cobaltstrike | b6bfb23377e170ca13168fffffa5689a67830e7734d374ab258a2029cc641b8c

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-01-2025 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

be7eab509d08450e3e1c274714735994
SHA1

145c94b0d04b4f209a1040bc80aa0ddd215b8cf8
SHA256

b6bfb23377e170ca13168fffffa5689a67830e7734d374ab258a2029cc641b8c
SHA512

bd7858a72b1e61ab02a30e2ba7331725dd15e2f46d2f442d0b21361da87289549a9dc2d63ce01537639ed1efa0bc4814aff6b9cc73e0921d532aeea2608faa69
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 37 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001867d-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186c8-10.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c9-36.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191fd-44.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191f3-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c8-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c6-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c0-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c4-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-129.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019217-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-63.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1756-0-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/files/0x000700000001867d-8.dat	xmrig
behavioral1/files/0x00070000000186c8-10.dat	xmrig
behavioral1/files/0x000600000001878d-16.dat	xmrig
behavioral1/memory/2940-31-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1756-30-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1760-29-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c9-36.dat	xmrig
behavioral1/files/0x00070000000191fd-44.dat	xmrig
behavioral1/memory/2552-43-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x00060000000191f3-40.dat	xmrig
behavioral1/files/0x000500000001a0a1-94.dat	xmrig
behavioral1/files/0x000500000001a067-87.dat	xmrig
behavioral1/files/0x000500000001a4c8-191.dat	xmrig
behavioral1/files/0x000500000001a434-120.dat	xmrig
behavioral1/files/0x000500000001a301-190.dat	xmrig
behavioral1/memory/1756-1288-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c6-182.dat	xmrig
behavioral1/files/0x000500000001a4c0-175.dat	xmrig
behavioral1/files/0x000500000001a4b5-169.dat	xmrig
behavioral1/files/0x000500000001a49c-168.dat	xmrig
behavioral1/files/0x000500000001a48e-166.dat	xmrig
behavioral1/files/0x000500000001a4b7-164.dat	xmrig
behavioral1/files/0x000500000001a4aa-157.dat	xmrig
behavioral1/files/0x000500000001a49a-149.dat	xmrig
behavioral1/files/0x000500000001a48c-140.dat	xmrig
behavioral1/files/0x000500000001a42f-114.dat	xmrig
behavioral1/files/0x000500000001a42b-107.dat	xmrig
behavioral1/files/0x000500000001a4c4-181.dat	xmrig
behavioral1/files/0x000500000001a4bb-174.dat	xmrig
behavioral1/files/0x000500000001a07b-155.dat	xmrig
behavioral1/files/0x0005000000019fb9-148.dat	xmrig
behavioral1/memory/2744-144-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2664-139-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2908-136-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46a-134.dat	xmrig
behavioral1/files/0x000500000001a431-132.dat	xmrig
behavioral1/files/0x000500000001a42d-130.dat	xmrig
behavioral1/files/0x000500000001a345-129.dat	xmrig
behavioral1/memory/2672-93-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2856-86-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0007000000019217-66.dat	xmrig
behavioral1/files/0x0005000000019db8-61.dat	xmrig
behavioral1/memory/2656-79-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/1756-78-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f9f-77.dat	xmrig
behavioral1/memory/2924-75-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x0005000000019da4-71.dat	xmrig
behavioral1/memory/2996-65-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d44-63.dat	xmrig
behavioral1/memory/1756-47-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2776-39-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1684-37-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c6-26.dat	xmrig
behavioral1/memory/2552-4021-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2940-4022-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1760-4023-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/1684-4024-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2776-4025-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2924-4029-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2908-4028-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2664-4027-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2996-4026-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2552	bFqxotG.exe
1760	WUvvxzF.exe
2940	xCIrvJc.exe
1684	AhrqgWw.exe
2776	lrOyZmt.exe
2996	prMpvBn.exe
2924	ehQlqZJ.exe
2908	OkCVCiN.exe
2656	arEaaWY.exe
2664	OXqfPCH.exe
2856	coxmsOs.exe
2744	opNvQAM.exe
2672	QPiZffP.exe
572	oXbMVnG.exe
576	xsdpNmI.exe
600	oJHkADn.exe
2012	ACLmFtz.exe
1828	TOrUSCo.exe
1920	EgUtckQ.exe
1336	JAmPihM.exe
1948	MxWMcox.exe
2288	MDipqJq.exe
1004	pVEFEWp.exe
1412	TtqCtEd.exe
1648	ZoyWSUZ.exe
620	aswzdOE.exe
332	pTIOSmr.exe
2060	uCSWbvt.exe
904	tENxBrF.exe
1980	KoTzoGa.exe
2700	WZNLTFo.exe
956	CJAEdSw.exe
2344	pnCiQyN.exe
3032	ciIyWnW.exe
2388	AHidtsI.exe
3000	sTfuuNm.exe
2484	XQhoeWm.exe
1132	otxjOWi.exe
1048	ZairWZG.exe
1676	vIumQLA.exe
2216	abJXHBv.exe
2584	hAFiBNk.exe
2420	tnSDwkJ.exe
2160	mPUPSmM.exe
2296	PbFFFhm.exe
2372	zeGMLbk.exe
3068	kpTXUKP.exe
1400	wdGNPEW.exe
2448	VPIHZsN.exe
2168	rXBEDQw.exe
1540	MvJMQIV.exe
1956	zdmJNxr.exe
976	kotaIHA.exe
2280	uddVLpH.exe
2184	ECYXcWA.exe
648	BvcNctv.exe
1584	aNeaYEx.exe
2228	vyqUtOs.exe
2976	pkOvAxc.exe
3008	BaBJTkg.exe
2200	KCtmbHd.exe
2276	dKZCXPR.exe
1668	rXyqqYw.exe
2108	WjDLuDN.exe

