cobaltstrike | 9a0c9fd09ca2d12333c75b337fbb452d9173d59294384fb127575cb9d1eda6f2

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

21e446b948e99239a57efe380450c41a
SHA1

bb91c861101f43d2047f26c222b73482958abced
SHA256

9a0c9fd09ca2d12333c75b337fbb452d9173d59294384fb127575cb9d1eda6f2
SHA512

8b842d75cb8b4fbc76d9b7af3bb5fc4831016017b92f2007c87ffb83262dc39b58d6063ec664c5065f847a33256b721a3ebab87f0b1ee9790d95689c29df44dd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d21-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d31-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4a-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d42-34.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cec-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5e-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-65.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d68-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-136.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2304-0-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016d18-13.dat	xmrig
behavioral1/memory/1928-14-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2304-7-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2988-12-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d21-16.dat	xmrig
behavioral1/memory/2804-22-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d31-27.dat	xmrig
behavioral1/memory/3000-47-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d4a-44.dat	xmrig
behavioral1/memory/2996-51-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2900-49-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2824-37-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d42-34.dat	xmrig
behavioral1/files/0x0008000000016cec-32.dat	xmrig
behavioral1/files/0x0007000000016d5e-55.dat	xmrig
behavioral1/memory/2340-58-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2304-56-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ea-65.dat	xmrig
behavioral1/memory/2304-66-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d68-59.dat	xmrig
behavioral1/files/0x00050000000186fd-82.dat	xmrig
behavioral1/memory/2888-64-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/1776-87-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0005000000018728-88.dat	xmrig
behavioral1/memory/1872-81-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-80.dat	xmrig
behavioral1/memory/1232-92-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2340-91-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/3000-78-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2804-76-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2852-75-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/1928-62-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2888-93-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001873d-96.dat	xmrig
behavioral1/memory/2852-101-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/1412-105-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2304-111-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2304-113-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0005000000018784-110.dat	xmrig
behavioral1/files/0x000500000001878f-114.dat	xmrig
behavioral1/files/0x00050000000187a5-121.dat	xmrig
behavioral1/files/0x0006000000019023-126.dat	xmrig
behavioral1/files/0x00050000000193e1-166.dat	xmrig
behavioral1/files/0x0005000000019431-181.dat	xmrig
behavioral1/files/0x0005000000019441-186.dat	xmrig
behavioral1/memory/1232-605-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2304-497-0x0000000002200000-0x0000000002554000-memory.dmp	xmrig
behavioral1/memory/1776-381-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1872-193-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0005000000019461-197.dat	xmrig
behavioral1/files/0x000500000001944f-191.dat	xmrig
behavioral1/files/0x000500000001941e-171.dat	xmrig
behavioral1/files/0x0005000000019427-176.dat	xmrig
behavioral1/files/0x00050000000193c2-162.dat	xmrig
behavioral1/files/0x00050000000193b4-156.dat	xmrig
behavioral1/files/0x0005000000019350-151.dat	xmrig
behavioral1/files/0x0005000000019334-146.dat	xmrig
behavioral1/files/0x0005000000019282-141.dat	xmrig
behavioral1/files/0x000500000001925e-131.dat	xmrig
behavioral1/files/0x0005000000019261-136.dat	xmrig
behavioral1/memory/1412-909-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2304-1863-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2988	nFyWHME.exe
1928	HgByaOh.exe
2804	luWCPRD.exe
2824	ACgQdwP.exe
2900	GewlsZy.exe
3000	njgDevx.exe
2996	RFmVult.exe
2340	ikjZviS.exe
2888	rCNczYT.exe
2852	SqTsTiS.exe
1872	JFiQoQS.exe
1776	sIUGbPu.exe
1232	kxMyBtm.exe
1412	SNqQOvb.exe
796	mhdSbHN.exe
2952	fzyuxNa.exe
2608	ZuroyYK.exe
2956	OVOdTvx.exe
1640	DsrNxuL.exe
2440	EGJlQPj.exe
1404	fUIJumA.exe
2284	hcIduBn.exe
2100	rNTaUXH.exe
1624	taevMwt.exe
772	BSuPsBv.exe
2972	KYbmgya.exe
2544	HcdTlqr.exe
1720	JquXxad.exe
1596	tjrMfOy.exe
836	axaKJzC.exe
2320	CVgnzEl.exe
1096	iNzsWnW.exe
1300	fkzYAyE.exe
1788	xQrLidc.exe
2268	YSfKvfS.exe
1684	vywmxCr.exe
1480	cemvudY.exe
1580	lgrclQz.exe
1748	FaZntoP.exe
780	lJqpgdQ.exe
2484	XxDEzdl.exe
632	xttzxpq.exe
2080	eituKgn.exe
2572	zDsGtyI.exe
600	XuHiwct.exe
2580	okClyeM.exe
884	oDnEeQo.exe
1740	pNbxFiM.exe
2208	SozsLTr.exe
3044	srJTWxG.exe
2248	fONERdt.exe
2264	AjZykXR.exe
1520	YzWqfrk.exe
1636	vgMkMAK.exe
2536	cDWYvma.exe
2236	XBBBcNJ.exe
2816	woldZvm.exe
2656	QYovrhi.exe
2912	OykYUuV.exe
2932	rDIFSCe.exe
2696	YdCmhfv.exe
2152	IZGyJlF.exe
2872	gmOXdSB.exe
2396	fDYKUJl.exe

