cobaltstrike | 6abb1a4aa24de8874b1b3243d25cfeffa0de9380dd3e905ee61f236572c1f633

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

613a5d27921653709a3f424d2bc30003
SHA1

f51b5f9f8be702f9133376fd791d06e1e131cc5f
SHA256

6abb1a4aa24de8874b1b3243d25cfeffa0de9380dd3e905ee61f236572c1f633
SHA512

7fb8895b4444299085578440318ce46a8762a3cdbb8c7fd0c1418ed63e3bf67de5402b15cfbb0bf16acb485fa65010a148cd35a053da7dd6859d98f3f6b0487b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d21-23.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d5e-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d42-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3a-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d31-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-9.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-67.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c9d-63.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-105.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1964-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016d0e-7.dat	xmrig
behavioral1/memory/2904-12-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2056-14-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2800-22-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2720-32-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d21-23.dat	xmrig
behavioral1/memory/1964-40-0x00000000024F0000-0x0000000002844000-memory.dmp	xmrig
behavioral1/memory/3008-42-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2904-51-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d5e-52.dat	xmrig
behavioral1/memory/1964-53-0x00000000024F0000-0x0000000002844000-memory.dmp	xmrig
behavioral1/memory/2832-50-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/1964-49-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d42-47.dat	xmrig
behavioral1/files/0x0007000000016d3a-41.dat	xmrig
behavioral1/memory/2760-39-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d31-31.dat	xmrig
behavioral1/files/0x0008000000016d18-9.dat	xmrig
behavioral1/memory/2096-58-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2616-66-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0005000000018683-67.dat	xmrig
behavioral1/files/0x0008000000016c9d-63.dat	xmrig
behavioral1/memory/2720-62-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1960-73-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e4-77.dat	xmrig
behavioral1/memory/1964-80-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/3008-72-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2484-81-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ea-82.dat	xmrig
behavioral1/memory/2420-87-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-88.dat	xmrig
behavioral1/memory/1596-93-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/1964-101-0x00000000024F0000-0x0000000002844000-memory.dmp	xmrig
behavioral1/files/0x000500000001873d-108.dat	xmrig
behavioral1/files/0x0006000000019023-153.dat	xmrig
behavioral1/files/0x000500000001878f-135.dat	xmrig
behavioral1/files/0x00050000000193e1-173.dat	xmrig
behavioral1/memory/2420-782-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/1596-909-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2056-3473-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2720-3500-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2832-3562-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2096-3713-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2616-3792-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2420-3965-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2792-3983-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/1960-3949-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/1596-3938-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2484-3942-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2760-3555-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/3008-3517-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2904-3491-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2800-3511-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2792-1141-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/1964-402-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/1960-264-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-192.dat	xmrig
behavioral1/files/0x0005000000019427-182.dat	xmrig
behavioral1/files/0x0005000000019431-186.dat	xmrig
behavioral1/files/0x00050000000193b4-170.dat	xmrig
behavioral1/files/0x0005000000019334-161.dat	xmrig
behavioral1/files/0x000500000001941e-177.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2904	lVPhjUB.exe
2056	mBjhTTV.exe
2800	clAdnIG.exe
2720	wuCuWUl.exe
2760	MKsgdKE.exe
3008	tQXvDfm.exe
2832	YMWRDRk.exe
2096	zFQICPH.exe
2616	JBMgwio.exe
1960	omOqEAX.exe
2484	tYDmOLr.exe
2420	jlfGWqD.exe
1596	nknfNlH.exe
2792	KUBWZQc.exe
2360	cYnqhWr.exe
1892	gptyRbp.exe
2700	cZeECny.exe
1700	seuIwPL.exe
2008	RehRzpi.exe
3048	EjHGDqj.exe
1688	CutmcKj.exe
3064	JRquMye.exe
2948	mCdqMTN.exe
2148	qFniJet.exe
2500	aptYaix.exe
2124	ZrRJJdB.exe
2092	ttnYZjC.exe
2128	MkNovIP.exe
644	pPYmGRh.exe
2584	iHcyHzw.exe
1952	WLzoPmS.exe
1308	qcXgfeH.exe
2304	jazMhII.exe
284	BmHWJGL.exe
1472	qXtyOTB.exe
2140	TmmHKUD.exe
1620	hTxQKZy.exe
324	fvhSbwh.exe
1264	rZnYBaO.exe
2120	RtIGnFZ.exe
2080	wutgFhh.exe
1296	HygFcIS.exe
3000	DmYcHEt.exe
2440	heqvCKY.exe
3060	pvUqNgY.exe
1972	eCJaPgm.exe
3052	tjTcxYp.exe
2384	cXDgPQu.exe
1644	cKGxcGs.exe
3040	FqYEAOB.exe
1524	SHPwpBg.exe
1332	jWjQqyj.exe
2520	EOUMAvI.exe
2244	KIFlfLb.exe
2896	VbijiGf.exe
2996	WUEUAvx.exe
1920	hEUxQbX.exe
2632	qyEAcTy.exe
2352	tzqfuXZ.exe
2888	FXWMVVI.exe
2980	cWIjIWk.exe
2900	ihfbdHM.exe
1248	AiIbdHc.exe
2028	dgptXEE.exe

