cobaltstrike | e5a961465666c800daa97f4d184cd60a12387f8fe875b31da25f7494f4376426

Analysis

max time kernel
149s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b45eef6d9b732227727dfd035fb4fee2
SHA1

243538902c9c26f5c07686fc6b4e9ee34af7b6a5
SHA256

e5a961465666c800daa97f4d184cd60a12387f8fe875b31da25f7494f4376426
SHA512

38adbc9c5afa2934772f3f40de30de678678ec7876b5256b1f1f48a233b2e386084952962a0d5de2afa7a75bfa6c0ebdac2565ce7aad3f739c101b5369f26a8d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000018334-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195a9-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195ab-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019547-23.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b5-39.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195af-35.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195bb-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47d-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a482-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49f-198.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a1-203.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49e-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a493-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48f-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a491-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a488-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a484-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a480-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47b-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-74.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195bd-67.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b7-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1064-0-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0003000000018334-3.dat	xmrig
behavioral1/memory/1236-8-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000195a9-9.dat	xmrig
behavioral1/memory/2748-16-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000195ab-11.dat	xmrig
behavioral1/memory/2992-22-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019547-23.dat	xmrig
behavioral1/memory/2180-30-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x00060000000195b5-39.dat	xmrig
behavioral1/memory/1236-43-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2620-37-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/1064-36-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x00070000000195af-35.dat	xmrig
behavioral1/files/0x00080000000195bb-55.dat	xmrig
behavioral1/memory/2992-60-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/3052-61-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2624-53-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/272-76-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2620-75-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/580-84-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2820-83-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x000500000001a471-82.dat	xmrig
behavioral1/memory/2988-92-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2624-91-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2844-102-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a47d-127.dat	xmrig
behavioral1/files/0x000500000001a482-137.dat	xmrig
behavioral1/files/0x000500000001a48d-164.dat	xmrig
behavioral1/memory/2392-414-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2748-580-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2992-956-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2392-784-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/1236-957-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2844-767-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2988-753-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/580-702-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/272-687-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2576-679-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/3052-663-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2624-650-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2820-640-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2620-633-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2180-622-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2844-336-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2988-268-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/580-222-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49f-198.dat	xmrig
behavioral1/files/0x000500000001a4a1-203.dat	xmrig
behavioral1/files/0x000500000001a49a-188.dat	xmrig
behavioral1/files/0x000500000001a49e-193.dat	xmrig
behavioral1/files/0x000500000001a493-179.dat	xmrig
behavioral1/files/0x000500000001a499-184.dat	xmrig
behavioral1/files/0x000500000001a48f-168.dat	xmrig
behavioral1/files/0x000500000001a491-174.dat	xmrig
behavioral1/files/0x000500000001a48a-158.dat	xmrig
behavioral1/files/0x000500000001a488-154.dat	xmrig
behavioral1/files/0x000500000001a486-148.dat	xmrig
behavioral1/files/0x000500000001a484-144.dat	xmrig
behavioral1/memory/272-140-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x000500000001a480-133.dat	xmrig
behavioral1/files/0x000500000001a47b-122.dat	xmrig
behavioral1/files/0x000500000001a479-118.dat	xmrig
behavioral1/memory/2392-110-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1236	GjsTknX.exe
2748	FhCUsRF.exe
2992	GsOQWpT.exe
2180	LmrQASm.exe
2620	hvyddqn.exe
2820	HEXSlcp.exe
2624	UdzypUi.exe
3052	SacMpUY.exe
2576	SdGIFWI.exe
272	WlmvCAd.exe
580	sadpWmi.exe
2988	ApSaYLU.exe
2844	iVOITSq.exe
2392	OcoDMfP.exe
2132	imRDsji.exe
340	MDzVFLc.exe
2320	HOmqFci.exe
1688	UTUctCS.exe
800	xOuLeJk.exe
600	rpZqdkt.exe
2428	YejSECh.exe
2068	fnzVTlD.exe
2404	ugbwRsc.exe
1928	zfTzpqz.exe
2356	IDJgXjc.exe
2108	mmUkxbQ.exe
1368	snzNCXp.exe
944	kAbkfdx.exe
1600	VIYUNCE.exe
1136	YovUnjE.exe
112	MSCmuBJ.exe
780	zjdhpEU.exe
2076	eXSkJat.exe
1472	KWFYtAm.exe
1528	KECoHps.exe
1508	AwfeheK.exe
2840	saflMsf.exe
1848	tqYuDrU.exe
3044	fpvUYDs.exe
2056	EjdbEph.exe
1312	jHDaraE.exe
3000	IqbMhQL.exe
2368	jJWbjzE.exe
2504	tAvWUzr.exe
2484	YZbcOXX.exe
2024	HOMrYGi.exe
1996	JeNMuIR.exe
892	ukEDJsj.exe
2260	esipjDW.exe
2248	HTpehNR.exe
1588	PGxdIrp.exe
1592	czfHwNZ.exe
2804	ewgjpnN.exe
2732	ZSqAewZ.exe
2592	KWkVwuS.exe
2704	Hjnnknv.exe
2668	JJtGHVj.exe
1364	nZRVwKg.exe
1296	NwAGfmi.exe
2888	IIXQwuT.exe
2944	UomlUnn.exe
2220	vZcnfGU.exe
700	yLgtuOm.exe
472	siNzjRH.exe

