cobaltstrike | 5b24a6534e484058af88a2aa6b0f97829522dc8aee15111524aebf9c75472324

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2d37c7268b203bbc521ff419ea477719
SHA1

349e224b4728478e5ca34585ef3ab2cc73f02f7d
SHA256

5b24a6534e484058af88a2aa6b0f97829522dc8aee15111524aebf9c75472324
SHA512

ab2e10f6271cdb7670243c46c39f48abc01cc6f8559d0c06d3b3739b81320dafd5c6751c3e7f9d27ca6a4eb497aab04393765ef6f6f62a7956d6f290c94cdebe
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019284-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192a9-12.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001939d-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a4-39.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195e6-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c73-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dcb-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fbc-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dd7-186.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019261-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c54-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001970b-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199b9-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c0-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d3d-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-53.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193ac-52.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019379-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2092-0-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202a-3.dat	xmrig
behavioral1/files/0x0008000000019284-9.dat	xmrig
behavioral1/files/0x00070000000192a9-12.dat	xmrig
behavioral1/memory/1664-21-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2412-30-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x000600000001939d-31.dat	xmrig
behavioral1/memory/2008-36-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00060000000193a4-39.dat	xmrig
behavioral1/memory/2092-61-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000195e6-45.dat	xmrig
behavioral1/memory/2756-64-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2888-79-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c73-167.dat	xmrig
behavioral1/files/0x0005000000019d62-168.dat	xmrig
behavioral1/files/0x0005000000019dcb-181.dat	xmrig
behavioral1/files/0x0005000000019fbc-191.dat	xmrig
behavioral1/memory/2092-553-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/2092-840-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2668-726-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2092-725-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2756-366-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019dd7-186.dat	xmrig
behavioral1/files/0x0008000000019261-176.dat	xmrig
behavioral1/files/0x0005000000019629-152.dat	xmrig
behavioral1/files/0x0005000000019c54-140.dat	xmrig
behavioral1/files/0x000500000001970b-139.dat	xmrig
behavioral1/files/0x0005000000019c56-136.dat	xmrig
behavioral1/memory/2092-131-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/files/0x00050000000199b9-129.dat	xmrig
behavioral1/files/0x0005000000019625-125.dat	xmrig
behavioral1/files/0x000500000001967f-122.dat	xmrig
behavioral1/files/0x00050000000196c0-118.dat	xmrig
behavioral1/files/0x000500000001963b-110.dat	xmrig
behavioral1/files/0x0005000000019627-104.dat	xmrig
behavioral1/memory/2092-103-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d3d-155.dat	xmrig
behavioral1/files/0x0005000000019c58-145.dat	xmrig
behavioral1/memory/2668-86-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2092-85-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x000500000001962b-117.dat	xmrig
behavioral1/memory/3068-109-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2412-84-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019622-83.dat	xmrig
behavioral1/memory/2812-99-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2008-92-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019623-89.dat	xmrig
behavioral1/memory/2092-72-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2872-71-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2092-78-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0005000000019621-76.dat	xmrig
behavioral1/files/0x000500000001961f-67.dat	xmrig
behavioral1/memory/2728-60-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2876-59-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2812-55-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x000500000001961d-53.dat	xmrig
behavioral1/files/0x00060000000193ac-52.dat	xmrig
behavioral1/files/0x0006000000019379-26.dat	xmrig
behavioral1/memory/2516-20-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2960-17-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2960-3785-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1664-3786-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2412-3787-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2516-3788-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2960	XKJPHwz.exe
2516	APckgVb.exe
1664	rDfzwAV.exe
2412	AOnDgSn.exe
2008	xIvnlJz.exe
2812	jAuDcHH.exe
2876	qVNMSdq.exe
2728	DsjCEQr.exe
2756	fOyQXEB.exe
2872	JbWSBYj.exe
2888	kwHhUqr.exe
2668	GhgZEBv.exe
3068	SjgtRay.exe
668	QZDgmwi.exe
2692	QkHHbFr.exe
1992	xXbyetX.exe
2648	YFbnSXf.exe
1980	DqNWpok.exe
1236	Kbqgjuy.exe
2160	cSTCBwd.exe
1660	DCkRpDI.exe
1372	sOfPdrf.exe
532	SyaHlcs.exe
1452	VggBgtt.exe
1900	VicODtP.exe
2936	UgcHrJG.exe
3048	AOxTfKz.exe
2588	RFuoOxd.exe
2256	zimROfa.exe
2996	zkyIYUw.exe
696	sdITdeb.exe
1540	mZCOIDk.exe
1432	ywTMdXW.exe
1892	mfbTwlx.exe
1720	gMiyVFA.exe
2424	OMZLGEx.exe
1904	gcVuJnA.exe
1476	qEjtPeF.exe
272	dUdfJtU.exe
1832	FlReYrU.exe
2184	QCIbrpN.exe
1780	IgytutQ.exe
2484	ZtyiKNU.exe
324	CXsGpQo.exe
1676	XlxANiS.exe
1944	EZGAlvn.exe
796	FhAwtkO.exe
2300	MiHupHr.exe
2012	KqcyCdu.exe
1728	qRXSBgz.exe
1928	NJjiyak.exe
2956	TsRsvXQ.exe
2716	uoOqNZA.exe
2420	IjHfiNo.exe
2720	fiipNUS.exe
2132	dgpOyUL.exe
2476	GnOqYtw.exe
1416	uZuTZDn.exe
1640	awkomhN.exe
2276	VdbVZlv.exe
1856	mlPCPOI.exe
2828	AlwIKfk.exe
2600	LFMYjcx.exe
2356	YuSyxpv.exe

