cobaltstrike | 228c1c53f2828eed060a7e2a4b5ca599d28c1d144204ea6248a9a0f4fefa0f2e

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

70d89ab36fb72bf06c4eb7573bf880bd
SHA1

05b9716ee325f89a9ded6638da3a78179f5bfa9e
SHA256

228c1c53f2828eed060a7e2a4b5ca599d28c1d144204ea6248a9a0f4fefa0f2e
SHA512

28cfa778e43aca7c4a1d6f89baf09b1694f513650fc2f27b06440cd54a3f4f111800442b2432488180679b274bce2c03e429d91dd7f5a1bf9c1cd2b02dcaa287
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012281-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016875-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-32.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001749c-47.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-62.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-102.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000164b1-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-72.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-52.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d43-43.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3a-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x000d000000012281-3.dat	xmrig
behavioral1/files/0x0008000000016875-9.dat	xmrig
behavioral1/memory/2624-13-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c66-18.dat	xmrig
behavioral1/memory/1908-17-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-19.dat	xmrig
behavioral1/files/0x0007000000016cd7-28.dat	xmrig
behavioral1/files/0x0007000000016cf5-32.dat	xmrig
behavioral1/files/0x000900000001749c-47.dat	xmrig
behavioral1/files/0x0005000000018686-55.dat	xmrig
behavioral1/files/0x00050000000186e7-62.dat	xmrig
behavioral1/files/0x00050000000186ed-67.dat	xmrig
behavioral1/files/0x0005000000018704-82.dat	xmrig
behavioral1/files/0x0005000000018744-97.dat	xmrig
behavioral1/files/0x0006000000018b4e-112.dat	xmrig
behavioral1/files/0x0005000000019284-142.dat	xmrig
behavioral1/memory/1908-1495-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2412-1494-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2884-433-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/576-405-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1156-403-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2956-401-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2800-399-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/320-397-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2532-395-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2000-448-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2856-423-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/3020-417-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2728-411-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/1952-393-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-162.dat	xmrig
behavioral1/files/0x0005000000019360-157.dat	xmrig
behavioral1/files/0x000500000001933f-152.dat	xmrig
behavioral1/files/0x0005000000019297-147.dat	xmrig
behavioral1/files/0x0005000000019278-137.dat	xmrig
behavioral1/files/0x0005000000019269-132.dat	xmrig
behavioral1/files/0x0005000000019250-127.dat	xmrig
behavioral1/files/0x0005000000019246-122.dat	xmrig
behavioral1/files/0x0006000000018c16-117.dat	xmrig
behavioral1/files/0x00050000000187a8-107.dat	xmrig
behavioral1/files/0x000500000001878e-102.dat	xmrig
behavioral1/files/0x00090000000164b1-92.dat	xmrig
behavioral1/files/0x0005000000018739-88.dat	xmrig
behavioral1/files/0x00050000000186f4-77.dat	xmrig
behavioral1/files/0x00050000000186f1-72.dat	xmrig
behavioral1/files/0x000600000001755b-52.dat	xmrig
behavioral1/files/0x0008000000016d43-43.dat	xmrig
behavioral1/files/0x0009000000016d3a-38.dat	xmrig
behavioral1/memory/2856-3706-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2624-3708-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/320-3782-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2000-3807-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2728-3752-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2800-3751-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2884-3741-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/3020-3735-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2532-3707-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2956-3729-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/576-3722-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1952-3717-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/1156-3715-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1908-4515-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2624	eGMUSIM.exe
1908	qEGcwan.exe
2000	OFwEsGX.exe
1952	GpoULMo.exe
2532	zZHPdpw.exe
320	vAZbmzI.exe
2800	kvACwKS.exe
2956	BdZeKqO.exe
1156	ppKREbG.exe
576	qqzhNWc.exe
2728	QgZEoBI.exe
3020	hXYJovF.exe
2856	KfmZFHN.exe
2884	GlmCGOZ.exe
2712	hvxcgJQ.exe
2768	OApKtwj.exe
2512	VGuZFuj.exe
2540	JoVHeRO.exe
844	EZtOlQL.exe
2896	niWfwiU.exe
692	ctIFFap.exe
2900	aWiqZDj.exe
2144	MoViqgc.exe
324	gZxQugL.exe
1756	SCfkmQW.exe
2508	fcTihua.exe
2572	EJyUnIR.exe
2076	FyzhPaC.exe
2376	odSRyJi.exe
2476	dhKTbhS.exe
1104	jobyVjN.exe
1256	MYZicbS.exe
1140	GsEItvh.exe
2312	NCnQAIj.exe
1524	CuhZoJi.exe
960	VNWgDmd.exe
956	bwFtonN.exe
2564	FlKSCfM.exe
2164	FEcGhsB.exe
2016	pMGyuXe.exe
2380	yoKnypC.exe
496	HUfvcRH.exe
1536	rXLWzIN.exe
1636	oaIqmxb.exe
1572	cdCtQUx.exe
2352	CUQAXqS.exe
2196	dugyeeJ.exe
2064	GwDbJXf.exe
568	DwFFChj.exe
1716	urFFpcG.exe
2176	UQFKMVv.exe
2336	VYUVjRs.exe
1748	vMfBQLw.exe
1504	GEOygsS.exe
2328	bEnUVfk.exe
1980	LwIpuRE.exe
1568	ldPKLBd.exe
2120	wSSISbn.exe
1420	CzyWEyv.exe
1740	PRDdMrD.exe
2472	AAdsfGe.exe
2944	NGSWJDM.exe
2848	tjVkKoj.exe
2808	jlkIECj.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x000d000000012281-3.dat	upx
behavioral1/files/0x0008000000016875-9.dat	upx
behavioral1/memory/2624-13-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x0008000000016c66-18.dat	upx
behavioral1/memory/1908-17-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-19.dat	upx
behavioral1/files/0x0007000000016cd7-28.dat	upx
behavioral1/files/0x0007000000016cf5-32.dat	upx
behavioral1/files/0x000900000001749c-47.dat	upx
behavioral1/files/0x0005000000018686-55.dat	upx
behavioral1/files/0x00050000000186e7-62.dat	upx
behavioral1/files/0x00050000000186ed-67.dat	upx
behavioral1/files/0x0005000000018704-82.dat	upx
behavioral1/files/0x0005000000018744-97.dat	upx
behavioral1/files/0x0006000000018b4e-112.dat	upx
behavioral1/files/0x0005000000019284-142.dat	upx
behavioral1/memory/1908-1495-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2412-1494-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2884-433-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/576-405-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/1156-403-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2956-401-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2800-399-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/320-397-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2532-395-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2000-448-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2856-423-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/3020-417-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2728-411-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/1952-393-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-162.dat	upx
behavioral1/files/0x0005000000019360-157.dat	upx
behavioral1/files/0x000500000001933f-152.dat	upx
behavioral1/files/0x0005000000019297-147.dat	upx
behavioral1/files/0x0005000000019278-137.dat	upx
behavioral1/files/0x0005000000019269-132.dat	upx
behavioral1/files/0x0005000000019250-127.dat	upx
behavioral1/files/0x0005000000019246-122.dat	upx
behavioral1/files/0x0006000000018c16-117.dat	upx
behavioral1/files/0x00050000000187a8-107.dat	upx
behavioral1/files/0x000500000001878e-102.dat	upx
behavioral1/files/0x00090000000164b1-92.dat	upx
behavioral1/files/0x0005000000018739-88.dat	upx
behavioral1/files/0x00050000000186f4-77.dat	upx
behavioral1/files/0x00050000000186f1-72.dat	upx
behavioral1/files/0x000600000001755b-52.dat	upx
behavioral1/files/0x0008000000016d43-43.dat	upx
behavioral1/files/0x0009000000016d3a-38.dat	upx
behavioral1/memory/2856-3706-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2624-3708-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/320-3782-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2000-3807-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2728-3752-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2800-3751-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2884-3741-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/3020-3735-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2532-3707-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2956-3729-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/576-3722-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/1952-3717-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1156-3715-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1908-4515-0x000000013FD20000-0x0000000140074000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZwlEclZ.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQlRSIU.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLCdDXB.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTaSVyY.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxKMEFj.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXWVNzr.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSbrpGZ.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBYTjdK.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBleQLM.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfEuKGr.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZqszWRw.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhUauPe.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnInXlN.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnUBtmL.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEmPtHE.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErLTNUO.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMKWBGj.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgMsEyo.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYSyKGk.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amUIqDI.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcRGtAi.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcSicVQ.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmTlFbi.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXYmMIT.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTKTVsH.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrpjAWD.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydTcSnR.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XSAlZfe.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPdxjSr.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCEhvRm.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQJtBTC.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWKuHLF.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkLDkXz.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDIgRSf.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNUJqYT.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxcZFdy.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnnhsxB.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWyxYcU.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niWfwiU.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMoBWNw.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEjZtrU.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWxyWow.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYOlfeU.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdVMxey.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZlOEOO.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpVESBv.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiXjRis.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWPvlep.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJtFbkb.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\saaPumn.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzsUUsw.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsAjpxC.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmZkTGE.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsjmyVl.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbGVros.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIvslkm.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvrBrxV.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azTSNTr.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLkRvrU.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGTlinM.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYrpPOw.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzJixJO.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlVvuLP.