cobaltstrike | 07e5743c4f1375cec500e5fa144a9826a7c5eebcc89e13ec782802cd07609687

Analysis

max time kernel
96s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8e3338a5555da9055a21dbae3b42a1a3
SHA1

db12fcba793a96e8b63da19eabebaf968003a423
SHA256

07e5743c4f1375cec500e5fa144a9826a7c5eebcc89e13ec782802cd07609687
SHA512

03667a517589d5e4004ed3df7ca5b50b7dd784e4846c4e81adb16e56fbf5b1d2ba4b0bb62fae61050913e011b84b50b405f7bb320ae9aa42fe63b13ccfa902d5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral2/files/0x0007000000023ca7-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-46.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-58.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-65.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-94.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-101.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-118.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-157.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc1-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc3-178.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc2-176.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc6-189.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-187.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc5-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc0-168.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-153.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-110.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-88.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ca4-81.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-42.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-24.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ca3-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2964-0-0x00007FF776940000-0x00007FF776C94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca7-10.dat	xmrig
behavioral2/memory/1100-8-0x00007FF66A1C0000-0x00007FF66A514000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca8-11.dat	xmrig
behavioral2/memory/860-13-0x00007FF7DCF10000-0x00007FF7DD264000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caa-28.dat	xmrig
behavioral2/files/0x0007000000023cab-34.dat	xmrig
behavioral2/memory/1112-38-0x00007FF6AA030000-0x00007FF6AA384000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-46.dat	xmrig
behavioral2/files/0x0007000000023cae-53.dat	xmrig
behavioral2/files/0x0007000000023caf-58.dat	xmrig
behavioral2/files/0x0007000000023cb0-65.dat	xmrig
behavioral2/memory/3204-70-0x00007FF604350000-0x00007FF6046A4000-memory.dmp	xmrig
behavioral2/memory/860-75-0x00007FF7DCF10000-0x00007FF7DD264000-memory.dmp	xmrig
behavioral2/memory/1072-77-0x00007FF65CE10000-0x00007FF65D164000-memory.dmp	xmrig
behavioral2/memory/388-84-0x00007FF7810F0000-0x00007FF781444000-memory.dmp	xmrig
behavioral2/memory/2820-90-0x00007FF743D00000-0x00007FF744054000-memory.dmp	xmrig
behavioral2/memory/4436-89-0x00007FF710C60000-0x00007FF710FB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb3-94.dat	xmrig
behavioral2/files/0x0007000000023cb4-101.dat	xmrig
behavioral2/memory/5052-103-0x00007FF6B0FE0000-0x00007FF6B1334000-memory.dmp	xmrig
behavioral2/memory/3288-109-0x00007FF655860000-0x00007FF655BB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb7-115.dat	xmrig
behavioral2/files/0x0007000000023cb8-118.dat	xmrig
behavioral2/memory/1544-122-0x00007FF75CEF0000-0x00007FF75D244000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cba-131.dat	xmrig
behavioral2/files/0x0007000000023cbb-136.dat	xmrig
behavioral2/files/0x0007000000023cbd-148.dat	xmrig
behavioral2/files/0x0007000000023cbc-146.dat	xmrig
behavioral2/files/0x0007000000023cbf-157.dat	xmrig
behavioral2/files/0x0007000000023cc1-165.dat	xmrig
behavioral2/files/0x0007000000023cc3-178.dat	xmrig
behavioral2/files/0x0007000000023cc2-176.dat	xmrig
behavioral2/memory/4452-389-0x00007FF68F1A0000-0x00007FF68F4F4000-memory.dmp	xmrig
behavioral2/memory/5112-388-0x00007FF624B80000-0x00007FF624ED4000-memory.dmp	xmrig
behavioral2/memory/588-387-0x00007FF75C200000-0x00007FF75C554000-memory.dmp	xmrig
behavioral2/memory/3092-395-0x00007FF6DB5B0000-0x00007FF6DB904000-memory.dmp	xmrig
behavioral2/memory/2980-404-0x00007FF61BEF0000-0x00007FF61C244000-memory.dmp	xmrig
behavioral2/memory/3320-406-0x00007FF76B1A0000-0x00007FF76B4F4000-memory.dmp	xmrig
behavioral2/memory/3128-409-0x00007FF6355E0000-0x00007FF635934000-memory.dmp	xmrig
behavioral2/memory/1380-408-0x00007FF77B5A0000-0x00007FF77B8F4000-memory.dmp	xmrig
behavioral2/memory/2348-400-0x00007FF69F600000-0x00007FF69F954000-memory.dmp	xmrig
behavioral2/memory/4044-398-0x00007FF60DEB0000-0x00007FF60E204000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc6-189.dat	xmrig
behavioral2/files/0x0007000000023cc4-187.dat	xmrig
behavioral2/files/0x0007000000023cc5-185.dat	xmrig
behavioral2/files/0x0007000000023cc0-168.dat	xmrig
behavioral2/files/0x0007000000023cbe-153.dat	xmrig
behavioral2/memory/2544-135-0x00007FF6ABE80000-0x00007FF6AC1D4000-memory.dmp	xmrig
behavioral2/memory/3148-133-0x00007FF68F8B0000-0x00007FF68FC04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb9-126.dat	xmrig
behavioral2/files/0x0007000000023cb5-110.dat	xmrig
behavioral2/memory/2956-107-0x00007FF7CE2B0000-0x00007FF7CE604000-memory.dmp	xmrig
behavioral2/memory/1112-104-0x00007FF6AA030000-0x00007FF6AA384000-memory.dmp	xmrig
behavioral2/memory/4888-97-0x00007FF6C1CD0000-0x00007FF6C2024000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb2-88.dat	xmrig
behavioral2/memory/4072-83-0x00007FF623240000-0x00007FF623594000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ca4-81.dat	xmrig
behavioral2/files/0x0007000000023cb1-74.dat	xmrig
behavioral2/memory/1100-66-0x00007FF66A1C0000-0x00007FF66A514000-memory.dmp	xmrig
behavioral2/memory/3276-63-0x00007FF7F7440000-0x00007FF7F7794000-memory.dmp	xmrig
behavioral2/memory/2964-62-0x00007FF776940000-0x00007FF776C94000-memory.dmp	xmrig
behavioral2/memory/4908-56-0x00007FF794770000-0x00007FF794AC4000-memory.dmp	xmrig
behavioral2/memory/3504-50-0x00007FF7D37E0000-0x00007FF7D3B34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

amdWhQQ.exeFZIiXpC.exeOeimEut.exeifAKOpD.exeaOecMIM.exeNIQbqjA.exeFguCvFi.exeCOZKmAm.exeXVoHAjQ.exeDNOYKvQ.exeZyeTOzO.exexNkHsrd.exeoiBtnmm.exeSwntvFy.exedzZpRDs.exeVMuTbBd.exetLzaduh.exeFHcaoIi.exeWKRAlUY.exevqVqzsW.exegzEnIeU.exeYsDuDYh.exeZMyVlQs.exeBsExxHt.exePiuhzVP.exeKeZLNOz.exertGdGva.exeTSfaaGF.exePUJnaVE.exeScVJwNP.exepJtuqqv.exeJlDytrR.exewvyDssf.exehIfyRJh.exeUwgASYS.exeHTGHaut.exeRYzSwIT.exeyGdeGnm.exeIfVTOri.exeQxqMKGR.exedIuKLEv.exejNqGZSk.exepTfrWoa.exeidGXpny.exebfoZWnf.exelVmEnXr.exeZyZCCLb.exeCusAVgB.exeSPdoNUS.exeIHbonwB.exeYyPxyey.exelyaqeoo.exeNzAYUjC.exeEFWThpR.exeSRcqapd.exehUBpidJ.exeKVBXHAv.exejoWMMpu.exegkIMWoV.exeCiKgYEE.exedWLxfZp.exelgnxfTh.exeMzyNyEd.exeAHYjEDW.exe