Loads dropped DLL 64 IoCs

pid	Process
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1756-0-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/files/0x000700000001867d-8.dat	upx
behavioral1/files/0x00070000000186c8-10.dat	upx
behavioral1/files/0x000600000001878d-16.dat	upx
behavioral1/memory/2940-31-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1760-29-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x00070000000190c9-36.dat	upx
behavioral1/files/0x00070000000191fd-44.dat	upx
behavioral1/memory/2552-43-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x00060000000191f3-40.dat	upx
behavioral1/files/0x000500000001a0a1-94.dat	upx
behavioral1/files/0x000500000001a067-87.dat	upx
behavioral1/files/0x000500000001a4c8-191.dat	upx
behavioral1/files/0x000500000001a434-120.dat	upx
behavioral1/files/0x000500000001a301-190.dat	upx
behavioral1/memory/1756-1288-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x000500000001a4c6-182.dat	upx
behavioral1/files/0x000500000001a4c0-175.dat	upx
behavioral1/files/0x000500000001a4b5-169.dat	upx
behavioral1/files/0x000500000001a49c-168.dat	upx
behavioral1/files/0x000500000001a48e-166.dat	upx
behavioral1/files/0x000500000001a4b7-164.dat	upx
behavioral1/files/0x000500000001a4aa-157.dat	upx
behavioral1/files/0x000500000001a49a-149.dat	upx
behavioral1/files/0x000500000001a48c-140.dat	upx
behavioral1/files/0x000500000001a42f-114.dat	upx
behavioral1/files/0x000500000001a42b-107.dat	upx
behavioral1/files/0x000500000001a4c4-181.dat	upx
behavioral1/files/0x000500000001a4bb-174.dat	upx
behavioral1/files/0x000500000001a07b-155.dat	upx
behavioral1/files/0x0005000000019fb9-148.dat	upx
behavioral1/memory/2744-144-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2664-139-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2908-136-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x000500000001a46a-134.dat	upx
behavioral1/files/0x000500000001a431-132.dat	upx
behavioral1/files/0x000500000001a42d-130.dat	upx
behavioral1/files/0x000500000001a345-129.dat	upx
behavioral1/memory/2672-93-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2856-86-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0007000000019217-66.dat	upx
behavioral1/files/0x0005000000019db8-61.dat	upx
behavioral1/memory/2656-79-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0005000000019f9f-77.dat	upx
behavioral1/memory/2924-75-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x0005000000019da4-71.dat	upx
behavioral1/memory/2996-65-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0005000000019d44-63.dat	upx
behavioral1/memory/2776-39-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1684-37-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x00070000000190c6-26.dat	upx
behavioral1/memory/2552-4021-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2940-4022-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1760-4023-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/1684-4024-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2776-4025-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2924-4029-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2908-4028-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2664-4027-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2996-4026-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2856-4032-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2656-4031-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2672-4030-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kAoWtud.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRoYzic.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjaabcs.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIoVcGR.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSiKlKg.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfHeuJR.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfwsLKV.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhLBtWu.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIyzaCz.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxoPQpG.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHoyext.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paizyHV.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClRJmCh.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKsqcto.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLjVihW.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybpMcyh.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJyoosc.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMqbRTu.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSvzhEC.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnSDwkJ.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgeyqTG.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGzymUm.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IyhCAcN.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMzaxOZ.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpZYLDk.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvkkmkU.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haGRdLs.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZairWZG.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\czyNFcR.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOvPAQc.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYNjyGT.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWrnJtI.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYxeYHv.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOxGKqR.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqyOjhz.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmCrdOe.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isiwfBo.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLXWiBY.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NReIHzt.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmmaREp.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POkKcew.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UVHRQfe.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOrUSCo.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPbwsyl.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyjYdBT.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjUNodY.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAgvpFD.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCVEoar.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWXerjA.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBlWjRH.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBLHgDr.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKNzhud.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPMgeXB.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYEVaOd.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osotbhU.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnJfkhb.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFAflMP.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keCkXwU.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVpakie.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYntYuS.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCZyVJe.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPIHZsN.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onESewT.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYWtDZA.exe	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2552	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1756 wrote to memory of 2552	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1756 wrote to memory of 2552	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1756 wrote to memory of 1760	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1756 wrote to memory of 1760	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1756 wrote to memory of 1760	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1756 wrote to memory of 2940	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1756 wrote to memory of 2940	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1756 wrote to memory of 2940	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1756 wrote to memory of 1684	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1756 wrote to memory of 1684	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1756 wrote to memory of 1684	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1756 wrote to memory of 2776	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1756 wrote to memory of 2776	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1756 wrote to memory of 2776	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1756 wrote to memory of 2996	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1756 wrote to memory of 2996	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1756 wrote to memory of 2996	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1756 wrote to memory of 2924	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1756 wrote to memory of 2924	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1756 wrote to memory of 2924	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1756 wrote to memory of 2908	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1756 wrote to memory of 2908	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1756 wrote to memory of 2908	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1756 wrote to memory of 2664	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1756 wrote to memory of 2664	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1756 wrote to memory of 2664	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1756 wrote to memory of 2656	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1756 wrote to memory of 2656	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1756 wrote to memory of 2656	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1756 wrote to memory of 2856	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1756 wrote to memory of 2856	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1756 wrote to memory of 2856	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1756 wrote to memory of 2744	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1756 wrote to memory of 2744	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1756 wrote to memory of 2744	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1756 wrote to memory of 2672	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1756 wrote to memory of 2672	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1756 wrote to memory of 2672	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1756 wrote to memory of 1336	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1756 wrote to memory of 1336	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1756 wrote to memory of 1336	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1756 wrote to memory of 572	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1756 wrote to memory of 572	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1756 wrote to memory of 572	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1756 wrote to memory of 1948	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1756 wrote to memory of 1948	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1756 wrote to memory of 1948	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1756 wrote to memory of 576	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1756 wrote to memory of 576	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1756 wrote to memory of 576	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1756 wrote to memory of 332	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1756 wrote to memory of 332	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1756 wrote to memory of 332	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1756 wrote to memory of 600	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1756 wrote to memory of 600	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1756 wrote to memory of 600	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1756 wrote to memory of 904	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1756 wrote to memory of 904	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1756 wrote to memory of 904	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1756 wrote to memory of 2012	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1756 wrote to memory of 2012	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1756 wrote to memory of 2012	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1756 wrote to memory of 1980	1756	2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-27_be7eab509d08450e3e1c274714735994_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\System\bFqxotG.exe
  C:\Windows\System\bFqxotG.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\WUvvxzF.exe
  C:\Windows\System\WUvvxzF.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\xCIrvJc.exe
  C:\Windows\System\xCIrvJc.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\AhrqgWw.exe
  C:\Windows\System\AhrqgWw.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\lrOyZmt.exe
  C:\Windows\System\lrOyZmt.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\prMpvBn.exe
  C:\Windows\System\prMpvBn.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ehQlqZJ.exe
  C:\Windows\System\ehQlqZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\OkCVCiN.exe
  C:\Windows\System\OkCVCiN.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\OXqfPCH.exe
  C:\Windows\System\OXqfPCH.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\arEaaWY.exe
  C:\Windows\System\arEaaWY.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\coxmsOs.exe
  C:\Windows\System\coxmsOs.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\opNvQAM.exe
  C:\Windows\System\opNvQAM.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\QPiZffP.exe
  C:\Windows\System\QPiZffP.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\JAmPihM.exe
  C:\Windows\System\JAmPihM.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\oXbMVnG.exe
  C:\Windows\System\oXbMVnG.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\MxWMcox.exe
  C:\Windows\System\MxWMcox.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\xsdpNmI.exe
  C:\Windows\System\xsdpNmI.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\pTIOSmr.exe
  C:\Windows\System\pTIOSmr.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\oJHkADn.exe
  C:\Windows\System\oJHkADn.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\tENxBrF.exe
  C:\Windows\System\tENxBrF.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\ACLmFtz.exe
  C:\Windows\System\ACLmFtz.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\KoTzoGa.exe
  C:\Windows\System\KoTzoGa.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\TOrUSCo.exe
  C:\Windows\System\TOrUSCo.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\WZNLTFo.exe
  C:\Windows\System\WZNLTFo.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\EgUtckQ.exe
  C:\Windows\System\EgUtckQ.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\pnCiQyN.exe
  C:\Windows\System\pnCiQyN.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\MDipqJq.exe
  C:\Windows\System\MDipqJq.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\sTfuuNm.exe
  C:\Windows\System\sTfuuNm.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\pVEFEWp.exe
  C:\Windows\System\pVEFEWp.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\otxjOWi.exe
  C:\Windows\System\otxjOWi.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\TtqCtEd.exe
  C:\Windows\System\TtqCtEd.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\ZairWZG.exe
  C:\Windows\System\ZairWZG.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\ZoyWSUZ.exe
  C:\Windows\System\ZoyWSUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\MvJMQIV.exe
  C:\Windows\System\MvJMQIV.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\aswzdOE.exe