Loads dropped DLL 64 IoCs

pid	Process
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1964-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000016d0e-7.dat	upx
behavioral1/memory/2904-12-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2056-14-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2800-22-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2720-32-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0008000000016d21-23.dat	upx
behavioral1/memory/3008-42-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2904-51-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0009000000016d5e-52.dat	upx
behavioral1/memory/2832-50-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/1964-49-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000016d42-47.dat	upx
behavioral1/files/0x0007000000016d3a-41.dat	upx
behavioral1/memory/2760-39-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0007000000016d31-31.dat	upx
behavioral1/files/0x0008000000016d18-9.dat	upx
behavioral1/memory/2096-58-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2616-66-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0005000000018683-67.dat	upx
behavioral1/files/0x0008000000016c9d-63.dat	upx
behavioral1/memory/2720-62-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1960-73-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x00050000000186e4-77.dat	upx
behavioral1/memory/3008-72-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2484-81-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x00050000000186ea-82.dat	upx
behavioral1/memory/2420-87-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-88.dat	upx
behavioral1/memory/1596-93-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000500000001873d-108.dat	upx
behavioral1/files/0x0006000000019023-153.dat	upx
behavioral1/files/0x000500000001878f-135.dat	upx
behavioral1/files/0x00050000000193e1-173.dat	upx
behavioral1/memory/2420-782-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/1596-909-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2056-3473-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2720-3500-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2832-3562-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2096-3713-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2616-3792-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2420-3965-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2792-3983-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/1960-3949-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/1596-3938-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2484-3942-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2760-3555-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/3008-3517-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2904-3491-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2800-3511-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2792-1141-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/1960-264-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0005000000019441-192.dat	upx
behavioral1/files/0x0005000000019427-182.dat	upx
behavioral1/files/0x0005000000019431-186.dat	upx
behavioral1/files/0x00050000000193b4-170.dat	upx
behavioral1/files/0x0005000000019334-161.dat	upx
behavioral1/files/0x000500000001941e-177.dat	upx
behavioral1/files/0x0005000000019261-158.dat	upx
behavioral1/files/0x00050000000193c2-164.dat	upx
behavioral1/files/0x00050000000187a5-124.dat	upx
behavioral1/files/0x0005000000019350-150.dat	upx
behavioral1/files/0x0005000000019282-149.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZeXYefa.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhXXdaR.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtHmdIk.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJSGdmL.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGabkIs.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJXgbGG.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNDwUmV.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBmbvpi.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYHNgsE.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSHaPrP.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZEImot.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHYOnpr.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoQZPDT.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjQrlnp.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYCQstQ.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmZdTCD.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pupqtps.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsgzHMC.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSIksQz.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfFDTSi.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZFCZOL.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtFNnOC.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBNapdn.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTBxZYe.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGwYQXi.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbWkWhU.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taMokrp.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heqvCKY.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyjuOLU.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsTkzcr.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPYownH.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWevirR.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZeECny.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZImrUv.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOfTsDJ.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgSlIto.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxIHMOZ.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiWrCDt.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfnQvOD.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VturVSj.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJBMkyy.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRStLnC.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWKUXLS.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUBWZQc.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXpBurL.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmfisYu.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWbxSTI.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtUVWwf.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEgKKOW.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHcyHzw.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLDouEj.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuGqqMB.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AeZPOut.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQCNdKc.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXIfrXr.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yaWDWJH.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMNTjnF.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkQgRvu.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLWHxQa.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJIfAEu.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvSrEmw.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxTZlwo.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyGyLMm.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwmRlIh.exe	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2904	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1964 wrote to memory of 2904	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1964 wrote to memory of 2904	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1964 wrote to memory of 2056	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1964 wrote to memory of 2056	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1964 wrote to memory of 2056	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1964 wrote to memory of 2800	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1964 wrote to memory of 2800	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1964 wrote to memory of 2800	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1964 wrote to memory of 2720	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1964 wrote to memory of 2720	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1964 wrote to memory of 2720	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1964 wrote to memory of 2760	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1964 wrote to memory of 2760	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1964 wrote to memory of 2760	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1964 wrote to memory of 3008	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1964 wrote to memory of 3008	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1964 wrote to memory of 3008	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1964 wrote to memory of 2832	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1964 wrote to memory of 2832	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1964 wrote to memory of 2832	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1964 wrote to memory of 2096	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1964 wrote to memory of 2096	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1964 wrote to memory of 2096	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1964 wrote to memory of 2616	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1964 wrote to memory of 2616	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1964 wrote to memory of 2616	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1964 wrote to memory of 1960	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1964 wrote to memory of 1960	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1964 wrote to memory of 1960	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1964 wrote to memory of 2484	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1964 wrote to memory of 2484	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1964 wrote to memory of 2484	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1964 wrote to memory of 2420	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1964 wrote to memory of 2420	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1964 wrote to memory of 2420	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1964 wrote to memory of 1596	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1964 wrote to memory of 1596	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1964 wrote to memory of 1596	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1964 wrote to memory of 2792	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1964 wrote to memory of 2792	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1964 wrote to memory of 2792	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1964 wrote to memory of 2360	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1964 wrote to memory of 2360	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1964 wrote to memory of 2360	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1964 wrote to memory of 1700	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1964 wrote to memory of 1700	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1964 wrote to memory of 1700	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1964 wrote to memory of 1892	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1964 wrote to memory of 1892	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1964 wrote to memory of 1892	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1964 wrote to memory of 2008	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1964 wrote to memory of 2008	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1964 wrote to memory of 2008	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1964 wrote to memory of 2700	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1964 wrote to memory of 2700	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1964 wrote to memory of 2700	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1964 wrote to memory of 2948	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1964 wrote to memory of 2948	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1964 wrote to memory of 2948	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1964 wrote to memory of 3048	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1964 wrote to memory of 3048	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1964 wrote to memory of 3048	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1964 wrote to memory of 2148	1964	2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-20_613a5d27921653709a3f424d2bc30003_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\System\lVPhjUB.exe
  C:\Windows\System\lVPhjUB.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\mBjhTTV.exe
  C:\Windows\System\mBjhTTV.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\clAdnIG.exe
  C:\Windows\System\clAdnIG.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\wuCuWUl.exe
  C:\Windows\System\wuCuWUl.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\MKsgdKE.exe
  C:\Windows\System\MKsgdKE.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\tQXvDfm.exe
  C:\Windows\System\tQXvDfm.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\YMWRDRk.exe
  C:\Windows\System\YMWRDRk.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\zFQICPH.exe
  C:\Windows\System\zFQICPH.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\JBMgwio.exe
  C:\Windows\System\JBMgwio.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\omOqEAX.exe
  C:\Windows\System\omOqEAX.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\tYDmOLr.exe
  C:\Windows\System\tYDmOLr.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\jlfGWqD.exe
  C:\Windows\System\jlfGWqD.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\nknfNlH.exe
  C:\Windows\System\nknfNlH.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\KUBWZQc.exe
  C:\Windows\System\KUBWZQc.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\cYnqhWr.exe
  C:\Windows\System\cYnqhWr.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\seuIwPL.exe
  C:\Windows\System\seuIwPL.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\gptyRbp.exe
  C:\Windows\System\gptyRbp.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\RehRzpi.exe
  C:\Windows\System\RehRzpi.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\cZeECny.exe
  C:\Windows\System\cZeECny.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\mCdqMTN.exe
  C:\Windows\System\mCdqMTN.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\EjHGDqj.exe
  C:\Windows\System\EjHGDqj.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\qFniJet.exe
  C:\Windows\System\qFniJet.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\CutmcKj.exe
  C:\Windows\System\CutmcKj.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\aptYaix.exe
  C:\Windows\System\aptYaix.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\JRquMye.exe
  C:\Windows\System\JRquMye.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ttnYZjC.exe
  C:\Windows\System\ttnYZjC.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\ZrRJJdB.exe
  C:\Windows\System\ZrRJJdB.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\MkNovIP.exe
  C:\Windows\System\MkNovIP.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\pPYmGRh.exe
  C:\Windows\System\pPYmGRh.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\iHcyHzw.exe
  C:\Windows\System\iHcyHzw.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\WLzoPmS.exe
  C:\Windows\System\WLzoPmS.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\qcXgfeH.exe
  C:\Windows\System\qcXgfeH.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\jazMhII.exe
  C:\Windows\System\jazMhII.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\BmHWJGL.exe