pid	Process
1100	amdWhQQ.exe
860	FZIiXpC.exe
4072	OeimEut.exe
4436	ifAKOpD.exe
4888	aOecMIM.exe
1112	NIQbqjA.exe
3288	FguCvFi.exe
3504	COZKmAm.exe
4908	XVoHAjQ.exe
3276	DNOYKvQ.exe
3204	ZyeTOzO.exe
1072	xNkHsrd.exe
388	oiBtnmm.exe
2820	SwntvFy.exe
5052	dzZpRDs.exe
2956	VMuTbBd.exe
1544	tLzaduh.exe
588	FHcaoIi.exe
3148	WKRAlUY.exe
5112	vqVqzsW.exe
2544	gzEnIeU.exe
3128	YsDuDYh.exe
4452	ZMyVlQs.exe
3092	BsExxHt.exe
4044	PiuhzVP.exe
2348	KeZLNOz.exe
2980	rtGdGva.exe
3320	TSfaaGF.exe
1380	PUJnaVE.exe
2076	ScVJwNP.exe
1868	pJtuqqv.exe
2696	JlDytrR.exe
1824	wvyDssf.exe
2628	hIfyRJh.exe
2536	UwgASYS.exe
3340	HTGHaut.exe
1240	RYzSwIT.exe
868	yGdeGnm.exe
3520	IfVTOri.exe
4584	QxqMKGR.exe
1604	dIuKLEv.exe
2900	jNqGZSk.exe
948	pTfrWoa.exe
2400	idGXpny.exe
3272	bfoZWnf.exe
1408	lVmEnXr.exe
888	ZyZCCLb.exe
4724	CusAVgB.exe
4300	SPdoNUS.exe
2424	IHbonwB.exe
3452	YyPxyey.exe
2624	lyaqeoo.exe
3164	NzAYUjC.exe
4280	EFWThpR.exe
2308	SRcqapd.exe
1464	hUBpidJ.exe
4800	KVBXHAv.exe
5060	joWMMpu.exe
1764	gkIMWoV.exe
1320	CiKgYEE.exe
3660	dWLxfZp.exe
4052	lgnxfTh.exe
1800	MzyNyEd.exe
1656	AHYjEDW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2964-0-0x00007FF776940000-0x00007FF776C94000-memory.dmp	upx
behavioral2/files/0x0007000000023ca7-10.dat	upx
behavioral2/memory/1100-8-0x00007FF66A1C0000-0x00007FF66A514000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-11.dat	upx
behavioral2/memory/860-13-0x00007FF7DCF10000-0x00007FF7DD264000-memory.dmp	upx
behavioral2/files/0x0007000000023caa-28.dat	upx
behavioral2/files/0x0007000000023cab-34.dat	upx
behavioral2/memory/1112-38-0x00007FF6AA030000-0x00007FF6AA384000-memory.dmp	upx
behavioral2/files/0x0007000000023cad-46.dat	upx
behavioral2/files/0x0007000000023cae-53.dat	upx
behavioral2/files/0x0007000000023caf-58.dat	upx
behavioral2/files/0x0007000000023cb0-65.dat	upx
behavioral2/memory/3204-70-0x00007FF604350000-0x00007FF6046A4000-memory.dmp	upx
behavioral2/memory/860-75-0x00007FF7DCF10000-0x00007FF7DD264000-memory.dmp	upx
behavioral2/memory/1072-77-0x00007FF65CE10000-0x00007FF65D164000-memory.dmp	upx
behavioral2/memory/388-84-0x00007FF7810F0000-0x00007FF781444000-memory.dmp	upx
behavioral2/memory/2820-90-0x00007FF743D00000-0x00007FF744054000-memory.dmp	upx
behavioral2/memory/4436-89-0x00007FF710C60000-0x00007FF710FB4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb3-94.dat	upx
behavioral2/files/0x0007000000023cb4-101.dat	upx
behavioral2/memory/5052-103-0x00007FF6B0FE0000-0x00007FF6B1334000-memory.dmp	upx
behavioral2/memory/3288-109-0x00007FF655860000-0x00007FF655BB4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb7-115.dat	upx
behavioral2/files/0x0007000000023cb8-118.dat	upx
behavioral2/memory/1544-122-0x00007FF75CEF0000-0x00007FF75D244000-memory.dmp	upx
behavioral2/files/0x0007000000023cba-131.dat	upx
behavioral2/files/0x0007000000023cbb-136.dat	upx
behavioral2/files/0x0007000000023cbd-148.dat	upx
behavioral2/files/0x0007000000023cbc-146.dat	upx
behavioral2/files/0x0007000000023cbf-157.dat	upx
behavioral2/files/0x0007000000023cc1-165.dat	upx
behavioral2/files/0x0007000000023cc3-178.dat	upx
behavioral2/files/0x0007000000023cc2-176.dat	upx
behavioral2/memory/4452-389-0x00007FF68F1A0000-0x00007FF68F4F4000-memory.dmp	upx
behavioral2/memory/5112-388-0x00007FF624B80000-0x00007FF624ED4000-memory.dmp	upx
behavioral2/memory/588-387-0x00007FF75C200000-0x00007FF75C554000-memory.dmp	upx
behavioral2/memory/3092-395-0x00007FF6DB5B0000-0x00007FF6DB904000-memory.dmp	upx
behavioral2/memory/2980-404-0x00007FF61BEF0000-0x00007FF61C244000-memory.dmp	upx
behavioral2/memory/3320-406-0x00007FF76B1A0000-0x00007FF76B4F4000-memory.dmp	upx
behavioral2/memory/3128-409-0x00007FF6355E0000-0x00007FF635934000-memory.dmp	upx
behavioral2/memory/1380-408-0x00007FF77B5A0000-0x00007FF77B8F4000-memory.dmp	upx
behavioral2/memory/2348-400-0x00007FF69F600000-0x00007FF69F954000-memory.dmp	upx
behavioral2/memory/4044-398-0x00007FF60DEB0000-0x00007FF60E204000-memory.dmp	upx
behavioral2/files/0x0007000000023cc6-189.dat	upx
behavioral2/files/0x0007000000023cc4-187.dat	upx
behavioral2/files/0x0007000000023cc5-185.dat	upx
behavioral2/files/0x0007000000023cc0-168.dat	upx
behavioral2/files/0x0007000000023cbe-153.dat	upx
behavioral2/memory/2544-135-0x00007FF6ABE80000-0x00007FF6AC1D4000-memory.dmp	upx
behavioral2/memory/3148-133-0x00007FF68F8B0000-0x00007FF68FC04000-memory.dmp	upx
behavioral2/files/0x0007000000023cb9-126.dat	upx
behavioral2/files/0x0007000000023cb5-110.dat	upx
behavioral2/memory/2956-107-0x00007FF7CE2B0000-0x00007FF7CE604000-memory.dmp	upx
behavioral2/memory/1112-104-0x00007FF6AA030000-0x00007FF6AA384000-memory.dmp	upx
behavioral2/memory/4888-97-0x00007FF6C1CD0000-0x00007FF6C2024000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-88.dat	upx
behavioral2/memory/4072-83-0x00007FF623240000-0x00007FF623594000-memory.dmp	upx
behavioral2/files/0x0008000000023ca4-81.dat	upx
behavioral2/files/0x0007000000023cb1-74.dat	upx
behavioral2/memory/1100-66-0x00007FF66A1C0000-0x00007FF66A514000-memory.dmp	upx
behavioral2/memory/3276-63-0x00007FF7F7440000-0x00007FF7F7794000-memory.dmp	upx
behavioral2/memory/2964-62-0x00007FF776940000-0x00007FF776C94000-memory.dmp	upx
behavioral2/memory/4908-56-0x00007FF794770000-0x00007FF794AC4000-memory.dmp	upx
behavioral2/memory/3504-50-0x00007FF7D37E0000-0x00007FF7D3B34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\BtqXOFm.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkIMWoV.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlMgXCd.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MRTujzi.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYvtfJs.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bWsZxha.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNOYKvQ.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SROBnZV.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxTVTTo.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKULBWq.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoSeiqr.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OeimEut.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duDDAbj.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsiUNEw.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuxKpmP.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXkEwMB.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIjIzZn.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvyDssf.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNWlpKF.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFADiPT.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtowwOQ.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTtkTNd.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyuZqCd.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acOnybQ.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfxOrQu.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPxZvml.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUJnaVE.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXBmBaD.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPWqANN.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfxsNLR.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOWJArb.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxtdfNE.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HkTNNtk.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBJSCig.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsrMWpM.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTfrWoa.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCnKbgk.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDBAXYW.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjHnMCU.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kleVwJH.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDFoLti.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjGNtfo.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWpWxNt.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRdaeNH.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZIiXpC.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdxZilR.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANxloLI.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFfogAR.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVFHlgl.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTmWQrc.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRcqapd.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdXATfN.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysqpDDx.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMhpYzY.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkDmvIc.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhkGrQn.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yaAZchZ.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqsITOF.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDAHRAg.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzelXIE.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGVwtJZ.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTKMHAM.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPKBkbH.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEDiYAS.exe	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2964 wrote to memory of 1100	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2964 wrote to memory of 1100	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2964 wrote to memory of 860	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2964 wrote to memory of 860	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2964 wrote to memory of 4072	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2964 wrote to memory of 4072	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2964 wrote to memory of 4436	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2964 wrote to memory of 4436	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2964 wrote to memory of 4888	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2964 wrote to memory of 4888	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2964 wrote to memory of 1112	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2964 wrote to memory of 1112	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2964 wrote to memory of 3288	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2964 wrote to memory of 3288	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2964 wrote to memory of 3504	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2964 wrote to memory of 3504	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2964 wrote to memory of 4908	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2964 wrote to memory of 4908	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2964 wrote to memory of 3276	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2964 wrote to memory of 3276	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2964 wrote to memory of 3204	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2964 wrote to memory of 3204	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2964 wrote to memory of 1072	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2964 wrote to memory of 1072	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2964 wrote to memory of 388	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2964 wrote to memory of 388	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2964 wrote to memory of 2820	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2964 wrote to memory of 2820	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2964 wrote to memory of 5052	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2964 wrote to memory of 5052	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2964 wrote to memory of 2956	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2964 wrote to memory of 2956	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2964 wrote to memory of 1544	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2964 wrote to memory of 1544	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2964 wrote to memory of 588	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2964 wrote to memory of 588	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2964 wrote to memory of 3148	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2964 wrote to memory of 3148	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2964 wrote to memory of 5112	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2964 wrote to memory of 5112	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2964 wrote to memory of 2544	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2964 wrote to memory of 2544	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2964 wrote to memory of 3128	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2964 wrote to memory of 3128	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2964 wrote to memory of 4452	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2964 wrote to memory of 4452	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2964 wrote to memory of 3092	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2964 wrote to memory of 3092	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2964 wrote to memory of 4044	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2964 wrote to memory of 4044	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2964 wrote to memory of 2348	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2964 wrote to memory of 2348	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2964 wrote to memory of 2980	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2964 wrote to memory of 2980	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2964 wrote to memory of 3320	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2964 wrote to memory of 3320	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2964 wrote to memory of 1380	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2964 wrote to memory of 1380	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2964 wrote to memory of 2076	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2964 wrote to memory of 2076	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2964 wrote to memory of 1868	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2964 wrote to memory of 1868	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2964 wrote to memory of 2696	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2964 wrote to memory of 2696	2964	2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_8e3338a5555da9055a21dbae3b42a1a3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\System\amdWhQQ.exe
  C:\Windows\System\amdWhQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\FZIiXpC.exe
  C:\Windows\System\FZIiXpC.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\OeimEut.exe
  C:\Windows\System\OeimEut.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\ifAKOpD.exe
  C:\Windows\System\ifAKOpD.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\aOecMIM.exe
  C:\Windows\System\aOecMIM.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\NIQbqjA.exe
  C:\Windows\System\NIQbqjA.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\FguCvFi.exe
  C:\Windows\System\FguCvFi.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\COZKmAm.exe
  C:\Windows\System\COZKmAm.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\XVoHAjQ.exe
  C:\Windows\System\XVoHAjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\DNOYKvQ.exe
  C:\Windows\System\DNOYKvQ.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\ZyeTOzO.exe
  C:\Windows\System\ZyeTOzO.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\xNkHsrd.exe
  C:\Windows\System\xNkHsrd.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\oiBtnmm.exe
  C:\Windows\System\oiBtnmm.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\SwntvFy.exe
  C:\Windows\System\SwntvFy.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\dzZpRDs.exe