Loads dropped DLL 64 IoCs

pid	Process
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2304-0-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016d18-13.dat	upx
behavioral1/memory/1928-14-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2988-12-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0008000000016d21-16.dat	upx
behavioral1/memory/2804-22-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x0008000000016d31-27.dat	upx
behavioral1/memory/3000-47-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0007000000016d4a-44.dat	upx
behavioral1/memory/2996-51-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2900-49-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2824-37-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0007000000016d42-34.dat	upx
behavioral1/files/0x0008000000016cec-32.dat	upx
behavioral1/files/0x0007000000016d5e-55.dat	upx
behavioral1/memory/2340-58-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2304-56-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x00050000000186ea-65.dat	upx
behavioral1/files/0x0008000000016d68-59.dat	upx
behavioral1/files/0x00050000000186fd-82.dat	upx
behavioral1/memory/2888-64-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/1776-87-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x0005000000018728-88.dat	upx
behavioral1/memory/1872-81-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-80.dat	upx
behavioral1/memory/1232-92-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2340-91-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/3000-78-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2804-76-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2852-75-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/1928-62-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2888-93-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x000500000001873d-96.dat	upx
behavioral1/memory/2852-101-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/1412-105-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x0005000000018784-110.dat	upx
behavioral1/files/0x000500000001878f-114.dat	upx
behavioral1/files/0x00050000000187a5-121.dat	upx
behavioral1/files/0x0006000000019023-126.dat	upx
behavioral1/files/0x00050000000193e1-166.dat	upx
behavioral1/files/0x0005000000019431-181.dat	upx
behavioral1/files/0x0005000000019441-186.dat	upx
behavioral1/memory/1232-605-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/1776-381-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1872-193-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0005000000019461-197.dat	upx
behavioral1/files/0x000500000001944f-191.dat	upx
behavioral1/files/0x000500000001941e-171.dat	upx
behavioral1/files/0x0005000000019427-176.dat	upx
behavioral1/files/0x00050000000193c2-162.dat	upx
behavioral1/files/0x00050000000193b4-156.dat	upx
behavioral1/files/0x0005000000019350-151.dat	upx
behavioral1/files/0x0005000000019334-146.dat	upx
behavioral1/files/0x0005000000019282-141.dat	upx
behavioral1/files/0x000500000001925e-131.dat	upx
behavioral1/files/0x0005000000019261-136.dat	upx
behavioral1/memory/1412-909-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2988-3531-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/1928-3532-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2824-3606-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/3000-3621-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2804-3625-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2900-3632-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\anKhKPt.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajjhfit.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASvUauU.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdulBFj.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVbOsXX.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPNcCXj.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTjENKw.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huAGOzs.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OykYUuV.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWAgbhF.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPZEcCW.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivqaLqZ.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNTSDnZ.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSRLVMG.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHMTyWm.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxMyBtm.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSNmFVe.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPDDomc.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etgrklA.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAgzXiq.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDjkvdH.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnscCmj.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJfPLKe.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krGRDer.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVrCIag.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSNCwAL.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDmuWwI.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzmHqtm.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpdwUzO.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYGfOxv.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaaAPxI.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGcIvCz.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRkAPIM.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlNwsBa.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNvgxsq.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQYLBBw.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqJpyEh.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwqiisi.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWZkIof.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieeSZYN.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLXgWwu.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maRoEmB.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxAGBoj.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hulBvLx.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUoBPFJ.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNgsoEZ.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjMJmbE.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEaeeUn.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnhLGqU.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWUNQpx.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIoewYM.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqimuAl.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzwuxpY.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIQNeUb.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmzMjGk.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqSwvla.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkSMEli.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkPZjXB.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxxjAVr.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkTWXdR.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdXQtcY.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQyaSpV.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGQCFdd.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQPzOLU.exe	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2988	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 2988	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 2988	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 1928	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 1928	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 1928	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 2804	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 2804	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 2804	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 2824	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 2824	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 2824	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 2900	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 2900	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 2900	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 3000	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 3000	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 3000	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2996	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2996	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2996	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2340	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 2340	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 2340	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 2888	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 2888	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 2888	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 2852	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 2852	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 2852	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 1872	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 1872	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 1872	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 1776	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 1776	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 1776	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 1232	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 1232	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 1232	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 1412	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 1412	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 1412	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 796	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 796	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 796	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 2952	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 2952	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 2952	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 2608	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 2608	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 2608	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 2956	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 2956	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 2956	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 1640	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 1640	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 1640	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 2440	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 2440	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 2440	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 1404	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2304 wrote to memory of 1404	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2304 wrote to memory of 1404	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2304 wrote to memory of 2284	2304	2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_21e446b948e99239a57efe380450c41a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\System\nFyWHME.exe
  C:\Windows\System\nFyWHME.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\HgByaOh.exe
  C:\Windows\System\HgByaOh.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\luWCPRD.exe
  C:\Windows\System\luWCPRD.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ACgQdwP.exe
  C:\Windows\System\ACgQdwP.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\GewlsZy.exe
  C:\Windows\System\GewlsZy.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\njgDevx.exe
  C:\Windows\System\njgDevx.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\RFmVult.exe
  C:\Windows\System\RFmVult.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ikjZviS.exe
  C:\Windows\System\ikjZviS.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\rCNczYT.exe
  C:\Windows\System\rCNczYT.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\SqTsTiS.exe
  C:\Windows\System\SqTsTiS.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\JFiQoQS.exe
  C:\Windows\System\JFiQoQS.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\sIUGbPu.exe
  C:\Windows\System\sIUGbPu.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\kxMyBtm.exe
  C:\Windows\System\kxMyBtm.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\SNqQOvb.exe
  C:\Windows\System\SNqQOvb.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\mhdSbHN.exe
  C:\Windows\System\mhdSbHN.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\fzyuxNa.exe
  C:\Windows\System\fzyuxNa.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\ZuroyYK.exe
  C:\Windows\System\ZuroyYK.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\OVOdTvx.exe
  C:\Windows\System\OVOdTvx.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\DsrNxuL.exe
  C:\Windows\System\DsrNxuL.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\EGJlQPj.exe
  C:\Windows\System\EGJlQPj.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\fUIJumA.exe
  C:\Windows\System\fUIJumA.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\hcIduBn.exe
  C:\Windows\System\hcIduBn.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\rNTaUXH.exe
  C:\Windows\System\rNTaUXH.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\taevMwt.exe
  C:\Windows\System\taevMwt.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\BSuPsBv.exe
  C:\Windows\System\BSuPsBv.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\KYbmgya.exe
  C:\Windows\System\KYbmgya.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\HcdTlqr.exe
  C:\Windows\System\HcdTlqr.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\JquXxad.exe
  C:\Windows\System\JquXxad.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\tjrMfOy.exe
  C:\Windows\System\tjrMfOy.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\axaKJzC.exe
  C:\Windows\System\axaKJzC.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\CVgnzEl.exe
  C:\Windows\System\CVgnzEl.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\iNzsWnW.exe
  C:\Windows\System\iNzsWnW.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\fkzYAyE.exe
  C:\Windows\System\fkzYAyE.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\xQrLidc.exe
  C:\Windows\System\xQrLidc.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\YSfKvfS.exe
  C:\Windows\System\YSfKvfS.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\vywmxCr.exe
  C:\Windows\System\vywmxCr.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\cemvudY.exe
  C:\Windows\System\cemvudY.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\lgrclQz.exe
  C:\Windows\System\lgrclQz.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\FaZntoP.exe
  C:\Windows\System\FaZntoP.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\lJqpgdQ.exe
  C:\Windows\System\lJqpgdQ.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\XxDEzdl.exe
  C:\Windows\System\XxDEzdl.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\xttzxpq.exe
  C:\Windows\System\xttzxpq.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\eituKgn.exe
  C:\Windows\System\eituKgn.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\zDsGtyI.exe
  C:\Windows\System\zDsGtyI.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\XuHiwct.exe
  C:\Windows\System\XuHiwct.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\okClyeM.exe
  C:\Windows\System\okClyeM.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\oDnEeQo.exe
