cobaltstrike | 35fde5188f947dcaebc14c6bc35a57c603e786856e82fd6bdffcdeae30231f92

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9609720b93e93f78559a4d1b9bd35f60
SHA1

5775c3df93ccb636f538bfb3bc4b36f059bfb2b8
SHA256

35fde5188f947dcaebc14c6bc35a57c603e786856e82fd6bdffcdeae30231f92
SHA512

4cbe72f06fcf95ddfe759562a700a2b79942a51dc1e971755fd5457eaec1c0931ed1e9e1f15e021b2bfe675a02948f450b39cb47b604799421cfa6399d20b3cc
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0005000000010300-3.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000018617-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018636-17.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001907c-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019080-31.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000191ad-54.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001919c-50.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000017447-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019c0b-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-78.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193a8-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2080-0-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000010300-3.dat	xmrig
behavioral1/memory/1044-9-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2080-6-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/files/0x000b000000018617-13.dat	xmrig
behavioral1/memory/2220-16-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018636-17.dat	xmrig
behavioral1/memory/2776-22-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x000700000001907c-26.dat	xmrig
behavioral1/memory/2752-30-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019080-31.dat	xmrig
behavioral1/memory/2864-38-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x00090000000191ad-54.dat	xmrig
behavioral1/memory/2672-53-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x000600000001919c-50.dat	xmrig
behavioral1/memory/1044-46-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2596-45-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x000a000000017447-41.dat	xmrig
behavioral1/memory/2080-37-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2776-60-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2624-61-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f57-100.dat	xmrig
behavioral1/files/0x000500000001a2b9-126.dat	xmrig
behavioral1/files/0x000500000001a3e4-136.dat	xmrig
behavioral1/files/0x000500000001a423-177.dat	xmrig
behavioral1/files/0x000500000001a447-166.dat	xmrig
behavioral1/memory/2080-868-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2080-1007-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46d-193.dat	xmrig
behavioral1/files/0x000500000001a463-188.dat	xmrig
behavioral1/files/0x000500000001a454-184.dat	xmrig
behavioral1/files/0x000500000001a445-169.dat	xmrig
behavioral1/files/0x000500000001a3ea-153.dat	xmrig
behavioral1/files/0x000500000001a452-173.dat	xmrig
behavioral1/files/0x000500000001a3ed-159.dat	xmrig
behavioral1/files/0x000500000001a3e6-143.dat	xmrig
behavioral1/files/0x000500000001a3e8-148.dat	xmrig
behavioral1/files/0x000500000001a2fc-133.dat	xmrig
behavioral1/files/0x000500000001a05a-123.dat	xmrig
behavioral1/files/0x000500000001a033-118.dat	xmrig
behavioral1/files/0x000500000001a020-113.dat	xmrig
behavioral1/memory/1748-104-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2796-103-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f71-107.dat	xmrig
behavioral1/files/0x0005000000019d5c-99.dat	xmrig
behavioral1/memory/1972-98-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2380-97-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2080-95-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/1224-94-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019c0b-92.dat	xmrig
behavioral1/files/0x0005000000019d69-89.dat	xmrig
behavioral1/memory/2080-87-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2608-80-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cfc-78.dat	xmrig
behavioral1/memory/2752-73-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x00080000000193a8-65.dat	xmrig
behavioral1/memory/2776-3680-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2672-3706-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2752-3720-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2596-3721-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2220-3719-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2380-3726-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1224-3730-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2608-3737-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1044	azhgTNM.exe
2220	eBRPxqF.exe
2776	eQDwmfJ.exe
2752	jzJJNgH.exe
2864	pLNFdep.exe
2596	qfGXDie.exe
2672	bsExqfC.exe
2624	FfsiZAz.exe
2608	njswfGf.exe
1224	jOZXCsf.exe
2380	lFHLUwc.exe
1972	jIyPMxd.exe
2796	DuDcPev.exe
1748	OHxsoGQ.exe
2616	EMxNsYM.exe
908	wmhumaO.exe
2940	UYdwtjw.exe
2376	vQErNJK.exe
1264	KyocBVI.exe
1916	ZeVZQMb.exe
2160	Nvnvssc.exe
2780	MSPUVDs.exe
2252	Jhwvkkx.exe
1672	vQmLlkN.exe
2412	MWTuRyP.exe
1060	XkerhlR.exe
1932	pTePgQm.exe
440	QekNbsO.exe
2868	NKRuuWP.exe
1592	CbzutMf.exe
904	QsmmJun.exe
2396	XIrmOxj.exe
1808	dHUAeki.exe
1540	zDJRHAc.exe
1652	wjRqMeX.exe
1300	QEjIZzQ.exe
2904	yZPBYKp.exe
3028	XOHkkus.exe
1692	HrNyvqp.exe
988	WtkOAmG.exe
2156	tkRRbab.exe
3060	aAwHRvX.exe
2300	hDrMiru.exe
2012	dcQiMGP.exe
1728	FOPbXVD.exe
2988	RZAGTJH.exe
1876	iPmlEmf.exe
3056	gHxWHuj.exe
848	tJsZGCy.exe
864	OndDjxc.exe
1020	DnwWESb.exe
2040	QYMiYZi.exe
1332	rPtXSXm.exe
1696	VmxONkO.exe
2860	bUjgzGk.exe
2704	vMLqrEc.exe
2692	OtPwWIx.exe
2956	ULagCkf.exe
2552	KuKQjie.exe
1816	wVWKiiI.exe
2728	vmGpwwO.exe
2824	rtDAfTr.exe
2288	DEBPgmJ.exe
924	YVeuOFS.exe