  C:\Windows\System\dzZpRDs.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\VMuTbBd.exe
  C:\Windows\System\VMuTbBd.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\tLzaduh.exe
  C:\Windows\System\tLzaduh.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\FHcaoIi.exe
  C:\Windows\System\FHcaoIi.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\WKRAlUY.exe
  C:\Windows\System\WKRAlUY.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\vqVqzsW.exe
  C:\Windows\System\vqVqzsW.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\gzEnIeU.exe
  C:\Windows\System\gzEnIeU.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\YsDuDYh.exe
  C:\Windows\System\YsDuDYh.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\ZMyVlQs.exe
  C:\Windows\System\ZMyVlQs.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\BsExxHt.exe
  C:\Windows\System\BsExxHt.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\PiuhzVP.exe
  C:\Windows\System\PiuhzVP.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\KeZLNOz.exe
  C:\Windows\System\KeZLNOz.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\rtGdGva.exe
  C:\Windows\System\rtGdGva.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\TSfaaGF.exe
  C:\Windows\System\TSfaaGF.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\PUJnaVE.exe
  C:\Windows\System\PUJnaVE.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\ScVJwNP.exe
  C:\Windows\System\ScVJwNP.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\pJtuqqv.exe
  C:\Windows\System\pJtuqqv.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\JlDytrR.exe
  C:\Windows\System\JlDytrR.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\wvyDssf.exe
  C:\Windows\System\wvyDssf.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\hIfyRJh.exe
  C:\Windows\System\hIfyRJh.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\UwgASYS.exe
  C:\Windows\System\UwgASYS.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\HTGHaut.exe
  C:\Windows\System\HTGHaut.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\RYzSwIT.exe
  C:\Windows\System\RYzSwIT.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\yGdeGnm.exe
  C:\Windows\System\yGdeGnm.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\IfVTOri.exe
  C:\Windows\System\IfVTOri.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\QxqMKGR.exe
  C:\Windows\System\QxqMKGR.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\dIuKLEv.exe
  C:\Windows\System\dIuKLEv.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\jNqGZSk.exe
  C:\Windows\System\jNqGZSk.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\pTfrWoa.exe
  C:\Windows\System\pTfrWoa.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\idGXpny.exe
  C:\Windows\System\idGXpny.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\bfoZWnf.exe
  C:\Windows\System\bfoZWnf.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\lVmEnXr.exe
  C:\Windows\System\lVmEnXr.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\ZyZCCLb.exe
  C:\Windows\System\ZyZCCLb.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\CusAVgB.exe
  C:\Windows\System\CusAVgB.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\SPdoNUS.exe
  C:\Windows\System\SPdoNUS.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\IHbonwB.exe
  C:\Windows\System\IHbonwB.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\YyPxyey.exe
  C:\Windows\System\YyPxyey.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\lyaqeoo.exe
  C:\Windows\System\lyaqeoo.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\NzAYUjC.exe
  C:\Windows\System\NzAYUjC.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\EFWThpR.exe
  C:\Windows\System\EFWThpR.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\SRcqapd.exe
  C:\Windows\System\SRcqapd.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\hUBpidJ.exe
  C:\Windows\System\hUBpidJ.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\KVBXHAv.exe
  C:\Windows\System\KVBXHAv.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\joWMMpu.exe
  C:\Windows\System\joWMMpu.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\gkIMWoV.exe
  C:\Windows\System\gkIMWoV.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\CiKgYEE.exe
  C:\Windows\System\CiKgYEE.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\dWLxfZp.exe
  C:\Windows\System\dWLxfZp.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\lgnxfTh.exe
  C:\Windows\System\lgnxfTh.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\MzyNyEd.exe
  C:\Windows\System\MzyNyEd.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\AHYjEDW.exe
  C:\Windows\System\AHYjEDW.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\ZbDcXAZ.exe
  C:\Windows\System\ZbDcXAZ.exe
  2⤵
  PID:2064
- C:\Windows\System\mnFDLWm.exe
  C:\Windows\System\mnFDLWm.exe
  2⤵
  PID:3200
- C:\Windows\System\MCNItGs.exe
  C:\Windows\System\MCNItGs.exe
  2⤵
  PID:2272
- C:\Windows\System\ISZtTDT.exe
  C:\Windows\System\ISZtTDT.exe
  2⤵
  PID:3688
- C:\Windows\System\ZtPnfHK.exe
  C:\Windows\System\ZtPnfHK.exe
  2⤵
  PID:4020
- C:\Windows\System\pfgSreH.exe
  C:\Windows\System\pfgSreH.exe
  2⤵
  PID:1620
- C:\Windows\System\TVpVJPm.exe
  C:\Windows\System\TVpVJPm.exe
  2⤵
  PID:4296
- C:\Windows\System\dRmlPqN.exe
  C:\Windows\System\dRmlPqN.exe
  2⤵
  PID:4924
- C:\Windows\System\mzzGden.exe
  C:\Windows\System\mzzGden.exe
  2⤵
  PID:3484
- C:\Windows\System\ruOLwCT.exe
  C:\Windows\System\ruOLwCT.exe
  2⤵
  PID:4744
- C:\Windows\System\pPuFYJv.exe
  C:\Windows\System\pPuFYJv.exe
  2⤵
  PID:5048
- C:\Windows\System\CnZGXLa.exe
  C:\Windows\System\CnZGXLa.exe
  2⤵
  PID:4516
- C:\Windows\System\ggaPtgS.exe
  C:\Windows\System\ggaPtgS.exe
  2⤵
  PID:2568
- C:\Windows\System\IrPxayO.exe
  C:\Windows\System\IrPxayO.exe
  2⤵
  PID:1776
- C:\Windows\System\FLnbrSI.exe
  C:\Windows\System\FLnbrSI.exe
  2⤵
  PID:4116
- C:\Windows\System\NyvPMkN.exe
  C:\Windows\System\NyvPMkN.exe
  2⤵
  PID:4428
- C:\Windows\System\kdbihou.exe
  C:\Windows\System\kdbihou.exe
  2⤵
  PID:544
- C:\Windows\System\pamacyw.exe
  C:\Windows\System\pamacyw.exe
  2⤵
  PID:5032
- C:\Windows\System\VVmClzH.exe
  C:\Windows\System\VVmClzH.exe
  2⤵
  PID:1508
- C:\Windows\System\nouSdmI.exe
  C:\Windows\System\nouSdmI.exe
  2⤵
  PID:4828
- C:\Windows\System\UZVkGWA.exe
  C:\Windows\System\UZVkGWA.exe
  2⤵
  PID:1600
- C:\Windows\System\HYpYqUU.exe
  C:\Windows\System\HYpYqUU.exe
  2⤵
  PID:5128
- C:\Windows\System\YSEaKzG.exe
  C:\Windows\System\YSEaKzG.exe
  2⤵
  PID:5156
- C:\Windows\System\akmOPYr.exe
  C:\Windows\System\akmOPYr.exe
  2⤵
  PID:5196
- C:\Windows\System\aKQUDuX.exe
  C:\Windows\System\aKQUDuX.exe
  2⤵
  PID:5224
- C:\Windows\System\Fyaydjy.exe
  C:\Windows\System\Fyaydjy.exe
  2⤵
  PID:5252
- C:\Windows\System\PhkGrQn.exe
  C:\Windows\System\PhkGrQn.exe
  2⤵
  PID:5268
- C:\Windows\System\RGHspQo.exe
  C:\Windows\System\RGHspQo.exe
  2⤵
  PID:5296
- C:\Windows\System\CfzvxMT.exe
  C:\Windows\System\CfzvxMT.exe
  2⤵
  PID:5324
- C:\Windows\System\FCZYasx.exe
  C:\Windows\System\FCZYasx.exe
  2⤵
  PID:5352
- C:\Windows\System\ZRFSvSH.exe
  C:\Windows\System\ZRFSvSH.exe
  2⤵
  PID:5380
- C:\Windows\System\CIbQpzU.exe
  C:\Windows\System\CIbQpzU.exe
  2⤵
  PID:5408
- C:\Windows\System\JTVXgom.exe
  C:\Windows\System\JTVXgom.exe
  2⤵
  PID:5436
- C:\Windows\System\hrvqNAd.exe
  C:\Windows\System\hrvqNAd.exe
  2⤵
  PID:5464
- C:\Windows\System\ZVWurUo.exe
  C:\Windows\System\ZVWurUo.exe
  2⤵
  PID:5492
- C:\Windows\System\rGNVSZk.exe
  C:\Windows\System\rGNVSZk.exe
  2⤵
  PID:5520
- C:\Windows\System\JpliEzG.exe
  C:\Windows\System\JpliEzG.exe
  2⤵
  PID:5608
- C:\Windows\System\vxgrxiT.exe
  C:\Windows\System\vxgrxiT.exe
  2⤵
  PID:5636
- C:\Windows\System\ttwaseD.exe
  C:\Windows\System\ttwaseD.exe
  2⤵
  PID:5680
- C:\Windows\System\usLhaVZ.exe
  C:\Windows\System\usLhaVZ.exe
  2⤵
  PID:5708
- C:\Windows\System\bHlVNeH.exe
  C:\Windows\System\bHlVNeH.exe
  2⤵
  PID:5812
- C:\Windows\System\cRausgd.exe
  C:\Windows\System\cRausgd.exe
  2⤵
  PID:5860
- C:\Windows\System\evQOumZ.exe
  C:\Windows\System\evQOumZ.exe
  2⤵
  PID:5896
- C:\Windows\System\HkTNNtk.exe
  C:\Windows\System\HkTNNtk.exe
  2⤵
  PID:5932
- C:\Windows\System\ShMeFKi.exe
  C:\Windows\System\ShMeFKi.exe
  2⤵
  PID:5952
- C:\Windows\System\XOykWKo.exe
  C:\Windows\System\XOykWKo.exe
  2⤵
  PID:6052
- C:\Windows\System\aJcaUau.exe
  C:\Windows\System\aJcaUau.exe
  2⤵
  PID:6120
- C:\Windows\System\qryEPbQ.exe
  C:\Windows\System\qryEPbQ.exe
  2⤵
  PID:4256
- C:\Windows\System\jgTCQpf.exe
  C:\Windows\System\jgTCQpf.exe
  2⤵
  PID:5140
- C:\Windows\System\SfAuAEo.exe
  C:\Windows\System\SfAuAEo.exe
  2⤵
  PID:5260
- C:\Windows\System\JmPbWjZ.exe
  C:\Windows\System\JmPbWjZ.exe
  2⤵
  PID:5312
- C:\Windows\System\KoNUSai.exe
  C:\Windows\System\KoNUSai.exe
  2⤵
  PID:5396
- C:\Windows\System\hEmKsHw.exe
  C:\Windows\System\hEmKsHw.exe
  2⤵
  PID:5456
- C:\Windows\System\MdPPmhE.exe
  C:\Windows\System\MdPPmhE.exe
  2⤵
  PID:5508
- C:\Windows\System\tsiDkLP.exe
  C:\Windows\System\tsiDkLP.exe
  2⤵
  PID:5632
- C:\Windows\System\xRiorHA.exe
  C:\Windows\System\xRiorHA.exe
  2⤵
  PID:5676
- C:\Windows\System\hmWlgEZ.exe
  C:\Windows\System\hmWlgEZ.exe
  2⤵
  PID:3708
- C:\Windows\System\DKIguCP.exe
  C:\Windows\System\DKIguCP.exe
  2⤵
  PID:3176
- C:\Windows\System\UqrSQdo.exe
  C:\Windows\System\UqrSQdo.exe
  2⤵
  PID:2292
- C:\Windows\System\nzelXIE.exe
  C:\Windows\System\nzelXIE.exe
  2⤵
  PID:1828
- C:\Windows\System\uikwCqc.exe
  C:\Windows\System\uikwCqc.exe
  2⤵
  PID:4440
- C:\Windows\System\nuvQlBL.exe
  C:\Windows\System\nuvQlBL.exe
  2⤵
  PID:1992
- C:\Windows\System\JHwbelt.exe
  C:\Windows\System\JHwbelt.exe
  2⤵
  PID:3816
- C:\Windows\System\hcptirH.exe
  C:\Windows\System\hcptirH.exe
  2⤵
  PID:208
- C:\Windows\System\bzIunpX.exe
  C:\Windows\System\bzIunpX.exe
  2⤵
  PID:1888
- C:\Windows\System\YKhuuWm.exe
  C:\Windows\System\YKhuuWm.exe
  2⤵
  PID:5836
- C:\Windows\System\LsykhMS.exe
  C:\Windows\System\LsykhMS.exe
  2⤵
  PID:5904
- C:\Windows\System\pNWlpKF.exe
  C:\Windows\System\pNWlpKF.exe
  2⤵
  PID:5944
- C:\Windows\System\hEGRIak.exe
  C:\Windows\System\hEGRIak.exe
  2⤵
  PID:6024
- C:\Windows\System\zqZeNuX.exe
  C:\Windows\System\zqZeNuX.exe
  2⤵
  PID:652
- C:\Windows\System\oYUmzpY.exe
  C:\Windows\System\oYUmzpY.exe
  2⤵
  PID:1688
- C:\Windows\System\udhYnXp.exe
  C:\Windows\System\udhYnXp.exe
  2⤵
  PID:4040
- C:\Windows\System\oQJKvOE.exe
  C:\Windows\System\oQJKvOE.exe
  2⤵
  PID:5096
- C:\Windows\System\gcfwlbK.exe
  C:\Windows\System\gcfwlbK.exe
  2⤵
  PID:872
- C:\Windows\System\rJtIumY.exe
  C:\Windows\System\rJtIumY.exe
  2⤵
  PID:5476
- C:\Windows\System\OcilffJ.exe
  C:\Windows\System\OcilffJ.exe
  2⤵
  PID:924
- C:\Windows\System\ZfqSYwh.exe
  C:\Windows\System\ZfqSYwh.exe
  2⤵
  PID:2840
- C:\Windows\System\ZeIBCML.exe
  C:\Windows\System\ZeIBCML.exe
  2⤵
  PID:1272
- C:\Windows\System\zlJULFa.exe
  C:\Windows\System\zlJULFa.exe
  2⤵
  PID:2640
- C:\Windows\System\Kdqwvfy.exe
  C:\Windows\System\Kdqwvfy.exe
  2⤵
  PID:5720
- C:\Windows\System\SROBnZV.exe
  C:\Windows\System\SROBnZV.exe
  2⤵
  PID:5804
- C:\Windows\System\BOuTgkj.exe
  C:\Windows\System\BOuTgkj.exe
  2⤵
  PID:1728
- C:\Windows\System\UCRPgdX.exe
  C:\Windows\System\UCRPgdX.exe
  2⤵
  PID:5288
- C:\Windows\System\uBXlPcp.exe
  C:\Windows\System\uBXlPcp.exe
  2⤵
  PID:680
- C:\Windows\System\JJnCnxY.exe
  C:\Windows\System\JJnCnxY.exe
  2⤵
  PID:5704
- C:\Windows\System\aTIduYl.exe
  C:\Windows\System\aTIduYl.exe
  2⤵
  PID:5616
- C:\Windows\System\ebKzkEC.exe
  C:\Windows\System\ebKzkEC.exe
  2⤵
  PID:2068
- C:\Windows\System\ROmUkPi.exe
  C:\Windows\System\ROmUkPi.exe
  2⤵
  PID:852
- C:\Windows\System\JItihgd.exe
  C:\Windows\System\JItihgd.exe
  2⤵
  PID:2748
- C:\Windows\System\WmxKlMS.exe
  C:\Windows\System\WmxKlMS.exe
  2⤵
  PID:6040
- C:\Windows\System\HxTVTTo.exe
  C:\Windows\System\HxTVTTo.exe
  2⤵
  PID:696
- C:\Windows\System\OVzNYuc.exe
  C:\Windows\System\OVzNYuc.exe
  2⤵
  PID:3948
- C:\Windows\System\VfjdsuN.exe
  C:\Windows\System\VfjdsuN.exe
  2⤵
  PID:4844
- C:\Windows\System\XqAvVMY.exe
  C:\Windows\System\XqAvVMY.exe
  2⤵
  PID:5212
- C:\Windows\System\HwspZHe.exe
  C:\Windows\System\HwspZHe.exe
  2⤵
  PID:6148
- C:\Windows\System\FXBmBaD.exe
  C:\Windows\System\FXBmBaD.exe
  2⤵
  PID:6180
- C:\Windows\System\RGhCiVY.exe
  C:\Windows\System\RGhCiVY.exe
  2⤵
  PID:6208
- C:\Windows\System\ddGnTFh.exe
  C:\Windows\System\ddGnTFh.exe
  2⤵
  PID:6236
- C:\Windows\System\XCGkbgS.exe
  C:\Windows\System\XCGkbgS.exe
  2⤵
  PID:6264
- C:\Windows\System\BLcRaAl.exe
  C:\Windows\System\BLcRaAl.exe
  2⤵
  PID:6292
- C:\Windows\System\Nepsngy.exe
  C:\Windows\System\Nepsngy.exe
  2⤵
  PID:6320
- C:\Windows\System\yavIKuX.exe
  C:\Windows\System\yavIKuX.exe
  2⤵
  PID:6364
- C:\Windows\System\GxPDzvn.exe
  C:\Windows\System\GxPDzvn.exe
  2⤵
  PID:6444
- C:\Windows\System\VhNTmAB.exe
  C:\Windows\System\VhNTmAB.exe
  2⤵
  PID:6480
- C:\Windows\System\kFfogAR.exe
  C:\Windows\System\kFfogAR.exe
  2⤵
  PID:6508
- C:\Windows\System\WhFwzxK.exe
  C:\Windows\System\WhFwzxK.exe
  2⤵
  PID:6536
- C:\Windows\System\kTjGNeI.exe
  C:\Windows\System\kTjGNeI.exe
  2⤵
  PID:6564
- C:\Windows\System\nCAEibB.exe
  C:\Windows\System\nCAEibB.exe
  2⤵
  PID:6592
- C:\Windows\System\NxvUKge.exe
  C:\Windows\System\NxvUKge.exe
  2⤵
  PID:6624
- C:\Windows\System\vqjEvSH.exe
  C:\Windows\System\vqjEvSH.exe
  2⤵
  PID:6652
- C:\Windows\System\uPceOGb.exe
  C:\Windows\System\uPceOGb.exe
  2⤵
  PID:6680
- C:\Windows\System\IgqysEH.exe
  C:\Windows\System\IgqysEH.exe
  2⤵
  PID:6708
- C:\Windows\System\bspcZTR.exe
  C:\Windows\System\bspcZTR.exe
  2⤵
  PID:6736
- C:\Windows\System\lznKrXz.exe
  C:\Windows\System\lznKrXz.exe
  2⤵
  PID:6764
- C:\Windows\System\bHdSgOF.exe
  C:\Windows\System\bHdSgOF.exe
  2⤵
  PID:6792
- C:\Windows\System\PAIlPld.exe
  C:\Windows\System\PAIlPld.exe
  2⤵
  PID:6820
- C:\Windows\System\veehjxq.exe
  C:\Windows\System\veehjxq.exe
  2⤵
  PID:6852
- C:\Windows\System\krEKRCQ.exe
  C:\Windows\System\krEKRCQ.exe
  2⤵
  PID:6868
- C:\Windows\System\yOwwqac.exe
  C:\Windows\System\yOwwqac.exe
  2⤵
  PID:6900
- C:\Windows\System\emFxcXH.exe
  C:\Windows\System\emFxcXH.exe
  2⤵
  PID:6928
- C:\Windows\System\fFcPSAI.exe
  C:\Windows\System\fFcPSAI.exe
  2⤵
  PID:6964
- C:\Windows\System\kJwlepR.exe
  C:\Windows\System\kJwlepR.exe
  2⤵
  PID:6992
- C:\Windows\System\dFkCNMH.exe
  C:\Windows\System\dFkCNMH.exe
  2⤵
  PID:7020
- C:\Windows\System\oPWqANN.exe
  C:\Windows\System\oPWqANN.exe
  2⤵
  PID:7044
- C:\Windows\System\EzMFwlP.exe
  C:\Windows\System\EzMFwlP.exe
  2⤵
  PID:7076
- C:\Windows\System\AQaSFvP.exe
  C:\Windows\System\AQaSFvP.exe
  2⤵
  PID:7104
- C:\Windows\System\NZqBKBf.exe
  C:\Windows\System\NZqBKBf.exe
  2⤵
  PID:7132
- C:\Windows\System\cBsAXRf.exe
  C:\Windows\System\cBsAXRf.exe
  2⤵
  PID:7152
- C:\Windows\System\FViPLug.exe
  C:\Windows\System\FViPLug.exe
  2⤵
  PID:6192
- C:\Windows\System\UJiKkAm.exe
  C:\Windows\System\UJiKkAm.exe
  2⤵
  PID:6252
- C:\Windows\System\HphugcR.exe
  C:\Windows\System\HphugcR.exe
  2⤵
  PID:6328
- C:\Windows\System\pRTXdKQ.exe
  C:\Windows\System\pRTXdKQ.exe
  2⤵
  PID:6440
- C:\Windows\System\SEfbJje.exe
  C:\Windows\System\SEfbJje.exe
  2⤵
  PID:6404
- C:\Windows\System\NnyUUqm.exe
  C:\Windows\System\NnyUUqm.exe
  2⤵
  PID:6396
- C:\Windows\System\FuDcnYU.exe
  C:\Windows\System\FuDcnYU.exe
  2⤵
  PID:6552
- C:\Windows\System\fOmubPB.exe
  C:\Windows\System\fOmubPB.exe
  2⤵
  PID:6636
- C:\Windows\System\ZrjVbPG.exe
  C:\Windows\System\ZrjVbPG.exe
  2⤵
  PID:6720
- C:\Windows\System\OHriaXV.exe
  C:\Windows\System\OHriaXV.exe
  2⤵
  PID:6776
- C:\Windows\System\eEBxTiV.exe
  C:\Windows\System\eEBxTiV.exe
  2⤵
  PID:6844
- C:\Windows\System\ljzSVTv.exe
