cobaltstrike | 0a4cdd50d0e25ca118db1831ce34bb008eff7e95358e5b679fa1358ee1520613

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e37e354a81d598cbc17bc23367a18233
SHA1

411d78405031385dc4e295f54b3b59a076735d67
SHA256

0a4cdd50d0e25ca118db1831ce34bb008eff7e95358e5b679fa1358ee1520613
SHA512

7207a092fd4f49c50a0d8dc75004deb5f7a53c9f370fb6d4c89e5bbd7f85112f9a7047597df2ff00ce2ba9b7f5308a2177eb1c3ecab69f5106e5e85411c06a6e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016276-11.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000012260-10.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001650a-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000167ea-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016a49-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c36-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c47-32.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-46.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-113.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015fba-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-42.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-38.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-174.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2128-0-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x0008000000016276-11.dat	xmrig
behavioral1/memory/1736-15-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2408-14-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012260-10.dat	xmrig
behavioral1/files/0x000800000001650a-9.dat	xmrig
behavioral1/files/0x00070000000167ea-23.dat	xmrig
behavioral1/files/0x0007000000016a49-24.dat	xmrig
behavioral1/files/0x0007000000016c36-30.dat	xmrig
behavioral1/files/0x0008000000016c47-32.dat	xmrig
behavioral1/files/0x0005000000019278-46.dat	xmrig
behavioral1/files/0x000500000001938b-54.dat	xmrig
behavioral1/files/0x0005000000019280-50.dat	xmrig
behavioral1/files/0x00050000000193b7-73.dat	xmrig
behavioral1/files/0x00050000000193c8-83.dat	xmrig
behavioral1/files/0x0005000000019441-113.dat	xmrig
behavioral1/files/0x0009000000015fba-123.dat	xmrig
behavioral1/files/0x00050000000194f3-128.dat	xmrig
behavioral1/memory/2692-134-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2676-140-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2128-149-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2832-154-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1636-152-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/1884-132-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2664-150-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2588-148-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2764-146-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1372-144-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/3000-142-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2128-139-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2824-138-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2740-136-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x00050000000194bd-119.dat	xmrig
behavioral1/files/0x0005000000019436-108.dat	xmrig
behavioral1/files/0x000500000001941a-103.dat	xmrig
behavioral1/files/0x0005000000019417-98.dat	xmrig
behavioral1/files/0x00050000000193ec-93.dat	xmrig
behavioral1/files/0x00050000000193d4-88.dat	xmrig
behavioral1/files/0x00050000000193c1-78.dat	xmrig
behavioral1/files/0x0005000000019399-58.dat	xmrig
behavioral1/files/0x0005000000019263-42.dat	xmrig
behavioral1/files/0x0008000000016c53-38.dat	xmrig
behavioral1/memory/2128-155-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x00050000000195d9-160.dat	xmrig
behavioral1/files/0x0005000000019537-158.dat	xmrig
behavioral1/files/0x000500000001960e-182.dat	xmrig
behavioral1/files/0x0005000000019610-188.dat	xmrig
behavioral1/files/0x000500000001960c-168.dat	xmrig
behavioral1/files/0x000500000001960d-175.dat	xmrig
behavioral1/files/0x000500000001960a-174.dat	xmrig
behavioral1/memory/2408-205-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/1736-4018-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2588-4019-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2692-4026-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2832-4028-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1636-4027-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/1372-4025-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1884-4024-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2824-4023-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2740-4022-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/3000-4029-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2764-4031-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2664-4030-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1736	wClNDBw.exe
2408	TaVStAt.exe
2832	uYQOmGW.exe
1884	lpiEIyb.exe
2692	sjodxGs.exe
2740	OfNUbPI.exe
2824	QnKOYRq.exe
2676	WzQoBAe.exe
3000	QRvsjWm.exe
1372	RaDgXpL.exe
2764	HSpSurV.exe
2588	RQjPwze.exe
2664	IVCpnZI.exe
1636	zREgwLG.exe
2592	cnVhIYC.exe
2016	wYRbTCE.exe
2936	WFhyTZb.exe
2952	YFuGRtI.exe
2512	irvyWRs.exe
2928	jouvlgB.exe
1456	moCNRzy.exe
2852	DakwVEk.exe
2896	EeZbGCg.exe
2884	eGJVHNr.exe
1796	bkjHQee.exe
2192	POJjsmU.exe
3020	weySyXU.exe
708	KcqLybB.exe
1436	pXGofIR.exe
1300	Wwwoabd.exe
1972	vFsVgBY.exe
904	tIsLFse.exe
1152	hgIcFhi.exe
1724	YkHnCaN.exe
2100	TCctvGV.exe
1464	ZFZvniw.exe
376	QNGxBOX.exe
1692	zIDlUUm.exe
2996	vKfGDtE.exe
1680	JKADqKv.exe
2780	uYcXdtR.exe
2224	aASssgn.exe
2208	LsLXtGQ.exe
1012	viypbLL.exe
2120	OinnWOj.exe
3064	HBhPTaL.exe
2468	OKdyYWD.exe
1492	mTEbpEW.exe
552	NTENMOx.exe
2284	XHNXOBI.exe
2184	UsMrXLN.exe
2660	MZhfRPX.exe
2556	RPXmaaO.exe
2904	FylLiNE.exe
2564	UkNJfuM.exe
2628	eqWuHlM.exe
1460	MoKeMmA.exe
2656	PwVswII.exe
2440	pLoJaUl.exe
2960	UGmrzTE.exe
2784	bSYwCst.exe
2548	QKYsCyK.exe
2580	qGREJDv.exe
2536	wJbmDGx.exe

