cobaltstrike | 44d96314ca3040b9473f4c511caa139792f77d2f35eced385d9576ee11837e05

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e95c01531663b7803754d01715095f21
SHA1

00cdd5a9965d540c543ccccd51696c54d49d0bd6
SHA256

44d96314ca3040b9473f4c511caa139792f77d2f35eced385d9576ee11837e05
SHA512

905a5baafa105dddcf29e2dc784d3de9a9444c00990b549ba2cb1a37ff4c4a57372f090fb917dc6b9f2367c2626faa9238069f919f4ee9dbf4511a694bbf76b2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000c000000012280-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b47-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016875-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-29.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000164b1-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-46.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-101.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017049-76.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-85.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-83.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-149.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2176-0-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012280-6.dat	xmrig
behavioral1/files/0x0008000000016b47-9.dat	xmrig
behavioral1/files/0x0008000000016875-7.dat	xmrig
behavioral1/memory/1440-21-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2596-19-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2176-17-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c66-22.dat	xmrig
behavioral1/memory/2768-27-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2176-23-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/3044-16-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-29.dat	xmrig
behavioral1/memory/2780-36-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x00090000000164b1-39.dat	xmrig
behavioral1/memory/2176-41-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf5-46.dat	xmrig
behavioral1/memory/1912-65-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2848-90-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2544-93-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2692-100-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-101.dat	xmrig
behavioral1/files/0x0007000000017049-76.dat	xmrig
behavioral1/memory/2960-72-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x000600000001755b-71.dat	xmrig
behavioral1/files/0x0005000000018686-70.dat	xmrig
behavioral1/memory/1440-99-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2928-97-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2808-96-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2768-104-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2924-86-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e7-85.dat	xmrig
behavioral1/files/0x000600000001749c-83.dat	xmrig
behavioral1/memory/1920-82-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017497-58.dat	xmrig
behavioral1/memory/2176-62-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd7-45.dat	xmrig
behavioral1/files/0x00050000000186f1-111.dat	xmrig
behavioral1/memory/2780-106-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f4-118.dat	xmrig
behavioral1/files/0x0005000000018739-124.dat	xmrig
behavioral1/files/0x0005000000018744-127.dat	xmrig
behavioral1/files/0x000500000001878e-133.dat	xmrig
behavioral1/files/0x00050000000187a8-137.dat	xmrig
behavioral1/files/0x0006000000018c16-145.dat	xmrig
behavioral1/files/0x0006000000018b4e-141.dat	xmrig
behavioral1/files/0x0005000000019250-153.dat	xmrig
behavioral1/files/0x0005000000019269-157.dat	xmrig
behavioral1/files/0x0005000000019360-177.dat	xmrig
behavioral1/memory/2176-189-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-181.dat	xmrig
behavioral1/memory/2692-312-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001933f-173.dat	xmrig
behavioral1/files/0x0005000000019297-169.dat	xmrig
behavioral1/files/0x0005000000019284-165.dat	xmrig
behavioral1/files/0x0005000000019278-161.dat	xmrig
behavioral1/files/0x0005000000019246-149.dat	xmrig
behavioral1/memory/3044-3506-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2596-3514-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/1440-3611-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2768-3613-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2780-3612-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2848-3619-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2960-3621-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2924-3626-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

oXFFIxH.exeTkPvGBJ.exeJNZOfee.exelrKxSxi.exeUAfAtEe.exeEVHbQbs.exeHEVsgiL.exeRmAXLEO.exeNwRDdsr.exekMvfmIh.exeTPGdRoP.exeFqyluzy.exeLbEfKmy.exeevLbOwZ.exeTwutoeo.exezlptneQ.execKdNTYW.exeGieqhbp.exeqAzPODx.exenJIJEuk.exeNJAHQus.exemIMGFQE.exeSztSEzG.exeiYIZKVp.exeYGNOTZJ.exeszjWyeX.exenzblvhS.exenYffpuJ.exeBYecoBh.exeqYoUqfv.exevkpquoi.exeRUTmsNc.exeVTISpnk.exehScZzBW.exeCKEODlY.exeEmNylpf.exedVYmoJQ.exegtXPMer.exeMkceUuM.exeDoYKZIN.exeqJqfWGh.exePdnRNsM.exegvbjPhB.exeKbRUzsF.exespZQrFj.exeWtHZKrK.exeSwnKCnA.exeRwhjMPq.exeeOEnyPN.exevUNsaMX.exeTXWBmMS.exeFANNygW.exejlcrXlH.exeAwzgsoG.exeNjNkbBG.exeGTPYbGa.exeHpGqlwg.exeHhWJtLB.execQpIrde.exeFofqrXG.exeZyrYkDJ.exerlPLJPe.exeWgSZalt.exeYElukkL.exe