  C:\Windows\System\BmHWJGL.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\qXtyOTB.exe
  C:\Windows\System\qXtyOTB.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\TmmHKUD.exe
  C:\Windows\System\TmmHKUD.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\hTxQKZy.exe
  C:\Windows\System\hTxQKZy.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\fvhSbwh.exe
  C:\Windows\System\fvhSbwh.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\rZnYBaO.exe
  C:\Windows\System\rZnYBaO.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\RtIGnFZ.exe
  C:\Windows\System\RtIGnFZ.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\wutgFhh.exe
  C:\Windows\System\wutgFhh.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\HygFcIS.exe
  C:\Windows\System\HygFcIS.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\DmYcHEt.exe
  C:\Windows\System\DmYcHEt.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\heqvCKY.exe
  C:\Windows\System\heqvCKY.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\pvUqNgY.exe
  C:\Windows\System\pvUqNgY.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\eCJaPgm.exe
  C:\Windows\System\eCJaPgm.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\tjTcxYp.exe
  C:\Windows\System\tjTcxYp.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\cXDgPQu.exe
  C:\Windows\System\cXDgPQu.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\cKGxcGs.exe
  C:\Windows\System\cKGxcGs.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\FqYEAOB.exe
  C:\Windows\System\FqYEAOB.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\SHPwpBg.exe
  C:\Windows\System\SHPwpBg.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\jWjQqyj.exe
  C:\Windows\System\jWjQqyj.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\EOUMAvI.exe
  C:\Windows\System\EOUMAvI.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\KIFlfLb.exe
  C:\Windows\System\KIFlfLb.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\VbijiGf.exe
  C:\Windows\System\VbijiGf.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\WUEUAvx.exe
  C:\Windows\System\WUEUAvx.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\hEUxQbX.exe
  C:\Windows\System\hEUxQbX.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\qyEAcTy.exe
  C:\Windows\System\qyEAcTy.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\tzqfuXZ.exe
  C:\Windows\System\tzqfuXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\FXWMVVI.exe
  C:\Windows\System\FXWMVVI.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\cWIjIWk.exe
  C:\Windows\System\cWIjIWk.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\ihfbdHM.exe
  C:\Windows\System\ihfbdHM.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\AiIbdHc.exe
  C:\Windows\System\AiIbdHc.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\dgptXEE.exe
  C:\Windows\System\dgptXEE.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\loSBGLv.exe
  C:\Windows\System\loSBGLv.exe
  2⤵
  PID:2000
- C:\Windows\System\gaGkdmw.exe
  C:\Windows\System\gaGkdmw.exe
  2⤵
  PID:2972
- C:\Windows\System\xxyZjgZ.exe
  C:\Windows\System\xxyZjgZ.exe
  2⤵
  PID:2088
- C:\Windows\System\BOFWGmc.exe
  C:\Windows\System\BOFWGmc.exe
  2⤵
  PID:2060
- C:\Windows\System\COQcshj.exe
  C:\Windows\System\COQcshj.exe
  2⤵
  PID:1184
- C:\Windows\System\RmBnAor.exe
  C:\Windows\System\RmBnAor.exe
  2⤵
  PID:1772
- C:\Windows\System\pKbNyNT.exe
  C:\Windows\System\pKbNyNT.exe
  2⤵
  PID:2296
- C:\Windows\System\CCNvSDK.exe
  C:\Windows\System\CCNvSDK.exe
  2⤵
  PID:1564
- C:\Windows\System\nMavkwD.exe
  C:\Windows\System\nMavkwD.exe
  2⤵
  PID:1460
- C:\Windows\System\cyWpLSa.exe
  C:\Windows\System\cyWpLSa.exe
  2⤵
  PID:1172
- C:\Windows\System\lXwWVBj.exe
  C:\Windows\System\lXwWVBj.exe
  2⤵
  PID:2196
- C:\Windows\System\vyjuOLU.exe
  C:\Windows\System\vyjuOLU.exe
  2⤵
  PID:1784
- C:\Windows\System\TJVerZi.exe
  C:\Windows\System\TJVerZi.exe
  2⤵
  PID:1680
- C:\Windows\System\fKBduYR.exe
  C:\Windows\System\fKBduYR.exe
  2⤵
  PID:860
- C:\Windows\System\AMNTjnF.exe
  C:\Windows\System\AMNTjnF.exe
  2⤵
  PID:2480
- C:\Windows\System\lQcmxHB.exe
  C:\Windows\System\lQcmxHB.exe
  2⤵
  PID:2344
- C:\Windows\System\GxQpWdQ.exe
  C:\Windows\System\GxQpWdQ.exe
  2⤵
  PID:756
- C:\Windows\System\EbhOrHn.exe
  C:\Windows\System\EbhOrHn.exe
  2⤵
  PID:2508
- C:\Windows\System\tzyvWzZ.exe
  C:\Windows\System\tzyvWzZ.exe
  2⤵
  PID:276
- C:\Windows\System\SlLYrDT.exe
  C:\Windows\System\SlLYrDT.exe
  2⤵
  PID:1780
- C:\Windows\System\ylCXLeS.exe
  C:\Windows\System\ylCXLeS.exe
  2⤵
  PID:1932
- C:\Windows\System\kVttTUa.exe
  C:\Windows\System\kVttTUa.exe
  2⤵
  PID:1516
- C:\Windows\System\JCPLpac.exe
  C:\Windows\System\JCPLpac.exe
  2⤵
  PID:2308
- C:\Windows\System\iOfpkUF.exe
  C:\Windows\System\iOfpkUF.exe
  2⤵
  PID:2756
- C:\Windows\System\srJGvtj.exe
  C:\Windows\System\srJGvtj.exe
  2⤵
  PID:2848
- C:\Windows\System\bKYffgy.exe
  C:\Windows\System\bKYffgy.exe
  2⤵
  PID:2860
- C:\Windows\System\UXjAoSb.exe
  C:\Windows\System\UXjAoSb.exe
  2⤵
  PID:980
- C:\Windows\System\unaItyq.exe
  C:\Windows\System\unaItyq.exe
  2⤵
  PID:2136
- C:\Windows\System\ChmfBru.exe
  C:\Windows\System\ChmfBru.exe
  2⤵
  PID:2736
- C:\Windows\System\YPhqrgX.exe
  C:\Windows\System\YPhqrgX.exe
  2⤵
  PID:2512
- C:\Windows\System\vEZZvvV.exe
  C:\Windows\System\vEZZvvV.exe
  2⤵
  PID:2924
- C:\Windows\System\XiRzxTM.exe
  C:\Windows\System\XiRzxTM.exe
  2⤵
  PID:2100
- C:\Windows\System\LtcNVtd.exe
  C:\Windows\System\LtcNVtd.exe
  2⤵
  PID:1048
- C:\Windows\System\sENXZYi.exe
  C:\Windows\System\sENXZYi.exe
  2⤵
  PID:748
- C:\Windows\System\IViAxOF.exe
  C:\Windows\System\IViAxOF.exe
  2⤵
  PID:2132
- C:\Windows\System\QfoIvwJ.exe
  C:\Windows\System\QfoIvwJ.exe
  2⤵
  PID:580
- C:\Windows\System\CyHoyQk.exe
  C:\Windows\System\CyHoyQk.exe
  2⤵
  PID:2492
- C:\Windows\System\TipXVvx.exe
  C:\Windows\System\TipXVvx.exe
  2⤵
  PID:1820
- C:\Windows\System\WFxTzdT.exe
  C:\Windows\System\WFxTzdT.exe
  2⤵
  PID:2472
- C:\Windows\System\mksfFUU.exe
  C:\Windows\System\mksfFUU.exe
  2⤵
  PID:2976
- C:\Windows\System\zIvSVXR.exe
  C:\Windows\System\zIvSVXR.exe
  2⤵
  PID:1256
- C:\Windows\System\OiNQfvb.exe
  C:\Windows\System\OiNQfvb.exe
  2⤵
  PID:2288
- C:\Windows\System\idesjmw.exe
  C:\Windows\System\idesjmw.exe
  2⤵
  PID:1416
- C:\Windows\System\fRKKkLD.exe
  C:\Windows\System\fRKKkLD.exe
  2⤵
  PID:2428
- C:\Windows\System\tiZLhHk.exe
  C:\Windows\System\tiZLhHk.exe
  2⤵
  PID:2564
- C:\Windows\System\APFgvsY.exe
  C:\Windows\System\APFgvsY.exe
  2⤵
  PID:2804
- C:\Windows\System\xAoyMPn.exe
  C:\Windows\System\xAoyMPn.exe
  2⤵
  PID:2920
- C:\Windows\System\XdCJoVd.exe
  C:\Windows\System\XdCJoVd.exe
  2⤵
  PID:3084
- C:\Windows\System\FOgpuip.exe
  C:\Windows\System\FOgpuip.exe
  2⤵
  PID:3104
- C:\Windows\System\eYLHFyC.exe
  C:\Windows\System\eYLHFyC.exe
  2⤵
  PID:3124
- C:\Windows\System\TLnaXwn.exe
  C:\Windows\System\TLnaXwn.exe
  2⤵
  PID:3144
- C:\Windows\System\rbnPnEI.exe
  C:\Windows\System\rbnPnEI.exe
  2⤵
  PID:3164
- C:\Windows\System\JEtMkTt.exe
  C:\Windows\System\JEtMkTt.exe
  2⤵
  PID:3184
- C:\Windows\System\HoKOSdn.exe
  C:\Windows\System\HoKOSdn.exe
  2⤵
  PID:3204
- C:\Windows\System\qyRmyuy.exe
  C:\Windows\System\qyRmyuy.exe
  2⤵
  PID:3224
- C:\Windows\System\zbxXcfl.exe
  C:\Windows\System\zbxXcfl.exe
  2⤵
  PID:3244
- C:\Windows\System\TIIQZqt.exe
  C:\Windows\System\TIIQZqt.exe
  2⤵
  PID:3264
- C:\Windows\System\zjXCeOB.exe
  C:\Windows\System\zjXCeOB.exe
  2⤵
  PID:3284
- C:\Windows\System\nChqgpq.exe
  C:\Windows\System\nChqgpq.exe
  2⤵
  PID:3300
- C:\Windows\System\wQHruuQ.exe
  C:\Windows\System\wQHruuQ.exe
  2⤵
  PID:3324
- C:\Windows\System\CtqGxbl.exe
  C:\Windows\System\CtqGxbl.exe
  2⤵
  PID:3344
- C:\Windows\System\CUlOUrk.exe
  C:\Windows\System\CUlOUrk.exe
  2⤵
  PID:3364
- C:\Windows\System\dTNFNCK.exe
  C:\Windows\System\dTNFNCK.exe
  2⤵
  PID:3384
- C:\Windows\System\wpokAGo.exe
  C:\Windows\System\wpokAGo.exe
  2⤵
  PID:3404
- C:\Windows\System\BTGPLxj.exe
  C:\Windows\System\BTGPLxj.exe
  2⤵
  PID:3424
- C:\Windows\System\UmXHyvo.exe
  C:\Windows\System\UmXHyvo.exe
  2⤵
  PID:3444
- C:\Windows\System\YkiwvNR.exe
  C:\Windows\System\YkiwvNR.exe
  2⤵
  PID:3464
- C:\Windows\System\eYOdMEm.exe
  C:\Windows\System\eYOdMEm.exe
  2⤵
  PID:3484
- C:\Windows\System\FsTkzcr.exe
  C:\Windows\System\FsTkzcr.exe
  2⤵
  PID:3504
- C:\Windows\System\BucFiha.exe
  C:\Windows\System\BucFiha.exe
  2⤵
  PID:3524
- C:\Windows\System\ZEVTfYZ.exe
  C:\Windows\System\ZEVTfYZ.exe
  2⤵
  PID:3540
- C:\Windows\System\fPlGagx.exe
  C:\Windows\System\fPlGagx.exe
  2⤵
  PID:3560
- C:\Windows\System\dslRHGQ.exe
  C:\Windows\System\dslRHGQ.exe
  2⤵
  PID:3580
- C:\Windows\System\haNJZiB.exe
  C:\Windows\System\haNJZiB.exe
  2⤵
  PID:3596
- C:\Windows\System\TavWIAA.exe
  C:\Windows\System\TavWIAA.exe
  2⤵
  PID:3612
- C:\Windows\System\CArfrEA.exe
  C:\Windows\System\CArfrEA.exe
  2⤵
  PID:3636
- C:\Windows\System\kyNRwam.exe
  C:\Windows\System\kyNRwam.exe
  2⤵
  PID:3656
- C:\Windows\System\rxWWlUM.exe
  C:\Windows\System\rxWWlUM.exe
  2⤵
  PID:3676
- C:\Windows\System\bZImrUv.exe
  C:\Windows\System\bZImrUv.exe
  2⤵
  PID:3700
- C:\Windows\System\XqtfmYX.exe
  C:\Windows\System\XqtfmYX.exe
  2⤵
  PID:3716
- C:\Windows\System\XqcaUXd.exe
  C:\Windows\System\XqcaUXd.exe
  2⤵
  PID:3736
- C:\Windows\System\OyXfyKY.exe
  C:\Windows\System\OyXfyKY.exe
  2⤵
  PID:3756
- C:\Windows\System\kslrqoI.exe
  C:\Windows\System\kslrqoI.exe
  2⤵
  PID:3776
- C:\Windows\System\eKBsBeX.exe
  C:\Windows\System\eKBsBeX.exe
  2⤵
  PID:3792
- C:\Windows\System\KChUfCW.exe
  C:\Windows\System\KChUfCW.exe
  2⤵
  PID:3812
- C:\Windows\System\lVsjfMO.exe
  C:\Windows\System\lVsjfMO.exe
  2⤵
  PID:3832
- C:\Windows\System\zbjVguI.exe
  C:\Windows\System\zbjVguI.exe
  2⤵
  PID:3852
- C:\Windows\System\ZqcCRTB.exe
  C:\Windows\System\ZqcCRTB.exe
  2⤵
  PID:3872
- C:\Windows\System\sNpgPsi.exe
  C:\Windows\System\sNpgPsi.exe
  2⤵
  PID:3892
- C:\Windows\System\TKptBDA.exe
  C:\Windows\System\TKptBDA.exe
  2⤵
  PID:3912
- C:\Windows\System\gewfClW.exe
  C:\Windows\System\gewfClW.exe
  2⤵
  PID:3932
- C:\Windows\System\fnkWofn.exe
  C:\Windows\System\fnkWofn.exe
  2⤵
  PID:3948
- C:\Windows\System\tNwkIun.exe
  C:\Windows\System\tNwkIun.exe
  2⤵
  PID:3968
- C:\Windows\System\jQDrggk.exe
  C:\Windows\System\jQDrggk.exe
  2⤵
  PID:3988
- C:\Windows\System\HPYownH.exe
  C:\Windows\System\HPYownH.exe
  2⤵
  PID:4008
- C:\Windows\System\xqFpLBr.exe
  C:\Windows\System\xqFpLBr.exe
  2⤵
  PID:4024
- C:\Windows\System\XqKMyEF.exe
  C:\Windows\System\XqKMyEF.exe
  2⤵
  PID:4048
- C:\Windows\System\JeCcbTr.exe
  C:\Windows\System\JeCcbTr.exe
  2⤵
  PID:4068
- C:\Windows\System\gaatSNJ.exe
  C:\Windows\System\gaatSNJ.exe
  2⤵
  PID:4084
- C:\Windows\System\wJHgSKG.exe
  C:\Windows\System\wJHgSKG.exe
  2⤵
  PID:1128
- C:\Windows\System\UUTEQIW.exe
  C:\Windows\System\UUTEQIW.exe
  2⤵
  PID:1444
- C:\Windows\System\rCLGAhs.exe
  C:\Windows\System\rCLGAhs.exe
  2⤵
  PID:484
- C:\Windows\System\ErUIqcy.exe
  C:\Windows\System\ErUIqcy.exe
  2⤵
  PID:2164
- C:\Windows\System\vWYtGXw.exe
  C:\Windows\System\vWYtGXw.exe
  2⤵
  PID:2568
- C:\Windows\System\DeazmMk.exe
  C:\Windows\System\DeazmMk.exe
  2⤵
  PID:2796
- C:\Windows\System\CJhwmvc.exe
  C:\Windows\System\CJhwmvc.exe
  2⤵
  PID:2952
- C:\Windows\System\bPaoGej.exe
  C:\Windows\System\bPaoGej.exe
  2⤵
  PID:2268
- C:\Windows\System\UVrewvc.exe
  C:\Windows\System\UVrewvc.exe
  2⤵
  PID:1552
- C:\Windows\System\vopIYCQ.exe
  C:\Windows\System\vopIYCQ.exe
  2⤵
  PID:2644
- C:\Windows\System\CUuANbZ.exe
  C:\Windows\System\CUuANbZ.exe
  2⤵
  PID:2476
- C:\Windows\System\AxlbZFc.exe
  C:\Windows\System\AxlbZFc.exe
  2⤵
  PID:2328
- C:\Windows\System\sSMLpiG.exe
  C:\Windows\System\sSMLpiG.exe
  2⤵
  PID:3080
- C:\Windows\System\SYGwlBe.exe
  C:\Windows\System\SYGwlBe.exe
  2⤵
  PID:3092
- C:\Windows\System\AplWtgz.exe
  C:\Windows\System\AplWtgz.exe
  2⤵
  PID:3160
- C:\Windows\System\XiZDAbz.exe
  C:\Windows\System\XiZDAbz.exe
  2⤵
  PID:3136
- C:\Windows\System\qgAcFtY.exe
  C:\Windows\System\qgAcFtY.exe
  2⤵
  PID:3232
- C:\Windows\System\cZhlAAs.exe
  C:\Windows\System\cZhlAAs.exe
  2⤵
  PID:3276
- C:\Windows\System\EhMNyDP.exe
  C:\Windows\System\EhMNyDP.exe
  2⤵
  PID:3220
- C:\Windows\System\OVxMgmP.exe
  C:\Windows\System\OVxMgmP.exe
  2⤵
  PID:3308
- C:\Windows\System\HMVWHFu.exe
  C:\Windows\System\HMVWHFu.exe
  2⤵
  PID:3356
- C:\Windows\System\QRgxhcV.exe
  C:\Windows\System\QRgxhcV.exe
  2⤵
  PID:3396
- C:\Windows\System\KXZZrZh.exe
  C:\Windows\System\KXZZrZh.exe
  2⤵
  PID:1512
- C:\Windows\System\iZDZaMb.exe
  C:\Windows\System\iZDZaMb.exe
  2⤵
  PID:3512
- C:\Windows\System\LTZIADf.exe
  C:\Windows\System\LTZIADf.exe
  2⤵
  PID:3552
- C:\Windows\System\dPnVqVW.exe
  C:\Windows\System\dPnVqVW.exe
  2⤵
  PID:3592
- C:\Windows\System\yYHmwbL.exe
  C:\Windows\System\yYHmwbL.exe
  2⤵
  PID:3632
- C:\Windows\System\uuDZUHj.exe
  C:\Windows\System\uuDZUHj.exe
  2⤵
  PID:3376
- C:\Windows\System\JNCDqpd.exe
  C:\Windows\System\JNCDqpd.exe
  2⤵
  PID:3708
- C:\Windows\System\BEWDqqO.exe
  C:\Windows\System\BEWDqqO.exe
  2⤵
  PID:3452
- C:\Windows\System\mJsyqZd.exe
  C:\Windows\System\mJsyqZd.exe
  2⤵
  PID:3492
- C:\Windows\System\lTtsife.exe
  C:\Windows\System\lTtsife.exe
  2⤵
  PID:2180
- C:\Windows\System\arvNwMG.exe
  C:\Windows\System\arvNwMG.exe
  2⤵
  PID:3900
- C:\Windows\System\qyJIWNw.exe
  C:\Windows\System\qyJIWNw.exe
  2⤵
  PID:3944
- C:\Windows\System\FaEiqpU.exe
  C:\Windows\System\FaEiqpU.exe
  2⤵
  PID:4016
- C:\Windows\System\VkAPVRd.exe
  C:\Windows\System\VkAPVRd.exe
  2⤵
  PID:4064
- C:\Windows\System\eCAOthR.exe
  C:\Windows\System\eCAOthR.exe
  2⤵
  PID:1888
- C:\Windows\System\qesELTE.exe
  C:\Windows\System\qesELTE.exe
  2⤵
  PID:3608
- C:\Windows\System\MdaRcKd.exe
  C:\Windows\System\MdaRcKd.exe
  2⤵
  PID:2772
- C:\Windows\System\vbMKzxh.exe
  C:\Windows\System\vbMKzxh.exe
  2⤵
  PID:3200
- C:\Windows\System\JOFHNED.exe
  C:\Windows\System\JOFHNED.exe
  2⤵
  PID:804
- C:\Windows\System\DyoQhEu.exe
  C:\Windows\System\DyoQhEu.exe
  2⤵
  PID:3684
- C:\Windows\System\rRbxpaK.exe
  C:\Windows\System\rRbxpaK.exe
  2⤵
  PID:352
- C:\Windows\System\rkQgRvu.exe
  C:\Windows\System\rkQgRvu.exe
  2⤵
  PID:3728
- C:\Windows\System\SzwVuHS.exe
  C:\Windows\System\SzwVuHS.exe
  2⤵
  PID:3628
- C:\Windows\System\AQJCEkU.exe
  C:\Windows\System\AQJCEkU.exe
  2⤵
  PID:3456
- C:\Windows\System\wtgsENJ.exe
  C:\Windows\System\wtgsENJ.exe
  2⤵
  PID:3980
- C:\Windows\System\wsLLGmg.exe
  C:\Windows\System\wsLLGmg.exe
  2⤵
  PID:2820
- C:\Windows\System\FFYCMsW.exe
  C:\Windows\System\FFYCMsW.exe
  2⤵
  PID:3768
- C:\Windows\System\jnypuQz.exe
  C:\Windows\System\jnypuQz.exe
  2⤵
  PID:3996
- C:\Windows\System\tvkTEkl.exe
  C:\Windows\System\tvkTEkl.exe
  2⤵
  PID:3116
- C:\Windows\System\SNDmBFe.exe
  C:\Windows\System\SNDmBFe.exe
  2⤵
  PID:3236
- C:\Windows\System\ZeXYefa.exe
  C:\Windows\System\ZeXYefa.exe
  2⤵
  PID:3804
- C:\Windows\System\DgFYSVf.exe
  C:\Windows\System\DgFYSVf.exe
  2⤵
  PID:4044
- C:\Windows\System\cCAEGne.exe
  C:\Windows\System\cCAEGne.exe
  2⤵
  PID:3576
- C:\Windows\System\iEbyblS.exe
  C:\Windows\System\iEbyblS.exe
  2⤵
  PID:3848
- C:\Windows\System\cYreNPk.exe
  C:\Windows\System\cYreNPk.exe
  2⤵
  PID:3920
- C:\Windows\System\ZtHFTzA.exe
  C:\Windows\System\ZtHFTzA.exe
  2⤵
  PID:2168
- C:\Windows\System\ImqDDbA.exe
  C:\Windows\System\ImqDDbA.exe
  2⤵
  PID:4080
- C:\Windows\System\EqIpbGj.exe
  C:\Windows\System\EqIpbGj.exe
  2⤵
  PID:2548
- C:\Windows\System\JJgYVZe.exe
  C:\Windows\System\JJgYVZe.exe
  2⤵
  PID:2256
- C:\Windows\System\bXpBurL.exe
  C:\Windows\System\bXpBurL.exe
  2⤵
  PID:2684
- C:\Windows\System\LLBNCnH.exe
  C:\Windows\System\LLBNCnH.exe
  2⤵
  PID:3476
- C:\Windows\System\KWEXUGC.exe
  C:\Windows\System\KWEXUGC.exe
  2⤵
  PID:3588
- C:\Windows\System\oRKdvBF.exe