Loads dropped DLL 64 IoCs

pid	Process
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2080-0-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0005000000010300-3.dat	upx
behavioral1/memory/1044-9-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x000b000000018617-13.dat	upx
behavioral1/memory/2220-16-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0007000000018636-17.dat	upx
behavioral1/memory/2776-22-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x000700000001907c-26.dat	upx
behavioral1/memory/2752-30-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0007000000019080-31.dat	upx
behavioral1/memory/2864-38-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x00090000000191ad-54.dat	upx
behavioral1/memory/2672-53-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x000600000001919c-50.dat	upx
behavioral1/memory/1044-46-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2596-45-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x000a000000017447-41.dat	upx
behavioral1/memory/2080-37-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2776-60-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2624-61-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0005000000019f57-100.dat	upx
behavioral1/files/0x000500000001a2b9-126.dat	upx
behavioral1/files/0x000500000001a3e4-136.dat	upx
behavioral1/files/0x000500000001a423-177.dat	upx
behavioral1/files/0x000500000001a447-166.dat	upx
behavioral1/files/0x000500000001a46d-193.dat	upx
behavioral1/files/0x000500000001a463-188.dat	upx
behavioral1/files/0x000500000001a454-184.dat	upx
behavioral1/files/0x000500000001a445-169.dat	upx
behavioral1/files/0x000500000001a3ea-153.dat	upx
behavioral1/files/0x000500000001a452-173.dat	upx
behavioral1/files/0x000500000001a3ed-159.dat	upx
behavioral1/files/0x000500000001a3e6-143.dat	upx
behavioral1/files/0x000500000001a3e8-148.dat	upx
behavioral1/files/0x000500000001a2fc-133.dat	upx
behavioral1/files/0x000500000001a05a-123.dat	upx
behavioral1/files/0x000500000001a033-118.dat	upx
behavioral1/files/0x000500000001a020-113.dat	upx
behavioral1/memory/1748-104-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2796-103-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0005000000019f71-107.dat	upx
behavioral1/files/0x0005000000019d5c-99.dat	upx
behavioral1/memory/1972-98-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2380-97-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1224-94-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0006000000019c0b-92.dat	upx
behavioral1/files/0x0005000000019d69-89.dat	upx
behavioral1/memory/2608-80-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0005000000019cfc-78.dat	upx
behavioral1/memory/2752-73-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x00080000000193a8-65.dat	upx
behavioral1/memory/2776-3680-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2672-3706-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2752-3720-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2596-3721-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2220-3719-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2380-3726-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1224-3730-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2608-3737-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2624-3749-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2796-3751-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1748-3750-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/1972-3748-0x000000013F810000-0x000000013FB64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vzZWiCf.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyYbjJt.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqxDJEK.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mruEXTA.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXOGUYz.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZnxbQS.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpddAdP.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnuWqmY.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txFLSkj.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBinArW.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgLgBQN.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXEKXlh.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCZBulc.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGbgzUb.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkMuZSe.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiphmmC.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCNYfEg.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGbtyfZ.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBizKON.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTAFXrP.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsoUnOg.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paZwKbh.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxKTZWn.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSvUpYI.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtrWGxX.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPxegYT.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSrDQAO.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTSMWad.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPrHAhH.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qctzKdE.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygFfOgv.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gekKQiY.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYnqmQs.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybsMQJh.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEJHtHX.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVtiWbF.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHHICwo.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJFsPga.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDnsqyj.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGpqCMN.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WICzQiU.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgFFEwJ.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stdTsoZ.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAuugbb.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQAhCUS.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zahnrAZ.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IaAmkEQ.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqBcEqo.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YCRQska.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvjqMgG.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJsZGCy.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvmJwTS.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBcrEkL.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbwRABh.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVziYFh.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFxgRNI.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XauCMdH.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KemhiyL.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfZvwkT.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXQqAzE.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfDIbTn.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jobBBnT.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzauitH.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuLbpsv.exe	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1044	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 1044	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 1044	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 2220	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2220	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2220	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2776	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2776	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2776	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2752	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2752	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2752	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2864	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 2864	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 2864	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 2596	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 2596	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 2596	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 2672	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2672	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2672	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2624	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2624	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2624	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2608	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2608	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2608	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 1972	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 1972	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 1972	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 1224	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 1224	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 1224	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 2796	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 2796	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 2796	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 2380	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 2380	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 2380	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 1748	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 1748	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 1748	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 2616	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 2616	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 2616	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 908	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 908	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 908	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 2940	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 2940	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 2940	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 2376	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 2376	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 2376	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 1264	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 1264	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 1264	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 1916	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 1916	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 1916	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 2160	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2160	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2160	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2780	2080	2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-28_9609720b93e93f78559a4d1b9bd35f60_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\System\azhgTNM.exe
  C:\Windows\System\azhgTNM.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\eBRPxqF.exe
  C:\Windows\System\eBRPxqF.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\eQDwmfJ.exe
  C:\Windows\System\eQDwmfJ.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\jzJJNgH.exe
  C:\Windows\System\jzJJNgH.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\pLNFdep.exe
  C:\Windows\System\pLNFdep.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\qfGXDie.exe
  C:\Windows\System\qfGXDie.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\bsExqfC.exe
  C:\Windows\System\bsExqfC.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\FfsiZAz.exe
  C:\Windows\System\FfsiZAz.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\njswfGf.exe
  C:\Windows\System\njswfGf.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\jIyPMxd.exe
  C:\Windows\System\jIyPMxd.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\jOZXCsf.exe
  C:\Windows\System\jOZXCsf.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\DuDcPev.exe
  C:\Windows\System\DuDcPev.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\lFHLUwc.exe
  C:\Windows\System\lFHLUwc.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\OHxsoGQ.exe
  C:\Windows\System\OHxsoGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\EMxNsYM.exe
  C:\Windows\System\EMxNsYM.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\wmhumaO.exe
  C:\Windows\System\wmhumaO.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\UYdwtjw.exe
  C:\Windows\System\UYdwtjw.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\vQErNJK.exe
  C:\Windows\System\vQErNJK.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\KyocBVI.exe
  C:\Windows\System\KyocBVI.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\ZeVZQMb.exe
  C:\Windows\System\ZeVZQMb.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\Nvnvssc.exe
  C:\Windows\System\Nvnvssc.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\MSPUVDs.exe
  C:\Windows\System\MSPUVDs.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\Jhwvkkx.exe
  C:\Windows\System\Jhwvkkx.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\vQmLlkN.exe
  C:\Windows\System\vQmLlkN.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\MWTuRyP.exe
  C:\Windows\System\MWTuRyP.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\QekNbsO.exe
  C:\Windows\System\QekNbsO.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\XkerhlR.exe
  C:\Windows\System\XkerhlR.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\NKRuuWP.exe
  C:\Windows\System\NKRuuWP.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\pTePgQm.exe
  C:\Windows\System\pTePgQm.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\CbzutMf.exe
  C:\Windows\System\CbzutMf.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\QsmmJun.exe
  C:\Windows\System\QsmmJun.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\XIrmOxj.exe
  C:\Windows\System\XIrmOxj.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\dHUAeki.exe
  C:\Windows\System\dHUAeki.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\zDJRHAc.exe
  C:\Windows\System\zDJRHAc.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\wjRqMeX.exe
  C:\Windows\System\wjRqMeX.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\QEjIZzQ.exe
  C:\Windows\System\QEjIZzQ.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\yZPBYKp.exe
  C:\Windows\System\yZPBYKp.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\XOHkkus.exe
  C:\Windows\System\XOHkkus.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\HrNyvqp.exe
  C:\Windows\System\HrNyvqp.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\WtkOAmG.exe
  C:\Windows\System\WtkOAmG.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\tkRRbab.exe
  C:\Windows\System\tkRRbab.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\aAwHRvX.exe
  C:\Windows\System\aAwHRvX.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\hDrMiru.exe
  C:\Windows\System\hDrMiru.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\dcQiMGP.exe
  C:\Windows\System\dcQiMGP.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\FOPbXVD.exe
  C:\Windows\System\FOPbXVD.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\RZAGTJH.exe
  C:\Windows\System\RZAGTJH.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\iPmlEmf.exe
