cobaltstrike | 2bcd7ef8cde74baf6de03a20c97e38e8968e5930538adc3620866dd51d0cf893

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

78549bbe587ae2ec486ed30069a3b372
SHA1

12a9c63920f11bd76790de833ba08c7f9bae26ee
SHA256

2bcd7ef8cde74baf6de03a20c97e38e8968e5930538adc3620866dd51d0cf893
SHA512

a70e52f2cf18cc4c2efb5385b23680d3e5a17d1585c1c4c5c9c9557661031d7211f2006e8d18412a8b18c63e9dbb747f6f14d570808cdfad4d9b66b26cd15eca
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001867d-13.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186c8-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191f3-37.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-27.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019217-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-51.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191fd-42.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c9-32.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-72.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/2132-0-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-3.dat	xmrig
behavioral1/memory/1012-9-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x000700000001867d-13.dat	xmrig
behavioral1/files/0x00070000000186c8-16.dat	xmrig
behavioral1/files/0x00060000000191f3-37.dat	xmrig
behavioral1/files/0x000600000001878d-26.dat	xmrig
behavioral1/memory/2472-29-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c6-27.dat	xmrig
behavioral1/memory/2100-22-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1940-15-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2832-64-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49a-157.dat	xmrig
behavioral1/memory/1940-318-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2772-814-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2472-812-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2100-460-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4aa-164.dat	xmrig
behavioral1/files/0x000500000001a4b7-162.dat	xmrig
behavioral1/files/0x000500000001a48c-156.dat	xmrig
behavioral1/files/0x000500000001a434-155.dat	xmrig
behavioral1/files/0x000500000001a42f-154.dat	xmrig
behavioral1/files/0x000500000001a42b-153.dat	xmrig
behavioral1/files/0x000500000001a301-152.dat	xmrig
behavioral1/files/0x000500000001a07b-151.dat	xmrig
behavioral1/files/0x0005000000019fb9-149.dat	xmrig
behavioral1/files/0x0005000000019db8-148.dat	xmrig
behavioral1/files/0x000500000001a48e-136.dat	xmrig
behavioral1/files/0x000500000001a46a-135.dat	xmrig
behavioral1/files/0x000500000001a067-88.dat	xmrig
behavioral1/memory/2744-87-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bb-166.dat	xmrig
behavioral1/files/0x000500000001a4b5-161.dat	xmrig
behavioral1/files/0x0005000000019da4-63.dat	xmrig
behavioral1/files/0x0007000000019217-62.dat	xmrig
behavioral1/files/0x0005000000019d44-51.dat	xmrig
behavioral1/memory/2772-43-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x00070000000191fd-42.dat	xmrig
behavioral1/files/0x00070000000190c9-32.dat	xmrig
behavioral1/files/0x000500000001a49c-141.dat	xmrig
behavioral1/memory/2356-125-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a431-114.dat	xmrig
behavioral1/files/0x000500000001a42d-113.dat	xmrig
behavioral1/files/0x000500000001a345-112.dat	xmrig
behavioral1/files/0x000500000001a0a1-111.dat	xmrig
behavioral1/memory/2132-74-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2952-73-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f9f-72.dat	xmrig
behavioral1/memory/2984-71-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/1012-4011-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/1940-4013-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2772-4014-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2100-4012-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2832-4017-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2472-4016-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2952-4015-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2984-4018-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2744-4019-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2356-4020-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1012	VrGqVsM.exe
1940	SnzlfOm.exe
2100	trMOSQY.exe
2472	sXfPdHw.exe
2772	JWxZNGf.exe
2832	jpwOAKM.exe
2984	HoNRvBU.exe
2952	knTlSez.exe
2744	qiXCXlO.exe
2356	ZiPZYwf.exe
572	OVoSzRB.exe
1912	SqfAtDZ.exe
2040	hBReUZA.exe
1000	juFKNRt.exe
1532	AoOjThY.exe
1068	LOypmAB.exe
1748	rcifMaK.exe
2840	bZsEGYE.exe
2764	oYWIHkL.exe
2920	qUCSjmr.exe
2768	LTWMmZr.exe
2752	zUpzyfE.exe
2164	EOUnOOF.exe
1948	oaiLetv.exe
2864	FdSlGoh.exe
800	WVGKVTp.exe
1836	uHQpfIt.exe
1932	KiYFKFc.exe
1264	GzKmJKb.exe
2812	peMzGxM.exe
1792	BySlREJ.exe
1048	YgxEfOk.exe
1412	EdNGnFt.exe
3052	zzlHHNo.exe
1524	gZKBlsY.exe
1208	tIuLaMB.exe
1540	zROWMIh.exe
2260	LwBneFq.exe
1800	cmtHXKr.exe
2120	TqJZYgk.exe
1728	YCJrBZA.exe
1944	dFiRzZA.exe
1584	OqqWiLe.exe
956	nOfmZwd.exe
1512	nuzgvcK.exe
3044	BJqtDlm.exe
2236	RZDVIbk.exe
2056	XzVkgva.exe
2520	rTlhwRH.exe
2388	aHzIsua.exe
2244	EViuPDH.exe
2256	oiUHqsF.exe
2196	cGKlBnu.exe
2332	xdFkxwm.exe
776	mpajyUd.exe
1016	FbNxdDW.exe
2712	xJDkHfB.exe
1892	LeIcFXk.exe
804	OMkjeks.exe
1604	DpLylEZ.exe
1148	MqIBYDK.exe
2112	KULAaHq.exe
2444	Hfqolel.exe
3060	yezpNKS.exe

