cobaltstrike | b092a69072010214a3cac6e4e12d770745c8bf284e3a999226a3e0b383c21a98

Analysis

max time kernel
126s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14-12-2024 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

386984fa1fe251fb2aed317f0233c205
SHA1

a97990bfaa2b762537a5975ade7aa8f004dc9e42
SHA256

b092a69072010214a3cac6e4e12d770745c8bf284e3a999226a3e0b383c21a98
SHA512

9232eb28224e537a7f855bb2ff2b6893c0e834248628df7d55e0f608504b4bf8f51db58125973de54c31d21040d399e9d4887972910e8bca6544453706153946
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fe-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca5-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0e-26.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d27-48.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-62.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3b-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-163.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d17-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1f-32.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cc9-16.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2524-0-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fe-6.dat	xmrig
behavioral1/memory/2404-8-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ca5-9.dat	xmrig
behavioral1/memory/2120-22-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d0e-26.dat	xmrig
behavioral1/files/0x0009000000016d27-48.dat	xmrig
behavioral1/files/0x0005000000019490-62.dat	xmrig
behavioral1/files/0x0008000000016d3b-54.dat	xmrig
behavioral1/memory/2028-977-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2936-775-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2068-573-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2232-273-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c0-179.dat	xmrig
behavioral1/files/0x000500000001955c-178.dat	xmrig
behavioral1/files/0x00050000000194e6-177.dat	xmrig
behavioral1/files/0x00050000000194da-176.dat	xmrig
behavioral1/files/0x00050000000194c6-175.dat	xmrig
behavioral1/files/0x0005000000019c34-172.dat	xmrig
behavioral1/files/0x0005000000019581-160.dat	xmrig
behavioral1/files/0x0005000000019551-159.dat	xmrig
behavioral1/files/0x00050000000194e4-158.dat	xmrig
behavioral1/files/0x00050000000194d0-157.dat	xmrig
behavioral1/files/0x000500000001949d-156.dat	xmrig
behavioral1/files/0x0005000000019999-152.dat	xmrig
behavioral1/files/0x000500000001969b-145.dat	xmrig
behavioral1/files/0x0005000000019615-138.dat	xmrig
behavioral1/files/0x0005000000019603-130.dat	xmrig
behavioral1/files/0x00050000000195ff-123.dat	xmrig
behavioral1/files/0x00050000000195fd-117.dat	xmrig
behavioral1/files/0x00050000000195f9-111.dat	xmrig
behavioral1/memory/2248-69-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2524-68-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2784-67-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019481-65.dat	xmrig
behavioral1/files/0x0005000000019c32-171.dat	xmrig
behavioral1/files/0x00050000000196ed-170.dat	xmrig
behavioral1/files/0x0005000000019659-169.dat	xmrig
behavioral1/files/0x0005000000019605-168.dat	xmrig
behavioral1/files/0x0005000000019601-167.dat	xmrig
behavioral1/files/0x00050000000195fe-166.dat	xmrig
behavioral1/files/0x00050000000195fb-164.dat	xmrig
behavioral1/files/0x00050000000195f7-163.dat	xmrig
behavioral1/memory/2028-102-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2140-81-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2524-61-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2404-51-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2936-50-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2524-49-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2524-44-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2876-42-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2068-41-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d17-37.dat	xmrig
behavioral1/files/0x0007000000016d1f-32.dat	xmrig
behavioral1/memory/2232-31-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2248-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cc9-16.dat	xmrig
behavioral1/memory/2248-3640-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2028-3742-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2404-3639-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2068-3638-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2232-3776-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2784-3792-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2120-3787-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2404	hJGXHxU.exe
2248	wKUqWYw.exe
2120	vSqlpzY.exe
2232	ChaQJAP.exe
2068	vGxRVrY.exe
2876	wzFtpLa.exe
2936	RXzlbVl.exe
2784	VPIbVeX.exe
2140	iTfINpQ.exe
2028	rKlyFus.exe
2968	bkacbac.exe
2744	ysNBWtb.exe
2580	AsNJESG.exe
784	JVPWPvH.exe
2492	OisioFr.exe
3064	FeyCYqX.exe
2548	WUvBcJQ.exe
2888	ThWqIYF.exe
544	XOvXIYw.exe
484	vskyPNv.exe
588	VlQvbbP.exe
2312	PHVnCAU.exe
448	NwswrIK.exe
2684	WWjIdnb.exe
2720	BMNHAbC.exe
2848	QpCbniR.exe
1796	OELAyvy.exe
3028	SIHHlvI.exe
3068	xFgvYCu.exe
2928	nLJvfqv.exe
2896	YoXSmwX.exe
2376	FkEznlm.exe
1660	GRHglJw.exe
2396	wCGJjni.exe
852	oFBWtTw.exe
640	hZKXXSz.exe
2352	wfgcARy.exe
688	PMXjury.exe
1496	PsPlDbs.exe
1524	qxqtFWi.exe
872	IPQMSyO.exe
2456	qajabGQ.exe
1276	lgoWViu.exe
280	adgWxiJ.exe
1980	HxzKQkp.exe
2284	uMQPnXE.exe
1192	PNCwwgW.exe
1440	WloqtbO.exe
1924	MAvetzL.exe
1156	dvCkaJN.exe
1316	myxlCwF.exe
2636	qsLwzfh.exe
1676	FfvAFYp.exe
1812	kUfVwbb.exe
2344	uABcoGQ.exe
1580	ciLjaui.exe
2820	yMAQYWE.exe
2116	augYncC.exe
1920	ImfILPZ.exe
1904	AuBCciH.exe
2664	iqbiZNU.exe
2172	FlAILdP.exe
2912	JnOuiyc.exe
2844	QlscwjO.exe