  C:\Windows\System\iPmlEmf.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\gHxWHuj.exe
  C:\Windows\System\gHxWHuj.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\tJsZGCy.exe
  C:\Windows\System\tJsZGCy.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\OndDjxc.exe
  C:\Windows\System\OndDjxc.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\DnwWESb.exe
  C:\Windows\System\DnwWESb.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\QYMiYZi.exe
  C:\Windows\System\QYMiYZi.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\rPtXSXm.exe
  C:\Windows\System\rPtXSXm.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\VmxONkO.exe
  C:\Windows\System\VmxONkO.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\bUjgzGk.exe
  C:\Windows\System\bUjgzGk.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\vMLqrEc.exe
  C:\Windows\System\vMLqrEc.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\OtPwWIx.exe
  C:\Windows\System\OtPwWIx.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ULagCkf.exe
  C:\Windows\System\ULagCkf.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\KuKQjie.exe
  C:\Windows\System\KuKQjie.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\vmGpwwO.exe
  C:\Windows\System\vmGpwwO.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\wVWKiiI.exe
  C:\Windows\System\wVWKiiI.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\rtDAfTr.exe
  C:\Windows\System\rtDAfTr.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\DEBPgmJ.exe
  C:\Windows\System\DEBPgmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\oXrviLY.exe
  C:\Windows\System\oXrviLY.exe
  2⤵
  PID:1616
- C:\Windows\System\YVeuOFS.exe
  C:\Windows\System\YVeuOFS.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\VEXFBqz.exe
  C:\Windows\System\VEXFBqz.exe
  2⤵
  PID:2540
- C:\Windows\System\vZWaHEK.exe
  C:\Windows\System\vZWaHEK.exe
  2⤵
  PID:1608
- C:\Windows\System\QQUpbAr.exe
  C:\Windows\System\QQUpbAr.exe
  2⤵
  PID:3016
- C:\Windows\System\MtrWGxX.exe
  C:\Windows\System\MtrWGxX.exe
  2⤵
  PID:2204
- C:\Windows\System\qwvfINP.exe
  C:\Windows\System\qwvfINP.exe
  2⤵
  PID:2420
- C:\Windows\System\dzBVLXY.exe
  C:\Windows\System\dzBVLXY.exe
  2⤵
  PID:2000
- C:\Windows\System\fNUWBfA.exe
  C:\Windows\System\fNUWBfA.exe
  2⤵
  PID:2044
- C:\Windows\System\UVmtmjq.exe
  C:\Windows\System\UVmtmjq.exe
  2⤵
  PID:2428
- C:\Windows\System\wApynGL.exe
  C:\Windows\System\wApynGL.exe
  2⤵
  PID:2416
- C:\Windows\System\ANZvhAc.exe
  C:\Windows\System\ANZvhAc.exe
  2⤵
  PID:1304
- C:\Windows\System\awIFxBE.exe
  C:\Windows\System\awIFxBE.exe
  2⤵
  PID:568
- C:\Windows\System\zhVNqVF.exe
  C:\Windows\System\zhVNqVF.exe
  2⤵
  PID:1372
- C:\Windows\System\FTnMwRJ.exe
  C:\Windows\System\FTnMwRJ.exe
  2⤵
  PID:1780
- C:\Windows\System\waSxkmt.exe
  C:\Windows\System\waSxkmt.exe
  2⤵
  PID:236
- C:\Windows\System\pRYOtCO.exe
  C:\Windows\System\pRYOtCO.exe
  2⤵
  PID:1588
- C:\Windows\System\SedRCro.exe
  C:\Windows\System\SedRCro.exe
  2⤵
  PID:1960
- C:\Windows\System\FEtRWXp.exe
  C:\Windows\System\FEtRWXp.exe
  2⤵
  PID:2440
- C:\Windows\System\XRvYitA.exe
  C:\Windows\System\XRvYitA.exe
  2⤵
  PID:1952
- C:\Windows\System\zcebXrE.exe
  C:\Windows\System\zcebXrE.exe
  2⤵
  PID:1248
- C:\Windows\System\ZEqfFQG.exe
  C:\Windows\System\ZEqfFQG.exe
  2⤵
  PID:1632
- C:\Windows\System\AHkvgjQ.exe
  C:\Windows\System\AHkvgjQ.exe
  2⤵
  PID:888
- C:\Windows\System\UeCHFVK.exe
  C:\Windows\System\UeCHFVK.exe
  2⤵
  PID:1724
- C:\Windows\System\gXdHlUc.exe
  C:\Windows\System\gXdHlUc.exe
  2⤵
  PID:1740
- C:\Windows\System\ndOCrNJ.exe
  C:\Windows\System\ndOCrNJ.exe
  2⤵
  PID:2348
- C:\Windows\System\ErgdYAT.exe
  C:\Windows\System\ErgdYAT.exe
  2⤵
  PID:1076
- C:\Windows\System\HFpYPbM.exe
  C:\Windows\System\HFpYPbM.exe
  2⤵
  PID:1064
- C:\Windows\System\GtTDwWU.exe
  C:\Windows\System\GtTDwWU.exe
  2⤵
  PID:2524
- C:\Windows\System\WPyJfmI.exe
  C:\Windows\System\WPyJfmI.exe
  2⤵
  PID:2180
- C:\Windows\System\GVVTlZA.exe
  C:\Windows\System\GVVTlZA.exe
  2⤵
  PID:2700
- C:\Windows\System\AqPGEJy.exe
  C:\Windows\System\AqPGEJy.exe
  2⤵
  PID:2944
- C:\Windows\System\JSYJlhf.exe
  C:\Windows\System\JSYJlhf.exe
  2⤵
  PID:2800
- C:\Windows\System\ZyDCvCf.exe
  C:\Windows\System\ZyDCvCf.exe
  2⤵
  PID:2580
- C:\Windows\System\RFDUnET.exe
  C:\Windows\System\RFDUnET.exe
  2⤵
  PID:2936
- C:\Windows\System\jOQhWXB.exe
  C:\Windows\System\jOQhWXB.exe
  2⤵
  PID:2760
- C:\Windows\System\GCZBulc.exe
  C:\Windows\System\GCZBulc.exe
  2⤵
  PID:2508
- C:\Windows\System\aYDJDjZ.exe
  C:\Windows\System\aYDJDjZ.exe
  2⤵
  PID:744
- C:\Windows\System\pZucEwo.exe
  C:\Windows\System\pZucEwo.exe
  2⤵
  PID:2240
- C:\Windows\System\JCOQhqA.exe
  C:\Windows\System\JCOQhqA.exe
  2⤵
  PID:996
- C:\Windows\System\YmYPfJV.exe
  C:\Windows\System\YmYPfJV.exe
  2⤵
  PID:324
- C:\Windows\System\DGbgzUb.exe
  C:\Windows\System\DGbgzUb.exe
  2⤵
  PID:2564
- C:\Windows\System\wotlerB.exe
  C:\Windows\System\wotlerB.exe
  2⤵
  PID:2964
- C:\Windows\System\TKUYPxC.exe
  C:\Windows\System\TKUYPxC.exe
  2⤵
  PID:2224
- C:\Windows\System\djVlHdB.exe
  C:\Windows\System\djVlHdB.exe
  2⤵
  PID:2244
- C:\Windows\System\PsoGBif.exe
  C:\Windows\System\PsoGBif.exe
  2⤵
  PID:1160
- C:\Windows\System\QCGKEhy.exe
  C:\Windows\System\QCGKEhy.exe
  2⤵
  PID:2400
- C:\Windows\System\gbaxXIX.exe
  C:\Windows\System\gbaxXIX.exe
  2⤵
  PID:2768
- C:\Windows\System\KvmJwTS.exe
  C:\Windows\System\KvmJwTS.exe
  2⤵
  PID:3088
- C:\Windows\System\FoLKOdG.exe
  C:\Windows\System\FoLKOdG.exe
  2⤵
  PID:3104
- C:\Windows\System\XlxnkGE.exe
  C:\Windows\System\XlxnkGE.exe
  2⤵
  PID:3120
- C:\Windows\System\XBXLpSQ.exe
  C:\Windows\System\XBXLpSQ.exe
  2⤵
  PID:3136
- C:\Windows\System\cIwUVCa.exe
  C:\Windows\System\cIwUVCa.exe
  2⤵
  PID:3152
- C:\Windows\System\temqlZy.exe
  C:\Windows\System\temqlZy.exe
  2⤵
  PID:3168
- C:\Windows\System\UNwZTPW.exe
  C:\Windows\System\UNwZTPW.exe
  2⤵
  PID:3184
- C:\Windows\System\qsyaNAb.exe
  C:\Windows\System\qsyaNAb.exe
  2⤵
  PID:3200
- C:\Windows\System\HKqTsAA.exe
  C:\Windows\System\HKqTsAA.exe
  2⤵
  PID:3216
- C:\Windows\System\xEfyKDt.exe
  C:\Windows\System\xEfyKDt.exe
  2⤵
  PID:3236
- C:\Windows\System\pCCzRSW.exe
  C:\Windows\System\pCCzRSW.exe
  2⤵
  PID:3252
- C:\Windows\System\TIvUHqs.exe
  C:\Windows\System\TIvUHqs.exe
  2⤵
  PID:3268
- C:\Windows\System\oBkwvUs.exe
  C:\Windows\System\oBkwvUs.exe
  2⤵
  PID:3296
- C:\Windows\System\QkuhFgW.exe
  C:\Windows\System\QkuhFgW.exe
  2⤵
  PID:3312
- C:\Windows\System\DKWAMti.exe
  C:\Windows\System\DKWAMti.exe
  2⤵
  PID:3356
- C:\Windows\System\hIkDNYV.exe
  C:\Windows\System\hIkDNYV.exe
  2⤵
  PID:3396
- C:\Windows\System\rnqtTBy.exe
  C:\Windows\System\rnqtTBy.exe
  2⤵
  PID:3420
- C:\Windows\System\tOjRuTi.exe
  C:\Windows\System\tOjRuTi.exe
  2⤵
  PID:3440
- C:\Windows\System\TxNaKOq.exe
  C:\Windows\System\TxNaKOq.exe
  2⤵
  PID:3460
- C:\Windows\System\mnwrtJM.exe
  C:\Windows\System\mnwrtJM.exe
  2⤵
  PID:3496
- C:\Windows\System\oXYOrGi.exe
  C:\Windows\System\oXYOrGi.exe
  2⤵
  PID:3528
- C:\Windows\System\ohgeHoW.exe
  C:\Windows\System\ohgeHoW.exe
  2⤵
  PID:3580
- C:\Windows\System\jodnuOr.exe
  C:\Windows\System\jodnuOr.exe
  2⤵
  PID:3608
- C:\Windows\System\XfvZKgZ.exe
  C:\Windows\System\XfvZKgZ.exe
  2⤵
  PID:3644
- C:\Windows\System\whodMmA.exe
  C:\Windows\System\whodMmA.exe
  2⤵
  PID:3668
- C:\Windows\System\WvJyjFf.exe
  C:\Windows\System\WvJyjFf.exe
  2⤵
  PID:3684
- C:\Windows\System\qBYIuUP.exe
  C:\Windows\System\qBYIuUP.exe
  2⤵
  PID:3700
- C:\Windows\System\nefWBgC.exe
  C:\Windows\System\nefWBgC.exe
  2⤵
  PID:3716
- C:\Windows\System\uetiSMb.exe
  C:\Windows\System\uetiSMb.exe
  2⤵
  PID:3732
- C:\Windows\System\HuhKIyS.exe
  C:\Windows\System\HuhKIyS.exe
  2⤵
  PID:3748
- C:\Windows\System\UgVaHuu.exe
  C:\Windows\System\UgVaHuu.exe
  2⤵
  PID:3764
- C:\Windows\System\EhHGWCN.exe
  C:\Windows\System\EhHGWCN.exe
  2⤵
  PID:3780
- C:\Windows\System\UxCsgtf.exe
  C:\Windows\System\UxCsgtf.exe
  2⤵
  PID:3796
- C:\Windows\System\IvrHFZP.exe
  C:\Windows\System\IvrHFZP.exe
  2⤵
  PID:3812
- C:\Windows\System\ppNVIki.exe
  C:\Windows\System\ppNVIki.exe
  2⤵
  PID:3828
- C:\Windows\System\SyCDzFB.exe
  C:\Windows\System\SyCDzFB.exe
  2⤵
  PID:3844
- C:\Windows\System\yNkpzDg.exe
  C:\Windows\System\yNkpzDg.exe
  2⤵
  PID:3860
- C:\Windows\System\rLtJqXV.exe
  C:\Windows\System\rLtJqXV.exe
  2⤵
  PID:3880
- C:\Windows\System\wwaHVwT.exe
  C:\Windows\System\wwaHVwT.exe
  2⤵
  PID:3900
- C:\Windows\System\YWmYPDf.exe
  C:\Windows\System\YWmYPDf.exe
  2⤵
  PID:3916
- C:\Windows\System\XIoxGrl.exe
  C:\Windows\System\XIoxGrl.exe
  2⤵
  PID:3932
- C:\Windows\System\VAKkIUq.exe
  C:\Windows\System\VAKkIUq.exe
  2⤵
  PID:3948
- C:\Windows\System\fOOHFbR.exe
  C:\Windows\System\fOOHFbR.exe
  2⤵
  PID:3972
- C:\Windows\System\ybsMQJh.exe
  C:\Windows\System\ybsMQJh.exe
  2⤵
  PID:3988
- C:\Windows\System\XYBUkHf.exe
  C:\Windows\System\XYBUkHf.exe
  2⤵
  PID:4004
- C:\Windows\System\pdteaEP.exe
  C:\Windows\System\pdteaEP.exe
  2⤵
  PID:4028
- C:\Windows\System\iGlxIHw.exe
  C:\Windows\System\iGlxIHw.exe
  2⤵
  PID:4052
- C:\Windows\System\cEZCMqd.exe
  C:\Windows\System\cEZCMqd.exe
  2⤵
  PID:4068
- C:\Windows\System\yugzZkd.exe
  C:\Windows\System\yugzZkd.exe
  2⤵
  PID:4084
- C:\Windows\System\hdupOav.exe
  C:\Windows\System\hdupOav.exe
  2⤵
  PID:344
- C:\Windows\System\qkgjUwz.exe
  C:\Windows\System\qkgjUwz.exe
  2⤵
  PID:1360
- C:\Windows\System\RfZvwkT.exe
  C:\Windows\System\RfZvwkT.exe
  2⤵
  PID:2172
- C:\Windows\System\JEDCVCC.exe
  C:\Windows\System\JEDCVCC.exe
  2⤵
  PID:1624
- C:\Windows\System\Ipdoawm.exe
  C:\Windows\System\Ipdoawm.exe
  2⤵
  PID:2772
- C:\Windows\System\PHDQegU.exe
  C:\Windows\System\PHDQegU.exe
  2⤵
  PID:1092
- C:\Windows\System\wyJHBEe.exe
  C:\Windows\System\wyJHBEe.exe
  2⤵
  PID:3144
- C:\Windows\System\rRHnDEh.exe
  C:\Windows\System\rRHnDEh.exe
  2⤵
  PID:1716
- C:\Windows\System\MzbPaTO.exe
  C:\Windows\System\MzbPaTO.exe
  2⤵
  PID:3248
- C:\Windows\System\bvFiiCz.exe
  C:\Windows\System\bvFiiCz.exe
  2⤵
  PID:3288
- C:\Windows\System\QkMuZSe.exe
  C:\Windows\System\QkMuZSe.exe
  2⤵
  PID:3332
- C:\Windows\System\ZwXABiu.exe
  C:\Windows\System\ZwXABiu.exe
  2⤵
  PID:3348
- C:\Windows\System\OEgZGLi.exe
  C:\Windows\System\OEgZGLi.exe
  2⤵
  PID:3408
- C:\Windows\System\QKZeEvM.exe
  C:\Windows\System\QKZeEvM.exe
  2⤵
  PID:3456
- C:\Windows\System\yXCetDL.exe
  C:\Windows\System\yXCetDL.exe
  2⤵
  PID:944
- C:\Windows\System\agaTGoB.exe
  C:\Windows\System\agaTGoB.exe
  2⤵
  PID:2724
- C:\Windows\System\krnAsmN.exe
  C:\Windows\System\krnAsmN.exe
  2⤵
  PID:2176
- C:\Windows\System\uNJdqDp.exe
  C:\Windows\System\uNJdqDp.exe
  2⤵
  PID:2184
- C:\Windows\System\FYlXOqt.exe
  C:\Windows\System\FYlXOqt.exe
  2⤵
  PID:3504
- C:\Windows\System\JYNvZFt.exe
  C:\Windows\System\JYNvZFt.exe
  2⤵
  PID:3264
- C:\Windows\System\gmfAgKs.exe
  C:\Windows\System\gmfAgKs.exe
  2⤵
  PID:1836
- C:\Windows\System\SrhBvLQ.exe
  C:\Windows\System\SrhBvLQ.exe
  2⤵
  PID:3524
- C:\Windows\System\doCBsrN.exe
  C:\Windows\System\doCBsrN.exe
  2⤵
  PID:3596
- C:\Windows\System\VFMCkrh.exe
  C:\Windows\System\VFMCkrh.exe
  2⤵
  PID:3660
- C:\Windows\System\IaAmkEQ.exe
  C:\Windows\System\IaAmkEQ.exe
  2⤵
  PID:3692
- C:\Windows\System\pRycUDG.exe
  C:\Windows\System\pRycUDG.exe
  2⤵
  PID:3788
- C:\Windows\System\fWTjHFn.exe
  C:\Windows\System\fWTjHFn.exe
  2⤵
  PID:3824
- C:\Windows\System\JUTPcnJ.exe
  C:\Windows\System\JUTPcnJ.exe
  2⤵
  PID:3892
- C:\Windows\System\eogfMOS.exe
  C:\Windows\System\eogfMOS.exe
  2⤵
  PID:3928
- C:\Windows\System\vrDUIAX.exe
  C:\Windows\System\vrDUIAX.exe
  2⤵
  PID:3996
- C:\Windows\System\TEJHtHX.exe
  C:\Windows\System\TEJHtHX.exe
  2⤵
  PID:4048
- C:\Windows\System\dbImlKO.exe
  C:\Windows\System\dbImlKO.exe
  2⤵
  PID:692
- C:\Windows\System\ffpAsCJ.exe
  C:\Windows\System\ffpAsCJ.exe
  2⤵
  PID:1720
- C:\Windows\System\vzZWiCf.exe
  C:\Windows\System\vzZWiCf.exe
  2⤵
  PID:1736
- C:\Windows\System\qDhifaX.exe
  C:\Windows\System\qDhifaX.exe
  2⤵
  PID:3284
- C:\Windows\System\tPWwRNA.exe
  C:\Windows\System\tPWwRNA.exe
  2⤵
  PID:3416
- C:\Windows\System\TDQQAfh.exe
  C:\Windows\System\TDQQAfh.exe
  2⤵
  PID:4108
- C:\Windows\System\bRQgXVX.exe
  C:\Windows\System\bRQgXVX.exe
  2⤵
  PID:4124
- C:\Windows\System\qyOGUTt.exe
  C:\Windows\System\qyOGUTt.exe
  2⤵
  PID:4140
- C:\Windows\System\qGiaMQI.exe
  C:\Windows\System\qGiaMQI.exe
  2⤵
  PID:4156
- C:\Windows\System\XoJDPtE.exe
  C:\Windows\System\XoJDPtE.exe
  2⤵
  PID:4172
- C:\Windows\System\DByccVc.exe
  C:\Windows\System\DByccVc.exe
  2⤵
  PID:4188
- C:\Windows\System\ZgpMhzh.exe
  C:\Windows\System\ZgpMhzh.exe
  2⤵
  PID:4204
- C:\Windows\System\qooHNKy.exe
  C:\Windows\System\qooHNKy.exe
  2⤵
  PID:4220
- C:\Windows\System\CZxepjl.exe
  C:\Windows\System\CZxepjl.exe
  2⤵
  PID:4236
- C:\Windows\System\vcZcUBF.exe
  C:\Windows\System\vcZcUBF.exe
  2⤵
  PID:4252
- C:\Windows\System\JKKbagI.exe
  C:\Windows\System\JKKbagI.exe
  2⤵
  PID:4268
- C:\Windows\System\lHkSwxV.exe
  C:\Windows\System\lHkSwxV.exe
  2⤵
  PID:4284
- C:\Windows\System\iTNymwO.exe
  C:\Windows\System\iTNymwO.exe
  2⤵
  PID:4300
- C:\Windows\System\XHlRygr.exe
  C:\Windows\System\XHlRygr.exe
  2⤵
  PID:4316
- C:\Windows\System\MQUQoRU.exe
  C:\Windows\System\MQUQoRU.exe
  2⤵
  PID:4332
- C:\Windows\System\hvMgOQr.exe
  C:\Windows\System\hvMgOQr.exe
  2⤵
  PID:4348
- C:\Windows\System\cAvycyR.exe
  C:\Windows\System\cAvycyR.exe
  2⤵
  PID:4364
- C:\Windows\System\BgFnBLF.exe
  C:\Windows\System\BgFnBLF.exe
  2⤵
  PID:4380
- C:\Windows\System\Peulwzq.exe
  C:\Windows\System\Peulwzq.exe
  2⤵
  PID:4396
- C:\Windows\System\BitujbK.exe
  C:\Windows\System\BitujbK.exe
  2⤵
  PID:4412
- C:\Windows\System\oGwBfWn.exe
  C:\Windows\System\oGwBfWn.exe
  2⤵
  PID:4440
- C:\Windows\System\nfUQqeA.exe
  C:\Windows\System\nfUQqeA.exe
  2⤵
  PID:4456
- C:\Windows\System\THhOSqe.exe
  C:\Windows\System\THhOSqe.exe
  2⤵
  PID:4472
- C:\Windows\System\EvxCWKd.exe
  C:\Windows\System\EvxCWKd.exe
  2⤵
  PID:4488
- C:\Windows\System\OxUhxqv.exe
  C:\Windows\System\OxUhxqv.exe
  2⤵
  PID:4504
- C:\Windows\System\ePafALj.exe
  C:\Windows\System\ePafALj.exe
  2⤵
  PID:4520
- C:\Windows\System\FmgOjUf.exe
  C:\Windows\System\FmgOjUf.exe
  2⤵
  PID:4536
- C:\Windows\System\NHwTonj.exe
  C:\Windows\System\NHwTonj.exe
  2⤵
  PID:4552
- C:\Windows\System\ZbXhsgy.exe
  C:\Windows\System\ZbXhsgy.exe
  2⤵
  PID:4568
- C:\Windows\System\BFYARIz.exe
  C:\Windows\System\BFYARIz.exe
  2⤵
  PID:4584
- C:\Windows\System\FOiQiUX.exe
  C:\Windows\System\FOiQiUX.exe
  2⤵
  PID:4608
- C:\Windows\System\cxXEugA.exe
  C:\Windows\System\cxXEugA.exe
  2⤵
  PID:4640
- C:\Windows\System\kzvGVBM.exe
  C:\Windows\System\kzvGVBM.exe
  2⤵
  PID:4656
- C:\Windows\System\atspKWH.exe
  C:\Windows\System\atspKWH.exe
  2⤵
  PID:4672
- C:\Windows\System\axtyngw.exe
  C:\Windows\System\axtyngw.exe
  2⤵
  PID:4728
- C:\Windows\System\dxJmHat.exe
  C:\Windows\System\dxJmHat.exe
  2⤵
  PID:4744
- C:\Windows\System\OFUPaEl.exe
  C:\Windows\System\OFUPaEl.exe
  2⤵
  PID:4760
- C:\Windows\System\NfFirQy.exe
  C:\Windows\System\NfFirQy.exe
  2⤵
  PID:4776
- C:\Windows\System\SzDfDno.exe
  C:\Windows\System\SzDfDno.exe
  2⤵
  PID:4792
- C:\Windows\System\BqLsxgf.exe
  C:\Windows\System\BqLsxgf.exe
  2⤵
  PID:4808
- C:\Windows\System\MGrRAPN.exe
  C:\Windows\System\MGrRAPN.exe
  2⤵
  PID:4824
- C:\Windows\System\nVtiWbF.exe
  C:\Windows\System\nVtiWbF.exe
  2⤵
  PID:4840
- C:\Windows\System\ojUogPt.exe
  C:\Windows\System\ojUogPt.exe
  2⤵
  PID:4856
- C:\Windows\System\sTxkjpS.exe
  C:\Windows\System\sTxkjpS.exe
  2⤵