Loads dropped DLL 64 IoCs

pid	Process
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2092-0-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x000a00000001202a-3.dat	upx
behavioral1/files/0x0008000000019284-9.dat	upx
behavioral1/files/0x00070000000192a9-12.dat	upx
behavioral1/memory/1664-21-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2412-30-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x000600000001939d-31.dat	upx
behavioral1/memory/2008-36-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00060000000193a4-39.dat	upx
behavioral1/files/0x00060000000195e6-45.dat	upx
behavioral1/memory/2756-64-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2888-79-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0005000000019c73-167.dat	upx
behavioral1/files/0x0005000000019d62-168.dat	upx
behavioral1/files/0x0005000000019dcb-181.dat	upx
behavioral1/files/0x0005000000019fbc-191.dat	upx
behavioral1/memory/2092-840-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2668-726-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2756-366-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x0005000000019dd7-186.dat	upx
behavioral1/files/0x0008000000019261-176.dat	upx
behavioral1/files/0x0005000000019629-152.dat	upx
behavioral1/files/0x0005000000019c54-140.dat	upx
behavioral1/files/0x000500000001970b-139.dat	upx
behavioral1/files/0x0005000000019c56-136.dat	upx
behavioral1/files/0x00050000000199b9-129.dat	upx
behavioral1/files/0x0005000000019625-125.dat	upx
behavioral1/files/0x000500000001967f-122.dat	upx
behavioral1/files/0x00050000000196c0-118.dat	upx
behavioral1/files/0x000500000001963b-110.dat	upx
behavioral1/files/0x0005000000019627-104.dat	upx
behavioral1/files/0x0005000000019d3d-155.dat	upx
behavioral1/files/0x0005000000019c58-145.dat	upx
behavioral1/memory/2668-86-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x000500000001962b-117.dat	upx
behavioral1/memory/3068-109-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2412-84-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x0005000000019622-83.dat	upx
behavioral1/memory/2812-99-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2008-92-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0005000000019623-89.dat	upx
behavioral1/memory/2092-72-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2872-71-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0005000000019621-76.dat	upx
behavioral1/files/0x000500000001961f-67.dat	upx
behavioral1/memory/2728-60-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2876-59-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2812-55-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x000500000001961d-53.dat	upx
behavioral1/files/0x00060000000193ac-52.dat	upx
behavioral1/files/0x0006000000019379-26.dat	upx
behavioral1/memory/2516-20-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2960-17-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2960-3785-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1664-3786-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2412-3787-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2516-3788-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2876-3789-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2728-3791-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2008-3792-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2668-3794-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2888-3793-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/3068-3795-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2812-3790-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zkyIYUw.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRbiIgJ.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZReQMnM.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQRHYZg.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohCaTWJ.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppatKIc.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fraSzxX.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YuSyxpv.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUEtQli.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbvYWlQ.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcGQJAh.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyyKFXz.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAAjZUB.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxMJIET.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMAJiLj.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XanYGhH.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awkomhN.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juWORtV.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHMaIQa.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqVNMPi.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ibapvof.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVeoDaW.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyIGaWd.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMjbqxl.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CeoKOIv.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPMpEke.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwOtOZg.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSFGxhK.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsHRzyL.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywTMdXW.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQvkJqu.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSkjvEu.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\depRRub.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPXnSer.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yAUPvLp.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eockYGI.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYutwwI.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isoVBjc.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guqxdBa.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpflebA.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqvZjtZ.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYxBVFQ.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdITdeb.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfbTwlx.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUqicUR.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfhFGEF.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrkzaEm.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBBPxSx.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJBVddX.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHZAfjs.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MydjkKi.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCMnloL.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKlSGha.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHpTftp.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwMZWin.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqYSAbe.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvleGZU.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eBPGTez.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsJPgoZ.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBVnuWZ.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAvxkmC.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpYNFMO.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSpoTed.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOnDgSn.exe	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2960	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2092 wrote to memory of 2960	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2092 wrote to memory of 2960	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2092 wrote to memory of 2516	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2092 wrote to memory of 2516	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2092 wrote to memory of 2516	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2092 wrote to memory of 1664	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2092 wrote to memory of 1664	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2092 wrote to memory of 1664	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2092 wrote to memory of 2412	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2092 wrote to memory of 2412	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2092 wrote to memory of 2412	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2092 wrote to memory of 2008	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2092 wrote to memory of 2008	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2092 wrote to memory of 2008	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2092 wrote to memory of 2812	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2092 wrote to memory of 2812	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2092 wrote to memory of 2812	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2092 wrote to memory of 2876	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2092 wrote to memory of 2876	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2092 wrote to memory of 2876	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2092 wrote to memory of 2756	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2092 wrote to memory of 2756	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2092 wrote to memory of 2756	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2092 wrote to memory of 2728	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2092 wrote to memory of 2728	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2092 wrote to memory of 2728	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2092 wrote to memory of 2872	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2092 wrote to memory of 2872	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2092 wrote to memory of 2872	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2092 wrote to memory of 2888	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2092 wrote to memory of 2888	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2092 wrote to memory of 2888	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2092 wrote to memory of 2668	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2092 wrote to memory of 2668	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2092 wrote to memory of 2668	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2092 wrote to memory of 3068	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2092 wrote to memory of 3068	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2092 wrote to memory of 3068	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2092 wrote to memory of 2648	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2092 wrote to memory of 2648	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2092 wrote to memory of 2648	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2092 wrote to memory of 668	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2092 wrote to memory of 668	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2092 wrote to memory of 668	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2092 wrote to memory of 1660	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2092 wrote to memory of 1660	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2092 wrote to memory of 1660	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2092 wrote to memory of 2692	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2092 wrote to memory of 2692	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2092 wrote to memory of 2692	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2092 wrote to memory of 532	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2092 wrote to memory of 532	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2092 wrote to memory of 532	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2092 wrote to memory of 1992	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2092 wrote to memory of 1992	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2092 wrote to memory of 1992	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2092 wrote to memory of 1452	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2092 wrote to memory of 1452	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2092 wrote to memory of 1452	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2092 wrote to memory of 1980	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2092 wrote to memory of 1980	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2092 wrote to memory of 1980	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2092 wrote to memory of 1900	2092	2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_2d37c7268b203bbc521ff419ea477719_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\System\XKJPHwz.exe
  C:\Windows\System\XKJPHwz.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\APckgVb.exe
  C:\Windows\System\APckgVb.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\rDfzwAV.exe
  C:\Windows\System\rDfzwAV.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\AOnDgSn.exe
  C:\Windows\System\AOnDgSn.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\xIvnlJz.exe
  C:\Windows\System\xIvnlJz.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\jAuDcHH.exe
  C:\Windows\System\jAuDcHH.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\qVNMSdq.exe
  C:\Windows\System\qVNMSdq.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\fOyQXEB.exe
  C:\Windows\System\fOyQXEB.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\DsjCEQr.exe
  C:\Windows\System\DsjCEQr.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\JbWSBYj.exe
  C:\Windows\System\JbWSBYj.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\kwHhUqr.exe
  C:\Windows\System\kwHhUqr.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\GhgZEBv.exe
  C:\Windows\System\GhgZEBv.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\SjgtRay.exe
  C:\Windows\System\SjgtRay.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\YFbnSXf.exe
  C:\Windows\System\YFbnSXf.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\QZDgmwi.exe
  C:\Windows\System\QZDgmwi.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\DCkRpDI.exe
  C:\Windows\System\DCkRpDI.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\QkHHbFr.exe
  C:\Windows\System\QkHHbFr.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\SyaHlcs.exe
  C:\Windows\System\SyaHlcs.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\xXbyetX.exe
  C:\Windows\System\xXbyetX.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\VggBgtt.exe
  C:\Windows\System\VggBgtt.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\DqNWpok.exe
  C:\Windows\System\DqNWpok.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\VicODtP.exe
  C:\Windows\System\VicODtP.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\Kbqgjuy.exe
  C:\Windows\System\Kbqgjuy.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\UgcHrJG.exe
  C:\Windows\System\UgcHrJG.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\cSTCBwd.exe
  C:\Windows\System\cSTCBwd.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\AOxTfKz.exe
  C:\Windows\System\AOxTfKz.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\sOfPdrf.exe
  C:\Windows\System\sOfPdrf.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\RFuoOxd.exe
  C:\Windows\System\RFuoOxd.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\zimROfa.exe
  C:\Windows\System\zimROfa.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\zkyIYUw.exe
  C:\Windows\System\zkyIYUw.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\sdITdeb.exe
  C:\Windows\System\sdITdeb.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\mZCOIDk.exe
  C:\Windows\System\mZCOIDk.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\ywTMdXW.exe
  C:\Windows\System\ywTMdXW.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\mfbTwlx.exe