Loads dropped DLL 64 IoCs

pid	Process
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-0-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0008000000016276-11.dat	upx
behavioral1/memory/1736-15-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2408-14-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000c000000012260-10.dat	upx
behavioral1/files/0x000800000001650a-9.dat	upx
behavioral1/files/0x00070000000167ea-23.dat	upx
behavioral1/files/0x0007000000016a49-24.dat	upx
behavioral1/files/0x0007000000016c36-30.dat	upx
behavioral1/files/0x0008000000016c47-32.dat	upx
behavioral1/files/0x0005000000019278-46.dat	upx
behavioral1/files/0x000500000001938b-54.dat	upx
behavioral1/files/0x0005000000019280-50.dat	upx
behavioral1/files/0x00050000000193b7-73.dat	upx
behavioral1/files/0x00050000000193c8-83.dat	upx
behavioral1/files/0x0005000000019441-113.dat	upx
behavioral1/files/0x0009000000015fba-123.dat	upx
behavioral1/files/0x00050000000194f3-128.dat	upx
behavioral1/memory/2692-134-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2676-140-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2832-154-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1636-152-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/1884-132-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2664-150-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2588-148-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2764-146-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1372-144-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/3000-142-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2824-138-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2740-136-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x00050000000194bd-119.dat	upx
behavioral1/files/0x0005000000019436-108.dat	upx
behavioral1/files/0x000500000001941a-103.dat	upx
behavioral1/files/0x0005000000019417-98.dat	upx
behavioral1/files/0x00050000000193ec-93.dat	upx
behavioral1/files/0x00050000000193d4-88.dat	upx
behavioral1/files/0x00050000000193c1-78.dat	upx
behavioral1/files/0x0005000000019399-58.dat	upx
behavioral1/files/0x0005000000019263-42.dat	upx
behavioral1/files/0x0008000000016c53-38.dat	upx
behavioral1/memory/2128-155-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x00050000000195d9-160.dat	upx
behavioral1/files/0x0005000000019537-158.dat	upx
behavioral1/files/0x000500000001960e-182.dat	upx
behavioral1/files/0x0005000000019610-188.dat	upx
behavioral1/files/0x000500000001960c-168.dat	upx
behavioral1/files/0x000500000001960d-175.dat	upx
behavioral1/files/0x000500000001960a-174.dat	upx
behavioral1/memory/2408-205-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/1736-4018-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2588-4019-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2692-4026-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2832-4028-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1636-4027-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/1372-4025-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1884-4024-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2824-4023-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2740-4022-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/3000-4029-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2764-4031-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2664-4030-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GbxRobR.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdXQVpV.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcWOPdq.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amxfxXg.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evXwJXF.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVGiTlT.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlfaAKA.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjknbBV.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGqZLEK.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRHQSJH.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIPkmxk.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHIKGGt.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRvJLCv.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OukhURF.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tidmkKW.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWPluJC.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFvyFfG.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqCsnnS.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weySyXU.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkHnCaN.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdqtLXo.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYQOmGW.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjtZJkk.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFCzoyJ.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBtnUwt.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkwxShc.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgGgVjl.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFxsYgs.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCfnwUg.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDzQzqP.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZqHTkka.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyLjRYy.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akgZmOn.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DakwVEk.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpJcuzq.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wczGnmc.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLkyntD.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyNvBlw.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVYCUxA.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfzsbvU.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfEbWKw.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdmIzBV.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYEqmMm.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbytMnS.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrlDjvp.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsiWzPM.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AopHnhM.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArBbthl.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFJovWR.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxAblAQ.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtQHAlS.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRrpNGQ.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEdsUBq.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OynbiCV.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZrblhS.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDLLiGn.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heSWvMV.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKrpoDZ.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkpgAEI.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnPHlLL.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwMdfAw.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnliCZz.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCGYVIf.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGjXtiN.exe	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1736	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2128 wrote to memory of 1736	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2128 wrote to memory of 1736	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2128 wrote to memory of 2408	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2128 wrote to memory of 2408	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2128 wrote to memory of 2408	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2128 wrote to memory of 2832	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2128 wrote to memory of 2832	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2128 wrote to memory of 2832	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2128 wrote to memory of 1884	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2128 wrote to memory of 1884	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2128 wrote to memory of 1884	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2128 wrote to memory of 2692	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2128 wrote to memory of 2692	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2128 wrote to memory of 2692	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2128 wrote to memory of 2740	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2128 wrote to memory of 2740	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2128 wrote to memory of 2740	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2128 wrote to memory of 2824	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2128 wrote to memory of 2824	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2128 wrote to memory of 2824	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2128 wrote to memory of 2676	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2128 wrote to memory of 2676	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2128 wrote to memory of 2676	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2128 wrote to memory of 3000	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2128 wrote to memory of 3000	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2128 wrote to memory of 3000	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2128 wrote to memory of 1372	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2128 wrote to memory of 1372	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2128 wrote to memory of 1372	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2128 wrote to memory of 2764	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2128 wrote to memory of 2764	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2128 wrote to memory of 2764	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2128 wrote to memory of 2588	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2128 wrote to memory of 2588	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2128 wrote to memory of 2588	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2128 wrote to memory of 2664	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2128 wrote to memory of 2664	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2128 wrote to memory of 2664	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2128 wrote to memory of 1636	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2128 wrote to memory of 1636	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2128 wrote to memory of 1636	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2128 wrote to memory of 2592	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2128 wrote to memory of 2592	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2128 wrote to memory of 2592	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2128 wrote to memory of 2016	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2128 wrote to memory of 2016	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2128 wrote to memory of 2016	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2128 wrote to memory of 2936	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2128 wrote to memory of 2936	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2128 wrote to memory of 2936	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2128 wrote to memory of 2952	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2128 wrote to memory of 2952	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2128 wrote to memory of 2952	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2128 wrote to memory of 2512	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2128 wrote to memory of 2512	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2128 wrote to memory of 2512	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2128 wrote to memory of 2928	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2128 wrote to memory of 2928	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2128 wrote to memory of 2928	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2128 wrote to memory of 1456	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2128 wrote to memory of 1456	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2128 wrote to memory of 1456	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2128 wrote to memory of 2852	2128	2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_e37e354a81d598cbc17bc23367a18233_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\System\wClNDBw.exe
  C:\Windows\System\wClNDBw.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\TaVStAt.exe
  C:\Windows\System\TaVStAt.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\uYQOmGW.exe
  C:\Windows\System\uYQOmGW.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\lpiEIyb.exe
  C:\Windows\System\lpiEIyb.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\sjodxGs.exe
  C:\Windows\System\sjodxGs.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\OfNUbPI.exe
  C:\Windows\System\OfNUbPI.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\QnKOYRq.exe
  C:\Windows\System\QnKOYRq.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\WzQoBAe.exe
  C:\Windows\System\WzQoBAe.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\QRvsjWm.exe
  C:\Windows\System\QRvsjWm.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\RaDgXpL.exe
  C:\Windows\System\RaDgXpL.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\HSpSurV.exe
  C:\Windows\System\HSpSurV.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\RQjPwze.exe
  C:\Windows\System\RQjPwze.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\IVCpnZI.exe
  C:\Windows\System\IVCpnZI.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\zREgwLG.exe
  C:\Windows\System\zREgwLG.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\cnVhIYC.exe
  C:\Windows\System\cnVhIYC.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\wYRbTCE.exe
  C:\Windows\System\wYRbTCE.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\WFhyTZb.exe
  C:\Windows\System\WFhyTZb.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\YFuGRtI.exe
  C:\Windows\System\YFuGRtI.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\irvyWRs.exe
  C:\Windows\System\irvyWRs.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\jouvlgB.exe
  C:\Windows\System\jouvlgB.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\moCNRzy.exe
  C:\Windows\System\moCNRzy.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\DakwVEk.exe
  C:\Windows\System\DakwVEk.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\EeZbGCg.exe
  C:\Windows\System\EeZbGCg.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\eGJVHNr.exe
  C:\Windows\System\eGJVHNr.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\bkjHQee.exe
  C:\Windows\System\bkjHQee.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\POJjsmU.exe
  C:\Windows\System\POJjsmU.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\weySyXU.exe
  C:\Windows\System\weySyXU.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\KcqLybB.exe
  C:\Windows\System\KcqLybB.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\Wwwoabd.exe
  C:\Windows\System\Wwwoabd.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\pXGofIR.exe
  C:\Windows\System\pXGofIR.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\vFsVgBY.exe
  C:\Windows\System\vFsVgBY.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\tIsLFse.exe
  C:\Windows\System\tIsLFse.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\hgIcFhi.exe
  C:\Windows\System\hgIcFhi.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\YkHnCaN.exe
  C:\Windows\System\YkHnCaN.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\TCctvGV.exe
  C:\Windows\System\TCctvGV.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\ZFZvniw.exe