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiYUBfd.exe	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2624	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2412 wrote to memory of 2624	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2412 wrote to memory of 2624	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2412 wrote to memory of 1908	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 1908	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 1908	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 2000	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2000	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2000	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 1952	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 1952	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 1952	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 2532	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 2532	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 2532	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 320	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 320	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 320	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 2800	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2800	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2800	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2956	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 2956	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 2956	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 1156	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 1156	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 1156	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 576	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 576	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 576	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 2728	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 2728	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 2728	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 3020	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 3020	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 3020	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2856	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2856	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2856	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2884	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 2884	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 2884	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 2712	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 2712	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 2712	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 2768	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 2768	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 2768	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 2512	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 2512	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 2512	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 2540	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 2540	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 2540	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 844	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 844	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 844	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 2896	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2412 wrote to memory of 2896	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2412 wrote to memory of 2896	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2412 wrote to memory of 692	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2412 wrote to memory of 692	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2412 wrote to memory of 692	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2412 wrote to memory of 2900	2412	2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-24_70d89ab36fb72bf06c4eb7573bf880bd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\System\eGMUSIM.exe
  C:\Windows\System\eGMUSIM.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\qEGcwan.exe
  C:\Windows\System\qEGcwan.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\OFwEsGX.exe
  C:\Windows\System\OFwEsGX.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\GpoULMo.exe
  C:\Windows\System\GpoULMo.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\zZHPdpw.exe
  C:\Windows\System\zZHPdpw.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\vAZbmzI.exe
  C:\Windows\System\vAZbmzI.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\kvACwKS.exe
  C:\Windows\System\kvACwKS.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\BdZeKqO.exe
  C:\Windows\System\BdZeKqO.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\ppKREbG.exe
  C:\Windows\System\ppKREbG.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\qqzhNWc.exe
  C:\Windows\System\qqzhNWc.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\QgZEoBI.exe
  C:\Windows\System\QgZEoBI.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\hXYJovF.exe
  C:\Windows\System\hXYJovF.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\KfmZFHN.exe
  C:\Windows\System\KfmZFHN.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\GlmCGOZ.exe
  C:\Windows\System\GlmCGOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\hvxcgJQ.exe
  C:\Windows\System\hvxcgJQ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\OApKtwj.exe
  C:\Windows\System\OApKtwj.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\VGuZFuj.exe
  C:\Windows\System\VGuZFuj.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\JoVHeRO.exe
  C:\Windows\System\JoVHeRO.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\EZtOlQL.exe
  C:\Windows\System\EZtOlQL.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\niWfwiU.exe
  C:\Windows\System\niWfwiU.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\ctIFFap.exe
  C:\Windows\System\ctIFFap.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\aWiqZDj.exe
  C:\Windows\System\aWiqZDj.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\MoViqgc.exe
  C:\Windows\System\MoViqgc.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\gZxQugL.exe
  C:\Windows\System\gZxQugL.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\SCfkmQW.exe
  C:\Windows\System\SCfkmQW.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\fcTihua.exe
  C:\Windows\System\fcTihua.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\EJyUnIR.exe
  C:\Windows\System\EJyUnIR.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\FyzhPaC.exe
  C:\Windows\System\FyzhPaC.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\odSRyJi.exe
  C:\Windows\System\odSRyJi.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\dhKTbhS.exe
  C:\Windows\System\dhKTbhS.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\jobyVjN.exe
  C:\Windows\System\jobyVjN.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\MYZicbS.exe
  C:\Windows\System\MYZicbS.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\GsEItvh.exe
  C:\Windows\System\GsEItvh.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\NCnQAIj.exe
  C:\Windows\System\NCnQAIj.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\CuhZoJi.exe
  C:\Windows\System\CuhZoJi.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\VNWgDmd.exe
  C:\Windows\System\VNWgDmd.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\bwFtonN.exe
  C:\Windows\System\bwFtonN.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\FlKSCfM.exe
  C:\Windows\System\FlKSCfM.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\FEcGhsB.exe
  C:\Windows\System\FEcGhsB.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\pMGyuXe.exe
  C:\Windows\System\pMGyuXe.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\yoKnypC.exe
  C:\Windows\System\yoKnypC.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\HUfvcRH.exe
  C:\Windows\System\HUfvcRH.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\rXLWzIN.exe
  C:\Windows\System\rXLWzIN.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\oaIqmxb.exe
  C:\Windows\System\oaIqmxb.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\cdCtQUx.exe
  C:\Windows\System\cdCtQUx.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\CUQAXqS.exe
  C:\Windows\System\CUQAXqS.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\dugyeeJ.exe
  C:\Windows\System\dugyeeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\GwDbJXf.exe
  C:\Windows\System\GwDbJXf.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\DwFFChj.exe
  C:\Windows\System\DwFFChj.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\urFFpcG.exe
  C:\Windows\System\urFFpcG.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\UQFKMVv.exe
  C:\Windows\System\UQFKMVv.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\VYUVjRs.exe
  C:\Windows\System\VYUVjRs.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\vMfBQLw.exe
  C:\Windows\System\vMfBQLw.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\GEOygsS.exe
  C:\Windows\System\GEOygsS.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\bEnUVfk.exe
  C:\Windows\System\bEnUVfk.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\LwIpuRE.exe
  C:\Windows\System\LwIpuRE.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ldPKLBd.exe
  C:\Windows\System\ldPKLBd.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\wSSISbn.exe
  C:\Windows\System\wSSISbn.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\CzyWEyv.exe
  C:\Windows\System\CzyWEyv.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\PRDdMrD.exe
  C:\Windows\System\PRDdMrD.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\AAdsfGe.exe
  C:\Windows\System\AAdsfGe.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\NGSWJDM.exe
  C:\Windows\System\NGSWJDM.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\tjVkKoj.exe
  C:\Windows\System\tjVkKoj.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\jlkIECj.exe
  C:\Windows\System\jlkIECj.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\vsUVXnj.exe
  C:\Windows\System\vsUVXnj.exe
  2⤵
  PID:3044
- C:\Windows\System\JKRhmcA.exe
  C:\Windows\System\JKRhmcA.exe
  2⤵
  PID:2452
- C:\Windows\System\ROMHKhf.exe
  C:\Windows\System\ROMHKhf.exe
  2⤵
  PID:2704
- C:\Windows\System\JgpVcZv.exe
  C:\Windows\System\JgpVcZv.exe
  2⤵
  PID:2520
- C:\Windows\System\nkgfldT.exe
  C:\Windows\System\nkgfldT.exe
  2⤵
  PID:1280
- C:\Windows\System\AdnrEqK.exe
  C:\Windows\System\AdnrEqK.exe
  2⤵
  PID:1396
- C:\Windows\System\LVXMEjg.exe
  C:\Windows\System\LVXMEjg.exe
  2⤵
  PID:2760
- C:\Windows\System\pbSHEYt.exe
  C:\Windows\System\pbSHEYt.exe
  2⤵
  PID:1708
- C:\Windows\System\clgBrnR.exe
  C:\Windows\System\clgBrnR.exe
  2⤵
  PID:2732
- C:\Windows\System\vVGDCNe.exe
  C:\Windows\System\vVGDCNe.exe
  2⤵
  PID:1852
- C:\Windows\System\emJTWco.exe
  C:\Windows\System\emJTWco.exe
  2⤵
  PID:2424
- C:\Windows\System\jTEVcwq.exe
  C:\Windows\System\jTEVcwq.exe
  2⤵
  PID:908
- C:\Windows\System\wyYHcuD.exe
  C:\Windows\System\wyYHcuD.exe
  2⤵
  PID:548
- C:\Windows\System\IPwsGqK.exe
  C:\Windows\System\IPwsGqK.exe
  2⤵
  PID:2068
- C:\Windows\System\kiArIKw.exe
  C:\Windows\System\kiArIKw.exe
  2⤵
  PID:2676
- C:\Windows\System\YcVNNcN.exe
  C:\Windows\System\YcVNNcN.exe
  2⤵
  PID:1856
- C:\Windows\System\EpPVQAh.exe
  C:\Windows\System\EpPVQAh.exe
  2⤵
  PID:880
- C:\Windows\System\zFbBQtl.exe
  C:\Windows\System\zFbBQtl.exe
  2⤵
  PID:1336
- C:\Windows\System\DzsUUsw.exe
  C:\Windows\System\DzsUUsw.exe
  2⤵
  PID:680
- C:\Windows\System\DYGKSso.exe
  C:\Windows\System\DYGKSso.exe
  2⤵
  PID:1764
- C:\Windows\System\lKDpbHu.exe
  C:\Windows\System\lKDpbHu.exe
  2⤵
  PID:772
- C:\Windows\System\poJNrGU.exe
  C:\Windows\System\poJNrGU.exe
  2⤵
  PID:2216
- C:\Windows\System\fRDYOSK.exe
  C:\Windows\System\fRDYOSK.exe
  2⤵
  PID:1620
- C:\Windows\System\UeMPHgi.exe
  C:\Windows\System\UeMPHgi.exe
  2⤵
  PID:2640
- C:\Windows\System\VEbMNEE.exe
  C:\Windows\System\VEbMNEE.exe
  2⤵
  PID:2488
- C:\Windows\System\FsRCtPo.exe
  C:\Windows\System\FsRCtPo.exe
  2⤵
  PID:2332
- C:\Windows\System\yUBaBOE.exe
  C:\Windows\System\yUBaBOE.exe
  2⤵
  PID:884
- C:\Windows\System\PEBNwwS.exe
  C:\Windows\System\PEBNwwS.exe
  2⤵
  PID:2444
- C:\Windows\System\czXNwOK.exe
  C:\Windows\System\czXNwOK.exe
  2⤵
  PID:1028
- C:\Windows\System\emWVrue.exe
  C:\Windows\System\emWVrue.exe
  2⤵
  PID:2876
- C:\Windows\System\lTEVMXr.exe
  C:\Windows\System\lTEVMXr.exe
  2⤵
  PID:2208
- C:\Windows\System\IriRyMZ.exe
  C:\Windows\System\IriRyMZ.exe
  2⤵
  PID:2940
- C:\Windows\System\VRhgaCe.exe
  C:\Windows\System\VRhgaCe.exe
  2⤵
  PID:2828
- C:\Windows\System\QZBODIq.exe
  C:\Windows\System\QZBODIq.exe
  2⤵
  PID:2516
- C:\Windows\System\tQLdvma.exe
  C:\Windows\System\tQLdvma.exe
  2⤵
  PID:2792
- C:\Windows\System\HTolHnb.exe
  C:\Windows\System\HTolHnb.exe
  2⤵
  PID:2548
- C:\Windows\System\oFzATba.exe
  C:\Windows\System\oFzATba.exe
  2⤵
  PID:2560
- C:\Windows\System\hioqIQt.exe
  C:\Windows\System\hioqIQt.exe
  2⤵
  PID:2788
- C:\Windows\System\mMWDrMQ.exe
  C:\Windows\System\mMWDrMQ.exe
  2⤵
  PID:408
- C:\Windows\System\dCRYZHV.exe
  C:\Windows\System\dCRYZHV.exe
  2⤵
  PID:2552
- C:\Windows\System\lmDNjUt.exe
  C:\Windows\System\lmDNjUt.exe
  2⤵
  PID:2012
- C:\Windows\System\CiXALTX.exe
  C:\Windows\System\CiXALTX.exe
  2⤵
  PID:1652
- C:\Windows\System\DngoXIv.exe
  C:\Windows\System\DngoXIv.exe
  2⤵
  PID:2128
- C:\Windows\System\zcLVoNk.exe
  C:\Windows\System\zcLVoNk.exe
  2⤵
  PID:2072
- C:\Windows\System\iRyhYlS.exe
  C:\Windows\System\iRyhYlS.exe
  2⤵
  PID:3084
- C:\Windows\System\QAVUspo.exe
  C:\Windows\System\QAVUspo.exe
  2⤵
  PID:3152
- C:\Windows\System\rYgRKnX.exe
  C:\Windows\System\rYgRKnX.exe
  2⤵
  PID:3172
- C:\Windows\System\CzYVArh.exe
  C:\Windows\System\CzYVArh.exe
  2⤵
  PID:3192
- C:\Windows\System\VjEtybC.exe
  C:\Windows\System\VjEtybC.exe
  2⤵
  PID:3212
- C:\Windows\System\YAVdnts.exe
  C:\Windows\System\YAVdnts.exe
  2⤵
  PID:3232
- C:\Windows\System\rfGJEJj.exe
  C:\Windows\System\rfGJEJj.exe
  2⤵
  PID:3252
- C:\Windows\System\LpqLZMC.exe
  C:\Windows\System\LpqLZMC.exe
  2⤵
  PID:3276
- C:\Windows\System\ukygiEW.exe
  C:\Windows\System\ukygiEW.exe
  2⤵
  PID:3296
- C:\Windows\System\waCkqvJ.exe
  C:\Windows\System\waCkqvJ.exe
  2⤵
  PID:3316
- C:\Windows\System\qWlAGnK.exe
  C:\Windows\System\qWlAGnK.exe
  2⤵
  PID:3336
- C:\Windows\System\eulhEPx.exe
  C:\Windows\System\eulhEPx.exe
  2⤵
  PID:3356
- C:\Windows\System\MhCEIgb.exe
  C:\Windows\System\MhCEIgb.exe
  2⤵
  PID:3380
- C:\Windows\System\nABQCTK.exe
  C:\Windows\System\nABQCTK.exe
  2⤵
  PID:3396
- C:\Windows\System\SIOPJIs.exe
  C:\Windows\System\SIOPJIs.exe
  2⤵
  PID:3416
- C:\Windows\System\ZBVIrEv.exe
  C:\Windows\System\ZBVIrEv.exe
  2⤵
  PID:3444
- C:\Windows\System\BCHVWJW.exe
  C:\Windows\System\BCHVWJW.exe
  2⤵
  PID:3468
- C:\Windows\System\zYSyKGk.exe
  C:\Windows\System\zYSyKGk.exe
  2⤵
  PID:3484
- C:\Windows\System\mKbfUAY.exe
  C:\Windows\System\mKbfUAY.exe
  2⤵
  PID:3516
- C:\Windows\System\xixrpaw.exe
  C:\Windows\System\xixrpaw.exe
  2⤵
  PID:3556
- C:\Windows\System\JCLyrqT.exe
  C:\Windows\System\JCLyrqT.exe
  2⤵
  PID:3576
- C:\Windows\System\odBkSND.exe
  C:\Windows\System\odBkSND.exe
  2⤵
  PID:3596
- C:\Windows\System\LIvslkm.exe
  C:\Windows\System\LIvslkm.exe
  2⤵
  PID:3616
- C:\Windows\System\iucrZHz.exe
  C:\Windows\System\iucrZHz.exe
  2⤵
  PID:3636
- C:\Windows\System\tcXkfQV.exe
  C:\Windows\System\tcXkfQV.exe
