cobaltstrike | e605f46261831b80dd6790c5c240f781bee89d1a366a49d7c148a25c1209eff0

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ae27cf6a13b1493238b71ae45ec69702
SHA1

c753d17341d41e09970efe7d5687d7268eaf44d9
SHA256

e605f46261831b80dd6790c5c240f781bee89d1a366a49d7c148a25c1209eff0
SHA512

9e05180ac58a9cab82f3e86ba87936ab290a487339eb4e9cd3b35345d3c587d93cdd2501037fd5efb401affc0bd3f51f24bd78db1a3edb37b5bb99f28a07fde4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000162e9-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016458-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658d-23.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000015e9a-39.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660b-33.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000167e3-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2c-58.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019326-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019394-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a0-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b8-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019470-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-201.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-197.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019480-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c7-116.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2740-2-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-3.dat	xmrig
behavioral1/memory/2860-10-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x00080000000162e9-14.dat	xmrig
behavioral1/memory/2756-15-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2740-6-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016458-12.dat	xmrig
behavioral1/files/0x000700000001658d-23.dat	xmrig
behavioral1/memory/2904-28-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2792-22-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0014000000015e9a-39.dat	xmrig
behavioral1/memory/2860-41-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2656-43-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2684-35-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2740-34-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000900000001660b-33.dat	xmrig
behavioral1/memory/2756-46-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2792-47-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2904-48-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2684-49-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2656-52-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x00090000000167e3-53.dat	xmrig
behavioral1/memory/2740-56-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d2c-58.dat	xmrig
behavioral1/memory/2108-61-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/1180-71-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-70.dat	xmrig
behavioral1/memory/2620-69-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019326-72.dat	xmrig
behavioral1/memory/548-79-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019394-86.dat	xmrig
behavioral1/memory/2112-94-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2108-92-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/1524-85-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001932a-84.dat	xmrig
behavioral1/memory/3012-101-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a0-99.dat	xmrig
behavioral1/memory/2740-97-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/memory/1180-102-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b8-103.dat	xmrig
behavioral1/files/0x0005000000019470-119.dat	xmrig
behavioral1/files/0x0005000000019490-140.dat	xmrig
behavioral1/files/0x00050000000194eb-150.dat	xmrig
behavioral1/files/0x000500000001950f-161.dat	xmrig
behavioral1/files/0x0005000000019547-171.dat	xmrig
behavioral1/files/0x000500000001957c-176.dat	xmrig
behavioral1/files/0x00050000000195a7-181.dat	xmrig
behavioral1/files/0x00050000000195af-201.dat	xmrig
behavioral1/files/0x00050000000195ad-197.dat	xmrig
behavioral1/memory/3012-322-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ab-191.dat	xmrig
behavioral1/files/0x00050000000195a9-186.dat	xmrig
behavioral1/files/0x0005000000019515-166.dat	xmrig
behavioral1/memory/1524-157-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-155.dat	xmrig
behavioral1/files/0x00050000000194a3-145.dat	xmrig
behavioral1/files/0x000500000001948c-135.dat	xmrig
behavioral1/files/0x0005000000019489-130.dat	xmrig
behavioral1/files/0x0005000000019480-125.dat	xmrig
behavioral1/files/0x00050000000193c7-116.dat	xmrig
behavioral1/memory/1572-113-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/548-110-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2756-1103-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2904-1160-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2860	CmEExOw.exe
2756	SvxIhsd.exe
2792	KmKPLwU.exe
2904	QOIATCW.exe
2684	clPbuum.exe
2656	uuYVLFW.exe
2108	HcTVSiR.exe
2620	uQUmVtj.exe
1180	auFjltv.exe
548	XTNNTGx.exe
1524	DrufJRU.exe
2112	ELoeDbx.exe
3012	citMWGY.exe
1572	gCKWRmu.exe
2988	FvwykHx.exe
2936	xiRihzx.exe
2888	SklbtYk.exe
2416	DqdXZQu.exe
1992	frdhbbD.exe
2136	bLddgEW.exe
672	rNCLnDc.exe
2148	bzFFhJC.exe
2160	moEhIxZ.exe
1924	flasJxR.exe
2392	iykRLrE.exe
2004	aymQrul.exe
2500	RDKRbqN.exe
2192	lqBTtZF.exe
1608	GefRjti.exe
2064	ZDvyRBc.exe
1672	xSHhuhS.exe
2524	UrkInIO.exe
856	tsWcdwy.exe
2536	XbzxYQV.exe
1660	ZRtthGC.exe
2092	YwYmkwh.exe
2556	CSaQlXn.exe
788	Jpwmpdy.exe
640	QOwDbkz.exe
908	PCWyXeJ.exe
2540	fUfnKcy.exe
2312	RAUOvwD.exe
1800	UisxPPk.exe
1548	nWTcatg.exe
2300	gJkkVez.exe
1832	uDcrGrw.exe
812	RyPOUwl.exe
1808	mlTCHlG.exe
1504	daECWvc.exe
1252	NfaHfKo.exe
744	EMqrZEH.exe
1592	vSqXDPv.exe
1688	zKvjHGY.exe
2456	piiKRCX.exe
2248	gCJIhQL.exe
2664	ZXWjKbV.exe
2752	bNQqBet.exe
2768	hbbujlq.exe
2700	QqrBBlj.exe
3068	sMyLiue.exe
1736	UKYcCsX.exe
2708	VgtXNAe.exe
2252	dVspfXg.exe
2828	UiuHKsq.exe

