cobaltstrike | 511f4b6604abd536fdec18bbbaf971e21bd2ee64608351155363bcb8da1b36de

Analysis

max time kernel
144s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d68f6953cefd7f4dbbb3db3b6e4d6514
SHA1

ddfa41f459ad9b1d4ea8b5131ad266007b231718
SHA256

511f4b6604abd536fdec18bbbaf971e21bd2ee64608351155363bcb8da1b36de
SHA512

b80b10bc1df1b78803a2a654bc8b6ebd0481fad18d08c73f735166e98891e1b0582b619c12d45b9eca54a47d3bc5b620b17cc41ec471c398b96d6ee14e151d89
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral2/files/0x0008000000023c84-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c89-8.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c88-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8a-21.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8c-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8d-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8b-35.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c85-51.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-50.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-57.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c91-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c92-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c95-82.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c94-88.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c93-85.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c96-99.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-114.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-118.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-127.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-137.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-155.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-194.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-205.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-203.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-202.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-192.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-176.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-173.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3552-0-0x00007FF62E2B0000-0x00007FF62E604000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c84-5.dat	xmrig
behavioral2/files/0x0007000000023c89-8.dat	xmrig
behavioral2/memory/3992-9-0x00007FF73E8F0000-0x00007FF73EC44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c88-10.dat	xmrig
behavioral2/files/0x0007000000023c8a-21.dat	xmrig
behavioral2/memory/2508-23-0x00007FF611A20000-0x00007FF611D74000-memory.dmp	xmrig
behavioral2/memory/2344-29-0x00007FF67FAA0000-0x00007FF67FDF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8c-40.dat	xmrig
behavioral2/files/0x0007000000023c8d-43.dat	xmrig
behavioral2/memory/1068-42-0x00007FF6C7800000-0x00007FF6C7B54000-memory.dmp	xmrig
behavioral2/memory/1292-39-0x00007FF7AC7C0000-0x00007FF7ACB14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8b-35.dat	xmrig
behavioral2/memory/1564-33-0x00007FF73CB70000-0x00007FF73CEC4000-memory.dmp	xmrig
behavioral2/memory/1940-17-0x00007FF736B60000-0x00007FF736EB4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c85-51.dat	xmrig
behavioral2/files/0x0007000000023c8e-50.dat	xmrig
behavioral2/memory/4836-53-0x00007FF772F50000-0x00007FF7732A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c90-57.dat	xmrig
behavioral2/files/0x0007000000023c91-64.dat	xmrig
behavioral2/files/0x0007000000023c92-78.dat	xmrig
behavioral2/files/0x0007000000023c95-82.dat	xmrig
behavioral2/memory/3200-92-0x00007FF76FCA0000-0x00007FF76FFF4000-memory.dmp	xmrig
behavioral2/memory/3980-94-0x00007FF6A1DA0000-0x00007FF6A20F4000-memory.dmp	xmrig
behavioral2/memory/2344-95-0x00007FF67FAA0000-0x00007FF67FDF4000-memory.dmp	xmrig
behavioral2/memory/4396-93-0x00007FF6545B0000-0x00007FF654904000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c94-88.dat	xmrig
behavioral2/memory/4132-87-0x00007FF791C90000-0x00007FF791FE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c93-85.dat	xmrig
behavioral2/memory/4968-79-0x00007FF730920000-0x00007FF730C74000-memory.dmp	xmrig
behavioral2/memory/1808-74-0x00007FF6BD760000-0x00007FF6BDAB4000-memory.dmp	xmrig
behavioral2/memory/1940-69-0x00007FF736B60000-0x00007FF736EB4000-memory.dmp	xmrig
behavioral2/memory/3992-68-0x00007FF73E8F0000-0x00007FF73EC44000-memory.dmp	xmrig
behavioral2/memory/2480-62-0x00007FF7EA890000-0x00007FF7EABE4000-memory.dmp	xmrig
behavioral2/memory/3552-54-0x00007FF62E2B0000-0x00007FF62E604000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c96-99.dat	xmrig
behavioral2/files/0x0007000000023c97-109.dat	xmrig
behavioral2/files/0x0007000000023c98-114.dat	xmrig
behavioral2/files/0x0007000000023c99-118.dat	xmrig
behavioral2/memory/1044-122-0x00007FF6EA4F0000-0x00007FF6EA844000-memory.dmp	xmrig
behavioral2/memory/4836-121-0x00007FF772F50000-0x00007FF7732A4000-memory.dmp	xmrig
behavioral2/memory/436-117-0x00007FF633C90000-0x00007FF633FE4000-memory.dmp	xmrig
behavioral2/memory/904-110-0x00007FF74FDF0000-0x00007FF750144000-memory.dmp	xmrig
behavioral2/memory/1068-108-0x00007FF6C7800000-0x00007FF6C7B54000-memory.dmp	xmrig
behavioral2/memory/2456-106-0x00007FF75AE80000-0x00007FF75B1D4000-memory.dmp	xmrig
behavioral2/memory/1564-102-0x00007FF73CB70000-0x00007FF73CEC4000-memory.dmp	xmrig
behavioral2/memory/1292-105-0x00007FF7AC7C0000-0x00007FF7ACB14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9a-127.dat	xmrig
behavioral2/memory/2880-132-0x00007FF786A70000-0x00007FF786DC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9b-135.dat	xmrig
behavioral2/files/0x0007000000023c9c-137.dat	xmrig
behavioral2/memory/5064-140-0x00007FF6E8400000-0x00007FF6E8754000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9d-146.dat	xmrig
behavioral2/files/0x0007000000023c9e-152.dat	xmrig
behavioral2/files/0x0007000000023c9f-155.dat	xmrig
behavioral2/memory/1852-163-0x00007FF7E5320000-0x00007FF7E5674000-memory.dmp	xmrig
behavioral2/memory/5056-168-0x00007FF614FC0000-0x00007FF615314000-memory.dmp	xmrig
behavioral2/memory/4684-179-0x00007FF6CEAE0000-0x00007FF6CEE34000-memory.dmp	xmrig
behavioral2/memory/1116-186-0x00007FF7E77A0000-0x00007FF7E7AF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-194.dat	xmrig
behavioral2/memory/2880-316-0x00007FF786A70000-0x00007FF786DC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca7-205.dat	xmrig
behavioral2/files/0x0007000000023ca5-203.dat	xmrig
behavioral2/files/0x0007000000023ca6-202.dat	xmrig

Executes dropped EXE 64 IoCs

Processes:

YUORsqt.exegfeVpSH.exeuQCFixq.exeFdIkAGl.exetWSGLLB.exeGbHsBki.exeNEAIUHj.exewJZIgRi.exeCDXOrLA.exegIporqa.exeMbDalFA.exeBRELNjJ.exemRqjYWz.exetKtGbrH.exegsMTMyN.exeSwCpgig.exePRXuOHO.exemRkorIL.exetYQKplN.exeoSoSOIH.exelFhWBuB.exeMHTdnnU.exedkpkomP.exeVdtpwNk.exeiOvLJTU.exeOGyEGQv.exesjNyYMR.exeQsQRggK.exeCgWVeVI.exeAHArrTo.exeUsJSkai.exedMgqxRT.exeHwSCfxk.exePZrijbe.exechVxttm.exeqpwmhCi.exeIpPGCeN.exekFUMGLX.exekEspVPF.exeEErsLrs.exemweYHrT.exeMrKbUlF.exeXmEmzBa.exeUkvNGoW.exeJpLXbxz.exewZAnKTy.exeWXVjcJV.exeRKAiLZl.exetIRrdtW.exeYlKacDO.exeLJsolkO.exedPnpnIC.exeBKokZDl.exekojFzFe.exeqbJujFY.exehWAmDhF.exeVhVQlgB.exeOKVbbMe.exeePcKXQD.exeectexDv.exeZjLWURG.exeaRsMoWX.exeqGdPvvb.execXYgtVd.exe