  C:\Windows\System\mfbTwlx.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\gMiyVFA.exe
  C:\Windows\System\gMiyVFA.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\OMZLGEx.exe
  C:\Windows\System\OMZLGEx.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\gcVuJnA.exe
  C:\Windows\System\gcVuJnA.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\qEjtPeF.exe
  C:\Windows\System\qEjtPeF.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\dUdfJtU.exe
  C:\Windows\System\dUdfJtU.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\QCIbrpN.exe
  C:\Windows\System\QCIbrpN.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\FlReYrU.exe
  C:\Windows\System\FlReYrU.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\ZtyiKNU.exe
  C:\Windows\System\ZtyiKNU.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\IgytutQ.exe
  C:\Windows\System\IgytutQ.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\XlxANiS.exe
  C:\Windows\System\XlxANiS.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\CXsGpQo.exe
  C:\Windows\System\CXsGpQo.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\KqcyCdu.exe
  C:\Windows\System\KqcyCdu.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\EZGAlvn.exe
  C:\Windows\System\EZGAlvn.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\NJjiyak.exe
  C:\Windows\System\NJjiyak.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\FhAwtkO.exe
  C:\Windows\System\FhAwtkO.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\dgpOyUL.exe
  C:\Windows\System\dgpOyUL.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\MiHupHr.exe
  C:\Windows\System\MiHupHr.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\GnOqYtw.exe
  C:\Windows\System\GnOqYtw.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\qRXSBgz.exe
  C:\Windows\System\qRXSBgz.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\awkomhN.exe
  C:\Windows\System\awkomhN.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\TsRsvXQ.exe
  C:\Windows\System\TsRsvXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\mlPCPOI.exe
  C:\Windows\System\mlPCPOI.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\uoOqNZA.exe
  C:\Windows\System\uoOqNZA.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\AlwIKfk.exe
  C:\Windows\System\AlwIKfk.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\IjHfiNo.exe
  C:\Windows\System\IjHfiNo.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\LFMYjcx.exe
  C:\Windows\System\LFMYjcx.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\fiipNUS.exe
  C:\Windows\System\fiipNUS.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\YuSyxpv.exe
  C:\Windows\System\YuSyxpv.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\uZuTZDn.exe
  C:\Windows\System\uZuTZDn.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\ILJYVQw.exe
  C:\Windows\System\ILJYVQw.exe
  2⤵
  PID:1828
- C:\Windows\System\VdbVZlv.exe
  C:\Windows\System\VdbVZlv.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\fDfTyOn.exe
  C:\Windows\System\fDfTyOn.exe
  2⤵
  PID:2164
- C:\Windows\System\FgORUpu.exe
  C:\Windows\System\FgORUpu.exe
  2⤵
  PID:1652
- C:\Windows\System\xehELaV.exe
  C:\Windows\System\xehELaV.exe
  2⤵
  PID:1936
- C:\Windows\System\oSkURNF.exe
  C:\Windows\System\oSkURNF.exe
  2⤵
  PID:2244
- C:\Windows\System\CTiAQVE.exe
  C:\Windows\System\CTiAQVE.exe
  2⤵
  PID:1864
- C:\Windows\System\oBHkeBC.exe
  C:\Windows\System\oBHkeBC.exe
  2⤵
  PID:2044
- C:\Windows\System\TjCQGvr.exe
  C:\Windows\System\TjCQGvr.exe
  2⤵
  PID:1304
- C:\Windows\System\ozOUMjm.exe
  C:\Windows\System\ozOUMjm.exe
  2⤵
  PID:1120
- C:\Windows\System\BDUUVbS.exe
  C:\Windows\System\BDUUVbS.exe
  2⤵
  PID:1568
- C:\Windows\System\LOAlYOX.exe
  C:\Windows\System\LOAlYOX.exe
  2⤵
  PID:1480
- C:\Windows\System\MQUfIGk.exe
  C:\Windows\System\MQUfIGk.exe
  2⤵
  PID:1268
- C:\Windows\System\NainpFv.exe
  C:\Windows\System\NainpFv.exe
  2⤵
  PID:2264
- C:\Windows\System\GowTrfq.exe
  C:\Windows\System\GowTrfq.exe
  2⤵
  PID:3028
- C:\Windows\System\PvtKhVe.exe
  C:\Windows\System\PvtKhVe.exe
  2⤵
  PID:1624
- C:\Windows\System\eFEkCXE.exe
  C:\Windows\System\eFEkCXE.exe
  2⤵
  PID:2084
- C:\Windows\System\UyIeBaR.exe
  C:\Windows\System\UyIeBaR.exe
  2⤵
  PID:876
- C:\Windows\System\Ffbkaqw.exe
  C:\Windows\System\Ffbkaqw.exe
  2⤵
  PID:848
- C:\Windows\System\ZLqFbqq.exe
  C:\Windows\System\ZLqFbqq.exe
  2⤵
  PID:2792
- C:\Windows\System\VnASdcz.exe
  C:\Windows\System\VnASdcz.exe
  2⤵
  PID:2308
- C:\Windows\System\QAKcDlC.exe
  C:\Windows\System\QAKcDlC.exe
  2⤵
  PID:1440
- C:\Windows\System\ecANCLW.exe
  C:\Windows\System\ecANCLW.exe
  2⤵
  PID:1508
- C:\Windows\System\WMMaLst.exe
  C:\Windows\System\WMMaLst.exe
  2⤵
  PID:1528
- C:\Windows\System\sdfpxyN.exe
  C:\Windows\System\sdfpxyN.exe
  2⤵
  PID:2868
- C:\Windows\System\rnWuGxj.exe
  C:\Windows\System\rnWuGxj.exe
  2⤵
  PID:1744
- C:\Windows\System\CvnJGPc.exe
  C:\Windows\System\CvnJGPc.exe
  2⤵
  PID:1404
- C:\Windows\System\ARKRdVp.exe
  C:\Windows\System\ARKRdVp.exe
  2⤵
  PID:2796
- C:\Windows\System\qVKJvAI.exe
  C:\Windows\System\qVKJvAI.exe
  2⤵
  PID:2980
- C:\Windows\System\ZReQMnM.exe
  C:\Windows\System\ZReQMnM.exe
  2⤵
  PID:2760
- C:\Windows\System\XPUKlSu.exe
  C:\Windows\System\XPUKlSu.exe
  2⤵
  PID:1140
- C:\Windows\System\QUqicUR.exe
  C:\Windows\System\QUqicUR.exe
  2⤵
  PID:2248
- C:\Windows\System\MscWzcb.exe
  C:\Windows\System\MscWzcb.exe
  2⤵
  PID:1916
- C:\Windows\System\dxJLoKU.exe
  C:\Windows\System\dxJLoKU.exe
  2⤵
  PID:2216
- C:\Windows\System\zLFUKHk.exe
  C:\Windows\System\zLFUKHk.exe
  2⤵
  PID:2780
- C:\Windows\System\oIOGUiP.exe
  C:\Windows\System\oIOGUiP.exe
  2⤵
  PID:2232
- C:\Windows\System\nPplfMt.exe
  C:\Windows\System\nPplfMt.exe
  2⤵
  PID:344
- C:\Windows\System\yoSzqeg.exe
  C:\Windows\System\yoSzqeg.exe
  2⤵
  PID:2360
- C:\Windows\System\OpEzwox.exe
  C:\Windows\System\OpEzwox.exe
  2⤵
  PID:2964
- C:\Windows\System\esCusXU.exe
  C:\Windows\System\esCusXU.exe
  2⤵
  PID:2912
- C:\Windows\System\uCXRJIm.exe
  C:\Windows\System\uCXRJIm.exe
  2⤵
  PID:2932
- C:\Windows\System\URzLHMr.exe
  C:\Windows\System\URzLHMr.exe
  2⤵
  PID:2340
- C:\Windows\System\RtgEWux.exe
  C:\Windows\System\RtgEWux.exe
  2⤵
  PID:2128
- C:\Windows\System\LmeZvHZ.exe
  C:\Windows\System\LmeZvHZ.exe
  2⤵
  PID:2168
- C:\Windows\System\MkcKJwW.exe
  C:\Windows\System\MkcKJwW.exe
  2⤵
  PID:1468
- C:\Windows\System\yYgFrmc.exe
  C:\Windows\System\yYgFrmc.exe
  2⤵
  PID:1896
- C:\Windows\System\OlABLeR.exe
  C:\Windows\System\OlABLeR.exe
  2⤵
  PID:3088
- C:\Windows\System\LOBHqUV.exe
  C:\Windows\System\LOBHqUV.exe
  2⤵
  PID:3104
- C:\Windows\System\AuQdNtQ.exe
  C:\Windows\System\AuQdNtQ.exe
  2⤵
  PID:3124
- C:\Windows\System\VRaktlq.exe
  C:\Windows\System\VRaktlq.exe
  2⤵
  PID:3144
- C:\Windows\System\ykJJiLC.exe
  C:\Windows\System\ykJJiLC.exe
  2⤵
  PID:3164
- C:\Windows\System\KBADUHi.exe
  C:\Windows\System\KBADUHi.exe
  2⤵
  PID:3180
- C:\Windows\System\WMLEvwE.exe
  C:\Windows\System\WMLEvwE.exe
  2⤵
  PID:3200
- C:\Windows\System\HFYIUnm.exe
  C:\Windows\System\HFYIUnm.exe
  2⤵
  PID:3220
- C:\Windows\System\LZJsHrj.exe
  C:\Windows\System\LZJsHrj.exe
  2⤵
  PID:3236
- C:\Windows\System\eBPGTez.exe
  C:\Windows\System\eBPGTez.exe
  2⤵
  PID:3252
- C:\Windows\System\IioGgmt.exe
  C:\Windows\System\IioGgmt.exe
  2⤵
  PID:3272
- C:\Windows\System\AsIVJLG.exe
  C:\Windows\System\AsIVJLG.exe
  2⤵
  PID:3308
- C:\Windows\System\RjliGmm.exe
  C:\Windows\System\RjliGmm.exe
  2⤵
  PID:3328
- C:\Windows\System\EvbOWyC.exe
  C:\Windows\System\EvbOWyC.exe
  2⤵
  PID:3348
- C:\Windows\System\qdIzwMR.exe
  C:\Windows\System\qdIzwMR.exe
  2⤵
  PID:3364
- C:\Windows\System\QpAaOUb.exe
  C:\Windows\System\QpAaOUb.exe
  2⤵
  PID:3380
- C:\Windows\System\Jaeymgi.exe
  C:\Windows\System\Jaeymgi.exe
  2⤵
  PID:3400
- C:\Windows\System\SGQDpNc.exe
  C:\Windows\System\SGQDpNc.exe
  2⤵
  PID:3420
- C:\Windows\System\WEnopmk.exe
  C:\Windows\System\WEnopmk.exe
  2⤵
  PID:3436
- C:\Windows\System\dcOJKrX.exe
  C:\Windows\System\dcOJKrX.exe
  2⤵
  PID:3460
- C:\Windows\System\GejuaIg.exe
  C:\Windows\System\GejuaIg.exe
  2⤵
  PID:3476
- C:\Windows\System\ePoQiPE.exe
  C:\Windows\System\ePoQiPE.exe
  2⤵
  PID:3508
- C:\Windows\System\OnSTFJD.exe
  C:\Windows\System\OnSTFJD.exe
  2⤵
  PID:3524
- C:\Windows\System\Jsoxrzy.exe
  C:\Windows\System\Jsoxrzy.exe
  2⤵
  PID:3544
- C:\Windows\System\XigjnaK.exe
  C:\Windows\System\XigjnaK.exe
  2⤵
  PID:3560
- C:\Windows\System\sRbiIgJ.exe
  C:\Windows\System\sRbiIgJ.exe
  2⤵
  PID:3576
- C:\Windows\System\aPXwbfH.exe
  C:\Windows\System\aPXwbfH.exe
  2⤵
  PID:3600
- C:\Windows\System\yrjfbxx.exe
  C:\Windows\System\yrjfbxx.exe
  2⤵
  PID:3620
- C:\Windows\System\hEqXyKo.exe
  C:\Windows\System\hEqXyKo.exe
  2⤵
  PID:3636
- C:\Windows\System\tdVZqPJ.exe
  C:\Windows\System\tdVZqPJ.exe
  2⤵
  PID:3652
- C:\Windows\System\DDJHjeQ.exe
  C:\Windows\System\DDJHjeQ.exe
  2⤵
  PID:3672
- C:\Windows\System\DWwoKAi.exe
  C:\Windows\System\DWwoKAi.exe
  2⤵
  PID:3688
- C:\Windows\System\czvAuCm.exe
  C:\Windows\System\czvAuCm.exe
  2⤵
  PID:3704
- C:\Windows\System\HShSrFX.exe
  C:\Windows\System\HShSrFX.exe
  2⤵
  PID:3720
- C:\Windows\System\lohrlkR.exe
  C:\Windows\System\lohrlkR.exe
  2⤵
  PID:3736
- C:\Windows\System\tacoSdv.exe
  C:\Windows\System\tacoSdv.exe
  2⤵
  PID:3752
- C:\Windows\System\vCtpcZO.exe
  C:\Windows\System\vCtpcZO.exe
  2⤵
  PID:3768
- C:\Windows\System\vxsjNPj.exe
  C:\Windows\System\vxsjNPj.exe
  2⤵
  PID:3784
- C:\Windows\System\OaKYRNp.exe
  C:\Windows\System\OaKYRNp.exe
  2⤵
  PID:3800
- C:\Windows\System\RVsyuOS.exe
  C:\Windows\System\RVsyuOS.exe
  2⤵
  PID:3820
- C:\Windows\System\gbuZdMG.exe
  C:\Windows\System\gbuZdMG.exe
  2⤵
  PID:3848
- C:\Windows\System\kFFXqgU.exe
  C:\Windows\System\kFFXqgU.exe
  2⤵
  PID:3864
- C:\Windows\System\PuGLIDh.exe
  C:\Windows\System\PuGLIDh.exe
  2⤵
  PID:3884
- C:\Windows\System\EAAjZUB.exe
  C:\Windows\System\EAAjZUB.exe
  2⤵
  PID:3900
- C:\Windows\System\CeoKOIv.exe
  C:\Windows\System\CeoKOIv.exe
  2⤵
  PID:3924
- C:\Windows\System\vaSUWwl.exe
  C:\Windows\System\vaSUWwl.exe
  2⤵
  PID:3944
- C:\Windows\System\cxUvbZg.exe
  C:\Windows\System\cxUvbZg.exe
  2⤵
  PID:3964
- C:\Windows\System\vadPDvn.exe
  C:\Windows\System\vadPDvn.exe
  2⤵
  PID:4080
- C:\Windows\System\fTfGhGx.exe
  C:\Windows\System\fTfGhGx.exe
  2⤵
  PID:2856
- C:\Windows\System\pTJPeFQ.exe
  C:\Windows\System\pTJPeFQ.exe
  2⤵
  PID:1196
- C:\Windows\System\GGKqPcs.exe
  C:\Windows\System\GGKqPcs.exe
  2⤵
  PID:3060
- C:\Windows\System\iSyHboS.exe
  C:\Windows\System\iSyHboS.exe
  2⤵
  PID:2176
- C:\Windows\System\LkOwYBp.exe
  C:\Windows\System\LkOwYBp.exe
  2⤵
  PID:2088
- C:\Windows\System\SePKcEB.exe
  C:\Windows\System\SePKcEB.exe
  2⤵
  PID:1520
- C:\Windows\System\JCiROWG.exe
  C:\Windows\System\JCiROWG.exe
  2⤵
  PID:784
- C:\Windows\System\LmeMsCm.exe
  C:\Windows\System\LmeMsCm.exe
  2⤵
  PID:3084
- C:\Windows\System\sybPJgZ.exe
  C:\Windows\System\sybPJgZ.exe
  2⤵
  PID:3120
- C:\Windows\System\YkWyOnz.exe
  C:\Windows\System\YkWyOnz.exe
  2⤵
  PID:3192
- C:\Windows\System\DJSuIBF.exe
  C:\Windows\System\DJSuIBF.exe
  2⤵
  PID:1424
- C:\Windows\System\ltnRqLF.exe
  C:\Windows\System\ltnRqLF.exe
  2⤵
  PID:3024
- C:\Windows\System\xYfjDrv.exe
  C:\Windows\System\xYfjDrv.exe
  2⤵
  PID:3264
- C:\Windows\System\ZTLQmCo.exe
  C:\Windows\System\ZTLQmCo.exe
  2⤵
  PID:3212
- C:\Windows\System\iwxUIBD.exe
  C:\Windows\System\iwxUIBD.exe
  2⤵
  PID:3320
- C:\Windows\System\qUEsXyH.exe
  C:\Windows\System\qUEsXyH.exe
  2⤵
  PID:3396
- C:\Windows\System\HclFWqd.exe
  C:\Windows\System\HclFWqd.exe
  2⤵
  PID:3176
- C:\Windows\System\UbVDWTE.exe
  C:\Windows\System\UbVDWTE.exe
  2⤵
  PID:3552
- C:\Windows\System\WStbwoe.exe
  C:\Windows\System\WStbwoe.exe
  2⤵
  PID:3596
- C:\Windows\System\TXSSbbC.exe
  C:\Windows\System\TXSSbbC.exe
  2⤵
  PID:3668
- C:\Windows\System\xnAzKyU.exe
  C:\Windows\System\xnAzKyU.exe
  2⤵
  PID:3732
- C:\Windows\System\SCoXVNW.exe
  C:\Windows\System\SCoXVNW.exe
  2⤵
  PID:3796
- C:\Windows\System\oVKjIRR.exe
  C:\Windows\System\oVKjIRR.exe
  2⤵
  PID:3280
- C:\Windows\System\jnOenLD.exe
  C:\Windows\System\jnOenLD.exe
  2⤵
  PID:3300
- C:\Windows\System\KvsxAkR.exe
  C:\Windows\System\KvsxAkR.exe
  2⤵
  PID:3344
- C:\Windows\System\feDJaIS.exe
  C:\Windows\System\feDJaIS.exe
  2⤵
  PID:3876
- C:\Windows\System\ANktZMs.exe
  C:\Windows\System\ANktZMs.exe
  2⤵
  PID:3452
- C:\Windows\System\HNFdUYA.exe
  C:\Windows\System\HNFdUYA.exe
  2⤵
  PID:3916
- C:\Windows\System\hwzTWWC.exe
  C:\Windows\System\hwzTWWC.exe
  2⤵
  PID:3488
- C:\Windows\System\yygQIXP.exe
  C:\Windows\System\yygQIXP.exe
  2⤵
  PID:3960
- C:\Windows\System\GpxZLTd.exe
  C:\Windows\System\GpxZLTd.exe
  2⤵
  PID:3540
- C:\Windows\System\rdGngxG.exe
  C:\Windows\System\rdGngxG.exe
  2⤵
  PID:3712
- C:\Windows\System\suJRSCo.exe
  C:\Windows\System\suJRSCo.exe
  2⤵
  PID:3896
- C:\Windows\System\YXQslZB.exe
  C:\Windows\System\YXQslZB.exe
  2⤵
  PID:3972
- C:\Windows\System\HbRbWiy.exe
  C:\Windows\System\HbRbWiy.exe
  2⤵
  PID:3648
- C:\Windows\System\eXguTtb.exe
  C:\Windows\System\eXguTtb.exe
  2⤵
  PID:3568
- C:\Windows\System\bfPoXGc.exe
  C:\Windows\System\bfPoXGc.exe
  2⤵
  PID:4044
- C:\Windows\System\mBrisOl.exe
  C:\Windows\System\mBrisOl.exe
  2⤵
  PID:4076
- C:\Windows\System\RlZQuvq.exe
  C:\Windows\System\RlZQuvq.exe
  2⤵
  PID:4092
- C:\Windows\System\SYdWixI.exe
  C:\Windows\System\SYdWixI.exe
  2⤵
  PID:2504
- C:\Windows\System\NmFfhNY.exe
  C:\Windows\System\NmFfhNY.exe
  2⤵
  PID:2988
- C:\Windows\System\YCVCCNN.exe
  C:\Windows\System\YCVCCNN.exe
  2⤵
  PID:4068
- C:\Windows\System\EJnHAQF.exe
  C:\Windows\System\EJnHAQF.exe
  2⤵
  PID:1692
- C:\Windows\System\BHqAZyw.exe
  C:\Windows\System\BHqAZyw.exe
  2⤵
  PID:2380
- C:\Windows\System\IlJMsSw.exe
  C:\Windows\System\IlJMsSw.exe
  2⤵
  PID:3324
- C:\Windows\System\KweUNcO.exe
  C:\Windows\System\KweUNcO.exe
  2⤵
  PID:3468
- C:\Windows\System\IfhFGEF.exe
  C:\Windows\System\IfhFGEF.exe
  2⤵
  PID:3080
- C:\Windows\System\IKdNtsb.exe
  C:\Windows\System\IKdNtsb.exe
  2⤵
  PID:3700
- C:\Windows\System\HWQftDC.exe
  C:\Windows\System\HWQftDC.exe
  2⤵
  PID:3840
- C:\Windows\System\AtvvhAI.exe
  C:\Windows\System\AtvvhAI.exe
  2⤵
  PID:3100
- C:\Windows\System\KASyhdc.exe
  C:\Windows\System\KASyhdc.exe
  2⤵
  PID:3360
- C:\Windows\System\fVNSOzZ.exe
  C:\Windows\System\fVNSOzZ.exe
  2⤵
  PID:3444
- C:\Windows\System\wQjNLVv.exe
  C:\Windows\System\wQjNLVv.exe
  2⤵
  PID:3500
- C:\Windows\System\xdLZIRu.exe
  C:\Windows\System\xdLZIRu.exe
  2⤵
  PID:3880
- C:\Windows\System\AKbNgig.exe
  C:\Windows\System\AKbNgig.exe
  2⤵
  PID:3408
- C:\Windows\System\olqgSEc.exe
  C:\Windows\System\olqgSEc.exe
  2⤵
  PID:3776
- C:\Windows\System\fjaDXsS.exe
  C:\Windows\System\fjaDXsS.exe
  2⤵
  PID:3812
- C:\Windows\System\DbQBxEr.exe
  C:\Windows\System\DbQBxEr.exe
  2⤵
  PID:3684
- C:\Windows\System\lRIQIBf.exe
  C:\Windows\System\lRIQIBf.exe
  2⤵
  PID:2260
- C:\Windows\System\plLrwqX.exe
  C:\Windows\System\plLrwqX.exe
  2⤵
  PID:3612
- C:\Windows\System\OwSPbuA.exe
  C:\Windows\System\OwSPbuA.exe
  2⤵
  PID:592
- C:\Windows\System\ROHiIjG.exe
  C:\Windows\System\ROHiIjG.exe
  2⤵
  PID:3228
- C:\Windows\System\mexnXNY.exe
  C:\Windows\System\mexnXNY.exe
  2⤵
  PID:2884
- C:\Windows\System\UmhSsEV.exe
  C:\Windows\System\UmhSsEV.exe
  2⤵
  PID:3608
- C:\Windows\System\BAEjlFE.exe
  C:\Windows\System\BAEjlFE.exe
  2⤵
  PID:3140
- C:\Windows\System\HSGmTgu.exe
  C:\Windows\System\HSGmTgu.exe
  2⤵
  PID:3920
- C:\Windows\System\SewltWf.exe
  C:\Windows\System\SewltWf.exe
  2⤵
  PID:296
- C:\Windows\System\XIFtpFt.exe
  C:\Windows\System\XIFtpFt.exe
  2⤵
  PID:348
- C:\Windows\System\qpcAMQf.exe
  C:\Windows\System\qpcAMQf.exe
  2⤵
  PID:3208
- C:\Windows\System\kwgeGPR.exe
  C:\Windows\System\kwgeGPR.exe
  2⤵
  PID:3588
- C:\Windows\System\JmePBPq.exe