  C:\Windows\System\ljzSVTv.exe
  2⤵
  PID:6912
- C:\Windows\System\XuAcJHF.exe
  C:\Windows\System\XuAcJHF.exe
  2⤵
  PID:6952
- C:\Windows\System\lPQoruD.exe
  C:\Windows\System\lPQoruD.exe
  2⤵
  PID:7032
- C:\Windows\System\FGmGExu.exe
  C:\Windows\System\FGmGExu.exe
  2⤵
  PID:7096
- C:\Windows\System\YpPface.exe
  C:\Windows\System\YpPface.exe
  2⤵
  PID:7164
- C:\Windows\System\XQWNyQG.exe
  C:\Windows\System\XQWNyQG.exe
  2⤵
  PID:6276
- C:\Windows\System\LWBiYka.exe
  C:\Windows\System\LWBiYka.exe
  2⤵
  PID:6472
- C:\Windows\System\oXjhORK.exe
  C:\Windows\System\oXjhORK.exe
  2⤵
  PID:6544
- C:\Windows\System\YFADiPT.exe
  C:\Windows\System\YFADiPT.exe
  2⤵
  PID:6744
- C:\Windows\System\PAsePGo.exe
  C:\Windows\System\PAsePGo.exe
  2⤵
  PID:6808
- C:\Windows\System\zBvtUGY.exe
  C:\Windows\System\zBvtUGY.exe
  2⤵
  PID:7008
- C:\Windows\System\znALbpz.exe
  C:\Windows\System\znALbpz.exe
  2⤵
  PID:6160
- C:\Windows\System\NDfkUoN.exe
  C:\Windows\System\NDfkUoN.exe
  2⤵
  PID:6488
- C:\Windows\System\DdXATfN.exe
  C:\Windows\System\DdXATfN.exe
  2⤵
  PID:6800
- C:\Windows\System\XnugXmZ.exe
  C:\Windows\System\XnugXmZ.exe
  2⤵
  PID:7116
- C:\Windows\System\NihWdea.exe
  C:\Windows\System\NihWdea.exe
  2⤵
  PID:6580
- C:\Windows\System\ayrSFxz.exe
  C:\Windows\System\ayrSFxz.exe
  2⤵
  PID:6356
- C:\Windows\System\GwaYeDo.exe
  C:\Windows\System\GwaYeDo.exe
  2⤵
  PID:7172
- C:\Windows\System\QEEyBBV.exe
  C:\Windows\System\QEEyBBV.exe
  2⤵
  PID:7200
- C:\Windows\System\taIlowf.exe
  C:\Windows\System\taIlowf.exe
  2⤵
  PID:7228
- C:\Windows\System\sKCSYIx.exe
  C:\Windows\System\sKCSYIx.exe
  2⤵
  PID:7260
- C:\Windows\System\MIBahPs.exe
  C:\Windows\System\MIBahPs.exe
  2⤵
  PID:7288
- C:\Windows\System\XhezJhd.exe
  C:\Windows\System\XhezJhd.exe
  2⤵
  PID:7324
- C:\Windows\System\hBQdJSN.exe
  C:\Windows\System\hBQdJSN.exe
  2⤵
  PID:7360
- C:\Windows\System\njHSAIU.exe
  C:\Windows\System\njHSAIU.exe
  2⤵
  PID:7452
- C:\Windows\System\GwYjNUy.exe
  C:\Windows\System\GwYjNUy.exe
  2⤵
  PID:7528
- C:\Windows\System\qrOhfmh.exe
  C:\Windows\System\qrOhfmh.exe
  2⤵
  PID:7568
- C:\Windows\System\JJeJAUk.exe
  C:\Windows\System\JJeJAUk.exe
  2⤵
  PID:7592
- C:\Windows\System\RGVwtJZ.exe
  C:\Windows\System\RGVwtJZ.exe
  2⤵
  PID:7644
- C:\Windows\System\BqmDAjx.exe
  C:\Windows\System\BqmDAjx.exe
  2⤵
  PID:7676
- C:\Windows\System\BuKvlEs.exe
  C:\Windows\System\BuKvlEs.exe
  2⤵
  PID:7716
- C:\Windows\System\bwRMYRk.exe
  C:\Windows\System\bwRMYRk.exe
  2⤵
  PID:7736
- C:\Windows\System\WPKBkbH.exe
  C:\Windows\System\WPKBkbH.exe
  2⤵
  PID:7764
- C:\Windows\System\CQgofUq.exe
  C:\Windows\System\CQgofUq.exe
  2⤵
  PID:7792
- C:\Windows\System\jMkLELc.exe
  C:\Windows\System\jMkLELc.exe
  2⤵
  PID:7820
- C:\Windows\System\tTMpZKq.exe
  C:\Windows\System\tTMpZKq.exe
  2⤵
  PID:7848
- C:\Windows\System\eKwOFtZ.exe
  C:\Windows\System\eKwOFtZ.exe
  2⤵
  PID:7876
- C:\Windows\System\NyuZqCd.exe
  C:\Windows\System\NyuZqCd.exe
  2⤵
  PID:7904
- C:\Windows\System\NQooOYK.exe
  C:\Windows\System\NQooOYK.exe
  2⤵
  PID:7932
- C:\Windows\System\acOnybQ.exe
  C:\Windows\System\acOnybQ.exe
  2⤵
  PID:7964
- C:\Windows\System\KXrBlkO.exe
  C:\Windows\System\KXrBlkO.exe
  2⤵
  PID:7988
- C:\Windows\System\aUnChiY.exe
  C:\Windows\System\aUnChiY.exe
  2⤵
  PID:8016
- C:\Windows\System\rAJoBwe.exe
  C:\Windows\System\rAJoBwe.exe
  2⤵
  PID:8044
- C:\Windows\System\rrWAWJf.exe
  C:\Windows\System\rrWAWJf.exe
  2⤵
  PID:8072
- C:\Windows\System\BtyMXmi.exe
  C:\Windows\System\BtyMXmi.exe
  2⤵
  PID:8100
- C:\Windows\System\UkNNphl.exe
  C:\Windows\System\UkNNphl.exe
  2⤵
  PID:8128
- C:\Windows\System\PQDrufS.exe
  C:\Windows\System\PQDrufS.exe
  2⤵
  PID:8160
- C:\Windows\System\sIXnuFf.exe
  C:\Windows\System\sIXnuFf.exe
  2⤵
  PID:8188
- C:\Windows\System\URiTdaZ.exe
  C:\Windows\System\URiTdaZ.exe
  2⤵
  PID:7224
- C:\Windows\System\noRPWDJ.exe
  C:\Windows\System\noRPWDJ.exe
  2⤵
  PID:7296
- C:\Windows\System\NHCJumC.exe
  C:\Windows\System\NHCJumC.exe
  2⤵
  PID:7380
- C:\Windows\System\geLBEbq.exe
  C:\Windows\System\geLBEbq.exe
  2⤵
  PID:7564
- C:\Windows\System\AryRLaU.exe
  C:\Windows\System\AryRLaU.exe
  2⤵
  PID:7636
- C:\Windows\System\peMMNYX.exe
  C:\Windows\System\peMMNYX.exe
  2⤵
  PID:7708
- C:\Windows\System\cdekyNq.exe
  C:\Windows\System\cdekyNq.exe
  2⤵
  PID:7780
- C:\Windows\System\BouJOMz.exe
  C:\Windows\System\BouJOMz.exe
  2⤵
  PID:7480
- C:\Windows\System\wdEqhvC.exe
  C:\Windows\System\wdEqhvC.exe
  2⤵
  PID:7816
- C:\Windows\System\QUaHQGc.exe
  C:\Windows\System\QUaHQGc.exe
  2⤵
  PID:7892
- C:\Windows\System\duDDAbj.exe
  C:\Windows\System\duDDAbj.exe
  2⤵
  PID:7952
- C:\Windows\System\gKOpAby.exe
  C:\Windows\System\gKOpAby.exe
  2⤵
  PID:8008
- C:\Windows\System\GjWFtOZ.exe
  C:\Windows\System\GjWFtOZ.exe
  2⤵
  PID:8068
- C:\Windows\System\FhmwPIT.exe
  C:\Windows\System\FhmwPIT.exe
  2⤵
  PID:8144
- C:\Windows\System\BOxGeux.exe
  C:\Windows\System\BOxGeux.exe
  2⤵
  PID:7212
- C:\Windows\System\xDMoXov.exe
  C:\Windows\System\xDMoXov.exe
  2⤵
  PID:7372
- C:\Windows\System\QBsMIJC.exe
  C:\Windows\System\QBsMIJC.exe
  2⤵
  PID:7668
- C:\Windows\System\jDAKpVB.exe
  C:\Windows\System\jDAKpVB.exe
  2⤵
  PID:7436
- C:\Windows\System\cmhHtJt.exe
  C:\Windows\System\cmhHtJt.exe
  2⤵
  PID:7924
- C:\Windows\System\WqAjKOc.exe
  C:\Windows\System\WqAjKOc.exe
  2⤵
  PID:8056
- C:\Windows\System\Dpuvcfn.exe
  C:\Windows\System\Dpuvcfn.exe
  2⤵
  PID:8124
- C:\Windows\System\YGqsJfW.exe
  C:\Windows\System\YGqsJfW.exe
  2⤵
  PID:7332
- C:\Windows\System\GHhaevu.exe
  C:\Windows\System\GHhaevu.exe
  2⤵
  PID:8004
- C:\Windows\System\isvZPsu.exe
  C:\Windows\System\isvZPsu.exe
  2⤵
  PID:7540
- C:\Windows\System\ZfhWXvL.exe
  C:\Windows\System\ZfhWXvL.exe
  2⤵
  PID:8184
- C:\Windows\System\LdbsvSQ.exe
  C:\Windows\System\LdbsvSQ.exe
  2⤵
  PID:8216
- C:\Windows\System\jxSOKou.exe
  C:\Windows\System\jxSOKou.exe
  2⤵
  PID:8236
- C:\Windows\System\rFePfqf.exe
  C:\Windows\System\rFePfqf.exe
  2⤵
  PID:8264
- C:\Windows\System\GCnKbgk.exe
  C:\Windows\System\GCnKbgk.exe
  2⤵
  PID:8296
- C:\Windows\System\gRICrCg.exe
  C:\Windows\System\gRICrCg.exe
  2⤵
  PID:8324
- C:\Windows\System\ekNrMgE.exe
  C:\Windows\System\ekNrMgE.exe
  2⤵
  PID:8352
- C:\Windows\System\QHdwzDj.exe
  C:\Windows\System\QHdwzDj.exe
  2⤵
  PID:8380
- C:\Windows\System\hJPebUw.exe
  C:\Windows\System\hJPebUw.exe
  2⤵
  PID:8408
- C:\Windows\System\ghSmnKf.exe
  C:\Windows\System\ghSmnKf.exe
  2⤵
  PID:8436
- C:\Windows\System\MlMgXCd.exe
  C:\Windows\System\MlMgXCd.exe
  2⤵
  PID:8464
- C:\Windows\System\mKULBWq.exe
  C:\Windows\System\mKULBWq.exe
  2⤵
  PID:8500
- C:\Windows\System\EXcMxks.exe
  C:\Windows\System\EXcMxks.exe
  2⤵
  PID:8520
- C:\Windows\System\GAkAhlm.exe
  C:\Windows\System\GAkAhlm.exe
  2⤵
  PID:8548
- C:\Windows\System\GtlHqnB.exe
  C:\Windows\System\GtlHqnB.exe
  2⤵
  PID:8576
- C:\Windows\System\ljQXHqw.exe
  C:\Windows\System\ljQXHqw.exe
  2⤵
  PID:8604
- C:\Windows\System\AqGSrFN.exe
  C:\Windows\System\AqGSrFN.exe
  2⤵
  PID:8632
- C:\Windows\System\VzogGzf.exe
  C:\Windows\System\VzogGzf.exe
  2⤵
  PID:8660
- C:\Windows\System\QpZZqvx.exe
  C:\Windows\System\QpZZqvx.exe
  2⤵
  PID:8688
- C:\Windows\System\QuxKpmP.exe
  C:\Windows\System\QuxKpmP.exe
  2⤵
  PID:8716
- C:\Windows\System\ObQabRd.exe
  C:\Windows\System\ObQabRd.exe
  2⤵
  PID:8744
- C:\Windows\System\tRUGFqv.exe
  C:\Windows\System\tRUGFqv.exe
  2⤵
  PID:8788
- C:\Windows\System\pgJAqGd.exe
  C:\Windows\System\pgJAqGd.exe
  2⤵
  PID:8812
- C:\Windows\System\sqREZbj.exe
  C:\Windows\System\sqREZbj.exe
  2⤵
  PID:8836
- C:\Windows\System\EqTbnKw.exe
  C:\Windows\System\EqTbnKw.exe
  2⤵
  PID:8868
- C:\Windows\System\MRTujzi.exe
  C:\Windows\System\MRTujzi.exe
  2⤵
  PID:8896
- C:\Windows\System\elNOrZL.exe
  C:\Windows\System\elNOrZL.exe
  2⤵
  PID:8924
- C:\Windows\System\cewHyjs.exe
  C:\Windows\System\cewHyjs.exe
  2⤵
  PID:8952
- C:\Windows\System\mhQvMfo.exe
  C:\Windows\System\mhQvMfo.exe
  2⤵
  PID:8980
- C:\Windows\System\PjkRohU.exe
  C:\Windows\System\PjkRohU.exe
  2⤵
  PID:9012
- C:\Windows\System\KdwjcIN.exe
  C:\Windows\System\KdwjcIN.exe
  2⤵
  PID:9040
- C:\Windows\System\yKdiKgc.exe
  C:\Windows\System\yKdiKgc.exe
  2⤵
  PID:9068
- C:\Windows\System\dgOhwMK.exe
  C:\Windows\System\dgOhwMK.exe
  2⤵
  PID:9096
- C:\Windows\System\yjPwWZq.exe
  C:\Windows\System\yjPwWZq.exe
  2⤵
  PID:9124
- C:\Windows\System\xoSeiqr.exe
  C:\Windows\System\xoSeiqr.exe
  2⤵
  PID:9156
- C:\Windows\System\CHoILVc.exe
  C:\Windows\System\CHoILVc.exe
  2⤵
  PID:9180
- C:\Windows\System\IXdUSPZ.exe
  C:\Windows\System\IXdUSPZ.exe
  2⤵
  PID:9208
- C:\Windows\System\hVXCdzR.exe
  C:\Windows\System\hVXCdzR.exe
  2⤵
  PID:8232
- C:\Windows\System\ubTvlAM.exe
  C:\Windows\System\ubTvlAM.exe
  2⤵
  PID:8312
- C:\Windows\System\foMvJiK.exe
  C:\Windows\System\foMvJiK.exe
  2⤵
  PID:8372
- C:\Windows\System\niXLocU.exe
  C:\Windows\System\niXLocU.exe
  2⤵
  PID:8432
- C:\Windows\System\vpRrOLg.exe
  C:\Windows\System\vpRrOLg.exe
  2⤵
  PID:8508
- C:\Windows\System\RGuykaq.exe
  C:\Windows\System\RGuykaq.exe
  2⤵
  PID:8568
- C:\Windows\System\mZJmvNk.exe
  C:\Windows\System\mZJmvNk.exe
  2⤵
  PID:8628
- C:\Windows\System\NeNcuZJ.exe
  C:\Windows\System\NeNcuZJ.exe
  2⤵
  PID:8700
- C:\Windows\System\xeaRvaI.exe
  C:\Windows\System\xeaRvaI.exe
  2⤵
  PID:8764
- C:\Windows\System\GeMIuNW.exe
  C:\Windows\System\GeMIuNW.exe
  2⤵
  PID:8820
- C:\Windows\System\LXpygeK.exe
  C:\Windows\System\LXpygeK.exe
  2⤵
  PID:5772
- C:\Windows\System\PXFYugL.exe
  C:\Windows\System\PXFYugL.exe
  2⤵
  PID:5752
- C:\Windows\System\DNMNjwG.exe
  C:\Windows\System\DNMNjwG.exe
  2⤵
  PID:8860
- C:\Windows\System\pggZtgi.exe
  C:\Windows\System\pggZtgi.exe
  2⤵
  PID:8920
- C:\Windows\System\nBJaurb.exe
  C:\Windows\System\nBJaurb.exe
  2⤵
  PID:8992
- C:\Windows\System\mtDGKjd.exe
  C:\Windows\System\mtDGKjd.exe
  2⤵
  PID:9060
- C:\Windows\System\UqJmtaS.exe
  C:\Windows\System\UqJmtaS.exe
  2⤵
  PID:9120
- C:\Windows\System\SWdMofQ.exe
  C:\Windows\System\SWdMofQ.exe
  2⤵
  PID:9204
- C:\Windows\System\efoduxA.exe
  C:\Windows\System\efoduxA.exe
  2⤵
  PID:8340
- C:\Windows\System\ZOOFfHM.exe
  C:\Windows\System\ZOOFfHM.exe
  2⤵
  PID:8428
- C:\Windows\System\LHunAhd.exe
  C:\Windows\System\LHunAhd.exe
  2⤵
  PID:8680
- C:\Windows\System\PZCSwpF.exe
  C:\Windows\System\PZCSwpF.exe
  2⤵
  PID:8760
- C:\Windows\System\mMeXhjN.exe
  C:\Windows\System\mMeXhjN.exe
  2⤵
  PID:5840
- C:\Windows\System\nxfWZFw.exe
  C:\Windows\System\nxfWZFw.exe
  2⤵
  PID:8912
- C:\Windows\System\bGWCCCD.exe
  C:\Windows\System\bGWCCCD.exe
  2⤵
  PID:9008
- C:\Windows\System\eNMkvct.exe
  C:\Windows\System\eNMkvct.exe
  2⤵
  PID:9176
- C:\Windows\System\JbgmPuO.exe
  C:\Windows\System\JbgmPuO.exe
  2⤵
  PID:8488
- C:\Windows\System\hkqIhzO.exe
  C:\Windows\System\hkqIhzO.exe
  2⤵
  PID:5792
- C:\Windows\System\nmsThdE.exe
  C:\Windows\System\nmsThdE.exe
  2⤵
  PID:9036
- C:\Windows\System\jAlGCKW.exe
  C:\Windows\System\jAlGCKW.exe
  2⤵
  PID:8976
- C:\Windows\System\uVFHlgl.exe
  C:\Windows\System\uVFHlgl.exe
  2⤵
  PID:9028
- C:\Windows\System\UZWRBDv.exe
  C:\Windows\System\UZWRBDv.exe
  2⤵
  PID:9264
- C:\Windows\System\QvOnAKM.exe
  C:\Windows\System\QvOnAKM.exe
  2⤵
  PID:9292
- C:\Windows\System\eqfUREA.exe
  C:\Windows\System\eqfUREA.exe
  2⤵
  PID:9332
- C:\Windows\System\ExkwoGB.exe
  C:\Windows\System\ExkwoGB.exe
  2⤵
  PID:9348
- C:\Windows\System\kQoKyMf.exe
  C:\Windows\System\kQoKyMf.exe
  2⤵
  PID:9384
- C:\Windows\System\qDBAXYW.exe
  C:\Windows\System\qDBAXYW.exe
  2⤵
  PID:9404
- C:\Windows\System\fhsJZwD.exe
  C:\Windows\System\fhsJZwD.exe
  2⤵
  PID:9452
- C:\Windows\System\eNISudL.exe
  C:\Windows\System\eNISudL.exe
  2⤵
  PID:9492
- C:\Windows\System\SclUGrL.exe
  C:\Windows\System\SclUGrL.exe
  2⤵
  PID:9520
- C:\Windows\System\LPgrCsm.exe
  C:\Windows\System\LPgrCsm.exe
  2⤵
  PID:9556
- C:\Windows\System\LSaOSIK.exe
  C:\Windows\System\LSaOSIK.exe
  2⤵
  PID:9600
- C:\Windows\System\yvazwFP.exe
  C:\Windows\System\yvazwFP.exe
  2⤵
  PID:9656
- C:\Windows\System\QMZCrfQ.exe
  C:\Windows\System\QMZCrfQ.exe
  2⤵
  PID:9692
- C:\Windows\System\hejTbhX.exe
  C:\Windows\System\hejTbhX.exe
  2⤵
  PID:9724
- C:\Windows\System\lfAZKlH.exe
  C:\Windows\System\lfAZKlH.exe
  2⤵
  PID:9756
- C:\Windows\System\WHVugMZ.exe
  C:\Windows\System\WHVugMZ.exe
  2⤵
  PID:9784
- C:\Windows\System\FShRkTR.exe
  C:\Windows\System\FShRkTR.exe
  2⤵
  PID:9812
- C:\Windows\System\kDHgfaT.exe
  C:\Windows\System\kDHgfaT.exe
  2⤵
  PID:9844
- C:\Windows\System\KamOvzv.exe
  C:\Windows\System\KamOvzv.exe
  2⤵
  PID:9872
- C:\Windows\System\pkSZezT.exe
  C:\Windows\System\pkSZezT.exe
  2⤵
  PID:9900
- C:\Windows\System\RElgMeq.exe
  C:\Windows\System\RElgMeq.exe
  2⤵
  PID:9928
- C:\Windows\System\PeAZOUG.exe
  C:\Windows\System\PeAZOUG.exe
  2⤵
  PID:9956
- C:\Windows\System\wZGcrPU.exe
  C:\Windows\System\wZGcrPU.exe
  2⤵
  PID:9984
- C:\Windows\System\ubsuDdD.exe
  C:\Windows\System\ubsuDdD.exe
  2⤵
  PID:10012
- C:\Windows\System\jwSGzRb.exe
  C:\Windows\System\jwSGzRb.exe
  2⤵
  PID:10040
- C:\Windows\System\kfqiQBw.exe
  C:\Windows\System\kfqiQBw.exe
  2⤵
  PID:10068
- C:\Windows\System\RfxsNLR.exe
  C:\Windows\System\RfxsNLR.exe
  2⤵
  PID:10100
- C:\Windows\System\jBJSCig.exe
  C:\Windows\System\jBJSCig.exe
  2⤵
  PID:10128
- C:\Windows\System\PMNlVcE.exe
  C:\Windows\System\PMNlVcE.exe
  2⤵
  PID:10156
- C:\Windows\System\HyGtavt.exe
  C:\Windows\System\HyGtavt.exe
  2⤵
  PID:10184
- C:\Windows\System\amvsoJa.exe
  C:\Windows\System\amvsoJa.exe
  2⤵
  PID:10212
- C:\Windows\System\VdHEpFz.exe
  C:\Windows\System\VdHEpFz.exe
  2⤵
  PID:8404
- C:\Windows\System\JTmWQrc.exe
  C:\Windows\System\JTmWQrc.exe
  2⤵
  PID:9308
- C:\Windows\System\ZItbXZO.exe
  C:\Windows\System\ZItbXZO.exe
  2⤵
  PID:9372
- C:\Windows\System\ysqpDDx.exe
  C:\Windows\System\ysqpDDx.exe
  2⤵
  PID:9424
- C:\Windows\System\QEknclq.exe
  C:\Windows\System\QEknclq.exe
  2⤵
  PID:1896
- C:\Windows\System\JqjfDqI.exe
  C:\Windows\System\JqjfDqI.exe
  2⤵
  PID:7524
- C:\Windows\System\BweZKPf.exe
  C:\Windows\System\BweZKPf.exe
  2⤵
  PID:9596
- C:\Windows\System\vTOsXGd.exe
  C:\Windows\System\vTOsXGd.exe
  2⤵
  PID:9708
- C:\Windows\System\cYnGTMN.exe
  C:\Windows\System\cYnGTMN.exe
  2⤵
  PID:9628
- C:\Windows\System\HNfYpsS.exe
  C:\Windows\System\HNfYpsS.exe
  2⤵
  PID:9624
- C:\Windows\System\cEAFXqD.exe
  C:\Windows\System\cEAFXqD.exe
  2⤵
  PID:9776
- C:\Windows\System\ZfgVCvX.exe
  C:\Windows\System\ZfgVCvX.exe
  2⤵
  PID:9824
- C:\Windows\System\jTOVBWh.exe
  C:\Windows\System\jTOVBWh.exe
  2⤵
  PID:9868
- C:\Windows\System\QsuBJWR.exe
  C:\Windows\System\QsuBJWR.exe
  2⤵
  PID:5064
- C:\Windows\System\zzMFxJs.exe
  C:\Windows\System\zzMFxJs.exe
  2⤵
  PID:3976
- C:\Windows\System\sVlekyY.exe
  C:\Windows\System\sVlekyY.exe
  2⤵
  PID:6068
- C:\Windows\System\kLAamYl.exe
  C:\Windows\System\kLAamYl.exe
  2⤵
  PID:10080
- C:\Windows\System\rIfkjvZ.exe
  C:\Windows\System\rIfkjvZ.exe
  2⤵
  PID:1820
- C:\Windows\System\PREwjQk.exe
  C:\Windows\System\PREwjQk.exe
  2⤵
  PID:10168
- C:\Windows\System\wuHbuTU.exe
  C:\Windows\System\wuHbuTU.exe
  2⤵
  PID:10208
- C:\Windows\System\IIXPtVq.exe
  C:\Windows\System\IIXPtVq.exe
  2⤵
  PID:9316
- C:\Windows\System\CdneoZT.exe
  C:\Windows\System\CdneoZT.exe
  2⤵
  PID:9400
- C:\Windows\System\xpyBHol.exe
  C:\Windows\System\xpyBHol.exe
  2⤵
  PID:9508
- C:\Windows\System\MFjQEaI.exe
  C:\Windows\System\MFjQEaI.exe
  2⤵
  PID:9684
- C:\Windows\System\qxwrFdI.exe
  C:\Windows\System\qxwrFdI.exe
  2⤵
  PID:4328
- C:\Windows\System\MDaJlKV.exe
  C:\Windows\System\MDaJlKV.exe
  2⤵
  PID:2440
- C:\Windows\System\itiIAPP.exe
  C:\Windows\System\itiIAPP.exe
  2⤵
  PID:4640