  C:\Windows\System\ZFZvniw.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\QNGxBOX.exe
  C:\Windows\System\QNGxBOX.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\zIDlUUm.exe
  C:\Windows\System\zIDlUUm.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\vKfGDtE.exe
  C:\Windows\System\vKfGDtE.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\JKADqKv.exe
  C:\Windows\System\JKADqKv.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\uYcXdtR.exe
  C:\Windows\System\uYcXdtR.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\aASssgn.exe
  C:\Windows\System\aASssgn.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\OinnWOj.exe
  C:\Windows\System\OinnWOj.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\LsLXtGQ.exe
  C:\Windows\System\LsLXtGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\HBhPTaL.exe
  C:\Windows\System\HBhPTaL.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\viypbLL.exe
  C:\Windows\System\viypbLL.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\OKdyYWD.exe
  C:\Windows\System\OKdyYWD.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\mTEbpEW.exe
  C:\Windows\System\mTEbpEW.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\NTENMOx.exe
  C:\Windows\System\NTENMOx.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\UsMrXLN.exe
  C:\Windows\System\UsMrXLN.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\XHNXOBI.exe
  C:\Windows\System\XHNXOBI.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\MZhfRPX.exe
  C:\Windows\System\MZhfRPX.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\PwVswII.exe
  C:\Windows\System\PwVswII.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\RPXmaaO.exe
  C:\Windows\System\RPXmaaO.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\bSYwCst.exe
  C:\Windows\System\bSYwCst.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\FylLiNE.exe
  C:\Windows\System\FylLiNE.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\QKYsCyK.exe
  C:\Windows\System\QKYsCyK.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\UkNJfuM.exe
  C:\Windows\System\UkNJfuM.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\qGREJDv.exe
  C:\Windows\System\qGREJDv.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\eqWuHlM.exe
  C:\Windows\System\eqWuHlM.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\wJbmDGx.exe
  C:\Windows\System\wJbmDGx.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\MoKeMmA.exe
  C:\Windows\System\MoKeMmA.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\PvoDwci.exe
  C:\Windows\System\PvoDwci.exe
  2⤵
  PID:2888
- C:\Windows\System\pLoJaUl.exe
  C:\Windows\System\pLoJaUl.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\LvoVTNt.exe
  C:\Windows\System\LvoVTNt.exe
  2⤵
  PID:2736
- C:\Windows\System\UGmrzTE.exe
  C:\Windows\System\UGmrzTE.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\wzjRFoZ.exe
  C:\Windows\System\wzjRFoZ.exe
  2⤵
  PID:2620
- C:\Windows\System\YedzWzO.exe
  C:\Windows\System\YedzWzO.exe
  2⤵
  PID:2412
- C:\Windows\System\POAEQew.exe
  C:\Windows\System\POAEQew.exe
  2⤵
  PID:1376
- C:\Windows\System\sCvdZUN.exe
  C:\Windows\System\sCvdZUN.exe
  2⤵
  PID:760
- C:\Windows\System\MlUKNMH.exe
  C:\Windows\System\MlUKNMH.exe
  2⤵
  PID:916
- C:\Windows\System\bbQDuYX.exe
  C:\Windows\System\bbQDuYX.exe
  2⤵
  PID:952
- C:\Windows\System\OJOchFr.exe
  C:\Windows\System\OJOchFr.exe
  2⤵
  PID:1544
- C:\Windows\System\HqwZMCy.exe
  C:\Windows\System\HqwZMCy.exe
  2⤵
  PID:1908
- C:\Windows\System\jdlOSud.exe
  C:\Windows\System\jdlOSud.exe
  2⤵
  PID:2244
- C:\Windows\System\kjTDpQT.exe
  C:\Windows\System\kjTDpQT.exe
  2⤵
  PID:1264
- C:\Windows\System\JoaqSoN.exe
  C:\Windows\System\JoaqSoN.exe
  2⤵
  PID:1600
- C:\Windows\System\ntFBGna.exe
  C:\Windows\System\ntFBGna.exe
  2⤵
  PID:2436
- C:\Windows\System\BjknbBV.exe
  C:\Windows\System\BjknbBV.exe
  2⤵
  PID:2268
- C:\Windows\System\piJsUFG.exe
  C:\Windows\System\piJsUFG.exe
  2⤵
  PID:2700
- C:\Windows\System\JEdsUBq.exe
  C:\Windows\System\JEdsUBq.exe
  2⤵
  PID:2752
- C:\Windows\System\OmNNAUt.exe
  C:\Windows\System\OmNNAUt.exe
  2⤵
  PID:1892
- C:\Windows\System\PxiZVJk.exe
  C:\Windows\System\PxiZVJk.exe
  2⤵
  PID:2356
- C:\Windows\System\gBkTCEI.exe
  C:\Windows\System\gBkTCEI.exe
  2⤵
  PID:1860
- C:\Windows\System\NInThBY.exe
  C:\Windows\System\NInThBY.exe
  2⤵
  PID:1296
- C:\Windows\System\JbsAQKI.exe
  C:\Windows\System\JbsAQKI.exe
  2⤵
  PID:1896
- C:\Windows\System\irySMHk.exe
  C:\Windows\System\irySMHk.exe
  2⤵
  PID:2808
- C:\Windows\System\tLvtFww.exe
  C:\Windows\System\tLvtFww.exe
  2⤵
  PID:1428
- C:\Windows\System\PTlWkbC.exe
  C:\Windows\System\PTlWkbC.exe
  2⤵
  PID:2020
- C:\Windows\System\EwRCvnC.exe
  C:\Windows\System\EwRCvnC.exe
  2⤵
  PID:984
- C:\Windows\System\CTKztmc.exe
  C:\Windows\System\CTKztmc.exe
  2⤵
  PID:2328
- C:\Windows\System\vuVrtBF.exe
  C:\Windows\System\vuVrtBF.exe
  2⤵
  PID:2424
- C:\Windows\System\IDGmWph.exe
  C:\Windows\System\IDGmWph.exe
  2⤵
  PID:2856
- C:\Windows\System\myCITqw.exe
  C:\Windows\System\myCITqw.exe
  2⤵
  PID:2116
- C:\Windows\System\KfVqNrm.exe
  C:\Windows\System\KfVqNrm.exe
  2⤵
  PID:640
- C:\Windows\System\vVhfmNq.exe
  C:\Windows\System\vVhfmNq.exe
  2⤵
  PID:788
- C:\Windows\System\zXpCiYh.exe
  C:\Windows\System\zXpCiYh.exe
  2⤵
  PID:2624
- C:\Windows\System\dwKvoSo.exe
  C:\Windows\System\dwKvoSo.exe
  2⤵
  PID:764
- C:\Windows\System\ZJahYtn.exe
  C:\Windows\System\ZJahYtn.exe
  2⤵
  PID:2596
- C:\Windows\System\KgthuGu.exe
  C:\Windows\System\KgthuGu.exe
  2⤵
  PID:2140
- C:\Windows\System\BuuJLXd.exe
  C:\Windows\System\BuuJLXd.exe
  2⤵
  PID:2604
- C:\Windows\System\gtHJXMu.exe
  C:\Windows\System\gtHJXMu.exe
  2⤵
  PID:1856
- C:\Windows\System\dNhetBW.exe
  C:\Windows\System\dNhetBW.exe
  2⤵
  PID:336
- C:\Windows\System\mGjxoKU.exe
  C:\Windows\System\mGjxoKU.exe
  2⤵
  PID:1704
- C:\Windows\System\xIOYldP.exe
  C:\Windows\System\xIOYldP.exe
  2⤵
  PID:2404
- C:\Windows\System\exULcjk.exe
  C:\Windows\System\exULcjk.exe
  2⤵
  PID:2792
- C:\Windows\System\YbYfSvF.exe
  C:\Windows\System\YbYfSvF.exe
  2⤵
  PID:832
- C:\Windows\System\AzOUQkV.exe
  C:\Windows\System\AzOUQkV.exe
  2⤵
  PID:1676
- C:\Windows\System\UCQITJI.exe
  C:\Windows\System\UCQITJI.exe
  2⤵
  PID:2772
- C:\Windows\System\wuOvTEU.exe
  C:\Windows\System\wuOvTEU.exe
  2⤵
  PID:836
- C:\Windows\System\TjmvRqZ.exe
  C:\Windows\System\TjmvRqZ.exe
  2⤵
  PID:1880
- C:\Windows\System\OukhURF.exe
  C:\Windows\System\OukhURF.exe
  2⤵
  PID:948
- C:\Windows\System\bgutWtL.exe
  C:\Windows\System\bgutWtL.exe
  2⤵
  PID:276
- C:\Windows\System\XYyYzqq.exe
  C:\Windows\System\XYyYzqq.exe
  2⤵
  PID:316
- C:\Windows\System\gJXFrws.exe
  C:\Windows\System\gJXFrws.exe
  2⤵
  PID:3016
- C:\Windows\System\NEqqiWl.exe
  C:\Windows\System\NEqqiWl.exe
  2⤵
  PID:2300
- C:\Windows\System\wMmMXcI.exe
  C:\Windows\System\wMmMXcI.exe
  2⤵
  PID:1000
- C:\Windows\System\ziZYJbs.exe
  C:\Windows\System\ziZYJbs.exe
  2⤵
  PID:1868
- C:\Windows\System\egRvnqq.exe
  C:\Windows\System\egRvnqq.exe
  2⤵
  PID:1904
- C:\Windows\System\UWPaSMZ.exe
  C:\Windows\System\UWPaSMZ.exe
  2⤵
  PID:2560
- C:\Windows\System\wVdFAHP.exe
  C:\Windows\System\wVdFAHP.exe
  2⤵
  PID:2732
- C:\Windows\System\raWiipF.exe
  C:\Windows\System\raWiipF.exe
  2⤵
  PID:1928
- C:\Windows\System\rkxjvMB.exe
  C:\Windows\System\rkxjvMB.exe
  2⤵
  PID:2104
- C:\Windows\System\UYhyxco.exe
  C:\Windows\System\UYhyxco.exe
  2⤵
  PID:1744
- C:\Windows\System\SbkrJxZ.exe
  C:\Windows\System\SbkrJxZ.exe
  2⤵
  PID:1604
- C:\Windows\System\fISvedl.exe
  C:\Windows\System\fISvedl.exe
  2⤵
  PID:1452
- C:\Windows\System\IbvOaJe.exe
  C:\Windows\System\IbvOaJe.exe
  2⤵
  PID:3032
- C:\Windows\System\NCijSDC.exe
  C:\Windows\System\NCijSDC.exe
  2⤵
  PID:956
- C:\Windows\System\csDtAmD.exe
  C:\Windows\System\csDtAmD.exe
  2⤵
  PID:2868
- C:\Windows\System\SQEIjHa.exe
  C:\Windows\System\SQEIjHa.exe
  2⤵
  PID:2684
- C:\Windows\System\mBPcHvk.exe
  C:\Windows\System\mBPcHvk.exe
  2⤵
  PID:1576
- C:\Windows\System\cjrYpmS.exe
  C:\Windows\System\cjrYpmS.exe
  2⤵
  PID:1468
- C:\Windows\System\KkBheBI.exe
  C:\Windows\System\KkBheBI.exe
  2⤵
  PID:2980
- C:\Windows\System\YpRDsYQ.exe
  C:\Windows\System\YpRDsYQ.exe
  2⤵
  PID:2920
- C:\Windows\System\vVxmuRV.exe
  C:\Windows\System\vVxmuRV.exe
  2⤵
  PID:2064
- C:\Windows\System\UOSVWoR.exe
  C:\Windows\System\UOSVWoR.exe
  2⤵
  PID:2944
- C:\Windows\System\WdUGXyx.exe
  C:\Windows\System\WdUGXyx.exe
  2⤵
  PID:2220
- C:\Windows\System\qsiWzPM.exe
  C:\Windows\System\qsiWzPM.exe
  2⤵
  PID:1484
- C:\Windows\System\gzfMehW.exe
  C:\Windows\System\gzfMehW.exe
  2⤵
  PID:1156
- C:\Windows\System\mTykPiw.exe
  C:\Windows\System\mTykPiw.exe
  2⤵
  PID:1956
- C:\Windows\System\vQLKcbl.exe
  C:\Windows\System\vQLKcbl.exe
  2⤵
  PID:1992
- C:\Windows\System\JlZLteQ.exe
  C:\Windows\System\JlZLteQ.exe
  2⤵
  PID:2236
- C:\Windows\System\KrHrcpZ.exe
  C:\Windows\System\KrHrcpZ.exe
  2⤵
  PID:1496
- C:\Windows\System\gmiHXIv.exe
  C:\Windows\System\gmiHXIv.exe
  2⤵
  PID:1420
- C:\Windows\System\HbWyrPT.exe
  C:\Windows\System\HbWyrPT.exe
  2⤵
  PID:2864
- C:\Windows\System\VRumBrK.exe
  C:\Windows\System\VRumBrK.exe
  2⤵
  PID:1588
- C:\Windows\System\kuTqzkw.exe
  C:\Windows\System\kuTqzkw.exe
  2⤵
  PID:1752
- C:\Windows\System\fqyoARx.exe
  C:\Windows\System\fqyoARx.exe
  2⤵
  PID:1108
- C:\Windows\System\AVBhXeK.exe
  C:\Windows\System\AVBhXeK.exe
  2⤵
  PID:1564
- C:\Windows\System\yoooseR.exe
  C:\Windows\System\yoooseR.exe
  2⤵
  PID:2800
- C:\Windows\System\vquSsta.exe
  C:\Windows\System\vquSsta.exe
  2⤵
  PID:2704
- C:\Windows\System\fWwnbPI.exe
  C:\Windows\System\fWwnbPI.exe
  2⤵
  PID:2544
- C:\Windows\System\YOOPcKw.exe
  C:\Windows\System\YOOPcKw.exe
  2⤵
  PID:2712
- C:\Windows\System\tsHIVoh.exe
  C:\Windows\System\tsHIVoh.exe
  2⤵
  PID:3096
- C:\Windows\System\paTjXuJ.exe
  C:\Windows\System\paTjXuJ.exe
  2⤵
  PID:3128
- C:\Windows\System\yFLzRpe.exe
  C:\Windows\System\yFLzRpe.exe
  2⤵
  PID:3144
- C:\Windows\System\SEmHGIp.exe
  C:\Windows\System\SEmHGIp.exe
  2⤵
  PID:3160
- C:\Windows\System\alaaliO.exe
  C:\Windows\System\alaaliO.exe
  2⤵
  PID:3176
- C:\Windows\System\KlGPznx.exe
  C:\Windows\System\KlGPznx.exe
  2⤵
  PID:3196
- C:\Windows\System\idgaGuw.exe
  C:\Windows\System\idgaGuw.exe
  2⤵
  PID:3224
- C:\Windows\System\UGqZLEK.exe
  C:\Windows\System\UGqZLEK.exe
  2⤵
  PID:3240
- C:\Windows\System\npHgyiq.exe
  C:\Windows\System\npHgyiq.exe
  2⤵
  PID:3260
- C:\Windows\System\IGVvzDS.exe
  C:\Windows\System\IGVvzDS.exe
  2⤵
  PID:3276
- C:\Windows\System\GcRVhIx.exe
  C:\Windows\System\GcRVhIx.exe
  2⤵
  PID:3292
- C:\Windows\System\npooIVf.exe
  C:\Windows\System\npooIVf.exe
  2⤵
  PID:3308
- C:\Windows\System\kZXGavv.exe
  C:\Windows\System\kZXGavv.exe
  2⤵
  PID:3324
- C:\Windows\System\tAqfRkN.exe
  C:\Windows\System\tAqfRkN.exe
  2⤵
  PID:3344
- C:\Windows\System\sDwzFON.exe
  C:\Windows\System\sDwzFON.exe
  2⤵
  PID:3364
- C:\Windows\System\fYEqmMm.exe
  C:\Windows\System\fYEqmMm.exe
  2⤵
  PID:3396
- C:\Windows\System\wczGnmc.exe
  C:\Windows\System\wczGnmc.exe
  2⤵
  PID:3412
- C:\Windows\System\YtzglBT.exe
  C:\Windows\System\YtzglBT.exe
  2⤵
  PID:3428
- C:\Windows\System\SuWhwvs.exe
  C:\Windows\System\SuWhwvs.exe
  2⤵
  PID:3444
- C:\Windows\System\SisYGYQ.exe
  C:\Windows\System\SisYGYQ.exe
  2⤵
  PID:3468
- C:\Windows\System\nfzVVQa.exe
  C:\Windows\System\nfzVVQa.exe
  2⤵
  PID:3492
- C:\Windows\System\KFnJFdA.exe
  C:\Windows\System\KFnJFdA.exe
  2⤵
  PID:3512
- C:\Windows\System\vveqqCv.exe
  C:\Windows\System\vveqqCv.exe
  2⤵
  PID:3528
- C:\Windows\System\cRZTNuv.exe
  C:\Windows\System\cRZTNuv.exe
  2⤵
  PID:3544
- C:\Windows\System\eGWRGob.exe
  C:\Windows\System\eGWRGob.exe
  2⤵
  PID:3560
- C:\Windows\System\mwjuWcj.exe
  C:\Windows\System\mwjuWcj.exe
  2⤵
  PID:3576
- C:\Windows\System\TDSONSg.exe
  C:\Windows\System\TDSONSg.exe
  2⤵
  PID:3600
- C:\Windows\System\mXmXdcX.exe
  C:\Windows\System\mXmXdcX.exe
  2⤵
  PID:3624
- C:\Windows\System\jYSDVGg.exe
  C:\Windows\System\jYSDVGg.exe
  2⤵
  PID:3640
- C:\Windows\System\UGZXhWt.exe
  C:\Windows\System\UGZXhWt.exe
  2⤵
  PID:3656
- C:\Windows\System\PgGgVjl.exe
  C:\Windows\System\PgGgVjl.exe
  2⤵
  PID:3672
- C:\Windows\System\fEKObnS.exe
  C:\Windows\System\fEKObnS.exe
  2⤵
  PID:3736
- C:\Windows\System\WncmUYp.exe
  C:\Windows\System\WncmUYp.exe
  2⤵
  PID:3756
- C:\Windows\System\FsYpcyv.exe
  C:\Windows\System\FsYpcyv.exe
  2⤵
  PID:3772
- C:\Windows\System\kHDHDRT.exe
  C:\Windows\System\kHDHDRT.exe
  2⤵
  PID:3792
- C:\Windows\System\RvTgNbU.exe
  C:\Windows\System\RvTgNbU.exe
  2⤵
  PID:3808
- C:\Windows\System\EnNZCKL.exe
  C:\Windows\System\EnNZCKL.exe
  2⤵
  PID:3824
- C:\Windows\System\UnyqEEM.exe
  C:\Windows\System\UnyqEEM.exe
  2⤵
  PID:3840
- C:\Windows\System\qSGopKP.exe
  C:\Windows\System\qSGopKP.exe
  2⤵
  PID:3856
- C:\Windows\System\jlFfyOD.exe
  C:\Windows\System\jlFfyOD.exe
  2⤵
  PID:3880
- C:\Windows\System\MNAHRrs.exe
  C:\Windows\System\MNAHRrs.exe
  2⤵
  PID:3896
- C:\Windows\System\tidmkKW.exe
  C:\Windows\System\tidmkKW.exe
  2⤵
  PID:3928
- C:\Windows\System\YVxWhnM.exe
  C:\Windows\System\YVxWhnM.exe
  2⤵
  PID:3944
- C:\Windows\System\zQLaehT.exe
  C:\Windows\System\zQLaehT.exe
  2⤵
  PID:3960
- C:\Windows\System\DfGaLNs.exe
  C:\Windows\System\DfGaLNs.exe
  2⤵
  PID:3984
- C:\Windows\System\tkysXtp.exe
  C:\Windows\System\tkysXtp.exe
  2⤵
  PID:4000
- C:\Windows\System\rOtSoIu.exe
  C:\Windows\System\rOtSoIu.exe
  2⤵
  PID:4016
- C:\Windows\System\cRqkaGJ.exe
  C:\Windows\System\cRqkaGJ.exe
  2⤵
  PID:4032
- C:\Windows\System\WVimxUS.exe
  C:\Windows\System\WVimxUS.exe
  2⤵
  PID:4048
- C:\Windows\System\OmTCblC.exe
  C:\Windows\System\OmTCblC.exe
  2⤵
  PID:4088
- C:\Windows\System\amxfxXg.exe
  C:\Windows\System\amxfxXg.exe
  2⤵
  PID:1984
- C:\Windows\System\JXKFtjV.exe
  C:\Windows\System\JXKFtjV.exe
  2⤵
  PID:2316
- C:\Windows\System\aCmSVDP.exe
  C:\Windows\System\aCmSVDP.exe
  2⤵
  PID:3092
- C:\Windows\System\MvSrlWb.exe
  C:\Windows\System\MvSrlWb.exe
  2⤵
  PID:3104
- C:\Windows\System\nwBesbv.exe
  C:\Windows\System\nwBesbv.exe
  2⤵
  PID:3124
- C:\Windows\System\vzSiJPS.exe
  C:\Windows\System\vzSiJPS.exe
  2⤵
  PID:3184
- C:\Windows\System\RqgGhmb.exe
  C:\Windows\System\RqgGhmb.exe
  2⤵
  PID:3136
- C:\Windows\System\yFiXLkD.exe
  C:\Windows\System\yFiXLkD.exe
  2⤵
  PID:3204
- C:\Windows\System\RLkyntD.exe
  C:\Windows\System\RLkyntD.exe
  2⤵
  PID:3316
- C:\Windows\System\NFBVAkI.exe
  C:\Windows\System\NFBVAkI.exe
  2⤵
  PID:3268
- C:\Windows\System\WQTihUg.exe
  C:\Windows\System\WQTihUg.exe
  2⤵
  PID:3436
- C:\Windows\System\XUOLvSq.exe
  C:\Windows\System\XUOLvSq.exe
  2⤵
  PID:3480
- C:\Windows\System\zPZJPmn.exe
  C:\Windows\System\zPZJPmn.exe
  2⤵
  PID:3332
- C:\Windows\System\dSvpZHr.exe
  C:\Windows\System\dSvpZHr.exe
  2⤵
  PID:3380
- C:\Windows\System\TuWSKVf.exe
  C:\Windows\System\TuWSKVf.exe
  2⤵
  PID:3424
- C:\Windows\System\tLSvjdN.exe
  C:\Windows\System\tLSvjdN.exe
  2⤵
  PID:3464
- C:\Windows\System\zftJNPR.exe
  C:\Windows\System\zftJNPR.exe
  2⤵
  PID:3536
- C:\Windows\System\pTnrImc.exe
  C:\Windows\System\pTnrImc.exe
  2⤵
  PID:3636
- C:\Windows\System\VZIQeMU.exe
  C:\Windows\System\VZIQeMU.exe
  2⤵
  PID:3596
- C:\Windows\System\iySSZJJ.exe
  C:\Windows\System\iySSZJJ.exe
  2⤵
  PID:3648
- C:\Windows\System\RvoVobX.exe
  C:\Windows\System\RvoVobX.exe
  2⤵
  PID:3692
- C:\Windows\System\jOaaNjd.exe
  C:\Windows\System\jOaaNjd.exe
  2⤵
  PID:3716
- C:\Windows\System\epmTJCU.exe
  C:\Windows\System\epmTJCU.exe
  2⤵
  PID:3732
- C:\Windows\System\vFSdVik.exe
  C:\Windows\System\vFSdVik.exe
  2⤵
  PID:3768
- C:\Windows\System\xnpxlJW.exe
  C:\Windows\System\xnpxlJW.exe
  2⤵
  PID:3816
- C:\Windows\System\hCPTkKQ.exe
  C:\Windows\System\hCPTkKQ.exe
  2⤵
  PID:3852