Loads dropped DLL 64 IoCs

pid	Process
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2132-0-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0008000000012102-3.dat	upx
behavioral1/memory/1012-9-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x000700000001867d-13.dat	upx
behavioral1/files/0x00070000000186c8-16.dat	upx
behavioral1/files/0x00060000000191f3-37.dat	upx
behavioral1/files/0x000600000001878d-26.dat	upx
behavioral1/memory/2472-29-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x00070000000190c6-27.dat	upx
behavioral1/memory/2100-22-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/1940-15-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2832-64-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x000500000001a49a-157.dat	upx
behavioral1/memory/1940-318-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2772-814-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2472-812-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2100-460-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000500000001a4aa-164.dat	upx
behavioral1/files/0x000500000001a4b7-162.dat	upx
behavioral1/files/0x000500000001a48c-156.dat	upx
behavioral1/files/0x000500000001a434-155.dat	upx
behavioral1/files/0x000500000001a42f-154.dat	upx
behavioral1/files/0x000500000001a42b-153.dat	upx
behavioral1/files/0x000500000001a301-152.dat	upx
behavioral1/files/0x000500000001a07b-151.dat	upx
behavioral1/files/0x0005000000019fb9-149.dat	upx
behavioral1/files/0x0005000000019db8-148.dat	upx
behavioral1/files/0x000500000001a48e-136.dat	upx
behavioral1/files/0x000500000001a46a-135.dat	upx
behavioral1/files/0x000500000001a067-88.dat	upx
behavioral1/memory/2744-87-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x000500000001a4bb-166.dat	upx
behavioral1/files/0x000500000001a4b5-161.dat	upx
behavioral1/files/0x0005000000019da4-63.dat	upx
behavioral1/files/0x0007000000019217-62.dat	upx
behavioral1/files/0x0005000000019d44-51.dat	upx
behavioral1/memory/2772-43-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x00070000000191fd-42.dat	upx
behavioral1/files/0x00070000000190c9-32.dat	upx
behavioral1/files/0x000500000001a49c-141.dat	upx
behavioral1/memory/2356-125-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x000500000001a431-114.dat	upx
behavioral1/files/0x000500000001a42d-113.dat	upx
behavioral1/files/0x000500000001a345-112.dat	upx
behavioral1/files/0x000500000001a0a1-111.dat	upx
behavioral1/memory/2132-74-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2952-73-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x0005000000019f9f-72.dat	upx
behavioral1/memory/2984-71-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/1012-4011-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/1940-4013-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2772-4014-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2100-4012-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2832-4017-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2472-4016-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2952-4015-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2984-4018-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2744-4019-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2356-4020-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hJSujLt.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMhySTR.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StHQgcH.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tICbMEi.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuSSXNK.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQNwckh.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmCZjLs.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmrcOZS.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veWYmtJ.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEpBCIA.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSTMDMW.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzBJagE.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPJvKDJ.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGsDPdT.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTNKufD.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMdVbUM.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyNfdGv.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQZizPh.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqVgmrU.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoDGgxj.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpEoVzx.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlPKVBa.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPIglOI.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPSKOdO.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umQjpir.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWYQYqt.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWLkVyg.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogBcNBS.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNcqzrQ.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvxQlHx.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FESAgaW.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFILfbq.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQoVsSX.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XUrofGM.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjZYdNz.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STtnAua.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgdOvEs.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPvBADG.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqlqnQq.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVxVqbk.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGRQpdl.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHcWSvo.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYjSmSO.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdFkxwm.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaNKAIA.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laVkNhR.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\molwUEJ.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNwazxC.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKplvvW.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTGekHC.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HslKFEx.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yezpNKS.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZCkTpu.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZejtbI.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFEefIo.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzDJoRC.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDXEIuO.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNBZXgO.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZSCSdh.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XArzrYv.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpfjcJP.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfxebSX.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAptfCX.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKEgaeq.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 1012	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2132 wrote to memory of 1012	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2132 wrote to memory of 1012	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2132 wrote to memory of 1940	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2132 wrote to memory of 1940	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2132 wrote to memory of 1940	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2132 wrote to memory of 2100	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2132 wrote to memory of 2100	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2132 wrote to memory of 2100	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2132 wrote to memory of 2472	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2132 wrote to memory of 2472	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2132 wrote to memory of 2472	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2132 wrote to memory of 2772	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2132 wrote to memory of 2772	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2132 wrote to memory of 2772	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2132 wrote to memory of 2840	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2132 wrote to memory of 2840	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2132 wrote to memory of 2840	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2132 wrote to memory of 2832	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2132 wrote to memory of 2832	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2132 wrote to memory of 2832	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2132 wrote to memory of 2764	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2132 wrote to memory of 2764	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2132 wrote to memory of 2764	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2132 wrote to memory of 2984	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2132 wrote to memory of 2984	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2132 wrote to memory of 2984	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2132 wrote to memory of 2920	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2132 wrote to memory of 2920	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2132 wrote to memory of 2920	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2132 wrote to memory of 2952	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2132 wrote to memory of 2952	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2132 wrote to memory of 2952	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2132 wrote to memory of 2768	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2132 wrote to memory of 2768	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2132 wrote to memory of 2768	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2132 wrote to memory of 2744	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2132 wrote to memory of 2744	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2132 wrote to memory of 2744	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2132 wrote to memory of 2752	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2132 wrote to memory of 2752	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2132 wrote to memory of 2752	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2132 wrote to memory of 2356	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2132 wrote to memory of 2356	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2132 wrote to memory of 2356	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2132 wrote to memory of 2164	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2132 wrote to memory of 2164	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2132 wrote to memory of 2164	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2132 wrote to memory of 572	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2132 wrote to memory of 572	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2132 wrote to memory of 572	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2132 wrote to memory of 1948	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2132 wrote to memory of 1948	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2132 wrote to memory of 1948	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2132 wrote to memory of 1912	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2132 wrote to memory of 1912	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2132 wrote to memory of 1912	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2132 wrote to memory of 2864	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2132 wrote to memory of 2864	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2132 wrote to memory of 2864	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2132 wrote to memory of 2040	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2132 wrote to memory of 2040	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2132 wrote to memory of 2040	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2132 wrote to memory of 800	2132	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\System\VrGqVsM.exe
  C:\Windows\System\VrGqVsM.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\SnzlfOm.exe
  C:\Windows\System\SnzlfOm.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\trMOSQY.exe
  C:\Windows\System\trMOSQY.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\sXfPdHw.exe
  C:\Windows\System\sXfPdHw.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\JWxZNGf.exe
  C:\Windows\System\JWxZNGf.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\bZsEGYE.exe
  C:\Windows\System\bZsEGYE.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\jpwOAKM.exe
  C:\Windows\System\jpwOAKM.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\oYWIHkL.exe
  C:\Windows\System\oYWIHkL.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\HoNRvBU.exe
  C:\Windows\System\HoNRvBU.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\qUCSjmr.exe
  C:\Windows\System\qUCSjmr.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\knTlSez.exe
  C:\Windows\System\knTlSez.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\LTWMmZr.exe
  C:\Windows\System\LTWMmZr.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\qiXCXlO.exe
  C:\Windows\System\qiXCXlO.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\zUpzyfE.exe
  C:\Windows\System\zUpzyfE.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\ZiPZYwf.exe
  C:\Windows\System\ZiPZYwf.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\EOUnOOF.exe
  C:\Windows\System\EOUnOOF.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\OVoSzRB.exe
  C:\Windows\System\OVoSzRB.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\oaiLetv.exe
  C:\Windows\System\oaiLetv.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\SqfAtDZ.exe
  C:\Windows\System\SqfAtDZ.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\FdSlGoh.exe
  C:\Windows\System\FdSlGoh.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\hBReUZA.exe
  C:\Windows\System\hBReUZA.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\WVGKVTp.exe
  C:\Windows\System\WVGKVTp.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\juFKNRt.exe
  C:\Windows\System\juFKNRt.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\uHQpfIt.exe
  C:\Windows\System\uHQpfIt.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\AoOjThY.exe
  C:\Windows\System\AoOjThY.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\KiYFKFc.exe
  C:\Windows\System\KiYFKFc.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\LOypmAB.exe
  C:\Windows\System\LOypmAB.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\GzKmJKb.exe
  C:\Windows\System\GzKmJKb.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\rcifMaK.exe
  C:\Windows\System\rcifMaK.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\BySlREJ.exe
  C:\Windows\System\BySlREJ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\peMzGxM.exe
  C:\Windows\System\peMzGxM.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\EdNGnFt.exe
  C:\Windows\System\EdNGnFt.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\YgxEfOk.exe
  C:\Windows\System\YgxEfOk.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\gZKBlsY.exe
  C:\Windows\System\gZKBlsY.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\zzlHHNo.exe
  C:\Windows\System\zzlHHNo.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\zROWMIh.exe
  C:\Windows\System\zROWMIh.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\tIuLaMB.exe
  C:\Windows\System\tIuLaMB.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\cmtHXKr.exe