pid	Process
3992	YUORsqt.exe
1940	gfeVpSH.exe
2508	uQCFixq.exe
2344	FdIkAGl.exe
1564	tWSGLLB.exe
1292	GbHsBki.exe
1068	NEAIUHj.exe
4836	wJZIgRi.exe
2480	CDXOrLA.exe
1808	gIporqa.exe
4968	MbDalFA.exe
4396	BRELNjJ.exe
4132	mRqjYWz.exe
3980	tKtGbrH.exe
3200	gsMTMyN.exe
2456	SwCpgig.exe
904	PRXuOHO.exe
436	mRkorIL.exe
1044	tYQKplN.exe
2880	oSoSOIH.exe
5064	lFhWBuB.exe
3528	MHTdnnU.exe
948	dkpkomP.exe
1852	VdtpwNk.exe
5056	iOvLJTU.exe
4684	OGyEGQv.exe
3004	sjNyYMR.exe
1116	QsQRggK.exe
2992	CgWVeVI.exe
3460	AHArrTo.exe
4076	UsJSkai.exe
1804	dMgqxRT.exe
3412	HwSCfxk.exe
4632	PZrijbe.exe
4832	chVxttm.exe
792	qpwmhCi.exe
2448	IpPGCeN.exe
532	kFUMGLX.exe
4284	kEspVPF.exe
4432	EErsLrs.exe
2140	mweYHrT.exe
4148	MrKbUlF.exe
1420	XmEmzBa.exe
4344	UkvNGoW.exe
3096	JpLXbxz.exe
3224	wZAnKTy.exe
2720	WXVjcJV.exe
640	RKAiLZl.exe
4536	tIRrdtW.exe
4348	YlKacDO.exe
4776	LJsolkO.exe
1836	dPnpnIC.exe
4512	BKokZDl.exe
1672	kojFzFe.exe
2904	qbJujFY.exe
4360	hWAmDhF.exe
2544	VhVQlgB.exe
3496	OKVbbMe.exe
452	ePcKXQD.exe
220	ectexDv.exe
1252	ZjLWURG.exe
4476	aRsMoWX.exe
708	qGdPvvb.exe
4520	cXYgtVd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3552-0-0x00007FF62E2B0000-0x00007FF62E604000-memory.dmp	upx
behavioral2/files/0x0008000000023c84-5.dat	upx
behavioral2/files/0x0007000000023c89-8.dat	upx
behavioral2/memory/3992-9-0x00007FF73E8F0000-0x00007FF73EC44000-memory.dmp	upx
behavioral2/files/0x0007000000023c88-10.dat	upx
behavioral2/files/0x0007000000023c8a-21.dat	upx
behavioral2/memory/2508-23-0x00007FF611A20000-0x00007FF611D74000-memory.dmp	upx
behavioral2/memory/2344-29-0x00007FF67FAA0000-0x00007FF67FDF4000-memory.dmp	upx
behavioral2/files/0x0007000000023c8c-40.dat	upx
behavioral2/files/0x0007000000023c8d-43.dat	upx
behavioral2/memory/1068-42-0x00007FF6C7800000-0x00007FF6C7B54000-memory.dmp	upx
behavioral2/memory/1292-39-0x00007FF7AC7C0000-0x00007FF7ACB14000-memory.dmp	upx
behavioral2/files/0x0007000000023c8b-35.dat	upx
behavioral2/memory/1564-33-0x00007FF73CB70000-0x00007FF73CEC4000-memory.dmp	upx
behavioral2/memory/1940-17-0x00007FF736B60000-0x00007FF736EB4000-memory.dmp	upx
behavioral2/files/0x0008000000023c85-51.dat	upx
behavioral2/files/0x0007000000023c8e-50.dat	upx
behavioral2/memory/4836-53-0x00007FF772F50000-0x00007FF7732A4000-memory.dmp	upx
behavioral2/files/0x0007000000023c90-57.dat	upx
behavioral2/files/0x0007000000023c91-64.dat	upx
behavioral2/files/0x0007000000023c92-78.dat	upx
behavioral2/files/0x0007000000023c95-82.dat	upx
behavioral2/memory/3200-92-0x00007FF76FCA0000-0x00007FF76FFF4000-memory.dmp	upx
behavioral2/memory/3980-94-0x00007FF6A1DA0000-0x00007FF6A20F4000-memory.dmp	upx
behavioral2/memory/2344-95-0x00007FF67FAA0000-0x00007FF67FDF4000-memory.dmp	upx
behavioral2/memory/4396-93-0x00007FF6545B0000-0x00007FF654904000-memory.dmp	upx
behavioral2/files/0x0007000000023c94-88.dat	upx
behavioral2/memory/4132-87-0x00007FF791C90000-0x00007FF791FE4000-memory.dmp	upx
behavioral2/files/0x0007000000023c93-85.dat	upx
behavioral2/memory/4968-79-0x00007FF730920000-0x00007FF730C74000-memory.dmp	upx
behavioral2/memory/1808-74-0x00007FF6BD760000-0x00007FF6BDAB4000-memory.dmp	upx
behavioral2/memory/1940-69-0x00007FF736B60000-0x00007FF736EB4000-memory.dmp	upx
behavioral2/memory/3992-68-0x00007FF73E8F0000-0x00007FF73EC44000-memory.dmp	upx
behavioral2/memory/2480-62-0x00007FF7EA890000-0x00007FF7EABE4000-memory.dmp	upx
behavioral2/memory/3552-54-0x00007FF62E2B0000-0x00007FF62E604000-memory.dmp	upx
behavioral2/files/0x0007000000023c96-99.dat	upx
behavioral2/files/0x0007000000023c97-109.dat	upx
behavioral2/files/0x0007000000023c98-114.dat	upx
behavioral2/files/0x0007000000023c99-118.dat	upx
behavioral2/memory/1044-122-0x00007FF6EA4F0000-0x00007FF6EA844000-memory.dmp	upx
behavioral2/memory/4836-121-0x00007FF772F50000-0x00007FF7732A4000-memory.dmp	upx
behavioral2/memory/436-117-0x00007FF633C90000-0x00007FF633FE4000-memory.dmp	upx
behavioral2/memory/904-110-0x00007FF74FDF0000-0x00007FF750144000-memory.dmp	upx
behavioral2/memory/1068-108-0x00007FF6C7800000-0x00007FF6C7B54000-memory.dmp	upx
behavioral2/memory/2456-106-0x00007FF75AE80000-0x00007FF75B1D4000-memory.dmp	upx
behavioral2/memory/1564-102-0x00007FF73CB70000-0x00007FF73CEC4000-memory.dmp	upx
behavioral2/memory/1292-105-0x00007FF7AC7C0000-0x00007FF7ACB14000-memory.dmp	upx
behavioral2/files/0x0007000000023c9a-127.dat	upx
behavioral2/memory/2880-132-0x00007FF786A70000-0x00007FF786DC4000-memory.dmp	upx
behavioral2/files/0x0007000000023c9b-135.dat	upx
behavioral2/files/0x0007000000023c9c-137.dat	upx
behavioral2/memory/5064-140-0x00007FF6E8400000-0x00007FF6E8754000-memory.dmp	upx
behavioral2/files/0x0007000000023c9d-146.dat	upx
behavioral2/files/0x0007000000023c9e-152.dat	upx
behavioral2/files/0x0007000000023c9f-155.dat	upx
behavioral2/memory/1852-163-0x00007FF7E5320000-0x00007FF7E5674000-memory.dmp	upx
behavioral2/memory/5056-168-0x00007FF614FC0000-0x00007FF615314000-memory.dmp	upx
behavioral2/memory/4684-179-0x00007FF6CEAE0000-0x00007FF6CEE34000-memory.dmp	upx
behavioral2/memory/1116-186-0x00007FF7E77A0000-0x00007FF7E7AF4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca4-194.dat	upx
behavioral2/memory/2880-316-0x00007FF786A70000-0x00007FF786DC4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca7-205.dat	upx
behavioral2/files/0x0007000000023ca5-203.dat	upx
behavioral2/files/0x0007000000023ca6-202.dat	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\hRxpFJB.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITNIgpA.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INTdwlp.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESFevfC.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNemRPZ.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhXErnm.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWxgyzC.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPhOasI.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssRmyah.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJtZVYu.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Owqbyeb.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGqTRBK.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgjmgFa.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecZAbbh.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpPiBYF.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEYSERp.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaZPiTA.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpzWukI.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJDvlsE.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtANgcj.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfYVlaa.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQCFixq.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIovGBI.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdVCrqg.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZtaOsk.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPXxRpl.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egYlTNY.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEQeFJL.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeXzCBQ.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVDfIlb.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRxutQZ.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBwehBY.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RcAOxSG.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvKGlKD.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmbSvcE.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuRqTfA.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDyATtd.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUCBLzf.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyfrvUH.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oftCWGh.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SshraDs.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGeIFae.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqWVKNa.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EDZHvKR.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZOayjn.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjkZloS.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQpZydS.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKGtvom.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPQJSjW.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmEmzBa.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CytWbCD.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnVZTpp.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIriBhr.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTebwlr.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkthazM.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sseETfm.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXqcxES.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYwMYCD.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjfbMdf.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpZupoh.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHyGjmO.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMLUaWG.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAXOmAw.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAuITOb.exe	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 3552 wrote to memory of 3992	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3552 wrote to memory of 3992	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3552 wrote to memory of 1940	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3552 wrote to memory of 1940	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3552 wrote to memory of 2508	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3552 wrote to memory of 2508	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3552 wrote to memory of 2344	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3552 wrote to memory of 2344	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3552 wrote to memory of 1564	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3552 wrote to memory of 1564	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3552 wrote to memory of 1292	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3552 wrote to memory of 1292	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3552 wrote to memory of 1068	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3552 wrote to memory of 1068	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3552 wrote to memory of 4836	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3552 wrote to memory of 4836	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3552 wrote to memory of 2480	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3552 wrote to memory of 2480	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3552 wrote to memory of 1808	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3552 wrote to memory of 1808	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3552 wrote to memory of 4968	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3552 wrote to memory of 4968	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3552 wrote to memory of 4132	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3552 wrote to memory of 4132	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3552 wrote to memory of 4396	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3552 wrote to memory of 4396	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3552 wrote to memory of 3980	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3552 wrote to memory of 3980	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3552 wrote to memory of 3200	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3552 wrote to memory of 3200	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3552 wrote to memory of 2456	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3552 wrote to memory of 2456	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3552 wrote to memory of 904	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3552 wrote to memory of 904	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3552 wrote to memory of 436	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3552 wrote to memory of 436	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3552 wrote to memory of 1044	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3552 wrote to memory of 1044	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3552 wrote to memory of 2880	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3552 wrote to memory of 2880	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3552 wrote to memory of 5064	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3552 wrote to memory of 5064	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3552 wrote to memory of 3528	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3552 wrote to memory of 3528	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3552 wrote to memory of 948	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3552 wrote to memory of 948	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3552 wrote to memory of 1852	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3552 wrote to memory of 1852	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3552 wrote to memory of 5056	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3552 wrote to memory of 5056	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3552 wrote to memory of 4684	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3552 wrote to memory of 4684	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3552 wrote to memory of 3004	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3552 wrote to memory of 3004	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3552 wrote to memory of 1116	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3552 wrote to memory of 1116	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3552 wrote to memory of 2992	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3552 wrote to memory of 2992	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3552 wrote to memory of 3460	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3552 wrote to memory of 3460	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3552 wrote to memory of 4076	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3552 wrote to memory of 4076	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3552 wrote to memory of 1804	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3552 wrote to memory of 1804	3552	2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_d68f6953cefd7f4dbbb3db3b6e4d6514_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Windows\System\YUORsqt.exe
  C:\Windows\System\YUORsqt.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\gfeVpSH.exe
  C:\Windows\System\gfeVpSH.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\uQCFixq.exe
  C:\Windows\System\uQCFixq.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\FdIkAGl.exe
  C:\Windows\System\FdIkAGl.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\tWSGLLB.exe
  C:\Windows\System\tWSGLLB.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\GbHsBki.exe
  C:\Windows\System\GbHsBki.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\NEAIUHj.exe
  C:\Windows\System\NEAIUHj.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\wJZIgRi.exe
  C:\Windows\System\wJZIgRi.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\CDXOrLA.exe
  C:\Windows\System\CDXOrLA.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\gIporqa.exe
  C:\Windows\System\gIporqa.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\MbDalFA.exe
  C:\Windows\System\MbDalFA.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\mRqjYWz.exe
  C:\Windows\System\mRqjYWz.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\BRELNjJ.exe
  C:\Windows\System\BRELNjJ.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\tKtGbrH.exe
  C:\Windows\System\tKtGbrH.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\gsMTMyN.exe
  C:\Windows\System\gsMTMyN.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\SwCpgig.exe
  C:\Windows\System\SwCpgig.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\PRXuOHO.exe
  C:\Windows\System\PRXuOHO.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\mRkorIL.exe
  C:\Windows\System\mRkorIL.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\tYQKplN.exe
  C:\Windows\System\tYQKplN.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\oSoSOIH.exe
  C:\Windows\System\oSoSOIH.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\lFhWBuB.exe
  C:\Windows\System\lFhWBuB.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\MHTdnnU.exe
  C:\Windows\System\MHTdnnU.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\dkpkomP.exe
  C:\Windows\System\dkpkomP.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\VdtpwNk.exe
  C:\Windows\System\VdtpwNk.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\iOvLJTU.exe
  C:\Windows\System\iOvLJTU.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\OGyEGQv.exe
  C:\Windows\System\OGyEGQv.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\sjNyYMR.exe
  C:\Windows\System\sjNyYMR.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\QsQRggK.exe
  C:\Windows\System\QsQRggK.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\CgWVeVI.exe
  C:\Windows\System\CgWVeVI.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\AHArrTo.exe
  C:\Windows\System\AHArrTo.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\UsJSkai.exe
  C:\Windows\System\UsJSkai.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\dMgqxRT.exe
  C:\Windows\System\dMgqxRT.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\HwSCfxk.exe
  C:\Windows\System\HwSCfxk.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\PZrijbe.exe
  C:\Windows\System\PZrijbe.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\chVxttm.exe
  C:\Windows\System\chVxttm.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\qpwmhCi.exe
  C:\Windows\System\qpwmhCi.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\IpPGCeN.exe
  C:\Windows\System\IpPGCeN.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\kFUMGLX.exe
  C:\Windows\System\kFUMGLX.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\kEspVPF.exe
  C:\Windows\System\kEspVPF.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\EErsLrs.exe
  C:\Windows\System\EErsLrs.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\mweYHrT.exe
  C:\Windows\System\mweYHrT.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\MrKbUlF.exe
  C:\Windows\System\MrKbUlF.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\XmEmzBa.exe
  C:\Windows\System\XmEmzBa.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\UkvNGoW.exe
  C:\Windows\System\UkvNGoW.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\JpLXbxz.exe
  C:\Windows\System\JpLXbxz.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\wZAnKTy.exe
  C:\Windows\System\wZAnKTy.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\WXVjcJV.exe
  C:\Windows\System\WXVjcJV.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\RKAiLZl.exe
  C:\Windows\System\RKAiLZl.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\tIRrdtW.exe
  C:\Windows\System\tIRrdtW.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\YlKacDO.exe
  C:\Windows\System\YlKacDO.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\LJsolkO.exe
  C:\Windows\System\LJsolkO.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\dPnpnIC.exe
  C:\Windows\System\dPnpnIC.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\BKokZDl.exe
  C:\Windows\System\BKokZDl.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\kojFzFe.exe