pid	Process
3044	oXFFIxH.exe
2596	TkPvGBJ.exe
1440	JNZOfee.exe
2768	lrKxSxi.exe
2780	UAfAtEe.exe
2924	EVHbQbs.exe
1912	HEVsgiL.exe
2960	RmAXLEO.exe
2848	NwRDdsr.exe
1920	kMvfmIh.exe
2544	TPGdRoP.exe
2928	Fqyluzy.exe
2808	LbEfKmy.exe
2692	evLbOwZ.exe
2044	Twutoeo.exe
2352	zlptneQ.exe
1940	cKdNTYW.exe
1956	Gieqhbp.exe
2876	qAzPODx.exe
1560	nJIJEuk.exe
1452	NJAHQus.exe
2560	mIMGFQE.exe
2872	SztSEzG.exe
2272	iYIZKVp.exe
2288	YGNOTZJ.exe
2636	szjWyeX.exe
2212	nzblvhS.exe
1624	nYffpuJ.exe
1036	BYecoBh.exe
1144	qYoUqfv.exe
2784	vkpquoi.exe
2308	RUTmsNc.exe
796	VTISpnk.exe
1104	hScZzBW.exe
1620	CKEODlY.exe
2300	EmNylpf.exe
2656	dVYmoJQ.exe
2040	gtXPMer.exe
1240	MkceUuM.exe
1148	DoYKZIN.exe
972	qJqfWGh.exe
1768	PdnRNsM.exe
924	gvbjPhB.exe
1068	KbRUzsF.exe
1484	spZQrFj.exe
1544	WtHZKrK.exe
2516	SwnKCnA.exe
1756	RwhjMPq.exe
608	eOEnyPN.exe
2672	vUNsaMX.exe
700	TXWBmMS.exe
1344	FANNygW.exe
2612	jlcrXlH.exe
2404	AwzgsoG.exe
888	NjNkbBG.exe
316	GTPYbGa.exe
2180	HpGqlwg.exe
2572	HhWJtLB.exe
2504	cQpIrde.exe
1600	FofqrXG.exe
1596	ZyrYkDJ.exe
1760	rlPLJPe.exe
2620	WgSZalt.exe
1532	YElukkL.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2176-0-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000c000000012280-6.dat	upx
behavioral1/files/0x0008000000016b47-9.dat	upx
behavioral1/files/0x0008000000016875-7.dat	upx
behavioral1/memory/1440-21-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2596-19-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0008000000016c66-22.dat	upx
behavioral1/memory/2768-27-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/3044-16-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-29.dat	upx
behavioral1/memory/2780-36-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x00090000000164b1-39.dat	upx
behavioral1/memory/2176-41-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0007000000016cf5-46.dat	upx
behavioral1/memory/1912-65-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2848-90-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2544-93-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2692-100-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-101.dat	upx
behavioral1/files/0x0007000000017049-76.dat	upx
behavioral1/memory/2960-72-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x000600000001755b-71.dat	upx
behavioral1/files/0x0005000000018686-70.dat	upx
behavioral1/memory/1440-99-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2928-97-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2808-96-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2768-104-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2924-86-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x00050000000186e7-85.dat	upx
behavioral1/files/0x000600000001749c-83.dat	upx
behavioral1/memory/1920-82-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0006000000017497-58.dat	upx
behavioral1/files/0x0007000000016cd7-45.dat	upx
behavioral1/files/0x00050000000186f1-111.dat	upx
behavioral1/memory/2780-106-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x00050000000186f4-118.dat	upx
behavioral1/files/0x0005000000018739-124.dat	upx
behavioral1/files/0x0005000000018744-127.dat	upx
behavioral1/files/0x000500000001878e-133.dat	upx
behavioral1/files/0x00050000000187a8-137.dat	upx
behavioral1/files/0x0006000000018c16-145.dat	upx
behavioral1/files/0x0006000000018b4e-141.dat	upx
behavioral1/files/0x0005000000019250-153.dat	upx
behavioral1/files/0x0005000000019269-157.dat	upx
behavioral1/files/0x0005000000019360-177.dat	upx
behavioral1/files/0x00050000000193a6-181.dat	upx
behavioral1/memory/2692-312-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x000500000001933f-173.dat	upx
behavioral1/files/0x0005000000019297-169.dat	upx
behavioral1/files/0x0005000000019284-165.dat	upx
behavioral1/files/0x0005000000019278-161.dat	upx
behavioral1/files/0x0005000000019246-149.dat	upx
behavioral1/memory/3044-3506-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2596-3514-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/1440-3611-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2768-3613-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2780-3612-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2848-3619-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2960-3621-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2924-3626-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/1920-3628-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2544-3634-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/1912-3644-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2928-3645-0x000000013F730000-0x000000013FA84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\lrKxSxi.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Raechof.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejOFjXc.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kteeqTm.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPHNBep.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbiTuVs.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aaIsDPv.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnzfLpM.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWEEsRK.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtEKUHb.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTXMLhi.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwegVSW.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzVMoKa.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpRHKDz.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzQHOPv.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsPTSRl.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkpkcAv.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbkyWZY.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsRfRVe.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqInAtk.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyAdWar.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTNykUO.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csChuxx.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdNaGyn.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmQpTGg.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKdNTYW.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTDgLWa.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RixTLrX.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlTDSef.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntDBVJL.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIJUBDv.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKlxDhK.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYAkVdj.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkxAOFP.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPDvYRM.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyGNtfn.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFBnuoM.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYLqXJg.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svFvGAP.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiVpfCa.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZJOvkH.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wryhekq.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLvNBks.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipHzajR.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqCjHBQ.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCUAlta.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGuoqmW.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtmBSTR.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbEfKmy.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hScZzBW.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjNkbBG.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOHMYgV.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzWqSHD.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joXGEAR.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHmoWLb.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXbPLYa.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZGIKBX.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXHhBBL.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEJCaXb.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMySgSc.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzCVzyK.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnLqvhN.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RaRwFCO.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwfjlQf.exe	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2176 wrote to memory of 3044	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2176 wrote to memory of 3044	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2176 wrote to memory of 3044	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2176 wrote to memory of 2596	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2176 wrote to memory of 2596	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2176 wrote to memory of 2596	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2176 wrote to memory of 1440	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2176 wrote to memory of 1440	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2176 wrote to memory of 1440	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2176 wrote to memory of 2768	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2176 wrote to memory of 2768	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2176 wrote to memory of 2768	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2176 wrote to memory of 2780	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2176 wrote to memory of 2780	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2176 wrote to memory of 2780	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2176 wrote to memory of 2924	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2176 wrote to memory of 2924	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2176 wrote to memory of 2924	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2176 wrote to memory of 1912	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2176 wrote to memory of 1912	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2176 wrote to memory of 1912	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2176 wrote to memory of 2960	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2176 wrote to memory of 2960	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2176 wrote to memory of 2960	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2176 wrote to memory of 2544	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2176 wrote to memory of 2544	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2176 wrote to memory of 2544	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2176 wrote to memory of 2848	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2176 wrote to memory of 2848	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2176 wrote to memory of 2848	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2176 wrote to memory of 2928	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2176 wrote to memory of 2928	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2176 wrote to memory of 2928	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2176 wrote to memory of 1920	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2176 wrote to memory of 1920	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2176 wrote to memory of 1920	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2176 wrote to memory of 2692	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2176 wrote to memory of 2692	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2176 wrote to memory of 2692	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2176 wrote to memory of 2808	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2176 wrote to memory of 2808	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2176 wrote to memory of 2808	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2176 wrote to memory of 2044	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2176 wrote to memory of 2044	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2176 wrote to memory of 2044	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2176 wrote to memory of 2352	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2176 wrote to memory of 2352	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2176 wrote to memory of 2352	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2176 wrote to memory of 1940	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2176 wrote to memory of 1940	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2176 wrote to memory of 1940	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2176 wrote to memory of 1956	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2176 wrote to memory of 1956	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2176 wrote to memory of 1956	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2176 wrote to memory of 2876	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2176 wrote to memory of 2876	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2176 wrote to memory of 2876	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2176 wrote to memory of 1560	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2176 wrote to memory of 1560	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2176 wrote to memory of 1560	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2176 wrote to memory of 1452	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2176 wrote to memory of 1452	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2176 wrote to memory of 1452	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2176 wrote to memory of 2560	2176	2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_e95c01531663b7803754d01715095f21_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\System\oXFFIxH.exe
  C:\Windows\System\oXFFIxH.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\TkPvGBJ.exe
  C:\Windows\System\TkPvGBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\JNZOfee.exe
  C:\Windows\System\JNZOfee.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\lrKxSxi.exe
  C:\Windows\System\lrKxSxi.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\UAfAtEe.exe
  C:\Windows\System\UAfAtEe.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\EVHbQbs.exe
  C:\Windows\System\EVHbQbs.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\HEVsgiL.exe
  C:\Windows\System\HEVsgiL.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\RmAXLEO.exe
  C:\Windows\System\RmAXLEO.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\TPGdRoP.exe
  C:\Windows\System\TPGdRoP.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\NwRDdsr.exe
  C:\Windows\System\NwRDdsr.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\Fqyluzy.exe
  C:\Windows\System\Fqyluzy.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\kMvfmIh.exe
  C:\Windows\System\kMvfmIh.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\evLbOwZ.exe
  C:\Windows\System\evLbOwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\LbEfKmy.exe
  C:\Windows\System\LbEfKmy.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\Twutoeo.exe
  C:\Windows\System\Twutoeo.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\zlptneQ.exe
  C:\Windows\System\zlptneQ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\cKdNTYW.exe
  C:\Windows\System\cKdNTYW.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\Gieqhbp.exe
  C:\Windows\System\Gieqhbp.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\qAzPODx.exe
  C:\Windows\System\qAzPODx.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\nJIJEuk.exe
  C:\Windows\System\nJIJEuk.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\NJAHQus.exe
  C:\Windows\System\NJAHQus.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\mIMGFQE.exe
  C:\Windows\System\mIMGFQE.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\SztSEzG.exe
  C:\Windows\System\SztSEzG.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\iYIZKVp.exe
  C:\Windows\System\iYIZKVp.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\YGNOTZJ.exe