  C:\Windows\System\oDnEeQo.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\pNbxFiM.exe
  C:\Windows\System\pNbxFiM.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\SozsLTr.exe
  C:\Windows\System\SozsLTr.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\srJTWxG.exe
  C:\Windows\System\srJTWxG.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\fONERdt.exe
  C:\Windows\System\fONERdt.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\AjZykXR.exe
  C:\Windows\System\AjZykXR.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\YzWqfrk.exe
  C:\Windows\System\YzWqfrk.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\vgMkMAK.exe
  C:\Windows\System\vgMkMAK.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\cDWYvma.exe
  C:\Windows\System\cDWYvma.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\XBBBcNJ.exe
  C:\Windows\System\XBBBcNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\woldZvm.exe
  C:\Windows\System\woldZvm.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\QYovrhi.exe
  C:\Windows\System\QYovrhi.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\OykYUuV.exe
  C:\Windows\System\OykYUuV.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\rDIFSCe.exe
  C:\Windows\System\rDIFSCe.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\YdCmhfv.exe
  C:\Windows\System\YdCmhfv.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\IZGyJlF.exe
  C:\Windows\System\IZGyJlF.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\gmOXdSB.exe
  C:\Windows\System\gmOXdSB.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\fDYKUJl.exe
  C:\Windows\System\fDYKUJl.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\ZGUOeXm.exe
  C:\Windows\System\ZGUOeXm.exe
  2⤵
  PID:2884
- C:\Windows\System\bQIkQbI.exe
  C:\Windows\System\bQIkQbI.exe
  2⤵
  PID:1984
- C:\Windows\System\vxasitd.exe
  C:\Windows\System\vxasitd.exe
  2⤵
  PID:2228
- C:\Windows\System\bGwVhrJ.exe
  C:\Windows\System\bGwVhrJ.exe
  2⤵
  PID:2640
- C:\Windows\System\OYWxSwm.exe
  C:\Windows\System\OYWxSwm.exe
  2⤵
  PID:2632
- C:\Windows\System\tcLlUNo.exe
  C:\Windows\System\tcLlUNo.exe
  2⤵
  PID:108
- C:\Windows\System\KMHkoqW.exe
  C:\Windows\System\KMHkoqW.exe
  2⤵
  PID:2780
- C:\Windows\System\FQFbdlh.exe
  C:\Windows\System\FQFbdlh.exe
  2⤵
  PID:2072
- C:\Windows\System\SnORnCo.exe
  C:\Windows\System\SnORnCo.exe
  2⤵
  PID:2936
- C:\Windows\System\nYGfOxv.exe
  C:\Windows\System\nYGfOxv.exe
  2⤵
  PID:2504
- C:\Windows\System\XYVJFmx.exe
  C:\Windows\System\XYVJFmx.exe
  2⤵
  PID:1372
- C:\Windows\System\PKCWGSQ.exe
  C:\Windows\System\PKCWGSQ.exe
  2⤵
  PID:2140
- C:\Windows\System\bGcTlex.exe
  C:\Windows\System\bGcTlex.exe
  2⤵
  PID:692
- C:\Windows\System\UGXSsUE.exe
  C:\Windows\System\UGXSsUE.exe
  2⤵
  PID:2372
- C:\Windows\System\jaaAPxI.exe
  C:\Windows\System\jaaAPxI.exe
  2⤵
  PID:1236
- C:\Windows\System\VAYdpsI.exe
  C:\Windows\System\VAYdpsI.exe
  2⤵
  PID:2604
- C:\Windows\System\WHeRnsc.exe
  C:\Windows\System\WHeRnsc.exe
  2⤵
  PID:448
- C:\Windows\System\ARpgadv.exe
  C:\Windows\System\ARpgadv.exe
  2⤵
  PID:1628
- C:\Windows\System\xFxaRwi.exe
  C:\Windows\System\xFxaRwi.exe
  2⤵
  PID:2676
- C:\Windows\System\gIQNeUb.exe
  C:\Windows\System\gIQNeUb.exe
  2⤵
  PID:1440
- C:\Windows\System\HVhYTZB.exe
  C:\Windows\System\HVhYTZB.exe
  2⤵
  PID:1696
- C:\Windows\System\pRloZcZ.exe
  C:\Windows\System\pRloZcZ.exe
  2⤵
  PID:1856
- C:\Windows\System\MgKPwmp.exe
  C:\Windows\System\MgKPwmp.exe
  2⤵
  PID:936
- C:\Windows\System\lGenCPi.exe
  C:\Windows\System\lGenCPi.exe
  2⤵
  PID:2076
- C:\Windows\System\AMMiWot.exe
  C:\Windows\System\AMMiWot.exe
  2⤵
  PID:2260
- C:\Windows\System\djDjnXt.exe
  C:\Windows\System\djDjnXt.exe
  2⤵
  PID:2548
- C:\Windows\System\XoVKgSN.exe
  C:\Windows\System\XoVKgSN.exe
  2⤵
  PID:1608
- C:\Windows\System\EtGJnfH.exe
  C:\Windows\System\EtGJnfH.exe
  2⤵
  PID:752
- C:\Windows\System\FMXfgbH.exe
  C:\Windows\System\FMXfgbH.exe
  2⤵
  PID:1560
- C:\Windows\System\zvVGNpl.exe
  C:\Windows\System\zvVGNpl.exe
  2⤵
  PID:2132
- C:\Windows\System\FujPsmv.exe
  C:\Windows\System\FujPsmv.exe
  2⤵
  PID:3008
- C:\Windows\System\LKrAUaI.exe
  C:\Windows\System\LKrAUaI.exe
  2⤵
  PID:2516
- C:\Windows\System\ZupwtYz.exe
  C:\Windows\System\ZupwtYz.exe
  2⤵
  PID:2328
- C:\Windows\System\SOUBiBe.exe
  C:\Windows\System\SOUBiBe.exe
  2⤵
  PID:2772
- C:\Windows\System\HrABjaW.exe
  C:\Windows\System\HrABjaW.exe
  2⤵
  PID:2744
- C:\Windows\System\GjorFkG.exe
  C:\Windows\System\GjorFkG.exe
  2⤵
  PID:2052
- C:\Windows\System\bgAVoFM.exe
  C:\Windows\System\bgAVoFM.exe
  2⤵
  PID:2636
- C:\Windows\System\WPXlvVI.exe
  C:\Windows\System\WPXlvVI.exe
  2⤵
  PID:912
- C:\Windows\System\MPQYCCj.exe
  C:\Windows\System\MPQYCCj.exe
  2⤵
  PID:1516
- C:\Windows\System\gvUPMTF.exe
  C:\Windows\System\gvUPMTF.exe
  2⤵
  PID:2192
- C:\Windows\System\MRdDxse.exe
  C:\Windows\System\MRdDxse.exe
  2⤵
  PID:2312
- C:\Windows\System\hkbdTdq.exe
  C:\Windows\System\hkbdTdq.exe
  2⤵
  PID:2628
- C:\Windows\System\bFniTbi.exe
  C:\Windows\System\bFniTbi.exe
  2⤵
  PID:2688
- C:\Windows\System\hocQzVI.exe
  C:\Windows\System\hocQzVI.exe
  2⤵
  PID:2008
- C:\Windows\System\niYAWnS.exe
  C:\Windows\System\niYAWnS.exe
  2⤵
  PID:1208
- C:\Windows\System\zsBVDrc.exe
  C:\Windows\System\zsBVDrc.exe
  2⤵
  PID:2112
- C:\Windows\System\kWcnHcI.exe
  C:\Windows\System\kWcnHcI.exe
  2⤵
  PID:2244
- C:\Windows\System\lEUSQTJ.exe
  C:\Windows\System\lEUSQTJ.exe
  2⤵
  PID:2032
- C:\Windows\System\KqWRZlB.exe
  C:\Windows\System\KqWRZlB.exe
  2⤵
  PID:3012
- C:\Windows\System\qpariHS.exe
  C:\Windows\System\qpariHS.exe
  2⤵
  PID:576
- C:\Windows\System\RtUbGCi.exe
  C:\Windows\System\RtUbGCi.exe
  2⤵
  PID:2356
- C:\Windows\System\wyZaDLq.exe
  C:\Windows\System\wyZaDLq.exe
  2⤵
  PID:2360
- C:\Windows\System\bYCUMnN.exe
  C:\Windows\System\bYCUMnN.exe
  2⤵
  PID:2092
- C:\Windows\System\vSNmFVe.exe
  C:\Windows\System\vSNmFVe.exe
  2⤵
  PID:984
- C:\Windows\System\bBTvOtH.exe
  C:\Windows\System\bBTvOtH.exe
  2⤵
  PID:2332
- C:\Windows\System\UDTRzYs.exe
  C:\Windows\System\UDTRzYs.exe
  2⤵
  PID:1920
- C:\Windows\System\FSOyCrf.exe
  C:\Windows\System\FSOyCrf.exe
  2⤵
  PID:2508
- C:\Windows\System\OdHLtTB.exe
  C:\Windows\System\OdHLtTB.exe
  2⤵
  PID:2528
- C:\Windows\System\yWSSOTD.exe
  C:\Windows\System\yWSSOTD.exe
  2⤵
  PID:1660
- C:\Windows\System\IBmRWPr.exe
  C:\Windows\System\IBmRWPr.exe
  2⤵
  PID:1980
- C:\Windows\System\ZZPuLgO.exe
  C:\Windows\System\ZZPuLgO.exe
  2⤵
  PID:1860
- C:\Windows\System\DarAAzS.exe
  C:\Windows\System\DarAAzS.exe
  2⤵
  PID:2556
- C:\Windows\System\TNEvjug.exe
  C:\Windows\System\TNEvjug.exe
  2⤵
  PID:2812
- C:\Windows\System\zsUUmCs.exe
  C:\Windows\System\zsUUmCs.exe
  2⤵
  PID:2004
- C:\Windows\System\ONyKzPC.exe
  C:\Windows\System\ONyKzPC.exe
  2⤵
  PID:2684
- C:\Windows\System\dkDvWHQ.exe
  C:\Windows\System\dkDvWHQ.exe
  2⤵
  PID:2016
- C:\Windows\System\nMkXHjM.exe
  C:\Windows\System\nMkXHjM.exe
  2⤵
  PID:2412
- C:\Windows\System\yQwiFrR.exe
  C:\Windows\System\yQwiFrR.exe
  2⤵
  PID:2224
- C:\Windows\System\LGzqcyK.exe
  C:\Windows\System\LGzqcyK.exe
  2⤵
  PID:328
- C:\Windows\System\JMHCThS.exe
  C:\Windows\System\JMHCThS.exe
  2⤵
  PID:852
- C:\Windows\System\elMvXjl.exe
  C:\Windows\System\elMvXjl.exe
  2⤵
  PID:2980
- C:\Windows\System\WQIOHWg.exe
  C:\Windows\System\WQIOHWg.exe
  2⤵
  PID:2388
- C:\Windows\System\kzSyoBn.exe
  C:\Windows\System\kzSyoBn.exe
  2⤵
  PID:1324
- C:\Windows\System\hcgQXCL.exe
  C:\Windows\System\hcgQXCL.exe
  2⤵
  PID:3068
- C:\Windows\System\vwyDaOI.exe
  C:\Windows\System\vwyDaOI.exe
  2⤵
  PID:2620
- C:\Windows\System\yTolbaL.exe
  C:\Windows\System\yTolbaL.exe
  2⤵
  PID:2836
- C:\Windows\System\zwnatZE.exe
  C:\Windows\System\zwnatZE.exe
  2⤵
  PID:2160
- C:\Windows\System\BBpUvFw.exe
  C:\Windows\System\BBpUvFw.exe
  2⤵
  PID:2920
- C:\Windows\System\qqoLcsA.exe
  C:\Windows\System\qqoLcsA.exe
  2⤵
  PID:2848
- C:\Windows\System\TfAhDCJ.exe
  C:\Windows\System\TfAhDCJ.exe
  2⤵
  PID:2808
- C:\Windows\System\KCBCFUX.exe
  C:\Windows\System\KCBCFUX.exe
  2⤵
  PID:1204
- C:\Windows\System\zmzMjGk.exe
  C:\Windows\System\zmzMjGk.exe
  2⤵
  PID:1664
- C:\Windows\System\QSYlstt.exe
  C:\Windows\System\QSYlstt.exe
  2⤵
  PID:1424
- C:\Windows\System\nITlOCt.exe
  C:\Windows\System\nITlOCt.exe
  2⤵
  PID:1672
- C:\Windows\System\tPIGUuW.exe
  C:\Windows\System\tPIGUuW.exe
  2⤵
  PID:2188
- C:\Windows\System\wwqiisi.exe
  C:\Windows\System\wwqiisi.exe
  2⤵
  PID:1936
- C:\Windows\System\wKZQRRQ.exe
  C:\Windows\System\wKZQRRQ.exe
  2⤵
  PID:2960
- C:\Windows\System\XOpXLNT.exe
  C:\Windows\System\XOpXLNT.exe
  2⤵
  PID:832
- C:\Windows\System\KlbllgV.exe
  C:\Windows\System\KlbllgV.exe
  2⤵
  PID:1112
- C:\Windows\System\ywBuhJZ.exe
  C:\Windows\System\ywBuhJZ.exe
  2⤵
  PID:1716
- C:\Windows\System\hZbzFMv.exe
  C:\Windows\System\hZbzFMv.exe
  2⤵
  PID:1160
- C:\Windows\System\zSGuWUX.exe
  C:\Windows\System\zSGuWUX.exe
  2⤵
  PID:1584
- C:\Windows\System\nCxTDWw.exe
  C:\Windows\System\nCxTDWw.exe
  2⤵
  PID:2012
- C:\Windows\System\jnodujp.exe
  C:\Windows\System\jnodujp.exe
  2⤵
  PID:880
- C:\Windows\System\POtOjlb.exe
  C:\Windows\System\POtOjlb.exe
  2⤵
  PID:1724
- C:\Windows\System\qgWQlcz.exe
  C:\Windows\System\qgWQlcz.exe
  2⤵
  PID:3036
- C:\Windows\System\RLXgquI.exe
  C:\Windows\System\RLXgquI.exe
  2⤵
  PID:3088
- C:\Windows\System\sJvtJlL.exe
  C:\Windows\System\sJvtJlL.exe
  2⤵
  PID:3104
- C:\Windows\System\fRnuiLz.exe
  C:\Windows\System\fRnuiLz.exe
  2⤵
  PID:3128
- C:\Windows\System\gnscCmj.exe
  C:\Windows\System\gnscCmj.exe
  2⤵
  PID:3144
- C:\Windows\System\TrfFNcE.exe
  C:\Windows\System\TrfFNcE.exe
  2⤵
  PID:3164
- C:\Windows\System\CEcDrLu.exe
  C:\Windows\System\CEcDrLu.exe
  2⤵
  PID:3184
- C:\Windows\System\ykvpTkt.exe
  C:\Windows\System\ykvpTkt.exe
  2⤵
  PID:3204
- C:\Windows\System\uWUsXkW.exe
  C:\Windows\System\uWUsXkW.exe
  2⤵
  PID:3224
- C:\Windows\System\fdIWhDJ.exe
  C:\Windows\System\fdIWhDJ.exe
  2⤵
  PID:3244
- C:\Windows\System\ekMYQrP.exe
  C:\Windows\System\ekMYQrP.exe
  2⤵
  PID:3264
- C:\Windows\System\dRnYfJh.exe
  C:\Windows\System\dRnYfJh.exe
  2⤵
  PID:3296
- C:\Windows\System\dAUFeqP.exe
  C:\Windows\System\dAUFeqP.exe
  2⤵
  PID:3312
- C:\Windows\System\HGcIvCz.exe
  C:\Windows\System\HGcIvCz.exe
  2⤵
  PID:3332
- C:\Windows\System\VWZkIof.exe
  C:\Windows\System\VWZkIof.exe
  2⤵
  PID:3348
- C:\Windows\System\QvaBcJJ.exe
  C:\Windows\System\QvaBcJJ.exe
  2⤵
  PID:3368
- C:\Windows\System\aGIxOin.exe
  C:\Windows\System\aGIxOin.exe
  2⤵
  PID:3388
- C:\Windows\System\pLqdDUC.exe
  C:\Windows\System\pLqdDUC.exe
  2⤵
  PID:3404
- C:\Windows\System\msJYhDO.exe
  C:\Windows\System\msJYhDO.exe
  2⤵
  PID:3420
- C:\Windows\System\FppibWX.exe
  C:\Windows\System\FppibWX.exe
  2⤵
  PID:3436
- C:\Windows\System\CzQOcTx.exe
  C:\Windows\System\CzQOcTx.exe
  2⤵
  PID:3452
- C:\Windows\System\TSJEgRa.exe
  C:\Windows\System\TSJEgRa.exe
  2⤵
  PID:3476
- C:\Windows\System\Cbusabj.exe
  C:\Windows\System\Cbusabj.exe
  2⤵
  PID:3500
- C:\Windows\System\dSsqWYW.exe
  C:\Windows\System\dSsqWYW.exe
  2⤵
  PID:3520
- C:\Windows\System\qtfeOqr.exe
  C:\Windows\System\qtfeOqr.exe
  2⤵
  PID:3540
- C:\Windows\System\AiSXIwe.exe
  C:\Windows\System\AiSXIwe.exe
  2⤵
  PID:3572
- C:\Windows\System\RxEdfKl.exe
  C:\Windows\System\RxEdfKl.exe
  2⤵
  PID:3592
- C:\Windows\System\mXHWvGh.exe
  C:\Windows\System\mXHWvGh.exe
  2⤵
  PID:3608
- C:\Windows\System\RigsvBi.exe
  C:\Windows\System\RigsvBi.exe
  2⤵
  PID:3624
- C:\Windows\System\jNTnsjR.exe
  C:\Windows\System\jNTnsjR.exe
  2⤵
  PID:3656
- C:\Windows\System\RdxdfJB.exe
  C:\Windows\System\RdxdfJB.exe
  2⤵
  PID:3680
- C:\Windows\System\BZGGXnp.exe
  C:\Windows\System\BZGGXnp.exe
  2⤵
  PID:3700
- C:\Windows\System\YqSwvla.exe
  C:\Windows\System\YqSwvla.exe
  2⤵
  PID:3724
- C:\Windows\System\qvBxdQI.exe
  C:\Windows\System\qvBxdQI.exe
  2⤵
  PID:3744
- C:\Windows\System\QJbQHOM.exe
  C:\Windows\System\QJbQHOM.exe
  2⤵
  PID:3760
- C:\Windows\System\sElFEPX.exe
  C:\Windows\System\sElFEPX.exe
  2⤵
  PID:3780
- C:\Windows\System\XxpejnU.exe
  C:\Windows\System\XxpejnU.exe
  2⤵
  PID:3796
- C:\Windows\System\duSMhyi.exe
  C:\Windows\System\duSMhyi.exe
  2⤵
  PID:3824
- C:\Windows\System\xWAvkJR.exe
  C:\Windows\System\xWAvkJR.exe
  2⤵
  PID:3844
- C:\Windows\System\mFtuXur.exe
  C:\Windows\System\mFtuXur.exe
  2⤵
  PID:3860
- C:\Windows\System\HAJHPvj.exe
  C:\Windows\System\HAJHPvj.exe
  2⤵
  PID:3876
- C:\Windows\System\herTPFF.exe
  C:\Windows\System\herTPFF.exe
  2⤵
  PID:3896
- C:\Windows\System\QwXicNE.exe
  C:\Windows\System\QwXicNE.exe
  2⤵
  PID:3912
- C:\Windows\System\TBurSSD.exe
  C:\Windows\System\TBurSSD.exe
  2⤵
  PID:3932
- C:\Windows\System\JmyBobw.exe
  C:\Windows\System\JmyBobw.exe
  2⤵
  PID:3948
- C:\Windows\System\kPDDomc.exe
  C:\Windows\System\kPDDomc.exe
  2⤵
  PID:3964
- C:\Windows\System\ZnGBLDO.exe
  C:\Windows\System\ZnGBLDO.exe
  2⤵
  PID:3980
- C:\Windows\System\tMldTfz.exe
  C:\Windows\System\tMldTfz.exe
  2⤵
  PID:4000
- C:\Windows\System\GWbnJTb.exe
  C:\Windows\System\GWbnJTb.exe
  2⤵
  PID:4020
- C:\Windows\System\MgESkNN.exe
  C:\Windows\System\MgESkNN.exe
  2⤵
  PID:4060
- C:\Windows\System\jrvDMhO.exe
  C:\Windows\System\jrvDMhO.exe
  2⤵
  PID:4080
- C:\Windows\System\gUOWvMb.exe
  C:\Windows\System\gUOWvMb.exe
  2⤵
  PID:956
- C:\Windows\System\RHKUnpd.exe
  C:\Windows\System\RHKUnpd.exe
  2⤵
  PID:1592
- C:\Windows\System\LVttjyf.exe
  C:\Windows\System\LVttjyf.exe
  2⤵
  PID:3076
- C:\Windows\System\jCjQkAF.exe
  C:\Windows\System\jCjQkAF.exe
  2⤵
  PID:3124
- C:\Windows\System\oiIlIYm.exe
  C:\Windows\System\oiIlIYm.exe
  2⤵
  PID:3096
- C:\Windows\System\yvWKMuA.exe
  C:\Windows\System\yvWKMuA.exe
  2⤵
  PID:3196
- C:\Windows\System\zUZYydz.exe
  C:\Windows\System\zUZYydz.exe
  2⤵
  PID:3212
- C:\Windows\System\LNJvbmh.exe
  C:\Windows\System\LNJvbmh.exe
  2⤵
  PID:2908
- C:\Windows\System\ECfOqVV.exe
  C:\Windows\System\ECfOqVV.exe
  2⤵
  PID:3236
- C:\Windows\System\RqWTSSp.exe
  C:\Windows\System\RqWTSSp.exe
  2⤵
  PID:2840
- C:\Windows\System\FJZZaBh.exe
  C:\Windows\System\FJZZaBh.exe
  2⤵
  PID:3256
- C:\Windows\System\XFQsIKH.exe
  C:\Windows\System\XFQsIKH.exe
  2⤵
  PID:3260
- C:\Windows\System\BgcVvIl.exe
  C:\Windows\System\BgcVvIl.exe
  2⤵
  PID:3328
- C:\Windows\System\myLnCcm.exe
  C:\Windows\System\myLnCcm.exe
  2⤵
  PID:3340
- C:\Windows\System\xiWLMZH.exe
  C:\Windows\System\xiWLMZH.exe
  2⤵
  PID:3400
- C:\Windows\System\gUVTEjF.exe
  C:\Windows\System\gUVTEjF.exe
  2⤵
  PID:3464
- C:\Windows\System\FblcAbg.exe
  C:\Windows\System\FblcAbg.exe
  2⤵
  PID:3508
- C:\Windows\System\RWhBoYL.exe
  C:\Windows\System\RWhBoYL.exe
  2⤵
  PID:3448
- C:\Windows\System\QOpnyOk.exe
  C:\Windows\System\QOpnyOk.exe
  2⤵
  PID:3552
- C:\Windows\System\lIYDMWW.exe
  C:\Windows\System\lIYDMWW.exe
  2⤵
  PID:3496
- C:\Windows\System\zfiqiuW.exe
  C:\Windows\System\zfiqiuW.exe
  2⤵
  PID:3412
- C:\Windows\System\kkDBVvT.exe
  C:\Windows\System\kkDBVvT.exe
  2⤵
  PID:2860
- C:\Windows\System\anKhKPt.exe
  C:\Windows\System\anKhKPt.exe
  2⤵
  PID:3640
- C:\Windows\System\nAPtkwX.exe
  C:\Windows\System\nAPtkwX.exe
  2⤵
  PID:2976
- C:\Windows\System\laizCNw.exe
  C:\Windows\System\laizCNw.exe
  2⤵
  PID:3716
- C:\Windows\System\FqAnyTX.exe
  C:\Windows\System\FqAnyTX.exe
  2⤵
  PID:2420
- C:\Windows\System\NnqCYPZ.exe
  C:\Windows\System\NnqCYPZ.exe
  2⤵
  PID:3772
- C:\Windows\System\XokzGew.exe
  C:\Windows\System\XokzGew.exe
  2⤵
  PID:3832
- C:\Windows\System\ainbTjl.exe
  C:\Windows\System\ainbTjl.exe
  2⤵
  PID:3816
- C:\Windows\System\Uulinoo.exe
  C:\Windows\System\Uulinoo.exe