  C:\Windows\System\kojFzFe.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\qbJujFY.exe
  C:\Windows\System\qbJujFY.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\hWAmDhF.exe
  C:\Windows\System\hWAmDhF.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\VhVQlgB.exe
  C:\Windows\System\VhVQlgB.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\OKVbbMe.exe
  C:\Windows\System\OKVbbMe.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\ePcKXQD.exe
  C:\Windows\System\ePcKXQD.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\ectexDv.exe
  C:\Windows\System\ectexDv.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\ZjLWURG.exe
  C:\Windows\System\ZjLWURG.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\aRsMoWX.exe
  C:\Windows\System\aRsMoWX.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\qGdPvvb.exe
  C:\Windows\System\qGdPvvb.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\cXYgtVd.exe
  C:\Windows\System\cXYgtVd.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\lMLUaWG.exe
  C:\Windows\System\lMLUaWG.exe
  2⤵
  PID:3600
- C:\Windows\System\pAHQUwN.exe
  C:\Windows\System\pAHQUwN.exe
  2⤵
  PID:3480
- C:\Windows\System\VvLJcJy.exe
  C:\Windows\System\VvLJcJy.exe
  2⤵
  PID:4436
- C:\Windows\System\PtmVSYu.exe
  C:\Windows\System\PtmVSYu.exe
  2⤵
  PID:4304
- C:\Windows\System\tChGURr.exe
  C:\Windows\System\tChGURr.exe
  2⤵
  PID:3508
- C:\Windows\System\oeLRuAK.exe
  C:\Windows\System\oeLRuAK.exe
  2⤵
  PID:3936
- C:\Windows\System\ulxuAfU.exe
  C:\Windows\System\ulxuAfU.exe
  2⤵
  PID:752
- C:\Windows\System\GGpdMYb.exe
  C:\Windows\System\GGpdMYb.exe
  2⤵
  PID:4016
- C:\Windows\System\tCQQnKy.exe
  C:\Windows\System\tCQQnKy.exe
  2⤵
  PID:2436
- C:\Windows\System\YhsSFjd.exe
  C:\Windows\System\YhsSFjd.exe
  2⤵
  PID:508
- C:\Windows\System\UhPOgEv.exe
  C:\Windows\System\UhPOgEv.exe
  2⤵
  PID:4696
- C:\Windows\System\zgqjrrj.exe
  C:\Windows\System\zgqjrrj.exe
  2⤵
  PID:2552
- C:\Windows\System\ZDpHlzV.exe
  C:\Windows\System\ZDpHlzV.exe
  2⤵
  PID:1528
- C:\Windows\System\ssRmyah.exe
  C:\Windows\System\ssRmyah.exe
  2⤵
  PID:4792
- C:\Windows\System\mDDGhgr.exe
  C:\Windows\System\mDDGhgr.exe
  2⤵
  PID:3756
- C:\Windows\System\fxpZjFG.exe
  C:\Windows\System\fxpZjFG.exe
  2⤵
  PID:2212
- C:\Windows\System\skrMImG.exe
  C:\Windows\System\skrMImG.exe
  2⤵
  PID:836
- C:\Windows\System\nOgjrQV.exe
  C:\Windows\System\nOgjrQV.exe
  2⤵
  PID:3232
- C:\Windows\System\ixqYepQ.exe
  C:\Windows\System\ixqYepQ.exe
  2⤵
  PID:3752
- C:\Windows\System\nArsOHy.exe
  C:\Windows\System\nArsOHy.exe
  2⤵
  PID:588
- C:\Windows\System\xmDfGVa.exe
  C:\Windows\System\xmDfGVa.exe
  2⤵
  PID:1520
- C:\Windows\System\dqLZkjE.exe
  C:\Windows\System\dqLZkjE.exe
  2⤵
  PID:1344
- C:\Windows\System\rqpOmrV.exe
  C:\Windows\System\rqpOmrV.exe
  2⤵
  PID:2968
- C:\Windows\System\oYCPVJd.exe
  C:\Windows\System\oYCPVJd.exe
  2⤵
  PID:636
- C:\Windows\System\OPclARX.exe
  C:\Windows\System\OPclARX.exe
  2⤵
  PID:2192
- C:\Windows\System\LmhxCbD.exe
  C:\Windows\System\LmhxCbD.exe
  2⤵
  PID:944
- C:\Windows\System\JRqIWZx.exe
  C:\Windows\System\JRqIWZx.exe
  2⤵
  PID:5132
- C:\Windows\System\PgMpkUk.exe
  C:\Windows\System\PgMpkUk.exe
  2⤵
  PID:5164
- C:\Windows\System\WRcdXiA.exe
  C:\Windows\System\WRcdXiA.exe
  2⤵
  PID:5184
- C:\Windows\System\dqYiEyH.exe
  C:\Windows\System\dqYiEyH.exe
  2⤵
  PID:5228
- C:\Windows\System\erDARiT.exe
  C:\Windows\System\erDARiT.exe
  2⤵
  PID:5256
- C:\Windows\System\yLCFQUo.exe
  C:\Windows\System\yLCFQUo.exe
  2⤵
  PID:5284
- C:\Windows\System\JOaEAAW.exe
  C:\Windows\System\JOaEAAW.exe
  2⤵
  PID:5308
- C:\Windows\System\SCxZauC.exe
  C:\Windows\System\SCxZauC.exe
  2⤵
  PID:5344
- C:\Windows\System\WsPFMCZ.exe
  C:\Windows\System\WsPFMCZ.exe
  2⤵
  PID:5368
- C:\Windows\System\iAXOmAw.exe
  C:\Windows\System\iAXOmAw.exe
  2⤵
  PID:5396
- C:\Windows\System\JztVoML.exe
  C:\Windows\System\JztVoML.exe
  2⤵
  PID:5432
- C:\Windows\System\HydAeTh.exe
  C:\Windows\System\HydAeTh.exe
  2⤵
  PID:5464
- C:\Windows\System\llDQOJx.exe
  C:\Windows\System\llDQOJx.exe
  2⤵
  PID:5492
- C:\Windows\System\GzEBnHf.exe
  C:\Windows\System\GzEBnHf.exe
  2⤵
  PID:5520
- C:\Windows\System\tAFjYXF.exe
  C:\Windows\System\tAFjYXF.exe
  2⤵
  PID:5548
- C:\Windows\System\YqZTMlY.exe
  C:\Windows\System\YqZTMlY.exe
  2⤵
  PID:5572
- C:\Windows\System\vOLMAKa.exe
  C:\Windows\System\vOLMAKa.exe
  2⤵
  PID:5608
- C:\Windows\System\hkKqJOe.exe
  C:\Windows\System\hkKqJOe.exe
  2⤵
  PID:5640
- C:\Windows\System\kvSXvxh.exe
  C:\Windows\System\kvSXvxh.exe
  2⤵
  PID:5668
- C:\Windows\System\QkmDyPb.exe
  C:\Windows\System\QkmDyPb.exe
  2⤵
  PID:5692
- C:\Windows\System\iQYtoeV.exe
  C:\Windows\System\iQYtoeV.exe
  2⤵
  PID:5720
- C:\Windows\System\qAuITOb.exe
  C:\Windows\System\qAuITOb.exe
  2⤵
  PID:5744
- C:\Windows\System\TqlUuGz.exe
  C:\Windows\System\TqlUuGz.exe
  2⤵
  PID:5780
- C:\Windows\System\gNnioLm.exe
  C:\Windows\System\gNnioLm.exe
  2⤵
  PID:5808
- C:\Windows\System\bwTHScH.exe
  C:\Windows\System\bwTHScH.exe
  2⤵
  PID:5828
- C:\Windows\System\eHLyjeG.exe
  C:\Windows\System\eHLyjeG.exe
  2⤵
  PID:5856
- C:\Windows\System\RptPjMv.exe
  C:\Windows\System\RptPjMv.exe
  2⤵
  PID:5892
- C:\Windows\System\PiPArcH.exe
  C:\Windows\System\PiPArcH.exe
  2⤵
  PID:5944
- C:\Windows\System\guFJpvV.exe
  C:\Windows\System\guFJpvV.exe
  2⤵
  PID:5988
- C:\Windows\System\exeBsyV.exe
  C:\Windows\System\exeBsyV.exe
  2⤵
  PID:6008
- C:\Windows\System\RGIfAcH.exe
  C:\Windows\System\RGIfAcH.exe
  2⤵
  PID:6032
- C:\Windows\System\MkwaVdT.exe
  C:\Windows\System\MkwaVdT.exe
  2⤵
  PID:6076
- C:\Windows\System\oekaWvH.exe
  C:\Windows\System\oekaWvH.exe
  2⤵
  PID:6104
- C:\Windows\System\QVfmGww.exe
  C:\Windows\System\QVfmGww.exe
  2⤵
  PID:6136
- C:\Windows\System\wbhKNiw.exe
  C:\Windows\System\wbhKNiw.exe
  2⤵
  PID:5176
- C:\Windows\System\JJWQmKR.exe
  C:\Windows\System\JJWQmKR.exe
  2⤵
  PID:5220
- C:\Windows\System\hnzjfLO.exe
  C:\Windows\System\hnzjfLO.exe
  2⤵
  PID:5292
- C:\Windows\System\RzZOdKN.exe
  C:\Windows\System\RzZOdKN.exe
  2⤵
  PID:5356
- C:\Windows\System\xkYxJQk.exe
  C:\Windows\System\xkYxJQk.exe
  2⤵
  PID:5408
- C:\Windows\System\ndiSrwD.exe
  C:\Windows\System\ndiSrwD.exe
  2⤵
  PID:5412
- C:\Windows\System\mqlBHfA.exe
  C:\Windows\System\mqlBHfA.exe
  2⤵
  PID:5516
- C:\Windows\System\LutYtNJ.exe
  C:\Windows\System\LutYtNJ.exe
  2⤵
  PID:5616
- C:\Windows\System\nharcxG.exe
  C:\Windows\System\nharcxG.exe
  2⤵
  PID:5700
- C:\Windows\System\BKFVhYh.exe
  C:\Windows\System\BKFVhYh.exe
  2⤵
  PID:1456
- C:\Windows\System\HnuyeXk.exe
  C:\Windows\System\HnuyeXk.exe
  2⤵
  PID:5928
- C:\Windows\System\SBQLkwJ.exe
  C:\Windows\System\SBQLkwJ.exe
  2⤵
  PID:6020
- C:\Windows\System\EaqcCwo.exe
  C:\Windows\System\EaqcCwo.exe
  2⤵
  PID:6084
- C:\Windows\System\tBxlbZE.exe
  C:\Windows\System\tBxlbZE.exe
  2⤵
  PID:4332
- C:\Windows\System\ZrCJrfm.exe
  C:\Windows\System\ZrCJrfm.exe
  2⤵
  PID:5236
- C:\Windows\System\EFzVzKy.exe
  C:\Windows\System\EFzVzKy.exe
  2⤵
  PID:5732
- C:\Windows\System\icemhEt.exe
  C:\Windows\System\icemhEt.exe
  2⤵
  PID:5456
- C:\Windows\System\rfKDHQh.exe
  C:\Windows\System\rfKDHQh.exe
  2⤵
  PID:5636
- C:\Windows\System\bCOwExj.exe
  C:\Windows\System\bCOwExj.exe
  2⤵
  PID:5876
- C:\Windows\System\WiiMNxo.exe
  C:\Windows\System\WiiMNxo.exe
  2⤵
  PID:1828
- C:\Windows\System\stfLwTA.exe
  C:\Windows\System\stfLwTA.exe
  2⤵
  PID:5980
- C:\Windows\System\KlfOmdQ.exe
  C:\Windows\System\KlfOmdQ.exe
  2⤵
  PID:4156
- C:\Windows\System\BImUXmk.exe
  C:\Windows\System\BImUXmk.exe
  2⤵
  PID:5380
- C:\Windows\System\OznQkYS.exe
  C:\Windows\System\OznQkYS.exe
  2⤵
  PID:5264
- C:\Windows\System\WnGcKho.exe
  C:\Windows\System\WnGcKho.exe
  2⤵
  PID:4612
- C:\Windows\System\yurjDtv.exe
  C:\Windows\System\yurjDtv.exe
  2⤵
  PID:4488
- C:\Windows\System\BJbeByp.exe
  C:\Windows\System\BJbeByp.exe
  2⤵
  PID:6052
- C:\Windows\System\UHIauCD.exe
  C:\Windows\System\UHIauCD.exe
  2⤵
  PID:1412
- C:\Windows\System\FoBlvzF.exe
  C:\Windows\System\FoBlvzF.exe
  2⤵
  PID:6164
- C:\Windows\System\qyAtmrE.exe
  C:\Windows\System\qyAtmrE.exe
  2⤵
  PID:6204
- C:\Windows\System\DqeemjF.exe
  C:\Windows\System\DqeemjF.exe
  2⤵
  PID:6220
- C:\Windows\System\xmRaxTT.exe
  C:\Windows\System\xmRaxTT.exe
  2⤵
  PID:6256
- C:\Windows\System\PUwyskB.exe
  C:\Windows\System\PUwyskB.exe
  2⤵
  PID:6284
- C:\Windows\System\UaZPiTA.exe
  C:\Windows\System\UaZPiTA.exe
  2⤵
  PID:6316
- C:\Windows\System\oLyYMtg.exe
  C:\Windows\System\oLyYMtg.exe
  2⤵
  PID:6348
- C:\Windows\System\vBWNSIJ.exe
  C:\Windows\System\vBWNSIJ.exe
  2⤵
  PID:6372
- C:\Windows\System\TpYsOSm.exe
  C:\Windows\System\TpYsOSm.exe
  2⤵
  PID:6400
- C:\Windows\System\XWlHwKr.exe
  C:\Windows\System\XWlHwKr.exe
  2⤵
  PID:6428
- C:\Windows\System\deXlmhB.exe
  C:\Windows\System\deXlmhB.exe
  2⤵
  PID:6456
- C:\Windows\System\gHOwMIs.exe
  C:\Windows\System\gHOwMIs.exe
  2⤵
  PID:6484
- C:\Windows\System\vrJAeCP.exe
  C:\Windows\System\vrJAeCP.exe
  2⤵
  PID:6532
- C:\Windows\System\mpzLXix.exe
  C:\Windows\System\mpzLXix.exe
  2⤵
  PID:6592
- C:\Windows\System\KnbNoOx.exe
  C:\Windows\System\KnbNoOx.exe
  2⤵
  PID:6656
- C:\Windows\System\QSBXajj.exe
  C:\Windows\System\QSBXajj.exe
  2⤵
  PID:6704
- C:\Windows\System\PVZIzfe.exe
  C:\Windows\System\PVZIzfe.exe
  2⤵
  PID:6736
- C:\Windows\System\SnpobVU.exe
  C:\Windows\System\SnpobVU.exe
  2⤵
  PID:6756
- C:\Windows\System\VcCaxYh.exe
  C:\Windows\System\VcCaxYh.exe
  2⤵
  PID:6796
- C:\Windows\System\CkthazM.exe
  C:\Windows\System\CkthazM.exe
  2⤵
  PID:6848
- C:\Windows\System\kTImjmQ.exe
  C:\Windows\System\kTImjmQ.exe
  2⤵
  PID:6872
- C:\Windows\System\yXxqwLr.exe
  C:\Windows\System\yXxqwLr.exe
  2⤵
  PID:6892
- C:\Windows\System\iCRSlzf.exe
  C:\Windows\System\iCRSlzf.exe
  2⤵
  PID:6932
- C:\Windows\System\meWOEJN.exe
  C:\Windows\System\meWOEJN.exe
  2⤵
  PID:6956
- C:\Windows\System\lBNfUPb.exe
  C:\Windows\System\lBNfUPb.exe
  2⤵
  PID:6984
- C:\Windows\System\pNrZHFf.exe
  C:\Windows\System\pNrZHFf.exe
  2⤵
  PID:7020
- C:\Windows\System\BTtmXKF.exe
  C:\Windows\System\BTtmXKF.exe
  2⤵
  PID:7048
- C:\Windows\System\jRrJbLQ.exe
  C:\Windows\System\jRrJbLQ.exe
  2⤵
  PID:7076
- C:\Windows\System\fwMihvS.exe
  C:\Windows\System\fwMihvS.exe
  2⤵
  PID:7092
- C:\Windows\System\SEkOVeD.exe
  C:\Windows\System\SEkOVeD.exe
  2⤵
  PID:7128
- C:\Windows\System\CRxutQZ.exe
  C:\Windows\System\CRxutQZ.exe
  2⤵
  PID:7160
- C:\Windows\System\imekEnl.exe
  C:\Windows\System\imekEnl.exe
  2⤵
  PID:652
- C:\Windows\System\QEsHtTh.exe
  C:\Windows\System\QEsHtTh.exe
  2⤵
  PID:6176
- C:\Windows\System\LJtIiwg.exe
  C:\Windows\System\LJtIiwg.exe
  2⤵
  PID:1124
- C:\Windows\System\XBrikzc.exe
  C:\Windows\System\XBrikzc.exe
  2⤵
  PID:6240
- C:\Windows\System\xXWVUJn.exe
  C:\Windows\System\xXWVUJn.exe
  2⤵
  PID:6292
- C:\Windows\System\IuPrpxL.exe
  C:\Windows\System\IuPrpxL.exe
  2⤵
  PID:6408
- C:\Windows\System\JpZLEhd.exe
  C:\Windows\System\JpZLEhd.exe
  2⤵
  PID:6436
- C:\Windows\System\liiSlCo.exe
  C:\Windows\System\liiSlCo.exe
  2⤵
  PID:6520
- C:\Windows\System\cvYAihn.exe
  C:\Windows\System\cvYAihn.exe
  2⤵
  PID:6644
- C:\Windows\System\YmWsKuq.exe
  C:\Windows\System\YmWsKuq.exe
  2⤵
  PID:6716
- C:\Windows\System\TdEAVdf.exe
  C:\Windows\System\TdEAVdf.exe
  2⤵
  PID:6828
- C:\Windows\System\gkTWdGp.exe
  C:\Windows\System\gkTWdGp.exe
  2⤵
  PID:6884
- C:\Windows\System\wMUqHNq.exe
  C:\Windows\System\wMUqHNq.exe
  2⤵
  PID:6976
- C:\Windows\System\OLqgYWK.exe
  C:\Windows\System\OLqgYWK.exe
  2⤵
  PID:7044
- C:\Windows\System\WPTaBWb.exe
  C:\Windows\System\WPTaBWb.exe
  2⤵
  PID:7112
- C:\Windows\System\vlktVNP.exe
  C:\Windows\System\vlktVNP.exe
  2⤵
  PID:6148
- C:\Windows\System\owGtzZb.exe
  C:\Windows\System\owGtzZb.exe
  2⤵
  PID:6216
- C:\Windows\System\mkESFkI.exe
  C:\Windows\System\mkESFkI.exe
  2⤵
  PID:6356
- C:\Windows\System\YkVcFko.exe
  C:\Windows\System\YkVcFko.exe
  2⤵
  PID:6464
- C:\Windows\System\DXTBCQX.exe
  C:\Windows\System\DXTBCQX.exe
  2⤵
  PID:6788
- C:\Windows\System\ZuUxEJk.exe
  C:\Windows\System\ZuUxEJk.exe
  2⤵
  PID:6940
- C:\Windows\System\VQJOJZK.exe
  C:\Windows\System\VQJOJZK.exe
  2⤵
  PID:7136
- C:\Windows\System\dzvnpMQ.exe
  C:\Windows\System\dzvnpMQ.exe
  2⤵
  PID:6304
- C:\Windows\System\VTPLcsa.exe
  C:\Windows\System\VTPLcsa.exe
  2⤵
  PID:6776
- C:\Windows\System\qlyIviW.exe
  C:\Windows\System\qlyIviW.exe
  2⤵
  PID:7068
- C:\Windows\System\LPkZtDt.exe
  C:\Windows\System\LPkZtDt.exe
  2⤵
  PID:6192
- C:\Windows\System\SMACmTY.exe
  C:\Windows\System\SMACmTY.exe
  2⤵
  PID:864
- C:\Windows\System\iOZXYgE.exe
  C:\Windows\System\iOZXYgE.exe
  2⤵
  PID:3212
- C:\Windows\System\tkbigRe.exe
  C:\Windows\System\tkbigRe.exe
  2⤵
  PID:4404
- C:\Windows\System\VPlpSSv.exe
  C:\Windows\System\VPlpSSv.exe
  2⤵
  PID:3952
- C:\Windows\System\fEsIEuo.exe
  C:\Windows\System\fEsIEuo.exe
  2⤵
  PID:3808
- C:\Windows\System\yxVMlMR.exe
  C:\Windows\System\yxVMlMR.exe
  2⤵
  PID:7172
- C:\Windows\System\WoWNWRW.exe
  C:\Windows\System\WoWNWRW.exe
  2⤵
  PID:7212
- C:\Windows\System\dLQKMEu.exe
  C:\Windows\System\dLQKMEu.exe
  2⤵
  PID:7236
- C:\Windows\System\utRSRhZ.exe
  C:\Windows\System\utRSRhZ.exe
  2⤵
  PID:7288
- C:\Windows\System\bqMgPqv.exe
  C:\Windows\System\bqMgPqv.exe
  2⤵
  PID:7312
- C:\Windows\System\adGasqC.exe
  C:\Windows\System\adGasqC.exe
  2⤵
  PID:7352
- C:\Windows\System\zTeCZfO.exe
  C:\Windows\System\zTeCZfO.exe
  2⤵
  PID:7376
- C:\Windows\System\wPPvqUs.exe
  C:\Windows\System\wPPvqUs.exe
  2⤵
  PID:7404
- C:\Windows\System\VIlGFgC.exe
  C:\Windows\System\VIlGFgC.exe
  2⤵
  PID:7428
- C:\Windows\System\LqYRoRT.exe
  C:\Windows\System\LqYRoRT.exe
  2⤵
  PID:7452
- C:\Windows\System\EOCWNAs.exe
  C:\Windows\System\EOCWNAs.exe
  2⤵
  PID:7480
- C:\Windows\System\iiQCGQF.exe
  C:\Windows\System\iiQCGQF.exe
  2⤵
  PID:7524
- C:\Windows\System\PjySPIt.exe
  C:\Windows\System\PjySPIt.exe
  2⤵
  PID:7552
- C:\Windows\System\DAddsfD.exe
  C:\Windows\System\DAddsfD.exe
  2⤵
  PID:7592
- C:\Windows\System\IfhTgeD.exe
  C:\Windows\System\IfhTgeD.exe
  2⤵
  PID:7612
- C:\Windows\System\ZxpkmcM.exe
  C:\Windows\System\ZxpkmcM.exe
  2⤵
  PID:7644
- C:\Windows\System\qqjtFSH.exe
  C:\Windows\System\qqjtFSH.exe
  2⤵
  PID:7664
- C:\Windows\System\FBIliFk.exe
  C:\Windows\System\FBIliFk.exe
  2⤵
  PID:7704
- C:\Windows\System\xXGfEdV.exe
  C:\Windows\System\xXGfEdV.exe
  2⤵
  PID:7720
- C:\Windows\System\ecZAbbh.exe
  C:\Windows\System\ecZAbbh.exe
  2⤵
  PID:7752
- C:\Windows\System\wmeotzq.exe
  C:\Windows\System\wmeotzq.exe
  2⤵
  PID:7780
- C:\Windows\System\mGEOBbm.exe
  C:\Windows\System\mGEOBbm.exe
  2⤵
  PID:7808
- C:\Windows\System\OaQWGNX.exe
  C:\Windows\System\OaQWGNX.exe
  2⤵
  PID:7836
- C:\Windows\System\QskLjNV.exe
  C:\Windows\System\QskLjNV.exe
  2⤵
  PID:7864
- C:\Windows\System\FhlEACH.exe
  C:\Windows\System\FhlEACH.exe
  2⤵
  PID:7892
- C:\Windows\System\bGyQwYM.exe
  C:\Windows\System\bGyQwYM.exe
  2⤵
  PID:7920
- C:\Windows\System\eybvEfh.exe
  C:\Windows\System\eybvEfh.exe
  2⤵
  PID:7948
- C:\Windows\System\AvWsqXl.exe
  C:\Windows\System\AvWsqXl.exe
  2⤵
  PID:7976
- C:\Windows\System\whiKjBH.exe
  C:\Windows\System\whiKjBH.exe
  2⤵
  PID:8004
- C:\Windows\System\HUEmWHx.exe
  C:\Windows\System\HUEmWHx.exe
  2⤵
  PID:8032
- C:\Windows\System\LVqdbfV.exe
  C:\Windows\System\LVqdbfV.exe
  2⤵
  PID:8060
- C:\Windows\System\QNJVlPK.exe
  C:\Windows\System\QNJVlPK.exe
  2⤵
  PID:8088
- C:\Windows\System\reZFikE.exe
  C:\Windows\System\reZFikE.exe
  2⤵
  PID:8116
- C:\Windows\System\LjZLQei.exe
  C:\Windows\System\LjZLQei.exe
  2⤵
  PID:8144
- C:\Windows\System\HoFWTJt.exe
  C:\Windows\System\HoFWTJt.exe
  2⤵
  PID:8176
- C:\Windows\System\EiePzUF.exe
  C:\Windows\System\EiePzUF.exe
  2⤵
  PID:3312
- C:\Windows\System\MWgKzFy.exe
  C:\Windows\System\MWgKzFy.exe
  2⤵
  PID:7244
- C:\Windows\System\HzeBIlZ.exe
  C:\Windows\System\HzeBIlZ.exe
  2⤵
  PID:6200
- C:\Windows\System\eoPUKgC.exe
  C:\Windows\System\eoPUKgC.exe
  2⤵
  PID:7388
- C:\Windows\System\EDlrxbB.exe
  C:\Windows\System\EDlrxbB.exe
  2⤵
  PID:4640
- C:\Windows\System\sVSvAUs.exe
  C:\Windows\System\sVSvAUs.exe
  2⤵
  PID:7504
- C:\Windows\System\wtihelV.exe
  C:\Windows\System\wtihelV.exe
  2⤵
  PID:7560
- C:\Windows\System\sFgCMDW.exe
  C:\Windows\System\sFgCMDW.exe
  2⤵
  PID:7620
- C:\Windows\System\ccQbDnG.exe
  C:\Windows\System\ccQbDnG.exe
  2⤵
  PID:7696
- C:\Windows\System\goPOSmE.exe
  C:\Windows\System\goPOSmE.exe
  2⤵
  PID:7744
- C:\Windows\System\QTQxhID.exe
  C:\Windows\System\QTQxhID.exe
  2⤵
  PID:7804
- C:\Windows\System\TcFZTEW.exe
  C:\Windows\System\TcFZTEW.exe
  2⤵
  PID:7876
- C:\Windows\System\aeVKroH.exe
  C:\Windows\System\aeVKroH.exe
  2⤵
  PID:7932
- C:\Windows\System\ARHdiPo.exe
  C:\Windows\System\ARHdiPo.exe
  2⤵
  PID:7996
- C:\Windows\System\jxrHGXm.exe
  C:\Windows\System\jxrHGXm.exe
  2⤵
  PID:8056
- C:\Windows\System\IivnjAC.exe
  C:\Windows\System\IivnjAC.exe
  2⤵
  PID:8128
- C:\Windows\System\UHwWuMh.exe
  C:\Windows\System\UHwWuMh.exe
  2⤵
  PID:8172
- C:\Windows\System\YmTmACf.exe
  C:\Windows\System\YmTmACf.exe
  2⤵
  PID:7296
- C:\Windows\System\JRVXAKp.exe
  C:\Windows\System\JRVXAKp.exe
  2⤵
  PID:7424
- C:\Windows\System\ZPuqgsT.exe
  C:\Windows\System\ZPuqgsT.exe
  2⤵
  PID:6672
- C:\Windows\System\jJtZVYu.exe
  C:\Windows\System\jJtZVYu.exe
  2⤵
  PID:7660
- C:\Windows\System\utMVOXM.exe
  C:\Windows\System\utMVOXM.exe
  2⤵
  PID:7856
- C:\Windows\System\UDNsRkK.exe
  C:\Windows\System\UDNsRkK.exe
  2⤵
  PID:7960
- C:\Windows\System\myhZIPF.exe
  C:\Windows\System\myhZIPF.exe
  2⤵
  PID:4764
- C:\Windows\System\QuYJkGk.exe
  C:\Windows\System\QuYJkGk.exe
  2⤵
  PID:7220
- C:\Windows\System\gsnipQQ.exe
  C:\Windows\System\gsnipQQ.exe
  2⤵
  PID:7544
- C:\Windows\System\PBwehBY.exe
  C:\Windows\System\PBwehBY.exe
  2⤵
  PID:7888
- C:\Windows\System\lWOuptD.exe
  C:\Windows\System\lWOuptD.exe
  2⤵
  PID:7740
- C:\Windows\System\XaGqCnA.exe
  C:\Windows\System\XaGqCnA.exe
  2⤵
  PID:7988
- C:\Windows\System\cLAwgaX.exe
  C:\Windows\System\cLAwgaX.exe
  2⤵
  PID:4848
- C:\Windows\System\qkutCEV.exe
  C:\Windows\System\qkutCEV.exe
  2⤵
  PID:8224
- C:\Windows\System\LfbqjbR.exe
  C:\Windows\System\LfbqjbR.exe
  2⤵
  PID:8240
- C:\Windows\System\oLMPwrP.exe
  C:\Windows\System\oLMPwrP.exe
  2⤵
  PID:8272
- C:\Windows\System\ppRyHqh.exe
  C:\Windows\System\ppRyHqh.exe
  2⤵
  PID:8300
- C:\Windows\System\zRMTNXX.exe
  C:\Windows\System\zRMTNXX.exe
  2⤵
  PID:8320
- C:\Windows\System\vdIfREw.exe
  C:\Windows\System\vdIfREw.exe
  2⤵
  PID:8372
- C:\Windows\System\zGtQXfv.exe
  C:\Windows\System\zGtQXfv.exe
  2⤵
  PID:8404
- C:\Windows\System\CGZmXOs.exe
  C:\Windows\System\CGZmXOs.exe
  2⤵
  PID:8436
- C:\Windows\System\wSNpGrR.exe
  C:\Windows\System\wSNpGrR.exe
  2⤵
  PID:8452
- C:\Windows\System\qXpOLUK.exe
  C:\Windows\System\qXpOLUK.exe
  2⤵
  PID:8496
- C:\Windows\System\WEWgEej.exe
  C:\Windows\System\WEWgEej.exe
  2⤵
  PID:8548
- C:\Windows\System\RoLOhdG.exe
  C:\Windows\System\RoLOhdG.exe
  2⤵
  PID:8564
- C:\Windows\System\oCabiWJ.exe
  C:\Windows\System\oCabiWJ.exe
  2⤵
  PID:8584
- C:\Windows\System\VmmGJer.exe
  C:\Windows\System\VmmGJer.exe
  2⤵
  PID:8608
- C:\Windows\System\fGgHzOV.exe
  C:\Windows\System\fGgHzOV.exe
  2⤵
  PID:8656
- C:\Windows\System\Wrgeixb.exe
  C:\Windows\System\Wrgeixb.exe
  2⤵
  PID:8680
- C:\Windows\System\HCuYBvR.exe