  C:\Windows\System\YGNOTZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\szjWyeX.exe
  C:\Windows\System\szjWyeX.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\nzblvhS.exe
  C:\Windows\System\nzblvhS.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\nYffpuJ.exe
  C:\Windows\System\nYffpuJ.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\BYecoBh.exe
  C:\Windows\System\BYecoBh.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\qYoUqfv.exe
  C:\Windows\System\qYoUqfv.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\vkpquoi.exe
  C:\Windows\System\vkpquoi.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\RUTmsNc.exe
  C:\Windows\System\RUTmsNc.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\VTISpnk.exe
  C:\Windows\System\VTISpnk.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\hScZzBW.exe
  C:\Windows\System\hScZzBW.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\CKEODlY.exe
  C:\Windows\System\CKEODlY.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\dVYmoJQ.exe
  C:\Windows\System\dVYmoJQ.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\EmNylpf.exe
  C:\Windows\System\EmNylpf.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\gtXPMer.exe
  C:\Windows\System\gtXPMer.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\MkceUuM.exe
  C:\Windows\System\MkceUuM.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\DoYKZIN.exe
  C:\Windows\System\DoYKZIN.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\qJqfWGh.exe
  C:\Windows\System\qJqfWGh.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\PdnRNsM.exe
  C:\Windows\System\PdnRNsM.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\gvbjPhB.exe
  C:\Windows\System\gvbjPhB.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\KbRUzsF.exe
  C:\Windows\System\KbRUzsF.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\spZQrFj.exe
  C:\Windows\System\spZQrFj.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\WtHZKrK.exe
  C:\Windows\System\WtHZKrK.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\SwnKCnA.exe
  C:\Windows\System\SwnKCnA.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\RwhjMPq.exe
  C:\Windows\System\RwhjMPq.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\eOEnyPN.exe
  C:\Windows\System\eOEnyPN.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\vUNsaMX.exe
  C:\Windows\System\vUNsaMX.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\TXWBmMS.exe
  C:\Windows\System\TXWBmMS.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\FANNygW.exe
  C:\Windows\System\FANNygW.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\jlcrXlH.exe
  C:\Windows\System\jlcrXlH.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\AwzgsoG.exe
  C:\Windows\System\AwzgsoG.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\NjNkbBG.exe
  C:\Windows\System\NjNkbBG.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\GTPYbGa.exe
  C:\Windows\System\GTPYbGa.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\HpGqlwg.exe
  C:\Windows\System\HpGqlwg.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\HhWJtLB.exe
  C:\Windows\System\HhWJtLB.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\cQpIrde.exe
  C:\Windows\System\cQpIrde.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\FofqrXG.exe
  C:\Windows\System\FofqrXG.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\ZyrYkDJ.exe
  C:\Windows\System\ZyrYkDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\rlPLJPe.exe
  C:\Windows\System\rlPLJPe.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\WgSZalt.exe
  C:\Windows\System\WgSZalt.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\YElukkL.exe
  C:\Windows\System\YElukkL.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\RBQXgjz.exe
  C:\Windows\System\RBQXgjz.exe
  2⤵
  PID:2540
- C:\Windows\System\Raechof.exe
  C:\Windows\System\Raechof.exe
  2⤵
  PID:3048
- C:\Windows\System\kNZLUGa.exe
  C:\Windows\System\kNZLUGa.exe
  2⤵
  PID:2820
- C:\Windows\System\cExEwcR.exe
  C:\Windows\System\cExEwcR.exe
  2⤵
  PID:2716
- C:\Windows\System\kZAIRnl.exe
  C:\Windows\System\kZAIRnl.exe
  2⤵
  PID:2952
- C:\Windows\System\wlqLnMs.exe
  C:\Windows\System\wlqLnMs.exe
  2⤵
  PID:1916
- C:\Windows\System\DJXzJyp.exe
  C:\Windows\System\DJXzJyp.exe
  2⤵
  PID:2956
- C:\Windows\System\czxXSMD.exe
  C:\Windows\System\czxXSMD.exe
  2⤵
  PID:2732
- C:\Windows\System\ntGDKbe.exe
  C:\Windows\System\ntGDKbe.exe
  2⤵
  PID:2968
- C:\Windows\System\UhkCnUf.exe
  C:\Windows\System\UhkCnUf.exe
  2⤵
  PID:2368
- C:\Windows\System\BsaZNBI.exe
  C:\Windows\System\BsaZNBI.exe
  2⤵
  PID:2548
- C:\Windows\System\bbNURAj.exe
  C:\Windows\System\bbNURAj.exe
  2⤵
  PID:2740
- C:\Windows\System\DRBmHYt.exe
  C:\Windows\System\DRBmHYt.exe
  2⤵
  PID:2028
- C:\Windows\System\qGvBhWh.exe
  C:\Windows\System\qGvBhWh.exe
  2⤵
  PID:1652
- C:\Windows\System\VwyqQrA.exe
  C:\Windows\System\VwyqQrA.exe
  2⤵
  PID:556
- C:\Windows\System\lBAWuXJ.exe
  C:\Windows\System\lBAWuXJ.exe
  2⤵
  PID:1836
- C:\Windows\System\laNAiCB.exe
  C:\Windows\System\laNAiCB.exe
  2⤵
  PID:2392
- C:\Windows\System\IakWmFY.exe
  C:\Windows\System\IakWmFY.exe
  2⤵
  PID:1588
- C:\Windows\System\jZtlixx.exe
  C:\Windows\System\jZtlixx.exe
  2⤵
  PID:2592
- C:\Windows\System\NbZMTuk.exe
  C:\Windows\System\NbZMTuk.exe
  2⤵
  PID:2128
- C:\Windows\System\HEboYsT.exe
  C:\Windows\System\HEboYsT.exe
  2⤵
  PID:1740
- C:\Windows\System\zPbAfsE.exe
  C:\Windows\System\zPbAfsE.exe
  2⤵
  PID:1720
- C:\Windows\System\oAdfBal.exe
  C:\Windows\System\oAdfBal.exe
  2⤵
  PID:2184
- C:\Windows\System\QnlsiyQ.exe
  C:\Windows\System\QnlsiyQ.exe
  2⤵
  PID:1500
- C:\Windows\System\lUeiJkF.exe
  C:\Windows\System\lUeiJkF.exe
  2⤵
  PID:2268
- C:\Windows\System\AwJovmm.exe
  C:\Windows\System\AwJovmm.exe
  2⤵
  PID:1636
- C:\Windows\System\cUSVYMb.exe
  C:\Windows\System\cUSVYMb.exe
  2⤵
  PID:2836
- C:\Windows\System\oDLeAGb.exe
  C:\Windows\System\oDLeAGb.exe
  2⤵
  PID:448
- C:\Windows\System\QBoQudL.exe
  C:\Windows\System\QBoQudL.exe
  2⤵
  PID:1808
- C:\Windows\System\XDgJxDO.exe
  C:\Windows\System\XDgJxDO.exe
  2⤵
  PID:1864
- C:\Windows\System\xeGQpcu.exe
  C:\Windows\System\xeGQpcu.exe
  2⤵
  PID:704
- C:\Windows\System\xWYxwAq.exe
  C:\Windows\System\xWYxwAq.exe
  2⤵
  PID:3040
- C:\Windows\System\kkTdRuN.exe
  C:\Windows\System\kkTdRuN.exe
  2⤵
  PID:2984
- C:\Windows\System\oHbMUuo.exe
  C:\Windows\System\oHbMUuo.exe
  2⤵
  PID:548
- C:\Windows\System\NGFOhyt.exe
  C:\Windows\System\NGFOhyt.exe
  2⤵
  PID:1700
- C:\Windows\System\oZJOvkH.exe
  C:\Windows\System\oZJOvkH.exe
  2⤵
  PID:1540
- C:\Windows\System\uFAXIXy.exe
  C:\Windows\System\uFAXIXy.exe
  2⤵
  PID:1820
- C:\Windows\System\YshczPI.exe
  C:\Windows\System\YshczPI.exe
  2⤵
  PID:1796
- C:\Windows\System\dXJMbvt.exe
  C:\Windows\System\dXJMbvt.exe
  2⤵
  PID:564
- C:\Windows\System\qpHcxps.exe
  C:\Windows\System\qpHcxps.exe
  2⤵
  PID:296
- C:\Windows\System\IzukdHD.exe
  C:\Windows\System\IzukdHD.exe
  2⤵
  PID:2912
- C:\Windows\System\dtIFqfr.exe
  C:\Windows\System\dtIFqfr.exe
  2⤵
  PID:892
- C:\Windows\System\rqJUlSK.exe
  C:\Windows\System\rqJUlSK.exe
  2⤵
  PID:1044
- C:\Windows\System\nMgXwSq.exe
  C:\Windows\System\nMgXwSq.exe
  2⤵
  PID:1732
- C:\Windows\System\IbQVUCo.exe
  C:\Windows\System\IbQVUCo.exe
  2⤵
  PID:2084
- C:\Windows\System\HZXjvZn.exe
  C:\Windows\System\HZXjvZn.exe
  2⤵
  PID:2588
- C:\Windows\System\zHLALYg.exe
  C:\Windows\System\zHLALYg.exe
  2⤵
  PID:2904
- C:\Windows\System\cGyoWOm.exe
  C:\Windows\System\cGyoWOm.exe
  2⤵
  PID:2940
- C:\Windows\System\SpnsZdB.exe
  C:\Windows\System\SpnsZdB.exe
  2⤵
  PID:2812
- C:\Windows\System\xAzeAfk.exe
  C:\Windows\System\xAzeAfk.exe
  2⤵
  PID:2744
- C:\Windows\System\TswkMWf.exe
  C:\Windows\System\TswkMWf.exe
  2⤵
  PID:2804
- C:\Windows\System\zlWFxIn.exe
  C:\Windows\System\zlWFxIn.exe
  2⤵
  PID:2500
- C:\Windows\System\DSqYXKe.exe
  C:\Windows\System\DSqYXKe.exe
  2⤵
  PID:2900
- C:\Windows\System\oJmHuPC.exe
  C:\Windows\System\oJmHuPC.exe
  2⤵
  PID:1692
- C:\Windows\System\YpjYWun.exe
  C:\Windows\System\YpjYWun.exe
  2⤵
  PID:1812
- C:\Windows\System\kWhthjW.exe
  C:\Windows\System\kWhthjW.exe
  2⤵
  PID:2576
- C:\Windows\System\GfwehpL.exe
  C:\Windows\System\GfwehpL.exe
  2⤵
  PID:2748
- C:\Windows\System\tlqPIaD.exe
  C:\Windows\System\tlqPIaD.exe
  2⤵
  PID:1368
- C:\Windows\System\aTDgLWa.exe
  C:\Windows\System\aTDgLWa.exe
  2⤵
  PID:3008
- C:\Windows\System\bEEAcFP.exe
  C:\Windows\System\bEEAcFP.exe
  2⤵
  PID:2700
- C:\Windows\System\QHJbrPQ.exe
  C:\Windows\System\QHJbrPQ.exe
  2⤵
  PID:1480
- C:\Windows\System\xJsoaNf.exe
  C:\Windows\System\xJsoaNf.exe
  2⤵
  PID:2704
- C:\Windows\System\MqDsaSJ.exe
  C:\Windows\System\MqDsaSJ.exe
  2⤵
  PID:632
- C:\Windows\System\GwEpvSg.exe
  C:\Windows\System\GwEpvSg.exe
  2⤵
  PID:1860
- C:\Windows\System\bBKTYWo.exe
  C:\Windows\System\bBKTYWo.exe
  2⤵
  PID:1028
- C:\Windows\System\sjKSjxX.exe
  C:\Windows\System\sjKSjxX.exe
  2⤵
  PID:1388
- C:\Windows\System\slnliwh.exe
  C:\Windows\System\slnliwh.exe
  2⤵
  PID:720
- C:\Windows\System\CsGhLuB.exe
  C:\Windows\System\CsGhLuB.exe
  2⤵
  PID:1116
- C:\Windows\System\ZmGxHoC.exe
  C:\Windows\System\ZmGxHoC.exe
  2⤵
  PID:1492
- C:\Windows\System\HHQOuNq.exe
  C:\Windows\System\HHQOuNq.exe
  2⤵
  PID:1608
- C:\Windows\System\lddQTVB.exe
  C:\Windows\System\lddQTVB.exe
  2⤵
  PID:2100
- C:\Windows\System\THsATvo.exe
  C:\Windows\System\THsATvo.exe
  2⤵
  PID:1504
- C:\Windows\System\NQAizJr.exe
  C:\Windows\System\NQAizJr.exe
  2⤵
  PID:2792
- C:\Windows\System\EfverlW.exe
  C:\Windows\System\EfverlW.exe
  2⤵
  PID:2336
- C:\Windows\System\xlmWptB.exe
  C:\Windows\System\xlmWptB.exe
  2⤵
  PID:2496
- C:\Windows\System\NceiYFe.exe
  C:\Windows\System\NceiYFe.exe
  2⤵
  PID:1736
- C:\Windows\System\zzNxGis.exe
  C:\Windows\System\zzNxGis.exe
  2⤵
  PID:1076
- C:\Windows\System\IqgLgmt.exe
  C:\Windows\System\IqgLgmt.exe
  2⤵
  PID:2944
- C:\Windows\System\qBKothZ.exe
  C:\Windows\System\qBKothZ.exe
  2⤵
  PID:2456
- C:\Windows\System\rZYRThJ.exe
  C:\Windows\System\rZYRThJ.exe
  2⤵
  PID:2624
- C:\Windows\System\oYYKRHm.exe
  C:\Windows\System\oYYKRHm.exe
  2⤵
  PID:1004
- C:\Windows\System\KCnCBWa.exe
  C:\Windows\System\KCnCBWa.exe
  2⤵
  PID:1984
- C:\Windows\System\YWgzMgH.exe
  C:\Windows\System\YWgzMgH.exe
  2⤵
  PID:1512
- C:\Windows\System\unJdfFp.exe
  C:\Windows\System\unJdfFp.exe
  2⤵
  PID:1752
- C:\Windows\System\ynrKizO.exe
  C:\Windows\System\ynrKizO.exe
  2⤵
  PID:1780
- C:\Windows\System\iLqJtbl.exe
  C:\Windows\System\iLqJtbl.exe
  2⤵
  PID:2720
- C:\Windows\System\oXFLulN.exe
  C:\Windows\System\oXFLulN.exe
  2⤵
  PID:2056
- C:\Windows\System\qLfPJri.exe
  C:\Windows\System\qLfPJri.exe
  2⤵
  PID:1972
- C:\Windows\System\VqeNaTe.exe
  C:\Windows\System\VqeNaTe.exe
  2⤵
  PID:1364
- C:\Windows\System\oWJbdkE.exe
  C:\Windows\System\oWJbdkE.exe
  2⤵
  PID:536
- C:\Windows\System\sFvRYwv.exe
  C:\Windows\System\sFvRYwv.exe
  2⤵
  PID:2832
- C:\Windows\System\znWofSK.exe
  C:\Windows\System\znWofSK.exe
  2⤵
  PID:2824
- C:\Windows\System\olnWPaI.exe
  C:\Windows\System\olnWPaI.exe
  2⤵
  PID:2260
- C:\Windows\System\yHnJwry.exe
  C:\Windows\System\yHnJwry.exe
  2⤵
  PID:1008
- C:\Windows\System\SmfIZse.exe
  C:\Windows\System\SmfIZse.exe
  2⤵
  PID:3088
- C:\Windows\System\MkCsFNv.exe
  C:\Windows\System\MkCsFNv.exe
  2⤵
  PID:3104
- C:\Windows\System\BmNeBIu.exe
  C:\Windows\System\BmNeBIu.exe
  2⤵
  PID:3120
- C:\Windows\System\KYXJqfX.exe
  C:\Windows\System\KYXJqfX.exe
  2⤵
  PID:3136
- C:\Windows\System\FVryhpZ.exe
  C:\Windows\System\FVryhpZ.exe
  2⤵
  PID:3152
- C:\Windows\System\xsipBWs.exe
  C:\Windows\System\xsipBWs.exe
  2⤵
  PID:3168
- C:\Windows\System\xjlEBzb.exe
  C:\Windows\System\xjlEBzb.exe
  2⤵
  PID:3184
- C:\Windows\System\ZALQCwC.exe
  C:\Windows\System\ZALQCwC.exe
  2⤵
  PID:3200
- C:\Windows\System\MXUETLD.exe
  C:\Windows\System\MXUETLD.exe
  2⤵
  PID:3216
- C:\Windows\System\VxqnLde.exe
  C:\Windows\System\VxqnLde.exe
  2⤵
  PID:3232
- C:\Windows\System\LAKjRvb.exe
  C:\Windows\System\LAKjRvb.exe
  2⤵
  PID:3248
- C:\Windows\System\LghNpDy.exe
  C:\Windows\System\LghNpDy.exe
  2⤵
  PID:3264
- C:\Windows\System\xBUphFn.exe
  C:\Windows\System\xBUphFn.exe
  2⤵
  PID:3280
- C:\Windows\System\htqZdAz.exe
  C:\Windows\System\htqZdAz.exe
  2⤵
  PID:3296
- C:\Windows\System\MQxeARl.exe
  C:\Windows\System\MQxeARl.exe
  2⤵
  PID:3312
- C:\Windows\System\pumQIHy.exe
  C:\Windows\System\pumQIHy.exe
  2⤵
  PID:3328
- C:\Windows\System\yjLYrlu.exe
  C:\Windows\System\yjLYrlu.exe
  2⤵
  PID:3344
- C:\Windows\System\grYHWIy.exe
  C:\Windows\System\grYHWIy.exe
  2⤵
  PID:3360
- C:\Windows\System\syujECv.exe
  C:\Windows\System\syujECv.exe
  2⤵
  PID:3376
- C:\Windows\System\XAHhgBs.exe
  C:\Windows\System\XAHhgBs.exe
  2⤵
  PID:3392
- C:\Windows\System\IYEJbKb.exe
  C:\Windows\System\IYEJbKb.exe
  2⤵
  PID:3408
- C:\Windows\System\qAtMhXM.exe
  C:\Windows\System\qAtMhXM.exe
  2⤵
  PID:3424
- C:\Windows\System\grcDEkg.exe
  C:\Windows\System\grcDEkg.exe
  2⤵
  PID:3440
- C:\Windows\System\GAdZQng.exe
  C:\Windows\System\GAdZQng.exe
  2⤵
  PID:3456
- C:\Windows\System\EtMHVvm.exe
  C:\Windows\System\EtMHVvm.exe
  2⤵
  PID:3472
- C:\Windows\System\mRHGlSO.exe
  C:\Windows\System\mRHGlSO.exe
  2⤵
  PID:3488
- C:\Windows\System\DGevQRm.exe
  C:\Windows\System\DGevQRm.exe
  2⤵
  PID:3504
- C:\Windows\System\rElHKzV.exe
  C:\Windows\System\rElHKzV.exe
  2⤵
  PID:3520
- C:\Windows\System\lWGIGpN.exe
  C:\Windows\System\lWGIGpN.exe
  2⤵
  PID:3540
- C:\Windows\System\TVoRZnA.exe
  C:\Windows\System\TVoRZnA.exe
  2⤵
  PID:3556
- C:\Windows\System\zfhnRyu.exe
  C:\Windows\System\zfhnRyu.exe
  2⤵
  PID:3572
- C:\Windows\System\dRlvfCi.exe
  C:\Windows\System\dRlvfCi.exe
  2⤵
  PID:3588
- C:\Windows\System\sArldRe.exe
  C:\Windows\System\sArldRe.exe
  2⤵
  PID:3604
- C:\Windows\System\kIBEDRN.exe
  C:\Windows\System\kIBEDRN.exe
  2⤵
  PID:3620
- C:\Windows\System\rOHKowv.exe
  C:\Windows\System\rOHKowv.exe
  2⤵
  PID:3636
- C:\Windows\System\HwTFSEf.exe
  C:\Windows\System\HwTFSEf.exe
  2⤵
  PID:3652
- C:\Windows\System\IUZAbEH.exe
  C:\Windows\System\IUZAbEH.exe
  2⤵
  PID:3668
- C:\Windows\System\LlCWlMa.exe
  C:\Windows\System\LlCWlMa.exe
  2⤵
  PID:3684
- C:\Windows\System\mOVjPbP.exe
  C:\Windows\System\mOVjPbP.exe
  2⤵
  PID:3700
- C:\Windows\System\PaOTNtI.exe
  C:\Windows\System\PaOTNtI.exe
  2⤵
  PID:3716
- C:\Windows\System\aGugAnK.exe
  C:\Windows\System\aGugAnK.exe
  2⤵
  PID:3732
- C:\Windows\System\bDgOWnz.exe
  C:\Windows\System\bDgOWnz.exe
  2⤵
  PID:3760
- C:\Windows\System\adRdlQR.exe
  C:\Windows\System\adRdlQR.exe
  2⤵
  PID:3776
- C:\Windows\System\BwDeFpc.exe
  C:\Windows\System\BwDeFpc.exe
  2⤵
  PID:3868
- C:\Windows\System\qOcwMyZ.exe
  C:\Windows\System\qOcwMyZ.exe
  2⤵
  PID:3580
- C:\Windows\System\FPmMHAG.exe
  C:\Windows\System\FPmMHAG.exe
  2⤵
  PID:3616
- C:\Windows\System\HsSNney.exe
  C:\Windows\System\HsSNney.exe
  2⤵
  PID:3632
- C:\Windows\System\DdULvii.exe
  C:\Windows\System\DdULvii.exe
  2⤵
  PID:3712
- C:\Windows\System\cJxiVpz.exe
  C:\Windows\System\cJxiVpz.exe
  2⤵
  PID:3740
- C:\Windows\System\FlwTLBd.exe
  C:\Windows\System\FlwTLBd.exe
  2⤵
  PID:3752
- C:\Windows\System\lEaSEkU.exe
  C:\Windows\System\lEaSEkU.exe
  2⤵
  PID:3800
- C:\Windows\System\ganHKwE.exe
  C:\Windows\System\ganHKwE.exe
  2⤵
  PID:3816
- C:\Windows\System\YSQhdRd.exe
  C:\Windows\System\YSQhdRd.exe
  2⤵
  PID:3876
- C:\Windows\System\pccxOsk.exe
  C:\Windows\System\pccxOsk.exe
  2⤵
  PID:3896
- C:\Windows\System\lKVBnwo.exe
  C:\Windows\System\lKVBnwo.exe
  2⤵
  PID:3908
- C:\Windows\System\EoBkbKP.exe
  C:\Windows\System\EoBkbKP.exe
  2⤵
  PID:3924
- C:\Windows\System\OEMxwMa.exe
  C:\Windows\System\OEMxwMa.exe
  2⤵
  PID:3960
- C:\Windows\System\MBSGxzD.exe
  C:\Windows\System\MBSGxzD.exe
  2⤵
  PID:3980
- C:\Windows\System\DLVijtg.exe
  C:\Windows\System\DLVijtg.exe
  2⤵
  PID:4080
- C:\Windows\System\YvyveDR.exe
  C:\Windows\System\YvyveDR.exe
  2⤵
  PID:4048
- C:\Windows\System\wixmtuu.exe
