cobaltstrike | db5f4cf8bcb96363152472d7620df23774047522af243fb3036b695cac83dc85

Analysis

max time kernel
131s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d7863584b9702297d9a3ecea38849fea
SHA1

5ddc11fd379043be80397ea34d7ff26adbad48e2
SHA256

db5f4cf8bcb96363152472d7620df23774047522af243fb3036b695cac83dc85
SHA512

1c422779c7732ae950618da53a5c43fbb9c4c87608b46e2ad1cf45587e46362b3e0a31d3381921c09d761eeff58d34777c216e46b6426f72cb7458ac09dd0b42
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001870f-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018712-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191dc-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019244-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019259-51.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001925d-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019266-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ba-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963a-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019702-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c51-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019994-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196bf-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967e-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019628-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019626-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e5-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a6-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019524-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001951c-84.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001924a-42.dat	cobalt_reflective_dll
behavioral1/files/0x002d000000018681-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1760-0-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/memory/2576-8-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x000800000001870f-9.dat	xmrig
behavioral1/memory/2684-14-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0007000000018712-11.dat	xmrig
behavioral1/memory/2428-20-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/1760-12-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00070000000191dc-23.dat	xmrig
behavioral1/memory/2444-28-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1760-30-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0006000000019244-38.dat	xmrig
behavioral1/files/0x0006000000019259-51.dat	xmrig
behavioral1/memory/1760-49-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2920-53-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2496-57-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2684-45-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000800000001925d-59.dat	xmrig
behavioral1/files/0x0007000000019266-69.dat	xmrig
behavioral1/memory/2764-71-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ba-74.dat	xmrig
behavioral1/files/0x0005000000019620-122.dat	xmrig
behavioral1/files/0x000500000001963a-159.dat	xmrig
behavioral1/files/0x0005000000019702-174.dat	xmrig
behavioral1/memory/2764-197-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2728-229-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/752-707-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/1520-567-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1760-566-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c53-194.dat	xmrig
behavioral1/files/0x0005000000019c51-190.dat	xmrig
behavioral1/files/0x0005000000019c50-185.dat	xmrig
behavioral1/files/0x0005000000019994-179.dat	xmrig
behavioral1/files/0x00050000000196bf-169.dat	xmrig
behavioral1/files/0x000500000001967e-164.dat	xmrig
behavioral1/files/0x0005000000019628-150.dat	xmrig
behavioral1/files/0x000500000001962a-154.dat	xmrig
behavioral1/files/0x0005000000019624-140.dat	xmrig
behavioral1/files/0x0005000000019626-144.dat	xmrig
behavioral1/files/0x0005000000019622-134.dat	xmrig
behavioral1/files/0x0005000000019621-130.dat	xmrig
behavioral1/files/0x000500000001961e-119.dat	xmrig
behavioral1/files/0x000500000001961c-115.dat	xmrig
behavioral1/files/0x00050000000195e5-109.dat	xmrig
behavioral1/memory/1320-104-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/752-103-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2496-95-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/1520-94-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00050000000195a6-100.dat	xmrig
behavioral1/files/0x0005000000019524-92.dat	xmrig
behavioral1/memory/2164-88-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000500000001951c-84.dat	xmrig
behavioral1/memory/1760-79-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2728-78-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2424-77-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2592-70-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/1320-65-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2444-64-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000600000001924a-42.dat	xmrig
behavioral1/memory/2592-35-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x002d000000018681-34.dat	xmrig
behavioral1/memory/2428-52-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2424-41-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2576-3001-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2576	udYDrhi.exe
2684	ZWxWCJL.exe
2428	xQdqNtf.exe
2444	ceoeEVX.exe
2592	NtXkQqd.exe
2424	CscELpG.exe
2920	bwnknmM.exe
2496	PNEOAXA.exe
1320	TGiZCkA.exe
2764	tPrgmWR.exe
2728	gLbZxth.exe
2164	lhHLCKy.exe
1520	BpCWlGE.exe
752	XmrBQrR.exe
2316	eIyhXxk.exe
1932	daSFHOn.exe
2480	xWXRxaE.exe
1296	PPbSeqS.exe
884	BPiTAMy.exe
1784	cKdcZIx.exe
2080	FbfuQAI.exe
2300	vsZlHyV.exe
844	YnrDXpl.exe
2400	gTZAirI.exe
2060	TOBzIKA.exe
3064	chTYtXH.exe
1088	DddwcMV.exe
2964	aPMdKsd.exe
1960	ivxDeIN.exe
1376	hlnuhAg.exe
2652	pTNmSJZ.exe
1672	VgkccOE.exe
1536	iSQqzFY.exe
1360	LdEPMqd.exe
2952	NbpsRJB.exe
628	ZtaMqso.exe
320	njpeUXm.exe
2260	UHYLyLO.exe
2272	oLTWxFW.exe
2368	mupHWbX.exe
1304	CeHbVfZ.exe
2384	TWUGPsy.exe
2156	elKHySd.exe
1348	ntBsSfR.exe
2840	kjbzDdv.exe
892	ybBiVQN.exe
1736	QuAmeQG.exe
2324	qPDOYRD.exe
1512	zDadgip.exe
1040	ZLBIfhX.exe
2564	SIWurkA.exe
1592	EFOtgNF.exe
2628	vGtUsBc.exe
2616	uaTgWIg.exe
1704	ZUfRLUT.exe
2584	nNRkzdS.exe
616	YwpoIsI.exe
2220	PmPZhOf.exe
2732	eVzOrKo.exe
2800	dFJzjkn.exe
1824	lWsxTVn.exe
1924	ThJlwtF.exe
1640	tAZYgNR.exe
1048	UoRVFSb.exe