Loads dropped DLL 64 IoCs

pid	Process
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2524-0-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x00070000000120fe-6.dat	upx
behavioral1/memory/2404-8-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0008000000016ca5-9.dat	upx
behavioral1/memory/2120-22-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x0007000000016d0e-26.dat	upx
behavioral1/files/0x0009000000016d27-48.dat	upx
behavioral1/files/0x0005000000019490-62.dat	upx
behavioral1/files/0x0008000000016d3b-54.dat	upx
behavioral1/memory/2028-977-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2936-775-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2068-573-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2232-273-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x00050000000195c0-179.dat	upx
behavioral1/files/0x000500000001955c-178.dat	upx
behavioral1/files/0x00050000000194e6-177.dat	upx
behavioral1/files/0x00050000000194da-176.dat	upx
behavioral1/files/0x00050000000194c6-175.dat	upx
behavioral1/files/0x0005000000019c34-172.dat	upx
behavioral1/files/0x0005000000019581-160.dat	upx
behavioral1/files/0x0005000000019551-159.dat	upx
behavioral1/files/0x00050000000194e4-158.dat	upx
behavioral1/files/0x00050000000194d0-157.dat	upx
behavioral1/files/0x000500000001949d-156.dat	upx
behavioral1/files/0x0005000000019999-152.dat	upx
behavioral1/files/0x000500000001969b-145.dat	upx
behavioral1/files/0x0005000000019615-138.dat	upx
behavioral1/files/0x0005000000019603-130.dat	upx
behavioral1/files/0x00050000000195ff-123.dat	upx
behavioral1/files/0x00050000000195fd-117.dat	upx
behavioral1/files/0x00050000000195f9-111.dat	upx
behavioral1/memory/2248-69-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2784-67-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0005000000019481-65.dat	upx
behavioral1/files/0x0005000000019c32-171.dat	upx
behavioral1/files/0x00050000000196ed-170.dat	upx
behavioral1/files/0x0005000000019659-169.dat	upx
behavioral1/files/0x0005000000019605-168.dat	upx
behavioral1/files/0x0005000000019601-167.dat	upx
behavioral1/files/0x00050000000195fe-166.dat	upx
behavioral1/files/0x00050000000195fb-164.dat	upx
behavioral1/files/0x00050000000195f7-163.dat	upx
behavioral1/memory/2028-102-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2140-81-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2404-51-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2936-50-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2524-44-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2876-42-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2068-41-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0007000000016d17-37.dat	upx
behavioral1/files/0x0007000000016d1f-32.dat	upx
behavioral1/memory/2232-31-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2248-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0008000000016cc9-16.dat	upx
behavioral1/memory/2248-3640-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2028-3742-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2404-3639-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2068-3638-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2232-3776-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2784-3792-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2120-3787-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2876-3782-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2936-3822-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2140-3842-0x000000013F620000-0x000000013F974000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\utRzEUI.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdJJGPr.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXQUKhE.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLCbsqY.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEswEoa.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzGzenb.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUQSWZn.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNkMEVT.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDFrFeb.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsNJESG.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFERSym.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQxsUae.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfMPwlT.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjhuaDy.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsImpim.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhBvrmX.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAvTDga.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTALaJI.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itWQDxE.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WAYkAfG.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xzuYJga.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGCktIe.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoYsewm.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVbWZAc.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVPWPvH.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weWMhoD.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOmkFje.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRwGZGc.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsLwzfh.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovwwDkp.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFQpQgY.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhxqGcD.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udeuzsD.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFEyHmb.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDPAlgB.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSveGeq.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atNpmig.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxTmtYq.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQXWqlK.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLbpdkE.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsqnZQR.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLMChbo.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FowkabZ.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMQPnXE.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXSjOWp.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LPMBbWs.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsHZKZB.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJIFqko.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnVLhVM.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suZrevj.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnZdztG.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPifyyN.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdTKaRg.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aQcsehw.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQrHLYK.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqgBNhp.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qYPVaJp.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPpqDNk.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWHGpzo.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQEEKmM.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SydyjjP.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhXntUw.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olakxBN.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjpnESQ.exe	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2404	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2524 wrote to memory of 2404	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2524 wrote to memory of 2404	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2524 wrote to memory of 2120	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2524 wrote to memory of 2120	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2524 wrote to memory of 2120	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2524 wrote to memory of 2248	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2524 wrote to memory of 2248	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2524 wrote to memory of 2248	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2524 wrote to memory of 2232	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2524 wrote to memory of 2232	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2524 wrote to memory of 2232	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2524 wrote to memory of 2068	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2524 wrote to memory of 2068	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2524 wrote to memory of 2068	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2524 wrote to memory of 2876	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2524 wrote to memory of 2876	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2524 wrote to memory of 2876	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2524 wrote to memory of 2936	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2524 wrote to memory of 2936	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2524 wrote to memory of 2936	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2524 wrote to memory of 2784	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2524 wrote to memory of 2784	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2524 wrote to memory of 2784	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2524 wrote to memory of 2140	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2524 wrote to memory of 2140	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2524 wrote to memory of 2140	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2524 wrote to memory of 2028	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2524 wrote to memory of 2028	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2524 wrote to memory of 2028	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2524 wrote to memory of 2968	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2524 wrote to memory of 2968	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2524 wrote to memory of 2968	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2524 wrote to memory of 2684	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2524 wrote to memory of 2684	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2524 wrote to memory of 2684	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2524 wrote to memory of 2744	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2524 wrote to memory of 2744	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2524 wrote to memory of 2744	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2524 wrote to memory of 2720	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2524 wrote to memory of 2720	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2524 wrote to memory of 2720	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2524 wrote to memory of 2580	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2524 wrote to memory of 2580	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2524 wrote to memory of 2580	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2524 wrote to memory of 2848	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2524 wrote to memory of 2848	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2524 wrote to memory of 2848	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2524 wrote to memory of 784	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2524 wrote to memory of 784	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2524 wrote to memory of 784	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2524 wrote to memory of 1796	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2524 wrote to memory of 1796	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2524 wrote to memory of 1796	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2524 wrote to memory of 2492	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2524 wrote to memory of 2492	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2524 wrote to memory of 2492	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2524 wrote to memory of 3028	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2524 wrote to memory of 3028	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2524 wrote to memory of 3028	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2524 wrote to memory of 3064	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2524 wrote to memory of 3064	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2524 wrote to memory of 3064	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2524 wrote to memory of 3068	2524	2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-14_386984fa1fe251fb2aed317f0233c205_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\System\hJGXHxU.exe
  C:\Windows\System\hJGXHxU.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\vSqlpzY.exe
  C:\Windows\System\vSqlpzY.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\wKUqWYw.exe
  C:\Windows\System\wKUqWYw.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ChaQJAP.exe
  C:\Windows\System\ChaQJAP.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\vGxRVrY.exe
  C:\Windows\System\vGxRVrY.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\wzFtpLa.exe
  C:\Windows\System\wzFtpLa.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\RXzlbVl.exe
  C:\Windows\System\RXzlbVl.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\VPIbVeX.exe
  C:\Windows\System\VPIbVeX.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\iTfINpQ.exe
  C:\Windows\System\iTfINpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\rKlyFus.exe
  C:\Windows\System\rKlyFus.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\bkacbac.exe
  C:\Windows\System\bkacbac.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\WWjIdnb.exe
  C:\Windows\System\WWjIdnb.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\ysNBWtb.exe
  C:\Windows\System\ysNBWtb.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\BMNHAbC.exe
  C:\Windows\System\BMNHAbC.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\AsNJESG.exe
  C:\Windows\System\AsNJESG.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\QpCbniR.exe
  C:\Windows\System\QpCbniR.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\JVPWPvH.exe
  C:\Windows\System\JVPWPvH.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\OELAyvy.exe
  C:\Windows\System\OELAyvy.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\OisioFr.exe
  C:\Windows\System\OisioFr.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\SIHHlvI.exe
  C:\Windows\System\SIHHlvI.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\FeyCYqX.exe
  C:\Windows\System\FeyCYqX.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\xFgvYCu.exe
  C:\Windows\System\xFgvYCu.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\WUvBcJQ.exe
  C:\Windows\System\WUvBcJQ.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\nLJvfqv.exe
  C:\Windows\System\nLJvfqv.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ThWqIYF.exe
  C:\Windows\System\ThWqIYF.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\YoXSmwX.exe
  C:\Windows\System\YoXSmwX.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\XOvXIYw.exe
  C:\Windows\System\XOvXIYw.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\FkEznlm.exe
  C:\Windows\System\FkEznlm.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\vskyPNv.exe
  C:\Windows\System\vskyPNv.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\GRHglJw.exe
  C:\Windows\System\GRHglJw.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\VlQvbbP.exe
  C:\Windows\System\VlQvbbP.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\wCGJjni.exe
  C:\Windows\System\wCGJjni.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\PHVnCAU.exe
  C:\Windows\System\PHVnCAU.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\oFBWtTw.exe