- C:\Windows\System\zXkEwMB.exe
  C:\Windows\System\zXkEwMB.exe
  2⤵
  PID:10008
- C:\Windows\System\Baghjae.exe
  C:\Windows\System\Baghjae.exe
  2⤵
  PID:10056
- C:\Windows\System\pfXdcEb.exe
  C:\Windows\System\pfXdcEb.exe
  2⤵
  PID:10196
- C:\Windows\System\lcTIbvA.exe
  C:\Windows\System\lcTIbvA.exe
  2⤵
  PID:2700
- C:\Windows\System\iNFZCmU.exe
  C:\Windows\System\iNFZCmU.exe
  2⤵
  PID:9568
- C:\Windows\System\MZTabvB.exe
  C:\Windows\System\MZTabvB.exe
  2⤵
  PID:9772
- C:\Windows\System\fxatuMb.exe
  C:\Windows\System\fxatuMb.exe
  2⤵
  PID:4756
- C:\Windows\System\PAEAyXv.exe
  C:\Windows\System\PAEAyXv.exe
  2⤵
  PID:10148
- C:\Windows\System\npnnoSc.exe
  C:\Windows\System\npnnoSc.exe
  2⤵
  PID:9368
- C:\Windows\System\uocBUxK.exe
  C:\Windows\System\uocBUxK.exe
  2⤵
  PID:9912
- C:\Windows\System\hJsGrJt.exe
  C:\Windows\System\hJsGrJt.exe
  2⤵
  PID:4368
- C:\Windows\System\uKNJHcx.exe
  C:\Windows\System\uKNJHcx.exe
  2⤵
  PID:9832
- C:\Windows\System\lskThLO.exe
  C:\Windows\System\lskThLO.exe
  2⤵
  PID:5028
- C:\Windows\System\VaQEskS.exe
  C:\Windows\System\VaQEskS.exe
  2⤵
  PID:3924
- C:\Windows\System\MxcpioS.exe
  C:\Windows\System\MxcpioS.exe
  2⤵
  PID:10268
- C:\Windows\System\Xgxxpnc.exe
  C:\Windows\System\Xgxxpnc.exe
  2⤵
  PID:10296
- C:\Windows\System\AQOWmAa.exe
  C:\Windows\System\AQOWmAa.exe
  2⤵
  PID:10324
- C:\Windows\System\oTGspHW.exe
  C:\Windows\System\oTGspHW.exe
  2⤵
  PID:10352
- C:\Windows\System\bAIGcdx.exe
  C:\Windows\System\bAIGcdx.exe
  2⤵
  PID:10384
- C:\Windows\System\yavHqpj.exe
  C:\Windows\System\yavHqpj.exe
  2⤵
  PID:10412
- C:\Windows\System\KjUdzUc.exe
  C:\Windows\System\KjUdzUc.exe
  2⤵
  PID:10440
- C:\Windows\System\cykCAzc.exe
  C:\Windows\System\cykCAzc.exe
  2⤵
  PID:10468
- C:\Windows\System\clreAoC.exe
  C:\Windows\System\clreAoC.exe
  2⤵
  PID:10496
- C:\Windows\System\WAWaefF.exe
  C:\Windows\System\WAWaefF.exe
  2⤵
  PID:10524
- C:\Windows\System\gYdCiGt.exe
  C:\Windows\System\gYdCiGt.exe
  2⤵
  PID:10552
- C:\Windows\System\EzOgqOy.exe
  C:\Windows\System\EzOgqOy.exe
  2⤵
  PID:10580
- C:\Windows\System\hFaYZbr.exe
  C:\Windows\System\hFaYZbr.exe
  2⤵
  PID:10616
- C:\Windows\System\YEDiYAS.exe
  C:\Windows\System\YEDiYAS.exe
  2⤵
  PID:10644
- C:\Windows\System\RjHnMCU.exe
  C:\Windows\System\RjHnMCU.exe
  2⤵
  PID:10672
- C:\Windows\System\mwEkifR.exe
  C:\Windows\System\mwEkifR.exe
  2⤵
  PID:10700
- C:\Windows\System\dnWvVlG.exe
  C:\Windows\System\dnWvVlG.exe
  2⤵
  PID:10728
- C:\Windows\System\cZpqsir.exe
  C:\Windows\System\cZpqsir.exe
  2⤵
  PID:10756
- C:\Windows\System\gOpLlYI.exe
  C:\Windows\System\gOpLlYI.exe
  2⤵
  PID:10784
- C:\Windows\System\GMEQBUI.exe
  C:\Windows\System\GMEQBUI.exe
  2⤵
  PID:10812
- C:\Windows\System\sfAQGKH.exe
  C:\Windows\System\sfAQGKH.exe
  2⤵
  PID:10840
- C:\Windows\System\NCuOFoT.exe
  C:\Windows\System\NCuOFoT.exe
  2⤵
  PID:10868
- C:\Windows\System\OOVFckH.exe
  C:\Windows\System\OOVFckH.exe
  2⤵
  PID:10896
- C:\Windows\System\PFtvgWM.exe
  C:\Windows\System\PFtvgWM.exe
  2⤵
  PID:10924
- C:\Windows\System\rrpmpWP.exe
  C:\Windows\System\rrpmpWP.exe
  2⤵
  PID:10952
- C:\Windows\System\LaLolwe.exe
  C:\Windows\System\LaLolwe.exe
  2⤵
  PID:10980
- C:\Windows\System\kleVwJH.exe
  C:\Windows\System\kleVwJH.exe
  2⤵
  PID:11008
- C:\Windows\System\ittNNWO.exe
  C:\Windows\System\ittNNWO.exe
  2⤵
  PID:11036
- C:\Windows\System\SoEzgtO.exe
  C:\Windows\System\SoEzgtO.exe
  2⤵
  PID:11064
- C:\Windows\System\fryYxML.exe
  C:\Windows\System\fryYxML.exe
  2⤵
  PID:11092
- C:\Windows\System\ZPadbvW.exe
  C:\Windows\System\ZPadbvW.exe
  2⤵
  PID:11120
- C:\Windows\System\EwCuEjb.exe
  C:\Windows\System\EwCuEjb.exe
  2⤵
  PID:11148
- C:\Windows\System\eNzWqQP.exe
  C:\Windows\System\eNzWqQP.exe
  2⤵
  PID:11176
- C:\Windows\System\epuRwFN.exe
  C:\Windows\System\epuRwFN.exe
  2⤵
  PID:11196
- C:\Windows\System\tlKwdAD.exe
  C:\Windows\System\tlKwdAD.exe
  2⤵
  PID:11236
- C:\Windows\System\TLSlMhE.exe
  C:\Windows\System\TLSlMhE.exe
  2⤵
  PID:9952
- C:\Windows\System\pDjjBEB.exe
  C:\Windows\System\pDjjBEB.exe
  2⤵
  PID:10292
- C:\Windows\System\INdiWIz.exe
  C:\Windows\System\INdiWIz.exe
  2⤵
  PID:10364
- C:\Windows\System\SIjIzZn.exe
  C:\Windows\System\SIjIzZn.exe
  2⤵
  PID:10408
- C:\Windows\System\hvciOpK.exe
  C:\Windows\System\hvciOpK.exe
  2⤵
  PID:10464
- C:\Windows\System\NDFoLti.exe
  C:\Windows\System\NDFoLti.exe
  2⤵
  PID:10520
- C:\Windows\System\MDXFLzf.exe
  C:\Windows\System\MDXFLzf.exe
  2⤵
  PID:4752
- C:\Windows\System\HILojyA.exe
  C:\Windows\System\HILojyA.exe
  2⤵
  PID:10612
- C:\Windows\System\vtQuezs.exe
  C:\Windows\System\vtQuezs.exe
  2⤵
  PID:10668
- C:\Windows\System\OzBrHZZ.exe
  C:\Windows\System\OzBrHZZ.exe
  2⤵
  PID:10744
- C:\Windows\System\YjIQdhZ.exe
  C:\Windows\System\YjIQdhZ.exe
  2⤵
  PID:10832
- C:\Windows\System\JJUyuzM.exe
  C:\Windows\System\JJUyuzM.exe
  2⤵
  PID:10884
- C:\Windows\System\AgPbWoo.exe
  C:\Windows\System\AgPbWoo.exe
  2⤵
  PID:10940
- C:\Windows\System\HdPjVyi.exe
  C:\Windows\System\HdPjVyi.exe
  2⤵
  PID:10972
- C:\Windows\System\ISaKsYd.exe
  C:\Windows\System\ISaKsYd.exe
  2⤵
  PID:11028
- C:\Windows\System\NerlPvI.exe
  C:\Windows\System\NerlPvI.exe
  2⤵
  PID:11112
- C:\Windows\System\OtGapZK.exe
  C:\Windows\System\OtGapZK.exe
  2⤵
  PID:11204
- C:\Windows\System\PdtyQCe.exe
  C:\Windows\System\PdtyQCe.exe
  2⤵
  PID:10320
- C:\Windows\System\PqRbQDp.exe
  C:\Windows\System\PqRbQDp.exe
  2⤵
  PID:4912
- C:\Windows\System\otgwcNj.exe
  C:\Windows\System\otgwcNj.exe
  2⤵
  PID:10564
- C:\Windows\System\OHaRvPs.exe
  C:\Windows\System\OHaRvPs.exe
  2⤵
  PID:10724
- C:\Windows\System\wZMgfIO.exe
  C:\Windows\System\wZMgfIO.exe
  2⤵
  PID:10828
- C:\Windows\System\dsiUNEw.exe
  C:\Windows\System\dsiUNEw.exe
  2⤵
  PID:10892
- C:\Windows\System\ZcArvjY.exe
  C:\Windows\System\ZcArvjY.exe
  2⤵
  PID:11048
- C:\Windows\System\wkfonSU.exe
  C:\Windows\System\wkfonSU.exe
  2⤵
  PID:10280
- C:\Windows\System\SMhpYzY.exe
  C:\Windows\System\SMhpYzY.exe
  2⤵
  PID:1440
- C:\Windows\System\nxUbdDM.exe
  C:\Windows\System\nxUbdDM.exe
  2⤵
  PID:9480
- C:\Windows\System\DhwzCKQ.exe
  C:\Windows\System\DhwzCKQ.exe
  2⤵
  PID:9460
- C:\Windows\System\LuUNMHz.exe
  C:\Windows\System\LuUNMHz.exe
  2⤵
  PID:11060
- C:\Windows\System\ArtMBIV.exe
  C:\Windows\System\ArtMBIV.exe
  2⤵
  PID:11172
- C:\Windows\System\DwFKwLo.exe
  C:\Windows\System\DwFKwLo.exe
  2⤵
  PID:9464
- C:\Windows\System\LGfoEqv.exe
  C:\Windows\System\LGfoEqv.exe
  2⤵
  PID:4988
- C:\Windows\System\EAJkAkB.exe
  C:\Windows\System\EAJkAkB.exe
  2⤵
  PID:8600
- C:\Windows\System\CasRiMB.exe
  C:\Windows\System\CasRiMB.exe
  2⤵
  PID:9476
- C:\Windows\System\gjGNtfo.exe
  C:\Windows\System\gjGNtfo.exe
  2⤵
  PID:11268
- C:\Windows\System\VBHYhvy.exe
  C:\Windows\System\VBHYhvy.exe
  2⤵
  PID:11296
- C:\Windows\System\gLQWpOC.exe
  C:\Windows\System\gLQWpOC.exe
  2⤵
  PID:11324
- C:\Windows\System\JsoFboC.exe
  C:\Windows\System\JsoFboC.exe
  2⤵
  PID:11352
- C:\Windows\System\TPZnmNp.exe
  C:\Windows\System\TPZnmNp.exe
  2⤵
  PID:11380
- C:\Windows\System\zMOMJYe.exe
  C:\Windows\System\zMOMJYe.exe
  2⤵
  PID:11408
- C:\Windows\System\XuElRoS.exe
  C:\Windows\System\XuElRoS.exe
  2⤵
  PID:11436
- C:\Windows\System\RMQhohO.exe
  C:\Windows\System\RMQhohO.exe
  2⤵
  PID:11464
- C:\Windows\System\BiNwxPC.exe
  C:\Windows\System\BiNwxPC.exe
  2⤵
  PID:11496
- C:\Windows\System\BnAsytB.exe
  C:\Windows\System\BnAsytB.exe
  2⤵
  PID:11524
- C:\Windows\System\miopmKd.exe
  C:\Windows\System\miopmKd.exe
  2⤵
  PID:11552
- C:\Windows\System\gwxNKsi.exe
  C:\Windows\System\gwxNKsi.exe
  2⤵
  PID:11580
- C:\Windows\System\oVTNmXo.exe
  C:\Windows\System\oVTNmXo.exe
  2⤵
  PID:11608
- C:\Windows\System\hxbDIok.exe
  C:\Windows\System\hxbDIok.exe
  2⤵
  PID:11636
- C:\Windows\System\xYhjDgg.exe
  C:\Windows\System\xYhjDgg.exe
  2⤵
  PID:11664
- C:\Windows\System\AsQTFAd.exe
  C:\Windows\System\AsQTFAd.exe
  2⤵
  PID:11692
- C:\Windows\System\ITUikXS.exe
  C:\Windows\System\ITUikXS.exe
  2⤵
  PID:11720
- C:\Windows\System\ammOklq.exe
  C:\Windows\System\ammOklq.exe
  2⤵
  PID:11736
- C:\Windows\System\UBoBoIk.exe
  C:\Windows\System\UBoBoIk.exe
  2⤵
  PID:11776
- C:\Windows\System\GofDBjT.exe
  C:\Windows\System\GofDBjT.exe
  2⤵
  PID:11800
- C:\Windows\System\tPhkdTU.exe
  C:\Windows\System\tPhkdTU.exe
  2⤵
  PID:11832
- C:\Windows\System\GWpWxNt.exe
  C:\Windows\System\GWpWxNt.exe
  2⤵
  PID:11848
- C:\Windows\System\BzBdqjC.exe
  C:\Windows\System\BzBdqjC.exe
  2⤵
  PID:11888
- C:\Windows\System\WRdaeNH.exe
  C:\Windows\System\WRdaeNH.exe
  2⤵
  PID:11916
- C:\Windows\System\HOARvhy.exe
  C:\Windows\System\HOARvhy.exe
  2⤵
  PID:11944
- C:\Windows\System\SlOupQx.exe
  C:\Windows\System\SlOupQx.exe
  2⤵
  PID:11972
- C:\Windows\System\wYsCiPr.exe
  C:\Windows\System\wYsCiPr.exe
  2⤵
  PID:12000
- C:\Windows\System\PRNCHUw.exe
  C:\Windows\System\PRNCHUw.exe
  2⤵
  PID:12028
- C:\Windows\System\LAdhGGc.exe
  C:\Windows\System\LAdhGGc.exe
  2⤵
  PID:12056
- C:\Windows\System\OznFPIo.exe
  C:\Windows\System\OznFPIo.exe
  2⤵
  PID:12084
- C:\Windows\System\tEjnPDH.exe
  C:\Windows\System\tEjnPDH.exe
  2⤵
  PID:12112
- C:\Windows\System\BlhnxPs.exe
  C:\Windows\System\BlhnxPs.exe
  2⤵
  PID:12140
- C:\Windows\System\HQdFyOu.exe
  C:\Windows\System\HQdFyOu.exe
  2⤵
  PID:12160
- C:\Windows\System\rKQhEcF.exe
  C:\Windows\System\rKQhEcF.exe
  2⤵
  PID:12200
- C:\Windows\System\laDiofd.exe
  C:\Windows\System\laDiofd.exe
  2⤵
  PID:12228
- C:\Windows\System\UzZdhCq.exe
  C:\Windows\System\UzZdhCq.exe
  2⤵
  PID:12256
- C:\Windows\System\lXeHYXE.exe
  C:\Windows\System\lXeHYXE.exe
  2⤵
  PID:12284
- C:\Windows\System\eJCCrjo.exe
  C:\Windows\System\eJCCrjo.exe
  2⤵
  PID:11316
- C:\Windows\System\nvfwOwO.exe
  C:\Windows\System\nvfwOwO.exe
  2⤵
  PID:11376
- C:\Windows\System\pIHvqoh.exe
  C:\Windows\System\pIHvqoh.exe
  2⤵
  PID:11428
- C:\Windows\System\QupFWhu.exe
  C:\Windows\System\QupFWhu.exe
  2⤵
  PID:11508
- C:\Windows\System\hjOEAsr.exe
  C:\Windows\System\hjOEAsr.exe
  2⤵
  PID:11564
- C:\Windows\System\mitWFjf.exe
  C:\Windows\System\mitWFjf.exe
  2⤵
  PID:11628
- C:\Windows\System\zkDmvIc.exe
  C:\Windows\System\zkDmvIc.exe
  2⤵
  PID:11712
- C:\Windows\System\kunLkhp.exe
  C:\Windows\System\kunLkhp.exe
  2⤵
  PID:11748
- C:\Windows\System\cuQAOII.exe
  C:\Windows\System\cuQAOII.exe
  2⤵
  PID:11820
- C:\Windows\System\MFakrey.exe
  C:\Windows\System\MFakrey.exe
  2⤵
  PID:11880
- C:\Windows\System\lOiPxkX.exe
  C:\Windows\System\lOiPxkX.exe
  2⤵
  PID:11912
- C:\Windows\System\zRgTkpS.exe
  C:\Windows\System\zRgTkpS.exe
  2⤵
  PID:11484
- C:\Windows\System\RQATPKV.exe
  C:\Windows\System\RQATPKV.exe
  2⤵
  PID:12072
- C:\Windows\System\zbwwAjg.exe
  C:\Windows\System\zbwwAjg.exe
  2⤵
  PID:368
- C:\Windows\System\tWNMzva.exe
  C:\Windows\System\tWNMzva.exe
  2⤵
  PID:12148
- C:\Windows\System\PusUxGD.exe
  C:\Windows\System\PusUxGD.exe
  2⤵
  PID:12220
- C:\Windows\System\sYAFVzs.exe
  C:\Windows\System\sYAFVzs.exe
  2⤵
  PID:12280
- C:\Windows\System\XwzhqBC.exe
  C:\Windows\System\XwzhqBC.exe
  2⤵
  PID:11348
- C:\Windows\System\qzOgaNG.exe
  C:\Windows\System\qzOgaNG.exe
  2⤵
  PID:11536
- C:\Windows\System\WxJyvRA.exe
  C:\Windows\System\WxJyvRA.exe
  2⤵
  PID:11648
- C:\Windows\System\MtowwOQ.exe
  C:\Windows\System\MtowwOQ.exe
  2⤵
  PID:5732
- C:\Windows\System\MNJXxQP.exe
  C:\Windows\System\MNJXxQP.exe
  2⤵
  PID:11860
- C:\Windows\System\pmMIgrl.exe
  C:\Windows\System\pmMIgrl.exe
  2⤵
  PID:12048
- C:\Windows\System\pvxkFMj.exe
  C:\Windows\System\pvxkFMj.exe
  2⤵
  PID:12132
- C:\Windows\System\mUeDqHo.exe
  C:\Windows\System\mUeDqHo.exe
  2⤵
  PID:12276
- C:\Windows\System\sZhsWbE.exe
  C:\Windows\System\sZhsWbE.exe
  2⤵
  PID:11620
- C:\Windows\System\bgzzePO.exe
  C:\Windows\System\bgzzePO.exe
  2⤵
  PID:5748
- C:\Windows\System\nYvtfJs.exe
  C:\Windows\System\nYvtfJs.exe
  2⤵
  PID:12156
- C:\Windows\System\IrPbIKT.exe
  C:\Windows\System\IrPbIKT.exe
  2⤵
  PID:11772
- C:\Windows\System\zcLSXDm.exe
  C:\Windows\System\zcLSXDm.exe
  2⤵
  PID:12108
- C:\Windows\System\XkHhumz.exe
  C:\Windows\System\XkHhumz.exe
  2⤵
  PID:12304
- C:\Windows\System\XlgEInM.exe
  C:\Windows\System\XlgEInM.exe
  2⤵
  PID:12332
- C:\Windows\System\oUabCAs.exe
  C:\Windows\System\oUabCAs.exe
  2⤵
  PID:12360
- C:\Windows\System\MikDbki.exe
  C:\Windows\System\MikDbki.exe
  2⤵
  PID:12388
- C:\Windows\System\jOWJArb.exe
  C:\Windows\System\jOWJArb.exe
  2⤵
  PID:12416
- C:\Windows\System\oxokScD.exe
  C:\Windows\System\oxokScD.exe
  2⤵
  PID:12444
- C:\Windows\System\NvROxVN.exe
  C:\Windows\System\NvROxVN.exe
  2⤵
  PID:12472
- C:\Windows\System\hsZGnGT.exe
  C:\Windows\System\hsZGnGT.exe
  2⤵
  PID:12500
- C:\Windows\System\cdxZilR.exe
  C:\Windows\System\cdxZilR.exe
  2⤵
  PID:12528
- C:\Windows\System\OFhsVJb.exe
  C:\Windows\System\OFhsVJb.exe
  2⤵
  PID:12556
- C:\Windows\System\PBrgajQ.exe
  C:\Windows\System\PBrgajQ.exe
  2⤵
  PID:12584
- C:\Windows\System\OgswtDE.exe
  C:\Windows\System\OgswtDE.exe
  2⤵
  PID:12612
- C:\Windows\System\nUMeYWd.exe
  C:\Windows\System\nUMeYWd.exe
  2⤵
  PID:12640
- C:\Windows\System\gZBvJdw.exe
  C:\Windows\System\gZBvJdw.exe
  2⤵
  PID:12668
- C:\Windows\System\sYMXCNr.exe
  C:\Windows\System\sYMXCNr.exe
  2⤵
  PID:12688
- C:\Windows\System\dHzAqGx.exe
  C:\Windows\System\dHzAqGx.exe
  2⤵
  PID:12728
- C:\Windows\System\SBymAPL.exe
  C:\Windows\System\SBymAPL.exe
  2⤵
  PID:12756
- C:\Windows\System\OjzsGcw.exe
  C:\Windows\System\OjzsGcw.exe
  2⤵
  PID:12784
- C:\Windows\System\uAeQkFD.exe
  C:\Windows\System\uAeQkFD.exe
  2⤵
  PID:12804
- C:\Windows\System\BtqXOFm.exe
  C:\Windows\System\BtqXOFm.exe
  2⤵
  PID:12828
- C:\Windows\System\pxZNxxV.exe
  C:\Windows\System\pxZNxxV.exe
  2⤵
  PID:12868
- C:\Windows\System\sewncUx.exe
  C:\Windows\System\sewncUx.exe
  2⤵
  PID:12896
- C:\Windows\System\uujWTCK.exe
  C:\Windows\System\uujWTCK.exe
  2⤵
  PID:12924
- C:\Windows\System\DCnFBsK.exe
  C:\Windows\System\DCnFBsK.exe
  2⤵
  PID:12952
- C:\Windows\System\IaFbLei.exe
  C:\Windows\System\IaFbLei.exe
  2⤵
  PID:12980
- C:\Windows\System\zSrkpLl.exe
  C:\Windows\System\zSrkpLl.exe
  2⤵
  PID:13008
- C:\Windows\System\kapDQqt.exe
  C:\Windows\System\kapDQqt.exe
  2⤵
  PID:13036
- C:\Windows\System\UKvXdDD.exe
  C:\Windows\System\UKvXdDD.exe
  2⤵
  PID:13064
- C:\Windows\System\gejULvE.exe
  C:\Windows\System\gejULvE.exe
  2⤵
  PID:13092
- C:\Windows\System\TXrtmfQ.exe
  C:\Windows\System\TXrtmfQ.exe
  2⤵
  PID:13120
- C:\Windows\System\sPuhWYU.exe
  C:\Windows\System\sPuhWYU.exe
  2⤵
  PID:13148
- C:\Windows\System\UIzleFK.exe
  C:\Windows\System\UIzleFK.exe
  2⤵
  PID:13176
- C:\Windows\System\owbFDGD.exe
  C:\Windows\System\owbFDGD.exe
  2⤵
  PID:13208
- C:\Windows\System\ZORTmbU.exe
  C:\Windows\System\ZORTmbU.exe
  2⤵
  PID:13248
- C:\Windows\System\HIeiezg.exe
  C:\Windows\System\HIeiezg.exe
  2⤵
  PID:13280
- C:\Windows\System\NlYzGXU.exe
  C:\Windows\System\NlYzGXU.exe
  2⤵
  PID:12316
- C:\Windows\System\XnpmiVj.exe
  C:\Windows\System\XnpmiVj.exe
  2⤵
  PID:12400
- C:\Windows\System\NBPQxsG.exe
  C:\Windows\System\NBPQxsG.exe
  2⤵
  PID:12456
- C:\Windows\System\sInxobf.exe
  C:\Windows\System\sInxobf.exe
  2⤵
  PID:12492
- C:\Windows\System\WvkpcHM.exe
  C:\Windows\System\WvkpcHM.exe
  2⤵
  PID:12552
- C:\Windows\System\DjsGFgZ.exe
  C:\Windows\System\DjsGFgZ.exe
  2⤵
  PID:12660
- C:\Windows\System\IVTstLH.exe
  C:\Windows\System\IVTstLH.exe
  2⤵
  PID:12776
- C:\Windows\System\VCrUQIw.exe
  C:\Windows\System\VCrUQIw.exe
  2⤵
  PID:12824
- C:\Windows\System\fGMEoWT.exe
  C:\Windows\System\fGMEoWT.exe
  2⤵
  PID:12892
- C:\Windows\System\OtkfHqW.exe
  C:\Windows\System\OtkfHqW.exe
  2⤵
  PID:12948
- C:\Windows\System\sdSpHWm.exe
  C:\Windows\System\sdSpHWm.exe
  2⤵