  C:\Windows\System\JmePBPq.exe
  2⤵
  PID:3152
- C:\Windows\System\nknkUih.exe
  C:\Windows\System\nknkUih.exe
  2⤵
  PID:3628
- C:\Windows\System\CARcIOR.exe
  C:\Windows\System\CARcIOR.exe
  2⤵
  PID:2808
- C:\Windows\System\MNfxAin.exe
  C:\Windows\System\MNfxAin.exe
  2⤵
  PID:2636
- C:\Windows\System\bHYTkBe.exe
  C:\Windows\System\bHYTkBe.exe
  2⤵
  PID:1972
- C:\Windows\System\DulkjFE.exe
  C:\Windows\System\DulkjFE.exe
  2⤵
  PID:2096
- C:\Windows\System\MmZUqCc.exe
  C:\Windows\System\MmZUqCc.exe
  2⤵
  PID:2924
- C:\Windows\System\WPdndKS.exe
  C:\Windows\System\WPdndKS.exe
  2⤵
  PID:3780
- C:\Windows\System\JIMVyxw.exe
  C:\Windows\System\JIMVyxw.exe
  2⤵
  PID:3832
- C:\Windows\System\cjszoyn.exe
  C:\Windows\System\cjszoyn.exe
  2⤵
  PID:1644
- C:\Windows\System\NsJPgoZ.exe
  C:\Windows\System\NsJPgoZ.exe
  2⤵
  PID:2024
- C:\Windows\System\BtEVNpW.exe
  C:\Windows\System\BtEVNpW.exe
  2⤵
  PID:3172
- C:\Windows\System\jEWCRQH.exe
  C:\Windows\System\jEWCRQH.exe
  2⤵
  PID:3520
- C:\Windows\System\SVUlVpS.exe
  C:\Windows\System\SVUlVpS.exe
  2⤵
  PID:2684
- C:\Windows\System\kkYJgub.exe
  C:\Windows\System\kkYJgub.exe
  2⤵
  PID:2296
- C:\Windows\System\GeFeink.exe
  C:\Windows\System\GeFeink.exe
  2⤵
  PID:1924
- C:\Windows\System\iLoQJEd.exe
  C:\Windows\System\iLoQJEd.exe
  2⤵
  PID:2192
- C:\Windows\System\CQMXsDW.exe
  C:\Windows\System\CQMXsDW.exe
  2⤵
  PID:3908
- C:\Windows\System\aZknbzH.exe
  C:\Windows\System\aZknbzH.exe
  2⤵
  PID:2892
- C:\Windows\System\UUQSMcd.exe
  C:\Windows\System\UUQSMcd.exe
  2⤵
  PID:2104
- C:\Windows\System\QEJUryC.exe
  C:\Windows\System\QEJUryC.exe
  2⤵
  PID:1412
- C:\Windows\System\PrkzaEm.exe
  C:\Windows\System\PrkzaEm.exe
  2⤵
  PID:1736
- C:\Windows\System\hLkbIax.exe
  C:\Windows\System\hLkbIax.exe
  2⤵
  PID:1200
- C:\Windows\System\EPIKLVm.exe
  C:\Windows\System\EPIKLVm.exe
  2⤵
  PID:3536
- C:\Windows\System\YDkQmgd.exe
  C:\Windows\System\YDkQmgd.exe
  2⤵
  PID:4088
- C:\Windows\System\pZownuK.exe
  C:\Windows\System\pZownuK.exe
  2⤵
  PID:3912
- C:\Windows\System\dvJRFqH.exe
  C:\Windows\System\dvJRFqH.exe
  2⤵
  PID:3584
- C:\Windows\System\DJXnzXd.exe
  C:\Windows\System\DJXnzXd.exe
  2⤵
  PID:2744
- C:\Windows\System\rdvnMFq.exe
  C:\Windows\System\rdvnMFq.exe
  2⤵
  PID:1712
- C:\Windows\System\cfAdWpH.exe
  C:\Windows\System\cfAdWpH.exe
  2⤵
  PID:2028
- C:\Windows\System\oDPKJiu.exe
  C:\Windows\System\oDPKJiu.exe
  2⤵
  PID:2708
- C:\Windows\System\NOWjIJE.exe
  C:\Windows\System\NOWjIJE.exe
  2⤵
  PID:2512
- C:\Windows\System\VzeOTTU.exe
  C:\Windows\System\VzeOTTU.exe
  2⤵
  PID:4036
- C:\Windows\System\KieyCzt.exe
  C:\Windows\System\KieyCzt.exe
  2⤵
  PID:3260
- C:\Windows\System\IiHZufm.exe
  C:\Windows\System\IiHZufm.exe
  2⤵
  PID:2068
- C:\Windows\System\mDqfDBx.exe
  C:\Windows\System\mDqfDBx.exe
  2⤵
  PID:3532
- C:\Windows\System\qqgmvFB.exe
  C:\Windows\System\qqgmvFB.exe
  2⤵
  PID:4112
- C:\Windows\System\CkwGSBL.exe
  C:\Windows\System\CkwGSBL.exe
  2⤵
  PID:4128
- C:\Windows\System\XHcSPGx.exe
  C:\Windows\System\XHcSPGx.exe
  2⤵
  PID:4144
- C:\Windows\System\XpDLVOU.exe
  C:\Windows\System\XpDLVOU.exe
  2⤵
  PID:4160
- C:\Windows\System\eDXMLFG.exe
  C:\Windows\System\eDXMLFG.exe
  2⤵
  PID:4180
- C:\Windows\System\sIMFIQq.exe
  C:\Windows\System\sIMFIQq.exe
  2⤵
  PID:4244
- C:\Windows\System\vOvMrna.exe
  C:\Windows\System\vOvMrna.exe
  2⤵
  PID:4264
- C:\Windows\System\qKWdxZk.exe
  C:\Windows\System\qKWdxZk.exe
  2⤵
  PID:4280
- C:\Windows\System\fMTwnnS.exe
  C:\Windows\System\fMTwnnS.exe
  2⤵
  PID:4308
- C:\Windows\System\XOUPloX.exe
  C:\Windows\System\XOUPloX.exe
  2⤵
  PID:4332
- C:\Windows\System\lpRQoZx.exe
  C:\Windows\System\lpRQoZx.exe
  2⤵
  PID:4352
- C:\Windows\System\bcCaALA.exe
  C:\Windows\System\bcCaALA.exe
  2⤵
  PID:4372
- C:\Windows\System\PKlSGha.exe
  C:\Windows\System\PKlSGha.exe
  2⤵
  PID:4388
- C:\Windows\System\bPLlwzN.exe
  C:\Windows\System\bPLlwzN.exe
  2⤵
  PID:4404
- C:\Windows\System\XIsWkPa.exe
  C:\Windows\System\XIsWkPa.exe
  2⤵
  PID:4420
- C:\Windows\System\fOpMyFC.exe
  C:\Windows\System\fOpMyFC.exe
  2⤵
  PID:4436
- C:\Windows\System\eabJFPI.exe
  C:\Windows\System\eabJFPI.exe
  2⤵
  PID:4452
- C:\Windows\System\gAZXKnV.exe
  C:\Windows\System\gAZXKnV.exe
  2⤵
  PID:4468
- C:\Windows\System\JdnvdFM.exe
  C:\Windows\System\JdnvdFM.exe
  2⤵
  PID:4488
- C:\Windows\System\ypfYkIj.exe
  C:\Windows\System\ypfYkIj.exe
  2⤵
  PID:4532
- C:\Windows\System\qYEVZIQ.exe
  C:\Windows\System\qYEVZIQ.exe
  2⤵
  PID:4556
- C:\Windows\System\zVlIxiR.exe
  C:\Windows\System\zVlIxiR.exe
  2⤵
  PID:4572
- C:\Windows\System\cJkKLeL.exe
  C:\Windows\System\cJkKLeL.exe
  2⤵
  PID:4588
- C:\Windows\System\rfWenyV.exe
  C:\Windows\System\rfWenyV.exe
  2⤵
  PID:4604
- C:\Windows\System\lhyMnks.exe
  C:\Windows\System\lhyMnks.exe
  2⤵
  PID:4620
- C:\Windows\System\SGuNGED.exe
  C:\Windows\System\SGuNGED.exe
  2⤵
  PID:4640
- C:\Windows\System\cQOEQfs.exe
  C:\Windows\System\cQOEQfs.exe
  2⤵
  PID:4656
- C:\Windows\System\JzRBcnj.exe
  C:\Windows\System\JzRBcnj.exe
  2⤵
  PID:4676
- C:\Windows\System\VLYajvn.exe
  C:\Windows\System\VLYajvn.exe
  2⤵
  PID:4692
- C:\Windows\System\LMkownz.exe
  C:\Windows\System\LMkownz.exe
  2⤵
  PID:4740
- C:\Windows\System\uTMLvPp.exe
  C:\Windows\System\uTMLvPp.exe
  2⤵
  PID:4756
- C:\Windows\System\IvCdUUD.exe
  C:\Windows\System\IvCdUUD.exe
  2⤵
  PID:4772
- C:\Windows\System\WHPUBzx.exe
  C:\Windows\System\WHPUBzx.exe
  2⤵
  PID:4788
- C:\Windows\System\WTuaIBb.exe
  C:\Windows\System\WTuaIBb.exe
  2⤵
  PID:4804
- C:\Windows\System\RmUSdUL.exe
  C:\Windows\System\RmUSdUL.exe
  2⤵
  PID:4820
- C:\Windows\System\mOGWCmN.exe
  C:\Windows\System\mOGWCmN.exe
  2⤵
  PID:4840
- C:\Windows\System\FhdfDzp.exe
  C:\Windows\System\FhdfDzp.exe
  2⤵
  PID:4856
- C:\Windows\System\qREdWfZ.exe
  C:\Windows\System\qREdWfZ.exe
  2⤵
  PID:4880
- C:\Windows\System\slnSByl.exe
  C:\Windows\System\slnSByl.exe
  2⤵
  PID:4896
- C:\Windows\System\EchwmSN.exe
  C:\Windows\System\EchwmSN.exe
  2⤵
  PID:4912
- C:\Windows\System\jBLITEV.exe
  C:\Windows\System\jBLITEV.exe
  2⤵
  PID:4928
- C:\Windows\System\CwxXCBD.exe
  C:\Windows\System\CwxXCBD.exe
  2⤵
  PID:4948
- C:\Windows\System\yAUPvLp.exe
  C:\Windows\System\yAUPvLp.exe
  2⤵
  PID:4964
- C:\Windows\System\UASalRZ.exe
  C:\Windows\System\UASalRZ.exe
  2⤵
  PID:4980
- C:\Windows\System\iuDDdTS.exe
  C:\Windows\System\iuDDdTS.exe
  2⤵
  PID:4996
- C:\Windows\System\MLVcGoE.exe
  C:\Windows\System\MLVcGoE.exe
  2⤵
  PID:5012
- C:\Windows\System\jEgsGsF.exe
  C:\Windows\System\jEgsGsF.exe
  2⤵
  PID:5040
- C:\Windows\System\PbYwxnA.exe
  C:\Windows\System\PbYwxnA.exe
  2⤵
  PID:5060
- C:\Windows\System\PQyvbEi.exe
  C:\Windows\System\PQyvbEi.exe
  2⤵
  PID:5080
- C:\Windows\System\YmpfQmg.exe
  C:\Windows\System\YmpfQmg.exe
  2⤵
  PID:5104
- C:\Windows\System\bBiXzrB.exe
  C:\Windows\System\bBiXzrB.exe
  2⤵
  PID:2400
- C:\Windows\System\tokvbvr.exe
  C:\Windows\System\tokvbvr.exe
  2⤵
  PID:2500
- C:\Windows\System\qlGEYAJ.exe
  C:\Windows\System\qlGEYAJ.exe
  2⤵
  PID:2968
- C:\Windows\System\fLmcfst.exe
  C:\Windows\System\fLmcfst.exe
  2⤵
  PID:2608
- C:\Windows\System\SBcnvxa.exe
  C:\Windows\System\SBcnvxa.exe
  2⤵
  PID:3016
- C:\Windows\System\ngXItYy.exe
  C:\Windows\System\ngXItYy.exe
  2⤵
  PID:4140
- C:\Windows\System\aNRGLOs.exe
  C:\Windows\System\aNRGLOs.exe
  2⤵
  PID:4120
- C:\Windows\System\UoOyBEE.exe
  C:\Windows\System\UoOyBEE.exe
  2⤵
  PID:4192
- C:\Windows\System\XNHjAhq.exe
  C:\Windows\System\XNHjAhq.exe
  2⤵
  PID:4212
- C:\Windows\System\UhlIZZp.exe
  C:\Windows\System\UhlIZZp.exe
  2⤵
  PID:4228
- C:\Windows\System\RVVeGCv.exe
  C:\Windows\System\RVVeGCv.exe
  2⤵
  PID:1772
- C:\Windows\System\tDmSPSU.exe
  C:\Windows\System\tDmSPSU.exe
  2⤵
  PID:1668
- C:\Windows\System\QzstLDh.exe
  C:\Windows\System\QzstLDh.exe
  2⤵
  PID:4252
- C:\Windows\System\BxgGnse.exe
  C:\Windows\System\BxgGnse.exe
  2⤵
  PID:3044
- C:\Windows\System\XCJZPff.exe
  C:\Windows\System\XCJZPff.exe
  2⤵
  PID:4296
- C:\Windows\System\oefuSXO.exe
  C:\Windows\System\oefuSXO.exe
  2⤵
  PID:1180
- C:\Windows\System\UJyDTwq.exe
  C:\Windows\System\UJyDTwq.exe
  2⤵
  PID:4368
- C:\Windows\System\uNJFfJl.exe
  C:\Windows\System\uNJFfJl.exe
  2⤵
  PID:4432
- C:\Windows\System\cxMJIET.exe
  C:\Windows\System\cxMJIET.exe
  2⤵
  PID:4504
- C:\Windows\System\TpuVUxc.exe
  C:\Windows\System\TpuVUxc.exe
  2⤵
  PID:4648
- C:\Windows\System\BnIiQFW.exe
  C:\Windows\System\BnIiQFW.exe
  2⤵
  PID:4596
- C:\Windows\System\pmNuJth.exe
  C:\Windows\System\pmNuJth.exe
  2⤵
  PID:4668
- C:\Windows\System\bulldau.exe
  C:\Windows\System\bulldau.exe
  2⤵
  PID:4720
- C:\Windows\System\nzqRrTm.exe
  C:\Windows\System\nzqRrTm.exe
  2⤵
  PID:4736
- C:\Windows\System\AQvkJqu.exe
  C:\Windows\System\AQvkJqu.exe
  2⤵
  PID:4584
- C:\Windows\System\LaxUhqY.exe
  C:\Windows\System\LaxUhqY.exe
  2⤵
  PID:2460
- C:\Windows\System\TnSOkeR.exe
  C:\Windows\System\TnSOkeR.exe
  2⤵
  PID:4828
- C:\Windows\System\xgFFKmb.exe
  C:\Windows\System\xgFFKmb.exe
  2⤵
  PID:4876
- C:\Windows\System\JlADEAL.exe
  C:\Windows\System\JlADEAL.exe
  2⤵
  PID:4892
- C:\Windows\System\AdEWzGx.exe
  C:\Windows\System\AdEWzGx.exe
  2⤵
  PID:4748
- C:\Windows\System\PGGhjuP.exe
  C:\Windows\System\PGGhjuP.exe
  2⤵
  PID:4992
- C:\Windows\System\ouhevbX.exe
  C:\Windows\System\ouhevbX.exe
  2⤵
  PID:5032
- C:\Windows\System\fopvZkN.exe
  C:\Windows\System\fopvZkN.exe
  2⤵
  PID:2632
- C:\Windows\System\LLfBhoV.exe
  C:\Windows\System\LLfBhoV.exe
  2⤵
  PID:3936
- C:\Windows\System\rSEcaRM.exe
  C:\Windows\System\rSEcaRM.exe
  2⤵
  PID:2620
- C:\Windows\System\WjeWswr.exe
  C:\Windows\System\WjeWswr.exe
  2⤵
  PID:4940
- C:\Windows\System\fHpzNiG.exe
  C:\Windows\System\fHpzNiG.exe
  2⤵
  PID:2004
- C:\Windows\System\fornKuE.exe
  C:\Windows\System\fornKuE.exe
  2⤵
  PID:5076
- C:\Windows\System\wbMXXfT.exe
  C:\Windows\System\wbMXXfT.exe
  2⤵
  PID:4196
- C:\Windows\System\OBVnuWZ.exe
  C:\Windows\System\OBVnuWZ.exe
  2⤵
  PID:4328
- C:\Windows\System\likHicr.exe
  C:\Windows\System\likHicr.exe
  2⤵
  PID:4400
- C:\Windows\System\VCqwjnr.exe
  C:\Windows\System\VCqwjnr.exe
  2⤵
  PID:5008
- C:\Windows\System\KQRHYZg.exe
  C:\Windows\System\KQRHYZg.exe
  2⤵
  PID:5092
- C:\Windows\System\qKdQWZf.exe
  C:\Windows\System\qKdQWZf.exe
  2⤵
  PID:3860
- C:\Windows\System\byuvRbd.exe
  C:\Windows\System\byuvRbd.exe
  2⤵
  PID:4108
- C:\Windows\System\lZgXfgE.exe
  C:\Windows\System\lZgXfgE.exe
  2⤵
  PID:4188
- C:\Windows\System\AqyYMRW.exe
  C:\Windows\System\AqyYMRW.exe
  2⤵
  PID:4272
- C:\Windows\System\ypAcIof.exe
  C:\Windows\System\ypAcIof.exe
  2⤵
  PID:448
- C:\Windows\System\OVbCyco.exe
  C:\Windows\System\OVbCyco.exe
  2⤵
  PID:4476
- C:\Windows\System\hnbckPn.exe
  C:\Windows\System\hnbckPn.exe
  2⤵
  PID:4384
- C:\Windows\System\PSkjvEu.exe
  C:\Windows\System\PSkjvEu.exe
  2⤵
  PID:4528
- C:\Windows\System\PNEzNgW.exe
  C:\Windows\System\PNEzNgW.exe
  2⤵
  PID:4444
- C:\Windows\System\QiATClN.exe
  C:\Windows\System\QiATClN.exe
  2⤵
  PID:2768
- C:\Windows\System\wToFwZs.exe
  C:\Windows\System\wToFwZs.exe
  2⤵
  PID:2612
- C:\Windows\System\PosFJFe.exe
  C:\Windows\System\PosFJFe.exe
  2⤵
  PID:4684
- C:\Windows\System\zLLaGfv.exe
  C:\Windows\System\zLLaGfv.exe
  2⤵
  PID:4848
- C:\Windows\System\bOUgjsw.exe
  C:\Windows\System\bOUgjsw.exe
  2⤵
  PID:4780
- C:\Windows\System\StMUIBU.exe
  C:\Windows\System\StMUIBU.exe
  2⤵
  PID:5116
- C:\Windows\System\XFZjfgz.exe
  C:\Windows\System\XFZjfgz.exe
  2⤵
  PID:4208
- C:\Windows\System\mOnZFCP.exe
  C:\Windows\System\mOnZFCP.exe
  2⤵
  PID:2836
- C:\Windows\System\lzBuPNf.exe
  C:\Windows\System\lzBuPNf.exe
  2⤵
  PID:4172
- C:\Windows\System\KrHEJBg.exe
  C:\Windows\System\KrHEJBg.exe
  2⤵
  PID:1488
- C:\Windows\System\hIrNgQf.exe
  C:\Windows\System\hIrNgQf.exe
  2⤵
  PID:4544
- C:\Windows\System\bNkAMuO.exe
  C:\Windows\System\bNkAMuO.exe
  2⤵
  PID:388
- C:\Windows\System\xiwDbFM.exe
  C:\Windows\System\xiwDbFM.exe
  2⤵
  PID:4712
- C:\Windows\System\RqFwcSX.exe
  C:\Windows\System\RqFwcSX.exe
  2⤵
  PID:2840
- C:\Windows\System\aXqqNrJ.exe
  C:\Windows\System\aXqqNrJ.exe
  2⤵
  PID:4448
- C:\Windows\System\jsofAWK.exe
  C:\Windows\System\jsofAWK.exe
  2⤵
  PID:4700
- C:\Windows\System\gXhWtnJ.exe
  C:\Windows\System\gXhWtnJ.exe
  2⤵
  PID:4652
- C:\Windows\System\YzanuMT.exe
  C:\Windows\System\YzanuMT.exe
  2⤵
  PID:2752
- C:\Windows\System\UknMrHI.exe
  C:\Windows\System\UknMrHI.exe
  2⤵
  PID:5052
- C:\Windows\System\ISmAeRI.exe
  C:\Windows\System\ISmAeRI.exe
  2⤵
  PID:4976
- C:\Windows\System\OqXEpWg.exe
  C:\Windows\System\OqXEpWg.exe
  2⤵
  PID:3664
- C:\Windows\System\lfoxXZx.exe
  C:\Windows\System\lfoxXZx.exe
  2⤵
  PID:4320
- C:\Windows\System\HBLEhUa.exe
  C:\Windows\System\HBLEhUa.exe
  2⤵
  PID:2208
- C:\Windows\System\sLHRZqB.exe
  C:\Windows\System\sLHRZqB.exe
  2⤵
  PID:4812
- C:\Windows\System\BRLGGOf.exe
  C:\Windows\System\BRLGGOf.exe
  2⤵
  PID:5088
- C:\Windows\System\RQRLWam.exe
  C:\Windows\System\RQRLWam.exe
  2⤵
  PID:2440
- C:\Windows\System\aMmvIxr.exe
  C:\Windows\System\aMmvIxr.exe
  2⤵
  PID:1696
- C:\Windows\System\yYpgVHB.exe
  C:\Windows\System\yYpgVHB.exe
  2⤵
  PID:1572
- C:\Windows\System\QltwwtU.exe
  C:\Windows\System\QltwwtU.exe
  2⤵
  PID:4864
- C:\Windows\System\VXCrZAb.exe
  C:\Windows\System\VXCrZAb.exe
  2⤵
  PID:1952
- C:\Windows\System\QGKEcOo.exe
  C:\Windows\System\QGKEcOo.exe
  2⤵
  PID:4908
- C:\Windows\System\eMAJiLj.exe
  C:\Windows\System\eMAJiLj.exe
  2⤵
  PID:320
- C:\Windows\System\EAvxkmC.exe
  C:\Windows\System\EAvxkmC.exe
  2⤵
  PID:1400
- C:\Windows\System\JMtMzvC.exe
  C:\Windows\System\JMtMzvC.exe
  2⤵
  PID:4708
- C:\Windows\System\uPKHUNf.exe
  C:\Windows\System\uPKHUNf.exe
  2⤵
  PID:5024
- C:\Windows\System\xcNRNtU.exe
  C:\Windows\System\xcNRNtU.exe
  2⤵
  PID:4176
- C:\Windows\System\zGVXIoo.exe
  C:\Windows\System\zGVXIoo.exe
  2⤵
  PID:4204
- C:\Windows\System\CvVYfql.exe
  C:\Windows\System\CvVYfql.exe
  2⤵
  PID:4520
- C:\Windows\System\wkJfUDQ.exe
  C:\Windows\System\wkJfUDQ.exe
  2⤵
  PID:4316
- C:\Windows\System\CsfiKyc.exe
  C:\Windows\System\CsfiKyc.exe
  2⤵
  PID:3284
- C:\Windows\System\nTeOTcv.exe
  C:\Windows\System\nTeOTcv.exe
  2⤵
  PID:5068
- C:\Windows\System\ylldHlA.exe
  C:\Windows\System\ylldHlA.exe
  2⤵
  PID:2772
- C:\Windows\System\GFdVuRz.exe
  C:\Windows\System\GFdVuRz.exe
  2⤵
  PID:4664
- C:\Windows\System\tGvGbdJ.exe
  C:\Windows\System\tGvGbdJ.exe
  2⤵
  PID:5100
- C:\Windows\System\gCjvlYF.exe
  C:\Windows\System\gCjvlYF.exe
  2⤵
  PID:3296
- C:\Windows\System\ibsKGeB.exe
  C:\Windows\System\ibsKGeB.exe
  2⤵
  PID:1680
- C:\Windows\System\mJDhbVU.exe
  C:\Windows\System\mJDhbVU.exe
  2⤵
  PID:4300
- C:\Windows\System\ZbiYoTf.exe
  C:\Windows\System\ZbiYoTf.exe
  2⤵
  PID:2080
- C:\Windows\System\AWlZKRZ.exe
  C:\Windows\System\AWlZKRZ.exe
  2⤵
  PID:4956
- C:\Windows\System\VhDPZWb.exe
  C:\Windows\System\VhDPZWb.exe
  2⤵
  PID:628
- C:\Windows\System\OkatPWw.exe
  C:\Windows\System\OkatPWw.exe
  2⤵
  PID:4728
- C:\Windows\System\ydSqhHI.exe
  C:\Windows\System\ydSqhHI.exe
  2⤵
  PID:5128
- C:\Windows\System\mKjSBkt.exe
  C:\Windows\System\mKjSBkt.exe
  2⤵
  PID:5144
- C:\Windows\System\sfMPooB.exe
  C:\Windows\System\sfMPooB.exe
  2⤵
  PID:5160
- C:\Windows\System\VZvdwCJ.exe
  C:\Windows\System\VZvdwCJ.exe
  2⤵
  PID:5176
- C:\Windows\System\zzSXNvq.exe
  C:\Windows\System\zzSXNvq.exe
  2⤵
  PID:5192
- C:\Windows\System\tGOqKRe.exe
  C:\Windows\System\tGOqKRe.exe
  2⤵
  PID:5208
- C:\Windows\System\IEUCOOo.exe
  C:\Windows\System\IEUCOOo.exe
  2⤵
  PID:5224
- C:\Windows\System\GzisUoq.exe
  C:\Windows\System\GzisUoq.exe
  2⤵
  PID:5240
- C:\Windows\System\EEppfmW.exe
  C:\Windows\System\EEppfmW.exe
  2⤵
  PID:5256
- C:\Windows\System\yKefkMU.exe
  C:\Windows\System\yKefkMU.exe
  2⤵
  PID:5272
- C:\Windows\System\XaxWLdb.exe
  C:\Windows\System\XaxWLdb.exe