  C:\Windows\System\aswzdOE.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\BvcNctv.exe
  C:\Windows\System\BvcNctv.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\uCSWbvt.exe
  C:\Windows\System\uCSWbvt.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\aNeaYEx.exe
  C:\Windows\System\aNeaYEx.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\CJAEdSw.exe
  C:\Windows\System\CJAEdSw.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\vyqUtOs.exe
  C:\Windows\System\vyqUtOs.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ciIyWnW.exe
  C:\Windows\System\ciIyWnW.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\pkOvAxc.exe
  C:\Windows\System\pkOvAxc.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\AHidtsI.exe
  C:\Windows\System\AHidtsI.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\BaBJTkg.exe
  C:\Windows\System\BaBJTkg.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\XQhoeWm.exe
  C:\Windows\System\XQhoeWm.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\KCtmbHd.exe
  C:\Windows\System\KCtmbHd.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\vIumQLA.exe
  C:\Windows\System\vIumQLA.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\dKZCXPR.exe
  C:\Windows\System\dKZCXPR.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\abJXHBv.exe
  C:\Windows\System\abJXHBv.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\rXyqqYw.exe
  C:\Windows\System\rXyqqYw.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\hAFiBNk.exe
  C:\Windows\System\hAFiBNk.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\WjDLuDN.exe
  C:\Windows\System\WjDLuDN.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\tnSDwkJ.exe
  C:\Windows\System\tnSDwkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\uNlStBk.exe
  C:\Windows\System\uNlStBk.exe
  2⤵
  PID:1636
- C:\Windows\System\mPUPSmM.exe
  C:\Windows\System\mPUPSmM.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\mTtKbyi.exe
  C:\Windows\System\mTtKbyi.exe
  2⤵
  PID:2772
- C:\Windows\System\PbFFFhm.exe
  C:\Windows\System\PbFFFhm.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\eJPzmyz.exe
  C:\Windows\System\eJPzmyz.exe
  2⤵
  PID:2764
- C:\Windows\System\zeGMLbk.exe
  C:\Windows\System\zeGMLbk.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\WtqaoNp.exe
  C:\Windows\System\WtqaoNp.exe
  2⤵
  PID:2380
- C:\Windows\System\kpTXUKP.exe
  C:\Windows\System\kpTXUKP.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\hJKKDSY.exe
  C:\Windows\System\hJKKDSY.exe
  2⤵
  PID:2796
- C:\Windows\System\wdGNPEW.exe
  C:\Windows\System\wdGNPEW.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\FsAbdqh.exe
  C:\Windows\System\FsAbdqh.exe
  2⤵
  PID:1116
- C:\Windows\System\VPIHZsN.exe
  C:\Windows\System\VPIHZsN.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\GsRECPm.exe
  C:\Windows\System\GsRECPm.exe
  2⤵
  PID:1748
- C:\Windows\System\rXBEDQw.exe
  C:\Windows\System\rXBEDQw.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\tqnQhIA.exe
  C:\Windows\System\tqnQhIA.exe
  2⤵
  PID:1164
- C:\Windows\System\zdmJNxr.exe
  C:\Windows\System\zdmJNxr.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\mKHnuvo.exe
  C:\Windows\System\mKHnuvo.exe
  2⤵
  PID:1856
- C:\Windows\System\kotaIHA.exe
  C:\Windows\System\kotaIHA.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\KEuiyCo.exe
  C:\Windows\System\KEuiyCo.exe
  2⤵
  PID:476
- C:\Windows\System\uddVLpH.exe
  C:\Windows\System\uddVLpH.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\tnWluDl.exe
  C:\Windows\System\tnWluDl.exe
  2⤵
  PID:284
- C:\Windows\System\ECYXcWA.exe
  C:\Windows\System\ECYXcWA.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\rjaabcs.exe
  C:\Windows\System\rjaabcs.exe
  2⤵
  PID:1632
- C:\Windows\System\HZNytWp.exe
  C:\Windows\System\HZNytWp.exe
  2⤵
  PID:2632
- C:\Windows\System\ihdWuet.exe
  C:\Windows\System\ihdWuet.exe
  2⤵
  PID:1888
- C:\Windows\System\dMzaxOZ.exe
  C:\Windows\System\dMzaxOZ.exe
  2⤵
  PID:2892
- C:\Windows\System\AwltGQd.exe
  C:\Windows\System\AwltGQd.exe
  2⤵
  PID:1592
- C:\Windows\System\vAmoBHG.exe
  C:\Windows\System\vAmoBHG.exe
  2⤵
  PID:2512
- C:\Windows\System\XWnQrxa.exe
  C:\Windows\System\XWnQrxa.exe
  2⤵
  PID:1644
- C:\Windows\System\mmRZzmy.exe
  C:\Windows\System\mmRZzmy.exe
  2⤵
  PID:3080
- C:\Windows\System\QVKyOKZ.exe
  C:\Windows\System\QVKyOKZ.exe
  2⤵
  PID:3096
- C:\Windows\System\HxItEiB.exe
  C:\Windows\System\HxItEiB.exe
  2⤵
  PID:3112
- C:\Windows\System\KMtqFCR.exe
  C:\Windows\System\KMtqFCR.exe
  2⤵
  PID:3132
- C:\Windows\System\BDkCsfi.exe
  C:\Windows\System\BDkCsfi.exe
  2⤵
  PID:3152
- C:\Windows\System\TbXVEUz.exe
  C:\Windows\System\TbXVEUz.exe
  2⤵
  PID:3176
- C:\Windows\System\RIwAHmE.exe
  C:\Windows\System\RIwAHmE.exe
  2⤵
  PID:3196
- C:\Windows\System\TakzKyg.exe
  C:\Windows\System\TakzKyg.exe
  2⤵
  PID:3212
- C:\Windows\System\osHnTlP.exe
  C:\Windows\System\osHnTlP.exe
  2⤵
  PID:3236
- C:\Windows\System\XwBKwQK.exe
  C:\Windows\System\XwBKwQK.exe
  2⤵
  PID:3252
- C:\Windows\System\ykiTSIe.exe
  C:\Windows\System\ykiTSIe.exe
  2⤵
  PID:3276
- C:\Windows\System\mIpMJlH.exe
  C:\Windows\System\mIpMJlH.exe
  2⤵
  PID:3292
- C:\Windows\System\kiycfVV.exe
  C:\Windows\System\kiycfVV.exe
  2⤵
  PID:3308
- C:\Windows\System\amuZLCX.exe
  C:\Windows\System\amuZLCX.exe
  2⤵
  PID:3340
- C:\Windows\System\cnkYdJG.exe
  C:\Windows\System\cnkYdJG.exe
  2⤵
  PID:3356
- C:\Windows\System\ymOZfUi.exe
  C:\Windows\System\ymOZfUi.exe
  2⤵
  PID:3372
- C:\Windows\System\eTwJoQw.exe
  C:\Windows\System\eTwJoQw.exe
  2⤵
  PID:3388
- C:\Windows\System\kNVTrZh.exe
  C:\Windows\System\kNVTrZh.exe
  2⤵
  PID:3404
- C:\Windows\System\UPmnwzZ.exe
  C:\Windows\System\UPmnwzZ.exe
  2⤵
  PID:3420
- C:\Windows\System\wgCPFnV.exe
  C:\Windows\System\wgCPFnV.exe
  2⤵
  PID:3440
- C:\Windows\System\nGQScMY.exe
  C:\Windows\System\nGQScMY.exe
  2⤵
  PID:3460
- C:\Windows\System\AIxhhpC.exe
  C:\Windows\System\AIxhhpC.exe
  2⤵
  PID:3476
- C:\Windows\System\bmihmFn.exe
  C:\Windows\System\bmihmFn.exe
  2⤵
  PID:3492
- C:\Windows\System\IYdURDT.exe
  C:\Windows\System\IYdURDT.exe
  2⤵
  PID:3516
- C:\Windows\System\gRdYpxR.exe
  C:\Windows\System\gRdYpxR.exe
  2⤵
  PID:3536
- C:\Windows\System\SflFDrd.exe
  C:\Windows\System\SflFDrd.exe
  2⤵
  PID:3552
- C:\Windows\System\sHLRHgH.exe
  C:\Windows\System\sHLRHgH.exe
  2⤵
  PID:3568
- C:\Windows\System\uigvrfv.exe
  C:\Windows\System\uigvrfv.exe
  2⤵
  PID:3584
- C:\Windows\System\cBoTpsJ.exe
  C:\Windows\System\cBoTpsJ.exe
  2⤵
  PID:3600
- C:\Windows\System\VAkKqwr.exe
  C:\Windows\System\VAkKqwr.exe
  2⤵
  PID:3616
- C:\Windows\System\Ncgmdko.exe
  C:\Windows\System\Ncgmdko.exe
  2⤵
  PID:3632
- C:\Windows\System\bXgxuSJ.exe
  C:\Windows\System\bXgxuSJ.exe
  2⤵
  PID:3652
- C:\Windows\System\FPJrarG.exe
  C:\Windows\System\FPJrarG.exe
  2⤵
  PID:3688
- C:\Windows\System\adKLtAc.exe
  C:\Windows\System\adKLtAc.exe
  2⤵
  PID:3704
- C:\Windows\System\ztEIQed.exe
  C:\Windows\System\ztEIQed.exe
  2⤵
  PID:3724
- C:\Windows\System\nOxfwLa.exe
  C:\Windows\System\nOxfwLa.exe
  2⤵
  PID:3740
- C:\Windows\System\HnRKUKH.exe
  C:\Windows\System\HnRKUKH.exe
  2⤵
  PID:3760
- C:\Windows\System\RPuNMTp.exe
  C:\Windows\System\RPuNMTp.exe
  2⤵
  PID:3780
- C:\Windows\System\vaJmoGW.exe
  C:\Windows\System\vaJmoGW.exe
  2⤵
  PID:3800
- C:\Windows\System\codiVPc.exe
  C:\Windows\System\codiVPc.exe
  2⤵
  PID:3816
- C:\Windows\System\KTMwBoD.exe
  C:\Windows\System\KTMwBoD.exe
  2⤵
  PID:3832
- C:\Windows\System\kAPjaYl.exe
  C:\Windows\System\kAPjaYl.exe
  2⤵
  PID:3848
- C:\Windows\System\PmUFaLY.exe
  C:\Windows\System\PmUFaLY.exe
  2⤵
  PID:3864
- C:\Windows\System\iTpFTNJ.exe
  C:\Windows\System\iTpFTNJ.exe
  2⤵
  PID:3880
- C:\Windows\System\pcMzjLx.exe
  C:\Windows\System\pcMzjLx.exe
  2⤵
  PID:3896
- C:\Windows\System\CMwXcnH.exe
  C:\Windows\System\CMwXcnH.exe
  2⤵
  PID:3912
- C:\Windows\System\CbcETbB.exe
  C:\Windows\System\CbcETbB.exe
  2⤵
  PID:3928
- C:\Windows\System\jkLCwGD.exe
  C:\Windows\System\jkLCwGD.exe
  2⤵
  PID:3944
- C:\Windows\System\NMAqpRP.exe
  C:\Windows\System\NMAqpRP.exe
  2⤵
  PID:3960
- C:\Windows\System\lhalCvg.exe
  C:\Windows\System\lhalCvg.exe
  2⤵
  PID:3976
- C:\Windows\System\NGXcueB.exe
  C:\Windows\System\NGXcueB.exe
  2⤵
  PID:3992
- C:\Windows\System\lDoPEJO.exe
  C:\Windows\System\lDoPEJO.exe
  2⤵
  PID:4008
- C:\Windows\System\fgVVPxh.exe
  C:\Windows\System\fgVVPxh.exe
  2⤵
  PID:4024
- C:\Windows\System\lzrDJEa.exe
  C:\Windows\System\lzrDJEa.exe
  2⤵
  PID:4040
- C:\Windows\System\kZrFnDJ.exe
  C:\Windows\System\kZrFnDJ.exe
  2⤵
  PID:4056
- C:\Windows\System\YHegxBK.exe
  C:\Windows\System\YHegxBK.exe
  2⤵
  PID:4072
- C:\Windows\System\twLwhAS.exe
  C:\Windows\System\twLwhAS.exe
  2⤵
  PID:4088
- C:\Windows\System\DDiXOnS.exe
  C:\Windows\System\DDiXOnS.exe
  2⤵
  PID:2120
- C:\Windows\System\CSeAlQp.exe
  C:\Windows\System\CSeAlQp.exe
  2⤵
  PID:1824
- C:\Windows\System\uIHpSTX.exe
  C:\Windows\System\uIHpSTX.exe
  2⤵
  PID:2752
- C:\Windows\System\ItiyhVo.exe
  C:\Windows\System\ItiyhVo.exe
  2⤵
  PID:788
- C:\Windows\System\fjNAaNJ.exe
  C:\Windows\System\fjNAaNJ.exe
  2⤵
  PID:1160
- C:\Windows\System\QxCZIEZ.exe
  C:\Windows\System\QxCZIEZ.exe
  2⤵
  PID:1996
- C:\Windows\System\mosTSSb.exe
  C:\Windows\System\mosTSSb.exe
  2⤵
  PID:2112
- C:\Windows\System\UPAmrHH.exe
  C:\Windows\System\UPAmrHH.exe
  2⤵
  PID:3088
- C:\Windows\System\FDfuHYO.exe
  C:\Windows\System\FDfuHYO.exe
  2⤵
  PID:3128
- C:\Windows\System\ijuwloS.exe
  C:\Windows\System\ijuwloS.exe
  2⤵
  PID:3164
- C:\Windows\System\BqizmSS.exe
  C:\Windows\System\BqizmSS.exe
  2⤵
  PID:3248
- C:\Windows\System\dBNDzTm.exe
  C:\Windows\System\dBNDzTm.exe
  2⤵
  PID:2604
- C:\Windows\System\NYPgPcq.exe
  C:\Windows\System\NYPgPcq.exe
  2⤵
  PID:3320
- C:\Windows\System\nenyCvU.exe
  C:\Windows\System\nenyCvU.exe
  2⤵
  PID:2128
- C:\Windows\System\lhLkWMu.exe
  C:\Windows\System\lhLkWMu.exe
  2⤵
  PID:900
- C:\Windows\System\vVWDSqr.exe
  C:\Windows\System\vVWDSqr.exe
  2⤵
  PID:1568
- C:\Windows\System\QKVduSK.exe
  C:\Windows\System\QKVduSK.exe
  2⤵
  PID:2968
- C:\Windows\System\zXBZvwH.exe
  C:\Windows\System\zXBZvwH.exe
  2⤵
  PID:2660
- C:\Windows\System\ayYQUJs.exe
  C:\Windows\System\ayYQUJs.exe
  2⤵
  PID:2928
- C:\Windows\System\mBdJAaL.exe
  C:\Windows\System\mBdJAaL.exe
  2⤵
  PID:1940
- C:\Windows\System\idnczdG.exe
  C:\Windows\System\idnczdG.exe
  2⤵
  PID:2556
- C:\Windows\System\OYCEtqm.exe
  C:\Windows\System\OYCEtqm.exe
  2⤵
  PID:2328
- C:\Windows\System\VsTToNX.exe
  C:\Windows\System\VsTToNX.exe
  2⤵
  PID:2316
- C:\Windows\System\KRBgBvm.exe
  C:\Windows\System\KRBgBvm.exe
  2⤵
  PID:3188
- C:\Windows\System\sVhbmhl.exe
  C:\Windows\System\sVhbmhl.exe
  2⤵
  PID:3192
- C:\Windows\System\VAYhbpg.exe
  C:\Windows\System\VAYhbpg.exe
  2⤵
  PID:3260
- C:\Windows\System\wqeDtHa.exe
  C:\Windows\System\wqeDtHa.exe
  2⤵
  PID:2868
- C:\Windows\System\FeXrPtd.exe
  C:\Windows\System\FeXrPtd.exe
  2⤵
  PID:3500
- C:\Windows\System\pJNPjSb.exe
  C:\Windows\System\pJNPjSb.exe
  2⤵
  PID:2116
- C:\Windows\System\FZEeuHl.exe
  C:\Windows\System\FZEeuHl.exe
  2⤵
  PID:3580
- C:\Windows\System\bUFhdKB.exe
  C:\Windows\System\bUFhdKB.exe
  2⤵
  PID:3644
- C:\Windows\System\VrVzIYh.exe
  C:\Windows\System\VrVzIYh.exe
  2⤵
  PID:3732
- C:\Windows\System\WmdAWyr.exe
  C:\Windows\System\WmdAWyr.exe
  2⤵
  PID:3940
- C:\Windows\System\pqyOjhz.exe
  C:\Windows\System\pqyOjhz.exe
  2⤵
  PID:4004
- C:\Windows\System\dsOXjEq.exe
  C:\Windows\System\dsOXjEq.exe
  2⤵
  PID:4068
- C:\Windows\System\AYJHXxz.exe
  C:\Windows\System\AYJHXxz.exe
  2⤵
  PID:2236
- C:\Windows\System\gbgznec.exe
  C:\Windows\System\gbgznec.exe
  2⤵
  PID:1340
- C:\Windows\System\rSdXifZ.exe
  C:\Windows\System\rSdXifZ.exe
  2⤵
  PID:3208
- C:\Windows\System\srwswlq.exe
  C:\Windows\System\srwswlq.exe
  2⤵
  PID:1820
- C:\Windows\System\lprgqnr.exe
  C:\Windows\System\lprgqnr.exe
  2⤵
  PID:2676
- C:\Windows\System\gwUCgvU.exe
  C:\Windows\System\gwUCgvU.exe
  2⤵
  PID:3448
- C:\Windows\System\ybnOblw.exe
  C:\Windows\System\ybnOblw.exe
  2⤵
  PID:3528
- C:\Windows\System\fdMYikJ.exe
  C:\Windows\System\fdMYikJ.exe
  2⤵
  PID:3628
- C:\Windows\System\OFRcfWw.exe
  C:\Windows\System\OFRcfWw.exe
  2⤵
  PID:1664
- C:\Windows\System\ZaYgmin.exe
  C:\Windows\System\ZaYgmin.exe
  2⤵
  PID:3224
- C:\Windows\System\pCDFsfD.exe
  C:\Windows\System\pCDFsfD.exe
  2⤵
  PID:3772
- C:\Windows\System\eOtJWBs.exe
  C:\Windows\System\eOtJWBs.exe
  2⤵
  PID:3840
- C:\Windows\System\SojehaE.exe
  C:\Windows\System\SojehaE.exe
  2⤵
  PID:3904
- C:\Windows\System\sxIEhKu.exe
  C:\Windows\System\sxIEhKu.exe
  2⤵
  PID:3384
- C:\Windows\System\CDBsuZZ.exe
  C:\Windows\System\CDBsuZZ.exe
  2⤵
  PID:4036
- C:\Windows\System\NEoiycz.exe
  C:\Windows\System\NEoiycz.exe
  2⤵
  PID:3244
- C:\Windows\System\Bwxnvux.exe
  C:\Windows\System\Bwxnvux.exe
  2⤵
  PID:3412
- C:\Windows\System\nDWIFDM.exe
  C:\Windows\System\nDWIFDM.exe
  2⤵
  PID:3676
- C:\Windows\System\RZsMcdD.exe
  C:\Windows\System\RZsMcdD.exe
  2⤵
  PID:3752
- C:\Windows\System\LwLgoGS.exe
  C:\Windows\System\LwLgoGS.exe
  2⤵
  PID:1008
- C:\Windows\System\rsYdBfx.exe
  C:\Windows\System\rsYdBfx.exe
  2⤵
  PID:2476
- C:\Windows\System\LlggPEu.exe
  C:\Windows\System\LlggPEu.exe
  2⤵
  PID:3336
- C:\Windows\System\GPFQGBa.exe
  C:\Windows\System\GPFQGBa.exe
  2⤵
  PID:1536
- C:\Windows\System\iJtanWu.exe
  C:\Windows\System\iJtanWu.exe
  2⤵
  PID:3140
- C:\Windows\System\NuDXHhG.exe
  C:\Windows\System\NuDXHhG.exe
  2⤵
  PID:3468
- C:\Windows\System\laummMr.exe
  C:\Windows\System\laummMr.exe
  2⤵
  PID:3696
- C:\Windows\System\FONInxT.exe
  C:\Windows\System\FONInxT.exe
  2⤵
  PID:3352
- C:\Windows\System\czOzlBS.exe
  C:\Windows\System\czOzlBS.exe
  2⤵
  PID:1292
- C:\Windows\System\JhTpJEU.exe
  C:\Windows\System\JhTpJEU.exe
  2⤵
  PID:2036
- C:\Windows\System\atdjqqM.exe
  C:\Windows\System\atdjqqM.exe
  2⤵
  PID:2332
- C:\Windows\System\dXHqEvQ.exe
  C:\Windows\System\dXHqEvQ.exe
  2⤵
  PID:548
- C:\Windows\System\YlBebfr.exe
  C:\Windows\System\YlBebfr.exe
  2⤵
  PID:3364
- C:\Windows\System\JBVBZwR.exe
  C:\Windows\System\JBVBZwR.exe
  2⤵
  PID:3168
- C:\Windows\System\fZFPNcM.exe
  C:\Windows\System\fZFPNcM.exe
  2⤵
  PID:1800
- C:\Windows\System\CYSubkU.exe
  C:\Windows\System\CYSubkU.exe
  2⤵
  PID:1052
- C:\Windows\System\siunzIf.exe
  C:\Windows\System\siunzIf.exe
  2⤵
  PID:4048
- C:\Windows\System\KjgcKeg.exe
  C:\Windows\System\KjgcKeg.exe
  2⤵
  PID:3956
- C:\Windows\System\QPbwsyl.exe
  C:\Windows\System\QPbwsyl.exe
  2⤵
  PID:3920
- C:\Windows\System\pNuJJML.exe
  C:\Windows\System\pNuJJML.exe
  2⤵
  PID:3828
- C:\Windows\System\BKjSmFX.exe
  C:\Windows\System\BKjSmFX.exe
  2⤵
  PID:3788
- C:\Windows\System\PCZuxLr.exe
  C:\Windows\System\PCZuxLr.exe
  2⤵
  PID:3712
- C:\Windows\System\SRTQwCI.exe
  C:\Windows\System\SRTQwCI.exe
  2⤵
  PID:3144
- C:\Windows\System\omtaJoa.exe
  C:\Windows\System\omtaJoa.exe
  2⤵
  PID:3936
- C:\Windows\System\nEryAfM.exe
  C:\Windows\System\nEryAfM.exe
  2⤵
  PID:3668
- C:\Windows\System\SZNSzRv.exe
  C:\Windows\System\SZNSzRv.exe
  2⤵
  PID:3316
- C:\Windows\System\zmlXVsc.exe
  C:\Windows\System\zmlXVsc.exe
  2⤵
  PID:3548
- C:\Windows\System\JqkkqmA.exe
  C:\Windows\System\JqkkqmA.exe
  2⤵
  PID:3664
- C:\Windows\System\YxaLsYL.exe
  C:\Windows\System\YxaLsYL.exe
  2⤵
  PID:1308
- C:\Windows\System\XibFqnl.exe
  C:\Windows\System\XibFqnl.exe
  2⤵
  PID:4108
- C:\Windows\System\PMpDBtM.exe
  C:\Windows\System\PMpDBtM.exe
  2⤵
  PID:4124
- C:\Windows\System\GPoXkuC.exe
  C:\Windows\System\GPoXkuC.exe
  2⤵
  PID:4140
- C:\Windows\System\LuBeIMW.exe
  C:\Windows\System\LuBeIMW.exe
  2⤵
  PID:4156
- C:\Windows\System\KbUrUQo.exe
  C:\Windows\System\KbUrUQo.exe
  2⤵
  PID:4172
- C:\Windows\System\fGtOBVl.exe
  C:\Windows\System\fGtOBVl.exe
  2⤵
  PID:4188
- C:\Windows\System\TRjTstC.exe