  2⤵
  PID:3656
- C:\Windows\System\WqDznDh.exe
  C:\Windows\System\WqDznDh.exe
  2⤵
  PID:3676
- C:\Windows\System\IeVCHCP.exe
  C:\Windows\System\IeVCHCP.exe
  2⤵
  PID:3696
- C:\Windows\System\iKcTvtP.exe
  C:\Windows\System\iKcTvtP.exe
  2⤵
  PID:3716
- C:\Windows\System\FokdSkw.exe
  C:\Windows\System\FokdSkw.exe
  2⤵
  PID:3736
- C:\Windows\System\IOOmkOb.exe
  C:\Windows\System\IOOmkOb.exe
  2⤵
  PID:3756
- C:\Windows\System\YpfQNbm.exe
  C:\Windows\System\YpfQNbm.exe
  2⤵
  PID:3776
- C:\Windows\System\bXWVNzr.exe
  C:\Windows\System\bXWVNzr.exe
  2⤵
  PID:3796
- C:\Windows\System\lOGwtYb.exe
  C:\Windows\System\lOGwtYb.exe
  2⤵
  PID:3820
- C:\Windows\System\XJReFjI.exe
  C:\Windows\System\XJReFjI.exe
  2⤵
  PID:3840
- C:\Windows\System\lMibDAN.exe
  C:\Windows\System\lMibDAN.exe
  2⤵
  PID:3860
- C:\Windows\System\amBjCko.exe
  C:\Windows\System\amBjCko.exe
  2⤵
  PID:3880
- C:\Windows\System\ZzMUPDj.exe
  C:\Windows\System\ZzMUPDj.exe
  2⤵
  PID:3900
- C:\Windows\System\EoJabvv.exe
  C:\Windows\System\EoJabvv.exe
  2⤵
  PID:3920
- C:\Windows\System\SnUBtmL.exe
  C:\Windows\System\SnUBtmL.exe
  2⤵
  PID:3940
- C:\Windows\System\jRZhgsE.exe
  C:\Windows\System\jRZhgsE.exe
  2⤵
  PID:3960
- C:\Windows\System\GJfEAmV.exe
  C:\Windows\System\GJfEAmV.exe
  2⤵
  PID:3980
- C:\Windows\System\qVqkUyd.exe
  C:\Windows\System\qVqkUyd.exe
  2⤵
  PID:4000
- C:\Windows\System\EMQrhUg.exe
  C:\Windows\System\EMQrhUg.exe
  2⤵
  PID:4020
- C:\Windows\System\zcYjizD.exe
  C:\Windows\System\zcYjizD.exe
  2⤵
  PID:4040
- C:\Windows\System\UJakXpz.exe
  C:\Windows\System\UJakXpz.exe
  2⤵
  PID:4060
- C:\Windows\System\VxkpAXV.exe
  C:\Windows\System\VxkpAXV.exe
  2⤵
  PID:4076
- C:\Windows\System\cfKNxcK.exe
  C:\Windows\System\cfKNxcK.exe
  2⤵
  PID:1940
- C:\Windows\System\iyuRADS.exe
  C:\Windows\System\iyuRADS.exe
  2⤵
  PID:2604
- C:\Windows\System\pSbrpGZ.exe
  C:\Windows\System\pSbrpGZ.exe
  2⤵
  PID:2892
- C:\Windows\System\NlVvuLP.exe
  C:\Windows\System\NlVvuLP.exe
  2⤵
  PID:1248
- C:\Windows\System\IJbTSUW.exe
  C:\Windows\System\IJbTSUW.exe
  2⤵
  PID:328
- C:\Windows\System\sPgDKov.exe
  C:\Windows\System\sPgDKov.exe
  2⤵
  PID:896
- C:\Windows\System\yyRJmKY.exe
  C:\Windows\System\yyRJmKY.exe
  2⤵
  PID:812
- C:\Windows\System\LQjTTSV.exe
  C:\Windows\System\LQjTTSV.exe
  2⤵
  PID:3240
- C:\Windows\System\PCxXLOM.exe
  C:\Windows\System\PCxXLOM.exe
  2⤵
  PID:888
- C:\Windows\System\KBZnYtJ.exe
  C:\Windows\System\KBZnYtJ.exe
  2⤵
  PID:3284
- C:\Windows\System\gQyMAVN.exe
  C:\Windows\System\gQyMAVN.exe
  2⤵
  PID:2700
- C:\Windows\System\KGOyGZC.exe
  C:\Windows\System\KGOyGZC.exe
  2⤵
  PID:3364
- C:\Windows\System\EjETMRb.exe
  C:\Windows\System\EjETMRb.exe
  2⤵
  PID:816
- C:\Windows\System\NdVMxey.exe
  C:\Windows\System\NdVMxey.exe
  2⤵
  PID:2084
- C:\Windows\System\SnKzTDJ.exe
  C:\Windows\System\SnKzTDJ.exe
  2⤵
  PID:1992
- C:\Windows\System\lBHPokS.exe
  C:\Windows\System\lBHPokS.exe
  2⤵
  PID:3404
- C:\Windows\System\yVxkxqe.exe
  C:\Windows\System\yVxkxqe.exe
  2⤵
  PID:3456
- C:\Windows\System\IBRLOmW.exe
  C:\Windows\System\IBRLOmW.exe
  2⤵
  PID:3432
- C:\Windows\System\TRjXlQV.exe
  C:\Windows\System\TRjXlQV.exe
  2⤵
  PID:3140
- C:\Windows\System\oLJcBVm.exe
  C:\Windows\System\oLJcBVm.exe
  2⤵
  PID:3388
- C:\Windows\System\aFXpVFj.exe
  C:\Windows\System\aFXpVFj.exe
  2⤵
  PID:3264
- C:\Windows\System\VAFKIuO.exe
  C:\Windows\System\VAFKIuO.exe
  2⤵
  PID:3180
- C:\Windows\System\gcyQRnG.exe
  C:\Windows\System\gcyQRnG.exe
  2⤵
  PID:3508
- C:\Windows\System\lbJyrxB.exe
  C:\Windows\System\lbJyrxB.exe
  2⤵
  PID:3544
- C:\Windows\System\KDNjqNS.exe
  C:\Windows\System\KDNjqNS.exe
  2⤵
  PID:3552
- C:\Windows\System\DuyCSQF.exe
  C:\Windows\System\DuyCSQF.exe
  2⤵
  PID:3612
- C:\Windows\System\pZpZpzv.exe
  C:\Windows\System\pZpZpzv.exe
  2⤵
  PID:3624
- C:\Windows\System\jWBXmEE.exe
  C:\Windows\System\jWBXmEE.exe
  2⤵
  PID:3684
- C:\Windows\System\DbZIjVY.exe
  C:\Windows\System\DbZIjVY.exe
  2⤵
  PID:3724
- C:\Windows\System\pYLbvnm.exe
  C:\Windows\System\pYLbvnm.exe
  2⤵
  PID:3744
- C:\Windows\System\ZMViMzG.exe
  C:\Windows\System\ZMViMzG.exe
  2⤵
  PID:3768
- C:\Windows\System\NLkRvrU.exe
  C:\Windows\System\NLkRvrU.exe
  2⤵
  PID:3816
- C:\Windows\System\NibRERD.exe
  C:\Windows\System\NibRERD.exe
  2⤵
  PID:3828
- C:\Windows\System\dQhCgRg.exe
  C:\Windows\System\dQhCgRg.exe
  2⤵
  PID:3888
- C:\Windows\System\JWTArOI.exe
  C:\Windows\System\JWTArOI.exe
  2⤵
  PID:3916
- C:\Windows\System\HxwKbCG.exe
  C:\Windows\System\HxwKbCG.exe
  2⤵
  PID:3948
- C:\Windows\System\IsIOXCK.exe
  C:\Windows\System\IsIOXCK.exe
  2⤵
  PID:3972
- C:\Windows\System\ThXIUCj.exe
  C:\Windows\System\ThXIUCj.exe
  2⤵
  PID:4012
- C:\Windows\System\NyALnjD.exe
  C:\Windows\System\NyALnjD.exe
  2⤵
  PID:4048
- C:\Windows\System\fqGGXMQ.exe
  C:\Windows\System\fqGGXMQ.exe
  2⤵
  PID:4092
- C:\Windows\System\kfgfKSA.exe
  C:\Windows\System\kfgfKSA.exe
  2⤵
  PID:2232
- C:\Windows\System\szqxNyg.exe
  C:\Windows\System\szqxNyg.exe
  2⤵
  PID:2720
- C:\Windows\System\INqwyup.exe
  C:\Windows\System\INqwyup.exe
  2⤵
  PID:2536
- C:\Windows\System\qhBHchc.exe
  C:\Windows\System\qhBHchc.exe
  2⤵
  PID:1692
- C:\Windows\System\vnOBSND.exe
  C:\Windows\System\vnOBSND.exe
  2⤵
  PID:2248
- C:\Windows\System\BSqUAJg.exe
  C:\Windows\System\BSqUAJg.exe
  2⤵
  PID:1592
- C:\Windows\System\DnnREWM.exe
  C:\Windows\System\DnnREWM.exe
  2⤵
  PID:3372
- C:\Windows\System\ZsyMPrz.exe
  C:\Windows\System\ZsyMPrz.exe
  2⤵
  PID:612
- C:\Windows\System\CGoUeZP.exe
  C:\Windows\System\CGoUeZP.exe
  2⤵
  PID:1516
- C:\Windows\System\BGHitfR.exe
  C:\Windows\System\BGHitfR.exe
  2⤵
  PID:3464
- C:\Windows\System\zrKSUBy.exe
  C:\Windows\System\zrKSUBy.exe
  2⤵
  PID:3144
- C:\Windows\System\kycIQCS.exe
  C:\Windows\System\kycIQCS.exe
  2⤵
  PID:3476
- C:\Windows\System\LkqvzTX.exe
  C:\Windows\System\LkqvzTX.exe
  2⤵
  PID:3184
- C:\Windows\System\IlPGBmT.exe
  C:\Windows\System\IlPGBmT.exe
  2⤵
  PID:3540
- C:\Windows\System\fMDkyzl.exe
  C:\Windows\System\fMDkyzl.exe
  2⤵
  PID:3536
- C:\Windows\System\CrcZPBX.exe
  C:\Windows\System\CrcZPBX.exe
  2⤵
  PID:3652
- C:\Windows\System\ZPkPbnF.exe
  C:\Windows\System\ZPkPbnF.exe
  2⤵
  PID:3668
- C:\Windows\System\uhGvVMJ.exe
  C:\Windows\System\uhGvVMJ.exe
  2⤵
  PID:3712
- C:\Windows\System\yUXEFNX.exe
  C:\Windows\System\yUXEFNX.exe
  2⤵
  PID:3808
- C:\Windows\System\geDLFLj.exe
  C:\Windows\System\geDLFLj.exe
  2⤵
  PID:3832
- C:\Windows\System\aezhQwD.exe
  C:\Windows\System\aezhQwD.exe
  2⤵
  PID:3868
- C:\Windows\System\mDsOXxu.exe
  C:\Windows\System\mDsOXxu.exe
  2⤵
  PID:3952
- C:\Windows\System\GFfYtjO.exe
  C:\Windows\System\GFfYtjO.exe
  2⤵
  PID:4008
- C:\Windows\System\CTAlofk.exe
  C:\Windows\System\CTAlofk.exe
  2⤵
  PID:4084
- C:\Windows\System\RcrPKMP.exe
  C:\Windows\System\RcrPKMP.exe
  2⤵
  PID:580
- C:\Windows\System\nLaiEXk.exe
  C:\Windows\System\nLaiEXk.exe
  2⤵
  PID:4116
- C:\Windows\System\FLlzLZD.exe
  C:\Windows\System\FLlzLZD.exe
  2⤵
  PID:4136
- C:\Windows\System\JIXuNqt.exe
  C:\Windows\System\JIXuNqt.exe
  2⤵
  PID:4156
- C:\Windows\System\NXJSxyi.exe
  C:\Windows\System\NXJSxyi.exe
  2⤵
  PID:4176
- C:\Windows\System\rkLDkXz.exe
  C:\Windows\System\rkLDkXz.exe
  2⤵
  PID:4196
- C:\Windows\System\ZisOmHT.exe
  C:\Windows\System\ZisOmHT.exe
  2⤵
  PID:4216
- C:\Windows\System\xZaVJEe.exe
  C:\Windows\System\xZaVJEe.exe
  2⤵
  PID:4236
- C:\Windows\System\ceYzIKp.exe
  C:\Windows\System\ceYzIKp.exe
  2⤵
  PID:4256
- C:\Windows\System\PBMhUZI.exe
  C:\Windows\System\PBMhUZI.exe
  2⤵
  PID:4276
- C:\Windows\System\EEBnebG.exe
  C:\Windows\System\EEBnebG.exe
  2⤵
  PID:4296
- C:\Windows\System\gxdeQEc.exe
  C:\Windows\System\gxdeQEc.exe
  2⤵
  PID:4316
- C:\Windows\System\LCcgZDP.exe
  C:\Windows\System\LCcgZDP.exe
  2⤵
  PID:4336
- C:\Windows\System\RqpTzbq.exe
  C:\Windows\System\RqpTzbq.exe
  2⤵
  PID:4360
- C:\Windows\System\lXwdDAu.exe
  C:\Windows\System\lXwdDAu.exe
  2⤵
  PID:4380
- C:\Windows\System\HRQkuMn.exe
  C:\Windows\System\HRQkuMn.exe
  2⤵
  PID:4400
- C:\Windows\System\aMbvVHd.exe
  C:\Windows\System\aMbvVHd.exe
  2⤵
  PID:4420
- C:\Windows\System\CFFGUVx.exe
  C:\Windows\System\CFFGUVx.exe
  2⤵
  PID:4440
- C:\Windows\System\MfZKEjo.exe
  C:\Windows\System\MfZKEjo.exe
  2⤵
  PID:4460
- C:\Windows\System\yhQEOmN.exe
  C:\Windows\System\yhQEOmN.exe
  2⤵
  PID:4480
- C:\Windows\System\UFQZkND.exe
  C:\Windows\System\UFQZkND.exe
  2⤵
  PID:4500
- C:\Windows\System\lBTEmUG.exe
  C:\Windows\System\lBTEmUG.exe
  2⤵
  PID:4520
- C:\Windows\System\elikATz.exe
  C:\Windows\System\elikATz.exe
  2⤵
  PID:4540
- C:\Windows\System\GvumYsl.exe
  C:\Windows\System\GvumYsl.exe
  2⤵
  PID:4560
- C:\Windows\System\QIjHdwk.exe
  C:\Windows\System\QIjHdwk.exe
  2⤵
  PID:4580
- C:\Windows\System\QVVBfsA.exe
  C:\Windows\System\QVVBfsA.exe
  2⤵
  PID:4600
- C:\Windows\System\vjeQRNG.exe
  C:\Windows\System\vjeQRNG.exe
  2⤵
  PID:4620
- C:\Windows\System\UazeLyZ.exe
  C:\Windows\System\UazeLyZ.exe
  2⤵
  PID:4640
- C:\Windows\System\GfHZUDU.exe
  C:\Windows\System\GfHZUDU.exe
  2⤵
  PID:4660
- C:\Windows\System\QEmPtHE.exe
  C:\Windows\System\QEmPtHE.exe
  2⤵
  PID:4680
- C:\Windows\System\zGNsUQe.exe
  C:\Windows\System\zGNsUQe.exe
  2⤵
  PID:4700
- C:\Windows\System\oUkJSCJ.exe
  C:\Windows\System\oUkJSCJ.exe
  2⤵
  PID:4720
- C:\Windows\System\kBsWMdB.exe
  C:\Windows\System\kBsWMdB.exe
  2⤵
  PID:4740
- C:\Windows\System\rGAlCEN.exe
  C:\Windows\System\rGAlCEN.exe
  2⤵
  PID:4760
- C:\Windows\System\lTyJebN.exe
  C:\Windows\System\lTyJebN.exe
  2⤵
  PID:4780
- C:\Windows\System\ApOqQLY.exe
  C:\Windows\System\ApOqQLY.exe
  2⤵
  PID:4800
- C:\Windows\System\QxDEAZQ.exe
  C:\Windows\System\QxDEAZQ.exe
  2⤵
  PID:4820
- C:\Windows\System\cEKLwJs.exe
  C:\Windows\System\cEKLwJs.exe
  2⤵
  PID:4840
- C:\Windows\System\TGscqpk.exe
  C:\Windows\System\TGscqpk.exe
  2⤵
  PID:4860
- C:\Windows\System\VXLlisR.exe
  C:\Windows\System\VXLlisR.exe
  2⤵
  PID:4880
- C:\Windows\System\akxkhaU.exe
  C:\Windows\System\akxkhaU.exe
  2⤵
  PID:4900
- C:\Windows\System\YjbHtKV.exe
  C:\Windows\System\YjbHtKV.exe
  2⤵
  PID:4920
- C:\Windows\System\ObJeonk.exe
  C:\Windows\System\ObJeonk.exe
  2⤵
  PID:4940
- C:\Windows\System\UgKjuoF.exe
  C:\Windows\System\UgKjuoF.exe
  2⤵
  PID:4960
- C:\Windows\System\bThTNqk.exe
  C:\Windows\System\bThTNqk.exe
  2⤵
  PID:4980
- C:\Windows\System\tCQYnoI.exe
  C:\Windows\System\tCQYnoI.exe
  2⤵
  PID:5000
- C:\Windows\System\SxMZWJd.exe
  C:\Windows\System\SxMZWJd.exe
  2⤵
  PID:5020
- C:\Windows\System\xiYUBfd.exe
  C:\Windows\System\xiYUBfd.exe
  2⤵
  PID:5036
- C:\Windows\System\fbrpJSb.exe
  C:\Windows\System\fbrpJSb.exe
  2⤵
  PID:5060
- C:\Windows\System\UczjUko.exe
  C:\Windows\System\UczjUko.exe
  2⤵
  PID:5080
- C:\Windows\System\LBxPQKf.exe
  C:\Windows\System\LBxPQKf.exe
  2⤵
  PID:5100
- C:\Windows\System\nehfzJp.exe
  C:\Windows\System\nehfzJp.exe
  2⤵
  PID:1268
- C:\Windows\System\oglvtDp.exe
  C:\Windows\System\oglvtDp.exe
  2⤵
  PID:2664
- C:\Windows\System\NkRQmLQ.exe
  C:\Windows\System\NkRQmLQ.exe
  2⤵
  PID:2616
- C:\Windows\System\PoMIhsp.exe
  C:\Windows\System\PoMIhsp.exe
  2⤵
  PID:2228
- C:\Windows\System\PowaRSi.exe
  C:\Windows\System\PowaRSi.exe
  2⤵
  PID:3324
- C:\Windows\System\fdmALwm.exe
  C:\Windows\System\fdmALwm.exe
  2⤵
  PID:3496
- C:\Windows\System\CIrGqZa.exe
  C:\Windows\System\CIrGqZa.exe
  2⤵
  PID:3272
- C:\Windows\System\aVPahjI.exe
  C:\Windows\System\aVPahjI.exe
  2⤵
  PID:3480
- C:\Windows\System\sxxGBpp.exe
  C:\Windows\System\sxxGBpp.exe
  2⤵
  PID:3608
- C:\Windows\System\NYlMTNr.exe
  C:\Windows\System\NYlMTNr.exe
  2⤵
  PID:3692
- C:\Windows\System\wXlkRag.exe
  C:\Windows\System\wXlkRag.exe
  2⤵
  PID:3792
- C:\Windows\System\tFvtXrW.exe
  C:\Windows\System\tFvtXrW.exe
  2⤵
  PID:3852
- C:\Windows\System\qCYkBRy.exe
  C:\Windows\System\qCYkBRy.exe
  2⤵
  PID:3932
- C:\Windows\System\iFcrlwG.exe
  C:\Windows\System\iFcrlwG.exe
  2⤵
  PID:2448
- C:\Windows\System\qucnLsZ.exe
  C:\Windows\System\qucnLsZ.exe
  2⤵
  PID:4112
- C:\Windows\System\kQfSSvP.exe
  C:\Windows\System\kQfSSvP.exe
  2⤵
  PID:4144
- C:\Windows\System\DOMQsWP.exe
  C:\Windows\System\DOMQsWP.exe
  2⤵
  PID:4168
- C:\Windows\System\ssehapj.exe
  C:\Windows\System\ssehapj.exe
  2⤵
  PID:4188
- C:\Windows\System\iOSOjKu.exe
  C:\Windows\System\iOSOjKu.exe
  2⤵
  PID:4232
- C:\Windows\System\CFJvllb.exe
  C:\Windows\System\CFJvllb.exe
  2⤵
  PID:4292
- C:\Windows\System\DfOyZIp.exe
  C:\Windows\System\DfOyZIp.exe
  2⤵
  PID:4312
- C:\Windows\System\pvbasYU.exe
  C:\Windows\System\pvbasYU.exe
  2⤵
  PID:4368
- C:\Windows\System\FdSnHRU.exe
  C:\Windows\System\FdSnHRU.exe
  2⤵
  PID:4372
- C:\Windows\System\wlVsSsa.exe
  C:\Windows\System\wlVsSsa.exe
  2⤵
  PID:4416
- C:\Windows\System\hLcyVff.exe
  C:\Windows\System\hLcyVff.exe
  2⤵
  PID:4436
- C:\Windows\System\cfqUVOM.exe
  C:\Windows\System\cfqUVOM.exe
  2⤵
  PID:4488
- C:\Windows\System\BLKPncR.exe
  C:\Windows\System\BLKPncR.exe
  2⤵
  PID:4536
- C:\Windows\System\CHJkHKz.exe
  C:\Windows\System\CHJkHKz.exe
  2⤵
  PID:4548
- C:\Windows\System\OzFHmXy.exe
  C:\Windows\System\OzFHmXy.exe
  2⤵
  PID:4552
- C:\Windows\System\IfCrCsu.exe
  C:\Windows\System\IfCrCsu.exe
  2⤵
  PID:4592
- C:\Windows\System\KVgIJcL.exe
  C:\Windows\System\KVgIJcL.exe
  2⤵
  PID:4636
- C:\Windows\System\FeTUlBU.exe
  C:\Windows\System\FeTUlBU.exe
  2⤵
  PID:4668
- C:\Windows\System\lbdIvoU.exe
  C:\Windows\System\lbdIvoU.exe
  2⤵
  PID:4716
- C:\Windows\System\vFVlLtf.exe
  C:\Windows\System\vFVlLtf.exe
  2⤵
  PID:4748
- C:\Windows\System\UXBxOdB.exe
  C:\Windows\System\UXBxOdB.exe
  2⤵
  PID:4752
- C:\Windows\System\YhdYCJp.exe
  C:\Windows\System\YhdYCJp.exe
  2⤵
  PID:4816
- C:\Windows\System\XlkFvff.exe
  C:\Windows\System\XlkFvff.exe
  2⤵
  PID:4836
- C:\Windows\System\GWTYJCE.exe
  C:\Windows\System\GWTYJCE.exe
  2⤵
  PID:4872
- C:\Windows\System\fUfkEas.exe
  C:\Windows\System\fUfkEas.exe
  2⤵
  PID:4916
- C:\Windows\System\JOXqEXE.exe
  C:\Windows\System\JOXqEXE.exe
  2⤵
  PID:4948
- C:\Windows\System\fafRXpN.exe
  C:\Windows\System\fafRXpN.exe
  2⤵
  PID:4972
- C:\Windows\System\TmcqUOk.exe
  C:\Windows\System\TmcqUOk.exe
  2⤵
  PID:5016