  C:\Windows\System\cmtHXKr.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\LwBneFq.exe
  C:\Windows\System\LwBneFq.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\TqJZYgk.exe
  C:\Windows\System\TqJZYgk.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\YCJrBZA.exe
  C:\Windows\System\YCJrBZA.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\dFiRzZA.exe
  C:\Windows\System\dFiRzZA.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\OqqWiLe.exe
  C:\Windows\System\OqqWiLe.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\nOfmZwd.exe
  C:\Windows\System\nOfmZwd.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\nuzgvcK.exe
  C:\Windows\System\nuzgvcK.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\BJqtDlm.exe
  C:\Windows\System\BJqtDlm.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\RZDVIbk.exe
  C:\Windows\System\RZDVIbk.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\XzVkgva.exe
  C:\Windows\System\XzVkgva.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\rTlhwRH.exe
  C:\Windows\System\rTlhwRH.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\aHzIsua.exe
  C:\Windows\System\aHzIsua.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\EViuPDH.exe
  C:\Windows\System\EViuPDH.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\oiUHqsF.exe
  C:\Windows\System\oiUHqsF.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\cGKlBnu.exe
  C:\Windows\System\cGKlBnu.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\xdFkxwm.exe
  C:\Windows\System\xdFkxwm.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\mpajyUd.exe
  C:\Windows\System\mpajyUd.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\FbNxdDW.exe
  C:\Windows\System\FbNxdDW.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\xJDkHfB.exe
  C:\Windows\System\xJDkHfB.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\LeIcFXk.exe
  C:\Windows\System\LeIcFXk.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\OMkjeks.exe
  C:\Windows\System\OMkjeks.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\DpLylEZ.exe
  C:\Windows\System\DpLylEZ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\MqIBYDK.exe
  C:\Windows\System\MqIBYDK.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\KULAaHq.exe
  C:\Windows\System\KULAaHq.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\Hfqolel.exe
  C:\Windows\System\Hfqolel.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\yezpNKS.exe
  C:\Windows\System\yezpNKS.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\QFRiLlT.exe
  C:\Windows\System\QFRiLlT.exe
  2⤵
  PID:1692
- C:\Windows\System\uBFOdBV.exe
  C:\Windows\System\uBFOdBV.exe
  2⤵
  PID:2988
- C:\Windows\System\hdiduXf.exe
  C:\Windows\System\hdiduXf.exe
  2⤵
  PID:2816
- C:\Windows\System\fTGejyO.exe
  C:\Windows\System\fTGejyO.exe
  2⤵
  PID:2632
- C:\Windows\System\LZtUond.exe
  C:\Windows\System\LZtUond.exe
  2⤵
  PID:2704
- C:\Windows\System\ytkrLWl.exe
  C:\Windows\System\ytkrLWl.exe
  2⤵
  PID:320
- C:\Windows\System\XKrjGIv.exe
  C:\Windows\System\XKrjGIv.exe
  2⤵
  PID:1032
- C:\Windows\System\YPJvpDN.exe
  C:\Windows\System\YPJvpDN.exe
  2⤵
  PID:3056
- C:\Windows\System\mjXvgTV.exe
  C:\Windows\System\mjXvgTV.exe
  2⤵
  PID:904
- C:\Windows\System\YkTxZno.exe
  C:\Windows\System\YkTxZno.exe
  2⤵
  PID:344
- C:\Windows\System\OZEvsZb.exe
  C:\Windows\System\OZEvsZb.exe
  2⤵
  PID:1956
- C:\Windows\System\yGsUSgW.exe
  C:\Windows\System\yGsUSgW.exe
  2⤵
  PID:1740
- C:\Windows\System\JMznQBE.exe
  C:\Windows\System\JMznQBE.exe
  2⤵
  PID:2180
- C:\Windows\System\KZSZYKu.exe
  C:\Windows\System\KZSZYKu.exe
  2⤵
  PID:856
- C:\Windows\System\gTfnyOC.exe
  C:\Windows\System\gTfnyOC.exe
  2⤵
  PID:1400
- C:\Windows\System\niDjNuO.exe
  C:\Windows\System\niDjNuO.exe
  2⤵
  PID:2824
- C:\Windows\System\rsOauIZ.exe
  C:\Windows\System\rsOauIZ.exe
  2⤵
  PID:1828
- C:\Windows\System\ZOOXnXi.exe
  C:\Windows\System\ZOOXnXi.exe
  2⤵
  PID:2808
- C:\Windows\System\ogcOqbF.exe
  C:\Windows\System\ogcOqbF.exe
  2⤵
  PID:2328
- C:\Windows\System\NdJMvMq.exe
  C:\Windows\System\NdJMvMq.exe
  2⤵
  PID:900
- C:\Windows\System\TOBdVUo.exe
  C:\Windows\System\TOBdVUo.exe
  2⤵
  PID:1008
- C:\Windows\System\THYfmMs.exe
  C:\Windows\System\THYfmMs.exe
  2⤵
  PID:1152
- C:\Windows\System\brwJcyZ.exe
  C:\Windows\System\brwJcyZ.exe
  2⤵
  PID:3084
- C:\Windows\System\motOIqq.exe
  C:\Windows\System\motOIqq.exe
  2⤵
  PID:3100
- C:\Windows\System\bKkUpeg.exe
  C:\Windows\System\bKkUpeg.exe
  2⤵
  PID:3116
- C:\Windows\System\uFbrkCF.exe
  C:\Windows\System\uFbrkCF.exe
  2⤵
  PID:3136
- C:\Windows\System\SDYGxbK.exe
  C:\Windows\System\SDYGxbK.exe
  2⤵
  PID:3168
- C:\Windows\System\ZVHIigs.exe
  C:\Windows\System\ZVHIigs.exe
  2⤵
  PID:3188
- C:\Windows\System\vcXKspL.exe
  C:\Windows\System\vcXKspL.exe
  2⤵
  PID:3208
- C:\Windows\System\DtLBprp.exe
  C:\Windows\System\DtLBprp.exe
  2⤵
  PID:3228
- C:\Windows\System\SpqOUhL.exe
  C:\Windows\System\SpqOUhL.exe
  2⤵
  PID:3248
- C:\Windows\System\aHcDIsR.exe
  C:\Windows\System\aHcDIsR.exe
  2⤵
  PID:3268
- C:\Windows\System\BPrUABm.exe
  C:\Windows\System\BPrUABm.exe
  2⤵
  PID:3288
- C:\Windows\System\zaEwnvB.exe
  C:\Windows\System\zaEwnvB.exe
  2⤵
  PID:3312
- C:\Windows\System\mwDfncE.exe
  C:\Windows\System\mwDfncE.exe
  2⤵
  PID:3328
- C:\Windows\System\sOkuxir.exe
  C:\Windows\System\sOkuxir.exe
  2⤵
  PID:3348
- C:\Windows\System\QzDFvOq.exe
  C:\Windows\System\QzDFvOq.exe
  2⤵
  PID:3368
- C:\Windows\System\FUnjLrb.exe
  C:\Windows\System\FUnjLrb.exe
  2⤵
  PID:3384
- C:\Windows\System\zxVesMe.exe
  C:\Windows\System\zxVesMe.exe
  2⤵
  PID:3400
- C:\Windows\System\eroVjPn.exe
  C:\Windows\System\eroVjPn.exe
  2⤵
  PID:3424
- C:\Windows\System\nycxCIn.exe
  C:\Windows\System\nycxCIn.exe
  2⤵
  PID:3448
- C:\Windows\System\YhcfiHs.exe
  C:\Windows\System\YhcfiHs.exe
  2⤵
  PID:3472
- C:\Windows\System\BYwEzoZ.exe
  C:\Windows\System\BYwEzoZ.exe
  2⤵
  PID:3488
- C:\Windows\System\OxFdiYq.exe
  C:\Windows\System\OxFdiYq.exe
  2⤵
  PID:3512
- C:\Windows\System\JDXbsrt.exe
  C:\Windows\System\JDXbsrt.exe
  2⤵
  PID:3528
- C:\Windows\System\AmQumxC.exe
  C:\Windows\System\AmQumxC.exe
  2⤵
  PID:3544
- C:\Windows\System\GseUJIq.exe
  C:\Windows\System\GseUJIq.exe
  2⤵
  PID:3568
- C:\Windows\System\ogBcNBS.exe
  C:\Windows\System\ogBcNBS.exe
  2⤵
  PID:3584
- C:\Windows\System\mEGuibi.exe
  C:\Windows\System\mEGuibi.exe
  2⤵
  PID:3600
- C:\Windows\System\JqCBmLu.exe
  C:\Windows\System\JqCBmLu.exe
  2⤵
  PID:3624
- C:\Windows\System\qavGQfI.exe
  C:\Windows\System\qavGQfI.exe
  2⤵
  PID:3644
- C:\Windows\System\lIauNyd.exe
  C:\Windows\System\lIauNyd.exe
  2⤵
  PID:3660
- C:\Windows\System\TLIAcvR.exe
  C:\Windows\System\TLIAcvR.exe
  2⤵
  PID:3676
- C:\Windows\System\scJsVnL.exe
  C:\Windows\System\scJsVnL.exe
  2⤵
  PID:3704
- C:\Windows\System\pitRPqD.exe
  C:\Windows\System\pitRPqD.exe
  2⤵
  PID:3720
- C:\Windows\System\AnsIecJ.exe
  C:\Windows\System\AnsIecJ.exe
  2⤵
  PID:3744
- C:\Windows\System\wLxvtqF.exe
  C:\Windows\System\wLxvtqF.exe
  2⤵
  PID:3760
- C:\Windows\System\TBcpgqI.exe
  C:\Windows\System\TBcpgqI.exe
  2⤵
  PID:3780
- C:\Windows\System\ChIvzNb.exe
  C:\Windows\System\ChIvzNb.exe
  2⤵
  PID:3800
- C:\Windows\System\ZnlDMXU.exe
  C:\Windows\System\ZnlDMXU.exe
  2⤵
  PID:3828
- C:\Windows\System\TxRyZWc.exe
  C:\Windows\System\TxRyZWc.exe
  2⤵
  PID:3856
- C:\Windows\System\kToKuCU.exe
  C:\Windows\System\kToKuCU.exe
  2⤵
  PID:3872
- C:\Windows\System\yQHoCpo.exe
  C:\Windows\System\yQHoCpo.exe
  2⤵
  PID:3892
- C:\Windows\System\hsUhMqs.exe
  C:\Windows\System\hsUhMqs.exe
  2⤵
  PID:3912
- C:\Windows\System\HauaUrt.exe
  C:\Windows\System\HauaUrt.exe
  2⤵
  PID:3936
- C:\Windows\System\UwHrQja.exe
  C:\Windows\System\UwHrQja.exe
  2⤵
  PID:3956
- C:\Windows\System\vpwCmmk.exe
  C:\Windows\System\vpwCmmk.exe
  2⤵
  PID:3980
- C:\Windows\System\yDjyvnL.exe
  C:\Windows\System\yDjyvnL.exe
  2⤵
  PID:3996
- C:\Windows\System\oucePPg.exe
  C:\Windows\System\oucePPg.exe
  2⤵
  PID:4020
- C:\Windows\System\RgszPmV.exe
  C:\Windows\System\RgszPmV.exe
  2⤵
  PID:4040
- C:\Windows\System\TIzoFgg.exe
  C:\Windows\System\TIzoFgg.exe
  2⤵
  PID:4060
- C:\Windows\System\yTsVcCF.exe
  C:\Windows\System\yTsVcCF.exe
  2⤵
  PID:4076
- C:\Windows\System\GiPXubq.exe
  C:\Windows\System\GiPXubq.exe
  2⤵
  PID:596
- C:\Windows\System\IlvnzHX.exe
  C:\Windows\System\IlvnzHX.exe
  2⤵
  PID:2452
- C:\Windows\System\mcjcnsQ.exe
  C:\Windows\System\mcjcnsQ.exe
  2⤵
  PID:1116
- C:\Windows\System\OJbwogV.exe
  C:\Windows\System\OJbwogV.exe
  2⤵
  PID:2912
- C:\Windows\System\yfnXdsz.exe
  C:\Windows\System\yfnXdsz.exe
  2⤵
  PID:1568
- C:\Windows\System\RlATIfX.exe
  C:\Windows\System\RlATIfX.exe
  2⤵
  PID:2348
- C:\Windows\System\zgEmptk.exe
  C:\Windows\System\zgEmptk.exe
  2⤵
  PID:1964
- C:\Windows\System\FQpeEDx.exe
  C:\Windows\System\FQpeEDx.exe
  2⤵
  PID:848
- C:\Windows\System\UnFnLUN.exe
  C:\Windows\System\UnFnLUN.exe
  2⤵
  PID:1776
- C:\Windows\System\PEghZEm.exe
  C:\Windows\System\PEghZEm.exe
  2⤵
  PID:1976
- C:\Windows\System\RcocbKv.exe
  C:\Windows\System\RcocbKv.exe
  2⤵
  PID:2492
- C:\Windows\System\YlWyJtR.exe
  C:\Windows\System\YlWyJtR.exe
  2⤵
  PID:2644
- C:\Windows\System\zkTwSOm.exe
  C:\Windows\System\zkTwSOm.exe
  2⤵
  PID:2292
- C:\Windows\System\wlKYmmN.exe
  C:\Windows\System\wlKYmmN.exe
  2⤵
  PID:1920
- C:\Windows\System\CLjpNZV.exe
  C:\Windows\System\CLjpNZV.exe
  2⤵
  PID:2716
- C:\Windows\System\ZfQmKAF.exe
  C:\Windows\System\ZfQmKAF.exe
  2⤵
  PID:3096
- C:\Windows\System\eoniQOi.exe
  C:\Windows\System\eoniQOi.exe
  2⤵
  PID:1448
- C:\Windows\System\QytrOSk.exe
  C:\Windows\System\QytrOSk.exe
  2⤵
  PID:3080
- C:\Windows\System\LGBlvND.exe
  C:\Windows\System\LGBlvND.exe
  2⤵
  PID:940
- C:\Windows\System\rrdDKkE.exe
  C:\Windows\System\rrdDKkE.exe
  2⤵
  PID:3216
- C:\Windows\System\xpEoVzx.exe
  C:\Windows\System\xpEoVzx.exe
  2⤵
  PID:3256
- C:\Windows\System\FVBWXDd.exe
  C:\Windows\System\FVBWXDd.exe
  2⤵
  PID:3156
- C:\Windows\System\DwmeUzW.exe
  C:\Windows\System\DwmeUzW.exe
  2⤵
  PID:3164
- C:\Windows\System\PCmalmJ.exe
  C:\Windows\System\PCmalmJ.exe
  2⤵
  PID:3340
- C:\Windows\System\CKmMXGU.exe
  C:\Windows\System\CKmMXGU.exe
  2⤵
  PID:3420
- C:\Windows\System\swGaqxi.exe
  C:\Windows\System\swGaqxi.exe
  2⤵
  PID:3460
- C:\Windows\System\IXMeTGF.exe
  C:\Windows\System\IXMeTGF.exe
  2⤵
  PID:3280
- C:\Windows\System\FoDGgxj.exe
  C:\Windows\System\FoDGgxj.exe
  2⤵
  PID:3360
- C:\Windows\System\exMGoZA.exe
  C:\Windows\System\exMGoZA.exe
  2⤵
  PID:3504
- C:\Windows\System\TmuQyRv.exe
  C:\Windows\System\TmuQyRv.exe
  2⤵
  PID:3540
- C:\Windows\System\zCielJF.exe
  C:\Windows\System\zCielJF.exe
  2⤵
  PID:3356
- C:\Windows\System\byqoNdr.exe
  C:\Windows\System\byqoNdr.exe
  2⤵
  PID:3612
- C:\Windows\System\zEIuqpZ.exe
  C:\Windows\System\zEIuqpZ.exe
  2⤵
  PID:3688
- C:\Windows\System\BzGlWlp.exe
  C:\Windows\System\BzGlWlp.exe
  2⤵
  PID:3692
- C:\Windows\System\molwUEJ.exe
  C:\Windows\System\molwUEJ.exe
  2⤵
  PID:3552
- C:\Windows\System\OMtckFu.exe
  C:\Windows\System\OMtckFu.exe
  2⤵
  PID:3592
- C:\Windows\System\KImsNSk.exe
  C:\Windows\System\KImsNSk.exe
  2⤵
  PID:3732
- C:\Windows\System\HqTSnnR.exe
  C:\Windows\System\HqTSnnR.exe
  2⤵
  PID:3768
- C:\Windows\System\kztPUqX.exe
  C:\Windows\System\kztPUqX.exe
  2⤵
  PID:3808
- C:\Windows\System\iiRmavT.exe
  C:\Windows\System\iiRmavT.exe
  2⤵
  PID:3796
- C:\Windows\System\VhrPpup.exe
  C:\Windows\System\VhrPpup.exe
  2⤵
  PID:3824
- C:\Windows\System\TeEMTwz.exe
  C:\Windows\System\TeEMTwz.exe
  2⤵
  PID:3900
- C:\Windows\System\qlTgpKC.exe
  C:\Windows\System\qlTgpKC.exe
  2⤵
  PID:3848
- C:\Windows\System\OhpRnTo.exe
  C:\Windows\System\OhpRnTo.exe
  2⤵
  PID:3836
- C:\Windows\System\EmcGEfd.exe
  C:\Windows\System\EmcGEfd.exe
  2⤵
  PID:3948
- C:\Windows\System\XwnycYE.exe
  C:\Windows\System\XwnycYE.exe
  2⤵
  PID:3964
- C:\Windows\System\ZOBzFWg.exe
  C:\Windows\System\ZOBzFWg.exe
  2⤵
  PID:3976
- C:\Windows\System\RovgfuU.exe
  C:\Windows\System\RovgfuU.exe
  2⤵
  PID:4068
- C:\Windows\System\fxJbqGd.exe
  C:\Windows\System\fxJbqGd.exe
  2⤵
  PID:4072
- C:\Windows\System\yLcpEQF.exe
  C:\Windows\System\yLcpEQF.exe
  2⤵
  PID:2968
- C:\Windows\System\tEGlXBb.exe
  C:\Windows\System\tEGlXBb.exe
  2⤵
  PID:4092
- C:\Windows\System\slgQoca.exe
  C:\Windows\System\slgQoca.exe
  2⤵
  PID:2144
- C:\Windows\System\UpUMlMn.exe
  C:\Windows\System\UpUMlMn.exe
  2⤵
  PID:1820
- C:\Windows\System\yWyZJnE.exe
  C:\Windows\System\yWyZJnE.exe
  2⤵
  PID:2316
- C:\Windows\System\FFFJNyL.exe
  C:\Windows\System\FFFJNyL.exe
  2⤵
  PID:628
- C:\Windows\System\XUrofGM.exe
  C:\Windows\System\XUrofGM.exe
  2⤵
  PID:1628
- C:\Windows\System\qfQXOen.exe
  C:\Windows\System\qfQXOen.exe
  2⤵
  PID:2624
- C:\Windows\System\ElAOqJl.exe
  C:\Windows\System\ElAOqJl.exe
  2⤵
  PID:2372
- C:\Windows\System\ruFLikt.exe
  C:\Windows\System\ruFLikt.exe
  2⤵
  PID:1424
- C:\Windows\System\yWNiJxH.exe
  C:\Windows\System\yWNiJxH.exe
  2⤵
  PID:2460
- C:\Windows\System\DMCGjrV.exe
  C:\Windows\System\DMCGjrV.exe
  2⤵
  PID:3076
- C:\Windows\System\dkSYorF.exe
  C:\Windows\System\dkSYorF.exe
  2⤵
  PID:3152
- C:\Windows\System\MxRfbNB.exe
  C:\Windows\System\MxRfbNB.exe
  2⤵
  PID:3864
- C:\Windows\System\pFOKKsa.exe
  C:\Windows\System\pFOKKsa.exe
  2⤵
  PID:3924
- C:\Windows\System\WhUPmFm.exe
  C:\Windows\System\WhUPmFm.exe
  2⤵
  PID:3396
- C:\Windows\System\XUWcoLS.exe
  C:\Windows\System\XUWcoLS.exe
  2⤵
  PID:3128
- C:\Windows\System\ghBnSSW.exe
  C:\Windows\System\ghBnSSW.exe
  2⤵
  PID:3656
- C:\Windows\System\tzDegaa.exe
  C:\Windows\System\tzDegaa.exe
  2⤵
  PID:3484
- C:\Windows\System\FjdVjPA.exe
  C:\Windows\System\FjdVjPA.exe
  2⤵
  PID:2740
- C:\Windows\System\cRoqnRM.exe
  C:\Windows\System\cRoqnRM.exe
  2⤵
  PID:3240
- C:\Windows\System\PxKCbmx.exe
  C:\Windows\System\PxKCbmx.exe
  2⤵
  PID:1180
- C:\Windows\System\gjSHrXA.exe
  C:\Windows\System\gjSHrXA.exe
  2⤵
  PID:2224
- C:\Windows\System\dmJZVnb.exe
  C:\Windows\System\dmJZVnb.exe
  2⤵
  PID:3712
- C:\Windows\System\wzCBalg.exe
  C:\Windows\System\wzCBalg.exe
  2⤵
  PID:3184
- C:\Windows\System\kSIHsGK.exe
  C:\Windows\System\kSIHsGK.exe
  2⤵
  PID:1624
- C:\Windows\System\bAcyikg.exe
  C:\Windows\System\bAcyikg.exe
  2⤵
  PID:3580
- C:\Windows\System\RvphwwI.exe
  C:\Windows\System\RvphwwI.exe
  2⤵
  PID:3952
- C:\Windows\System\myWKMax.exe
  C:\Windows\System\myWKMax.exe
  2⤵
  PID:4008
- C:\Windows\System\yXsypiH.exe
  C:\Windows\System\yXsypiH.exe
  2⤵
  PID:2320
- C:\Windows\System\pzDQnht.exe
  C:\Windows\System\pzDQnht.exe
  2⤵
  PID:1232
- C:\Windows\System\dmfwmjL.exe
  C:\Windows\System\dmfwmjL.exe
  2⤵
  PID:1744
- C:\Windows\System\bUdzrKE.exe
  C:\Windows\System\bUdzrKE.exe
  2⤵
  PID:3304
- C:\Windows\System\XeZLWLS.exe
  C:\Windows\System\XeZLWLS.exe
  2⤵
  PID:3320
- C:\Windows\System\uABSrdg.exe
  C:\Windows\System\uABSrdg.exe
  2⤵
  PID:3620
- C:\Windows\System\QEvclMZ.exe
  C:\Windows\System\QEvclMZ.exe
  2⤵
  PID:3560
- C:\Windows\System\XArzrYv.exe
  C:\Windows\System\XArzrYv.exe
  2⤵
  PID:3752
- C:\Windows\System\hHujaHb.exe
  C:\Windows\System\hHujaHb.exe
  2⤵
  PID:3884
- C:\Windows\System\mLnduYT.exe
  C:\Windows\System\mLnduYT.exe
  2⤵
  PID:2804
- C:\Windows\System\fRDJIod.exe
  C:\Windows\System\fRDJIod.exe
  2⤵
  PID:3416
- C:\Windows\System\XEmCMaJ.exe
  C:\Windows\System\XEmCMaJ.exe
  2⤵
  PID:4056
- C:\Windows\System\TPRorcv.exe
  C:\Windows\System\TPRorcv.exe
  2⤵
  PID:2108
- C:\Windows\System\LJbqWbj.exe
  C:\Windows\System\LJbqWbj.exe
  2⤵
  PID:4032
- C:\Windows\System\eYzOCaT.exe
  C:\Windows\System\eYzOCaT.exe
  2⤵
  PID:3380
- C:\Windows\System\AHmZayq.exe
  C:\Windows\System\AHmZayq.exe
  2⤵
  PID:3204
- C:\Windows\System\sXUbAfY.exe
  C:\Windows\System\sXUbAfY.exe
  2⤵