Loads dropped DLL 64 IoCs

pid	Process
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1760-0-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/memory/2576-8-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x000800000001870f-9.dat	upx
behavioral1/memory/2684-14-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0007000000018712-11.dat	upx
behavioral1/memory/2428-20-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/1760-12-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00070000000191dc-23.dat	upx
behavioral1/memory/2444-28-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/1760-30-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0006000000019244-38.dat	upx
behavioral1/files/0x0006000000019259-51.dat	upx
behavioral1/memory/2920-53-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2496-57-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2684-45-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000800000001925d-59.dat	upx
behavioral1/files/0x0007000000019266-69.dat	upx
behavioral1/memory/2764-71-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x00050000000194ba-74.dat	upx
behavioral1/files/0x0005000000019620-122.dat	upx
behavioral1/files/0x000500000001963a-159.dat	upx
behavioral1/files/0x0005000000019702-174.dat	upx
behavioral1/memory/2764-197-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2728-229-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/752-707-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/1520-567-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0005000000019c53-194.dat	upx
behavioral1/files/0x0005000000019c51-190.dat	upx
behavioral1/files/0x0005000000019c50-185.dat	upx
behavioral1/files/0x0005000000019994-179.dat	upx
behavioral1/files/0x00050000000196bf-169.dat	upx
behavioral1/files/0x000500000001967e-164.dat	upx
behavioral1/files/0x0005000000019628-150.dat	upx
behavioral1/files/0x000500000001962a-154.dat	upx
behavioral1/files/0x0005000000019624-140.dat	upx
behavioral1/files/0x0005000000019626-144.dat	upx
behavioral1/files/0x0005000000019622-134.dat	upx
behavioral1/files/0x0005000000019621-130.dat	upx
behavioral1/files/0x000500000001961e-119.dat	upx
behavioral1/files/0x000500000001961c-115.dat	upx
behavioral1/files/0x00050000000195e5-109.dat	upx
behavioral1/memory/1320-104-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/752-103-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2496-95-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/1520-94-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00050000000195a6-100.dat	upx
behavioral1/files/0x0005000000019524-92.dat	upx
behavioral1/memory/2164-88-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000500000001951c-84.dat	upx
behavioral1/memory/2728-78-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2424-77-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2592-70-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/1320-65-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2444-64-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000600000001924a-42.dat	upx
behavioral1/memory/2592-35-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x002d000000018681-34.dat	upx
behavioral1/memory/2428-52-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2424-41-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2576-3001-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2684-3049-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2428-3059-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2444-3186-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ahczsJH.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\daudYBE.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfGwpQa.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYZuagZ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsRMhvI.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rASJIrZ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjiPVLz.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBnjnNz.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlxTtkN.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VftNyxY.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbuptqH.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnXSpDu.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXLzfZW.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owfucNA.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfWokEZ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYPMdQD.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDRWwju.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRPyjFy.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BChOkTW.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvfGHke.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYgRJFE.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdqcaZU.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsBmEJk.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIfJmBa.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNwkHQB.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjEHREm.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHkQpjD.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXGzQDG.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsDtMkx.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zriwxcq.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjPZOQy.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIQtUGr.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYUmACa.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDcGOzQ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDJgqWl.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQQaysY.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJRxmmA.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgkccOE.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGTxtaR.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wstTWLu.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQPeqjL.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFnBDfr.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgtXESF.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJjkHGT.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbFVghh.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBZQKuQ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCWAcuK.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjGHpeg.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvrhRiJ.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuJiKwG.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrrTmea.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLSiRVu.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSzrOra.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udYDrhi.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udNTMnV.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaUwIkL.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrxskgX.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbtEAuh.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqreuVP.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjjduxR.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vprQpbT.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuhuQaj.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPvTcPU.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvKruBR.exe	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2576	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1760 wrote to memory of 2576	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1760 wrote to memory of 2576	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1760 wrote to memory of 2684	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1760 wrote to memory of 2684	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1760 wrote to memory of 2684	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1760 wrote to memory of 2428	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1760 wrote to memory of 2428	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1760 wrote to memory of 2428	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1760 wrote to memory of 2444	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1760 wrote to memory of 2444	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1760 wrote to memory of 2444	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1760 wrote to memory of 2592	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1760 wrote to memory of 2592	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1760 wrote to memory of 2592	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1760 wrote to memory of 2424	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1760 wrote to memory of 2424	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1760 wrote to memory of 2424	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1760 wrote to memory of 2496	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1760 wrote to memory of 2496	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1760 wrote to memory of 2496	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1760 wrote to memory of 2920	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1760 wrote to memory of 2920	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1760 wrote to memory of 2920	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1760 wrote to memory of 1320	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1760 wrote to memory of 1320	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1760 wrote to memory of 1320	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1760 wrote to memory of 2764	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1760 wrote to memory of 2764	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1760 wrote to memory of 2764	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1760 wrote to memory of 2728	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1760 wrote to memory of 2728	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1760 wrote to memory of 2728	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1760 wrote to memory of 2164	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1760 wrote to memory of 2164	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1760 wrote to memory of 2164	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1760 wrote to memory of 1520	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1760 wrote to memory of 1520	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1760 wrote to memory of 1520	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1760 wrote to memory of 752	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1760 wrote to memory of 752	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1760 wrote to memory of 752	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1760 wrote to memory of 2316	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1760 wrote to memory of 2316	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1760 wrote to memory of 2316	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1760 wrote to memory of 1932	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1760 wrote to memory of 1932	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1760 wrote to memory of 1932	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1760 wrote to memory of 2480	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1760 wrote to memory of 2480	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1760 wrote to memory of 2480	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1760 wrote to memory of 1296	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1760 wrote to memory of 1296	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1760 wrote to memory of 1296	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1760 wrote to memory of 884	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1760 wrote to memory of 884	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1760 wrote to memory of 884	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1760 wrote to memory of 1784	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1760 wrote to memory of 1784	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1760 wrote to memory of 1784	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1760 wrote to memory of 2080	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1760 wrote to memory of 2080	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1760 wrote to memory of 2080	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1760 wrote to memory of 2300	1760	2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_d7863584b9702297d9a3ecea38849fea_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\System\udYDrhi.exe
  C:\Windows\System\udYDrhi.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ZWxWCJL.exe
  C:\Windows\System\ZWxWCJL.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\xQdqNtf.exe
  C:\Windows\System\xQdqNtf.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ceoeEVX.exe
  C:\Windows\System\ceoeEVX.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\NtXkQqd.exe
  C:\Windows\System\NtXkQqd.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\CscELpG.exe
  C:\Windows\System\CscELpG.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\PNEOAXA.exe
  C:\Windows\System\PNEOAXA.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\bwnknmM.exe
  C:\Windows\System\bwnknmM.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\TGiZCkA.exe
  C:\Windows\System\TGiZCkA.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\tPrgmWR.exe
  C:\Windows\System\tPrgmWR.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\gLbZxth.exe
  C:\Windows\System\gLbZxth.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\lhHLCKy.exe
  C:\Windows\System\lhHLCKy.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\BpCWlGE.exe
  C:\Windows\System\BpCWlGE.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\XmrBQrR.exe
  C:\Windows\System\XmrBQrR.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\eIyhXxk.exe
  C:\Windows\System\eIyhXxk.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\daSFHOn.exe
  C:\Windows\System\daSFHOn.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\xWXRxaE.exe
  C:\Windows\System\xWXRxaE.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\PPbSeqS.exe
  C:\Windows\System\PPbSeqS.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\BPiTAMy.exe
  C:\Windows\System\BPiTAMy.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\cKdcZIx.exe
  C:\Windows\System\cKdcZIx.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\FbfuQAI.exe
  C:\Windows\System\FbfuQAI.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\vsZlHyV.exe
  C:\Windows\System\vsZlHyV.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\YnrDXpl.exe
  C:\Windows\System\YnrDXpl.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\gTZAirI.exe
  C:\Windows\System\gTZAirI.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\TOBzIKA.exe
  C:\Windows\System\TOBzIKA.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\chTYtXH.exe
  C:\Windows\System\chTYtXH.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\DddwcMV.exe
  C:\Windows\System\DddwcMV.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\aPMdKsd.exe
  C:\Windows\System\aPMdKsd.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\ivxDeIN.exe
  C:\Windows\System\ivxDeIN.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\hlnuhAg.exe
  C:\Windows\System\hlnuhAg.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\pTNmSJZ.exe
  C:\Windows\System\pTNmSJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\VgkccOE.exe
  C:\Windows\System\VgkccOE.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\iSQqzFY.exe
  C:\Windows\System\iSQqzFY.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\LdEPMqd.exe
  C:\Windows\System\LdEPMqd.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\NbpsRJB.exe