- C:\Windows\System\mVNRYlq.exe
  C:\Windows\System\mVNRYlq.exe
  2⤵
  PID:5028
- C:\Windows\System\rbBSjme.exe
  C:\Windows\System\rbBSjme.exe
  2⤵
  PID:5096
- C:\Windows\System\SpJKaEA.exe
  C:\Windows\System\SpJKaEA.exe
  2⤵
  PID:5108
- C:\Windows\System\TlGBmQa.exe
  C:\Windows\System\TlGBmQa.exe
  2⤵
  PID:1688
- C:\Windows\System\yDuMjQs.exe
  C:\Windows\System\yDuMjQs.exe
  2⤵
  PID:2140
- C:\Windows\System\clHZCCc.exe
  C:\Windows\System\clHZCCc.exe
  2⤵
  PID:3328
- C:\Windows\System\XtxTchC.exe
  C:\Windows\System\XtxTchC.exe
  2⤵
  PID:3224
- C:\Windows\System\xOFbGND.exe
  C:\Windows\System\xOFbGND.exe
  2⤵
  PID:3592
- C:\Windows\System\NduEKqY.exe
  C:\Windows\System\NduEKqY.exe
  2⤵
  PID:3772
- C:\Windows\System\yoyhCIy.exe
  C:\Windows\System\yoyhCIy.exe
  2⤵
  PID:4032
- C:\Windows\System\ClxjaeH.exe
  C:\Windows\System\ClxjaeH.exe
  2⤵
  PID:4036
- C:\Windows\System\LljgRKC.exe
  C:\Windows\System\LljgRKC.exe
  2⤵
  PID:4128
- C:\Windows\System\lLmNYvn.exe
  C:\Windows\System\lLmNYvn.exe
  2⤵
  PID:4148
- C:\Windows\System\wzlqqgR.exe
  C:\Windows\System\wzlqqgR.exe
  2⤵
  PID:4244
- C:\Windows\System\XeCbPZC.exe
  C:\Windows\System\XeCbPZC.exe
  2⤵
  PID:4328
- C:\Windows\System\NafGfgV.exe
  C:\Windows\System\NafGfgV.exe
  2⤵
  PID:4356
- C:\Windows\System\UZfWDjm.exe
  C:\Windows\System\UZfWDjm.exe
  2⤵
  PID:4352
- C:\Windows\System\jqMpXKz.exe
  C:\Windows\System\jqMpXKz.exe
  2⤵
  PID:4468
- C:\Windows\System\RSproxu.exe
  C:\Windows\System\RSproxu.exe
  2⤵
  PID:4512
- C:\Windows\System\DpigJep.exe
  C:\Windows\System\DpigJep.exe
  2⤵
  PID:4568
- C:\Windows\System\FRRvXav.exe
  C:\Windows\System\FRRvXav.exe
  2⤵
  PID:4628
- C:\Windows\System\QByOBxv.exe
  C:\Windows\System\QByOBxv.exe
  2⤵
  PID:4712
- C:\Windows\System\rVqtJKJ.exe
  C:\Windows\System\rVqtJKJ.exe
  2⤵
  PID:4776
- C:\Windows\System\lrPPMEA.exe
  C:\Windows\System\lrPPMEA.exe
  2⤵
  PID:4792
- C:\Windows\System\aBrYsMs.exe
  C:\Windows\System\aBrYsMs.exe
  2⤵
  PID:4876
- C:\Windows\System\RswUPyc.exe
  C:\Windows\System\RswUPyc.exe
  2⤵
  PID:4936
- C:\Windows\System\LmQGVKc.exe
  C:\Windows\System\LmQGVKc.exe
  2⤵
  PID:4976
- C:\Windows\System\FskDsYh.exe
  C:\Windows\System\FskDsYh.exe
  2⤵
  PID:5056
- C:\Windows\System\IyNFewA.exe
  C:\Windows\System\IyNFewA.exe
  2⤵
  PID:2820
- C:\Windows\System\maxvSYb.exe
  C:\Windows\System\maxvSYb.exe
  2⤵
  PID:3164
- C:\Windows\System\OUrFxxM.exe
  C:\Windows\System\OUrFxxM.exe
  2⤵
  PID:3200
- C:\Windows\System\DECHBXP.exe
  C:\Windows\System\DECHBXP.exe
  2⤵
  PID:3308
- C:\Windows\System\aNubhWp.exe
  C:\Windows\System\aNubhWp.exe
  2⤵
  PID:3708
- C:\Windows\System\hfyFYHj.exe
  C:\Windows\System\hfyFYHj.exe
  2⤵
  PID:4104
- C:\Windows\System\aGJQdjv.exe
  C:\Windows\System\aGJQdjv.exe
  2⤵
  PID:5124
- C:\Windows\System\foWNCzA.exe
  C:\Windows\System\foWNCzA.exe
  2⤵
  PID:5144
- C:\Windows\System\yhlLmaI.exe
  C:\Windows\System\yhlLmaI.exe
  2⤵
  PID:5164
- C:\Windows\System\ADuSjsi.exe
  C:\Windows\System\ADuSjsi.exe
  2⤵
  PID:5184
- C:\Windows\System\SuDqerq.exe
  C:\Windows\System\SuDqerq.exe
  2⤵
  PID:5204
- C:\Windows\System\IDlgoyw.exe
  C:\Windows\System\IDlgoyw.exe
  2⤵
  PID:5224
- C:\Windows\System\ZtJeDPn.exe
  C:\Windows\System\ZtJeDPn.exe
  2⤵
  PID:5244
- C:\Windows\System\YLxEIFX.exe
  C:\Windows\System\YLxEIFX.exe
  2⤵
  PID:5264
- C:\Windows\System\USepCID.exe
  C:\Windows\System\USepCID.exe
  2⤵
  PID:5284
- C:\Windows\System\yGfmdyi.exe
  C:\Windows\System\yGfmdyi.exe
  2⤵
  PID:5304
- C:\Windows\System\GQHtvjc.exe
  C:\Windows\System\GQHtvjc.exe
  2⤵
  PID:5324
- C:\Windows\System\EPubIfp.exe
  C:\Windows\System\EPubIfp.exe
  2⤵
  PID:5344
- C:\Windows\System\vtNaiwi.exe
  C:\Windows\System\vtNaiwi.exe
  2⤵
  PID:5360
- C:\Windows\System\jnMVBGh.exe
  C:\Windows\System\jnMVBGh.exe
  2⤵
  PID:5384
- C:\Windows\System\jikakMj.exe
  C:\Windows\System\jikakMj.exe
  2⤵
  PID:5404
- C:\Windows\System\ExBaKpJ.exe
  C:\Windows\System\ExBaKpJ.exe
  2⤵
  PID:5424
- C:\Windows\System\nNjQIJp.exe
  C:\Windows\System\nNjQIJp.exe
  2⤵
  PID:5444
- C:\Windows\System\HRZpJHR.exe
  C:\Windows\System\HRZpJHR.exe
  2⤵
  PID:5464
- C:\Windows\System\IoODWBz.exe
  C:\Windows\System\IoODWBz.exe
  2⤵
  PID:5484
- C:\Windows\System\pGWgMas.exe
  C:\Windows\System\pGWgMas.exe
  2⤵
  PID:5504
- C:\Windows\System\eMgBfTs.exe
  C:\Windows\System\eMgBfTs.exe
  2⤵
  PID:5524
- C:\Windows\System\EHPdxTN.exe
  C:\Windows\System\EHPdxTN.exe
  2⤵
  PID:5544
- C:\Windows\System\jLMAflS.exe
  C:\Windows\System\jLMAflS.exe
  2⤵
  PID:5564
- C:\Windows\System\xQCtoYb.exe
  C:\Windows\System\xQCtoYb.exe
  2⤵
  PID:5584
- C:\Windows\System\TbWRIAY.exe
  C:\Windows\System\TbWRIAY.exe
  2⤵
  PID:5604
- C:\Windows\System\Aybwkcy.exe
  C:\Windows\System\Aybwkcy.exe
  2⤵
  PID:5624
- C:\Windows\System\wqzTIlE.exe
  C:\Windows\System\wqzTIlE.exe
  2⤵
  PID:5644
- C:\Windows\System\SKxhckR.exe
  C:\Windows\System\SKxhckR.exe
  2⤵
  PID:5664
- C:\Windows\System\HQZALFr.exe
  C:\Windows\System\HQZALFr.exe
  2⤵
  PID:5684
- C:\Windows\System\JowrcDE.exe
  C:\Windows\System\JowrcDE.exe
  2⤵
  PID:5704
- C:\Windows\System\AbIREvS.exe
  C:\Windows\System\AbIREvS.exe
  2⤵
  PID:5724
- C:\Windows\System\YnjFiGX.exe
  C:\Windows\System\YnjFiGX.exe
  2⤵
  PID:5744
- C:\Windows\System\zoOqZle.exe
  C:\Windows\System\zoOqZle.exe
  2⤵
  PID:5764
- C:\Windows\System\BCBedfp.exe
  C:\Windows\System\BCBedfp.exe
  2⤵
  PID:5784
- C:\Windows\System\vweWkBa.exe
  C:\Windows\System\vweWkBa.exe
  2⤵
  PID:5804
- C:\Windows\System\jccWwhH.exe
  C:\Windows\System\jccWwhH.exe
  2⤵
  PID:5824
- C:\Windows\System\nzsXVRl.exe
  C:\Windows\System\nzsXVRl.exe
  2⤵
  PID:5844
- C:\Windows\System\EtlDPee.exe
  C:\Windows\System\EtlDPee.exe
  2⤵
  PID:5864
- C:\Windows\System\uLeTCTL.exe
  C:\Windows\System\uLeTCTL.exe
  2⤵
  PID:5888
- C:\Windows\System\DyMmYEM.exe
  C:\Windows\System\DyMmYEM.exe
  2⤵
  PID:5908
- C:\Windows\System\cFwnIbl.exe
  C:\Windows\System\cFwnIbl.exe
  2⤵
  PID:5928
- C:\Windows\System\vsxFPhU.exe
  C:\Windows\System\vsxFPhU.exe
  2⤵
  PID:5948
- C:\Windows\System\oBYTjdK.exe
  C:\Windows\System\oBYTjdK.exe
  2⤵
  PID:5968
- C:\Windows\System\FPSojna.exe
  C:\Windows\System\FPSojna.exe
  2⤵
  PID:5988
- C:\Windows\System\wrpjAWD.exe
  C:\Windows\System\wrpjAWD.exe
  2⤵
  PID:6008
- C:\Windows\System\lUINRny.exe
  C:\Windows\System\lUINRny.exe
  2⤵
  PID:6028
- C:\Windows\System\PkXphof.exe
  C:\Windows\System\PkXphof.exe
  2⤵
  PID:6048
- C:\Windows\System\WZzOoDd.exe
  C:\Windows\System\WZzOoDd.exe
  2⤵
  PID:6068
- C:\Windows\System\cbUzcLW.exe
  C:\Windows\System\cbUzcLW.exe
  2⤵
  PID:6088
- C:\Windows\System\QltmDle.exe
  C:\Windows\System\QltmDle.exe
  2⤵
  PID:6108
- C:\Windows\System\HReYixH.exe
  C:\Windows\System\HReYixH.exe
  2⤵
  PID:6128
- C:\Windows\System\ktrbNwS.exe
  C:\Windows\System\ktrbNwS.exe
  2⤵
  PID:4172
- C:\Windows\System\orxojPh.exe
  C:\Windows\System\orxojPh.exe
  2⤵
  PID:4272
- C:\Windows\System\ZRXDuyM.exe
  C:\Windows\System\ZRXDuyM.exe
  2⤵
  PID:4264
- C:\Windows\System\aneqUYC.exe
  C:\Windows\System\aneqUYC.exe
  2⤵
  PID:4476
- C:\Windows\System\AavFtyh.exe
  C:\Windows\System\AavFtyh.exe
  2⤵
  PID:4508
- C:\Windows\System\zFknDpU.exe
  C:\Windows\System\zFknDpU.exe
  2⤵
  PID:4688
- C:\Windows\System\yASAQOz.exe
  C:\Windows\System\yASAQOz.exe
  2⤵
  PID:4808
- C:\Windows\System\LjzZWHn.exe
  C:\Windows\System\LjzZWHn.exe
  2⤵
  PID:4832
- C:\Windows\System\xFTpxZZ.exe
  C:\Windows\System\xFTpxZZ.exe
  2⤵
  PID:4928
- C:\Windows\System\ZSPMxZo.exe
  C:\Windows\System\ZSPMxZo.exe
  2⤵
  PID:5044
- C:\Windows\System\GoFeuug.exe
  C:\Windows\System\GoFeuug.exe
  2⤵
  PID:5092
- C:\Windows\System\kngMONZ.exe
  C:\Windows\System\kngMONZ.exe
  2⤵
  PID:3344
- C:\Windows\System\UdnKhlE.exe
  C:\Windows\System\UdnKhlE.exe
  2⤵
  PID:4088
- C:\Windows\System\RPbLmAq.exe
  C:\Windows\System\RPbLmAq.exe
  2⤵
  PID:4028
- C:\Windows\System\XMFVYtd.exe
  C:\Windows\System\XMFVYtd.exe
  2⤵
  PID:3996
- C:\Windows\System\UDIgRSf.exe
  C:\Windows\System\UDIgRSf.exe
  2⤵
  PID:5180
- C:\Windows\System\HWpROtz.exe
  C:\Windows\System\HWpROtz.exe
  2⤵
  PID:5200
- C:\Windows\System\oaAJkdN.exe
  C:\Windows\System\oaAJkdN.exe
  2⤵
  PID:5252
- C:\Windows\System\WejLNzN.exe
  C:\Windows\System\WejLNzN.exe
  2⤵
  PID:5292
- C:\Windows\System\fGmoubr.exe
  C:\Windows\System\fGmoubr.exe
  2⤵
  PID:5276
- C:\Windows\System\nFDaDdH.exe
  C:\Windows\System\nFDaDdH.exe
  2⤵
  PID:1264
- C:\Windows\System\tGfStTc.exe
  C:\Windows\System\tGfStTc.exe
  2⤵
  PID:5352
- C:\Windows\System\mhsZvmT.exe
  C:\Windows\System\mhsZvmT.exe
  2⤵
  PID:5396
- C:\Windows\System\XGaLaqB.exe
  C:\Windows\System\XGaLaqB.exe
  2⤵
  PID:5452
- C:\Windows\System\nqXwzSP.exe
  C:\Windows\System\nqXwzSP.exe
  2⤵
  PID:5492
- C:\Windows\System\yFNOXai.exe
  C:\Windows\System\yFNOXai.exe
  2⤵
  PID:5496
- C:\Windows\System\bvXSZoP.exe
  C:\Windows\System\bvXSZoP.exe
  2⤵
  PID:5520
- C:\Windows\System\KeCXvzj.exe
  C:\Windows\System\KeCXvzj.exe
  2⤵
  PID:5572
- C:\Windows\System\TLzdNZD.exe
  C:\Windows\System\TLzdNZD.exe
  2⤵
  PID:5596
- C:\Windows\System\cZKLAja.exe
  C:\Windows\System\cZKLAja.exe
  2⤵
  PID:5640
- C:\Windows\System\xbVuCKA.exe
  C:\Windows\System\xbVuCKA.exe
  2⤵
  PID:5696
- C:\Windows\System\TZuWPjr.exe
  C:\Windows\System\TZuWPjr.exe
  2⤵
  PID:5680
- C:\Windows\System\FbFCcSm.exe
  C:\Windows\System\FbFCcSm.exe
  2⤵
  PID:5752
- C:\Windows\System\hvjVTHN.exe
  C:\Windows\System\hvjVTHN.exe
  2⤵
  PID:5760
- C:\Windows\System\SpBhDuq.exe
  C:\Windows\System\SpBhDuq.exe
  2⤵
  PID:5792
- C:\Windows\System\NjrZJwV.exe
  C:\Windows\System\NjrZJwV.exe
  2⤵
  PID:5836
- C:\Windows\System\zuGlJAy.exe
  C:\Windows\System\zuGlJAy.exe
  2⤵
  PID:5896
- C:\Windows\System\bTNnWBU.exe
  C:\Windows\System\bTNnWBU.exe
  2⤵
  PID:5880
- C:\Windows\System\lCgDQsQ.exe
  C:\Windows\System\lCgDQsQ.exe
  2⤵
  PID:5956
- C:\Windows\System\qLayQhV.exe
  C:\Windows\System\qLayQhV.exe
  2⤵
  PID:5980
- C:\Windows\System\rrzTFnY.exe
  C:\Windows\System\rrzTFnY.exe
  2⤵
  PID:6056
- C:\Windows\System\OhvYOeh.exe
  C:\Windows\System\OhvYOeh.exe
  2⤵
  PID:6036
- C:\Windows\System\FtrskJJ.exe
  C:\Windows\System\FtrskJJ.exe
  2⤵
  PID:6104
- C:\Windows\System\hydcmsV.exe
  C:\Windows\System\hydcmsV.exe
  2⤵
  PID:4192
- C:\Windows\System\nmDPBOZ.exe
  C:\Windows\System\nmDPBOZ.exe
  2⤵
  PID:4324
- C:\Windows\System\oMAIMGv.exe
  C:\Windows\System\oMAIMGv.exe
  2⤵
  PID:4284
- C:\Windows\System\DNUJqYT.exe
  C:\Windows\System\DNUJqYT.exe
  2⤵
  PID:4596
- C:\Windows\System\ePNNRve.exe
  C:\Windows\System\ePNNRve.exe
  2⤵
  PID:4672
- C:\Windows\System\GNxOMPn.exe
  C:\Windows\System\GNxOMPn.exe
  2⤵
  PID:4932
- C:\Windows\System\ZwlEclZ.exe
  C:\Windows\System\ZwlEclZ.exe
  2⤵
  PID:5088
- C:\Windows\System\BPhuoIy.exe
  C:\Windows\System\BPhuoIy.exe
  2⤵
  PID:5068
- C:\Windows\System\yOutHzA.exe
  C:\Windows\System\yOutHzA.exe
  2⤵
  PID:5132
- C:\Windows\System\BbnLDNH.exe
  C:\Windows\System\BbnLDNH.exe
  2⤵
  PID:3512
- C:\Windows\System\leXdAAN.exe
  C:\Windows\System\leXdAAN.exe
  2⤵
  PID:5156
- C:\Windows\System\MIENagc.exe
  C:\Windows\System\MIENagc.exe
  2⤵
  PID:5256
- C:\Windows\System\YDcRGNl.exe
  C:\Windows\System\YDcRGNl.exe
  2⤵
  PID:5232
- C:\Windows\System\exIQheY.exe
  C:\Windows\System\exIQheY.exe
  2⤵
  PID:5320
- C:\Windows\System\GzWHMUx.exe
  C:\Windows\System\GzWHMUx.exe
  2⤵
  PID:5372
- C:\Windows\System\ydTcSnR.exe
  C:\Windows\System\ydTcSnR.exe
  2⤵
  PID:5416
- C:\Windows\System\lsAjpxC.exe
  C:\Windows\System\lsAjpxC.exe
  2⤵
  PID:5532
- C:\Windows\System\LJYihus.exe
  C:\Windows\System\LJYihus.exe
  2⤵
  PID:5576
- C:\Windows\System\vuzNicg.exe
  C:\Windows\System\vuzNicg.exe
  2⤵
  PID:5556
- C:\Windows\System\DiGOqzy.exe
  C:\Windows\System\DiGOqzy.exe
  2⤵
  PID:5692
- C:\Windows\System\vcuRkhI.exe
  C:\Windows\System\vcuRkhI.exe
  2⤵
  PID:5740
- C:\Windows\System\rXJWWaz.exe
  C:\Windows\System\rXJWWaz.exe
  2⤵
  PID:5812
- C:\Windows\System\kQuuVKG.exe
  C:\Windows\System\kQuuVKG.exe
  2⤵
  PID:5796
- C:\Windows\System\GDZXkCs.exe
  C:\Windows\System\GDZXkCs.exe
  2⤵
  PID:5904
- C:\Windows\System\unCtybT.exe
  C:\Windows\System\unCtybT.exe
  2⤵
  PID:5924
- C:\Windows\System\JkclyOq.exe
  C:\Windows\System\JkclyOq.exe
  2⤵
  PID:6020
- C:\Windows\System\rZGmmfv.exe
  C:\Windows\System\rZGmmfv.exe
  2⤵
  PID:6040
- C:\Windows\System\QxZcBUI.exe
  C:\Windows\System\QxZcBUI.exe
  2⤵
  PID:6116
- C:\Windows\System\QoPomAW.exe
  C:\Windows\System\QoPomAW.exe
  2⤵
  PID:4392
- C:\Windows\System\gRNmNAh.exe
  C:\Windows\System\gRNmNAh.exe
  2⤵
  PID:4652
- C:\Windows\System\iWasYPM.exe
  C:\Windows\System\iWasYPM.exe
  2⤵
  PID:4988
- C:\Windows\System\qbHlwPd.exe
  C:\Windows\System\qbHlwPd.exe
  2⤵
  PID:5072
- C:\Windows\System\BDbAZgr.exe
  C:\Windows\System\BDbAZgr.exe
  2⤵
  PID:5216
- C:\Windows\System\kWnSKQS.exe
  C:\Windows\System\kWnSKQS.exe
  2⤵
  PID:3604
- C:\Windows\System\giFwAwM.exe
  C:\Windows\System\giFwAwM.exe
  2⤵
  PID:5272
- C:\Windows\System\zlRfcmw.exe
  C:\Windows\System\zlRfcmw.exe
  2⤵
  PID:5420
- C:\Windows\System\rgbFDzr.exe
  C:\Windows\System\rgbFDzr.exe
  2⤵
  PID:5540
- C:\Windows\System\VrxeKEj.exe
  C:\Windows\System\VrxeKEj.exe
  2⤵
  PID:5652
- C:\Windows\System\GlVoZQd.exe
  C:\Windows\System\GlVoZQd.exe
  2⤵
  PID:5552
- C:\Windows\System\lIPWRms.exe
  C:\Windows\System\lIPWRms.exe
  2⤵
  PID:5832
- C:\Windows\System\pjvZGnm.exe
  C:\Windows\System\pjvZGnm.exe
  2⤵
  PID:5996
- C:\Windows\System\BhgPxrx.exe
  C:\Windows\System\BhgPxrx.exe
  2⤵
  PID:5936
- C:\Windows\System\SMoBWNw.exe
  C:\Windows\System\SMoBWNw.exe
  2⤵
  PID:6136
- C:\Windows\System\DZlOEOO.exe
  C:\Windows\System\DZlOEOO.exe
  2⤵
  PID:6156
- C:\Windows\System\bkbNAqO.exe
  C:\Windows\System\bkbNAqO.exe
  2⤵
  PID:6176
- C:\Windows\System\qCQvIBz.exe
  C:\Windows\System\qCQvIBz.exe
  2⤵
  PID:6196
- C:\Windows\System\EFHPjpu.exe
  C:\Windows\System\EFHPjpu.exe
  2⤵
  PID:6216
- C:\Windows\System\tByzIzm.exe
  C:\Windows\System\tByzIzm.exe
  2⤵
  PID:6236
- C:\Windows\System\kLxOPyt.exe
  C:\Windows\System\kLxOPyt.exe
  2⤵
  PID:6256
- C:\Windows\System\hvLHjOW.exe
  C:\Windows\System\hvLHjOW.exe
  2⤵
  PID:6272
- C:\Windows\System\tuRtokN.exe