  2⤵
  PID:5292
- C:\Windows\System\BIhoiXr.exe
  C:\Windows\System\BIhoiXr.exe
  2⤵
  PID:5308
- C:\Windows\System\PbBElaZ.exe
  C:\Windows\System\PbBElaZ.exe
  2⤵
  PID:5324
- C:\Windows\System\hPuhqUJ.exe
  C:\Windows\System\hPuhqUJ.exe
  2⤵
  PID:5340
- C:\Windows\System\NOuUAnn.exe
  C:\Windows\System\NOuUAnn.exe
  2⤵
  PID:5356
- C:\Windows\System\VCWmlWx.exe
  C:\Windows\System\VCWmlWx.exe
  2⤵
  PID:5372
- C:\Windows\System\VXUulto.exe
  C:\Windows\System\VXUulto.exe
  2⤵
  PID:5388
- C:\Windows\System\DjcMUuK.exe
  C:\Windows\System\DjcMUuK.exe
  2⤵
  PID:5404
- C:\Windows\System\TVdHJRB.exe
  C:\Windows\System\TVdHJRB.exe
  2⤵
  PID:5420
- C:\Windows\System\NlBlxfs.exe
  C:\Windows\System\NlBlxfs.exe
  2⤵
  PID:5436
- C:\Windows\System\uqahxEl.exe
  C:\Windows\System\uqahxEl.exe
  2⤵
  PID:5452
- C:\Windows\System\gPMpEke.exe
  C:\Windows\System\gPMpEke.exe
  2⤵
  PID:5468
- C:\Windows\System\DnHiwJb.exe
  C:\Windows\System\DnHiwJb.exe
  2⤵
  PID:5484
- C:\Windows\System\yeVnajj.exe
  C:\Windows\System\yeVnajj.exe
  2⤵
  PID:5500
- C:\Windows\System\yhxLoSA.exe
  C:\Windows\System\yhxLoSA.exe
  2⤵
  PID:5516
- C:\Windows\System\mFeTozo.exe
  C:\Windows\System\mFeTozo.exe
  2⤵
  PID:5532
- C:\Windows\System\Azhpiqg.exe
  C:\Windows\System\Azhpiqg.exe
  2⤵
  PID:5548
- C:\Windows\System\LWQKhIx.exe
  C:\Windows\System\LWQKhIx.exe
  2⤵
  PID:5564
- C:\Windows\System\zzTvvJG.exe
  C:\Windows\System\zzTvvJG.exe
  2⤵
  PID:5580
- C:\Windows\System\caHzRnc.exe
  C:\Windows\System\caHzRnc.exe
  2⤵
  PID:5596
- C:\Windows\System\eXHnCXA.exe
  C:\Windows\System\eXHnCXA.exe
  2⤵
  PID:5612
- C:\Windows\System\ZmuuwpT.exe
  C:\Windows\System\ZmuuwpT.exe
  2⤵
  PID:5628
- C:\Windows\System\pcoMPpB.exe
  C:\Windows\System\pcoMPpB.exe
  2⤵
  PID:5644
- C:\Windows\System\YCzRmnF.exe
  C:\Windows\System\YCzRmnF.exe
  2⤵
  PID:5660
- C:\Windows\System\yXUyCau.exe
  C:\Windows\System\yXUyCau.exe
  2⤵
  PID:5676
- C:\Windows\System\jdOzLQV.exe
  C:\Windows\System\jdOzLQV.exe
  2⤵
  PID:5692
- C:\Windows\System\FSlQoKY.exe
  C:\Windows\System\FSlQoKY.exe
  2⤵
  PID:5708
- C:\Windows\System\MLDhxgR.exe
  C:\Windows\System\MLDhxgR.exe
  2⤵
  PID:5724
- C:\Windows\System\qTEJsea.exe
  C:\Windows\System\qTEJsea.exe
  2⤵
  PID:5740
- C:\Windows\System\ZIQdWcm.exe
  C:\Windows\System\ZIQdWcm.exe
  2⤵
  PID:5756
- C:\Windows\System\eToHQqh.exe
  C:\Windows\System\eToHQqh.exe
  2⤵
  PID:5772
- C:\Windows\System\EUUoSEw.exe
  C:\Windows\System\EUUoSEw.exe
  2⤵
  PID:5788
- C:\Windows\System\LAgxtAo.exe
  C:\Windows\System\LAgxtAo.exe
  2⤵
  PID:5804
- C:\Windows\System\htasbDJ.exe
  C:\Windows\System\htasbDJ.exe
  2⤵
  PID:5820
- C:\Windows\System\TeOExVF.exe
  C:\Windows\System\TeOExVF.exe
  2⤵
  PID:5836
- C:\Windows\System\IzMXXSm.exe
  C:\Windows\System\IzMXXSm.exe
  2⤵
  PID:5852
- C:\Windows\System\HyTHVoE.exe
  C:\Windows\System\HyTHVoE.exe
  2⤵
  PID:5868
- C:\Windows\System\IqcopJT.exe
  C:\Windows\System\IqcopJT.exe
  2⤵
  PID:5884
- C:\Windows\System\MHHSFSv.exe
  C:\Windows\System\MHHSFSv.exe
  2⤵
  PID:5900
- C:\Windows\System\IerxoyB.exe
  C:\Windows\System\IerxoyB.exe
  2⤵
  PID:5916
- C:\Windows\System\xmwVjul.exe
  C:\Windows\System\xmwVjul.exe
  2⤵
  PID:5932
- C:\Windows\System\DTmdgJz.exe
  C:\Windows\System\DTmdgJz.exe
  2⤵
  PID:5948
- C:\Windows\System\eSWGabL.exe
  C:\Windows\System\eSWGabL.exe
  2⤵
  PID:5964
- C:\Windows\System\blXaquz.exe
  C:\Windows\System\blXaquz.exe
  2⤵
  PID:5980
- C:\Windows\System\phQpeXE.exe
  C:\Windows\System\phQpeXE.exe
  2⤵
  PID:5996
- C:\Windows\System\JChprGq.exe
  C:\Windows\System\JChprGq.exe
  2⤵
  PID:6012
- C:\Windows\System\byssTxk.exe
  C:\Windows\System\byssTxk.exe
  2⤵
  PID:6028
- C:\Windows\System\JKxGPdb.exe
  C:\Windows\System\JKxGPdb.exe
  2⤵
  PID:6044
- C:\Windows\System\RdwuVkT.exe
  C:\Windows\System\RdwuVkT.exe
  2⤵
  PID:6060
- C:\Windows\System\dQsALXk.exe
  C:\Windows\System\dQsALXk.exe
  2⤵
  PID:6076
- C:\Windows\System\qBelBCa.exe
  C:\Windows\System\qBelBCa.exe
  2⤵
  PID:6092
- C:\Windows\System\rpflebA.exe
  C:\Windows\System\rpflebA.exe
  2⤵
  PID:6108
- C:\Windows\System\onZgqzL.exe
  C:\Windows\System\onZgqzL.exe
  2⤵
  PID:6124
- C:\Windows\System\fjVjJCA.exe
  C:\Windows\System\fjVjJCA.exe
  2⤵
  PID:6140
- C:\Windows\System\MOpyQaP.exe
  C:\Windows\System\MOpyQaP.exe
  2⤵
  PID:820
- C:\Windows\System\hShMxOQ.exe
  C:\Windows\System\hShMxOQ.exe
  2⤵
  PID:5204
- C:\Windows\System\DDlRehy.exe
  C:\Windows\System\DDlRehy.exe
  2⤵
  PID:1352
- C:\Windows\System\dUEtQli.exe
  C:\Windows\System\dUEtQli.exe
  2⤵
  PID:5168
- C:\Windows\System\cbDaBpO.exe
  C:\Windows\System\cbDaBpO.exe
  2⤵
  PID:5304
- C:\Windows\System\cfYRuGy.exe
  C:\Windows\System\cfYRuGy.exe
  2⤵
  PID:5184
- C:\Windows\System\jcyrsoN.exe
  C:\Windows\System\jcyrsoN.exe
  2⤵
  PID:5248
- C:\Windows\System\iLZcwbj.exe
  C:\Windows\System\iLZcwbj.exe
  2⤵
  PID:5336
- C:\Windows\System\WzcjdHu.exe
  C:\Windows\System\WzcjdHu.exe
  2⤵
  PID:5284
- C:\Windows\System\tKtTHhh.exe
  C:\Windows\System\tKtTHhh.exe
  2⤵
  PID:5320
- C:\Windows\System\JkfHvrV.exe
  C:\Windows\System\JkfHvrV.exe
  2⤵
  PID:5384
- C:\Windows\System\tbJLZhc.exe
  C:\Windows\System\tbJLZhc.exe
  2⤵
  PID:5464
- C:\Windows\System\CBdJKEd.exe
  C:\Windows\System\CBdJKEd.exe
  2⤵
  PID:5524
- C:\Windows\System\juWORtV.exe
  C:\Windows\System\juWORtV.exe
  2⤵
  PID:5588
- C:\Windows\System\DPdxvfD.exe
  C:\Windows\System\DPdxvfD.exe
  2⤵
  PID:5652
- C:\Windows\System\XnLDiAi.exe
  C:\Windows\System\XnLDiAi.exe
  2⤵
  PID:5576
- C:\Windows\System\knTELFd.exe
  C:\Windows\System\knTELFd.exe
  2⤵
  PID:5508
- C:\Windows\System\qjxZnMy.exe
  C:\Windows\System\qjxZnMy.exe
  2⤵
  PID:5572
- C:\Windows\System\jAqhzNf.exe
  C:\Windows\System\jAqhzNf.exe
  2⤵
  PID:5672
- C:\Windows\System\QJPcmlF.exe
  C:\Windows\System\QJPcmlF.exe
  2⤵
  PID:5736
- C:\Windows\System\uyEluTh.exe
  C:\Windows\System\uyEluTh.exe
  2⤵
  PID:5748
- C:\Windows\System\QQFyMqI.exe
  C:\Windows\System\QQFyMqI.exe
  2⤵
  PID:5812
- C:\Windows\System\VzJhjIy.exe
  C:\Windows\System\VzJhjIy.exe
  2⤵
  PID:5848
- C:\Windows\System\GrOcpsZ.exe
  C:\Windows\System\GrOcpsZ.exe
  2⤵
  PID:5764
- C:\Windows\System\jhkITIP.exe
  C:\Windows\System\jhkITIP.exe
  2⤵
  PID:5940
- C:\Windows\System\GrgOWmb.exe
  C:\Windows\System\GrgOWmb.exe
  2⤵
  PID:5892
- C:\Windows\System\aXiiyLX.exe
  C:\Windows\System\aXiiyLX.exe
  2⤵
  PID:5832
- C:\Windows\System\xOEjYDF.exe
  C:\Windows\System\xOEjYDF.exe
  2⤵
  PID:5928
- C:\Windows\System\iRpmjJL.exe
  C:\Windows\System\iRpmjJL.exe
  2⤵
  PID:3680
- C:\Windows\System\VWcGZVs.exe
  C:\Windows\System\VWcGZVs.exe
  2⤵
  PID:6024
- C:\Windows\System\aDNVZYq.exe
  C:\Windows\System\aDNVZYq.exe
  2⤵
  PID:6088
- C:\Windows\System\mmEIGbn.exe
  C:\Windows\System\mmEIGbn.exe
  2⤵
  PID:6132
- C:\Windows\System\oTcRfzC.exe
  C:\Windows\System\oTcRfzC.exe
  2⤵
  PID:5140
- C:\Windows\System\pxYFZZP.exe
  C:\Windows\System\pxYFZZP.exe
  2⤵
  PID:6072
- C:\Windows\System\aSLWjcZ.exe
  C:\Windows\System\aSLWjcZ.exe
  2⤵
  PID:4276
- C:\Windows\System\fyswAbY.exe
  C:\Windows\System\fyswAbY.exe
  2⤵
  PID:5156
- C:\Windows\System\pfCzxwm.exe
  C:\Windows\System\pfCzxwm.exe
  2⤵
  PID:5316
- C:\Windows\System\HyCSOco.exe
  C:\Windows\System\HyCSOco.exe
  2⤵
  PID:5416
- C:\Windows\System\EfpgpAz.exe
  C:\Windows\System\EfpgpAz.exe
  2⤵
  PID:5540
- C:\Windows\System\vcJeqIa.exe
  C:\Windows\System\vcJeqIa.exe
  2⤵
  PID:5668
- C:\Windows\System\vfacFkI.exe
  C:\Windows\System\vfacFkI.exe
  2⤵
  PID:5380
- C:\Windows\System\nysAuLe.exe
  C:\Windows\System\nysAuLe.exe
  2⤵
  PID:5784
- C:\Windows\System\wMqKRNb.exe
  C:\Windows\System\wMqKRNb.exe
  2⤵
  PID:5944
- C:\Windows\System\IsdWxGL.exe
  C:\Windows\System\IsdWxGL.exe
  2⤵
  PID:6020
- C:\Windows\System\gftfBoh.exe
  C:\Windows\System\gftfBoh.exe
  2⤵
  PID:5640
- C:\Windows\System\oZgmmki.exe
  C:\Windows\System\oZgmmki.exe
  2⤵
  PID:5264
- C:\Windows\System\hJnkeMV.exe
  C:\Windows\System\hJnkeMV.exe
  2⤵
  PID:5496
- C:\Windows\System\VMNAuZZ.exe
  C:\Windows\System\VMNAuZZ.exe
  2⤵
  PID:5480
- C:\Windows\System\rKvJdRa.exe
  C:\Windows\System\rKvJdRa.exe
  2⤵
  PID:5716
- C:\Windows\System\ZparZJI.exe
  C:\Windows\System\ZparZJI.exe
  2⤵
  PID:5828
- C:\Windows\System\qXENrfz.exe
  C:\Windows\System\qXENrfz.exe
  2⤵
  PID:6084
- C:\Windows\System\yBJOefy.exe
  C:\Windows\System\yBJOefy.exe
  2⤵
  PID:5152
- C:\Windows\System\NmUxsoT.exe
  C:\Windows\System\NmUxsoT.exe
  2⤵
  PID:5268
- C:\Windows\System\UYpgDzM.exe
  C:\Windows\System\UYpgDzM.exe
  2⤵
  PID:5924
- C:\Windows\System\WaCrgPb.exe
  C:\Windows\System\WaCrgPb.exe
  2⤵
  PID:5560
- C:\Windows\System\nqYcYiY.exe
  C:\Windows\System\nqYcYiY.exe
  2⤵
  PID:5300
- C:\Windows\System\KfSftpO.exe
  C:\Windows\System\KfSftpO.exe
  2⤵
  PID:5200
- C:\Windows\System\weXtGWP.exe
  C:\Windows\System\weXtGWP.exe
  2⤵
  PID:5544
- C:\Windows\System\vCRzFyg.exe
  C:\Windows\System\vCRzFyg.exe
  2⤵
  PID:6104
- C:\Windows\System\xQbAqsI.exe
  C:\Windows\System\xQbAqsI.exe
  2⤵
  PID:5844
- C:\Windows\System\urbOjuK.exe
  C:\Windows\System\urbOjuK.exe
  2⤵
  PID:6120
- C:\Windows\System\WxradLz.exe
  C:\Windows\System\WxradLz.exe
  2⤵
  PID:5768
- C:\Windows\System\kelCXIa.exe
  C:\Windows\System\kelCXIa.exe
  2⤵
  PID:5368
- C:\Windows\System\nscIAjB.exe
  C:\Windows\System\nscIAjB.exe
  2⤵
  PID:5476
- C:\Windows\System\sPGRNQV.exe
  C:\Windows\System\sPGRNQV.exe
  2⤵
  PID:5976
- C:\Windows\System\YznHykx.exe
  C:\Windows\System\YznHykx.exe
  2⤵
  PID:6156
- C:\Windows\System\wJDLpbQ.exe
  C:\Windows\System\wJDLpbQ.exe
  2⤵
  PID:6172
- C:\Windows\System\ZTGLqAb.exe
  C:\Windows\System\ZTGLqAb.exe
  2⤵
  PID:6188
- C:\Windows\System\ghFcqRA.exe
  C:\Windows\System\ghFcqRA.exe
  2⤵
  PID:6204
- C:\Windows\System\UMMTNGv.exe
  C:\Windows\System\UMMTNGv.exe
  2⤵
  PID:6220
- C:\Windows\System\AYKFkkF.exe
  C:\Windows\System\AYKFkkF.exe
  2⤵
  PID:6236
- C:\Windows\System\ayQrynj.exe
  C:\Windows\System\ayQrynj.exe
  2⤵
  PID:6252
- C:\Windows\System\eTwvaxN.exe
  C:\Windows\System\eTwvaxN.exe
  2⤵
  PID:6268
- C:\Windows\System\sdsHXao.exe
  C:\Windows\System\sdsHXao.exe
  2⤵
  PID:6284
- C:\Windows\System\BhktMyl.exe
  C:\Windows\System\BhktMyl.exe
  2⤵
  PID:6300
- C:\Windows\System\iSaESqS.exe
  C:\Windows\System\iSaESqS.exe
  2⤵
  PID:6316
- C:\Windows\System\IxemBII.exe
  C:\Windows\System\IxemBII.exe
  2⤵
  PID:6332
- C:\Windows\System\TllMSZp.exe
  C:\Windows\System\TllMSZp.exe
  2⤵
  PID:6348
- C:\Windows\System\qsavaGC.exe
  C:\Windows\System\qsavaGC.exe
  2⤵
  PID:6364
- C:\Windows\System\HaBcpbN.exe
  C:\Windows\System\HaBcpbN.exe
  2⤵
  PID:6380
- C:\Windows\System\pFIkULi.exe
  C:\Windows\System\pFIkULi.exe
  2⤵
  PID:6396
- C:\Windows\System\dNdNyUM.exe
  C:\Windows\System\dNdNyUM.exe
  2⤵
  PID:6412
- C:\Windows\System\WdwniCd.exe
  C:\Windows\System\WdwniCd.exe
  2⤵
  PID:6428
- C:\Windows\System\kHfxziy.exe
  C:\Windows\System\kHfxziy.exe
  2⤵
  PID:6444
- C:\Windows\System\NQWUEmb.exe
  C:\Windows\System\NQWUEmb.exe
  2⤵
  PID:6460
- C:\Windows\System\exVRbGv.exe
  C:\Windows\System\exVRbGv.exe
  2⤵
  PID:6476
- C:\Windows\System\EtmmJiK.exe
  C:\Windows\System\EtmmJiK.exe
  2⤵
  PID:6492
- C:\Windows\System\eKfllRZ.exe
  C:\Windows\System\eKfllRZ.exe
  2⤵
  PID:6508
- C:\Windows\System\tWCmJki.exe
  C:\Windows\System\tWCmJki.exe
  2⤵
  PID:6524
- C:\Windows\System\tbvYWlQ.exe
  C:\Windows\System\tbvYWlQ.exe
  2⤵
  PID:6540
- C:\Windows\System\zuLmmXJ.exe
  C:\Windows\System\zuLmmXJ.exe
  2⤵
  PID:6556
- C:\Windows\System\UnKeHGm.exe
  C:\Windows\System\UnKeHGm.exe
  2⤵
  PID:6572
- C:\Windows\System\gOcgvBO.exe
  C:\Windows\System\gOcgvBO.exe
  2⤵
  PID:6588
- C:\Windows\System\iCrqQrT.exe
  C:\Windows\System\iCrqQrT.exe
  2⤵
  PID:6604
- C:\Windows\System\akKoIzv.exe
  C:\Windows\System\akKoIzv.exe
  2⤵
  PID:6620
- C:\Windows\System\ZpDlaSq.exe
  C:\Windows\System\ZpDlaSq.exe
  2⤵
  PID:6636
- C:\Windows\System\sOXhKpS.exe
  C:\Windows\System\sOXhKpS.exe
  2⤵
  PID:6652
- C:\Windows\System\xycZlLn.exe
  C:\Windows\System\xycZlLn.exe
  2⤵
  PID:6668
- C:\Windows\System\FQzGomf.exe
  C:\Windows\System\FQzGomf.exe
  2⤵
  PID:6684
- C:\Windows\System\gffuIUX.exe
  C:\Windows\System\gffuIUX.exe
  2⤵
  PID:6700
- C:\Windows\System\hqvZjtZ.exe
  C:\Windows\System\hqvZjtZ.exe
  2⤵
  PID:6716
- C:\Windows\System\YpoYDHb.exe
  C:\Windows\System\YpoYDHb.exe
  2⤵
  PID:6732
- C:\Windows\System\DvEeiaY.exe
  C:\Windows\System\DvEeiaY.exe
  2⤵
  PID:6748
- C:\Windows\System\hunfmwB.exe
  C:\Windows\System\hunfmwB.exe
  2⤵
  PID:6764
- C:\Windows\System\dnqHOEY.exe
  C:\Windows\System\dnqHOEY.exe
  2⤵
  PID:6780
- C:\Windows\System\EerIaTL.exe
  C:\Windows\System\EerIaTL.exe
  2⤵
  PID:6796
- C:\Windows\System\UGXjXSY.exe
  C:\Windows\System\UGXjXSY.exe
  2⤵
  PID:6812
- C:\Windows\System\vDJZGgM.exe
  C:\Windows\System\vDJZGgM.exe
  2⤵
  PID:6828
- C:\Windows\System\vWIZmDj.exe
  C:\Windows\System\vWIZmDj.exe
  2⤵
  PID:6844
- C:\Windows\System\bQtPfBj.exe
  C:\Windows\System\bQtPfBj.exe
  2⤵
  PID:6860
- C:\Windows\System\hsCrmiG.exe
  C:\Windows\System\hsCrmiG.exe
  2⤵
  PID:6876
- C:\Windows\System\Zdvdpya.exe
  C:\Windows\System\Zdvdpya.exe
  2⤵
  PID:6892
- C:\Windows\System\AhFporJ.exe
  C:\Windows\System\AhFporJ.exe
  2⤵
  PID:6908
- C:\Windows\System\VzYhHIR.exe
  C:\Windows\System\VzYhHIR.exe
  2⤵
  PID:6924
- C:\Windows\System\jwbQpYD.exe
  C:\Windows\System\jwbQpYD.exe
  2⤵
  PID:6940
- C:\Windows\System\nxuAUvp.exe
  C:\Windows\System\nxuAUvp.exe
  2⤵
  PID:6956
- C:\Windows\System\sKuUjCi.exe
  C:\Windows\System\sKuUjCi.exe
  2⤵
  PID:6972
- C:\Windows\System\eoOoQqF.exe
  C:\Windows\System\eoOoQqF.exe
  2⤵
  PID:6988
- C:\Windows\System\gENLZiz.exe
  C:\Windows\System\gENLZiz.exe
  2⤵
  PID:7004
- C:\Windows\System\ghkffMP.exe
  C:\Windows\System\ghkffMP.exe
  2⤵
  PID:7020
- C:\Windows\System\bwzgCnt.exe
  C:\Windows\System\bwzgCnt.exe
  2⤵
  PID:7036
- C:\Windows\System\XraUych.exe
  C:\Windows\System\XraUych.exe
  2⤵
  PID:7052
- C:\Windows\System\sqeCSGb.exe
  C:\Windows\System\sqeCSGb.exe
  2⤵
  PID:7068
- C:\Windows\System\bZoeHQV.exe
  C:\Windows\System\bZoeHQV.exe
  2⤵
  PID:7084
- C:\Windows\System\GnoafvU.exe
  C:\Windows\System\GnoafvU.exe
  2⤵
  PID:7100
- C:\Windows\System\qBttoln.exe
  C:\Windows\System\qBttoln.exe
  2⤵
  PID:7116
- C:\Windows\System\JSfXbLJ.exe
  C:\Windows\System\JSfXbLJ.exe
  2⤵
  PID:7132
- C:\Windows\System\GkSGooZ.exe
  C:\Windows\System\GkSGooZ.exe
  2⤵
  PID:7148
- C:\Windows\System\MwOtOZg.exe
  C:\Windows\System\MwOtOZg.exe
  2⤵
  PID:7164
- C:\Windows\System\JTWwkyx.exe
  C:\Windows\System\JTWwkyx.exe
  2⤵
  PID:6148
- C:\Windows\System\oKIlxWl.exe
  C:\Windows\System\oKIlxWl.exe
  2⤵
  PID:6212
- C:\Windows\System\XqnOUoI.exe
  C:\Windows\System\XqnOUoI.exe
  2⤵
  PID:6276
- C:\Windows\System\HCGqwBd.exe
  C:\Windows\System\HCGqwBd.exe
  2⤵
  PID:6372
- C:\Windows\System\pieuYkA.exe
  C:\Windows\System\pieuYkA.exe
  2⤵
  PID:6436
- C:\Windows\System\eVQCUOK.exe
  C:\Windows\System\eVQCUOK.exe
  2⤵
  PID:6468
- C:\Windows\System\UTASZoE.exe
  C:\Windows\System\UTASZoE.exe
  2⤵
  PID:6532
- C:\Windows\System\CDzcKTp.exe
  C:\Windows\System\CDzcKTp.exe
  2⤵
  PID:6568
- C:\Windows\System\FnYrwku.exe
  C:\Windows\System\FnYrwku.exe
  2⤵
  PID:6328
- C:\Windows\System\hRyJOZT.exe
  C:\Windows\System\hRyJOZT.exe
  2⤵
  PID:6360
- C:\Windows\System\EmOGPFH.exe
  C:\Windows\System\EmOGPFH.exe
  2⤵
  PID:6548
- C:\Windows\System\NTviUfl.exe
  C:\Windows\System\NTviUfl.exe
  2⤵
  PID:6600
- C:\Windows\System\YAaHIrm.exe
  C:\Windows\System\YAaHIrm.exe
  2⤵
  PID:6292
- C:\Windows\System\WpOOfYW.exe
  C:\Windows\System\WpOOfYW.exe
  2⤵
  PID:6168
- C:\Windows\System\fIzogju.exe
  C:\Windows\System\fIzogju.exe
  2⤵
  PID:6296
- C:\Windows\System\mKbVZIr.exe
  C:\Windows\System\mKbVZIr.exe
  2⤵
  PID:6456
- C:\Windows\System\OOGNbDI.exe
  C:\Windows\System\OOGNbDI.exe