  PID:13028
- C:\Windows\System\NVPmTXe.exe
  C:\Windows\System\NVPmTXe.exe
  2⤵
  PID:13168
- C:\Windows\System\SLbueTn.exe
  C:\Windows\System\SLbueTn.exe
  2⤵
  PID:13268
- C:\Windows\System\QYXdZwp.exe
  C:\Windows\System\QYXdZwp.exe
  2⤵
  PID:12372
- C:\Windows\System\HGWUGgA.exe
  C:\Windows\System\HGWUGgA.exe
  2⤵
  PID:12484
- C:\Windows\System\QQqIKCM.exe
  C:\Windows\System\QQqIKCM.exe
  2⤵
  PID:1088
- C:\Windows\System\ocyrjzU.exe
  C:\Windows\System\ocyrjzU.exe
  2⤵
  PID:12700
- C:\Windows\System\UfrrSDV.exe
  C:\Windows\System\UfrrSDV.exe
  2⤵
  PID:12428
- C:\Windows\System\ZCoQoBz.exe
  C:\Windows\System\ZCoQoBz.exe
  2⤵
  PID:1304
- C:\Windows\System\fjJcTOz.exe
  C:\Windows\System\fjJcTOz.exe
  2⤵
  PID:12888
- C:\Windows\System\VChXTJo.exe
  C:\Windows\System\VChXTJo.exe
  2⤵
  PID:13000
- C:\Windows\System\jOZOdYE.exe
  C:\Windows\System\jOZOdYE.exe
  2⤵
  PID:13204
- C:\Windows\System\PMytLRU.exe
  C:\Windows\System\PMytLRU.exe
  2⤵
  PID:13296
- C:\Windows\System\vUosiaY.exe
  C:\Windows\System\vUosiaY.exe
  2⤵
  PID:12976
- C:\Windows\System\GvQiIFv.exe
  C:\Windows\System\GvQiIFv.exe
  2⤵
  PID:4308
- C:\Windows\System\vYPSavu.exe
  C:\Windows\System\vYPSavu.exe
  2⤵
  PID:972
- C:\Windows\System\HOemrEp.exe
  C:\Windows\System\HOemrEp.exe
  2⤵
  PID:4016
- C:\Windows\System\SXyJROJ.exe
  C:\Windows\System\SXyJROJ.exe
  2⤵
  PID:3692
- C:\Windows\System\efbdePM.exe
  C:\Windows\System\efbdePM.exe
  2⤵
  PID:1412
- C:\Windows\System\VFpzPrv.exe
  C:\Windows\System\VFpzPrv.exe
  2⤵
  PID:2204
- C:\Windows\System\aJYdfJg.exe
  C:\Windows\System\aJYdfJg.exe
  2⤵
  PID:3888
- C:\Windows\System\RRPkHTv.exe
  C:\Windows\System\RRPkHTv.exe
  2⤵
  PID:3448
- C:\Windows\System\GDvfgPS.exe
  C:\Windows\System\GDvfgPS.exe
  2⤵
  PID:5040
- C:\Windows\System\tDEMNSm.exe
  C:\Windows\System\tDEMNSm.exe
  2⤵
  PID:4128
- C:\Windows\System\rNueJQv.exe
  C:\Windows\System\rNueJQv.exe
  2⤵
  PID:12384
- C:\Windows\System\rVPbVpi.exe
  C:\Windows\System\rVPbVpi.exe
  2⤵
  PID:12820
- C:\Windows\System\swNDpen.exe
  C:\Windows\System\swNDpen.exe
  2⤵
  PID:2044
- C:\Windows\System\VikiZRE.exe
  C:\Windows\System\VikiZRE.exe
  2⤵
  PID:12860
- C:\Windows\System\rLwrtkY.exe
  C:\Windows\System\rLwrtkY.exe
  2⤵
  PID:4336
- C:\Windows\System\mBtgEUc.exe
  C:\Windows\System\mBtgEUc.exe
  2⤵
  PID:1232
- C:\Windows\System\USmXNEF.exe
  C:\Windows\System\USmXNEF.exe
  2⤵
  PID:4004
- C:\Windows\System\lzLopFA.exe
  C:\Windows\System\lzLopFA.exe
  2⤵
  PID:524
- C:\Windows\System\SWTdmFP.exe
  C:\Windows\System\SWTdmFP.exe
  2⤵
  PID:1460
- C:\Windows\System\SYmTwTC.exe
  C:\Windows\System\SYmTwTC.exe
  2⤵
  PID:5100
- C:\Windows\System\ELBSUpZ.exe
  C:\Windows\System\ELBSUpZ.exe
  2⤵
  PID:3932
- C:\Windows\System\TzQyaaO.exe
  C:\Windows\System\TzQyaaO.exe
  2⤵
  PID:12768
- C:\Windows\System\WVxobUi.exe
  C:\Windows\System\WVxobUi.exe
  2⤵
  PID:12944
- C:\Windows\System\HPxZvml.exe
  C:\Windows\System\HPxZvml.exe
  2⤵
  PID:4576
- C:\Windows\System\qEemdXe.exe
  C:\Windows\System\qEemdXe.exe
  2⤵
  PID:1700
- C:\Windows\System\YzLHlGa.exe
  C:\Windows\System\YzLHlGa.exe
  2⤵
  PID:636
- C:\Windows\System\uHyDxxV.exe
  C:\Windows\System\uHyDxxV.exe
  2⤵
  PID:5176
- C:\Windows\System\SaPqXtR.exe
  C:\Windows\System\SaPqXtR.exe
  2⤵
  PID:12524
- C:\Windows\System\hehfBli.exe
  C:\Windows\System\hehfBli.exe
  2⤵
  PID:5248
- C:\Windows\System\PQnOCqD.exe
  C:\Windows\System\PQnOCqD.exe
  2⤵
  PID:5984
- C:\Windows\System\evGndsh.exe
  C:\Windows\System\evGndsh.exe
  2⤵
  PID:2072
- C:\Windows\System\DmuKMXG.exe
  C:\Windows\System\DmuKMXG.exe
  2⤵
  PID:5136
- C:\Windows\System\wgZQzSS.exe
  C:\Windows\System\wgZQzSS.exe
  2⤵
  PID:6032
- C:\Windows\System\WREkSTr.exe
  C:\Windows\System\WREkSTr.exe
  2⤵
  PID:4544
- C:\Windows\System\Lrsvoeb.exe
  C:\Windows\System\Lrsvoeb.exe
  2⤵
  PID:5964
- C:\Windows\System\bWsZxha.exe
  C:\Windows\System\bWsZxha.exe
  2⤵
  PID:13056
- C:\Windows\System\mEDMewJ.exe
  C:\Windows\System\mEDMewJ.exe
  2⤵
  PID:3252
- C:\Windows\System\StrZkAA.exe
  C:\Windows\System\StrZkAA.exe
  2⤵
  PID:5444
- C:\Windows\System\UwIYBEK.exe
  C:\Windows\System\UwIYBEK.exe
  2⤵
  PID:5360
- C:\Windows\System\avRAdJw.exe
  C:\Windows\System\avRAdJw.exe
  2⤵
  PID:5336
- C:\Windows\System\vsonhhi.exe
  C:\Windows\System\vsonhhi.exe
  2⤵
  PID:3296
- C:\Windows\System\UZnCkqM.exe
  C:\Windows\System\UZnCkqM.exe
  2⤵
  PID:5452
- C:\Windows\System\TFkZtxL.exe
  C:\Windows\System\TFkZtxL.exe
  2⤵
  PID:5512
- C:\Windows\System\GXlShFy.exe
  C:\Windows\System\GXlShFy.exe
  2⤵
  PID:5624
- C:\Windows\System\GymkJvv.exe
  C:\Windows\System\GymkJvv.exe
  2⤵
  PID:5736
- C:\Windows\System\hrwFuoD.exe
  C:\Windows\System\hrwFuoD.exe
  2⤵
  PID:2380
- C:\Windows\System\DqANcuT.exe
  C:\Windows\System\DqANcuT.exe
  2⤵
  PID:5172
- C:\Windows\System\mzkXViE.exe
  C:\Windows\System\mzkXViE.exe
  2⤵
  PID:5620
- C:\Windows\System\nTJmkZj.exe
  C:\Windows\System\nTJmkZj.exe
  2⤵
  PID:2360
- C:\Windows\System\RrevmKv.exe
  C:\Windows\System\RrevmKv.exe
  2⤵
  PID:5700
- C:\Windows\System\KJNQJqD.exe
  C:\Windows\System\KJNQJqD.exe
  2⤵
  PID:5584
- C:\Windows\System\YpzwJdc.exe
  C:\Windows\System\YpzwJdc.exe
  2⤵
  PID:876
- C:\Windows\System\JhakVgH.exe
  C:\Windows\System\JhakVgH.exe
  2⤵
  PID:5692
- C:\Windows\System\HyQgbMR.exe
  C:\Windows\System\HyQgbMR.exe
  2⤵
  PID:13320
- C:\Windows\System\HaxfBjb.exe
  C:\Windows\System\HaxfBjb.exe
  2⤵
  PID:13348
- C:\Windows\System\WJiJmXY.exe
  C:\Windows\System\WJiJmXY.exe
  2⤵
  PID:13376
- C:\Windows\System\WRfboYT.exe
  C:\Windows\System\WRfboYT.exe
  2⤵
  PID:13416
- C:\Windows\System\yLAlfGX.exe
  C:\Windows\System\yLAlfGX.exe
  2⤵
  PID:13432
- C:\Windows\System\aXRCrEX.exe
  C:\Windows\System\aXRCrEX.exe
  2⤵
  PID:13460
- C:\Windows\System\mYNUDXb.exe
  C:\Windows\System\mYNUDXb.exe
  2⤵
  PID:13488
- C:\Windows\System\EqacCGU.exe
  C:\Windows\System\EqacCGU.exe
  2⤵
  PID:13516
- C:\Windows\System\iusyGUc.exe
  C:\Windows\System\iusyGUc.exe
  2⤵
  PID:13544
- C:\Windows\System\QMaVlHG.exe
  C:\Windows\System\QMaVlHG.exe
  2⤵
  PID:13572
- C:\Windows\System\lcrCyJR.exe
  C:\Windows\System\lcrCyJR.exe
  2⤵
  PID:13600
- C:\Windows\System\gBFKhtX.exe
  C:\Windows\System\gBFKhtX.exe
  2⤵
  PID:13628
- C:\Windows\System\XiDgkTI.exe
  C:\Windows\System\XiDgkTI.exe
  2⤵
  PID:13656
- C:\Windows\System\gcfxLbe.exe
  C:\Windows\System\gcfxLbe.exe
  2⤵
  PID:13684
- C:\Windows\System\vZWvKvO.exe
  C:\Windows\System\vZWvKvO.exe
  2⤵
  PID:13712
- C:\Windows\System\PsrMWpM.exe
  C:\Windows\System\PsrMWpM.exe
  2⤵
  PID:13740
- C:\Windows\System\deEbovY.exe
  C:\Windows\System\deEbovY.exe
  2⤵
  PID:13768
- C:\Windows\System\BEPZWYX.exe
  C:\Windows\System\BEPZWYX.exe
  2⤵
  PID:13796
- C:\Windows\System\EiLPjdx.exe
  C:\Windows\System\EiLPjdx.exe
  2⤵
  PID:13824
- C:\Windows\System\JJLQhYT.exe
  C:\Windows\System\JJLQhYT.exe
  2⤵
  PID:13852
- C:\Windows\System\uWOrHlH.exe
  C:\Windows\System\uWOrHlH.exe
  2⤵
  PID:13880
- C:\Windows\System\ANxloLI.exe
  C:\Windows\System\ANxloLI.exe
  2⤵
  PID:13908
- C:\Windows\System\FyMQLjG.exe
  C:\Windows\System\FyMQLjG.exe
  2⤵
  PID:13936
- C:\Windows\System\lGWLwnp.exe
  C:\Windows\System\lGWLwnp.exe
  2⤵
  PID:13968
- C:\Windows\System\XBxtrYk.exe
  C:\Windows\System\XBxtrYk.exe
  2⤵
  PID:14004
- C:\Windows\System\oTXyOrv.exe
  C:\Windows\System\oTXyOrv.exe
  2⤵
  PID:14024
- C:\Windows\System\iKxxEQs.exe
  C:\Windows\System\iKxxEQs.exe
  2⤵
  PID:14052
- C:\Windows\System\XDlkBUZ.exe
  C:\Windows\System\XDlkBUZ.exe
  2⤵
  PID:14080
- C:\Windows\System\ngLOnFw.exe
  C:\Windows\System\ngLOnFw.exe
  2⤵
  PID:14108
- C:\Windows\System\plMKFRy.exe
  C:\Windows\System\plMKFRy.exe
  2⤵
  PID:14136
- C:\Windows\System\zjAHwNr.exe
  C:\Windows\System\zjAHwNr.exe
  2⤵
  PID:14176
- C:\Windows\System\COsPkla.exe
  C:\Windows\System\COsPkla.exe
  2⤵
  PID:14192
- C:\Windows\System\RlYAkve.exe
  C:\Windows\System\RlYAkve.exe
  2⤵
  PID:14220
- C:\Windows\System\uFELiGa.exe
  C:\Windows\System\uFELiGa.exe
  2⤵
  PID:14248
- C:\Windows\System\NPaSgjs.exe
  C:\Windows\System\NPaSgjs.exe
  2⤵
  PID:14276
- C:\Windows\System\YoYvzLG.exe
  C:\Windows\System\YoYvzLG.exe
  2⤵
  PID:14304
- C:\Windows\System\ZsMJXkx.exe
  C:\Windows\System\ZsMJXkx.exe
  2⤵
  PID:14332
- C:\Windows\System\JsKBMuV.exe
  C:\Windows\System\JsKBMuV.exe
  2⤵
  PID:13344
- C:\Windows\System\UQASDIT.exe
  C:\Windows\System\UQASDIT.exe
  2⤵
  PID:5868
- C:\Windows\System\mWUyLjJ.exe
  C:\Windows\System\mWUyLjJ.exe
  2⤵
  PID:4628
- C:\Windows\System\WjwGwmF.exe
  C:\Windows\System\WjwGwmF.exe
  2⤵
  PID:1152
- C:\Windows\System\kCoxDKf.exe
  C:\Windows\System\kCoxDKf.exe
  2⤵
  PID:13456
- C:\Windows\System\smsUETn.exe
  C:\Windows\System\smsUETn.exe
  2⤵
  PID:5448
- C:\Windows\System\KfxOrQu.exe
  C:\Windows\System\KfxOrQu.exe
  2⤵
  PID:13536
- C:\Windows\System\nTKMHAM.exe
  C:\Windows\System\nTKMHAM.exe
  2⤵
  PID:13584
- C:\Windows\System\tUmfeoG.exe
  C:\Windows\System\tUmfeoG.exe
  2⤵
  PID:4564
- C:\Windows\System\KMKRBSG.exe
  C:\Windows\System\KMKRBSG.exe
  2⤵
  PID:13652
- C:\Windows\System\HrnnTIy.exe
  C:\Windows\System\HrnnTIy.exe
  2⤵
  PID:13704
- C:\Windows\System\YuuwRRd.exe
  C:\Windows\System\YuuwRRd.exe
  2⤵
  PID:13760
- C:\Windows\System\mpQUKud.exe
  C:\Windows\System\mpQUKud.exe
  2⤵
  PID:13808
- C:\Windows\System\xOlvmOF.exe
  C:\Windows\System\xOlvmOF.exe
  2⤵
  PID:13844
- C:\Windows\System\jINNDWY.exe
  C:\Windows\System\jINNDWY.exe
  2⤵
  PID:13892
- C:\Windows\System\pRVZOwq.exe
  C:\Windows\System\pRVZOwq.exe
  2⤵
  PID:13932
- C:\Windows\System\GRPPLpT.exe
  C:\Windows\System\GRPPLpT.exe
  2⤵
  PID:2952
- C:\Windows\System\fZSfjtL.exe
  C:\Windows\System\fZSfjtL.exe
  2⤵
  PID:14016
- C:\Windows\System\tkpmDkt.exe
  C:\Windows\System\tkpmDkt.exe
  2⤵
  PID:2404
- C:\Windows\System\sjmtxSE.exe
  C:\Windows\System\sjmtxSE.exe
  2⤵
  PID:14100
- C:\Windows\System\yaAZchZ.exe
  C:\Windows\System\yaAZchZ.exe
  2⤵
  PID:14128
- C:\Windows\System\lETOZkQ.exe
  C:\Windows\System\lETOZkQ.exe
  2⤵
  PID:5800
- C:\Windows\System\JRTRDuQ.exe
  C:\Windows\System\JRTRDuQ.exe
  2⤵
  PID:6196
- C:\Windows\System\kvsfPuK.exe
  C:\Windows\System\kvsfPuK.exe
  2⤵
  PID:6228
- C:\Windows\System\pOzpHtw.exe
  C:\Windows\System\pOzpHtw.exe
  2⤵
  PID:14268
- C:\Windows\System\ikferjM.exe
  C:\Windows\System\ikferjM.exe
  2⤵
  PID:6312
- C:\Windows\System\TdZRJGG.exe
  C:\Windows\System\TdZRJGG.exe
  2⤵
  PID:6376
- C:\Windows\System\UNXREDN.exe
  C:\Windows\System\UNXREDN.exe
  2⤵
  PID:6428
- C:\Windows\System\iUPaEbA.exe
  C:\Windows\System\iUPaEbA.exe
  2⤵
  PID:13412
- C:\Windows\System\UrVwBGk.exe
  C:\Windows\System\UrVwBGk.exe
  2⤵
  PID:6500
- C:\Windows\System\hDmpzHx.exe
  C:\Windows\System\hDmpzHx.exe
  2⤵
  PID:13500
- C:\Windows\System\oplzBGr.exe
  C:\Windows\System\oplzBGr.exe
  2⤵
  PID:5656
- C:\Windows\System\vwtLuqH.exe
  C:\Windows\System\vwtLuqH.exe
  2⤵
  PID:6612
- C:\Windows\System\YTerQZx.exe
  C:\Windows\System\YTerQZx.exe
  2⤵
  PID:6644
- C:\Windows\System\PBbMylW.exe
  C:\Windows\System\PBbMylW.exe
  2⤵
  PID:3240
- C:\Windows\System\TqmLxnf.exe
  C:\Windows\System\TqmLxnf.exe
  2⤵
  PID:13816
- C:\Windows\System\QTnlxGD.exe
  C:\Windows\System\QTnlxGD.exe
  2⤵
  PID:6760
- C:\Windows\System\MgxnNZb.exe
  C:\Windows\System\MgxnNZb.exe
  2⤵
  PID:6788
- C:\Windows\System\sEMgtAW.exe
  C:\Windows\System\sEMgtAW.exe
  2⤵
  PID:4524
- C:\Windows\System\SzTFLpf.exe
  C:\Windows\System\SzTFLpf.exe
  2⤵
  PID:14064
- C:\Windows\System\HXHJPAD.exe
  C:\Windows\System\HXHJPAD.exe
  2⤵
  PID:4520
- C:\Windows\System\jmGsZht.exe
  C:\Windows\System\jmGsZht.exe
  2⤵
  PID:6936
- C:\Windows\System\AczaUvj.exe
  C:\Windows\System\AczaUvj.exe
  2⤵
  PID:6232
- C:\Windows\System\rEdwLJN.exe
  C:\Windows\System\rEdwLJN.exe
  2⤵
  PID:14260
- C:\Windows\System\HGfdHQw.exe
  C:\Windows\System\HGfdHQw.exe
  2⤵
  PID:6352
- C:\Windows\System\QIFnWtz.exe
  C:\Windows\System\QIFnWtz.exe
  2⤵
  PID:7100
- C:\Windows\System\lfRrcQD.exe
  C:\Windows\System\lfRrcQD.exe
  2⤵
  PID:4212
- C:\Windows\System\lkMCOxn.exe
  C:\Windows\System\lkMCOxn.exe
  2⤵
  PID:4704
- C:\Windows\System\qmvKSUR.exe
  C:\Windows\System\qmvKSUR.exe
  2⤵
  PID:6248
- C:\Windows\System\RlWshcA.exe
  C:\Windows\System\RlWshcA.exe
  2⤵
  PID:13648
- C:\Windows\System\NfjjtAW.exe
  C:\Windows\System\NfjjtAW.exe
  2⤵
  PID:6704
- C:\Windows\System\fvYqxlw.exe
  C:\Windows\System\fvYqxlw.exe
  2⤵
  PID:5668
- C:\Windows\System\kDBMZmx.exe
  C:\Windows\System\kDBMZmx.exe
  2⤵
  PID:13928
- C:\Windows\System\zQrPoic.exe
  C:\Windows\System\zQrPoic.exe
  2⤵
  PID:13992
- C:\Windows\System\TGDBXvO.exe
  C:\Windows\System\TGDBXvO.exe
  2⤵
  PID:14104
- C:\Windows\System\zILbCpm.exe
  C:\Windows\System\zILbCpm.exe
  2⤵
  PID:14204
- C:\Windows\System\QITvIGx.exe
  C:\Windows\System\QITvIGx.exe
  2⤵
  PID:6896
- C:\Windows\System\qFyLRQb.exe
  C:\Windows\System\qFyLRQb.exe
  2⤵
  PID:7040
- C:\Windows\System\cgnxRJW.exe
  C:\Windows\System\cgnxRJW.exe
  2⤵
  PID:7120
- C:\Windows\System\hNqksjO.exe
  C:\Windows\System\hNqksjO.exe
  2⤵
  PID:7144
- C:\Windows\System\IZCCTYZ.exe
  C:\Windows\System\IZCCTYZ.exe
  2⤵
  PID:3284
- C:\Windows\System\sTKuZSe.exe
  C:\Windows\System\sTKuZSe.exe
  2⤵
  PID:13736
- C:\Windows\System\EgUZoqD.exe
  C:\Windows\System\EgUZoqD.exe
  2⤵
  PID:6672
- C:\Windows\System\ejlnxei.exe
  C:\Windows\System\ejlnxei.exe
  2⤵
  PID:5808
- C:\Windows\System\lTtkTNd.exe
  C:\Windows\System\lTtkTNd.exe
  2⤵
  PID:6864
- C:\Windows\System\KtBRhwK.exe
  C:\Windows\System\KtBRhwK.exe
  2⤵
  PID:6944
- C:\Windows\System\yzzUuqW.exe
  C:\Windows\System\yzzUuqW.exe
  2⤵
  PID:7000
- C:\Windows\System\bmiNNsT.exe
  C:\Windows\System\bmiNNsT.exe
  2⤵
  PID:4880
- C:\Windows\System\mgnXdJP.exe
  C:\Windows\System\mgnXdJP.exe
  2⤵
  PID:7180
- C:\Windows\System\tjBbCdY.exe
  C:\Windows\System\tjBbCdY.exe
  2⤵
  PID:6392
- C:\Windows\System\UebXaAF.exe
  C:\Windows\System\UebXaAF.exe
  2⤵
  PID:13920
- C:\Windows\System\fHADwJL.exe
  C:\Windows\System\fHADwJL.exe
  2⤵
  PID:7300
- C:\Windows\System\kCaYmMB.exe
  C:\Windows\System\kCaYmMB.exe
  2⤵
  PID:6424
- C:\Windows\System\vNAZCUI.exe
  C:\Windows\System\vNAZCUI.exe
  2⤵
  PID:6940
- C:\Windows\System\XYXJFpW.exe
  C:\Windows\System\XYXJFpW.exe
  2⤵
  PID:7536
- C:\Windows\System\whyYQoC.exe
  C:\Windows\System\whyYQoC.exe
  2⤵
  PID:7600
- C:\Windows\System\jrvcvMv.exe
  C:\Windows\System\jrvcvMv.exe
  2⤵
  PID:6772
- C:\Windows\System\xqsITOF.exe
  C:\Windows\System\xqsITOF.exe
  2⤵
  PID:7376
- C:\Windows\System\MgltceL.exe
  C:\Windows\System\MgltceL.exe
  2⤵
  PID:7544
- C:\Windows\System\IELjWqu.exe
  C:\Windows\System\IELjWqu.exe
  2⤵
  PID:7612
- C:\Windows\System\XTEncQA.exe
  C:\Windows\System\XTEncQA.exe
  2⤵
  PID:7060
- C:\Windows\System\LFIrOpS.exe
  C:\Windows\System\LFIrOpS.exe
  2⤵
  PID:7828
- C:\Windows\System\fVQsKyM.exe
  C:\Windows\System\fVQsKyM.exe
  2⤵
  PID:7772
- C:\Windows\System\YZSGwSO.exe
  C:\Windows\System\YZSGwSO.exe
  2⤵
  PID:7912
- C:\Windows\System\ThJRlxy.exe
  C:\Windows\System\ThJRlxy.exe
  2⤵
  PID:13792
- C:\Windows\System\BOwAYTs.exe
  C:\Windows\System\BOwAYTs.exe
  2⤵
  PID:7960
- C:\Windows\System\cIoiByQ.exe
  C:\Windows\System\cIoiByQ.exe
  2⤵
  PID:8028
- C:\Windows\System\XSqeIfc.exe
  C:\Windows\System\XSqeIfc.exe
  2⤵
  PID:14360
- C:\Windows\System\iYPkLKF.exe
  C:\Windows\System\iYPkLKF.exe
  2⤵
  PID:14388
- C:\Windows\System\kdLPTSH.exe
  C:\Windows\System\kdLPTSH.exe
  2⤵
  PID:14416
- C:\Windows\System\IQQyPpL.exe
  C:\Windows\System\IQQyPpL.exe
  2⤵
  PID:14444
- C:\Windows\System\aQsYcId.exe
  C:\Windows\System\aQsYcId.exe
  2⤵
  PID:14472
- C:\Windows\System\UAWZVQw.exe
  C:\Windows\System\UAWZVQw.exe
  2⤵
  PID:14500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BsExxHt.exe