  C:\Windows\System\tuRtokN.exe
  2⤵
  PID:6296
- C:\Windows\System\nWSZwAY.exe
  C:\Windows\System\nWSZwAY.exe
  2⤵
  PID:6316
- C:\Windows\System\AehxzZc.exe
  C:\Windows\System\AehxzZc.exe
  2⤵
  PID:6336
- C:\Windows\System\oJWHCeT.exe
  C:\Windows\System\oJWHCeT.exe
  2⤵
  PID:6356
- C:\Windows\System\VWEaClG.exe
  C:\Windows\System\VWEaClG.exe
  2⤵
  PID:6372
- C:\Windows\System\meBNUux.exe
  C:\Windows\System\meBNUux.exe
  2⤵
  PID:6396
- C:\Windows\System\zBfYiLU.exe
  C:\Windows\System\zBfYiLU.exe
  2⤵
  PID:6416
- C:\Windows\System\HMNFSFl.exe
  C:\Windows\System\HMNFSFl.exe
  2⤵
  PID:6436
- C:\Windows\System\nflsWFG.exe
  C:\Windows\System\nflsWFG.exe
  2⤵
  PID:6456
- C:\Windows\System\qkdrSsc.exe
  C:\Windows\System\qkdrSsc.exe
  2⤵
  PID:6476
- C:\Windows\System\CHTqjPb.exe
  C:\Windows\System\CHTqjPb.exe
  2⤵
  PID:6496
- C:\Windows\System\oGmCoyx.exe
  C:\Windows\System\oGmCoyx.exe
  2⤵
  PID:6516
- C:\Windows\System\haPfGcn.exe
  C:\Windows\System\haPfGcn.exe
  2⤵
  PID:6532
- C:\Windows\System\CKkRbUT.exe
  C:\Windows\System\CKkRbUT.exe
  2⤵
  PID:6556
- C:\Windows\System\bSmIuQu.exe
  C:\Windows\System\bSmIuQu.exe
  2⤵
  PID:6572
- C:\Windows\System\gxzecDn.exe
  C:\Windows\System\gxzecDn.exe
  2⤵
  PID:6596
- C:\Windows\System\NNSkmZi.exe
  C:\Windows\System\NNSkmZi.exe
  2⤵
  PID:6616
- C:\Windows\System\xMgLBdM.exe
  C:\Windows\System\xMgLBdM.exe
  2⤵
  PID:6636
- C:\Windows\System\SaqVZiO.exe
  C:\Windows\System\SaqVZiO.exe
  2⤵
  PID:6656
- C:\Windows\System\YecMVgX.exe
  C:\Windows\System\YecMVgX.exe
  2⤵
  PID:6676
- C:\Windows\System\hRwojDt.exe
  C:\Windows\System\hRwojDt.exe
  2⤵
  PID:6696
- C:\Windows\System\fVGNwzv.exe
  C:\Windows\System\fVGNwzv.exe
  2⤵
  PID:6716
- C:\Windows\System\amUIqDI.exe
  C:\Windows\System\amUIqDI.exe
  2⤵
  PID:6732
- C:\Windows\System\iXmBhjr.exe
  C:\Windows\System\iXmBhjr.exe
  2⤵
  PID:6756
- C:\Windows\System\dEjZtrU.exe
  C:\Windows\System\dEjZtrU.exe
  2⤵
  PID:6776
- C:\Windows\System\DNLvbVe.exe
  C:\Windows\System\DNLvbVe.exe
  2⤵
  PID:6796
- C:\Windows\System\LgXwgNZ.exe
  C:\Windows\System\LgXwgNZ.exe
  2⤵
  PID:6816
- C:\Windows\System\yAGOYLq.exe
  C:\Windows\System\yAGOYLq.exe
  2⤵
  PID:6836
- C:\Windows\System\aHJcEIw.exe
  C:\Windows\System\aHJcEIw.exe
  2⤵
  PID:6856
- C:\Windows\System\ZRNXPog.exe
  C:\Windows\System\ZRNXPog.exe
  2⤵
  PID:6876
- C:\Windows\System\rWxPqxE.exe
  C:\Windows\System\rWxPqxE.exe
  2⤵
  PID:6892
- C:\Windows\System\tjkjdFr.exe
  C:\Windows\System\tjkjdFr.exe
  2⤵
  PID:6912
- C:\Windows\System\KJauGtR.exe
  C:\Windows\System\KJauGtR.exe
  2⤵
  PID:6932
- C:\Windows\System\vIzsflU.exe
  C:\Windows\System\vIzsflU.exe
  2⤵
  PID:6952
- C:\Windows\System\BzUmaTh.exe
  C:\Windows\System\BzUmaTh.exe
  2⤵
  PID:6972
- C:\Windows\System\HZLMkGD.exe
  C:\Windows\System\HZLMkGD.exe
  2⤵
  PID:7000
- C:\Windows\System\ptfxymo.exe
  C:\Windows\System\ptfxymo.exe
  2⤵
  PID:7020
- C:\Windows\System\dnjMhvJ.exe
  C:\Windows\System\dnjMhvJ.exe
  2⤵
  PID:7040
- C:\Windows\System\mnfQRYL.exe
  C:\Windows\System\mnfQRYL.exe
  2⤵
  PID:7060
- C:\Windows\System\gJMafUA.exe
  C:\Windows\System\gJMafUA.exe
  2⤵
  PID:7076
- C:\Windows\System\fCwAjxw.exe
  C:\Windows\System\fCwAjxw.exe
  2⤵
  PID:7096
- C:\Windows\System\oPdxjSr.exe
  C:\Windows\System\oPdxjSr.exe
  2⤵
  PID:7120
- C:\Windows\System\DHifxim.exe
  C:\Windows\System\DHifxim.exe
  2⤵
  PID:7140
- C:\Windows\System\qOcpPms.exe
  C:\Windows\System\qOcpPms.exe
  2⤵
  PID:7156
- C:\Windows\System\UnLDzyV.exe
  C:\Windows\System\UnLDzyV.exe
  2⤵
  PID:4408
- C:\Windows\System\EFPUlYH.exe
  C:\Windows\System\EFPUlYH.exe
  2⤵
  PID:4616
- C:\Windows\System\iHWxaBj.exe
  C:\Windows\System\iHWxaBj.exe
  2⤵
  PID:5316
- C:\Windows\System\NiePWcZ.exe
  C:\Windows\System\NiePWcZ.exe
  2⤵
  PID:3220
- C:\Windows\System\nhsjons.exe
  C:\Windows\System\nhsjons.exe
  2⤵
  PID:5280
- C:\Windows\System\KjNPdaG.exe
  C:\Windows\System\KjNPdaG.exe
  2⤵
  PID:5500
- C:\Windows\System\EojvNIz.exe
  C:\Windows\System\EojvNIz.exe
  2⤵
  PID:5592
- C:\Windows\System\HNJMIfS.exe
  C:\Windows\System\HNJMIfS.exe
  2⤵
  PID:5860
- C:\Windows\System\HQzyCMO.exe
  C:\Windows\System\HQzyCMO.exe
  2⤵
  PID:6060
- C:\Windows\System\GliGNaL.exe
  C:\Windows\System\GliGNaL.exe
  2⤵
  PID:6064
- C:\Windows\System\XKQPLWX.exe
  C:\Windows\System\XKQPLWX.exe
  2⤵
  PID:6164
- C:\Windows\System\MpgNXee.exe
  C:\Windows\System\MpgNXee.exe
  2⤵
  PID:6212
- C:\Windows\System\eqWCUuK.exe
  C:\Windows\System\eqWCUuK.exe
  2⤵
  PID:6244
- C:\Windows\System\GDDpiVs.exe
  C:\Windows\System\GDDpiVs.exe
  2⤵
  PID:6284
- C:\Windows\System\cMEEujY.exe
  C:\Windows\System\cMEEujY.exe
  2⤵
  PID:6288
- C:\Windows\System\MrPJeGq.exe
  C:\Windows\System\MrPJeGq.exe
  2⤵
  PID:6328
- C:\Windows\System\nsQbfBz.exe
  C:\Windows\System\nsQbfBz.exe
  2⤵
  PID:6364
- C:\Windows\System\ZHzInyd.exe
  C:\Windows\System\ZHzInyd.exe
  2⤵
  PID:6428
- C:\Windows\System\ytwPlbX.exe
  C:\Windows\System\ytwPlbX.exe
  2⤵
  PID:6448
- C:\Windows\System\PvuCNcS.exe
  C:\Windows\System\PvuCNcS.exe
  2⤵
  PID:6508
- C:\Windows\System\SDFJLnT.exe
  C:\Windows\System\SDFJLnT.exe
  2⤵
  PID:6544
- C:\Windows\System\gOzyYRU.exe
  C:\Windows\System\gOzyYRU.exe
  2⤵
  PID:6580
- C:\Windows\System\WmyxXmS.exe
  C:\Windows\System\WmyxXmS.exe
  2⤵
  PID:6564
- C:\Windows\System\DUmddoy.exe
  C:\Windows\System\DUmddoy.exe
  2⤵
  PID:6628
- C:\Windows\System\rcHbtfw.exe
  C:\Windows\System\rcHbtfw.exe
  2⤵
  PID:6672
- C:\Windows\System\LqzihPI.exe
  C:\Windows\System\LqzihPI.exe
  2⤵
  PID:6708
- C:\Windows\System\soAtEQg.exe
  C:\Windows\System\soAtEQg.exe
  2⤵
  PID:6688
- C:\Windows\System\sAKuvvZ.exe
  C:\Windows\System\sAKuvvZ.exe
  2⤵
  PID:6728
- C:\Windows\System\CBZrDwf.exe
  C:\Windows\System\CBZrDwf.exe
  2⤵
  PID:6764
- C:\Windows\System\HrrdVmG.exe
  C:\Windows\System\HrrdVmG.exe
  2⤵
  PID:6828
- C:\Windows\System\nyfhShd.exe
  C:\Windows\System\nyfhShd.exe
  2⤵
  PID:7112
- C:\Windows\System\AWlEJwK.exe
  C:\Windows\System\AWlEJwK.exe
  2⤵
  PID:7052
- C:\Windows\System\CBuLIoa.exe
  C:\Windows\System\CBuLIoa.exe
  2⤵
  PID:4648
- C:\Windows\System\NxUamwq.exe
  C:\Windows\System\NxUamwq.exe
  2⤵
  PID:7088
- C:\Windows\System\nLDPIXG.exe
  C:\Windows\System\nLDPIXG.exe
  2⤵
  PID:3352
- C:\Windows\System\qaIJKCS.exe
  C:\Windows\System\qaIJKCS.exe
  2⤵
  PID:4756
- C:\Windows\System\KrtChoU.exe
  C:\Windows\System\KrtChoU.exe
  2⤵
  PID:5400
- C:\Windows\System\uRMaNBb.exe
  C:\Windows\System\uRMaNBb.exe
  2⤵
  PID:5776
- C:\Windows\System\wsKgByi.exe
  C:\Windows\System\wsKgByi.exe
  2⤵
  PID:6000
- C:\Windows\System\SpGUUAd.exe
  C:\Windows\System\SpGUUAd.exe
  2⤵
  PID:6232
- C:\Windows\System\eVGJSWv.exe
  C:\Windows\System\eVGJSWv.exe
  2⤵
  PID:6248
- C:\Windows\System\HaXJITY.exe
  C:\Windows\System\HaXJITY.exe
  2⤵
  PID:6324
- C:\Windows\System\pjVmidj.exe
  C:\Windows\System\pjVmidj.exe
  2⤵
  PID:6384
- C:\Windows\System\veLivvb.exe
  C:\Windows\System\veLivvb.exe
  2⤵
  PID:6512
- C:\Windows\System\RjnTIqt.exe
  C:\Windows\System\RjnTIqt.exe
  2⤵
  PID:6604
- C:\Windows\System\XHUfSVU.exe
  C:\Windows\System\XHUfSVU.exe
  2⤵
  PID:6712
- C:\Windows\System\HIxiODN.exe
  C:\Windows\System\HIxiODN.exe
  2⤵
  PID:6768
- C:\Windows\System\rwYTFoO.exe
  C:\Windows\System\rwYTFoO.exe
  2⤵
  PID:5612
- C:\Windows\System\ERgZYxX.exe
  C:\Windows\System\ERgZYxX.exe
  2⤵
  PID:6304
- C:\Windows\System\tsNGoyD.exe
  C:\Windows\System\tsNGoyD.exe
  2⤵
  PID:6412
- C:\Windows\System\lMLuZQx.exe
  C:\Windows\System\lMLuZQx.exe
  2⤵
  PID:6488
- C:\Windows\System\xsOotar.exe
  C:\Windows\System\xsOotar.exe
  2⤵
  PID:6664
- C:\Windows\System\VJntDws.exe
  C:\Windows\System\VJntDws.exe
  2⤵
  PID:6808
- C:\Windows\System\ObwDGlh.exe
  C:\Windows\System\ObwDGlh.exe
  2⤵
  PID:7016
- C:\Windows\System\gYBUslS.exe
  C:\Windows\System\gYBUslS.exe
  2⤵
  PID:3248
- C:\Windows\System\qtKrICW.exe
  C:\Windows\System\qtKrICW.exe
  2⤵
  PID:3096
- C:\Windows\System\IcdAzTS.exe
  C:\Windows\System\IcdAzTS.exe
  2⤵
  PID:336
- C:\Windows\System\lqrcOgq.exe
  C:\Windows\System\lqrcOgq.exe
  2⤵
  PID:4692
- C:\Windows\System\NQQQmGp.exe
  C:\Windows\System\NQQQmGp.exe
  2⤵
  PID:6348
- C:\Windows\System\wtzCzGu.exe
  C:\Windows\System\wtzCzGu.exe
  2⤵
  PID:1736
- C:\Windows\System\KQqwBJI.exe
  C:\Windows\System\KQqwBJI.exe
  2⤵
  PID:6452
- C:\Windows\System\JnRcXuN.exe
  C:\Windows\System\JnRcXuN.exe
  2⤵
  PID:7072
- C:\Windows\System\HizDUxH.exe
  C:\Windows\System\HizDUxH.exe
  2⤵
  PID:4212
- C:\Windows\System\EoUKzka.exe
  C:\Windows\System\EoUKzka.exe
  2⤵
  PID:7172
- C:\Windows\System\sqjjxOr.exe
  C:\Windows\System\sqjjxOr.exe
  2⤵
  PID:7224
- C:\Windows\System\IWSztvG.exe
  C:\Windows\System\IWSztvG.exe
  2⤵
  PID:7244
- C:\Windows\System\uxmNYiH.exe
  C:\Windows\System\uxmNYiH.exe
  2⤵
  PID:7260
- C:\Windows\System\QdPoClM.exe
  C:\Windows\System\QdPoClM.exe
  2⤵
  PID:7280
- C:\Windows\System\lqThKtU.exe
  C:\Windows\System\lqThKtU.exe
  2⤵
  PID:7300
- C:\Windows\System\lqZWYxO.exe
  C:\Windows\System\lqZWYxO.exe
  2⤵
  PID:7320
- C:\Windows\System\HkDIvLM.exe
  C:\Windows\System\HkDIvLM.exe
  2⤵
  PID:7340
- C:\Windows\System\lQDJQNP.exe
  C:\Windows\System\lQDJQNP.exe
  2⤵
  PID:7356
- C:\Windows\System\RxhFbhz.exe
  C:\Windows\System\RxhFbhz.exe
  2⤵
  PID:7376
- C:\Windows\System\ViIBFna.exe
  C:\Windows\System\ViIBFna.exe
  2⤵
  PID:7392
- C:\Windows\System\ourUqUb.exe
  C:\Windows\System\ourUqUb.exe
  2⤵
  PID:7416
- C:\Windows\System\kAmqsaJ.exe
  C:\Windows\System\kAmqsaJ.exe
  2⤵
  PID:7432
- C:\Windows\System\GyNVvKu.exe
  C:\Windows\System\GyNVvKu.exe
  2⤵
  PID:7452
- C:\Windows\System\lxtKJTV.exe
  C:\Windows\System\lxtKJTV.exe
  2⤵
  PID:7472
- C:\Windows\System\LIHiQJz.exe
  C:\Windows\System\LIHiQJz.exe
  2⤵
  PID:7496
- C:\Windows\System\iqiESGj.exe
  C:\Windows\System\iqiESGj.exe
  2⤵
  PID:7520
- C:\Windows\System\DyEoqWx.exe
  C:\Windows\System\DyEoqWx.exe
  2⤵
  PID:7536
- C:\Windows\System\aIreyPR.exe
  C:\Windows\System\aIreyPR.exe
  2⤵
  PID:7552
- C:\Windows\System\woYTJbb.exe
  C:\Windows\System\woYTJbb.exe
  2⤵
  PID:7576
- C:\Windows\System\kCgNXra.exe
  C:\Windows\System\kCgNXra.exe
  2⤵
  PID:7600
- C:\Windows\System\SSKCTec.exe
  C:\Windows\System\SSKCTec.exe
  2⤵
  PID:7616
- C:\Windows\System\NwVhhFK.exe
  C:\Windows\System\NwVhhFK.exe
  2⤵
  PID:7632
- C:\Windows\System\Ohqgivw.exe
  C:\Windows\System\Ohqgivw.exe
  2⤵
  PID:7656
- C:\Windows\System\qMkpGho.exe
  C:\Windows\System\qMkpGho.exe
  2⤵
  PID:7680
- C:\Windows\System\GRpckDu.exe
  C:\Windows\System\GRpckDu.exe
  2⤵
  PID:7696
- C:\Windows\System\ixNeSBw.exe
  C:\Windows\System\ixNeSBw.exe
  2⤵
  PID:7720
- C:\Windows\System\poeojNw.exe
  C:\Windows\System\poeojNw.exe
  2⤵
  PID:7740
- C:\Windows\System\XnCbAWq.exe
  C:\Windows\System\XnCbAWq.exe
  2⤵
  PID:7760
- C:\Windows\System\xwOLveO.exe
  C:\Windows\System\xwOLveO.exe
  2⤵
  PID:7784
- C:\Windows\System\LLmKaAc.exe
  C:\Windows\System\LLmKaAc.exe
  2⤵
  PID:7804
- C:\Windows\System\iMCBFdk.exe
  C:\Windows\System\iMCBFdk.exe
  2⤵
  PID:7820
- C:\Windows\System\ICBUwRF.exe
  C:\Windows\System\ICBUwRF.exe
  2⤵
  PID:7844
- C:\Windows\System\BsTzvIq.exe
  C:\Windows\System\BsTzvIq.exe
  2⤵
  PID:7860
- C:\Windows\System\iwKHkRl.exe
  C:\Windows\System\iwKHkRl.exe
  2⤵
  PID:7876
- C:\Windows\System\smisfmN.exe
  C:\Windows\System\smisfmN.exe
  2⤵
  PID:7900
- C:\Windows\System\SDBEbWy.exe
  C:\Windows\System\SDBEbWy.exe
  2⤵
  PID:7924
- C:\Windows\System\GKVPdFY.exe
  C:\Windows\System\GKVPdFY.exe
  2⤵
  PID:7944
- C:\Windows\System\DvRDfwN.exe
  C:\Windows\System\DvRDfwN.exe
  2⤵
  PID:7964
- C:\Windows\System\YhFXoLX.exe
  C:\Windows\System\YhFXoLX.exe
  2⤵
  PID:7980
- C:\Windows\System\IYiaUwl.exe
  C:\Windows\System\IYiaUwl.exe
  2⤵
  PID:8004
- C:\Windows\System\tkLmxSQ.exe
  C:\Windows\System\tkLmxSQ.exe
  2⤵
  PID:8028
- C:\Windows\System\AKmQUVC.exe
  C:\Windows\System\AKmQUVC.exe
  2⤵
  PID:8048
- C:\Windows\System\YxYuomI.exe
  C:\Windows\System\YxYuomI.exe
  2⤵
  PID:8072
- C:\Windows\System\TRWYQfQ.exe
  C:\Windows\System\TRWYQfQ.exe
  2⤵
  PID:8088
- C:\Windows\System\tDsDNkR.exe
  C:\Windows\System\tDsDNkR.exe
  2⤵
  PID:8108
- C:\Windows\System\GScFClz.exe
  C:\Windows\System\GScFClz.exe
  2⤵
  PID:8132
- C:\Windows\System\UzFJsyO.exe
  C:\Windows\System\UzFJsyO.exe
  2⤵
  PID:8152
- C:\Windows\System\ahQxowR.exe
  C:\Windows\System\ahQxowR.exe
  2⤵
  PID:8172
- C:\Windows\System\zfohzGn.exe
  C:\Windows\System\zfohzGn.exe
  2⤵
  PID:8188
- C:\Windows\System\PDMSMGb.exe
  C:\Windows\System\PDMSMGb.exe
  2⤵
  PID:3100
- C:\Windows\System\OoNCBSM.exe
  C:\Windows\System\OoNCBSM.exe
  2⤵
  PID:3120
- C:\Windows\System\CUsRUUg.exe
  C:\Windows\System\CUsRUUg.exe
  2⤵
  PID:5380
- C:\Windows\System\PXHSCuK.exe
  C:\Windows\System\PXHSCuK.exe
  2⤵
  PID:5660
- C:\Windows\System\lnyaaNs.exe
  C:\Windows\System\lnyaaNs.exe
  2⤵
  PID:3124
- C:\Windows\System\FdktNBx.exe
  C:\Windows\System\FdktNBx.exe
  2⤵
  PID:6528
- C:\Windows\System\kCOJCVv.exe
  C:\Windows\System\kCOJCVv.exe
  2⤵
  PID:6744
- C:\Windows\System\kfHjftV.exe
  C:\Windows\System\kfHjftV.exe
  2⤵
  PID:7236
- C:\Windows\System\bFtxGfw.exe
  C:\Windows\System\bFtxGfw.exe
  2⤵
  PID:6264
- C:\Windows\System\gLqasSe.exe
  C:\Windows\System\gLqasSe.exe
  2⤵
  PID:3148
- C:\Windows\System\yEwzoiR.exe
  C:\Windows\System\yEwzoiR.exe
  2⤵
  PID:6648
- C:\Windows\System\IwRCBNH.exe
  C:\Windows\System\IwRCBNH.exe
  2⤵
  PID:7352
- C:\Windows\System\BbqWlZq.exe
  C:\Windows\System\BbqWlZq.exe
  2⤵
  PID:3208
- C:\Windows\System\pETWWdM.exe
  C:\Windows\System\pETWWdM.exe
  2⤵
  PID:6224
- C:\Windows\System\qYZBwxC.exe
  C:\Windows\System\qYZBwxC.exe
  2⤵
  PID:7424
- C:\Windows\System\uYpnkPp.exe
  C:\Windows\System\uYpnkPp.exe
  2⤵
  PID:6444
- C:\Windows\System\puQrmat.exe
  C:\Windows\System\puQrmat.exe
  2⤵
  PID:7180
- C:\Windows\System\bQKncmp.exe
  C:\Windows\System\bQKncmp.exe
  2⤵
  PID:7188
- C:\Windows\System\hPXRdfw.exe
  C:\Windows\System\hPXRdfw.exe
  2⤵
  PID:7204
- C:\Windows\System\PcXwSCt.exe
  C:\Windows\System\PcXwSCt.exe
  2⤵
  PID:7216
- C:\Windows\System\ErLTNUO.exe
  C:\Windows\System\ErLTNUO.exe
  2⤵
  PID:7544
- C:\Windows\System\LSJhMnp.exe