  PID:2240
- C:\Windows\System\qzzWDrE.exe
  C:\Windows\System\qzzWDrE.exe
  2⤵
  PID:2468
- C:\Windows\System\zvuRvfT.exe
  C:\Windows\System\zvuRvfT.exe
  2⤵
  PID:3180
- C:\Windows\System\BzSVuXL.exe
  C:\Windows\System\BzSVuXL.exe
  2⤵
  PID:3904
- C:\Windows\System\JNpqJkN.exe
  C:\Windows\System\JNpqJkN.exe
  2⤵
  PID:2736
- C:\Windows\System\BGlPtEm.exe
  C:\Windows\System\BGlPtEm.exe
  2⤵
  PID:3888
- C:\Windows\System\EUYsmlV.exe
  C:\Windows\System\EUYsmlV.exe
  2⤵
  PID:3852
- C:\Windows\System\HmToPaw.exe
  C:\Windows\System\HmToPaw.exe
  2⤵
  PID:2276
- C:\Windows\System\FmerQek.exe
  C:\Windows\System\FmerQek.exe
  2⤵
  PID:3700
- C:\Windows\System\imYjDJF.exe
  C:\Windows\System\imYjDJF.exe
  2⤵
  PID:4100
- C:\Windows\System\hiqWbHb.exe
  C:\Windows\System\hiqWbHb.exe
  2⤵
  PID:4124
- C:\Windows\System\fUxqBlR.exe
  C:\Windows\System\fUxqBlR.exe
  2⤵
  PID:4156
- C:\Windows\System\MSOlzRV.exe
  C:\Windows\System\MSOlzRV.exe
  2⤵
  PID:4184
- C:\Windows\System\sKmxDsS.exe
  C:\Windows\System\sKmxDsS.exe
  2⤵
  PID:4200
- C:\Windows\System\DmHuTbK.exe
  C:\Windows\System\DmHuTbK.exe
  2⤵
  PID:4220
- C:\Windows\System\PDlotHY.exe
  C:\Windows\System\PDlotHY.exe
  2⤵
  PID:4236
- C:\Windows\System\AqaBNkg.exe
  C:\Windows\System\AqaBNkg.exe
  2⤵
  PID:4256
- C:\Windows\System\dvxQlHx.exe
  C:\Windows\System\dvxQlHx.exe
  2⤵
  PID:4272
- C:\Windows\System\KehUJgc.exe
  C:\Windows\System\KehUJgc.exe
  2⤵
  PID:4296
- C:\Windows\System\HeqEAhQ.exe
  C:\Windows\System\HeqEAhQ.exe
  2⤵
  PID:4312
- C:\Windows\System\NRoewdU.exe
  C:\Windows\System\NRoewdU.exe
  2⤵
  PID:4332
- C:\Windows\System\bykmCqL.exe
  C:\Windows\System\bykmCqL.exe
  2⤵
  PID:4348
- C:\Windows\System\PjUuRxP.exe
  C:\Windows\System\PjUuRxP.exe
  2⤵
  PID:4372
- C:\Windows\System\JxxEKGM.exe
  C:\Windows\System\JxxEKGM.exe
  2⤵
  PID:4388
- C:\Windows\System\RFEefIo.exe
  C:\Windows\System\RFEefIo.exe
  2⤵
  PID:4404
- C:\Windows\System\bGiZfCU.exe
  C:\Windows\System\bGiZfCU.exe
  2⤵
  PID:4420
- C:\Windows\System\CIroSgk.exe
  C:\Windows\System\CIroSgk.exe
  2⤵
  PID:4436
- C:\Windows\System\SEAztGc.exe
  C:\Windows\System\SEAztGc.exe
  2⤵
  PID:4452
- C:\Windows\System\mhxRCKc.exe
  C:\Windows\System\mhxRCKc.exe
  2⤵
  PID:4468
- C:\Windows\System\JRzHiKC.exe
  C:\Windows\System\JRzHiKC.exe
  2⤵
  PID:4492
- C:\Windows\System\QAblWrG.exe
  C:\Windows\System\QAblWrG.exe
  2⤵
  PID:4508
- C:\Windows\System\EXEVcCk.exe
  C:\Windows\System\EXEVcCk.exe
  2⤵
  PID:4524
- C:\Windows\System\wtrazoR.exe
  C:\Windows\System\wtrazoR.exe
  2⤵
  PID:4540
- C:\Windows\System\LQnBRmf.exe
  C:\Windows\System\LQnBRmf.exe
  2⤵
  PID:4560
- C:\Windows\System\uDqIYMB.exe
  C:\Windows\System\uDqIYMB.exe
  2⤵
  PID:4576
- C:\Windows\System\fUUbyDf.exe
  C:\Windows\System\fUUbyDf.exe
  2⤵
  PID:4596
- C:\Windows\System\onbVFnm.exe
  C:\Windows\System\onbVFnm.exe
  2⤵
  PID:4612
- C:\Windows\System\BNMgWOr.exe
  C:\Windows\System\BNMgWOr.exe
  2⤵
  PID:4628
- C:\Windows\System\jmLqoFB.exe
  C:\Windows\System\jmLqoFB.exe
  2⤵
  PID:4644
- C:\Windows\System\btgmHhc.exe
  C:\Windows\System\btgmHhc.exe
  2⤵
  PID:4660
- C:\Windows\System\SJmSrtF.exe
  C:\Windows\System\SJmSrtF.exe
  2⤵
  PID:4680
- C:\Windows\System\JcfYySB.exe
  C:\Windows\System\JcfYySB.exe
  2⤵
  PID:4696
- C:\Windows\System\fRWwiOo.exe
  C:\Windows\System\fRWwiOo.exe
  2⤵
  PID:4712
- C:\Windows\System\LQDlIRO.exe
  C:\Windows\System\LQDlIRO.exe
  2⤵
  PID:4728
- C:\Windows\System\BlPKVBa.exe
  C:\Windows\System\BlPKVBa.exe
  2⤵
  PID:4744
- C:\Windows\System\jnPGZMa.exe
  C:\Windows\System\jnPGZMa.exe
  2⤵
  PID:4760
- C:\Windows\System\iYOEqxA.exe
  C:\Windows\System\iYOEqxA.exe
  2⤵
  PID:4776
- C:\Windows\System\DPTEQjk.exe
  C:\Windows\System\DPTEQjk.exe
  2⤵
  PID:4792
- C:\Windows\System\JOCbeIN.exe
  C:\Windows\System\JOCbeIN.exe
  2⤵
  PID:4856
- C:\Windows\System\wFwkpaS.exe
  C:\Windows\System\wFwkpaS.exe
  2⤵
  PID:4872
- C:\Windows\System\EroHOFg.exe
  C:\Windows\System\EroHOFg.exe
  2⤵
  PID:4896
- C:\Windows\System\RkphFyl.exe
  C:\Windows\System\RkphFyl.exe
  2⤵
  PID:4916
- C:\Windows\System\MDEnVJu.exe
  C:\Windows\System\MDEnVJu.exe
  2⤵
  PID:4936
- C:\Windows\System\NNBWCoH.exe
  C:\Windows\System\NNBWCoH.exe
  2⤵
  PID:4960
- C:\Windows\System\apeOhKp.exe
  C:\Windows\System\apeOhKp.exe
  2⤵
  PID:4976
- C:\Windows\System\OqDdloF.exe
  C:\Windows\System\OqDdloF.exe
  2⤵
  PID:4996
- C:\Windows\System\edsUToc.exe
  C:\Windows\System\edsUToc.exe
  2⤵
  PID:5020
- C:\Windows\System\HtYZYJO.exe
  C:\Windows\System\HtYZYJO.exe
  2⤵
  PID:5036
- C:\Windows\System\tjRbsZC.exe
  C:\Windows\System\tjRbsZC.exe
  2⤵
  PID:5060
- C:\Windows\System\RhyVvMN.exe
  C:\Windows\System\RhyVvMN.exe
  2⤵
  PID:5076
- C:\Windows\System\JYgEnei.exe
  C:\Windows\System\JYgEnei.exe
  2⤵
  PID:5096
- C:\Windows\System\FGFIlSO.exe
  C:\Windows\System\FGFIlSO.exe
  2⤵
  PID:5116
- C:\Windows\System\cYekYcn.exe
  C:\Windows\System\cYekYcn.exe
  2⤵
  PID:3616
- C:\Windows\System\GbMeVDd.exe
  C:\Windows\System\GbMeVDd.exe
  2⤵
  PID:4088
- C:\Windows\System\JETgVSl.exe
  C:\Windows\System\JETgVSl.exe
  2⤵
  PID:3276
- C:\Windows\System\XpMKahn.exe
  C:\Windows\System\XpMKahn.exe
  2⤵
  PID:3300
- C:\Windows\System\DdMIGbv.exe
  C:\Windows\System\DdMIGbv.exe
  2⤵
  PID:2976
- C:\Windows\System\igKfOxm.exe
  C:\Windows\System\igKfOxm.exe
  2⤵
  PID:2828
- C:\Windows\System\GtIXqXg.exe
  C:\Windows\System\GtIXqXg.exe
  2⤵
  PID:3132
- C:\Windows\System\BQDbAcE.exe
  C:\Windows\System\BQDbAcE.exe
  2⤵
  PID:3728
- C:\Windows\System\VlmGQPr.exe
  C:\Windows\System\VlmGQPr.exe
  2⤵
  PID:2648
- C:\Windows\System\ahsiION.exe
  C:\Windows\System\ahsiION.exe
  2⤵
  PID:4228
- C:\Windows\System\CowMLUX.exe
  C:\Windows\System\CowMLUX.exe
  2⤵
  PID:4268
- C:\Windows\System\ZwiOgSc.exe
  C:\Windows\System\ZwiOgSc.exe
  2⤵
  PID:3464
- C:\Windows\System\UuqYvlU.exe
  C:\Windows\System\UuqYvlU.exe
  2⤵
  PID:4120
- C:\Windows\System\RoCCrlc.exe
  C:\Windows\System\RoCCrlc.exe
  2⤵
  PID:3668
- C:\Windows\System\UYdlMMW.exe
  C:\Windows\System\UYdlMMW.exe
  2⤵
  PID:4324
- C:\Windows\System\xfoZlco.exe
  C:\Windows\System\xfoZlco.exe
  2⤵
  PID:4384
- C:\Windows\System\toidvrp.exe
  C:\Windows\System\toidvrp.exe
  2⤵
  PID:4448
- C:\Windows\System\OpprIzT.exe
  C:\Windows\System\OpprIzT.exe
  2⤵
  PID:4488
- C:\Windows\System\QdQZIPv.exe
  C:\Windows\System\QdQZIPv.exe
  2⤵
  PID:4552
- C:\Windows\System\yknyiTy.exe
  C:\Windows\System\yknyiTy.exe
  2⤵
  PID:4592
- C:\Windows\System\eXHhivq.exe
  C:\Windows\System\eXHhivq.exe
  2⤵
  PID:5108
- C:\Windows\System\uDzJEXn.exe
  C:\Windows\System\uDzJEXn.exe
  2⤵
  PID:2540
- C:\Windows\System\cgFiZAb.exe
  C:\Windows\System\cgFiZAb.exe
  2⤵
  PID:4176
- C:\Windows\System\JjVwrun.exe
  C:\Windows\System\JjVwrun.exe
  2⤵
  PID:3740
- C:\Windows\System\wmKeeKs.exe
  C:\Windows\System\wmKeeKs.exe
  2⤵
  PID:4244
- C:\Windows\System\HraJhac.exe
  C:\Windows\System\HraJhac.exe
  2⤵
  PID:4428
- C:\Windows\System\QRhLSIs.exe
  C:\Windows\System\QRhLSIs.exe
  2⤵
  PID:4504
- C:\Windows\System\ttwVCxS.exe
  C:\Windows\System\ttwVCxS.exe
  2⤵
  PID:4380
- C:\Windows\System\NgrSBDc.exe
  C:\Windows\System\NgrSBDc.exe
  2⤵
  PID:4588
- C:\Windows\System\fwzvUXg.exe
  C:\Windows\System\fwzvUXg.exe
  2⤵
  PID:4672
- C:\Windows\System\rNQXeQv.exe
  C:\Windows\System\rNQXeQv.exe
  2⤵
  PID:4736
- C:\Windows\System\BzfVobt.exe
  C:\Windows\System\BzfVobt.exe
  2⤵
  PID:4800
- C:\Windows\System\XNgLOip.exe
  C:\Windows\System\XNgLOip.exe
  2⤵
  PID:4816
- C:\Windows\System\YhsfpiV.exe
  C:\Windows\System\YhsfpiV.exe
  2⤵
  PID:4832
- C:\Windows\System\ZiTJhlo.exe
  C:\Windows\System\ZiTJhlo.exe
  2⤵
  PID:4848
- C:\Windows\System\YSbKHcm.exe
  C:\Windows\System\YSbKHcm.exe
  2⤵
  PID:4888
- C:\Windows\System\bptZxJi.exe
  C:\Windows\System\bptZxJi.exe
  2⤵
  PID:4932
- C:\Windows\System\xiZhoKp.exe
  C:\Windows\System\xiZhoKp.exe
  2⤵
  PID:5008
- C:\Windows\System\qzDJoRC.exe
  C:\Windows\System\qzDJoRC.exe
  2⤵
  PID:5048
- C:\Windows\System\JDaiKrH.exe
  C:\Windows\System\JDaiKrH.exe
  2⤵
  PID:5088
- C:\Windows\System\WpMmJzf.exe
  C:\Windows\System\WpMmJzf.exe
  2⤵
  PID:3436
- C:\Windows\System\DEiOaWz.exe
  C:\Windows\System\DEiOaWz.exe
  2⤵
  PID:4148
- C:\Windows\System\iBuzBGI.exe
  C:\Windows\System\iBuzBGI.exe
  2⤵
  PID:4288
- C:\Windows\System\hzqGyyD.exe
  C:\Windows\System\hzqGyyD.exe
  2⤵
  PID:4520
- C:\Windows\System\wnhDxQF.exe
  C:\Windows\System\wnhDxQF.exe
  2⤵
  PID:4944
- C:\Windows\System\gzmfqlW.exe
  C:\Windows\System\gzmfqlW.exe
  2⤵
  PID:4724
- C:\Windows\System\oOgvifX.exe
  C:\Windows\System\oOgvifX.exe
  2⤵
  PID:4784
- C:\Windows\System\LBbDWWv.exe
  C:\Windows\System\LBbDWWv.exe
  2⤵
  PID:4868
- C:\Windows\System\onCTbDV.exe
  C:\Windows\System\onCTbDV.exe
  2⤵
  PID:2616
- C:\Windows\System\ZLdUeWL.exe
  C:\Windows\System\ZLdUeWL.exe
  2⤵
  PID:4400
- C:\Windows\System\BFREyIe.exe
  C:\Windows\System\BFREyIe.exe
  2⤵
  PID:4320
- C:\Windows\System\wFJzKGN.exe
  C:\Windows\System\wFJzKGN.exe
  2⤵
  PID:5068
- C:\Windows\System\DTyiMaQ.exe
  C:\Windows\System\DTyiMaQ.exe
  2⤵
  PID:4172
- C:\Windows\System\VVwJMZf.exe
  C:\Windows\System\VVwJMZf.exe
  2⤵
  PID:4464
- C:\Windows\System\AnXbMyX.exe
  C:\Windows\System\AnXbMyX.exe
  2⤵
  PID:4604
- C:\Windows\System\YyHjoNU.exe
  C:\Windows\System\YyHjoNU.exe
  2⤵
  PID:4668
- C:\Windows\System\mPHIevr.exe
  C:\Windows\System\mPHIevr.exe
  2⤵
  PID:4828
- C:\Windows\System\oscPFZR.exe
  C:\Windows\System\oscPFZR.exe
  2⤵
  PID:5004
- C:\Windows\System\MbPaxLE.exe
  C:\Windows\System\MbPaxLE.exe
  2⤵
  PID:4460
- C:\Windows\System\StXRtSK.exe
  C:\Windows\System\StXRtSK.exe
  2⤵
  PID:2428
- C:\Windows\System\mlnVNuV.exe
  C:\Windows\System\mlnVNuV.exe
  2⤵
  PID:4720
- C:\Windows\System\YYAmywW.exe
  C:\Windows\System\YYAmywW.exe
  2⤵
  PID:4396
- C:\Windows\System\gojewfD.exe
  C:\Windows\System\gojewfD.exe
  2⤵
  PID:5072
- C:\Windows\System\ueXmzSw.exe
  C:\Windows\System\ueXmzSw.exe
  2⤵
  PID:5136
- C:\Windows\System\MLYJRBY.exe
  C:\Windows\System\MLYJRBY.exe
  2⤵
  PID:5152
- C:\Windows\System\jAWMBne.exe
  C:\Windows\System\jAWMBne.exe
  2⤵
  PID:5168
- C:\Windows\System\akrSccW.exe
  C:\Windows\System\akrSccW.exe
  2⤵
  PID:5184
- C:\Windows\System\uxLtxqG.exe
  C:\Windows\System\uxLtxqG.exe
  2⤵
  PID:5200
- C:\Windows\System\MmwfgVH.exe
  C:\Windows\System\MmwfgVH.exe
  2⤵
  PID:5216
- C:\Windows\System\ZPFUOOi.exe
  C:\Windows\System\ZPFUOOi.exe
  2⤵
  PID:5232
- C:\Windows\System\VxabbPP.exe
  C:\Windows\System\VxabbPP.exe
  2⤵
  PID:5248
- C:\Windows\System\NWWoead.exe
  C:\Windows\System\NWWoead.exe
  2⤵
  PID:5264
- C:\Windows\System\zvSjNhS.exe
  C:\Windows\System\zvSjNhS.exe
  2⤵
  PID:5280
- C:\Windows\System\mkaIQBW.exe
  C:\Windows\System\mkaIQBW.exe
  2⤵
  PID:5296
- C:\Windows\System\caHJMrW.exe
  C:\Windows\System\caHJMrW.exe
  2⤵
  PID:5312
- C:\Windows\System\yQfkWAx.exe
  C:\Windows\System\yQfkWAx.exe
  2⤵
  PID:5328
- C:\Windows\System\QufwxxM.exe
  C:\Windows\System\QufwxxM.exe
  2⤵
  PID:5344
- C:\Windows\System\ltFapRE.exe
  C:\Windows\System\ltFapRE.exe
  2⤵
  PID:5360
- C:\Windows\System\mEmXlCf.exe
  C:\Windows\System\mEmXlCf.exe
  2⤵
  PID:5376
- C:\Windows\System\TbTDRAZ.exe
  C:\Windows\System\TbTDRAZ.exe
  2⤵
  PID:5392
- C:\Windows\System\IkbeXOY.exe
  C:\Windows\System\IkbeXOY.exe
  2⤵
  PID:5408
- C:\Windows\System\WMZCmVd.exe
  C:\Windows\System\WMZCmVd.exe
  2⤵
  PID:5424
- C:\Windows\System\EMolUbh.exe
  C:\Windows\System\EMolUbh.exe
  2⤵
  PID:5440
- C:\Windows\System\mTbqUzB.exe
  C:\Windows\System\mTbqUzB.exe
  2⤵
  PID:5456
- C:\Windows\System\JkyXBsM.exe
  C:\Windows\System\JkyXBsM.exe
  2⤵
  PID:5472
- C:\Windows\System\zZcJYMs.exe
  C:\Windows\System\zZcJYMs.exe
  2⤵
  PID:5488
- C:\Windows\System\REZxynS.exe
  C:\Windows\System\REZxynS.exe
  2⤵
  PID:5504
- C:\Windows\System\EvDjKPa.exe
  C:\Windows\System\EvDjKPa.exe
  2⤵
  PID:5520
- C:\Windows\System\HvboWbe.exe
  C:\Windows\System\HvboWbe.exe
  2⤵
  PID:5536
- C:\Windows\System\hJbxHgK.exe
  C:\Windows\System\hJbxHgK.exe
  2⤵
  PID:5552
- C:\Windows\System\gFmyECs.exe
  C:\Windows\System\gFmyECs.exe
  2⤵
  PID:5568
- C:\Windows\System\pSNoRcs.exe
  C:\Windows\System\pSNoRcs.exe
  2⤵
  PID:5584
- C:\Windows\System\JLdxWXq.exe
  C:\Windows\System\JLdxWXq.exe
  2⤵
  PID:5600
- C:\Windows\System\NqlqnQq.exe
  C:\Windows\System\NqlqnQq.exe
  2⤵
  PID:5616
- C:\Windows\System\JvebHtQ.exe
  C:\Windows\System\JvebHtQ.exe
  2⤵
  PID:5632
- C:\Windows\System\FZxTdLG.exe
  C:\Windows\System\FZxTdLG.exe
  2⤵
  PID:5648
- C:\Windows\System\McPLeBo.exe
  C:\Windows\System\McPLeBo.exe
  2⤵
  PID:5664
- C:\Windows\System\gLJKRVG.exe
  C:\Windows\System\gLJKRVG.exe
  2⤵
  PID:5680
- C:\Windows\System\GOUlJXC.exe
  C:\Windows\System\GOUlJXC.exe
  2⤵
  PID:5696
- C:\Windows\System\uomGKdm.exe
  C:\Windows\System\uomGKdm.exe
  2⤵
  PID:5712
- C:\Windows\System\LuJXYjM.exe
  C:\Windows\System\LuJXYjM.exe
  2⤵
  PID:5728
- C:\Windows\System\GupRDlY.exe
  C:\Windows\System\GupRDlY.exe
  2⤵
  PID:5744
- C:\Windows\System\CQbgfhA.exe
  C:\Windows\System\CQbgfhA.exe
  2⤵
  PID:5760
- C:\Windows\System\NICZQau.exe
  C:\Windows\System\NICZQau.exe
  2⤵
  PID:5776
- C:\Windows\System\QDwwDhL.exe
  C:\Windows\System\QDwwDhL.exe
  2⤵
  PID:5792
- C:\Windows\System\mLpvbip.exe
  C:\Windows\System\mLpvbip.exe
  2⤵
  PID:5808
- C:\Windows\System\ZtMQVQC.exe
  C:\Windows\System\ZtMQVQC.exe
  2⤵
  PID:5824
- C:\Windows\System\DbVAVQK.exe
  C:\Windows\System\DbVAVQK.exe
  2⤵
  PID:5840
- C:\Windows\System\iYMDHqh.exe
  C:\Windows\System\iYMDHqh.exe
  2⤵
  PID:5856
- C:\Windows\System\njVfcsr.exe
  C:\Windows\System\njVfcsr.exe
  2⤵
  PID:5872
- C:\Windows\System\mVtCAhJ.exe
  C:\Windows\System\mVtCAhJ.exe
  2⤵
  PID:5888
- C:\Windows\System\KPBYieU.exe
  C:\Windows\System\KPBYieU.exe
  2⤵
  PID:5904
- C:\Windows\System\hDFQhoz.exe
  C:\Windows\System\hDFQhoz.exe
  2⤵
  PID:5920
- C:\Windows\System\fPJvKDJ.exe
  C:\Windows\System\fPJvKDJ.exe
  2⤵
  PID:5936
- C:\Windows\System\RUVKzhm.exe
  C:\Windows\System\RUVKzhm.exe
  2⤵
  PID:5952
- C:\Windows\System\DmZhoKQ.exe
  C:\Windows\System\DmZhoKQ.exe
  2⤵
  PID:5968
- C:\Windows\System\zoWukYP.exe
  C:\Windows\System\zoWukYP.exe
  2⤵
  PID:5984
- C:\Windows\System\fBCkSra.exe
  C:\Windows\System\fBCkSra.exe
  2⤵
  PID:6000
- C:\Windows\System\OMUgwvR.exe
  C:\Windows\System\OMUgwvR.exe
  2⤵
  PID:6016
- C:\Windows\System\jCeUsXp.exe
  C:\Windows\System\jCeUsXp.exe
  2⤵
  PID:6032
- C:\Windows\System\ZnwkSvO.exe
  C:\Windows\System\ZnwkSvO.exe
  2⤵
  PID:6048
- C:\Windows\System\fOOKjzh.exe
  C:\Windows\System\fOOKjzh.exe
  2⤵
  PID:6064
- C:\Windows\System\BsTVqrn.exe
  C:\Windows\System\BsTVqrn.exe
  2⤵
  PID:6080
- C:\Windows\System\jTNHXLc.exe
  C:\Windows\System\jTNHXLc.exe
  2⤵
  PID:6096
- C:\Windows\System\UDHgxGQ.exe
  C:\Windows\System\UDHgxGQ.exe
  2⤵
  PID:6112
- C:\Windows\System\uoqvlxI.exe
  C:\Windows\System\uoqvlxI.exe
  2⤵
  PID:6128
- C:\Windows\System\GtcUkoA.exe
  C:\Windows\System\GtcUkoA.exe
  2⤵
  PID:4480
- C:\Windows\System\MOXgPYx.exe
  C:\Windows\System\MOXgPYx.exe
  2⤵
  PID:4808
- C:\Windows\System\mKlhPeS.exe
  C:\Windows\System\mKlhPeS.exe
  2⤵
  PID:4844
- C:\Windows\System\tICbMEi.exe
  C:\Windows\System\tICbMEi.exe
  2⤵
  PID:5016
- C:\Windows\System\ubREtrl.exe
  C:\Windows\System\ubREtrl.exe
  2⤵
  PID:4640
- C:\Windows\System\HHeeYzH.exe
  C:\Windows\System\HHeeYzH.exe
  2⤵
  PID:4152
- C:\Windows\System\QMJkIwl.exe
  C:\Windows\System\QMJkIwl.exe
  2⤵
  PID:1752
- C:\Windows\System\bzfMmuU.exe
  C:\Windows\System\bzfMmuU.exe
  2⤵
  PID:2696
- C:\Windows\System\mAPWcJv.exe
  C:\Windows\System\mAPWcJv.exe
  2⤵
  PID:4284
- C:\Windows\System\BnCRduG.exe
  C:\Windows\System\BnCRduG.exe
  2⤵
  PID:4864
- C:\Windows\System\kEOnfuq.exe
  C:\Windows\System\kEOnfuq.exe
  2⤵
  PID:2500
- C:\Windows\System\xnijuph.exe