  C:\Windows\System\TRjTstC.exe
  2⤵
  PID:4204
- C:\Windows\System\HZURiaz.exe
  C:\Windows\System\HZURiaz.exe
  2⤵
  PID:4220
- C:\Windows\System\OaueeOc.exe
  C:\Windows\System\OaueeOc.exe
  2⤵
  PID:4236
- C:\Windows\System\bmmyyYA.exe
  C:\Windows\System\bmmyyYA.exe
  2⤵
  PID:4252
- C:\Windows\System\csleaxw.exe
  C:\Windows\System\csleaxw.exe
  2⤵
  PID:4272
- C:\Windows\System\uTSrqKH.exe
  C:\Windows\System\uTSrqKH.exe
  2⤵
  PID:4288
- C:\Windows\System\FUKLoop.exe
  C:\Windows\System\FUKLoop.exe
  2⤵
  PID:4304
- C:\Windows\System\EycVWhC.exe
  C:\Windows\System\EycVWhC.exe
  2⤵
  PID:4320
- C:\Windows\System\atqlIKm.exe
  C:\Windows\System\atqlIKm.exe
  2⤵
  PID:4336
- C:\Windows\System\OQrFUwi.exe
  C:\Windows\System\OQrFUwi.exe
  2⤵
  PID:4352
- C:\Windows\System\PAdJdOm.exe
  C:\Windows\System\PAdJdOm.exe
  2⤵
  PID:4368
- C:\Windows\System\UFRUrRY.exe
  C:\Windows\System\UFRUrRY.exe
  2⤵
  PID:4384
- C:\Windows\System\qeSWoNT.exe
  C:\Windows\System\qeSWoNT.exe
  2⤵
  PID:4400
- C:\Windows\System\MzwkIau.exe
  C:\Windows\System\MzwkIau.exe
  2⤵
  PID:4416
- C:\Windows\System\SrFyMQj.exe
  C:\Windows\System\SrFyMQj.exe
  2⤵
  PID:4432
- C:\Windows\System\MliPbft.exe
  C:\Windows\System\MliPbft.exe
  2⤵
  PID:4448
- C:\Windows\System\xozFbWK.exe
  C:\Windows\System\xozFbWK.exe
  2⤵
  PID:4464
- C:\Windows\System\ouXLxdN.exe
  C:\Windows\System\ouXLxdN.exe
  2⤵
  PID:4480
- C:\Windows\System\DMURRax.exe
  C:\Windows\System\DMURRax.exe
  2⤵
  PID:4496
- C:\Windows\System\IJfIKDM.exe
  C:\Windows\System\IJfIKDM.exe
  2⤵
  PID:4512
- C:\Windows\System\pphifYh.exe
  C:\Windows\System\pphifYh.exe
  2⤵
  PID:4528
- C:\Windows\System\FJNZRxj.exe
  C:\Windows\System\FJNZRxj.exe
  2⤵
  PID:4544
- C:\Windows\System\dwnYbmB.exe
  C:\Windows\System\dwnYbmB.exe
  2⤵
  PID:4560
- C:\Windows\System\CIXPzEk.exe
  C:\Windows\System\CIXPzEk.exe
  2⤵
  PID:4576
- C:\Windows\System\qMjHcGg.exe
  C:\Windows\System\qMjHcGg.exe
  2⤵
  PID:4592
- C:\Windows\System\miiuabS.exe
  C:\Windows\System\miiuabS.exe
  2⤵
  PID:4608
- C:\Windows\System\DJxSXAL.exe
  C:\Windows\System\DJxSXAL.exe
  2⤵
  PID:4624
- C:\Windows\System\IyoaLcw.exe
  C:\Windows\System\IyoaLcw.exe
  2⤵
  PID:4640
- C:\Windows\System\qgeyqTG.exe
  C:\Windows\System\qgeyqTG.exe
  2⤵
  PID:4656
- C:\Windows\System\sEQTLPR.exe
  C:\Windows\System\sEQTLPR.exe
  2⤵
  PID:4672
- C:\Windows\System\ZEZBHfy.exe
  C:\Windows\System\ZEZBHfy.exe
  2⤵
  PID:4688
- C:\Windows\System\yLxqpOW.exe
  C:\Windows\System\yLxqpOW.exe
  2⤵
  PID:4704
- C:\Windows\System\ofAdAdu.exe
  C:\Windows\System\ofAdAdu.exe
  2⤵
  PID:4720
- C:\Windows\System\BRVMKra.exe
  C:\Windows\System\BRVMKra.exe
  2⤵
  PID:4736
- C:\Windows\System\seSnGSl.exe
  C:\Windows\System\seSnGSl.exe
  2⤵
  PID:4752
- C:\Windows\System\UJlEAxv.exe
  C:\Windows\System\UJlEAxv.exe
  2⤵
  PID:4768
- C:\Windows\System\btpFbbf.exe
  C:\Windows\System\btpFbbf.exe
  2⤵
  PID:4784
- C:\Windows\System\veIEQmV.exe
  C:\Windows\System\veIEQmV.exe
  2⤵
  PID:4800
- C:\Windows\System\hKwkuZc.exe
  C:\Windows\System\hKwkuZc.exe
  2⤵
  PID:4816
- C:\Windows\System\fEgONNw.exe
  C:\Windows\System\fEgONNw.exe
  2⤵
  PID:4832
- C:\Windows\System\FYWgYkP.exe
  C:\Windows\System\FYWgYkP.exe
  2⤵
  PID:4848
- C:\Windows\System\TzZpTmv.exe
  C:\Windows\System\TzZpTmv.exe
  2⤵
  PID:4864
- C:\Windows\System\QmCrdOe.exe
  C:\Windows\System\QmCrdOe.exe
  2⤵
  PID:4880
- C:\Windows\System\vHjLttF.exe
  C:\Windows\System\vHjLttF.exe
  2⤵
  PID:4896
- C:\Windows\System\HtItvQJ.exe
  C:\Windows\System\HtItvQJ.exe
  2⤵
  PID:4912
- C:\Windows\System\HvlviAb.exe
  C:\Windows\System\HvlviAb.exe
  2⤵
  PID:4928
- C:\Windows\System\Uamzrew.exe
  C:\Windows\System\Uamzrew.exe
  2⤵
  PID:4944
- C:\Windows\System\pVOUVTA.exe
  C:\Windows\System\pVOUVTA.exe
  2⤵
  PID:4960
- C:\Windows\System\wqCSOiL.exe
  C:\Windows\System\wqCSOiL.exe
  2⤵
  PID:4976
- C:\Windows\System\ILrcfEC.exe
  C:\Windows\System\ILrcfEC.exe
  2⤵
  PID:4992
- C:\Windows\System\XHLkbyl.exe
  C:\Windows\System\XHLkbyl.exe
  2⤵
  PID:5008
- C:\Windows\System\UFxALRt.exe
  C:\Windows\System\UFxALRt.exe
  2⤵
  PID:5024
- C:\Windows\System\czyNFcR.exe
  C:\Windows\System\czyNFcR.exe
  2⤵
  PID:5040
- C:\Windows\System\uaYgUsB.exe
  C:\Windows\System\uaYgUsB.exe
  2⤵
  PID:5056
- C:\Windows\System\mByvPup.exe
  C:\Windows\System\mByvPup.exe
  2⤵
  PID:5072
- C:\Windows\System\xnJfkhb.exe
  C:\Windows\System\xnJfkhb.exe
  2⤵
  PID:5088
- C:\Windows\System\CNZAXBv.exe
  C:\Windows\System\CNZAXBv.exe
  2⤵
  PID:5104
- C:\Windows\System\NiAIjGm.exe
  C:\Windows\System\NiAIjGm.exe
  2⤵
  PID:4080
- C:\Windows\System\xVZLFnJ.exe
  C:\Windows\System\xVZLFnJ.exe
  2⤵
  PID:3824
- C:\Windows\System\UnQzJzC.exe
  C:\Windows\System\UnQzJzC.exe
  2⤵
  PID:1068
- C:\Windows\System\IbgdgGj.exe
  C:\Windows\System\IbgdgGj.exe
  2⤵
  PID:3532
- C:\Windows\System\OzkFaAI.exe
  C:\Windows\System\OzkFaAI.exe
  2⤵
  PID:3640
- C:\Windows\System\mRjTWnM.exe
  C:\Windows\System\mRjTWnM.exe
  2⤵
  PID:848
- C:\Windows\System\wFAflMP.exe
  C:\Windows\System\wFAflMP.exe
  2⤵
  PID:1628
- C:\Windows\System\adOSzaQ.exe
  C:\Windows\System\adOSzaQ.exe
  2⤵
  PID:4016
- C:\Windows\System\rBlWjRH.exe
  C:\Windows\System\rBlWjRH.exe
  2⤵
  PID:3748
- C:\Windows\System\RhTfWGj.exe
  C:\Windows\System\RhTfWGj.exe
  2⤵
  PID:1744
- C:\Windows\System\lSAZksM.exe
  C:\Windows\System\lSAZksM.exe
  2⤵
  PID:4100
- C:\Windows\System\qOlBvrg.exe
  C:\Windows\System\qOlBvrg.exe
  2⤵
  PID:2292
- C:\Windows\System\OfoZWVH.exe
  C:\Windows\System\OfoZWVH.exe
  2⤵
  PID:4296
- C:\Windows\System\SVgrTSj.exe
  C:\Windows\System\SVgrTSj.exe
  2⤵
  PID:4408
- C:\Windows\System\kMldVUK.exe
  C:\Windows\System\kMldVUK.exe
  2⤵
  PID:4392
- C:\Windows\System\coXMwCo.exe
  C:\Windows\System\coXMwCo.exe
  2⤵
  PID:4424
- C:\Windows\System\wJPWZrX.exe
  C:\Windows\System\wJPWZrX.exe
  2⤵
  PID:4456
- C:\Windows\System\vaByzyC.exe
  C:\Windows\System\vaByzyC.exe
  2⤵
  PID:4504
- C:\Windows\System\kvQOkvb.exe
  C:\Windows\System\kvQOkvb.exe
  2⤵
  PID:4568
- C:\Windows\System\onuBxOf.exe
  C:\Windows\System\onuBxOf.exe
  2⤵
  PID:4556
- C:\Windows\System\FSOoidt.exe
  C:\Windows\System\FSOoidt.exe
  2⤵
  PID:4604
- C:\Windows\System\GhJxHHL.exe
  C:\Windows\System\GhJxHHL.exe
  2⤵
  PID:4620
- C:\Windows\System\XvaTLaT.exe
  C:\Windows\System\XvaTLaT.exe
  2⤵
  PID:4652
- C:\Windows\System\EJQQuYc.exe
  C:\Windows\System\EJQQuYc.exe
  2⤵
  PID:4700
- C:\Windows\System\gkkoceO.exe
  C:\Windows\System\gkkoceO.exe
  2⤵
  PID:4716
- C:\Windows\System\isiwfBo.exe
  C:\Windows\System\isiwfBo.exe
  2⤵
  PID:4748
- C:\Windows\System\MnwUYlN.exe
  C:\Windows\System\MnwUYlN.exe
  2⤵
  PID:4780
- C:\Windows\System\TIVjOQJ.exe
  C:\Windows\System\TIVjOQJ.exe
  2⤵
  PID:4808
- C:\Windows\System\fbLKarR.exe
  C:\Windows\System\fbLKarR.exe
  2⤵
  PID:4840
- C:\Windows\System\ZIYLnsp.exe
  C:\Windows\System\ZIYLnsp.exe
  2⤵
  PID:4844
- C:\Windows\System\nQecaRU.exe
  C:\Windows\System\nQecaRU.exe
  2⤵
  PID:4904
- C:\Windows\System\FBLHgDr.exe
  C:\Windows\System\FBLHgDr.exe
  2⤵
  PID:2680
- C:\Windows\System\hZPNhhT.exe
  C:\Windows\System\hZPNhhT.exe
  2⤵
  PID:2204
- C:\Windows\System\eEkzjaF.exe
  C:\Windows\System\eEkzjaF.exe
  2⤵
  PID:5036
- C:\Windows\System\RAoAEjP.exe
  C:\Windows\System\RAoAEjP.exe
  2⤵
  PID:5084
- C:\Windows\System\NFQTzFa.exe
  C:\Windows\System\NFQTzFa.exe
  2⤵
  PID:3612
- C:\Windows\System\pPCPImf.exe
  C:\Windows\System\pPCPImf.exe
  2⤵
  PID:3288
- C:\Windows\System\gLvVkEG.exe
  C:\Windows\System\gLvVkEG.exe
  2⤵
  PID:3232
- C:\Windows\System\UbBjyry.exe
  C:\Windows\System\UbBjyry.exe
  2⤵
  PID:4120
- C:\Windows\System\TPNPxLx.exe
  C:\Windows\System\TPNPxLx.exe
  2⤵
  PID:4148
- C:\Windows\System\jyAEdsM.exe
  C:\Windows\System\jyAEdsM.exe
  2⤵
  PID:3368
- C:\Windows\System\GTrCFid.exe
  C:\Windows\System\GTrCFid.exe
  2⤵
  PID:3872
- C:\Windows\System\IHKcxPq.exe
  C:\Windows\System\IHKcxPq.exe
  2⤵
  PID:4196
- C:\Windows\System\cxwRQQA.exe
  C:\Windows\System\cxwRQQA.exe
  2⤵
  PID:2312
- C:\Windows\System\vRfRVdf.exe
  C:\Windows\System\vRfRVdf.exe
  2⤵
  PID:4360
- C:\Windows\System\SbzmCQM.exe
  C:\Windows\System\SbzmCQM.exe
  2⤵
  PID:4476
- C:\Windows\System\uMRLtHg.exe
  C:\Windows\System\uMRLtHg.exe
  2⤵
  PID:4328
- C:\Windows\System\AsanzOk.exe
  C:\Windows\System\AsanzOk.exe
  2⤵
  PID:4600
- C:\Windows\System\BHdcAOh.exe
  C:\Windows\System\BHdcAOh.exe
  2⤵
  PID:4332
- C:\Windows\System\qInfRoh.exe
  C:\Windows\System\qInfRoh.exe
  2⤵
  PID:4492
- C:\Windows\System\XsmTnLy.exe
  C:\Windows\System\XsmTnLy.exe
  2⤵
  PID:4552
- C:\Windows\System\JbKyjzc.exe
  C:\Windows\System\JbKyjzc.exe
  2⤵
  PID:2500
- C:\Windows\System\ugusMyd.exe
  C:\Windows\System\ugusMyd.exe
  2⤵
  PID:4924
- C:\Windows\System\TacyGQP.exe
  C:\Windows\System\TacyGQP.exe
  2⤵
  PID:4712
- C:\Windows\System\JMoYvQE.exe
  C:\Windows\System\JMoYvQE.exe
  2⤵
  PID:5052
- C:\Windows\System\zPUfmxd.exe
  C:\Windows\System\zPUfmxd.exe
  2⤵
  PID:5080
- C:\Windows\System\dWihADO.exe
  C:\Windows\System\dWihADO.exe
  2⤵
  PID:3860
- C:\Windows\System\NfFxuSQ.exe
  C:\Windows\System\NfFxuSQ.exe
  2⤵
  PID:4952
- C:\Windows\System\JmYgNbl.exe
  C:\Windows\System\JmYgNbl.exe
  2⤵
  PID:4136
- C:\Windows\System\NWePUUh.exe
  C:\Windows\System\NWePUUh.exe
  2⤵
  PID:4180
- C:\Windows\System\ocyTLrA.exe
  C:\Windows\System\ocyTLrA.exe
  2⤵
  PID:4300
- C:\Windows\System\ZQowEIX.exe
  C:\Windows\System\ZQowEIX.exe
  2⤵
  PID:4260
- C:\Windows\System\UWjeCzz.exe
  C:\Windows\System\UWjeCzz.exe
  2⤵
  PID:4664
- C:\Windows\System\XbnFnmN.exe
  C:\Windows\System\XbnFnmN.exe
  2⤵
  PID:2032
- C:\Windows\System\HQMQPMX.exe
  C:\Windows\System\HQMQPMX.exe
  2⤵
  PID:4856
- C:\Windows\System\aoNkHfO.exe
  C:\Windows\System\aoNkHfO.exe
  2⤵
  PID:4744
- C:\Windows\System\FOsAPTP.exe
  C:\Windows\System\FOsAPTP.exe
  2⤵
  PID:4888
- C:\Windows\System\lADBotp.exe
  C:\Windows\System\lADBotp.exe
  2⤵
  PID:5004
- C:\Windows\System\RYlZKKy.exe
  C:\Windows\System\RYlZKKy.exe
  2⤵
  PID:5116
- C:\Windows\System\GCcnpHY.exe
  C:\Windows\System\GCcnpHY.exe
  2⤵
  PID:4648
- C:\Windows\System\vWKzUrC.exe
  C:\Windows\System\vWKzUrC.exe
  2⤵
  PID:4216
- C:\Windows\System\sZbiJIA.exe
  C:\Windows\System\sZbiJIA.exe
  2⤵
  PID:1076
- C:\Windows\System\VAyNcnX.exe
  C:\Windows\System\VAyNcnX.exe
  2⤵
  PID:4488
- C:\Windows\System\RgkAZWL.exe
  C:\Windows\System\RgkAZWL.exe
  2⤵
  PID:5016
- C:\Windows\System\mTnNkqX.exe
  C:\Windows\System\mTnNkqX.exe
  2⤵
  PID:4828
- C:\Windows\System\WJEmjYN.exe
  C:\Windows\System\WJEmjYN.exe
  2⤵
  PID:4184
- C:\Windows\System\pxYhYRn.exe
  C:\Windows\System\pxYhYRn.exe
  2⤵
  PID:4588
- C:\Windows\System\aRXFEeI.exe
  C:\Windows\System\aRXFEeI.exe
  2⤵
  PID:3892
- C:\Windows\System\ykyXJiv.exe
  C:\Windows\System\ykyXJiv.exe
  2⤵
  PID:4348
- C:\Windows\System\paizyHV.exe
  C:\Windows\System\paizyHV.exe
  2⤵
  PID:4936
- C:\Windows\System\dHXmluB.exe
  C:\Windows\System\dHXmluB.exe
  2⤵
  PID:5068
- C:\Windows\System\ZRTByhP.exe
  C:\Windows\System\ZRTByhP.exe
  2⤵
  PID:2932
- C:\Windows\System\UMPNPeW.exe
  C:\Windows\System\UMPNPeW.exe
  2⤵
  PID:3972
- C:\Windows\System\sOaqDks.exe
  C:\Windows\System\sOaqDks.exe
  2⤵
  PID:4584
- C:\Windows\System\GRxNOSw.exe
  C:\Windows\System\GRxNOSw.exe
  2⤵
  PID:3876
- C:\Windows\System\ySuRpEt.exe
  C:\Windows\System\ySuRpEt.exe
  2⤵
  PID:4428
- C:\Windows\System\jDaaSJq.exe
  C:\Windows\System\jDaaSJq.exe
  2⤵
  PID:996
- C:\Windows\System\keCkXwU.exe
  C:\Windows\System\keCkXwU.exe
  2⤵
  PID:3328
- C:\Windows\System\GfwsLKV.exe
  C:\Windows\System\GfwsLKV.exe
  2⤵
  PID:3564
- C:\Windows\System\onESewT.exe
  C:\Windows\System\onESewT.exe
  2⤵
  PID:812
- C:\Windows\System\cldxdpB.exe
  C:\Windows\System\cldxdpB.exe
  2⤵
  PID:4168
- C:\Windows\System\EWFCWQR.exe
  C:\Windows\System\EWFCWQR.exe
  2⤵
  PID:5128
- C:\Windows\System\qgVLyOD.exe
  C:\Windows\System\qgVLyOD.exe
  2⤵
  PID:5144
- C:\Windows\System\cXCqmjF.exe
  C:\Windows\System\cXCqmjF.exe
  2⤵
  PID:5160
- C:\Windows\System\xKrNtKI.exe
  C:\Windows\System\xKrNtKI.exe
  2⤵
  PID:5180
- C:\Windows\System\pAbwHDN.exe
  C:\Windows\System\pAbwHDN.exe
  2⤵
  PID:5196
- C:\Windows\System\nybexTw.exe
  C:\Windows\System\nybexTw.exe
  2⤵
  PID:5212
- C:\Windows\System\kxazHIR.exe
  C:\Windows\System\kxazHIR.exe
  2⤵
  PID:5240
- C:\Windows\System\CXFXDvZ.exe
  C:\Windows\System\CXFXDvZ.exe
  2⤵
  PID:5256
- C:\Windows\System\LgdPBuj.exe
  C:\Windows\System\LgdPBuj.exe
  2⤵
  PID:5276
- C:\Windows\System\uiBnzPg.exe
  C:\Windows\System\uiBnzPg.exe
  2⤵
  PID:5296
- C:\Windows\System\uueNiTm.exe
  C:\Windows\System\uueNiTm.exe
  2⤵
  PID:5312
- C:\Windows\System\EdVmwMz.exe
  C:\Windows\System\EdVmwMz.exe
  2⤵
  PID:5328
- C:\Windows\System\tTGZzmz.exe
  C:\Windows\System\tTGZzmz.exe
  2⤵
  PID:5344
- C:\Windows\System\idHfEYD.exe
  C:\Windows\System\idHfEYD.exe
  2⤵
  PID:5368
- C:\Windows\System\eiLgBSS.exe
  C:\Windows\System\eiLgBSS.exe
  2⤵
  PID:5400
- C:\Windows\System\UdMIIkN.exe
  C:\Windows\System\UdMIIkN.exe
  2⤵
  PID:5452
- C:\Windows\System\HvbscJF.exe
  C:\Windows\System\HvbscJF.exe
  2⤵
  PID:5584
- C:\Windows\System\yrzSQCE.exe
  C:\Windows\System\yrzSQCE.exe
  2⤵
  PID:5604
- C:\Windows\System\bXXGsET.exe
  C:\Windows\System\bXXGsET.exe
  2⤵
  PID:5620
- C:\Windows\System\bPyLJZW.exe
  C:\Windows\System\bPyLJZW.exe
  2⤵
  PID:5636
- C:\Windows\System\EEbnMCJ.exe
  C:\Windows\System\EEbnMCJ.exe
  2⤵
  PID:5696
- C:\Windows\System\JlIRJRD.exe
  C:\Windows\System\JlIRJRD.exe
  2⤵
  PID:5712
- C:\Windows\System\xEHZxmd.exe
  C:\Windows\System\xEHZxmd.exe
  2⤵
  PID:5732
- C:\Windows\System\HJrAIfK.exe
  C:\Windows\System\HJrAIfK.exe
  2⤵
  PID:5752
- C:\Windows\System\SLavOjX.exe
  C:\Windows\System\SLavOjX.exe
  2⤵
  PID:5768
- C:\Windows\System\lRjdTRH.exe
  C:\Windows\System\lRjdTRH.exe
  2⤵
  PID:5788
- C:\Windows\System\xVMOXPJ.exe
  C:\Windows\System\xVMOXPJ.exe
  2⤵
  PID:5808
- C:\Windows\System\OAJuRdK.exe
  C:\Windows\System\OAJuRdK.exe
  2⤵
  PID:5824
- C:\Windows\System\KXiRwKf.exe
  C:\Windows\System\KXiRwKf.exe
  2⤵
  PID:5844
- C:\Windows\System\gnQFBRP.exe
  C:\Windows\System\gnQFBRP.exe
  2⤵
  PID:5864
- C:\Windows\System\mgmAcsd.exe
  C:\Windows\System\mgmAcsd.exe
  2⤵
  PID:5880
- C:\Windows\System\fhAioNU.exe
  C:\Windows\System\fhAioNU.exe
  2⤵
  PID:5896
- C:\Windows\System\guOXgIS.exe
  C:\Windows\System\guOXgIS.exe
  2⤵
  PID:5916
- C:\Windows\System\vttvjHT.exe
  C:\Windows\System\vttvjHT.exe
  2⤵
  PID:5932
- C:\Windows\System\dQvqQYD.exe
  C:\Windows\System\dQvqQYD.exe
  2⤵
  PID:5948
- C:\Windows\System\KfsolfU.exe
  C:\Windows\System\KfsolfU.exe
  2⤵
  PID:5964
- C:\Windows\System\FBqCgwj.exe
  C:\Windows\System\FBqCgwj.exe
  2⤵
  PID:6000
- C:\Windows\System\sIcmvKx.exe
  C:\Windows\System\sIcmvKx.exe
  2⤵
  PID:6016
- C:\Windows\System\JKNzhud.exe
  C:\Windows\System\JKNzhud.exe
  2⤵
  PID:6060
- C:\Windows\System\ycWxDEL.exe
  C:\Windows\System\ycWxDEL.exe
  2⤵
  PID:6112
- C:\Windows\System\LIOoLQB.exe
  C:\Windows\System\LIOoLQB.exe
  2⤵
  PID:5272
- C:\Windows\System\AtfFfCy.exe
  C:\Windows\System\AtfFfCy.exe
  2⤵
  PID:5352
- C:\Windows\System\fLWErdP.exe
  C:\Windows\System\fLWErdP.exe
  2⤵
  PID:5308
- C:\Windows\System\UcKRode.exe
  C:\Windows\System\UcKRode.exe
  2⤵
  PID:5388
- C:\Windows\System\KRZfYZc.exe
  C:\Windows\System\KRZfYZc.exe
  2⤵
  PID:5444
- C:\Windows\System\qwGrFpY.exe
  C:\Windows\System\qwGrFpY.exe
  2⤵
  PID:5476
- C:\Windows\System\YCcHNON.exe
  C:\Windows\System\YCcHNON.exe
  2⤵
  PID:5492
- C:\Windows\System\cKAJqpE.exe
  C:\Windows\System\cKAJqpE.exe
  2⤵
  PID:5508
- C:\Windows\System\IeymMww.exe
  C:\Windows\System\IeymMww.exe
  2⤵
  PID:5524
- C:\Windows\System\NAQpAWu.exe
  C:\Windows\System\NAQpAWu.exe
  2⤵
  PID:5576
- C:\Windows\System\zNzCjPF.exe
  C:\Windows\System\zNzCjPF.exe
  2⤵
  PID:5744
- C:\Windows\System\iJKNpYl.exe