Loads dropped DLL 64 IoCs

pid	Process
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2740-2-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000c000000012262-3.dat	upx
behavioral1/memory/2860-10-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x00080000000162e9-14.dat	upx
behavioral1/memory/2756-15-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0007000000016458-12.dat	upx
behavioral1/files/0x000700000001658d-23.dat	upx
behavioral1/memory/2904-28-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2792-22-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0014000000015e9a-39.dat	upx
behavioral1/memory/2860-41-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2656-43-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2684-35-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2740-34-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000900000001660b-33.dat	upx
behavioral1/memory/2756-46-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2792-47-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2904-48-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2684-49-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2656-52-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x00090000000167e3-53.dat	upx
behavioral1/memory/2740-56-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0007000000016d2c-58.dat	upx
behavioral1/memory/2108-61-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/1180-71-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0002000000018334-70.dat	upx
behavioral1/memory/2620-69-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0005000000019326-72.dat	upx
behavioral1/memory/548-79-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0005000000019394-86.dat	upx
behavioral1/memory/2112-94-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2108-92-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/1524-85-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x000500000001932a-84.dat	upx
behavioral1/memory/3012-101-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x00050000000193a0-99.dat	upx
behavioral1/memory/1180-102-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x00050000000193b8-103.dat	upx
behavioral1/files/0x0005000000019470-119.dat	upx
behavioral1/files/0x0005000000019490-140.dat	upx
behavioral1/files/0x00050000000194eb-150.dat	upx
behavioral1/files/0x000500000001950f-161.dat	upx
behavioral1/files/0x0005000000019547-171.dat	upx
behavioral1/files/0x000500000001957c-176.dat	upx
behavioral1/files/0x00050000000195a7-181.dat	upx
behavioral1/files/0x00050000000195af-201.dat	upx
behavioral1/files/0x00050000000195ad-197.dat	upx
behavioral1/memory/3012-322-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x00050000000195ab-191.dat	upx
behavioral1/files/0x00050000000195a9-186.dat	upx
behavioral1/files/0x0005000000019515-166.dat	upx
behavioral1/memory/1524-157-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-155.dat	upx
behavioral1/files/0x00050000000194a3-145.dat	upx
behavioral1/files/0x000500000001948c-135.dat	upx
behavioral1/files/0x0005000000019489-130.dat	upx
behavioral1/files/0x0005000000019480-125.dat	upx
behavioral1/files/0x00050000000193c7-116.dat	upx
behavioral1/memory/1572-113-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/548-110-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2756-1103-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2904-1160-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2684-1164-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2656-1221-0x000000013F040000-0x000000013F394000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dFwAXMa.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXDDOyK.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgPNhTU.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVAhDJI.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPVRzIw.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jqrmzmq.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLuBUvC.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBBonxH.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnsTUOY.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhxetwW.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfmNCNr.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzfwvPR.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvigqvA.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKOBpOo.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVtXtah.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpOGWHV.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTmCObO.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvoDOMs.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huBxIJB.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHBtHWv.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMCPunI.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXtWFPM.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzybsdV.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHQuGYl.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvAigkN.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXKyEbe.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UESYECw.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKoSOgw.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivmuoXB.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCTALDN.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onxFyxE.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwfnIvd.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dorcVwE.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLddgEW.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jpwmpdy.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntCXJwM.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZtEveh.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPZmAfZ.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZEMvDz.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrEhmSN.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMAcnbe.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLixGRH.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeEgJcV.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbDFupi.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqJTpTx.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfdPQsu.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilOKnsL.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIqYoqW.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZEAJyz.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcdAava.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQVcwDB.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQjrexb.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZWFVbh.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPWfuZc.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aECdxeB.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJGuUrI.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRacPgw.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahNXsqM.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqrBBlj.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypzxtVd.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtLPiTi.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gclvkJZ.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azrRHBE.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoDvYpF.exe	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4352	epJping.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2860	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2740 wrote to memory of 2860	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2740 wrote to memory of 2860	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2740 wrote to memory of 2756	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2740 wrote to memory of 2756	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2740 wrote to memory of 2756	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2740 wrote to memory of 2792	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2740 wrote to memory of 2792	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2740 wrote to memory of 2792	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2740 wrote to memory of 2904	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2740 wrote to memory of 2904	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2740 wrote to memory of 2904	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2740 wrote to memory of 2684	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2740 wrote to memory of 2684	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2740 wrote to memory of 2684	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2740 wrote to memory of 2656	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2740 wrote to memory of 2656	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2740 wrote to memory of 2656	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2740 wrote to memory of 2108	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2740 wrote to memory of 2108	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2740 wrote to memory of 2108	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2740 wrote to memory of 2620	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2740 wrote to memory of 2620	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2740 wrote to memory of 2620	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2740 wrote to memory of 1180	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2740 wrote to memory of 1180	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2740 wrote to memory of 1180	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2740 wrote to memory of 548	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2740 wrote to memory of 548	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2740 wrote to memory of 548	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2740 wrote to memory of 1524	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2740 wrote to memory of 1524	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2740 wrote to memory of 1524	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2740 wrote to memory of 2112	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2740 wrote to memory of 2112	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2740 wrote to memory of 2112	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2740 wrote to memory of 3012	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2740 wrote to memory of 3012	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2740 wrote to memory of 3012	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2740 wrote to memory of 1572	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2740 wrote to memory of 1572	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2740 wrote to memory of 1572	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2740 wrote to memory of 2988	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2740 wrote to memory of 2988	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2740 wrote to memory of 2988	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2740 wrote to memory of 2936	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2740 wrote to memory of 2936	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2740 wrote to memory of 2936	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2740 wrote to memory of 2888	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2740 wrote to memory of 2888	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2740 wrote to memory of 2888	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2740 wrote to memory of 2416	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2740 wrote to memory of 2416	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2740 wrote to memory of 2416	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2740 wrote to memory of 1992	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2740 wrote to memory of 1992	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2740 wrote to memory of 1992	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2740 wrote to memory of 2136	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2740 wrote to memory of 2136	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2740 wrote to memory of 2136	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2740 wrote to memory of 672	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2740 wrote to memory of 672	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2740 wrote to memory of 672	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2740 wrote to memory of 2148	2740	2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_ae27cf6a13b1493238b71ae45ec69702_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\System\CmEExOw.exe
  C:\Windows\System\CmEExOw.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\SvxIhsd.exe
  C:\Windows\System\SvxIhsd.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\KmKPLwU.exe
  C:\Windows\System\KmKPLwU.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\QOIATCW.exe
  C:\Windows\System\QOIATCW.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\clPbuum.exe
  C:\Windows\System\clPbuum.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\uuYVLFW.exe
  C:\Windows\System\uuYVLFW.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\HcTVSiR.exe
  C:\Windows\System\HcTVSiR.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\uQUmVtj.exe
  C:\Windows\System\uQUmVtj.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\auFjltv.exe
  C:\Windows\System\auFjltv.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\XTNNTGx.exe
  C:\Windows\System\XTNNTGx.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\DrufJRU.exe
  C:\Windows\System\DrufJRU.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ELoeDbx.exe
  C:\Windows\System\ELoeDbx.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\citMWGY.exe
  C:\Windows\System\citMWGY.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\gCKWRmu.exe
  C:\Windows\System\gCKWRmu.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\FvwykHx.exe
  C:\Windows\System\FvwykHx.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\xiRihzx.exe
  C:\Windows\System\xiRihzx.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\SklbtYk.exe
  C:\Windows\System\SklbtYk.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\DqdXZQu.exe
  C:\Windows\System\DqdXZQu.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\frdhbbD.exe
  C:\Windows\System\frdhbbD.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\bLddgEW.exe
  C:\Windows\System\bLddgEW.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\rNCLnDc.exe
  C:\Windows\System\rNCLnDc.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\bzFFhJC.exe
  C:\Windows\System\bzFFhJC.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\moEhIxZ.exe
  C:\Windows\System\moEhIxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\flasJxR.exe
  C:\Windows\System\flasJxR.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\iykRLrE.exe
  C:\Windows\System\iykRLrE.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\aymQrul.exe
  C:\Windows\System\aymQrul.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\RDKRbqN.exe
  C:\Windows\System\RDKRbqN.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\lqBTtZF.exe
  C:\Windows\System\lqBTtZF.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\GefRjti.exe
  C:\Windows\System\GefRjti.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\ZDvyRBc.exe
  C:\Windows\System\ZDvyRBc.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\xSHhuhS.exe
  C:\Windows\System\xSHhuhS.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\UrkInIO.exe
  C:\Windows\System\UrkInIO.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\tsWcdwy.exe
  C:\Windows\System\tsWcdwy.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\XbzxYQV.exe