  C:\Windows\System\oFBWtTw.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\NwswrIK.exe
  C:\Windows\System\NwswrIK.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\wfgcARy.exe
  C:\Windows\System\wfgcARy.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\hZKXXSz.exe
  C:\Windows\System\hZKXXSz.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\PMXjury.exe
  C:\Windows\System\PMXjury.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\PsPlDbs.exe
  C:\Windows\System\PsPlDbs.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\qxqtFWi.exe
  C:\Windows\System\qxqtFWi.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\IPQMSyO.exe
  C:\Windows\System\IPQMSyO.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\qajabGQ.exe
  C:\Windows\System\qajabGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\lgoWViu.exe
  C:\Windows\System\lgoWViu.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\adgWxiJ.exe
  C:\Windows\System\adgWxiJ.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\HxzKQkp.exe
  C:\Windows\System\HxzKQkp.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\uMQPnXE.exe
  C:\Windows\System\uMQPnXE.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\PNCwwgW.exe
  C:\Windows\System\PNCwwgW.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\WloqtbO.exe
  C:\Windows\System\WloqtbO.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\MAvetzL.exe
  C:\Windows\System\MAvetzL.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\dvCkaJN.exe
  C:\Windows\System\dvCkaJN.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\myxlCwF.exe
  C:\Windows\System\myxlCwF.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\qsLwzfh.exe
  C:\Windows\System\qsLwzfh.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\FfvAFYp.exe
  C:\Windows\System\FfvAFYp.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\kUfVwbb.exe
  C:\Windows\System\kUfVwbb.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\uABcoGQ.exe
  C:\Windows\System\uABcoGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\augYncC.exe
  C:\Windows\System\augYncC.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\ciLjaui.exe
  C:\Windows\System\ciLjaui.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\ImfILPZ.exe
  C:\Windows\System\ImfILPZ.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\yMAQYWE.exe
  C:\Windows\System\yMAQYWE.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\AuBCciH.exe
  C:\Windows\System\AuBCciH.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\iqbiZNU.exe
  C:\Windows\System\iqbiZNU.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\FlAILdP.exe
  C:\Windows\System\FlAILdP.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\JnOuiyc.exe
  C:\Windows\System\JnOuiyc.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\QlscwjO.exe
  C:\Windows\System\QlscwjO.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\RcXtnmC.exe
  C:\Windows\System\RcXtnmC.exe
  2⤵
  PID:2364
- C:\Windows\System\XOayRYI.exe
  C:\Windows\System\XOayRYI.exe
  2⤵
  PID:980
- C:\Windows\System\hyFRANs.exe
  C:\Windows\System\hyFRANs.exe
  2⤵
  PID:1764
- C:\Windows\System\sEdFweb.exe
  C:\Windows\System\sEdFweb.exe
  2⤵
  PID:976
- C:\Windows\System\UqIGUgq.exe
  C:\Windows\System\UqIGUgq.exe
  2⤵
  PID:1976
- C:\Windows\System\EEYjpnx.exe
  C:\Windows\System\EEYjpnx.exe
  2⤵
  PID:2128
- C:\Windows\System\PeWuorB.exe
  C:\Windows\System\PeWuorB.exe
  2⤵
  PID:1036
- C:\Windows\System\yMUgOsk.exe
  C:\Windows\System\yMUgOsk.exe
  2⤵
  PID:2092
- C:\Windows\System\VHekObj.exe
  C:\Windows\System\VHekObj.exe
  2⤵
  PID:884
- C:\Windows\System\jbjIfIU.exe
  C:\Windows\System\jbjIfIU.exe
  2⤵
  PID:2596
- C:\Windows\System\UCnKHBT.exe
  C:\Windows\System\UCnKHBT.exe
  2⤵
  PID:1708
- C:\Windows\System\wPvadwr.exe
  C:\Windows\System\wPvadwr.exe
  2⤵
  PID:2168
- C:\Windows\System\KlKGikL.exe
  C:\Windows\System\KlKGikL.exe
  2⤵
  PID:2408
- C:\Windows\System\oRMqELh.exe
  C:\Windows\System\oRMqELh.exe
  2⤵
  PID:2200
- C:\Windows\System\QewnIIF.exe
  C:\Windows\System\QewnIIF.exe
  2⤵
  PID:2444
- C:\Windows\System\neBEkAI.exe
  C:\Windows\System\neBEkAI.exe
  2⤵
  PID:2160
- C:\Windows\System\JYguiUv.exe
  C:\Windows\System\JYguiUv.exe
  2⤵
  PID:2984
- C:\Windows\System\YQSxgFf.exe
  C:\Windows\System\YQSxgFf.exe
  2⤵
  PID:2540
- C:\Windows\System\roZrNEF.exe
  C:\Windows\System\roZrNEF.exe
  2⤵
  PID:3080
- C:\Windows\System\KlEJlRt.exe
  C:\Windows\System\KlEJlRt.exe
  2⤵
  PID:3100
- C:\Windows\System\wxWFXHF.exe
  C:\Windows\System\wxWFXHF.exe
  2⤵
  PID:3120
- C:\Windows\System\xLHkriT.exe
  C:\Windows\System\xLHkriT.exe
  2⤵
  PID:3140
- C:\Windows\System\KMbjVBX.exe
  C:\Windows\System\KMbjVBX.exe
  2⤵
  PID:3160
- C:\Windows\System\KgEgqlO.exe
  C:\Windows\System\KgEgqlO.exe
  2⤵
  PID:3176
- C:\Windows\System\otWxBfH.exe
  C:\Windows\System\otWxBfH.exe
  2⤵
  PID:3200
- C:\Windows\System\cGUAfRa.exe
  C:\Windows\System\cGUAfRa.exe
  2⤵
  PID:3220
- C:\Windows\System\gqgBNhp.exe
  C:\Windows\System\gqgBNhp.exe
  2⤵
  PID:3240
- C:\Windows\System\HGNUHHO.exe
  C:\Windows\System\HGNUHHO.exe
  2⤵
  PID:3260
- C:\Windows\System\eeRvAQZ.exe
  C:\Windows\System\eeRvAQZ.exe
  2⤵
  PID:3280
- C:\Windows\System\ygfYBvD.exe
  C:\Windows\System\ygfYBvD.exe
  2⤵
  PID:3300
- C:\Windows\System\ZPPHulF.exe
  C:\Windows\System\ZPPHulF.exe
  2⤵
  PID:3320
- C:\Windows\System\oLOFoCu.exe
  C:\Windows\System\oLOFoCu.exe
  2⤵
  PID:3340
- C:\Windows\System\FowkabZ.exe
  C:\Windows\System\FowkabZ.exe
  2⤵
  PID:3360
- C:\Windows\System\XzJUhsF.exe
  C:\Windows\System\XzJUhsF.exe
  2⤵
  PID:3376
- C:\Windows\System\pzhJZpq.exe
  C:\Windows\System\pzhJZpq.exe
  2⤵
  PID:3400
- C:\Windows\System\sERRKLN.exe
  C:\Windows\System\sERRKLN.exe
  2⤵
  PID:3416
- C:\Windows\System\bFmvFUI.exe
  C:\Windows\System\bFmvFUI.exe
  2⤵
  PID:3440
- C:\Windows\System\BDYNqKp.exe
  C:\Windows\System\BDYNqKp.exe
  2⤵
  PID:3460
- C:\Windows\System\iHPdxSi.exe
  C:\Windows\System\iHPdxSi.exe
  2⤵
  PID:3480
- C:\Windows\System\lBqrynl.exe
  C:\Windows\System\lBqrynl.exe
  2⤵
  PID:3500
- C:\Windows\System\vynqZdq.exe
  C:\Windows\System\vynqZdq.exe
  2⤵
  PID:3516
- C:\Windows\System\fQFPcjK.exe
  C:\Windows\System\fQFPcjK.exe
  2⤵
  PID:3540
- C:\Windows\System\gzfnHzs.exe
  C:\Windows\System\gzfnHzs.exe
  2⤵
  PID:3560
- C:\Windows\System\rKgaGsL.exe
  C:\Windows\System\rKgaGsL.exe
  2⤵
  PID:3580
- C:\Windows\System\vZcNUju.exe
  C:\Windows\System\vZcNUju.exe
  2⤵
  PID:3596
- C:\Windows\System\FugRAgt.exe
  C:\Windows\System\FugRAgt.exe
  2⤵
  PID:3620
- C:\Windows\System\VsIywtB.exe
  C:\Windows\System\VsIywtB.exe
  2⤵
  PID:3636
- C:\Windows\System\SUFOUDE.exe
  C:\Windows\System\SUFOUDE.exe
  2⤵
  PID:3656
- C:\Windows\System\ilqSnLz.exe
  C:\Windows\System\ilqSnLz.exe
  2⤵
  PID:3680
- C:\Windows\System\SydyjjP.exe
  C:\Windows\System\SydyjjP.exe
  2⤵
  PID:3700
- C:\Windows\System\rbizLfs.exe
  C:\Windows\System\rbizLfs.exe
  2⤵
  PID:3720
- C:\Windows\System\QTznPfM.exe
  C:\Windows\System\QTznPfM.exe
  2⤵
  PID:3740
- C:\Windows\System\djgaDba.exe
  C:\Windows\System\djgaDba.exe
  2⤵
  PID:3760
- C:\Windows\System\aTsvaTA.exe
  C:\Windows\System\aTsvaTA.exe
  2⤵
  PID:3780
- C:\Windows\System\xzuYJga.exe
  C:\Windows\System\xzuYJga.exe
  2⤵
  PID:3796
- C:\Windows\System\kyfedOu.exe
  C:\Windows\System\kyfedOu.exe
  2⤵
  PID:3816
- C:\Windows\System\JmXtIWy.exe
  C:\Windows\System\JmXtIWy.exe
  2⤵
  PID:3836
- C:\Windows\System\llWKOpW.exe
  C:\Windows\System\llWKOpW.exe
  2⤵
  PID:3860
- C:\Windows\System\YEjyUNk.exe
  C:\Windows\System\YEjyUNk.exe
  2⤵
  PID:3880
- C:\Windows\System\PLrtlBY.exe
  C:\Windows\System\PLrtlBY.exe
  2⤵
  PID:3900
- C:\Windows\System\tXzcqRf.exe
  C:\Windows\System\tXzcqRf.exe
  2⤵
  PID:3916
- C:\Windows\System\dghKUro.exe
  C:\Windows\System\dghKUro.exe
  2⤵
  PID:3932
- C:\Windows\System\XaIbnDx.exe
  C:\Windows\System\XaIbnDx.exe
  2⤵
  PID:3960
- C:\Windows\System\lbWnzgx.exe
  C:\Windows\System\lbWnzgx.exe
  2⤵
  PID:3980
- C:\Windows\System\ZqcnCIy.exe
  C:\Windows\System\ZqcnCIy.exe
  2⤵
  PID:4000
- C:\Windows\System\YoFqBll.exe
  C:\Windows\System\YoFqBll.exe
  2⤵
  PID:4020
- C:\Windows\System\ofJnyxk.exe
  C:\Windows\System\ofJnyxk.exe
  2⤵
  PID:4036
- C:\Windows\System\TjpDyrG.exe
  C:\Windows\System\TjpDyrG.exe
  2⤵
  PID:4060
- C:\Windows\System\jjZFkQx.exe
  C:\Windows\System\jjZFkQx.exe
  2⤵
  PID:4080
- C:\Windows\System\IezaoRz.exe
  C:\Windows\System\IezaoRz.exe
  2⤵
  PID:1144
- C:\Windows\System\WxGUPUk.exe
  C:\Windows\System\WxGUPUk.exe
  2⤵
  PID:2196
- C:\Windows\System\wfMPwlT.exe
  C:\Windows\System\wfMPwlT.exe
  2⤵
  PID:1696
- C:\Windows\System\tCNcSzF.exe
  C:\Windows\System\tCNcSzF.exe
  2⤵
  PID:1300
- C:\Windows\System\mtnBNuq.exe
  C:\Windows\System\mtnBNuq.exe
  2⤵
  PID:2716
- C:\Windows\System\UqwOjgM.exe
  C:\Windows\System\UqwOjgM.exe
  2⤵
  PID:672
- C:\Windows\System\xUoDPHD.exe
  C:\Windows\System\xUoDPHD.exe
  2⤵
  PID:1096
- C:\Windows\System\JcjuqaB.exe
  C:\Windows\System\JcjuqaB.exe
  2⤵
  PID:1360
- C:\Windows\System\LmkPblf.exe
  C:\Windows\System\LmkPblf.exe
  2⤵
  PID:1948
- C:\Windows\System\cQMxHns.exe
  C:\Windows\System\cQMxHns.exe
  2⤵
  PID:2088
- C:\Windows\System\kxvURfB.exe
  C:\Windows\System\kxvURfB.exe
  2⤵
  PID:1768
- C:\Windows\System\lySjjvP.exe
  C:\Windows\System\lySjjvP.exe
  2⤵
  PID:324
- C:\Windows\System\oKQstbN.exe
  C:\Windows\System\oKQstbN.exe
  2⤵
  PID:2148
- C:\Windows\System\OYiTGLp.exe
  C:\Windows\System\OYiTGLp.exe
  2⤵
  PID:848
- C:\Windows\System\bBmAkjE.exe
  C:\Windows\System\bBmAkjE.exe
  2⤵
  PID:2152
- C:\Windows\System\JtdHbIA.exe
  C:\Windows\System\JtdHbIA.exe
  2⤵
  PID:1968
- C:\Windows\System\FQrmAxs.exe
  C:\Windows\System\FQrmAxs.exe
  2⤵
  PID:2676
- C:\Windows\System\RLFMsLu.exe
  C:\Windows\System\RLFMsLu.exe
  2⤵
  PID:2924
- C:\Windows\System\nXjfcoa.exe
  C:\Windows\System\nXjfcoa.exe
  2⤵
  PID:3112
- C:\Windows\System\IlyigwF.exe
  C:\Windows\System\IlyigwF.exe
  2⤵
  PID:3156
- C:\Windows\System\OOVJbEW.exe
  C:\Windows\System\OOVJbEW.exe
  2⤵
  PID:3208
- C:\Windows\System\nTVSvSD.exe
  C:\Windows\System\nTVSvSD.exe
  2⤵
  PID:3248
- C:\Windows\System\WQcWFfB.exe
  C:\Windows\System\WQcWFfB.exe
  2⤵
  PID:3252
- C:\Windows\System\zlwrNDE.exe
  C:\Windows\System\zlwrNDE.exe
  2⤵
  PID:3296
- C:\Windows\System\GtZRzqJ.exe
  C:\Windows\System\GtZRzqJ.exe
  2⤵
  PID:3336
- C:\Windows\System\VYbMvBK.exe
  C:\Windows\System\VYbMvBK.exe
  2⤵
  PID:3356
- C:\Windows\System\jyaTpoL.exe
  C:\Windows\System\jyaTpoL.exe
  2⤵
  PID:3388
- C:\Windows\System\TAoLoht.exe
  C:\Windows\System\TAoLoht.exe
  2⤵
  PID:3448
- C:\Windows\System\zwoVCxa.exe
  C:\Windows\System\zwoVCxa.exe
  2⤵
  PID:3468
- C:\Windows\System\nHQgHlv.exe
  C:\Windows\System\nHQgHlv.exe
  2⤵
  PID:3532
- C:\Windows\System\IswnTuU.exe
  C:\Windows\System\IswnTuU.exe
  2⤵
  PID:3508
- C:\Windows\System\ojQdybt.exe
  C:\Windows\System\ojQdybt.exe
  2⤵
  PID:3556
- C:\Windows\System\rLeJzLW.exe
  C:\Windows\System\rLeJzLW.exe
  2⤵
  PID:3612
- C:\Windows\System\oZwtiQT.exe
  C:\Windows\System\oZwtiQT.exe
  2⤵
  PID:3644
- C:\Windows\System\KidovVE.exe
  C:\Windows\System\KidovVE.exe
  2⤵
  PID:3668
- C:\Windows\System\LRbZeRG.exe
  C:\Windows\System\LRbZeRG.exe
  2⤵
  PID:3692
- C:\Windows\System\rrjGgzK.exe
  C:\Windows\System\rrjGgzK.exe
  2⤵
  PID:3708
- C:\Windows\System\IcWHVcP.exe
  C:\Windows\System\IcWHVcP.exe
  2⤵
  PID:3748
- C:\Windows\System\tDSSVMn.exe
  C:\Windows\System\tDSSVMn.exe
  2⤵
  PID:3792
- C:\Windows\System\NmkiMdN.exe
  C:\Windows\System\NmkiMdN.exe
  2⤵
  PID:3852
- C:\Windows\System\wqZIkDQ.exe
  C:\Windows\System\wqZIkDQ.exe
  2⤵
  PID:3888
- C:\Windows\System\AoeAVjy.exe
  C:\Windows\System\AoeAVjy.exe
  2⤵
  PID:3876
- C:\Windows\System\ckAhrnL.exe
  C:\Windows\System\ckAhrnL.exe
  2⤵
  PID:3968
- C:\Windows\System\MpnsTRC.exe
  C:\Windows\System\MpnsTRC.exe
  2⤵
  PID:3956
- C:\Windows\System\VbazMVq.exe
  C:\Windows\System\VbazMVq.exe
  2⤵
  PID:3996
- C:\Windows\System\CuzkImw.exe
  C:\Windows\System\CuzkImw.exe
  2⤵
  PID:4028
- C:\Windows\System\qpniklc.exe
  C:\Windows\System\qpniklc.exe
  2⤵
  PID:4068
- C:\Windows\System\fgdPUFf.exe
  C:\Windows\System\fgdPUFf.exe
  2⤵
  PID:1620
- C:\Windows\System\BizayEQ.exe
  C:\Windows\System\BizayEQ.exe
  2⤵
  PID:2904
- C:\Windows\System\ZbUYRCC.exe
  C:\Windows\System\ZbUYRCC.exe
  2⤵
  PID:2300
- C:\Windows\System\kQYKjpb.exe
  C:\Windows\System\kQYKjpb.exe
  2⤵
  PID:1652
- C:\Windows\System\uWIUQMh.exe
  C:\Windows\System\uWIUQMh.exe
  2⤵
  PID:2952
- C:\Windows\System\IKgmsvp.exe
  C:\Windows\System\IKgmsvp.exe
  2⤵
  PID:2292
- C:\Windows\System\YehCYTR.exe
  C:\Windows\System\YehCYTR.exe
  2⤵
  PID:2216
- C:\Windows\System\RxqRAKV.exe
  C:\Windows\System\RxqRAKV.exe
  2⤵
  PID:1288
- C:\Windows\System\ZoCyjMH.exe
  C:\Windows\System\ZoCyjMH.exe
  2⤵
  PID:2176
- C:\Windows\System\IZvxfLD.exe
  C:\Windows\System\IZvxfLD.exe
  2⤵
  PID:2184
- C:\Windows\System\SBvMTSK.exe
  C:\Windows\System\SBvMTSK.exe
  2⤵
  PID:3088
- C:\Windows\System\ljTRePw.exe
  C:\Windows\System\ljTRePw.exe
  2⤵
  PID:3172
- C:\Windows\System\loTFjtW.exe
  C:\Windows\System\loTFjtW.exe
  2⤵
  PID:3168
- C:\Windows\System\nXQUKhE.exe
  C:\Windows\System\nXQUKhE.exe
  2⤵
  PID:3196
- C:\Windows\System\RWpEEUd.exe
  C:\Windows\System\RWpEEUd.exe
  2⤵
  PID:3308
- C:\Windows\System\VheWCxb.exe
  C:\Windows\System\VheWCxb.exe
  2⤵
  PID:3348
- C:\Windows\System\gSlznUt.exe
  C:\Windows\System\gSlznUt.exe
  2⤵
  PID:3428
- C:\Windows\System\AjchEUw.exe
  C:\Windows\System\AjchEUw.exe
  2⤵
  PID:3496
- C:\Windows\System\dXcuhym.exe
  C:\Windows\System\dXcuhym.exe
  2⤵
  PID:3512
- C:\Windows\System\QzmhJCD.exe
  C:\Windows\System\QzmhJCD.exe
  2⤵
  PID:3548
- C:\Windows\System\dpWhcUC.exe
  C:\Windows\System\dpWhcUC.exe
  2⤵
  PID:3664
- C:\Windows\System\exaPwko.exe
  C:\Windows\System\exaPwko.exe
  2⤵
  PID:3676
- C:\Windows\System\xYApvad.exe
  C:\Windows\System\xYApvad.exe
  2⤵
  PID:3772
- C:\Windows\System\DcCCADN.exe
  C:\Windows\System\DcCCADN.exe
  2⤵
  PID:3776
- C:\Windows\System\KQHpmIU.exe
  C:\Windows\System\KQHpmIU.exe
  2⤵
  PID:3928
- C:\Windows\System\JDmAcpc.exe
  C:\Windows\System\JDmAcpc.exe
  2⤵
  PID:3868
- C:\Windows\System\NlyQDIJ.exe
  C:\Windows\System\NlyQDIJ.exe
  2⤵
  PID:4008
- C:\Windows\System\aCoSixX.exe
  C:\Windows\System\aCoSixX.exe
  2⤵
  PID:4048
- C:\Windows\System\VwhZHIF.exe
  C:\Windows\System\VwhZHIF.exe
  2⤵
  PID:2208
- C:\Windows\System\uRJOCpx.exe
  C:\Windows\System\uRJOCpx.exe
  2⤵
  PID:2832
- C:\Windows\System\ApiuwGy.exe
  C:\Windows\System\ApiuwGy.exe
  2⤵
  PID:748
- C:\Windows\System\ntiAUXX.exe
  C:\Windows\System\ntiAUXX.exe
  2⤵
  PID:1528
- C:\Windows\System\XgHbywk.exe
  C:\Windows\System\XgHbywk.exe
  2⤵
  PID:2736
- C:\Windows\System\hFQpQgY.exe
  C:\Windows\System\hFQpQgY.exe
  2⤵
  PID:1848
- C:\Windows\System\BDYLVyE.exe
  C:\Windows\System\BDYLVyE.exe
  2⤵
  PID:3128
- C:\Windows\System\OAUAiSr.exe
  C:\Windows\System\OAUAiSr.exe
  2⤵
  PID:3232
- C:\Windows\System\RIMDprt.exe
  C:\Windows\System\RIMDprt.exe
  2⤵
  PID:3148
- C:\Windows\System\yzMhsYH.exe
  C:\Windows\System\yzMhsYH.exe
  2⤵
  PID:3368
- C:\Windows\System\Uaxhhqf.exe
  C:\Windows\System\Uaxhhqf.exe
  2⤵
  PID:3452
- C:\Windows\System\VFggxhb.exe
  C:\Windows\System\VFggxhb.exe
  2⤵
  PID:4112
- C:\Windows\System\uFjxfeU.exe
  C:\Windows\System\uFjxfeU.exe
  2⤵
  PID:4132
- C:\Windows\System\lbgGcbS.exe
  C:\Windows\System\lbgGcbS.exe
  2⤵
  PID:4148
- C:\Windows\System\ylVuuWC.exe
  C:\Windows\System\ylVuuWC.exe
  2⤵
  PID:4172
- C:\Windows\System\PKJAfal.exe
  C:\Windows\System\PKJAfal.exe
  2⤵
  PID:4192
- C:\Windows\System\qrVefoV.exe
  C:\Windows\System\qrVefoV.exe
  2⤵
  PID:4212
- C:\Windows\System\hJSNeBd.exe
  C:\Windows\System\hJSNeBd.exe
  2⤵
  PID:4236
- C:\Windows\System\YxvuqwB.exe
  C:\Windows\System\YxvuqwB.exe
  2⤵
  PID:4260
- C:\Windows\System\JYHCiXt.exe