  C:\Windows\System\iJKNpYl.exe
  2⤵
  PID:5648
- C:\Windows\System\TPxLGil.exe
  C:\Windows\System\TPxLGil.exe
  2⤵
  PID:5664
- C:\Windows\System\UEBEWJI.exe
  C:\Windows\System\UEBEWJI.exe
  2⤵
  PID:5680
- C:\Windows\System\aCAHMJm.exe
  C:\Windows\System\aCAHMJm.exe
  2⤵
  PID:5816
- C:\Windows\System\QdQgBqf.exe
  C:\Windows\System\QdQgBqf.exe
  2⤵
  PID:5720
- C:\Windows\System\OXQtRsF.exe
  C:\Windows\System\OXQtRsF.exe
  2⤵
  PID:5860
- C:\Windows\System\rUJzRcN.exe
  C:\Windows\System\rUJzRcN.exe
  2⤵
  PID:5924
- C:\Windows\System\jvQtJmH.exe
  C:\Windows\System\jvQtJmH.exe
  2⤵
  PID:5760
- C:\Windows\System\uwtjybG.exe
  C:\Windows\System\uwtjybG.exe
  2⤵
  PID:5804
- C:\Windows\System\PPdUeSX.exe
  C:\Windows\System\PPdUeSX.exe
  2⤵
  PID:5840
- C:\Windows\System\SpMTiKF.exe
  C:\Windows\System\SpMTiKF.exe
  2⤵
  PID:5908
- C:\Windows\System\XHNbQTU.exe
  C:\Windows\System\XHNbQTU.exe
  2⤵
  PID:5972
- C:\Windows\System\gPAjXvr.exe
  C:\Windows\System\gPAjXvr.exe
  2⤵
  PID:5992
- C:\Windows\System\aRwvVAj.exe
  C:\Windows\System\aRwvVAj.exe
  2⤵
  PID:6076
- C:\Windows\System\ZGFBHLn.exe
  C:\Windows\System\ZGFBHLn.exe
  2⤵
  PID:6092
- C:\Windows\System\IyGWGzf.exe
  C:\Windows\System\IyGWGzf.exe
  2⤵
  PID:1912
- C:\Windows\System\GeYLcry.exe
  C:\Windows\System\GeYLcry.exe
  2⤵
  PID:1928
- C:\Windows\System\cEZVvkq.exe
  C:\Windows\System\cEZVvkq.exe
  2⤵
  PID:5136
- C:\Windows\System\aJGSldm.exe
  C:\Windows\System\aJGSldm.exe
  2⤵
  PID:1176
- C:\Windows\System\ITPmsVK.exe
  C:\Windows\System\ITPmsVK.exe
  2⤵
  PID:4876
- C:\Windows\System\LMTqIZz.exe
  C:\Windows\System\LMTqIZz.exe
  2⤵
  PID:680
- C:\Windows\System\qEdtPzF.exe
  C:\Windows\System\qEdtPzF.exe
  2⤵
  PID:2736
- C:\Windows\System\rAlIkmE.exe
  C:\Windows\System\rAlIkmE.exe
  2⤵
  PID:4000
- C:\Windows\System\ZhHjbws.exe
  C:\Windows\System\ZhHjbws.exe
  2⤵
  PID:5124
- C:\Windows\System\HgPshIi.exe
  C:\Windows\System\HgPshIi.exe
  2⤵
  PID:5176
- C:\Windows\System\HWdnEDY.exe
  C:\Windows\System\HWdnEDY.exe
  2⤵
  PID:5152
- C:\Windows\System\oGQMbcj.exe
  C:\Windows\System\oGQMbcj.exe
  2⤵
  PID:5248
- C:\Windows\System\QOmUZms.exe
  C:\Windows\System\QOmUZms.exe
  2⤵
  PID:5220
- C:\Windows\System\AKzVmqG.exe
  C:\Windows\System\AKzVmqG.exe
  2⤵
  PID:5192
- C:\Windows\System\kSVpBmg.exe
  C:\Windows\System\kSVpBmg.exe
  2⤵
  PID:844
- C:\Windows\System\CuoEJNk.exe
  C:\Windows\System\CuoEJNk.exe
  2⤵
  PID:5412
- C:\Windows\System\IfzyQWF.exe
  C:\Windows\System\IfzyQWF.exe
  2⤵
  PID:5436
- C:\Windows\System\CblBVON.exe
  C:\Windows\System\CblBVON.exe
  2⤵
  PID:5304
- C:\Windows\System\jUdcXTN.exe
  C:\Windows\System\jUdcXTN.exe
  2⤵
  PID:5320
- C:\Windows\System\rcSEmDL.exe
  C:\Windows\System\rcSEmDL.exe
  2⤵
  PID:5612
- C:\Windows\System\naWPaPK.exe
  C:\Windows\System\naWPaPK.exe
  2⤵
  PID:5340
- C:\Windows\System\fiMSHEZ.exe
  C:\Windows\System\fiMSHEZ.exe
  2⤵
  PID:5460
- C:\Windows\System\pVqNOJf.exe
  C:\Windows\System\pVqNOJf.exe
  2⤵
  PID:5532
- C:\Windows\System\sxVvkug.exe
  C:\Windows\System\sxVvkug.exe
  2⤵
  PID:5544
- C:\Windows\System\QPoayUO.exe
  C:\Windows\System\QPoayUO.exe
  2⤵
  PID:5548
- C:\Windows\System\WTFmGhF.exe
  C:\Windows\System\WTFmGhF.exe
  2⤵
  PID:5748
- C:\Windows\System\CAmYcNU.exe
  C:\Windows\System\CAmYcNU.exe
  2⤵
  PID:5784
- C:\Windows\System\VtxPWjd.exe
  C:\Windows\System\VtxPWjd.exe
  2⤵
  PID:5568
- C:\Windows\System\ArjaHLO.exe
  C:\Windows\System\ArjaHLO.exe
  2⤵
  PID:5572
- C:\Windows\System\BdtweOK.exe
  C:\Windows\System\BdtweOK.exe
  2⤵
  PID:5728
- C:\Windows\System\WMUOvEo.exe
  C:\Windows\System\WMUOvEo.exe
  2⤵
  PID:5796
- C:\Windows\System\WiGnKRq.exe
  C:\Windows\System\WiGnKRq.exe
  2⤵
  PID:5980
- C:\Windows\System\RyjYdBT.exe
  C:\Windows\System\RyjYdBT.exe
  2⤵
  PID:6088
- C:\Windows\System\eJgQcUe.exe
  C:\Windows\System\eJgQcUe.exe
  2⤵
  PID:6012
- C:\Windows\System\TOvPAQc.exe
  C:\Windows\System\TOvPAQc.exe
  2⤵
  PID:6040
- C:\Windows\System\GNSIjwA.exe
  C:\Windows\System\GNSIjwA.exe
  2⤵
  PID:6068
- C:\Windows\System\GtgpsFg.exe
  C:\Windows\System\GtgpsFg.exe
  2⤵
  PID:6100
- C:\Windows\System\kRMXBLx.exe
  C:\Windows\System\kRMXBLx.exe
  2⤵
  PID:5836
- C:\Windows\System\ANcBHnS.exe
  C:\Windows\System\ANcBHnS.exe
  2⤵
  PID:5944
- C:\Windows\System\jhNbgjW.exe
  C:\Windows\System\jhNbgjW.exe
  2⤵
  PID:5156
- C:\Windows\System\Mkllygx.exe
  C:\Windows\System\Mkllygx.exe
  2⤵
  PID:1936
- C:\Windows\System\rYLnQov.exe
  C:\Windows\System\rYLnQov.exe
  2⤵
  PID:2004
- C:\Windows\System\pYNjyGT.exe
  C:\Windows\System\pYNjyGT.exe
  2⤵
  PID:5424
- C:\Windows\System\QdpECPb.exe
  C:\Windows\System\QdpECPb.exe
  2⤵
  PID:5440
- C:\Windows\System\yFfoBZf.exe
  C:\Windows\System\yFfoBZf.exe
  2⤵
  PID:960
- C:\Windows\System\aiVHmuW.exe
  C:\Windows\System\aiVHmuW.exe
  2⤵
  PID:5656
- C:\Windows\System\cADhYlv.exe
  C:\Windows\System\cADhYlv.exe
  2⤵
  PID:6128
- C:\Windows\System\BSiRmpA.exe
  C:\Windows\System\BSiRmpA.exe
  2⤵
  PID:3984
- C:\Windows\System\wREhMuV.exe
  C:\Windows\System\wREhMuV.exe
  2⤵
  PID:2812
- C:\Windows\System\oQiUdJx.exe
  C:\Windows\System\oQiUdJx.exe
  2⤵
  PID:2904
- C:\Windows\System\ZFqkMSB.exe
  C:\Windows\System\ZFqkMSB.exe
  2⤵
  PID:5292
- C:\Windows\System\aaXpPDY.exe
  C:\Windows\System\aaXpPDY.exe
  2⤵
  PID:5516
- C:\Windows\System\QldUjsR.exe
  C:\Windows\System\QldUjsR.exe
  2⤵
  PID:5500
- C:\Windows\System\JNGMpVY.exe
  C:\Windows\System\JNGMpVY.exe
  2⤵
  PID:5956
- C:\Windows\System\CdpnHdo.exe
  C:\Windows\System\CdpnHdo.exe
  2⤵
  PID:1944
- C:\Windows\System\sGupOnh.exe
  C:\Windows\System\sGupOnh.exe
  2⤵
  PID:6140
- C:\Windows\System\gHwSIiM.exe
  C:\Windows\System\gHwSIiM.exe
  2⤵
  PID:6136
- C:\Windows\System\DArLOJv.exe
  C:\Windows\System\DArLOJv.exe
  2⤵
  PID:5376
- C:\Windows\System\CvCpjNa.exe
  C:\Windows\System\CvCpjNa.exe
  2⤵
  PID:5236
- C:\Windows\System\ETHkymF.exe
  C:\Windows\System\ETHkymF.exe
  2⤵
  PID:5168
- C:\Windows\System\JgsWHFe.exe
  C:\Windows\System\JgsWHFe.exe
  2⤵
  PID:3720
- C:\Windows\System\AIoVcGR.exe
  C:\Windows\System\AIoVcGR.exe
  2⤵
  PID:5892
- C:\Windows\System\nSWIZzC.exe
  C:\Windows\System\nSWIZzC.exe
  2⤵
  PID:6028
- C:\Windows\System\DqewTan.exe
  C:\Windows\System\DqewTan.exe
  2⤵
  PID:5876
- C:\Windows\System\sNiDpiw.exe
  C:\Windows\System\sNiDpiw.exe
  2⤵
  PID:6048
- C:\Windows\System\ZzghvDd.exe
  C:\Windows\System\ZzghvDd.exe
  2⤵
  PID:2028
- C:\Windows\System\YncfqXD.exe
  C:\Windows\System\YncfqXD.exe
  2⤵
  PID:5224
- C:\Windows\System\QRtgxSy.exe
  C:\Windows\System\QRtgxSy.exe
  2⤵
  PID:1712
- C:\Windows\System\rUnDwCr.exe
  C:\Windows\System\rUnDwCr.exe
  2⤵
  PID:1904
- C:\Windows\System\QeOioxf.exe
  C:\Windows\System\QeOioxf.exe
  2⤵
  PID:3776
- C:\Windows\System\YidmNrg.exe
  C:\Windows\System\YidmNrg.exe
  2⤵
  PID:4376
- C:\Windows\System\MObtHmD.exe
  C:\Windows\System\MObtHmD.exe
  2⤵
  PID:5488
- C:\Windows\System\sTIttmm.exe
  C:\Windows\System\sTIttmm.exe
  2⤵
  PID:5740
- C:\Windows\System\rExZLAV.exe
  C:\Windows\System\rExZLAV.exe
  2⤵
  PID:5904
- C:\Windows\System\KpVvGuU.exe
  C:\Windows\System\KpVvGuU.exe
  2⤵
  PID:5432
- C:\Windows\System\kExUnLk.exe
  C:\Windows\System\kExUnLk.exe
  2⤵
  PID:5564
- C:\Windows\System\QIdbQVr.exe
  C:\Windows\System\QIdbQVr.exe
  2⤵
  PID:6148
- C:\Windows\System\EIvONpz.exe
  C:\Windows\System\EIvONpz.exe
  2⤵
  PID:6164
- C:\Windows\System\vgWFCGx.exe
  C:\Windows\System\vgWFCGx.exe
  2⤵
  PID:6180
- C:\Windows\System\anibwlU.exe
  C:\Windows\System\anibwlU.exe
  2⤵
  PID:6220
- C:\Windows\System\NjBPXuP.exe
  C:\Windows\System\NjBPXuP.exe
  2⤵
  PID:6248
- C:\Windows\System\XYsGpXB.exe
  C:\Windows\System\XYsGpXB.exe
  2⤵
  PID:6264
- C:\Windows\System\fzQtMqU.exe
  C:\Windows\System\fzQtMqU.exe
  2⤵
  PID:6280
- C:\Windows\System\kBjSvRw.exe
  C:\Windows\System\kBjSvRw.exe
  2⤵
  PID:6296
- C:\Windows\System\eCAruQk.exe
  C:\Windows\System\eCAruQk.exe
  2⤵
  PID:6344
- C:\Windows\System\YCKknPw.exe
  C:\Windows\System\YCKknPw.exe
  2⤵
  PID:6360
- C:\Windows\System\KYtLaUd.exe
  C:\Windows\System\KYtLaUd.exe
  2⤵
  PID:6388
- C:\Windows\System\jtRukoA.exe
  C:\Windows\System\jtRukoA.exe
  2⤵
  PID:6416
- C:\Windows\System\DqGXrTr.exe
  C:\Windows\System\DqGXrTr.exe
  2⤵
  PID:6432
- C:\Windows\System\sHVVQZV.exe
  C:\Windows\System\sHVVQZV.exe
  2⤵
  PID:6460
- C:\Windows\System\dfDIqFg.exe
  C:\Windows\System\dfDIqFg.exe
  2⤵
  PID:6476
- C:\Windows\System\MlBwoUJ.exe
  C:\Windows\System\MlBwoUJ.exe
  2⤵
  PID:6496
- C:\Windows\System\lHOjyZQ.exe
  C:\Windows\System\lHOjyZQ.exe
  2⤵
  PID:6512
- C:\Windows\System\AAsSGsk.exe
  C:\Windows\System\AAsSGsk.exe
  2⤵
  PID:6532
- C:\Windows\System\hESMTXU.exe
  C:\Windows\System\hESMTXU.exe
  2⤵
  PID:6548
- C:\Windows\System\dXjQukD.exe
  C:\Windows\System\dXjQukD.exe
  2⤵
  PID:6568
- C:\Windows\System\hForNJu.exe
  C:\Windows\System\hForNJu.exe
  2⤵
  PID:6584
- C:\Windows\System\LxQTPsF.exe
  C:\Windows\System\LxQTPsF.exe
  2⤵
  PID:6608
- C:\Windows\System\gHIehdj.exe
  C:\Windows\System\gHIehdj.exe
  2⤵
  PID:6624
- C:\Windows\System\flEfHZk.exe
  C:\Windows\System\flEfHZk.exe
  2⤵
  PID:6644
- C:\Windows\System\BCymSsE.exe
  C:\Windows\System\BCymSsE.exe
  2⤵
  PID:6660
- C:\Windows\System\pCAhlXo.exe
  C:\Windows\System\pCAhlXo.exe
  2⤵
  PID:6680
- C:\Windows\System\SXAqPNn.exe
  C:\Windows\System\SXAqPNn.exe
  2⤵
  PID:6696
- C:\Windows\System\uBloqSF.exe
  C:\Windows\System\uBloqSF.exe
  2⤵
  PID:6744
- C:\Windows\System\kchYIFm.exe
  C:\Windows\System\kchYIFm.exe
  2⤵
  PID:6760
- C:\Windows\System\FdKfUlR.exe
  C:\Windows\System\FdKfUlR.exe
  2⤵
  PID:6780
- C:\Windows\System\vmNRFKN.exe
  C:\Windows\System\vmNRFKN.exe
  2⤵
  PID:6800
- C:\Windows\System\ZYfAkMS.exe
  C:\Windows\System\ZYfAkMS.exe
  2⤵
  PID:6816
- C:\Windows\System\BaBZYQX.exe
  C:\Windows\System\BaBZYQX.exe
  2⤵
  PID:6836
- C:\Windows\System\MNIgBIO.exe
  C:\Windows\System\MNIgBIO.exe
  2⤵
  PID:6852
- C:\Windows\System\CEMSZpk.exe
  C:\Windows\System\CEMSZpk.exe
  2⤵
  PID:6868
- C:\Windows\System\Rjtiamp.exe
  C:\Windows\System\Rjtiamp.exe
  2⤵
  PID:6888
- C:\Windows\System\ZgjwsvL.exe
  C:\Windows\System\ZgjwsvL.exe
  2⤵
  PID:6908
- C:\Windows\System\YkUzVWN.exe
  C:\Windows\System\YkUzVWN.exe
  2⤵
  PID:6924
- C:\Windows\System\feXWAIn.exe
  C:\Windows\System\feXWAIn.exe
  2⤵
  PID:6940
- C:\Windows\System\BpTwVJS.exe
  C:\Windows\System\BpTwVJS.exe
  2⤵
  PID:6960
- C:\Windows\System\BlRDZSW.exe
  C:\Windows\System\BlRDZSW.exe
  2⤵
  PID:6996
- C:\Windows\System\ZdVtjdg.exe
  C:\Windows\System\ZdVtjdg.exe
  2⤵
  PID:7016
- C:\Windows\System\wlyANxk.exe
  C:\Windows\System\wlyANxk.exe
  2⤵
  PID:7032
- C:\Windows\System\pAEUAFx.exe
  C:\Windows\System\pAEUAFx.exe
  2⤵
  PID:7068
- C:\Windows\System\hrUDYHE.exe
  C:\Windows\System\hrUDYHE.exe
  2⤵
  PID:7084
- C:\Windows\System\pgomerG.exe
  C:\Windows\System\pgomerG.exe
  2⤵
  PID:7100
- C:\Windows\System\SKTryOY.exe
  C:\Windows\System\SKTryOY.exe
  2⤵
  PID:7120
- C:\Windows\System\JUIgBNb.exe
  C:\Windows\System\JUIgBNb.exe
  2⤵
  PID:7136
- C:\Windows\System\RQfcKHB.exe
  C:\Windows\System\RQfcKHB.exe
  2⤵
  PID:7152
- C:\Windows\System\MtJgTra.exe
  C:\Windows\System\MtJgTra.exe
  2⤵
  PID:5556
- C:\Windows\System\pAjLdWa.exe
  C:\Windows\System\pAjLdWa.exe
  2⤵
  PID:1448
- C:\Windows\System\qrAbIud.exe
  C:\Windows\System\qrAbIud.exe
  2⤵
  PID:5672
- C:\Windows\System\YPMcaON.exe
  C:\Windows\System\YPMcaON.exe
  2⤵
  PID:6212
- C:\Windows\System\ShMxWrs.exe
  C:\Windows\System\ShMxWrs.exe
  2⤵
  PID:6108
- C:\Windows\System\wSMuSrm.exe
  C:\Windows\System\wSMuSrm.exe
  2⤵
  PID:2952
- C:\Windows\System\cDylRfn.exe
  C:\Windows\System\cDylRfn.exe
  2⤵
  PID:1832
- C:\Windows\System\DNHDZTa.exe
  C:\Windows\System\DNHDZTa.exe
  2⤵
  PID:6200
- C:\Windows\System\iDGvNqr.exe
  C:\Windows\System\iDGvNqr.exe
  2⤵
  PID:6276
- C:\Windows\System\HBXhPfU.exe
  C:\Windows\System\HBXhPfU.exe
  2⤵
  PID:6320
- C:\Windows\System\tIZHonm.exe
  C:\Windows\System\tIZHonm.exe
  2⤵
  PID:6336
- C:\Windows\System\uJTnGWS.exe
  C:\Windows\System\uJTnGWS.exe
  2⤵
  PID:6204
- C:\Windows\System\FKeUJUW.exe
  C:\Windows\System\FKeUJUW.exe
  2⤵
  PID:6352
- C:\Windows\System\UAdPvmM.exe
  C:\Windows\System\UAdPvmM.exe
  2⤵
  PID:6400
- C:\Windows\System\FQALOCu.exe
  C:\Windows\System\FQALOCu.exe
  2⤵
  PID:6428
- C:\Windows\System\HrzFoLs.exe
  C:\Windows\System\HrzFoLs.exe
  2⤵
  PID:6456
- C:\Windows\System\UoscCHf.exe
  C:\Windows\System\UoscCHf.exe
  2⤵
  PID:6492
- C:\Windows\System\kuOkDBe.exe
  C:\Windows\System\kuOkDBe.exe
  2⤵
  PID:6560
- C:\Windows\System\CNCOhum.exe
  C:\Windows\System\CNCOhum.exe
  2⤵
  PID:6592
- C:\Windows\System\OyQorfj.exe
  C:\Windows\System\OyQorfj.exe
  2⤵
  PID:6672
- C:\Windows\System\rLGuFQS.exe
  C:\Windows\System\rLGuFQS.exe
  2⤵
  PID:2100
- C:\Windows\System\XdkXDzy.exe
  C:\Windows\System\XdkXDzy.exe
  2⤵
  PID:6468
- C:\Windows\System\SjrXgHi.exe
  C:\Windows\System\SjrXgHi.exe
  2⤵
  PID:6736
- C:\Windows\System\ETelzgT.exe
  C:\Windows\System\ETelzgT.exe
  2⤵
  PID:6772
- C:\Windows\System\IamfqEJ.exe
  C:\Windows\System\IamfqEJ.exe
  2⤵
  PID:6880
- C:\Windows\System\mhnHLmr.exe
  C:\Windows\System\mhnHLmr.exe
  2⤵
  PID:6920
- C:\Windows\System\KVSteYX.exe
  C:\Windows\System\KVSteYX.exe
  2⤵
  PID:6540
- C:\Windows\System\NrtVyTW.exe
  C:\Windows\System\NrtVyTW.exe
  2⤵
  PID:6932
- C:\Windows\System\AlLnKsm.exe
  C:\Windows\System\AlLnKsm.exe
  2⤵
  PID:6864
- C:\Windows\System\VXKEqCM.exe
  C:\Windows\System\VXKEqCM.exe
  2⤵
  PID:6824
- C:\Windows\System\iSwvdZh.exe
  C:\Windows\System\iSwvdZh.exe
  2⤵
  PID:2792
- C:\Windows\System\YRUalCI.exe
  C:\Windows\System\YRUalCI.exe
  2⤵
  PID:7040
- C:\Windows\System\uzvlAXs.exe
  C:\Windows\System\uzvlAXs.exe
  2⤵
  PID:7048
- C:\Windows\System\nBvwHNo.exe
  C:\Windows\System\nBvwHNo.exe
  2⤵
  PID:6992
- C:\Windows\System\cLWipRf.exe
  C:\Windows\System\cLWipRf.exe
  2⤵
  PID:7056
- C:\Windows\System\ZLHavxl.exe
  C:\Windows\System\ZLHavxl.exe
  2⤵
  PID:7076
- C:\Windows\System\vXTAzoG.exe
  C:\Windows\System\vXTAzoG.exe
  2⤵
  PID:7144
- C:\Windows\System\yMTwtRS.exe
  C:\Windows\System\yMTwtRS.exe
  2⤵
  PID:7160
- C:\Windows\System\yVpakie.exe
  C:\Windows\System\yVpakie.exe
  2⤵
  PID:5780
- C:\Windows\System\zhLBtWu.exe
  C:\Windows\System\zhLBtWu.exe
  2⤵
  PID:4132
- C:\Windows\System\ybpMcyh.exe
  C:\Windows\System\ybpMcyh.exe
  2⤵
  PID:1780
- C:\Windows\System\zzkwcne.exe
  C:\Windows\System\zzkwcne.exe
  2⤵
  PID:6288
- C:\Windows\System\ZIyzaCz.exe
  C:\Windows\System\ZIyzaCz.exe
  2⤵
  PID:6564
- C:\Windows\System\JnSToQi.exe
  C:\Windows\System\JnSToQi.exe
  2⤵
  PID:6724
- C:\Windows\System\gQQBQTA.exe
  C:\Windows\System\gQQBQTA.exe
  2⤵
  PID:6808
- C:\Windows\System\ShejrHa.exe
  C:\Windows\System\ShejrHa.exe
  2⤵
  PID:6652
- C:\Windows\System\UVguZJv.exe
  C:\Windows\System\UVguZJv.exe
  2⤵
  PID:6444
- C:\Windows\System\qAObUjE.exe
  C:\Windows\System\qAObUjE.exe
  2⤵
  PID:6896
- C:\Windows\System\bTznJYt.exe
  C:\Windows\System\bTznJYt.exe
  2⤵
  PID:6192
- C:\Windows\System\uGzymUm.exe
  C:\Windows\System\uGzymUm.exe
  2⤵
  PID:2572
- C:\Windows\System\JItshtZ.exe
  C:\Windows\System\JItshtZ.exe
  2⤵
  PID:6620
- C:\Windows\System\ezCUZVV.exe
  C:\Windows\System\ezCUZVV.exe
  2⤵
  PID:6372
- C:\Windows\System\fmKUhjL.exe
  C:\Windows\System\fmKUhjL.exe
  2⤵
  PID:6412
- C:\Windows\System\geCEqYx.exe
  C:\Windows\System\geCEqYx.exe
  2⤵
  PID:6668
- C:\Windows\System\SLjCCPY.exe
  C:\Windows\System\SLjCCPY.exe
  2⤵
  PID:7108
- C:\Windows\System\wjUNodY.exe
  C:\Windows\System\wjUNodY.exe
  2⤵
  PID:7112
- C:\Windows\System\aRhGPyr.exe
  C:\Windows\System\aRhGPyr.exe
  2⤵
  PID:6656
- C:\Windows\System\ojiELdG.exe
  C:\Windows\System\ojiELdG.exe
  2⤵
  PID:6240
- C:\Windows\System\eZPYhss.exe
  C:\Windows\System\eZPYhss.exe
  2⤵
  PID:6488