  C:\Windows\System\HCuYBvR.exe
  2⤵
  PID:8708
- C:\Windows\System\ryzRSar.exe
  C:\Windows\System\ryzRSar.exe
  2⤵
  PID:8736
- C:\Windows\System\zcDdaGG.exe
  C:\Windows\System\zcDdaGG.exe
  2⤵
  PID:8764
- C:\Windows\System\GTaGFAT.exe
  C:\Windows\System\GTaGFAT.exe
  2⤵
  PID:8792
- C:\Windows\System\WCQJhSh.exe
  C:\Windows\System\WCQJhSh.exe
  2⤵
  PID:8820
- C:\Windows\System\NNvCBon.exe
  C:\Windows\System\NNvCBon.exe
  2⤵
  PID:8848
- C:\Windows\System\CytWbCD.exe
  C:\Windows\System\CytWbCD.exe
  2⤵
  PID:8876
- C:\Windows\System\DySBVEO.exe
  C:\Windows\System\DySBVEO.exe
  2⤵
  PID:8904
- C:\Windows\System\hyrajdo.exe
  C:\Windows\System\hyrajdo.exe
  2⤵
  PID:8932
- C:\Windows\System\Tnkuqzq.exe
  C:\Windows\System\Tnkuqzq.exe
  2⤵
  PID:8960
- C:\Windows\System\NATwJXX.exe
  C:\Windows\System\NATwJXX.exe
  2⤵
  PID:8992
- C:\Windows\System\VyJlUpy.exe
  C:\Windows\System\VyJlUpy.exe
  2⤵
  PID:9020
- C:\Windows\System\bEJtSfo.exe
  C:\Windows\System\bEJtSfo.exe
  2⤵
  PID:9048
- C:\Windows\System\AWSIogI.exe
  C:\Windows\System\AWSIogI.exe
  2⤵
  PID:9076
- C:\Windows\System\mObCyfz.exe
  C:\Windows\System\mObCyfz.exe
  2⤵
  PID:9104
- C:\Windows\System\oYuOpLZ.exe
  C:\Windows\System\oYuOpLZ.exe
  2⤵
  PID:9132
- C:\Windows\System\FLWmMKj.exe
  C:\Windows\System\FLWmMKj.exe
  2⤵
  PID:9160
- C:\Windows\System\Owqbyeb.exe
  C:\Windows\System\Owqbyeb.exe
  2⤵
  PID:9188
- C:\Windows\System\vBQGANH.exe
  C:\Windows\System\vBQGANH.exe
  2⤵
  PID:2884
- C:\Windows\System\jTZGksw.exe
  C:\Windows\System\jTZGksw.exe
  2⤵
  PID:8252
- C:\Windows\System\kXmseYJ.exe
  C:\Windows\System\kXmseYJ.exe
  2⤵
  PID:8284
- C:\Windows\System\KpZAexO.exe
  C:\Windows\System\KpZAexO.exe
  2⤵
  PID:8340
- C:\Windows\System\LmtZLwe.exe
  C:\Windows\System\LmtZLwe.exe
  2⤵
  PID:4464
- C:\Windows\System\CanOidW.exe
  C:\Windows\System\CanOidW.exe
  2⤵
  PID:8444
- C:\Windows\System\uTyvNZA.exe
  C:\Windows\System\uTyvNZA.exe
  2⤵
  PID:2792
- C:\Windows\System\OULBFTg.exe
  C:\Windows\System\OULBFTg.exe
  2⤵
  PID:916
- C:\Windows\System\zmXFFKb.exe
  C:\Windows\System\zmXFFKb.exe
  2⤵
  PID:8196
- C:\Windows\System\KsyibPn.exe
  C:\Windows\System\KsyibPn.exe
  2⤵
  PID:2444
- C:\Windows\System\IDNLuOK.exe
  C:\Windows\System\IDNLuOK.exe
  2⤵
  PID:4504
- C:\Windows\System\mZOayjn.exe
  C:\Windows\System\mZOayjn.exe
  2⤵
  PID:1796
- C:\Windows\System\iBkkjxu.exe
  C:\Windows\System\iBkkjxu.exe
  2⤵
  PID:8400
- C:\Windows\System\HmmIpEU.exe
  C:\Windows\System\HmmIpEU.exe
  2⤵
  PID:8632
- C:\Windows\System\IiGiVOa.exe
  C:\Windows\System\IiGiVOa.exe
  2⤵
  PID:8648
- C:\Windows\System\CiKZOzs.exe
  C:\Windows\System\CiKZOzs.exe
  2⤵
  PID:8704
- C:\Windows\System\yoKJORC.exe
  C:\Windows\System\yoKJORC.exe
  2⤵
  PID:8788
- C:\Windows\System\mByqWtl.exe
  C:\Windows\System\mByqWtl.exe
  2⤵
  PID:8384
- C:\Windows\System\dkYrNnk.exe
  C:\Windows\System\dkYrNnk.exe
  2⤵
  PID:8896
- C:\Windows\System\cdWevAi.exe
  C:\Windows\System\cdWevAi.exe
  2⤵
  PID:8956
- C:\Windows\System\pvbZWfL.exe
  C:\Windows\System\pvbZWfL.exe
  2⤵
  PID:9016
- C:\Windows\System\CAJEFFV.exe
  C:\Windows\System\CAJEFFV.exe
  2⤵
  PID:9088
- C:\Windows\System\fMCobDy.exe
  C:\Windows\System\fMCobDy.exe
  2⤵
  PID:9156
- C:\Windows\System\NKsztub.exe
  C:\Windows\System\NKsztub.exe
  2⤵
  PID:2152
- C:\Windows\System\gHLFDWE.exe
  C:\Windows\System\gHLFDWE.exe
  2⤵
  PID:8312
- C:\Windows\System\QpPiBYF.exe
  C:\Windows\System\QpPiBYF.exe
  2⤵
  PID:8472
- C:\Windows\System\IwKkoMt.exe
  C:\Windows\System\IwKkoMt.exe
  2⤵
  PID:8556
- C:\Windows\System\TBOTUgn.exe
  C:\Windows\System\TBOTUgn.exe
  2⤵
  PID:1128
- C:\Windows\System\TawOmmb.exe
  C:\Windows\System\TawOmmb.exe
  2⤵
  PID:1248
- C:\Windows\System\ERXmIDz.exe
  C:\Windows\System\ERXmIDz.exe
  2⤵
  PID:8624
- C:\Windows\System\HIJQOZl.exe
  C:\Windows\System\HIJQOZl.exe
  2⤵
  PID:8732
- C:\Windows\System\yoaMgqH.exe
  C:\Windows\System\yoaMgqH.exe
  2⤵
  PID:8860
- C:\Windows\System\sseETfm.exe
  C:\Windows\System\sseETfm.exe
  2⤵
  PID:856
- C:\Windows\System\kMEgHHv.exe
  C:\Windows\System\kMEgHHv.exe
  2⤵
  PID:9008
- C:\Windows\System\EyfrvUH.exe
  C:\Windows\System\EyfrvUH.exe
  2⤵
  PID:9128
- C:\Windows\System\KubUABi.exe
  C:\Windows\System\KubUABi.exe
  2⤵
  PID:8392
- C:\Windows\System\ppXXaeY.exe
  C:\Windows\System\ppXXaeY.exe
  2⤵
  PID:1232
- C:\Windows\System\SBiYzSc.exe
  C:\Windows\System\SBiYzSc.exe
  2⤵
  PID:8700
- C:\Windows\System\XpVVrvw.exe
  C:\Windows\System\XpVVrvw.exe
  2⤵
  PID:4944
- C:\Windows\System\CpIRuce.exe
  C:\Windows\System\CpIRuce.exe
  2⤵
  PID:9116
- C:\Windows\System\sSCTFqe.exe
  C:\Windows\System\sSCTFqe.exe
  2⤵
  PID:2716
- C:\Windows\System\uXXrCOj.exe
  C:\Windows\System\uXXrCOj.exe
  2⤵
  PID:8832
- C:\Windows\System\KdqUpcV.exe
  C:\Windows\System\KdqUpcV.exe
  2⤵
  PID:3588
- C:\Windows\System\xQrdKgs.exe
  C:\Windows\System\xQrdKgs.exe
  2⤵
  PID:8412
- C:\Windows\System\RYPImKC.exe
  C:\Windows\System\RYPImKC.exe
  2⤵
  PID:9240
- C:\Windows\System\OAKeaom.exe
  C:\Windows\System\OAKeaom.exe
  2⤵
  PID:9268
- C:\Windows\System\fWqObzH.exe
  C:\Windows\System\fWqObzH.exe
  2⤵
  PID:9296
- C:\Windows\System\JGMsanc.exe
  C:\Windows\System\JGMsanc.exe
  2⤵
  PID:9324
- C:\Windows\System\yjMasqz.exe
  C:\Windows\System\yjMasqz.exe
  2⤵
  PID:9352
- C:\Windows\System\orsMVWt.exe
  C:\Windows\System\orsMVWt.exe
  2⤵
  PID:9380
- C:\Windows\System\KahmnxE.exe
  C:\Windows\System\KahmnxE.exe
  2⤵
  PID:9408
- C:\Windows\System\aWxCINz.exe
  C:\Windows\System\aWxCINz.exe
  2⤵
  PID:9440
- C:\Windows\System\coBXGLG.exe
  C:\Windows\System\coBXGLG.exe
  2⤵
  PID:9456
- C:\Windows\System\qnUnTCs.exe
  C:\Windows\System\qnUnTCs.exe
  2⤵
  PID:9496
- C:\Windows\System\Jtkknew.exe
  C:\Windows\System\Jtkknew.exe
  2⤵
  PID:9532
- C:\Windows\System\sWrzhhp.exe
  C:\Windows\System\sWrzhhp.exe
  2⤵
  PID:9568
- C:\Windows\System\LdjQLYK.exe
  C:\Windows\System\LdjQLYK.exe
  2⤵
  PID:9596
- C:\Windows\System\szWswiq.exe
  C:\Windows\System\szWswiq.exe
  2⤵
  PID:9632
- C:\Windows\System\CRLmPZC.exe
  C:\Windows\System\CRLmPZC.exe
  2⤵
  PID:9652
- C:\Windows\System\PiVDZSx.exe
  C:\Windows\System\PiVDZSx.exe
  2⤵
  PID:9680
- C:\Windows\System\gwuasCz.exe
  C:\Windows\System\gwuasCz.exe
  2⤵
  PID:9708
- C:\Windows\System\InYNCJZ.exe
  C:\Windows\System\InYNCJZ.exe
  2⤵
  PID:9736
- C:\Windows\System\ZKayQrZ.exe
  C:\Windows\System\ZKayQrZ.exe
  2⤵
  PID:9764
- C:\Windows\System\UqcmULw.exe
  C:\Windows\System\UqcmULw.exe
  2⤵
  PID:9796
- C:\Windows\System\bUOJwTi.exe
  C:\Windows\System\bUOJwTi.exe
  2⤵
  PID:9824
- C:\Windows\System\DvfXqcr.exe
  C:\Windows\System\DvfXqcr.exe
  2⤵
  PID:9856
- C:\Windows\System\BVntZak.exe
  C:\Windows\System\BVntZak.exe
  2⤵
  PID:9880
- C:\Windows\System\jaOZNLH.exe
  C:\Windows\System\jaOZNLH.exe
  2⤵
  PID:9908
- C:\Windows\System\RXKCrFr.exe
  C:\Windows\System\RXKCrFr.exe
  2⤵
  PID:9936
- C:\Windows\System\tQoAcSc.exe
  C:\Windows\System\tQoAcSc.exe
  2⤵
  PID:9964
- C:\Windows\System\ygeKEHr.exe
  C:\Windows\System\ygeKEHr.exe
  2⤵
  PID:9992
- C:\Windows\System\VFrXKWK.exe
  C:\Windows\System\VFrXKWK.exe
  2⤵
  PID:10020
- C:\Windows\System\AQMQGWo.exe
  C:\Windows\System\AQMQGWo.exe
  2⤵
  PID:10048
- C:\Windows\System\dfTPAev.exe
  C:\Windows\System\dfTPAev.exe
  2⤵
  PID:10076
- C:\Windows\System\zZyHIfL.exe
  C:\Windows\System\zZyHIfL.exe
  2⤵
  PID:10116
- C:\Windows\System\uYaDVMI.exe
  C:\Windows\System\uYaDVMI.exe
  2⤵
  PID:10132
- C:\Windows\System\GiQYsVw.exe
  C:\Windows\System\GiQYsVw.exe
  2⤵
  PID:10160
- C:\Windows\System\bdyVZgO.exe
  C:\Windows\System\bdyVZgO.exe
  2⤵
  PID:10188
- C:\Windows\System\PaLsfrm.exe
  C:\Windows\System\PaLsfrm.exe
  2⤵
  PID:10216
- C:\Windows\System\PPSeLqL.exe
  C:\Windows\System\PPSeLqL.exe
  2⤵
  PID:9232
- C:\Windows\System\usCkDAU.exe
  C:\Windows\System\usCkDAU.exe
  2⤵
  PID:9292
- C:\Windows\System\BzgOfVD.exe
  C:\Windows\System\BzgOfVD.exe
  2⤵
  PID:9364
- C:\Windows\System\FlrqHHh.exe
  C:\Windows\System\FlrqHHh.exe
  2⤵
  PID:4720
- C:\Windows\System\vetaFGw.exe
  C:\Windows\System\vetaFGw.exe
  2⤵
  PID:5060
- C:\Windows\System\vGqTRBK.exe
  C:\Windows\System\vGqTRBK.exe
  2⤵
  PID:9520
- C:\Windows\System\yUAmWiQ.exe
  C:\Windows\System\yUAmWiQ.exe
  2⤵
  PID:9556
- C:\Windows\System\AlasETe.exe
  C:\Windows\System\AlasETe.exe
  2⤵
  PID:9620
- C:\Windows\System\QrejvAQ.exe
  C:\Windows\System\QrejvAQ.exe
  2⤵
  PID:9676
- C:\Windows\System\RjkZloS.exe
  C:\Windows\System\RjkZloS.exe
  2⤵
  PID:9748
- C:\Windows\System\iVatImr.exe
  C:\Windows\System\iVatImr.exe
  2⤵
  PID:9816
- C:\Windows\System\KYlkUGM.exe
  C:\Windows\System\KYlkUGM.exe
  2⤵
  PID:9876
- C:\Windows\System\jGEYHZL.exe
  C:\Windows\System\jGEYHZL.exe
  2⤵
  PID:9948
- C:\Windows\System\uPrVgZI.exe
  C:\Windows\System\uPrVgZI.exe
  2⤵
  PID:10012
- C:\Windows\System\RcAOxSG.exe
  C:\Windows\System\RcAOxSG.exe
  2⤵
  PID:10112
- C:\Windows\System\qzWXtOl.exe
  C:\Windows\System\qzWXtOl.exe
  2⤵
  PID:10212
- C:\Windows\System\YmuEKcv.exe
  C:\Windows\System\YmuEKcv.exe
  2⤵
  PID:9784
- C:\Windows\System\NArddYZ.exe
  C:\Windows\System\NArddYZ.exe
  2⤵
  PID:3544
- C:\Windows\System\BpeCuqu.exe
  C:\Windows\System\BpeCuqu.exe
  2⤵
  PID:9648
- C:\Windows\System\BcGZXLF.exe
  C:\Windows\System\BcGZXLF.exe
  2⤵
  PID:9776
- C:\Windows\System\CqWdAzl.exe
  C:\Windows\System\CqWdAzl.exe
  2⤵
  PID:10004
- C:\Windows\System\wampeso.exe
  C:\Windows\System\wampeso.exe
  2⤵
  PID:2308
- C:\Windows\System\KGMtxuH.exe
  C:\Windows\System\KGMtxuH.exe
  2⤵
  PID:10236
- C:\Windows\System\PXYhErg.exe
  C:\Windows\System\PXYhErg.exe
  2⤵
  PID:4340
- C:\Windows\System\LpweGGY.exe
  C:\Windows\System\LpweGGY.exe
  2⤵
  PID:10124
- C:\Windows\System\oftCWGh.exe
  C:\Windows\System\oftCWGh.exe
  2⤵
  PID:2588
- C:\Windows\System\kymvSlp.exe
  C:\Windows\System\kymvSlp.exe
  2⤵
  PID:1936
- C:\Windows\System\fIovGBI.exe
  C:\Windows\System\fIovGBI.exe
  2⤵
  PID:3068
- C:\Windows\System\CRmtnrS.exe
  C:\Windows\System\CRmtnrS.exe
  2⤵
  PID:4368
- C:\Windows\System\CXXDRCs.exe
  C:\Windows\System\CXXDRCs.exe
  2⤵
  PID:4324
- C:\Windows\System\BLYwXhY.exe
  C:\Windows\System\BLYwXhY.exe
  2⤵
  PID:5000
- C:\Windows\System\giZIxsm.exe
  C:\Windows\System\giZIxsm.exe
  2⤵
  PID:3732
- C:\Windows\System\egbSMHb.exe
  C:\Windows\System\egbSMHb.exe
  2⤵
  PID:1608
- C:\Windows\System\KFkvWfC.exe
  C:\Windows\System\KFkvWfC.exe
  2⤵
  PID:10184
- C:\Windows\System\NXNHEkb.exe
  C:\Windows\System\NXNHEkb.exe
  2⤵
  PID:9672
- C:\Windows\System\KPyGCOV.exe
  C:\Windows\System\KPyGCOV.exe
  2⤵
  PID:3148
- C:\Windows\System\gzVqCbx.exe
  C:\Windows\System\gzVqCbx.exe
  2⤵
  PID:2464
- C:\Windows\System\JYfiePp.exe
  C:\Windows\System\JYfiePp.exe
  2⤵
  PID:4044
- C:\Windows\System\cqbQDbo.exe
  C:\Windows\System\cqbQDbo.exe
  2⤵
  PID:4568
- C:\Windows\System\TIzOiph.exe
  C:\Windows\System\TIzOiph.exe
  2⤵
  PID:4392
- C:\Windows\System\AGCOeSQ.exe
  C:\Windows\System\AGCOeSQ.exe
  2⤵
  PID:4516
- C:\Windows\System\nFmwBeS.exe
  C:\Windows\System\nFmwBeS.exe
  2⤵
  PID:9348
- C:\Windows\System\EafgXIS.exe
  C:\Windows\System\EafgXIS.exe
  2⤵
  PID:4932
- C:\Windows\System\CvCOLfW.exe
  C:\Windows\System\CvCOLfW.exe
  2⤵
  PID:1944
- C:\Windows\System\cFbWthW.exe
  C:\Windows\System\cFbWthW.exe
  2⤵
  PID:3940
- C:\Windows\System\aHBQxgK.exe
  C:\Windows\System\aHBQxgK.exe
  2⤵
  PID:1392
- C:\Windows\System\hvKGlKD.exe
  C:\Windows\System\hvKGlKD.exe
  2⤵
  PID:1824
- C:\Windows\System\rpZljqs.exe
  C:\Windows\System\rpZljqs.exe
  2⤵
  PID:4652
- C:\Windows\System\eAijrac.exe
  C:\Windows\System\eAijrac.exe
  2⤵
  PID:4744
- C:\Windows\System\VOWQxHi.exe
  C:\Windows\System\VOWQxHi.exe
  2⤵
  PID:3064
- C:\Windows\System\hSNvntu.exe
  C:\Windows\System\hSNvntu.exe
  2⤵
  PID:9400
- C:\Windows\System\lzFHxzu.exe
  C:\Windows\System\lzFHxzu.exe
  2⤵
  PID:3196
- C:\Windows\System\yRyHgSk.exe
  C:\Windows\System\yRyHgSk.exe
  2⤵
  PID:5216
- C:\Windows\System\YUAVcIK.exe
  C:\Windows\System\YUAVcIK.exe
  2⤵
  PID:324
- C:\Windows\System\iDxfdpQ.exe
  C:\Windows\System\iDxfdpQ.exe
  2⤵
  PID:3560
- C:\Windows\System\zgrIvHX.exe
  C:\Windows\System\zgrIvHX.exe
  2⤵
  PID:5304
- C:\Windows\System\vjLaOIp.exe
  C:\Windows\System\vjLaOIp.exe
  2⤵
  PID:2316
- C:\Windows\System\OURXzLW.exe
  C:\Windows\System\OURXzLW.exe
  2⤵
  PID:4300
- C:\Windows\System\KebYoJP.exe
  C:\Windows\System\KebYoJP.exe
  2⤵
  PID:5240
- C:\Windows\System\Kvslccw.exe
  C:\Windows\System\Kvslccw.exe
  2⤵
  PID:5128
- C:\Windows\System\QDQdrpS.exe
  C:\Windows\System\QDQdrpS.exe
  2⤵
  PID:5452
- C:\Windows\System\xTFjrEA.exe
  C:\Windows\System\xTFjrEA.exe
  2⤵
  PID:5480
- C:\Windows\System\eUDQvvr.exe
  C:\Windows\System\eUDQvvr.exe
  2⤵
  PID:5504
- C:\Windows\System\nNgDpcv.exe
  C:\Windows\System\nNgDpcv.exe
  2⤵
  PID:908
- C:\Windows\System\MRLZxHa.exe
  C:\Windows\System\MRLZxHa.exe
  2⤵
  PID:5328
- C:\Windows\System\fItkvnL.exe
  C:\Windows\System\fItkvnL.exe
  2⤵
  PID:316
- C:\Windows\System\XsEHETG.exe
  C:\Windows\System\XsEHETG.exe
  2⤵
  PID:5588
- C:\Windows\System\oTzObKa.exe
  C:\Windows\System\oTzObKa.exe
  2⤵
  PID:5660
- C:\Windows\System\JmbSvcE.exe
  C:\Windows\System\JmbSvcE.exe
  2⤵
  PID:10244
- C:\Windows\System\XDmsGrj.exe
  C:\Windows\System\XDmsGrj.exe
  2⤵
  PID:10272
- C:\Windows\System\mNemRPZ.exe
  C:\Windows\System\mNemRPZ.exe
  2⤵
  PID:10300
- C:\Windows\System\rBgEgJf.exe
  C:\Windows\System\rBgEgJf.exe
  2⤵
  PID:10328
- C:\Windows\System\amKJHRE.exe
  C:\Windows\System\amKJHRE.exe
  2⤵
  PID:10356
- C:\Windows\System\rechDaU.exe
  C:\Windows\System\rechDaU.exe
  2⤵
  PID:10384
- C:\Windows\System\tcQdcUu.exe
  C:\Windows\System\tcQdcUu.exe
  2⤵
  PID:10412
- C:\Windows\System\OEQvWTS.exe
  C:\Windows\System\OEQvWTS.exe
  2⤵
  PID:10440
- C:\Windows\System\UGpWpuo.exe
  C:\Windows\System\UGpWpuo.exe
  2⤵
  PID:10468
- C:\Windows\System\mprWrLc.exe
  C:\Windows\System\mprWrLc.exe
  2⤵
  PID:10496
- C:\Windows\System\RJgVIJU.exe
  C:\Windows\System\RJgVIJU.exe
  2⤵
  PID:10524
- C:\Windows\System\jECHQJS.exe
  C:\Windows\System\jECHQJS.exe
  2⤵
  PID:10552
- C:\Windows\System\KBfXWRO.exe
  C:\Windows\System\KBfXWRO.exe
  2⤵
  PID:10580
- C:\Windows\System\TQjmLBh.exe
  C:\Windows\System\TQjmLBh.exe
  2⤵
  PID:10608
- C:\Windows\System\YODBxJC.exe
  C:\Windows\System\YODBxJC.exe
  2⤵
  PID:10636
- C:\Windows\System\xzalkWS.exe
  C:\Windows\System\xzalkWS.exe
  2⤵
  PID:10664
- C:\Windows\System\IxLWjnc.exe
  C:\Windows\System\IxLWjnc.exe
  2⤵
  PID:10696
- C:\Windows\System\NciJoVS.exe
  C:\Windows\System\NciJoVS.exe
  2⤵
  PID:10724
- C:\Windows\System\iLWrUBA.exe
  C:\Windows\System\iLWrUBA.exe
  2⤵
  PID:10752
- C:\Windows\System\hRxpFJB.exe
  C:\Windows\System\hRxpFJB.exe
  2⤵
  PID:10780
- C:\Windows\System\nlswhAZ.exe
  C:\Windows\System\nlswhAZ.exe
  2⤵
  PID:10808
- C:\Windows\System\xLXBLge.exe
  C:\Windows\System\xLXBLge.exe
  2⤵
  PID:10836
- C:\Windows\System\PjzweFE.exe
  C:\Windows\System\PjzweFE.exe
  2⤵
  PID:10864
- C:\Windows\System\IuWEdRW.exe
  C:\Windows\System\IuWEdRW.exe
  2⤵
  PID:10892
- C:\Windows\System\BmAYjnR.exe
  C:\Windows\System\BmAYjnR.exe
  2⤵
  PID:10920
- C:\Windows\System\jrYUDMG.exe
  C:\Windows\System\jrYUDMG.exe
  2⤵
  PID:10948
- C:\Windows\System\wXHcZaQ.exe
  C:\Windows\System\wXHcZaQ.exe
  2⤵
  PID:10976
- C:\Windows\System\PMXnjKF.exe
  C:\Windows\System\PMXnjKF.exe
  2⤵
  PID:11004
- C:\Windows\System\aGmmzqx.exe
  C:\Windows\System\aGmmzqx.exe
  2⤵
  PID:11032
- C:\Windows\System\oKyhIVN.exe
  C:\Windows\System\oKyhIVN.exe
  2⤵
  PID:11060
- C:\Windows\System\DBINfEe.exe
  C:\Windows\System\DBINfEe.exe
  2⤵
  PID:11088
- C:\Windows\System\VSIbzbY.exe
  C:\Windows\System\VSIbzbY.exe
  2⤵
  PID:11116
- C:\Windows\System\NPTicSG.exe
  C:\Windows\System\NPTicSG.exe
  2⤵
  PID:11144
- C:\Windows\System\CSZjviO.exe
  C:\Windows\System\CSZjviO.exe
  2⤵
  PID:11172
- C:\Windows\System\tSuvhTD.exe
  C:\Windows\System\tSuvhTD.exe
  2⤵
  PID:11200
- C:\Windows\System\CVFgUBu.exe
  C:\Windows\System\CVFgUBu.exe
  2⤵
  PID:11228
- C:\Windows\System\ETyopvt.exe
  C:\Windows\System\ETyopvt.exe
  2⤵
  PID:11256
- C:\Windows\System\NLTYeFy.exe
  C:\Windows\System\NLTYeFy.exe
  2⤵
  PID:5760
- C:\Windows\System\CxRYuLz.exe
  C:\Windows\System\CxRYuLz.exe
  2⤵
  PID:10320
- C:\Windows\System\QfZPccq.exe
  C:\Windows\System\QfZPccq.exe
  2⤵
  PID:5844
- C:\Windows\System\qzHOZlr.exe
  C:\Windows\System\qzHOZlr.exe
  2⤵
  PID:5864
- C:\Windows\System\vYhUHiz.exe
  C:\Windows\System\vYhUHiz.exe
  2⤵
  PID:10452
- C:\Windows\System\QQVSFbs.exe
  C:\Windows\System\QQVSFbs.exe
  2⤵
  PID:10492
- C:\Windows\System\uaitmhT.exe
  C:\Windows\System\uaitmhT.exe
  2⤵
  PID:10536
- C:\Windows\System\QIRSvxO.exe
  C:\Windows\System\QIRSvxO.exe
  2⤵
  PID:6044
- C:\Windows\System\UTprcHe.exe
  C:\Windows\System\UTprcHe.exe
  2⤵
  PID:6068
- C:\Windows\System\UMJYYfK.exe
  C:\Windows\System\UMJYYfK.exe
  2⤵
  PID:10656
- C:\Windows\System\FDLcQAK.exe
  C:\Windows\System\FDLcQAK.exe
  2⤵
  PID:10708
- C:\Windows\System\jsdEniy.exe
  C:\Windows\System\jsdEniy.exe
  2⤵
  PID:10744
- C:\Windows\System\lOSKrzM.exe
  C:\Windows\System\lOSKrzM.exe
  2⤵
  PID:5276
- C:\Windows\System\snoUHge.exe
  C:\Windows\System\snoUHge.exe
  2⤵
  PID:10820
- C:\Windows\System\OfkCmXg.exe
  C:\Windows\System\OfkCmXg.exe
  2⤵
  PID:10884
- C:\Windows\System\JPgsbaI.exe
  C:\Windows\System\JPgsbaI.exe
  2⤵
  PID:10940
- C:\Windows\System\qozyPdI.exe
  C:\Windows\System\qozyPdI.exe
  2⤵
  PID:5628
- C:\Windows\System\ITNIgpA.exe
  C:\Windows\System\ITNIgpA.exe
  2⤵
  PID:4068
- C:\Windows\System\dbeBxDT.exe
  C:\Windows\System\dbeBxDT.exe
  2⤵
  PID:11056
- C:\Windows\System\QdpuRoN.exe
  C:\Windows\System\QdpuRoN.exe
  2⤵
  PID:11104
- C:\Windows\System\MGGLvaP.exe
  C:\Windows\System\MGGLvaP.exe
  2⤵
  PID:6064
- C:\Windows\System\poIVmCn.exe
  C:\Windows\System\poIVmCn.exe
  2⤵
  PID:6128
- C:\Windows\System\dLXFjzc.exe
  C:\Windows\System\dLXFjzc.exe
  2⤵
  PID:5196
- C:\Windows\System\AUolVHz.exe
  C:\Windows\System\AUolVHz.exe
  2⤵
  PID:10268
- C:\Windows\System\Kzuzqcm.exe
  C:\Windows\System\Kzuzqcm.exe
  2⤵
  PID:10344
- C:\Windows\System\ZDiztNl.exe
  C:\Windows\System\ZDiztNl.exe
  2⤵
  PID:10380
- C:\Windows\System\PSbZFUF.exe
  C:\Windows\System\PSbZFUF.exe
  2⤵
  PID:5888
- C:\Windows\System\QuDuJYw.exe
  C:\Windows\System\QuDuJYw.exe
  2⤵
  PID:6112
- C:\Windows\System\YdTWxrA.exe
  C:\Windows\System\YdTWxrA.exe
  2⤵
  PID:10576
- C:\Windows\System\FkiIBmG.exe
  C:\Windows\System\FkiIBmG.exe
  2⤵
  PID:5952
- C:\Windows\System\DQpFdvh.exe
  C:\Windows\System\DQpFdvh.exe
  2⤵
  PID:6124
- C:\Windows\System\zdeKNlm.exe
  C:\Windows\System\zdeKNlm.exe
  2⤵
  PID:5440
- C:\Windows\System\wQbBUuW.exe
  C:\Windows\System\wQbBUuW.exe
  2⤵
  PID:6180
- C:\Windows\System\NyQNqIZ.exe
  C:\Windows\System\NyQNqIZ.exe
  2⤵
  PID:1604
- C:\Windows\System\DeXjmUO.exe
  C:\Windows\System\DeXjmUO.exe
  2⤵
  PID:10848
- C:\Windows\System\nilHrFO.exe
  C:\Windows\System\nilHrFO.exe
  2⤵
  PID:10932
- C:\Windows\System\UkXpcQa.exe
  C:\Windows\System\UkXpcQa.exe
  2⤵
  PID:6272
- C:\Windows\System\gbWJVvE.exe
  C:\Windows\System\gbWJVvE.exe
  2⤵
  PID:6300
- C:\Windows\System\lJpmjxY.exe
  C:\Windows\System\lJpmjxY.exe
  2⤵
  PID:11084
- C:\Windows\System\XaknjSY.exe
  C:\Windows\System\XaknjSY.exe
  2⤵
  PID:6396
- C:\Windows\System\wCFEowd.exe
  C:\Windows\System\wCFEowd.exe
  2⤵
  PID:6416
- C:\Windows\System\gGWnwmL.exe
  C:\Windows\System\gGWnwmL.exe
  2⤵
  PID:10256