  C:\Windows\System\XbzxYQV.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ZRtthGC.exe
  C:\Windows\System\ZRtthGC.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\YwYmkwh.exe
  C:\Windows\System\YwYmkwh.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\CSaQlXn.exe
  C:\Windows\System\CSaQlXn.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\Jpwmpdy.exe
  C:\Windows\System\Jpwmpdy.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\QOwDbkz.exe
  C:\Windows\System\QOwDbkz.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\PCWyXeJ.exe
  C:\Windows\System\PCWyXeJ.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\fUfnKcy.exe
  C:\Windows\System\fUfnKcy.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\RAUOvwD.exe
  C:\Windows\System\RAUOvwD.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\UisxPPk.exe
  C:\Windows\System\UisxPPk.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\nWTcatg.exe
  C:\Windows\System\nWTcatg.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\gJkkVez.exe
  C:\Windows\System\gJkkVez.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\uDcrGrw.exe
  C:\Windows\System\uDcrGrw.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\RyPOUwl.exe
  C:\Windows\System\RyPOUwl.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\mlTCHlG.exe
  C:\Windows\System\mlTCHlG.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\daECWvc.exe
  C:\Windows\System\daECWvc.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\NfaHfKo.exe
  C:\Windows\System\NfaHfKo.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\EMqrZEH.exe
  C:\Windows\System\EMqrZEH.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\vSqXDPv.exe
  C:\Windows\System\vSqXDPv.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\zKvjHGY.exe
  C:\Windows\System\zKvjHGY.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\piiKRCX.exe
  C:\Windows\System\piiKRCX.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\gCJIhQL.exe
  C:\Windows\System\gCJIhQL.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ZXWjKbV.exe
  C:\Windows\System\ZXWjKbV.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\bNQqBet.exe
  C:\Windows\System\bNQqBet.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\hbbujlq.exe
  C:\Windows\System\hbbujlq.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\QqrBBlj.exe
  C:\Windows\System\QqrBBlj.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\sMyLiue.exe
  C:\Windows\System\sMyLiue.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\UKYcCsX.exe
  C:\Windows\System\UKYcCsX.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\VgtXNAe.exe
  C:\Windows\System\VgtXNAe.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\dVspfXg.exe
  C:\Windows\System\dVspfXg.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\UiuHKsq.exe
  C:\Windows\System\UiuHKsq.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\EPDAchd.exe
  C:\Windows\System\EPDAchd.exe
  2⤵
  PID:2932
- C:\Windows\System\vHihSlm.exe
  C:\Windows\System\vHihSlm.exe
  2⤵
  PID:2024
- C:\Windows\System\kTIzGNp.exe
  C:\Windows\System\kTIzGNp.exe
  2⤵
  PID:2436
- C:\Windows\System\uGTwzvJ.exe
  C:\Windows\System\uGTwzvJ.exe
  2⤵
  PID:336
- C:\Windows\System\aQXLetY.exe
  C:\Windows\System\aQXLetY.exe
  2⤵
  PID:432
- C:\Windows\System\vYYgLEC.exe
  C:\Windows\System\vYYgLEC.exe
  2⤵
  PID:2624
- C:\Windows\System\fTsKCrw.exe
  C:\Windows\System\fTsKCrw.exe
  2⤵
  PID:2884
- C:\Windows\System\GYhTKJN.exe
  C:\Windows\System\GYhTKJN.exe
  2⤵
  PID:2972
- C:\Windows\System\VKpTrPi.exe
  C:\Windows\System\VKpTrPi.exe
  2⤵
  PID:1668
- C:\Windows\System\zGdypkU.exe
  C:\Windows\System\zGdypkU.exe
  2⤵
  PID:2268
- C:\Windows\System\YKChbSw.exe
  C:\Windows\System\YKChbSw.exe
  2⤵
  PID:1904
- C:\Windows\System\YhllvDe.exe
  C:\Windows\System\YhllvDe.exe
  2⤵
  PID:2168
- C:\Windows\System\MHrKsgn.exe
  C:\Windows\System\MHrKsgn.exe
  2⤵
  PID:2396
- C:\Windows\System\EJapzIv.exe
  C:\Windows\System\EJapzIv.exe
  2⤵
  PID:1692
- C:\Windows\System\ejIdBis.exe
  C:\Windows\System\ejIdBis.exe
  2⤵
  PID:1960
- C:\Windows\System\wnrrjZY.exe
  C:\Windows\System\wnrrjZY.exe
  2⤵
  PID:1384
- C:\Windows\System\MOBoJez.exe
  C:\Windows\System\MOBoJez.exe
  2⤵
  PID:848
- C:\Windows\System\QJkcDnV.exe
  C:\Windows\System\QJkcDnV.exe
  2⤵
  PID:2460
- C:\Windows\System\GpeOWoX.exe
  C:\Windows\System\GpeOWoX.exe
  2⤵
  PID:1952
- C:\Windows\System\jOyweXz.exe
  C:\Windows\System\jOyweXz.exe
  2⤵
  PID:1812
- C:\Windows\System\nHiXvDi.exe
  C:\Windows\System\nHiXvDi.exe
  2⤵
  PID:280
- C:\Windows\System\AeyVNjs.exe
  C:\Windows\System\AeyVNjs.exe
  2⤵
  PID:1040
- C:\Windows\System\yZbFVnP.exe
  C:\Windows\System\yZbFVnP.exe
  2⤵
  PID:328
- C:\Windows\System\HFNMjrB.exe
  C:\Windows\System\HFNMjrB.exe
  2⤵
  PID:564
- C:\Windows\System\SzinqOl.exe
  C:\Windows\System\SzinqOl.exe
  2⤵
  PID:1804
- C:\Windows\System\jWkGOXf.exe
  C:\Windows\System\jWkGOXf.exe
  2⤵
  PID:1996
- C:\Windows\System\vHBtHWv.exe
  C:\Windows\System\vHBtHWv.exe
  2⤵
  PID:1732
- C:\Windows\System\KrEhmSN.exe
  C:\Windows\System\KrEhmSN.exe
  2⤵
  PID:1000
- C:\Windows\System\TfbIyhg.exe
  C:\Windows\System\TfbIyhg.exe
  2⤵
  PID:2220
- C:\Windows\System\mUBnYno.exe
  C:\Windows\System\mUBnYno.exe
  2⤵
  PID:2304
- C:\Windows\System\TPkKCze.exe
  C:\Windows\System\TPkKCze.exe
  2⤵
  PID:992
- C:\Windows\System\lPncoPZ.exe
  C:\Windows\System\lPncoPZ.exe
  2⤵
  PID:2292
- C:\Windows\System\RtBMCod.exe
  C:\Windows\System\RtBMCod.exe
  2⤵
  PID:2900
- C:\Windows\System\bAKUQsY.exe
  C:\Windows\System\bAKUQsY.exe
  2⤵
  PID:2724
- C:\Windows\System\VaDvwFk.exe
  C:\Windows\System\VaDvwFk.exe
  2⤵
  PID:3028
- C:\Windows\System\rhSWlqw.exe
  C:\Windows\System\rhSWlqw.exe
  2⤵
  PID:2896
- C:\Windows\System\MVoMCmY.exe
  C:\Windows\System\MVoMCmY.exe
  2⤵
  PID:2096
- C:\Windows\System\bHUSIqT.exe
  C:\Windows\System\bHUSIqT.exe
  2⤵
  PID:3040
- C:\Windows\System\vXPjrcl.exe
  C:\Windows\System\vXPjrcl.exe
  2⤵
  PID:2688
- C:\Windows\System\ZnwIoso.exe
  C:\Windows\System\ZnwIoso.exe
  2⤵
  PID:2120
- C:\Windows\System\WVBxIKM.exe
  C:\Windows\System\WVBxIKM.exe
  2⤵
  PID:3008
- C:\Windows\System\OTmCObO.exe
  C:\Windows\System\OTmCObO.exe
  2⤵
  PID:1988
- C:\Windows\System\eAgnGEI.exe
  C:\Windows\System\eAgnGEI.exe
  2⤵
  PID:1476
- C:\Windows\System\nLGyioo.exe
  C:\Windows\System\nLGyioo.exe
  2⤵
  PID:2284
- C:\Windows\System\QQTwmGV.exe
  C:\Windows\System\QQTwmGV.exe
  2⤵
  PID:844
- C:\Windows\System\ykOooIs.exe
  C:\Windows\System\ykOooIs.exe
  2⤵
  PID:544
- C:\Windows\System\gWnWfIJ.exe
  C:\Windows\System\gWnWfIJ.exe
  2⤵
  PID:2452
- C:\Windows\System\Zxgvjzp.exe
  C:\Windows\System\Zxgvjzp.exe
  2⤵
  PID:2132
- C:\Windows\System\JgMYEGk.exe
  C:\Windows\System\JgMYEGk.exe
  2⤵
  PID:1728
- C:\Windows\System\NomaYrJ.exe
  C:\Windows\System\NomaYrJ.exe
  2⤵
  PID:872
- C:\Windows\System\GTIaLDS.exe
  C:\Windows\System\GTIaLDS.exe
  2⤵
  PID:1908
- C:\Windows\System\sugKbHS.exe
  C:\Windows\System\sugKbHS.exe
  2⤵
  PID:1772
- C:\Windows\System\wTSKUSC.exe
  C:\Windows\System\wTSKUSC.exe
  2⤵
  PID:2320
- C:\Windows\System\LFHvzpC.exe
  C:\Windows\System\LFHvzpC.exe
  2⤵
  PID:1148
- C:\Windows\System\cRSOOdI.exe
  C:\Windows\System\cRSOOdI.exe
  2⤵
  PID:1516
- C:\Windows\System\YMlgjby.exe
  C:\Windows\System\YMlgjby.exe
  2⤵
  PID:3056
- C:\Windows\System\SIQbwMp.exe
  C:\Windows\System\SIQbwMp.exe
  2⤵
  PID:1596
- C:\Windows\System\vKowEGc.exe
  C:\Windows\System\vKowEGc.exe
  2⤵
  PID:2864
- C:\Windows\System\jIUkade.exe
  C:\Windows\System\jIUkade.exe
  2⤵
  PID:2652
- C:\Windows\System\EXbsrhB.exe
  C:\Windows\System\EXbsrhB.exe
  2⤵
  PID:2632
- C:\Windows\System\TogFcqv.exe
  C:\Windows\System\TogFcqv.exe
  2⤵
  PID:3032
- C:\Windows\System\tLNCBVE.exe
  C:\Windows\System\tLNCBVE.exe
  2⤵
  PID:3044
- C:\Windows\System\rJtLCeB.exe
  C:\Windows\System\rJtLCeB.exe
  2⤵
  PID:2140
- C:\Windows\System\FZPLZPB.exe
  C:\Windows\System\FZPLZPB.exe
  2⤵
  PID:2604
- C:\Windows\System\JwKZYKg.exe
  C:\Windows\System\JwKZYKg.exe
  2⤵
  PID:1036
- C:\Windows\System\ptKqtHK.exe
  C:\Windows\System\ptKqtHK.exe
  2⤵
  PID:1484
- C:\Windows\System\ypzxtVd.exe
  C:\Windows\System\ypzxtVd.exe
  2⤵
  PID:1072
- C:\Windows\System\nctEXjU.exe
  C:\Windows\System\nctEXjU.exe
  2⤵
  PID:1640
- C:\Windows\System\Milbhgl.exe
  C:\Windows\System\Milbhgl.exe
  2⤵
  PID:2116
- C:\Windows\System\aKwMYNI.exe
  C:\Windows\System\aKwMYNI.exe
  2⤵
  PID:2476
- C:\Windows\System\sCRUanx.exe
  C:\Windows\System\sCRUanx.exe
  2⤵
  PID:2408
- C:\Windows\System\SqQqele.exe
  C:\Windows\System\SqQqele.exe
  2⤵
  PID:2512
- C:\Windows\System\ittttAX.exe
  C:\Windows\System\ittttAX.exe
  2⤵
  PID:2072
- C:\Windows\System\YHWrZHa.exe
  C:\Windows\System\YHWrZHa.exe
  2⤵
  PID:2820
- C:\Windows\System\zUljoDn.exe
  C:\Windows\System\zUljoDn.exe
  2⤵
  PID:2228
- C:\Windows\System\fYKGzqh.exe
  C:\Windows\System\fYKGzqh.exe
  2⤵
  PID:3024
- C:\Windows\System\WPDsIiH.exe
  C:\Windows\System\WPDsIiH.exe
  2⤵
  PID:1964
- C:\Windows\System\HkCcyUi.exe
  C:\Windows\System\HkCcyUi.exe
  2⤵
  PID:292
- C:\Windows\System\fOwpqHs.exe
  C:\Windows\System\fOwpqHs.exe
  2⤵
  PID:1140
- C:\Windows\System\ePzzLAr.exe
  C:\Windows\System\ePzzLAr.exe
  2⤵
  PID:2644
- C:\Windows\System\xRlydjE.exe
  C:\Windows\System\xRlydjE.exe
  2⤵
  PID:1760
- C:\Windows\System\urBtTjz.exe
  C:\Windows\System\urBtTjz.exe
  2⤵
  PID:2176
- C:\Windows\System\ilZPThD.exe
  C:\Windows\System\ilZPThD.exe
  2⤵
  PID:2992
- C:\Windows\System\WfzfQEa.exe
  C:\Windows\System\WfzfQEa.exe
  2⤵
  PID:3004
- C:\Windows\System\Zzwlefo.exe
  C:\Windows\System\Zzwlefo.exe
  2⤵
  PID:2080
- C:\Windows\System\ypyPaIv.exe
  C:\Windows\System\ypyPaIv.exe
  2⤵
  PID:2344
- C:\Windows\System\RSapHzm.exe
  C:\Windows\System\RSapHzm.exe
  2⤵
  PID:1264
- C:\Windows\System\IuZjrlY.exe
  C:\Windows\System\IuZjrlY.exe
  2⤵
  PID:592
- C:\Windows\System\wJwXZvQ.exe
  C:\Windows\System\wJwXZvQ.exe
  2⤵
  PID:2164
- C:\Windows\System\loDTgxA.exe
  C:\Windows\System\loDTgxA.exe
  2⤵
  PID:2908
- C:\Windows\System\TlmbmOW.exe
  C:\Windows\System\TlmbmOW.exe
  2⤵
  PID:2640
- C:\Windows\System\WIjsksK.exe
  C:\Windows\System\WIjsksK.exe
  2⤵
  PID:860
- C:\Windows\System\deQSYWN.exe
  C:\Windows\System\deQSYWN.exe
  2⤵
  PID:2376
- C:\Windows\System\xRTlggZ.exe
  C:\Windows\System\xRTlggZ.exe
  2⤵
  PID:1460
- C:\Windows\System\bTtUIDQ.exe
  C:\Windows\System\bTtUIDQ.exe
  2⤵
  PID:632
- C:\Windows\System\nYzbMnN.exe
  C:\Windows\System\nYzbMnN.exe
  2⤵
  PID:2976
- C:\Windows\System\gTbipOM.exe
  C:\Windows\System\gTbipOM.exe
  2⤵
  PID:1300
- C:\Windows\System\fnaOmHu.exe
  C:\Windows\System\fnaOmHu.exe
  2⤵
  PID:2560
- C:\Windows\System\xuvnqji.exe
  C:\Windows\System\xuvnqji.exe
  2⤵
  PID:1644
- C:\Windows\System\yuMLsuR.exe
  C:\Windows\System\yuMLsuR.exe
  2⤵
  PID:1236
- C:\Windows\System\PdNQnxB.exe
  C:\Windows\System\PdNQnxB.exe
  2⤵
  PID:880
- C:\Windows\System\YNXGXsi.exe
  C:\Windows\System\YNXGXsi.exe
  2⤵
  PID:2696
- C:\Windows\System\IhqPsHg.exe
  C:\Windows\System\IhqPsHg.exe
  2⤵
  PID:1840
- C:\Windows\System\ciPNjWP.exe
  C:\Windows\System\ciPNjWP.exe
  2⤵
  PID:820
- C:\Windows\System\jTyxTOP.exe
  C:\Windows\System\jTyxTOP.exe
  2⤵
  PID:1704
- C:\Windows\System\bXqmURg.exe
  C:\Windows\System\bXqmURg.exe
  2⤵
  PID:2588
- C:\Windows\System\hhhtBSH.exe
  C:\Windows\System\hhhtBSH.exe
  2⤵
  PID:2580
- C:\Windows\System\FYphjph.exe
  C:\Windows\System\FYphjph.exe
  2⤵
  PID:2964
- C:\Windows\System\MtLPiTi.exe
  C:\Windows\System\MtLPiTi.exe
  2⤵
  PID:2404
- C:\Windows\System\kVMmnLZ.exe
  C:\Windows\System\kVMmnLZ.exe
  2⤵
  PID:1316
- C:\Windows\System\WpPzCOu.exe
  C:\Windows\System\WpPzCOu.exe
  2⤵
  PID:2156
- C:\Windows\System\wAnXIur.exe
  C:\Windows\System\wAnXIur.exe
  2⤵
  PID:2800
- C:\Windows\System\LXPnWUh.exe
  C:\Windows\System\LXPnWUh.exe
  2⤵
  PID:612
- C:\Windows\System\pGUgjRd.exe
  C:\Windows\System\pGUgjRd.exe
  2⤵
  PID:1488
- C:\Windows\System\swUIECQ.exe
  C:\Windows\System\swUIECQ.exe
  2⤵
  PID:2784
- C:\Windows\System\UetXjVC.exe
  C:\Windows\System\UetXjVC.exe
  2⤵
  PID:1508
- C:\Windows\System\uDDYAiU.exe
  C:\Windows\System\uDDYAiU.exe
  2⤵
  PID:580
- C:\Windows\System\PAPFunO.exe
  C:\Windows\System\PAPFunO.exe
  2⤵
  PID:2372
- C:\Windows\System\VUfhkMa.exe
  C:\Windows\System\VUfhkMa.exe
  2⤵
  PID:956
- C:\Windows\System\HTSZLHL.exe
  C:\Windows\System\HTSZLHL.exe
  2⤵
  PID:952
- C:\Windows\System\IUDBxgO.exe
  C:\Windows\System\IUDBxgO.exe
  2⤵
  PID:1684
- C:\Windows\System\pnqQHUF.exe
  C:\Windows\System\pnqQHUF.exe
  2⤵
  PID:1932
- C:\Windows\System\LBIaOhM.exe
  C:\Windows\System\LBIaOhM.exe
  2⤵
  PID:3088
- C:\Windows\System\TZYplTV.exe
  C:\Windows\System\TZYplTV.exe
  2⤵
  PID:3108
- C:\Windows\System\ftSUJge.exe
  C:\Windows\System\ftSUJge.exe
  2⤵
  PID:3124
- C:\Windows\System\QyciBkM.exe
  C:\Windows\System\QyciBkM.exe
  2⤵
  PID:3144
- C:\Windows\System\BepRNPD.exe
  C:\Windows\System\BepRNPD.exe
  2⤵
  PID:3160
- C:\Windows\System\ceKdCeE.exe
  C:\Windows\System\ceKdCeE.exe
  2⤵
  PID:3180
- C:\Windows\System\FZgfYZZ.exe
  C:\Windows\System\FZgfYZZ.exe
  2⤵
  PID:3204
- C:\Windows\System\oBXCvRX.exe
  C:\Windows\System\oBXCvRX.exe
  2⤵
  PID:3220
- C:\Windows\System\YtkzWWR.exe
  C:\Windows\System\YtkzWWR.exe
  2⤵
  PID:3240
- C:\Windows\System\LVbqoUS.exe
  C:\Windows\System\LVbqoUS.exe
  2⤵
  PID:3256
- C:\Windows\System\faMKPrS.exe
  C:\Windows\System\faMKPrS.exe
  2⤵
  PID:3288
- C:\Windows\System\wwDlhdA.exe
  C:\Windows\System\wwDlhdA.exe
  2⤵
  PID:3308
- C:\Windows\System\FKVzDof.exe
  C:\Windows\System\FKVzDof.exe
  2⤵
  PID:3324
- C:\Windows\System\zrFcpaH.exe
  C:\Windows\System\zrFcpaH.exe
  2⤵
  PID:3344
- C:\Windows\System\jhgnxPZ.exe
  C:\Windows\System\jhgnxPZ.exe
  2⤵
  PID:3368
- C:\Windows\System\JvUyINA.exe
  C:\Windows\System\JvUyINA.exe
  2⤵
  PID:3384
- C:\Windows\System\eDAsEse.exe
  C:\Windows\System\eDAsEse.exe
  2⤵
  PID:3400
- C:\Windows\System\tjvfUqJ.exe
  C:\Windows\System\tjvfUqJ.exe
  2⤵
  PID:3428
- C:\Windows\System\UtwREpu.exe
  C:\Windows\System\UtwREpu.exe
  2⤵
  PID:3448
- C:\Windows\System\pXaBhlK.exe
  C:\Windows\System\pXaBhlK.exe
  2⤵
  PID:3464
- C:\Windows\System\yOALQSq.exe
  C:\Windows\System\yOALQSq.exe
  2⤵
  PID:3480
- C:\Windows\System\GoIzmud.exe
  C:\Windows\System\GoIzmud.exe
  2⤵
  PID:3496
- C:\Windows\System\RXEydeW.exe
  C:\Windows\System\RXEydeW.exe
  2⤵
  PID:3528
- C:\Windows\System\VKkMBam.exe
  C:\Windows\System\VKkMBam.exe
  2⤵
  PID:3544
- C:\Windows\System\fLNqTGL.exe
  C:\Windows\System\fLNqTGL.exe
  2⤵
  PID:3564
- C:\Windows\System\bPcYjHL.exe
  C:\Windows\System\bPcYjHL.exe
  2⤵
  PID:3580
- C:\Windows\System\fqkLPvK.exe
  C:\Windows\System\fqkLPvK.exe
  2⤵
  PID:3596
- C:\Windows\System\UUKWgzc.exe
  C:\Windows\System\UUKWgzc.exe
  2⤵
  PID:3616
- C:\Windows\System\iDgWBFX.exe
  C:\Windows\System\iDgWBFX.exe
  2⤵
  PID:3644
- C:\Windows\System\JSHFDDf.exe
  C:\Windows\System\JSHFDDf.exe
  2⤵
  PID:3664
- C:\Windows\System\daJzamk.exe
  C:\Windows\System\daJzamk.exe
  2⤵
  PID:3692
- C:\Windows\System\vgwsVKl.exe
  C:\Windows\System\vgwsVKl.exe
  2⤵
  PID:3708
- C:\Windows\System\HhQhrmU.exe
  C:\Windows\System\HhQhrmU.exe
  2⤵
  PID:3724
- C:\Windows\System\MgabGpZ.exe
  C:\Windows\System\MgabGpZ.exe
  2⤵
  PID:3744
- C:\Windows\System\HTGrkuS.exe
  C:\Windows\System\HTGrkuS.exe
  2⤵
  PID:3772
- C:\Windows\System\XrFAkij.exe
  C:\Windows\System\XrFAkij.exe
  2⤵
  PID:3788
- C:\Windows\System\NUieiGn.exe
  C:\Windows\System\NUieiGn.exe
  2⤵
  PID:3808
- C:\Windows\System\mYBJnyA.exe
  C:\Windows\System\mYBJnyA.exe
  2⤵
  PID:3832
- C:\Windows\System\VYJcbTG.exe
  C:\Windows\System\VYJcbTG.exe
  2⤵
  PID:3848
- C:\Windows\System\wQFsErY.exe
  C:\Windows\System\wQFsErY.exe
  2⤵
  PID:3868
- C:\Windows\System\WoReKqI.exe
  C:\Windows\System\WoReKqI.exe
  2⤵
  PID:3884