- C:\Windows\System\tbGZuWz.exe
  C:\Windows\System\tbGZuWz.exe
  2⤵
  PID:6916
- C:\Windows\System\yDYPicB.exe
  C:\Windows\System\yDYPicB.exe
  2⤵
  PID:7004
- C:\Windows\System\uueGrlw.exe
  C:\Windows\System\uueGrlw.exe
  2⤵
  PID:1508
- C:\Windows\System\zypLVoC.exe
  C:\Windows\System\zypLVoC.exe
  2⤵
  PID:6988
- C:\Windows\System\XYhcdgN.exe
  C:\Windows\System\XYhcdgN.exe
  2⤵
  PID:4524
- C:\Windows\System\MBnfgtq.exe
  C:\Windows\System\MBnfgtq.exe
  2⤵
  PID:6260
- C:\Windows\System\uNoAJIX.exe
  C:\Windows\System\uNoAJIX.exe
  2⤵
  PID:6228
- C:\Windows\System\GTYjgEP.exe
  C:\Windows\System\GTYjgEP.exe
  2⤵
  PID:5596
- C:\Windows\System\YRPWBTN.exe
  C:\Windows\System\YRPWBTN.exe
  2⤵
  PID:2896
- C:\Windows\System\xKOMJeZ.exe
  C:\Windows\System\xKOMJeZ.exe
  2⤵
  PID:6952
- C:\Windows\System\IJJJFxM.exe
  C:\Windows\System\IJJJFxM.exe
  2⤵
  PID:592
- C:\Windows\System\SXPtSAt.exe
  C:\Windows\System\SXPtSAt.exe
  2⤵
  PID:6860
- C:\Windows\System\RkmWGby.exe
  C:\Windows\System\RkmWGby.exe
  2⤵
  PID:6876
- C:\Windows\System\zQAkldB.exe
  C:\Windows\System\zQAkldB.exe
  2⤵
  PID:1656
- C:\Windows\System\FOIrlbO.exe
  C:\Windows\System\FOIrlbO.exe
  2⤵
  PID:6712
- C:\Windows\System\qxpukTD.exe
  C:\Windows\System\qxpukTD.exe
  2⤵
  PID:6528
- C:\Windows\System\dbbyZMO.exe
  C:\Windows\System\dbbyZMO.exe
  2⤵
  PID:7052
- C:\Windows\System\qyFqPPc.exe
  C:\Windows\System\qyFqPPc.exe
  2⤵
  PID:6688
- C:\Windows\System\XGXPCwS.exe
  C:\Windows\System\XGXPCwS.exe
  2⤵
  PID:2688
- C:\Windows\System\RqjwulJ.exe
  C:\Windows\System\RqjwulJ.exe
  2⤵
  PID:6936
- C:\Windows\System\zFnhYqF.exe
  C:\Windows\System\zFnhYqF.exe
  2⤵
  PID:6980
- C:\Windows\System\kNyzemB.exe
  C:\Windows\System\kNyzemB.exe
  2⤵
  PID:6332
- C:\Windows\System\wHZxoFg.exe
  C:\Windows\System\wHZxoFg.exe
  2⤵
  PID:6640
- C:\Windows\System\iSiKlKg.exe
  C:\Windows\System\iSiKlKg.exe
  2⤵
  PID:6812
- C:\Windows\System\PlJOeqm.exe
  C:\Windows\System\PlJOeqm.exe
  2⤵
  PID:6720
- C:\Windows\System\sMXlelA.exe
  C:\Windows\System\sMXlelA.exe
  2⤵
  PID:6732
- C:\Windows\System\zQFJdSP.exe
  C:\Windows\System\zQFJdSP.exe
  2⤵
  PID:6384
- C:\Windows\System\WfHeuJR.exe
  C:\Windows\System\WfHeuJR.exe
  2⤵
  PID:7188
- C:\Windows\System\EhOTIwA.exe
  C:\Windows\System\EhOTIwA.exe
  2⤵
  PID:7208
- C:\Windows\System\BWuODqu.exe
  C:\Windows\System\BWuODqu.exe
  2⤵
  PID:7228
- C:\Windows\System\vDVGLjz.exe
  C:\Windows\System\vDVGLjz.exe
  2⤵
  PID:7244
- C:\Windows\System\WEgdmim.exe
  C:\Windows\System\WEgdmim.exe
  2⤵
  PID:7328
- C:\Windows\System\AdBbQBp.exe
  C:\Windows\System\AdBbQBp.exe
  2⤵
  PID:7344
- C:\Windows\System\ykdEIXk.exe
  C:\Windows\System\ykdEIXk.exe
  2⤵
  PID:7360
- C:\Windows\System\tyVJxuC.exe
  C:\Windows\System\tyVJxuC.exe
  2⤵
  PID:7376
- C:\Windows\System\tdnVPGb.exe
  C:\Windows\System\tdnVPGb.exe
  2⤵
  PID:7392
- C:\Windows\System\FtawQAd.exe
  C:\Windows\System\FtawQAd.exe
  2⤵
  PID:7408
- C:\Windows\System\oxclcJE.exe
  C:\Windows\System\oxclcJE.exe
  2⤵
  PID:7428
- C:\Windows\System\HYXXHwq.exe
  C:\Windows\System\HYXXHwq.exe
  2⤵
  PID:7448
- C:\Windows\System\nvGAacq.exe
  C:\Windows\System\nvGAacq.exe
  2⤵
  PID:7468
- C:\Windows\System\apSWjEy.exe
  C:\Windows\System\apSWjEy.exe
  2⤵
  PID:7488
- C:\Windows\System\JKNACPr.exe
  C:\Windows\System\JKNACPr.exe
  2⤵
  PID:7528
- C:\Windows\System\gASAHJc.exe
  C:\Windows\System\gASAHJc.exe
  2⤵
  PID:7544
- C:\Windows\System\zsqfYCY.exe
  C:\Windows\System\zsqfYCY.exe
  2⤵
  PID:7560
- C:\Windows\System\ylfroAU.exe
  C:\Windows\System\ylfroAU.exe
  2⤵
  PID:7576
- C:\Windows\System\IoHAUtJ.exe
  C:\Windows\System\IoHAUtJ.exe
  2⤵
  PID:7592
- C:\Windows\System\ShXugES.exe
  C:\Windows\System\ShXugES.exe
  2⤵
  PID:7608
- C:\Windows\System\pzgKFUo.exe
  C:\Windows\System\pzgKFUo.exe
  2⤵
  PID:7624
- C:\Windows\System\yztCiJG.exe
  C:\Windows\System\yztCiJG.exe
  2⤵
  PID:7640
- C:\Windows\System\ateSAgp.exe
  C:\Windows\System\ateSAgp.exe
  2⤵
  PID:7660
- C:\Windows\System\dnVefGC.exe
  C:\Windows\System\dnVefGC.exe
  2⤵
  PID:7680
- C:\Windows\System\RHcWriN.exe
  C:\Windows\System\RHcWriN.exe
  2⤵
  PID:7712
- C:\Windows\System\CkeJMxW.exe
  C:\Windows\System\CkeJMxW.exe
  2⤵
  PID:7728
- C:\Windows\System\NJESYqw.exe
  C:\Windows\System\NJESYqw.exe
  2⤵
  PID:7768
- C:\Windows\System\NReIHzt.exe
  C:\Windows\System\NReIHzt.exe
  2⤵
  PID:7784
- C:\Windows\System\tBGOBBc.exe
  C:\Windows\System\tBGOBBc.exe
  2⤵
  PID:7800
- C:\Windows\System\ICLoRpC.exe
  C:\Windows\System\ICLoRpC.exe
  2⤵
  PID:7820
- C:\Windows\System\zqqQuza.exe
  C:\Windows\System\zqqQuza.exe
  2⤵
  PID:7836
- C:\Windows\System\veqWLNK.exe
  C:\Windows\System\veqWLNK.exe
  2⤵
  PID:7852
- C:\Windows\System\eFyDDIs.exe
  C:\Windows\System\eFyDDIs.exe
  2⤵
  PID:7872
- C:\Windows\System\lyGqTOj.exe
  C:\Windows\System\lyGqTOj.exe
  2⤵
  PID:7892
- C:\Windows\System\etSkdZd.exe
  C:\Windows\System\etSkdZd.exe
  2⤵
  PID:7912
- C:\Windows\System\SWkOSYM.exe
  C:\Windows\System\SWkOSYM.exe
  2⤵
  PID:7932
- C:\Windows\System\oeQMAwy.exe
  C:\Windows\System\oeQMAwy.exe
  2⤵
  PID:7948
- C:\Windows\System\rikorrZ.exe
  C:\Windows\System\rikorrZ.exe
  2⤵
  PID:7968
- C:\Windows\System\uXjGSxO.exe
  C:\Windows\System\uXjGSxO.exe
  2⤵
  PID:7984
- C:\Windows\System\CYWtDZA.exe
  C:\Windows\System\CYWtDZA.exe
  2⤵
  PID:8008
- C:\Windows\System\QqhooWi.exe
  C:\Windows\System\QqhooWi.exe
  2⤵
  PID:8032
- C:\Windows\System\jnOoItP.exe
  C:\Windows\System\jnOoItP.exe
  2⤵
  PID:8048
- C:\Windows\System\VxKDLNG.exe
  C:\Windows\System\VxKDLNG.exe
  2⤵
  PID:8068
- C:\Windows\System\tafoRHx.exe
  C:\Windows\System\tafoRHx.exe
  2⤵
  PID:8088
- C:\Windows\System\pvkkmkU.exe
  C:\Windows\System\pvkkmkU.exe
  2⤵
  PID:8104
- C:\Windows\System\RKPcWHk.exe
  C:\Windows\System\RKPcWHk.exe
  2⤵
  PID:8124
- C:\Windows\System\OYDlJRw.exe
  C:\Windows\System\OYDlJRw.exe
  2⤵
  PID:8144
- C:\Windows\System\MXXpWxu.exe
  C:\Windows\System\MXXpWxu.exe
  2⤵
  PID:8160
- C:\Windows\System\ewavOUc.exe
  C:\Windows\System\ewavOUc.exe
  2⤵
  PID:8176
- C:\Windows\System\qtrvjjM.exe
  C:\Windows\System\qtrvjjM.exe
  2⤵
  PID:7252
- C:\Windows\System\RsKmiij.exe
  C:\Windows\System\RsKmiij.exe
  2⤵
  PID:7300
- C:\Windows\System\BlZAYSE.exe
  C:\Windows\System\BlZAYSE.exe
  2⤵
  PID:7276
- C:\Windows\System\gaNBpkQ.exe
  C:\Windows\System\gaNBpkQ.exe
  2⤵
  PID:6524
- C:\Windows\System\soMWyfd.exe
  C:\Windows\System\soMWyfd.exe
  2⤵
  PID:7320
- C:\Windows\System\kUIyOGn.exe
  C:\Windows\System\kUIyOGn.exe
  2⤵
  PID:7096
- C:\Windows\System\eIqUrEU.exe
  C:\Windows\System\eIqUrEU.exe
  2⤵
  PID:5364
- C:\Windows\System\rVtEloW.exe
  C:\Windows\System\rVtEloW.exe
  2⤵
  PID:1348
- C:\Windows\System\CQzwdkw.exe
  C:\Windows\System\CQzwdkw.exe
  2⤵
  PID:2600
- C:\Windows\System\hVyeHif.exe
  C:\Windows\System\hVyeHif.exe
  2⤵
  PID:6272
- C:\Windows\System\BZPtFwQ.exe
  C:\Windows\System\BZPtFwQ.exe
  2⤵
  PID:6676
- C:\Windows\System\qSEXWvF.exe
  C:\Windows\System\qSEXWvF.exe
  2⤵
  PID:7240
- C:\Windows\System\cLiJmjJ.exe
  C:\Windows\System\cLiJmjJ.exe
  2⤵
  PID:7384
- C:\Windows\System\QLXWiBY.exe
  C:\Windows\System\QLXWiBY.exe
  2⤵
  PID:7496
- C:\Windows\System\bqIAAqI.exe
  C:\Windows\System\bqIAAqI.exe
  2⤵
  PID:7400
- C:\Windows\System\JtRMLyJ.exe
  C:\Windows\System\JtRMLyJ.exe
  2⤵
  PID:7444
- C:\Windows\System\GmmaREp.exe
  C:\Windows\System\GmmaREp.exe
  2⤵
  PID:7500
- C:\Windows\System\StUKHyd.exe
  C:\Windows\System\StUKHyd.exe
  2⤵
  PID:7520
- C:\Windows\System\WfdzPgo.exe
  C:\Windows\System\WfdzPgo.exe
  2⤵
  PID:7584
- C:\Windows\System\NvjJIxf.exe
  C:\Windows\System\NvjJIxf.exe
  2⤵
  PID:7588
- C:\Windows\System\AmiOcdf.exe
  C:\Windows\System\AmiOcdf.exe
  2⤵
  PID:7652
- C:\Windows\System\eNOrbaX.exe
  C:\Windows\System\eNOrbaX.exe
  2⤵
  PID:7736
- C:\Windows\System\NVxmprc.exe
  C:\Windows\System\NVxmprc.exe
  2⤵
  PID:7572
- C:\Windows\System\LGZdFWF.exe
  C:\Windows\System\LGZdFWF.exe
  2⤵
  PID:7720
- C:\Windows\System\sSTEDEf.exe
  C:\Windows\System\sSTEDEf.exe
  2⤵
  PID:7748
- C:\Windows\System\frdeuML.exe
  C:\Windows\System\frdeuML.exe
  2⤵
  PID:7796
- C:\Windows\System\xgeILlx.exe
  C:\Windows\System\xgeILlx.exe
  2⤵
  PID:7812
- C:\Windows\System\iaKPNEF.exe
  C:\Windows\System\iaKPNEF.exe
  2⤵
  PID:7864
- C:\Windows\System\WaHvBgC.exe
  C:\Windows\System\WaHvBgC.exe
  2⤵
  PID:7940
- C:\Windows\System\ajyLCqq.exe
  C:\Windows\System\ajyLCqq.exe
  2⤵
  PID:8020
- C:\Windows\System\bkDgvMt.exe
  C:\Windows\System\bkDgvMt.exe
  2⤵
  PID:8060
- C:\Windows\System\WopHYOs.exe
  C:\Windows\System\WopHYOs.exe
  2⤵
  PID:8136
- C:\Windows\System\ACabjeY.exe
  C:\Windows\System\ACabjeY.exe
  2⤵
  PID:8172
- C:\Windows\System\uUiMjHM.exe
  C:\Windows\System\uUiMjHM.exe
  2⤵
  PID:7956
- C:\Windows\System\rdpeopo.exe
  C:\Windows\System\rdpeopo.exe
  2⤵
  PID:8000
- C:\Windows\System\kSQJhMM.exe
  C:\Windows\System\kSQJhMM.exe
  2⤵
  PID:8076
- C:\Windows\System\suEGiTc.exe
  C:\Windows\System\suEGiTc.exe
  2⤵
  PID:8156
- C:\Windows\System\CnaKYYb.exe
  C:\Windows\System\CnaKYYb.exe
  2⤵
  PID:8152
- C:\Windows\System\kAoWtud.exe
  C:\Windows\System\kAoWtud.exe
  2⤵
  PID:7888
- C:\Windows\System\IXwpZKU.exe
  C:\Windows\System\IXwpZKU.exe
  2⤵
  PID:6728
- C:\Windows\System\fiuVdvd.exe
  C:\Windows\System\fiuVdvd.exe
  2⤵
  PID:7220
- C:\Windows\System\oHKVFhJ.exe
  C:\Windows\System\oHKVFhJ.exe
  2⤵
  PID:7288
- C:\Windows\System\Jykxlmd.exe
  C:\Windows\System\Jykxlmd.exe
  2⤵
  PID:2320
- C:\Windows\System\CeAloPq.exe
  C:\Windows\System\CeAloPq.exe
  2⤵
  PID:1524
- C:\Windows\System\lgNlaif.exe
  C:\Windows\System\lgNlaif.exe
  2⤵
  PID:7204
- C:\Windows\System\SLCuqXS.exe
  C:\Windows\System\SLCuqXS.exe
  2⤵
  PID:5504
- C:\Windows\System\JKPqVcC.exe
  C:\Windows\System\JKPqVcC.exe
  2⤵
  PID:7132
- C:\Windows\System\AWsidVx.exe
  C:\Windows\System\AWsidVx.exe
  2⤵
  PID:6316
- C:\Windows\System\QvTpywP.exe
  C:\Windows\System\QvTpywP.exe
  2⤵
  PID:7256
- C:\Windows\System\rglipee.exe
  C:\Windows\System\rglipee.exe
  2⤵
  PID:7340
- C:\Windows\System\vTqasjX.exe
  C:\Windows\System\vTqasjX.exe
  2⤵
  PID:7516
- C:\Windows\System\KfNNFaf.exe
  C:\Windows\System\KfNNFaf.exe
  2⤵
  PID:7552
- C:\Windows\System\UhADyGq.exe
  C:\Windows\System\UhADyGq.exe
  2⤵
  PID:7700
- C:\Windows\System\LhZNWCs.exe
  C:\Windows\System\LhZNWCs.exe
  2⤵
  PID:7636
- C:\Windows\System\CHXYcPU.exe
  C:\Windows\System\CHXYcPU.exe
  2⤵
  PID:7760
- C:\Windows\System\OXZUgwc.exe
  C:\Windows\System\OXZUgwc.exe
  2⤵
  PID:7976
- C:\Windows\System\JfnlseN.exe
  C:\Windows\System\JfnlseN.exe
  2⤵
  PID:8132
- C:\Windows\System\ilCwdnc.exe
  C:\Windows\System\ilCwdnc.exe
  2⤵
  PID:7928
- C:\Windows\System\SRqDdQN.exe
  C:\Windows\System\SRqDdQN.exe
  2⤵
  PID:8116
- C:\Windows\System\AylVaFN.exe
  C:\Windows\System\AylVaFN.exe
  2⤵
  PID:6832
- C:\Windows\System\VzYXdvC.exe
  C:\Windows\System\VzYXdvC.exe
  2⤵
  PID:320
- C:\Windows\System\NswNYIf.exe
  C:\Windows\System\NswNYIf.exe
  2⤵
  PID:6032
- C:\Windows\System\wMCFVyD.exe
  C:\Windows\System\wMCFVyD.exe
  2⤵
  PID:7484
- C:\Windows\System\YHNgTAI.exe
  C:\Windows\System\YHNgTAI.exe
  2⤵
  PID:7740
- C:\Windows\System\AQcDkyy.exe
  C:\Windows\System\AQcDkyy.exe
  2⤵
  PID:7668
- C:\Windows\System\jUixmAk.exe
  C:\Windows\System\jUixmAk.exe
  2⤵
  PID:6796
- C:\Windows\System\jJBHaNU.exe
  C:\Windows\System\jJBHaNU.exe
  2⤵
  PID:6544
- C:\Windows\System\GrzRFyo.exe
  C:\Windows\System\GrzRFyo.exe
  2⤵
  PID:8212
- C:\Windows\System\ghKmuwb.exe
  C:\Windows\System\ghKmuwb.exe
  2⤵
  PID:8240
- C:\Windows\System\ZbjtUgf.exe
  C:\Windows\System\ZbjtUgf.exe
  2⤵
  PID:8256
- C:\Windows\System\JNnOuxN.exe
  C:\Windows\System\JNnOuxN.exe
  2⤵
  PID:8272
- C:\Windows\System\kaauZWP.exe
  C:\Windows\System\kaauZWP.exe
  2⤵
  PID:8292
- C:\Windows\System\GwChNBn.exe
  C:\Windows\System\GwChNBn.exe
  2⤵
  PID:8308
- C:\Windows\System\aAqevod.exe
  C:\Windows\System\aAqevod.exe
  2⤵
  PID:8328
- C:\Windows\System\dhEXGCc.exe
  C:\Windows\System\dhEXGCc.exe
  2⤵
  PID:8348
- C:\Windows\System\PPHAqFp.exe
  C:\Windows\System\PPHAqFp.exe
  2⤵
  PID:8364
- C:\Windows\System\mdAABNT.exe
  C:\Windows\System\mdAABNT.exe
  2⤵
  PID:8384
- C:\Windows\System\CTmhXcA.exe
  C:\Windows\System\CTmhXcA.exe
  2⤵
  PID:8408
- C:\Windows\System\jzLYenj.exe
  C:\Windows\System\jzLYenj.exe
  2⤵
  PID:8424
- C:\Windows\System\qkDJVCn.exe
  C:\Windows\System\qkDJVCn.exe
  2⤵
  PID:8440
- C:\Windows\System\qAsxiPQ.exe
  C:\Windows\System\qAsxiPQ.exe
  2⤵
  PID:8456
- C:\Windows\System\HsHDYsc.exe
  C:\Windows\System\HsHDYsc.exe
  2⤵
  PID:8476
- C:\Windows\System\cZtvQpm.exe
  C:\Windows\System\cZtvQpm.exe
  2⤵
  PID:8500
- C:\Windows\System\ZxPGsmo.exe
  C:\Windows\System\ZxPGsmo.exe
  2⤵
  PID:8516
- C:\Windows\System\bTlSRuH.exe
  C:\Windows\System\bTlSRuH.exe
  2⤵
  PID:8536
- C:\Windows\System\wnCxZYI.exe
  C:\Windows\System\wnCxZYI.exe
  2⤵
  PID:8560
- C:\Windows\System\BjrgQVE.exe
  C:\Windows\System\BjrgQVE.exe
  2⤵
  PID:8600
- C:\Windows\System\TgFVLGl.exe
  C:\Windows\System\TgFVLGl.exe
  2⤵
  PID:8620
- C:\Windows\System\JpuniVi.exe
  C:\Windows\System\JpuniVi.exe
  2⤵
  PID:8636
- C:\Windows\System\dkQDKYJ.exe
  C:\Windows\System\dkQDKYJ.exe
  2⤵
  PID:8660
- C:\Windows\System\lqEosHt.exe
  C:\Windows\System\lqEosHt.exe
  2⤵
  PID:8684
- C:\Windows\System\WiMeOGn.exe
  C:\Windows\System\WiMeOGn.exe
  2⤵
  PID:8708
- C:\Windows\System\aTkdVFK.exe
  C:\Windows\System\aTkdVFK.exe
  2⤵
  PID:8724
- C:\Windows\System\MuaQVUW.exe
  C:\Windows\System\MuaQVUW.exe
  2⤵
  PID:8752
- C:\Windows\System\VstJRkC.exe
  C:\Windows\System\VstJRkC.exe
  2⤵
  PID:8772
- C:\Windows\System\zijNxqY.exe
  C:\Windows\System\zijNxqY.exe
  2⤵
  PID:8800
- C:\Windows\System\IONyePN.exe
  C:\Windows\System\IONyePN.exe
  2⤵
  PID:8816
- C:\Windows\System\oAmpIif.exe
  C:\Windows\System\oAmpIif.exe
  2⤵
  PID:8840
- C:\Windows\System\OGfEhia.exe
  C:\Windows\System\OGfEhia.exe
  2⤵
  PID:8860
- C:\Windows\System\IBsmQKb.exe
  C:\Windows\System\IBsmQKb.exe
  2⤵
  PID:8884
- C:\Windows\System\JxZTMaO.exe
  C:\Windows\System\JxZTMaO.exe
  2⤵
  PID:8908
- C:\Windows\System\PXyYhRl.exe
  C:\Windows\System\PXyYhRl.exe
  2⤵
  PID:8932
- C:\Windows\System\DyFixck.exe
  C:\Windows\System\DyFixck.exe
  2⤵
  PID:8952
- C:\Windows\System\GxSbfCQ.exe
  C:\Windows\System\GxSbfCQ.exe
  2⤵
  PID:8972
- C:\Windows\System\HZIQdQS.exe
  C:\Windows\System\HZIQdQS.exe
  2⤵
  PID:8992
- C:\Windows\System\aBBdHmS.exe
  C:\Windows\System\aBBdHmS.exe
  2⤵
  PID:9012
- C:\Windows\System\kBNpilS.exe
  C:\Windows\System\kBNpilS.exe
  2⤵
  PID:9096
- C:\Windows\System\eevxMuk.exe
  C:\Windows\System\eevxMuk.exe
  2⤵
  PID:9120
- C:\Windows\System\HugaOVm.exe
  C:\Windows\System\HugaOVm.exe
  2⤵
  PID:9144
- C:\Windows\System\LyRXDKP.exe
  C:\Windows\System\LyRXDKP.exe
  2⤵
  PID:9160
- C:\Windows\System\XSlmiop.exe
  C:\Windows\System\XSlmiop.exe
  2⤵
  PID:9176
- C:\Windows\System\PMlQGSL.exe
  C:\Windows\System\PMlQGSL.exe
  2⤵
  PID:9192
- C:\Windows\System\ZWrnJtI.exe
  C:\Windows\System\ZWrnJtI.exe
  2⤵
  PID:9212
- C:\Windows\System\QawZfsf.exe
  C:\Windows\System\QawZfsf.exe
  2⤵
  PID:8200
- C:\Windows\System\KVkSnuk.exe
  C:\Windows\System\KVkSnuk.exe
  2⤵
  PID:8252
- C:\Windows\System\zLAmMKX.exe
  C:\Windows\System\zLAmMKX.exe
  2⤵
  PID:8316
- C:\Windows\System\pgVTPWz.exe
  C:\Windows\System\pgVTPWz.exe
  2⤵
  PID:8360
- C:\Windows\System\GsLaXuD.exe
  C:\Windows\System\GsLaXuD.exe
  2⤵
  PID:8400
- C:\Windows\System\ORVFMSO.exe
  C:\Windows\System\ORVFMSO.exe
  2⤵
  PID:8508
- C:\Windows\System\PnrLEOW.exe
  C:\Windows\System\PnrLEOW.exe
  2⤵
  PID:8552
- C:\Windows\System\BBGezWF.exe
  C:\Windows\System\BBGezWF.exe
  2⤵
  PID:8616
- C:\Windows\System\mljRcyh.exe
  C:\Windows\System\mljRcyh.exe
  2⤵
  PID:8652
- C:\Windows\System\BGYsmuF.exe
  C:\Windows\System\BGYsmuF.exe
  2⤵
  PID:8696
