cobaltstrike | 2abd9b97c3c0ee6b96fda51e7f374fa73792e0a066062ccb2f2a214b9004927e

Analysis

max time kernel
146s
max time network
124s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

91dad2e2bbba3c3b673576d1865f27f1
SHA1

7bc47f05bb1b7f8a8909e551c353d9eebd45ba4b
SHA256

2abd9b97c3c0ee6b96fda51e7f374fa73792e0a066062ccb2f2a214b9004927e
SHA512

96e5b991ecf0c2b0a7c5f53b81050cfef8ca075e5f630b101d53339c904711f1b70cad0ad6f5da2c3e26ccaee73a9dda5ddfad83f14650e1a900fc626a9ff325
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUI:T+q56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 38 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012281-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de8-8.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dea-12.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-45.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001749c-44.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019250-35.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b6-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f0-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019512-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019509-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f1-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019451-94.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d6f-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ee-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-142.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017497-34.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-71.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016df3-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017049-23.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1048-0-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000c000000012281-6.dat	xmrig
behavioral1/files/0x0008000000016de8-8.dat	xmrig
behavioral1/files/0x0009000000016dea-12.dat	xmrig
behavioral1/files/0x0005000000019284-50.dat	xmrig
behavioral1/files/0x0005000000019269-45.dat	xmrig
behavioral1/files/0x000700000001749c-44.dat	xmrig
behavioral1/files/0x0006000000019250-35.dat	xmrig
behavioral1/files/0x00050000000193b6-76.dat	xmrig
behavioral1/memory/1048-843-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0005000000019625-183.dat	xmrig
behavioral1/files/0x0005000000019621-176.dat	xmrig
behavioral1/files/0x0005000000019623-174.dat	xmrig
behavioral1/files/0x00050000000195ab-169.dat	xmrig
behavioral1/files/0x00050000000195f0-167.dat	xmrig
behavioral1/files/0x000500000001958e-160.dat	xmrig
behavioral1/files/0x0005000000019360-156.dat	xmrig
behavioral1/files/0x000500000001950e-154.dat	xmrig
behavioral1/files/0x0005000000019512-152.dat	xmrig
behavioral1/files/0x0005000000019509-144.dat	xmrig
behavioral1/memory/2764-139-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x00050000000194f1-136.dat	xmrig
behavioral1/files/0x00050000000194c9-129.dat	xmrig
behavioral1/memory/1048-123-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2956-122-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2096-121-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a9-118.dat	xmrig
behavioral1/memory/2736-105-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2724-101-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/1048-100-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2836-99-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x00050000000193df-97.dat	xmrig
behavioral1/files/0x00050000000193c4-96.dat	xmrig
behavioral1/files/0x0005000000019451-94.dat	xmrig
behavioral1/memory/2940-88-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d6f-86.dat	xmrig
behavioral1/files/0x0005000000019297-53.dat	xmrig
behavioral1/files/0x0005000000019278-46.dat	xmrig
behavioral1/files/0x0005000000019624-182.dat	xmrig
behavioral1/files/0x000500000001957e-165.dat	xmrig
behavioral1/files/0x0005000000019502-151.dat	xmrig
behavioral1/files/0x00050000000194ee-149.dat	xmrig
behavioral1/files/0x00050000000194b9-142.dat	xmrig
behavioral1/files/0x0007000000017497-34.dat	xmrig
behavioral1/memory/3004-134-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/3052-117-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x0005000000019458-115.dat	xmrig
behavioral1/memory/2400-114-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1680-110-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2480-109-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-72.dat	xmrig
behavioral1/files/0x000500000001933f-71.dat	xmrig
behavioral1/memory/2908-69-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0008000000016df3-32.dat	xmrig
behavioral1/files/0x0007000000017049-23.dat	xmrig
behavioral1/memory/3052-2935-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2956-2951-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2940-2961-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/3004-2964-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2836-2967-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1680-2970-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2400-2976-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2096-2968-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2908-2983-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2400	tSfONEc.exe
3052	srQizTF.exe
2908	UMOKbOT.exe
2940	aLvgQuq.exe
2096	LyflMvJ.exe
2836	OsgTvtd.exe
2956	XmGSKyO.exe
2724	tpWaWIH.exe
3004	xhGuDbf.exe
2736	KgyetQo.exe
2764	oTSsTkj.exe
2480	RrsGRsz.exe
1680	tnNixlz.exe
2688	HuEiNjX.exe
1424	iJyTOhL.exe
2676	zbANtxA.exe
1720	OjwacDt.exe
856	qPgFQaP.exe
1972	laTGiTh.exe
2980	GlydyMM.exe
2304	UCqGdTV.exe
1052	sRmYfXg.exe
2520	cUysxwe.exe
3032	UWERtWv.exe
2668	rVdENDq.exe
1828	rwABbRo.exe
1756	HXvMCnZ.exe
960	iXMEuxQ.exe
1004	BcPaveO.exe
2272	TrreknG.exe
1152	EqlTevV.exe
2012	cvsyult.exe
840	KleZiID.exe
304	jSFbjKX.exe
1572	UbDyXTc.exe
3020	bMwNiAf.exe
1884	GlRYvuY.exe
2608	JtcWyWh.exe
1760	XNYHZTI.exe
2204	ySftYFH.exe
1248	CujDAId.exe
2896	pCBgDud.exe
2220	qkkpMxA.exe
356	KffkNtg.exe
2072	QKuGdDJ.exe
1156	YDrSdbb.exe
2532	cdLteWj.exe
1480	ZouMyKi.exe
892	mbIrfZJ.exe
308	iFGKQrN.exe
1600	JbFVUAX.exe
2540	hMLUdsM.exe
1452	OuhLqwB.exe
1888	apFLdyb.exe
1540	XjYMvBO.exe
2364	YYhjPTJ.exe
2844	XkiltMN.exe
1544	YQtEzRa.exe
2184	xXdjiyp.exe
3064	SClMhBF.exe
2744	HRUrBcM.exe
2340	KelMvTQ.exe
1936	YmchCIi.exe
2988	ESALxHm.exe