  C:\Windows\System\NbpsRJB.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\ZtaMqso.exe
  C:\Windows\System\ZtaMqso.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\njpeUXm.exe
  C:\Windows\System\njpeUXm.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\UHYLyLO.exe
  C:\Windows\System\UHYLyLO.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\oLTWxFW.exe
  C:\Windows\System\oLTWxFW.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\mupHWbX.exe
  C:\Windows\System\mupHWbX.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\CeHbVfZ.exe
  C:\Windows\System\CeHbVfZ.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\TWUGPsy.exe
  C:\Windows\System\TWUGPsy.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\elKHySd.exe
  C:\Windows\System\elKHySd.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\ntBsSfR.exe
  C:\Windows\System\ntBsSfR.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\kjbzDdv.exe
  C:\Windows\System\kjbzDdv.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\ybBiVQN.exe
  C:\Windows\System\ybBiVQN.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\QuAmeQG.exe
  C:\Windows\System\QuAmeQG.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\qPDOYRD.exe
  C:\Windows\System\qPDOYRD.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\zDadgip.exe
  C:\Windows\System\zDadgip.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\ZLBIfhX.exe
  C:\Windows\System\ZLBIfhX.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\SIWurkA.exe
  C:\Windows\System\SIWurkA.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\EFOtgNF.exe
  C:\Windows\System\EFOtgNF.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\vGtUsBc.exe
  C:\Windows\System\vGtUsBc.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\uaTgWIg.exe
  C:\Windows\System\uaTgWIg.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ZUfRLUT.exe
  C:\Windows\System\ZUfRLUT.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\nNRkzdS.exe
  C:\Windows\System\nNRkzdS.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\YwpoIsI.exe
  C:\Windows\System\YwpoIsI.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\PmPZhOf.exe
  C:\Windows\System\PmPZhOf.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\eVzOrKo.exe
  C:\Windows\System\eVzOrKo.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\dFJzjkn.exe
  C:\Windows\System\dFJzjkn.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\lWsxTVn.exe
  C:\Windows\System\lWsxTVn.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\ThJlwtF.exe
  C:\Windows\System\ThJlwtF.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\tAZYgNR.exe
  C:\Windows\System\tAZYgNR.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\UoRVFSb.exe
  C:\Windows\System\UoRVFSb.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\OfGUvek.exe
  C:\Windows\System\OfGUvek.exe
  2⤵
  PID:1828
- C:\Windows\System\RXwTQbh.exe
  C:\Windows\System\RXwTQbh.exe
  2⤵
  PID:2092
- C:\Windows\System\aRHwKfd.exe
  C:\Windows\System\aRHwKfd.exe
  2⤵
  PID:2328
- C:\Windows\System\arFyUZG.exe
  C:\Windows\System\arFyUZG.exe
  2⤵
  PID:2776
- C:\Windows\System\QqISpzj.exe
  C:\Windows\System\QqISpzj.exe
  2⤵
  PID:408
- C:\Windows\System\GVNdquk.exe
  C:\Windows\System\GVNdquk.exe
  2⤵
  PID:2936
- C:\Windows\System\MSHtVEc.exe
  C:\Windows\System\MSHtVEc.exe
  2⤵
  PID:952
- C:\Windows\System\rgWPsDQ.exe
  C:\Windows\System\rgWPsDQ.exe
  2⤵
  PID:912
- C:\Windows\System\PjOlPJZ.exe
  C:\Windows\System\PjOlPJZ.exe
  2⤵
  PID:1084
- C:\Windows\System\aTtnXVe.exe
  C:\Windows\System\aTtnXVe.exe
  2⤵
  PID:1780
- C:\Windows\System\sPpXsjr.exe
  C:\Windows\System\sPpXsjr.exe
  2⤵
  PID:596
- C:\Windows\System\EIDxqdB.exe
  C:\Windows\System\EIDxqdB.exe
  2⤵
  PID:2372
- C:\Windows\System\xkSzuJF.exe
  C:\Windows\System\xkSzuJF.exe
  2⤵
  PID:2304
- C:\Windows\System\ltdXELl.exe
  C:\Windows\System\ltdXELl.exe
  2⤵
  PID:2152
- C:\Windows\System\AhpUorP.exe
  C:\Windows\System\AhpUorP.exe
  2⤵
  PID:2380
- C:\Windows\System\CKjLjZx.exe
  C:\Windows\System\CKjLjZx.exe
  2⤵
  PID:1800
- C:\Windows\System\npgDKaV.exe
  C:\Windows\System\npgDKaV.exe
  2⤵
  PID:768
- C:\Windows\System\JnuGGKo.exe
  C:\Windows\System\JnuGGKo.exe
  2⤵
  PID:1616
- C:\Windows\System\GNSChOh.exe
  C:\Windows\System\GNSChOh.exe
  2⤵
  PID:2340
- C:\Windows\System\VGeDNuV.exe
  C:\Windows\System\VGeDNuV.exe
  2⤵
  PID:1696
- C:\Windows\System\MrCyrFk.exe
  C:\Windows\System\MrCyrFk.exe
  2⤵
  PID:2296
- C:\Windows\System\TuhuQaj.exe
  C:\Windows\System\TuhuQaj.exe
  2⤵
  PID:2664
- C:\Windows\System\sCZYziw.exe
  C:\Windows\System\sCZYziw.exe
  2⤵
  PID:1540
- C:\Windows\System\yuLGppP.exe
  C:\Windows\System\yuLGppP.exe
  2⤵
  PID:2476
- C:\Windows\System\JglEkyw.exe
  C:\Windows\System\JglEkyw.exe
  2⤵
  PID:2508
- C:\Windows\System\UFUzVtU.exe
  C:\Windows\System\UFUzVtU.exe
  2⤵
  PID:1920
- C:\Windows\System\etjrhcT.exe
  C:\Windows\System\etjrhcT.exe
  2⤵
  PID:2224
- C:\Windows\System\fksNtXf.exe
  C:\Windows\System\fksNtXf.exe
  2⤵
  PID:2140
- C:\Windows\System\QtXYesN.exe
  C:\Windows\System\QtXYesN.exe
  2⤵
  PID:1652
- C:\Windows\System\ERAyMTg.exe
  C:\Windows\System\ERAyMTg.exe
  2⤵
  PID:2404
- C:\Windows\System\xpfyMXE.exe
  C:\Windows\System\xpfyMXE.exe
  2⤵
  PID:2536
- C:\Windows\System\zivQSVg.exe
  C:\Windows\System\zivQSVg.exe
  2⤵
  PID:908
- C:\Windows\System\TwdeUeC.exe
  C:\Windows\System\TwdeUeC.exe
  2⤵
  PID:2104
- C:\Windows\System\jCHBARQ.exe
  C:\Windows\System\jCHBARQ.exe
  2⤵
  PID:1528
- C:\Windows\System\rtfrMUL.exe
  C:\Windows\System\rtfrMUL.exe
  2⤵
  PID:1772
- C:\Windows\System\rpaEoVv.exe
  C:\Windows\System\rpaEoVv.exe
  2⤵
  PID:3012
- C:\Windows\System\AbcKeqf.exe
  C:\Windows\System\AbcKeqf.exe
  2⤵
  PID:2500
- C:\Windows\System\vjIXfcl.exe
  C:\Windows\System\vjIXfcl.exe
  2⤵
  PID:2352
- C:\Windows\System\QpnPdBb.exe
  C:\Windows\System\QpnPdBb.exe
  2⤵
  PID:2024
- C:\Windows\System\PhXXSdE.exe
  C:\Windows\System\PhXXSdE.exe
  2⤵
  PID:2888
- C:\Windows\System\IoMDSJA.exe
  C:\Windows\System\IoMDSJA.exe
  2⤵
  PID:3092
- C:\Windows\System\rIYrZmx.exe
  C:\Windows\System\rIYrZmx.exe
  2⤵
  PID:3112
- C:\Windows\System\ZfiFVLd.exe
  C:\Windows\System\ZfiFVLd.exe
  2⤵
  PID:3132
- C:\Windows\System\QVucBNm.exe
  C:\Windows\System\QVucBNm.exe
  2⤵
  PID:3152
- C:\Windows\System\KXepLFt.exe
  C:\Windows\System\KXepLFt.exe
  2⤵
  PID:3172
- C:\Windows\System\aLfNQVz.exe
  C:\Windows\System\aLfNQVz.exe
  2⤵
  PID:3192
- C:\Windows\System\POOoAiV.exe
  C:\Windows\System\POOoAiV.exe
  2⤵
  PID:3212
- C:\Windows\System\PJBrkuc.exe
  C:\Windows\System\PJBrkuc.exe
  2⤵
  PID:3232
- C:\Windows\System\thFnXbG.exe
  C:\Windows\System\thFnXbG.exe
  2⤵
  PID:3252
- C:\Windows\System\LGTxtaR.exe
  C:\Windows\System\LGTxtaR.exe
  2⤵
  PID:3272
- C:\Windows\System\EXtOHWP.exe
  C:\Windows\System\EXtOHWP.exe
  2⤵
  PID:3292
- C:\Windows\System\hcibKPR.exe
  C:\Windows\System\hcibKPR.exe
  2⤵
  PID:3312
- C:\Windows\System\qAGfjZD.exe
  C:\Windows\System\qAGfjZD.exe
  2⤵
  PID:3332
- C:\Windows\System\ToKVwQG.exe
  C:\Windows\System\ToKVwQG.exe
  2⤵
  PID:3352
- C:\Windows\System\XcuvSXA.exe
  C:\Windows\System\XcuvSXA.exe
  2⤵
  PID:3372
- C:\Windows\System\aYHPFsn.exe
  C:\Windows\System\aYHPFsn.exe
  2⤵
  PID:3392
- C:\Windows\System\kXirwya.exe
  C:\Windows\System\kXirwya.exe
  2⤵
  PID:3412
- C:\Windows\System\WYqnyTL.exe
  C:\Windows\System\WYqnyTL.exe
  2⤵
  PID:3432
- C:\Windows\System\oAaItdR.exe
  C:\Windows\System\oAaItdR.exe
  2⤵
  PID:3452
- C:\Windows\System\ZPSYxZf.exe
  C:\Windows\System\ZPSYxZf.exe
  2⤵
  PID:3472
- C:\Windows\System\JtjnNWc.exe
  C:\Windows\System\JtjnNWc.exe
  2⤵
  PID:3492
- C:\Windows\System\VuXOHSX.exe
  C:\Windows\System\VuXOHSX.exe
  2⤵
  PID:3508
- C:\Windows\System\lNOMsGI.exe
  C:\Windows\System\lNOMsGI.exe
  2⤵
  PID:3532
- C:\Windows\System\NRRkLof.exe
  C:\Windows\System\NRRkLof.exe
  2⤵
  PID:3556
- C:\Windows\System\QUWghoa.exe
  C:\Windows\System\QUWghoa.exe
  2⤵
  PID:3576
- C:\Windows\System\rUvuekJ.exe
  C:\Windows\System\rUvuekJ.exe
  2⤵
  PID:3596
- C:\Windows\System\RmRDnqI.exe
  C:\Windows\System\RmRDnqI.exe
  2⤵
  PID:3616
- C:\Windows\System\FjklgiR.exe
  C:\Windows\System\FjklgiR.exe
  2⤵
  PID:3636
- C:\Windows\System\FAFwXlT.exe
  C:\Windows\System\FAFwXlT.exe
  2⤵
  PID:3656
- C:\Windows\System\FJPpFHr.exe
  C:\Windows\System\FJPpFHr.exe
  2⤵
  PID:3676
- C:\Windows\System\qyrvpGz.exe
  C:\Windows\System\qyrvpGz.exe
  2⤵
  PID:3696
- C:\Windows\System\ivozqNx.exe
  C:\Windows\System\ivozqNx.exe
  2⤵
  PID:3716
- C:\Windows\System\DuwvzZJ.exe
  C:\Windows\System\DuwvzZJ.exe
  2⤵
  PID:3736
- C:\Windows\System\KzabJak.exe
  C:\Windows\System\KzabJak.exe
  2⤵
  PID:3756
- C:\Windows\System\zHjbHuC.exe
  C:\Windows\System\zHjbHuC.exe
  2⤵
  PID:3776
- C:\Windows\System\vFBOpZA.exe
  C:\Windows\System\vFBOpZA.exe
  2⤵
  PID:3796
- C:\Windows\System\ActKxWj.exe
  C:\Windows\System\ActKxWj.exe
  2⤵
  PID:3816
- C:\Windows\System\ryAwvWQ.exe
  C:\Windows\System\ryAwvWQ.exe
  2⤵
  PID:3836
- C:\Windows\System\LYivvVP.exe
  C:\Windows\System\LYivvVP.exe
  2⤵
  PID:3856
- C:\Windows\System\RTPikhB.exe
  C:\Windows\System\RTPikhB.exe
  2⤵
  PID:3876
- C:\Windows\System\dWSYOrW.exe
  C:\Windows\System\dWSYOrW.exe
  2⤵
  PID:3896
- C:\Windows\System\laYYfMf.exe
  C:\Windows\System\laYYfMf.exe
  2⤵
  PID:3916
- C:\Windows\System\FogmnNW.exe
  C:\Windows\System\FogmnNW.exe
  2⤵
  PID:3936
- C:\Windows\System\TAJRVwJ.exe
  C:\Windows\System\TAJRVwJ.exe
  2⤵
  PID:3956
- C:\Windows\System\Nzxzura.exe
  C:\Windows\System\Nzxzura.exe
  2⤵
  PID:3976
- C:\Windows\System\MiKfQqR.exe
  C:\Windows\System\MiKfQqR.exe
  2⤵
  PID:3996
- C:\Windows\System\YfOkSbr.exe
  C:\Windows\System\YfOkSbr.exe
  2⤵
  PID:4016
- C:\Windows\System\WYgRJFE.exe
  C:\Windows\System\WYgRJFE.exe
  2⤵
  PID:4036
- C:\Windows\System\bcvQTvs.exe
  C:\Windows\System\bcvQTvs.exe
  2⤵
  PID:4056
- C:\Windows\System\nVdorsb.exe
  C:\Windows\System\nVdorsb.exe
  2⤵
  PID:4076
- C:\Windows\System\npIjLDS.exe
  C:\Windows\System\npIjLDS.exe
  2⤵
  PID:2632
- C:\Windows\System\YTOwanq.exe
  C:\Windows\System\YTOwanq.exe
  2⤵
  PID:2692
- C:\Windows\System\cwiqnnD.exe
  C:\Windows\System\cwiqnnD.exe
  2⤵
  PID:1876
- C:\Windows\System\lbnBRWz.exe
  C:\Windows\System\lbnBRWz.exe
  2⤵
  PID:1708
- C:\Windows\System\pdCBJEe.exe
  C:\Windows\System\pdCBJEe.exe
  2⤵
  PID:2948
- C:\Windows\System\LQddInK.exe
  C:\Windows\System\LQddInK.exe
  2⤵
  PID:1064
- C:\Windows\System\EsUWcgY.exe
  C:\Windows\System\EsUWcgY.exe
  2⤵
  PID:2944
- C:\Windows\System\jfGoRXF.exe
  C:\Windows\System\jfGoRXF.exe
  2⤵
  PID:2460
- C:\Windows\System\QiJyMpX.exe
  C:\Windows\System\QiJyMpX.exe
  2⤵
  PID:1628
- C:\Windows\System\yMLXZON.exe
  C:\Windows\System\yMLXZON.exe
  2⤵
  PID:1864
- C:\Windows\System\ALCYATp.exe
  C:\Windows\System\ALCYATp.exe
  2⤵
  PID:2016
- C:\Windows\System\kqhmDRT.exe
  C:\Windows\System\kqhmDRT.exe
  2⤵
  PID:1588
- C:\Windows\System\YdgXEgc.exe
  C:\Windows\System\YdgXEgc.exe
  2⤵
  PID:3128
- C:\Windows\System\HxSTKYv.exe
  C:\Windows\System\HxSTKYv.exe
  2⤵
  PID:3140
- C:\Windows\System\vcDzpYO.exe
  C:\Windows\System\vcDzpYO.exe
  2⤵
  PID:3144
- C:\Windows\System\qOviAWW.exe
  C:\Windows\System\qOviAWW.exe
  2⤵
  PID:3208
- C:\Windows\System\DBRvQqz.exe
  C:\Windows\System\DBRvQqz.exe
  2⤵
  PID:3228
- C:\Windows\System\OrRaXWG.exe
  C:\Windows\System\OrRaXWG.exe
  2⤵
  PID:3280
- C:\Windows\System\KDtBckM.exe
  C:\Windows\System\KDtBckM.exe
  2⤵
  PID:3320
- C:\Windows\System\edQrCqR.exe
  C:\Windows\System\edQrCqR.exe
  2⤵
  PID:2824
- C:\Windows\System\SYdaBYk.exe
  C:\Windows\System\SYdaBYk.exe
  2⤵
  PID:3348
- C:\Windows\System\KfnkKCS.exe
  C:\Windows\System\KfnkKCS.exe
  2⤵
  PID:3380
- C:\Windows\System\UFDbEXX.exe
  C:\Windows\System\UFDbEXX.exe
  2⤵
  PID:3428
- C:\Windows\System\BCEnoBd.exe
  C:\Windows\System\BCEnoBd.exe
  2⤵
  PID:3480
- C:\Windows\System\YJwPHqB.exe
  C:\Windows\System\YJwPHqB.exe
  2⤵
  PID:3516
- C:\Windows\System\DWAdmBQ.exe
  C:\Windows\System\DWAdmBQ.exe
  2⤵
  PID:3520
- C:\Windows\System\GqyCLfw.exe
  C:\Windows\System\GqyCLfw.exe
  2⤵
  PID:3544
- C:\Windows\System\gfFeGUP.exe
  C:\Windows\System\gfFeGUP.exe
  2⤵
  PID:3592
- C:\Windows\System\VCbFvuh.exe
  C:\Windows\System\VCbFvuh.exe
  2⤵
  PID:3632
- C:\Windows\System\TfsWHid.exe
  C:\Windows\System\TfsWHid.exe
  2⤵
  PID:3692
- C:\Windows\System\RcMopZw.exe
  C:\Windows\System\RcMopZw.exe
  2⤵
  PID:3668
- C:\Windows\System\DqxxDJp.exe
  C:\Windows\System\DqxxDJp.exe
  2⤵
  PID:3712
- C:\Windows\System\xuuqDKn.exe
  C:\Windows\System\xuuqDKn.exe
  2⤵
  PID:3748
- C:\Windows\System\tHkQpjD.exe
  C:\Windows\System\tHkQpjD.exe
  2⤵
  PID:3804
- C:\Windows\System\SrRhUaf.exe
  C:\Windows\System\SrRhUaf.exe
  2⤵
  PID:3832
- C:\Windows\System\MGPiPEI.exe
  C:\Windows\System\MGPiPEI.exe
  2⤵
  PID:3864
- C:\Windows\System\RQkHGAy.exe
  C:\Windows\System\RQkHGAy.exe
  2⤵
  PID:3868
- C:\Windows\System\plVwJUQ.exe
  C:\Windows\System\plVwJUQ.exe
  2⤵
  PID:3912
- C:\Windows\System\tzQPemc.exe
  C:\Windows\System\tzQPemc.exe
  2⤵
  PID:3948
- C:\Windows\System\oxqJVHf.exe
  C:\Windows\System\oxqJVHf.exe
  2⤵
  PID:3988
- C:\Windows\System\MEirpAM.exe
  C:\Windows\System\MEirpAM.exe
  2⤵
  PID:4044
- C:\Windows\System\ghwkWPo.exe
  C:\Windows\System\ghwkWPo.exe
  2⤵
  PID:4084
- C:\Windows\System\gyVQWNQ.exe
  C:\Windows\System\gyVQWNQ.exe
  2⤵
  PID:4088
- C:\Windows\System\azAfdgF.exe
  C:\Windows\System\azAfdgF.exe
  2⤵
  PID:3004
- C:\Windows\System\wvaRnza.exe
  C:\Windows\System\wvaRnza.exe
  2⤵
  PID:560
- C:\Windows\System\HPjggOl.exe
  C:\Windows\System\HPjggOl.exe
  2⤵
  PID:496
- C:\Windows\System\wqgoJqB.exe
  C:\Windows\System\wqgoJqB.exe
  2⤵
  PID:484
- C:\Windows\System\kzPIUZs.exe
  C:\Windows\System\kzPIUZs.exe
  2⤵
  PID:3008
- C:\Windows\System\QcYwyES.exe
  C:\Windows\System\QcYwyES.exe
  2⤵
  PID:2568
- C:\Windows\System\bkpeaRy.exe
  C:\Windows\System\bkpeaRy.exe
  2⤵
  PID:3100
- C:\Windows\System\JIwWMyb.exe
  C:\Windows\System\JIwWMyb.exe
  2⤵
  PID:3104
- C:\Windows\System\ighIARY.exe
  C:\Windows\System\ighIARY.exe
  2⤵
  PID:3220
- C:\Windows\System\fOAItgu.exe
  C:\Windows\System\fOAItgu.exe
  2⤵
  PID:3288
- C:\Windows\System\oLbitMq.exe
  C:\Windows\System\oLbitMq.exe
  2⤵
  PID:3308
- C:\Windows\System\savcpPr.exe
  C:\Windows\System\savcpPr.exe
  2⤵
  PID:3400
- C:\Windows\System\relrcwU.exe
  C:\Windows\System\relrcwU.exe
  2⤵
  PID:3440
- C:\Windows\System\rPzMpeY.exe
  C:\Windows\System\rPzMpeY.exe
  2⤵
  PID:3464
- C:\Windows\System\KdOLeak.exe
  C:\Windows\System\KdOLeak.exe
  2⤵
  PID:3564
- C:\Windows\System\tjPZOQy.exe
  C:\Windows\System\tjPZOQy.exe
  2⤵
  PID:3628
- C:\Windows\System\eVsWimi.exe
  C:\Windows\System\eVsWimi.exe
  2⤵
  PID:2572
- C:\Windows\System\sGnXPMu.exe
  C:\Windows\System\sGnXPMu.exe
  2⤵
  PID:3724
- C:\Windows\System\FrZGGPX.exe
  C:\Windows\System\FrZGGPX.exe
  2⤵
  PID:3764
- C:\Windows\System\PDWTAIc.exe
  C:\Windows\System\PDWTAIc.exe
  2⤵
  PID:3824
- C:\Windows\System\kZmVNKj.exe
  C:\Windows\System\kZmVNKj.exe
  2⤵
  PID:3892
- C:\Windows\System\jmaxmPP.exe
  C:\Windows\System\jmaxmPP.exe
  2⤵
  PID:3932
- C:\Windows\System\azdGOno.exe
  C:\Windows\System\azdGOno.exe
  2⤵
  PID:3992
- C:\Windows\System\rnLtMAn.exe
  C:\Windows\System\rnLtMAn.exe
  2⤵
  PID:3788
- C:\Windows\System\qTLbhWD.exe
  C:\Windows\System\qTLbhWD.exe
  2⤵
  PID:4028
- C:\Windows\System\uTLMdaE.exe
  C:\Windows\System\uTLMdaE.exe
  2⤵
  PID:1372
- C:\Windows\System\GrrTmea.exe
  C:\Windows\System\GrrTmea.exe
  2⤵
  PID:2896
- C:\Windows\System\DmdhCdi.exe
  C:\Windows\System\DmdhCdi.exe
  2⤵
  PID:2332
- C:\Windows\System\lAEkenT.exe
  C:\Windows\System\lAEkenT.exe
  2⤵
  PID:3084
- C:\Windows\System\cMqjAQM.exe
  C:\Windows\System\cMqjAQM.exe
  2⤵
  PID:3268
- C:\Windows\System\KFOVAHY.exe
  C:\Windows\System\KFOVAHY.exe
  2⤵
  PID:3260