  C:\Windows\System\wixmtuu.exe
  2⤵
  PID:1048
- C:\Windows\System\cdLUvWy.exe
  C:\Windows\System\cdLUvWy.exe
  2⤵
  PID:3084
- C:\Windows\System\TFfcVRv.exe
  C:\Windows\System\TFfcVRv.exe
  2⤵
  PID:3132
- C:\Windows\System\DpewXmz.exe
  C:\Windows\System\DpewXmz.exe
  2⤵
  PID:3148
- C:\Windows\System\REXDAoE.exe
  C:\Windows\System\REXDAoE.exe
  2⤵
  PID:3180
- C:\Windows\System\AFNwpjP.exe
  C:\Windows\System\AFNwpjP.exe
  2⤵
  PID:3212
- C:\Windows\System\luhGVGu.exe
  C:\Windows\System\luhGVGu.exe
  2⤵
  PID:3244
- C:\Windows\System\lZtmfzw.exe
  C:\Windows\System\lZtmfzw.exe
  2⤵
  PID:3288
- C:\Windows\System\JYiPPhh.exe
  C:\Windows\System\JYiPPhh.exe
  2⤵
  PID:3320
- C:\Windows\System\AEOXrMu.exe
  C:\Windows\System\AEOXrMu.exe
  2⤵
  PID:2148
- C:\Windows\System\HmWSQEL.exe
  C:\Windows\System\HmWSQEL.exe
  2⤵
  PID:3384
- C:\Windows\System\JyQXtwV.exe
  C:\Windows\System\JyQXtwV.exe
  2⤵
  PID:3416
- C:\Windows\System\GJrXOcK.exe
  C:\Windows\System\GJrXOcK.exe
  2⤵
  PID:3436
- C:\Windows\System\cUrLLaT.exe
  C:\Windows\System\cUrLLaT.exe
  2⤵
  PID:3468
- C:\Windows\System\dtFUEPn.exe
  C:\Windows\System\dtFUEPn.exe
  2⤵
  PID:3516
- C:\Windows\System\VbkyWZY.exe
  C:\Windows\System\VbkyWZY.exe
  2⤵
  PID:3532
- C:\Windows\System\EYkDPZT.exe
  C:\Windows\System\EYkDPZT.exe
  2⤵
  PID:3568
- C:\Windows\System\mdgGHqK.exe
  C:\Windows\System\mdgGHqK.exe
  2⤵
  PID:3680
- C:\Windows\System\lZCwGdY.exe
  C:\Windows\System\lZCwGdY.exe
  2⤵
  PID:3748
- C:\Windows\System\CNgrOct.exe
  C:\Windows\System\CNgrOct.exe
  2⤵
  PID:3600
- C:\Windows\System\kVKCUuB.exe
  C:\Windows\System\kVKCUuB.exe
  2⤵
  PID:3788
- C:\Windows\System\MFEKMKN.exe
  C:\Windows\System\MFEKMKN.exe
  2⤵
  PID:3856
- C:\Windows\System\QYbInOd.exe
  C:\Windows\System\QYbInOd.exe
  2⤵
  PID:3840
- C:\Windows\System\BwIAKnf.exe
  C:\Windows\System\BwIAKnf.exe
  2⤵
  PID:3884
- C:\Windows\System\dIciZIy.exe
  C:\Windows\System\dIciZIy.exe
  2⤵
  PID:3772
- C:\Windows\System\ssAxcyX.exe
  C:\Windows\System\ssAxcyX.exe
  2⤵
  PID:2828
- C:\Windows\System\MTcygYd.exe
  C:\Windows\System\MTcygYd.exe
  2⤵
  PID:3976
- C:\Windows\System\CsmBiOe.exe
  C:\Windows\System\CsmBiOe.exe
  2⤵
  PID:1220
- C:\Windows\System\jqIJVfB.exe
  C:\Windows\System\jqIJVfB.exe
  2⤵
  PID:3904
- C:\Windows\System\sYLUeGd.exe
  C:\Windows\System\sYLUeGd.exe
  2⤵
  PID:3988
- C:\Windows\System\WwmYYZH.exe
  C:\Windows\System\WwmYYZH.exe
  2⤵
  PID:4008
- C:\Windows\System\pmUraVh.exe
  C:\Windows\System\pmUraVh.exe
  2⤵
  PID:4024
- C:\Windows\System\btWGmWI.exe
  C:\Windows\System\btWGmWI.exe
  2⤵
  PID:4040
- C:\Windows\System\WLbQDoj.exe
  C:\Windows\System\WLbQDoj.exe
  2⤵
  PID:4064
- C:\Windows\System\TDqjcVz.exe
  C:\Windows\System\TDqjcVz.exe
  2⤵
  PID:3972
- C:\Windows\System\zINVJnq.exe
  C:\Windows\System\zINVJnq.exe
  2⤵
  PID:3160
- C:\Windows\System\mxHeNxk.exe
  C:\Windows\System\mxHeNxk.exe
  2⤵
  PID:3224
- C:\Windows\System\WfPAWix.exe
  C:\Windows\System\WfPAWix.exe
  2⤵
  PID:2948
- C:\Windows\System\OUEjMZy.exe
  C:\Windows\System\OUEjMZy.exe
  2⤵
  PID:3388
- C:\Windows\System\ScdUIYq.exe
  C:\Windows\System\ScdUIYq.exe
  2⤵
  PID:2480
- C:\Windows\System\gflrvtI.exe
  C:\Windows\System\gflrvtI.exe
  2⤵
  PID:3452
- C:\Windows\System\hkCpECE.exe
  C:\Windows\System\hkCpECE.exe
  2⤵
  PID:3340
- C:\Windows\System\WelVxzf.exe
  C:\Windows\System\WelVxzf.exe
  2⤵
  PID:3500
- C:\Windows\System\mDKbMdA.exe
  C:\Windows\System\mDKbMdA.exe
  2⤵
  PID:3548
- C:\Windows\System\ABSWJhE.exe
  C:\Windows\System\ABSWJhE.exe
  2⤵
  PID:3432
- C:\Windows\System\KupgTNG.exe
  C:\Windows\System\KupgTNG.exe
  2⤵
  PID:2992
- C:\Windows\System\oEKKWeo.exe
  C:\Windows\System\oEKKWeo.exe
  2⤵
  PID:3808
- C:\Windows\System\hsRfRVe.exe
  C:\Windows\System\hsRfRVe.exe
  2⤵
  PID:3848
- C:\Windows\System\rbiTuVs.exe
  C:\Windows\System\rbiTuVs.exe
  2⤵
  PID:3932
- C:\Windows\System\KXVQrYf.exe
  C:\Windows\System\KXVQrYf.exe
  2⤵
  PID:3920
- C:\Windows\System\ANMlWLz.exe
  C:\Windows\System\ANMlWLz.exe
  2⤵
  PID:3336
- C:\Windows\System\phIBbBA.exe
  C:\Windows\System\phIBbBA.exe
  2⤵
  PID:1576
- C:\Windows\System\NNoBSmL.exe
  C:\Windows\System\NNoBSmL.exe
  2⤵
  PID:4020
- C:\Windows\System\bgqHMbY.exe
  C:\Windows\System\bgqHMbY.exe
  2⤵
  PID:3836
- C:\Windows\System\YdLBTlb.exe
  C:\Windows\System\YdLBTlb.exe
  2⤵
  PID:4056
- C:\Windows\System\WRxUVXE.exe
  C:\Windows\System\WRxUVXE.exe
  2⤵
  PID:1168
- C:\Windows\System\FuFFXUO.exe
  C:\Windows\System\FuFFXUO.exe
  2⤵
  PID:1948
- C:\Windows\System\BHmoWLb.exe
  C:\Windows\System\BHmoWLb.exe
  2⤵
  PID:4032
- C:\Windows\System\TUfUGjM.exe
  C:\Windows\System\TUfUGjM.exe
  2⤵
  PID:4088
- C:\Windows\System\fUaetde.exe
  C:\Windows\System\fUaetde.exe
  2⤵
  PID:2252
- C:\Windows\System\WGhqdSw.exe
  C:\Windows\System\WGhqdSw.exe
  2⤵
  PID:3240
- C:\Windows\System\DMDLooj.exe
  C:\Windows\System\DMDLooj.exe
  2⤵
  PID:3128
- C:\Windows\System\XdfppjD.exe
  C:\Windows\System\XdfppjD.exe
  2⤵
  PID:3016
- C:\Windows\System\AnDjVUt.exe
  C:\Windows\System\AnDjVUt.exe
  2⤵
  PID:3768
- C:\Windows\System\proItJs.exe
  C:\Windows\System\proItJs.exe
  2⤵
  PID:3860
- C:\Windows\System\EsoGiWA.exe
  C:\Windows\System\EsoGiWA.exe
  2⤵
  PID:3728
- C:\Windows\System\HJoumyu.exe
  C:\Windows\System\HJoumyu.exe
  2⤵
  PID:3596
- C:\Windows\System\iEzNvhi.exe
  C:\Windows\System\iEzNvhi.exe
  2⤵
  PID:3272
- C:\Windows\System\STihcDW.exe
  C:\Windows\System\STihcDW.exe
  2⤵
  PID:3528
- C:\Windows\System\dOhpTfT.exe
  C:\Windows\System\dOhpTfT.exe
  2⤵
  PID:3792
- C:\Windows\System\jwBtprq.exe
  C:\Windows\System\jwBtprq.exe
  2⤵
  PID:3196
- C:\Windows\System\UxHbSAs.exe
  C:\Windows\System\UxHbSAs.exe
  2⤵
  PID:2088
- C:\Windows\System\tfzArLA.exe
  C:\Windows\System\tfzArLA.exe
  2⤵
  PID:1012
- C:\Windows\System\VNVbmSd.exe
  C:\Windows\System\VNVbmSd.exe
  2⤵
  PID:3116
- C:\Windows\System\eIJUBDv.exe
  C:\Windows\System\eIJUBDv.exe
  2⤵
  PID:3536
- C:\Windows\System\TSElYYZ.exe
  C:\Windows\System\TSElYYZ.exe
  2⤵
  PID:3292
- C:\Windows\System\NFUFCMX.exe
  C:\Windows\System\NFUFCMX.exe
  2⤵
  PID:4036
- C:\Windows\System\IYwImsD.exe
  C:\Windows\System\IYwImsD.exe
  2⤵
  PID:4108
- C:\Windows\System\gdbpIDt.exe
  C:\Windows\System\gdbpIDt.exe
  2⤵
  PID:4124
- C:\Windows\System\YRYDmRd.exe
  C:\Windows\System\YRYDmRd.exe
  2⤵
  PID:4140
- C:\Windows\System\eHWiLLx.exe
  C:\Windows\System\eHWiLLx.exe
  2⤵
  PID:4156
- C:\Windows\System\ZFtBoXp.exe
  C:\Windows\System\ZFtBoXp.exe
  2⤵
  PID:4172
- C:\Windows\System\RixTLrX.exe
  C:\Windows\System\RixTLrX.exe
  2⤵
  PID:4188
- C:\Windows\System\dKlxDhK.exe
  C:\Windows\System\dKlxDhK.exe
  2⤵
  PID:4204
- C:\Windows\System\DJDzQiV.exe
  C:\Windows\System\DJDzQiV.exe
  2⤵
  PID:4220
- C:\Windows\System\ZeoGdLI.exe
  C:\Windows\System\ZeoGdLI.exe
  2⤵
  PID:4236
- C:\Windows\System\KUoxnLU.exe
  C:\Windows\System\KUoxnLU.exe
  2⤵
  PID:4252
- C:\Windows\System\vjCcDot.exe
  C:\Windows\System\vjCcDot.exe
  2⤵
  PID:4268
- C:\Windows\System\CIOjNQd.exe
  C:\Windows\System\CIOjNQd.exe
  2⤵
  PID:4284
- C:\Windows\System\sumVYAb.exe
  C:\Windows\System\sumVYAb.exe
  2⤵
  PID:4300
- C:\Windows\System\BThxtJZ.exe
  C:\Windows\System\BThxtJZ.exe
  2⤵
  PID:4316
- C:\Windows\System\hTnFUUm.exe
  C:\Windows\System\hTnFUUm.exe
  2⤵
  PID:4332
- C:\Windows\System\RNApUTS.exe
  C:\Windows\System\RNApUTS.exe
  2⤵
  PID:4348
- C:\Windows\System\rqAmGQL.exe
  C:\Windows\System\rqAmGQL.exe
  2⤵
  PID:4364
- C:\Windows\System\HvGXjlB.exe
  C:\Windows\System\HvGXjlB.exe
  2⤵
  PID:4380
- C:\Windows\System\khETExx.exe
  C:\Windows\System\khETExx.exe
  2⤵
  PID:4396
- C:\Windows\System\OjAohct.exe
  C:\Windows\System\OjAohct.exe
  2⤵
  PID:4412
- C:\Windows\System\mkiqsGb.exe
  C:\Windows\System\mkiqsGb.exe
  2⤵
  PID:4428
- C:\Windows\System\WrTMmzI.exe
  C:\Windows\System\WrTMmzI.exe
  2⤵
  PID:4444
- C:\Windows\System\EUsiGIn.exe
  C:\Windows\System\EUsiGIn.exe
  2⤵
  PID:4460
- C:\Windows\System\KXBJpEn.exe
  C:\Windows\System\KXBJpEn.exe
  2⤵
  PID:4476
- C:\Windows\System\AOVpLhg.exe
  C:\Windows\System\AOVpLhg.exe
  2⤵
  PID:4492
- C:\Windows\System\HtvngrT.exe
  C:\Windows\System\HtvngrT.exe
  2⤵
  PID:4508
- C:\Windows\System\ZEoUASb.exe
  C:\Windows\System\ZEoUASb.exe
  2⤵
  PID:4524
- C:\Windows\System\khWzovo.exe
  C:\Windows\System\khWzovo.exe
  2⤵
  PID:4540
- C:\Windows\System\BsMybQf.exe
  C:\Windows\System\BsMybQf.exe
  2⤵
  PID:4556
- C:\Windows\System\fySwpJi.exe
  C:\Windows\System\fySwpJi.exe
  2⤵
  PID:4572
- C:\Windows\System\riaGfQB.exe
  C:\Windows\System\riaGfQB.exe
  2⤵
  PID:4588
- C:\Windows\System\pdBTTDn.exe
  C:\Windows\System\pdBTTDn.exe
  2⤵
  PID:4604
- C:\Windows\System\RFkjvkX.exe
  C:\Windows\System\RFkjvkX.exe
  2⤵
  PID:4620
- C:\Windows\System\lEpJcnQ.exe
  C:\Windows\System\lEpJcnQ.exe
  2⤵
  PID:4636
- C:\Windows\System\dlbFoUK.exe
  C:\Windows\System\dlbFoUK.exe
  2⤵
  PID:4652
- C:\Windows\System\TrOqJST.exe
  C:\Windows\System\TrOqJST.exe
  2⤵
  PID:4668
- C:\Windows\System\ipHzajR.exe
  C:\Windows\System\ipHzajR.exe
  2⤵
  PID:4684
- C:\Windows\System\BxvaLdX.exe
  C:\Windows\System\BxvaLdX.exe
  2⤵
  PID:4700
- C:\Windows\System\pSjXysr.exe
  C:\Windows\System\pSjXysr.exe
  2⤵
  PID:4716
- C:\Windows\System\sopwnqj.exe
  C:\Windows\System\sopwnqj.exe
  2⤵
  PID:4732
- C:\Windows\System\dGmbzKx.exe
  C:\Windows\System\dGmbzKx.exe
  2⤵
  PID:4748
- C:\Windows\System\tjvbnlb.exe
  C:\Windows\System\tjvbnlb.exe
  2⤵
  PID:4764
- C:\Windows\System\oYLqXJg.exe
  C:\Windows\System\oYLqXJg.exe
  2⤵
  PID:4780
- C:\Windows\System\udbdUsK.exe
  C:\Windows\System\udbdUsK.exe
  2⤵
  PID:4796
- C:\Windows\System\IYEVGFs.exe
  C:\Windows\System\IYEVGFs.exe
  2⤵
  PID:4812
- C:\Windows\System\iNXAGfQ.exe
  C:\Windows\System\iNXAGfQ.exe
  2⤵
  PID:4828
- C:\Windows\System\AdymAYi.exe
  C:\Windows\System\AdymAYi.exe
  2⤵
  PID:4844
- C:\Windows\System\MKmOrTE.exe
  C:\Windows\System\MKmOrTE.exe
  2⤵
  PID:4860
- C:\Windows\System\BqEPNfn.exe
  C:\Windows\System\BqEPNfn.exe
  2⤵
  PID:4876
- C:\Windows\System\GVkLjww.exe
  C:\Windows\System\GVkLjww.exe
  2⤵
  PID:4892
- C:\Windows\System\pXmwezZ.exe
  C:\Windows\System\pXmwezZ.exe
  2⤵
  PID:4908
- C:\Windows\System\erESbip.exe
  C:\Windows\System\erESbip.exe
  2⤵
  PID:4928
- C:\Windows\System\dxEsuxm.exe
  C:\Windows\System\dxEsuxm.exe
  2⤵
  PID:4944
- C:\Windows\System\KxLydQM.exe
  C:\Windows\System\KxLydQM.exe
  2⤵
  PID:4960
- C:\Windows\System\MhsdKUd.exe
  C:\Windows\System\MhsdKUd.exe
  2⤵
  PID:4976
- C:\Windows\System\NMUVwyu.exe
  C:\Windows\System\NMUVwyu.exe
  2⤵
  PID:4992
- C:\Windows\System\BnLqvhN.exe
  C:\Windows\System\BnLqvhN.exe
  2⤵
  PID:5008
- C:\Windows\System\CjwWeoD.exe
  C:\Windows\System\CjwWeoD.exe
  2⤵
  PID:5024
- C:\Windows\System\YtndPzE.exe
  C:\Windows\System\YtndPzE.exe
  2⤵
  PID:5040
- C:\Windows\System\ltECNaa.exe
  C:\Windows\System\ltECNaa.exe
  2⤵
  PID:5056
- C:\Windows\System\FoHiFTs.exe
  C:\Windows\System\FoHiFTs.exe
  2⤵
  PID:5072
- C:\Windows\System\BxlfsES.exe
  C:\Windows\System\BxlfsES.exe
  2⤵
  PID:5088
- C:\Windows\System\PofhMjH.exe
  C:\Windows\System\PofhMjH.exe
  2⤵
  PID:5104
- C:\Windows\System\XKRRFLh.exe
  C:\Windows\System\XKRRFLh.exe
  2⤵
  PID:2220
- C:\Windows\System\XnHBiQe.exe
  C:\Windows\System\XnHBiQe.exe
  2⤵
  PID:3956
- C:\Windows\System\aKkYwiP.exe
  C:\Windows\System\aKkYwiP.exe
  2⤵
  PID:4100
- C:\Windows\System\GfBdHit.exe
  C:\Windows\System\GfBdHit.exe
  2⤵
  PID:4120
- C:\Windows\System\BZkOGDb.exe
  C:\Windows\System\BZkOGDb.exe
  2⤵
  PID:4196
- C:\Windows\System\WUhXeku.exe
  C:\Windows\System\WUhXeku.exe
  2⤵
  PID:4264
- C:\Windows\System\OWIXdSR.exe
  C:\Windows\System\OWIXdSR.exe
  2⤵
  PID:4152
- C:\Windows\System\uBVahJY.exe
  C:\Windows\System\uBVahJY.exe
  2⤵
  PID:4296
- C:\Windows\System\xSMfBNK.exe
  C:\Windows\System\xSMfBNK.exe
  2⤵
  PID:4180
- C:\Windows\System\duaWvVV.exe
  C:\Windows\System\duaWvVV.exe
  2⤵
  PID:4328
- C:\Windows\System\eCUcurh.exe
  C:\Windows\System\eCUcurh.exe
  2⤵
  PID:4388
- C:\Windows\System\RaRwFCO.exe
  C:\Windows\System\RaRwFCO.exe
  2⤵
  PID:4408
- C:\Windows\System\LPdJGxu.exe
  C:\Windows\System\LPdJGxu.exe
  2⤵
  PID:4376
- C:\Windows\System\eePjoGd.exe
  C:\Windows\System\eePjoGd.exe
  2⤵
  PID:4436
- C:\Windows\System\eSPhpkN.exe
  C:\Windows\System\eSPhpkN.exe
  2⤵
  PID:4488
- C:\Windows\System\RrbSzjO.exe
  C:\Windows\System\RrbSzjO.exe
  2⤵
  PID:4520
- C:\Windows\System\QGmAUXI.exe
  C:\Windows\System\QGmAUXI.exe
  2⤵
  PID:4504
- C:\Windows\System\NrmGQAX.exe
  C:\Windows\System\NrmGQAX.exe
  2⤵
  PID:4552
- C:\Windows\System\LDFULkQ.exe
  C:\Windows\System\LDFULkQ.exe
  2⤵
  PID:2224
- C:\Windows\System\ufWYUKk.exe
  C:\Windows\System\ufWYUKk.exe
  2⤵
  PID:4612
- C:\Windows\System\xpDGqga.exe
  C:\Windows\System\xpDGqga.exe
  2⤵
  PID:2996
- C:\Windows\System\pCsPqCo.exe
  C:\Windows\System\pCsPqCo.exe
  2⤵
  PID:4632
- C:\Windows\System\CKGmOGP.exe
  C:\Windows\System\CKGmOGP.exe
  2⤵
  PID:4676
- C:\Windows\System\uqKdEtR.exe
  C:\Windows\System\uqKdEtR.exe
  2⤵
  PID:4740
- C:\Windows\System\YCvKhbX.exe
  C:\Windows\System\YCvKhbX.exe
  2⤵
  PID:1868
- C:\Windows\System\LgRfaKq.exe
  C:\Windows\System\LgRfaKq.exe
  2⤵
  PID:4696
- C:\Windows\System\ybeypzl.exe
  C:\Windows\System\ybeypzl.exe
  2⤵
  PID:4788
- C:\Windows\System\QsEUOlY.exe
  C:\Windows\System\QsEUOlY.exe
  2⤵
  PID:4820
- C:\Windows\System\ITcDPMw.exe
  C:\Windows\System\ITcDPMw.exe
  2⤵
  PID:4856
- C:\Windows\System\kyqHRVU.exe
  C:\Windows\System\kyqHRVU.exe
  2⤵
  PID:4900
- C:\Windows\System\gZdLzsJ.exe
  C:\Windows\System\gZdLzsJ.exe
  2⤵
  PID:2208
- C:\Windows\System\aaIsDPv.exe
  C:\Windows\System\aaIsDPv.exe
  2⤵
  PID:4968
- C:\Windows\System\cwfjlQf.exe
  C:\Windows\System\cwfjlQf.exe
  2⤵
  PID:4972
- C:\Windows\System\RgbWABM.exe
  C:\Windows\System\RgbWABM.exe
  2⤵
  PID:5036
- C:\Windows\System\sywgykK.exe
  C:\Windows\System\sywgykK.exe
  2⤵
  PID:5100
- C:\Windows\System\mVfPgUy.exe
  C:\Windows\System\mVfPgUy.exe
  2⤵
  PID:4988
- C:\Windows\System\gLLJSAM.exe
  C:\Windows\System\gLLJSAM.exe
  2⤵
  PID:3352
- C:\Windows\System\YQRcKWY.exe
  C:\Windows\System\YQRcKWY.exe
  2⤵
  PID:4260
- C:\Windows\System\hBAYjWr.exe
  C:\Windows\System\hBAYjWr.exe
  2⤵
  PID:4216
- C:\Windows\System\LthXCaw.exe
  C:\Windows\System\LthXCaw.exe
  2⤵
  PID:5048
- C:\Windows\System\sIhpoVl.exe
  C:\Windows\System\sIhpoVl.exe
  2⤵
  PID:4308
- C:\Windows\System\UFuMJzu.exe
  C:\Windows\System\UFuMJzu.exe
  2⤵
  PID:4280
- C:\Windows\System\dgGXapo.exe
  C:\Windows\System\dgGXapo.exe
  2⤵
  PID:3936
- C:\Windows\System\evXFugT.exe
  C:\Windows\System\evXFugT.exe
  2⤵
  PID:4472
- C:\Windows\System\bkiFrmJ.exe
  C:\Windows\System\bkiFrmJ.exe
  2⤵
  PID:4344
- C:\Windows\System\xKcJSbC.exe
  C:\Windows\System\xKcJSbC.exe
  2⤵
  PID:4500
- C:\Windows\System\VXHhBBL.exe
  C:\Windows\System\VXHhBBL.exe
  2⤵
  PID:4628
- C:\Windows\System\gcelyOn.exe
  C:\Windows\System\gcelyOn.exe
  2⤵
  PID:4712
- C:\Windows\System\oozIwRI.exe
  C:\Windows\System\oozIwRI.exe
  2⤵
  PID:4692
- C:\Windows\System\oDLJYfF.exe
  C:\Windows\System\oDLJYfF.exe
  2⤵
  PID:4660
- C:\Windows\System\aaFYNJd.exe
  C:\Windows\System\aaFYNJd.exe
  2⤵
  PID:4836
- C:\Windows\System\JDGdZLP.exe
  C:\Windows\System\JDGdZLP.exe
  2⤵
  PID:4840
- C:\Windows\System\nHpdfxt.exe
  C:\Windows\System\nHpdfxt.exe
  2⤵
  PID:4940
- C:\Windows\System\ZQAQBzK.exe
  C:\Windows\System\ZQAQBzK.exe
  2⤵
  PID:5004
- C:\Windows\System\GQKBucJ.exe
  C:\Windows\System\GQKBucJ.exe
  2⤵
  PID:4116
- C:\Windows\System\fMzcSaG.exe
  C:\Windows\System\fMzcSaG.exe
  2⤵
  PID:4340
- C:\Windows\System\HGNUMxP.exe
  C:\Windows\System\HGNUMxP.exe
  2⤵
  PID:4312
- C:\Windows\System\dDtERkL.exe
  C:\Windows\System\dDtERkL.exe
  2⤵
  PID:5020
- C:\Windows\System\gkTGehx.exe
  C:\Windows\System\gkTGehx.exe
  2⤵
  PID:5096
- C:\Windows\System\ntkQGnG.exe
  C:\Windows\System\ntkQGnG.exe
  2⤵
  PID:4600
- C:\Windows\System\tXjlCEW.exe
  C:\Windows\System\tXjlCEW.exe
  2⤵
  PID:4536
- C:\Windows\System\uxNEsYq.exe
  C:\Windows\System\uxNEsYq.exe
  2⤵