Loads dropped DLL 64 IoCs

pid	Process
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1064-0-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0003000000018334-3.dat	upx
behavioral1/memory/1236-8-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x00080000000195a9-9.dat	upx
behavioral1/memory/2748-16-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x00070000000195ab-11.dat	upx
behavioral1/memory/2992-22-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0007000000019547-23.dat	upx
behavioral1/memory/2180-30-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x00060000000195b5-39.dat	upx
behavioral1/memory/1236-43-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2620-37-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/1064-36-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x00070000000195af-35.dat	upx
behavioral1/files/0x00080000000195bb-55.dat	upx
behavioral1/memory/2992-60-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/3052-61-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2624-53-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/272-76-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2620-75-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/580-84-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2820-83-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x000500000001a471-82.dat	upx
behavioral1/memory/2988-92-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2624-91-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2844-102-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x000500000001a47d-127.dat	upx
behavioral1/files/0x000500000001a482-137.dat	upx
behavioral1/files/0x000500000001a48d-164.dat	upx
behavioral1/memory/2392-414-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2748-580-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2992-956-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2392-784-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/1236-957-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2844-767-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2988-753-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/580-702-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/272-687-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2576-679-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/3052-663-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2624-650-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2820-640-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2620-633-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2180-622-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2844-336-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2988-268-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/580-222-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x000500000001a49f-198.dat	upx
behavioral1/files/0x000500000001a4a1-203.dat	upx
behavioral1/files/0x000500000001a49a-188.dat	upx
behavioral1/files/0x000500000001a49e-193.dat	upx
behavioral1/files/0x000500000001a493-179.dat	upx
behavioral1/files/0x000500000001a499-184.dat	upx
behavioral1/files/0x000500000001a48f-168.dat	upx
behavioral1/files/0x000500000001a491-174.dat	upx
behavioral1/files/0x000500000001a48a-158.dat	upx
behavioral1/files/0x000500000001a488-154.dat	upx
behavioral1/files/0x000500000001a486-148.dat	upx
behavioral1/files/0x000500000001a484-144.dat	upx
behavioral1/memory/272-140-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x000500000001a480-133.dat	upx
behavioral1/files/0x000500000001a47b-122.dat	upx
behavioral1/files/0x000500000001a479-118.dat	upx
behavioral1/memory/2392-110-0x000000013F600000-0x000000013F954000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QRQlsRJ.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXYXKVj.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKiMfAb.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlChULT.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WoHbvAB.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFRGGyP.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alQcDXF.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCwAwbh.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxhTFko.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bULGSPH.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpJfYHT.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIpdqcS.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJQbjxW.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukEDJsj.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGzctvw.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXHZrtW.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMbzDXV.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWFdOjT.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lvbbRpN.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eySndDs.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EaKHaiK.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPGxmSE.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKNqozI.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iScNCvs.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDAUjXA.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHvIZaz.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlzDPxM.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljDAgjk.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqmsDAM.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TidZHrs.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCPnVgc.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNGaCBc.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REoQPBw.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPEpdSd.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDoWzMJ.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJWCwCG.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPaMAMC.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZokmITK.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsHTxIh.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esGnzle.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQQwAXx.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAyRlly.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTLssEd.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pdqtjki.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqgJJTP.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRdJWRA.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRLmDkG.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDzVFLc.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmHtuCE.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnFTghn.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emtzwvA.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXLOUMM.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afxMqqK.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhblTvl.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsXlkQU.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUPqaqT.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjvsBeB.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bAahven.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Afwbowp.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwODJWV.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWkVwuS.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyRuSfg.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csfyBlm.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrzSBbP.exe	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 1236	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1064 wrote to memory of 1236	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1064 wrote to memory of 1236	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1064 wrote to memory of 2748	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1064 wrote to memory of 2748	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1064 wrote to memory of 2748	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1064 wrote to memory of 2992	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1064 wrote to memory of 2992	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1064 wrote to memory of 2992	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1064 wrote to memory of 2180	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1064 wrote to memory of 2180	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1064 wrote to memory of 2180	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1064 wrote to memory of 2620	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1064 wrote to memory of 2620	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1064 wrote to memory of 2620	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1064 wrote to memory of 2820	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1064 wrote to memory of 2820	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1064 wrote to memory of 2820	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1064 wrote to memory of 2624	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1064 wrote to memory of 2624	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1064 wrote to memory of 2624	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1064 wrote to memory of 3052	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1064 wrote to memory of 3052	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1064 wrote to memory of 3052	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1064 wrote to memory of 2576	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1064 wrote to memory of 2576	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1064 wrote to memory of 2576	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1064 wrote to memory of 272	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1064 wrote to memory of 272	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1064 wrote to memory of 272	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1064 wrote to memory of 580	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1064 wrote to memory of 580	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1064 wrote to memory of 580	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1064 wrote to memory of 2988	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1064 wrote to memory of 2988	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1064 wrote to memory of 2988	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1064 wrote to memory of 2844	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1064 wrote to memory of 2844	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1064 wrote to memory of 2844	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1064 wrote to memory of 2392	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1064 wrote to memory of 2392	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1064 wrote to memory of 2392	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1064 wrote to memory of 2132	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1064 wrote to memory of 2132	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1064 wrote to memory of 2132	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1064 wrote to memory of 340	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1064 wrote to memory of 340	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1064 wrote to memory of 340	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1064 wrote to memory of 2320	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1064 wrote to memory of 2320	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1064 wrote to memory of 2320	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1064 wrote to memory of 1688	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1064 wrote to memory of 1688	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1064 wrote to memory of 1688	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1064 wrote to memory of 800	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1064 wrote to memory of 800	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1064 wrote to memory of 800	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1064 wrote to memory of 600	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1064 wrote to memory of 600	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1064 wrote to memory of 600	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1064 wrote to memory of 2428	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1064 wrote to memory of 2428	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1064 wrote to memory of 2428	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1064 wrote to memory of 2068	1064	2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_b45eef6d9b732227727dfd035fb4fee2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Windows\System\GjsTknX.exe
  C:\Windows\System\GjsTknX.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\FhCUsRF.exe
  C:\Windows\System\FhCUsRF.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\GsOQWpT.exe
  C:\Windows\System\GsOQWpT.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\LmrQASm.exe
  C:\Windows\System\LmrQASm.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\hvyddqn.exe
  C:\Windows\System\hvyddqn.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\HEXSlcp.exe
  C:\Windows\System\HEXSlcp.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\UdzypUi.exe
  C:\Windows\System\UdzypUi.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\SacMpUY.exe
  C:\Windows\System\SacMpUY.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\SdGIFWI.exe
  C:\Windows\System\SdGIFWI.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\WlmvCAd.exe
  C:\Windows\System\WlmvCAd.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\sadpWmi.exe
  C:\Windows\System\sadpWmi.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\ApSaYLU.exe
  C:\Windows\System\ApSaYLU.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\iVOITSq.exe
  C:\Windows\System\iVOITSq.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\OcoDMfP.exe
  C:\Windows\System\OcoDMfP.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\imRDsji.exe
  C:\Windows\System\imRDsji.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\MDzVFLc.exe
  C:\Windows\System\MDzVFLc.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\HOmqFci.exe
  C:\Windows\System\HOmqFci.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\UTUctCS.exe
  C:\Windows\System\UTUctCS.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\xOuLeJk.exe
  C:\Windows\System\xOuLeJk.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\rpZqdkt.exe
  C:\Windows\System\rpZqdkt.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\YejSECh.exe
  C:\Windows\System\YejSECh.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\fnzVTlD.exe
  C:\Windows\System\fnzVTlD.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\ugbwRsc.exe
  C:\Windows\System\ugbwRsc.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\zfTzpqz.exe
  C:\Windows\System\zfTzpqz.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\IDJgXjc.exe
  C:\Windows\System\IDJgXjc.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\mmUkxbQ.exe
  C:\Windows\System\mmUkxbQ.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\snzNCXp.exe
  C:\Windows\System\snzNCXp.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\kAbkfdx.exe
  C:\Windows\System\kAbkfdx.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\VIYUNCE.exe
  C:\Windows\System\VIYUNCE.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\YovUnjE.exe
  C:\Windows\System\YovUnjE.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\MSCmuBJ.exe
  C:\Windows\System\MSCmuBJ.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\zjdhpEU.exe
  C:\Windows\System\zjdhpEU.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\eXSkJat.exe