- C:\Windows\System\vnsyvbJ.exe
  C:\Windows\System\vnsyvbJ.exe
  2⤵
  PID:2880
- C:\Windows\System\BbcJZWB.exe
  C:\Windows\System\BbcJZWB.exe
  2⤵
  PID:3360
- C:\Windows\System\QQANaDc.exe
  C:\Windows\System\QQANaDc.exe
  2⤵
  PID:3460
- C:\Windows\System\KhAtaOT.exe
  C:\Windows\System\KhAtaOT.exe
  2⤵
  PID:3504
- C:\Windows\System\PekqzzU.exe
  C:\Windows\System\PekqzzU.exe
  2⤵
  PID:3624
- C:\Windows\System\wEqJbhl.exe
  C:\Windows\System\wEqJbhl.exe
  2⤵
  PID:3732
- C:\Windows\System\goEbYLb.exe
  C:\Windows\System\goEbYLb.exe
  2⤵
  PID:3844
- C:\Windows\System\AkCIooe.exe
  C:\Windows\System\AkCIooe.exe
  2⤵
  PID:4116
- C:\Windows\System\JTAdVAN.exe
  C:\Windows\System\JTAdVAN.exe
  2⤵
  PID:4136
- C:\Windows\System\TFexTMa.exe
  C:\Windows\System\TFexTMa.exe
  2⤵
  PID:4156
- C:\Windows\System\OhWrEPL.exe
  C:\Windows\System\OhWrEPL.exe
  2⤵
  PID:4176
- C:\Windows\System\bWRvLci.exe
  C:\Windows\System\bWRvLci.exe
  2⤵
  PID:4196
- C:\Windows\System\fYOzUEL.exe
  C:\Windows\System\fYOzUEL.exe
  2⤵
  PID:4216
- C:\Windows\System\MuyjrSb.exe
  C:\Windows\System\MuyjrSb.exe
  2⤵
  PID:4236
- C:\Windows\System\QEiRzNc.exe
  C:\Windows\System\QEiRzNc.exe
  2⤵
  PID:4256
- C:\Windows\System\OFvKtPg.exe
  C:\Windows\System\OFvKtPg.exe
  2⤵
  PID:4276
- C:\Windows\System\ykqfXPj.exe
  C:\Windows\System\ykqfXPj.exe
  2⤵
  PID:4296
- C:\Windows\System\iwvpZIs.exe
  C:\Windows\System\iwvpZIs.exe
  2⤵
  PID:4316
- C:\Windows\System\MaWuEVh.exe
  C:\Windows\System\MaWuEVh.exe
  2⤵
  PID:4336
- C:\Windows\System\gKBHydg.exe
  C:\Windows\System\gKBHydg.exe
  2⤵
  PID:4356
- C:\Windows\System\HUQpaMe.exe
  C:\Windows\System\HUQpaMe.exe
  2⤵
  PID:4376
- C:\Windows\System\QBwxKeg.exe
  C:\Windows\System\QBwxKeg.exe
  2⤵
  PID:4396
- C:\Windows\System\QZEWCuX.exe
  C:\Windows\System\QZEWCuX.exe
  2⤵
  PID:4416
- C:\Windows\System\hhYUNRX.exe
  C:\Windows\System\hhYUNRX.exe
  2⤵
  PID:4436
- C:\Windows\System\reGRnUf.exe
  C:\Windows\System\reGRnUf.exe
  2⤵
  PID:4456
- C:\Windows\System\fjwubxJ.exe
  C:\Windows\System\fjwubxJ.exe
  2⤵
  PID:4476
- C:\Windows\System\LdXdPJb.exe
  C:\Windows\System\LdXdPJb.exe
  2⤵
  PID:4496
- C:\Windows\System\TOVoEji.exe
  C:\Windows\System\TOVoEji.exe
  2⤵
  PID:4516
- C:\Windows\System\UMvyeHJ.exe
  C:\Windows\System\UMvyeHJ.exe
  2⤵
  PID:4536
- C:\Windows\System\vOQSpfe.exe
  C:\Windows\System\vOQSpfe.exe
  2⤵
  PID:4556
- C:\Windows\System\wCvVAUX.exe
  C:\Windows\System\wCvVAUX.exe
  2⤵
  PID:4580
- C:\Windows\System\cJOJjky.exe
  C:\Windows\System\cJOJjky.exe
  2⤵
  PID:4600
- C:\Windows\System\uZVNFAj.exe
  C:\Windows\System\uZVNFAj.exe
  2⤵
  PID:4620
- C:\Windows\System\zbuptqH.exe
  C:\Windows\System\zbuptqH.exe
  2⤵
  PID:4640
- C:\Windows\System\HfOpUsk.exe
  C:\Windows\System\HfOpUsk.exe
  2⤵
  PID:4660
- C:\Windows\System\TnwKLde.exe
  C:\Windows\System\TnwKLde.exe
  2⤵
  PID:4680
- C:\Windows\System\qyudfTF.exe
  C:\Windows\System\qyudfTF.exe
  2⤵
  PID:4700
- C:\Windows\System\hAbWMGG.exe
  C:\Windows\System\hAbWMGG.exe
  2⤵
  PID:4720
- C:\Windows\System\QMFeSEx.exe
  C:\Windows\System\QMFeSEx.exe
  2⤵
  PID:4740
- C:\Windows\System\kaTNydk.exe
  C:\Windows\System\kaTNydk.exe
  2⤵
  PID:4760
- C:\Windows\System\uMyzzLh.exe
  C:\Windows\System\uMyzzLh.exe
  2⤵
  PID:4780
- C:\Windows\System\ahczsJH.exe
  C:\Windows\System\ahczsJH.exe
  2⤵
  PID:4800
- C:\Windows\System\HBYpyeY.exe
  C:\Windows\System\HBYpyeY.exe
  2⤵
  PID:4820
- C:\Windows\System\lsirYBx.exe
  C:\Windows\System\lsirYBx.exe
  2⤵
  PID:4840
- C:\Windows\System\kTAviAP.exe
  C:\Windows\System\kTAviAP.exe
  2⤵
  PID:4860
- C:\Windows\System\syCfJnK.exe
  C:\Windows\System\syCfJnK.exe
  2⤵
  PID:4880
- C:\Windows\System\PtpSwys.exe
  C:\Windows\System\PtpSwys.exe
  2⤵
  PID:4900
- C:\Windows\System\xTcrrgP.exe
  C:\Windows\System\xTcrrgP.exe
  2⤵
  PID:4920
- C:\Windows\System\sssMmHn.exe
  C:\Windows\System\sssMmHn.exe
  2⤵
  PID:4940
- C:\Windows\System\wBhlbaa.exe
  C:\Windows\System\wBhlbaa.exe
  2⤵
  PID:4960
- C:\Windows\System\ZjnBbBw.exe
  C:\Windows\System\ZjnBbBw.exe
  2⤵
  PID:4980
- C:\Windows\System\HSaHzTX.exe
  C:\Windows\System\HSaHzTX.exe
  2⤵
  PID:5000
- C:\Windows\System\vDrVoNs.exe
  C:\Windows\System\vDrVoNs.exe
  2⤵
  PID:5020
- C:\Windows\System\IOavHyh.exe
  C:\Windows\System\IOavHyh.exe
  2⤵
  PID:5040
- C:\Windows\System\yDKnBeu.exe
  C:\Windows\System\yDKnBeu.exe
  2⤵
  PID:5060
- C:\Windows\System\VSeHZvi.exe
  C:\Windows\System\VSeHZvi.exe
  2⤵
  PID:5080
- C:\Windows\System\xWZtOrU.exe
  C:\Windows\System\xWZtOrU.exe
  2⤵
  PID:5100
- C:\Windows\System\YuafYhh.exe
  C:\Windows\System\YuafYhh.exe
  2⤵
  PID:3852
- C:\Windows\System\TfVJbDJ.exe
  C:\Windows\System\TfVJbDJ.exe
  2⤵
  PID:3952
- C:\Windows\System\YOgDyvL.exe
  C:\Windows\System\YOgDyvL.exe
  2⤵
  PID:4024
- C:\Windows\System\pyvjzLv.exe
  C:\Windows\System\pyvjzLv.exe
  2⤵
  PID:4064
- C:\Windows\System\ShSKgBv.exe
  C:\Windows\System\ShSKgBv.exe
  2⤵
  PID:880
- C:\Windows\System\CqPtFJg.exe
  C:\Windows\System\CqPtFJg.exe
  2⤵
  PID:3168
- C:\Windows\System\OUPCOoZ.exe
  C:\Windows\System\OUPCOoZ.exe
  2⤵
  PID:3188
- C:\Windows\System\pXaiXYL.exe
  C:\Windows\System\pXaiXYL.exe
  2⤵
  PID:2208
- C:\Windows\System\amxepvH.exe
  C:\Windows\System\amxepvH.exe
  2⤵
  PID:3488
- C:\Windows\System\msAfWSw.exe
  C:\Windows\System\msAfWSw.exe
  2⤵
  PID:3584
- C:\Windows\System\HBdgnit.exe
  C:\Windows\System\HBdgnit.exe
  2⤵
  PID:3792
- C:\Windows\System\niOowSZ.exe
  C:\Windows\System\niOowSZ.exe
  2⤵
  PID:4112
- C:\Windows\System\QKAmPRh.exe
  C:\Windows\System\QKAmPRh.exe
  2⤵
  PID:4144
- C:\Windows\System\XKLLxSY.exe
  C:\Windows\System\XKLLxSY.exe
  2⤵
  PID:4148
- C:\Windows\System\bGoBbeO.exe
  C:\Windows\System\bGoBbeO.exe
  2⤵
  PID:4192
- C:\Windows\System\XLeHffs.exe
  C:\Windows\System\XLeHffs.exe
  2⤵
  PID:4244
- C:\Windows\System\pLRuyde.exe
  C:\Windows\System\pLRuyde.exe
  2⤵
  PID:4264
- C:\Windows\System\XPVgyCR.exe
  C:\Windows\System\XPVgyCR.exe
  2⤵
  PID:4288
- C:\Windows\System\kpmuisw.exe
  C:\Windows\System\kpmuisw.exe
  2⤵
  PID:4332
- C:\Windows\System\PAuZjZf.exe
  C:\Windows\System\PAuZjZf.exe
  2⤵
  PID:4372
- C:\Windows\System\XLPrzGS.exe
  C:\Windows\System\XLPrzGS.exe
  2⤵
  PID:4388
- C:\Windows\System\SPoItmQ.exe
  C:\Windows\System\SPoItmQ.exe
  2⤵
  PID:4432
- C:\Windows\System\hWpCzFG.exe
  C:\Windows\System\hWpCzFG.exe
  2⤵
  PID:4464
- C:\Windows\System\wySZQRH.exe
  C:\Windows\System\wySZQRH.exe
  2⤵
  PID:4488
- C:\Windows\System\tESnsQE.exe
  C:\Windows\System\tESnsQE.exe
  2⤵
  PID:4532
- C:\Windows\System\komdnxF.exe
  C:\Windows\System\komdnxF.exe
  2⤵
  PID:4576
- C:\Windows\System\WpJRpSx.exe
  C:\Windows\System\WpJRpSx.exe
  2⤵
  PID:4596
- C:\Windows\System\xhudhzH.exe
  C:\Windows\System\xhudhzH.exe
  2⤵
  PID:4636
- C:\Windows\System\vHKWdlw.exe
  C:\Windows\System\vHKWdlw.exe
  2⤵
  PID:4652
- C:\Windows\System\aPfzKzc.exe
  C:\Windows\System\aPfzKzc.exe
  2⤵
  PID:4696
- C:\Windows\System\etmaCnH.exe
  C:\Windows\System\etmaCnH.exe
  2⤵
  PID:4728
- C:\Windows\System\aJLCPdt.exe
  C:\Windows\System\aJLCPdt.exe
  2⤵
  PID:4756
- C:\Windows\System\DrXshXu.exe
  C:\Windows\System\DrXshXu.exe
  2⤵
  PID:4808
- C:\Windows\System\YwgSHbh.exe
  C:\Windows\System\YwgSHbh.exe
  2⤵
  PID:4812
- C:\Windows\System\ozsesPq.exe
  C:\Windows\System\ozsesPq.exe
  2⤵
  PID:4832
- C:\Windows\System\jDwbEVi.exe
  C:\Windows\System\jDwbEVi.exe
  2⤵
  PID:4876
- C:\Windows\System\lruMNSe.exe
  C:\Windows\System\lruMNSe.exe
  2⤵
  PID:4916
- C:\Windows\System\EwgXoTf.exe
  C:\Windows\System\EwgXoTf.exe
  2⤵
  PID:4948
- C:\Windows\System\giCCiyT.exe
  C:\Windows\System\giCCiyT.exe
  2⤵
  PID:4972
- C:\Windows\System\TDsgdIo.exe
  C:\Windows\System\TDsgdIo.exe
  2⤵
  PID:4992
- C:\Windows\System\BNhPTbM.exe
  C:\Windows\System\BNhPTbM.exe
  2⤵
  PID:5048
- C:\Windows\System\voPJIqO.exe
  C:\Windows\System\voPJIqO.exe
  2⤵
  PID:5088
- C:\Windows\System\FzmxLuk.exe
  C:\Windows\System\FzmxLuk.exe
  2⤵
  PID:5116
- C:\Windows\System\VDgwKIw.exe
  C:\Windows\System\VDgwKIw.exe
  2⤵
  PID:4068
- C:\Windows\System\BonBQyR.exe
  C:\Windows\System\BonBQyR.exe
  2⤵
  PID:2972
- C:\Windows\System\PpdKPTc.exe
  C:\Windows\System\PpdKPTc.exe
  2⤵
  PID:3088
- C:\Windows\System\ZlejIlB.exe
  C:\Windows\System\ZlejIlB.exe
  2⤵
  PID:3164
- C:\Windows\System\sowxArY.exe
  C:\Windows\System\sowxArY.exe
  2⤵
  PID:3528
- C:\Windows\System\ucBlLkh.exe
  C:\Windows\System\ucBlLkh.exe
  2⤵
  PID:3664
- C:\Windows\System\obacltO.exe
  C:\Windows\System\obacltO.exe
  2⤵
  PID:4128
- C:\Windows\System\URxxuIu.exe
  C:\Windows\System\URxxuIu.exe
  2⤵
  PID:4168
- C:\Windows\System\YnclehX.exe
  C:\Windows\System\YnclehX.exe
  2⤵
  PID:4208
- C:\Windows\System\cXDkYXm.exe
  C:\Windows\System\cXDkYXm.exe
  2⤵
  PID:4292
- C:\Windows\System\ngKasUN.exe
  C:\Windows\System\ngKasUN.exe
  2⤵
  PID:4344
- C:\Windows\System\APcCeua.exe
  C:\Windows\System\APcCeua.exe
  2⤵
  PID:4384
- C:\Windows\System\ZcGRrFu.exe
  C:\Windows\System\ZcGRrFu.exe
  2⤵
  PID:4492
- C:\Windows\System\DkCbHum.exe
  C:\Windows\System\DkCbHum.exe
  2⤵
  PID:3604
- C:\Windows\System\PCcnZjO.exe
  C:\Windows\System\PCcnZjO.exe
  2⤵
  PID:4564
- C:\Windows\System\vdSuceJ.exe
  C:\Windows\System\vdSuceJ.exe
  2⤵
  PID:4568
- C:\Windows\System\zOlHWaz.exe
  C:\Windows\System\zOlHWaz.exe
  2⤵
  PID:4632
- C:\Windows\System\uWeaaUF.exe
  C:\Windows\System\uWeaaUF.exe
  2⤵
  PID:4672
- C:\Windows\System\TnXSpDu.exe
  C:\Windows\System\TnXSpDu.exe
  2⤵
  PID:4732
- C:\Windows\System\ZrkbuDT.exe
  C:\Windows\System\ZrkbuDT.exe
  2⤵
  PID:4816
- C:\Windows\System\yJuWEEb.exe
  C:\Windows\System\yJuWEEb.exe
  2⤵
  PID:4848
- C:\Windows\System\GmhURVM.exe
  C:\Windows\System\GmhURVM.exe
  2⤵
  PID:112
- C:\Windows\System\hVNiQNi.exe
  C:\Windows\System\hVNiQNi.exe
  2⤵
  PID:4892
- C:\Windows\System\cdlLafy.exe
  C:\Windows\System\cdlLafy.exe
  2⤵
  PID:4976
- C:\Windows\System\Zcbcupo.exe
  C:\Windows\System\Zcbcupo.exe
  2⤵
  PID:5036
- C:\Windows\System\xDAIzps.exe
  C:\Windows\System\xDAIzps.exe
  2⤵
  PID:5108
- C:\Windows\System\jovcDww.exe
  C:\Windows\System\jovcDww.exe
  2⤵
  PID:3944
- C:\Windows\System\HlqGzVf.exe
  C:\Windows\System\HlqGzVf.exe
  2⤵
  PID:2836
- C:\Windows\System\dQrzPYS.exe
  C:\Windows\System\dQrzPYS.exe
  2⤵
  PID:3324
- C:\Windows\System\YvXzlVI.exe
  C:\Windows\System\YvXzlVI.exe
  2⤵
  PID:3652
- C:\Windows\System\onbRVGY.exe
  C:\Windows\System\onbRVGY.exe
  2⤵
  PID:4164
- C:\Windows\System\aZaUdsg.exe
  C:\Windows\System\aZaUdsg.exe
  2⤵
  PID:4228
- C:\Windows\System\UIKVfxG.exe
  C:\Windows\System\UIKVfxG.exe
  2⤵
  PID:1720
- C:\Windows\System\ftezTYT.exe
  C:\Windows\System\ftezTYT.exe
  2⤵
  PID:4452
- C:\Windows\System\ldVtanT.exe
  C:\Windows\System\ldVtanT.exe
  2⤵
  PID:4508
- C:\Windows\System\zbABZQt.exe
  C:\Windows\System\zbABZQt.exe
  2⤵
  PID:4616
- C:\Windows\System\TzkZWAs.exe
  C:\Windows\System\TzkZWAs.exe
  2⤵
  PID:4648
- C:\Windows\System\sDCqYzj.exe
  C:\Windows\System\sDCqYzj.exe
  2⤵
  PID:4676
- C:\Windows\System\IMuzbBP.exe
  C:\Windows\System\IMuzbBP.exe
  2⤵
  PID:4836
- C:\Windows\System\GszblWD.exe
  C:\Windows\System\GszblWD.exe
  2⤵
  PID:4932
- C:\Windows\System\IPpPMyP.exe
  C:\Windows\System\IPpPMyP.exe
  2⤵
  PID:5008
- C:\Windows\System\QjUxQTX.exe
  C:\Windows\System\QjUxQTX.exe
  2⤵
  PID:5076
- C:\Windows\System\uOJgnUu.exe
  C:\Windows\System\uOJgnUu.exe
  2⤵
  PID:5132
- C:\Windows\System\lirJfzB.exe
  C:\Windows\System\lirJfzB.exe
  2⤵
  PID:5152
- C:\Windows\System\BhlUNBo.exe
  C:\Windows\System\BhlUNBo.exe
  2⤵
  PID:5172
- C:\Windows\System\EJuZtlk.exe
  C:\Windows\System\EJuZtlk.exe
  2⤵
  PID:5192
- C:\Windows\System\QoMwwwx.exe
  C:\Windows\System\QoMwwwx.exe
  2⤵
  PID:5212
- C:\Windows\System\kgJAxKY.exe
  C:\Windows\System\kgJAxKY.exe
  2⤵
  PID:5232
- C:\Windows\System\YRZwHec.exe
  C:\Windows\System\YRZwHec.exe
  2⤵
  PID:5252
- C:\Windows\System\pCUYUSv.exe
  C:\Windows\System\pCUYUSv.exe
  2⤵
  PID:5272
- C:\Windows\System\GiNNyDz.exe
  C:\Windows\System\GiNNyDz.exe
  2⤵
  PID:5292
- C:\Windows\System\EzJMPta.exe
  C:\Windows\System\EzJMPta.exe
  2⤵
  PID:5312
- C:\Windows\System\kBUXYPR.exe
  C:\Windows\System\kBUXYPR.exe
  2⤵
  PID:5332
- C:\Windows\System\McoaVEu.exe
  C:\Windows\System\McoaVEu.exe
  2⤵
  PID:5352
- C:\Windows\System\PdnaJFu.exe
  C:\Windows\System\PdnaJFu.exe
  2⤵
  PID:5372
- C:\Windows\System\rsLlYGE.exe
  C:\Windows\System\rsLlYGE.exe
  2⤵
  PID:5392
- C:\Windows\System\nJPUlTz.exe
  C:\Windows\System\nJPUlTz.exe
  2⤵
  PID:5412
- C:\Windows\System\ScUSKnt.exe
  C:\Windows\System\ScUSKnt.exe
  2⤵
  PID:5432
- C:\Windows\System\GCxWYnI.exe
  C:\Windows\System\GCxWYnI.exe
  2⤵
  PID:5452
- C:\Windows\System\NHPqADJ.exe
  C:\Windows\System\NHPqADJ.exe
  2⤵
  PID:5472
- C:\Windows\System\qSzrOra.exe
  C:\Windows\System\qSzrOra.exe
  2⤵
  PID:5492
- C:\Windows\System\kZGzLJl.exe
  C:\Windows\System\kZGzLJl.exe
  2⤵
  PID:5512
- C:\Windows\System\XIPvGnM.exe
  C:\Windows\System\XIPvGnM.exe
  2⤵
  PID:5532
- C:\Windows\System\izrKPdt.exe
  C:\Windows\System\izrKPdt.exe
  2⤵
  PID:5552
- C:\Windows\System\sGJrZyD.exe
  C:\Windows\System\sGJrZyD.exe
  2⤵
  PID:5572
- C:\Windows\System\XtPRQjl.exe
  C:\Windows\System\XtPRQjl.exe
  2⤵
  PID:5592
- C:\Windows\System\EmhWYrC.exe
  C:\Windows\System\EmhWYrC.exe
  2⤵
  PID:5612
- C:\Windows\System\HnSxlpS.exe
  C:\Windows\System\HnSxlpS.exe
  2⤵
  PID:5636
- C:\Windows\System\GASgpNq.exe
  C:\Windows\System\GASgpNq.exe
  2⤵
  PID:5656
- C:\Windows\System\rljzUoj.exe
  C:\Windows\System\rljzUoj.exe
  2⤵
  PID:5676
- C:\Windows\System\KqVjfkM.exe
  C:\Windows\System\KqVjfkM.exe
  2⤵
  PID:5696
- C:\Windows\System\yWgQCNs.exe
  C:\Windows\System\yWgQCNs.exe
  2⤵
  PID:5716
- C:\Windows\System\ltlGEiW.exe
  C:\Windows\System\ltlGEiW.exe
  2⤵
  PID:5736
- C:\Windows\System\CfkmXGY.exe
  C:\Windows\System\CfkmXGY.exe
  2⤵
  PID:5756
- C:\Windows\System\kLYOkIg.exe
  C:\Windows\System\kLYOkIg.exe
  2⤵
  PID:5776
- C:\Windows\System\daudYBE.exe
  C:\Windows\System\daudYBE.exe
  2⤵
  PID:5796
- C:\Windows\System\hlnSxYy.exe
  C:\Windows\System\hlnSxYy.exe
  2⤵
  PID:5816
- C:\Windows\System\bgqERvS.exe
  C:\Windows\System\bgqERvS.exe
  2⤵
  PID:5836
- C:\Windows\System\dnXjWJf.exe
  C:\Windows\System\dnXjWJf.exe
  2⤵
  PID:5856
- C:\Windows\System\SlaVzep.exe
  C:\Windows\System\SlaVzep.exe
  2⤵
  PID:5876
- C:\Windows\System\xPNLfst.exe
  C:\Windows\System\xPNLfst.exe
  2⤵
  PID:5896
- C:\Windows\System\jrOjqgi.exe
  C:\Windows\System\jrOjqgi.exe
  2⤵
  PID:5916
- C:\Windows\System\bIzruxk.exe
  C:\Windows\System\bIzruxk.exe
  2⤵
  PID:5936
- C:\Windows\System\BulquTA.exe
  C:\Windows\System\BulquTA.exe
  2⤵
  PID:5956
- C:\Windows\System\NwTpbsr.exe
  C:\Windows\System\NwTpbsr.exe
  2⤵
  PID:5976
- C:\Windows\System\dJnDVFS.exe
  C:\Windows\System\dJnDVFS.exe
  2⤵
  PID:5996
- C:\Windows\System\UFnBDfr.exe
  C:\Windows\System\UFnBDfr.exe
  2⤵
  PID:6016
- C:\Windows\System\LgidiQT.exe
  C:\Windows\System\LgidiQT.exe
  2⤵
  PID:6036
- C:\Windows\System\xsRMhvI.exe
  C:\Windows\System\xsRMhvI.exe
  2⤵
  PID:6056
- C:\Windows\System\DUBfKvs.exe
  C:\Windows\System\DUBfKvs.exe
  2⤵
  PID:6076
- C:\Windows\System\aiQMOmv.exe
  C:\Windows\System\aiQMOmv.exe
  2⤵
  PID:6096
- C:\Windows\System\IwuWirk.exe
  C:\Windows\System\IwuWirk.exe
  2⤵
  PID:6120
- C:\Windows\System\vIQtUGr.exe
  C:\Windows\System\vIQtUGr.exe
  2⤵
  PID:6140
- C:\Windows\System\LmbrzuE.exe
  C:\Windows\System\LmbrzuE.exe
  2⤵
  PID:2376
- C:\Windows\System\GYbRTqM.exe
  C:\Windows\System\GYbRTqM.exe
  2⤵
  PID:3368
- C:\Windows\System\FBfVIUh.exe
  C:\Windows\System\FBfVIUh.exe
  2⤵
  PID:2676
- C:\Windows\System\FUThgNi.exe
  C:\Windows\System\FUThgNi.exe
  2⤵
  PID:2284
- C:\Windows\System\pYvukYP.exe
  C:\Windows\System\pYvukYP.exe
  2⤵
  PID:4544
- C:\Windows\System\WsrcneT.exe
  C:\Windows\System\WsrcneT.exe
  2⤵
  PID:2492