  PID:4872
- C:\Windows\System\dBcrEkL.exe
  C:\Windows\System\dBcrEkL.exe
  2⤵
  PID:4888
- C:\Windows\System\UXUBXDM.exe
  C:\Windows\System\UXUBXDM.exe
  2⤵
  PID:4904
- C:\Windows\System\qhqlbNd.exe
  C:\Windows\System\qhqlbNd.exe
  2⤵
  PID:4920
- C:\Windows\System\KzbGKlU.exe
  C:\Windows\System\KzbGKlU.exe
  2⤵
  PID:4948
- C:\Windows\System\anGcMiX.exe
  C:\Windows\System\anGcMiX.exe
  2⤵
  PID:4964
- C:\Windows\System\dFXZqZe.exe
  C:\Windows\System\dFXZqZe.exe
  2⤵
  PID:4984
- C:\Windows\System\NInpCEn.exe
  C:\Windows\System\NInpCEn.exe
  2⤵
  PID:5008
- C:\Windows\System\lWxNlKX.exe
  C:\Windows\System\lWxNlKX.exe
  2⤵
  PID:5028
- C:\Windows\System\GhiqQGq.exe
  C:\Windows\System\GhiqQGq.exe
  2⤵
  PID:5044
- C:\Windows\System\KzCJvLc.exe
  C:\Windows\System\KzCJvLc.exe
  2⤵
  PID:5064
- C:\Windows\System\lTisnEC.exe
  C:\Windows\System\lTisnEC.exe
  2⤵
  PID:5080
- C:\Windows\System\KWsfjKt.exe
  C:\Windows\System\KWsfjKt.exe
  2⤵
  PID:5096
- C:\Windows\System\CyaAjDS.exe
  C:\Windows\System\CyaAjDS.exe
  2⤵
  PID:5112
- C:\Windows\System\zIwgxFA.exe
  C:\Windows\System\zIwgxFA.exe
  2⤵
  PID:1764
- C:\Windows\System\RvDUjgw.exe
  C:\Windows\System\RvDUjgw.exe
  2⤵
  PID:3260
- C:\Windows\System\lpkVynz.exe
  C:\Windows\System\lpkVynz.exe
  2⤵
  PID:3604
- C:\Windows\System\lnZYlaw.exe
  C:\Windows\System\lnZYlaw.exe
  2⤵
  PID:3760
- C:\Windows\System\JzpQHBc.exe
  C:\Windows\System\JzpQHBc.exe
  2⤵
  PID:3968
- C:\Windows\System\tUBpZmT.exe
  C:\Windows\System\tUBpZmT.exe
  2⤵
  PID:3344
- C:\Windows\System\GaoupqW.exe
  C:\Windows\System\GaoupqW.exe
  2⤵
  PID:4180
- C:\Windows\System\pGbxGWG.exe
  C:\Windows\System\pGbxGWG.exe
  2⤵
  PID:4244
- C:\Windows\System\ssMBKSp.exe
  C:\Windows\System\ssMBKSp.exe
  2⤵
  PID:4280
- C:\Windows\System\YpOgDcI.exe
  C:\Windows\System\YpOgDcI.exe
  2⤵
  PID:4312
- C:\Windows\System\vmIqEmZ.exe
  C:\Windows\System\vmIqEmZ.exe
  2⤵
  PID:4376
- C:\Windows\System\lJvqQbg.exe
  C:\Windows\System\lJvqQbg.exe
  2⤵
  PID:4452
- C:\Windows\System\yJrrjpW.exe
  C:\Windows\System\yJrrjpW.exe
  2⤵
  PID:4516
- C:\Windows\System\sQScQCW.exe
  C:\Windows\System\sQScQCW.exe
  2⤵
  PID:4580
- C:\Windows\System\aZMGtlM.exe
  C:\Windows\System\aZMGtlM.exe
  2⤵
  PID:4628
- C:\Windows\System\LqwQUPp.exe
  C:\Windows\System\LqwQUPp.exe
  2⤵
  PID:4668
- C:\Windows\System\yLqjbFk.exe
  C:\Windows\System\yLqjbFk.exe
  2⤵
  PID:4772
- C:\Windows\System\tsjVZMG.exe
  C:\Windows\System\tsjVZMG.exe
  2⤵
  PID:4836
- C:\Windows\System\NXQqAzE.exe
  C:\Windows\System\NXQqAzE.exe
  2⤵
  PID:4932
- C:\Windows\System\QQxltBn.exe
  C:\Windows\System\QQxltBn.exe
  2⤵
  PID:4980
- C:\Windows\System\QwvjbAa.exe
  C:\Windows\System\QwvjbAa.exe
  2⤵
  PID:5052
- C:\Windows\System\PQBfdsP.exe
  C:\Windows\System\PQBfdsP.exe
  2⤵
  PID:3052
- C:\Windows\System\QcQMDrp.exe
  C:\Windows\System\QcQMDrp.exe
  2⤵
  PID:5144
- C:\Windows\System\GDkSRsW.exe
  C:\Windows\System\GDkSRsW.exe
  2⤵
  PID:5172
- C:\Windows\System\VzZvawT.exe
  C:\Windows\System\VzZvawT.exe
  2⤵
  PID:5192
- C:\Windows\System\LyYbjJt.exe
  C:\Windows\System\LyYbjJt.exe
  2⤵
  PID:5208
- C:\Windows\System\MxiekSN.exe
  C:\Windows\System\MxiekSN.exe
  2⤵
  PID:5224
- C:\Windows\System\XEbgtla.exe
  C:\Windows\System\XEbgtla.exe
  2⤵
  PID:5244
- C:\Windows\System\pxgDPoM.exe
  C:\Windows\System\pxgDPoM.exe
  2⤵
  PID:5264
- C:\Windows\System\WICzQiU.exe
  C:\Windows\System\WICzQiU.exe
  2⤵
  PID:5280
- C:\Windows\System\JxWoHPP.exe
  C:\Windows\System\JxWoHPP.exe
  2⤵
  PID:5296
- C:\Windows\System\dxRTMjs.exe
  C:\Windows\System\dxRTMjs.exe
  2⤵
  PID:5312
- C:\Windows\System\jvtyjVC.exe
  C:\Windows\System\jvtyjVC.exe
  2⤵
  PID:5388
- C:\Windows\System\RshkQsQ.exe
  C:\Windows\System\RshkQsQ.exe
  2⤵
  PID:5764
- C:\Windows\System\hmOZcCe.exe
  C:\Windows\System\hmOZcCe.exe
  2⤵
  PID:5780
- C:\Windows\System\NRNxkYM.exe
  C:\Windows\System\NRNxkYM.exe
  2⤵
  PID:5800
- C:\Windows\System\OQnDZjW.exe
  C:\Windows\System\OQnDZjW.exe
  2⤵
  PID:5816
- C:\Windows\System\bKxMBUc.exe
  C:\Windows\System\bKxMBUc.exe
  2⤵
  PID:5832
- C:\Windows\System\DqIvKjB.exe
  C:\Windows\System\DqIvKjB.exe
  2⤵
  PID:5848
- C:\Windows\System\mTEKhuI.exe
  C:\Windows\System\mTEKhuI.exe
  2⤵
  PID:5864
- C:\Windows\System\kbbjIxx.exe
  C:\Windows\System\kbbjIxx.exe
  2⤵
  PID:5892
- C:\Windows\System\xfeWfhV.exe
  C:\Windows\System\xfeWfhV.exe
  2⤵
  PID:5916
- C:\Windows\System\JzzbvAb.exe
  C:\Windows\System\JzzbvAb.exe
  2⤵
  PID:5948
- C:\Windows\System\oxuXNyC.exe
  C:\Windows\System\oxuXNyC.exe
  2⤵
  PID:5964
- C:\Windows\System\htHUIzr.exe
  C:\Windows\System\htHUIzr.exe
  2⤵
  PID:5988
- C:\Windows\System\XkxyxPT.exe
  C:\Windows\System\XkxyxPT.exe
  2⤵
  PID:6008
- C:\Windows\System\FHHsWUy.exe
  C:\Windows\System\FHHsWUy.exe
  2⤵
  PID:6028
- C:\Windows\System\DVCFPPN.exe
  C:\Windows\System\DVCFPPN.exe
  2⤵
  PID:6048
- C:\Windows\System\albTOkV.exe
  C:\Windows\System\albTOkV.exe
  2⤵
  PID:6068
- C:\Windows\System\rizOxlL.exe
  C:\Windows\System\rizOxlL.exe
  2⤵
  PID:6092
- C:\Windows\System\MPbXpmk.exe
  C:\Windows\System\MPbXpmk.exe
  2⤵
  PID:6108
- C:\Windows\System\lXjnOsr.exe
  C:\Windows\System\lXjnOsr.exe
  2⤵
  PID:6124
- C:\Windows\System\HWyAlvP.exe
  C:\Windows\System\HWyAlvP.exe
  2⤵
  PID:6140
- C:\Windows\System\oATiQYh.exe
  C:\Windows\System\oATiQYh.exe
  2⤵
  PID:3960
- C:\Windows\System\LeTGKjB.exe
  C:\Windows\System\LeTGKjB.exe
  2⤵
  PID:4152
- C:\Windows\System\ePQrrHC.exe
  C:\Windows\System\ePQrrHC.exe
  2⤵
  PID:4484
- C:\Windows\System\HzauitH.exe
  C:\Windows\System\HzauitH.exe
  2⤵
  PID:2784
- C:\Windows\System\AsVlePH.exe
  C:\Windows\System\AsVlePH.exe
  2⤵
  PID:2996
- C:\Windows\System\oUliSRK.exe
  C:\Windows\System\oUliSRK.exe
  2⤵
  PID:4928
- C:\Windows\System\leNjmKv.exe
  C:\Windows\System\leNjmKv.exe
  2⤵
  PID:5132
- C:\Windows\System\hWEzeQD.exe
  C:\Windows\System\hWEzeQD.exe
  2⤵
  PID:5216
- C:\Windows\System\lxspnig.exe
  C:\Windows\System\lxspnig.exe
  2⤵
  PID:3160
- C:\Windows\System\jYRchME.exe
  C:\Windows\System\jYRchME.exe
  2⤵
  PID:3192
- C:\Windows\System\Qmsnmwc.exe
  C:\Windows\System\Qmsnmwc.exe
  2⤵
  PID:5320
- C:\Windows\System\gcTyxjw.exe
  C:\Windows\System\gcTyxjw.exe
  2⤵
  PID:2584
- C:\Windows\System\svGBXnJ.exe
  C:\Windows\System\svGBXnJ.exe
  2⤵
  PID:3376
- C:\Windows\System\nBMnkjZ.exe
  C:\Windows\System\nBMnkjZ.exe
  2⤵
  PID:3392
- C:\Windows\System\gjxcocm.exe
  C:\Windows\System\gjxcocm.exe
  2⤵
  PID:3476
- C:\Windows\System\FQsFgwf.exe
  C:\Windows\System\FQsFgwf.exe
  2⤵
  PID:3548
- C:\Windows\System\XbwRABh.exe
  C:\Windows\System\XbwRABh.exe
  2⤵
  PID:3564
- C:\Windows\System\rdjFwsO.exe
  C:\Windows\System\rdjFwsO.exe
  2⤵
  PID:3624
- C:\Windows\System\gjhJbcg.exe
  C:\Windows\System\gjhJbcg.exe
  2⤵
  PID:3640
- C:\Windows\System\UcBDLIv.exe
  C:\Windows\System\UcBDLIv.exe
  2⤵
  PID:2208
- C:\Windows\System\zLTWoaK.exe
  C:\Windows\System\zLTWoaK.exe
  2⤵
  PID:3084
- C:\Windows\System\GHZlMcU.exe
  C:\Windows\System\GHZlMcU.exe
  2⤵
  PID:1244
- C:\Windows\System\balgYyr.exe
  C:\Windows\System\balgYyr.exe
  2⤵
  PID:4228
- C:\Windows\System\HIrkzFR.exe
  C:\Windows\System\HIrkzFR.exe
  2⤵
  PID:4292
- C:\Windows\System\KCqXIgj.exe
  C:\Windows\System\KCqXIgj.exe
  2⤵
  PID:4356
- C:\Windows\System\GWokMat.exe
  C:\Windows\System\GWokMat.exe
  2⤵
  PID:4428
- C:\Windows\System\BcaJqji.exe
  C:\Windows\System\BcaJqji.exe
  2⤵
  PID:4468
- C:\Windows\System\GCsyYTV.exe
  C:\Windows\System\GCsyYTV.exe
  2⤵
  PID:4596
- C:\Windows\System\OJIMVpk.exe
  C:\Windows\System\OJIMVpk.exe
  2⤵
  PID:4652
- C:\Windows\System\qsoUnOg.exe
  C:\Windows\System\qsoUnOg.exe
  2⤵
  PID:4692
- C:\Windows\System\ibiFKck.exe
  C:\Windows\System\ibiFKck.exe
  2⤵
  PID:4712
- C:\Windows\System\mqxDJEK.exe
  C:\Windows\System\mqxDJEK.exe
  2⤵
  PID:4752
- C:\Windows\System\ppFSmuc.exe
  C:\Windows\System\ppFSmuc.exe
  2⤵
  PID:4816
- C:\Windows\System\LoOsRgC.exe
  C:\Windows\System\LoOsRgC.exe
  2⤵
  PID:4880
- C:\Windows\System\LHoUeuQ.exe
  C:\Windows\System\LHoUeuQ.exe
  2⤵
  PID:4992
- C:\Windows\System\CjjtCeP.exe
  C:\Windows\System\CjjtCeP.exe
  2⤵
  PID:5036
- C:\Windows\System\mJGOURD.exe
  C:\Windows\System\mJGOURD.exe
  2⤵
  PID:5104
- C:\Windows\System\dCCARUQ.exe
  C:\Windows\System\dCCARUQ.exe
  2⤵
  PID:4216
- C:\Windows\System\yemXUJZ.exe
  C:\Windows\System\yemXUJZ.exe
  2⤵
  PID:4448
- C:\Windows\System\WVQdcGh.exe
  C:\Windows\System\WVQdcGh.exe
  2⤵
  PID:4664
- C:\Windows\System\LDlCevw.exe
  C:\Windows\System\LDlCevw.exe
  2⤵
  PID:4944
- C:\Windows\System\OHETtxE.exe
  C:\Windows\System\OHETtxE.exe
  2⤵
  PID:5092
- C:\Windows\System\CAGHjoO.exe
  C:\Windows\System\CAGHjoO.exe
  2⤵
  PID:5200
- C:\Windows\System\nXICvUf.exe
  C:\Windows\System\nXICvUf.exe
  2⤵
  PID:5240
- C:\Windows\System\KYWVfGk.exe
  C:\Windows\System\KYWVfGk.exe
  2⤵
  PID:5308
- C:\Windows\System\oHzCkoP.exe
  C:\Windows\System\oHzCkoP.exe
  2⤵
  PID:4196
- C:\Windows\System\NLdCiRp.exe
  C:\Windows\System\NLdCiRp.exe
  2⤵
  PID:4104
- C:\Windows\System\xwCVOyp.exe
  C:\Windows\System\xwCVOyp.exe
  2⤵
  PID:1336
- C:\Windows\System\fAwSrfC.exe
  C:\Windows\System\fAwSrfC.exe
  2⤵
  PID:3924
- C:\Windows\System\iCKWbAN.exe
  C:\Windows\System\iCKWbAN.exe
  2⤵
  PID:2512
- C:\Windows\System\CFHVoRs.exe
  C:\Windows\System\CFHVoRs.exe
  2⤵
  PID:1804
- C:\Windows\System\LUKOwKm.exe
  C:\Windows\System\LUKOwKm.exe
  2⤵
  PID:3404
- C:\Windows\System\AtzXeUQ.exe
  C:\Windows\System\AtzXeUQ.exe
  2⤵
  PID:3292
- C:\Windows\System\LTTrzOK.exe
  C:\Windows\System\LTTrzOK.exe
  2⤵
  PID:3112
- C:\Windows\System\OiphmmC.exe
  C:\Windows\System\OiphmmC.exe
  2⤵
  PID:4092
- C:\Windows\System\TIpVaxg.exe
  C:\Windows\System\TIpVaxg.exe
  2⤵
  PID:4012
- C:\Windows\System\xGDxnUa.exe
  C:\Windows\System\xGDxnUa.exe
  2⤵
  PID:3940
- C:\Windows\System\GIMOOGd.exe
  C:\Windows\System\GIMOOGd.exe
  2⤵
  PID:3868
- C:\Windows\System\FevztvP.exe
  C:\Windows\System\FevztvP.exe
  2⤵
  PID:3804
- C:\Windows\System\ycppRbM.exe
  C:\Windows\System\ycppRbM.exe
  2⤵
  PID:3708
- C:\Windows\System\pBOpZBs.exe
  C:\Windows\System\pBOpZBs.exe
  2⤵
  PID:3616
- C:\Windows\System\jlYFzCj.exe
  C:\Windows\System\jlYFzCj.exe
  2⤵
  PID:3484
- C:\Windows\System\tdenaps.exe
  C:\Windows\System\tdenaps.exe
  2⤵
  PID:5400
- C:\Windows\System\BfrCzfI.exe
  C:\Windows\System\BfrCzfI.exe
  2⤵
  PID:5424
- C:\Windows\System\VECWOyS.exe
  C:\Windows\System\VECWOyS.exe
  2⤵
  PID:5428
- C:\Windows\System\ggXesrW.exe
  C:\Windows\System\ggXesrW.exe
  2⤵
  PID:5444
- C:\Windows\System\vUOZfHP.exe
  C:\Windows\System\vUOZfHP.exe
  2⤵
  PID:5464
- C:\Windows\System\GwWrZST.exe
  C:\Windows\System\GwWrZST.exe
  2⤵
  PID:5496
- C:\Windows\System\EjgigfL.exe
  C:\Windows\System\EjgigfL.exe
  2⤵
  PID:5512
- C:\Windows\System\wMMdnff.exe
  C:\Windows\System\wMMdnff.exe
  2⤵
  PID:5524
- C:\Windows\System\swKcmrz.exe
  C:\Windows\System\swKcmrz.exe
  2⤵
  PID:5544
- C:\Windows\System\nbpttMr.exe
  C:\Windows\System\nbpttMr.exe
  2⤵
  PID:5564
- C:\Windows\System\EhpjrEG.exe
  C:\Windows\System\EhpjrEG.exe
  2⤵
  PID:5592
- C:\Windows\System\NuMVora.exe
  C:\Windows\System\NuMVora.exe
  2⤵
  PID:5604
- C:\Windows\System\kAAceVe.exe
  C:\Windows\System\kAAceVe.exe
  2⤵
  PID:5620
- C:\Windows\System\gErcTHX.exe
  C:\Windows\System\gErcTHX.exe
  2⤵
  PID:5652
- C:\Windows\System\ehuERvV.exe
  C:\Windows\System\ehuERvV.exe
  2⤵
  PID:5660
- C:\Windows\System\HHHICwo.exe
  C:\Windows\System\HHHICwo.exe
  2⤵
  PID:5676
- C:\Windows\System\CifedIX.exe
  C:\Windows\System\CifedIX.exe
  2⤵
  PID:5692
- C:\Windows\System\DAmMtbv.exe
  C:\Windows\System\DAmMtbv.exe
  2⤵
  PID:5716
- C:\Windows\System\isepSpr.exe
  C:\Windows\System\isepSpr.exe
  2⤵
  PID:5732
- C:\Windows\System\UncZYkZ.exe
  C:\Windows\System\UncZYkZ.exe
  2⤵
  PID:5748
- C:\Windows\System\JRPnZur.exe
  C:\Windows\System\JRPnZur.exe
  2⤵
  PID:5772
- C:\Windows\System\NTjmbDD.exe
  C:\Windows\System\NTjmbDD.exe
  2⤵
  PID:5756
- C:\Windows\System\yxSdQRH.exe
  C:\Windows\System\yxSdQRH.exe
  2⤵
  PID:5880
- C:\Windows\System\nFVagdT.exe
  C:\Windows\System\nFVagdT.exe
  2⤵
  PID:5788
- C:\Windows\System\paZwKbh.exe
  C:\Windows\System\paZwKbh.exe
  2⤵
  PID:5828
- C:\Windows\System\KIGMGpB.exe
  C:\Windows\System\KIGMGpB.exe
  2⤵
  PID:5984
- C:\Windows\System\yxNsxaN.exe
  C:\Windows\System\yxNsxaN.exe
  2⤵
  PID:5904
- C:\Windows\System\fbaEdJd.exe
  C:\Windows\System\fbaEdJd.exe
  2⤵
  PID:6016
- C:\Windows\System\CUzcsqg.exe
  C:\Windows\System\CUzcsqg.exe
  2⤵
  PID:6056
- C:\Windows\System\OFLHMvm.exe
  C:\Windows\System\OFLHMvm.exe
  2⤵
  PID:6104
- C:\Windows\System\OaWDwfA.exe
  C:\Windows\System\OaWDwfA.exe
  2⤵
  PID:4148
- C:\Windows\System\OrzxjYq.exe
  C:\Windows\System\OrzxjYq.exe
  2⤵
  PID:4624
- C:\Windows\System\tHQpKMb.exe
  C:\Windows\System\tHQpKMb.exe
  2⤵
  PID:5180
- C:\Windows\System\fNOqTYr.exe
  C:\Windows\System\fNOqTYr.exe
  2⤵
  PID:3164
- C:\Windows\System\VlIDXIG.exe
  C:\Windows\System\VlIDXIG.exe
  2⤵
  PID:2464
- C:\Windows\System\KhVRCLi.exe
  C:\Windows\System\KhVRCLi.exe
  2⤵
  PID:2460
- C:\Windows\System\KRvdMkM.exe
  C:\Windows\System\KRvdMkM.exe
  2⤵
  PID:3572
- C:\Windows\System\bGduQOS.exe
  C:\Windows\System\bGduQOS.exe
  2⤵
  PID:2536
- C:\Windows\System\OIedTOQ.exe
  C:\Windows\System\OIedTOQ.exe
  2⤵
  PID:4388
- C:\Windows\System\hlhNmaZ.exe
  C:\Windows\System\hlhNmaZ.exe
  2⤵
  PID:4496
- C:\Windows\System\RHnTNzD.exe
  C:\Windows\System\RHnTNzD.exe
  2⤵
  PID:4500
- C:\Windows\System\ZrfiRwk.exe
  C:\Windows\System\ZrfiRwk.exe
  2⤵
  PID:4684
- C:\Windows\System\fnQskXN.exe
  C:\Windows\System\fnQskXN.exe
  2⤵
  PID:4848
- C:\Windows\System\jAoTKpg.exe
  C:\Windows\System\jAoTKpg.exe
  2⤵
  PID:880
- C:\Windows\System\OMGeegt.exe
  C:\Windows\System\OMGeegt.exe
  2⤵
  PID:3308
- C:\Windows\System\EvMOClM.exe
  C:\Windows\System\EvMOClM.exe
  2⤵
  PID:4212
- C:\Windows\System\ONlIMZv.exe
  C:\Windows\System\ONlIMZv.exe
  2⤵
  PID:5088
- C:\Windows\System\pVAOzqN.exe
  C:\Windows\System\pVAOzqN.exe
  2⤵
  PID:5232
- C:\Windows\System\WVlLZLO.exe
  C:\Windows\System\WVlLZLO.exe
  2⤵
  PID:3276
- C:\Windows\System\WyDeLwt.exe
  C:\Windows\System\WyDeLwt.exe
  2⤵
  PID:5024
- C:\Windows\System\aQamNeB.exe
  C:\Windows\System\aQamNeB.exe
  2⤵
  PID:3176
- C:\Windows\System\BOxuDXc.exe
  C:\Windows\System\BOxuDXc.exe
  2⤵
  PID:2612
- C:\Windows\System\pwiLcFS.exe
  C:\Windows\System\pwiLcFS.exe
  2⤵
  PID:3116
- C:\Windows\System\OZnxbQS.exe
  C:\Windows\System\OZnxbQS.exe
  2⤵
  PID:3876
- C:\Windows\System\ObrQbVj.exe
  C:\Windows\System\ObrQbVj.exe
  2⤵
  PID:3712
- C:\Windows\System\LwXtHfH.exe
  C:\Windows\System\LwXtHfH.exe
  2⤵
  PID:3492
- C:\Windows\System\cqdPBYi.exe
  C:\Windows\System\cqdPBYi.exe
  2⤵
  PID:6044
- C:\Windows\System\fZxgruP.exe
  C:\Windows\System\fZxgruP.exe
  2⤵
  PID:5480
- C:\Windows\System\emDVlHf.exe
  C:\Windows\System\emDVlHf.exe
  2⤵
  PID:5492
- C:\Windows\System\qYHftJu.exe
  C:\Windows\System\qYHftJu.exe
  2⤵
  PID:5556
- C:\Windows\System\ZBwYTOJ.exe
  C:\Windows\System\ZBwYTOJ.exe
  2⤵
  PID:5612
- C:\Windows\System\luljhDL.exe
  C:\Windows\System\luljhDL.exe
  2⤵
  PID:5664
- C:\Windows\System\wDjNjvQ.exe
  C:\Windows\System\wDjNjvQ.exe
  2⤵
  PID:5744
- C:\Windows\System\rpwmNir.exe
  C:\Windows\System\rpwmNir.exe
  2⤵
  PID:5944
- C:\Windows\System\FuLbpsv.exe
  C:\Windows\System\FuLbpsv.exe
  2⤵
  PID:5936
- C:\Windows\System\tZIbFCZ.exe
  C:\Windows\System\tZIbFCZ.exe
  2⤵
  PID:5856
- C:\Windows\System\sCNYfEg.exe
  C:\Windows\System\sCNYfEg.exe
  2⤵
  PID:2684
- C:\Windows\System\JuELQcO.exe
  C:\Windows\System\JuELQcO.exe
  2⤵