Loads dropped DLL 64 IoCs

pid	Process
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1048-0-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000c000000012281-6.dat	upx
behavioral1/files/0x0008000000016de8-8.dat	upx
behavioral1/files/0x0009000000016dea-12.dat	upx
behavioral1/files/0x0005000000019284-50.dat	upx
behavioral1/files/0x0005000000019269-45.dat	upx
behavioral1/files/0x000700000001749c-44.dat	upx
behavioral1/files/0x0006000000019250-35.dat	upx
behavioral1/files/0x00050000000193b6-76.dat	upx
behavioral1/memory/1048-843-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0005000000019625-183.dat	upx
behavioral1/files/0x0005000000019621-176.dat	upx
behavioral1/files/0x0005000000019623-174.dat	upx
behavioral1/files/0x00050000000195ab-169.dat	upx
behavioral1/files/0x00050000000195f0-167.dat	upx
behavioral1/files/0x000500000001958e-160.dat	upx
behavioral1/files/0x0005000000019360-156.dat	upx
behavioral1/files/0x000500000001950e-154.dat	upx
behavioral1/files/0x0005000000019512-152.dat	upx
behavioral1/files/0x0005000000019509-144.dat	upx
behavioral1/memory/2764-139-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x00050000000194f1-136.dat	upx
behavioral1/files/0x00050000000194c9-129.dat	upx
behavioral1/memory/2956-122-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2096-121-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x00050000000194a9-118.dat	upx
behavioral1/memory/2736-105-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2724-101-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2836-99-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x00050000000193df-97.dat	upx
behavioral1/files/0x00050000000193c4-96.dat	upx
behavioral1/files/0x0005000000019451-94.dat	upx
behavioral1/memory/2940-88-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x0009000000016d6f-86.dat	upx
behavioral1/files/0x0005000000019297-53.dat	upx
behavioral1/files/0x0005000000019278-46.dat	upx
behavioral1/files/0x0005000000019624-182.dat	upx
behavioral1/files/0x000500000001957e-165.dat	upx
behavioral1/files/0x0005000000019502-151.dat	upx
behavioral1/files/0x00050000000194ee-149.dat	upx
behavioral1/files/0x00050000000194b9-142.dat	upx
behavioral1/files/0x0007000000017497-34.dat	upx
behavioral1/memory/3004-134-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/3052-117-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x0005000000019458-115.dat	upx
behavioral1/memory/2400-114-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1680-110-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2480-109-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-72.dat	upx
behavioral1/files/0x000500000001933f-71.dat	upx
behavioral1/memory/2908-69-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0008000000016df3-32.dat	upx
behavioral1/files/0x0007000000017049-23.dat	upx
behavioral1/memory/3052-2935-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2956-2951-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2940-2961-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/3004-2964-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2836-2967-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1680-2970-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2400-2976-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2096-2968-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2908-2983-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2480-2987-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2724-2986-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KYxXaht.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIrUUQG.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTrHxtW.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMKXGBk.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGEcmYW.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjPjJef.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywfXBlH.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlRYvuY.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySftYFH.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPncFPW.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkkpMxA.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOwAgAz.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnpvZcR.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDfwcNL.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZyeJSO.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgFyyja.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPyOmEf.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edZPOdo.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHorqWq.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhDYqzn.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWEcNRH.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkrRLMQ.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UVITuHw.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogsYXwU.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYAJvgw.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiXTiWy.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXdfUwx.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZyZtwV.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLQQuEk.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaWCRek.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtBtbVC.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWSXBAF.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKxRxJq.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnudoQf.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjUvDIF.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxiLlhK.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDYpOsW.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwlMnmI.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPmrPPv.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYrAxyC.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krGIsJl.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knCBnqi.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlRnWAp.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHDhzUc.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gooewkf.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIJlvBe.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLOotwe.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwrrVyW.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuTBWlh.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNxUmHd.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLtwMmu.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iylCXRt.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzaUYEf.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcKbgfK.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPJNOlD.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJMHHEu.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSPpVcH.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbcDDpZ.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBSHhEK.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlnqojS.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHbAhGc.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaUnsIN.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaFtwiS.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPirvXk.exe	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 2400	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1048 wrote to memory of 2400	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1048 wrote to memory of 2400	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1048 wrote to memory of 3052	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1048 wrote to memory of 3052	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1048 wrote to memory of 3052	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1048 wrote to memory of 2908	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1048 wrote to memory of 2908	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1048 wrote to memory of 2908	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1048 wrote to memory of 2096	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1048 wrote to memory of 2096	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1048 wrote to memory of 2096	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1048 wrote to memory of 2940	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1048 wrote to memory of 2940	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1048 wrote to memory of 2940	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1048 wrote to memory of 2836	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1048 wrote to memory of 2836	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1048 wrote to memory of 2836	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1048 wrote to memory of 2956	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1048 wrote to memory of 2956	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1048 wrote to memory of 2956	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1048 wrote to memory of 3004	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1048 wrote to memory of 3004	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1048 wrote to memory of 3004	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1048 wrote to memory of 2724	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1048 wrote to memory of 2724	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1048 wrote to memory of 2724	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1048 wrote to memory of 1680	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1048 wrote to memory of 1680	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1048 wrote to memory of 1680	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1048 wrote to memory of 2736	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1048 wrote to memory of 2736	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1048 wrote to memory of 2736	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1048 wrote to memory of 2688	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1048 wrote to memory of 2688	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1048 wrote to memory of 2688	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1048 wrote to memory of 2764	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1048 wrote to memory of 2764	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1048 wrote to memory of 2764	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1048 wrote to memory of 1052	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1048 wrote to memory of 1052	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1048 wrote to memory of 1052	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1048 wrote to memory of 2480	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1048 wrote to memory of 2480	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1048 wrote to memory of 2480	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1048 wrote to memory of 1152	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1048 wrote to memory of 1152	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1048 wrote to memory of 1152	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1048 wrote to memory of 1424	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1048 wrote to memory of 1424	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1048 wrote to memory of 1424	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1048 wrote to memory of 2012	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1048 wrote to memory of 2012	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1048 wrote to memory of 2012	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1048 wrote to memory of 2676	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1048 wrote to memory of 2676	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1048 wrote to memory of 2676	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1048 wrote to memory of 840	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1048 wrote to memory of 840	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1048 wrote to memory of 840	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1048 wrote to memory of 1720	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1048 wrote to memory of 1720	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1048 wrote to memory of 1720	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1048 wrote to memory of 304	1048	2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_91dad2e2bbba3c3b673576d1865f27f1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\System\tSfONEc.exe
  C:\Windows\System\tSfONEc.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\srQizTF.exe
  C:\Windows\System\srQizTF.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\UMOKbOT.exe
  C:\Windows\System\UMOKbOT.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\LyflMvJ.exe
  C:\Windows\System\LyflMvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\aLvgQuq.exe
  C:\Windows\System\aLvgQuq.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\OsgTvtd.exe
  C:\Windows\System\OsgTvtd.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\XmGSKyO.exe
  C:\Windows\System\XmGSKyO.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\xhGuDbf.exe
  C:\Windows\System\xhGuDbf.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\tpWaWIH.exe
  C:\Windows\System\tpWaWIH.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\tnNixlz.exe
  C:\Windows\System\tnNixlz.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\KgyetQo.exe
  C:\Windows\System\KgyetQo.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\HuEiNjX.exe
  C:\Windows\System\HuEiNjX.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\oTSsTkj.exe
  C:\Windows\System\oTSsTkj.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\sRmYfXg.exe
  C:\Windows\System\sRmYfXg.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\RrsGRsz.exe
  C:\Windows\System\RrsGRsz.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\EqlTevV.exe
  C:\Windows\System\EqlTevV.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\iJyTOhL.exe
  C:\Windows\System\iJyTOhL.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\cvsyult.exe
  C:\Windows\System\cvsyult.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\zbANtxA.exe
  C:\Windows\System\zbANtxA.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\KleZiID.exe
  C:\Windows\System\KleZiID.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\OjwacDt.exe
  C:\Windows\System\OjwacDt.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\jSFbjKX.exe
  C:\Windows\System\jSFbjKX.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\qPgFQaP.exe
  C:\Windows\System\qPgFQaP.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\UbDyXTc.exe
  C:\Windows\System\UbDyXTc.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\laTGiTh.exe
  C:\Windows\System\laTGiTh.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\bMwNiAf.exe
  C:\Windows\System\bMwNiAf.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\GlydyMM.exe
  C:\Windows\System\GlydyMM.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\GlRYvuY.exe
  C:\Windows\System\GlRYvuY.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\UCqGdTV.exe
  C:\Windows\System\UCqGdTV.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\JtcWyWh.exe
  C:\Windows\System\JtcWyWh.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\cUysxwe.exe
  C:\Windows\System\cUysxwe.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\XNYHZTI.exe
  C:\Windows\System\XNYHZTI.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\UWERtWv.exe
  C:\Windows\System\UWERtWv.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\ySftYFH.exe
  C:\Windows\System\ySftYFH.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\rVdENDq.exe