  PID:4568
- C:\Windows\System\wGunyCD.exe
  C:\Windows\System\wGunyCD.exe
  2⤵
  PID:5112
- C:\Windows\System\dDxjfmJ.exe
  C:\Windows\System\dDxjfmJ.exe
  2⤵
  PID:4148
- C:\Windows\System\jhhgtDs.exe
  C:\Windows\System\jhhgtDs.exe
  2⤵
  PID:4920
- C:\Windows\System\bZDaZKh.exe
  C:\Windows\System\bZDaZKh.exe
  2⤵
  PID:4956
- C:\Windows\System\ShVpLFz.exe
  C:\Windows\System\ShVpLFz.exe
  2⤵
  PID:5052
- C:\Windows\System\ppYQHZU.exe
  C:\Windows\System\ppYQHZU.exe
  2⤵
  PID:4200
- C:\Windows\System\sCoKOME.exe
  C:\Windows\System\sCoKOME.exe
  2⤵
  PID:4708
- C:\Windows\System\tAgsTAs.exe
  C:\Windows\System\tAgsTAs.exe
  2⤵
  PID:5080
- C:\Windows\System\rStbBsK.exe
  C:\Windows\System\rStbBsK.exe
  2⤵
  PID:4276
- C:\Windows\System\ZdNBPiz.exe
  C:\Windows\System\ZdNBPiz.exe
  2⤵
  PID:4532
- C:\Windows\System\BRMqWxk.exe
  C:\Windows\System\BRMqWxk.exe
  2⤵
  PID:4936
- C:\Windows\System\tixvAJF.exe
  C:\Windows\System\tixvAJF.exe
  2⤵
  PID:5132
- C:\Windows\System\hFPpyyr.exe
  C:\Windows\System\hFPpyyr.exe
  2⤵
  PID:5148
- C:\Windows\System\XAhBGCK.exe
  C:\Windows\System\XAhBGCK.exe
  2⤵
  PID:5164
- C:\Windows\System\QSoMKXj.exe
  C:\Windows\System\QSoMKXj.exe
  2⤵
  PID:5180
- C:\Windows\System\aXnlwoT.exe
  C:\Windows\System\aXnlwoT.exe
  2⤵
  PID:5196
- C:\Windows\System\jyDGvhg.exe
  C:\Windows\System\jyDGvhg.exe
  2⤵
  PID:5212
- C:\Windows\System\AUObhho.exe
  C:\Windows\System\AUObhho.exe
  2⤵
  PID:5228
- C:\Windows\System\hssuAmT.exe
  C:\Windows\System\hssuAmT.exe
  2⤵
  PID:5244
- C:\Windows\System\YBOhUNo.exe
  C:\Windows\System\YBOhUNo.exe
  2⤵
  PID:5260
- C:\Windows\System\MFDIbjY.exe
  C:\Windows\System\MFDIbjY.exe
  2⤵
  PID:5276
- C:\Windows\System\NNkyCSa.exe
  C:\Windows\System\NNkyCSa.exe
  2⤵
  PID:5292
- C:\Windows\System\gnSBVma.exe
  C:\Windows\System\gnSBVma.exe
  2⤵
  PID:5308
- C:\Windows\System\ZtEKUHb.exe
  C:\Windows\System\ZtEKUHb.exe
  2⤵
  PID:5324
- C:\Windows\System\CFPsEWq.exe
  C:\Windows\System\CFPsEWq.exe
  2⤵
  PID:5340
- C:\Windows\System\nBXLeZs.exe
  C:\Windows\System\nBXLeZs.exe
  2⤵
  PID:5356
- C:\Windows\System\pzgmRBZ.exe
  C:\Windows\System\pzgmRBZ.exe
  2⤵
  PID:5372
- C:\Windows\System\NfHFLUX.exe
  C:\Windows\System\NfHFLUX.exe
  2⤵
  PID:5388
- C:\Windows\System\DWrHKQo.exe
  C:\Windows\System\DWrHKQo.exe
  2⤵
  PID:5404
- C:\Windows\System\gnOdijl.exe
  C:\Windows\System\gnOdijl.exe
  2⤵
  PID:5424
- C:\Windows\System\MVjkhOW.exe
  C:\Windows\System\MVjkhOW.exe
  2⤵
  PID:5440
- C:\Windows\System\AJXVgpO.exe
  C:\Windows\System\AJXVgpO.exe
  2⤵
  PID:5456
- C:\Windows\System\RMgrwFa.exe
  C:\Windows\System\RMgrwFa.exe
  2⤵
  PID:5472
- C:\Windows\System\vkqoGSy.exe
  C:\Windows\System\vkqoGSy.exe
  2⤵
  PID:5488
- C:\Windows\System\lTxheeZ.exe
  C:\Windows\System\lTxheeZ.exe
  2⤵
  PID:5504
- C:\Windows\System\pqoeEng.exe
  C:\Windows\System\pqoeEng.exe
  2⤵
  PID:5520
- C:\Windows\System\xCaIMFU.exe
  C:\Windows\System\xCaIMFU.exe
  2⤵
  PID:5536
- C:\Windows\System\agAindJ.exe
  C:\Windows\System\agAindJ.exe
  2⤵
  PID:5552
- C:\Windows\System\tmVOqMp.exe
  C:\Windows\System\tmVOqMp.exe
  2⤵
  PID:5568
- C:\Windows\System\VtJAecB.exe
  C:\Windows\System\VtJAecB.exe
  2⤵
  PID:5584
- C:\Windows\System\utRKcUJ.exe
  C:\Windows\System\utRKcUJ.exe
  2⤵
  PID:5600
- C:\Windows\System\ISmRekp.exe
  C:\Windows\System\ISmRekp.exe
  2⤵
  PID:5616
- C:\Windows\System\bBxBFpf.exe
  C:\Windows\System\bBxBFpf.exe
  2⤵
  PID:5632
- C:\Windows\System\GTXNABS.exe
  C:\Windows\System\GTXNABS.exe
  2⤵
  PID:5648
- C:\Windows\System\CWdeCwK.exe
  C:\Windows\System\CWdeCwK.exe
  2⤵
  PID:5664
- C:\Windows\System\pdPoAwJ.exe
  C:\Windows\System\pdPoAwJ.exe
  2⤵
  PID:5680
- C:\Windows\System\ZTjqsxf.exe
  C:\Windows\System\ZTjqsxf.exe
  2⤵
  PID:5696
- C:\Windows\System\xmsLCRZ.exe
  C:\Windows\System\xmsLCRZ.exe
  2⤵
  PID:5712
- C:\Windows\System\BfVmKsN.exe
  C:\Windows\System\BfVmKsN.exe
  2⤵
  PID:5728
- C:\Windows\System\GcgHxbu.exe
  C:\Windows\System\GcgHxbu.exe
  2⤵
  PID:5744
- C:\Windows\System\bXipaaK.exe
  C:\Windows\System\bXipaaK.exe
  2⤵
  PID:5760
- C:\Windows\System\WEbbdNj.exe
  C:\Windows\System\WEbbdNj.exe
  2⤵
  PID:5776
- C:\Windows\System\lJJkTJk.exe
  C:\Windows\System\lJJkTJk.exe
  2⤵
  PID:5792
- C:\Windows\System\SnDLyVd.exe
  C:\Windows\System\SnDLyVd.exe
  2⤵
  PID:5808
- C:\Windows\System\MqTUhmI.exe
  C:\Windows\System\MqTUhmI.exe
  2⤵
  PID:5824
- C:\Windows\System\iJSGppT.exe
  C:\Windows\System\iJSGppT.exe
  2⤵
  PID:5840
- C:\Windows\System\mSTClJm.exe
  C:\Windows\System\mSTClJm.exe
  2⤵
  PID:5856
- C:\Windows\System\lYuNCkc.exe
  C:\Windows\System\lYuNCkc.exe
  2⤵
  PID:5872
- C:\Windows\System\eKCFonp.exe
  C:\Windows\System\eKCFonp.exe
  2⤵
  PID:5888
- C:\Windows\System\KLhulJU.exe
  C:\Windows\System\KLhulJU.exe
  2⤵
  PID:5904
- C:\Windows\System\MmsBnRV.exe
  C:\Windows\System\MmsBnRV.exe
  2⤵
  PID:5920
- C:\Windows\System\eQKgLZw.exe
  C:\Windows\System\eQKgLZw.exe
  2⤵
  PID:5936
- C:\Windows\System\ZNGYgua.exe
  C:\Windows\System\ZNGYgua.exe
  2⤵
  PID:5956
- C:\Windows\System\mPhITkU.exe
  C:\Windows\System\mPhITkU.exe
  2⤵
  PID:5972
- C:\Windows\System\wHYrVCk.exe
  C:\Windows\System\wHYrVCk.exe
  2⤵
  PID:5988
- C:\Windows\System\BjjNnIx.exe
  C:\Windows\System\BjjNnIx.exe
  2⤵
  PID:6004
- C:\Windows\System\BeQhdZr.exe
  C:\Windows\System\BeQhdZr.exe
  2⤵
  PID:6020
- C:\Windows\System\zDUtqpS.exe
  C:\Windows\System\zDUtqpS.exe
  2⤵
  PID:6036
- C:\Windows\System\MpUhzPE.exe
  C:\Windows\System\MpUhzPE.exe
  2⤵
  PID:6052
- C:\Windows\System\zGfrwdT.exe
  C:\Windows\System\zGfrwdT.exe
  2⤵
  PID:6068
- C:\Windows\System\bQcGBTN.exe
  C:\Windows\System\bQcGBTN.exe
  2⤵
  PID:6084
- C:\Windows\System\SWuLFFP.exe
  C:\Windows\System\SWuLFFP.exe
  2⤵
  PID:6100
- C:\Windows\System\IqHTgWW.exe
  C:\Windows\System\IqHTgWW.exe
  2⤵
  PID:6116
- C:\Windows\System\KGTbIhL.exe
  C:\Windows\System\KGTbIhL.exe
  2⤵
  PID:6132
- C:\Windows\System\LhDfAwb.exe
  C:\Windows\System\LhDfAwb.exe
  2⤵
  PID:4644
- C:\Windows\System\CGdtvil.exe
  C:\Windows\System\CGdtvil.exe
  2⤵
  PID:5144
- C:\Windows\System\VqxeiWm.exe
  C:\Windows\System\VqxeiWm.exe
  2⤵
  PID:1672
- C:\Windows\System\OWWSgfC.exe
  C:\Windows\System\OWWSgfC.exe
  2⤵
  PID:5176
- C:\Windows\System\dIRwcXj.exe
  C:\Windows\System\dIRwcXj.exe
  2⤵
  PID:5220
- C:\Windows\System\UleQQdK.exe
  C:\Windows\System\UleQQdK.exe
  2⤵
  PID:5240
- C:\Windows\System\ZYLozfV.exe
  C:\Windows\System\ZYLozfV.exe
  2⤵
  PID:5284
- C:\Windows\System\JTcxgaL.exe
  C:\Windows\System\JTcxgaL.exe
  2⤵
  PID:5320
- C:\Windows\System\dwoWkYn.exe
  C:\Windows\System\dwoWkYn.exe
  2⤵
  PID:5300
- C:\Windows\System\DeSmvob.exe
  C:\Windows\System\DeSmvob.exe
  2⤵
  PID:5380
- C:\Windows\System\UpNDrxF.exe
  C:\Windows\System\UpNDrxF.exe
  2⤵
  PID:5464
- C:\Windows\System\wyAdWar.exe
  C:\Windows\System\wyAdWar.exe
  2⤵
  PID:5500
- C:\Windows\System\DYDJKBt.exe
  C:\Windows\System\DYDJKBt.exe
  2⤵
  PID:5548
- C:\Windows\System\kaEYRfq.exe
  C:\Windows\System\kaEYRfq.exe
  2⤵
  PID:5532
- C:\Windows\System\qfQTMQQ.exe
  C:\Windows\System\qfQTMQQ.exe
  2⤵
  PID:5592
- C:\Windows\System\iTUDIgx.exe
  C:\Windows\System\iTUDIgx.exe
  2⤵
  PID:5624
- C:\Windows\System\ziQRxDI.exe
  C:\Windows\System\ziQRxDI.exe
  2⤵
  PID:5704
- C:\Windows\System\EUNcGgg.exe
  C:\Windows\System\EUNcGgg.exe
  2⤵
  PID:5720
- C:\Windows\System\ivQXCwA.exe
  C:\Windows\System\ivQXCwA.exe
  2⤵
  PID:5768
- C:\Windows\System\nqInAtk.exe
  C:\Windows\System\nqInAtk.exe
  2⤵
  PID:5800
- C:\Windows\System\QrsKslk.exe
  C:\Windows\System\QrsKslk.exe
  2⤵
  PID:5836
- C:\Windows\System\PnzfLpM.exe
  C:\Windows\System\PnzfLpM.exe
  2⤵
  PID:5820
- C:\Windows\System\zvhcOIT.exe
  C:\Windows\System\zvhcOIT.exe
  2⤵
  PID:5868
- C:\Windows\System\DYveWZi.exe
  C:\Windows\System\DYveWZi.exe
  2⤵
  PID:5884
- C:\Windows\System\QRJSQij.exe
  C:\Windows\System\QRJSQij.exe
  2⤵
  PID:5928
- C:\Windows\System\hEJCaXb.exe
  C:\Windows\System\hEJCaXb.exe
  2⤵
  PID:5948
- C:\Windows\System\MzPcalz.exe
  C:\Windows\System\MzPcalz.exe
  2⤵
  PID:6032
- C:\Windows\System\nHeyfQG.exe
  C:\Windows\System\nHeyfQG.exe
  2⤵
  PID:6064
- C:\Windows\System\mWYHDic.exe
  C:\Windows\System\mWYHDic.exe
  2⤵
  PID:6048
- C:\Windows\System\zMpyhWz.exe
  C:\Windows\System\zMpyhWz.exe
  2⤵
  PID:6096
- C:\Windows\System\DITRozr.exe
  C:\Windows\System\DITRozr.exe
  2⤵
  PID:6108
- C:\Windows\System\ahGqeqA.exe
  C:\Windows\System\ahGqeqA.exe
  2⤵
  PID:4852
- C:\Windows\System\YVELarP.exe
  C:\Windows\System\YVELarP.exe
  2⤵
  PID:5160
- C:\Windows\System\RNSLCKl.exe
  C:\Windows\System\RNSLCKl.exe
  2⤵
  PID:5272
- C:\Windows\System\iRvYazJ.exe
  C:\Windows\System\iRvYazJ.exe
  2⤵
  PID:5364
- C:\Windows\System\nzVMoKa.exe
  C:\Windows\System\nzVMoKa.exe
  2⤵
  PID:5256
- C:\Windows\System\KBUYzKF.exe
  C:\Windows\System\KBUYzKF.exe
  2⤵
  PID:5348
- C:\Windows\System\WIjguOl.exe
  C:\Windows\System\WIjguOl.exe
  2⤵
  PID:5412
- C:\Windows\System\AYAkVdj.exe
  C:\Windows\System\AYAkVdj.exe
  2⤵
  PID:5436
- C:\Windows\System\WiCjfRJ.exe
  C:\Windows\System\WiCjfRJ.exe
  2⤵
  PID:5516
- C:\Windows\System\Pjscceg.exe
  C:\Windows\System\Pjscceg.exe
  2⤵
  PID:5640
- C:\Windows\System\ZFgWJJs.exe
  C:\Windows\System\ZFgWJJs.exe
  2⤵
  PID:5580
- C:\Windows\System\tFHKZGc.exe
  C:\Windows\System\tFHKZGc.exe
  2⤵
  PID:5756
- C:\Windows\System\XeqShZZ.exe
  C:\Windows\System\XeqShZZ.exe
  2⤵
  PID:5784
- C:\Windows\System\dBjgZYz.exe
  C:\Windows\System\dBjgZYz.exe
  2⤵
  PID:4916
- C:\Windows\System\GPbbhHF.exe
  C:\Windows\System\GPbbhHF.exe
  2⤵
  PID:5944
- C:\Windows\System\OIlDush.exe
  C:\Windows\System\OIlDush.exe
  2⤵
  PID:5420
- C:\Windows\System\RaQNmCj.exe
  C:\Windows\System\RaQNmCj.exe
  2⤵
  PID:5188
- C:\Windows\System\QENVcBk.exe
  C:\Windows\System\QENVcBk.exe
  2⤵
  PID:5208
- C:\Windows\System\ejOFjXc.exe
  C:\Windows\System\ejOFjXc.exe
  2⤵
  PID:4724
- C:\Windows\System\aqEiMhu.exe
  C:\Windows\System\aqEiMhu.exe
  2⤵
  PID:5452
- C:\Windows\System\OzBYKkZ.exe
  C:\Windows\System\OzBYKkZ.exe
  2⤵
  PID:5352
- C:\Windows\System\SGvwxvy.exe
  C:\Windows\System\SGvwxvy.exe
  2⤵
  PID:6016
- C:\Windows\System\svFvGAP.exe
  C:\Windows\System\svFvGAP.exe
  2⤵
  PID:5560
- C:\Windows\System\XojULnY.exe
  C:\Windows\System\XojULnY.exe
  2⤵
  PID:5544
- C:\Windows\System\EanQDra.exe
  C:\Windows\System\EanQDra.exe
  2⤵
  PID:5692
- C:\Windows\System\VcqKRQA.exe
  C:\Windows\System\VcqKRQA.exe
  2⤵
  PID:5880
- C:\Windows\System\fZmbwKf.exe
  C:\Windows\System\fZmbwKf.exe
  2⤵
  PID:6080
- C:\Windows\System\sXPAUCK.exe
  C:\Windows\System\sXPAUCK.exe
  2⤵
  PID:5204
- C:\Windows\System\WfIjovU.exe
  C:\Windows\System\WfIjovU.exe
  2⤵
  PID:5368
- C:\Windows\System\igunWTg.exe
  C:\Windows\System\igunWTg.exe
  2⤵
  PID:5416
- C:\Windows\System\mBThHsP.exe
  C:\Windows\System\mBThHsP.exe
  2⤵
  PID:6028
- C:\Windows\System\FxyBRnp.exe
  C:\Windows\System\FxyBRnp.exe
  2⤵
  PID:5964
- C:\Windows\System\mWpwCZU.exe
  C:\Windows\System\mWpwCZU.exe
  2⤵
  PID:6044
- C:\Windows\System\rTKfNHg.exe
  C:\Windows\System\rTKfNHg.exe
  2⤵
  PID:6444
- C:\Windows\System\HqCjHBQ.exe
  C:\Windows\System\HqCjHBQ.exe
  2⤵
  PID:6536
- C:\Windows\System\YgGZmgW.exe
  C:\Windows\System\YgGZmgW.exe
  2⤵
  PID:6632
- C:\Windows\System\koxBhKN.exe
  C:\Windows\System\koxBhKN.exe
  2⤵
  PID:6648
- C:\Windows\System\rCUAlta.exe
  C:\Windows\System\rCUAlta.exe
  2⤵
  PID:6664
- C:\Windows\System\FulTwuP.exe
  C:\Windows\System\FulTwuP.exe
  2⤵
  PID:6688
- C:\Windows\System\erAmNrG.exe
  C:\Windows\System\erAmNrG.exe
  2⤵
  PID:6704
- C:\Windows\System\YgiTvjL.exe
  C:\Windows\System\YgiTvjL.exe
  2⤵
  PID:6720
- C:\Windows\System\TZoFQHB.exe
  C:\Windows\System\TZoFQHB.exe
  2⤵
  PID:6736
- C:\Windows\System\unjXTUd.exe
  C:\Windows\System\unjXTUd.exe
  2⤵
  PID:6752
- C:\Windows\System\hWttrjT.exe
  C:\Windows\System\hWttrjT.exe
  2⤵
  PID:6768
- C:\Windows\System\TTdgodD.exe
  C:\Windows\System\TTdgodD.exe
  2⤵
  PID:6784
- C:\Windows\System\GRVWFWj.exe
  C:\Windows\System\GRVWFWj.exe
  2⤵
  PID:6800
- C:\Windows\System\hRLhbnW.exe
  C:\Windows\System\hRLhbnW.exe
  2⤵
  PID:6816
- C:\Windows\System\udOCKQt.exe
  C:\Windows\System\udOCKQt.exe
  2⤵
  PID:6832
- C:\Windows\System\jVvKGQi.exe
  C:\Windows\System\jVvKGQi.exe
  2⤵
  PID:6848
- C:\Windows\System\wPPOVNL.exe
  C:\Windows\System\wPPOVNL.exe
  2⤵
  PID:6864
- C:\Windows\System\WewDItv.exe
  C:\Windows\System\WewDItv.exe
  2⤵
  PID:6880
- C:\Windows\System\fqYargB.exe
  C:\Windows\System\fqYargB.exe
  2⤵
  PID:6896
- C:\Windows\System\XFQxFOO.exe
  C:\Windows\System\XFQxFOO.exe
  2⤵
  PID:6912
- C:\Windows\System\dExsCvY.exe
  C:\Windows\System\dExsCvY.exe
  2⤵
  PID:6928
- C:\Windows\System\YVOfLpk.exe
  C:\Windows\System\YVOfLpk.exe
  2⤵
  PID:6944
- C:\Windows\System\EZWhXsi.exe
  C:\Windows\System\EZWhXsi.exe
  2⤵
  PID:6960
- C:\Windows\System\clrvODw.exe
  C:\Windows\System\clrvODw.exe
  2⤵
  PID:6976
- C:\Windows\System\tENhSOj.exe
  C:\Windows\System\tENhSOj.exe
  2⤵
  PID:6992
- C:\Windows\System\ZmokiFp.exe
  C:\Windows\System\ZmokiFp.exe
  2⤵
  PID:7008
- C:\Windows\System\JuvKIlU.exe
  C:\Windows\System\JuvKIlU.exe
  2⤵
  PID:7024
- C:\Windows\System\YqVaiFM.exe
  C:\Windows\System\YqVaiFM.exe
  2⤵
  PID:7040
- C:\Windows\System\YkxEPxn.exe
  C:\Windows\System\YkxEPxn.exe
  2⤵
  PID:7056
- C:\Windows\System\zkETZAB.exe
  C:\Windows\System\zkETZAB.exe
  2⤵
  PID:7072
- C:\Windows\System\lTblGpk.exe
  C:\Windows\System\lTblGpk.exe
  2⤵
  PID:7088
- C:\Windows\System\ylNCaDA.exe
  C:\Windows\System\ylNCaDA.exe
  2⤵
  PID:7104
- C:\Windows\System\kedQYaA.exe
  C:\Windows\System\kedQYaA.exe
  2⤵
  PID:7120
- C:\Windows\System\zSmdSDg.exe
  C:\Windows\System\zSmdSDg.exe
  2⤵
  PID:7136
- C:\Windows\System\oLbYiCK.exe
  C:\Windows\System\oLbYiCK.exe
  2⤵
  PID:7152
- C:\Windows\System\axMltGi.exe
  C:\Windows\System\axMltGi.exe
  2⤵
  PID:6160
- C:\Windows\System\wPDrFFx.exe
  C:\Windows\System\wPDrFFx.exe
  2⤵
  PID:6188
- C:\Windows\System\xHBIKba.exe
  C:\Windows\System\xHBIKba.exe
  2⤵
  PID:6456
- C:\Windows\System\XsounsP.exe
  C:\Windows\System\XsounsP.exe
  2⤵
  PID:6468
- C:\Windows\System\kpLaemG.exe
  C:\Windows\System\kpLaemG.exe
  2⤵
  PID:6484
- C:\Windows\System\aaqfeWw.exe
  C:\Windows\System\aaqfeWw.exe
  2⤵
  PID:6500
- C:\Windows\System\wqOhemM.exe
  C:\Windows\System\wqOhemM.exe
  2⤵
  PID:6520
- C:\Windows\System\EMxDziZ.exe
  C:\Windows\System\EMxDziZ.exe
  2⤵
  PID:6508
- C:\Windows\System\LEpVzOF.exe
  C:\Windows\System\LEpVzOF.exe
  2⤵
  PID:5852
- C:\Windows\System\GsfBXbh.exe
  C:\Windows\System\GsfBXbh.exe
  2⤵
  PID:6272
- C:\Windows\System\UqELpJU.exe
  C:\Windows\System\UqELpJU.exe
  2⤵
  PID:5332
- C:\Windows\System\eukxNRg.exe
  C:\Windows\System\eukxNRg.exe
  2⤵
  PID:6304
- C:\Windows\System\PpRHKDz.exe
  C:\Windows\System\PpRHKDz.exe
  2⤵
  PID:6336
- C:\Windows\System\AfYMpux.exe
  C:\Windows\System\AfYMpux.exe
  2⤵
  PID:6356
- C:\Windows\System\vSQpAAj.exe
  C:\Windows\System\vSQpAAj.exe
  2⤵
  PID:6372
- C:\Windows\System\roYmRVk.exe
  C:\Windows\System\roYmRVk.exe
  2⤵
  PID:6392
- C:\Windows\System\uxRkkOJ.exe
  C:\Windows\System\uxRkkOJ.exe
  2⤵
  PID:6400
- C:\Windows\System\arBFcpw.exe
  C:\Windows\System\arBFcpw.exe
  2⤵
  PID:6416
- C:\Windows\System\IdDYZcv.exe
  C:\Windows\System\IdDYZcv.exe
  2⤵
  PID:6432
- C:\Windows\System\iMzaPCU.exe
  C:\Windows\System\iMzaPCU.exe
  2⤵
  PID:6168
- C:\Windows\System\QabHPdo.exe
  C:\Windows\System\QabHPdo.exe
  2⤵
  PID:6192
- C:\Windows\System\zcvYJWL.exe
  C:\Windows\System\zcvYJWL.exe
  2⤵
  PID:6548
- C:\Windows\System\HmKbJZK.exe
  C:\Windows\System\HmKbJZK.exe
  2⤵
  PID:6568
- C:\Windows\System\zHsJkHh.exe
  C:\Windows\System\zHsJkHh.exe
  2⤵
  PID:6588
- C:\Windows\System\tglMazp.exe
  C:\Windows\System\tglMazp.exe
  2⤵
  PID:6216
- C:\Windows\System\yJZZsVC.exe
  C:\Windows\System\yJZZsVC.exe
  2⤵
  PID:6232
- C:\Windows\System\vCHKFoh.exe
  C:\Windows\System\vCHKFoh.exe
  2⤵
  PID:6244
- C:\Windows\System\qDOyrVr.exe
  C:\Windows\System\qDOyrVr.exe
  2⤵
  PID:6644
- C:\Windows\System\bPmnBQe.exe