- C:\Windows\System\tnfjgoi.exe
  C:\Windows\System\tnfjgoi.exe
  2⤵
  PID:4732
- C:\Windows\System\jHLIdUt.exe
  C:\Windows\System\jHLIdUt.exe
  2⤵
  PID:6624
- C:\Windows\System\LjfbMdf.exe
  C:\Windows\System\LjfbMdf.exe
  2⤵
  PID:6664
- C:\Windows\System\NSwslck.exe
  C:\Windows\System\NSwslck.exe
  2⤵
  PID:5152
- C:\Windows\System\NlIKFoS.exe
  C:\Windows\System\NlIKFoS.exe
  2⤵
  PID:6808
- C:\Windows\System\inqNtBV.exe
  C:\Windows\System\inqNtBV.exe
  2⤵
  PID:5316
- C:\Windows\System\UOHsbbu.exe
  C:\Windows\System\UOHsbbu.exe
  2⤵
  PID:3684
- C:\Windows\System\QorFGuX.exe
  C:\Windows\System\QorFGuX.exe
  2⤵
  PID:6920
- C:\Windows\System\wkxvtEK.exe
  C:\Windows\System\wkxvtEK.exe
  2⤵
  PID:6280
- C:\Windows\System\ZREEjMY.exe
  C:\Windows\System\ZREEjMY.exe
  2⤵
  PID:7012
- C:\Windows\System\IApDyGO.exe
  C:\Windows\System\IApDyGO.exe
  2⤵
  PID:7032
- C:\Windows\System\LIqWJqj.exe
  C:\Windows\System\LIqWJqj.exe
  2⤵
  PID:6424
- C:\Windows\System\kqHuVGZ.exe
  C:\Windows\System\kqHuVGZ.exe
  2⤵
  PID:10324
- C:\Windows\System\DSNQoQV.exe
  C:\Windows\System\DSNQoQV.exe
  2⤵
  PID:5976
- C:\Windows\System\ECGqtBw.exe
  C:\Windows\System\ECGqtBw.exe
  2⤵
  PID:4956
- C:\Windows\System\ajCUyxG.exe
  C:\Windows\System\ajCUyxG.exe
  2⤵
  PID:6812
- C:\Windows\System\nVLzdjX.exe
  C:\Windows\System\nVLzdjX.exe
  2⤵
  PID:10912
- C:\Windows\System\mGJaZWx.exe
  C:\Windows\System\mGJaZWx.exe
  2⤵
  PID:6384
- C:\Windows\System\CggTWPl.exe
  C:\Windows\System\CggTWPl.exe
  2⤵
  PID:6448
- C:\Windows\System\mLeAUyB.exe
  C:\Windows\System\mLeAUyB.exe
  2⤵
  PID:6616
- C:\Windows\System\TRFzeKE.exe
  C:\Windows\System\TRFzeKE.exe
  2⤵
  PID:1652
- C:\Windows\System\ABqbBCg.exe
  C:\Windows\System\ABqbBCg.exe
  2⤵
  PID:6768
- C:\Windows\System\UVrQjlz.exe
  C:\Windows\System\UVrQjlz.exe
  2⤵
  PID:6364
- C:\Windows\System\eKjsVzg.exe
  C:\Windows\System\eKjsVzg.exe
  2⤵
  PID:5268
- C:\Windows\System\rrBXyvY.exe
  C:\Windows\System\rrBXyvY.exe
  2⤵
  PID:6928
- C:\Windows\System\RQOuhHZ.exe
  C:\Windows\System\RQOuhHZ.exe
  2⤵
  PID:7060
- C:\Windows\System\TuRujeS.exe
  C:\Windows\System\TuRujeS.exe
  2⤵
  PID:6712
- C:\Windows\System\cSRLSTk.exe
  C:\Windows\System\cSRLSTk.exe
  2⤵
  PID:11284
- C:\Windows\System\LTWoUCf.exe
  C:\Windows\System\LTWoUCf.exe
  2⤵
  PID:11312
- C:\Windows\System\VtBUirU.exe
  C:\Windows\System\VtBUirU.exe
  2⤵
  PID:11340
- C:\Windows\System\ZHCbXFe.exe
  C:\Windows\System\ZHCbXFe.exe
  2⤵
  PID:11368
- C:\Windows\System\ViPYoKH.exe
  C:\Windows\System\ViPYoKH.exe
  2⤵
  PID:11396
- C:\Windows\System\UAZkkbN.exe
  C:\Windows\System\UAZkkbN.exe
  2⤵
  PID:11424
- C:\Windows\System\JKOZZgY.exe
  C:\Windows\System\JKOZZgY.exe
  2⤵
  PID:11452
- C:\Windows\System\POlFQYE.exe
  C:\Windows\System\POlFQYE.exe
  2⤵
  PID:11480
- C:\Windows\System\pcfcGZk.exe
  C:\Windows\System\pcfcGZk.exe
  2⤵
  PID:11508
- C:\Windows\System\eVfpAch.exe
  C:\Windows\System\eVfpAch.exe
  2⤵
  PID:11536
- C:\Windows\System\qLecGuV.exe
  C:\Windows\System\qLecGuV.exe
  2⤵
  PID:11564
- C:\Windows\System\sKtZXJb.exe
  C:\Windows\System\sKtZXJb.exe
  2⤵
  PID:11592
- C:\Windows\System\QHPhETS.exe
  C:\Windows\System\QHPhETS.exe
  2⤵
  PID:11620
- C:\Windows\System\nQKLkew.exe
  C:\Windows\System\nQKLkew.exe
  2⤵
  PID:11648
- C:\Windows\System\pKVArwI.exe
  C:\Windows\System\pKVArwI.exe
  2⤵
  PID:11688
- C:\Windows\System\vGLtxUU.exe
  C:\Windows\System\vGLtxUU.exe
  2⤵
  PID:11704
- C:\Windows\System\HOaQbvx.exe
  C:\Windows\System\HOaQbvx.exe
  2⤵
  PID:11732
- C:\Windows\System\ABoYEXu.exe
  C:\Windows\System\ABoYEXu.exe
  2⤵
  PID:11760
- C:\Windows\System\dEqwjTf.exe
  C:\Windows\System\dEqwjTf.exe
  2⤵
  PID:11792
- C:\Windows\System\rAiuJiu.exe
  C:\Windows\System\rAiuJiu.exe
  2⤵
  PID:11820
- C:\Windows\System\ObzoRkJ.exe
  C:\Windows\System\ObzoRkJ.exe
  2⤵
  PID:11848
- C:\Windows\System\VLsJQGm.exe
  C:\Windows\System\VLsJQGm.exe
  2⤵
  PID:11876
- C:\Windows\System\gwmXKwF.exe
  C:\Windows\System\gwmXKwF.exe
  2⤵
  PID:11904
- C:\Windows\System\EXUuhbz.exe
  C:\Windows\System\EXUuhbz.exe
  2⤵
  PID:11932
- C:\Windows\System\ArqQfxM.exe
  C:\Windows\System\ArqQfxM.exe
  2⤵
  PID:11960
- C:\Windows\System\JqRlNjA.exe
  C:\Windows\System\JqRlNjA.exe
  2⤵
  PID:11988
- C:\Windows\System\JCzAkUb.exe
  C:\Windows\System\JCzAkUb.exe
  2⤵
  PID:12016
- C:\Windows\System\iuglxDV.exe
  C:\Windows\System\iuglxDV.exe
  2⤵
  PID:12044
- C:\Windows\System\EPXxRpl.exe
  C:\Windows\System\EPXxRpl.exe
  2⤵
  PID:12072
- C:\Windows\System\TVXCAzd.exe
  C:\Windows\System\TVXCAzd.exe
  2⤵
  PID:12100
- C:\Windows\System\INTdwlp.exe
  C:\Windows\System\INTdwlp.exe
  2⤵
  PID:12128
- C:\Windows\System\HIUiugT.exe
  C:\Windows\System\HIUiugT.exe
  2⤵
  PID:12156
- C:\Windows\System\zKvccNz.exe
  C:\Windows\System\zKvccNz.exe
  2⤵
  PID:12184
- C:\Windows\System\VuyGpGW.exe
  C:\Windows\System\VuyGpGW.exe
  2⤵
  PID:12212
- C:\Windows\System\oLuNOll.exe
  C:\Windows\System\oLuNOll.exe
  2⤵
  PID:12240
- C:\Windows\System\qQpZydS.exe
  C:\Windows\System\qQpZydS.exe
  2⤵
  PID:12284
- C:\Windows\System\uBYqCYk.exe
  C:\Windows\System\uBYqCYk.exe
  2⤵
  PID:6212
- C:\Windows\System\cZkfwdg.exe
  C:\Windows\System\cZkfwdg.exe
  2⤵
  PID:11352
- C:\Windows\System\wAltTSt.exe
  C:\Windows\System\wAltTSt.exe
  2⤵
  PID:11416
- C:\Windows\System\cHAfWMn.exe
  C:\Windows\System\cHAfWMn.exe
  2⤵
  PID:11492
- C:\Windows\System\EhjOjhG.exe
  C:\Windows\System\EhjOjhG.exe
  2⤵
  PID:11556
- C:\Windows\System\utPyhsr.exe
  C:\Windows\System\utPyhsr.exe
  2⤵
  PID:6524
- C:\Windows\System\JKIAGdw.exe
  C:\Windows\System\JKIAGdw.exe
  2⤵
  PID:11640
- C:\Windows\System\cwajbjs.exe
  C:\Windows\System\cwajbjs.exe
  2⤵
  PID:11696
- C:\Windows\System\zMJmqoL.exe
  C:\Windows\System\zMJmqoL.exe
  2⤵
  PID:11772
- C:\Windows\System\sfQMfuN.exe
  C:\Windows\System\sfQMfuN.exe
  2⤵
  PID:2952
- C:\Windows\System\jvHrKar.exe
  C:\Windows\System\jvHrKar.exe
  2⤵
  PID:11868
- C:\Windows\System\MTbdPfV.exe
  C:\Windows\System\MTbdPfV.exe
  2⤵
  PID:11900
- C:\Windows\System\pOKOTFB.exe
  C:\Windows\System\pOKOTFB.exe
  2⤵
  PID:11972
- C:\Windows\System\SnmcOGF.exe
  C:\Windows\System\SnmcOGF.exe
  2⤵
  PID:6924
- C:\Windows\System\WTpkORI.exe
  C:\Windows\System\WTpkORI.exe
  2⤵
  PID:12064
- C:\Windows\System\BhWgKVE.exe
  C:\Windows\System\BhWgKVE.exe
  2⤵
  PID:12112
- C:\Windows\System\kzDfQPC.exe
  C:\Windows\System\kzDfQPC.exe
  2⤵
  PID:12140
- C:\Windows\System\lqOUKVg.exe
  C:\Windows\System\lqOUKVg.exe
  2⤵
  PID:12180
- C:\Windows\System\SshraDs.exe
  C:\Windows\System\SshraDs.exe
  2⤵
  PID:12232
- C:\Windows\System\OLXMjlE.exe
  C:\Windows\System\OLXMjlE.exe
  2⤵
  PID:12280
- C:\Windows\System\vxeoJgZ.exe
  C:\Windows\System\vxeoJgZ.exe
  2⤵
  PID:7284
- C:\Windows\System\idANkBH.exe
  C:\Windows\System\idANkBH.exe
  2⤵
  PID:11392
- C:\Windows\System\vgrVLFC.exe
  C:\Windows\System\vgrVLFC.exe
  2⤵
  PID:7336
- C:\Windows\System\xuZosKZ.exe
  C:\Windows\System\xuZosKZ.exe
  2⤵
  PID:6504
- C:\Windows\System\zPzAXRS.exe
  C:\Windows\System\zPzAXRS.exe
  2⤵
  PID:10968
- C:\Windows\System\YxeduKI.exe
  C:\Windows\System\YxeduKI.exe
  2⤵
  PID:7420
- C:\Windows\System\rAYhgpM.exe
  C:\Windows\System\rAYhgpM.exe
  2⤵
  PID:11844
- C:\Windows\System\zMaigiN.exe
  C:\Windows\System\zMaigiN.exe
  2⤵
  PID:11928
- C:\Windows\System\HJVjhlu.exe
  C:\Windows\System\HJVjhlu.exe
  2⤵
  PID:12000
- C:\Windows\System\SWdAaLw.exe
  C:\Windows\System\SWdAaLw.exe
  2⤵
  PID:12056
- C:\Windows\System\qXhXxAb.exe
  C:\Windows\System\qXhXxAb.exe
  2⤵
  PID:1304
- C:\Windows\System\UCmOecc.exe
  C:\Windows\System\UCmOecc.exe
  2⤵
  PID:12204
- C:\Windows\System\kCcpgKJ.exe
  C:\Windows\System\kCcpgKJ.exe
  2⤵
  PID:12260
- C:\Windows\System\baJFJKP.exe
  C:\Windows\System\baJFJKP.exe
  2⤵
  PID:7672
- C:\Windows\System\JXBLzuA.exe
  C:\Windows\System\JXBLzuA.exe
  2⤵
  PID:7344
- C:\Windows\System\rTcaONz.exe
  C:\Windows\System\rTcaONz.exe
  2⤵
  PID:4820
- C:\Windows\System\muWWbms.exe
  C:\Windows\System\muWWbms.exe
  2⤵
  PID:7056
- C:\Windows\System\AqEnhrb.exe
  C:\Windows\System\AqEnhrb.exe
  2⤵
  PID:7816
- C:\Windows\System\rQMeKqR.exe
  C:\Windows\System\rQMeKqR.exe
  2⤵
  PID:2100
- C:\Windows\System\bcNVDpn.exe
  C:\Windows\System\bcNVDpn.exe
  2⤵
  PID:7576
- C:\Windows\System\ePOqfiw.exe
  C:\Windows\System\ePOqfiw.exe
  2⤵
  PID:11780
- C:\Windows\System\ZGxvIYY.exe
  C:\Windows\System\ZGxvIYY.exe
  2⤵
  PID:7928
- C:\Windows\System\QGbysYw.exe
  C:\Windows\System\QGbysYw.exe
  2⤵
  PID:7964
- C:\Windows\System\VbCqxkA.exe
  C:\Windows\System\VbCqxkA.exe
  2⤵
  PID:7984
- C:\Windows\System\ZBERynG.exe
  C:\Windows\System\ZBERynG.exe
  2⤵
  PID:8020
- C:\Windows\System\BpdjJAN.exe
  C:\Windows\System\BpdjJAN.exe
  2⤵
  PID:7900
- C:\Windows\System\YlMJuad.exe
  C:\Windows\System\YlMJuad.exe
  2⤵
  PID:11336
- C:\Windows\System\dBFuIxf.exe
  C:\Windows\System\dBFuIxf.exe
  2⤵
  PID:8124
- C:\Windows\System\AdLBRlB.exe
  C:\Windows\System\AdLBRlB.exe
  2⤵
  PID:7872
- C:\Windows\System\HgRYRaK.exe
  C:\Windows\System\HgRYRaK.exe
  2⤵
  PID:7680
- C:\Windows\System\vuznnqu.exe
  C:\Windows\System\vuznnqu.exe
  2⤵
  PID:7192
- C:\Windows\System\AbdxKBo.exe
  C:\Windows\System\AbdxKBo.exe
  2⤵
  PID:8076
- C:\Windows\System\nsPvjGu.exe
  C:\Windows\System\nsPvjGu.exe
  2⤵
  PID:7448
- C:\Windows\System\gTTGswD.exe
  C:\Windows\System\gTTGswD.exe
  2⤵
  PID:7340
- C:\Windows\System\ykwtwKy.exe
  C:\Windows\System\ykwtwKy.exe
  2⤵
  PID:7580
- C:\Windows\System\RaPplBN.exe
  C:\Windows\System\RaPplBN.exe
  2⤵
  PID:7472
- C:\Windows\System\YLIhHnZ.exe
  C:\Windows\System\YLIhHnZ.exe
  2⤵
  PID:12316
- C:\Windows\System\XmcLzOL.exe
  C:\Windows\System\XmcLzOL.exe
  2⤵
  PID:12344
- C:\Windows\System\mDAfRiw.exe
  C:\Windows\System\mDAfRiw.exe
  2⤵
  PID:12372
- C:\Windows\System\JSdVvYT.exe
  C:\Windows\System\JSdVvYT.exe
  2⤵
  PID:12400
- C:\Windows\System\aWCJcBN.exe
  C:\Windows\System\aWCJcBN.exe
  2⤵
  PID:12428
- C:\Windows\System\idySLsR.exe
  C:\Windows\System\idySLsR.exe
  2⤵
  PID:12456
- C:\Windows\System\xuRqTfA.exe
  C:\Windows\System\xuRqTfA.exe
  2⤵
  PID:12484
- C:\Windows\System\tJRLuGo.exe
  C:\Windows\System\tJRLuGo.exe
  2⤵
  PID:12512
- C:\Windows\System\eDpBgnu.exe
  C:\Windows\System\eDpBgnu.exe
  2⤵
  PID:12540
- C:\Windows\System\vnVZTpp.exe
  C:\Windows\System\vnVZTpp.exe
  2⤵
  PID:12568
- C:\Windows\System\jNqXldT.exe
  C:\Windows\System\jNqXldT.exe
  2⤵
  PID:12596
- C:\Windows\System\BYeFpTd.exe
  C:\Windows\System\BYeFpTd.exe
  2⤵
  PID:12624
- C:\Windows\System\SKLTLdI.exe
  C:\Windows\System\SKLTLdI.exe
  2⤵
  PID:12652
- C:\Windows\System\pEczANx.exe
  C:\Windows\System\pEczANx.exe
  2⤵
  PID:12684
- C:\Windows\System\MmStxId.exe
  C:\Windows\System\MmStxId.exe
  2⤵
  PID:12712
- C:\Windows\System\iefqqwy.exe
  C:\Windows\System\iefqqwy.exe
  2⤵
  PID:12740
- C:\Windows\System\ozaHtAA.exe
  C:\Windows\System\ozaHtAA.exe
  2⤵
  PID:12768
- C:\Windows\System\oYQEGvi.exe
  C:\Windows\System\oYQEGvi.exe
  2⤵
  PID:12796
- C:\Windows\System\HlcPBOo.exe
  C:\Windows\System\HlcPBOo.exe
  2⤵
  PID:12824
- C:\Windows\System\kvydqLq.exe
  C:\Windows\System\kvydqLq.exe
  2⤵
  PID:12852
- C:\Windows\System\nuPcPvF.exe
  C:\Windows\System\nuPcPvF.exe
  2⤵
  PID:12880
- C:\Windows\System\GLYfmri.exe
  C:\Windows\System\GLYfmri.exe
  2⤵
  PID:12908
- C:\Windows\System\ilSeGde.exe
  C:\Windows\System\ilSeGde.exe
  2⤵
  PID:12936
- C:\Windows\System\sswNrrd.exe
  C:\Windows\System\sswNrrd.exe
  2⤵
  PID:12964
- C:\Windows\System\XHaWSyH.exe
  C:\Windows\System\XHaWSyH.exe
  2⤵
  PID:12992
- C:\Windows\System\PIWQffL.exe
  C:\Windows\System\PIWQffL.exe
  2⤵
  PID:13020
- C:\Windows\System\LaAvjhj.exe
  C:\Windows\System\LaAvjhj.exe
  2⤵
  PID:13048
- C:\Windows\System\aAvoiZB.exe
  C:\Windows\System\aAvoiZB.exe
  2⤵
  PID:13076
- C:\Windows\System\kQrlrFo.exe
  C:\Windows\System\kQrlrFo.exe
  2⤵
  PID:13104
- C:\Windows\System\qXqcxES.exe
  C:\Windows\System\qXqcxES.exe
  2⤵
  PID:13132
- C:\Windows\System\JMtAnbv.exe
  C:\Windows\System\JMtAnbv.exe
  2⤵
  PID:13160
- C:\Windows\System\vCWQsRv.exe
  C:\Windows\System\vCWQsRv.exe
  2⤵
  PID:13188
- C:\Windows\System\GnyQtzN.exe
  C:\Windows\System\GnyQtzN.exe
  2⤵
  PID:13216
- C:\Windows\System\qMLFolz.exe
  C:\Windows\System\qMLFolz.exe
  2⤵
  PID:13244
- C:\Windows\System\egYlTNY.exe
  C:\Windows\System\egYlTNY.exe
  2⤵
  PID:13272
- C:\Windows\System\zIYonFa.exe
  C:\Windows\System\zIYonFa.exe
  2⤵
  PID:13304
- C:\Windows\System\FqehinH.exe
  C:\Windows\System\FqehinH.exe
  2⤵
  PID:12308
- C:\Windows\System\OlSwDuh.exe
  C:\Windows\System\OlSwDuh.exe
  2⤵
  PID:12364
- C:\Windows\System\eKGtvom.exe
  C:\Windows\System\eKGtvom.exe
  2⤵
  PID:12412
- C:\Windows\System\FQlapDW.exe
  C:\Windows\System\FQlapDW.exe
  2⤵
  PID:7904
- C:\Windows\System\kOUOUkT.exe
  C:\Windows\System\kOUOUkT.exe
  2⤵
  PID:12480
- C:\Windows\System\qxVcVsr.exe
  C:\Windows\System\qxVcVsr.exe
  2⤵
  PID:12524
- C:\Windows\System\bfcMdWz.exe
  C:\Windows\System\bfcMdWz.exe
  2⤵
  PID:2728
- C:\Windows\System\Mgstutw.exe
  C:\Windows\System\Mgstutw.exe
  2⤵
  PID:12588
- C:\Windows\System\OKiiKyC.exe
  C:\Windows\System\OKiiKyC.exe
  2⤵
  PID:12636
- C:\Windows\System\ESFevfC.exe
  C:\Windows\System\ESFevfC.exe
  2⤵
  PID:12680
- C:\Windows\System\YXmuscb.exe
  C:\Windows\System\YXmuscb.exe
  2⤵
  PID:7588
- C:\Windows\System\oBIMKfL.exe
  C:\Windows\System\oBIMKfL.exe
  2⤵
  PID:12764
- C:\Windows\System\ZehMmST.exe
  C:\Windows\System\ZehMmST.exe
  2⤵
  PID:12808
- C:\Windows\System\SpiyHxH.exe
  C:\Windows\System\SpiyHxH.exe
  2⤵
  PID:12844
- C:\Windows\System\MNcMVuR.exe
  C:\Windows\System\MNcMVuR.exe
  2⤵
  PID:12876
- C:\Windows\System\jJwNmMX.exe
  C:\Windows\System\jJwNmMX.exe
  2⤵
  PID:12900
- C:\Windows\System\yJbsWfC.exe
  C:\Windows\System\yJbsWfC.exe
  2⤵
  PID:7652
- C:\Windows\System\ctnutip.exe
  C:\Windows\System\ctnutip.exe
  2⤵
  PID:12988
- C:\Windows\System\gYzpPoe.exe
  C:\Windows\System\gYzpPoe.exe
  2⤵
  PID:7792
- C:\Windows\System\NZGCrJw.exe
  C:\Windows\System\NZGCrJw.exe
  2⤵
  PID:13100
- C:\Windows\System\YqKOpjO.exe
  C:\Windows\System\YqKOpjO.exe
  2⤵
  PID:13128
- C:\Windows\System\BiAZcGd.exe
  C:\Windows\System\BiAZcGd.exe
  2⤵
  PID:13184
- C:\Windows\System\LTzsvBA.exe
  C:\Windows\System\LTzsvBA.exe
  2⤵
  PID:13240
- C:\Windows\System\wNHWRfp.exe
  C:\Windows\System\wNHWRfp.exe
  2⤵
  PID:8424
- C:\Windows\System\xBUzQHq.exe
  C:\Windows\System\xBUzQHq.exe
  2⤵
  PID:12356
- C:\Windows\System\ZvQPbWu.exe
  C:\Windows\System\ZvQPbWu.exe
  2⤵
  PID:12440
- C:\Windows\System\SeOvbEU.exe
  C:\Windows\System\SeOvbEU.exe
  2⤵
  PID:8524
- C:\Windows\System\TqeOpUW.exe
  C:\Windows\System\TqeOpUW.exe
  2⤵
  PID:8080
- C:\Windows\System\KHENVeu.exe
  C:\Windows\System\KHENVeu.exe
  2⤵
  PID:7364
- C:\Windows\System\mryCzfM.exe
  C:\Windows\System\mryCzfM.exe
  2⤵
  PID:7732
- C:\Windows\System\agwtKFc.exe
  C:\Windows\System\agwtKFc.exe
  2⤵
  PID:12836
- C:\Windows\System\fIriMOx.exe
  C:\Windows\System\fIriMOx.exe
  2⤵
  PID:12928
- C:\Windows\System\FfJgVkZ.exe
  C:\Windows\System\FfJgVkZ.exe
  2⤵
  PID:13004
- C:\Windows\System\drkyUsI.exe
  C:\Windows\System\drkyUsI.exe
  2⤵
  PID:8248
- C:\Windows\System\NdIRRtZ.exe
  C:\Windows\System\NdIRRtZ.exe
  2⤵
  PID:13228
- C:\Windows\System\eoKgrwe.exe
  C:\Windows\System\eoKgrwe.exe
  2⤵
  PID:7684
- C:\Windows\System\nsAsdTw.exe
  C:\Windows\System\nsAsdTw.exe
  2⤵
  PID:8544
- C:\Windows\System\hvkOfhs.exe
  C:\Windows\System\hvkOfhs.exe
  2⤵
  PID:12736
- C:\Windows\System\PRecDRJ.exe
  C:\Windows\System\PRecDRJ.exe
  2⤵
  PID:5528
- C:\Windows\System\VbQVZge.exe
  C:\Windows\System\VbQVZge.exe
  2⤵
  PID:13096
- C:\Windows\System\tEQeFJL.exe
  C:\Windows\System\tEQeFJL.exe
  2⤵
  PID:13296
- C:\Windows\System\ZejMMfM.exe
  C:\Windows\System\ZejMMfM.exe
  2⤵
  PID:8696
- C:\Windows\System\bLltOug.exe
  C:\Windows\System\bLltOug.exe
  2⤵
  PID:5484
- C:\Windows\System\aWbCFCI.exe
  C:\Windows\System\aWbCFCI.exe
  2⤵
  PID:13212
- C:\Windows\System\uqGorIN.exe
  C:\Windows\System\uqGorIN.exe
  2⤵
  PID:6160
- C:\Windows\System\TxthDYa.exe
  C:\Windows\System\TxthDYa.exe
  2⤵
  PID:8024
- C:\Windows\System\cKFHEWE.exe
  C:\Windows\System\cKFHEWE.exe
  2⤵
  PID:6016
- C:\Windows\System\ADtqOaG.exe
  C:\Windows\System\ADtqOaG.exe
  2⤵
  PID:8800
- C:\Windows\System\kaotQEU.exe
  C:\Windows\System\kaotQEU.exe
  2⤵
  PID:8780
- C:\Windows\System\XGMufqI.exe
  C:\Windows\System\XGMufqI.exe
  2⤵
  PID:8828
- C:\Windows\System\NgjmgFa.exe
  C:\Windows\System\NgjmgFa.exe
  2⤵
  PID:13320
- C:\Windows\System\BmcjDRL.exe
  C:\Windows\System\BmcjDRL.exe
  2⤵
  PID:13336
- C:\Windows\System\zKUtTLI.exe
  C:\Windows\System\zKUtTLI.exe
  2⤵
  PID:13364
- C:\Windows\System\lfeiHhZ.exe
  C:\Windows\System\lfeiHhZ.exe
  2⤵
  PID:13392
- C:\Windows\System\aWBwEhz.exe
  C:\Windows\System\aWBwEhz.exe
  2⤵
  PID:13420
- C:\Windows\System\RpzWukI.exe
  C:\Windows\System\RpzWukI.exe
  2⤵
  PID:13448
- C:\Windows\System\kEBQvtx.exe
  C:\Windows\System\kEBQvtx.exe
  2⤵
  PID:13476
- C:\Windows\System\ERWfuxG.exe
  C:\Windows\System\ERWfuxG.exe
  2⤵
  PID:13504
- C:\Windows\System\wevCQge.exe
  C:\Windows\System\wevCQge.exe
  2⤵
  PID:13532
- C:\Windows\System\fumlogK.exe
  C:\Windows\System\fumlogK.exe
  2⤵
  PID:13560
- C:\Windows\System\PSzgHfE.exe
  C:\Windows\System\PSzgHfE.exe
  2⤵
  PID:13588
- C:\Windows\System\LAZHgWR.exe
  C:\Windows\System\LAZHgWR.exe
  2⤵
  PID:13616
- C:\Windows\System\nCHZqGg.exe
  C:\Windows\System\nCHZqGg.exe
  2⤵
  PID:13644
- C:\Windows\System\PtfUrnd.exe
  C:\Windows\System\PtfUrnd.exe
  2⤵
  PID:13672
- C:\Windows\System\IIAFdEP.exe
  C:\Windows\System\IIAFdEP.exe
  2⤵
  PID:13704
- C:\Windows\System\QzRgdin.exe
  C:\Windows\System\QzRgdin.exe
  2⤵
  PID:13732
- C:\Windows\System\OPQJSjW.exe
  C:\Windows\System\OPQJSjW.exe
  2⤵
  PID:13760
- C:\Windows\System\juCCjko.exe
  C:\Windows\System\juCCjko.exe
  2⤵
  PID:13788
- C:\Windows\System\OUXrrPR.exe
  C:\Windows\System\OUXrrPR.exe
  2⤵
  PID:13816
- C:\Windows\System\hVKyKpm.exe
  C:\Windows\System\hVKyKpm.exe
  2⤵
  PID:13844
- C:\Windows\System\iWgGGOI.exe
  C:\Windows\System\iWgGGOI.exe
  2⤵
  PID:13872
- C:\Windows\System\ArVKPAt.exe
  C:\Windows\System\ArVKPAt.exe
  2⤵
  PID:13900
- C:\Windows\System\iSHUjNb.exe
  C:\Windows\System\iSHUjNb.exe
  2⤵
  PID:13928
- C:\Windows\System\RqDRPDh.exe
  C:\Windows\System\RqDRPDh.exe
  2⤵
  PID:13956
- C:\Windows\System\gXCRbWk.exe
  C:\Windows\System\gXCRbWk.exe
  2⤵
  PID:13984
- C:\Windows\System\HVVsBWs.exe
  C:\Windows\System\HVVsBWs.exe
  2⤵
  PID:14012
- C:\Windows\System\yXutZja.exe
  C:\Windows\System\yXutZja.exe
  2⤵
  PID:14040
- C:\Windows\System\blbiLVc.exe
  C:\Windows\System\blbiLVc.exe
  2⤵
  PID:14068
- C:\Windows\System\uPvWhWy.exe
  C:\Windows\System\uPvWhWy.exe
  2⤵
  PID:14096
- C:\Windows\System\AlcyRfU.exe
  C:\Windows\System\AlcyRfU.exe
  2⤵
  PID:14124
- C:\Windows\System\IibyIWE.exe
  C:\Windows\System\IibyIWE.exe
  2⤵
  PID:14152
- C:\Windows\System\MvpRyRd.exe
  C:\Windows\System\MvpRyRd.exe
  2⤵
  PID:14180
- C:\Windows\System\TYDiylh.exe
  C:\Windows\System\TYDiylh.exe
  2⤵
  PID:14208
- C:\Windows\System\qxqllzZ.exe
  C:\Windows\System\qxqllzZ.exe
  2⤵
  PID:14236
- C:\Windows\System\lHDjUaY.exe
  C:\Windows\System\lHDjUaY.exe
  2⤵
  PID:14264
- C:\Windows\System\OmOYsQL.exe
  C:\Windows\System\OmOYsQL.exe
  2⤵
  PID:14292
- C:\Windows\System\wDhJMNK.exe
  C:\Windows\System\wDhJMNK.exe
  2⤵
  PID:14324
- C:\Windows\System\bHmxWQz.exe