  C:\Windows\System\oRKdvBF.exe
  2⤵
  PID:3748
- C:\Windows\System\MmqcbiJ.exe
  C:\Windows\System\MmqcbiJ.exe
  2⤵
  PID:3904
- C:\Windows\System\OPBoBjt.exe
  C:\Windows\System\OPBoBjt.exe
  2⤵
  PID:3644
- C:\Windows\System\WhXDbxI.exe
  C:\Windows\System\WhXDbxI.exe
  2⤵
  PID:3672
- C:\Windows\System\nXKaDTI.exe
  C:\Windows\System\nXKaDTI.exe
  2⤵
  PID:1448
- C:\Windows\System\CqBtlJd.exe
  C:\Windows\System\CqBtlJd.exe
  2⤵
  PID:3172
- C:\Windows\System\cMMgoYS.exe
  C:\Windows\System\cMMgoYS.exe
  2⤵
  PID:2544
- C:\Windows\System\CZJoQvu.exe
  C:\Windows\System\CZJoQvu.exe
  2⤵
  PID:2928
- C:\Windows\System\FbFtiOM.exe
  C:\Windows\System\FbFtiOM.exe
  2⤵
  PID:3888
- C:\Windows\System\XirqOfM.exe
  C:\Windows\System\XirqOfM.exe
  2⤵
  PID:2312
- C:\Windows\System\czISQFM.exe
  C:\Windows\System\czISQFM.exe
  2⤵
  PID:3120
- C:\Windows\System\nYfermH.exe
  C:\Windows\System\nYfermH.exe
  2⤵
  PID:3880
- C:\Windows\System\KXdFZdr.exe
  C:\Windows\System\KXdFZdr.exe
  2⤵
  PID:1588
- C:\Windows\System\PSMwFkx.exe
  C:\Windows\System\PSMwFkx.exe
  2⤵
  PID:3744
- C:\Windows\System\HydlSyx.exe
  C:\Windows\System\HydlSyx.exe
  2⤵
  PID:408
- C:\Windows\System\HMahuMX.exe
  C:\Windows\System\HMahuMX.exe
  2⤵
  PID:2676
- C:\Windows\System\FjpAtJO.exe
  C:\Windows\System\FjpAtJO.exe
  2⤵
  PID:3764
- C:\Windows\System\MpAezDv.exe
  C:\Windows\System\MpAezDv.exe
  2⤵
  PID:4104
- C:\Windows\System\scuKEJF.exe
  C:\Windows\System\scuKEJF.exe
  2⤵
  PID:4120
- C:\Windows\System\OCdzrcC.exe
  C:\Windows\System\OCdzrcC.exe
  2⤵
  PID:4136
- C:\Windows\System\DlMuqnX.exe
  C:\Windows\System\DlMuqnX.exe
  2⤵
  PID:4152
- C:\Windows\System\xTIMWFI.exe
  C:\Windows\System\xTIMWFI.exe
  2⤵
  PID:4168
- C:\Windows\System\KuhUUFp.exe
  C:\Windows\System\KuhUUFp.exe
  2⤵
  PID:4184
- C:\Windows\System\bnjgfUZ.exe
  C:\Windows\System\bnjgfUZ.exe
  2⤵
  PID:4200
- C:\Windows\System\qysTIzB.exe
  C:\Windows\System\qysTIzB.exe
  2⤵
  PID:4216
- C:\Windows\System\fAKInMA.exe
  C:\Windows\System\fAKInMA.exe
  2⤵
  PID:4232
- C:\Windows\System\WQCddZI.exe
  C:\Windows\System\WQCddZI.exe
  2⤵
  PID:4248
- C:\Windows\System\CbZDrkf.exe
  C:\Windows\System\CbZDrkf.exe
  2⤵
  PID:4268
- C:\Windows\System\QcyFfZm.exe
  C:\Windows\System\QcyFfZm.exe
  2⤵
  PID:4284
- C:\Windows\System\JuPtmTs.exe
  C:\Windows\System\JuPtmTs.exe
  2⤵
  PID:4300
- C:\Windows\System\ljCFOHm.exe
  C:\Windows\System\ljCFOHm.exe
  2⤵
  PID:4316
- C:\Windows\System\LQbYWuz.exe
  C:\Windows\System\LQbYWuz.exe
  2⤵
  PID:4332
- C:\Windows\System\ivcYVMt.exe
  C:\Windows\System\ivcYVMt.exe
  2⤵
  PID:4348
- C:\Windows\System\BTVsUjV.exe
  C:\Windows\System\BTVsUjV.exe
  2⤵
  PID:4364
- C:\Windows\System\sYApoAB.exe
  C:\Windows\System\sYApoAB.exe
  2⤵
  PID:4380
- C:\Windows\System\FdYBFft.exe
  C:\Windows\System\FdYBFft.exe
  2⤵
  PID:4396
- C:\Windows\System\KRFVQoG.exe
  C:\Windows\System\KRFVQoG.exe
  2⤵
  PID:4412
- C:\Windows\System\OMjaQiL.exe
  C:\Windows\System\OMjaQiL.exe
  2⤵
  PID:4428
- C:\Windows\System\lXyheYx.exe
  C:\Windows\System\lXyheYx.exe
  2⤵
  PID:4444
- C:\Windows\System\QskaFqP.exe
  C:\Windows\System\QskaFqP.exe
  2⤵
  PID:4460
- C:\Windows\System\gencqCQ.exe
  C:\Windows\System\gencqCQ.exe
  2⤵
  PID:4480
- C:\Windows\System\EZycpXX.exe
  C:\Windows\System\EZycpXX.exe
  2⤵
  PID:4612
- C:\Windows\System\aeNKHgD.exe
  C:\Windows\System\aeNKHgD.exe
  2⤵
  PID:4680
- C:\Windows\System\evowEuk.exe
  C:\Windows\System\evowEuk.exe
  2⤵
  PID:4696
- C:\Windows\System\DbKPaCh.exe
  C:\Windows\System\DbKPaCh.exe
  2⤵
  PID:4720
- C:\Windows\System\wXpvxkb.exe
  C:\Windows\System\wXpvxkb.exe
  2⤵
  PID:4736
- C:\Windows\System\FTclGLs.exe
  C:\Windows\System\FTclGLs.exe
  2⤵
  PID:4760
- C:\Windows\System\lgDyRuA.exe
  C:\Windows\System\lgDyRuA.exe
  2⤵
  PID:4776
- C:\Windows\System\IYESByb.exe
  C:\Windows\System\IYESByb.exe
  2⤵
  PID:4792
- C:\Windows\System\iqeyODY.exe
  C:\Windows\System\iqeyODY.exe
  2⤵
  PID:4808
- C:\Windows\System\dGRSbeG.exe
  C:\Windows\System\dGRSbeG.exe
  2⤵
  PID:4836
- C:\Windows\System\norNLjr.exe
  C:\Windows\System\norNLjr.exe
  2⤵
  PID:4860
- C:\Windows\System\WAdNncM.exe
  C:\Windows\System\WAdNncM.exe
  2⤵
  PID:4880
- C:\Windows\System\ZZlaSGM.exe
  C:\Windows\System\ZZlaSGM.exe
  2⤵
  PID:4896
- C:\Windows\System\rxNHjQg.exe
  C:\Windows\System\rxNHjQg.exe
  2⤵
  PID:4912
- C:\Windows\System\KSFlBRu.exe
  C:\Windows\System\KSFlBRu.exe
  2⤵
  PID:4928
- C:\Windows\System\sKSEgXv.exe
  C:\Windows\System\sKSEgXv.exe
  2⤵
  PID:4944
- C:\Windows\System\vLWHxQa.exe
  C:\Windows\System\vLWHxQa.exe
  2⤵
  PID:4960
- C:\Windows\System\mOZILqG.exe
  C:\Windows\System\mOZILqG.exe
  2⤵
  PID:4976
- C:\Windows\System\EXBYkZm.exe
  C:\Windows\System\EXBYkZm.exe
  2⤵
  PID:4992
- C:\Windows\System\fkaLZFV.exe
  C:\Windows\System\fkaLZFV.exe
  2⤵
  PID:5008
- C:\Windows\System\jhwcitA.exe
  C:\Windows\System\jhwcitA.exe
  2⤵
  PID:5024
- C:\Windows\System\HinOYNx.exe
  C:\Windows\System\HinOYNx.exe
  2⤵
  PID:5040
- C:\Windows\System\NpVRxLY.exe
  C:\Windows\System\NpVRxLY.exe
  2⤵
  PID:5056
- C:\Windows\System\gNqhpWT.exe
  C:\Windows\System\gNqhpWT.exe
  2⤵
  PID:5072
- C:\Windows\System\dGrAJYQ.exe
  C:\Windows\System\dGrAJYQ.exe
  2⤵
  PID:5088
- C:\Windows\System\BFzIjHd.exe
  C:\Windows\System\BFzIjHd.exe
  2⤵
  PID:5116
- C:\Windows\System\wJnkWqU.exe
  C:\Windows\System\wJnkWqU.exe
  2⤵
  PID:4308
- C:\Windows\System\AcaQMJF.exe
  C:\Windows\System\AcaQMJF.exe
  2⤵
  PID:4376
- C:\Windows\System\MnhqRMp.exe
  C:\Windows\System\MnhqRMp.exe
  2⤵
  PID:4408
- C:\Windows\System\PdxEaWV.exe
  C:\Windows\System\PdxEaWV.exe
  2⤵
  PID:3696
- C:\Windows\System\iBaECdD.exe
  C:\Windows\System\iBaECdD.exe
  2⤵
  PID:2688
- C:\Windows\System\ltLydIn.exe
  C:\Windows\System\ltLydIn.exe
  2⤵
  PID:4092
- C:\Windows\System\ZmpPxVy.exe
  C:\Windows\System\ZmpPxVy.exe
  2⤵
  PID:3176
- C:\Windows\System\JqfKpiq.exe
  C:\Windows\System\JqfKpiq.exe
  2⤵
  PID:924
- C:\Windows\System\eguCzbg.exe
  C:\Windows\System\eguCzbg.exe
  2⤵
  PID:2108
- C:\Windows\System\WCIvBpl.exe
  C:\Windows\System\WCIvBpl.exe
  2⤵
  PID:892
- C:\Windows\System\HOoncxy.exe
  C:\Windows\System\HOoncxy.exe
  2⤵
  PID:3372
- C:\Windows\System\NNwwuak.exe
  C:\Windows\System\NNwwuak.exe
  2⤵
  PID:3096
- C:\Windows\System\mpirjSf.exe
  C:\Windows\System\mpirjSf.exe
  2⤵
  PID:4476
- C:\Windows\System\EnbBXzK.exe
  C:\Windows\System\EnbBXzK.exe
  2⤵
  PID:3624
- C:\Windows\System\ichgCqG.exe
  C:\Windows\System\ichgCqG.exe
  2⤵
  PID:3572
- C:\Windows\System\AjJasNi.exe
  C:\Windows\System\AjJasNi.exe
  2⤵
  PID:3472
- C:\Windows\System\GgSlIto.exe
  C:\Windows\System\GgSlIto.exe
  2⤵
  PID:3440
- C:\Windows\System\SZleZnx.exe
  C:\Windows\System\SZleZnx.exe
  2⤵
  PID:4128
- C:\Windows\System\FSpaZJy.exe
  C:\Windows\System\FSpaZJy.exe
  2⤵
  PID:4192
- C:\Windows\System\EBErFze.exe
  C:\Windows\System\EBErFze.exe
  2⤵
  PID:4256
- C:\Windows\System\ikrzwdM.exe
  C:\Windows\System\ikrzwdM.exe
  2⤵
  PID:4296
- C:\Windows\System\MjflVCt.exe
  C:\Windows\System\MjflVCt.exe
  2⤵
  PID:4360
- C:\Windows\System\JUXATYG.exe
  C:\Windows\System\JUXATYG.exe
  2⤵
  PID:4424
- C:\Windows\System\FKqCkLQ.exe
  C:\Windows\System\FKqCkLQ.exe
  2⤵
  PID:2768
- C:\Windows\System\NAMwVMp.exe
  C:\Windows\System\NAMwVMp.exe
  2⤵
  PID:4500
- C:\Windows\System\xGJIoCs.exe
  C:\Windows\System\xGJIoCs.exe
  2⤵
  PID:4516
- C:\Windows\System\ohQBnyU.exe
  C:\Windows\System\ohQBnyU.exe
  2⤵
  PID:4532
- C:\Windows\System\dZMQGzo.exe
  C:\Windows\System\dZMQGzo.exe
  2⤵
  PID:4548
- C:\Windows\System\nljXUWR.exe
  C:\Windows\System\nljXUWR.exe
  2⤵
  PID:4564
- C:\Windows\System\BoitgCO.exe
  C:\Windows\System\BoitgCO.exe
  2⤵
  PID:4580
- C:\Windows\System\tfAsGGX.exe
  C:\Windows\System\tfAsGGX.exe
  2⤵
  PID:4596
- C:\Windows\System\PXxxrat.exe
  C:\Windows\System\PXxxrat.exe
  2⤵
  PID:4624
- C:\Windows\System\pMcxqTe.exe
  C:\Windows\System\pMcxqTe.exe
  2⤵
  PID:4640
- C:\Windows\System\YLptyNH.exe
  C:\Windows\System\YLptyNH.exe
  2⤵
  PID:4656
- C:\Windows\System\HrHqLCI.exe
  C:\Windows\System\HrHqLCI.exe
  2⤵
  PID:1196
- C:\Windows\System\DsNVnrm.exe
  C:\Windows\System\DsNVnrm.exe
  2⤵
  PID:4676
- C:\Windows\System\LIbujRa.exe
  C:\Windows\System\LIbujRa.exe
  2⤵
  PID:2668
- C:\Windows\System\aTlUTsU.exe
  C:\Windows\System\aTlUTsU.exe
  2⤵
  PID:4692
- C:\Windows\System\qPLzNgt.exe
  C:\Windows\System\qPLzNgt.exe
  2⤵
  PID:4752
- C:\Windows\System\RAgJzof.exe
  C:\Windows\System\RAgJzof.exe
  2⤵
  PID:4788
- C:\Windows\System\RkNOtcd.exe
  C:\Windows\System\RkNOtcd.exe
  2⤵
  PID:4772
- C:\Windows\System\qKrdqKF.exe
  C:\Windows\System\qKrdqKF.exe
  2⤵
  PID:4824
- C:\Windows\System\UrTvgbE.exe
  C:\Windows\System\UrTvgbE.exe
  2⤵
  PID:4672
- C:\Windows\System\TsWKYxL.exe
  C:\Windows\System\TsWKYxL.exe
  2⤵
  PID:4904
- C:\Windows\System\diCqjOh.exe
  C:\Windows\System\diCqjOh.exe
  2⤵
  PID:4936
- C:\Windows\System\mwccnaP.exe
  C:\Windows\System\mwccnaP.exe
  2⤵
  PID:5000
- C:\Windows\System\zJIfAEu.exe
  C:\Windows\System\zJIfAEu.exe
  2⤵
  PID:5036
- C:\Windows\System\RXOaAUm.exe
  C:\Windows\System\RXOaAUm.exe
  2⤵
  PID:4984
- C:\Windows\System\ZpoqnIy.exe
  C:\Windows\System\ZpoqnIy.exe
  2⤵
  PID:5016
- C:\Windows\System\yGybove.exe
  C:\Windows\System\yGybove.exe
  2⤵
  PID:5052
- C:\Windows\System\crnabab.exe
  C:\Windows\System\crnabab.exe
  2⤵
  PID:5112
- C:\Windows\System\MSBuDmg.exe
  C:\Windows\System\MSBuDmg.exe
  2⤵
  PID:3340
- C:\Windows\System\rbpolvr.exe
  C:\Windows\System\rbpolvr.exe
  2⤵
  PID:3652
- C:\Windows\System\YVJYUNs.exe
  C:\Windows\System\YVJYUNs.exe
  2⤵
  PID:1812
- C:\Windows\System\GBzcTLp.exe
  C:\Windows\System\GBzcTLp.exe
  2⤵
  PID:1252
- C:\Windows\System\zuFMJTE.exe
  C:\Windows\System\zuFMJTE.exe
  2⤵
  PID:3400
- C:\Windows\System\DFquGXA.exe
  C:\Windows\System\DFquGXA.exe
  2⤵
  PID:4100
- C:\Windows\System\qSCWqjR.exe
  C:\Windows\System\qSCWqjR.exe
  2⤵
  PID:4264
- C:\Windows\System\pNvppCk.exe
  C:\Windows\System\pNvppCk.exe
  2⤵
  PID:4392
- C:\Windows\System\AlQvCbz.exe
  C:\Windows\System\AlQvCbz.exe
  2⤵
  PID:4420
- C:\Windows\System\ZYIHdqC.exe
  C:\Windows\System\ZYIHdqC.exe
  2⤵
  PID:4512
- C:\Windows\System\nLWnQKg.exe
  C:\Windows\System\nLWnQKg.exe
  2⤵
  PID:4556
- C:\Windows\System\kxvYenQ.exe
  C:\Windows\System\kxvYenQ.exe
  2⤵
  PID:4588
- C:\Windows\System\oZWmTLI.exe
  C:\Windows\System\oZWmTLI.exe
  2⤵
  PID:2372
- C:\Windows\System\BKTMSWf.exe
  C:\Windows\System\BKTMSWf.exe
  2⤵
  PID:4632
- C:\Windows\System\XvGtwff.exe
  C:\Windows\System\XvGtwff.exe
  2⤵
  PID:1732
- C:\Windows\System\qtKZHzI.exe
  C:\Windows\System\qtKZHzI.exe
  2⤵
  PID:4784
- C:\Windows\System\gyVQfBR.exe
  C:\Windows\System\gyVQfBR.exe
  2⤵
  PID:4876
- C:\Windows\System\fVeEAgo.exe
  C:\Windows\System\fVeEAgo.exe
  2⤵
  PID:4956
- C:\Windows\System\pJaZZyQ.exe
  C:\Windows\System\pJaZZyQ.exe
  2⤵
  PID:4768
- C:\Windows\System\zWEZeIA.exe
  C:\Windows\System\zWEZeIA.exe
  2⤵
  PID:4804
- C:\Windows\System\azSYTWT.exe
  C:\Windows\System\azSYTWT.exe
  2⤵
  PID:1544
- C:\Windows\System\RFpppKs.exe
  C:\Windows\System\RFpppKs.exe
  2⤵
  PID:4988
- C:\Windows\System\oBmtsSr.exe
  C:\Windows\System\oBmtsSr.exe
  2⤵
  PID:4116
- C:\Windows\System\LbMcAyD.exe
  C:\Windows\System\LbMcAyD.exe
  2⤵
  PID:4176
- C:\Windows\System\YgVHhvP.exe
  C:\Windows\System\YgVHhvP.exe
  2⤵
  PID:4240
- C:\Windows\System\aBYVfBZ.exe
  C:\Windows\System\aBYVfBZ.exe
  2⤵
  PID:4276
- C:\Windows\System\GQCMWBu.exe
  C:\Windows\System\GQCMWBu.exe
  2⤵
  PID:2320
- C:\Windows\System\FKZtdbP.exe
  C:\Windows\System\FKZtdbP.exe
  2⤵
  PID:3548
- C:\Windows\System\EoInVcx.exe
  C:\Windows\System\EoInVcx.exe
  2⤵
  PID:3112
- C:\Windows\System\VvbRHmp.exe
  C:\Windows\System\VvbRHmp.exe
  2⤵
  PID:1768
- C:\Windows\System\GNVtvsY.exe
  C:\Windows\System\GNVtvsY.exe
  2⤵
  PID:1668
- C:\Windows\System\terxNtq.exe
  C:\Windows\System\terxNtq.exe
  2⤵
  PID:1852
- C:\Windows\System\Pupqtps.exe
  C:\Windows\System\Pupqtps.exe
  2⤵
  PID:3436
- C:\Windows\System\qdEbNAH.exe
  C:\Windows\System\qdEbNAH.exe
  2⤵
  PID:4560
- C:\Windows\System\WlDsoIw.exe
  C:\Windows\System\WlDsoIw.exe
  2⤵
  PID:4968
- C:\Windows\System\WHcLHFt.exe
  C:\Windows\System\WHcLHFt.exe
  2⤵
  PID:4848
- C:\Windows\System\UCesFYe.exe
  C:\Windows\System\UCesFYe.exe
  2⤵
  PID:1708
- C:\Windows\System\ZmfisYu.exe
  C:\Windows\System\ZmfisYu.exe
  2⤵
  PID:4908
- C:\Windows\System\rLaTsly.exe
  C:\Windows\System\rLaTsly.exe
  2⤵
  PID:2156
- C:\Windows\System\LBWoLlb.exe
  C:\Windows\System\LBWoLlb.exe
  2⤵
  PID:3568
- C:\Windows\System\EJkPSwq.exe
  C:\Windows\System\EJkPSwq.exe
  2⤵
  PID:4456
- C:\Windows\System\kdikfDD.exe
  C:\Windows\System\kdikfDD.exe
  2⤵
  PID:4592
- C:\Windows\System\NqNENEW.exe
  C:\Windows\System\NqNENEW.exe
  2⤵
  PID:1796
- C:\Windows\System\rOdoHKV.exe
  C:\Windows\System\rOdoHKV.exe
  2⤵
  PID:3416
- C:\Windows\System\FfHAAjX.exe
  C:\Windows\System\FfHAAjX.exe
  2⤵
  PID:3828
- C:\Windows\System\AzwkdGb.exe
  C:\Windows\System\AzwkdGb.exe
  2⤵
  PID:4492
- C:\Windows\System\EcANgKZ.exe
  C:\Windows\System\EcANgKZ.exe
  2⤵
  PID:4920
- C:\Windows\System\nYgjoAU.exe
  C:\Windows\System\nYgjoAU.exe
  2⤵
  PID:2864
- C:\Windows\System\DAOZIDI.exe
  C:\Windows\System\DAOZIDI.exe
  2⤵
  PID:4728
- C:\Windows\System\PTImpwh.exe
  C:\Windows\System\PTImpwh.exe
  2⤵
  PID:4056
- C:\Windows\System\nhEWztj.exe
  C:\Windows\System\nhEWztj.exe
  2⤵
  PID:3140
- C:\Windows\System\iEFbZJL.exe
  C:\Windows\System\iEFbZJL.exe
  2⤵
  PID:4344
- C:\Windows\System\woTXIUJ.exe
  C:\Windows\System\woTXIUJ.exe
  2⤵
  PID:4040
- C:\Windows\System\flqKXlx.exe
  C:\Windows\System\flqKXlx.exe
  2⤵
  PID:4852
- C:\Windows\System\HcuLhMO.exe
  C:\Windows\System\HcuLhMO.exe
  2⤵
  PID:4688
- C:\Windows\System\YZlVZWj.exe
  C:\Windows\System\YZlVZWj.exe
  2⤵
  PID:2936
- C:\Windows\System\nVavtwK.exe
  C:\Windows\System\nVavtwK.exe
  2⤵
  PID:2112
- C:\Windows\System\OUvCmsb.exe
  C:\Windows\System\OUvCmsb.exe
  2⤵
  PID:4004
- C:\Windows\System\AWBhfee.exe
  C:\Windows\System\AWBhfee.exe
  2⤵
  PID:4816
- C:\Windows\System\hbJNvlQ.exe
  C:\Windows\System\hbJNvlQ.exe
  2⤵
  PID:4748
- C:\Windows\System\lcHIeVV.exe
  C:\Windows\System\lcHIeVV.exe
  2⤵
  PID:3604
- C:\Windows\System\uWWFIkc.exe
  C:\Windows\System\uWWFIkc.exe
  2⤵
  PID:4228
- C:\Windows\System\PKxJkGJ.exe
  C:\Windows\System\PKxJkGJ.exe
  2⤵
  PID:4508
- C:\Windows\System\ytdRyhQ.exe
  C:\Windows\System\ytdRyhQ.exe
  2⤵
  PID:4148
- C:\Windows\System\KPItXxj.exe
  C:\Windows\System\KPItXxj.exe
  2⤵
  PID:4244
- C:\Windows\System\ivEDqaQ.exe
  C:\Windows\System\ivEDqaQ.exe
  2⤵
  PID:3004
- C:\Windows\System\IWevirR.exe
  C:\Windows\System\IWevirR.exe
  2⤵
  PID:5156
- C:\Windows\System\guOStmY.exe
  C:\Windows\System\guOStmY.exe
  2⤵
  PID:5172
- C:\Windows\System\bMyWtAf.exe
  C:\Windows\System\bMyWtAf.exe
  2⤵
  PID:5188
- C:\Windows\System\qAjJins.exe
  C:\Windows\System\qAjJins.exe
  2⤵
  PID:5208
- C:\Windows\System\vvFtWeS.exe
  C:\Windows\System\vvFtWeS.exe
  2⤵
  PID:5224
- C:\Windows\System\oiQVNqG.exe
  C:\Windows\System\oiQVNqG.exe
  2⤵
  PID:5244
- C:\Windows\System\bjvgLHG.exe
  C:\Windows\System\bjvgLHG.exe
  2⤵
  PID:5264
- C:\Windows\System\sNvNlaV.exe
  C:\Windows\System\sNvNlaV.exe
  2⤵
  PID:5280
- C:\Windows\System\uOjLSxj.exe
  C:\Windows\System\uOjLSxj.exe
  2⤵
  PID:5296
- C:\Windows\System\NEaRcMZ.exe
  C:\Windows\System\NEaRcMZ.exe
  2⤵
  PID:5316
- C:\Windows\System\itqCtqR.exe
  C:\Windows\System\itqCtqR.exe
  2⤵
  PID:5332
- C:\Windows\System\uLgBAUx.exe
  C:\Windows\System\uLgBAUx.exe
  2⤵
  PID:5348
- C:\Windows\System\PuUbwTV.exe
  C:\Windows\System\PuUbwTV.exe
  2⤵
  PID:5368
- C:\Windows\System\coPKnUd.exe
  C:\Windows\System\coPKnUd.exe
  2⤵
  PID:5388
- C:\Windows\System\DNDwUmV.exe
  C:\Windows\System\DNDwUmV.exe
  2⤵
  PID:5412
- C:\Windows\System\nXthitZ.exe
  C:\Windows\System\nXthitZ.exe