  2⤵
  PID:3892
- C:\Windows\System\kaxqzLc.exe
  C:\Windows\System\kaxqzLc.exe
  2⤵
  PID:3928
- C:\Windows\System\SoNzblm.exe
  C:\Windows\System\SoNzblm.exe
  2⤵
  PID:3996
- C:\Windows\System\FpwYXQr.exe
  C:\Windows\System\FpwYXQr.exe
  2⤵
  PID:588
- C:\Windows\System\QrPZhYi.exe
  C:\Windows\System\QrPZhYi.exe
  2⤵
  PID:4028
- C:\Windows\System\pZVifXL.exe
  C:\Windows\System\pZVifXL.exe
  2⤵
  PID:4048
- C:\Windows\System\QHHewyL.exe
  C:\Windows\System\QHHewyL.exe
  2⤵
  PID:4068
- C:\Windows\System\OypdHEy.exe
  C:\Windows\System\OypdHEy.exe
  2⤵
  PID:3004
- C:\Windows\System\KotqYaG.exe
  C:\Windows\System\KotqYaG.exe
  2⤵
  PID:3220
- C:\Windows\System\vYrIPVv.exe
  C:\Windows\System\vYrIPVv.exe
  2⤵
  PID:264
- C:\Windows\System\lbYoAtI.exe
  C:\Windows\System\lbYoAtI.exe
  2⤵
  PID:1552
- C:\Windows\System\sRGDLUD.exe
  C:\Windows\System\sRGDLUD.exe
  2⤵
  PID:3160
- C:\Windows\System\whufqLr.exe
  C:\Windows\System\whufqLr.exe
  2⤵
  PID:3176
- C:\Windows\System\mqQJUNV.exe
  C:\Windows\System\mqQJUNV.exe
  2⤵
  PID:1932
- C:\Windows\System\OTyuIBv.exe
  C:\Windows\System\OTyuIBv.exe
  2⤵
  PID:2576
- C:\Windows\System\iJBpvts.exe
  C:\Windows\System\iJBpvts.exe
  2⤵
  PID:1464
- C:\Windows\System\zsitvuJ.exe
  C:\Windows\System\zsitvuJ.exe
  2⤵
  PID:3444
- C:\Windows\System\JQntAuB.exe
  C:\Windows\System\JQntAuB.exe
  2⤵
  PID:3360
- C:\Windows\System\APNmbDo.exe
  C:\Windows\System\APNmbDo.exe
  2⤵
  PID:3492
- C:\Windows\System\KJTwkOC.exe
  C:\Windows\System\KJTwkOC.exe
  2⤵
  PID:1832
- C:\Windows\System\stljiEd.exe
  C:\Windows\System\stljiEd.exe
  2⤵
  PID:3528
- C:\Windows\System\tVmQFIC.exe
  C:\Windows\System\tVmQFIC.exe
  2⤵
  PID:3432
- C:\Windows\System\oowAlxS.exe
  C:\Windows\System\oowAlxS.exe
  2⤵
  PID:3564
- C:\Windows\System\pTPFYJS.exe
  C:\Windows\System\pTPFYJS.exe
  2⤵
  PID:3768
- C:\Windows\System\KeBqjFD.exe
  C:\Windows\System\KeBqjFD.exe
  2⤵
  PID:3672
- C:\Windows\System\qbDjiNZ.exe
  C:\Windows\System\qbDjiNZ.exe
  2⤵
  PID:2296
- C:\Windows\System\YkteMEV.exe
  C:\Windows\System\YkteMEV.exe
  2⤵
  PID:352
- C:\Windows\System\lOrhdXu.exe
  C:\Windows\System\lOrhdXu.exe
  2⤵
  PID:3924
- C:\Windows\System\uUMwrII.exe
  C:\Windows\System\uUMwrII.exe
  2⤵
  PID:3856
- C:\Windows\System\zaCRGfH.exe
  C:\Windows\System\zaCRGfH.exe
  2⤵
  PID:3944
- C:\Windows\System\AcoWsmG.exe
  C:\Windows\System\AcoWsmG.exe
  2⤵
  PID:4044
- C:\Windows\System\bVzCOfY.exe
  C:\Windows\System\bVzCOfY.exe
  2⤵
  PID:3808
- C:\Windows\System\bdnHOKE.exe
  C:\Windows\System\bdnHOKE.exe
  2⤵
  PID:1784
- C:\Windows\System\DgwXkXJ.exe
  C:\Windows\System\DgwXkXJ.exe
  2⤵
  PID:1884
- C:\Windows\System\oFVOIDA.exe
  C:\Windows\System\oFVOIDA.exe
  2⤵
  PID:3364
- C:\Windows\System\lbGocWa.exe
  C:\Windows\System\lbGocWa.exe
  2⤵
  PID:3136
- C:\Windows\System\TkurdYL.exe
  C:\Windows\System\TkurdYL.exe
  2⤵
  PID:564
- C:\Windows\System\XFUJyMN.exe
  C:\Windows\System\XFUJyMN.exe
  2⤵
  PID:3140
- C:\Windows\System\cjdGDpe.exe
  C:\Windows\System\cjdGDpe.exe
  2⤵
  PID:3604
- C:\Windows\System\iZIhTYO.exe
  C:\Windows\System\iZIhTYO.exe
  2⤵
  PID:3272
- C:\Windows\System\GZVCPBy.exe
  C:\Windows\System\GZVCPBy.exe
  2⤵
  PID:3532
- C:\Windows\System\HukeknA.exe
  C:\Windows\System\HukeknA.exe
  2⤵
  PID:2424
- C:\Windows\System\GXgRHOo.exe
  C:\Windows\System\GXgRHOo.exe
  2⤵
  PID:3688
- C:\Windows\System\ksZCNEr.exe
  C:\Windows\System\ksZCNEr.exe
  2⤵
  PID:3732
- C:\Windows\System\KErEXcF.exe
  C:\Windows\System\KErEXcF.exe
  2⤵
  PID:1092
- C:\Windows\System\VUTIMaP.exe
  C:\Windows\System\VUTIMaP.exe
  2⤵
  PID:1848
- C:\Windows\System\ObTPHqc.exe
  C:\Windows\System\ObTPHqc.exe
  2⤵
  PID:3992
- C:\Windows\System\dMCMvki.exe
  C:\Windows\System\dMCMvki.exe
  2⤵
  PID:3884
- C:\Windows\System\TNanlLM.exe
  C:\Windows\System\TNanlLM.exe
  2⤵
  PID:3804
- C:\Windows\System\YQsakVd.exe
  C:\Windows\System\YQsakVd.exe
  2⤵
  PID:3080
- C:\Windows\System\IQkSyrv.exe
  C:\Windows\System\IQkSyrv.exe
  2⤵
  PID:2408
- C:\Windows\System\LmsciVV.exe
  C:\Windows\System\LmsciVV.exe
  2⤵
  PID:3488
- C:\Windows\System\BLxZIMx.exe
  C:\Windows\System\BLxZIMx.exe
  2⤵
  PID:332
- C:\Windows\System\KPJCdCY.exe
  C:\Windows\System\KPJCdCY.exe
  2⤵
  PID:3584
- C:\Windows\System\gWAgbhF.exe
  C:\Windows\System\gWAgbhF.exe
  2⤵
  PID:3304
- C:\Windows\System\Ptimpmk.exe
  C:\Windows\System\Ptimpmk.exe
  2⤵
  PID:2756
- C:\Windows\System\DgYxKNJ.exe
  C:\Windows\System\DgYxKNJ.exe
  2⤵
  PID:3812
- C:\Windows\System\EDprwXs.exe
  C:\Windows\System\EDprwXs.exe
  2⤵
  PID:3620
- C:\Windows\System\WRkAPIM.exe
  C:\Windows\System\WRkAPIM.exe
  2⤵
  PID:3920
- C:\Windows\System\JLSHNQL.exe
  C:\Windows\System\JLSHNQL.exe
  2⤵
  PID:2168
- C:\Windows\System\cvUrscS.exe
  C:\Windows\System\cvUrscS.exe
  2⤵
  PID:2300
- C:\Windows\System\IlVBvSS.exe
  C:\Windows\System\IlVBvSS.exe
  2⤵
  PID:2276
- C:\Windows\System\XQESeJX.exe
  C:\Windows\System\XQESeJX.exe
  2⤵
  PID:1036
- C:\Windows\System\DhdMIhr.exe
  C:\Windows\System\DhdMIhr.exe
  2⤵
  PID:4040
- C:\Windows\System\blJBgRO.exe
  C:\Windows\System\blJBgRO.exe
  2⤵
  PID:3180
- C:\Windows\System\FLBhMjZ.exe
  C:\Windows\System\FLBhMjZ.exe
  2⤵
  PID:708
- C:\Windows\System\QYgYtyS.exe
  C:\Windows\System\QYgYtyS.exe
  2⤵
  PID:4092
- C:\Windows\System\rCdviCg.exe
  C:\Windows\System\rCdviCg.exe
  2⤵
  PID:3908
- C:\Windows\System\pSrQgRF.exe
  C:\Windows\System\pSrQgRF.exe
  2⤵
  PID:3588
- C:\Windows\System\PwvCVWs.exe
  C:\Windows\System\PwvCVWs.exe
  2⤵
  PID:4056
- C:\Windows\System\tFAzIVi.exe
  C:\Windows\System\tFAzIVi.exe
  2⤵
  PID:2156
- C:\Windows\System\GkbvhZx.exe
  C:\Windows\System\GkbvhZx.exe
  2⤵
  PID:4112
- C:\Windows\System\nERyNQG.exe
  C:\Windows\System\nERyNQG.exe
  2⤵
  PID:4128
- C:\Windows\System\tloAfiG.exe
  C:\Windows\System\tloAfiG.exe
  2⤵
  PID:4144
- C:\Windows\System\CNtpgKI.exe
  C:\Windows\System\CNtpgKI.exe
  2⤵
  PID:4160
- C:\Windows\System\mMLKrxd.exe
  C:\Windows\System\mMLKrxd.exe
  2⤵
  PID:4176
- C:\Windows\System\vzUWFCD.exe
  C:\Windows\System\vzUWFCD.exe
  2⤵
  PID:4192
- C:\Windows\System\OYbqYZY.exe
  C:\Windows\System\OYbqYZY.exe
  2⤵
  PID:4208
- C:\Windows\System\uQsLqVT.exe
  C:\Windows\System\uQsLqVT.exe
  2⤵
  PID:4244
- C:\Windows\System\SKEXATK.exe
  C:\Windows\System\SKEXATK.exe
  2⤵
  PID:4264
- C:\Windows\System\SvoAqjo.exe
  C:\Windows\System\SvoAqjo.exe
  2⤵
  PID:4280
- C:\Windows\System\EnaPcQX.exe
  C:\Windows\System\EnaPcQX.exe
  2⤵
  PID:4296
- C:\Windows\System\pFeWbDs.exe
  C:\Windows\System\pFeWbDs.exe
  2⤵
  PID:4312
- C:\Windows\System\BaAAKAJ.exe
  C:\Windows\System\BaAAKAJ.exe
  2⤵
  PID:4332
- C:\Windows\System\sHmDmGH.exe
  C:\Windows\System\sHmDmGH.exe
  2⤵
  PID:4348
- C:\Windows\System\OihuAKT.exe
  C:\Windows\System\OihuAKT.exe
  2⤵
  PID:4364
- C:\Windows\System\ivQkkHO.exe
  C:\Windows\System\ivQkkHO.exe
  2⤵
  PID:4384
- C:\Windows\System\vgMLyhI.exe
  C:\Windows\System\vgMLyhI.exe
  2⤵
  PID:4400
- C:\Windows\System\yUreqny.exe
  C:\Windows\System\yUreqny.exe
  2⤵
  PID:4416
- C:\Windows\System\RnMfHOb.exe
  C:\Windows\System\RnMfHOb.exe
  2⤵
  PID:4440
- C:\Windows\System\ChFYDZu.exe
  C:\Windows\System\ChFYDZu.exe
  2⤵
  PID:4460
- C:\Windows\System\kfHlPQp.exe
  C:\Windows\System\kfHlPQp.exe
  2⤵
  PID:4476
- C:\Windows\System\esjKnim.exe
  C:\Windows\System\esjKnim.exe
  2⤵
  PID:4496
- C:\Windows\System\WGfpLGP.exe
  C:\Windows\System\WGfpLGP.exe
  2⤵
  PID:4512
- C:\Windows\System\ubhmSZI.exe
  C:\Windows\System\ubhmSZI.exe
  2⤵
  PID:4528
- C:\Windows\System\MVVczQb.exe
  C:\Windows\System\MVVczQb.exe
  2⤵
  PID:4544
- C:\Windows\System\lSqglcS.exe
  C:\Windows\System\lSqglcS.exe
  2⤵
  PID:4560
- C:\Windows\System\wzQaylD.exe
  C:\Windows\System\wzQaylD.exe
  2⤵
  PID:4584
- C:\Windows\System\SgBcLPO.exe
  C:\Windows\System\SgBcLPO.exe
  2⤵
  PID:4600
- C:\Windows\System\rLxIxrp.exe
  C:\Windows\System\rLxIxrp.exe
  2⤵
  PID:4616
- C:\Windows\System\bYyypED.exe
  C:\Windows\System\bYyypED.exe
  2⤵
  PID:4632
- C:\Windows\System\MQufUZe.exe
  C:\Windows\System\MQufUZe.exe
  2⤵
  PID:4648
- C:\Windows\System\xTmzrGl.exe
  C:\Windows\System\xTmzrGl.exe
  2⤵
  PID:4664
- C:\Windows\System\EDPxIVk.exe
  C:\Windows\System\EDPxIVk.exe
  2⤵
  PID:4680
- C:\Windows\System\zbbLlTD.exe
  C:\Windows\System\zbbLlTD.exe
  2⤵
  PID:4696
- C:\Windows\System\nXHsyhC.exe
  C:\Windows\System\nXHsyhC.exe
  2⤵
  PID:4712
- C:\Windows\System\NNINjJI.exe
  C:\Windows\System\NNINjJI.exe
  2⤵
  PID:4728
- C:\Windows\System\qPZEcCW.exe
  C:\Windows\System\qPZEcCW.exe
  2⤵
  PID:4744
- C:\Windows\System\uRblhTb.exe
  C:\Windows\System\uRblhTb.exe
  2⤵
  PID:4760
- C:\Windows\System\akwGBZt.exe
  C:\Windows\System\akwGBZt.exe
  2⤵
  PID:4776
- C:\Windows\System\gfXBcen.exe
  C:\Windows\System\gfXBcen.exe
  2⤵
  PID:4792
- C:\Windows\System\xDRWxBc.exe
  C:\Windows\System\xDRWxBc.exe
  2⤵
  PID:4808
- C:\Windows\System\JcgccRT.exe
  C:\Windows\System\JcgccRT.exe
  2⤵
  PID:4824
- C:\Windows\System\KNvpNpY.exe
  C:\Windows\System\KNvpNpY.exe
  2⤵
  PID:4840
- C:\Windows\System\WBWHmyC.exe
  C:\Windows\System\WBWHmyC.exe
  2⤵
  PID:4856
- C:\Windows\System\HhyRKTe.exe
  C:\Windows\System\HhyRKTe.exe
  2⤵
  PID:4872
- C:\Windows\System\YqGAAoE.exe
  C:\Windows\System\YqGAAoE.exe
  2⤵
  PID:4888
- C:\Windows\System\hrjaAJp.exe
  C:\Windows\System\hrjaAJp.exe
  2⤵
  PID:4904
- C:\Windows\System\ZDREuMe.exe
  C:\Windows\System\ZDREuMe.exe
  2⤵
  PID:4920
- C:\Windows\System\bhRSSuB.exe
  C:\Windows\System\bhRSSuB.exe
  2⤵
  PID:4936
- C:\Windows\System\DMSyquu.exe
  C:\Windows\System\DMSyquu.exe
  2⤵
  PID:4952
- C:\Windows\System\FeYFzdJ.exe
  C:\Windows\System\FeYFzdJ.exe
  2⤵
  PID:4968
- C:\Windows\System\SSLkGiZ.exe
  C:\Windows\System\SSLkGiZ.exe
  2⤵
  PID:4984
- C:\Windows\System\fRdaGWT.exe
  C:\Windows\System\fRdaGWT.exe
  2⤵
  PID:5004
- C:\Windows\System\mjIkKan.exe
  C:\Windows\System\mjIkKan.exe
  2⤵
  PID:5020
- C:\Windows\System\QDbxKFA.exe
  C:\Windows\System\QDbxKFA.exe
  2⤵
  PID:5036
- C:\Windows\System\vuAsrcZ.exe
  C:\Windows\System\vuAsrcZ.exe
  2⤵
  PID:5052
- C:\Windows\System\cijBtEP.exe
  C:\Windows\System\cijBtEP.exe
  2⤵
  PID:5068
- C:\Windows\System\kCHlXog.exe
  C:\Windows\System\kCHlXog.exe
  2⤵
  PID:5084
- C:\Windows\System\eAUdasE.exe
  C:\Windows\System\eAUdasE.exe
  2⤵
  PID:5100
- C:\Windows\System\XdVeGam.exe
  C:\Windows\System\XdVeGam.exe
  2⤵
  PID:5116
- C:\Windows\System\OsYgBdS.exe
  C:\Windows\System\OsYgBdS.exe
  2⤵
  PID:4108
- C:\Windows\System\pTmGkXS.exe
  C:\Windows\System\pTmGkXS.exe
  2⤵
  PID:4172
- C:\Windows\System\SYInWhe.exe
  C:\Windows\System\SYInWhe.exe
  2⤵
  PID:4188
- C:\Windows\System\ppGsUpG.exe
  C:\Windows\System\ppGsUpG.exe
  2⤵
  PID:4124
- C:\Windows\System\RRkpIKe.exe
  C:\Windows\System\RRkpIKe.exe
  2⤵
  PID:4216
- C:\Windows\System\oArVNWS.exe
  C:\Windows\System\oArVNWS.exe
  2⤵
  PID:4252
- C:\Windows\System\ixBDNNQ.exe
  C:\Windows\System\ixBDNNQ.exe
  2⤵
  PID:4260
- C:\Windows\System\grpQLuE.exe
  C:\Windows\System\grpQLuE.exe
  2⤵
  PID:4328
- C:\Windows\System\efHLFkU.exe
  C:\Windows\System\efHLFkU.exe
  2⤵
  PID:4308
- C:\Windows\System\UzLsaxg.exe
  C:\Windows\System\UzLsaxg.exe
  2⤵
  PID:4376
- C:\Windows\System\smxMuoU.exe
  C:\Windows\System\smxMuoU.exe
  2⤵
  PID:4396
- C:\Windows\System\yDCnhtw.exe
  C:\Windows\System\yDCnhtw.exe
  2⤵
  PID:4432
- C:\Windows\System\ajjhfit.exe
  C:\Windows\System\ajjhfit.exe
  2⤵
  PID:4456
- C:\Windows\System\DbtsYRv.exe
  C:\Windows\System\DbtsYRv.exe
  2⤵
  PID:4520
- C:\Windows\System\dNAaOCM.exe
  C:\Windows\System\dNAaOCM.exe
  2⤵
  PID:4472
- C:\Windows\System\TkMUFFw.exe
  C:\Windows\System\TkMUFFw.exe
  2⤵
  PID:4576
- C:\Windows\System\FETCodA.exe
  C:\Windows\System\FETCodA.exe
  2⤵
  PID:4592
- C:\Windows\System\GceOfEc.exe
  C:\Windows\System\GceOfEc.exe
  2⤵
  PID:4612
- C:\Windows\System\zTyqSCL.exe
  C:\Windows\System\zTyqSCL.exe
  2⤵
  PID:4692
- C:\Windows\System\HuFUQRo.exe
  C:\Windows\System\HuFUQRo.exe
  2⤵
  PID:4756
- C:\Windows\System\sIuFOtP.exe
  C:\Windows\System\sIuFOtP.exe
  2⤵
  PID:4768
- C:\Windows\System\DCPwjuC.exe
  C:\Windows\System\DCPwjuC.exe
  2⤵
  PID:4676
- C:\Windows\System\ACFDgnn.exe
  C:\Windows\System\ACFDgnn.exe
  2⤵
  PID:4800
- C:\Windows\System\gjPvZgK.exe
  C:\Windows\System\gjPvZgK.exe
  2⤵
  PID:4820
- C:\Windows\System\gVVaMzY.exe
  C:\Windows\System\gVVaMzY.exe
  2⤵
  PID:4848
- C:\Windows\System\yHNEIdK.exe
  C:\Windows\System\yHNEIdK.exe
  2⤵
  PID:4912
- C:\Windows\System\nLqSQXS.exe
  C:\Windows\System\nLqSQXS.exe
  2⤵
  PID:4976
- C:\Windows\System\HFjGdgR.exe
  C:\Windows\System\HFjGdgR.exe
  2⤵
  PID:4868
- C:\Windows\System\QjTRFxY.exe
  C:\Windows\System\QjTRFxY.exe
  2⤵
  PID:4932
- C:\Windows\System\cfHvcdM.exe
  C:\Windows\System\cfHvcdM.exe
  2⤵
  PID:4996
- C:\Windows\System\AdDisIP.exe
  C:\Windows\System\AdDisIP.exe
  2⤵
  PID:5016
- C:\Windows\System\ujTntqV.exe
  C:\Windows\System\ujTntqV.exe
  2⤵
  PID:5112
- C:\Windows\System\XnpmpSJ.exe
  C:\Windows\System\XnpmpSJ.exe
  2⤵
  PID:5064
- C:\Windows\System\bbtFhMm.exe
  C:\Windows\System\bbtFhMm.exe
  2⤵
  PID:4228
- C:\Windows\System\iRZjJRz.exe
  C:\Windows\System\iRZjJRz.exe
  2⤵
  PID:5060
- C:\Windows\System\tFwkEIL.exe
  C:\Windows\System\tFwkEIL.exe
  2⤵
  PID:4232
- C:\Windows\System\kbzRFPI.exe
  C:\Windows\System\kbzRFPI.exe
  2⤵
  PID:4320
- C:\Windows\System\pNqfXcd.exe
  C:\Windows\System\pNqfXcd.exe
  2⤵
  PID:4304
- C:\Windows\System\duSmmPD.exe
  C:\Windows\System\duSmmPD.exe
  2⤵
  PID:4488
- C:\Windows\System\SgbraGI.exe
  C:\Windows\System\SgbraGI.exe
  2⤵
  PID:4452
- C:\Windows\System\wPccyDA.exe
  C:\Windows\System\wPccyDA.exe
  2⤵
  PID:4492
- C:\Windows\System\JBzJcTk.exe
  C:\Windows\System\JBzJcTk.exe
  2⤵
  PID:4572
- C:\Windows\System\QJqIJQS.exe
  C:\Windows\System\QJqIJQS.exe
  2⤵
  PID:4752
- C:\Windows\System\dVjDRjY.exe
  C:\Windows\System\dVjDRjY.exe
  2⤵
  PID:4832
- C:\Windows\System\wFUMAWt.exe
  C:\Windows\System\wFUMAWt.exe
  2⤵
  PID:4644
- C:\Windows\System\EorAWta.exe
  C:\Windows\System\EorAWta.exe
  2⤵
  PID:4784
- C:\Windows\System\XAOXPGK.exe
  C:\Windows\System\XAOXPGK.exe
  2⤵
  PID:5012
- C:\Windows\System\ceZOqkg.exe
  C:\Windows\System\ceZOqkg.exe
  2⤵
  PID:5076
- C:\Windows\System\LyiQqSj.exe
  C:\Windows\System\LyiQqSj.exe
  2⤵
  PID:5044
- C:\Windows\System\OkLQuAm.exe
  C:\Windows\System\OkLQuAm.exe
  2⤵
  PID:4152
- C:\Windows\System\RlvgSKt.exe
  C:\Windows\System\RlvgSKt.exe
  2⤵
  PID:4276
- C:\Windows\System\WjxsSUF.exe
  C:\Windows\System\WjxsSUF.exe
  2⤵
  PID:4344
- C:\Windows\System\dgVOAyT.exe
  C:\Windows\System\dgVOAyT.exe
  2⤵
  PID:4448
- C:\Windows\System\llbpmZY.exe
  C:\Windows\System\llbpmZY.exe
  2⤵
  PID:4556
- C:\Windows\System\eUTCTWk.exe
  C:\Windows\System\eUTCTWk.exe
  2⤵
  PID:4816
- C:\Windows\System\rEouTPC.exe
  C:\Windows\System\rEouTPC.exe
  2⤵
  PID:4836
- C:\Windows\System\pQyyzGi.exe
  C:\Windows\System\pQyyzGi.exe
  2⤵
  PID:5096
- C:\Windows\System\jVlclJS.exe
  C:\Windows\System\jVlclJS.exe
  2⤵
  PID:5032
- C:\Windows\System\iezrsGi.exe
  C:\Windows\System\iezrsGi.exe
  2⤵
  PID:5000
- C:\Windows\System\yIQmURk.exe
  C:\Windows\System\yIQmURk.exe
  2⤵
  PID:4428
- C:\Windows\System\oJwmHXp.exe
  C:\Windows\System\oJwmHXp.exe
  2⤵
  PID:4704
- C:\Windows\System\tPTuiSS.exe
  C:\Windows\System\tPTuiSS.exe
  2⤵
  PID:4948
- C:\Windows\System\COMgRhp.exe
  C:\Windows\System\COMgRhp.exe
  2⤵
  PID:4184
- C:\Windows\System\jaFqVsG.exe
  C:\Windows\System\jaFqVsG.exe
  2⤵
  PID:5124
- C:\Windows\System\aiaGmMr.exe
  C:\Windows\System\aiaGmMr.exe
  2⤵
  PID:5140
- C:\Windows\System\MLWBpmy.exe
  C:\Windows\System\MLWBpmy.exe
  2⤵