  C:\Windows\System\bHmxWQz.exe
  2⤵
  PID:8940
- C:\Windows\System\DgaBHzl.exe
  C:\Windows\System\DgaBHzl.exe
  2⤵
  PID:13348
- C:\Windows\System\QOvoCRj.exe
  C:\Windows\System\QOvoCRj.exe
  2⤵
  PID:9056
- C:\Windows\System\KOYMTcF.exe
  C:\Windows\System\KOYMTcF.exe
  2⤵
  PID:13416
- C:\Windows\System\WpXqBEj.exe
  C:\Windows\System\WpXqBEj.exe
  2⤵
  PID:9112
- C:\Windows\System\FRTeKic.exe
  C:\Windows\System\FRTeKic.exe
  2⤵
  PID:13500
- C:\Windows\System\VtUPlMj.exe
  C:\Windows\System\VtUPlMj.exe
  2⤵
  PID:9168
- C:\Windows\System\DgGrzoA.exe
  C:\Windows\System\DgGrzoA.exe
  2⤵
  PID:13584
- C:\Windows\System\QkqWYIK.exe
  C:\Windows\System\QkqWYIK.exe
  2⤵
  PID:13636
- C:\Windows\System\TdhptDk.exe
  C:\Windows\System\TdhptDk.exe
  2⤵
  PID:13684
- C:\Windows\System\qpZupoh.exe
  C:\Windows\System\qpZupoh.exe
  2⤵
  PID:13728
- C:\Windows\System\VSQapKx.exe
  C:\Windows\System\VSQapKx.exe
  2⤵
  PID:13756
- C:\Windows\System\hjjCnkl.exe
  C:\Windows\System\hjjCnkl.exe
  2⤵
  PID:13780
- C:\Windows\System\eEmvCgL.exe
  C:\Windows\System\eEmvCgL.exe
  2⤵
  PID:13828
- C:\Windows\System\AwLoxTq.exe
  C:\Windows\System\AwLoxTq.exe
  2⤵
  PID:13868
- C:\Windows\System\RPsuYOc.exe
  C:\Windows\System\RPsuYOc.exe
  2⤵
  PID:2060
- C:\Windows\System\RmPQTtF.exe
  C:\Windows\System\RmPQTtF.exe
  2⤵
  PID:13948
- C:\Windows\System\arBfwge.exe
  C:\Windows\System\arBfwge.exe
  2⤵
  PID:14004
- C:\Windows\System\ILlVaXo.exe
  C:\Windows\System\ILlVaXo.exe
  2⤵
  PID:14060
- C:\Windows\System\lZRaMIf.exe
  C:\Windows\System\lZRaMIf.exe
  2⤵
  PID:14116
- C:\Windows\System\ziKVAar.exe
  C:\Windows\System\ziKVAar.exe
  2⤵
  PID:14164
- C:\Windows\System\JTYKaGr.exe
  C:\Windows\System\JTYKaGr.exe
  2⤵
  PID:8508
- C:\Windows\System\OgKpOjp.exe
  C:\Windows\System\OgKpOjp.exe
  2⤵
  PID:14228
- C:\Windows\System\DmvDCcm.exe
  C:\Windows\System\DmvDCcm.exe
  2⤵
  PID:8748
- C:\Windows\System\nZNGPhY.exe
  C:\Windows\System\nZNGPhY.exe
  2⤵
  PID:14304
- C:\Windows\System\dPSYjEa.exe
  C:\Windows\System\dPSYjEa.exe
  2⤵
  PID:3008
- C:\Windows\System\GYDqCiC.exe
  C:\Windows\System\GYDqCiC.exe
  2⤵
  PID:9004
- C:\Windows\System\YAOcPXx.exe
  C:\Windows\System\YAOcPXx.exe
  2⤵
  PID:6820
- C:\Windows\System\fWLVHhd.exe
  C:\Windows\System\fWLVHhd.exe
  2⤵
  PID:8928
- C:\Windows\System\twcEYQm.exe
  C:\Windows\System\twcEYQm.exe
  2⤵
  PID:6412
- C:\Windows\System\WXQaAJq.exe
  C:\Windows\System\WXQaAJq.exe
  2⤵
  PID:9040
- C:\Windows\System\yiVJMpE.exe
  C:\Windows\System\yiVJMpE.exe
  2⤵
  PID:13576
- C:\Windows\System\UMheDDS.exe
  C:\Windows\System\UMheDDS.exe
  2⤵
  PID:7532
- C:\Windows\System\DBnuFhZ.exe
  C:\Windows\System\DBnuFhZ.exe
  2⤵
  PID:8368
- C:\Windows\System\AWRKTmT.exe
  C:\Windows\System\AWRKTmT.exe
  2⤵
  PID:8292
- C:\Windows\System\WkmyLcg.exe
  C:\Windows\System\WkmyLcg.exe
  2⤵
  PID:8432
- C:\Windows\System\dEYSERp.exe
  C:\Windows\System\dEYSERp.exe
  2⤵
  PID:2672
- C:\Windows\System\dcXFgAQ.exe
  C:\Windows\System\dcXFgAQ.exe
  2⤵
  PID:13924
- C:\Windows\System\gFbHpiB.exe
  C:\Windows\System\gFbHpiB.exe
  2⤵
  PID:14008
- C:\Windows\System\VkQhgYk.exe
  C:\Windows\System\VkQhgYk.exe
  2⤵
  PID:14088
- C:\Windows\System\yPebZwz.exe
  C:\Windows\System\yPebZwz.exe
  2⤵
  PID:7440
- C:\Windows\System\yOOflgt.exe
  C:\Windows\System\yOOflgt.exe
  2⤵
  PID:8888
- C:\Windows\System\cwgItTZ.exe
  C:\Windows\System\cwgItTZ.exe
  2⤵
  PID:8984
- C:\Windows\System\OkuLjlW.exe
  C:\Windows\System\OkuLjlW.exe
  2⤵
  PID:8352
- C:\Windows\System\yuOCpHX.exe
  C:\Windows\System\yuOCpHX.exe
  2⤵
  PID:8980
- C:\Windows\System\uuAwKid.exe
  C:\Windows\System\uuAwKid.exe
  2⤵
  PID:13328
- C:\Windows\System\DPzqMlH.exe
  C:\Windows\System\DPzqMlH.exe
  2⤵
  PID:13440
- C:\Windows\System\KoocvEN.exe
  C:\Windows\System\KoocvEN.exe
  2⤵
  PID:8596
- C:\Windows\System\srnmarX.exe
  C:\Windows\System\srnmarX.exe
  2⤵
  PID:4916
- C:\Windows\System\iMZQhAz.exe
  C:\Windows\System\iMZQhAz.exe
  2⤵
  PID:9228
- C:\Windows\System\MdtgsVJ.exe
  C:\Windows\System\MdtgsVJ.exe
  2⤵
  PID:14108
- C:\Windows\System\QzCZVXU.exe
  C:\Windows\System\QzCZVXU.exe
  2⤵
  PID:13864
- C:\Windows\System\bkRrfCu.exe
  C:\Windows\System\bkRrfCu.exe
  2⤵
  PID:13976
- C:\Windows\System\EQGuLVy.exe
  C:\Windows\System\EQGuLVy.exe
  2⤵
  PID:3772
- C:\Windows\System\cewtogY.exe
  C:\Windows\System\cewtogY.exe
  2⤵
  PID:9360
- C:\Windows\System\WJRARuk.exe
  C:\Windows\System\WJRARuk.exe
  2⤵
  PID:14260
- C:\Windows\System\tBEFpIA.exe
  C:\Windows\System\tBEFpIA.exe
  2⤵
  PID:6728
- C:\Windows\System\ccrqMAd.exe
  C:\Windows\System\ccrqMAd.exe
  2⤵
  PID:7008
- C:\Windows\System\qNdAxBB.exe
  C:\Windows\System\qNdAxBB.exe
  2⤵
  PID:9100
- C:\Windows\System\RkXpKdE.exe
  C:\Windows\System\RkXpKdE.exe
  2⤵
  PID:13668
- C:\Windows\System\hnxpmBw.exe
  C:\Windows\System\hnxpmBw.exe
  2⤵
  PID:2540
- C:\Windows\System\ECrknKH.exe
  C:\Windows\System\ECrknKH.exe
  2⤵
  PID:8924
- C:\Windows\System\nDqNWiH.exe
  C:\Windows\System\nDqNWiH.exe
  2⤵
  PID:4860
- C:\Windows\System\DOndLqF.exe
  C:\Windows\System\DOndLqF.exe
  2⤵
  PID:13544
- C:\Windows\System\ReeiBsR.exe
  C:\Windows\System\ReeiBsR.exe
  2⤵
  PID:8760
- C:\Windows\System\NshmYOS.exe
  C:\Windows\System\NshmYOS.exe
  2⤵
  PID:4528
- C:\Windows\System\oxSNRNw.exe
  C:\Windows\System\oxSNRNw.exe
  2⤵
  PID:9696
- C:\Windows\System\WjHrgck.exe
  C:\Windows\System\WjHrgck.exe
  2⤵
  PID:8576
- C:\Windows\System\WrmDBpQ.exe
  C:\Windows\System\WrmDBpQ.exe
  2⤵
  PID:9780
- C:\Windows\System\GrQGTQu.exe
  C:\Windows\System\GrQGTQu.exe
  2⤵
  PID:9716
- C:\Windows\System\ctHaFoI.exe
  C:\Windows\System\ctHaFoI.exe
  2⤵
  PID:9868
- C:\Windows\System\rHjxHdx.exe
  C:\Windows\System\rHjxHdx.exe
  2⤵
  PID:9284
- C:\Windows\System\NQBTUQy.exe
  C:\Windows\System\NQBTUQy.exe
  2⤵
  PID:9804
- C:\Windows\System\wgxUeQJ.exe
  C:\Windows\System\wgxUeQJ.exe
  2⤵
  PID:10008
- C:\Windows\System\UVBDaCZ.exe
  C:\Windows\System\UVBDaCZ.exe
  2⤵
  PID:10064
- C:\Windows\System\ZIlFveA.exe
  C:\Windows\System\ZIlFveA.exe
  2⤵
  PID:10084
- C:\Windows\System\KiGgmpg.exe
  C:\Windows\System\KiGgmpg.exe
  2⤵
  PID:9584
- C:\Windows\System\yHyGjmO.exe
  C:\Windows\System\yHyGjmO.exe
  2⤵
  PID:14356
- C:\Windows\System\myaZcVH.exe
  C:\Windows\System\myaZcVH.exe
  2⤵
  PID:14388
- C:\Windows\System\hZJARVL.exe
  C:\Windows\System\hZJARVL.exe
  2⤵
  PID:14416
- C:\Windows\System\FfbgXVL.exe
  C:\Windows\System\FfbgXVL.exe
  2⤵
  PID:14444
- C:\Windows\System\EIriBhr.exe
  C:\Windows\System\EIriBhr.exe
  2⤵
  PID:14472
- C:\Windows\System\LnSChbQ.exe
  C:\Windows\System\LnSChbQ.exe
  2⤵
  PID:14500
- C:\Windows\System\exdycsM.exe
  C:\Windows\System\exdycsM.exe
  2⤵
  PID:14528
- C:\Windows\System\OFTpuqf.exe
  C:\Windows\System\OFTpuqf.exe
  2⤵
  PID:14556
- C:\Windows\System\nEdXcMJ.exe
  C:\Windows\System\nEdXcMJ.exe
  2⤵
  PID:14584
- C:\Windows\System\pkAeOWa.exe
  C:\Windows\System\pkAeOWa.exe
  2⤵
  PID:14612
- C:\Windows\System\nhdHYDY.exe
  C:\Windows\System\nhdHYDY.exe
  2⤵
  PID:14640
- C:\Windows\System\yMmQbuK.exe
  C:\Windows\System\yMmQbuK.exe
  2⤵
  PID:14668
- C:\Windows\System\qWVkXcW.exe
  C:\Windows\System\qWVkXcW.exe
  2⤵
  PID:14696
- C:\Windows\System\vSYBiHx.exe
  C:\Windows\System\vSYBiHx.exe
  2⤵
  PID:14724
- C:\Windows\System\exgZMti.exe
  C:\Windows\System\exgZMti.exe
  2⤵
  PID:14752
- C:\Windows\System\fydXTeP.exe
  C:\Windows\System\fydXTeP.exe
  2⤵
  PID:14780
- C:\Windows\System\lZrrpHJ.exe
  C:\Windows\System\lZrrpHJ.exe
  2⤵
  PID:14808
- C:\Windows\System\fcdhPQZ.exe
  C:\Windows\System\fcdhPQZ.exe
  2⤵
  PID:14852
- C:\Windows\System\cwbaXXW.exe
  C:\Windows\System\cwbaXXW.exe
  2⤵
  PID:14868
- C:\Windows\System\zwSAPMn.exe
  C:\Windows\System\zwSAPMn.exe
  2⤵
  PID:14896
- C:\Windows\System\HAeyonQ.exe
  C:\Windows\System\HAeyonQ.exe
  2⤵
  PID:14928
- C:\Windows\System\luKxrtk.exe
  C:\Windows\System\luKxrtk.exe
  2⤵
  PID:14956
- C:\Windows\System\LUxAfIJ.exe
  C:\Windows\System\LUxAfIJ.exe
  2⤵
  PID:14984
- C:\Windows\System\xuFmzDB.exe
  C:\Windows\System\xuFmzDB.exe
  2⤵
  PID:15016
- C:\Windows\System\MeGRpGt.exe
  C:\Windows\System\MeGRpGt.exe
  2⤵
  PID:15044
- C:\Windows\System\lbKJnOU.exe
  C:\Windows\System\lbKJnOU.exe
  2⤵
  PID:15072
- C:\Windows\System\hthNqfG.exe
  C:\Windows\System\hthNqfG.exe
  2⤵
  PID:15100
- C:\Windows\System\hXhTRwc.exe
  C:\Windows\System\hXhTRwc.exe
  2⤵
  PID:15128
- C:\Windows\System\LWUnroe.exe
  C:\Windows\System\LWUnroe.exe
  2⤵
  PID:15156
- C:\Windows\System\lARhyRQ.exe
  C:\Windows\System\lARhyRQ.exe
  2⤵
  PID:15184
- C:\Windows\System\ZPRTpXo.exe
  C:\Windows\System\ZPRTpXo.exe
  2⤵
  PID:15212
- C:\Windows\System\oKQGWGz.exe
  C:\Windows\System\oKQGWGz.exe
  2⤵
  PID:15240
- C:\Windows\System\nnUypLY.exe
  C:\Windows\System\nnUypLY.exe
  2⤵
  PID:15268
- C:\Windows\System\MRJHIgj.exe
  C:\Windows\System\MRJHIgj.exe
  2⤵
  PID:15296
- C:\Windows\System\dOOCgvm.exe
  C:\Windows\System\dOOCgvm.exe
  2⤵
  PID:15324
- C:\Windows\System\zJBTLYR.exe
  C:\Windows\System\zJBTLYR.exe
  2⤵
  PID:15352
- C:\Windows\System\lzjuQlB.exe
  C:\Windows\System\lzjuQlB.exe
  2⤵
  PID:10176
- C:\Windows\System\NmdnsUl.exe
  C:\Windows\System\NmdnsUl.exe
  2⤵
  PID:10196
- C:\Windows\System\MhXErnm.exe
  C:\Windows\System\MhXErnm.exe
  2⤵
  PID:14440
- C:\Windows\System\IXXjhDw.exe
  C:\Windows\System\IXXjhDw.exe
  2⤵
  PID:14468
- C:\Windows\System\hEUMwUX.exe
  C:\Windows\System\hEUMwUX.exe
  2⤵
  PID:9448
- C:\Windows\System\IhuevaP.exe
  C:\Windows\System\IhuevaP.exe
  2⤵
  PID:9476
- C:\Windows\System\vVCOVbe.exe
  C:\Windows\System\vVCOVbe.exe
  2⤵
  PID:9548
- C:\Windows\System\WTlKIZK.exe
  C:\Windows\System\WTlKIZK.exe
  2⤵
  PID:9644
- C:\Windows\System\tTsDlFs.exe
  C:\Windows\System\tTsDlFs.exe
  2⤵
  PID:14656
- C:\Windows\System\VGMsdTS.exe
  C:\Windows\System\VGMsdTS.exe
  2⤵
  PID:9848
- C:\Windows\System\bKQzjUg.exe
  C:\Windows\System\bKQzjUg.exe
  2⤵
  PID:14720
- C:\Windows\System\aEyNgkj.exe
  C:\Windows\System\aEyNgkj.exe
  2⤵
  PID:14748
- C:\Windows\System\hRtFVPi.exe
  C:\Windows\System\hRtFVPi.exe
  2⤵
  PID:14776
- C:\Windows\System\gMahqLa.exe
  C:\Windows\System\gMahqLa.exe
  2⤵
  PID:8380
- C:\Windows\System\oMWKTMV.exe
  C:\Windows\System\oMWKTMV.exe
  2⤵
  PID:14864
- C:\Windows\System\YXiFRTx.exe
  C:\Windows\System\YXiFRTx.exe
  2⤵
  PID:14924
- C:\Windows\System\aNchmgy.exe
  C:\Windows\System\aNchmgy.exe
  2⤵
  PID:14996
- C:\Windows\System\CeyWDut.exe
  C:\Windows\System\CeyWDut.exe
  2⤵
  PID:10144
- C:\Windows\System\SuTIHzm.exe
  C:\Windows\System\SuTIHzm.exe
  2⤵
  PID:15112
- C:\Windows\System\MkRoYnr.exe
  C:\Windows\System\MkRoYnr.exe
  2⤵
  PID:15152
- C:\Windows\System\YIwfcKl.exe
  C:\Windows\System\YIwfcKl.exe
  2⤵
  PID:15224
- C:\Windows\System\KSaYXXN.exe
  C:\Windows\System\KSaYXXN.exe
  2⤵
  PID:15288
- C:\Windows\System\rtKjCCT.exe
  C:\Windows\System\rtKjCCT.exe
  2⤵
  PID:15344
- C:\Windows\System\BKpXPoI.exe
  C:\Windows\System\BKpXPoI.exe
  2⤵
  PID:10204
- C:\Windows\System\OdPVoBh.exe
  C:\Windows\System\OdPVoBh.exe
  2⤵
  PID:9336
- C:\Windows\System\YxLbmRL.exe
  C:\Windows\System\YxLbmRL.exe
  2⤵
  PID:9508
- C:\Windows\System\gnCaKNK.exe
  C:\Windows\System\gnCaKNK.exe
  2⤵
  PID:9720
- C:\Windows\System\gHYGhSo.exe
  C:\Windows\System\gHYGhSo.exe
  2⤵
  PID:9900
- C:\Windows\System\gaJKPyT.exe
  C:\Windows\System\gaJKPyT.exe
  2⤵
  PID:14744
- C:\Windows\System\rBuEpmf.exe
  C:\Windows\System\rBuEpmf.exe
  2⤵
  PID:14888
- C:\Windows\System\iqYWZIT.exe
  C:\Windows\System\iqYWZIT.exe
  2⤵
  PID:14976
- C:\Windows\System\IJDvlsE.exe
  C:\Windows\System\IJDvlsE.exe
  2⤵
  PID:15096
- C:\Windows\System\BhpUzCC.exe
  C:\Windows\System\BhpUzCC.exe
  2⤵
  PID:15252
- C:\Windows\System\JDKjXNc.exe
  C:\Windows\System\JDKjXNc.exe
  2⤵
  PID:14916
- C:\Windows\System\QFqzWwD.exe
  C:\Windows\System\QFqzWwD.exe
  2⤵
  PID:9592
- C:\Windows\System\OqzlEMU.exe
  C:\Windows\System\OqzlEMU.exe
  2⤵
  PID:7264
- C:\Windows\System\GTldNIA.exe
  C:\Windows\System\GTldNIA.exe
  2⤵
  PID:8604
- C:\Windows\System\PtXmckG.exe
  C:\Windows\System\PtXmckG.exe
  2⤵
  PID:14820
- C:\Windows\System\FbpwhTz.exe
  C:\Windows\System\FbpwhTz.exe
  2⤵
  PID:14920
- C:\Windows\System\EszRUDN.exe
  C:\Windows\System\EszRUDN.exe
  2⤵
  PID:15092
- C:\Windows\System\uioXlqp.exe
  C:\Windows\System\uioXlqp.exe
  2⤵
  PID:15208
- C:\Windows\System\RGUoVlV.exe
  C:\Windows\System\RGUoVlV.exe
  2⤵
  PID:14456
- C:\Windows\System\IDHgfye.exe
  C:\Windows\System\IDHgfye.exe
  2⤵
  PID:4556
- C:\Windows\System\NVCNqor.exe
  C:\Windows\System\NVCNqor.exe
  2⤵
  PID:1448
- C:\Windows\System\KNxDFCp.exe
  C:\Windows\System\KNxDFCp.exe
  2⤵
  PID:2832
- C:\Windows\System\XDUFPPz.exe
  C:\Windows\System\XDUFPPz.exe
  2⤵
  PID:980
- C:\Windows\System\nyIvmKE.exe
  C:\Windows\System\nyIvmKE.exe
  2⤵
  PID:14436
- C:\Windows\System\VxxAwVm.exe
  C:\Windows\System\VxxAwVm.exe
  2⤵
  PID:4896
- C:\Windows\System\usyYZdF.exe
  C:\Windows\System\usyYZdF.exe
  2⤵
  PID:9920
- C:\Windows\System\cZWIfRi.exe
  C:\Windows\System\cZWIfRi.exe
  2⤵
  PID:10088
- C:\Windows\System\NtxYlOM.exe
  C:\Windows\System\NtxYlOM.exe
  2⤵
  PID:628
- C:\Windows\System\FelnSiK.exe
  C:\Windows\System\FelnSiK.exe
  2⤵
  PID:4532
- C:\Windows\System\GqTOdVm.exe
  C:\Windows\System\GqTOdVm.exe
  2⤵
  PID:15148
- C:\Windows\System\ByeOkwu.exe
  C:\Windows\System\ByeOkwu.exe
  2⤵
  PID:10152
- C:\Windows\System\Gpbebfg.exe
  C:\Windows\System\Gpbebfg.exe
  2⤵
  PID:860
- C:\Windows\System\vPhOasI.exe
  C:\Windows\System\vPhOasI.exe
  2⤵
  PID:4020
- C:\Windows\System\AXsuWCR.exe
  C:\Windows\System\AXsuWCR.exe
  2⤵
  PID:5084
- C:\Windows\System\jfZhiok.exe
  C:\Windows\System\jfZhiok.exe
  2⤵
  PID:4812
- C:\Windows\System\oCMZlTJ.exe
  C:\Windows\System\oCMZlTJ.exe
  2⤵
  PID:5192
- C:\Windows\System\vdVCrqg.exe
  C:\Windows\System\vdVCrqg.exe
  2⤵
  PID:15380
- C:\Windows\System\KTenrNV.exe
  C:\Windows\System\KTenrNV.exe
  2⤵
  PID:15408
- C:\Windows\System\KZjryKe.exe
  C:\Windows\System\KZjryKe.exe
  2⤵
  PID:15428
- C:\Windows\System\FWjswnh.exe
  C:\Windows\System\FWjswnh.exe
  2⤵
  PID:15464
- C:\Windows\System\jPvPVAJ.exe
  C:\Windows\System\jPvPVAJ.exe
  2⤵
  PID:15492
- C:\Windows\System\QDSnOma.exe
  C:\Windows\System\QDSnOma.exe
  2⤵
  PID:15520
- C:\Windows\System\PXoSEAC.exe
  C:\Windows\System\PXoSEAC.exe
  2⤵
  PID:15556
- C:\Windows\System\zYwMYCD.exe
  C:\Windows\System\zYwMYCD.exe
  2⤵
  PID:15584
- C:\Windows\System\kERXDJv.exe
  C:\Windows\System\kERXDJv.exe
  2⤵
  PID:15620
- C:\Windows\System\aUxiOBo.exe
  C:\Windows\System\aUxiOBo.exe
  2⤵
  PID:15656
- C:\Windows\System\kMlBMIk.exe
  C:\Windows\System\kMlBMIk.exe
  2⤵
  PID:15684
- C:\Windows\System\WRpcMuO.exe
  C:\Windows\System\WRpcMuO.exe
  2⤵
  PID:15712
- C:\Windows\System\qdSJPmP.exe
  C:\Windows\System\qdSJPmP.exe
  2⤵
  PID:15740
- C:\Windows\System\ZztjbFq.exe
  C:\Windows\System\ZztjbFq.exe
  2⤵
  PID:15780
- C:\Windows\System\yqRbwlw.exe
  C:\Windows\System\yqRbwlw.exe
  2⤵
  PID:15796
- C:\Windows\System\hZmnLyU.exe
  C:\Windows\System\hZmnLyU.exe
  2⤵
  PID:15824
- C:\Windows\System\gxRmpRu.exe
  C:\Windows\System\gxRmpRu.exe
  2⤵
  PID:15852
- C:\Windows\System\TzCPjtN.exe
  C:\Windows\System\TzCPjtN.exe
  2⤵
  PID:15880
- C:\Windows\System\YbvWDLn.exe
  C:\Windows\System\YbvWDLn.exe
  2⤵
  PID:15908
- C:\Windows\System\iWxgyzC.exe
  C:\Windows\System\iWxgyzC.exe
  2⤵
  PID:15936
- C:\Windows\System\WQTSnRQ.exe
  C:\Windows\System\WQTSnRQ.exe
  2⤵
  PID:15964
- C:\Windows\System\rHMCNWB.exe
  C:\Windows\System\rHMCNWB.exe
  2⤵
  PID:15996
- C:\Windows\System\mTebwlr.exe
  C:\Windows\System\mTebwlr.exe
  2⤵
  PID:16024
- C:\Windows\System\ZhsMApX.exe
  C:\Windows\System\ZhsMApX.exe
  2⤵
  PID:16052
- C:\Windows\System\gclJiXa.exe
  C:\Windows\System\gclJiXa.exe
  2⤵
  PID:16080
- C:\Windows\System\poDHUuI.exe
  C:\Windows\System\poDHUuI.exe
  2⤵
  PID:16108
- C:\Windows\System\MXWbeBn.exe
  C:\Windows\System\MXWbeBn.exe
  2⤵
  PID:16136
- C:\Windows\System\qncuFxh.exe
  C:\Windows\System\qncuFxh.exe
  2⤵
  PID:16164
- C:\Windows\System\WRShbLZ.exe
  C:\Windows\System\WRShbLZ.exe
  2⤵
  PID:16192
- C:\Windows\System\jyURItM.exe
  C:\Windows\System\jyURItM.exe
  2⤵
  PID:16220
- C:\Windows\System\yMswaUh.exe
  C:\Windows\System\yMswaUh.exe
  2⤵
  PID:16252
- C:\Windows\System\iEHBfvS.exe
  C:\Windows\System\iEHBfvS.exe
  2⤵
  PID:16280
- C:\Windows\System\orgYElR.exe
  C:\Windows\System\orgYElR.exe
  2⤵
  PID:16308
- C:\Windows\System\QHLpTGr.exe
  C:\Windows\System\QHLpTGr.exe
  2⤵
  PID:16336
- C:\Windows\System\cxrBfBV.exe
  C:\Windows\System\cxrBfBV.exe
  2⤵
  PID:16364
- C:\Windows\System\tWCMxFU.exe
  C:\Windows\System\tWCMxFU.exe
  2⤵
  PID:4352
- C:\Windows\System\jHYwUGn.exe
  C:\Windows\System\jHYwUGn.exe
  2⤵
  PID:3300
- C:\Windows\System\qnEXsCN.exe
  C:\Windows\System\qnEXsCN.exe
  2⤵
  PID:15452
- C:\Windows\System\UdUkofm.exe
  C:\Windows\System\UdUkofm.exe
  2⤵
  PID:14688
- C:\Windows\System\VTMfBHR.exe
  C:\Windows\System\VTMfBHR.exe
  2⤵
  PID:1616
- C:\Windows\System\tPRZqvx.exe
  C:\Windows\System\tPRZqvx.exe
  2⤵
  PID:15568
- C:\Windows\System\KeXzCBQ.exe
  C:\Windows\System\KeXzCBQ.exe
  2⤵
  PID:15604
- C:\Windows\System\BDyATtd.exe
  C:\Windows\System\BDyATtd.exe
  2⤵
  PID:5336
- C:\Windows\System\pkMYTgi.exe
  C:\Windows\System\pkMYTgi.exe
  2⤵
  PID:1204
- C:\Windows\System\yKQDuas.exe
  C:\Windows\System\yKQDuas.exe
  2⤵
  PID:15704
- C:\Windows\System\GDwsEIy.exe
  C:\Windows\System\GDwsEIy.exe
  2⤵
  PID:15752
- C:\Windows\System\VeHQoQZ.exe
  C:\Windows\System\VeHQoQZ.exe
  2⤵
  PID:5688
- C:\Windows\System\WHrwLyx.exe
  C:\Windows\System\WHrwLyx.exe
  2⤵
  PID:15820
- C:\Windows\System\ELNPJbK.exe
  C:\Windows\System\ELNPJbK.exe
  2⤵
  PID:15872
- C:\Windows\System\iBNONjt.exe
  C:\Windows\System\iBNONjt.exe
  2⤵
  PID:10336
- C:\Windows\System\najwdYo.exe
  C:\Windows\System\najwdYo.exe
  2⤵
  PID:10400
- C:\Windows\System\RjYEJuH.exe
  C:\Windows\System\RjYEJuH.exe
  2⤵
  PID:15988
- C:\Windows\System\rzoOCZg.exe
  C:\Windows\System\rzoOCZg.exe
  2⤵
  PID:16008
- C:\Windows\System\IcqcHCx.exe
  C:\Windows\System\IcqcHCx.exe
  2⤵
  PID:16048
- C:\Windows\System\EDZHvKR.exe
  C:\Windows\System\EDZHvKR.exe
  2⤵
  PID:16076
- C:\Windows\System\NvOPZwu.exe
  C:\Windows\System\NvOPZwu.exe
  2⤵
  PID:16120
- C:\Windows\System\ECXAESP.exe
  C:\Windows\System\ECXAESP.exe
  2⤵
  PID:16148
- C:\Windows\System\ZdrPNJc.exe
  C:\Windows\System\ZdrPNJc.exe
  2⤵
  PID:16188
- C:\Windows\System\QGeIFae.exe
  C:\Windows\System\QGeIFae.exe
  2⤵
  PID:10704
- C:\Windows\System\lgdycgK.exe
  C:\Windows\System\lgdycgK.exe
  2⤵
  PID:16272
- C:\Windows\System\dBCTRmy.exe
  C:\Windows\System\dBCTRmy.exe
  2⤵
  PID:10796
- C:\Windows\System\taAafnH.exe
  C:\Windows\System\taAafnH.exe
  2⤵
  PID:16332
- C:\Windows\System\IKHqiJc.exe
  C:\Windows\System\IKHqiJc.exe
  2⤵
  PID:15372
- C:\Windows\System\rLkJHnQ.exe
  C:\Windows\System\rLkJHnQ.exe
  2⤵
  PID:10900
- C:\Windows\System\rWRKQod.exe
  C:\Windows\System\rWRKQod.exe
  2⤵
  PID:5200
- C:\Windows\System\OKntJoS.exe
  C:\Windows\System\OKntJoS.exe
  2⤵
  PID:15540
- C:\Windows\System\jqapBjD.exe
  C:\Windows\System\jqapBjD.exe
  2⤵
  PID:11012
- C:\Windows\System\iWuKgks.exe
  C:\Windows\System\iWuKgks.exe
  2⤵
  PID:15612
- C:\Windows\System\FiOdZkQ.exe
  C:\Windows\System\FiOdZkQ.exe
  2⤵
  PID:5580
- C:\Windows\System\CMlNVZC.exe
  C:\Windows\System\CMlNVZC.exe
  2⤵
  PID:11124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AHArrTo.exe