  C:\Windows\System\bPmnBQe.exe
  2⤵
  PID:6680
- C:\Windows\System\NnTZGRp.exe
  C:\Windows\System\NnTZGRp.exe
  2⤵
  PID:6748
- C:\Windows\System\fVceatu.exe
  C:\Windows\System\fVceatu.exe
  2⤵
  PID:6256
- C:\Windows\System\tUqOOPz.exe
  C:\Windows\System\tUqOOPz.exe
  2⤵
  PID:6296
- C:\Windows\System\TVMcQDi.exe
  C:\Windows\System\TVMcQDi.exe
  2⤵
  PID:6352
- C:\Windows\System\UUnwjBA.exe
  C:\Windows\System\UUnwjBA.exe
  2⤵
  PID:6608
- C:\Windows\System\bYmIkrd.exe
  C:\Windows\System\bYmIkrd.exe
  2⤵
  PID:6620
- C:\Windows\System\INftasG.exe
  C:\Windows\System\INftasG.exe
  2⤵
  PID:6700
- C:\Windows\System\lGujCEN.exe
  C:\Windows\System\lGujCEN.exe
  2⤵
  PID:6764
- C:\Windows\System\KBLuopz.exe
  C:\Windows\System\KBLuopz.exe
  2⤵
  PID:6792
- C:\Windows\System\FTCxtWz.exe
  C:\Windows\System\FTCxtWz.exe
  2⤵
  PID:6828
- C:\Windows\System\BlsZnFf.exe
  C:\Windows\System\BlsZnFf.exe
  2⤵
  PID:6892
- C:\Windows\System\ibLjFhH.exe
  C:\Windows\System\ibLjFhH.exe
  2⤵
  PID:6904
- C:\Windows\System\ihRPbYc.exe
  C:\Windows\System\ihRPbYc.exe
  2⤵
  PID:6888
- C:\Windows\System\cWtUlOs.exe
  C:\Windows\System\cWtUlOs.exe
  2⤵
  PID:6940
- C:\Windows\System\rrSODOh.exe
  C:\Windows\System\rrSODOh.exe
  2⤵
  PID:6988
- C:\Windows\System\eSGgYzV.exe
  C:\Windows\System\eSGgYzV.exe
  2⤵
  PID:7036
- C:\Windows\System\jxZOOmo.exe
  C:\Windows\System\jxZOOmo.exe
  2⤵
  PID:7100
- C:\Windows\System\FHJjfYe.exe
  C:\Windows\System\FHJjfYe.exe
  2⤵
  PID:7132
- C:\Windows\System\GbXTgPA.exe
  C:\Windows\System\GbXTgPA.exe
  2⤵
  PID:7080
- C:\Windows\System\rHRsTMs.exe
  C:\Windows\System\rHRsTMs.exe
  2⤵
  PID:7160
- C:\Windows\System\yMwjmKw.exe
  C:\Windows\System\yMwjmKw.exe
  2⤵
  PID:6012
- C:\Windows\System\TaUGOdR.exe
  C:\Windows\System\TaUGOdR.exe
  2⤵
  PID:6480
- C:\Windows\System\ufxbiCF.exe
  C:\Windows\System\ufxbiCF.exe
  2⤵
  PID:6496
- C:\Windows\System\sMqXuoW.exe
  C:\Windows\System\sMqXuoW.exe
  2⤵
  PID:6492
- C:\Windows\System\AsMfxOU.exe
  C:\Windows\System\AsMfxOU.exe
  2⤵
  PID:6268
- C:\Windows\System\xDYZoJC.exe
  C:\Windows\System\xDYZoJC.exe
  2⤵
  PID:6328
- C:\Windows\System\kSiXSpy.exe
  C:\Windows\System\kSiXSpy.exe
  2⤵
  PID:6364
- C:\Windows\System\NpFnrkE.exe
  C:\Windows\System\NpFnrkE.exe
  2⤵
  PID:6384
- C:\Windows\System\VXKnxmt.exe
  C:\Windows\System\VXKnxmt.exe
  2⤵
  PID:6184
- C:\Windows\System\qOOfOFt.exe
  C:\Windows\System\qOOfOFt.exe
  2⤵
  PID:6164
- C:\Windows\System\yyEFSwg.exe
  C:\Windows\System\yyEFSwg.exe
  2⤵
  PID:6408
- C:\Windows\System\VzLdykN.exe
  C:\Windows\System\VzLdykN.exe
  2⤵
  PID:6212
- C:\Windows\System\dUeYpke.exe
  C:\Windows\System\dUeYpke.exe
  2⤵
  PID:6596
- C:\Windows\System\qvCsAXl.exe
  C:\Windows\System\qvCsAXl.exe
  2⤵
  PID:6612
- C:\Windows\System\btrnaUY.exe
  C:\Windows\System\btrnaUY.exe
  2⤵
  PID:6716
- C:\Windows\System\tqQmpvZ.exe
  C:\Windows\System\tqQmpvZ.exe
  2⤵
  PID:6600
- C:\Windows\System\lJrSARd.exe
  C:\Windows\System\lJrSARd.exe
  2⤵
  PID:6284
- C:\Windows\System\TcybivM.exe
  C:\Windows\System\TcybivM.exe
  2⤵
  PID:6732
- C:\Windows\System\vcBZiMD.exe
  C:\Windows\System\vcBZiMD.exe
  2⤵
  PID:6812
- C:\Windows\System\EnTrhGo.exe
  C:\Windows\System\EnTrhGo.exe
  2⤵
  PID:6860
- C:\Windows\System\XSCzVmR.exe
  C:\Windows\System\XSCzVmR.exe
  2⤵
  PID:6856
- C:\Windows\System\nuxBqRb.exe
  C:\Windows\System\nuxBqRb.exe
  2⤵
  PID:7032
- C:\Windows\System\JraaZln.exe
  C:\Windows\System\JraaZln.exe
  2⤵
  PID:7020
- C:\Windows\System\xDBtKdw.exe
  C:\Windows\System\xDBtKdw.exe
  2⤵
  PID:7084
- C:\Windows\System\EypuAMB.exe
  C:\Windows\System\EypuAMB.exe
  2⤵
  PID:6276
- C:\Windows\System\gYUuVOg.exe
  C:\Windows\System\gYUuVOg.exe
  2⤵
  PID:6320
- C:\Windows\System\XcsDbjN.exe
  C:\Windows\System\XcsDbjN.exe
  2⤵
  PID:6428
- C:\Windows\System\raZhikw.exe
  C:\Windows\System\raZhikw.exe
  2⤵
  PID:6532
- C:\Windows\System\xopVprm.exe
  C:\Windows\System\xopVprm.exe
  2⤵
  PID:6380
- C:\Windows\System\MJLVGFF.exe
  C:\Windows\System\MJLVGFF.exe
  2⤵
  PID:6208
- C:\Windows\System\hLDMCkG.exe
  C:\Windows\System\hLDMCkG.exe
  2⤵
  PID:6744
- C:\Windows\System\abbCXcM.exe
  C:\Windows\System\abbCXcM.exe
  2⤵
  PID:6844
- C:\Windows\System\jocyFhd.exe
  C:\Windows\System\jocyFhd.exe
  2⤵
  PID:6656
- C:\Windows\System\uoJYhrF.exe
  C:\Windows\System\uoJYhrF.exe
  2⤵
  PID:6908
- C:\Windows\System\uLhIJTy.exe
  C:\Windows\System\uLhIJTy.exe
  2⤵
  PID:5672
- C:\Windows\System\vbecneX.exe
  C:\Windows\System\vbecneX.exe
  2⤵
  PID:6476
- C:\Windows\System\IpHqBYW.exe
  C:\Windows\System\IpHqBYW.exe
  2⤵
  PID:7052
- C:\Windows\System\vXKDkRd.exe
  C:\Windows\System\vXKDkRd.exe
  2⤵
  PID:5980
- C:\Windows\System\PEFGgtO.exe
  C:\Windows\System\PEFGgtO.exe
  2⤵
  PID:6584
- C:\Windows\System\gsoBOYw.exe
  C:\Windows\System\gsoBOYw.exe
  2⤵
  PID:6676
- C:\Windows\System\ptNABVY.exe
  C:\Windows\System\ptNABVY.exe
  2⤵
  PID:6624
- C:\Windows\System\DxzVbjn.exe
  C:\Windows\System\DxzVbjn.exe
  2⤵
  PID:7148
- C:\Windows\System\kyotkhd.exe
  C:\Windows\System\kyotkhd.exe
  2⤵
  PID:6412
- C:\Windows\System\vVqEfPi.exe
  C:\Windows\System\vVqEfPi.exe
  2⤵
  PID:7004
- C:\Windows\System\uckuMPY.exe
  C:\Windows\System\uckuMPY.exe
  2⤵
  PID:6604
- C:\Windows\System\MUYlMPL.exe
  C:\Windows\System\MUYlMPL.exe
  2⤵
  PID:7180
- C:\Windows\System\ASiSmZt.exe
  C:\Windows\System\ASiSmZt.exe
  2⤵
  PID:7196
- C:\Windows\System\yuZzFhj.exe
  C:\Windows\System\yuZzFhj.exe
  2⤵
  PID:7212
- C:\Windows\System\mibiEiF.exe
  C:\Windows\System\mibiEiF.exe
  2⤵
  PID:7228
- C:\Windows\System\MzrQhjE.exe
  C:\Windows\System\MzrQhjE.exe
  2⤵
  PID:7244
- C:\Windows\System\RevEIUt.exe
  C:\Windows\System\RevEIUt.exe
  2⤵
  PID:7260
- C:\Windows\System\YWCWVob.exe
  C:\Windows\System\YWCWVob.exe
  2⤵
  PID:7276
- C:\Windows\System\QRyGcur.exe
  C:\Windows\System\QRyGcur.exe
  2⤵
  PID:7292
- C:\Windows\System\svqniqn.exe
  C:\Windows\System\svqniqn.exe
  2⤵
  PID:7308
- C:\Windows\System\TmzHQio.exe
  C:\Windows\System\TmzHQio.exe
  2⤵
  PID:7324
- C:\Windows\System\BfysjzZ.exe
  C:\Windows\System\BfysjzZ.exe
  2⤵
  PID:7340
- C:\Windows\System\hyFAGMZ.exe
  C:\Windows\System\hyFAGMZ.exe
  2⤵
  PID:7356
- C:\Windows\System\ZgXtoVz.exe
  C:\Windows\System\ZgXtoVz.exe
  2⤵
  PID:7372
- C:\Windows\System\bkWXNhs.exe
  C:\Windows\System\bkWXNhs.exe
  2⤵
  PID:7388
- C:\Windows\System\LHzNehB.exe
  C:\Windows\System\LHzNehB.exe
  2⤵
  PID:7404
- C:\Windows\System\MVOJmrC.exe
  C:\Windows\System\MVOJmrC.exe
  2⤵
  PID:7420
- C:\Windows\System\cTCgNAg.exe
  C:\Windows\System\cTCgNAg.exe
  2⤵
  PID:7436
- C:\Windows\System\oZmHWiD.exe
  C:\Windows\System\oZmHWiD.exe
  2⤵
  PID:7452
- C:\Windows\System\SlTIMTk.exe
  C:\Windows\System\SlTIMTk.exe
  2⤵
  PID:7468
- C:\Windows\System\WRfywen.exe
  C:\Windows\System\WRfywen.exe
  2⤵
  PID:7484
- C:\Windows\System\EcKjtMj.exe
  C:\Windows\System\EcKjtMj.exe
  2⤵
  PID:7500
- C:\Windows\System\HllFHiz.exe
  C:\Windows\System\HllFHiz.exe
  2⤵
  PID:7516
- C:\Windows\System\qoBSKKW.exe
  C:\Windows\System\qoBSKKW.exe
  2⤵
  PID:7536
- C:\Windows\System\CSKwzKK.exe
  C:\Windows\System\CSKwzKK.exe
  2⤵
  PID:7552
- C:\Windows\System\RkpMwWr.exe
  C:\Windows\System\RkpMwWr.exe
  2⤵
  PID:7568
- C:\Windows\System\GMtaBAZ.exe
  C:\Windows\System\GMtaBAZ.exe
  2⤵
  PID:7584
- C:\Windows\System\ufitbMr.exe
  C:\Windows\System\ufitbMr.exe
  2⤵
  PID:7600
- C:\Windows\System\XxddFMW.exe
  C:\Windows\System\XxddFMW.exe
  2⤵
  PID:7616
- C:\Windows\System\mdjamOK.exe
  C:\Windows\System\mdjamOK.exe
  2⤵
  PID:7632
- C:\Windows\System\TkOOwcT.exe
  C:\Windows\System\TkOOwcT.exe
  2⤵
  PID:7652
- C:\Windows\System\WOFSboT.exe
  C:\Windows\System\WOFSboT.exe
  2⤵
  PID:7668
- C:\Windows\System\cAGeXum.exe
  C:\Windows\System\cAGeXum.exe
  2⤵
  PID:7684
- C:\Windows\System\BHIAocK.exe
  C:\Windows\System\BHIAocK.exe
  2⤵
  PID:7700
- C:\Windows\System\tGuoqmW.exe
  C:\Windows\System\tGuoqmW.exe
  2⤵
  PID:7716
- C:\Windows\System\fueDYrY.exe
  C:\Windows\System\fueDYrY.exe
  2⤵
  PID:7732
- C:\Windows\System\fOcpaDs.exe
  C:\Windows\System\fOcpaDs.exe
  2⤵
  PID:7752
- C:\Windows\System\DyKkfTj.exe
  C:\Windows\System\DyKkfTj.exe
  2⤵
  PID:7772
- C:\Windows\System\HPXJEup.exe
  C:\Windows\System\HPXJEup.exe
  2⤵
  PID:7788
- C:\Windows\System\SNqzIGT.exe
  C:\Windows\System\SNqzIGT.exe
  2⤵
  PID:7804
- C:\Windows\System\evenzCE.exe
  C:\Windows\System\evenzCE.exe
  2⤵
  PID:7820
- C:\Windows\System\zyFyzxl.exe
  C:\Windows\System\zyFyzxl.exe
  2⤵
  PID:7836
- C:\Windows\System\whnwEgO.exe
  C:\Windows\System\whnwEgO.exe
  2⤵
  PID:7852
- C:\Windows\System\GJfucSK.exe
  C:\Windows\System\GJfucSK.exe
  2⤵
  PID:7868
- C:\Windows\System\BIMcKbF.exe
  C:\Windows\System\BIMcKbF.exe
  2⤵
  PID:7888
- C:\Windows\System\mGqzdLR.exe
  C:\Windows\System\mGqzdLR.exe
  2⤵
  PID:7904
- C:\Windows\System\bdhiuXO.exe
  C:\Windows\System\bdhiuXO.exe
  2⤵
  PID:7920
- C:\Windows\System\lpwkLAW.exe
  C:\Windows\System\lpwkLAW.exe
  2⤵
  PID:7936
- C:\Windows\System\ZXmluso.exe
  C:\Windows\System\ZXmluso.exe
  2⤵
  PID:7952
- C:\Windows\System\drbybda.exe
  C:\Windows\System\drbybda.exe
  2⤵
  PID:7968
- C:\Windows\System\CYMpbPL.exe
  C:\Windows\System\CYMpbPL.exe
  2⤵
  PID:7984
- C:\Windows\System\ppJsBNq.exe
  C:\Windows\System\ppJsBNq.exe
  2⤵
  PID:8000
- C:\Windows\System\UcUsoqy.exe
  C:\Windows\System\UcUsoqy.exe
  2⤵
  PID:8016
- C:\Windows\System\KxezYiE.exe
  C:\Windows\System\KxezYiE.exe
  2⤵
  PID:8032
- C:\Windows\System\qnvLpCn.exe
  C:\Windows\System\qnvLpCn.exe
  2⤵
  PID:8048
- C:\Windows\System\UyIQzXL.exe
  C:\Windows\System\UyIQzXL.exe
  2⤵
  PID:8064
- C:\Windows\System\iInWStW.exe
  C:\Windows\System\iInWStW.exe
  2⤵
  PID:8080
- C:\Windows\System\Lksoanr.exe
  C:\Windows\System\Lksoanr.exe
  2⤵
  PID:8096
- C:\Windows\System\ODhApqL.exe
  C:\Windows\System\ODhApqL.exe
  2⤵
  PID:8112
- C:\Windows\System\nEsqcbf.exe
  C:\Windows\System\nEsqcbf.exe
  2⤵
  PID:8128
- C:\Windows\System\RtCboSZ.exe
  C:\Windows\System\RtCboSZ.exe
  2⤵
  PID:8144
- C:\Windows\System\pNZGlpH.exe
  C:\Windows\System\pNZGlpH.exe
  2⤵
  PID:8160
- C:\Windows\System\lkuAPOZ.exe
  C:\Windows\System\lkuAPOZ.exe
  2⤵
  PID:8176
- C:\Windows\System\NBtRZVf.exe
  C:\Windows\System\NBtRZVf.exe
  2⤵
  PID:7068
- C:\Windows\System\kbzCVgw.exe
  C:\Windows\System\kbzCVgw.exe
  2⤵
  PID:7204
- C:\Windows\System\RSgxLjP.exe
  C:\Windows\System\RSgxLjP.exe
  2⤵
  PID:6984
- C:\Windows\System\JFYNajk.exe
  C:\Windows\System\JFYNajk.exe
  2⤵
  PID:7188
- C:\Windows\System\tHbPwBn.exe
  C:\Windows\System\tHbPwBn.exe
  2⤵
  PID:7256
- C:\Windows\System\wvZISYl.exe
  C:\Windows\System\wvZISYl.exe
  2⤵
  PID:7332
- C:\Windows\System\bpeKZHo.exe
  C:\Windows\System\bpeKZHo.exe
  2⤵
  PID:7396
- C:\Windows\System\zrfAJAX.exe
  C:\Windows\System\zrfAJAX.exe
  2⤵
  PID:7416
- C:\Windows\System\hUAMIce.exe
  C:\Windows\System\hUAMIce.exe
  2⤵
  PID:7448
- C:\Windows\System\QYPRhwQ.exe
  C:\Windows\System\QYPRhwQ.exe
  2⤵
  PID:7528
- C:\Windows\System\jaPGZPb.exe
  C:\Windows\System\jaPGZPb.exe
  2⤵
  PID:7476
- C:\Windows\System\LwJBMbB.exe
  C:\Windows\System\LwJBMbB.exe
  2⤵
  PID:7596
- C:\Windows\System\AjWJAmb.exe
  C:\Windows\System\AjWJAmb.exe
  2⤵
  PID:7612
- C:\Windows\System\lFGzUys.exe
  C:\Windows\System\lFGzUys.exe
  2⤵
  PID:7696
- C:\Windows\System\cwHWqfz.exe
  C:\Windows\System\cwHWqfz.exe
  2⤵
  PID:7708
- C:\Windows\System\MxcAGBT.exe
  C:\Windows\System\MxcAGBT.exe
  2⤵
  PID:7680
- C:\Windows\System\yzcwxHh.exe
  C:\Windows\System\yzcwxHh.exe
  2⤵
  PID:7744
- C:\Windows\System\nWCSnbt.exe
  C:\Windows\System\nWCSnbt.exe
  2⤵
  PID:7796
- C:\Windows\System\LMFJFXx.exe
  C:\Windows\System\LMFJFXx.exe
  2⤵
  PID:7828
- C:\Windows\System\PtXZHNc.exe
  C:\Windows\System\PtXZHNc.exe
  2⤵
  PID:7864
- C:\Windows\System\qKGEDFI.exe
  C:\Windows\System\qKGEDFI.exe
  2⤵
  PID:7848
- C:\Windows\System\nNUXwQl.exe
  C:\Windows\System\nNUXwQl.exe
  2⤵
  PID:7932
- C:\Windows\System\QPmflbr.exe
  C:\Windows\System\QPmflbr.exe
  2⤵
  PID:7916
- C:\Windows\System\FKSAyHs.exe
  C:\Windows\System\FKSAyHs.exe
  2⤵
  PID:7980
- C:\Windows\System\hqWribT.exe
  C:\Windows\System\hqWribT.exe
  2⤵
  PID:8008
- C:\Windows\System\RGPDZVp.exe
  C:\Windows\System\RGPDZVp.exe
  2⤵
  PID:8120
- C:\Windows\System\FATLuMm.exe
  C:\Windows\System\FATLuMm.exe
  2⤵
  PID:7268
- C:\Windows\System\KwyozjB.exe
  C:\Windows\System\KwyozjB.exe
  2⤵
  PID:8076
- C:\Windows\System\wcRzcZJ.exe
  C:\Windows\System\wcRzcZJ.exe
  2⤵
  PID:8172
- C:\Windows\System\smItzxz.exe
  C:\Windows\System\smItzxz.exe
  2⤵
  PID:7272
- C:\Windows\System\taTvWeM.exe
  C:\Windows\System\taTvWeM.exe
  2⤵
  PID:7348
- C:\Windows\System\ZGNDQmh.exe
  C:\Windows\System\ZGNDQmh.exe
  2⤵
  PID:7544
- C:\Windows\System\JztRDMu.exe
  C:\Windows\System\JztRDMu.exe
  2⤵
  PID:7288
- C:\Windows\System\yyGjIrC.exe
  C:\Windows\System\yyGjIrC.exe
  2⤵
  PID:7412
- C:\Windows\System\YLbhnCF.exe
  C:\Windows\System\YLbhnCF.exe
  2⤵
  PID:7524
- C:\Windows\System\iMoIGXe.exe
  C:\Windows\System\iMoIGXe.exe
  2⤵
  PID:7560
- C:\Windows\System\iXYyonJ.exe
  C:\Windows\System\iXYyonJ.exe
  2⤵
  PID:7592
- C:\Windows\System\lXmaZay.exe
  C:\Windows\System\lXmaZay.exe
  2⤵
  PID:7608
- C:\Windows\System\kuhrDTg.exe
  C:\Windows\System\kuhrDTg.exe
  2⤵
  PID:7648
- C:\Windows\System\CaDZXOz.exe
  C:\Windows\System\CaDZXOz.exe
  2⤵
  PID:7760
- C:\Windows\System\GismLaf.exe
  C:\Windows\System\GismLaf.exe
  2⤵
  PID:7860
- C:\Windows\System\zLBZBdH.exe
  C:\Windows\System\zLBZBdH.exe
  2⤵
  PID:7912
- C:\Windows\System\GpnDzfC.exe
  C:\Windows\System\GpnDzfC.exe
  2⤵
  PID:8024
- C:\Windows\System\BsORmDq.exe
  C:\Windows\System\BsORmDq.exe
  2⤵
  PID:8028
- C:\Windows\System\PuOPAoL.exe
  C:\Windows\System\PuOPAoL.exe
  2⤵
  PID:8156
- C:\Windows\System\XpAXPck.exe
  C:\Windows\System\XpAXPck.exe
  2⤵
  PID:8072
- C:\Windows\System\fzQHOPv.exe
  C:\Windows\System\fzQHOPv.exe
  2⤵
  PID:8044
- C:\Windows\System\YCPewYi.exe
  C:\Windows\System\YCPewYi.exe
  2⤵
  PID:7336
- C:\Windows\System\qRbfPwC.exe
  C:\Windows\System\qRbfPwC.exe
  2⤵
  PID:7220
- C:\Windows\System\sPucGwo.exe
  C:\Windows\System\sPucGwo.exe
  2⤵
  PID:7224
- C:\Windows\System\qJUUKWb.exe
  C:\Windows\System\qJUUKWb.exe
  2⤵
  PID:7564
- C:\Windows\System\YKxZJBE.exe
  C:\Windows\System\YKxZJBE.exe
  2⤵
  PID:7768
- C:\Windows\System\yWxaFHf.exe
  C:\Windows\System\yWxaFHf.exe
  2⤵
  PID:7660
- C:\Windows\System\FLeGBpm.exe
  C:\Windows\System\FLeGBpm.exe
  2⤵
  PID:8108
- C:\Windows\System\ZbmMARE.exe
  C:\Windows\System\ZbmMARE.exe
  2⤵
  PID:7444
- C:\Windows\System\eqfeLWA.exe
  C:\Windows\System\eqfeLWA.exe
  2⤵
  PID:7664
- C:\Windows\System\bbZWnMd.exe
  C:\Windows\System\bbZWnMd.exe
  2⤵
  PID:7512
- C:\Windows\System\rlCROyA.exe
  C:\Windows\System\rlCROyA.exe
  2⤵
  PID:7676
- C:\Windows\System\bkzpNCg.exe
  C:\Windows\System\bkzpNCg.exe
  2⤵
  PID:8188
- C:\Windows\System\GvYNNOS.exe
  C:\Windows\System\GvYNNOS.exe
  2⤵
  PID:6972
- C:\Windows\System\zIttdbx.exe
  C:\Windows\System\zIttdbx.exe
  2⤵
  PID:7844
- C:\Windows\System\tosHelx.exe
  C:\Windows\System\tosHelx.exe
  2⤵
  PID:7728
- C:\Windows\System\gTfjYYT.exe
  C:\Windows\System\gTfjYYT.exe
  2⤵
  PID:7880
- C:\Windows\System\HxawJBh.exe
  C:\Windows\System\HxawJBh.exe
  2⤵
  PID:7300
- C:\Windows\System\ZrXoIbs.exe
  C:\Windows\System\ZrXoIbs.exe
  2⤵
  PID:8152
- C:\Windows\System\lYqUnqx.exe
  C:\Windows\System\lYqUnqx.exe
  2⤵
  PID:8196
- C:\Windows\System\SMWKwBW.exe
  C:\Windows\System\SMWKwBW.exe
  2⤵
  PID:8212
- C:\Windows\System\EieyOkF.exe
  C:\Windows\System\EieyOkF.exe
  2⤵
  PID:8228
- C:\Windows\System\krOcaCu.exe
  C:\Windows\System\krOcaCu.exe
  2⤵
  PID:8244
- C:\Windows\System\KHPCfdl.exe
  C:\Windows\System\KHPCfdl.exe
  2⤵
  PID:8260
- C:\Windows\System\wABDyWN.exe
  C:\Windows\System\wABDyWN.exe
  2⤵
  PID:8276
- C:\Windows\System\FYhYjDt.exe
  C:\Windows\System\FYhYjDt.exe
  2⤵
  PID:8292
- C:\Windows\System\NLqgzAP.exe
  C:\Windows\System\NLqgzAP.exe
  2⤵
  PID:8308
- C:\Windows\System\aEjaNBJ.exe
  C:\Windows\System\aEjaNBJ.exe