- C:\Windows\System\kdwjtgM.exe
  C:\Windows\System\kdwjtgM.exe
  2⤵
  PID:7512
- C:\Windows\System\qEvDyCr.exe
  C:\Windows\System\qEvDyCr.exe
  2⤵
  PID:7676
- C:\Windows\System\fFbkojj.exe
  C:\Windows\System\fFbkojj.exe
  2⤵
  PID:8744
- C:\Windows\System\BOTLXhn.exe
  C:\Windows\System\BOTLXhn.exe
  2⤵
  PID:8788
- C:\Windows\System\QcPsrTd.exe
  C:\Windows\System\QcPsrTd.exe
  2⤵
  PID:8832
- C:\Windows\System\dkgRhFh.exe
  C:\Windows\System\dkgRhFh.exe
  2⤵
  PID:2492
- C:\Windows\System\RoLoIAN.exe
  C:\Windows\System\RoLoIAN.exe
  2⤵
  PID:8876
- C:\Windows\System\fnclpod.exe
  C:\Windows\System\fnclpod.exe
  2⤵
  PID:8300
- C:\Windows\System\fHGeWKX.exe
  C:\Windows\System\fHGeWKX.exe
  2⤵
  PID:8924
- C:\Windows\System\zRpMjCt.exe
  C:\Windows\System\zRpMjCt.exe
  2⤵
  PID:8960
- C:\Windows\System\YkMjuqw.exe
  C:\Windows\System\YkMjuqw.exe
  2⤵
  PID:8416
- C:\Windows\System\QCkZLEN.exe
  C:\Windows\System\QCkZLEN.exe
  2⤵
  PID:9008
- C:\Windows\System\ypywxDG.exe
  C:\Windows\System\ypywxDG.exe
  2⤵
  PID:8584
- C:\Windows\System\JuExRbE.exe
  C:\Windows\System\JuExRbE.exe
  2⤵
  PID:6616
- C:\Windows\System\uAwXlwB.exe
  C:\Windows\System\uAwXlwB.exe
  2⤵
  PID:2648
- C:\Windows\System\qSxQYdO.exe
  C:\Windows\System\qSxQYdO.exe
  2⤵
  PID:7832
- C:\Windows\System\XOOegxs.exe
  C:\Windows\System\XOOegxs.exe
  2⤵
  PID:8232
- C:\Windows\System\jfMAmFg.exe
  C:\Windows\System\jfMAmFg.exe
  2⤵
  PID:8904
- C:\Windows\System\SApjoQq.exe
  C:\Windows\System\SApjoQq.exe
  2⤵
  PID:7900
- C:\Windows\System\YxYMWvi.exe
  C:\Windows\System\YxYMWvi.exe
  2⤵
  PID:8168
- C:\Windows\System\ptHcejB.exe
  C:\Windows\System\ptHcejB.exe
  2⤵
  PID:7996
- C:\Windows\System\ZXmOjyj.exe
  C:\Windows\System\ZXmOjyj.exe
  2⤵
  PID:7216
- C:\Windows\System\MbjMbbC.exe
  C:\Windows\System\MbjMbbC.exe
  2⤵
  PID:8532
- C:\Windows\System\wInKkSh.exe
  C:\Windows\System\wInKkSh.exe
  2⤵
  PID:7280
- C:\Windows\System\hDwYWBX.exe
  C:\Windows\System\hDwYWBX.exe
  2⤵
  PID:7464
- C:\Windows\System\uvACBxg.exe
  C:\Windows\System\uvACBxg.exe
  2⤵
  PID:8016
- C:\Windows\System\VzNxviF.exe
  C:\Windows\System\VzNxviF.exe
  2⤵
  PID:6848
- C:\Windows\System\JpNmVas.exe
  C:\Windows\System\JpNmVas.exe
  2⤵
  PID:8856
- C:\Windows\System\kkNDdlW.exe
  C:\Windows\System\kkNDdlW.exe
  2⤵
  PID:8376
- C:\Windows\System\EipRSde.exe
  C:\Windows\System\EipRSde.exe
  2⤵
  PID:8448
- C:\Windows\System\YyAIRua.exe
  C:\Windows\System\YyAIRua.exe
  2⤵
  PID:8496
- C:\Windows\System\PmdXkMW.exe
  C:\Windows\System\PmdXkMW.exe
  2⤵
  PID:8668
- C:\Windows\System\pIYaONg.exe
  C:\Windows\System\pIYaONg.exe
  2⤵
  PID:9060
- C:\Windows\System\XfjbUJc.exe
  C:\Windows\System\XfjbUJc.exe
  2⤵
  PID:5472
- C:\Windows\System\lStgNDn.exe
  C:\Windows\System\lStgNDn.exe
  2⤵
  PID:8284
- C:\Windows\System\LHMGdep.exe
  C:\Windows\System\LHMGdep.exe
  2⤵
  PID:8248
- C:\Windows\System\DpVSKFy.exe
  C:\Windows\System\DpVSKFy.exe
  2⤵
  PID:7744
- C:\Windows\System\BzGEBkT.exe
  C:\Windows\System\BzGEBkT.exe
  2⤵
  PID:1600
- C:\Windows\System\KzrevOR.exe
  C:\Windows\System\KzrevOR.exe
  2⤵
  PID:8612
- C:\Windows\System\DMLGWqp.exe
  C:\Windows\System\DMLGWqp.exe
  2⤵
  PID:7504
- C:\Windows\System\kqCfFpS.exe
  C:\Windows\System\kqCfFpS.exe
  2⤵
  PID:8824
- C:\Windows\System\KbCwZHT.exe
  C:\Windows\System\KbCwZHT.exe
  2⤵
  PID:880
- C:\Windows\System\PVRlJFN.exe
  C:\Windows\System\PVRlJFN.exe
  2⤵
  PID:8964
- C:\Windows\System\yGfHrYx.exe
  C:\Windows\System\yGfHrYx.exe
  2⤵
  PID:7304
- C:\Windows\System\hEIgBVh.exe
  C:\Windows\System\hEIgBVh.exe
  2⤵
  PID:7704
- C:\Windows\System\RqOlexX.exe
  C:\Windows\System\RqOlexX.exe
  2⤵
  PID:8948
- C:\Windows\System\pmCWURe.exe
  C:\Windows\System\pmCWURe.exe
  2⤵
  PID:8796
- C:\Windows\System\VRZQTzM.exe
  C:\Windows\System\VRZQTzM.exe
  2⤵
  PID:8920
- C:\Windows\System\vBItPPo.exe
  C:\Windows\System\vBItPPo.exe
  2⤵
  PID:8592
- C:\Windows\System\cTQRkSk.exe
  C:\Windows\System\cTQRkSk.exe
  2⤵
  PID:8896
- C:\Windows\System\yyzDIFN.exe
  C:\Windows\System\yyzDIFN.exe
  2⤵
  PID:9020
- C:\Windows\System\KlROtCj.exe
  C:\Windows\System\KlROtCj.exe
  2⤵
  PID:8676
- C:\Windows\System\VIyNgOK.exe
  C:\Windows\System\VIyNgOK.exe
  2⤵
  PID:8084
- C:\Windows\System\prOXYSO.exe
  C:\Windows\System\prOXYSO.exe
  2⤵
  PID:5100
- C:\Windows\System\pFBRIca.exe
  C:\Windows\System\pFBRIca.exe
  2⤵
  PID:7868
- C:\Windows\System\OucPNQm.exe
  C:\Windows\System\OucPNQm.exe
  2⤵
  PID:8628
- C:\Windows\System\hnIYSrG.exe
  C:\Windows\System\hnIYSrG.exe
  2⤵
  PID:8680
- C:\Windows\System\eqjbNLy.exe
  C:\Windows\System\eqjbNLy.exe
  2⤵
  PID:8900
- C:\Windows\System\kVXijWv.exe
  C:\Windows\System\kVXijWv.exe
  2⤵
  PID:9044
- C:\Windows\System\izcdWHT.exe
  C:\Windows\System\izcdWHT.exe
  2⤵
  PID:9064
- C:\Windows\System\OnMsczN.exe
  C:\Windows\System\OnMsczN.exe
  2⤵
  PID:8220
- C:\Windows\System\zYEVaOd.exe
  C:\Windows\System\zYEVaOd.exe
  2⤵
  PID:9112
- C:\Windows\System\fgSHNXW.exe
  C:\Windows\System\fgSHNXW.exe
  2⤵
  PID:9132
- C:\Windows\System\bBkgCXH.exe
  C:\Windows\System\bBkgCXH.exe
  2⤵
  PID:9184
- C:\Windows\System\XoEBVYy.exe
  C:\Windows\System\XoEBVYy.exe
  2⤵
  PID:9152
- C:\Windows\System\aEmDWGH.exe
  C:\Windows\System\aEmDWGH.exe
  2⤵
  PID:9172
- C:\Windows\System\CwuhstR.exe
  C:\Windows\System\CwuhstR.exe
  2⤵
  PID:8356
- C:\Windows\System\NjwUWCC.exe
  C:\Windows\System\NjwUWCC.exe
  2⤵
  PID:8468
- C:\Windows\System\POkKcew.exe
  C:\Windows\System\POkKcew.exe
  2⤵
  PID:8432
- C:\Windows\System\oWDyqEC.exe
  C:\Windows\System\oWDyqEC.exe
  2⤵
  PID:8544
- C:\Windows\System\rfhoURM.exe
  C:\Windows\System\rfhoURM.exe
  2⤵
  PID:8264
- C:\Windows\System\WKRasqP.exe
  C:\Windows\System\WKRasqP.exe
  2⤵
  PID:8984
- C:\Windows\System\lfyTyQt.exe
  C:\Windows\System\lfyTyQt.exe
  2⤵
  PID:8968
- C:\Windows\System\ClRJmCh.exe
  C:\Windows\System\ClRJmCh.exe
  2⤵
  PID:8892
- C:\Windows\System\RuIHxUz.exe
  C:\Windows\System\RuIHxUz.exe
  2⤵
  PID:9032
- C:\Windows\System\wXfYysQ.exe
  C:\Windows\System\wXfYysQ.exe
  2⤵
  PID:8436
- C:\Windows\System\qZNfNgi.exe
  C:\Windows\System\qZNfNgi.exe
  2⤵
  PID:8344
- C:\Windows\System\qiGUyjO.exe
  C:\Windows\System\qiGUyjO.exe
  2⤵
  PID:8228
- C:\Windows\System\rnzYddo.exe
  C:\Windows\System\rnzYddo.exe
  2⤵
  PID:8572
- C:\Windows\System\KFEcBnF.exe
  C:\Windows\System\KFEcBnF.exe
  2⤵
  PID:9136
- C:\Windows\System\kejloLK.exe
  C:\Windows\System\kejloLK.exe
  2⤵
  PID:2452
- C:\Windows\System\twAUBHo.exe
  C:\Windows\System\twAUBHo.exe
  2⤵
  PID:6452
- C:\Windows\System\gQugsbB.exe
  C:\Windows\System\gQugsbB.exe
  2⤵
  PID:9040
- C:\Windows\System\QSypTUw.exe
  C:\Windows\System\QSypTUw.exe
  2⤵
  PID:7632
- C:\Windows\System\aIryYDJ.exe
  C:\Windows\System\aIryYDJ.exe
  2⤵
  PID:9072
- C:\Windows\System\hQLOQZw.exe
  C:\Windows\System\hQLOQZw.exe
  2⤵
  PID:8208
- C:\Windows\System\hJQSRUT.exe
  C:\Windows\System\hJQSRUT.exe
  2⤵
  PID:8288
- C:\Windows\System\SRlvByV.exe
  C:\Windows\System\SRlvByV.exe
  2⤵
  PID:8700
- C:\Windows\System\NBGOrJe.exe
  C:\Windows\System\NBGOrJe.exe
  2⤵
  PID:8488
- C:\Windows\System\CvxvLJj.exe
  C:\Windows\System\CvxvLJj.exe
  2⤵
  PID:8980
- C:\Windows\System\vNXMeII.exe
  C:\Windows\System\vNXMeII.exe
  2⤵
  PID:8764
- C:\Windows\System\dXxmULT.exe
  C:\Windows\System\dXxmULT.exe
  2⤵
  PID:9188
- C:\Windows\System\cZsvPEI.exe
  C:\Windows\System\cZsvPEI.exe
  2⤵
  PID:7356
- C:\Windows\System\qofVdJr.exe
  C:\Windows\System\qofVdJr.exe
  2⤵
  PID:8872
- C:\Windows\System\nuFPNyG.exe
  C:\Windows\System\nuFPNyG.exe
  2⤵
  PID:8420
- C:\Windows\System\ovZwFpY.exe
  C:\Windows\System\ovZwFpY.exe
  2⤵
  PID:8716
- C:\Windows\System\BbQbbvo.exe
  C:\Windows\System\BbQbbvo.exe
  2⤵
  PID:8464
- C:\Windows\System\MMDxICG.exe
  C:\Windows\System\MMDxICG.exe
  2⤵
  PID:7568
- C:\Windows\System\rTveloB.exe
  C:\Windows\System\rTveloB.exe
  2⤵
  PID:8336
- C:\Windows\System\OuUgIJU.exe
  C:\Windows\System\OuUgIJU.exe
  2⤵
  PID:9232
- C:\Windows\System\waJVLAJ.exe
  C:\Windows\System\waJVLAJ.exe
  2⤵
  PID:9252
- C:\Windows\System\JRndYoe.exe
  C:\Windows\System\JRndYoe.exe
  2⤵
  PID:9268
- C:\Windows\System\gCuwMcK.exe
  C:\Windows\System\gCuwMcK.exe
  2⤵
  PID:9284
- C:\Windows\System\DFvZPqK.exe
  C:\Windows\System\DFvZPqK.exe
  2⤵
  PID:9300
- C:\Windows\System\AwoEYJX.exe
  C:\Windows\System\AwoEYJX.exe
  2⤵
  PID:9316
- C:\Windows\System\EptOPmn.exe
  C:\Windows\System\EptOPmn.exe
  2⤵
  PID:9340
- C:\Windows\System\ysHpuwK.exe
  C:\Windows\System\ysHpuwK.exe
  2⤵
  PID:9380
- C:\Windows\System\xrSUspq.exe
  C:\Windows\System\xrSUspq.exe
  2⤵
  PID:9400
- C:\Windows\System\XJdHjUr.exe
  C:\Windows\System\XJdHjUr.exe
  2⤵
  PID:9416
- C:\Windows\System\FVjNWOK.exe
  C:\Windows\System\FVjNWOK.exe
  2⤵
  PID:9432
- C:\Windows\System\gGnkwxN.exe
  C:\Windows\System\gGnkwxN.exe
  2⤵
  PID:9448
- C:\Windows\System\ArQdhUw.exe
  C:\Windows\System\ArQdhUw.exe
  2⤵
  PID:9464
- C:\Windows\System\rdVGMBE.exe
  C:\Windows\System\rdVGMBE.exe
  2⤵
  PID:9480
- C:\Windows\System\mddPQkO.exe
  C:\Windows\System\mddPQkO.exe
  2⤵
  PID:9500
- C:\Windows\System\HAQhVoZ.exe
  C:\Windows\System\HAQhVoZ.exe
  2⤵
  PID:9516
- C:\Windows\System\MzBgyeA.exe
  C:\Windows\System\MzBgyeA.exe
  2⤵
  PID:9532
- C:\Windows\System\xFdoWSG.exe
  C:\Windows\System\xFdoWSG.exe
  2⤵
  PID:9548
- C:\Windows\System\mlhyUuO.exe
  C:\Windows\System\mlhyUuO.exe
  2⤵
  PID:9568
- C:\Windows\System\KvuVeCl.exe
  C:\Windows\System\KvuVeCl.exe
  2⤵
  PID:9592
- C:\Windows\System\JzvMEOh.exe
  C:\Windows\System\JzvMEOh.exe
  2⤵
  PID:9612
- C:\Windows\System\DWZjRnM.exe
  C:\Windows\System\DWZjRnM.exe
  2⤵
  PID:9628
- C:\Windows\System\wLqNjTt.exe
  C:\Windows\System\wLqNjTt.exe
  2⤵
  PID:9644
- C:\Windows\System\DYjgkRU.exe
  C:\Windows\System\DYjgkRU.exe
  2⤵
  PID:9664
- C:\Windows\System\yIAPCyI.exe
  C:\Windows\System\yIAPCyI.exe
  2⤵
  PID:9688
- C:\Windows\System\TCBIEgm.exe
  C:\Windows\System\TCBIEgm.exe
  2⤵
  PID:9708
- C:\Windows\System\whauWZT.exe
  C:\Windows\System\whauWZT.exe
  2⤵
  PID:9728
- C:\Windows\System\smOWJey.exe
  C:\Windows\System\smOWJey.exe
  2⤵
  PID:9748
- C:\Windows\System\CJQjLnN.exe
  C:\Windows\System\CJQjLnN.exe
  2⤵
  PID:9808
- C:\Windows\System\rmQQkaA.exe
  C:\Windows\System\rmQQkaA.exe
  2⤵
  PID:9824
- C:\Windows\System\jkiMTIO.exe
  C:\Windows\System\jkiMTIO.exe
  2⤵
  PID:9840
- C:\Windows\System\AIktMyj.exe
  C:\Windows\System\AIktMyj.exe
  2⤵
  PID:9860
- C:\Windows\System\GfjTHcg.exe
  C:\Windows\System\GfjTHcg.exe
  2⤵
  PID:9876
- C:\Windows\System\fiAvZBH.exe
  C:\Windows\System\fiAvZBH.exe
  2⤵
  PID:9892
- C:\Windows\System\BteGgOM.exe
  C:\Windows\System\BteGgOM.exe
  2⤵
  PID:9912
- C:\Windows\System\JaoYSAS.exe
  C:\Windows\System\JaoYSAS.exe
  2⤵
  PID:9932
- C:\Windows\System\aLfVXca.exe
  C:\Windows\System\aLfVXca.exe
  2⤵
  PID:9952
- C:\Windows\System\jyQtoAK.exe
  C:\Windows\System\jyQtoAK.exe
  2⤵
  PID:9968
- C:\Windows\System\eFyDAwY.exe
  C:\Windows\System\eFyDAwY.exe
  2⤵
  PID:9988
- C:\Windows\System\MKoCgFW.exe
  C:\Windows\System\MKoCgFW.exe
  2⤵
  PID:10004
- C:\Windows\System\DreLQWG.exe
  C:\Windows\System\DreLQWG.exe
  2⤵
  PID:10020
- C:\Windows\System\pGTaVRr.exe
  C:\Windows\System\pGTaVRr.exe
  2⤵
  PID:10040
- C:\Windows\System\tjuxjEl.exe
  C:\Windows\System\tjuxjEl.exe
  2⤵
  PID:10060
- C:\Windows\System\gxCuHYT.exe
  C:\Windows\System\gxCuHYT.exe
  2⤵
  PID:10084
- C:\Windows\System\ceHKHgp.exe
  C:\Windows\System\ceHKHgp.exe
  2⤵
  PID:10100
- C:\Windows\System\JZuEqeD.exe
  C:\Windows\System\JZuEqeD.exe
  2⤵
  PID:10116
- C:\Windows\System\LdOOquL.exe
  C:\Windows\System\LdOOquL.exe
  2⤵
  PID:10136
- C:\Windows\System\ARLINxh.exe
  C:\Windows\System\ARLINxh.exe
  2⤵
  PID:10152
- C:\Windows\System\pStOXio.exe
  C:\Windows\System\pStOXio.exe
  2⤵
  PID:10172
- C:\Windows\System\ZAmHyeG.exe
  C:\Windows\System\ZAmHyeG.exe
  2⤵
  PID:10192
- C:\Windows\System\ErXwuny.exe
  C:\Windows\System\ErXwuny.exe
  2⤵
  PID:9056
- C:\Windows\System\CmnFJqP.exe
  C:\Windows\System\CmnFJqP.exe
  2⤵
  PID:9244
- C:\Windows\System\aUCHOtj.exe
  C:\Windows\System\aUCHOtj.exe
  2⤵
  PID:9224
- C:\Windows\System\haGRdLs.exe
  C:\Windows\System\haGRdLs.exe
  2⤵
  PID:9308
- C:\Windows\System\BzOgrbp.exe
  C:\Windows\System\BzOgrbp.exe
  2⤵
  PID:9260
- C:\Windows\System\kxsNhlI.exe
  C:\Windows\System\kxsNhlI.exe
  2⤵
  PID:9324
- C:\Windows\System\ScaVtbZ.exe
  C:\Windows\System\ScaVtbZ.exe
  2⤵
  PID:9352
- C:\Windows\System\DQGypfv.exe
  C:\Windows\System\DQGypfv.exe
  2⤵
  PID:9408
- C:\Windows\System\GPhUBku.exe
  C:\Windows\System\GPhUBku.exe
  2⤵
  PID:9476
- C:\Windows\System\KbTCsXN.exe
  C:\Windows\System\KbTCsXN.exe
  2⤵
  PID:9580
- C:\Windows\System\qiRsVFb.exe
  C:\Windows\System\qiRsVFb.exe
  2⤵
  PID:9576
- C:\Windows\System\hFZUTpj.exe
  C:\Windows\System\hFZUTpj.exe
  2⤵
  PID:9696
- C:\Windows\System\JzEtvIj.exe
  C:\Windows\System\JzEtvIj.exe
  2⤵
  PID:9736
- C:\Windows\System\YfRYtKA.exe
  C:\Windows\System\YfRYtKA.exe
  2⤵
  PID:9496
- C:\Windows\System\RkpDUqx.exe
  C:\Windows\System\RkpDUqx.exe
  2⤵
  PID:9604
- C:\Windows\System\wplLUyp.exe
  C:\Windows\System\wplLUyp.exe
  2⤵
  PID:9676
- C:\Windows\System\HyTAUoH.exe
  C:\Windows\System\HyTAUoH.exe
  2⤵
  PID:9460
- C:\Windows\System\ytJzDEG.exe
  C:\Windows\System\ytJzDEG.exe
  2⤵
  PID:9780
- C:\Windows\System\ATBkQuw.exe
  C:\Windows\System\ATBkQuw.exe
  2⤵
  PID:9788
- C:\Windows\System\ctoaZfY.exe
  C:\Windows\System\ctoaZfY.exe
  2⤵
  PID:9720
- C:\Windows\System\FGtNUje.exe
  C:\Windows\System\FGtNUje.exe
  2⤵
  PID:9856
- C:\Windows\System\iBgrzTE.exe
  C:\Windows\System\iBgrzTE.exe
  2⤵
  PID:9772
- C:\Windows\System\JjGuiki.exe
  C:\Windows\System\JjGuiki.exe
  2⤵
  PID:9760
- C:\Windows\System\uUpplnX.exe
  C:\Windows\System\uUpplnX.exe
  2⤵
  PID:9924
- C:\Windows\System\TVHoTuZ.exe
  C:\Windows\System\TVHoTuZ.exe
  2⤵
  PID:9832
- C:\Windows\System\PvRWJXr.exe
  C:\Windows\System\PvRWJXr.exe
  2⤵
  PID:10072
- C:\Windows\System\FqiMriw.exe
  C:\Windows\System\FqiMriw.exe
  2⤵
  PID:10112
- C:\Windows\System\csErbGz.exe
  C:\Windows\System\csErbGz.exe
  2⤵
  PID:9868
- C:\Windows\System\QBIfWQG.exe
  C:\Windows\System\QBIfWQG.exe
  2⤵
  PID:9940
- C:\Windows\System\SwQCuql.exe
  C:\Windows\System\SwQCuql.exe
  2⤵
  PID:9976
- C:\Windows\System\fSDllDd.exe
  C:\Windows\System\fSDllDd.exe
  2⤵
  PID:10216
- C:\Windows\System\gUsGAls.exe
  C:\Windows\System\gUsGAls.exe
  2⤵
  PID:10232
- C:\Windows\System\aEqErGu.exe
  C:\Windows\System\aEqErGu.exe
  2⤵
  PID:9052
- C:\Windows\System\IwVKDRj.exe
  C:\Windows\System\IwVKDRj.exe
  2⤵
  PID:9292
- C:\Windows\System\OrtvzYk.exe
  C:\Windows\System\OrtvzYk.exe
  2⤵
  PID:9356
- C:\Windows\System\hFTGvfS.exe
  C:\Windows\System\hFTGvfS.exe
  2⤵
  PID:9744
- C:\Windows\System\GZKKeHz.exe
  C:\Windows\System\GZKKeHz.exe
  2⤵
  PID:9528
- C:\Windows\System\JwCZZQD.exe
  C:\Windows\System\JwCZZQD.exe
  2⤵
  PID:9848
- C:\Windows\System\HtKVEeH.exe
  C:\Windows\System\HtKVEeH.exe
  2⤵
  PID:9964
- C:\Windows\System\OpZedlc.exe
  C:\Windows\System\OpZedlc.exe
  2⤵
  PID:9948
- C:\Windows\System\TbHHWhK.exe
  C:\Windows\System\TbHHWhK.exe
  2⤵
  PID:9028
- C:\Windows\System\pUSZLaF.exe
  C:\Windows\System\pUSZLaF.exe
  2⤵
  PID:9444
- C:\Windows\System\wjPcAjp.exe
  C:\Windows\System\wjPcAjp.exe
  2⤵
  PID:9312
- C:\Windows\System\TMCgMpk.exe
  C:\Windows\System\TMCgMpk.exe
  2⤵
  PID:9472
- C:\Windows\System\wEoqDvN.exe
  C:\Windows\System\wEoqDvN.exe
  2⤵
  PID:9564
- C:\Windows\System\vOhXUnX.exe
  C:\Windows\System\vOhXUnX.exe
  2⤵
  PID:9784
- C:\Windows\System\DIPKbrV.exe
  C:\Windows\System\DIPKbrV.exe
  2⤵
  PID:9796
- C:\Windows\System\mbEWefs.exe
  C:\Windows\System\mbEWefs.exe
  2⤵
  PID:10076
- C:\Windows\System\cWXBhUf.exe
  C:\Windows\System\cWXBhUf.exe
  2⤵
  PID:10056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACLmFtz.exe