  PID:5156
- C:\Windows\System\bFyRnCb.exe
  C:\Windows\System\bFyRnCb.exe
  2⤵
  PID:5172
- C:\Windows\System\JtMxCZI.exe
  C:\Windows\System\JtMxCZI.exe
  2⤵
  PID:5188
- C:\Windows\System\Pdeykcq.exe
  C:\Windows\System\Pdeykcq.exe
  2⤵
  PID:5204
- C:\Windows\System\TRwJsaJ.exe
  C:\Windows\System\TRwJsaJ.exe
  2⤵
  PID:5220
- C:\Windows\System\CkCvDYz.exe
  C:\Windows\System\CkCvDYz.exe
  2⤵
  PID:5240
- C:\Windows\System\srXFyJY.exe
  C:\Windows\System\srXFyJY.exe
  2⤵
  PID:5260
- C:\Windows\System\XOkFPOy.exe
  C:\Windows\System\XOkFPOy.exe
  2⤵
  PID:5276
- C:\Windows\System\JWtaABf.exe
  C:\Windows\System\JWtaABf.exe
  2⤵
  PID:5292
- C:\Windows\System\etgrklA.exe
  C:\Windows\System\etgrklA.exe
  2⤵
  PID:5308
- C:\Windows\System\kVvHlmw.exe
  C:\Windows\System\kVvHlmw.exe
  2⤵
  PID:5324
- C:\Windows\System\wStnqOL.exe
  C:\Windows\System\wStnqOL.exe
  2⤵
  PID:5340
- C:\Windows\System\wTvGZvK.exe
  C:\Windows\System\wTvGZvK.exe
  2⤵
  PID:5356
- C:\Windows\System\uuXYUeC.exe
  C:\Windows\System\uuXYUeC.exe
  2⤵
  PID:5372
- C:\Windows\System\aQRbiuc.exe
  C:\Windows\System\aQRbiuc.exe
  2⤵
  PID:5388
- C:\Windows\System\mPcGqsf.exe
  C:\Windows\System\mPcGqsf.exe
  2⤵
  PID:5404
- C:\Windows\System\MgzxhDX.exe
  C:\Windows\System\MgzxhDX.exe
  2⤵
  PID:5420
- C:\Windows\System\CxRbDxY.exe
  C:\Windows\System\CxRbDxY.exe
  2⤵
  PID:5436
- C:\Windows\System\bTefdbg.exe
  C:\Windows\System\bTefdbg.exe
  2⤵
  PID:5452
- C:\Windows\System\cWXWWiV.exe
  C:\Windows\System\cWXWWiV.exe
  2⤵
  PID:5468
- C:\Windows\System\dlNwsBa.exe
  C:\Windows\System\dlNwsBa.exe
  2⤵
  PID:5484
- C:\Windows\System\ivqaLqZ.exe
  C:\Windows\System\ivqaLqZ.exe
  2⤵
  PID:5500
- C:\Windows\System\wGgHaaU.exe
  C:\Windows\System\wGgHaaU.exe
  2⤵
  PID:5516
- C:\Windows\System\JglhAks.exe
  C:\Windows\System\JglhAks.exe
  2⤵
  PID:5532
- C:\Windows\System\IlEGyAM.exe
  C:\Windows\System\IlEGyAM.exe
  2⤵
  PID:5548
- C:\Windows\System\dEnVbIm.exe
  C:\Windows\System\dEnVbIm.exe
  2⤵
  PID:5564
- C:\Windows\System\jylOxlD.exe
  C:\Windows\System\jylOxlD.exe
  2⤵
  PID:5580
- C:\Windows\System\rIhpEar.exe
  C:\Windows\System\rIhpEar.exe
  2⤵
  PID:5596
- C:\Windows\System\AUSXjIC.exe
  C:\Windows\System\AUSXjIC.exe
  2⤵
  PID:5612
- C:\Windows\System\XdjkMHN.exe
  C:\Windows\System\XdjkMHN.exe
  2⤵
  PID:5628
- C:\Windows\System\KmnMGMT.exe
  C:\Windows\System\KmnMGMT.exe
  2⤵
  PID:5644
- C:\Windows\System\kzbdATU.exe
  C:\Windows\System\kzbdATU.exe
  2⤵
  PID:5660
- C:\Windows\System\mcRnDtO.exe
  C:\Windows\System\mcRnDtO.exe
  2⤵
  PID:5676
- C:\Windows\System\dBLFZzV.exe
  C:\Windows\System\dBLFZzV.exe
  2⤵
  PID:5692
- C:\Windows\System\opBQijO.exe
  C:\Windows\System\opBQijO.exe
  2⤵
  PID:5708
- C:\Windows\System\oyOgYtv.exe
  C:\Windows\System\oyOgYtv.exe
  2⤵
  PID:5724
- C:\Windows\System\RBwsQzr.exe
  C:\Windows\System\RBwsQzr.exe
  2⤵
  PID:5740
- C:\Windows\System\TvRvvyK.exe
  C:\Windows\System\TvRvvyK.exe
  2⤵
  PID:5756
- C:\Windows\System\gAIOkSg.exe
  C:\Windows\System\gAIOkSg.exe
  2⤵
  PID:5772
- C:\Windows\System\AvUBTef.exe
  C:\Windows\System\AvUBTef.exe
  2⤵
  PID:5788
- C:\Windows\System\MLQNFrW.exe
  C:\Windows\System\MLQNFrW.exe
  2⤵
  PID:5804
- C:\Windows\System\bmDxQJQ.exe
  C:\Windows\System\bmDxQJQ.exe
  2⤵
  PID:5820
- C:\Windows\System\JWXNskv.exe
  C:\Windows\System\JWXNskv.exe
  2⤵
  PID:5836
- C:\Windows\System\mOvBFIg.exe
  C:\Windows\System\mOvBFIg.exe
  2⤵
  PID:5856
- C:\Windows\System\MZBorcB.exe
  C:\Windows\System\MZBorcB.exe
  2⤵
  PID:5872
- C:\Windows\System\LONtWgp.exe
  C:\Windows\System\LONtWgp.exe
  2⤵
  PID:5888
- C:\Windows\System\kEHuVYO.exe
  C:\Windows\System\kEHuVYO.exe
  2⤵
  PID:5904
- C:\Windows\System\VLQhcds.exe
  C:\Windows\System\VLQhcds.exe
  2⤵
  PID:5920
- C:\Windows\System\oJsKRpy.exe
  C:\Windows\System\oJsKRpy.exe
  2⤵
  PID:5936
- C:\Windows\System\vjJsKKi.exe
  C:\Windows\System\vjJsKKi.exe
  2⤵
  PID:5956
- C:\Windows\System\qFyHMZy.exe
  C:\Windows\System\qFyHMZy.exe
  2⤵
  PID:5980
- C:\Windows\System\bGFNnsI.exe
  C:\Windows\System\bGFNnsI.exe
  2⤵
  PID:5996
- C:\Windows\System\YLmVwHi.exe
  C:\Windows\System\YLmVwHi.exe
  2⤵
  PID:6012
- C:\Windows\System\hBKzxdJ.exe
  C:\Windows\System\hBKzxdJ.exe
  2⤵
  PID:6028
- C:\Windows\System\GnDWsCT.exe
  C:\Windows\System\GnDWsCT.exe
  2⤵
  PID:6044
- C:\Windows\System\JrlfLRC.exe
  C:\Windows\System\JrlfLRC.exe
  2⤵
  PID:6060
- C:\Windows\System\TeZHypP.exe
  C:\Windows\System\TeZHypP.exe
  2⤵
  PID:6076
- C:\Windows\System\YNqHptk.exe
  C:\Windows\System\YNqHptk.exe
  2⤵
  PID:6092
- C:\Windows\System\rPIfTJJ.exe
  C:\Windows\System\rPIfTJJ.exe
  2⤵
  PID:6108
- C:\Windows\System\unDSffu.exe
  C:\Windows\System\unDSffu.exe
  2⤵
  PID:6124
- C:\Windows\System\kBBJryA.exe
  C:\Windows\System\kBBJryA.exe
  2⤵
  PID:4724
- C:\Windows\System\dIovNvB.exe
  C:\Windows\System\dIovNvB.exe
  2⤵
  PID:5180
- C:\Windows\System\ggOsYlL.exe
  C:\Windows\System\ggOsYlL.exe
  2⤵
  PID:5216
- C:\Windows\System\PJRuetw.exe
  C:\Windows\System\PJRuetw.exe
  2⤵
  PID:5200
- C:\Windows\System\PhWWHxj.exe
  C:\Windows\System\PhWWHxj.exe
  2⤵
  PID:4624
- C:\Windows\System\hCTynBt.exe
  C:\Windows\System\hCTynBt.exe
  2⤵
  PID:5164
- C:\Windows\System\TqtJxql.exe
  C:\Windows\System\TqtJxql.exe
  2⤵
  PID:5236
- C:\Windows\System\szYvVCn.exe
  C:\Windows\System\szYvVCn.exe
  2⤵
  PID:5304
- C:\Windows\System\bTOTaQt.exe
  C:\Windows\System\bTOTaQt.exe
  2⤵
  PID:5316
- C:\Windows\System\hNTSDnZ.exe
  C:\Windows\System\hNTSDnZ.exe
  2⤵
  PID:5384
- C:\Windows\System\QvSbTeI.exe
  C:\Windows\System\QvSbTeI.exe
  2⤵
  PID:5412
- C:\Windows\System\NHDNzPJ.exe
  C:\Windows\System\NHDNzPJ.exe
  2⤵
  PID:5508
- C:\Windows\System\NcAcrKZ.exe
  C:\Windows\System\NcAcrKZ.exe
  2⤵
  PID:5492
- C:\Windows\System\uJKJVas.exe
  C:\Windows\System\uJKJVas.exe
  2⤵
  PID:5428
- C:\Windows\System\aBtOWkK.exe
  C:\Windows\System\aBtOWkK.exe
  2⤵
  PID:5524
- C:\Windows\System\GItszGf.exe
  C:\Windows\System\GItszGf.exe
  2⤵
  PID:5608
- C:\Windows\System\PowqeXh.exe
  C:\Windows\System\PowqeXh.exe
  2⤵
  PID:5672
- C:\Windows\System\yNetjWL.exe
  C:\Windows\System\yNetjWL.exe
  2⤵
  PID:5588
- C:\Windows\System\rcEUPiN.exe
  C:\Windows\System\rcEUPiN.exe
  2⤵
  PID:5652
- C:\Windows\System\JqvnqxL.exe
  C:\Windows\System\JqvnqxL.exe
  2⤵
  PID:5688
- C:\Windows\System\dCccUmo.exe
  C:\Windows\System\dCccUmo.exe
  2⤵
  PID:5748
- C:\Windows\System\avvhAaM.exe
  C:\Windows\System\avvhAaM.exe
  2⤵
  PID:5884
- C:\Windows\System\eKWXDKy.exe
  C:\Windows\System\eKWXDKy.exe
  2⤵
  PID:5768
- C:\Windows\System\bXBvkPh.exe
  C:\Windows\System\bXBvkPh.exe
  2⤵
  PID:5832
- C:\Windows\System\gxFpQiq.exe
  C:\Windows\System\gxFpQiq.exe
  2⤵
  PID:5864
- C:\Windows\System\XCrZbUx.exe
  C:\Windows\System\XCrZbUx.exe
  2⤵
  PID:5784
- C:\Windows\System\JlSaarR.exe
  C:\Windows\System\JlSaarR.exe
  2⤵
  PID:5944
- C:\Windows\System\YIPNUVk.exe
  C:\Windows\System\YIPNUVk.exe
  2⤵
  PID:5932
- C:\Windows\System\uJynZYo.exe
  C:\Windows\System\uJynZYo.exe
  2⤵
  PID:5976
- C:\Windows\System\LODaGGS.exe
  C:\Windows\System\LODaGGS.exe
  2⤵
  PID:6008
- C:\Windows\System\PJHRrWL.exe
  C:\Windows\System\PJHRrWL.exe
  2⤵
  PID:6040
- C:\Windows\System\RjTxkxd.exe
  C:\Windows\System\RjTxkxd.exe
  2⤵
  PID:6088
- C:\Windows\System\RKvBwFE.exe
  C:\Windows\System\RKvBwFE.exe
  2⤵
  PID:6100
- C:\Windows\System\GgjTRLt.exe
  C:\Windows\System\GgjTRLt.exe
  2⤵
  PID:5212
- C:\Windows\System\cPVmDIN.exe
  C:\Windows\System\cPVmDIN.exe
  2⤵
  PID:5148
- C:\Windows\System\pFISuUz.exe
  C:\Windows\System\pFISuUz.exe
  2⤵
  PID:5256
- C:\Windows\System\cMZINTt.exe
  C:\Windows\System\cMZINTt.exe
  2⤵
  PID:5132
- C:\Windows\System\eHDYUkv.exe
  C:\Windows\System\eHDYUkv.exe
  2⤵
  PID:5364
- C:\Windows\System\GQjIlqc.exe
  C:\Windows\System\GQjIlqc.exe
  2⤵
  PID:5540
- C:\Windows\System\fMCLgrz.exe
  C:\Windows\System\fMCLgrz.exe
  2⤵
  PID:5336
- C:\Windows\System\xpHeUFF.exe
  C:\Windows\System\xpHeUFF.exe
  2⤵
  PID:5544
- C:\Windows\System\gsAPOSK.exe
  C:\Windows\System\gsAPOSK.exe
  2⤵
  PID:5624
- C:\Windows\System\TkrXVUd.exe
  C:\Windows\System\TkrXVUd.exe
  2⤵
  PID:5852
- C:\Windows\System\gnnMzUp.exe
  C:\Windows\System\gnnMzUp.exe
  2⤵
  PID:5900
- C:\Windows\System\RQZYWET.exe
  C:\Windows\System\RQZYWET.exe
  2⤵
  PID:5972
- C:\Windows\System\DUavWAO.exe
  C:\Windows\System\DUavWAO.exe
  2⤵
  PID:5992
- C:\Windows\System\ImTWkqk.exe
  C:\Windows\System\ImTWkqk.exe
  2⤵
  PID:5848
- C:\Windows\System\fFyuGrR.exe
  C:\Windows\System\fFyuGrR.exe
  2⤵
  PID:6132
- C:\Windows\System\eaITbxQ.exe
  C:\Windows\System\eaITbxQ.exe
  2⤵
  PID:5196
- C:\Windows\System\abwCuSP.exe
  C:\Windows\System\abwCuSP.exe
  2⤵
  PID:6024
- C:\Windows\System\ZzvTPnp.exe
  C:\Windows\System\ZzvTPnp.exe
  2⤵
  PID:6120
- C:\Windows\System\kwgTSiW.exe
  C:\Windows\System\kwgTSiW.exe
  2⤵
  PID:5288
- C:\Windows\System\dZhZdrF.exe
  C:\Windows\System\dZhZdrF.exe
  2⤵
  PID:5640
- C:\Windows\System\deqyaYL.exe
  C:\Windows\System\deqyaYL.exe
  2⤵
  PID:5604
- C:\Windows\System\ZqbCPTR.exe
  C:\Windows\System\ZqbCPTR.exe
  2⤵
  PID:5528
- C:\Windows\System\MClgUhr.exe
  C:\Windows\System\MClgUhr.exe
  2⤵
  PID:5968
- C:\Windows\System\zhQfePE.exe
  C:\Windows\System\zhQfePE.exe
  2⤵
  PID:5896
- C:\Windows\System\fYqIbkR.exe
  C:\Windows\System\fYqIbkR.exe
  2⤵
  PID:6084
- C:\Windows\System\NuYvcgM.exe
  C:\Windows\System\NuYvcgM.exe
  2⤵
  PID:5800
- C:\Windows\System\anWCKzO.exe
  C:\Windows\System\anWCKzO.exe
  2⤵
  PID:4928
- C:\Windows\System\KOmjgtG.exe
  C:\Windows\System\KOmjgtG.exe
  2⤵
  PID:5464
- C:\Windows\System\LhahFvC.exe
  C:\Windows\System\LhahFvC.exe
  2⤵
  PID:5620
- C:\Windows\System\YiQMnnV.exe
  C:\Windows\System\YiQMnnV.exe
  2⤵
  PID:5764
- C:\Windows\System\MsZGfsI.exe
  C:\Windows\System\MsZGfsI.exe
  2⤵
  PID:6116
- C:\Windows\System\rnlaMxi.exe
  C:\Windows\System\rnlaMxi.exe
  2⤵
  PID:4104
- C:\Windows\System\DkkVbRu.exe
  C:\Windows\System\DkkVbRu.exe
  2⤵
  PID:5476
- C:\Windows\System\OTZzKRr.exe
  C:\Windows\System\OTZzKRr.exe
  2⤵
  PID:5948
- C:\Windows\System\idHImQe.exe
  C:\Windows\System\idHImQe.exe
  2⤵
  PID:5448
- C:\Windows\System\UfiEapL.exe
  C:\Windows\System\UfiEapL.exe
  2⤵
  PID:6160
- C:\Windows\System\EEKUlLf.exe
  C:\Windows\System\EEKUlLf.exe
  2⤵
  PID:6180
- C:\Windows\System\dzHJNAv.exe
  C:\Windows\System\dzHJNAv.exe
  2⤵
  PID:6208
- C:\Windows\System\RkSMEli.exe
  C:\Windows\System\RkSMEli.exe
  2⤵
  PID:6232
- C:\Windows\System\sRPiYRh.exe
  C:\Windows\System\sRPiYRh.exe
  2⤵
  PID:6248
- C:\Windows\System\vNgsoEZ.exe
  C:\Windows\System\vNgsoEZ.exe
  2⤵
  PID:6264
- C:\Windows\System\iHcuUJh.exe
  C:\Windows\System\iHcuUJh.exe
  2⤵
  PID:6280
- C:\Windows\System\AABrvKw.exe
  C:\Windows\System\AABrvKw.exe
  2⤵
  PID:6300
- C:\Windows\System\EkPZjXB.exe
  C:\Windows\System\EkPZjXB.exe
  2⤵
  PID:6320
- C:\Windows\System\nReDJYg.exe
  C:\Windows\System\nReDJYg.exe
  2⤵
  PID:6336
- C:\Windows\System\DdEFxvG.exe
  C:\Windows\System\DdEFxvG.exe
  2⤵
  PID:6352
- C:\Windows\System\aUItlvV.exe
  C:\Windows\System\aUItlvV.exe
  2⤵
  PID:6368
- C:\Windows\System\bCnbJmk.exe
  C:\Windows\System\bCnbJmk.exe
  2⤵
  PID:6384
- C:\Windows\System\VLpHMyO.exe
  C:\Windows\System\VLpHMyO.exe
  2⤵
  PID:6408
- C:\Windows\System\IJZfHoC.exe
  C:\Windows\System\IJZfHoC.exe
  2⤵
  PID:6424
- C:\Windows\System\YtIWpiS.exe
  C:\Windows\System\YtIWpiS.exe
  2⤵
  PID:6440
- C:\Windows\System\aPxONXT.exe
  C:\Windows\System\aPxONXT.exe
  2⤵
  PID:6456
- C:\Windows\System\DuGWneV.exe
  C:\Windows\System\DuGWneV.exe
  2⤵
  PID:6472
- C:\Windows\System\FYPxema.exe
  C:\Windows\System\FYPxema.exe
  2⤵
  PID:6492
- C:\Windows\System\ZiXnDWD.exe
  C:\Windows\System\ZiXnDWD.exe
  2⤵
  PID:6512
- C:\Windows\System\haLDACe.exe
  C:\Windows\System\haLDACe.exe
  2⤵
  PID:6600
- C:\Windows\System\bhJTQEQ.exe
  C:\Windows\System\bhJTQEQ.exe
  2⤵
  PID:6628
- C:\Windows\System\zYuuVWi.exe
  C:\Windows\System\zYuuVWi.exe
  2⤵
  PID:6648
- C:\Windows\System\nozzeAE.exe
  C:\Windows\System\nozzeAE.exe
  2⤵
  PID:6664
- C:\Windows\System\rgdcKUi.exe
  C:\Windows\System\rgdcKUi.exe
  2⤵
  PID:6680
- C:\Windows\System\wQQgfkO.exe
  C:\Windows\System\wQQgfkO.exe
  2⤵
  PID:6696
- C:\Windows\System\hXtcdzm.exe
  C:\Windows\System\hXtcdzm.exe
  2⤵
  PID:6712
- C:\Windows\System\LZxJpUE.exe
  C:\Windows\System\LZxJpUE.exe
  2⤵
  PID:6728
- C:\Windows\System\jJGlEGj.exe
  C:\Windows\System\jJGlEGj.exe
  2⤵
  PID:6748
- C:\Windows\System\sBbdTss.exe
  C:\Windows\System\sBbdTss.exe
  2⤵
  PID:6764
- C:\Windows\System\jYeyGfA.exe
  C:\Windows\System\jYeyGfA.exe
  2⤵
  PID:6780
- C:\Windows\System\cvHsPXb.exe
  C:\Windows\System\cvHsPXb.exe
  2⤵
  PID:6796
- C:\Windows\System\JCdZlNW.exe
  C:\Windows\System\JCdZlNW.exe
  2⤵
  PID:6812
- C:\Windows\System\DRdVmoV.exe
  C:\Windows\System\DRdVmoV.exe
  2⤵
  PID:6828
- C:\Windows\System\PWdAWCj.exe
  C:\Windows\System\PWdAWCj.exe
  2⤵
  PID:6844
- C:\Windows\System\ZUyaNHN.exe
  C:\Windows\System\ZUyaNHN.exe
  2⤵
  PID:6860
- C:\Windows\System\rZFeDxX.exe
  C:\Windows\System\rZFeDxX.exe
  2⤵
  PID:6876
- C:\Windows\System\nfTkVXN.exe
  C:\Windows\System\nfTkVXN.exe
  2⤵
  PID:6892
- C:\Windows\System\gJQFJJd.exe
  C:\Windows\System\gJQFJJd.exe
  2⤵
  PID:6908
- C:\Windows\System\awPYPpc.exe
  C:\Windows\System\awPYPpc.exe
  2⤵
  PID:6924
- C:\Windows\System\ajmLRCu.exe
  C:\Windows\System\ajmLRCu.exe
  2⤵
  PID:6940
- C:\Windows\System\IjrXsqo.exe
  C:\Windows\System\IjrXsqo.exe
  2⤵
  PID:6956
- C:\Windows\System\iJfHFZj.exe
  C:\Windows\System\iJfHFZj.exe
  2⤵
  PID:6972
- C:\Windows\System\bLlvsCg.exe
  C:\Windows\System\bLlvsCg.exe
  2⤵
  PID:6992
- C:\Windows\System\YIqLalg.exe
  C:\Windows\System\YIqLalg.exe
  2⤵
  PID:7008
- C:\Windows\System\tSfzXRP.exe
  C:\Windows\System\tSfzXRP.exe
  2⤵
  PID:7028
- C:\Windows\System\bSpfJtT.exe
  C:\Windows\System\bSpfJtT.exe
  2⤵
  PID:7044
- C:\Windows\System\waWbLRQ.exe
  C:\Windows\System\waWbLRQ.exe
  2⤵
  PID:7064
- C:\Windows\System\gzmPGdh.exe
  C:\Windows\System\gzmPGdh.exe
  2⤵
  PID:7080
- C:\Windows\System\ZhUZmmQ.exe
  C:\Windows\System\ZhUZmmQ.exe
  2⤵
  PID:7096
- C:\Windows\System\fRIhOxW.exe
  C:\Windows\System\fRIhOxW.exe
  2⤵
  PID:7112
- C:\Windows\System\TlNyZwc.exe
  C:\Windows\System\TlNyZwc.exe
  2⤵
  PID:7132
- C:\Windows\System\wfjyTqK.exe
  C:\Windows\System\wfjyTqK.exe
  2⤵
  PID:7148
- C:\Windows\System\BCdYbwm.exe
  C:\Windows\System\BCdYbwm.exe
  2⤵
  PID:7164
- C:\Windows\System\Nuguzlu.exe
  C:\Windows\System\Nuguzlu.exe
  2⤵
  PID:5916
- C:\Windows\System\EnBTwzB.exe
  C:\Windows\System\EnBTwzB.exe
  2⤵
  PID:6200
- C:\Windows\System\BknpvOz.exe
  C:\Windows\System\BknpvOz.exe
  2⤵
  PID:6240
- C:\Windows\System\wipkUQg.exe
  C:\Windows\System\wipkUQg.exe
  2⤵
  PID:6256
- C:\Windows\System\dfUNlUD.exe
  C:\Windows\System\dfUNlUD.exe
  2⤵
  PID:6228
- C:\Windows\System\BrrulVh.exe
  C:\Windows\System\BrrulVh.exe
  2⤵
  PID:6296
- C:\Windows\System\oGnFkrl.exe
  C:\Windows\System\oGnFkrl.exe
  2⤵
  PID:6316
- C:\Windows\System\QvwzZUS.exe
  C:\Windows\System\QvwzZUS.exe
  2⤵
  PID:6380
- C:\Windows\System\uezYfvQ.exe
  C:\Windows\System\uezYfvQ.exe
  2⤵
  PID:6452
- C:\Windows\System\FhjLVXL.exe
  C:\Windows\System\FhjLVXL.exe
  2⤵
  PID:6360
- C:\Windows\System\leqBaGl.exe
  C:\Windows\System\leqBaGl.exe
  2⤵
  PID:6400
- C:\Windows\System\kLHTLwN.exe
  C:\Windows\System\kLHTLwN.exe
  2⤵
  PID:6484
- C:\Windows\System\lOpEuSI.exe
  C:\Windows\System\lOpEuSI.exe
  2⤵
  PID:6500
- C:\Windows\System\JIQEgZg.exe
  C:\Windows\System\JIQEgZg.exe
  2⤵
  PID:6524
- C:\Windows\System\SQSvsFd.exe
  C:\Windows\System\SQSvsFd.exe
  2⤵