  C:\Windows\System\eXSkJat.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\KWFYtAm.exe
  C:\Windows\System\KWFYtAm.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\KECoHps.exe
  C:\Windows\System\KECoHps.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\AwfeheK.exe
  C:\Windows\System\AwfeheK.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\saflMsf.exe
  C:\Windows\System\saflMsf.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\tqYuDrU.exe
  C:\Windows\System\tqYuDrU.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\fpvUYDs.exe
  C:\Windows\System\fpvUYDs.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\EjdbEph.exe
  C:\Windows\System\EjdbEph.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\jHDaraE.exe
  C:\Windows\System\jHDaraE.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\IqbMhQL.exe
  C:\Windows\System\IqbMhQL.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\jJWbjzE.exe
  C:\Windows\System\jJWbjzE.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\tAvWUzr.exe
  C:\Windows\System\tAvWUzr.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\YZbcOXX.exe
  C:\Windows\System\YZbcOXX.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\HOMrYGi.exe
  C:\Windows\System\HOMrYGi.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\JeNMuIR.exe
  C:\Windows\System\JeNMuIR.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\ukEDJsj.exe
  C:\Windows\System\ukEDJsj.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\esipjDW.exe
  C:\Windows\System\esipjDW.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\HTpehNR.exe
  C:\Windows\System\HTpehNR.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\PGxdIrp.exe
  C:\Windows\System\PGxdIrp.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\czfHwNZ.exe
  C:\Windows\System\czfHwNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\ewgjpnN.exe
  C:\Windows\System\ewgjpnN.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ZSqAewZ.exe
  C:\Windows\System\ZSqAewZ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\KWkVwuS.exe
  C:\Windows\System\KWkVwuS.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\Hjnnknv.exe
  C:\Windows\System\Hjnnknv.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\JJtGHVj.exe
  C:\Windows\System\JJtGHVj.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\nZRVwKg.exe
  C:\Windows\System\nZRVwKg.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\NwAGfmi.exe
  C:\Windows\System\NwAGfmi.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\IIXQwuT.exe
  C:\Windows\System\IIXQwuT.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\UomlUnn.exe
  C:\Windows\System\UomlUnn.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\vZcnfGU.exe
  C:\Windows\System\vZcnfGU.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\yLgtuOm.exe
  C:\Windows\System\yLgtuOm.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\siNzjRH.exe
  C:\Windows\System\siNzjRH.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\NLdCSao.exe
  C:\Windows\System\NLdCSao.exe
  2⤵
  PID:2464
- C:\Windows\System\cGCFaUh.exe
  C:\Windows\System\cGCFaUh.exe
  2⤵
  PID:2348
- C:\Windows\System\SomgFAA.exe
  C:\Windows\System\SomgFAA.exe
  2⤵
  PID:2352
- C:\Windows\System\hgztxvd.exe
  C:\Windows\System\hgztxvd.exe
  2⤵
  PID:2152
- C:\Windows\System\mvtATPg.exe
  C:\Windows\System\mvtATPg.exe
  2⤵
  PID:980
- C:\Windows\System\DIVMMql.exe
  C:\Windows\System\DIVMMql.exe
  2⤵
  PID:1704
- C:\Windows\System\kZDzHMK.exe
  C:\Windows\System\kZDzHMK.exe
  2⤵
  PID:904
- C:\Windows\System\UdyYeFz.exe
  C:\Windows\System\UdyYeFz.exe
  2⤵
  PID:1724
- C:\Windows\System\lGVCKDT.exe
  C:\Windows\System\lGVCKDT.exe
  2⤵
  PID:1716
- C:\Windows\System\sIDCdvv.exe
  C:\Windows\System\sIDCdvv.exe
  2⤵
  PID:3028
- C:\Windows\System\RzMTAsD.exe
  C:\Windows\System\RzMTAsD.exe
  2⤵
  PID:1624
- C:\Windows\System\gDlFSif.exe
  C:\Windows\System\gDlFSif.exe
  2⤵
  PID:620
- C:\Windows\System\KVgIKhZ.exe
  C:\Windows\System\KVgIKhZ.exe
  2⤵
  PID:2080
- C:\Windows\System\ZDLXdyk.exe
  C:\Windows\System\ZDLXdyk.exe
  2⤵
  PID:1008
- C:\Windows\System\iYRAKHn.exe
  C:\Windows\System\iYRAKHn.exe
  2⤵
  PID:2528
- C:\Windows\System\JxzpXZA.exe
  C:\Windows\System\JxzpXZA.exe
  2⤵
  PID:1912
- C:\Windows\System\KtmXEsB.exe
  C:\Windows\System\KtmXEsB.exe
  2⤵
  PID:2008
- C:\Windows\System\cQaGMZt.exe
  C:\Windows\System\cQaGMZt.exe
  2⤵
  PID:1692
- C:\Windows\System\cYbRxZC.exe
  C:\Windows\System\cYbRxZC.exe
  2⤵
  PID:1188
- C:\Windows\System\brQTdzk.exe
  C:\Windows\System\brQTdzk.exe
  2⤵
  PID:2444
- C:\Windows\System\ASnNecE.exe
  C:\Windows\System\ASnNecE.exe
  2⤵
  PID:2448
- C:\Windows\System\gVHBPcV.exe
  C:\Windows\System\gVHBPcV.exe
  2⤵
  PID:2772
- C:\Windows\System\IKuYkWf.exe
  C:\Windows\System\IKuYkWf.exe
  2⤵
  PID:2728
- C:\Windows\System\uCkcwyc.exe
  C:\Windows\System\uCkcwyc.exe
  2⤵
  PID:2924
- C:\Windows\System\VPgZGdi.exe
  C:\Windows\System\VPgZGdi.exe
  2⤵
  PID:1776
- C:\Windows\System\arhxnOu.exe
  C:\Windows\System\arhxnOu.exe
  2⤵
  PID:1028
- C:\Windows\System\QFOEedV.exe
  C:\Windows\System\QFOEedV.exe
  2⤵
  PID:2680
- C:\Windows\System\GiZafNn.exe
  C:\Windows\System\GiZafNn.exe
  2⤵
  PID:1572
- C:\Windows\System\KlgsiDy.exe
  C:\Windows\System\KlgsiDy.exe
  2⤵
  PID:2328
- C:\Windows\System\yTFTeHx.exe
  C:\Windows\System\yTFTeHx.exe
  2⤵
  PID:1808
- C:\Windows\System\MmHtuCE.exe
  C:\Windows\System\MmHtuCE.exe
  2⤵
  PID:2880
- C:\Windows\System\QkaloED.exe
  C:\Windows\System\QkaloED.exe
  2⤵
  PID:1548
- C:\Windows\System\ABiVzpA.exe
  C:\Windows\System\ABiVzpA.exe
  2⤵
  PID:1220
- C:\Windows\System\tmsFITC.exe
  C:\Windows\System\tmsFITC.exe
  2⤵
  PID:1292
- C:\Windows\System\Trpcosm.exe
  C:\Windows\System\Trpcosm.exe
  2⤵
  PID:2040
- C:\Windows\System\lskNCaU.exe
  C:\Windows\System\lskNCaU.exe
  2⤵
  PID:1608
- C:\Windows\System\eejdZmq.exe
  C:\Windows\System\eejdZmq.exe
  2⤵
  PID:1100
- C:\Windows\System\sbEbOsz.exe
  C:\Windows\System\sbEbOsz.exe
  2⤵
  PID:2232
- C:\Windows\System\cMzBYcZ.exe
  C:\Windows\System\cMzBYcZ.exe
  2⤵
  PID:1980
- C:\Windows\System\msLPWCE.exe
  C:\Windows\System\msLPWCE.exe
  2⤵
  PID:1756
- C:\Windows\System\QwGwWwL.exe
  C:\Windows\System\QwGwWwL.exe
  2⤵
  PID:2916
- C:\Windows\System\gyVhXkL.exe
  C:\Windows\System\gyVhXkL.exe
  2⤵
  PID:832
- C:\Windows\System\GnneQHv.exe
  C:\Windows\System\GnneQHv.exe
  2⤵
  PID:3068
- C:\Windows\System\zCulwvr.exe
  C:\Windows\System\zCulwvr.exe
  2⤵
  PID:2312
- C:\Windows\System\MRPEHhW.exe
  C:\Windows\System\MRPEHhW.exe
  2⤵
  PID:1536
- C:\Windows\System\AOvUQyY.exe
  C:\Windows\System\AOvUQyY.exe
  2⤵
  PID:1712
- C:\Windows\System\cGjDRIM.exe
  C:\Windows\System\cGjDRIM.exe
  2⤵
  PID:1616
- C:\Windows\System\pbxMucx.exe
  C:\Windows\System\pbxMucx.exe
  2⤵
  PID:1908
- C:\Windows\System\tQIFWmA.exe
  C:\Windows\System\tQIFWmA.exe
  2⤵
  PID:1228
- C:\Windows\System\KfmsiMA.exe
  C:\Windows\System\KfmsiMA.exe
  2⤵
  PID:1748
- C:\Windows\System\bzcXcrb.exe
  C:\Windows\System\bzcXcrb.exe
  2⤵
  PID:1696
- C:\Windows\System\EXoqhbn.exe
  C:\Windows\System\EXoqhbn.exe
  2⤵
  PID:3092
- C:\Windows\System\MQNgyYu.exe
  C:\Windows\System\MQNgyYu.exe
  2⤵
  PID:3116
- C:\Windows\System\hSvzmxe.exe
  C:\Windows\System\hSvzmxe.exe
  2⤵
  PID:3136
- C:\Windows\System\qBixuuD.exe
  C:\Windows\System\qBixuuD.exe
  2⤵
  PID:3156
- C:\Windows\System\CBewYPc.exe
  C:\Windows\System\CBewYPc.exe
  2⤵
  PID:3176
- C:\Windows\System\ApTIEZa.exe
  C:\Windows\System\ApTIEZa.exe
  2⤵
  PID:3196
- C:\Windows\System\NuKQpzh.exe
  C:\Windows\System\NuKQpzh.exe
  2⤵
  PID:3216
- C:\Windows\System\XgfjXeM.exe
  C:\Windows\System\XgfjXeM.exe
  2⤵
  PID:3240
- C:\Windows\System\oZpyiHy.exe
  C:\Windows\System\oZpyiHy.exe
  2⤵
  PID:3260
- C:\Windows\System\mDFBWwG.exe
  C:\Windows\System\mDFBWwG.exe
  2⤵
  PID:3280
- C:\Windows\System\eIxjhvV.exe
  C:\Windows\System\eIxjhvV.exe
  2⤵
  PID:3304
- C:\Windows\System\dSjTeab.exe
  C:\Windows\System\dSjTeab.exe
  2⤵
  PID:3324
- C:\Windows\System\PVLFZjT.exe
  C:\Windows\System\PVLFZjT.exe
  2⤵
  PID:3344
- C:\Windows\System\vwfmELK.exe
  C:\Windows\System\vwfmELK.exe
  2⤵
  PID:3364
- C:\Windows\System\yhbRWPV.exe
  C:\Windows\System\yhbRWPV.exe
  2⤵
  PID:3380
- C:\Windows\System\fpcTPXV.exe
  C:\Windows\System\fpcTPXV.exe
  2⤵
  PID:3404
- C:\Windows\System\ZSCGnCt.exe
  C:\Windows\System\ZSCGnCt.exe
  2⤵
  PID:3420
- C:\Windows\System\iRqCjrl.exe
  C:\Windows\System\iRqCjrl.exe
  2⤵
  PID:3444
- C:\Windows\System\REPbgCC.exe
  C:\Windows\System\REPbgCC.exe
  2⤵
  PID:3464
- C:\Windows\System\joTkknY.exe
  C:\Windows\System\joTkknY.exe
  2⤵
  PID:3484
- C:\Windows\System\mpCzVCV.exe
  C:\Windows\System\mpCzVCV.exe
  2⤵
  PID:3504
- C:\Windows\System\kfBFnyX.exe
  C:\Windows\System\kfBFnyX.exe
  2⤵
  PID:3524
- C:\Windows\System\qRClnZZ.exe
  C:\Windows\System\qRClnZZ.exe
  2⤵
  PID:3544
- C:\Windows\System\fGqTFuw.exe
  C:\Windows\System\fGqTFuw.exe
  2⤵
  PID:3564
- C:\Windows\System\DWvlYqv.exe
  C:\Windows\System\DWvlYqv.exe
  2⤵
  PID:3584
- C:\Windows\System\HELXgrx.exe
  C:\Windows\System\HELXgrx.exe
  2⤵
  PID:3612
- C:\Windows\System\QXVUvHC.exe
  C:\Windows\System\QXVUvHC.exe
  2⤵
  PID:3632
- C:\Windows\System\QLgiFOU.exe
  C:\Windows\System\QLgiFOU.exe
  2⤵
  PID:3652
- C:\Windows\System\yVtUDWd.exe
  C:\Windows\System\yVtUDWd.exe
  2⤵
  PID:3672
- C:\Windows\System\QPJmLGa.exe
  C:\Windows\System\QPJmLGa.exe
  2⤵
  PID:3692
- C:\Windows\System\EoBrWfg.exe
  C:\Windows\System\EoBrWfg.exe
  2⤵
  PID:3712
- C:\Windows\System\MoFvuuc.exe
  C:\Windows\System\MoFvuuc.exe
  2⤵
  PID:3732
- C:\Windows\System\ClYMCpl.exe
  C:\Windows\System\ClYMCpl.exe
  2⤵
  PID:3752
- C:\Windows\System\RnKLHDP.exe
  C:\Windows\System\RnKLHDP.exe
  2⤵
  PID:3772
- C:\Windows\System\nHWHEAd.exe
  C:\Windows\System\nHWHEAd.exe
  2⤵
  PID:3792
- C:\Windows\System\oRoIgih.exe
  C:\Windows\System\oRoIgih.exe
  2⤵
  PID:3812
- C:\Windows\System\OLycNmS.exe
  C:\Windows\System\OLycNmS.exe
  2⤵
  PID:3832
- C:\Windows\System\GrWXmKG.exe
  C:\Windows\System\GrWXmKG.exe
  2⤵
  PID:3852
- C:\Windows\System\aFcBPsU.exe
  C:\Windows\System\aFcBPsU.exe
  2⤵
  PID:3872
- C:\Windows\System\UabmSne.exe
  C:\Windows\System\UabmSne.exe
  2⤵
  PID:4028
- C:\Windows\System\PnXpLPv.exe
  C:\Windows\System\PnXpLPv.exe
  2⤵
  PID:4048
- C:\Windows\System\MQGoWVR.exe
  C:\Windows\System\MQGoWVR.exe
  2⤵
  PID:4068
- C:\Windows\System\muGonOC.exe
  C:\Windows\System\muGonOC.exe
  2⤵
  PID:4088
- C:\Windows\System\rSQuyWY.exe
  C:\Windows\System\rSQuyWY.exe
  2⤵
  PID:2928
- C:\Windows\System\NYZrZoZ.exe
  C:\Windows\System\NYZrZoZ.exe
  2⤵
  PID:2936
- C:\Windows\System\hjlUyVB.exe
  C:\Windows\System\hjlUyVB.exe
  2⤵
  PID:2440
- C:\Windows\System\wsTlpSK.exe
  C:\Windows\System\wsTlpSK.exe
  2⤵
  PID:1216
- C:\Windows\System\MXFaHfy.exe
  C:\Windows\System\MXFaHfy.exe
  2⤵
  PID:388
- C:\Windows\System\RAFAgQs.exe
  C:\Windows\System\RAFAgQs.exe
  2⤵
  PID:1948
- C:\Windows\System\ihxZsBl.exe
  C:\Windows\System\ihxZsBl.exe
  2⤵
  PID:884
- C:\Windows\System\iWXBWbT.exe
  C:\Windows\System\iWXBWbT.exe
  2⤵
  PID:3088
- C:\Windows\System\MoPnokw.exe
  C:\Windows\System\MoPnokw.exe
  2⤵
  PID:3152
- C:\Windows\System\wgGCrzu.exe
  C:\Windows\System\wgGCrzu.exe
  2⤵
  PID:3148
- C:\Windows\System\EZRkyJE.exe
  C:\Windows\System\EZRkyJE.exe
  2⤵
  PID:3168
- C:\Windows\System\RAJBwlb.exe
  C:\Windows\System\RAJBwlb.exe
  2⤵
  PID:3212
- C:\Windows\System\ObdYVDV.exe
  C:\Windows\System\ObdYVDV.exe
  2⤵
  PID:3272
- C:\Windows\System\blhpYwD.exe
  C:\Windows\System\blhpYwD.exe
  2⤵
  PID:3296
- C:\Windows\System\FSBKubx.exe
  C:\Windows\System\FSBKubx.exe
  2⤵
  PID:3360
- C:\Windows\System\ouNiYQb.exe
  C:\Windows\System\ouNiYQb.exe
  2⤵
  PID:3400
- C:\Windows\System\dGMckOM.exe
  C:\Windows\System\dGMckOM.exe
  2⤵
  PID:3372
- C:\Windows\System\oYXkmsj.exe
  C:\Windows\System\oYXkmsj.exe
  2⤵
  PID:3452
- C:\Windows\System\qxdeinz.exe
  C:\Windows\System\qxdeinz.exe
  2⤵
  PID:3520
- C:\Windows\System\zOsAVKf.exe
  C:\Windows\System\zOsAVKf.exe
  2⤵
  PID:2532
- C:\Windows\System\fmuAPMd.exe
  C:\Windows\System\fmuAPMd.exe
  2⤵
  PID:3540
- C:\Windows\System\OnCCuQv.exe
  C:\Windows\System\OnCCuQv.exe
  2⤵
  PID:3604
- C:\Windows\System\cWAvKhT.exe
  C:\Windows\System\cWAvKhT.exe
  2⤵
  PID:3640
- C:\Windows\System\vKMnYJw.exe
  C:\Windows\System\vKMnYJw.exe
  2⤵
  PID:3668
- C:\Windows\System\rbFqEDJ.exe
  C:\Windows\System\rbFqEDJ.exe
  2⤵
  PID:3720
- C:\Windows\System\CxIjSfJ.exe
  C:\Windows\System\CxIjSfJ.exe
  2⤵
  PID:3708
- C:\Windows\System\alhTSfu.exe
  C:\Windows\System\alhTSfu.exe
  2⤵
  PID:3768
- C:\Windows\System\nmVeFzk.exe
  C:\Windows\System\nmVeFzk.exe
  2⤵
  PID:3800
- C:\Windows\System\dpdzeez.exe
  C:\Windows\System\dpdzeez.exe
  2⤵
  PID:3824
- C:\Windows\System\GzmilCO.exe
  C:\Windows\System\GzmilCO.exe
  2⤵
  PID:3868
- C:\Windows\System\UlykvNA.exe
  C:\Windows\System\UlykvNA.exe
  2⤵
  PID:2164
- C:\Windows\System\kDKEMPk.exe
  C:\Windows\System\kDKEMPk.exe
  2⤵
  PID:2604
- C:\Windows\System\DgWqTBW.exe
  C:\Windows\System\DgWqTBW.exe
  2⤵
  PID:3064
- C:\Windows\System\zGftNVT.exe
  C:\Windows\System\zGftNVT.exe
  2⤵
  PID:2756
- C:\Windows\System\noUnDbC.exe
  C:\Windows\System\noUnDbC.exe
  2⤵
  PID:2560
- C:\Windows\System\umhxZPl.exe
  C:\Windows\System\umhxZPl.exe
  2⤵
  PID:908
- C:\Windows\System\xRIdTOm.exe
  C:\Windows\System\xRIdTOm.exe
  2⤵
  PID:2720
- C:\Windows\System\YIBIJLr.exe
  C:\Windows\System\YIBIJLr.exe
  2⤵
  PID:3992
- C:\Windows\System\cZsjBct.exe
  C:\Windows\System\cZsjBct.exe
  2⤵
  PID:2868
- C:\Windows\System\DcEPtwh.exe
  C:\Windows\System\DcEPtwh.exe
  2⤵
  PID:1252
- C:\Windows\System\RgWnvkU.exe
  C:\Windows\System\RgWnvkU.exe
  2⤵
  PID:364
- C:\Windows\System\hsMWPjv.exe
  C:\Windows\System\hsMWPjv.exe
  2⤵
  PID:2724
- C:\Windows\System\ZFLBOoV.exe
  C:\Windows\System\ZFLBOoV.exe
  2⤵
  PID:1780
- C:\Windows\System\JkjDvYj.exe
  C:\Windows\System\JkjDvYj.exe
  2⤵
  PID:1772
- C:\Windows\System\RjlngoA.exe
  C:\Windows\System\RjlngoA.exe
  2⤵
  PID:4056
- C:\Windows\System\RUiCPNk.exe
  C:\Windows\System\RUiCPNk.exe
  2⤵
  PID:4060
- C:\Windows\System\sMwxRak.exe
  C:\Windows\System\sMwxRak.exe
  2⤵
  PID:4084
- C:\Windows\System\pLaqKuy.exe
  C:\Windows\System\pLaqKuy.exe
  2⤵
  PID:1660
- C:\Windows\System\JBzOFzs.exe
  C:\Windows\System\JBzOFzs.exe
  2⤵
  PID:2336
- C:\Windows\System\gLAmWgo.exe
  C:\Windows\System\gLAmWgo.exe
  2⤵
  PID:2740
- C:\Windows\System\lVYhbuU.exe
  C:\Windows\System\lVYhbuU.exe
  2⤵
  PID:2456
- C:\Windows\System\UZWvvhe.exe
  C:\Windows\System\UZWvvhe.exe
  2⤵
  PID:3100
- C:\Windows\System\RyhEmWq.exe
  C:\Windows\System\RyhEmWq.exe
  2⤵
  PID:3128
- C:\Windows\System\gjWzLsA.exe
  C:\Windows\System\gjWzLsA.exe
  2⤵
  PID:3276
- C:\Windows\System\LPhkiKx.exe
  C:\Windows\System\LPhkiKx.exe
  2⤵
  PID:3256
- C:\Windows\System\dphWCnD.exe
  C:\Windows\System\dphWCnD.exe
  2⤵
  PID:2712
- C:\Windows\System\jYLGFlb.exe
  C:\Windows\System\jYLGFlb.exe
  2⤵
  PID:3388
- C:\Windows\System\CeiPBGD.exe
  C:\Windows\System\CeiPBGD.exe
  2⤵
  PID:3432
- C:\Windows\System\QXoPapf.exe
  C:\Windows\System\QXoPapf.exe
  2⤵
  PID:3492
- C:\Windows\System\jNcZaPC.exe
  C:\Windows\System\jNcZaPC.exe
  2⤵
  PID:3572
- C:\Windows\System\cRpQQJS.exe
  C:\Windows\System\cRpQQJS.exe
  2⤵
  PID:3664
- C:\Windows\System\CUMJAbg.exe
  C:\Windows\System\CUMJAbg.exe
  2⤵
  PID:3624
- C:\Windows\System\OxpuAqb.exe
  C:\Windows\System\OxpuAqb.exe
  2⤵
  PID:3700
- C:\Windows\System\xkaNUba.exe
  C:\Windows\System\xkaNUba.exe
  2⤵
  PID:3704
- C:\Windows\System\YXpwHnW.exe
  C:\Windows\System\YXpwHnW.exe
  2⤵
  PID:3820
- C:\Windows\System\jKhtFAO.exe
  C:\Windows\System\jKhtFAO.exe
  2⤵
  PID:2812
- C:\Windows\System\omwwdUw.exe
  C:\Windows\System\omwwdUw.exe
  2⤵
  PID:3920
- C:\Windows\System\swxAJVp.exe
  C:\Windows\System\swxAJVp.exe
  2⤵
  PID:2796
- C:\Windows\System\eCIMErv.exe