  PID:3888
- C:\Windows\System\POHhaqR.exe
  C:\Windows\System\POHhaqR.exe
  2⤵
  PID:6100
- C:\Windows\System\lNruaFi.exe
  C:\Windows\System\lNruaFi.exe
  2⤵
  PID:4372
- C:\Windows\System\MRYrcVl.exe
  C:\Windows\System\MRYrcVl.exe
  2⤵
  PID:676
- C:\Windows\System\fiPHwtM.exe
  C:\Windows\System\fiPHwtM.exe
  2⤵
  PID:5260
- C:\Windows\System\MNXiRGH.exe
  C:\Windows\System\MNXiRGH.exe
  2⤵
  PID:4704
- C:\Windows\System\nVahUHQ.exe
  C:\Windows\System\nVahUHQ.exe
  2⤵
  PID:2432
- C:\Windows\System\kySFryJ.exe
  C:\Windows\System\kySFryJ.exe
  2⤵
  PID:1432
- C:\Windows\System\uvgrObY.exe
  C:\Windows\System\uvgrObY.exe
  2⤵
  PID:5396
- C:\Windows\System\brPhJBW.exe
  C:\Windows\System\brPhJBW.exe
  2⤵
  PID:5452
- C:\Windows\System\pkUWPRN.exe
  C:\Windows\System\pkUWPRN.exe
  2⤵
  PID:5508
- C:\Windows\System\hwvOlxA.exe
  C:\Windows\System\hwvOlxA.exe
  2⤵
  PID:5576
- C:\Windows\System\JKtTkDF.exe
  C:\Windows\System\JKtTkDF.exe
  2⤵
  PID:5628
- C:\Windows\System\cOizEuf.exe
  C:\Windows\System\cOizEuf.exe
  2⤵
  PID:5680
- C:\Windows\System\fcLDSJk.exe
  C:\Windows\System\fcLDSJk.exe
  2⤵
  PID:5724
- C:\Windows\System\HyYfZAT.exe
  C:\Windows\System\HyYfZAT.exe
  2⤵
  PID:5844
- C:\Windows\System\xhmlbuQ.exe
  C:\Windows\System\xhmlbuQ.exe
  2⤵
  PID:5912
- C:\Windows\System\xJLImjM.exe
  C:\Windows\System\xJLImjM.exe
  2⤵
  PID:2404
- C:\Windows\System\OKaiEQL.exe
  C:\Windows\System\OKaiEQL.exe
  2⤵
  PID:4900
- C:\Windows\System\lTFRGXY.exe
  C:\Windows\System\lTFRGXY.exe
  2⤵
  PID:3676
- C:\Windows\System\OdRCkec.exe
  C:\Windows\System\OdRCkec.exe
  2⤵
  PID:3980
- C:\Windows\System\jSeMKJq.exe
  C:\Windows\System\jSeMKJq.exe
  2⤵
  PID:3352
- C:\Windows\System\jKUrVwG.exe
  C:\Windows\System\jKUrVwG.exe
  2⤵
  PID:4132
- C:\Windows\System\LWzsZUV.exe
  C:\Windows\System\LWzsZUV.exe
  2⤵
  PID:5168
- C:\Windows\System\vviAkBU.exe
  C:\Windows\System\vviAkBU.exe
  2⤵
  PID:4940
- C:\Windows\System\JxPqzun.exe
  C:\Windows\System\JxPqzun.exe
  2⤵
  PID:5072
- C:\Windows\System\lXzDpgu.exe
  C:\Windows\System\lXzDpgu.exe
  2⤵
  PID:4784
- C:\Windows\System\XqCDtYk.exe
  C:\Windows\System\XqCDtYk.exe
  2⤵
  PID:3128
- C:\Windows\System\HPQljtZ.exe
  C:\Windows\System\HPQljtZ.exe
  2⤵
  PID:3560
- C:\Windows\System\HOLGDqC.exe
  C:\Windows\System\HOLGDqC.exe
  2⤵
  PID:1340
- C:\Windows\System\KiCcBDB.exe
  C:\Windows\System\KiCcBDB.exe
  2⤵
  PID:680
- C:\Windows\System\XlyjBml.exe
  C:\Windows\System\XlyjBml.exe
  2⤵
  PID:2848
- C:\Windows\System\RYVamrd.exe
  C:\Windows\System\RYVamrd.exe
  2⤵
  PID:4420
- C:\Windows\System\bIRNKho.exe
  C:\Windows\System\bIRNKho.exe
  2⤵
  PID:5000
- C:\Windows\System\cgFFEwJ.exe
  C:\Windows\System\cgFFEwJ.exe
  2⤵
  PID:5472
- C:\Windows\System\GbzhEdl.exe
  C:\Windows\System\GbzhEdl.exe
  2⤵
  PID:5336
- C:\Windows\System\euTEvcf.exe
  C:\Windows\System\euTEvcf.exe
  2⤵
  PID:2064
- C:\Windows\System\woZXpzY.exe
  C:\Windows\System\woZXpzY.exe
  2⤵
  PID:5888
- C:\Windows\System\dOBtGlD.exe
  C:\Windows\System\dOBtGlD.exe
  2⤵
  PID:6076
- C:\Windows\System\UGOxrGz.exe
  C:\Windows\System\UGOxrGz.exe
  2⤵
  PID:1476
- C:\Windows\System\ZBofAqD.exe
  C:\Windows\System\ZBofAqD.exe
  2⤵
  PID:3228
- C:\Windows\System\HOFUqUq.exe
  C:\Windows\System\HOFUqUq.exe
  2⤵
  PID:2356
- C:\Windows\System\UOOLfoQ.exe
  C:\Windows\System\UOOLfoQ.exe
  2⤵
  PID:3540
- C:\Windows\System\PFRDPle.exe
  C:\Windows\System\PFRDPle.exe
  2⤵
  PID:4724
- C:\Windows\System\txzZvPI.exe
  C:\Windows\System\txzZvPI.exe
  2⤵
  PID:6120
- C:\Windows\System\WCaOoMF.exe
  C:\Windows\System\WCaOoMF.exe
  2⤵
  PID:3372
- C:\Windows\System\NuIyYmz.exe
  C:\Windows\System\NuIyYmz.exe
  2⤵
  PID:5656
- C:\Windows\System\GVziYFh.exe
  C:\Windows\System\GVziYFh.exe
  2⤵
  PID:5412
- C:\Windows\System\oyyHcUK.exe
  C:\Windows\System\oyyHcUK.exe
  2⤵
  PID:6036
- C:\Windows\System\VpUnwot.exe
  C:\Windows\System\VpUnwot.exe
  2⤵
  PID:3212
- C:\Windows\System\ZJFsPga.exe
  C:\Windows\System\ZJFsPga.exe
  2⤵
  PID:4168
- C:\Windows\System\ZBjGRXV.exe
  C:\Windows\System\ZBjGRXV.exe
  2⤵
  PID:3320
- C:\Windows\System\djCGbfg.exe
  C:\Windows\System\djCGbfg.exe
  2⤵
  PID:1260
- C:\Windows\System\zGbtyfZ.exe
  C:\Windows\System\zGbtyfZ.exe
  2⤵
  PID:4036
- C:\Windows\System\iPxegYT.exe
  C:\Windows\System\iPxegYT.exe
  2⤵
  PID:4116
- C:\Windows\System\ZUDJkre.exe
  C:\Windows\System\ZUDJkre.exe
  2⤵
  PID:4832
- C:\Windows\System\OEbmhaD.exe
  C:\Windows\System\OEbmhaD.exe
  2⤵
  PID:3632
- C:\Windows\System\bFfTGtN.exe
  C:\Windows\System\bFfTGtN.exe
  2⤵
  PID:4200
- C:\Windows\System\hZeyUNk.exe
  C:\Windows\System\hZeyUNk.exe
  2⤵
  PID:5996
- C:\Windows\System\rhdtueH.exe
  C:\Windows\System\rhdtueH.exe
  2⤵
  PID:6088
- C:\Windows\System\OuIVzpA.exe
  C:\Windows\System\OuIVzpA.exe
  2⤵
  PID:5440
- C:\Windows\System\qrBdlNl.exe
  C:\Windows\System\qrBdlNl.exe
  2⤵
  PID:5672
- C:\Windows\System\GJPivpc.exe
  C:\Windows\System\GJPivpc.exe
  2⤵
  PID:5184
- C:\Windows\System\NyXptKY.exe
  C:\Windows\System\NyXptKY.exe
  2⤵
  PID:604
- C:\Windows\System\yEHZiXd.exe
  C:\Windows\System\yEHZiXd.exe
  2⤵
  PID:3468
- C:\Windows\System\hjjUWho.exe
  C:\Windows\System\hjjUWho.exe
  2⤵
  PID:3488
- C:\Windows\System\UFxgRNI.exe
  C:\Windows\System\UFxgRNI.exe
  2⤵
  PID:4464
- C:\Windows\System\wMahHVD.exe
  C:\Windows\System\wMahHVD.exe
  2⤵
  PID:4044
- C:\Windows\System\IFUguHb.exe
  C:\Windows\System\IFUguHb.exe
  2⤵
  PID:4592
- C:\Windows\System\PByBhLl.exe
  C:\Windows\System\PByBhLl.exe
  2⤵
  PID:5808
- C:\Windows\System\QZZrEiW.exe
  C:\Windows\System\QZZrEiW.exe
  2⤵
  PID:3652
- C:\Windows\System\jNNNvTN.exe
  C:\Windows\System\jNNNvTN.exe
  2⤵
  PID:2628
- C:\Windows\System\EsdmRyg.exe
  C:\Windows\System\EsdmRyg.exe
  2⤵
  PID:4264
- C:\Windows\System\Dviwlxv.exe
  C:\Windows\System\Dviwlxv.exe
  2⤵
  PID:1768
- C:\Windows\System\ePOplZD.exe
  C:\Windows\System\ePOplZD.exe
  2⤵
  PID:4700
- C:\Windows\System\YiaabNh.exe
  C:\Windows\System\YiaabNh.exe
  2⤵
  PID:1488
- C:\Windows\System\lvilurO.exe
  C:\Windows\System\lvilurO.exe
  2⤵
  PID:6060
- C:\Windows\System\PdumdZW.exe
  C:\Windows\System\PdumdZW.exe
  2⤵
  PID:1644
- C:\Windows\System\lrHzXTK.exe
  C:\Windows\System\lrHzXTK.exe
  2⤵
  PID:2788
- C:\Windows\System\rOknTmQ.exe
  C:\Windows\System\rOknTmQ.exe
  2⤵
  PID:3836
- C:\Windows\System\eqxqjZa.exe
  C:\Windows\System\eqxqjZa.exe
  2⤵
  PID:2520
- C:\Windows\System\CXvwUIZ.exe
  C:\Windows\System\CXvwUIZ.exe
  2⤵
  PID:3536
- C:\Windows\System\zkfqcjO.exe
  C:\Windows\System\zkfqcjO.exe
  2⤵
  PID:2148
- C:\Windows\System\gQSNmeD.exe
  C:\Windows\System\gQSNmeD.exe
  2⤵
  PID:5572
- C:\Windows\System\sfbkoDO.exe
  C:\Windows\System\sfbkoDO.exe
  2⤵
  PID:3740
- C:\Windows\System\qdUVYBy.exe
  C:\Windows\System\qdUVYBy.exe
  2⤵
  PID:3520
- C:\Windows\System\PZlchjB.exe
  C:\Windows\System\PZlchjB.exe
  2⤵
  PID:5568
- C:\Windows\System\DgknJde.exe
  C:\Windows\System\DgknJde.exe
  2⤵
  PID:5740
- C:\Windows\System\kXydemD.exe
  C:\Windows\System\kXydemD.exe
  2⤵
  PID:5908
- C:\Windows\System\qlGPpYn.exe
  C:\Windows\System\qlGPpYn.exe
  2⤵
  PID:5640
- C:\Windows\System\RmlRxHd.exe
  C:\Windows\System\RmlRxHd.exe
  2⤵
  PID:4956
- C:\Windows\System\QeaAQia.exe
  C:\Windows\System\QeaAQia.exe
  2⤵
  PID:5488
- C:\Windows\System\XKdATrM.exe
  C:\Windows\System\XKdATrM.exe
  2⤵
  PID:2544
- C:\Windows\System\iNHcXKc.exe
  C:\Windows\System\iNHcXKc.exe
  2⤵
  PID:4016
- C:\Windows\System\HJJMUKJ.exe
  C:\Windows\System\HJJMUKJ.exe
  2⤵
  PID:6156
- C:\Windows\System\DQsdLIx.exe
  C:\Windows\System\DQsdLIx.exe
  2⤵
  PID:6176
- C:\Windows\System\IoOQzoc.exe
  C:\Windows\System\IoOQzoc.exe
  2⤵
  PID:6196
- C:\Windows\System\GZjjMOm.exe
  C:\Windows\System\GZjjMOm.exe
  2⤵
  PID:6212
- C:\Windows\System\hTaAqnP.exe
  C:\Windows\System\hTaAqnP.exe
  2⤵
  PID:6228
- C:\Windows\System\GdNhotg.exe
  C:\Windows\System\GdNhotg.exe
  2⤵
  PID:6244
- C:\Windows\System\uoMakyv.exe
  C:\Windows\System\uoMakyv.exe
  2⤵
  PID:6260
- C:\Windows\System\ooFQnxg.exe
  C:\Windows\System\ooFQnxg.exe
  2⤵
  PID:6276
- C:\Windows\System\QPSnYyc.exe
  C:\Windows\System\QPSnYyc.exe
  2⤵
  PID:6292
- C:\Windows\System\EtzMVdq.exe
  C:\Windows\System\EtzMVdq.exe
  2⤵
  PID:6308
- C:\Windows\System\aSGMdWF.exe
  C:\Windows\System\aSGMdWF.exe
  2⤵
  PID:6324
- C:\Windows\System\nunMSwH.exe
  C:\Windows\System\nunMSwH.exe
  2⤵
  PID:6340
- C:\Windows\System\tNlJKwO.exe
  C:\Windows\System\tNlJKwO.exe
  2⤵
  PID:6356
- C:\Windows\System\IZmblIX.exe
  C:\Windows\System\IZmblIX.exe
  2⤵
  PID:6372
- C:\Windows\System\OfCawtI.exe
  C:\Windows\System\OfCawtI.exe
  2⤵
  PID:6388
- C:\Windows\System\TqBcEqo.exe
  C:\Windows\System\TqBcEqo.exe
  2⤵
  PID:6404
- C:\Windows\System\vDsgSsZ.exe
  C:\Windows\System\vDsgSsZ.exe
  2⤵
  PID:6420
- C:\Windows\System\VfDIbTn.exe
  C:\Windows\System\VfDIbTn.exe
  2⤵
  PID:6436
- C:\Windows\System\XhPQsWv.exe
  C:\Windows\System\XhPQsWv.exe
  2⤵
  PID:6452
- C:\Windows\System\wbCWgzF.exe
  C:\Windows\System\wbCWgzF.exe
  2⤵
  PID:6468
- C:\Windows\System\AisVCig.exe
  C:\Windows\System\AisVCig.exe
  2⤵
  PID:6484
- C:\Windows\System\tqIlSne.exe
  C:\Windows\System\tqIlSne.exe
  2⤵
  PID:6500
- C:\Windows\System\JEoefMm.exe
  C:\Windows\System\JEoefMm.exe
  2⤵
  PID:6516
- C:\Windows\System\dpNoBAr.exe
  C:\Windows\System\dpNoBAr.exe
  2⤵
  PID:6532
- C:\Windows\System\WQQLiQk.exe
  C:\Windows\System\WQQLiQk.exe
  2⤵
  PID:6548
- C:\Windows\System\GTiriOl.exe
  C:\Windows\System\GTiriOl.exe
  2⤵
  PID:6564
- C:\Windows\System\jbTpjVX.exe
  C:\Windows\System\jbTpjVX.exe
  2⤵
  PID:6580
- C:\Windows\System\LjGpkfu.exe
  C:\Windows\System\LjGpkfu.exe
  2⤵
  PID:6596
- C:\Windows\System\VOsicll.exe
  C:\Windows\System\VOsicll.exe
  2⤵
  PID:6616
- C:\Windows\System\aLxywfR.exe
  C:\Windows\System\aLxywfR.exe
  2⤵
  PID:6632
- C:\Windows\System\rNqHlAe.exe
  C:\Windows\System\rNqHlAe.exe
  2⤵
  PID:6648
- C:\Windows\System\fsPnQLT.exe
  C:\Windows\System\fsPnQLT.exe
  2⤵
  PID:6664
- C:\Windows\System\WLSsCQY.exe
  C:\Windows\System\WLSsCQY.exe
  2⤵
  PID:6680
- C:\Windows\System\MrwdDXV.exe
  C:\Windows\System\MrwdDXV.exe
  2⤵
  PID:6696
- C:\Windows\System\PtXHvjH.exe
  C:\Windows\System\PtXHvjH.exe
  2⤵
  PID:6712
- C:\Windows\System\WsmqCUJ.exe
  C:\Windows\System\WsmqCUJ.exe
  2⤵
  PID:6728
- C:\Windows\System\HxQQObR.exe
  C:\Windows\System\HxQQObR.exe
  2⤵
  PID:6744
- C:\Windows\System\UmVsbGw.exe
  C:\Windows\System\UmVsbGw.exe
  2⤵
  PID:6760
- C:\Windows\System\qmJfPAn.exe
  C:\Windows\System\qmJfPAn.exe
  2⤵
  PID:6776
- C:\Windows\System\mqOgcxb.exe
  C:\Windows\System\mqOgcxb.exe
  2⤵
  PID:6792
- C:\Windows\System\QvQJfxN.exe
  C:\Windows\System\QvQJfxN.exe
  2⤵
  PID:6808
- C:\Windows\System\buAMsgf.exe
  C:\Windows\System\buAMsgf.exe
  2⤵
  PID:6824
- C:\Windows\System\JMrZrGc.exe
  C:\Windows\System\JMrZrGc.exe
  2⤵
  PID:6840
- C:\Windows\System\CWTNsoS.exe
  C:\Windows\System\CWTNsoS.exe
  2⤵
  PID:6856
- C:\Windows\System\jqRFRiX.exe
  C:\Windows\System\jqRFRiX.exe
  2⤵
  PID:6872
- C:\Windows\System\vzxKEuT.exe
  C:\Windows\System\vzxKEuT.exe
  2⤵
  PID:6888
- C:\Windows\System\LFrdImF.exe
  C:\Windows\System\LFrdImF.exe
  2⤵
  PID:6904
- C:\Windows\System\arLRkGg.exe
  C:\Windows\System\arLRkGg.exe
  2⤵
  PID:6920
- C:\Windows\System\mnfvsQV.exe
  C:\Windows\System\mnfvsQV.exe
  2⤵
  PID:6936
- C:\Windows\System\oocGmAy.exe
  C:\Windows\System\oocGmAy.exe
  2⤵
  PID:6952
- C:\Windows\System\IoFoCqr.exe
  C:\Windows\System\IoFoCqr.exe
  2⤵
  PID:6968
- C:\Windows\System\qqNWuZg.exe
  C:\Windows\System\qqNWuZg.exe
  2⤵
  PID:6984
- C:\Windows\System\AetShMo.exe
  C:\Windows\System\AetShMo.exe
  2⤵
  PID:7000
- C:\Windows\System\XtwqMqa.exe
  C:\Windows\System\XtwqMqa.exe
  2⤵
  PID:7016
- C:\Windows\System\nuxxRTZ.exe
  C:\Windows\System\nuxxRTZ.exe
  2⤵
  PID:7032
- C:\Windows\System\sNHmMbe.exe
  C:\Windows\System\sNHmMbe.exe
  2⤵
  PID:7048
- C:\Windows\System\smGYkyE.exe
  C:\Windows\System\smGYkyE.exe
  2⤵
  PID:7064
- C:\Windows\System\SIogief.exe
  C:\Windows\System\SIogief.exe
  2⤵
  PID:7080
- C:\Windows\System\wCbGlGQ.exe
  C:\Windows\System\wCbGlGQ.exe
  2⤵
  PID:7096
- C:\Windows\System\mBUGQrl.exe
  C:\Windows\System\mBUGQrl.exe
  2⤵
  PID:7112
- C:\Windows\System\JjDiWTX.exe
  C:\Windows\System\JjDiWTX.exe
  2⤵
  PID:7128
- C:\Windows\System\RZAttRc.exe
  C:\Windows\System\RZAttRc.exe
  2⤵
  PID:7144
- C:\Windows\System\VJqpnDp.exe
  C:\Windows\System\VJqpnDp.exe
  2⤵
  PID:7160
- C:\Windows\System\QzNyFPZ.exe
  C:\Windows\System\QzNyFPZ.exe
  2⤵
  PID:2604
- C:\Windows\System\KKfLOoh.exe
  C:\Windows\System\KKfLOoh.exe
  2⤵
  PID:5504
- C:\Windows\System\ZAoaNJG.exe
  C:\Windows\System\ZAoaNJG.exe
  2⤵
  PID:3384
- C:\Windows\System\YzcLKna.exe
  C:\Windows\System\YzcLKna.exe
  2⤵
  PID:5164
- C:\Windows\System\gorQGnV.exe
  C:\Windows\System\gorQGnV.exe
  2⤵
  PID:5932
- C:\Windows\System\ORgcSME.exe
  C:\Windows\System\ORgcSME.exe
  2⤵
  PID:900
- C:\Windows\System\bnIiZXL.exe
  C:\Windows\System\bnIiZXL.exe
  2⤵
  PID:4324
- C:\Windows\System\UUIDybn.exe
  C:\Windows\System\UUIDybn.exe
  2⤵
  PID:1824
- C:\Windows\System\nMdhOQf.exe
  C:\Windows\System\nMdhOQf.exe
  2⤵
  PID:5824
- C:\Windows\System\xhmAmfm.exe
  C:\Windows\System\xhmAmfm.exe
  2⤵
  PID:6168
- C:\Windows\System\dvjqMgG.exe
  C:\Windows\System\dvjqMgG.exe
  2⤵
  PID:492
- C:\Windows\System\sSYlYSG.exe
  C:\Windows\System\sSYlYSG.exe
  2⤵
  PID:3008
- C:\Windows\System\RHUntPC.exe
  C:\Windows\System\RHUntPC.exe
  2⤵
  PID:5540
- C:\Windows\System\mkgbQOY.exe
  C:\Windows\System\mkgbQOY.exe
  2⤵
  PID:2808
- C:\Windows\System\plMDAow.exe
  C:\Windows\System\plMDAow.exe
  2⤵
  PID:6192
- C:\Windows\System\tKUmgNh.exe
  C:\Windows\System\tKUmgNh.exe
  2⤵
  PID:6256
- C:\Windows\System\nzJQipe.exe
  C:\Windows\System\nzJQipe.exe
  2⤵
  PID:1556
- C:\Windows\System\qqLgXNh.exe
  C:\Windows\System\qqLgXNh.exe
  2⤵
  PID:6348
- C:\Windows\System\mEjIhtF.exe
  C:\Windows\System\mEjIhtF.exe
  2⤵
  PID:6240
- C:\Windows\System\TEaeetM.exe
  C:\Windows\System\TEaeetM.exe
  2⤵
  PID:6304
- C:\Windows\System\hrmIYiq.exe
  C:\Windows\System\hrmIYiq.exe
  2⤵
  PID:6380
- C:\Windows\System\TFkOfVS.exe
  C:\Windows\System\TFkOfVS.exe
  2⤵
  PID:6332
- C:\Windows\System\AKKkFEn.exe
  C:\Windows\System\AKKkFEn.exe
  2⤵
  PID:6396
- C:\Windows\System\YCRQska.exe
  C:\Windows\System\YCRQska.exe
  2⤵
  PID:6432
- C:\Windows\System\bohUKmQ.exe
  C:\Windows\System\bohUKmQ.exe
  2⤵
  PID:6444
- C:\Windows\System\JRGWIpm.exe
  C:\Windows\System\JRGWIpm.exe
  2⤵
  PID:6508
- C:\Windows\System\NMczFFV.exe
  C:\Windows\System\NMczFFV.exe
  2⤵
  PID:6464
- C:\Windows\System\UHddPdO.exe
  C:\Windows\System\UHddPdO.exe
  2⤵
  PID:6528
- C:\Windows\System\WLkaHmM.exe
  C:\Windows\System\WLkaHmM.exe
  2⤵
  PID:6540
- C:\Windows\System\hAfyvKF.exe
  C:\Windows\System\hAfyvKF.exe
  2⤵
  PID:6576
- C:\Windows\System\JRpwEtb.exe
  C:\Windows\System\JRpwEtb.exe
  2⤵
  PID:6640
- C:\Windows\System\mmIXjPO.exe
  C:\Windows\System\mmIXjPO.exe
  2⤵
  PID:6672
- C:\Windows\System\jobBBnT.exe
  C:\Windows\System\jobBBnT.exe
  2⤵
  PID:6656
- C:\Windows\System\QKnscGN.exe
  C:\Windows\System\QKnscGN.exe
  2⤵
  PID:2792
- C:\Windows\System\BmofYoa.exe
  C:\Windows\System\BmofYoa.exe
  2⤵
  PID:6752
- C:\Windows\System\NCbypZs.exe
  C:\Windows\System\NCbypZs.exe
  2⤵
  PID:6736
- C:\Windows\System\UAouCOy.exe
  C:\Windows\System\UAouCOy.exe
  2⤵
  PID:1084
- C:\Windows\System\SZxEVny.exe
  C:\Windows\System\SZxEVny.exe
  2⤵
  PID:6848
- C:\Windows\System\lTYrWhY.exe
  C:\Windows\System\lTYrWhY.exe
  2⤵
  PID:6912
- C:\Windows\System\bpddAdP.exe
  C:\Windows\System\bpddAdP.exe
  2⤵
  PID:6948