- C:\Windows\System\HBFUNqY.exe
  C:\Windows\System\HBFUNqY.exe
  2⤵
  PID:4748
- C:\Windows\System\lTutNeG.exe
  C:\Windows\System\lTutNeG.exe
  2⤵
  PID:4716
- C:\Windows\System\zxtxVZb.exe
  C:\Windows\System\zxtxVZb.exe
  2⤵
  PID:2916
- C:\Windows\System\ivoFqol.exe
  C:\Windows\System\ivoFqol.exe
  2⤵
  PID:4968
- C:\Windows\System\IHkFJOY.exe
  C:\Windows\System\IHkFJOY.exe
  2⤵
  PID:2648
- C:\Windows\System\BotQYnm.exe
  C:\Windows\System\BotQYnm.exe
  2⤵
  PID:5148
- C:\Windows\System\wPUvtLa.exe
  C:\Windows\System\wPUvtLa.exe
  2⤵
  PID:5164
- C:\Windows\System\dpyFRtG.exe
  C:\Windows\System\dpyFRtG.exe
  2⤵
  PID:5208
- C:\Windows\System\qYULmyr.exe
  C:\Windows\System\qYULmyr.exe
  2⤵
  PID:5240
- C:\Windows\System\oTEwHAM.exe
  C:\Windows\System\oTEwHAM.exe
  2⤵
  PID:5280
- C:\Windows\System\cBRdkhU.exe
  C:\Windows\System\cBRdkhU.exe
  2⤵
  PID:5308
- C:\Windows\System\cPDvVwE.exe
  C:\Windows\System\cPDvVwE.exe
  2⤵
  PID:5340
- C:\Windows\System\EDppNkx.exe
  C:\Windows\System\EDppNkx.exe
  2⤵
  PID:5364
- C:\Windows\System\ITmWnSE.exe
  C:\Windows\System\ITmWnSE.exe
  2⤵
  PID:5408
- C:\Windows\System\VchLgVX.exe
  C:\Windows\System\VchLgVX.exe
  2⤵
  PID:5440
- C:\Windows\System\iBjsHFo.exe
  C:\Windows\System\iBjsHFo.exe
  2⤵
  PID:5480
- C:\Windows\System\rniFSbd.exe
  C:\Windows\System\rniFSbd.exe
  2⤵
  PID:5508
- C:\Windows\System\wstTWLu.exe
  C:\Windows\System\wstTWLu.exe
  2⤵
  PID:5540
- C:\Windows\System\hsyTkGO.exe
  C:\Windows\System\hsyTkGO.exe
  2⤵
  PID:5564
- C:\Windows\System\aRwpCbW.exe
  C:\Windows\System\aRwpCbW.exe
  2⤵
  PID:5604
- C:\Windows\System\GdpSJzb.exe
  C:\Windows\System\GdpSJzb.exe
  2⤵
  PID:5652
- C:\Windows\System\LAPPdhr.exe
  C:\Windows\System\LAPPdhr.exe
  2⤵
  PID:5684
- C:\Windows\System\VSprHHd.exe
  C:\Windows\System\VSprHHd.exe
  2⤵
  PID:5708
- C:\Windows\System\TYVzYtj.exe
  C:\Windows\System\TYVzYtj.exe
  2⤵
  PID:5764
- C:\Windows\System\zxGRxxm.exe
  C:\Windows\System\zxGRxxm.exe
  2⤵
  PID:5784
- C:\Windows\System\wUKXfoN.exe
  C:\Windows\System\wUKXfoN.exe
  2⤵
  PID:5808
- C:\Windows\System\PndujCu.exe
  C:\Windows\System\PndujCu.exe
  2⤵
  PID:5852
- C:\Windows\System\EWEZzdd.exe
  C:\Windows\System\EWEZzdd.exe
  2⤵
  PID:5884
- C:\Windows\System\GPzcsCG.exe
  C:\Windows\System\GPzcsCG.exe
  2⤵
  PID:5932
- C:\Windows\System\fDLRunN.exe
  C:\Windows\System\fDLRunN.exe
  2⤵
  PID:5944
- C:\Windows\System\oiuHePc.exe
  C:\Windows\System\oiuHePc.exe
  2⤵
  PID:5968
- C:\Windows\System\sLZvWVt.exe
  C:\Windows\System\sLZvWVt.exe
  2⤵
  PID:6008
- C:\Windows\System\iKtxtBX.exe
  C:\Windows\System\iKtxtBX.exe
  2⤵
  PID:5628
- C:\Windows\System\Shogehk.exe
  C:\Windows\System\Shogehk.exe
  2⤵
  PID:6052
- C:\Windows\System\shirIEN.exe
  C:\Windows\System\shirIEN.exe
  2⤵
  PID:6068
- C:\Windows\System\IYCtrDO.exe
  C:\Windows\System\IYCtrDO.exe
  2⤵
  PID:6136
- C:\Windows\System\XLSlWQU.exe
  C:\Windows\System\XLSlWQU.exe
  2⤵
  PID:5068
- C:\Windows\System\XNYrafp.exe
  C:\Windows\System\XNYrafp.exe
  2⤵
  PID:4104
- C:\Windows\System\jAMNmOv.exe
  C:\Windows\System\jAMNmOv.exe
  2⤵
  PID:3548
- C:\Windows\System\lrUAJKZ.exe
  C:\Windows\System\lrUAJKZ.exe
  2⤵
  PID:1460
- C:\Windows\System\VTtDkva.exe
  C:\Windows\System\VTtDkva.exe
  2⤵
  PID:4752
- C:\Windows\System\UFzVTth.exe
  C:\Windows\System\UFzVTth.exe
  2⤵
  PID:4888
- C:\Windows\System\fnHMuMm.exe
  C:\Windows\System\fnHMuMm.exe
  2⤵
  PID:2520
- C:\Windows\System\xLDDZuo.exe
  C:\Windows\System\xLDDZuo.exe
  2⤵
  PID:5124
- C:\Windows\System\nseuyZG.exe
  C:\Windows\System\nseuyZG.exe
  2⤵
  PID:5168
- C:\Windows\System\yizTzNc.exe
  C:\Windows\System\yizTzNc.exe
  2⤵
  PID:5220
- C:\Windows\System\GXxleid.exe
  C:\Windows\System\GXxleid.exe
  2⤵
  PID:5268
- C:\Windows\System\mBGtzKg.exe
  C:\Windows\System\mBGtzKg.exe
  2⤵
  PID:5320
- C:\Windows\System\OwCUALU.exe
  C:\Windows\System\OwCUALU.exe
  2⤵
  PID:5388
- C:\Windows\System\GoPwXZp.exe
  C:\Windows\System\GoPwXZp.exe
  2⤵
  PID:1712
- C:\Windows\System\gaWRfJs.exe
  C:\Windows\System\gaWRfJs.exe
  2⤵
  PID:5444
- C:\Windows\System\kwCAdhP.exe
  C:\Windows\System\kwCAdhP.exe
  2⤵
  PID:5484
- C:\Windows\System\UDGAwwR.exe
  C:\Windows\System\UDGAwwR.exe
  2⤵
  PID:5568
- C:\Windows\System\GvIvhZk.exe
  C:\Windows\System\GvIvhZk.exe
  2⤵
  PID:5632
- C:\Windows\System\oxKURLU.exe
  C:\Windows\System\oxKURLU.exe
  2⤵
  PID:5672
- C:\Windows\System\wgHJhBX.exe
  C:\Windows\System\wgHJhBX.exe
  2⤵
  PID:5744
- C:\Windows\System\aRHUoMp.exe
  C:\Windows\System\aRHUoMp.exe
  2⤵
  PID:5768
- C:\Windows\System\dlcACiB.exe
  C:\Windows\System\dlcACiB.exe
  2⤵
  PID:5824
- C:\Windows\System\eoYuPgN.exe
  C:\Windows\System\eoYuPgN.exe
  2⤵
  PID:5872
- C:\Windows\System\dHlETWj.exe
  C:\Windows\System\dHlETWj.exe
  2⤵
  PID:5964
- C:\Windows\System\CSMHXSM.exe
  C:\Windows\System\CSMHXSM.exe
  2⤵
  PID:6004
- C:\Windows\System\ffWdFQP.exe
  C:\Windows\System\ffWdFQP.exe
  2⤵
  PID:6044
- C:\Windows\System\BihmRDc.exe
  C:\Windows\System\BihmRDc.exe
  2⤵
  PID:6072
- C:\Windows\System\VTkkaAV.exe
  C:\Windows\System\VTkkaAV.exe
  2⤵
  PID:6116
- C:\Windows\System\weQKMdS.exe
  C:\Windows\System\weQKMdS.exe
  2⤵
  PID:3420
- C:\Windows\System\roPmBfx.exe
  C:\Windows\System\roPmBfx.exe
  2⤵
  PID:4368
- C:\Windows\System\vhWLorm.exe
  C:\Windows\System\vhWLorm.exe
  2⤵
  PID:4448
- C:\Windows\System\MsXvMjq.exe
  C:\Windows\System\MsXvMjq.exe
  2⤵
  PID:4852
- C:\Windows\System\AigAlkr.exe
  C:\Windows\System\AigAlkr.exe
  2⤵
  PID:5200
- C:\Windows\System\DjOYWUV.exe
  C:\Windows\System\DjOYWUV.exe
  2⤵
  PID:5228
- C:\Windows\System\SkYTHZW.exe
  C:\Windows\System\SkYTHZW.exe
  2⤵
  PID:1948
- C:\Windows\System\TEvcIET.exe
  C:\Windows\System\TEvcIET.exe
  2⤵
  PID:1728
- C:\Windows\System\DfWokEZ.exe
  C:\Windows\System\DfWokEZ.exe
  2⤵
  PID:5500
- C:\Windows\System\quaxSUN.exe
  C:\Windows\System\quaxSUN.exe
  2⤵
  PID:5588
- C:\Windows\System\pTpFnej.exe
  C:\Windows\System\pTpFnej.exe
  2⤵
  PID:5644
- C:\Windows\System\iHdIkQH.exe
  C:\Windows\System\iHdIkQH.exe
  2⤵
  PID:996
- C:\Windows\System\rvoKPHf.exe
  C:\Windows\System\rvoKPHf.exe
  2⤵
  PID:5832
- C:\Windows\System\ovwfSxo.exe
  C:\Windows\System\ovwfSxo.exe
  2⤵
  PID:5924
- C:\Windows\System\cPeTJWc.exe
  C:\Windows\System\cPeTJWc.exe
  2⤵
  PID:6160
- C:\Windows\System\bQEhJlq.exe
  C:\Windows\System\bQEhJlq.exe
  2⤵
  PID:6180
- C:\Windows\System\ylxhoaX.exe
  C:\Windows\System\ylxhoaX.exe
  2⤵
  PID:6200
- C:\Windows\System\XgtXESF.exe
  C:\Windows\System\XgtXESF.exe
  2⤵
  PID:6220
- C:\Windows\System\XqaOiki.exe
  C:\Windows\System\XqaOiki.exe
  2⤵
  PID:6240
- C:\Windows\System\NyKjyZC.exe
  C:\Windows\System\NyKjyZC.exe
  2⤵
  PID:6260
- C:\Windows\System\KqzjDNM.exe
  C:\Windows\System\KqzjDNM.exe
  2⤵
  PID:6280
- C:\Windows\System\kxhSzvf.exe
  C:\Windows\System\kxhSzvf.exe
  2⤵
  PID:6300
- C:\Windows\System\vDioBYC.exe
  C:\Windows\System\vDioBYC.exe
  2⤵
  PID:6320
- C:\Windows\System\GWAZuCI.exe
  C:\Windows\System\GWAZuCI.exe
  2⤵
  PID:6340
- C:\Windows\System\GhaPkGy.exe
  C:\Windows\System\GhaPkGy.exe
  2⤵
  PID:6360
- C:\Windows\System\ZjQppnf.exe
  C:\Windows\System\ZjQppnf.exe
  2⤵
  PID:6380
- C:\Windows\System\usRldYm.exe
  C:\Windows\System\usRldYm.exe
  2⤵
  PID:6400
- C:\Windows\System\uKKGzvi.exe
  C:\Windows\System\uKKGzvi.exe
  2⤵
  PID:6420
- C:\Windows\System\cgEqRRu.exe
  C:\Windows\System\cgEqRRu.exe
  2⤵
  PID:6440
- C:\Windows\System\QXbaysb.exe
  C:\Windows\System\QXbaysb.exe
  2⤵
  PID:6460
- C:\Windows\System\IGtNfNc.exe
  C:\Windows\System\IGtNfNc.exe
  2⤵
  PID:6480
- C:\Windows\System\OkMqlam.exe
  C:\Windows\System\OkMqlam.exe
  2⤵
  PID:6500
- C:\Windows\System\RYFhbWX.exe
  C:\Windows\System\RYFhbWX.exe
  2⤵
  PID:6520
- C:\Windows\System\YtRyQHt.exe
  C:\Windows\System\YtRyQHt.exe
  2⤵
  PID:6540
- C:\Windows\System\iOYrSEn.exe
  C:\Windows\System\iOYrSEn.exe
  2⤵
  PID:6560
- C:\Windows\System\LAcqPGH.exe
  C:\Windows\System\LAcqPGH.exe
  2⤵
  PID:6580
- C:\Windows\System\nIIyTaJ.exe
  C:\Windows\System\nIIyTaJ.exe
  2⤵
  PID:6600
- C:\Windows\System\VjYrNFY.exe
  C:\Windows\System\VjYrNFY.exe
  2⤵
  PID:6620
- C:\Windows\System\fQXSXxM.exe
  C:\Windows\System\fQXSXxM.exe
  2⤵
  PID:6640
- C:\Windows\System\kexDjmP.exe
  C:\Windows\System\kexDjmP.exe
  2⤵
  PID:6660
- C:\Windows\System\buuwjiP.exe
  C:\Windows\System\buuwjiP.exe
  2⤵
  PID:6680
- C:\Windows\System\BaIRGRM.exe
  C:\Windows\System\BaIRGRM.exe
  2⤵
  PID:6700
- C:\Windows\System\cceIqYd.exe
  C:\Windows\System\cceIqYd.exe
  2⤵
  PID:6720
- C:\Windows\System\UAFWogh.exe
  C:\Windows\System\UAFWogh.exe
  2⤵
  PID:6744
- C:\Windows\System\zvRcNax.exe
  C:\Windows\System\zvRcNax.exe
  2⤵
  PID:6764
- C:\Windows\System\FrqqFiS.exe
  C:\Windows\System\FrqqFiS.exe
  2⤵
  PID:6784
- C:\Windows\System\lwwkjGF.exe
  C:\Windows\System\lwwkjGF.exe
  2⤵
  PID:6804
- C:\Windows\System\XOhQZSt.exe
  C:\Windows\System\XOhQZSt.exe
  2⤵
  PID:6824
- C:\Windows\System\HvyyNwE.exe
  C:\Windows\System\HvyyNwE.exe
  2⤵
  PID:6844
- C:\Windows\System\PXLFXNt.exe
  C:\Windows\System\PXLFXNt.exe
  2⤵
  PID:6868
- C:\Windows\System\FVPDFxV.exe
  C:\Windows\System\FVPDFxV.exe
  2⤵
  PID:6888
- C:\Windows\System\UQPeqjL.exe
  C:\Windows\System\UQPeqjL.exe
  2⤵
  PID:6908
- C:\Windows\System\kiWwiiV.exe
  C:\Windows\System\kiWwiiV.exe
  2⤵
  PID:6928
- C:\Windows\System\LQcFVAw.exe
  C:\Windows\System\LQcFVAw.exe
  2⤵
  PID:6948
- C:\Windows\System\HbDGiRP.exe
  C:\Windows\System\HbDGiRP.exe
  2⤵
  PID:6968
- C:\Windows\System\RPvTcPU.exe
  C:\Windows\System\RPvTcPU.exe
  2⤵
  PID:6988
- C:\Windows\System\BZXipiV.exe
  C:\Windows\System\BZXipiV.exe
  2⤵
  PID:7008
- C:\Windows\System\EihQEkq.exe
  C:\Windows\System\EihQEkq.exe
  2⤵
  PID:7028
- C:\Windows\System\CPfUzKZ.exe
  C:\Windows\System\CPfUzKZ.exe
  2⤵
  PID:7048
- C:\Windows\System\RQgzCtl.exe
  C:\Windows\System\RQgzCtl.exe
  2⤵
  PID:7068
- C:\Windows\System\mioyuHA.exe
  C:\Windows\System\mioyuHA.exe
  2⤵
  PID:7088
- C:\Windows\System\CwvDMQq.exe
  C:\Windows\System\CwvDMQq.exe
  2⤵
  PID:7108
- C:\Windows\System\QpNTEgD.exe
  C:\Windows\System\QpNTEgD.exe
  2⤵
  PID:7128
- C:\Windows\System\bmBJBoY.exe
  C:\Windows\System\bmBJBoY.exe
  2⤵
  PID:7148
- C:\Windows\System\lBxvavd.exe
  C:\Windows\System\lBxvavd.exe
  2⤵
  PID:5972
- C:\Windows\System\DMoQRzG.exe
  C:\Windows\System\DMoQRzG.exe
  2⤵
  PID:2908
- C:\Windows\System\LMcYypG.exe
  C:\Windows\System\LMcYypG.exe
  2⤵
  PID:6128
- C:\Windows\System\jzdYMmD.exe
  C:\Windows\System\jzdYMmD.exe
  2⤵
  PID:2212
- C:\Windows\System\fpIculz.exe
  C:\Windows\System\fpIculz.exe
  2⤵
  PID:4776
- C:\Windows\System\JsBbzxz.exe
  C:\Windows\System\JsBbzxz.exe
  2⤵
  PID:5028
- C:\Windows\System\rYHItJL.exe
  C:\Windows\System\rYHItJL.exe
  2⤵
  PID:5300
- C:\Windows\System\fsLDEVS.exe
  C:\Windows\System\fsLDEVS.exe
  2⤵
  PID:5360
- C:\Windows\System\VhuBELW.exe
  C:\Windows\System\VhuBELW.exe
  2⤵
  PID:5504
- C:\Windows\System\OBEoRjb.exe
  C:\Windows\System\OBEoRjb.exe
  2⤵
  PID:5748
- C:\Windows\System\mDmIQvG.exe
  C:\Windows\System\mDmIQvG.exe
  2⤵
  PID:5864
- C:\Windows\System\MebUNMm.exe
  C:\Windows\System\MebUNMm.exe
  2⤵
  PID:6156
- C:\Windows\System\wKDdZNW.exe
  C:\Windows\System\wKDdZNW.exe
  2⤵
  PID:6188
- C:\Windows\System\NlYzoVk.exe
  C:\Windows\System\NlYzoVk.exe
  2⤵
  PID:6212
- C:\Windows\System\RmDRiqk.exe
  C:\Windows\System\RmDRiqk.exe
  2⤵
  PID:6256
- C:\Windows\System\wfpibTi.exe
  C:\Windows\System\wfpibTi.exe
  2⤵
  PID:6288
- C:\Windows\System\xiBMsQx.exe
  C:\Windows\System\xiBMsQx.exe
  2⤵
  PID:6308
- C:\Windows\System\lvVsaih.exe
  C:\Windows\System\lvVsaih.exe
  2⤵
  PID:6368
- C:\Windows\System\tmIVzqZ.exe
  C:\Windows\System\tmIVzqZ.exe
  2⤵
  PID:6372
- C:\Windows\System\qyZtUTe.exe
  C:\Windows\System\qyZtUTe.exe
  2⤵
  PID:6416
- C:\Windows\System\WHtVFiv.exe
  C:\Windows\System\WHtVFiv.exe
  2⤵
  PID:6436
- C:\Windows\System\mZVAzqO.exe
  C:\Windows\System\mZVAzqO.exe
  2⤵
  PID:6496
- C:\Windows\System\kVymMTB.exe
  C:\Windows\System\kVymMTB.exe
  2⤵
  PID:6528
- C:\Windows\System\UhrIoZz.exe
  C:\Windows\System\UhrIoZz.exe
  2⤵
  PID:6548
- C:\Windows\System\hYIgGMC.exe
  C:\Windows\System\hYIgGMC.exe
  2⤵
  PID:6572
- C:\Windows\System\MyyoPca.exe
  C:\Windows\System\MyyoPca.exe
  2⤵
  PID:6616
- C:\Windows\System\LCruxaG.exe
  C:\Windows\System\LCruxaG.exe
  2⤵
  PID:6652
- C:\Windows\System\koaChVS.exe
  C:\Windows\System\koaChVS.exe
  2⤵
  PID:6688
- C:\Windows\System\xIYqvfH.exe
  C:\Windows\System\xIYqvfH.exe
  2⤵
  PID:6716
- C:\Windows\System\JllOoGV.exe
  C:\Windows\System\JllOoGV.exe
  2⤵
  PID:6752
- C:\Windows\System\WvANWhO.exe
  C:\Windows\System\WvANWhO.exe
  2⤵
  PID:1000
- C:\Windows\System\TFfqkNE.exe
  C:\Windows\System\TFfqkNE.exe
  2⤵
  PID:6820
- C:\Windows\System\ZAqwsev.exe
  C:\Windows\System\ZAqwsev.exe
  2⤵
  PID:6832
- C:\Windows\System\aqJMjvG.exe
  C:\Windows\System\aqJMjvG.exe
  2⤵
  PID:6884
- C:\Windows\System\RCmaPEs.exe
  C:\Windows\System\RCmaPEs.exe
  2⤵
  PID:6936
- C:\Windows\System\qLwHIin.exe
  C:\Windows\System\qLwHIin.exe
  2⤵
  PID:6956
- C:\Windows\System\RlilIZc.exe
  C:\Windows\System\RlilIZc.exe
  2⤵
  PID:6980
- C:\Windows\System\LjWhYCn.exe
  C:\Windows\System\LjWhYCn.exe
  2⤵
  PID:7024
- C:\Windows\System\hVTfjOj.exe
  C:\Windows\System\hVTfjOj.exe
  2⤵
  PID:7040
- C:\Windows\System\tNpEBIX.exe
  C:\Windows\System\tNpEBIX.exe
  2⤵
  PID:7104
- C:\Windows\System\hXtccdk.exe
  C:\Windows\System\hXtccdk.exe
  2⤵
  PID:7124
- C:\Windows\System\VTLCWHS.exe
  C:\Windows\System\VTLCWHS.exe
  2⤵
  PID:7156
- C:\Windows\System\aTKGUpM.exe
  C:\Windows\System\aTKGUpM.exe
  2⤵
  PID:6024
- C:\Windows\System\UIsvUiO.exe
  C:\Windows\System\UIsvUiO.exe
  2⤵
  PID:6028
- C:\Windows\System\qrQvZdC.exe
  C:\Windows\System\qrQvZdC.exe
  2⤵
  PID:4588
- C:\Windows\System\YCnvyoL.exe
  C:\Windows\System\YCnvyoL.exe
  2⤵
  PID:5328
- C:\Windows\System\lZHjxxj.exe
  C:\Windows\System\lZHjxxj.exe
  2⤵
  PID:5608
- C:\Windows\System\rPEwfjg.exe
  C:\Windows\System\rPEwfjg.exe
  2⤵
  PID:5668
- C:\Windows\System\hxbXhUA.exe
  C:\Windows\System\hxbXhUA.exe
  2⤵
  PID:5812
- C:\Windows\System\iXGzQDG.exe
  C:\Windows\System\iXGzQDG.exe
  2⤵
  PID:6152
- C:\Windows\System\hGxrYFW.exe
  C:\Windows\System\hGxrYFW.exe
  2⤵
  PID:6276
- C:\Windows\System\EXBTWun.exe
  C:\Windows\System\EXBTWun.exe
  2⤵
  PID:6336
- C:\Windows\System\zBBZoKe.exe
  C:\Windows\System\zBBZoKe.exe
  2⤵
  PID:6376
- C:\Windows\System\RuHjrCv.exe
  C:\Windows\System\RuHjrCv.exe
  2⤵
  PID:6428
- C:\Windows\System\NJLMLKv.exe
  C:\Windows\System\NJLMLKv.exe
  2⤵
  PID:6468
- C:\Windows\System\YVOiwnU.exe
  C:\Windows\System\YVOiwnU.exe
  2⤵
  PID:6532
- C:\Windows\System\gasSwIZ.exe
  C:\Windows\System\gasSwIZ.exe
  2⤵
  PID:6608
- C:\Windows\System\rbEZmkH.exe
  C:\Windows\System\rbEZmkH.exe
  2⤵
  PID:6628
- C:\Windows\System\rRMtMop.exe
  C:\Windows\System\rRMtMop.exe
  2⤵
  PID:6676
- C:\Windows\System\KvplHic.exe
  C:\Windows\System\KvplHic.exe
  2⤵
  PID:6732
- C:\Windows\System\EbLuDhu.exe
  C:\Windows\System\EbLuDhu.exe
  2⤵
  PID:6792
- C:\Windows\System\dOtxdHa.exe
  C:\Windows\System\dOtxdHa.exe
  2⤵
  PID:6860
- C:\Windows\System\KYGmaHr.exe
  C:\Windows\System\KYGmaHr.exe
  2⤵
  PID:6904
- C:\Windows\System\fBmEgpa.exe
  C:\Windows\System\fBmEgpa.exe
  2⤵
  PID:6900
- C:\Windows\System\LOkfaKG.exe
  C:\Windows\System\LOkfaKG.exe
  2⤵
  PID:7000
- C:\Windows\System\pJMvewl.exe
  C:\Windows\System\pJMvewl.exe
  2⤵
  PID:7036
- C:\Windows\System\AULcyDE.exe
  C:\Windows\System\AULcyDE.exe
  2⤵
  PID:7144
- C:\Windows\System\HoPPbFM.exe
  C:\Windows\System\HoPPbFM.exe
  2⤵
  PID:6064
- C:\Windows\System\EEzhQzd.exe
  C:\Windows\System\EEzhQzd.exe
  2⤵
  PID:4312
- C:\Windows\System\ITKxPHG.exe
  C:\Windows\System\ITKxPHG.exe
  2⤵
  PID:5140
- C:\Windows\System\OReCdvL.exe
  C:\Windows\System\OReCdvL.exe
  2⤵
  PID:5704