  C:\Windows\System\eCIMErv.exe
  2⤵
  PID:3984
- C:\Windows\System\voyGWkp.exe
  C:\Windows\System\voyGWkp.exe
  2⤵
  PID:2952
- C:\Windows\System\ByoICcD.exe
  C:\Windows\System\ByoICcD.exe
  2⤵
  PID:2580
- C:\Windows\System\LoCoTol.exe
  C:\Windows\System\LoCoTol.exe
  2⤵
  PID:524
- C:\Windows\System\LMGPNuo.exe
  C:\Windows\System\LMGPNuo.exe
  2⤵
  PID:3964
- C:\Windows\System\QpqACkU.exe
  C:\Windows\System\QpqACkU.exe
  2⤵
  PID:2800
- C:\Windows\System\qOMVjoz.exe
  C:\Windows\System\qOMVjoz.exe
  2⤵
  PID:1072
- C:\Windows\System\uQztUtO.exe
  C:\Windows\System\uQztUtO.exe
  2⤵
  PID:1584
- C:\Windows\System\LKhtrzX.exe
  C:\Windows\System\LKhtrzX.exe
  2⤵
  PID:2028
- C:\Windows\System\ivLyKcW.exe
  C:\Windows\System\ivLyKcW.exe
  2⤵
  PID:2136
- C:\Windows\System\zyZHcas.exe
  C:\Windows\System\zyZHcas.exe
  2⤵
  PID:2092
- C:\Windows\System\fKawhUI.exe
  C:\Windows\System\fKawhUI.exe
  2⤵
  PID:3192
- C:\Windows\System\dPlbMOL.exe
  C:\Windows\System\dPlbMOL.exe
  2⤵
  PID:3104
- C:\Windows\System\QPzcAcs.exe
  C:\Windows\System\QPzcAcs.exe
  2⤵
  PID:3332
- C:\Windows\System\atKMrKs.exe
  C:\Windows\System\atKMrKs.exe
  2⤵
  PID:3440
- C:\Windows\System\MGssPgB.exe
  C:\Windows\System\MGssPgB.exe
  2⤵
  PID:3480
- C:\Windows\System\lYINoAW.exe
  C:\Windows\System\lYINoAW.exe
  2⤵
  PID:3620
- C:\Windows\System\HvKTDek.exe
  C:\Windows\System\HvKTDek.exe
  2⤵
  PID:3592
- C:\Windows\System\ILBWMGX.exe
  C:\Windows\System\ILBWMGX.exe
  2⤵
  PID:2692
- C:\Windows\System\YLVYmvB.exe
  C:\Windows\System\YLVYmvB.exe
  2⤵
  PID:3780
- C:\Windows\System\wyDZPTx.exe
  C:\Windows\System\wyDZPTx.exe
  2⤵
  PID:3896
- C:\Windows\System\GzXiTTi.exe
  C:\Windows\System\GzXiTTi.exe
  2⤵
  PID:2636
- C:\Windows\System\eySndDs.exe
  C:\Windows\System\eySndDs.exe
  2⤵
  PID:684
- C:\Windows\System\rfKrnso.exe
  C:\Windows\System\rfKrnso.exe
  2⤵
  PID:2948
- C:\Windows\System\sFUeMWR.exe
  C:\Windows\System\sFUeMWR.exe
  2⤵
  PID:2912
- C:\Windows\System\DobChMI.exe
  C:\Windows\System\DobChMI.exe
  2⤵
  PID:3056
- C:\Windows\System\jiMSnjF.exe
  C:\Windows\System\jiMSnjF.exe
  2⤵
  PID:1612
- C:\Windows\System\wOmKHZA.exe
  C:\Windows\System\wOmKHZA.exe
  2⤵
  PID:2412
- C:\Windows\System\wnFTghn.exe
  C:\Windows\System\wnFTghn.exe
  2⤵
  PID:1732
- C:\Windows\System\TAsssPy.exe
  C:\Windows\System\TAsssPy.exe
  2⤵
  PID:1564
- C:\Windows\System\RdpmTgH.exe
  C:\Windows\System\RdpmTgH.exe
  2⤵
  PID:3124
- C:\Windows\System\KJCYGuo.exe
  C:\Windows\System\KJCYGuo.exe
  2⤵
  PID:3300
- C:\Windows\System\HnFCmiK.exe
  C:\Windows\System\HnFCmiK.exe
  2⤵
  PID:3188
- C:\Windows\System\mOcoQCT.exe
  C:\Windows\System\mOcoQCT.exe
  2⤵
  PID:1020
- C:\Windows\System\OLAsaBZ.exe
  C:\Windows\System\OLAsaBZ.exe
  2⤵
  PID:2104
- C:\Windows\System\WEEVSUe.exe
  C:\Windows\System\WEEVSUe.exe
  2⤵
  PID:3560
- C:\Windows\System\dkJXmXd.exe
  C:\Windows\System\dkJXmXd.exe
  2⤵
  PID:2956
- C:\Windows\System\dAfXMhp.exe
  C:\Windows\System\dAfXMhp.exe
  2⤵
  PID:616
- C:\Windows\System\VuWiJQs.exe
  C:\Windows\System\VuWiJQs.exe
  2⤵
  PID:1120
- C:\Windows\System\YZJHmqR.exe
  C:\Windows\System\YZJHmqR.exe
  2⤵
  PID:3932
- C:\Windows\System\UOJGSCI.exe
  C:\Windows\System\UOJGSCI.exe
  2⤵
  PID:1992
- C:\Windows\System\RPjgTOg.exe
  C:\Windows\System\RPjgTOg.exe
  2⤵
  PID:2900
- C:\Windows\System\qDnSEsD.exe
  C:\Windows\System\qDnSEsD.exe
  2⤵
  PID:1148
- C:\Windows\System\hrsFVng.exe
  C:\Windows\System\hrsFVng.exe
  2⤵
  PID:2344
- C:\Windows\System\kcKqyWJ.exe
  C:\Windows\System\kcKqyWJ.exe
  2⤵
  PID:3268
- C:\Windows\System\uPUfsmo.exe
  C:\Windows\System\uPUfsmo.exe
  2⤵
  PID:592
- C:\Windows\System\ccTKYwI.exe
  C:\Windows\System\ccTKYwI.exe
  2⤵
  PID:3172
- C:\Windows\System\WVhriYA.exe
  C:\Windows\System\WVhriYA.exe
  2⤵
  PID:2140
- C:\Windows\System\OHvIZaz.exe
  C:\Windows\System\OHvIZaz.exe
  2⤵
  PID:2176
- C:\Windows\System\JaBHhyA.exe
  C:\Windows\System\JaBHhyA.exe
  2⤵
  PID:2168
- C:\Windows\System\VkXggkD.exe
  C:\Windows\System\VkXggkD.exe
  2⤵
  PID:2052
- C:\Windows\System\RXcRcEy.exe
  C:\Windows\System\RXcRcEy.exe
  2⤵
  PID:704
- C:\Windows\System\BXgJuNk.exe
  C:\Windows\System\BXgJuNk.exe
  2⤵
  PID:2240
- C:\Windows\System\fPkBrGb.exe
  C:\Windows\System\fPkBrGb.exe
  2⤵
  PID:2764
- C:\Windows\System\eMhnXzm.exe
  C:\Windows\System\eMhnXzm.exe
  2⤵
  PID:2120
- C:\Windows\System\RghjcSH.exe
  C:\Windows\System\RghjcSH.exe
  2⤵
  PID:2196
- C:\Windows\System\luFwVbe.exe
  C:\Windows\System\luFwVbe.exe
  2⤵
  PID:3112
- C:\Windows\System\UyFGeRT.exe
  C:\Windows\System\UyFGeRT.exe
  2⤵
  PID:2380
- C:\Windows\System\agygNMM.exe
  C:\Windows\System\agygNMM.exe
  2⤵
  PID:1360
- C:\Windows\System\aoLYxVf.exe
  C:\Windows\System\aoLYxVf.exe
  2⤵
  PID:4024
- C:\Windows\System\UAiPtXt.exe
  C:\Windows\System\UAiPtXt.exe
  2⤵
  PID:1620
- C:\Windows\System\KNPuHQk.exe
  C:\Windows\System\KNPuHQk.exe
  2⤵
  PID:3396
- C:\Windows\System\iMnZBZE.exe
  C:\Windows\System\iMnZBZE.exe
  2⤵
  PID:2156
- C:\Windows\System\EeAvUZk.exe
  C:\Windows\System\EeAvUZk.exe
  2⤵
  PID:2896
- C:\Windows\System\QPsUNKb.exe
  C:\Windows\System\QPsUNKb.exe
  2⤵
  PID:4012
- C:\Windows\System\kJzYVrH.exe
  C:\Windows\System\kJzYVrH.exe
  2⤵
  PID:2688
- C:\Windows\System\qetCqrw.exe
  C:\Windows\System\qetCqrw.exe
  2⤵
  PID:3688
- C:\Windows\System\iukodMI.exe
  C:\Windows\System\iukodMI.exe
  2⤵
  PID:1484
- C:\Windows\System\hAQPCXq.exe
  C:\Windows\System\hAQPCXq.exe
  2⤵
  PID:2656
- C:\Windows\System\QRQlsRJ.exe
  C:\Windows\System\QRQlsRJ.exe
  2⤵
  PID:928
- C:\Windows\System\bACyskX.exe
  C:\Windows\System\bACyskX.exe
  2⤵
  PID:3084
- C:\Windows\System\EaKHaiK.exe
  C:\Windows\System\EaKHaiK.exe
  2⤵
  PID:1648
- C:\Windows\System\dCitVnV.exe
  C:\Windows\System\dCitVnV.exe
  2⤵
  PID:3236
- C:\Windows\System\ISMBbKO.exe
  C:\Windows\System\ISMBbKO.exe
  2⤵
  PID:3288
- C:\Windows\System\RnuMpxX.exe
  C:\Windows\System\RnuMpxX.exe
  2⤵
  PID:2488
- C:\Windows\System\sSnUHqS.exe
  C:\Windows\System\sSnUHqS.exe
  2⤵
  PID:3892
- C:\Windows\System\QstqxAX.exe
  C:\Windows\System\QstqxAX.exe
  2⤵
  PID:1852
- C:\Windows\System\NgsfVMi.exe
  C:\Windows\System\NgsfVMi.exe
  2⤵
  PID:4044
- C:\Windows\System\lmGncbH.exe
  C:\Windows\System\lmGncbH.exe
  2⤵
  PID:972
- C:\Windows\System\JNZjDfb.exe
  C:\Windows\System\JNZjDfb.exe
  2⤵
  PID:4108
- C:\Windows\System\GLdAExP.exe
  C:\Windows\System\GLdAExP.exe
  2⤵
  PID:4124
- C:\Windows\System\zrzSBbP.exe
  C:\Windows\System\zrzSBbP.exe
  2⤵
  PID:4140
- C:\Windows\System\IyfnWeS.exe
  C:\Windows\System\IyfnWeS.exe
  2⤵
  PID:4156
- C:\Windows\System\ETueQGq.exe
  C:\Windows\System\ETueQGq.exe
  2⤵
  PID:4172
- C:\Windows\System\PJYIOpW.exe
  C:\Windows\System\PJYIOpW.exe
  2⤵
  PID:4188
- C:\Windows\System\zTXMvvy.exe
  C:\Windows\System\zTXMvvy.exe
  2⤵
  PID:4204
- C:\Windows\System\MGUshZw.exe
  C:\Windows\System\MGUshZw.exe
  2⤵
  PID:4220
- C:\Windows\System\zLVvEBb.exe
  C:\Windows\System\zLVvEBb.exe
  2⤵
  PID:4236
- C:\Windows\System\QDVMoni.exe
  C:\Windows\System\QDVMoni.exe
  2⤵
  PID:4252
- C:\Windows\System\uyEcpTA.exe
  C:\Windows\System\uyEcpTA.exe
  2⤵
  PID:4268
- C:\Windows\System\OoXQdxH.exe
  C:\Windows\System\OoXQdxH.exe
  2⤵
  PID:4284
- C:\Windows\System\fdPWHpq.exe
  C:\Windows\System\fdPWHpq.exe
  2⤵
  PID:4300
- C:\Windows\System\zanYiwR.exe
  C:\Windows\System\zanYiwR.exe
  2⤵
  PID:4316
- C:\Windows\System\AJXDSpq.exe
  C:\Windows\System\AJXDSpq.exe
  2⤵
  PID:4332
- C:\Windows\System\zhJpDAP.exe
  C:\Windows\System\zhJpDAP.exe
  2⤵
  PID:4348
- C:\Windows\System\vWsJKOv.exe
  C:\Windows\System\vWsJKOv.exe
  2⤵
  PID:4368
- C:\Windows\System\GnkfQJi.exe
  C:\Windows\System\GnkfQJi.exe
  2⤵
  PID:4384
- C:\Windows\System\mRKJTbx.exe
  C:\Windows\System\mRKJTbx.exe
  2⤵
  PID:4400
- C:\Windows\System\lrGTeuR.exe
  C:\Windows\System\lrGTeuR.exe
  2⤵
  PID:4416
- C:\Windows\System\xRRknfE.exe
  C:\Windows\System\xRRknfE.exe
  2⤵
  PID:4432
- C:\Windows\System\oEkAOVn.exe
  C:\Windows\System\oEkAOVn.exe
  2⤵
  PID:4448
- C:\Windows\System\RfUwfSy.exe
  C:\Windows\System\RfUwfSy.exe
  2⤵
  PID:4464
- C:\Windows\System\XDUVsJV.exe
  C:\Windows\System\XDUVsJV.exe
  2⤵
  PID:4480
- C:\Windows\System\UwxvMtS.exe
  C:\Windows\System\UwxvMtS.exe
  2⤵
  PID:4496
- C:\Windows\System\IgLALdj.exe
  C:\Windows\System\IgLALdj.exe
  2⤵
  PID:4512
- C:\Windows\System\chBzvUx.exe
  C:\Windows\System\chBzvUx.exe
  2⤵
  PID:4528
- C:\Windows\System\JUzyKPZ.exe
  C:\Windows\System\JUzyKPZ.exe
  2⤵
  PID:4544
- C:\Windows\System\XXVqhWr.exe
  C:\Windows\System\XXVqhWr.exe
  2⤵
  PID:4560
- C:\Windows\System\WXkQvgQ.exe
  C:\Windows\System\WXkQvgQ.exe
  2⤵
  PID:4576
- C:\Windows\System\NODbdRv.exe
  C:\Windows\System\NODbdRv.exe
  2⤵
  PID:4592
- C:\Windows\System\iDtDxoC.exe
  C:\Windows\System\iDtDxoC.exe
  2⤵
  PID:4624
- C:\Windows\System\vvhmbCW.exe
  C:\Windows\System\vvhmbCW.exe
  2⤵
  PID:4640
- C:\Windows\System\whWDOzk.exe
  C:\Windows\System\whWDOzk.exe
  2⤵
  PID:4660
- C:\Windows\System\UEboYWm.exe
  C:\Windows\System\UEboYWm.exe
  2⤵
  PID:4680
- C:\Windows\System\oIaYtDw.exe
  C:\Windows\System\oIaYtDw.exe
  2⤵
  PID:4696
- C:\Windows\System\IeWinrb.exe
  C:\Windows\System\IeWinrb.exe
  2⤵
  PID:4736
- C:\Windows\System\WymScUC.exe
  C:\Windows\System\WymScUC.exe
  2⤵
  PID:4760
- C:\Windows\System\gzfXAnL.exe
  C:\Windows\System\gzfXAnL.exe
  2⤵
  PID:4776
- C:\Windows\System\uYGZtqq.exe
  C:\Windows\System\uYGZtqq.exe
  2⤵
  PID:4792
- C:\Windows\System\DhAFsxw.exe
  C:\Windows\System\DhAFsxw.exe
  2⤵
  PID:4808
- C:\Windows\System\TRDIsVm.exe
  C:\Windows\System\TRDIsVm.exe
  2⤵
  PID:4824
- C:\Windows\System\EwREUlH.exe
  C:\Windows\System\EwREUlH.exe
  2⤵
  PID:4844
- C:\Windows\System\FJoFwOR.exe
  C:\Windows\System\FJoFwOR.exe
  2⤵
  PID:4860
- C:\Windows\System\WbeIHSG.exe
  C:\Windows\System\WbeIHSG.exe
  2⤵
  PID:4876
- C:\Windows\System\esGnzle.exe
  C:\Windows\System\esGnzle.exe
  2⤵
  PID:4892
- C:\Windows\System\NXLOUMM.exe
  C:\Windows\System\NXLOUMM.exe
  2⤵
  PID:4912
- C:\Windows\System\TLBTljG.exe
  C:\Windows\System\TLBTljG.exe
  2⤵
  PID:4928
- C:\Windows\System\GWpkJRb.exe
  C:\Windows\System\GWpkJRb.exe
  2⤵
  PID:4944
- C:\Windows\System\vatQQey.exe
  C:\Windows\System\vatQQey.exe
  2⤵
  PID:4960
- C:\Windows\System\cNTjNDM.exe
  C:\Windows\System\cNTjNDM.exe
  2⤵
  PID:4984
- C:\Windows\System\vPjTCeu.exe
  C:\Windows\System\vPjTCeu.exe
  2⤵
  PID:5008
- C:\Windows\System\vteRDtK.exe
  C:\Windows\System\vteRDtK.exe
  2⤵
  PID:5028
- C:\Windows\System\lcDwsBR.exe
  C:\Windows\System\lcDwsBR.exe
  2⤵
  PID:5044
- C:\Windows\System\YfUxFTC.exe
  C:\Windows\System\YfUxFTC.exe
  2⤵
  PID:5068
- C:\Windows\System\jNMlqvl.exe
  C:\Windows\System\jNMlqvl.exe
  2⤵
  PID:5096
- C:\Windows\System\SKGdHbc.exe
  C:\Windows\System\SKGdHbc.exe
  2⤵
  PID:4116
- C:\Windows\System\XUFptUG.exe
  C:\Windows\System\XUFptUG.exe
  2⤵
  PID:4152
- C:\Windows\System\UpdVOuU.exe
  C:\Windows\System\UpdVOuU.exe
  2⤵
  PID:4276
- C:\Windows\System\sjxMcnZ.exe
  C:\Windows\System\sjxMcnZ.exe
  2⤵
  PID:4340
- C:\Windows\System\cKwNRfW.exe
  C:\Windows\System\cKwNRfW.exe
  2⤵
  PID:4376
- C:\Windows\System\pNJufBY.exe
  C:\Windows\System\pNJufBY.exe
  2⤵
  PID:4392
- C:\Windows\System\awMxZUq.exe
  C:\Windows\System\awMxZUq.exe
  2⤵
  PID:4428
- C:\Windows\System\qbPzlLD.exe
  C:\Windows\System\qbPzlLD.exe
  2⤵
  PID:4472
- C:\Windows\System\oKASyKU.exe
  C:\Windows\System\oKASyKU.exe
  2⤵
  PID:4520
- C:\Windows\System\BlzDPxM.exe
  C:\Windows\System\BlzDPxM.exe
  2⤵
  PID:4612
- C:\Windows\System\mEPtwyU.exe
  C:\Windows\System\mEPtwyU.exe
  2⤵
  PID:4688
- C:\Windows\System\JHrYxQh.exe
  C:\Windows\System\JHrYxQh.exe
  2⤵
  PID:4752
- C:\Windows\System\ywyufMq.exe
  C:\Windows\System\ywyufMq.exe
  2⤵
  PID:4784
- C:\Windows\System\dUVpjQl.exe
  C:\Windows\System\dUVpjQl.exe
  2⤵
  PID:4772
- C:\Windows\System\dSpBeou.exe
  C:\Windows\System\dSpBeou.exe
  2⤵
  PID:4856
- C:\Windows\System\aLICFdJ.exe
  C:\Windows\System\aLICFdJ.exe
  2⤵
  PID:4908
- C:\Windows\System\nFFuMCW.exe
  C:\Windows\System\nFFuMCW.exe
  2⤵
  PID:4936
- C:\Windows\System\ADzdOjA.exe
  C:\Windows\System\ADzdOjA.exe
  2⤵
  PID:4972
- C:\Windows\System\UUkblEN.exe
  C:\Windows\System\UUkblEN.exe
  2⤵
  PID:4996
- C:\Windows\System\OAJsKjM.exe
  C:\Windows\System\OAJsKjM.exe
  2⤵
  PID:5020
- C:\Windows\System\MwOCTLu.exe
  C:\Windows\System\MwOCTLu.exe
  2⤵
  PID:5052
- C:\Windows\System\tIZTVZt.exe
  C:\Windows\System\tIZTVZt.exe
  2⤵
  PID:5056
- C:\Windows\System\hcIlKTY.exe
  C:\Windows\System\hcIlKTY.exe
  2⤵
  PID:5104
- C:\Windows\System\yaBGAuL.exe
  C:\Windows\System\yaBGAuL.exe
  2⤵
  PID:4132
- C:\Windows\System\YebWldt.exe
  C:\Windows\System\YebWldt.exe
  2⤵
  PID:4168
- C:\Windows\System\RxQiAFJ.exe
  C:\Windows\System\RxQiAFJ.exe
  2⤵
  PID:4196
- C:\Windows\System\VzciLPk.exe
  C:\Windows\System\VzciLPk.exe
  2⤵
  PID:4292
- C:\Windows\System\UChCNfk.exe
  C:\Windows\System\UChCNfk.exe
  2⤵
  PID:4328
- C:\Windows\System\GNZnuLM.exe
  C:\Windows\System\GNZnuLM.exe
  2⤵
  PID:4232
- C:\Windows\System\lwmqKAA.exe
  C:\Windows\System\lwmqKAA.exe
  2⤵
  PID:4444
- C:\Windows\System\SgzElAT.exe
  C:\Windows\System\SgzElAT.exe
  2⤵
  PID:4104
- C:\Windows\System\UZGwsZo.exe
  C:\Windows\System\UZGwsZo.exe
  2⤵
  PID:4708
- C:\Windows\System\JBuLMcO.exe
  C:\Windows\System\JBuLMcO.exe
  2⤵
  PID:4748
- C:\Windows\System\IDnpify.exe
  C:\Windows\System\IDnpify.exe
  2⤵
  PID:4768
- C:\Windows\System\iYSbMhn.exe
  C:\Windows\System\iYSbMhn.exe
  2⤵
  PID:4868
- C:\Windows\System\YnkhTmf.exe
  C:\Windows\System\YnkhTmf.exe
  2⤵
  PID:4920
- C:\Windows\System\FzRLeUo.exe
  C:\Windows\System\FzRLeUo.exe
  2⤵
  PID:5004
- C:\Windows\System\ayGTdPA.exe
  C:\Windows\System\ayGTdPA.exe
  2⤵
  PID:5076
- C:\Windows\System\tWfjonB.exe
  C:\Windows\System\tWfjonB.exe
  2⤵
  PID:4100
- C:\Windows\System\zybivnx.exe
  C:\Windows\System\zybivnx.exe
  2⤵
  PID:4164
- C:\Windows\System\iabzjtf.exe
  C:\Windows\System\iabzjtf.exe
  2⤵
  PID:4396
- C:\Windows\System\naTlGkQ.exe
  C:\Windows\System\naTlGkQ.exe
  2⤵
  PID:4260
- C:\Windows\System\FvZWrIV.exe
  C:\Windows\System\FvZWrIV.exe
  2⤵
  PID:4460
- C:\Windows\System\MOXqgvR.exe
  C:\Windows\System\MOXqgvR.exe
  2⤵
  PID:4508
- C:\Windows\System\KQgAegx.exe
  C:\Windows\System\KQgAegx.exe
  2⤵
  PID:4572
- C:\Windows\System\BZTTrVa.exe
  C:\Windows\System\BZTTrVa.exe
  2⤵
  PID:4600
- C:\Windows\System\eQwfgjn.exe
  C:\Windows\System\eQwfgjn.exe
  2⤵
  PID:4656
- C:\Windows\System\UdjwLfc.exe
  C:\Windows\System\UdjwLfc.exe
  2⤵
  PID:1168
- C:\Windows\System\SEJefQw.exe
  C:\Windows\System\SEJefQw.exe
  2⤵
  PID:1752
- C:\Windows\System\ymSvugp.exe
  C:\Windows\System\ymSvugp.exe
  2⤵
  PID:4724
- C:\Windows\System\oixcbgJ.exe
  C:\Windows\System\oixcbgJ.exe
  2⤵
  PID:4816
- C:\Windows\System\uRhdrUW.exe
  C:\Windows\System\uRhdrUW.exe
  2⤵
  PID:4840
- C:\Windows\System\RaOUWpS.exe
  C:\Windows\System\RaOUWpS.exe
  2⤵
  PID:4952
- C:\Windows\System\IpGcGth.exe
  C:\Windows\System\IpGcGth.exe
  2⤵
  PID:5116
- C:\Windows\System\dHhyAQx.exe
  C:\Windows\System\dHhyAQx.exe
  2⤵
  PID:4148
- C:\Windows\System\mmyWbYa.exe
  C:\Windows\System\mmyWbYa.exe
  2⤵
  PID:4264
- C:\Windows\System\LJXVZwZ.exe
  C:\Windows\System\LJXVZwZ.exe
  2⤵
  PID:4492
- C:\Windows\System\zHIHNGq.exe
  C:\Windows\System\zHIHNGq.exe
  2⤵
  PID:4536
- C:\Windows\System\GmWbxWl.exe
  C:\Windows\System\GmWbxWl.exe
  2⤵
  PID:2388
- C:\Windows\System\ZHsHbBn.exe
  C:\Windows\System\ZHsHbBn.exe
  2⤵
  PID:4356
- C:\Windows\System\snUnRxg.exe
  C:\Windows\System\snUnRxg.exe
  2⤵
  PID:1664
- C:\Windows\System\IQtzrRj.exe
  C:\Windows\System\IQtzrRj.exe
  2⤵
  PID:4924
- C:\Windows\System\tjZVswb.exe
  C:\Windows\System\tjZVswb.exe
  2⤵
  PID:4980
- C:\Windows\System\RXpNAUN.exe
  C:\Windows\System\RXpNAUN.exe
  2⤵
  PID:4324
- C:\Windows\System\tBldHUP.exe
  C:\Windows\System\tBldHUP.exe
  2⤵