Filesize
6.0MB

MD5
f321498451015b1b13b13d87e68999f4

SHA1
b0f275cfdebfd9ed9fd34f71a1d3e059360ed7e2

SHA256
cb4f2f77cae4b68fa63a7d5e7a269906a81fb3b37faaa942030222d71c8b5550

SHA512
7be660fc18dda3bfbe6fe67c3f2d9b32bce66b727960de5317a58c1170832458c5691bf102579d28b37aa704ef07da0bfe1c7494049fe03d8a04e94271cfb695

Download Submit
C:\Windows\system\EgUtckQ.exe

Filesize
6.0MB

MD5
05dc393ba45b8157802cd86775835f74

SHA1
be0388f8d68a619f7906f58f13f8de0f8b5110b7

SHA256
22019ee2c63b7125e484c49d47bc0b8b9c407d0f441c652d42b2ae95745ea2c9

SHA512
b8490e1b7d42760e1edfcf328b132dacd90902194e468e4bf24edefe877b9f38f3a9497570d7244a2b8311161a57b12390e3dd991eeebecdb2f64f9b89b5f79e

Download Submit
C:\Windows\system\JAmPihM.exe

Filesize
6.0MB

MD5
4f66c416357aa8c286433ca6aa13b94a

SHA1
d57349aa2eacd62d47067080f608864ecc25ff67

SHA256
2f66e4f75edb09bec5c303bf307030e008a87baefdac753d5462a0fe4da3f0d7

SHA512
45b3a20186fe033b4715855f9cff9e70c194649b8cc19be4dfc86d49518e90ca902b8e98bfb7f75af0f6052acf16e50d240e84815b8b414867e0df2c08fc9c66

Download Submit
C:\Windows\system\MDipqJq.exe

Filesize
6.0MB

MD5
e8640314ebb722f55ba96a8e381540cb

SHA1
92c47ee4c5c68ee37b69383cda833f07f6f06740

SHA256
e38a99d8e829610397bb8772726a8c48c7aa65b77ed544982bd9e0609ab40c82

SHA512
85354d510e2b02a70a450f410059d8e8db438fb30da0e3442c71676c099fb5d089fa55aca4ea65c3e90eb67aabc5601e4b22208e745724f14a14fe445b65a9e6

Download Submit
C:\Windows\system\MxWMcox.exe

Filesize
6.0MB

MD5
37e51fab76047854dd628fd8e9c45419

SHA1
7c885bf4435f8a892f4f06cd7832f4a93ad8fc64

SHA256
e5e3ed510848f3935e49a9f8b8fcfca0a18eb82ef62b4dfdfcf3e196387d17cd

SHA512
5ffb78644e88a15f4435b4c03dc5d7cb50595b06ed229baad6ba797028db5a73c34d905e516e72cb5aacfa156ce31ccef9a64a819b10caa73a7a3d5dc3e1c65c

Download Submit
C:\Windows\system\OXqfPCH.exe

Filesize
6.0MB

MD5
8e85057db51bc4efa133576097a9be6d

SHA1
0a9a89d5c0cf4ed039e0fa097c1646f7128f9554

SHA256
d3d67579dae1757e7d543243d3a1560edc108d827d17d1a01fb6b159f88f9f8d

SHA512
760045abdc4f7c247d23177a63dce791a5facb063852399fdbe3ee872656cd971b55cd2e300ac6e7e6c8cfe138e4b45e77638642465b4b18eb7b8f56e3996984

Download Submit
C:\Windows\system\QPiZffP.exe

Filesize
6.0MB

MD5
ec07e2d2a1682785f65052e76f684dbe

SHA1
54fdff6427857408d8169eea129f6700f1b7c2de

SHA256
9558e8171e2f79a8e288a5b1a4688f56aedf9b76515aadcb768b53a1b49d4b25

SHA512
b388ac3197a792812ea9eb60b07149969f54b687717d159bd8d3152aa3b1ba6eb50749adee0420dcb78621c24762af8979685d7313f50ed787f058e103bedc9b

Download Submit
C:\Windows\system\TOrUSCo.exe

Filesize
6.0MB

MD5
9d9043bc0c4ed0fddbca896d70da503d

SHA1
d2cd42dc8e2df14ace48040e8d7510ce5ed7e14f

SHA256
58ef675d6c7037bf405235413b140ccfd2cd8d9185e90f3172471683cbdcc138

SHA512
3ecc770589b6a089f5bcf30710dc022aa19a2913bf2169468a529384eba9a1297f6375addea566e479370e676aaa92061f1950c5782aa972fc275ec977c31487

Download Submit
C:\Windows\system\TtqCtEd.exe

Filesize
6.0MB

MD5
0f06229d33bd6a8956a4acd22847dfd0

SHA1
ee363f98a51c310ec97dbf50e52c47fc184954d3

SHA256
b24fbf27dde523d30646a6ca34abe685743b7f1cdffa88af2b3a63e6fbf2bd14

SHA512
5f1c8d638893c8030167d6ddbfb38d68d10e2bf34335ab9819c39cc2ccbb3b2d6a420e9147e31359ce668654ff8a5412a00cb2f4b0a49d82fe6f976c916f7696

Download Submit
C:\Windows\system\ZoyWSUZ.exe

Filesize
6.0MB

MD5
46e64a0eabe7f552509ffd93d6323dad

SHA1
c1139a9eaab3737ea5ee4205fd4513e7605d70ee

SHA256
f27fba939d7fc375e15ebe3d3efb021e81cb478056a1e1facf21169c8b62ac9f

SHA512
044b7fc29d0348985f7d48c36a77a32fe7b2342edb8963ca0228eb30b6addf559fe7ce6788f8fc3668ff5c6941da8a284e3b5d2013906a8448a0afe7ecbac9cb

Download Submit
C:\Windows\system\arEaaWY.exe

Filesize
6.0MB

MD5
4e7ee0d8acf801f0a052d3491a23bfa0

SHA1
2ea400adcb3c2fca1d317c26ac52107e4c7cba49

SHA256
ff53626df9417f08c6afa125d61d4fd972c3bfc958463a108b3958e3ddd8977e

SHA512
32291bc4ec37e7a25da68e9b39e99510c97933241e02ff36ad80c386229fbd9f1e4de08221281c6f33c8b937808f2cebd5053735104f3ef0039c45665cbd8f68

Download Submit
C:\Windows\system\aswzdOE.exe

Filesize
6.0MB

MD5
0577da1ee907f50298734231c934e264

SHA1
3e9ef3e63017dc3111b41fc513ad731299b67bba

SHA256
faf43f9e1105224a874a256432424b43ae3158a7ea07ee964110d7488f5d7367

SHA512
ab018786d1ea25216663179b77807d57c5bc1d578b582ea9c71a0fdb4780ea2801fa46f203a593698640968d276a7f9afda937c199c99cdeb1773a19c52de93c

Download Submit
C:\Windows\system\bFqxotG.exe

Filesize
6.0MB

MD5
7db54e3a317754cb56701b818e491f00

SHA1
38e9eb3ecff50e1164cb00cb7c0e63be23231189

SHA256
83fedad65913b88011f29f5b6108793603c0b63d14a91106a5e68d38d970b348

SHA512
50df406d4cfcc231615c209d2b9bd693232811df5db2403d6e32c48aa59784bdf5aea1927f9d7d849ec3b8a33d828f08dc57f2daad1cbe09400a7be28fb67e16

Download Submit
C:\Windows\system\coxmsOs.exe

Filesize
6.0MB

MD5
0fc7045b08380e2f747b807cc1c63b02

SHA1
30c7669b8045466e7566396967161810a9f16b7e

SHA256
cf8eacd17ddf0ab1ed70339f339068f38800a25a76c4dd6a492fa10f71b6e22c

SHA512
a01cfbbb44c48590e9294164e1c357c98718ca50a01448e04dce3596bd398d23efc03e121b12462e98663794b27137f81fe46fa802075dd3b20aef650060404e

Download Submit
C:\Windows\system\lrOyZmt.exe

Filesize
6.0MB

MD5
89569f96dba20e260f777ebc703a11eb

SHA1
b21ab17d606344d3c211915a96fee910f5e01302

SHA256
bb178a73b4e277efadc32d036547f926b62ce1621da766586dbc435e73735f9b

SHA512
650f583a4db9f6f4886dcd19c323e3d7ef95b64a2b56ed4c30197faf4f9a4222878f3d5fcc57cef86fc2d3afaa8069441e36ec3bf3293973f8acdb15a2de39f4

Download Submit
C:\Windows\system\oJHkADn.exe

Filesize
6.0MB

MD5
8103b8256c53e3b1ce4466ed5dbbb6b5

SHA1
9aa97dd166d999d42f58e61f238effa91d895fc7

SHA256
fb489f39e8c222f43e1d47ac4a564d2fd7e3d7488e2e9af8ee8d19a0b8b1c1c5

SHA512
33dce5cd5796800ce69e32a7bc751a4ca7b7c909a368f0ed012311a935896fd0133fbf789834e84d3e8a49f92d8780e096e2715079d6d53d757a838762ff609d

Download Submit
C:\Windows\system\pTIOSmr.exe

Filesize
6.0MB

MD5
18920499594c00395e0845ccd940d6a4

SHA1
5dd98a102051f3f6ba53087f1d4e631d421a9125

SHA256
4388efa0deb81c714ef6cddd4611a774b45fb426c6c5f560d133dd2a4af50a08

SHA512
c6ac2344f3c806bd530fe68d6bb045464b220e0bdebdd21da39b730c0bdeeb7bf68fdbc3ac4f3db070c4a9e05576aa44b2656857691d2c398c9f21489a488ace

Download Submit
C:\Windows\system\pVEFEWp.exe

Filesize
6.0MB

MD5
7d3171e133bcb554592a140aa53bc4fd

SHA1
7157de74d30bdf4a6367265f6b8fbbf3effc5ff7

SHA256
f5cf9fa84375cdbf823cd0deaed286045b74e58ce560a6bcecc6c187395a1600

SHA512
67ec6933eddaac69ed80de6776ea7cbf1eb25cb09751cb9728d97becf36b67d1f606965ff8ebc32699f02a6db52bc80575c80625a16f27cf301f42d4ea5d4bba

Download Submit
C:\Windows\system\prMpvBn.exe

Filesize
6.0MB

MD5
0dd114d9dbe1ecb79a2223832b2e80a8

SHA1
ff71ece570cb645750f5af222888273cadefaf15

SHA256
bc8cd43ef98717eeeb4e2550f14445897975817f0f9ac365fb4c141048a16dd0

SHA512
0f8ef6505dcd62dc72485727b1256ccccdc8bbc48e0b02d44616435009c18222ac7d99e034f6ce775a4da0ad8375b18467cfeb27aa5a1f004fb398cea81d7dc9

Download Submit
C:\Windows\system\xCIrvJc.exe

Filesize
6.0MB

MD5
6d93eb77f1a3f4720d6be0deecaad877

SHA1
d6218fbdf654f67adafd98e2d5eba7a9f4b4df30

SHA256
af173fbe1e36fdbd0fe54ddd35e5c0efb4a77355c938a1fedbc7517839a82c6b

SHA512
0da745d8263ed18a57966c60d5d7bdb4b2df005ea1df96da5f85e51c8a2a0f11ca2c4d43eb103a4c4688c0d2cce8315e37506fd77c687ee0aa8e21a572e14ccf

Download Submit
\Windows\system\AhrqgWw.exe

Filesize
6.0MB

MD5
e275d600b2649f49402b3d7288df167c

SHA1
e05bea846ef2ab803a79e61e67988dfed9fe460a

SHA256
9b2488a8d9e4f02b6f95c21e0c1c4806a418f6e333f71f95765acfa9eff231a3

SHA512
300a6c665e769544e8822fe79ceef3730459b9efc63ae2e720ae068e9ea5ef594d3639a12400c9b2866adb4730ff1cfd3bde4c97f8bca8a76b4a7a2a1e0dcf11

Download Submit
\Windows\system\BvcNctv.exe

Filesize
6.0MB

MD5
3153f4596598d486fb2f45f7a83654ca

SHA1
bfb99b3b8c4bff3368db7dd3f0c9f5cf2f883bc4

SHA256
733caa71e1d8646f1fbecd7ad8877c25409951a985d038dfd188490f81e73e91

SHA512
c314baa7f89c3e68dfd58be7d83f6cb70d1a068d750178d64a4d0ee2c471d26b3570b5ac2ba4a07d7f0853b7475163e0aa4268de6469eebf4031586b22efc0a5

Download Submit
\Windows\system\KoTzoGa.exe

Filesize
6.0MB

MD5
574b882d718823213aa6c6c227a07439

SHA1
cf6f2491bb85bfa4b01dd54e819bfce5947615dc

SHA256
bab1474c491c4b6f9c937498ae1d2dc6296340aeef4ac63fd6bb6007193cf3fe

SHA512
c81a4252e202f3a625629a3bee121ba5518c335d3b0bae0f812fdaac70a5b5383ed0840d99e99e6f287729935cc593e71189673cc71c681e84a9b324c648bf8d

Download Submit
\Windows\system\MvJMQIV.exe

Filesize
6.0MB

MD5
2a783c9263b29ab9d9d192ae11f5ec09

SHA1
436744a8c0b4bdd948c39a2296613103fa1f161f

SHA256
4db2a05e60d695b6e4d5ab17e97911c7730752d1deaa96519ee496ecec6e7349

SHA512
98337f2bee087b5598f1ab56e16335e9f9d26a3da07134203cc286501bb6954bfeb929f4cbac206691a5c714d752cb19ba9297c9efad14705904e7b240568857

Download Submit
\Windows\system\OkCVCiN.exe

Filesize
6.0MB

MD5
7a70357ecc000eea64cdfa16cd4b76cc

SHA1
adf9dbc59a79308f64199f1af09a879fe332015b

SHA256
ff7616f14d6b6c489fd54e6f89e67c1a9ea30f8911608a3e0599502a66cf963f

SHA512
8b0571b7d25539f229fc09a23f128030473ca6f0ca42386e7608ce45acaca821a4b9d92f70b828d0b6ff9492b4dc55a2fa0d8567bc7678123b29bd04e84c8907

Download Submit
\Windows\system\WUvvxzF.exe

Filesize
6.0MB

MD5
a33b67840e0a8fa8639e73b3a1fa2fb4

SHA1
55998085c67530d4d56195e61bac06b1a73694ad

SHA256
9f9f7f116e28fec85acde71461c2e20a7b4046c8206a1480caf5c670090c4649

SHA512
41e210241a5d5f3c3cd1b1c094ae22a4597dc0c31ccaa0bb551a143ef15aede00cb4aa1757e22dedd6c2a33bd8f7d0630152dab02410c5cf10a4200a3d33d9b3

Download Submit
\Windows\system\WZNLTFo.exe

Filesize
6.0MB

MD5
173356933232a09ecfa6f591a864a2a8

SHA1
84ae689a82770f4a91664fa0a139dafac13c5170

SHA256
b0611ea3e567002bbde913831c049b62f67b12c54b911894659ab31ee8b0cec8

SHA512
acf893177b710972760543696053b34ac27daab8a0638a09280db42b95d7ae9b45bdb4f8b41fe1dd61072c27d75c018f101d45a91cc27049feb7fce3089c4451

Download Submit
\Windows\system\ZairWZG.exe

Filesize
6.0MB

MD5
66af7dc6aa45635d320c8b3850516dba

SHA1
c82c1b3324c4478c641ac52094b2d7070bc1ee29

SHA256
14e9912dac35b57d0adc71bbad13fa522e92b31583d64d47fb6d3f3a970837d9

SHA512
c1eacb8c2971390bac06203288cfd3e413f3c13bf2dd8443d42e1709a023f9f8fb0ea5c6959e93cc99099354476bd56a947cd112369c1d6e415b0adc7e0b3f63

Download Submit
\Windows\system\ehQlqZJ.exe

Filesize
6.0MB

MD5
44d0da82a7c97b13de3ca42ba1111241

SHA1
566b2bef45405ed917fb1888b5e9f82620749362

SHA256
a6ae796283333a0585c9b9a104dbd03aaf5d9ba9edcb84edc5482da6d4150c6a

SHA512
9ca2a58a254263f788f8357a4f90bd71bb882007bc55707fa9359c518baafce7e2f2891681791b3881cf5832f4b122cf9e5ae9b0b57396f0a852ba458d9a7090

Download Submit
\Windows\system\oXbMVnG.exe

Filesize
6.0MB

MD5
cffc7150da30d528037e24b9b578f3bc

SHA1
cfd416f1e0f649e40ff95b6a09aa13f9a263ade2

SHA256
13f12067c5ca4938e9676b5f18686b732fb3257d592d923322e357c5e1073b44

SHA512
36615070d2961aa88bd85463615468faf1d4d255d87289c49718c1fc592724857d88977724166a42c7d9603bbf88a2216cc5727cb6d24d1287d2bc9f8f4f1966

Download Submit
\Windows\system\opNvQAM.exe

Filesize
6.0MB

MD5
acc0ba3ae3b4a82c7b885867f18cdfee

SHA1
0e68d7c3395136778b3eca4a15187510c4bce67d

SHA256
b197b2ec04b4b45d0d1c908e9caac096edf7308104e0771328069e6f6753f3fa

SHA512
f3f5a247052927798de2cc04398c14db39d560e44653828fe241ce691086688711451fb5dba88ac63a7df4d2b49b837a2fa635059e9228f353458a2f1e99a020

Download Submit
\Windows\system\otxjOWi.exe

Filesize
6.0MB

MD5
a194ff565e9beedf9e9695f56d7d86e1

SHA1
98f89229499da2ce80d87aeda88ff47aec926262

SHA256
b8cd6747609e340cc7d7a85422f714fff0286b9f1b68b7f1d5bf047446b00e63

SHA512
d9c911eb2570af4a35ac16f273f1f3cd45470edf3029e244d7af89e330f807b98c4daea46faeceabaf30ba1212ba2c385ed04cd44fb03119f94f876a9b1eca2b

Download Submit
\Windows\system\pnCiQyN.exe

Filesize
6.0MB

MD5
5a35d72995b6067a1814cfca5c9e753c

SHA1
7e13465954e0c0c67b2807f2abd2c84f7fe829ff

SHA256
ff3106acd0afbeca339caf3ce580f1bc16cdc2eab80150d3cb5830e925b2049e

SHA512
572c176b5ca330ba99f069ec8e59e33b7041a4680e61b50f2119f307df8ca73460f3e0837dba5ac47c1eafc827c6b1017a1ccd2cf893722cab2ddc8ee5e6e6a9

Download Submit
\Windows\system\sTfuuNm.exe

Filesize
6.0MB

MD5
db42dd1bd867a8dc63bb3e3414725dcf

SHA1
f4f09d7c25ace2981c1bfb3272236ec2344e9aad

SHA256
b49ec0eee66924f04c011d118aa97da50c44cb7e5bcf6c4a3ba47cbc1a8dc671

SHA512
27a25b8cc67e37fd2905977f11a30f3d57178f213bd4339b3dfcaa596b6788caa48cd038ff5b979434de0ade8b17d34a117e3e9f7477f7e175d2c97960a936b4

Download Submit
\Windows\system\tENxBrF.exe

Filesize
6.0MB

MD5
dfd7825468cd6ff8ca886a9436830f8a

SHA1
9881b46ca9c319d72fc76fb8e4d183bfb99c83c2

SHA256
ef007a979abbc14d6172adf1f0bf0b433c42abc52977c29f9c771d8ce22d6e36

SHA512
6690ca33f9fb425d2814bb0c54d7e1ac9702a72ce5f21684db18b00a45a4d6c85272dfdcee540a3ff1f9436264124b678d0890a5b7871919addd570351066a99

Download Submit
\Windows\system\uCSWbvt.exe

Filesize
6.0MB

MD5
d5d961cb1fed2b12e41dfadcaa649fda

SHA1
b14040cc3612c73ab9e91a03366adfb65611c57c

SHA256
ff0fb4033fd4d7a0388e13146a56ca8dfe425d630f5088cc1366926be789058d

SHA512
6b408b996dc8c5c040e9ac1ab28860469a472759c3ae22415652f4cbe8ea707350aa7dcaea23dc80c2a049e7905a84b7a9c9f571bf43e8170228b748b198920e

Download Submit
\Windows\system\xsdpNmI.exe

Filesize
6.0MB

MD5
b9612a0490a03807b401edb6941d0a58

SHA1
0002dff57678d217d8d424dd7e89a6fe1f712e81

SHA256
e8d7d0ade04cb281bda02092ee095196053a9a700f7241d0ec9fbaa099c7c20e

SHA512
86c9b18fff4c21eeaf8b338be5cc04940557e9541c6b881a41bf4893053fd696152132260797e7932becfaddba9a99269c974882becef165f4b0d0c1d26979ec

Download Submit
memory/1684-37-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1684-4024-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1756-1760-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-82-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1756-98-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1756-110-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1756-146-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1756-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1756-19-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-138-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1756-35-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-1585-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2032-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2062-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-0-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1756-47-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-30-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1756-128-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-106-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-1290-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-1288-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1756-74-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-173-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-78-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-29-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-4023-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-43-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-4021-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-79-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4031-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4027-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2664-139-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4030-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2672-93-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2744-4033-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-144-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-39-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4025-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-86-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4032-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2908-136-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4028-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2924-75-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2924-4029-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2940-4022-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2940-31-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2996-4026-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2996-65-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download