  2⤵
  PID:5428
- C:\Windows\System\NRFCEaY.exe
  C:\Windows\System\NRFCEaY.exe
  2⤵
  PID:5444
- C:\Windows\System\otyKksm.exe
  C:\Windows\System\otyKksm.exe
  2⤵
  PID:5464
- C:\Windows\System\LJxJHGr.exe
  C:\Windows\System\LJxJHGr.exe
  2⤵
  PID:5488
- C:\Windows\System\DnhSotP.exe
  C:\Windows\System\DnhSotP.exe
  2⤵
  PID:5508
- C:\Windows\System\DmSvEYi.exe
  C:\Windows\System\DmSvEYi.exe
  2⤵
  PID:5528
- C:\Windows\System\qxIDlut.exe
  C:\Windows\System\qxIDlut.exe
  2⤵
  PID:5592
- C:\Windows\System\IqlLUNL.exe
  C:\Windows\System\IqlLUNL.exe
  2⤵
  PID:5612
- C:\Windows\System\cUpfHZD.exe
  C:\Windows\System\cUpfHZD.exe
  2⤵
  PID:5628
- C:\Windows\System\cGZmPrk.exe
  C:\Windows\System\cGZmPrk.exe
  2⤵
  PID:5644
- C:\Windows\System\WjHybRD.exe
  C:\Windows\System\WjHybRD.exe
  2⤵
  PID:5660
- C:\Windows\System\XiIywvz.exe
  C:\Windows\System\XiIywvz.exe
  2⤵
  PID:5676
- C:\Windows\System\zXxrrOQ.exe
  C:\Windows\System\zXxrrOQ.exe
  2⤵
  PID:5696
- C:\Windows\System\kTUNZKP.exe
  C:\Windows\System\kTUNZKP.exe
  2⤵
  PID:5712
- C:\Windows\System\tkluXTJ.exe
  C:\Windows\System\tkluXTJ.exe
  2⤵
  PID:5728
- C:\Windows\System\oexRNZq.exe
  C:\Windows\System\oexRNZq.exe
  2⤵
  PID:5784
- C:\Windows\System\rwRuNvf.exe
  C:\Windows\System\rwRuNvf.exe
  2⤵
  PID:5800
- C:\Windows\System\rYcmVey.exe
  C:\Windows\System\rYcmVey.exe
  2⤵
  PID:5816
- C:\Windows\System\ISjHePl.exe
  C:\Windows\System\ISjHePl.exe
  2⤵
  PID:5832
- C:\Windows\System\qqHNkhf.exe
  C:\Windows\System\qqHNkhf.exe
  2⤵
  PID:5848
- C:\Windows\System\Yyzzpiy.exe
  C:\Windows\System\Yyzzpiy.exe
  2⤵
  PID:5868
- C:\Windows\System\KYKmAQV.exe
  C:\Windows\System\KYKmAQV.exe
  2⤵
  PID:5888
- C:\Windows\System\FfBMoas.exe
  C:\Windows\System\FfBMoas.exe
  2⤵
  PID:5908
- C:\Windows\System\QhXXdaR.exe
  C:\Windows\System\QhXXdaR.exe
  2⤵
  PID:5924
- C:\Windows\System\MgLgxCq.exe
  C:\Windows\System\MgLgxCq.exe
  2⤵
  PID:5940
- C:\Windows\System\nydpHRV.exe
  C:\Windows\System\nydpHRV.exe
  2⤵
  PID:5956
- C:\Windows\System\aohNgfw.exe
  C:\Windows\System\aohNgfw.exe
  2⤵
  PID:5972
- C:\Windows\System\XkBZWjf.exe
  C:\Windows\System\XkBZWjf.exe
  2⤵
  PID:5992
- C:\Windows\System\qzeUmpC.exe
  C:\Windows\System\qzeUmpC.exe
  2⤵
  PID:6012
- C:\Windows\System\poNtCAL.exe
  C:\Windows\System\poNtCAL.exe
  2⤵
  PID:6076
- C:\Windows\System\CxqLidP.exe
  C:\Windows\System\CxqLidP.exe
  2⤵
  PID:6092
- C:\Windows\System\sTBxZYe.exe
  C:\Windows\System\sTBxZYe.exe
  2⤵
  PID:6108
- C:\Windows\System\JNcLWNF.exe
  C:\Windows\System\JNcLWNF.exe
  2⤵
  PID:6124
- C:\Windows\System\RkMCQpk.exe
  C:\Windows\System\RkMCQpk.exe
  2⤵
  PID:4648
- C:\Windows\System\PorzEIe.exe
  C:\Windows\System\PorzEIe.exe
  2⤵
  PID:1396
- C:\Windows\System\mgbmvPV.exe
  C:\Windows\System\mgbmvPV.exe
  2⤵
  PID:3460
- C:\Windows\System\ZABwHBv.exe
  C:\Windows\System\ZABwHBv.exe
  2⤵
  PID:4544
- C:\Windows\System\dJQNIrb.exe
  C:\Windows\System\dJQNIrb.exe
  2⤵
  PID:2764
- C:\Windows\System\DbkdfXd.exe
  C:\Windows\System\DbkdfXd.exe
  2⤵
  PID:5136
- C:\Windows\System\cYuhmBW.exe
  C:\Windows\System\cYuhmBW.exe
  2⤵
  PID:5152
- C:\Windows\System\IxIHMOZ.exe
  C:\Windows\System\IxIHMOZ.exe
  2⤵
  PID:5272
- C:\Windows\System\uUbTdQr.exe
  C:\Windows\System\uUbTdQr.exe
  2⤵
  PID:5312
- C:\Windows\System\FgFuRvc.exe
  C:\Windows\System\FgFuRvc.exe
  2⤵
  PID:5384
- C:\Windows\System\wmaBKBK.exe
  C:\Windows\System\wmaBKBK.exe
  2⤵
  PID:5452
- C:\Windows\System\KZxKUfJ.exe
  C:\Windows\System\KZxKUfJ.exe
  2⤵
  PID:5516
- C:\Windows\System\xqTzDXB.exe
  C:\Windows\System\xqTzDXB.exe
  2⤵
  PID:5216
- C:\Windows\System\LJzVHfl.exe
  C:\Windows\System\LJzVHfl.exe
  2⤵
  PID:5292
- C:\Windows\System\WPakvmQ.exe
  C:\Windows\System\WPakvmQ.exe
  2⤵
  PID:5396
- C:\Windows\System\OdGfiWi.exe
  C:\Windows\System\OdGfiWi.exe
  2⤵
  PID:5572
- C:\Windows\System\nLDouEj.exe
  C:\Windows\System\nLDouEj.exe
  2⤵
  PID:5504
- C:\Windows\System\OmJHSns.exe
  C:\Windows\System\OmJHSns.exe
  2⤵
  PID:5600
- C:\Windows\System\cDfeSLe.exe
  C:\Windows\System\cDfeSLe.exe
  2⤵
  PID:5360
- C:\Windows\System\Vsefczr.exe
  C:\Windows\System\Vsefczr.exe
  2⤵
  PID:5640
- C:\Windows\System\VDeoeOU.exe
  C:\Windows\System\VDeoeOU.exe
  2⤵
  PID:5560
- C:\Windows\System\WcRmPtH.exe
  C:\Windows\System\WcRmPtH.exe
  2⤵
  PID:5620
- C:\Windows\System\oVZiETh.exe
  C:\Windows\System\oVZiETh.exe
  2⤵
  PID:5692
- C:\Windows\System\AqPvpHs.exe
  C:\Windows\System\AqPvpHs.exe
  2⤵
  PID:5736
- C:\Windows\System\EaZxFIJ.exe
  C:\Windows\System\EaZxFIJ.exe
  2⤵
  PID:5756
- C:\Windows\System\PWrVdmK.exe
  C:\Windows\System\PWrVdmK.exe
  2⤵
  PID:5768
- C:\Windows\System\EDzIUrl.exe
  C:\Windows\System\EDzIUrl.exe
  2⤵
  PID:5844
- C:\Windows\System\iqmlDjC.exe
  C:\Windows\System\iqmlDjC.exe
  2⤵
  PID:5920
- C:\Windows\System\FjoVXoI.exe
  C:\Windows\System\FjoVXoI.exe
  2⤵
  PID:5980
- C:\Windows\System\JotJQBx.exe
  C:\Windows\System\JotJQBx.exe
  2⤵
  PID:6036
- C:\Windows\System\vcUkVcp.exe
  C:\Windows\System\vcUkVcp.exe
  2⤵
  PID:6060
- C:\Windows\System\QNOBLyU.exe
  C:\Windows\System\QNOBLyU.exe
  2⤵
  PID:5856
- C:\Windows\System\cfhxYmu.exe
  C:\Windows\System\cfhxYmu.exe
  2⤵
  PID:6104
- C:\Windows\System\ePLARtZ.exe
  C:\Windows\System\ePLARtZ.exe
  2⤵
  PID:5828
- C:\Windows\System\TcWzpkR.exe
  C:\Windows\System\TcWzpkR.exe
  2⤵
  PID:5932
- C:\Windows\System\JDRihCx.exe
  C:\Windows\System\JDRihCx.exe
  2⤵
  PID:4372
- C:\Windows\System\QnKFmQK.exe
  C:\Windows\System\QnKFmQK.exe
  2⤵
  PID:5032
- C:\Windows\System\KklAgdn.exe
  C:\Windows\System\KklAgdn.exe
  2⤵
  PID:6120
- C:\Windows\System\KjAOHAE.exe
  C:\Windows\System\KjAOHAE.exe
  2⤵
  PID:1876
- C:\Windows\System\basNLjJ.exe
  C:\Windows\System\basNLjJ.exe
  2⤵
  PID:5108
- C:\Windows\System\RZpiNvs.exe
  C:\Windows\System\RZpiNvs.exe
  2⤵
  PID:5164
- C:\Windows\System\dQYMVsl.exe
  C:\Windows\System\dQYMVsl.exe
  2⤵
  PID:5236
- C:\Windows\System\CxpcNof.exe
  C:\Windows\System\CxpcNof.exe
  2⤵
  PID:5184
- C:\Windows\System\SwUMZMT.exe
  C:\Windows\System\SwUMZMT.exe
  2⤵
  PID:5424
- C:\Windows\System\jUNpCVH.exe
  C:\Windows\System\jUNpCVH.exe
  2⤵
  PID:5568
- C:\Windows\System\wqcOjxz.exe
  C:\Windows\System\wqcOjxz.exe
  2⤵
  PID:5500
- C:\Windows\System\jqMsJCd.exe
  C:\Windows\System\jqMsJCd.exe
  2⤵
  PID:5460
- C:\Windows\System\TrkhlQr.exe
  C:\Windows\System\TrkhlQr.exe
  2⤵
  PID:5288
- C:\Windows\System\kshtwui.exe
  C:\Windows\System\kshtwui.exe
  2⤵
  PID:5256
- C:\Windows\System\TsYvxfh.exe
  C:\Windows\System\TsYvxfh.exe
  2⤵
  PID:5652
- C:\Windows\System\oLgNUMH.exe
  C:\Windows\System\oLgNUMH.exe
  2⤵
  PID:5536
- C:\Windows\System\yqryrHo.exe
  C:\Windows\System\yqryrHo.exe
  2⤵
  PID:676
- C:\Windows\System\wYJykZt.exe
  C:\Windows\System\wYJykZt.exe
  2⤵
  PID:5812
- C:\Windows\System\vtobSfx.exe
  C:\Windows\System\vtobSfx.exe
  2⤵
  PID:5792
- C:\Windows\System\dTgSQOJ.exe
  C:\Windows\System\dTgSQOJ.exe
  2⤵
  PID:2968
- C:\Windows\System\cqrAGpu.exe
  C:\Windows\System\cqrAGpu.exe
  2⤵
  PID:5764
- C:\Windows\System\OOZIvBu.exe
  C:\Windows\System\OOZIvBu.exe
  2⤵
  PID:5916
- C:\Windows\System\XVgtJNI.exe
  C:\Windows\System\XVgtJNI.exe
  2⤵
  PID:6024
- C:\Windows\System\taUBybe.exe
  C:\Windows\System\taUBybe.exe
  2⤵
  PID:6056
- C:\Windows\System\RJsfIeY.exe
  C:\Windows\System\RJsfIeY.exe
  2⤵
  PID:5864
- C:\Windows\System\DnxBgUu.exe
  C:\Windows\System\DnxBgUu.exe
  2⤵
  PID:4704
- C:\Windows\System\SUsyipw.exe
  C:\Windows\System\SUsyipw.exe
  2⤵
  PID:5128
- C:\Windows\System\npIlyeN.exe
  C:\Windows\System\npIlyeN.exe
  2⤵
  PID:6068
- C:\Windows\System\FSHvTrG.exe
  C:\Windows\System\FSHvTrG.exe
  2⤵
  PID:3964
- C:\Windows\System\udIdHko.exe
  C:\Windows\System\udIdHko.exe
  2⤵
  PID:5196
- C:\Windows\System\CYvuPzx.exe
  C:\Windows\System\CYvuPzx.exe
  2⤵
  PID:5420
- C:\Windows\System\wyMcYpd.exe
  C:\Windows\System\wyMcYpd.exe
  2⤵
  PID:5356
- C:\Windows\System\KAHwloQ.exe
  C:\Windows\System\KAHwloQ.exe
  2⤵
  PID:5824
- C:\Windows\System\kJwbqXR.exe
  C:\Windows\System\kJwbqXR.exe
  2⤵
  PID:5968
- C:\Windows\System\CrPvXcq.exe
  C:\Windows\System\CrPvXcq.exe
  2⤵
  PID:4280
- C:\Windows\System\HfQnTOT.exe
  C:\Windows\System\HfQnTOT.exe
  2⤵
  PID:4892
- C:\Windows\System\pZCjdOU.exe
  C:\Windows\System\pZCjdOU.exe
  2⤵
  PID:5808
- C:\Windows\System\zINIcKr.exe
  C:\Windows\System\zINIcKr.exe
  2⤵
  PID:5672
- C:\Windows\System\OkPoifL.exe
  C:\Windows\System\OkPoifL.exe
  2⤵
  PID:5984
- C:\Windows\System\CShIvYq.exe
  C:\Windows\System\CShIvYq.exe
  2⤵
  PID:5132
- C:\Windows\System\SlsFYxd.exe
  C:\Windows\System\SlsFYxd.exe
  2⤵
  PID:5952
- C:\Windows\System\hNHlCJR.exe
  C:\Windows\System\hNHlCJR.exe
  2⤵
  PID:6020
- C:\Windows\System\czLIWgg.exe
  C:\Windows\System\czLIWgg.exe
  2⤵
  PID:6100
- C:\Windows\System\TyuseDh.exe
  C:\Windows\System\TyuseDh.exe
  2⤵
  PID:5496
- C:\Windows\System\YImCOAJ.exe
  C:\Windows\System\YImCOAJ.exe
  2⤵
  PID:5484
- C:\Windows\System\iGgCfYZ.exe
  C:\Windows\System\iGgCfYZ.exe
  2⤵
  PID:1808
- C:\Windows\System\bKBhrJR.exe
  C:\Windows\System\bKBhrJR.exe
  2⤵
  PID:5148
- C:\Windows\System\XfQwFCH.exe
  C:\Windows\System\XfQwFCH.exe
  2⤵
  PID:5636
- C:\Windows\System\IxADPyk.exe
  C:\Windows\System\IxADPyk.exe
  2⤵
  PID:5068
- C:\Windows\System\BWqfijC.exe
  C:\Windows\System\BWqfijC.exe
  2⤵
  PID:5168
- C:\Windows\System\UPqWqES.exe
  C:\Windows\System\UPqWqES.exe
  2⤵
  PID:5556
- C:\Windows\System\PhGEYdd.exe
  C:\Windows\System\PhGEYdd.exe
  2⤵
  PID:6152
- C:\Windows\System\lNXONpk.exe
  C:\Windows\System\lNXONpk.exe
  2⤵
  PID:6172
- C:\Windows\System\brMatOu.exe
  C:\Windows\System\brMatOu.exe
  2⤵
  PID:6188
- C:\Windows\System\TTryBhM.exe
  C:\Windows\System\TTryBhM.exe
  2⤵
  PID:6204
- C:\Windows\System\CGUMdIk.exe
  C:\Windows\System\CGUMdIk.exe
  2⤵
  PID:6220
- C:\Windows\System\SqUnxwt.exe
  C:\Windows\System\SqUnxwt.exe
  2⤵
  PID:6236
- C:\Windows\System\AIPzviL.exe
  C:\Windows\System\AIPzviL.exe
  2⤵
  PID:6252
- C:\Windows\System\nKHebNI.exe
  C:\Windows\System\nKHebNI.exe
  2⤵
  PID:6268
- C:\Windows\System\VOcApij.exe
  C:\Windows\System\VOcApij.exe
  2⤵
  PID:6284
- C:\Windows\System\yWymHRf.exe
  C:\Windows\System\yWymHRf.exe
  2⤵
  PID:6300
- C:\Windows\System\DuKqZRv.exe
  C:\Windows\System\DuKqZRv.exe
  2⤵
  PID:6316
- C:\Windows\System\GMHeuLN.exe
  C:\Windows\System\GMHeuLN.exe
  2⤵
  PID:6332
- C:\Windows\System\awisUiR.exe
  C:\Windows\System\awisUiR.exe
  2⤵
  PID:6348
- C:\Windows\System\mXujofx.exe
  C:\Windows\System\mXujofx.exe
  2⤵
  PID:6364
- C:\Windows\System\izDMtga.exe
  C:\Windows\System\izDMtga.exe
  2⤵
  PID:6380
- C:\Windows\System\wgbPdrH.exe
  C:\Windows\System\wgbPdrH.exe
  2⤵
  PID:6396
- C:\Windows\System\avNaaAZ.exe
  C:\Windows\System\avNaaAZ.exe
  2⤵
  PID:6412
- C:\Windows\System\cgCMiVk.exe
  C:\Windows\System\cgCMiVk.exe
  2⤵
  PID:6428
- C:\Windows\System\eteLVic.exe
  C:\Windows\System\eteLVic.exe
  2⤵
  PID:6444
- C:\Windows\System\NscOqwH.exe
  C:\Windows\System\NscOqwH.exe
  2⤵
  PID:6460
- C:\Windows\System\MFuELZj.exe
  C:\Windows\System\MFuELZj.exe
  2⤵
  PID:6480
- C:\Windows\System\QbTGBez.exe
  C:\Windows\System\QbTGBez.exe
  2⤵
  PID:6500
- C:\Windows\System\ANdFfSE.exe
  C:\Windows\System\ANdFfSE.exe
  2⤵
  PID:6520
- C:\Windows\System\POkwcJX.exe
  C:\Windows\System\POkwcJX.exe
  2⤵
  PID:6540
- C:\Windows\System\fNaQkYI.exe
  C:\Windows\System\fNaQkYI.exe
  2⤵
  PID:6556
- C:\Windows\System\EYRFtCw.exe
  C:\Windows\System\EYRFtCw.exe
  2⤵
  PID:6572
- C:\Windows\System\VpvvwCt.exe
  C:\Windows\System\VpvvwCt.exe
  2⤵
  PID:6588
- C:\Windows\System\lMwbUPm.exe
  C:\Windows\System\lMwbUPm.exe
  2⤵
  PID:6604
- C:\Windows\System\SCbyhWR.exe
  C:\Windows\System\SCbyhWR.exe
  2⤵
  PID:6620
- C:\Windows\System\ZYNSzIF.exe
  C:\Windows\System\ZYNSzIF.exe
  2⤵
  PID:6636
- C:\Windows\System\raWBbul.exe
  C:\Windows\System\raWBbul.exe
  2⤵
  PID:6652
- C:\Windows\System\tFcIWXP.exe
  C:\Windows\System\tFcIWXP.exe
  2⤵
  PID:6668
- C:\Windows\System\EJgCuqR.exe
  C:\Windows\System\EJgCuqR.exe
  2⤵
  PID:6684
- C:\Windows\System\rrqgESW.exe
  C:\Windows\System\rrqgESW.exe
  2⤵
  PID:6700
- C:\Windows\System\sUmVAVu.exe
  C:\Windows\System\sUmVAVu.exe
  2⤵
  PID:6808
- C:\Windows\System\KOxGdco.exe
  C:\Windows\System\KOxGdco.exe
  2⤵
  PID:6832
- C:\Windows\System\vWTeQNU.exe
  C:\Windows\System\vWTeQNU.exe
  2⤵
  PID:6848
- C:\Windows\System\XvuwMvA.exe
  C:\Windows\System\XvuwMvA.exe
  2⤵
  PID:6868
- C:\Windows\System\YqrlIUS.exe
  C:\Windows\System\YqrlIUS.exe
  2⤵
  PID:6884
- C:\Windows\System\IsDiwVY.exe
  C:\Windows\System\IsDiwVY.exe
  2⤵
  PID:6900
- C:\Windows\System\orhKqhF.exe
  C:\Windows\System\orhKqhF.exe
  2⤵
  PID:6916
- C:\Windows\System\SDUIHWn.exe
  C:\Windows\System\SDUIHWn.exe
  2⤵
  PID:6932
- C:\Windows\System\HSCRfrK.exe
  C:\Windows\System\HSCRfrK.exe
  2⤵
  PID:6948
- C:\Windows\System\TuGqqMB.exe
  C:\Windows\System\TuGqqMB.exe
  2⤵
  PID:6964
- C:\Windows\System\qIRMuif.exe
  C:\Windows\System\qIRMuif.exe
  2⤵
  PID:6980
- C:\Windows\System\zpfCYLT.exe
  C:\Windows\System\zpfCYLT.exe
  2⤵
  PID:7000
- C:\Windows\System\CtHmdIk.exe
  C:\Windows\System\CtHmdIk.exe
  2⤵
  PID:7016
- C:\Windows\System\pEYQdPO.exe
  C:\Windows\System\pEYQdPO.exe
  2⤵
  PID:7032
- C:\Windows\System\IksojJZ.exe
  C:\Windows\System\IksojJZ.exe
  2⤵
  PID:7048
- C:\Windows\System\OMEvSXD.exe
  C:\Windows\System\OMEvSXD.exe
  2⤵
  PID:7064
- C:\Windows\System\QtQfZrS.exe
  C:\Windows\System\QtQfZrS.exe
  2⤵
  PID:7080
- C:\Windows\System\NTcVoEE.exe
  C:\Windows\System\NTcVoEE.exe
  2⤵
  PID:7096
- C:\Windows\System\JmgsSXt.exe
  C:\Windows\System\JmgsSXt.exe
  2⤵
  PID:7112
- C:\Windows\System\OSzybrz.exe
  C:\Windows\System\OSzybrz.exe
  2⤵
  PID:5884
- C:\Windows\System\znCrhcC.exe
  C:\Windows\System\znCrhcC.exe
  2⤵
  PID:6136
- C:\Windows\System\JRzBCJV.exe
  C:\Windows\System\JRzBCJV.exe
  2⤵
  PID:6140
- C:\Windows\System\GZIbVCb.exe
  C:\Windows\System\GZIbVCb.exe
  2⤵
  PID:6244
- C:\Windows\System\UxxuNOs.exe
  C:\Windows\System\UxxuNOs.exe
  2⤵
  PID:1728
- C:\Windows\System\ZiWrCDt.exe
  C:\Windows\System\ZiWrCDt.exe
  2⤵
  PID:6344
- C:\Windows\System\tQhzYkq.exe
  C:\Windows\System\tQhzYkq.exe
  2⤵
  PID:6260
- C:\Windows\System\PcLhtYy.exe
  C:\Windows\System\PcLhtYy.exe
  2⤵
  PID:6296
- C:\Windows\System\qfgBQcQ.exe
  C:\Windows\System\qfgBQcQ.exe
  2⤵
  PID:6356
- C:\Windows\System\vMhPpys.exe
  C:\Windows\System\vMhPpys.exe
  2⤵
  PID:6408
- C:\Windows\System\GzNkrVk.exe
  C:\Windows\System\GzNkrVk.exe
  2⤵
  PID:6468
- C:\Windows\System\bAVlYwl.exe
  C:\Windows\System\bAVlYwl.exe
  2⤵
  PID:6476
- C:\Windows\System\VQlgsMF.exe
  C:\Windows\System\VQlgsMF.exe
  2⤵
  PID:6580
- C:\Windows\System\Atnwket.exe
  C:\Windows\System\Atnwket.exe
  2⤵
  PID:6536
- C:\Windows\System\IriaNZn.exe
  C:\Windows\System\IriaNZn.exe
  2⤵
  PID:6644
- C:\Windows\System\neWWPRl.exe
  C:\Windows\System\neWWPRl.exe
  2⤵
  PID:872
- C:\Windows\System\qsbTPku.exe
  C:\Windows\System\qsbTPku.exe
  2⤵
  PID:6664
- C:\Windows\System\SUJGNBr.exe
  C:\Windows\System\SUJGNBr.exe
  2⤵
  PID:6600
- C:\Windows\System\PAqhzQJ.exe
  C:\Windows\System\PAqhzQJ.exe
  2⤵
  PID:6720
- C:\Windows\System\MniVhmA.exe
  C:\Windows\System\MniVhmA.exe
  2⤵
  PID:6744
- C:\Windows\System\SaVqTcy.exe
  C:\Windows\System\SaVqTcy.exe
  2⤵
  PID:6752
- C:\Windows\System\JGPSoLH.exe
  C:\Windows\System\JGPSoLH.exe
  2⤵
  PID:6768
- C:\Windows\System\owxQuiF.exe
  C:\Windows\System\owxQuiF.exe
  2⤵
  PID:6784
- C:\Windows\System\Wekvtmd.exe
  C:\Windows\System\Wekvtmd.exe
  2⤵
  PID:6804
- C:\Windows\System\jJMGUbk.exe
  C:\Windows\System\jJMGUbk.exe
  2⤵
  PID:6824
- C:\Windows\System\LGMmPOb.exe
  C:\Windows\System\LGMmPOb.exe
  2⤵
  PID:6860
- C:\Windows\System\LWBRvcy.exe
  C:\Windows\System\LWBRvcy.exe
  2⤵
  PID:6880
- C:\Windows\System\gytyIZe.exe
  C:\Windows\System\gytyIZe.exe