  PID:4588
- C:\Windows\System\hRSfsIT.exe
  C:\Windows\System\hRSfsIT.exe
  2⤵
  PID:4620
- C:\Windows\System\XvONRMv.exe
  C:\Windows\System\XvONRMv.exe
  2⤵
  PID:4872
- C:\Windows\System\gRpPGKm.exe
  C:\Windows\System\gRpPGKm.exe
  2⤵
  PID:4820
- C:\Windows\System\mjNgUGE.exe
  C:\Windows\System\mjNgUGE.exe
  2⤵
  PID:5064
- C:\Windows\System\hKFcBvz.exe
  C:\Windows\System\hKFcBvz.exe
  2⤵
  PID:4456
- C:\Windows\System\spsecJP.exe
  C:\Windows\System\spsecJP.exe
  2⤵
  PID:1088
- C:\Windows\System\qkqRocF.exe
  C:\Windows\System\qkqRocF.exe
  2⤵
  PID:4504
- C:\Windows\System\PxtfYwm.exe
  C:\Windows\System\PxtfYwm.exe
  2⤵
  PID:1084
- C:\Windows\System\UEOBAWc.exe
  C:\Windows\System\UEOBAWc.exe
  2⤵
  PID:5144
- C:\Windows\System\OMOaMve.exe
  C:\Windows\System\OMOaMve.exe
  2⤵
  PID:5160
- C:\Windows\System\LupkoxQ.exe
  C:\Windows\System\LupkoxQ.exe
  2⤵
  PID:5180
- C:\Windows\System\vIFWLlj.exe
  C:\Windows\System\vIFWLlj.exe
  2⤵
  PID:5200
- C:\Windows\System\pfaTwCN.exe
  C:\Windows\System\pfaTwCN.exe
  2⤵
  PID:5220
- C:\Windows\System\HqVFixK.exe
  C:\Windows\System\HqVFixK.exe
  2⤵
  PID:5236
- C:\Windows\System\qbJtpww.exe
  C:\Windows\System\qbJtpww.exe
  2⤵
  PID:5256
- C:\Windows\System\MNyVSHk.exe
  C:\Windows\System\MNyVSHk.exe
  2⤵
  PID:5280
- C:\Windows\System\hFHpsgd.exe
  C:\Windows\System\hFHpsgd.exe
  2⤵
  PID:5308
- C:\Windows\System\YxwLDYv.exe
  C:\Windows\System\YxwLDYv.exe
  2⤵
  PID:5324
- C:\Windows\System\PjkAeJI.exe
  C:\Windows\System\PjkAeJI.exe
  2⤵
  PID:5340
- C:\Windows\System\kgOLwrL.exe
  C:\Windows\System\kgOLwrL.exe
  2⤵
  PID:5356
- C:\Windows\System\ynDHsYC.exe
  C:\Windows\System\ynDHsYC.exe
  2⤵
  PID:5376
- C:\Windows\System\DJixVSD.exe
  C:\Windows\System\DJixVSD.exe
  2⤵
  PID:5408
- C:\Windows\System\VjRbtOi.exe
  C:\Windows\System\VjRbtOi.exe
  2⤵
  PID:5424
- C:\Windows\System\KXYXKVj.exe
  C:\Windows\System\KXYXKVj.exe
  2⤵
  PID:5444
- C:\Windows\System\FpqwDpY.exe
  C:\Windows\System\FpqwDpY.exe
  2⤵
  PID:5464
- C:\Windows\System\zOyJIsl.exe
  C:\Windows\System\zOyJIsl.exe
  2⤵
  PID:5480
- C:\Windows\System\oaKceQj.exe
  C:\Windows\System\oaKceQj.exe
  2⤵
  PID:5504
- C:\Windows\System\xGUEVSG.exe
  C:\Windows\System\xGUEVSG.exe
  2⤵
  PID:5524
- C:\Windows\System\hEMdHFm.exe
  C:\Windows\System\hEMdHFm.exe
  2⤵
  PID:5544
- C:\Windows\System\TLbLmtb.exe
  C:\Windows\System\TLbLmtb.exe
  2⤵
  PID:5560
- C:\Windows\System\QDXhBrA.exe
  C:\Windows\System\QDXhBrA.exe
  2⤵
  PID:5588
- C:\Windows\System\SpVlPnC.exe
  C:\Windows\System\SpVlPnC.exe
  2⤵
  PID:5604
- C:\Windows\System\pxhpQaR.exe
  C:\Windows\System\pxhpQaR.exe
  2⤵
  PID:5628
- C:\Windows\System\ujXYRFH.exe
  C:\Windows\System\ujXYRFH.exe
  2⤵
  PID:5644
- C:\Windows\System\QAAciFg.exe
  C:\Windows\System\QAAciFg.exe
  2⤵
  PID:5660
- C:\Windows\System\ccaqroO.exe
  C:\Windows\System\ccaqroO.exe
  2⤵
  PID:5680
- C:\Windows\System\JdnvjFm.exe
  C:\Windows\System\JdnvjFm.exe
  2⤵
  PID:5708
- C:\Windows\System\hNpeRVP.exe
  C:\Windows\System\hNpeRVP.exe
  2⤵
  PID:5724
- C:\Windows\System\WREiSLu.exe
  C:\Windows\System\WREiSLu.exe
  2⤵
  PID:5740
- C:\Windows\System\VcrUicU.exe
  C:\Windows\System\VcrUicU.exe
  2⤵
  PID:5756
- C:\Windows\System\WkVGAVg.exe
  C:\Windows\System\WkVGAVg.exe
  2⤵
  PID:5780
- C:\Windows\System\pdqtjki.exe
  C:\Windows\System\pdqtjki.exe
  2⤵
  PID:5796
- C:\Windows\System\kCxkaSa.exe
  C:\Windows\System\kCxkaSa.exe
  2⤵
  PID:5828
- C:\Windows\System\KfVvuLB.exe
  C:\Windows\System\KfVvuLB.exe
  2⤵
  PID:5844
- C:\Windows\System\HIUlGAj.exe
  C:\Windows\System\HIUlGAj.exe
  2⤵
  PID:5868
- C:\Windows\System\hYrLegT.exe
  C:\Windows\System\hYrLegT.exe
  2⤵
  PID:5884
- C:\Windows\System\uaPTeHs.exe
  C:\Windows\System\uaPTeHs.exe
  2⤵
  PID:5912
- C:\Windows\System\SJQawXU.exe
  C:\Windows\System\SJQawXU.exe
  2⤵
  PID:5928
- C:\Windows\System\htnpXSn.exe
  C:\Windows\System\htnpXSn.exe
  2⤵
  PID:5952
- C:\Windows\System\qfJhTtE.exe
  C:\Windows\System\qfJhTtE.exe
  2⤵
  PID:5968
- C:\Windows\System\zWmJoCP.exe
  C:\Windows\System\zWmJoCP.exe
  2⤵
  PID:5988
- C:\Windows\System\CyRuSfg.exe
  C:\Windows\System\CyRuSfg.exe
  2⤵
  PID:6008
- C:\Windows\System\EONLanJ.exe
  C:\Windows\System\EONLanJ.exe
  2⤵
  PID:6028
- C:\Windows\System\BpwQqhF.exe
  C:\Windows\System\BpwQqhF.exe
  2⤵
  PID:6048
- C:\Windows\System\oRkiUTf.exe
  C:\Windows\System\oRkiUTf.exe
  2⤵
  PID:6072
- C:\Windows\System\ORnovsD.exe
  C:\Windows\System\ORnovsD.exe
  2⤵
  PID:6088
- C:\Windows\System\sixNGdB.exe
  C:\Windows\System\sixNGdB.exe
  2⤵
  PID:6104
- C:\Windows\System\LTuhqGN.exe
  C:\Windows\System\LTuhqGN.exe
  2⤵
  PID:6124
- C:\Windows\System\fYFfMUj.exe
  C:\Windows\System\fYFfMUj.exe
  2⤵
  PID:5092
- C:\Windows\System\nOhGYSR.exe
  C:\Windows\System\nOhGYSR.exe
  2⤵
  PID:4200
- C:\Windows\System\tcmLCcF.exe
  C:\Windows\System\tcmLCcF.exe
  2⤵
  PID:5136
- C:\Windows\System\jZsbCSP.exe
  C:\Windows\System\jZsbCSP.exe
  2⤵
  PID:5168
- C:\Windows\System\mlqmrfm.exe
  C:\Windows\System\mlqmrfm.exe
  2⤵
  PID:5208
- C:\Windows\System\FhwRthd.exe
  C:\Windows\System\FhwRthd.exe
  2⤵
  PID:5292
- C:\Windows\System\IwsdRtk.exe
  C:\Windows\System\IwsdRtk.exe
  2⤵
  PID:5304
- C:\Windows\System\QCPnVgc.exe
  C:\Windows\System\QCPnVgc.exe
  2⤵
  PID:5320
- C:\Windows\System\URwBLBo.exe
  C:\Windows\System\URwBLBo.exe
  2⤵
  PID:5372
- C:\Windows\System\PDRHUyz.exe
  C:\Windows\System\PDRHUyz.exe
  2⤵
  PID:5388
- C:\Windows\System\TDwirss.exe
  C:\Windows\System\TDwirss.exe
  2⤵
  PID:5416
- C:\Windows\System\zVjydBX.exe
  C:\Windows\System\zVjydBX.exe
  2⤵
  PID:5476
- C:\Windows\System\khOHjAF.exe
  C:\Windows\System\khOHjAF.exe
  2⤵
  PID:5488
- C:\Windows\System\aaILYHa.exe
  C:\Windows\System\aaILYHa.exe
  2⤵
  PID:5516
- C:\Windows\System\DqLeYvs.exe
  C:\Windows\System\DqLeYvs.exe
  2⤵
  PID:5552
- C:\Windows\System\alpAICa.exe
  C:\Windows\System\alpAICa.exe
  2⤵
  PID:5580
- C:\Windows\System\SbAARWj.exe
  C:\Windows\System\SbAARWj.exe
  2⤵
  PID:5612
- C:\Windows\System\PVQwMrW.exe
  C:\Windows\System\PVQwMrW.exe
  2⤵
  PID:5640
- C:\Windows\System\ArjmROA.exe
  C:\Windows\System\ArjmROA.exe
  2⤵
  PID:5676
- C:\Windows\System\WtaxWhN.exe
  C:\Windows\System\WtaxWhN.exe
  2⤵
  PID:5736
- C:\Windows\System\wwxmDFl.exe
  C:\Windows\System\wwxmDFl.exe
  2⤵
  PID:5768
- C:\Windows\System\yHqmfQq.exe
  C:\Windows\System\yHqmfQq.exe
  2⤵
  PID:5752
- C:\Windows\System\OhpRMot.exe
  C:\Windows\System\OhpRMot.exe
  2⤵
  PID:5820
- C:\Windows\System\jMbsFqU.exe
  C:\Windows\System\jMbsFqU.exe
  2⤵
  PID:5840
- C:\Windows\System\sTQDgvt.exe
  C:\Windows\System\sTQDgvt.exe
  2⤵
  PID:5248
- C:\Windows\System\bbNmaVF.exe
  C:\Windows\System\bbNmaVF.exe
  2⤵
  PID:5908
- C:\Windows\System\dDUovVW.exe
  C:\Windows\System\dDUovVW.exe
  2⤵
  PID:5948
- C:\Windows\System\isadDsE.exe
  C:\Windows\System\isadDsE.exe
  2⤵
  PID:5964
- C:\Windows\System\aQYKQwq.exe
  C:\Windows\System\aQYKQwq.exe
  2⤵
  PID:6004
- C:\Windows\System\FfXGiJF.exe
  C:\Windows\System\FfXGiJF.exe
  2⤵
  PID:6036
- C:\Windows\System\uLGSpoH.exe
  C:\Windows\System\uLGSpoH.exe
  2⤵
  PID:6064
- C:\Windows\System\zVfKRsn.exe
  C:\Windows\System\zVfKRsn.exe
  2⤵
  PID:6112
- C:\Windows\System\JxRJRap.exe
  C:\Windows\System\JxRJRap.exe
  2⤵
  PID:5124
- C:\Windows\System\jznKoPZ.exe
  C:\Windows\System\jznKoPZ.exe
  2⤵
  PID:5244
- C:\Windows\System\ApZNxFO.exe
  C:\Windows\System\ApZNxFO.exe
  2⤵
  PID:5188
- C:\Windows\System\FNZxlrf.exe
  C:\Windows\System\FNZxlrf.exe
  2⤵
  PID:5268
- C:\Windows\System\eZImjQu.exe
  C:\Windows\System\eZImjQu.exe
  2⤵
  PID:5336
- C:\Windows\System\sqyCwCC.exe
  C:\Windows\System\sqyCwCC.exe
  2⤵
  PID:5404
- C:\Windows\System\HVgsRZk.exe
  C:\Windows\System\HVgsRZk.exe
  2⤵
  PID:5436
- C:\Windows\System\lOnvImV.exe
  C:\Windows\System\lOnvImV.exe
  2⤵
  PID:5492
- C:\Windows\System\AbllMQN.exe
  C:\Windows\System\AbllMQN.exe
  2⤵
  PID:5512
- C:\Windows\System\bEWCFxv.exe
  C:\Windows\System\bEWCFxv.exe
  2⤵
  PID:5600
- C:\Windows\System\XEwYmsG.exe
  C:\Windows\System\XEwYmsG.exe
  2⤵
  PID:5636
- C:\Windows\System\SBADOMZ.exe
  C:\Windows\System\SBADOMZ.exe
  2⤵
  PID:5704
- C:\Windows\System\UQuXpSc.exe
  C:\Windows\System\UQuXpSc.exe
  2⤵
  PID:5748
- C:\Windows\System\hQQwAXx.exe
  C:\Windows\System\hQQwAXx.exe
  2⤵
  PID:5860
- C:\Windows\System\qJdrSts.exe
  C:\Windows\System\qJdrSts.exe
  2⤵
  PID:5936
- C:\Windows\System\EMrSDyZ.exe
  C:\Windows\System\EMrSDyZ.exe
  2⤵
  PID:5996
- C:\Windows\System\BolkSdr.exe
  C:\Windows\System\BolkSdr.exe
  2⤵
  PID:5976
- C:\Windows\System\BKiMfAb.exe
  C:\Windows\System\BKiMfAb.exe
  2⤵
  PID:5896
- C:\Windows\System\PbQxdVK.exe
  C:\Windows\System\PbQxdVK.exe
  2⤵
  PID:6024
- C:\Windows\System\sWnmLxe.exe
  C:\Windows\System\sWnmLxe.exe
  2⤵
  PID:2244
- C:\Windows\System\NDDsSdJ.exe
  C:\Windows\System\NDDsSdJ.exe
  2⤵
  PID:960
- C:\Windows\System\KoghkKk.exe
  C:\Windows\System\KoghkKk.exe
  2⤵
  PID:5288
- C:\Windows\System\kWaSGBS.exe
  C:\Windows\System\kWaSGBS.exe
  2⤵
  PID:5252
- C:\Windows\System\uegSfvC.exe
  C:\Windows\System\uegSfvC.exe
  2⤵
  PID:5332
- C:\Windows\System\EKijzcz.exe
  C:\Windows\System\EKijzcz.exe
  2⤵
  PID:5368
- C:\Windows\System\CBUaCGD.exe
  C:\Windows\System\CBUaCGD.exe
  2⤵
  PID:5452
- C:\Windows\System\yQgeWfz.exe
  C:\Windows\System\yQgeWfz.exe
  2⤵
  PID:5576
- C:\Windows\System\WKwZXFJ.exe
  C:\Windows\System\WKwZXFJ.exe
  2⤵
  PID:5688
- C:\Windows\System\wotnHdS.exe
  C:\Windows\System\wotnHdS.exe
  2⤵
  PID:5788
- C:\Windows\System\dosXNUY.exe
  C:\Windows\System\dosXNUY.exe
  2⤵
  PID:5864
- C:\Windows\System\xgjXMdj.exe
  C:\Windows\System\xgjXMdj.exe
  2⤵
  PID:6060
- C:\Windows\System\XrFPgBe.exe
  C:\Windows\System\XrFPgBe.exe
  2⤵
  PID:4568
- C:\Windows\System\SIJdHEI.exe
  C:\Windows\System\SIJdHEI.exe
  2⤵
  PID:2972
- C:\Windows\System\QNKzYyP.exe
  C:\Windows\System\QNKzYyP.exe
  2⤵
  PID:5152
- C:\Windows\System\tBDAahq.exe
  C:\Windows\System\tBDAahq.exe
  2⤵
  PID:5364
- C:\Windows\System\mpJdbQT.exe
  C:\Windows\System\mpJdbQT.exe
  2⤵
  PID:5624
- C:\Windows\System\OHvQjUd.exe
  C:\Windows\System\OHvQjUd.exe
  2⤵
  PID:5536
- C:\Windows\System\tgmktzX.exe
  C:\Windows\System\tgmktzX.exe
  2⤵
  PID:5764
- C:\Windows\System\QlcyFls.exe
  C:\Windows\System\QlcyFls.exe
  2⤵
  PID:5920
- C:\Windows\System\IeHCRSv.exe
  C:\Windows\System\IeHCRSv.exe
  2⤵
  PID:6136
- C:\Windows\System\lsnyCsN.exe
  C:\Windows\System\lsnyCsN.exe
  2⤵
  PID:1972
- C:\Windows\System\zUorYZs.exe
  C:\Windows\System\zUorYZs.exe
  2⤵
  PID:5732
- C:\Windows\System\hYjGWaG.exe
  C:\Windows\System\hYjGWaG.exe
  2⤵
  PID:5568
- C:\Windows\System\WDbhoyz.exe
  C:\Windows\System\WDbhoyz.exe
  2⤵
  PID:5156
- C:\Windows\System\NydjOFW.exe
  C:\Windows\System\NydjOFW.exe
  2⤵
  PID:5880
- C:\Windows\System\CxAvXqr.exe
  C:\Windows\System\CxAvXqr.exe
  2⤵
  PID:6040
- C:\Windows\System\naiqyUP.exe
  C:\Windows\System\naiqyUP.exe
  2⤵
  PID:6020
- C:\Windows\System\wygXhEs.exe
  C:\Windows\System\wygXhEs.exe
  2⤵
  PID:2280
- C:\Windows\System\ZugSBHJ.exe
  C:\Windows\System\ZugSBHJ.exe
  2⤵
  PID:1676
- C:\Windows\System\FefTFrm.exe
  C:\Windows\System\FefTFrm.exe
  2⤵
  PID:5500
- C:\Windows\System\GODSTlU.exe
  C:\Windows\System\GODSTlU.exe
  2⤵
  PID:6164
- C:\Windows\System\iOpXoeo.exe
  C:\Windows\System\iOpXoeo.exe
  2⤵
  PID:6180
- C:\Windows\System\NVMTILf.exe
  C:\Windows\System\NVMTILf.exe
  2⤵
  PID:6200
- C:\Windows\System\lbHzqBr.exe
  C:\Windows\System\lbHzqBr.exe
  2⤵
  PID:6224
- C:\Windows\System\AIwYKlt.exe
  C:\Windows\System\AIwYKlt.exe
  2⤵
  PID:6244
- C:\Windows\System\lqGTDKW.exe
  C:\Windows\System\lqGTDKW.exe
  2⤵
  PID:6264
- C:\Windows\System\SeONttk.exe
  C:\Windows\System\SeONttk.exe
  2⤵
  PID:6288
- C:\Windows\System\Mjnilhu.exe
  C:\Windows\System\Mjnilhu.exe
  2⤵
  PID:6304
- C:\Windows\System\vixGQEa.exe
  C:\Windows\System\vixGQEa.exe
  2⤵
  PID:6324
- C:\Windows\System\qCbcDDW.exe
  C:\Windows\System\qCbcDDW.exe
  2⤵
  PID:6344
- C:\Windows\System\qRLimtP.exe
  C:\Windows\System\qRLimtP.exe
  2⤵
  PID:6368
- C:\Windows\System\sQTYIFi.exe
  C:\Windows\System\sQTYIFi.exe
  2⤵
  PID:6384
- C:\Windows\System\zoTjFdl.exe
  C:\Windows\System\zoTjFdl.exe
  2⤵
  PID:6404
- C:\Windows\System\Wbozzar.exe
  C:\Windows\System\Wbozzar.exe
  2⤵
  PID:6424
- C:\Windows\System\GtVRMzn.exe
  C:\Windows\System\GtVRMzn.exe
  2⤵
  PID:6444
- C:\Windows\System\AAyRlly.exe
  C:\Windows\System\AAyRlly.exe
  2⤵
  PID:6464
- C:\Windows\System\tRWqnfP.exe
  C:\Windows\System\tRWqnfP.exe
  2⤵
  PID:6488
- C:\Windows\System\UMYGfBf.exe
  C:\Windows\System\UMYGfBf.exe
  2⤵
  PID:6504
- C:\Windows\System\DLURNuy.exe
  C:\Windows\System\DLURNuy.exe
  2⤵
  PID:6524
- C:\Windows\System\nCgjcWW.exe
  C:\Windows\System\nCgjcWW.exe
  2⤵
  PID:6544
- C:\Windows\System\NTMTAnK.exe
  C:\Windows\System\NTMTAnK.exe
  2⤵
  PID:6568
- C:\Windows\System\OJzmWRp.exe
  C:\Windows\System\OJzmWRp.exe
  2⤵
  PID:6584
- C:\Windows\System\xkTSEra.exe
  C:\Windows\System\xkTSEra.exe
  2⤵
  PID:6600
- C:\Windows\System\AJpfUtQ.exe
  C:\Windows\System\AJpfUtQ.exe
  2⤵
  PID:6624
- C:\Windows\System\MDhXRqX.exe
  C:\Windows\System\MDhXRqX.exe
  2⤵
  PID:6652
- C:\Windows\System\koxURXT.exe
  C:\Windows\System\koxURXT.exe
  2⤵
  PID:6668
- C:\Windows\System\UbWxtvs.exe
  C:\Windows\System\UbWxtvs.exe
  2⤵
  PID:6684
- C:\Windows\System\hnbPUyh.exe
  C:\Windows\System\hnbPUyh.exe
  2⤵
  PID:6704
- C:\Windows\System\XkDWpTH.exe
  C:\Windows\System\XkDWpTH.exe
  2⤵
  PID:6732
- C:\Windows\System\CjcfUTN.exe
  C:\Windows\System\CjcfUTN.exe
  2⤵
  PID:6748
- C:\Windows\System\eJuUVlH.exe
  C:\Windows\System\eJuUVlH.exe
  2⤵
  PID:6768
- C:\Windows\System\XFjxEMS.exe
  C:\Windows\System\XFjxEMS.exe
  2⤵
  PID:6784
- C:\Windows\System\GTkeOFr.exe
  C:\Windows\System\GTkeOFr.exe
  2⤵
  PID:6808
- C:\Windows\System\QdhsmCE.exe
  C:\Windows\System\QdhsmCE.exe
  2⤵
  PID:6832
- C:\Windows\System\EEuqSZF.exe
  C:\Windows\System\EEuqSZF.exe
  2⤵
  PID:6848
- C:\Windows\System\vlqzDBo.exe
  C:\Windows\System\vlqzDBo.exe
  2⤵
  PID:6868
- C:\Windows\System\BWuqsgk.exe
  C:\Windows\System\BWuqsgk.exe
  2⤵
  PID:6884
- C:\Windows\System\tsXlkQU.exe
  C:\Windows\System\tsXlkQU.exe
  2⤵
  PID:6900
- C:\Windows\System\ykbwxCC.exe
  C:\Windows\System\ykbwxCC.exe
  2⤵
  PID:6932
- C:\Windows\System\dtuSezt.exe
  C:\Windows\System\dtuSezt.exe
  2⤵
  PID:6948
- C:\Windows\System\ThTrGBT.exe
  C:\Windows\System\ThTrGBT.exe
  2⤵
  PID:6964
- C:\Windows\System\IEzCbGU.exe
  C:\Windows\System\IEzCbGU.exe
  2⤵
  PID:6984
- C:\Windows\System\HoCmacu.exe
  C:\Windows\System\HoCmacu.exe
  2⤵
  PID:7012
- C:\Windows\System\gMEVoQd.exe
  C:\Windows\System\gMEVoQd.exe
  2⤵
  PID:7028
- C:\Windows\System\Gboraqp.exe
  C:\Windows\System\Gboraqp.exe
  2⤵
  PID:7044
- C:\Windows\System\BgjzGmF.exe
  C:\Windows\System\BgjzGmF.exe
  2⤵
  PID:7064
- C:\Windows\System\tOWjMrU.exe
  C:\Windows\System\tOWjMrU.exe
  2⤵
  PID:7084
- C:\Windows\System\AQHtFYu.exe
  C:\Windows\System\AQHtFYu.exe
  2⤵
  PID:7108
- C:\Windows\System\YBMCPPg.exe
  C:\Windows\System\YBMCPPg.exe
  2⤵
  PID:7132
- C:\Windows\System\FUPqaqT.exe
  C:\Windows\System\FUPqaqT.exe
  2⤵
  PID:7148
- C:\Windows\System\EtMQLMB.exe
  C:\Windows\System\EtMQLMB.exe
  2⤵
  PID:5196
- C:\Windows\System\SFhGdMY.exe
  C:\Windows\System\SFhGdMY.exe
  2⤵
  PID:2360
- C:\Windows\System\xAVyzGM.exe
  C:\Windows\System\xAVyzGM.exe
  2⤵
  PID:5776
- C:\Windows\System\npjzOzX.exe
  C:\Windows\System\npjzOzX.exe
  2⤵
  PID:6172
- C:\Windows\System\qYtuvgR.exe
  C:\Windows\System\qYtuvgR.exe
  2⤵
  PID:6212
- C:\Windows\System\RcUJNCL.exe
  C:\Windows\System\RcUJNCL.exe
  2⤵
  PID:6252
- C:\Windows\System\gViXOjS.exe
  C:\Windows\System\gViXOjS.exe
  2⤵
  PID:6272
- C:\Windows\System\afxMqqK.exe
  C:\Windows\System\afxMqqK.exe
  2⤵
  PID:6316
- C:\Windows\System\FnzPKZd.exe
  C:\Windows\System\FnzPKZd.exe
  2⤵
  PID:6360
- C:\Windows\System\DuJusBT.exe