- C:\Windows\System\SfeNrYX.exe
  C:\Windows\System\SfeNrYX.exe
  2⤵
  PID:3904
- C:\Windows\System\yQTyKJu.exe
  C:\Windows\System\yQTyKJu.exe
  2⤵
  PID:3928
- C:\Windows\System\jTTEXIP.exe
  C:\Windows\System\jTTEXIP.exe
  2⤵
  PID:3944
- C:\Windows\System\POsJJvh.exe
  C:\Windows\System\POsJJvh.exe
  2⤵
  PID:3972
- C:\Windows\System\vQoBIAS.exe
  C:\Windows\System\vQoBIAS.exe
  2⤵
  PID:3988
- C:\Windows\System\CYfmzTA.exe
  C:\Windows\System\CYfmzTA.exe
  2⤵
  PID:4012
- C:\Windows\System\YqYNwrC.exe
  C:\Windows\System\YqYNwrC.exe
  2⤵
  PID:4028
- C:\Windows\System\gvbBGXF.exe
  C:\Windows\System\gvbBGXF.exe
  2⤵
  PID:4048
- C:\Windows\System\adTZAhF.exe
  C:\Windows\System\adTZAhF.exe
  2⤵
  PID:4072
- C:\Windows\System\UjdORjv.exe
  C:\Windows\System\UjdORjv.exe
  2⤵
  PID:4088
- C:\Windows\System\hfRpnwo.exe
  C:\Windows\System\hfRpnwo.exe
  2⤵
  PID:3080
- C:\Windows\System\CdahTep.exe
  C:\Windows\System\CdahTep.exe
  2⤵
  PID:3116
- C:\Windows\System\sEPuRcB.exe
  C:\Windows\System\sEPuRcB.exe
  2⤵
  PID:3192
- C:\Windows\System\ntCXJwM.exe
  C:\Windows\System\ntCXJwM.exe
  2⤵
  PID:3168
- C:\Windows\System\avztZTJ.exe
  C:\Windows\System\avztZTJ.exe
  2⤵
  PID:3176
- C:\Windows\System\TTBhPFh.exe
  C:\Windows\System\TTBhPFh.exe
  2⤵
  PID:3268
- C:\Windows\System\Saqscpn.exe
  C:\Windows\System\Saqscpn.exe
  2⤵
  PID:3280
- C:\Windows\System\EUuKTCi.exe
  C:\Windows\System\EUuKTCi.exe
  2⤵
  PID:3316
- C:\Windows\System\mvvYizs.exe
  C:\Windows\System\mvvYizs.exe
  2⤵
  PID:3352
- C:\Windows\System\OYXhKVC.exe
  C:\Windows\System\OYXhKVC.exe
  2⤵
  PID:3396
- C:\Windows\System\ugIgqzU.exe
  C:\Windows\System\ugIgqzU.exe
  2⤵
  PID:3416
- C:\Windows\System\oQyJJuy.exe
  C:\Windows\System\oQyJJuy.exe
  2⤵
  PID:3472
- C:\Windows\System\IeKQxRy.exe
  C:\Windows\System\IeKQxRy.exe
  2⤵
  PID:3492
- C:\Windows\System\HpVztZh.exe
  C:\Windows\System\HpVztZh.exe
  2⤵
  PID:3516
- C:\Windows\System\IFBjXPS.exe
  C:\Windows\System\IFBjXPS.exe
  2⤵
  PID:3552
- C:\Windows\System\UbRiUrV.exe
  C:\Windows\System\UbRiUrV.exe
  2⤵
  PID:3560
- C:\Windows\System\FqskytB.exe
  C:\Windows\System\FqskytB.exe
  2⤵
  PID:3636
- C:\Windows\System\kaGcyDL.exe
  C:\Windows\System\kaGcyDL.exe
  2⤵
  PID:3608
- C:\Windows\System\KBjrCGH.exe
  C:\Windows\System\KBjrCGH.exe
  2⤵
  PID:3684
- C:\Windows\System\DnSWZPf.exe
  C:\Windows\System\DnSWZPf.exe
  2⤵
  PID:3752
- C:\Windows\System\nHONsrb.exe
  C:\Windows\System\nHONsrb.exe
  2⤵
  PID:3732
- C:\Windows\System\AUmwiPQ.exe
  C:\Windows\System\AUmwiPQ.exe
  2⤵
  PID:3796
- C:\Windows\System\ROVdtnB.exe
  C:\Windows\System\ROVdtnB.exe
  2⤵
  PID:3820
- C:\Windows\System\rAxMHyC.exe
  C:\Windows\System\rAxMHyC.exe
  2⤵
  PID:3840
- C:\Windows\System\QaOUTGN.exe
  C:\Windows\System\QaOUTGN.exe
  2⤵
  PID:3920
- C:\Windows\System\wZlXZPz.exe
  C:\Windows\System\wZlXZPz.exe
  2⤵
  PID:3896
- C:\Windows\System\JVXaeKk.exe
  C:\Windows\System\JVXaeKk.exe
  2⤵
  PID:3916
- C:\Windows\System\GVnHlcw.exe
  C:\Windows\System\GVnHlcw.exe
  2⤵
  PID:3960
- C:\Windows\System\nBZhisC.exe
  C:\Windows\System\nBZhisC.exe
  2⤵
  PID:3996
- C:\Windows\System\VtmMmld.exe
  C:\Windows\System\VtmMmld.exe
  2⤵
  PID:4044
- C:\Windows\System\xKjeaFb.exe
  C:\Windows\System\xKjeaFb.exe
  2⤵
  PID:4060
- C:\Windows\System\zxrmKnp.exe
  C:\Windows\System\zxrmKnp.exe
  2⤵
  PID:3196
- C:\Windows\System\xHlzltI.exe
  C:\Windows\System\xHlzltI.exe
  2⤵
  PID:3084
- C:\Windows\System\vuPGazu.exe
  C:\Windows\System\vuPGazu.exe
  2⤵
  PID:3232
- C:\Windows\System\KgLlglr.exe
  C:\Windows\System\KgLlglr.exe
  2⤵
  PID:3216
- C:\Windows\System\bCayuvB.exe
  C:\Windows\System\bCayuvB.exe
  2⤵
  PID:3300
- C:\Windows\System\AUYvSuI.exe
  C:\Windows\System\AUYvSuI.exe
  2⤵
  PID:3392
- C:\Windows\System\lTjNNry.exe
  C:\Windows\System\lTjNNry.exe
  2⤵
  PID:3408
- C:\Windows\System\fvRizsu.exe
  C:\Windows\System\fvRizsu.exe
  2⤵
  PID:3512
- C:\Windows\System\WudsHDX.exe
  C:\Windows\System\WudsHDX.exe
  2⤵
  PID:3524
- C:\Windows\System\EIOxGoT.exe
  C:\Windows\System\EIOxGoT.exe
  2⤵
  PID:3592
- C:\Windows\System\BBapAxB.exe
  C:\Windows\System\BBapAxB.exe
  2⤵
  PID:3540
- C:\Windows\System\zYmKoBy.exe
  C:\Windows\System\zYmKoBy.exe
  2⤵
  PID:3624
- C:\Windows\System\NEqZbsz.exe
  C:\Windows\System\NEqZbsz.exe
  2⤵
  PID:3704
- C:\Windows\System\mOHzcMy.exe
  C:\Windows\System\mOHzcMy.exe
  2⤵
  PID:3780
- C:\Windows\System\oLMqzDR.exe
  C:\Windows\System\oLMqzDR.exe
  2⤵
  PID:3880
- C:\Windows\System\FiIEVsh.exe
  C:\Windows\System\FiIEVsh.exe
  2⤵
  PID:3860
- C:\Windows\System\WjCPWfP.exe
  C:\Windows\System\WjCPWfP.exe
  2⤵
  PID:3912
- C:\Windows\System\Ywuclaz.exe
  C:\Windows\System\Ywuclaz.exe
  2⤵
  PID:3980
- C:\Windows\System\KRKChWk.exe
  C:\Windows\System\KRKChWk.exe
  2⤵
  PID:4064
- C:\Windows\System\pSUjAOz.exe
  C:\Windows\System\pSUjAOz.exe
  2⤵
  PID:3136
- C:\Windows\System\AeWIjRJ.exe
  C:\Windows\System\AeWIjRJ.exe
  2⤵
  PID:3228
- C:\Windows\System\FMAcnbe.exe
  C:\Windows\System\FMAcnbe.exe
  2⤵
  PID:3276
- C:\Windows\System\gfoVJut.exe
  C:\Windows\System\gfoVJut.exe
  2⤵
  PID:3360
- C:\Windows\System\KxTIfpP.exe
  C:\Windows\System\KxTIfpP.exe
  2⤵
  PID:3420
- C:\Windows\System\GFKQUQW.exe
  C:\Windows\System\GFKQUQW.exe
  2⤵
  PID:3488
- C:\Windows\System\hZRPXnl.exe
  C:\Windows\System\hZRPXnl.exe
  2⤵
  PID:3612
- C:\Windows\System\SgGATNs.exe
  C:\Windows\System\SgGATNs.exe
  2⤵
  PID:3700
- C:\Windows\System\DbvshPB.exe
  C:\Windows\System\DbvshPB.exe
  2⤵
  PID:3760
- C:\Windows\System\VuYIvTO.exe
  C:\Windows\System\VuYIvTO.exe
  2⤵
  PID:4004
- C:\Windows\System\rzzYfaU.exe
  C:\Windows\System\rzzYfaU.exe
  2⤵
  PID:4024
- C:\Windows\System\QEkNWsw.exe
  C:\Windows\System\QEkNWsw.exe
  2⤵
  PID:3100
- C:\Windows\System\hGiqyOB.exe
  C:\Windows\System\hGiqyOB.exe
  2⤵
  PID:264
- C:\Windows\System\RQRcWAT.exe
  C:\Windows\System\RQRcWAT.exe
  2⤵
  PID:3320
- C:\Windows\System\MYSyDvR.exe
  C:\Windows\System\MYSyDvR.exe
  2⤵
  PID:3252
- C:\Windows\System\tdKsngx.exe
  C:\Windows\System\tdKsngx.exe
  2⤵
  PID:3720
- C:\Windows\System\UnFcTXf.exe
  C:\Windows\System\UnFcTXf.exe
  2⤵
  PID:3680
- C:\Windows\System\CEowRuJ.exe
  C:\Windows\System\CEowRuJ.exe
  2⤵
  PID:3824
- C:\Windows\System\cKkKdhR.exe
  C:\Windows\System\cKkKdhR.exe
  2⤵
  PID:2384
- C:\Windows\System\fUUuhgu.exe
  C:\Windows\System\fUUuhgu.exe
  2⤵
  PID:3964
- C:\Windows\System\nCKPmvH.exe
  C:\Windows\System\nCKPmvH.exe
  2⤵
  PID:3784
- C:\Windows\System\XLeaETr.exe
  C:\Windows\System\XLeaETr.exe
  2⤵
  PID:3304
- C:\Windows\System\rKfRbZk.exe
  C:\Windows\System\rKfRbZk.exe
  2⤵
  PID:3456
- C:\Windows\System\FffqlsD.exe
  C:\Windows\System\FffqlsD.exe
  2⤵
  PID:1776
- C:\Windows\System\KHFLrwI.exe
  C:\Windows\System\KHFLrwI.exe
  2⤵
  PID:3892
- C:\Windows\System\zcxhnnr.exe
  C:\Windows\System\zcxhnnr.exe
  2⤵
  PID:4120
- C:\Windows\System\vsLzCXm.exe
  C:\Windows\System\vsLzCXm.exe
  2⤵
  PID:4140
- C:\Windows\System\MyMwiin.exe
  C:\Windows\System\MyMwiin.exe
  2⤵
  PID:4156
- C:\Windows\System\ZkhHbVl.exe
  C:\Windows\System\ZkhHbVl.exe
  2⤵
  PID:4176
- C:\Windows\System\lLeMeGn.exe
  C:\Windows\System\lLeMeGn.exe
  2⤵
  PID:4200
- C:\Windows\System\BRnPrRo.exe
  C:\Windows\System\BRnPrRo.exe
  2⤵
  PID:4220
- C:\Windows\System\jnqlDAt.exe
  C:\Windows\System\jnqlDAt.exe
  2⤵
  PID:4236
- C:\Windows\System\SeFUJyS.exe
  C:\Windows\System\SeFUJyS.exe
  2⤵
  PID:4256
- C:\Windows\System\YVHeTir.exe
  C:\Windows\System\YVHeTir.exe
  2⤵
  PID:4296
- C:\Windows\System\avHnLwG.exe
  C:\Windows\System\avHnLwG.exe
  2⤵
  PID:4316
- C:\Windows\System\jpzYdpb.exe
  C:\Windows\System\jpzYdpb.exe
  2⤵
  PID:4336
- C:\Windows\System\BnGorlO.exe
  C:\Windows\System\BnGorlO.exe
  2⤵
  PID:4356
- C:\Windows\System\TgnNSeW.exe
  C:\Windows\System\TgnNSeW.exe
  2⤵
  PID:4376
- C:\Windows\System\YsZzCiA.exe
  C:\Windows\System\YsZzCiA.exe
  2⤵
  PID:4392
- C:\Windows\System\lBdMnJB.exe
  C:\Windows\System\lBdMnJB.exe
  2⤵
  PID:4412
- C:\Windows\System\vmGaNKg.exe
  C:\Windows\System\vmGaNKg.exe
  2⤵
  PID:4432
- C:\Windows\System\HdiftfS.exe
  C:\Windows\System\HdiftfS.exe
  2⤵
  PID:4452
- C:\Windows\System\aNveqrr.exe
  C:\Windows\System\aNveqrr.exe
  2⤵
  PID:4472
- C:\Windows\System\uVlnPzv.exe
  C:\Windows\System\uVlnPzv.exe
  2⤵
  PID:4496
- C:\Windows\System\IdzdsNT.exe
  C:\Windows\System\IdzdsNT.exe
  2⤵
  PID:4512
- C:\Windows\System\HzvlOqf.exe
  C:\Windows\System\HzvlOqf.exe
  2⤵
  PID:4532
- C:\Windows\System\PScKVvH.exe
  C:\Windows\System\PScKVvH.exe
  2⤵
  PID:4556
- C:\Windows\System\ImGhCef.exe
  C:\Windows\System\ImGhCef.exe
  2⤵
  PID:4584
- C:\Windows\System\WJIvwTo.exe
  C:\Windows\System\WJIvwTo.exe
  2⤵
  PID:4600
- C:\Windows\System\zcFUcaz.exe
  C:\Windows\System\zcFUcaz.exe
  2⤵
  PID:4620
- C:\Windows\System\IoSRiuB.exe
  C:\Windows\System\IoSRiuB.exe
  2⤵
  PID:4636
- C:\Windows\System\DlXDuEB.exe
  C:\Windows\System\DlXDuEB.exe
  2⤵
  PID:4656
- C:\Windows\System\BQJlrDi.exe
  C:\Windows\System\BQJlrDi.exe
  2⤵
  PID:4672
- C:\Windows\System\JZIYWkY.exe
  C:\Windows\System\JZIYWkY.exe
  2⤵
  PID:4692
- C:\Windows\System\zvSKpTT.exe
  C:\Windows\System\zvSKpTT.exe
  2⤵
  PID:4712
- C:\Windows\System\YighXfq.exe
  C:\Windows\System\YighXfq.exe
  2⤵
  PID:4728
- C:\Windows\System\tQrvBoU.exe
  C:\Windows\System\tQrvBoU.exe
  2⤵
  PID:4760
- C:\Windows\System\vWqMcnu.exe
  C:\Windows\System\vWqMcnu.exe
  2⤵
  PID:4780
- C:\Windows\System\iPfJWia.exe
  C:\Windows\System\iPfJWia.exe
  2⤵
  PID:4800
- C:\Windows\System\xkJOeTW.exe
  C:\Windows\System\xkJOeTW.exe
  2⤵
  PID:4820
- C:\Windows\System\gvyKcaP.exe
  C:\Windows\System\gvyKcaP.exe
  2⤵
  PID:4840
- C:\Windows\System\qQAKzEf.exe
  C:\Windows\System\qQAKzEf.exe
  2⤵
  PID:4864
- C:\Windows\System\ziOVzRF.exe
  C:\Windows\System\ziOVzRF.exe
  2⤵
  PID:4880
- C:\Windows\System\uOiDUdu.exe
  C:\Windows\System\uOiDUdu.exe
  2⤵
  PID:4920
- C:\Windows\System\pfpvUhl.exe
  C:\Windows\System\pfpvUhl.exe
  2⤵
  PID:4936
- C:\Windows\System\KssxDaO.exe
  C:\Windows\System\KssxDaO.exe
  2⤵
  PID:4956
- C:\Windows\System\nJNUOnk.exe
  C:\Windows\System\nJNUOnk.exe
  2⤵
  PID:4976
- C:\Windows\System\qptyLtO.exe
  C:\Windows\System\qptyLtO.exe
  2⤵
  PID:5000
- C:\Windows\System\YysFLId.exe
  C:\Windows\System\YysFLId.exe
  2⤵
  PID:5020
- C:\Windows\System\qwsgIIC.exe
  C:\Windows\System\qwsgIIC.exe
  2⤵
  PID:5036
- C:\Windows\System\tYQUMjw.exe
  C:\Windows\System\tYQUMjw.exe
  2⤵
  PID:5056
- C:\Windows\System\TlrYmeR.exe
  C:\Windows\System\TlrYmeR.exe
  2⤵
  PID:5072
- C:\Windows\System\cVcKApj.exe
  C:\Windows\System\cVcKApj.exe
  2⤵
  PID:5096
- C:\Windows\System\BkJYUmf.exe
  C:\Windows\System\BkJYUmf.exe
  2⤵
  PID:4020
- C:\Windows\System\pWUBNtx.exe
  C:\Windows\System\pWUBNtx.exe
  2⤵
  PID:3156
- C:\Windows\System\RXOnguS.exe
  C:\Windows\System\RXOnguS.exe
  2⤵
  PID:4108
- C:\Windows\System\zwbwhOE.exe
  C:\Windows\System\zwbwhOE.exe
  2⤵
  PID:4136
- C:\Windows\System\bfmNCNr.exe
  C:\Windows\System\bfmNCNr.exe
  2⤵
  PID:4168
- C:\Windows\System\WivbUAn.exe
  C:\Windows\System\WivbUAn.exe
  2⤵
  PID:4192
- C:\Windows\System\TlgFloH.exe
  C:\Windows\System\TlgFloH.exe
  2⤵
  PID:4232
- C:\Windows\System\NLYiFeM.exe
  C:\Windows\System\NLYiFeM.exe
  2⤵
  PID:4268
- C:\Windows\System\ojvOBKb.exe
  C:\Windows\System\ojvOBKb.exe
  2⤵
  PID:4272
- C:\Windows\System\ubDtBfE.exe
  C:\Windows\System\ubDtBfE.exe
  2⤵
  PID:4332
- C:\Windows\System\PLcRlnT.exe
  C:\Windows\System\PLcRlnT.exe
  2⤵
  PID:4364
- C:\Windows\System\vzKeBHz.exe
  C:\Windows\System\vzKeBHz.exe
  2⤵
  PID:4384
- C:\Windows\System\HxDFIXc.exe
  C:\Windows\System\HxDFIXc.exe
  2⤵
  PID:4448
- C:\Windows\System\jSjWQFJ.exe
  C:\Windows\System\jSjWQFJ.exe
  2⤵
  PID:4460
- C:\Windows\System\OrOIdNC.exe
  C:\Windows\System\OrOIdNC.exe
  2⤵
  PID:4544
- C:\Windows\System\nUnZCEU.exe
  C:\Windows\System\nUnZCEU.exe
  2⤵
  PID:4540
- C:\Windows\System\lIzGlRx.exe
  C:\Windows\System\lIzGlRx.exe
  2⤵
  PID:4608
- C:\Windows\System\nbGhRRO.exe
  C:\Windows\System\nbGhRRO.exe
  2⤵
  PID:4612
- C:\Windows\System\qdYXCOc.exe
  C:\Windows\System\qdYXCOc.exe
  2⤵
  PID:4652
- C:\Windows\System\bbIPOZm.exe
  C:\Windows\System\bbIPOZm.exe
  2⤵
  PID:4720
- C:\Windows\System\jmdsbsR.exe
  C:\Windows\System\jmdsbsR.exe
  2⤵
  PID:4700
- C:\Windows\System\YVtXtah.exe
  C:\Windows\System\YVtXtah.exe
  2⤵
  PID:4744
- C:\Windows\System\EYtqwcA.exe
  C:\Windows\System\EYtqwcA.exe
  2⤵
  PID:4772
- C:\Windows\System\GBgsSJQ.exe
  C:\Windows\System\GBgsSJQ.exe
  2⤵
  PID:4816
- C:\Windows\System\ADoAxEd.exe
  C:\Windows\System\ADoAxEd.exe
  2⤵
  PID:4876
- C:\Windows\System\jaVwxrS.exe
  C:\Windows\System\jaVwxrS.exe
  2⤵
  PID:4872
- C:\Windows\System\AgULqqK.exe
  C:\Windows\System\AgULqqK.exe
  2⤵
  PID:4944
- C:\Windows\System\BxrhCxQ.exe
  C:\Windows\System\BxrhCxQ.exe
  2⤵
  PID:4968
- C:\Windows\System\MiTpQZG.exe
  C:\Windows\System\MiTpQZG.exe
  2⤵
  PID:4992
- C:\Windows\System\hXfoFDZ.exe
  C:\Windows\System\hXfoFDZ.exe
  2⤵
  PID:5032
- C:\Windows\System\OVMfidg.exe
  C:\Windows\System\OVMfidg.exe
  2⤵
  PID:5064
- C:\Windows\System\WMwiMLQ.exe
  C:\Windows\System\WMwiMLQ.exe
  2⤵
  PID:5104
- C:\Windows\System\LlYhCkF.exe
  C:\Windows\System\LlYhCkF.exe
  2⤵
  PID:4040
- C:\Windows\System\VHSHBdU.exe
  C:\Windows\System\VHSHBdU.exe
  2⤵
  PID:4116
- C:\Windows\System\qnWNnEZ.exe
  C:\Windows\System\qnWNnEZ.exe
  2⤵
  PID:4188
- C:\Windows\System\hdWqvIE.exe
  C:\Windows\System\hdWqvIE.exe
  2⤵
  PID:4228
- C:\Windows\System\PfpDllB.exe
  C:\Windows\System\PfpDllB.exe
  2⤵
  PID:4248
- C:\Windows\System\gGKSeYw.exe
  C:\Windows\System\gGKSeYw.exe
  2⤵
  PID:4440
- C:\Windows\System\WSwetvy.exe
  C:\Windows\System\WSwetvy.exe
  2⤵
  PID:4520
- C:\Windows\System\YdWArOZ.exe
  C:\Windows\System\YdWArOZ.exe
  2⤵
  PID:4488
- C:\Windows\System\yTzOPbu.exe
  C:\Windows\System\yTzOPbu.exe
  2⤵
  PID:4568
- C:\Windows\System\lSySNKu.exe
  C:\Windows\System\lSySNKu.exe
  2⤵
  PID:4572
- C:\Windows\System\FqQkqNQ.exe
  C:\Windows\System\FqQkqNQ.exe
  2⤵
  PID:4292
- C:\Windows\System\aAdSYkv.exe
  C:\Windows\System\aAdSYkv.exe
  2⤵
  PID:4668
- C:\Windows\System\pdUzztV.exe
  C:\Windows\System\pdUzztV.exe
  2⤵
  PID:4708
- C:\Windows\System\YeJwQAt.exe
  C:\Windows\System\YeJwQAt.exe
  2⤵
  PID:4812
- C:\Windows\System\NkxtHjT.exe
  C:\Windows\System\NkxtHjT.exe
  2⤵
  PID:4908
- C:\Windows\System\UXueIGt.exe
  C:\Windows\System\UXueIGt.exe
  2⤵
  PID:4892
- C:\Windows\System\ggTsLVI.exe
  C:\Windows\System\ggTsLVI.exe
  2⤵
  PID:4996
- C:\Windows\System\qllbHcO.exe
  C:\Windows\System\qllbHcO.exe
  2⤵
  PID:5048
- C:\Windows\System\byQNjkT.exe
  C:\Windows\System\byQNjkT.exe
  2⤵
  PID:3236
- C:\Windows\System\mQXhcxH.exe
  C:\Windows\System\mQXhcxH.exe
  2⤵
  PID:4184
- C:\Windows\System\CckMfcP.exe
  C:\Windows\System\CckMfcP.exe
  2⤵
  PID:4284
- C:\Windows\System\hjrzZKI.exe
  C:\Windows\System\hjrzZKI.exe
  2⤵
  PID:4400
- C:\Windows\System\xHtykuy.exe
  C:\Windows\System\xHtykuy.exe
  2⤵
  PID:4564
- C:\Windows\System\hxLXbVD.exe
  C:\Windows\System\hxLXbVD.exe
  2⤵
  PID:4468
- C:\Windows\System\vCgjbAI.exe
  C:\Windows\System\vCgjbAI.exe
  2⤵
  PID:4632
- C:\Windows\System\ixwfPvJ.exe
  C:\Windows\System\ixwfPvJ.exe
  2⤵
  PID:4768
- C:\Windows\System\BVoDEgu.exe
  C:\Windows\System\BVoDEgu.exe
  2⤵
  PID:4792
- C:\Windows\System\UMhCcYk.exe
  C:\Windows\System\UMhCcYk.exe
  2⤵
  PID:4860
- C:\Windows\System\rFHknXm.exe
  C:\Windows\System\rFHknXm.exe
  2⤵
  PID:4972
- C:\Windows\System\kKCBimO.exe
  C:\Windows\System\kKCBimO.exe
  2⤵
  PID:1112
- C:\Windows\System\avUtZtb.exe
  C:\Windows\System\avUtZtb.exe
  2⤵
  PID:5092
- C:\Windows\System\FRqPdwA.exe
  C:\Windows\System\FRqPdwA.exe
  2⤵
  PID:4484
- C:\Windows\System\dvtghqZ.exe
  C:\Windows\System\dvtghqZ.exe
  2⤵
  PID:4324
- C:\Windows\System\RXilNIW.exe
  C:\Windows\System\RXilNIW.exe
  2⤵
  PID:4524
- C:\Windows\System\WARZdPo.exe