- C:\Windows\System\OnDEQdH.exe
  C:\Windows\System\OnDEQdH.exe
  2⤵
  PID:6192
- C:\Windows\System\vJjkHGT.exe
  C:\Windows\System\vJjkHGT.exe
  2⤵
  PID:6208
- C:\Windows\System\mASnFsn.exe
  C:\Windows\System\mASnFsn.exe
  2⤵
  PID:6292
- C:\Windows\System\oZBWHcF.exe
  C:\Windows\System\oZBWHcF.exe
  2⤵
  PID:6392
- C:\Windows\System\CaIwhsQ.exe
  C:\Windows\System\CaIwhsQ.exe
  2⤵
  PID:6488
- C:\Windows\System\UmScrRQ.exe
  C:\Windows\System\UmScrRQ.exe
  2⤵
  PID:6552
- C:\Windows\System\yaWaIwP.exe
  C:\Windows\System\yaWaIwP.exe
  2⤵
  PID:6692
- C:\Windows\System\NVLDAHk.exe
  C:\Windows\System\NVLDAHk.exe
  2⤵
  PID:6812
- C:\Windows\System\zfulZYo.exe
  C:\Windows\System\zfulZYo.exe
  2⤵
  PID:6924
- C:\Windows\System\ewnqDfy.exe
  C:\Windows\System\ewnqDfy.exe
  2⤵
  PID:6940
- C:\Windows\System\NbgGVJj.exe
  C:\Windows\System\NbgGVJj.exe
  2⤵
  PID:2588
- C:\Windows\System\xgLMqlM.exe
  C:\Windows\System\xgLMqlM.exe
  2⤵
  PID:7080
- C:\Windows\System\HrflMyJ.exe
  C:\Windows\System\HrflMyJ.exe
  2⤵
  PID:2892
- C:\Windows\System\IEGZANj.exe
  C:\Windows\System\IEGZANj.exe
  2⤵
  PID:5184
- C:\Windows\System\kjKBnkB.exe
  C:\Windows\System\kjKBnkB.exe
  2⤵
  PID:5524
- C:\Windows\System\vzqpjNW.exe
  C:\Windows\System\vzqpjNW.exe
  2⤵
  PID:7184
- C:\Windows\System\ZDeACNz.exe
  C:\Windows\System\ZDeACNz.exe
  2⤵
  PID:7204
- C:\Windows\System\gosITya.exe
  C:\Windows\System\gosITya.exe
  2⤵
  PID:7224
- C:\Windows\System\CdYjyoO.exe
  C:\Windows\System\CdYjyoO.exe
  2⤵
  PID:7244
- C:\Windows\System\QDrTcEB.exe
  C:\Windows\System\QDrTcEB.exe
  2⤵
  PID:7264
- C:\Windows\System\OkEOeLu.exe
  C:\Windows\System\OkEOeLu.exe
  2⤵
  PID:7284
- C:\Windows\System\BJXDiim.exe
  C:\Windows\System\BJXDiim.exe
  2⤵
  PID:7304
- C:\Windows\System\mUQNZkq.exe
  C:\Windows\System\mUQNZkq.exe
  2⤵
  PID:7324
- C:\Windows\System\PYyCNTB.exe
  C:\Windows\System\PYyCNTB.exe
  2⤵
  PID:7344
- C:\Windows\System\TTuropA.exe
  C:\Windows\System\TTuropA.exe
  2⤵
  PID:7364
- C:\Windows\System\BChOkTW.exe
  C:\Windows\System\BChOkTW.exe
  2⤵
  PID:7384
- C:\Windows\System\WbdAKpq.exe
  C:\Windows\System\WbdAKpq.exe
  2⤵
  PID:7404
- C:\Windows\System\cTjQjpE.exe
  C:\Windows\System\cTjQjpE.exe
  2⤵
  PID:7424
- C:\Windows\System\SvmWJNQ.exe
  C:\Windows\System\SvmWJNQ.exe
  2⤵
  PID:7444
- C:\Windows\System\RTXhCPN.exe
  C:\Windows\System\RTXhCPN.exe
  2⤵
  PID:7464
- C:\Windows\System\zdFHJfQ.exe
  C:\Windows\System\zdFHJfQ.exe
  2⤵
  PID:7484
- C:\Windows\System\qumuNtT.exe
  C:\Windows\System\qumuNtT.exe
  2⤵
  PID:7504
- C:\Windows\System\KNVZPQU.exe
  C:\Windows\System\KNVZPQU.exe
  2⤵
  PID:7524
- C:\Windows\System\QeFPRHt.exe
  C:\Windows\System\QeFPRHt.exe
  2⤵
  PID:7544
- C:\Windows\System\oIPcCOx.exe
  C:\Windows\System\oIPcCOx.exe
  2⤵
  PID:7564
- C:\Windows\System\cIwERCy.exe
  C:\Windows\System\cIwERCy.exe
  2⤵
  PID:7584
- C:\Windows\System\pKBsANa.exe
  C:\Windows\System\pKBsANa.exe
  2⤵
  PID:7604
- C:\Windows\System\rbSMCug.exe
  C:\Windows\System\rbSMCug.exe
  2⤵
  PID:7624
- C:\Windows\System\sPZoSCI.exe
  C:\Windows\System\sPZoSCI.exe
  2⤵
  PID:7644
- C:\Windows\System\ZSdlDaz.exe
  C:\Windows\System\ZSdlDaz.exe
  2⤵
  PID:7664
- C:\Windows\System\BxLBmKo.exe
  C:\Windows\System\BxLBmKo.exe
  2⤵
  PID:7684
- C:\Windows\System\gsBKDhI.exe
  C:\Windows\System\gsBKDhI.exe
  2⤵
  PID:7704
- C:\Windows\System\zThSWax.exe
  C:\Windows\System\zThSWax.exe
  2⤵
  PID:7724
- C:\Windows\System\nFtPnFO.exe
  C:\Windows\System\nFtPnFO.exe
  2⤵
  PID:7744
- C:\Windows\System\JsNzoYm.exe
  C:\Windows\System\JsNzoYm.exe
  2⤵
  PID:7768
- C:\Windows\System\QJkLPYm.exe
  C:\Windows\System\QJkLPYm.exe
  2⤵
  PID:7788
- C:\Windows\System\PXLzfZW.exe
  C:\Windows\System\PXLzfZW.exe
  2⤵
  PID:7812
- C:\Windows\System\mfLgEAU.exe
  C:\Windows\System\mfLgEAU.exe
  2⤵
  PID:7832
- C:\Windows\System\WEczVFg.exe
  C:\Windows\System\WEczVFg.exe
  2⤵
  PID:7852
- C:\Windows\System\wiGyOmR.exe
  C:\Windows\System\wiGyOmR.exe
  2⤵
  PID:7872
- C:\Windows\System\IsgjaXr.exe
  C:\Windows\System\IsgjaXr.exe
  2⤵
  PID:7892
- C:\Windows\System\MMKJdek.exe
  C:\Windows\System\MMKJdek.exe
  2⤵
  PID:7912
- C:\Windows\System\vEXNzeu.exe
  C:\Windows\System\vEXNzeu.exe
  2⤵
  PID:7932
- C:\Windows\System\VzDsIiG.exe
  C:\Windows\System\VzDsIiG.exe
  2⤵
  PID:7952
- C:\Windows\System\pbpqWbx.exe
  C:\Windows\System\pbpqWbx.exe
  2⤵
  PID:7972
- C:\Windows\System\igGdGUa.exe
  C:\Windows\System\igGdGUa.exe
  2⤵
  PID:7992
- C:\Windows\System\uhiPYhI.exe
  C:\Windows\System\uhiPYhI.exe
  2⤵
  PID:8012
- C:\Windows\System\elofFZk.exe
  C:\Windows\System\elofFZk.exe
  2⤵
  PID:8032
- C:\Windows\System\vSYHsDN.exe
  C:\Windows\System\vSYHsDN.exe
  2⤵
  PID:8052
- C:\Windows\System\djholBz.exe
  C:\Windows\System\djholBz.exe
  2⤵
  PID:8072
- C:\Windows\System\wDAeNlo.exe
  C:\Windows\System\wDAeNlo.exe
  2⤵
  PID:8092
- C:\Windows\System\AwqYGcI.exe
  C:\Windows\System\AwqYGcI.exe
  2⤵
  PID:8112
- C:\Windows\System\cFMbhMb.exe
  C:\Windows\System\cFMbhMb.exe
  2⤵
  PID:8132
- C:\Windows\System\RaJyoXE.exe
  C:\Windows\System\RaJyoXE.exe
  2⤵
  PID:8152
- C:\Windows\System\MPLaFqF.exe
  C:\Windows\System\MPLaFqF.exe
  2⤵
  PID:8172
- C:\Windows\System\XgSbNZb.exe
  C:\Windows\System\XgSbNZb.exe
  2⤵
  PID:2276
- C:\Windows\System\vTHMunx.exe
  C:\Windows\System\vTHMunx.exe
  2⤵
  PID:6148
- C:\Windows\System\SNiDVpj.exe
  C:\Windows\System\SNiDVpj.exe
  2⤵
  PID:6396
- C:\Windows\System\OxGKIEK.exe
  C:\Windows\System\OxGKIEK.exe
  2⤵
  PID:6568
- C:\Windows\System\PNoJmMr.exe
  C:\Windows\System\PNoJmMr.exe
  2⤵
  PID:6864
- C:\Windows\System\wsFVPkW.exe
  C:\Windows\System\wsFVPkW.exe
  2⤵
  PID:6856
- C:\Windows\System\YcvvTfD.exe
  C:\Windows\System\YcvvTfD.exe
  2⤵
  PID:6896
- C:\Windows\System\tOaYNar.exe
  C:\Windows\System\tOaYNar.exe
  2⤵
  PID:7100
- C:\Windows\System\LtKXRmE.exe
  C:\Windows\System\LtKXRmE.exe
  2⤵
  PID:5788
- C:\Windows\System\YnPWJmz.exe
  C:\Windows\System\YnPWJmz.exe
  2⤵
  PID:7176
- C:\Windows\System\ckPpTrS.exe
  C:\Windows\System\ckPpTrS.exe
  2⤵
  PID:2452
- C:\Windows\System\YHGNcEs.exe
  C:\Windows\System\YHGNcEs.exe
  2⤵
  PID:7236
- C:\Windows\System\YuDebfl.exe
  C:\Windows\System\YuDebfl.exe
  2⤵
  PID:3040
- C:\Windows\System\fjltlvw.exe
  C:\Windows\System\fjltlvw.exe
  2⤵
  PID:6296
- C:\Windows\System\FVuWPJx.exe
  C:\Windows\System\FVuWPJx.exe
  2⤵
  PID:7316
- C:\Windows\System\oSJJJMU.exe
  C:\Windows\System\oSJJJMU.exe
  2⤵
  PID:7336
- C:\Windows\System\ATucCYO.exe
  C:\Windows\System\ATucCYO.exe
  2⤵
  PID:7400
- C:\Windows\System\ywtYull.exe
  C:\Windows\System\ywtYull.exe
  2⤵
  PID:7420
- C:\Windows\System\dpcDySs.exe
  C:\Windows\System\dpcDySs.exe
  2⤵
  PID:7480
- C:\Windows\System\afXoRBi.exe
  C:\Windows\System\afXoRBi.exe
  2⤵
  PID:7492
- C:\Windows\System\rCaBhcW.exe
  C:\Windows\System\rCaBhcW.exe
  2⤵
  PID:7532
- C:\Windows\System\tqkvMyv.exe
  C:\Windows\System\tqkvMyv.exe
  2⤵
  PID:7556
- C:\Windows\System\WKUfxPm.exe
  C:\Windows\System\WKUfxPm.exe
  2⤵
  PID:7592
- C:\Windows\System\FYQtlgi.exe
  C:\Windows\System\FYQtlgi.exe
  2⤵
  PID:7616
- C:\Windows\System\iPWPaca.exe
  C:\Windows\System\iPWPaca.exe
  2⤵
  PID:7672
- C:\Windows\System\IDVdiiT.exe
  C:\Windows\System\IDVdiiT.exe
  2⤵
  PID:7712
- C:\Windows\System\EXFdxpV.exe
  C:\Windows\System\EXFdxpV.exe
  2⤵
  PID:7732
- C:\Windows\System\rpppEoc.exe
  C:\Windows\System\rpppEoc.exe
  2⤵
  PID:7760
- C:\Windows\System\lMoupeD.exe
  C:\Windows\System\lMoupeD.exe
  2⤵
  PID:332
- C:\Windows\System\bejcMBG.exe
  C:\Windows\System\bejcMBG.exe
  2⤵
  PID:7840
- C:\Windows\System\qbwGPrN.exe
  C:\Windows\System\qbwGPrN.exe
  2⤵
  PID:7880
- C:\Windows\System\dpYrnrD.exe
  C:\Windows\System\dpYrnrD.exe
  2⤵
  PID:7864
- C:\Windows\System\LTGFvHh.exe
  C:\Windows\System\LTGFvHh.exe
  2⤵
  PID:7904
- C:\Windows\System\lJOPHoR.exe
  C:\Windows\System\lJOPHoR.exe
  2⤵
  PID:7968
- C:\Windows\System\ScsEosA.exe
  C:\Windows\System\ScsEosA.exe
  2⤵
  PID:8004
- C:\Windows\System\ndQtOfV.exe
  C:\Windows\System\ndQtOfV.exe
  2⤵
  PID:8040
- C:\Windows\System\vOQlHpU.exe
  C:\Windows\System\vOQlHpU.exe
  2⤵
  PID:8088
- C:\Windows\System\IjFosQB.exe
  C:\Windows\System\IjFosQB.exe
  2⤵
  PID:8084
- C:\Windows\System\rMzPGQU.exe
  C:\Windows\System\rMzPGQU.exe
  2⤵
  PID:8124
- C:\Windows\System\maNHysS.exe
  C:\Windows\System\maNHysS.exe
  2⤵
  PID:8164
- C:\Windows\System\TWBtgWT.exe
  C:\Windows\System\TWBtgWT.exe
  2⤵
  PID:4232
- C:\Windows\System\zjMCAsC.exe
  C:\Windows\System\zjMCAsC.exe
  2⤵
  PID:6576
- C:\Windows\System\pSSiUeb.exe
  C:\Windows\System\pSSiUeb.exe
  2⤵
  PID:6508
- C:\Windows\System\PGbrYLR.exe
  C:\Windows\System\PGbrYLR.exe
  2⤵
  PID:6852
- C:\Windows\System\QcHGLAm.exe
  C:\Windows\System\QcHGLAm.exe
  2⤵
  PID:7120
- C:\Windows\System\WSQfPLA.exe
  C:\Windows\System\WSQfPLA.exe
  2⤵
  PID:4472
- C:\Windows\System\RhTKnRr.exe
  C:\Windows\System\RhTKnRr.exe
  2⤵
  PID:7172
- C:\Windows\System\zGjxvJf.exe
  C:\Windows\System\zGjxvJf.exe
  2⤵
  PID:7240
- C:\Windows\System\hoyRjIY.exe
  C:\Windows\System\hoyRjIY.exe
  2⤵
  PID:7300
- C:\Windows\System\IdjnCDg.exe
  C:\Windows\System\IdjnCDg.exe
  2⤵
  PID:2608
- C:\Windows\System\SqapkkL.exe
  C:\Windows\System\SqapkkL.exe
  2⤵
  PID:7340
- C:\Windows\System\EMApaKf.exe
  C:\Windows\System\EMApaKf.exe
  2⤵
  PID:7372
- C:\Windows\System\UQujRFr.exe
  C:\Windows\System\UQujRFr.exe
  2⤵
  PID:7460
- C:\Windows\System\FeaFFLs.exe
  C:\Windows\System\FeaFFLs.exe
  2⤵
  PID:7500
- C:\Windows\System\FXVlSrl.exe
  C:\Windows\System\FXVlSrl.exe
  2⤵
  PID:7596
- C:\Windows\System\wMWclHx.exe
  C:\Windows\System\wMWclHx.exe
  2⤵
  PID:7612
- C:\Windows\System\WzpSDvx.exe
  C:\Windows\System\WzpSDvx.exe
  2⤵
  PID:7692
- C:\Windows\System\SjAJeJX.exe
  C:\Windows\System\SjAJeJX.exe
  2⤵
  PID:7716
- C:\Windows\System\AkICvAF.exe
  C:\Windows\System\AkICvAF.exe
  2⤵
  PID:7780
- C:\Windows\System\JxWQZIr.exe
  C:\Windows\System\JxWQZIr.exe
  2⤵
  PID:7796
- C:\Windows\System\XUVnlfK.exe
  C:\Windows\System\XUVnlfK.exe
  2⤵
  PID:7940
- C:\Windows\System\AoATGyh.exe
  C:\Windows\System\AoATGyh.exe
  2⤵
  PID:7984
- C:\Windows\System\tzvmdBH.exe
  C:\Windows\System\tzvmdBH.exe
  2⤵
  PID:8028
- C:\Windows\System\QDyprSJ.exe
  C:\Windows\System\QDyprSJ.exe
  2⤵
  PID:2876
- C:\Windows\System\awexNoD.exe
  C:\Windows\System\awexNoD.exe
  2⤵
  PID:8168
- C:\Windows\System\IKwGfUt.exe
  C:\Windows\System\IKwGfUt.exe
  2⤵
  PID:7756
- C:\Windows\System\BMpTmCF.exe
  C:\Windows\System\BMpTmCF.exe
  2⤵
  PID:1916
- C:\Windows\System\hOFIllb.exe
  C:\Windows\System\hOFIllb.exe
  2⤵
  PID:6492
- C:\Windows\System\wNSbyQf.exe
  C:\Windows\System\wNSbyQf.exe
  2⤵
  PID:6708
- C:\Windows\System\HACnNgZ.exe
  C:\Windows\System\HACnNgZ.exe
  2⤵
  PID:2204
- C:\Windows\System\yQzoKFz.exe
  C:\Windows\System\yQzoKFz.exe
  2⤵
  PID:2516
- C:\Windows\System\NGWZxTA.exe
  C:\Windows\System\NGWZxTA.exe
  2⤵
  PID:7232
- C:\Windows\System\MsTMttp.exe
  C:\Windows\System\MsTMttp.exe
  2⤵
  PID:7272
- C:\Windows\System\yvKruBR.exe
  C:\Windows\System\yvKruBR.exe
  2⤵
  PID:1972
- C:\Windows\System\lPWZcJA.exe
  C:\Windows\System\lPWZcJA.exe
  2⤵
  PID:2768
- C:\Windows\System\StiwKHX.exe
  C:\Windows\System\StiwKHX.exe
  2⤵
  PID:7412
- C:\Windows\System\cgAPHOF.exe
  C:\Windows\System\cgAPHOF.exe
  2⤵
  PID:1796
- C:\Windows\System\uNJlpSW.exe
  C:\Windows\System\uNJlpSW.exe
  2⤵
  PID:7560
- C:\Windows\System\ynFHkGR.exe
  C:\Windows\System\ynFHkGR.exe
  2⤵
  PID:2268
- C:\Windows\System\WxHfNdg.exe
  C:\Windows\System\WxHfNdg.exe
  2⤵
  PID:7536
- C:\Windows\System\ZgoHEyp.exe
  C:\Windows\System\ZgoHEyp.exe
  2⤵
  PID:2280
- C:\Windows\System\pLmyitA.exe
  C:\Windows\System\pLmyitA.exe
  2⤵
  PID:7764
- C:\Windows\System\nmfancX.exe
  C:\Windows\System\nmfancX.exe
  2⤵
  PID:7800
- C:\Windows\System\yLcJLgl.exe
  C:\Windows\System\yLcJLgl.exe
  2⤵
  PID:2252
- C:\Windows\System\crdolwI.exe
  C:\Windows\System\crdolwI.exe
  2⤵
  PID:1756
- C:\Windows\System\ruTtiwL.exe
  C:\Windows\System\ruTtiwL.exe
  2⤵
  PID:2088
- C:\Windows\System\MXijlNs.exe
  C:\Windows\System\MXijlNs.exe
  2⤵
  PID:2144
- C:\Windows\System\iyCwCyN.exe
  C:\Windows\System\iyCwCyN.exe
  2⤵
  PID:1140
- C:\Windows\System\gFNPLIg.exe
  C:\Windows\System\gFNPLIg.exe
  2⤵
  PID:2464
- C:\Windows\System\tMVPvsK.exe
  C:\Windows\System\tMVPvsK.exe
  2⤵
  PID:2172
- C:\Windows\System\QhdJKWQ.exe
  C:\Windows\System\QhdJKWQ.exe
  2⤵
  PID:1612
- C:\Windows\System\YiamVYX.exe
  C:\Windows\System\YiamVYX.exe
  2⤵
  PID:6756
- C:\Windows\System\LiYskoL.exe
  C:\Windows\System\LiYskoL.exe
  2⤵
  PID:7256
- C:\Windows\System\kAhMbrX.exe
  C:\Windows\System\kAhMbrX.exe
  2⤵
  PID:2408
- C:\Windows\System\IUWLGiA.exe
  C:\Windows\System\IUWLGiA.exe
  2⤵
  PID:7580
- C:\Windows\System\eBPDfzY.exe
  C:\Windows\System\eBPDfzY.exe
  2⤵
  PID:7784
- C:\Windows\System\TSuKFmN.exe
  C:\Windows\System\TSuKFmN.exe
  2⤵
  PID:7920
- C:\Windows\System\FWlApJI.exe
  C:\Windows\System\FWlApJI.exe
  2⤵
  PID:7964
- C:\Windows\System\CBlAGhO.exe
  C:\Windows\System\CBlAGhO.exe
  2⤵
  PID:7076
- C:\Windows\System\hgdYrlM.exe
  C:\Windows\System\hgdYrlM.exe
  2⤵
  PID:2928
- C:\Windows\System\xuqAVTZ.exe
  C:\Windows\System\xuqAVTZ.exe
  2⤵
  PID:2056
- C:\Windows\System\hJvUlWe.exe
  C:\Windows\System\hJvUlWe.exe
  2⤵
  PID:7696
- C:\Windows\System\EFMKadP.exe
  C:\Windows\System\EFMKadP.exe
  2⤵
  PID:1836
- C:\Windows\System\yYqTCjG.exe
  C:\Windows\System\yYqTCjG.exe
  2⤵
  PID:2644
- C:\Windows\System\zSnjjXV.exe
  C:\Windows\System\zSnjjXV.exe
  2⤵
  PID:1608
- C:\Windows\System\CjXTbMk.exe
  C:\Windows\System\CjXTbMk.exe
  2⤵
  PID:8104
- C:\Windows\System\wOWQnuv.exe
  C:\Windows\System\wOWQnuv.exe
  2⤵
  PID:8216
- C:\Windows\System\aoKNoFD.exe
  C:\Windows\System\aoKNoFD.exe
  2⤵
  PID:8240
- C:\Windows\System\zIeGPfV.exe
  C:\Windows\System\zIeGPfV.exe
  2⤵
  PID:8264
- C:\Windows\System\SnDmBiK.exe
  C:\Windows\System\SnDmBiK.exe
  2⤵
  PID:8292
- C:\Windows\System\jXuMGIc.exe
  C:\Windows\System\jXuMGIc.exe
  2⤵
  PID:8312
- C:\Windows\System\mVpDlzj.exe
  C:\Windows\System\mVpDlzj.exe
  2⤵
  PID:8328
- C:\Windows\System\GvEfWGr.exe
  C:\Windows\System\GvEfWGr.exe
  2⤵
  PID:8352
- C:\Windows\System\qCdbmmv.exe
  C:\Windows\System\qCdbmmv.exe
  2⤵
  PID:8376
- C:\Windows\System\JusPqGV.exe
  C:\Windows\System\JusPqGV.exe
  2⤵
  PID:8400
- C:\Windows\System\TlJEUrI.exe
  C:\Windows\System\TlJEUrI.exe
  2⤵
  PID:8420
- C:\Windows\System\zNwOXWm.exe
  C:\Windows\System\zNwOXWm.exe
  2⤵
  PID:8440
- C:\Windows\System\mjOYSvm.exe
  C:\Windows\System\mjOYSvm.exe
  2⤵
  PID:8456
- C:\Windows\System\CqFHblH.exe
  C:\Windows\System\CqFHblH.exe
  2⤵
  PID:8476
- C:\Windows\System\EIeRTPT.exe
  C:\Windows\System\EIeRTPT.exe
  2⤵
  PID:8492
- C:\Windows\System\aOYPfOV.exe
  C:\Windows\System\aOYPfOV.exe
  2⤵
  PID:8508
- C:\Windows\System\NwjfZkn.exe
  C:\Windows\System\NwjfZkn.exe
  2⤵
  PID:8524
- C:\Windows\System\OnoQXGP.exe
  C:\Windows\System\OnoQXGP.exe
  2⤵
  PID:8540
- C:\Windows\System\uACGMgv.exe
  C:\Windows\System\uACGMgv.exe
  2⤵
  PID:8556
- C:\Windows\System\UbLUBzA.exe
  C:\Windows\System\UbLUBzA.exe
  2⤵
  PID:8576
- C:\Windows\System\lqmrqgi.exe
  C:\Windows\System\lqmrqgi.exe
  2⤵
  PID:8592
- C:\Windows\System\NUdXCJf.exe
  C:\Windows\System\NUdXCJf.exe
  2⤵
  PID:8676
- C:\Windows\System\DPpRVLX.exe
  C:\Windows\System\DPpRVLX.exe
  2⤵
  PID:8696
- C:\Windows\System\fataQTH.exe
  C:\Windows\System\fataQTH.exe
  2⤵
  PID:8712
- C:\Windows\System\PtQVMPG.exe
  C:\Windows\System\PtQVMPG.exe
  2⤵
  PID:8728
- C:\Windows\System\pMxzpkG.exe
  C:\Windows\System\pMxzpkG.exe
  2⤵
  PID:8744
- C:\Windows\System\uNiRZdg.exe
  C:\Windows\System\uNiRZdg.exe
  2⤵
  PID:8764
- C:\Windows\System\QRsWieJ.exe
  C:\Windows\System\QRsWieJ.exe
  2⤵
  PID:8780
- C:\Windows\System\SfRPNUv.exe
  C:\Windows\System\SfRPNUv.exe
  2⤵
  PID:8796