  2⤵
  PID:6632
- C:\Windows\System\RIioTEI.exe
  C:\Windows\System\RIioTEI.exe
  2⤵
  PID:6648
- C:\Windows\System\RoFgqVQ.exe
  C:\Windows\System\RoFgqVQ.exe
  2⤵
  PID:6680
- C:\Windows\System\jkBPImT.exe
  C:\Windows\System\jkBPImT.exe
  2⤵
  PID:6724
- C:\Windows\System\oLfyBFu.exe
  C:\Windows\System\oLfyBFu.exe
  2⤵
  PID:6740
- C:\Windows\System\cnEhhyS.exe
  C:\Windows\System\cnEhhyS.exe
  2⤵
  PID:6776
- C:\Windows\System\UklaubQ.exe
  C:\Windows\System\UklaubQ.exe
  2⤵
  PID:6852
- C:\Windows\System\EcFiuAk.exe
  C:\Windows\System\EcFiuAk.exe
  2⤵
  PID:6888
- C:\Windows\System\HCJXuKv.exe
  C:\Windows\System\HCJXuKv.exe
  2⤵
  PID:6952
- C:\Windows\System\kbcRAJh.exe
  C:\Windows\System\kbcRAJh.exe
  2⤵
  PID:6900
- C:\Windows\System\EUGfAPO.exe
  C:\Windows\System\EUGfAPO.exe
  2⤵
  PID:6868
- C:\Windows\System\lNnqBWo.exe
  C:\Windows\System\lNnqBWo.exe
  2⤵
  PID:6984
- C:\Windows\System\VPdwdHz.exe
  C:\Windows\System\VPdwdHz.exe
  2⤵
  PID:6964
- C:\Windows\System\wGippGB.exe
  C:\Windows\System\wGippGB.exe
  2⤵
  PID:7000
- C:\Windows\System\kCCWTZz.exe
  C:\Windows\System\kCCWTZz.exe
  2⤵
  PID:7076
- C:\Windows\System\IuPNFgb.exe
  C:\Windows\System\IuPNFgb.exe
  2⤵
  PID:7096
- C:\Windows\System\ghNcxqS.exe
  C:\Windows\System\ghNcxqS.exe
  2⤵
  PID:7140
- C:\Windows\System\fQzFahz.exe
  C:\Windows\System\fQzFahz.exe
  2⤵
  PID:7160
- C:\Windows\System\rBpPjMu.exe
  C:\Windows\System\rBpPjMu.exe
  2⤵
  PID:6404
- C:\Windows\System\wNpHlDX.exe
  C:\Windows\System\wNpHlDX.exe
  2⤵
  PID:6244
- C:\Windows\System\CtvgbdG.exe
  C:\Windows\System\CtvgbdG.exe
  2⤵
  PID:6488
- C:\Windows\System\AYxBVFQ.exe
  C:\Windows\System\AYxBVFQ.exe
  2⤵
  PID:6344
- C:\Windows\System\BzAMvdS.exe
  C:\Windows\System\BzAMvdS.exe
  2⤵
  PID:6440
- C:\Windows\System\kMYnOXA.exe
  C:\Windows\System\kMYnOXA.exe
  2⤵
  PID:6356
- C:\Windows\System\hcePovW.exe
  C:\Windows\System\hcePovW.exe
  2⤵
  PID:6516
- C:\Windows\System\zrNzWDY.exe
  C:\Windows\System\zrNzWDY.exe
  2⤵
  PID:6692
- C:\Windows\System\DjQmeJu.exe
  C:\Windows\System\DjQmeJu.exe
  2⤵
  PID:6824
- C:\Windows\System\igGAcon.exe
  C:\Windows\System\igGAcon.exe
  2⤵
  PID:6840
- C:\Windows\System\aAVNQhj.exe
  C:\Windows\System\aAVNQhj.exe
  2⤵
  PID:7048
- C:\Windows\System\mMrghrk.exe
  C:\Windows\System\mMrghrk.exe
  2⤵
  PID:5124
- C:\Windows\System\RglMRgU.exe
  C:\Windows\System\RglMRgU.exe
  2⤵
  PID:6712
- C:\Windows\System\TltfOXs.exe
  C:\Windows\System\TltfOXs.exe
  2⤵
  PID:6164
- C:\Windows\System\gnHTiVA.exe
  C:\Windows\System\gnHTiVA.exe
  2⤵
  PID:5288
- C:\Windows\System\fGvjYmO.exe
  C:\Windows\System\fGvjYmO.exe
  2⤵
  PID:6340
- C:\Windows\System\RBBPxSx.exe
  C:\Windows\System\RBBPxSx.exe
  2⤵
  PID:6452
- C:\Windows\System\lUpHLgo.exe
  C:\Windows\System\lUpHLgo.exe
  2⤵
  PID:7128
- C:\Windows\System\hIIpkRy.exe
  C:\Windows\System\hIIpkRy.exe
  2⤵
  PID:2304
- C:\Windows\System\uCvgdTH.exe
  C:\Windows\System\uCvgdTH.exe
  2⤵
  PID:6980
- C:\Windows\System\YyHiDuk.exe
  C:\Windows\System\YyHiDuk.exe
  2⤵
  PID:6504
- C:\Windows\System\gKtjvzg.exe
  C:\Windows\System\gKtjvzg.exe
  2⤵
  PID:6808
- C:\Windows\System\ZssajuN.exe
  C:\Windows\System\ZssajuN.exe
  2⤵
  PID:7124
- C:\Windows\System\YFnicqz.exe
  C:\Windows\System\YFnicqz.exe
  2⤵
  PID:6708
- C:\Windows\System\CHwuJyG.exe
  C:\Windows\System\CHwuJyG.exe
  2⤵
  PID:6392
- C:\Windows\System\YJZyroZ.exe
  C:\Windows\System\YJZyroZ.exe
  2⤵
  PID:5864
- C:\Windows\System\IWKahfa.exe
  C:\Windows\System\IWKahfa.exe
  2⤵
  PID:7092
- C:\Windows\System\raboCUl.exe
  C:\Windows\System\raboCUl.exe
  2⤵
  PID:6936
- C:\Windows\System\kvJWxSb.exe
  C:\Windows\System\kvJWxSb.exe
  2⤵
  PID:7112
- C:\Windows\System\lXQmOkY.exe
  C:\Windows\System\lXQmOkY.exe
  2⤵
  PID:6232
- C:\Windows\System\eOlqAyz.exe
  C:\Windows\System\eOlqAyz.exe
  2⤵
  PID:6676
- C:\Windows\System\YteayBg.exe
  C:\Windows\System\YteayBg.exe
  2⤵
  PID:6628
- C:\Windows\System\HeGPEYW.exe
  C:\Windows\System\HeGPEYW.exe
  2⤵
  PID:7184
- C:\Windows\System\aassXRX.exe
  C:\Windows\System\aassXRX.exe
  2⤵
  PID:7200
- C:\Windows\System\LUumpRI.exe
  C:\Windows\System\LUumpRI.exe
  2⤵
  PID:7216
- C:\Windows\System\lyMXwrv.exe
  C:\Windows\System\lyMXwrv.exe
  2⤵
  PID:7232
- C:\Windows\System\erEIdZU.exe
  C:\Windows\System\erEIdZU.exe
  2⤵
  PID:7248
- C:\Windows\System\oMNLyzZ.exe
  C:\Windows\System\oMNLyzZ.exe
  2⤵
  PID:7264
- C:\Windows\System\FvnCibi.exe
  C:\Windows\System\FvnCibi.exe
  2⤵
  PID:7280
- C:\Windows\System\AncyyNf.exe
  C:\Windows\System\AncyyNf.exe
  2⤵
  PID:7296
- C:\Windows\System\aLsazXh.exe
  C:\Windows\System\aLsazXh.exe
  2⤵
  PID:7312
- C:\Windows\System\aJDKRAt.exe
  C:\Windows\System\aJDKRAt.exe
  2⤵
  PID:7328
- C:\Windows\System\RpgAwoH.exe
  C:\Windows\System\RpgAwoH.exe
  2⤵
  PID:7348
- C:\Windows\System\sQYDkcV.exe
  C:\Windows\System\sQYDkcV.exe
  2⤵
  PID:7364
- C:\Windows\System\OEdPhvG.exe
  C:\Windows\System\OEdPhvG.exe
  2⤵
  PID:7380
- C:\Windows\System\ZpAIMgI.exe
  C:\Windows\System\ZpAIMgI.exe
  2⤵
  PID:7396
- C:\Windows\System\TuLUEga.exe
  C:\Windows\System\TuLUEga.exe
  2⤵
  PID:7412
- C:\Windows\System\WWrVgeN.exe
  C:\Windows\System\WWrVgeN.exe
  2⤵
  PID:7428
- C:\Windows\System\HjiMFPt.exe
  C:\Windows\System\HjiMFPt.exe
  2⤵
  PID:7444
- C:\Windows\System\UEHKErJ.exe
  C:\Windows\System\UEHKErJ.exe
  2⤵
  PID:7460
- C:\Windows\System\omTgPiN.exe
  C:\Windows\System\omTgPiN.exe
  2⤵
  PID:7480
- C:\Windows\System\yphlRxO.exe
  C:\Windows\System\yphlRxO.exe
  2⤵
  PID:7496
- C:\Windows\System\KlvXFBE.exe
  C:\Windows\System\KlvXFBE.exe
  2⤵
  PID:7516
- C:\Windows\System\UejfyCr.exe
  C:\Windows\System\UejfyCr.exe
  2⤵
  PID:7532
- C:\Windows\System\IUDlcCp.exe
  C:\Windows\System\IUDlcCp.exe
  2⤵
  PID:7548
- C:\Windows\System\rLZMbzP.exe
  C:\Windows\System\rLZMbzP.exe
  2⤵
  PID:7564
- C:\Windows\System\depRRub.exe
  C:\Windows\System\depRRub.exe
  2⤵
  PID:7584
- C:\Windows\System\dXFYYoA.exe
  C:\Windows\System\dXFYYoA.exe
  2⤵
  PID:7600
- C:\Windows\System\JkYISNe.exe
  C:\Windows\System\JkYISNe.exe
  2⤵
  PID:7616
- C:\Windows\System\aBbcFTC.exe
  C:\Windows\System\aBbcFTC.exe
  2⤵
  PID:7636
- C:\Windows\System\mDVfEeO.exe
  C:\Windows\System\mDVfEeO.exe
  2⤵
  PID:7652
- C:\Windows\System\aHugOrV.exe
  C:\Windows\System\aHugOrV.exe
  2⤵
  PID:7668
- C:\Windows\System\PHKMzGT.exe
  C:\Windows\System\PHKMzGT.exe
  2⤵
  PID:7688
- C:\Windows\System\UDycOFd.exe
  C:\Windows\System\UDycOFd.exe
  2⤵
  PID:7708
- C:\Windows\System\vbFcVTe.exe
  C:\Windows\System\vbFcVTe.exe
  2⤵
  PID:7724
- C:\Windows\System\eSOBhCz.exe
  C:\Windows\System\eSOBhCz.exe
  2⤵
  PID:7740
- C:\Windows\System\JGUtSdw.exe
  C:\Windows\System\JGUtSdw.exe
  2⤵
  PID:7756
- C:\Windows\System\mCwNoMp.exe
  C:\Windows\System\mCwNoMp.exe
  2⤵
  PID:7772
- C:\Windows\System\wqakirt.exe
  C:\Windows\System\wqakirt.exe
  2⤵
  PID:7788
- C:\Windows\System\hFAhlUY.exe
  C:\Windows\System\hFAhlUY.exe
  2⤵
  PID:7808
- C:\Windows\System\xSKGvoG.exe
  C:\Windows\System\xSKGvoG.exe
  2⤵
  PID:7828
- C:\Windows\System\SKbMeCp.exe
  C:\Windows\System\SKbMeCp.exe
  2⤵
  PID:7844
- C:\Windows\System\NohxBkM.exe
  C:\Windows\System\NohxBkM.exe
  2⤵
  PID:7860
- C:\Windows\System\YpBZHEN.exe
  C:\Windows\System\YpBZHEN.exe
  2⤵
  PID:7876
- C:\Windows\System\StbpTnI.exe
  C:\Windows\System\StbpTnI.exe
  2⤵
  PID:7892
- C:\Windows\System\gAmyIzy.exe
  C:\Windows\System\gAmyIzy.exe
  2⤵
  PID:7908
- C:\Windows\System\XKvkeyc.exe
  C:\Windows\System\XKvkeyc.exe
  2⤵
  PID:7924
- C:\Windows\System\qGHDDjL.exe
  C:\Windows\System\qGHDDjL.exe
  2⤵
  PID:7944
- C:\Windows\System\uKmUqJF.exe
  C:\Windows\System\uKmUqJF.exe
  2⤵
  PID:7960
- C:\Windows\System\igjCsZu.exe
  C:\Windows\System\igjCsZu.exe
  2⤵
  PID:7980
- C:\Windows\System\QOTcBfg.exe
  C:\Windows\System\QOTcBfg.exe
  2⤵
  PID:7996
- C:\Windows\System\SwICofz.exe
  C:\Windows\System\SwICofz.exe
  2⤵
  PID:8012
- C:\Windows\System\NxlUPBD.exe
  C:\Windows\System\NxlUPBD.exe
  2⤵
  PID:8040
- C:\Windows\System\GJrfNUb.exe
  C:\Windows\System\GJrfNUb.exe
  2⤵
  PID:8056
- C:\Windows\System\DyPMYxD.exe
  C:\Windows\System\DyPMYxD.exe
  2⤵
  PID:8072
- C:\Windows\System\jwmnHqz.exe
  C:\Windows\System\jwmnHqz.exe
  2⤵
  PID:8100
- C:\Windows\System\BXXIhRH.exe
  C:\Windows\System\BXXIhRH.exe
  2⤵
  PID:8120
- C:\Windows\System\PeAFYee.exe
  C:\Windows\System\PeAFYee.exe
  2⤵
  PID:8152
- C:\Windows\System\aJhfFXm.exe
  C:\Windows\System\aJhfFXm.exe
  2⤵
  PID:8168
- C:\Windows\System\SeZGoOc.exe
  C:\Windows\System\SeZGoOc.exe
  2⤵
  PID:8184
- C:\Windows\System\CYswmfS.exe
  C:\Windows\System\CYswmfS.exe
  2⤵
  PID:6932
- C:\Windows\System\uHVooBh.exe
  C:\Windows\System\uHVooBh.exe
  2⤵
  PID:6660
- C:\Windows\System\VBArMhP.exe
  C:\Windows\System\VBArMhP.exe
  2⤵
  PID:7228
- C:\Windows\System\YejlJaT.exe
  C:\Windows\System\YejlJaT.exe
  2⤵
  PID:7244
- C:\Windows\System\OYPbMqj.exe
  C:\Windows\System\OYPbMqj.exe
  2⤵
  PID:7276
- C:\Windows\System\vAALkBN.exe
  C:\Windows\System\vAALkBN.exe
  2⤵
  PID:7308
- C:\Windows\System\XzfWUeb.exe
  C:\Windows\System\XzfWUeb.exe
  2⤵
  PID:7324
- C:\Windows\System\fAJxTvM.exe
  C:\Windows\System\fAJxTvM.exe
  2⤵
  PID:7360
- C:\Windows\System\HnxpScG.exe
  C:\Windows\System\HnxpScG.exe
  2⤵
  PID:7388
- C:\Windows\System\JMibOfA.exe
  C:\Windows\System\JMibOfA.exe
  2⤵
  PID:7472
- C:\Windows\System\bODaCbu.exe
  C:\Windows\System\bODaCbu.exe
  2⤵
  PID:7456
- C:\Windows\System\HiUoMud.exe
  C:\Windows\System\HiUoMud.exe
  2⤵
  PID:7540
- C:\Windows\System\BRfkWqU.exe
  C:\Windows\System\BRfkWqU.exe
  2⤵
  PID:7556
- C:\Windows\System\iovqPia.exe
  C:\Windows\System\iovqPia.exe
  2⤵
  PID:7608
- C:\Windows\System\LwUgGgn.exe
  C:\Windows\System\LwUgGgn.exe
  2⤵
  PID:7644
- C:\Windows\System\pAQKvtu.exe
  C:\Windows\System\pAQKvtu.exe
  2⤵
  PID:7628
- C:\Windows\System\cxRzbvz.exe
  C:\Windows\System\cxRzbvz.exe
  2⤵
  PID:7684
- C:\Windows\System\unMqMLR.exe
  C:\Windows\System\unMqMLR.exe
  2⤵
  PID:7780
- C:\Windows\System\MnvbujX.exe
  C:\Windows\System\MnvbujX.exe
  2⤵
  PID:7784
- C:\Windows\System\hkTVPfF.exe
  C:\Windows\System\hkTVPfF.exe
  2⤵
  PID:7816
- C:\Windows\System\XggDDZS.exe
  C:\Windows\System\XggDDZS.exe
  2⤵
  PID:7856
- C:\Windows\System\DXRyahp.exe
  C:\Windows\System\DXRyahp.exe
  2⤵
  PID:7868
- C:\Windows\System\nacWaET.exe
  C:\Windows\System\nacWaET.exe
  2⤵
  PID:7920
- C:\Windows\System\ESWASJx.exe
  C:\Windows\System\ESWASJx.exe
  2⤵
  PID:7988
- C:\Windows\System\dBovfOs.exe
  C:\Windows\System\dBovfOs.exe
  2⤵
  PID:7972
- C:\Windows\System\kEQbUne.exe
  C:\Windows\System\kEQbUne.exe
  2⤵
  PID:8028
- C:\Windows\System\vsAbYkr.exe
  C:\Windows\System\vsAbYkr.exe
  2⤵
  PID:8064
- C:\Windows\System\tJfCpWK.exe
  C:\Windows\System\tJfCpWK.exe
  2⤵
  PID:8084
- C:\Windows\System\toqWOUY.exe
  C:\Windows\System\toqWOUY.exe
  2⤵
  PID:8128
- C:\Windows\System\WtuXLae.exe
  C:\Windows\System\WtuXLae.exe
  2⤵
  PID:8160
- C:\Windows\System\vYBVIdg.exe
  C:\Windows\System\vYBVIdg.exe
  2⤵
  PID:7208
- C:\Windows\System\kDwmASG.exe
  C:\Windows\System\kDwmASG.exe
  2⤵
  PID:7336
- C:\Windows\System\qKdBuvq.exe
  C:\Windows\System\qKdBuvq.exe
  2⤵
  PID:7488
- C:\Windows\System\SsegpKQ.exe
  C:\Windows\System\SsegpKQ.exe
  2⤵
  PID:7192
- C:\Windows\System\nlErTfb.exe
  C:\Windows\System\nlErTfb.exe
  2⤵
  PID:7304
- C:\Windows\System\mcDgGYC.exe
  C:\Windows\System\mcDgGYC.exe
  2⤵
  PID:7512
- C:\Windows\System\EAOWjyO.exe
  C:\Windows\System\EAOWjyO.exe
  2⤵
  PID:7292
- C:\Windows\System\MUeiHhN.exe
  C:\Windows\System\MUeiHhN.exe
  2⤵
  PID:7376
- C:\Windows\System\nOzIusm.exe
  C:\Windows\System\nOzIusm.exe
  2⤵
  PID:7572
- C:\Windows\System\nFMCWmY.exe
  C:\Windows\System\nFMCWmY.exe
  2⤵
  PID:7660
- C:\Windows\System\hTksdIY.exe
  C:\Windows\System\hTksdIY.exe
  2⤵
  PID:7700
- C:\Windows\System\MZasihK.exe
  C:\Windows\System\MZasihK.exe
  2⤵
  PID:7704
- C:\Windows\System\HEokKBq.exe
  C:\Windows\System\HEokKBq.exe
  2⤵
  PID:7852
- C:\Windows\System\SbvUfRQ.exe
  C:\Windows\System\SbvUfRQ.exe
  2⤵
  PID:7968
- C:\Windows\System\hqxwDll.exe
  C:\Windows\System\hqxwDll.exe
  2⤵
  PID:7940
- C:\Windows\System\fEuTvdN.exe
  C:\Windows\System\fEuTvdN.exe
  2⤵
  PID:8020
- C:\Windows\System\oOoxQOe.exe
  C:\Windows\System\oOoxQOe.exe
  2⤵
  PID:8116
- C:\Windows\System\VUUrjGW.exe
  C:\Windows\System\VUUrjGW.exe
  2⤵
  PID:7180
- C:\Windows\System\sWjCqUF.exe
  C:\Windows\System\sWjCqUF.exe
  2⤵
  PID:7580
- C:\Windows\System\zyWZxdr.exe
  C:\Windows\System\zyWZxdr.exe
  2⤵
  PID:7524
- C:\Windows\System\ZmdTMpj.exe
  C:\Windows\System\ZmdTMpj.exe
  2⤵
  PID:7224
- C:\Windows\System\yjEhscK.exe
  C:\Windows\System\yjEhscK.exe
  2⤵
  PID:7468
- C:\Windows\System\IvVkXzd.exe
  C:\Windows\System\IvVkXzd.exe
  2⤵
  PID:7680
- C:\Windows\System\kMDRxwt.exe
  C:\Windows\System\kMDRxwt.exe
  2⤵
  PID:7768
- C:\Windows\System\YbuvUbs.exe
  C:\Windows\System\YbuvUbs.exe
  2⤵
  PID:7840
- C:\Windows\System\yYScenA.exe
  C:\Windows\System\yYScenA.exe
  2⤵
  PID:7888
- C:\Windows\System\KusNBVk.exe
  C:\Windows\System\KusNBVk.exe
  2⤵
  PID:8048
- C:\Windows\System\XkBMzSn.exe
  C:\Windows\System\XkBMzSn.exe
  2⤵
  PID:7932
- C:\Windows\System\FBjiuoJ.exe
  C:\Windows\System\FBjiuoJ.exe
  2⤵
  PID:8096
- C:\Windows\System\jAdNmAq.exe
  C:\Windows\System\jAdNmAq.exe
  2⤵
  PID:7408
- C:\Windows\System\hsZJgBg.exe
  C:\Windows\System\hsZJgBg.exe
  2⤵
  PID:7576
- C:\Windows\System\NKaoUzz.exe
  C:\Windows\System\NKaoUzz.exe
  2⤵
  PID:7476
- C:\Windows\System\TrNhITj.exe
  C:\Windows\System\TrNhITj.exe
  2⤵
  PID:7716
- C:\Windows\System\fWrxTkF.exe
  C:\Windows\System\fWrxTkF.exe
  2⤵
  PID:7796
- C:\Windows\System\eKEkdZG.exe
  C:\Windows\System\eKEkdZG.exe
  2⤵
  PID:7992
- C:\Windows\System\WwGNprB.exe
  C:\Windows\System\WwGNprB.exe
  2⤵
  PID:7260
- C:\Windows\System\yhIzDUZ.exe
  C:\Windows\System\yhIzDUZ.exe
  2⤵
  PID:7752
- C:\Windows\System\wRhOPKu.exe
  C:\Windows\System\wRhOPKu.exe
  2⤵
  PID:1496
- C:\Windows\System\xkaDauo.exe
  C:\Windows\System\xkaDauo.exe
  2⤵
  PID:8068
- C:\Windows\System\lIeTjps.exe
  C:\Windows\System\lIeTjps.exe
  2⤵
  PID:7624
- C:\Windows\System\ohCaTWJ.exe
  C:\Windows\System\ohCaTWJ.exe
  2⤵
  PID:7240
- C:\Windows\System\sdjGRwz.exe
  C:\Windows\System\sdjGRwz.exe
  2⤵
  PID:8148
- C:\Windows\System\PPldKbv.exe
  C:\Windows\System\PPldKbv.exe
  2⤵
  PID:8196
- C:\Windows\System\bjHoTWZ.exe
  C:\Windows\System\bjHoTWZ.exe
  2⤵
  PID:8212
- C:\Windows\System\fzbUVBO.exe
  C:\Windows\System\fzbUVBO.exe
  2⤵
  PID:8228
- C:\Windows\System\vVZWKYl.exe
  C:\Windows\System\vVZWKYl.exe
  2⤵
  PID:8244
- C:\Windows\System\ECqrKWc.exe
  C:\Windows\System\ECqrKWc.exe
  2⤵
  PID:8260
- C:\Windows\System\LLpNELS.exe
  C:\Windows\System\LLpNELS.exe
  2⤵
  PID:8276
- C:\Windows\System\kuiTwXs.exe
  C:\Windows\System\kuiTwXs.exe
  2⤵
  PID:8292
- C:\Windows\System\krJpabh.exe
  C:\Windows\System\krJpabh.exe
  2⤵
  PID:8308
- C:\Windows\System\ULMvFiA.exe
  C:\Windows\System\ULMvFiA.exe
  2⤵
  PID:8324
- C:\Windows\System\OWGTXNJ.exe
  C:\Windows\System\OWGTXNJ.exe
  2⤵
  PID:8340
- C:\Windows\System\iJBVddX.exe
  C:\Windows\System\iJBVddX.exe
  2⤵
  PID:8356
- C:\Windows\System\qwtrNMe.exe
  C:\Windows\System\qwtrNMe.exe
  2⤵
  PID:8372
- C:\Windows\System\qBdtvrx.exe
  C:\Windows\System\qBdtvrx.exe
  2⤵
  PID:8388
- C:\Windows\System\KbPiKRi.exe
  C:\Windows\System\KbPiKRi.exe
  2⤵
  PID:8404
- C:\Windows\System\ndJSfzU.exe
  C:\Windows\System\ndJSfzU.exe
  2⤵
  PID:8420
- C:\Windows\System\TCdOhzM.exe
  C:\Windows\System\TCdOhzM.exe
  2⤵
  PID:8436
- C:\Windows\System\mtRRzln.exe
  C:\Windows\System\mtRRzln.exe
  2⤵
  PID:8452
- C:\Windows\System\AYNHyXC.exe
  C:\Windows\System\AYNHyXC.exe
  2⤵
  PID:8468
- C:\Windows\System\bGCCFor.exe
  C:\Windows\System\bGCCFor.exe
  2⤵
  PID:8484
- C:\Windows\System\gdRHMVt.exe
  C:\Windows\System\gdRHMVt.exe
  2⤵
  PID:8500