  PID:6540
- C:\Windows\System\IPuemYz.exe
  C:\Windows\System\IPuemYz.exe
  2⤵
  PID:6556
- C:\Windows\System\FEIXPMh.exe
  C:\Windows\System\FEIXPMh.exe
  2⤵
  PID:6580
- C:\Windows\System\xlhWOIH.exe
  C:\Windows\System\xlhWOIH.exe
  2⤵
  PID:6592
- C:\Windows\System\anBWohS.exe
  C:\Windows\System\anBWohS.exe
  2⤵
  PID:6644
- C:\Windows\System\xeMswmk.exe
  C:\Windows\System\xeMswmk.exe
  2⤵
  PID:6612
- C:\Windows\System\jSawcOZ.exe
  C:\Windows\System\jSawcOZ.exe
  2⤵
  PID:6736
- C:\Windows\System\KzzJcEx.exe
  C:\Windows\System\KzzJcEx.exe
  2⤵
  PID:6744
- C:\Windows\System\ocLKkfj.exe
  C:\Windows\System\ocLKkfj.exe
  2⤵
  PID:6660
- C:\Windows\System\PXsMaDT.exe
  C:\Windows\System\PXsMaDT.exe
  2⤵
  PID:6692
- C:\Windows\System\PysreZS.exe
  C:\Windows\System\PysreZS.exe
  2⤵
  PID:6760
- C:\Windows\System\puvbgdC.exe
  C:\Windows\System\puvbgdC.exe
  2⤵
  PID:6808
- C:\Windows\System\xaKUXXB.exe
  C:\Windows\System\xaKUXXB.exe
  2⤵
  PID:6836
- C:\Windows\System\aWIMmAq.exe
  C:\Windows\System\aWIMmAq.exe
  2⤵
  PID:6852
- C:\Windows\System\mBwELfA.exe
  C:\Windows\System\mBwELfA.exe
  2⤵
  PID:6932
- C:\Windows\System\nodMKAn.exe
  C:\Windows\System\nodMKAn.exe
  2⤵
  PID:6952
- C:\Windows\System\GbHEegW.exe
  C:\Windows\System\GbHEegW.exe
  2⤵
  PID:6980
- C:\Windows\System\eGySKYY.exe
  C:\Windows\System\eGySKYY.exe
  2⤵
  PID:7004
- C:\Windows\System\CBRQUkw.exe
  C:\Windows\System\CBRQUkw.exe
  2⤵
  PID:7036
- C:\Windows\System\wxxjAVr.exe
  C:\Windows\System\wxxjAVr.exe
  2⤵
  PID:7072
- C:\Windows\System\LlcBbBS.exe
  C:\Windows\System\LlcBbBS.exe
  2⤵
  PID:7104
- C:\Windows\System\tTIMEkf.exe
  C:\Windows\System\tTIMEkf.exe
  2⤵
  PID:5320
- C:\Windows\System\PLEnNGD.exe
  C:\Windows\System\PLEnNGD.exe
  2⤵
  PID:7160
- C:\Windows\System\nyXtfXO.exe
  C:\Windows\System\nyXtfXO.exe
  2⤵
  PID:1492
- C:\Windows\System\qcIucth.exe
  C:\Windows\System\qcIucth.exe
  2⤵
  PID:6276
- C:\Windows\System\QtXXmRY.exe
  C:\Windows\System\QtXXmRY.exe
  2⤵
  PID:6348
- C:\Windows\System\PNMAZtz.exe
  C:\Windows\System\PNMAZtz.exe
  2⤵
  PID:4980
- C:\Windows\System\ENLwPIH.exe
  C:\Windows\System\ENLwPIH.exe
  2⤵
  PID:6172
- C:\Windows\System\tfdmKsw.exe
  C:\Windows\System\tfdmKsw.exe
  2⤵
  PID:6392
- C:\Windows\System\iElzICb.exe
  C:\Windows\System\iElzICb.exe
  2⤵
  PID:6488
- C:\Windows\System\crDzsvN.exe
  C:\Windows\System\crDzsvN.exe
  2⤵
  PID:5228
- C:\Windows\System\Lrysjre.exe
  C:\Windows\System\Lrysjre.exe
  2⤵
  PID:6568
- C:\Windows\System\KuxoxAh.exe
  C:\Windows\System\KuxoxAh.exe
  2⤵
  PID:6720
- C:\Windows\System\yNvgxsq.exe
  C:\Windows\System\yNvgxsq.exe
  2⤵
  PID:6708
- C:\Windows\System\lePxEpe.exe
  C:\Windows\System\lePxEpe.exe
  2⤵
  PID:6788
- C:\Windows\System\lmSOFov.exe
  C:\Windows\System\lmSOFov.exe
  2⤵
  PID:6624
- C:\Windows\System\uqWxowP.exe
  C:\Windows\System\uqWxowP.exe
  2⤵
  PID:6904
- C:\Windows\System\PSGwMPT.exe
  C:\Windows\System\PSGwMPT.exe
  2⤵
  PID:6968
- C:\Windows\System\AakvfVU.exe
  C:\Windows\System\AakvfVU.exe
  2⤵
  PID:6920
- C:\Windows\System\bztrkGZ.exe
  C:\Windows\System\bztrkGZ.exe
  2⤵
  PID:7108
- C:\Windows\System\AuylkUj.exe
  C:\Windows\System\AuylkUj.exe
  2⤵
  PID:6328
- C:\Windows\System\GrCgVVZ.exe
  C:\Windows\System\GrCgVVZ.exe
  2⤵
  PID:7060
- C:\Windows\System\jSNYVpW.exe
  C:\Windows\System\jSNYVpW.exe
  2⤵
  PID:7128
- C:\Windows\System\eBLAjYl.exe
  C:\Windows\System\eBLAjYl.exe
  2⤵
  PID:6332
- C:\Windows\System\HMnZoQP.exe
  C:\Windows\System\HMnZoQP.exe
  2⤵
  PID:6448
- C:\Windows\System\uZhyYJd.exe
  C:\Windows\System\uZhyYJd.exe
  2⤵
  PID:6536
- C:\Windows\System\gzNjvDl.exe
  C:\Windows\System\gzNjvDl.exe
  2⤵
  PID:6676
- C:\Windows\System\euxQfjj.exe
  C:\Windows\System\euxQfjj.exe
  2⤵
  PID:6672
- C:\Windows\System\izIwWoY.exe
  C:\Windows\System\izIwWoY.exe
  2⤵
  PID:6916
- C:\Windows\System\uSIwfwq.exe
  C:\Windows\System\uSIwfwq.exe
  2⤵
  PID:6872
- C:\Windows\System\zjirxkb.exe
  C:\Windows\System\zjirxkb.exe
  2⤵
  PID:7120
- C:\Windows\System\zcfmVOJ.exe
  C:\Windows\System\zcfmVOJ.exe
  2⤵
  PID:7140
- C:\Windows\System\KdYYvXr.exe
  C:\Windows\System\KdYYvXr.exe
  2⤵
  PID:6432
- C:\Windows\System\CHBsfTS.exe
  C:\Windows\System\CHBsfTS.exe
  2⤵
  PID:7000
- C:\Windows\System\MzMGrXb.exe
  C:\Windows\System\MzMGrXb.exe
  2⤵
  PID:6468
- C:\Windows\System\RlJlofz.exe
  C:\Windows\System\RlJlofz.exe
  2⤵
  PID:6988
- C:\Windows\System\mqApXbD.exe
  C:\Windows\System\mqApXbD.exe
  2⤵
  PID:6616
- C:\Windows\System\poJdNsL.exe
  C:\Windows\System\poJdNsL.exe
  2⤵
  PID:6436
- C:\Windows\System\KmDWTkN.exe
  C:\Windows\System\KmDWTkN.exe
  2⤵
  PID:6588
- C:\Windows\System\NqtAbYd.exe
  C:\Windows\System\NqtAbYd.exe
  2⤵
  PID:6608
- C:\Windows\System\MZSeoDd.exe
  C:\Windows\System\MZSeoDd.exe
  2⤵
  PID:7184
- C:\Windows\System\NGuIUMj.exe
  C:\Windows\System\NGuIUMj.exe
  2⤵
  PID:7200
- C:\Windows\System\psbjghr.exe
  C:\Windows\System\psbjghr.exe
  2⤵
  PID:7216
- C:\Windows\System\PeGwUZo.exe
  C:\Windows\System\PeGwUZo.exe
  2⤵
  PID:7232
- C:\Windows\System\SYrWYbO.exe
  C:\Windows\System\SYrWYbO.exe
  2⤵
  PID:7248
- C:\Windows\System\lEXMhiL.exe
  C:\Windows\System\lEXMhiL.exe
  2⤵
  PID:7264
- C:\Windows\System\lijayZG.exe
  C:\Windows\System\lijayZG.exe
  2⤵
  PID:7280
- C:\Windows\System\GcHDsgS.exe
  C:\Windows\System\GcHDsgS.exe
  2⤵
  PID:7300
- C:\Windows\System\cAZSSTG.exe
  C:\Windows\System\cAZSSTG.exe
  2⤵
  PID:7316
- C:\Windows\System\gTYOqWI.exe
  C:\Windows\System\gTYOqWI.exe
  2⤵
  PID:7336
- C:\Windows\System\yXMKlxx.exe
  C:\Windows\System\yXMKlxx.exe
  2⤵
  PID:7352
- C:\Windows\System\VpjFcCv.exe
  C:\Windows\System\VpjFcCv.exe
  2⤵
  PID:7368
- C:\Windows\System\HLeDGXH.exe
  C:\Windows\System\HLeDGXH.exe
  2⤵
  PID:7384
- C:\Windows\System\EGAQNBe.exe
  C:\Windows\System\EGAQNBe.exe
  2⤵
  PID:7400
- C:\Windows\System\zMRNsBz.exe
  C:\Windows\System\zMRNsBz.exe
  2⤵
  PID:7416
- C:\Windows\System\rvRZZWe.exe
  C:\Windows\System\rvRZZWe.exe
  2⤵
  PID:7432
- C:\Windows\System\IEkCtlw.exe
  C:\Windows\System\IEkCtlw.exe
  2⤵
  PID:7448
- C:\Windows\System\RKzDcNH.exe
  C:\Windows\System\RKzDcNH.exe
  2⤵
  PID:7464
- C:\Windows\System\vhleoAx.exe
  C:\Windows\System\vhleoAx.exe
  2⤵
  PID:7480
- C:\Windows\System\npPrnkV.exe
  C:\Windows\System\npPrnkV.exe
  2⤵
  PID:7496
- C:\Windows\System\JsyGAei.exe
  C:\Windows\System\JsyGAei.exe
  2⤵
  PID:7512
- C:\Windows\System\QNobiIH.exe
  C:\Windows\System\QNobiIH.exe
  2⤵
  PID:7528
- C:\Windows\System\uBabpBp.exe
  C:\Windows\System\uBabpBp.exe
  2⤵
  PID:7544
- C:\Windows\System\KOagEFA.exe
  C:\Windows\System\KOagEFA.exe
  2⤵
  PID:7560
- C:\Windows\System\mCLhaDd.exe
  C:\Windows\System\mCLhaDd.exe
  2⤵
  PID:7576
- C:\Windows\System\LXBFwDn.exe
  C:\Windows\System\LXBFwDn.exe
  2⤵
  PID:7592
- C:\Windows\System\kKGJmUS.exe
  C:\Windows\System\kKGJmUS.exe
  2⤵
  PID:7608
- C:\Windows\System\XluUnkK.exe
  C:\Windows\System\XluUnkK.exe
  2⤵
  PID:7624
- C:\Windows\System\XgzdmiI.exe
  C:\Windows\System\XgzdmiI.exe
  2⤵
  PID:7640
- C:\Windows\System\EMYtKfH.exe
  C:\Windows\System\EMYtKfH.exe
  2⤵
  PID:7656
- C:\Windows\System\wkVvTxS.exe
  C:\Windows\System\wkVvTxS.exe
  2⤵
  PID:7672
- C:\Windows\System\hcamTtG.exe
  C:\Windows\System\hcamTtG.exe
  2⤵
  PID:7688
- C:\Windows\System\cjezIHB.exe
  C:\Windows\System\cjezIHB.exe
  2⤵
  PID:7704
- C:\Windows\System\dAffYft.exe
  C:\Windows\System\dAffYft.exe
  2⤵
  PID:7720
- C:\Windows\System\rqimuAl.exe
  C:\Windows\System\rqimuAl.exe
  2⤵
  PID:7736
- C:\Windows\System\zQLRTbt.exe
  C:\Windows\System\zQLRTbt.exe
  2⤵
  PID:7752
- C:\Windows\System\CAzAeyn.exe
  C:\Windows\System\CAzAeyn.exe
  2⤵
  PID:7768
- C:\Windows\System\kJfPLKe.exe
  C:\Windows\System\kJfPLKe.exe
  2⤵
  PID:7784
- C:\Windows\System\PwYXWPq.exe
  C:\Windows\System\PwYXWPq.exe
  2⤵
  PID:7800
- C:\Windows\System\lpbqzqe.exe
  C:\Windows\System\lpbqzqe.exe
  2⤵
  PID:7816
- C:\Windows\System\JqkkxPy.exe
  C:\Windows\System\JqkkxPy.exe
  2⤵
  PID:7832
- C:\Windows\System\reLTwSx.exe
  C:\Windows\System\reLTwSx.exe
  2⤵
  PID:7848
- C:\Windows\System\odUICtg.exe
  C:\Windows\System\odUICtg.exe
  2⤵
  PID:7864
- C:\Windows\System\RugXRqg.exe
  C:\Windows\System\RugXRqg.exe
  2⤵
  PID:7880
- C:\Windows\System\VGsEitv.exe
  C:\Windows\System\VGsEitv.exe
  2⤵
  PID:7896
- C:\Windows\System\jENkdRZ.exe
  C:\Windows\System\jENkdRZ.exe
  2⤵
  PID:7912
- C:\Windows\System\HmvzhkF.exe
  C:\Windows\System\HmvzhkF.exe
  2⤵
  PID:7928
- C:\Windows\System\UclTSMv.exe
  C:\Windows\System\UclTSMv.exe
  2⤵
  PID:7944
- C:\Windows\System\xTcqnYQ.exe
  C:\Windows\System\xTcqnYQ.exe
  2⤵
  PID:7960
- C:\Windows\System\wGjUtIm.exe
  C:\Windows\System\wGjUtIm.exe
  2⤵
  PID:7976
- C:\Windows\System\osyxlTT.exe
  C:\Windows\System\osyxlTT.exe
  2⤵
  PID:7992
- C:\Windows\System\ZWVyHHB.exe
  C:\Windows\System\ZWVyHHB.exe
  2⤵
  PID:8008
- C:\Windows\System\KHoytxT.exe
  C:\Windows\System\KHoytxT.exe
  2⤵
  PID:8024
- C:\Windows\System\mZcLJVs.exe
  C:\Windows\System\mZcLJVs.exe
  2⤵
  PID:8040
- C:\Windows\System\SQhpmGJ.exe
  C:\Windows\System\SQhpmGJ.exe
  2⤵
  PID:8056
- C:\Windows\System\PSOumzm.exe
  C:\Windows\System\PSOumzm.exe
  2⤵
  PID:8072
- C:\Windows\System\HktqABg.exe
  C:\Windows\System\HktqABg.exe
  2⤵
  PID:8088
- C:\Windows\System\FpoHAFl.exe
  C:\Windows\System\FpoHAFl.exe
  2⤵
  PID:8104
- C:\Windows\System\itxOCqF.exe
  C:\Windows\System\itxOCqF.exe
  2⤵
  PID:8120
- C:\Windows\System\leosMSs.exe
  C:\Windows\System\leosMSs.exe
  2⤵
  PID:8136
- C:\Windows\System\JKePRia.exe
  C:\Windows\System\JKePRia.exe
  2⤵
  PID:8152
- C:\Windows\System\EwBOdgP.exe
  C:\Windows\System\EwBOdgP.exe
  2⤵
  PID:8168
- C:\Windows\System\ELkqnYm.exe
  C:\Windows\System\ELkqnYm.exe
  2⤵
  PID:8184
- C:\Windows\System\PwxiMLr.exe
  C:\Windows\System\PwxiMLr.exe
  2⤵
  PID:6900
- C:\Windows\System\zebmuVD.exe
  C:\Windows\System\zebmuVD.exe
  2⤵
  PID:7212
- C:\Windows\System\fVrXQKV.exe
  C:\Windows\System\fVrXQKV.exe
  2⤵
  PID:7272
- C:\Windows\System\coeqrAE.exe
  C:\Windows\System\coeqrAE.exe
  2⤵
  PID:7312
- C:\Windows\System\FqYgyaq.exe
  C:\Windows\System\FqYgyaq.exe
  2⤵
  PID:7256
- C:\Windows\System\SYiyXUa.exe
  C:\Windows\System\SYiyXUa.exe
  2⤵
  PID:7228
- C:\Windows\System\lsVWloR.exe
  C:\Windows\System\lsVWloR.exe
  2⤵
  PID:7324
- C:\Windows\System\yEPjIAv.exe
  C:\Windows\System\yEPjIAv.exe
  2⤵
  PID:7364
- C:\Windows\System\lGTaRYN.exe
  C:\Windows\System\lGTaRYN.exe
  2⤵
  PID:7424
- C:\Windows\System\sMgySPt.exe
  C:\Windows\System\sMgySPt.exe
  2⤵
  PID:7476
- C:\Windows\System\MluOXMV.exe
  C:\Windows\System\MluOXMV.exe
  2⤵
  PID:7540
- C:\Windows\System\ASvUauU.exe
  C:\Windows\System\ASvUauU.exe
  2⤵
  PID:7460
- C:\Windows\System\HdulBFj.exe
  C:\Windows\System\HdulBFj.exe
  2⤵
  PID:7588
- C:\Windows\System\WujpruL.exe
  C:\Windows\System\WujpruL.exe
  2⤵
  PID:7524
- C:\Windows\System\MsbYhnD.exe
  C:\Windows\System\MsbYhnD.exe
  2⤵
  PID:7652
- C:\Windows\System\EPIwNzI.exe
  C:\Windows\System\EPIwNzI.exe
  2⤵
  PID:7668
- C:\Windows\System\aBYVCOu.exe
  C:\Windows\System\aBYVCOu.exe
  2⤵
  PID:7684
- C:\Windows\System\BplvRPe.exe
  C:\Windows\System\BplvRPe.exe
  2⤵
  PID:7620
- C:\Windows\System\urhEUhh.exe
  C:\Windows\System\urhEUhh.exe
  2⤵
  PID:7764
- C:\Windows\System\vHDDHxr.exe
  C:\Windows\System\vHDDHxr.exe
  2⤵
  PID:7828
- C:\Windows\System\XNqTikl.exe
  C:\Windows\System\XNqTikl.exe
  2⤵
  PID:7776
- C:\Windows\System\RPmxopX.exe
  C:\Windows\System\RPmxopX.exe
  2⤵
  PID:7844
- C:\Windows\System\WYCtqWU.exe
  C:\Windows\System\WYCtqWU.exe
  2⤵
  PID:7888
- C:\Windows\System\HrVcewH.exe
  C:\Windows\System\HrVcewH.exe
  2⤵
  PID:7872
- C:\Windows\System\AEkLcsA.exe
  C:\Windows\System\AEkLcsA.exe
  2⤵
  PID:7940
- C:\Windows\System\YsGVGJe.exe
  C:\Windows\System\YsGVGJe.exe
  2⤵
  PID:7972
- C:\Windows\System\unFhvcT.exe
  C:\Windows\System\unFhvcT.exe
  2⤵
  PID:8048
- C:\Windows\System\IkFTIkj.exe
  C:\Windows\System\IkFTIkj.exe
  2⤵
  PID:8084
- C:\Windows\System\CPwqTlP.exe
  C:\Windows\System\CPwqTlP.exe
  2⤵
  PID:8148
- C:\Windows\System\ZtZuMjC.exe
  C:\Windows\System\ZtZuMjC.exe
  2⤵
  PID:8180
- C:\Windows\System\jxYmzCA.exe
  C:\Windows\System\jxYmzCA.exe
  2⤵
  PID:6948
- C:\Windows\System\KfkYTsF.exe
  C:\Windows\System\KfkYTsF.exe
  2⤵
  PID:8100
- C:\Windows\System\PYjxRzW.exe
  C:\Windows\System\PYjxRzW.exe
  2⤵
  PID:8164
- C:\Windows\System\GxWjDTV.exe
  C:\Windows\System\GxWjDTV.exe
  2⤵
  PID:7308
- C:\Windows\System\qIvNImv.exe
  C:\Windows\System\qIvNImv.exe
  2⤵
  PID:7360
- C:\Windows\System\SoIEWWT.exe
  C:\Windows\System\SoIEWWT.exe
  2⤵
  PID:7572
- C:\Windows\System\DMbvTYO.exe
  C:\Windows\System\DMbvTYO.exe
  2⤵
  PID:7396
- C:\Windows\System\HvDFPmO.exe
  C:\Windows\System\HvDFPmO.exe
  2⤵
  PID:7348
- C:\Windows\System\qMWbakr.exe
  C:\Windows\System\qMWbakr.exe
  2⤵
  PID:7556
- C:\Windows\System\TLHGwIz.exe
  C:\Windows\System\TLHGwIz.exe
  2⤵
  PID:7632
- C:\Windows\System\aUmHTme.exe
  C:\Windows\System\aUmHTme.exe
  2⤵
  PID:7760
- C:\Windows\System\LatprGv.exe
  C:\Windows\System\LatprGv.exe
  2⤵
  PID:7796
- C:\Windows\System\fuKnHQn.exe
  C:\Windows\System\fuKnHQn.exe
  2⤵
  PID:7732
- C:\Windows\System\UsJLWNB.exe
  C:\Windows\System\UsJLWNB.exe
  2⤵
  PID:7920
- C:\Windows\System\fsQTmrp.exe
  C:\Windows\System\fsQTmrp.exe
  2⤵
  PID:7984
- C:\Windows\System\HdARqhf.exe
  C:\Windows\System\HdARqhf.exe
  2⤵
  PID:8020
- C:\Windows\System\LLtwJls.exe
  C:\Windows\System\LLtwJls.exe
  2⤵
  PID:8032
- C:\Windows\System\UbAXrNs.exe
  C:\Windows\System\UbAXrNs.exe
  2⤵
  PID:7180
- C:\Windows\System\oIKclMJ.exe
  C:\Windows\System\oIKclMJ.exe
  2⤵
  PID:8004
- C:\Windows\System\DBenzMS.exe
  C:\Windows\System\DBenzMS.exe
  2⤵
  PID:8160
- C:\Windows\System\LvcUWZP.exe
  C:\Windows\System\LvcUWZP.exe
  2⤵
  PID:7604
- C:\Windows\System\zEHCAbm.exe
  C:\Windows\System\zEHCAbm.exe
  2⤵
  PID:7748
- C:\Windows\System\GxivUPs.exe
  C:\Windows\System\GxivUPs.exe
  2⤵
  PID:7552
- C:\Windows\System\mjiPsIt.exe
  C:\Windows\System\mjiPsIt.exe
  2⤵
  PID:7840
- C:\Windows\System\FqUHIqn.exe
  C:\Windows\System\FqUHIqn.exe
  2⤵
  PID:7968
- C:\Windows\System\imrwmDH.exe
  C:\Windows\System\imrwmDH.exe
  2⤵
  PID:8080
- C:\Windows\System\RcgrRve.exe
  C:\Windows\System\RcgrRve.exe
  2⤵
  PID:8132
- C:\Windows\System\vmfkywI.exe
  C:\Windows\System\vmfkywI.exe
  2⤵
  PID:8208
- C:\Windows\System\VcFrdOf.exe
  C:\Windows\System\VcFrdOf.exe
  2⤵
  PID:8224
- C:\Windows\System\gyNtnqx.exe
  C:\Windows\System\gyNtnqx.exe
  2⤵
  PID:8240
- C:\Windows\System\fNnidhb.exe
  C:\Windows\System\fNnidhb.exe
  2⤵
  PID:8256
- C:\Windows\System\tLTSHox.exe
  C:\Windows\System\tLTSHox.exe
  2⤵
  PID:8272
- C:\Windows\System\bzmzbNV.exe
  C:\Windows\System\bzmzbNV.exe
  2⤵
  PID:8288
- C:\Windows\System\DIAglGH.exe
  C:\Windows\System\DIAglGH.exe
  2⤵
  PID:8304
- C:\Windows\System\mKnrMpJ.exe
  C:\Windows\System\mKnrMpJ.exe
  2⤵
  PID:8320
- C:\Windows\System\pJnmCvH.exe
  C:\Windows\System\pJnmCvH.exe
  2⤵
  PID:8336
- C:\Windows\System\SWDLkzr.exe
  C:\Windows\System\SWDLkzr.exe
  2⤵
  PID:8352
- C:\Windows\System\jfkhUEf.exe
  C:\Windows\System\jfkhUEf.exe
  2⤵
  PID:8368
- C:\Windows\System\OiDHhDp.exe
  C:\Windows\System\OiDHhDp.exe
  2⤵
  PID:8384
- C:\Windows\System\sNnoNEL.exe
  C:\Windows\System\sNnoNEL.exe
  2⤵
  PID:8400
- C:\Windows\System\HuXnCzy.exe
  C:\Windows\System\HuXnCzy.exe
  2⤵
  PID:8416
- C:\Windows\System\UzVFhPT.exe
  C:\Windows\System\UzVFhPT.exe
  2⤵
  PID:8432
- C:\Windows\System\UehGVhI.exe
  C:\Windows\System\UehGVhI.exe
  2⤵
  PID:8448
- C:\Windows\System\ILbSyWR.exe
  C:\Windows\System\ILbSyWR.exe
  2⤵
  PID:8464