  C:\Windows\System\LSJhMnp.exe
  2⤵
  PID:7592
- C:\Windows\System\TJAdhFf.exe
  C:\Windows\System\TJAdhFf.exe
  2⤵
  PID:7292
- C:\Windows\System\xRFITgF.exe
  C:\Windows\System\xRFITgF.exe
  2⤵
  PID:7332
- C:\Windows\System\JxcZFdy.exe
  C:\Windows\System\JxcZFdy.exe
  2⤵
  PID:1904
- C:\Windows\System\xDiTXpd.exe
  C:\Windows\System\xDiTXpd.exe
  2⤵
  PID:7664
- C:\Windows\System\DuXYVHM.exe
  C:\Windows\System\DuXYVHM.exe
  2⤵
  PID:1984
- C:\Windows\System\OmdOdSW.exe
  C:\Windows\System\OmdOdSW.exe
  2⤵
  PID:7448
- C:\Windows\System\wRBFOoE.exe
  C:\Windows\System\wRBFOoE.exe
  2⤵
  PID:7488
- C:\Windows\System\bisFJZf.exe
  C:\Windows\System\bisFJZf.exe
  2⤵
  PID:7564
- C:\Windows\System\cRiaIWX.exe
  C:\Windows\System\cRiaIWX.exe
  2⤵
  PID:7756
- C:\Windows\System\xLqpNtT.exe
  C:\Windows\System\xLqpNtT.exe
  2⤵
  PID:7608
- C:\Windows\System\VkNzsxK.exe
  C:\Windows\System\VkNzsxK.exe
  2⤵
  PID:7828
- C:\Windows\System\hgdQynR.exe
  C:\Windows\System\hgdQynR.exe
  2⤵
  PID:7688
- C:\Windows\System\CshsYkf.exe
  C:\Windows\System\CshsYkf.exe
  2⤵
  PID:7732
- C:\Windows\System\mGruxoD.exe
  C:\Windows\System\mGruxoD.exe
  2⤵
  PID:7916
- C:\Windows\System\mLsqEsL.exe
  C:\Windows\System\mLsqEsL.exe
  2⤵
  PID:7952
- C:\Windows\System\AAVHZly.exe
  C:\Windows\System\AAVHZly.exe
  2⤵
  PID:7816
- C:\Windows\System\kmOMJyw.exe
  C:\Windows\System\kmOMJyw.exe
  2⤵
  PID:7888
- C:\Windows\System\wBCleMC.exe
  C:\Windows\System\wBCleMC.exe
  2⤵
  PID:8000
- C:\Windows\System\fvJTCxo.exe
  C:\Windows\System\fvJTCxo.exe
  2⤵
  PID:8040
- C:\Windows\System\mxcqRhW.exe
  C:\Windows\System\mxcqRhW.exe
  2⤵
  PID:8012
- C:\Windows\System\YSJjkrr.exe
  C:\Windows\System\YSJjkrr.exe
  2⤵
  PID:8020
- C:\Windows\System\YkIuLbo.exe
  C:\Windows\System\YkIuLbo.exe
  2⤵
  PID:8124
- C:\Windows\System\vUlZMZn.exe
  C:\Windows\System\vUlZMZn.exe
  2⤵
  PID:8168
- C:\Windows\System\juPsLlP.exe
  C:\Windows\System\juPsLlP.exe
  2⤵
  PID:3108
- C:\Windows\System\PEyDMqz.exe
  C:\Windows\System\PEyDMqz.exe
  2⤵
  PID:8144
- C:\Windows\System\aCzOYyb.exe
  C:\Windows\System\aCzOYyb.exe
  2⤵
  PID:7084
- C:\Windows\System\AGTlinM.exe
  C:\Windows\System\AGTlinM.exe
  2⤵
  PID:5900
- C:\Windows\System\sFEvnrC.exe
  C:\Windows\System\sFEvnrC.exe
  2⤵
  PID:3112
- C:\Windows\System\QPMjYue.exe
  C:\Windows\System\QPMjYue.exe
  2⤵
  PID:6192
- C:\Windows\System\RXSFvKX.exe
  C:\Windows\System\RXSFvKX.exe
  2⤵
  PID:3188
- C:\Windows\System\cuOjqKF.exe
  C:\Windows\System\cuOjqKF.exe
  2⤵
  PID:7388
- C:\Windows\System\NdKDbqh.exe
  C:\Windows\System\NdKDbqh.exe
  2⤵
  PID:7196
- C:\Windows\System\VtWiquM.exe
  C:\Windows\System\VtWiquM.exe
  2⤵
  PID:6408
- C:\Windows\System\BSjrzHX.exe
  C:\Windows\System\BSjrzHX.exe
  2⤵
  PID:4708
- C:\Windows\System\MVnwbAU.exe
  C:\Windows\System\MVnwbAU.exe
  2⤵
  PID:7516
- C:\Windows\System\vJboUzc.exe
  C:\Windows\System\vJboUzc.exe
  2⤵
  PID:7364
- C:\Windows\System\oKgiZRt.exe
  C:\Windows\System\oKgiZRt.exe
  2⤵
  PID:7484
- C:\Windows\System\MoaCLRE.exe
  C:\Windows\System\MoaCLRE.exe
  2⤵
  PID:7640
- C:\Windows\System\FTWtgYa.exe
  C:\Windows\System\FTWtgYa.exe
  2⤵
  PID:6812
- C:\Windows\System\DVokBOw.exe
  C:\Windows\System\DVokBOw.exe
  2⤵
  PID:3136
- C:\Windows\System\SzgmRfS.exe
  C:\Windows\System\SzgmRfS.exe
  2⤵
  PID:7504
- C:\Windows\System\MDMyeBA.exe
  C:\Windows\System\MDMyeBA.exe
  2⤵
  PID:7252
- C:\Windows\System\TQatsOg.exe
  C:\Windows\System\TQatsOg.exe
  2⤵
  PID:7584
- C:\Windows\System\DdgArfG.exe
  C:\Windows\System\DdgArfG.exe
  2⤵
  PID:7404
- C:\Windows\System\hInaUDV.exe
  C:\Windows\System\hInaUDV.exe
  2⤵
  PID:8104
- C:\Windows\System\UJJpLAv.exe
  C:\Windows\System\UJJpLAv.exe
  2⤵
  PID:5780
- C:\Windows\System\TEVaswi.exe
  C:\Windows\System\TEVaswi.exe
  2⤵
  PID:7276
- C:\Windows\System\ThyvOeQ.exe
  C:\Windows\System\ThyvOeQ.exe
  2⤵
  PID:7704
- C:\Windows\System\yUWAKQX.exe
  C:\Windows\System\yUWAKQX.exe
  2⤵
  PID:7528
- C:\Windows\System\SNryXZk.exe
  C:\Windows\System\SNryXZk.exe
  2⤵
  PID:7796
- C:\Windows\System\PXTRmbH.exe
  C:\Windows\System\PXTRmbH.exe
  2⤵
  PID:7868
- C:\Windows\System\jjgjURN.exe
  C:\Windows\System\jjgjURN.exe
  2⤵
  PID:7780
- C:\Windows\System\pOsovHh.exe
  C:\Windows\System\pOsovHh.exe
  2⤵
  PID:7988
- C:\Windows\System\PQlRSIU.exe
  C:\Windows\System\PQlRSIU.exe
  2⤵
  PID:7940
- C:\Windows\System\ENgqgcl.exe
  C:\Windows\System\ENgqgcl.exe
  2⤵
  PID:8060
- C:\Windows\System\oFqqkSG.exe
  C:\Windows\System\oFqqkSG.exe
  2⤵
  PID:6632
- C:\Windows\System\QQuCjhh.exe
  C:\Windows\System\QQuCjhh.exe
  2⤵
  PID:7132
- C:\Windows\System\htbqRdk.exe
  C:\Windows\System\htbqRdk.exe
  2⤵
  PID:3128
- C:\Windows\System\oSomeTB.exe
  C:\Windows\System\oSomeTB.exe
  2⤵
  PID:6268
- C:\Windows\System\WkkHRNR.exe
  C:\Windows\System\WkkHRNR.exe
  2⤵
  PID:2980
- C:\Windows\System\DBleQLM.exe
  C:\Windows\System\DBleQLM.exe
  2⤵
  PID:2880
- C:\Windows\System\hHMRvmu.exe
  C:\Windows\System\hHMRvmu.exe
  2⤵
  PID:2936
- C:\Windows\System\msVxztn.exe
  C:\Windows\System\msVxztn.exe
  2⤵
  PID:7676
- C:\Windows\System\pwJTlwf.exe
  C:\Windows\System\pwJTlwf.exe
  2⤵
  PID:7652
- C:\Windows\System\EGTuMtR.exe
  C:\Windows\System\EGTuMtR.exe
  2⤵
  PID:6996
- C:\Windows\System\aZwTDDw.exe
  C:\Windows\System\aZwTDDw.exe
  2⤵
  PID:7312
- C:\Windows\System\LoLRsAP.exe
  C:\Windows\System\LoLRsAP.exe
  2⤵
  PID:8160
- C:\Windows\System\GpVESBv.exe
  C:\Windows\System\GpVESBv.exe
  2⤵
  PID:7412
- C:\Windows\System\KnauCto.exe
  C:\Windows\System\KnauCto.exe
  2⤵
  PID:4228
- C:\Windows\System\dstWYAY.exe
  C:\Windows\System\dstWYAY.exe
  2⤵
  PID:8024
- C:\Windows\System\DWQOJYC.exe
  C:\Windows\System\DWQOJYC.exe
  2⤵
  PID:7468
- C:\Windows\System\NABEOVP.exe
  C:\Windows\System\NABEOVP.exe
  2⤵
  PID:7776
- C:\Windows\System\dCSZrIZ.exe
  C:\Windows\System\dCSZrIZ.exe
  2⤵
  PID:7892
- C:\Windows\System\RHTycYq.exe
  C:\Windows\System\RHTycYq.exe
  2⤵
  PID:5940
- C:\Windows\System\RXWtywb.exe
  C:\Windows\System\RXWtywb.exe
  2⤵
  PID:7232
- C:\Windows\System\FZuzlSj.exe
  C:\Windows\System\FZuzlSj.exe
  2⤵
  PID:7792
- C:\Windows\System\OBQTNCx.exe
  C:\Windows\System\OBQTNCx.exe
  2⤵
  PID:7908
- C:\Windows\System\tQlkdaJ.exe
  C:\Windows\System\tQlkdaJ.exe
  2⤵
  PID:7992
- C:\Windows\System\eDbNZHu.exe
  C:\Windows\System\eDbNZHu.exe
  2⤵
  PID:8068
- C:\Windows\System\jBefkwy.exe
  C:\Windows\System\jBefkwy.exe
  2⤵
  PID:6608
- C:\Windows\System\ShAtZGA.exe
  C:\Windows\System\ShAtZGA.exe
  2⤵
  PID:3104
- C:\Windows\System\OZaWEVd.exe
  C:\Windows\System\OZaWEVd.exe
  2⤵
  PID:2948
- C:\Windows\System\lEvcGld.exe
  C:\Windows\System\lEvcGld.exe
  2⤵
  PID:7368
- C:\Windows\System\DYSdQjb.exe
  C:\Windows\System\DYSdQjb.exe
  2⤵
  PID:1648
- C:\Windows\System\akWsvol.exe
  C:\Windows\System\akWsvol.exe
  2⤵
  PID:8120
- C:\Windows\System\qVirmvN.exe
  C:\Windows\System\qVirmvN.exe
  2⤵
  PID:1712
- C:\Windows\System\OCxFQlG.exe
  C:\Windows\System\OCxFQlG.exe
  2⤵
  PID:2088
- C:\Windows\System\xGzkxrI.exe
  C:\Windows\System\xGzkxrI.exe
  2⤵
  PID:7464
- C:\Windows\System\jrMratj.exe
  C:\Windows\System\jrMratj.exe
  2⤵
  PID:2568
- C:\Windows\System\EHNmCBc.exe
  C:\Windows\System\EHNmCBc.exe
  2⤵
  PID:3312
- C:\Windows\System\wLvmITJ.exe
  C:\Windows\System\wLvmITJ.exe
  2⤵
  PID:2156
- C:\Windows\System\ziwwSMO.exe
  C:\Windows\System\ziwwSMO.exe
  2⤵
  PID:2556
- C:\Windows\System\PaiaRUa.exe
  C:\Windows\System\PaiaRUa.exe
  2⤵
  PID:8184
- C:\Windows\System\FkvSHid.exe
  C:\Windows\System\FkvSHid.exe
  2⤵
  PID:2404
- C:\Windows\System\AmBxHzw.exe
  C:\Windows\System\AmBxHzw.exe
  2⤵
  PID:2108
- C:\Windows\System\kwyidqk.exe
  C:\Windows\System\kwyidqk.exe
  2⤵
  PID:2496
- C:\Windows\System\GjXQaoS.exe
  C:\Windows\System\GjXQaoS.exe
  2⤵
  PID:6464
- C:\Windows\System\zTVddNd.exe
  C:\Windows\System\zTVddNd.exe
  2⤵
  PID:6692
- C:\Windows\System\AbjISjn.exe
  C:\Windows\System\AbjISjn.exe
  2⤵
  PID:7972
- C:\Windows\System\RtrcZTS.exe
  C:\Windows\System\RtrcZTS.exe
  2⤵
  PID:7240
- C:\Windows\System\WfFUhIT.exe
  C:\Windows\System\WfFUhIT.exe
  2⤵
  PID:7588
- C:\Windows\System\HfcSXpl.exe
  C:\Windows\System\HfcSXpl.exe
  2⤵
  PID:8208
- C:\Windows\System\zYkzkRP.exe
  C:\Windows\System\zYkzkRP.exe
  2⤵
  PID:8224
- C:\Windows\System\EHiaKru.exe
  C:\Windows\System\EHiaKru.exe
  2⤵
  PID:8240
- C:\Windows\System\ZCEhvRm.exe
  C:\Windows\System\ZCEhvRm.exe
  2⤵
  PID:8256
- C:\Windows\System\jLWLspx.exe
  C:\Windows\System\jLWLspx.exe
  2⤵
  PID:8272
- C:\Windows\System\MlWdwAC.exe
  C:\Windows\System\MlWdwAC.exe
  2⤵
  PID:8288
- C:\Windows\System\wnkFDLr.exe
  C:\Windows\System\wnkFDLr.exe
  2⤵
  PID:8304
- C:\Windows\System\pLmjWrX.exe
  C:\Windows\System\pLmjWrX.exe
  2⤵
  PID:8320
- C:\Windows\System\RBPWZJq.exe
  C:\Windows\System\RBPWZJq.exe
  2⤵
  PID:8336
- C:\Windows\System\ROEEHen.exe
  C:\Windows\System\ROEEHen.exe
  2⤵
  PID:8352
- C:\Windows\System\gUiETkQ.exe
  C:\Windows\System\gUiETkQ.exe
  2⤵
  PID:8368
- C:\Windows\System\MDfGXVK.exe
  C:\Windows\System\MDfGXVK.exe
  2⤵
  PID:8384
- C:\Windows\System\layxTlh.exe
  C:\Windows\System\layxTlh.exe
  2⤵
  PID:8400
- C:\Windows\System\oYDmSky.exe
  C:\Windows\System\oYDmSky.exe
  2⤵
  PID:8416
- C:\Windows\System\RAzVGAL.exe
  C:\Windows\System\RAzVGAL.exe
  2⤵
  PID:8432
- C:\Windows\System\CvrBrxV.exe
  C:\Windows\System\CvrBrxV.exe
  2⤵
  PID:8448
- C:\Windows\System\xCKQGVA.exe
  C:\Windows\System\xCKQGVA.exe
  2⤵
  PID:8464
- C:\Windows\System\QEWbFNn.exe
  C:\Windows\System\QEWbFNn.exe
  2⤵
  PID:8480
- C:\Windows\System\GtzKSsI.exe
  C:\Windows\System\GtzKSsI.exe
  2⤵
  PID:8496
- C:\Windows\System\JiEBnjb.exe
  C:\Windows\System\JiEBnjb.exe
  2⤵
  PID:8512
- C:\Windows\System\iiWPvNr.exe
  C:\Windows\System\iiWPvNr.exe
  2⤵
  PID:8528
- C:\Windows\System\dwXOdJy.exe
  C:\Windows\System\dwXOdJy.exe
  2⤵
  PID:8544
- C:\Windows\System\SqtNFHA.exe
  C:\Windows\System\SqtNFHA.exe
  2⤵
  PID:8560
- C:\Windows\System\HVefXjV.exe
  C:\Windows\System\HVefXjV.exe
  2⤵
  PID:8576
- C:\Windows\System\CfRFpSZ.exe
  C:\Windows\System\CfRFpSZ.exe
  2⤵
  PID:8592
- C:\Windows\System\ELDKLSY.exe
  C:\Windows\System\ELDKLSY.exe
  2⤵
  PID:8608
- C:\Windows\System\RNdxRmS.exe
  C:\Windows\System\RNdxRmS.exe
  2⤵
  PID:8624
- C:\Windows\System\kAatIBb.exe
  C:\Windows\System\kAatIBb.exe
  2⤵
  PID:8640
- C:\Windows\System\xAlTXAj.exe
  C:\Windows\System\xAlTXAj.exe
  2⤵
  PID:8656
- C:\Windows\System\zdQhONd.exe
  C:\Windows\System\zdQhONd.exe
  2⤵
  PID:8672
- C:\Windows\System\CMFjqMu.exe
  C:\Windows\System\CMFjqMu.exe
  2⤵
  PID:8688
- C:\Windows\System\ADJADpg.exe
  C:\Windows\System\ADJADpg.exe
  2⤵
  PID:8704
- C:\Windows\System\sztnUiw.exe
  C:\Windows\System\sztnUiw.exe
  2⤵
  PID:8720
- C:\Windows\System\BIJxJrW.exe
  C:\Windows\System\BIJxJrW.exe
  2⤵
  PID:8736
- C:\Windows\System\sxrLfXD.exe
  C:\Windows\System\sxrLfXD.exe
  2⤵
  PID:8752
- C:\Windows\System\yADfkWX.exe
  C:\Windows\System\yADfkWX.exe
  2⤵
  PID:8768
- C:\Windows\System\yPirytm.exe
  C:\Windows\System\yPirytm.exe
  2⤵
  PID:8784
- C:\Windows\System\fGyeTBZ.exe
  C:\Windows\System\fGyeTBZ.exe
  2⤵
  PID:8800
- C:\Windows\System\SMwFqga.exe
  C:\Windows\System\SMwFqga.exe
  2⤵
  PID:8816
- C:\Windows\System\bpSPWMX.exe
  C:\Windows\System\bpSPWMX.exe
  2⤵
  PID:8836
- C:\Windows\System\gKvQmyC.exe
  C:\Windows\System\gKvQmyC.exe
  2⤵
  PID:8860
- C:\Windows\System\OvCTPUw.exe
  C:\Windows\System\OvCTPUw.exe
  2⤵
  PID:8876
- C:\Windows\System\cOKrWxa.exe
  C:\Windows\System\cOKrWxa.exe
  2⤵
  PID:8892
- C:\Windows\System\UwbMfVJ.exe
  C:\Windows\System\UwbMfVJ.exe
  2⤵
  PID:8912
- C:\Windows\System\bbIExMS.exe
  C:\Windows\System\bbIExMS.exe
  2⤵
  PID:8928
- C:\Windows\System\WBMtirb.exe
  C:\Windows\System\WBMtirb.exe
  2⤵
  PID:8948
- C:\Windows\System\XnmbEBy.exe
  C:\Windows\System\XnmbEBy.exe
  2⤵
  PID:8964
- C:\Windows\System\KROVjPk.exe
  C:\Windows\System\KROVjPk.exe
  2⤵
  PID:8980
- C:\Windows\System\kDliWqI.exe
  C:\Windows\System\kDliWqI.exe
  2⤵
  PID:8996
- C:\Windows\System\tZWECIX.exe
  C:\Windows\System\tZWECIX.exe
  2⤵
  PID:9012
- C:\Windows\System\RmZkTGE.exe
  C:\Windows\System\RmZkTGE.exe
  2⤵
  PID:9028
- C:\Windows\System\pUCZtcO.exe
  C:\Windows\System\pUCZtcO.exe
  2⤵
  PID:9044
- C:\Windows\System\sjGTPhN.exe
  C:\Windows\System\sjGTPhN.exe
  2⤵
  PID:9060
- C:\Windows\System\BjtIxvZ.exe
  C:\Windows\System\BjtIxvZ.exe
  2⤵
  PID:9212
- C:\Windows\System\yIUjiXo.exe
  C:\Windows\System\yIUjiXo.exe
  2⤵
  PID:2824
- C:\Windows\System\gUmiiHc.exe
  C:\Windows\System\gUmiiHc.exe
  2⤵
  PID:7956
- C:\Windows\System\cbgAZxl.exe
  C:\Windows\System\cbgAZxl.exe
  2⤵
  PID:8036
- C:\Windows\System\cPYVmbO.exe
  C:\Windows\System\cPYVmbO.exe
  2⤵
  PID:8204
- C:\Windows\System\MOteYXT.exe
  C:\Windows\System\MOteYXT.exe
  2⤵
  PID:8252
- C:\Windows\System\fGgNLwH.exe
  C:\Windows\System\fGgNLwH.exe
  2⤵
  PID:8268
- C:\Windows\System\zrNCeJl.exe
  C:\Windows\System\zrNCeJl.exe
  2⤵
  PID:8300
- C:\Windows\System\DUGkpYX.exe
  C:\Windows\System\DUGkpYX.exe
  2⤵
  PID:8348
- C:\Windows\System\fTzKEVz.exe
  C:\Windows\System\fTzKEVz.exe
  2⤵
  PID:8364
- C:\Windows\System\veJumQO.exe
  C:\Windows\System\veJumQO.exe
  2⤵
  PID:2832
- C:\Windows\System\CSjpUkF.exe
  C:\Windows\System\CSjpUkF.exe
  2⤵
  PID:8396
- C:\Windows\System\BLnsxOr.exe
  C:\Windows\System\BLnsxOr.exe
  2⤵
  PID:8444
- C:\Windows\System\WPCdOph.exe
  C:\Windows\System\WPCdOph.exe
  2⤵
  PID:2964
- C:\Windows\System\sLhJzvg.exe
  C:\Windows\System\sLhJzvg.exe
  2⤵
  PID:8488
- C:\Windows\System\zinwyLn.exe
  C:\Windows\System\zinwyLn.exe
  2⤵
  PID:8520
- C:\Windows\System\fdRxXzM.exe
  C:\Windows\System\fdRxXzM.exe
  2⤵
  PID:8552
- C:\Windows\System\QmoMAPy.exe
  C:\Windows\System\QmoMAPy.exe
  2⤵
  PID:8604
- C:\Windows\System\wNnddde.exe
  C:\Windows\System\wNnddde.exe
  2⤵
  PID:8636
- C:\Windows\System\KyiZtdY.exe
  C:\Windows\System\KyiZtdY.exe
  2⤵
  PID:8652
- C:\Windows\System\XSAlZfe.exe
  C:\Windows\System\XSAlZfe.exe
  2⤵
  PID:8700
- C:\Windows\System\RmySjLY.exe
  C:\Windows\System\RmySjLY.exe
  2⤵
  PID:8764
- C:\Windows\System\dgVqNpz.exe
  C:\Windows\System\dgVqNpz.exe
  2⤵
  PID:8796
- C:\Windows\System\OyfNiPh.exe
  C:\Windows\System\OyfNiPh.exe