  C:\Windows\System\WARZdPo.exe
  2⤵
  PID:4912
- C:\Windows\System\IFlQUQw.exe
  C:\Windows\System\IFlQUQw.exe
  2⤵
  PID:4852
- C:\Windows\System\epRhZKP.exe
  C:\Windows\System\epRhZKP.exe
  2⤵
  PID:4828
- C:\Windows\System\bsXqtHb.exe
  C:\Windows\System\bsXqtHb.exe
  2⤵
  PID:5028
- C:\Windows\System\fxHOPKr.exe
  C:\Windows\System\fxHOPKr.exe
  2⤵
  PID:900
- C:\Windows\System\aeJCZxh.exe
  C:\Windows\System\aeJCZxh.exe
  2⤵
  PID:4100
- C:\Windows\System\NSglKAX.exe
  C:\Windows\System\NSglKAX.exe
  2⤵
  PID:4372
- C:\Windows\System\tuDYCBP.exe
  C:\Windows\System\tuDYCBP.exe
  2⤵
  PID:4752
- C:\Windows\System\MBqkAaH.exe
  C:\Windows\System\MBqkAaH.exe
  2⤵
  PID:4928
- C:\Windows\System\tARPgpG.exe
  C:\Windows\System\tARPgpG.exe
  2⤵
  PID:944
- C:\Windows\System\TdXkHsA.exe
  C:\Windows\System\TdXkHsA.exe
  2⤵
  PID:4348
- C:\Windows\System\OBedWnT.exe
  C:\Windows\System\OBedWnT.exe
  2⤵
  PID:4684
- C:\Windows\System\yzlIasO.exe
  C:\Windows\System\yzlIasO.exe
  2⤵
  PID:5012
- C:\Windows\System\EkqWJRc.exe
  C:\Windows\System\EkqWJRc.exe
  2⤵
  PID:4916
- C:\Windows\System\BYZtnmy.exe
  C:\Windows\System\BYZtnmy.exe
  2⤵
  PID:5124
- C:\Windows\System\YVDzvDa.exe
  C:\Windows\System\YVDzvDa.exe
  2⤵
  PID:5144
- C:\Windows\System\wLCWFjg.exe
  C:\Windows\System\wLCWFjg.exe
  2⤵
  PID:5160
- C:\Windows\System\dCIRzcJ.exe
  C:\Windows\System\dCIRzcJ.exe
  2⤵
  PID:5184
- C:\Windows\System\eTdcSPX.exe
  C:\Windows\System\eTdcSPX.exe
  2⤵
  PID:5216
- C:\Windows\System\dFbEveP.exe
  C:\Windows\System\dFbEveP.exe
  2⤵
  PID:5232
- C:\Windows\System\kttpuWJ.exe
  C:\Windows\System\kttpuWJ.exe
  2⤵
  PID:5252
- C:\Windows\System\jqWzmBG.exe
  C:\Windows\System\jqWzmBG.exe
  2⤵
  PID:5272
- C:\Windows\System\yxhyUYU.exe
  C:\Windows\System\yxhyUYU.exe
  2⤵
  PID:5288
- C:\Windows\System\cikANVk.exe
  C:\Windows\System\cikANVk.exe
  2⤵
  PID:5308
- C:\Windows\System\xNcJpnQ.exe
  C:\Windows\System\xNcJpnQ.exe
  2⤵
  PID:5336
- C:\Windows\System\PPXHJvQ.exe
  C:\Windows\System\PPXHJvQ.exe
  2⤵
  PID:5360
- C:\Windows\System\hqhJodB.exe
  C:\Windows\System\hqhJodB.exe
  2⤵
  PID:5376
- C:\Windows\System\KpVWpbn.exe
  C:\Windows\System\KpVWpbn.exe
  2⤵
  PID:5400
- C:\Windows\System\ppDDuLd.exe
  C:\Windows\System\ppDDuLd.exe
  2⤵
  PID:5416
- C:\Windows\System\RFahNYn.exe
  C:\Windows\System\RFahNYn.exe
  2⤵
  PID:5436
- C:\Windows\System\OVKksba.exe
  C:\Windows\System\OVKksba.exe
  2⤵
  PID:5460
- C:\Windows\System\xLvjqgh.exe
  C:\Windows\System\xLvjqgh.exe
  2⤵
  PID:5476
- C:\Windows\System\oXcXpOa.exe
  C:\Windows\System\oXcXpOa.exe
  2⤵
  PID:5496
- C:\Windows\System\ZUeUzxH.exe
  C:\Windows\System\ZUeUzxH.exe
  2⤵
  PID:5516
- C:\Windows\System\gFxhnMe.exe
  C:\Windows\System\gFxhnMe.exe
  2⤵
  PID:5540
- C:\Windows\System\QOMzsKb.exe
  C:\Windows\System\QOMzsKb.exe
  2⤵
  PID:5556
- C:\Windows\System\QGLAiGS.exe
  C:\Windows\System\QGLAiGS.exe
  2⤵
  PID:5576
- C:\Windows\System\hzykABC.exe
  C:\Windows\System\hzykABC.exe
  2⤵
  PID:5592
- C:\Windows\System\USkmmau.exe
  C:\Windows\System\USkmmau.exe
  2⤵
  PID:5608
- C:\Windows\System\iqraybD.exe
  C:\Windows\System\iqraybD.exe
  2⤵
  PID:5640
- C:\Windows\System\hErccfa.exe
  C:\Windows\System\hErccfa.exe
  2⤵
  PID:5660
- C:\Windows\System\udgLFXX.exe
  C:\Windows\System\udgLFXX.exe
  2⤵
  PID:5676
- C:\Windows\System\FkyxvlV.exe
  C:\Windows\System\FkyxvlV.exe
  2⤵
  PID:5696
- C:\Windows\System\IqwbIXs.exe
  C:\Windows\System\IqwbIXs.exe
  2⤵
  PID:5712
- C:\Windows\System\UqqTIRf.exe
  C:\Windows\System\UqqTIRf.exe
  2⤵
  PID:5744
- C:\Windows\System\QnCdxpD.exe
  C:\Windows\System\QnCdxpD.exe
  2⤵
  PID:5760
- C:\Windows\System\vLixGRH.exe
  C:\Windows\System\vLixGRH.exe
  2⤵
  PID:5780
- C:\Windows\System\LeNQWyd.exe
  C:\Windows\System\LeNQWyd.exe
  2⤵
  PID:5800
- C:\Windows\System\mntnjgr.exe
  C:\Windows\System\mntnjgr.exe
  2⤵
  PID:5820
- C:\Windows\System\HelyBSs.exe
  C:\Windows\System\HelyBSs.exe
  2⤵
  PID:5840
- C:\Windows\System\XCplaVi.exe
  C:\Windows\System\XCplaVi.exe
  2⤵
  PID:5864
- C:\Windows\System\GZDHMAJ.exe
  C:\Windows\System\GZDHMAJ.exe
  2⤵
  PID:5880
- C:\Windows\System\WEcRUlk.exe
  C:\Windows\System\WEcRUlk.exe
  2⤵
  PID:5896
- C:\Windows\System\GBIKUNJ.exe
  C:\Windows\System\GBIKUNJ.exe
  2⤵
  PID:5916
- C:\Windows\System\bANqsBI.exe
  C:\Windows\System\bANqsBI.exe
  2⤵
  PID:5936
- C:\Windows\System\xylpPzt.exe
  C:\Windows\System\xylpPzt.exe
  2⤵
  PID:5952
- C:\Windows\System\cHwLLwS.exe
  C:\Windows\System\cHwLLwS.exe
  2⤵
  PID:5976
- C:\Windows\System\gidJdvs.exe
  C:\Windows\System\gidJdvs.exe
  2⤵
  PID:5996
- C:\Windows\System\JZDTZjh.exe
  C:\Windows\System\JZDTZjh.exe
  2⤵
  PID:6016
- C:\Windows\System\SJQvQnV.exe
  C:\Windows\System\SJQvQnV.exe
  2⤵
  PID:6040
- C:\Windows\System\MVtzZOT.exe
  C:\Windows\System\MVtzZOT.exe
  2⤵
  PID:6060
- C:\Windows\System\DTRPema.exe
  C:\Windows\System\DTRPema.exe
  2⤵
  PID:6080
- C:\Windows\System\LNEdzoY.exe
  C:\Windows\System\LNEdzoY.exe
  2⤵
  PID:6096
- C:\Windows\System\ZyKlsLG.exe
  C:\Windows\System\ZyKlsLG.exe
  2⤵
  PID:6116
- C:\Windows\System\ojuWoRh.exe
  C:\Windows\System\ojuWoRh.exe
  2⤵
  PID:2812
- C:\Windows\System\Leeggfi.exe
  C:\Windows\System\Leeggfi.exe
  2⤵
  PID:5140
- C:\Windows\System\lUNsefP.exe
  C:\Windows\System\lUNsefP.exe
  2⤵
  PID:5080
- C:\Windows\System\GVHCfMw.exe
  C:\Windows\System\GVHCfMw.exe
  2⤵
  PID:5180
- C:\Windows\System\epJping.exe
  C:\Windows\System\epJping.exe
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4352
- C:\Windows\System\JvAigkN.exe
  C:\Windows\System\JvAigkN.exe
  2⤵
  PID:5224
- C:\Windows\System\wlGJnxg.exe
  C:\Windows\System\wlGJnxg.exe
  2⤵
  PID:5296
- C:\Windows\System\IfhJXjC.exe
  C:\Windows\System\IfhJXjC.exe
  2⤵
  PID:5300
- C:\Windows\System\uEqROib.exe
  C:\Windows\System\uEqROib.exe
  2⤵
  PID:5352
- C:\Windows\System\mMNxDGO.exe
  C:\Windows\System\mMNxDGO.exe
  2⤵
  PID:5368
- C:\Windows\System\EHMqwNQ.exe
  C:\Windows\System\EHMqwNQ.exe
  2⤵
  PID:5388
- C:\Windows\System\bhYMUoM.exe
  C:\Windows\System\bhYMUoM.exe
  2⤵
  PID:5412
- C:\Windows\System\NrAMTWo.exe
  C:\Windows\System\NrAMTWo.exe
  2⤵
  PID:5492
- C:\Windows\System\iJrqlSb.exe
  C:\Windows\System\iJrqlSb.exe
  2⤵
  PID:5504
- C:\Windows\System\ncjdCFr.exe
  C:\Windows\System\ncjdCFr.exe
  2⤵
  PID:5356
- C:\Windows\System\NUyDTRx.exe
  C:\Windows\System\NUyDTRx.exe
  2⤵
  PID:5552
- C:\Windows\System\XaagCgk.exe
  C:\Windows\System\XaagCgk.exe
  2⤵
  PID:5584
- C:\Windows\System\FSuUQAB.exe
  C:\Windows\System\FSuUQAB.exe
  2⤵
  PID:5632
- C:\Windows\System\dezLwbc.exe
  C:\Windows\System\dezLwbc.exe
  2⤵
  PID:5656
- C:\Windows\System\VBBGDwn.exe
  C:\Windows\System\VBBGDwn.exe
  2⤵
  PID:5688
- C:\Windows\System\SmwFRyo.exe
  C:\Windows\System\SmwFRyo.exe
  2⤵
  PID:5736
- C:\Windows\System\oWxWQNP.exe
  C:\Windows\System\oWxWQNP.exe
  2⤵
  PID:5772
- C:\Windows\System\zbFGgpR.exe
  C:\Windows\System\zbFGgpR.exe
  2⤵
  PID:5788
- C:\Windows\System\dJyIEnz.exe
  C:\Windows\System\dJyIEnz.exe
  2⤵
  PID:5812
- C:\Windows\System\jkdLwRa.exe
  C:\Windows\System\jkdLwRa.exe
  2⤵
  PID:5888
- C:\Windows\System\rkvHlrV.exe
  C:\Windows\System\rkvHlrV.exe
  2⤵
  PID:5876
- C:\Windows\System\TFcfvBk.exe
  C:\Windows\System\TFcfvBk.exe
  2⤵
  PID:5932
- C:\Windows\System\wIipGtn.exe
  C:\Windows\System\wIipGtn.exe
  2⤵
  PID:5972
- C:\Windows\System\eMCPunI.exe
  C:\Windows\System\eMCPunI.exe
  2⤵
  PID:6012
- C:\Windows\System\aQfvoAX.exe
  C:\Windows\System\aQfvoAX.exe
  2⤵
  PID:6036
- C:\Windows\System\biwEStM.exe
  C:\Windows\System\biwEStM.exe
  2⤵
  PID:6068
- C:\Windows\System\xpOGWHV.exe
  C:\Windows\System\xpOGWHV.exe
  2⤵
  PID:6124
- C:\Windows\System\yZUvywb.exe
  C:\Windows\System\yZUvywb.exe
  2⤵
  PID:4788
- C:\Windows\System\okIbrQM.exe
  C:\Windows\System\okIbrQM.exe
  2⤵
  PID:4148
- C:\Windows\System\JpmuszY.exe
  C:\Windows\System\JpmuszY.exe
  2⤵
  PID:5192
- C:\Windows\System\jWCOuib.exe
  C:\Windows\System\jWCOuib.exe
  2⤵
  PID:5200
- C:\Windows\System\MqoffgQ.exe
  C:\Windows\System\MqoffgQ.exe
  2⤵
  PID:5316
- C:\Windows\System\ELzHlkq.exe
  C:\Windows\System\ELzHlkq.exe
  2⤵
  PID:5320
- C:\Windows\System\FlhrVgV.exe
  C:\Windows\System\FlhrVgV.exe
  2⤵
  PID:5208
- C:\Windows\System\rFOVxPv.exe
  C:\Windows\System\rFOVxPv.exe
  2⤵
  PID:5428
- C:\Windows\System\NtHThwE.exe
  C:\Windows\System\NtHThwE.exe
  2⤵
  PID:5512
- C:\Windows\System\oCDdnxc.exe
  C:\Windows\System\oCDdnxc.exe
  2⤵
  PID:5564
- C:\Windows\System\HxeqiKx.exe
  C:\Windows\System\HxeqiKx.exe
  2⤵
  PID:5600
- C:\Windows\System\PumcVlC.exe
  C:\Windows\System\PumcVlC.exe
  2⤵
  PID:5648
- C:\Windows\System\CQTqpag.exe
  C:\Windows\System\CQTqpag.exe
  2⤵
  PID:5708
- C:\Windows\System\MacTVoA.exe
  C:\Windows\System\MacTVoA.exe
  2⤵
  PID:5768
- C:\Windows\System\ZZCcZzg.exe
  C:\Windows\System\ZZCcZzg.exe
  2⤵
  PID:5808
- C:\Windows\System\tsmUMgR.exe
  C:\Windows\System\tsmUMgR.exe
  2⤵
  PID:5856
- C:\Windows\System\FCIYaNL.exe
  C:\Windows\System\FCIYaNL.exe
  2⤵
  PID:5948
- C:\Windows\System\aHtDCGD.exe
  C:\Windows\System\aHtDCGD.exe
  2⤵
  PID:5984
- C:\Windows\System\cefmrfZ.exe
  C:\Windows\System\cefmrfZ.exe
  2⤵
  PID:6112
- C:\Windows\System\JjuInpk.exe
  C:\Windows\System\JjuInpk.exe
  2⤵
  PID:6076
- C:\Windows\System\iJTNVCU.exe
  C:\Windows\System\iJTNVCU.exe
  2⤵
  PID:5136
- C:\Windows\System\wIaccJi.exe
  C:\Windows\System\wIaccJi.exe
  2⤵
  PID:5156
- C:\Windows\System\tadqqMG.exe
  C:\Windows\System\tadqqMG.exe
  2⤵
  PID:5384
- C:\Windows\System\FaTGxIC.exe
  C:\Windows\System\FaTGxIC.exe
  2⤵
  PID:5332
- C:\Windows\System\NXKyEbe.exe
  C:\Windows\System\NXKyEbe.exe
  2⤵
  PID:5348
- C:\Windows\System\xXRRXMv.exe
  C:\Windows\System\xXRRXMv.exe
  2⤵
  PID:5568
- C:\Windows\System\LCFVJXU.exe
  C:\Windows\System\LCFVJXU.exe
  2⤵
  PID:5636
- C:\Windows\System\iTtLnWZ.exe
  C:\Windows\System\iTtLnWZ.exe
  2⤵
  PID:5704
- C:\Windows\System\dfCnxtQ.exe
  C:\Windows\System\dfCnxtQ.exe
  2⤵
  PID:5832
- C:\Windows\System\FXLPNpO.exe
  C:\Windows\System\FXLPNpO.exe
  2⤵
  PID:5912
- C:\Windows\System\UPwkWBl.exe
  C:\Windows\System\UPwkWBl.exe
  2⤵
  PID:6056
- C:\Windows\System\STIcdaO.exe
  C:\Windows\System\STIcdaO.exe
  2⤵
  PID:5872
- C:\Windows\System\qMlOrju.exe
  C:\Windows\System\qMlOrju.exe
  2⤵
  PID:6140
- C:\Windows\System\VEuSomJ.exe
  C:\Windows\System\VEuSomJ.exe
  2⤵
  PID:5396
- C:\Windows\System\AZbiOEW.exe
  C:\Windows\System\AZbiOEW.exe
  2⤵
  PID:5424
- C:\Windows\System\UjWXesH.exe
  C:\Windows\System\UjWXesH.exe
  2⤵
  PID:5616
- C:\Windows\System\LpmIlpr.exe
  C:\Windows\System\LpmIlpr.exe
  2⤵
  PID:5692
- C:\Windows\System\TyoQeTl.exe
  C:\Windows\System\TyoQeTl.exe
  2⤵
  PID:5904
- C:\Windows\System\eIDfFjP.exe
  C:\Windows\System\eIDfFjP.exe
  2⤵
  PID:6104
- C:\Windows\System\YWhCGOs.exe
  C:\Windows\System\YWhCGOs.exe
  2⤵
  PID:5280
- C:\Windows\System\cCjmiFX.exe
  C:\Windows\System\cCjmiFX.exe
  2⤵
  PID:5536
- C:\Windows\System\CxLgcwQ.exe
  C:\Windows\System\CxLgcwQ.exe
  2⤵
  PID:5924
- C:\Windows\System\dLuHUCY.exe
  C:\Windows\System\dLuHUCY.exe
  2⤵
  PID:5928
- C:\Windows\System\PwSJPqa.exe
  C:\Windows\System\PwSJPqa.exe
  2⤵
  PID:6176
- C:\Windows\System\rjuywpc.exe
  C:\Windows\System\rjuywpc.exe
  2⤵
  PID:6196
- C:\Windows\System\ZdySprG.exe
  C:\Windows\System\ZdySprG.exe
  2⤵
  PID:6228
- C:\Windows\System\xNkymCH.exe
  C:\Windows\System\xNkymCH.exe
  2⤵
  PID:6252
- C:\Windows\System\vCaKqjw.exe
  C:\Windows\System\vCaKqjw.exe
  2⤵
  PID:6272
- C:\Windows\System\HcXZihE.exe
  C:\Windows\System\HcXZihE.exe
  2⤵
  PID:6300
- C:\Windows\System\HWlYdfj.exe
  C:\Windows\System\HWlYdfj.exe
  2⤵
  PID:6316
- C:\Windows\System\lTKdImd.exe
  C:\Windows\System\lTKdImd.exe
  2⤵
  PID:6336
- C:\Windows\System\PJrxqQU.exe
  C:\Windows\System\PJrxqQU.exe
  2⤵
  PID:6356
- C:\Windows\System\jMGOVcQ.exe
  C:\Windows\System\jMGOVcQ.exe
  2⤵
  PID:6380
- C:\Windows\System\SPWfuZc.exe
  C:\Windows\System\SPWfuZc.exe
  2⤵
  PID:6400
- C:\Windows\System\qlxmUBn.exe
  C:\Windows\System\qlxmUBn.exe
  2⤵
  PID:6416
- C:\Windows\System\EWRLKWN.exe
  C:\Windows\System\EWRLKWN.exe
  2⤵
  PID:6444
- C:\Windows\System\BFTvdin.exe
  C:\Windows\System\BFTvdin.exe
  2⤵
  PID:6460
- C:\Windows\System\eSLfFBl.exe
  C:\Windows\System\eSLfFBl.exe
  2⤵
  PID:6480
- C:\Windows\System\ehBVNVH.exe
  C:\Windows\System\ehBVNVH.exe
  2⤵
  PID:6496
- C:\Windows\System\azrRHBE.exe
  C:\Windows\System\azrRHBE.exe
  2⤵
  PID:6512
- C:\Windows\System\eVAhDJI.exe
  C:\Windows\System\eVAhDJI.exe
  2⤵
  PID:6536
- C:\Windows\System\WtRsaVx.exe
  C:\Windows\System\WtRsaVx.exe
  2⤵
  PID:6560
- C:\Windows\System\jidFFUs.exe
  C:\Windows\System\jidFFUs.exe
  2⤵
  PID:6584
- C:\Windows\System\GRupFXR.exe
  C:\Windows\System\GRupFXR.exe
  2⤵
  PID:6600
- C:\Windows\System\ptKrSmY.exe
  C:\Windows\System\ptKrSmY.exe
  2⤵
  PID:6624
- C:\Windows\System\JbrsANm.exe
  C:\Windows\System\JbrsANm.exe
  2⤵
  PID:6640
- C:\Windows\System\XslJjeM.exe
  C:\Windows\System\XslJjeM.exe
  2⤵
  PID:6656
- C:\Windows\System\EKjxBRp.exe
  C:\Windows\System\EKjxBRp.exe
  2⤵
  PID:6680
- C:\Windows\System\nGyEQfE.exe
  C:\Windows\System\nGyEQfE.exe
  2⤵
  PID:6700
- C:\Windows\System\TtuVLDi.exe
  C:\Windows\System\TtuVLDi.exe
  2⤵
  PID:6720
- C:\Windows\System\EJqBunA.exe
  C:\Windows\System\EJqBunA.exe
  2⤵
  PID:6736
- C:\Windows\System\yxyMwsf.exe
  C:\Windows\System\yxyMwsf.exe
  2⤵
  PID:6752
- C:\Windows\System\xMpZJmV.exe
  C:\Windows\System\xMpZJmV.exe
  2⤵
  PID:6776
- C:\Windows\System\pzqpWle.exe
  C:\Windows\System\pzqpWle.exe
  2⤵
  PID:6792
- C:\Windows\System\QsTzLXp.exe
  C:\Windows\System\QsTzLXp.exe
  2⤵
  PID:6812
- C:\Windows\System\IlghSIM.exe
  C:\Windows\System\IlghSIM.exe
  2⤵
  PID:6836
- C:\Windows\System\fSPjPMW.exe
  C:\Windows\System\fSPjPMW.exe
  2⤵
  PID:6864
- C:\Windows\System\lOgHEXw.exe
  C:\Windows\System\lOgHEXw.exe
  2⤵
  PID:6880
- C:\Windows\System\arhvtfW.exe
  C:\Windows\System\arhvtfW.exe
  2⤵
  PID:6896
- C:\Windows\System\XRJrAib.exe
  C:\Windows\System\XRJrAib.exe
  2⤵
  PID:6912
- C:\Windows\System\lGwZvyL.exe
  C:\Windows\System\lGwZvyL.exe
  2⤵
  PID:6932
- C:\Windows\System\IViusvo.exe
  C:\Windows\System\IViusvo.exe
  2⤵
  PID:6948
- C:\Windows\System\PsodPIs.exe
  C:\Windows\System\PsodPIs.exe
  2⤵
  PID:6980
- C:\Windows\System\TpmhMEM.exe
  C:\Windows\System\TpmhMEM.exe
  2⤵
  PID:7000
- C:\Windows\System\kitXHxR.exe
  C:\Windows\System\kitXHxR.exe
  2⤵
  PID:7020
- C:\Windows\System\WYJxmmX.exe
  C:\Windows\System\WYJxmmX.exe
  2⤵
  PID:7040
- C:\Windows\System\yExjhpx.exe
  C:\Windows\System\yExjhpx.exe
  2⤵
  PID:7060
- C:\Windows\System\NEHqGYa.exe
  C:\Windows\System\NEHqGYa.exe
  2⤵
  PID:7080
- C:\Windows\System\pitglrB.exe
  C:\Windows\System\pitglrB.exe
  2⤵
  PID:7108
- C:\Windows\System\GVVKOAX.exe
  C:\Windows\System\GVVKOAX.exe
  2⤵
  PID:7124
- C:\Windows\System\matbMDK.exe
  C:\Windows\System\matbMDK.exe
  2⤵
  PID:7144
- C:\Windows\System\teCceLv.exe
  C:\Windows\System\teCceLv.exe
  2⤵
  PID:7160
- C:\Windows\System\hpybeyj.exe
  C:\Windows\System\hpybeyj.exe
  2⤵
  PID:5484
- C:\Windows\System\RhqGusX.exe
  C:\Windows\System\RhqGusX.exe
  2⤵
  PID:5796
- C:\Windows\System\nybMdbU.exe
  C:\Windows\System\nybMdbU.exe
  2⤵
  PID:5828
- C:\Windows\System\bTfFSZC.exe
  C:\Windows\System\bTfFSZC.exe
  2⤵
  PID:6148
- C:\Windows\System\tUShwRy.exe
  C:\Windows\System\tUShwRy.exe
  2⤵
  PID:6236
- C:\Windows\System\mSaBBeK.exe
  C:\Windows\System\mSaBBeK.exe
  2⤵
  PID:6208
- C:\Windows\System\hRLDQFI.exe
  C:\Windows\System\hRLDQFI.exe
  2⤵
  PID:6308
- C:\Windows\System\gpSdthQ.exe
  C:\Windows\System\gpSdthQ.exe
  2⤵
  PID:6328
- C:\Windows\System\LmrdRqn.exe
  C:\Windows\System\LmrdRqn.exe
  2⤵
  PID:6352
- C:\Windows\System\nbuiSiN.exe
  C:\Windows\System\nbuiSiN.exe
  2⤵
  PID:6212
- C:\Windows\System\OzreMkg.exe
  C:\Windows\System\OzreMkg.exe
  2⤵
  PID:6412
- C:\Windows\System\hQyKrQS.exe