- C:\Windows\System\uRWMBFY.exe
  C:\Windows\System\uRWMBFY.exe
  2⤵
  PID:6900
- C:\Windows\System\DuuBbXi.exe
  C:\Windows\System\DuuBbXi.exe
  2⤵
  PID:6836
- C:\Windows\System\WkyxchW.exe
  C:\Windows\System\WkyxchW.exe
  2⤵
  PID:6864
- C:\Windows\System\TIShbjv.exe
  C:\Windows\System\TIShbjv.exe
  2⤵
  PID:7012
- C:\Windows\System\XhEKYHd.exe
  C:\Windows\System\XhEKYHd.exe
  2⤵
  PID:7076
- C:\Windows\System\QkeJLEv.exe
  C:\Windows\System\QkeJLEv.exe
  2⤵
  PID:6996
- C:\Windows\System\KdKumNn.exe
  C:\Windows\System\KdKumNn.exe
  2⤵
  PID:7060
- C:\Windows\System\EFWsCoV.exe
  C:\Windows\System\EFWsCoV.exe
  2⤵
  PID:7124
- C:\Windows\System\QxehdgW.exe
  C:\Windows\System\QxehdgW.exe
  2⤵
  PID:7140
- C:\Windows\System\cJZxWBB.exe
  C:\Windows\System\cJZxWBB.exe
  2⤵
  PID:5696
- C:\Windows\System\srnkRWB.exe
  C:\Windows\System\srnkRWB.exe
  2⤵
  PID:4636
- C:\Windows\System\dIeSfsD.exe
  C:\Windows\System\dIeSfsD.exe
  2⤵
  PID:2696
- C:\Windows\System\EPrHAhH.exe
  C:\Windows\System\EPrHAhH.exe
  2⤵
  PID:4604
- C:\Windows\System\qMzzpWl.exe
  C:\Windows\System\qMzzpWl.exe
  2⤵
  PID:3196
- C:\Windows\System\jVHDEEI.exe
  C:\Windows\System\jVHDEEI.exe
  2⤵
  PID:868
- C:\Windows\System\kXthRvV.exe
  C:\Windows\System\kXthRvV.exe
  2⤵
  PID:6316
- C:\Windows\System\fbDsbao.exe
  C:\Windows\System\fbDsbao.exe
  2⤵
  PID:6224
- C:\Windows\System\stdTsoZ.exe
  C:\Windows\System\stdTsoZ.exe
  2⤵
  PID:6272
- C:\Windows\System\KKcYTeC.exe
  C:\Windows\System\KKcYTeC.exe
  2⤵
  PID:2032
- C:\Windows\System\pJycnXV.exe
  C:\Windows\System\pJycnXV.exe
  2⤵
  PID:6412
- C:\Windows\System\rISUzZH.exe
  C:\Windows\System\rISUzZH.exe
  2⤵
  PID:6560
- C:\Windows\System\lETJqxJ.exe
  C:\Windows\System\lETJqxJ.exe
  2⤵
  PID:6704
- C:\Windows\System\qdrPUqZ.exe
  C:\Windows\System\qdrPUqZ.exe
  2⤵
  PID:6768
- C:\Windows\System\VHhJQAP.exe
  C:\Windows\System\VHhJQAP.exe
  2⤵
  PID:6804
- C:\Windows\System\jFrpRyB.exe
  C:\Windows\System\jFrpRyB.exe
  2⤵
  PID:7044
- C:\Windows\System\nUARlin.exe
  C:\Windows\System\nUARlin.exe
  2⤵
  PID:5708
- C:\Windows\System\hFcVaJx.exe
  C:\Windows\System\hFcVaJx.exe
  2⤵
  PID:6384
- C:\Windows\System\nSwecAu.exe
  C:\Windows\System\nSwecAu.exe
  2⤵
  PID:5288
- C:\Windows\System\PYzrQLd.exe
  C:\Windows\System\PYzrQLd.exe
  2⤵
  PID:6692
- C:\Windows\System\YqfcoHb.exe
  C:\Windows\System\YqfcoHb.exe
  2⤵
  PID:6820
- C:\Windows\System\DUFcVbg.exe
  C:\Windows\System\DUFcVbg.exe
  2⤵
  PID:6980
- C:\Windows\System\MVzaLIM.exe
  C:\Windows\System\MVzaLIM.exe
  2⤵
  PID:7120
- C:\Windows\System\foSAspB.exe
  C:\Windows\System\foSAspB.exe
  2⤵
  PID:6544
- C:\Windows\System\slervvZ.exe
  C:\Windows\System\slervvZ.exe
  2⤵
  PID:6476
- C:\Windows\System\pibnSXj.exe
  C:\Windows\System\pibnSXj.exe
  2⤵
  PID:4976
- C:\Windows\System\KicApxr.exe
  C:\Windows\System\KicApxr.exe
  2⤵
  PID:3636
- C:\Windows\System\RdMFFOG.exe
  C:\Windows\System\RdMFFOG.exe
  2⤵
  PID:1144
- C:\Windows\System\vyNNnlp.exe
  C:\Windows\System\vyNNnlp.exe
  2⤵
  PID:1980
- C:\Windows\System\eULEmtj.exe
  C:\Windows\System\eULEmtj.exe
  2⤵
  PID:1920
- C:\Windows\System\bbhYIuf.exe
  C:\Windows\System\bbhYIuf.exe
  2⤵
  PID:6612
- C:\Windows\System\Eiekqej.exe
  C:\Windows\System\Eiekqej.exe
  2⤵
  PID:6896
- C:\Windows\System\wiVwJWW.exe
  C:\Windows\System\wiVwJWW.exe
  2⤵
  PID:5712
- C:\Windows\System\EyFXcrZ.exe
  C:\Windows\System\EyFXcrZ.exe
  2⤵
  PID:7092
- C:\Windows\System\nnRAGzz.exe
  C:\Windows\System\nnRAGzz.exe
  2⤵
  PID:7136
- C:\Windows\System\MttwkYk.exe
  C:\Windows\System\MttwkYk.exe
  2⤵
  PID:6496
- C:\Windows\System\TxKTZWn.exe
  C:\Windows\System\TxKTZWn.exe
  2⤵
  PID:2632
- C:\Windows\System\vTSwGvm.exe
  C:\Windows\System\vTSwGvm.exe
  2⤵
  PID:1548
- C:\Windows\System\IaBxwzq.exe
  C:\Windows\System\IaBxwzq.exe
  2⤵
  PID:6884
- C:\Windows\System\CfxcieM.exe
  C:\Windows\System\CfxcieM.exe
  2⤵
  PID:6960
- C:\Windows\System\VFjApNh.exe
  C:\Windows\System\VFjApNh.exe
  2⤵
  PID:6208
- C:\Windows\System\XOxzXPv.exe
  C:\Windows\System\XOxzXPv.exe
  2⤵
  PID:6788
- C:\Windows\System\FRgxWvA.exe
  C:\Windows\System\FRgxWvA.exe
  2⤵
  PID:7028
- C:\Windows\System\qQJRmvb.exe
  C:\Windows\System\qQJRmvb.exe
  2⤵
  PID:7180
- C:\Windows\System\hBLfUJP.exe
  C:\Windows\System\hBLfUJP.exe
  2⤵
  PID:7196
- C:\Windows\System\wyCuKpH.exe
  C:\Windows\System\wyCuKpH.exe
  2⤵
  PID:7212
- C:\Windows\System\bIVWNNO.exe
  C:\Windows\System\bIVWNNO.exe
  2⤵
  PID:7228
- C:\Windows\System\UrlEMdj.exe
  C:\Windows\System\UrlEMdj.exe
  2⤵
  PID:7244
- C:\Windows\System\tjwnTUz.exe
  C:\Windows\System\tjwnTUz.exe
  2⤵
  PID:7260
- C:\Windows\System\tKnouJp.exe
  C:\Windows\System\tKnouJp.exe
  2⤵
  PID:7276
- C:\Windows\System\repaSxw.exe
  C:\Windows\System\repaSxw.exe
  2⤵
  PID:7292
- C:\Windows\System\lJRBqkc.exe
  C:\Windows\System\lJRBqkc.exe
  2⤵
  PID:7308
- C:\Windows\System\isyBrYF.exe
  C:\Windows\System\isyBrYF.exe
  2⤵
  PID:7324
- C:\Windows\System\BFBDeJz.exe
  C:\Windows\System\BFBDeJz.exe
  2⤵
  PID:7340
- C:\Windows\System\LRAmeCJ.exe
  C:\Windows\System\LRAmeCJ.exe
  2⤵
  PID:7356
- C:\Windows\System\yFUgYXY.exe
  C:\Windows\System\yFUgYXY.exe
  2⤵
  PID:7372
- C:\Windows\System\PzLXzdz.exe
  C:\Windows\System\PzLXzdz.exe
  2⤵
  PID:7388
- C:\Windows\System\jwKZNNm.exe
  C:\Windows\System\jwKZNNm.exe
  2⤵
  PID:7404
- C:\Windows\System\JMeZVWx.exe
  C:\Windows\System\JMeZVWx.exe
  2⤵
  PID:7420
- C:\Windows\System\yLYYEWV.exe
  C:\Windows\System\yLYYEWV.exe
  2⤵
  PID:7436
- C:\Windows\System\xWnablh.exe
  C:\Windows\System\xWnablh.exe
  2⤵
  PID:7452
- C:\Windows\System\xaPonVm.exe
  C:\Windows\System\xaPonVm.exe
  2⤵
  PID:7468
- C:\Windows\System\ejBCZmh.exe
  C:\Windows\System\ejBCZmh.exe
  2⤵
  PID:7484
- C:\Windows\System\rzVRdoe.exe
  C:\Windows\System\rzVRdoe.exe
  2⤵
  PID:7500
- C:\Windows\System\xcjFXeH.exe
  C:\Windows\System\xcjFXeH.exe
  2⤵
  PID:7516
- C:\Windows\System\uQRBgct.exe
  C:\Windows\System\uQRBgct.exe
  2⤵
  PID:7532
- C:\Windows\System\LpQheda.exe
  C:\Windows\System\LpQheda.exe
  2⤵
  PID:7548
- C:\Windows\System\sZkeCdo.exe
  C:\Windows\System\sZkeCdo.exe
  2⤵
  PID:7564
- C:\Windows\System\fBjtbuO.exe
  C:\Windows\System\fBjtbuO.exe
  2⤵
  PID:7580
- C:\Windows\System\iCXBqkJ.exe
  C:\Windows\System\iCXBqkJ.exe
  2⤵
  PID:7596
- C:\Windows\System\AexHyaS.exe
  C:\Windows\System\AexHyaS.exe
  2⤵
  PID:7612
- C:\Windows\System\NGwjLTC.exe
  C:\Windows\System\NGwjLTC.exe
  2⤵
  PID:7628
- C:\Windows\System\JVAIEmD.exe
  C:\Windows\System\JVAIEmD.exe
  2⤵
  PID:7644
- C:\Windows\System\oRzDDiT.exe
  C:\Windows\System\oRzDDiT.exe
  2⤵
  PID:7660
- C:\Windows\System\qctzKdE.exe
  C:\Windows\System\qctzKdE.exe
  2⤵
  PID:7676
- C:\Windows\System\vDnsqyj.exe
  C:\Windows\System\vDnsqyj.exe
  2⤵
  PID:7692
- C:\Windows\System\hVEQYJJ.exe
  C:\Windows\System\hVEQYJJ.exe
  2⤵
  PID:7708
- C:\Windows\System\zXvpVFZ.exe
  C:\Windows\System\zXvpVFZ.exe
  2⤵
  PID:7724
- C:\Windows\System\jSrDQAO.exe
  C:\Windows\System\jSrDQAO.exe
  2⤵
  PID:7740
- C:\Windows\System\qnvkDWJ.exe
  C:\Windows\System\qnvkDWJ.exe
  2⤵
  PID:7756
- C:\Windows\System\irEdHYa.exe
  C:\Windows\System\irEdHYa.exe
  2⤵
  PID:7772
- C:\Windows\System\UtevBaI.exe
  C:\Windows\System\UtevBaI.exe
  2⤵
  PID:7788
- C:\Windows\System\bowybzS.exe
  C:\Windows\System\bowybzS.exe
  2⤵
  PID:7804
- C:\Windows\System\haChOXC.exe
  C:\Windows\System\haChOXC.exe
  2⤵
  PID:7820
- C:\Windows\System\dLnJVLz.exe
  C:\Windows\System\dLnJVLz.exe
  2⤵
  PID:7840
- C:\Windows\System\XJmCSIR.exe
  C:\Windows\System\XJmCSIR.exe
  2⤵
  PID:7856
- C:\Windows\System\GgCsJcX.exe
  C:\Windows\System\GgCsJcX.exe
  2⤵
  PID:7872
- C:\Windows\System\CbJaQXr.exe
  C:\Windows\System\CbJaQXr.exe
  2⤵
  PID:7888
- C:\Windows\System\uzEZhrd.exe
  C:\Windows\System\uzEZhrd.exe
  2⤵
  PID:7904
- C:\Windows\System\PjJqZVJ.exe
  C:\Windows\System\PjJqZVJ.exe
  2⤵
  PID:7920
- C:\Windows\System\ImtOslW.exe
  C:\Windows\System\ImtOslW.exe
  2⤵
  PID:7936
- C:\Windows\System\bSghdUb.exe
  C:\Windows\System\bSghdUb.exe
  2⤵
  PID:7952
- C:\Windows\System\dgPZIaa.exe
  C:\Windows\System\dgPZIaa.exe
  2⤵
  PID:7968
- C:\Windows\System\LbnFSQu.exe
  C:\Windows\System\LbnFSQu.exe
  2⤵
  PID:7984
- C:\Windows\System\nZJBVeP.exe
  C:\Windows\System\nZJBVeP.exe
  2⤵
  PID:8000
- C:\Windows\System\tmsshxv.exe
  C:\Windows\System\tmsshxv.exe
  2⤵
  PID:8016
- C:\Windows\System\YROWumk.exe
  C:\Windows\System\YROWumk.exe
  2⤵
  PID:8032
- C:\Windows\System\hpThwMe.exe
  C:\Windows\System\hpThwMe.exe
  2⤵
  PID:8048
- C:\Windows\System\mRmjEie.exe
  C:\Windows\System\mRmjEie.exe
  2⤵
  PID:8064
- C:\Windows\System\dUgOsxL.exe
  C:\Windows\System\dUgOsxL.exe
  2⤵
  PID:8080
- C:\Windows\System\WsYdiVK.exe
  C:\Windows\System\WsYdiVK.exe
  2⤵
  PID:8096
- C:\Windows\System\jXXkWIl.exe
  C:\Windows\System\jXXkWIl.exe
  2⤵
  PID:8112
- C:\Windows\System\DPMpJzU.exe
  C:\Windows\System\DPMpJzU.exe
  2⤵
  PID:8128
- C:\Windows\System\lxvNvMf.exe
  C:\Windows\System\lxvNvMf.exe
  2⤵
  PID:8144
- C:\Windows\System\QWskXty.exe
  C:\Windows\System\QWskXty.exe
  2⤵
  PID:8160
- C:\Windows\System\CeRNOBR.exe
  C:\Windows\System\CeRNOBR.exe
  2⤵
  PID:8176
- C:\Windows\System\ukNSvmC.exe
  C:\Windows\System\ukNSvmC.exe
  2⤵
  PID:7172
- C:\Windows\System\NvabZBn.exe
  C:\Windows\System\NvabZBn.exe
  2⤵
  PID:7236
- C:\Windows\System\hudRbxd.exe
  C:\Windows\System\hudRbxd.exe
  2⤵
  PID:7300
- C:\Windows\System\XqZoDHf.exe
  C:\Windows\System\XqZoDHf.exe
  2⤵
  PID:7364
- C:\Windows\System\yIRMUbA.exe
  C:\Windows\System\yIRMUbA.exe
  2⤵
  PID:7152
- C:\Windows\System\xzzoVcS.exe
  C:\Windows\System\xzzoVcS.exe
  2⤵
  PID:6460
- C:\Windows\System\LpMRKRG.exe
  C:\Windows\System\LpMRKRG.exe
  2⤵
  PID:7156
- C:\Windows\System\eACfFVN.exe
  C:\Windows\System\eACfFVN.exe
  2⤵
  PID:7220
- C:\Windows\System\gKEetCE.exe
  C:\Windows\System\gKEetCE.exe
  2⤵
  PID:7288
- C:\Windows\System\jYBOvqM.exe
  C:\Windows\System\jYBOvqM.exe
  2⤵
  PID:7352
- C:\Windows\System\JnZyaDY.exe
  C:\Windows\System\JnZyaDY.exe
  2⤵
  PID:7400
- C:\Windows\System\KxHgZzV.exe
  C:\Windows\System\KxHgZzV.exe
  2⤵
  PID:7460
- C:\Windows\System\gLWtUyI.exe
  C:\Windows\System\gLWtUyI.exe
  2⤵
  PID:7528
- C:\Windows\System\poUKtSr.exe
  C:\Windows\System\poUKtSr.exe
  2⤵
  PID:7588
- C:\Windows\System\xNHsfnS.exe
  C:\Windows\System\xNHsfnS.exe
  2⤵
  PID:7412
- C:\Windows\System\uWSXydi.exe
  C:\Windows\System\uWSXydi.exe
  2⤵
  PID:7684
- C:\Windows\System\XPIbqjK.exe
  C:\Windows\System\XPIbqjK.exe
  2⤵
  PID:7716
- C:\Windows\System\PSPOEIf.exe
  C:\Windows\System\PSPOEIf.exe
  2⤵
  PID:7784
- C:\Windows\System\OgSgGWD.exe
  C:\Windows\System\OgSgGWD.exe
  2⤵
  PID:7852
- C:\Windows\System\sGGRWzc.exe
  C:\Windows\System\sGGRWzc.exe
  2⤵
  PID:7944
- C:\Windows\System\zurabMT.exe
  C:\Windows\System\zurabMT.exe
  2⤵
  PID:7980
- C:\Windows\System\eUJSPuS.exe
  C:\Windows\System\eUJSPuS.exe
  2⤵
  PID:8012
- C:\Windows\System\odjxlyB.exe
  C:\Windows\System\odjxlyB.exe
  2⤵
  PID:7480
- C:\Windows\System\SyiEzFj.exe
  C:\Windows\System\SyiEzFj.exe
  2⤵
  PID:7928
- C:\Windows\System\BFDAUao.exe
  C:\Windows\System\BFDAUao.exe
  2⤵
  PID:7576
- C:\Windows\System\atVQRJm.exe
  C:\Windows\System\atVQRJm.exe
  2⤵
  PID:7764
- C:\Windows\System\RSUMzTB.exe
  C:\Windows\System\RSUMzTB.exe
  2⤵
  PID:7672
- C:\Windows\System\ihNoyOB.exe
  C:\Windows\System\ihNoyOB.exe
  2⤵
  PID:7992
- C:\Windows\System\CCIMDhV.exe
  C:\Windows\System\CCIMDhV.exe
  2⤵
  PID:8024
- C:\Windows\System\QErmSeL.exe
  C:\Windows\System\QErmSeL.exe
  2⤵
  PID:7768
- C:\Windows\System\xzCQUUC.exe
  C:\Windows\System\xzCQUUC.exe
  2⤵
  PID:7900
- C:\Windows\System\BGIMYqk.exe
  C:\Windows\System\BGIMYqk.exe
  2⤵
  PID:8060
- C:\Windows\System\XauCMdH.exe
  C:\Windows\System\XauCMdH.exe
  2⤵
  PID:8108
- C:\Windows\System\UFqThfc.exe
  C:\Windows\System\UFqThfc.exe
  2⤵
  PID:8172
- C:\Windows\System\SqOQkSV.exe
  C:\Windows\System\SqOQkSV.exe
  2⤵
  PID:7336
- C:\Windows\System\guQsctc.exe
  C:\Windows\System\guQsctc.exe
  2⤵
  PID:7192
- C:\Windows\System\XfdIhwn.exe
  C:\Windows\System\XfdIhwn.exe
  2⤵
  PID:7560
- C:\Windows\System\xAgsjYn.exe
  C:\Windows\System\xAgsjYn.exe
  2⤵
  PID:8088
- C:\Windows\System\vNYYStp.exe
  C:\Windows\System\vNYYStp.exe
  2⤵
  PID:7752
- C:\Windows\System\UNoYnSF.exe
  C:\Windows\System\UNoYnSF.exe
  2⤵
  PID:7540
- C:\Windows\System\jWqbtTR.exe
  C:\Windows\System\jWqbtTR.exe
  2⤵
  PID:7604
- C:\Windows\System\gekKQiY.exe
  C:\Windows\System\gekKQiY.exe
  2⤵
  PID:8184
- C:\Windows\System\bcQzLhR.exe
  C:\Windows\System\bcQzLhR.exe
  2⤵
  PID:7492
- C:\Windows\System\EeVByfd.exe
  C:\Windows\System\EeVByfd.exe
  2⤵
  PID:7996
- C:\Windows\System\DhApvUy.exe
  C:\Windows\System\DhApvUy.exe
  2⤵
  PID:7252
- C:\Windows\System\amBqPnP.exe
  C:\Windows\System\amBqPnP.exe
  2⤵
  PID:7656
- C:\Windows\System\ZaWKTCu.exe
  C:\Windows\System\ZaWKTCu.exe
  2⤵
  PID:8056
- C:\Windows\System\LxDoYqR.exe
  C:\Windows\System\LxDoYqR.exe
  2⤵
  PID:8204
- C:\Windows\System\GhzWleJ.exe
  C:\Windows\System\GhzWleJ.exe
  2⤵
  PID:8220
- C:\Windows\System\jgWQpad.exe
  C:\Windows\System\jgWQpad.exe
  2⤵
  PID:8236
- C:\Windows\System\StntQFN.exe
  C:\Windows\System\StntQFN.exe
  2⤵
  PID:8252
- C:\Windows\System\JNBoIFA.exe
  C:\Windows\System\JNBoIFA.exe
  2⤵
  PID:8268
- C:\Windows\System\UJJRhCT.exe
  C:\Windows\System\UJJRhCT.exe
  2⤵
  PID:8284
- C:\Windows\System\OdPWGee.exe
  C:\Windows\System\OdPWGee.exe
  2⤵
  PID:8300
- C:\Windows\System\OAuugbb.exe
  C:\Windows\System\OAuugbb.exe
  2⤵
  PID:8316
- C:\Windows\System\AvbaTtY.exe
  C:\Windows\System\AvbaTtY.exe
  2⤵
  PID:8336
- C:\Windows\System\OngPVKU.exe
  C:\Windows\System\OngPVKU.exe
  2⤵
  PID:8352
- C:\Windows\System\YRuQIno.exe
  C:\Windows\System\YRuQIno.exe
  2⤵
  PID:8368
- C:\Windows\System\yeAQOdl.exe
  C:\Windows\System\yeAQOdl.exe
  2⤵
  PID:8384
- C:\Windows\System\KOpdHGO.exe
  C:\Windows\System\KOpdHGO.exe
  2⤵
  PID:8400
- C:\Windows\System\wGPvOGj.exe
  C:\Windows\System\wGPvOGj.exe
  2⤵
  PID:8416
- C:\Windows\System\cXaXHUV.exe
  C:\Windows\System\cXaXHUV.exe
  2⤵
  PID:8432
- C:\Windows\System\BMrHNcX.exe
  C:\Windows\System\BMrHNcX.exe
  2⤵
  PID:8448
- C:\Windows\System\EIsppGd.exe
  C:\Windows\System\EIsppGd.exe
  2⤵
  PID:8464
- C:\Windows\System\HiqfSLa.exe
  C:\Windows\System\HiqfSLa.exe
  2⤵
  PID:8480
- C:\Windows\System\NbhHEit.exe
  C:\Windows\System\NbhHEit.exe
  2⤵
  PID:8496
- C:\Windows\System\uifjkrj.exe
  C:\Windows\System\uifjkrj.exe
  2⤵
  PID:8512
- C:\Windows\System\fPhgNiO.exe
  C:\Windows\System\fPhgNiO.exe
  2⤵
  PID:8528
- C:\Windows\System\XZYkzJL.exe
  C:\Windows\System\XZYkzJL.exe
  2⤵
  PID:8544
- C:\Windows\System\CuSNgJI.exe
  C:\Windows\System\CuSNgJI.exe
  2⤵
  PID:8560
- C:\Windows\System\jqzRIGj.exe
  C:\Windows\System\jqzRIGj.exe
  2⤵
  PID:8576
- C:\Windows\System\SUPavJb.exe
  C:\Windows\System\SUPavJb.exe
  2⤵
  PID:8592
- C:\Windows\System\aiJTtZa.exe
  C:\Windows\System\aiJTtZa.exe
  2⤵
  PID:8608
- C:\Windows\System\YUpyLnF.exe
  C:\Windows\System\YUpyLnF.exe
  2⤵
  PID:8624
- C:\Windows\System\RmFAAMm.exe
  C:\Windows\System\RmFAAMm.exe
  2⤵
  PID:8640
- C:\Windows\System\yuCpqrH.exe
  C:\Windows\System\yuCpqrH.exe
  2⤵
  PID:8656
- C:\Windows\System\TGjXiiV.exe
  C:\Windows\System\TGjXiiV.exe
  2⤵
  PID:8672
- C:\Windows\System\pXkfQSJ.exe
  C:\Windows\System\pXkfQSJ.exe
  2⤵
  PID:8688
- C:\Windows\System\mVWIXUm.exe
  C:\Windows\System\mVWIXUm.exe
  2⤵
  PID:8704
- C:\Windows\System\PhNgjot.exe
  C:\Windows\System\PhNgjot.exe
  2⤵
  PID:8720
- C:\Windows\System\xOaYMye.exe
  C:\Windows\System\xOaYMye.exe
  2⤵
  PID:8736