- C:\Windows\System\eCGYVIf.exe
  C:\Windows\System\eCGYVIf.exe
  2⤵
  PID:3872
- C:\Windows\System\wLHJFsC.exe
  C:\Windows\System\wLHJFsC.exe
  2⤵
  PID:3912
- C:\Windows\System\PLyztiS.exe
  C:\Windows\System\PLyztiS.exe
  2⤵
  PID:3952
- C:\Windows\System\nRuVTcD.exe
  C:\Windows\System\nRuVTcD.exe
  2⤵
  PID:3992
- C:\Windows\System\aykXBpA.exe
  C:\Windows\System\aykXBpA.exe
  2⤵
  PID:4068
- C:\Windows\System\oGjXtiN.exe
  C:\Windows\System\oGjXtiN.exe
  2⤵
  PID:4084
- C:\Windows\System\cCokRhU.exe
  C:\Windows\System\cCokRhU.exe
  2⤵
  PID:3976
- C:\Windows\System\MXiTMYk.exe
  C:\Windows\System\MXiTMYk.exe
  2⤵
  PID:3980
- C:\Windows\System\KvetOSm.exe
  C:\Windows\System\KvetOSm.exe
  2⤵
  PID:1548
- C:\Windows\System\QvTUvlR.exe
  C:\Windows\System\QvTUvlR.exe
  2⤵
  PID:3232
- C:\Windows\System\gyySDfW.exe
  C:\Windows\System\gyySDfW.exe
  2⤵
  PID:3212
- C:\Windows\System\IzDtMtk.exe
  C:\Windows\System\IzDtMtk.exe
  2⤵
  PID:3248
- C:\Windows\System\GebhQnL.exe
  C:\Windows\System\GebhQnL.exe
  2⤵
  PID:3520
- C:\Windows\System\smgqvsa.exe
  C:\Windows\System\smgqvsa.exe
  2⤵
  PID:3120
- C:\Windows\System\VHBSDRV.exe
  C:\Windows\System\VHBSDRV.exe
  2⤵
  PID:3284
- C:\Windows\System\tDqdZTP.exe
  C:\Windows\System\tDqdZTP.exe
  2⤵
  PID:3404
- C:\Windows\System\mfrwSrK.exe
  C:\Windows\System\mfrwSrK.exe
  2⤵
  PID:3452
- C:\Windows\System\xwtFzMx.exe
  C:\Windows\System\xwtFzMx.exe
  2⤵
  PID:3632
- C:\Windows\System\zdWqSTA.exe
  C:\Windows\System\zdWqSTA.exe
  2⤵
  PID:3608
- C:\Windows\System\xLXEfxu.exe
  C:\Windows\System\xLXEfxu.exe
  2⤵
  PID:3504
- C:\Windows\System\GbxRobR.exe
  C:\Windows\System\GbxRobR.exe
  2⤵
  PID:3392
- C:\Windows\System\DKrpoDZ.exe
  C:\Windows\System\DKrpoDZ.exe
  2⤵
  PID:3728
- C:\Windows\System\PFlpJNu.exe
  C:\Windows\System\PFlpJNu.exe
  2⤵
  PID:3904
- C:\Windows\System\IRDcluL.exe
  C:\Windows\System\IRDcluL.exe
  2⤵
  PID:3508
- C:\Windows\System\UDMQCpW.exe
  C:\Windows\System\UDMQCpW.exe
  2⤵
  PID:3680
- C:\Windows\System\nLkXuJP.exe
  C:\Windows\System\nLkXuJP.exe
  2⤵
  PID:4080
- C:\Windows\System\YRHQSJH.exe
  C:\Windows\System\YRHQSJH.exe
  2⤵
  PID:3804
- C:\Windows\System\enHKMbh.exe
  C:\Windows\System\enHKMbh.exe
  2⤵
  PID:4024
- C:\Windows\System\vkZqSXd.exe
  C:\Windows\System\vkZqSXd.exe
  2⤵
  PID:3972
- C:\Windows\System\AopHnhM.exe
  C:\Windows\System\AopHnhM.exe
  2⤵
  PID:3836
- C:\Windows\System\GWWhhyo.exe
  C:\Windows\System\GWWhhyo.exe
  2⤵
  PID:3152
- C:\Windows\System\bqnGdFm.exe
  C:\Windows\System\bqnGdFm.exe
  2⤵
  PID:1260
- C:\Windows\System\ZOfrzFe.exe
  C:\Windows\System\ZOfrzFe.exe
  2⤵
  PID:3220
- C:\Windows\System\mDLLiGn.exe
  C:\Windows\System\mDLLiGn.exe
  2⤵
  PID:3108
- C:\Windows\System\FpKmRJO.exe
  C:\Windows\System\FpKmRJO.exe
  2⤵
  PID:3236
- C:\Windows\System\miAQGTj.exe
  C:\Windows\System\miAQGTj.exe
  2⤵
  PID:3192
- C:\Windows\System\CkwxShc.exe
  C:\Windows\System\CkwxShc.exe
  2⤵
  PID:3556
- C:\Windows\System\MosinQt.exe
  C:\Windows\System\MosinQt.exe
  2⤵
  PID:3704
- C:\Windows\System\EGkygqh.exe
  C:\Windows\System\EGkygqh.exe
  2⤵
  PID:3340
- C:\Windows\System\fTnQjSZ.exe
  C:\Windows\System\fTnQjSZ.exe
  2⤵
  PID:3788
- C:\Windows\System\eyNvBlw.exe
  C:\Windows\System\eyNvBlw.exe
  2⤵
  PID:3908
- C:\Windows\System\aHodKCz.exe
  C:\Windows\System\aHodKCz.exe
  2⤵
  PID:3744
- C:\Windows\System\Hxhsgyv.exe
  C:\Windows\System\Hxhsgyv.exe
  2⤵
  PID:3868
- C:\Windows\System\mKavBpy.exe
  C:\Windows\System\mKavBpy.exe
  2⤵
  PID:3720
- C:\Windows\System\RVYCUxA.exe
  C:\Windows\System\RVYCUxA.exe
  2⤵
  PID:3864
- C:\Windows\System\RhunKMm.exe
  C:\Windows\System\RhunKMm.exe
  2⤵
  PID:1648
- C:\Windows\System\qVlmePn.exe
  C:\Windows\System\qVlmePn.exe
  2⤵
  PID:3300
- C:\Windows\System\uSSBwCR.exe
  C:\Windows\System\uSSBwCR.exe
  2⤵
  PID:3708
- C:\Windows\System\sheBCIs.exe
  C:\Windows\System\sheBCIs.exe
  2⤵
  PID:3216
- C:\Windows\System\FaxlgBb.exe
  C:\Windows\System\FaxlgBb.exe
  2⤵
  PID:3764
- C:\Windows\System\reNiCdf.exe
  C:\Windows\System\reNiCdf.exe
  2⤵
  PID:1048
- C:\Windows\System\IFjAnGx.exe
  C:\Windows\System\IFjAnGx.exe
  2⤵
  PID:2388
- C:\Windows\System\lizjxWY.exe
  C:\Windows\System\lizjxWY.exe
  2⤵
  PID:1052
- C:\Windows\System\iKvhuRE.exe
  C:\Windows\System\iKvhuRE.exe
  2⤵
  PID:3920
- C:\Windows\System\oyLsWzm.exe
  C:\Windows\System\oyLsWzm.exe
  2⤵
  PID:4056
- C:\Windows\System\xQiWkdv.exe
  C:\Windows\System\xQiWkdv.exe
  2⤵
  PID:3352
- C:\Windows\System\qdXQVpV.exe
  C:\Windows\System\qdXQVpV.exe
  2⤵
  PID:3476
- C:\Windows\System\whnKMND.exe
  C:\Windows\System\whnKMND.exe
  2⤵
  PID:1556
- C:\Windows\System\dGGOMQV.exe
  C:\Windows\System\dGGOMQV.exe
  2⤵
  PID:3620
- C:\Windows\System\QNmbgfS.exe
  C:\Windows\System\QNmbgfS.exe
  2⤵
  PID:3040
- C:\Windows\System\Jqidged.exe
  C:\Windows\System\Jqidged.exe
  2⤵
  PID:4112
- C:\Windows\System\eiBRatG.exe
  C:\Windows\System\eiBRatG.exe
  2⤵
  PID:4128
- C:\Windows\System\qOcLxHk.exe
  C:\Windows\System\qOcLxHk.exe
  2⤵
  PID:4144
- C:\Windows\System\EBgwmgF.exe
  C:\Windows\System\EBgwmgF.exe
  2⤵
  PID:4160
- C:\Windows\System\XnZPhjT.exe
  C:\Windows\System\XnZPhjT.exe
  2⤵
  PID:4176
- C:\Windows\System\evXwJXF.exe
  C:\Windows\System\evXwJXF.exe
  2⤵
  PID:4192
- C:\Windows\System\KdqXUny.exe
  C:\Windows\System\KdqXUny.exe
  2⤵
  PID:4216
- C:\Windows\System\ilIRlrR.exe
  C:\Windows\System\ilIRlrR.exe
  2⤵
  PID:4232
- C:\Windows\System\AqybVIr.exe
  C:\Windows\System\AqybVIr.exe
  2⤵
  PID:4248
- C:\Windows\System\gNBddEe.exe
  C:\Windows\System\gNBddEe.exe
  2⤵
  PID:4264
- C:\Windows\System\nWPluJC.exe
  C:\Windows\System\nWPluJC.exe
  2⤵
  PID:4280
- C:\Windows\System\jHydMXE.exe
  C:\Windows\System\jHydMXE.exe
  2⤵
  PID:4296
- C:\Windows\System\XUaypCs.exe
  C:\Windows\System\XUaypCs.exe
  2⤵
  PID:4312
- C:\Windows\System\pywANEY.exe
  C:\Windows\System\pywANEY.exe
  2⤵
  PID:4328
- C:\Windows\System\yYjerUw.exe
  C:\Windows\System\yYjerUw.exe
  2⤵
  PID:4344
- C:\Windows\System\iYUdMqb.exe
  C:\Windows\System\iYUdMqb.exe
  2⤵
  PID:4360
- C:\Windows\System\SNOkIGc.exe
  C:\Windows\System\SNOkIGc.exe
  2⤵
  PID:4376
- C:\Windows\System\vqLGPIl.exe
  C:\Windows\System\vqLGPIl.exe
  2⤵
  PID:4392
- C:\Windows\System\duIQnqQ.exe
  C:\Windows\System\duIQnqQ.exe
  2⤵
  PID:4408
- C:\Windows\System\kGZWUjt.exe
  C:\Windows\System\kGZWUjt.exe
  2⤵
  PID:4424
- C:\Windows\System\nGkdvvB.exe
  C:\Windows\System\nGkdvvB.exe
  2⤵
  PID:4440
- C:\Windows\System\pKEbmQz.exe
  C:\Windows\System\pKEbmQz.exe
  2⤵
  PID:4456
- C:\Windows\System\bTNiWmj.exe
  C:\Windows\System\bTNiWmj.exe
  2⤵
  PID:4472
- C:\Windows\System\tDDsTqk.exe
  C:\Windows\System\tDDsTqk.exe
  2⤵
  PID:4488
- C:\Windows\System\rgyXbDY.exe
  C:\Windows\System\rgyXbDY.exe
  2⤵
  PID:4504
- C:\Windows\System\KrZSCVu.exe
  C:\Windows\System\KrZSCVu.exe
  2⤵
  PID:4520
- C:\Windows\System\NAOJZyw.exe
  C:\Windows\System\NAOJZyw.exe
  2⤵
  PID:4536
- C:\Windows\System\AFRTzAO.exe
  C:\Windows\System\AFRTzAO.exe
  2⤵
  PID:4552
- C:\Windows\System\fCugPTX.exe
  C:\Windows\System\fCugPTX.exe
  2⤵
  PID:4568
- C:\Windows\System\hPKepgo.exe
  C:\Windows\System\hPKepgo.exe
  2⤵
  PID:4584
- C:\Windows\System\eiBbGMn.exe
  C:\Windows\System\eiBbGMn.exe
  2⤵
  PID:4600
- C:\Windows\System\fhhxPHU.exe
  C:\Windows\System\fhhxPHU.exe
  2⤵
  PID:4616
- C:\Windows\System\vkZgGzK.exe
  C:\Windows\System\vkZgGzK.exe
  2⤵
  PID:4632
- C:\Windows\System\kMCrZkB.exe
  C:\Windows\System\kMCrZkB.exe
  2⤵
  PID:4648
- C:\Windows\System\fnjexnR.exe
  C:\Windows\System\fnjexnR.exe
  2⤵
  PID:4664
- C:\Windows\System\BzxVWdd.exe
  C:\Windows\System\BzxVWdd.exe
  2⤵
  PID:4680
- C:\Windows\System\ZpoNALm.exe
  C:\Windows\System\ZpoNALm.exe
  2⤵
  PID:4720
- C:\Windows\System\lCfaNOf.exe
  C:\Windows\System\lCfaNOf.exe
  2⤵
  PID:4740
- C:\Windows\System\xmlqRlG.exe
  C:\Windows\System\xmlqRlG.exe
  2⤵
  PID:4760
- C:\Windows\System\iCxoejG.exe
  C:\Windows\System\iCxoejG.exe
  2⤵
  PID:4784
- C:\Windows\System\PUbHdiF.exe
  C:\Windows\System\PUbHdiF.exe
  2⤵
  PID:4800
- C:\Windows\System\jsziaIR.exe
  C:\Windows\System\jsziaIR.exe
  2⤵
  PID:4816
- C:\Windows\System\RNGTwrE.exe
  C:\Windows\System\RNGTwrE.exe
  2⤵
  PID:4832
- C:\Windows\System\iKhqZSt.exe
  C:\Windows\System\iKhqZSt.exe
  2⤵
  PID:4848
- C:\Windows\System\QfdoyuT.exe
  C:\Windows\System\QfdoyuT.exe
  2⤵
  PID:4864
- C:\Windows\System\KzmnNDg.exe
  C:\Windows\System\KzmnNDg.exe
  2⤵
  PID:4880
- C:\Windows\System\DHkxzRH.exe
  C:\Windows\System\DHkxzRH.exe
  2⤵
  PID:4896
- C:\Windows\System\AmOdZps.exe
  C:\Windows\System\AmOdZps.exe
  2⤵
  PID:4912
- C:\Windows\System\dayFSws.exe
  C:\Windows\System\dayFSws.exe
  2⤵
  PID:4928
- C:\Windows\System\cYMybsY.exe
  C:\Windows\System\cYMybsY.exe
  2⤵
  PID:4952
- C:\Windows\System\JWqOOPh.exe
  C:\Windows\System\JWqOOPh.exe
  2⤵
  PID:4968
- C:\Windows\System\vuyAaoZ.exe
  C:\Windows\System\vuyAaoZ.exe
  2⤵
  PID:4984
- C:\Windows\System\pOJtrbO.exe
  C:\Windows\System\pOJtrbO.exe
  2⤵
  PID:5000
- C:\Windows\System\pRgoZXe.exe
  C:\Windows\System\pRgoZXe.exe
  2⤵
  PID:5016
- C:\Windows\System\EcWOPdq.exe
  C:\Windows\System\EcWOPdq.exe
  2⤵
  PID:5036
- C:\Windows\System\aIvUubn.exe
  C:\Windows\System\aIvUubn.exe
  2⤵
  PID:5052
- C:\Windows\System\goiDLEl.exe
  C:\Windows\System\goiDLEl.exe
  2⤵
  PID:5068
- C:\Windows\System\TwVHohb.exe
  C:\Windows\System\TwVHohb.exe
  2⤵
  PID:4228
- C:\Windows\System\bJgIMuM.exe
  C:\Windows\System\bJgIMuM.exe
  2⤵
  PID:4240
- C:\Windows\System\KsTZAgt.exe
  C:\Windows\System\KsTZAgt.exe
  2⤵
  PID:4320
- C:\Windows\System\mQdRkXv.exe
  C:\Windows\System\mQdRkXv.exe
  2⤵
  PID:4336
- C:\Windows\System\lrTTnzD.exe
  C:\Windows\System\lrTTnzD.exe
  2⤵
  PID:4372
- C:\Windows\System\iMFHAdv.exe
  C:\Windows\System\iMFHAdv.exe
  2⤵
  PID:4432
- C:\Windows\System\ZVlBLek.exe
  C:\Windows\System\ZVlBLek.exe
  2⤵
  PID:4388
- C:\Windows\System\xqEzlau.exe
  C:\Windows\System\xqEzlau.exe
  2⤵
  PID:4452
- C:\Windows\System\PSltRMj.exe
  C:\Windows\System\PSltRMj.exe
  2⤵
  PID:4516
- C:\Windows\System\KmfSiHA.exe
  C:\Windows\System\KmfSiHA.exe
  2⤵
  PID:4496
- C:\Windows\System\QyThnea.exe
  C:\Windows\System\QyThnea.exe
  2⤵
  PID:4612
- C:\Windows\System\jErzukm.exe
  C:\Windows\System\jErzukm.exe
  2⤵
  PID:4500
- C:\Windows\System\uWPxzcl.exe
  C:\Windows\System\uWPxzcl.exe
  2⤵
  PID:4592
- C:\Windows\System\iFYuJXm.exe
  C:\Windows\System\iFYuJXm.exe
  2⤵
  PID:4656
- C:\Windows\System\PNdKgIt.exe
  C:\Windows\System\PNdKgIt.exe
  2⤵
  PID:4672
- C:\Windows\System\QsaDzoe.exe
  C:\Windows\System\QsaDzoe.exe
  2⤵
  PID:4692
- C:\Windows\System\deNWHGQ.exe
  C:\Windows\System\deNWHGQ.exe
  2⤵
  PID:4732
- C:\Windows\System\CJtykTa.exe
  C:\Windows\System\CJtykTa.exe
  2⤵
  PID:4716
- C:\Windows\System\aBnSTnv.exe
  C:\Windows\System\aBnSTnv.exe
  2⤵
  PID:4772
- C:\Windows\System\GFxsYgs.exe
  C:\Windows\System\GFxsYgs.exe
  2⤵
  PID:4812
- C:\Windows\System\BYjWvwg.exe
  C:\Windows\System\BYjWvwg.exe
  2⤵
  PID:4876
- C:\Windows\System\tvugJpd.exe
  C:\Windows\System\tvugJpd.exe
  2⤵
  PID:4828
- C:\Windows\System\zyaFcGk.exe
  C:\Windows\System\zyaFcGk.exe
  2⤵
  PID:4976
- C:\Windows\System\PFWjSGH.exe
  C:\Windows\System\PFWjSGH.exe
  2⤵
  PID:4856
- C:\Windows\System\rcYcOMz.exe
  C:\Windows\System\rcYcOMz.exe
  2⤵
  PID:4996
- C:\Windows\System\LufLTBZ.exe
  C:\Windows\System\LufLTBZ.exe
  2⤵
  PID:4924
- C:\Windows\System\IHxqNLE.exe
  C:\Windows\System\IHxqNLE.exe
  2⤵
  PID:5048
- C:\Windows\System\oZkHpwe.exe
  C:\Windows\System\oZkHpwe.exe
  2⤵
  PID:5028
- C:\Windows\System\nxvflyP.exe
  C:\Windows\System\nxvflyP.exe
  2⤵
  PID:5064
- C:\Windows\System\kwtGFmm.exe
  C:\Windows\System\kwtGFmm.exe
  2⤵
  PID:5084
- C:\Windows\System\oWLEgIv.exe
  C:\Windows\System\oWLEgIv.exe
  2⤵
  PID:5104
- C:\Windows\System\InqhAWD.exe
  C:\Windows\System\InqhAWD.exe
  2⤵
  PID:912
- C:\Windows\System\hxMVvXD.exe
  C:\Windows\System\hxMVvXD.exe
  2⤵
  PID:4108
- C:\Windows\System\xjrZlaP.exe
  C:\Windows\System\xjrZlaP.exe
  2⤵
  PID:4136
- C:\Windows\System\FLBVLns.exe
  C:\Windows\System\FLBVLns.exe
  2⤵
  PID:4172
- C:\Windows\System\oqMRgqu.exe
  C:\Windows\System\oqMRgqu.exe
  2⤵
  PID:4212
- C:\Windows\System\RTMBdhv.exe
  C:\Windows\System\RTMBdhv.exe
  2⤵
  PID:4288
- C:\Windows\System\FBmOFfX.exe
  C:\Windows\System\FBmOFfX.exe
  2⤵
  PID:4356
- C:\Windows\System\eyeavZB.exe
  C:\Windows\System\eyeavZB.exe
  2⤵
  PID:4404
- C:\Windows\System\vTFBlDv.exe
  C:\Windows\System\vTFBlDv.exe
  2⤵
  PID:4308
- C:\Windows\System\JDSbVHa.exe
  C:\Windows\System\JDSbVHa.exe
  2⤵
  PID:4512
- C:\Windows\System\mxArDfk.exe
  C:\Windows\System\mxArDfk.exe
  2⤵
  PID:4560
- C:\Windows\System\PRNLTVw.exe
  C:\Windows\System\PRNLTVw.exe
  2⤵
  PID:4736
- C:\Windows\System\YMEXZrz.exe
  C:\Windows\System\YMEXZrz.exe
  2⤵
  PID:4872
- C:\Windows\System\OCfnwUg.exe
  C:\Windows\System\OCfnwUg.exe
  2⤵
  PID:4448
- C:\Windows\System\VBhUvCC.exe
  C:\Windows\System\VBhUvCC.exe
  2⤵
  PID:4644
- C:\Windows\System\JbSyjVf.exe
  C:\Windows\System\JbSyjVf.exe
  2⤵
  PID:5008
- C:\Windows\System\pjQgbcy.exe
  C:\Windows\System\pjQgbcy.exe
  2⤵
  PID:4688
- C:\Windows\System\DigxYML.exe
  C:\Windows\System\DigxYML.exe
  2⤵
  PID:5012
- C:\Windows\System\FJclQSE.exe
  C:\Windows\System\FJclQSE.exe
  2⤵
  PID:4920
- C:\Windows\System\CzxKFqg.exe
  C:\Windows\System\CzxKFqg.exe
  2⤵
  PID:4892
- C:\Windows\System\tcfbDln.exe
  C:\Windows\System\tcfbDln.exe
  2⤵
  PID:4964
- C:\Windows\System\RXUrATD.exe
  C:\Windows\System\RXUrATD.exe
  2⤵
  PID:4120
- C:\Windows\System\wgQNcEG.exe
  C:\Windows\System\wgQNcEG.exe
  2⤵
  PID:4156
- C:\Windows\System\kKVpuoH.exe
  C:\Windows\System\kKVpuoH.exe
  2⤵
  PID:4260
- C:\Windows\System\vNNiuPv.exe
  C:\Windows\System\vNNiuPv.exe
  2⤵
  PID:4624
- C:\Windows\System\cNLcIUm.exe
  C:\Windows\System\cNLcIUm.exe
  2⤵
  PID:1224
- C:\Windows\System\TIPkmxk.exe
  C:\Windows\System\TIPkmxk.exe
  2⤵
  PID:4152
- C:\Windows\System\uEvaHOm.exe
  C:\Windows\System\uEvaHOm.exe
  2⤵
  PID:1660
- C:\Windows\System\UffKqvO.exe
  C:\Windows\System\UffKqvO.exe
  2⤵
  PID:4844
- C:\Windows\System\hDzQzqP.exe
  C:\Windows\System\hDzQzqP.exe
  2⤵
  PID:4708
- C:\Windows\System\BndVXRk.exe
  C:\Windows\System\BndVXRk.exe
  2⤵
  PID:4824
- C:\Windows\System\OwfBlrE.exe
  C:\Windows\System\OwfBlrE.exe
  2⤵
  PID:5116
- C:\Windows\System\gRCyctO.exe
  C:\Windows\System\gRCyctO.exe
  2⤵
  PID:4124
- C:\Windows\System\EjJQQoe.exe
  C:\Windows\System\EjJQQoe.exe
  2⤵
  PID:4384
- C:\Windows\System\wXdxqeI.exe
  C:\Windows\System\wXdxqeI.exe
  2⤵
  PID:4400
- C:\Windows\System\flxOqeb.exe
  C:\Windows\System\flxOqeb.exe
  2⤵
  PID:4728
- C:\Windows\System\NsvzLEa.exe
  C:\Windows\System\NsvzLEa.exe
  2⤵
  PID:4168
- C:\Windows\System\wdqtLXo.exe
  C:\Windows\System\wdqtLXo.exe
  2⤵
  PID:5124
- C:\Windows\System\jojjueo.exe
  C:\Windows\System\jojjueo.exe
  2⤵
  PID:5140
- C:\Windows\System\TpwRzbA.exe
  C:\Windows\System\TpwRzbA.exe
  2⤵
  PID:5156
- C:\Windows\System\NYkPRqW.exe
  C:\Windows\System\NYkPRqW.exe
  2⤵
  PID:5172
- C:\Windows\System\cfzsbvU.exe
  C:\Windows\System\cfzsbvU.exe
  2⤵
  PID:5188
- C:\Windows\System\thCyoCa.exe
  C:\Windows\System\thCyoCa.exe
  2⤵
  PID:5204
- C:\Windows\System\ZyPIWkq.exe
  C:\Windows\System\ZyPIWkq.exe
  2⤵
  PID:5220
- C:\Windows\System\xBJVojy.exe
  C:\Windows\System\xBJVojy.exe
  2⤵
  PID:5240
- C:\Windows\System\VmTOJin.exe
  C:\Windows\System\VmTOJin.exe
  2⤵
  PID:5256
- C:\Windows\System\WjjgIsB.exe
  C:\Windows\System\WjjgIsB.exe
  2⤵
  PID:5272
- C:\Windows\System\bqJpvjb.exe
  C:\Windows\System\bqJpvjb.exe
  2⤵
  PID:5288
- C:\Windows\System\vIYGdrd.exe
  C:\Windows\System\vIYGdrd.exe
  2⤵
  PID:5332
- C:\Windows\System\bdaXAwg.exe
  C:\Windows\System\bdaXAwg.exe
  2⤵
  PID:5352
- C:\Windows\System\jlTQDLj.exe
  C:\Windows\System\jlTQDLj.exe