  2⤵
  PID:6944
- C:\Windows\System\HofylNA.exe
  C:\Windows\System\HofylNA.exe
  2⤵
  PID:7012
- C:\Windows\System\vXTHnRl.exe
  C:\Windows\System\vXTHnRl.exe
  2⤵
  PID:6956
- C:\Windows\System\LGqTHSK.exe
  C:\Windows\System\LGqTHSK.exe
  2⤵
  PID:6996
- C:\Windows\System\raEmbFV.exe
  C:\Windows\System\raEmbFV.exe
  2⤵
  PID:6928
- C:\Windows\System\eajGSjn.exe
  C:\Windows\System\eajGSjn.exe
  2⤵
  PID:7056
- C:\Windows\System\bZbaoHV.exe
  C:\Windows\System\bZbaoHV.exe
  2⤵
  PID:7104
- C:\Windows\System\eDsYnJG.exe
  C:\Windows\System\eDsYnJG.exe
  2⤵
  PID:7128
- C:\Windows\System\dTOnPjc.exe
  C:\Windows\System\dTOnPjc.exe
  2⤵
  PID:7144
- C:\Windows\System\GpqtAtq.exe
  C:\Windows\System\GpqtAtq.exe
  2⤵
  PID:5988
- C:\Windows\System\ODeDFYm.exe
  C:\Windows\System\ODeDFYm.exe
  2⤵
  PID:5704
- C:\Windows\System\nEPzCZg.exe
  C:\Windows\System\nEPzCZg.exe
  2⤵
  PID:6160
- C:\Windows\System\nthZNcG.exe
  C:\Windows\System\nthZNcG.exe
  2⤵
  PID:6212
- C:\Windows\System\XjLttwM.exe
  C:\Windows\System\XjLttwM.exe
  2⤵
  PID:4112
- C:\Windows\System\LUSRmJH.exe
  C:\Windows\System\LUSRmJH.exe
  2⤵
  PID:1488
- C:\Windows\System\SZoLsqF.exe
  C:\Windows\System\SZoLsqF.exe
  2⤵
  PID:6388
- C:\Windows\System\lueusQi.exe
  C:\Windows\System\lueusQi.exe
  2⤵
  PID:6324
- C:\Windows\System\jEHZRwX.exe
  C:\Windows\System\jEHZRwX.exe
  2⤵
  PID:6512
- C:\Windows\System\pKHBrrc.exe
  C:\Windows\System\pKHBrrc.exe
  2⤵
  PID:6456
- C:\Windows\System\mRZzthV.exe
  C:\Windows\System\mRZzthV.exe
  2⤵
  PID:6196
- C:\Windows\System\EOvlPjp.exe
  C:\Windows\System\EOvlPjp.exe
  2⤵
  PID:6496
- C:\Windows\System\wfNrSDb.exe
  C:\Windows\System\wfNrSDb.exe
  2⤵
  PID:6676
- C:\Windows\System\KPgxlmK.exe
  C:\Windows\System\KPgxlmK.exe
  2⤵
  PID:6632
- C:\Windows\System\Xlakzgu.exe
  C:\Windows\System\Xlakzgu.exe
  2⤵
  PID:6628
- C:\Windows\System\CngSphB.exe
  C:\Windows\System\CngSphB.exe
  2⤵
  PID:6708
- C:\Windows\System\JqQZbjp.exe
  C:\Windows\System\JqQZbjp.exe
  2⤵
  PID:6856
- C:\Windows\System\ThfcdUf.exe
  C:\Windows\System\ThfcdUf.exe
  2⤵
  PID:6896
- C:\Windows\System\JAYzICm.exe
  C:\Windows\System\JAYzICm.exe
  2⤵
  PID:7092
- C:\Windows\System\TErCVbv.exe
  C:\Windows\System\TErCVbv.exe
  2⤵
  PID:6816
- C:\Windows\System\gfrrVkh.exe
  C:\Windows\System\gfrrVkh.exe
  2⤵
  PID:6776
- C:\Windows\System\RHBceez.exe
  C:\Windows\System\RHBceez.exe
  2⤵
  PID:7008
- C:\Windows\System\LywqIaw.exe
  C:\Windows\System\LywqIaw.exe
  2⤵
  PID:7120
- C:\Windows\System\adzezlD.exe
  C:\Windows\System\adzezlD.exe
  2⤵
  PID:6148
- C:\Windows\System\uiMcjxn.exe
  C:\Windows\System\uiMcjxn.exe
  2⤵
  PID:6292
- C:\Windows\System\wzDEvLL.exe
  C:\Windows\System\wzDEvLL.exe
  2⤵
  PID:7072
- C:\Windows\System\mlQnNed.exe
  C:\Windows\System\mlQnNed.exe
  2⤵
  PID:6232
- C:\Windows\System\KsgzHMC.exe
  C:\Windows\System\KsgzHMC.exe
  2⤵
  PID:6184
- C:\Windows\System\eMYWHwj.exe
  C:\Windows\System\eMYWHwj.exe
  2⤵
  PID:7076
- C:\Windows\System\PJgpoEY.exe
  C:\Windows\System\PJgpoEY.exe
  2⤵
  PID:6492
- C:\Windows\System\VYvMXYp.exe
  C:\Windows\System\VYvMXYp.exe
  2⤵
  PID:6760
- C:\Windows\System\HKVzwdx.exe
  C:\Windows\System\HKVzwdx.exe
  2⤵
  PID:6596
- C:\Windows\System\qBXCgCc.exe
  C:\Windows\System\qBXCgCc.exe
  2⤵
  PID:6748
- C:\Windows\System\TidqiSA.exe
  C:\Windows\System\TidqiSA.exe
  2⤵
  PID:6940
- C:\Windows\System\IpzJkwg.exe
  C:\Windows\System\IpzJkwg.exe
  2⤵
  PID:7156
- C:\Windows\System\CmOjIFE.exe
  C:\Windows\System\CmOjIFE.exe
  2⤵
  PID:6844
- C:\Windows\System\bnwliaz.exe
  C:\Windows\System\bnwliaz.exe
  2⤵
  PID:6228
- C:\Windows\System\zqOOPJE.exe
  C:\Windows\System\zqOOPJE.exe
  2⤵
  PID:6912
- C:\Windows\System\zAvkeOF.exe
  C:\Windows\System\zAvkeOF.exe
  2⤵
  PID:7136
- C:\Windows\System\sLHnoEj.exe
  C:\Windows\System\sLHnoEj.exe
  2⤵
  PID:6004
- C:\Windows\System\RCRXuZC.exe
  C:\Windows\System\RCRXuZC.exe
  2⤵
  PID:7140
- C:\Windows\System\iMCgvOr.exe
  C:\Windows\System\iMCgvOr.exe
  2⤵
  PID:6532
- C:\Windows\System\jKzHVaW.exe
  C:\Windows\System\jKzHVaW.exe
  2⤵
  PID:7164
- C:\Windows\System\oXcbDgA.exe
  C:\Windows\System\oXcbDgA.exe
  2⤵
  PID:6988
- C:\Windows\System\layhEXa.exe
  C:\Windows\System\layhEXa.exe
  2⤵
  PID:6360
- C:\Windows\System\svJgsGg.exe
  C:\Windows\System\svJgsGg.exe
  2⤵
  PID:7060
- C:\Windows\System\fUuDJfZ.exe
  C:\Windows\System\fUuDJfZ.exe
  2⤵
  PID:7176
- C:\Windows\System\ZvvuwDb.exe
  C:\Windows\System\ZvvuwDb.exe
  2⤵
  PID:7192
- C:\Windows\System\QBmbvpi.exe
  C:\Windows\System\QBmbvpi.exe
  2⤵
  PID:7208
- C:\Windows\System\DDhHxYa.exe
  C:\Windows\System\DDhHxYa.exe
  2⤵
  PID:7224
- C:\Windows\System\rDemaDi.exe
  C:\Windows\System\rDemaDi.exe
  2⤵
  PID:7240
- C:\Windows\System\REWIPCe.exe
  C:\Windows\System\REWIPCe.exe
  2⤵
  PID:7256
- C:\Windows\System\vguwWmZ.exe
  C:\Windows\System\vguwWmZ.exe
  2⤵
  PID:7272
- C:\Windows\System\IYHNgsE.exe
  C:\Windows\System\IYHNgsE.exe
  2⤵
  PID:7288
- C:\Windows\System\VggcfFX.exe
  C:\Windows\System\VggcfFX.exe
  2⤵
  PID:7304
- C:\Windows\System\XIsmWDl.exe
  C:\Windows\System\XIsmWDl.exe
  2⤵
  PID:7324
- C:\Windows\System\vIeFoFp.exe
  C:\Windows\System\vIeFoFp.exe
  2⤵
  PID:7340
- C:\Windows\System\PJtRGzS.exe
  C:\Windows\System\PJtRGzS.exe
  2⤵
  PID:7356
- C:\Windows\System\zoXlggN.exe
  C:\Windows\System\zoXlggN.exe
  2⤵
  PID:7372
- C:\Windows\System\kcuClAp.exe
  C:\Windows\System\kcuClAp.exe
  2⤵
  PID:7388
- C:\Windows\System\zrcFNUc.exe
  C:\Windows\System\zrcFNUc.exe
  2⤵
  PID:7404
- C:\Windows\System\nkwWQiP.exe
  C:\Windows\System\nkwWQiP.exe
  2⤵
  PID:7420
- C:\Windows\System\oRJuTUz.exe
  C:\Windows\System\oRJuTUz.exe
  2⤵
  PID:7436
- C:\Windows\System\AownJsZ.exe
  C:\Windows\System\AownJsZ.exe
  2⤵
  PID:7456
- C:\Windows\System\KhwtbVc.exe
  C:\Windows\System\KhwtbVc.exe
  2⤵
  PID:7472
- C:\Windows\System\yfhpkqe.exe
  C:\Windows\System\yfhpkqe.exe
  2⤵
  PID:7488
- C:\Windows\System\orhrkIG.exe
  C:\Windows\System\orhrkIG.exe
  2⤵
  PID:7504
- C:\Windows\System\oqZHaIu.exe
  C:\Windows\System\oqZHaIu.exe
  2⤵
  PID:7520
- C:\Windows\System\QThuQzG.exe
  C:\Windows\System\QThuQzG.exe
  2⤵
  PID:7536
- C:\Windows\System\JpBUBdE.exe
  C:\Windows\System\JpBUBdE.exe
  2⤵
  PID:7552
- C:\Windows\System\LHWMkIR.exe
  C:\Windows\System\LHWMkIR.exe
  2⤵
  PID:7568
- C:\Windows\System\MCvqSOb.exe
  C:\Windows\System\MCvqSOb.exe
  2⤵
  PID:7584
- C:\Windows\System\EzryBPx.exe
  C:\Windows\System\EzryBPx.exe
  2⤵
  PID:7604
- C:\Windows\System\GKRfQUx.exe
  C:\Windows\System\GKRfQUx.exe
  2⤵
  PID:7620
- C:\Windows\System\UsfwpDa.exe
  C:\Windows\System\UsfwpDa.exe
  2⤵
  PID:7636
- C:\Windows\System\YwcTIQY.exe
  C:\Windows\System\YwcTIQY.exe
  2⤵
  PID:7652
- C:\Windows\System\WUFsdKF.exe
  C:\Windows\System\WUFsdKF.exe
  2⤵
  PID:7668
- C:\Windows\System\NUAeltf.exe
  C:\Windows\System\NUAeltf.exe
  2⤵
  PID:7688
- C:\Windows\System\hnGdohs.exe
  C:\Windows\System\hnGdohs.exe
  2⤵
  PID:7704
- C:\Windows\System\ynHDZfq.exe
  C:\Windows\System\ynHDZfq.exe
  2⤵
  PID:7720
- C:\Windows\System\WhTOnEH.exe
  C:\Windows\System\WhTOnEH.exe
  2⤵
  PID:7736
- C:\Windows\System\DFhwFRT.exe
  C:\Windows\System\DFhwFRT.exe
  2⤵
  PID:7752
- C:\Windows\System\tNwvqxD.exe
  C:\Windows\System\tNwvqxD.exe
  2⤵
  PID:7768
- C:\Windows\System\YtNGrCK.exe
  C:\Windows\System\YtNGrCK.exe
  2⤵
  PID:7784
- C:\Windows\System\tynmkFu.exe
  C:\Windows\System\tynmkFu.exe
  2⤵
  PID:7800
- C:\Windows\System\NJdLghz.exe
  C:\Windows\System\NJdLghz.exe
  2⤵
  PID:7816
- C:\Windows\System\RJWHtYc.exe
  C:\Windows\System\RJWHtYc.exe
  2⤵
  PID:7832
- C:\Windows\System\alRovGx.exe
  C:\Windows\System\alRovGx.exe
  2⤵
  PID:7848
- C:\Windows\System\XniVrRI.exe
  C:\Windows\System\XniVrRI.exe
  2⤵
  PID:7864
- C:\Windows\System\gKcnbLz.exe
  C:\Windows\System\gKcnbLz.exe
  2⤵
  PID:8140
- C:\Windows\System\kvyJVxq.exe
  C:\Windows\System\kvyJVxq.exe
  2⤵
  PID:8156
- C:\Windows\System\wTdwtZi.exe
  C:\Windows\System\wTdwtZi.exe
  2⤵
  PID:8172
- C:\Windows\System\JLFDEDq.exe
  C:\Windows\System\JLFDEDq.exe
  2⤵
  PID:8188
- C:\Windows\System\odUwSBi.exe
  C:\Windows\System\odUwSBi.exe
  2⤵
  PID:7220
- C:\Windows\System\pAUhLjw.exe
  C:\Windows\System\pAUhLjw.exe
  2⤵
  PID:7284
- C:\Windows\System\JLZDCqY.exe
  C:\Windows\System\JLZDCqY.exe
  2⤵
  PID:7236
- C:\Windows\System\dQvWzWF.exe
  C:\Windows\System\dQvWzWF.exe
  2⤵
  PID:7364
- C:\Windows\System\tAxoQfp.exe
  C:\Windows\System\tAxoQfp.exe
  2⤵
  PID:7416
- C:\Windows\System\CuQgHGW.exe
  C:\Windows\System\CuQgHGW.exe
  2⤵
  PID:7500
- C:\Windows\System\lhlILtt.exe
  C:\Windows\System\lhlILtt.exe
  2⤵
  PID:7548
- C:\Windows\System\pfNbWeM.exe
  C:\Windows\System\pfNbWeM.exe
  2⤵
  PID:7576
- C:\Windows\System\kSKCyBQ.exe
  C:\Windows\System\kSKCyBQ.exe
  2⤵
  PID:7612
- C:\Windows\System\DODaOBM.exe
  C:\Windows\System\DODaOBM.exe
  2⤵
  PID:7644
- C:\Windows\System\gZgRsaM.exe
  C:\Windows\System\gZgRsaM.exe
  2⤵
  PID:7628
- C:\Windows\System\gfFxJmU.exe
  C:\Windows\System\gfFxJmU.exe
  2⤵
  PID:7696
- C:\Windows\System\DcnvJJf.exe
  C:\Windows\System\DcnvJJf.exe
  2⤵
  PID:7744
- C:\Windows\System\sonwVEK.exe
  C:\Windows\System\sonwVEK.exe
  2⤵
  PID:7808
- C:\Windows\System\IBjNRqv.exe
  C:\Windows\System\IBjNRqv.exe
  2⤵
  PID:7760
- C:\Windows\System\pBCtqaJ.exe
  C:\Windows\System\pBCtqaJ.exe
  2⤵
  PID:7824
- C:\Windows\System\ZhYSGvN.exe
  C:\Windows\System\ZhYSGvN.exe
  2⤵
  PID:7856
- C:\Windows\System\rsqmZIb.exe
  C:\Windows\System\rsqmZIb.exe
  2⤵
  PID:6716
- C:\Windows\System\Arruftu.exe
  C:\Windows\System\Arruftu.exe
  2⤵
  PID:7888
- C:\Windows\System\znGcjXL.exe
  C:\Windows\System\znGcjXL.exe
  2⤵
  PID:7908
- C:\Windows\System\dRcXcsL.exe
  C:\Windows\System\dRcXcsL.exe
  2⤵
  PID:7924
- C:\Windows\System\nxhgKQM.exe
  C:\Windows\System\nxhgKQM.exe
  2⤵
  PID:7940
- C:\Windows\System\zINTYVb.exe
  C:\Windows\System\zINTYVb.exe
  2⤵
  PID:7956
- C:\Windows\System\EfRcFAN.exe
  C:\Windows\System\EfRcFAN.exe
  2⤵
  PID:7972
- C:\Windows\System\oeYLhEe.exe
  C:\Windows\System\oeYLhEe.exe
  2⤵
  PID:7988
- C:\Windows\System\eoACxsX.exe
  C:\Windows\System\eoACxsX.exe
  2⤵
  PID:8004
- C:\Windows\System\TCVKrvs.exe
  C:\Windows\System\TCVKrvs.exe
  2⤵
  PID:8020
- C:\Windows\System\NfwAWHW.exe
  C:\Windows\System\NfwAWHW.exe
  2⤵
  PID:8040
- C:\Windows\System\HNLaPjJ.exe
  C:\Windows\System\HNLaPjJ.exe
  2⤵
  PID:8052
- C:\Windows\System\shqPEDN.exe
  C:\Windows\System\shqPEDN.exe
  2⤵
  PID:7448
- C:\Windows\System\aEhoQug.exe
  C:\Windows\System\aEhoQug.exe
  2⤵
  PID:8084
- C:\Windows\System\EtNqRjx.exe
  C:\Windows\System\EtNqRjx.exe
  2⤵
  PID:8100
- C:\Windows\System\JFQDYlZ.exe
  C:\Windows\System\JFQDYlZ.exe
  2⤵
  PID:8112
- C:\Windows\System\OoGSBfT.exe
  C:\Windows\System\OoGSBfT.exe
  2⤵
  PID:8132
- C:\Windows\System\ZktfbFu.exe
  C:\Windows\System\ZktfbFu.exe
  2⤵
  PID:1684
- C:\Windows\System\IsORVKf.exe
  C:\Windows\System\IsORVKf.exe
  2⤵
  PID:6992
- C:\Windows\System\drNJRLh.exe
  C:\Windows\System\drNJRLh.exe
  2⤵
  PID:7264
- C:\Windows\System\WthDGTh.exe
  C:\Windows\System\WthDGTh.exe
  2⤵
  PID:7296
- C:\Windows\System\IcNCkkU.exe
  C:\Windows\System\IcNCkkU.exe
  2⤵
  PID:7544
- C:\Windows\System\NwUKZgX.exe
  C:\Windows\System\NwUKZgX.exe
  2⤵
  PID:7844
- C:\Windows\System\ZRWgDSy.exe
  C:\Windows\System\ZRWgDSy.exe
  2⤵
  PID:7920
- C:\Windows\System\YyjjVFL.exe
  C:\Windows\System\YyjjVFL.exe
  2⤵
  PID:7984
- C:\Windows\System\QmziPKq.exe
  C:\Windows\System\QmziPKq.exe
  2⤵
  PID:7664
- C:\Windows\System\kmKatXv.exe
  C:\Windows\System\kmKatXv.exe
  2⤵
  PID:7512
- C:\Windows\System\vjnOuBB.exe
  C:\Windows\System\vjnOuBB.exe
  2⤵
  PID:7616
- C:\Windows\System\wKxhQhg.exe
  C:\Windows\System\wKxhQhg.exe
  2⤵
  PID:7776
- C:\Windows\System\QGBaezu.exe
  C:\Windows\System\QGBaezu.exe
  2⤵
  PID:7872
- C:\Windows\System\iWKvGEd.exe
  C:\Windows\System\iWKvGEd.exe
  2⤵
  PID:7964
- C:\Windows\System\PPmGxZF.exe
  C:\Windows\System\PPmGxZF.exe
  2⤵
  PID:8076
- C:\Windows\System\PfnQvOD.exe
  C:\Windows\System\PfnQvOD.exe
  2⤵
  PID:8060
- C:\Windows\System\sKsMsmD.exe
  C:\Windows\System\sKsMsmD.exe
  2⤵
  PID:8164
- C:\Windows\System\IncTPme.exe
  C:\Windows\System\IncTPme.exe
  2⤵
  PID:7380
- C:\Windows\System\eOsjSNt.exe
  C:\Windows\System\eOsjSNt.exe
  2⤵
  PID:8148
- C:\Windows\System\ydGbTxJ.exe
  C:\Windows\System\ydGbTxJ.exe
  2⤵
  PID:7916
- C:\Windows\System\wYZQmpM.exe
  C:\Windows\System\wYZQmpM.exe
  2⤵
  PID:7532
- C:\Windows\System\RvVeIUh.exe
  C:\Windows\System\RvVeIUh.exe
  2⤵
  PID:7996
- C:\Windows\System\TmQGhJb.exe
  C:\Windows\System\TmQGhJb.exe
  2⤵
  PID:8116
- C:\Windows\System\qxXJUpg.exe
  C:\Windows\System\qxXJUpg.exe
  2⤵
  PID:7432
- C:\Windows\System\ncKyeIZ.exe
  C:\Windows\System\ncKyeIZ.exe
  2⤵
  PID:7216
- C:\Windows\System\uEDpoha.exe
  C:\Windows\System\uEDpoha.exe
  2⤵
  PID:7712
- C:\Windows\System\ciIlpFx.exe
  C:\Windows\System\ciIlpFx.exe
  2⤵
  PID:7980
- C:\Windows\System\QHnfhFN.exe
  C:\Windows\System\QHnfhFN.exe
  2⤵
  PID:7280
- C:\Windows\System\xfPslow.exe
  C:\Windows\System\xfPslow.exe
  2⤵
  PID:7480
- C:\Windows\System\cvavzWQ.exe
  C:\Windows\System\cvavzWQ.exe
  2⤵
  PID:7904
- C:\Windows\System\qpjawvs.exe
  C:\Windows\System\qpjawvs.exe
  2⤵
  PID:7352
- C:\Windows\System\VCOQkcV.exe
  C:\Windows\System\VCOQkcV.exe
  2⤵
  PID:8080
- C:\Windows\System\NaYvAAw.exe
  C:\Windows\System\NaYvAAw.exe
  2⤵
  PID:7400
- C:\Windows\System\NHmetsK.exe
  C:\Windows\System\NHmetsK.exe
  2⤵
  PID:7900
- C:\Windows\System\eExTMzJ.exe
  C:\Windows\System\eExTMzJ.exe
  2⤵
  PID:8016
- C:\Windows\System\NyjGLsR.exe
  C:\Windows\System\NyjGLsR.exe
  2⤵
  PID:7248
- C:\Windows\System\zCGzVRR.exe
  C:\Windows\System\zCGzVRR.exe
  2⤵
  PID:7172
- C:\Windows\System\edifcCE.exe
  C:\Windows\System\edifcCE.exe
  2⤵
  PID:8124
- C:\Windows\System\muNusPc.exe
  C:\Windows\System\muNusPc.exe
  2⤵
  PID:7348
- C:\Windows\System\AevGwUO.exe
  C:\Windows\System\AevGwUO.exe
  2⤵
  PID:8072
- C:\Windows\System\JNXbTUr.exe
  C:\Windows\System\JNXbTUr.exe
  2⤵
  PID:7268
- C:\Windows\System\kkDULxz.exe
  C:\Windows\System\kkDULxz.exe
  2⤵
  PID:7680
- C:\Windows\System\EGwYQXi.exe
  C:\Windows\System\EGwYQXi.exe
  2⤵
  PID:8032
- C:\Windows\System\PxVyQrK.exe
  C:\Windows\System\PxVyQrK.exe
  2⤵
  PID:8180
- C:\Windows\System\IozackI.exe
  C:\Windows\System\IozackI.exe
  2⤵
  PID:8048
- C:\Windows\System\byPfFwH.exe
  C:\Windows\System\byPfFwH.exe
  2⤵
  PID:7596
- C:\Windows\System\vqOJPaH.exe
  C:\Windows\System\vqOJPaH.exe
  2⤵
  PID:8196
- C:\Windows\System\LeLUOxk.exe
  C:\Windows\System\LeLUOxk.exe
  2⤵
  PID:8212
- C:\Windows\System\MZVLSwy.exe
  C:\Windows\System\MZVLSwy.exe
  2⤵
  PID:8232
- C:\Windows\System\xUlBSGQ.exe
  C:\Windows\System\xUlBSGQ.exe
  2⤵
  PID:8248
- C:\Windows\System\DNftgPG.exe
  C:\Windows\System\DNftgPG.exe
  2⤵
  PID:8268
- C:\Windows\System\SHTTdbm.exe
  C:\Windows\System\SHTTdbm.exe
  2⤵
  PID:8284
- C:\Windows\System\ChoAFTq.exe
  C:\Windows\System\ChoAFTq.exe
  2⤵
  PID:8308
- C:\Windows\System\oQNZKlH.exe
  C:\Windows\System\oQNZKlH.exe
  2⤵
  PID:8324
- C:\Windows\System\BegqWFx.exe
  C:\Windows\System\BegqWFx.exe
  2⤵
  PID:8348
- C:\Windows\System\oVAGITy.exe
  C:\Windows\System\oVAGITy.exe
  2⤵
  PID:8364
- C:\Windows\System\mLwacwz.exe
  C:\Windows\System\mLwacwz.exe
  2⤵
  PID:8380
- C:\Windows\System\gJduUuA.exe
  C:\Windows\System\gJduUuA.exe
  2⤵
  PID:8400
- C:\Windows\System\LSuMtTn.exe
  C:\Windows\System\LSuMtTn.exe
  2⤵
  PID:8416
- C:\Windows\System\PtMyAER.exe
  C:\Windows\System\PtMyAER.exe
  2⤵
  PID:8432
- C:\Windows\System\zUlMVnm.exe
  C:\Windows\System\zUlMVnm.exe
  2⤵
  PID:8452
- C:\Windows\System\UHLAvJU.exe
  C:\Windows\System\UHLAvJU.exe
  2⤵
  PID:8476
- C:\Windows\System\EvSrEmw.exe
  C:\Windows\System\EvSrEmw.exe
  2⤵
  PID:8492
- C:\Windows\System\zEgcNEC.exe
  C:\Windows\System\zEgcNEC.exe
  2⤵