- C:\Windows\System\ynxGsKp.exe
  C:\Windows\System\ynxGsKp.exe
  2⤵
  PID:8752
- C:\Windows\System\sNuqvuA.exe
  C:\Windows\System\sNuqvuA.exe
  2⤵
  PID:8768
- C:\Windows\System\gGaYXDm.exe
  C:\Windows\System\gGaYXDm.exe
  2⤵
  PID:8784
- C:\Windows\System\yPDRGam.exe
  C:\Windows\System\yPDRGam.exe
  2⤵
  PID:8800
- C:\Windows\System\iBbQWpZ.exe
  C:\Windows\System\iBbQWpZ.exe
  2⤵
  PID:8816
- C:\Windows\System\ljPOPqd.exe
  C:\Windows\System\ljPOPqd.exe
  2⤵
  PID:8832
- C:\Windows\System\AbryyJd.exe
  C:\Windows\System\AbryyJd.exe
  2⤵
  PID:8848
- C:\Windows\System\DwgIDmB.exe
  C:\Windows\System\DwgIDmB.exe
  2⤵
  PID:8864
- C:\Windows\System\CrMpPAd.exe
  C:\Windows\System\CrMpPAd.exe
  2⤵
  PID:8880
- C:\Windows\System\eGevRmE.exe
  C:\Windows\System\eGevRmE.exe
  2⤵
  PID:8896
- C:\Windows\System\FRfHlVY.exe
  C:\Windows\System\FRfHlVY.exe
  2⤵
  PID:8912
- C:\Windows\System\iEGnQwk.exe
  C:\Windows\System\iEGnQwk.exe
  2⤵
  PID:8940
- C:\Windows\System\rtSuLOX.exe
  C:\Windows\System\rtSuLOX.exe
  2⤵
  PID:8956
- C:\Windows\System\jqTPMRu.exe
  C:\Windows\System\jqTPMRu.exe
  2⤵
  PID:8972
- C:\Windows\System\HsBYxyO.exe
  C:\Windows\System\HsBYxyO.exe
  2⤵
  PID:8988
- C:\Windows\System\ZcIiwnJ.exe
  C:\Windows\System\ZcIiwnJ.exe
  2⤵
  PID:9004
- C:\Windows\System\octhQIS.exe
  C:\Windows\System\octhQIS.exe
  2⤵
  PID:9020
- C:\Windows\System\OmJsqpb.exe
  C:\Windows\System\OmJsqpb.exe
  2⤵
  PID:9036
- C:\Windows\System\CEvkyIf.exe
  C:\Windows\System\CEvkyIf.exe
  2⤵
  PID:9052
- C:\Windows\System\iplAFTo.exe
  C:\Windows\System\iplAFTo.exe
  2⤵
  PID:9068
- C:\Windows\System\cpidNwp.exe
  C:\Windows\System\cpidNwp.exe
  2⤵
  PID:9084
- C:\Windows\System\rMHmVSe.exe
  C:\Windows\System\rMHmVSe.exe
  2⤵
  PID:9100
- C:\Windows\System\PMRsptf.exe
  C:\Windows\System\PMRsptf.exe
  2⤵
  PID:9116
- C:\Windows\System\jzpcZlr.exe
  C:\Windows\System\jzpcZlr.exe
  2⤵
  PID:9136
- C:\Windows\System\WTtRfNL.exe
  C:\Windows\System\WTtRfNL.exe
  2⤵
  PID:9152
- C:\Windows\System\QQLNYsS.exe
  C:\Windows\System\QQLNYsS.exe
  2⤵
  PID:9200
- C:\Windows\System\tyUosXk.exe
  C:\Windows\System\tyUosXk.exe
  2⤵
  PID:7464
- C:\Windows\System\NzIExHL.exe
  C:\Windows\System\NzIExHL.exe
  2⤵
  PID:8228
- C:\Windows\System\eJVarkv.exe
  C:\Windows\System\eJVarkv.exe
  2⤵
  PID:8156
- C:\Windows\System\zfHdJRJ.exe
  C:\Windows\System\zfHdJRJ.exe
  2⤵
  PID:5588
- C:\Windows\System\dtPxnol.exe
  C:\Windows\System\dtPxnol.exe
  2⤵
  PID:7396
- C:\Windows\System\coGOFlP.exe
  C:\Windows\System\coGOFlP.exe
  2⤵
  PID:7448
- C:\Windows\System\xHkVugw.exe
  C:\Windows\System\xHkVugw.exe
  2⤵
  PID:6152
- C:\Windows\System\DGvRmVM.exe
  C:\Windows\System\DGvRmVM.exe
  2⤵
  PID:7948
- C:\Windows\System\eXrmUoh.exe
  C:\Windows\System\eXrmUoh.exe
  2⤵
  PID:7544
- C:\Windows\System\sPrXmth.exe
  C:\Windows\System\sPrXmth.exe
  2⤵
  PID:7836
- C:\Windows\System\UgLgBQN.exe
  C:\Windows\System\UgLgBQN.exe
  2⤵
  PID:7332
- C:\Windows\System\KemhiyL.exe
  C:\Windows\System\KemhiyL.exe
  2⤵
  PID:7508
- C:\Windows\System\yaDJaun.exe
  C:\Windows\System\yaDJaun.exe
  2⤵
  PID:8092
- C:\Windows\System\KZnkbIZ.exe
  C:\Windows\System\KZnkbIZ.exe
  2⤵
  PID:8292
- C:\Windows\System\JErAtIa.exe
  C:\Windows\System\JErAtIa.exe
  2⤵
  PID:8276
- C:\Windows\System\CdcArGQ.exe
  C:\Windows\System\CdcArGQ.exe
  2⤵
  PID:8312
- C:\Windows\System\alsrTGj.exe
  C:\Windows\System\alsrTGj.exe
  2⤵
  PID:8344
- C:\Windows\System\TPMEvQb.exe
  C:\Windows\System\TPMEvQb.exe
  2⤵
  PID:8424
- C:\Windows\System\HEWtdRj.exe
  C:\Windows\System\HEWtdRj.exe
  2⤵
  PID:8492
- C:\Windows\System\YVGhIXe.exe
  C:\Windows\System\YVGhIXe.exe
  2⤵
  PID:8412
- C:\Windows\System\AvnoAYi.exe
  C:\Windows\System\AvnoAYi.exe
  2⤵
  PID:8472
- C:\Windows\System\oscenya.exe
  C:\Windows\System\oscenya.exe
  2⤵
  PID:9080
- C:\Windows\System\EBvucXL.exe
  C:\Windows\System\EBvucXL.exe
  2⤵
  PID:9064
- C:\Windows\System\auHFjzX.exe
  C:\Windows\System\auHFjzX.exe
  2⤵
  PID:8260
- C:\Windows\System\yuKsSPQ.exe
  C:\Windows\System\yuKsSPQ.exe
  2⤵
  PID:8376
- C:\Windows\System\ndqvFmP.exe
  C:\Windows\System\ndqvFmP.exe
  2⤵
  PID:8440
- C:\Windows\System\oNTOJQJ.exe
  C:\Windows\System\oNTOJQJ.exe
  2⤵
  PID:8536
- C:\Windows\System\mruEXTA.exe
  C:\Windows\System\mruEXTA.exe
  2⤵
  PID:8552
- C:\Windows\System\oFIGBwR.exe
  C:\Windows\System\oFIGBwR.exe
  2⤵
  PID:8588
- C:\Windows\System\EOeZACY.exe
  C:\Windows\System\EOeZACY.exe
  2⤵
  PID:8632
- C:\Windows\System\LGwRIQz.exe
  C:\Windows\System\LGwRIQz.exe
  2⤵
  PID:8652
- C:\Windows\System\BQajUuK.exe
  C:\Windows\System\BQajUuK.exe
  2⤵
  PID:8696
- C:\Windows\System\zieTZgT.exe
  C:\Windows\System\zieTZgT.exe
  2⤵
  PID:8744
- C:\Windows\System\NjrzoVS.exe
  C:\Windows\System\NjrzoVS.exe
  2⤵
  PID:8776
- C:\Windows\System\ZdVuSpy.exe
  C:\Windows\System\ZdVuSpy.exe
  2⤵
  PID:8840
- C:\Windows\System\QvkHXhz.exe
  C:\Windows\System\QvkHXhz.exe
  2⤵
  PID:8904
- C:\Windows\System\GdkQscE.exe
  C:\Windows\System\GdkQscE.exe
  2⤵
  PID:8792
- C:\Windows\System\sFifAKS.exe
  C:\Windows\System\sFifAKS.exe
  2⤵
  PID:8856
- C:\Windows\System\MxmFpIF.exe
  C:\Windows\System\MxmFpIF.exe
  2⤵
  PID:8920
- C:\Windows\System\FamJZrg.exe
  C:\Windows\System\FamJZrg.exe
  2⤵
  PID:8924
- C:\Windows\System\binDuEX.exe
  C:\Windows\System\binDuEX.exe
  2⤵
  PID:8968
- C:\Windows\System\nVjzJTH.exe
  C:\Windows\System\nVjzJTH.exe
  2⤵
  PID:8980
- C:\Windows\System\NOeWAem.exe
  C:\Windows\System\NOeWAem.exe
  2⤵
  PID:9016
- C:\Windows\System\Ezibdiq.exe
  C:\Windows\System\Ezibdiq.exe
  2⤵
  PID:9112
- C:\Windows\System\wkySOOh.exe
  C:\Windows\System\wkySOOh.exe
  2⤵
  PID:9212
- C:\Windows\System\pUdNJXW.exe
  C:\Windows\System\pUdNJXW.exe
  2⤵
  PID:8124
- C:\Windows\System\lCeAiXR.exe
  C:\Windows\System\lCeAiXR.exe
  2⤵
  PID:7208
- C:\Windows\System\oeaHieh.exe
  C:\Windows\System\oeaHieh.exe
  2⤵
  PID:8324
- C:\Windows\System\VkSfRGn.exe
  C:\Windows\System\VkSfRGn.exe
  2⤵
  PID:8456
- C:\Windows\System\MvLddGJ.exe
  C:\Windows\System\MvLddGJ.exe
  2⤵
  PID:7416
- C:\Windows\System\yLHHisW.exe
  C:\Windows\System\yLHHisW.exe
  2⤵
  PID:9096
- C:\Windows\System\LMLckyn.exe
  C:\Windows\System\LMLckyn.exe
  2⤵
  PID:8196
- C:\Windows\System\sNNWipK.exe
  C:\Windows\System\sNNWipK.exe
  2⤵
  PID:9188
- C:\Windows\System\KZrCeHi.exe
  C:\Windows\System\KZrCeHi.exe
  2⤵
  PID:9196
- C:\Windows\System\ihjGbNt.exe
  C:\Windows\System\ihjGbNt.exe
  2⤵
  PID:7432
- C:\Windows\System\fChKnaN.exe
  C:\Windows\System\fChKnaN.exe
  2⤵
  PID:8152
- C:\Windows\System\neKgtXs.exe
  C:\Windows\System\neKgtXs.exe
  2⤵
  PID:8248
- C:\Windows\System\CZJKmyK.exe
  C:\Windows\System\CZJKmyK.exe
  2⤵
  PID:8460
- C:\Windows\System\IFtmJZx.exe
  C:\Windows\System\IFtmJZx.exe
  2⤵
  PID:8600
- C:\Windows\System\ZIwusGk.exe
  C:\Windows\System\ZIwusGk.exe
  2⤵
  PID:8700
- C:\Windows\System\kguKnBl.exe
  C:\Windows\System\kguKnBl.exe
  2⤵
  PID:8760
- C:\Windows\System\XVxiTYB.exe
  C:\Windows\System\XVxiTYB.exe
  2⤵
  PID:8620
- C:\Windows\System\KmxfxEE.exe
  C:\Windows\System\KmxfxEE.exe
  2⤵
  PID:8748
- C:\Windows\System\iEOMnBv.exe
  C:\Windows\System\iEOMnBv.exe
  2⤵
  PID:8888
- C:\Windows\System\qShAkaW.exe
  C:\Windows\System\qShAkaW.exe
  2⤵
  PID:9012
- C:\Windows\System\WvwKLPJ.exe
  C:\Windows\System\WvwKLPJ.exe
  2⤵
  PID:8244
- C:\Windows\System\aHLHNUG.exe
  C:\Windows\System\aHLHNUG.exe
  2⤵
  PID:9164
- C:\Windows\System\mBfqgUg.exe
  C:\Windows\System\mBfqgUg.exe
  2⤵
  PID:9184
- C:\Windows\System\GevwqMT.exe
  C:\Windows\System\GevwqMT.exe
  2⤵
  PID:8828
- C:\Windows\System\jyiOuqj.exe
  C:\Windows\System\jyiOuqj.exe
  2⤵
  PID:9000
- C:\Windows\System\qBJRuSE.exe
  C:\Windows\System\qBJRuSE.exe
  2⤵
  PID:7640
- C:\Windows\System\BPkWqnd.exe
  C:\Windows\System\BPkWqnd.exe
  2⤵
  PID:9180
- C:\Windows\System\cwzSyIK.exe
  C:\Windows\System\cwzSyIK.exe
  2⤵
  PID:8216
- C:\Windows\System\SqtULso.exe
  C:\Windows\System\SqtULso.exe
  2⤵
  PID:8508
- C:\Windows\System\RuEqRXW.exe
  C:\Windows\System\RuEqRXW.exe
  2⤵
  PID:8964
- C:\Windows\System\sZoXYGp.exe
  C:\Windows\System\sZoXYGp.exe
  2⤵
  PID:8808
- C:\Windows\System\tWqGWeX.exe
  C:\Windows\System\tWqGWeX.exe
  2⤵
  PID:9076
- C:\Windows\System\OafRUgF.exe
  C:\Windows\System\OafRUgF.exe
  2⤵
  PID:8572
- C:\Windows\System\VQvKlEg.exe
  C:\Windows\System\VQvKlEg.exe
  2⤵
  PID:8556
- C:\Windows\System\yTSMWad.exe
  C:\Windows\System\yTSMWad.exe
  2⤵
  PID:8584
- C:\Windows\System\yQkVkYr.exe
  C:\Windows\System\yQkVkYr.exe
  2⤵
  PID:8824
- C:\Windows\System\klpowqw.exe
  C:\Windows\System\klpowqw.exe
  2⤵
  PID:8936
- C:\Windows\System\mdDwtTD.exe
  C:\Windows\System\mdDwtTD.exe
  2⤵
  PID:8872
- C:\Windows\System\VjUaKBm.exe
  C:\Windows\System\VjUaKBm.exe
  2⤵
  PID:8568
- C:\Windows\System\VkYCMcE.exe
  C:\Windows\System\VkYCMcE.exe
  2⤵
  PID:8488
- C:\Windows\System\CpkIOuI.exe
  C:\Windows\System\CpkIOuI.exe
  2⤵
  PID:7864
- C:\Windows\System\FNBQLfv.exe
  C:\Windows\System\FNBQLfv.exe
  2⤵
  PID:7272
- C:\Windows\System\DKnBJVu.exe
  C:\Windows\System\DKnBJVu.exe
  2⤵
  PID:9224
- C:\Windows\System\CuQQcRl.exe
  C:\Windows\System\CuQQcRl.exe
  2⤵
  PID:9240
- C:\Windows\System\otvAMLk.exe
  C:\Windows\System\otvAMLk.exe
  2⤵
  PID:9256
- C:\Windows\System\xjknlsd.exe
  C:\Windows\System\xjknlsd.exe
  2⤵
  PID:9272
- C:\Windows\System\fjPJyDX.exe
  C:\Windows\System\fjPJyDX.exe
  2⤵
  PID:9288
- C:\Windows\System\nMvegLM.exe
  C:\Windows\System\nMvegLM.exe
  2⤵
  PID:9308
- C:\Windows\System\ntErKIt.exe
  C:\Windows\System\ntErKIt.exe
  2⤵
  PID:9324
- C:\Windows\System\gqRmYVi.exe
  C:\Windows\System\gqRmYVi.exe
  2⤵
  PID:9340
- C:\Windows\System\NKUWqOr.exe
  C:\Windows\System\NKUWqOr.exe
  2⤵
  PID:9356
- C:\Windows\System\wugRGzP.exe
  C:\Windows\System\wugRGzP.exe
  2⤵
  PID:9372
- C:\Windows\System\UqPXqAk.exe
  C:\Windows\System\UqPXqAk.exe
  2⤵
  PID:9388
- C:\Windows\System\pzkZthS.exe
  C:\Windows\System\pzkZthS.exe
  2⤵
  PID:9412
- C:\Windows\System\lGasfNl.exe
  C:\Windows\System\lGasfNl.exe
  2⤵
  PID:9432
- C:\Windows\System\TUdzWaA.exe
  C:\Windows\System\TUdzWaA.exe
  2⤵
  PID:9452
- C:\Windows\System\eXveTrM.exe
  C:\Windows\System\eXveTrM.exe
  2⤵
  PID:9472
- C:\Windows\System\XVDKpha.exe
  C:\Windows\System\XVDKpha.exe
  2⤵
  PID:9492
- C:\Windows\System\DaEtmej.exe
  C:\Windows\System\DaEtmej.exe
  2⤵
  PID:9516
- C:\Windows\System\DWiHTrz.exe
  C:\Windows\System\DWiHTrz.exe
  2⤵
  PID:9536
- C:\Windows\System\ulvHIcU.exe
  C:\Windows\System\ulvHIcU.exe
  2⤵
  PID:9556
- C:\Windows\System\AeSNUcn.exe
  C:\Windows\System\AeSNUcn.exe
  2⤵
  PID:9576
- C:\Windows\System\ZpQCTFM.exe
  C:\Windows\System\ZpQCTFM.exe
  2⤵
  PID:9596
- C:\Windows\System\jwgRZWZ.exe
  C:\Windows\System\jwgRZWZ.exe
  2⤵
  PID:9616
- C:\Windows\System\PDcmsNF.exe
  C:\Windows\System\PDcmsNF.exe
  2⤵
  PID:9636
- C:\Windows\System\BDgScxH.exe
  C:\Windows\System\BDgScxH.exe
  2⤵
  PID:9656
- C:\Windows\System\GSaXcxW.exe
  C:\Windows\System\GSaXcxW.exe
  2⤵
  PID:9680
- C:\Windows\System\xKjAokM.exe
  C:\Windows\System\xKjAokM.exe
  2⤵
  PID:9700
- C:\Windows\System\IknGKwi.exe
  C:\Windows\System\IknGKwi.exe
  2⤵
  PID:9720
- C:\Windows\System\hIpMzDA.exe
  C:\Windows\System\hIpMzDA.exe
  2⤵
  PID:9740
- C:\Windows\System\uWDTtWl.exe
  C:\Windows\System\uWDTtWl.exe
  2⤵
  PID:9764
- C:\Windows\System\jOUzMvO.exe
  C:\Windows\System\jOUzMvO.exe
  2⤵
  PID:9788
- C:\Windows\System\bmTEGoL.exe
  C:\Windows\System\bmTEGoL.exe
  2⤵
  PID:9808
- C:\Windows\System\ugVFzVd.exe
  C:\Windows\System\ugVFzVd.exe
  2⤵
  PID:9832
- C:\Windows\System\btarVQm.exe
  C:\Windows\System\btarVQm.exe
  2⤵
  PID:9852
- C:\Windows\System\lfrdTRV.exe
  C:\Windows\System\lfrdTRV.exe
  2⤵
  PID:9880
- C:\Windows\System\dKMDnhy.exe
  C:\Windows\System\dKMDnhy.exe
  2⤵
  PID:9900
- C:\Windows\System\fZhgowp.exe
  C:\Windows\System\fZhgowp.exe
  2⤵
  PID:9920
- C:\Windows\System\wjRRrac.exe
  C:\Windows\System\wjRRrac.exe
  2⤵
  PID:9940
- C:\Windows\System\rKFqKfx.exe
  C:\Windows\System\rKFqKfx.exe
  2⤵
  PID:9956
- C:\Windows\System\rFSEHhB.exe
  C:\Windows\System\rFSEHhB.exe
  2⤵
  PID:9976
- C:\Windows\System\Yecgkex.exe
  C:\Windows\System\Yecgkex.exe
  2⤵
  PID:9996
- C:\Windows\System\IwLgwIS.exe
  C:\Windows\System\IwLgwIS.exe
  2⤵
  PID:10016
- C:\Windows\System\XNLlnZv.exe
  C:\Windows\System\XNLlnZv.exe
  2⤵
  PID:10036
- C:\Windows\System\ocHqpto.exe
  C:\Windows\System\ocHqpto.exe
  2⤵
  PID:10060
- C:\Windows\System\PtaMydw.exe
  C:\Windows\System\PtaMydw.exe
  2⤵
  PID:10080
- C:\Windows\System\ApyXiaB.exe
  C:\Windows\System\ApyXiaB.exe
  2⤵
  PID:10100
- C:\Windows\System\wmGJutG.exe
  C:\Windows\System\wmGJutG.exe
  2⤵
  PID:10140
- C:\Windows\System\hEcUiFI.exe
  C:\Windows\System\hEcUiFI.exe
  2⤵
  PID:10156
- C:\Windows\System\UXdYKfy.exe
  C:\Windows\System\UXdYKfy.exe
  2⤵
  PID:10172
- C:\Windows\System\DXTgsfC.exe
  C:\Windows\System\DXTgsfC.exe
  2⤵
  PID:10188
- C:\Windows\System\GeEquhB.exe
  C:\Windows\System\GeEquhB.exe
  2⤵
  PID:10204
- C:\Windows\System\HLZboKE.exe
  C:\Windows\System\HLZboKE.exe
  2⤵
  PID:10220
- C:\Windows\System\DgftdZz.exe
  C:\Windows\System\DgftdZz.exe
  2⤵
  PID:10236
- C:\Windows\System\AdyQGBP.exe
  C:\Windows\System\AdyQGBP.exe
  2⤵
  PID:9232
- C:\Windows\System\eoQbhqo.exe
  C:\Windows\System\eoQbhqo.exe
  2⤵
  PID:8764
- C:\Windows\System\DmYqimA.exe
  C:\Windows\System\DmYqimA.exe
  2⤵
  PID:9248
- C:\Windows\System\KKGAyFI.exe
  C:\Windows\System\KKGAyFI.exe
  2⤵
  PID:9252
- C:\Windows\System\WwFEEXV.exe
  C:\Windows\System\WwFEEXV.exe
  2⤵
  PID:9316
- C:\Windows\System\amVQIHu.exe
  C:\Windows\System\amVQIHu.exe
  2⤵
  PID:9396
- C:\Windows\System\LJBCWIP.exe
  C:\Windows\System\LJBCWIP.exe
  2⤵
  PID:9320
- C:\Windows\System\FayPHEX.exe
  C:\Windows\System\FayPHEX.exe
  2⤵
  PID:9480
- C:\Windows\System\lWQBgQz.exe
  C:\Windows\System\lWQBgQz.exe
  2⤵
  PID:9528
- C:\Windows\System\lzZODVj.exe
  C:\Windows\System\lzZODVj.exe
  2⤵
  PID:9568
- C:\Windows\System\bOJsPkq.exe
  C:\Windows\System\bOJsPkq.exe
  2⤵
  PID:9608
- C:\Windows\System\UGOYrbz.exe
  C:\Windows\System\UGOYrbz.exe
  2⤵
  PID:9652
- C:\Windows\System\gptVkwJ.exe
  C:\Windows\System\gptVkwJ.exe
  2⤵
  PID:9420
- C:\Windows\System\KZXaZVN.exe
  C:\Windows\System\KZXaZVN.exe
  2⤵
  PID:9688
- C:\Windows\System\AYoJzna.exe
  C:\Windows\System\AYoJzna.exe
  2⤵
  PID:9508
- C:\Windows\System\vRDGTNN.exe
  C:\Windows\System\vRDGTNN.exe
  2⤵
  PID:9584
- C:\Windows\System\RQjxqjX.exe
  C:\Windows\System\RQjxqjX.exe
  2⤵
  PID:9628
- C:\Windows\System\dpOEGKZ.exe
  C:\Windows\System\dpOEGKZ.exe
  2⤵
  PID:9664
- C:\Windows\System\pLoadch.exe
  C:\Windows\System\pLoadch.exe
  2⤵
  PID:9728
- C:\Windows\System\bLCaFdG.exe
  C:\Windows\System\bLCaFdG.exe
  2⤵
  PID:9716
- C:\Windows\System\tPvyyPK.exe
  C:\Windows\System\tPvyyPK.exe
  2⤵
  PID:9772
- C:\Windows\System\BBeYWcK.exe
  C:\Windows\System\BBeYWcK.exe
  2⤵
  PID:9816
- C:\Windows\System\GOpEUjw.exe
  C:\Windows\System\GOpEUjw.exe
  2⤵
  PID:9796
- C:\Windows\System\GpHQXPa.exe
  C:\Windows\System\GpHQXPa.exe
  2⤵
  PID:9828
- C:\Windows\System\sLDnoWc.exe
  C:\Windows\System\sLDnoWc.exe
  2⤵
  PID:9864
- C:\Windows\System\Lgewfdt.exe
  C:\Windows\System\Lgewfdt.exe
  2⤵
  PID:9840
- C:\Windows\System\ttVFgfK.exe
  C:\Windows\System\ttVFgfK.exe
  2⤵
  PID:9932
- C:\Windows\System\lnuWqmY.exe
  C:\Windows\System\lnuWqmY.exe
  2⤵
  PID:9952
- C:\Windows\System\FGMptWp.exe
  C:\Windows\System\FGMptWp.exe
  2⤵
  PID:9948
- C:\Windows\System\fFNPefx.exe
  C:\Windows\System\fFNPefx.exe
  2⤵
  PID:10028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CbzutMf.exe