  C:\Windows\System\DuJusBT.exe
  2⤵
  PID:6392
- C:\Windows\System\AUnJHhC.exe
  C:\Windows\System\AUnJHhC.exe
  2⤵
  PID:6432
- C:\Windows\System\BLbXaLb.exe
  C:\Windows\System\BLbXaLb.exe
  2⤵
  PID:6452
- C:\Windows\System\QHjjvtD.exe
  C:\Windows\System\QHjjvtD.exe
  2⤵
  PID:6476
- C:\Windows\System\enyvmiI.exe
  C:\Windows\System\enyvmiI.exe
  2⤵
  PID:6512
- C:\Windows\System\GOPHmlt.exe
  C:\Windows\System\GOPHmlt.exe
  2⤵
  PID:6540
- C:\Windows\System\yZOhJzm.exe
  C:\Windows\System\yZOhJzm.exe
  2⤵
  PID:6576
- C:\Windows\System\JSkKLcD.exe
  C:\Windows\System\JSkKLcD.exe
  2⤵
  PID:6636
- C:\Windows\System\cpVvsnx.exe
  C:\Windows\System\cpVvsnx.exe
  2⤵
  PID:6640
- C:\Windows\System\nsJBbuN.exe
  C:\Windows\System\nsJBbuN.exe
  2⤵
  PID:6712
- C:\Windows\System\uENiCgJ.exe
  C:\Windows\System\uENiCgJ.exe
  2⤵
  PID:6728
- C:\Windows\System\NXausbM.exe
  C:\Windows\System\NXausbM.exe
  2⤵
  PID:6756
- C:\Windows\System\wfJaMMU.exe
  C:\Windows\System\wfJaMMU.exe
  2⤵
  PID:6792
- C:\Windows\System\rNRxhqd.exe
  C:\Windows\System\rNRxhqd.exe
  2⤵
  PID:6820
- C:\Windows\System\qZaLOiL.exe
  C:\Windows\System\qZaLOiL.exe
  2⤵
  PID:6840
- C:\Windows\System\YntnejH.exe
  C:\Windows\System\YntnejH.exe
  2⤵
  PID:6892
- C:\Windows\System\YUlSVCz.exe
  C:\Windows\System\YUlSVCz.exe
  2⤵
  PID:6924
- C:\Windows\System\NGKXQdT.exe
  C:\Windows\System\NGKXQdT.exe
  2⤵
  PID:6956
- C:\Windows\System\oWUtRyQ.exe
  C:\Windows\System\oWUtRyQ.exe
  2⤵
  PID:6944
- C:\Windows\System\UcPQxxl.exe
  C:\Windows\System\UcPQxxl.exe
  2⤵
  PID:7008
- C:\Windows\System\AdVhJCQ.exe
  C:\Windows\System\AdVhJCQ.exe
  2⤵
  PID:7036
- C:\Windows\System\NuDlyny.exe
  C:\Windows\System\NuDlyny.exe
  2⤵
  PID:7076
- C:\Windows\System\jJdTTzP.exe
  C:\Windows\System\jJdTTzP.exe
  2⤵
  PID:7144
- C:\Windows\System\CxJRHSn.exe
  C:\Windows\System\CxJRHSn.exe
  2⤵
  PID:6160
- C:\Windows\System\ykkyLJd.exe
  C:\Windows\System\ykkyLJd.exe
  2⤵
  PID:5232
- C:\Windows\System\ELzESKn.exe
  C:\Windows\System\ELzESKn.exe
  2⤵
  PID:6192
- C:\Windows\System\SpDvuXa.exe
  C:\Windows\System\SpDvuXa.exe
  2⤵
  PID:6236
- C:\Windows\System\TYoaPWS.exe
  C:\Windows\System\TYoaPWS.exe
  2⤵
  PID:6296
- C:\Windows\System\DWIlTjo.exe
  C:\Windows\System\DWIlTjo.exe
  2⤵
  PID:6356
- C:\Windows\System\TGByaeK.exe
  C:\Windows\System\TGByaeK.exe
  2⤵
  PID:6472
- C:\Windows\System\SZnUqhQ.exe
  C:\Windows\System\SZnUqhQ.exe
  2⤵
  PID:6552
- C:\Windows\System\nirdKCG.exe
  C:\Windows\System\nirdKCG.exe
  2⤵
  PID:6496
- C:\Windows\System\uvfOLNx.exe
  C:\Windows\System\uvfOLNx.exe
  2⤵
  PID:6564
- C:\Windows\System\IheNwkm.exe
  C:\Windows\System\IheNwkm.exe
  2⤵
  PID:6644
- C:\Windows\System\KOkOiRo.exe
  C:\Windows\System\KOkOiRo.exe
  2⤵
  PID:6720
- C:\Windows\System\ILqLfYm.exe
  C:\Windows\System\ILqLfYm.exe
  2⤵
  PID:6740
- C:\Windows\System\rkIkGZr.exe
  C:\Windows\System\rkIkGZr.exe
  2⤵
  PID:6880
- C:\Windows\System\kznYbud.exe
  C:\Windows\System\kznYbud.exe
  2⤵
  PID:6912
- C:\Windows\System\snctUHT.exe
  C:\Windows\System\snctUHT.exe
  2⤵
  PID:7072
- C:\Windows\System\BRZyXXh.exe
  C:\Windows\System\BRZyXXh.exe
  2⤵
  PID:6992
- C:\Windows\System\QYFpUBj.exe
  C:\Windows\System\QYFpUBj.exe
  2⤵
  PID:6920
- C:\Windows\System\mzHZxfd.exe
  C:\Windows\System\mzHZxfd.exe
  2⤵
  PID:7116
- C:\Windows\System\DKtVyjF.exe
  C:\Windows\System\DKtVyjF.exe
  2⤵
  PID:568
- C:\Windows\System\pIpdqcS.exe
  C:\Windows\System\pIpdqcS.exe
  2⤵
  PID:2256
- C:\Windows\System\KVQTsDj.exe
  C:\Windows\System\KVQTsDj.exe
  2⤵
  PID:5272
- C:\Windows\System\vCNsgmY.exe
  C:\Windows\System\vCNsgmY.exe
  2⤵
  PID:6240
- C:\Windows\System\mpridHH.exe
  C:\Windows\System\mpridHH.exe
  2⤵
  PID:6400
- C:\Windows\System\hPGxmSE.exe
  C:\Windows\System\hPGxmSE.exe
  2⤵
  PID:6596
- C:\Windows\System\YTVerle.exe
  C:\Windows\System\YTVerle.exe
  2⤵
  PID:6592
- C:\Windows\System\lFRGGyP.exe
  C:\Windows\System\lFRGGyP.exe
  2⤵
  PID:5792
- C:\Windows\System\SySsJxB.exe
  C:\Windows\System\SySsJxB.exe
  2⤵
  PID:6724
- C:\Windows\System\taQwRfX.exe
  C:\Windows\System\taQwRfX.exe
  2⤵
  PID:6680
- C:\Windows\System\DvHnCQk.exe
  C:\Windows\System\DvHnCQk.exe
  2⤵
  PID:6896
- C:\Windows\System\JyhZwsU.exe
  C:\Windows\System\JyhZwsU.exe
  2⤵
  PID:6824
- C:\Windows\System\MkjJEcu.exe
  C:\Windows\System\MkjJEcu.exe
  2⤵
  PID:6976
- C:\Windows\System\ZjsMwJX.exe
  C:\Windows\System\ZjsMwJX.exe
  2⤵
  PID:1532
- C:\Windows\System\UcWLrKd.exe
  C:\Windows\System\UcWLrKd.exe
  2⤵
  PID:6276
- C:\Windows\System\CpdxIDA.exe
  C:\Windows\System\CpdxIDA.exe
  2⤵
  PID:6284
- C:\Windows\System\AoKMAJl.exe
  C:\Windows\System\AoKMAJl.exe
  2⤵
  PID:6744
- C:\Windows\System\gLYBsXi.exe
  C:\Windows\System\gLYBsXi.exe
  2⤵
  PID:6340
- C:\Windows\System\qJHwedf.exe
  C:\Windows\System\qJHwedf.exe
  2⤵
  PID:6620
- C:\Windows\System\jHcFnao.exe
  C:\Windows\System\jHcFnao.exe
  2⤵
  PID:6860
- C:\Windows\System\bJMxzXd.exe
  C:\Windows\System\bJMxzXd.exe
  2⤵
  PID:7056
- C:\Windows\System\nBFxLTi.exe
  C:\Windows\System\nBFxLTi.exe
  2⤵
  PID:6436
- C:\Windows\System\kCkfsdu.exe
  C:\Windows\System\kCkfsdu.exe
  2⤵
  PID:5816
- C:\Windows\System\aAJbPOF.exe
  C:\Windows\System\aAJbPOF.exe
  2⤵
  PID:6760
- C:\Windows\System\dQBgwJA.exe
  C:\Windows\System\dQBgwJA.exe
  2⤵
  PID:6804
- C:\Windows\System\ljDAgjk.exe
  C:\Windows\System\ljDAgjk.exe
  2⤵
  PID:6380
- C:\Windows\System\lwEIJWU.exe
  C:\Windows\System\lwEIJWU.exe
  2⤵
  PID:6152
- C:\Windows\System\ZxiKtvo.exe
  C:\Windows\System\ZxiKtvo.exe
  2⤵
  PID:6664
- C:\Windows\System\bGMFtwh.exe
  C:\Windows\System\bGMFtwh.exe
  2⤵
  PID:7100
- C:\Windows\System\svjyWDo.exe
  C:\Windows\System\svjyWDo.exe
  2⤵
  PID:7004
- C:\Windows\System\LatiFUm.exe
  C:\Windows\System\LatiFUm.exe
  2⤵
  PID:5984
- C:\Windows\System\eHEGbfg.exe
  C:\Windows\System\eHEGbfg.exe
  2⤵
  PID:7140
- C:\Windows\System\pazbusv.exe
  C:\Windows\System\pazbusv.exe
  2⤵
  PID:7176
- C:\Windows\System\kOkKKen.exe
  C:\Windows\System\kOkKKen.exe
  2⤵
  PID:7196
- C:\Windows\System\XLDIThX.exe
  C:\Windows\System\XLDIThX.exe
  2⤵
  PID:7216
- C:\Windows\System\eNClPFh.exe
  C:\Windows\System\eNClPFh.exe
  2⤵
  PID:7232
- C:\Windows\System\iTLUMpE.exe
  C:\Windows\System\iTLUMpE.exe
  2⤵
  PID:7256
- C:\Windows\System\pYjlCwk.exe
  C:\Windows\System\pYjlCwk.exe
  2⤵
  PID:7276
- C:\Windows\System\heNShOP.exe
  C:\Windows\System\heNShOP.exe
  2⤵
  PID:7296
- C:\Windows\System\sXyutdh.exe
  C:\Windows\System\sXyutdh.exe
  2⤵
  PID:7316
- C:\Windows\System\gGMsoQI.exe
  C:\Windows\System\gGMsoQI.exe
  2⤵
  PID:7340
- C:\Windows\System\WJWCwCG.exe
  C:\Windows\System\WJWCwCG.exe
  2⤵
  PID:7360
- C:\Windows\System\SmXHXWs.exe
  C:\Windows\System\SmXHXWs.exe
  2⤵
  PID:7376
- C:\Windows\System\MSrZBhG.exe
  C:\Windows\System\MSrZBhG.exe
  2⤵
  PID:7400
- C:\Windows\System\XRYKfdm.exe
  C:\Windows\System\XRYKfdm.exe
  2⤵
  PID:7420
- C:\Windows\System\AjEiflm.exe
  C:\Windows\System\AjEiflm.exe
  2⤵
  PID:7436
- C:\Windows\System\WYGBIpo.exe
  C:\Windows\System\WYGBIpo.exe
  2⤵
  PID:7456
- C:\Windows\System\bJDlbhx.exe
  C:\Windows\System\bJDlbhx.exe
  2⤵
  PID:7476
- C:\Windows\System\JkWJSys.exe
  C:\Windows\System\JkWJSys.exe
  2⤵
  PID:7496
- C:\Windows\System\NRZBRWu.exe
  C:\Windows\System\NRZBRWu.exe
  2⤵
  PID:7520
- C:\Windows\System\dPvUvop.exe
  C:\Windows\System\dPvUvop.exe
  2⤵
  PID:7536
- C:\Windows\System\QGhjqsS.exe
  C:\Windows\System\QGhjqsS.exe
  2⤵
  PID:7552
- C:\Windows\System\pAfjmwB.exe
  C:\Windows\System\pAfjmwB.exe
  2⤵
  PID:7572
- C:\Windows\System\pKLJjbB.exe
  C:\Windows\System\pKLJjbB.exe
  2⤵
  PID:7600
- C:\Windows\System\UaxzUQg.exe
  C:\Windows\System\UaxzUQg.exe
  2⤵
  PID:7616
- C:\Windows\System\CkDjFlY.exe
  C:\Windows\System\CkDjFlY.exe
  2⤵
  PID:7632
- C:\Windows\System\VxwxAOz.exe
  C:\Windows\System\VxwxAOz.exe
  2⤵
  PID:7652
- C:\Windows\System\nYiVnAF.exe
  C:\Windows\System\nYiVnAF.exe
  2⤵
  PID:7672
- C:\Windows\System\ivnLxRV.exe
  C:\Windows\System\ivnLxRV.exe
  2⤵
  PID:7692
- C:\Windows\System\ImfKFJt.exe
  C:\Windows\System\ImfKFJt.exe
  2⤵
  PID:7716
- C:\Windows\System\JUCBRYt.exe
  C:\Windows\System\JUCBRYt.exe
  2⤵
  PID:7740
- C:\Windows\System\NKUGULf.exe
  C:\Windows\System\NKUGULf.exe
  2⤵
  PID:7760
- C:\Windows\System\GiuFUMB.exe
  C:\Windows\System\GiuFUMB.exe
  2⤵
  PID:7776
- C:\Windows\System\bvPUIeO.exe
  C:\Windows\System\bvPUIeO.exe
  2⤵
  PID:7796
- C:\Windows\System\bJrWIEH.exe
  C:\Windows\System\bJrWIEH.exe
  2⤵
  PID:7824
- C:\Windows\System\VqONpvQ.exe
  C:\Windows\System\VqONpvQ.exe
  2⤵
  PID:7844
- C:\Windows\System\mNGaCBc.exe
  C:\Windows\System\mNGaCBc.exe
  2⤵
  PID:7860
- C:\Windows\System\xUXfqMf.exe
  C:\Windows\System\xUXfqMf.exe
  2⤵
  PID:7876
- C:\Windows\System\ZfUliMO.exe
  C:\Windows\System\ZfUliMO.exe
  2⤵
  PID:7896
- C:\Windows\System\puGqiBk.exe
  C:\Windows\System\puGqiBk.exe
  2⤵
  PID:7924
- C:\Windows\System\hUzmkpD.exe
  C:\Windows\System\hUzmkpD.exe
  2⤵
  PID:7940
- C:\Windows\System\cwQxRCl.exe
  C:\Windows\System\cwQxRCl.exe
  2⤵
  PID:7960
- C:\Windows\System\lHfmYGr.exe
  C:\Windows\System\lHfmYGr.exe
  2⤵
  PID:7976
- C:\Windows\System\ygAXAPK.exe
  C:\Windows\System\ygAXAPK.exe
  2⤵
  PID:7996
- C:\Windows\System\QWzPwGT.exe
  C:\Windows\System\QWzPwGT.exe
  2⤵
  PID:8016
- C:\Windows\System\ZvZpKnx.exe
  C:\Windows\System\ZvZpKnx.exe
  2⤵
  PID:8036
- C:\Windows\System\ALgsMCR.exe
  C:\Windows\System\ALgsMCR.exe
  2⤵
  PID:8068
- C:\Windows\System\UdjOOtv.exe
  C:\Windows\System\UdjOOtv.exe
  2⤵
  PID:8084
- C:\Windows\System\alQcDXF.exe
  C:\Windows\System\alQcDXF.exe
  2⤵
  PID:8104
- C:\Windows\System\IIhTYAb.exe
  C:\Windows\System\IIhTYAb.exe
  2⤵
  PID:8124
- C:\Windows\System\IUBiWSo.exe
  C:\Windows\System\IUBiWSo.exe
  2⤵
  PID:8144
- C:\Windows\System\zDlknzp.exe
  C:\Windows\System\zDlknzp.exe
  2⤵
  PID:8160
- C:\Windows\System\pOhzwSx.exe
  C:\Windows\System\pOhzwSx.exe
  2⤵
  PID:8176
- C:\Windows\System\kcKkczX.exe
  C:\Windows\System\kcKkczX.exe
  2⤵
  PID:7172
- C:\Windows\System\kZJyjkr.exe
  C:\Windows\System\kZJyjkr.exe
  2⤵
  PID:7228
- C:\Windows\System\oGzctvw.exe
  C:\Windows\System\oGzctvw.exe
  2⤵
  PID:7264
- C:\Windows\System\OvRMvMi.exe
  C:\Windows\System\OvRMvMi.exe
  2⤵
  PID:7284
- C:\Windows\System\gSwElUf.exe
  C:\Windows\System\gSwElUf.exe
  2⤵
  PID:7308
- C:\Windows\System\HRLmDkG.exe
  C:\Windows\System\HRLmDkG.exe
  2⤵
  PID:7352
- C:\Windows\System\GRADbBx.exe
  C:\Windows\System\GRADbBx.exe
  2⤵
  PID:6300
- C:\Windows\System\PRiaIlh.exe
  C:\Windows\System\PRiaIlh.exe
  2⤵
  PID:7416
- C:\Windows\System\DdJtBIN.exe
  C:\Windows\System\DdJtBIN.exe
  2⤵
  PID:7444
- C:\Windows\System\MpgdLiK.exe
  C:\Windows\System\MpgdLiK.exe
  2⤵
  PID:7484
- C:\Windows\System\dBVPaAH.exe
  C:\Windows\System\dBVPaAH.exe
  2⤵
  PID:7492
- C:\Windows\System\cQbgUiC.exe
  C:\Windows\System\cQbgUiC.exe
  2⤵
  PID:7580
- C:\Windows\System\yAUSaoL.exe
  C:\Windows\System\yAUSaoL.exe
  2⤵
  PID:7588
- C:\Windows\System\KJxknmq.exe
  C:\Windows\System\KJxknmq.exe
  2⤵
  PID:7628
- C:\Windows\System\EnzJvAm.exe
  C:\Windows\System\EnzJvAm.exe
  2⤵
  PID:7700
- C:\Windows\System\wjhnjzh.exe
  C:\Windows\System\wjhnjzh.exe
  2⤵
  PID:7712
- C:\Windows\System\kEBzdDr.exe
  C:\Windows\System\kEBzdDr.exe
  2⤵
  PID:7724
- C:\Windows\System\fylUckw.exe
  C:\Windows\System\fylUckw.exe
  2⤵
  PID:7748
- C:\Windows\System\dSdEGCW.exe
  C:\Windows\System\dSdEGCW.exe
  2⤵
  PID:7768
- C:\Windows\System\uWyyvWw.exe
  C:\Windows\System\uWyyvWw.exe
  2⤵
  PID:7820
- C:\Windows\System\fKYwxxa.exe
  C:\Windows\System\fKYwxxa.exe
  2⤵
  PID:7836
- C:\Windows\System\CBQFYcJ.exe
  C:\Windows\System\CBQFYcJ.exe
  2⤵
  PID:7916
- C:\Windows\System\htPkTID.exe
  C:\Windows\System\htPkTID.exe
  2⤵
  PID:7948
- C:\Windows\System\TjslhHC.exe
  C:\Windows\System\TjslhHC.exe
  2⤵
  PID:8024
- C:\Windows\System\ZbnpmZI.exe
  C:\Windows\System\ZbnpmZI.exe
  2⤵
  PID:8032
- C:\Windows\System\wDsFsPQ.exe
  C:\Windows\System\wDsFsPQ.exe
  2⤵
  PID:8012
- C:\Windows\System\tpEwPeC.exe
  C:\Windows\System\tpEwPeC.exe
  2⤵
  PID:8060
- C:\Windows\System\WStzgJi.exe
  C:\Windows\System\WStzgJi.exe
  2⤵
  PID:8080
- C:\Windows\System\LNwpSlS.exe
  C:\Windows\System\LNwpSlS.exe
  2⤵
  PID:8120
- C:\Windows\System\OXxAqAd.exe
  C:\Windows\System\OXxAqAd.exe
  2⤵
  PID:8136
- C:\Windows\System\YxZTBOu.exe
  C:\Windows\System\YxZTBOu.exe
  2⤵
  PID:8168
- C:\Windows\System\eIFFLKg.exe
  C:\Windows\System\eIFFLKg.exe
  2⤵
  PID:7240
- C:\Windows\System\hdZIsIw.exe
  C:\Windows\System\hdZIsIw.exe
  2⤵
  PID:7328
- C:\Windows\System\IKVxtnZ.exe
  C:\Windows\System\IKVxtnZ.exe
  2⤵
  PID:7368
- C:\Windows\System\dqOnBui.exe
  C:\Windows\System\dqOnBui.exe
  2⤵
  PID:7792
- C:\Windows\System\GalPQEr.exe
  C:\Windows\System\GalPQEr.exe
  2⤵
  PID:7396
- C:\Windows\System\gKJwNnO.exe
  C:\Windows\System\gKJwNnO.exe
  2⤵
  PID:7528
- C:\Windows\System\ihEOvJY.exe
  C:\Windows\System\ihEOvJY.exe
  2⤵
  PID:7532
- C:\Windows\System\melOekY.exe
  C:\Windows\System\melOekY.exe
  2⤵
  PID:7608
- C:\Windows\System\HevokPV.exe
  C:\Windows\System\HevokPV.exe
  2⤵
  PID:7648
- C:\Windows\System\fudPrXv.exe
  C:\Windows\System\fudPrXv.exe
  2⤵
  PID:7612
- C:\Windows\System\LiMRNFi.exe
  C:\Windows\System\LiMRNFi.exe
  2⤵
  PID:7804
- C:\Windows\System\LHaHztj.exe
  C:\Windows\System\LHaHztj.exe
  2⤵
  PID:7852
- C:\Windows\System\JaFxfMw.exe
  C:\Windows\System\JaFxfMw.exe
  2⤵
  PID:7448
- C:\Windows\System\yxMeZZf.exe
  C:\Windows\System\yxMeZZf.exe
  2⤵
  PID:7988
- C:\Windows\System\CjRBysD.exe
  C:\Windows\System\CjRBysD.exe
  2⤵
  PID:8056
- C:\Windows\System\lezQryf.exe
  C:\Windows\System\lezQryf.exe
  2⤵
  PID:8096
- C:\Windows\System\YdXFcYy.exe
  C:\Windows\System\YdXFcYy.exe
  2⤵
  PID:8172
- C:\Windows\System\iBEXUBY.exe
  C:\Windows\System\iBEXUBY.exe
  2⤵
  PID:7188
- C:\Windows\System\VsvnWto.exe
  C:\Windows\System\VsvnWto.exe
  2⤵
  PID:7292
- C:\Windows\System\gmlsPHa.exe
  C:\Windows\System\gmlsPHa.exe
  2⤵
  PID:7912
- C:\Windows\System\TkLtTOn.exe
  C:\Windows\System\TkLtTOn.exe
  2⤵
  PID:7432
- C:\Windows\System\Pilfaba.exe
  C:\Windows\System\Pilfaba.exe
  2⤵
  PID:7516
- C:\Windows\System\zUxxApT.exe
  C:\Windows\System\zUxxApT.exe
  2⤵
  PID:7596
- C:\Windows\System\oAeyxTh.exe
  C:\Windows\System\oAeyxTh.exe
  2⤵
  PID:7680
- C:\Windows\System\JxDUOHr.exe
  C:\Windows\System\JxDUOHr.exe
  2⤵
  PID:7772
- C:\Windows\System\YQlmgNk.exe
  C:\Windows\System\YQlmgNk.exe
  2⤵
  PID:7984
- C:\Windows\System\hMkfbtD.exe
  C:\Windows\System\hMkfbtD.exe
  2⤵
  PID:7936
- C:\Windows\System\mknxIDA.exe
  C:\Windows\System\mknxIDA.exe
  2⤵
  PID:8028
- C:\Windows\System\cIozvNd.exe
  C:\Windows\System\cIozvNd.exe
  2⤵
  PID:8184
- C:\Windows\System\OBIdnOh.exe
  C:\Windows\System\OBIdnOh.exe
  2⤵
  PID:7208
- C:\Windows\System\vbsqpJF.exe
  C:\Windows\System\vbsqpJF.exe
  2⤵
  PID:7512
- C:\Windows\System\GufycSJ.exe
  C:\Windows\System\GufycSJ.exe
  2⤵
  PID:7668
- C:\Windows\System\nDDErqY.exe
  C:\Windows\System\nDDErqY.exe
  2⤵
  PID:7664
- C:\Windows\System\jiPICmI.exe
  C:\Windows\System\jiPICmI.exe
  2⤵
  PID:7788
- C:\Windows\System\xLcaZFV.exe
  C:\Windows\System\xLcaZFV.exe
  2⤵
  PID:8076
- C:\Windows\System\QgxtjSI.exe
  C:\Windows\System\QgxtjSI.exe
  2⤵
  PID:8116
- C:\Windows\System\ZjQkkgM.exe
  C:\Windows\System\ZjQkkgM.exe
  2⤵
  PID:8156
- C:\Windows\System\OnOhmpp.exe
  C:\Windows\System\OnOhmpp.exe
  2⤵
  PID:7548
- C:\Windows\System\fHsyyaG.exe
  C:\Windows\System\fHsyyaG.exe
  2⤵
  PID:7832
- C:\Windows\System\jggOCby.exe
  C:\Windows\System\jggOCby.exe
  2⤵
  PID:7888
- C:\Windows\System\ADLBTOQ.exe
  C:\Windows\System\ADLBTOQ.exe
  2⤵
  PID:8208
- C:\Windows\System\zdAaijX.exe
  C:\Windows\System\zdAaijX.exe
  2⤵
  PID:8244
- C:\Windows\System\maSoLDk.exe
  C:\Windows\System\maSoLDk.exe
  2⤵
  PID:8260
- C:\Windows\System\wabFewY.exe
  C:\Windows\System\wabFewY.exe