  C:\Windows\System\xnijuph.exe
  2⤵
  PID:5104
- C:\Windows\System\uXweMAQ.exe
  C:\Windows\System\uXweMAQ.exe
  2⤵
  PID:4824
- C:\Windows\System\IlMZIEO.exe
  C:\Windows\System\IlMZIEO.exe
  2⤵
  PID:4444
- C:\Windows\System\LBZoWLX.exe
  C:\Windows\System\LBZoWLX.exe
  2⤵
  PID:5160
- C:\Windows\System\zMIPbkK.exe
  C:\Windows\System\zMIPbkK.exe
  2⤵
  PID:2432
- C:\Windows\System\bxbwfsu.exe
  C:\Windows\System\bxbwfsu.exe
  2⤵
  PID:5176
- C:\Windows\System\pTSQAPQ.exe
  C:\Windows\System\pTSQAPQ.exe
  2⤵
  PID:5228
- C:\Windows\System\upIjPgh.exe
  C:\Windows\System\upIjPgh.exe
  2⤵
  PID:5244
- C:\Windows\System\WmPaVQO.exe
  C:\Windows\System\WmPaVQO.exe
  2⤵
  PID:5292
- C:\Windows\System\AjgdHqf.exe
  C:\Windows\System\AjgdHqf.exe
  2⤵
  PID:5308
- C:\Windows\System\sDmNiHN.exe
  C:\Windows\System\sDmNiHN.exe
  2⤵
  PID:5340
- C:\Windows\System\kMmlqjE.exe
  C:\Windows\System\kMmlqjE.exe
  2⤵
  PID:5372
- C:\Windows\System\ihIPpYi.exe
  C:\Windows\System\ihIPpYi.exe
  2⤵
  PID:5404
- C:\Windows\System\cykeMiv.exe
  C:\Windows\System\cykeMiv.exe
  2⤵
  PID:5452
- C:\Windows\System\oHyCvqN.exe
  C:\Windows\System\oHyCvqN.exe
  2⤵
  PID:5480
- C:\Windows\System\QOryPPm.exe
  C:\Windows\System\QOryPPm.exe
  2⤵
  PID:5500
- C:\Windows\System\ADWHOjL.exe
  C:\Windows\System\ADWHOjL.exe
  2⤵
  PID:5532
- C:\Windows\System\kMlsAFm.exe
  C:\Windows\System\kMlsAFm.exe
  2⤵
  PID:5564
- C:\Windows\System\IINZdzg.exe
  C:\Windows\System\IINZdzg.exe
  2⤵
  PID:5596
- C:\Windows\System\wTnYYVw.exe
  C:\Windows\System\wTnYYVw.exe
  2⤵
  PID:5628
- C:\Windows\System\iRjoiYY.exe
  C:\Windows\System\iRjoiYY.exe
  2⤵
  PID:5660
- C:\Windows\System\ajbVHqW.exe
  C:\Windows\System\ajbVHqW.exe
  2⤵
  PID:5692
- C:\Windows\System\ZrbGgcv.exe
  C:\Windows\System\ZrbGgcv.exe
  2⤵
  PID:5724
- C:\Windows\System\fluKuEp.exe
  C:\Windows\System\fluKuEp.exe
  2⤵
  PID:5756
- C:\Windows\System\IxnZHkq.exe
  C:\Windows\System\IxnZHkq.exe
  2⤵
  PID:5800
- C:\Windows\System\ndaaTLn.exe
  C:\Windows\System\ndaaTLn.exe
  2⤵
  PID:5820
- C:\Windows\System\OdQlVGw.exe
  C:\Windows\System\OdQlVGw.exe
  2⤵
  PID:5864
- C:\Windows\System\zzCFMDU.exe
  C:\Windows\System\zzCFMDU.exe
  2⤵
  PID:5884
- C:\Windows\System\ZbpcxrA.exe
  C:\Windows\System\ZbpcxrA.exe
  2⤵
  PID:5916
- C:\Windows\System\tceOGqL.exe
  C:\Windows\System\tceOGqL.exe
  2⤵
  PID:5948
- C:\Windows\System\VVOhwWt.exe
  C:\Windows\System\VVOhwWt.exe
  2⤵
  PID:5976
- C:\Windows\System\YirVFSc.exe
  C:\Windows\System\YirVFSc.exe
  2⤵
  PID:6008
- C:\Windows\System\GtdZeKi.exe
  C:\Windows\System\GtdZeKi.exe
  2⤵
  PID:6028
- C:\Windows\System\VEnbbHr.exe
  C:\Windows\System\VEnbbHr.exe
  2⤵
  PID:6060
- C:\Windows\System\HJjHRTK.exe
  C:\Windows\System\HJjHRTK.exe
  2⤵
  PID:6092
- C:\Windows\System\EJtTKnI.exe
  C:\Windows\System\EJtTKnI.exe
  2⤵
  PID:6124
- C:\Windows\System\kZwSSEp.exe
  C:\Windows\System\kZwSSEp.exe
  2⤵
  PID:4708
- C:\Windows\System\VVxVqbk.exe
  C:\Windows\System\VVxVqbk.exe
  2⤵
  PID:4928
- C:\Windows\System\qlXuvDH.exe
  C:\Windows\System\qlXuvDH.exe
  2⤵
  PID:2660
- C:\Windows\System\oeEfTMW.exe
  C:\Windows\System\oeEfTMW.exe
  2⤵
  PID:4264
- C:\Windows\System\tXZoVFB.exe
  C:\Windows\System\tXZoVFB.exe
  2⤵
  PID:5028
- C:\Windows\System\JDyRfJR.exe
  C:\Windows\System\JDyRfJR.exe
  2⤵
  PID:4252
- C:\Windows\System\MNgSGmE.exe
  C:\Windows\System\MNgSGmE.exe
  2⤵
  PID:4308
- C:\Windows\System\mwirjHl.exe
  C:\Windows\System\mwirjHl.exe
  2⤵
  PID:5208
- C:\Windows\System\MdYWUuS.exe
  C:\Windows\System\MdYWUuS.exe
  2⤵
  PID:5148
- C:\Windows\System\auRFfjM.exe
  C:\Windows\System\auRFfjM.exe
  2⤵
  PID:5272
- C:\Windows\System\OimmCvV.exe
  C:\Windows\System\OimmCvV.exe
  2⤵
  PID:5320
- C:\Windows\System\JIAiLnu.exe
  C:\Windows\System\JIAiLnu.exe
  2⤵
  PID:5400
- C:\Windows\System\tXuOUjs.exe
  C:\Windows\System\tXuOUjs.exe
  2⤵
  PID:5464
- C:\Windows\System\vVcclRx.exe
  C:\Windows\System\vVcclRx.exe
  2⤵
  PID:5528
- C:\Windows\System\jqjjYkO.exe
  C:\Windows\System\jqjjYkO.exe
  2⤵
  PID:5592
- C:\Windows\System\WMkcjnB.exe
  C:\Windows\System\WMkcjnB.exe
  2⤵
  PID:5656
- C:\Windows\System\ifLVURn.exe
  C:\Windows\System\ifLVURn.exe
  2⤵
  PID:2680
- C:\Windows\System\aLlEZRP.exe
  C:\Windows\System\aLlEZRP.exe
  2⤵
  PID:2940
- C:\Windows\System\ypQDhcJ.exe
  C:\Windows\System\ypQDhcJ.exe
  2⤵
  PID:5768
- C:\Windows\System\TgRfRmd.exe
  C:\Windows\System\TgRfRmd.exe
  2⤵
  PID:5848
- C:\Windows\System\XvuXBqa.exe
  C:\Windows\System\XvuXBqa.exe
  2⤵
  PID:5896
- C:\Windows\System\rvjzwHw.exe
  C:\Windows\System\rvjzwHw.exe
  2⤵
  PID:5960
- C:\Windows\System\LikDPYZ.exe
  C:\Windows\System\LikDPYZ.exe
  2⤵
  PID:5996
- C:\Windows\System\BIbNWlD.exe
  C:\Windows\System\BIbNWlD.exe
  2⤵
  PID:6056
- C:\Windows\System\LiMmrfj.exe
  C:\Windows\System\LiMmrfj.exe
  2⤵
  PID:6140
- C:\Windows\System\eMIrlYg.exe
  C:\Windows\System\eMIrlYg.exe
  2⤵
  PID:4972
- C:\Windows\System\CsHbGPm.exe
  C:\Windows\System\CsHbGPm.exe
  2⤵
  PID:4752
- C:\Windows\System\DWZFJMH.exe
  C:\Windows\System\DWZFJMH.exe
  2⤵
  PID:476
- C:\Windows\System\VZCLuCw.exe
  C:\Windows\System\VZCLuCw.exe
  2⤵
  PID:4772
- C:\Windows\System\rAVBNKd.exe
  C:\Windows\System\rAVBNKd.exe
  2⤵
  PID:2084
- C:\Windows\System\hPLclwZ.exe
  C:\Windows\System\hPLclwZ.exe
  2⤵
  PID:5240
- C:\Windows\System\PYEFAWe.exe
  C:\Windows\System\PYEFAWe.exe
  2⤵
  PID:5368
- C:\Windows\System\LBdINvE.exe
  C:\Windows\System\LBdINvE.exe
  2⤵
  PID:5544
- C:\Windows\System\FESAgaW.exe
  C:\Windows\System\FESAgaW.exe
  2⤵
  PID:5672
- C:\Windows\System\TuvHQff.exe
  C:\Windows\System\TuvHQff.exe
  2⤵
  PID:5736
- C:\Windows\System\WUkRXPG.exe
  C:\Windows\System\WUkRXPG.exe
  2⤵
  PID:5832
- C:\Windows\System\KbajGZf.exe
  C:\Windows\System\KbajGZf.exe
  2⤵
  PID:4112
- C:\Windows\System\kVizwOb.exe
  C:\Windows\System\kVizwOb.exe
  2⤵
  PID:6076
- C:\Windows\System\IwZnwHm.exe
  C:\Windows\System\IwZnwHm.exe
  2⤵
  PID:4704
- C:\Windows\System\wsfsaPU.exe
  C:\Windows\System\wsfsaPU.exe
  2⤵
  PID:1684
- C:\Windows\System\HSWgxUI.exe
  C:\Windows\System\HSWgxUI.exe
  2⤵
  PID:2268
- C:\Windows\System\VNWddoc.exe
  C:\Windows\System\VNWddoc.exe
  2⤵
  PID:5224
- C:\Windows\System\HTPvtDu.exe
  C:\Windows\System\HTPvtDu.exe
  2⤵
  PID:5468
- C:\Windows\System\HSjiMbW.exe
  C:\Windows\System\HSjiMbW.exe
  2⤵
  PID:2996
- C:\Windows\System\LEuhIwE.exe
  C:\Windows\System\LEuhIwE.exe
  2⤵
  PID:2672
- C:\Windows\System\zPIglOI.exe
  C:\Windows\System\zPIglOI.exe
  2⤵
  PID:2628
- C:\Windows\System\YoEtNlV.exe
  C:\Windows\System\YoEtNlV.exe
  2⤵
  PID:5944
- C:\Windows\System\oKTQJVe.exe
  C:\Windows\System\oKTQJVe.exe
  2⤵
  PID:5912
- C:\Windows\System\dmjEFgc.exe
  C:\Windows\System\dmjEFgc.exe
  2⤵
  PID:4908
- C:\Windows\System\pkzrcaZ.exe
  C:\Windows\System\pkzrcaZ.exe
  2⤵
  PID:5196
- C:\Windows\System\ZVCRJuO.exe
  C:\Windows\System\ZVCRJuO.exe
  2⤵
  PID:5432
- C:\Windows\System\BnvTGyn.exe
  C:\Windows\System\BnvTGyn.exe
  2⤵
  PID:2656
- C:\Windows\System\wXvBXGO.exe
  C:\Windows\System\wXvBXGO.exe
  2⤵
  PID:2176
- C:\Windows\System\UExPkME.exe
  C:\Windows\System\UExPkME.exe
  2⤵
  PID:5704
- C:\Windows\System\dDNfsGa.exe
  C:\Windows\System\dDNfsGa.exe
  2⤵
  PID:2020
- C:\Windows\System\QwptXlb.exe
  C:\Windows\System\QwptXlb.exe
  2⤵
  PID:2004
- C:\Windows\System\WyImvRt.exe
  C:\Windows\System\WyImvRt.exe
  2⤵
  PID:1340
- C:\Windows\System\ZYIbSyD.exe
  C:\Windows\System\ZYIbSyD.exe
  2⤵
  PID:4140
- C:\Windows\System\eCEZjcK.exe
  C:\Windows\System\eCEZjcK.exe
  2⤵
  PID:6160
- C:\Windows\System\pLGdPXe.exe
  C:\Windows\System\pLGdPXe.exe
  2⤵
  PID:6176
- C:\Windows\System\OAaXjlW.exe
  C:\Windows\System\OAaXjlW.exe
  2⤵
  PID:6192
- C:\Windows\System\RvnhIJE.exe
  C:\Windows\System\RvnhIJE.exe
  2⤵
  PID:6208
- C:\Windows\System\FEsaBxH.exe
  C:\Windows\System\FEsaBxH.exe
  2⤵
  PID:6224
- C:\Windows\System\iOjELBq.exe
  C:\Windows\System\iOjELBq.exe
  2⤵
  PID:6240
- C:\Windows\System\swRgcCk.exe
  C:\Windows\System\swRgcCk.exe
  2⤵
  PID:6256
- C:\Windows\System\DaZCDUY.exe
  C:\Windows\System\DaZCDUY.exe
  2⤵
  PID:6272
- C:\Windows\System\jSrZnGp.exe
  C:\Windows\System\jSrZnGp.exe
  2⤵
  PID:6288
- C:\Windows\System\FJpRpEK.exe
  C:\Windows\System\FJpRpEK.exe
  2⤵
  PID:6304
- C:\Windows\System\zuOZxlF.exe
  C:\Windows\System\zuOZxlF.exe
  2⤵
  PID:6320
- C:\Windows\System\BdJdxdn.exe
  C:\Windows\System\BdJdxdn.exe
  2⤵
  PID:6336
- C:\Windows\System\TtORkRS.exe
  C:\Windows\System\TtORkRS.exe
  2⤵
  PID:6352
- C:\Windows\System\KzwEvwe.exe
  C:\Windows\System\KzwEvwe.exe
  2⤵
  PID:6368
- C:\Windows\System\uUkOPUk.exe
  C:\Windows\System\uUkOPUk.exe
  2⤵
  PID:6396
- C:\Windows\System\ATJgmgw.exe
  C:\Windows\System\ATJgmgw.exe
  2⤵
  PID:6704
- C:\Windows\System\eiboCdk.exe
  C:\Windows\System\eiboCdk.exe
  2⤵
  PID:6740
- C:\Windows\System\fYDTcnD.exe
  C:\Windows\System\fYDTcnD.exe
  2⤵
  PID:6756
- C:\Windows\System\AcWuKZm.exe
  C:\Windows\System\AcWuKZm.exe
  2⤵
  PID:6776
- C:\Windows\System\xmuAqNC.exe
  C:\Windows\System\xmuAqNC.exe
  2⤵
  PID:6792
- C:\Windows\System\AHoiGgZ.exe
  C:\Windows\System\AHoiGgZ.exe
  2⤵
  PID:6808
- C:\Windows\System\UZCkTpu.exe
  C:\Windows\System\UZCkTpu.exe
  2⤵
  PID:6824
- C:\Windows\System\cjvrvlY.exe
  C:\Windows\System\cjvrvlY.exe
  2⤵
  PID:6840
- C:\Windows\System\wLtWVdW.exe
  C:\Windows\System\wLtWVdW.exe
  2⤵
  PID:6856
- C:\Windows\System\kZunpqg.exe
  C:\Windows\System\kZunpqg.exe
  2⤵
  PID:6872
- C:\Windows\System\tnMgwuS.exe
  C:\Windows\System\tnMgwuS.exe
  2⤵
  PID:6896
- C:\Windows\System\JfgLQvZ.exe
  C:\Windows\System\JfgLQvZ.exe
  2⤵
  PID:6912
- C:\Windows\System\ReTratq.exe
  C:\Windows\System\ReTratq.exe
  2⤵
  PID:6936
- C:\Windows\System\gzBJagE.exe
  C:\Windows\System\gzBJagE.exe
  2⤵
  PID:7012
- C:\Windows\System\JFCmKDc.exe
  C:\Windows\System\JFCmKDc.exe
  2⤵
  PID:7032
- C:\Windows\System\RFILfbq.exe
  C:\Windows\System\RFILfbq.exe
  2⤵
  PID:7048
- C:\Windows\System\MpPyTyj.exe
  C:\Windows\System\MpPyTyj.exe
  2⤵
  PID:7064
- C:\Windows\System\ewhWqeJ.exe
  C:\Windows\System\ewhWqeJ.exe
  2⤵
  PID:7088
- C:\Windows\System\IFPujkC.exe
  C:\Windows\System\IFPujkC.exe
  2⤵
  PID:7104
- C:\Windows\System\Jngkcmy.exe
  C:\Windows\System\Jngkcmy.exe
  2⤵
  PID:7120
- C:\Windows\System\hFMwEvx.exe
  C:\Windows\System\hFMwEvx.exe
  2⤵
  PID:7136
- C:\Windows\System\YcJSLYx.exe
  C:\Windows\System\YcJSLYx.exe
  2⤵
  PID:7152
- C:\Windows\System\LbdqYvb.exe
  C:\Windows\System\LbdqYvb.exe
  2⤵
  PID:6120
- C:\Windows\System\OPOPDqo.exe
  C:\Windows\System\OPOPDqo.exe
  2⤵
  PID:2700
- C:\Windows\System\KwlCuvv.exe
  C:\Windows\System\KwlCuvv.exe
  2⤵
  PID:6152
- C:\Windows\System\ppCqLlR.exe
  C:\Windows\System\ppCqLlR.exe
  2⤵
  PID:6216
- C:\Windows\System\cdTDDpR.exe
  C:\Windows\System\cdTDDpR.exe
  2⤵
  PID:6280
- C:\Windows\System\CcSoScS.exe
  C:\Windows\System\CcSoScS.exe
  2⤵
  PID:2668
- C:\Windows\System\QHdYTzz.exe
  C:\Windows\System\QHdYTzz.exe
  2⤵
  PID:6348
- C:\Windows\System\agvIiWQ.exe
  C:\Windows\System\agvIiWQ.exe
  2⤵
  PID:2012
- C:\Windows\System\oLlEPdy.exe
  C:\Windows\System\oLlEPdy.exe
  2⤵
  PID:5608
- C:\Windows\System\XFIEKAw.exe
  C:\Windows\System\XFIEKAw.exe
  2⤵
  PID:6204
- C:\Windows\System\wuUQvav.exe
  C:\Windows\System\wuUQvav.exe
  2⤵
  PID:6268
- C:\Windows\System\mGsDPdT.exe
  C:\Windows\System\mGsDPdT.exe
  2⤵
  PID:6332
- C:\Windows\System\tsagpjg.exe
  C:\Windows\System\tsagpjg.exe
  2⤵
  PID:6392
- C:\Windows\System\SlDHHXT.exe
  C:\Windows\System\SlDHHXT.exe
  2⤵
  PID:6404
- C:\Windows\System\fGRQpdl.exe
  C:\Windows\System\fGRQpdl.exe
  2⤵
  PID:6428
- C:\Windows\System\fOSgBbP.exe
  C:\Windows\System\fOSgBbP.exe
  2⤵
  PID:6444
- C:\Windows\System\scPQYzi.exe
  C:\Windows\System\scPQYzi.exe
  2⤵
  PID:6460
- C:\Windows\System\ahzTcbt.exe
  C:\Windows\System\ahzTcbt.exe
  2⤵
  PID:6476
- C:\Windows\System\TnjXVey.exe
  C:\Windows\System\TnjXVey.exe
  2⤵
  PID:6492
- C:\Windows\System\JOflcaJ.exe
  C:\Windows\System\JOflcaJ.exe
  2⤵
  PID:6508
- C:\Windows\System\EPsHaYS.exe
  C:\Windows\System\EPsHaYS.exe
  2⤵
  PID:6520
- C:\Windows\System\sIDdBRE.exe
  C:\Windows\System\sIDdBRE.exe
  2⤵
  PID:6536
- C:\Windows\System\dLVhiXv.exe
  C:\Windows\System\dLVhiXv.exe
  2⤵
  PID:6552
- C:\Windows\System\ZGSHXyp.exe
  C:\Windows\System\ZGSHXyp.exe
  2⤵
  PID:6572
- C:\Windows\System\tEcMIcB.exe
  C:\Windows\System\tEcMIcB.exe
  2⤵
  PID:6592
- C:\Windows\System\xTNKufD.exe
  C:\Windows\System\xTNKufD.exe
  2⤵
  PID:6608
- C:\Windows\System\ofVWdKo.exe
  C:\Windows\System\ofVWdKo.exe
  2⤵
  PID:6628
- C:\Windows\System\eqnSjgS.exe
  C:\Windows\System\eqnSjgS.exe
  2⤵
  PID:6644
- C:\Windows\System\ahrHJHk.exe
  C:\Windows\System\ahrHJHk.exe
  2⤵
  PID:6668
- C:\Windows\System\iBMKypW.exe
  C:\Windows\System\iBMKypW.exe
  2⤵
  PID:6684
- C:\Windows\System\dVsdOYY.exe
  C:\Windows\System\dVsdOYY.exe
  2⤵
  PID:2380
- C:\Windows\System\tBgnZvK.exe
  C:\Windows\System\tBgnZvK.exe
  2⤵
  PID:6728
- C:\Windows\System\kTGebRn.exe
  C:\Windows\System\kTGebRn.exe
  2⤵
  PID:6764
- C:\Windows\System\JRFsWpo.exe
  C:\Windows\System\JRFsWpo.exe
  2⤵
  PID:2136
- C:\Windows\System\quHNxpO.exe
  C:\Windows\System\quHNxpO.exe
  2⤵
  PID:6868
- C:\Windows\System\nPIkoDX.exe
  C:\Windows\System\nPIkoDX.exe
  2⤵
  PID:6820
- C:\Windows\System\czmqAEr.exe
  C:\Windows\System\czmqAEr.exe
  2⤵
  PID:6880
- C:\Windows\System\tVZiAWY.exe
  C:\Windows\System\tVZiAWY.exe
  2⤵
  PID:6904
- C:\Windows\System\laoRVEM.exe
  C:\Windows\System\laoRVEM.exe
  2⤵
  PID:5288
- C:\Windows\System\MfvDywZ.exe
  C:\Windows\System\MfvDywZ.exe
  2⤵
  PID:6956
- C:\Windows\System\NrHGWPe.exe
  C:\Windows\System\NrHGWPe.exe
  2⤵
  PID:2924
- C:\Windows\System\aMzJdlC.exe
  C:\Windows\System\aMzJdlC.exe
  2⤵
  PID:6980
- C:\Windows\System\kkotOnC.exe
  C:\Windows\System\kkotOnC.exe
  2⤵
  PID:1132
- C:\Windows\System\JxtQYAm.exe
  C:\Windows\System\JxtQYAm.exe
  2⤵
  PID:7056
- C:\Windows\System\okKTVTV.exe
  C:\Windows\System\okKTVTV.exe
  2⤵
  PID:7128
- C:\Windows\System\npILHoD.exe
  C:\Windows\System\npILHoD.exe
  2⤵
  PID:7044
- C:\Windows\System\HjhNhyD.exe
  C:\Windows\System\HjhNhyD.exe
  2⤵
  PID:2868
- C:\Windows\System\cdAgMzC.exe
  C:\Windows\System\cdAgMzC.exe
  2⤵
  PID:6252
- C:\Windows\System\CFxppRK.exe
  C:\Windows\System\CFxppRK.exe
  2⤵
  PID:7148
- C:\Windows\System\EkirPkR.exe
  C:\Windows\System\EkirPkR.exe
  2⤵
  PID:6284
- C:\Windows\System\BREEyNr.exe
  C:\Windows\System\BREEyNr.exe
  2⤵
  PID:6200
- C:\Windows\System\ykFkfJO.exe
  C:\Windows\System\ykFkfJO.exe
  2⤵
  PID:6436
- C:\Windows\System\mMPPmuA.exe
  C:\Windows\System\mMPPmuA.exe
  2⤵
  PID:6472
- C:\Windows\System\npjUdFn.exe
  C:\Windows\System\npjUdFn.exe
  2⤵
  PID:2972
- C:\Windows\System\OsInJhX.exe
  C:\Windows\System\OsInJhX.exe
  2⤵
  PID:6532
- C:\Windows\System\UBhfdsY.exe
  C:\Windows\System\UBhfdsY.exe
  2⤵
  PID:6316
- C:\Windows\System\CNqMkkc.exe
  C:\Windows\System\CNqMkkc.exe
  2⤵
  PID:6236
- C:\Windows\System\hzTPsOb.exe
  C:\Windows\System\hzTPsOb.exe
  2⤵
  PID:6484
- C:\Windows\System\vhqppzr.exe
  C:\Windows\System\vhqppzr.exe
  2⤵
  PID:6424
- C:\Windows\System\mIZFwGP.exe
  C:\Windows\System\mIZFwGP.exe
  2⤵
  PID:6548
- C:\Windows\System\jycZhNF.exe
  C:\Windows\System\jycZhNF.exe
  2⤵
  PID:6604
- C:\Windows\System\FxfxAGj.exe
  C:\Windows\System\FxfxAGj.exe
  2⤵
  PID:6676
- C:\Windows\System\TxHrWcM.exe
  C:\Windows\System\TxHrWcM.exe
  2⤵
  PID:6652
- C:\Windows\System\mSTOlge.exe
  C:\Windows\System\mSTOlge.exe
  2⤵
  PID:6716
- C:\Windows\System\HNKgDCs.exe
  C:\Windows\System\HNKgDCs.exe
  2⤵
  PID:6700
- C:\Windows\System\qDONyIx.exe
  C:\Windows\System\qDONyIx.exe
  2⤵
  PID:6788
- C:\Windows\System\xDrfogd.exe
  C:\Windows\System\xDrfogd.exe
  2⤵
  PID:6908
- C:\Windows\System\DwNFbpD.exe