  2⤵
  PID:2976
- C:\Windows\System\XEZrCOK.exe
  C:\Windows\System\XEZrCOK.exe
  2⤵
  PID:8808
- C:\Windows\System\TeaCZBo.exe
  C:\Windows\System\TeaCZBo.exe
  2⤵
  PID:8748
- C:\Windows\System\lIMWWxe.exe
  C:\Windows\System\lIMWWxe.exe
  2⤵
  PID:8844
- C:\Windows\System\eBzkqOT.exe
  C:\Windows\System\eBzkqOT.exe
  2⤵
  PID:2692
- C:\Windows\System\ODlXIqr.exe
  C:\Windows\System\ODlXIqr.exe
  2⤵
  PID:8960
- C:\Windows\System\AUbSLQL.exe
  C:\Windows\System\AUbSLQL.exe
  2⤵
  PID:2752
- C:\Windows\System\BtmnaiX.exe
  C:\Windows\System\BtmnaiX.exe
  2⤵
  PID:8908
- C:\Windows\System\xuZDMZP.exe
  C:\Windows\System\xuZDMZP.exe
  2⤵
  PID:2860
- C:\Windows\System\nGhukgz.exe
  C:\Windows\System\nGhukgz.exe
  2⤵
  PID:9024
- C:\Windows\System\NwUZBUW.exe
  C:\Windows\System\NwUZBUW.exe
  2⤵
  PID:8976
- C:\Windows\System\RZatBJX.exe
  C:\Windows\System\RZatBJX.exe
  2⤵
  PID:9068
- C:\Windows\System\bQfPuEm.exe
  C:\Windows\System\bQfPuEm.exe
  2⤵
  PID:9080
- C:\Windows\System\WHKVdyv.exe
  C:\Windows\System\WHKVdyv.exe
  2⤵
  PID:9100
- C:\Windows\System\utDmZaC.exe
  C:\Windows\System\utDmZaC.exe
  2⤵
  PID:9108
- C:\Windows\System\BsKvqLi.exe
  C:\Windows\System\BsKvqLi.exe
  2⤵
  PID:9132
- C:\Windows\System\ZhdyiGT.exe
  C:\Windows\System\ZhdyiGT.exe
  2⤵
  PID:7104
- C:\Windows\System\oONlByP.exe
  C:\Windows\System\oONlByP.exe
  2⤵
  PID:9156
- C:\Windows\System\iIOAsSZ.exe
  C:\Windows\System\iIOAsSZ.exe
  2⤵
  PID:9168
- C:\Windows\System\jyxuHNt.exe
  C:\Windows\System\jyxuHNt.exe
  2⤵
  PID:9184
- C:\Windows\System\anGbbDE.exe
  C:\Windows\System\anGbbDE.exe
  2⤵
  PID:9200
- C:\Windows\System\zrGrTip.exe
  C:\Windows\System\zrGrTip.exe
  2⤵
  PID:2092
- C:\Windows\System\tVtCbyE.exe
  C:\Windows\System\tVtCbyE.exe
  2⤵
  PID:1792
- C:\Windows\System\mTQfTLX.exe
  C:\Windows\System\mTQfTLX.exe
  2⤵
  PID:6868
- C:\Windows\System\ZpkcArK.exe
  C:\Windows\System\ZpkcArK.exe
  2⤵
  PID:9208
- C:\Windows\System\vbkUsGj.exe
  C:\Windows\System\vbkUsGj.exe
  2⤵
  PID:6852
- C:\Windows\System\qIHtYFV.exe
  C:\Windows\System\qIHtYFV.exe
  2⤵
  PID:2996
- C:\Windows\System\aVCGKMm.exe
  C:\Windows\System\aVCGKMm.exe
  2⤵
  PID:8312
- C:\Windows\System\fJjTwFl.exe
  C:\Windows\System\fJjTwFl.exe
  2⤵
  PID:8456
- C:\Windows\System\ZKjanhh.exe
  C:\Windows\System\ZKjanhh.exe
  2⤵
  PID:2104
- C:\Windows\System\nplfcii.exe
  C:\Windows\System\nplfcii.exe
  2⤵
  PID:8280
- C:\Windows\System\tpPlmvi.exe
  C:\Windows\System\tpPlmvi.exe
  2⤵
  PID:8392
- C:\Windows\System\VFQhOpz.exe
  C:\Windows\System\VFQhOpz.exe
  2⤵
  PID:8476
- C:\Windows\System\DkQqBuZ.exe
  C:\Windows\System\DkQqBuZ.exe
  2⤵
  PID:8588
- C:\Windows\System\KkBHevU.exe
  C:\Windows\System\KkBHevU.exe
  2⤵
  PID:8556
- C:\Windows\System\vZALRfr.exe
  C:\Windows\System\vZALRfr.exe
  2⤵
  PID:8684
- C:\Windows\System\BjUgblS.exe
  C:\Windows\System\BjUgblS.exe
  2⤵
  PID:1848
- C:\Windows\System\guzNiyX.exe
  C:\Windows\System\guzNiyX.exe
  2⤵
  PID:8716
- C:\Windows\System\nhSEYGG.exe
  C:\Windows\System\nhSEYGG.exe
  2⤵
  PID:6872
- C:\Windows\System\AFciSJD.exe
  C:\Windows\System\AFciSJD.exe
  2⤵
  PID:8856
- C:\Windows\System\FyybUyY.exe
  C:\Windows\System\FyybUyY.exe
  2⤵
  PID:8936
- C:\Windows\System\oGOOGhb.exe
  C:\Windows\System\oGOOGhb.exe
  2⤵
  PID:6940
- C:\Windows\System\pWpYPay.exe
  C:\Windows\System\pWpYPay.exe
  2⤵
  PID:9076
- C:\Windows\System\ipVhaLu.exe
  C:\Windows\System\ipVhaLu.exe
  2⤵
  PID:9144
- C:\Windows\System\mzWJEvs.exe
  C:\Windows\System\mzWJEvs.exe
  2⤵
  PID:9008
- C:\Windows\System\bKTfavS.exe
  C:\Windows\System\bKTfavS.exe
  2⤵
  PID:9164
- C:\Windows\System\KYymOYv.exe
  C:\Windows\System\KYymOYv.exe
  2⤵
  PID:1520
- C:\Windows\System\nCefGwu.exe
  C:\Windows\System\nCefGwu.exe
  2⤵
  PID:2592
- C:\Windows\System\EbBzPVB.exe
  C:\Windows\System\EbBzPVB.exe
  2⤵
  PID:9148
- C:\Windows\System\XAowPik.exe
  C:\Windows\System\XAowPik.exe
  2⤵
  PID:8180
- C:\Windows\System\JSRWhfv.exe
  C:\Windows\System\JSRWhfv.exe
  2⤵
  PID:6848
- C:\Windows\System\FdPkRBJ.exe
  C:\Windows\System\FdPkRBJ.exe
  2⤵
  PID:8380
- C:\Windows\System\gvPKfCk.exe
  C:\Windows\System\gvPKfCk.exe
  2⤵
  PID:2804
- C:\Windows\System\rSGWImR.exe
  C:\Windows\System\rSGWImR.exe
  2⤵
  PID:8832
- C:\Windows\System\SflJGsZ.exe
  C:\Windows\System\SflJGsZ.exe
  2⤵
  PID:9092
- C:\Windows\System\aMXJQTt.exe
  C:\Windows\System\aMXJQTt.exe
  2⤵
  PID:9140
- C:\Windows\System\lEaiMRu.exe
  C:\Windows\System\lEaiMRu.exe
  2⤵
  PID:8852
- C:\Windows\System\fAOZWbn.exe
  C:\Windows\System\fAOZWbn.exe
  2⤵
  PID:9204
- C:\Windows\System\rSddPpA.exe
  C:\Windows\System\rSddPpA.exe
  2⤵
  PID:8232
- C:\Windows\System\sKzCPDN.exe
  C:\Windows\System\sKzCPDN.exe
  2⤵
  PID:8568
- C:\Windows\System\XMViPUV.exe
  C:\Windows\System\XMViPUV.exe
  2⤵
  PID:8828
- C:\Windows\System\oiBHTns.exe
  C:\Windows\System\oiBHTns.exe
  2⤵
  PID:8428
- C:\Windows\System\hvgQPHN.exe
  C:\Windows\System\hvgQPHN.exe
  2⤵
  PID:8888
- C:\Windows\System\CljkWtv.exe
  C:\Windows\System\CljkWtv.exe
  2⤵
  PID:6844
- C:\Windows\System\hxXIJar.exe
  C:\Windows\System\hxXIJar.exe
  2⤵
  PID:9056
- C:\Windows\System\HTiltSv.exe
  C:\Windows\System\HTiltSv.exe
  2⤵
  PID:9096
- C:\Windows\System\AFvtmSv.exe
  C:\Windows\System\AFvtmSv.exe
  2⤵
  PID:9128
- C:\Windows\System\BIvntpj.exe
  C:\Windows\System\BIvntpj.exe
  2⤵
  PID:620
- C:\Windows\System\PdleFmM.exe
  C:\Windows\System\PdleFmM.exe
  2⤵
  PID:8824
- C:\Windows\System\pAsuUCC.exe
  C:\Windows\System\pAsuUCC.exe
  2⤵
  PID:8536
- C:\Windows\System\VLtGowf.exe
  C:\Windows\System\VLtGowf.exe
  2⤵
  PID:8296
- C:\Windows\System\NMxaJPm.exe
  C:\Windows\System\NMxaJPm.exe
  2⤵
  PID:9340
- C:\Windows\System\lhaHIDo.exe
  C:\Windows\System\lhaHIDo.exe
  2⤵
  PID:9456
- C:\Windows\System\rrdlrRt.exe
  C:\Windows\System\rrdlrRt.exe
  2⤵
  PID:9476
- C:\Windows\System\APbMAZf.exe
  C:\Windows\System\APbMAZf.exe
  2⤵
  PID:9504
- C:\Windows\System\wnUWzbh.exe
  C:\Windows\System\wnUWzbh.exe
  2⤵
  PID:9520
- C:\Windows\System\LmSDYGX.exe
  C:\Windows\System\LmSDYGX.exe
  2⤵
  PID:9684
- C:\Windows\System\bcSicVQ.exe
  C:\Windows\System\bcSicVQ.exe
  2⤵
  PID:9704
- C:\Windows\System\VgvUpuy.exe
  C:\Windows\System\VgvUpuy.exe
  2⤵
  PID:9720
- C:\Windows\System\pJmaKgt.exe
  C:\Windows\System\pJmaKgt.exe
  2⤵
  PID:9736
- C:\Windows\System\EqwultD.exe
  C:\Windows\System\EqwultD.exe
  2⤵
  PID:9752
- C:\Windows\System\vOrVjxF.exe
  C:\Windows\System\vOrVjxF.exe
  2⤵
  PID:9796
- C:\Windows\System\ZNLoTcy.exe
  C:\Windows\System\ZNLoTcy.exe
  2⤵
  PID:9820
- C:\Windows\System\kYdISLz.exe
  C:\Windows\System\kYdISLz.exe
  2⤵
  PID:9836
- C:\Windows\System\MZQlffF.exe
  C:\Windows\System\MZQlffF.exe
  2⤵
  PID:9856
- C:\Windows\System\kkbufEP.exe
  C:\Windows\System\kkbufEP.exe
  2⤵
  PID:9884
- C:\Windows\System\cIpJrGO.exe
  C:\Windows\System\cIpJrGO.exe
  2⤵
  PID:9900
- C:\Windows\System\SLCdDXB.exe
  C:\Windows\System\SLCdDXB.exe
  2⤵
  PID:9916
- C:\Windows\System\aHFVyej.exe
  C:\Windows\System\aHFVyej.exe
  2⤵
  PID:9960
- C:\Windows\System\MYFWZoG.exe
  C:\Windows\System\MYFWZoG.exe
  2⤵
  PID:9984
- C:\Windows\System\VwuzkVO.exe
  C:\Windows\System\VwuzkVO.exe
  2⤵
  PID:10008
- C:\Windows\System\HLtKypZ.exe
  C:\Windows\System\HLtKypZ.exe
  2⤵
  PID:10024
- C:\Windows\System\ZaCDNMn.exe
  C:\Windows\System\ZaCDNMn.exe
  2⤵
  PID:10092
- C:\Windows\System\MVkkJNk.exe
  C:\Windows\System\MVkkJNk.exe
  2⤵
  PID:10108
- C:\Windows\System\zsunGBz.exe
  C:\Windows\System\zsunGBz.exe
  2⤵
  PID:10156
- C:\Windows\System\iDcsvwV.exe
  C:\Windows\System\iDcsvwV.exe
  2⤵
  PID:10188
- C:\Windows\System\EikrHeQ.exe
  C:\Windows\System\EikrHeQ.exe
  2⤵
  PID:2916
- C:\Windows\System\unnvsGM.exe
  C:\Windows\System\unnvsGM.exe
  2⤵
  PID:9248
- C:\Windows\System\iVmdKPB.exe
  C:\Windows\System\iVmdKPB.exe
  2⤵
  PID:9264
- C:\Windows\System\motgATb.exe
  C:\Windows\System\motgATb.exe
  2⤵
  PID:9284
- C:\Windows\System\azonDvG.exe
  C:\Windows\System\azonDvG.exe
  2⤵
  PID:1804
- C:\Windows\System\mfhcfkx.exe
  C:\Windows\System\mfhcfkx.exe
  2⤵
  PID:9328
- C:\Windows\System\qeeRxDU.exe
  C:\Windows\System\qeeRxDU.exe
  2⤵
  PID:9360
- C:\Windows\System\WLEYkyn.exe
  C:\Windows\System\WLEYkyn.exe
  2⤵
  PID:9376
- C:\Windows\System\gZMzkMT.exe
  C:\Windows\System\gZMzkMT.exe
  2⤵
  PID:9396
- C:\Windows\System\ZglwXEN.exe
  C:\Windows\System\ZglwXEN.exe
  2⤵
  PID:9420
- C:\Windows\System\EPOwSgN.exe
  C:\Windows\System\EPOwSgN.exe
  2⤵
  PID:9432
- C:\Windows\System\CNfxSFE.exe
  C:\Windows\System\CNfxSFE.exe
  2⤵
  PID:9464
- C:\Windows\System\dMVYtRC.exe
  C:\Windows\System\dMVYtRC.exe
  2⤵
  PID:9484
- C:\Windows\System\eRTTYNl.exe
  C:\Windows\System\eRTTYNl.exe
  2⤵
  PID:9516
- C:\Windows\System\GsqyPrj.exe
  C:\Windows\System\GsqyPrj.exe
  2⤵
  PID:9528
- C:\Windows\System\SDRAmrr.exe
  C:\Windows\System\SDRAmrr.exe
  2⤵
  PID:9544
- C:\Windows\System\DxThQLC.exe
  C:\Windows\System\DxThQLC.exe
  2⤵
  PID:9560
- C:\Windows\System\VIEQJuZ.exe
  C:\Windows\System\VIEQJuZ.exe
  2⤵
  PID:9576
- C:\Windows\System\aiCFDIF.exe
  C:\Windows\System\aiCFDIF.exe
  2⤵
  PID:9632
- C:\Windows\System\QPjvtLR.exe
  C:\Windows\System\QPjvtLR.exe
  2⤵
  PID:9644
- C:\Windows\System\CBvNEUB.exe
  C:\Windows\System\CBvNEUB.exe
  2⤵
  PID:9668
- C:\Windows\System\gDCvceO.exe
  C:\Windows\System\gDCvceO.exe
  2⤵
  PID:9680
- C:\Windows\System\odmoGdZ.exe
  C:\Windows\System\odmoGdZ.exe
  2⤵
  PID:9700
- C:\Windows\System\AbaiPTl.exe
  C:\Windows\System\AbaiPTl.exe
  2⤵
  PID:9748
- C:\Windows\System\UlgjFcB.exe
  C:\Windows\System\UlgjFcB.exe
  2⤵
  PID:9784
- C:\Windows\System\xqHRcEe.exe
  C:\Windows\System\xqHRcEe.exe
  2⤵
  PID:9828
- C:\Windows\System\XbecsTQ.exe
  C:\Windows\System\XbecsTQ.exe
  2⤵
  PID:9872
- C:\Windows\System\NGZIwbo.exe
  C:\Windows\System\NGZIwbo.exe
  2⤵
  PID:9876
- C:\Windows\System\zXVOWuk.exe
  C:\Windows\System\zXVOWuk.exe
  2⤵
  PID:9924
- C:\Windows\System\JAaQouV.exe
  C:\Windows\System\JAaQouV.exe
  2⤵
  PID:9948
- C:\Windows\System\qIcuGRO.exe
  C:\Windows\System\qIcuGRO.exe
  2⤵
  PID:9976
- C:\Windows\System\bYiEIMV.exe
  C:\Windows\System\bYiEIMV.exe
  2⤵
  PID:9996
- C:\Windows\System\GjuwgFI.exe
  C:\Windows\System\GjuwgFI.exe
  2⤵
  PID:10036
- C:\Windows\System\ZBGinOc.exe
  C:\Windows\System\ZBGinOc.exe
  2⤵
  PID:10072
- C:\Windows\System\OhjCNSB.exe
  C:\Windows\System\OhjCNSB.exe
  2⤵
  PID:10064
- C:\Windows\System\feCVbmN.exe
  C:\Windows\System\feCVbmN.exe
  2⤵
  PID:10080
- C:\Windows\System\MiXjRis.exe
  C:\Windows\System\MiXjRis.exe
  2⤵
  PID:10132
- C:\Windows\System\zDAuaBk.exe
  C:\Windows\System\zDAuaBk.exe
  2⤵
  PID:10196
- C:\Windows\System\PAerhGX.exe
  C:\Windows\System\PAerhGX.exe
  2⤵
  PID:10200
- C:\Windows\System\VBZwnHn.exe
  C:\Windows\System\VBZwnHn.exe
  2⤵
  PID:10236
- C:\Windows\System\buenNCR.exe
  C:\Windows\System\buenNCR.exe
  2⤵
  PID:10216
- C:\Windows\System\xPkBpew.exe
  C:\Windows\System\xPkBpew.exe
  2⤵
  PID:8904
- C:\Windows\System\aEzAAwu.exe
  C:\Windows\System\aEzAAwu.exe
  2⤵
  PID:2852
- C:\Windows\System\RxhIRfo.exe
  C:\Windows\System\RxhIRfo.exe
  2⤵
  PID:8264
- C:\Windows\System\juddDPa.exe
  C:\Windows\System\juddDPa.exe
  2⤵
  PID:9232
- C:\Windows\System\keKBZPE.exe
  C:\Windows\System\keKBZPE.exe
  2⤵
  PID:2796
- C:\Windows\System\BmiGUou.exe
  C:\Windows\System\BmiGUou.exe
  2⤵
  PID:9292
- C:\Windows\System\czbwfhO.exe
  C:\Windows\System\czbwfhO.exe
  2⤵
  PID:9312
- C:\Windows\System\PKldHBR.exe
  C:\Windows\System\PKldHBR.exe
  2⤵
  PID:8664
- C:\Windows\System\UNRFMpl.exe
  C:\Windows\System\UNRFMpl.exe
  2⤵
  PID:9392
- C:\Windows\System\MQdpQVt.exe
  C:\Windows\System\MQdpQVt.exe
  2⤵
  PID:9404
- C:\Windows\System\SWPvlep.exe
  C:\Windows\System\SWPvlep.exe
  2⤵
  PID:9428
- C:\Windows\System\GrTJIai.exe
  C:\Windows\System\GrTJIai.exe
  2⤵
  PID:9552
- C:\Windows\System\lxaYoQH.exe
  C:\Windows\System\lxaYoQH.exe
  2⤵
  PID:9600
- C:\Windows\System\ZiwlbPl.exe
  C:\Windows\System\ZiwlbPl.exe
  2⤵
  PID:9572
- C:\Windows\System\WMlWAiy.exe
  C:\Windows\System\WMlWAiy.exe
  2⤵
  PID:9612
- C:\Windows\System\Yvcbryw.exe
  C:\Windows\System\Yvcbryw.exe
  2⤵
  PID:9628
- C:\Windows\System\Pbcktse.exe
  C:\Windows\System\Pbcktse.exe
  2⤵
  PID:9676
- C:\Windows\System\MuGjpgy.exe
  C:\Windows\System\MuGjpgy.exe
  2⤵
  PID:9864
- C:\Windows\System\dBvlBjW.exe
  C:\Windows\System\dBvlBjW.exe
  2⤵
  PID:9912
- C:\Windows\System\DQzKztc.exe
  C:\Windows\System\DQzKztc.exe
  2⤵
  PID:9712
- C:\Windows\System\vltDgHq.exe
  C:\Windows\System\vltDgHq.exe
  2⤵
  PID:9968
- C:\Windows\System\JCyffhJ.exe
  C:\Windows\System\JCyffhJ.exe
  2⤵
  PID:9992
- C:\Windows\System\GCZdmUT.exe
  C:\Windows\System\GCZdmUT.exe
  2⤵
  PID:9788
- C:\Windows\System\BeGArYr.exe
  C:\Windows\System\BeGArYr.exe
  2⤵
  PID:10056
- C:\Windows\System\rpUUTnf.exe
  C:\Windows\System\rpUUTnf.exe
  2⤵
  PID:10116
- C:\Windows\System\kYrpPOw.exe
  C:\Windows\System\kYrpPOw.exe
  2⤵
  PID:10140
- C:\Windows\System\rexRiBv.exe
  C:\Windows\System\rexRiBv.exe
  2⤵
  PID:9280
- C:\Windows\System\XhZpogB.exe
  C:\Windows\System\XhZpogB.exe
  2⤵
  PID:10232
- C:\Windows\System\Aevupwi.exe
  C:\Windows\System\Aevupwi.exe
  2⤵
  PID:8216
- C:\Windows\System\LvRJlBy.exe
  C:\Windows\System\LvRJlBy.exe
  2⤵
  PID:2524
- C:\Windows\System\HzUlBiu.exe
  C:\Windows\System\HzUlBiu.exe
  2⤵
  PID:9324
- C:\Windows\System\dGJwNTG.exe
  C:\Windows\System\dGJwNTG.exe
  2⤵
  PID:9352
- C:\Windows\System\HewCrnk.exe
  C:\Windows\System\HewCrnk.exe
  2⤵
  PID:9556
- C:\Windows\System\WEEtvpA.exe
  C:\Windows\System\WEEtvpA.exe
  2⤵
  PID:9584
- C:\Windows\System\wIzElrk.exe
  C:\Windows\System\wIzElrk.exe
  2⤵
  PID:9728
- C:\Windows\System\myRVbhu.exe
  C:\Windows\System\myRVbhu.exe
  2⤵
  PID:9636
- C:\Windows\System\FOEZcHW.exe
  C:\Windows\System\FOEZcHW.exe
  2⤵
  PID:9236
- C:\Windows\System\fsoCcIs.exe
  C:\Windows\System\fsoCcIs.exe
  2⤵
  PID:9308
- C:\Windows\System\GmwXRJU.exe
  C:\Windows\System\GmwXRJU.exe
  2⤵
  PID:9844
- C:\Windows\System\cznPMdD.exe
  C:\Windows\System\cznPMdD.exe
  2⤵
  PID:9972
- C:\Windows\System\IWOluCe.exe
  C:\Windows\System\IWOluCe.exe
  2⤵
  PID:10016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BdZeKqO.exe