- C:\Windows\System\erqOqBp.exe
  C:\Windows\System\erqOqBp.exe
  2⤵
  PID:8812
- C:\Windows\System\AliLFJT.exe
  C:\Windows\System\AliLFJT.exe
  2⤵
  PID:8828
- C:\Windows\System\qlWvMMV.exe
  C:\Windows\System\qlWvMMV.exe
  2⤵
  PID:8844
- C:\Windows\System\WXkITeE.exe
  C:\Windows\System\WXkITeE.exe
  2⤵
  PID:8860
- C:\Windows\System\ujmBbAK.exe
  C:\Windows\System\ujmBbAK.exe
  2⤵
  PID:8876
- C:\Windows\System\lRcauCh.exe
  C:\Windows\System\lRcauCh.exe
  2⤵
  PID:8892
- C:\Windows\System\uZsuUje.exe
  C:\Windows\System\uZsuUje.exe
  2⤵
  PID:8928
- C:\Windows\System\KNLzcIk.exe
  C:\Windows\System\KNLzcIk.exe
  2⤵
  PID:8944
- C:\Windows\System\JdASZOq.exe
  C:\Windows\System\JdASZOq.exe
  2⤵
  PID:8980
- C:\Windows\System\rMEmWdd.exe
  C:\Windows\System\rMEmWdd.exe
  2⤵
  PID:8996
- C:\Windows\System\nrxskgX.exe
  C:\Windows\System\nrxskgX.exe
  2⤵
  PID:9012
- C:\Windows\System\LWmiPCe.exe
  C:\Windows\System\LWmiPCe.exe
  2⤵
  PID:9040
- C:\Windows\System\GdvcKfB.exe
  C:\Windows\System\GdvcKfB.exe
  2⤵
  PID:9056
- C:\Windows\System\CqXegeY.exe
  C:\Windows\System\CqXegeY.exe
  2⤵
  PID:9076
- C:\Windows\System\kIzpdCI.exe
  C:\Windows\System\kIzpdCI.exe
  2⤵
  PID:9100
- C:\Windows\System\PFzNraA.exe
  C:\Windows\System\PFzNraA.exe
  2⤵
  PID:9120
- C:\Windows\System\NETHimI.exe
  C:\Windows\System\NETHimI.exe
  2⤵
  PID:9140
- C:\Windows\System\OfzwEBa.exe
  C:\Windows\System\OfzwEBa.exe
  2⤵
  PID:9164
- C:\Windows\System\KBteDuv.exe
  C:\Windows\System\KBteDuv.exe
  2⤵
  PID:9200
- C:\Windows\System\lhUaoNS.exe
  C:\Windows\System\lhUaoNS.exe
  2⤵
  PID:6312
- C:\Windows\System\eBukmao.exe
  C:\Windows\System\eBukmao.exe
  2⤵
  PID:8228
- C:\Windows\System\GYVHiES.exe
  C:\Windows\System\GYVHiES.exe
  2⤵
  PID:1524
- C:\Windows\System\rgErIUt.exe
  C:\Windows\System\rgErIUt.exe
  2⤵
  PID:8276
- C:\Windows\System\ppGPfFY.exe
  C:\Windows\System\ppGPfFY.exe
  2⤵
  PID:7740
- C:\Windows\System\VJoJdvW.exe
  C:\Windows\System\VJoJdvW.exe
  2⤵
  PID:352
- C:\Windows\System\mxyfvCS.exe
  C:\Windows\System\mxyfvCS.exe
  2⤵
  PID:8024
- C:\Windows\System\UIzLVhJ.exe
  C:\Windows\System\UIzLVhJ.exe
  2⤵
  PID:876
- C:\Windows\System\PMfxDHX.exe
  C:\Windows\System\PMfxDHX.exe
  2⤵
  PID:2312
- C:\Windows\System\ytIbTOb.exe
  C:\Windows\System\ytIbTOb.exe
  2⤵
  PID:1820
- C:\Windows\System\gsHmKYn.exe
  C:\Windows\System\gsHmKYn.exe
  2⤵
  PID:7436
- C:\Windows\System\einfMCE.exe
  C:\Windows\System\einfMCE.exe
  2⤵
  PID:8212
- C:\Windows\System\PMnqgEO.exe
  C:\Windows\System\PMnqgEO.exe
  2⤵
  PID:8304
- C:\Windows\System\vexvesg.exe
  C:\Windows\System\vexvesg.exe
  2⤵
  PID:8336
- C:\Windows\System\UmAzDxX.exe
  C:\Windows\System\UmAzDxX.exe
  2⤵
  PID:8344
- C:\Windows\System\TMbEGQg.exe
  C:\Windows\System\TMbEGQg.exe
  2⤵
  PID:8412
- C:\Windows\System\oTZuiXU.exe
  C:\Windows\System\oTZuiXU.exe
  2⤵
  PID:8488
- C:\Windows\System\THKNKHa.exe
  C:\Windows\System\THKNKHa.exe
  2⤵
  PID:8584
- C:\Windows\System\FzrWykp.exe
  C:\Windows\System\FzrWykp.exe
  2⤵
  PID:8532
- C:\Windows\System\kIQUsHx.exe
  C:\Windows\System\kIQUsHx.exe
  2⤵
  PID:8572
- C:\Windows\System\jSMYVVY.exe
  C:\Windows\System\jSMYVVY.exe
  2⤵
  PID:8608
- C:\Windows\System\LpgvhxH.exe
  C:\Windows\System\LpgvhxH.exe
  2⤵
  PID:8660
- C:\Windows\System\YMyvgXl.exe
  C:\Windows\System\YMyvgXl.exe
  2⤵
  PID:8684
- C:\Windows\System\cqwhjNt.exe
  C:\Windows\System\cqwhjNt.exe
  2⤵
  PID:8724
- C:\Windows\System\HMUNUuT.exe
  C:\Windows\System\HMUNUuT.exe
  2⤵
  PID:8792
- C:\Windows\System\YAvpiNz.exe
  C:\Windows\System\YAvpiNz.exe
  2⤵
  PID:8888
- C:\Windows\System\udNTMnV.exe
  C:\Windows\System\udNTMnV.exe
  2⤵
  PID:8740
- C:\Windows\System\XuWDmFW.exe
  C:\Windows\System\XuWDmFW.exe
  2⤵
  PID:8836
- C:\Windows\System\ceavOvE.exe
  C:\Windows\System\ceavOvE.exe
  2⤵
  PID:8900
- C:\Windows\System\mesmocx.exe
  C:\Windows\System\mesmocx.exe
  2⤵
  PID:8952
- C:\Windows\System\PslYxuv.exe
  C:\Windows\System\PslYxuv.exe
  2⤵
  PID:8972
- C:\Windows\System\CDJgqWl.exe
  C:\Windows\System\CDJgqWl.exe
  2⤵
  PID:9024
- C:\Windows\System\utSzFWg.exe
  C:\Windows\System\utSzFWg.exe
  2⤵
  PID:9036
- C:\Windows\System\SEvFmhs.exe
  C:\Windows\System\SEvFmhs.exe
  2⤵
  PID:9108
- C:\Windows\System\oyHKeAy.exe
  C:\Windows\System\oyHKeAy.exe
  2⤵
  PID:9084
- C:\Windows\System\kXhiJyZ.exe
  C:\Windows\System\kXhiJyZ.exe
  2⤵
  PID:9128
- C:\Windows\System\HyBCMGu.exe
  C:\Windows\System\HyBCMGu.exe
  2⤵
  PID:9136
- C:\Windows\System\DSzuToh.exe
  C:\Windows\System\DSzuToh.exe
  2⤵
  PID:9184
- C:\Windows\System\JTbSojS.exe
  C:\Windows\System\JTbSojS.exe
  2⤵
  PID:9208
- C:\Windows\System\YDQStfr.exe
  C:\Windows\System\YDQStfr.exe
  2⤵
  PID:2012
- C:\Windows\System\xBVtTAM.exe
  C:\Windows\System\xBVtTAM.exe
  2⤵
  PID:8288
- C:\Windows\System\lniVTtj.exe
  C:\Windows\System\lniVTtj.exe
  2⤵
  PID:1124
- C:\Windows\System\fDRNMKR.exe
  C:\Windows\System\fDRNMKR.exe
  2⤵
  PID:8252
- C:\Windows\System\ahRyTPx.exe
  C:\Windows\System\ahRyTPx.exe
  2⤵
  PID:8372
- C:\Windows\System\KcdrHht.exe
  C:\Windows\System\KcdrHht.exe
  2⤵
  PID:8484
- C:\Windows\System\IvNVSvk.exe
  C:\Windows\System\IvNVSvk.exe
  2⤵
  PID:1808
- C:\Windows\System\hRZyvmD.exe
  C:\Windows\System\hRZyvmD.exe
  2⤵
  PID:8200
- C:\Windows\System\FkGyVjV.exe
  C:\Windows\System\FkGyVjV.exe
  2⤵
  PID:8408
- C:\Windows\System\ULabRqw.exe
  C:\Windows\System\ULabRqw.exe
  2⤵
  PID:8552
- C:\Windows\System\nyLLkDv.exe
  C:\Windows\System\nyLLkDv.exe
  2⤵
  PID:8564
- C:\Windows\System\xQMvVpz.exe
  C:\Windows\System\xQMvVpz.exe
  2⤵
  PID:8428
- C:\Windows\System\uPsyZXt.exe
  C:\Windows\System\uPsyZXt.exe
  2⤵
  PID:8656
- C:\Windows\System\nXrtaXq.exe
  C:\Windows\System\nXrtaXq.exe
  2⤵
  PID:8788
- C:\Windows\System\ybDSHEu.exe
  C:\Windows\System\ybDSHEu.exe
  2⤵
  PID:8776
- C:\Windows\System\ifOXXyn.exe
  C:\Windows\System\ifOXXyn.exe
  2⤵
  PID:8852
- C:\Windows\System\NMTJfbi.exe
  C:\Windows\System\NMTJfbi.exe
  2⤵
  PID:8808
- C:\Windows\System\veCKBeF.exe
  C:\Windows\System\veCKBeF.exe
  2⤵
  PID:8912
- C:\Windows\System\Gbpajxz.exe
  C:\Windows\System\Gbpajxz.exe
  2⤵
  PID:8968
- C:\Windows\System\weDCLRT.exe
  C:\Windows\System\weDCLRT.exe
  2⤵
  PID:9020
- C:\Windows\System\qxRyqmF.exe
  C:\Windows\System\qxRyqmF.exe
  2⤵
  PID:9068
- C:\Windows\System\PtEdzAT.exe
  C:\Windows\System\PtEdzAT.exe
  2⤵
  PID:9212
- C:\Windows\System\kWYAsQa.exe
  C:\Windows\System\kWYAsQa.exe
  2⤵
  PID:7452
- C:\Windows\System\IlIJCaJ.exe
  C:\Windows\System\IlIJCaJ.exe
  2⤵
  PID:9156
- C:\Windows\System\tkGRdvZ.exe
  C:\Windows\System\tkGRdvZ.exe
  2⤵
  PID:7196
- C:\Windows\System\YnrGuMs.exe
  C:\Windows\System\YnrGuMs.exe
  2⤵
  PID:8916
- C:\Windows\System\TXJbIzb.exe
  C:\Windows\System\TXJbIzb.exe
  2⤵
  PID:8360
- C:\Windows\System\dFVzIQV.exe
  C:\Windows\System\dFVzIQV.exe
  2⤵
  PID:676
- C:\Windows\System\yqMgEik.exe
  C:\Windows\System\yqMgEik.exe
  2⤵
  PID:8548
- C:\Windows\System\XoEyPLx.exe
  C:\Windows\System\XoEyPLx.exe
  2⤵
  PID:8992
- C:\Windows\System\EmGExnI.exe
  C:\Windows\System\EmGExnI.exe
  2⤵
  PID:9072
- C:\Windows\System\hRgtQTu.exe
  C:\Windows\System\hRgtQTu.exe
  2⤵
  PID:1556
- C:\Windows\System\BAqCcgU.exe
  C:\Windows\System\BAqCcgU.exe
  2⤵
  PID:8604
- C:\Windows\System\wVxUxTp.exe
  C:\Windows\System\wVxUxTp.exe
  2⤵
  PID:8436
- C:\Windows\System\eSwNeks.exe
  C:\Windows\System\eSwNeks.exe
  2⤵
  PID:8236
- C:\Windows\System\nCWAcuK.exe
  C:\Windows\System\nCWAcuK.exe
  2⤵
  PID:8708
- C:\Windows\System\qvUkHAN.exe
  C:\Windows\System\qvUkHAN.exe
  2⤵
  PID:8964
- C:\Windows\System\FuUTWGh.exe
  C:\Windows\System\FuUTWGh.exe
  2⤵
  PID:7276
- C:\Windows\System\tgSEXhm.exe
  C:\Windows\System\tgSEXhm.exe
  2⤵
  PID:8500
- C:\Windows\System\Vjptopy.exe
  C:\Windows\System\Vjptopy.exe
  2⤵
  PID:8824
- C:\Windows\System\EYItCVq.exe
  C:\Windows\System\EYItCVq.exe
  2⤵
  PID:9192
- C:\Windows\System\svalqnt.exe
  C:\Windows\System\svalqnt.exe
  2⤵
  PID:2348
- C:\Windows\System\zXlpDgV.exe
  C:\Windows\System\zXlpDgV.exe
  2⤵
  PID:8324
- C:\Windows\System\BsSTynv.exe
  C:\Windows\System\BsSTynv.exe
  2⤵
  PID:8364
- C:\Windows\System\EMpSmeK.exe
  C:\Windows\System\EMpSmeK.exe
  2⤵
  PID:8692
- C:\Windows\System\EsDtMkx.exe
  C:\Windows\System\EsDtMkx.exe
  2⤵
  PID:708
- C:\Windows\System\OfjIpQf.exe
  C:\Windows\System\OfjIpQf.exe
  2⤵
  PID:9008
- C:\Windows\System\QbvovZo.exe
  C:\Windows\System\QbvovZo.exe
  2⤵
  PID:9172
- C:\Windows\System\aCppcfY.exe
  C:\Windows\System\aCppcfY.exe
  2⤵
  PID:9048
- C:\Windows\System\DBZEiFt.exe
  C:\Windows\System\DBZEiFt.exe
  2⤵
  PID:8204
- C:\Windows\System\EEMixPt.exe
  C:\Windows\System\EEMixPt.exe
  2⤵
  PID:7576
- C:\Windows\System\VfyImEC.exe
  C:\Windows\System\VfyImEC.exe
  2⤵
  PID:8452
- C:\Windows\System\rkUpqmA.exe
  C:\Windows\System\rkUpqmA.exe
  2⤵
  PID:8920
- C:\Windows\System\rkNstgC.exe
  C:\Windows\System\rkNstgC.exe
  2⤵
  PID:9220
- C:\Windows\System\VROSGSi.exe
  C:\Windows\System\VROSGSi.exe
  2⤵
  PID:9256
- C:\Windows\System\pEwoXiY.exe
  C:\Windows\System\pEwoXiY.exe
  2⤵
  PID:9272
- C:\Windows\System\gXcYrxt.exe
  C:\Windows\System\gXcYrxt.exe
  2⤵
  PID:9288
- C:\Windows\System\OqpwdaH.exe
  C:\Windows\System\OqpwdaH.exe
  2⤵
  PID:9304
- C:\Windows\System\enmNMYR.exe
  C:\Windows\System\enmNMYR.exe
  2⤵
  PID:9320
- C:\Windows\System\zKuxCMA.exe
  C:\Windows\System\zKuxCMA.exe
  2⤵
  PID:9352
- C:\Windows\System\enuNmoL.exe
  C:\Windows\System\enuNmoL.exe
  2⤵
  PID:9368
- C:\Windows\System\JQCHdgb.exe
  C:\Windows\System\JQCHdgb.exe
  2⤵
  PID:9384
- C:\Windows\System\YvoKWVQ.exe
  C:\Windows\System\YvoKWVQ.exe
  2⤵
  PID:9400
- C:\Windows\System\lHhIsFP.exe
  C:\Windows\System\lHhIsFP.exe
  2⤵
  PID:9416
- C:\Windows\System\BiSJRae.exe
  C:\Windows\System\BiSJRae.exe
  2⤵
  PID:9432
- C:\Windows\System\tkcamMh.exe
  C:\Windows\System\tkcamMh.exe
  2⤵
  PID:9448
- C:\Windows\System\qvivcXk.exe
  C:\Windows\System\qvivcXk.exe
  2⤵
  PID:9464
- C:\Windows\System\ZaKwpKZ.exe
  C:\Windows\System\ZaKwpKZ.exe
  2⤵
  PID:9480
- C:\Windows\System\PaJktyv.exe
  C:\Windows\System\PaJktyv.exe
  2⤵
  PID:9496
- C:\Windows\System\THPyNtm.exe
  C:\Windows\System\THPyNtm.exe
  2⤵
  PID:9512
- C:\Windows\System\VOTVsnV.exe
  C:\Windows\System\VOTVsnV.exe
  2⤵
  PID:9532
- C:\Windows\System\uJfHsxA.exe
  C:\Windows\System\uJfHsxA.exe
  2⤵
  PID:9548
- C:\Windows\System\BZEItGl.exe
  C:\Windows\System\BZEItGl.exe
  2⤵
  PID:9568
- C:\Windows\System\aLvXbDD.exe
  C:\Windows\System\aLvXbDD.exe
  2⤵
  PID:9600
- C:\Windows\System\iCnttSs.exe
  C:\Windows\System\iCnttSs.exe
  2⤵
  PID:9636
- C:\Windows\System\hstzHwt.exe
  C:\Windows\System\hstzHwt.exe
  2⤵
  PID:9688
- C:\Windows\System\dpbgnRx.exe
  C:\Windows\System\dpbgnRx.exe
  2⤵
  PID:9708
- C:\Windows\System\xUUBrfb.exe
  C:\Windows\System\xUUBrfb.exe
  2⤵
  PID:9728
- C:\Windows\System\fqpHxZf.exe
  C:\Windows\System\fqpHxZf.exe
  2⤵
  PID:9748
- C:\Windows\System\AKzEIJb.exe
  C:\Windows\System\AKzEIJb.exe
  2⤵
  PID:9764
- C:\Windows\System\grDBxZc.exe
  C:\Windows\System\grDBxZc.exe
  2⤵
  PID:9788
- C:\Windows\System\SZGLfQK.exe
  C:\Windows\System\SZGLfQK.exe
  2⤵
  PID:9808
- C:\Windows\System\iCBGEAV.exe
  C:\Windows\System\iCBGEAV.exe
  2⤵
  PID:9828
- C:\Windows\System\GtRNVMZ.exe
  C:\Windows\System\GtRNVMZ.exe
  2⤵
  PID:9844
- C:\Windows\System\vqfJoEI.exe
  C:\Windows\System\vqfJoEI.exe
  2⤵
  PID:9868
- C:\Windows\System\ULIoxmD.exe
  C:\Windows\System\ULIoxmD.exe
  2⤵
  PID:9888
- C:\Windows\System\aEUWaFZ.exe
  C:\Windows\System\aEUWaFZ.exe
  2⤵
  PID:9908
- C:\Windows\System\NjJkNlF.exe
  C:\Windows\System\NjJkNlF.exe
  2⤵
  PID:9924
- C:\Windows\System\VpWTlES.exe
  C:\Windows\System\VpWTlES.exe
  2⤵
  PID:9940
- C:\Windows\System\BQJzdts.exe
  C:\Windows\System\BQJzdts.exe
  2⤵
  PID:9964
- C:\Windows\System\mfGwpQa.exe
  C:\Windows\System\mfGwpQa.exe
  2⤵
  PID:9984
- C:\Windows\System\YYDKGkQ.exe
  C:\Windows\System\YYDKGkQ.exe
  2⤵
  PID:10004
- C:\Windows\System\UUcRpzZ.exe
  C:\Windows\System\UUcRpzZ.exe
  2⤵
  PID:10024
- C:\Windows\System\tlkHhhZ.exe
  C:\Windows\System\tlkHhhZ.exe
  2⤵
  PID:10040
- C:\Windows\System\GUbsqxV.exe
  C:\Windows\System\GUbsqxV.exe
  2⤵
  PID:10064
- C:\Windows\System\fFSUuqU.exe
  C:\Windows\System\fFSUuqU.exe
  2⤵
  PID:10080
- C:\Windows\System\bZuRhMH.exe
  C:\Windows\System\bZuRhMH.exe
  2⤵
  PID:10096
- C:\Windows\System\IjbXBGI.exe
  C:\Windows\System\IjbXBGI.exe
  2⤵
  PID:10120
- C:\Windows\System\YaKqgRk.exe
  C:\Windows\System\YaKqgRk.exe
  2⤵
  PID:10148
- C:\Windows\System\DacEMJI.exe
  C:\Windows\System\DacEMJI.exe
  2⤵
  PID:10164
- C:\Windows\System\BfVankn.exe
  C:\Windows\System\BfVankn.exe
  2⤵
  PID:10184
- C:\Windows\System\kOeAXhx.exe
  C:\Windows\System\kOeAXhx.exe
  2⤵
  PID:10220
- C:\Windows\System\qOmbkYG.exe
  C:\Windows\System\qOmbkYG.exe
  2⤵
  PID:10236
- C:\Windows\System\kBFEbLC.exe
  C:\Windows\System\kBFEbLC.exe
  2⤵
  PID:7660
- C:\Windows\System\GKmQGCv.exe
  C:\Windows\System\GKmQGCv.exe
  2⤵
  PID:9236
- C:\Windows\System\zHkyXaU.exe
  C:\Windows\System\zHkyXaU.exe
  2⤵
  PID:9264
- C:\Windows\System\jFZUKRM.exe
  C:\Windows\System\jFZUKRM.exe
  2⤵
  PID:9316
- C:\Windows\System\FjGHpeg.exe
  C:\Windows\System\FjGHpeg.exe
  2⤵
  PID:9344
- C:\Windows\System\WMamALJ.exe
  C:\Windows\System\WMamALJ.exe
  2⤵
  PID:9376
- C:\Windows\System\pXfBurm.exe
  C:\Windows\System\pXfBurm.exe
  2⤵
  PID:9476
- C:\Windows\System\AOlduad.exe
  C:\Windows\System\AOlduad.exe
  2⤵
  PID:9544
- C:\Windows\System\nLUjfSl.exe
  C:\Windows\System\nLUjfSl.exe
  2⤵
  PID:9584
- C:\Windows\System\pAvFDqh.exe
  C:\Windows\System\pAvFDqh.exe
  2⤵
  PID:9644
- C:\Windows\System\BTXgMaI.exe
  C:\Windows\System\BTXgMaI.exe
  2⤵
  PID:9456
- C:\Windows\System\gPLuPWX.exe
  C:\Windows\System\gPLuPWX.exe
  2⤵
  PID:9424
- C:\Windows\System\RvFITdC.exe
  C:\Windows\System\RvFITdC.exe
  2⤵
  PID:9396
- C:\Windows\System\tdqcaZU.exe
  C:\Windows\System\tdqcaZU.exe
  2⤵
  PID:9520
- C:\Windows\System\SrtAaIH.exe
  C:\Windows\System\SrtAaIH.exe
  2⤵
  PID:9668
- C:\Windows\System\ytwSVOI.exe
  C:\Windows\System\ytwSVOI.exe
  2⤵
  PID:9700
- C:\Windows\System\ZUSpPBT.exe
  C:\Windows\System\ZUSpPBT.exe
  2⤵
  PID:9740
- C:\Windows\System\aNcbbUN.exe
  C:\Windows\System\aNcbbUN.exe
  2⤵
  PID:9784
- C:\Windows\System\YEnhCMU.exe
  C:\Windows\System\YEnhCMU.exe
  2⤵
  PID:9804
- C:\Windows\System\vEcEQXm.exe
  C:\Windows\System\vEcEQXm.exe
  2⤵
  PID:9852
- C:\Windows\System\fYPMdQD.exe
  C:\Windows\System\fYPMdQD.exe
  2⤵
  PID:9880
- C:\Windows\System\MTIZnXa.exe
  C:\Windows\System\MTIZnXa.exe
  2⤵
  PID:9904
- C:\Windows\System\EIAtMKX.exe
  C:\Windows\System\EIAtMKX.exe
  2⤵
  PID:9932
- C:\Windows\System\fhZntbR.exe
  C:\Windows\System\fhZntbR.exe
  2⤵
  PID:10000
- C:\Windows\System\TfjYEpx.exe
  C:\Windows\System\TfjYEpx.exe
  2⤵
  PID:9816
- C:\Windows\System\kqlLYyk.exe
  C:\Windows\System\kqlLYyk.exe
  2⤵
  PID:10104
- C:\Windows\System\gkYgaBf.exe
  C:\Windows\System\gkYgaBf.exe
  2⤵
  PID:9980
- C:\Windows\System\reHQnQQ.exe
  C:\Windows\System\reHQnQQ.exe
  2⤵
  PID:10092
- C:\Windows\System\bLoypfh.exe
  C:\Windows\System\bLoypfh.exe
  2⤵
  PID:10048
- C:\Windows\System\jmOKfaS.exe
  C:\Windows\System\jmOKfaS.exe
  2⤵
  PID:10212
- C:\Windows\System\MImJtlQ.exe
  C:\Windows\System\MImJtlQ.exe
  2⤵
  PID:10176
- C:\Windows\System\liuKxBI.exe
  C:\Windows\System\liuKxBI.exe
  2⤵
  PID:7260
- C:\Windows\System\odaQTSw.exe
  C:\Windows\System\odaQTSw.exe
  2⤵
  PID:8280
- C:\Windows\System\ZkPpcVc.exe
  C:\Windows\System\ZkPpcVc.exe
  2⤵
  PID:9296
- C:\Windows\System\eYMVOXm.exe
  C:\Windows\System\eYMVOXm.exe
  2⤵
  PID:10136
- C:\Windows\System\wxAejNs.exe
  C:\Windows\System\wxAejNs.exe
  2⤵
  PID:9504
- C:\Windows\System\JiROcTi.exe
  C:\Windows\System\JiROcTi.exe
  2⤵
  PID:9580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BPiTAMy.exe