  C:\Windows\System\rVdENDq.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\CujDAId.exe
  C:\Windows\System\CujDAId.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\rwABbRo.exe
  C:\Windows\System\rwABbRo.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\pCBgDud.exe
  C:\Windows\System\pCBgDud.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\HXvMCnZ.exe
  C:\Windows\System\HXvMCnZ.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\qkkpMxA.exe
  C:\Windows\System\qkkpMxA.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\iXMEuxQ.exe
  C:\Windows\System\iXMEuxQ.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\KffkNtg.exe
  C:\Windows\System\KffkNtg.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\BcPaveO.exe
  C:\Windows\System\BcPaveO.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\QKuGdDJ.exe
  C:\Windows\System\QKuGdDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\TrreknG.exe
  C:\Windows\System\TrreknG.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\YDrSdbb.exe
  C:\Windows\System\YDrSdbb.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\cdLteWj.exe
  C:\Windows\System\cdLteWj.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\iFGKQrN.exe
  C:\Windows\System\iFGKQrN.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\ZouMyKi.exe
  C:\Windows\System\ZouMyKi.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\hMLUdsM.exe
  C:\Windows\System\hMLUdsM.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\mbIrfZJ.exe
  C:\Windows\System\mbIrfZJ.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\OuhLqwB.exe
  C:\Windows\System\OuhLqwB.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\JbFVUAX.exe
  C:\Windows\System\JbFVUAX.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\apFLdyb.exe
  C:\Windows\System\apFLdyb.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\XjYMvBO.exe
  C:\Windows\System\XjYMvBO.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\YQtEzRa.exe
  C:\Windows\System\YQtEzRa.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\YYhjPTJ.exe
  C:\Windows\System\YYhjPTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\xXdjiyp.exe
  C:\Windows\System\xXdjiyp.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\XkiltMN.exe
  C:\Windows\System\XkiltMN.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\SClMhBF.exe
  C:\Windows\System\SClMhBF.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\HRUrBcM.exe
  C:\Windows\System\HRUrBcM.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\KelMvTQ.exe
  C:\Windows\System\KelMvTQ.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\YmchCIi.exe
  C:\Windows\System\YmchCIi.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\YYtbtNK.exe
  C:\Windows\System\YYtbtNK.exe
  2⤵
  PID:696
- C:\Windows\System\ESALxHm.exe
  C:\Windows\System\ESALxHm.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ubUcCaJ.exe
  C:\Windows\System\ubUcCaJ.exe
  2⤵
  PID:2500
- C:\Windows\System\RzCwtsh.exe
  C:\Windows\System\RzCwtsh.exe
  2⤵
  PID:340
- C:\Windows\System\izBDfDb.exe
  C:\Windows\System\izBDfDb.exe
  2⤵
  PID:2708
- C:\Windows\System\alaqOlY.exe
  C:\Windows\System\alaqOlY.exe
  2⤵
  PID:296
- C:\Windows\System\BKxwxNu.exe
  C:\Windows\System\BKxwxNu.exe
  2⤵
  PID:1684
- C:\Windows\System\rFRIEOM.exe
  C:\Windows\System\rFRIEOM.exe
  2⤵
  PID:2740
- C:\Windows\System\obSedTD.exe
  C:\Windows\System\obSedTD.exe
  2⤵
  PID:888
- C:\Windows\System\IfthaMM.exe
  C:\Windows\System\IfthaMM.exe
  2⤵
  PID:596
- C:\Windows\System\rjEznSf.exe
  C:\Windows\System\rjEznSf.exe
  2⤵
  PID:2900
- C:\Windows\System\SZAgzaC.exe
  C:\Windows\System\SZAgzaC.exe
  2⤵
  PID:2312
- C:\Windows\System\GuWTPwP.exe
  C:\Windows\System\GuWTPwP.exe
  2⤵
  PID:2080
- C:\Windows\System\WtOOvaY.exe
  C:\Windows\System\WtOOvaY.exe
  2⤵
  PID:2568
- C:\Windows\System\mYUHjbv.exe
  C:\Windows\System\mYUHjbv.exe
  2⤵
  PID:1812
- C:\Windows\System\jOmxRTv.exe
  C:\Windows\System\jOmxRTv.exe
  2⤵
  PID:2524
- C:\Windows\System\cDemBVv.exe
  C:\Windows\System\cDemBVv.exe
  2⤵
  PID:2200
- C:\Windows\System\iTnDqjc.exe
  C:\Windows\System\iTnDqjc.exe
  2⤵
  PID:1716
- C:\Windows\System\iGSgbXe.exe
  C:\Windows\System\iGSgbXe.exe
  2⤵
  PID:276
- C:\Windows\System\PrIqERB.exe
  C:\Windows\System\PrIqERB.exe
  2⤵
  PID:2332
- C:\Windows\System\pbJVzNa.exe
  C:\Windows\System\pbJVzNa.exe
  2⤵
  PID:1736
- C:\Windows\System\FzwMMxP.exe
  C:\Windows\System\FzwMMxP.exe
  2⤵
  PID:2124
- C:\Windows\System\jTzElaD.exe
  C:\Windows\System\jTzElaD.exe
  2⤵
  PID:324
- C:\Windows\System\ZGskjbd.exe
  C:\Windows\System\ZGskjbd.exe
  2⤵
  PID:1552
- C:\Windows\System\rvxewaR.exe
  C:\Windows\System\rvxewaR.exe
  2⤵
  PID:2112
- C:\Windows\System\jfOVqvl.exe
  C:\Windows\System\jfOVqvl.exe
  2⤵
  PID:2936
- C:\Windows\System\OMSfrKa.exe
  C:\Windows\System\OMSfrKa.exe
  2⤵
  PID:2236
- C:\Windows\System\MWZhTvw.exe
  C:\Windows\System\MWZhTvw.exe
  2⤵
  PID:1548
- C:\Windows\System\wNxjzLU.exe
  C:\Windows\System\wNxjzLU.exe
  2⤵
  PID:2852
- C:\Windows\System\vghIIaG.exe
  C:\Windows\System\vghIIaG.exe
  2⤵
  PID:1280
- C:\Windows\System\SUfdHWU.exe
  C:\Windows\System\SUfdHWU.exe
  2⤵
  PID:2376
- C:\Windows\System\AWkSdnQ.exe
  C:\Windows\System\AWkSdnQ.exe
  2⤵
  PID:1900
- C:\Windows\System\rcKeKkq.exe
  C:\Windows\System\rcKeKkq.exe
  2⤵
  PID:956
- C:\Windows\System\otnjEic.exe
  C:\Windows\System\otnjEic.exe
  2⤵
  PID:864
- C:\Windows\System\yzaulhr.exe
  C:\Windows\System\yzaulhr.exe
  2⤵
  PID:1212
- C:\Windows\System\PkUMLHA.exe
  C:\Windows\System\PkUMLHA.exe
  2⤵
  PID:2468
- C:\Windows\System\mayqSoS.exe
  C:\Windows\System\mayqSoS.exe
  2⤵
  PID:2092
- C:\Windows\System\ogsYXwU.exe
  C:\Windows\System\ogsYXwU.exe
  2⤵
  PID:1324
- C:\Windows\System\dgQPnnd.exe
  C:\Windows\System\dgQPnnd.exe
  2⤵
  PID:568
- C:\Windows\System\aUpWJuc.exe
  C:\Windows\System\aUpWJuc.exe
  2⤵
  PID:2444
- C:\Windows\System\nNQdxyh.exe
  C:\Windows\System\nNQdxyh.exe
  2⤵
  PID:2544
- C:\Windows\System\MSGeerm.exe
  C:\Windows\System\MSGeerm.exe
  2⤵
  PID:912
- C:\Windows\System\oSDqIyu.exe
  C:\Windows\System\oSDqIyu.exe
  2⤵
  PID:2780
- C:\Windows\System\KPPlSIO.exe
  C:\Windows\System\KPPlSIO.exe
  2⤵
  PID:2296
- C:\Windows\System\zXJXMvm.exe
  C:\Windows\System\zXJXMvm.exe
  2⤵
  PID:1556
- C:\Windows\System\hqLWLvy.exe
  C:\Windows\System\hqLWLvy.exe
  2⤵
  PID:2172
- C:\Windows\System\qjpUiGn.exe
  C:\Windows\System\qjpUiGn.exe
  2⤵
  PID:3088
- C:\Windows\System\QLjSNVm.exe
  C:\Windows\System\QLjSNVm.exe
  2⤵
  PID:3112
- C:\Windows\System\OskWUgl.exe
  C:\Windows\System\OskWUgl.exe
  2⤵
  PID:3128
- C:\Windows\System\WSFaAJK.exe
  C:\Windows\System\WSFaAJK.exe
  2⤵
  PID:3148
- C:\Windows\System\tMFBJHh.exe
  C:\Windows\System\tMFBJHh.exe
  2⤵
  PID:3168
- C:\Windows\System\gzQOmSP.exe
  C:\Windows\System\gzQOmSP.exe
  2⤵
  PID:3188
- C:\Windows\System\mbPIGdi.exe
  C:\Windows\System\mbPIGdi.exe
  2⤵
  PID:3212
- C:\Windows\System\BKaPCaD.exe
  C:\Windows\System\BKaPCaD.exe
  2⤵
  PID:3228
- C:\Windows\System\MhVBOme.exe
  C:\Windows\System\MhVBOme.exe
  2⤵
  PID:3248
- C:\Windows\System\hfADjsJ.exe
  C:\Windows\System\hfADjsJ.exe
  2⤵
  PID:3268
- C:\Windows\System\NRfMLSg.exe
  C:\Windows\System\NRfMLSg.exe
  2⤵
  PID:3284
- C:\Windows\System\pfhSQpb.exe
  C:\Windows\System\pfhSQpb.exe
  2⤵
  PID:3304
- C:\Windows\System\daQiFwN.exe
  C:\Windows\System\daQiFwN.exe
  2⤵
  PID:3320
- C:\Windows\System\VjWlEOr.exe
  C:\Windows\System\VjWlEOr.exe
  2⤵
  PID:3340
- C:\Windows\System\jTVGusW.exe
  C:\Windows\System\jTVGusW.exe
  2⤵
  PID:3364
- C:\Windows\System\BfeffkO.exe
  C:\Windows\System\BfeffkO.exe
  2⤵
  PID:3384
- C:\Windows\System\WGMzyaM.exe
  C:\Windows\System\WGMzyaM.exe
  2⤵
  PID:3408
- C:\Windows\System\ZrAqkXv.exe
  C:\Windows\System\ZrAqkXv.exe
  2⤵
  PID:3424
- C:\Windows\System\MVQGvQW.exe
  C:\Windows\System\MVQGvQW.exe
  2⤵
  PID:3440
- C:\Windows\System\VpdrqXj.exe
  C:\Windows\System\VpdrqXj.exe
  2⤵
  PID:3460
- C:\Windows\System\pkarDLF.exe
  C:\Windows\System\pkarDLF.exe
  2⤵
  PID:3480
- C:\Windows\System\kfcQHwg.exe
  C:\Windows\System\kfcQHwg.exe
  2⤵
  PID:3496
- C:\Windows\System\gOecInj.exe
  C:\Windows\System\gOecInj.exe
  2⤵
  PID:3516
- C:\Windows\System\kMPxQQP.exe
  C:\Windows\System\kMPxQQP.exe
  2⤵
  PID:3536
- C:\Windows\System\WbHQMfZ.exe
  C:\Windows\System\WbHQMfZ.exe
  2⤵
  PID:3568
- C:\Windows\System\aXcmfMB.exe
  C:\Windows\System\aXcmfMB.exe
  2⤵
  PID:3592
- C:\Windows\System\wYlMeNM.exe
  C:\Windows\System\wYlMeNM.exe
  2⤵
  PID:3612
- C:\Windows\System\OIbsukb.exe
  C:\Windows\System\OIbsukb.exe
  2⤵
  PID:3628
- C:\Windows\System\FcJlPqH.exe
  C:\Windows\System\FcJlPqH.exe
  2⤵
  PID:3648
- C:\Windows\System\QSdkDjE.exe
  C:\Windows\System\QSdkDjE.exe
  2⤵
  PID:3668
- C:\Windows\System\kRxFfGK.exe
  C:\Windows\System\kRxFfGK.exe
  2⤵
  PID:3688
- C:\Windows\System\GRBlirF.exe
  C:\Windows\System\GRBlirF.exe
  2⤵
  PID:3708
- C:\Windows\System\bZyZtwV.exe
  C:\Windows\System\bZyZtwV.exe
  2⤵
  PID:3728
- C:\Windows\System\tYRDGvh.exe
  C:\Windows\System\tYRDGvh.exe
  2⤵
  PID:3752
- C:\Windows\System\NUZGLiB.exe
  C:\Windows\System\NUZGLiB.exe
  2⤵
  PID:3772
- C:\Windows\System\VkkPgLP.exe
  C:\Windows\System\VkkPgLP.exe
  2⤵
  PID:3792
- C:\Windows\System\iaLszIS.exe
  C:\Windows\System\iaLszIS.exe
  2⤵
  PID:3812
- C:\Windows\System\HYfcDzn.exe
  C:\Windows\System\HYfcDzn.exe
  2⤵
  PID:3828
- C:\Windows\System\nvBkqWa.exe
  C:\Windows\System\nvBkqWa.exe
  2⤵
  PID:3848
- C:\Windows\System\eHPrfuF.exe
  C:\Windows\System\eHPrfuF.exe
  2⤵
  PID:3872
- C:\Windows\System\zuIoMKx.exe
  C:\Windows\System\zuIoMKx.exe
  2⤵
  PID:3892
- C:\Windows\System\CjUvDIF.exe
  C:\Windows\System\CjUvDIF.exe
  2⤵
  PID:3908
- C:\Windows\System\rsmhUwv.exe
  C:\Windows\System\rsmhUwv.exe
  2⤵
  PID:3928
- C:\Windows\System\ovmRsAE.exe
  C:\Windows\System\ovmRsAE.exe
  2⤵
  PID:3952
- C:\Windows\System\iZvDInM.exe
  C:\Windows\System\iZvDInM.exe
  2⤵
  PID:3972
- C:\Windows\System\rHNKIRs.exe
  C:\Windows\System\rHNKIRs.exe
  2⤵
  PID:3988
- C:\Windows\System\hvdBwpW.exe
  C:\Windows\System\hvdBwpW.exe
  2⤵
  PID:4012
- C:\Windows\System\fvawuCY.exe
  C:\Windows\System\fvawuCY.exe
  2⤵
  PID:4032
- C:\Windows\System\yRrYqng.exe
  C:\Windows\System\yRrYqng.exe
  2⤵
  PID:4052
- C:\Windows\System\TWTVLlI.exe
  C:\Windows\System\TWTVLlI.exe
  2⤵
  PID:4072
- C:\Windows\System\jczKdXl.exe
  C:\Windows\System\jczKdXl.exe
  2⤵
  PID:4088
- C:\Windows\System\LXapTmT.exe
  C:\Windows\System\LXapTmT.exe
  2⤵
  PID:1788
- C:\Windows\System\szYsuoz.exe
  C:\Windows\System\szYsuoz.exe
  2⤵
  PID:2968
- C:\Windows\System\AraDVlD.exe
  C:\Windows\System\AraDVlD.exe
  2⤵
  PID:1428
- C:\Windows\System\ONqZBUR.exe
  C:\Windows\System\ONqZBUR.exe
  2⤵
  PID:1708
- C:\Windows\System\eJOxWZE.exe
  C:\Windows\System\eJOxWZE.exe
  2⤵
  PID:2580
- C:\Windows\System\MsYtcFj.exe
  C:\Windows\System\MsYtcFj.exe
  2⤵
  PID:1904
- C:\Windows\System\JbwAgqC.exe
  C:\Windows\System\JbwAgqC.exe
  2⤵
  PID:2060
- C:\Windows\System\OHVCCNZ.exe
  C:\Windows\System\OHVCCNZ.exe
  2⤵
  PID:2288
- C:\Windows\System\esRVrhj.exe
  C:\Windows\System\esRVrhj.exe
  2⤵
  PID:2660
- C:\Windows\System\LhVBGJE.exe
  C:\Windows\System\LhVBGJE.exe
  2⤵
  PID:896
- C:\Windows\System\IrEuVce.exe
  C:\Windows\System\IrEuVce.exe
  2⤵
  PID:1628
- C:\Windows\System\lrbExfS.exe
  C:\Windows\System\lrbExfS.exe
  2⤵
  PID:1228
- C:\Windows\System\XaIYuen.exe
  C:\Windows\System\XaIYuen.exe
  2⤵
  PID:2612
- C:\Windows\System\XOcqwZB.exe
  C:\Windows\System\XOcqwZB.exe
  2⤵
  PID:3196
- C:\Windows\System\EZsGYNj.exe
  C:\Windows\System\EZsGYNj.exe
  2⤵
  PID:3136
- C:\Windows\System\wIEHsnK.exe
  C:\Windows\System\wIEHsnK.exe
  2⤵
  PID:3244
- C:\Windows\System\TisAIks.exe
  C:\Windows\System\TisAIks.exe
  2⤵
  PID:3276
- C:\Windows\System\bINIxtK.exe
  C:\Windows\System\bINIxtK.exe
  2⤵
  PID:3352
- C:\Windows\System\ggaLomI.exe
  C:\Windows\System\ggaLomI.exe
  2⤵
  PID:3264
- C:\Windows\System\CmcsAmu.exe
  C:\Windows\System\CmcsAmu.exe
  2⤵
  PID:3360
- C:\Windows\System\KserrWb.exe
  C:\Windows\System\KserrWb.exe
  2⤵
  PID:3296
- C:\Windows\System\VnVvvHH.exe
  C:\Windows\System\VnVvvHH.exe
  2⤵
  PID:3400
- C:\Windows\System\CWIiIIX.exe
  C:\Windows\System\CWIiIIX.exe
  2⤵
  PID:3436
- C:\Windows\System\QWPdilJ.exe
  C:\Windows\System\QWPdilJ.exe
  2⤵
  PID:3512
- C:\Windows\System\mFpyXIH.exe
  C:\Windows\System\mFpyXIH.exe
  2⤵
  PID:3528
- C:\Windows\System\qlqGHzl.exe
  C:\Windows\System\qlqGHzl.exe
  2⤵
  PID:3452
- C:\Windows\System\hWfsWTK.exe
  C:\Windows\System\hWfsWTK.exe
  2⤵
  PID:3560
- C:\Windows\System\obxogsl.exe
  C:\Windows\System\obxogsl.exe
  2⤵
  PID:3604
- C:\Windows\System\TaeigWI.exe
  C:\Windows\System\TaeigWI.exe
  2⤵
  PID:3636
- C:\Windows\System\yxkuNNh.exe
  C:\Windows\System\yxkuNNh.exe
  2⤵
  PID:3676
- C:\Windows\System\qTZKEWW.exe
  C:\Windows\System\qTZKEWW.exe
  2⤵
  PID:3764
- C:\Windows\System\NXKTIHq.exe
  C:\Windows\System\NXKTIHq.exe
  2⤵
  PID:3736
- C:\Windows\System\ByGackx.exe
  C:\Windows\System\ByGackx.exe
  2⤵
  PID:3748
- C:\Windows\System\xRSIkLx.exe
  C:\Windows\System\xRSIkLx.exe
  2⤵
  PID:3804
- C:\Windows\System\TntRcMO.exe
  C:\Windows\System\TntRcMO.exe
  2⤵
  PID:3784
- C:\Windows\System\JAMMRvF.exe
  C:\Windows\System\JAMMRvF.exe
  2⤵
  PID:3860
- C:\Windows\System\ivyPBUV.exe
  C:\Windows\System\ivyPBUV.exe
  2⤵
  PID:3916
- C:\Windows\System\fSdsnxH.exe
  C:\Windows\System\fSdsnxH.exe
  2⤵
  PID:3936
- C:\Windows\System\QvXsbCQ.exe
  C:\Windows\System\QvXsbCQ.exe
  2⤵
  PID:3944
- C:\Windows\System\dvpMCqF.exe
  C:\Windows\System\dvpMCqF.exe
  2⤵
  PID:4008
- C:\Windows\System\DXeKYBt.exe
  C:\Windows\System\DXeKYBt.exe
  2⤵
  PID:3980
- C:\Windows\System\ZZEdXUL.exe
  C:\Windows\System\ZZEdXUL.exe
  2⤵
  PID:2616
- C:\Windows\System\zYYebeD.exe
  C:\Windows\System\zYYebeD.exe
  2⤵
  PID:1488
- C:\Windows\System\BLUxAUm.exe
  C:\Windows\System\BLUxAUm.exe
  2⤵
  PID:4028
- C:\Windows\System\bNtGoDm.exe
  C:\Windows\System\bNtGoDm.exe
  2⤵
  PID:4068
- C:\Windows\System\MStKgBI.exe
  C:\Windows\System\MStKgBI.exe
  2⤵
  PID:2436
- C:\Windows\System\BRgdQLk.exe
  C:\Windows\System\BRgdQLk.exe
  2⤵
  PID:1876
- C:\Windows\System\EWyxcpD.exe
  C:\Windows\System\EWyxcpD.exe
  2⤵
  PID:2320
- C:\Windows\System\LoJuGWI.exe
  C:\Windows\System\LoJuGWI.exe
  2⤵
  PID:3164
- C:\Windows\System\eSCFfbI.exe
  C:\Windows\System\eSCFfbI.exe
  2⤵
  PID:3312
- C:\Windows\System\NJUjhkM.exe
  C:\Windows\System\NJUjhkM.exe
  2⤵
  PID:3392
- C:\Windows\System\MVgWuzd.exe
  C:\Windows\System\MVgWuzd.exe
  2⤵
  PID:2536
- C:\Windows\System\LBIINdf.exe
  C:\Windows\System\LBIINdf.exe
  2⤵
  PID:2412
- C:\Windows\System\lUmEUsN.exe
  C:\Windows\System\lUmEUsN.exe
  2⤵
  PID:3140
- C:\Windows\System\vLMxpWf.exe
  C:\Windows\System\vLMxpWf.exe
  2⤵
  PID:3472
- C:\Windows\System\lNdFfJw.exe
  C:\Windows\System\lNdFfJw.exe
  2⤵
  PID:3328
- C:\Windows\System\cqOAkRu.exe
  C:\Windows\System\cqOAkRu.exe
  2⤵
  PID:3600
- C:\Windows\System\nTZYzeu.exe
  C:\Windows\System\nTZYzeu.exe
  2⤵
  PID:3372
- C:\Windows\System\zBEhTVw.exe
  C:\Windows\System\zBEhTVw.exe
  2⤵
  PID:3684
- C:\Windows\System\pVljjPq.exe
  C:\Windows\System\pVljjPq.exe
  2⤵
  PID:3420
- C:\Windows\System\QqBBfKq.exe
  C:\Windows\System\QqBBfKq.exe
  2⤵
  PID:3660
- C:\Windows\System\OVbOKFz.exe
  C:\Windows\System\OVbOKFz.exe
  2⤵
  PID:3780
- C:\Windows\System\KxiLlhK.exe
  C:\Windows\System\KxiLlhK.exe
  2⤵
  PID:3856
- C:\Windows\System\pApXIUP.exe
  C:\Windows\System\pApXIUP.exe
  2⤵
  PID:3900
- C:\Windows\System\FXJKHrN.exe
  C:\Windows\System\FXJKHrN.exe
  2⤵
  PID:3996
- C:\Windows\System\mVHgPFD.exe
  C:\Windows\System\mVHgPFD.exe
  2⤵
  PID:3968
- C:\Windows\System\SwNbmtC.exe
  C:\Windows\System\SwNbmtC.exe
  2⤵
  PID:4044
- C:\Windows\System\padDZcC.exe
  C:\Windows\System\padDZcC.exe
  2⤵
  PID:1560
- C:\Windows\System\RiqjYpF.exe