  C:\Windows\System\hQyKrQS.exe
  2⤵
  PID:6432
- C:\Windows\System\rOmmZVe.exe
  C:\Windows\System\rOmmZVe.exe
  2⤵
  PID:6428
- C:\Windows\System\oeysRRX.exe
  C:\Windows\System\oeysRRX.exe
  2⤵
  PID:6468
- C:\Windows\System\ctWXbXP.exe
  C:\Windows\System\ctWXbXP.exe
  2⤵
  PID:6528
- C:\Windows\System\JoUbbHp.exe
  C:\Windows\System\JoUbbHp.exe
  2⤵
  PID:6552
- C:\Windows\System\nTgVfbe.exe
  C:\Windows\System\nTgVfbe.exe
  2⤵
  PID:6592
- C:\Windows\System\EyagLIs.exe
  C:\Windows\System\EyagLIs.exe
  2⤵
  PID:6620
- C:\Windows\System\tJxYfdI.exe
  C:\Windows\System\tJxYfdI.exe
  2⤵
  PID:6652
- C:\Windows\System\RunNUdr.exe
  C:\Windows\System\RunNUdr.exe
  2⤵
  PID:6672
- C:\Windows\System\rAWltqI.exe
  C:\Windows\System\rAWltqI.exe
  2⤵
  PID:6728
- C:\Windows\System\AtjNMfK.exe
  C:\Windows\System\AtjNMfK.exe
  2⤵
  PID:6788
- C:\Windows\System\puvublm.exe
  C:\Windows\System\puvublm.exe
  2⤵
  PID:6808
- C:\Windows\System\shodzuE.exe
  C:\Windows\System\shodzuE.exe
  2⤵
  PID:6820
- C:\Windows\System\DBQAJMu.exe
  C:\Windows\System\DBQAJMu.exe
  2⤵
  PID:6832
- C:\Windows\System\FXEsJaB.exe
  C:\Windows\System\FXEsJaB.exe
  2⤵
  PID:6892
- C:\Windows\System\AjksVAf.exe
  C:\Windows\System\AjksVAf.exe
  2⤵
  PID:6908
- C:\Windows\System\KxBESMH.exe
  C:\Windows\System\KxBESMH.exe
  2⤵
  PID:6968
- C:\Windows\System\kdsnEMM.exe
  C:\Windows\System\kdsnEMM.exe
  2⤵
  PID:6996
- C:\Windows\System\YAuFOlp.exe
  C:\Windows\System\YAuFOlp.exe
  2⤵
  PID:7016
- C:\Windows\System\hkAitxZ.exe
  C:\Windows\System\hkAitxZ.exe
  2⤵
  PID:7048
- C:\Windows\System\GGUqlnT.exe
  C:\Windows\System\GGUqlnT.exe
  2⤵
  PID:7068
- C:\Windows\System\xlyccVm.exe
  C:\Windows\System\xlyccVm.exe
  2⤵
  PID:7120
- C:\Windows\System\ohZwLGU.exe
  C:\Windows\System\ohZwLGU.exe
  2⤵
  PID:5684
- C:\Windows\System\mXxgxOZ.exe
  C:\Windows\System\mXxgxOZ.exe
  2⤵
  PID:6152
- C:\Windows\System\QYRSDew.exe
  C:\Windows\System\QYRSDew.exe
  2⤵
  PID:6160
- C:\Windows\System\QcNCgsk.exe
  C:\Windows\System\QcNCgsk.exe
  2⤵
  PID:6204
- C:\Windows\System\dvFVtAV.exe
  C:\Windows\System\dvFVtAV.exe
  2⤵
  PID:6280
- C:\Windows\System\mNdkhKd.exe
  C:\Windows\System\mNdkhKd.exe
  2⤵
  PID:6168
- C:\Windows\System\cqEahCY.exe
  C:\Windows\System\cqEahCY.exe
  2⤵
  PID:6220
- C:\Windows\System\snflDxB.exe
  C:\Windows\System\snflDxB.exe
  2⤵
  PID:6452
- C:\Windows\System\vBzjVXu.exe
  C:\Windows\System\vBzjVXu.exe
  2⤵
  PID:6372
- C:\Windows\System\pYLEzNm.exe
  C:\Windows\System\pYLEzNm.exe
  2⤵
  PID:6492
- C:\Windows\System\lfgJdUD.exe
  C:\Windows\System\lfgJdUD.exe
  2⤵
  PID:6616
- C:\Windows\System\SNhfTIy.exe
  C:\Windows\System\SNhfTIy.exe
  2⤵
  PID:6708
- C:\Windows\System\IIAyluj.exe
  C:\Windows\System\IIAyluj.exe
  2⤵
  PID:6612
- C:\Windows\System\PRGmrgg.exe
  C:\Windows\System\PRGmrgg.exe
  2⤵
  PID:6768
- C:\Windows\System\sFWYMeB.exe
  C:\Windows\System\sFWYMeB.exe
  2⤵
  PID:6784
- C:\Windows\System\KRecaNu.exe
  C:\Windows\System\KRecaNu.exe
  2⤵
  PID:6888
- C:\Windows\System\jRhjuKd.exe
  C:\Windows\System\jRhjuKd.exe
  2⤵
  PID:6876
- C:\Windows\System\lmjEWZG.exe
  C:\Windows\System\lmjEWZG.exe
  2⤵
  PID:7008
- C:\Windows\System\qwpFbMy.exe
  C:\Windows\System\qwpFbMy.exe
  2⤵
  PID:7076
- C:\Windows\System\qhRUrfe.exe
  C:\Windows\System\qhRUrfe.exe
  2⤵
  PID:6032
- C:\Windows\System\VzVBPji.exe
  C:\Windows\System\VzVBPji.exe
  2⤵
  PID:6192
- C:\Windows\System\xQSIxBG.exe
  C:\Windows\System\xQSIxBG.exe
  2⤵
  PID:6436
- C:\Windows\System\jgZckia.exe
  C:\Windows\System\jgZckia.exe
  2⤵
  PID:5728
- C:\Windows\System\VkPWCKb.exe
  C:\Windows\System\VkPWCKb.exe
  2⤵
  PID:6344
- C:\Windows\System\FXCprWv.exe
  C:\Windows\System\FXCprWv.exe
  2⤵
  PID:6664
- C:\Windows\System\VSsuswW.exe
  C:\Windows\System\VSsuswW.exe
  2⤵
  PID:6548
- C:\Windows\System\XUoxKll.exe
  C:\Windows\System\XUoxKll.exe
  2⤵
  PID:6688
- C:\Windows\System\LiSJTbQ.exe
  C:\Windows\System\LiSJTbQ.exe
  2⤵
  PID:6596
- C:\Windows\System\VYEYyxw.exe
  C:\Windows\System\VYEYyxw.exe
  2⤵
  PID:1312
- C:\Windows\System\mTuzxbQ.exe
  C:\Windows\System\mTuzxbQ.exe
  2⤵
  PID:1248
- C:\Windows\System\idOZuWb.exe
  C:\Windows\System\idOZuWb.exe
  2⤵
  PID:6556
- C:\Windows\System\PjdJAlo.exe
  C:\Windows\System\PjdJAlo.exe
  2⤵
  PID:6828
- C:\Windows\System\AdqbCrT.exe
  C:\Windows\System\AdqbCrT.exe
  2⤵
  PID:6976
- C:\Windows\System\hYdFhMc.exe
  C:\Windows\System\hYdFhMc.exe
  2⤵
  PID:6964
- C:\Windows\System\pwMCMNR.exe
  C:\Windows\System\pwMCMNR.exe
  2⤵
  PID:7136
- C:\Windows\System\xxkAPPq.exe
  C:\Windows\System\xxkAPPq.exe
  2⤵
  PID:6188
- C:\Windows\System\JwyZPcM.exe
  C:\Windows\System\JwyZPcM.exe
  2⤵
  PID:5472
- C:\Windows\System\WjMkdrm.exe
  C:\Windows\System\WjMkdrm.exe
  2⤵
  PID:6544
- C:\Windows\System\jIAkJFG.exe
  C:\Windows\System\jIAkJFG.exe
  2⤵
  PID:6568
- C:\Windows\System\SOIPxxV.exe
  C:\Windows\System\SOIPxxV.exe
  2⤵
  PID:2948
- C:\Windows\System\DDhvYxM.exe
  C:\Windows\System\DDhvYxM.exe
  2⤵
  PID:1428
- C:\Windows\System\tXYlPbe.exe
  C:\Windows\System\tXYlPbe.exe
  2⤵
  PID:6904
- C:\Windows\System\CvJdUPD.exe
  C:\Windows\System\CvJdUPD.exe
  2⤵
  PID:7116
- C:\Windows\System\fAytfFt.exe
  C:\Windows\System\fAytfFt.exe
  2⤵
  PID:6940
- C:\Windows\System\VnMeCIQ.exe
  C:\Windows\System\VnMeCIQ.exe
  2⤵
  PID:6312
- C:\Windows\System\eRoewse.exe
  C:\Windows\System\eRoewse.exe
  2⤵
  PID:6268
- C:\Windows\System\vkOejCv.exe
  C:\Windows\System\vkOejCv.exe
  2⤵
  PID:6508
- C:\Windows\System\OHacpLd.exe
  C:\Windows\System\OHacpLd.exe
  2⤵
  PID:6804
- C:\Windows\System\wqUScBu.exe
  C:\Windows\System\wqUScBu.exe
  2⤵
  PID:7172
- C:\Windows\System\XSprAOT.exe
  C:\Windows\System\XSprAOT.exe
  2⤵
  PID:7188
- C:\Windows\System\sMOXBgp.exe
  C:\Windows\System\sMOXBgp.exe
  2⤵
  PID:7228
- C:\Windows\System\keeUOXD.exe
  C:\Windows\System\keeUOXD.exe
  2⤵
  PID:7244
- C:\Windows\System\gttfKOP.exe
  C:\Windows\System\gttfKOP.exe
  2⤵
  PID:7268
- C:\Windows\System\rzWuVMu.exe
  C:\Windows\System\rzWuVMu.exe
  2⤵
  PID:7296
- C:\Windows\System\ERszwDA.exe
  C:\Windows\System\ERszwDA.exe
  2⤵
  PID:7312
- C:\Windows\System\FnmHSLd.exe
  C:\Windows\System\FnmHSLd.exe
  2⤵
  PID:7328
- C:\Windows\System\cRwXEeR.exe
  C:\Windows\System\cRwXEeR.exe
  2⤵
  PID:7344
- C:\Windows\System\FKEvKIl.exe
  C:\Windows\System\FKEvKIl.exe
  2⤵
  PID:7368
- C:\Windows\System\iugdJbc.exe
  C:\Windows\System\iugdJbc.exe
  2⤵
  PID:7388
- C:\Windows\System\UiCOGqh.exe
  C:\Windows\System\UiCOGqh.exe
  2⤵
  PID:7408
- C:\Windows\System\BTlPgDs.exe
  C:\Windows\System\BTlPgDs.exe
  2⤵
  PID:7432
- C:\Windows\System\RxcColL.exe
  C:\Windows\System\RxcColL.exe
  2⤵
  PID:7456
- C:\Windows\System\xpgBXfU.exe
  C:\Windows\System\xpgBXfU.exe
  2⤵
  PID:7472
- C:\Windows\System\eNXEeLJ.exe
  C:\Windows\System\eNXEeLJ.exe
  2⤵
  PID:7496
- C:\Windows\System\iGiTTUO.exe
  C:\Windows\System\iGiTTUO.exe
  2⤵
  PID:7512
- C:\Windows\System\zvSntKY.exe
  C:\Windows\System\zvSntKY.exe
  2⤵
  PID:7528
- C:\Windows\System\Ckknvaj.exe
  C:\Windows\System\Ckknvaj.exe
  2⤵
  PID:7552
- C:\Windows\System\YEaQtuk.exe
  C:\Windows\System\YEaQtuk.exe
  2⤵
  PID:7580
- C:\Windows\System\bvLrfeH.exe
  C:\Windows\System\bvLrfeH.exe
  2⤵
  PID:7596
- C:\Windows\System\FzoaRNx.exe
  C:\Windows\System\FzoaRNx.exe
  2⤵
  PID:7616
- C:\Windows\System\yiZXBYN.exe
  C:\Windows\System\yiZXBYN.exe
  2⤵
  PID:7636
- C:\Windows\System\gHUIphw.exe
  C:\Windows\System\gHUIphw.exe
  2⤵
  PID:7652
- C:\Windows\System\LAVzRWN.exe
  C:\Windows\System\LAVzRWN.exe
  2⤵
  PID:7680
- C:\Windows\System\CPDhQdV.exe
  C:\Windows\System\CPDhQdV.exe
  2⤵
  PID:7700
- C:\Windows\System\YooKMJO.exe
  C:\Windows\System\YooKMJO.exe
  2⤵
  PID:7716
- C:\Windows\System\QwuXQWj.exe
  C:\Windows\System\QwuXQWj.exe
  2⤵
  PID:7732
- C:\Windows\System\OpSIdCw.exe
  C:\Windows\System\OpSIdCw.exe
  2⤵
  PID:7752
- C:\Windows\System\egfJxBr.exe
  C:\Windows\System\egfJxBr.exe
  2⤵
  PID:7776
- C:\Windows\System\SRzXnOD.exe
  C:\Windows\System\SRzXnOD.exe
  2⤵
  PID:7796
- C:\Windows\System\EziSJUc.exe
  C:\Windows\System\EziSJUc.exe
  2⤵
  PID:7812
- C:\Windows\System\tywPyVl.exe
  C:\Windows\System\tywPyVl.exe
  2⤵
  PID:7832
- C:\Windows\System\LxylHdX.exe
  C:\Windows\System\LxylHdX.exe
  2⤵
  PID:7852
- C:\Windows\System\ZunCxfI.exe
  C:\Windows\System\ZunCxfI.exe
  2⤵
  PID:7868
- C:\Windows\System\PqknlAB.exe
  C:\Windows\System\PqknlAB.exe
  2⤵
  PID:7896
- C:\Windows\System\QhRGaFS.exe
  C:\Windows\System\QhRGaFS.exe
  2⤵
  PID:7912
- C:\Windows\System\VLlSOjQ.exe
  C:\Windows\System\VLlSOjQ.exe
  2⤵
  PID:7932
- C:\Windows\System\auLMChm.exe
  C:\Windows\System\auLMChm.exe
  2⤵
  PID:7948
- C:\Windows\System\laBaZiQ.exe
  C:\Windows\System\laBaZiQ.exe
  2⤵
  PID:7976
- C:\Windows\System\FoxEjqv.exe
  C:\Windows\System\FoxEjqv.exe
  2⤵
  PID:7992
- C:\Windows\System\zVPVgqE.exe
  C:\Windows\System\zVPVgqE.exe
  2⤵
  PID:8020
- C:\Windows\System\YuLUAWk.exe
  C:\Windows\System\YuLUAWk.exe
  2⤵
  PID:8036
- C:\Windows\System\tlpJxfn.exe
  C:\Windows\System\tlpJxfn.exe
  2⤵
  PID:8052
- C:\Windows\System\XCnjKQo.exe
  C:\Windows\System\XCnjKQo.exe
  2⤵
  PID:8072
- C:\Windows\System\uLVKhHe.exe
  C:\Windows\System\uLVKhHe.exe
  2⤵
  PID:8096
- C:\Windows\System\qQvgrXl.exe
  C:\Windows\System\qQvgrXl.exe
  2⤵
  PID:8116
- C:\Windows\System\USBjCTm.exe
  C:\Windows\System\USBjCTm.exe
  2⤵
  PID:8136
- C:\Windows\System\JsUMxjX.exe
  C:\Windows\System\JsUMxjX.exe
  2⤵
  PID:8152
- C:\Windows\System\hHPDBjq.exe
  C:\Windows\System\hHPDBjq.exe
  2⤵
  PID:8168
- C:\Windows\System\oUymCII.exe
  C:\Windows\System\oUymCII.exe
  2⤵
  PID:892
- C:\Windows\System\lpzBJhG.exe
  C:\Windows\System\lpzBJhG.exe
  2⤵
  PID:6764
- C:\Windows\System\TGCOpEp.exe
  C:\Windows\System\TGCOpEp.exe
  2⤵
  PID:1512
- C:\Windows\System\XfHLNUk.exe
  C:\Windows\System\XfHLNUk.exe
  2⤵
  PID:6284
- C:\Windows\System\tSzQGTm.exe
  C:\Windows\System\tSzQGTm.exe
  2⤵
  PID:7196
- C:\Windows\System\HPdWPGF.exe
  C:\Windows\System\HPdWPGF.exe
  2⤵
  PID:7276
- C:\Windows\System\IQjrexb.exe
  C:\Windows\System\IQjrexb.exe
  2⤵
  PID:7256
- C:\Windows\System\TaMinHW.exe
  C:\Windows\System\TaMinHW.exe
  2⤵
  PID:7292
- C:\Windows\System\ExtfDiQ.exe
  C:\Windows\System\ExtfDiQ.exe
  2⤵
  PID:7340
- C:\Windows\System\HEUfHZr.exe
  C:\Windows\System\HEUfHZr.exe
  2⤵
  PID:7320
- C:\Windows\System\UhikEtn.exe
  C:\Windows\System\UhikEtn.exe
  2⤵
  PID:7364
- C:\Windows\System\abHALBx.exe
  C:\Windows\System\abHALBx.exe
  2⤵
  PID:7420
- C:\Windows\System\eQjeAby.exe
  C:\Windows\System\eQjeAby.exe
  2⤵
  PID:7452
- C:\Windows\System\HIXlpBB.exe
  C:\Windows\System\HIXlpBB.exe
  2⤵
  PID:7484
- C:\Windows\System\ZEsirKU.exe
  C:\Windows\System\ZEsirKU.exe
  2⤵
  PID:7508
- C:\Windows\System\pvNHBeH.exe
  C:\Windows\System\pvNHBeH.exe
  2⤵
  PID:7548
- C:\Windows\System\EcTMkeC.exe
  C:\Windows\System\EcTMkeC.exe
  2⤵
  PID:7572
- C:\Windows\System\emAyakt.exe
  C:\Windows\System\emAyakt.exe
  2⤵
  PID:7628
- C:\Windows\System\DlOCmvy.exe
  C:\Windows\System\DlOCmvy.exe
  2⤵
  PID:7612
- C:\Windows\System\IaLmRwu.exe
  C:\Windows\System\IaLmRwu.exe
  2⤵
  PID:7644
- C:\Windows\System\WOxhGBX.exe
  C:\Windows\System\WOxhGBX.exe
  2⤵
  PID:7744
- C:\Windows\System\msPIzPW.exe
  C:\Windows\System\msPIzPW.exe
  2⤵
  PID:7724
- C:\Windows\System\IZpWZLN.exe
  C:\Windows\System\IZpWZLN.exe
  2⤵
  PID:7768
- C:\Windows\System\UESYECw.exe
  C:\Windows\System\UESYECw.exe
  2⤵
  PID:7784
- C:\Windows\System\elrJHCp.exe
  C:\Windows\System\elrJHCp.exe
  2⤵
  PID:7864
- C:\Windows\System\gORcvoO.exe
  C:\Windows\System\gORcvoO.exe
  2⤵
  PID:7824
- C:\Windows\System\EJsXqco.exe
  C:\Windows\System\EJsXqco.exe
  2⤵
  PID:7848
- C:\Windows\System\pvqRpyN.exe
  C:\Windows\System\pvqRpyN.exe
  2⤵
  PID:7888
- C:\Windows\System\TgkoCqO.exe
  C:\Windows\System\TgkoCqO.exe
  2⤵
  PID:7908
- C:\Windows\System\uyAaJYi.exe
  C:\Windows\System\uyAaJYi.exe
  2⤵
  PID:7956
- C:\Windows\System\ZCVKphP.exe
  C:\Windows\System\ZCVKphP.exe
  2⤵
  PID:7988
- C:\Windows\System\DoaEqPB.exe
  C:\Windows\System\DoaEqPB.exe
  2⤵
  PID:8000
- C:\Windows\System\tPdWdBq.exe
  C:\Windows\System\tPdWdBq.exe
  2⤵
  PID:8012
- C:\Windows\System\RLoxsgk.exe
  C:\Windows\System\RLoxsgk.exe
  2⤵
  PID:8048
- C:\Windows\System\UTgfalW.exe
  C:\Windows\System\UTgfalW.exe
  2⤵
  PID:8080
- C:\Windows\System\ZoDvYpF.exe
  C:\Windows\System\ZoDvYpF.exe
  2⤵
  PID:8112
- C:\Windows\System\bvRaGFQ.exe
  C:\Windows\System\bvRaGFQ.exe
  2⤵
  PID:8160
- C:\Windows\System\DYAXpXA.exe
  C:\Windows\System\DYAXpXA.exe
  2⤵
  PID:8188
- C:\Windows\System\YMFvfSk.exe
  C:\Windows\System\YMFvfSk.exe
  2⤵
  PID:7184
- C:\Windows\System\BHiGaji.exe
  C:\Windows\System\BHiGaji.exe
  2⤵
  PID:7212
- C:\Windows\System\ZXxebCB.exe
  C:\Windows\System\ZXxebCB.exe
  2⤵
  PID:7224
- C:\Windows\System\zxNrnoj.exe
  C:\Windows\System\zxNrnoj.exe
  2⤵
  PID:7284
- C:\Windows\System\PSvPJAU.exe
  C:\Windows\System\PSvPJAU.exe
  2⤵
  PID:7384
- C:\Windows\System\GaRHubV.exe
  C:\Windows\System\GaRHubV.exe
  2⤵
  PID:7576
- C:\Windows\System\PiAsyof.exe
  C:\Windows\System\PiAsyof.exe
  2⤵
  PID:7480
- C:\Windows\System\FhJqRFw.exe
  C:\Windows\System\FhJqRFw.exe
  2⤵
  PID:7568
- C:\Windows\System\ApoVtQI.exe
  C:\Windows\System\ApoVtQI.exe
  2⤵
  PID:7540
- C:\Windows\System\wggAqse.exe
  C:\Windows\System\wggAqse.exe
  2⤵
  PID:7608
- C:\Windows\System\ltzvlal.exe
  C:\Windows\System\ltzvlal.exe
  2⤵
  PID:7692
- C:\Windows\System\ouBpKyA.exe
  C:\Windows\System\ouBpKyA.exe
  2⤵
  PID:7760
- C:\Windows\System\OjMoipP.exe
  C:\Windows\System\OjMoipP.exe
  2⤵
  PID:7792
- C:\Windows\System\lHevysW.exe
  C:\Windows\System\lHevysW.exe
  2⤵
  PID:7840
- C:\Windows\System\AANWAmH.exe
  C:\Windows\System\AANWAmH.exe
  2⤵
  PID:7960
- C:\Windows\System\HXOWojS.exe
  C:\Windows\System\HXOWojS.exe
  2⤵
  PID:7968
- C:\Windows\System\hXJuJHX.exe
  C:\Windows\System\hXJuJHX.exe
  2⤵
  PID:8008
- C:\Windows\System\MjqqEJR.exe
  C:\Windows\System\MjqqEJR.exe
  2⤵
  PID:8064
- C:\Windows\System\Tvwppfn.exe
  C:\Windows\System\Tvwppfn.exe
  2⤵
  PID:8128
- C:\Windows\System\PZWFVbh.exe
  C:\Windows\System\PZWFVbh.exe
  2⤵
  PID:8148
- C:\Windows\System\HERvimR.exe
  C:\Windows\System\HERvimR.exe
  2⤵
  PID:6472
- C:\Windows\System\rVeZcwH.exe
  C:\Windows\System\rVeZcwH.exe
  2⤵
  PID:7052
- C:\Windows\System\lEmgYTs.exe
  C:\Windows\System\lEmgYTs.exe
  2⤵
  PID:7180
- C:\Windows\System\XMLblSm.exe
  C:\Windows\System\XMLblSm.exe
  2⤵
  PID:2464
- C:\Windows\System\mEskCyq.exe
  C:\Windows\System\mEskCyq.exe
  2⤵
  PID:8032
- C:\Windows\System\dKtuXoS.exe
  C:\Windows\System\dKtuXoS.exe
  2⤵
  PID:7972
- C:\Windows\System\faaehwy.exe
  C:\Windows\System\faaehwy.exe
  2⤵
  PID:1944
- C:\Windows\System\SqlaaYi.exe
  C:\Windows\System\SqlaaYi.exe
  2⤵
  PID:8108
- C:\Windows\System\MQBwEfG.exe
  C:\Windows\System\MQBwEfG.exe
  2⤵
  PID:6848
- C:\Windows\System\BdoqHGe.exe
  C:\Windows\System\BdoqHGe.exe
  2⤵
  PID:7216
- C:\Windows\System\VVFCLrj.exe
  C:\Windows\System\VVFCLrj.exe
  2⤵
  PID:7444
- C:\Windows\System\nMlDwVa.exe
  C:\Windows\System\nMlDwVa.exe
  2⤵
  PID:7504
- C:\Windows\System\FYtSOkG.exe
  C:\Windows\System\FYtSOkG.exe
  2⤵
  PID:7536
- C:\Windows\System\vGDcjyY.exe
  C:\Windows\System\vGDcjyY.exe
  2⤵
  PID:7672
- C:\Windows\System\HdHRIRJ.exe
  C:\Windows\System\HdHRIRJ.exe
  2⤵
  PID:7820
- C:\Windows\System\IykwyJp.exe
  C:\Windows\System\IykwyJp.exe
  2⤵
  PID:7884
- C:\Windows\System\yynIjIX.exe
  C:\Windows\System\yynIjIX.exe
  2⤵
  PID:8180
- C:\Windows\System\qEoGqvn.exe
  C:\Windows\System\qEoGqvn.exe
  2⤵
  PID:7336
- C:\Windows\System\ppPYFqW.exe
  C:\Windows\System\ppPYFqW.exe
  2⤵
  PID:7696
- C:\Windows\System\nUoctZb.exe
  C:\Windows\System\nUoctZb.exe
  2⤵
  PID:7380
- C:\Windows\System\GsdqVMh.exe
  C:\Windows\System\GsdqVMh.exe
  2⤵
  PID:7808
- C:\Windows\System\MkZBsvV.exe
  C:\Windows\System\MkZBsvV.exe