  C:\Windows\System\JYHCiXt.exe
  2⤵
  PID:4276
- C:\Windows\System\KrGyYFw.exe
  C:\Windows\System\KrGyYFw.exe
  2⤵
  PID:4300
- C:\Windows\System\BdpFLVX.exe
  C:\Windows\System\BdpFLVX.exe
  2⤵
  PID:4320
- C:\Windows\System\noKFojG.exe
  C:\Windows\System\noKFojG.exe
  2⤵
  PID:4340
- C:\Windows\System\KuzbNCZ.exe
  C:\Windows\System\KuzbNCZ.exe
  2⤵
  PID:4356
- C:\Windows\System\HYgMIPQ.exe
  C:\Windows\System\HYgMIPQ.exe
  2⤵
  PID:4380
- C:\Windows\System\AEMohSI.exe
  C:\Windows\System\AEMohSI.exe
  2⤵
  PID:4396
- C:\Windows\System\nCbtnoa.exe
  C:\Windows\System\nCbtnoa.exe
  2⤵
  PID:4420
- C:\Windows\System\jbZrrFg.exe
  C:\Windows\System\jbZrrFg.exe
  2⤵
  PID:4440
- C:\Windows\System\spcaALI.exe
  C:\Windows\System\spcaALI.exe
  2⤵
  PID:4460
- C:\Windows\System\vnvjaDT.exe
  C:\Windows\System\vnvjaDT.exe
  2⤵
  PID:4480
- C:\Windows\System\KrmHRzT.exe
  C:\Windows\System\KrmHRzT.exe
  2⤵
  PID:4500
- C:\Windows\System\ExPuOTE.exe
  C:\Windows\System\ExPuOTE.exe
  2⤵
  PID:4520
- C:\Windows\System\TkkuCUQ.exe
  C:\Windows\System\TkkuCUQ.exe
  2⤵
  PID:4536
- C:\Windows\System\uBrKCmG.exe
  C:\Windows\System\uBrKCmG.exe
  2⤵
  PID:4560
- C:\Windows\System\KiSUFwB.exe
  C:\Windows\System\KiSUFwB.exe
  2⤵
  PID:4580
- C:\Windows\System\NjpKbMu.exe
  C:\Windows\System\NjpKbMu.exe
  2⤵
  PID:4600
- C:\Windows\System\rzAHqDO.exe
  C:\Windows\System\rzAHqDO.exe
  2⤵
  PID:4620
- C:\Windows\System\LFeRpDr.exe
  C:\Windows\System\LFeRpDr.exe
  2⤵
  PID:4640
- C:\Windows\System\RGXpbbC.exe
  C:\Windows\System\RGXpbbC.exe
  2⤵
  PID:4660
- C:\Windows\System\NXJVqnd.exe
  C:\Windows\System\NXJVqnd.exe
  2⤵
  PID:4680
- C:\Windows\System\jlGXHAP.exe
  C:\Windows\System\jlGXHAP.exe
  2⤵
  PID:4696
- C:\Windows\System\twltnEQ.exe
  C:\Windows\System\twltnEQ.exe
  2⤵
  PID:4720
- C:\Windows\System\emLRcWb.exe
  C:\Windows\System\emLRcWb.exe
  2⤵
  PID:4736
- C:\Windows\System\ImWmAAJ.exe
  C:\Windows\System\ImWmAAJ.exe
  2⤵
  PID:4760
- C:\Windows\System\LgABoKT.exe
  C:\Windows\System\LgABoKT.exe
  2⤵
  PID:4780
- C:\Windows\System\ZjfwURu.exe
  C:\Windows\System\ZjfwURu.exe
  2⤵
  PID:4800
- C:\Windows\System\kgvypmZ.exe
  C:\Windows\System\kgvypmZ.exe
  2⤵
  PID:4820
- C:\Windows\System\icYFqrF.exe
  C:\Windows\System\icYFqrF.exe
  2⤵
  PID:4844
- C:\Windows\System\BSLkGPR.exe
  C:\Windows\System\BSLkGPR.exe
  2⤵
  PID:4868
- C:\Windows\System\tzxdeNj.exe
  C:\Windows\System\tzxdeNj.exe
  2⤵
  PID:4888
- C:\Windows\System\oDPrnoE.exe
  C:\Windows\System\oDPrnoE.exe
  2⤵
  PID:4904
- C:\Windows\System\QPUdQcM.exe
  C:\Windows\System\QPUdQcM.exe
  2⤵
  PID:4924
- C:\Windows\System\wWEPvwa.exe
  C:\Windows\System\wWEPvwa.exe
  2⤵
  PID:4948
- C:\Windows\System\VvOKLdU.exe
  C:\Windows\System\VvOKLdU.exe
  2⤵
  PID:4964
- C:\Windows\System\YRuZImf.exe
  C:\Windows\System\YRuZImf.exe
  2⤵
  PID:4984
- C:\Windows\System\zlgWLPk.exe
  C:\Windows\System\zlgWLPk.exe
  2⤵
  PID:5004
- C:\Windows\System\pXzakTS.exe
  C:\Windows\System\pXzakTS.exe
  2⤵
  PID:5028
- C:\Windows\System\ZDNhvFc.exe
  C:\Windows\System\ZDNhvFc.exe
  2⤵
  PID:5048
- C:\Windows\System\BjTSTUj.exe
  C:\Windows\System\BjTSTUj.exe
  2⤵
  PID:5068
- C:\Windows\System\NAKJGhL.exe
  C:\Windows\System\NAKJGhL.exe
  2⤵
  PID:5088
- C:\Windows\System\BKyyWps.exe
  C:\Windows\System\BKyyWps.exe
  2⤵
  PID:5104
- C:\Windows\System\pfxtmel.exe
  C:\Windows\System\pfxtmel.exe
  2⤵
  PID:3492
- C:\Windows\System\RZYXmTV.exe
  C:\Windows\System\RZYXmTV.exe
  2⤵
  PID:3652
- C:\Windows\System\PZxqruO.exe
  C:\Windows\System\PZxqruO.exe
  2⤵
  PID:3752
- C:\Windows\System\xeZXseT.exe
  C:\Windows\System\xeZXseT.exe
  2⤵
  PID:3804
- C:\Windows\System\yelDEel.exe
  C:\Windows\System\yelDEel.exe
  2⤵
  PID:3844
- C:\Windows\System\IESrFAw.exe
  C:\Windows\System\IESrFAw.exe
  2⤵
  PID:4016
- C:\Windows\System\AVCQzRN.exe
  C:\Windows\System\AVCQzRN.exe
  2⤵
  PID:4056
- C:\Windows\System\oLAmOTy.exe
  C:\Windows\System\oLAmOTy.exe
  2⤵
  PID:1588
- C:\Windows\System\ZNKwluP.exe
  C:\Windows\System\ZNKwluP.exe
  2⤵
  PID:1576
- C:\Windows\System\ZBvWQDV.exe
  C:\Windows\System\ZBvWQDV.exe
  2⤵
  PID:2612
- C:\Windows\System\PKoVVXu.exe
  C:\Windows\System\PKoVVXu.exe
  2⤵
  PID:3096
- C:\Windows\System\rgvhlXp.exe
  C:\Windows\System\rgvhlXp.exe
  2⤵
  PID:3332
- C:\Windows\System\oDanJzV.exe
  C:\Windows\System\oDanJzV.exe
  2⤵
  PID:3392
- C:\Windows\System\bbPMYSw.exe
  C:\Windows\System\bbPMYSw.exe
  2⤵
  PID:4140
- C:\Windows\System\wSkTvAJ.exe
  C:\Windows\System\wSkTvAJ.exe
  2⤵
  PID:4180
- C:\Windows\System\EMZaMst.exe
  C:\Windows\System\EMZaMst.exe
  2⤵
  PID:4160
- C:\Windows\System\aEsrGxW.exe
  C:\Windows\System\aEsrGxW.exe
  2⤵
  PID:4224
- C:\Windows\System\KuYBPZy.exe
  C:\Windows\System\KuYBPZy.exe
  2⤵
  PID:4272
- C:\Windows\System\KQXLITE.exe
  C:\Windows\System\KQXLITE.exe
  2⤵
  PID:4288
- C:\Windows\System\cLPNRFL.exe
  C:\Windows\System\cLPNRFL.exe
  2⤵
  PID:4312
- C:\Windows\System\GVPjzdp.exe
  C:\Windows\System\GVPjzdp.exe
  2⤵
  PID:4364
- C:\Windows\System\KkRfwTk.exe
  C:\Windows\System\KkRfwTk.exe
  2⤵
  PID:4388
- C:\Windows\System\hsECftG.exe
  C:\Windows\System\hsECftG.exe
  2⤵
  PID:4432
- C:\Windows\System\KYDuxmc.exe
  C:\Windows\System\KYDuxmc.exe
  2⤵
  PID:4456
- C:\Windows\System\PkdZxtj.exe
  C:\Windows\System\PkdZxtj.exe
  2⤵
  PID:4516
- C:\Windows\System\SxFrBLd.exe
  C:\Windows\System\SxFrBLd.exe
  2⤵
  PID:4532
- C:\Windows\System\XSkhiOa.exe
  C:\Windows\System\XSkhiOa.exe
  2⤵
  PID:4588
- C:\Windows\System\LOmkFje.exe
  C:\Windows\System\LOmkFje.exe
  2⤵
  PID:4592
- C:\Windows\System\gGJlKli.exe
  C:\Windows\System\gGJlKli.exe
  2⤵
  PID:4632
- C:\Windows\System\cqwyeUL.exe
  C:\Windows\System\cqwyeUL.exe
  2⤵
  PID:4676
- C:\Windows\System\pjVYGQb.exe
  C:\Windows\System\pjVYGQb.exe
  2⤵
  PID:4692
- C:\Windows\System\OuelUEV.exe
  C:\Windows\System\OuelUEV.exe
  2⤵
  PID:4744
- C:\Windows\System\GnuPqxN.exe
  C:\Windows\System\GnuPqxN.exe
  2⤵
  PID:4788
- C:\Windows\System\lVrLylv.exe
  C:\Windows\System\lVrLylv.exe
  2⤵
  PID:4840
- C:\Windows\System\CERCpGd.exe
  C:\Windows\System\CERCpGd.exe
  2⤵
  PID:4852
- C:\Windows\System\lYjhqtu.exe
  C:\Windows\System\lYjhqtu.exe
  2⤵
  PID:4884
- C:\Windows\System\ydzUnjL.exe
  C:\Windows\System\ydzUnjL.exe
  2⤵
  PID:4900
- C:\Windows\System\JUBmXCE.exe
  C:\Windows\System\JUBmXCE.exe
  2⤵
  PID:4836
- C:\Windows\System\QEYbRcT.exe
  C:\Windows\System\QEYbRcT.exe
  2⤵
  PID:5000
- C:\Windows\System\xITZTlm.exe
  C:\Windows\System\xITZTlm.exe
  2⤵
  PID:4972
- C:\Windows\System\RLnIZbm.exe
  C:\Windows\System\RLnIZbm.exe
  2⤵
  PID:5024
- C:\Windows\System\NNYWYxk.exe
  C:\Windows\System\NNYWYxk.exe
  2⤵
  PID:5060
- C:\Windows\System\CllbIQA.exe
  C:\Windows\System\CllbIQA.exe
  2⤵
  PID:5096
- C:\Windows\System\gUGvbpU.exe
  C:\Windows\System\gUGvbpU.exe
  2⤵
  PID:3608
- C:\Windows\System\EghTmVY.exe
  C:\Windows\System\EghTmVY.exe
  2⤵
  PID:3768
- C:\Windows\System\vILGoTS.exe
  C:\Windows\System\vILGoTS.exe
  2⤵
  PID:4052
- C:\Windows\System\jrHIQZA.exe
  C:\Windows\System\jrHIQZA.exe
  2⤵
  PID:3944
- C:\Windows\System\YpVQacZ.exe
  C:\Windows\System\YpVQacZ.exe
  2⤵
  PID:3004
- C:\Windows\System\tYDYswv.exe
  C:\Windows\System\tYDYswv.exe
  2⤵
  PID:2644
- C:\Windows\System\DHQBeQU.exe
  C:\Windows\System\DHQBeQU.exe
  2⤵
  PID:3256
- C:\Windows\System\OSTrdWX.exe
  C:\Windows\System\OSTrdWX.exe
  2⤵
  PID:4128
- C:\Windows\System\KDcIDGf.exe
  C:\Windows\System\KDcIDGf.exe
  2⤵
  PID:4144
- C:\Windows\System\pmadXBL.exe
  C:\Windows\System\pmadXBL.exe
  2⤵
  PID:4220
- C:\Windows\System\tRZVRvE.exe
  C:\Windows\System\tRZVRvE.exe
  2⤵
  PID:4268
- C:\Windows\System\mQHJEZV.exe
  C:\Windows\System\mQHJEZV.exe
  2⤵
  PID:4296
- C:\Windows\System\NIbSHXs.exe
  C:\Windows\System\NIbSHXs.exe
  2⤵
  PID:4408
- C:\Windows\System\ZLwPAIP.exe
  C:\Windows\System\ZLwPAIP.exe
  2⤵
  PID:4372
- C:\Windows\System\fLOJSPw.exe
  C:\Windows\System\fLOJSPw.exe
  2⤵
  PID:4568
- C:\Windows\System\HRYxkEP.exe
  C:\Windows\System\HRYxkEP.exe
  2⤵
  PID:4544
- C:\Windows\System\hRulODJ.exe
  C:\Windows\System\hRulODJ.exe
  2⤵
  PID:4628
- C:\Windows\System\xmjZSed.exe
  C:\Windows\System\xmjZSed.exe
  2⤵
  PID:4756
- C:\Windows\System\bEZqfaz.exe
  C:\Windows\System\bEZqfaz.exe
  2⤵
  PID:4728
- C:\Windows\System\nEbMfRT.exe
  C:\Windows\System\nEbMfRT.exe
  2⤵
  PID:4896
- C:\Windows\System\GhIynud.exe
  C:\Windows\System\GhIynud.exe
  2⤵
  PID:4920
- C:\Windows\System\obkDzUY.exe
  C:\Windows\System\obkDzUY.exe
  2⤵
  PID:4828
- C:\Windows\System\iCQXODR.exe
  C:\Windows\System\iCQXODR.exe
  2⤵
  PID:5076
- C:\Windows\System\rZIKdDu.exe
  C:\Windows\System\rZIKdDu.exe
  2⤵
  PID:4976
- C:\Windows\System\qjuCgKE.exe
  C:\Windows\System\qjuCgKE.exe
  2⤵
  PID:5080
- C:\Windows\System\YlMCBKL.exe
  C:\Windows\System\YlMCBKL.exe
  2⤵
  PID:3732
- C:\Windows\System\CFEyHmb.exe
  C:\Windows\System\CFEyHmb.exe
  2⤵
  PID:3008
- C:\Windows\System\dIANTlh.exe
  C:\Windows\System\dIANTlh.exe
  2⤵
  PID:3908
- C:\Windows\System\HdxoeLI.exe
  C:\Windows\System\HdxoeLI.exe
  2⤵
  PID:4076
- C:\Windows\System\iRtYYRF.exe
  C:\Windows\System\iRtYYRF.exe
  2⤵
  PID:1552
- C:\Windows\System\RsgatmG.exe
  C:\Windows\System\RsgatmG.exe
  2⤵
  PID:4156
- C:\Windows\System\aGQcAVl.exe
  C:\Windows\System\aGQcAVl.exe
  2⤵
  PID:4332
- C:\Windows\System\EqrHCxY.exe
  C:\Windows\System\EqrHCxY.exe
  2⤵
  PID:4316
- C:\Windows\System\IngQuWE.exe
  C:\Windows\System\IngQuWE.exe
  2⤵
  PID:4488
- C:\Windows\System\Rhxkati.exe
  C:\Windows\System\Rhxkati.exe
  2⤵
  PID:4548
- C:\Windows\System\HjSrbJl.exe
  C:\Windows\System\HjSrbJl.exe
  2⤵
  PID:4716
- C:\Windows\System\jjSSVCU.exe
  C:\Windows\System\jjSSVCU.exe
  2⤵
  PID:5136
- C:\Windows\System\CZxyWlV.exe
  C:\Windows\System\CZxyWlV.exe
  2⤵
  PID:5156
- C:\Windows\System\zyzAKKk.exe
  C:\Windows\System\zyzAKKk.exe
  2⤵
  PID:5176
- C:\Windows\System\ujMpZkV.exe
  C:\Windows\System\ujMpZkV.exe
  2⤵
  PID:5196
- C:\Windows\System\iunZlzt.exe
  C:\Windows\System\iunZlzt.exe
  2⤵
  PID:5216
- C:\Windows\System\VmvIjZK.exe
  C:\Windows\System\VmvIjZK.exe
  2⤵
  PID:5236
- C:\Windows\System\CRKKHuE.exe
  C:\Windows\System\CRKKHuE.exe
  2⤵
  PID:5260
- C:\Windows\System\efKeCtR.exe
  C:\Windows\System\efKeCtR.exe
  2⤵
  PID:5280
- C:\Windows\System\ZzPwTnA.exe
  C:\Windows\System\ZzPwTnA.exe
  2⤵
  PID:5300
- C:\Windows\System\eKjKVPW.exe
  C:\Windows\System\eKjKVPW.exe
  2⤵
  PID:5320
- C:\Windows\System\lvNQoNX.exe
  C:\Windows\System\lvNQoNX.exe
  2⤵
  PID:5340
- C:\Windows\System\XdZusDl.exe
  C:\Windows\System\XdZusDl.exe
  2⤵
  PID:5360
- C:\Windows\System\EwewxMf.exe
  C:\Windows\System\EwewxMf.exe
  2⤵
  PID:5380
- C:\Windows\System\eqoVnwB.exe
  C:\Windows\System\eqoVnwB.exe
  2⤵
  PID:5400
- C:\Windows\System\zordcba.exe
  C:\Windows\System\zordcba.exe
  2⤵
  PID:5420
- C:\Windows\System\zaaekox.exe
  C:\Windows\System\zaaekox.exe
  2⤵
  PID:5440
- C:\Windows\System\vsgONFq.exe
  C:\Windows\System\vsgONFq.exe
  2⤵
  PID:5460
- C:\Windows\System\dDDfEsa.exe
  C:\Windows\System\dDDfEsa.exe
  2⤵
  PID:5480
- C:\Windows\System\IDdrSYP.exe
  C:\Windows\System\IDdrSYP.exe
  2⤵
  PID:5500
- C:\Windows\System\SZOBBVw.exe
  C:\Windows\System\SZOBBVw.exe
  2⤵
  PID:5520
- C:\Windows\System\cfTstQS.exe
  C:\Windows\System\cfTstQS.exe
  2⤵
  PID:5540
- C:\Windows\System\TPqBBHR.exe
  C:\Windows\System\TPqBBHR.exe
  2⤵
  PID:5560
- C:\Windows\System\uUvzlcb.exe
  C:\Windows\System\uUvzlcb.exe
  2⤵
  PID:5580
- C:\Windows\System\WCsUdvc.exe
  C:\Windows\System\WCsUdvc.exe
  2⤵
  PID:5600
- C:\Windows\System\VyhmBir.exe
  C:\Windows\System\VyhmBir.exe
  2⤵
  PID:5620
- C:\Windows\System\gdAdjBI.exe
  C:\Windows\System\gdAdjBI.exe
  2⤵
  PID:5640
- C:\Windows\System\trxQKEe.exe
  C:\Windows\System\trxQKEe.exe
  2⤵
  PID:5664
- C:\Windows\System\QLsnzpY.exe
  C:\Windows\System\QLsnzpY.exe
  2⤵
  PID:5684
- C:\Windows\System\dvDoKTV.exe
  C:\Windows\System\dvDoKTV.exe
  2⤵
  PID:5704
- C:\Windows\System\htAXBKi.exe
  C:\Windows\System\htAXBKi.exe
  2⤵
  PID:5724
- C:\Windows\System\FbmShVO.exe
  C:\Windows\System\FbmShVO.exe
  2⤵
  PID:5744
- C:\Windows\System\ejGiJKq.exe
  C:\Windows\System\ejGiJKq.exe
  2⤵
  PID:5764
- C:\Windows\System\mImdvWM.exe
  C:\Windows\System\mImdvWM.exe
  2⤵
  PID:5784
- C:\Windows\System\FAdxdhY.exe
  C:\Windows\System\FAdxdhY.exe
  2⤵
  PID:5804
- C:\Windows\System\udWQEUC.exe
  C:\Windows\System\udWQEUC.exe
  2⤵
  PID:5824
- C:\Windows\System\fGeBhZK.exe
  C:\Windows\System\fGeBhZK.exe
  2⤵
  PID:5844
- C:\Windows\System\eQataXA.exe
  C:\Windows\System\eQataXA.exe
  2⤵
  PID:5864
- C:\Windows\System\jCOTAwp.exe
  C:\Windows\System\jCOTAwp.exe
  2⤵
  PID:5884
- C:\Windows\System\dlpKkho.exe
  C:\Windows\System\dlpKkho.exe
  2⤵
  PID:5904
- C:\Windows\System\lFfVKIY.exe
  C:\Windows\System\lFfVKIY.exe
  2⤵
  PID:5924
- C:\Windows\System\BMEPmaU.exe
  C:\Windows\System\BMEPmaU.exe
  2⤵
  PID:5944
- C:\Windows\System\GjYkrQC.exe
  C:\Windows\System\GjYkrQC.exe
  2⤵
  PID:5964
- C:\Windows\System\isiVCyD.exe
  C:\Windows\System\isiVCyD.exe
  2⤵
  PID:5984
- C:\Windows\System\qCAPKQu.exe
  C:\Windows\System\qCAPKQu.exe
  2⤵
  PID:6004
- C:\Windows\System\OOWbylL.exe
  C:\Windows\System\OOWbylL.exe
  2⤵
  PID:6024
- C:\Windows\System\sHAQZiz.exe
  C:\Windows\System\sHAQZiz.exe
  2⤵
  PID:6044
- C:\Windows\System\HeSRwTE.exe
  C:\Windows\System\HeSRwTE.exe
  2⤵
  PID:6064
- C:\Windows\System\lvQZlGb.exe
  C:\Windows\System\lvQZlGb.exe
  2⤵
  PID:6084
- C:\Windows\System\puGNTbo.exe
  C:\Windows\System\puGNTbo.exe
  2⤵
  PID:6104
- C:\Windows\System\rGlaiFb.exe
  C:\Windows\System\rGlaiFb.exe
  2⤵
  PID:6124
- C:\Windows\System\DuQfFpA.exe
  C:\Windows\System\DuQfFpA.exe
  2⤵
  PID:4712
- C:\Windows\System\QOzEqoz.exe
  C:\Windows\System\QOzEqoz.exe
  2⤵
  PID:4992
- C:\Windows\System\CLMChbo.exe
  C:\Windows\System\CLMChbo.exe
  2⤵
  PID:4656
- C:\Windows\System\RFHYfCW.exe
  C:\Windows\System\RFHYfCW.exe
  2⤵
  PID:5036
- C:\Windows\System\WjBZEbb.exe
  C:\Windows\System\WjBZEbb.exe
  2⤵
  PID:4636
- C:\Windows\System\RTufWKx.exe
  C:\Windows\System\RTufWKx.exe
  2⤵
  PID:3524
- C:\Windows\System\kwgslyw.exe
  C:\Windows\System\kwgslyw.exe
  2⤵
  PID:3972
- C:\Windows\System\jBthKqe.exe
  C:\Windows\System\jBthKqe.exe
  2⤵
  PID:4648
- C:\Windows\System\tKiipOl.exe
  C:\Windows\System\tKiipOl.exe
  2⤵
  PID:4108
- C:\Windows\System\XgKBjaa.exe
  C:\Windows\System\XgKBjaa.exe
  2⤵
  PID:4428
- C:\Windows\System\JxUyyMu.exe
  C:\Windows\System\JxUyyMu.exe
  2⤵
  PID:4248
- C:\Windows\System\TJoLDYU.exe
  C:\Windows\System\TJoLDYU.exe
  2⤵
  PID:4512
- C:\Windows\System\clmkcdF.exe
  C:\Windows\System\clmkcdF.exe
  2⤵
  PID:5152
- C:\Windows\System\ObZYlsV.exe
  C:\Windows\System\ObZYlsV.exe
  2⤵
  PID:5184
- C:\Windows\System\JdKYbgD.exe
  C:\Windows\System\JdKYbgD.exe
  2⤵
  PID:5212
- C:\Windows\System\yxTJlPY.exe
  C:\Windows\System\yxTJlPY.exe
  2⤵
  PID:5208
- C:\Windows\System\kqgHbMa.exe
  C:\Windows\System\kqgHbMa.exe
  2⤵
  PID:5276
- C:\Windows\System\hYtuPVu.exe
  C:\Windows\System\hYtuPVu.exe
  2⤵
  PID:5292
- C:\Windows\System\RcDqYLJ.exe
  C:\Windows\System\RcDqYLJ.exe
  2⤵
  PID:5348
- C:\Windows\System\yhCIQEw.exe
  C:\Windows\System\yhCIQEw.exe
  2⤵
  PID:5376
- C:\Windows\System\VQSshER.exe
  C:\Windows\System\VQSshER.exe
  2⤵
  PID:5408
- C:\Windows\System\neErMaY.exe
  C:\Windows\System\neErMaY.exe
  2⤵
  PID:5432
- C:\Windows\System\WLeRpMW.exe
  C:\Windows\System\WLeRpMW.exe
  2⤵
  PID:5452
- C:\Windows\System\JXRMrWA.exe
  C:\Windows\System\JXRMrWA.exe
  2⤵
  PID:5496
- C:\Windows\System\MQmTYpY.exe
  C:\Windows\System\MQmTYpY.exe
  2⤵
  PID:5528
- C:\Windows\System\hFYVaXV.exe
  C:\Windows\System\hFYVaXV.exe
  2⤵
  PID:5568
- C:\Windows\System\UhqSSHS.exe
  C:\Windows\System\UhqSSHS.exe
  2⤵
  PID:5592
- C:\Windows\System\qguHUCy.exe
  C:\Windows\System\qguHUCy.exe
  2⤵
  PID:5632
- C:\Windows\System\cXSjOWp.exe
  C:\Windows\System\cXSjOWp.exe