  C:\Windows\System\RiqjYpF.exe
  2⤵
  PID:4084
- C:\Windows\System\ymYaWjj.exe
  C:\Windows\System\ymYaWjj.exe
  2⤵
  PID:3012
- C:\Windows\System\yVPJVuu.exe
  C:\Windows\System\yVPJVuu.exe
  2⤵
  PID:3200
- C:\Windows\System\BWVQSEm.exe
  C:\Windows\System\BWVQSEm.exe
  2⤵
  PID:3404
- C:\Windows\System\jNcXGFN.exe
  C:\Windows\System\jNcXGFN.exe
  2⤵
  PID:3156
- C:\Windows\System\ksGSXjP.exe
  C:\Windows\System\ksGSXjP.exe
  2⤵
  PID:4104
- C:\Windows\System\UnRMmLi.exe
  C:\Windows\System\UnRMmLi.exe
  2⤵
  PID:4124
- C:\Windows\System\qCOVObb.exe
  C:\Windows\System\qCOVObb.exe
  2⤵
  PID:4144
- C:\Windows\System\uqUbYnQ.exe
  C:\Windows\System\uqUbYnQ.exe
  2⤵
  PID:4164
- C:\Windows\System\SAOnfQK.exe
  C:\Windows\System\SAOnfQK.exe
  2⤵
  PID:4184
- C:\Windows\System\iUlOZeW.exe
  C:\Windows\System\iUlOZeW.exe
  2⤵
  PID:4204
- C:\Windows\System\vkqKmyK.exe
  C:\Windows\System\vkqKmyK.exe
  2⤵
  PID:4224
- C:\Windows\System\jmbJRZU.exe
  C:\Windows\System\jmbJRZU.exe
  2⤵
  PID:4244
- C:\Windows\System\OQOgUyT.exe
  C:\Windows\System\OQOgUyT.exe
  2⤵
  PID:4264
- C:\Windows\System\IZGdqIO.exe
  C:\Windows\System\IZGdqIO.exe
  2⤵
  PID:4284
- C:\Windows\System\EQGBmob.exe
  C:\Windows\System\EQGBmob.exe
  2⤵
  PID:4304
- C:\Windows\System\dYAJvgw.exe
  C:\Windows\System\dYAJvgw.exe
  2⤵
  PID:4324
- C:\Windows\System\VpFJyEu.exe
  C:\Windows\System\VpFJyEu.exe
  2⤵
  PID:4344
- C:\Windows\System\CDgomUq.exe
  C:\Windows\System\CDgomUq.exe
  2⤵
  PID:4364
- C:\Windows\System\gvdstfD.exe
  C:\Windows\System\gvdstfD.exe
  2⤵
  PID:4384
- C:\Windows\System\ZhllTjp.exe
  C:\Windows\System\ZhllTjp.exe
  2⤵
  PID:4404
- C:\Windows\System\XFucUWO.exe
  C:\Windows\System\XFucUWO.exe
  2⤵
  PID:4424
- C:\Windows\System\lTDEnuE.exe
  C:\Windows\System\lTDEnuE.exe
  2⤵
  PID:4448
- C:\Windows\System\IJdJixy.exe
  C:\Windows\System\IJdJixy.exe
  2⤵
  PID:4468
- C:\Windows\System\HRQqVTy.exe
  C:\Windows\System\HRQqVTy.exe
  2⤵
  PID:4488
- C:\Windows\System\tmfsWhN.exe
  C:\Windows\System\tmfsWhN.exe
  2⤵
  PID:4508
- C:\Windows\System\KaWCRek.exe
  C:\Windows\System\KaWCRek.exe
  2⤵
  PID:4528
- C:\Windows\System\Piiukon.exe
  C:\Windows\System\Piiukon.exe
  2⤵
  PID:4548
- C:\Windows\System\dWHFTJy.exe
  C:\Windows\System\dWHFTJy.exe
  2⤵
  PID:4568
- C:\Windows\System\HPNnDuF.exe
  C:\Windows\System\HPNnDuF.exe
  2⤵
  PID:4588
- C:\Windows\System\cjrUJmp.exe
  C:\Windows\System\cjrUJmp.exe
  2⤵
  PID:4608
- C:\Windows\System\NFqhIcd.exe
  C:\Windows\System\NFqhIcd.exe
  2⤵
  PID:4628
- C:\Windows\System\qPDCgAz.exe
  C:\Windows\System\qPDCgAz.exe
  2⤵
  PID:4648
- C:\Windows\System\fIrUUQG.exe
  C:\Windows\System\fIrUUQG.exe
  2⤵
  PID:4668
- C:\Windows\System\dXeRVAp.exe
  C:\Windows\System\dXeRVAp.exe
  2⤵
  PID:4688
- C:\Windows\System\fNImNKF.exe
  C:\Windows\System\fNImNKF.exe
  2⤵
  PID:4708
- C:\Windows\System\kpxoXfl.exe
  C:\Windows\System\kpxoXfl.exe
  2⤵
  PID:4728
- C:\Windows\System\rbaiOtQ.exe
  C:\Windows\System\rbaiOtQ.exe
  2⤵
  PID:4748
- C:\Windows\System\jSdFqUd.exe
  C:\Windows\System\jSdFqUd.exe
  2⤵
  PID:4768
- C:\Windows\System\GjPaLrh.exe
  C:\Windows\System\GjPaLrh.exe
  2⤵
  PID:4788
- C:\Windows\System\FxYERyv.exe
  C:\Windows\System\FxYERyv.exe
  2⤵
  PID:4808
- C:\Windows\System\jdQDTba.exe
  C:\Windows\System\jdQDTba.exe
  2⤵
  PID:4828
- C:\Windows\System\NMbTnsK.exe
  C:\Windows\System\NMbTnsK.exe
  2⤵
  PID:4852
- C:\Windows\System\fRdAHua.exe
  C:\Windows\System\fRdAHua.exe
  2⤵
  PID:4872
- C:\Windows\System\NzihdTo.exe
  C:\Windows\System\NzihdTo.exe
  2⤵
  PID:4892
- C:\Windows\System\MHnodGh.exe
  C:\Windows\System\MHnodGh.exe
  2⤵
  PID:4912
- C:\Windows\System\cCPkmMu.exe
  C:\Windows\System\cCPkmMu.exe
  2⤵
  PID:4932
- C:\Windows\System\cuoMrxC.exe
  C:\Windows\System\cuoMrxC.exe
  2⤵
  PID:4952
- C:\Windows\System\CHSSnjp.exe
  C:\Windows\System\CHSSnjp.exe
  2⤵
  PID:4972
- C:\Windows\System\DxYfxNj.exe
  C:\Windows\System\DxYfxNj.exe
  2⤵
  PID:4992
- C:\Windows\System\DCMLrNP.exe
  C:\Windows\System\DCMLrNP.exe
  2⤵
  PID:5012
- C:\Windows\System\zIXzVsq.exe
  C:\Windows\System\zIXzVsq.exe
  2⤵
  PID:5032
- C:\Windows\System\SQSTwLZ.exe
  C:\Windows\System\SQSTwLZ.exe
  2⤵
  PID:5052
- C:\Windows\System\uhuDmXt.exe
  C:\Windows\System\uhuDmXt.exe
  2⤵
  PID:5072
- C:\Windows\System\QcAmSDN.exe
  C:\Windows\System\QcAmSDN.exe
  2⤵
  PID:5092
- C:\Windows\System\oEJgqWs.exe
  C:\Windows\System\oEJgqWs.exe
  2⤵
  PID:5112
- C:\Windows\System\zlKcDoN.exe
  C:\Windows\System\zlKcDoN.exe
  2⤵
  PID:3096
- C:\Windows\System\MkmAHLg.exe
  C:\Windows\System\MkmAHLg.exe
  2⤵
  PID:3260
- C:\Windows\System\HHRQwZf.exe
  C:\Windows\System\HHRQwZf.exe
  2⤵
  PID:3492
- C:\Windows\System\ExaqlRl.exe
  C:\Windows\System\ExaqlRl.exe
  2⤵
  PID:3584
- C:\Windows\System\auAjZdx.exe
  C:\Windows\System\auAjZdx.exe
  2⤵
  PID:3580
- C:\Windows\System\uLIpmFj.exe
  C:\Windows\System\uLIpmFj.exe
  2⤵
  PID:3768
- C:\Windows\System\VpbwhUo.exe
  C:\Windows\System\VpbwhUo.exe
  2⤵
  PID:3880
- C:\Windows\System\PWVpXyx.exe
  C:\Windows\System\PWVpXyx.exe
  2⤵
  PID:3788
- C:\Windows\System\twATJMJ.exe
  C:\Windows\System\twATJMJ.exe
  2⤵
  PID:792
- C:\Windows\System\oLkMemW.exe
  C:\Windows\System\oLkMemW.exe
  2⤵
  PID:2212
- C:\Windows\System\rJbSzLw.exe
  C:\Windows\System\rJbSzLw.exe
  2⤵
  PID:3336
- C:\Windows\System\SNLYBBj.exe
  C:\Windows\System\SNLYBBj.exe
  2⤵
  PID:708
- C:\Windows\System\aALQBpW.exe
  C:\Windows\System\aALQBpW.exe
  2⤵
  PID:940
- C:\Windows\System\uxMEALF.exe
  C:\Windows\System\uxMEALF.exe
  2⤵
  PID:4116
- C:\Windows\System\ILTEegH.exe
  C:\Windows\System\ILTEegH.exe
  2⤵
  PID:4160
- C:\Windows\System\GkJxBsz.exe
  C:\Windows\System\GkJxBsz.exe
  2⤵
  PID:4220
- C:\Windows\System\jDGZZzS.exe
  C:\Windows\System\jDGZZzS.exe
  2⤵
  PID:4292
- C:\Windows\System\uEZEkxs.exe
  C:\Windows\System\uEZEkxs.exe
  2⤵
  PID:4192
- C:\Windows\System\vPWdHHv.exe
  C:\Windows\System\vPWdHHv.exe
  2⤵
  PID:4240
- C:\Windows\System\HNGfYzr.exe
  C:\Windows\System\HNGfYzr.exe
  2⤵
  PID:4312
- C:\Windows\System\dzSerZy.exe
  C:\Windows\System\dzSerZy.exe
  2⤵
  PID:4356
- C:\Windows\System\aBGaueo.exe
  C:\Windows\System\aBGaueo.exe
  2⤵
  PID:4412
- C:\Windows\System\FUMtmpU.exe
  C:\Windows\System\FUMtmpU.exe
  2⤵
  PID:2128
- C:\Windows\System\GIMJyzL.exe
  C:\Windows\System\GIMJyzL.exe
  2⤵
  PID:4460
- C:\Windows\System\cAvYSuI.exe
  C:\Windows\System\cAvYSuI.exe
  2⤵
  PID:4480
- C:\Windows\System\YMVORzT.exe
  C:\Windows\System\YMVORzT.exe
  2⤵
  PID:4520
- C:\Windows\System\GvoOpxA.exe
  C:\Windows\System\GvoOpxA.exe
  2⤵
  PID:4564
- C:\Windows\System\xaqhiTp.exe
  C:\Windows\System\xaqhiTp.exe
  2⤵
  PID:4600
- C:\Windows\System\YMNTnvJ.exe
  C:\Windows\System\YMNTnvJ.exe
  2⤵
  PID:4644
- C:\Windows\System\iqjQUre.exe
  C:\Windows\System\iqjQUre.exe
  2⤵
  PID:4700
- C:\Windows\System\zkMZzQv.exe
  C:\Windows\System\zkMZzQv.exe
  2⤵
  PID:4780
- C:\Windows\System\CSdCmLx.exe
  C:\Windows\System\CSdCmLx.exe
  2⤵
  PID:4868
- C:\Windows\System\oiQTRyx.exe
  C:\Windows\System\oiQTRyx.exe
  2⤵
  PID:4940
- C:\Windows\System\XiLGbCk.exe
  C:\Windows\System\XiLGbCk.exe
  2⤵
  PID:4984
- C:\Windows\System\drTmXOr.exe
  C:\Windows\System\drTmXOr.exe
  2⤵
  PID:4676
- C:\Windows\System\LxTWTTX.exe
  C:\Windows\System\LxTWTTX.exe
  2⤵
  PID:4724
- C:\Windows\System\AUIYLTd.exe
  C:\Windows\System\AUIYLTd.exe
  2⤵
  PID:5068
- C:\Windows\System\Rdxnmfd.exe
  C:\Windows\System\Rdxnmfd.exe
  2⤵
  PID:4880
- C:\Windows\System\doIIkGU.exe
  C:\Windows\System\doIIkGU.exe
  2⤵
  PID:5104
- C:\Windows\System\NgEBgiL.exe
  C:\Windows\System\NgEBgiL.exe
  2⤵
  PID:4928
- C:\Windows\System\mPqafSC.exe
  C:\Windows\System\mPqafSC.exe
  2⤵
  PID:5000
- C:\Windows\System\qQxvWPI.exe
  C:\Windows\System\qQxvWPI.exe
  2⤵
  PID:5044
- C:\Windows\System\RkVhnDE.exe
  C:\Windows\System\RkVhnDE.exe
  2⤵
  PID:3144
- C:\Windows\System\StFJIYG.exe
  C:\Windows\System\StFJIYG.exe
  2⤵
  PID:3240
- C:\Windows\System\rxgdjpW.exe
  C:\Windows\System\rxgdjpW.exe
  2⤵
  PID:3656
- C:\Windows\System\ZaByUFE.exe
  C:\Windows\System\ZaByUFE.exe
  2⤵
  PID:3884
- C:\Windows\System\wGhColk.exe
  C:\Windows\System\wGhColk.exe
  2⤵
  PID:3124
- C:\Windows\System\hJGSuTS.exe
  C:\Windows\System\hJGSuTS.exe
  2⤵
  PID:2336
- C:\Windows\System\EWpAajQ.exe
  C:\Windows\System\EWpAajQ.exe
  2⤵
  PID:2848
- C:\Windows\System\imPIcKF.exe
  C:\Windows\System\imPIcKF.exe
  2⤵
  PID:4176
- C:\Windows\System\QGaFHeO.exe
  C:\Windows\System\QGaFHeO.exe
  2⤵
  PID:4172
- C:\Windows\System\UEKqznR.exe
  C:\Windows\System\UEKqznR.exe
  2⤵
  PID:4340
- C:\Windows\System\ZALYGQJ.exe
  C:\Windows\System\ZALYGQJ.exe
  2⤵
  PID:4196
- C:\Windows\System\WIVZzGi.exe
  C:\Windows\System\WIVZzGi.exe
  2⤵
  PID:4352
- C:\Windows\System\YtRrqas.exe
  C:\Windows\System\YtRrqas.exe
  2⤵
  PID:4400
- C:\Windows\System\LicqpoM.exe
  C:\Windows\System\LicqpoM.exe
  2⤵
  PID:4436
- C:\Windows\System\OxDmccc.exe
  C:\Windows\System\OxDmccc.exe
  2⤵
  PID:4616
- C:\Windows\System\YkvijcH.exe
  C:\Windows\System\YkvijcH.exe
  2⤵
  PID:4524
- C:\Windows\System\qDQpHYy.exe
  C:\Windows\System\qDQpHYy.exe
  2⤵
  PID:4656
- C:\Windows\System\jmKeOGU.exe
  C:\Windows\System\jmKeOGU.exe
  2⤵
  PID:4740
- C:\Windows\System\ZcmttNC.exe
  C:\Windows\System\ZcmttNC.exe
  2⤵
  PID:4904
- C:\Windows\System\dUhTbIP.exe
  C:\Windows\System\dUhTbIP.exe
  2⤵
  PID:5024
- C:\Windows\System\jrvknNS.exe
  C:\Windows\System\jrvknNS.exe
  2⤵
  PID:4760
- C:\Windows\System\GXhprix.exe
  C:\Windows\System\GXhprix.exe
  2⤵
  PID:4840
- C:\Windows\System\GSaAylr.exe
  C:\Windows\System\GSaAylr.exe
  2⤵
  PID:3256
- C:\Windows\System\ltWiyaL.exe
  C:\Windows\System\ltWiyaL.exe
  2⤵
  PID:5136
- C:\Windows\System\UUsiRJB.exe
  C:\Windows\System\UUsiRJB.exe
  2⤵
  PID:5156
- C:\Windows\System\supDSUI.exe
  C:\Windows\System\supDSUI.exe
  2⤵
  PID:5176
- C:\Windows\System\qczsYTH.exe
  C:\Windows\System\qczsYTH.exe
  2⤵
  PID:5196
- C:\Windows\System\LxYEoLn.exe
  C:\Windows\System\LxYEoLn.exe
  2⤵
  PID:5216
- C:\Windows\System\JSWkAuH.exe
  C:\Windows\System\JSWkAuH.exe
  2⤵
  PID:5236
- C:\Windows\System\YIdXBon.exe
  C:\Windows\System\YIdXBon.exe
  2⤵
  PID:5256
- C:\Windows\System\GrxQOtW.exe
  C:\Windows\System\GrxQOtW.exe
  2⤵
  PID:5276
- C:\Windows\System\krodeWH.exe
  C:\Windows\System\krodeWH.exe
  2⤵
  PID:5296
- C:\Windows\System\TMKXGBk.exe
  C:\Windows\System\TMKXGBk.exe
  2⤵
  PID:5316
- C:\Windows\System\whPKfEA.exe
  C:\Windows\System\whPKfEA.exe
  2⤵
  PID:5336
- C:\Windows\System\ZCumCRB.exe
  C:\Windows\System\ZCumCRB.exe
  2⤵
  PID:5360
- C:\Windows\System\saRMXiU.exe
  C:\Windows\System\saRMXiU.exe
  2⤵
  PID:5380
- C:\Windows\System\WNnSeEU.exe
  C:\Windows\System\WNnSeEU.exe
  2⤵
  PID:5400
- C:\Windows\System\JENtpCp.exe
  C:\Windows\System\JENtpCp.exe
  2⤵
  PID:5420
- C:\Windows\System\kwOLFJL.exe
  C:\Windows\System\kwOLFJL.exe
  2⤵
  PID:5440
- C:\Windows\System\obYxZep.exe
  C:\Windows\System\obYxZep.exe
  2⤵
  PID:5460
- C:\Windows\System\IEvhGFy.exe
  C:\Windows\System\IEvhGFy.exe
  2⤵
  PID:5480
- C:\Windows\System\hXNFwGH.exe
  C:\Windows\System\hXNFwGH.exe
  2⤵
  PID:5500
- C:\Windows\System\IEVmWLL.exe
  C:\Windows\System\IEVmWLL.exe
  2⤵
  PID:5520
- C:\Windows\System\knQZDAi.exe
  C:\Windows\System\knQZDAi.exe
  2⤵
  PID:5540
- C:\Windows\System\MutvmAW.exe
  C:\Windows\System\MutvmAW.exe
  2⤵
  PID:5560
- C:\Windows\System\vkeYGOh.exe
  C:\Windows\System\vkeYGOh.exe
  2⤵
  PID:5580
- C:\Windows\System\llthsiB.exe
  C:\Windows\System\llthsiB.exe
  2⤵
  PID:5600
- C:\Windows\System\WnFTGVK.exe
  C:\Windows\System\WnFTGVK.exe
  2⤵
  PID:5620
- C:\Windows\System\keEPZHT.exe
  C:\Windows\System\keEPZHT.exe
  2⤵
  PID:5640
- C:\Windows\System\zVYHPzn.exe
  C:\Windows\System\zVYHPzn.exe
  2⤵
  PID:5660
- C:\Windows\System\lhtdlUo.exe
  C:\Windows\System\lhtdlUo.exe
  2⤵
  PID:5680
- C:\Windows\System\jbAtTqr.exe
  C:\Windows\System\jbAtTqr.exe
  2⤵
  PID:5700
- C:\Windows\System\yZwwelh.exe
  C:\Windows\System\yZwwelh.exe
  2⤵
  PID:5720
- C:\Windows\System\sKBzMtL.exe
  C:\Windows\System\sKBzMtL.exe
  2⤵
  PID:5740
- C:\Windows\System\KSjyLwz.exe
  C:\Windows\System\KSjyLwz.exe
  2⤵
  PID:5760
- C:\Windows\System\kwbYqHU.exe
  C:\Windows\System\kwbYqHU.exe
  2⤵
  PID:5780
- C:\Windows\System\QKMRCbF.exe
  C:\Windows\System\QKMRCbF.exe
  2⤵
  PID:5800
- C:\Windows\System\XZvvqiA.exe
  C:\Windows\System\XZvvqiA.exe
  2⤵
  PID:5820
- C:\Windows\System\atRaQZG.exe
  C:\Windows\System\atRaQZG.exe
  2⤵
  PID:5840
- C:\Windows\System\EcMNoma.exe
  C:\Windows\System\EcMNoma.exe
  2⤵
  PID:5860
- C:\Windows\System\kWfmqxr.exe
  C:\Windows\System\kWfmqxr.exe
  2⤵
  PID:5880
- C:\Windows\System\fGOodMk.exe
  C:\Windows\System\fGOodMk.exe
  2⤵
  PID:5900
- C:\Windows\System\cEYslKU.exe
  C:\Windows\System\cEYslKU.exe
  2⤵
  PID:5916
- C:\Windows\System\UzXyynH.exe
  C:\Windows\System\UzXyynH.exe
  2⤵
  PID:5940
- C:\Windows\System\URxaXTR.exe
  C:\Windows\System\URxaXTR.exe
  2⤵
  PID:5960
- C:\Windows\System\XxAJNdz.exe
  C:\Windows\System\XxAJNdz.exe
  2⤵
  PID:5980
- C:\Windows\System\BtbOMYS.exe
  C:\Windows\System\BtbOMYS.exe
  2⤵
  PID:6000
- C:\Windows\System\MNHmpbx.exe
  C:\Windows\System\MNHmpbx.exe
  2⤵
  PID:6020
- C:\Windows\System\ixGEhkj.exe
  C:\Windows\System\ixGEhkj.exe
  2⤵
  PID:6040
- C:\Windows\System\Yjxierx.exe
  C:\Windows\System\Yjxierx.exe
  2⤵
  PID:6060
- C:\Windows\System\oEAuleK.exe
  C:\Windows\System\oEAuleK.exe
  2⤵
  PID:6084
- C:\Windows\System\wOiVbtD.exe
  C:\Windows\System\wOiVbtD.exe
  2⤵
  PID:6104
- C:\Windows\System\KCNKhop.exe
  C:\Windows\System\KCNKhop.exe
  2⤵
  PID:6124
- C:\Windows\System\WIGxZCj.exe
  C:\Windows\System\WIGxZCj.exe
  2⤵
  PID:4960
- C:\Windows\System\NrsmbeA.exe
  C:\Windows\System\NrsmbeA.exe
  2⤵
  PID:5048
- C:\Windows\System\OenPzqc.exe
  C:\Windows\System\OenPzqc.exe
  2⤵
  PID:3620
- C:\Windows\System\lMQElrG.exe
  C:\Windows\System\lMQElrG.exe
  2⤵
  PID:3724
- C:\Windows\System\VJUbdsx.exe
  C:\Windows\System\VJUbdsx.exe
  2⤵
  PID:3888
- C:\Windows\System\vwicHXj.exe
  C:\Windows\System\vwicHXj.exe
  2⤵
  PID:3236
- C:\Windows\System\QedNHbx.exe
  C:\Windows\System\QedNHbx.exe
  2⤵
  PID:3084
- C:\Windows\System\Ezpewcf.exe
  C:\Windows\System\Ezpewcf.exe
  2⤵
  PID:4256
- C:\Windows\System\zqksuiu.exe
  C:\Windows\System\zqksuiu.exe
  2⤵
  PID:4280
- C:\Windows\System\yPubAca.exe
  C:\Windows\System\yPubAca.exe
  2⤵
  PID:4416
- C:\Windows\System\KLWSUXK.exe
  C:\Windows\System\KLWSUXK.exe
  2⤵
  PID:4556
- C:\Windows\System\WnQskkS.exe
  C:\Windows\System\WnQskkS.exe
  2⤵
  PID:4580
- C:\Windows\System\wglxZef.exe
  C:\Windows\System\wglxZef.exe
  2⤵
  PID:4860
- C:\Windows\System\DHvGxIR.exe
  C:\Windows\System\DHvGxIR.exe
  2⤵
  PID:4944
- C:\Windows\System\KdWExVd.exe
  C:\Windows\System\KdWExVd.exe
  2⤵
  PID:4680
- C:\Windows\System\sjnPjHW.exe
  C:\Windows\System\sjnPjHW.exe
  2⤵
  PID:4764
- C:\Windows\System\RZSOaZf.exe
  C:\Windows\System\RZSOaZf.exe
  2⤵
  PID:5144
- C:\Windows\System\igfMIiH.exe
  C:\Windows\System\igfMIiH.exe
  2⤵
  PID:5168
- C:\Windows\System\lRxxeYA.exe
  C:\Windows\System\lRxxeYA.exe
  2⤵
  PID:5212
- C:\Windows\System\TtgEurW.exe
  C:\Windows\System\TtgEurW.exe
  2⤵
  PID:5244
- C:\Windows\System\YZtAFnW.exe
  C:\Windows\System\YZtAFnW.exe
  2⤵
  PID:5268
- C:\Windows\System\hGzrJJW.exe
  C:\Windows\System\hGzrJJW.exe
  2⤵
  PID:5288
- C:\Windows\System\sZBZUym.exe
  C:\Windows\System\sZBZUym.exe
  2⤵
  PID:5328
- C:\Windows\System\ymlTKnG.exe
  C:\Windows\System\ymlTKnG.exe
  2⤵
  PID:5376
- C:\Windows\System\nalCEql.exe
  C:\Windows\System\nalCEql.exe
  2⤵
  PID:5416
- C:\Windows\System\XWlDYiq.exe
  C:\Windows\System\XWlDYiq.exe
  2⤵
  PID:5448
- C:\Windows\System\EfTFyIj.exe
  C:\Windows\System\EfTFyIj.exe
  2⤵
  PID:5472
- C:\Windows\System\xHZRkuo.exe
  C:\Windows\System\xHZRkuo.exe
  2⤵
  PID:5516
- C:\Windows\System\rnMQudZ.exe