  C:\Windows\System\DwNFbpD.exe
  2⤵
  PID:6892
- C:\Windows\System\QbJrXOh.exe
  C:\Windows\System\QbJrXOh.exe
  2⤵
  PID:6948
- C:\Windows\System\qtnqoUt.exe
  C:\Windows\System\qtnqoUt.exe
  2⤵
  PID:1880
- C:\Windows\System\VMtzorS.exe
  C:\Windows\System\VMtzorS.exe
  2⤵
  PID:7100
- C:\Windows\System\eInbQNE.exe
  C:\Windows\System\eInbQNE.exe
  2⤵
  PID:6172
- C:\Windows\System\juFcTtc.exe
  C:\Windows\System\juFcTtc.exe
  2⤵
  PID:7116
- C:\Windows\System\cWtOKcK.exe
  C:\Windows\System\cWtOKcK.exe
  2⤵
  PID:2448
- C:\Windows\System\xVQpInz.exe
  C:\Windows\System\xVQpInz.exe
  2⤵
  PID:6588
- C:\Windows\System\mlrtClX.exe
  C:\Windows\System\mlrtClX.exe
  2⤵
  PID:2296
- C:\Windows\System\tUbJuSz.exe
  C:\Windows\System\tUbJuSz.exe
  2⤵
  PID:6736
- C:\Windows\System\llVPdPK.exe
  C:\Windows\System\llVPdPK.exe
  2⤵
  PID:6864
- C:\Windows\System\gEnJodZ.exe
  C:\Windows\System\gEnJodZ.exe
  2⤵
  PID:6988
- C:\Windows\System\wRohNou.exe
  C:\Windows\System\wRohNou.exe
  2⤵
  PID:7024
- C:\Windows\System\EbJZlCN.exe
  C:\Windows\System\EbJZlCN.exe
  2⤵
  PID:7040
- C:\Windows\System\BxBEwXP.exe
  C:\Windows\System\BxBEwXP.exe
  2⤵
  PID:7080
- C:\Windows\System\yUSpWWb.exe
  C:\Windows\System\yUSpWWb.exe
  2⤵
  PID:1160
- C:\Windows\System\VWcmNsL.exe
  C:\Windows\System\VWcmNsL.exe
  2⤵
  PID:7144
- C:\Windows\System\yNwazxC.exe
  C:\Windows\System\yNwazxC.exe
  2⤵
  PID:2792
- C:\Windows\System\ccACJKh.exe
  C:\Windows\System\ccACJKh.exe
  2⤵
  PID:1812
- C:\Windows\System\DZWcLwq.exe
  C:\Windows\System\DZWcLwq.exe
  2⤵
  PID:3068
- C:\Windows\System\koNeHSm.exe
  C:\Windows\System\koNeHSm.exe
  2⤵
  PID:6504
- C:\Windows\System\GwRNUlz.exe
  C:\Windows\System\GwRNUlz.exe
  2⤵
  PID:6624
- C:\Windows\System\SFmFFgq.exe
  C:\Windows\System\SFmFFgq.exe
  2⤵
  PID:6984
- C:\Windows\System\tXCLdJi.exe
  C:\Windows\System\tXCLdJi.exe
  2⤵
  PID:6412
- C:\Windows\System\vmrcOZS.exe
  C:\Windows\System\vmrcOZS.exe
  2⤵
  PID:6600
- C:\Windows\System\kRsIXkp.exe
  C:\Windows\System\kRsIXkp.exe
  2⤵
  PID:6752
- C:\Windows\System\OXwBTuM.exe
  C:\Windows\System\OXwBTuM.exe
  2⤵
  PID:2308
- C:\Windows\System\hbGJncO.exe
  C:\Windows\System\hbGJncO.exe
  2⤵
  PID:2676
- C:\Windows\System\bMLXVcd.exe
  C:\Windows\System\bMLXVcd.exe
  2⤵
  PID:2916
- C:\Windows\System\aHKMtuP.exe
  C:\Windows\System\aHKMtuP.exe
  2⤵
  PID:2760
- C:\Windows\System\BEFLxrJ.exe
  C:\Windows\System\BEFLxrJ.exe
  2⤵
  PID:1592
- C:\Windows\System\IHQbLmg.exe
  C:\Windows\System\IHQbLmg.exe
  2⤵
  PID:6584
- C:\Windows\System\jUGYUlA.exe
  C:\Windows\System\jUGYUlA.exe
  2⤵
  PID:6692
- C:\Windows\System\BhNdCXa.exe
  C:\Windows\System\BhNdCXa.exe
  2⤵
  PID:6620
- C:\Windows\System\rMxAxhb.exe
  C:\Windows\System\rMxAxhb.exe
  2⤵
  PID:6364
- C:\Windows\System\SMtenEo.exe
  C:\Windows\System\SMtenEo.exe
  2⤵
  PID:448
- C:\Windows\System\HfobFfZ.exe
  C:\Windows\System\HfobFfZ.exe
  2⤵
  PID:6360
- C:\Windows\System\ZRTRqbd.exe
  C:\Windows\System\ZRTRqbd.exe
  2⤵
  PID:1336
- C:\Windows\System\hFinEbu.exe
  C:\Windows\System\hFinEbu.exe
  2⤵
  PID:7180
- C:\Windows\System\qMqeWPM.exe
  C:\Windows\System\qMqeWPM.exe
  2⤵
  PID:7196
- C:\Windows\System\VskPcwI.exe
  C:\Windows\System\VskPcwI.exe
  2⤵
  PID:7216
- C:\Windows\System\HHvumit.exe
  C:\Windows\System\HHvumit.exe
  2⤵
  PID:7232
- C:\Windows\System\etWJyKw.exe
  C:\Windows\System\etWJyKw.exe
  2⤵
  PID:7248
- C:\Windows\System\JPSKOdO.exe
  C:\Windows\System\JPSKOdO.exe
  2⤵
  PID:7264
- C:\Windows\System\SiHJqOk.exe
  C:\Windows\System\SiHJqOk.exe
  2⤵
  PID:7280
- C:\Windows\System\YpCOdHp.exe
  C:\Windows\System\YpCOdHp.exe
  2⤵
  PID:7304
- C:\Windows\System\GXgiSfM.exe
  C:\Windows\System\GXgiSfM.exe
  2⤵
  PID:7324
- C:\Windows\System\jYzPfFp.exe
  C:\Windows\System\jYzPfFp.exe
  2⤵
  PID:7360
- C:\Windows\System\FaZZjZk.exe
  C:\Windows\System\FaZZjZk.exe
  2⤵
  PID:7380
- C:\Windows\System\EOwhoRW.exe
  C:\Windows\System\EOwhoRW.exe
  2⤵
  PID:7396
- C:\Windows\System\WkPtpco.exe
  C:\Windows\System\WkPtpco.exe
  2⤵
  PID:7412
- C:\Windows\System\PLxUbbT.exe
  C:\Windows\System\PLxUbbT.exe
  2⤵
  PID:7428
- C:\Windows\System\CKkzczN.exe
  C:\Windows\System\CKkzczN.exe
  2⤵
  PID:7444
- C:\Windows\System\PpfjcJP.exe
  C:\Windows\System\PpfjcJP.exe
  2⤵
  PID:7468
- C:\Windows\System\rGOxNll.exe
  C:\Windows\System\rGOxNll.exe
  2⤵
  PID:7580
- C:\Windows\System\tmsZuwM.exe
  C:\Windows\System\tmsZuwM.exe
  2⤵
  PID:7740
- C:\Windows\System\rMdVbUM.exe
  C:\Windows\System\rMdVbUM.exe
  2⤵
  PID:7760
- C:\Windows\System\UhUjvVu.exe
  C:\Windows\System\UhUjvVu.exe
  2⤵
  PID:7776
- C:\Windows\System\teHvPlj.exe
  C:\Windows\System\teHvPlj.exe
  2⤵
  PID:7792
- C:\Windows\System\aZcoaIy.exe
  C:\Windows\System\aZcoaIy.exe
  2⤵
  PID:7808
- C:\Windows\System\JpUdzDo.exe
  C:\Windows\System\JpUdzDo.exe
  2⤵
  PID:7824
- C:\Windows\System\HPtKMCQ.exe
  C:\Windows\System\HPtKMCQ.exe
  2⤵
  PID:7840
- C:\Windows\System\ZoVVwqq.exe
  C:\Windows\System\ZoVVwqq.exe
  2⤵
  PID:7856
- C:\Windows\System\FugTGEc.exe
  C:\Windows\System\FugTGEc.exe
  2⤵
  PID:7872
- C:\Windows\System\GeVxKCf.exe
  C:\Windows\System\GeVxKCf.exe
  2⤵
  PID:7888
- C:\Windows\System\SPvBADG.exe
  C:\Windows\System\SPvBADG.exe
  2⤵
  PID:7904
- C:\Windows\System\XxmtoSe.exe
  C:\Windows\System\XxmtoSe.exe
  2⤵
  PID:7920
- C:\Windows\System\BpCejrw.exe
  C:\Windows\System\BpCejrw.exe
  2⤵
  PID:7936
- C:\Windows\System\ozvgnrU.exe
  C:\Windows\System\ozvgnrU.exe
  2⤵
  PID:7952
- C:\Windows\System\nZldxGx.exe
  C:\Windows\System\nZldxGx.exe
  2⤵
  PID:7968
- C:\Windows\System\MRizzjE.exe
  C:\Windows\System\MRizzjE.exe
  2⤵
  PID:7984
- C:\Windows\System\EdUUCFQ.exe
  C:\Windows\System\EdUUCFQ.exe
  2⤵
  PID:8000
- C:\Windows\System\pgvDHiW.exe
  C:\Windows\System\pgvDHiW.exe
  2⤵
  PID:8016
- C:\Windows\System\KNwJfhP.exe
  C:\Windows\System\KNwJfhP.exe
  2⤵
  PID:8032
- C:\Windows\System\QVkOpNw.exe
  C:\Windows\System\QVkOpNw.exe
  2⤵
  PID:8048
- C:\Windows\System\AmGqMPI.exe
  C:\Windows\System\AmGqMPI.exe
  2⤵
  PID:8064
- C:\Windows\System\yawcVBP.exe
  C:\Windows\System\yawcVBP.exe
  2⤵
  PID:8080
- C:\Windows\System\QlQPtug.exe
  C:\Windows\System\QlQPtug.exe
  2⤵
  PID:8096
- C:\Windows\System\qjjUPFW.exe
  C:\Windows\System\qjjUPFW.exe
  2⤵
  PID:8112
- C:\Windows\System\rSPGPRd.exe
  C:\Windows\System\rSPGPRd.exe
  2⤵
  PID:8128
- C:\Windows\System\xnHsBYI.exe
  C:\Windows\System\xnHsBYI.exe
  2⤵
  PID:8144
- C:\Windows\System\yAzXPqU.exe
  C:\Windows\System\yAzXPqU.exe
  2⤵
  PID:8160
- C:\Windows\System\BpPoQoa.exe
  C:\Windows\System\BpPoQoa.exe
  2⤵
  PID:8176
- C:\Windows\System\QAhbpGP.exe
  C:\Windows\System\QAhbpGP.exe
  2⤵
  PID:548
- C:\Windows\System\hfYLSxQ.exe
  C:\Windows\System\hfYLSxQ.exe
  2⤵
  PID:6640
- C:\Windows\System\XwrStEo.exe
  C:\Windows\System\XwrStEo.exe
  2⤵
  PID:7208
- C:\Windows\System\FtWfMhv.exe
  C:\Windows\System\FtWfMhv.exe
  2⤵
  PID:7628
- C:\Windows\System\UJxrVkW.exe
  C:\Windows\System\UJxrVkW.exe
  2⤵
  PID:7644
- C:\Windows\System\DJQyXcJ.exe
  C:\Windows\System\DJQyXcJ.exe
  2⤵
  PID:7660
- C:\Windows\System\kzvPZfC.exe
  C:\Windows\System\kzvPZfC.exe
  2⤵
  PID:7684
- C:\Windows\System\KsoBjSy.exe
  C:\Windows\System\KsoBjSy.exe
  2⤵
  PID:7712
- C:\Windows\System\pRFBSaI.exe
  C:\Windows\System\pRFBSaI.exe
  2⤵
  PID:7732
- C:\Windows\System\rpKJxZy.exe
  C:\Windows\System\rpKJxZy.exe
  2⤵
  PID:7880
- C:\Windows\System\oPnbwhG.exe
  C:\Windows\System\oPnbwhG.exe
  2⤵
  PID:7836
- C:\Windows\System\agjJgJo.exe
  C:\Windows\System\agjJgJo.exe
  2⤵
  PID:7900
- C:\Windows\System\cVJIhyY.exe
  C:\Windows\System\cVJIhyY.exe
  2⤵
  PID:7932
- C:\Windows\System\rINBCBo.exe
  C:\Windows\System\rINBCBo.exe
  2⤵
  PID:7964
- C:\Windows\System\QmsjduV.exe
  C:\Windows\System\QmsjduV.exe
  2⤵
  PID:8040
- C:\Windows\System\uiKrkCw.exe
  C:\Windows\System\uiKrkCw.exe
  2⤵
  PID:8108
- C:\Windows\System\itaHfFs.exe
  C:\Windows\System\itaHfFs.exe
  2⤵
  PID:8056
- C:\Windows\System\tYHGLBm.exe
  C:\Windows\System\tYHGLBm.exe
  2⤵
  PID:8028
- C:\Windows\System\hscERJo.exe
  C:\Windows\System\hscERJo.exe
  2⤵
  PID:8140
- C:\Windows\System\qhcfzAT.exe
  C:\Windows\System\qhcfzAT.exe
  2⤵
  PID:8184
- C:\Windows\System\LBvEKOg.exe
  C:\Windows\System\LBvEKOg.exe
  2⤵
  PID:7132
- C:\Windows\System\cSYQfnE.exe
  C:\Windows\System\cSYQfnE.exe
  2⤵
  PID:7204
- C:\Windows\System\Uvrvgkl.exe
  C:\Windows\System\Uvrvgkl.exe
  2⤵
  PID:7316
- C:\Windows\System\dBmfPgP.exe
  C:\Windows\System\dBmfPgP.exe
  2⤵
  PID:7300
- C:\Windows\System\rOHjlOR.exe
  C:\Windows\System\rOHjlOR.exe
  2⤵
  PID:7340
- C:\Windows\System\GjZYdNz.exe
  C:\Windows\System\GjZYdNz.exe
  2⤵
  PID:7348
- C:\Windows\System\OxfwALj.exe
  C:\Windows\System\OxfwALj.exe
  2⤵
  PID:7352
- C:\Windows\System\qQiTWCz.exe
  C:\Windows\System\qQiTWCz.exe
  2⤵
  PID:7260
- C:\Windows\System\PycOUAY.exe
  C:\Windows\System\PycOUAY.exe
  2⤵
  PID:7296
- C:\Windows\System\PUqDdYc.exe
  C:\Windows\System\PUqDdYc.exe
  2⤵
  PID:7408
- C:\Windows\System\FWBCnsa.exe
  C:\Windows\System\FWBCnsa.exe
  2⤵
  PID:7456
- C:\Windows\System\oWkTuBI.exe
  C:\Windows\System\oWkTuBI.exe
  2⤵
  PID:7532
- C:\Windows\System\VgQWnGP.exe
  C:\Windows\System\VgQWnGP.exe
  2⤵
  PID:7568
- C:\Windows\System\pzyOEKb.exe
  C:\Windows\System\pzyOEKb.exe
  2⤵
  PID:7624
- C:\Windows\System\scZmqRd.exe
  C:\Windows\System\scZmqRd.exe
  2⤵
  PID:7420
- C:\Windows\System\viPKSIs.exe
  C:\Windows\System\viPKSIs.exe
  2⤵
  PID:2608
- C:\Windows\System\xsdBEpF.exe
  C:\Windows\System\xsdBEpF.exe
  2⤵
  PID:7488
- C:\Windows\System\gbbCZcI.exe
  C:\Windows\System\gbbCZcI.exe
  2⤵
  PID:7508
- C:\Windows\System\jCDoVAk.exe
  C:\Windows\System\jCDoVAk.exe
  2⤵
  PID:7524
- C:\Windows\System\NvwpnpK.exe
  C:\Windows\System\NvwpnpK.exe
  2⤵
  PID:7564
- C:\Windows\System\cQqxvts.exe
  C:\Windows\System\cQqxvts.exe
  2⤵
  PID:7588
- C:\Windows\System\umQjpir.exe
  C:\Windows\System\umQjpir.exe
  2⤵
  PID:7616
- C:\Windows\System\EpluLUr.exe
  C:\Windows\System\EpluLUr.exe
  2⤵
  PID:7656
- C:\Windows\System\CgXAPvd.exe
  C:\Windows\System\CgXAPvd.exe
  2⤵
  PID:7676
- C:\Windows\System\YcUVMAl.exe
  C:\Windows\System\YcUVMAl.exe
  2⤵
  PID:7700
- C:\Windows\System\MUDmLMa.exe
  C:\Windows\System\MUDmLMa.exe
  2⤵
  PID:7736
- C:\Windows\System\fkTXsMI.exe
  C:\Windows\System\fkTXsMI.exe
  2⤵
  PID:7752
- C:\Windows\System\LlFYiuX.exe
  C:\Windows\System\LlFYiuX.exe
  2⤵
  PID:1164
- C:\Windows\System\SKdCsOJ.exe
  C:\Windows\System\SKdCsOJ.exe
  2⤵
  PID:7976
- C:\Windows\System\pvGZNRJ.exe
  C:\Windows\System\pvGZNRJ.exe
  2⤵
  PID:7928
- C:\Windows\System\rHHnAZN.exe
  C:\Windows\System\rHHnAZN.exe
  2⤵
  PID:7992
- C:\Windows\System\OJNqARH.exe
  C:\Windows\System\OJNqARH.exe
  2⤵
  PID:8188
- C:\Windows\System\yfzSUpi.exe
  C:\Windows\System\yfzSUpi.exe
  2⤵
  PID:8092
- C:\Windows\System\xKgmLVo.exe
  C:\Windows\System\xKgmLVo.exe
  2⤵
  PID:1508
- C:\Windows\System\qcYbkLM.exe
  C:\Windows\System\qcYbkLM.exe
  2⤵
  PID:6800
- C:\Windows\System\bxIfLEd.exe
  C:\Windows\System\bxIfLEd.exe
  2⤵
  PID:7636
- C:\Windows\System\gHmguuO.exe
  C:\Windows\System\gHmguuO.exe
  2⤵
  PID:7276
- C:\Windows\System\zFMvNOY.exe
  C:\Windows\System\zFMvNOY.exe
  2⤵
  PID:7376
- C:\Windows\System\JqQiGMS.exe
  C:\Windows\System\JqQiGMS.exe
  2⤵
  PID:7356
- C:\Windows\System\iuQebgn.exe
  C:\Windows\System\iuQebgn.exe
  2⤵
  PID:7424
- C:\Windows\System\TCEqQMt.exe
  C:\Windows\System\TCEqQMt.exe
  2⤵
  PID:7452
- C:\Windows\System\aGPOulg.exe
  C:\Windows\System\aGPOulg.exe
  2⤵
  PID:7540
- C:\Windows\System\TMNvUvi.exe
  C:\Windows\System\TMNvUvi.exe
  2⤵
  PID:7516
- C:\Windows\System\hBPiYop.exe
  C:\Windows\System\hBPiYop.exe
  2⤵
  PID:7464
- C:\Windows\System\uFYXWyc.exe
  C:\Windows\System\uFYXWyc.exe
  2⤵
  PID:7672
- C:\Windows\System\oTKDlkP.exe
  C:\Windows\System\oTKDlkP.exe
  2⤵
  PID:7800
- C:\Windows\System\szuQIUI.exe
  C:\Windows\System\szuQIUI.exe
  2⤵
  PID:7696
- C:\Windows\System\eulrHqJ.exe
  C:\Windows\System\eulrHqJ.exe
  2⤵
  PID:7788
- C:\Windows\System\NIgKhXe.exe
  C:\Windows\System\NIgKhXe.exe
  2⤵
  PID:8136
- C:\Windows\System\kxetKcj.exe
  C:\Windows\System\kxetKcj.exe
  2⤵
  PID:7224
- C:\Windows\System\KmCZjLs.exe
  C:\Windows\System\KmCZjLs.exe
  2⤵
  PID:7548
- C:\Windows\System\CEKScPz.exe
  C:\Windows\System\CEKScPz.exe
  2⤵
  PID:7552
- C:\Windows\System\aPambWt.exe
  C:\Windows\System\aPambWt.exe
  2⤵
  PID:7724
- C:\Windows\System\mbPPRyH.exe
  C:\Windows\System\mbPPRyH.exe
  2⤵
  PID:8152
- C:\Windows\System\yOynaeN.exe
  C:\Windows\System\yOynaeN.exe
  2⤵
  PID:2600
- C:\Windows\System\CCZtquf.exe
  C:\Windows\System\CCZtquf.exe
  2⤵
  PID:8076
- C:\Windows\System\SKBYniV.exe
  C:\Windows\System\SKBYniV.exe
  2⤵
  PID:7404
- C:\Windows\System\kcxuifT.exe
  C:\Windows\System\kcxuifT.exe
  2⤵
  PID:7228
- C:\Windows\System\msmoPNW.exe
  C:\Windows\System\msmoPNW.exe
  2⤵
  PID:7668
- C:\Windows\System\wYkTVsk.exe
  C:\Windows\System\wYkTVsk.exe
  2⤵
  PID:7868
- C:\Windows\System\bVlxKxn.exe
  C:\Windows\System\bVlxKxn.exe
  2⤵
  PID:8156
- C:\Windows\System\kHOIaLE.exe
  C:\Windows\System\kHOIaLE.exe
  2⤵
  PID:7608
- C:\Windows\System\pKGMeBt.exe
  C:\Windows\System\pKGMeBt.exe
  2⤵
  PID:7912
- C:\Windows\System\RhtKCYl.exe
  C:\Windows\System\RhtKCYl.exe
  2⤵
  PID:1656
- C:\Windows\System\uwbiOMp.exe
  C:\Windows\System\uwbiOMp.exe
  2⤵
  PID:7292
- C:\Windows\System\YMGprnI.exe
  C:\Windows\System\YMGprnI.exe
  2⤵
  PID:8208
- C:\Windows\System\qsLPxTD.exe
  C:\Windows\System\qsLPxTD.exe
  2⤵
  PID:8224
- C:\Windows\System\FRLOqlC.exe
  C:\Windows\System\FRLOqlC.exe
  2⤵
  PID:8240
- C:\Windows\System\OlaarAf.exe
  C:\Windows\System\OlaarAf.exe
  2⤵
  PID:8256
- C:\Windows\System\wriCzAj.exe
  C:\Windows\System\wriCzAj.exe
  2⤵
  PID:8272
- C:\Windows\System\dIGbswk.exe
  C:\Windows\System\dIGbswk.exe
  2⤵
  PID:8288
- C:\Windows\System\hWSLOkU.exe
  C:\Windows\System\hWSLOkU.exe
  2⤵
  PID:8308
- C:\Windows\System\eUsfKTw.exe
  C:\Windows\System\eUsfKTw.exe
  2⤵
  PID:8324
- C:\Windows\System\emAResM.exe
  C:\Windows\System\emAResM.exe
  2⤵
  PID:8340
- C:\Windows\System\wTlVhaz.exe
  C:\Windows\System\wTlVhaz.exe
  2⤵
  PID:8356
- C:\Windows\System\zQDCicX.exe
  C:\Windows\System\zQDCicX.exe
  2⤵
  PID:8372
- C:\Windows\System\rGEQRCZ.exe
  C:\Windows\System\rGEQRCZ.exe
  2⤵
  PID:8388
- C:\Windows\System\EnfLPFm.exe
  C:\Windows\System\EnfLPFm.exe
  2⤵
  PID:8404
- C:\Windows\System\FfxebSX.exe
  C:\Windows\System\FfxebSX.exe
  2⤵
  PID:8420
- C:\Windows\System\mJoBXHg.exe
  C:\Windows\System\mJoBXHg.exe
  2⤵
  PID:8436
- C:\Windows\System\HcdHuql.exe
  C:\Windows\System\HcdHuql.exe
  2⤵
  PID:8452
- C:\Windows\System\xKqflFg.exe
  C:\Windows\System\xKqflFg.exe
  2⤵
  PID:8468
- C:\Windows\System\JctPkTf.exe
  C:\Windows\System\JctPkTf.exe
  2⤵
  PID:8484
- C:\Windows\System\tzuUuTw.exe
  C:\Windows\System\tzuUuTw.exe
  2⤵
  PID:8500
- C:\Windows\System\uMNazrI.exe
  C:\Windows\System\uMNazrI.exe
  2⤵
  PID:8516
- C:\Windows\System\StHQgcH.exe
  C:\Windows\System\StHQgcH.exe
  2⤵
  PID:8532
- C:\Windows\System\AGOWAYB.exe
  C:\Windows\System\AGOWAYB.exe
  2⤵
  PID:8548
- C:\Windows\System\dslxOIK.exe
  C:\Windows\System\dslxOIK.exe
  2⤵
  PID:8564
- C:\Windows\System\OHrpeMO.exe
  C:\Windows\System\OHrpeMO.exe
  2⤵
  PID:8580
- C:\Windows\System\veWYmtJ.exe
  C:\Windows\System\veWYmtJ.exe
  2⤵
  PID:8596
- C:\Windows\System\JTKTVkT.exe
  C:\Windows\System\JTKTVkT.exe
  2⤵
  PID:8612
- C:\Windows\System\QZikWzj.exe
  C:\Windows\System\QZikWzj.exe
  2⤵
  PID:8636
- C:\Windows\System\uKIOwKt.exe
  C:\Windows\System\uKIOwKt.exe
  2⤵
  PID:8652
- C:\Windows\System\jxxQsnk.exe
  C:\Windows\System\jxxQsnk.exe
  2⤵
  PID:8668
- C:\Windows\System\ANKJDZI.exe
  C:\Windows\System\ANKJDZI.exe
  2⤵
  PID:8684
- C:\Windows\System\KGDFBEo.exe
  C:\Windows\System\KGDFBEo.exe
  2⤵