  2⤵
  PID:5652
- C:\Windows\System\htlQQOS.exe
  C:\Windows\System\htlQQOS.exe
  2⤵
  PID:5720
- C:\Windows\System\xsBeOBl.exe
  C:\Windows\System\xsBeOBl.exe
  2⤵
  PID:5752
- C:\Windows\System\xmQkghG.exe
  C:\Windows\System\xmQkghG.exe
  2⤵
  PID:5792
- C:\Windows\System\zBEAcsx.exe
  C:\Windows\System\zBEAcsx.exe
  2⤵
  PID:5820
- C:\Windows\System\oUaOtMg.exe
  C:\Windows\System\oUaOtMg.exe
  2⤵
  PID:5836
- C:\Windows\System\KlfgNwZ.exe
  C:\Windows\System\KlfgNwZ.exe
  2⤵
  PID:5880
- C:\Windows\System\CGksXrN.exe
  C:\Windows\System\CGksXrN.exe
  2⤵
  PID:5912
- C:\Windows\System\xtQbapM.exe
  C:\Windows\System\xtQbapM.exe
  2⤵
  PID:5940
- C:\Windows\System\BKJmXPH.exe
  C:\Windows\System\BKJmXPH.exe
  2⤵
  PID:5992
- C:\Windows\System\nCuGzHS.exe
  C:\Windows\System\nCuGzHS.exe
  2⤵
  PID:6012
- C:\Windows\System\uaDOAQs.exe
  C:\Windows\System\uaDOAQs.exe
  2⤵
  PID:6036
- C:\Windows\System\thMfKdb.exe
  C:\Windows\System\thMfKdb.exe
  2⤵
  PID:6080
- C:\Windows\System\soGaaGp.exe
  C:\Windows\System\soGaaGp.exe
  2⤵
  PID:6112
- C:\Windows\System\HNERuYQ.exe
  C:\Windows\System\HNERuYQ.exe
  2⤵
  PID:6136
- C:\Windows\System\tESuYSx.exe
  C:\Windows\System\tESuYSx.exe
  2⤵
  PID:4936
- C:\Windows\System\uPVBBCQ.exe
  C:\Windows\System\uPVBBCQ.exe
  2⤵
  PID:5044
- C:\Windows\System\hfZoAqj.exe
  C:\Windows\System\hfZoAqj.exe
  2⤵
  PID:3688
- C:\Windows\System\PkBMFgY.exe
  C:\Windows\System\PkBMFgY.exe
  2⤵
  PID:3808
- C:\Windows\System\tRTCNEI.exe
  C:\Windows\System\tRTCNEI.exe
  2⤵
  PID:3312
- C:\Windows\System\RWCcgln.exe
  C:\Windows\System\RWCcgln.exe
  2⤵
  PID:4688
- C:\Windows\System\TsQhoIa.exe
  C:\Windows\System\TsQhoIa.exe
  2⤵
  PID:5144
- C:\Windows\System\zkVSzmA.exe
  C:\Windows\System\zkVSzmA.exe
  2⤵
  PID:5168
- C:\Windows\System\PvpwMPA.exe
  C:\Windows\System\PvpwMPA.exe
  2⤵
  PID:5232
- C:\Windows\System\ivZVHTq.exe
  C:\Windows\System\ivZVHTq.exe
  2⤵
  PID:5308
- C:\Windows\System\YqxmHAO.exe
  C:\Windows\System\YqxmHAO.exe
  2⤵
  PID:5328
- C:\Windows\System\nZxUeVw.exe
  C:\Windows\System\nZxUeVw.exe
  2⤵
  PID:5396
- C:\Windows\System\SDWWICX.exe
  C:\Windows\System\SDWWICX.exe
  2⤵
  PID:5472
- C:\Windows\System\BBMmgne.exe
  C:\Windows\System\BBMmgne.exe
  2⤵
  PID:5516
- C:\Windows\System\vlTTcbL.exe
  C:\Windows\System\vlTTcbL.exe
  2⤵
  PID:5556
- C:\Windows\System\eTTfENJ.exe
  C:\Windows\System\eTTfENJ.exe
  2⤵
  PID:5636
- C:\Windows\System\hZAOMbu.exe
  C:\Windows\System\hZAOMbu.exe
  2⤵
  PID:5672
- C:\Windows\System\tqTeYYN.exe
  C:\Windows\System\tqTeYYN.exe
  2⤵
  PID:5736
- C:\Windows\System\DmXtOFi.exe
  C:\Windows\System\DmXtOFi.exe
  2⤵
  PID:6152
- C:\Windows\System\KJSGsEf.exe
  C:\Windows\System\KJSGsEf.exe
  2⤵
  PID:6172
- C:\Windows\System\jOHmUqA.exe
  C:\Windows\System\jOHmUqA.exe
  2⤵
  PID:6192
- C:\Windows\System\QxqtyFy.exe
  C:\Windows\System\QxqtyFy.exe
  2⤵
  PID:6212
- C:\Windows\System\TmQoIUK.exe
  C:\Windows\System\TmQoIUK.exe
  2⤵
  PID:6232
- C:\Windows\System\HwUiVTH.exe
  C:\Windows\System\HwUiVTH.exe
  2⤵
  PID:6252
- C:\Windows\System\XvJlZWm.exe
  C:\Windows\System\XvJlZWm.exe
  2⤵
  PID:6272
- C:\Windows\System\MXaZaFk.exe
  C:\Windows\System\MXaZaFk.exe
  2⤵
  PID:6292
- C:\Windows\System\SKaVnpB.exe
  C:\Windows\System\SKaVnpB.exe
  2⤵
  PID:6312
- C:\Windows\System\IgLntEZ.exe
  C:\Windows\System\IgLntEZ.exe
  2⤵
  PID:6332
- C:\Windows\System\XVTWmYW.exe
  C:\Windows\System\XVTWmYW.exe
  2⤵
  PID:6352
- C:\Windows\System\ZoOTGgk.exe
  C:\Windows\System\ZoOTGgk.exe
  2⤵
  PID:6372
- C:\Windows\System\TbYVSyY.exe
  C:\Windows\System\TbYVSyY.exe
  2⤵
  PID:6392
- C:\Windows\System\XbPpkNj.exe
  C:\Windows\System\XbPpkNj.exe
  2⤵
  PID:6416
- C:\Windows\System\XBYVAWx.exe
  C:\Windows\System\XBYVAWx.exe
  2⤵
  PID:6436
- C:\Windows\System\Oqvarzh.exe
  C:\Windows\System\Oqvarzh.exe
  2⤵
  PID:6456
- C:\Windows\System\ZXStKEA.exe
  C:\Windows\System\ZXStKEA.exe
  2⤵
  PID:6476
- C:\Windows\System\lMVZRZQ.exe
  C:\Windows\System\lMVZRZQ.exe
  2⤵
  PID:6500
- C:\Windows\System\rOaMWOh.exe
  C:\Windows\System\rOaMWOh.exe
  2⤵
  PID:6520
- C:\Windows\System\FFGAXsu.exe
  C:\Windows\System\FFGAXsu.exe
  2⤵
  PID:6540
- C:\Windows\System\qHwtFVZ.exe
  C:\Windows\System\qHwtFVZ.exe
  2⤵
  PID:6560
- C:\Windows\System\QvNnIol.exe
  C:\Windows\System\QvNnIol.exe
  2⤵
  PID:6580
- C:\Windows\System\VxxGxPv.exe
  C:\Windows\System\VxxGxPv.exe
  2⤵
  PID:6600
- C:\Windows\System\yFKlkas.exe
  C:\Windows\System\yFKlkas.exe
  2⤵
  PID:6620
- C:\Windows\System\ckNsryW.exe
  C:\Windows\System\ckNsryW.exe
  2⤵
  PID:6640
- C:\Windows\System\UJRYPVp.exe
  C:\Windows\System\UJRYPVp.exe
  2⤵
  PID:6660
- C:\Windows\System\vxNybaR.exe
  C:\Windows\System\vxNybaR.exe
  2⤵
  PID:6680
- C:\Windows\System\jlhWQGJ.exe
  C:\Windows\System\jlhWQGJ.exe
  2⤵
  PID:6700
- C:\Windows\System\RuXfsyq.exe
  C:\Windows\System\RuXfsyq.exe
  2⤵
  PID:6720
- C:\Windows\System\YasfNfN.exe
  C:\Windows\System\YasfNfN.exe
  2⤵
  PID:6740
- C:\Windows\System\ALwEZgL.exe
  C:\Windows\System\ALwEZgL.exe
  2⤵
  PID:6760
- C:\Windows\System\fgAsNFx.exe
  C:\Windows\System\fgAsNFx.exe
  2⤵
  PID:6780
- C:\Windows\System\LcEwKiL.exe
  C:\Windows\System\LcEwKiL.exe
  2⤵
  PID:6800
- C:\Windows\System\hZNdqmp.exe
  C:\Windows\System\hZNdqmp.exe
  2⤵
  PID:6820
- C:\Windows\System\YdnCSQV.exe
  C:\Windows\System\YdnCSQV.exe
  2⤵
  PID:6844
- C:\Windows\System\eaBtATa.exe
  C:\Windows\System\eaBtATa.exe
  2⤵
  PID:6864
- C:\Windows\System\NMBawul.exe
  C:\Windows\System\NMBawul.exe
  2⤵
  PID:6884
- C:\Windows\System\ZPpQkSg.exe
  C:\Windows\System\ZPpQkSg.exe
  2⤵
  PID:6904
- C:\Windows\System\UnxmNTx.exe
  C:\Windows\System\UnxmNTx.exe
  2⤵
  PID:6924
- C:\Windows\System\mIoVIGG.exe
  C:\Windows\System\mIoVIGG.exe
  2⤵
  PID:6944
- C:\Windows\System\krEgzkW.exe
  C:\Windows\System\krEgzkW.exe
  2⤵
  PID:6964
- C:\Windows\System\zzyoBTF.exe
  C:\Windows\System\zzyoBTF.exe
  2⤵
  PID:6984
- C:\Windows\System\BQLbzio.exe
  C:\Windows\System\BQLbzio.exe
  2⤵
  PID:7004
- C:\Windows\System\ZHQmRIr.exe
  C:\Windows\System\ZHQmRIr.exe
  2⤵
  PID:7024
- C:\Windows\System\rmQvRSz.exe
  C:\Windows\System\rmQvRSz.exe
  2⤵
  PID:7044
- C:\Windows\System\IbjbJdX.exe
  C:\Windows\System\IbjbJdX.exe
  2⤵
  PID:7072
- C:\Windows\System\KdvzDmZ.exe
  C:\Windows\System\KdvzDmZ.exe
  2⤵
  PID:7092
- C:\Windows\System\ctveCWT.exe
  C:\Windows\System\ctveCWT.exe
  2⤵
  PID:7112
- C:\Windows\System\VbWcirT.exe
  C:\Windows\System\VbWcirT.exe
  2⤵
  PID:7132
- C:\Windows\System\CKgCHRq.exe
  C:\Windows\System\CKgCHRq.exe
  2⤵
  PID:7152
- C:\Windows\System\mMrsPUn.exe
  C:\Windows\System\mMrsPUn.exe
  2⤵
  PID:5812
- C:\Windows\System\EgCZDoH.exe
  C:\Windows\System\EgCZDoH.exe
  2⤵
  PID:5872
- C:\Windows\System\ZQJXQuH.exe
  C:\Windows\System\ZQJXQuH.exe
  2⤵
  PID:5960
- C:\Windows\System\QMxfKyE.exe
  C:\Windows\System\QMxfKyE.exe
  2⤵
  PID:5996
- C:\Windows\System\VWzvJaj.exe
  C:\Windows\System\VWzvJaj.exe
  2⤵
  PID:6060
- C:\Windows\System\uKwPexC.exe
  C:\Windows\System\uKwPexC.exe
  2⤵
  PID:6100
- C:\Windows\System\PWnMxKc.exe
  C:\Windows\System\PWnMxKc.exe
  2⤵
  PID:4944
- C:\Windows\System\bEZSafa.exe
  C:\Windows\System\bEZSafa.exe
  2⤵
  PID:5112
- C:\Windows\System\bGgxIac.exe
  C:\Windows\System\bGgxIac.exe
  2⤵
  PID:1808
- C:\Windows\System\sKPnkpQ.exe
  C:\Windows\System\sKPnkpQ.exe
  2⤵
  PID:4556
- C:\Windows\System\GpFbqXA.exe
  C:\Windows\System\GpFbqXA.exe
  2⤵
  PID:5192
- C:\Windows\System\XMtjtqt.exe
  C:\Windows\System\XMtjtqt.exe
  2⤵
  PID:5332
- C:\Windows\System\opbifCu.exe
  C:\Windows\System\opbifCu.exe
  2⤵
  PID:5436
- C:\Windows\System\tkWWRhE.exe
  C:\Windows\System\tkWWRhE.exe
  2⤵
  PID:5456
- C:\Windows\System\RQLHNBU.exe
  C:\Windows\System\RQLHNBU.exe
  2⤵
  PID:5552
- C:\Windows\System\iJGGdDs.exe
  C:\Windows\System\iJGGdDs.exe
  2⤵
  PID:5616
- C:\Windows\System\moOiPOd.exe
  C:\Windows\System\moOiPOd.exe
  2⤵
  PID:5716
- C:\Windows\System\lgdSJaD.exe
  C:\Windows\System\lgdSJaD.exe
  2⤵
  PID:6160
- C:\Windows\System\RGVkGQZ.exe
  C:\Windows\System\RGVkGQZ.exe
  2⤵
  PID:6220
- C:\Windows\System\sUcXXrd.exe
  C:\Windows\System\sUcXXrd.exe
  2⤵
  PID:6224
- C:\Windows\System\krpIHWv.exe
  C:\Windows\System\krpIHWv.exe
  2⤵
  PID:6264
- C:\Windows\System\QFVRwJm.exe
  C:\Windows\System\QFVRwJm.exe
  2⤵
  PID:6308
- C:\Windows\System\LYnEutj.exe
  C:\Windows\System\LYnEutj.exe
  2⤵
  PID:6340
- C:\Windows\System\JnEYmKr.exe
  C:\Windows\System\JnEYmKr.exe
  2⤵
  PID:6364
- C:\Windows\System\QkZggYy.exe
  C:\Windows\System\QkZggYy.exe
  2⤵
  PID:6412
- C:\Windows\System\yxylaEZ.exe
  C:\Windows\System\yxylaEZ.exe
  2⤵
  PID:6464
- C:\Windows\System\YAJgpCP.exe
  C:\Windows\System\YAJgpCP.exe
  2⤵
  PID:6508
- C:\Windows\System\wZeavsc.exe
  C:\Windows\System\wZeavsc.exe
  2⤵
  PID:6512
- C:\Windows\System\eDLKdko.exe
  C:\Windows\System\eDLKdko.exe
  2⤵
  PID:6556
- C:\Windows\System\mhCOWCS.exe
  C:\Windows\System\mhCOWCS.exe
  2⤵
  PID:6596
- C:\Windows\System\kazWUCO.exe
  C:\Windows\System\kazWUCO.exe
  2⤵
  PID:6616
- C:\Windows\System\PlnBDCG.exe
  C:\Windows\System\PlnBDCG.exe
  2⤵
  PID:6632
- C:\Windows\System\jZnFdru.exe
  C:\Windows\System\jZnFdru.exe
  2⤵
  PID:6496
- C:\Windows\System\SVmVZWu.exe
  C:\Windows\System\SVmVZWu.exe
  2⤵
  PID:6708
- C:\Windows\System\RPHjXdE.exe
  C:\Windows\System\RPHjXdE.exe
  2⤵
  PID:6736
- C:\Windows\System\XNIZacs.exe
  C:\Windows\System\XNIZacs.exe
  2⤵
  PID:6768
- C:\Windows\System\OzCDqpw.exe
  C:\Windows\System\OzCDqpw.exe
  2⤵
  PID:6792
- C:\Windows\System\kjQEPgD.exe
  C:\Windows\System\kjQEPgD.exe
  2⤵
  PID:6836
- C:\Windows\System\dvyOpDP.exe
  C:\Windows\System\dvyOpDP.exe
  2⤵
  PID:6860
- C:\Windows\System\ZRGiZFu.exe
  C:\Windows\System\ZRGiZFu.exe
  2⤵
  PID:6892
- C:\Windows\System\mWWWtZF.exe
  C:\Windows\System\mWWWtZF.exe
  2⤵
  PID:6960
- C:\Windows\System\LRwGZGc.exe
  C:\Windows\System\LRwGZGc.exe
  2⤵
  PID:7000
- C:\Windows\System\riETexE.exe
  C:\Windows\System\riETexE.exe
  2⤵
  PID:6996
- C:\Windows\System\dqneTdA.exe
  C:\Windows\System\dqneTdA.exe
  2⤵
  PID:7040
- C:\Windows\System\kMhTKyW.exe
  C:\Windows\System\kMhTKyW.exe
  2⤵
  PID:7100
- C:\Windows\System\kqhvcXT.exe
  C:\Windows\System\kqhvcXT.exe
  2⤵
  PID:7088
- C:\Windows\System\hGtXiHj.exe
  C:\Windows\System\hGtXiHj.exe
  2⤵
  PID:7120
- C:\Windows\System\wlcaPla.exe
  C:\Windows\System\wlcaPla.exe
  2⤵
  PID:7160
- C:\Windows\System\YYKlakQ.exe
  C:\Windows\System\YYKlakQ.exe
  2⤵
  PID:5972
- C:\Windows\System\BXGrmHv.exe
  C:\Windows\System\BXGrmHv.exe
  2⤵
  PID:6056
- C:\Windows\System\vufFUsb.exe
  C:\Windows\System\vufFUsb.exe
  2⤵
  PID:6040
- C:\Windows\System\wdRaxGS.exe
  C:\Windows\System\wdRaxGS.exe
  2⤵
  PID:6132
- C:\Windows\System\MxdHrWr.exe
  C:\Windows\System\MxdHrWr.exe
  2⤵
  PID:5428
- C:\Windows\System\GATmmep.exe
  C:\Windows\System\GATmmep.exe
  2⤵
  PID:4572
- C:\Windows\System\cLfoFws.exe
  C:\Windows\System\cLfoFws.exe
  2⤵
  PID:5596
- C:\Windows\System\auZlvLe.exe
  C:\Windows\System\auZlvLe.exe
  2⤵
  PID:5508
- C:\Windows\System\oIwxkwP.exe
  C:\Windows\System\oIwxkwP.exe
  2⤵
  PID:6204
- C:\Windows\System\KgUeqBW.exe
  C:\Windows\System\KgUeqBW.exe
  2⤵
  PID:6344
- C:\Windows\System\LSorUCn.exe
  C:\Windows\System\LSorUCn.exe
  2⤵
  PID:6444
- C:\Windows\System\qYPVaJp.exe
  C:\Windows\System\qYPVaJp.exe
  2⤵
  PID:5740
- C:\Windows\System\mTIjGNO.exe
  C:\Windows\System\mTIjGNO.exe
  2⤵
  PID:6184
- C:\Windows\System\ddwKayL.exe
  C:\Windows\System\ddwKayL.exe
  2⤵
  PID:6320
- C:\Windows\System\YagcBZb.exe
  C:\Windows\System\YagcBZb.exe
  2⤵
  PID:6568
- C:\Windows\System\LtWDppE.exe
  C:\Windows\System\LtWDppE.exe
  2⤵
  PID:6696
- C:\Windows\System\XYkSHup.exe
  C:\Windows\System\XYkSHup.exe
  2⤵
  PID:6448
- C:\Windows\System\fgAqocX.exe
  C:\Windows\System\fgAqocX.exe
  2⤵
  PID:6536
- C:\Windows\System\tNNUAHN.exe
  C:\Windows\System\tNNUAHN.exe
  2⤵
  PID:2760
- C:\Windows\System\JIWyMEi.exe
  C:\Windows\System\JIWyMEi.exe
  2⤵
  PID:6608
- C:\Windows\System\dXANnkM.exe
  C:\Windows\System\dXANnkM.exe
  2⤵
  PID:6936
- C:\Windows\System\cjyopPG.exe
  C:\Windows\System\cjyopPG.exe
  2⤵
  PID:6668
- C:\Windows\System\qSLyGGU.exe
  C:\Windows\System\qSLyGGU.exe
  2⤵
  PID:6796
- C:\Windows\System\doMUTBx.exe
  C:\Windows\System\doMUTBx.exe
  2⤵
  PID:7020
- C:\Windows\System\YYDwJTo.exe
  C:\Windows\System\YYDwJTo.exe
  2⤵
  PID:7124
- C:\Windows\System\QiEuOFV.exe
  C:\Windows\System\QiEuOFV.exe
  2⤵
  PID:6872
- C:\Windows\System\DnDMUCr.exe
  C:\Windows\System\DnDMUCr.exe
  2⤵
  PID:6980
- C:\Windows\System\XtUInhV.exe
  C:\Windows\System\XtUInhV.exe
  2⤵
  PID:4596
- C:\Windows\System\SzxIOWP.exe
  C:\Windows\System\SzxIOWP.exe
  2⤵
  PID:7016
- C:\Windows\System\wDlVetZ.exe
  C:\Windows\System\wDlVetZ.exe
  2⤵
  PID:5056
- C:\Windows\System\QaQBHXm.exe
  C:\Windows\System\QaQBHXm.exe
  2⤵
  PID:5040
- C:\Windows\System\rDwBubR.exe
  C:\Windows\System\rDwBubR.exe
  2⤵
  PID:5976
- C:\Windows\System\KTDqoHN.exe
  C:\Windows\System\KTDqoHN.exe
  2⤵
  PID:5388
- C:\Windows\System\GrhlPNX.exe
  C:\Windows\System\GrhlPNX.exe
  2⤵
  PID:6492
- C:\Windows\System\EptlEUS.exe
  C:\Windows\System\EptlEUS.exe
  2⤵
  PID:6268
- C:\Windows\System\JvWUfiO.exe
  C:\Windows\System\JvWUfiO.exe
  2⤵
  PID:6468
- C:\Windows\System\vclmRtp.exe
  C:\Windows\System\vclmRtp.exe
  2⤵
  PID:6776
- C:\Windows\System\Dwsbiau.exe
  C:\Windows\System\Dwsbiau.exe
  2⤵
  PID:5732
- C:\Windows\System\hGVfPLo.exe
  C:\Windows\System\hGVfPLo.exe
  2⤵
  PID:6432
- C:\Windows\System\ZTddyMK.exe
  C:\Windows\System\ZTddyMK.exe
  2⤵
  PID:6576
- C:\Windows\System\pGRDXSg.exe
  C:\Windows\System\pGRDXSg.exe
  2⤵
  PID:5860
- C:\Windows\System\eGvjoNu.exe
  C:\Windows\System\eGvjoNu.exe
  2⤵
  PID:6756
- C:\Windows\System\AHJGwmn.exe
  C:\Windows\System\AHJGwmn.exe
  2⤵
  PID:6932
- C:\Windows\System\SyjSuMX.exe
  C:\Windows\System\SyjSuMX.exe
  2⤵
  PID:5692
- C:\Windows\System\fydCbdT.exe
  C:\Windows\System\fydCbdT.exe
  2⤵
  PID:7148
- C:\Windows\System\gyItYIE.exe
  C:\Windows\System\gyItYIE.exe
  2⤵
  PID:6692
- C:\Windows\System\wBBdttj.exe
  C:\Windows\System\wBBdttj.exe
  2⤵
  PID:6244
- C:\Windows\System\vzhnJrl.exe
  C:\Windows\System\vzhnJrl.exe
  2⤵
  PID:3116
- C:\Windows\System\AFERSym.exe
  C:\Windows\System\AFERSym.exe
  2⤵
  PID:6852
- C:\Windows\System\HDOWkRp.exe
  C:\Windows\System\HDOWkRp.exe
  2⤵
  PID:5680
- C:\Windows\System\GJEXldR.exe
  C:\Windows\System\GJEXldR.exe
  2⤵
  PID:6912
- C:\Windows\System\augobEq.exe
  C:\Windows\System\augobEq.exe
  2⤵
  PID:7172
- C:\Windows\System\pzjGnLh.exe
  C:\Windows\System\pzjGnLh.exe
  2⤵
  PID:7192
- C:\Windows\System\FqmamxQ.exe
  C:\Windows\System\FqmamxQ.exe
  2⤵
  PID:7208
- C:\Windows\System\KsUxglj.exe
  C:\Windows\System\KsUxglj.exe
  2⤵
  PID:7232
- C:\Windows\System\ombfzRj.exe
  C:\Windows\System\ombfzRj.exe
  2⤵
  PID:7248
- C:\Windows\System\NaAhWFc.exe
  C:\Windows\System\NaAhWFc.exe
  2⤵
  PID:7272
- C:\Windows\System\athOgmT.exe
  C:\Windows\System\athOgmT.exe
  2⤵
  PID:7292
- C:\Windows\System\zvtCgMQ.exe
  C:\Windows\System\zvtCgMQ.exe
  2⤵
  PID:7312
- C:\Windows\System\izCBORF.exe
  C:\Windows\System\izCBORF.exe
  2⤵
  PID:7328
- C:\Windows\System\KnkBMvO.exe
  C:\Windows\System\KnkBMvO.exe
  2⤵
  PID:7352
- C:\Windows\System\USBNbRZ.exe
  C:\Windows\System\USBNbRZ.exe
  2⤵
  PID:7372
- C:\Windows\System\MIaYgSe.exe
  C:\Windows\System\MIaYgSe.exe
  2⤵
  PID:7392
- C:\Windows\System\slKqwhp.exe
  C:\Windows\System\slKqwhp.exe
  2⤵
  PID:7412
- C:\Windows\System\gCbcpSl.exe
  C:\Windows\System\gCbcpSl.exe
  2⤵
  PID:7432
- C:\Windows\System\oopKqgi.exe
  C:\Windows\System\oopKqgi.exe
  2⤵
  PID:7456
- C:\Windows\System\UVVSsJy.exe
  C:\Windows\System\UVVSsJy.exe
  2⤵
  PID:7472
- C:\Windows\System\jXdfcvj.exe
  C:\Windows\System\jXdfcvj.exe
  2⤵
  PID:7492
- C:\Windows\System\lNxuBRa.exe
  C:\Windows\System\lNxuBRa.exe