  2⤵
  PID:8216
- C:\Windows\System\ZfWolBY.exe
  C:\Windows\System\ZfWolBY.exe
  2⤵
  PID:8232
- C:\Windows\System\QNAPAJg.exe
  C:\Windows\System\QNAPAJg.exe
  2⤵
  PID:8248
- C:\Windows\System\kxPriWq.exe
  C:\Windows\System\kxPriWq.exe
  2⤵
  PID:8268
- C:\Windows\System\fQZYYUJ.exe
  C:\Windows\System\fQZYYUJ.exe
  2⤵
  PID:8284
- C:\Windows\System\Xqdhgpm.exe
  C:\Windows\System\Xqdhgpm.exe
  2⤵
  PID:8300
- C:\Windows\System\OucxROV.exe
  C:\Windows\System\OucxROV.exe
  2⤵
  PID:8316
- C:\Windows\System\EvRwIjQ.exe
  C:\Windows\System\EvRwIjQ.exe
  2⤵
  PID:8336
- C:\Windows\System\CHtZbHB.exe
  C:\Windows\System\CHtZbHB.exe
  2⤵
  PID:8356
- C:\Windows\System\bKVYTdq.exe
  C:\Windows\System\bKVYTdq.exe
  2⤵
  PID:8372
- C:\Windows\System\pEaBLaS.exe
  C:\Windows\System\pEaBLaS.exe
  2⤵
  PID:8388
- C:\Windows\System\ZjqwBOi.exe
  C:\Windows\System\ZjqwBOi.exe
  2⤵
  PID:8404
- C:\Windows\System\nshbtOG.exe
  C:\Windows\System\nshbtOG.exe
  2⤵
  PID:8424
- C:\Windows\System\LfopGGa.exe
  C:\Windows\System\LfopGGa.exe
  2⤵
  PID:8452
- C:\Windows\System\pyBYMit.exe
  C:\Windows\System\pyBYMit.exe
  2⤵
  PID:8472
- C:\Windows\System\QvOQdiw.exe
  C:\Windows\System\QvOQdiw.exe
  2⤵
  PID:8488
- C:\Windows\System\SpdVTbo.exe
  C:\Windows\System\SpdVTbo.exe
  2⤵
  PID:8508
- C:\Windows\System\BcgFqtY.exe
  C:\Windows\System\BcgFqtY.exe
  2⤵
  PID:8524
- C:\Windows\System\SgspqXz.exe
  C:\Windows\System\SgspqXz.exe
  2⤵
  PID:8544
- C:\Windows\System\kDJQRXu.exe
  C:\Windows\System\kDJQRXu.exe
  2⤵
  PID:8560
- C:\Windows\System\tXNcdok.exe
  C:\Windows\System\tXNcdok.exe
  2⤵
  PID:8588
- C:\Windows\System\bbVawMs.exe
  C:\Windows\System\bbVawMs.exe
  2⤵
  PID:8604
- C:\Windows\System\ENIAdzu.exe
  C:\Windows\System\ENIAdzu.exe
  2⤵
  PID:8620
- C:\Windows\System\yDraNRW.exe
  C:\Windows\System\yDraNRW.exe
  2⤵
  PID:8636
- C:\Windows\System\OLKlpvw.exe
  C:\Windows\System\OLKlpvw.exe
  2⤵
  PID:8656
- C:\Windows\System\ywMknzA.exe
  C:\Windows\System\ywMknzA.exe
  2⤵
  PID:8676
- C:\Windows\System\KwiyZCn.exe
  C:\Windows\System\KwiyZCn.exe
  2⤵
  PID:8692
- C:\Windows\System\KwIzWAp.exe
  C:\Windows\System\KwIzWAp.exe
  2⤵
  PID:8708
- C:\Windows\System\attkmwH.exe
  C:\Windows\System\attkmwH.exe
  2⤵
  PID:8724
- C:\Windows\System\rytuOsk.exe
  C:\Windows\System\rytuOsk.exe
  2⤵
  PID:8740
- C:\Windows\System\IcbWVkl.exe
  C:\Windows\System\IcbWVkl.exe
  2⤵
  PID:8756
- C:\Windows\System\HGyuisb.exe
  C:\Windows\System\HGyuisb.exe
  2⤵
  PID:8776
- C:\Windows\System\zjtQgML.exe
  C:\Windows\System\zjtQgML.exe
  2⤵
  PID:8792
- C:\Windows\System\CCQWsgu.exe
  C:\Windows\System\CCQWsgu.exe
  2⤵
  PID:8812
- C:\Windows\System\TzgGeDC.exe
  C:\Windows\System\TzgGeDC.exe
  2⤵
  PID:8832
- C:\Windows\System\qJbXyPC.exe
  C:\Windows\System\qJbXyPC.exe
  2⤵
  PID:8848
- C:\Windows\System\JuFLUCT.exe
  C:\Windows\System\JuFLUCT.exe
  2⤵
  PID:8864
- C:\Windows\System\ETjUWuq.exe
  C:\Windows\System\ETjUWuq.exe
  2⤵
  PID:8880
- C:\Windows\System\QlrBtLZ.exe
  C:\Windows\System\QlrBtLZ.exe
  2⤵
  PID:8896
- C:\Windows\System\aQbESYG.exe
  C:\Windows\System\aQbESYG.exe
  2⤵
  PID:8928
- C:\Windows\System\TGAEBve.exe
  C:\Windows\System\TGAEBve.exe
  2⤵
  PID:8948
- C:\Windows\System\ipqGwMN.exe
  C:\Windows\System\ipqGwMN.exe
  2⤵
  PID:8968
- C:\Windows\System\mAELYvz.exe
  C:\Windows\System\mAELYvz.exe
  2⤵
  PID:8988
- C:\Windows\System\uXHlrNv.exe
  C:\Windows\System\uXHlrNv.exe
  2⤵
  PID:9008
- C:\Windows\System\IBcnNUY.exe
  C:\Windows\System\IBcnNUY.exe
  2⤵
  PID:9028
- C:\Windows\System\zXGRqIt.exe
  C:\Windows\System\zXGRqIt.exe
  2⤵
  PID:9048
- C:\Windows\System\RbSwtAf.exe
  C:\Windows\System\RbSwtAf.exe
  2⤵
  PID:9064
- C:\Windows\System\XfWQuCx.exe
  C:\Windows\System\XfWQuCx.exe
  2⤵
  PID:9084
- C:\Windows\System\mhHSADb.exe
  C:\Windows\System\mhHSADb.exe
  2⤵
  PID:9100
- C:\Windows\System\fiQkckg.exe
  C:\Windows\System\fiQkckg.exe
  2⤵
  PID:9116
- C:\Windows\System\UqwCByF.exe
  C:\Windows\System\UqwCByF.exe
  2⤵
  PID:9136
- C:\Windows\System\raQjAMa.exe
  C:\Windows\System\raQjAMa.exe
  2⤵
  PID:9152
- C:\Windows\System\AROIEkr.exe
  C:\Windows\System\AROIEkr.exe
  2⤵
  PID:9168
- C:\Windows\System\ozCEpNj.exe
  C:\Windows\System\ozCEpNj.exe
  2⤵
  PID:9188
- C:\Windows\System\tUBkrqZ.exe
  C:\Windows\System\tUBkrqZ.exe
  2⤵
  PID:9208
- C:\Windows\System\bhaxwQo.exe
  C:\Windows\System\bhaxwQo.exe
  2⤵
  PID:7404
- C:\Windows\System\WGejYsr.exe
  C:\Windows\System\WGejYsr.exe
  2⤵
  PID:8208
- C:\Windows\System\GTXxAUF.exe
  C:\Windows\System\GTXxAUF.exe
  2⤵
  PID:8240
- C:\Windows\System\hHucfhX.exe
  C:\Windows\System\hHucfhX.exe
  2⤵
  PID:8256
- C:\Windows\System\bIocjRB.exe
  C:\Windows\System\bIocjRB.exe
  2⤵
  PID:8276
- C:\Windows\System\WuzSvcl.exe
  C:\Windows\System\WuzSvcl.exe
  2⤵
  PID:8328
- C:\Windows\System\ShcunbQ.exe
  C:\Windows\System\ShcunbQ.exe
  2⤵
  PID:8368
- C:\Windows\System\ONovybf.exe
  C:\Windows\System\ONovybf.exe
  2⤵
  PID:8348
- C:\Windows\System\orMFqtC.exe
  C:\Windows\System\orMFqtC.exe
  2⤵
  PID:8412
- C:\Windows\System\zdMvnTR.exe
  C:\Windows\System\zdMvnTR.exe
  2⤵
  PID:8436
- C:\Windows\System\SnmzNgp.exe
  C:\Windows\System\SnmzNgp.exe
  2⤵
  PID:8464
- C:\Windows\System\elRoFzK.exe
  C:\Windows\System\elRoFzK.exe
  2⤵
  PID:7924
- C:\Windows\System\cCIgrcQ.exe
  C:\Windows\System\cCIgrcQ.exe
  2⤵
  PID:8540
- C:\Windows\System\WgIWqEc.exe
  C:\Windows\System\WgIWqEc.exe
  2⤵
  PID:8600
- C:\Windows\System\fncKnEs.exe
  C:\Windows\System\fncKnEs.exe
  2⤵
  PID:8612
- C:\Windows\System\gwxYQuF.exe
  C:\Windows\System\gwxYQuF.exe
  2⤵
  PID:8576
- C:\Windows\System\lPVRzIw.exe
  C:\Windows\System\lPVRzIw.exe
  2⤵
  PID:8584
- C:\Windows\System\GuHjeZQ.exe
  C:\Windows\System\GuHjeZQ.exe
  2⤵
  PID:8736
- C:\Windows\System\QWomKgO.exe
  C:\Windows\System\QWomKgO.exe
  2⤵
  PID:8688
- C:\Windows\System\HEpNhJt.exe
  C:\Windows\System\HEpNhJt.exe
  2⤵
  PID:8784
- C:\Windows\System\KScGdnZ.exe
  C:\Windows\System\KScGdnZ.exe
  2⤵
  PID:8820
- C:\Windows\System\EsioYfS.exe
  C:\Windows\System\EsioYfS.exe
  2⤵
  PID:8872
- C:\Windows\System\VHjDeND.exe
  C:\Windows\System\VHjDeND.exe
  2⤵
  PID:8904
- C:\Windows\System\irCIgPp.exe
  C:\Windows\System\irCIgPp.exe
  2⤵
  PID:8920
- C:\Windows\System\ArUcRwh.exe
  C:\Windows\System\ArUcRwh.exe
  2⤵
  PID:8944
- C:\Windows\System\LSFQOKk.exe
  C:\Windows\System\LSFQOKk.exe
  2⤵
  PID:8996
- C:\Windows\System\tnFzOhu.exe
  C:\Windows\System\tnFzOhu.exe
  2⤵
  PID:8984
- C:\Windows\System\QOegTta.exe
  C:\Windows\System\QOegTta.exe
  2⤵
  PID:9016
- C:\Windows\System\bUFqJCl.exe
  C:\Windows\System\bUFqJCl.exe
  2⤵
  PID:9096
- C:\Windows\System\yNATWML.exe
  C:\Windows\System\yNATWML.exe
  2⤵
  PID:9108
- C:\Windows\System\xgRvSNe.exe
  C:\Windows\System\xgRvSNe.exe
  2⤵
  PID:9132
- C:\Windows\System\UWLaCpa.exe
  C:\Windows\System\UWLaCpa.exe
  2⤵
  PID:9164
- C:\Windows\System\goWrZlY.exe
  C:\Windows\System\goWrZlY.exe
  2⤵
  PID:9200
- C:\Windows\System\bzdkdxg.exe
  C:\Windows\System\bzdkdxg.exe
  2⤵
  PID:8244
- C:\Windows\System\zHIiDgi.exe
  C:\Windows\System\zHIiDgi.exe
  2⤵
  PID:8260
- C:\Windows\System\higUOEu.exe
  C:\Windows\System\higUOEu.exe
  2⤵
  PID:8308
- C:\Windows\System\ghpAIfg.exe
  C:\Windows\System\ghpAIfg.exe
  2⤵
  PID:8324
- C:\Windows\System\XDTkUyZ.exe
  C:\Windows\System\XDTkUyZ.exe
  2⤵
  PID:8460
- C:\Windows\System\NWFdeqn.exe
  C:\Windows\System\NWFdeqn.exe
  2⤵
  PID:8628
- C:\Windows\System\qvycrur.exe
  C:\Windows\System\qvycrur.exe
  2⤵
  PID:8536
- C:\Windows\System\vdmTiDC.exe
  C:\Windows\System\vdmTiDC.exe
  2⤵
  PID:8648
- C:\Windows\System\NiiJrPy.exe
  C:\Windows\System\NiiJrPy.exe
  2⤵
  PID:8732
- C:\Windows\System\buLZZrH.exe
  C:\Windows\System\buLZZrH.exe
  2⤵
  PID:8720
- C:\Windows\System\aGseAlP.exe
  C:\Windows\System\aGseAlP.exe
  2⤵
  PID:8808
- C:\Windows\System\NbaPUob.exe
  C:\Windows\System\NbaPUob.exe
  2⤵
  PID:8824
- C:\Windows\System\jmmCtcw.exe
  C:\Windows\System\jmmCtcw.exe
  2⤵
  PID:8916
- C:\Windows\System\XWoPqUi.exe
  C:\Windows\System\XWoPqUi.exe
  2⤵
  PID:9000
- C:\Windows\System\frnomFe.exe
  C:\Windows\System\frnomFe.exe
  2⤵
  PID:8976
- C:\Windows\System\rwDdCBd.exe
  C:\Windows\System\rwDdCBd.exe
  2⤵
  PID:9112
- C:\Windows\System\llCvinC.exe
  C:\Windows\System\llCvinC.exe
  2⤵
  PID:9128
- C:\Windows\System\theiTxc.exe
  C:\Windows\System\theiTxc.exe
  2⤵
  PID:9180
- C:\Windows\System\edjphHE.exe
  C:\Windows\System\edjphHE.exe
  2⤵
  PID:924
- C:\Windows\System\UBlHJnD.exe
  C:\Windows\System\UBlHJnD.exe
  2⤵
  PID:8296
- C:\Windows\System\OXEIFVR.exe
  C:\Windows\System\OXEIFVR.exe
  2⤵
  PID:8400
- C:\Windows\System\rWlMZsH.exe
  C:\Windows\System\rWlMZsH.exe
  2⤵
  PID:8504
- C:\Windows\System\xGkqJku.exe
  C:\Windows\System\xGkqJku.exe
  2⤵
  PID:8432
- C:\Windows\System\BcBKBhg.exe
  C:\Windows\System\BcBKBhg.exe
  2⤵
  PID:8556
- C:\Windows\System\vcQnLsy.exe
  C:\Windows\System\vcQnLsy.exe
  2⤵
  PID:8772
- C:\Windows\System\DMfFJEW.exe
  C:\Windows\System\DMfFJEW.exe
  2⤵
  PID:8856
- C:\Windows\System\KAoQbJv.exe
  C:\Windows\System\KAoQbJv.exe
  2⤵
  PID:8936
- C:\Windows\System\IoqwsDz.exe
  C:\Windows\System\IoqwsDz.exe
  2⤵
  PID:9076
- C:\Windows\System\YLONXGo.exe
  C:\Windows\System\YLONXGo.exe
  2⤵
  PID:7220
- C:\Windows\System\muMILpn.exe
  C:\Windows\System\muMILpn.exe
  2⤵
  PID:8228
- C:\Windows\System\KSkKWde.exe
  C:\Windows\System\KSkKWde.exe
  2⤵
  PID:8480
- C:\Windows\System\VREKhAW.exe
  C:\Windows\System\VREKhAW.exe
  2⤵
  PID:8496
- C:\Windows\System\AOxEizw.exe
  C:\Windows\System\AOxEizw.exe
  2⤵
  PID:8804
- C:\Windows\System\OXsFfzd.exe
  C:\Windows\System\OXsFfzd.exe
  2⤵
  PID:9144
- C:\Windows\System\HZtEveh.exe
  C:\Windows\System\HZtEveh.exe
  2⤵
  PID:9176
- C:\Windows\System\CxAabpZ.exe
  C:\Windows\System\CxAabpZ.exe
  2⤵
  PID:8396
- C:\Windows\System\IXnqqWa.exe
  C:\Windows\System\IXnqqWa.exe
  2⤵
  PID:9060
- C:\Windows\System\iqoCGiw.exe
  C:\Windows\System\iqoCGiw.exe
  2⤵
  PID:8672
- C:\Windows\System\vCgDDPJ.exe
  C:\Windows\System\vCgDDPJ.exe
  2⤵
  PID:9044
- C:\Windows\System\evYPFLr.exe
  C:\Windows\System\evYPFLr.exe
  2⤵
  PID:8860
- C:\Windows\System\ICPPKVW.exe
  C:\Windows\System\ICPPKVW.exe
  2⤵
  PID:8200
- C:\Windows\System\beUxQTu.exe
  C:\Windows\System\beUxQTu.exe
  2⤵
  PID:9232
- C:\Windows\System\qrssppP.exe
  C:\Windows\System\qrssppP.exe
  2⤵
  PID:9248
- C:\Windows\System\mKkLkXH.exe
  C:\Windows\System\mKkLkXH.exe
  2⤵
  PID:9264
- C:\Windows\System\tNNLmIT.exe
  C:\Windows\System\tNNLmIT.exe
  2⤵
  PID:9280
- C:\Windows\System\NUHAXFj.exe
  C:\Windows\System\NUHAXFj.exe
  2⤵
  PID:9380
- C:\Windows\System\pOlcPlH.exe
  C:\Windows\System\pOlcPlH.exe
  2⤵
  PID:9396
- C:\Windows\System\rKQyXRK.exe
  C:\Windows\System\rKQyXRK.exe
  2⤵
  PID:9412
- C:\Windows\System\eRhnSOY.exe
  C:\Windows\System\eRhnSOY.exe
  2⤵
  PID:9428
- C:\Windows\System\KEJAnDq.exe
  C:\Windows\System\KEJAnDq.exe
  2⤵
  PID:9444
- C:\Windows\System\tCSgpDg.exe
  C:\Windows\System\tCSgpDg.exe
  2⤵
  PID:9460
- C:\Windows\System\xdapRai.exe
  C:\Windows\System\xdapRai.exe
  2⤵
  PID:9484
- C:\Windows\System\zxhpdbH.exe
  C:\Windows\System\zxhpdbH.exe
  2⤵
  PID:9500
- C:\Windows\System\rqOZDmz.exe
  C:\Windows\System\rqOZDmz.exe
  2⤵
  PID:9516
- C:\Windows\System\qgxAgqP.exe
  C:\Windows\System\qgxAgqP.exe
  2⤵
  PID:9532
- C:\Windows\System\cJMknmK.exe
  C:\Windows\System\cJMknmK.exe
  2⤵
  PID:9548
- C:\Windows\System\bnrIAmZ.exe
  C:\Windows\System\bnrIAmZ.exe
  2⤵
  PID:9564
- C:\Windows\System\SUjcNhw.exe
  C:\Windows\System\SUjcNhw.exe
  2⤵
  PID:9580
- C:\Windows\System\qjGLOEU.exe
  C:\Windows\System\qjGLOEU.exe
  2⤵
  PID:9596
- C:\Windows\System\AwCldMd.exe
  C:\Windows\System\AwCldMd.exe
  2⤵
  PID:9612
- C:\Windows\System\UksuBkd.exe
  C:\Windows\System\UksuBkd.exe
  2⤵
  PID:9632
- C:\Windows\System\GhUSFNu.exe
  C:\Windows\System\GhUSFNu.exe
  2⤵
  PID:9648
- C:\Windows\System\WHOxnGH.exe
  C:\Windows\System\WHOxnGH.exe
  2⤵
  PID:9668
- C:\Windows\System\TCXsDJq.exe
  C:\Windows\System\TCXsDJq.exe
  2⤵
  PID:9684
- C:\Windows\System\RbrxxFq.exe
  C:\Windows\System\RbrxxFq.exe
  2⤵
  PID:9700
- C:\Windows\System\hISoZdU.exe
  C:\Windows\System\hISoZdU.exe
  2⤵
  PID:9716
- C:\Windows\System\uRgVWbm.exe
  C:\Windows\System\uRgVWbm.exe
  2⤵
  PID:9732
- C:\Windows\System\pXuyqjs.exe
  C:\Windows\System\pXuyqjs.exe
  2⤵
  PID:9748
- C:\Windows\System\IrOXtYi.exe
  C:\Windows\System\IrOXtYi.exe
  2⤵
  PID:9768
- C:\Windows\System\GfpBzaj.exe
  C:\Windows\System\GfpBzaj.exe
  2⤵
  PID:9784
- C:\Windows\System\jukfAVs.exe
  C:\Windows\System\jukfAVs.exe
  2⤵
  PID:9804
- C:\Windows\System\YzXCcnM.exe
  C:\Windows\System\YzXCcnM.exe
  2⤵
  PID:9832
- C:\Windows\System\JJHzXgW.exe
  C:\Windows\System\JJHzXgW.exe
  2⤵
  PID:9852
- C:\Windows\System\VzUXiWU.exe
  C:\Windows\System\VzUXiWU.exe
  2⤵
  PID:9868
- C:\Windows\System\aECdxeB.exe
  C:\Windows\System\aECdxeB.exe
  2⤵
  PID:9884
- C:\Windows\System\nqYYdWJ.exe
  C:\Windows\System\nqYYdWJ.exe
  2⤵
  PID:9900
- C:\Windows\System\dBUgcaY.exe
  C:\Windows\System\dBUgcaY.exe
  2⤵
  PID:9916
- C:\Windows\System\BstMaEo.exe
  C:\Windows\System\BstMaEo.exe
  2⤵
  PID:9932
- C:\Windows\System\ZJjMXAB.exe
  C:\Windows\System\ZJjMXAB.exe
  2⤵
  PID:9984
- C:\Windows\System\JpAAImI.exe
  C:\Windows\System\JpAAImI.exe
  2⤵
  PID:10004
- C:\Windows\System\lUXjVEn.exe
  C:\Windows\System\lUXjVEn.exe
  2⤵
  PID:10024
- C:\Windows\System\WQYxHqh.exe
  C:\Windows\System\WQYxHqh.exe
  2⤵
  PID:10040
- C:\Windows\System\fEwuZoR.exe
  C:\Windows\System\fEwuZoR.exe
  2⤵
  PID:10056
- C:\Windows\System\oUGHwXR.exe
  C:\Windows\System\oUGHwXR.exe
  2⤵
  PID:10092
- C:\Windows\System\NQGYQiV.exe
  C:\Windows\System\NQGYQiV.exe
  2⤵
  PID:10116
- C:\Windows\System\VeULQCf.exe
  C:\Windows\System\VeULQCf.exe
  2⤵
  PID:10136
- C:\Windows\System\JxOCKCf.exe
  C:\Windows\System\JxOCKCf.exe
  2⤵
  PID:10160
- C:\Windows\System\ALSnuxu.exe
  C:\Windows\System\ALSnuxu.exe
  2⤵
  PID:10176
- C:\Windows\System\CgAmGTy.exe
  C:\Windows\System\CgAmGTy.exe
  2⤵
  PID:10192
- C:\Windows\System\AEsCJsw.exe
  C:\Windows\System\AEsCJsw.exe
  2⤵
  PID:9220
- C:\Windows\System\hMKOgLi.exe
  C:\Windows\System\hMKOgLi.exe
  2⤵
  PID:9372
- C:\Windows\System\FHsldve.exe
  C:\Windows\System\FHsldve.exe
  2⤵
  PID:9708
- C:\Windows\System\IrrRJwY.exe
  C:\Windows\System\IrrRJwY.exe
  2⤵
  PID:9696
- C:\Windows\System\GNBNiQi.exe
  C:\Windows\System\GNBNiQi.exe
  2⤵
  PID:9812
- C:\Windows\System\GzPCqnI.exe
  C:\Windows\System\GzPCqnI.exe
  2⤵
  PID:9796
- C:\Windows\System\BLvPtUX.exe
  C:\Windows\System\BLvPtUX.exe
  2⤵
  PID:9840
- C:\Windows\System\AqTtUoK.exe
  C:\Windows\System\AqTtUoK.exe
  2⤵
  PID:9892
- C:\Windows\System\SJbnMit.exe
  C:\Windows\System\SJbnMit.exe
  2⤵
  PID:9928
- C:\Windows\System\KWxrySe.exe
  C:\Windows\System\KWxrySe.exe
  2⤵
  PID:9908
- C:\Windows\System\cfRhbia.exe
  C:\Windows\System\cfRhbia.exe
  2⤵
  PID:9980
- C:\Windows\System\hSlYdAw.exe
  C:\Windows\System\hSlYdAw.exe
  2⤵
  PID:9972
- C:\Windows\System\UeLLyPF.exe
  C:\Windows\System\UeLLyPF.exe
  2⤵
  PID:9944
- C:\Windows\System\jngBxSY.exe
  C:\Windows\System\jngBxSY.exe
  2⤵
  PID:10032
- C:\Windows\System\NRuUfkj.exe
  C:\Windows\System\NRuUfkj.exe
  2⤵
  PID:10068
- C:\Windows\System\UzagHpp.exe
  C:\Windows\System\UzagHpp.exe
  2⤵
  PID:10080
- C:\Windows\System\RCTSemK.exe
  C:\Windows\System\RCTSemK.exe
  2⤵
  PID:10100
- C:\Windows\System\aYJabyM.exe
  C:\Windows\System\aYJabyM.exe
  2⤵
  PID:10172
- C:\Windows\System\DfwHCUM.exe
  C:\Windows\System\DfwHCUM.exe
  2⤵
  PID:10204
- C:\Windows\System\tRgrlwt.exe
  C:\Windows\System\tRgrlwt.exe
  2⤵
  PID:10228
- C:\Windows\System\WMmLbAs.exe
  C:\Windows\System\WMmLbAs.exe
  2⤵
  PID:8644
- C:\Windows\System\UxRlPGz.exe
  C:\Windows\System\UxRlPGz.exe
  2⤵
  PID:9348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DqdXZQu.exe