Filesize
6.0MB

MD5
938a434fbc70f7d302e425b9b22e3d59

SHA1
afc6727f438475d1488d6771e0f9f53795185006

SHA256
3210b36e80b22853890e0bc850ae63ff72729f0a28a4eaf94a99287ddec8f4a8

SHA512
99e782b875f0bbff558142fee6a8ae8eccee098b3e440a884b8775f5bac155e2327d3ecc07a352e6bd5cc10d065569a7b697edffe8db2dc0214316efd575ed44

Download Submit
C:\Windows\System\COZKmAm.exe

Filesize
6.0MB

MD5
e42ac229b5778acc0c1bdf5039bfc595

SHA1
1d597d5c328be688708e8b1ca246f26fa81c0152

SHA256
1516b4bb3cbb2e064e51998a6edc086a5ccaafe41b1f6c83c9562e53de0b9b71

SHA512
22a7866002dd21fb725b7eb0d30106ad21615abe50c348e49a9153d9079dd9c1b4bdd58ab05148ea2f047c77f12f231913ce38a09e2f051483f8cfa55334b5b2

Download Submit
C:\Windows\System\DNOYKvQ.exe

Filesize
6.0MB

MD5
95aa9272d929961019f2bf8c884db26d

SHA1
0173d578927040ad92213f116f4fc17cf00dd2b9

SHA256
23cdef09bcabaa9b2884d11c4c09398c0e7f9551522feefe554ae2ddeb20c178

SHA512
ba5f6b7400b4976e993437ba8f4dc4e9ff4a674b7941c3855a6681efb36378ef12b5088372557b7023ef5a47ed8198b9931c00006243ebe7505176e58588e1d4

Download Submit
C:\Windows\System\FHcaoIi.exe

Filesize
6.0MB

MD5
a808ba0deb1c9dad0c5d1e93ee46c7df

SHA1
4bd582a544043fafcca994a39491229ada470d8d

SHA256
e99f20a7dd7556181a47879d411ae7042ba8249f4d749a95aa21b7d8695cabb1

SHA512
0d68e2ebe6c49d48dc31de5b67b438a1fca89cc4b17690536917591f6b8f159563429494753a769e32b872edcf0234ab3a4c63baf97d52f6911eb501610ecb7c

Download Submit
C:\Windows\System\FZIiXpC.exe

Filesize
6.0MB

MD5
dc073c7a09a59522ec027e327de4e7b0

SHA1
9bc824ad56fa578ead5a4f3ce721700d42ad84ba

SHA256
703169634b9987bcbc0e9bc6eea65525dfccce3bf4b075e31c4d3985463d5911

SHA512
0902f1c5200208028aaabd7696ff40729fac196d65342bc3301eec5c5febc818c69ee0438a0ca54c833ae4282e8fed851dff4926f1c586a250e101907455d684

Download Submit
C:\Windows\System\FguCvFi.exe

Filesize
6.0MB

MD5
8fc80e044e745e1de0dff3d91d7ed85b

SHA1
30dc3604f1ca3d2a09f8c9a469f1838d50623216

SHA256
4914d84252e7a461dd457507f5574d7b02d32c73b63b94735a782bc87cb5e89b

SHA512
86ac44424827ba08f076cdfd51ed62accadf8da5eb93d97c862ec9f2f416cf0cfa56dc5d1a95ee316f6cad1efaec58aae08972c31443309c07a98f51fecd4c94

Download Submit
C:\Windows\System\JlDytrR.exe

Filesize
6.0MB

MD5
08f0062081134d774e20daf1153a2ad3

SHA1
bf018cea6b2cd36adee33934b87c6da1315620d0

SHA256
d014976d9abc7dc257cf18c7cbcc34cc7af896b1b16eb3fba2a015e2d87f43be

SHA512
4a63f71f3eecaee02f3690c3a0f789e602e41b8a120c9a44fcf3e3bddc3c306f4b27330c5e22100f32f690c93c07280996fd7ed47face380dcc49d8ca4d3b2d2

Download Submit
C:\Windows\System\KeZLNOz.exe

Filesize
6.0MB

MD5
0bdc576d028c83a4dc9920f514e673cd

SHA1
f94a809e121f0ca28e8a51d945ec50a00f2ae30d

SHA256
c6cbc8a0b54cc6b8108f4659f37f0dcf8de64f1fe3e274f920e19f7cf7802ab2

SHA512
799462926903335943432e6563dff40e4ecd7d1cc2b59a29fdc92df33b672b4e201bccc619f85e21488b0396dc62bb84ebd4d7329d3cbde0f4e444f9e9ea5296

Download Submit
C:\Windows\System\NIQbqjA.exe

Filesize
6.0MB

MD5
c657f614aa672d4e5a6a21566951778a

SHA1
35f6a53e329c7719c801d82d3a574fcf6e75bbc3

SHA256
8308187ce83d0e5f013c667b35666529c7273d38b30b5dbf21cae45b88d93b6b

SHA512
9f4949eeacdacedcad30d9e1cc13c9f1921d7bc4b95acb8563091dff8088ed45aca21646df83655b5f7d2014c044b67a1fcfdb2bfc7b21b122740d0de7a571e8

Download Submit
C:\Windows\System\OeimEut.exe

Filesize
6.0MB

MD5
fa00236998105a6cf6f0bef8f466b1e9

SHA1
ac9fd4e4fb55909519cbab181e1211dcad0638c6

SHA256
de8ca4d9fa4ba7d6a1d26bad463723f8decb6e1accf4f9bd48bb0a604159064a

SHA512
b56fc066570a7d41b40a1bf23d3d07fed040a62346b4d0158fcfe84a7a15692dd42f937cad27b43d59b12de934e02d18c07b14615a63617afff4d034da6c96f0

Download Submit
C:\Windows\System\PUJnaVE.exe

Filesize
6.0MB

MD5
c2661342f587be4be249b84e2f450546

SHA1
8b76b374ffe7420d208b3ea90245a525003444f4

SHA256
29a6e1ac8b2984886de17ed2a50c1b823deaf89a867ba943705cff1554caa17a

SHA512
b2df535d2773ef92955c7acf91357d4df059eab5795df5f2f036af471d34c4e90b3cb5b3f716cab7c1a9f250b34bd501b7159bf179695520cb4f73ddb31569c6

Download Submit
C:\Windows\System\PiuhzVP.exe

Filesize
6.0MB

MD5
b9c7aa2e1f289e673d6a6058d4bba200

SHA1
9fd8751aaf8ec3e749e80589ba6b0ac9dcef2387

SHA256
dc1d1335f387a5cff0a34c744db868e2b25e5b8bf79b1e36dea34eb69aefc077

SHA512
98a05fc946965ee078710643cde13058e105330639b9969ba1cff4a6857b6734ea927e9f32b0f360c9f7be861d61cf688addf68ae86a497913028d6955668c55

Download Submit
C:\Windows\System\ScVJwNP.exe

Filesize
6.0MB

MD5
7827a192ab7efdf577ad156ff2bbe1b1

SHA1
2c5121236dec935232911c91a1979fe4526453b0

SHA256
ecc6f01a7cd3a087ae35834c1bae9e53d462abcb01f04ed35773bbcb343802cb

SHA512
787c604f6ee732ce5f4a9b240d96dacd581af50ccc8df675e193d598bd21c355faec473f1f29ade6aab5ceb4c36b419499966325c83e3f6d91ff50b2c4f2e28e

Download Submit
C:\Windows\System\SwntvFy.exe

Filesize
6.0MB

MD5
645dbbf03d3ed040e552e66e71aeacb4

SHA1
f7dfd2c125924bbbedba08f9d171192da09889f1

SHA256
429f36cd952ba704474ee20a595fe90746a0a935c89c6ed25549b6479154f8e0

SHA512
80e2ccf193abccea228e586544bfe3dfa10e8c3ea0c59d3ee1fc702d24f751cc45c122095210cd260a4fc4aa1e151370def6eb08f8c4039aa36c0024d881b386