  2⤵
  PID:7512
- C:\Windows\System\vWVNYbV.exe
  C:\Windows\System\vWVNYbV.exe
  2⤵
  PID:7536
- C:\Windows\System\TCEXpcJ.exe
  C:\Windows\System\TCEXpcJ.exe
  2⤵
  PID:7556
- C:\Windows\System\GHYsNzX.exe
  C:\Windows\System\GHYsNzX.exe
  2⤵
  PID:7576
- C:\Windows\System\fJPYXhF.exe
  C:\Windows\System\fJPYXhF.exe
  2⤵
  PID:7592
- C:\Windows\System\qVOPwfM.exe
  C:\Windows\System\qVOPwfM.exe
  2⤵
  PID:7608
- C:\Windows\System\SnkKYSL.exe
  C:\Windows\System\SnkKYSL.exe
  2⤵
  PID:7632
- C:\Windows\System\ghwtNWK.exe
  C:\Windows\System\ghwtNWK.exe
  2⤵
  PID:7652
- C:\Windows\System\kjnGWYM.exe
  C:\Windows\System\kjnGWYM.exe
  2⤵
  PID:7672
- C:\Windows\System\sPolXar.exe
  C:\Windows\System\sPolXar.exe
  2⤵
  PID:7692
- C:\Windows\System\wNvEPWl.exe
  C:\Windows\System\wNvEPWl.exe
  2⤵
  PID:7712
- C:\Windows\System\WiHXrKg.exe
  C:\Windows\System\WiHXrKg.exe
  2⤵
  PID:7732
- C:\Windows\System\Hruupdr.exe
  C:\Windows\System\Hruupdr.exe
  2⤵
  PID:7756
- C:\Windows\System\SlvALaR.exe
  C:\Windows\System\SlvALaR.exe
  2⤵
  PID:7772
- C:\Windows\System\gEUIsJJ.exe
  C:\Windows\System\gEUIsJJ.exe
  2⤵
  PID:7792
- C:\Windows\System\SbNJwAw.exe
  C:\Windows\System\SbNJwAw.exe
  2⤵
  PID:7816
- C:\Windows\System\PukucGy.exe
  C:\Windows\System\PukucGy.exe
  2⤵
  PID:7836
- C:\Windows\System\MZnfIMb.exe
  C:\Windows\System\MZnfIMb.exe
  2⤵
  PID:7856
- C:\Windows\System\uCQhcjM.exe
  C:\Windows\System\uCQhcjM.exe
  2⤵
  PID:7876
- C:\Windows\System\hqesbDx.exe
  C:\Windows\System\hqesbDx.exe
  2⤵
  PID:7900
- C:\Windows\System\NnMcsSL.exe
  C:\Windows\System\NnMcsSL.exe
  2⤵
  PID:7920
- C:\Windows\System\XeZwuCp.exe
  C:\Windows\System\XeZwuCp.exe
  2⤵
  PID:7940
- C:\Windows\System\OjXZTEz.exe
  C:\Windows\System\OjXZTEz.exe
  2⤵
  PID:7956
- C:\Windows\System\QZpdcyQ.exe
  C:\Windows\System\QZpdcyQ.exe
  2⤵
  PID:7976
- C:\Windows\System\lmDymda.exe
  C:\Windows\System\lmDymda.exe
  2⤵
  PID:7996
- C:\Windows\System\EsXuule.exe
  C:\Windows\System\EsXuule.exe
  2⤵
  PID:8012
- C:\Windows\System\asXIeLi.exe
  C:\Windows\System\asXIeLi.exe
  2⤵
  PID:8036
- C:\Windows\System\nPOODKs.exe
  C:\Windows\System\nPOODKs.exe
  2⤵
  PID:8052
- C:\Windows\System\etsMgGA.exe
  C:\Windows\System\etsMgGA.exe
  2⤵
  PID:8076
- C:\Windows\System\PSWoSNm.exe
  C:\Windows\System\PSWoSNm.exe
  2⤵
  PID:8096
- C:\Windows\System\qhwKOfz.exe
  C:\Windows\System\qhwKOfz.exe
  2⤵
  PID:8116
- C:\Windows\System\CDFrFeb.exe
  C:\Windows\System\CDFrFeb.exe
  2⤵
  PID:8132
- C:\Windows\System\cPcazjM.exe
  C:\Windows\System\cPcazjM.exe
  2⤵
  PID:8156
- C:\Windows\System\DRiUIKm.exe
  C:\Windows\System\DRiUIKm.exe
  2⤵
  PID:8180
- C:\Windows\System\CnoHSrt.exe
  C:\Windows\System\CnoHSrt.exe
  2⤵
  PID:5916
- C:\Windows\System\WYlnOeO.exe
  C:\Windows\System\WYlnOeO.exe
  2⤵
  PID:5224
- C:\Windows\System\GgiaWpa.exe
  C:\Windows\System\GgiaWpa.exe
  2⤵
  PID:6688
- C:\Windows\System\vTGSIIO.exe
  C:\Windows\System\vTGSIIO.exe
  2⤵
  PID:6812
- C:\Windows\System\ujMeTuk.exe
  C:\Windows\System\ujMeTuk.exe
  2⤵
  PID:7056
- C:\Windows\System\ojgQOSW.exe
  C:\Windows\System\ojgQOSW.exe
  2⤵
  PID:6248
- C:\Windows\System\yLqUoyU.exe
  C:\Windows\System\yLqUoyU.exe
  2⤵
  PID:6164
- C:\Windows\System\UYiXzCs.exe
  C:\Windows\System\UYiXzCs.exe
  2⤵
  PID:7204
- C:\Windows\System\vsNLobr.exe
  C:\Windows\System\vsNLobr.exe
  2⤵
  PID:5896
- C:\Windows\System\VjJnXzh.exe
  C:\Windows\System\VjJnXzh.exe
  2⤵
  PID:2572
- C:\Windows\System\hjrDdGI.exe
  C:\Windows\System\hjrDdGI.exe
  2⤵
  PID:7180
- C:\Windows\System\xinMOaL.exe
  C:\Windows\System\xinMOaL.exe
  2⤵
  PID:7144
- C:\Windows\System\OJZnzsP.exe
  C:\Windows\System\OJZnzsP.exe
  2⤵
  PID:1844
- C:\Windows\System\lDZbeDj.exe
  C:\Windows\System\lDZbeDj.exe
  2⤵
  PID:7260
- C:\Windows\System\HUvYEVo.exe
  C:\Windows\System\HUvYEVo.exe
  2⤵
  PID:7368
- C:\Windows\System\woqGZSi.exe
  C:\Windows\System\woqGZSi.exe
  2⤵
  PID:7300
- C:\Windows\System\oGjUylK.exe
  C:\Windows\System\oGjUylK.exe
  2⤵
  PID:7344
- C:\Windows\System\KZjiOkZ.exe
  C:\Windows\System\KZjiOkZ.exe
  2⤵
  PID:7440
- C:\Windows\System\QivZJrz.exe
  C:\Windows\System\QivZJrz.exe
  2⤵
  PID:7484
- C:\Windows\System\SMDbtUU.exe
  C:\Windows\System\SMDbtUU.exe
  2⤵
  PID:7524
- C:\Windows\System\xxZILCA.exe
  C:\Windows\System\xxZILCA.exe
  2⤵
  PID:7464
- C:\Windows\System\zvTkkXZ.exe
  C:\Windows\System\zvTkkXZ.exe
  2⤵
  PID:7568
- C:\Windows\System\PLreZQj.exe
  C:\Windows\System\PLreZQj.exe
  2⤵
  PID:7552
- C:\Windows\System\FgJVtTR.exe
  C:\Windows\System\FgJVtTR.exe
  2⤵
  PID:7644
- C:\Windows\System\vmpNUWL.exe
  C:\Windows\System\vmpNUWL.exe
  2⤵
  PID:7588
- C:\Windows\System\DEAcxwE.exe
  C:\Windows\System\DEAcxwE.exe
  2⤵
  PID:7624
- C:\Windows\System\IoJXBqK.exe
  C:\Windows\System\IoJXBqK.exe
  2⤵
  PID:7764
- C:\Windows\System\UUVKBsZ.exe
  C:\Windows\System\UUVKBsZ.exe
  2⤵
  PID:7800
- C:\Windows\System\HutWYOm.exe
  C:\Windows\System\HutWYOm.exe
  2⤵
  PID:7748
- C:\Windows\System\OUeqGuv.exe
  C:\Windows\System\OUeqGuv.exe
  2⤵
  PID:7744
- C:\Windows\System\RHrHIQV.exe
  C:\Windows\System\RHrHIQV.exe
  2⤵
  PID:7896
- C:\Windows\System\XKfvLSu.exe
  C:\Windows\System\XKfvLSu.exe
  2⤵
  PID:7788
- C:\Windows\System\WmWsrXJ.exe
  C:\Windows\System\WmWsrXJ.exe
  2⤵
  PID:7932
- C:\Windows\System\xetqUGm.exe
  C:\Windows\System\xetqUGm.exe
  2⤵
  PID:7916
- C:\Windows\System\CFSMMbj.exe
  C:\Windows\System\CFSMMbj.exe
  2⤵
  PID:8008
- C:\Windows\System\nhpUBCi.exe
  C:\Windows\System\nhpUBCi.exe
  2⤵
  PID:7988
- C:\Windows\System\vGXYzNR.exe
  C:\Windows\System\vGXYzNR.exe
  2⤵
  PID:8020
- C:\Windows\System\mmfUflK.exe
  C:\Windows\System\mmfUflK.exe
  2⤵
  PID:8124
- C:\Windows\System\gVOnJrj.exe
  C:\Windows\System\gVOnJrj.exe
  2⤵
  PID:8072
- C:\Windows\System\xKnGsqS.exe
  C:\Windows\System\xKnGsqS.exe
  2⤵
  PID:8176
- C:\Windows\System\vfrenQP.exe
  C:\Windows\System\vfrenQP.exe
  2⤵
  PID:5312
- C:\Windows\System\nljRtag.exe
  C:\Windows\System\nljRtag.exe
  2⤵
  PID:6428
- C:\Windows\System\MmGNher.exe
  C:\Windows\System\MmGNher.exe
  2⤵
  PID:1996
- C:\Windows\System\mNnPTaT.exe
  C:\Windows\System\mNnPTaT.exe
  2⤵
  PID:6752
- C:\Windows\System\QYrzIal.exe
  C:\Windows\System\QYrzIal.exe
  2⤵
  PID:6728
- C:\Windows\System\zKEQlVJ.exe
  C:\Windows\System\zKEQlVJ.exe
  2⤵
  PID:7104
- C:\Windows\System\wOztFnK.exe
  C:\Windows\System\wOztFnK.exe
  2⤵
  PID:1772
- C:\Windows\System\udLcrMV.exe
  C:\Windows\System\udLcrMV.exe
  2⤵
  PID:7188
- C:\Windows\System\NZSNNmn.exe
  C:\Windows\System\NZSNNmn.exe
  2⤵
  PID:6896
- C:\Windows\System\rOojTEm.exe
  C:\Windows\System\rOojTEm.exe
  2⤵
  PID:7284
- C:\Windows\System\iFJZaPF.exe
  C:\Windows\System\iFJZaPF.exe
  2⤵
  PID:7224
- C:\Windows\System\vNTYBhc.exe
  C:\Windows\System\vNTYBhc.exe
  2⤵
  PID:7380
- C:\Windows\System\MwHkFas.exe
  C:\Windows\System\MwHkFas.exe
  2⤵
  PID:7340
- C:\Windows\System\RsSDCop.exe
  C:\Windows\System\RsSDCop.exe
  2⤵
  PID:7452
- C:\Windows\System\vjjelzN.exe
  C:\Windows\System\vjjelzN.exe
  2⤵
  PID:7572
- C:\Windows\System\vvkOQIM.exe
  C:\Windows\System\vvkOQIM.exe
  2⤵
  PID:7428
- C:\Windows\System\VFOnDgC.exe
  C:\Windows\System\VFOnDgC.exe
  2⤵
  PID:7724
- C:\Windows\System\MgjWAdo.exe
  C:\Windows\System\MgjWAdo.exe
  2⤵
  PID:7544
- C:\Windows\System\iSveGeq.exe
  C:\Windows\System\iSveGeq.exe
  2⤵
  PID:7704
- C:\Windows\System\twgrbns.exe
  C:\Windows\System\twgrbns.exe
  2⤵
  PID:7752
- C:\Windows\System\iLWZwmu.exe
  C:\Windows\System\iLWZwmu.exe
  2⤵
  PID:7936
- C:\Windows\System\HuZZhDS.exe
  C:\Windows\System\HuZZhDS.exe
  2⤵
  PID:7884
- C:\Windows\System\DvCVael.exe
  C:\Windows\System\DvCVael.exe
  2⤵
  PID:7908
- C:\Windows\System\qgTPLFQ.exe
  C:\Windows\System\qgTPLFQ.exe
  2⤵
  PID:7948
- C:\Windows\System\sNgQwUg.exe
  C:\Windows\System\sNgQwUg.exe
  2⤵
  PID:7968
- C:\Windows\System\OfMNnvz.exe
  C:\Windows\System\OfMNnvz.exe
  2⤵
  PID:8164
- C:\Windows\System\PyIKuaz.exe
  C:\Windows\System\PyIKuaz.exe
  2⤵
  PID:8148
- C:\Windows\System\rvhNWxB.exe
  C:\Windows\System\rvhNWxB.exe
  2⤵
  PID:1084
- C:\Windows\System\uIncXxO.exe
  C:\Windows\System\uIncXxO.exe
  2⤵
  PID:6360
- C:\Windows\System\mbTWcKr.exe
  C:\Windows\System\mbTWcKr.exe
  2⤵
  PID:6652
- C:\Windows\System\vBzcmvG.exe
  C:\Windows\System\vBzcmvG.exe
  2⤵
  PID:7384
- C:\Windows\System\aIGsWjc.exe
  C:\Windows\System\aIGsWjc.exe
  2⤵
  PID:6284
- C:\Windows\System\DCFfJdC.exe
  C:\Windows\System\DCFfJdC.exe
  2⤵
  PID:7532
- C:\Windows\System\RtpbZrG.exe
  C:\Windows\System\RtpbZrG.exe
  2⤵
  PID:7424
- C:\Windows\System\iufxukS.exe
  C:\Windows\System\iufxukS.exe
  2⤵
  PID:7852
- C:\Windows\System\aEaPmBM.exe
  C:\Windows\System\aEaPmBM.exe
  2⤵
  PID:7308
- C:\Windows\System\DOZYhvr.exe
  C:\Windows\System\DOZYhvr.exe
  2⤵
  PID:7444
- C:\Windows\System\ksHryjk.exe
  C:\Windows\System\ksHryjk.exe
  2⤵
  PID:7864
- C:\Windows\System\WPahGao.exe
  C:\Windows\System\WPahGao.exe
  2⤵
  PID:7680
- C:\Windows\System\eOSZZCR.exe
  C:\Windows\System\eOSZZCR.exe
  2⤵
  PID:7972
- C:\Windows\System\JzcECfR.exe
  C:\Windows\System\JzcECfR.exe
  2⤵
  PID:7828
- C:\Windows\System\hGxIwrJ.exe
  C:\Windows\System\hGxIwrJ.exe
  2⤵
  PID:8104
- C:\Windows\System\IKDeNOk.exe
  C:\Windows\System\IKDeNOk.exe
  2⤵
  PID:6828
- C:\Windows\System\ScGNxwl.exe
  C:\Windows\System\ScGNxwl.exe
  2⤵
  PID:8140
- C:\Windows\System\WVMwVAO.exe
  C:\Windows\System\WVMwVAO.exe
  2⤵
  PID:8196
- C:\Windows\System\UKFsgqd.exe
  C:\Windows\System\UKFsgqd.exe
  2⤵
  PID:8220
- C:\Windows\System\lVitvkV.exe
  C:\Windows\System\lVitvkV.exe
  2⤵
  PID:8240
- C:\Windows\System\ZonoxEO.exe
  C:\Windows\System\ZonoxEO.exe
  2⤵
  PID:8268
- C:\Windows\System\ZXRrfYI.exe
  C:\Windows\System\ZXRrfYI.exe
  2⤵
  PID:8288
- C:\Windows\System\QwwBPaA.exe
  C:\Windows\System\QwwBPaA.exe
  2⤵
  PID:8312
- C:\Windows\System\cNwzsPe.exe
  C:\Windows\System\cNwzsPe.exe
  2⤵
  PID:8332
- C:\Windows\System\DoFiRZj.exe
  C:\Windows\System\DoFiRZj.exe
  2⤵
  PID:8352
- C:\Windows\System\AkdcFrg.exe
  C:\Windows\System\AkdcFrg.exe
  2⤵
  PID:8372
- C:\Windows\System\lwZRlau.exe
  C:\Windows\System\lwZRlau.exe
  2⤵
  PID:8392
- C:\Windows\System\ryFYqay.exe
  C:\Windows\System\ryFYqay.exe
  2⤵
  PID:8408
- C:\Windows\System\prHIpOA.exe
  C:\Windows\System\prHIpOA.exe
  2⤵
  PID:8428
- C:\Windows\System\WcgtgjI.exe
  C:\Windows\System\WcgtgjI.exe
  2⤵
  PID:8452
- C:\Windows\System\aZeXudy.exe
  C:\Windows\System\aZeXudy.exe
  2⤵
  PID:8472
- C:\Windows\System\RtyIzLH.exe
  C:\Windows\System\RtyIzLH.exe
  2⤵
  PID:8492
- C:\Windows\System\oZqKAci.exe
  C:\Windows\System\oZqKAci.exe
  2⤵
  PID:8512
- C:\Windows\System\mCsofkM.exe
  C:\Windows\System\mCsofkM.exe
  2⤵
  PID:8528
- C:\Windows\System\UTOhWpp.exe
  C:\Windows\System\UTOhWpp.exe
  2⤵
  PID:8548
- C:\Windows\System\qEIfFmg.exe
  C:\Windows\System\qEIfFmg.exe
  2⤵
  PID:8564
- C:\Windows\System\VvFFxBh.exe
  C:\Windows\System\VvFFxBh.exe
  2⤵
  PID:8592
- C:\Windows\System\jJELVLc.exe
  C:\Windows\System\jJELVLc.exe
  2⤵
  PID:8616
- C:\Windows\System\jCeqTRe.exe
  C:\Windows\System\jCeqTRe.exe
  2⤵
  PID:8636
- C:\Windows\System\hcuqPpf.exe
  C:\Windows\System\hcuqPpf.exe
  2⤵
  PID:8656
- C:\Windows\System\xRQqrbz.exe
  C:\Windows\System\xRQqrbz.exe
  2⤵
  PID:8676
- C:\Windows\System\mewgFqL.exe
  C:\Windows\System\mewgFqL.exe
  2⤵
  PID:8692
- C:\Windows\System\slhwZsx.exe
  C:\Windows\System\slhwZsx.exe
  2⤵
  PID:8712
- C:\Windows\System\uLKrzcG.exe
  C:\Windows\System\uLKrzcG.exe
  2⤵
  PID:8728
- C:\Windows\System\DvjVbtZ.exe
  C:\Windows\System\DvjVbtZ.exe
  2⤵
  PID:8744
- C:\Windows\System\RMBNIHJ.exe
  C:\Windows\System\RMBNIHJ.exe
  2⤵
  PID:8760
- C:\Windows\System\nPcIYVY.exe
  C:\Windows\System\nPcIYVY.exe
  2⤵
  PID:8776
- C:\Windows\System\UqIWiNq.exe
  C:\Windows\System\UqIWiNq.exe
  2⤵
  PID:8792
- C:\Windows\System\rknANOn.exe
  C:\Windows\System\rknANOn.exe
  2⤵
  PID:8808
- C:\Windows\System\rDlNEUe.exe
  C:\Windows\System\rDlNEUe.exe
  2⤵
  PID:8860
- C:\Windows\System\ushxToz.exe
  C:\Windows\System\ushxToz.exe
  2⤵
  PID:8876
- C:\Windows\System\maTkZae.exe
  C:\Windows\System\maTkZae.exe
  2⤵
  PID:8892
- C:\Windows\System\wbgwxHU.exe
  C:\Windows\System\wbgwxHU.exe
  2⤵
  PID:8908
- C:\Windows\System\EWKTjrk.exe
  C:\Windows\System\EWKTjrk.exe
  2⤵
  PID:8928
- C:\Windows\System\cXfUhAl.exe
  C:\Windows\System\cXfUhAl.exe
  2⤵
  PID:8944
- C:\Windows\System\eUSshpk.exe
  C:\Windows\System\eUSshpk.exe
  2⤵
  PID:8960
- C:\Windows\System\jJkgbbS.exe
  C:\Windows\System\jJkgbbS.exe
  2⤵
  PID:8976
- C:\Windows\System\wCnryly.exe
  C:\Windows\System\wCnryly.exe
  2⤵
  PID:8992
- C:\Windows\System\xkqRIrt.exe
  C:\Windows\System\xkqRIrt.exe
  2⤵
  PID:9008
- C:\Windows\System\kKovkIq.exe
  C:\Windows\System\kKovkIq.exe
  2⤵
  PID:9024
- C:\Windows\System\TcfpJwr.exe
  C:\Windows\System\TcfpJwr.exe
  2⤵
  PID:9040
- C:\Windows\System\ZhOJTrH.exe
  C:\Windows\System\ZhOJTrH.exe
  2⤵
  PID:9056
- C:\Windows\System\UcKdvUC.exe
  C:\Windows\System\UcKdvUC.exe
  2⤵
  PID:9124
- C:\Windows\System\Zwjewtf.exe
  C:\Windows\System\Zwjewtf.exe
  2⤵
  PID:9140
- C:\Windows\System\sjWSOnf.exe
  C:\Windows\System\sjWSOnf.exe
  2⤵
  PID:9156
- C:\Windows\System\gggKmHS.exe
  C:\Windows\System\gggKmHS.exe
  2⤵
  PID:9172
- C:\Windows\System\kIjNMPc.exe
  C:\Windows\System\kIjNMPc.exe
  2⤵
  PID:9188
- C:\Windows\System\KlOTEPx.exe
  C:\Windows\System\KlOTEPx.exe
  2⤵
  PID:2724
- C:\Windows\System\emmnCgi.exe
  C:\Windows\System\emmnCgi.exe
  2⤵
  PID:7256
- C:\Windows\System\HMTXMCh.exe
  C:\Windows\System\HMTXMCh.exe
  2⤵
  PID:1788
- C:\Windows\System\UgYBnGU.exe
  C:\Windows\System\UgYBnGU.exe
  2⤵
  PID:7620
- C:\Windows\System\jsYMJAv.exe
  C:\Windows\System\jsYMJAv.exe
  2⤵
  PID:7700
- C:\Windows\System\ElOXYpU.exe
  C:\Windows\System\ElOXYpU.exe
  2⤵
  PID:8112
- C:\Windows\System\XpQNXpr.exe
  C:\Windows\System\XpQNXpr.exe
  2⤵
  PID:8084
- C:\Windows\System\jEHUZJn.exe
  C:\Windows\System\jEHUZJn.exe
  2⤵
  PID:6384
- C:\Windows\System\YToQnDg.exe
  C:\Windows\System\YToQnDg.exe
  2⤵
  PID:8216
- C:\Windows\System\VPhHUDJ.exe
  C:\Windows\System\VPhHUDJ.exe
  2⤵
  PID:8248
- C:\Windows\System\XvGYQuK.exe
  C:\Windows\System\XvGYQuK.exe
  2⤵
  PID:8252
- C:\Windows\System\egDFzxm.exe
  C:\Windows\System\egDFzxm.exe
  2⤵
  PID:8300
- C:\Windows\System\LFAgwvp.exe
  C:\Windows\System\LFAgwvp.exe
  2⤵
  PID:8304
- C:\Windows\System\uiCDPuJ.exe
  C:\Windows\System\uiCDPuJ.exe
  2⤵
  PID:8348
- C:\Windows\System\MLCbsqY.exe
  C:\Windows\System\MLCbsqY.exe
  2⤵
  PID:8416
- C:\Windows\System\ZdttWeL.exe
  C:\Windows\System\ZdttWeL.exe
  2⤵
  PID:8324
- C:\Windows\System\uYPfdEA.exe
  C:\Windows\System\uYPfdEA.exe
  2⤵
  PID:8364
- C:\Windows\System\XdtGIxE.exe
  C:\Windows\System\XdtGIxE.exe
  2⤵
  PID:8464
- C:\Windows\System\oIWNDcF.exe
  C:\Windows\System\oIWNDcF.exe
  2⤵
  PID:8448
- C:\Windows\System\vloFsxm.exe
  C:\Windows\System\vloFsxm.exe
  2⤵
  PID:8504
- C:\Windows\System\oaswlKA.exe
  C:\Windows\System\oaswlKA.exe
  2⤵
  PID:8480
- C:\Windows\System\PkTaIjc.exe
  C:\Windows\System\PkTaIjc.exe
  2⤵
  PID:8584
- C:\Windows\System\PlERBHO.exe
  C:\Windows\System\PlERBHO.exe
  2⤵
  PID:8524
- C:\Windows\System\xJIFqko.exe
  C:\Windows\System\xJIFqko.exe
  2⤵
  PID:8632
- C:\Windows\System\ovWjxIF.exe
  C:\Windows\System\ovWjxIF.exe
  2⤵
  PID:8612
- C:\Windows\System\Bybfrto.exe
  C:\Windows\System\Bybfrto.exe
  2⤵
  PID:8664
- C:\Windows\System\FbQemtW.exe
  C:\Windows\System\FbQemtW.exe
  2⤵
  PID:8684
- C:\Windows\System\lTWGpbH.exe
  C:\Windows\System\lTWGpbH.exe
  2⤵
  PID:8736
- C:\Windows\System\pwIEZsn.exe
  C:\Windows\System\pwIEZsn.exe
  2⤵
  PID:8768
- C:\Windows\System\dpfgyvW.exe
  C:\Windows\System\dpfgyvW.exe
  2⤵
  PID:8772
- C:\Windows\System\bhBCWXk.exe
  C:\Windows\System\bhBCWXk.exe
  2⤵
  PID:4228
- C:\Windows\System\WjiKvrE.exe
  C:\Windows\System\WjiKvrE.exe
  2⤵
  PID:8824