- C:\Windows\System\UvFImGK.exe
  C:\Windows\System\UvFImGK.exe
  2⤵
  PID:8516
- C:\Windows\System\ICLWouZ.exe
  C:\Windows\System\ICLWouZ.exe
  2⤵
  PID:8532
- C:\Windows\System\jbgTXRR.exe
  C:\Windows\System\jbgTXRR.exe
  2⤵
  PID:8548
- C:\Windows\System\fvwTxRW.exe
  C:\Windows\System\fvwTxRW.exe
  2⤵
  PID:8568
- C:\Windows\System\RJdnCya.exe
  C:\Windows\System\RJdnCya.exe
  2⤵
  PID:8584
- C:\Windows\System\PHMaIQa.exe
  C:\Windows\System\PHMaIQa.exe
  2⤵
  PID:8604
- C:\Windows\System\PbPLPou.exe
  C:\Windows\System\PbPLPou.exe
  2⤵
  PID:8620
- C:\Windows\System\yqeNSMH.exe
  C:\Windows\System\yqeNSMH.exe
  2⤵
  PID:8636
- C:\Windows\System\dwvZbDH.exe
  C:\Windows\System\dwvZbDH.exe
  2⤵
  PID:8652
- C:\Windows\System\YsbRxiD.exe
  C:\Windows\System\YsbRxiD.exe
  2⤵
  PID:8668
- C:\Windows\System\ZSzRzoh.exe
  C:\Windows\System\ZSzRzoh.exe
  2⤵
  PID:8684
- C:\Windows\System\LoGDoOI.exe
  C:\Windows\System\LoGDoOI.exe
  2⤵
  PID:8700
- C:\Windows\System\aVhtmFb.exe
  C:\Windows\System\aVhtmFb.exe
  2⤵
  PID:8716
- C:\Windows\System\AUpgilU.exe
  C:\Windows\System\AUpgilU.exe
  2⤵
  PID:8732
- C:\Windows\System\ZkCDjjF.exe
  C:\Windows\System\ZkCDjjF.exe
  2⤵
  PID:8752
- C:\Windows\System\liTuMno.exe
  C:\Windows\System\liTuMno.exe
  2⤵
  PID:8768
- C:\Windows\System\bodXErm.exe
  C:\Windows\System\bodXErm.exe
  2⤵
  PID:8784
- C:\Windows\System\QBcbiEm.exe
  C:\Windows\System\QBcbiEm.exe
  2⤵
  PID:8800
- C:\Windows\System\nsFfavA.exe
  C:\Windows\System\nsFfavA.exe
  2⤵
  PID:8816
- C:\Windows\System\iqQYVII.exe
  C:\Windows\System\iqQYVII.exe
  2⤵
  PID:8832
- C:\Windows\System\Skpewge.exe
  C:\Windows\System\Skpewge.exe
  2⤵
  PID:8848
- C:\Windows\System\znKjSiF.exe
  C:\Windows\System\znKjSiF.exe
  2⤵
  PID:8864
- C:\Windows\System\yhnioVA.exe
  C:\Windows\System\yhnioVA.exe
  2⤵
  PID:8880
- C:\Windows\System\YBOsrpK.exe
  C:\Windows\System\YBOsrpK.exe
  2⤵
  PID:8896
- C:\Windows\System\oMgFqhS.exe
  C:\Windows\System\oMgFqhS.exe
  2⤵
  PID:8912
- C:\Windows\System\VbXDbsN.exe
  C:\Windows\System\VbXDbsN.exe
  2⤵
  PID:8928
- C:\Windows\System\NVUTbes.exe
  C:\Windows\System\NVUTbes.exe
  2⤵
  PID:8944
- C:\Windows\System\lJZySLU.exe
  C:\Windows\System\lJZySLU.exe
  2⤵
  PID:8960
- C:\Windows\System\hAdnWzd.exe
  C:\Windows\System\hAdnWzd.exe
  2⤵
  PID:8976
- C:\Windows\System\ZMFmxEH.exe
  C:\Windows\System\ZMFmxEH.exe
  2⤵
  PID:8992
- C:\Windows\System\neXbFgN.exe
  C:\Windows\System\neXbFgN.exe
  2⤵
  PID:9008
- C:\Windows\System\YseEMhd.exe
  C:\Windows\System\YseEMhd.exe
  2⤵
  PID:9024
- C:\Windows\System\NoIKpZW.exe
  C:\Windows\System\NoIKpZW.exe
  2⤵
  PID:9040
- C:\Windows\System\iQriCNa.exe
  C:\Windows\System\iQriCNa.exe
  2⤵
  PID:9060
- C:\Windows\System\pjySGFM.exe
  C:\Windows\System\pjySGFM.exe
  2⤵
  PID:9076
- C:\Windows\System\HpAkjow.exe
  C:\Windows\System\HpAkjow.exe
  2⤵
  PID:9092
- C:\Windows\System\zRnKsuq.exe
  C:\Windows\System\zRnKsuq.exe
  2⤵
  PID:9108
- C:\Windows\System\IyQgRtJ.exe
  C:\Windows\System\IyQgRtJ.exe
  2⤵
  PID:9124
- C:\Windows\System\NoPCsnF.exe
  C:\Windows\System\NoPCsnF.exe
  2⤵
  PID:9140
- C:\Windows\System\odBdEdK.exe
  C:\Windows\System\odBdEdK.exe
  2⤵
  PID:9156
- C:\Windows\System\kPanZDd.exe
  C:\Windows\System\kPanZDd.exe
  2⤵
  PID:9172
- C:\Windows\System\eswXsud.exe
  C:\Windows\System\eswXsud.exe
  2⤵
  PID:9188
- C:\Windows\System\DnbgJJH.exe
  C:\Windows\System\DnbgJJH.exe
  2⤵
  PID:9204
- C:\Windows\System\bpFfIjE.exe
  C:\Windows\System\bpFfIjE.exe
  2⤵
  PID:8204
- C:\Windows\System\FzwOJXQ.exe
  C:\Windows\System\FzwOJXQ.exe
  2⤵
  PID:8252
- C:\Windows\System\NKVLQDm.exe
  C:\Windows\System\NKVLQDm.exe
  2⤵
  PID:8236
- C:\Windows\System\zLjqQEt.exe
  C:\Windows\System\zLjqQEt.exe
  2⤵
  PID:8316
- C:\Windows\System\AkVqrUt.exe
  C:\Windows\System\AkVqrUt.exe
  2⤵
  PID:8348
- C:\Windows\System\CmuRcKm.exe
  C:\Windows\System\CmuRcKm.exe
  2⤵
  PID:8412
- C:\Windows\System\zZfgHBB.exe
  C:\Windows\System\zZfgHBB.exe
  2⤵
  PID:8428
- C:\Windows\System\uAynNZf.exe
  C:\Windows\System\uAynNZf.exe
  2⤵
  PID:8448
- C:\Windows\System\qwvQKFX.exe
  C:\Windows\System\qwvQKFX.exe
  2⤵
  PID:8512
- C:\Windows\System\RJhpHWp.exe
  C:\Windows\System\RJhpHWp.exe
  2⤵
  PID:8432
- C:\Windows\System\fOmNtBJ.exe
  C:\Windows\System\fOmNtBJ.exe
  2⤵
  PID:8496
- C:\Windows\System\ymfIBHJ.exe
  C:\Windows\System\ymfIBHJ.exe
  2⤵
  PID:8576
- C:\Windows\System\YMgzePw.exe
  C:\Windows\System\YMgzePw.exe
  2⤵
  PID:8644
- C:\Windows\System\soeDohG.exe
  C:\Windows\System\soeDohG.exe
  2⤵
  PID:8708
- C:\Windows\System\xFSabVW.exe
  C:\Windows\System\xFSabVW.exe
  2⤵
  PID:8776
- C:\Windows\System\pikTDda.exe
  C:\Windows\System\pikTDda.exe
  2⤵
  PID:8564
- C:\Windows\System\ytAzVJA.exe
  C:\Windows\System\ytAzVJA.exe
  2⤵
  PID:8844
- C:\Windows\System\NZrgKrO.exe
  C:\Windows\System\NZrgKrO.exe
  2⤵
  PID:8904
- C:\Windows\System\klQgkRS.exe
  C:\Windows\System\klQgkRS.exe
  2⤵
  PID:8968
- C:\Windows\System\yukFSIy.exe
  C:\Windows\System\yukFSIy.exe
  2⤵
  PID:9004
- C:\Windows\System\LNdNpDt.exe
  C:\Windows\System\LNdNpDt.exe
  2⤵
  PID:9016
- C:\Windows\System\PBwkfcF.exe
  C:\Windows\System\PBwkfcF.exe
  2⤵
  PID:8600
- C:\Windows\System\xaVsOWR.exe
  C:\Windows\System\xaVsOWR.exe
  2⤵
  PID:8664
- C:\Windows\System\gSFGxhK.exe
  C:\Windows\System\gSFGxhK.exe
  2⤵
  PID:8728
- C:\Windows\System\YEfQEww.exe
  C:\Windows\System\YEfQEww.exe
  2⤵
  PID:9068
- C:\Windows\System\QELwwBu.exe
  C:\Windows\System\QELwwBu.exe
  2⤵
  PID:8860
- C:\Windows\System\tEryils.exe
  C:\Windows\System\tEryils.exe
  2⤵
  PID:8956
- C:\Windows\System\KziGcKD.exe
  C:\Windows\System\KziGcKD.exe
  2⤵
  PID:9048
- C:\Windows\System\LMbxJah.exe
  C:\Windows\System\LMbxJah.exe
  2⤵
  PID:9132
- C:\Windows\System\ZGZXQwS.exe
  C:\Windows\System\ZGZXQwS.exe
  2⤵
  PID:9084
- C:\Windows\System\ejPWMjr.exe
  C:\Windows\System\ejPWMjr.exe
  2⤵
  PID:9120
- C:\Windows\System\Izlzvrl.exe
  C:\Windows\System\Izlzvrl.exe
  2⤵
  PID:9168
- C:\Windows\System\ywonbTG.exe
  C:\Windows\System\ywonbTG.exe
  2⤵
  PID:8272
- C:\Windows\System\QoZbipi.exe
  C:\Windows\System\QoZbipi.exe
  2⤵
  PID:8268
- C:\Windows\System\pHTFDnN.exe
  C:\Windows\System\pHTFDnN.exe
  2⤵
  PID:8384
- C:\Windows\System\VrcPtLa.exe
  C:\Windows\System\VrcPtLa.exe
  2⤵
  PID:8528
- C:\Windows\System\lxugpdI.exe
  C:\Windows\System\lxugpdI.exe
  2⤵
  PID:8676
- C:\Windows\System\IVxgCWJ.exe
  C:\Windows\System\IVxgCWJ.exe
  2⤵
  PID:8368
- C:\Windows\System\DkfKNpi.exe
  C:\Windows\System\DkfKNpi.exe
  2⤵
  PID:8492
- C:\Windows\System\EDNjOOK.exe
  C:\Windows\System\EDNjOOK.exe
  2⤵
  PID:8560
- C:\Windows\System\NGzkgul.exe
  C:\Windows\System\NGzkgul.exe
  2⤵
  PID:9000
- C:\Windows\System\eCxSZGL.exe
  C:\Windows\System\eCxSZGL.exe
  2⤵
  PID:8696
- C:\Windows\System\xuXGxFn.exe
  C:\Windows\System\xuXGxFn.exe
  2⤵
  PID:8856
- C:\Windows\System\CPGwcRm.exe
  C:\Windows\System\CPGwcRm.exe
  2⤵
  PID:9164
- C:\Windows\System\monIlMZ.exe
  C:\Windows\System\monIlMZ.exe
  2⤵
  PID:8284
- C:\Windows\System\IuHdiPK.exe
  C:\Windows\System\IuHdiPK.exe
  2⤵
  PID:8332
- C:\Windows\System\ekbBCJw.exe
  C:\Windows\System\ekbBCJw.exe
  2⤵
  PID:9032
- C:\Windows\System\HbUBsTX.exe
  C:\Windows\System\HbUBsTX.exe
  2⤵
  PID:9020
- C:\Windows\System\bSYjycx.exe
  C:\Windows\System\bSYjycx.exe
  2⤵
  PID:9228
- C:\Windows\System\ETdXaEC.exe
  C:\Windows\System\ETdXaEC.exe
  2⤵
  PID:9244
- C:\Windows\System\BtbSCEv.exe
  C:\Windows\System\BtbSCEv.exe
  2⤵
  PID:9260
- C:\Windows\System\bGzgJoD.exe
  C:\Windows\System\bGzgJoD.exe
  2⤵
  PID:9276
- C:\Windows\System\CEZOBUg.exe
  C:\Windows\System\CEZOBUg.exe
  2⤵
  PID:9292
- C:\Windows\System\zPXnSer.exe
  C:\Windows\System\zPXnSer.exe
  2⤵
  PID:9320
- C:\Windows\System\LlwAIXY.exe
  C:\Windows\System\LlwAIXY.exe
  2⤵
  PID:9336
- C:\Windows\System\oiqkwSR.exe
  C:\Windows\System\oiqkwSR.exe
  2⤵
  PID:9352
- C:\Windows\System\iWlWQTN.exe
  C:\Windows\System\iWlWQTN.exe
  2⤵
  PID:9368
- C:\Windows\System\FpkZKWu.exe
  C:\Windows\System\FpkZKWu.exe
  2⤵
  PID:9384
- C:\Windows\System\TxpMNtp.exe
  C:\Windows\System\TxpMNtp.exe
  2⤵
  PID:9404
- C:\Windows\System\UpOyVAA.exe
  C:\Windows\System\UpOyVAA.exe
  2⤵
  PID:9420
- C:\Windows\System\CeDZILR.exe
  C:\Windows\System\CeDZILR.exe
  2⤵
  PID:9436
- C:\Windows\System\FkRPBtT.exe
  C:\Windows\System\FkRPBtT.exe
  2⤵
  PID:9452
- C:\Windows\System\mayjZUM.exe
  C:\Windows\System\mayjZUM.exe
  2⤵
  PID:9468
- C:\Windows\System\CWubPnx.exe
  C:\Windows\System\CWubPnx.exe
  2⤵
  PID:9484
- C:\Windows\System\mPjHXGX.exe
  C:\Windows\System\mPjHXGX.exe
  2⤵
  PID:9500
- C:\Windows\System\EwRZzLR.exe
  C:\Windows\System\EwRZzLR.exe
  2⤵
  PID:9516
- C:\Windows\System\UqivPSk.exe
  C:\Windows\System\UqivPSk.exe
  2⤵
  PID:9532
- C:\Windows\System\dJfTFoJ.exe
  C:\Windows\System\dJfTFoJ.exe
  2⤵
  PID:9548
- C:\Windows\System\STfMPqd.exe
  C:\Windows\System\STfMPqd.exe
  2⤵
  PID:9564
- C:\Windows\System\vVeuDjS.exe
  C:\Windows\System\vVeuDjS.exe
  2⤵
  PID:9580
- C:\Windows\System\KGmHfQW.exe
  C:\Windows\System\KGmHfQW.exe
  2⤵
  PID:9596
- C:\Windows\System\mTFiuBR.exe
  C:\Windows\System\mTFiuBR.exe
  2⤵
  PID:9612
- C:\Windows\System\jkMaTAG.exe
  C:\Windows\System\jkMaTAG.exe
  2⤵
  PID:9628
- C:\Windows\System\AcpRkaz.exe
  C:\Windows\System\AcpRkaz.exe
  2⤵
  PID:9644
- C:\Windows\System\RPMdSQx.exe
  C:\Windows\System\RPMdSQx.exe
  2⤵
  PID:9660
- C:\Windows\System\RJiiqtB.exe
  C:\Windows\System\RJiiqtB.exe
  2⤵
  PID:9676
- C:\Windows\System\vVCIWmd.exe
  C:\Windows\System\vVCIWmd.exe
  2⤵
  PID:9692
- C:\Windows\System\ZGbFmws.exe
  C:\Windows\System\ZGbFmws.exe
  2⤵
  PID:9708
- C:\Windows\System\vaUedqw.exe
  C:\Windows\System\vaUedqw.exe
  2⤵
  PID:9724
- C:\Windows\System\sSBeGis.exe
  C:\Windows\System\sSBeGis.exe
  2⤵
  PID:9740
- C:\Windows\System\HPfQmFb.exe
  C:\Windows\System\HPfQmFb.exe
  2⤵
  PID:9756
- C:\Windows\System\KKjgXTW.exe
  C:\Windows\System\KKjgXTW.exe
  2⤵
  PID:9772
- C:\Windows\System\iaWKoDn.exe
  C:\Windows\System\iaWKoDn.exe
  2⤵
  PID:9788
- C:\Windows\System\oFTYRln.exe
  C:\Windows\System\oFTYRln.exe
  2⤵
  PID:9804
- C:\Windows\System\gFfhuDw.exe
  C:\Windows\System\gFfhuDw.exe
  2⤵
  PID:10000
- C:\Windows\System\ZZfBpgb.exe
  C:\Windows\System\ZZfBpgb.exe
  2⤵
  PID:10016
- C:\Windows\System\FYiKhOr.exe
  C:\Windows\System\FYiKhOr.exe
  2⤵
  PID:10032
- C:\Windows\System\pTMPnfr.exe
  C:\Windows\System\pTMPnfr.exe
  2⤵
  PID:10048
- C:\Windows\System\ZJawLwQ.exe
  C:\Windows\System\ZJawLwQ.exe
  2⤵
  PID:10068
- C:\Windows\System\lsrWJae.exe
  C:\Windows\System\lsrWJae.exe
  2⤵
  PID:10084
- C:\Windows\System\ctBHLpa.exe
  C:\Windows\System\ctBHLpa.exe
  2⤵
  PID:10100
- C:\Windows\System\kayVnln.exe
  C:\Windows\System\kayVnln.exe
  2⤵
  PID:10116
- C:\Windows\System\KPitPfu.exe
  C:\Windows\System\KPitPfu.exe
  2⤵
  PID:10132
- C:\Windows\System\IHGRTGf.exe
  C:\Windows\System\IHGRTGf.exe
  2⤵
  PID:10148
- C:\Windows\System\UNDcMpB.exe
  C:\Windows\System\UNDcMpB.exe
  2⤵
  PID:10164
- C:\Windows\System\UcGQJAh.exe
  C:\Windows\System\UcGQJAh.exe
  2⤵
  PID:10180
- C:\Windows\System\goKnowX.exe
  C:\Windows\System\goKnowX.exe
  2⤵
  PID:10196
- C:\Windows\System\wvrzWkK.exe
  C:\Windows\System\wvrzWkK.exe
  2⤵
  PID:10212
- C:\Windows\System\zbzkSsW.exe
  C:\Windows\System\zbzkSsW.exe
  2⤵
  PID:10232
- C:\Windows\System\RBSFwnx.exe
  C:\Windows\System\RBSFwnx.exe
  2⤵
  PID:9136
- C:\Windows\System\lZbFoBd.exe
  C:\Windows\System\lZbFoBd.exe
  2⤵
  PID:8628
- C:\Windows\System\RFBueOj.exe
  C:\Windows\System\RFBueOj.exe
  2⤵
  PID:8508
- C:\Windows\System\KaBQuiA.exe
  C:\Windows\System\KaBQuiA.exe
  2⤵
  PID:8892
- C:\Windows\System\uaOQeAE.exe
  C:\Windows\System\uaOQeAE.exe
  2⤵
  PID:9200
- C:\Windows\System\LZapLWk.exe
  C:\Windows\System\LZapLWk.exe
  2⤵
  PID:9240
- C:\Windows\System\TJAFebA.exe
  C:\Windows\System\TJAFebA.exe
  2⤵
  PID:8744
- C:\Windows\System\vlCGAIu.exe
  C:\Windows\System\vlCGAIu.exe
  2⤵
  PID:9512
- C:\Windows\System\FrUKSaH.exe
  C:\Windows\System\FrUKSaH.exe
  2⤵
  PID:9576
- C:\Windows\System\qHpTftp.exe
  C:\Windows\System\qHpTftp.exe
  2⤵
  PID:9364
- C:\Windows\System\uEucqyc.exe
  C:\Windows\System\uEucqyc.exe
  2⤵
  PID:9556
- C:\Windows\System\ZQoWbat.exe
  C:\Windows\System\ZQoWbat.exe
  2⤵
  PID:9428
- C:\Windows\System\PHSZkrH.exe
  C:\Windows\System\PHSZkrH.exe
  2⤵
  PID:9496
- C:\Windows\System\MNMEQax.exe
  C:\Windows\System\MNMEQax.exe
  2⤵
  PID:9592
- C:\Windows\System\pbmUdnQ.exe
  C:\Windows\System\pbmUdnQ.exe
  2⤵
  PID:9700
- C:\Windows\System\NnzsabA.exe
  C:\Windows\System\NnzsabA.exe
  2⤵
  PID:9736
- C:\Windows\System\XsHRzyL.exe
  C:\Windows\System\XsHRzyL.exe
  2⤵
  PID:9652
- C:\Windows\System\ppKQZFY.exe
  C:\Windows\System\ppKQZFY.exe
  2⤵
  PID:9748
- C:\Windows\System\UhyHNUK.exe
  C:\Windows\System\UhyHNUK.exe
  2⤵
  PID:9768
- C:\Windows\System\qZSZEjn.exe
  C:\Windows\System\qZSZEjn.exe
  2⤵
  PID:9832
- C:\Windows\System\IHsXBFH.exe
  C:\Windows\System\IHsXBFH.exe
  2⤵
  PID:10008
- C:\Windows\System\ppatKIc.exe
  C:\Windows\System\ppatKIc.exe
  2⤵
  PID:9856
- C:\Windows\System\oNrqLUz.exe
  C:\Windows\System\oNrqLUz.exe
  2⤵
  PID:9880
- C:\Windows\System\SQsibMN.exe
  C:\Windows\System\SQsibMN.exe
  2⤵
  PID:9896
- C:\Windows\System\GRyZQtc.exe
  C:\Windows\System\GRyZQtc.exe
  2⤵
  PID:9912
- C:\Windows\System\VzQikjh.exe
  C:\Windows\System\VzQikjh.exe
  2⤵
  PID:9928
- C:\Windows\System\JMMrmTT.exe
  C:\Windows\System\JMMrmTT.exe
  2⤵
  PID:9944
- C:\Windows\System\pHxKIiq.exe
  C:\Windows\System\pHxKIiq.exe
  2⤵
  PID:9960
- C:\Windows\System\bZwwHUD.exe
  C:\Windows\System\bZwwHUD.exe
  2⤵
  PID:9976
- C:\Windows\System\ogJPYOJ.exe
  C:\Windows\System\ogJPYOJ.exe
  2⤵
  PID:9992
- C:\Windows\System\UxTWMtT.exe
  C:\Windows\System\UxTWMtT.exe
  2⤵
  PID:10040
- C:\Windows\System\NPddSxZ.exe
  C:\Windows\System\NPddSxZ.exe
  2⤵
  PID:10060
- C:\Windows\System\SKUrPwD.exe
  C:\Windows\System\SKUrPwD.exe
  2⤵
  PID:10108
- C:\Windows\System\WnmfOMO.exe
  C:\Windows\System\WnmfOMO.exe
  2⤵
  PID:10096
- C:\Windows\System\LWyHDNE.exe
  C:\Windows\System\LWyHDNE.exe
  2⤵
  PID:10208
- C:\Windows\System\oZRyQzZ.exe
  C:\Windows\System\oZRyQzZ.exe
  2⤵
  PID:10128
- C:\Windows\System\GLVqRsD.exe
  C:\Windows\System\GLVqRsD.exe
  2⤵
  PID:8920
- C:\Windows\System\faNgZrU.exe
  C:\Windows\System\faNgZrU.exe
  2⤵
  PID:9272
- C:\Windows\System\nfeuHAE.exe
  C:\Windows\System\nfeuHAE.exe
  2⤵
  PID:9104
- C:\Windows\System\cEYqDJR.exe
  C:\Windows\System\cEYqDJR.exe
  2⤵
  PID:8936
- C:\Windows\System\MikAsQv.exe
  C:\Windows\System\MikAsQv.exe
  2⤵
  PID:9300
- C:\Windows\System\XzyLNDb.exe
  C:\Windows\System\XzyLNDb.exe
  2⤵
  PID:8876
- C:\Windows\System\BPkmmbx.exe
  C:\Windows\System\BPkmmbx.exe
  2⤵
  PID:9220
- C:\Windows\System\wBGloAA.exe
  C:\Windows\System\wBGloAA.exe
  2⤵
  PID:9284
- C:\Windows\System\UUIzAVq.exe
  C:\Windows\System\UUIzAVq.exe
  2⤵
  PID:9304
- C:\Windows\System\QYutwwI.exe
  C:\Windows\System\QYutwwI.exe
  2⤵
  PID:9380
- C:\Windows\System\LESyQtN.exe
  C:\Windows\System\LESyQtN.exe
  2⤵
  PID:9416
- C:\Windows\System\ZPlbPnb.exe
  C:\Windows\System\ZPlbPnb.exe
  2⤵
  PID:9328
- C:\Windows\System\tvBjFGK.exe
  C:\Windows\System\tvBjFGK.exe
  2⤵
  PID:9544
- C:\Windows\System\VHrHumv.exe
  C:\Windows\System\VHrHumv.exe
  2⤵
  PID:9560
- C:\Windows\System\NLmxMfL.exe
  C:\Windows\System\NLmxMfL.exe
  2⤵
  PID:9668
- C:\Windows\System\YVUjtQA.exe
  C:\Windows\System\YVUjtQA.exe
  2⤵
  PID:9624
- C:\Windows\System\AvNlHwo.exe
  C:\Windows\System\AvNlHwo.exe
  2⤵
  PID:9796
- C:\Windows\System\tEKMsZe.exe
  C:\Windows\System\tEKMsZe.exe
  2⤵
  PID:9864
- C:\Windows\System\mwMZWin.exe
  C:\Windows\System\mwMZWin.exe
  2⤵
  PID:9688
- C:\Windows\System\xaZKLbh.exe
  C:\Windows\System\xaZKLbh.exe
  2⤵
  PID:9824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AOnDgSn.exe