Filesize
6.0MB

MD5
8ddec1018c67f7e1eee140cbe6d33350

SHA1
a07a428af1e10024b004ad1dfc4ec88f370d2ce8

SHA256
bfe85ce2a052efd0f61d6b64286139dda223d977cb8cdf67d771b3ac203be7e7

SHA512
a1a9350acf6fb044cbeec88302e8f3d1046f5d9f9a824be8a46990a8406d7783f517e3f7857990be43a7a9833539ba9946d3f785896b921fdaa6bdc5a4cb1c98

Download Submit
C:\Windows\System\BRELNjJ.exe

Filesize
6.0MB

MD5
96079945cdba4e3654aceafd57eb1c33

SHA1
cc263cf4d95cda05bac3d31e4d48077d559b5a19

SHA256
6c775fc639d777a5759bc5e396f5b2a78213d57f5dceee6a5640e3b5eb27e1a9

SHA512
15028dfde68a1e4bfe0b51f273d9603ce1ff3861a8be20ca04029a8883318dcafefda6ab8db85fd94219921de9e78465a04c3df186c3acb7931391e85de86dc4

Download Submit
C:\Windows\System\CDXOrLA.exe

Filesize
6.0MB

MD5
960bcb854280ede1e968c5cefc3188c4

SHA1
08ca2dca4c83803f0911dd04b494b6db1f4f0b12

SHA256
6bc1d420e8aef564181d51a4530821ef2b4a5215097939f5a616652fe3123c86

SHA512
f07021190f96c2a808013cf86776e2de959422cf448867a7de5ad5add00a0a106b09189e8257c49d316d46a5003650aa4207f066ae3f32e17f70bf9697ebda2e

Download Submit
C:\Windows\System\CgWVeVI.exe

Filesize
6.0MB

MD5
84fff447618ad1cd4a442b4f90ce12dc

SHA1
5f2f6e614809b17e3fb41c58b2919ebffa001d86

SHA256
43c3f3139fa6071c64e41d0e1bb00916cc077b486dcbf950f257567403d8f030

SHA512
dfc876b574c6b47aacc7a4b9e4f6188fb3c25137fa1936f50cf38a14d341d2c164f5691ca6ac13549de24e348e00963a6002491cf614edb5add55b537e30bf23

Download Submit
C:\Windows\System\FdIkAGl.exe

Filesize
6.0MB

MD5
3025e723aa7a68eb8876ccce3d4d957b

SHA1
c3b74f8fb4e9eb32ff4bc159530ebdba421dea78

SHA256
91c6075143889684f077d0661a7336857256b94fb431bf180ae1e2b319c7d042

SHA512
e32e246bf6f49fb8bfbac866a6a9f5ff70c7050c4b96450b231f4110ef97277bbd361370172d3f8e06789bd84c479b4fdc7c071105a5b066e9307c128ab778e1

Download Submit
C:\Windows\System\GbHsBki.exe

Filesize
6.0MB

MD5
e2ea1eec1894cc78bd5145f45bee5db1

SHA1
2c2ae6378852dfa220a85c2732db169ad216c516

SHA256
5fb8c6df88b98a25b722756d227fa3196b86ab9c1e43ad5302e15f8a7e3a777e

SHA512
68ad0f98f77b214e9502d77bdf1a5a6690fd69f550d90f4a882d68e84f81df6a0e13d556bc8b67f480bf3c7e5be2493610945e859e23cb01c91b9790be9e7a4a

Download Submit
C:\Windows\System\HwSCfxk.exe

Filesize
6.0MB

MD5
cfdcc39a9fa9a83a057d8a22c826cb6b

SHA1
aca5e1f8438e92fa5b024a4759a1c2b37b3c0409

SHA256
c15492f3cdb93f86bd7b09ab58703bec3b0740cf753ac8b8858b20cbe041a772

SHA512
5b0da46066931f6235793fbefc5b1921e0b4347e2eac1fd7937a3dc1f8ba7aff9e06f990bf6aefbdeecdcec33887caf7e79ac1e9798cc24401137235e9649f2b

Download Submit
C:\Windows\System\MHTdnnU.exe

Filesize
6.0MB

MD5
05058134fe0b94aadc08ae73f3cf4133

SHA1
7cfbe7824d4f27cea4950265f5ef680d16a70ffe

SHA256
d685580ae5f762c73dea787f3c37b5dd8359760879f08abc1b063bcce84ec765

SHA512
52d0cf79e130ffc88c05d62dfa94a28b00c7e465f391ca8aa77120821ff538b2cf9873aa4b7dbbd47bab9ce85260b48b21b2418bec62865195d4bd83c314e76e