- C:\Windows\System\epVqlgN.exe
  C:\Windows\System\epVqlgN.exe
  2⤵
  PID:8840
- C:\Windows\System\SdeUbYd.exe
  C:\Windows\System\SdeUbYd.exe
  2⤵
  PID:2840
- C:\Windows\System\DHDKVMg.exe
  C:\Windows\System\DHDKVMg.exe
  2⤵
  PID:8900
- C:\Windows\System\YERRahN.exe
  C:\Windows\System\YERRahN.exe
  2⤵
  PID:8916
- C:\Windows\System\bSrvwll.exe
  C:\Windows\System\bSrvwll.exe
  2⤵
  PID:8940
- C:\Windows\System\BsSqIWr.exe
  C:\Windows\System\BsSqIWr.exe
  2⤵
  PID:8956
- C:\Windows\System\TuhvRXu.exe
  C:\Windows\System\TuhvRXu.exe
  2⤵
  PID:9004
- C:\Windows\System\qzPtbxc.exe
  C:\Windows\System\qzPtbxc.exe
  2⤵
  PID:9068
- C:\Windows\System\zHPcYBj.exe
  C:\Windows\System\zHPcYBj.exe
  2⤵
  PID:9080
- C:\Windows\System\VGNYGdS.exe
  C:\Windows\System\VGNYGdS.exe
  2⤵
  PID:9096
- C:\Windows\System\kuBWpZu.exe
  C:\Windows\System\kuBWpZu.exe
  2⤵
  PID:9112
- C:\Windows\System\CuYktJf.exe
  C:\Windows\System\CuYktJf.exe
  2⤵
  PID:2992
- C:\Windows\System\pEswEoa.exe
  C:\Windows\System\pEswEoa.exe
  2⤵
  PID:9136
- C:\Windows\System\ffvgkYc.exe
  C:\Windows\System\ffvgkYc.exe
  2⤵
  PID:9180
- C:\Windows\System\tcDeSVN.exe
  C:\Windows\System\tcDeSVN.exe
  2⤵
  PID:9204
- C:\Windows\System\PzZACJn.exe
  C:\Windows\System\PzZACJn.exe
  2⤵
  PID:7404
- C:\Windows\System\ISJBVgI.exe
  C:\Windows\System\ISJBVgI.exe
  2⤵
  PID:4468
- C:\Windows\System\XVDqmaY.exe
  C:\Windows\System\XVDqmaY.exe
  2⤵
  PID:7648
- C:\Windows\System\zboAscK.exe
  C:\Windows\System\zboAscK.exe
  2⤵
  PID:2448
- C:\Windows\System\aHGpvCn.exe
  C:\Windows\System\aHGpvCn.exe
  2⤵
  PID:1284
- C:\Windows\System\KRbHPwo.exe
  C:\Windows\System\KRbHPwo.exe
  2⤵
  PID:1444
- C:\Windows\System\gfENdQm.exe
  C:\Windows\System\gfENdQm.exe
  2⤵
  PID:2964
- C:\Windows\System\YzYTRnb.exe
  C:\Windows\System\YzYTRnb.exe
  2⤵
  PID:2516
- C:\Windows\System\qKstQgr.exe
  C:\Windows\System\qKstQgr.exe
  2⤵
  PID:3060
- C:\Windows\System\zhEvvxp.exe
  C:\Windows\System\zhEvvxp.exe
  2⤵
  PID:2264
- C:\Windows\System\qWjeoLD.exe
  C:\Windows\System\qWjeoLD.exe
  2⤵
  PID:2060
- C:\Windows\System\vmkHVAp.exe
  C:\Windows\System\vmkHVAp.exe
  2⤵
  PID:1340
- C:\Windows\System\kuIvsgt.exe
  C:\Windows\System\kuIvsgt.exe
  2⤵
  PID:7324
- C:\Windows\System\eFbDdFi.exe
  C:\Windows\System\eFbDdFi.exe
  2⤵
  PID:1836
- C:\Windows\System\pfIyUXA.exe
  C:\Windows\System\pfIyUXA.exe
  2⤵
  PID:7812
- C:\Windows\System\ABoZWWm.exe
  C:\Windows\System\ABoZWWm.exe
  2⤵
  PID:7664
- C:\Windows\System\KDQYzWg.exe
  C:\Windows\System\KDQYzWg.exe
  2⤵
  PID:7668
- C:\Windows\System\zTZJxjp.exe
  C:\Windows\System\zTZJxjp.exe
  2⤵
  PID:8152
- C:\Windows\System\JJBdtkl.exe
  C:\Windows\System\JJBdtkl.exe
  2⤵
  PID:2780
- C:\Windows\System\LGCktIe.exe
  C:\Windows\System\LGCktIe.exe
  2⤵
  PID:8256
- C:\Windows\System\EpySOFM.exe
  C:\Windows\System\EpySOFM.exe
  2⤵
  PID:8328
- C:\Windows\System\kmqPvNE.exe
  C:\Windows\System\kmqPvNE.exe
  2⤵
  PID:8308
- C:\Windows\System\uKOHhWU.exe
  C:\Windows\System\uKOHhWU.exe
  2⤵
  PID:8460
- C:\Windows\System\kJyYSDA.exe
  C:\Windows\System\kJyYSDA.exe
  2⤵
  PID:8404
- C:\Windows\System\jgrZGAa.exe
  C:\Windows\System\jgrZGAa.exe
  2⤵
  PID:8520
- C:\Windows\System\QtpSVDu.exe
  C:\Windows\System\QtpSVDu.exe
  2⤵
  PID:8576
- C:\Windows\System\WNvXgyv.exe
  C:\Windows\System\WNvXgyv.exe
  2⤵
  PID:8608
- C:\Windows\System\ZIoZkvP.exe
  C:\Windows\System\ZIoZkvP.exe
  2⤵
  PID:8724
- C:\Windows\System\agEklok.exe
  C:\Windows\System\agEklok.exe
  2⤵
  PID:8832
- C:\Windows\System\qcXCRBB.exe
  C:\Windows\System\qcXCRBB.exe
  2⤵
  PID:8972
- C:\Windows\System\KdTKaRg.exe
  C:\Windows\System\KdTKaRg.exe
  2⤵
  PID:8756
- C:\Windows\System\heLpPPU.exe
  C:\Windows\System\heLpPPU.exe
  2⤵
  PID:8848
- C:\Windows\System\GwFDGpd.exe
  C:\Windows\System\GwFDGpd.exe
  2⤵
  PID:9032
- C:\Windows\System\pJXAXEB.exe
  C:\Windows\System\pJXAXEB.exe
  2⤵
  PID:9088
- C:\Windows\System\bHhrXRf.exe
  C:\Windows\System\bHhrXRf.exe
  2⤵
  PID:9104
- C:\Windows\System\PEUYWqs.exe
  C:\Windows\System\PEUYWqs.exe
  2⤵
  PID:2576
- C:\Windows\System\gNKbOvt.exe
  C:\Windows\System\gNKbOvt.exe
  2⤵
  PID:2800
- C:\Windows\System\EziiAnP.exe
  C:\Windows\System\EziiAnP.exe
  2⤵
  PID:7080
- C:\Windows\System\DXiXNzI.exe
  C:\Windows\System\DXiXNzI.exe
  2⤵
  PID:8852
- C:\Windows\System\kLixqjK.exe
  C:\Windows\System\kLixqjK.exe
  2⤵
  PID:468
- C:\Windows\System\oVVFScF.exe
  C:\Windows\System\oVVFScF.exe
  2⤵
  PID:2056
- C:\Windows\System\itWQDxE.exe
  C:\Windows\System\itWQDxE.exe
  2⤵
  PID:1624
- C:\Windows\System\ayWtyTk.exe
  C:\Windows\System\ayWtyTk.exe
  2⤵
  PID:1540
- C:\Windows\System\BtRlfsA.exe
  C:\Windows\System\BtRlfsA.exe
  2⤵
  PID:2336
- C:\Windows\System\iOoQUtJ.exe
  C:\Windows\System\iOoQUtJ.exe
  2⤵
  PID:3012
- C:\Windows\System\UvbqUnd.exe
  C:\Windows\System\UvbqUnd.exe
  2⤵
  PID:1612
- C:\Windows\System\qEqrdrd.exe
  C:\Windows\System\qEqrdrd.exe
  2⤵
  PID:2828
- C:\Windows\System\iUhDqRN.exe
  C:\Windows\System\iUhDqRN.exe
  2⤵
  PID:7784
- C:\Windows\System\gugzrTl.exe
  C:\Windows\System\gugzrTl.exe
  2⤵
  PID:7468
- C:\Windows\System\tnVLhVM.exe
  C:\Windows\System\tnVLhVM.exe
  2⤵
  PID:8388
- C:\Windows\System\ORbRMiq.exe
  C:\Windows\System\ORbRMiq.exe
  2⤵
  PID:8652
- C:\Windows\System\rIqZPvj.exe
  C:\Windows\System\rIqZPvj.exe
  2⤵
  PID:8800
- C:\Windows\System\wnOvkvh.exe
  C:\Windows\System\wnOvkvh.exe
  2⤵
  PID:8204
- C:\Windows\System\kcWcCDP.exe
  C:\Windows\System\kcWcCDP.exe
  2⤵
  PID:2900
- C:\Windows\System\xvWOTmq.exe
  C:\Windows\System\xvWOTmq.exe
  2⤵
  PID:8500
- C:\Windows\System\izYeuGK.exe
  C:\Windows\System\izYeuGK.exe
  2⤵
  PID:8700
- C:\Windows\System\HRGPLja.exe
  C:\Windows\System\HRGPLja.exe
  2⤵
  PID:9000
- C:\Windows\System\ePUXuFm.exe
  C:\Windows\System\ePUXuFm.exe
  2⤵
  PID:8888
- C:\Windows\System\xnvBOcQ.exe
  C:\Windows\System\xnvBOcQ.exe
  2⤵
  PID:2260
- C:\Windows\System\ggDrhVG.exe
  C:\Windows\System\ggDrhVG.exe
  2⤵
  PID:9148
- C:\Windows\System\PjqShJH.exe
  C:\Windows\System\PjqShJH.exe
  2⤵
  PID:9052
- C:\Windows\System\bAFawGi.exe
  C:\Windows\System\bAFawGi.exe
  2⤵
  PID:9168
- C:\Windows\System\rxhtlQx.exe
  C:\Windows\System\rxhtlQx.exe
  2⤵
  PID:2864
- C:\Windows\System\ZagxVfl.exe
  C:\Windows\System\ZagxVfl.exe
  2⤵
  PID:2412
- C:\Windows\System\RBmQUIu.exe
  C:\Windows\System\RBmQUIu.exe
  2⤵
  PID:2084
- C:\Windows\System\ggzhZZD.exe
  C:\Windows\System\ggzhZZD.exe
  2⤵
  PID:8604
- C:\Windows\System\EkppfAS.exe
  C:\Windows\System\EkppfAS.exe
  2⤵
  PID:8484
- C:\Windows\System\uHDxcSL.exe
  C:\Windows\System\uHDxcSL.exe
  2⤵
  PID:9076
- C:\Windows\System\LtMRUkC.exe
  C:\Windows\System\LtMRUkC.exe
  2⤵
  PID:6952
- C:\Windows\System\GFBHTOI.exe
  C:\Windows\System\GFBHTOI.exe
  2⤵
  PID:9220
- C:\Windows\System\aYeyxnK.exe
  C:\Windows\System\aYeyxnK.exe
  2⤵
  PID:9236
- C:\Windows\System\HqfGvca.exe
  C:\Windows\System\HqfGvca.exe
  2⤵
  PID:9272
- C:\Windows\System\EYLxfKk.exe
  C:\Windows\System\EYLxfKk.exe
  2⤵
  PID:9288
- C:\Windows\System\ovIuePB.exe
  C:\Windows\System\ovIuePB.exe
  2⤵
  PID:9304
- C:\Windows\System\HlNtqiI.exe
  C:\Windows\System\HlNtqiI.exe
  2⤵
  PID:9328
- C:\Windows\System\FSEmpCq.exe
  C:\Windows\System\FSEmpCq.exe
  2⤵
  PID:9344
- C:\Windows\System\OvkIpMu.exe
  C:\Windows\System\OvkIpMu.exe
  2⤵
  PID:9360
- C:\Windows\System\EqIhXWY.exe
  C:\Windows\System\EqIhXWY.exe
  2⤵
  PID:9376
- C:\Windows\System\WOToUcI.exe
  C:\Windows\System\WOToUcI.exe
  2⤵
  PID:9392
- C:\Windows\System\KHkAiYs.exe
  C:\Windows\System\KHkAiYs.exe
  2⤵
  PID:9420
- C:\Windows\System\UbuckDn.exe
  C:\Windows\System\UbuckDn.exe
  2⤵
  PID:9476
- C:\Windows\System\rGeSriy.exe
  C:\Windows\System\rGeSriy.exe
  2⤵
  PID:9576
- C:\Windows\System\xenpgAx.exe
  C:\Windows\System\xenpgAx.exe
  2⤵
  PID:9592
- C:\Windows\System\vLWtobv.exe
  C:\Windows\System\vLWtobv.exe
  2⤵
  PID:9620
- C:\Windows\System\bbHFRQs.exe
  C:\Windows\System\bbHFRQs.exe
  2⤵
  PID:9636
- C:\Windows\System\yjZDKPv.exe
  C:\Windows\System\yjZDKPv.exe
  2⤵
  PID:9652
- C:\Windows\System\TfEnLeS.exe
  C:\Windows\System\TfEnLeS.exe
  2⤵
  PID:9668
- C:\Windows\System\IbjRFdP.exe
  C:\Windows\System\IbjRFdP.exe
  2⤵
  PID:9688
- C:\Windows\System\uURPaBk.exe
  C:\Windows\System\uURPaBk.exe
  2⤵
  PID:9704
- C:\Windows\System\KJpzffa.exe
  C:\Windows\System\KJpzffa.exe
  2⤵
  PID:9720
- C:\Windows\System\GFMqQqV.exe
  C:\Windows\System\GFMqQqV.exe
  2⤵
  PID:9736
- C:\Windows\System\zXMTLqf.exe
  C:\Windows\System\zXMTLqf.exe
  2⤵
  PID:9752
- C:\Windows\System\IdtmIOL.exe
  C:\Windows\System\IdtmIOL.exe
  2⤵
  PID:9768
- C:\Windows\System\CTyNwiU.exe
  C:\Windows\System\CTyNwiU.exe
  2⤵
  PID:9784
- C:\Windows\System\erFisiS.exe
  C:\Windows\System\erFisiS.exe
  2⤵
  PID:9808
- C:\Windows\System\YLkpaoF.exe
  C:\Windows\System\YLkpaoF.exe
  2⤵
  PID:9824
- C:\Windows\System\YumVwQC.exe
  C:\Windows\System\YumVwQC.exe
  2⤵
  PID:9840
- C:\Windows\System\GMmXVrC.exe
  C:\Windows\System\GMmXVrC.exe
  2⤵
  PID:9856
- C:\Windows\System\NPpqDNk.exe
  C:\Windows\System\NPpqDNk.exe
  2⤵
  PID:9872
- C:\Windows\System\SsUzDZi.exe
  C:\Windows\System\SsUzDZi.exe
  2⤵
  PID:9888
- C:\Windows\System\XekEPUF.exe
  C:\Windows\System\XekEPUF.exe
  2⤵
  PID:9904
- C:\Windows\System\EbAYxtQ.exe
  C:\Windows\System\EbAYxtQ.exe
  2⤵
  PID:9920
- C:\Windows\System\XSbNoFo.exe
  C:\Windows\System\XSbNoFo.exe
  2⤵
  PID:9936
- C:\Windows\System\UiPnOLn.exe
  C:\Windows\System\UiPnOLn.exe
  2⤵
  PID:9952
- C:\Windows\System\AgrKQJe.exe
  C:\Windows\System\AgrKQJe.exe
  2⤵
  PID:9972
- C:\Windows\System\atNpmig.exe
  C:\Windows\System\atNpmig.exe
  2⤵
  PID:10004
- C:\Windows\System\XtUqleW.exe
  C:\Windows\System\XtUqleW.exe
  2⤵
  PID:10024
- C:\Windows\System\ZTALaJI.exe
  C:\Windows\System\ZTALaJI.exe
  2⤵
  PID:10096
- C:\Windows\System\NXiAbXw.exe
  C:\Windows\System\NXiAbXw.exe
  2⤵
  PID:10112
- C:\Windows\System\EFbkODX.exe
  C:\Windows\System\EFbkODX.exe
  2⤵
  PID:10128
- C:\Windows\System\PTZfiJr.exe
  C:\Windows\System\PTZfiJr.exe
  2⤵
  PID:10144
- C:\Windows\System\suZrevj.exe
  C:\Windows\System\suZrevj.exe
  2⤵
  PID:10164
- C:\Windows\System\zxTmtYq.exe
  C:\Windows\System\zxTmtYq.exe
  2⤵
  PID:8320
- C:\Windows\System\tfobZOU.exe
  C:\Windows\System\tfobZOU.exe
  2⤵
  PID:2776
- C:\Windows\System\vDWZqMB.exe
  C:\Windows\System\vDWZqMB.exe
  2⤵
  PID:9196
- C:\Windows\System\rJftEod.exe
  C:\Windows\System\rJftEod.exe
  2⤵
  PID:9284
- C:\Windows\System\tRnoruq.exe
  C:\Windows\System\tRnoruq.exe
  2⤵
  PID:9356
- C:\Windows\System\xJezPSI.exe
  C:\Windows\System\xJezPSI.exe
  2⤵
  PID:9408
- C:\Windows\System\hGKzJAQ.exe
  C:\Windows\System\hGKzJAQ.exe
  2⤵
  PID:9432
- C:\Windows\System\nOfLGiv.exe
  C:\Windows\System\nOfLGiv.exe
  2⤵
  PID:9456
- C:\Windows\System\VOKxemL.exe
  C:\Windows\System\VOKxemL.exe
  2⤵
  PID:9472
- C:\Windows\System\LiEBIBG.exe
  C:\Windows\System\LiEBIBG.exe
  2⤵
  PID:9560
- C:\Windows\System\YOMeZzL.exe
  C:\Windows\System\YOMeZzL.exe
  2⤵
  PID:9524
- C:\Windows\System\EyZBaOh.exe
  C:\Windows\System\EyZBaOh.exe
  2⤵
  PID:9532
- C:\Windows\System\hVsYupV.exe
  C:\Windows\System\hVsYupV.exe
  2⤵
  PID:9568
- C:\Windows\System\kJbyCRs.exe
  C:\Windows\System\kJbyCRs.exe
  2⤵
  PID:9600
- C:\Windows\System\jzIbICc.exe
  C:\Windows\System\jzIbICc.exe
  2⤵
  PID:9684
- C:\Windows\System\PCoCAbv.exe
  C:\Windows\System\PCoCAbv.exe
  2⤵
  PID:9748
- C:\Windows\System\OHglLdQ.exe
  C:\Windows\System\OHglLdQ.exe
  2⤵
  PID:9820
- C:\Windows\System\qYgwlSP.exe
  C:\Windows\System\qYgwlSP.exe
  2⤵
  PID:9948
- C:\Windows\System\nhWAxSF.exe
  C:\Windows\System\nhWAxSF.exe
  2⤵
  PID:9864
- C:\Windows\System\pnHzmWz.exe
  C:\Windows\System\pnHzmWz.exe
  2⤵
  PID:9728
- C:\Windows\System\BxCDmFr.exe
  C:\Windows\System\BxCDmFr.exe
  2⤵
  PID:9796
- C:\Windows\System\zhEoecu.exe
  C:\Windows\System\zhEoecu.exe
  2⤵
  PID:9928
- C:\Windows\System\IElwjYJ.exe
  C:\Windows\System\IElwjYJ.exe
  2⤵
  PID:9980
- C:\Windows\System\nyWACON.exe
  C:\Windows\System\nyWACON.exe
  2⤵
  PID:9992
- C:\Windows\System\xxkmMOM.exe
  C:\Windows\System\xxkmMOM.exe
  2⤵
  PID:10020
- C:\Windows\System\EKysZLS.exe
  C:\Windows\System\EKysZLS.exe
  2⤵
  PID:10060
- C:\Windows\System\SWzvpIS.exe
  C:\Windows\System\SWzvpIS.exe
  2⤵
  PID:10080
- C:\Windows\System\ztdNbey.exe
  C:\Windows\System\ztdNbey.exe
  2⤵
  PID:10084
- C:\Windows\System\vwUYSnM.exe
  C:\Windows\System\vwUYSnM.exe
  2⤵
  PID:10108
- C:\Windows\System\xSiLkyy.exe
  C:\Windows\System\xSiLkyy.exe
  2⤵
  PID:10176
- C:\Windows\System\UJjiPnQ.exe
  C:\Windows\System\UJjiPnQ.exe
  2⤵
  PID:10192
- C:\Windows\System\roXBWNi.exe
  C:\Windows\System\roXBWNi.exe
  2⤵
  PID:10220
- C:\Windows\System\jGuwqdt.exe
  C:\Windows\System\jGuwqdt.exe
  2⤵
  PID:10160
- C:\Windows\System\QfHBapJ.exe
  C:\Windows\System\QfHBapJ.exe
  2⤵
  PID:8820
- C:\Windows\System\owMsYMy.exe
  C:\Windows\System\owMsYMy.exe
  2⤵
  PID:9248
- C:\Windows\System\zAbreRX.exe
  C:\Windows\System\zAbreRX.exe
  2⤵
  PID:9264
- C:\Windows\System\wHnXvme.exe
  C:\Windows\System\wHnXvme.exe
  2⤵
  PID:1792
- C:\Windows\System\LlhwoUW.exe
  C:\Windows\System\LlhwoUW.exe
  2⤵
  PID:7832
- C:\Windows\System\FcjhIjE.exe
  C:\Windows\System\FcjhIjE.exe
  2⤵
  PID:1472
- C:\Windows\System\GTASPOm.exe
  C:\Windows\System\GTASPOm.exe
  2⤵
  PID:8260
- C:\Windows\System\KbjlXHo.exe
  C:\Windows\System\KbjlXHo.exe
  2⤵
  PID:8228
- C:\Windows\System\GCpeRrW.exe
  C:\Windows\System\GCpeRrW.exe
  2⤵
  PID:9416
- C:\Windows\System\waFQLtA.exe
  C:\Windows\System\waFQLtA.exe
  2⤵
  PID:9352
- C:\Windows\System\dPtFDiy.exe
  C:\Windows\System\dPtFDiy.exe
  2⤵
  PID:9552
- C:\Windows\System\jssLHfv.exe
  C:\Windows\System\jssLHfv.exe
  2⤵
  PID:9452
- C:\Windows\System\idnUhnW.exe
  C:\Windows\System\idnUhnW.exe
  2⤵
  PID:9504
- C:\Windows\System\uwdacoP.exe
  C:\Windows\System\uwdacoP.exe
  2⤵
  PID:9528
- C:\Windows\System\hGXIpcv.exe
  C:\Windows\System\hGXIpcv.exe
  2⤵
  PID:988
- C:\Windows\System\RQxsUae.exe
  C:\Windows\System\RQxsUae.exe
  2⤵
  PID:9664
- C:\Windows\System\hUhIDqp.exe
  C:\Windows\System\hUhIDqp.exe
  2⤵
  PID:9912
- C:\Windows\System\xdUbixx.exe
  C:\Windows\System\xdUbixx.exe
  2⤵
  PID:9804
- C:\Windows\System\aQcsehw.exe
  C:\Windows\System\aQcsehw.exe
  2⤵
  PID:9544
- C:\Windows\System\kUZQVJm.exe
  C:\Windows\System\kUZQVJm.exe
  2⤵
  PID:9612
- C:\Windows\System\xzMfsRY.exe
  C:\Windows\System\xzMfsRY.exe
  2⤵
  PID:9696
- C:\Windows\System\vcAQFMC.exe
  C:\Windows\System\vcAQFMC.exe
  2⤵
  PID:9648
- C:\Windows\System\dHTcHyx.exe
  C:\Windows\System\dHTcHyx.exe
  2⤵
  PID:9884
- C:\Windows\System\QfCjfsd.exe
  C:\Windows\System\QfCjfsd.exe
  2⤵
  PID:9848
- C:\Windows\System\hjnPFHi.exe
  C:\Windows\System\hjnPFHi.exe
  2⤵
  PID:10044
- C:\Windows\System\pAttYkN.exe
  C:\Windows\System\pAttYkN.exe
  2⤵
  PID:10072
- C:\Windows\System\BszHLQw.exe
  C:\Windows\System\BszHLQw.exe
  2⤵
  PID:10052
- C:\Windows\System\GesoCsJ.exe
  C:\Windows\System\GesoCsJ.exe
  2⤵
  PID:10152
- C:\Windows\System\oAkSliM.exe
  C:\Windows\System\oAkSliM.exe
  2⤵
  PID:10136
- C:\Windows\System\AuKfmZo.exe
  C:\Windows\System\AuKfmZo.exe
  2⤵
  PID:9256
- C:\Windows\System\HNveCQK.exe
  C:\Windows\System\HNveCQK.exe
  2⤵
  PID:10216
- C:\Windows\System\pAPwRPe.exe
  C:\Windows\System\pAPwRPe.exe
  2⤵
  PID:9336
- C:\Windows\System\AdrdBzF.exe
  C:\Windows\System\AdrdBzF.exe
  2⤵
  PID:408
- C:\Windows\System\juFDjOZ.exe
  C:\Windows\System\juFDjOZ.exe
  2⤵
  PID:6424
- C:\Windows\System\UaQxyez.exe
  C:\Windows\System\UaQxyez.exe
  2⤵
  PID:1080
- C:\Windows\System\pYjbKcI.exe
  C:\Windows\System\pYjbKcI.exe
  2⤵
  PID:2804
- C:\Windows\System\vmjCGrI.exe
  C:\Windows\System\vmjCGrI.exe
  2⤵
  PID:9444
- C:\Windows\System\dEshQoJ.exe
  C:\Windows\System\dEshQoJ.exe
  2⤵
  PID:9280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AsNJESG.exe