  C:\Windows\System\rnMQudZ.exe
  2⤵
  PID:5532
- C:\Windows\System\jKMUsaI.exe
  C:\Windows\System\jKMUsaI.exe
  2⤵
  PID:5596
- C:\Windows\System\xwXBgDc.exe
  C:\Windows\System\xwXBgDc.exe
  2⤵
  PID:5608
- C:\Windows\System\HYgvuLz.exe
  C:\Windows\System\HYgvuLz.exe
  2⤵
  PID:5648
- C:\Windows\System\zZFRMMM.exe
  C:\Windows\System\zZFRMMM.exe
  2⤵
  PID:5672
- C:\Windows\System\RLhrWNF.exe
  C:\Windows\System\RLhrWNF.exe
  2⤵
  PID:5712
- C:\Windows\System\qKcSfcb.exe
  C:\Windows\System\qKcSfcb.exe
  2⤵
  PID:5756
- C:\Windows\System\IyzKJaw.exe
  C:\Windows\System\IyzKJaw.exe
  2⤵
  PID:5776
- C:\Windows\System\DdwvceN.exe
  C:\Windows\System\DdwvceN.exe
  2⤵
  PID:5836
- C:\Windows\System\iTlXJoe.exe
  C:\Windows\System\iTlXJoe.exe
  2⤵
  PID:5868
- C:\Windows\System\gcCwAZL.exe
  C:\Windows\System\gcCwAZL.exe
  2⤵
  PID:5888
- C:\Windows\System\eXlsrtd.exe
  C:\Windows\System\eXlsrtd.exe
  2⤵
  PID:5924
- C:\Windows\System\LFJjncR.exe
  C:\Windows\System\LFJjncR.exe
  2⤵
  PID:5956
- C:\Windows\System\SRNTgVM.exe
  C:\Windows\System\SRNTgVM.exe
  2⤵
  PID:5996
- C:\Windows\System\MxWAiII.exe
  C:\Windows\System\MxWAiII.exe
  2⤵
  PID:6016
- C:\Windows\System\urCBNcI.exe
  C:\Windows\System\urCBNcI.exe
  2⤵
  PID:6056
- C:\Windows\System\ZYhYiDC.exe
  C:\Windows\System\ZYhYiDC.exe
  2⤵
  PID:6112
- C:\Windows\System\NwPbJRC.exe
  C:\Windows\System\NwPbJRC.exe
  2⤵
  PID:6116
- C:\Windows\System\UmjhGsm.exe
  C:\Windows\System\UmjhGsm.exe
  2⤵
  PID:5004
- C:\Windows\System\VFJnLcN.exe
  C:\Windows\System\VFJnLcN.exe
  2⤵
  PID:3720
- C:\Windows\System\thxnzjJ.exe
  C:\Windows\System\thxnzjJ.exe
  2⤵
  PID:3868
- C:\Windows\System\mJLcXhR.exe
  C:\Windows\System\mJLcXhR.exe
  2⤵
  PID:2796
- C:\Windows\System\BwgERVa.exe
  C:\Windows\System\BwgERVa.exe
  2⤵
  PID:4272
- C:\Windows\System\EVgiYny.exe
  C:\Windows\System\EVgiYny.exe
  2⤵
  PID:4396
- C:\Windows\System\FOITrby.exe
  C:\Windows\System\FOITrby.exe
  2⤵
  PID:4540
- C:\Windows\System\TSLcGdf.exe
  C:\Windows\System\TSLcGdf.exe
  2⤵
  PID:4744
- C:\Windows\System\hNxUmHd.exe
  C:\Windows\System\hNxUmHd.exe
  2⤵
  PID:4988
- C:\Windows\System\PIcCDjE.exe
  C:\Windows\System\PIcCDjE.exe
  2⤵
  PID:5124
- C:\Windows\System\sOlrKQk.exe
  C:\Windows\System\sOlrKQk.exe
  2⤵
  PID:5172
- C:\Windows\System\rCLjjEk.exe
  C:\Windows\System\rCLjjEk.exe
  2⤵
  PID:5232
- C:\Windows\System\FZmhtsC.exe
  C:\Windows\System\FZmhtsC.exe
  2⤵
  PID:5272
- C:\Windows\System\SaVcBaJ.exe
  C:\Windows\System\SaVcBaJ.exe
  2⤵
  PID:5348
- C:\Windows\System\GbxFUEm.exe
  C:\Windows\System\GbxFUEm.exe
  2⤵
  PID:5392
- C:\Windows\System\WTFdIpv.exe
  C:\Windows\System\WTFdIpv.exe
  2⤵
  PID:5436
- C:\Windows\System\kZhdqtb.exe
  C:\Windows\System\kZhdqtb.exe
  2⤵
  PID:5508
- C:\Windows\System\XRIWrep.exe
  C:\Windows\System\XRIWrep.exe
  2⤵
  PID:5552
- C:\Windows\System\VJTSGXO.exe
  C:\Windows\System\VJTSGXO.exe
  2⤵
  PID:5572
- C:\Windows\System\TiiAGUK.exe
  C:\Windows\System\TiiAGUK.exe
  2⤵
  PID:5676
- C:\Windows\System\rVeTPUt.exe
  C:\Windows\System\rVeTPUt.exe
  2⤵
  PID:5748
- C:\Windows\System\cgeKkyg.exe
  C:\Windows\System\cgeKkyg.exe
  2⤵
  PID:5792
- C:\Windows\System\jSUsxMA.exe
  C:\Windows\System\jSUsxMA.exe
  2⤵
  PID:5832
- C:\Windows\System\mQrjWht.exe
  C:\Windows\System\mQrjWht.exe
  2⤵
  PID:5892
- C:\Windows\System\rOvjzHx.exe
  C:\Windows\System\rOvjzHx.exe
  2⤵
  PID:5988
- C:\Windows\System\iuJTWRW.exe
  C:\Windows\System\iuJTWRW.exe
  2⤵
  PID:6036
- C:\Windows\System\paPGWVU.exe
  C:\Windows\System\paPGWVU.exe
  2⤵
  PID:6100
- C:\Windows\System\mgWlPQj.exe
  C:\Windows\System\mgWlPQj.exe
  2⤵
  PID:6140
- C:\Windows\System\EvOiUYB.exe
  C:\Windows\System\EvOiUYB.exe
  2⤵
  PID:3080
- C:\Windows\System\TXjeovP.exe
  C:\Windows\System\TXjeovP.exe
  2⤵
  PID:4120
- C:\Windows\System\wsiqnPM.exe
  C:\Windows\System\wsiqnPM.exe
  2⤵
  PID:4440
- C:\Windows\System\IMPKKGk.exe
  C:\Windows\System\IMPKKGk.exe
  2⤵
  PID:4620
- C:\Windows\System\ePGxRBE.exe
  C:\Windows\System\ePGxRBE.exe
  2⤵
  PID:4800
- C:\Windows\System\XNHXKxd.exe
  C:\Windows\System\XNHXKxd.exe
  2⤵
  PID:5132
- C:\Windows\System\THVWxlu.exe
  C:\Windows\System\THVWxlu.exe
  2⤵
  PID:6164
- C:\Windows\System\EbqoJxZ.exe
  C:\Windows\System\EbqoJxZ.exe
  2⤵
  PID:6184
- C:\Windows\System\wlRnWAp.exe
  C:\Windows\System\wlRnWAp.exe
  2⤵
  PID:6204
- C:\Windows\System\BbATviV.exe
  C:\Windows\System\BbATviV.exe
  2⤵
  PID:6224
- C:\Windows\System\bRNBJqE.exe
  C:\Windows\System\bRNBJqE.exe
  2⤵
  PID:6244
- C:\Windows\System\IOwAgAz.exe
  C:\Windows\System\IOwAgAz.exe
  2⤵
  PID:6264
- C:\Windows\System\fehWbLK.exe
  C:\Windows\System\fehWbLK.exe
  2⤵
  PID:6284
- C:\Windows\System\YeRDnhT.exe
  C:\Windows\System\YeRDnhT.exe
  2⤵
  PID:6304
- C:\Windows\System\THxnsra.exe
  C:\Windows\System\THxnsra.exe
  2⤵
  PID:6324
- C:\Windows\System\otovWYZ.exe
  C:\Windows\System\otovWYZ.exe
  2⤵
  PID:6344
- C:\Windows\System\VeUxrkW.exe
  C:\Windows\System\VeUxrkW.exe
  2⤵
  PID:6364
- C:\Windows\System\teuqCoR.exe
  C:\Windows\System\teuqCoR.exe
  2⤵
  PID:6384
- C:\Windows\System\YobLggz.exe
  C:\Windows\System\YobLggz.exe
  2⤵
  PID:6404
- C:\Windows\System\DZoaeam.exe
  C:\Windows\System\DZoaeam.exe
  2⤵
  PID:6424
- C:\Windows\System\qYLBAhJ.exe
  C:\Windows\System\qYLBAhJ.exe
  2⤵
  PID:6444
- C:\Windows\System\ySVuTSm.exe
  C:\Windows\System\ySVuTSm.exe
  2⤵
  PID:6464
- C:\Windows\System\LggjzNd.exe
  C:\Windows\System\LggjzNd.exe
  2⤵
  PID:6484
- C:\Windows\System\tEMyPjy.exe
  C:\Windows\System\tEMyPjy.exe
  2⤵
  PID:6504
- C:\Windows\System\NZrpLMF.exe
  C:\Windows\System\NZrpLMF.exe
  2⤵
  PID:6524
- C:\Windows\System\tmMDybm.exe
  C:\Windows\System\tmMDybm.exe
  2⤵
  PID:6544
- C:\Windows\System\aGqmTeX.exe
  C:\Windows\System\aGqmTeX.exe
  2⤵
  PID:6564
- C:\Windows\System\ZVrnCKG.exe
  C:\Windows\System\ZVrnCKG.exe
  2⤵
  PID:6588
- C:\Windows\System\gwegkhH.exe
  C:\Windows\System\gwegkhH.exe
  2⤵
  PID:6608
- C:\Windows\System\HbBZlYt.exe
  C:\Windows\System\HbBZlYt.exe
  2⤵
  PID:6628
- C:\Windows\System\HFjdahX.exe
  C:\Windows\System\HFjdahX.exe
  2⤵
  PID:6648
- C:\Windows\System\WslBlfn.exe
  C:\Windows\System\WslBlfn.exe
  2⤵
  PID:6668
- C:\Windows\System\afiJLth.exe
  C:\Windows\System\afiJLth.exe
  2⤵
  PID:6688
- C:\Windows\System\MayfSWD.exe
  C:\Windows\System\MayfSWD.exe
  2⤵
  PID:6708
- C:\Windows\System\BFasNrA.exe
  C:\Windows\System\BFasNrA.exe
  2⤵
  PID:6728
- C:\Windows\System\lBGWCYk.exe
  C:\Windows\System\lBGWCYk.exe
  2⤵
  PID:6748
- C:\Windows\System\XxgOfnr.exe
  C:\Windows\System\XxgOfnr.exe
  2⤵
  PID:6768
- C:\Windows\System\BuDyQLX.exe
  C:\Windows\System\BuDyQLX.exe
  2⤵
  PID:6788
- C:\Windows\System\YLtwMmu.exe
  C:\Windows\System\YLtwMmu.exe
  2⤵
  PID:6808
- C:\Windows\System\nnZWSgG.exe
  C:\Windows\System\nnZWSgG.exe
  2⤵
  PID:6828
- C:\Windows\System\XEjCFab.exe
  C:\Windows\System\XEjCFab.exe
  2⤵
  PID:6848
- C:\Windows\System\VEXjhDZ.exe
  C:\Windows\System\VEXjhDZ.exe
  2⤵
  PID:6868
- C:\Windows\System\aWiGrXb.exe
  C:\Windows\System\aWiGrXb.exe
  2⤵
  PID:6888
- C:\Windows\System\HABymHS.exe
  C:\Windows\System\HABymHS.exe
  2⤵
  PID:6908
- C:\Windows\System\KxoWflF.exe
  C:\Windows\System\KxoWflF.exe
  2⤵
  PID:6928
- C:\Windows\System\AJApNcW.exe
  C:\Windows\System\AJApNcW.exe
  2⤵
  PID:6948
- C:\Windows\System\nHorqWq.exe
  C:\Windows\System\nHorqWq.exe
  2⤵
  PID:6968
- C:\Windows\System\gLWLuMZ.exe
  C:\Windows\System\gLWLuMZ.exe
  2⤵
  PID:6988
- C:\Windows\System\mechFLi.exe
  C:\Windows\System\mechFLi.exe
  2⤵
  PID:7008
- C:\Windows\System\arDiwrc.exe
  C:\Windows\System\arDiwrc.exe
  2⤵
  PID:7028
- C:\Windows\System\zGQYjNp.exe
  C:\Windows\System\zGQYjNp.exe
  2⤵
  PID:7048
- C:\Windows\System\kewiyel.exe
  C:\Windows\System\kewiyel.exe
  2⤵
  PID:7068
- C:\Windows\System\decxClp.exe
  C:\Windows\System\decxClp.exe
  2⤵
  PID:7088
- C:\Windows\System\TLcGjOn.exe
  C:\Windows\System\TLcGjOn.exe
  2⤵
  PID:7108
- C:\Windows\System\BqncvXx.exe
  C:\Windows\System\BqncvXx.exe
  2⤵
  PID:7128
- C:\Windows\System\VLQduzu.exe
  C:\Windows\System\VLQduzu.exe
  2⤵
  PID:7148
- C:\Windows\System\hZLoyov.exe
  C:\Windows\System\hZLoyov.exe
  2⤵
  PID:5148
- C:\Windows\System\bglRJEy.exe
  C:\Windows\System\bglRJEy.exe
  2⤵
  PID:5188
- C:\Windows\System\bedpPhi.exe
  C:\Windows\System\bedpPhi.exe
  2⤵
  PID:5264
- C:\Windows\System\VByIgKk.exe
  C:\Windows\System\VByIgKk.exe
  2⤵
  PID:5428
- C:\Windows\System\tVyxVvM.exe
  C:\Windows\System\tVyxVvM.exe
  2⤵
  PID:5452
- C:\Windows\System\KHuDhyK.exe
  C:\Windows\System\KHuDhyK.exe
  2⤵
  PID:5652
- C:\Windows\System\AadiMbO.exe
  C:\Windows\System\AadiMbO.exe
  2⤵
  PID:5716
- C:\Windows\System\uoLmEUb.exe
  C:\Windows\System\uoLmEUb.exe
  2⤵
  PID:5812
- C:\Windows\System\DovfHsI.exe
  C:\Windows\System\DovfHsI.exe
  2⤵
  PID:5852
- C:\Windows\System\ZYgljIE.exe
  C:\Windows\System\ZYgljIE.exe
  2⤵
  PID:5948
- C:\Windows\System\UKeeHBS.exe
  C:\Windows\System\UKeeHBS.exe
  2⤵
  PID:6032
- C:\Windows\System\fvhrLjb.exe
  C:\Windows\System\fvhrLjb.exe
  2⤵
  PID:1980
- C:\Windows\System\wkXhLaK.exe
  C:\Windows\System\wkXhLaK.exe
  2⤵
  PID:4132
- C:\Windows\System\VhGnOHy.exe
  C:\Windows\System\VhGnOHy.exe
  2⤵
  PID:4496
- C:\Windows\System\nHiUAwt.exe
  C:\Windows\System\nHiUAwt.exe
  2⤵
  PID:4696
- C:\Windows\System\mxqDXFR.exe
  C:\Windows\System\mxqDXFR.exe
  2⤵
  PID:6192
- C:\Windows\System\phXbmiV.exe
  C:\Windows\System\phXbmiV.exe
  2⤵
  PID:6216
- C:\Windows\System\ZzyjosR.exe
  C:\Windows\System\ZzyjosR.exe
  2⤵
  PID:6260
- C:\Windows\System\ZMWGrKr.exe
  C:\Windows\System\ZMWGrKr.exe
  2⤵
  PID:6276
- C:\Windows\System\FzymWNc.exe
  C:\Windows\System\FzymWNc.exe
  2⤵
  PID:6320
- C:\Windows\System\xWmtTEp.exe
  C:\Windows\System\xWmtTEp.exe
  2⤵
  PID:6352
- C:\Windows\System\lZRGiBx.exe
  C:\Windows\System\lZRGiBx.exe
  2⤵
  PID:6376
- C:\Windows\System\YkPhfOD.exe
  C:\Windows\System\YkPhfOD.exe
  2⤵
  PID:6400
- C:\Windows\System\lbMPyWL.exe
  C:\Windows\System\lbMPyWL.exe
  2⤵
  PID:6460
- C:\Windows\System\oBHCYzx.exe
  C:\Windows\System\oBHCYzx.exe
  2⤵
  PID:6492
- C:\Windows\System\WNtZjrK.exe
  C:\Windows\System\WNtZjrK.exe
  2⤵
  PID:2176
- C:\Windows\System\hQfazwT.exe
  C:\Windows\System\hQfazwT.exe
  2⤵
  PID:6516
- C:\Windows\System\URayjEs.exe
  C:\Windows\System\URayjEs.exe
  2⤵
  PID:6572
- C:\Windows\System\RXuQJAQ.exe
  C:\Windows\System\RXuQJAQ.exe
  2⤵
  PID:6604
- C:\Windows\System\IHbAhGc.exe
  C:\Windows\System\IHbAhGc.exe
  2⤵
  PID:6644
- C:\Windows\System\XQtaFhS.exe
  C:\Windows\System\XQtaFhS.exe
  2⤵
  PID:6676
- C:\Windows\System\cdUWuTR.exe
  C:\Windows\System\cdUWuTR.exe
  2⤵
  PID:6700
- C:\Windows\System\qYvxJtj.exe
  C:\Windows\System\qYvxJtj.exe
  2⤵
  PID:6724
- C:\Windows\System\PqatQXA.exe
  C:\Windows\System\PqatQXA.exe
  2⤵
  PID:6760
- C:\Windows\System\UpktfPc.exe
  C:\Windows\System\UpktfPc.exe
  2⤵
  PID:6804
- C:\Windows\System\ZEgxthH.exe
  C:\Windows\System\ZEgxthH.exe
  2⤵
  PID:6836
- C:\Windows\System\UybXopk.exe
  C:\Windows\System\UybXopk.exe
  2⤵
  PID:6860
- C:\Windows\System\vuytxTb.exe
  C:\Windows\System\vuytxTb.exe
  2⤵
  PID:6904
- C:\Windows\System\pqQkkYa.exe
  C:\Windows\System\pqQkkYa.exe
  2⤵
  PID:6920
- C:\Windows\System\VdSqCuU.exe
  C:\Windows\System\VdSqCuU.exe
  2⤵
  PID:6964
- C:\Windows\System\KCEzQdS.exe
  C:\Windows\System\KCEzQdS.exe
  2⤵
  PID:7004
- C:\Windows\System\SOsrLaG.exe
  C:\Windows\System\SOsrLaG.exe
  2⤵
  PID:7036
- C:\Windows\System\NpODGnE.exe
  C:\Windows\System\NpODGnE.exe
  2⤵
  PID:7064
- C:\Windows\System\GgvanKX.exe
  C:\Windows\System\GgvanKX.exe
  2⤵
  PID:7084
- C:\Windows\System\VYoqdWx.exe
  C:\Windows\System\VYoqdWx.exe
  2⤵
  PID:7136
- C:\Windows\System\hCEsneD.exe
  C:\Windows\System\hCEsneD.exe
  2⤵
  PID:7160
- C:\Windows\System\gooewkf.exe
  C:\Windows\System\gooewkf.exe
  2⤵
  PID:5324
- C:\Windows\System\CsaTrpJ.exe
  C:\Windows\System\CsaTrpJ.exe
  2⤵
  PID:5432
- C:\Windows\System\CNkoJFo.exe
  C:\Windows\System\CNkoJFo.exe
  2⤵
  PID:5556
- C:\Windows\System\gogCszs.exe
  C:\Windows\System\gogCszs.exe
  2⤵
  PID:5592
- C:\Windows\System\OHUcTbe.exe
  C:\Windows\System\OHUcTbe.exe
  2⤵
  PID:5908
- C:\Windows\System\tbpZGkJ.exe
  C:\Windows\System\tbpZGkJ.exe
  2⤵
  PID:6008
- C:\Windows\System\xAXoOCz.exe
  C:\Windows\System\xAXoOCz.exe
  2⤵
  PID:5040
- C:\Windows\System\lxYYMmZ.exe
  C:\Windows\System\lxYYMmZ.exe
  2⤵
  PID:1620
- C:\Windows\System\HGNtNTr.exe
  C:\Windows\System\HGNtNTr.exe
  2⤵
  PID:6160
- C:\Windows\System\waVXzsX.exe
  C:\Windows\System\waVXzsX.exe
  2⤵
  PID:6196
- C:\Windows\System\xDMTvJg.exe
  C:\Windows\System\xDMTvJg.exe
  2⤵
  PID:6292
- C:\Windows\System\ccvlnqv.exe
  C:\Windows\System\ccvlnqv.exe
  2⤵
  PID:2404
- C:\Windows\System\PvwKiPG.exe
  C:\Windows\System\PvwKiPG.exe
  2⤵
  PID:6340
- C:\Windows\System\sGBprZj.exe
  C:\Windows\System\sGBprZj.exe
  2⤵
  PID:1372
- C:\Windows\System\YeMQUeh.exe
  C:\Windows\System\YeMQUeh.exe
  2⤵
  PID:6476
- C:\Windows\System\vrTOUGU.exe
  C:\Windows\System\vrTOUGU.exe
  2⤵
  PID:6552
- C:\Windows\System\aIJUOSc.exe
  C:\Windows\System\aIJUOSc.exe
  2⤵
  PID:6580
- C:\Windows\System\KmVnPuA.exe
  C:\Windows\System\KmVnPuA.exe
  2⤵
  PID:6704
- C:\Windows\System\cZfLIvB.exe
  C:\Windows\System\cZfLIvB.exe
  2⤵
  PID:6740
- C:\Windows\System\TdHzCRB.exe
  C:\Windows\System\TdHzCRB.exe
  2⤵
  PID:6736
- C:\Windows\System\TchldSF.exe
  C:\Windows\System\TchldSF.exe
  2⤵
  PID:2476
- C:\Windows\System\eKYilNT.exe
  C:\Windows\System\eKYilNT.exe
  2⤵
  PID:6884
- C:\Windows\System\WaUnsIN.exe
  C:\Windows\System\WaUnsIN.exe
  2⤵
  PID:6924
- C:\Windows\System\WTTzlAG.exe
  C:\Windows\System\WTTzlAG.exe
  2⤵
  PID:7020
- C:\Windows\System\IXloajZ.exe
  C:\Windows\System\IXloajZ.exe
  2⤵
  PID:7076
- C:\Windows\System\snzvSpV.exe
  C:\Windows\System\snzvSpV.exe
  2⤵
  PID:7040
- C:\Windows\System\LNyeanb.exe
  C:\Windows\System\LNyeanb.exe
  2⤵
  PID:7124
- C:\Windows\System\QqDSiEh.exe
  C:\Windows\System\QqDSiEh.exe
  2⤵
  PID:1740
- C:\Windows\System\vTvBZnf.exe
  C:\Windows\System\vTvBZnf.exe
  2⤵
  PID:5692
- C:\Windows\System\fuQiCOV.exe
  C:\Windows\System\fuQiCOV.exe
  2⤵
  PID:5732
- C:\Windows\System\ykjtOvx.exe
  C:\Windows\System\ykjtOvx.exe
  2⤵
  PID:4964
- C:\Windows\System\mwuzDml.exe
  C:\Windows\System\mwuzDml.exe
  2⤵
  PID:1268
- C:\Windows\System\zjufNiw.exe
  C:\Windows\System\zjufNiw.exe
  2⤵
  PID:6172
- C:\Windows\System\KROqOWv.exe
  C:\Windows\System\KROqOWv.exe
  2⤵
  PID:6312
- C:\Windows\System\WSfhxXa.exe
  C:\Windows\System\WSfhxXa.exe
  2⤵
  PID:6452
- C:\Windows\System\WHDhzUc.exe
  C:\Windows\System\WHDhzUc.exe
  2⤵
  PID:6496
- C:\Windows\System\ntymeeh.exe
  C:\Windows\System\ntymeeh.exe
  2⤵
  PID:6624
- C:\Windows\System\fIvuHld.exe
  C:\Windows\System\fIvuHld.exe
  2⤵
  PID:6596
- C:\Windows\System\uUWFMWn.exe
  C:\Windows\System\uUWFMWn.exe
  2⤵
  PID:2760
- C:\Windows\System\JTtBRhy.exe
  C:\Windows\System\JTtBRhy.exe
  2⤵
  PID:6820
- C:\Windows\System\PXDGOkh.exe
  C:\Windows\System\PXDGOkh.exe
  2⤵
  PID:6976
- C:\Windows\System\gjjPwti.exe
  C:\Windows\System\gjjPwti.exe
  2⤵
  PID:536
- C:\Windows\System\DMcQYsI.exe
  C:\Windows\System\DMcQYsI.exe
  2⤵
  PID:6916
- C:\Windows\System\ctZFPyI.exe
  C:\Windows\System\ctZFPyI.exe
  2⤵
  PID:6956
- C:\Windows\System\VbztYIW.exe
  C:\Windows\System\VbztYIW.exe
  2⤵
  PID:2460
- C:\Windows\System\qpKDkle.exe
  C:\Windows\System\qpKDkle.exe
  2⤵
  PID:7164
- C:\Windows\System\cUJXzwp.exe
  C:\Windows\System\cUJXzwp.exe
  2⤵
  PID:7116
- C:\Windows\System\VXlGwun.exe
  C:\Windows\System\VXlGwun.exe
  2⤵
  PID:6136
- C:\Windows\System\VMIzuLo.exe
  C:\Windows\System\VMIzuLo.exe
  2⤵
  PID:4232
- C:\Windows\System\zoIphyi.exe
  C:\Windows\System\zoIphyi.exe
  2⤵
  PID:6028
- C:\Windows\System\YleLrSt.exe
  C:\Windows\System\YleLrSt.exe
  2⤵
  PID:6380