Download Submit
C:\Windows\System\TSfaaGF.exe

Filesize
6.0MB

MD5
3eb3fc091a7c25f6160e003f25606317

SHA1
efeb4fc6f1952594aeeb09034d4fa4e9d3b12216

SHA256
3390df5a709c2cbb98e49f753bb3764d8c60a5f3369b1714661bfabab37bcb24

SHA512
5640b83c707b5b8b98963893e9ec890191b0326c02d8b6ced2598c7befea31fcb1c159a0eed21aab710d5368222296c1cc3cfa2daa1beb7fa3260a24bdea2a9a

Download Submit
C:\Windows\System\VMuTbBd.exe

Filesize
6.0MB

MD5
fe91cb010ffb58eb30f19ad1b66e8432

SHA1
dc276d955812436fec76c26fbfa926b8b1120216

SHA256
eb650cd378432328b15344d299f5dfa5373219c8b7051c3d08f9b31dba1ea9d8

SHA512
bcf1bf7b81a56169f2069bbc44b0c881f3f6870ddea58b3daef9f852231ae905ad7b8b72a84463c339cce15a9a14afa09519df448bd4b41b80e5bf210f221834

Download Submit
C:\Windows\System\WKRAlUY.exe

Filesize
6.0MB

MD5
fc0744c17fbb1a1434173d5565d771ee

SHA1
1974c1ce88d68bbb407d764d80033c70f3ab5d93

SHA256
972763de14816b50ee076982720070919e199e084b8a198002d270d8885def5b

SHA512
5dd6a6a337bd8f58e03254b63887f65c37e601fa6984ade3c638f595f45139c3dbcd86d9f89b6ec328c3d768fe9d891a35d09c8db36a8edd3265f18af841a60f

Download Submit
C:\Windows\System\XVoHAjQ.exe

Filesize
6.0MB

MD5
84a7952768242cf193c6a5c6124d32d0

SHA1
a98840a7df5d71bde7a77954b87466d8f9f4ab88

SHA256
61255461d7d56eab96fc5fa00a1cd9825c9c9632a5b7156d91ef3261c5b93cfc

SHA512
91c31dc1b0d75dab41aa6a4d312d9aa694a97b07607833b94b425675705b5339f89a9c30423d7df2c8af5a494daaf3dd517a6633ab8857741bc2910198ea8904

Download Submit
C:\Windows\System\YsDuDYh.exe

Filesize
6.0MB

MD5
89e42c16ead088a8ebe3c042e9b8e0f3

SHA1
7583b424992dd31f448665cf082a6f25b12b47b9

SHA256
bd8607d1d57c8863af897c3ce6ab4f34cd511dda5c27e5830d68993704c52520

SHA512
aa1692d22de76fef4d71b986c3d6d5fbaaab76fec70ec3b3dfdc9b2eae1485e9656e66543348dfc7b563f1770bafd97d9e787568dcf09aa0d303243f5ab714d6

Download Submit
C:\Windows\System\ZMyVlQs.exe

Filesize
6.0MB

MD5
e4566f3eac278065abd45be49c3d242c

SHA1
e9bbcf5c15e30052e40a7f06ee38c05e1ef95521

SHA256
55c26c06e8ac327d3446bab30b3a0bc8ee72b214159a6b49a1c2683b721ef54f

SHA512
166160d0b885d46c0fa778cbb716802194bc5058d50e6b416c27c8a2467406b7134fb1f1b5e90dcf2faf6e8755be04cbfcde18a5044012d0506b64de0d7ee835

Download Submit
C:\Windows\System\ZyeTOzO.exe

Filesize
6.0MB

MD5
f89f370c78e5f99b6a27e55bccf631ad

SHA1
249698f374ef874a68febd7ed99e09d55b524eb0

SHA256
e5b39646f67dfb6fd21f15849a240885eb6ca621e34838083ed53fcd20e666bd

SHA512
8768db847ea8a13dbeec0f0c80476e88d8b7ded378632e723e32a9e4e174ab01ef0375f378e3470fef4cb43c19a9289f10908c504fd9fb2c1b6a57d4b873a988

Download Submit
C:\Windows\System\aOecMIM.exe

Filesize
6.0MB

MD5
f41b5c28ec2d107c4e48256443604424

SHA1
6fbb6470ed140ca4fa583c2a6b4c7477dea1ef1e

SHA256
6923b89c01d792d70e9bd8a780946884ef9e978435a9132eec1b07a7916475de

SHA512
9e459d15048af9ebb7aff05c551a3c48f05a52789d1524214d583285d0ded7813da4b8b086486bf7f758e416a6baa6539c2a5ef623d447c2916ea4dcbd867685

Download Submit
C:\Windows\System\amdWhQQ.exe

Filesize
6.0MB

MD5
ed4b510d3c21c39efdd0838a22fd380b

SHA1
c8c7b4265af8221f4bb31471a25ab9f5e660dc1a

SHA256
7325111bc6d5caf441df1a442eea2ada4f723accae6ef6e0a8071ff415a031c8

SHA512
696e9cc58809eca5128a0e0284353faca0c92de00235b116c0a426de5684d642dafeb84bde71d97a0ef9abc72bfee588c023827302ff83a29cb1fc61765ee534

Download Submit
C:\Windows\System\dzZpRDs.exe

Filesize
6.0MB

MD5
272ea8cbccc9d778510cad95fb2bcaee

SHA1
710209800ba74a5a437c3bda6c00e833d06dad71

SHA256
37e9ed14df51abd5e525f40dd16f1ba140696d2f5dda48ae85fa1b85158f255d

SHA512
351ee0d541a376bdf26ad84b07790f408aff408ce7c4064cc2d57395c98bfc7a5aa388bae41e9541cf6b135a1255871d9033698691bbb6d7b3d1e33548b94f54

Download Submit
C:\Windows\System\gzEnIeU.exe

Filesize
6.0MB

MD5
2b81b8ef4ea0e6cbc4788d5bb99b0d0f

SHA1
8c8c173f7ac1864df6131c11b69555ba748c4ab8

SHA256
24d0a60753bd96ba3ba5321e2fd97ef8f6127317acd2e2b2bcb03037a4e73085

SHA512
1584999a97b1ad4c6ce6c9f111ab50e16df2b5d54447b842c25f6021bd3cc723ecbca6cd55ae354d960681b58435892973cfde67fa31ebe4ce1b9b70fa2d2985

Download Submit
C:\Windows\System\ifAKOpD.exe

Filesize
6.0MB

MD5
9b3687462eef3c72345c9d6a4248acd7

SHA1
f1d574ba56ba7156b3a8f3cb0ed68eef368a90a6

SHA256
0e3c1b0c7dc72b5a28fbd76a81715bedd65f740ed1bd7a4e42d9d12a81f8c492

SHA512
add486051b3362d48fa80059f3b686987ccb519957ba739f4829b477c471696c3923a7a59cfb0286bde308473941c634aa5166892869f89c19f0f5c5b846914a

Download Submit
C:\Windows\System\oiBtnmm.exe

Filesize
6.0MB

MD5
c9c50daac3eb9f03e88ae628346dc370

SHA1
7bd393712369d45654a8547dca6f87199d688d48

SHA256
da25014e57a3a3bc0b51e78f13ddbeb3e6f0617c0e4fb912ad5ae7a386090406

SHA512
347f9fa1e8bed888fc511b9d3d01e426cb092745835ad70b4b07cff805381815e72f73eeacbb725f0904bd59eb8e70138b0b2edc1210510f14f3f9f29b66464e

Download Submit
C:\Windows\System\pJtuqqv.exe

Filesize
6.0MB

MD5
19b2757a3b3796509835a6a906004f44

SHA1
e886e4f9d7fed294b1aa915effac35c7f2da03d4

SHA256
185f972b261b2b94d4a72a4947250f98d4e4616b282a9306e0581cc5ce8cc003

SHA512
3bd39544759f0f2bc7e126594e7f244febc8a6a67c7dd5e945d2436aefd5468cfd8ba7db7799d7a2231885616dce1b703420ec8b025754af4ca84e5dd9ef2045

Download Submit
C:\Windows\System\rtGdGva.exe

Filesize
6.0MB

MD5
c2dde18ab8c21c60f1fe22fc296732cf

SHA1
9eb0f29a301a23c126cd82b2b9a9afb23235d2e7

SHA256
f9d6b1435486d0f73f8584f5dfb7ee77a79492b37e64230cddf29e712266ca73

SHA512
c5a98505cf859143c25d39b1115ebe763cbc2352b819e475cad8026ccfe419c27d4a69adcf1fae11cde5f40bc5f939bb82a0c5b62e25d7efdfe76dd578983443

Download Submit
C:\Windows\System\tLzaduh.exe

Filesize
6.0MB

MD5
d82f2c251a8735c2b33e7f01541495ae

SHA1
7b193686aa4fcb0ed0adc343add9bf487d80d710

SHA256
3b4e8806d595fbcd6fe390dc1e601ffad8eaa51448d4b03f0d46ec11ca9fa84d

SHA512
d75cb9b60b6a8874c6966f1f42560f1aaf08eb0bda03ebde8b146b2051a3579d54884c021c3d2ddbedfaf01d889573acbac5cca871e5adee30750ae3774f4bdd

Download Submit
C:\Windows\System\vqVqzsW.exe

Filesize
6.0MB

MD5
c3b27033fdefb8c7d52bce895bc6e009

SHA1
d2b55b9680a999b8a357549dfe1e0b351148d922

SHA256
0f074fa9c4baa52cd076ea09a2a402bf066ccf51fc3c7b349ad04e0faa0cfc96

SHA512
8b4c7a070cf4664e3c85844ab40488cefe286bb0126617b5913fba56e0db358746b28d14f3e1c73eea15d5bbf40e998446c67f90a7c35432e52da363e1bd64b7

Download Submit
C:\Windows\System\wvyDssf.exe

Filesize
6.0MB

MD5
151225ca70ed79280a1a7b772b614694

SHA1
f1c7c53d96d97cfc8de1f629b3cb5d60d5d57140

SHA256
b73b8521d3c70ffc4cb97e8a3ccacbdb0160f3acecc972a8a2a20c9add7762d5

SHA512
09365f9a0869c145c835885485c536a6ceffedb5598c243809dc1914cf888701c38c41fbd94644eb18c87a6372e9c3dcd456563ca2db27f625b08d90cd9a85a9

Download Submit
C:\Windows\System\xNkHsrd.exe

Filesize
6.0MB

MD5
0f53efdf1d623c108e697488d1d5f816

SHA1
6d19dbce795ca75675127f67977e7739986f647a

SHA256
088ffdcaae613fb7e9db6941e761b9f0be122c6e0a654989fb85f7542fc08788

SHA512
1083b4c237859f891188002c3e2c0753a3f4e208857bdc9f874a1ec5c5a2ae91de9b87df77cfb164ba1cac0535c0fdc12ef43ab3927cec38dc42a1990c501c90

Download Submit
memory/388-1878-0x00007FF7810F0000-0x00007FF781444000-memory.dmp

Filesize
3.3MB

Download
memory/388-84-0x00007FF7810F0000-0x00007FF781444000-memory.dmp

Filesize
3.3MB

Download
memory/588-1907-0x00007FF75C200000-0x00007FF75C554000-memory.dmp

Filesize
3.3MB

Download
memory/588-387-0x00007FF75C200000-0x00007FF75C554000-memory.dmp

Filesize
3.3MB

Download
memory/860-75-0x00007FF7DCF10000-0x00007FF7DD264000-memory.dmp

Filesize
3.3MB

Download
memory/860-13-0x00007FF7DCF10000-0x00007FF7DD264000-memory.dmp

Filesize
3.3MB

Download
memory/860-1855-0x00007FF7DCF10000-0x00007FF7DD264000-memory.dmp

Filesize
3.3MB

Download
memory/1072-1877-0x00007FF65CE10000-0x00007FF65D164000-memory.dmp

Filesize
3.3MB

Download
memory/1072-77-0x00007FF65CE10000-0x00007FF65D164000-memory.dmp

Filesize
3.3MB

Download
memory/1072-524-0x00007FF65CE10000-0x00007FF65D164000-memory.dmp

Filesize
3.3MB

Download
memory/1100-1854-0x00007FF66A1C0000-0x00007FF66A514000-memory.dmp

Filesize
3.3MB

Download
memory/1100-8-0x00007FF66A1C0000-0x00007FF66A514000-memory.dmp

Filesize
3.3MB

Download
memory/1100-66-0x00007FF66A1C0000-0x00007FF66A514000-memory.dmp

Filesize
3.3MB

Download
memory/1112-38-0x00007FF6AA030000-0x00007FF6AA384000-memory.dmp

Filesize
3.3MB

Download
memory/1112-1862-0x00007FF6AA030000-0x00007FF6AA384000-memory.dmp

Filesize
3.3MB

Download
memory/1112-104-0x00007FF6AA030000-0x00007FF6AA384000-memory.dmp

Filesize
3.3MB

Download
memory/1380-408-0x00007FF77B5A0000-0x00007FF77B8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1380-1903-0x00007FF77B5A0000-0x00007FF77B8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1544-122-0x00007FF75CEF0000-0x00007FF75D244000-memory.dmp

Filesize
3.3MB

Download
memory/1544-1918-0x00007FF75CEF0000-0x00007FF75D244000-memory.dmp

Filesize
3.3MB

Download
memory/2348-400-0x00007FF69F600000-0x00007FF69F954000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1915-0x00007FF69F600000-0x00007FF69F954000-memory.dmp

Filesize
3.3MB

Download
memory/2544-135-0x00007FF6ABE80000-0x00007FF6AC1D4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-1897-0x00007FF6ABE80000-0x00007FF6AC1D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-648-0x00007FF743D00000-0x00007FF744054000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1885-0x00007FF743D00000-0x00007FF744054000-memory.dmp

Filesize
3.3MB

Download
memory/2820-90-0x00007FF743D00000-0x00007FF744054000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1892-0x00007FF7CE2B0000-0x00007FF7CE604000-memory.dmp

Filesize
3.3MB

Download
memory/2956-107-0x00007FF7CE2B0000-0x00007FF7CE604000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1-0x0000025DD5320000-0x0000025DD5330000-memory.dmp

Filesize
64KB

Download
memory/2964-0-0x00007FF776940000-0x00007FF776C94000-memory.dmp

Filesize
3.3MB

Download
memory/2964-62-0x00007FF776940000-0x00007FF776C94000-memory.dmp

Filesize
3.3MB

Download
memory/2980-404-0x00007FF61BEF0000-0x00007FF61C244000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1911-0x00007FF61BEF0000-0x00007FF61C244000-memory.dmp

Filesize
3.3MB

Download
memory/3092-1898-0x00007FF6DB5B0000-0x00007FF6DB904000-memory.dmp

Filesize
3.3MB

Download
memory/3092-395-0x00007FF6DB5B0000-0x00007FF6DB904000-memory.dmp

Filesize
3.3MB

Download
memory/3128-1902-0x00007FF6355E0000-0x00007FF635934000-memory.dmp

Filesize
3.3MB

Download
memory/3128-409-0x00007FF6355E0000-0x00007FF635934000-memory.dmp

Filesize
3.3MB

Download
memory/3148-133-0x00007FF68F8B0000-0x00007FF68FC04000-memory.dmp

Filesize
3.3MB

Download
memory/3148-1917-0x00007FF68F8B0000-0x00007FF68FC04000-memory.dmp

Filesize
3.3MB

Download
memory/3204-70-0x00007FF604350000-0x00007FF6046A4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-1875-0x00007FF604350000-0x00007FF6046A4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-460-0x00007FF604350000-0x00007FF6046A4000-memory.dmp

Filesize
3.3MB

Download
memory/3276-1872-0x00007FF7F7440000-0x00007FF7F7794000-memory.dmp

Filesize
3.3MB

Download
memory/3276-63-0x00007FF7F7440000-0x00007FF7F7794000-memory.dmp

Filesize
3.3MB

Download
memory/3288-109-0x00007FF655860000-0x00007FF655BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3288-1873-0x00007FF655860000-0x00007FF655BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3288-44-0x00007FF655860000-0x00007FF655BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-406-0x00007FF76B1A0000-0x00007FF76B4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-1910-0x00007FF76B1A0000-0x00007FF76B4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3504-1870-0x00007FF7D37E0000-0x00007FF7D3B34000-memory.dmp

Filesize
3.3MB

Download
memory/3504-50-0x00007FF7D37E0000-0x00007FF7D3B34000-memory.dmp

Filesize
3.3MB

Download
memory/4044-1916-0x00007FF60DEB0000-0x00007FF60E204000-memory.dmp

Filesize
3.3MB

Download
memory/4044-398-0x00007FF60DEB0000-0x00007FF60E204000-memory.dmp

Filesize
3.3MB

Download
memory/4072-1856-0x00007FF623240000-0x00007FF623594000-memory.dmp

Filesize
3.3MB

Download
memory/4072-20-0x00007FF623240000-0x00007FF623594000-memory.dmp

Filesize
3.3MB

Download
memory/4072-83-0x00007FF623240000-0x00007FF623594000-memory.dmp

Filesize
3.3MB

Download
memory/4436-89-0x00007FF710C60000-0x00007FF710FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-1860-0x00007FF710C60000-0x00007FF710FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-25-0x00007FF710C60000-0x00007FF710FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-1901-0x00007FF68F1A0000-0x00007FF68F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-389-0x00007FF68F1A0000-0x00007FF68F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4888-1861-0x00007FF6C1CD0000-0x00007FF6C2024000-memory.dmp

Filesize
3.3MB

Download
memory/4888-31-0x00007FF6C1CD0000-0x00007FF6C2024000-memory.dmp

Filesize
3.3MB

Download
memory/4888-97-0x00007FF6C1CD0000-0x00007FF6C2024000-memory.dmp

Filesize
3.3MB

Download
memory/4908-56-0x00007FF794770000-0x00007FF794AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4908-1871-0x00007FF794770000-0x00007FF794AC4000-memory.dmp

Filesize
3.3MB

Download
memory/5052-1891-0x00007FF6B0FE0000-0x00007FF6B1334000-memory.dmp

Filesize
3.3MB

Download
memory/5052-103-0x00007FF6B0FE0000-0x00007FF6B1334000-memory.dmp

Filesize
3.3MB

Download
memory/5112-1906-0x00007FF624B80000-0x00007FF624ED4000-memory.dmp

Filesize
3.3MB

Download
memory/5112-388-0x00007FF624B80000-0x00007FF624ED4000-memory.dmp

Filesize
3.3MB

Download