  2⤵
  PID:5368
- C:\Windows\System\XFZiUju.exe
  C:\Windows\System\XFZiUju.exe
  2⤵
  PID:5384
- C:\Windows\System\IBIAgkB.exe
  C:\Windows\System\IBIAgkB.exe
  2⤵
  PID:5400
- C:\Windows\System\XCjAOrS.exe
  C:\Windows\System\XCjAOrS.exe
  2⤵
  PID:5416
- C:\Windows\System\gFvyFfG.exe
  C:\Windows\System\gFvyFfG.exe
  2⤵
  PID:5432
- C:\Windows\System\vMnbhvK.exe
  C:\Windows\System\vMnbhvK.exe
  2⤵
  PID:5448
- C:\Windows\System\pHMoUlL.exe
  C:\Windows\System\pHMoUlL.exe
  2⤵
  PID:5464
- C:\Windows\System\LoqWUIF.exe
  C:\Windows\System\LoqWUIF.exe
  2⤵
  PID:5480
- C:\Windows\System\VNFkAyn.exe
  C:\Windows\System\VNFkAyn.exe
  2⤵
  PID:5496
- C:\Windows\System\EifOBnS.exe
  C:\Windows\System\EifOBnS.exe
  2⤵
  PID:5512
- C:\Windows\System\acQHowB.exe
  C:\Windows\System\acQHowB.exe
  2⤵
  PID:5528
- C:\Windows\System\vUpwdTw.exe
  C:\Windows\System\vUpwdTw.exe
  2⤵
  PID:5544
- C:\Windows\System\iuCZChx.exe
  C:\Windows\System\iuCZChx.exe
  2⤵
  PID:5560
- C:\Windows\System\aOPSNEM.exe
  C:\Windows\System\aOPSNEM.exe
  2⤵
  PID:5576
- C:\Windows\System\WVThoau.exe
  C:\Windows\System\WVThoau.exe
  2⤵
  PID:5600
- C:\Windows\System\VWtbSpc.exe
  C:\Windows\System\VWtbSpc.exe
  2⤵
  PID:5616
- C:\Windows\System\UWUjhDP.exe
  C:\Windows\System\UWUjhDP.exe
  2⤵
  PID:5632
- C:\Windows\System\KceOyiu.exe
  C:\Windows\System\KceOyiu.exe
  2⤵
  PID:5648
- C:\Windows\System\syeQeoL.exe
  C:\Windows\System\syeQeoL.exe
  2⤵
  PID:5664
- C:\Windows\System\vgVyJZD.exe
  C:\Windows\System\vgVyJZD.exe
  2⤵
  PID:5684
- C:\Windows\System\sWAPGLO.exe
  C:\Windows\System\sWAPGLO.exe
  2⤵
  PID:5700
- C:\Windows\System\cgDIXtY.exe
  C:\Windows\System\cgDIXtY.exe
  2⤵
  PID:5724
- C:\Windows\System\QkAtCon.exe
  C:\Windows\System\QkAtCon.exe
  2⤵
  PID:5740
- C:\Windows\System\abWtESH.exe
  C:\Windows\System\abWtESH.exe
  2⤵
  PID:5756
- C:\Windows\System\UjUmBBd.exe
  C:\Windows\System\UjUmBBd.exe
  2⤵
  PID:5772
- C:\Windows\System\FZugdRC.exe
  C:\Windows\System\FZugdRC.exe
  2⤵
  PID:5796
- C:\Windows\System\JTMXPGO.exe
  C:\Windows\System\JTMXPGO.exe
  2⤵
  PID:5820
- C:\Windows\System\jaqesMi.exe
  C:\Windows\System\jaqesMi.exe
  2⤵
  PID:5836
- C:\Windows\System\yebNoCd.exe
  C:\Windows\System\yebNoCd.exe
  2⤵
  PID:5852
- C:\Windows\System\ePjVZRO.exe
  C:\Windows\System\ePjVZRO.exe
  2⤵
  PID:5868
- C:\Windows\System\HsCwAar.exe
  C:\Windows\System\HsCwAar.exe
  2⤵
  PID:5928
- C:\Windows\System\LuCjkky.exe
  C:\Windows\System\LuCjkky.exe
  2⤵
  PID:5952
- C:\Windows\System\shhwsPK.exe
  C:\Windows\System\shhwsPK.exe
  2⤵
  PID:5968
- C:\Windows\System\jSDKoCy.exe
  C:\Windows\System\jSDKoCy.exe
  2⤵
  PID:5984
- C:\Windows\System\chujeXN.exe
  C:\Windows\System\chujeXN.exe
  2⤵
  PID:6000
- C:\Windows\System\iwBYTJQ.exe
  C:\Windows\System\iwBYTJQ.exe
  2⤵
  PID:6016
- C:\Windows\System\imNgIEt.exe
  C:\Windows\System\imNgIEt.exe
  2⤵
  PID:6032
- C:\Windows\System\rinFPMM.exe
  C:\Windows\System\rinFPMM.exe
  2⤵
  PID:6048
- C:\Windows\System\RzGrgzG.exe
  C:\Windows\System\RzGrgzG.exe
  2⤵
  PID:6064
- C:\Windows\System\wIcJiQY.exe
  C:\Windows\System\wIcJiQY.exe
  2⤵
  PID:6080
- C:\Windows\System\QSHnkRZ.exe
  C:\Windows\System\QSHnkRZ.exe
  2⤵
  PID:6096
- C:\Windows\System\cYBfWMN.exe
  C:\Windows\System\cYBfWMN.exe
  2⤵
  PID:6112
- C:\Windows\System\uxQocuv.exe
  C:\Windows\System\uxQocuv.exe
  2⤵
  PID:6128
- C:\Windows\System\LqNRBgV.exe
  C:\Windows\System\LqNRBgV.exe
  2⤵
  PID:4756
- C:\Windows\System\bJJsqAT.exe
  C:\Windows\System\bJJsqAT.exe
  2⤵
  PID:4352
- C:\Windows\System\JcjTUUS.exe
  C:\Windows\System\JcjTUUS.exe
  2⤵
  PID:5184
- C:\Windows\System\MzkYPrP.exe
  C:\Windows\System\MzkYPrP.exe
  2⤵
  PID:5252
- C:\Windows\System\DdvPLtY.exe
  C:\Windows\System\DdvPLtY.exe
  2⤵
  PID:5268
- C:\Windows\System\ArBbthl.exe
  C:\Windows\System\ArBbthl.exe
  2⤵
  PID:5132
- C:\Windows\System\gAxTOJh.exe
  C:\Windows\System\gAxTOJh.exe
  2⤵
  PID:5200
- C:\Windows\System\SYdCsvz.exe
  C:\Windows\System\SYdCsvz.exe
  2⤵
  PID:5296
- C:\Windows\System\yodssOk.exe
  C:\Windows\System\yodssOk.exe
  2⤵
  PID:4104
- C:\Windows\System\tXKuXEB.exe
  C:\Windows\System\tXKuXEB.exe
  2⤵
  PID:5076
- C:\Windows\System\VdbtXOB.exe
  C:\Windows\System\VdbtXOB.exe
  2⤵
  PID:5308
- C:\Windows\System\qgZvXbW.exe
  C:\Windows\System\qgZvXbW.exe
  2⤵
  PID:5324
- C:\Windows\System\FnHaTDZ.exe
  C:\Windows\System\FnHaTDZ.exe
  2⤵
  PID:5376
- C:\Windows\System\uhYbKft.exe
  C:\Windows\System\uhYbKft.exe
  2⤵
  PID:5440
- C:\Windows\System\WvpjIPS.exe
  C:\Windows\System\WvpjIPS.exe
  2⤵
  PID:5504
- C:\Windows\System\RHbraow.exe
  C:\Windows\System\RHbraow.exe
  2⤵
  PID:5360
- C:\Windows\System\nquxzTa.exe
  C:\Windows\System\nquxzTa.exe
  2⤵
  PID:5396
- C:\Windows\System\szMlylF.exe
  C:\Windows\System\szMlylF.exe
  2⤵
  PID:5492
- C:\Windows\System\FbicvgD.exe
  C:\Windows\System\FbicvgD.exe
  2⤵
  PID:5540
- C:\Windows\System\UeLsJDQ.exe
  C:\Windows\System\UeLsJDQ.exe
  2⤵
  PID:5572
- C:\Windows\System\eOljEyI.exe
  C:\Windows\System\eOljEyI.exe
  2⤵
  PID:5640
- C:\Windows\System\HRIwyVm.exe
  C:\Windows\System\HRIwyVm.exe
  2⤵
  PID:5624
- C:\Windows\System\nnqaRbV.exe
  C:\Windows\System\nnqaRbV.exe
  2⤵
  PID:5676
- C:\Windows\System\BCCYwOL.exe
  C:\Windows\System\BCCYwOL.exe
  2⤵
  PID:5716
- C:\Windows\System\XlKYiUJ.exe
  C:\Windows\System\XlKYiUJ.exe
  2⤵
  PID:5752
- C:\Windows\System\wVhqhAz.exe
  C:\Windows\System\wVhqhAz.exe
  2⤵
  PID:5732
- C:\Windows\System\pGvSnzq.exe
  C:\Windows\System\pGvSnzq.exe
  2⤵
  PID:5696
- C:\Windows\System\rAQowFG.exe
  C:\Windows\System\rAQowFG.exe
  2⤵
  PID:5768
- C:\Windows\System\siizQRv.exe
  C:\Windows\System\siizQRv.exe
  2⤵
  PID:5816
- C:\Windows\System\FVHhZtv.exe
  C:\Windows\System\FVHhZtv.exe
  2⤵
  PID:5892
- C:\Windows\System\SDWcIos.exe
  C:\Windows\System\SDWcIos.exe
  2⤵
  PID:5904
- C:\Windows\System\kUAYbyZ.exe
  C:\Windows\System\kUAYbyZ.exe
  2⤵
  PID:5924
- C:\Windows\System\yqMOGVv.exe
  C:\Windows\System\yqMOGVv.exe
  2⤵
  PID:5948
- C:\Windows\System\ozeTahb.exe
  C:\Windows\System\ozeTahb.exe
  2⤵
  PID:1416
- C:\Windows\System\uNKZrzX.exe
  C:\Windows\System\uNKZrzX.exe
  2⤵
  PID:6040
- C:\Windows\System\dIhpCOI.exe
  C:\Windows\System\dIhpCOI.exe
  2⤵
  PID:5964
- C:\Windows\System\ZELRpjM.exe
  C:\Windows\System\ZELRpjM.exe
  2⤵
  PID:6136
- C:\Windows\System\dxwhzbN.exe
  C:\Windows\System\dxwhzbN.exe
  2⤵
  PID:5992
- C:\Windows\System\Ynoqsdn.exe
  C:\Windows\System\Ynoqsdn.exe
  2⤵
  PID:5264
- C:\Windows\System\uivcAwB.exe
  C:\Windows\System\uivcAwB.exe
  2⤵
  PID:648
- C:\Windows\System\lIScGyp.exe
  C:\Windows\System\lIScGyp.exe
  2⤵
  PID:5136
- C:\Windows\System\UGUPGOJ.exe
  C:\Windows\System\UGUPGOJ.exe
  2⤵
  PID:4420
- C:\Windows\System\NujoYTQ.exe
  C:\Windows\System\NujoYTQ.exe
  2⤵
  PID:6092
- C:\Windows\System\RjkoJQv.exe
  C:\Windows\System\RjkoJQv.exe
  2⤵
  PID:5236
- C:\Windows\System\EWIbCVQ.exe
  C:\Windows\System\EWIbCVQ.exe
  2⤵
  PID:5348
- C:\Windows\System\sBElDsf.exe
  C:\Windows\System\sBElDsf.exe
  2⤵
  PID:5476
- C:\Windows\System\xcNRzBX.exe
  C:\Windows\System\xcNRzBX.exe
  2⤵
  PID:5428
- C:\Windows\System\dTTcRer.exe
  C:\Windows\System\dTTcRer.exe
  2⤵
  PID:5552
- C:\Windows\System\lFWldqf.exe
  C:\Windows\System\lFWldqf.exe
  2⤵
  PID:5660
- C:\Windows\System\PmjGALU.exe
  C:\Windows\System\PmjGALU.exe
  2⤵
  PID:5736
- C:\Windows\System\iMTZbrG.exe
  C:\Windows\System\iMTZbrG.exe
  2⤵
  PID:5596
- C:\Windows\System\qkWQfTX.exe
  C:\Windows\System\qkWQfTX.exe
  2⤵
  PID:5692
- C:\Windows\System\IkxlPYw.exe
  C:\Windows\System\IkxlPYw.exe
  2⤵
  PID:872
- C:\Windows\System\RRbEyKS.exe
  C:\Windows\System\RRbEyKS.exe
  2⤵
  PID:5812
- C:\Windows\System\ILqFOCp.exe
  C:\Windows\System\ILqFOCp.exe
  2⤵
  PID:5900
- C:\Windows\System\DWELsis.exe
  C:\Windows\System\DWELsis.exe
  2⤵
  PID:5940
- C:\Windows\System\KsZqDFG.exe
  C:\Windows\System\KsZqDFG.exe
  2⤵
  PID:6108
- C:\Windows\System\sHYqbHk.exe
  C:\Windows\System\sHYqbHk.exe
  2⤵
  PID:4224
- C:\Windows\System\QOCDpjv.exe
  C:\Windows\System\QOCDpjv.exe
  2⤵
  PID:5180
- C:\Windows\System\jPdviaJ.exe
  C:\Windows\System\jPdviaJ.exe
  2⤵
  PID:5300
- C:\Windows\System\JSPGMxF.exe
  C:\Windows\System\JSPGMxF.exe
  2⤵
  PID:5216
- C:\Windows\System\TbHDxLY.exe
  C:\Windows\System\TbHDxLY.exe
  2⤵
  PID:5320
- C:\Windows\System\MWRzkup.exe
  C:\Windows\System\MWRzkup.exe
  2⤵
  PID:5612
- C:\Windows\System\XOijkTW.exe
  C:\Windows\System\XOijkTW.exe
  2⤵
  PID:5764
- C:\Windows\System\nlHcorM.exe
  C:\Windows\System\nlHcorM.exe
  2⤵
  PID:5748
- C:\Windows\System\pNnhbEs.exe
  C:\Windows\System\pNnhbEs.exe
  2⤵
  PID:5232
- C:\Windows\System\aTenlEp.exe
  C:\Windows\System\aTenlEp.exe
  2⤵
  PID:5980
- C:\Windows\System\BYnxdVr.exe
  C:\Windows\System\BYnxdVr.exe
  2⤵
  PID:5888
- C:\Windows\System\CZWSAFa.exe
  C:\Windows\System\CZWSAFa.exe
  2⤵
  PID:6008
- C:\Windows\System\LKdWRas.exe
  C:\Windows\System\LKdWRas.exe
  2⤵
  PID:5392
- C:\Windows\System\HSTnxwm.exe
  C:\Windows\System\HSTnxwm.exe
  2⤵
  PID:5588
- C:\Windows\System\isOekTa.exe
  C:\Windows\System\isOekTa.exe
  2⤵
  PID:5164
- C:\Windows\System\PCMFhOo.exe
  C:\Windows\System\PCMFhOo.exe
  2⤵
  PID:4796
- C:\Windows\System\DnKAOCx.exe
  C:\Windows\System\DnKAOCx.exe
  2⤵
  PID:5896
- C:\Windows\System\FRdTYPo.exe
  C:\Windows\System\FRdTYPo.exe
  2⤵
  PID:6076
- C:\Windows\System\UmcmwDa.exe
  C:\Windows\System\UmcmwDa.exe
  2⤵
  PID:5536
- C:\Windows\System\UBMPiWZ.exe
  C:\Windows\System\UBMPiWZ.exe
  2⤵
  PID:5196
- C:\Windows\System\qFlBRSa.exe
  C:\Windows\System\qFlBRSa.exe
  2⤵
  PID:6156
- C:\Windows\System\vfMNNpB.exe
  C:\Windows\System\vfMNNpB.exe
  2⤵
  PID:6172
- C:\Windows\System\dAcvUDv.exe
  C:\Windows\System\dAcvUDv.exe
  2⤵
  PID:6188
- C:\Windows\System\fZVpyXc.exe
  C:\Windows\System\fZVpyXc.exe
  2⤵
  PID:6204
- C:\Windows\System\NeSZHqn.exe
  C:\Windows\System\NeSZHqn.exe
  2⤵
  PID:6220
- C:\Windows\System\jEiFTbM.exe
  C:\Windows\System\jEiFTbM.exe
  2⤵
  PID:6236
- C:\Windows\System\xygNXzi.exe
  C:\Windows\System\xygNXzi.exe
  2⤵
  PID:6252
- C:\Windows\System\ZxCVeQI.exe
  C:\Windows\System\ZxCVeQI.exe
  2⤵
  PID:6268
- C:\Windows\System\RxtYBiS.exe
  C:\Windows\System\RxtYBiS.exe
  2⤵
  PID:6284
- C:\Windows\System\xzYwLzX.exe
  C:\Windows\System\xzYwLzX.exe
  2⤵
  PID:6300
- C:\Windows\System\hEkJNvY.exe
  C:\Windows\System\hEkJNvY.exe
  2⤵
  PID:6316
- C:\Windows\System\LjwUXMD.exe
  C:\Windows\System\LjwUXMD.exe
  2⤵
  PID:6332
- C:\Windows\System\leZibiM.exe
  C:\Windows\System\leZibiM.exe
  2⤵
  PID:6348
- C:\Windows\System\iMHONQP.exe
  C:\Windows\System\iMHONQP.exe
  2⤵
  PID:6364
- C:\Windows\System\GPBkyAJ.exe
  C:\Windows\System\GPBkyAJ.exe
  2⤵
  PID:6380
- C:\Windows\System\JjgPWdk.exe
  C:\Windows\System\JjgPWdk.exe
  2⤵
  PID:6396
- C:\Windows\System\TJdkrPk.exe
  C:\Windows\System\TJdkrPk.exe
  2⤵
  PID:6412
- C:\Windows\System\beXmqch.exe
  C:\Windows\System\beXmqch.exe
  2⤵
  PID:6428
- C:\Windows\System\YnvCTqy.exe
  C:\Windows\System\YnvCTqy.exe
  2⤵
  PID:6444
- C:\Windows\System\sNZljuk.exe
  C:\Windows\System\sNZljuk.exe
  2⤵
  PID:6460
- C:\Windows\System\rmGoUBk.exe
  C:\Windows\System\rmGoUBk.exe
  2⤵
  PID:6476
- C:\Windows\System\dJxdSgr.exe
  C:\Windows\System\dJxdSgr.exe
  2⤵
  PID:6492
- C:\Windows\System\UOeowZa.exe
  C:\Windows\System\UOeowZa.exe
  2⤵
  PID:6508
- C:\Windows\System\nlvxBZc.exe
  C:\Windows\System\nlvxBZc.exe
  2⤵
  PID:6524
- C:\Windows\System\GMcJwhl.exe
  C:\Windows\System\GMcJwhl.exe
  2⤵
  PID:6540
- C:\Windows\System\PjtZJkk.exe
  C:\Windows\System\PjtZJkk.exe
  2⤵
  PID:6560
- C:\Windows\System\EOEIAag.exe
  C:\Windows\System\EOEIAag.exe
  2⤵
  PID:6576
- C:\Windows\System\RFCzoyJ.exe
  C:\Windows\System\RFCzoyJ.exe
  2⤵
  PID:6592
- C:\Windows\System\pflvVOH.exe
  C:\Windows\System\pflvVOH.exe
  2⤵
  PID:6608
- C:\Windows\System\JAfYFHO.exe
  C:\Windows\System\JAfYFHO.exe
  2⤵
  PID:6624
- C:\Windows\System\Lpyjndz.exe
  C:\Windows\System\Lpyjndz.exe
  2⤵
  PID:6640
- C:\Windows\System\bzAEqhI.exe
  C:\Windows\System\bzAEqhI.exe
  2⤵
  PID:6656
- C:\Windows\System\Erkanaf.exe
  C:\Windows\System\Erkanaf.exe
  2⤵
  PID:6672
- C:\Windows\System\hFJovWR.exe
  C:\Windows\System\hFJovWR.exe
  2⤵
  PID:6688
- C:\Windows\System\EWCrAQd.exe
  C:\Windows\System\EWCrAQd.exe
  2⤵
  PID:6704
- C:\Windows\System\bNsdLaV.exe
  C:\Windows\System\bNsdLaV.exe
  2⤵
  PID:6720
- C:\Windows\System\hLcWKgT.exe
  C:\Windows\System\hLcWKgT.exe
  2⤵
  PID:6736
- C:\Windows\System\YNqnxDM.exe
  C:\Windows\System\YNqnxDM.exe
  2⤵
  PID:6752
- C:\Windows\System\xdwKNRb.exe
  C:\Windows\System\xdwKNRb.exe
  2⤵
  PID:6772
- C:\Windows\System\ddbxIYK.exe
  C:\Windows\System\ddbxIYK.exe
  2⤵
  PID:6788
- C:\Windows\System\pmXhgsr.exe
  C:\Windows\System\pmXhgsr.exe
  2⤵
  PID:6804
- C:\Windows\System\KCjPeib.exe
  C:\Windows\System\KCjPeib.exe
  2⤵
  PID:6820
- C:\Windows\System\rjCysUV.exe
  C:\Windows\System\rjCysUV.exe
  2⤵
  PID:6836
- C:\Windows\System\NVqKsrK.exe
  C:\Windows\System\NVqKsrK.exe
  2⤵
  PID:6852
- C:\Windows\System\DuRrwPS.exe
  C:\Windows\System\DuRrwPS.exe
  2⤵
  PID:6868
- C:\Windows\System\xOsRvXX.exe
  C:\Windows\System\xOsRvXX.exe
  2⤵
  PID:6884
- C:\Windows\System\bVJnmmc.exe
  C:\Windows\System\bVJnmmc.exe
  2⤵
  PID:6900
- C:\Windows\System\vdQxYhO.exe
  C:\Windows\System\vdQxYhO.exe
  2⤵
  PID:6916
- C:\Windows\System\dZCUksE.exe
  C:\Windows\System\dZCUksE.exe
  2⤵
  PID:6932
- C:\Windows\System\YCzmhxY.exe
  C:\Windows\System\YCzmhxY.exe
  2⤵
  PID:6952
- C:\Windows\System\qjvIMqe.exe
  C:\Windows\System\qjvIMqe.exe
  2⤵
  PID:6968
- C:\Windows\System\WYdUIly.exe
  C:\Windows\System\WYdUIly.exe
  2⤵
  PID:6984
- C:\Windows\System\AXvGjku.exe
  C:\Windows\System\AXvGjku.exe
  2⤵
  PID:7000
- C:\Windows\System\vXYneGi.exe
  C:\Windows\System\vXYneGi.exe
  2⤵
  PID:7024
- C:\Windows\System\vDgVeTe.exe
  C:\Windows\System\vDgVeTe.exe
  2⤵
  PID:7040
- C:\Windows\System\xXrVERY.exe
  C:\Windows\System\xXrVERY.exe
  2⤵
  PID:7056
- C:\Windows\System\JNxbxNd.exe
  C:\Windows\System\JNxbxNd.exe
  2⤵
  PID:7076
- C:\Windows\System\KSiafMT.exe
  C:\Windows\System\KSiafMT.exe
  2⤵
  PID:7092
- C:\Windows\System\sxyPaab.exe
  C:\Windows\System\sxyPaab.exe
  2⤵
  PID:7108
- C:\Windows\System\eVGiTlT.exe
  C:\Windows\System\eVGiTlT.exe
  2⤵
  PID:7124
- C:\Windows\System\qxkBczZ.exe
  C:\Windows\System\qxkBczZ.exe
  2⤵
  PID:7144
- C:\Windows\System\YFryuOx.exe
  C:\Windows\System\YFryuOx.exe
  2⤵
  PID:7160
- C:\Windows\System\bXBggcu.exe
  C:\Windows\System\bXBggcu.exe
  2⤵
  PID:5424
- C:\Windows\System\GhOEUOJ.exe
  C:\Windows\System\GhOEUOJ.exe
  2⤵
  PID:6148
- C:\Windows\System\pJTgIDd.exe
  C:\Windows\System\pJTgIDd.exe
  2⤵
  PID:6056
- C:\Windows\System\lhqCkjE.exe
  C:\Windows\System\lhqCkjE.exe
  2⤵
  PID:5864
- C:\Windows\System\TpxUcZw.exe
  C:\Windows\System\TpxUcZw.exe
  2⤵
  PID:6232
- C:\Windows\System\GdHWmsi.exe
  C:\Windows\System\GdHWmsi.exe
  2⤵
  PID:6296
- C:\Windows\System\QqCsnnS.exe
  C:\Windows\System\QqCsnnS.exe
  2⤵
  PID:6360
- C:\Windows\System\mhdnVIe.exe
  C:\Windows\System\mhdnVIe.exe
  2⤵
  PID:6276
- C:\Windows\System\zomNsTr.exe
  C:\Windows\System\zomNsTr.exe
  2⤵
  PID:6420
- C:\Windows\System\IfEbWKw.exe
  C:\Windows\System\IfEbWKw.exe
  2⤵
  PID:6408
- C:\Windows\System\jmqaSIY.exe
  C:\Windows\System\jmqaSIY.exe
  2⤵
  PID:6436
- C:\Windows\System\TRHitDh.exe
  C:\Windows\System\TRHitDh.exe
  2⤵
  PID:6516
- C:\Windows\System\jdmIzBV.exe
  C:\Windows\System\jdmIzBV.exe
  2⤵
  PID:6500
- C:\Windows\System\xuuOolJ.exe
  C:\Windows\System\xuuOolJ.exe
  2⤵
  PID:6552
- C:\Windows\System\OWjdTQI.exe
  C:\Windows\System\OWjdTQI.exe
  2⤵
  PID:6620
- C:\Windows\System\ZqHTkka.exe
  C:\Windows\System\ZqHTkka.exe
  2⤵
  PID:6572
- C:\Windows\System\BkUDwUH.exe
  C:\Windows\System\BkUDwUH.exe
  2⤵
  PID:6636
- C:\Windows\System\jlfaAKA.exe