  PID:8512
- C:\Windows\System\QDRXFLE.exe
  C:\Windows\System\QDRXFLE.exe
  2⤵
  PID:8528
- C:\Windows\System\EuKxfge.exe
  C:\Windows\System\EuKxfge.exe
  2⤵
  PID:8552
- C:\Windows\System\sFRMAHO.exe
  C:\Windows\System\sFRMAHO.exe
  2⤵
  PID:8568
- C:\Windows\System\eDzwzkE.exe
  C:\Windows\System\eDzwzkE.exe
  2⤵
  PID:8584
- C:\Windows\System\tDFQAbI.exe
  C:\Windows\System\tDFQAbI.exe
  2⤵
  PID:8604
- C:\Windows\System\OKwnDCy.exe
  C:\Windows\System\OKwnDCy.exe
  2⤵
  PID:8620
- C:\Windows\System\rUGMQgN.exe
  C:\Windows\System\rUGMQgN.exe
  2⤵
  PID:8640
- C:\Windows\System\AmqoIqd.exe
  C:\Windows\System\AmqoIqd.exe
  2⤵
  PID:8656
- C:\Windows\System\uwKOkbs.exe
  C:\Windows\System\uwKOkbs.exe
  2⤵
  PID:8672
- C:\Windows\System\Bsfntwm.exe
  C:\Windows\System\Bsfntwm.exe
  2⤵
  PID:8692
- C:\Windows\System\gxbsWhP.exe
  C:\Windows\System\gxbsWhP.exe
  2⤵
  PID:8708
- C:\Windows\System\dHYOnpr.exe
  C:\Windows\System\dHYOnpr.exe
  2⤵
  PID:8724
- C:\Windows\System\safkqvm.exe
  C:\Windows\System\safkqvm.exe
  2⤵
  PID:8744
- C:\Windows\System\zRbRwxU.exe
  C:\Windows\System\zRbRwxU.exe
  2⤵
  PID:8760
- C:\Windows\System\Wmjfhmf.exe
  C:\Windows\System\Wmjfhmf.exe
  2⤵
  PID:8784
- C:\Windows\System\oHEEfeG.exe
  C:\Windows\System\oHEEfeG.exe
  2⤵
  PID:8800
- C:\Windows\System\nAXpOKW.exe
  C:\Windows\System\nAXpOKW.exe
  2⤵
  PID:8820
- C:\Windows\System\EwcMKOe.exe
  C:\Windows\System\EwcMKOe.exe
  2⤵
  PID:8836
- C:\Windows\System\mkgUJDG.exe
  C:\Windows\System\mkgUJDG.exe
  2⤵
  PID:8852
- C:\Windows\System\ZgcwoHk.exe
  C:\Windows\System\ZgcwoHk.exe
  2⤵
  PID:8868
- C:\Windows\System\YfUkCut.exe
  C:\Windows\System\YfUkCut.exe
  2⤵
  PID:8996
- C:\Windows\System\osqFyLL.exe
  C:\Windows\System\osqFyLL.exe
  2⤵
  PID:9012
- C:\Windows\System\rSRhyPY.exe
  C:\Windows\System\rSRhyPY.exe
  2⤵
  PID:9044
- C:\Windows\System\XiKSwZp.exe
  C:\Windows\System\XiKSwZp.exe
  2⤵
  PID:9060
- C:\Windows\System\PatMRrY.exe
  C:\Windows\System\PatMRrY.exe
  2⤵
  PID:9084
- C:\Windows\System\KDPaXus.exe
  C:\Windows\System\KDPaXus.exe
  2⤵
  PID:9100
- C:\Windows\System\wEWEsXm.exe
  C:\Windows\System\wEWEsXm.exe
  2⤵
  PID:9156
- C:\Windows\System\SzqqJew.exe
  C:\Windows\System\SzqqJew.exe
  2⤵
  PID:9188
- C:\Windows\System\msdtHjJ.exe
  C:\Windows\System\msdtHjJ.exe
  2⤵
  PID:8220
- C:\Windows\System\yxctIEJ.exe
  C:\Windows\System\yxctIEJ.exe
  2⤵
  PID:8228
- C:\Windows\System\HXhdJSM.exe
  C:\Windows\System\HXhdJSM.exe
  2⤵
  PID:8260
- C:\Windows\System\AtcFaVJ.exe
  C:\Windows\System\AtcFaVJ.exe
  2⤵
  PID:8208
- C:\Windows\System\PxVzVDs.exe
  C:\Windows\System\PxVzVDs.exe
  2⤵
  PID:8280
- C:\Windows\System\QtPSfDM.exe
  C:\Windows\System\QtPSfDM.exe
  2⤵
  PID:8332
- C:\Windows\System\zEdwBzA.exe
  C:\Windows\System\zEdwBzA.exe
  2⤵
  PID:8356
- C:\Windows\System\lwFFeEZ.exe
  C:\Windows\System\lwFFeEZ.exe
  2⤵
  PID:8484
- C:\Windows\System\drLrcrL.exe
  C:\Windows\System\drLrcrL.exe
  2⤵
  PID:8468
- C:\Windows\System\CwYhncv.exe
  C:\Windows\System\CwYhncv.exe
  2⤵
  PID:8396
- C:\Windows\System\iRiqRaJ.exe
  C:\Windows\System\iRiqRaJ.exe
  2⤵
  PID:8508
- C:\Windows\System\IqIQLOL.exe
  C:\Windows\System\IqIQLOL.exe
  2⤵
  PID:8564
- C:\Windows\System\LVgehrq.exe
  C:\Windows\System\LVgehrq.exe
  2⤵
  PID:8548
- C:\Windows\System\KbrnEFa.exe
  C:\Windows\System\KbrnEFa.exe
  2⤵
  PID:8636
- C:\Windows\System\wFZHBpQ.exe
  C:\Windows\System\wFZHBpQ.exe
  2⤵
  PID:8700
- C:\Windows\System\bWariQX.exe
  C:\Windows\System\bWariQX.exe
  2⤵
  PID:8704
- C:\Windows\System\kxTZlwo.exe
  C:\Windows\System\kxTZlwo.exe
  2⤵
  PID:8740
- C:\Windows\System\JIIwKob.exe
  C:\Windows\System\JIIwKob.exe
  2⤵
  PID:8768
- C:\Windows\System\HLaQpld.exe
  C:\Windows\System\HLaQpld.exe
  2⤵
  PID:8792
- C:\Windows\System\ixZQlsM.exe
  C:\Windows\System\ixZQlsM.exe
  2⤵
  PID:8816
- C:\Windows\System\uHKwody.exe
  C:\Windows\System\uHKwody.exe
  2⤵
  PID:8860
- C:\Windows\System\PRCflGa.exe
  C:\Windows\System\PRCflGa.exe
  2⤵
  PID:8864
- C:\Windows\System\sNfZqOU.exe
  C:\Windows\System\sNfZqOU.exe
  2⤵
  PID:8900
- C:\Windows\System\iDAtIfN.exe
  C:\Windows\System\iDAtIfN.exe
  2⤵
  PID:8916
- C:\Windows\System\EicEtdk.exe
  C:\Windows\System\EicEtdk.exe
  2⤵
  PID:8952
- C:\Windows\System\fTpBhex.exe
  C:\Windows\System\fTpBhex.exe
  2⤵
  PID:8984
- C:\Windows\System\TmLJjPQ.exe
  C:\Windows\System\TmLJjPQ.exe
  2⤵
  PID:8968
- C:\Windows\System\gWxrZlH.exe
  C:\Windows\System\gWxrZlH.exe
  2⤵
  PID:8964
- C:\Windows\System\uGjygJA.exe
  C:\Windows\System\uGjygJA.exe
  2⤵
  PID:8776
- C:\Windows\System\yCMxpOe.exe
  C:\Windows\System\yCMxpOe.exe
  2⤵
  PID:8560
- C:\Windows\System\SIqgein.exe
  C:\Windows\System\SIqgein.exe
  2⤵
  PID:8720
- C:\Windows\System\DtJksiD.exe
  C:\Windows\System\DtJksiD.exe
  2⤵
  PID:8912
- C:\Windows\System\XyGyLMm.exe
  C:\Windows\System\XyGyLMm.exe
  2⤵
  PID:8928
- C:\Windows\System\RjOdfrO.exe
  C:\Windows\System\RjOdfrO.exe
  2⤵
  PID:8920
- C:\Windows\System\dXTYrkQ.exe
  C:\Windows\System\dXTYrkQ.exe
  2⤵
  PID:9004
- C:\Windows\System\wxvQfID.exe
  C:\Windows\System\wxvQfID.exe
  2⤵
  PID:8992
- C:\Windows\System\lRUvuzj.exe
  C:\Windows\System\lRUvuzj.exe
  2⤵
  PID:9036
- C:\Windows\System\FLFlxAH.exe
  C:\Windows\System\FLFlxAH.exe
  2⤵
  PID:9072
- C:\Windows\System\bAqsoXu.exe
  C:\Windows\System\bAqsoXu.exe
  2⤵
  PID:9096
- C:\Windows\System\bnhEznQ.exe
  C:\Windows\System\bnhEznQ.exe
  2⤵
  PID:9124
- C:\Windows\System\QbWkWhU.exe
  C:\Windows\System\QbWkWhU.exe
  2⤵
  PID:9140
- C:\Windows\System\KSwqnOM.exe
  C:\Windows\System\KSwqnOM.exe
  2⤵
  PID:9172
- C:\Windows\System\KXRQWUx.exe
  C:\Windows\System\KXRQWUx.exe
  2⤵
  PID:9168
- C:\Windows\System\QLxzsVJ.exe
  C:\Windows\System\QLxzsVJ.exe
  2⤵
  PID:9180
- C:\Windows\System\BRnOYpw.exe
  C:\Windows\System\BRnOYpw.exe
  2⤵
  PID:8304
- C:\Windows\System\bpDYESO.exe
  C:\Windows\System\bpDYESO.exe
  2⤵
  PID:8316
- C:\Windows\System\UYHssrY.exe
  C:\Windows\System\UYHssrY.exe
  2⤵
  PID:7428
- C:\Windows\System\cTnTmuW.exe
  C:\Windows\System\cTnTmuW.exe
  2⤵
  PID:9120
- C:\Windows\System\sXuIoZB.exe
  C:\Windows\System\sXuIoZB.exe
  2⤵
  PID:8408
- C:\Windows\System\jZswgJN.exe
  C:\Windows\System\jZswgJN.exe
  2⤵
  PID:8448
- C:\Windows\System\KobEYAW.exe
  C:\Windows\System\KobEYAW.exe
  2⤵
  PID:8500
- C:\Windows\System\VturVSj.exe
  C:\Windows\System\VturVSj.exe
  2⤵
  PID:8616
- C:\Windows\System\TJZqgyQ.exe
  C:\Windows\System\TJZqgyQ.exe
  2⤵
  PID:8664
- C:\Windows\System\qQSRYbe.exe
  C:\Windows\System\qQSRYbe.exe
  2⤵
  PID:8780
- C:\Windows\System\wfUfpNO.exe
  C:\Windows\System\wfUfpNO.exe
  2⤵
  PID:8848
- C:\Windows\System\CSssdBT.exe
  C:\Windows\System\CSssdBT.exe
  2⤵
  PID:8652
- C:\Windows\System\grJvxzc.exe
  C:\Windows\System\grJvxzc.exe
  2⤵
  PID:8828
- C:\Windows\System\UXduSRs.exe
  C:\Windows\System\UXduSRs.exe
  2⤵
  PID:9028
- C:\Windows\System\FhqkSZO.exe
  C:\Windows\System\FhqkSZO.exe
  2⤵
  PID:8300
- C:\Windows\System\cdNNNBK.exe
  C:\Windows\System\cdNNNBK.exe
  2⤵
  PID:2812
- C:\Windows\System\jfrHrbh.exe
  C:\Windows\System\jfrHrbh.exe
  2⤵
  PID:8580
- C:\Windows\System\cKCfapO.exe
  C:\Windows\System\cKCfapO.exe
  2⤵
  PID:9112
- C:\Windows\System\jGUhNDO.exe
  C:\Windows\System\jGUhNDO.exe
  2⤵
  PID:8936
- C:\Windows\System\BSIksQz.exe
  C:\Windows\System\BSIksQz.exe
  2⤵
  PID:8240
- C:\Windows\System\mCfUydR.exe
  C:\Windows\System\mCfUydR.exe
  2⤵
  PID:8460
- C:\Windows\System\gjbdDpI.exe
  C:\Windows\System\gjbdDpI.exe
  2⤵
  PID:2024
- C:\Windows\System\AxZEOnQ.exe
  C:\Windows\System\AxZEOnQ.exe
  2⤵
  PID:8684
- C:\Windows\System\zVbhSdY.exe
  C:\Windows\System\zVbhSdY.exe
  2⤵
  PID:9148
- C:\Windows\System\qPdbSPR.exe
  C:\Windows\System\qPdbSPR.exe
  2⤵
  PID:8244
- C:\Windows\System\HezCcTe.exe
  C:\Windows\System\HezCcTe.exe
  2⤵
  PID:9020
- C:\Windows\System\YVrscep.exe
  C:\Windows\System\YVrscep.exe
  2⤵
  PID:8392
- C:\Windows\System\zCOvEFt.exe
  C:\Windows\System\zCOvEFt.exe
  2⤵
  PID:6032
- C:\Windows\System\jmcGwlU.exe
  C:\Windows\System\jmcGwlU.exe
  2⤵
  PID:9132
- C:\Windows\System\usfusyc.exe
  C:\Windows\System\usfusyc.exe
  2⤵
  PID:9224
- C:\Windows\System\gaKGWyb.exe
  C:\Windows\System\gaKGWyb.exe
  2⤵
  PID:9240
- C:\Windows\System\nYFhxvy.exe
  C:\Windows\System\nYFhxvy.exe
  2⤵
  PID:9256
- C:\Windows\System\rYhswAW.exe
  C:\Windows\System\rYhswAW.exe
  2⤵
  PID:9272
- C:\Windows\System\FduKteK.exe
  C:\Windows\System\FduKteK.exe
  2⤵
  PID:9288
- C:\Windows\System\MoPIvlw.exe
  C:\Windows\System\MoPIvlw.exe
  2⤵
  PID:9304
- C:\Windows\System\EdOYRpl.exe
  C:\Windows\System\EdOYRpl.exe
  2⤵
  PID:9320
- C:\Windows\System\jmkiAES.exe
  C:\Windows\System\jmkiAES.exe
  2⤵
  PID:9340
- C:\Windows\System\HnmOlwG.exe
  C:\Windows\System\HnmOlwG.exe
  2⤵
  PID:9356
- C:\Windows\System\AeZPOut.exe
  C:\Windows\System\AeZPOut.exe
  2⤵
  PID:9372
- C:\Windows\System\JRHKiTO.exe
  C:\Windows\System\JRHKiTO.exe
  2⤵
  PID:9388
- C:\Windows\System\GrleOGX.exe
  C:\Windows\System\GrleOGX.exe
  2⤵
  PID:9404
- C:\Windows\System\AgxszIJ.exe
  C:\Windows\System\AgxszIJ.exe
  2⤵
  PID:9420
- C:\Windows\System\wbvPhbZ.exe
  C:\Windows\System\wbvPhbZ.exe
  2⤵
  PID:9440
- C:\Windows\System\jzzoKYh.exe
  C:\Windows\System\jzzoKYh.exe
  2⤵
  PID:9456
- C:\Windows\System\ltdhCVs.exe
  C:\Windows\System\ltdhCVs.exe
  2⤵
  PID:9472
- C:\Windows\System\uiCXtlR.exe
  C:\Windows\System\uiCXtlR.exe
  2⤵
  PID:9488
- C:\Windows\System\YsNQTyw.exe
  C:\Windows\System\YsNQTyw.exe
  2⤵
  PID:9504
- C:\Windows\System\FxXvMyL.exe
  C:\Windows\System\FxXvMyL.exe
  2⤵
  PID:9520
- C:\Windows\System\rZsDxkc.exe
  C:\Windows\System\rZsDxkc.exe
  2⤵
  PID:9548
- C:\Windows\System\kSNRunV.exe
  C:\Windows\System\kSNRunV.exe
  2⤵
  PID:9576
- C:\Windows\System\NTCPXJS.exe
  C:\Windows\System\NTCPXJS.exe
  2⤵
  PID:9596
- C:\Windows\System\dnsujBB.exe
  C:\Windows\System\dnsujBB.exe
  2⤵
  PID:9612
- C:\Windows\System\TBvDzDt.exe
  C:\Windows\System\TBvDzDt.exe
  2⤵
  PID:9628
- C:\Windows\System\ohJkcse.exe
  C:\Windows\System\ohJkcse.exe
  2⤵
  PID:9652
- C:\Windows\System\AWbxSTI.exe
  C:\Windows\System\AWbxSTI.exe
  2⤵
  PID:9676
- C:\Windows\System\hniLaAr.exe
  C:\Windows\System\hniLaAr.exe
  2⤵
  PID:9700
- C:\Windows\System\jLFTTUq.exe
  C:\Windows\System\jLFTTUq.exe
  2⤵
  PID:9716
- C:\Windows\System\rUKGKIb.exe
  C:\Windows\System\rUKGKIb.exe
  2⤵
  PID:9732
- C:\Windows\System\qcwvWNg.exe
  C:\Windows\System\qcwvWNg.exe
  2⤵
  PID:9760
- C:\Windows\System\CrlZQKl.exe
  C:\Windows\System\CrlZQKl.exe
  2⤵
  PID:9880
- C:\Windows\System\AcMSyKW.exe
  C:\Windows\System\AcMSyKW.exe
  2⤵
  PID:9900
- C:\Windows\System\CylYVVk.exe
  C:\Windows\System\CylYVVk.exe
  2⤵
  PID:9928
- C:\Windows\System\ecCwPkV.exe
  C:\Windows\System\ecCwPkV.exe
  2⤵
  PID:9944
- C:\Windows\System\LtUVWwf.exe
  C:\Windows\System\LtUVWwf.exe
  2⤵
  PID:9960
- C:\Windows\System\KmmPAwE.exe
  C:\Windows\System\KmmPAwE.exe
  2⤵
  PID:9980
- C:\Windows\System\PBpRTCC.exe
  C:\Windows\System\PBpRTCC.exe
  2⤵
  PID:9996
- C:\Windows\System\YxPefNA.exe
  C:\Windows\System\YxPefNA.exe
  2⤵
  PID:10024
- C:\Windows\System\sCUpYJO.exe
  C:\Windows\System\sCUpYJO.exe
  2⤵
  PID:10072
- C:\Windows\System\LZFCkqH.exe
  C:\Windows\System\LZFCkqH.exe
  2⤵
  PID:10112
- C:\Windows\System\vHvqOhZ.exe
  C:\Windows\System\vHvqOhZ.exe
  2⤵
  PID:10132
- C:\Windows\System\sFJNWXN.exe
  C:\Windows\System\sFJNWXN.exe
  2⤵
  PID:10152
- C:\Windows\System\KLYcYIe.exe
  C:\Windows\System\KLYcYIe.exe
  2⤵
  PID:10168
- C:\Windows\System\yFaHGYo.exe
  C:\Windows\System\yFaHGYo.exe
  2⤵
  PID:10188
- C:\Windows\System\tPjnKdv.exe
  C:\Windows\System\tPjnKdv.exe
  2⤵
  PID:10204
- C:\Windows\System\fLZokPE.exe
  C:\Windows\System\fLZokPE.exe
  2⤵
  PID:10220
- C:\Windows\System\FfGFNln.exe
  C:\Windows\System\FfGFNln.exe
  2⤵
  PID:10236
- C:\Windows\System\ntGnIjh.exe
  C:\Windows\System\ntGnIjh.exe
  2⤵
  PID:9164
- C:\Windows\System\evMNPOr.exe
  C:\Windows\System\evMNPOr.exe
  2⤵
  PID:8372
- C:\Windows\System\wHULCdU.exe
  C:\Windows\System\wHULCdU.exe
  2⤵
  PID:9312
- C:\Windows\System\ocVyVDN.exe
  C:\Windows\System\ocVyVDN.exe
  2⤵
  PID:9212
- C:\Windows\System\iEnZdBi.exe
  C:\Windows\System\iEnZdBi.exe
  2⤵
  PID:9232
- C:\Windows\System\vkjZxdu.exe
  C:\Windows\System\vkjZxdu.exe
  2⤵
  PID:9296
- C:\Windows\System\pKexYTw.exe
  C:\Windows\System\pKexYTw.exe
  2⤵
  PID:9364
- C:\Windows\System\molfrcz.exe
  C:\Windows\System\molfrcz.exe
  2⤵
  PID:9348
- C:\Windows\System\OGTubmT.exe
  C:\Windows\System\OGTubmT.exe
  2⤵
  PID:9384
- C:\Windows\System\ybrzrOy.exe
  C:\Windows\System\ybrzrOy.exe
  2⤵
  PID:8812
- C:\Windows\System\ouIfzcQ.exe
  C:\Windows\System\ouIfzcQ.exe
  2⤵
  PID:9448
- C:\Windows\System\miPegsx.exe
  C:\Windows\System\miPegsx.exe
  2⤵
  PID:9500
- C:\Windows\System\XIjXHFu.exe
  C:\Windows\System\XIjXHFu.exe
  2⤵
  PID:9516
- C:\Windows\System\BNuPmIp.exe
  C:\Windows\System\BNuPmIp.exe
  2⤵
  PID:9536
- C:\Windows\System\EQhNZYB.exe
  C:\Windows\System\EQhNZYB.exe
  2⤵
  PID:9568
- C:\Windows\System\LvxiCqW.exe
  C:\Windows\System\LvxiCqW.exe
  2⤵
  PID:9604
- C:\Windows\System\IeeXPOf.exe
  C:\Windows\System\IeeXPOf.exe
  2⤵
  PID:9636
- C:\Windows\System\yFmhGvo.exe
  C:\Windows\System\yFmhGvo.exe
  2⤵
  PID:9668
- C:\Windows\System\wEAaPLC.exe
  C:\Windows\System\wEAaPLC.exe
  2⤵
  PID:9708
- C:\Windows\System\XzDkbMg.exe
  C:\Windows\System\XzDkbMg.exe
  2⤵
  PID:9752
- C:\Windows\System\luIbSWm.exe
  C:\Windows\System\luIbSWm.exe
  2⤵
  PID:9776
- C:\Windows\System\KbACKgm.exe
  C:\Windows\System\KbACKgm.exe
  2⤵
  PID:9792
- C:\Windows\System\zBSTPxn.exe
  C:\Windows\System\zBSTPxn.exe
  2⤵
  PID:9208
- C:\Windows\System\HwIKfUX.exe
  C:\Windows\System\HwIKfUX.exe
  2⤵
  PID:9824
- C:\Windows\System\mBVRcHn.exe
  C:\Windows\System\mBVRcHn.exe
  2⤵
  PID:9896
- C:\Windows\System\ZjJTWbD.exe
  C:\Windows\System\ZjJTWbD.exe
  2⤵
  PID:9916
- C:\Windows\System\XdfauAM.exe
  C:\Windows\System\XdfauAM.exe
  2⤵
  PID:9972
- C:\Windows\System\XXmCANz.exe
  C:\Windows\System\XXmCANz.exe
  2⤵
  PID:10012
- C:\Windows\System\XfLzQlR.exe
  C:\Windows\System\XfLzQlR.exe
  2⤵
  PID:10080
- C:\Windows\System\JHICpqc.exe
  C:\Windows\System\JHICpqc.exe
  2⤵
  PID:10052
- C:\Windows\System\kKNDiMB.exe
  C:\Windows\System\kKNDiMB.exe
  2⤵
  PID:10088
- C:\Windows\System\GmBrtWl.exe
  C:\Windows\System\GmBrtWl.exe
  2⤵
  PID:10092
- C:\Windows\System\OBKRxBL.exe
  C:\Windows\System\OBKRxBL.exe
  2⤵
  PID:10128
- C:\Windows\System\pWPgbgv.exe
  C:\Windows\System\pWPgbgv.exe
  2⤵
  PID:10184
- C:\Windows\System\SCFMjuB.exe
  C:\Windows\System\SCFMjuB.exe
  2⤵
  PID:10160
- C:\Windows\System\hStNwCF.exe
  C:\Windows\System\hStNwCF.exe
  2⤵
  PID:9220
- C:\Windows\System\iDUHUAC.exe
  C:\Windows\System\iDUHUAC.exe
  2⤵
  PID:10196
- C:\Windows\System\ZKOYrCE.exe
  C:\Windows\System\ZKOYrCE.exe
  2⤵
  PID:8972
- C:\Windows\System\rbPQzaH.exe
  C:\Windows\System\rbPQzaH.exe
  2⤵
  PID:9116
- C:\Windows\System\ZhKVmtz.exe
  C:\Windows\System\ZhKVmtz.exe
  2⤵
  PID:9076
- C:\Windows\System\nxwqRSn.exe
  C:\Windows\System\nxwqRSn.exe
  2⤵
  PID:9428
- C:\Windows\System\IDFCnvd.exe
  C:\Windows\System\IDFCnvd.exe
  2⤵
  PID:9416
- C:\Windows\System\MxRqEnF.exe
  C:\Windows\System\MxRqEnF.exe
  2⤵
  PID:9544
- C:\Windows\System\BvmEGmK.exe
  C:\Windows\System\BvmEGmK.exe
  2⤵
  PID:9620
- C:\Windows\System\WfFDTSi.exe
  C:\Windows\System\WfFDTSi.exe
  2⤵
  PID:9672
- C:\Windows\System\AXWKvix.exe
  C:\Windows\System\AXWKvix.exe
  2⤵
  PID:9724
- C:\Windows\System\YlisxeG.exe
  C:\Windows\System\YlisxeG.exe
  2⤵
  PID:9728
- C:\Windows\System\DtviUSa.exe
  C:\Windows\System\DtviUSa.exe
  2⤵
  PID:9788
- C:\Windows\System\LSHaPrP.exe
  C:\Windows\System\LSHaPrP.exe
  2⤵
  PID:9804
- C:\Windows\System\asjkMAX.exe
  C:\Windows\System\asjkMAX.exe
  2⤵
  PID:9844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CutmcKj.exe