- C:\Windows\System\KMLZAZL.exe
  C:\Windows\System\KMLZAZL.exe
  2⤵
  PID:6456
- C:\Windows\System\RTrHxtW.exe
  C:\Windows\System\RTrHxtW.exe
  2⤵
  PID:6776
- C:\Windows\System\eXWgEkM.exe
  C:\Windows\System\eXWgEkM.exe
  2⤵
  PID:320
- C:\Windows\System\HjjPdzw.exe
  C:\Windows\System\HjjPdzw.exe
  2⤵
  PID:6880
- C:\Windows\System\ubblSgX.exe
  C:\Windows\System\ubblSgX.exe
  2⤵
  PID:580
- C:\Windows\System\brLAaCU.exe
  C:\Windows\System\brLAaCU.exe
  2⤵
  PID:7180
- C:\Windows\System\TZOWMZX.exe
  C:\Windows\System\TZOWMZX.exe
  2⤵
  PID:7200
- C:\Windows\System\uatfcTr.exe
  C:\Windows\System\uatfcTr.exe
  2⤵
  PID:7220
- C:\Windows\System\helVzNl.exe
  C:\Windows\System\helVzNl.exe
  2⤵
  PID:7240
- C:\Windows\System\DDPfHDi.exe
  C:\Windows\System\DDPfHDi.exe
  2⤵
  PID:7264
- C:\Windows\System\NPOwinK.exe
  C:\Windows\System\NPOwinK.exe
  2⤵
  PID:7284
- C:\Windows\System\rtAmxNy.exe
  C:\Windows\System\rtAmxNy.exe
  2⤵
  PID:7300
- C:\Windows\System\QgWtGJB.exe
  C:\Windows\System\QgWtGJB.exe
  2⤵
  PID:7324
- C:\Windows\System\ZfsKTpM.exe
  C:\Windows\System\ZfsKTpM.exe
  2⤵
  PID:7344
- C:\Windows\System\IskkBOz.exe
  C:\Windows\System\IskkBOz.exe
  2⤵
  PID:7360
- C:\Windows\System\WqzprrF.exe
  C:\Windows\System\WqzprrF.exe
  2⤵
  PID:7380
- C:\Windows\System\XkzTTUc.exe
  C:\Windows\System\XkzTTUc.exe
  2⤵
  PID:7404
- C:\Windows\System\VczWdgn.exe
  C:\Windows\System\VczWdgn.exe
  2⤵
  PID:7420
- C:\Windows\System\HmHhsTI.exe
  C:\Windows\System\HmHhsTI.exe
  2⤵
  PID:7444
- C:\Windows\System\gGlRKNc.exe
  C:\Windows\System\gGlRKNc.exe
  2⤵
  PID:7464
- C:\Windows\System\tgPfcgr.exe
  C:\Windows\System\tgPfcgr.exe
  2⤵
  PID:7484
- C:\Windows\System\AwlMnmI.exe
  C:\Windows\System\AwlMnmI.exe
  2⤵
  PID:7500
- C:\Windows\System\ajpXlaf.exe
  C:\Windows\System\ajpXlaf.exe
  2⤵
  PID:7524
- C:\Windows\System\tJyKdex.exe
  C:\Windows\System\tJyKdex.exe
  2⤵
  PID:7544
- C:\Windows\System\fOMyUIL.exe
  C:\Windows\System\fOMyUIL.exe
  2⤵
  PID:7564
- C:\Windows\System\WvUBHyS.exe
  C:\Windows\System\WvUBHyS.exe
  2⤵
  PID:7584
- C:\Windows\System\MeNZDXl.exe
  C:\Windows\System\MeNZDXl.exe
  2⤵
  PID:7604
- C:\Windows\System\mVvzKkj.exe
  C:\Windows\System\mVvzKkj.exe
  2⤵
  PID:7624
- C:\Windows\System\pqDSimD.exe
  C:\Windows\System\pqDSimD.exe
  2⤵
  PID:7644
- C:\Windows\System\kjxuxjQ.exe
  C:\Windows\System\kjxuxjQ.exe
  2⤵
  PID:7664
- C:\Windows\System\ygrfBPD.exe
  C:\Windows\System\ygrfBPD.exe
  2⤵
  PID:7684
- C:\Windows\System\ANgotVv.exe
  C:\Windows\System\ANgotVv.exe
  2⤵
  PID:7704
- C:\Windows\System\hWLiptH.exe
  C:\Windows\System\hWLiptH.exe
  2⤵
  PID:7724
- C:\Windows\System\eViVRsG.exe
  C:\Windows\System\eViVRsG.exe
  2⤵
  PID:7744
- C:\Windows\System\nbbqRLX.exe
  C:\Windows\System\nbbqRLX.exe
  2⤵
  PID:7760
- C:\Windows\System\HLjoMdr.exe
  C:\Windows\System\HLjoMdr.exe
  2⤵
  PID:7780
- C:\Windows\System\gyHnOWr.exe
  C:\Windows\System\gyHnOWr.exe
  2⤵
  PID:7800
- C:\Windows\System\JpPYzyv.exe
  C:\Windows\System\JpPYzyv.exe
  2⤵
  PID:7828
- C:\Windows\System\ecIXhOF.exe
  C:\Windows\System\ecIXhOF.exe
  2⤵
  PID:7844
- C:\Windows\System\YjsvrAG.exe
  C:\Windows\System\YjsvrAG.exe
  2⤵
  PID:7868
- C:\Windows\System\YklIfab.exe
  C:\Windows\System\YklIfab.exe
  2⤵
  PID:7888
- C:\Windows\System\NKQQnaa.exe
  C:\Windows\System\NKQQnaa.exe
  2⤵
  PID:7908
- C:\Windows\System\AZCTtgc.exe
  C:\Windows\System\AZCTtgc.exe
  2⤵
  PID:7928
- C:\Windows\System\beMtiNz.exe
  C:\Windows\System\beMtiNz.exe
  2⤵
  PID:7952
- C:\Windows\System\OZJnlOm.exe
  C:\Windows\System\OZJnlOm.exe
  2⤵
  PID:7972
- C:\Windows\System\BwXkVqn.exe
  C:\Windows\System\BwXkVqn.exe
  2⤵
  PID:7992
- C:\Windows\System\GASNPbE.exe
  C:\Windows\System\GASNPbE.exe
  2⤵
  PID:8012
- C:\Windows\System\loloLCr.exe
  C:\Windows\System\loloLCr.exe
  2⤵
  PID:8032
- C:\Windows\System\EYdMBXw.exe
  C:\Windows\System\EYdMBXw.exe
  2⤵
  PID:8052
- C:\Windows\System\TUXOqQJ.exe
  C:\Windows\System\TUXOqQJ.exe
  2⤵
  PID:8072
- C:\Windows\System\tOCXfTS.exe
  C:\Windows\System\tOCXfTS.exe
  2⤵
  PID:8092
- C:\Windows\System\SZXIedu.exe
  C:\Windows\System\SZXIedu.exe
  2⤵
  PID:8112
- C:\Windows\System\pnkUWZs.exe
  C:\Windows\System\pnkUWZs.exe
  2⤵
  PID:8132
- C:\Windows\System\SimMTBm.exe
  C:\Windows\System\SimMTBm.exe
  2⤵
  PID:8152
- C:\Windows\System\fyHzWNz.exe
  C:\Windows\System\fyHzWNz.exe
  2⤵
  PID:8172
- C:\Windows\System\zUzwIkn.exe
  C:\Windows\System\zUzwIkn.exe
  2⤵
  PID:332
- C:\Windows\System\TxIDebx.exe
  C:\Windows\System\TxIDebx.exe
  2⤵
  PID:6980
- C:\Windows\System\rsrrdhK.exe
  C:\Windows\System\rsrrdhK.exe
  2⤵
  PID:5496
- C:\Windows\System\mhZycEs.exe
  C:\Windows\System\mhZycEs.exe
  2⤵
  PID:6280
- C:\Windows\System\uolqOEs.exe
  C:\Windows\System\uolqOEs.exe
  2⤵
  PID:4604
- C:\Windows\System\BZqbdHR.exe
  C:\Windows\System\BZqbdHR.exe
  2⤵
  PID:6800
- C:\Windows\System\EZNVOMV.exe
  C:\Windows\System\EZNVOMV.exe
  2⤵
  PID:1724
- C:\Windows\System\ZhsLGjB.exe
  C:\Windows\System\ZhsLGjB.exe
  2⤵
  PID:7188
- C:\Windows\System\fCCvcJn.exe
  C:\Windows\System\fCCvcJn.exe
  2⤵
  PID:7176
- C:\Windows\System\eNuHjVd.exe
  C:\Windows\System\eNuHjVd.exe
  2⤵
  PID:7236
- C:\Windows\System\RLZxbLH.exe
  C:\Windows\System\RLZxbLH.exe
  2⤵
  PID:7248
- C:\Windows\System\gjTNqBW.exe
  C:\Windows\System\gjTNqBW.exe
  2⤵
  PID:7252
- C:\Windows\System\tqoiYwa.exe
  C:\Windows\System\tqoiYwa.exe
  2⤵
  PID:7296
- C:\Windows\System\cTMNQop.exe
  C:\Windows\System\cTMNQop.exe
  2⤵
  PID:7396
- C:\Windows\System\TBsLWSn.exe
  C:\Windows\System\TBsLWSn.exe
  2⤵
  PID:7368
- C:\Windows\System\hEfzUFs.exe
  C:\Windows\System\hEfzUFs.exe
  2⤵
  PID:7440
- C:\Windows\System\ECgRvIo.exe
  C:\Windows\System\ECgRvIo.exe
  2⤵
  PID:7472
- C:\Windows\System\eCHYerd.exe
  C:\Windows\System\eCHYerd.exe
  2⤵
  PID:7520
- C:\Windows\System\xUExWkW.exe
  C:\Windows\System\xUExWkW.exe
  2⤵
  PID:7492
- C:\Windows\System\QvjzUep.exe
  C:\Windows\System\QvjzUep.exe
  2⤵
  PID:7540
- C:\Windows\System\AstKFmh.exe
  C:\Windows\System\AstKFmh.exe
  2⤵
  PID:7572
- C:\Windows\System\OhMbXhZ.exe
  C:\Windows\System\OhMbXhZ.exe
  2⤵
  PID:7580
- C:\Windows\System\HuTspQq.exe
  C:\Windows\System\HuTspQq.exe
  2⤵
  PID:7620
- C:\Windows\System\hOGNkzu.exe
  C:\Windows\System\hOGNkzu.exe
  2⤵
  PID:7656
- C:\Windows\System\TkgfxQa.exe
  C:\Windows\System\TkgfxQa.exe
  2⤵
  PID:7752
- C:\Windows\System\PBtdRln.exe
  C:\Windows\System\PBtdRln.exe
  2⤵
  PID:7796
- C:\Windows\System\brdwnBy.exe
  C:\Windows\System\brdwnBy.exe
  2⤵
  PID:7772
- C:\Windows\System\qfjwatr.exe
  C:\Windows\System\qfjwatr.exe
  2⤵
  PID:7816
- C:\Windows\System\umMazIC.exe
  C:\Windows\System\umMazIC.exe
  2⤵
  PID:2068
- C:\Windows\System\sGgWtTj.exe
  C:\Windows\System\sGgWtTj.exe
  2⤵
  PID:7924
- C:\Windows\System\mwKdgoK.exe
  C:\Windows\System\mwKdgoK.exe
  2⤵
  PID:7896
- C:\Windows\System\hkRarsW.exe
  C:\Windows\System\hkRarsW.exe
  2⤵
  PID:7964
- C:\Windows\System\KHKXxiK.exe
  C:\Windows\System\KHKXxiK.exe
  2⤵
  PID:7988
- C:\Windows\System\rRsNtMq.exe
  C:\Windows\System\rRsNtMq.exe
  2⤵
  PID:8048
- C:\Windows\System\YBbiBFP.exe
  C:\Windows\System\YBbiBFP.exe
  2⤵
  PID:8080
- C:\Windows\System\qPyOmEf.exe
  C:\Windows\System\qPyOmEf.exe
  2⤵
  PID:8084
- C:\Windows\System\HuTyWDE.exe
  C:\Windows\System\HuTyWDE.exe
  2⤵
  PID:8124
- C:\Windows\System\fILtpIT.exe
  C:\Windows\System\fILtpIT.exe
  2⤵
  PID:8140
- C:\Windows\System\ECjhLLn.exe
  C:\Windows\System\ECjhLLn.exe
  2⤵
  PID:7056
- C:\Windows\System\WtdEwnC.exe
  C:\Windows\System\WtdEwnC.exe
  2⤵
  PID:5292
- C:\Windows\System\aCsjCut.exe
  C:\Windows\System\aCsjCut.exe
  2⤵
  PID:6272
- C:\Windows\System\gVpyEji.exe
  C:\Windows\System\gVpyEji.exe
  2⤵
  PID:6072
- C:\Windows\System\UZClmvG.exe
  C:\Windows\System\UZClmvG.exe
  2⤵
  PID:6780
- C:\Windows\System\GyNMRHG.exe
  C:\Windows\System\GyNMRHG.exe
  2⤵
  PID:7208
- C:\Windows\System\ueydpQM.exe
  C:\Windows\System\ueydpQM.exe
  2⤵
  PID:7276
- C:\Windows\System\WLpiVJy.exe
  C:\Windows\System\WLpiVJy.exe
  2⤵
  PID:7356
- C:\Windows\System\IwDpjsK.exe
  C:\Windows\System\IwDpjsK.exe
  2⤵
  PID:7316
- C:\Windows\System\LoJQxYr.exe
  C:\Windows\System\LoJQxYr.exe
  2⤵
  PID:7432
- C:\Windows\System\SCMhvxx.exe
  C:\Windows\System\SCMhvxx.exe
  2⤵
  PID:2104
- C:\Windows\System\VbwwDnU.exe
  C:\Windows\System\VbwwDnU.exe
  2⤵
  PID:7532
- C:\Windows\System\CRsbquj.exe
  C:\Windows\System\CRsbquj.exe
  2⤵
  PID:7596
- C:\Windows\System\exbZfEb.exe
  C:\Windows\System\exbZfEb.exe
  2⤵
  PID:7672
- C:\Windows\System\EXAljrz.exe
  C:\Windows\System\EXAljrz.exe
  2⤵
  PID:7680
- C:\Windows\System\iypSsOe.exe
  C:\Windows\System\iypSsOe.exe
  2⤵
  PID:7788
- C:\Windows\System\wdHvVdf.exe
  C:\Windows\System\wdHvVdf.exe
  2⤵
  PID:7812
- C:\Windows\System\hCOzohn.exe
  C:\Windows\System\hCOzohn.exe
  2⤵
  PID:7740
- C:\Windows\System\UzVBMBo.exe
  C:\Windows\System\UzVBMBo.exe
  2⤵
  PID:7860
- C:\Windows\System\vlqxDtf.exe
  C:\Windows\System\vlqxDtf.exe
  2⤵
  PID:7960
- C:\Windows\System\feHhYZD.exe
  C:\Windows\System\feHhYZD.exe
  2⤵
  PID:8008
- C:\Windows\System\NQQmmIo.exe
  C:\Windows\System\NQQmmIo.exe
  2⤵
  PID:7940
- C:\Windows\System\OpcPKJD.exe
  C:\Windows\System\OpcPKJD.exe
  2⤵
  PID:8044
- C:\Windows\System\XOhSzSB.exe
  C:\Windows\System\XOhSzSB.exe
  2⤵
  PID:8108
- C:\Windows\System\fhzHsUg.exe
  C:\Windows\System\fhzHsUg.exe
  2⤵
  PID:8148
- C:\Windows\System\UYLSlpH.exe
  C:\Windows\System\UYLSlpH.exe
  2⤵
  PID:5528
- C:\Windows\System\phAiCDy.exe
  C:\Windows\System\phAiCDy.exe
  2⤵
  PID:6440
- C:\Windows\System\YulyRLO.exe
  C:\Windows\System\YulyRLO.exe
  2⤵
  PID:2016
- C:\Windows\System\RUCIIzl.exe
  C:\Windows\System\RUCIIzl.exe
  2⤵
  PID:7228
- C:\Windows\System\yXimuHO.exe
  C:\Windows\System\yXimuHO.exe
  2⤵
  PID:7340
- C:\Windows\System\XrFZqgG.exe
  C:\Windows\System\XrFZqgG.exe
  2⤵
  PID:3040
- C:\Windows\System\gWMETxV.exe
  C:\Windows\System\gWMETxV.exe
  2⤵
  PID:2964
- C:\Windows\System\siYdyHm.exe
  C:\Windows\System\siYdyHm.exe
  2⤵
  PID:2944
- C:\Windows\System\ZxwxQMm.exe
  C:\Windows\System\ZxwxQMm.exe
  2⤵
  PID:7592
- C:\Windows\System\XjBEELd.exe
  C:\Windows\System\XjBEELd.exe
  2⤵
  PID:7692
- C:\Windows\System\bobjFII.exe
  C:\Windows\System\bobjFII.exe
  2⤵
  PID:4180
- C:\Windows\System\tCoCnyl.exe
  C:\Windows\System\tCoCnyl.exe
  2⤵
  PID:7884
- C:\Windows\System\cgRnXxr.exe
  C:\Windows\System\cgRnXxr.exe
  2⤵
  PID:2548
- C:\Windows\System\ONdErTK.exe
  C:\Windows\System\ONdErTK.exe
  2⤵
  PID:8164
- C:\Windows\System\qxBsHGG.exe
  C:\Windows\System\qxBsHGG.exe
  2⤵
  PID:2716
- C:\Windows\System\wovHpZR.exe
  C:\Windows\System\wovHpZR.exe
  2⤵
  PID:8188
- C:\Windows\System\ppAnxtP.exe
  C:\Windows\System\ppAnxtP.exe
  2⤵
  PID:6984
- C:\Windows\System\Xvospnp.exe
  C:\Windows\System\Xvospnp.exe
  2⤵
  PID:7280
- C:\Windows\System\AAExEDQ.exe
  C:\Windows\System\AAExEDQ.exe
  2⤵
  PID:3416
- C:\Windows\System\RExUeiY.exe
  C:\Windows\System\RExUeiY.exe
  2⤵
  PID:2452
- C:\Windows\System\hceoKkk.exe
  C:\Windows\System\hceoKkk.exe
  2⤵
  PID:7476
- C:\Windows\System\TnaZXum.exe
  C:\Windows\System\TnaZXum.exe
  2⤵
  PID:1496
- C:\Windows\System\DAVTpaP.exe
  C:\Windows\System\DAVTpaP.exe
  2⤵
  PID:7696
- C:\Windows\System\OxvoKOD.exe
  C:\Windows\System\OxvoKOD.exe
  2⤵
  PID:7768
- C:\Windows\System\eXIVsaU.exe
  C:\Windows\System\eXIVsaU.exe
  2⤵
  PID:8040
- C:\Windows\System\NjsSlIf.exe
  C:\Windows\System\NjsSlIf.exe
  2⤵
  PID:7900
- C:\Windows\System\lTsEXbv.exe
  C:\Windows\System\lTsEXbv.exe
  2⤵
  PID:8004
- C:\Windows\System\YswBvbb.exe
  C:\Windows\System\YswBvbb.exe
  2⤵
  PID:2228
- C:\Windows\System\LjBgSxz.exe
  C:\Windows\System\LjBgSxz.exe
  2⤵
  PID:2356
- C:\Windows\System\CdTCUrO.exe
  C:\Windows\System\CdTCUrO.exe
  2⤵
  PID:2912
- C:\Windows\System\eWcQsTY.exe
  C:\Windows\System\eWcQsTY.exe
  2⤵
  PID:8200
- C:\Windows\System\Zningls.exe
  C:\Windows\System\Zningls.exe
  2⤵
  PID:8220
- C:\Windows\System\CeZhHCf.exe
  C:\Windows\System\CeZhHCf.exe
  2⤵
  PID:8240
- C:\Windows\System\AuthFoT.exe
  C:\Windows\System\AuthFoT.exe
  2⤵
  PID:8256
- C:\Windows\System\QJrJdfG.exe
  C:\Windows\System\QJrJdfG.exe
  2⤵
  PID:8272
- C:\Windows\System\KaswNNX.exe
  C:\Windows\System\KaswNNX.exe
  2⤵
  PID:8288
- C:\Windows\System\pwWuBwx.exe
  C:\Windows\System\pwWuBwx.exe
  2⤵
  PID:8304
- C:\Windows\System\wqOkDWC.exe
  C:\Windows\System\wqOkDWC.exe
  2⤵
  PID:8320
- C:\Windows\System\AYrAxyC.exe
  C:\Windows\System\AYrAxyC.exe
  2⤵
  PID:8336
- C:\Windows\System\YqreIGH.exe
  C:\Windows\System\YqreIGH.exe
  2⤵
  PID:8352
- C:\Windows\System\ohPABxG.exe
  C:\Windows\System\ohPABxG.exe
  2⤵
  PID:8368
- C:\Windows\System\McyjVxT.exe
  C:\Windows\System\McyjVxT.exe
  2⤵
  PID:8384
- C:\Windows\System\gPBAmfA.exe
  C:\Windows\System\gPBAmfA.exe
  2⤵
  PID:8400
- C:\Windows\System\ljTYsmM.exe
  C:\Windows\System\ljTYsmM.exe
  2⤵
  PID:8432
- C:\Windows\System\KpcPPKJ.exe
  C:\Windows\System\KpcPPKJ.exe
  2⤵
  PID:8448
- C:\Windows\System\xvxpLOD.exe
  C:\Windows\System\xvxpLOD.exe
  2⤵
  PID:8468
- C:\Windows\System\fLmtZVz.exe
  C:\Windows\System\fLmtZVz.exe
  2⤵
  PID:8484
- C:\Windows\System\jLNcSIx.exe
  C:\Windows\System\jLNcSIx.exe
  2⤵
  PID:8504
- C:\Windows\System\bTVPqfn.exe
  C:\Windows\System\bTVPqfn.exe
  2⤵
  PID:8520
- C:\Windows\System\eRypXLh.exe
  C:\Windows\System\eRypXLh.exe
  2⤵
  PID:8552
- C:\Windows\System\brKCfrW.exe
  C:\Windows\System\brKCfrW.exe
  2⤵
  PID:8572
- C:\Windows\System\WJGdbqL.exe
  C:\Windows\System\WJGdbqL.exe
  2⤵
  PID:8604
- C:\Windows\System\BihBwXL.exe
  C:\Windows\System\BihBwXL.exe
  2⤵
  PID:8624
- C:\Windows\System\LHZgFjt.exe
  C:\Windows\System\LHZgFjt.exe
  2⤵
  PID:8640
- C:\Windows\System\wldEVHn.exe
  C:\Windows\System\wldEVHn.exe
  2⤵
  PID:8656
- C:\Windows\System\PjBnQWq.exe
  C:\Windows\System\PjBnQWq.exe
  2⤵
  PID:8672
- C:\Windows\System\EiuBvAn.exe
  C:\Windows\System\EiuBvAn.exe
  2⤵
  PID:8688
- C:\Windows\System\xucvglt.exe
  C:\Windows\System\xucvglt.exe
  2⤵
  PID:8764
- C:\Windows\System\nDcfYZL.exe
  C:\Windows\System\nDcfYZL.exe
  2⤵
  PID:8780
- C:\Windows\System\aLQQuEk.exe
  C:\Windows\System\aLQQuEk.exe
  2⤵
  PID:8796
- C:\Windows\System\TMzbUAF.exe
  C:\Windows\System\TMzbUAF.exe
  2⤵
  PID:8816
- C:\Windows\System\sPJNOlD.exe
  C:\Windows\System\sPJNOlD.exe
  2⤵
  PID:8836
- C:\Windows\System\BzhEeos.exe
  C:\Windows\System\BzhEeos.exe
  2⤵
  PID:8856
- C:\Windows\System\UaFtwiS.exe
  C:\Windows\System\UaFtwiS.exe
  2⤵
  PID:8880
- C:\Windows\System\xAPoieN.exe
  C:\Windows\System\xAPoieN.exe
  2⤵
  PID:8948
- C:\Windows\System\UqwBvIO.exe
  C:\Windows\System\UqwBvIO.exe
  2⤵
  PID:8968
- C:\Windows\System\mwgvids.exe
  C:\Windows\System\mwgvids.exe
  2⤵
  PID:8984
- C:\Windows\System\SSztEFK.exe
  C:\Windows\System\SSztEFK.exe
  2⤵
  PID:9012
- C:\Windows\System\YlIRMXY.exe
  C:\Windows\System\YlIRMXY.exe
  2⤵
  PID:9028
- C:\Windows\System\fckTLGd.exe
  C:\Windows\System\fckTLGd.exe
  2⤵
  PID:9052
- C:\Windows\System\OimZNnr.exe
  C:\Windows\System\OimZNnr.exe
  2⤵
  PID:9068
- C:\Windows\System\lgNbcpo.exe
  C:\Windows\System\lgNbcpo.exe
  2⤵
  PID:9084
- C:\Windows\System\BUUnnmV.exe
  C:\Windows\System\BUUnnmV.exe
  2⤵
  PID:9100
- C:\Windows\System\kCiXnbH.exe
  C:\Windows\System\kCiXnbH.exe
  2⤵
  PID:9140
- C:\Windows\System\Gvejrqj.exe
  C:\Windows\System\Gvejrqj.exe
  2⤵
  PID:9172
- C:\Windows\System\grbfHye.exe
  C:\Windows\System\grbfHye.exe
  2⤵
  PID:9200
- C:\Windows\System\sJOUjXZ.exe
  C:\Windows\System\sJOUjXZ.exe
  2⤵
  PID:1200
- C:\Windows\System\GdKHUmY.exe
  C:\Windows\System\GdKHUmY.exe
  2⤵
  PID:2972
- C:\Windows\System\eDSffEQ.exe
  C:\Windows\System\eDSffEQ.exe
  2⤵
  PID:2960
- C:\Windows\System\Sscwsuo.exe
  C:\Windows\System\Sscwsuo.exe
  2⤵
  PID:7856
- C:\Windows\System\tBVmiOU.exe
  C:\Windows\System\tBVmiOU.exe
  2⤵
  PID:7876