  C:\Windows\System\jlfaAKA.exe
  2⤵
  PID:6700
- C:\Windows\System\spefSGj.exe
  C:\Windows\System\spefSGj.exe
  2⤵
  PID:6716
- C:\Windows\System\GPVPuEG.exe
  C:\Windows\System\GPVPuEG.exe
  2⤵
  PID:6748
- C:\Windows\System\aTSdjYS.exe
  C:\Windows\System\aTSdjYS.exe
  2⤵
  PID:6812
- C:\Windows\System\xEfxZYe.exe
  C:\Windows\System\xEfxZYe.exe
  2⤵
  PID:6828
- C:\Windows\System\GjNQWxS.exe
  C:\Windows\System\GjNQWxS.exe
  2⤵
  PID:6844
- C:\Windows\System\XNUGhSG.exe
  C:\Windows\System\XNUGhSG.exe
  2⤵
  PID:6912
- C:\Windows\System\UyjRXxI.exe
  C:\Windows\System\UyjRXxI.exe
  2⤵
  PID:6860
- C:\Windows\System\BoRNBMn.exe
  C:\Windows\System\BoRNBMn.exe
  2⤵
  PID:6976
- C:\Windows\System\EsbuHVX.exe
  C:\Windows\System\EsbuHVX.exe
  2⤵
  PID:6924
- C:\Windows\System\WWLAYfB.exe
  C:\Windows\System\WWLAYfB.exe
  2⤵
  PID:6992
- C:\Windows\System\nPpyTOS.exe
  C:\Windows\System\nPpyTOS.exe
  2⤵
  PID:7016
- C:\Windows\System\vuPLWUG.exe
  C:\Windows\System\vuPLWUG.exe
  2⤵
  PID:7036
- C:\Windows\System\KHIKGGt.exe
  C:\Windows\System\KHIKGGt.exe
  2⤵
  PID:7032
- C:\Windows\System\zXDGTFd.exe
  C:\Windows\System\zXDGTFd.exe
  2⤵
  PID:7116
- C:\Windows\System\CEBwcSy.exe
  C:\Windows\System\CEBwcSy.exe
  2⤵
  PID:7104
- C:\Windows\System\umSnRJn.exe
  C:\Windows\System\umSnRJn.exe
  2⤵
  PID:7156
- C:\Windows\System\FlLcCqc.exe
  C:\Windows\System\FlLcCqc.exe
  2⤵
  PID:6200
- C:\Windows\System\NwjbBuF.exe
  C:\Windows\System\NwjbBuF.exe
  2⤵
  PID:6292
- C:\Windows\System\hapKMhN.exe
  C:\Windows\System\hapKMhN.exe
  2⤵
  PID:6308
- C:\Windows\System\ndPrtMg.exe
  C:\Windows\System\ndPrtMg.exe
  2⤵
  PID:6152
- C:\Windows\System\YTDVudx.exe
  C:\Windows\System\YTDVudx.exe
  2⤵
  PID:6328
- C:\Windows\System\NuyVhWD.exe
  C:\Windows\System\NuyVhWD.exe
  2⤵
  PID:6488
- C:\Windows\System\lkvYVza.exe
  C:\Windows\System\lkvYVza.exe
  2⤵
  PID:6392
- C:\Windows\System\PjGkMNP.exe
  C:\Windows\System\PjGkMNP.exe
  2⤵
  PID:6648
- C:\Windows\System\nKYTrXa.exe
  C:\Windows\System\nKYTrXa.exe
  2⤵
  PID:6600
- C:\Windows\System\sPxxxuY.exe
  C:\Windows\System\sPxxxuY.exe
  2⤵
  PID:6876
- C:\Windows\System\HNfRwPY.exe
  C:\Windows\System\HNfRwPY.exe
  2⤵
  PID:6588
- C:\Windows\System\qGaaFEs.exe
  C:\Windows\System\qGaaFEs.exe
  2⤵
  PID:6896
- C:\Windows\System\SvrIsDo.exe
  C:\Windows\System\SvrIsDo.exe
  2⤵
  PID:6832
- C:\Windows\System\DapJjWN.exe
  C:\Windows\System\DapJjWN.exe
  2⤵
  PID:6928
- C:\Windows\System\KcqVQiu.exe
  C:\Windows\System\KcqVQiu.exe
  2⤵
  PID:6980
- C:\Windows\System\NCRkSaz.exe
  C:\Windows\System\NCRkSaz.exe
  2⤵
  PID:7100
- C:\Windows\System\BQdCjCe.exe
  C:\Windows\System\BQdCjCe.exe
  2⤵
  PID:6244
- C:\Windows\System\JdCcAHv.exe
  C:\Windows\System\JdCcAHv.exe
  2⤵
  PID:6344
- C:\Windows\System\kFLBxvR.exe
  C:\Windows\System\kFLBxvR.exe
  2⤵
  PID:6216
- C:\Windows\System\Qjegsll.exe
  C:\Windows\System\Qjegsll.exe
  2⤵
  PID:6684
- C:\Windows\System\YDURBcX.exe
  C:\Windows\System\YDURBcX.exe
  2⤵
  PID:7088
- C:\Windows\System\dbPVLSN.exe
  C:\Windows\System\dbPVLSN.exe
  2⤵
  PID:6340
- C:\Windows\System\NcPdNZS.exe
  C:\Windows\System\NcPdNZS.exe
  2⤵
  PID:6452
- C:\Windows\System\NXFmjVB.exe
  C:\Windows\System\NXFmjVB.exe
  2⤵
  PID:7052
- C:\Windows\System\FYQIqKb.exe
  C:\Windows\System\FYQIqKb.exe
  2⤵
  PID:7008
- C:\Windows\System\NIPgTPz.exe
  C:\Windows\System\NIPgTPz.exe
  2⤵
  PID:6180
- C:\Windows\System\dRPuMcJ.exe
  C:\Windows\System\dRPuMcJ.exe
  2⤵
  PID:6404
- C:\Windows\System\kwMpBaO.exe
  C:\Windows\System\kwMpBaO.exe
  2⤵
  PID:6520
- C:\Windows\System\SOIlYxl.exe
  C:\Windows\System\SOIlYxl.exe
  2⤵
  PID:6944
- C:\Windows\System\FhYahcX.exe
  C:\Windows\System\FhYahcX.exe
  2⤵
  PID:6732
- C:\Windows\System\yhjNuJl.exe
  C:\Windows\System\yhjNuJl.exe
  2⤵
  PID:6764
- C:\Windows\System\GHTDsxE.exe
  C:\Windows\System\GHTDsxE.exe
  2⤵
  PID:6456
- C:\Windows\System\qxsJsyB.exe
  C:\Windows\System\qxsJsyB.exe
  2⤵
  PID:6940
- C:\Windows\System\cZoymyv.exe
  C:\Windows\System\cZoymyv.exe
  2⤵
  PID:6168
- C:\Windows\System\HvWhoAT.exe
  C:\Windows\System\HvWhoAT.exe
  2⤵
  PID:7172
- C:\Windows\System\bSugyHX.exe
  C:\Windows\System\bSugyHX.exe
  2⤵
  PID:7188
- C:\Windows\System\fxAblAQ.exe
  C:\Windows\System\fxAblAQ.exe
  2⤵
  PID:7208
- C:\Windows\System\dWsSSLi.exe
  C:\Windows\System\dWsSSLi.exe
  2⤵
  PID:7224
- C:\Windows\System\VZWgsbk.exe
  C:\Windows\System\VZWgsbk.exe
  2⤵
  PID:7240
- C:\Windows\System\NKUoGBL.exe
  C:\Windows\System\NKUoGBL.exe
  2⤵
  PID:7256
- C:\Windows\System\yOSlXhc.exe
  C:\Windows\System\yOSlXhc.exe
  2⤵
  PID:7272
- C:\Windows\System\qBdPdYW.exe
  C:\Windows\System\qBdPdYW.exe
  2⤵
  PID:7288
- C:\Windows\System\DSDEpGp.exe
  C:\Windows\System\DSDEpGp.exe
  2⤵
  PID:7304
- C:\Windows\System\ZRYBdwa.exe
  C:\Windows\System\ZRYBdwa.exe
  2⤵
  PID:7320
- C:\Windows\System\glarCeg.exe
  C:\Windows\System\glarCeg.exe
  2⤵
  PID:7336
- C:\Windows\System\DhaScab.exe
  C:\Windows\System\DhaScab.exe
  2⤵
  PID:7352
- C:\Windows\System\OXgZYYB.exe
  C:\Windows\System\OXgZYYB.exe
  2⤵
  PID:7368
- C:\Windows\System\KKMIEaJ.exe
  C:\Windows\System\KKMIEaJ.exe
  2⤵
  PID:7384
- C:\Windows\System\EpbUxEM.exe
  C:\Windows\System\EpbUxEM.exe
  2⤵
  PID:7400
- C:\Windows\System\xXGHQtz.exe
  C:\Windows\System\xXGHQtz.exe
  2⤵
  PID:7416
- C:\Windows\System\smIBZYP.exe
  C:\Windows\System\smIBZYP.exe
  2⤵
  PID:7432
- C:\Windows\System\knkiIde.exe
  C:\Windows\System\knkiIde.exe
  2⤵
  PID:7448
- C:\Windows\System\KCFjxGe.exe
  C:\Windows\System\KCFjxGe.exe
  2⤵
  PID:7464
- C:\Windows\System\XyOMZTJ.exe
  C:\Windows\System\XyOMZTJ.exe
  2⤵
  PID:7480
- C:\Windows\System\dEfGeBN.exe
  C:\Windows\System\dEfGeBN.exe
  2⤵
  PID:7496
- C:\Windows\System\rpwsXCO.exe
  C:\Windows\System\rpwsXCO.exe
  2⤵
  PID:7512
- C:\Windows\System\eXnUeHm.exe
  C:\Windows\System\eXnUeHm.exe
  2⤵
  PID:7528
- C:\Windows\System\CjqhaTt.exe
  C:\Windows\System\CjqhaTt.exe
  2⤵
  PID:7544
- C:\Windows\System\iHlJgwJ.exe
  C:\Windows\System\iHlJgwJ.exe
  2⤵
  PID:7560
- C:\Windows\System\wbmwRkl.exe
  C:\Windows\System\wbmwRkl.exe
  2⤵
  PID:7576
- C:\Windows\System\AoYwCOj.exe
  C:\Windows\System\AoYwCOj.exe
  2⤵
  PID:7592
- C:\Windows\System\vxqcSGy.exe
  C:\Windows\System\vxqcSGy.exe
  2⤵
  PID:7608
- C:\Windows\System\daSpAOJ.exe
  C:\Windows\System\daSpAOJ.exe
  2⤵
  PID:7624
- C:\Windows\System\qTpazoP.exe
  C:\Windows\System\qTpazoP.exe
  2⤵
  PID:7640
- C:\Windows\System\KDuTXcz.exe
  C:\Windows\System\KDuTXcz.exe
  2⤵
  PID:7656
- C:\Windows\System\OQakzjW.exe
  C:\Windows\System\OQakzjW.exe
  2⤵
  PID:7672
- C:\Windows\System\NlXKEUq.exe
  C:\Windows\System\NlXKEUq.exe
  2⤵
  PID:7688
- C:\Windows\System\KCVZTBh.exe
  C:\Windows\System\KCVZTBh.exe
  2⤵
  PID:7704
- C:\Windows\System\nQYbaTv.exe
  C:\Windows\System\nQYbaTv.exe
  2⤵
  PID:7720
- C:\Windows\System\BvFUhmY.exe
  C:\Windows\System\BvFUhmY.exe
  2⤵
  PID:7736
- C:\Windows\System\OGkJNxp.exe
  C:\Windows\System\OGkJNxp.exe
  2⤵
  PID:7752
- C:\Windows\System\CIerHZc.exe
  C:\Windows\System\CIerHZc.exe
  2⤵
  PID:7768
- C:\Windows\System\MKYnKRO.exe
  C:\Windows\System\MKYnKRO.exe
  2⤵
  PID:7784
- C:\Windows\System\vXlNWPd.exe
  C:\Windows\System\vXlNWPd.exe
  2⤵
  PID:7800
- C:\Windows\System\FiRlcBk.exe
  C:\Windows\System\FiRlcBk.exe
  2⤵
  PID:7816
- C:\Windows\System\ufOsfOn.exe
  C:\Windows\System\ufOsfOn.exe
  2⤵
  PID:7832
- C:\Windows\System\KSzQjrS.exe
  C:\Windows\System\KSzQjrS.exe
  2⤵
  PID:7848
- C:\Windows\System\VnyiLrU.exe
  C:\Windows\System\VnyiLrU.exe
  2⤵
  PID:7864
- C:\Windows\System\XuqatKU.exe
  C:\Windows\System\XuqatKU.exe
  2⤵
  PID:7880
- C:\Windows\System\cKpWETz.exe
  C:\Windows\System\cKpWETz.exe
  2⤵
  PID:7896
- C:\Windows\System\UWoZaTB.exe
  C:\Windows\System\UWoZaTB.exe
  2⤵
  PID:7912
- C:\Windows\System\qlfmGmt.exe
  C:\Windows\System\qlfmGmt.exe
  2⤵
  PID:7928
- C:\Windows\System\BbQQauM.exe
  C:\Windows\System\BbQQauM.exe
  2⤵
  PID:7944
- C:\Windows\System\EGXSpzZ.exe
  C:\Windows\System\EGXSpzZ.exe
  2⤵
  PID:7960
- C:\Windows\System\NdfYmxA.exe
  C:\Windows\System\NdfYmxA.exe
  2⤵
  PID:7976
- C:\Windows\System\nYxkhcW.exe
  C:\Windows\System\nYxkhcW.exe
  2⤵
  PID:7992
- C:\Windows\System\srrfTfh.exe
  C:\Windows\System\srrfTfh.exe
  2⤵
  PID:8008
- C:\Windows\System\ehJuIqO.exe
  C:\Windows\System\ehJuIqO.exe
  2⤵
  PID:8024
- C:\Windows\System\TcDDvNj.exe
  C:\Windows\System\TcDDvNj.exe
  2⤵
  PID:8040
- C:\Windows\System\JUZlGSD.exe
  C:\Windows\System\JUZlGSD.exe
  2⤵
  PID:8056
- C:\Windows\System\BlzxHDZ.exe
  C:\Windows\System\BlzxHDZ.exe
  2⤵
  PID:8072
- C:\Windows\System\JTuRFZU.exe
  C:\Windows\System\JTuRFZU.exe
  2⤵
  PID:8088
- C:\Windows\System\ipJpHHR.exe
  C:\Windows\System\ipJpHHR.exe
  2⤵
  PID:8104
- C:\Windows\System\xCtbQHf.exe
  C:\Windows\System\xCtbQHf.exe
  2⤵
  PID:8120
- C:\Windows\System\hCCVPaL.exe
  C:\Windows\System\hCCVPaL.exe
  2⤵
  PID:8136
- C:\Windows\System\yrJJDRj.exe
  C:\Windows\System\yrJJDRj.exe
  2⤵
  PID:8152
- C:\Windows\System\pWQatLH.exe
  C:\Windows\System\pWQatLH.exe
  2⤵
  PID:8168
- C:\Windows\System\YnxuHhp.exe
  C:\Windows\System\YnxuHhp.exe
  2⤵
  PID:8184
- C:\Windows\System\LNKcICL.exe
  C:\Windows\System\LNKcICL.exe
  2⤵
  PID:7184
- C:\Windows\System\zijXrFV.exe
  C:\Windows\System\zijXrFV.exe
  2⤵
  PID:7200
- C:\Windows\System\aZrEWtt.exe
  C:\Windows\System\aZrEWtt.exe
  2⤵
  PID:7264
- C:\Windows\System\ePbSNJg.exe
  C:\Windows\System\ePbSNJg.exe
  2⤵
  PID:7280
- C:\Windows\System\QXQKvrJ.exe
  C:\Windows\System\QXQKvrJ.exe
  2⤵
  PID:7344
- C:\Windows\System\CMdpkLK.exe
  C:\Windows\System\CMdpkLK.exe
  2⤵
  PID:7296
- C:\Windows\System\NfWZkHV.exe
  C:\Windows\System\NfWZkHV.exe
  2⤵
  PID:7364
- C:\Windows\System\dQzTcsD.exe
  C:\Windows\System\dQzTcsD.exe
  2⤵
  PID:7300
- C:\Windows\System\LUsdoVy.exe
  C:\Windows\System\LUsdoVy.exe
  2⤵
  PID:7440
- C:\Windows\System\gkSBkSo.exe
  C:\Windows\System\gkSBkSo.exe
  2⤵
  PID:7456
- C:\Windows\System\qtPNgwj.exe
  C:\Windows\System\qtPNgwj.exe
  2⤵
  PID:7504
- C:\Windows\System\AflFwKN.exe
  C:\Windows\System\AflFwKN.exe
  2⤵
  PID:7568
- C:\Windows\System\CAfWyEm.exe
  C:\Windows\System\CAfWyEm.exe
  2⤵
  PID:7632
- C:\Windows\System\RgyRmnF.exe
  C:\Windows\System\RgyRmnF.exe
  2⤵
  PID:7620
- C:\Windows\System\CycitQq.exe
  C:\Windows\System\CycitQq.exe
  2⤵
  PID:7616
- C:\Windows\System\goDOxmD.exe
  C:\Windows\System\goDOxmD.exe
  2⤵
  PID:7700
- C:\Windows\System\kiSeGeZ.exe
  C:\Windows\System\kiSeGeZ.exe
  2⤵
  PID:7552
- C:\Windows\System\SfhZXET.exe
  C:\Windows\System\SfhZXET.exe
  2⤵
  PID:7716
- C:\Windows\System\zvXBoiL.exe
  C:\Windows\System\zvXBoiL.exe
  2⤵
  PID:7776
- C:\Windows\System\davjpLi.exe
  C:\Windows\System\davjpLi.exe
  2⤵
  PID:7780
- C:\Windows\System\mwcrDWm.exe
  C:\Windows\System\mwcrDWm.exe
  2⤵
  PID:7808
- C:\Windows\System\eRxKDdN.exe
  C:\Windows\System\eRxKDdN.exe
  2⤵
  PID:7888
- C:\Windows\System\OPVsaTG.exe
  C:\Windows\System\OPVsaTG.exe
  2⤵
  PID:7840
- C:\Windows\System\zikauKB.exe
  C:\Windows\System\zikauKB.exe
  2⤵
  PID:7924
- C:\Windows\System\bENRNAF.exe
  C:\Windows\System\bENRNAF.exe
  2⤵
  PID:7952
- C:\Windows\System\wUmHoWd.exe
  C:\Windows\System\wUmHoWd.exe
  2⤵
  PID:8020
- C:\Windows\System\fgXtpCg.exe
  C:\Windows\System\fgXtpCg.exe
  2⤵
  PID:8084
- C:\Windows\System\XsJQxoZ.exe
  C:\Windows\System\XsJQxoZ.exe
  2⤵
  PID:8000
- C:\Windows\System\ltsBWPY.exe
  C:\Windows\System\ltsBWPY.exe
  2⤵
  PID:8128
- C:\Windows\System\uSWEjUi.exe
  C:\Windows\System\uSWEjUi.exe
  2⤵
  PID:8036
- C:\Windows\System\ZZorcVA.exe
  C:\Windows\System\ZZorcVA.exe
  2⤵
  PID:8100
- C:\Windows\System\cwYtbca.exe
  C:\Windows\System\cwYtbca.exe
  2⤵
  PID:7220
- C:\Windows\System\shxsBod.exe
  C:\Windows\System\shxsBod.exe
  2⤵
  PID:8160
- C:\Windows\System\LCStjTA.exe
  C:\Windows\System\LCStjTA.exe
  2⤵
  PID:7236
- C:\Windows\System\nMOAggQ.exe
  C:\Windows\System\nMOAggQ.exe
  2⤵
  PID:7316
- C:\Windows\System\wdvxlxr.exe
  C:\Windows\System\wdvxlxr.exe
  2⤵
  PID:7424
- C:\Windows\System\XFSFCgk.exe
  C:\Windows\System\XFSFCgk.exe
  2⤵
  PID:7412
- C:\Windows\System\tiJVgqh.exe
  C:\Windows\System\tiJVgqh.exe
  2⤵
  PID:7536
- C:\Windows\System\MjLDqto.exe
  C:\Windows\System\MjLDqto.exe
  2⤵
  PID:7604
- C:\Windows\System\DZbxuTS.exe
  C:\Windows\System\DZbxuTS.exe
  2⤵
  PID:7520
- C:\Windows\System\xslixta.exe
  C:\Windows\System\xslixta.exe
  2⤵
  PID:7792
- C:\Windows\System\sAZmOfo.exe
  C:\Windows\System\sAZmOfo.exe
  2⤵
  PID:7860
- C:\Windows\System\XINeQHL.exe
  C:\Windows\System\XINeQHL.exe
  2⤵
  PID:7824
- C:\Windows\System\FjnIfjJ.exe
  C:\Windows\System\FjnIfjJ.exe
  2⤵
  PID:7984
- C:\Windows\System\QPjnBqN.exe
  C:\Windows\System\QPjnBqN.exe
  2⤵
  PID:8016
- C:\Windows\System\gkOvfUz.exe
  C:\Windows\System\gkOvfUz.exe
  2⤵
  PID:8116
- C:\Windows\System\ewfmCSe.exe
  C:\Windows\System\ewfmCSe.exe
  2⤵
  PID:7248
- C:\Windows\System\EYCzrZX.exe
  C:\Windows\System\EYCzrZX.exe
  2⤵
  PID:7968
- C:\Windows\System\IBIgUwq.exe
  C:\Windows\System\IBIgUwq.exe
  2⤵
  PID:6212
- C:\Windows\System\kRgxKnH.exe
  C:\Windows\System\kRgxKnH.exe
  2⤵
  PID:7488
- C:\Windows\System\qpUOCNI.exe
  C:\Windows\System\qpUOCNI.exe
  2⤵
  PID:7556
- C:\Windows\System\PsWvsME.exe
  C:\Windows\System\PsWvsME.exe
  2⤵
  PID:1488
- C:\Windows\System\vINtjVD.exe
  C:\Windows\System\vINtjVD.exe
  2⤵
  PID:7936
- C:\Windows\System\TFXygXf.exe
  C:\Windows\System\TFXygXf.exe
  2⤵
  PID:7600
- C:\Windows\System\tvGXFeQ.exe
  C:\Windows\System\tvGXFeQ.exe
  2⤵
  PID:8180
- C:\Windows\System\aChhoSb.exe
  C:\Windows\System\aChhoSb.exe
  2⤵
  PID:7380
- C:\Windows\System\jSKqCEO.exe
  C:\Windows\System\jSKqCEO.exe
  2⤵
  PID:7728
- C:\Windows\System\keveMCb.exe
  C:\Windows\System\keveMCb.exe
  2⤵
  PID:8032
- C:\Windows\System\nWArtxA.exe
  C:\Windows\System\nWArtxA.exe
  2⤵
  PID:6668
- C:\Windows\System\wKimXVp.exe
  C:\Windows\System\wKimXVp.exe
  2⤵
  PID:7360
- C:\Windows\System\JIEMCjG.exe
  C:\Windows\System\JIEMCjG.exe
  2⤵
  PID:7252
- C:\Windows\System\HtQHAlS.exe
  C:\Windows\System\HtQHAlS.exe
  2⤵
  PID:7492
- C:\Windows\System\kSJJPCS.exe
  C:\Windows\System\kSJJPCS.exe
  2⤵
  PID:7652
- C:\Windows\System\MnTEucn.exe
  C:\Windows\System\MnTEucn.exe
  2⤵
  PID:8208
- C:\Windows\System\pHiMOal.exe
  C:\Windows\System\pHiMOal.exe
  2⤵
  PID:8224
- C:\Windows\System\WOZnlso.exe
  C:\Windows\System\WOZnlso.exe
  2⤵
  PID:8240
- C:\Windows\System\yEQddjz.exe
  C:\Windows\System\yEQddjz.exe
  2⤵
  PID:8256
- C:\Windows\System\qIyXDVo.exe
  C:\Windows\System\qIyXDVo.exe
  2⤵
  PID:8272
- C:\Windows\System\QEDMAbq.exe
  C:\Windows\System\QEDMAbq.exe
  2⤵
  PID:8288
- C:\Windows\System\HYIMYqY.exe
  C:\Windows\System\HYIMYqY.exe
  2⤵
  PID:8308
- C:\Windows\System\yHJKewI.exe
  C:\Windows\System\yHJKewI.exe
  2⤵
  PID:8324
- C:\Windows\System\RdoSlpE.exe
  C:\Windows\System\RdoSlpE.exe
  2⤵
  PID:8340
- C:\Windows\System\tesTYpZ.exe
  C:\Windows\System\tesTYpZ.exe
  2⤵
  PID:8356
- C:\Windows\System\KXDGvhn.exe
  C:\Windows\System\KXDGvhn.exe
  2⤵
  PID:8376
- C:\Windows\System\RbhhdqG.exe
  C:\Windows\System\RbhhdqG.exe
  2⤵
  PID:8392
- C:\Windows\System\ruQmEQV.exe
  C:\Windows\System\ruQmEQV.exe
  2⤵
  PID:8408
- C:\Windows\System\YTCGrUk.exe
  C:\Windows\System\YTCGrUk.exe
  2⤵
  PID:8424
- C:\Windows\System\hJGavAM.exe
  C:\Windows\System\hJGavAM.exe
  2⤵
  PID:8440
- C:\Windows\System\XysViZW.exe
  C:\Windows\System\XysViZW.exe
  2⤵
  PID:8456
- C:\Windows\System\xwroJjz.exe
  C:\Windows\System\xwroJjz.exe
  2⤵
  PID:8472
- C:\Windows\System\CygBRza.exe
  C:\Windows\System\CygBRza.exe
  2⤵
  PID:8488
- C:\Windows\System\SiFkTmG.exe
  C:\Windows\System\SiFkTmG.exe
  2⤵
  PID:8504
- C:\Windows\System\pTuvByr.exe
  C:\Windows\System\pTuvByr.exe
  2⤵
  PID:8520
- C:\Windows\System\TCJkqkV.exe
  C:\Windows\System\TCJkqkV.exe
  2⤵
  PID:8536
- C:\Windows\System\vGHSjqe.exe