- C:\Windows\System\RkTbTyJ.exe
  C:\Windows\System\RkTbTyJ.exe
  2⤵
  PID:8480
- C:\Windows\System\lnRhZfM.exe
  C:\Windows\System\lnRhZfM.exe
  2⤵
  PID:8496
- C:\Windows\System\MAmYAQe.exe
  C:\Windows\System\MAmYAQe.exe
  2⤵
  PID:8512
- C:\Windows\System\eXXNbLe.exe
  C:\Windows\System\eXXNbLe.exe
  2⤵
  PID:8528
- C:\Windows\System\DcjQOuX.exe
  C:\Windows\System\DcjQOuX.exe
  2⤵
  PID:8544
- C:\Windows\System\ieeSZYN.exe
  C:\Windows\System\ieeSZYN.exe
  2⤵
  PID:8560
- C:\Windows\System\OzmHqtm.exe
  C:\Windows\System\OzmHqtm.exe
  2⤵
  PID:8576
- C:\Windows\System\KovEClS.exe
  C:\Windows\System\KovEClS.exe
  2⤵
  PID:8592
- C:\Windows\System\jJhvRby.exe
  C:\Windows\System\jJhvRby.exe
  2⤵
  PID:8608
- C:\Windows\System\KjMJmbE.exe
  C:\Windows\System\KjMJmbE.exe
  2⤵
  PID:8624
- C:\Windows\System\KzwuxpY.exe
  C:\Windows\System\KzwuxpY.exe
  2⤵
  PID:8640
- C:\Windows\System\BNVzUEn.exe
  C:\Windows\System\BNVzUEn.exe
  2⤵
  PID:8656
- C:\Windows\System\OVbOsXX.exe
  C:\Windows\System\OVbOsXX.exe
  2⤵
  PID:8672
- C:\Windows\System\qxiauad.exe
  C:\Windows\System\qxiauad.exe
  2⤵
  PID:8688
- C:\Windows\System\UqpvfxY.exe
  C:\Windows\System\UqpvfxY.exe
  2⤵
  PID:8704
- C:\Windows\System\iqOlSkY.exe
  C:\Windows\System\iqOlSkY.exe
  2⤵
  PID:8724
- C:\Windows\System\fojBFcM.exe
  C:\Windows\System\fojBFcM.exe
  2⤵
  PID:8744
- C:\Windows\System\fwzEHQi.exe
  C:\Windows\System\fwzEHQi.exe
  2⤵
  PID:8760
- C:\Windows\System\oIbUVmn.exe
  C:\Windows\System\oIbUVmn.exe
  2⤵
  PID:8780
- C:\Windows\System\PShgBWt.exe
  C:\Windows\System\PShgBWt.exe
  2⤵
  PID:8796
- C:\Windows\System\aBhSeJG.exe
  C:\Windows\System\aBhSeJG.exe
  2⤵
  PID:8812
- C:\Windows\System\OitujNA.exe
  C:\Windows\System\OitujNA.exe
  2⤵
  PID:8828
- C:\Windows\System\DNXmfBP.exe
  C:\Windows\System\DNXmfBP.exe
  2⤵
  PID:8844
- C:\Windows\System\MGfrLYS.exe
  C:\Windows\System\MGfrLYS.exe
  2⤵
  PID:8860
- C:\Windows\System\gouEPgN.exe
  C:\Windows\System\gouEPgN.exe
  2⤵
  PID:8876
- C:\Windows\System\jsGLPgX.exe
  C:\Windows\System\jsGLPgX.exe
  2⤵
  PID:8892
- C:\Windows\System\lvkgpaZ.exe
  C:\Windows\System\lvkgpaZ.exe
  2⤵
  PID:8908
- C:\Windows\System\ZaKLyxo.exe
  C:\Windows\System\ZaKLyxo.exe
  2⤵
  PID:8924
- C:\Windows\System\OdGyyDG.exe
  C:\Windows\System\OdGyyDG.exe
  2⤵
  PID:8940
- C:\Windows\System\IOpPpQM.exe
  C:\Windows\System\IOpPpQM.exe
  2⤵
  PID:8956
- C:\Windows\System\QkTWXdR.exe
  C:\Windows\System\QkTWXdR.exe
  2⤵
  PID:8972
- C:\Windows\System\cUOvWuu.exe
  C:\Windows\System\cUOvWuu.exe
  2⤵
  PID:8536
- C:\Windows\System\BbABtlm.exe
  C:\Windows\System\BbABtlm.exe
  2⤵
  PID:8776
- C:\Windows\System\DBdvkmZ.exe
  C:\Windows\System\DBdvkmZ.exe
  2⤵
  PID:9160
- C:\Windows\System\AIwKlhR.exe
  C:\Windows\System\AIwKlhR.exe
  2⤵
  PID:9176
- C:\Windows\System\WejYmUq.exe
  C:\Windows\System\WejYmUq.exe
  2⤵
  PID:9188
- C:\Windows\System\iEVUfzc.exe
  C:\Windows\System\iEVUfzc.exe
  2⤵
  PID:9212
- C:\Windows\System\XBuddaz.exe
  C:\Windows\System\XBuddaz.exe
  2⤵
  PID:8772
- C:\Windows\System\wZAeOab.exe
  C:\Windows\System\wZAeOab.exe
  2⤵
  PID:7472
- C:\Windows\System\HyTAxRL.exe
  C:\Windows\System\HyTAxRL.exe
  2⤵
  PID:8144
- C:\Windows\System\nZnexVV.exe
  C:\Windows\System\nZnexVV.exe
  2⤵
  PID:8216
- C:\Windows\System\WmBXFrg.exe
  C:\Windows\System\WmBXFrg.exe
  2⤵
  PID:8268
- C:\Windows\System\uyKsZoV.exe
  C:\Windows\System\uyKsZoV.exe
  2⤵
  PID:8360
- C:\Windows\System\PphBFpA.exe
  C:\Windows\System\PphBFpA.exe
  2⤵
  PID:8280
- C:\Windows\System\TTQFEpt.exe
  C:\Windows\System\TTQFEpt.exe
  2⤵
  PID:8376
- C:\Windows\System\ntDSKmB.exe
  C:\Windows\System\ntDSKmB.exe
  2⤵
  PID:8312
- C:\Windows\System\XTUTMSS.exe
  C:\Windows\System\XTUTMSS.exe
  2⤵
  PID:8456
- C:\Windows\System\ePQtmzO.exe
  C:\Windows\System\ePQtmzO.exe
  2⤵
  PID:8524
- C:\Windows\System\SrEkxpK.exe
  C:\Windows\System\SrEkxpK.exe
  2⤵
  PID:8508
- C:\Windows\System\ICKxZKP.exe
  C:\Windows\System\ICKxZKP.exe
  2⤵
  PID:8572
- C:\Windows\System\BjxozNk.exe
  C:\Windows\System\BjxozNk.exe
  2⤵
  PID:8700
- C:\Windows\System\HlCfTEs.exe
  C:\Windows\System\HlCfTEs.exe
  2⤵
  PID:8684
- C:\Windows\System\cYmnuWB.exe
  C:\Windows\System\cYmnuWB.exe
  2⤵
  PID:8664
- C:\Windows\System\nGmXXfY.exe
  C:\Windows\System\nGmXXfY.exe
  2⤵
  PID:8792
- C:\Windows\System\aBXIPWL.exe
  C:\Windows\System\aBXIPWL.exe
  2⤵
  PID:8808
- C:\Windows\System\KcIBTGh.exe
  C:\Windows\System\KcIBTGh.exe
  2⤵
  PID:8948
- C:\Windows\System\vrMpeGK.exe
  C:\Windows\System\vrMpeGK.exe
  2⤵
  PID:8968
- C:\Windows\System\kNvGNVg.exe
  C:\Windows\System\kNvGNVg.exe
  2⤵
  PID:8904
- C:\Windows\System\zMRaBhw.exe
  C:\Windows\System\zMRaBhw.exe
  2⤵
  PID:8996
- C:\Windows\System\uOKDmyb.exe
  C:\Windows\System\uOKDmyb.exe
  2⤵
  PID:9016
- C:\Windows\System\tbhfsKw.exe
  C:\Windows\System\tbhfsKw.exe
  2⤵
  PID:9036
- C:\Windows\System\DPedqDA.exe
  C:\Windows\System\DPedqDA.exe
  2⤵
  PID:9052
- C:\Windows\System\pGNTdCc.exe
  C:\Windows\System\pGNTdCc.exe
  2⤵
  PID:9064
- C:\Windows\System\GYCxsbn.exe
  C:\Windows\System\GYCxsbn.exe
  2⤵
  PID:9088
- C:\Windows\System\bDJmbKm.exe
  C:\Windows\System\bDJmbKm.exe
  2⤵
  PID:9104
- C:\Windows\System\OvEzZsj.exe
  C:\Windows\System\OvEzZsj.exe
  2⤵
  PID:9128
- C:\Windows\System\ZeyrTsn.exe
  C:\Windows\System\ZeyrTsn.exe
  2⤵
  PID:9144
- C:\Windows\System\QfUCWjy.exe
  C:\Windows\System\QfUCWjy.exe
  2⤵
  PID:9184
- C:\Windows\System\ufWkIOk.exe
  C:\Windows\System\ufWkIOk.exe
  2⤵
  PID:9204
- C:\Windows\System\hGNEgLG.exe
  C:\Windows\System\hGNEgLG.exe
  2⤵
  PID:8204
- C:\Windows\System\jmquZDy.exe
  C:\Windows\System\jmquZDy.exe
  2⤵
  PID:7508
- C:\Windows\System\OmUIQIT.exe
  C:\Windows\System\OmUIQIT.exe
  2⤵
  PID:8236
- C:\Windows\System\mvHYcAL.exe
  C:\Windows\System\mvHYcAL.exe
  2⤵
  PID:8328
- C:\Windows\System\krGRDer.exe
  C:\Windows\System\krGRDer.exe
  2⤵
  PID:8316
- C:\Windows\System\cLfBRux.exe
  C:\Windows\System\cLfBRux.exe
  2⤵
  PID:8568
- C:\Windows\System\zZmWDUw.exe
  C:\Windows\System\zZmWDUw.exe
  2⤵
  PID:7292
- C:\Windows\System\GoVWuOE.exe
  C:\Windows\System\GoVWuOE.exe
  2⤵
  PID:8648
- C:\Windows\System\NUBHlrz.exe
  C:\Windows\System\NUBHlrz.exe
  2⤵
  PID:8752
- C:\Windows\System\VSQpudo.exe
  C:\Windows\System\VSQpudo.exe
  2⤵
  PID:8852
- C:\Windows\System\SyBQEMd.exe
  C:\Windows\System\SyBQEMd.exe
  2⤵
  PID:8884
- C:\Windows\System\xpfQHfZ.exe
  C:\Windows\System\xpfQHfZ.exe
  2⤵
  PID:8936
- C:\Windows\System\dvqmXhP.exe
  C:\Windows\System\dvqmXhP.exe
  2⤵
  PID:9004
- C:\Windows\System\RLGmMEa.exe
  C:\Windows\System\RLGmMEa.exe
  2⤵
  PID:9048
- C:\Windows\System\TAHUJjQ.exe
  C:\Windows\System\TAHUJjQ.exe
  2⤵
  PID:9084
- C:\Windows\System\Xwefttk.exe
  C:\Windows\System\Xwefttk.exe
  2⤵
  PID:9060
- C:\Windows\System\aeQSrCz.exe
  C:\Windows\System\aeQSrCz.exe
  2⤵
  PID:9124
- C:\Windows\System\fGMRoxL.exe
  C:\Windows\System\fGMRoxL.exe
  2⤵
  PID:7824
- C:\Windows\System\ZKvipxV.exe
  C:\Windows\System\ZKvipxV.exe
  2⤵
  PID:7600
- C:\Windows\System\rCedZZo.exe
  C:\Windows\System\rCedZZo.exe
  2⤵
  PID:8424
- C:\Windows\System\gXJwhbm.exe
  C:\Windows\System\gXJwhbm.exe
  2⤵
  PID:7240
- C:\Windows\System\rcYMPtu.exe
  C:\Windows\System\rcYMPtu.exe
  2⤵
  PID:8492
- C:\Windows\System\cpKAxXv.exe
  C:\Windows\System\cpKAxXv.exe
  2⤵
  PID:8636
- C:\Windows\System\pyqIeHQ.exe
  C:\Windows\System\pyqIeHQ.exe
  2⤵
  PID:4324
- C:\Windows\System\eiRCYKl.exe
  C:\Windows\System\eiRCYKl.exe
  2⤵
  PID:8756
- C:\Windows\System\osHOWrY.exe
  C:\Windows\System\osHOWrY.exe
  2⤵
  PID:8980
- C:\Windows\System\clQAXDE.exe
  C:\Windows\System\clQAXDE.exe
  2⤵
  PID:8872
- C:\Windows\System\oZrFSoh.exe
  C:\Windows\System\oZrFSoh.exe
  2⤵
  PID:9024
- C:\Windows\System\xEaeeUn.exe
  C:\Windows\System\xEaeeUn.exe
  2⤵
  PID:9100
- C:\Windows\System\DfUVunf.exe
  C:\Windows\System\DfUVunf.exe
  2⤵
  PID:8680
- C:\Windows\System\WrDMdZu.exe
  C:\Windows\System\WrDMdZu.exe
  2⤵
  PID:7680
- C:\Windows\System\cZQHqZH.exe
  C:\Windows\System\cZQHqZH.exe
  2⤵
  PID:8408
- C:\Windows\System\bLXgWwu.exe
  C:\Windows\System\bLXgWwu.exe
  2⤵
  PID:8620
- C:\Windows\System\KeBGzPl.exe
  C:\Windows\System\KeBGzPl.exe
  2⤵
  PID:8988
- C:\Windows\System\uVxwUvO.exe
  C:\Windows\System\uVxwUvO.exe
  2⤵
  PID:9120
- C:\Windows\System\sPsJgjS.exe
  C:\Windows\System\sPsJgjS.exe
  2⤵
  PID:9116
- C:\Windows\System\fSDoKdA.exe
  C:\Windows\System\fSDoKdA.exe
  2⤵
  PID:9140
- C:\Windows\System\yGboMWx.exe
  C:\Windows\System\yGboMWx.exe
  2⤵
  PID:8588
- C:\Windows\System\qjPxZZf.exe
  C:\Windows\System\qjPxZZf.exe
  2⤵
  PID:9096
- C:\Windows\System\wNksmLF.exe
  C:\Windows\System\wNksmLF.exe
  2⤵
  PID:9200
- C:\Windows\System\lQCBMMv.exe
  C:\Windows\System\lQCBMMv.exe
  2⤵
  PID:8804
- C:\Windows\System\vvRsZff.exe
  C:\Windows\System\vvRsZff.exe
  2⤵
  PID:8264
- C:\Windows\System\EehGCfW.exe
  C:\Windows\System\EehGCfW.exe
  2⤵
  PID:9044
- C:\Windows\System\wDhjvTx.exe
  C:\Windows\System\wDhjvTx.exe
  2⤵
  PID:9148
- C:\Windows\System\AgrfTjv.exe
  C:\Windows\System\AgrfTjv.exe
  2⤵
  PID:9224
- C:\Windows\System\tMIWutz.exe
  C:\Windows\System\tMIWutz.exe
  2⤵
  PID:9244
- C:\Windows\System\VTPGjDz.exe
  C:\Windows\System\VTPGjDz.exe
  2⤵
  PID:9268
- C:\Windows\System\BgHEygT.exe
  C:\Windows\System\BgHEygT.exe
  2⤵
  PID:9284
- C:\Windows\System\gYXArKl.exe
  C:\Windows\System\gYXArKl.exe
  2⤵
  PID:9304
- C:\Windows\System\vgRYdSN.exe
  C:\Windows\System\vgRYdSN.exe
  2⤵
  PID:9332
- C:\Windows\System\ntlpJma.exe
  C:\Windows\System\ntlpJma.exe
  2⤵
  PID:9360
- C:\Windows\System\lcAFbck.exe
  C:\Windows\System\lcAFbck.exe
  2⤵
  PID:9376
- C:\Windows\System\oxdQEfY.exe
  C:\Windows\System\oxdQEfY.exe
  2⤵
  PID:9400
- C:\Windows\System\ikgMewI.exe
  C:\Windows\System\ikgMewI.exe
  2⤵
  PID:9416
- C:\Windows\System\iUYsSjE.exe
  C:\Windows\System\iUYsSjE.exe
  2⤵
  PID:9436
- C:\Windows\System\eaTEESB.exe
  C:\Windows\System\eaTEESB.exe
  2⤵
  PID:9456
- C:\Windows\System\XXNWJrV.exe
  C:\Windows\System\XXNWJrV.exe
  2⤵
  PID:9480
- C:\Windows\System\TjQbvRX.exe
  C:\Windows\System\TjQbvRX.exe
  2⤵
  PID:9496
- C:\Windows\System\AkyQfUY.exe
  C:\Windows\System\AkyQfUY.exe
  2⤵
  PID:9512
- C:\Windows\System\LzCLyYj.exe
  C:\Windows\System\LzCLyYj.exe
  2⤵
  PID:9540
- C:\Windows\System\RKfTaDU.exe
  C:\Windows\System\RKfTaDU.exe
  2⤵
  PID:9556
- C:\Windows\System\giOGwZN.exe
  C:\Windows\System\giOGwZN.exe
  2⤵
  PID:9576
- C:\Windows\System\LtghpJm.exe
  C:\Windows\System\LtghpJm.exe
  2⤵
  PID:9596
- C:\Windows\System\kdmrgWQ.exe
  C:\Windows\System\kdmrgWQ.exe
  2⤵
  PID:9616
- C:\Windows\System\tvDJHdM.exe
  C:\Windows\System\tvDJHdM.exe
  2⤵
  PID:9632
- C:\Windows\System\FtjTbzG.exe
  C:\Windows\System\FtjTbzG.exe
  2⤵
  PID:9652
- C:\Windows\System\BPqkvwX.exe
  C:\Windows\System\BPqkvwX.exe
  2⤵
  PID:9676
- C:\Windows\System\GqLOuMZ.exe
  C:\Windows\System\GqLOuMZ.exe
  2⤵
  PID:9692
- C:\Windows\System\htDuZmE.exe
  C:\Windows\System\htDuZmE.exe
  2⤵
  PID:9716
- C:\Windows\System\hiWjjQr.exe
  C:\Windows\System\hiWjjQr.exe
  2⤵
  PID:9736
- C:\Windows\System\LBZWxIR.exe
  C:\Windows\System\LBZWxIR.exe
  2⤵
  PID:9756
- C:\Windows\System\RSXCyBb.exe
  C:\Windows\System\RSXCyBb.exe
  2⤵
  PID:9772
- C:\Windows\System\WbmkrqR.exe
  C:\Windows\System\WbmkrqR.exe
  2⤵
  PID:9796
- C:\Windows\System\AqFtLAJ.exe
  C:\Windows\System\AqFtLAJ.exe
  2⤵
  PID:9812
- C:\Windows\System\KkFTsso.exe
  C:\Windows\System\KkFTsso.exe
  2⤵
  PID:9836
- C:\Windows\System\fvtovQW.exe
  C:\Windows\System\fvtovQW.exe
  2⤵
  PID:9856
- C:\Windows\System\WsRCZqz.exe
  C:\Windows\System\WsRCZqz.exe
  2⤵
  PID:9876
- C:\Windows\System\dpdwUzO.exe
  C:\Windows\System\dpdwUzO.exe
  2⤵
  PID:9896
- C:\Windows\System\oGTtcfv.exe
  C:\Windows\System\oGTtcfv.exe
  2⤵
  PID:9920
- C:\Windows\System\nNqjKlP.exe
  C:\Windows\System\nNqjKlP.exe
  2⤵
  PID:9940
- C:\Windows\System\AfdEVcO.exe
  C:\Windows\System\AfdEVcO.exe
  2⤵
  PID:9960
- C:\Windows\System\BPrVkoL.exe
  C:\Windows\System\BPrVkoL.exe
  2⤵
  PID:9980
- C:\Windows\System\Ywkxfrn.exe
  C:\Windows\System\Ywkxfrn.exe
  2⤵
  PID:10000
- C:\Windows\System\DYxnqon.exe
  C:\Windows\System\DYxnqon.exe
  2⤵
  PID:10016
- C:\Windows\System\sMQyVHS.exe
  C:\Windows\System\sMQyVHS.exe
  2⤵
  PID:10040
- C:\Windows\System\QINVLUZ.exe
  C:\Windows\System\QINVLUZ.exe
  2⤵
  PID:10064
- C:\Windows\System\BSgZGXq.exe
  C:\Windows\System\BSgZGXq.exe
  2⤵
  PID:10080
- C:\Windows\System\MIemVLo.exe
  C:\Windows\System\MIemVLo.exe
  2⤵
  PID:10096
- C:\Windows\System\pDOSrPa.exe
  C:\Windows\System\pDOSrPa.exe
  2⤵
  PID:10124
- C:\Windows\System\sBscULE.exe
  C:\Windows\System\sBscULE.exe
  2⤵
  PID:10144
- C:\Windows\System\nYNpcsv.exe
  C:\Windows\System\nYNpcsv.exe
  2⤵
  PID:10160
- C:\Windows\System\gnhLGqU.exe
  C:\Windows\System\gnhLGqU.exe
  2⤵
  PID:10176
- C:\Windows\System\KePAiDz.exe
  C:\Windows\System\KePAiDz.exe
  2⤵
  PID:10192
- C:\Windows\System\qAgzXiq.exe
  C:\Windows\System\qAgzXiq.exe
  2⤵
  PID:10208
- C:\Windows\System\DMyWaNO.exe
  C:\Windows\System\DMyWaNO.exe
  2⤵
  PID:10232
- C:\Windows\System\hAAmybY.exe
  C:\Windows\System\hAAmybY.exe
  2⤵
  PID:7716
- C:\Windows\System\cGGJmGG.exe
  C:\Windows\System\cGGJmGG.exe
  2⤵
  PID:9264
- C:\Windows\System\dgkMGik.exe
  C:\Windows\System\dgkMGik.exe
  2⤵
  PID:9240
- C:\Windows\System\VDjkvdH.exe
  C:\Windows\System\VDjkvdH.exe
  2⤵
  PID:9232
- C:\Windows\System\TebuyII.exe
  C:\Windows\System\TebuyII.exe
  2⤵
  PID:9312
- C:\Windows\System\YuUsVqe.exe
  C:\Windows\System\YuUsVqe.exe
  2⤵
  PID:9348
- C:\Windows\System\YRwEBkX.exe
  C:\Windows\System\YRwEBkX.exe
  2⤵
  PID:9392
- C:\Windows\System\yFXOZUh.exe
  C:\Windows\System\yFXOZUh.exe
  2⤵
  PID:9412
- C:\Windows\System\srsGsjA.exe
  C:\Windows\System\srsGsjA.exe
  2⤵
  PID:9452
- C:\Windows\System\sTadmIB.exe
  C:\Windows\System\sTadmIB.exe
  2⤵
  PID:9508
- C:\Windows\System\sLdmCbz.exe
  C:\Windows\System\sLdmCbz.exe
  2⤵
  PID:9536
- C:\Windows\System\RIzzUDA.exe
  C:\Windows\System\RIzzUDA.exe
  2⤵
  PID:9572
- C:\Windows\System\DXsYJMs.exe
  C:\Windows\System\DXsYJMs.exe
  2⤵
  PID:9592
- C:\Windows\System\rBEeDBi.exe
  C:\Windows\System\rBEeDBi.exe
  2⤵
  PID:9644
- C:\Windows\System\VrHEHOB.exe
  C:\Windows\System\VrHEHOB.exe
  2⤵
  PID:9352
- C:\Windows\System\tqaeNca.exe
  C:\Windows\System\tqaeNca.exe
  2⤵
  PID:9688
- C:\Windows\System\NnwncHn.exe
  C:\Windows\System\NnwncHn.exe
  2⤵
  PID:9712
- C:\Windows\System\CfxvbkT.exe
  C:\Windows\System\CfxvbkT.exe
  2⤵
  PID:9752
- C:\Windows\System\ZwaxLYs.exe
  C:\Windows\System\ZwaxLYs.exe
  2⤵
  PID:9792
- C:\Windows\System\ysSTQmM.exe
  C:\Windows\System\ysSTQmM.exe
  2⤵
  PID:9832
- C:\Windows\System\jvdSQdX.exe
  C:\Windows\System\jvdSQdX.exe
  2⤵
  PID:9864
- C:\Windows\System\kQQdgBF.exe
  C:\Windows\System\kQQdgBF.exe
  2⤵
  PID:9908
- C:\Windows\System\wEHCBEW.exe
  C:\Windows\System\wEHCBEW.exe
  2⤵
  PID:9932
- C:\Windows\System\DjPPKvB.exe
  C:\Windows\System\DjPPKvB.exe
  2⤵
  PID:9968
- C:\Windows\System\qENgZGY.exe
  C:\Windows\System\qENgZGY.exe
  2⤵
  PID:9992
- C:\Windows\System\dEdJDtb.exe
  C:\Windows\System\dEdJDtb.exe
  2⤵
  PID:10032
- C:\Windows\System\yYssBCz.exe
  C:\Windows\System\yYssBCz.exe
  2⤵
  PID:10048
- C:\Windows\System\BvyyzRi.exe
  C:\Windows\System\BvyyzRi.exe
  2⤵
  PID:10088
- C:\Windows\System\UcFNHBg.exe
  C:\Windows\System\UcFNHBg.exe
  2⤵
  PID:10092
- C:\Windows\System\ccukIhP.exe
  C:\Windows\System\ccukIhP.exe
  2⤵
  PID:10156
- C:\Windows\System\nVCYKCC.exe
  C:\Windows\System\nVCYKCC.exe
  2⤵
  PID:10188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACgQdwP.exe