  2⤵
  PID:8324
- C:\Windows\System\XWdJOmy.exe
  C:\Windows\System\XWdJOmy.exe
  2⤵
  PID:8340
- C:\Windows\System\VIuxpEw.exe
  C:\Windows\System\VIuxpEw.exe
  2⤵
  PID:8360
- C:\Windows\System\nfDuPzg.exe
  C:\Windows\System\nfDuPzg.exe
  2⤵
  PID:8396
- C:\Windows\System\MRZWfNP.exe
  C:\Windows\System\MRZWfNP.exe
  2⤵
  PID:8412
- C:\Windows\System\KFuNclQ.exe
  C:\Windows\System\KFuNclQ.exe
  2⤵
  PID:8428
- C:\Windows\System\siHqwcw.exe
  C:\Windows\System\siHqwcw.exe
  2⤵
  PID:8444
- C:\Windows\System\YUMFzZn.exe
  C:\Windows\System\YUMFzZn.exe
  2⤵
  PID:8460
- C:\Windows\System\AxGqIrV.exe
  C:\Windows\System\AxGqIrV.exe
  2⤵
  PID:8476
- C:\Windows\System\OXNbfGd.exe
  C:\Windows\System\OXNbfGd.exe
  2⤵
  PID:8492
- C:\Windows\System\VePugTG.exe
  C:\Windows\System\VePugTG.exe
  2⤵
  PID:8508
- C:\Windows\System\XESRATP.exe
  C:\Windows\System\XESRATP.exe
  2⤵
  PID:8524
- C:\Windows\System\gkCnaMz.exe
  C:\Windows\System\gkCnaMz.exe
  2⤵
  PID:8540
- C:\Windows\System\RFOSxJH.exe
  C:\Windows\System\RFOSxJH.exe
  2⤵
  PID:8556
- C:\Windows\System\TXNgvCs.exe
  C:\Windows\System\TXNgvCs.exe
  2⤵
  PID:8572
- C:\Windows\System\ryrLird.exe
  C:\Windows\System\ryrLird.exe
  2⤵
  PID:8588
- C:\Windows\System\zEblQIR.exe
  C:\Windows\System\zEblQIR.exe
  2⤵
  PID:8604
- C:\Windows\System\GUeXfBB.exe
  C:\Windows\System\GUeXfBB.exe
  2⤵
  PID:8620
- C:\Windows\System\ftrxKRS.exe
  C:\Windows\System\ftrxKRS.exe
  2⤵
  PID:8636
- C:\Windows\System\dekFvJv.exe
  C:\Windows\System\dekFvJv.exe
  2⤵
  PID:8652
- C:\Windows\System\yrFZzuy.exe
  C:\Windows\System\yrFZzuy.exe
  2⤵
  PID:8668
- C:\Windows\System\SZaWHCM.exe
  C:\Windows\System\SZaWHCM.exe
  2⤵
  PID:8684
- C:\Windows\System\rvheieC.exe
  C:\Windows\System\rvheieC.exe
  2⤵
  PID:8700
- C:\Windows\System\JRNUMkS.exe
  C:\Windows\System\JRNUMkS.exe
  2⤵
  PID:8724
- C:\Windows\System\KpgTakI.exe
  C:\Windows\System\KpgTakI.exe
  2⤵
  PID:8740
- C:\Windows\System\wzjWTrg.exe
  C:\Windows\System\wzjWTrg.exe
  2⤵
  PID:8760
- C:\Windows\System\oweXvtb.exe
  C:\Windows\System\oweXvtb.exe
  2⤵
  PID:8780
- C:\Windows\System\WfctWxS.exe
  C:\Windows\System\WfctWxS.exe
  2⤵
  PID:8808
- C:\Windows\System\TrlWTIf.exe
  C:\Windows\System\TrlWTIf.exe
  2⤵
  PID:8836
- C:\Windows\System\EsjdMma.exe
  C:\Windows\System\EsjdMma.exe
  2⤵
  PID:8852
- C:\Windows\System\WdDmFHI.exe
  C:\Windows\System\WdDmFHI.exe
  2⤵
  PID:8880
- C:\Windows\System\NcywXCg.exe
  C:\Windows\System\NcywXCg.exe
  2⤵
  PID:8896
- C:\Windows\System\WvrJYjb.exe
  C:\Windows\System\WvrJYjb.exe
  2⤵
  PID:8916
- C:\Windows\System\CQZRZLq.exe
  C:\Windows\System\CQZRZLq.exe
  2⤵
  PID:8932
- C:\Windows\System\wxcQlFP.exe
  C:\Windows\System\wxcQlFP.exe
  2⤵
  PID:8948
- C:\Windows\System\wgCNeTk.exe
  C:\Windows\System\wgCNeTk.exe
  2⤵
  PID:8976
- C:\Windows\System\tjlWyCT.exe
  C:\Windows\System\tjlWyCT.exe
  2⤵
  PID:8992
- C:\Windows\System\FlpdGLv.exe
  C:\Windows\System\FlpdGLv.exe
  2⤵
  PID:9008
- C:\Windows\System\JCzSAwx.exe
  C:\Windows\System\JCzSAwx.exe
  2⤵
  PID:9024
- C:\Windows\System\YzAogMO.exe
  C:\Windows\System\YzAogMO.exe
  2⤵
  PID:9040
- C:\Windows\System\wJhZPER.exe
  C:\Windows\System\wJhZPER.exe
  2⤵
  PID:9056
- C:\Windows\System\cjvmfcC.exe
  C:\Windows\System\cjvmfcC.exe
  2⤵
  PID:9072
- C:\Windows\System\dbNMOXe.exe
  C:\Windows\System\dbNMOXe.exe
  2⤵
  PID:9088
- C:\Windows\System\Obudjvc.exe
  C:\Windows\System\Obudjvc.exe
  2⤵
  PID:9108
- C:\Windows\System\OPYpwxs.exe
  C:\Windows\System\OPYpwxs.exe
  2⤵
  PID:9124
- C:\Windows\System\djhEsTI.exe
  C:\Windows\System\djhEsTI.exe
  2⤵
  PID:9148
- C:\Windows\System\uYkWLvE.exe
  C:\Windows\System\uYkWLvE.exe
  2⤵
  PID:9164
- C:\Windows\System\QmVLTID.exe
  C:\Windows\System\QmVLTID.exe
  2⤵
  PID:8204
- C:\Windows\System\KrHWvvb.exe
  C:\Windows\System\KrHWvvb.exe
  2⤵
  PID:8300
- C:\Windows\System\kIabrHo.exe
  C:\Windows\System\kIabrHo.exe
  2⤵
  PID:8304
- C:\Windows\System\JtmBSTR.exe
  C:\Windows\System\JtmBSTR.exe
  2⤵
  PID:8380
- C:\Windows\System\yTXMLhi.exe
  C:\Windows\System\yTXMLhi.exe
  2⤵
  PID:8452
- C:\Windows\System\QHXDZRD.exe
  C:\Windows\System\QHXDZRD.exe
  2⤵
  PID:8440
- C:\Windows\System\KfQiKqR.exe
  C:\Windows\System\KfQiKqR.exe
  2⤵
  PID:8500
- C:\Windows\System\ZXeUUZw.exe
  C:\Windows\System\ZXeUUZw.exe
  2⤵
  PID:8520
- C:\Windows\System\vuIpuQL.exe
  C:\Windows\System\vuIpuQL.exe
  2⤵
  PID:8584
- C:\Windows\System\IGgJlOP.exe
  C:\Windows\System\IGgJlOP.exe
  2⤵
  PID:8504
- C:\Windows\System\gVMDQIQ.exe
  C:\Windows\System\gVMDQIQ.exe
  2⤵
  PID:8568
- C:\Windows\System\ddbqHhK.exe
  C:\Windows\System\ddbqHhK.exe
  2⤵
  PID:8628
- C:\Windows\System\XXKJBpY.exe
  C:\Windows\System\XXKJBpY.exe
  2⤵
  PID:8680
- C:\Windows\System\MXLaazH.exe
  C:\Windows\System\MXLaazH.exe
  2⤵
  PID:8708
- C:\Windows\System\fkHeTmH.exe
  C:\Windows\System\fkHeTmH.exe
  2⤵
  PID:8748
- C:\Windows\System\TFdmInJ.exe
  C:\Windows\System\TFdmInJ.exe
  2⤵
  PID:8796
- C:\Windows\System\yYrePvx.exe
  C:\Windows\System\yYrePvx.exe
  2⤵
  PID:8844
- C:\Windows\System\zBDumpA.exe
  C:\Windows\System\zBDumpA.exe
  2⤵
  PID:8768
- C:\Windows\System\aswxpiU.exe
  C:\Windows\System\aswxpiU.exe
  2⤵
  PID:8928
- C:\Windows\System\uSmjmwY.exe
  C:\Windows\System\uSmjmwY.exe
  2⤵
  PID:8912
- C:\Windows\System\fGeooVv.exe
  C:\Windows\System\fGeooVv.exe
  2⤵
  PID:8860
- C:\Windows\System\IQYNdKE.exe
  C:\Windows\System\IQYNdKE.exe
  2⤵
  PID:8876
- C:\Windows\System\hYhPzHO.exe
  C:\Windows\System\hYhPzHO.exe
  2⤵
  PID:8940
- C:\Windows\System\RSvVBcF.exe
  C:\Windows\System\RSvVBcF.exe
  2⤵
  PID:8964
- C:\Windows\System\zTjSqLX.exe
  C:\Windows\System\zTjSqLX.exe
  2⤵
  PID:9032
- C:\Windows\System\nOpRZXP.exe
  C:\Windows\System\nOpRZXP.exe
  2⤵
  PID:8984
- C:\Windows\System\Cvutfww.exe
  C:\Windows\System\Cvutfww.exe
  2⤵
  PID:9084
- C:\Windows\System\NtPSSZp.exe
  C:\Windows\System\NtPSSZp.exe
  2⤵
  PID:9116
- C:\Windows\System\vcMrTYt.exe
  C:\Windows\System\vcMrTYt.exe
  2⤵
  PID:7948
- C:\Windows\System\lPdpfxb.exe
  C:\Windows\System\lPdpfxb.exe
  2⤵
  PID:8272
- C:\Windows\System\lYdzpjc.exe
  C:\Windows\System\lYdzpjc.exe
  2⤵
  PID:8348
- C:\Windows\System\tXsJvmT.exe
  C:\Windows\System\tXsJvmT.exe
  2⤵
  PID:8368
- C:\Windows\System\DjHVHTw.exe
  C:\Windows\System\DjHVHTw.exe
  2⤵
  PID:8468
- C:\Windows\System\PnaCDqO.exe
  C:\Windows\System\PnaCDqO.exe
  2⤵
  PID:8516
- C:\Windows\System\isnjpnz.exe
  C:\Windows\System\isnjpnz.exe
  2⤵
  PID:8600
- C:\Windows\System\PMfAJTM.exe
  C:\Windows\System\PMfAJTM.exe
  2⤵
  PID:8692
- C:\Windows\System\GrxxFmI.exe
  C:\Windows\System\GrxxFmI.exe
  2⤵
  PID:8828
- C:\Windows\System\IgHeGyN.exe
  C:\Windows\System\IgHeGyN.exe
  2⤵
  PID:8872
- C:\Windows\System\xBkBTKc.exe
  C:\Windows\System\xBkBTKc.exe
  2⤵
  PID:9004
- C:\Windows\System\gEWcGXr.exe
  C:\Windows\System\gEWcGXr.exe
  2⤵
  PID:9156
- C:\Windows\System\dmANcvn.exe
  C:\Windows\System\dmANcvn.exe
  2⤵
  PID:9184
- C:\Windows\System\HSJRsxO.exe
  C:\Windows\System\HSJRsxO.exe
  2⤵
  PID:9200
- C:\Windows\System\vLxfGQq.exe
  C:\Windows\System\vLxfGQq.exe
  2⤵
  PID:9192
- C:\Windows\System\wNCsbxN.exe
  C:\Windows\System\wNCsbxN.exe
  2⤵
  PID:8284
- C:\Windows\System\NOAlPtC.exe
  C:\Windows\System\NOAlPtC.exe
  2⤵
  PID:8356
- C:\Windows\System\hzhwber.exe
  C:\Windows\System\hzhwber.exe
  2⤵
  PID:8564
- C:\Windows\System\CvNqBVM.exe
  C:\Windows\System\CvNqBVM.exe
  2⤵
  PID:8892
- C:\Windows\System\KXhoRmo.exe
  C:\Windows\System\KXhoRmo.exe
  2⤵
  PID:9000
- C:\Windows\System\pLSQaJm.exe
  C:\Windows\System\pLSQaJm.exe
  2⤵
  PID:9064
- C:\Windows\System\EmUJXiB.exe
  C:\Windows\System\EmUJXiB.exe
  2⤵
  PID:9136
- C:\Windows\System\FLtXZsi.exe
  C:\Windows\System\FLtXZsi.exe
  2⤵
  PID:8456
- C:\Windows\System\unKKcLa.exe
  C:\Windows\System\unKKcLa.exe
  2⤵
  PID:8660
- C:\Windows\System\aIPYKhj.exe
  C:\Windows\System\aIPYKhj.exe
  2⤵
  PID:8904
- C:\Windows\System\jrbaaus.exe
  C:\Windows\System\jrbaaus.exe
  2⤵
  PID:9016
- C:\Windows\System\qVSaHfE.exe
  C:\Windows\System\qVSaHfE.exe
  2⤵
  PID:9144
- C:\Windows\System\lefTukH.exe
  C:\Windows\System\lefTukH.exe
  2⤵
  PID:8168
- C:\Windows\System\pXhjVTY.exe
  C:\Windows\System\pXhjVTY.exe
  2⤵
  PID:8552
- C:\Windows\System\uQUhUAv.exe
  C:\Windows\System\uQUhUAv.exe
  2⤵
  PID:9100
- C:\Windows\System\poKdepd.exe
  C:\Windows\System\poKdepd.exe
  2⤵
  PID:8376
- C:\Windows\System\QspsoRd.exe
  C:\Windows\System\QspsoRd.exe
  2⤵
  PID:8788
- C:\Windows\System\agMFbIL.exe
  C:\Windows\System\agMFbIL.exe
  2⤵
  PID:9140
- C:\Windows\System\zasNWYe.exe
  C:\Windows\System\zasNWYe.exe
  2⤵
  PID:8320
- C:\Windows\System\MZAaztX.exe
  C:\Windows\System\MZAaztX.exe
  2⤵
  PID:8972
- C:\Windows\System\WiqvmKm.exe
  C:\Windows\System\WiqvmKm.exe
  2⤵
  PID:9212
- C:\Windows\System\faMDkIr.exe
  C:\Windows\System\faMDkIr.exe
  2⤵
  PID:9180
- C:\Windows\System\rXserHS.exe
  C:\Windows\System\rXserHS.exe
  2⤵
  PID:8256
- C:\Windows\System\lUXmCqw.exe
  C:\Windows\System\lUXmCqw.exe
  2⤵
  PID:9220
- C:\Windows\System\adIYzHu.exe
  C:\Windows\System\adIYzHu.exe
  2⤵
  PID:9252
- C:\Windows\System\uVyMMxr.exe
  C:\Windows\System\uVyMMxr.exe
  2⤵
  PID:9332
- C:\Windows\System\guQEWbi.exe
  C:\Windows\System\guQEWbi.exe
  2⤵
  PID:9348
- C:\Windows\System\noMPdDY.exe
  C:\Windows\System\noMPdDY.exe
  2⤵
  PID:9364
- C:\Windows\System\qgcBBIC.exe
  C:\Windows\System\qgcBBIC.exe
  2⤵
  PID:9380
- C:\Windows\System\DXJmxRv.exe
  C:\Windows\System\DXJmxRv.exe
  2⤵
  PID:9396
- C:\Windows\System\RiBEXLK.exe
  C:\Windows\System\RiBEXLK.exe
  2⤵
  PID:9412
- C:\Windows\System\pnINZsW.exe
  C:\Windows\System\pnINZsW.exe
  2⤵
  PID:9428
- C:\Windows\System\BVPdwWZ.exe
  C:\Windows\System\BVPdwWZ.exe
  2⤵
  PID:9448
- C:\Windows\System\LSHHzqW.exe
  C:\Windows\System\LSHHzqW.exe
  2⤵
  PID:9464
- C:\Windows\System\KTARnip.exe
  C:\Windows\System\KTARnip.exe
  2⤵
  PID:9480
- C:\Windows\System\gqENLIu.exe
  C:\Windows\System\gqENLIu.exe
  2⤵
  PID:9496
- C:\Windows\System\ZNhMvYF.exe
  C:\Windows\System\ZNhMvYF.exe
  2⤵
  PID:9512
- C:\Windows\System\WSrcSmA.exe
  C:\Windows\System\WSrcSmA.exe
  2⤵
  PID:9528
- C:\Windows\System\xtphTxY.exe
  C:\Windows\System\xtphTxY.exe
  2⤵
  PID:9544
- C:\Windows\System\ebISiUJ.exe
  C:\Windows\System\ebISiUJ.exe
  2⤵
  PID:9560
- C:\Windows\System\gFtsHUB.exe
  C:\Windows\System\gFtsHUB.exe
  2⤵
  PID:9576
- C:\Windows\System\ewBfPqW.exe
  C:\Windows\System\ewBfPqW.exe
  2⤵
  PID:9592
- C:\Windows\System\YGhVpNZ.exe
  C:\Windows\System\YGhVpNZ.exe
  2⤵
  PID:9608
- C:\Windows\System\DsPTSRl.exe
  C:\Windows\System\DsPTSRl.exe
  2⤵
  PID:9624
- C:\Windows\System\OmIwUtp.exe
  C:\Windows\System\OmIwUtp.exe
  2⤵
  PID:9640
- C:\Windows\System\pXVMJsv.exe
  C:\Windows\System\pXVMJsv.exe
  2⤵
  PID:9656
- C:\Windows\System\dsaeKKV.exe
  C:\Windows\System\dsaeKKV.exe
  2⤵
  PID:9672
- C:\Windows\System\hOgANru.exe
  C:\Windows\System\hOgANru.exe
  2⤵
  PID:9688
- C:\Windows\System\TVGwsqF.exe
  C:\Windows\System\TVGwsqF.exe
  2⤵
  PID:9704
- C:\Windows\System\vhWpYSK.exe
  C:\Windows\System\vhWpYSK.exe
  2⤵
  PID:9720
- C:\Windows\System\KehDtQy.exe
  C:\Windows\System\KehDtQy.exe
  2⤵
  PID:9736
- C:\Windows\System\CorfUlz.exe
  C:\Windows\System\CorfUlz.exe
  2⤵
  PID:9752
- C:\Windows\System\DTNykUO.exe
  C:\Windows\System\DTNykUO.exe
  2⤵
  PID:9768
- C:\Windows\System\uqlWjvc.exe
  C:\Windows\System\uqlWjvc.exe
  2⤵
  PID:9784
- C:\Windows\System\hvBNRIU.exe
  C:\Windows\System\hvBNRIU.exe
  2⤵
  PID:9800
- C:\Windows\System\XbEcymb.exe
  C:\Windows\System\XbEcymb.exe
  2⤵
  PID:9816
- C:\Windows\System\ZVxmcFA.exe
  C:\Windows\System\ZVxmcFA.exe
  2⤵
  PID:9832
- C:\Windows\System\ovXRssn.exe
  C:\Windows\System\ovXRssn.exe
  2⤵
  PID:9848
- C:\Windows\System\SxWHyTS.exe
  C:\Windows\System\SxWHyTS.exe
  2⤵
  PID:9864
- C:\Windows\System\inGmIVG.exe
  C:\Windows\System\inGmIVG.exe
  2⤵
  PID:9880
- C:\Windows\System\GxNstSO.exe
  C:\Windows\System\GxNstSO.exe
  2⤵
  PID:9896
- C:\Windows\System\WwegVSW.exe
  C:\Windows\System\WwegVSW.exe
  2⤵
  PID:9912
- C:\Windows\System\rtamqlq.exe
  C:\Windows\System\rtamqlq.exe
  2⤵
  PID:9928
- C:\Windows\System\SqDZmQL.exe
  C:\Windows\System\SqDZmQL.exe
  2⤵
  PID:9948
- C:\Windows\System\XsqUYyN.exe
  C:\Windows\System\XsqUYyN.exe
  2⤵
  PID:9964
- C:\Windows\System\gSKFhXd.exe
  C:\Windows\System\gSKFhXd.exe
  2⤵
  PID:9984
- C:\Windows\System\fDfqFry.exe
  C:\Windows\System\fDfqFry.exe
  2⤵
  PID:10000
- C:\Windows\System\vUOOWIs.exe
  C:\Windows\System\vUOOWIs.exe
  2⤵
  PID:10016
- C:\Windows\System\jhcyHmv.exe
  C:\Windows\System\jhcyHmv.exe
  2⤵
  PID:10032
- C:\Windows\System\kteeqTm.exe
  C:\Windows\System\kteeqTm.exe
  2⤵
  PID:10048
- C:\Windows\System\XCMGiUL.exe
  C:\Windows\System\XCMGiUL.exe
  2⤵
  PID:10064
- C:\Windows\System\lRKCDfV.exe
  C:\Windows\System\lRKCDfV.exe
  2⤵
  PID:10080
- C:\Windows\System\RTSSPFe.exe
  C:\Windows\System\RTSSPFe.exe
  2⤵
  PID:10096
- C:\Windows\System\MFxfQYq.exe
  C:\Windows\System\MFxfQYq.exe
  2⤵
  PID:10112
- C:\Windows\System\loqjFbQ.exe
  C:\Windows\System\loqjFbQ.exe
  2⤵
  PID:10128
- C:\Windows\System\YiVpfCa.exe
  C:\Windows\System\YiVpfCa.exe
  2⤵
  PID:10144
- C:\Windows\System\eSRYyXJ.exe
  C:\Windows\System\eSRYyXJ.exe
  2⤵
  PID:10160
- C:\Windows\System\gMZZyGv.exe
  C:\Windows\System\gMZZyGv.exe
  2⤵
  PID:10176
- C:\Windows\System\PFNYFTu.exe
  C:\Windows\System\PFNYFTu.exe
  2⤵
  PID:10192
- C:\Windows\System\SdvcHXz.exe
  C:\Windows\System\SdvcHXz.exe
  2⤵
  PID:10208
- C:\Windows\System\ZwHUpaW.exe
  C:\Windows\System\ZwHUpaW.exe
  2⤵
  PID:10224
- C:\Windows\System\mQXCFHK.exe
  C:\Windows\System\mQXCFHK.exe
  2⤵
  PID:9132
- C:\Windows\System\gIBJZbj.exe
  C:\Windows\System\gIBJZbj.exe
  2⤵
  PID:8776
- C:\Windows\System\YBFAnOi.exe
  C:\Windows\System\YBFAnOi.exe
  2⤵
  PID:8804
- C:\Windows\System\mohwCfU.exe
  C:\Windows\System\mohwCfU.exe
  2⤵
  PID:9276
- C:\Windows\System\QTXVZID.exe
  C:\Windows\System\QTXVZID.exe
  2⤵
  PID:9296
- C:\Windows\System\CoUMETj.exe
  C:\Windows\System\CoUMETj.exe
  2⤵
  PID:9316
- C:\Windows\System\dbxdIum.exe
  C:\Windows\System\dbxdIum.exe
  2⤵
  PID:9324
- C:\Windows\System\xWcRYeU.exe
  C:\Windows\System\xWcRYeU.exe
  2⤵
  PID:9244
- C:\Windows\System\SYrEuHe.exe
  C:\Windows\System\SYrEuHe.exe
  2⤵
  PID:8220
- C:\Windows\System\YMyGGjb.exe
  C:\Windows\System\YMyGGjb.exe
  2⤵
  PID:9356
- C:\Windows\System\dXbscsY.exe
  C:\Windows\System\dXbscsY.exe
  2⤵
  PID:8336
- C:\Windows\System\UoTLJLv.exe
  C:\Windows\System\UoTLJLv.exe
  2⤵
  PID:9372
- C:\Windows\System\BOsYMGg.exe
  C:\Windows\System\BOsYMGg.exe
  2⤵
  PID:9424
- C:\Windows\System\McFKtfi.exe
  C:\Windows\System\McFKtfi.exe
  2⤵
  PID:9440
- C:\Windows\System\LMdIFDi.exe
  C:\Windows\System\LMdIFDi.exe
  2⤵
  PID:9488
- C:\Windows\System\OLWOUmx.exe
  C:\Windows\System\OLWOUmx.exe
  2⤵
  PID:9520
- C:\Windows\System\SBBujsm.exe
  C:\Windows\System\SBBujsm.exe
  2⤵
  PID:9540
- C:\Windows\System\cjieicy.exe
  C:\Windows\System\cjieicy.exe
  2⤵
  PID:9568
- C:\Windows\System\HKditrz.exe
  C:\Windows\System\HKditrz.exe
  2⤵
  PID:9588
- C:\Windows\System\rBWGowc.exe
  C:\Windows\System\rBWGowc.exe
  2⤵
  PID:9620
- C:\Windows\System\UyGYChc.exe
  C:\Windows\System\UyGYChc.exe
  2⤵
  PID:9680
- C:\Windows\System\OqnaThe.exe
  C:\Windows\System\OqnaThe.exe
  2⤵
  PID:9668
- C:\Windows\System\uNFAJUp.exe
  C:\Windows\System\uNFAJUp.exe
  2⤵
  PID:9744
- C:\Windows\System\NenAIzH.exe
  C:\Windows\System\NenAIzH.exe
  2⤵
  PID:9748
- C:\Windows\System\aauqszV.exe
  C:\Windows\System\aauqszV.exe
  2⤵
  PID:9760
- C:\Windows\System\IATirJl.exe
  C:\Windows\System\IATirJl.exe
  2⤵
  PID:9812
- C:\Windows\System\TbQSgeh.exe
  C:\Windows\System\TbQSgeh.exe
  2⤵
  PID:9876
- C:\Windows\System\PNWsBlE.exe
  C:\Windows\System\PNWsBlE.exe
  2⤵
  PID:9828
- C:\Windows\System\pBrCkxs.exe
  C:\Windows\System\pBrCkxs.exe
  2⤵
  PID:9908
- C:\Windows\System\wArSnpt.exe
  C:\Windows\System\wArSnpt.exe
  2⤵
  PID:9972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BYecoBh.exe