- C:\Windows\System\vAvZqRT.exe
  C:\Windows\System\vAvZqRT.exe
  2⤵
  PID:2140
- C:\Windows\System\PmCzJyg.exe
  C:\Windows\System\PmCzJyg.exe
  2⤵
  PID:6660
- C:\Windows\System\dSOSTEI.exe
  C:\Windows\System\dSOSTEI.exe
  2⤵
  PID:1000
- C:\Windows\System\XxzbTQv.exe
  C:\Windows\System\XxzbTQv.exe
  2⤵
  PID:8216
- C:\Windows\System\mDTgFoF.exe
  C:\Windows\System\mDTgFoF.exe
  2⤵
  PID:8280
- C:\Windows\System\HmfYUvM.exe
  C:\Windows\System\HmfYUvM.exe
  2⤵
  PID:8328
- C:\Windows\System\rROhaDl.exe
  C:\Windows\System\rROhaDl.exe
  2⤵
  PID:8364
- C:\Windows\System\SqXhpBk.exe
  C:\Windows\System\SqXhpBk.exe
  2⤵
  PID:7392
- C:\Windows\System\IqBPZqA.exe
  C:\Windows\System\IqBPZqA.exe
  2⤵
  PID:108
- C:\Windows\System\AJuevhj.exe
  C:\Windows\System\AJuevhj.exe
  2⤵
  PID:8464
- C:\Windows\System\VgfSUuS.exe
  C:\Windows\System\VgfSUuS.exe
  2⤵
  PID:8492
- C:\Windows\System\ltRxiMi.exe
  C:\Windows\System\ltRxiMi.exe
  2⤵
  PID:8516
- C:\Windows\System\WfKuQAR.exe
  C:\Windows\System\WfKuQAR.exe
  2⤵
  PID:2732
- C:\Windows\System\DZgJnno.exe
  C:\Windows\System\DZgJnno.exe
  2⤵
  PID:8564
- C:\Windows\System\JkALwka.exe
  C:\Windows\System\JkALwka.exe
  2⤵
  PID:8584
- C:\Windows\System\iMtvxme.exe
  C:\Windows\System\iMtvxme.exe
  2⤵
  PID:8620
- C:\Windows\System\gaRqsYZ.exe
  C:\Windows\System\gaRqsYZ.exe
  2⤵
  PID:8632
- C:\Windows\System\ixbnkpN.exe
  C:\Windows\System\ixbnkpN.exe
  2⤵
  PID:8668
- C:\Windows\System\imcRxeR.exe
  C:\Windows\System\imcRxeR.exe
  2⤵
  PID:8804
- C:\Windows\System\ZHADySb.exe
  C:\Windows\System\ZHADySb.exe
  2⤵
  PID:8828
- C:\Windows\System\YVKuFpL.exe
  C:\Windows\System\YVKuFpL.exe
  2⤵
  PID:8864
- C:\Windows\System\QHXWDcf.exe
  C:\Windows\System\QHXWDcf.exe
  2⤵
  PID:8900
- C:\Windows\System\SGWEEDa.exe
  C:\Windows\System\SGWEEDa.exe
  2⤵
  PID:2700
- C:\Windows\System\xTuEaLE.exe
  C:\Windows\System\xTuEaLE.exe
  2⤵
  PID:816
- C:\Windows\System\YrOAcnR.exe
  C:\Windows\System\YrOAcnR.exe
  2⤵
  PID:1748
- C:\Windows\System\tzbMXKz.exe
  C:\Windows\System\tzbMXKz.exe
  2⤵
  PID:1996
- C:\Windows\System\hMEHkus.exe
  C:\Windows\System\hMEHkus.exe
  2⤵
  PID:1908
- C:\Windows\System\rsKMZUl.exe
  C:\Windows\System\rsKMZUl.exe
  2⤵
  PID:2808
- C:\Windows\System\HHUlLqQ.exe
  C:\Windows\System\HHUlLqQ.exe
  2⤵
  PID:8976
- C:\Windows\System\bprkJtP.exe
  C:\Windows\System\bprkJtP.exe
  2⤵
  PID:9008
- C:\Windows\System\kiZUkro.exe
  C:\Windows\System\kiZUkro.exe
  2⤵
  PID:9048
- C:\Windows\System\SUCPZbO.exe
  C:\Windows\System\SUCPZbO.exe
  2⤵
  PID:9076
- C:\Windows\System\edZPOdo.exe
  C:\Windows\System\edZPOdo.exe
  2⤵
  PID:9108
- C:\Windows\System\mbxxGNT.exe
  C:\Windows\System\mbxxGNT.exe
  2⤵
  PID:9124
- C:\Windows\System\uJzfMaM.exe
  C:\Windows\System\uJzfMaM.exe
  2⤵
  PID:8960
- C:\Windows\System\GXpeZVm.exe
  C:\Windows\System\GXpeZVm.exe
  2⤵
  PID:1008
- C:\Windows\System\BVSbQKd.exe
  C:\Windows\System\BVSbQKd.exe
  2⤵
  PID:7508
- C:\Windows\System\CudPDVn.exe
  C:\Windows\System\CudPDVn.exe
  2⤵
  PID:7840
- C:\Windows\System\MlcxmaS.exe
  C:\Windows\System\MlcxmaS.exe
  2⤵
  PID:2996
- C:\Windows\System\dkOXqXW.exe
  C:\Windows\System\dkOXqXW.exe
  2⤵
  PID:2788
- C:\Windows\System\DFgLkVH.exe
  C:\Windows\System\DFgLkVH.exe
  2⤵
  PID:8208
- C:\Windows\System\sxBMsAz.exe
  C:\Windows\System\sxBMsAz.exe
  2⤵
  PID:8232
- C:\Windows\System\AbxrlXq.exe
  C:\Windows\System\AbxrlXq.exe
  2⤵
  PID:2756
- C:\Windows\System\BnUtJuD.exe
  C:\Windows\System\BnUtJuD.exe
  2⤵
  PID:8360
- C:\Windows\System\yYCzUFJ.exe
  C:\Windows\System\yYCzUFJ.exe
  2⤵
  PID:8412
- C:\Windows\System\KTptCTp.exe
  C:\Windows\System\KTptCTp.exe
  2⤵
  PID:8312
- C:\Windows\System\DPirvXk.exe
  C:\Windows\System\DPirvXk.exe
  2⤵
  PID:8476
- C:\Windows\System\BHrTfYx.exe
  C:\Windows\System\BHrTfYx.exe
  2⤵
  PID:1956
- C:\Windows\System\gwByEUp.exe
  C:\Windows\System\gwByEUp.exe
  2⤵
  PID:8548
- C:\Windows\System\QzSCGip.exe
  C:\Windows\System\QzSCGip.exe
  2⤵
  PID:8772
- C:\Windows\System\ynDakcR.exe
  C:\Windows\System\ynDakcR.exe
  2⤵
  PID:8696
- C:\Windows\System\CntMxnK.exe
  C:\Windows\System\CntMxnK.exe
  2⤵
  PID:8848
- C:\Windows\System\mAocCkn.exe
  C:\Windows\System\mAocCkn.exe
  2⤵
  PID:8892
- C:\Windows\System\EkYdJRT.exe
  C:\Windows\System\EkYdJRT.exe
  2⤵
  PID:8920
- C:\Windows\System\fnhimei.exe
  C:\Windows\System\fnhimei.exe
  2⤵
  PID:3024
- C:\Windows\System\MZsxzUD.exe
  C:\Windows\System\MZsxzUD.exe
  2⤵
  PID:1532
- C:\Windows\System\aQFDFih.exe
  C:\Windows\System\aQFDFih.exe
  2⤵
  PID:8956
- C:\Windows\System\JvzCwjW.exe
  C:\Windows\System\JvzCwjW.exe
  2⤵
  PID:9000
- C:\Windows\System\doiPFmh.exe
  C:\Windows\System\doiPFmh.exe
  2⤵
  PID:9168
- C:\Windows\System\KrFxeMK.exe
  C:\Windows\System\KrFxeMK.exe
  2⤵
  PID:9184
- C:\Windows\System\KBLsWms.exe
  C:\Windows\System\KBLsWms.exe
  2⤵
  PID:7496
- C:\Windows\System\WugdQCt.exe
  C:\Windows\System\WugdQCt.exe
  2⤵
  PID:2884
- C:\Windows\System\xEQceOT.exe
  C:\Windows\System\xEQceOT.exe
  2⤵
  PID:2984
- C:\Windows\System\PHKJdwA.exe
  C:\Windows\System\PHKJdwA.exe
  2⤵
  PID:2052
- C:\Windows\System\oHUnOGl.exe
  C:\Windows\System\oHUnOGl.exe
  2⤵
  PID:8284
- C:\Windows\System\vEXTdME.exe
  C:\Windows\System\vEXTdME.exe
  2⤵
  PID:8456
- C:\Windows\System\EPncFPW.exe
  C:\Windows\System\EPncFPW.exe
  2⤵
  PID:8428
- C:\Windows\System\WqTvzLf.exe
  C:\Windows\System\WqTvzLf.exe
  2⤵
  PID:1612
- C:\Windows\System\gzcPVOi.exe
  C:\Windows\System\gzcPVOi.exe
  2⤵
  PID:8532
- C:\Windows\System\aXyEgNn.exe
  C:\Windows\System\aXyEgNn.exe
  2⤵
  PID:8652
- C:\Windows\System\YeTfeGC.exe
  C:\Windows\System\YeTfeGC.exe
  2⤵
  PID:8844
- C:\Windows\System\lQBMTki.exe
  C:\Windows\System\lQBMTki.exe
  2⤵
  PID:7196
- C:\Windows\System\deRWcOF.exe
  C:\Windows\System\deRWcOF.exe
  2⤵
  PID:8908
- C:\Windows\System\QYaJChL.exe
  C:\Windows\System\QYaJChL.exe
  2⤵
  PID:8940
- C:\Windows\System\sfSaiiI.exe
  C:\Windows\System\sfSaiiI.exe
  2⤵
  PID:9004
- C:\Windows\System\fbEAVWi.exe
  C:\Windows\System\fbEAVWi.exe
  2⤵
  PID:9152
- C:\Windows\System\GLSqEVu.exe
  C:\Windows\System\GLSqEVu.exe
  2⤵
  PID:9208
- C:\Windows\System\QiwXsIr.exe
  C:\Windows\System\QiwXsIr.exe
  2⤵
  PID:8252
- C:\Windows\System\jtAxOWo.exe
  C:\Windows\System\jtAxOWo.exe
  2⤵
  PID:1116
- C:\Windows\System\GohybhX.exe
  C:\Windows\System\GohybhX.exe
  2⤵
  PID:8300
- C:\Windows\System\kWIzGkX.exe
  C:\Windows\System\kWIzGkX.exe
  2⤵
  PID:1960
- C:\Windows\System\lahfGtV.exe
  C:\Windows\System\lahfGtV.exe
  2⤵
  PID:8700
- C:\Windows\System\StEGCjF.exe
  C:\Windows\System\StEGCjF.exe
  2⤵
  PID:8808
- C:\Windows\System\WSoFPqh.exe
  C:\Windows\System\WSoFPqh.exe
  2⤵
  PID:8928
- C:\Windows\System\mWmTspd.exe
  C:\Windows\System\mWmTspd.exe
  2⤵
  PID:8964
- C:\Windows\System\zorkJji.exe
  C:\Windows\System\zorkJji.exe
  2⤵
  PID:9096
- C:\Windows\System\xPukvPy.exe
  C:\Windows\System\xPukvPy.exe
  2⤵
  PID:1564
- C:\Windows\System\CIkvFyt.exe
  C:\Windows\System\CIkvFyt.exe
  2⤵
  PID:2916
- C:\Windows\System\JGUzyfA.exe
  C:\Windows\System\JGUzyfA.exe
  2⤵
  PID:8560
- C:\Windows\System\PHLeAIG.exe
  C:\Windows\System\PHLeAIG.exe
  2⤵
  PID:8612
- C:\Windows\System\orVJIiq.exe
  C:\Windows\System\orVJIiq.exe
  2⤵
  PID:8936
- C:\Windows\System\xMyLKYQ.exe
  C:\Windows\System\xMyLKYQ.exe
  2⤵
  PID:9188
- C:\Windows\System\IOYVbiU.exe
  C:\Windows\System\IOYVbiU.exe
  2⤵
  PID:7292
- C:\Windows\System\CKgqbGF.exe
  C:\Windows\System\CKgqbGF.exe
  2⤵
  PID:8540
- C:\Windows\System\aPcKthH.exe
  C:\Windows\System\aPcKthH.exe
  2⤵
  PID:1744
- C:\Windows\System\AkACYDK.exe
  C:\Windows\System\AkACYDK.exe
  2⤵
  PID:2800
- C:\Windows\System\cVoisYg.exe
  C:\Windows\System\cVoisYg.exe
  2⤵
  PID:8380
- C:\Windows\System\bszCQuB.exe
  C:\Windows\System\bszCQuB.exe
  2⤵
  PID:2020
- C:\Windows\System\crsBbkr.exe
  C:\Windows\System\crsBbkr.exe
  2⤵
  PID:9240
- C:\Windows\System\LBwxwaF.exe
  C:\Windows\System\LBwxwaF.exe
  2⤵
  PID:9256
- C:\Windows\System\DyTJcbf.exe
  C:\Windows\System\DyTJcbf.exe
  2⤵
  PID:9276
- C:\Windows\System\jelERbs.exe
  C:\Windows\System\jelERbs.exe
  2⤵
  PID:9292
- C:\Windows\System\mUSwfwO.exe
  C:\Windows\System\mUSwfwO.exe
  2⤵
  PID:9312
- C:\Windows\System\FSHITHf.exe
  C:\Windows\System\FSHITHf.exe
  2⤵
  PID:9328
- C:\Windows\System\yOzJyfI.exe
  C:\Windows\System\yOzJyfI.exe
  2⤵
  PID:9352
- C:\Windows\System\rdwabpr.exe
  C:\Windows\System\rdwabpr.exe
  2⤵
  PID:9372
- C:\Windows\System\tRONuyL.exe
  C:\Windows\System\tRONuyL.exe
  2⤵
  PID:9392
- C:\Windows\System\IwkRaLg.exe
  C:\Windows\System\IwkRaLg.exe
  2⤵
  PID:9412
- C:\Windows\System\uHcEjaM.exe
  C:\Windows\System\uHcEjaM.exe
  2⤵
  PID:9428
- C:\Windows\System\WSKOUaU.exe
  C:\Windows\System\WSKOUaU.exe
  2⤵
  PID:9444
- C:\Windows\System\PkZQBau.exe
  C:\Windows\System\PkZQBau.exe
  2⤵
  PID:9476
- C:\Windows\System\EIDEqWL.exe
  C:\Windows\System\EIDEqWL.exe
  2⤵
  PID:9496
- C:\Windows\System\BjNdDbZ.exe
  C:\Windows\System\BjNdDbZ.exe
  2⤵
  PID:9524
- C:\Windows\System\EWpWqmf.exe
  C:\Windows\System\EWpWqmf.exe
  2⤵
  PID:9540
- C:\Windows\System\iXHzezu.exe
  C:\Windows\System\iXHzezu.exe
  2⤵
  PID:9556
- C:\Windows\System\auwiKVZ.exe
  C:\Windows\System\auwiKVZ.exe
  2⤵
  PID:9576
- C:\Windows\System\IDgiqez.exe
  C:\Windows\System\IDgiqez.exe
  2⤵
  PID:9592
- C:\Windows\System\AoilSdh.exe
  C:\Windows\System\AoilSdh.exe
  2⤵
  PID:9616
- C:\Windows\System\LamrzNL.exe
  C:\Windows\System\LamrzNL.exe
  2⤵
  PID:9636
- C:\Windows\System\OlducDO.exe
  C:\Windows\System\OlducDO.exe
  2⤵
  PID:9652
- C:\Windows\System\RgWZukU.exe
  C:\Windows\System\RgWZukU.exe
  2⤵
  PID:9668
- C:\Windows\System\OvrCzSd.exe
  C:\Windows\System\OvrCzSd.exe
  2⤵
  PID:9688
- C:\Windows\System\WutwInG.exe
  C:\Windows\System\WutwInG.exe
  2⤵
  PID:9720
- C:\Windows\System\wNOZsgs.exe
  C:\Windows\System\wNOZsgs.exe
  2⤵
  PID:9748
- C:\Windows\System\kLliVaX.exe
  C:\Windows\System\kLliVaX.exe
  2⤵
  PID:9772
- C:\Windows\System\QxtjiCP.exe
  C:\Windows\System\QxtjiCP.exe
  2⤵
  PID:9788
- C:\Windows\System\VIJlvBe.exe
  C:\Windows\System\VIJlvBe.exe
  2⤵
  PID:9804
- C:\Windows\System\xszUNKN.exe
  C:\Windows\System\xszUNKN.exe
  2⤵
  PID:9820
- C:\Windows\System\utTjWxu.exe
  C:\Windows\System\utTjWxu.exe
  2⤵
  PID:9840
- C:\Windows\System\ALeFBUv.exe
  C:\Windows\System\ALeFBUv.exe
  2⤵
  PID:9868
- C:\Windows\System\mehRVDj.exe
  C:\Windows\System\mehRVDj.exe
  2⤵
  PID:9888
- C:\Windows\System\qlchBdO.exe
  C:\Windows\System\qlchBdO.exe
  2⤵
  PID:9904
- C:\Windows\System\VVxRyVR.exe
  C:\Windows\System\VVxRyVR.exe
  2⤵
  PID:9920
- C:\Windows\System\MbkMqcb.exe
  C:\Windows\System\MbkMqcb.exe
  2⤵
  PID:9940
- C:\Windows\System\TsSAsoE.exe
  C:\Windows\System\TsSAsoE.exe
  2⤵
  PID:9960
- C:\Windows\System\vJTPfsK.exe
  C:\Windows\System\vJTPfsK.exe
  2⤵
  PID:9984
- C:\Windows\System\XfCjqCP.exe
  C:\Windows\System\XfCjqCP.exe
  2⤵
  PID:10004
- C:\Windows\System\lUUStAP.exe
  C:\Windows\System\lUUStAP.exe
  2⤵
  PID:10020
- C:\Windows\System\rtNKhhj.exe
  C:\Windows\System\rtNKhhj.exe
  2⤵
  PID:10036
- C:\Windows\System\zFEZjOu.exe
  C:\Windows\System\zFEZjOu.exe
  2⤵
  PID:10060
- C:\Windows\System\QVRWBWZ.exe
  C:\Windows\System\QVRWBWZ.exe
  2⤵
  PID:10088
- C:\Windows\System\vmxcSlL.exe
  C:\Windows\System\vmxcSlL.exe
  2⤵
  PID:10112
- C:\Windows\System\lPOgEye.exe
  C:\Windows\System\lPOgEye.exe
  2⤵
  PID:10128
- C:\Windows\System\kTFfSCa.exe
  C:\Windows\System\kTFfSCa.exe
  2⤵
  PID:10148
- C:\Windows\System\RfYvDRB.exe
  C:\Windows\System\RfYvDRB.exe
  2⤵
  PID:10168
- C:\Windows\System\JHiorwR.exe
  C:\Windows\System\JHiorwR.exe
  2⤵
  PID:10192
- C:\Windows\System\tCkulhH.exe
  C:\Windows\System\tCkulhH.exe
  2⤵
  PID:10216
- C:\Windows\System\hVaeeKg.exe
  C:\Windows\System\hVaeeKg.exe
  2⤵
  PID:9224
- C:\Windows\System\gyuAUii.exe
  C:\Windows\System\gyuAUii.exe
  2⤵
  PID:9264
- C:\Windows\System\pYzSJXU.exe
  C:\Windows\System\pYzSJXU.exe
  2⤵
  PID:9344
- C:\Windows\System\VdxWhqe.exe
  C:\Windows\System\VdxWhqe.exe
  2⤵
  PID:9424
- C:\Windows\System\ybXyIRv.exe
  C:\Windows\System\ybXyIRv.exe
  2⤵
  PID:9196
- C:\Windows\System\DSMsGqS.exe
  C:\Windows\System\DSMsGqS.exe
  2⤵
  PID:2188
- C:\Windows\System\CXiBTBx.exe
  C:\Windows\System\CXiBTBx.exe
  2⤵
  PID:9400
- C:\Windows\System\DBSHhEK.exe
  C:\Windows\System\DBSHhEK.exe
  2⤵
  PID:9436
- C:\Windows\System\cNYTyDE.exe
  C:\Windows\System\cNYTyDE.exe
  2⤵
  PID:9588
- C:\Windows\System\oDHEpbB.exe
  C:\Windows\System\oDHEpbB.exe
  2⤵
  PID:9660
- C:\Windows\System\AyuMGod.exe
  C:\Windows\System\AyuMGod.exe
  2⤵
  PID:9612
- C:\Windows\System\AQJyeNK.exe
  C:\Windows\System\AQJyeNK.exe
  2⤵
  PID:9608
- C:\Windows\System\aONkBjZ.exe
  C:\Windows\System\aONkBjZ.exe
  2⤵
  PID:9680
- C:\Windows\System\zecjhjA.exe
  C:\Windows\System\zecjhjA.exe
  2⤵
  PID:9728
- C:\Windows\System\dejYBOf.exe
  C:\Windows\System\dejYBOf.exe
  2⤵
  PID:9800
- C:\Windows\System\ektCfSt.exe
  C:\Windows\System\ektCfSt.exe
  2⤵
  PID:9780
- C:\Windows\System\agMKfYB.exe
  C:\Windows\System\agMKfYB.exe
  2⤵
  PID:9828
- C:\Windows\System\AFQLyMc.exe
  C:\Windows\System\AFQLyMc.exe
  2⤵
  PID:9856
- C:\Windows\System\zxuSdaQ.exe
  C:\Windows\System\zxuSdaQ.exe
  2⤵
  PID:9880
- C:\Windows\System\mwDSTea.exe
  C:\Windows\System\mwDSTea.exe
  2⤵
  PID:9928
- C:\Windows\System\VmvBVkW.exe
  C:\Windows\System\VmvBVkW.exe
  2⤵
  PID:9952
- C:\Windows\System\OzDUcDW.exe
  C:\Windows\System\OzDUcDW.exe
  2⤵
  PID:9992
- C:\Windows\System\ilxNtdv.exe
  C:\Windows\System\ilxNtdv.exe
  2⤵
  PID:10048
- C:\Windows\System\dirLIjZ.exe
  C:\Windows\System\dirLIjZ.exe
  2⤵
  PID:10076
- C:\Windows\System\JptfynK.exe
  C:\Windows\System\JptfynK.exe
  2⤵
  PID:9884
- C:\Windows\System\qxhCPIS.exe
  C:\Windows\System\qxhCPIS.exe
  2⤵
  PID:10184
- C:\Windows\System\RDaXSSK.exe
  C:\Windows\System\RDaXSSK.exe
  2⤵
  PID:10200
- C:\Windows\System\oWGSWcM.exe
  C:\Windows\System\oWGSWcM.exe
  2⤵
  PID:10228
- C:\Windows\System\msHiaFj.exe
  C:\Windows\System\msHiaFj.exe
  2⤵
  PID:9232
- C:\Windows\System\TmyNGod.exe
  C:\Windows\System\TmyNGod.exe
  2⤵
  PID:9336
- C:\Windows\System\FtbwBkJ.exe
  C:\Windows\System\FtbwBkJ.exe
  2⤵
  PID:9300
- C:\Windows\System\stsXqXd.exe
  C:\Windows\System\stsXqXd.exe
  2⤵
  PID:9044
- C:\Windows\System\TKRdJBv.exe
  C:\Windows\System\TKRdJBv.exe
  2⤵
  PID:9320
- C:\Windows\System\KYxXaht.exe
  C:\Windows\System\KYxXaht.exe
  2⤵
  PID:9936
- C:\Windows\System\wYdYoJS.exe
  C:\Windows\System\wYdYoJS.exe
  2⤵
  PID:9284
- C:\Windows\System\HKeairZ.exe
  C:\Windows\System\HKeairZ.exe
  2⤵
  PID:9324
- C:\Windows\System\kUNbivw.exe
  C:\Windows\System\kUNbivw.exe
  2⤵
  PID:9404
- C:\Windows\System\ysVZmkX.exe
  C:\Windows\System\ysVZmkX.exe
  2⤵
  PID:9548
- C:\Windows\System\IAgMuQI.exe
  C:\Windows\System\IAgMuQI.exe
  2⤵
  PID:9572
- C:\Windows\System\uQonMIZ.exe
  C:\Windows\System\uQonMIZ.exe
  2⤵
  PID:9564
- C:\Windows\System\UkVeGCy.exe
  C:\Windows\System\UkVeGCy.exe
  2⤵
  PID:9696
- C:\Windows\System\KLqPNXj.exe
  C:\Windows\System\KLqPNXj.exe
  2⤵
  PID:9684
- C:\Windows\System\WOndSxc.exe
  C:\Windows\System\WOndSxc.exe
  2⤵
  PID:9740
- C:\Windows\System\LmVzjnm.exe
  C:\Windows\System\LmVzjnm.exe
  2⤵
  PID:9848
- C:\Windows\System\ygJjfhl.exe
  C:\Windows\System\ygJjfhl.exe
  2⤵
  PID:9764
- C:\Windows\System\ittRQvE.exe
  C:\Windows\System\ittRQvE.exe
  2⤵
  PID:9996
- C:\Windows\System\yrvQTHb.exe
  C:\Windows\System\yrvQTHb.exe
  2⤵
  PID:9876
- C:\Windows\System\jUeKVvC.exe
  C:\Windows\System\jUeKVvC.exe
  2⤵
  PID:10032
- C:\Windows\System\HMMYYVy.exe
  C:\Windows\System\HMMYYVy.exe
  2⤵
  PID:10124
- C:\Windows\System\OaePAgz.exe
  C:\Windows\System\OaePAgz.exe
  2⤵
  PID:10028
- C:\Windows\System\edWnEri.exe
  C:\Windows\System\edWnEri.exe
  2⤵
  PID:10180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GlydyMM.exe