Filesize
6.0MB

MD5
9c546b97575b133de602271e2c8f4894

SHA1
6735cbcf6a1f3d68f1d564186f2e391d476358a9

SHA256
919256880543e956a9045f89ef475733782243f09fe39755e94b7dece8833ecc

SHA512
42a7b4a9ee3beacf4c938ede7a809f7cfcf3822eeb337e637a9686e8c622111304cbc8f8fae9ed07d1789c385e7c8d3437e952a5838a8118021c5b576f0e9529

Download Submit
C:\Windows\system\BSuPsBv.exe

Filesize
6.0MB

MD5
504438a2a7406d37296e9ea3ce165e76

SHA1
ff0bb5e003b0f70a82f921e3f41cb900ceafa264

SHA256
cfb72b0e17c56c28b5430e198e40889b296277a6e24f18dc1e19eb740d590179

SHA512
582226494cfad4c31a1f2c6f40efdfe2033c23ceddf89a496f06ceb3fe08cb18209190d8bbcdea9f9e5031da3feb2bef1e36b173571f68a2d1ff572570aa7080

Download Submit
C:\Windows\system\CVgnzEl.exe

Filesize
6.0MB

MD5
42ad08d57d3a729f27d387efcb13005a

SHA1
77297804b7f3c27a042c30135ed80eb0eb10da0c

SHA256
8685307e0d55d59472c74ade7cbccb86311178041c6b14dbbe716e758d6e30ea

SHA512
e532d5b86d2bc21a78a97f45dd9c8db970968aa356902d257c1ae3f67811d24053a55fafff525eb68a3b2bd01de2e59f6d84becea5bf8df725d1f858ee7de6a8

Download Submit
C:\Windows\system\DsrNxuL.exe

Filesize
6.0MB

MD5
60e1a3c78b3673c8c1015b085855c09f

SHA1
11bdfd9fcfaa5c6279602387634986c638d83dc1

SHA256
50b9e022206a12dd5192532ce6950a163366dd8e8fc1a3fb17bef1e39d4ae68b

SHA512
ae650c685e9e8b31cd74ab3a482a5c3511287063fc17d9c34ee2ff415217e79c7b7d8b61082a1075eb8a5df68cacf66babd6504702877db33da987e38820e498

Download Submit
C:\Windows\system\EGJlQPj.exe

Filesize
6.0MB

MD5
01dcf4310c17116fbfec2516c246b880

SHA1
40a4cf0781e90af975f89deb27c0af14075b5268

SHA256
5663bf7ce4a000fb817515cfa35204a5199f9528b4da6e55e1021b38faf1b4f9

SHA512
ece68e82e4031efa206882303f4b26695637838d2f63e92a32ad67d990d0a93642620246dad9c5d435d86ec09bbf590f05795360de9474a0a4885b924a02efb5

Download Submit
C:\Windows\system\GewlsZy.exe

Filesize
6.0MB

MD5
13ffb7f7b2f2fbd36d45b795339764f7

SHA1
73747a36a87aa1d05fd010db5c853a9c59f41239

SHA256
d43080b176fbc47e2ea5908ecda1f9e694b36cfc3736f183c702db838c6eb58a

SHA512
8a2412a0fdf4029a26fa8fadc30c85e852098f29ca51d730870007d69d9af3989d495b1bf8977e3b9ece26d6b35e5471a86384e811fc035b1b67fa98d9cfd975

Download Submit
C:\Windows\system\HcdTlqr.exe

Filesize
6.0MB

MD5
044d8a91fceceb77aeabc6f53a8dace3

SHA1
48715e4b8164c6c01a751e674245520477c936b6

SHA256
0af2de39c9a1f4a04a8516f2e876f36789d393a3430faea8406d9a3460cfbc13

SHA512
e7432652206d342f9d66e03541ad8cc18cdfa4ac2308ed0e16eb779b03cc1e8ba412543e68f2758a4781f5aae85e2db75ab58a1cac09f4c6f2dc73c0a85e1131

Download Submit
C:\Windows\system\HgByaOh.exe

Filesize
6.0MB

MD5
829eeee3a73c043ba140ea56787678f4

SHA1
4bab828f737d9199533c69880c3fe07a6ff620ae

SHA256
aaac3a1ee65ea8f84ab64f2f379ca01113798bc971957c76b89ffbac4941c93e

SHA512
071789e09d57b85526508e034c17660e167bbc4cfabd855ab162fed1d52c9a3e7790a3ff39df551fc1a6e908b495cbeafd44c677b722447e03273ac1c0d57ce7

Download Submit
C:\Windows\system\JFiQoQS.exe

Filesize
6.0MB

MD5
d521ccace8d433ca45b794c0fbbb4fda

SHA1
61a381f0e3abf6c7c29ac28032bea764a09860fe

SHA256
0cae273a849681e075a6da7073a590932c10f9fa540658eb9a75847824e51f76

SHA512
8ae3bd3ddeb7091fbbe412e186ac70edf5e2003547e4839d3d94fde82581b2744d7521a127c5632540e61aaf1d02db362012fa65e7751b908c60313a4a22f2d5

Download Submit
C:\Windows\system\JquXxad.exe

Filesize
6.0MB

MD5
08fb6d7bac5e208e6119268cb7b0aa9f

SHA1
10c18093e1c6c4c633d0f68782b04b901220fed4

SHA256
36a4da8ce4fe045d53a9febd15efc1323f3ead49f69308b8d67ec51ab33c7d06

SHA512
1e5eaa4597ef2ada00a3d234e5ca83625ea358c0ab41348b13e085ebf8f183f157c9dcc6f30274b6b07f8c9cf6d35156050630e96e80fe9c2fe24d42c8bf8bcc

Download Submit
C:\Windows\system\KYbmgya.exe

Filesize
6.0MB

MD5
73a1aa69dba41c1317d7e7183aa40497

SHA1
a8249811802eec5d9cbd1873064592a0e9f311d6

SHA256
d9d503d7e17316ce9ae195740829bc4c2dbef1a6e9681f802888ee05a53ded76

SHA512
941508f9add0e45941609322a47360acd213488ece8c897ae75ad2359227b0589fe8703410aac5d01bcd56986a8bb082b0c4b48308f350d486e658abc5d0eeff

Download Submit
C:\Windows\system\OVOdTvx.exe

Filesize
6.0MB

MD5
80bb04ea0694a7cacdf4aa671c173d78

SHA1
64a5f120ea580e4c0d25b1e8a4087a7ccc3e49e3

SHA256
0183c87636db58c9d740abbb8caf5dfbc800efb23e945573e746e8ab593c9fb0

SHA512
9d9101ef53344bd4dc7531530b2c6949ed28f8e3b0acd71f7178b2f7193da0e2455c06a5c2e1ce43da89ef8bbc11e29fb1acccb6fe664b92c8b1cef5b45435cd

Download Submit
C:\Windows\system\RFmVult.exe

Filesize
6.0MB

MD5
4c6479e1325c7d56e3a1c6d8b8fc13a8

SHA1
39f2523ef622996e84776b7c794f133dfb4c7232

SHA256
fb6ac081d30fda24002d76c72399c3ec66206a694b52a6242577be215b6925b7

SHA512
16dfcea442adb546c214463be698508d40e47446af1f01e0ef24eb607496726dd3080cca0b7e7cf5fc3ccf28ee68ef9760182824132be330f182e8d46f8519a9

Download Submit
C:\Windows\system\ZuroyYK.exe

Filesize
6.0MB

MD5
5c9049cdd84bc84c520cc3e1f98959fa

SHA1
f7f0a4674102d126e3322b4f32a6ff1fea770737

SHA256
df41d2ef669aeb984b5d1ed7275488ce2131eb2b21898d83b415012806ed53c5

SHA512
9ac845942d8cc19fc3f227624bc305e7732437ef7b0b719b39c3a0ac54fa191f2ef12f2b5929deb23b82338d51ea486006691027698eb91a97322921e984218a

Download Submit
C:\Windows\system\axaKJzC.exe

Filesize
6.0MB

MD5
7bebe2cf90418a84bc5fc4b30099d4d2

SHA1
1d46299527c4dfd8c34a3856d24028c2f0155d99

SHA256
f75ad58388440bab0748bb411d3aed18b8c71629c4c14621276dd3ccc71d1af3

SHA512
6fab5e26ff25afda27bc1def5e7e4ca32a991a9dd9de21cd42f21ef1e01d5dc630adcbad1409c2429c139e801ef48c3bb05ac6515dc8e0848d67b984780a78f0

Download Submit
C:\Windows\system\fUIJumA.exe

Filesize
6.0MB

MD5
cd1d5fe52e661234fc78509bec5bd1b9

SHA1
dd673f4b354f82c39dec5b1a2a5840f1cdec3c68

SHA256
a2654188528266de0883d432d1c643b0ebfbe8ae0f3a5582e7c3eb7db6d4f012

SHA512
0e78bdd710e8869cdf0b27de24427443ec42530272636a86729232f3646c7d3d062ec1aae38c5f93e9f0de0f83943ea249ef66b2423df962c16aa4aaeec12b87

Download Submit
C:\Windows\system\hcIduBn.exe

Filesize
6.0MB

MD5
0ef3ffeae4ebc0877eb9327f394ed8a8

SHA1
448fe5b9d8f3a654d0bd44bb2fe4592322c8abd1

SHA256
0ddde47f3041d4435534b11a4b4cf343647be4a8d3574a4980eaf8a3ca461a3a

SHA512
132ccbec0ee29660e50191868bf2cc3b3b2ed357f44d64cd0b060876b4dc222ef8f78f9bd7380f0b3d405a066fab87ea0e4c4d6cc310e4e78c9c495c97e9efb5

Download Submit
C:\Windows\system\iNzsWnW.exe

Filesize
6.0MB

MD5
4d05e6d94aa92236327ca705b3d4bb92

SHA1
140da1256ee1877fba14f93ce25f6347b92abca7

SHA256
8b91adee7489d4448b771ecf5d6612558a9178619df831fd0b64ebc082f77cd5

SHA512
2e8c0f665382ac995d8ba7f65add1be3e12e60eb0604af0ca3605f4db31a40e644c0c6cf8f09c94e5cc24f212fcd3f69d79f028faf0d96b881b6bb10664e15af

Download Submit
C:\Windows\system\ikjZviS.exe

Filesize
6.0MB

MD5
be8bee187737e88d585f43453b966dd6

SHA1
73938854a20f1cc9851ba90e658db0bd1b81193f

SHA256
abaa3d63f07928ea50ae52693bc1b10efde6ad0a340acf398a597aa3ce24b3d6

SHA512
8644bb8baaae899074f66d498775f3a2bc29a55929078d4bffde45d8e221de02c296f291efff82c87f04f9a1c288585e8c05c3026818dbacf42583122fd6efc3

Download Submit
C:\Windows\system\mhdSbHN.exe

Filesize
6.0MB

MD5
b310e9caf20d2b5db6ab2baa4ea735a1

SHA1
eb010dab73c14da8b1c15c40da31e2c383cabece

SHA256
d012db39c427685fee79382d786d46d16c6da80deeb0cbfa1bdd90d121b7a1ec

SHA512
dc2b602dfbf25504a870e8a88537522cc70bf0b0024f543d39b861d8dbbcab8b378a701b60c61a8aebe96f7450f24b2eb0330b705c1774f977a96b9aa9a73029

Download Submit
C:\Windows\system\nFyWHME.exe

Filesize
6.0MB

MD5
4e523c3cf93d2ec41532d70d36f63297

SHA1
7c084b1a3aede89218dd121a910c3e94263dea4b

SHA256
f3a955562debd91cdc7dbc5c0ff843aaf3fc941da9b70d6c32750d86012b0fc0

SHA512
81342efb1a24041a0384f3ae11e4b4a586d45af194c32a260f4013980e68775ec282a0f9d9ee8f63acaf8f6f702b89d7fedd87df7f1e680498a9a55610b9d5e0

Download Submit
C:\Windows\system\rNTaUXH.exe

Filesize
6.0MB

MD5
8b685b2e322ef54cbbbf18ae3c5cd1fd

SHA1
a7153f7b581ec570eedb8181f33323b3ba139990

SHA256
a2afcf7a0c78fc37cc5aca2e550d9ea144e2c7f5d5afe3a782959699024584ab

SHA512
ddae7e47bf1778cf7fcfafcea4e68708b1fbe911aef0905dcc4dc14f660c9afbd9ae3e16b274e53b7cc48cf653fbedefe4e8e92a5764a81bb54bcfafa1c69453

Download Submit
C:\Windows\system\taevMwt.exe

Filesize
6.0MB

MD5
3dc5a8b9404b8477a480866fc6ac8e3c

SHA1
bc3a642bb2e2ab8a69f1d8de32c3ce857767aa79

SHA256
2764419002a37304d26a9f6ee13a411d7362666ff36f73ddad3fd8a32468bfaf

SHA512
e23ddd9fec953e22109b947e3b131dcd074e0e83f9b3460a9d9ad0e1f36cf8344786804ae10b483c69228beecdc04102a7e7f3e5d8d62f836ee3c6bd99ca49ca

Download Submit
C:\Windows\system\tjrMfOy.exe

Filesize
6.0MB

MD5
594e2b2cf6e907f18d38ee3bd07f3e2e

SHA1
2ebb7af724736ccb8ee9aaf77d97b53aade7b2d8

SHA256
d2e370e1eb14d85b1ecd88675777fc934f3c1a1a1021c0c9dbab3972290960b5

SHA512
a08ca0529a2eeac906dcec755ae3aaeb7bc34d2c22e6d2565405adb9d44b1e0fbd6dfcf923f5751b1453e880fc8d0b432ca423eaf35202d12060ae62b4e47f48

Download Submit
\Windows\system\SNqQOvb.exe

Filesize
6.0MB

MD5
0cc86c3c896a490be443fe457123d98b

SHA1
b9d35a61b5b00f966067d82bed2a27a578ca44e4

SHA256
51cde3dc991e20a002a6389184c5b1455ca697657d62a8acc66f0a3d7b5da7b4

SHA512
7679b3cc1906723a2563314b9b8c9767935772f63dd15211fe4fd56ae2cf9f5bca56b39b39a7912d1d7d2e2585ba2c783bb0b0b4abba84f203dc0204274edb2e

Download Submit
\Windows\system\SqTsTiS.exe

Filesize
6.0MB

MD5
4e9941b309025bdb5511fbc86938cd88

SHA1
19e5b8366b4dcf55e674f6afe0e4893fecccf0c1

SHA256
a0dde9dde50dc11fc54a0718e89de14391a10845d84a68ce96fee8cf8573fe1f

SHA512
7696d1a343c09fd1f10b325aa68488f2782e1e37fb8f37c0e017c8ad51a1179e92c71bd6e2f9a215842101202f097e194fabcf3b9685af929f34b130d941c64c

Download Submit
\Windows\system\fzyuxNa.exe

Filesize
6.0MB

MD5
eb3c6b526797ffe559c020e28e8fb50f

SHA1
d1102668c0fe2eda4019fef2ccef6504a9d68e45

SHA256
ada973af49369cc543a29421b91a679a923a7cff3729bb8f15b0ab6748ddddf1

SHA512
a100e427ea802feec8a8a483e59e9b13a75fa7e344cdea13f8dc693875a627dbaf21065dec7c98164722bbb3ff2196a053b2787cba28be0f5dd577abb9612313

Download Submit
\Windows\system\kxMyBtm.exe

Filesize
6.0MB

MD5
83d74f892d86d393a1e9ede01faafe17

SHA1
bafebd483f2c51ec684774645a738d8813f275ef

SHA256
41f6b1e79c310dc48148328ead6706f452cccab5095475fddfdd8311e62cf508

SHA512
6b35a588c38c3a281dcf69474572fbd43b419f8d1998eefdad70df9762f3434bb6fe0c34f9a1d70131455e38000b02ce1ae642ea0a0308270f13b9ab236eea47

Download Submit
\Windows\system\luWCPRD.exe

Filesize
6.0MB

MD5
e081d0f8561eb693d416f92b32723920

SHA1
e6990d3dcd58589f2d7df796f17de466d1c475e8

SHA256
5d163643e4d6bded44175a2a8a2a48d08278cd358d78d8f2e5768c5786bb7e6f

SHA512
595ee7c768b276e5ad0490149d2f5758abca68a28581774ce1e2d51a633cff4899c7d86e0777c1b8360ca693a228ece30c65ef59c24859910d65f01e5e416458

Download Submit
\Windows\system\njgDevx.exe

Filesize
6.0MB

MD5
b5c4c7ef2efc30536f73948816e46c14

SHA1
d9de4caee76b23b248688900df30dbf42cf28457

SHA256
c5c98d97ff1a092b45d231d70895311fc9c571598f31fff396dbb8efc29ddaac

SHA512
bdcee2dc01d807aaa2ece7b859962c4523a2a0409fed10d615527b96898d8b37b8478b60f712c88290adb9f9776d2293b27c789846640328f2d31ac51cc1dc64

Download Submit
\Windows\system\rCNczYT.exe

Filesize
6.0MB

MD5
4c169c3181ea0dbdcd05c01940b20921

SHA1
5044236304d2c55b62df16052e72022f722a9877

SHA256
d61696d3571c6d0a5a40ef6a39a26aeb4660ca26b429eef67874a9206708c1d8

SHA512
94c68d7c271519561be7303077bc374e833dcb318e229001e7351dce178f760d259bc852d50fd670df08080eb607784a58456ded2ec9467a7058ee901025c231

Download Submit
\Windows\system\sIUGbPu.exe

Filesize
6.0MB

MD5
3ff9f27b1f6bc4e463654c0b69e836b7

SHA1
9fd97dc3d792c69c7cdfc24f331b0fba193c195e

SHA256
07bef2845152585513dc2f8f021e3a241fc59177d0dc1115d190446c4441cb62

SHA512
2ea69df0a95f29afccab5509ece4434dd3ed5045b28d6afb050e05f458f20bc9151c217f9e1ff8b6f469464fb864fb4a5afb0a0c816f81f98ef6b987b7012bc8

Download Submit
memory/1232-92-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1232-605-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1412-105-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1412-909-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1776-87-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1776-381-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1872-4067-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1872-193-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1872-81-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1928-3532-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1928-14-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1928-62-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2304-79-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2304-737-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2304-1863-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2304-7-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2304-102-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2304-97-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2304-111-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2304-113-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2304-57-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2304-48-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2304-56-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2304-43-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2304-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2304-66-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2304-85-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2304-0-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2304-497-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2304-31-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2304-298-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2304-50-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2304-18-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-15-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2340-91-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-58-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3752-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-76-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-22-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3625-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-37-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3606-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-75-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2852-101-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3749-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2888-64-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3808-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-93-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-49-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3632-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2988-12-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3531-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2996-3637-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2996-51-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3621-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-47-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-78-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download