  2⤵
  PID:8284
- C:\Windows\System\ptnBGMi.exe
  C:\Windows\System\ptnBGMi.exe
  2⤵
  PID:8300
- C:\Windows\System\afSVDZK.exe
  C:\Windows\System\afSVDZK.exe
  2⤵
  PID:8320
- C:\Windows\System\bLjTEmu.exe
  C:\Windows\System\bLjTEmu.exe
  2⤵
  PID:8340
- C:\Windows\System\kDcYabw.exe
  C:\Windows\System\kDcYabw.exe
  2⤵
  PID:8356
- C:\Windows\System\MjyEAsw.exe
  C:\Windows\System\MjyEAsw.exe
  2⤵
  PID:8376
- C:\Windows\System\EgpFsyC.exe
  C:\Windows\System\EgpFsyC.exe
  2⤵
  PID:8392
- C:\Windows\System\FgdgTLY.exe
  C:\Windows\System\FgdgTLY.exe
  2⤵
  PID:8424
- C:\Windows\System\rjrNHPq.exe
  C:\Windows\System\rjrNHPq.exe
  2⤵
  PID:8444
- C:\Windows\System\YgplQPv.exe
  C:\Windows\System\YgplQPv.exe
  2⤵
  PID:8464
- C:\Windows\System\vWoFkeD.exe
  C:\Windows\System\vWoFkeD.exe
  2⤵
  PID:8484
- C:\Windows\System\okrPBWL.exe
  C:\Windows\System\okrPBWL.exe
  2⤵
  PID:8500
- C:\Windows\System\FqGsniY.exe
  C:\Windows\System\FqGsniY.exe
  2⤵
  PID:8516
- C:\Windows\System\mFCJcGt.exe
  C:\Windows\System\mFCJcGt.exe
  2⤵
  PID:8544
- C:\Windows\System\hcqTCHg.exe
  C:\Windows\System\hcqTCHg.exe
  2⤵
  PID:8568
- C:\Windows\System\JfuOZWm.exe
  C:\Windows\System\JfuOZWm.exe
  2⤵
  PID:8584
- C:\Windows\System\sQbETYx.exe
  C:\Windows\System\sQbETYx.exe
  2⤵
  PID:8600
- C:\Windows\System\wqmsDAM.exe
  C:\Windows\System\wqmsDAM.exe
  2⤵
  PID:8620
- C:\Windows\System\owTDLIi.exe
  C:\Windows\System\owTDLIi.exe
  2⤵
  PID:8644
- C:\Windows\System\iLrsvAb.exe
  C:\Windows\System\iLrsvAb.exe
  2⤵
  PID:8660
- C:\Windows\System\wLWMwxt.exe
  C:\Windows\System\wLWMwxt.exe
  2⤵
  PID:8676
- C:\Windows\System\SNrWIWI.exe
  C:\Windows\System\SNrWIWI.exe
  2⤵
  PID:8692
- C:\Windows\System\wVwjuOo.exe
  C:\Windows\System\wVwjuOo.exe
  2⤵
  PID:8712
- C:\Windows\System\AdUjHnR.exe
  C:\Windows\System\AdUjHnR.exe
  2⤵
  PID:8736
- C:\Windows\System\IhWlvfQ.exe
  C:\Windows\System\IhWlvfQ.exe
  2⤵
  PID:8760
- C:\Windows\System\xFqHnYa.exe
  C:\Windows\System\xFqHnYa.exe
  2⤵
  PID:8784
- C:\Windows\System\HNWInks.exe
  C:\Windows\System\HNWInks.exe
  2⤵
  PID:8800
- C:\Windows\System\uwTUnFP.exe
  C:\Windows\System\uwTUnFP.exe
  2⤵
  PID:8820
- C:\Windows\System\KHRnjED.exe
  C:\Windows\System\KHRnjED.exe
  2⤵
  PID:8836
- C:\Windows\System\fWWCorz.exe
  C:\Windows\System\fWWCorz.exe
  2⤵
  PID:8860
- C:\Windows\System\segwSja.exe
  C:\Windows\System\segwSja.exe
  2⤵
  PID:8888
- C:\Windows\System\FyZzDjz.exe
  C:\Windows\System\FyZzDjz.exe
  2⤵
  PID:8904
- C:\Windows\System\AVkeVtF.exe
  C:\Windows\System\AVkeVtF.exe
  2⤵
  PID:8920
- C:\Windows\System\kjxsMAR.exe
  C:\Windows\System\kjxsMAR.exe
  2⤵
  PID:8940
- C:\Windows\System\cpqiWtE.exe
  C:\Windows\System\cpqiWtE.exe
  2⤵
  PID:8956
- C:\Windows\System\YGCkilw.exe
  C:\Windows\System\YGCkilw.exe
  2⤵
  PID:8972
- C:\Windows\System\KwzFEUN.exe
  C:\Windows\System\KwzFEUN.exe
  2⤵
  PID:9004
- C:\Windows\System\KNQCHea.exe
  C:\Windows\System\KNQCHea.exe
  2⤵
  PID:9028
- C:\Windows\System\GPaMAMC.exe
  C:\Windows\System\GPaMAMC.exe
  2⤵
  PID:9044
- C:\Windows\System\lbUkkSO.exe
  C:\Windows\System\lbUkkSO.exe
  2⤵
  PID:9060
- C:\Windows\System\emtzwvA.exe
  C:\Windows\System\emtzwvA.exe
  2⤵
  PID:9080
- C:\Windows\System\RVdMueS.exe
  C:\Windows\System\RVdMueS.exe
  2⤵
  PID:9108
- C:\Windows\System\bKYwePS.exe
  C:\Windows\System\bKYwePS.exe
  2⤵
  PID:9132
- C:\Windows\System\MWiulHk.exe
  C:\Windows\System\MWiulHk.exe
  2⤵
  PID:9148
- C:\Windows\System\qWOhNPT.exe
  C:\Windows\System\qWOhNPT.exe
  2⤵
  PID:9164
- C:\Windows\System\PpOzVVR.exe
  C:\Windows\System\PpOzVVR.exe
  2⤵
  PID:9188
- C:\Windows\System\VdUVTMJ.exe
  C:\Windows\System\VdUVTMJ.exe
  2⤵
  PID:9208
- C:\Windows\System\vDwwlTV.exe
  C:\Windows\System\vDwwlTV.exe
  2⤵
  PID:6536
- C:\Windows\System\LCdprvL.exe
  C:\Windows\System\LCdprvL.exe
  2⤵
  PID:7892
- C:\Windows\System\oFCJVHR.exe
  C:\Windows\System\oFCJVHR.exe
  2⤵
  PID:8232
- C:\Windows\System\ZpwlkvY.exe
  C:\Windows\System\ZpwlkvY.exe
  2⤵
  PID:8200
- C:\Windows\System\cnGCFWM.exe
  C:\Windows\System\cnGCFWM.exe
  2⤵
  PID:8252
- C:\Windows\System\qjLqxmg.exe
  C:\Windows\System\qjLqxmg.exe
  2⤵
  PID:8280
- C:\Windows\System\YJNKePW.exe
  C:\Windows\System\YJNKePW.exe
  2⤵
  PID:8316
- C:\Windows\System\lAUuEUr.exe
  C:\Windows\System\lAUuEUr.exe
  2⤵
  PID:8352
- C:\Windows\System\QokNmvr.exe
  C:\Windows\System\QokNmvr.exe
  2⤵
  PID:8408
- C:\Windows\System\aOyaaih.exe
  C:\Windows\System\aOyaaih.exe
  2⤵
  PID:8440
- C:\Windows\System\IFMMUHD.exe
  C:\Windows\System\IFMMUHD.exe
  2⤵
  PID:8476
- C:\Windows\System\uhJIKTH.exe
  C:\Windows\System\uhJIKTH.exe
  2⤵
  PID:8512
- C:\Windows\System\TYpmeCY.exe
  C:\Windows\System\TYpmeCY.exe
  2⤵
  PID:8524
- C:\Windows\System\NyBUWxS.exe
  C:\Windows\System\NyBUWxS.exe
  2⤵
  PID:8564
- C:\Windows\System\fEImXdR.exe
  C:\Windows\System\fEImXdR.exe
  2⤵
  PID:8596
- C:\Windows\System\yFGwrML.exe
  C:\Windows\System\yFGwrML.exe
  2⤵
  PID:8580
- C:\Windows\System\JWNynoh.exe
  C:\Windows\System\JWNynoh.exe
  2⤵
  PID:8704
- C:\Windows\System\DAdsHdm.exe
  C:\Windows\System\DAdsHdm.exe
  2⤵
  PID:8684
- C:\Windows\System\mgEdSNy.exe
  C:\Windows\System\mgEdSNy.exe
  2⤵
  PID:8720
- C:\Windows\System\sUFsCnE.exe
  C:\Windows\System\sUFsCnE.exe
  2⤵
  PID:8796
- C:\Windows\System\eOkPZVk.exe
  C:\Windows\System\eOkPZVk.exe
  2⤵
  PID:8828
- C:\Windows\System\BkWBoaW.exe
  C:\Windows\System\BkWBoaW.exe
  2⤵
  PID:8780
- C:\Windows\System\aHztezU.exe
  C:\Windows\System\aHztezU.exe
  2⤵
  PID:8808
- C:\Windows\System\zczFzkD.exe
  C:\Windows\System\zczFzkD.exe
  2⤵
  PID:8916
- C:\Windows\System\QAvvUmw.exe
  C:\Windows\System\QAvvUmw.exe
  2⤵
  PID:8964
- C:\Windows\System\IBIydyw.exe
  C:\Windows\System\IBIydyw.exe
  2⤵
  PID:8984
- C:\Windows\System\mJGjgUX.exe
  C:\Windows\System\mJGjgUX.exe
  2⤵
  PID:9012
- C:\Windows\System\oFRyFHH.exe
  C:\Windows\System\oFRyFHH.exe
  2⤵
  PID:9068
- C:\Windows\System\YgmOurD.exe
  C:\Windows\System\YgmOurD.exe
  2⤵
  PID:9016
- C:\Windows\System\OhOUvEQ.exe
  C:\Windows\System\OhOUvEQ.exe
  2⤵
  PID:9088
- C:\Windows\System\gCXKzIi.exe
  C:\Windows\System\gCXKzIi.exe
  2⤵
  PID:9156
- C:\Windows\System\LhtqwHJ.exe
  C:\Windows\System\LhtqwHJ.exe
  2⤵
  PID:9172
- C:\Windows\System\bRanAQI.exe
  C:\Windows\System\bRanAQI.exe
  2⤵
  PID:9180
- C:\Windows\System\qOqMYtQ.exe
  C:\Windows\System\qOqMYtQ.exe
  2⤵
  PID:8224
- C:\Windows\System\BZMUUsO.exe
  C:\Windows\System\BZMUUsO.exe
  2⤵
  PID:7336
- C:\Windows\System\ZokmITK.exe
  C:\Windows\System\ZokmITK.exe
  2⤵
  PID:8312
- C:\Windows\System\RDVRlKa.exe
  C:\Windows\System\RDVRlKa.exe
  2⤵
  PID:8296
- C:\Windows\System\MuBEapk.exe
  C:\Windows\System\MuBEapk.exe
  2⤵
  PID:8364
- C:\Windows\System\oeJZStS.exe
  C:\Windows\System\oeJZStS.exe
  2⤵
  PID:8420
- C:\Windows\System\NhjnhDl.exe
  C:\Windows\System\NhjnhDl.exe
  2⤵
  PID:8508
- C:\Windows\System\FbFTDKI.exe
  C:\Windows\System\FbFTDKI.exe
  2⤵
  PID:8492
- C:\Windows\System\GpxtiLB.exe
  C:\Windows\System\GpxtiLB.exe
  2⤵
  PID:8640
- C:\Windows\System\tKNqozI.exe
  C:\Windows\System\tKNqozI.exe
  2⤵
  PID:8744
- C:\Windows\System\TzXvUip.exe
  C:\Windows\System\TzXvUip.exe
  2⤵
  PID:8732
- C:\Windows\System\loWfXEY.exe
  C:\Windows\System\loWfXEY.exe
  2⤵
  PID:8876
- C:\Windows\System\GSjyLsd.exe
  C:\Windows\System\GSjyLsd.exe
  2⤵
  PID:8652
- C:\Windows\System\yRVBtxW.exe
  C:\Windows\System\yRVBtxW.exe
  2⤵
  PID:8612
- C:\Windows\System\ciSiJNj.exe
  C:\Windows\System\ciSiJNj.exe
  2⤵
  PID:8776
- C:\Windows\System\cdLdTEk.exe
  C:\Windows\System\cdLdTEk.exe
  2⤵
  PID:8952
- C:\Windows\System\kPiqVQY.exe
  C:\Windows\System\kPiqVQY.exe
  2⤵
  PID:8856
- C:\Windows\System\MnvCcIT.exe
  C:\Windows\System\MnvCcIT.exe
  2⤵
  PID:9076
- C:\Windows\System\AHqqpUQ.exe
  C:\Windows\System\AHqqpUQ.exe
  2⤵
  PID:9116
- C:\Windows\System\QpfAatv.exe
  C:\Windows\System\QpfAatv.exe
  2⤵
  PID:9092
- C:\Windows\System\Txgjfnb.exe
  C:\Windows\System\Txgjfnb.exe
  2⤵
  PID:7332
- C:\Windows\System\dNlYTuj.exe
  C:\Windows\System\dNlYTuj.exe
  2⤵
  PID:9196
- C:\Windows\System\gZSyPNB.exe
  C:\Windows\System\gZSyPNB.exe
  2⤵
  PID:8276
- C:\Windows\System\SgqEcXj.exe
  C:\Windows\System\SgqEcXj.exe
  2⤵
  PID:8268
- C:\Windows\System\GmrXiVR.exe
  C:\Windows\System\GmrXiVR.exe
  2⤵
  PID:8400
- C:\Windows\System\fkwdDDJ.exe
  C:\Windows\System\fkwdDDJ.exe
  2⤵
  PID:8560
- C:\Windows\System\wMwsYgf.exe
  C:\Windows\System\wMwsYgf.exe
  2⤵
  PID:8880
- C:\Windows\System\LPHbSSn.exe
  C:\Windows\System\LPHbSSn.exe
  2⤵
  PID:8900
- C:\Windows\System\QjnacjB.exe
  C:\Windows\System\QjnacjB.exe
  2⤵
  PID:8936
- C:\Windows\System\hoEulWF.exe
  C:\Windows\System\hoEulWF.exe
  2⤵
  PID:8412
- C:\Windows\System\FuHgztn.exe
  C:\Windows\System\FuHgztn.exe
  2⤵
  PID:8816
- C:\Windows\System\ZcLgFqT.exe
  C:\Windows\System\ZcLgFqT.exe
  2⤵
  PID:9104
- C:\Windows\System\apESXRg.exe
  C:\Windows\System\apESXRg.exe
  2⤵
  PID:9128
- C:\Windows\System\clFjJFV.exe
  C:\Windows\System\clFjJFV.exe
  2⤵
  PID:8220
- C:\Windows\System\ZnFxjhi.exe
  C:\Windows\System\ZnFxjhi.exe
  2⤵
  PID:8388
- C:\Windows\System\UzQYZpd.exe
  C:\Windows\System\UzQYZpd.exe
  2⤵
  PID:8756
- C:\Windows\System\SqIKPGj.exe
  C:\Windows\System\SqIKPGj.exe
  2⤵
  PID:8700
- C:\Windows\System\MeLSWrU.exe
  C:\Windows\System\MeLSWrU.exe
  2⤵
  PID:8932
- C:\Windows\System\KStcHXL.exe
  C:\Windows\System\KStcHXL.exe
  2⤵
  PID:7908
- C:\Windows\System\PqaHpoN.exe
  C:\Windows\System\PqaHpoN.exe
  2⤵
  PID:9000
- C:\Windows\System\foGExZg.exe
  C:\Windows\System\foGExZg.exe
  2⤵
  PID:8656
- C:\Windows\System\IwSSjPF.exe
  C:\Windows\System\IwSSjPF.exe
  2⤵
  PID:8552
- C:\Windows\System\SOdvENU.exe
  C:\Windows\System\SOdvENU.exe
  2⤵
  PID:8460
- C:\Windows\System\tmGMmcH.exe
  C:\Windows\System\tmGMmcH.exe
  2⤵
  PID:8948
- C:\Windows\System\YeThuXu.exe
  C:\Windows\System\YeThuXu.exe
  2⤵
  PID:9200
- C:\Windows\System\ZGlvoGn.exe
  C:\Windows\System\ZGlvoGn.exe
  2⤵
  PID:8372
- C:\Windows\System\rmwLNrV.exe
  C:\Windows\System\rmwLNrV.exe
  2⤵
  PID:8540
- C:\Windows\System\grCXBmB.exe
  C:\Windows\System\grCXBmB.exe
  2⤵
  PID:8416
- C:\Windows\System\gJukpZS.exe
  C:\Windows\System\gJukpZS.exe
  2⤵
  PID:9232
- C:\Windows\System\UpmVRMV.exe
  C:\Windows\System\UpmVRMV.exe
  2⤵
  PID:9248
- C:\Windows\System\NXmVZEW.exe
  C:\Windows\System\NXmVZEW.exe
  2⤵
  PID:9280
- C:\Windows\System\LhRYctY.exe
  C:\Windows\System\LhRYctY.exe
  2⤵
  PID:9356
- C:\Windows\System\XTWKshM.exe
  C:\Windows\System\XTWKshM.exe
  2⤵
  PID:9432
- C:\Windows\System\zbvjMcm.exe
  C:\Windows\System\zbvjMcm.exe
  2⤵
  PID:9464
- C:\Windows\System\IIieMIh.exe
  C:\Windows\System\IIieMIh.exe
  2⤵
  PID:9480
- C:\Windows\System\fWmgcan.exe
  C:\Windows\System\fWmgcan.exe
  2⤵
  PID:9512
- C:\Windows\System\kjYhQzz.exe
  C:\Windows\System\kjYhQzz.exe
  2⤵
  PID:9536
- C:\Windows\System\FrcQmMG.exe
  C:\Windows\System\FrcQmMG.exe
  2⤵
  PID:9556
- C:\Windows\System\VDENtTT.exe
  C:\Windows\System\VDENtTT.exe
  2⤵
  PID:9572
- C:\Windows\System\WIImPBB.exe
  C:\Windows\System\WIImPBB.exe
  2⤵
  PID:9588
- C:\Windows\System\qHgDFiY.exe
  C:\Windows\System\qHgDFiY.exe
  2⤵
  PID:9608
- C:\Windows\System\NAPPnLN.exe
  C:\Windows\System\NAPPnLN.exe
  2⤵
  PID:9632
- C:\Windows\System\kfovCeo.exe
  C:\Windows\System\kfovCeo.exe
  2⤵
  PID:9648
- C:\Windows\System\ZBXnZDK.exe
  C:\Windows\System\ZBXnZDK.exe
  2⤵
  PID:9672
- C:\Windows\System\nNMCasK.exe
  C:\Windows\System\nNMCasK.exe
  2⤵
  PID:9688
- C:\Windows\System\EttTUsX.exe
  C:\Windows\System\EttTUsX.exe
  2⤵
  PID:9716
- C:\Windows\System\jvTHTnC.exe
  C:\Windows\System\jvTHTnC.exe
  2⤵
  PID:9732
- C:\Windows\System\SHrYQWD.exe
  C:\Windows\System\SHrYQWD.exe
  2⤵
  PID:9748
- C:\Windows\System\FpdQmRb.exe
  C:\Windows\System\FpdQmRb.exe
  2⤵
  PID:9768
- C:\Windows\System\MIChglF.exe
  C:\Windows\System\MIChglF.exe
  2⤵
  PID:9792
- C:\Windows\System\pxGUwJQ.exe
  C:\Windows\System\pxGUwJQ.exe
  2⤵
  PID:9816
- C:\Windows\System\eeMLBVM.exe
  C:\Windows\System\eeMLBVM.exe
  2⤵
  PID:9832
- C:\Windows\System\edbqmAq.exe
  C:\Windows\System\edbqmAq.exe
  2⤵
  PID:9852
- C:\Windows\System\FtZIATW.exe
  C:\Windows\System\FtZIATW.exe
  2⤵
  PID:9868
- C:\Windows\System\TeXVDAa.exe
  C:\Windows\System\TeXVDAa.exe
  2⤵
  PID:9892
- C:\Windows\System\aPEwACq.exe
  C:\Windows\System\aPEwACq.exe
  2⤵
  PID:9912
- C:\Windows\System\TXSdCwO.exe
  C:\Windows\System\TXSdCwO.exe
  2⤵
  PID:9928
- C:\Windows\System\DhEJKBP.exe
  C:\Windows\System\DhEJKBP.exe
  2⤵
  PID:9944
- C:\Windows\System\bLcSpFF.exe
  C:\Windows\System\bLcSpFF.exe
  2⤵
  PID:9964
- C:\Windows\System\YBqGvyE.exe
  C:\Windows\System\YBqGvyE.exe
  2⤵
  PID:9980
- C:\Windows\System\GsHTxIh.exe
  C:\Windows\System\GsHTxIh.exe
  2⤵
  PID:9996
- C:\Windows\System\ABKTmAs.exe
  C:\Windows\System\ABKTmAs.exe
  2⤵
  PID:10012
- C:\Windows\System\MHYVecr.exe
  C:\Windows\System\MHYVecr.exe
  2⤵
  PID:10028
- C:\Windows\System\DEguqCk.exe
  C:\Windows\System\DEguqCk.exe
  2⤵
  PID:10044
- C:\Windows\System\pDjLpOU.exe
  C:\Windows\System\pDjLpOU.exe
  2⤵
  PID:10060
- C:\Windows\System\UmRrcZe.exe
  C:\Windows\System\UmRrcZe.exe
  2⤵
  PID:10076
- C:\Windows\System\hzjOgAz.exe
  C:\Windows\System\hzjOgAz.exe
  2⤵
  PID:10092
- C:\Windows\System\HziMgBN.exe
  C:\Windows\System\HziMgBN.exe
  2⤵
  PID:10108
- C:\Windows\System\hiKINdL.exe
  C:\Windows\System\hiKINdL.exe
  2⤵
  PID:10124
- C:\Windows\System\XaJKWgY.exe
  C:\Windows\System\XaJKWgY.exe
  2⤵
  PID:10140
- C:\Windows\System\uRmrGJG.exe
  C:\Windows\System\uRmrGJG.exe
  2⤵
  PID:10156
- C:\Windows\System\ZlHNIQM.exe
  C:\Windows\System\ZlHNIQM.exe
  2⤵
  PID:10172
- C:\Windows\System\YRlupjz.exe
  C:\Windows\System\YRlupjz.exe
  2⤵
  PID:10188
- C:\Windows\System\csfyBlm.exe
  C:\Windows\System\csfyBlm.exe
  2⤵
  PID:10204
- C:\Windows\System\bftFXtb.exe
  C:\Windows\System\bftFXtb.exe
  2⤵
  PID:10220
- C:\Windows\System\wrrEUEt.exe
  C:\Windows\System\wrrEUEt.exe
  2⤵
  PID:10236
- C:\Windows\System\wIWkjlG.exe
  C:\Windows\System\wIWkjlG.exe
  2⤵
  PID:9260
- C:\Windows\System\NOCkkfs.exe
  C:\Windows\System\NOCkkfs.exe
  2⤵
  PID:9288
- C:\Windows\System\ZeFLOyz.exe
  C:\Windows\System\ZeFLOyz.exe
  2⤵
  PID:9312
- C:\Windows\System\TXyfGeT.exe
  C:\Windows\System\TXyfGeT.exe
  2⤵
  PID:9396
- C:\Windows\System\zzHxVSN.exe
  C:\Windows\System\zzHxVSN.exe
  2⤵
  PID:9424
- C:\Windows\System\iroObNR.exe
  C:\Windows\System\iroObNR.exe
  2⤵
  PID:9440
- C:\Windows\System\uAFYDZp.exe
  C:\Windows\System\uAFYDZp.exe
  2⤵
  PID:9500
- C:\Windows\System\yfxsviq.exe
  C:\Windows\System\yfxsviq.exe
  2⤵
  PID:9508
- C:\Windows\System\SenwhhA.exe
  C:\Windows\System\SenwhhA.exe
  2⤵
  PID:9476
- C:\Windows\System\AXFvMHP.exe
  C:\Windows\System\AXFvMHP.exe
  2⤵
  PID:9548
- C:\Windows\System\WtIhxTV.exe
  C:\Windows\System\WtIhxTV.exe
  2⤵
  PID:9616
- C:\Windows\System\VUmPHQc.exe
  C:\Windows\System\VUmPHQc.exe
  2⤵
  PID:9564
- C:\Windows\System\gcHRYRy.exe
  C:\Windows\System\gcHRYRy.exe
  2⤵
  PID:9596
- C:\Windows\System\yDFmhJT.exe
  C:\Windows\System\yDFmhJT.exe
  2⤵
  PID:9680
- C:\Windows\System\rCVHHIk.exe
  C:\Windows\System\rCVHHIk.exe
  2⤵
  PID:9704
- C:\Windows\System\AXIgRUC.exe
  C:\Windows\System\AXIgRUC.exe
  2⤵
  PID:9744
- C:\Windows\System\PbzFvOw.exe
  C:\Windows\System\PbzFvOw.exe
  2⤵
  PID:9760
- C:\Windows\System\LozHHKM.exe
  C:\Windows\System\LozHHKM.exe
  2⤵
  PID:9824
- C:\Windows\System\EIVqSGY.exe
  C:\Windows\System\EIVqSGY.exe
  2⤵
  PID:9844
- C:\Windows\System\vgdKfka.exe
  C:\Windows\System\vgdKfka.exe
  2⤵
  PID:9876
- C:\Windows\System\dhTqQQt.exe
  C:\Windows\System\dhTqQQt.exe
  2⤵
  PID:9460
- C:\Windows\System\rcDLvMu.exe
  C:\Windows\System\rcDLvMu.exe
  2⤵
  PID:9936
- C:\Windows\System\soorMqO.exe
  C:\Windows\System\soorMqO.exe
  2⤵
  PID:9956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ApSaYLU.exe