  C:\Windows\System\vGHSjqe.exe
  2⤵
  PID:8552
- C:\Windows\System\qKbrHrn.exe
  C:\Windows\System\qKbrHrn.exe
  2⤵
  PID:8568
- C:\Windows\System\YCQkqWl.exe
  C:\Windows\System\YCQkqWl.exe
  2⤵
  PID:8584
- C:\Windows\System\AXnuBCl.exe
  C:\Windows\System\AXnuBCl.exe
  2⤵
  PID:8600
- C:\Windows\System\SIEHDHz.exe
  C:\Windows\System\SIEHDHz.exe
  2⤵
  PID:8616
- C:\Windows\System\TNxGVqf.exe
  C:\Windows\System\TNxGVqf.exe
  2⤵
  PID:8632
- C:\Windows\System\GWOJSuZ.exe
  C:\Windows\System\GWOJSuZ.exe
  2⤵
  PID:8648
- C:\Windows\System\dmUFlhB.exe
  C:\Windows\System\dmUFlhB.exe
  2⤵
  PID:8664
- C:\Windows\System\ODtQHRG.exe
  C:\Windows\System\ODtQHRG.exe
  2⤵
  PID:8680
- C:\Windows\System\fHMmKUU.exe
  C:\Windows\System\fHMmKUU.exe
  2⤵
  PID:8696
- C:\Windows\System\HMeYmzu.exe
  C:\Windows\System\HMeYmzu.exe
  2⤵
  PID:8712
- C:\Windows\System\XdCBBNu.exe
  C:\Windows\System\XdCBBNu.exe
  2⤵
  PID:8728
- C:\Windows\System\xBrOGHG.exe
  C:\Windows\System\xBrOGHG.exe
  2⤵
  PID:8744
- C:\Windows\System\PKrmfMF.exe
  C:\Windows\System\PKrmfMF.exe
  2⤵
  PID:8760
- C:\Windows\System\EGZcxJt.exe
  C:\Windows\System\EGZcxJt.exe
  2⤵
  PID:8776
- C:\Windows\System\dOarXtv.exe
  C:\Windows\System\dOarXtv.exe
  2⤵
  PID:8792
- C:\Windows\System\xXDwHay.exe
  C:\Windows\System\xXDwHay.exe
  2⤵
  PID:8808
- C:\Windows\System\RTVCATd.exe
  C:\Windows\System\RTVCATd.exe
  2⤵
  PID:8824
- C:\Windows\System\aofZmuk.exe
  C:\Windows\System\aofZmuk.exe
  2⤵
  PID:8844
- C:\Windows\System\rsmDAkT.exe
  C:\Windows\System\rsmDAkT.exe
  2⤵
  PID:8860
- C:\Windows\System\VxKRPLO.exe
  C:\Windows\System\VxKRPLO.exe
  2⤵
  PID:8876
- C:\Windows\System\BBkSdVe.exe
  C:\Windows\System\BBkSdVe.exe
  2⤵
  PID:8892
- C:\Windows\System\ZPkUvDM.exe
  C:\Windows\System\ZPkUvDM.exe
  2⤵
  PID:8908
- C:\Windows\System\fwQXYUQ.exe
  C:\Windows\System\fwQXYUQ.exe
  2⤵
  PID:8924
- C:\Windows\System\uhdbgCq.exe
  C:\Windows\System\uhdbgCq.exe
  2⤵
  PID:8940
- C:\Windows\System\YAtPyBG.exe
  C:\Windows\System\YAtPyBG.exe
  2⤵
  PID:8956
- C:\Windows\System\qrlDjvp.exe
  C:\Windows\System\qrlDjvp.exe
  2⤵
  PID:8972
- C:\Windows\System\CcaWKYh.exe
  C:\Windows\System\CcaWKYh.exe
  2⤵
  PID:9000
- C:\Windows\System\ejftzHh.exe
  C:\Windows\System\ejftzHh.exe
  2⤵
  PID:9016
- C:\Windows\System\hVIdkxb.exe
  C:\Windows\System\hVIdkxb.exe
  2⤵
  PID:9032
- C:\Windows\System\XwmPkKA.exe
  C:\Windows\System\XwmPkKA.exe
  2⤵
  PID:9048
- C:\Windows\System\SUzgXuj.exe
  C:\Windows\System\SUzgXuj.exe
  2⤵
  PID:9064
- C:\Windows\System\nbtCqEl.exe
  C:\Windows\System\nbtCqEl.exe
  2⤵
  PID:9084
- C:\Windows\System\xniMrTP.exe
  C:\Windows\System\xniMrTP.exe
  2⤵
  PID:9100
- C:\Windows\System\AbockiI.exe
  C:\Windows\System\AbockiI.exe
  2⤵
  PID:9116
- C:\Windows\System\bWfsgSW.exe
  C:\Windows\System\bWfsgSW.exe
  2⤵
  PID:9132
- C:\Windows\System\grWkCIV.exe
  C:\Windows\System\grWkCIV.exe
  2⤵
  PID:9152
- C:\Windows\System\JNAspFE.exe
  C:\Windows\System\JNAspFE.exe
  2⤵
  PID:9172
- C:\Windows\System\MxJVugC.exe
  C:\Windows\System\MxJVugC.exe
  2⤵
  PID:9188
- C:\Windows\System\lDOZfNU.exe
  C:\Windows\System\lDOZfNU.exe
  2⤵
  PID:9204
- C:\Windows\System\SJrfUsQ.exe
  C:\Windows\System\SJrfUsQ.exe
  2⤵
  PID:8052
- C:\Windows\System\EZagcdM.exe
  C:\Windows\System\EZagcdM.exe
  2⤵
  PID:8200
- C:\Windows\System\tnRBZgs.exe
  C:\Windows\System\tnRBZgs.exe
  2⤵
  PID:7876
- C:\Windows\System\lZWWUbl.exe
  C:\Windows\System\lZWWUbl.exe
  2⤵
  PID:8296
- C:\Windows\System\JFBujkc.exe
  C:\Windows\System\JFBujkc.exe
  2⤵
  PID:8280
- C:\Windows\System\rrmNnOy.exe
  C:\Windows\System\rrmNnOy.exe
  2⤵
  PID:8364
- C:\Windows\System\XFixXMg.exe
  C:\Windows\System\XFixXMg.exe
  2⤵
  PID:8316
- C:\Windows\System\ImEZnDR.exe
  C:\Windows\System\ImEZnDR.exe
  2⤵
  PID:8404
- C:\Windows\System\YDIIHYK.exe
  C:\Windows\System\YDIIHYK.exe
  2⤵
  PID:8468
- C:\Windows\System\dWJawtu.exe
  C:\Windows\System\dWJawtu.exe
  2⤵
  PID:8532
- C:\Windows\System\tIIoVnN.exe
  C:\Windows\System\tIIoVnN.exe
  2⤵
  PID:8452
- C:\Windows\System\BbqQNhQ.exe
  C:\Windows\System\BbqQNhQ.exe
  2⤵
  PID:8384
- C:\Windows\System\FXNWYgV.exe
  C:\Windows\System\FXNWYgV.exe
  2⤵
  PID:8544
- C:\Windows\System\qKsZmDw.exe
  C:\Windows\System\qKsZmDw.exe
  2⤵
  PID:8596
- C:\Windows\System\BkpgAEI.exe
  C:\Windows\System\BkpgAEI.exe
  2⤵
  PID:8580
- C:\Windows\System\FdaIGtT.exe
  C:\Windows\System\FdaIGtT.exe
  2⤵
  PID:8660
- C:\Windows\System\mYsxPsg.exe
  C:\Windows\System\mYsxPsg.exe
  2⤵
  PID:8676
- C:\Windows\System\NIIJTFE.exe
  C:\Windows\System\NIIJTFE.exe
  2⤵
  PID:8704
- C:\Windows\System\LPwhzhP.exe
  C:\Windows\System\LPwhzhP.exe
  2⤵
  PID:8756
- C:\Windows\System\WqcRwEa.exe
  C:\Windows\System\WqcRwEa.exe
  2⤵
  PID:8820
- C:\Windows\System\bKhcIBb.exe
  C:\Windows\System\bKhcIBb.exe
  2⤵
  PID:8888
- C:\Windows\System\hCxlzJL.exe
  C:\Windows\System\hCxlzJL.exe
  2⤵
  PID:8932
- C:\Windows\System\PQzPEnz.exe
  C:\Windows\System\PQzPEnz.exe
  2⤵
  PID:8804
- C:\Windows\System\XbytMnS.exe
  C:\Windows\System\XbytMnS.exe
  2⤵
  PID:8868
- C:\Windows\System\aXPQlHW.exe
  C:\Windows\System\aXPQlHW.exe
  2⤵
  PID:8900
- C:\Windows\System\WlXrUOZ.exe
  C:\Windows\System\WlXrUOZ.exe
  2⤵
  PID:8996
- C:\Windows\System\ZayyLip.exe
  C:\Windows\System\ZayyLip.exe
  2⤵
  PID:9028
- C:\Windows\System\VzndGiQ.exe
  C:\Windows\System\VzndGiQ.exe
  2⤵
  PID:9080
- C:\Windows\System\glHlxXb.exe
  C:\Windows\System\glHlxXb.exe
  2⤵
  PID:8500
- C:\Windows\System\gyLjRYy.exe
  C:\Windows\System\gyLjRYy.exe
  2⤵
  PID:8332
- C:\Windows\System\OGsoxyp.exe
  C:\Windows\System\OGsoxyp.exe
  2⤵
  PID:8448
- C:\Windows\System\RRazaIr.exe
  C:\Windows\System\RRazaIr.exe
  2⤵
  PID:9196
- C:\Windows\System\bbzuOSL.exe
  C:\Windows\System\bbzuOSL.exe
  2⤵
  PID:8368
- C:\Windows\System\FzYqQgW.exe
  C:\Windows\System\FzYqQgW.exe
  2⤵
  PID:8484
- C:\Windows\System\feQzcsC.exe
  C:\Windows\System\feQzcsC.exe
  2⤵
  PID:8692
- C:\Windows\System\ecjwueV.exe
  C:\Windows\System\ecjwueV.exe
  2⤵
  PID:8740
- C:\Windows\System\JRIGdYg.exe
  C:\Windows\System\JRIGdYg.exe
  2⤵
  PID:8436
- C:\Windows\System\qzUQPDr.exe
  C:\Windows\System\qzUQPDr.exe
  2⤵
  PID:8592
- C:\Windows\System\tyfUILW.exe
  C:\Windows\System\tyfUILW.exe
  2⤵
  PID:8816
- C:\Windows\System\kIQiRIN.exe
  C:\Windows\System\kIQiRIN.exe
  2⤵
  PID:8644
- C:\Windows\System\YDUSSpE.exe
  C:\Windows\System\YDUSSpE.exe
  2⤵
  PID:8800
- C:\Windows\System\heSWvMV.exe
  C:\Windows\System\heSWvMV.exe
  2⤵
  PID:8576
- C:\Windows\System\PNqQraO.exe
  C:\Windows\System\PNqQraO.exe
  2⤵
  PID:9024
- C:\Windows\System\sGjJeZn.exe
  C:\Windows\System\sGjJeZn.exe
  2⤵
  PID:8464
- C:\Windows\System\SjpliHD.exe
  C:\Windows\System\SjpliHD.exe
  2⤵
  PID:7988
- C:\Windows\System\Jeyrdqe.exe
  C:\Windows\System\Jeyrdqe.exe
  2⤵
  PID:8708
- C:\Windows\System\eVdtKAQ.exe
  C:\Windows\System\eVdtKAQ.exe
  2⤵
  PID:8416
- C:\Windows\System\AtYXirs.exe
  C:\Windows\System\AtYXirs.exe
  2⤵
  PID:9144
- C:\Windows\System\UdedFmr.exe
  C:\Windows\System\UdedFmr.exe
  2⤵
  PID:9184
- C:\Windows\System\FmCyTSx.exe
  C:\Windows\System\FmCyTSx.exe
  2⤵
  PID:8336
- C:\Windows\System\xBiadmt.exe
  C:\Windows\System\xBiadmt.exe
  2⤵
  PID:8724
- C:\Windows\System\KXARUHy.exe
  C:\Windows\System\KXARUHy.exe
  2⤵
  PID:9076
- C:\Windows\System\aZuHehu.exe
  C:\Windows\System\aZuHehu.exe
  2⤵
  PID:9168
- C:\Windows\System\WocDbdJ.exe
  C:\Windows\System\WocDbdJ.exe
  2⤵
  PID:9112
- C:\Windows\System\WgGfJWE.exe
  C:\Windows\System\WgGfJWE.exe
  2⤵
  PID:8236
- C:\Windows\System\bVUjEDN.exe
  C:\Windows\System\bVUjEDN.exe
  2⤵
  PID:8836
- C:\Windows\System\QpiaEKv.exe
  C:\Windows\System\QpiaEKv.exe
  2⤵
  PID:8640
- C:\Windows\System\QILWcQv.exe
  C:\Windows\System\QILWcQv.exe
  2⤵
  PID:9148
- C:\Windows\System\PjmOnHE.exe
  C:\Windows\System\PjmOnHE.exe
  2⤵
  PID:8752
- C:\Windows\System\dNSvTGp.exe
  C:\Windows\System\dNSvTGp.exe
  2⤵
  PID:8964
- C:\Windows\System\sswHrte.exe
  C:\Windows\System\sswHrte.exe
  2⤵
  PID:9160
- C:\Windows\System\SsIDyru.exe
  C:\Windows\System\SsIDyru.exe
  2⤵
  PID:8788
- C:\Windows\System\CObiVSV.exe
  C:\Windows\System\CObiVSV.exe
  2⤵
  PID:8840
- C:\Windows\System\RoGKobc.exe
  C:\Windows\System\RoGKobc.exe
  2⤵
  PID:9232
- C:\Windows\System\gAEEdGh.exe
  C:\Windows\System\gAEEdGh.exe
  2⤵
  PID:9256
- C:\Windows\System\GYtELxW.exe
  C:\Windows\System\GYtELxW.exe
  2⤵
  PID:9272
- C:\Windows\System\QvoOzbq.exe
  C:\Windows\System\QvoOzbq.exe
  2⤵
  PID:9304
- C:\Windows\System\GGQSMOe.exe
  C:\Windows\System\GGQSMOe.exe
  2⤵
  PID:9324
- C:\Windows\System\YDMcysp.exe
  C:\Windows\System\YDMcysp.exe
  2⤵
  PID:9344
- C:\Windows\System\jPKbCGs.exe
  C:\Windows\System\jPKbCGs.exe
  2⤵
  PID:9360
- C:\Windows\System\pAXoMuw.exe
  C:\Windows\System\pAXoMuw.exe
  2⤵
  PID:9376
- C:\Windows\System\lnlBvKv.exe
  C:\Windows\System\lnlBvKv.exe
  2⤵
  PID:9400
- C:\Windows\System\FsjQawu.exe
  C:\Windows\System\FsjQawu.exe
  2⤵
  PID:9420
- C:\Windows\System\oazMRQE.exe
  C:\Windows\System\oazMRQE.exe
  2⤵
  PID:9440
- C:\Windows\System\TVfXFsj.exe
  C:\Windows\System\TVfXFsj.exe
  2⤵
  PID:9460
- C:\Windows\System\zYadraE.exe
  C:\Windows\System\zYadraE.exe
  2⤵
  PID:9480
- C:\Windows\System\cVAeRWz.exe
  C:\Windows\System\cVAeRWz.exe
  2⤵
  PID:9496
- C:\Windows\System\tSgcyDv.exe
  C:\Windows\System\tSgcyDv.exe
  2⤵
  PID:9512
- C:\Windows\System\VqHvBLz.exe
  C:\Windows\System\VqHvBLz.exe
  2⤵
  PID:9532
- C:\Windows\System\ygYOcDK.exe
  C:\Windows\System\ygYOcDK.exe
  2⤵
  PID:9548
- C:\Windows\System\pcXnFMp.exe
  C:\Windows\System\pcXnFMp.exe
  2⤵
  PID:9572
- C:\Windows\System\uZvgmCn.exe
  C:\Windows\System\uZvgmCn.exe
  2⤵
  PID:9592
- C:\Windows\System\xzDKRAL.exe
  C:\Windows\System\xzDKRAL.exe
  2⤵
  PID:9608
- C:\Windows\System\XmjWBpl.exe
  C:\Windows\System\XmjWBpl.exe
  2⤵
  PID:9624
- C:\Windows\System\HGGNzyr.exe
  C:\Windows\System\HGGNzyr.exe
  2⤵
  PID:9640
- C:\Windows\System\LlkvkKZ.exe
  C:\Windows\System\LlkvkKZ.exe
  2⤵
  PID:9656
- C:\Windows\System\lUGPvcS.exe
  C:\Windows\System\lUGPvcS.exe
  2⤵
  PID:9672
- C:\Windows\System\dfuAKVE.exe
  C:\Windows\System\dfuAKVE.exe
  2⤵
  PID:9688
- C:\Windows\System\RNBmijy.exe
  C:\Windows\System\RNBmijy.exe
  2⤵
  PID:9716
- C:\Windows\System\rrtihVL.exe
  C:\Windows\System\rrtihVL.exe
  2⤵
  PID:9768
- C:\Windows\System\FCDgtxu.exe
  C:\Windows\System\FCDgtxu.exe
  2⤵
  PID:9788
- C:\Windows\System\EIVjjqb.exe
  C:\Windows\System\EIVjjqb.exe
  2⤵
  PID:9808
- C:\Windows\System\lyiBUSV.exe
  C:\Windows\System\lyiBUSV.exe
  2⤵
  PID:9824
- C:\Windows\System\kUOkLxY.exe
  C:\Windows\System\kUOkLxY.exe
  2⤵
  PID:9840
- C:\Windows\System\GQPSMPd.exe
  C:\Windows\System\GQPSMPd.exe
  2⤵
  PID:9856
- C:\Windows\System\kMcSXdf.exe
  C:\Windows\System\kMcSXdf.exe
  2⤵
  PID:9884
- C:\Windows\System\xtCjsvx.exe
  C:\Windows\System\xtCjsvx.exe
  2⤵
  PID:9908
- C:\Windows\System\rxihgMA.exe
  C:\Windows\System\rxihgMA.exe
  2⤵
  PID:9924
- C:\Windows\System\GRVmjGk.exe
  C:\Windows\System\GRVmjGk.exe
  2⤵
  PID:9944
- C:\Windows\System\pCZnOPM.exe
  C:\Windows\System\pCZnOPM.exe
  2⤵
  PID:9960
- C:\Windows\System\DOtnDAc.exe
  C:\Windows\System\DOtnDAc.exe
  2⤵
  PID:9976
- C:\Windows\System\vYdzgMO.exe
  C:\Windows\System\vYdzgMO.exe
  2⤵
  PID:9996
- C:\Windows\System\bYKKmdO.exe
  C:\Windows\System\bYKKmdO.exe
  2⤵
  PID:10016
- C:\Windows\System\vZtSzZk.exe
  C:\Windows\System\vZtSzZk.exe
  2⤵
  PID:10036
- C:\Windows\System\jRcrbva.exe
  C:\Windows\System\jRcrbva.exe
  2⤵
  PID:10056
- C:\Windows\System\mLFxIxQ.exe
  C:\Windows\System\mLFxIxQ.exe
  2⤵
  PID:10076
- C:\Windows\System\iGgTNVF.exe
  C:\Windows\System\iGgTNVF.exe
  2⤵
  PID:10116
- C:\Windows\System\xWqCCGr.exe
  C:\Windows\System\xWqCCGr.exe
  2⤵
  PID:10132
- C:\Windows\System\bphdtpy.exe
  C:\Windows\System\bphdtpy.exe
  2⤵
  PID:10152
- C:\Windows\System\PsVpyhQ.exe
  C:\Windows\System\PsVpyhQ.exe
  2⤵
  PID:10172
- C:\Windows\System\xIbqDAE.exe
  C:\Windows\System\xIbqDAE.exe
  2⤵
  PID:10192
- C:\Windows\System\EqHxsZG.exe
  C:\Windows\System\EqHxsZG.exe
  2⤵
  PID:10212
- C:\Windows\System\XorfRfz.exe
  C:\Windows\System\XorfRfz.exe
  2⤵
  PID:10232
- C:\Windows\System\uikcrXo.exe
  C:\Windows\System\uikcrXo.exe
  2⤵
  PID:8768
- C:\Windows\System\zEDePPz.exe
  C:\Windows\System\zEDePPz.exe
  2⤵
  PID:9280
- C:\Windows\System\aoIrcGL.exe
  C:\Windows\System\aoIrcGL.exe
  2⤵
  PID:9300
- C:\Windows\System\FztGGIs.exe
  C:\Windows\System\FztGGIs.exe
  2⤵
  PID:9332
- C:\Windows\System\cQDRqQY.exe
  C:\Windows\System\cQDRqQY.exe
  2⤵
  PID:9384
- C:\Windows\System\ZnPHlLL.exe
  C:\Windows\System\ZnPHlLL.exe
  2⤵
  PID:9396
- C:\Windows\System\XGweMBA.exe
  C:\Windows\System\XGweMBA.exe
  2⤵
  PID:9432
- C:\Windows\System\BsFtEtl.exe
  C:\Windows\System\BsFtEtl.exe
  2⤵
  PID:9472
- C:\Windows\System\fPVfkFe.exe
  C:\Windows\System\fPVfkFe.exe
  2⤵
  PID:9508
- C:\Windows\System\oXvlLrf.exe
  C:\Windows\System\oXvlLrf.exe
  2⤵
  PID:9568
- C:\Windows\System\sRrpNGQ.exe
  C:\Windows\System\sRrpNGQ.exe
  2⤵
  PID:9560
- C:\Windows\System\GxfjsVI.exe
  C:\Windows\System\GxfjsVI.exe
  2⤵
  PID:9620
- C:\Windows\System\xkonwmu.exe
  C:\Windows\System\xkonwmu.exe
  2⤵
  PID:9664
- C:\Windows\System\dtTGmxr.exe
  C:\Windows\System\dtTGmxr.exe
  2⤵
  PID:9700
- C:\Windows\System\EdGvWrH.exe
  C:\Windows\System\EdGvWrH.exe
  2⤵
  PID:9708
- C:\Windows\System\OFeRQbW.exe
  C:\Windows\System\OFeRQbW.exe
  2⤵
  PID:9744
- C:\Windows\System\NhxzdOo.exe
  C:\Windows\System\NhxzdOo.exe
  2⤵
  PID:9764
- C:\Windows\System\vUTQzpD.exe
  C:\Windows\System\vUTQzpD.exe
  2⤵
  PID:9832
- C:\Windows\System\UYzqDJv.exe
  C:\Windows\System\UYzqDJv.exe
  2⤵
  PID:9836
- C:\Windows\System\KZTXVLc.exe
  C:\Windows\System\KZTXVLc.exe
  2⤵
  PID:9872
- C:\Windows\System\ygLvOkV.exe
  C:\Windows\System\ygLvOkV.exe
  2⤵
  PID:9900
- C:\Windows\System\neYSPQE.exe
  C:\Windows\System\neYSPQE.exe
  2⤵
  PID:9932
- C:\Windows\System\JhXtEsc.exe
  C:\Windows\System\JhXtEsc.exe
  2⤵
  PID:9988
- C:\Windows\System\qvDvvdt.exe
  C:\Windows\System\qvDvvdt.exe
  2⤵
  PID:9968
- C:\Windows\System\YkPFmrN.exe
  C:\Windows\System\YkPFmrN.exe
  2⤵
  PID:10064
- C:\Windows\System\AqhIBUj.exe
  C:\Windows\System\AqhIBUj.exe
  2⤵
  PID:10048
- C:\Windows\System\ArbuMfz.exe
  C:\Windows\System\ArbuMfz.exe
  2⤵
  PID:10100
- C:\Windows\System\yDYTSNP.exe
  C:\Windows\System\yDYTSNP.exe
  2⤵
  PID:10128
- C:\Windows\System\jFoFbhs.exe
  C:\Windows\System\jFoFbhs.exe
  2⤵
  PID:10164
- C:\Windows\System\qnapetV.exe
  C:\Windows\System\qnapetV.exe
  2⤵
  PID:10208
- C:\Windows\System\lbKWjwf.exe
  C:\Windows\System\lbKWjwf.exe
  2⤵
  PID:9240
- C:\Windows\System\UxLdSxh.exe
  C:\Windows\System\UxLdSxh.exe
  2⤵
  PID:9252
- C:\Windows\System\EMkWXYl.exe
  C:\Windows\System\EMkWXYl.exe
  2⤵
  PID:9320
- C:\Windows\System\KcaEXUH.exe
  C:\Windows\System\KcaEXUH.exe
  2⤵
  PID:9392
- C:\Windows\System\ZAHlJSQ.exe
  C:\Windows\System\ZAHlJSQ.exe
  2⤵
  PID:9436
- C:\Windows\System\RLHOgpg.exe
  C:\Windows\System\RLHOgpg.exe
  2⤵
  PID:9456
- C:\Windows\System\rNXqWyJ.exe
  C:\Windows\System\rNXqWyJ.exe
  2⤵
  PID:9580
- C:\Windows\System\MaWugUp.exe
  C:\Windows\System\MaWugUp.exe
  2⤵
  PID:9528
- C:\Windows\System\bMaUBEg.exe
  C:\Windows\System\bMaUBEg.exe
  2⤵
  PID:9632
- C:\Windows\System\oOVayAp.exe
  C:\Windows\System\oOVayAp.exe
  2⤵
  PID:9604
- C:\Windows\System\pPUBgco.exe
  C:\Windows\System\pPUBgco.exe
  2⤵
  PID:9752
- C:\Windows\System\cGNsnae.exe
  C:\Windows\System\cGNsnae.exe
  2⤵
  PID:9796
- C:\Windows\System\vwFkJyp.exe
  C:\Windows\System\vwFkJyp.exe
  2⤵
  PID:9852
- C:\Windows\System\FPkhPvA.exe
  C:\Windows\System\FPkhPvA.exe
  2⤵
  PID:9904
- C:\Windows\System\yxgDVnT.exe
  C:\Windows\System\yxgDVnT.exe
  2⤵
  PID:10024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DakwVEk.exe