Filesize
6.0MB

MD5
f95f9aff7d59880c7f62612c167aecd5

SHA1
7528de361153fd917481969550bab1ff7cda572f

SHA256
4f9d5f6c125fb11731b07cbe87a6e4e76e22d181e7d07712dd94750fad13a721

SHA512
88b7fa5ec9215a0eceacdae9c6c1ea68cdc99b6aeb2ffac59ab1aaf61791f56bf35e790ddf75c28a9e3462b5cd2385a43033eb0bad548788bb5fb67b3f99913a

Download Submit
C:\Windows\system\BpCWlGE.exe

Filesize
6.0MB

MD5
2c0fa2356d39ecbf2688b2419fa7b2dd

SHA1
c4bb70d28437daf263e59b6a0ac8544a97b4299c

SHA256
f5fb0c984155c0d444787799e0522cb2b48199af01e5f1c661c0c995155e8f08

SHA512
6e526b3e37661a0e290ac61f1a1d1613aab8b71674233f3361e6220a786b206067bd5655fb5af4456875f48e007cba4e3d091536dfe533cf3a38fea7e1c272ae

Download Submit
C:\Windows\system\CscELpG.exe

Filesize
6.0MB

MD5
0cd7ac6bbb3879b06a60daf3d3e9777a

SHA1
0969ec6239320b34909daa9b534174007d6b7ec3

SHA256
9862d0a7b7234760d5b6c00772f44311ec677d21fff58b15756351c9ed5110e5

SHA512
f6a94fc39d7818eeebf7742b821969de7fbff3770e3e71144e049efe871463d6dc357b41fcdee6b2c9d8eeb130c3176a04d843ad3fee67f2742ee14f9f140234

Download Submit
C:\Windows\system\DddwcMV.exe

Filesize
6.0MB

MD5
5cfb0aff134fd90a39cba828b4866877

SHA1
3e6c27de339824462f5065bf984b2f50abb90d11

SHA256
91199061760c97a0edd536bab605ae15e314f00e99f8ceaf7039c364da309288

SHA512
398d57b4272d2935dc51a5b49ca6767c8b72cb00b417aa6bd68414477f3dd157db26dd8940b21a744e09bbc39cb15b14913ca8f3b811803f9eacd2799b6457ea

Download Submit
C:\Windows\system\FbfuQAI.exe

Filesize
6.0MB

MD5
db57225aad58ad35287c109b09048a3f

SHA1
95396c61051d59f3f3e20f5eecaff4f57d9188e0

SHA256
d69cfe0181a5815ce55fc975c6d2fede405f6c86f026da9cd63bab15ada5d217

SHA512
2745a06c5285900095c33e6c006a2f16e769e24757b27dca78d7c55d6f3f3961ebe00bed0db69f4ee8eb119ff59aa6042c4f0db974fd96b318df2e72bad2eb88

Download Submit
C:\Windows\system\NtXkQqd.exe

Filesize
6.0MB

MD5
5f618c87f0b4bb30a6e1136e52074742

SHA1
ac1e979c77cd45b185e158fc0f1a9e19858dd465

SHA256
e215af035df6b923b79b068b9a918d5774dc2b521602936081da9cc544dac6dc

SHA512
4f617556fa0453d979a35d36dadd0b1ccc4583c4bc725aa8c31edc53e47733333dc84e931ca95bcf5856ac984ab3123598a48eb133f3c357123c26e63f59ff85

Download Submit
C:\Windows\system\TOBzIKA.exe

Filesize
6.0MB

MD5
c45a842459c40ee92916089582c0197b

SHA1
dd20098a02c6387d3fa6cf931355c03dc163b69b

SHA256
90459695a257d1ffb5b9430260da980bd945739035f48a21abfc687f04b4d668

SHA512
b8a45d8246c8bc62beb9fecaf8be3e4ff02924d50f711571903f23d52a6f615313d0fa5ce722c0cc1c0b472927cd50f63f38719cb57bc23ebf52e3eab17996d2

Download Submit
C:\Windows\system\VgkccOE.exe

Filesize
6.0MB

MD5
b33e7c04b1d928ee03a5f98bf91ee11a

SHA1
137307511ac8475388beebe4a5f36f1cf9393563

SHA256
3d2c4e1047112eb601285268dff7f7f6b58625488015642b830ce3ccd9359f26

SHA512
3c9d0189dbf55120e6693035caa00175056b8217e35052eb4d81dfd6f6bbb8db7767a43d3ac46d3887c862c29baac8716e70cef9716e2ecc03c55e8c9dc8ac8e

Download Submit
C:\Windows\system\XmrBQrR.exe

Filesize
6.0MB

MD5
9cc80efbcc0d0f1f9d906001a498f3a6

SHA1
d007341f905980a9461c67263ebfd32cc9936f44

SHA256
71d4ba91347583740efb604fb58e72926a389f152dda6138130a03c1be605f7a

SHA512
70a6bc4c0957165f8d4b320ab17d44ecd58f06d842717c7385aca976caea7df3fc93e9bcd8ba2b5560088083f315ae1aaaefbd4ab9739f8a4c786902781958b9

Download Submit
C:\Windows\system\YnrDXpl.exe

Filesize
6.0MB

MD5
7d4655e325f4e38451e97f2b2f8c332b

SHA1
6d481f134a61dec667b07dd86a4aef8ecbe52efa

SHA256
bb978089cad1ffde3ebb8afdb08704cf366c5144e90024ff9c0858439ec9542d

SHA512
b3140c5046b3da83726e32b94456f8bba5169c3978fb8245cefc9eb2c9d692c3c43aadbaf12e6d1b73a65d53510b06824824a767a8ee3e1de3189cfad5b5c0b6

Download Submit
C:\Windows\system\aPMdKsd.exe

Filesize
6.0MB

MD5
e41e10e7a44cdfdd9770d21e8c11cde8

SHA1
511b540f889c81e59428b12cf872b3a2fbe2972b

SHA256
97098468d2ca61214a4687ca1f29dd56eb812520cc3e73162bbefad2d521fb3f

SHA512
9b54832b71b934dce5ac0e03ea1213bb94b40744f41e989904863d90f6f0593b27a7de64be017103942952c47f79e86d55fe4335831741ecb43266a506faa747

Download Submit
C:\Windows\system\bwnknmM.exe

Filesize
6.0MB

MD5
d14c30a1d59581a246de49377547612c

SHA1
df27a2952d8d40c1d6a01b2535b8123fcc8373e0

SHA256
85b6fa7bb0b334a0bd4e661fcdc4d81e097e5d7b5f798c497907b2d355a8a86c

SHA512
c36f11254b69b971534d8f668e79b6b495e6a86462a3a54a0991855da0f216dd38d257d5e719a71616504da2eaff28bfbf14c2217b3c3b56f73ce620ff104132

Download Submit
C:\Windows\system\cKdcZIx.exe

Filesize
6.0MB

MD5
d94bd18114bdc2b1a91e0f56d634c7d3

SHA1
55eb8a7f21e30c4b559400916f8f7f509c411337

SHA256
58108444e4349d6ce2826211a2d6166d12a8a1339dce14fd8282b9502bf1cdfd

SHA512
3396286cfff3d623e76e864aedbca2761ba785ef2b77ca5dd58ef22c69fa9144b45dcfb7a0a721df4ee14f27757ee362ed9063001d59f4bd86ccbbcd4f89f413

Download Submit
C:\Windows\system\chTYtXH.exe

Filesize
6.0MB

MD5
d769af060b1cd96e92a8e2496fae774a

SHA1
ca730a9667993104797d4354646e5629842a2c5f

SHA256
dcdd19e33cc4dde57c7971c8a90320aeed35895826c8478fc11fa40556452c10

SHA512
f69a180a287b91fc0c96a48f91f99d8ab59456d338a65479cc210c9164994c9f2cc7923993a9a184a95b7c021c19ddba2c9cd6c0a82aa4f1c54a6a8987feb4b2

Download Submit
C:\Windows\system\daSFHOn.exe

Filesize
6.0MB

MD5
b25ebbb539afd009993b60debef3c280

SHA1
9b0c6ce6aa2bece76127e3f11733dbb4ef31d32d

SHA256
fd6e190fda9cd68ff89bad8d102816c8cb05633365e6e3c5a9198f4f8dea0863

SHA512
3791cf40032cfc369b8fef221df1fe550399894f43d2bc17c3904b5088d938615f4b13a19663f244ad3b83834872bf31185bbf382f0339f63064b041757b68c2

Download Submit
C:\Windows\system\eIyhXxk.exe

Filesize
6.0MB

MD5
254cef76fb94b83862adeec17485ed8a

SHA1
843e1286043036019266fea1ffbc7f948a50a445

SHA256
6a600047b5ae1cd70fa699ec0b8029c617367118322ebaf6f7abb97764a8c11d

SHA512
5525d384eb71d83bfc95d03affde170e71877aed0a5c76e7a67130ddf8b29631b06c2722bf72070b68b0074ffb1e1201f5ddfca1c51a47118601c9300ea02216

Download Submit
C:\Windows\system\gTZAirI.exe

Filesize
6.0MB

MD5
d7117bda37c3c8ac02a6fae9e1562559

SHA1
48e9dc109079f399a511fde4137950a8052b12d0

SHA256
87f795d502e03186e49ebd55dd89efb365432aa10e1baa6b7ff3d16829bc4431

SHA512
acd1c39f8edf14cf22ef0b2876be13e0c52597bd668719c99b1569e95f06461a93efdbf4922763a30875a22c02bd169b71e4cdc104ff8c5e25dab806107eed2f

Download Submit
C:\Windows\system\hlnuhAg.exe

Filesize
6.0MB

MD5
d3ec14ca0cc46cb2877a8e124a3437c5

SHA1
dec08c48082a8818fa0f018716314c6446ffccd8

SHA256
d4edce76229cb2ae50233031412703c9bb278785b2631fc66e3e7ee68a52bf90

SHA512
d0a7fe030d7641b0519f76818837a43afc68da760ba64b259c67a6f3489b7274dd0f593287aea6d530de6092058f21fcdffc431fb09d59f89f393e4875f4066b

Download Submit
C:\Windows\system\ivxDeIN.exe

Filesize
6.0MB

MD5
8158d559d51a01aa096d8d20b8afeac8

SHA1
2bd523533bc4f45edd7d184cc16078fee689b8b8

SHA256
b6434ad8a6756a7e1dd420d43d6ac7b2d57ae44fa6cbf9c0a98489225dc08886

SHA512
5ece4926d8e1417373dd3adb472e278c39a88c2e90577d9194cb543a300ea5e086e17b63cb714f2f6657041bb16c60ba2330cc4c695a1d141b24d4f72d5b4bb1

Download Submit
C:\Windows\system\lhHLCKy.exe

Filesize
6.0MB

MD5
e59ea7cc2ee5d0a2b6ed7b172b69afcd

SHA1
72f7c5afd786424f0e3121fea65fb70d5dc9cfa8

SHA256
dc79ca563f8a1c67926720c9ad2767638e88544b5a37b2001dce666938853b89

SHA512
db1559f41b4820e7924450693a015a97741e292d6a732fad66ccbb1959070343e9d04829d43c269b505c28fec5c8dfb207ae3b47b0b2942cbf873dc8aafe588b

Download Submit
C:\Windows\system\pTNmSJZ.exe

Filesize
6.0MB

MD5
b76b0f265bfc579b05442acdeac8e0ed

SHA1
1daae82688eb2aee6c111dfa78902d3758a4dce9

SHA256
0896e34d89747a4dc0fb81e433cbbc207a26c6480438cb3785c2bbb913bb1f78

SHA512
6dd85e00ae22bccaeccffa417864a6e4cd8375702450329d350304f0125baa1ac4243ba0f72f54cb4e07f91514982a563b1ce54c8780f4cb9fda1e936962358c

Download Submit
C:\Windows\system\tPrgmWR.exe

Filesize
6.0MB

MD5
d5c00ccbcd314f159b11328971755dd3

SHA1
9984cf0295ac6c3e3a96673f83de80dc0dde8b7d

SHA256
a2792e2a8225d78c263a7427ce4be869ce33d6d0d4e71c620ead1ea34b28f618

SHA512
a4961d7af6ad0db22a8e0f86f7d55ba721a395333abbaf16116d4c44be852b5bd7862da4696d11ffc4d715adf6acfe35a33e9e0d22eaf5cac61d7b9dfb540b61

Download Submit
C:\Windows\system\udYDrhi.exe

Filesize
6.0MB

MD5
13ad5e384a59d2f2411aade4ced8731c

SHA1
c82e51cb404df32098d3b6ad02c05b72ca09cb15

SHA256
aab5694aa543e517e7c94547e3f833e47fcf7de907e30a32cbdaced8d45f3a23

SHA512
68d622498507d007a22104b12ac4aca6af55c2979de619d7a03c6efffc26d3c73d59bc591a95ddc32b87f487dbdad0ec63e4ce648eb87ec22c09c3727b8ee2e8

Download Submit
C:\Windows\system\vsZlHyV.exe

Filesize
6.0MB

MD5
cdc81bfa0879680da64a73d76d4a17c5

SHA1
f63b265b60df04462fa9449587dc8887e29f45b3

SHA256
5414565cb3fc75f7f33cd00bf44e2069c7dee02229f66c58f81634ffb7b4f72f

SHA512
67e8f2ec0d4c9f5dd7fa4b265354a1eccef6610919d39d6ef0392b2b7da7385127e352e835515b4672ea97d9a8b8d9e2df8bf8dc31adc70b5fdb059e0a77ff2a

Download Submit
C:\Windows\system\xQdqNtf.exe

Filesize
6.0MB

MD5
078b2a4414c70a1afb2fa4d6861c5c5f

SHA1
f80e7c260a256b5dafea27a85453aa68b35f0a67

SHA256
bd4a567ee90e9e180680f15776853070128586d95f8b67b8d5e9852659207aaa

SHA512
eba4e959de5f1beeadaba0134cece0792e9461c4d59e9a31ec838f239dbb8adc4b3eeda9e4d1590cd895505aedb9f0db5d4fbde7dcc20f2f35deea47e0bf0e3b

Download Submit
C:\Windows\system\xWXRxaE.exe

Filesize
6.0MB

MD5
d7861c9bff8be170f639af10f5c87fe9

SHA1
8edbce3a18e54cd1b208b9b1c1fc09096244e19b

SHA256
b0705ae59c8372c90d532d2c92271d9b59a13a02a46133ece4092eef6af7eb37

SHA512
e03179ed8daf425b731864bf05a0ecb5787a9b0b42d3f2be125714cf5353957c9a5f69d6ac89652c9335eb13dc4988ba66cd7af494e3547d5268da7b3ce1c159

Download Submit
\Windows\system\PNEOAXA.exe

Filesize
6.0MB

MD5
14cbea09d1c3837e9dd6787d6a0684ce

SHA1
50e80132497a5e89795856e8bbc5099331c9c185

SHA256
a23b6615ae4ca389ee81a2b649d8a1f946c781190902e90f3d0135ea6f960d88

SHA512
cd77d6972b24e7eeb935927bdddae813f683f3b0e2501d54e254065d03e7e6bef085cd7ed4ad41a131dd200d98ae238f297e2e93c4533a54a690b0bb236ea835

Download Submit
\Windows\system\PPbSeqS.exe

Filesize
6.0MB

MD5
5d726bc7cb550448b30ffac9da00c35b

SHA1
16430cf7ae65be204e32a03902c942a48d15f98b

SHA256
a01e2668fa7a41c55012433c2d3a11c7b8b3b8406fdc5d5d2cc7062b9e0be51b

SHA512
decab5ecc67d4619b4b78714c0b3266847ee46bdb4b1109413b87d647b71b15d1b28dbd151f2d658d5657cdd561f04f826a00d7cd81bc60954190f93ef74f51c

Download Submit
\Windows\system\TGiZCkA.exe

Filesize
6.0MB

MD5
b6b0030e77f4c38bc3bb5e3668a535a9

SHA1
4c9b0251f22e18cdb764604192573fc3838f8648

SHA256
59ab3a2b8cd9a73917e5f9f177007fd42f3c96c26da5f94e3c7ec27aefcecf98

SHA512
9966308e755bebac38c4f06e72c8ec133f27eb68a7c02a7438cf85ad87d3ee2ae9b406dc498624eb11203a29584e51d68a48ee7f0d34b254e4797657c4025c66

Download Submit
\Windows\system\ZWxWCJL.exe

Filesize
6.0MB

MD5
9552d2ef532579091ca3f0330de916f1

SHA1
c9d5baa0fe70b1d82f6181b6dd4b6d5c208465f3

SHA256
500393defd51721af31e89b88d5b8668c2d50ecd7ae10e42eececeaac1c5d535

SHA512
204ba52838169b029d9e9c3683f458e1df8a316b1246bc0e18282d47678560d69f65c96b9c1cf18e029b6c0f920863ef056efd5c72369843e953afebefb27cf3

Download Submit
\Windows\system\ceoeEVX.exe

Filesize
6.0MB

MD5
6f76faae2afd210725e20d338553d6c6

SHA1
b67f6b833e2bb265e6966449c9d22767d2f049db

SHA256
413d4afd576e39977f1d661edeefc22f7e8c6ff798f03da9ed57f59b4ed6f079

SHA512
55c9c28f816108ac4c7bd22316bb0c9352b4e1a8acecf8d141ecbafa56013e27da354b0d3393ed30dd58ee9e551a2ac911e5d31d88c74a65f0cadbd71b2e4230

Download Submit
\Windows\system\gLbZxth.exe

Filesize
6.0MB

MD5
6fdbb273e382e417014bd472773c72a3

SHA1
7efa0319c185c36c26c44b16df8904b32e0f0b49

SHA256
93902c102552f4c14e1c20d1fa02205fadea354de21672fb2454e5f22427c7e6

SHA512
71ec04e706e2e6ddd9dc28beafc38129f59c5bccb4335de109ca5df46c6d946001b149a0d0ec0b603c1f71395e26b8933a12784764817341fb0b08ec9a71b908

Download Submit
memory/752-707-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/752-3247-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/752-103-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1320-3214-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-65-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-104-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1520-567-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1520-94-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1520-3252-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1760-89-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-0-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1760-31-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1760-49-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-30-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1760-24-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-60-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-12-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1760-39-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1760-87-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-102-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1760-706-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1760-391-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-93-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1760-101-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-18-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1760-79-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-566-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2164-88-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2164-3229-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3176-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2424-77-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2424-41-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2428-20-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3059-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2428-52-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2444-64-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2444-28-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3186-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2496-95-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3218-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-57-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-8-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3001-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-35-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3172-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-70-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-45-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3049-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2684-14-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-78-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3235-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-229-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2764-71-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3221-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2764-197-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2920-53-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-5305-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download