Filesize
6.0MB

MD5
304a4d7cababf377228ab2293121a27a

SHA1
bb0955b626c75fe72294711a97d2f5f0e37123b4

SHA256
3cc5c5a9ed4adeb4e5f36c0de82ac369d2748228bd4655b57bf2cfdeb3647d71

SHA512
ad86c69def4882a51e0315e000ad6dbda518dc3b0389036724ec11cf1a6739b3c6abeabbf67bafc35d507e64d57fa2e3ebb775471620c272b6c96d40b19de060

Download Submit
C:\Windows\system\DuDcPev.exe

Filesize
6.0MB

MD5
ea14f33bf71aff06d1c14d3002df51c6

SHA1
9ec08da38ff25c39d3664c0d4be0a5b94731483c

SHA256
8487f4b257d7230eeb3e65814c0446df90382f59896e56ea9f63978c1ce56d59

SHA512
3b196d5310abe2ed3e378d37c33f8373a6b375738e69c2fa8ffbe605e08da14911a90c72495a4601b06e2d4af3bb42d764007fd747c6764da93e47328068ec50

Download Submit
C:\Windows\system\EMxNsYM.exe

Filesize
6.0MB

MD5
e0ecbac2057ffed146916834b4abcd34

SHA1
e14345370e091366bc802ba6ce071cf274cb2a21

SHA256
5e316a6d7d300c22a3eaeed3232ff26f7ad153dc8ab4ab65f32d031737d2664a

SHA512
9e6faf6940ed54fe0ec2b0dc5687b760db4776f383905f864168ca9e91572c4a2d10493742e89de738198dcb271cdc08156437b88e2562ad850499b95cf1e266

Download Submit
C:\Windows\system\Jhwvkkx.exe

Filesize
6.0MB

MD5
749f9bdc2b6922b5056f8a453eaff039

SHA1
de7d4f0f1f978f43e153d61eb6b186708cdf1d56

SHA256
ea7496458dc7ed972b690efeffc854a10d0e04a70a23dd0e48e543e49e54bbef

SHA512
03ff78c4daaceab603f77060e36107b4624b55788962ddd440dd69561180381e2d0f0e8f76832d5edebb3fa02f587d6aa482c21f28a92264a5f91c7521005721

Download Submit
C:\Windows\system\MSPUVDs.exe

Filesize
6.0MB

MD5
643ac062a3da991340e8dfaad1f79be2

SHA1
b352f9ab2d0a341af5dcd4cab15d65910e5e6126

SHA256
8acf8c7b4bb09552fbae8fbcc206d9e47531afb7afebd8d5927d3ad241f7a1e9

SHA512
a27fe6a3d9029c0a658d5e6de9770fe1a0633c7e13926490e7787b4d7d408f050744006d3c826d43915c3a7468d968d8817588d5fa68047cf090c6d5ceb00a6e

Download Submit
C:\Windows\system\MWTuRyP.exe

Filesize
6.0MB

MD5
7348755d5f5f902ef9991960a574f5f1

SHA1
654f4158ea9de0f8f71cbaafac948605c85716e4

SHA256
339de5e225160c0952e2893076131ad91453e239aeebf3647a135352d92c7561

SHA512
520eb85d856d6e20fd6f7b70db580348d727f2944cbae3511e66be9f5434e581324349bc36e65f29ca78a3e5b3a4c53337b8a9a33f09e371aa7eba6d67cfb946

Download Submit
C:\Windows\system\OHxsoGQ.exe

Filesize
6.0MB

MD5
f3ca2ff3fc1c00415af5e901d73a91de

SHA1
9a672d2c1e93e1ccca983063cc53ea7532e2c94c

SHA256
d335960fcce119cee32d74daaba413fde97be0b500c127c9580233bd7dfad05a

SHA512
efe12f9ffaaa9ea320edd5e5df88adb2fcd164996d68b5dcd75d8182677d015cfe0c28d11cb040e47d730b26dee8a58840674660f2a276fe8920b2e8e374c107

Download Submit
C:\Windows\system\QekNbsO.exe

Filesize
6.0MB

MD5
6af876d0b6929a3dfd060246b44ae374

SHA1
b012e3a02e95bdc644c8abb42b54b801d1956f1a

SHA256
d36bbfa630a5b99f6bc25ca6fa1d5fae9eaed692351285673b06b9a91cc4c193

SHA512
b7a2c9a59c86a82f806007e1463069dbef66a32d10271c2446898961ba8a04b0062928eebc8240e03d322fa7c9b53be0f79a1df6d6a152f2c839c1a35fc169b4

Download Submit
C:\Windows\system\QsmmJun.exe

Filesize
6.0MB

MD5
fb6997dd81dd5eab958823f296be48b0

SHA1
4aa0718042210d74b1873198be4ececdd436fc5e

SHA256
5fdfe1e27706ac3617a7e0f657e9a06b2bb7601b2c214b42b3ad34aa8af7b9c9

SHA512
3ea305da6f5b3a4721efbf08eff5aad516518892cc214a30b83a0fd844435d5d29330a751c43ceefdd372cda4d259b60dd289d65311ac62a4e4746dc0d74fbfe

Download Submit
C:\Windows\system\UYdwtjw.exe

Filesize
6.0MB

MD5
fe5a3ed26f670e774b0932cf96026d6d

SHA1
51a4a1118f34a30f92a3b5957eda6c5525efe2da

SHA256
ef989a024db6360148e8b4ce4ff8730c19830e87134783da577992377999c2e8

SHA512
66517a348f5ea4f9b47f7626653ed4bb65c74f63b1fd0196845db893341be74d938f0f14bc07a2f9d3f5126b9692aaf9e6aab270d8466951c985aef0b458e64a

Download Submit
C:\Windows\system\XIrmOxj.exe

Filesize
6.0MB

MD5
7a3c51cd8b15e15c77ad683d6c23223f

SHA1
d127985b94c5fc844fce9ee547cf4dc249642955

SHA256
280a4eb2549f8f226523d5064b855fb08cc821f1ae10c0e93c8bfd79d56cc201

SHA512
8640f871c048e370245721e4603cadb4ecfbb943c4209fdbbc5570fface3f2a42281f3a1f62de5c23ff2eab143e179b3dd33ffa4df0576fcc2c532830aa688cb

Download Submit
C:\Windows\system\XkerhlR.exe

Filesize
6.0MB

MD5
6cd27ea9dd2b66eae2f38a962f50fcb6

SHA1
a8a8cf61856426c8637c778fa799f2ef1f6215ae

SHA256
ee7a7ed41e4e29e86fba57136d4e0f53be051fb82f274576da22940de8d4ffbd

SHA512
f0149f311d1e0c377e1660cfdaae7180f8637b8a4bf03cf39263e852d5f95df3e633587c73c29303728117f10ad1704b6033f6a84df8de977b674fb1c5185b88

Download Submit
C:\Windows\system\ZeVZQMb.exe

Filesize
6.0MB

MD5
84babd819b24a626ab61c791e6515975

SHA1
99d91a31f8945c7e6af4b45d2ff0b16a5a2d19f8

SHA256
896c293372e7d17cae5fe7461c924bdde1445a6adc13225101c4bf18e918d057

SHA512
d54bda15b34be83fbe0e12e9cca7711c83312727fd606266f9bbb5ef44bf89f7ba1046169ce2d39ea9a04c46fca26f56cca4429d10f1762a80341a53e6a074ca

Download Submit
C:\Windows\system\bsExqfC.exe

Filesize
6.0MB

MD5
b501a086810609ab63fd54b2ccc0e29b

SHA1
8930a80d7c767b77b5aebc3b225b84ca2163bbc3

SHA256
b13cbcb7518a2438f99d81d24599e55ac5657aa6caa405ad917be09d8eec9a71

SHA512
40c3fd1394c3a0e3eba72f9c425c335e90b30ff12a8e5fb6b251a7829f42990bd78b893c17d31c81c91e683333d7d35a287f66dac3c10b61cecfee1b04547d97

Download Submit
C:\Windows\system\eBRPxqF.exe

Filesize
6.0MB

MD5
31cc461b7f3666c2d60132b4be877a39

SHA1
806ed039af25372efef0eb541297f4eca5ebace4

SHA256
d1b29217e6f1fb313d903b58b163eabd6c4e75992c48ef7c0bd3d85a10ea5156

SHA512
3a3f1d97c9f58be551a2856b011a83c84625038566a1d4e1047f8089690a091df9b7e773336a7e951197c3a9559f5b895e6ce08f2d3ca97258a650837f02b04b

Download Submit
C:\Windows\system\jIyPMxd.exe

Filesize
6.0MB

MD5
85a7b1e2d417bc2c1890a31c39973434

SHA1
c4320a176dbc051dca967437c7974a9c54bc2563

SHA256
59cbf7607ce822828da6240ab124f291cc672254c168da2ee938377f76b611d0

SHA512
e29273bd88dd8f39b9b9be6f0b479b842371102e641f7773249457510d4a87eb8be3284151c391c72c6c9cd08a9fe80201334b2034babff4a5f49d286ec46f4b

Download Submit
C:\Windows\system\jOZXCsf.exe

Filesize
6.0MB

MD5
4b8ebbfe0da267b6279c44c0725e396e

SHA1
33d70054663f23cbb6800829bd6e6417c1a2b087

SHA256
e41cbb593bb2e2f74b85698185daf7418e97f97af65b32860afeebf996c98eaf

SHA512
9b070dc46d7e4eadd9e5fc649fadbdfe6fe3da2578da6a13778d83148fec57995c955c01068813bfd7a59e7f8d6172a0f9d24b6eedfa76f46bdb98fad5b6a688

Download Submit
C:\Windows\system\jzJJNgH.exe

Filesize
6.0MB

MD5
fed4ec4563eccedb5ec12e58f9446c6e

SHA1
e65415d8d72edf347176018e34ffd29d50c19db4

SHA256
1d6dbd027496aa93da4700b530d4f1a09e399631d0b19c6fa8f4a67c1a1aff65

SHA512
8b87bbda2c286d6d8b6d87ec722c7893dc5b70d1dcd8b7fde219fcfefb3d4e7ad1448a5b9efefd04b8e63842ac1ce779b6f63a0c430f200b5e539fd8a1add95d

Download Submit
C:\Windows\system\lFHLUwc.exe

Filesize
6.0MB

MD5
c9b14441451d2e4641cfdc74f6ae9493

SHA1
b5b1fc9741f121edb879003c4f98c7d379d2daaa

SHA256
b856f7283e6471c3b85e0124f156697d754b5370a39d12d01c2d423965230288

SHA512
985839fd8cf5960cf0dea643d02691f9a765e07d67b73cb2414b46f31bbd325443328fc3e0e107625e371b5ba07858dda1dab0588f4646b45787fcebe6954f17

Download Submit
C:\Windows\system\njswfGf.exe

Filesize
6.0MB

MD5
aa498387eb7a271587c1c78c66cc3845

SHA1
43cabf1a8869406bbc6e7391f1326521de55c28b

SHA256
74296b36eca2a8b8ad87b8d3620b86b93865b90507c7e61b7e5ecffc5a8a6c2f

SHA512
2771e32baba75800b858ddc6aadd7e415479551e2abfee2b49370b675d3ee24e8bfb2501db448282fb57258033c5c0e4a81268755d84190601b2b961a1998dc0

Download Submit
C:\Windows\system\pTePgQm.exe

Filesize
6.0MB

MD5
806b70e6a0b191704ec4834b0eaa07dd

SHA1
18831cda0fdbbb4f730590814a92e4bee8b4c56b

SHA256
ad1e3a9c2f04346d73c15f3c26727d78a95064c06b1521a60c67b3565d7d8298

SHA512
6c156bbcdf2e50f5f54d1a6eb0e03746952c02a686c002c3b35807d142f2da2a69b4acec65dde0ca981b5ffdb1159b7f94c209377f4524c3b9258c0612bb6352

Download Submit
C:\Windows\system\qfGXDie.exe

Filesize
6.0MB

MD5
e7e37345798e32c810bbcdb4ea3c4227

SHA1
f815f4f1c16a6ff645c0df0453e973837cccee6e

SHA256
606a537c3e8238cc06f821cb5723ecf2a71313a1a8216b2a113beed8eeb3c454

SHA512
bd3e2b989f35e2e5c64f1b4447aa8228e8477902912e41571e0410c2dc4dd6f9461c641621fbd1d4df4d46cba54956dd55a8b9576330d497bbd6080f574356b9

Download Submit
C:\Windows\system\vQErNJK.exe

Filesize
6.0MB

MD5
cdcee9569756baa0153b0d5a90754d50

SHA1
53094fbdea0a48cade35ad5556c9b0589662d860

SHA256
b42aff4afd8b3b669726af6192e5e0b3d8e3e0f2d9e9f5d6c7c4b1a8c0c2fe53

SHA512
84dbb15f85904cac0850744fd9272c418fa029a636519e867ff8182750415cac67e64803edf6d3565f2cacb6cc16d18a17b6fe412e0e99a774d506fd97e622e4

Download Submit
C:\Windows\system\vQmLlkN.exe

Filesize
6.0MB

MD5
5b7ac0aae7ce1f3669ab3d200e9d7a28

SHA1
b933d54271c7567c4f0235e6ead156ba43ae42a7

SHA256
757e630c0ff7e9bc25ac1b34fc2a8198cfaaf0dbab3ad4bd33648bb516098160

SHA512
114485f9a2d7af38ac4e7ecb733c7e328a5ce8b08aa88f492ed60d49ecf143a13c20e49800354a4060e9be8f82ee8b6f6b6215b3a6fde307187bd6a3990693d7

Download Submit
C:\Windows\system\wmhumaO.exe

Filesize
6.0MB

MD5
fa4f3d9bc2bdc7ac8238e02be842d554

SHA1
a4890be54440d354cfa4d0d47def35f3b1ce2d30

SHA256
f8496e2ab8f178c0d124624b541216ce91c5bd4aae87c3a3364579ba23858e81

SHA512
2bae1c572268eb7c3004383e549726a56bb66db2c4af6f3ac5c0c90600ae364b7124ca21aa6ee7e305c65762600e1f618df31e7d3aed89ee607949e8b740bfb0

Download Submit
\Windows\system\FfsiZAz.exe

Filesize
6.0MB

MD5
e7a612b0f7279793ebd8a8017974b7de

SHA1
5c6337a0dbe2b64ab67d00e5e5c66bedfa160cac

SHA256
25b3ba641774a94c14d9a5405403e71b5dab8ebdac5bcb1051889b08478a0f3f

SHA512
5c6e6dd5b57f2733b27e4048f038b52fdfd5dc6ce37bc49bc58de4385434a664ca0f809f8acebfa8a117cbe2c22f46d1084766de84e035741f8e6912aafa0b33

Download Submit
\Windows\system\KyocBVI.exe

Filesize
6.0MB

MD5
ef523507eff0524ce6747b759185fb05

SHA1
bdd79464da610dc16c4e1ce67b8be3f90eceeb2e

SHA256
53f96da44120e4566d7eac57c8d42e72ae5b091f63f89cc3e3361a0f70ac2e3e

SHA512
799302f806a6ec63a82450d8fb8f8075f7c2d80903beaa3082c63fb34a401435de0cc324c97ea7475b2e811b57886c5618b1325ca0f56bade755c0b3ce385765

Download Submit
\Windows\system\NKRuuWP.exe

Filesize
6.0MB

MD5
5c3235d03dbd2332cb3aef39fb23a8d0

SHA1
da4908c47a88389e38bee046b2089f3755d94e1c

SHA256
c3a6987f8bce74da7eba39f4e0fcaabf54db23bcfe4b2ec95e76a96e4a88ad86

SHA512
2ad99601807a639a77f7982bc44cf0030b0e80021971f98584df20fa6d6aadc2be1081222258b635013be1d6a952f6b75bc41d63da1a485585d3c930afd8ee9e

Download Submit
\Windows\system\Nvnvssc.exe

Filesize
6.0MB

MD5
784d342b603f9d6d03338c333d012e51

SHA1
5aabdc9ad3f8d6123d2ddad4af7d4c9d708edce4

SHA256
2cb8ff81ec77d1d128a9163f61f7dd9530de0cef4325ba22a01da6a82af6a0d4

SHA512
ec96e29189844e8e66c94b550dc6602423ab391aa52cb1e3c5659362e36a136dd9efd429f9ff9b86ca32a109151d0b0da8bb91eae102e9feb6e21012d37bc15f

Download Submit
\Windows\system\azhgTNM.exe

Filesize
6.0MB

MD5
f31ca0bd26544cb9d900f07ea5763ed4

SHA1
0cd3f087c68f128c073bfe44d258bc29a07f5a34

SHA256
6842fd81a3fc5314089d0fe0e8cc49aae0ec08e5f79be0444c69583ccb0730ee

SHA512
2b448a6128e86cc8d9719b1297a64e9f3a33ae00cc9efcb6320941be5d17af56643cb94d3b04f1f308b53ab8b111e36762607777414a7fc8ca16cc937c70de24

Download Submit
\Windows\system\eQDwmfJ.exe

Filesize
6.0MB

MD5
13a6011aaf5b369b067799cef6710df9

SHA1
bc13a42418d28a4ba7df21387377b832d04ef312

SHA256
08dbe1a90287bb7721bd4278bf24ec9d7f73b5eeedba9b9843f9dd58f1602ab8

SHA512
f787a3505a31cf84b28471c2a2b3bddbdbe831907106762927de15ef2d17e3c8e74c9da2a281b1e3a1e804559eee88423fd5af69aa87dfc1669566b0da909d5f

Download Submit
\Windows\system\pLNFdep.exe

Filesize
6.0MB

MD5
b0e85a484069654f56e147eb0dc88f48

SHA1
2d070383555c300fecd9787816d5aef04077cacb

SHA256
2a80e17642f430eb888405634b30827417ad2cdb09e210b4037e141a0622e36d

SHA512
d36153c5b2b74fd1911e924db9c273f21de0b09adfc0e025aa7084fd395b5efd6c38191b2143413d96c96a40d76f7fed85582e70ed22555c9ff5936b99e284a9

Download Submit
memory/1044-9-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1044-46-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1224-3730-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-94-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-3750-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1748-104-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1972-98-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3748-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2080-55-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-90-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1007-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-960-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-868-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-213-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-110-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2080-6-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-37-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-15-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1557-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2080-0-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-52-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-77-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-44-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-87-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2080-27-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2080-88-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2080-95-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2080-32-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2080-20-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-91-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-383-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2220-16-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-3719-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-97-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3726-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3721-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-45-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-80-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3737-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-61-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3749-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3706-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2672-53-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3720-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-30-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-73-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3680-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-22-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-60-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-103-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3751-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-38-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download