Filesize
6.0MB

MD5
4c078a8ec343d14328531dc9fccb2257

SHA1
852ae2a45c5bee279ba1d2a8e9757fb2bf985b82

SHA256
e6355aedb8c25cee0947b74d34702cb805ed149cad7e6528a88ad0065a05f121

SHA512
f847a5cfd015e6ece4b7d66d17beb69cea07f75c2417eaebc6b179d402805dd19340040da606205c9ff5784b1247ed8d9b627153cf79a9ec93056d8f35d003c4

Download Submit
C:\Windows\system\GsOQWpT.exe

Filesize
6.0MB

MD5
2d4da0b328498455a15d1b63ef0eaf41

SHA1
162bd43fe0b1ee25293bf6e572e35ea5be0369bc

SHA256
0a10463a70847ec945c1883f84a4a774dda74bbc3636697c7ffd55595c8ecf90

SHA512
79a2e5aea9336f60311c423da707446b5a0d567adbe9d35b9a5ba90a911bb323e0e927f1248aa3d4da6e8644fe00d0a71c67312bb61dd932f044f66c2cf47ac8

Download Submit
C:\Windows\system\HOmqFci.exe

Filesize
6.0MB

MD5
31fb21813772cdbee01a238915d7e37f

SHA1
8bae38010947e1f550eee1da10abb258bd690d8d

SHA256
2de328cfc3722c6de0398d1634deb270d9a98928bd0e9f9217d9631defdfa07d

SHA512
fda1c9468330cb09d675cb350d184a81ae22cd0009665bb80a82081595741cf55a8af850ad0d2b307e48378794d48f7417c700a508f942f639636010aae63bc9

Download Submit
C:\Windows\system\IDJgXjc.exe

Filesize
6.0MB

MD5
bd01c8e0d49750df41826dabbecb745e

SHA1
a03e80ec0d754816ceeeb630236056ad2ccbad85

SHA256
dc6dbabc2720b35f91bb7012b0ed0f09b050eba04b39c1131be1e2da8b1d54a8

SHA512
2b8787bece6684678750bced0cdfda01eb529da414cce8d7ca74098a09622844558580049902e3e339aa9dd447c0aa323318a8f02985b91695881ec8381e4615

Download Submit
C:\Windows\system\MDzVFLc.exe

Filesize
6.0MB

MD5
29198dcea090d996f1b27e48dbe4c1b9

SHA1
b94c0bf4fff0ef9bbfd1b0457b6da8a29cacf81c

SHA256
635d36a909cdc3d4aeb540cb795f9930cc473c09ff7e3fbf88af2246721cd853

SHA512
3d27ba6981398d5211298561ebc0f643a8b435b425d0e6b28844d96ae310d7a4f3e37b3c8ab737daa4da45117e4879b84e9b903da65e6c79c0e9741eb641e86b

Download Submit
C:\Windows\system\MSCmuBJ.exe

Filesize
6.0MB

MD5
dd73168199a22d5dd7fc0a65cc1efacb

SHA1
3a56ca329060f0ce2950e6e73c825cb83a8c4a64

SHA256
f699a7839c793180a628eaeb74e0d3c9a2dd31d2480d18bd6c2d452c747d5bf4

SHA512
6103a8613c462a66c9de87a443d0f55208346a3248b42035c2b9f2d135c417722692aad4318bb2b54c79fe74fadb62bbe56bc4fa7c9bd5b00fad0bf8e087818c

Download Submit
C:\Windows\system\OcoDMfP.exe

Filesize
6.0MB

MD5
75e8e0d4604c8b9d826c47a5819c9cc2

SHA1
c7407bc5c7abb8218a9659b7716648c530a07934

SHA256
8d21b09302db34801d2950885b4fcf21addd49c1b218eced525e648209d4caab

SHA512
e080fa328556fff9c1b8549f8946cf1461230108f2ca0ac4ffd65b3099b250d3d98252ee260e79b488e81d4749094343d6e8b504dbc7306510d89f8596805b67

Download Submit
C:\Windows\system\SdGIFWI.exe

Filesize
6.0MB

MD5
420a0648b90ed06fb1ae9bd9cdcdc206

SHA1
092f37c4769df2b803f4667a143f72ba7a13d62c

SHA256
52ace54b0bbfbda0dacec8befb2be466d1398d707b9f97b40be4c9791e60b312

SHA512
1435c5412696b3fc0560c74863fe0cb6bfffcda27de8b4653990aeb732f4fa49cc2a5ae13309d4eca752b661875998997a00a1f1f73166211e13e18e7992bbc4

Download Submit
C:\Windows\system\UTUctCS.exe

Filesize
6.0MB

MD5
fc4b4df61decdbf4348f8dae22e211c7

SHA1
e733fd4a3b2830776d25a5cce65161630fa016ac

SHA256
d92fbd4355c35e91fe8cf2eec930a6e57fe45fee349cb48f64730360961f6410

SHA512
41b05f041596f2d0c2b9d5cc25d6aba7c988fbe3cb16d355122d90e9baa52193fe790b0293d7934c6786d0cc99b237a88d8cb791b48af477c612b8e7ed993285

Download Submit
C:\Windows\system\UdzypUi.exe

Filesize
6.0MB

MD5
2868d30cf2542f079a16ffa925e0272d

SHA1
60c5bb0a14cffe095e7997eb41f784594d317277

SHA256
f1b52c143a662b8858a1206419dba448da545ab6f8ea6d9aaafd3333d39e3976

SHA512
c5d86ee2bbc90c338a11727539a0d0b2d09d4c1a819fe496742006499d5d17b85ad9c674fca4a0dc5f87f20fa48df489e420e7de1c1b6cb32973cc0dcee246b2

Download Submit
C:\Windows\system\VIYUNCE.exe

Filesize
6.0MB

MD5
f7d1777ecf38e18c8e56a340faed810e

SHA1
bcad0c6bcbad180c191505546248fad0e6f1c2d2

SHA256
f3590e841ac7aa1d7e06c1623fc1517d1e72c62e799c6ccf1d46a8d8c319b80b

SHA512
4882b6e957415919986261f70f9bf608bebce03ac8919d757a856a214c3f6e1cf232676ce37e999eb647f1d0fee2983160b65855aba176fa33bf2757e54f126b

Download Submit
C:\Windows\system\WlmvCAd.exe

Filesize
6.0MB

MD5
cba8d7a042358782f7b8d45ea198ab80

SHA1
139ba1537988bb413f183142d2eaef314371c2b1

SHA256
f443c293a3d9809ff4722ed51ddd88fec9fb6face8c69b1bd339ad80e36b3c64

SHA512
66639e55362ead5fc39732d7db6ad6cee1348f000e7814785c8fde5febc96c73ebe9aca8760d74015e2bfd5f8826fb3e703cc7c2b59ec3c0b6e45cb963444930

Download Submit
C:\Windows\system\YejSECh.exe

Filesize
6.0MB

MD5
a5a6842d4f7e8a2e00247215c799d828

SHA1
c921aecc61f0b44abe1ef88d893d1df780c4e8f4

SHA256
e62718dca666fb3435e34825e56ad7733be206122cc79a4cc54fa4980376ca52

SHA512
7e996d0b9104549ce3d07e116f936ed537df97014c531513ace9f07b8d621e7248af8480ab477721b20e4bb2de9241c69a8c1ddfc4261da0ff9a8aac1f72d533

Download Submit
C:\Windows\system\YovUnjE.exe

Filesize
6.0MB

MD5
27220229005bded81015400db7808cab

SHA1
3528ab394dc2cb43e60e1244c95685c8ecab3975

SHA256
d31a3cb287a17a635140ae95c34f1b2ef8494ca125627e1259acd4f6681cda19

SHA512
aca3eeeb68ab894af33a69baf74835d1fe6b4eafb0d52fd2ab96e139c876752de1f5265794a345c84d151ac4f788fb513c708583d0eba670012aa4aeecef1704

Download Submit
C:\Windows\system\fnzVTlD.exe

Filesize
6.0MB

MD5
a4b71ec508e502f3f51501f2191e294b

SHA1
9f545e9b97ab751aa98649ca3a8c4cbabdfd0278

SHA256
7f2b4bb81ba111067e72d37aa9ee6929ffeff9cd296ae0877e8fb4bdb8593f1e

SHA512
a50899a1542f46a4a13034f85ac39881323e13611c31b1e977f81ad29f5e9c00f569289d3ec1aa2cbe4841021f23fcef09848892df8fb84b9eb688eba2164a50

Download Submit
C:\Windows\system\hvyddqn.exe

Filesize
6.0MB

MD5
7988d52c31ec98ce79a4d2baf0062f9b

SHA1
fef84f776c6b60dfbd5b123cc77de28d61b1cf34

SHA256
fb3782e1c2d6ce1eddd66ee85f5141b8b8286a20f2bc19168521ed5ab4a68be6

SHA512
89a7397c304ad7993169b2b815ab017d7ac6e5e374fd181b58c03ba0098e4637c09b623f07ba3720a7226f75b043c8f864c634cba3946ff42d3a5954728951e4

Download Submit
C:\Windows\system\iVOITSq.exe

Filesize
6.0MB

MD5
0e98cb7b192589f3dac2a0053dafa9b4

SHA1
efc4ce84226fbeca7762bff4fbe36cee9877f029

SHA256
cfe8230addb6cdc096c38182e2944463dbfe2b39e87ffc3b3a27ff2ca1ad3dd9

SHA512
28b325494162a4c37ee5d816526ad47710c65bc74e1f4c77ce81c1ad464d40c3cc129f17641632d90469e92f2e91ec6db3003883a5be02400498cce4e344b9d6

Download Submit
C:\Windows\system\imRDsji.exe

Filesize
6.0MB

MD5
70d1fd71e23d8bbc44861f2674e24066

SHA1
3e60bf323aebfe34c6bec808bf7db79407b1542c

SHA256
4bd86d595afb30e65f497f038642d64f6b8282bfb013952d81212247dc545db9

SHA512
887dfd62cd9a539f7ec587b4beeb36d2c1131015ff5982bdf8052af01f567ff5e8bd35b27787bf464d429f9b69e2e7ac3a9d0455769825dafac0252432c78ac3

Download Submit
C:\Windows\system\kAbkfdx.exe

Filesize
6.0MB

MD5
d90683f772e8f12b9b749bfd9c6a91cb

SHA1
c2d5922c1f0f95432cad1e3f1e79cb93673e21f3

SHA256
0faa96827bcbeb096858e19105d888ec0d016162b1406aebd1eee9118f46c5e5

SHA512
2f5caeb6a154e59b0a78c87717bb3d1440e443e43189d0af7e675164859eb0e1f8a58b21d5ee475d20919854244a9d74c4c2486b73551f7474547d629d8507b6

Download Submit
C:\Windows\system\mmUkxbQ.exe

Filesize
6.0MB

MD5
4e74edc63441748ad75b6825acfdd6dd

SHA1
055d629cb1efcdea7e6de5c397943d2f816d6510

SHA256
5cdc61025cd535e7a2ae942fbcffc4d32183e3e9b408068c82033cb9ad7c9527

SHA512
0db819adc00300be3d40166def9826aa654d0e02e36d19b35a265e4c44e5233319315e92c4306b0e4105bb0662547cb5bd5daa014cc90a06aadd1087e75d2968

Download Submit
C:\Windows\system\rpZqdkt.exe

Filesize
6.0MB

MD5
8e5c36ae5077d9b0564e293b5b26cc86

SHA1
8119562159c4c75308c604ee5b42cb98028cbb69

SHA256
025a0aca07eca1a225e23f1a83d086ce8a02d90c70dbaab5b8ea75c191bf184b

SHA512
845a61dca273b4bd9b4c3302386712dc7e402f32748f5ceeceb498f11eb6a8e9797fbea70a78a613d8513613a60c84fc3280877964801fbabad6f2cb4b950aa1

Download Submit
C:\Windows\system\sadpWmi.exe

Filesize
6.0MB

MD5
43a6f17ba93ede0a454e6a62829a932b

SHA1
d1cec6e1b5562c290cd9591149d2e88596968b9b

SHA256
e29baaba1329016d71859f98e4d0b73a63b80560ba41d04892e205df194ecedd

SHA512
f9f05e43e959d329f90debde0a358ecbddad108ddfee07d72943d6c67bb3a45884831cdf246d434d6c947b2a5c775d91b39f78bdc3205cc6515889ad977993ee

Download Submit
C:\Windows\system\snzNCXp.exe

Filesize
6.0MB

MD5
6006f25eddc92e6617d48550b711911f

SHA1
b3400b5d5f1d9b3a95414f4e2522a90dd0fece30

SHA256
31630fdd62dfca006e23a2e8151bb10383ab09c56e85bb100186df53454e2543

SHA512
220cd6692e1ab0e411ad2f2cf4e464add93320a0315905d47406d5a7836cb3d86a68f17b8da7cc89350bb4f4a04359f5ee636eec2d56e2efe204fa69081653fb

Download Submit
C:\Windows\system\ugbwRsc.exe

Filesize
6.0MB

MD5
711179927d46620db932f4949ae45809

SHA1
5b35297472e470210013708273aca67d25cf5e21

SHA256
47636978be0aa7678dcdcd005d5f4249a3c44ffe9a1077830bc55281b7a1ce5f

SHA512
0986657d3af04ece73b9d0fcb4669916442afce6c37396ad0f21234818b2d1c67d8b010a48952774b75ae067b5cd9a4ebc4cf9a75e11deba273adb0bfea0e6e1

Download Submit
C:\Windows\system\xOuLeJk.exe

Filesize
6.0MB

MD5
6d455091f7a8704425566c00e5082a1b

SHA1
5fb6ed678813d78c68bb579220e704c1452e75cd

SHA256
24aeb3080b271faf980b6149e6de5985c23bee73a7bb40c499a1d04999207180

SHA512
f0628df2e57efa90ccf1fb3e038ca4411299b3e4ed00812bc98d388ad77f90c4b2ef275f0e6512503245f9d4adaf6afa7b0d75f52002c8fda4aa3169fa524f86

Download Submit
C:\Windows\system\zfTzpqz.exe

Filesize
6.0MB

MD5
c0debb2ba001b3975f777ac4082f6ee0

SHA1
434df6b6458f43f84a8afaa2ae7ccad9ea2d91ed

SHA256
eecc333d3f7fa5e6a90d21d799a7383668a1a95102866b05fc7e003d056182d1

SHA512
284d6ee0d254d5b0652b1851084a705c851f0701322787ae391db272dd51686053be1d9b2e351a44e21627397da795ad5d7e7c1834c76bf935d713df1f1426df

Download Submit
C:\Windows\system\zjdhpEU.exe

Filesize
6.0MB

MD5
d308979f249512675d47d810b0c8189d

SHA1
6311bdd7c61d1775061b3dafcdc678552fe51e33

SHA256
a4987cb211685ca028bcfbdd21986aae183b2ad372bcf6d841d9ec4ca31cd2b4

SHA512
653471b218b6e9fceeaec26a69a529298321f1669aa0584a7b263922f7c3954e6d184b8861b9ebdac559bf0c91b6f8b655380a74f11db302e3e99bc71af7e335

Download Submit
\Windows\system\FhCUsRF.exe

Filesize
6.0MB

MD5
534e65bbcfe24775083c2f28c710d4de

SHA1
92969a4d4f18f44751c6612561052fb6cd8f828e

SHA256
56c6cfc382801ac921e6ebb941e4ae78cc184de2487f5b1d5c45ca1124e2e477

SHA512
7b5f052d25c0759ad6120204d1838d3bf5c356df3386221103f915c8cef43a53cc5e5d2a2597b35b53fe803686a30706f8a74d3d754d80f2ce65f87b2aac62b6

Download Submit
\Windows\system\GjsTknX.exe

Filesize
6.0MB

MD5
50bed7a6f2b52bd63a7cf10c8aadab41

SHA1
0aff01ad7c62c0eddfba7f3bf57c5aa96d7e750d

SHA256
910fdd34b0572477698648f640d1fe520034f658ec9b4ddd5439d53077eb9c12

SHA512
dba46e072dd48f85669759478e0f107eeebb05ba83fa207355699f8671f316ec483100175c9d91509dcfef4f8d398f13e1dd402dde859db7492b0fa739a106f8

Download Submit
\Windows\system\HEXSlcp.exe

Filesize
6.0MB

MD5
0f05fec4593c577467003d42bf1ac2ed

SHA1
a41b50901321b3ab838e63f27da44976586f08b2

SHA256
77b972b9186821463acf7d1151c382bdf982a1929851bf6446b58e64c82322e6

SHA512
1077e64386283a78dedafe25d6a1677f979cc333873a984f535f5738d98e60bcbfe0415173cef828bc41740d50281630f27e786f68c4518cac13e4e0bc1a8f81

Download Submit
\Windows\system\LmrQASm.exe

Filesize
6.0MB

MD5
7b577ccf9bf775f22378c22ec5e09c9e

SHA1
5d79193dadd6581af9930465e026955c70276375

SHA256
e7e00b0ef6f9331604e332e3e4e4d94568215cfc8ffc4df209fd8318049455a5

SHA512
14eb2ec6685e695c6131fe3afcdf632d1ce5d8ce22ae20a0a293ff42b83e9ef64ebf778213373634c543e580e3ab2f61d98bff99d295ab683cb420fb479eab34

Download Submit
\Windows\system\SacMpUY.exe

Filesize
6.0MB

MD5
46bd10df34017134ae662ef15580a87c

SHA1
66871fd3660cb296ae6733d8c37294e4ef946cfa

SHA256
65c952c2a301719924f1477fb6524bed643fb310ae5227f993d454735119ed23

SHA512
45262eb2e766155459435d7782fcbc9095688c3348cf897af1f73ce5c3ba97b7ff0ce9f4b6bacca5519ac3291b39d3f4757bd84e25554dfe08bde2edce3b5701

Download Submit
memory/272-140-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/272-76-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/272-687-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/580-702-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/580-84-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/580-222-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-115-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1064-36-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1064-40-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-32-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1064-56-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1064-48-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1064-375-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1064-64-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-72-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-87-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-88-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1064-13-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-96-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1064-97-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1064-295-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1064-6-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-105-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-443-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1064-255-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1064-106-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1064-114-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-0-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1064-24-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1064-18-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-43-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-8-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-957-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-68-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2180-30-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2180-622-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2392-784-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2392-414-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2392-110-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2576-109-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-69-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-679-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-75-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2620-633-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2620-37-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2624-53-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-91-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-650-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-580-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-52-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-16-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-83-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2820-640-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2820-44-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2844-336-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2844-767-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2844-102-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2988-92-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2988-268-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2988-753-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2992-22-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-956-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-60-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-663-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/3052-101-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/3052-61-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download