  PID:8708
- C:\Windows\System\GPJDKOK.exe
  C:\Windows\System\GPJDKOK.exe
  2⤵
  PID:8728
- C:\Windows\System\FEaVwSx.exe
  C:\Windows\System\FEaVwSx.exe
  2⤵
  PID:8756
- C:\Windows\System\ggzkyiO.exe
  C:\Windows\System\ggzkyiO.exe
  2⤵
  PID:8776
- C:\Windows\System\ihiQPVN.exe
  C:\Windows\System\ihiQPVN.exe
  2⤵
  PID:8796
- C:\Windows\System\FcLfXLX.exe
  C:\Windows\System\FcLfXLX.exe
  2⤵
  PID:8816
- C:\Windows\System\ClzwWqb.exe
  C:\Windows\System\ClzwWqb.exe
  2⤵
  PID:8832
- C:\Windows\System\RLJhqQK.exe
  C:\Windows\System\RLJhqQK.exe
  2⤵
  PID:8852
- C:\Windows\System\zHccPyo.exe
  C:\Windows\System\zHccPyo.exe
  2⤵
  PID:8868
- C:\Windows\System\dwYoNXG.exe
  C:\Windows\System\dwYoNXG.exe
  2⤵
  PID:8884
- C:\Windows\System\buoEmEo.exe
  C:\Windows\System\buoEmEo.exe
  2⤵
  PID:8900
- C:\Windows\System\vrXSUjy.exe
  C:\Windows\System\vrXSUjy.exe
  2⤵
  PID:8916
- C:\Windows\System\uEItjFk.exe
  C:\Windows\System\uEItjFk.exe
  2⤵
  PID:8936
- C:\Windows\System\seBUBvk.exe
  C:\Windows\System\seBUBvk.exe
  2⤵
  PID:8952
- C:\Windows\System\VRDSluS.exe
  C:\Windows\System\VRDSluS.exe
  2⤵
  PID:8968
- C:\Windows\System\VSCKmOv.exe
  C:\Windows\System\VSCKmOv.exe
  2⤵
  PID:8984
- C:\Windows\System\udTiOeP.exe
  C:\Windows\System\udTiOeP.exe
  2⤵
  PID:9000
- C:\Windows\System\kdtwxtQ.exe
  C:\Windows\System\kdtwxtQ.exe
  2⤵
  PID:9016
- C:\Windows\System\lPSgLTr.exe
  C:\Windows\System\lPSgLTr.exe
  2⤵
  PID:9032
- C:\Windows\System\LDcCGqQ.exe
  C:\Windows\System\LDcCGqQ.exe
  2⤵
  PID:9052
- C:\Windows\System\rZdfktH.exe
  C:\Windows\System\rZdfktH.exe
  2⤵
  PID:9068
- C:\Windows\System\WIfsyEF.exe
  C:\Windows\System\WIfsyEF.exe
  2⤵
  PID:9084
- C:\Windows\System\juoGWKy.exe
  C:\Windows\System\juoGWKy.exe
  2⤵
  PID:9108
- C:\Windows\System\RNJjyEK.exe
  C:\Windows\System\RNJjyEK.exe
  2⤵
  PID:9124
- C:\Windows\System\sKSAtbI.exe
  C:\Windows\System\sKSAtbI.exe
  2⤵
  PID:9140
- C:\Windows\System\qQveOOX.exe
  C:\Windows\System\qQveOOX.exe
  2⤵
  PID:9156
- C:\Windows\System\ZbeEMWF.exe
  C:\Windows\System\ZbeEMWF.exe
  2⤵
  PID:9172
- C:\Windows\System\tYfbmzo.exe
  C:\Windows\System\tYfbmzo.exe
  2⤵
  PID:9188
- C:\Windows\System\fFvnwQY.exe
  C:\Windows\System\fFvnwQY.exe
  2⤵
  PID:9204
- C:\Windows\System\YBZcuqk.exe
  C:\Windows\System\YBZcuqk.exe
  2⤵
  PID:7388
- C:\Windows\System\iAzEYgf.exe
  C:\Windows\System\iAzEYgf.exe
  2⤵
  PID:8236
- C:\Windows\System\eYuxpKG.exe
  C:\Windows\System\eYuxpKG.exe
  2⤵
  PID:7480
- C:\Windows\System\iQxrBsA.exe
  C:\Windows\System\iQxrBsA.exe
  2⤵
  PID:7312
- C:\Windows\System\GsLiWOe.exe
  C:\Windows\System\GsLiWOe.exe
  2⤵
  PID:8216
- C:\Windows\System\oWwSGoj.exe
  C:\Windows\System\oWwSGoj.exe
  2⤵
  PID:8280
- C:\Windows\System\IoaVDYm.exe
  C:\Windows\System\IoaVDYm.exe
  2⤵
  PID:7768
- C:\Windows\System\QAptfCX.exe
  C:\Windows\System\QAptfCX.exe
  2⤵
  PID:8352
- C:\Windows\System\QcCRacI.exe
  C:\Windows\System\QcCRacI.exe
  2⤵
  PID:8368
- C:\Windows\System\ssSahKs.exe
  C:\Windows\System\ssSahKs.exe
  2⤵
  PID:8428
- C:\Windows\System\zHmerKV.exe
  C:\Windows\System\zHmerKV.exe
  2⤵
  PID:8496
- C:\Windows\System\hSSxOKu.exe
  C:\Windows\System\hSSxOKu.exe
  2⤵
  PID:8412
- C:\Windows\System\bgkrbhG.exe
  C:\Windows\System\bgkrbhG.exe
  2⤵
  PID:8480
- C:\Windows\System\JfIAFxP.exe
  C:\Windows\System\JfIAFxP.exe
  2⤵
  PID:8560
- C:\Windows\System\dXTvclV.exe
  C:\Windows\System\dXTvclV.exe
  2⤵
  PID:8620
- C:\Windows\System\GBSdEUB.exe
  C:\Windows\System\GBSdEUB.exe
  2⤵
  PID:8664
- C:\Windows\System\YzWXxxm.exe
  C:\Windows\System\YzWXxxm.exe
  2⤵
  PID:8700
- C:\Windows\System\MgEjrgz.exe
  C:\Windows\System\MgEjrgz.exe
  2⤵
  PID:8748
- C:\Windows\System\rWdTlhb.exe
  C:\Windows\System\rWdTlhb.exe
  2⤵
  PID:8792
- C:\Windows\System\KpoQIFy.exe
  C:\Windows\System\KpoQIFy.exe
  2⤵
  PID:8576
- C:\Windows\System\EWYQYqt.exe
  C:\Windows\System\EWYQYqt.exe
  2⤵
  PID:8540
- C:\Windows\System\mUCtDcW.exe
  C:\Windows\System\mUCtDcW.exe
  2⤵
  PID:8644
- C:\Windows\System\pbnRqGD.exe
  C:\Windows\System\pbnRqGD.exe
  2⤵
  PID:8724
- C:\Windows\System\yEhnieu.exe
  C:\Windows\System\yEhnieu.exe
  2⤵
  PID:8772
- C:\Windows\System\tqtwpgU.exe
  C:\Windows\System\tqtwpgU.exe
  2⤵
  PID:8892
- C:\Windows\System\IipjuaV.exe
  C:\Windows\System\IipjuaV.exe
  2⤵
  PID:7392
- C:\Windows\System\hDUmbhq.exe
  C:\Windows\System\hDUmbhq.exe
  2⤵
  PID:8960
- C:\Windows\System\mvtCpln.exe
  C:\Windows\System\mvtCpln.exe
  2⤵
  PID:9024
- C:\Windows\System\JomhNPl.exe
  C:\Windows\System\JomhNPl.exe
  2⤵
  PID:8880
- C:\Windows\System\yLBGfPy.exe
  C:\Windows\System\yLBGfPy.exe
  2⤵
  PID:8944
- C:\Windows\System\mEpBCIA.exe
  C:\Windows\System\mEpBCIA.exe
  2⤵
  PID:9008
- C:\Windows\System\pkjoQGy.exe
  C:\Windows\System\pkjoQGy.exe
  2⤵
  PID:9048
- C:\Windows\System\vCUfVUE.exe
  C:\Windows\System\vCUfVUE.exe
  2⤵
  PID:9064
- C:\Windows\System\ckitDcU.exe
  C:\Windows\System\ckitDcU.exe
  2⤵
  PID:9100
- C:\Windows\System\oeWMLDn.exe
  C:\Windows\System\oeWMLDn.exe
  2⤵
  PID:9168
- C:\Windows\System\UqpxGSV.exe
  C:\Windows\System\UqpxGSV.exe
  2⤵
  PID:9196
- C:\Windows\System\ncOnUSm.exe
  C:\Windows\System\ncOnUSm.exe
  2⤵
  PID:7708
- C:\Windows\System\VdxxYpp.exe
  C:\Windows\System\VdxxYpp.exe
  2⤵
  PID:8348
- C:\Windows\System\USeUrTZ.exe
  C:\Windows\System\USeUrTZ.exe
  2⤵
  PID:9148
- C:\Windows\System\CPselcY.exe
  C:\Windows\System\CPselcY.exe
  2⤵
  PID:8432
- C:\Windows\System\BtSGRGI.exe
  C:\Windows\System\BtSGRGI.exe
  2⤵
  PID:8628
- C:\Windows\System\MHNMKWG.exe
  C:\Windows\System\MHNMKWG.exe
  2⤵
  PID:8824
- C:\Windows\System\OULEzey.exe
  C:\Windows\System\OULEzey.exe
  2⤵
  PID:8768
- C:\Windows\System\DSTMDMW.exe
  C:\Windows\System\DSTMDMW.exe
  2⤵
  PID:8812
- C:\Windows\System\kLDOLdA.exe
  C:\Windows\System\kLDOLdA.exe
  2⤵
  PID:8848
- C:\Windows\System\jtSQHUC.exe
  C:\Windows\System\jtSQHUC.exe
  2⤵
  PID:8296
- C:\Windows\System\eTPnNXW.exe
  C:\Windows\System\eTPnNXW.exe
  2⤵
  PID:8364
- C:\Windows\System\uHSBoJy.exe
  C:\Windows\System\uHSBoJy.exe
  2⤵
  PID:8448
- C:\Windows\System\RLbBKWr.exe
  C:\Windows\System\RLbBKWr.exe
  2⤵
  PID:8508
- C:\Windows\System\cJrThxA.exe
  C:\Windows\System\cJrThxA.exe
  2⤵
  PID:8512
- C:\Windows\System\OszlOVp.exe
  C:\Windows\System\OszlOVp.exe
  2⤵
  PID:9028
- C:\Windows\System\zyNfdGv.exe
  C:\Windows\System\zyNfdGv.exe
  2⤵
  PID:9136
- C:\Windows\System\dzigZTf.exe
  C:\Windows\System\dzigZTf.exe
  2⤵
  PID:8928
- C:\Windows\System\mqiMSiE.exe
  C:\Windows\System\mqiMSiE.exe
  2⤵
  PID:7368
- C:\Windows\System\OlFRtQg.exe
  C:\Windows\System\OlFRtQg.exe
  2⤵
  PID:8908
- C:\Windows\System\vAIxWpe.exe
  C:\Windows\System\vAIxWpe.exe
  2⤵
  PID:8464
- C:\Windows\System\jMubnLV.exe
  C:\Windows\System\jMubnLV.exe
  2⤵
  PID:8380
- C:\Windows\System\NDTZWSu.exe
  C:\Windows\System\NDTZWSu.exe
  2⤵
  PID:7804
- C:\Windows\System\zoObxwb.exe
  C:\Windows\System\zoObxwb.exe
  2⤵
  PID:9212
- C:\Windows\System\YzyeEzG.exe
  C:\Windows\System\YzyeEzG.exe
  2⤵
  PID:8996
- C:\Windows\System\xnhKYZa.exe
  C:\Windows\System\xnhKYZa.exe
  2⤵
  PID:8784
- C:\Windows\System\SycCAXW.exe
  C:\Windows\System\SycCAXW.exe
  2⤵
  PID:9060
- C:\Windows\System\DhsJRlz.exe
  C:\Windows\System\DhsJRlz.exe
  2⤵
  PID:9180
- C:\Windows\System\muDwtSz.exe
  C:\Windows\System\muDwtSz.exe
  2⤵
  PID:8864
- C:\Windows\System\xVGblYx.exe
  C:\Windows\System\xVGblYx.exe
  2⤵
  PID:8024
- C:\Windows\System\CeMHPtr.exe
  C:\Windows\System\CeMHPtr.exe
  2⤵
  PID:8528
- C:\Windows\System\uNGGHNe.exe
  C:\Windows\System\uNGGHNe.exe
  2⤵
  PID:8400
- C:\Windows\System\lIErYQE.exe
  C:\Windows\System\lIErYQE.exe
  2⤵
  PID:7612
- C:\Windows\System\dSttGgF.exe
  C:\Windows\System\dSttGgF.exe
  2⤵
  PID:8932
- C:\Windows\System\cfExibZ.exe
  C:\Windows\System\cfExibZ.exe
  2⤵
  PID:8300
- C:\Windows\System\vkwWciZ.exe
  C:\Windows\System\vkwWciZ.exe
  2⤵
  PID:8740
- C:\Windows\System\ozklOyY.exe
  C:\Windows\System\ozklOyY.exe
  2⤵
  PID:8320
- C:\Windows\System\nzzoUqs.exe
  C:\Windows\System\nzzoUqs.exe
  2⤵
  PID:9232
- C:\Windows\System\iyaRwkq.exe
  C:\Windows\System\iyaRwkq.exe
  2⤵
  PID:9248
- C:\Windows\System\yOfGjDY.exe
  C:\Windows\System\yOfGjDY.exe
  2⤵
  PID:9264
- C:\Windows\System\wwRiivJ.exe
  C:\Windows\System\wwRiivJ.exe
  2⤵
  PID:9280
- C:\Windows\System\eeLNlLA.exe
  C:\Windows\System\eeLNlLA.exe
  2⤵
  PID:9296
- C:\Windows\System\folDNIh.exe
  C:\Windows\System\folDNIh.exe
  2⤵
  PID:9312
- C:\Windows\System\dUBnzOV.exe
  C:\Windows\System\dUBnzOV.exe
  2⤵
  PID:9328
- C:\Windows\System\EWSxLWn.exe
  C:\Windows\System\EWSxLWn.exe
  2⤵
  PID:9344
- C:\Windows\System\KgEGrpr.exe
  C:\Windows\System\KgEGrpr.exe
  2⤵
  PID:9364
- C:\Windows\System\CiEljNN.exe
  C:\Windows\System\CiEljNN.exe
  2⤵
  PID:9380
- C:\Windows\System\MsrkWhf.exe
  C:\Windows\System\MsrkWhf.exe
  2⤵
  PID:9396
- C:\Windows\System\NWLkVyg.exe
  C:\Windows\System\NWLkVyg.exe
  2⤵
  PID:9412
- C:\Windows\System\alHPzee.exe
  C:\Windows\System\alHPzee.exe
  2⤵
  PID:9432
- C:\Windows\System\TLLnIBI.exe
  C:\Windows\System\TLLnIBI.exe
  2⤵
  PID:9448
- C:\Windows\System\OZjClRk.exe
  C:\Windows\System\OZjClRk.exe
  2⤵
  PID:9464
- C:\Windows\System\mneMhHK.exe
  C:\Windows\System\mneMhHK.exe
  2⤵
  PID:9480
- C:\Windows\System\YVmTOCX.exe
  C:\Windows\System\YVmTOCX.exe
  2⤵
  PID:9496
- C:\Windows\System\nsGcFYz.exe
  C:\Windows\System\nsGcFYz.exe
  2⤵
  PID:9512
- C:\Windows\System\VgfToba.exe
  C:\Windows\System\VgfToba.exe
  2⤵
  PID:9528
- C:\Windows\System\NLJQkqt.exe
  C:\Windows\System\NLJQkqt.exe
  2⤵
  PID:9544
- C:\Windows\System\SWjrPKs.exe
  C:\Windows\System\SWjrPKs.exe
  2⤵
  PID:9560
- C:\Windows\System\IYqRzez.exe
  C:\Windows\System\IYqRzez.exe
  2⤵
  PID:9576
- C:\Windows\System\VunaXYJ.exe
  C:\Windows\System\VunaXYJ.exe
  2⤵
  PID:9592
- C:\Windows\System\OruRMyR.exe
  C:\Windows\System\OruRMyR.exe
  2⤵
  PID:9608
- C:\Windows\System\sKixVvj.exe
  C:\Windows\System\sKixVvj.exe
  2⤵
  PID:9624
- C:\Windows\System\fFaRuhR.exe
  C:\Windows\System\fFaRuhR.exe
  2⤵
  PID:9640
- C:\Windows\System\wYLnhTM.exe
  C:\Windows\System\wYLnhTM.exe
  2⤵
  PID:9656
- C:\Windows\System\ILulzjg.exe
  C:\Windows\System\ILulzjg.exe
  2⤵
  PID:9672
- C:\Windows\System\LjyJvVw.exe
  C:\Windows\System\LjyJvVw.exe
  2⤵
  PID:9688
- C:\Windows\System\ZSRRaBp.exe
  C:\Windows\System\ZSRRaBp.exe
  2⤵
  PID:9704
- C:\Windows\System\vuXyxtS.exe
  C:\Windows\System\vuXyxtS.exe
  2⤵
  PID:9720
- C:\Windows\System\myUIuEH.exe
  C:\Windows\System\myUIuEH.exe
  2⤵
  PID:9736
- C:\Windows\System\GJpuuGP.exe
  C:\Windows\System\GJpuuGP.exe
  2⤵
  PID:9752
- C:\Windows\System\PuKivCD.exe
  C:\Windows\System\PuKivCD.exe
  2⤵
  PID:9768
- C:\Windows\System\TYXszlx.exe
  C:\Windows\System\TYXszlx.exe
  2⤵
  PID:9784
- C:\Windows\System\UuSSXNK.exe
  C:\Windows\System\UuSSXNK.exe
  2⤵
  PID:9800
- C:\Windows\System\OnWtcXz.exe
  C:\Windows\System\OnWtcXz.exe
  2⤵
  PID:9816
- C:\Windows\System\AQpDrCg.exe
  C:\Windows\System\AQpDrCg.exe
  2⤵
  PID:9832
- C:\Windows\System\KZbTyfA.exe
  C:\Windows\System\KZbTyfA.exe
  2⤵
  PID:9848
- C:\Windows\System\Dehhbdz.exe
  C:\Windows\System\Dehhbdz.exe
  2⤵
  PID:9864
- C:\Windows\System\TEyOyjK.exe
  C:\Windows\System\TEyOyjK.exe
  2⤵
  PID:9880
- C:\Windows\System\JvqXZKm.exe
  C:\Windows\System\JvqXZKm.exe
  2⤵
  PID:9896
- C:\Windows\System\EKplvvW.exe
  C:\Windows\System\EKplvvW.exe
  2⤵
  PID:9912
- C:\Windows\System\vQBbwmQ.exe
  C:\Windows\System\vQBbwmQ.exe
  2⤵
  PID:9928
- C:\Windows\System\lgenBNz.exe
  C:\Windows\System\lgenBNz.exe
  2⤵
  PID:9944
- C:\Windows\System\TMwJAMv.exe
  C:\Windows\System\TMwJAMv.exe
  2⤵
  PID:9960
- C:\Windows\System\KFlfzjW.exe
  C:\Windows\System\KFlfzjW.exe
  2⤵
  PID:9976
- C:\Windows\System\wcZrtLw.exe
  C:\Windows\System\wcZrtLw.exe
  2⤵
  PID:9992
- C:\Windows\System\zIWGKYn.exe
  C:\Windows\System\zIWGKYn.exe
  2⤵
  PID:10008
- C:\Windows\System\iOCpfNP.exe
  C:\Windows\System\iOCpfNP.exe
  2⤵
  PID:10024
- C:\Windows\System\KeftROv.exe
  C:\Windows\System\KeftROv.exe
  2⤵
  PID:10040
- C:\Windows\System\LOpWLAB.exe
  C:\Windows\System\LOpWLAB.exe
  2⤵
  PID:10056
- C:\Windows\System\tMSSjnT.exe
  C:\Windows\System\tMSSjnT.exe
  2⤵
  PID:10072
- C:\Windows\System\KpgdjlK.exe
  C:\Windows\System\KpgdjlK.exe
  2⤵
  PID:10088
- C:\Windows\System\fozKUqj.exe
  C:\Windows\System\fozKUqj.exe
  2⤵
  PID:10104
- C:\Windows\System\dHUBttY.exe
  C:\Windows\System\dHUBttY.exe
  2⤵
  PID:10124
- C:\Windows\System\ONsPikZ.exe
  C:\Windows\System\ONsPikZ.exe
  2⤵
  PID:10140
- C:\Windows\System\jSkFKCl.exe
  C:\Windows\System\jSkFKCl.exe
  2⤵
  PID:10156
- C:\Windows\System\nWQTaeZ.exe
  C:\Windows\System\nWQTaeZ.exe
  2⤵
  PID:10172
- C:\Windows\System\eaKKwXZ.exe
  C:\Windows\System\eaKKwXZ.exe
  2⤵
  PID:10188
- C:\Windows\System\eurSmuO.exe
  C:\Windows\System\eurSmuO.exe
  2⤵
  PID:10204
- C:\Windows\System\MABLtQe.exe
  C:\Windows\System\MABLtQe.exe
  2⤵
  PID:10220
- C:\Windows\System\ofRRCbu.exe
  C:\Windows\System\ofRRCbu.exe
  2⤵
  PID:10236
- C:\Windows\System\stISknA.exe
  C:\Windows\System\stISknA.exe
  2⤵
  PID:9260
- C:\Windows\System\SZtxQVH.exe
  C:\Windows\System\SZtxQVH.exe
  2⤵
  PID:8592
- C:\Windows\System\WfJuDpp.exe
  C:\Windows\System\WfJuDpp.exe
  2⤵
  PID:9256
- C:\Windows\System\sQUziBH.exe
  C:\Windows\System\sQUziBH.exe
  2⤵
  PID:9308
- C:\Windows\System\QLLyeQJ.exe
  C:\Windows\System\QLLyeQJ.exe
  2⤵
  PID:9336
- C:\Windows\System\jaZeKNz.exe
  C:\Windows\System\jaZeKNz.exe
  2⤵
  PID:9372
- C:\Windows\System\qpOsAda.exe
  C:\Windows\System\qpOsAda.exe
  2⤵
  PID:9420
- C:\Windows\System\myuKKUR.exe
  C:\Windows\System\myuKKUR.exe
  2⤵
  PID:9552
- C:\Windows\System\vLsVJqv.exe
  C:\Windows\System\vLsVJqv.exe
  2⤵
  PID:9584
- C:\Windows\System\UAkWnCP.exe
  C:\Windows\System\UAkWnCP.exe
  2⤵
  PID:9684
- C:\Windows\System\mruHPfP.exe
  C:\Windows\System\mruHPfP.exe
  2⤵
  PID:9568
- C:\Windows\System\iOuyFDO.exe
  C:\Windows\System\iOuyFDO.exe
  2⤵
  PID:9632
- C:\Windows\System\GNNoWwQ.exe
  C:\Windows\System\GNNoWwQ.exe
  2⤵
  PID:9728
- C:\Windows\System\qCgVZpY.exe
  C:\Windows\System\qCgVZpY.exe
  2⤵
  PID:8572
- C:\Windows\System\QMhySTR.exe
  C:\Windows\System\QMhySTR.exe
  2⤵
  PID:8556
- C:\Windows\System\qTPNQLi.exe
  C:\Windows\System\qTPNQLi.exe
  2⤵
  PID:9392
- C:\Windows\System\jHLAWCy.exe
  C:\Windows\System\jHLAWCy.exe
  2⤵
  PID:9748
- C:\Windows\System\ePxOcZd.exe
  C:\Windows\System\ePxOcZd.exe
  2⤵
  PID:9780
- C:\Windows\System\RbvYUpf.exe
  C:\Windows\System\RbvYUpf.exe
  2⤵
  PID:9760
- C:\Windows\System\KYHlLkd.exe
  C:\Windows\System\KYHlLkd.exe
  2⤵
  PID:10248
- C:\Windows\System\WsvWjWV.exe
  C:\Windows\System\WsvWjWV.exe
  2⤵
  PID:10276
- C:\Windows\System\yeMHmdF.exe
  C:\Windows\System\yeMHmdF.exe
  2⤵
  PID:10300
- C:\Windows\System\gBsAEvP.exe
  C:\Windows\System\gBsAEvP.exe
  2⤵
  PID:10336
- C:\Windows\System\SaIycvI.exe
  C:\Windows\System\SaIycvI.exe
  2⤵
  PID:10404
- C:\Windows\System\XuafDcC.exe
  C:\Windows\System\XuafDcC.exe
  2⤵
  PID:10420
- C:\Windows\System\NVNzTUQ.exe
  C:\Windows\System\NVNzTUQ.exe
  2⤵
  PID:10436
- C:\Windows\System\oUyEldj.exe
  C:\Windows\System\oUyEldj.exe
  2⤵
  PID:10472
- C:\Windows\System\lUhDBMc.exe
  C:\Windows\System\lUhDBMc.exe
  2⤵
  PID:10488
- C:\Windows\System\yxJbZNo.exe
  C:\Windows\System\yxJbZNo.exe
  2⤵
  PID:10504
- C:\Windows\System\hXBNxJT.exe
  C:\Windows\System\hXBNxJT.exe
  2⤵
  PID:10524
- C:\Windows\System\KTfbCOX.exe
  C:\Windows\System\KTfbCOX.exe
  2⤵
  PID:10596
- C:\Windows\System\PbUvXKn.exe
  C:\Windows\System\PbUvXKn.exe
  2⤵
  PID:10632
- C:\Windows\System\pIlDMCo.exe
  C:\Windows\System\pIlDMCo.exe
  2⤵
  PID:10648
- C:\Windows\System\PxyzZwW.exe
  C:\Windows\System\PxyzZwW.exe
  2⤵
  PID:10664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AoOjThY.exe