Filesize
6.0MB

MD5
946b2ca10c3bf4967211e5fa1ad7caaf

SHA1
2c5bf94ba3eb1b8d1e168235295ddb542f5065d0

SHA256
377730a3df5a5d3e61690774eebc027835063e00f263520a43932ea8a50abeb5

SHA512
172dc6b75226722e23c629bc79760a77a7e60995e16eafb422804ac5d93a10d1b91f27180b9320e2c6b99b245f9bb2d2bbaa7803b79d0170e8938b134fe93545

Download Submit
C:\Windows\system\EjHGDqj.exe

Filesize
6.0MB

MD5
04030e35d8451df9c66efc16485f2cc9

SHA1
432a1fa7ecb34adbba946d4a74a2b74f3df82151

SHA256
0e258cdad4bd587448c6b5a14818ea3acacb27d4fdc7c792d28438ae43748ab0

SHA512
fa181602beb6de2eee49b41505d2cc8c1b2e41b572074c15cc88eee824206e396d8d21fe1009cd730b36fbffa6c145385861d5f2634990c78fde6c0d238330de

Download Submit
C:\Windows\system\JBMgwio.exe

Filesize
6.0MB

MD5
4a5617c9405501fc5131adfcac1186cf

SHA1
a2f46f0bd678e0f3ddf7cdaa5eaea4d773357ea0

SHA256
1d95eee7579db3c2621ad0f7732e1c3cf61b84f3ff5c775e63bfe7633ed1eb1f

SHA512
6c133189c58035a033584dc281cb9f125790f129bfe25739958b25defadef6c320f21009a33c55fa6387fa62890c589de1d2f8bd4cecf6e58539b666c853b497

Download Submit
C:\Windows\system\JRquMye.exe

Filesize
6.0MB

MD5
acb273cd992e7adf0e44e22f96dea117

SHA1
6f58cac866a965d7373e5bc468142c32851144fc

SHA256
7fb75a66ff6d828431b68af708295a397fd7dcd00a26d6e51f5a5596cedf0035

SHA512
8f5248f767467546e487c92f2c7f73644da2ca2b8c5af6d380f0a91c27338f6c568d1604acdd1fc28e16e06b97a9fd5ea20e6844f2c8d32ba4fd211763d5927d

Download Submit
C:\Windows\system\KUBWZQc.exe

Filesize
6.0MB

MD5
006d904f296b805588ad1f47569ec740

SHA1
9a52cabbd3a973636c30359b2c440901253808fe

SHA256
d7efc29242947ae34183602b19c69fc587bf3c9e1df46182206d8e86cfe7e436

SHA512
153348ea78d58d1bd0ef5ee140e9c0da5782d4125afa4aa20aea3a45a087c21e41e9e0951d3f2931be0ce4fc98fdfeaadb9551fbce11012358cb985dad8adca8

Download Submit
C:\Windows\system\MKsgdKE.exe

Filesize
6.0MB

MD5
004c81769e3c7cdd364c354e42fa2c48

SHA1
7888b931902df24d4c91897813f09c79aba20cea

SHA256
ec865926d6bc5691184576ca3e793ebec451844b750f3774445d7f8d3e8879da

SHA512
ff31ea937b3e2e772c9c3caa3bfe7a91f1512a56ae954a338dc558ff927ae2546962a0d1fdbfa4d534deec7db8b8880a06e4ff4107c0329369baab79646d390d

Download Submit
C:\Windows\system\MkNovIP.exe

Filesize
6.0MB

MD5
801415750f19b7294aa92b4f3580d928

SHA1
20d3901f00f0fca4947f3176079edab80398a0e0

SHA256
3c6eb49a140c8cb7c505d315fe630a1fc695890daa7eb567db834d86f713cedc

SHA512
2d46d04fc7d0779a052c6945d8c23278274faf15714a9506a673911926aae3dec92be23af10007d349684397ab412a7310f8b22ba281e51b9c2f9bed61e86956

Download Submit
C:\Windows\system\RehRzpi.exe

Filesize
6.0MB

MD5
f270d11d49feb2f71f00994bd5547200

SHA1
ea3766a2a2d53f49bf5c19989394e9ecfb22e0c4

SHA256
abb7037aa19d1443533aa6beb5219127bfe849b5754b7fb9650e9d45a8838f9b

SHA512
2ae85e261a8d308ee4f3da0956f11af1f161eb9fd4bce870892288112be0dddb23ff5a12f0fc9f247bf39b73629bad20262206b960281d093cf1f0e6d68c030f

Download Submit
C:\Windows\system\WLzoPmS.exe

Filesize
6.0MB

MD5
2d10cb6710841d17c13fd52619a08368

SHA1
d79b55e10a80d1c955d92a63d23704a931bb5288

SHA256
23705bd6e71827daf0694b55f3cc518ebd25a4d78bbd6d190ccbef621de8e44b

SHA512
baaf4366ecde7cf15a5efc0b6a281a1db7af6157a6805f8b8ecdcf7204c76e60d822e9e8a082f821f9f31cf50b371c4935262b9ccc383bfa5850a5ea687face6

Download Submit
C:\Windows\system\YMWRDRk.exe

Filesize
6.0MB

MD5
16338c9be02e6bd3e64b63818859bbdc

SHA1
bd4b58108e038a956b36f5c260cad507306cb4bc

SHA256
809d73f112295a74c8656b3bd68879f7ce9e9cc77ccc4af78a68db5d60bab427

SHA512
d49b218a34a2d112101aa793f1f063086dfe712812f7030b56573f4c49eb36f38eb50f9e09b0edb22e55ff4fe720806e1647631c2d3e923e099c9c13d212a387

Download Submit
C:\Windows\system\ZrRJJdB.exe

Filesize
6.0MB

MD5
f411909071dcb8fa559738b59e04ec11

SHA1
e961f826412db8501781b4df4cbeadc023b02352

SHA256
1672a101c464b3137c989c178c54f479f285868bdee4bcb1f57aca5c030bda1e

SHA512
eb53c3311b26f264c2d42caec2c25e6b02f78ca423d23f86c19aec467d597a0df9942fe7b5eb9b16bac22283f66b6fcd4d11e83bc1fb49db6be94719024c0fb3

Download Submit
C:\Windows\system\aptYaix.exe

Filesize
6.0MB

MD5
991430c725fcb1330698e47eea122ea3

SHA1
4b2ec9f2b6b134aed10c908678e11536a47db4aa

SHA256
5140989890c4e7c726e3b4d97a3112b7f50043af5d780e567948e64b6aa0725a

SHA512
6c420ff5356d47a04bdb18f735b5b5f85fd22c836f14e8fc57bf3fb4f0913e537de556a2309885efd3dc86aae8d473dc9320211f75c4d732e95953178a95d066

Download Submit
C:\Windows\system\cYnqhWr.exe

Filesize
6.0MB

MD5
00e9ebf5aa21c9b7b1136210e344315c

SHA1
91aec76feb73a78f3f8615cb34d28c1379659bdd

SHA256
a7041d758f784c54df170e9078be86c4c88942a241dd3abeade5840038a0169b

SHA512
00b54cf80a4815b5226ccaca988c3268e4a3098d113d867f78386a4649ab2b419f6cac7c34a070d07d39984f3c278d58d59bd789017e57765285bc5430d930bb

Download Submit
C:\Windows\system\cZeECny.exe

Filesize
6.0MB

MD5
efab47c34f189140c90b6bbe29291f72

SHA1
97dbb2dbe71d53b33107f395d262adbc85121a30

SHA256
6c3c762b9aa159f102554d0243bb6112f4dcb5777e9d7a6b61c6b1a552742d71

SHA512
5e68cbbce6cf5964dd47f12b423fd844cd604dfcf8aa0eabdd18670d95014e9625ca944410fbdd602e5a45db7f4bcdbc97109c090fb0053e9f8a3cfed5641973

Download Submit
C:\Windows\system\clAdnIG.exe

Filesize
6.0MB

MD5
df6eb3b5cb5a65f5590f06ed3d0a6dfb

SHA1
981a01e74c372494990f6cee7c892920fe081ce2

SHA256
d6b821b7a43110a437d035b2febc1b514e331aa93367dde05bfc879217ba8d6f

SHA512
4652fc1d97038cc122989d81a990445ee2a8990f701d3cbd2a01a97f9fe1569fe51862283d72ad62fc42786e07bdb400d5cfa28548842e327c689ef025e8de10

Download Submit
C:\Windows\system\gptyRbp.exe

Filesize
6.0MB

MD5
7dc8847572d6a61cfd918bf941e502a1

SHA1
c659db011be5c8fccc99036ed30a700d2d9725fe

SHA256
ca0bc3527ee29f00073f85e8554150bbc9a38dcbf6bdbc4d70e1276e535176ee

SHA512
a7d7a1a3544c383a48c6b9fe1e5b637024259f378b17c45ff8db38fe17e7de0d7b5136a0cc4664a7a56d8d28ce97c30a6c67cc966527a2f240608b87084e0fde

Download Submit
C:\Windows\system\iHcyHzw.exe

Filesize
6.0MB

MD5
c4d39deb4952d682a0366602ef5d50b8

SHA1
2bebf612059cb215fc1c2a9b8cf7a5932df9a76e

SHA256
da243150f1504e65399982f713fa194ad1fc0afc32709ccc74d07c5de165a5e5

SHA512
8141b4e855c4e9fa91cb8941e051f942afd77eb657867c7c59228526ec5688839f37ff0e4bca9c30a703b684b56d764470163db9080e609fa3af4d56f4addadf

Download Submit
C:\Windows\system\mCdqMTN.exe

Filesize
6.0MB

MD5
bb98b3831b50b93b374819c26eae1bf3

SHA1
b31d24d17b38c4f5a771044a813c209c039e9bb0

SHA256
d00b3ce15a55ee8b8c56aff38dfb061fc63892765672169006137a229b432bf7

SHA512
60be2038179fe217e2b407c2044546f324d956678809a6ec553ea35e35dff4eecea358fda9e409f99c947625c3eca212fdedee529ad20c836f3a9717967b1917

Download Submit
C:\Windows\system\pPYmGRh.exe

Filesize
6.0MB

MD5
26f08d1f3fa3c284b822704bedade94b

SHA1
23142e7b970509abbec3fe6e12e76b2d5c7e83a0

SHA256
d56b226e4d885b623932bacb818e33dc4c8dedfd8ca1d5bc7dff04b903f80086

SHA512
f7d5dd9f23e5ba8e3d02125b1354cd33330ab3510671ea8ff51d5ef7087de5156c839490ee27c88754cc10a3f60885a0dd7d35e3e8a8be2c2cbba0b640ed67e7

Download Submit
C:\Windows\system\qFniJet.exe

Filesize
6.0MB

MD5
1672d67738440dd0e4b3014b78536dad

SHA1
34d6d8dcd586d841c9177628e3fb823fe7fa6b3d

SHA256
7bc700a0dfeb526e402649ce34360afe42160613b0fcdf8a7c37ebb7868868c8

SHA512
e932aacf7211b1af24ee9a45368c01c11c34d75101c3668a1955629d048d07acaf8f24a8fc6355ce8e1bc6950c4970d3120516ea375408263c6b647d4f500080

Download Submit
C:\Windows\system\qcXgfeH.exe

Filesize
6.0MB

MD5
fbf3f1e2adef16a28a8c13107d403df9

SHA1
8534aecc8a0551018744e7e1c032b4927634aefb

SHA256
c8c2b421034f8ec14efa66540bde540537ec2753379bcecd028f426e849ea979

SHA512
e85af1f00a47b47fa62a63266302128b54d4937282556820fd4fd0e539ecc817ad2fb4a1a8a408e89a4edb5dd96d348d1d1e02de20f990ca21a6648e4d2f3801

Download Submit
C:\Windows\system\tQXvDfm.exe

Filesize
6.0MB

MD5
2e182a89d0983fe4aae1619ab6c3f74a

SHA1
99f2a2314116d61bc9559d40b49ec0eb1f5036fe

SHA256
3e780f7d607f057a4120f3752b35a67d79673e0da4e2fe26f503c27a192d9f3b

SHA512
4151f1269e06265ea5c8d8d499074e9700ca20b7a747cc2a612ccf2a85071101e8902f8b8b4adb3bb5ab80f0955b91db405f6b6595a7af48c3ff705d1e5fb5aa

Download Submit
C:\Windows\system\tYDmOLr.exe

Filesize
6.0MB

MD5
811da68263eaae4888741db79b2f7cfd

SHA1
1c9fb8e85f38a18dcacd1aba0b93e371cdef4633

SHA256
260115db72e5b90aae466b2df710c7f1ec6016afa5e80b4e397439e8218834a7

SHA512
eb060e82f6caf7a11e849f62e1399278159782206deb77b55199d47dc84a00bdf02c30177994a3de4f28aa7ae97442820b0a0a820273db368259cde67c7135b3

Download Submit
C:\Windows\system\ttnYZjC.exe

Filesize
6.0MB

MD5
0d77db06bebd498d6ff38b85abb20eb9

SHA1
24c5c71a5d896ee07fba5e68c3daba408ea0aa05

SHA256
647ad037bb156956edf9a324a8ca6836ea6791fda6beda38819afcbcb6d56fb4

SHA512
8f0a4dee410e33018573212938f84a0f218592cb9d8ccfea4ae6b40dc6341b380a0857846138b88cf95d2d11390f16b87a8ef4523d2de496ccbd6e559ecd3d64

Download Submit
\Windows\system\jlfGWqD.exe

Filesize
6.0MB

MD5
50c30510b30403b2cf294e8235c1582f

SHA1
6c4ca87aefb07b82bece4b779e0c196b5b7704a2

SHA256
eb51aa2879c34163ba6ac3ccdd7dc8068257c0184878ed8665f88c75ebd257da

SHA512
46014699068818a0b03872e41081947cd8f270ec3546516a7585a7d78c265eaf4a03fae8a5dc0f4077ec018406bdec36267a51df7e850513800c33bb73527400

Download Submit
\Windows\system\lVPhjUB.exe

Filesize
6.0MB

MD5
c7fb64ba315da7609b55879a760d2d79

SHA1
ca07c820214a7bb6ddaee4eef959f899389d3abd

SHA256
eb39963b613f89c4d26da880fd02e518b641594dc61253701940a180b0f692bd

SHA512
644967fde324281ce4176c3096394798dd32036aa62c3d0ea82876cc54dc8422dc9ea889247c24f9af8616c913a9b64f3d086fe627a1164124bd5ca8ae14a370

Download Submit
\Windows\system\mBjhTTV.exe

Filesize
6.0MB

MD5
acce93db327e5a0793d3f38959d50754

SHA1
84e2770589589d8ca9690452f2f1cb131f137bd1

SHA256
be27bbd3a8af59a91b447d925ee3f0d84971c93d72de482fa8f681f8bc431d1a

SHA512
c4a0b2db88d6bbb1a4d94a5495fbd785abc70c7eedb3bdf11f3cc08c9fe80a3e930e633687f339282f0da871e11c1af69698b71f923b28ef1530f046ccfe0fa0

Download Submit
\Windows\system\nknfNlH.exe

Filesize
6.0MB

MD5
f4a723dccafa2fd78f0ead5c309f81b0

SHA1
c1c3dccb07cc372ea8d16e5ee79a2bf524aa9c26

SHA256
db9710fc9212b201346f804473a3b07685304644c68d28e9af88f617f4a42476

SHA512
ac723b524ca2d708bcd8cfed5c91c6d8ddfb481dc5db3a43ea0b7d0834957cc40b99aee3aa58206b2e810499f035a49cc29a5f8eeb52d17cfe80f1e8c65690c7

Download Submit
\Windows\system\omOqEAX.exe

Filesize
6.0MB

MD5
68f2bab6d8b1ca178112340a75deb0a2

SHA1
e3f10e4fc7eea78d16c7e2e07f865526d5910e9f

SHA256
79ac1cd4a9a9dec2de2f4325affec2469b21b871e6214f2dc27e49cdf731fc15

SHA512
d710eb09ab9748855ae51b7c3f30e472f856ee876aa1f8a64bc970cafaa9e1964f1ddf51bde6118b4b91b4d7e81d76cfeb79d54cea9cbf03347a4081ef328a2a

Download Submit
\Windows\system\seuIwPL.exe

Filesize
6.0MB

MD5
dafdb6c3d8dde9d7cea11ba02ed36b4b

SHA1
82a966a1bd34c2195e1e4121008bb751c37420ad

SHA256
2e3fe77511fe4092b3ee9b263af3047bda122b1f771c1171a99dbe9cdc71c3a4

SHA512
be1053643cb48f143f1c6ac577c83390eb6745409aaf539d6050df4a1a86ef251422d4d31d64a84e4b5f22cb115c9639ef76c6917596914275bc9cf1d4394184

Download Submit
\Windows\system\wuCuWUl.exe

Filesize
6.0MB

MD5
e6bea385a39bb28b76b9bc5962bc44bc

SHA1
a16486e7b0d9ca7be91fbe1f10cc15f2f1ae00c1

SHA256
6bfe62ba0ecbd4ce39fc53f046e23c2c5aaa6c939d84da6b27d7d4ae84726cb3

SHA512
426703f8cff3834a79735a9fcfe2bd25edf55fe47b803528a0f28e9d0d5fc479d31b2b74307d92db0d56a754c1cbc06c11b76a3e2de669bff4d75731c84e049c

Download Submit
\Windows\system\zFQICPH.exe

Filesize
6.0MB

MD5
b435eb28435d07e0ceae7125d4acd350

SHA1
d84b19675ab3d8a6efbc27c641e9b2a6082c0370

SHA256
a2c1f7d78300ff8e94d34ce36aef988b02f61b66af61373d3b7a03a948afe062

SHA512
b2c5ae4396fce61da9ce1a79489512d8b8b24171287af89433189ab84c6f7063a285013318b23308eea5e6611d56c4c1fdcb5bc1ca75da19f17b1bf2188db328

Download Submit
memory/1596-909-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-93-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-3938-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-3949-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-73-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-264-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-38-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-40-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-53-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-101-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-89-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1964-80-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-107-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-68-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-697-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-49-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-908-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1280-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-973-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-21-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1964-0-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-15-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1964-30-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-402-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-91-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/1964-64-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1964-97-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2056-3473-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-14-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-58-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2096-3713-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2420-87-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3965-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-782-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3942-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-81-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3792-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2616-66-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2720-32-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3500-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-62-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3555-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-39-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1141-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2792-102-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3983-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2800-22-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3511-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2832-50-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3562-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3491-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2904-12-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2904-51-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/3008-42-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3517-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/3008-72-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download