Download Submit
C:\Windows\System\MbDalFA.exe

Filesize
6.0MB

MD5
f32e66e552e812b25cde49e6374d5c95

SHA1
e29bb20d6ebb99c2457ef582ab9e022eef61cf65

SHA256
7ffe6f01c4ac06a52ba4192e560df74194d2524e78feabfcb99e8cd5f0676f58

SHA512
ed1301b1d4a5e16e81e30bdbae4b22e1b442829dcffb0c63e408d44ea68864806d8f885956907fe025e61490fe3c38a06bc129ed230c39b3dd33876210d234cb

Download Submit
C:\Windows\System\NEAIUHj.exe

Filesize
6.0MB

MD5
245f7a009186ad98443ff4a4022b256b

SHA1
0a9b49dbec08d4be1b7a8e537e95a545f1b328ca

SHA256
32e77254bc531237a5b88beb7fa70f69587cc092a7b7c1f98f0e32646c10422e

SHA512
884e2db7f81d6d61785ebc0c80184366805ff3a0f82f6ef1e0682683c1da0be95bc6f5e437458e8c7d17876e5759f62ac18d568ee737702da189ac238196b867

Download Submit
C:\Windows\System\OGyEGQv.exe

Filesize
6.0MB

MD5
38715d825b5b3efc61177aa58001c2b2

SHA1
16a8b0c14a5ff567219be23bd289c2b3e2851490

SHA256
932ae44560f4b85dd3c6e8cb899a2fea3ae457b72ba9c7740833317f9cb77b7e

SHA512
79e514e0afd682cac00d92bc5bea780bdbf245fbc9a80da0b4162b031cf0347f0e903a47fac439895eac0c983ba6ba6b22ab508b9ba9cf0f73066fa5ee153b0c

Download Submit
C:\Windows\System\PRXuOHO.exe

Filesize
6.0MB

MD5
d9cc0c3667c6701f67f881736b2826cd

SHA1
2a308b7cb36572686fde705858fb552ba591535e

SHA256
f487785df7600ab54d9c51b10435dc66a1742e8f6ed9fbaa2d9f4707adcbfbe9

SHA512
1cb77f586aba38e6638e0e6e08cecf27ac6a9b2818ce1904bf5d4af4be2208c42edb83d14ebdca2b250bc7166fc74326b49eeca9f3f9ae5fe61c2787148f4b88

Download Submit
C:\Windows\System\QsQRggK.exe

Filesize
6.0MB

MD5
20ffbf2c62a252338e0dfd4bb225ba20

SHA1
eb4e8fa72b6f8f1552c86adbc5d4e5a650d84d02

SHA256
94d80c07cfa8d9c070103aa266ea4f8dee2e62846a51f491b43d9de4cb31a21d

SHA512
6dcfb1b578f965f9e7ce21e3738c5d63a071722f0a78ac191dda236b38c71a0ebc60785dc10ffec2407c3c761996c8fe6f5c8709ee5d761b8c3f41dab1471931

Download Submit
C:\Windows\System\SwCpgig.exe

Filesize
6.0MB

MD5
0a1420f5b9177cd3f33128177b94db5b

SHA1
16b32db0763f3d75070fb0ed05658b60ed2be46f

SHA256
2d250160ad2ffdb1756fe0d589c9a480ad60346544be8f43bc7b40b32d63cf42

SHA512
e904d964fbdd7778392ddcfe38cd58fc308ca966ca98b1f4e631eecbbdf3fe8d5302b054f253d670a0b8fdfc9f0d567d238e70a86299275423f45475efb41ca7

Download Submit
C:\Windows\System\UsJSkai.exe

Filesize
6.0MB

MD5
915cc2dad6381e2a1573c925ce8f4e9c

SHA1
64919ebedd9593890f3cdd3d0132ebfabcd76fef

SHA256
93d45479013258d073f37d713ee3fed049cbbe2a481a190fd4df374a368cfa64

SHA512
95575c33b56eea6d53c261fa94dfc5d257d9afddf35659e15bc405e88bb90ff03f1e66c0e25d9e8a401dcc753f14e05c8fe1873716616afec779da7616e9b225

Download Submit
C:\Windows\System\VdtpwNk.exe

Filesize
6.0MB

MD5
e9d84522d8b59fe6270f6e32eeb5eff8

SHA1
46b6e50652295deeff5a6eb9d2cbe583eb5aa115

SHA256
1af88e046cc6073dd587c57acd29d7aff6612d74f8bdd1f5d892ad0e21f6914e

SHA512
335cc913b1cfdb4127b79df7fa0382894e99670777d7142642989b6a4e9883ff257f08eb04670e04a3564102539db050987003e4b4198d06da3ba3ad4f7165b4

Download Submit
C:\Windows\System\YUORsqt.exe

Filesize
6.0MB

MD5
a34b666820603edadd7427b43b956cc4

SHA1
0e53c6aa27a48c91f91cd2b5da85c99c05fc6447

SHA256
add4dc213875f14aa9bdb63c2709fbf73966e2caaef4a83793c87e531c45b9c1

SHA512
39cd81244a8ab11eb03a9f8e3a01be640f3faf17099b43518f2b574dc7e150db69f7fd66b3e3ce1e878370b45820d071a4e850b889a9c23552d0480a87fc9e6e

Download Submit
C:\Windows\System\dMgqxRT.exe

Filesize
6.0MB

MD5
7fb29d4e50f3ade98fc25ca325edeccd

SHA1
4e553cf3537657abd50d67e39535f993023aa72e

SHA256
443b7a91cff0db295dab308eb4ff72a0a094f7feee1632eecd4344f3997fc556

SHA512
bc7a6977b59b2b9d0e10cb79aa597eaa6bd62430ce7e363e5971291b757e957b2dd5b3995ec3cd40ca2926b7fdfe75ff041562ce5885cff52ede174de2d149cf

Download Submit
C:\Windows\System\dkpkomP.exe

Filesize
6.0MB

MD5
eb627194418679d797434b71021817a2

SHA1
8eec786dc2eb6d13d420197e87575d565d7ea696

SHA256
19df165504e9384eb8a8508600997acbaa0d120792fe153ca6ea8dc071851263

SHA512
0af52e5865437d8e3e34b145ca2cc640c3cb0fd7b31927da296edace4db005581764d9b4968118bcda07c9778058834139e3c72f9411126ca6463f5107da279b

Download Submit
C:\Windows\System\gIporqa.exe

Filesize
6.0MB

MD5
e899a448aa795ee1ab3e0b1b5e882396

SHA1
2f1c23e971729965387849b4258ed076b59034c5

SHA256
b222113ceaec3de8c9d3dbdc7fba7276d9937aa7a12b2da258af4499fd9a9450

SHA512
b0e9a98735f1c48ded7d7c27670161a0cb8cd0871265f1584521374845adc502c45eb55f8bcd3bbf2452b6268f41241efe0f8e23e8ea0f69208848c88bfa73d0

Download Submit
C:\Windows\System\gfeVpSH.exe

Filesize
6.0MB

MD5
5f5e69441d199c53af01a7df1c2eac50

SHA1
1d4d7af9df2ec8de9ca13e2c4705834a0f4f39b3

SHA256
f093d9523aaaee16b98364dcef7c752947b5e7772a74c35f7252faa9b794d530

SHA512
79f2eb5650a8c8fb2131fb41999808abd0eb18ad58762c4f27f98277c62b3496e8e29a406ff6745200b0cae3240666d9a5636c37fa6a3a64263a6534f7cc79a5

Download Submit
C:\Windows\System\gsMTMyN.exe

Filesize
6.0MB

MD5
05f49041ea40c52a831cc2cf4980db68

SHA1
eec750649eca3b9700e1534e15e17e209fdf0312

SHA256
d8487aa194d797284d7df77f5cf485a3e1c00b6b9b314d9ee8e1d5e9abfd8836

SHA512
779d38f8bddabc1bcbee2ae0ec7a437cb0d9a195b5c5e3950482aa745fbdfc50d14bf9e311c85ee207c8773b71b47667874f6273a52453223f25ddbbde2f71b2

Download Submit
C:\Windows\System\iOvLJTU.exe

Filesize
6.0MB

MD5
ed4e7ee17f667c8479ddcbc81ba42410

SHA1
6978a4c59481263ee154a85c6b632fd1cf1f0cf1

SHA256
50a060310f4659c723af58ffcdd4ccd763b189f77dd24be7a60942f33c92c814

SHA512
c15f6ad612c5d9493400b430e547871b3683d7b1f5e084732182f48b3dd448effd5ffc7d094fd28db7659364f988f3b4b7c39ff929a2bbb6bc67c3aebfbea6c2

Download Submit
C:\Windows\System\lFhWBuB.exe

Filesize
6.0MB

MD5
2e34ae169555e1769eb345fe2598382b

SHA1
68ac93605471142aa2235ef0cf3f22b84e22a566

SHA256
1b27498c35383ad044e0ff35c64732dc9aaed87176c1f18af93579f0f4558ec5

SHA512
0fd226a717c0f2532f6e69d2571a9507d4257f8c53cf90ec406592c66fe73db3e3bc36919ae8d676003718cd509e37a9855d79c2b7ef7f39293167604745b3a2

Download Submit
C:\Windows\System\mRkorIL.exe

Filesize
6.0MB

MD5
1405ec276d775769e01b4bbe24009002

SHA1
66af391cce63d4517e40c20bda9b1d0cde085817

SHA256
87f4dad5caebd5c7271f555c14d42340a7513bc5c45d86e91e40749a3fd70ec7

SHA512
66afa3504d001d6e19f1dc136f803b5a25ed876b4e1c9886a0222422a0f53113f71126228e7e408c10382a2a073125d7bd876361e2c04bff2a761b56f1dde71f

Download Submit
C:\Windows\System\mRqjYWz.exe

Filesize
6.0MB

MD5
f8d4835c3eef698224da6c34ffaa173a

SHA1
0ceba653625a5ef3cb941ddbcda855ec33d7cfd9

SHA256
fe89c7e5fc6b1b5965f5f881f64c2a6a0c1ac08362707308311c338961bc16bd

SHA512
91b8c8b3695ec85d14aad5b196c8c264f9336c24b0142b4783390fad0a5bf0e65d4e7bc8cba31f8c7b09fee021be2cfb683e04559b8a1b14994f4db330ff8046

Download Submit
C:\Windows\System\oSoSOIH.exe

Filesize
6.0MB

MD5
814774b6f9f674711bbd540e32cbb930

SHA1
5ab55ea22982426ff077954ccf11c5cf8bda4501

SHA256
cd94c397f4436823cf80686247c5a5067db9d462483377f606b6aa021ad2c43a

SHA512
c9804f172169b41c67967cf823f411ee0474e32d32f0f9a2a1006bbfa3ec9437221c0b889ca3b1f9e84ee767ed999b64bf771b092fcd4a32ddbd412575711679

Download Submit
C:\Windows\System\sjNyYMR.exe

Filesize
6.0MB

MD5
3113fbabf3e2e41553d9cef9a8cf763f

SHA1
bf08909c707371098b88bb7ec8ad09c4090e1b40

SHA256
c61249d959fbca9b79de2351b8c411a58ba14d47173ca0b99ea674aedc55d35e

SHA512
d333fc3d3a15c041ccc481953ad3ca115ebb9d767cfc24921eaf770cce370afccaba9d92ace7944365ca7cf213969e8ce44322b9ee6f6b9b0e05dbbd08ad82be

Download Submit
C:\Windows\System\tKtGbrH.exe

Filesize
6.0MB

MD5
8f50c6a663a299501b304e81b45ff0e6

SHA1
23ad865cc2e1fff0f347c7822a04cd57d79642e4

SHA256
6b7d70f1a81799e1f456760ebd907de12aaae7731b9a5a421f392a58bcf64971

SHA512
a7e3a347eb7748a35886380b9cd76387c0d5ba73c4a55db917a45644d110887f7fe399c74d1a239c1574f9f2959b938b45f79695e9442d979566492700c9b984

Download Submit
C:\Windows\System\tWSGLLB.exe

Filesize
6.0MB

MD5
cb41c8625856470d9004f6ebe98e11f4

SHA1
c56632924770100173c6801e8c68bf5e0ca98484

SHA256
3339d189bd0bec5fdbd7e89086ff6414e36817b7b92b3ad1257a5a07ad98d958

SHA512
c3e5d6ea23fe78a4e3a378fa0d9a7a4cb7956b6b6bc2ed130179a062abeee4d7cb6a01418a606f7ef1f7320ca6564723d26859456946f4e1f20e0ce14742c8df

Download Submit
C:\Windows\System\tYQKplN.exe

Filesize
6.0MB

MD5
2676b33e0487733405ec3de87a0f8982

SHA1
f13d33e4c2619d1904cb07d46cf08cb5301d77d7

SHA256
eab5ab86f1ddd35b6de25b567d1e501bb2d1c72815c98e52c3065f3a1bac8c59

SHA512
6a82e134c38d43f43f4fbf8988101d71aef049d3ca5d1ab8395e90a5ce6539d3cc2d8d09866cdfda9f5bd129d0c40613c517aab393ad7ad2523462f33631db5a

Download Submit
C:\Windows\System\uQCFixq.exe

Filesize
6.0MB

MD5
a61f0046b92e128a773eb1a075c5b5a8

SHA1
30b5d72471146e91e293ce89e9b79c925ea4b6d3

SHA256
54a6c6b1879d5e403db5fc1c16ec9ff5da44fc54b5766c388d524b223255d133

SHA512
727af4ce9a4be78ade0a22e0906d9d88e3cf96a669a6f768c0ec1c94502f2756828efcc9bb10aef24939508cf149283083f4f4f486a6594ed6a7c839597c932f

Download Submit
C:\Windows\System\wJZIgRi.exe

Filesize
6.0MB

MD5
3c9ba89127479f51177d9d7d6cb76e30

SHA1
b9a767eae5fbe7b32d3ab7df173f47571f01ea56

SHA256
65b0ba4698a2038b0997e1bba8cc9aec21121c0cc1998830b9022dc4d68d8de9

SHA512
04e6460dd39b157aa6401f33c15d503e510fae28b0097aa203216a1a1cb7ee1ade2c5d4c8c96ff413c379bc889478f0e29ec96b0b32a5a23539fc454474d0f74

Download Submit
memory/436-117-0x00007FF633C90000-0x00007FF633FE4000-memory.dmp

Filesize
3.3MB

Download
memory/436-1236-0x00007FF633C90000-0x00007FF633FE4000-memory.dmp

Filesize
3.3MB

Download
memory/436-189-0x00007FF633C90000-0x00007FF633FE4000-memory.dmp

Filesize
3.3MB

Download
memory/904-1227-0x00007FF74FDF0000-0x00007FF750144000-memory.dmp

Filesize
3.3MB

Download
memory/904-110-0x00007FF74FDF0000-0x00007FF750144000-memory.dmp

Filesize
3.3MB

Download
memory/904-178-0x00007FF74FDF0000-0x00007FF750144000-memory.dmp

Filesize
3.3MB

Download
memory/948-149-0x00007FF7419E0000-0x00007FF741D34000-memory.dmp

Filesize
3.3MB

Download
memory/948-424-0x00007FF7419E0000-0x00007FF741D34000-memory.dmp

Filesize
3.3MB

Download
memory/948-1361-0x00007FF7419E0000-0x00007FF741D34000-memory.dmp

Filesize
3.3MB

Download
memory/1044-191-0x00007FF6EA4F0000-0x00007FF6EA844000-memory.dmp

Filesize
3.3MB

Download
memory/1044-122-0x00007FF6EA4F0000-0x00007FF6EA844000-memory.dmp

Filesize
3.3MB

Download
memory/1044-1239-0x00007FF6EA4F0000-0x00007FF6EA844000-memory.dmp

Filesize
3.3MB

Download
memory/1068-108-0x00007FF6C7800000-0x00007FF6C7B54000-memory.dmp

Filesize
3.3MB

Download
memory/1068-42-0x00007FF6C7800000-0x00007FF6C7B54000-memory.dmp

Filesize
3.3MB

Download
memory/1068-720-0x00007FF6C7800000-0x00007FF6C7B54000-memory.dmp

Filesize
3.3MB

Download
memory/1116-186-0x00007FF7E77A0000-0x00007FF7E7AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-619-0x00007FF7E77A0000-0x00007FF7E7AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-1366-0x00007FF7E77A0000-0x00007FF7E7AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-105-0x00007FF7AC7C0000-0x00007FF7ACB14000-memory.dmp

Filesize
3.3MB

Download
memory/1292-714-0x00007FF7AC7C0000-0x00007FF7ACB14000-memory.dmp

Filesize
3.3MB

Download
memory/1292-39-0x00007FF7AC7C0000-0x00007FF7ACB14000-memory.dmp

Filesize
3.3MB

Download
memory/1564-102-0x00007FF73CB70000-0x00007FF73CEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1564-33-0x00007FF73CB70000-0x00007FF73CEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1564-718-0x00007FF73CB70000-0x00007FF73CEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-977-0x00007FF6BD760000-0x00007FF6BDAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-74-0x00007FF6BD760000-0x00007FF6BDAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-163-0x00007FF7E5320000-0x00007FF7E5674000-memory.dmp

Filesize
3.3MB

Download
memory/1852-426-0x00007FF7E5320000-0x00007FF7E5674000-memory.dmp

Filesize
3.3MB

Download
memory/1852-1360-0x00007FF7E5320000-0x00007FF7E5674000-memory.dmp

Filesize
3.3MB

Download
memory/1940-17-0x00007FF736B60000-0x00007FF736EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-700-0x00007FF736B60000-0x00007FF736EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-69-0x00007FF736B60000-0x00007FF736EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-705-0x00007FF67FAA0000-0x00007FF67FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-95-0x00007FF67FAA0000-0x00007FF67FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-29-0x00007FF67FAA0000-0x00007FF67FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-106-0x00007FF75AE80000-0x00007FF75B1D4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1221-0x00007FF75AE80000-0x00007FF75B1D4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-62-0x00007FF7EA890000-0x00007FF7EABE4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-967-0x00007FF7EA890000-0x00007FF7EABE4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-128-0x00007FF7EA890000-0x00007FF7EABE4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-23-0x00007FF611A20000-0x00007FF611D74000-memory.dmp

Filesize
3.3MB

Download
memory/2508-704-0x00007FF611A20000-0x00007FF611D74000-memory.dmp

Filesize
3.3MB

Download
memory/2880-132-0x00007FF786A70000-0x00007FF786DC4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1349-0x00007FF786A70000-0x00007FF786DC4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-316-0x00007FF786A70000-0x00007FF786DC4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-670-0x00007FF7A90A0000-0x00007FF7A93F4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-190-0x00007FF7A90A0000-0x00007FF7A93F4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-1374-0x00007FF7A90A0000-0x00007FF7A93F4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-172-0x00007FF620F10000-0x00007FF621264000-memory.dmp

Filesize
3.3MB

Download
memory/3004-515-0x00007FF620F10000-0x00007FF621264000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1367-0x00007FF620F10000-0x00007FF621264000-memory.dmp

Filesize
3.3MB

Download
memory/3200-145-0x00007FF76FCA0000-0x00007FF76FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3200-994-0x00007FF76FCA0000-0x00007FF76FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3200-92-0x00007FF76FCA0000-0x00007FF76FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3528-378-0x00007FF7EF2D0000-0x00007FF7EF624000-memory.dmp

Filesize
3.3MB

Download
memory/3528-1356-0x00007FF7EF2D0000-0x00007FF7EF624000-memory.dmp

Filesize
3.3MB

Download
memory/3528-141-0x00007FF7EF2D0000-0x00007FF7EF624000-memory.dmp

Filesize
3.3MB

Download
memory/3552-1-0x000002B094AA0000-0x000002B094AB0000-memory.dmp

Filesize
64KB

Download
memory/3552-0-0x00007FF62E2B0000-0x00007FF62E604000-memory.dmp

Filesize
3.3MB

Download
memory/3552-54-0x00007FF62E2B0000-0x00007FF62E604000-memory.dmp

Filesize
3.3MB

Download
memory/3980-94-0x00007FF6A1DA0000-0x00007FF6A20F4000-memory.dmp

Filesize
3.3MB

Download
memory/3980-993-0x00007FF6A1DA0000-0x00007FF6A20F4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-68-0x00007FF73E8F0000-0x00007FF73EC44000-memory.dmp

Filesize
3.3MB

Download
memory/3992-9-0x00007FF73E8F0000-0x00007FF73EC44000-memory.dmp

Filesize
3.3MB

Download
memory/3992-699-0x00007FF73E8F0000-0x00007FF73EC44000-memory.dmp

Filesize
3.3MB

Download
memory/4132-87-0x00007FF791C90000-0x00007FF791FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4132-143-0x00007FF791C90000-0x00007FF791FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4132-992-0x00007FF791C90000-0x00007FF791FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4396-996-0x00007FF6545B0000-0x00007FF654904000-memory.dmp

Filesize
3.3MB

Download
memory/4396-93-0x00007FF6545B0000-0x00007FF654904000-memory.dmp

Filesize
3.3MB

Download
memory/4684-179-0x00007FF6CEAE0000-0x00007FF6CEE34000-memory.dmp

Filesize
3.3MB

Download
memory/4684-1370-0x00007FF6CEAE0000-0x00007FF6CEE34000-memory.dmp

Filesize
3.3MB

Download
memory/4836-53-0x00007FF772F50000-0x00007FF7732A4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-121-0x00007FF772F50000-0x00007FF7732A4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-959-0x00007FF772F50000-0x00007FF7732A4000-memory.dmp

Filesize
3.3MB

Download
memory/4968-981-0x00007FF730920000-0x00007FF730C74000-memory.dmp

Filesize
3.3MB

Download
memory/4968-79-0x00007FF730920000-0x00007FF730C74000-memory.dmp

Filesize
3.3MB

Download
memory/5056-1365-0x00007FF614FC0000-0x00007FF615314000-memory.dmp

Filesize
3.3MB

Download
memory/5056-168-0x00007FF614FC0000-0x00007FF615314000-memory.dmp

Filesize
3.3MB

Download
memory/5056-470-0x00007FF614FC0000-0x00007FF615314000-memory.dmp

Filesize
3.3MB

Download
memory/5064-1353-0x00007FF6E8400000-0x00007FF6E8754000-memory.dmp

Filesize
3.3MB

Download
memory/5064-140-0x00007FF6E8400000-0x00007FF6E8754000-memory.dmp

Filesize
3.3MB

Download