628038fe3e20f960508b88d41c

SHA512
c3d831caeedeedd680040391ed1bd254346dc3f549a8a92bb71fb55ea65fa1a05d59696730403ccbcf527d5919cc2c42ed86c8fec8472008cdc3dccb42b4534a

Download Submit
\Windows\system\nmNJurw.exe

Filesize
6.0MB

MD5
5f9bddad7070cedb31f0387f91d84502

SHA1
ec38f550ecb95546ea3bad64ad3db92eeeca11e0

SHA256
6514fb83c26b3ad4834694351cc6ab6ad703ced749a5b67d6f1f47c33ee6f8fe

SHA512
658228af4c7dce8a8fa55e9a120c3f7b5161a651cce52662274499e88f686ef881ab4bb3cb14bbf3abbd011b1dcb035bb954f45e0048f3b11c286c02a68462c5

Download Submit
\Windows\system\udBaQJZ.exe

Filesize
6.0MB

MD5
8b1a9b5ff84273c19bd9e1305ac6546e

SHA1
643197f190cc44c25aeab2b48026d11fb95035ec

SHA256
a2a208fba0de606af2efb0558d0e863ebec18a9d4fed7a87592bb29ce1eecb16

SHA512
1bc7caef3671f630024a97fb6b167b7e823d8d9f6e8dad852ca933d565c235a58a8ae35c652aeff3635c321eedb60057cf547f8206eb565b6eead76006cd33b5

Download Submit
\Windows\system\wVbkPKj.exe

Filesize
6.0MB

MD5
08b0ab9290fa5caad52705cba12f2da9

SHA1
b11d25f15a75bde516b6cf53dd38ba743d35a3af

SHA256
c7cbea9b86627c2c689e2e9972f0d1305b65e4b92f16c999c5ea80c0167cfbb7

SHA512
c0bff7283d4d468a2d69c71abd0de8d5133947fd74228f94c01dc6f4fe706d6341de588c0ff5449d2bcd39ff1aed7188ef02d6ae14f0173f5e9ec0bdd3fd554e

Download Submit
\Windows\system\xGchCGg.exe

Filesize
6.0MB

MD5
9692984221dfe846d255629c409c152b

SHA1
c1f9a2a2b3769a5a075827a35049319332417960

SHA256
db6c60d368ea44e03eaab746e1798c866f2e994a3f55229fcfd82f908443fa88

SHA512
22fdb428bb7c026e001362b5eb9324fb559e9e75c77a81f2f3c79e0e5609c7e975d6830e4e4e72344334c7a6a23ab8f6e1229041c07385150a4793d024669a83

Download Submit
\Windows\system\xWgWKUQ.exe

Filesize
6.0MB

MD5
e51270577315535eb3bfd61d33e4af48

SHA1
0be11c3a0d4682d4facf263cbd1cb6e6ecc2193f

SHA256
e49888f3a8cae479ce7af7d81f88a3c49f3dc72efc9ec93cf24e47d8643e5906

SHA512
212b7011208dc8c93a1c767de9563fb81463bd8a81d4ac1816b7cc4b29619d5cfa128a0f5ff72bb989e7cb94783f3d143e9a34861c83bbb42cb5ff43cf5b1b45

Download Submit
memory/1248-105-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1248-4002-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1780-25-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1780-3991-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2308-116-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-65-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-57-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2308-92-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-21-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-43-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2308-28-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-150-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-79-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-108-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-67-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2308-853-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-856-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-678-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-457-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2308-10-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-118-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-0-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-106-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-19-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2456-82-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2456-3971-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2532-20-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3977-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-111-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4015-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2580-74-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4027-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3967-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-29-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-99-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3999-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2716-62-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2720-66-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3990-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2808-35-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4005-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4006-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2896-71-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2900-49-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3984-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download