Filesize
6.0MB

MD5
cdb731bee135bf565c1ff4dd96f0041a

SHA1
46de36adb3769fe23f7cb1478d1358d071659840

SHA256
c7a5e42f7d095bfbf64bfcfbd17a7f5ab4c09ba17b7c0df61b77643cc5e4f2a1

SHA512
68d96a163859ec305846452ef151e77f1b9531ebd64761884910b2a36ee98b09e70eb6edc2fb4b6648d4233de1a364ac57d15161981012f76e57d5d12e9a7f22

Download Submit
C:\Windows\system\AOxTfKz.exe

Filesize
6.0MB

MD5
36393da77c392856c6f998ff73b16456

SHA1
a129928e5dfb1a9b48716255555859c5f26498bc

SHA256
f7f86f4fea9c0d1959a79ef9ae8761b37d6c1b8ce774268f982c9e9e1aa2fcbc

SHA512
fee28c40afb9eda6c9fb3fa6dea82c5399198e630824be22188a51866cee9e20f0f665f7df683b01c83991a32e7c82ad85aef3eb35c4c0c1a963163899b9be80

Download Submit
C:\Windows\system\DCkRpDI.exe

Filesize
6.0MB

MD5
de90b4bb49d62f2ed4d897a4b13ed518

SHA1
44f5638045d30c5fbe963e8073ef89a3d26b9aed

SHA256
a809054a1577d153eb5ca1e0a5656cc090b25d3b046560e67d574567d7ae87c5

SHA512
fc6cd9386b2a5c1055b95101741df0751151e5ed01d7d2ce4310030ee4bac9b3bfea9ba458774a05640843b37f36b3490f7520a740af9be87c87cb40d5c9fc82

Download Submit
C:\Windows\system\DqNWpok.exe

Filesize
6.0MB

MD5
1eb2e4f4eaffce050fbe001ff60e2ad0

SHA1
9a0d076c5f0cc0f6fccdd4f19a12dd7a180f4c11

SHA256
c859d1151374fc91bc86020e0727279cbc86184ba603de30a31f9bebefbc218f

SHA512
5f9070ef4d0107b6bcc2e693e0a3c21c410ebf9ce36d4cb81c83bd7539051c9c7fdbd9626b1d396d70bafe8dc88abda663df612efb7e5c25313f54f7ee1a52ce

Download Submit
C:\Windows\system\DsjCEQr.exe

Filesize
6.0MB

MD5
96e62757fc088fd77adff368d57a37f5

SHA1
e1a8840c809a6687a8941cabad987e36e9c054fa

SHA256
7e37b4eb1298fdc086fbb587df7c04fabed5f71655ed6776d5ee75df86097db2

SHA512
156766355a2f4ddf9d7d42456f0c6ee96b1e6bd44dc1f6b3b79c4c2ba768d7fa8d2ee0177f449c19668e011cb6b066c6cd33372642d84c55460981716762b630

Download Submit
C:\Windows\system\GhgZEBv.exe

Filesize
6.0MB

MD5
dad9566da60b3f90f2a73cdfe1629d1c

SHA1
087d69178eaf9f0fe4b199fa6648dc64418b4660

SHA256
e0b27b01cd3746b7b4b376fdce8af5d28f2a68835a5410c0af70946901b1d6af

SHA512
c424dfb8769690c794ad1fe02bc560aff8f46dc51bd5128d954e2932e9849f0f6a7a6ffe8a030474c5737899ef4e2372073679fde72f7294e95499f564645af6

Download Submit
C:\Windows\system\JbWSBYj.exe

Filesize
6.0MB

MD5
ef8ab2282e7f4d05184112ef467b5d75

SHA1
d2dc5a4ff3d8a81e16a3115794b713392c17aab0

SHA256
e27eca8e8f9e0b681754a3d442ff141bdcd5f178a9d2aa9454cc9d58836a40c7

SHA512
50bfaff917d7b6a9c606652b9ecc817e43659a56f4d0307ea51598bb46a069d6e7907dbf663a9f67b83ff973fdd00743fc1cd7c12adf04e63f8dc5a38c964c04

Download Submit
C:\Windows\system\Kbqgjuy.exe

Filesize
6.0MB

MD5
b543a903cd4f7a43204d53230ba448c5

SHA1
037a7d5ba997e248ea49b86174c006d695384854

SHA256
81a1a27aac7a6c18ae594b0b71f862b580cd47c779e6dd774eb43ed5fe278255

SHA512
7024e45b91da474493fd7635b90be8a56796ce529ef5bb877d669d4e493e7e00504c4c138af585fbdc9287d51468c9b9bea5e80ff5f9190796bf4ec40b623a47

Download Submit
C:\Windows\system\QZDgmwi.exe

Filesize
6.0MB

MD5
3050eaf989241d6822fc351154821a18

SHA1
4c6b5df7d0b2444e21c53e8e2be97d173964bad9

SHA256
580a4fe09e2215efc4cb948d7bf6cc2d59358e1c3aa157af55569e9e47080c55

SHA512
0d86fd6d8be3cf20a53273fc4ed2bd2989aeddbe3f77733d82444cdeaebbaf4b44ee0a0a3489bb78b31e32d6e5f8844f927b1c9155cb48740ce4d9138127af5e

Download Submit
C:\Windows\system\QkHHbFr.exe

Filesize
6.0MB

MD5
c34c66bc76b54460c7bfa15eac769eae

SHA1
19487824b58e6606d4b6d4b411e80a5a1cee99fa

SHA256
992655faca28702826fe523d28b69d99ab5c1d2c67718f5ceec2cc0adb982adb

SHA512
d4367f5c81338170ec5df5cdcb1bf53eec9fb19d7bb376d14ceda4fd108a6e7da78a0108005f28881b8ba787e9fb1708a2cd4af6f6440935763beedff68dd3da

Download Submit
C:\Windows\system\SjgtRay.exe

Filesize
6.0MB

MD5
54b132f53532ae59575d69740a63a3c9

SHA1
d318b5c9a5da85a337eb6b75c00cf1dfd568204f

SHA256
b771a6912fdccff055909221d6bd6adf3953254192a5ea2673cd5108e7e3da4f

SHA512
307ed3751d7f4dfcc83cda20f31ffe90543403cb2189efe5b566b6da51f7e25852654eb8df0000aa8e6ed69c62aa4305954ec088e00748846389e61f554bea8d

Download Submit
C:\Windows\system\YFbnSXf.exe

Filesize
6.0MB

MD5
13b4edb5f6b48e80bbfe0b583a716f1d

SHA1
65ca2036183124ee090b0be0463fbd2679200c23

SHA256
5f96a8f52d52231ef7e231127b6bbf6edce42b7d73b8ef3ac53fa70c33d28704

SHA512
64196d325510c331fa6e4c8063cac249e9e516c884e23a0e50804844bdd9f625ef2474c3870ed1b3f68a82e7870199beda69fcc86901e5acf946f14758f0e048

Download Submit
C:\Windows\system\cSTCBwd.exe

Filesize
6.0MB

MD5
86768a863007b53ea3f2f81af8499bae

SHA1
3585c7b2ea8fae27f485fdde2376ab9bd99f41a5

SHA256
f911b6d005fc37e5bbf641af214e9719f2fb458eb784dc47a2b61073af60e79c

SHA512
6af01e60e3995b263be5a902945ef222c7fd8f02c71132023bcabe2848f5bccb30b454c0d9cd8a348c237a5c61889047bb2b27b20bfb4b75ac62223c791474a3

Download Submit
C:\Windows\system\jAuDcHH.exe

Filesize
6.0MB

MD5
6112e1ca422418a1d0da31dd39e05c71

SHA1
ee149bcdcf94a72d001a1e5e3f4dbf7a634f8a58

SHA256
58fa0b39477cae88ab52a13fca0b5c77b43690fae03d6c77b75e3fc3575766bc

SHA512
a4f0f811ffb97549d58ed3f51f9803d8c5546e25133d6224e21221677205af1462428cb252a1c490c62fc381aa32415590c1a924ae75b7199d1a801c7b87b9a7

Download Submit
C:\Windows\system\kwHhUqr.exe

Filesize
6.0MB

MD5
2ee73957e128dc2e10f1d949e5ff64d2

SHA1
000cd50d919c87257732d454815376e39da84260

SHA256
6fb0b567d21a8aeb2955a897e49091a6a0577a8a5326293a8905ba1329cb1b36

SHA512
c3410b53c1ed1b8323c397b6a5f8f995f3cc186b50d4a57689f1ac503c0e80987386aaafeccc91f7ecec2bd705eef6ea0dbf388fca3826242c6c0dfb72b611fa

Download Submit
C:\Windows\system\mZCOIDk.exe

Filesize
6.0MB

MD5
ed1392974ed604ed6eea1a4fa61bdc07

SHA1
1e41540170ee7dba2446e21d0b6ca8264e5a1095

SHA256
a8a0beda483ecb1a3c4c7ba7e48fd733dd69028b1c528362f9aa2d464bfe3cf7

SHA512
a9b46686b8486808b0561eb6f6a87fd38c3aae956e8ab934328b01485f8f4c7286ce57b14293f7012e5e4f9b2abb8017f5198cc4037c96b709ddff39cf7068ea

Download Submit
C:\Windows\system\qVNMSdq.exe

Filesize
6.0MB

MD5
d758aca7db92850f6162b5d82f977392

SHA1
90f1ba5f0f3af02aa9bc3eefa86216191f6fa673

SHA256
cd85ddf2c3e2699a8d7e8dba6a161210f9058c0473bc2e3d88bab0e8ab3b0e29

SHA512
b587ed6575e7b981045d7e53ffdba8834df707122ba4d9765697ba77e3b7dc49b47892a496a23298db3285e0d0f66c1cb0f0570f17f4a8dbf6bbae2851f799ee

Download Submit
C:\Windows\system\rDfzwAV.exe

Filesize
6.0MB

MD5
fd80a4aaefe26fbe4e79ddd60ed8784f

SHA1
35fca2733fad94d02ef7d76462e4409054317ac6

SHA256
b7364b22e4c6dd657ffc2c9c91ceead71c1f701e663b75756bab8518efb59aee

SHA512
69d7424f8ff208a18ddacfd49ccef80050d1525bf5db3222073b8256dc0782e05a94c968133d0f3a45c4461f5e06b22015b852aec1eb2fc8b7af825e822168a2

Download Submit
C:\Windows\system\sOfPdrf.exe

Filesize
6.0MB

MD5
a21cff6a93d2675829657af1d918f6ba

SHA1
7563ab51d7217455c504afd6ca517d37007feda7

SHA256
d3d8f5c5aa07ab091e55c922749d2f556c860174d2efaf2da29eedf89657b39f

SHA512
cce03a8d613900fc6d2294ddb72f3ba8ad26920cf03b028ddf08d4e4ff4fec04b3ea39888cac313993630e93bf187624f0af533c709b6a6dc69eb8d71ad5a398

Download Submit
C:\Windows\system\sdITdeb.exe

Filesize
6.0MB

MD5
57b403bfd17b50855507d4333294f920

SHA1
38804582c1797247c7ca6e6cea397657800f38e4

SHA256
988f19f731578f21369d80c66fa101a5f69040b16572c6b9676593f9c2bff811

SHA512
19a3da2a98b60e8894cd8aaff510ac7139aa5168d4162c3aa2bed0422d506eefd109b31fb76c4c884d315f7380dc0eb3b7070d4e93adabc282283bd318682582

Download Submit
C:\Windows\system\xXbyetX.exe

Filesize
6.0MB

MD5
13fcf97d8c1c861ca8839ea62aee4aea

SHA1
ed234eb3a90b8004be47c7f2f7d3ae0713bf4463

SHA256
bcf3326728a3d70d1f440a4ea895a61a07d43dc25aab7e71b673d9acec8ba026

SHA512
74521eab65f59a9225f59defb80f399a79b05bf294d92bb5859c0e250bfb6b694565cdaf929bc0cd354cacb60f57ebf7cb3907bd99f444a74c63cd804ee51c30

Download Submit
C:\Windows\system\zimROfa.exe

Filesize
6.0MB

MD5
983bff78a816492971c0003b1b5e67c5

SHA1
df77d3fa5118ea5bffa37711d32d5035e3eff991

SHA256
f9e89355198a53d688dc041ace98b51e22abc321e2f7f546ac2c310f59111fb3

SHA512
40afa800dbdf7bdfa07e1281dd900e51e1c357b19a1b7ac6c6c09673332740cfde8f280de8747f45c2075bb71132da595ff13b1dc419e1d0d533a4444bb28d6c

Download Submit
C:\Windows\system\zkyIYUw.exe

Filesize
6.0MB

MD5
081dc492857d8aaab64bf6975f0af42e

SHA1
795c63da70029f10d234ec514760ba75c8ae174c

SHA256
9ef83a210c5fd0772cd95e2da8ff992a8b8a70178830ba2e9239bcc9106c4c2e

SHA512
1b756bd8680e7a9f2e9ecf2267b02535677410e0f16ad938663ee39f86cc7c135dc1e70a891340e34d1db95062acb74173b56614943ef13552e1df925788c350

Download Submit
\Windows\system\APckgVb.exe

Filesize
6.0MB

MD5
4dd3732989d08d21ea93e86e8371d276

SHA1
6b7e5585513cfae4aef94686fcc60d7e8c08b80f

SHA256
95e4bc5ba4714679c51aae8cc2256ea8cc0b41c637c7dd2a7a8b9205e3323317

SHA512
a24920b967ec4162c1f52fd1cdd7f984baebc8543b024ab647f80f0f310191aa583cf6526ef90bed51a4c8c9c73b9cad3ffd652b1aad25299a86dfe30895864a

Download Submit
\Windows\system\RFuoOxd.exe

Filesize
6.0MB

MD5
106db70d4400e0b3837b25cb929248f6

SHA1
c465cfc0f78c717ed838f753761fead8a1e24c7e

SHA256
a12d6da05070d4d2e11cd28e053eec0f67c46b1af8208583b78cba264cd23b27

SHA512
4d8b31c9b13d71a71d9322e345d82a352f1214a39a0e8120bf3f6665fb1c03184ebfd72d33c2e76ab450fc0524f344d1dbc5b721d9e4c8b01fe2901d276b3cb3

Download Submit
\Windows\system\SyaHlcs.exe

Filesize
6.0MB

MD5
a1a54ccfa4e3c6ad4b1f0ca7054dcd00

SHA1
c23a0d8a6a089c87e7fb26220eb1e02b9495313d

SHA256
3506ad5c6e6dc1b0b423f86cffd9dce614ddb79ad82c9c443eeb342d33231ea9

SHA512
45ee73cbee88614abb10c0817025a22d9af7b38addedaa5915776d4f6038f6bf2815d66a7bbfd7a65ef30f040aed9fd23068082f1b5c89cff46998342087d08b

Download Submit
\Windows\system\UgcHrJG.exe

Filesize
6.0MB

MD5
38df6e3611162d2b95b9a11ed72a0fb3

SHA1
73b02dc74989bef9fae09b5ac14f84a4baefd1d0

SHA256
1220b32ad1d64fc8b99f9587e0400c14a44cb531b84a11a977a40d4f9b6be7aa

SHA512
c6339fd4e6c4e63fb18b44b931a6a97eefd14e65c24b59c941989ea89f1436eb905bd6f2dc7f009607339d7074ba8633b3f62ca7959ff41fa9abb0e48f68929c

Download Submit
\Windows\system\VggBgtt.exe

Filesize
6.0MB

MD5
9dabbbba79d42bce86beedd5487b6e7a

SHA1
554015d3085f3defbe0ad7980681bc5f15593290

SHA256
9b4d365f03ae807b9a96716be241c012b5d01a9b6b4a07477a6f22648aca333c

SHA512
7f76382c03b4597e4e4146848847486f7f641525706b8d4005f3a5505bf97fabb33f44d294c7ac160cd0857416edf18ae561fd5f0e35302bfb8f4d471cc02213

Download Submit
\Windows\system\VicODtP.exe

Filesize
6.0MB

MD5
40c227bfc04a35c0f760c15ffb1dc6c4

SHA1
a4ec17727348eb360b096f552b5fb5d661e9e98a

SHA256
1c5b46bb437e9a4846f193a1e4bce44979010f0ea071fc50fd59e122d21f8dbc

SHA512
c5812fb88f7eb23397d890f498709000bd8202b54732fc492f1dccb134465f1c6341460e5b0a46174a999d0d103b524543c8a4d035f3cbca4360cbc76f4422bb

Download Submit
\Windows\system\XKJPHwz.exe

Filesize
6.0MB

MD5
d7c47795a1a3a3ad938ad7d2da03fb5c

SHA1
829e65871e4bbc6285b479621af0a499c5b85548

SHA256
ccd0482e6fcbf8b4ef50468f9207c62def983e8511a3f2d32b9a1ca0ed981a9b

SHA512
456b9f4f8cd311430aa870d9b638df3d2c0d6f4c48fb3357b066737e958f661249fb352d8844ab1ccd505626d54eb50ba229d76e670c637f47a610d52a7a815c

Download Submit
\Windows\system\fOyQXEB.exe

Filesize
6.0MB

MD5
f70e5fde145bcc8a3e88b01b4f526ea4

SHA1
a4f36867d6a50d226f1aee9e7a514eeaa67addb0

SHA256
19f82e3eb08cc4ce73ebb5816d5da798c1533fe50bd93b37f27016b839c2bb91

SHA512
924d8486a229f2913aa0d6f9f5324fe035dc37901e02d76180c5f50c4e82179e6e270f416d2f24b13dc6de522fdf0bc037f814c226e76365494a03a090ad54ce

Download Submit
\Windows\system\xIvnlJz.exe

Filesize
6.0MB

MD5
eafd477065b931344870676b8b3cd9e8

SHA1
de6a195dbdb8eab9f60a8405943146278321f0b2

SHA256
bd7cdca8dcd023c3760862d6291b24c9d2a0bcdf33c8c77003297e74ba1e739a

SHA512
b9bc7c0b6e25ec38c6bdb226bf5a92d142c2de6e4eb437c41579e0f4f0b7e54761258a10159180877e2a30b5442000dde51bf8f3d140bf9852aef6c59ebdd2a6

Download Submit
memory/1664-21-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1664-3786-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2008-92-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-36-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-3792-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-25-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2092-58-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2092-131-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2092-61-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-103-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2092-0-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2092-27-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2092-3801-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2092-85-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2092-28-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2092-3796-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2092-553-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2092-113-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2092-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2092-34-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2092-44-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2092-72-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2092-840-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2092-78-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2092-725-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2092-8-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2092-62-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2412-30-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2412-84-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3787-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3788-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2516-20-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2668-86-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2668-726-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3794-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2728-60-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3791-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-64-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2756-366-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3798-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3790-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2812-55-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2812-99-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3797-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-71-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-59-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3789-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-79-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3793-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3785-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2960-17-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3795-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3068-109-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download