Filesize
6.0MB

MD5
2fe1a073c091803385e527845ad43393

SHA1
32194d1e870e47eeec704a3ab7990b79c46b1a97

SHA256
cc7e74bc4d750d0b166f14cb5b32339cf1ff88e51d7f0e37bdabcee56e945c47

SHA512
7f66619cc16f59757900fe4b1ebf34859fa5fea298c4e06729ba639fa349525050173aa110bd6e2639deaf91ae54803c77946f5769fb19dabd5c9bf54174634b

Download Submit
C:\Windows\system\LyflMvJ.exe

Filesize
6.0MB

MD5
206d771a93f49b39e3373e8527faf79a

SHA1
cd2fc9e3446454563912326b179dc2ce7c2b54d0

SHA256
0e48ceb591e5f794ffe278ae70acc89f4aa2b7d029f6f5140e251bc57bd7348e

SHA512
d2f15c3536af7b36c57fefe749fffa69cf2e9858eab99deafdb8089ae9070fe36907a1cd348127c405393b0b063862d0a3785319e02ff84ffeb4c12e82fc735e

Download Submit
C:\Windows\system\OjwacDt.exe

Filesize
6.0MB

MD5
95fea73fb0ecba0e3a5602c8ee18023f

SHA1
8c1a0db397ec7680a8d64d236dc5e406bb5c7f44

SHA256
88dc8a2d146eb535bed235945f8d85d356607a76d6a66646db87882e0fa3943a

SHA512
45457941fa1a5695f4f5f271dfd58430774bf7fde1decfe198d391c5839b7b7268dacf34693b918d85e9acac591918f25282b15f4695b8eb773d6354f3074304

Download Submit
C:\Windows\system\OsgTvtd.exe

Filesize
6.0MB

MD5
68c5fc9cdc50f39cf8537cb848e95362

SHA1
f7cfe93329255506c9b5e24de1f1a50b107235ad

SHA256
7a6e580252c59aa24dbb061b5bafc2788957dbccd25cb7cf7d88d8a3af33da0e

SHA512
d5398dbc84bdda5c5d8fc34cb7ab51ff29f18bc497e28a5e866685ff031e60988898e25558ebee35b54ea410cdf8ead88820728a8134a89320958bcea1a469f0

Download Submit
C:\Windows\system\RrsGRsz.exe

Filesize
6.0MB

MD5
da19d5362d1e672fbfb292eb1a6cd59a

SHA1
9449cd5e822848edf6b7d2754e076781965a0cc6

SHA256
abb15fad3953cf796f9711db023da404212e00921a9e905bd45da3d0f703854a

SHA512
2b105a58a0de69a44ce611ed7f791bb88d870c6c5c8ad9d9e266792cd9967d4c9fd83e5892ca41fb73474a75bced6aedf31fc559b6673e0cb818e950629d0781

Download Submit
C:\Windows\system\UCqGdTV.exe

Filesize
6.0MB

MD5
276a48e729b63357738114a933ff9796

SHA1
03c5eda818dc1013a6dbec91b137abf731c17298

SHA256
e729248b98eba4f56f2ac35eb61af1f8cd7a3c4115afb30356fd8648a626d15c

SHA512
df311ef79d81ad19842312c8fb41805ade8a70cebcfbca37d2735ec8c33247e3a100074036244648b3ff178431d1c36d2b6d21666ed736fbd92a51ee850c4e69

Download Submit
C:\Windows\system\UWERtWv.exe

Filesize
6.0MB

MD5
c91f93bed66eacd01104c03ff28c8d35

SHA1
ae660a650d3e6ba6108a35383e8e29b815971b1f

SHA256
95a1b748caece3712357ede6ed1ea5f826e55000173e445c1a4546c38a0bb258

SHA512
5931606677aad14ee81021c62e5e81cc9b80bc546da6cdb68d8336babc2a65d4673b4f72801410c6a4775c27e9e6b9983a425d6e7392c454407c8938cba27266

Download Submit
C:\Windows\system\XmGSKyO.exe

Filesize
6.0MB

MD5
72de1c3067c640f1138fc9ca068361b5

SHA1
409f6bddfdac3495070a5cbe42457f1c32b1a9fe

SHA256
414e43a70a839923d27322e0017563ebcac6f6d32e4c1b61c22cea84c7fcba87

SHA512
4c0912a7988e31925eb35ba87e4fb1c5e7bfe5ebe66e4ce82cda114f1903a3970370c72542549185a593c5fd57d213062c8d5a0d175bc2942ce9bf160fd1f91d

Download Submit
C:\Windows\system\aLvgQuq.exe

Filesize
6.0MB

MD5
d827498772d0e1f5896c34ff41a527da

SHA1
c2ba8038bb2434bc90f6d9c807afaa1d7b3576b1

SHA256
345ef8beb2c9e93a77bf5d46f7e5d9bd31d79c0cd807c3d0207497517573aab1

SHA512
8895212277205548d4c206ee29984777ac306dcb1626cd71fe3f13345f78625baaf71d6cab417be05c16e66687b90e1cc977b7953e7b26e212333496b451bf41

Download Submit
C:\Windows\system\cUysxwe.exe

Filesize
6.0MB

MD5
f7acc16a8578b347168690d6e1cad9e6

SHA1
dc6e89b18c46dce579215a3c0d474da46c1f6885

SHA256
c3f4c5f64fc269e1fc25244eda4d360a5c0d3a03003066f4ccd7d8b9aa36d79d

SHA512
c245c132dac923c45c0a0d402d845cbb9b1084c5f2c9b72b351613be53ef34a3bf81a107eccf872f6ce6e0452b8c82ad211fce2d864c27a07d1f4236cd7dd849

Download Submit
C:\Windows\system\iJyTOhL.exe

Filesize
6.0MB

MD5
b395f680702ab61a6a7300ba5a206922

SHA1
aaf1257a2b4d90dac87daa06882f4a0282bae1d8

SHA256
1d39bbab4709feafa9444048609c9e19042e7f8b9ff2f1938ef1c9fa63da5102

SHA512
51ca6ca136da6dbb17c3718b9972f7eef57ca3b8ec1cca1c7e11380ed3e982de3fe935810ecf62174b26bd585155d4fd600470d0807c1b9d8f66aa3bd7b4a3ec

Download Submit
C:\Windows\system\laTGiTh.exe

Filesize
6.0MB

MD5
d6e4856c7dcb5caddc82cf872e4bc209

SHA1
67c7f5705062fcb6a709131eff15bc1d7b97bdfb

SHA256
8a188d83413616cbb26681319defbc5b2cf81d2c7b67948bfe323d3713c32d2b

SHA512
9c9e0805ed9ef383197031720f815c7ce9cfd6681dee948a0445b579e94b405eca6e9472879d4e8513a313ba8a084fe1671eac49596f84a13f793c6a35c8f17e

Download Submit
C:\Windows\system\oTSsTkj.exe

Filesize
6.0MB

MD5
fd0d6d70538d646cb4e4041ddb003d2f

SHA1
56b48d5479bb7344c6e5b9fe4a459d5e9c6cd368

SHA256
380cb59acd815dab2fd1853c5ce23a32606e6791a9208aa17db4783aca899a2e

SHA512
69a74ade427514647227365a99c48dabb98489ec5e4534ecefe72d02c78bb20af89d5170e66ae4e22f7c561511b62165278e683aa9f2c5ff6228b0969a78bd10

Download Submit
C:\Windows\system\qPgFQaP.exe

Filesize
6.0MB

MD5
1339446cddc033b369fec210a161336f

SHA1
b34f440e45c57df0b10c3d44f0b3e03f82fd7972

SHA256
f1c86fe831cb023907810c8cff55749b70ec0676012262127ffc0dce85324483

SHA512
7270ca86f529c01792f625b3ad3ec2b0a337f072eddf38e8fa94e52148686e88ead4cf842bd82d7856bdad202397ca1856a6bf0ed1d8e8e2b8aba533dba46828

Download Submit
C:\Windows\system\rVdENDq.exe

Filesize
6.0MB

MD5
ea4570b2272c7a36e59204ad60e2767b

SHA1
596c4818c76ea195a8e29cf085c1f66bab18c9c2

SHA256
8bdb36cc34c27f596e94d96db0fa8592059a872d30ff600104697aaf270226ef

SHA512
8ad916fc9bafa1c343210ac04966e513a5bd3071583146796679c1c9489b9c27cd48eb53a0c4e59b5a68130e99d2eec3b71bc141c2536ed61fdbc967b9bd0297

Download Submit
C:\Windows\system\rwABbRo.exe

Filesize
6.0MB

MD5
9e9269c4d2bb98f9fd5c619603d92a38

SHA1
f6fd9af62be2d844521778f30a43562d7bba80d1

SHA256
2d59b6e901b8fb8db25986b81e1e3c24294aaef60695f15232de9eae34d79ea5

SHA512
a3f4c020a4ee9cf556deb3a7a0e3c29b983ee038ac0ddf53ea77183824fe5a5fb13e8942bbd318bd7853356f0bc3768b9f8b8d4f4309cabe57b201860174e331

Download Submit
C:\Windows\system\sRmYfXg.exe

Filesize
6.0MB

MD5
e1377a9fa1a49e1042548a9598ef8880

SHA1
f5d6bf955b5bb459f93fb3dc1e971f12bd760ce6

SHA256
980c52644ffbc2c5cb08e06b619d808b7048416ee87a44f40f262aacb319659d

SHA512
a95aab7c0664eae3866b19b948f21c8554cadff444e82c7c0059fff561f055e3191a760e45fcf18fd21f6190302bda2e44b8d3d34327f7435f68dbbd8c3940d8

Download Submit
C:\Windows\system\tSfONEc.exe

Filesize
6.0MB

MD5
54ba13deeb7ca555cc9315e047b08fbc

SHA1
1402f55c19d2c3379507718fb5e6bbbce9e747dd

SHA256
63599eefda679ca6b7f31f655006cb5f168b730758748c2682f8c6f3e42edb67

SHA512
ebebdaf484fad2974c6167f3f9e4d64d2dade0e04cedd63a21f8f4c233e87ed045408cbe999b5545d9b140d26443f28c9dab5e28e7ba8c7fd966b25250aebdba

Download Submit
C:\Windows\system\tpWaWIH.exe

Filesize
6.0MB

MD5
13416ae62eaef68e8b0bda780f5fb8a1

SHA1
f1229a33542bf04371d6ab752c8fbe38db53e1c2

SHA256
abf605ac79dc6300ec2d016c57893213910886ae1ea01a0852fbe125f93d2660

SHA512
b5cacff272e5a0121c4df6cc8d455d13ea3ac4865a33d6a43027286ae00c89e76a3e5884e88e7a342f41282b121a275a2ca76bb4bc52c74c524b939ac18d9098

Download Submit
C:\Windows\system\zbANtxA.exe

Filesize
6.0MB

MD5
3544a0ab884d22881f39ebe9402764f2

SHA1
0a59fee2937ba4e899dd9727132447d6aca8de8c

SHA256
f698a8ef4f99b770c10173cecd931952003ea99f3497384409fe0fc23a36872a

SHA512
e9ec8bbd3457f120afb46db32b0249ccc48a89fc3ac425f64867159e909f62dc966b9cff89ec362ba4025cb86e34fa1bd3ae1bb2d5e36fba06e686b32bc46575

Download Submit
\Windows\system\CujDAId.exe

Filesize
6.0MB

MD5
102b9f4bec1bb5cfa71e0f5d5cdb27db

SHA1
63ebdc9ea0db56d80925b91c2c2b372caa6a25a3

SHA256
1b161e58b5438a6a69316df6f85533f168865e837d5f6ea461fd6cd025d717a8

SHA512
9c705d0b5de677f2dc9e5c6bba738216637ad7c57d8846fbef59c7c41884662d9eeb8d2bc524fcb813e6792302d5b6392e5b855f242f2f6ade28621288e6f1c0

Download Submit
\Windows\system\EqlTevV.exe

Filesize
6.0MB

MD5
1cd5b316beed5ebdefe56071b91d9ef6

SHA1
eaa49a7fae9089c43ecde91adcd1ac84e0a0258e

SHA256
acb7a13cc585e6c3b6b1f9ad1b9ed086e8c7e5f5032cd86ace82b8669cbd7868

SHA512
9b886a184d8d05ac644b6cb7da6007789a060599267504841228ba583a48844a7753af55a80b2dcd71775f0698bfd948dd0a590a580e78f3aaa113ce68178643

Download Submit
\Windows\system\GlRYvuY.exe

Filesize
6.0MB

MD5
c2a6fe62d195d53a7eb4b88f1f4c6c8b

SHA1
dcd5ed3349d9cc580d700d4ca422de2df4087ed9

SHA256
5a7a8bdb4fb2ed600ffdb3486aba94b68f1ebb640ea6cf3cf6a7c8e6efbbaaad

SHA512
d3516dce464924f2572ef79ff466d6979fad956a3b294b962c1328e847edfedfdc86475998d79b3d6b5c02b1894d899f1cb6de01936f093251713659aa481923

Download Submit
\Windows\system\HuEiNjX.exe

Filesize
6.0MB

MD5
b4fb8ff1e139b5b79d19ebf82321d368

SHA1
a8bb6cd871893d0aa5f8a0524c8fd0911266945a

SHA256
b5c619e5f3edeb284d4476204c30f062740a50c4ebe835427e64a0b3e71bc83b

SHA512
6fe916155c878b6bbd06c133ee97ac0d7f3b02f3a57059183f06ad1872a600dee17acb0b8a7e1b76f743c5a82aa490a06c36414eec4bc723a0ab6490c3958e9f

Download Submit
\Windows\system\JtcWyWh.exe

Filesize
6.0MB

MD5
cce9817644dd274f2d1ee481126c62ed

SHA1
095abbf991eb3e81d7cdda747f69a62590009bce

SHA256
ed29283610186e3ac110dfa95136caa4528242a23818e12356a0ca285b1e5495

SHA512
a07764ea6679c0156aa8f006825714dd943e7759eb4511450bd17229aded1eb7e2c1865ba2c6975064601f9b89109ce0fc389686ffbda464f195961d6a581b45

Download Submit
\Windows\system\KgyetQo.exe

Filesize
6.0MB

MD5
52a279ff99380c464cd9d510995f8275

SHA1
7628cb9e181f8ff984b75786154f4fa968f6b648

SHA256
bf9ac8f2aec2f42a8d5a307e7598f03c7af60031e0d7f917cb9f011ecf17642e

SHA512
7aaf862d4694079702096d0e60b98218332a1b1249be4411de093493eb4187c55f486f0867ef25af1679714c15ada5bdbad6cdb637316ff714d751c5fe107450

Download Submit
\Windows\system\KleZiID.exe

Filesize
6.0MB

MD5
e616b3f56bb3a2c8dc089f19c31fef04

SHA1
d46835225d889b5d6f18c03ef4b5aa43328817e5

SHA256
1ae4db70a8fef463e0756bbc25ba33a9baf1adc92435b893e9fea1a463a5518b

SHA512
c59cb085be6499ec800943373db7059243d037bf04512162cc51ab0f716e098ba879c98a208398540102a3542fcd462677676bd9f419fe91ed1326659be8e351

Download Submit
\Windows\system\UMOKbOT.exe

Filesize
6.0MB

MD5
2af8d81b02576c71bd6965bc00837941

SHA1
4c7239513c4f2d7c18a2aad20772151c892d04c3

SHA256
e91f3ee67013485ec772983c0a5cd4261650a2ad2781800923efa9ae7c2b4885

SHA512
94fd72cb6d9c04f8ac13a154b7a1ea56097e06bc00ab94f2abe9dd93b3be32215ae9efb0cb603c857875ab61d45ce717af62b264131d43b96931a48976a0b977

Download Submit
\Windows\system\UbDyXTc.exe

Filesize
6.0MB

MD5
8656648f046d5ffe926b69daa35e6d58

SHA1
085349097055708b2fcf3abc4dfa3707803b8421

SHA256
3b03d3e91beac20eb08ca042a886828905c45d90a7124b9d858db2904af08088

SHA512
a2222c09323f0d6b58dd5307c5150ca54f1060200a947da677cb4d59f309e9d5dcc56bb963daf9b4f20f6a2773280507ae40fd1cb8c7cb5a275327c9b16b3c43

Download Submit
\Windows\system\XNYHZTI.exe

Filesize
6.0MB

MD5
3c0da8c32d3cec7e92745682f04864dc

SHA1
0a7cd23de2706f0c6f9e04e5f07fe76eaee9c756

SHA256
fbf3c04cd62a7b2157e9926df79c9869fdd21ee5a0703383fc580b48885bce84

SHA512
38457751c7c94140bc473ff9fea1d7f3172524e31ba7833fe17cdae45c30bfa6930433af88a32b74b08f42a346cf8cb431fef0acf2c4a8250c0b8e01779526fe

Download Submit
\Windows\system\bMwNiAf.exe

Filesize
6.0MB

MD5
5292d2415185eeff3677c7ae3c2e0160

SHA1
21c1abfb43c9d8aafd29435a8965c6aa5322a688

SHA256
817d69990b218fb8733401101535b0b07aec871489e8c9b651c90bed9cfa595b

SHA512
2369e195b28258e74a866e0bf7d6218571ecc607de1074c98f7078137273fc0434796555eeb856ecbfe06c94f59b1b448d9076b8964b68a62ef0590123fa4392

Download Submit
\Windows\system\cvsyult.exe

Filesize
6.0MB

MD5
20a579d9b6cde2f2e0825042a14db165

SHA1
7ae1e61a775509d831ff48aa020d6e59956d785f

SHA256
17e3b1c28eb1244400d8ccd6eb2450f47bc8ca96b48a8ac61108ad4a71520db1

SHA512
e406a47e8414fad948bbc6e8b0300cfda6ca69b6073f3e6f76678d76b3f2a165b7280b845f79b54770de2f7633b96adee1a8a2aaf9e1267d43c312d2c5c211a6

Download Submit
\Windows\system\jSFbjKX.exe

Filesize
6.0MB

MD5
f9c765ad1dc2019c7997b414ece71454

SHA1
f2421c469e426557ab4f2bbf8887ac0bfb0de839

SHA256
19fa3c014dbbcc9b61d6a316b378bc1238b76f004ef6b89f0002e8cb955510f3

SHA512
831ea852c2ba02a69c837fed76b2b663042a6fbabd512aa379ff2ea91bbdbb23ac2e8b1d89e901ee6c218d3a289cddaf52bfc4dda159cf4667578885a930cf05

Download Submit
\Windows\system\pCBgDud.exe

Filesize
6.0MB

MD5
37a0ec6ec113b9b99fd1394d31a2cb0e

SHA1
2e77eed43872f4ace0e1c480cec79e19a6bb2ed6

SHA256
bad5e440ce530096f71a6ea05bd12cf807121377560a8d4169fa0a0d21bc2faf

SHA512
59def81263461ce214aab7569d4d80d7915115721d25cb01a89f23f7e3b1c7bd2b42e03cee922b295896bd765187ce19083f9115f7f2964207dcbbc43ce39259

Download Submit
\Windows\system\srQizTF.exe

Filesize
6.0MB

MD5
895c3936f39d0cc01dbda2c1d4ea510b

SHA1
6dfa09535bb324bf43ec194463084ee9c268fd0a

SHA256
485dde4b4aa62f33c02f1ca048b226780d57719901e7bd283b9d64d705e22e49

SHA512
89d7d2e9c22e325a83a639f303e572b64bf504ffd029d76528157560c0bdea36f36879ccdc856763525f8a3b959aaa61e8f98dec24ae06d2497be4b453c32315

Download Submit
\Windows\system\tnNixlz.exe

Filesize
6.0MB

MD5
6190028872beff2cca97534d95b7ae0e

SHA1
c587f43ec29f63edb6420c29fef6cf1abef92590

SHA256
ad7d6524d4628543ae621c210ec55f3948cfabed37f5702a58a196f431e6a38f

SHA512
6a69b9a183f79be1d5fe9047f9a79f7956abb5b460de302b3626f52db82a6190d1238aaac7d8c647203620671dd8a3fa62fada040b6dabc3b504fc9f55b30886

Download Submit
\Windows\system\xhGuDbf.exe

Filesize
6.0MB

MD5
9e47677c5c41dc844552c4e3dc4b8187

SHA1
4f836bf516023c0cbe885d7e8d9c9013aa54b897

SHA256
55aeb7388800e398723e89bc058b6f872ef1fc019f5cab7e5f31378f755f7f2a

SHA512
7a9e0d14550e743c0d0dddc6b82ea800d48fff130320449c47fda1ab337663b0956e0f724ed26e6970887e38fc9948e4349bb30fc1cd1b4f1169f5e290c64a0c

Download Submit
\Windows\system\ySftYFH.exe

Filesize
6.0MB

MD5
a422596c00d7e9547cc8e82177d11dfc

SHA1
b8f4f8ac14e3a3ee0a4e38e75e203d8166a74ea9

SHA256
7b20febfca807f8d33a161e12abacd8ac90f441b329ece8b46b3f34a040603a5

SHA512
996681d06ea990f52993b0c47b03b57925112ee3580be6cfdab6d4ecd8f4b4f5ac7d305bd4b7f3e47e1f0c315bc6ffd27190198e30c10f33a762c1ea35fd7eff

Download Submit
memory/1048-98-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-843-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1048-0-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1048-100-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/1048-102-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1048-30-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1048-103-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/1048-104-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1048-41-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1048-106-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-107-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-57-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-49-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1048-123-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1048-951-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/1048-93-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1048-113-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1680-110-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2970-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2096-121-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2968-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2976-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-114-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-109-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2987-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2986-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-101-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-105-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2979-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2764-139-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2981-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2967-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2836-99-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2908-69-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2983-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2940-88-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2961-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-122-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2951-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-2964-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/3004-134-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/3052-2935-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/3052-117-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download