Filesize
6.0MB

MD5
37d3272f704e3551cd3fa4663bfadc34

SHA1
7de1a2933fcd64b58c05f0dd239b429c12491fc2

SHA256
db6d12b36fb365f250fed3a1ddc2ab536df086fb1bb3c0501ba083f89f1fec09

SHA512
5b9614eb1ca826cbda8674f22bb4fdc53ef62e4fd12ffda7a5cd029c85efc0edc40bd76eabd68b21c99e0756f5621be12786f0920c8173b3797f29d44378b606

Download Submit
C:\Windows\system\EVHbQbs.exe

Filesize
6.0MB

MD5
9159cabc07fa38649cff0d55a03b5283

SHA1
e0fa8e9a0d20bdab8d29283ff7735f4d0690a2db

SHA256
6e44466687534abc85f52e83ec1eb5f3d196e86271de6747f10e79c782a1587e

SHA512
0347635dfd1d5b5f985fdbfa3947f409d6222ba7187cf4b10ad93d04001266f2d0a3aa9c49b6cf6fc99e42d985a5552acda543529261c0cff946d42053182b03

Download Submit
C:\Windows\system\Fqyluzy.exe

Filesize
6.0MB

MD5
f2e0d34cea0545117d42abaeaa216852

SHA1
506d53088d5fd7b5794d02bc1f89d8a0d981ecce

SHA256
d5920c23942854e19107c00c67b350e4fd1a319b481a615b7c97987ac9a722f1

SHA512
43c49cecf9902d15f3e8c6057c10c09c87605a6d7bb8d87fa64fe56d05ac7e6307f8947e276d457eb5c25b73879e7dde215e29580731bbcee76fca19c2ca9896

Download Submit
C:\Windows\system\Gieqhbp.exe

Filesize
6.0MB

MD5
bb63136610de4435b354a0c95012943e

SHA1
6251105a23a559a3af47c37a7dc02f168f6c6e3f

SHA256
c704c6b779c130ed5443dd65ce38f9d12966cd39aed7a8b77668ceb327cd8586

SHA512
1e256a6d351aa9fdd7f3ebd2639e5701642cbf71ad02481867e34c5157877ab04bb9e032e8239d20594b9ebd88d3f3228a9717699ea3240aeb908662a28bfc6f

Download Submit
C:\Windows\system\HEVsgiL.exe

Filesize
6.0MB

MD5
160e3c9bed1821ff16417790eab93738

SHA1
9889c99238594ec73772b54db1ed4ab176d23480

SHA256
9430c4fdef3f664d1b916b7318bd86215d0483256f36041aadc7c4319b81ccbe

SHA512
efd674b9570d37f927ba4c9ca0c239649c533397c45b5fd496d833b2681c7d664cf6170ab206ecb40242100df3e71bfd6f61852ab8c421e70a795bbb02b88de3

Download Submit
C:\Windows\system\JNZOfee.exe

Filesize
6.0MB

MD5
6e6bd1c619135c0dbd92cdf7f05b452e

SHA1
43d4b9fd2eea5b798088876978c0f90502fb5942

SHA256
09fcf36d646eb0e3558e3c4a7b630b13ce3270fcad2bc69b3c5d19775e9c7c47

SHA512
dd25327cebb7045dc67918cd153ba7f99c10339d7849620647d51d9fadb937fc233aaf9cafa4504e14f6b37d584d2417b2212eb65c4f8813afabb35e77114b6c

Download Submit
C:\Windows\system\LbEfKmy.exe

Filesize
6.0MB

MD5
09e3d04be869281040ce7e20c1f9f81b

SHA1
d523d948ce800eca2cd0821f60e8f0778f166e49

SHA256
a489a612dbc2462b4e798f5edffcaf2fd06967ce270b7529d511b4a0035b31ae

SHA512
04a85d9d95027aeb33dd195d9ccfde27c6dc12ef2b133b4bc91c56db211e432aa1c65630c8501030e1443cf2b41023c2dba5b4c5f125976e4b23288afeae4ab5

Download Submit
C:\Windows\system\NJAHQus.exe

Filesize
6.0MB

MD5
8243419bd25ec42f04f41533dc904b6d

SHA1
d3b5e32cbf43300bb003fe829149ad3828eb77c4

SHA256
2f4dc22b55e35570bbb7d08cdcfc341d4bc88f0edebac00f9ed6967a4f0fe225

SHA512
5f295f7d92553ef89b92bda303b8dc837be2fc30c349332546964c978cdf8597ed97481f8c6f84ea06a0252a8333764f7977c83a4f45ee565de11c1b2bf3d9a5

Download Submit
C:\Windows\system\NwRDdsr.exe

Filesize
6.0MB

MD5
163362094f8768d4a5d89e684948ff17

SHA1
c443d5a810a365c60b1552d8fbbdffc3eaef3171

SHA256
4f7acd30a589735c868e853c014e696cff5f66af2e06edc47debcc02f4bc15ca

SHA512
2d653b04062f719998387630e4b695de630f1db9b3b4ae493d11d77fb10c65be9d08268269779fed44f8425f589c2d537acbf06bdc150f921403a37d74ed48f9

Download Submit
C:\Windows\system\RUTmsNc.exe

Filesize
6.0MB

MD5
e31c683bed8b0c5c285a72ed344d2f32

SHA1
5afdefc8c411321a241914d4d3094849979568cf

SHA256
641f0df41d6a20fdbe06a83d877924fc98bd287b58fc36b6708e39634f231436

SHA512
b8cc9e1d0baae9aedf1f68fa0580d0d79aa1d17d268041013502e79d4d151bc26660c95beb95c94d5e92a1cefb2b7f698b506d8ddf7d3d0c6e168a8895747f3d

Download Submit
C:\Windows\system\SztSEzG.exe

Filesize
6.0MB

MD5
82494a5bfafe05b5971f3c433bb63abe

SHA1
646c5453eb25e80bcc677da43527a0bc8d45785d

SHA256
642361dfa0b6d04622db4b6072668419b956864a3faf4de4881d95b438ecc8cd

SHA512
9199bd1f9d2125c77b82c3b19a058bee8d568911830d5d61525359de08129edd0b9b56ad6b0a09ee3418d2c8730de927a6276066f141d5611f9714159e22e51d

Download Submit
C:\Windows\system\TPGdRoP.exe

Filesize
6.0MB

MD5
e537f86d0eefa5568cc57c1f59d32f24

SHA1
0f226312f1fd07465bddedc2036c68351c682b41

SHA256
fc2052972ebde312daaf7acdda1c92acc405c85dd6b9f74cf8072652a92f5d78

SHA512
291fe48841792a13b967b699932ebb351f14473c5d2bc47cf1fabeead7dc37716515a3a8e7f6d99799fda8336cd6234cf6614894dd1cfe31ee3148205b0affb2

Download Submit
C:\Windows\system\YGNOTZJ.exe

Filesize
6.0MB

MD5
23e4213aef9457d4e2299372adf09e2d

SHA1
89ec795df0d562888ddbffb6117a29eeae82ca0b

SHA256
a7ce149bb842916dbbd24a16e89cebc30d0bd44df6923d33186548c0e6450544

SHA512
9c0efe28f6e226a365e606ce279e4d6fa48b502447a5bff3ad725f78bc82d9122a3bbba8918271ec5360920b17d15571f78ef1fb1f5126ebe6ac91e0b8db5bfb

Download Submit
C:\Windows\system\cKdNTYW.exe

Filesize
6.0MB

MD5
591ed231199e134fe5a04697ba9cc763

SHA1
f6281cd2ca5cc8f228e723c0f4f8365c05dd1d2b

SHA256
936ea67a0aca5de2f2c3b4c4c575aca3cef27d07ef074c669311c35b68384d6a

SHA512
909c5c2ed0c8bf10cc12901985132b2965aa49f88389aa39383e24ce10ee06988f13122c526f60ea3c2b919d9fea878086163c2b8d2decf577948dc9b97ecbba

Download Submit
C:\Windows\system\iYIZKVp.exe

Filesize
6.0MB

MD5
851f3ccb8efdf0fb35b255a635ea9e2b

SHA1
8787fe58fac53e386fa4c1b492c14eff3fda3959

SHA256
282219423f6918a4ef037ce4b9ddab4fc0fd62db8840286551e7450ce25a8aab

SHA512
365047fb8d1bb302a55b5800d08288eb2f4e4391cb3f8038e2153345cc04ad93c1af52eb0c33cf39269c1370d59fbf4ae3be38ed6a88bdbe14b24bbfe3beae27

Download Submit
C:\Windows\system\kMvfmIh.exe

Filesize
6.0MB

MD5
94e15170271886149e846fa620aaf8a6

SHA1
a35b4080c53b3ac3397ae3cbe3baa54e7c4196b0

SHA256
a699224f308916dd2126d647a946343683fc16dfad505c7a88bf38cd38cef545

SHA512
ef8c8d9a57a51abe3c30d6e264a05e9b1777162a7e680c2f2fb767d99c341bf96b3e310ba0785d9e57ae7e0c860e116be35c7cc332945f9ed2770185af541462

Download Submit
C:\Windows\system\mIMGFQE.exe

Filesize
6.0MB

MD5
9b0aefb5a19e412fb058822faab0e27a

SHA1
2c9060663cda1aaae5fd6ba3adfff1cf34596493

SHA256
8a3bd42c60073a8f451041fd4d9d1fb1e446d46ffc97271551cf311ec648c92e

SHA512
b567ee2b8034bea2d264d80f9192e60ed8ebed56b2eec2a6966faf10c6f5135e32777bc8740d07393c2da7d2b30b14f3353b0296c9d2ff9eba454ccec2b1e7e4

Download Submit
C:\Windows\system\nJIJEuk.exe

Filesize
6.0MB

MD5
b5cfcba9b3c1d72730f040208b67e696

SHA1
e13f4ef134f3860395357584e3d8cf50989c9c9d

SHA256
762c82b63f0e3941d5d8dc42cdf6bf777b9c7e53d5285e84eba4d55414bab5d6

SHA512
143874a0a6b01f695c49e1449ebad9472ac84a59eeb5a73e40d44cf2231636febb7ec43c7d52e1a56900d2457638337fdd15ff0a58540d7f4367e9436d87e968

Download Submit
C:\Windows\system\nYffpuJ.exe

Filesize
6.0MB

MD5
de5f12ce6f6a5c2094a04e804568f9a6

SHA1
6aba4b7cea09955e29a6a51f9f42a8a3c7028948

SHA256
569a9e24c638c9efea5ece16b3bf2a6b6c5270485c294334859bd1a9607fad16

SHA512
4054a639b36ba850a03736bf0edd463ab376870a51facdcd51f84431f524f720689eef9513a8205d998a3baa1d4384511fb7dbca4dbd74c75096fe08c9a1a959

Download Submit
C:\Windows\system\nzblvhS.exe

Filesize
6.0MB

MD5
23525c8b870d42e61d3b1f1c15ca78ba

SHA1
2339d23fb1480aa20d3cf20b68291ae00c86856e

SHA256
81d2991fd589cf45b05177df85fb1220e214ca29d8b8666a12527e691650a42f

SHA512
a0f819bfe554589b6a682b7463f8c0adf34d10a35d1a01a1867031bfa97bd37cdbff20437f466cf52bc892f6ee8d1593fe5ee5190a2aec5cbbf81b16d0296bda

Download Submit
C:\Windows\system\oXFFIxH.exe

Filesize
6.0MB

MD5
737790adb25b231813d601f34594d75d

SHA1
62571deb5128a0cf35f0ef5c38bb1ef2375c52e9

SHA256
6c2a031e830cf4e7b7cb8559cbbdc2a1a4eeec11dad11181290958ce31cf785c

SHA512
8adc47901db447ec83fd782f4ab0463012176d8071963cbb69c7fbf5e313375f538d8f7326bf17099d12b4c8be1d04b44166479643f5aa83507ea8b0be9d4832

Download Submit
C:\Windows\system\qAzPODx.exe

Filesize
6.0MB

MD5
a1cee5aef20fea75d5e6e25b49d7b247

SHA1
2b0428da14381033c97db7b7812064685ca01a82

SHA256
3d977d5c34cb35649129296754f2fed34ea79bea2286142425489a49ecc43894

SHA512
1f385e93ea6697242160fef7c1046ce75febd8589399de783b57368b67cd52c59464ee15ca7356ab9fa8a10d283b7097da7f9a78c9f71c53f6c239ba3a42f0a1

Download Submit
C:\Windows\system\qYoUqfv.exe

Filesize
6.0MB

MD5
56a17e9500cc57dc73be9cd5dcd49c62

SHA1
b2bed7f726a83ba2e5b72944e22053e2333e6f4d

SHA256
fbbc8cc804f74202a44bf12086ae8b1508f2fda18df0ee15de0a1e1ecba1c35e

SHA512
73fd5e508b553ee7b6cf922cba04a4c9bd4a386f7ee815318d376227c043b867c5a9a0bae587f1672f0484315fa16195ca1e52c81b76934a6ff0c9832ba7574a

Download Submit
C:\Windows\system\szjWyeX.exe

Filesize
6.0MB

MD5
795b1ab78880116b4fe9c0ca828ea348

SHA1
dac3107f05590328a5bc5df02cbf289bab910d4e

SHA256
370716530fc911d99caf9a5ee141423df10a61d42a07ed1d58600c314323774e

SHA512
53fa85082ea399d6ca3e24f333b80084d37502ad8283ea667183333ab2a785fe6e032edf232fc1b531b142e0013dd8c0349d55615abcdc3cb3bb5f4c0a6321da

Download Submit
C:\Windows\system\vkpquoi.exe

Filesize
6.0MB

MD5
2ec18a8d1f0124b503d24a19352e547a

SHA1
44f220f33e00945df1ea9e638d5518cdd0b6d88c

SHA256
8784ee84fed666465d36194d7750927c2fc83318d2203c7659875d2ecaf24c2b

SHA512
fc1d01c7a658ce107500fdb7fbc852ceb0c5dbdd2dbd8b7792430540b3cf494b38ac1bb6cdb30d17947d398263eda0dec17f07c529e266350529c980ef3f6338

Download Submit
\Windows\system\RmAXLEO.exe

Filesize
6.0MB

MD5
c0771d2539dab203bb432eaa3b0a3226

SHA1
935c674d9fa089c243b2f66a4d607d1614c7964f

SHA256
202ae2b6a8c43ce040975e17969e109292dcee6ffb6edcc015f94487d67be07e

SHA512
2923696a637025026b09f171f67fa2e5caf41eb6ed64359833b54200e6326605775131ca4d1e3a2c44289df668b918430c32506a032eb3b232f470f85bb8e6cd

Download Submit
\Windows\system\TkPvGBJ.exe

Filesize
6.0MB

MD5
f0f80d1c3cae301bf37e262b5944d5c8

SHA1
d295fd73e8ee21649b6340870812e6f4a2426b40

SHA256
0080625a7d001b22429e57a117cddb8b3ca74df08985c1d130153e4ea0475917

SHA512
7c4cd8f1ae04ce2110029810a1dbe36f190b17e4b80ff41aaeab22e4d99b9675fd1d7ff5dfc3d9ef186b3e15c732ee84d581609ca9ba06fb0a0c4d90b331b18b

Download Submit
\Windows\system\Twutoeo.exe

Filesize
6.0MB

MD5
4b65aa08f1905cbc72778a110e9a4bb5

SHA1
b4c41c5a2ef4c393d51b37944a384f4cd29390c8

SHA256
ebcec4601a8aec2be1021b92d14b7a2f44d4e75a90a74281f12e5169e995ceb1

SHA512
a0e51b1a2bef9f56c8965e2c8d92bc007e3515482a68882bd08671d3142ad542fccef7f6d5907556d005fd8acf765e61e6533a8292e14f1ca9551871d783f607

Download Submit
\Windows\system\UAfAtEe.exe

Filesize
6.0MB

MD5
3c48e8eb1deb86543b0689f36b14600d

SHA1
b38a81381dbcaf13d2a461d082e9be3dab65e831

SHA256
4754c629b334ce40099562a26c468664c3515570ddf14e239e2bfbc260f11403

SHA512
70580869759c75d5b39a85a16ee26bb524ea54a22b80ef5e760e0e0deae7959a1cead80d858356a50ee5c5adbb3eaab5bfa9c9afd998de623bf4d6d0b8490cae

Download Submit
\Windows\system\evLbOwZ.exe

Filesize
6.0MB

MD5
3d38e38ef39474a1007e921a15481772

SHA1
169bc439ca20c764df4f983042dea1fb849391e2

SHA256
7f83038321a75514239fd49cdd587250313ea75e0fa40ba42008549fbb975a96

SHA512
49bc369df00559ad387d212a2454cb187e4501b13eccc775d0eb1f481fa6fee8a6e27206f8448d1d31d893f6ca9bc265d42f59ebc1a822b4bc34df07dd22ac89

Download Submit
\Windows\system\lrKxSxi.exe

Filesize
6.0MB

MD5
288a1d306069369b7fe01bde6e9979ce

SHA1
c11444f6760a22c89846cdc76a36a94a60a38de5

SHA256
3f43c0f4bb30f364401706e9e31a46b318ca24fe36adf9670d09b5373aa2a63b

SHA512
c27234e656f27e7d0f7f8cc11fa242c6265fabd80b6e977e273992c7e2317003d334d860b272af4a86fcc89536ded9e194ae7a428103ee68af8d6d43df79c4aa

Download Submit
\Windows\system\zlptneQ.exe

Filesize
6.0MB

MD5
ebb82556741c985b08c5e290c5a8c5c2

SHA1
daa7ba3e06faec5728ade0a2f5455b89addcea4d

SHA256
d4bafa2597e61d24afb4b1c9e34bc3b328024c694ecc85d4e0c83c63bad5dccb

SHA512
b2ea5b59a0972e57df640e423ee2fa604832ffda01a4d37fef1e1aeec58691eb9b02758a4ba0bb1fc845b1405a52ebd8119b47aa4dcadc1016afb9469ab49014

Download Submit
memory/1440-3611-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-99-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-21-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-65-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-3644-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3628-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-82-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-88-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2176-102-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2176-23-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2176-89-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2176-91-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2176-33-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2176-92-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-62-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2176-95-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2176-108-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2176-381-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2176-10-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-87-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2176-77-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2176-17-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-189-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2176-41-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-69-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2176-0-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-93-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3634-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-19-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3514-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2692-100-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-312-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3647-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3613-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2768-104-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2768-27-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2780-36-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3612-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-106-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-96-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3646-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-90-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3619-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2924-86-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2924-3626-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3645-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2928-97-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2960-72-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3621-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3506-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-16-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download