Filesize
6.0MB

MD5
a988663be8180c368d90a23c06764151

SHA1
5006fc0fecb0044a485b374e91020b8a2817323a

SHA256
01bb2005612b8bf502742341e5b394992be95c6a52c68dcb2ae500cf665dc292

SHA512
a1e06339640ede67ab03de313d64b193c51582ccb1688bd6ce36772006ac76a04610e5eb2c0443b66900c89f51e8cef102ff139d275acbb1bb753ab970215948

Download Submit
C:\Windows\system\EJyUnIR.exe

Filesize
6.0MB

MD5
4a07fefbdff479076d442c317b6fcd1f

SHA1
b5fe7261204802c3d3c2fa8c1c0e9e1dbc5d3520

SHA256
e5e92f5f35d8342f71ad716aae08d27a87420efadea1cbf7022d8eb0e1e9010d

SHA512
da6b2dc9c318bb451a4e97b45e951a070c7ed368eccfab85eee83ffcbadef313bfa55c7302dce57aec2a5fe2adf68c48b70d08e8132baf2e38d20586be97d8c0

Download Submit
C:\Windows\system\EZtOlQL.exe

Filesize
6.0MB

MD5
9597685f5363ede69b9d1f04bd4193c2

SHA1
b436526bdd8e67b82251c29cd006b2c5ab700b28

SHA256
44971d2c54e270b0f748d1f55d16aa4b527e67a7ba2deb6782a2b2f53911ed39

SHA512
ceb18f0306604bd95f367e209476cad51248d9e91c216ccbc1b82550af75dca7bb12a4e461e7ad4090c23ff095c312a6ca3a7fc23a265a4c836fd87fb0ab9699

Download Submit
C:\Windows\system\FyzhPaC.exe

Filesize
6.0MB

MD5
342d25d13de05dfd165e94fa2b06e2f6

SHA1
c7a40308e55f775c7caa2cbc86deeef8f1755e6e

SHA256
d3003d5754a3a3b689a3c26727a37eed44e6c172f8000d75c1f01f0d20509840

SHA512
d73200492cbc0922cbeb01cda4eb66916133aeafdbc49cafe7d1ada54b93a96b94408e907dae0e21cfca11121d1ded0dd92ddd15748921701499877097bc6219

Download Submit
C:\Windows\system\GlmCGOZ.exe

Filesize
6.0MB

MD5
99b91546bbdbbee32242b04bfa23e40f

SHA1
2461650f5910f0e50966c5c0b1c5cafe79b54573

SHA256
5f0b2a47aedb0692ae51eaa1b8f1e3c3ba23579ceba69f365929190c2db65404

SHA512
7aeea49917ca143eb986c887852127e132c2e1210292e85014937b3d36e52f86b959fc60cd9b2ada761f6ecfcab13aff313d6b14f94704b3c435677aec3c025e

Download Submit
C:\Windows\system\JoVHeRO.exe

Filesize
6.0MB

MD5
fb4db9c64c4fbc5d3041393a413fbfc4

SHA1
002025eb03f7c3ce0b3bee6c556d24de0f1091c0

SHA256
3f983a02b72f5c19fc0115b5006fb4f00acdec892ec4e01b7b03f92d6b17c54b

SHA512
e67af5089df67d7f897af302477e22cca330466692b3104f0221d1aa5ba6727cb086fb7526629aceb472b7e00c21c2a703a1fc45358a674e495e9272b8171e9a

Download Submit
C:\Windows\system\KfmZFHN.exe

Filesize
6.0MB

MD5
366795f72ea2dc1d5b7adb79a938622c

SHA1
2fce3da596946ea11c6aa1a86c186bf5ff2eeda8

SHA256
b294562b7508e922ecaa25be4fd9d4367ccd78fcf600ecccfaf19d6572f6325a

SHA512
fe85fe51b7a6fd11ceb45f57e6103f24017aa1ba36bba22653460820c128dabb286d965b940b9aa02c08991d27790e51b0037ffad9a8c6b2b7bb06feee9b03ce

Download Submit
C:\Windows\system\MYZicbS.exe

Filesize
6.0MB

MD5
5f9a51b296246246638268ceb8ceae3d

SHA1
9b4a32801e36340571b918faad9d26f377f2b89e

SHA256
fa40ad052c4057c5115e8ab0f700602ca1f1543cf5bf7297f1d681bbff70b940

SHA512
3d539f800b847945bf7b7b313e128f9b30c68f59f8631105f9cc8679c91d2729bfb51f060712dc59460d479ec44eff1465118f06e8d0ac1d1570e2b8d497c719

Download Submit
C:\Windows\system\MoViqgc.exe

Filesize
6.0MB

MD5
7cc95844b334de090cc0b3d49b93ad68

SHA1
71dcddd77d0768ab484301ff3f9b659b606de32f

SHA256
032ab7d86c7dcfa0891a4d0d4a66fef806cae85cf85519fa1ed165f082acb587

SHA512
ae983ab39d630cc719d40716e424ba90ae3bae138b57fcb3867f7c8dbb22b7e8051ab9922934adc4b8b82f5b30adb0d56b9ff37263e9dfebcd4338d4bc24b66b

Download Submit
C:\Windows\system\OApKtwj.exe

Filesize
6.0MB

MD5
c0ad51196cb933e6e7b5a32d1af8612d

SHA1
9c878845c60f50833009522bfb147c37d0eaca08

SHA256
fdc0b464eecc537d6c2b95c27d2c163546f0f97609b1babdb868ad5796cc52a4

SHA512
c20b80622431d107e33556c2a82c71111ca44002b5ef10d4f4ab3bf6d8331029b321679e5eb81709331ea20b5a0fd243fc9c11a9b168acb12b55a406e770fb74

Download Submit
C:\Windows\system\OFwEsGX.exe

Filesize
6.0MB

MD5
7048977f60786475b6052fe0d06db728

SHA1
526ebf1173183e078ef77687b9660aa3ca5d63f0

SHA256
f15af90b870fe54f1370341a03ffa55bc626e179dd3997057f8dffefa23ed7b4

SHA512
be7acd837ed5cdfe6326296b76216a5116b8eb7e21f854934110ff0b87ca18b070e19f23f8c8133af0731c9b396504450066d6632b153e0aaa3f1566e54a1557

Download Submit
C:\Windows\system\SCfkmQW.exe

Filesize
6.0MB

MD5
61b238ea1d4bb7b0a75e008faaab437e

SHA1
3249e5eab06fb1ae5ff98f18f77a4af0b6b6fc1e

SHA256
661afe6a2029afffdcdf8dc8ee09d0560c3371e8629e2d705313dd8f21e37752

SHA512
de61edcde06742d64028ec69ce1d8b99c182a3643ff47293620c929b60be76e442b947aad91fb3e8de72e15b199100f3533f65432e92df2ebfd5497412b8fc26

Download Submit
C:\Windows\system\VGuZFuj.exe

Filesize
6.0MB

MD5
7bc1612d1f1f24af4a7bf164aa73f666

SHA1
e62d20e454de10a25ef854a49e7125ca215b1e43

SHA256
e204e1f74bc55389760df215be7248a3fc7b9c62dab3de86cbda67cc91729cef

SHA512
f77f7a842254f352878b7d811a4d1ac8c0c0b9978df9a578405c1c4e16cb0f4d4cf053fb574dcf9b12d701a55be74e786ee076fb47abccc29b3a41c388dcdf1d

Download Submit
C:\Windows\system\aWiqZDj.exe

Filesize
6.0MB

MD5
2b336052cdc4fdb273b65328aeec5b01

SHA1
34026c76a1ae02e0427c69baba6dfab597045986

SHA256
f67acaeddd15d9db1d5c2220417b21619e3765c06168d88c2d2655e6237d273a

SHA512
c694d34b83f06a09618b6e34d19afd1663e33c8f08ea20cf7dbc645e98284568406b7841693828491723d64a761d51e9f1e62882bad9b95d379da99572d6125b

Download Submit
C:\Windows\system\ctIFFap.exe

Filesize
6.0MB

MD5
60a6632d8875c2986d24aa2310f6b01a

SHA1
ab61bcd1bb895e63e5ae1e5204ba0bf48f712ad4

SHA256
ef002a0f21153bd7ce9145e22fa6adde8e327af4f3b5595a0d156747b95d997e

SHA512
5e3a958b0e672a15d8cc14e8c0b20461e8d2dda64d3bbef78b2630f4df7a64dbea43b8561fc5de24851b52a7801356ca8d376bb2c4dbe417fd6f1459a936d07b

Download Submit
C:\Windows\system\dhKTbhS.exe

Filesize
6.0MB

MD5
0c0e74c47135410d7e8ffe16f7123b80

SHA1
64d213e6bca64be6f997ead7ae0aaa90a3d6b1d9

SHA256
3b0adff65739e7656fb32af425f0e6175a154a7dd61f43282d422f3892edb845

SHA512
6bc338c3a927eb645ac68245464a1e86ee7bf9fd8c6c3ee4fd819d5f953de86474a7835a4ba60ea97febecc11f9c04f7f2980877d77e853cf9424ed512a2ac77

Download Submit
C:\Windows\system\fcTihua.exe

Filesize
6.0MB

MD5
770133ab2885a433453b85549d99b5a2

SHA1
c5ce5c085508342d73a14a17aee365df0bd8b6da

SHA256
5adaa2b8e1ab0c09b1390fd6da18e8f0b9034d64506d8bf0160fba3b79c661eb

SHA512
bd77b5b11dfd52af6cab5ff0c489c8ae0130d362df8f44e26aedfc5e610cde868cdf54bd524f85090bfed820e70199f1cb2ebce4849076b390796a6ed9ad9070

Download Submit
C:\Windows\system\gZxQugL.exe

Filesize
6.0MB

MD5
33228161313053aee4f9b693af6b0c99

SHA1
a15bd0eb4a9801cea4ac813e8da0083aaea66091

SHA256
a3d6a7e582be932fd822143cee0e312e447eed3207c01d8631904ab8e15fb082

SHA512
0fb0ab03f2ac81d86e1e515748aa35cd4703522229c5b5cde077b28d9b80b1eb11f2024bede671e9ce40c309a6ab61ff38548a0766b7889464425fc5c7eff8e0

Download Submit
C:\Windows\system\hXYJovF.exe

Filesize
6.0MB

MD5
0af19be4ef146bfa875cba32519fb38e

SHA1
9c463f5cea88519e3a89c5d8542f1c9af19529a1

SHA256
723b4f3218bb3c6538df9f70f347767e29d8565aa64f04d00bcc7166ef7bf592

SHA512
23480d90a04d658da2ddae811c0533e2725e5066b1181036b2f3d59050eab6d132d9411ee98dd0d48b5ccbb0bce7656870cbf49cae0cf26412671200d6dc020f

Download Submit
C:\Windows\system\hvxcgJQ.exe

Filesize
6.0MB

MD5
0bc1ed7a0798b492c960ca68a7e91435

SHA1
8439baaf92a9d03fdb474e6fa86304f35ccb5f62

SHA256
29381f8c73de9c677d264ca8d960a3adc00e14c2849ca9bd01947d30922043ec

SHA512
cc7775be9f7f415a3055583610c73f5025d63192fcc835780aef52bedbea45db90d14bf1cf1c424921346051f4c2a952bdad4e95f692a5b0c85732756aa42bdc

Download Submit
C:\Windows\system\jobyVjN.exe

Filesize
6.0MB

MD5
2f54ff38f3aa3f57a15d80c3763eae1c

SHA1
55210000e321c378cdb1678b5a5b6d263a931d86

SHA256
25a678a96fc630b80eb982b57429ea323777dd1cd5135cda6fe0cd74b3491f59

SHA512
60946afc84699e166be0ed4f50852b2be8ac05228921c5356503d3106163420f025272ba0b03aff8541cd5586e86e315e87c6ea6e309fc8a53c0238721d71963

Download Submit
C:\Windows\system\kvACwKS.exe

Filesize
6.0MB

MD5
7e83178107c938dedf2816a2b97ee2f7

SHA1
77426ec16077238ee5dab5bcee38be899a630b1d

SHA256
064f9a355c5474020d02edad90e787031fb484fc759fda3a54074278be69e351

SHA512
29ed0f3134242e80a4eebb095615ea18829153c4c3eade6deff0669e0e58d4e48b58a03213c660ee2fc787ba8d1db4de00e74c49c7c782dcfbabcf2d121c9a82

Download Submit
C:\Windows\system\niWfwiU.exe

Filesize
6.0MB

MD5
314151a54df4d60dd0bbfe10ade7fd61

SHA1
43377f1f5cc251de71ef5898a60272c73619b16d

SHA256
cfa3eb51d000cb0c06aaa7d98d4a4a6b659f59e3633f77c43c1190c13cff0d4a

SHA512
a80be8a1a755f4a4231e36b431c2d89900caa18515c3ed9381006d2c8ff7bc4e0b0c2bdc86bb5961cbcc65dbc2204187f37c4a32fbbc86f774e3ebfad29c5ed5

Download Submit
C:\Windows\system\odSRyJi.exe

Filesize
6.0MB

MD5
5acd8aa1bdab4e20699efb86ddddb535

SHA1
d5def46b4c6eda007f789bc7a05b457c31376874

SHA256
38fb56b48e6e5b2b68b3d8fc69dfd8ab4f317111b3eb8b518e1945133a811fad

SHA512
79408ea7b8cd75420eefe9f45304f4e58b9b9c614c8a8e7469d8a0e34703ead5cfba6967e90f3141be2485b93d00880051685a08918ac632c8224365acc63b34

Download Submit
C:\Windows\system\ppKREbG.exe

Filesize
6.0MB

MD5
dc020f4711876db5cbccf3bc8c2eefe0

SHA1
4eff117ba71a16349296e359238ad34266030f2f

SHA256
12c19d991e5de2a3379b016307007bc17944a5f684ab8d458d68b68cb02f3fcf

SHA512
07c69d78a00bf75c3d69776e860c0477a0383b337900964a4fcd710a504155ce7ca4368fdb001da10a4397d538937117f2e6cf13d2e7f03404974eaa72406724

Download Submit
C:\Windows\system\qEGcwan.exe

Filesize
6.0MB

MD5
20ffb9d136e80b5982adf909f4c666df

SHA1
c278432dc3f54ad0e6ac67554e14483f843490a7

SHA256
32af40f0989ad95f032b4291caa50d2bb46a149e0291327ccfe61afca47de7ab

SHA512
8c43edb195849f83e580d37b3e52b381f229b39e1cc7bd8a2f36f1e7c7402fc50b5d9c4da6e2e350f9603a02846322a9d7f64ef04f4f7c3e49f85e29a6ab68a4

Download Submit
C:\Windows\system\qqzhNWc.exe

Filesize
6.0MB

MD5
ac2c09eba7d9d4953a05bec6d6be3f85

SHA1
b7b74759f6a8fd35da9b4afb60fbdf54d534b61e

SHA256
21b4febc50a98ea108d07deae92472248728973e1b928db624c355797241500b

SHA512
38b21ddf0d366f365b3398e5c51ab00c90ac100cf394cbfdc513fcd3ac76d2f42a0cd651a547659f9d20bc3fa305fb1552e0ae75c8e9663031ab6f13c61bafc7

Download Submit
C:\Windows\system\vAZbmzI.exe

Filesize
6.0MB

MD5
e750fb6ce1dce3f26bc4fd879924bd3c

SHA1
2ed03b25d332bfbb9c646d751be467a44ba80652

SHA256
659ee3b4c315022f3ba217b4352c6e9211e6ccdb4aa6670511824fe0b62e5dad

SHA512
493f2d5fc6562e2297ea47c15063dd9b386e775f3e26bc667fa147177c092a30f1dc4b6ebe11dc628649fc0f6bee4d9027acbd2591e27d4199fe65cc260d1bb2

Download Submit
C:\Windows\system\zZHPdpw.exe

Filesize
6.0MB

MD5
705508c9f52bc94ae3d5fa2fc45d2e00

SHA1
36f84b5ca9996003f981667042e6e3931f9fafe9

SHA256
2d09add026c609bb758ff255816f6669336671e7181b1bf9a1fdd83514205ea2

SHA512
1d3bc6228d972e56384012d46ed216cf52542b588f36b8049b74958bd5505b5ac4670ecd833e0c2c09d8d96d953a84ea3cc8b9eb492cf6bd4d6e1f367a2f74d0

Download Submit
\Windows\system\GpoULMo.exe

Filesize
6.0MB

MD5
59e80745394611401c605823ee6d2ddf

SHA1
a68d40ecdc905a7cd97748eb0c2ebad97a7465f9

SHA256
71fec812f77e600c10bf6b297c306b6e23c03c19d4e8171a94866465f50ea66e

SHA512
70e3d410b00c753fec9276bf0d23ac8feb1b10bab625f7ec8cfc84091ca5cc45a4e7e8b35dd5e26e7652a0937692835c607bfb9281d3f5893231ed2d6470b569

Download Submit
\Windows\system\QgZEoBI.exe

Filesize
6.0MB

MD5
bb809504f62448bfa44bea9947f705e0

SHA1
aa5f0ba919dc7cdcd6362e0aedb5fcaf34b9aa0d

SHA256
597b4ad7d9639304240dfb7849bf279fa4330c813c83aa03a85a71662e660fda

SHA512
1954ac04624142ffad3258bdd7032c89674d5410d19dde3548d26a78b4ef313fefde1a8be57e5e80e525db9b1451910ac8e0795a499f9a01f1b4a47304ee9eab

Download Submit
\Windows\system\eGMUSIM.exe

Filesize
6.0MB

MD5
63f98d45d64dad5b1b3f9ee1f876a4e5

SHA1
77d4785e04b8e9a160df95f885be5370e9c218da

SHA256
17ce61c15bc4d70a70a5cd8d18f6b4df758c9bc2c6b192adfcc938422c91eff6

SHA512
f07e9d13c470e32c3cb458a47598643de1f9ba82aa9ca9672ab88638b882783b2fcea3b3729761b40810ad4ae2fbb6260474be2669b20699266dc11dcd48c279

Download Submit
memory/320-397-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/320-3782-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/576-3722-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/576-405-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-3715-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1156-403-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1495-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1908-17-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1908-4515-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1952-3717-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1952-393-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2000-3807-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2000-448-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1791-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1792-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2412-396-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2412-12-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2412-394-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-400-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-436-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2412-430-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-443-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1783-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2412-398-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-392-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2412-402-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-404-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-408-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-414-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-420-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1790-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1494-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1781-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1797-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1782-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1784-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1785-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1786-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1787-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1788-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1789-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3707-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2532-395-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2624-13-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3708-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2728-411-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3752-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-399-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3751-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2856-423-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3706-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3741-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2884-433-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3729-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2956-401-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/3020-3735-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-417-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download