Filesize
6.0MB

MD5
103ccf5ad074cfd25399a47c23323fdb

SHA1
b26728eda4d2f3dd741601d1f9e99e93fb45db1f

SHA256
acb2e4567cdda42c1c6ecb5acb75b60107cea131aff0f1ca9e7939a8883f9adb

SHA512
14db896f69b85140338510440b5d98e243f9917b18e6eeef140c1e22a113a6f0a27d72ad64e5a9643c7861b2a275c0164a8d3cadbe5b176271984b1cb1ad0b60

Download Submit
C:\Windows\system\DrufJRU.exe

Filesize
6.0MB

MD5
dd5fffc266c39c526de0514c0625b591

SHA1
dbb8cd985a24198e70e85899c54194f823259b31

SHA256
b9fb859fdd348899e8f24a4a50c4c4fae6ebad167277fa8e68252c08c74ed4d7

SHA512
47142f0a8d4fda153ecb1fe408b4438bc00cc549169feaffb6024147e75700d67062c0b9f3bdf8cb6ab4c2efe1504470a1d10b24c80ed094e931eb4d0ec9f93d

Download Submit
C:\Windows\system\FvwykHx.exe

Filesize
6.0MB

MD5
9390ab3c1957b76710971ead37a29486

SHA1
88ffdb3d1b2fc852bbff51813a853d38712c98a2

SHA256
0984d52c218668da3a9fbc1bae7272d19a9f9b683b0375406ba43506dbbe27fd

SHA512
a32ac9517f7bd0ccbd53b9c3cb6e967863334ddfdb7734fb9b05cec27b53360f6ef9620ce2ec43ed47ff5df2c74c22e8a2337bd5bcfc997da5eb1d41b625b04e

Download Submit
C:\Windows\system\GefRjti.exe

Filesize
6.0MB

MD5
859a7cd57a60736bc6b68598cbb66ecd

SHA1
82ed721d6f2982a690ae6904d038c4714defbc31

SHA256
34512031076dcd9f7764c010d5a9747cc66abba0aa6f99b5ac1617bc365f2830

SHA512
6c4108d2249dc23c830dc151f55af373904fe0b87a31486c881af85f9d1fe44e89ab986ad4694596177c1e4e276894ea4eeefffb3caa9e13435ae39f9bfa35ca

Download Submit
C:\Windows\system\KmKPLwU.exe

Filesize
6.0MB

MD5
d06c6c3803e119d434c8de27bbc3b41e

SHA1
04cf806de2336c78b0ca410bb92ca913e31f17b1

SHA256
8109ac51d324026ff4ee3b9cf0afd97d66cffd9461fa547ed3524b46df92bc7c

SHA512
2f0afd4c50d1d32f8413162dc554aa184b94a1319ccb8e4f5445333e936f46d1e8673d2571f70f5b4d300c4d0fd0fa85e7bf965645aafe20eccca9348de4de8a

Download Submit
C:\Windows\system\RDKRbqN.exe

Filesize
6.0MB

MD5
a1922a7fa555518c5ecbfdec6aaee9d5

SHA1
1e9841d04cc45676a524f415e8fea4952f14bfb9

SHA256
d0f7ec5faa79f19e67b5c3be1a520226715432c63b7a0a5e48f5d06eaeac2988

SHA512
5636a5bf6fc96930e9f9b4e150c8ac03fbadc50b5be01b94315c6210a8e2d3e257fec80ac1c4f38e74893fa8354e7d6d558373a35777f777bab0f5eabeec545f

Download Submit
C:\Windows\system\SklbtYk.exe

Filesize
6.0MB

MD5
f9d629be0100c3987d6cf864e590359a

SHA1
f1703d35869ccccf60e572abef30ddd550aa2a32

SHA256
96a87352e327545d0c261777c6566c89e77aade0f48ec736be56c2dc419eac4e

SHA512
028de55ceecea8fbec15b75df26c4a5213525366d14813393d076ce3c5734ef9c206ad757d4a283c7dbe431e32853c25859b10efa1155ffb8c1af5650ec5ced4

Download Submit
C:\Windows\system\SvxIhsd.exe

Filesize
6.0MB

MD5
dbae04b212ba9c0679a5c512df441d34

SHA1
dec6dcc1f916111605d7d8bd563b36c73d6f5885

SHA256
62a9c2234cbeb3e3fc45e63929afe6edcbd581ea1c081381bd901300fb597c52

SHA512
c51adc0c888c161d792e8199e037ab149a34212e6b88fec67f4ebadde5a30204befbf2a98fd002919cff45a180e2e34f034b9e1fb2808be02afaa1b6793284cb

Download Submit
C:\Windows\system\UrkInIO.exe

Filesize
6.0MB

MD5
da9806371c5ed226e14745f055f30c5e

SHA1
b030cb866942d9eeda62088aaab0028c94c77671

SHA256
d4fb2046fff7936d3181eaef34860955075c70b900e3db2ea4c50122c4b5b91c

SHA512
060f6861b7a2e28a40e7b8677b59be3b9d818b628ee073dac95086a864e956d5c5718b289e069097583b2e8b84cb399742acd445531a80bc71e9eca24f055806

Download Submit
C:\Windows\system\ZDvyRBc.exe

Filesize
6.0MB

MD5
efd47d9a8fca00a65f9ed27c5a0939a6

SHA1
7de7d40c37bda66950081ea4ad1750a4b7f668e9

SHA256
57e8674e1ada6111f21035ab6154d15c7ac97cce6d12d51e33c34d6335329676

SHA512
b7e2a4de269ac4cee8e4fb80edfac26fe3b75e4f20291058ec4a9285ae7235ee90b56a52742b8d8fa4a545a16cfd7631050b40d0d67b8531f6e61c838fac1044

Download Submit
C:\Windows\system\auFjltv.exe

Filesize
6.0MB

MD5
7b855fc29cd9119e5a59494c61d33ea3

SHA1
cbf81662ab35a594fbb4fefa16df6b3b46b55457

SHA256
35788e1a815fb2aca75d81aa2413fc93481f16f8ca48c4b15285131ad4497755

SHA512
60cc91dabe4f2f787cfef07b3319a19331adba89203ee217005a7d9d0daf4c276b747b94933469fdfdea98f1a29f41f6c96780733ae951dbb23331ddc62b7760

Download Submit
C:\Windows\system\aymQrul.exe

Filesize
6.0MB

MD5
9553e368a283e16c0ec663818cd663fa

SHA1
904739176f509810bb43c4788530109b2a53e4a1

SHA256
90fb90b7f02a5410d80a321f4aa8083b74f8ef73b78693b5d1f189079823430e

SHA512
f8e60bd5778d3bf139160eae520b81ceed19b74ad2eef18330cbf3629e34e1ef63cb9489febb9ca7815624042920a43d06ac49248393889dbc6cafa3dfad0b36

Download Submit
C:\Windows\system\bLddgEW.exe

Filesize
6.0MB

MD5
b072ca9bc74327f92d59fc7ee1f118a5

SHA1
e5dfc5c8a04580fdb33f95fcf0e8367cee3e2f0f

SHA256
07388e7d360814e1b26ed0a7fca35f370510a1dd659112fb0037e9fbe3a0b413

SHA512
defeb8e1d1f3cb724d7660c61a30797467eb464f1c639e48d849a19347d7c2ff94600dc09867c0979997167e08dc7685d0f5fcb6fb45a26c432efb07cc01121f

Download Submit
C:\Windows\system\bzFFhJC.exe

Filesize
6.0MB

MD5
f9ac7c392800aab759b2cf1e793ef7d0

SHA1
cf6e18ab7dbe4528bd52761802985ce5cd7aec5d

SHA256
82a167851b6be97e29b53294921985de94577724330dd1a923de61914f81ba35

SHA512
1fa11d2a8bbe77ced69629f930bbdfcd8e7aea0bafee239b8183577e7ebf2b730975826b67b3f1e75e01ee57157536c17b47ff410348958c8d62efccba5beb1b

Download Submit
C:\Windows\system\citMWGY.exe

Filesize
6.0MB

MD5
8ea069068ef019ee38672f3e7d7ae364

SHA1
f28511360f1ed1b560398521be242a19d3892406

SHA256
f9deaa1d3a4c440f0862b3eef0e666cbbeaba75634b6a32d174d9e7eb35938e9

SHA512
d1290091774be826543ab8426c958f6bf181c0cd8feda04148b2d8199eda9f6ed5592f48946f791b4c950c0a732080f47cc1bf8dbe1be764321ffb02e1fb023a

Download Submit
C:\Windows\system\clPbuum.exe

Filesize
6.0MB

MD5
0a3829f107f351454c61e20c52c12c39

SHA1
8f1b6c34a9f1cd5de6d0244f6b6ac820dee94386

SHA256
dece1bac9843e641c4147e8405807087e24213116e7a9e8345bd764d546b52a1

SHA512
def1493113da6dae90cc55c4d2316cf7b699ecd826c35f4dc1f3de7c62089f3edc87080c7c1a9a1be168a6e7720bd7da1e6fb1cae6825b8b2e38a18a06cc7dd3

Download Submit
C:\Windows\system\flasJxR.exe

Filesize
6.0MB

MD5
010b920d3eb5b47ca1f226b4a0465d50

SHA1
ce6b33144860c032b6f9551acbd74c8a69872a07

SHA256
f0384477110b1f03d9b5d788c8ff7f6050537dfac1a95c558ff7aec06f1ebeb8

SHA512
ed76f0506baa36730208387ab11c2645603902c4de2ad3844c3c38fb8a4d65739ce25d3cf7de07e14a8fe1b2059d62edd6ed8ba80a1a6fc6022bfee6b91142ad

Download Submit
C:\Windows\system\frdhbbD.exe

Filesize
6.0MB

MD5
b74e0f0419c0edcb238c867d584b173b

SHA1
3c3477a2480aafae1a73c2e2cb3881acef6d97c9

SHA256
34a9dfafded0cf80026635f759d87c9100dd4347ca19b07b2bb6c9df95b2b00a

SHA512
250c9e5b70d7485870ef5a103e68f231f8f51cb1f52500e002bdee900b8afe2e9ca6f651f1a4a45d2f501e48011e52b2991a3cd7b9b87abeca5895a1493c06d2

Download Submit
C:\Windows\system\iykRLrE.exe

Filesize
6.0MB

MD5
59558c8697bacec4963317a838abeaee

SHA1
699d3f2bfbf4cdfe10fbb5937e129eb4feee6863

SHA256
6941e1feb764bef4ea6bff5b79d7c7225a34a38db8da136c6151825d61888cbf

SHA512
e012def8782f84dd8360a1f81ca63c32b530d361f30bad1c99485cf50cf2e975eb66283141ee05f9a91bfd87c0ea29fc6c0f69ef7607ef1f21fe066fdea287f3

Download Submit
C:\Windows\system\lqBTtZF.exe

Filesize
6.0MB

MD5
e51867315c2caedd0764df5064828ae0

SHA1
262523b8f4bca973d1eebe8b4381cbf14a80ae22

SHA256
b83ceb7a4c90b11bc49ac6444ec3ef5865209c2ca5372e7f2a44810c818ef491

SHA512
b8d7ad54232391c76c11f020a294713ee5a51401ac3a10e90e3fc832a3b1a4e1f256b932c2f3332fcb23a7b0de9b6e2a5d9c7eb9bf89b6fd386aa9e8e3ae9d40

Download Submit
C:\Windows\system\moEhIxZ.exe

Filesize
6.0MB

MD5
ea2d1d073ce4441cd211e09c635c6773

SHA1
cb09bacc723b7452c2c49fcd12562cf8219ff339

SHA256
db2e42abeb6c4577864fbf290355cbfe61b2cda678b8d1614b799a1fd3e19415

SHA512
0e664ef34d4d797e41017e36fdadec1b556be97d0bc48bc33ad66bdb0958c3a51f1d492862cba9266a59aafff45a50a82c7c2cf5ee276022016cb68194ba637f

Download Submit
C:\Windows\system\rNCLnDc.exe

Filesize
6.0MB

MD5
2d9a347eceae9c2d3bdd99c9bbed9469

SHA1
f0b8b3c8722b224c10386d549e29d7954dab7d0b

SHA256
2a6bdc1448e67aab3f1538187cfd5f575896a3e22232279dc5c70e88620f7198

SHA512
4ffaf20f12ff213ff78a5c5cb68d9a520f62c8fba6a5b9dcf5ae5d61481dc4239e45649af64faaa076f9e22b179b377ed1676b2ca9f3b376ab409a9c6e888852

Download Submit
C:\Windows\system\xSHhuhS.exe

Filesize
6.0MB

MD5
974bb50f87ce60d0f15a2ecce355ae48

SHA1
bf17db23ffb6d6d40846147505a42a1e9b54b26a

SHA256
e9e8ede64870485f49fe3ad3219b54a5aea21b6b309d3447ffe9741bf2c7cf24

SHA512
b77f349095c7ea5bae5a51090ef42ed7c12bf4a84758cd83fcc19ea0724102369961faf8bcf8841e183e8e750b62bc12004c2d24360d4f236e116c5b4f2bff15

Download Submit
C:\Windows\system\xiRihzx.exe

Filesize
6.0MB

MD5
bc190ab6a5563e14175bf1772c5485c9

SHA1
984434345fea7217157758ea48c886bd43c24c29

SHA256
f18c3439bd647dfda09e8137ea86e82efa896d3ff46639077e3f799aaca7d451

SHA512
fbebd198cbcff7e91e939f8225b972ad669559690beba09c740d283cd7fb855a513c6add99052b6c423c56cba2af4e86ba601b4ad8aeadab3ed8a0b593791f57

Download Submit
\Windows\system\CmEExOw.exe

Filesize
6.0MB

MD5
2341c2f5e7fb07e67c1e4f54eaa3c57b

SHA1
5cfdb54016bedc9baa281d97882c1c6e449606b2

SHA256
3bbc25796217febbc2bf0221c01a24006f1fafb0bc8b39e12c72b75ed639ee7a

SHA512
3db97497f7d3455db70b83f8d6fc4596611455698d25f94ba85c98194babba198f4e95f60172b3e49325c7770ed669b43c7f8e1cbe6f52844e41f081c3e54812

Download Submit
\Windows\system\ELoeDbx.exe

Filesize
6.0MB

MD5
a00113592dbd5ab988c1e9c43fa7acf4

SHA1
bc356af9fa92fce18f32d4a02234e8cabc5574ae

SHA256
a608583b6416513382fc34b7b299075c7611bea2a306cf572332848d7779de79

SHA512
c5fb3ee87d5d8333ccf6a55ffcfb9af43883c31bd3725239f177b3fe0b875705fadc2664beb49ec0912eadc4f9693ca2244829eb2356637899a9354beec55865

Download Submit
\Windows\system\HcTVSiR.exe

Filesize
6.0MB

MD5
8227d0c9258192fa37615b314f2af105

SHA1
fbdbee139c889a8ed3a83008241bf68a8a0e0724

SHA256
cbbea9b9cbd1fa9ec4b0598e87a30bc42730129619cae8139cc41c69430deb74

SHA512
470bb5898172ba249313bed59013ea148703270cd26d52199b7f479d14b869cb12399a3babf12b00b0329591d73f08624acd537720863c68b47c7905ba313c2c

Download Submit
\Windows\system\QOIATCW.exe

Filesize
6.0MB

MD5
a949f7ea1b1d836af2bc2a408af6e6ec

SHA1
1e506bad5f8c0b34e67987e8c5977e85b9cb45a5

SHA256
6473db2712d27f12e795990805b661845db63ca83f4a00865f70f38b46fb578a

SHA512
a988924202fffeb27e7d38edaabbd7a650460d72bbb171a07789f115ef7f8c8288f7956c364ca53b13b1661f6512c51021c89f30c1e783c72a056cc6fa597453

Download Submit
\Windows\system\XTNNTGx.exe

Filesize
6.0MB

MD5
80ed440c634c3c10b10824d841b96f9f

SHA1
cbdd73fcf89841ce3c781cb4298574454a38ac1d

SHA256
ce0b51a98d82f3a1f791b2b6e274aeb7e36bde0fb72296c6c941e5a02eafae3e

SHA512
6dac4e2d959617845ccab28c80d8fca499386b141202adc14979ef796ee1d2a8b861a97cd9380612247ddabb4adabaa35d76aafc7c0ae71a03bef383c6915a3b

Download Submit
\Windows\system\gCKWRmu.exe

Filesize
6.0MB

MD5
702062f7b60d46793db014aac351c734

SHA1
840ffa315f06074ecd18d583a64b76adfeb8ac80

SHA256
9d86b9a90622473623c3b51f1b5e29f52780d4c752168cdc362b8eb40c18f052

SHA512
d9c53d0e141a069c0e393b64509b61e2886240f102bb27486c2718262cae0763735141a8cd7b623b869cf5e07b91792fb6a3455fc717442b773a2fdebd3d2298

Download Submit
\Windows\system\uQUmVtj.exe

Filesize
6.0MB

MD5
1024596ff11d734fe1391ef92434281c

SHA1
69b7944d872e8194322f03d3fcd5f1b2242851fe

SHA256
e26c25400f8692d9cdc879560ff15b102544c66954e7f17475744dce932653d3

SHA512
6156fe96b52bb6a3086466b8292c60fc10afb960025b6dd90c4bbc8a3cf3fe7ddfa2caebe60e4165c73f4e992899a74ffa0479a9e5cd87d9832fd12516f02947

Download Submit
\Windows\system\uuYVLFW.exe

Filesize
6.0MB

MD5
4a1dd179749645a5d150c72251940cd8

SHA1
ffc56de068c5a9bf37f24858bf473335cac003b3

SHA256
fed706eaf617e7df189ada906c414a6790ed7c19d0da3e41b2ce67e56a21bf57

SHA512
bb9c88eea650fb0aab2ef1ada16002163e02fd6d07c8d98b68784e2c7b941a4c7d6822f66ff318b1fd9531c76cbf4247cca9125a465a4a8de2578f55b6f9734c

Download Submit
memory/548-79-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/548-110-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/548-1817-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1180-102-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1180-71-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1180-1816-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1524-157-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1524-85-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1524-1831-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-2062-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1572-113-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1818-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2108-61-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2108-92-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2112-94-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1826-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1819-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2620-69-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1221-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2656-43-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2656-52-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1164-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-35-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-49-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-95-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-40-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-97-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-0-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2740-83-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-417-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-465-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2740-13-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-87-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-73-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-68-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-56-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2740-6-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-27-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2740-20-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2740-45-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-104-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-30-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-115-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2740-34-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1103-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2756-15-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2756-46-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2792-47-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2792-22-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1163-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1097-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2860-41-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2860-10-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2904-28-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2904-48-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1160-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/3012-322-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/3012-2061-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/3012-101-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download