Filesize
6.0MB

MD5
0f7c7f64b63670ba797ad5cab8740d4b

SHA1
105d495ead0a2e66128b10b757e39cb68f842a26

SHA256
07bac34d3c70077ec638bc0c44f529c65afbe2e656f39ae3ed82d1dbca2714f4

SHA512
bb49149b398c0aedf8b4ddd23bf7522f6b0fa8621fba9f6a45e19943b47b33d53dcbd1e6de2fbe404e25171f0d3b1427222b3714c82b1a4d7080a6c4c97a8ae5

Download Submit
C:\Windows\system\BMNHAbC.exe

Filesize
6.0MB

MD5
764086bd549cb44574cd40a221cb272b

SHA1
569ab78965660a9cd6c87b36aaefe09780ca336a

SHA256
7456b6be18370c7dc2362046f1aceaaa5e2cce2a89bda89ec2a80417fb5d6e20

SHA512
883ad74dda801246cbeed3ce94edec5bf8c4f61a73be6d7f78e66e521e974eb760a6f1a0b1fedcdeca6043c5861892f8f8162fe3db9dbb1431305df32f8ece13

Download Submit
C:\Windows\system\ChaQJAP.exe

Filesize
6.0MB

MD5
6018c045ae1879bde0eed4d698fb9909

SHA1
bf052a39193b3d1aa83ae834d6c61945d93970a1

SHA256
f26256440cd5a5a65979bf5d4099e3685e3c13ebe322679efe6445b31a4639a9

SHA512
40f38fd8f696888a831ef262cea520d9ece25f434bce388da9b27e272182065ef94a3bfe114b6a7a28ce276774b6968b3c5b397940520e201359dd37bcdf8623

Download Submit
C:\Windows\system\FeyCYqX.exe

Filesize
6.0MB

MD5
fd4394f8794c209be0476a6cf032fa20

SHA1
fa2c52338d3101730e04c7f0bc4cebf519b1af25

SHA256
be44de36d5a426e7ad388cb18f8ce8539f3253ef80d68c18b078c6e1e1c46c60

SHA512
642cbef226e7cdd496dd886717954e0d829b912fd5f9d21e550dd0c9f7e7a86d1bb70b43a261339d4c3884dbfcfca9ab99197c6e5330ec458932429f018bad2e

Download Submit
C:\Windows\system\JVPWPvH.exe

Filesize
6.0MB

MD5
6d5f8ee45ada3cd2ae2fa6436e57944b

SHA1
608cdded8170afc848c9632af59d5f130e3f9ca9

SHA256
b8d09df2ed788e8a38c5d2e7ca4899eb6e171f8d77a342d0fc765912e1e2abac

SHA512
2454d089e31f6caceff9083a45a6d082f1b4faebfcaf4a77eb62ae9048e831fef631d77bc94f4a4de0bdc6ff86cb4225abcbb85cb1da2ef7fef2dc8b2dfadb4d

Download Submit
C:\Windows\system\NwswrIK.exe

Filesize
6.0MB

MD5
5ce8ee97344fd31ba9b82c901183a2c4

SHA1
6a06bf839a75ea7625cee530933fce4f734ad028

SHA256
8304161f72e341e22b7fe42d1c336c832cc9dddda1faa569bd47ce07477244ec

SHA512
399e01ba3a69392c9b7b025eadc6cab2e50ff4db5881ece1cfe5313eb88bc40f9e15650b326710626e4b1a2460b09915212e225c113a5326ce9b3b02a14278d0

Download Submit
C:\Windows\system\OELAyvy.exe

Filesize
6.0MB

MD5
488c0c0d4ea083cb49eefd352fc2f5a9

SHA1
d119decb39bf82c5693b9c56043124f9e8cb914e

SHA256
2730bdd6fd31db06c19df41c86b04aa984b16c60322aeb9934b098f8ece85294

SHA512
236a624f2f163739b8876db8f6014e9e09a59f5b35edaa623754e209bfea8c8440cc10ba40f6f80d3b12058103828b2d47fd7568f242ba594af55380f3367548

Download Submit
C:\Windows\system\OisioFr.exe

Filesize
6.0MB

MD5
1fad389e939718448ffd1a50ccd5a86a

SHA1
f071530ebfa82308296c0f7aa4e8c3e1abf7f2ad

SHA256
e65e39c9556a961e75f588ffb3beae674e47c5648b48a7c984104ef7dae36a26

SHA512
4ccc09660915fe510e6f7fe98df204730c76562482bfd125e2a08ffd51a1d76838a6c66c79cdfe97264bf49638cc7b0349c3afda2303b79a083d3ba749a9ebc5

Download Submit
C:\Windows\system\PHVnCAU.exe

Filesize
6.0MB

MD5
beb11af2d63f1c4e181ba622929ed70a

SHA1
8428b75ee238d04677ab65ca77d81d72798f0ddb

SHA256
ac625e4d6155932276fa3b5ce776392f86e4423221c6382dbce2f3d5ec035248

SHA512
1fe06cf3e016a1447e0736abffe55054d3b3498456d1e04513236c3c840554dad8a4710befb6ea759d8a9782912a7c9928c4623ccde4fa4d413d7e9def38cda5

Download Submit
C:\Windows\system\QpCbniR.exe

Filesize
6.0MB

MD5
ed222c4383372dcd93c2e6acc7ab5609

SHA1
3eba393ba113152fcd545199f1f432b794783d9b

SHA256
e05efa15c5e9eb05ce40826fc2907302ebb6f9be86e7da5f31e485cd6d720068

SHA512
94062ef8d31a7fc50da21ce859b38201df3c37a0b5f7be52a9fcec608293750bde4bda57e1d9ccfebd4ed74c8031b757311834ef64c461a7e85be4d6be33d075

Download Submit
C:\Windows\system\RXzlbVl.exe

Filesize
6.0MB

MD5
3e586a03ae242fd99dbd8e3479eba67d

SHA1
ed7818afe8551a66d8a34c2dbcccfc33cd0d7dd2

SHA256
f1b079e635264b2a26e959fe778c93d5c35ebe64d56d33a08273c65a82842f98

SHA512
9fb46fa92cd5fc8e395cbce78a6be11410459b651fa4a24dfeb6b731e925cc7a06f3c66663aca1fd28bbdb975934f5d16a33d524c857953edd013e6d1b73e352

Download Submit
C:\Windows\system\SIHHlvI.exe

Filesize
6.0MB

MD5
d909ac8bde9045bfc8b4f03688a45685

SHA1
cd06db12094a38d8d5dcee620736ff7f15260dc9

SHA256
112e14808a720a5104eae56611c07a8182fe7bb94ddc9f42919bd0d93c70245b

SHA512
fadad04dee5fa87235e2acc6aec4f68a3fd04333f6616ccaf2f31d1a422dfe5cd9cae10a64a980f1ee5e949cac8e3e131217fec42cf0fa0957763273981ad05c

Download Submit
C:\Windows\system\ThWqIYF.exe

Filesize
6.0MB

MD5
28006288ccddb9d62b07c1f456e2018b

SHA1
9366984ce97e20f71da8dcb191482a59e5e279fd

SHA256
f7bf0b6a5636b0b111cc04f34a3040945e5de7486e657302ffa4a4267f0f01a6

SHA512
cfc7ddcdaed5c5503f890ce94fbe03dd582d07fa79829da31fbb24db17853e3ad3286c0c234967b2cbddaf8d38b7138cae570f3e341710fd69f049ee4430701b

Download Submit
C:\Windows\system\VPIbVeX.exe

Filesize
6.0MB

MD5
7a80fa2ae67ce756b73d823c8a8848d7

SHA1
f6ac4849e710878e69b97c1fadcdf8608ee9ee86

SHA256
2eb49c9c8d78593df2adccacb3c208a46557847abd1f4f9f787f58b19f40826d

SHA512
edda21835c583faa554a12320d705267700132be3c267d56c7f52d0a94ed39a5457dd16cd84ea3ad8cf40f6b759b41ab02823ec80b884dff2cb42c55df215339

Download Submit
C:\Windows\system\VlQvbbP.exe

Filesize
6.0MB

MD5
8af06d6fce7d184b9a335f498d79f1f2

SHA1
23e82e35280e9fc10a3158662c7afe875a7b105b

SHA256
38b145d9f07a87175b4fe1a1624393812f446c105c9aa0f71d3f1466a460121a

SHA512
6e93654ccacb2047bf8acfe159b171d063c1f666ed922a82ab0618acf2eaf64e5e9bc1acd7771ea0225b38f5ac373941c07db79290a7085b937f4ebb0be2973b

Download Submit
C:\Windows\system\WUvBcJQ.exe

Filesize
6.0MB

MD5
a56c19c0333488979a2886b6e19128b7

SHA1
b5a712d9b3e68d57652b92f92f390131555b147a

SHA256
9db755409fa886970e1d8dc38f485b93e506286f10910c66d0b2ece7cfdd0bca

SHA512
e8c88c745959a2427d6fc1a950552fedcd1fc4e9c681652f97b248f6c710da9a38fb6e0f845962e3e4448522317115c3ffbe9290120f36771ea7309104dd291d

Download Submit
C:\Windows\system\WWjIdnb.exe

Filesize
6.0MB

MD5
50937d007a08c31e12ae0661550b73f8

SHA1
ac0e8be3ee15cb5b1f73e4ae0be94e473c8672d2

SHA256
ccdcd32b7241f57e813f932b276eaeb0ec3de668940d967ff871dc1920ae0131

SHA512
0936a34414a9ce172b98deecdfaee6222281211d093cca4a4f845ee532351250492b934767207e6a2084e8ab0747de15026ec03b33e33eafd5ef76f9e7d015ab

Download Submit
C:\Windows\system\XOvXIYw.exe

Filesize
6.0MB

MD5
2547469e9b6e7f47a7a763070c3c0b3e

SHA1
db1f733b126bf0878da3bca74dd16e16514321bc

SHA256
6f8c6432d219bd6774960cf85a677a78491facb5ee5a5e3e23dbf7ed359455fc

SHA512
805b26aadbbd5ffbe963da086be12afd7168c620a7b938f09449ab46320d482a9b6564482481dbb206452ebf06b6547527ffddf66443cbcbe375a3a58c682786

Download Submit
C:\Windows\system\bkacbac.exe

Filesize
6.0MB

MD5
6eaa4b88dea470fcc8865855bc8d3059

SHA1
8a67b7e7297da30794aade6dbe3c50a5bfa0eee3

SHA256
b4a2adf825b43ea49b0aa1294de1c95b64a6f0de1c253a0ea11dda7e4214f9be

SHA512
36066e1015260ab35d7a4082ae206d6f60a27b9ba06671c5ba05e9e9053908ec0b81d609bffd9a8454ce4b5d94841e9a9ead4ef1ab97a9169975accad4140f75

Download Submit
C:\Windows\system\hJGXHxU.exe

Filesize
6.0MB

MD5
7240068725b681555333932d5f76df2f

SHA1
4f8d825efe246c38bb2ad5627f77c41c4fde3081

SHA256
42ed48af20810f98e9f5b62128c820158c4d13d707c1c09cf2444d8f27437068

SHA512
b4ec1ea7e762744954fada0bf37d412063583472012a674bd20f2d6a9b45e696448b07acd5ab743f4098f81a431eb46c02ef3d6379eebd5268fd68ffe203c257

Download Submit
C:\Windows\system\iTfINpQ.exe

Filesize
6.0MB

MD5
254f64f1c5e544726701eeba1bf2c148

SHA1
10cb848bc779a8305753ec6a268dda94cda8ac29

SHA256
4afd9a6d9a76ecc3695a4b29448ed238322d85ada9c387d18997eebe37b8da70

SHA512
11da327025e350425f88b70ebb5b3384f7fe5314109d82e496bea8707b5918927c23b3b1b50069934c1344972637fd02b8d643ff6e45c78b56ca60009076bc24

Download Submit
C:\Windows\system\vGxRVrY.exe

Filesize
6.0MB

MD5
e7f33aa676275f91c7f02a1571cc85e5

SHA1
69dd9fbf3f1870eb0ae223a4834eee0dc1b2cb83

SHA256
42a60a71bca7352b05df52e6cd3b831ecda06bfa1a5076cc8ea46aafc8fd8b97

SHA512
40a2d60c411e085fa96aea4aba2ad8116cd5a5f6f0e975e348f0d79f1f7168d5aa9a88a0a77166130e913f6805b3d1fecc9ad2195a3a03e5a4fd312289baddff

Download Submit
C:\Windows\system\vskyPNv.exe

Filesize
6.0MB

MD5
58f68dc4f418a50ea5081b6ab564c8bb

SHA1
c090d153679e10ac46dd28f20b183def207e62a4

SHA256
46af008d5d0b6ebac3ec19f7523101a60bb590a31afb7d24d91e675c1e169b5f

SHA512
92543bf2eff219c937ccfa2bfeff63788676ddd0a85bc269d43dca53d606c19982708eea3000fd4d4fed548d266b7d185f396ec6187e7880123c55429f3844b4

Download Submit
C:\Windows\system\wKUqWYw.exe

Filesize
6.0MB

MD5
bcd28da723fbe0034a784c789f9616df

SHA1
50fc9accc1c3723c92ba523365d4d20c3a5fcfac

SHA256
e78603f211e7b5025e0cb3c36a9801060053a6623976cac125cd97c2b5f89d0c

SHA512
6b589d9f27f7d7cabe462f5f839963ce21816f783b9e17ecf58711a62bd7abc372a11c1d389430cfb3480687def1943dd696bb8f0c7603dadcbf7794052d9719

Download Submit
C:\Windows\system\ysNBWtb.exe

Filesize
6.0MB

MD5
3f991d0f28a3ca278b2bce952d91fbef

SHA1
6383385f39ebb4b2e2f687007d3514765e84767f

SHA256
8cc9860e2fea54bcae7bfd0b81ae8660fa0330d8a7655d3dca7fbd79be20cd74

SHA512
546c754df84eb0585e83570260786faabc69b87d157f4059f31eca3ffeba372d44a5649453668af05464abf8442b471e2ca0cce20b80bde4e25022d25736a54f

Download Submit
\Windows\system\FkEznlm.exe

Filesize
6.0MB

MD5
77edd5a31eaa045513d0b077e266dbfe

SHA1
d4a652f4fcc9a45e11f61955f817811214e39118

SHA256
c9b3065fc973e2adaf5f442d22bab53ba0a8f51cb63aa69ec3ecc4f3161dfb76

SHA512
81ae2fb9399091321ce11104c470e27f3251d74a06894c6dde5f767ca1f938e9b2503ff0f398f5e7e30729c344ea964cd81207b6d4fe193b6eb2bf550af68dbf

Download Submit
\Windows\system\GRHglJw.exe

Filesize
6.0MB

MD5
b8ad5e12f0991a12082f6eb452b9a014

SHA1
efaa55d51e5857c2ef256a55e3b2f07e7a5648f2

SHA256
6d3facc6507df55fe7c5970d99b18efbf2c8a374057ff9822cf1df1277e8d5d5

SHA512
d3c7ce7f74833810aaba96506a6dc842eadf211bca2b8b1909faaf1adc213d893363ff4c404a31ca7ec4ae9f72b2305885d9c8c89f349161958e809d2673931d

Download Submit
\Windows\system\YoXSmwX.exe

Filesize
6.0MB

MD5
f56511b0a513fc6fc074d9112bfe713e

SHA1
ea3c54f56a8f5f92d7d4cdb60d970322ba88bb79

SHA256
3e3b1c789b18fee5cd631d2dde0d29fdbd0d7f5cfcbf69f0a7b2b4366b779fd2

SHA512
a3401646e8f15a43391e25fb896071fa258cce08bb094c18c8475f2600974900a1835a81d4b57c4943a2cf46107c7f14fee922b7c4838fb147472e48901c0b32

Download Submit
\Windows\system\nLJvfqv.exe

Filesize
6.0MB

MD5
6856976e483273e2e84c8455e8a155e2

SHA1
251c113b56a005bea4119b613996209582832880

SHA256
4543d8a3bf897dc273954a82c7eed0e93d0db47291192f1e7cd873cbe4734190

SHA512
feba5a7db741db1060d4b93668225fe670e7bb236fad99311144d227ce66aee33ba8a3da05b86f94421d0d93e46aa4fed54e613dc37a34cc0f70eedf130397e0

Download Submit
\Windows\system\oFBWtTw.exe

Filesize
6.0MB

MD5
55dabc51501f2030324b9f1026fc8f6f

SHA1
84db8fb74e7ab6ff282f5f9f2bb63a7751a330d1

SHA256
dfa99cd479dc433e750e0649c7af7b77a7df5aeb38eaa50c0e52e03b9c576a6e

SHA512
b7fb43d9f5dade69efdaeac5257fdbd3acdd1bcfae9ba6c7c5ed7e61d43c6f019fe6b216f8aa854a1e6cbf1a37592a4617664963b18c62d3fc5e489f405ec6ad

Download Submit
\Windows\system\rKlyFus.exe

Filesize
6.0MB

MD5
74fa3c7354549caca959072ecaf41e26

SHA1
5f0c85ebb6944caf4849bbf8e41a008cd72a42d5

SHA256
b9c7b0b399bd3dcbaab71175f87ddb03805649f32d650f4cfac42c693faa89bc

SHA512
f1dffb394afca21c42818fd2667f89358ca7dce95908446a2a78487de7fb40098f100e774a4f452474d847feac9d09e9566c2058badf0d9e3d8d3c1aff431baf

Download Submit
\Windows\system\vSqlpzY.exe

Filesize
6.0MB

MD5
dc1bc823e2c162726320df942855b282

SHA1
45a6474c8551e57c6a74cb21e6c1d76b56a7efa1

SHA256
41601c3ec948a56e2f3509e693842e34da015b5363c27792dd12aaad85c39573

SHA512
3c69bb725e91347af484e6291b536d8da014e0066dd70e82ea115da4efd7a8694f7e5d26878f55024e2dd4afa048a7b017262a2da0a36cd492f75e9062c811f2

Download Submit
\Windows\system\wCGJjni.exe

Filesize
6.0MB

MD5
d230ed05b7ff8b0f883070ccd1991390

SHA1
09f74b3c7bec6aa41e8af27ec150b3eda5eff354

SHA256
c240663d1a4a19694b60befaf1a87f9a3e39bd37729cad8ac85c142b5e8a4850

SHA512
5cb9e513a3c2f86bddcf92b290c6d84c84731d06b36649e2bd9cbded18f59cb8ca5f412d84b4a4732b03435c070615323f42d60b80cfe04a6ae0528db58d999e

Download Submit
\Windows\system\wfgcARy.exe

Filesize
6.0MB

MD5
fe4f434041892a8610193ef4c314f291

SHA1
53b4824f619e8a16f4d8674aeac3bcfee10bacea

SHA256
5a410d8c1992940ab83ebaba659d552ee8e7e3ce45398b98bc0de7328a236d96

SHA512
14b3e6102686a5968807a0565e44445319d60260a1d7a7f4870807e1d8ccd56fc231d3c89a233dd047ec2d9e40d0839ce314010c56097889c06f9fe88b3bd911

Download Submit
\Windows\system\wzFtpLa.exe

Filesize
6.0MB

MD5
c9900c91e694b2eea780a782317b074b

SHA1
ad2d44aff03c21e1a52ef8a71bb41e49bd05ad79

SHA256
e2cddc3722b690ee50b5de0598395ee6385a80c555bac6dbff403b19a5b91241

SHA512
cef22746370413ccdbd067d523a92f7f3016e1229ec5aa2e01ac4c8e7be719deb8db63941ad76be17def774f309333c51548b182927e48eca3f535d5a2570599

Download Submit
\Windows\system\xFgvYCu.exe

Filesize
6.0MB

MD5
b7222f20067ffc129eae7367d6934d1c

SHA1
4f74fcf499d1e5210ae72e28a0480e565ff3c0fe

SHA256
b343e590cb2a75e63b8bff565a6fd71ad034af3252d0e21ab309f8535480fb06

SHA512
bb9814edf0d061ac96e2c08e2a567d9c7ccebd0b1eb8f86ecf16af2a909cc69b8107622ff9999bc1464ececc4f64a069961fe96fc3dde8a216be84a6c059f723

Download Submit
memory/2028-3742-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-977-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-102-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-573-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2068-41-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2068-3638-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2120-22-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3787-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3842-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2140-81-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2232-31-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2232-273-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3776-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2248-3640-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-69-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3639-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2404-8-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2404-51-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2524-68-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2524-76-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-137-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2524-142-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2524-61-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-60-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2524-150-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2524-49-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-44-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2524-12-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2524-125-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2524-0-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2524-36-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2524-34-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2524-109-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2524-85-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-28-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2524-133-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2524-19-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2524-155-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2524-774-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1166-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2524-976-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-67-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3792-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-42-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3782-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2936-775-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3822-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-50-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download