Filesize
6.0MB

MD5
9c9bd96e33b8e8af2002d169f4d1c10f

SHA1
93a44052c651146d327e2e673d0595cc2bfc983c

SHA256
bec99731d22b40c8c8b210e685dc4b161ece7108d1a8fcfeab3789d119f046c6

SHA512
9a14099fd8ed43fde0f8b9de9cdd75c3447c9508494816da40e910fe4f84b5a1cb2067f11a010a4b004c30fbdcc21d432419ca48f3e9358063e72594bd1c1cb3

Download Submit
C:\Windows\system\EeZbGCg.exe

Filesize
6.0MB

MD5
9e947ba9a17c42541de458d410bbd66f

SHA1
a91c69133f0da70eb2557fbb4db2e54ef5c26f09

SHA256
63d9f5b4c908857d6772acfda95bac8aa3c3d11947a16d37de4842b05caab3e3

SHA512
d5f8fd5463420bdd69a7dd5410264ab8c017abd18a155366c1cbd7d1d1e9b7960828459b4b53692850ede4bd263cbd8b931006205caa3955c5648d8139266fd5

Download Submit
C:\Windows\system\HSpSurV.exe

Filesize
6.0MB

MD5
17c8141507ce5f9c22b407532bdb5b0e

SHA1
4eb03ca838a8e837fee75a8bf2889ba649325b21

SHA256
a29414af139e8152b85d8133119fb2e1f5d832552564c26e5fff9a94c8a7f9e6

SHA512
d1c5299e0e5209e87136c699f237b80eb690d55b364ed43fa59ae2e1e2b51d56de6eecf5060a36254cb6ac4f09badc4b63c437891511d75764a6cdd96cce8e1d

Download Submit
C:\Windows\system\IVCpnZI.exe

Filesize
6.0MB

MD5
2e62d46ff7ffba984f32338c8499826c

SHA1
58ab28ed532cd7186c14ebd44c5948086d9b64dc

SHA256
b01dd81534c56bc4e02384efb512bf9828219269bf508651ffd013e5114166b9

SHA512
8ba9b160af019c5fb946b89c8e81ccba12cc69a0cab9c12ece3861b738b9ac00e176afabad5f8bee4d2ec95a5a0e2c1b289cb3bd0c9199be5d4ca7edbc35fa14

Download Submit
C:\Windows\system\KcqLybB.exe

Filesize
6.0MB

MD5
4e74330e70f85458df9b026045cbeef6

SHA1
776951ce1a4390f609bc2fc8d69cc88ab5c1f2c5

SHA256
4992c60aabcae890cf0b17ad44e940d613f451e8e6cfef7dcf6e3a3f6a3c80b9

SHA512
293d857c7b4f2ee41de52ab63674627a88ae21a78c53bbb9d4cffcf24df662f67578dbb85f26030a00abc3a1e6fa3760d1614ca2aeeb6803399447fdcd757578

Download Submit
C:\Windows\system\OfNUbPI.exe

Filesize
6.0MB

MD5
f32d73cad1cb632967151fd3d043311e

SHA1
25912b497dc51b7ac1d304116f0820fa6963d94a

SHA256
5f2431044c9334dca47ad1112420faeaad7023f13f4fc38881e13421bde72374

SHA512
e41fd2790f85c7de35cf1532e109c0dfeb95a2ecdce1c77936d055b678b4c9ac980a4d9f4edc0cba80bc8bca24115bc8a31bcc4916c4dafda8b1dff61e83954e

Download Submit
C:\Windows\system\POJjsmU.exe

Filesize
6.0MB

MD5
d22b4a7c551dba581549b6698aa1af30

SHA1
1e8bedf3de2c43ce7adbf1c83ab365c27b8e9951

SHA256
79918ef6c1b16dadf7ad9d76a5f66f169b3300f1a8b9996293528ae613017f35

SHA512
20a50c69396a4121d1736c6a309c1661b145516bb44a49ae718dea9adef4a73e092be0f5b4b6474e9e87b74392b1c9d2f9fc027d96e19c1129b43b4650c93100

Download Submit
C:\Windows\system\QRvsjWm.exe

Filesize
6.0MB

MD5
27a5d82d52bc9093ecb33774511b1f57

SHA1
259020a62e04f7a697bf9cf11a32041806df194d

SHA256
727e8632c5539240e18bb3e892510a0459aeacec2028e01d66eec3035455fa4e

SHA512
af123e3f7de176b1bdaab0b5b05fb79cf74edb0e7b0742bb5d9df382dde5879ea4e6b576d3af365c04161c818ebd5ce0b45c1ef36a47a099a6d28ce265b3819e

Download Submit
C:\Windows\system\RQjPwze.exe

Filesize
6.0MB

MD5
f019f9527a7b78b44e9060419b5d5e3e

SHA1
4a6e6645dd71dab516133ed650f121c34f23bd45

SHA256
87de0c871432c51689e5f149d5993af7d815244ba76fc6348aaf29a5b639ae92

SHA512
85ec427e6c86eb7eac33b95f319070ccc90db24755f462d5693ca3d7657e9d0995ee96e3245726b3e2090d8500035214dcaae0068ff7a9795b5abccc0563e1d1

Download Submit
C:\Windows\system\RaDgXpL.exe

Filesize
6.0MB

MD5
0f8d9b42bad4dde10104f76e5a785aae

SHA1
3822a9987a3f90fb790407b1a84a593e922b2a2c

SHA256
c32ac748734b9e8196ca8f397d6a12199bb0d37951969951426bcccb000a75e4

SHA512
45e29e9c1bf908c94d28d8d8699642cfce4e0d0f3e7c220002d3aa85ca7567bb6661cc88070612abfea753b060786c1ec6fa4a50c1660c8d2bc49e8610c6e003

Download Submit
C:\Windows\system\TaVStAt.exe

Filesize
6.0MB

MD5
0a5ea392056862bb692664d05e4ae1e0

SHA1
3a3bfb65aee74f66b593c557e1476a2d6418f0e5

SHA256
05f375eabb86481e9a2e8095c50180aeb0ada5311e3be08fe9fd75d5e9441af5

SHA512
f279aa4f130fc98755d8b3fb880423e8421ba8f721b960bff1798b572e5711732f99b62d726e23297b01017183144d98531ea92b708cc71c29641f900e42fbd2

Download Submit
C:\Windows\system\WFhyTZb.exe

Filesize
6.0MB

MD5
4896268b8e71770aac057752031a70f3

SHA1
541120230430c4009fbdb7e111f62fad1010328f

SHA256
a37484c9985f930e9b6a221246aea410f221521cfda16bf7c028a4c0a029cf1f

SHA512
52ff053185264afc6e3d1cf53f816575ab5a3a6203b448a2bcd13f7f08b1593099c954b3319092c49a4bd7d7074810002dd615143c700823c3b528c0df19cb8b

Download Submit
C:\Windows\system\WzQoBAe.exe

Filesize
6.0MB

MD5
c3cd1d09ddf4f6ebb8624e24e37f1f18

SHA1
db76af136fda79430ca280b0830e7cdb569ecc1a

SHA256
0d62575f4b34632dcc2bc6dd25f3a093df77abd5aa38209bdaa6feaa7e5213e7

SHA512
f531f2b6b655e52d32040c7039bb999724e93794847451b8eb2d9191e2849710317c2f605ded8d125e5ea50f338d4c99ab3c9c490da8fac22401d38c6d9b069b

Download Submit
C:\Windows\system\YFuGRtI.exe

Filesize
6.0MB

MD5
691d433750b80f068a171ce5258e74f6

SHA1
defe91cc0e0bf9a2b179dbb8da5cccb1d085f945

SHA256
90d7682aea0b476a6a9650ced648b162734858d9baf0e868338e8575622f0c7e

SHA512
8b9eb26b02c2c2a37d6ac53ccdba8220ef79ee3985d012979bb819e2278696255b82bc4b218259c6ba1ce921b8b436548f2301cf2884a8b45c95d0128a76f07e

Download Submit
C:\Windows\system\bkjHQee.exe

Filesize
6.0MB

MD5
517636dc11bce9212eefab9d8f086986

SHA1
e02ceaadcf9ac3c822d3281485d6f7785df706ae

SHA256
c3a932f93437ed8ee41ead997bc684c88c88ab07a674cd76a00ede052062a969

SHA512
95eef3f77540422fc2b1fe1578c84bff39ed17a8cde200a6ae266d3e3b7dc2fdcca33c4fb10456a23c89c6bf5db83fca5b6e6434f5ef388d1686e444e89f4750

Download Submit
C:\Windows\system\cnVhIYC.exe

Filesize
6.0MB

MD5
6bc573df5e126a58875d702899113f99

SHA1
175f895369e0b23f8d91d2334b34404323b5fec5

SHA256
e180957491e6a1ccc306ccdb46dc56e81799308350d88221324f9da620b913e9

SHA512
c297852fcd1ff521d07bc1587be3fd3c80a36b7682c1cd8127fdb43e75ab1fe4468d6de2b5f2db802c66efdd57a788f07fdb64c68970fface4e91de9a423b9e3

Download Submit
C:\Windows\system\eGJVHNr.exe

Filesize
6.0MB

MD5
0306ddc039b0a3e811b7cb1d86a37dac

SHA1
1be93f013a9ee2645c73091f21d9ec3b837fa344

SHA256
27ae2d71ac5f130823667762b45043527cf6077d994a70f55dd22e6ca1e98e90

SHA512
606433e8027d0c51ba237565f3542aa8ac637f41f6ee4c4ab21ccd671c40ba1692e8b4a6845258dd937c44d603a2d8b2a17eb2634d085408bffbc102b223305e

Download Submit
C:\Windows\system\irvyWRs.exe

Filesize
6.0MB

MD5
5ac407e37ccd2e7e570da8a784ecf116

SHA1
52403a218e26cd28a561f787647421957c524087

SHA256
5a5f2b74d5542fc629aa1aff7ac603ad46e49342cc55346f9dce1bb6ec1c8e2e

SHA512
18e09006ae37038585162899038987e6b60b2aba6e0bb65c6c6aeb393f03f2228d84427171d6dd7f3bf90adc853e196233ae34f90d85ba4eb13072fe7ff7cdd3

Download Submit
C:\Windows\system\jouvlgB.exe

Filesize
6.0MB

MD5
5cdd4d7df541de8f25afe27307490093

SHA1
0852a56ccae990eab5d50813d980686f6f8f645a

SHA256
edfd0a6b1e7607e841d3898f72d0f4ae40c83166ba1e33f329562d175863ea26

SHA512
1e1563199feb66f4dbc56b7e11cc0a4a26eac509dfa3c14182c178895142ba75f93a052e61bc8cc81258f1f86706ef46f3901089fa150fb4069c8d3be60508d3

Download Submit
C:\Windows\system\lpiEIyb.exe

Filesize
6.0MB

MD5
3684971fe3f72aab7f246e81375e2fbd

SHA1
9d073f658dab2cdfe21065e0dd2a7b44b08d4b9e

SHA256
45386f6e255d23d0a790f1efb389d60484313e91cb356991b340b572709b7a04

SHA512
2841c8ec963a8ee5d40d52109bf2cd8d8dca4ab059883cb744319e1a3e1e159f47d802218682430f6eb50af4dea2369ba7d593b41e67114dfe16e304813c3149

Download Submit
C:\Windows\system\moCNRzy.exe

Filesize
6.0MB

MD5
ffdbab0e86b4f1073ea8e1dc95147a2a

SHA1
c0d9b3ba10fecac238f9a1b0409139c7f277e68d

SHA256
ec83a523e27036cdd64d7bc31ba9c21c0e6c42f355f43b1a622d8c3497440efe

SHA512
3aee5aa23ca081ad72de3c075bbed1c22f1a69db18121e846c381c2090083acd5b300fce047b7109e2f3d381e1d221b527754cfbdf76713e445110bdcfbdc8a9

Download Submit
C:\Windows\system\pXGofIR.exe

Filesize
6.0MB

MD5
d3f41eefd8ba7542d3ba4d634692d824

SHA1
8c6ec6b1ab1fd32c632372d65923affd1217038a

SHA256
543fd82f2ab07b613f0b69a836083e555739214e07e3180a196ddadae545aafb

SHA512
1a544b6348e02dfd155d4760492ac9bd53fc9d57acda9ed0f383fcf6f631cb25b373fbbf4f052cc4d9714581ed3c7c736672fd3d259adaecce19279c8b359234

Download Submit
C:\Windows\system\tIsLFse.exe

Filesize
6.0MB

MD5
ff554127febdb0a6c823ae8addb110f3

SHA1
c29013af35c7f7d63281ab745089b83086addaa5

SHA256
2bd4306412a6ee4b3b0bd51ee4d316708c96a0eec64e12f497192093bb795bea

SHA512
c78fe17d959a94c85002afea00947e92c23375b8302084851f9ddddbdaad8e621b862d949abdde31f2974c75cff50157654d2a98264435d307b032646772ad98

Download Submit
C:\Windows\system\uYQOmGW.exe

Filesize
6.0MB

MD5
7697f40b528b28515218c5fc775b76fd

SHA1
658da2cbdc48cabbb6d35d49c6ba1df50b7c4efe

SHA256
903f0719b07b001cea324cb8d5bb8ed1dc1c6ac8e65b17f43dc23e991b0e98be

SHA512
c0c8ec03ca1c3b37ad22f91b75b6b31d35d0efef0a408d9c55f77a5893afde7554a6a4123445e6a9bc1b90e875ed9f4e91f1320dd3c1018bb1f3d6dcd95c370b

Download Submit
C:\Windows\system\vFsVgBY.exe

Filesize
6.0MB

MD5
f8124499e3d794af4da047c1c01e700d

SHA1
e6a8c16033761e0a99d845e70bf6976c8ba48492

SHA256
33d2c5e8d5a61f206aba9dca453987a61ef9c9bc492d7d5ec9151e3147513538

SHA512
420fb77a49d33ad075ad030054d4fa68036de1191d3f66ac4fe47ac76f99c59e903256153b8e4943dc8bb64a1fa980a3fb700a1135e4afd336949ee387571a8f

Download Submit
C:\Windows\system\wClNDBw.exe

Filesize
6.0MB

MD5
a455a169c843e699dfab99886635250c

SHA1
5bd67030c35b39d50f5bc77b02865a1eb29b16f5

SHA256
d6913ff91fccfd25182f4d0fdc798e081436e676704c857de60aa1a760c8db70

SHA512
61f5598f8dd951f6067fd1214e8696e74ed4a5e2e0b574d74e622c723241fd75dc341dda234d7160dc7dc1f2260bedab432beb0b7eb38bf603c58df434d0bc2b

Download Submit
C:\Windows\system\wYRbTCE.exe

Filesize
6.0MB

MD5
a3a4c3ffcb92af26b467ebc9a56caf48

SHA1
3304ee459b0d05b83556aaaf5a7ac838855e987f

SHA256
9ca678737f96789905f52c33db05dc63f48bbbc58fe657dabdea187eccc11387

SHA512
dd9d2099eb9dff500413784e762f6f4d7d27b61b87d0da0ff635f077568c0c0dcd17809d8e6e9593c65cd0eb8a81965a33ace7da208970ae02a704b616395138

Download Submit
C:\Windows\system\zREgwLG.exe

Filesize
6.0MB

MD5
f2588d9cdbfb23ea2594d174cd9bd015

SHA1
14f627e34ddc9ef7ef9dc8934c767901fedb305b

SHA256
80194efa7406e236a4b0e2b7f5e3ee92740452653ce2bf9c021aa1f2f8480b0f

SHA512
ebb65839e0cec49dace9dcb4aae8f48dea572b9a5ce271e39cfc9b11e824628cfb59f01c143764088f0b1ac7bacddde97f0c8aa11f959ccfef626dc92c668361

Download Submit
\Windows\system\QnKOYRq.exe

Filesize
6.0MB

MD5
5352827a4a4f38c8ff5af637a6bafd28

SHA1
6c5bd271b069092c632ab95717a08417abcecc14

SHA256
3db4427f0989a8e0bdee033e30941ade58ffc43ffcebe4a7a1b95300ecf5be52

SHA512
7f29c22ac32a82dadfe71049df6a7128be2aa03d99bb9327b0b6ac5c8ccadd3509111b7088939f7b2d9c4a75647baaa949f2c92786b6728d65d8e08ffa18fc70

Download Submit
\Windows\system\Wwwoabd.exe

Filesize
6.0MB

MD5
a6267b06764857374f0a043c643c336f

SHA1
546eccc7a604ba54c68ed471468dcfbf33ec133b

SHA256
28eaffff3099c785b539a19cac9aa51f09943eac7bfecbcf0fb837051583d8e5

SHA512
d802d64b1010be9e0c9f3e501aaab2db71dc993b9059af4d6403f653971992e10c4e91f195ee8574139ddc9d3d723bbb7b931a7567769c8dbb063b6eba0d09b4

Download Submit
\Windows\system\sjodxGs.exe

Filesize
6.0MB

MD5
6888c3cc6e16a8e2c6aade8e8d3c7238

SHA1
084b200b530ba976bcc96b26490a85ed3c220863

SHA256
fab5987b409c6a3525a946753dadd53687929897a5cdf49fdf220ff59415ff09

SHA512
a1867c14204fba4ac68f07c3b6d9c91904977b25e404c3cf418d92f03b1ccd7c30a89245c1464bcb40984c2cfd17c20e7d963c5f4c0feec34f04f029d08c07e7

Download Submit
\Windows\system\weySyXU.exe

Filesize
6.0MB

MD5
0be607c6e485ed2305d53f5490c7eb1a

SHA1
78ea7bfc1eff969095227c8c0b75a90c3f5eb6b8

SHA256
269d7639e80910dd33656808dc751441d39778066566f2e0f5127ed65f93b641

SHA512
af930ca28dbc2370206699f1276900f816ea20140c58456e118abc2d835c2d21d6cca58d3d256d91afffaa2c6d15c9f656db44edbc2d73fd15384e9a82be7de7

Download Submit
memory/1372-4025-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1372-144-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-4027-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-152-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-4018-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-15-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-4024-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-132-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-141-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2128-151-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-135-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-133-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-145-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2128-153-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-131-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-137-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2128-139-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2128-149-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-6-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-143-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-627-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-155-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2128-588-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-147-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-0-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2408-14-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-205-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-148-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4019-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-150-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4030-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-140-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4026-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2692-134-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2740-136-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4022-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2764-146-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4031-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2824-138-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4023-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-154-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4028-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4029-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/3000-142-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download