Filesize
6.0MB

MD5
fb0ca9ff5f95db600f431f742d9c0a41

SHA1
d425b1fd368eb84a61470c322ae48d8d8fda0d32

SHA256
4ae16a2f4ffd05d95d948e1b8bc307b7c449736fe1e1f52b82573e774bd771b0

SHA512
5131a491c62b6859cb83a0ae817000d8ca4cae832ffbb5fb08ead38132f027a30ea5dd974258d4dea0fbb05c0e2efed47a49f634ea23a56b71f642b39edf7ce4

Download Submit
C:\Windows\system\BySlREJ.exe

Filesize
6.0MB

MD5
6213de0647ce82bf8860796b257429e2

SHA1
4fc277c3051f9cb37cafb6a50b68ad153510250f

SHA256
1c127ae88be74b616b0060ab140f872dbd358bd461305dce3bd831d4c63adc1c

SHA512
505dd7d52ce959f94f75af83757ec52638946e519ef628024011dde3c7ea2b66043d5ac763253b81e2913d66b09b29ca12517d2d59b3b0acaa18977f2a33bc54

Download Submit
C:\Windows\system\EOUnOOF.exe

Filesize
6.0MB

MD5
dd5b6a1ffadf38b002c7e86cee9dba0a

SHA1
a1dd9cecead6ac405220fa733369f37f196bbe75

SHA256
ccc429569a728b9e426078987ca1e687dfd595ef6e3d4a9b1c4a2abbdc013114

SHA512
b534af1d7bad6abdd967e7b32d8e2ed5949d34cebc919767acb4b307a67fb8c6fcb65459e729d97419b639923339672aed26a075c226917c1acd0b98641524ca

Download Submit
C:\Windows\system\FdSlGoh.exe

Filesize
6.0MB

MD5
785090b4aea132585f9e2785a18ada99

SHA1
5353b67236f9b4adbea1797348ff058426b086af

SHA256
e03ce1d6eac4bc30c06bbd97be203361fddbc22c90df6b4123df92ac3e70db04

SHA512
7d0edf4cfe9841640078e49557b533a01da8a2fcb9777fc9565db702d5cafe313ac02a11dd18c0cb9c3f28f44358dd4ad2ab9d4c7b1cfa504be4c35dfe63f46d

Download Submit
C:\Windows\system\GzKmJKb.exe

Filesize
6.0MB

MD5
4b32d5f53497fc1eb5fb2417ef274477

SHA1
04cea456d79e338d5d6946a22110c5bd44a23c25

SHA256
91c376994c0e2c305484c3aeb046c3d8e46927cf68e4d61894611b66f16f18ea

SHA512
a3b5642aa493894c1c1fbf97d5e21206ea3c88b9265f656eaf5a3d28aaa25c73035e585de88eea3ed3f32ea0a163bfca3e6bac19e40b28254413f34065f3a1ff

Download Submit
C:\Windows\system\HoNRvBU.exe

Filesize
6.0MB

MD5
ff648d68358b3f58f65b3e1fcfafca9b

SHA1
692a8ddbd91ea5520d7b5d7a662b6d0e0fb5b255

SHA256
a447a7fe114372fd2357538c2d121eea2f499be04d9efa417a880230caf22a96

SHA512
a3dd1f6b6460c5a8b6a521232602c27280f2f25192fbb3c73687a2e2bdc8f10117857ef1e663739ef166573af66dc528b5b86b2c1a51217c59dfa996698ad23d

Download Submit
C:\Windows\system\KiYFKFc.exe

Filesize
6.0MB

MD5
81a6e684802c583e210a19f07882c214

SHA1
a7038dc040e119f5edafa628c5258a6cd6554d93

SHA256
ddd4f37107989c9ed08f1f702035d469ac1beba0f71c9e0f35b397e089fd76b0

SHA512
2f206456c7930137ed90b3ea63b7f728ed508fe1021233099c585970608bd6011e0a3d74c119a7b30b85d26317cb2524cb8a00adf823f8213afc068ee33f59a2

Download Submit
C:\Windows\system\LOypmAB.exe

Filesize
6.0MB

MD5
dd98575def0ac3142c0143485ff1364a

SHA1
437a4fecd8d52638bc9c055afc620774b4bd69e2

SHA256
f27112e37aa97475978a059f182a774c81e7adab868e52eba68c6df38ef93b38

SHA512
5cab73781eaa3507b9985186ae91d186bdd7f3e570030b9e5d88029be2ba3ea9d866986c3e498fe82a66a45ef8ef9e588040125c2fa3f4f25575146bb479f86a

Download Submit
C:\Windows\system\LTWMmZr.exe

Filesize
6.0MB

MD5
7b93ef3c37e0afa4b4f17f542d164b74

SHA1
781962b91492468459887eb090e311aa6a45be15

SHA256
8df31f8789e127d41310990c831b4429b7569d9306039f7e4dd7ecc16fe2627a

SHA512
69fd3d47489f1435847e8c702849184e9d2a3db710940e9b915a81e2ef8fcb85fbf10c6cd75c5f6fd78bbba52d634c527817448e9d873529cd48c3508a4f7579

Download Submit
C:\Windows\system\OVoSzRB.exe

Filesize
6.0MB

MD5
0645204fdab88050c41a68a7747c7882

SHA1
f404a86d315e19a65fafcc4643614a0a05566929

SHA256
e5292ca3b4aeafd4d34807c9e1f98419df441191943e073d06f4d169c23cd59f

SHA512
543c76a6eb67365ee36b8cdc4c451a905680d2c602705720d871b5016a9609cb0da86f15962f156afa85edf99f987b8fb6f84305e368168b817bcbf32137b281

Download Submit
C:\Windows\system\SnzlfOm.exe

Filesize
6.0MB

MD5
c483c1ef993b70a89c34168e45064e43

SHA1
b827845e242f6339a122837b9e70df8dc21b07e3

SHA256
f1083b87a4719cbf88e9a6b2260fcb924f38d846228228326930b170e40d9615

SHA512
ca2d6e3f09ae71fdc072b0de620af92a3e5925694e0ba60aa8e1b4140cb5b6ba67ee338cea60ce6b685deb02164f5aaf4bbea803e7a1212fd4e9cd6fb5e7bf4b

Download Submit
C:\Windows\system\SqfAtDZ.exe

Filesize
6.0MB

MD5
8957471ecbe1e5bdd488322bfe240c33

SHA1
e6296c3b3fd3da202cc5bf86c589ec585a623e63

SHA256
0ac9c3927941de398516e030a55f68ed7bbe9e67f069534c6148e5c6b9fcf2be

SHA512
6c5143af4738421a2453d2fd6821b5f6053f40e032f00ad376cf12ee14507901a2781baf33f93f70179082f7027aa9b521070144b853a9cd34af9a474e21726e

Download Submit
C:\Windows\system\WVGKVTp.exe

Filesize
6.0MB

MD5
36a84d25a28da101106a7a6f8f650148

SHA1
82b581d0df2663bf7936e25994161568a314fb80

SHA256
4f006e951e3679efd0b0cd7b459fa2b854cb683133a92043661412861b4d8670

SHA512
69f8e2f3bcee6c5421f4c71d22b83b580da70606b4be39520ce8fad123be17b0eebd33913bd3f784bec3729d1605664db6491e0c3e9e7cbf7324ab77abf165e2

Download Submit
C:\Windows\system\ZiPZYwf.exe

Filesize
6.0MB

MD5
3f4e90f8e2775b066c6d812208ea3fae

SHA1
f1886a8e71ca18440b7fefa6e5cab2d43d0b4426

SHA256
1ddbc4cd7de2d4bba3e42dc4ebb7b16be7085c937db628fd030ab8d6664f452f

SHA512
038e55f552313992f6150fbd461157af00afe6a029c4324ece7bdf219a58b6258d19f8c5073055644f96ee60125b9c5e63f7a4e987c728bd8612ef03b6f55f43

Download Submit
C:\Windows\system\hBReUZA.exe

Filesize
6.0MB

MD5
c67cd14bed640439d3885d7120650e5e

SHA1
72c038a55c24ff60545e2f515214ba9fe392776c

SHA256
eec77edcf6c21f7246ec2427756c7bafae98535610d731bd073ab5605c075694

SHA512
1b93e2cbd0831b02a81efca398191999e647b24a06624362f80688966bfa2517283f31cc492ba1a253130a3d40e5eaa1401de308c80b4316cb82d4de9a13756f

Download Submit
C:\Windows\system\juFKNRt.exe

Filesize
6.0MB

MD5
752f62368ae9af26ebeec4f192c4f675

SHA1
d0ef3866232d2c27bede9d7c120329dbab8acfde

SHA256
297d1b0ec681c07e865108c133e8f3703cd0bf22d3e533a416cb87e0166cf9ab

SHA512
cd75b0d64835047cb5c451b02d83c60c654d635ec3903478eb79f9b6a121b061d7efc0a60b224bca420c05821643dfacd296b03771805e3fc6fec049eba4c19d

Download Submit
C:\Windows\system\knTlSez.exe

Filesize
6.0MB

MD5
f4eea06420d5d17a0cebb2e99cfddec1

SHA1
8d8313f2bc4b537e14c3a6d40bb529b4c6db1aa7

SHA256
6c8ab5038bd9bee21117931121818ec9cae2abf881ce39d14f63c69878572586

SHA512
f017bee9634309daf340c5f169d90d5127250cc34414c8c8dc6e2d3fcbebeecb3730d08b68b1894cd6d006c20f3dd2757929197c125b38d00c2ad9e5e1d109ca

Download Submit
C:\Windows\system\oaiLetv.exe

Filesize
6.0MB

MD5
68b8370f336a8aa299956d574ffb9034

SHA1
da45e1f2dcb3fab35842a61ce15027a4ca9f581c

SHA256
db560e2af8815c29f9d60ce66195f74ba932d4f38ac1daacef1c9ae5195d2ad0

SHA512
9b45d3aeb54d2f99897ac764310492dc32dcd9c03c76344a6695cf5c7a69dc0f3934c4f97b62e2eeeb25b41c504b2e396e80c656eb7f8bc078698548e8b45a41

Download Submit
C:\Windows\system\peMzGxM.exe

Filesize
6.0MB

MD5
3f552c0b71304ffc221f1ca681f42957

SHA1
7c1b02c44b2208c87f3878a152a4a1973acbc1e6

SHA256
a3628d01d98e2e10174efd2122bbf11452130c396192d85763189630238e13ed

SHA512
cd292d789b42fb0d5750c990f545dba61254d41b0d4c3f3b358a48004560adf41eac25e4a1b48949f99030ee0f3746645782e4bcd05efb6aa119f6821d927260

Download Submit
C:\Windows\system\qiXCXlO.exe

Filesize
6.0MB

MD5
516e1d25680abdbe61938cc948835643

SHA1
07fdfce669f306a0d119b3648291f47b4649c6bd

SHA256
1eb09d71bc112fffc478eaa00a07faae6cae1ca44315b9e96d9b7719e4bdbd6f

SHA512
f766dfa3a3f1846f8cd35e3fa478895afc126a9fe18da0890047f9b9f261bfb9dd226f8b391961b5be16a49a754b7f43ff6efc82b713beb827810fe52c1cc803

Download Submit
C:\Windows\system\rcifMaK.exe

Filesize
6.0MB

MD5
fa3bd8221d57c26661e4881c1fc2bea4

SHA1
bb1aa0b747b18564c30440142d71f92786d360b5

SHA256
e668b657657171bc19efa72c2791e08dd618c6c2cb13ac107b9928a54f4aedbe

SHA512
076f5bb4df61d47d87330d232461d8ce16e992134de237df49f8f2a49d9b132f3010577ac458f79da48cbe816ebe9837517f3e0d496c27d30e3ff0f20c0b31e0

Download Submit
C:\Windows\system\sXfPdHw.exe

Filesize
6.0MB

MD5
95d282e069741939aed6d8ef3cd95393

SHA1
bbee5459900f2682a6311776b2ebc58adfde0678

SHA256
476326bbcf002c27aa54d9a9f1facc05f1b5aa0fca1f7226ba871878d33dd0e2

SHA512
ec52e9986a0718d5cae0c26b67071a99f5664ea1c3334ca2b6ed532bbacadb4cff1e1185d276e63eed544988a275375b727b2b53d92ddb8c9afd739790ecd054

Download Submit
C:\Windows\system\uHQpfIt.exe

Filesize
6.0MB

MD5
fc87a785a98c3cdf40a6067dd60dbbe3

SHA1
11b371e741676857a3a474f4ad2afb8bbaa8ea31

SHA256
043d0771270e0f023248645a18dc75484658fa70ba3c5eec377df6b758c64d32

SHA512
e478ca355d61e323f5fdbdef3eb6a381bc2c4ce4d803f0ec3d32d9994a3359528635d20a7619387e96f2ada3047fe1562a6a3d0ab9925c4df85d941bd941a562

Download Submit
C:\Windows\system\zUpzyfE.exe

Filesize
6.0MB

MD5
4b6b6790dcfba242d1b9e8f3d37de5f6

SHA1
71159934ffd69b3eaa447a19c678b06daa2bfab6

SHA256
626792d9219dcc67565354a82aab45a2ae3d1da82d8218bf595f6906b22f818d

SHA512
fd67db635e2c835cfd7386c875e020d7492d83528dd599a116cc8edb2232eac48f5f570034eb4f905d2bea9146e8a0071b86c3f55020ec45519d31a5146e6fb8

Download Submit
\Windows\system\EdNGnFt.exe

Filesize
6.0MB

MD5
ad8d51e9a4e3bc43b88a556624b48682

SHA1
1240e3a3e4591fdb837d417074af87dac1bd7de7

SHA256
2807923c5d956f300a0850003675a048d317a8df93442eb1dad19dd2f44f6e81

SHA512
4f05726bf3414be9244d54c704a02cd348d3dec9ef98ab57c7c77076baffef62583d5f9e30c7c51eee2a2917dd8579fb660971a17ebb9d1895ff30167e17b47f

Download Submit
\Windows\system\JWxZNGf.exe

Filesize
6.0MB

MD5
b4cfccd39be99ed643d354cdb2b49df3

SHA1
01c47d7f0a9c7bc8ec0df6c28f997d141bd8022a

SHA256
eda255b5e165a00c7f1731ac73a9be53e4f9df1350563681c5a3fe38a4bc5a87

SHA512
231fe7055b75f0fb8ee6bb4ad2655146d86aedef1cd0e57974b9187a158c4f4a72f91c76414f6d1f404134122bc178f3668a2619bfae868ef3fe5e050f584d10

Download Submit
\Windows\system\VrGqVsM.exe

Filesize
6.0MB

MD5
94237e624fc3e55fa9c04d14626e684f

SHA1
88d4833410383ea4d8f8525386e3fdcb666ae120

SHA256
4c7a3b65d2c8d0f722023039698a250f48d9ce0c8ccbc945f7411605068a8664

SHA512
eb09e366f8ba2b38c8b5aa16c9d7f8558f763a388b52e73b4edcea075f933bb06409645df062666b62202a8dd47c300447d5561a5764a4a6267c0a3aec23d8bc

Download Submit
\Windows\system\YgxEfOk.exe

Filesize
6.0MB

MD5
4562310e78df4e84421e553a7e4b203d

SHA1
a3341d66ddc4aa4890a6c6df9f8bf0657f698aa5

SHA256
422d413ee523e847e706fbd2925cce2b22c8b50cd10fefa3ac3c9403c359fcd0

SHA512
71d295ed02505fb779348843a49fb099f2322cf2402463a394d7004ec256f4fd7c266ef832ab79055b488ddab64432b99fcc294901edc1e412d8ea5400754fdc

Download Submit
\Windows\system\bZsEGYE.exe

Filesize
6.0MB

MD5
61a60a39bd8fa0ce4a15a3b078dbc44e

SHA1
19d160b0881e61519aef27e36b06b292215abde7

SHA256
3d33d45f18a86a57908db42ff699543f3ab777f15ab09509b31fb3d2e4f9c077

SHA512
0cbe829bbb786debc7d5dbb1438e8ebe325f9fba2e26f60f0ecfa9acafb118fe07b3f637ddeea96ff2c7f17a79faf5d4234a1027b1c034435a377a5b012067bb

Download Submit
\Windows\system\jpwOAKM.exe

Filesize
6.0MB

MD5
a67f1c5304b82dbe856ccd75a8b8352a

SHA1
a9c0fb222976d9f489d8136ea550980610e1386a

SHA256
b9b1b1be9050b73ebabf66ee8cb4410c8e74262e57f1ba816a2403dfb49ba46e

SHA512
20a0811f454b662e4e23d772771c86183f2d9b383d7944425e485d65312560f033d8ee25a0fbfa9a1eec447def0a48dfd36230a49d25c5d139ac7bcf2009ed2f

Download Submit
\Windows\system\oYWIHkL.exe

Filesize
6.0MB

MD5
f9b26faf474554519c5b62572fad3bb8

SHA1
c90525a121691eb151b9d3d2f85c6d264f6fc8ef

SHA256
e7e9ac5937445ff2270eda8c05f44a4b248b91c08d9249dd20dea45d9c32fdb4

SHA512
1a36cadf76f8c5206915d8df5d869567d321b4a39933f5000f84dafcb7e444df29992290306a9077a773b5722db7378e543ea0da9a73938059b1b09df70bd531

Download Submit
\Windows\system\qUCSjmr.exe

Filesize
6.0MB

MD5
93cac6e9e8b5fe32a2aeaf4628e30526

SHA1
43e0c487f61e2b74573f0e92379abafd6de64abf

SHA256
d4c0ce33c36b42b0d15f59193ab88c6bdb1952ec4ffdcdbb8bd12d0dbe1c4d39

SHA512
4f43e21c0630f49e673fbe09cd3148457a3f6282b2dd0d058b6411796446ab652792131d1e0f4c42116dca3b434663e47c04934ae385233b86e9f3266f8955a6

Download Submit
\Windows\system\trMOSQY.exe

Filesize
6.0MB

MD5
5e2e831b11e62187ac9ba71fa3dc252a

SHA1
2c560a3b9ae64939ca7ca169c55338197f779ff9

SHA256
a24e5ca5e451e2230f37b9c0bb90378f206165f33398525a62072ff0a714d062

SHA512
75acf43df660f09978f7b8f5024547486b032c2b3f0ead2d55f59888b3245cd519d956dadcf5963dec554525f20ca96f4b4b725f17bdc7c282f167c147fac541

Download Submit
memory/1012-4011-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1012-9-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1940-4013-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1940-15-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1940-318-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2100-22-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2100-4012-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2100-460-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1303-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1003-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2132-86-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2132-79-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2132-121-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2132-129-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2132-138-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2132-317-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2132-28-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-813-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2132-36-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2132-50-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2132-0-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2132-58-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2132-117-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2132-116-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-115-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2132-2132-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2132-70-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2132-20-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2132-8-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2132-74-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2356-4020-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-125-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-29-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-4016-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-812-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-4019-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2744-87-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4014-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-43-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-814-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4017-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2832-64-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2952-73-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2952-4015-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2984-4018-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2984-71-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download